{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:01:27 honeypot-fra-1 sshd[863]: Disconnected from invalid user user 45.61.184.204 port 34762 [preauth]","@timestamp":"2022-09-11T19:01:28.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:03:38.438Z","@version":"1","message":"Sep 11 19:03:38 honeypot-sgp-1 sshd[6605]: Invalid user taza from 103.226.250.228 port 41844","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:39.515Z","@version":"1","message":"Sep 11 19:06:39 honeypot-sgp-1 sshd[6609]: Invalid user user from 141.255.162.226 port 60054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:41.517Z","@version":"1","message":"Sep 11 19:06:40 honeypot-sgp-1 sshd[6613]: Disconnected from invalid user user 141.255.162.226 port 47302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:43.518Z","@version":"1","message":"Sep 11 19:06:42 honeypot-sgp-1 sshd[6615]: Invalid user user from 141.255.162.226 port 53676","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:08:30.561Z","@version":"1","message":"Sep 11 19:08:29 honeypot-sgp-1 kernel: [83799422.549396] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59466 PROTO=TCP SPT=48895 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:35 honeypot-ams-1 sshd[10747]: Received disconnect from 45.61.186.249 port 56916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:08:36.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:54 honeypot-ams-1 sshd[10752]: Received disconnect from 45.61.186.249 port 51602:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:08:55.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:03 honeypot-ams-1 sshd[10757]: Invalid user user from 45.61.186.249 port 34888","@timestamp":"2022-09-11T19:09:04.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:20 honeypot-ams-1 sshd[10761]: Invalid user user from 45.61.186.249 port 57722","@timestamp":"2022-09-11T19:09:21.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:10:09 honeypot-ams-1 sshd[10765]: Received disconnect from 123.134.238.181 port 46440:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:10:09.286Z"}
{"@timestamp":"2022-09-11T19:10:38.614Z","@version":"1","message":"Sep 11 19:10:38 honeypot-sgp-1 sshd[6624]: Disconnected from authenticating user root 92.255.85.70 port 60320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:14:12 honeypot-fra-1 sshd[867]: Disconnected from authenticating user root 92.255.85.70 port 58266 [preauth]","@timestamp":"2022-09-11T19:14:13.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:17:01 honeypot-ams-1 CRON[10773]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T19:17:02.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:17:32 honeypot-fra-1 sshd[875]: Received disconnect from 68.183.141.36 port 40890:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:17:32.525Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:19:31.834Z","@version":"1","message":"Sep 11 19:19:31 honeypot-sgp-1 sshd[6631]: Invalid user user from 198.98.61.9 port 35878","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:19:44.840Z","@version":"1","message":"Sep 11 19:19:44 honeypot-sgp-1 sshd[6635]: Invalid user user from 198.98.61.9 port 47508","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:03.849Z","@version":"1","message":"Sep 11 19:20:03 honeypot-sgp-1 sshd[6639]: Invalid user user from 198.98.61.9 port 42318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:20.857Z","@version":"1","message":"Sep 11 19:20:20 honeypot-sgp-1 sshd[6643]: Invalid user user from 198.98.61.9 port 37208","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:22:38 honeypot-fra-1 sshd[880]: Received disconnect from 165.22.45.108 port 55436:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:22:39.640Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:24:28.955Z","@version":"1","message":"Sep 11 19:24:28 honeypot-sgp-1 sshd[6648]: Received disconnect from 199.255.98.39 port 47918:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:49 honeypot-fra-1 sshd[886]: Invalid user user from 198.98.61.9 port 50696","@timestamp":"2022-09-11T19:24:49.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:58 honeypot-fra-1 sshd[888]: Disconnected from invalid user user 198.98.61.9 port 34122 [preauth]","@timestamp":"2022-09-11T19:24:58.697Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:14 honeypot-fra-1 sshd[892]: Disconnected from invalid user user 198.98.61.9 port 57466 [preauth]","@timestamp":"2022-09-11T19:25:14.705Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:29 honeypot-fra-1 sshd[896]: Disconnected from invalid user user 198.98.61.9 port 52630 [preauth]","@timestamp":"2022-09-11T19:25:29.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:26:35 honeypot-ams-1 sshd[10779]: Received disconnect from 159.203.117.191 port 34370:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:26:35.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:30:23 honeypot-ams-1 sshd[10784]: Received disconnect from 159.223.60.4 port 59178:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:30:23.817Z"}
{"@timestamp":"2022-09-11T19:37:09.255Z","@version":"1","message":"Sep 11 19:37:08 honeypot-sgp-1 sshd[6654]: Invalid user user from 198.98.61.9 port 52286","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:26.265Z","@version":"1","message":"Sep 11 19:37:26 honeypot-sgp-1 sshd[6658]: Invalid user user from 198.98.61.9 port 47666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:47.275Z","@version":"1","message":"Sep 11 19:37:46 honeypot-sgp-1 sshd[6662]: Invalid user user from 198.98.61.9 port 43042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:38:03.283Z","@version":"1","message":"Sep 11 19:38:03 honeypot-sgp-1 sshd[6666]: Invalid user user from 198.98.61.9 port 38420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:39:21 honeypot-ams-1 sshd[10787]: Disconnected from authenticating user root 92.255.85.70 port 62104 [preauth]","@timestamp":"2022-09-11T19:39:22.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:40:52 honeypot-fra-1 kernel: [83799682.205643] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.178.125.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=51473 PROTO=TCP SPT=59880 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:40:53.057Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:47:17 honeypot-ams-1 sshd[10793]: Invalid user guest from 185.148.221.11 port 56182","@timestamp":"2022-09-11T19:47:18.263Z"}
{"@timestamp":"2022-09-11T19:48:04.516Z","@version":"1","message":"Sep 11 19:48:03 honeypot-sgp-1 sshd[6670]: Connection closed by invalid user guest 165.100.191.248 port 1283 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:48:58 honeypot-ams-1 sshd[10796]: Disconnected from invalid user user 45.61.187.160 port 47938 [preauth]","@timestamp":"2022-09-11T19:48:58.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:17 honeypot-ams-1 sshd[10800]: Disconnected from invalid user user 45.61.187.160 port 42408 [preauth]","@timestamp":"2022-09-11T19:49:18.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:34 honeypot-ams-1 sshd[10804]: Disconnected from invalid user user 45.61.187.160 port 36860 [preauth]","@timestamp":"2022-09-11T19:49:35.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:52 honeypot-ams-1 sshd[10808]: Disconnected from invalid user user 45.61.187.160 port 59550 [preauth]","@timestamp":"2022-09-11T19:49:53.339Z"}
{"@timestamp":"2022-09-11T19:55:09.677Z","@version":"1","message":"Sep 11 19:55:09 honeypot-sgp-1 sshd[6675]: Received disconnect from 128.199.124.231 port 51292:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:55:53 honeypot-fra-1 sshd[906]: Received disconnect from 165.22.45.108 port 60238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:55:53.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[936]: Invalid user devops from 34.71.244.4 port 56296","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[918]: Invalid user momo from 34.71.244.4 port 56372","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[914]: Invalid user testuser from 34.71.244.4 port 56352","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[916]: Connection closed by invalid user elasticsearch 34.71.244.4 port 56140 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[930]: Connection closed by invalid user odoo 34.71.244.4 port 56148 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[925]: Connection closed by authenticating user root 34.71.244.4 port 56322 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[917]: Connection closed by invalid user oracle 34.71.244.4 port 56282 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[926]: Connection closed by authenticating user root 34.71.244.4 port 56338 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:00:40 honeypot-ams-1 kernel: [83803025.972382] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.185.178.117 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=54209 PROTO=TCP SPT=42261 DPT=80 WINDOW=32213 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:00:41.616Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:05:20 honeypot-fra-1 kernel: [83801149.644750] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38308 PROTO=TCP SPT=46160 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:05:20.602Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:08:18 honeypot-ams-1 sshd[10820]: Invalid user admin from 148.153.82.133 port 53424","@timestamp":"2022-09-11T20:08:18.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:08:18 honeypot-ams-1 sshd[10826]: Invalid user admin from 148.153.82.133 port 53448","@timestamp":"2022-09-11T20:08:18.812Z"}
{"@timestamp":"2022-09-11T20:10:48.045Z","@version":"1","message":"Sep 11 20:10:47 honeypot-sgp-1 sshd[6680]: Connection closed by 188.166.87.67 port 50292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:17:19 honeypot-fra-1 kernel: [83801868.671161] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.222.252.92 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=14716 DF PROTO=TCP SPT=7067 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:17:19.865Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:17:30 honeypot-ams-1 sshd[10833]: Connection closed by 154.89.5.78 port 54444 [preauth]","@timestamp":"2022-09-11T20:17:31.055Z"}
{"@timestamp":"2022-09-11T20:21:26.293Z","@version":"1","message":"Sep 11 20:21:25 honeypot-sgp-1 sshd[6686]: Received disconnect from 92.255.85.69 port 54408:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:24:06 honeypot-fra-1 sshd[987]: Disconnected from authenticating user root 92.255.85.70 port 34672 [preauth]","@timestamp":"2022-09-11T20:24:07.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:29:55 honeypot-ams-1 kernel: [83804780.454375] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=11406 DF PROTO=TCP SPT=12430 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:29:55.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:36:10 honeypot-fra-1 sshd[995]: Did not receive identification string from 165.154.44.158 port 34984","@timestamp":"2022-09-11T20:36:11.302Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T20:37:50.673Z","@version":"1","message":"Sep 11 20:37:49 honeypot-sgp-1 sshd[6693]: Bad protocol version identification 'GET / HTTP/1.1' from 223.71.167.164 port 23669","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:42:16 honeypot-ams-1 sshd[10846]: Received disconnect from 196.0.120.211 port 32986:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:42:16.707Z"}
{"@timestamp":"2022-09-11T20:42:29.783Z","@version":"1","message":"Sep 11 20:42:29 honeypot-sgp-1 sshd[6699]: Received disconnect from 165.22.52.171 port 45738:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:45:30 honeypot-fra-1 sshd[1003]: Received disconnect from 177.93.51.98 port 45182:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:45:31.511Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:50:04 honeypot-ams-1 sshd[10851]: Received disconnect from 92.255.85.69 port 47958:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:50:04.911Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:53:29 honeypot-fra-1 sshd[1010]: Did not receive identification string from 45.61.184.204 port 51694","@timestamp":"2022-09-11T20:53:29.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:53:55 honeypot-fra-1 sshd[1013]: Disconnected from invalid user user 45.61.184.204 port 60060 [preauth]","@timestamp":"2022-09-11T20:53:55.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:16 honeypot-fra-1 sshd[1017]: Disconnected from invalid user user 45.61.184.204 port 55686 [preauth]","@timestamp":"2022-09-11T20:54:16.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:36 honeypot-fra-1 sshd[1021]: Disconnected from invalid user user 45.61.184.204 port 51352 [preauth]","@timestamp":"2022-09-11T20:54:36.721Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T20:56:18.100Z","@version":"1","message":"Sep 11 20:56:18 honeypot-sgp-1 sshd[6708]: Received disconnect from 103.180.120.160 port 49280:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T20:59:55.187Z","@version":"1","message":"Sep 11 20:59:54 honeypot-sgp-1 kernel: [83806106.711074] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=33323 DF PROTO=TCP SPT=45568 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:03:37 honeypot-ams-1 kernel: [83806802.765613] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=53231 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:03:38.259Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:05:36 honeypot-fra-1 kernel: [83804765.066676] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49898 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:05:36.965Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T21:12:12.470Z","@version":"1","message":"Sep 11 21:12:12 honeypot-sgp-1 kernel: [83806844.907328] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15203 PROTO=TCP SPT=31893 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:12:32 honeypot-fra-1 kernel: [83805181.226644] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.124.157.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55550 DF PROTO=TCP SPT=26585 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:12:33.122Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:13:22 honeypot-ams-1 kernel: [83807387.881272] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12645 PROTO=TCP SPT=50004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:13:23.516Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:17:01 honeypot-ams-1 CRON[10865]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T21:17:02.610Z"}
{"@timestamp":"2022-09-11T21:18:49.623Z","@version":"1","message":"Sep 11 21:18:49 honeypot-sgp-1 kernel: [83807241.941345] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=33789 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:22:34 honeypot-fra-1 kernel: [83805783.550779] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=53413 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:22:35.343Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T21:26:04.788Z","@version":"1","message":"Sep 11 21:26:04 honeypot-sgp-1 sshd[6724]: Received disconnect from 45.61.186.49 port 49256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:26:14.792Z","@version":"1","message":"Sep 11 21:26:14 honeypot-sgp-1 sshd[6728]: Received disconnect from 45.61.186.49 port 32936:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:07.860Z","@version":"1","message":"Sep 11 21:29:07 honeypot-sgp-1 sshd[6733]: Invalid user user from 45.61.186.249 port 46290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:21.866Z","@version":"1","message":"Sep 11 21:29:21 honeypot-sgp-1 sshd[6737]: Did not receive identification string from 45.61.186.49 port 52010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:35.873Z","@version":"1","message":"Sep 11 21:29:35 honeypot-sgp-1 sshd[6740]: Disconnected from invalid user user 45.61.186.249 port 51884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:29:40 honeypot-ams-1 kernel: [83808365.549024] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=33014 PROTO=TCP SPT=4000 DPT=80 WINDOW=48929 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:29:40.938Z"}
{"@timestamp":"2022-09-11T21:29:44.878Z","@version":"1","message":"Sep 11 21:29:44 honeypot-sgp-1 sshd[6744]: Disconnected from invalid user user 45.61.186.249 port 34908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:52.880Z","@version":"1","message":"Sep 11 21:29:52 honeypot-sgp-1 sshd[6748]: Disconnected from invalid user user 45.61.186.249 port 46180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:09 honeypot-fra-1 sshd[1048]: Received disconnect from 218.92.0.210 port 17791:11:  [preauth]","@timestamp":"2022-09-11T21:31:10.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1063]: Invalid user ftpadmin from 13.229.182.132 port 24296","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1070]: Invalid user devops from 13.229.182.132 port 24194","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1061]: Invalid user test from 13.229.182.132 port 24256","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1054]: Connection closed by authenticating user root 13.229.182.132 port 24080 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1066]: Connection closed by invalid user dev 13.229.182.132 port 24324 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1065]: Connection closed by invalid user deploy 13.229.182.132 port 24142 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1075]: Invalid user testuser from 13.229.182.132 port 24240","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1076]: Connection closed by invalid user test 13.229.182.132 port 24036 [preauth]","@timestamp":"2022-09-11T21:31:17.540Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:32:06.933Z","@version":"1","message":"Sep 11 21:32:06 honeypot-sgp-1 sshd[6755]: Received disconnect from 92.255.85.69 port 40980:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:42:16 honeypot-fra-1 sshd[1109]: Invalid user kernel from 165.22.45.108 port 46520","@timestamp":"2022-09-11T21:42:16.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:45:47 honeypot-fra-1 kernel: [83807176.514165] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=16631 DF PROTO=TCP SPT=57096 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T21:45:47.877Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:47:55 honeypot-ams-1 sshd[10878]: Bad protocol version identification '\\003' from 92.255.85.183 port 60145","@timestamp":"2022-09-11T21:47:56.424Z"}
{"@timestamp":"2022-09-11T21:50:56.359Z","@version":"1","message":"Sep 11 21:50:56 honeypot-sgp-1 kernel: [83809168.517895] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54568 PROTO=TCP SPT=40294 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:05 honeypot-ams-1 sshd[10884]: Invalid user user from 141.255.162.226 port 48884","@timestamp":"2022-09-11T21:55:05.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:09 honeypot-ams-1 sshd[10888]: Invalid user user from 141.255.162.226 port 55216","@timestamp":"2022-09-11T21:55:09.611Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:11 honeypot-ams-1 sshd[10892]: Invalid user user from 141.255.162.226 port 42558","@timestamp":"2022-09-11T21:55:11.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:55:52 honeypot-fra-1 sshd[1117]: Invalid user teste from 157.245.204.50 port 32796","@timestamp":"2022-09-11T21:55:53.101Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:56:57 honeypot-ams-1 sshd[10896]: Connection closed by invalid user admin 221.158.195.111 port 46681 [preauth]","@timestamp":"2022-09-11T21:56:57.659Z"}
{"@timestamp":"2022-09-11T22:03:00.637Z","@version":"1","message":"Sep 11 22:02:59 honeypot-sgp-1 kernel: [83809892.027412] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=11468 DF PROTO=TCP SPT=60572 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:01 honeypot-fra-1 sshd[1128]: Invalid user user from 45.61.186.49 port 42370","@timestamp":"2022-09-11T22:08:02.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:13 honeypot-fra-1 sshd[1132]: Invalid user user from 45.61.186.49 port 54292","@timestamp":"2022-09-11T22:08:13.376Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:09:03 honeypot-ams-1 sshd[10902]: Disconnected from authenticating user root 82.6.16.46 port 59050 [preauth]","@timestamp":"2022-09-11T22:09:03.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:11:47 honeypot-fra-1 kernel: [83808736.445445] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54707 PROTO=TCP SPT=45014 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:11:48.453Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:12:57 honeypot-ams-1 kernel: [83810962.235012] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.102 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=56438 PROTO=TCP SPT=47434 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:12:57.100Z"}
{"@timestamp":"2022-09-11T22:16:13.936Z","@version":"1","message":"Sep 11 22:16:13 honeypot-sgp-1 sshd[6769]: Disconnected from invalid user ernest 94.110.108.120 port 34386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:17:01 honeypot-ams-1 CRON[10911]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T22:17:02.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:17:29 honeypot-fra-1 sshd[1140]: Received disconnect from 165.22.45.108 port 51354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:17:29.583Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:18:49.998Z","@version":"1","message":"Sep 11 22:18:49 honeypot-sgp-1 sshd[6776]: error: maximum authentication attempts exceeded for invalid user admin from 24.142.183.126 port 31530 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:23:11 honeypot-ams-1 kernel: [83811576.933148] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.89.174.147 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=2967 PROTO=TCP SPT=61953 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:23:12.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:32:04 honeypot-ams-1 sshd[10923]: Received disconnect from 80.76.51.46 port 55182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:32:04.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:32:49 honeypot-ams-1 sshd[10929]: Received disconnect from 80.76.51.46 port 49202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:32:50.618Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:33:20 honeypot-ams-1 kernel: [83812185.375465] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=16231 DF PROTO=TCP SPT=62011 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T22:33:20.634Z"}
{"@timestamp":"2022-09-11T22:33:36.338Z","@version":"1","message":"Sep 11 22:33:35 honeypot-sgp-1 sshd[6783]: Did not receive identification string from 198.98.61.9 port 48584","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:33:41.342Z","@version":"1","message":"Sep 11 22:33:41 honeypot-sgp-1 sshd[6786]: Disconnected from invalid user user 198.98.61.9 port 54472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:01 honeypot-ams-1 sshd[10940]: Received disconnect from 80.76.51.46 port 39352:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:01.654Z"}
{"@timestamp":"2022-09-11T22:34:02.351Z","@version":"1","message":"Sep 11 22:34:02 honeypot-sgp-1 sshd[6790]: Disconnected from invalid user user 198.98.61.9 port 49030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:34:22.362Z","@version":"1","message":"Sep 11 22:34:22 honeypot-sgp-1 sshd[6795]: Disconnected from invalid user user 198.98.61.9 port 43580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:22 honeypot-fra-1 sshd[1151]: Did not receive identification string from 141.255.162.226 port 55552","@timestamp":"2022-09-11T22:34:22.953Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:30 honeypot-ams-1 sshd[10944]: Disconnected from authenticating user root 80.76.51.46 port 35148 [preauth]","@timestamp":"2022-09-11T22:34:30.670Z"}
{"@timestamp":"2022-09-11T22:34:37.369Z","@version":"1","message":"Sep 11 22:34:37 honeypot-sgp-1 sshd[6799]: Disconnected from invalid user user 198.98.61.9 port 38140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:44 honeypot-fra-1 sshd[1155]: Disconnected from invalid user user 141.255.162.226 port 41028 [preauth]","@timestamp":"2022-09-11T22:34:44.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:48 honeypot-fra-1 sshd[1159]: Disconnected from invalid user user 141.255.162.226 port 54248 [preauth]","@timestamp":"2022-09-11T22:34:48.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:50 honeypot-fra-1 sshd[1163]: Disconnected from invalid user user 141.255.162.226 port 45846 [preauth]","@timestamp":"2022-09-11T22:34:50.967Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:58 honeypot-ams-1 sshd[10948]: Disconnected from invalid user admin 80.76.51.46 port 59406 [preauth]","@timestamp":"2022-09-11T22:34:59.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:27 honeypot-ams-1 sshd[10952]: Disconnected from invalid user ansible 80.76.51.46 port 55370 [preauth]","@timestamp":"2022-09-11T22:35:27.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:56 honeypot-ams-1 sshd[10956]: Disconnected from invalid user ansible 80.76.51.46 port 51510 [preauth]","@timestamp":"2022-09-11T22:35:56.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:25 honeypot-ams-1 sshd[10960]: Disconnected from authenticating user root 80.76.51.46 port 47430 [preauth]","@timestamp":"2022-09-11T22:36:25.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:09 honeypot-ams-1 sshd[10966]: Invalid user postgres from 80.76.51.46 port 41408","@timestamp":"2022-09-11T22:37:09.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:38 honeypot-ams-1 sshd[10970]: Disconnected from authenticating user root 80.76.51.46 port 37394 [preauth]","@timestamp":"2022-09-11T22:37:38.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:38:21 honeypot-ams-1 sshd[10976]: Received disconnect from 80.76.51.46 port 59730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:38:21.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:39:45 honeypot-fra-1 kernel: [83810414.261483] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57357 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:39:46.077Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T22:41:55.540Z","@version":"1","message":"Sep 11 22:41:55 honeypot-sgp-1 sshd[6808]: Received disconnect from 92.255.85.69 port 53092:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1178]: Invalid user oracle from 147.135.252.17 port 49686","@timestamp":"2022-09-11T22:46:45.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1179]: Connection closed by invalid user guest 147.135.252.17 port 49740 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1180]: Connection closed by invalid user admin 147.135.252.17 port 49684 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1188]: Connection closed by invalid user mysql 147.135.252.17 port 49756 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1189]: Connection closed by invalid user user 147.135.252.17 port 49744 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1192]: Invalid user testuser from 147.135.252.17 port 49694","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1197]: Invalid user esuser from 147.135.252.17 port 49726","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1192]: Connection closed by invalid user testuser 147.135.252.17 port 49694 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1200]: Connection closed by invalid user ubuntu 147.135.252.17 port 49728 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:46:48 honeypot-ams-1 sshd[10981]: Disconnected from authenticating user root 92.255.85.70 port 45880 [preauth]","@timestamp":"2022-09-11T22:46:49.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:48:32 honeypot-fra-1 sshd[1232]: Disconnected from invalid user silvano 68.183.232.27 port 59752 [preauth]","@timestamp":"2022-09-11T22:48:32.275Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:53:39.813Z","@version":"1","message":"Sep 11 22:53:39 honeypot-sgp-1 kernel: [83812931.514088] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.224 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49027 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:55:21 honeypot-ams-1 sshd[10984]: Invalid user xiejz from 103.188.176.251 port 39808","@timestamp":"2022-09-11T22:55:22.234Z"}
{"@timestamp":"2022-09-11T22:59:16.946Z","@version":"1","message":"Sep 11 22:59:16 honeypot-sgp-1 sshd[6894]: Invalid user ovhuser from 103.149.74.237 port 20216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:59:32 honeypot-fra-1 sshd[1238]: Invalid user xiejz from 103.188.176.251 port 48894","@timestamp":"2022-09-11T22:59:32.521Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:00:11.970Z","@version":"1","message":"Sep 11 23:00:11 honeypot-sgp-1 sshd[6896]: Received disconnect from 103.37.83.26 port 43018:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:00:47 honeypot-ams-1 kernel: [83813832.842757] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=18212 PROTO=TCP SPT=19882 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:00:48.381Z"}
{"@timestamp":"2022-09-11T23:04:47.079Z","@version":"1","message":"Sep 11 23:04:46 honeypot-sgp-1 sshd[6913]: Disconnected from invalid user testik 109.115.187.31 port 48538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:07:51 honeypot-fra-1 sshd[1243]: Received disconnect from 92.255.85.69 port 53592:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:07:51.704Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:14:17.322Z","@version":"1","message":"Sep 11 23:14:16 honeypot-sgp-1 kernel: [83814168.819048] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=144.126.130.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40430 PROTO=TCP SPT=58026 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:17:01 honeypot-ams-1 CRON[10992]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T23:17:01.884Z"}
{"@timestamp":"2022-09-11T23:17:20.398Z","@version":"1","message":"Sep 11 23:17:19 honeypot-sgp-1 sshd[6940]: Invalid user admin from 185.246.130.20 port 45979","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:17:48.413Z","@version":"1","message":"Sep 11 23:17:48 honeypot-sgp-1 sshd[6947]: Invalid user admin from 185.246.130.20 port 59293","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:17:50 honeypot-fra-1 sshd[1252]: Received disconnect from 164.90.201.235 port 34592:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:17:50.922Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:18:30.429Z","@version":"1","message":"Sep 11 23:18:29 honeypot-sgp-1 sshd[6953]: Invalid user aerohive from 185.246.130.20 port 51980","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:18:57.441Z","@version":"1","message":"Sep 11 23:18:56 honeypot-sgp-1 sshd[6959]: Invalid user private from 185.246.130.20 port 36524","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:26.454Z","@version":"1","message":"Sep 11 23:19:25 honeypot-sgp-1 sshd[6967]: Disconnecting invalid user Admin 185.246.130.20 port 42959: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:46.464Z","@version":"1","message":"Sep 11 23:19:45 honeypot-sgp-1 sshd[6973]: Disconnecting invalid user user 185.246.130.20 port 52868: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:29.483Z","@version":"1","message":"Sep 11 23:20:29 honeypot-sgp-1 sshd[6981]: Invalid user admin from 185.246.130.20 port 57311","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:59.497Z","@version":"1","message":"Sep 11 23:20:59 honeypot-sgp-1 sshd[6987]: Disconnecting authenticating user root 185.246.130.20 port 33707: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:22.509Z","@version":"1","message":"Sep 11 23:21:22 honeypot-sgp-1 sshd[6993]: Disconnecting invalid user cisco 185.246.130.20 port 20638: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:47.519Z","@version":"1","message":"Sep 11 23:21:46 honeypot-sgp-1 sshd[7001]: Invalid user Administrator from 185.246.130.20 port 3130","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:15.532Z","@version":"1","message":"Sep 11 23:22:14 honeypot-sgp-1 sshd[7007]: Invalid user sti.admin5 from 185.246.130.20 port 31198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:35.543Z","@version":"1","message":"Sep 11 23:22:34 honeypot-sgp-1 sshd[7012]: Disconnecting invalid user admin 185.246.130.20 port 2923: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:02.555Z","@version":"1","message":"Sep 11 23:23:02 honeypot-sgp-1 sshd[7018]: Disconnecting invalid user  185.246.130.20 port 8795: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:34.571Z","@version":"1","message":"Sep 11 23:23:34 honeypot-sgp-1 sshd[7026]: Invalid user c1@r0 from 185.246.130.20 port 45895","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:36 honeypot-ams-1 sshd[10999]: Invalid user admin from 85.31.46.45 port 51568","@timestamp":"2022-09-11T23:23:37.080Z"}
{"@timestamp":"2022-09-11T23:23:55.581Z","@version":"1","message":"Sep 11 23:23:55 honeypot-sgp-1 sshd[7032]: Invalid user superonline from 185.246.130.20 port 63669","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:24:22.594Z","@version":"1","message":"Sep 11 23:24:22 honeypot-sgp-1 sshd[7039]: Invalid user Admin from 185.246.130.20 port 61971","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:24:34 honeypot-ams-1 kernel: [83815259.349805] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.184.213.161 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=17690 PROTO=TCP SPT=32698 DPT=80 WINDOW=38204 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:24:35.107Z"}
{"@timestamp":"2022-09-11T23:24:59.611Z","@version":"1","message":"Sep 11 23:24:59 honeypot-sgp-1 sshd[7046]: Invalid user  from 185.246.130.20 port 61298","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:37.629Z","@version":"1","message":"Sep 11 23:25:37 honeypot-sgp-1 sshd[7052]: Invalid user  from 185.246.130.20 port 61637","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:06.644Z","@version":"1","message":"Sep 11 23:26:05 honeypot-sgp-1 sshd[7058]: Invalid user admin from 185.246.130.20 port 38051","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:34.657Z","@version":"1","message":"Sep 11 23:26:34 honeypot-sgp-1 sshd[7064]: Disconnecting invalid user admin 185.246.130.20 port 30591: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:26:43 honeypot-fra-1 kernel: [83813232.115749] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=34337 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:26:44.133Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:27:05.672Z","@version":"1","message":"Sep 11 23:27:04 honeypot-sgp-1 sshd[7070]: Disconnecting invalid user admin 185.246.130.20 port 21091: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:34.686Z","@version":"1","message":"Sep 11 23:27:34 honeypot-sgp-1 sshd[7076]: Disconnecting invalid user Shiko 185.246.130.20 port 32078: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:06.701Z","@version":"1","message":"Sep 11 23:28:06 honeypot-sgp-1 sshd[7091]: Disconnecting invalid user smcadmin 185.246.130.20 port 54651: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:25.710Z","@version":"1","message":"Sep 11 23:28:25 honeypot-sgp-1 sshd[7097]: Disconnected from invalid user test2 92.255.85.69 port 57862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:50.723Z","@version":"1","message":"Sep 11 23:28:50 honeypot-sgp-1 sshd[7103]: Invalid user sweex from 185.246.130.20 port 61587","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:22.738Z","@version":"1","message":"Sep 11 23:29:21 honeypot-sgp-1 sshd[7109]: Invalid user  from 185.246.130.20 port 40612","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:50.751Z","@version":"1","message":"Sep 11 23:29:50 honeypot-sgp-1 sshd[7116]: Invalid user ubnt from 185.246.130.20 port 59195","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:22.767Z","@version":"1","message":"Sep 11 23:30:21 honeypot-sgp-1 sshd[7122]: Disconnecting invalid user user 185.246.130.20 port 40974: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:46.778Z","@version":"1","message":"Sep 11 23:30:46 honeypot-sgp-1 kernel: [83815158.341794] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=339 DF PROTO=TCP SPT=49729 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:31:11.790Z","@version":"1","message":"Sep 11 23:31:11 honeypot-sgp-1 sshd[7132]: Invalid user DZY-W2914NSV2 from 185.246.130.20 port 10124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:31:14 honeypot-fra-1 sshd[1259]: Invalid user test2 from 92.255.85.69 port 43722","@timestamp":"2022-09-11T23:31:15.235Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:31:35.803Z","@version":"1","message":"Sep 11 23:31:35 honeypot-sgp-1 sshd[7136]: Disconnected from invalid user admin 197.248.7.238 port 51968 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:32:12.820Z","@version":"1","message":"Sep 11 23:32:12 honeypot-sgp-1 sshd[7142]: Disconnecting invalid user admin 185.246.130.20 port 32440: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:32:51 honeypot-fra-1 sshd[1263]: Disconnected from invalid user user 45.61.184.204 port 32978 [preauth]","@timestamp":"2022-09-11T23:32:51.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:10 honeypot-fra-1 sshd[1267]: Disconnected from invalid user user 45.61.184.204 port 56366 [preauth]","@timestamp":"2022-09-11T23:33:10.301Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:27 honeypot-fra-1 sshd[1271]: Disconnected from invalid user user 45.61.184.204 port 51514 [preauth]","@timestamp":"2022-09-11T23:33:28.310Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:33:29.852Z","@version":"1","message":"Sep 11 23:33:28 honeypot-sgp-1 sshd[7148]: Disconnected from authenticating user root 70.37.75.157 port 42520 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:44 honeypot-fra-1 sshd[1275]: Disconnected from invalid user user 45.61.184.204 port 46656 [preauth]","@timestamp":"2022-09-11T23:33:44.317Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:37:29 honeypot-ams-1 sshd[11006]: Received disconnect from 206.189.86.91 port 40314:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:37:30.445Z"}
{"@timestamp":"2022-09-11T23:39:18.989Z","@version":"1","message":"Sep 11 23:39:18 honeypot-sgp-1 sshd[7157]: Invalid user wyt from 157.245.55.236 port 57482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:07 honeypot-ams-1 sshd[11011]: Invalid user user from 45.61.187.160 port 57482","@timestamp":"2022-09-11T23:43:07.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:29 honeypot-ams-1 sshd[11015]: Invalid user user from 45.61.187.160 port 52318","@timestamp":"2022-09-11T23:43:29.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:50 honeypot-ams-1 sshd[11019]: Invalid user user from 45.61.187.160 port 47178","@timestamp":"2022-09-11T23:43:51.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:44:10 honeypot-ams-1 sshd[11023]: Invalid user user from 45.61.187.160 port 42026","@timestamp":"2022-09-11T23:44:10.627Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:49:17 honeypot-fra-1 sshd[1279]: Connection closed by invalid user support 113.175.240.127 port 36922 [preauth]","@timestamp":"2022-09-11T23:49:17.661Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:52:00.283Z","@version":"1","message":"Sep 11 23:51:59 honeypot-sgp-1 sshd[7163]: Invalid user contador from 92.255.85.70 port 25280","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:57:11 honeypot-ams-1 sshd[11027]: Invalid user contador from 92.255.85.69 port 47078","@timestamp":"2022-09-11T23:57:11.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:00:15 honeypot-fra-1 kernel: [83815244.348055] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22746 PROTO=TCP SPT=40803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:00:15.921Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:03:52 honeypot-fra-1 sshd[1374]: Disconnected from invalid user kym 107.189.14.132 port 55738 [preauth]","@timestamp":"2022-09-12T00:03:53.005Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:05:38.597Z","@version":"1","message":"Sep 12 00:05:38 honeypot-sgp-1 kernel: [83817250.712440] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=34762 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:06:25 honeypot-ams-1 sshd[11040]: Received disconnect from 142.93.58.181 port 48922:11: Bye Bye [preauth]","@timestamp":"2022-09-12T00:06:26.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:08:40 honeypot-ams-1 sshd[11042]: Disconnected from invalid user chris 159.223.57.252 port 55202 [preauth]","@timestamp":"2022-09-12T00:08:41.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:17:01 honeypot-ams-1 CRON[11048]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T00:17:02.506Z"}
{"@timestamp":"2022-09-12T00:17:02.873Z","@version":"1","message":"Sep 12 00:17:01 honeypot-sgp-1 CRON[7185]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:18:38 honeypot-fra-1 sshd[1381]: Received disconnect from 92.255.85.69 port 27724:11: Bye Bye [preauth]","@timestamp":"2022-09-12T00:18:39.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:23:48.038Z","@version":"1","message":"Sep 12 00:23:47 honeypot-sgp-1 sshd[7189]: Disconnected from invalid user cybcomm 207.46.227.197 port 1728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:25:37.085Z","@version":"1","message":"Sep 12 00:25:36 honeypot-sgp-1 sshd[7193]: Received disconnect from 104.131.93.177 port 46269:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:27:37.137Z","@version":"1","message":"Sep 12 00:27:36 honeypot-sgp-1 sshd[7197]: Did not receive identification string from 45.61.187.160 port 46024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:23.159Z","@version":"1","message":"Sep 12 00:28:23 honeypot-sgp-1 sshd[7202]: Invalid user user from 45.61.187.160 port 45866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:46.170Z","@version":"1","message":"Sep 12 00:28:45 honeypot-sgp-1 sshd[7206]: Invalid user user from 45.61.187.160 port 41162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:05.178Z","@version":"1","message":"Sep 12 00:29:04 honeypot-sgp-1 sshd[7211]: Invalid user user from 45.61.187.160 port 36452","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:14.182Z","@version":"1","message":"Sep 12 00:29:13 honeypot-sgp-1 sshd[7215]: Received disconnect from 45.61.187.160 port 48216:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:30:08.204Z","@version":"1","message":"Sep 12 00:30:07 honeypot-sgp-1 sshd[7219]: Disconnected from invalid user drive 213.32.77.242 port 53072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:32:15 honeypot-ams-1 sshd[11055]: Did not receive identification string from 192.241.216.113 port 36912","@timestamp":"2022-09-12T00:32:15.925Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:33:08 honeypot-fra-1 sshd[1386]: Received disconnect from 23.94.194.115 port 41330:11: Bye Bye [preauth]","@timestamp":"2022-09-12T00:33:08.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:38:14 honeypot-fra-1 sshd[1390]: Disconnected from invalid user kevin1 165.22.45.108 port 43788 [preauth]","@timestamp":"2022-09-12T00:38:15.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:42:38 honeypot-fra-1 sshd[1396]: Disconnected from authenticating user root 157.245.122.58 port 59768 [preauth]","@timestamp":"2022-09-12T00:42:38.901Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:44:26 honeypot-ams-1 sshd[11059]: Received disconnect from 92.255.85.69 port 21202:11: Bye Bye [preauth]","@timestamp":"2022-09-12T00:44:27.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:45:27 honeypot-fra-1 kernel: [83817955.681652] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.164.20.123 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=12929 PROTO=TCP SPT=5784 DPT=80 WINDOW=12053 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:45:27.968Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T00:46:17.591Z","@version":"1","message":"Sep 12 00:46:17 honeypot-sgp-1 sshd[7226]: Did not receive identification string from 192.241.219.66 port 50432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:46:27 honeypot-fra-1 sshd[1405]: Disconnected from invalid user data.user 157.245.122.58 port 57428 [preauth]","@timestamp":"2022-09-12T00:46:27.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:48:10 honeypot-fra-1 sshd[1412]: Invalid user jonitiso from 157.245.122.58 port 56268","@timestamp":"2022-09-12T00:48:11.037Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:51:44 honeypot-fra-1 kernel: [83818332.882401] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46492 PROTO=TCP SPT=43081 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:51:45.120Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T00:54:41.795Z","@version":"1","message":"Sep 12 00:54:41 honeypot-sgp-1 kernel: [83820193.549326] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.163.23.25 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=30349 DF PROTO=TCP SPT=60017 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:01:09 honeypot-ams-1 kernel: [83821054.835979] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11358 PROTO=TCP SPT=43877 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:01:10.694Z"}
{"@timestamp":"2022-09-12T01:01:14.953Z","@version":"1","message":"Sep 12 01:01:14 honeypot-sgp-1 kernel: [83820587.106000] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=62407 PROTO=TCP SPT=43877 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T01:03:59.025Z","@version":"1","message":"Sep 12 01:03:58 honeypot-sgp-1 sshd[7238]: Received disconnect from 144.24.190.159 port 52678:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:10:30 honeypot-ams-1 kernel: [83821615.709335] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47165 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:10:30.947Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:13:08 honeypot-fra-1 sshd[1421]: Disconnected from invalid user kevin 165.22.45.108 port 48624 [preauth]","@timestamp":"2022-09-12T01:13:09.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T01:13:46.260Z","@version":"1","message":"Sep 12 01:13:45 honeypot-sgp-1 sshd[7243]: Received disconnect from 173.82.235.128 port 47908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:09 honeypot-ams-1 sshd[11078]: Invalid user user from 45.61.186.249 port 52600","@timestamp":"2022-09-12T01:15:10.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:19 honeypot-ams-1 sshd[11081]: Disconnected from invalid user user 45.61.186.249 port 35706 [preauth]","@timestamp":"2022-09-12T01:15:20.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:39 honeypot-ams-1 sshd[11085]: Disconnected from invalid user user 45.61.186.249 port 58398 [preauth]","@timestamp":"2022-09-12T01:15:40.092Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:54 honeypot-ams-1 sshd[11089]: Disconnected from invalid user user 198.98.61.9 port 39682 [preauth]","@timestamp":"2022-09-12T01:15:55.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:02 honeypot-ams-1 sshd[11093]: Disconnected from invalid user user 198.98.61.9 port 51192 [preauth]","@timestamp":"2022-09-12T01:16:03.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:11 honeypot-ams-1 sshd[11097]: Disconnected from invalid user user 198.98.61.9 port 34502 [preauth]","@timestamp":"2022-09-12T01:16:12.110Z"}
{"@timestamp":"2022-09-12T01:16:22.324Z","@version":"1","message":"Sep 12 01:16:21 honeypot-sgp-1 kernel: [83821494.186113] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=54189 DF PROTO=TCP SPT=62239 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:32 honeypot-ams-1 sshd[11101]: Disconnected from invalid user user 198.98.61.9 port 57502 [preauth]","@timestamp":"2022-09-12T01:16:33.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:48 honeypot-ams-1 sshd[11105]: Disconnected from invalid user user 198.98.61.9 port 52260 [preauth]","@timestamp":"2022-09-12T01:16:49.131Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:17:01 honeypot-fra-1 CRON[1428]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T01:17:01.714Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:21:42 honeypot-ams-1 sshd[11115]: Disconnected from authenticating user root 157.245.122.58 port 44554 [preauth]","@timestamp":"2022-09-12T01:21:42.266Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:22:41 honeypot-ams-1 sshd[11119]: Disconnected from invalid user odoo 157.245.122.58 port 58086 [preauth]","@timestamp":"2022-09-12T01:22:42.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:24:30 honeypot-ams-1 sshd[11124]: Disconnected from invalid user data.user 157.245.122.58 port 56928 [preauth]","@timestamp":"2022-09-12T01:24:30.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:26:13 honeypot-ams-1 sshd[11129]: Invalid user jonitiso from 157.245.122.58 port 55762","@timestamp":"2022-09-12T01:26:13.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:00 honeypot-ams-1 sshd[11131]: Connection closed by invalid user ubuntu 103.188.176.251 port 45582 [preauth]","@timestamp":"2022-09-12T01:27:01.420Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:27:04 honeypot-fra-1 kernel: [83820453.256630] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=15212 PROTO=TCP SPT=50201 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:27:04.946Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:26 honeypot-ams-1 sshd[11136]: Disconnected from invalid user user 45.61.186.169 port 58874 [preauth]","@timestamp":"2022-09-12T01:27:26.433Z"}
{"@timestamp":"2022-09-12T01:27:34.597Z","@version":"1","message":"Sep 12 01:27:34 honeypot-sgp-1 kernel: [83822166.307090] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47249 PROTO=TCP SPT=43081 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:44 honeypot-ams-1 sshd[11140]: Disconnected from invalid user user 45.61.186.169 port 54164 [preauth]","@timestamp":"2022-09-12T01:27:44.444Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:00 honeypot-ams-1 sshd[11144]: Disconnected from invalid user user 45.61.186.169 port 49458 [preauth]","@timestamp":"2022-09-12T01:28:01.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:16 honeypot-ams-1 sshd[11148]: Disconnected from invalid user user 45.61.186.169 port 44746 [preauth]","@timestamp":"2022-09-12T01:28:16.463Z"}
{"@timestamp":"2022-09-12T01:30:18.667Z","@version":"1","message":"Sep 12 01:30:17 honeypot-sgp-1 kernel: [83822330.042327] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=190.71.36.66 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=4675 PROTO=TCP SPT=60388 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:33:13 honeypot-ams-1 kernel: [83822978.320397] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=15212 PROTO=TCP SPT=48864 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:33:13.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:08 honeypot-fra-1 sshd[1445]: Received disconnect from 206.81.0.243 port 46192:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:37:09.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1457]: Invalid user ubuntu from 49.234.154.127 port 33870","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1468]: Invalid user test from 49.234.154.127 port 33930","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1458]: Connection closed by authenticating user root 49.234.154.127 port 33892 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1461]: Connection closed by invalid user guest 49.234.154.127 port 33924 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:33 honeypot-fra-1 sshd[1450]: Invalid user vagrant from 49.234.154.127 port 33910","@timestamp":"2022-09-12T01:37:34.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:33 honeypot-fra-1 sshd[1462]: Connection closed by invalid user weblogic 49.234.154.127 port 33882 [preauth]","@timestamp":"2022-09-12T01:37:34.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:36 honeypot-fra-1 sshd[1452]: Invalid user nexus from 49.234.154.127 port 33888","@timestamp":"2022-09-12T01:37:37.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:39 honeypot-fra-1 sshd[1463]: Connection closed by invalid user user 49.234.154.127 port 33926 [preauth]","@timestamp":"2022-09-12T01:37:40.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:42:51 honeypot-ams-1 sshd[11156]: Did not receive identification string from 80.76.51.45 port 37292","@timestamp":"2022-09-12T01:42:51.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:43:30 honeypot-ams-1 sshd[11162]: Invalid user test from 80.76.51.45 port 38404","@timestamp":"2022-09-12T01:43:30.892Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:00 honeypot-ams-1 sshd[11166]: Disconnected from authenticating user root 80.76.51.45 port 33328 [preauth]","@timestamp":"2022-09-12T01:44:00.909Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:45 honeypot-ams-1 sshd[11172]: Received disconnect from 80.76.51.45 port 39796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:44:45.934Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:29 honeypot-ams-1 sshd[11178]: Received disconnect from 80.76.51.45 port 46278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:45:29.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:58 honeypot-ams-1 sshd[11182]: Invalid user git from 80.76.51.45 port 41106","@timestamp":"2022-09-12T01:45:58.973Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:48:26 honeypot-fra-1 sshd[1508]: Invalid user kevin from 165.22.45.108 port 54458","@timestamp":"2022-09-12T01:48:27.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T01:49:46.162Z","@version":"1","message":"Sep 12 01:49:45 honeypot-sgp-1 sshd[7262]: Received disconnect from 92.255.85.70 port 42122:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:53:27 honeypot-ams-1 kernel: [83824192.898892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.189.68.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=12923 PROTO=TCP SPT=32070 DPT=80 WINDOW=48798 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:53:28.174Z"}
{"@timestamp":"2022-09-12T01:54:46.288Z","@version":"1","message":"Sep 12 01:54:45 honeypot-sgp-1 sshd[7267]: Connection closed by invalid user linan 103.188.176.251 port 42008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:56:12 honeypot-fra-1 sshd[1513]: Invalid user akiko from 179.27.60.34 port 61201","@timestamp":"2022-09-12T01:56:13.612Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:01:41 honeypot-ams-1 sshd[11190]: Disconnected from invalid user kongxx 139.59.3.114 port 50514 [preauth]","@timestamp":"2022-09-12T02:01:41.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:03:17 honeypot-ams-1 sshd[11194]: Disconnected from invalid user mihai 46.101.23.51 port 52498 [preauth]","@timestamp":"2022-09-12T02:03:18.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:05:58 honeypot-fra-1 sshd[1517]: Connection closed by invalid user guest 177.85.70.147 port 52588 [preauth]","@timestamp":"2022-09-12T02:05:59.833Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:44 honeypot-fra-1 sshd[1522]: Received disconnect from 45.61.186.169 port 57330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:06:44.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:02 honeypot-fra-1 sshd[1526]: Received disconnect from 45.61.186.169 port 52186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:07:02.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:19 honeypot-fra-1 sshd[1530]: Received disconnect from 45.61.186.169 port 47050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:07:19.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:35 honeypot-fra-1 sshd[1534]: Received disconnect from 45.61.186.169 port 41904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:07:35.896Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:12:20 honeypot-fra-1 kernel: [83823168.517452] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=165.22.82.222 LEN=52 TOS=0x08 PREC=0x60 TTL=53 ID=15605 DF PROTO=TCP SPT=16629 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:12:21.006Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T02:12:40.727Z","@version":"1","message":"Sep 12 02:12:39 honeypot-sgp-1 sshd[7271]: Received disconnect from 92.255.85.70 port 22630:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:17:01 honeypot-fra-1 CRON[1542]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T02:17:02.116Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:17:02.836Z","@version":"1","message":"Sep 12 02:17:01 honeypot-sgp-1 CRON[7276]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:17:01 honeypot-ams-1 CRON[11209]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T02:17:02.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:28:43 honeypot-ams-1 sshd[11216]: Invalid user odoo from 95.85.27.201 port 33646","@timestamp":"2022-09-12T02:28:44.127Z"}
{"@timestamp":"2022-09-12T02:29:07.143Z","@version":"1","message":"Sep 12 02:29:06 honeypot-sgp-1 sshd[7281]: Disconnected from authenticating user root 211.44.212.27 port 58048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:30:04 honeypot-ams-1 kernel: [83826389.322838] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=49285 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:30:05.166Z"}
{"@timestamp":"2022-09-12T02:32:02.216Z","@version":"1","message":"Sep 12 02:32:01 honeypot-sgp-1 sshd[7285]: Invalid user friends from 139.59.127.73 port 38986","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T02:36:43.331Z","@version":"1","message":"Sep 12 02:36:43 honeypot-sgp-1 sshd[7291]: Received disconnect from 123.142.3.137 port 34428:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:39:17 honeypot-fra-1 sshd[1550]: Received disconnect from 92.255.85.70 port 50886:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:39:18.617Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:45:58.555Z","@version":"1","message":"Sep 12 02:45:58 honeypot-sgp-1 kernel: [83826870.572381] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.156.155.3 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52495 PROTO=TCP SPT=57875 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:46:44 honeypot-ams-1 kernel: [83827389.296800] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.148.23.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=13391 PROTO=TCP SPT=48892 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:46:44.615Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:49:34 honeypot-fra-1 sshd[1554]: Received disconnect from 60.10.160.75 port 38221:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:49:34.846Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:58:07 honeypot-fra-1 sshd[1559]: Received disconnect from 121.79.128.37 port 36620:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:58:07.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:02:50.965Z","@version":"1","message":"Sep 12 03:02:50 honeypot-sgp-1 kernel: [83827882.622040] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=52122 PROTO=TCP SPT=45014 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:03:02 honeypot-fra-1 sshd[1566]: Received disconnect from 92.255.85.69 port 27596:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:03:03.146Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:04:46 honeypot-ams-1 sshd[11227]: Received disconnect from 92.255.85.69 port 53090:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:04:47.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:14:31 honeypot-fra-1 kernel: [83826899.315927] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.82.129 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x20 TTL=245 ID=54321 PROTO=TCP SPT=37717 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:14:31.401Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:17:01 honeypot-ams-1 CRON[11233]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T03:17:02.426Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:17:01 honeypot-fra-1 CRON[1572]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T03:17:02.461Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:19:51.380Z","@version":"1","message":"Sep 12 03:19:50 honeypot-sgp-1 sshd[7309]: Invalid user guest from 14.232.210.83 port 33966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:25:46 honeypot-ams-1 kernel: [83829731.007131] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=165.227.2.224 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52614 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:25:46.656Z"}
{"@timestamp":"2022-09-12T03:29:18.610Z","@version":"1","message":"Sep 12 03:29:17 honeypot-sgp-1 sshd[7316]: Disconnected from invalid user yes 211.252.84.133 port 52630 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:28 honeypot-ams-1 sshd[11243]: Disconnected from invalid user user 45.61.184.204 port 57540 [preauth]","@timestamp":"2022-09-12T03:29:28.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:47 honeypot-ams-1 sshd[11247]: Disconnected from invalid user user 45.61.184.204 port 52788 [preauth]","@timestamp":"2022-09-12T03:29:47.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:29:49 honeypot-fra-1 kernel: [83827817.803564] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.227.211.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53793 PROTO=TCP SPT=61953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:29:49.752Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:04 honeypot-ams-1 sshd[11251]: Disconnected from invalid user user 45.61.184.204 port 48034 [preauth]","@timestamp":"2022-09-12T03:30:04.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:21 honeypot-ams-1 sshd[11255]: Disconnected from invalid user user 45.61.184.204 port 43284 [preauth]","@timestamp":"2022-09-12T03:30:21.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:12 honeypot-fra-1 sshd[1585]: Invalid user user from 45.61.184.204 port 39130","@timestamp":"2022-09-12T03:32:12.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:31 honeypot-fra-1 sshd[1589]: Invalid user user from 45.61.184.204 port 33722","@timestamp":"2022-09-12T03:32:31.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:48 honeypot-fra-1 sshd[1593]: Invalid user user from 45.61.184.204 port 56550","@timestamp":"2022-09-12T03:32:48.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:33:05 honeypot-fra-1 sshd[1597]: Invalid user user from 45.61.184.204 port 51136","@timestamp":"2022-09-12T03:33:05.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:35:44 honeypot-fra-1 kernel: [83828172.695827] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.16 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55084 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:35:44.893Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T03:36:33.820Z","@version":"1","message":"Sep 12 03:36:33 honeypot-sgp-1 kernel: [83829905.327962] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.28 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36365 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:49:03 honeypot-ams-1 sshd[11259]: Disconnected from authenticating user root 132.145.95.37 port 23185 [preauth]","@timestamp":"2022-09-12T03:49:04.285Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:51:08 honeypot-ams-1 sshd[11264]: Received disconnect from 192.241.174.44 port 36574:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:51:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:24 honeypot-ams-1 sshd[11267]: Disconnected from authenticating user root 92.255.85.70 port 15834 [preauth]","@timestamp":"2022-09-12T03:52:25.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:54 honeypot-ams-1 sshd[11273]: Disconnected from authenticating user root 104.45.17.110 port 45706 [preauth]","@timestamp":"2022-09-12T03:52:55.396Z"}
{"@timestamp":"2022-09-12T03:54:15.249Z","@version":"1","message":"Sep 12 03:54:14 honeypot-sgp-1 sshd[7327]: Disconnected from authenticating user root 34.91.0.68 port 32956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:33 honeypot-ams-1 sshd[11279]: Invalid user ubuntu from 46.19.141.122 port 47740","@timestamp":"2022-09-12T03:54:34.441Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:44 honeypot-ams-1 sshd[11281]: Disconnected from invalid user kv 209.73.215.135 port 36126 [preauth]","@timestamp":"2022-09-12T03:54:45.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:55:38 honeypot-ams-1 sshd[11288]: Invalid user ubnt from 46.19.141.122 port 44828","@timestamp":"2022-09-12T03:55:38.475Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:56:28 honeypot-ams-1 sshd[11292]: Received disconnect from 46.19.141.122 port 33476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:56:28.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:58:40 honeypot-ams-1 sshd[11296]: Connection closed by invalid user linan 103.188.176.251 port 42126 [preauth]","@timestamp":"2022-09-12T03:58:40.559Z"}
{"@timestamp":"2022-09-12T04:00:21.401Z","@version":"1","message":"Sep 12 04:00:20 honeypot-sgp-1 sshd[7332]: Connection closed by 162.142.125.211 port 33936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:02:03 honeypot-ams-1 sshd[11299]: Received disconnect from 91.240.118.222 port 55767:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-12T04:02:03.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:02:45 honeypot-fra-1 sshd[1608]: Invalid user linan from 103.188.176.251 port 49578","@timestamp":"2022-09-12T04:02:45.488Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:03:22.478Z","@version":"1","message":"Sep 12 04:03:21 honeypot-sgp-1 sshd[7340]: Did not receive identification string from 89.248.173.131 port 35600","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:05:18.529Z","@version":"1","message":"Sep 12 04:05:18 honeypot-sgp-1 sshd[7343]: Disconnected from invalid user tenancy 157.245.122.58 port 48142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:07:09.578Z","@version":"1","message":"Sep 12 04:07:09 honeypot-sgp-1 sshd[7347]: Disconnected from invalid user jonitwiso 157.245.122.58 port 46976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:09:01.627Z","@version":"1","message":"Sep 12 04:09:00 honeypot-sgp-1 sshd[7354]: Invalid user cypress from 157.245.122.58 port 45814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:09:26 honeypot-fra-1 sshd[1613]: Disconnected from invalid user kevin 165.22.45.108 port 46790 [preauth]","@timestamp":"2022-09-12T04:09:26.674Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1619]: Invalid user chia from 204.44.66.189 port 59042","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1644]: Invalid user chia from 204.44.66.189 port 59114","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1616]: Connection closed by invalid user testuser 204.44.66.189 port 59052 [preauth]","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1626]: Invalid user web from 204.44.66.189 port 59098","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1628]: Connection closed by authenticating user root 204.44.66.189 port 59090 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1629]: Connection closed by invalid user testuser 204.44.66.189 port 59068 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1624]: Connection closed by authenticating user root 204.44.66.189 port 59088 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1636]: Connection closed by invalid user oracle 204.44.66.189 port 59062 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:15:34 honeypot-ams-1 sshd[11305]: Received disconnect from 92.255.85.69 port 46914:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:15:34.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:17:01 honeypot-fra-1 CRON[1671]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T04:17:01.842Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:17:02.823Z","@version":"1","message":"Sep 12 04:17:01 honeypot-sgp-1 CRON[7359]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:32.838Z","@version":"1","message":"Sep 12 04:17:32 honeypot-sgp-1 sshd[7363]: Disconnected from invalid user user 45.61.186.169 port 57342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:50.848Z","@version":"1","message":"Sep 12 04:17:49 honeypot-sgp-1 sshd[7367]: Disconnected from invalid user user 45.61.186.169 port 52336 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:18:06.857Z","@version":"1","message":"Sep 12 04:18:06 honeypot-sgp-1 sshd[7371]: Disconnected from invalid user user 45.61.186.169 port 47316 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:18:19 honeypot-ams-1 sshd[11310]: Received disconnect from 93.147.129.222 port 57142:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:18:20.091Z"}
{"@timestamp":"2022-09-12T04:18:22.865Z","@version":"1","message":"Sep 12 04:18:22 honeypot-sgp-1 sshd[7375]: Disconnected from invalid user user 45.61.186.169 port 42326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:13 honeypot-ams-1 sshd[11316]: Invalid user user from 45.61.186.49 port 44426","@timestamp":"2022-09-12T04:20:14.144Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:23 honeypot-ams-1 sshd[11320]: Invalid user user from 45.61.186.49 port 56372","@timestamp":"2022-09-12T04:20:24.150Z"}
{"@timestamp":"2022-09-12T04:22:14.964Z","@version":"1","message":"Sep 12 04:22:14 honeypot-sgp-1 sshd[7379]: Disconnected from authenticating user root 103.240.110.130 port 49666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:23:01 honeypot-fra-1 sshd[1677]: Invalid user support from 218.88.215.122 port 57749","@timestamp":"2022-09-12T04:23:01.976Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:17 honeypot-ams-1 sshd[11324]: Received disconnect from 80.76.51.43 port 42016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:30:18.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:48 honeypot-ams-1 sshd[11328]: Received disconnect from 80.76.51.43 port 41570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:30:49.429Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:32:05 honeypot-fra-1 sshd[1682]: Received disconnect from 103.133.57.242 port 51422:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:32:06.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:37:48 honeypot-fra-1 kernel: [83831896.300456] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=43792 DF PROTO=TCP SPT=64463 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T04:37:48.307Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:38:43 honeypot-ams-1 sshd[11335]: Received disconnect from 92.255.85.70 port 43452:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:38:43.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:12 honeypot-ams-1 sshd[11340]: Invalid user user from 45.61.184.204 port 55534","@timestamp":"2022-09-12T04:40:12.698Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:40:28 honeypot-ams-1 kernel: [83834212.981035] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.76 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58729 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:40:28.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:40 honeypot-ams-1 sshd[11346]: Disconnected from invalid user user 45.61.184.204 port 35314 [preauth]","@timestamp":"2022-09-12T04:40:41.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:41:00 honeypot-ams-1 sshd[11350]: Received disconnect from 45.61.184.204 port 59480:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:41:00.730Z"}
{"@timestamp":"2022-09-12T04:43:54.490Z","@version":"1","message":"Sep 12 04:43:54 honeypot-sgp-1 kernel: [83833946.454228] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=42040 PROTO=TCP SPT=55985 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:45:09 honeypot-fra-1 sshd[1690]: Received disconnect from 122.170.105.253 port 36458:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:45:09.471Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:48:46 honeypot-ams-1 kernel: [83834711.225123] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46426 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:48:46.941Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:50:33 honeypot-fra-1 kernel: [83832661.215559] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51448 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:50:33.591Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T04:50:59.682Z","@version":"1","message":"Sep 12 04:50:59 honeypot-sgp-1 sshd[7402]: Disconnected from 157.245.9.6 port 44528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1706]: Invalid user vagrant from 212.87.251.118 port 45324","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1712]: Invalid user esuser from 212.87.251.118 port 45354","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1714]: Invalid user user from 212.87.251.118 port 45360","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1725]: Invalid user user from 212.87.251.118 port 45396","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1706]: Connection closed by invalid user vagrant 212.87.251.118 port 45324 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1716]: Connection closed by invalid user esuser 212.87.251.118 port 45370 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1700]: Connection closed by invalid user dev 212.87.251.118 port 45328 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1725]: Connection closed by invalid user user 212.87.251.118 port 45396 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1720]: Invalid user ubuntu from 212.87.251.118 port 45380","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:37 honeypot-fra-1 sshd[1728]: Connection closed by invalid user ubuntu 212.87.251.118 port 45420 [preauth]","@timestamp":"2022-09-12T04:55:37.707Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:56:22 honeypot-ams-1 sshd[11363]: Invalid user teamcity from 210.16.201.131 port 59640","@timestamp":"2022-09-12T04:56:23.146Z"}
{"@timestamp":"2022-09-12T04:59:13.885Z","@version":"1","message":"Sep 12 04:59:12 honeypot-sgp-1 sshd[7410]: Invalid user user from 45.61.186.49 port 35332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:59:22.890Z","@version":"1","message":"Sep 12 04:59:22 honeypot-sgp-1 sshd[7414]: Invalid user user from 45.61.186.49 port 46746","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:59:55 honeypot-fra-1 sshd[1763]: Received disconnect from 92.255.85.70 port 24078:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:59:56.803Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:00:44.925Z","@version":"1","message":"Sep 12 05:00:44 honeypot-sgp-1 sshd[7418]: Received disconnect from 200.123.21.242 port 45456:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:03:20 honeypot-ams-1 sshd[11366]: Disconnected from authenticating user root 92.255.85.69 port 37806 [preauth]","@timestamp":"2022-09-12T05:03:20.334Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:09:36 honeypot-fra-1 sshd[1768]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-12T05:09:37.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:11:48.191Z","@version":"1","message":"Sep 12 05:11:47 honeypot-sgp-1 kernel: [83835619.679166] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37362 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:14:42 honeypot-ams-1 sshd[11824]: Received disconnect from 45.61.186.249 port 54192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:14:43.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:01 honeypot-ams-1 sshd[11828]: Received disconnect from 45.61.186.249 port 49252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:15:01.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:19 honeypot-ams-1 sshd[11832]: Received disconnect from 45.61.186.249 port 44340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:15:19.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:37 honeypot-ams-1 sshd[11836]: Received disconnect from 45.61.186.249 port 39424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:15:38.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:17:01 honeypot-ams-1 CRON[11839]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T05:17:02.706Z"}
{"@timestamp":"2022-09-12T05:18:54.367Z","@version":"1","message":"Sep 12 05:18:54 honeypot-sgp-1 kernel: [83836045.988549] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=12484 DF PROTO=TCP SPT=53949 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:19:25 honeypot-fra-1 sshd[1775]: Disconnected from authenticating user root 51.83.71.70 port 39250 [preauth]","@timestamp":"2022-09-12T05:19:25.235Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:19:49.394Z","@version":"1","message":"Sep 12 05:19:48 honeypot-sgp-1 sshd[7431]: Disconnected from 68.183.25.156 port 33512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:20:29 honeypot-fra-1 sshd[1780]: Disconnected from invalid user kf 165.22.45.108 port 56800 [preauth]","@timestamp":"2022-09-12T05:20:30.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:22:08.454Z","@version":"1","message":"Sep 12 05:22:07 honeypot-sgp-1 sshd[7437]: Received disconnect from 185.51.128.152 port 56678:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:31:14 honeypot-fra-1 kernel: [83835102.071590] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17914 PROTO=TCP SPT=40527 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:31:14.501Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T05:32:21.698Z","@version":"1","message":"Sep 12 05:32:21 honeypot-sgp-1 sshd[7444]: Invalid user user from 45.61.187.160 port 50530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:41.710Z","@version":"1","message":"Sep 12 05:32:41 honeypot-sgp-1 sshd[7448]: Invalid user user from 45.61.187.160 port 45700","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:59.718Z","@version":"1","message":"Sep 12 05:32:59 honeypot-sgp-1 sshd[7452]: Invalid user user from 45.61.187.160 port 40934","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:33:17.727Z","@version":"1","message":"Sep 12 05:33:17 honeypot-sgp-1 sshd[7456]: Invalid user user from 45.61.187.160 port 36156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:34:28 honeypot-ams-1 kernel: [83837453.337770] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=60943 PROTO=TCP SPT=40527 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:34:29.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:09 honeypot-ams-1 sshd[11850]: Received disconnect from 45.61.187.160 port 59786:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:35:10.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:28 honeypot-ams-1 sshd[11854]: Received disconnect from 45.61.187.160 port 54480:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:35:28.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:45 honeypot-ams-1 sshd[11858]: Received disconnect from 45.61.187.160 port 49170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:35:46.208Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:39:47 honeypot-ams-1 kernel: [83837772.503596] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=58358 DF PROTO=TCP SPT=42794 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:39:48.313Z"}
{"@timestamp":"2022-09-12T05:40:29.903Z","@version":"1","message":"Sep 12 05:40:29 honeypot-sgp-1 sshd[7460]: Connection closed by invalid user support 67.249.160.145 port 43182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:38 honeypot-fra-1 sshd[1791]: Disconnected from invalid user user 141.255.162.226 port 40170 [preauth]","@timestamp":"2022-09-12T05:44:39.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:41 honeypot-fra-1 sshd[1795]: Disconnected from invalid user user 141.255.162.226 port 47256 [preauth]","@timestamp":"2022-09-12T05:44:41.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:45 honeypot-fra-1 sshd[1799]: Disconnected from invalid user user 141.255.162.226 port 54238 [preauth]","@timestamp":"2022-09-12T05:44:45.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:48:38 honeypot-fra-1 kernel: [83836146.025692] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.223.115.11 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14885 PROTO=TCP SPT=41312 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:48:38.890Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:49:55 honeypot-ams-1 sshd[11868]: Invalid user user from 68.183.236.92 port 52932","@timestamp":"2022-09-12T05:49:56.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:51:36 honeypot-ams-1 sshd[11870]: Received disconnect from 95.86.165.90 port 36544:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:51:36.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:52:01 honeypot-fra-1 kernel: [83836349.065831] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=44830 DF PROTO=TCP SPT=62626 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T05:52:01.969Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T05:54:47.248Z","@version":"1","message":"Sep 12 05:54:46 honeypot-sgp-1 kernel: [83838198.297067] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44129 PROTO=TCP SPT=52425 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:02 honeypot-fra-1 sshd[1810]: Received disconnect from 45.61.187.160 port 53566:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:55:03.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:20 honeypot-fra-1 sshd[1814]: Received disconnect from 45.61.187.160 port 49546:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:55:21.046Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:37 honeypot-fra-1 sshd[1818]: Received disconnect from 45.61.187.160 port 45524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:55:38.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:56:10 honeypot-fra-1 sshd[1822]: Received disconnect from 165.22.45.108 port 33418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:56:11.068Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:00:54.396Z","@version":"1","message":"Sep 12 06:00:53 honeypot-sgp-1 sshd[7472]: Received disconnect from 141.255.162.226 port 38214:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:00:58.398Z","@version":"1","message":"Sep 12 06:00:58 honeypot-sgp-1 sshd[7476]: Received disconnect from 141.255.162.226 port 45006:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:05:11.505Z","@version":"1","message":"Sep 12 06:05:10 honeypot-sgp-1 sshd[7574]: Invalid user pi from 161.8.12.170 port 40764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:06:38 honeypot-fra-1 sshd[1828]: Did not receive identification string from 152.32.249.159 port 46664","@timestamp":"2022-09-12T06:06:39.300Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:09:24 honeypot-ams-1 kernel: [83839549.726749] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.150.143.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=62386 PROTO=TCP SPT=50013 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:09:25.103Z"}
{"@timestamp":"2022-09-12T06:12:48.692Z","@version":"1","message":"Sep 12 06:12:48 honeypot-sgp-1 kernel: [83839280.461864] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=12221 PROTO=TCP SPT=42403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1929]: Invalid user admin from 185.196.220.81 port 52714","@timestamp":"2022-09-12T06:15:33.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1933]: Invalid user ubnt from 185.196.220.81 port 53856","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1937]: Received disconnect from 185.196.220.81 port 55100:11: end [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1941]: Disconnected from invalid user support 185.196.220.81 port 56420 [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1947]: Invalid user admin from 185.196.220.81 port 58598","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1951]: Received disconnect from 185.196.220.81 port 60026:11: end [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1955]: Disconnected from invalid user Admin 185.196.220.81 port 32978 [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1959]: Disconnected from invalid user admin 185.196.220.81 port 34684 [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1965]: Invalid user user from 185.196.220.81 port 37172","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1969]: Received disconnect from 185.196.220.81 port 38838:11: end [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1973]: Disconnected from authenticating user root 185.196.220.81 port 40552 [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1979]: Invalid user Admin from 185.196.220.81 port 43088","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1983]: Invalid user Admin from 185.196.220.81 port 44628","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1987]: Invalid user user from 185.196.220.81 port 46196","@timestamp":"2022-09-12T06:15:39.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:41 honeypot-fra-1 sshd[1991]: Invalid user support from 91.103.30.86 port 53556","@timestamp":"2022-09-12T06:15:42.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:17:01 honeypot-ams-1 CRON[11879]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T06:17:02.296Z"}
{"@timestamp":"2022-09-12T06:21:53.914Z","@version":"1","message":"Sep 12 06:21:53 honeypot-sgp-1 sshd[7586]: Disconnected from invalid user sysgames 209.141.52.250 port 53254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:25:01 honeypot-fra-1 CRON[1998]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T06:25:02.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:29:20.107Z","@version":"1","message":"Sep 12 06:29:19 honeypot-sgp-1 sshd[7734]: Received disconnect from 161.35.113.79 port 54636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:30:57 honeypot-ams-1 sshd[12144]: Invalid user manager from 103.188.176.251 port 56236","@timestamp":"2022-09-12T06:30:58.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:31:09 honeypot-fra-1 sshd[2132]: Disconnected from invalid user kf 165.22.45.108 port 39598 [preauth]","@timestamp":"2022-09-12T06:31:09.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:34:15 honeypot-fra-1 sshd[2140]: Disconnected from authenticating user root 92.255.85.70 port 36048 [preauth]","@timestamp":"2022-09-12T06:34:15.925Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:36:06 honeypot-ams-1 sshd[12149]: Received disconnect from 92.255.85.69 port 20590:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:36:06.797Z"}
{"@timestamp":"2022-09-12T06:36:19.278Z","@version":"1","message":"Sep 12 06:36:18 honeypot-sgp-1 kernel: [83840690.254311] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.232.46.222 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21395 PROTO=TCP SPT=44339 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:38:30 honeypot-fra-1 kernel: [83839138.471426] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=6575 PROTO=TCP SPT=44070 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:38:31.026Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:43:42 honeypot-ams-1 sshd[12155]: Invalid user user from 45.61.187.160 port 50548","@timestamp":"2022-09-12T06:43:42.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:43:51 honeypot-ams-1 sshd[12157]: Disconnected from invalid user user 45.61.187.160 port 34308 [preauth]","@timestamp":"2022-09-12T06:43:52.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:09 honeypot-ams-1 sshd[12161]: Received disconnect from 45.61.187.160 port 58322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T06:44:10.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:26 honeypot-ams-1 sshd[12165]: Received disconnect from 45.61.187.160 port 54096:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T06:44:27.022Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:50:37 honeypot-fra-1 sshd[2152]: Connection closed by authenticating user root 37.119.20.130 port 55631 [preauth]","@timestamp":"2022-09-12T06:50:37.295Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:51:51.679Z","@version":"1","message":"Sep 12 06:51:51 honeypot-sgp-1 sshd[7742]: Disconnected from invalid user ubuntu 137.184.207.13 port 34764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:54:03 honeypot-ams-1 sshd[12170]: Received disconnect from 157.230.233.185 port 42340:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:54:04.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:54:07 honeypot-fra-1 sshd[2158]: Disconnected from invalid user mpy 124.160.96.249 port 34066 [preauth]","@timestamp":"2022-09-12T06:54:07.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:55:00.760Z","@version":"1","message":"Sep 12 06:55:00 honeypot-sgp-1 sshd[7748]: Received disconnect from 92.255.85.69 port 22232:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:57:45.833Z","@version":"1","message":"Sep 12 06:57:45 honeypot-sgp-1 sshd[7755]: Invalid user service from 165.227.83.174 port 42572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:00:12 honeypot-ams-1 sshd[12175]: Received disconnect from 92.255.85.69 port 31330:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:00:13.452Z"}
{"@timestamp":"2022-09-12T07:03:09.967Z","@version":"1","message":"Sep 12 07:03:09 honeypot-sgp-1 sshd[7760]: Disconnected from 68.183.141.36 port 36136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:06:27 honeypot-fra-1 sshd[2165]: Disconnected from invalid user kf 165.22.45.108 port 44470 [preauth]","@timestamp":"2022-09-12T07:06:27.650Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:13:41.228Z","@version":"1","message":"Sep 12 07:13:41 honeypot-sgp-1 sshd[7766]: Disconnected from invalid user sashaspaket 203.190.55.203 port 46952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:14 honeypot-fra-1 sshd[2171]: Received disconnect from 45.61.184.204 port 34124:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:16:14.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:34 honeypot-fra-1 sshd[2175]: Received disconnect from 45.61.184.204 port 57714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:16:34.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:53 honeypot-fra-1 sshd[2179]: Received disconnect from 45.61.184.204 port 53066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:16:53.889Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:17:01 honeypot-ams-1 CRON[12183]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T07:17:01.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:01 honeypot-fra-1 sshd[2181]: Disconnected from invalid user user 45.61.184.204 port 36634 [preauth]","@timestamp":"2022-09-12T07:17:01.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:19:48 honeypot-fra-1 sshd[2189]: Connection closed by invalid user User 179.60.147.69 port 24944 [preauth]","@timestamp":"2022-09-12T07:19:48.961Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:21:20.418Z","@version":"1","message":"Sep 12 07:21:19 honeypot-sgp-1 sshd[7774]: Did not receive identification string from 141.255.162.226 port 33712","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:29.423Z","@version":"1","message":"Sep 12 07:21:29 honeypot-sgp-1 sshd[7777]: Disconnected from invalid user user 141.255.162.226 port 52784 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:34.426Z","@version":"1","message":"Sep 12 07:21:33 honeypot-sgp-1 sshd[7781]: Disconnected from invalid user user 141.255.162.226 port 59032 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:21:38 honeypot-ams-1 kernel: [83843883.146570] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.141 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39782 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:21:39.003Z"}
{"@timestamp":"2022-09-12T07:23:13.471Z","@version":"1","message":"Sep 12 07:23:12 honeypot-sgp-1 sshd[7785]: Disconnected from invalid user gambam 188.254.0.160 port 39212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:25:28 honeypot-fra-1 sshd[2197]: Connection closed by invalid user admin 195.242.232.122 port 46153 [preauth]","@timestamp":"2022-09-12T07:25:28.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:21 honeypot-fra-1 sshd[2202]: Received disconnect from 45.61.187.160 port 40656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:26:22.129Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:39 honeypot-fra-1 sshd[2206]: Received disconnect from 45.61.187.160 port 36120:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:26:40.137Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:56 honeypot-fra-1 sshd[2210]: Received disconnect from 45.61.187.160 port 59804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:26:56.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:28:59.646Z","@version":"1","message":"Sep 12 07:28:58 honeypot-sgp-1 sshd[7792]: Received disconnect from 77.24.124.41 port 48566:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:12 honeypot-ams-1 sshd[12193]: Received disconnect from 45.61.186.249 port 60244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:32:13.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:33 honeypot-ams-1 sshd[12198]: Received disconnect from 45.61.186.249 port 55984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:32:34.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:52 honeypot-ams-1 sshd[12202]: Received disconnect from 45.61.186.249 port 51666:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:32:53.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:33:09 honeypot-ams-1 sshd[12206]: Received disconnect from 45.61.186.249 port 47392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:33:10.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:33 honeypot-fra-1 sshd[2217]: Invalid user user from 141.255.162.226 port 49506","@timestamp":"2022-09-12T07:33:33.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:34 honeypot-fra-1 sshd[2221]: Invalid user user from 141.255.162.226 port 56212","@timestamp":"2022-09-12T07:33:35.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:39 honeypot-fra-1 sshd[2225]: Invalid user user from 141.255.162.226 port 48100","@timestamp":"2022-09-12T07:33:40.296Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:40:25 honeypot-fra-1 sshd[2228]: Disconnected from invalid user ekp 178.154.205.230 port 44526 [preauth]","@timestamp":"2022-09-12T07:40:26.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:41:59 honeypot-fra-1 sshd[2232]: Disconnected from invalid user ircop 192.241.157.126 port 36472 [preauth]","@timestamp":"2022-09-12T07:42:00.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:42:13.972Z","@version":"1","message":"Sep 12 07:42:13 honeypot-sgp-1 sshd[7800]: Received disconnect from 92.255.85.69 port 45470:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:43:00 honeypot-fra-1 sshd[2238]: Invalid user ubnt from 122.187.155.50 port 54677","@timestamp":"2022-09-12T07:43:00.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:43:50 honeypot-ams-1 kernel: [83845214.956553] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=30304 PROTO=TCP SPT=5708 DPT=80 WINDOW=24076 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:43:50.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:44:11 honeypot-fra-1 sshd[2242]: Disconnected from invalid user kai 143.110.189.191 port 34786 [preauth]","@timestamp":"2022-09-12T07:44:11.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:45:18 honeypot-fra-1 sshd[2249]: Received disconnect from 143.244.158.100 port 56282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:45:19.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:46:31 honeypot-fra-1 sshd[2253]: Disconnected from invalid user ftp_user 128.199.99.204 port 34504 [preauth]","@timestamp":"2022-09-12T07:46:32.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:48:31 honeypot-fra-1 sshd[2259]: Received disconnect from 143.244.158.100 port 53578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:48:31.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:50:05 honeypot-fra-1 sshd[2263]: Disconnected from authenticating user root 143.244.158.100 port 48616 [preauth]","@timestamp":"2022-09-12T07:50:05.685Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:50:11 honeypot-ams-1 kernel: [83845596.316276] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.32 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60189 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:50:11.777Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:52:26 honeypot-fra-1 sshd[2270]: Disconnected from authenticating user root 143.244.158.100 port 37276 [preauth]","@timestamp":"2022-09-12T07:52:26.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:54:23 honeypot-fra-1 kernel: [83843691.084107] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=19399 PROTO=TCP SPT=43015 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:54:23.787Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:55:44 honeypot-fra-1 sshd[2280]: Disconnected from authenticating user root 143.244.158.100 port 43376 [preauth]","@timestamp":"2022-09-12T07:55:44.820Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:57:28.349Z","@version":"1","message":"Sep 12 07:57:27 honeypot-sgp-1 sshd[7804]: Invalid user support from 116.228.125.70 port 44727","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:58:10 honeypot-fra-1 sshd[2287]: Disconnected from authenticating user root 143.244.158.100 port 44130 [preauth]","@timestamp":"2022-09-12T07:58:10.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:59:25 honeypot-fra-1 sshd[2293]: Connection closed by authenticating user root 38.89.156.66 port 48278 [preauth]","@timestamp":"2022-09-12T07:59:26.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:01:36 honeypot-fra-1 sshd[2300]: Disconnected from authenticating user root 143.244.158.100 port 49788 [preauth]","@timestamp":"2022-09-12T08:01:36.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:02:48 honeypot-fra-1 sshd[2304]: Disconnected from authenticating user root 128.199.91.252 port 49802 [preauth]","@timestamp":"2022-09-12T08:02:48.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:04:20 honeypot-fra-1 sshd[2310]: Disconnected from authenticating user root 182.75.139.26 port 44405 [preauth]","@timestamp":"2022-09-12T08:04:21.027Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:21 honeypot-ams-1 sshd[12223]: Received disconnect from 45.61.186.249 port 35084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:04:21.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:41 honeypot-ams-1 sshd[12227]: Received disconnect from 45.61.186.249 port 58950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:04:42.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:00 honeypot-ams-1 sshd[12231]: Received disconnect from 45.61.186.249 port 54576:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:05:01.164Z"}
{"@timestamp":"2022-09-12T08:05:14.545Z","@version":"1","message":"Sep 12 08:05:14 honeypot-sgp-1 sshd[7808]: Received disconnect from 92.255.85.69 port 54692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:16 honeypot-ams-1 sshd[12235]: Received disconnect from 45.61.186.249 port 50194:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:05:17.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:06:20 honeypot-fra-1 sshd[2316]: Disconnected from authenticating user root 143.244.158.100 port 51344 [preauth]","@timestamp":"2022-09-12T08:06:21.075Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:08:17 honeypot-fra-1 sshd[2323]: Invalid user baikal from 92.255.85.69 port 32506","@timestamp":"2022-09-12T08:08:18.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:09:35 honeypot-fra-1 sshd[2327]: Disconnected from authenticating user root 143.244.158.100 port 59516 [preauth]","@timestamp":"2022-09-12T08:09:36.152Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:10:59 honeypot-ams-1 sshd[12238]: Disconnected from invalid user baikal 92.255.85.69 port 59530 [preauth]","@timestamp":"2022-09-12T08:11:00.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:11:13 honeypot-fra-1 sshd[2334]: Received disconnect from 143.244.158.100 port 49774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:11:14.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:12:44 honeypot-fra-1 sshd[2360]: Received disconnect from 162.243.28.146 port 53466:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:12:44.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:13:36 honeypot-fra-1 sshd[2364]: Disconnected from invalid user mc 157.230.6.213 port 58214 [preauth]","@timestamp":"2022-09-12T08:13:36.252Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:14:11.791Z","@version":"1","message":"Sep 12 08:14:11 honeypot-sgp-1 sshd[7811]: Connection closed by invalid user yueyiran 137.116.144.39 port 59246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:15:22 honeypot-fra-1 sshd[2370]: Disconnected from authenticating user root 143.244.158.100 port 50568 [preauth]","@timestamp":"2022-09-12T08:15:23.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:16:53 honeypot-fra-1 sshd[2376]: Received disconnect from 165.22.45.108 port 54190:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:16:54.333Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:17:01 honeypot-ams-1 CRON[12243]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T08:17:01.481Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:17:46 honeypot-fra-1 sshd[2384]: Received disconnect from 143.244.158.100 port 48212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:17:46.354Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:18:49.912Z","@version":"1","message":"Sep 12 08:18:49 honeypot-sgp-1 sshd[7818]: Received disconnect from 177.229.134.50 port 12503:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:19:27 honeypot-fra-1 sshd[2388]: Disconnected from authenticating user root 143.244.158.100 port 46078 [preauth]","@timestamp":"2022-09-12T08:19:28.395Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:19:40 honeypot-ams-1 kernel: [83847364.901748] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=39452 PROTO=TCP SPT=61509 DPT=80 WINDOW=45325 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:19:40.553Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:21:09 honeypot-fra-1 sshd[2394]: Received disconnect from 143.244.158.100 port 36802:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:21:10.435Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:45 honeypot-ams-1 sshd[12254]: Received disconnect from 141.255.162.226 port 49112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:21:46.614Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:47 honeypot-ams-1 sshd[12258]: Received disconnect from 141.255.162.226 port 34652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:21:47.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:52 honeypot-ams-1 sshd[12262]: Received disconnect from 141.255.162.226 port 48416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:21:52.617Z"}
{"@timestamp":"2022-09-12T08:21:55.990Z","@version":"1","message":"Sep 12 08:21:55 honeypot-sgp-1 sshd[7844]: Disconnected from invalid user steam 159.223.52.187 port 48544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:22:32 honeypot-ams-1 kernel: [83847537.701623] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.195 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=9419 PROTO=TCP SPT=34191 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:22:33.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:23:35 honeypot-fra-1 sshd[2401]: Received disconnect from 143.244.158.100 port 37174:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:23:35.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:25:58 honeypot-fra-1 sshd[2407]: Received disconnect from 143.244.158.100 port 41366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:25:58.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:31:21 honeypot-fra-1 sshd[2423]: Disconnected from authenticating user root 92.255.85.70 port 20352 [preauth]","@timestamp":"2022-09-12T08:31:21.672Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:34:00 honeypot-ams-1 sshd[12287]: Received disconnect from 92.255.85.69 port 20538:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:34:00.953Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:36:22 honeypot-fra-1 sshd[2432]: Disconnected from authenticating user root 134.122.66.121 port 36666 [preauth]","@timestamp":"2022-09-12T08:36:23.787Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:37:13 honeypot-ams-1 kernel: [83848417.896710] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.120.202.242 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=21080 DF PROTO=TCP SPT=51092 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:37:14.041Z"}
{"@timestamp":"2022-09-12T08:37:12.370Z","@version":"1","message":"Sep 12 08:37:11 honeypot-sgp-1 kernel: [83847943.531821] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.56.83.212 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10557 PROTO=TCP SPT=40211 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:27.480Z","@version":"1","message":"Sep 12 08:41:26 honeypot-sgp-1 sshd[7853]: Disconnected from invalid user user 45.61.186.169 port 49932 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:44.489Z","@version":"1","message":"Sep 12 08:41:44 honeypot-sgp-1 sshd[7857]: Disconnected from invalid user user 45.61.186.169 port 45726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:01.498Z","@version":"1","message":"Sep 12 08:42:00 honeypot-sgp-1 sshd[7861]: Disconnected from invalid user user 45.61.186.169 port 41536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:16.507Z","@version":"1","message":"Sep 12 08:42:16 honeypot-sgp-1 sshd[7866]: Received disconnect from 45.61.186.169 port 37342:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:45:52 honeypot-fra-1 sshd[2439]: Disconnected from invalid user ogp_agent 60.10.160.73 port 43210 [preauth]","@timestamp":"2022-09-12T08:45:52.999Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:45:58 honeypot-ams-1 kernel: [83848943.151802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=56440 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:45:59.270Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:52:00 honeypot-fra-1 sshd[2447]: Invalid user kfinck from 165.22.45.108 port 59040","@timestamp":"2022-09-12T08:52:01.139Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:52:02.749Z","@version":"1","message":"Sep 12 08:52:02 honeypot-sgp-1 sshd[7871]: Received disconnect from 92.255.85.70 port 20716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:53:25 honeypot-fra-1 kernel: [83847232.665650] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=52374 PROTO=TCP SPT=49003 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:53:26.172Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:13 honeypot-ams-1 sshd[12295]: Received disconnect from 141.255.162.226 port 33410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:54:14.486Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:18 honeypot-ams-1 sshd[12299]: Received disconnect from 141.255.162.226 port 47404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:54:19.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:20 honeypot-ams-1 sshd[12303]: Received disconnect from 141.255.162.226 port 54402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:54:21.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:55:01 honeypot-fra-1 sshd[2455]: Disconnected from authenticating user root 92.255.85.69 port 46402 [preauth]","@timestamp":"2022-09-12T08:55:01.212Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:56:36 honeypot-ams-1 sshd[12307]: Connection closed by invalid user User 179.60.147.69 port 35098 [preauth]","@timestamp":"2022-09-12T08:56:36.550Z"}
{"@timestamp":"2022-09-12T08:57:14.882Z","@version":"1","message":"Sep 12 08:57:14 honeypot-sgp-1 kernel: [83849146.384447] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=45167 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:59:48 honeypot-fra-1 sshd[2460]: Invalid user support from 45.51.117.228 port 33633","@timestamp":"2022-09-12T08:59:49.323Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:05:37.117Z","@version":"1","message":"Sep 12 09:05:36 honeypot-sgp-1 kernel: [83849648.324471] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.65.119.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=45209 DF PROTO=TCP SPT=48425 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:05 honeypot-fra-1 sshd[2466]: Received disconnect from 45.61.186.49 port 43380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:06:06.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:14 honeypot-fra-1 sshd[2470]: Received disconnect from 45.61.186.49 port 54984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:06:15.468Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:06:39 honeypot-ams-1 kernel: [83850184.748773] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=5412 PROTO=TCP SPT=53203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:06:40.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:09:02 honeypot-fra-1 sshd[2474]: Invalid user zabbix from 103.188.176.251 port 34698","@timestamp":"2022-09-12T09:09:03.533Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:09:54.224Z","@version":"1","message":"Sep 12 09:09:53 honeypot-sgp-1 kernel: [83849904.969255] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=228 ID=54564 PROTO=TCP SPT=53203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:16:46 honeypot-ams-1 sshd[12317]: Disconnected from authenticating user root 104.248.117.154 port 54336 [preauth]","@timestamp":"2022-09-12T09:16:47.069Z"}
{"@timestamp":"2022-09-12T09:17:01.406Z","@version":"1","message":"Sep 12 09:17:01 honeypot-sgp-1 CRON[7884]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:17:01 honeypot-fra-1 CRON[2480]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T09:17:01.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:18:28 honeypot-fra-1 sshd[2485]: Disconnected from authenticating user root 92.255.85.69 port 45820 [preauth]","@timestamp":"2022-09-12T09:18:29.767Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:19:27 honeypot-ams-1 sshd[12324]: Received disconnect from 190.144.139.235 port 35753:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:19:27.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:20:36 honeypot-ams-1 sshd[12328]: Invalid user test from 92.50.249.166 port 52808","@timestamp":"2022-09-12T09:20:37.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:23:12 honeypot-ams-1 sshd[12333]: Disconnected from authenticating user root 91.144.158.231 port 61917 [preauth]","@timestamp":"2022-09-12T09:23:13.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:25:05 honeypot-fra-1 sshd[2493]: Received disconnect from 43.154.50.12 port 34014:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:25:05.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:27:02.650Z","@version":"1","message":"Sep 12 09:27:02 honeypot-sgp-1 sshd[7889]: Disconnected from invalid user zv 60.220.185.61 port 47070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:27:06 honeypot-ams-1 sshd[12339]: Disconnected from authenticating user root 206.189.233.82 port 54378 [preauth]","@timestamp":"2022-09-12T09:27:07.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:27:08 honeypot-fra-1 sshd[2497]: Disconnected from invalid user kf 165.22.45.108 port 35672 [preauth]","@timestamp":"2022-09-12T09:27:08.968Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:33:57 honeypot-fra-1 kernel: [83849665.157070] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=17285 PROTO=TCP SPT=55202 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:33:58.127Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T09:37:04.899Z","@version":"1","message":"Sep 12 09:37:04 honeypot-sgp-1 kernel: [83851535.920647] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.199.16.163 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=14062 DF PROTO=TCP SPT=54322 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:37:13 honeypot-fra-1 sshd[2509]: Received disconnect from 52.231.162.138 port 55710:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:37:14.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:41:59 honeypot-fra-1 sshd[2514]: Disconnected from authenticating user root 92.255.85.70 port 39982 [preauth]","@timestamp":"2022-09-12T09:41:59.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:44:18 honeypot-ams-1 kernel: [83852443.469715] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=4605 PROTO=TCP SPT=56526 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:44:18.785Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:37 honeypot-fra-1 sshd[2521]: Disconnected from invalid user user 45.61.186.49 port 51488 [preauth]","@timestamp":"2022-09-12T09:44:38.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:46 honeypot-fra-1 sshd[2525]: Disconnected from invalid user user 45.61.186.49 port 35180 [preauth]","@timestamp":"2022-09-12T09:44:47.377Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:47:00.145Z","@version":"1","message":"Sep 12 09:46:59 honeypot-sgp-1 kernel: [83852131.633502] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=12753 DF PROTO=TCP SPT=63270 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:50:03 honeypot-fra-1 sshd[2533]: Invalid user frederica from 147.182.171.152 port 49236","@timestamp":"2022-09-12T09:50:04.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:52:41 honeypot-ams-1 kernel: [83852946.153313] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.40.45.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=15097 PROTO=TCP SPT=34389 DPT=80 WINDOW=23350 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:52:41.998Z"}
{"@timestamp":"2022-09-12T09:53:12.302Z","@version":"1","message":"Sep 12 09:53:12 honeypot-sgp-1 kernel: [83852503.802796] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=113 ID=15486 PROTO=TCP SPT=9111 DPT=80 WINDOW=5029 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T09:55:32.383Z","@version":"1","message":"Sep 12 09:55:32 honeypot-sgp-1 kernel: [83852643.899182] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=4321 DF PROTO=TCP SPT=52667 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2551]: Invalid user nexus from 51.79.254.140 port 52186","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2550]: Invalid user tomcat from 51.79.254.140 port 52114","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2549]: Invalid user test from 51.79.254.140 port 52130","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2544]: Connection closed by authenticating user root 51.79.254.140 port 52288 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2554]: Connection closed by invalid user es 51.79.254.140 port 52158 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2547]: Connection closed by authenticating user root 51.79.254.140 port 52286 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2540]: Connection closed by invalid user test 51.79.254.140 port 52180 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2549]: Connection closed by invalid user test 51.79.254.140 port 52130 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2586]: Connection closed by authenticating user root 51.79.254.140 port 52252 [preauth]","@timestamp":"2022-09-12T10:01:37.755Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:02:09.548Z","@version":"1","message":"Sep 12 10:02:09 honeypot-sgp-1 sshd[7913]: Received disconnect from 103.147.159.49 port 38488:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:02:34 honeypot-fra-1 sshd[2619]: Invalid user kf from 165.22.45.108 port 40548","@timestamp":"2022-09-12T10:02:34.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:04:39 honeypot-ams-1 sshd[12359]: Connection closed by invalid user User 179.60.147.69 port 17514 [preauth]","@timestamp":"2022-09-12T10:04:40.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:06:21 honeypot-ams-1 sshd[12366]: Invalid user admin from 46.19.141.122 port 35708","@timestamp":"2022-09-12T10:06:22.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:07:04 honeypot-ams-1 sshd[12371]: Invalid user ubuntu from 46.19.141.122 port 50712","@timestamp":"2022-09-12T10:07:04.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:07:41 honeypot-ams-1 sshd[12375]: Received disconnect from 46.19.141.122 port 37466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:07:42.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:08:13 honeypot-ams-1 sshd[12379]: Disconnected from invalid user ubnt 46.19.141.122 port 44970 [preauth]","@timestamp":"2022-09-12T10:08:14.408Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:08:58 honeypot-fra-1 kernel: [83851765.513313] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.229.61.193 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=11148 PROTO=TCP SPT=52376 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:08:58.927Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:09:03 honeypot-ams-1 sshd[12383]: Received disconnect from 46.19.141.122 port 59968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:09:04.433Z"}
{"@timestamp":"2022-09-12T10:10:10.745Z","@version":"1","message":"Sep 12 10:10:09 honeypot-sgp-1 kernel: [83853521.507663] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.118.53.196 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=3587 PROTO=TCP SPT=26282 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:12:04 honeypot-fra-1 sshd[2628]: Received disconnect from 157.245.122.58 port 37748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:12:04.999Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:14 honeypot-ams-1 sshd[12389]: Received disconnect from 45.61.186.49 port 58482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:12:15.518Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:20 honeypot-ams-1 sshd[12391]: Connection closed by invalid user support 58.216.218.238 port 33555 [preauth]","@timestamp":"2022-09-12T10:12:21.522Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:28 honeypot-ams-1 sshd[12397]: Disconnected from invalid user user 45.61.186.49 port 48250 [preauth]","@timestamp":"2022-09-12T10:12:28.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:13:01 honeypot-fra-1 sshd[2630]: Received disconnect from 157.245.122.58 port 51288:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:13:02.023Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:14:28.851Z","@version":"1","message":"Sep 12 10:14:28 honeypot-sgp-1 sshd[7924]: Connection closed by invalid user pi 136.37.6.214 port 38755 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:14:33 honeypot-fra-1 sshd[2635]: Invalid user User from 179.60.147.69 port 26778","@timestamp":"2022-09-12T10:14:34.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:15:23 honeypot-ams-1 kernel: [83854307.872247] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=39759 PROTO=TCP SPT=43901 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:15:23.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:15:44 honeypot-fra-1 sshd[2639]: Received disconnect from 157.245.122.58 port 35418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:15:45.090Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:17:01 honeypot-fra-1 CRON[2643]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T10:17:02.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2665]: Invalid user admin from 81.69.194.231 port 57580","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2649]: Connection closed by authenticating user root 81.69.194.231 port 57598 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2650]: Invalid user bot from 81.69.194.231 port 57548","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2661]: Invalid user postgres from 81.69.194.231 port 57530","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2652]: Connection closed by invalid user admin 81.69.194.231 port 57536 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2669]: Connection closed by invalid user lighthouse 81.69.194.231 port 57562 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2660]: Connection closed by authenticating user root 81.69.194.231 port 57538 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:36 honeypot-fra-1 sshd[2668]: Connection closed by invalid user vnc 81.69.194.231 port 57590 [preauth]","@timestamp":"2022-09-12T10:18:37.162Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2701]: Invalid user centos from 217.115.58.242 port 57122","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2715]: Connection closed by invalid user testuser 217.115.58.242 port 57200 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2707]: Connection closed by invalid user ts3 217.115.58.242 port 57136 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2704]: Invalid user test from 217.115.58.242 port 57138","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2735]: Invalid user appuser from 217.115.58.242 port 57152","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2744]: Invalid user ansible from 217.115.58.242 port 57186","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2740]: Connection closed by invalid user kafka 217.115.58.242 port 57180 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2734]: Invalid user devops from 217.115.58.242 port 57162","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2757]: Invalid user www from 217.115.58.242 port 57216","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:20:06 honeypot-ams-1 kernel: [83854590.915777] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=60384 DF PROTO=TCP SPT=34432 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:20:06.724Z"}
{"@timestamp":"2022-09-12T10:20:44.005Z","@version":"1","message":"Sep 12 10:20:43 honeypot-sgp-1 sshd[7932]: Received disconnect from 45.61.186.49 port 48638:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:20:54.011Z","@version":"1","message":"Sep 12 10:20:53 honeypot-sgp-1 sshd[7936]: Received disconnect from 45.61.186.49 port 60452:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:23:53.086Z","@version":"1","message":"Sep 12 10:23:52 honeypot-sgp-1 sshd[7940]: Disconnected from invalid user packer 146.19.133.233 port 43314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:25:27 honeypot-fra-1 kernel: [83852754.240640] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=28122 PROTO=TCP SPT=57967 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:25:27.314Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:29:23 honeypot-fra-1 sshd[2767]: Disconnected from authenticating user root 92.255.85.70 port 43812 [preauth]","@timestamp":"2022-09-12T10:29:24.407Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:30:52.257Z","@version":"1","message":"Sep 12 10:30:52 honeypot-sgp-1 kernel: [83854763.881059] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.156.155.3 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33467 PROTO=TCP SPT=57875 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:31:15 honeypot-ams-1 sshd[12416]: Received disconnect from 92.255.85.69 port 28782:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:31:16.011Z"}
{"@timestamp":"2022-09-12T10:38:27.444Z","@version":"1","message":"Sep 12 10:38:26 honeypot-sgp-1 sshd[7950]: Disconnected from invalid user jsl 103.242.166.5 port 41030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:42:00 honeypot-ams-1 sshd[12421]: Connection closed by invalid user User 179.60.147.69 port 2798 [preauth]","@timestamp":"2022-09-12T10:42:01.291Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:43:07 honeypot-fra-1 kernel: [83853814.504450] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.128.127.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=11441 PROTO=TCP SPT=59336 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:43:07.717Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T10:44:34.598Z","@version":"1","message":"Sep 12 10:44:34 honeypot-sgp-1 sshd[7955]: Disconnected from invalid user ubnt 186.234.249.196 port 30863 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:44:46.604Z","@version":"1","message":"Sep 12 10:44:46 honeypot-sgp-1 sshd[7957]: Disconnected from invalid user gestiongestion 20.224.226.157 port 47250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:48:07 honeypot-ams-1 sshd[12434]: Received disconnect from 201.72.190.98 port 55934:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:48:07.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:50:19 honeypot-ams-1 sshd[12441]: Invalid user odoo from 157.245.122.58 port 37246","@timestamp":"2022-09-12T10:50:19.505Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:51:39 honeypot-ams-1 kernel: [83856484.311764] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.128.127.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=23972 PROTO=TCP SPT=59336 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:51:40.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:52:58 honeypot-ams-1 sshd[12447]: Disconnected from invalid user jonitwiso 157.245.122.58 port 49618 [preauth]","@timestamp":"2022-09-12T10:52:58.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:53:51 honeypot-ams-1 sshd[12453]: Disconnected from invalid user jonitiso 157.245.122.58 port 34920 [preauth]","@timestamp":"2022-09-12T10:53:52.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:55:23 honeypot-fra-1 sshd[2779]: Invalid user bill from 43.239.121.134 port 10165","@timestamp":"2022-09-12T10:55:23.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:55:36 honeypot-ams-1 sshd[12459]: Received disconnect from 61.177.173.52 port 55830:11:  [preauth]","@timestamp":"2022-09-12T10:55:37.651Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:58:35 honeypot-ams-1 kernel: [83856900.039065] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58450 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:58:35.728Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:03:44 honeypot-ams-1 kernel: [83857208.754870] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=32932 PROTO=TCP SPT=59648 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:03:44.869Z"}
{"@timestamp":"2022-09-12T11:06:06.140Z","@version":"1","message":"Sep 12 11:06:05 honeypot-sgp-1 kernel: [83856877.600315] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=61017 DF PROTO=TCP SPT=50149 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:08:04 honeypot-fra-1 sshd[2783]: Disconnected from invalid user lukasz 192.241.157.126 port 43442 [preauth]","@timestamp":"2022-09-12T11:08:05.281Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:12:52 honeypot-ams-1 sshd[12480]: Disconnected from 61.177.172.124 port 50180 [preauth]","@timestamp":"2022-09-12T11:12:52.103Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:14:23 honeypot-fra-1 sshd[2790]: Invalid user kf from 165.22.45.108 port 51942","@timestamp":"2022-09-12T11:14:24.429Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:18 honeypot-ams-1 sshd[12487]: Invalid user user from 45.61.186.169 port 40310","@timestamp":"2022-09-12T11:15:19.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:36 honeypot-ams-1 sshd[12491]: Invalid user user from 45.61.186.169 port 35788","@timestamp":"2022-09-12T11:15:36.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:15:43 honeypot-fra-1 sshd[2794]: Received disconnect from 200.70.56.203 port 34522:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:15:43.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:52 honeypot-ams-1 sshd[12495]: Invalid user user from 45.61.186.169 port 59500","@timestamp":"2022-09-12T11:15:53.186Z"}
{"@timestamp":"2022-09-12T11:17:01.408Z","@version":"1","message":"Sep 12 11:17:01 honeypot-sgp-1 CRON[7970]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:17:01 honeypot-fra-1 CRON[2800]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T11:17:01.496Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:17:01 honeypot-ams-1 CRON[12499]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T11:17:02.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:05 honeypot-ams-1 sshd[12507]: Disconnected from authenticating user root 92.255.85.69 port 63830 [preauth]","@timestamp":"2022-09-12T11:19:06.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:19:19 honeypot-fra-1 sshd[2807]: Invalid user admin from 148.153.82.141 port 45842","@timestamp":"2022-09-12T11:19:19.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:40 honeypot-ams-1 sshd[12513]: Connection closed by invalid user User 179.60.147.69 port 5772 [preauth]","@timestamp":"2022-09-12T11:19:41.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:25:52 honeypot-fra-1 kernel: [83856379.710391] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=177.209.97.254 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=61490 DF PROTO=TCP SPT=59214 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:25:52.695Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:27:34 honeypot-ams-1 kernel: [83858638.930196] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=1.58.29.147 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=33402 DF PROTO=TCP SPT=48696 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:27:34.494Z"}
{"@timestamp":"2022-09-12T11:30:26.731Z","@version":"1","message":"Sep 12 11:30:25 honeypot-sgp-1 sshd[7977]: Invalid user raianef from 197.5.145.93 port 53545","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T11:30:33.735Z","@version":"1","message":"Sep 12 11:30:33 honeypot-sgp-1 sshd[7981]: Connection closed by invalid user admin 178.128.125.205 port 59466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:33:00 honeypot-fra-1 sshd[2816]: Disconnected from invalid user admin 185.17.229.65 port 34102 [preauth]","@timestamp":"2022-09-12T11:33:01.860Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:33:43 honeypot-ams-1 sshd[12595]: Received disconnect from 143.244.158.100 port 49022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:33:43.652Z"}
{"@timestamp":"2022-09-12T11:34:26.829Z","@version":"1","message":"Sep 12 11:34:25 honeypot-sgp-1 sshd[7988]: Received disconnect from 82.66.71.202 port 49134:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:35:32 honeypot-ams-1 sshd[12600]: Disconnected from authenticating user root 143.244.158.100 port 42100 [preauth]","@timestamp":"2022-09-12T11:35:33.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:37:25 honeypot-ams-1 sshd[12606]: Connection closed by invalid user user 103.188.176.251 port 41956 [preauth]","@timestamp":"2022-09-12T11:37:26.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:38:11 honeypot-fra-1 sshd[2822]: Received disconnect from 94.75.123.43 port 58938:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:38:11.980Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:39:03 honeypot-ams-1 sshd[12612]: Received disconnect from 143.244.158.100 port 55962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:39:04.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:39:33 honeypot-fra-1 sshd[2827]: Disconnected from authenticating user root 92.255.85.69 port 19692 [preauth]","@timestamp":"2022-09-12T11:39:34.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:39:53 honeypot-ams-1 sshd[12616]: Disconnected from authenticating user root 143.244.158.100 port 51556 [preauth]","@timestamp":"2022-09-12T11:39:53.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:41:32 honeypot-ams-1 sshd[12625]: Received disconnect from 143.244.158.100 port 36254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:41:32.889Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:41:56 honeypot-fra-1 kernel: [83857344.015128] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=49985 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:41:57.073Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:43:14 honeypot-ams-1 sshd[12631]: Received disconnect from 143.244.158.100 port 37178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:43:14.935Z"}
{"@timestamp":"2022-09-12T11:45:19.089Z","@version":"1","message":"Sep 12 11:45:19 honeypot-sgp-1 sshd[7994]: Did not receive identification string from 152.32.157.116 port 39470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:45:40 honeypot-ams-1 sshd[12639]: Invalid user userPgfF2xN52xEUobF0P3__wasadmin from 193.106.191.157 port 53260","@timestamp":"2022-09-12T11:45:41.000Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:47:34 honeypot-ams-1 kernel: [83859839.473126] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=24656 DF PROTO=TCP SPT=57744 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T11:47:35.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:49:23 honeypot-ams-1 sshd[12650]: Received disconnect from 143.244.158.100 port 51910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:49:24.102Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:50:58 honeypot-ams-1 kernel: [83860042.952033] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.112.53.41 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=46431 PROTO=TCP SPT=57053 DPT=443 WINDOW=63216 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:50:59.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:52:54 honeypot-ams-1 sshd[12661]: Disconnected from authenticating user root 143.244.158.100 port 36220 [preauth]","@timestamp":"2022-09-12T11:52:55.199Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:54:39 honeypot-ams-1 sshd[12669]: Disconnected from authenticating user root 143.244.158.100 port 41978 [preauth]","@timestamp":"2022-09-12T11:54:40.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:55:54 honeypot-fra-1 sshd[2837]: Received disconnect from 178.62.90.145 port 55236:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:55:55.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:56:19 honeypot-ams-1 sshd[12678]: Disconnected from authenticating user root 143.244.158.100 port 48620 [preauth]","@timestamp":"2022-09-12T11:56:19.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:58:56 honeypot-ams-1 sshd[12688]: Disconnected from authenticating user root 143.244.158.100 port 36412 [preauth]","@timestamp":"2022-09-12T11:58:57.361Z"}
{"@timestamp":"2022-09-12T11:58:58.422Z","@version":"1","message":"Sep 12 11:58:57 honeypot-sgp-1 kernel: [83860049.510526] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=14929 PROTO=TCP SPT=43658 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:59:23 honeypot-fra-1 sshd[2841]: Disconnected from authenticating user root 179.107.34.178 port 56220 [preauth]","@timestamp":"2022-09-12T11:59:23.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:01:14 honeypot-ams-1 kernel: [83860658.778137] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=65340 PROTO=TCP SPT=63536 DPT=80 WINDOW=8136 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:01:14.424Z"}
{"@timestamp":"2022-09-12T12:02:12.505Z","@version":"1","message":"Sep 12 12:02:12 honeypot-sgp-1 kernel: [83860243.881027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=9842 DF PROTO=TCP SPT=45558 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:02:46 honeypot-ams-1 kernel: [83860750.872883] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=105.112.83.93 DST=178.62.254.91 LEN=40 TOS=0x10 PREC=0x20 TTL=243 ID=52425 DF PROTO=TCP SPT=53933 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:02:46.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:02:53 honeypot-fra-1 sshd[2848]: Received disconnect from 92.255.85.70 port 22272:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:02:54.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:04:36 honeypot-fra-1 kernel: [83858703.966729] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=13002 DF PROTO=TCP SPT=54052 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:04:37.617Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:04:44 honeypot-ams-1 sshd[12703]: Disconnected from authenticating user root 143.244.158.100 port 56686 [preauth]","@timestamp":"2022-09-12T12:04:44.520Z"}
{"@timestamp":"2022-09-12T12:05:08.580Z","@version":"1","message":"Sep 12 12:05:08 honeypot-sgp-1 sshd[8005]: Connection closed by authenticating user root 103.188.176.251 port 35072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:06:38 honeypot-ams-1 sshd[12712]: Disconnected from authenticating user root 143.244.158.100 port 42814 [preauth]","@timestamp":"2022-09-12T12:06:39.573Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:08:07 honeypot-ams-1 kernel: [83861072.453002] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57142 DF PROTO=TCP SPT=51402 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:08:08.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:09:10 honeypot-ams-1 sshd[12720]: Received disconnect from 143.244.158.100 port 33944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:09:11.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:11:05 honeypot-ams-1 sshd[12726]: Received disconnect from 143.244.158.100 port 39996:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:11:06.699Z"}
{"@timestamp":"2022-09-12T12:12:26.762Z","@version":"1","message":"Sep 12 12:12:26 honeypot-sgp-1 kernel: [83860857.682745] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=113 ID=65156 PROTO=TCP SPT=16847 DPT=80 WINDOW=54788 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:12:51 honeypot-ams-1 sshd[12731]: Disconnected from authenticating user root 143.244.158.100 port 38284 [preauth]","@timestamp":"2022-09-12T12:12:51.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:15:22 honeypot-ams-1 sshd[12738]: Disconnected from authenticating user root 143.244.158.100 port 44566 [preauth]","@timestamp":"2022-09-12T12:15:23.815Z"}
{"@timestamp":"2022-09-12T12:16:03.851Z","@version":"1","message":"Sep 12 12:16:03 honeypot-sgp-1 sshd[8013]: Received disconnect from 45.119.85.97 port 54308:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:17:00 honeypot-ams-1 sshd[12745]: Received disconnect from 143.244.158.100 port 39772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:17:00.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:17:50 honeypot-ams-1 sshd[12753]: Received disconnect from 143.244.158.100 port 51082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:17:50.886Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:25 honeypot-fra-1 sshd[2855]: Did not receive identification string from 45.61.186.49 port 34234","@timestamp":"2022-09-12T12:18:26.934Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:50 honeypot-fra-1 sshd[2858]: Disconnected from invalid user user 45.61.186.49 port 46516 [preauth]","@timestamp":"2022-09-12T12:18:50.946Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:59 honeypot-fra-1 sshd[2862]: Disconnected from invalid user user 45.61.186.49 port 58224 [preauth]","@timestamp":"2022-09-12T12:18:59.949Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:20:25 honeypot-ams-1 sshd[12759]: Received disconnect from 143.244.158.100 port 60988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:20:25.954Z"}
{"@timestamp":"2022-09-12T12:23:35.037Z","@version":"1","message":"Sep 12 12:23:34 honeypot-sgp-1 sshd[8021]: Received disconnect from 92.255.85.69 port 49594:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:25:02 honeypot-fra-1 sshd[2865]: Disconnected from invalid user blue 103.47.184.2 port 35482 [preauth]","@timestamp":"2022-09-12T12:25:03.089Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:25:15 honeypot-ams-1 kernel: [83862100.548129] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.213.149.103 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=106 ID=5386 DF PROTO=TCP SPT=53322 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:25:16.087Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:27:37 honeypot-fra-1 sshd[2871]: Received disconnect from 178.62.199.240 port 37448:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:27:38.150Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:28:59 honeypot-ams-1 sshd[12770]: Connection closed by invalid user support 185.216.128.124 port 45598 [preauth]","@timestamp":"2022-09-12T12:28:59.187Z"}
{"@timestamp":"2022-09-12T12:33:07.264Z","@version":"1","message":"Sep 12 12:33:06 honeypot-sgp-1 kernel: [83862098.360780] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=7224 PROTO=TCP SPT=60000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:33:52 honeypot-ams-1 sshd[12775]: Disconnected from authenticating user root 61.177.173.37 port 26587 [preauth]","@timestamp":"2022-09-12T12:33:53.315Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:37:01 honeypot-fra-1 kernel: [83860647.979142] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.135 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=35383 PROTO=TCP SPT=42065 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:37:01.367Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:41:51 honeypot-ams-1 sshd[12786]: Received disconnect from 45.61.184.204 port 43372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:41:51.519Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:12 honeypot-ams-1 sshd[12790]: Received disconnect from 45.61.184.204 port 39754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:42:12.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:30 honeypot-ams-1 sshd[12794]: Received disconnect from 45.61.184.204 port 36130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:42:31.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:46:23 honeypot-ams-1 sshd[12801]: Disconnected from authenticating user root 61.177.173.36 port 63543 [preauth]","@timestamp":"2022-09-12T12:46:24.640Z"}
{"@timestamp":"2022-09-12T12:47:17.612Z","@version":"1","message":"Sep 12 12:47:17 honeypot-sgp-1 kernel: [83862948.685938] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=43823 DF PROTO=TCP SPT=65503 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:39 honeypot-fra-1 sshd[2890]: Invalid user admin from 52.66.15.94 port 52372","@timestamp":"2022-09-12T12:47:39.616Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2896]: Invalid user cloud from 52.66.15.94 port 52474","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:48:29 honeypot-fra-1 kernel: [83861336.738307] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14318 PROTO=TCP SPT=46444 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:48:30.637Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T12:49:16.665Z","@version":"1","message":"Sep 12 12:49:16 honeypot-sgp-1 kernel: [83863067.933829] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.120.216.120 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13275 PROTO=TCP SPT=40504 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:50:06 honeypot-ams-1 kernel: [83863591.439160] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=64607 DF PROTO=TCP SPT=51306 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T12:50:07.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:52:14 honeypot-ams-1 sshd[12808]: Disconnected from authenticating user root 92.255.85.69 port 58262 [preauth]","@timestamp":"2022-09-12T12:52:14.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:53:42 honeypot-fra-1 sshd[2909]: Disconnected from invalid user test 200.105.183.118 port 37666 [preauth]","@timestamp":"2022-09-12T12:53:42.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:57:11 honeypot-fra-1 sshd[2913]: Disconnected from invalid user admin 137.184.219.69 port 42642 [preauth]","@timestamp":"2022-09-12T12:57:11.841Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:57:25 honeypot-ams-1 kernel: [83864030.191720] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=13678 DF PROTO=TCP SPT=65285 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T12:57:25.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:00:54 honeypot-fra-1 sshd[2918]: Disconnected from invalid user khjin 165.22.45.108 port 38818 [preauth]","@timestamp":"2022-09-12T13:00:55.929Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:03:43 honeypot-ams-1 kernel: [83864407.726388] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=56550 DF PROTO=TCP SPT=52795 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T13:03:43.103Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:37 honeypot-fra-1 sshd[2924]: Received disconnect from 45.61.186.169 port 53004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:05:38.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:49 honeypot-fra-1 sshd[2928]: Disconnected from authenticating user root 128.199.138.145 port 48516 [preauth]","@timestamp":"2022-09-12T13:05:50.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:04 honeypot-fra-1 sshd[2932]: Disconnected from invalid user user 45.61.186.169 port 59768 [preauth]","@timestamp":"2022-09-12T13:06:05.051Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:21 honeypot-fra-1 sshd[2936]: Disconnected from invalid user user 45.61.186.169 port 54814 [preauth]","@timestamp":"2022-09-12T13:06:22.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:07:55 honeypot-ams-1 kernel: [83864659.705505] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=25878 PROTO=TCP SPT=52181 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:07:55.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:46 honeypot-fra-1 sshd[2944]: Invalid user user from 45.61.184.204 port 46884","@timestamp":"2022-09-12T13:09:47.142Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:56 honeypot-fra-1 sshd[2946]: Received disconnect from 45.61.184.204 port 58712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:09:57.147Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:10:06.200Z","@version":"1","message":"Sep 12 13:10:06 honeypot-sgp-1 sshd[8042]: Disconnected from authenticating user root 93.67.138.66 port 56454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:14 honeypot-fra-1 sshd[2951]: Received disconnect from 45.61.184.204 port 54126:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:10:15.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:32 honeypot-fra-1 sshd[2955]: Received disconnect from 45.61.184.204 port 49530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:10:33.165Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:11:00.225Z","@version":"1","message":"Sep 12 13:10:59 honeypot-sgp-1 sshd[8046]: Disconnected from authenticating user root 92.255.85.70 port 46776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:14:16 honeypot-fra-1 kernel: [83862883.549982] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.188.232.216 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=15533 PROTO=TCP SPT=59359 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:14:17.249Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:16:15 honeypot-ams-1 sshd[12841]: Received disconnect from 92.255.85.70 port 43010:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:16:16.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:16:37 honeypot-fra-1 kernel: [83863024.288056] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.105 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=60553 PROTO=TCP SPT=2851 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:16:38.306Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T13:17:53.395Z","@version":"1","message":"Sep 12 13:17:53 honeypot-sgp-1 sshd[8054]: Disconnected from invalid user user 45.61.184.204 port 48362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:13.406Z","@version":"1","message":"Sep 12 13:18:13 honeypot-sgp-1 sshd[8058]: Received disconnect from 45.61.184.204 port 43240:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:32.415Z","@version":"1","message":"Sep 12 13:18:31 honeypot-sgp-1 sshd[8062]: Invalid user user from 45.61.184.204 port 38100","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:41.420Z","@version":"1","message":"Sep 12 13:18:41 honeypot-sgp-1 sshd[8064]: Received disconnect from 45.61.184.204 port 49660:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:19:00 honeypot-fra-1 sshd[2969]: Invalid user guest from 193.106.191.157 port 59940","@timestamp":"2022-09-12T13:19:01.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:20:37 honeypot-fra-1 sshd[2971]: Invalid user user from 167.99.220.160 port 52350","@timestamp":"2022-09-12T13:20:37.403Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:22:47 honeypot-ams-1 sshd[12849]: Disconnected from authenticating user root 61.177.173.47 port 61568 [preauth]","@timestamp":"2022-09-12T13:22:48.599Z"}
{"@timestamp":"2022-09-12T13:25:41.587Z","@version":"1","message":"Sep 12 13:25:41 honeypot-sgp-1 sshd[8069]: Disconnected from authenticating user root 103.55.38.26 port 52770 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:28:25.656Z","@version":"1","message":"Sep 12 13:28:25 honeypot-sgp-1 sshd[8075]: Received disconnect from 157.245.122.58 port 56698:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:28:52 honeypot-fra-1 sshd[2978]: Invalid user administrator from 140.86.39.162 port 11559","@timestamp":"2022-09-12T13:28:53.592Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:30:17.702Z","@version":"1","message":"Sep 12 13:30:17 honeypot-sgp-1 sshd[8079]: Received disconnect from 157.245.122.58 port 55538:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:31:12.728Z","@version":"1","message":"Sep 12 13:31:11 honeypot-sgp-1 sshd[8082]: Received disconnect from 157.245.122.58 port 40848:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:15 honeypot-fra-1 sshd[2981]: Disconnected from invalid user user 45.61.184.204 port 44390 [preauth]","@timestamp":"2022-09-12T13:31:15.645Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:34 honeypot-fra-1 sshd[2985]: Disconnected from invalid user user 45.61.184.204 port 39654 [preauth]","@timestamp":"2022-09-12T13:31:35.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:52 honeypot-fra-1 sshd[2989]: Disconnected from invalid user user 45.61.184.204 port 34920 [preauth]","@timestamp":"2022-09-12T13:31:53.664Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:32:04.755Z","@version":"1","message":"Sep 12 13:32:03 honeypot-sgp-1 sshd[8086]: Disconnected from invalid user jonitwiso 157.245.122.58 port 54374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:32:09 honeypot-fra-1 sshd[2993]: Disconnected from invalid user user 45.61.184.204 port 58430 [preauth]","@timestamp":"2022-09-12T13:32:09.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:33:30.792Z","@version":"1","message":"Sep 12 13:33:30 honeypot-sgp-1 sshd[8090]: Disconnected from invalid user syretta 138.197.19.166 port 54330 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:34:14 honeypot-ams-1 sshd[12859]: Connection closed by invalid user User 179.60.147.69 port 27036 [preauth]","@timestamp":"2022-09-12T13:34:14.889Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:35:53 honeypot-fra-1 sshd[2998]: Disconnected from invalid user khlee 165.22.45.108 port 43814 [preauth]","@timestamp":"2022-09-12T13:35:53.758Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:36:51.877Z","@version":"1","message":"Sep 12 13:36:51 honeypot-sgp-1 sshd[8097]: Received disconnect from 43.153.54.89 port 49590:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:37:11 honeypot-ams-1 sshd[12866]: Disconnected from invalid user aoseko 165.227.204.174 port 50884 [preauth]","@timestamp":"2022-09-12T13:37:11.968Z"}
{"@timestamp":"2022-09-12T13:37:41.901Z","@version":"1","message":"Sep 12 13:37:41 honeypot-sgp-1 sshd[8100]: Disconnected from invalid user user 45.61.186.249 port 40974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:37:59.910Z","@version":"1","message":"Sep 12 13:37:59 honeypot-sgp-1 sshd[8104]: Disconnected from invalid user user 45.61.186.249 port 36010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:04 honeypot-fra-1 sshd[3003]: Disconnected from invalid user user 141.255.162.226 port 44808 [preauth]","@timestamp":"2022-09-12T13:38:05.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:06 honeypot-fra-1 sshd[3007]: Disconnected from invalid user user 141.255.162.226 port 37366 [preauth]","@timestamp":"2022-09-12T13:38:06.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:10 honeypot-fra-1 sshd[3011]: Disconnected from invalid user user 141.255.162.226 port 51226 [preauth]","@timestamp":"2022-09-12T13:38:10.813Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:17.920Z","@version":"1","message":"Sep 12 13:38:17 honeypot-sgp-1 sshd[8108]: Disconnected from invalid user user 45.61.186.249 port 59304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:38:33.928Z","@version":"1","message":"Sep 12 13:38:33 honeypot-sgp-1 sshd[8112]: Disconnected from invalid user user 45.61.186.249 port 54358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:39:36 honeypot-ams-1 kernel: [83866560.721213] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=696 DF PROTO=TCP SPT=60968 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T13:39:37.036Z"}
{"@timestamp":"2022-09-12T13:40:16.974Z","@version":"1","message":"Sep 12 13:40:16 honeypot-sgp-1 sshd[8116]: Disconnected from 206.189.197.134 port 38490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:40:44 honeypot-ams-1 sshd[12878]: Received disconnect from 188.38.99.232 port 34082:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:40:45.071Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:43:08 honeypot-fra-1 sshd[3016]: Invalid user User from 179.60.147.69 port 46772","@timestamp":"2022-09-12T13:43:08.937Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:15 honeypot-ams-1 sshd[12886]: Invalid user user from 141.255.162.226 port 58738","@timestamp":"2022-09-12T13:46:16.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:18 honeypot-ams-1 sshd[12890]: Invalid user user from 141.255.162.226 port 44746","@timestamp":"2022-09-12T13:46:18.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:19 honeypot-ams-1 sshd[12894]: Invalid user user from 141.255.162.226 port 58988","@timestamp":"2022-09-12T13:46:20.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:47:54 honeypot-fra-1 kernel: [83864900.767578] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=64384 PROTO=TCP SPT=50419 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:47:54.046Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:50:20 honeypot-ams-1 sshd[12898]: Disconnected from authenticating user root 61.177.173.46 port 28239 [preauth]","@timestamp":"2022-09-12T13:50:20.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:51:30 honeypot-fra-1 kernel: [83865117.551611] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=108.53.152.118 DST=165.22.82.222 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=40745 DF PROTO=TCP SPT=41988 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:51:31.130Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:57:10 honeypot-ams-1 kernel: [83867614.994994] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=34084 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:57:10.510Z"}
{"@timestamp":"2022-09-12T13:58:36.425Z","@version":"1","message":"Sep 12 13:58:36 honeypot-sgp-1 sshd[8120]: Received disconnect from 92.255.85.69 port 40090:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:00:36 honeypot-fra-1 sshd[3031]: Invalid user admin from 141.98.10.158 port 35492","@timestamp":"2022-09-12T14:00:37.332Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:03:15.541Z","@version":"1","message":"Sep 12 14:03:15 honeypot-sgp-1 sshd[8125]: Disconnected from authenticating user root 85.113.58.161 port 42862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:04:00 honeypot-ams-1 sshd[12911]: Received disconnect from 92.255.85.70 port 33658:11: Bye Bye [preauth]","@timestamp":"2022-09-12T14:04:00.687Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:09:21 honeypot-ams-1 kernel: [83868345.990288] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.219.89.138 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=16306 DF PROTO=TCP SPT=58356 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:09:21.832Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:09:32 honeypot-fra-1 kernel: [83866199.114111] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=43857 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:09:32.536Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:11:12 honeypot-ams-1 sshd[12924]: Received disconnect from 104.248.138.141 port 39246:11: Bye Bye [preauth]","@timestamp":"2022-09-12T14:11:12.884Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:12:48 honeypot-fra-1 sshd[3041]: Connection closed by invalid user admin 193.106.191.157 port 37930 [preauth]","@timestamp":"2022-09-12T14:12:48.629Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:13:15.788Z","@version":"1","message":"Sep 12 14:13:15 honeypot-sgp-1 kernel: [83868107.109727] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23508 PROTO=TCP SPT=17850 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:20:12 honeypot-fra-1 kernel: [83866838.678670] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.207.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58466 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:20:12.797Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:20:25 honeypot-ams-1 sshd[12934]: Received disconnect from 61.177.173.35 port 63819:11:  [preauth]","@timestamp":"2022-09-12T14:20:26.116Z"}
{"@timestamp":"2022-09-12T14:20:40.977Z","@version":"1","message":"Sep 12 14:20:40 honeypot-sgp-1 sshd[8136]: Did not receive identification string from 128.199.96.88 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:27:24 honeypot-ams-1 sshd[12939]: Disconnected from authenticating user root 92.255.85.69 port 39848 [preauth]","@timestamp":"2022-09-12T14:27:25.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:32:01 honeypot-ams-1 sshd[12948]: Received disconnect from 61.177.173.47 port 12112:11:  [preauth]","@timestamp":"2022-09-12T14:32:01.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:36:03 honeypot-fra-1 sshd[3056]: Connection closed by invalid user admin 193.106.191.157 port 38100 [preauth]","@timestamp":"2022-09-12T14:36:04.149Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:38:54.441Z","@version":"1","message":"Sep 12 14:38:53 honeypot-sgp-1 kernel: [83869645.426592] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15212 PROTO=TCP SPT=54855 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:39:03 honeypot-ams-1 kernel: [83870127.656394] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=34859 PROTO=TCP SPT=47400 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:39:03.634Z"}
{"@timestamp":"2022-09-12T14:42:56.549Z","@version":"1","message":"Sep 12 14:42:56 honeypot-sgp-1 sshd[8150]: Received disconnect from 45.61.187.160 port 56070:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:04 honeypot-fra-1 sshd[3062]: Received disconnect from 45.61.187.160 port 39708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:43:05.306Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:18.560Z","@version":"1","message":"Sep 12 14:43:18 honeypot-sgp-1 sshd[8154]: Received disconnect from 45.61.187.160 port 51116:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:27 honeypot-fra-1 sshd[3066]: Received disconnect from 45.61.187.160 port 34752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:43:27.318Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:40.571Z","@version":"1","message":"Sep 12 14:43:39 honeypot-sgp-1 sshd[8159]: Received disconnect from 45.61.187.160 port 46156:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:48 honeypot-fra-1 sshd[3070]: Received disconnect from 45.61.187.160 port 58050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:43:48.327Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:44:00.581Z","@version":"1","message":"Sep 12 14:44:00 honeypot-sgp-1 sshd[8164]: Received disconnect from 45.61.187.160 port 41200:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:44:10 honeypot-fra-1 sshd[3074]: Received disconnect from 45.61.187.160 port 53068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:44:10.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:47:24 honeypot-fra-1 sshd[3078]: Disconnected from authenticating user root 92.255.85.70 port 63076 [preauth]","@timestamp":"2022-09-12T14:47:24.412Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:47:44 honeypot-ams-1 kernel: [83870649.260362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.232.45.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=26105 PROTO=TCP SPT=53299 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:47:44.883Z"}
{"@timestamp":"2022-09-12T14:48:27.694Z","@version":"1","message":"Sep 12 14:48:27 honeypot-sgp-1 sshd[8168]: Connection closed by invalid user guest 60.251.216.27 port 56537 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:50:20.746Z","@version":"1","message":"Sep 12 14:50:20 honeypot-sgp-1 sshd[8175]: Received disconnect from 89.97.218.142 port 39006:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:54:53 honeypot-ams-1 sshd[12966]: Disconnected from authenticating user root 61.177.173.36 port 26515 [preauth]","@timestamp":"2022-09-12T14:54:53.069Z"}
{"@timestamp":"2022-09-12T14:57:47.933Z","@version":"1","message":"Sep 12 14:57:47 honeypot-sgp-1 sshd[8180]: Did not receive identification string from 45.61.186.49 port 60822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:06.944Z","@version":"1","message":"Sep 12 14:58:05 honeypot-sgp-1 sshd[8183]: Disconnected from invalid user user 45.61.186.49 port 56198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:16.949Z","@version":"1","message":"Sep 12 14:58:16 honeypot-sgp-1 sshd[8187]: Disconnected from invalid user user 45.61.186.49 port 39758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:05:19 honeypot-fra-1 sshd[3084]: Connection closed by invalid user admin 59.26.145.206 port 46251 [preauth]","@timestamp":"2022-09-12T15:05:19.821Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:08:06.199Z","@version":"1","message":"Sep 12 15:08:05 honeypot-sgp-1 sshd[8190]: Disconnected from authenticating user root 92.255.85.70 port 61982 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T15:08:56.242Z","@version":"1","message":"Sep 12 15:08:55 honeypot-sgp-1 sshd[8195]: Disconnected from invalid user rochester 183.88.15.191 port 53080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:09:56 honeypot-ams-1 kernel: [83871980.901131] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58646 PROTO=TCP SPT=54803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:09:56.451Z"}
{"@timestamp":"2022-09-12T15:13:46.369Z","@version":"1","message":"Sep 12 15:13:45 honeypot-sgp-1 sshd[8199]: Received disconnect from 62.202.41.155 port 50118:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:17 honeypot-ams-1 sshd[12982]: Disconnected from authenticating user root 61.177.173.37 port 42238 [preauth]","@timestamp":"2022-09-12T15:15:17.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:49 honeypot-ams-1 sshd[12986]: Disconnected from invalid user user 45.61.187.160 port 54066 [preauth]","@timestamp":"2022-09-12T15:15:50.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:08 honeypot-ams-1 sshd[12992]: Invalid user user from 45.61.187.160 port 48736","@timestamp":"2022-09-12T15:16:08.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:26 honeypot-ams-1 sshd[12996]: Invalid user user from 45.61.187.160 port 43466","@timestamp":"2022-09-12T15:16:26.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:17:01 honeypot-ams-1 CRON[13000]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T15:17:01.642Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:17:01 honeypot-fra-1 CRON[3090]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T15:17:02.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:19:00.506Z","@version":"1","message":"Sep 12 15:18:59 honeypot-sgp-1 sshd[8205]: Invalid user User from 179.60.147.69 port 36446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:22:05 honeypot-ams-1 sshd[13008]: Connection closed by invalid user User 179.60.147.69 port 17784 [preauth]","@timestamp":"2022-09-12T15:22:05.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:23:40 honeypot-fra-1 kernel: [83870647.286259] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.89.174.147 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=28503 PROTO=TCP SPT=61953 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:23:41.247Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T15:24:47.651Z","@version":"1","message":"Sep 12 15:24:46 honeypot-sgp-1 sshd[8210]: Disconnected from authenticating user root 96.84.149.98 port 45268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:29 honeypot-fra-1 sshd[3102]: Invalid user user from 198.98.61.9 port 37642","@timestamp":"2022-09-12T15:27:30.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:46 honeypot-fra-1 sshd[3106]: Invalid user user from 198.98.61.9 port 32806","@timestamp":"2022-09-12T15:27:46.344Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:55 honeypot-fra-1 sshd[3108]: Disconnected from invalid user user 198.98.61.9 port 44492 [preauth]","@timestamp":"2022-09-12T15:27:56.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:28:15 honeypot-fra-1 sshd[3112]: Disconnected from invalid user user 198.98.61.9 port 39664 [preauth]","@timestamp":"2022-09-12T15:28:16.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:34:20 honeypot-fra-1 sshd[3119]: Did not receive identification string from 128.199.96.88 port 61000","@timestamp":"2022-09-12T15:34:20.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:35:20 honeypot-ams-1 kernel: [83873505.410123] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=43842 PROTO=TCP SPT=47403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:35:21.117Z"}
{"@timestamp":"2022-09-12T15:36:36.939Z","@version":"1","message":"Sep 12 15:36:36 honeypot-sgp-1 sshd[8654]: Invalid user rubby12345 from 92.205.18.60 port 41176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:38 honeypot-fra-1 sshd[3124]: Disconnected from invalid user user 45.61.186.49 port 33904 [preauth]","@timestamp":"2022-09-12T15:36:38.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:51 honeypot-fra-1 sshd[3128]: Disconnected from invalid user user 45.61.186.49 port 45308 [preauth]","@timestamp":"2022-09-12T15:36:52.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:06 honeypot-ams-1 sshd[13024]: Received disconnect from 45.61.184.204 port 49262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:37:06.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:26 honeypot-ams-1 sshd[13028]: Received disconnect from 45.61.184.204 port 44980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:37:26.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:44 honeypot-ams-1 sshd[13032]: Received disconnect from 45.61.184.204 port 40700:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:37:45.194Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:38:04 honeypot-ams-1 sshd[13039]: Invalid user user from 45.61.184.204 port 36412","@timestamp":"2022-09-12T15:38:05.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:40:41 honeypot-ams-1 sshd[13041]: Connection closed by invalid user yueyiran 137.116.144.39 port 40346 [preauth]","@timestamp":"2022-09-12T15:40:42.275Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:45:51 honeypot-ams-1 sshd[13047]: Disconnected from authenticating user root 61.177.173.51 port 28890 [preauth]","@timestamp":"2022-09-12T15:45:52.410Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:45:56 honeypot-fra-1 sshd[3133]: Invalid user pirkka from 218.146.103.48 port 52594","@timestamp":"2022-09-12T15:45:56.785Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:12 honeypot-ams-1 sshd[13053]: Disconnected from invalid user user 45.61.187.160 port 56028 [preauth]","@timestamp":"2022-09-12T15:46:12.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:30 honeypot-ams-1 sshd[13057]: Disconnected from invalid user user 45.61.187.160 port 50594 [preauth]","@timestamp":"2022-09-12T15:46:31.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:49 honeypot-ams-1 sshd[13061]: Disconnected from invalid user user 45.61.187.160 port 45160 [preauth]","@timestamp":"2022-09-12T15:46:49.441Z"}
{"@timestamp":"2022-09-12T15:47:19.199Z","@version":"1","message":"Sep 12 15:47:18 honeypot-sgp-1 kernel: [83873750.073828] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.141.36 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62441 PROTO=TCP SPT=21753 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:53:22 honeypot-ams-1 kernel: [83874586.638252] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=56770 PROTO=TCP SPT=12974 DPT=80 WINDOW=31470 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:53:22.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:56:36 honeypot-fra-1 sshd[3140]: Invalid user spen from 203.223.191.206 port 54350","@timestamp":"2022-09-12T15:56:37.027Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:58:26 honeypot-fra-1 sshd[3145]: Received disconnect from 92.255.85.70 port 55376:11: Bye Bye [preauth]","@timestamp":"2022-09-12T15:58:27.069Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:58:54.478Z","@version":"1","message":"Sep 12 15:58:53 honeypot-sgp-1 sshd[8665]: Received disconnect from 157.245.218.29 port 51234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:00:31 honeypot-ams-1 sshd[13075]: Received disconnect from 92.255.85.69 port 61222:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:00:31.798Z"}
{"@timestamp":"2022-09-12T16:06:53.677Z","@version":"1","message":"Sep 12 16:06:53 honeypot-sgp-1 sshd[8670]: Received disconnect from 138.68.178.64 port 41352:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:01 honeypot-fra-1 sshd[3152]: Did not receive identification string from 122.128.79.246 port 49146","@timestamp":"2022-09-12T16:08:02.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3156]: Invalid user mysql from 122.128.79.246 port 56358","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3169]: Invalid user esuser from 122.128.79.246 port 56394","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3161]: Invalid user ec2-user from 122.128.79.246 port 56372","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3165]: Invalid user test from 122.128.79.246 port 56348","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3162]: Connection closed by invalid user ubuntu 122.128.79.246 port 56390 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3174]: Connection closed by invalid user elastic 122.128.79.246 port 56318 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3163]: Connection closed by invalid user chia 122.128.79.246 port 56320 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3177]: Connection closed by invalid user mysql 122.128.79.246 port 56316 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3164]: Connection closed by invalid user es 122.128.79.246 port 56388 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:50 honeypot-fra-1 sshd[3213]: Did not receive identification string from 45.61.186.49 port 60972","@timestamp":"2022-09-12T16:08:51.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:05 honeypot-fra-1 sshd[3216]: Disconnected from invalid user user 45.61.186.49 port 37074 [preauth]","@timestamp":"2022-09-12T16:09:06.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:16 honeypot-fra-1 sshd[3220]: Disconnected from invalid user user 45.61.186.49 port 48748 [preauth]","@timestamp":"2022-09-12T16:09:16.318Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:12:16 honeypot-ams-1 sshd[13080]: Received disconnect from 146.190.227.169 port 47168:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:12:17.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:15:28 honeypot-ams-1 sshd[13085]: Disconnected from invalid user fujimoto 200.94.86.84 port 50141 [preauth]","@timestamp":"2022-09-12T16:15:29.183Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:18:23 honeypot-fra-1 sshd[3226]: Disconnected from authenticating user root 178.154.203.18 port 58342 [preauth]","@timestamp":"2022-09-12T16:18:23.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:19:06.999Z","@version":"1","message":"Sep 12 16:19:06 honeypot-sgp-1 sshd[8677]: Disconnected from authenticating user root 92.255.85.69 port 44604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:21:10 honeypot-fra-1 sshd[3229]: Disconnected from invalid user es 207.254.224.220 port 46114 [preauth]","@timestamp":"2022-09-12T16:21:11.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:22:26 honeypot-fra-1 sshd[3234]: Disconnected from authenticating user root 92.255.85.70 port 34230 [preauth]","@timestamp":"2022-09-12T16:22:26.635Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:22:49.092Z","@version":"1","message":"Sep 12 16:22:48 honeypot-sgp-1 sshd[8684]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.200.13 port 45562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3255]: Invalid user postgres from 1.13.177.251 port 47652","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3250]: Invalid user ftpuser from 1.13.177.251 port 47624","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3260]: Invalid user ubuntu from 1.13.177.251 port 47650","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3263]: Invalid user oracle from 1.13.177.251 port 47622","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3255]: Connection closed by invalid user postgres 1.13.177.251 port 47652 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3259]: Connection closed by authenticating user root 1.13.177.251 port 47696 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3247]: Connection closed by invalid user oracle 1.13.177.251 port 47620 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3262]: Connection closed by authenticating user root 1.13.177.251 port 47608 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:55 honeypot-fra-1 sshd[3295]: Connection closed by invalid user www 1.13.177.251 port 47670 [preauth]","@timestamp":"2022-09-12T16:23:55.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:24:22 honeypot-ams-1 sshd[13094]: Disconnected from authenticating user root 92.255.85.69 port 62350 [preauth]","@timestamp":"2022-09-12T16:24:23.411Z"}
{"@timestamp":"2022-09-12T16:26:48.189Z","@version":"1","message":"Sep 12 16:26:48 honeypot-sgp-1 sshd[8687]: Disconnected from authenticating user www-data 45.87.2.91 port 44370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:31:21.331Z","@version":"1","message":"Sep 12 16:31:21 honeypot-sgp-1 kernel: [83876392.541310] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.197.13 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46049 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:33:49.394Z","@version":"1","message":"Sep 12 16:33:49 honeypot-sgp-1 sshd[8697]: Received disconnect from 94.153.212.78 port 34938:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:34:32 honeypot-ams-1 sshd[13097]: Invalid user User from 179.60.147.69 port 46576","@timestamp":"2022-09-12T16:34:33.672Z"}
{"@timestamp":"2022-09-12T16:36:52.472Z","@version":"1","message":"Sep 12 16:36:51 honeypot-sgp-1 sshd[8703]: Invalid user bitnami from 51.83.131.123 port 42010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:37:43.494Z","@version":"1","message":"Sep 12 16:37:43 honeypot-sgp-1 sshd[8706]: Disconnected from invalid user frappe 195.19.105.13 port 40885 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:38:19 honeypot-fra-1 sshd[3744]: Received disconnect from 202.157.184.138 port 37978:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:38:19.987Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:41:46 honeypot-ams-1 sshd[13101]: Connection closed by invalid user devops 103.188.176.251 port 54738 [preauth]","@timestamp":"2022-09-12T16:41:46.861Z"}
{"@timestamp":"2022-09-12T16:41:47.593Z","@version":"1","message":"Sep 12 16:41:47 honeypot-sgp-1 sshd[8712]: Disconnected from invalid user ns 157.230.9.57 port 37774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:45:36 honeypot-fra-1 sshd[3750]: Received disconnect from 92.255.85.69 port 48296:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:45:37.150Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:48:38 honeypot-ams-1 sshd[13106]: Disconnected from invalid user postgres 68.183.177.69 port 37436 [preauth]","@timestamp":"2022-09-12T16:48:39.036Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:48:56 honeypot-fra-1 sshd[3759]: Invalid user  from 64.62.197.197 port 52304","@timestamp":"2022-09-12T16:48:56.251Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:49:02.785Z","@version":"1","message":"Sep 12 16:49:02 honeypot-sgp-1 sshd[8717]: Disconnected from authenticating user root 210.114.1.46 port 43900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:49:28 honeypot-ams-1 sshd[13108]: Disconnected from invalid user lucent01 107.173.159.85 port 40712 [preauth]","@timestamp":"2022-09-12T16:49:29.063Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:18 honeypot-ams-1 sshd[13113]: Received disconnect from 96.78.175.36 port 39536:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:51:19.117Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:51:20 honeypot-fra-1 kernel: [83875907.091534] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.204.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34503 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:51:21.309Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:52:06 honeypot-ams-1 sshd[13121]: Invalid user mambo from 34.75.26.147 port 35158","@timestamp":"2022-09-12T16:52:07.140Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:53:13 honeypot-fra-1 sshd[3767]: Disconnected from invalid user jmuser 190.129.60.186 port 53784 [preauth]","@timestamp":"2022-09-12T16:53:13.353Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:54:47 honeypot-ams-1 sshd[13126]: Invalid user admin from 185.231.245.42 port 36674","@timestamp":"2022-09-12T16:54:48.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:55:00 honeypot-fra-1 sshd[3774]: Did not receive identification string from 58.72.18.130 port 6534","@timestamp":"2022-09-12T16:55:00.396Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:55:53 honeypot-ams-1 sshd[13130]: Disconnected from authenticating user root 20.39.241.10 port 45764 [preauth]","@timestamp":"2022-09-12T16:55:54.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:57:47 honeypot-ams-1 sshd[13134]: Received disconnect from 220.117.14.191 port 64420:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:57:48.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:02:21 honeypot-ams-1 sshd[13139]: Disconnected from invalid user mo 68.183.52.2 port 34264 [preauth]","@timestamp":"2022-09-12T17:02:22.413Z"}
{"@timestamp":"2022-09-12T17:05:18.176Z","@version":"1","message":"Sep 12 17:05:17 honeypot-sgp-1 sshd[8723]: Invalid user User from 179.60.147.69 port 40602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:07:04 honeypot-ams-1 sshd[13146]: Connection closed by invalid user guest 131.161.184.19 port 52808 [preauth]","@timestamp":"2022-09-12T17:07:05.538Z"}
{"@timestamp":"2022-09-12T17:07:48.240Z","@version":"1","message":"Sep 12 17:07:47 honeypot-sgp-1 sshd[8729]: Received disconnect from 178.128.28.223 port 36554:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:08:03 honeypot-ams-1 sshd[13152]: Invalid user User from 179.60.147.69 port 48816","@timestamp":"2022-09-12T17:08:03.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:08:24 honeypot-fra-1 kernel: [83876931.165337] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.133 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56141 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:08:25.693Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T17:08:59.271Z","@version":"1","message":"Sep 12 17:08:59 honeypot-sgp-1 sshd[8733]: Invalid user admin from 103.150.125.189 port 59034","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:09:57 honeypot-fra-1 sshd[3786]: Invalid user ftp from 193.106.191.157 port 49938","@timestamp":"2022-09-12T17:09:57.733Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:11:45 honeypot-ams-1 sshd[13157]: Received disconnect from 92.255.85.70 port 34346:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:11:45.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:15:44 honeypot-fra-1 kernel: [83877371.242272] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.97.230.27 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=50079 PROTO=TCP SPT=42448 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:15:45.864Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T17:17:01.464Z","@version":"1","message":"Sep 12 17:17:01 honeypot-sgp-1 CRON[8739]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:17:01 honeypot-ams-1 CRON[13162]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T17:17:01.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:17:01 honeypot-fra-1 CRON[3796]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T17:17:01.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:20:32 honeypot-fra-1 sshd[3806]: Connection closed by 103.231.214.252 port 55195 [preauth]","@timestamp":"2022-09-12T17:20:33.979Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:20:40 honeypot-ams-1 sshd[13168]: Invalid user postgres from 112.65.128.90 port 42568","@timestamp":"2022-09-12T17:20:40.909Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:22:09 honeypot-ams-1 sshd[13170]: Disconnected from invalid user anu 165.227.167.225 port 50476 [preauth]","@timestamp":"2022-09-12T17:22:10.948Z"}
{"@timestamp":"2022-09-12T17:22:18.592Z","@version":"1","message":"Sep 12 17:22:18 honeypot-sgp-1 sshd[8743]: Invalid user nagios from 20.91.221.85 port 48836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:25:11.662Z","@version":"1","message":"Sep 12 17:25:11 honeypot-sgp-1 sshd[8748]: Invalid user apagar from 172.247.104.122 port 36852","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:25:14 honeypot-fra-1 sshd[3813]: Connection closed by 103.231.214.252 port 45949 [preauth]","@timestamp":"2022-09-12T17:25:15.089Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:25:47.680Z","@version":"1","message":"Sep 12 17:25:47 honeypot-sgp-1 sshd[8750]: Disconnected from invalid user fred 92.80.217.82 port 51154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:28:11 honeypot-fra-1 sshd[3820]: Invalid user shaker from 20.244.1.170 port 58752","@timestamp":"2022-09-12T17:28:12.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:28:16 honeypot-ams-1 sshd[13174]: Disconnected from invalid user admin 46.243.226.11 port 48488 [preauth]","@timestamp":"2022-09-12T17:28:17.107Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:28:21 honeypot-fra-1 sshd[3824]: Connection closed by 103.231.214.252 port 51386 [preauth]","@timestamp":"2022-09-12T17:28:22.165Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:30:30.796Z","@version":"1","message":"Sep 12 17:30:29 honeypot-sgp-1 sshd[8757]: Received disconnect from 43.134.197.174 port 33134:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:30:39 honeypot-ams-1 sshd[13179]: Received disconnect from 202.4.119.45 port 56676:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:30:40.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:31:50 honeypot-ams-1 sshd[13181]: Received disconnect from 108.171.92.54 port 58606:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:31:50.202Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:32:11 honeypot-fra-1 sshd[3835]: Received disconnect from 204.48.30.72 port 48862:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:32:12.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:32:37 honeypot-ams-1 sshd[13186]: Disconnected from invalid user alceu 159.65.77.254 port 57034 [preauth]","@timestamp":"2022-09-12T17:32:37.223Z"}
{"@timestamp":"2022-09-12T17:32:47.854Z","@version":"1","message":"Sep 12 17:32:47 honeypot-sgp-1 sshd[8762]: Invalid user user from 198.98.61.9 port 55246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:09.865Z","@version":"1","message":"Sep 12 17:33:09 honeypot-sgp-1 sshd[8766]: Invalid user user from 198.98.61.9 port 51372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:29.875Z","@version":"1","message":"Sep 12 17:33:29 honeypot-sgp-1 sshd[8770]: Invalid user user from 198.98.61.9 port 47538","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:33:52 honeypot-ams-1 sshd[13192]: Disconnected from authenticating user root 92.255.85.70 port 45118 [preauth]","@timestamp":"2022-09-12T17:33:53.259Z"}
{"@timestamp":"2022-09-12T17:35:34.927Z","@version":"1","message":"Sep 12 17:35:34 honeypot-sgp-1 kernel: [83880245.822567] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=20969 DF PROTO=TCP SPT=64518 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:36:16 honeypot-ams-1 sshd[13196]: Received disconnect from 51.83.132.19 port 33402:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:36:16.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:36:58 honeypot-ams-1 sshd[13198]: Disconnected from authenticating user root 41.73.252.229 port 52784 [preauth]","@timestamp":"2022-09-12T17:36:59.347Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:37:47 honeypot-fra-1 sshd[3848]: Received disconnect from 46.105.249.15 port 59526:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:37:47.384Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:41:17 honeypot-ams-1 sshd[13207]: Received disconnect from 2.36.249.18 port 36436:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:41:17.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:42:43 honeypot-fra-1 sshd[3858]: Received disconnect from 165.22.45.108 port 49558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:42:43.498Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:44:05.134Z","@version":"1","message":"Sep 12 17:44:04 honeypot-sgp-1 sshd[8778]: Invalid user sinus from 103.240.110.130 port 44716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:46:24.190Z","@version":"1","message":"Sep 12 17:46:23 honeypot-sgp-1 sshd[8782]: Disconnected from authenticating user root 61.93.240.18 port 41129 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:48:05 honeypot-fra-1 sshd[3869]: Invalid user webadmin from 51.254.101.166 port 59025","@timestamp":"2022-09-12T17:48:05.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:49:00 honeypot-fra-1 sshd[3875]: Received disconnect from 144.126.222.239 port 39932:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:49:00.644Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:50:10 honeypot-ams-1 sshd[13211]: Invalid user ismael from 165.227.118.41 port 52498","@timestamp":"2022-09-12T17:50:10.681Z"}
{"@timestamp":"2022-09-12T17:53:00.347Z","@version":"1","message":"Sep 12 17:52:59 honeypot-sgp-1 sshd[8789]: Received disconnect from 167.71.215.3 port 60716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:53:07 honeypot-fra-1 sshd[3884]: Received disconnect from 139.59.255.59 port 50610:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:53:07.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:54:56 honeypot-fra-1 sshd[3890]: Connection closed by 103.231.214.252 port 20403 [preauth]","@timestamp":"2022-09-12T17:54:56.784Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:55:52 honeypot-ams-1 sshd[13214]: Did not receive identification string from 45.61.184.204 port 44166","@timestamp":"2022-09-12T17:55:52.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:19 honeypot-ams-1 sshd[13217]: Disconnected from invalid user user 45.61.184.204 port 60346 [preauth]","@timestamp":"2022-09-12T17:56:19.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:37 honeypot-ams-1 sshd[13221]: Disconnected from invalid user user 45.61.184.204 port 55500 [preauth]","@timestamp":"2022-09-12T17:56:37.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:49 honeypot-ams-1 sshd[13225]: Received disconnect from 92.255.85.69 port 19412:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:56:49.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:57:03 honeypot-ams-1 sshd[13229]: Received disconnect from 45.61.184.204 port 34080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:57:03.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:59:09 honeypot-fra-1 kernel: [83879975.932766] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53092 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:59:09.881Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:00:42.529Z","@version":"1","message":"Sep 12 18:00:41 honeypot-sgp-1 kernel: [83881753.105345] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.134.144.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29154 PROTO=TCP SPT=45613 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:02:08 honeypot-fra-1 sshd[3903]: Invalid user monitor from 20.206.248.106 port 33584","@timestamp":"2022-09-12T18:02:08.953Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:02:20 honeypot-ams-1 kernel: [83882325.170743] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45699 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:02:21.024Z"}
{"@timestamp":"2022-09-12T18:03:08.590Z","@version":"1","message":"Sep 12 18:03:08 honeypot-sgp-1 sshd[8798]: Disconnected from authenticating user root 14.225.17.9 port 47412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:04:22 honeypot-fra-1 kernel: [83880289.052133] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14965 PROTO=TCP SPT=45517 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:04:23.007Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:04:33.628Z","@version":"1","message":"Sep 12 18:04:32 honeypot-sgp-1 sshd[8804]: Received disconnect from 45.61.184.204 port 47610:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:04:53.637Z","@version":"1","message":"Sep 12 18:04:52 honeypot-sgp-1 sshd[8808]: Received disconnect from 45.61.184.204 port 42720:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:00 honeypot-ams-1 sshd[13248]: Received disconnect from 188.250.234.67 port 36147:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:01.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:01 honeypot-ams-1 sshd[13252]: Disconnected from authenticating user root 188.250.234.67 port 36198 [preauth]","@timestamp":"2022-09-12T18:05:02.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:02 honeypot-ams-1 sshd[13258]: Disconnected from authenticating user root 188.250.234.67 port 36266 [preauth]","@timestamp":"2022-09-12T18:05:03.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:03 honeypot-ams-1 sshd[13264]: Disconnected from authenticating user root 188.250.234.67 port 36309 [preauth]","@timestamp":"2022-09-12T18:05:04.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:05 honeypot-ams-1 sshd[13270]: Disconnected from authenticating user root 188.250.234.67 port 36353 [preauth]","@timestamp":"2022-09-12T18:05:06.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:06 honeypot-ams-1 sshd[13276]: Disconnected from authenticating user root 188.250.234.67 port 36390 [preauth]","@timestamp":"2022-09-12T18:05:07.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:07 honeypot-ams-1 sshd[13282]: Disconnected from authenticating user root 188.250.234.67 port 36435 [preauth]","@timestamp":"2022-09-12T18:05:08.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:09 honeypot-ams-1 sshd[13288]: Disconnected from authenticating user root 188.250.234.67 port 36466 [preauth]","@timestamp":"2022-09-12T18:05:09.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:10 honeypot-ams-1 sshd[13294]: Disconnected from authenticating user root 188.250.234.67 port 36511 [preauth]","@timestamp":"2022-09-12T18:05:11.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:11 honeypot-ams-1 sshd[13300]: Disconnected from authenticating user root 188.250.234.67 port 36586 [preauth]","@timestamp":"2022-09-12T18:05:12.107Z"}
{"@timestamp":"2022-09-12T18:05:12.647Z","@version":"1","message":"Sep 12 18:05:12 honeypot-sgp-1 sshd[8812]: Received disconnect from 45.61.184.204 port 37838:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:12 honeypot-ams-1 sshd[13306]: Disconnected from authenticating user root 188.250.234.67 port 36643 [preauth]","@timestamp":"2022-09-12T18:05:13.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:14 honeypot-ams-1 sshd[13312]: Disconnected from authenticating user root 188.250.234.67 port 36684 [preauth]","@timestamp":"2022-09-12T18:05:15.109Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:15 honeypot-ams-1 sshd[13318]: Received disconnect from 188.250.234.67 port 36727:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:16.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:16 honeypot-ams-1 sshd[13322]: Received disconnect from 188.250.234.67 port 36751:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:17.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:17 honeypot-ams-1 sshd[13326]: Received disconnect from 188.250.234.67 port 36780:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:18 honeypot-ams-1 sshd[13330]: Received disconnect from 188.250.234.67 port 36799:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:18 honeypot-ams-1 sshd[13334]: Received disconnect from 188.250.234.67 port 36818:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:19.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:19 honeypot-ams-1 sshd[13338]: Received disconnect from 188.250.234.67 port 36849:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:20.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:20 honeypot-ams-1 sshd[13344]: Invalid user pi from 188.250.234.67 port 36904","@timestamp":"2022-09-12T18:05:21.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:21 honeypot-ams-1 sshd[13348]: Invalid user user from 188.250.234.67 port 36952","@timestamp":"2022-09-12T18:05:22.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:22 honeypot-ams-1 sshd[13353]: Invalid user mine from 188.250.234.67 port 36990","@timestamp":"2022-09-12T18:05:23.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:23 honeypot-ams-1 sshd[13357]: Invalid user xbmc from 188.250.234.67 port 37016","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:24 honeypot-ams-1 sshd[13361]: Invalid user oracle from 188.250.234.67 port 37040","@timestamp":"2022-09-12T18:05:25.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:25 honeypot-ams-1 sshd[13365]: Invalid user postgres from 188.250.234.67 port 37063","@timestamp":"2022-09-12T18:05:26.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:26 honeypot-ams-1 sshd[13369]: Invalid user support from 188.250.234.67 port 37081","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:26 honeypot-ams-1 sshd[13373]: Invalid user ubuntu from 188.250.234.67 port 37098","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:27 honeypot-ams-1 sshd[13377]: Invalid user ubuntu from 188.250.234.67 port 37121","@timestamp":"2022-09-12T18:05:28.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:28 honeypot-ams-1 sshd[13381]: Invalid user guest from 188.250.234.67 port 37140","@timestamp":"2022-09-12T18:05:29.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:29 honeypot-ams-1 sshd[13385]: Invalid user cirros from 188.250.234.67 port 37156","@timestamp":"2022-09-12T18:05:30.123Z"}
{"@timestamp":"2022-09-12T18:05:40.663Z","@version":"1","message":"Sep 12 18:05:40 honeypot-sgp-1 kernel: [83882051.274659] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.184 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=16392 PROTO=TCP SPT=50454 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:06:09 honeypot-ams-1 kernel: [83882554.153950] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13867 PROTO=TCP SPT=45517 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:06:10.140Z"}
{"@timestamp":"2022-09-12T18:07:04.701Z","@version":"1","message":"Sep 12 18:07:04 honeypot-sgp-1 kernel: [83882135.560101] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=228 ID=29287 PROTO=TCP SPT=45604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:09:01 honeypot-fra-1 sshd[3916]: Connection closed by 103.231.214.252 port 14788 [preauth]","@timestamp":"2022-09-12T18:09:02.116Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:10:04.780Z","@version":"1","message":"Sep 12 18:10:03 honeypot-sgp-1 sshd[8825]: Invalid user scan from 91.240.118.222 port 38279","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:10:46 honeypot-ams-1 sshd[13392]: Connection closed by authenticating user root 193.106.191.157 port 35838 [preauth]","@timestamp":"2022-09-12T18:10:47.282Z"}
{"@timestamp":"2022-09-12T18:11:00.806Z","@version":"1","message":"Sep 12 18:11:00 honeypot-sgp-1 sshd[8828]: Received disconnect from 188.233.97.32 port 44710:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:11:53 honeypot-ams-1 sshd[13397]: Invalid user user from 45.61.186.169 port 39514","@timestamp":"2022-09-12T18:11:54.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:11 honeypot-ams-1 sshd[13401]: Invalid user user from 45.61.186.169 port 34424","@timestamp":"2022-09-12T18:12:12.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:20 honeypot-ams-1 sshd[13403]: Invalid user user from 45.61.186.169 port 45986","@timestamp":"2022-09-12T18:12:21.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:12:23 honeypot-fra-1 sshd[3928]: Received disconnect from 185.231.245.49 port 52582:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:12:23.196Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:37 honeypot-ams-1 sshd[13409]: Invalid user user from 45.61.186.169 port 40896","@timestamp":"2022-09-12T18:12:38.337Z"}
{"@timestamp":"2022-09-12T18:14:36.895Z","@version":"1","message":"Sep 12 18:14:36 honeypot-sgp-1 sshd[8836]: Received disconnect from 92.255.85.69 port 62142:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:26 honeypot-ams-1 sshd[13414]: Did not receive identification string from 141.255.162.226 port 34802","@timestamp":"2022-09-12T18:15:27.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:15:29 honeypot-fra-1 sshd[3934]: Received disconnect from 109.80.164.62 port 48509:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:15:30.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:44 honeypot-ams-1 sshd[13417]: Disconnected from invalid user user 141.255.162.226 port 60388 [preauth]","@timestamp":"2022-09-12T18:15:45.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:48 honeypot-ams-1 sshd[13421]: Disconnected from invalid user user 141.255.162.226 port 39144 [preauth]","@timestamp":"2022-09-12T18:15:49.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:50 honeypot-ams-1 sshd[13425]: Disconnected from invalid user user 141.255.162.226 port 46130 [preauth]","@timestamp":"2022-09-12T18:15:51.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:17:12 honeypot-fra-1 sshd[3942]: Disconnected from authenticating user root 92.255.85.69 port 56342 [preauth]","@timestamp":"2022-09-12T18:17:12.310Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:19:16 honeypot-ams-1 sshd[13507]: Received disconnect from 92.255.85.69 port 42222:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:19:16.515Z"}
{"@timestamp":"2022-09-12T18:20:27.037Z","@version":"1","message":"Sep 12 18:20:26 honeypot-sgp-1 sshd[8844]: Invalid user test from 172.105.61.41 port 52936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:20:37 honeypot-fra-1 sshd[3950]: Received disconnect from 187.157.153.167 port 55642:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:20:38.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:22:32 honeypot-ams-1 sshd[13513]: Invalid user benoit from 92.205.19.152 port 56818","@timestamp":"2022-09-12T18:22:32.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:23:17 honeypot-fra-1 sshd[3959]: Invalid user User from 179.60.147.69 port 12964","@timestamp":"2022-09-12T18:23:18.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:23:53 honeypot-ams-1 sshd[13517]: Received disconnect from 65.52.9.242 port 34524:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:23:53.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:24:18 honeypot-ams-1 sshd[13522]: Disconnected from invalid user search 102.216.117.235 port 50408 [preauth]","@timestamp":"2022-09-12T18:24:18.650Z"}
{"@timestamp":"2022-09-12T18:25:44.163Z","@version":"1","message":"Sep 12 18:25:43 honeypot-sgp-1 sshd[8847]: Received disconnect from 74.92.28.228 port 54794:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:27:05 honeypot-fra-1 sshd[3967]: Invalid user test from 70.35.202.246 port 48998","@timestamp":"2022-09-12T18:27:05.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:28:09.223Z","@version":"1","message":"Sep 12 18:28:08 honeypot-sgp-1 sshd[8851]: Disconnected from invalid user hnd 106.51.72.221 port 50488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:29:23 honeypot-fra-1 sshd[3976]: Connection closed by 103.231.214.252 port 17651 [preauth]","@timestamp":"2022-09-12T18:29:23.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:30:57 honeypot-fra-1 sshd[3980]: Connection closed by 103.231.214.252 port 51488 [preauth]","@timestamp":"2022-09-12T18:30:57.634Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:31:36 honeypot-ams-1 sshd[13525]: Disconnected from invalid user ts3 164.92.197.101 port 43868 [preauth]","@timestamp":"2022-09-12T18:31:36.843Z"}
{"@timestamp":"2022-09-12T18:32:16.323Z","@version":"1","message":"Sep 12 18:32:16 honeypot-sgp-1 sshd[8856]: Disconnected from invalid user db2inst1 190.145.123.26 port 36508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:34:56 honeypot-fra-1 sshd[3989]: Invalid user mc from 144.24.72.43 port 55230","@timestamp":"2022-09-12T18:34:57.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:40:22 honeypot-fra-1 sshd[3998]: Connection closed by 103.231.214.252 port 36107 [preauth]","@timestamp":"2022-09-12T18:40:22.849Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:44:52.642Z","@version":"1","message":"Sep 12 18:44:52 honeypot-sgp-1 sshd[8862]: Connection closed by invalid user User 179.60.147.69 port 40830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:45:46 honeypot-ams-1 kernel: [83884930.713112] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48899 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:45:47.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:46:38 honeypot-fra-1 sshd[4009]: Connection closed by 103.231.214.252 port 39247 [preauth]","@timestamp":"2022-09-12T18:46:38.992Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:48:13 honeypot-ams-1 kernel: [83885077.897969] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.20.33.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57710 PROTO=TCP SPT=47145 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:48:14.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:52:54 honeypot-fra-1 sshd[4018]: Connection closed by 103.231.214.252 port 19919 [preauth]","@timestamp":"2022-09-12T18:52:55.139Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:56:29 honeypot-fra-1 sshd[4027]: Invalid user User from 179.60.147.69 port 3050","@timestamp":"2022-09-12T18:56:30.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:02:20 honeypot-fra-1 kernel: [83883766.594287] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=241 ID=23832 DF PROTO=TCP SPT=22524 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:02:21.353Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:04:14 honeypot-fra-1 sshd[4042]: Disconnected from authenticating user root 92.255.85.69 port 19706 [preauth]","@timestamp":"2022-09-12T19:04:14.398Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:05:07 honeypot-ams-1 kernel: [83886092.090269] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=48617 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:05:07.702Z"}
{"@timestamp":"2022-09-12T19:06:21.151Z","@version":"1","message":"Sep 12 19:06:20 honeypot-sgp-1 sshd[8869]: Invalid user mbot24 from 154.214.4.199 port 46708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:07:08.172Z","@version":"1","message":"Sep 12 19:07:07 honeypot-sgp-1 sshd[8873]: Invalid user araujo from 84.201.177.10 port 37316","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:07:47 honeypot-ams-1 kernel: [83886252.390632] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=29577 DF PROTO=TCP SPT=59891 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T19:07:48.776Z"}
{"@timestamp":"2022-09-12T19:08:25.205Z","@version":"1","message":"Sep 12 19:08:24 honeypot-sgp-1 sshd[8877]: Invalid user admin from 202.164.153.78 port 37396","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:08:41 honeypot-fra-1 sshd[4051]: Disconnected from authenticating user root 103.3.247.120 port 55416 [preauth]","@timestamp":"2022-09-12T19:08:41.501Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:11:15.274Z","@version":"1","message":"Sep 12 19:11:15 honeypot-sgp-1 sshd[8881]: Received disconnect from 180.167.214.190 port 25634:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:12:13 honeypot-ams-1 sshd[13546]: Connection closed by invalid user user1 103.188.176.251 port 49070 [preauth]","@timestamp":"2022-09-12T19:12:13.896Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:12:25 honeypot-fra-1 sshd[4059]: Received disconnect from 2.139.220.58 port 50408:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:12:25.584Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:13:45.337Z","@version":"1","message":"Sep 12 19:13:44 honeypot-sgp-1 sshd[8887]: Received disconnect from 84.54.74.130 port 38636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:13:49 honeypot-fra-1 sshd[4066]: Received disconnect from 188.166.225.37 port 37654:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:13:50.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:17:01 honeypot-fra-1 CRON[4074]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T19:17:01.691Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:19:05.464Z","@version":"1","message":"Sep 12 19:19:04 honeypot-sgp-1 sshd[8895]: Received disconnect from 139.135.229.27 port 35952:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:20:32.506Z","@version":"1","message":"Sep 12 19:20:31 honeypot-sgp-1 sshd[8901]: Received disconnect from 123.100.226.242 port 49626:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:20:34 honeypot-fra-1 sshd[4084]: Received disconnect from 62.204.41.222 port 46980:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-12T19:20:34.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:22:52 honeypot-ams-1 sshd[13555]: Invalid user User from 179.60.147.69 port 12434","@timestamp":"2022-09-12T19:22:53.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:24:15 honeypot-fra-1 sshd[4090]: Connection closed by 103.231.214.252 port 20607 [preauth]","@timestamp":"2022-09-12T19:24:15.860Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:25:36.625Z","@version":"1","message":"Sep 12 19:25:36 honeypot-sgp-1 sshd[8916]: Connection closed by invalid user guest 202.53.80.157 port 52464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:27:11 honeypot-fra-1 kernel: [83885257.701429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=9578 PROTO=TCP SPT=11322 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:27:11.929Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:27:54 honeypot-fra-1 sshd[4101]: Disconnected from invalid user kiran 165.22.45.108 port 36428 [preauth]","@timestamp":"2022-09-12T19:27:54.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:29:43 honeypot-ams-1 sshd[13562]: Received disconnect from 92.255.85.69 port 28242:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:29:43.347Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:32:43 honeypot-fra-1 kernel: [83885589.266942] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.178.103.163 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=3941 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:32:44.061Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:36:32 honeypot-ams-1 sshd[13567]: Connection closed by invalid user user 193.106.191.157 port 55676 [preauth]","@timestamp":"2022-09-12T19:36:33.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:41:24 honeypot-fra-1 sshd[4123]: Invalid user user from 193.106.191.157 port 33326","@timestamp":"2022-09-12T19:41:24.255Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:43:05.026Z","@version":"1","message":"Sep 12 19:43:04 honeypot-sgp-1 kernel: [83887896.084935] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.227.178.189 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=64497 PROTO=TCP SPT=13431 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:44:05.056Z","@version":"1","message":"Sep 12 19:44:05 honeypot-sgp-1 sshd[8929]: Connection closed by 143.244.187.127 port 48696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:46:12 honeypot-fra-1 sshd[4134]: Connection closed by 103.231.214.252 port 33398 [preauth]","@timestamp":"2022-09-12T19:46:13.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:49:27 honeypot-ams-1 kernel: [83888751.720193] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=3582 DF PROTO=TCP SPT=49547 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:49:27.870Z"}
{"@timestamp":"2022-09-12T19:49:57.193Z","@version":"1","message":"Sep 12 19:49:56 honeypot-sgp-1 kernel: [83888307.645398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.189 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35855 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:50:28 honeypot-fra-1 sshd[4221]: Received disconnect from 92.255.85.69 port 37184:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:50:28.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:53:25 honeypot-fra-1 sshd[4227]: Invalid user admin from 81.150.9.251 port 38234","@timestamp":"2022-09-12T19:53:25.537Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:54:06 honeypot-ams-1 kernel: [83889030.615624] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36936 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:54:06.991Z"}
{"@timestamp":"2022-09-12T19:56:25.347Z","@version":"1","message":"Sep 12 19:56:24 honeypot-sgp-1 sshd[8941]: Received disconnect from 157.245.245.11 port 45820:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:57:10 honeypot-fra-1 sshd[4234]: Connection closed by 103.231.214.252 port 63574 [preauth]","@timestamp":"2022-09-12T19:57:10.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:15 honeypot-fra-1 sshd[4241]: Invalid user user from 141.255.162.226 port 37092","@timestamp":"2022-09-12T19:59:16.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:19 honeypot-fra-1 sshd[4245]: Invalid user user from 141.255.162.226 port 50874","@timestamp":"2022-09-12T19:59:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:23 honeypot-fra-1 sshd[4249]: Invalid user user from 141.255.162.226 port 36426","@timestamp":"2022-09-12T19:59:23.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:59:34 honeypot-ams-1 sshd[13579]: Invalid user User from 179.60.147.69 port 52480","@timestamp":"2022-09-12T19:59:35.135Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:02:04 honeypot-ams-1 kernel: [83889508.688796] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.82.67.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=34921 PROTO=TCP SPT=33625 DPT=443 WINDOW=52757 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:02:05.202Z"}
{"@timestamp":"2022-09-12T20:02:08.483Z","@version":"1","message":"Sep 12 20:02:08 honeypot-sgp-1 sshd[8946]: Received disconnect from 203.245.29.159 port 45096:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:03:05 honeypot-fra-1 sshd[4256]: Received disconnect from 165.22.45.108 port 41224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:03:05.763Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:06:45 honeypot-ams-1 kernel: [83889789.550742] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=20284 DF PROTO=TCP SPT=50880 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T20:06:45.328Z"}
{"@timestamp":"2022-09-12T20:06:47.596Z","@version":"1","message":"Sep 12 20:06:47 honeypot-sgp-1 sshd[8952]: Received disconnect from 177.73.15.138 port 36242:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:07:38 honeypot-fra-1 sshd[4265]: Received disconnect from 181.209.159.166 port 57138:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:07:38.868Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:09:42 honeypot-fra-1 sshd[4271]: Connection closed by 103.231.214.252 port 24662 [preauth]","@timestamp":"2022-09-12T20:09:42.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:10:11.680Z","@version":"1","message":"Sep 12 20:10:11 honeypot-sgp-1 sshd[8959]: Received disconnect from 92.255.85.70 port 52988:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:12:14.730Z","@version":"1","message":"Sep 12 20:12:14 honeypot-sgp-1 sshd[8963]: Disconnected from invalid user vicenzig 81.250.204.52 port 50878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:14:24 honeypot-fra-1 sshd[4280]: Connection closed by 103.231.214.252 port 27257 [preauth]","@timestamp":"2022-09-12T20:14:25.027Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:14:59 honeypot-ams-1 sshd[13587]: Disconnected from authenticating user root 92.255.85.69 port 43646 [preauth]","@timestamp":"2022-09-12T20:14:59.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:18:09 honeypot-ams-1 sshd[13595]: Connection closed by 66.240.236.116 port 33856 [preauth]","@timestamp":"2022-09-12T20:18:10.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:19:06 honeypot-fra-1 sshd[4290]: Connection closed by 103.231.214.252 port 50203 [preauth]","@timestamp":"2022-09-12T20:19:07.135Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:22:39 honeypot-ams-1 sshd[13600]: Disconnected from invalid user guest 190.144.232.142 port 44872 [preauth]","@timestamp":"2022-09-12T20:22:39.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:23:30 honeypot-fra-1 sshd[4298]: Did not receive identification string from 180.140.74.77 port 40982","@timestamp":"2022-09-12T20:23:30.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:26:28 honeypot-fra-1 sshd[4306]: Received disconnect from 80.91.223.98 port 55446:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:26:28.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:28:52 honeypot-fra-1 sshd[4315]: Invalid user guest from 197.211.115.66 port 45136","@timestamp":"2022-09-12T20:28:53.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:30:24.158Z","@version":"1","message":"Sep 12 20:30:23 honeypot-sgp-1 sshd[8970]: Disconnected from invalid user admin 144.34.212.207 port 45856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:31:28.185Z","@version":"1","message":"Sep 12 20:31:27 honeypot-sgp-1 sshd[8974]: Disconnected from invalid user informix 138.68.2.22 port 42324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:28.212Z","@version":"1","message":"Sep 12 20:32:27 honeypot-sgp-1 sshd[8980]: Received disconnect from 92.255.85.69 port 36592:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:33.215Z","@version":"1","message":"Sep 12 20:32:32 honeypot-sgp-1 sshd[8985]: Received disconnect from 141.255.162.226 port 53202:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:35.216Z","@version":"1","message":"Sep 12 20:32:34 honeypot-sgp-1 sshd[8989]: Received disconnect from 141.255.162.226 port 59404:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:57.248Z","@version":"1","message":"Sep 12 20:32:56 honeypot-sgp-1 sshd[8993]: Received disconnect from 45.179.229.32 port 45913:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:33:13 honeypot-fra-1 sshd[4324]: Connection closed by 103.231.214.252 port 56098 [preauth]","@timestamp":"2022-09-12T20:33:13.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:33:47.271Z","@version":"1","message":"Sep 12 20:33:46 honeypot-sgp-1 sshd[8997]: Received disconnect from 177.229.215.234 port 52936:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:34:51 honeypot-ams-1 sshd[13606]: Received disconnect from 182.253.141.117 port 46558:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:34:52.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:36:21 honeypot-fra-1 sshd[4332]: Connection closed by 103.231.214.252 port 17337 [preauth]","@timestamp":"2022-09-12T20:36:21.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:36:51.345Z","@version":"1","message":"Sep 12 20:36:50 honeypot-sgp-1 sshd[9002]: Connection closed by 66.240.236.116 port 42242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:38:28 honeypot-ams-1 kernel: [83891692.860975] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=29191 PROTO=TCP SPT=55037 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:38:29.204Z"}
{"@timestamp":"2022-09-12T20:38:56.398Z","@version":"1","message":"Sep 12 20:38:55 honeypot-sgp-1 sshd[9005]: Disconnected from invalid user user 141.255.162.226 port 58024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:38:58.400Z","@version":"1","message":"Sep 12 20:38:57 honeypot-sgp-1 sshd[9009]: Disconnected from invalid user user 141.255.162.226 port 43286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:39:01.401Z","@version":"1","message":"Sep 12 20:39:00 honeypot-sgp-1 sshd[9013]: Disconnected from invalid user user 141.255.162.226 port 56786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:39:01 honeypot-ams-1 sshd[13614]: Disconnected from invalid user be 138.68.178.64 port 42516 [preauth]","@timestamp":"2022-09-12T20:39:02.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:39:25 honeypot-fra-1 kernel: [83889591.127877] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=14132 DF PROTO=TCP SPT=50105 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T20:39:25.613Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:40:43 honeypot-ams-1 sshd[13619]: Disconnected from invalid user wjc 31.220.17.116 port 39096 [preauth]","@timestamp":"2022-09-12T20:40:44.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:42:37 honeypot-fra-1 sshd[4346]: Connection closed by 103.231.214.252 port 14367 [preauth]","@timestamp":"2022-09-12T20:42:37.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:47:21 honeypot-ams-1 sshd[13626]: Disconnected from authenticating user root 85.172.189.189 port 55122 [preauth]","@timestamp":"2022-09-12T20:47:21.438Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:48:24 honeypot-fra-1 sshd[4357]: Received disconnect from 103.82.145.99 port 33692:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:48:25.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:50:27 honeypot-fra-1 sshd[4364]: Connection closed by 103.231.214.252 port 61348 [preauth]","@timestamp":"2022-09-12T20:50:27.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:54:32 honeypot-fra-1 kernel: [83890498.539081] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=41601 DF PROTO=TCP SPT=58693 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:54:32.963Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T20:55:34.786Z","@version":"1","message":"Sep 12 20:55:34 honeypot-sgp-1 kernel: [83892245.330291] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=62045 DF PROTO=TCP SPT=47510 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:56:12.804Z","@version":"1","message":"Sep 12 20:56:11 honeypot-sgp-1 kernel: [83892282.928662] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.88.48 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=2785 DF PROTO=TCP SPT=46492 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:56:15 honeypot-ams-1 sshd[13633]: Received disconnect from 159.223.172.195 port 53934:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:56:16.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:57:29 honeypot-fra-1 sshd[4377]: Connection closed by invalid user support 193.106.191.157 port 39396 [preauth]","@timestamp":"2022-09-12T20:57:30.034Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:57:29 honeypot-ams-1 sshd[13638]: Did not receive identification string from 193.142.146.50 port 39590","@timestamp":"2022-09-12T20:57:30.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:10 honeypot-ams-1 sshd[13643]: Received disconnect from 193.142.146.50 port 60754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:58:10.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:29 honeypot-ams-1 sshd[13647]: Disconnected from invalid user test 160.120.130.101 port 13358 [preauth]","@timestamp":"2022-09-12T20:58:29.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:58:55 honeypot-fra-1 sshd[4379]: Connection closed by 103.231.214.252 port 48448 [preauth]","@timestamp":"2022-09-12T20:58:56.069Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:59:52 honeypot-ams-1 sshd[13653]: Received disconnect from 193.142.146.50 port 33114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:59:52.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:36 honeypot-ams-1 sshd[13659]: Received disconnect from 193.142.146.50 port 44762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:00:36.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:01:02 honeypot-ams-1 sshd[13663]: Disconnected from authenticating user root 92.255.85.70 port 44546 [preauth]","@timestamp":"2022-09-12T21:01:02.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:01:56 honeypot-ams-1 sshd[13667]: Disconnected from invalid user ansible 193.142.146.50 port 50876 [preauth]","@timestamp":"2022-09-12T21:01:56.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:27 honeypot-ams-1 sshd[13671]: Disconnected from invalid user ansible 193.142.146.50 port 39820 [preauth]","@timestamp":"2022-09-12T21:02:28.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:03:27 honeypot-ams-1 sshd[13678]: Received disconnect from 193.142.146.50 port 51468:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:03:27.875Z"}
{"@timestamp":"2022-09-12T21:03:33.978Z","@version":"1","message":"Sep 12 21:03:33 honeypot-sgp-1 kernel: [83892724.144123] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=142.44.215.54 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=23068 DF PROTO=TCP SPT=16965 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:01 honeypot-ams-1 sshd[13682]: Received disconnect from 193.142.146.50 port 40412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:04:01.891Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:04:24 honeypot-ams-1 kernel: [83893248.966332] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=26343 DF PROTO=TCP SPT=53680 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:04:24.904Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:52 honeypot-ams-1 sshd[13688]: Received disconnect from 193.142.146.50 port 52060:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:04:52.919Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:05:11 honeypot-fra-1 sshd[4391]: Connection closed by 103.231.214.252 port 32813 [preauth]","@timestamp":"2022-09-12T21:05:12.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:05:29.025Z","@version":"1","message":"Sep 12 21:05:28 honeypot-sgp-1 sshd[9029]: Disconnected from invalid user su 209.141.59.131 port 60420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:07:11.066Z","@version":"1","message":"Sep 12 21:07:10 honeypot-sgp-1 sshd[9033]: Disconnected from invalid user oracle 14.224.169.32 port 56260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:07:38 honeypot-ams-1 kernel: [83893442.411323] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=25671 DF PROTO=TCP SPT=54030 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T21:07:38.993Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:08:20 honeypot-fra-1 sshd[4397]: Connection closed by 103.231.214.252 port 22787 [preauth]","@timestamp":"2022-09-12T21:08:20.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:13:25 honeypot-fra-1 kernel: [83891631.673648] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.43 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=52199 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:13:26.422Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:14:07 honeypot-ams-1 sshd[13699]: Disconnected from invalid user scan 91.240.118.222 port 47168 [preauth]","@timestamp":"2022-09-12T21:14:07.166Z"}
{"@timestamp":"2022-09-12T21:17:02.293Z","@version":"1","message":"Sep 12 21:17:01 honeypot-sgp-1 CRON[9039]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:17:12 honeypot-fra-1 sshd[4416]: Connection closed by invalid user User 179.60.147.69 port 2988 [preauth]","@timestamp":"2022-09-12T21:17:12.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:20:51 honeypot-fra-1 sshd[4424]: Connection closed by 103.231.214.252 port 49761 [preauth]","@timestamp":"2022-09-12T21:20:52.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:20 honeypot-ams-1 sshd[13706]: Disconnected from invalid user user 45.61.186.169 port 46692 [preauth]","@timestamp":"2022-09-12T21:22:20.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:37 honeypot-ams-1 sshd[13710]: Disconnected from invalid user user 45.61.186.169 port 41026 [preauth]","@timestamp":"2022-09-12T21:22:38.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:55 honeypot-ams-1 sshd[13714]: Disconnected from invalid user user 45.61.186.169 port 35362 [preauth]","@timestamp":"2022-09-12T21:22:55.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:12 honeypot-ams-1 sshd[13719]: Disconnected from invalid user user 45.61.186.169 port 57920 [preauth]","@timestamp":"2022-09-12T21:23:12.405Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:24:13 honeypot-ams-1 sshd[13723]: Received disconnect from 92.255.85.69 port 39116:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:24:14.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:27:07 honeypot-fra-1 sshd[4437]: Connection closed by 103.231.214.252 port 64006 [preauth]","@timestamp":"2022-09-12T21:27:08.738Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:29:51.587Z","@version":"1","message":"Sep 12 21:29:51 honeypot-sgp-1 kernel: [83894302.266929] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11707 PROTO=TCP SPT=35289 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:34:58 honeypot-fra-1 sshd[4448]: Connection closed by 103.231.214.252 port 21881 [preauth]","@timestamp":"2022-09-12T21:34:58.918Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:35:35 honeypot-ams-1 kernel: [83895120.333566] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=10453 PROTO=TCP SPT=39056 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:35:36.720Z"}
{"@timestamp":"2022-09-12T21:41:46.861Z","@version":"1","message":"Sep 12 21:41:46 honeypot-sgp-1 sshd[9049]: Did not receive identification string from 198.98.61.9 port 56264","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:42:23 honeypot-ams-1 sshd[13730]: Received disconnect from 188.157.24.174 port 50042:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:42:23.894Z"}
{"@timestamp":"2022-09-12T21:42:30.881Z","@version":"1","message":"Sep 12 21:42:30 honeypot-sgp-1 sshd[9054]: Invalid user user from 198.98.61.9 port 53726","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:38.885Z","@version":"1","message":"Sep 12 21:42:38 honeypot-sgp-1 sshd[9057]: Disconnected from invalid user user 198.98.61.9 port 36672 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:53.893Z","@version":"1","message":"Sep 12 21:42:52 honeypot-sgp-1 sshd[9061]: Disconnected from invalid user user 198.98.61.9 port 59022 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:43:07.899Z","@version":"1","message":"Sep 12 21:43:07 honeypot-sgp-1 sshd[9065]: Disconnected from invalid user user 198.98.61.9 port 53162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:43:20 honeypot-ams-1 sshd[13734]: Connection closed by invalid user user1 103.188.176.251 port 55536 [preauth]","@timestamp":"2022-09-12T21:43:20.923Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:46:27 honeypot-ams-1 sshd[13739]: Received disconnect from 132.247.181.75 port 37938:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:46:28.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:47:21 honeypot-fra-1 sshd[4461]: Invalid user user1 from 103.188.176.251 port 60688","@timestamp":"2022-09-12T21:47:22.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:49:11 honeypot-ams-1 kernel: [83895935.553347] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=31337 DF PROTO=TCP SPT=53203 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:49:12.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:53:30 honeypot-fra-1 kernel: [83894035.814391] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24854 PROTO=TCP SPT=58889 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:53:30.332Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:55:33 honeypot-ams-1 sshd[13748]: Disconnected from 159.223.172.195 port 49734 [preauth]","@timestamp":"2022-09-12T21:55:34.272Z"}
{"@timestamp":"2022-09-12T21:57:19.249Z","@version":"1","message":"Sep 12 21:57:18 honeypot-sgp-1 kernel: [83895949.337013] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=26845 DF PROTO=TCP SPT=52181 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:58:12 honeypot-ams-1 sshd[13753]: Invalid user ubuntu from 103.135.215.66 port 55318","@timestamp":"2022-09-12T21:58:12.344Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:22 honeypot-fra-1 sshd[4470]: Received disconnect from 45.61.186.169 port 46152:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:59:23.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:40 honeypot-fra-1 sshd[4474]: Received disconnect from 45.61.186.169 port 42022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:59:41.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:59 honeypot-fra-1 sshd[4480]: Invalid user user from 45.61.186.169 port 37896","@timestamp":"2022-09-12T21:59:59.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:16 honeypot-fra-1 sshd[4484]: Invalid user user from 45.61.186.169 port 33768","@timestamp":"2022-09-12T22:00:17.507Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:03:24.390Z","@version":"1","message":"Sep 12 22:03:23 honeypot-sgp-1 sshd[9155]: Invalid user admin from 112.160.69.124 port 58715","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:04:54 honeypot-fra-1 sshd[4489]: Invalid user admin from 139.198.27.111 port 36052","@timestamp":"2022-09-12T22:04:55.610Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:06:29 honeypot-fra-1 sshd[4491]: Disconnected from invalid user yd 40.89.190.3 port 1024 [preauth]","@timestamp":"2022-09-12T22:06:29.646Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:07:21 honeypot-ams-1 sshd[13758]: Invalid user pi from 96.3.36.65 port 53530","@timestamp":"2022-09-12T22:07:22.578Z"}
{"@timestamp":"2022-09-12T22:07:38.493Z","@version":"1","message":"Sep 12 22:07:37 honeypot-sgp-1 sshd[9161]: Invalid user demo from 142.93.187.197 port 44062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:09:12 honeypot-ams-1 sshd[13763]: Invalid user test from 193.106.191.157 port 42456","@timestamp":"2022-09-12T22:09:12.628Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:09:12 honeypot-fra-1 sshd[4497]: Received disconnect from 77.158.71.118 port 40708:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:09:13.709Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:10:05 honeypot-ams-1 kernel: [83897189.997348] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.208.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57039 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:10:06.656Z"}
{"@timestamp":"2022-09-12T22:10:39.566Z","@version":"1","message":"Sep 12 22:10:39 honeypot-sgp-1 sshd[9164]: Invalid user ps from 103.188.176.251 port 37528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:04 honeypot-fra-1 sshd[4503]: Invalid user user from 141.255.162.226 port 57818","@timestamp":"2022-09-12T22:12:05.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:08 honeypot-fra-1 sshd[4507]: Invalid user user from 141.255.162.226 port 49778","@timestamp":"2022-09-12T22:12:09.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:12 honeypot-fra-1 sshd[4511]: Invalid user user from 141.255.162.226 port 35022","@timestamp":"2022-09-12T22:12:12.776Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:13:49 honeypot-ams-1 kernel: [83897413.842013] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.246.210.116 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=61905 PROTO=TCP SPT=24782 DPT=443 WINDOW=14493 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:13:49.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:14:11 honeypot-fra-1 sshd[4515]: Invalid user test from 193.106.191.157 port 45368","@timestamp":"2022-09-12T22:14:11.820Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:17:01.716Z","@version":"1","message":"Sep 12 22:17:01 honeypot-sgp-1 CRON[9169]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:07.791Z","@version":"1","message":"Sep 12 22:20:07 honeypot-sgp-1 sshd[9176]: Invalid user user from 198.98.61.9 port 43878","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:24.799Z","@version":"1","message":"Sep 12 22:20:24 honeypot-sgp-1 sshd[9182]: Invalid user user from 198.98.61.9 port 38066","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:41.808Z","@version":"1","message":"Sep 12 22:20:41 honeypot-sgp-1 sshd[9186]: Invalid user user from 198.98.61.9 port 60410","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:21:33.830Z","@version":"1","message":"Sep 12 22:21:32 honeypot-sgp-1 kernel: [83897403.845038] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=145.40.77.125 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=58100 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:21:50 honeypot-ams-1 kernel: [83897894.579980] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.33 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=53126 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:21:50.978Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:23:25 honeypot-fra-1 sshd[4522]: Connection closed by invalid user User 179.60.147.69 port 20388 [preauth]","@timestamp":"2022-09-12T22:23:26.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:29:08 honeypot-fra-1 sshd[4528]: Disconnected from invalid user recruit 149.56.22.235 port 60210 [preauth]","@timestamp":"2022-09-12T22:29:09.158Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:32:11 honeypot-ams-1 sshd[13791]: Disconnected from authenticating user root 61.177.173.46 port 54636 [preauth]","@timestamp":"2022-09-12T22:32:12.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:35:54 honeypot-ams-1 sshd[13798]: Received disconnect from 43.130.45.216 port 60554:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:35:55.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:22 honeypot-ams-1 sshd[13801]: Received disconnect from 165.22.63.110 port 41362:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:36:22.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:50 honeypot-ams-1 sshd[13807]: Received disconnect from 45.61.186.249 port 58768:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:36:50.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:08 honeypot-ams-1 sshd[13811]: Received disconnect from 45.61.186.249 port 53804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:37:09.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:25 honeypot-ams-1 sshd[13815]: Received disconnect from 45.61.186.249 port 48832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:37:26.399Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:41 honeypot-ams-1 sshd[13819]: Disconnected from authenticating user root 203.106.164.74 port 54884 [preauth]","@timestamp":"2022-09-12T22:37:42.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:38:54 honeypot-ams-1 sshd[13822]: Disconnected from invalid user user 45.61.186.169 port 59892 [preauth]","@timestamp":"2022-09-12T22:38:54.443Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:12 honeypot-ams-1 sshd[13826]: Disconnected from invalid user user 45.61.186.169 port 54850 [preauth]","@timestamp":"2022-09-12T22:39:13.454Z"}
{"@timestamp":"2022-09-12T22:39:17.244Z","@version":"1","message":"Sep 12 22:39:16 honeypot-sgp-1 sshd[9195]: Received disconnect from 43.154.50.195 port 55406:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:30 honeypot-ams-1 sshd[13830]: Disconnected from invalid user user 45.61.186.169 port 49810 [preauth]","@timestamp":"2022-09-12T22:39:31.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:47 honeypot-ams-1 sshd[13835]: Disconnected from invalid user user 45.61.186.169 port 44776 [preauth]","@timestamp":"2022-09-12T22:39:47.471Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:40:34 honeypot-fra-1 sshd[4535]: Received disconnect from 165.22.45.108 port 33902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:40:34.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:41:27 honeypot-ams-1 sshd[13841]: Invalid user admin from 167.71.235.223 port 49594","@timestamp":"2022-09-12T22:41:28.517Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:41:44 honeypot-ams-1 kernel: [83899088.859166] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=31556 PROTO=TCP SPT=40018 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:41:45.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:43:56 honeypot-ams-1 sshd[13849]: Received disconnect from 61.177.173.39 port 39543:11:  [preauth]","@timestamp":"2022-09-12T22:43:57.585Z"}
{"@timestamp":"2022-09-12T22:44:51.376Z","@version":"1","message":"Sep 12 22:44:50 honeypot-sgp-1 sshd[9200]: Invalid user User from 179.60.147.69 port 10510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:51:51 honeypot-fra-1 sshd[4539]: Connection closed by invalid user guest 223.99.16.201 port 40163 [preauth]","@timestamp":"2022-09-12T22:51:52.664Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:53:38 honeypot-ams-1 sshd[13859]: Received disconnect from 61.177.173.52 port 37603:11:  [preauth]","@timestamp":"2022-09-12T22:53:38.850Z"}
{"@timestamp":"2022-09-12T22:53:51.585Z","@version":"1","message":"Sep 12 22:53:51 honeypot-sgp-1 kernel: [83899342.123020] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.74.61.220 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=25194 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:01:36 honeypot-ams-1 kernel: [83900280.434830] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=53624 PROTO=TCP SPT=39411 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:01:37.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:24 honeypot-ams-1 sshd[13868]: Disconnected from invalid user user 141.255.162.226 port 36316 [preauth]","@timestamp":"2022-09-12T23:04:25.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:27 honeypot-ams-1 sshd[13872]: Disconnected from invalid user user 141.255.162.226 port 49708 [preauth]","@timestamp":"2022-09-12T23:04:28.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:31 honeypot-ams-1 sshd[13876]: Disconnected from invalid user user 141.255.162.226 port 34876 [preauth]","@timestamp":"2022-09-12T23:04:32.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:05:26 honeypot-ams-1 sshd[13882]: Connection closed by 167.248.133.60 port 59328 [preauth]","@timestamp":"2022-09-12T23:05:27.153Z"}
{"@timestamp":"2022-09-12T23:06:13.869Z","@version":"1","message":"Sep 12 23:06:13 honeypot-sgp-1 sshd[9209]: Connection closed by invalid user admin 114.144.5.51 port 60313 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:06:18 honeypot-fra-1 sshd[4546]: Invalid user minecraft3 from 134.209.244.230 port 55020","@timestamp":"2022-09-12T23:06:18.986Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:02 honeypot-fra-1 sshd[4559]: Connection reset by 114.116.221.4 port 58464 [preauth]","@timestamp":"2022-09-12T23:09:03.051Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4561]: Invalid user devops from 114.116.221.4 port 58494","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4560]: Connection closed by invalid user steam 114.116.221.4 port 58504 [preauth]","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:49 honeypot-fra-1 sshd[4577]: Disconnected from authenticating user root 194.141.2.239 port 47498 [preauth]","@timestamp":"2022-09-12T23:09:50.071Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:14:05 honeypot-ams-1 sshd[13889]: Invalid user Admin from 193.106.191.157 port 37378","@timestamp":"2022-09-12T23:14:05.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:22 honeypot-ams-1 sshd[13895]: Received disconnect from 45.61.184.204 port 58132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:15:22.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:44 honeypot-ams-1 sshd[13899]: Received disconnect from 45.61.184.204 port 55674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:15:45.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:04 honeypot-ams-1 sshd[13903]: Received disconnect from 45.61.184.204 port 53216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:16:04.434Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:16:12 honeypot-fra-1 kernel: [83898998.010039] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.100 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=19412 PROTO=TCP SPT=8597 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:16:13.213Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:23 honeypot-ams-1 sshd[13907]: Received disconnect from 45.61.184.204 port 50758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:16:23.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:18:44 honeypot-fra-1 sshd[4587]: Disconnected from authenticating user root 92.255.85.69 port 35372 [preauth]","@timestamp":"2022-09-12T23:18:45.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:19:40.197Z","@version":"1","message":"Sep 12 23:19:39 honeypot-sgp-1 sshd[9217]: Invalid user User from 179.60.147.69 port 15472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:21:13 honeypot-ams-1 sshd[13915]: Received disconnect from 92.255.85.70 port 60746:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:21:13.574Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:22:37 honeypot-fra-1 kernel: [83899382.522578] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=38228 PROTO=TCP SPT=58738 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:22:37.363Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:23:10 honeypot-ams-1 sshd[13920]: Received disconnect from 46.101.176.6 port 57872:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:23:10.629Z"}
{"@timestamp":"2022-09-12T23:25:47.342Z","@version":"1","message":"Sep 12 23:25:46 honeypot-sgp-1 sshd[9222]: Connection closed by invalid user ubnt 179.60.147.69 port 23950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:27:58 honeypot-ams-1 sshd[13926]: Disconnected from authenticating user root 61.177.173.49 port 18099 [preauth]","@timestamp":"2022-09-12T23:27:58.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:28:23 honeypot-fra-1 sshd[4595]: Received disconnect from 216.80.102.155 port 50644:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:28:23.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:29:48 honeypot-fra-1 sshd[4599]: Disconnected from authenticating user root 192.241.174.44 port 39996 [preauth]","@timestamp":"2022-09-12T23:29:48.531Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:29:58 honeypot-ams-1 sshd[13933]: Disconnected from authenticating user root 61.177.172.124 port 38960 [preauth]","@timestamp":"2022-09-12T23:29:59.810Z"}
{"@timestamp":"2022-09-12T23:32:31.526Z","@version":"1","message":"Sep 12 23:32:31 honeypot-sgp-1 kernel: [83901661.900031] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=13660 PROTO=TCP SPT=45133 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:34:27 honeypot-fra-1 kernel: [83900093.109592] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25851 PROTO=TCP SPT=43901 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:34:28.638Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:36:07 honeypot-ams-1 sshd[13941]: Received disconnect from 61.177.173.36 port 54889:11:  [preauth]","@timestamp":"2022-09-12T23:36:07.970Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:40:24 honeypot-fra-1 sshd[4608]: Disconnected from invalid user ubuntu 159.89.194.103 port 48680 [preauth]","@timestamp":"2022-09-12T23:40:24.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:41:17 honeypot-fra-1 sshd[4613]: Disconnected from invalid user admin 185.17.229.65 port 2728 [preauth]","@timestamp":"2022-09-12T23:41:17.792Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:21 honeypot-ams-1 sshd[13950]: Invalid user user from 45.61.186.169 port 60862","@timestamp":"2022-09-12T23:43:22.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:39 honeypot-ams-1 sshd[13954]: Invalid user user from 45.61.186.169 port 55992","@timestamp":"2022-09-12T23:43:40.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:56 honeypot-ams-1 sshd[13958]: Invalid user user from 45.61.186.169 port 51134","@timestamp":"2022-09-12T23:43:57.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:12 honeypot-ams-1 sshd[13962]: Received disconnect from 92.255.85.70 port 51244:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:44:13.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:59 honeypot-ams-1 sshd[13966]: Received disconnect from 159.65.91.105 port 60446:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:45:00.207Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:47:49 honeypot-fra-1 sshd[4619]: Disconnected from invalid user test2 142.93.211.192 port 39116 [preauth]","@timestamp":"2022-09-12T23:47:49.939Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:48:17.889Z","@version":"1","message":"Sep 12 23:48:17 honeypot-sgp-1 sshd[9235]: Received disconnect from 185.53.229.86 port 33288:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:48:32 honeypot-ams-1 sshd[13974]: Invalid user sammy from 90.12.204.90 port 49116","@timestamp":"2022-09-12T23:48:32.303Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:11 honeypot-fra-1 sshd[4625]: Connection closed by invalid user admin 159.203.178.0 port 41554 [preauth]","@timestamp":"2022-09-12T23:49:11.972Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:51:23.963Z","@version":"1","message":"Sep 12 23:51:23 honeypot-sgp-1 sshd[9242]: Invalid user config from 106.255.248.19 port 51164","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:52:26 honeypot-ams-1 sshd[13979]: Received disconnect from 61.177.172.98 port 32579:11:  [preauth]","@timestamp":"2022-09-12T23:52:26.411Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:55:24 honeypot-fra-1 sshd[4632]: Connection closed by invalid user admin 141.98.10.158 port 40394 [preauth]","@timestamp":"2022-09-12T23:55:25.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:59:51 honeypot-ams-1 kernel: [83903775.547211] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=64700 PROTO=TCP SPT=10607 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:59:51.603Z"}
{"@timestamp":"2022-09-13T00:02:39.253Z","@version":"1","message":"Sep 13 00:02:38 honeypot-sgp-1 sshd[9247]: Disconnected from authenticating user root 92.255.85.70 port 60516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:05:12 honeypot-ams-1 sshd[13990]: Disconnected from authenticating user root 50.116.41.163 port 20926 [preauth]","@timestamp":"2022-09-13T00:05:13.749Z"}
{"@timestamp":"2022-09-13T00:05:29.321Z","@version":"1","message":"Sep 13 00:05:28 honeypot-sgp-1 sshd[9253]: Connection closed by invalid user admin 128.199.160.207 port 47588 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:06:34 honeypot-ams-1 sshd[13998]: Invalid user juan from 167.71.59.102 port 47136","@timestamp":"2022-09-13T00:06:35.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:07:25 honeypot-fra-1 sshd[4643]: Invalid user user from 179.60.147.69 port 37338","@timestamp":"2022-09-13T00:07:25.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:08:27 honeypot-ams-1 sshd[14002]: Received disconnect from 137.184.2.1 port 51054:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:08:27.841Z"}
{"@timestamp":"2022-09-13T00:08:48.400Z","@version":"1","message":"Sep 13 00:08:47 honeypot-sgp-1 kernel: [83903838.605764] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=228 ID=61653 PROTO=TCP SPT=47203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:09:41 honeypot-ams-1 sshd[14006]: Received disconnect from 20.106.195.16 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:09:41.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:10:10 honeypot-ams-1 sshd[14010]: Disconnected from invalid user ig 20.198.109.140 port 55742 [preauth]","@timestamp":"2022-09-13T00:10:10.890Z"}
{"@timestamp":"2022-09-13T00:12:15.483Z","@version":"1","message":"Sep 13 00:12:14 honeypot-sgp-1 sshd[9263]: Received disconnect from 45.61.184.204 port 37176:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:37.494Z","@version":"1","message":"Sep 13 00:12:36 honeypot-sgp-1 sshd[9267]: Received disconnect from 45.61.184.204 port 34968:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:57.503Z","@version":"1","message":"Sep 13 00:12:56 honeypot-sgp-1 sshd[9271]: Received disconnect from 45.61.184.204 port 60978:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:12:57 honeypot-ams-1 kernel: [83904561.799012] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.92.32.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=37795 PROTO=TCP SPT=47976 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:12:57.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:13:45 honeypot-fra-1 kernel: [83902450.419459] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.43.10.52 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=44331 DF PROTO=TCP SPT=45588 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:13:45.530Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:23 honeypot-fra-1 sshd[4653]: Received disconnect from 45.61.187.160 port 60624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:16:23.591Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:16:31.589Z","@version":"1","message":"Sep 13 00:16:31 honeypot-sgp-1 kernel: [83904302.093823] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=28867 DF PROTO=TCP SPT=55478 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:43 honeypot-fra-1 sshd[4657]: Received disconnect from 45.61.187.160 port 55490:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:16:44.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:01 honeypot-fra-1 CRON[4661]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T00:17:01.616Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:17:01 honeypot-ams-1 CRON[14024]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T00:17:02.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:11 honeypot-fra-1 sshd[4666]: Disconnected from invalid user user 45.61.187.160 port 33654 [preauth]","@timestamp":"2022-09-13T00:17:11.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:22:39 honeypot-fra-1 sshd[4671]: Disconnected from authenticating user root 89.22.180.184 port 22686 [preauth]","@timestamp":"2022-09-13T00:22:39.744Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:27:19.842Z","@version":"1","message":"Sep 13 00:27:19 honeypot-sgp-1 kernel: [83904950.020570] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.57 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56532 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:28:17 honeypot-ams-1 sshd[14031]: Disconnected from authenticating user root 61.177.173.36 port 60302 [preauth]","@timestamp":"2022-09-13T00:28:18.371Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:30:53 honeypot-fra-1 sshd[4681]: Invalid user user from 45.61.186.249 port 51334","@timestamp":"2022-09-13T00:30:53.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:02 honeypot-fra-1 sshd[4683]: Disconnected from invalid user user 45.61.186.249 port 34438 [preauth]","@timestamp":"2022-09-13T00:31:02.954Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:18 honeypot-fra-1 sshd[4687]: Disconnected from invalid user user 45.61.186.249 port 57102 [preauth]","@timestamp":"2022-09-13T00:31:18.961Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:31:32 honeypot-ams-1 sshd[14038]: Disconnected from authenticating user root 61.177.173.37 port 11990 [preauth]","@timestamp":"2022-09-13T00:31:33.459Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:34 honeypot-fra-1 sshd[4691]: Disconnected from invalid user user 45.61.186.249 port 51544 [preauth]","@timestamp":"2022-09-13T00:31:34.969Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:34:27.010Z","@version":"1","message":"Sep 13 00:34:26 honeypot-sgp-1 sshd[9287]: Invalid user sterling from 121.165.140.242 port 36154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:34:50 honeypot-fra-1 sshd[4696]: Disconnected from invalid user osmc 103.144.82.250 port 42084 [preauth]","@timestamp":"2022-09-13T00:34:51.046Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:35:39.040Z","@version":"1","message":"Sep 13 00:35:38 honeypot-sgp-1 sshd[9291]: Disconnected from authenticating user root 159.65.142.84 port 46214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:44:04 honeypot-ams-1 kernel: [83906428.448266] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=169.38.115.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=12473 PROTO=TCP SPT=12080 DPT=80 WINDOW=30048 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:44:04.786Z"}
{"@timestamp":"2022-09-13T00:44:24.268Z","@version":"1","message":"Sep 13 00:44:23 honeypot-sgp-1 sshd[9297]: Invalid user unknown from 179.60.147.69 port 41732","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:45:31 honeypot-fra-1 sshd[4702]: Invalid user unknown from 179.60.147.69 port 5570","@timestamp":"2022-09-13T00:45:32.294Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:51:38.443Z","@version":"1","message":"Sep 13 00:51:37 honeypot-sgp-1 sshd[9303]: Connection closed by 71.6.232.4 port 44820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:52:09 honeypot-fra-1 sshd[4705]: Disconnected from authenticating user root 92.255.85.69 port 37808 [preauth]","@timestamp":"2022-09-13T00:52:10.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:52:54 honeypot-ams-1 sshd[14066]: Disconnected from authenticating user root 61.177.173.39 port 29363 [preauth]","@timestamp":"2022-09-13T00:52:55.019Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:05 honeypot-ams-1 sshd[14075]: Disconnected from invalid user user 141.255.162.226 port 38742 [preauth]","@timestamp":"2022-09-13T00:56:06.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:10 honeypot-ams-1 sshd[14079]: Disconnected from invalid user user 141.255.162.226 port 36488 [preauth]","@timestamp":"2022-09-13T00:56:10.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:11 honeypot-ams-1 sshd[14083]: Disconnected from invalid user user 141.255.162.226 port 42982 [preauth]","@timestamp":"2022-09-13T00:56:12.109Z"}
{"@timestamp":"2022-09-13T00:59:56.642Z","@version":"1","message":"Sep 13 00:59:56 honeypot-sgp-1 sshd[9309]: Disconnected from authenticating user root 157.230.98.148 port 54442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:03:59 honeypot-fra-1 sshd[4710]: Disconnected from invalid user user 45.61.187.160 port 55238 [preauth]","@timestamp":"2022-09-13T01:03:59.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:20 honeypot-fra-1 sshd[4714]: Disconnected from invalid user user 45.61.187.160 port 49968 [preauth]","@timestamp":"2022-09-13T01:04:20.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:37 honeypot-fra-1 sshd[4718]: Disconnected from invalid user user 45.61.187.160 port 44746 [preauth]","@timestamp":"2022-09-13T01:04:38.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:54 honeypot-fra-1 sshd[4724]: Invalid user user from 45.61.187.160 port 39476","@timestamp":"2022-09-13T01:04:54.748Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:05:22 honeypot-ams-1 sshd[14090]: Disconnected from invalid user test 79.245.170.228 port 59398 [preauth]","@timestamp":"2022-09-13T01:05:23.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:09:00 honeypot-ams-1 sshd[14096]: Disconnected from invalid user mongouser 64.119.29.152 port 39590 [preauth]","@timestamp":"2022-09-13T01:09:00.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:10:16 honeypot-ams-1 sshd[14100]: Disconnected from invalid user duan 107.173.159.85 port 60184 [preauth]","@timestamp":"2022-09-13T01:10:17.493Z"}
{"@timestamp":"2022-09-13T01:12:36.941Z","@version":"1","message":"Sep 13 01:12:36 honeypot-sgp-1 sshd[9317]: Received disconnect from 196.203.207.165 port 50162:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:13:27 honeypot-ams-1 sshd[14107]: Received disconnect from 104.197.35.43 port 59118:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:13:28.587Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:14:25 honeypot-ams-1 sshd[14111]: Disconnected from invalid user zyw 159.223.51.245 port 59382 [preauth]","@timestamp":"2022-09-13T01:14:25.614Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:15:25 honeypot-fra-1 sshd[4727]: Disconnected from authenticating user root 92.255.85.69 port 25520 [preauth]","@timestamp":"2022-09-13T01:15:25.987Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:17:02.048Z","@version":"1","message":"Sep 13 01:17:01 honeypot-sgp-1 CRON[9322]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:17:32 honeypot-ams-1 kernel: [83908436.407510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=36110 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:17:32.693Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:19:13 honeypot-ams-1 kernel: [83908537.716658] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=17039 PROTO=TCP SPT=40581 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:19:14.391Z"}
{"@timestamp":"2022-09-13T01:21:40.182Z","@version":"1","message":"Sep 13 01:21:40 honeypot-sgp-1 sshd[9330]: Received disconnect from 51.250.79.55 port 55426:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:22:18 honeypot-fra-1 kernel: [83906563.503435] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55454 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:22:19.142Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T01:25:06.266Z","@version":"1","message":"Sep 13 01:25:05 honeypot-sgp-1 kernel: [83908416.316736] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.230.47.65 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=25304 DF PROTO=TCP SPT=57656 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:28:49 honeypot-ams-1 sshd[14132]: Disconnected from authenticating user root 61.177.173.48 port 49733 [preauth]","@timestamp":"2022-09-13T01:28:49.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:31:54 honeypot-ams-1 sshd[14139]: Disconnected from authenticating user root 150.107.149.31 port 20902 [preauth]","@timestamp":"2022-09-13T01:31:55.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:34:27 honeypot-ams-1 sshd[14144]: Disconnected from invalid user monitor 20.57.113.125 port 35060 [preauth]","@timestamp":"2022-09-13T01:34:28.798Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:38:09 honeypot-fra-1 sshd[4743]: Received disconnect from 129.146.247.68 port 43678:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:38:10.493Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:38:37.586Z","@version":"1","message":"Sep 13 01:38:37 honeypot-sgp-1 kernel: [83909228.101519] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=31637 PROTO=TCP SPT=48778 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:39:52 honeypot-fra-1 sshd[4747]: Disconnected from invalid user test4 74.204.129.194 port 37882 [preauth]","@timestamp":"2022-09-13T01:39:52.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:44:55 honeypot-ams-1 sshd[14156]: Disconnected from authenticating user root 61.177.172.124 port 14472 [preauth]","@timestamp":"2022-09-13T01:44:56.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:46:18 honeypot-ams-1 sshd[14160]: Disconnected from authenticating user root 192.241.174.44 port 46808 [preauth]","@timestamp":"2022-09-13T01:46:19.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:55:35 honeypot-ams-1 sshd[14168]: Received disconnect from 61.177.173.53 port 60196:11:  [preauth]","@timestamp":"2022-09-13T01:55:35.368Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:57:16 honeypot-fra-1 kernel: [83908661.778944] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=15212 PROTO=TCP SPT=37581 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:57:16.914Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T01:58:14.060Z","@version":"1","message":"Sep 13 01:58:13 honeypot-sgp-1 sshd[9351]: Connection closed by invalid user blank 179.60.147.69 port 33628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:04.110Z","@version":"1","message":"Sep 13 02:00:03 honeypot-sgp-1 sshd[9357]: Received disconnect from 45.61.184.204 port 59930:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:23.120Z","@version":"1","message":"Sep 13 02:00:22 honeypot-sgp-1 sshd[9361]: Received disconnect from 45.61.184.204 port 54264:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:40.127Z","@version":"1","message":"Sep 13 02:00:39 honeypot-sgp-1 sshd[9365]: Received disconnect from 45.61.184.204 port 48612:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:57.135Z","@version":"1","message":"Sep 13 02:00:56 honeypot-sgp-1 sshd[9369]: Received disconnect from 45.61.184.204 port 42948:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:01:46 honeypot-fra-1 sshd[4758]: Received disconnect from 189.8.108.24 port 37186:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:01:47.018Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:03:22 honeypot-fra-1 sshd[4763]: Disconnected from 137.184.118.54 port 57596 [preauth]","@timestamp":"2022-09-13T02:03:23.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:03:56 honeypot-ams-1 sshd[14175]: Received disconnect from 61.177.172.108 port 46089:11:  [preauth]","@timestamp":"2022-09-13T02:03:56.592Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:05:54 honeypot-ams-1 kernel: [83911338.774698] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=12.220.156.28 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=61061 PROTO=TCP SPT=15414 DPT=443 WINDOW=34966 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:05:54.647Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:11:38 honeypot-fra-1 sshd[4770]: Invalid user ts3server from 128.1.134.248 port 35978","@timestamp":"2022-09-13T02:11:39.244Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:14:03 honeypot-ams-1 sshd[14186]: Disconnected from authenticating user root 61.177.173.53 port 20111 [preauth]","@timestamp":"2022-09-13T02:14:03.867Z"}
{"@timestamp":"2022-09-13T02:17:01.552Z","@version":"1","message":"Sep 13 02:17:01 honeypot-sgp-1 CRON[9372]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:23:38 honeypot-ams-1 sshd[14199]: Received disconnect from 61.177.173.36 port 35269:11:  [preauth]","@timestamp":"2022-09-13T02:23:39.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:00 honeypot-ams-1 sshd[14204]: Invalid user user from 45.61.187.160 port 53398","@timestamp":"2022-09-13T02:25:01.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:19 honeypot-ams-1 sshd[14208]: Invalid user user from 45.61.187.160 port 47974","@timestamp":"2022-09-13T02:25:20.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:25:33 honeypot-fra-1 sshd[4783]: Received disconnect from 92.255.85.69 port 38742:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:25:33.571Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:39 honeypot-ams-1 sshd[14212]: Invalid user user from 45.61.187.160 port 42562","@timestamp":"2022-09-13T02:25:39.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:59 honeypot-ams-1 sshd[14216]: Invalid user user from 45.61.187.160 port 37146","@timestamp":"2022-09-13T02:26:00.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:28:15 honeypot-fra-1 sshd[4785]: Received disconnect from 49.247.213.18 port 38367:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:28:16.634Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:28:35 honeypot-ams-1 sshd[14221]: Invalid user qkd from 143.198.50.154 port 36270","@timestamp":"2022-09-13T02:28:36.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:31:30 honeypot-ams-1 sshd[14225]: Disconnected from authenticating user root 195.218.137.42 port 45378 [preauth]","@timestamp":"2022-09-13T02:31:30.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:32:09 honeypot-ams-1 sshd[14231]: Received disconnect from 64.64.226.195 port 42844:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:32:10.388Z"}
{"@timestamp":"2022-09-13T02:34:54.991Z","@version":"1","message":"Sep 13 02:34:54 honeypot-sgp-1 sshd[9380]: Invalid user centos from 179.60.147.69 port 33098","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:36:20 honeypot-ams-1 sshd[14238]: Received disconnect from 61.177.173.37 port 61674:11:  [preauth]","@timestamp":"2022-09-13T02:36:21.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:39:13 honeypot-ams-1 sshd[14244]: Did not receive identification string from 80.76.51.46 port 33634","@timestamp":"2022-09-13T02:39:14.576Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:39:14 honeypot-fra-1 kernel: [83911179.937015] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19878 PROTO=TCP SPT=56669 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:39:15.880Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:01 honeypot-ams-1 sshd[14249]: Disconnected from authenticating user root 80.76.51.46 port 33214 [preauth]","@timestamp":"2022-09-13T02:40:01.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:44 honeypot-ams-1 sshd[14255]: Disconnected from authenticating user root 80.76.51.46 port 51438 [preauth]","@timestamp":"2022-09-13T02:40:45.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:26 honeypot-ams-1 sshd[14262]: Disconnected from authenticating user root 80.76.51.46 port 41510 [preauth]","@timestamp":"2022-09-13T02:41:26.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:54 honeypot-ams-1 sshd[14268]: Disconnected from authenticating user root 80.76.51.46 port 34770 [preauth]","@timestamp":"2022-09-13T02:41:54.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:21 honeypot-ams-1 sshd[14272]: Disconnected from invalid user admin 80.76.51.46 port 56574 [preauth]","@timestamp":"2022-09-13T02:42:22.676Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:42:40 honeypot-fra-1 kernel: [83911385.609508] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.101.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22233 PROTO=TCP SPT=45552 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:42:40.959Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:49 honeypot-ams-1 sshd[14276]: Disconnected from invalid user ansible 80.76.51.46 port 49652 [preauth]","@timestamp":"2022-09-13T02:42:50.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:17 honeypot-ams-1 sshd[14280]: Disconnected from invalid user ansible 80.76.51.46 port 43002 [preauth]","@timestamp":"2022-09-13T02:43:18.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:59 honeypot-ams-1 sshd[14286]: Received disconnect from 80.76.51.46 port 33046:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:43:59.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:27 honeypot-ams-1 sshd[14290]: Received disconnect from 80.76.51.46 port 54524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:44:27.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:08 honeypot-ams-1 sshd[14296]: Invalid user odoo from 80.76.51.46 port 44544","@timestamp":"2022-09-13T02:45:08.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:31 honeypot-ams-1 sshd[14302]: Received disconnect from 61.177.173.35 port 45589:11:  [preauth]","@timestamp":"2022-09-13T02:45:32.779Z"}
{"@timestamp":"2022-09-13T02:46:04.293Z","@version":"1","message":"Sep 13 02:46:03 honeypot-sgp-1 sshd[9386]: Received disconnect from 92.255.85.70 port 58654:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:48:47 honeypot-fra-1 sshd[4799]: Disconnected from authenticating user root 92.255.85.69 port 44608 [preauth]","@timestamp":"2022-09-13T02:48:48.098Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:50:33 honeypot-ams-1 sshd[14307]: Disconnected from authenticating user root 61.177.173.50 port 20548 [preauth]","@timestamp":"2022-09-13T02:50:33.913Z"}
{"@timestamp":"2022-09-13T02:51:56.443Z","@version":"1","message":"Sep 13 02:51:56 honeypot-sgp-1 sshd[9392]: Invalid user user from 45.61.186.169 port 38504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:13.452Z","@version":"1","message":"Sep 13 02:52:12 honeypot-sgp-1 sshd[9396]: Invalid user user from 45.61.186.169 port 33228","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:29.460Z","@version":"1","message":"Sep 13 02:52:28 honeypot-sgp-1 sshd[9400]: Invalid user user from 45.61.186.169 port 56184","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:53:40.492Z","@version":"1","message":"Sep 13 02:53:40 honeypot-sgp-1 kernel: [83913731.024035] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21820 PROTO=TCP SPT=25923 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:54:55 honeypot-ams-1 sshd[14314]: Disconnected from authenticating user root 61.177.172.124 port 63214 [preauth]","@timestamp":"2022-09-13T02:54:56.030Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:16 honeypot-fra-1 sshd[4806]: Invalid user user from 45.61.186.49 port 39854","@timestamp":"2022-09-13T02:55:17.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:27 honeypot-fra-1 sshd[4810]: Invalid user user from 45.61.186.49 port 51414","@timestamp":"2022-09-13T02:55:28.251Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:59:35 honeypot-fra-1 kernel: [83912400.041336] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37994 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:59:35.344Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:59:49 honeypot-ams-1 sshd[14320]: Disconnected from authenticating user root 61.177.173.51 port 30202 [preauth]","@timestamp":"2022-09-13T02:59:50.160Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:04:17 honeypot-fra-1 kernel: [83912682.596894] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=55086 DF PROTO=TCP SPT=56110 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:04:18.451Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:05:00 honeypot-ams-1 sshd[14325]: Received disconnect from 104.236.228.230 port 58462:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:05:01.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:06:36 honeypot-ams-1 sshd[14329]: Received disconnect from 45.191.91.45 port 58164:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:06:37.340Z"}
{"@timestamp":"2022-09-13T03:07:59.859Z","@version":"1","message":"Sep 13 03:07:59 honeypot-sgp-1 kernel: [83914589.685712] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53654 PROTO=TCP SPT=58447 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:08:45 honeypot-ams-1 sshd[14333]: Disconnected from authenticating user root 103.186.0.8 port 57882 [preauth]","@timestamp":"2022-09-13T03:08:45.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:26 honeypot-fra-1 sshd[4823]: Disconnected from invalid user user 198.98.61.9 port 47354 [preauth]","@timestamp":"2022-09-13T03:12:27.636Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:12:35.974Z","@version":"1","message":"Sep 13 03:12:35 honeypot-sgp-1 sshd[9410]: Connection closed by invalid user bbnc 103.188.176.251 port 33402 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:47 honeypot-fra-1 sshd[4829]: Invalid user user from 198.98.61.9 port 42266","@timestamp":"2022-09-13T03:12:48.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:13:00 honeypot-ams-1 sshd[14342]: Disconnected from authenticating user root 61.177.172.104 port 13575 [preauth]","@timestamp":"2022-09-13T03:13:01.508Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:01 honeypot-fra-1 sshd[4833]: Invalid user debian from 179.60.147.69 port 47180","@timestamp":"2022-09-13T03:13:01.652Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:12 honeypot-fra-1 sshd[4837]: Received disconnect from 198.98.61.9 port 48778:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:13:12.658Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:16:38 honeypot-fra-1 kernel: [83913423.180698] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=20920 PROTO=TCP SPT=45423 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:16:38.738Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:17:01 honeypot-ams-1 CRON[14349]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T03:17:02.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:22:37 honeypot-fra-1 sshd[4871]: Received disconnect from 165.22.45.108 port 40200:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:22:37.874Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:26:48.346Z","@version":"1","message":"Sep 13 03:26:47 honeypot-sgp-1 sshd[9420]: Protocol major versions differ for 141.105.66.148 port 37473: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-NmapNSE_1.0","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:26:50.348Z","@version":"1","message":"Sep 13 03:26:49 honeypot-sgp-1 sshd[9422]: Connection closed by invalid user dhghb 141.105.66.148 port 2040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:26:53 honeypot-ams-1 sshd[14357]: Received disconnect from 103.176.179.185 port 58186:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:26:53.865Z"}
{"@timestamp":"2022-09-13T03:27:41.370Z","@version":"1","message":"Sep 13 03:27:40 honeypot-sgp-1 sshd[9438]: Connection closed by 141.105.66.148 port 3171 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:27:54 honeypot-fra-1 sshd[4876]: Disconnected from invalid user guest 111.220.139.23 port 53308 [preauth]","@timestamp":"2022-09-13T03:27:54.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:28:17 honeypot-ams-1 sshd[14365]: Received disconnect from 181.49.50.202 port 46662:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:28:17.903Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:31:05 honeypot-fra-1 sshd[4880]: Received disconnect from 162.243.172.239 port 53684:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:31:06.066Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:31:37 honeypot-ams-1 sshd[14371]: Disconnected from authenticating user root 61.177.173.37 port 21486 [preauth]","@timestamp":"2022-09-13T03:31:37.989Z"}
{"@timestamp":"2022-09-13T03:32:51.498Z","@version":"1","message":"Sep 13 03:32:50 honeypot-sgp-1 sshd[9445]: Invalid user neeraj from 91.93.63.187 port 52704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:13 honeypot-fra-1 sshd[4900]: Disconnected from authenticating user root 92.255.85.69 port 58372 [preauth]","@timestamp":"2022-09-13T03:35:14.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:35:28.562Z","@version":"1","message":"Sep 13 03:35:27 honeypot-sgp-1 sshd[9449]: Invalid user admin from 61.93.186.125 port 36692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:36 honeypot-fra-1 sshd[4913]: Invalid user testuser from 120.199.82.50 port 58181","@timestamp":"2022-09-13T03:35:36.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:41 honeypot-fra-1 sshd[4917]: Connection closed by invalid user elastic 120.199.82.50 port 63070 [preauth]","@timestamp":"2022-09-13T03:35:42.172Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:51 honeypot-fra-1 sshd[4919]: Invalid user ubuntu from 120.199.82.50 port 29857","@timestamp":"2022-09-13T03:35:52.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:05 honeypot-fra-1 sshd[4929]: Connection closed by invalid user vagrant 120.199.82.50 port 36429 [preauth]","@timestamp":"2022-09-13T03:36:06.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:08 honeypot-fra-1 sshd[4925]: Connection closed by invalid user guest 120.199.82.50 port 14377 [preauth]","@timestamp":"2022-09-13T03:36:09.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:37 honeypot-fra-1 sshd[4940]: Connection closed by invalid user admin 120.199.82.50 port 31790 [preauth]","@timestamp":"2022-09-13T03:36:38.201Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:37:21.630Z","@version":"1","message":"Sep 13 03:37:20 honeypot-sgp-1 sshd[9453]: Invalid user console from 143.244.141.173 port 40126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:37:41 honeypot-ams-1 sshd[14378]: Received disconnect from 188.166.23.215 port 41956:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:37:42.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:39:33 honeypot-ams-1 sshd[14382]: Received disconnect from 61.177.173.39 port 10396:11:  [preauth]","@timestamp":"2022-09-13T03:39:33.197Z"}
{"@timestamp":"2022-09-13T03:43:37.784Z","@version":"1","message":"Sep 13 03:43:37 honeypot-sgp-1 sshd[9458]: Connection closed by invalid user ubnt 116.98.167.15 port 48074 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:41.788Z","@version":"1","message":"Sep 13 03:43:41 honeypot-sgp-1 sshd[9464]: Connection closed by invalid user ubnt 116.98.167.15 port 36184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:53.794Z","@version":"1","message":"Sep 13 03:43:53 honeypot-sgp-1 sshd[9474]: Invalid user ftp from 116.98.167.15 port 55250","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:11.803Z","@version":"1","message":"Sep 13 03:44:11 honeypot-sgp-1 sshd[9480]: Connection closed by invalid user support 116.98.167.15 port 48132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:44:18 honeypot-fra-1 kernel: [83915082.881724] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=48966 DF PROTO=TCP SPT=55255 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:44:18.370Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T03:44:21.808Z","@version":"1","message":"Sep 13 03:44:21 honeypot-sgp-1 sshd[9486]: Connection closed by invalid user admin 116.98.167.15 port 33076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:03.828Z","@version":"1","message":"Sep 13 03:45:03 honeypot-sgp-1 sshd[9492]: Connection closed by invalid user username 116.98.167.15 port 38002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:13.834Z","@version":"1","message":"Sep 13 03:45:12 honeypot-sgp-1 sshd[9498]: Connection closed by invalid user test 116.98.167.15 port 36622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:46:27.892Z","@version":"1","message":"Sep 13 03:46:27 honeypot-sgp-1 sshd[9506]: Invalid user admin from 116.98.167.15 port 33310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:47:28.919Z","@version":"1","message":"Sep 13 03:47:28 honeypot-sgp-1 sshd[9510]: Connection closed by invalid user camera 116.98.167.15 port 41080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:48:25.947Z","@version":"1","message":"Sep 13 03:48:25 honeypot-sgp-1 sshd[9517]: Invalid user arkserver from 116.98.167.15 port 44136","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:49:15.970Z","@version":"1","message":"Sep 13 03:49:15 honeypot-sgp-1 sshd[9523]: Connection closed by invalid user pal 116.98.167.15 port 45398 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:51:04.019Z","@version":"1","message":"Sep 13 03:51:03 honeypot-sgp-1 sshd[9529]: Connection closed by invalid user user7 116.98.167.15 port 44842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:10 honeypot-ams-1 sshd[14391]: Received disconnect from 46.19.141.122 port 36738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:51:10.495Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:42 honeypot-ams-1 sshd[14395]: Disconnected from invalid user sr 43.154.143.45 port 59790 [preauth]","@timestamp":"2022-09-13T03:51:43.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:52:43 honeypot-ams-1 sshd[14401]: Received disconnect from 46.19.141.122 port 52600:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:52:44.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:18 honeypot-ams-1 sshd[14405]: Received disconnect from 46.19.141.122 port 34968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:53:18.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:54:10 honeypot-fra-1 kernel: [83915675.754947] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.136.186.35 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=5967 DF PROTO=TCP SPT=51626 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:54:11.594Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:54:19 honeypot-ams-1 sshd[14410]: Received disconnect from 46.19.141.122 port 45556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:54:19.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:54:46 honeypot-ams-1 sshd[14414]: Disconnected from invalid user ubnt 46.19.141.122 port 50852 [preauth]","@timestamp":"2022-09-13T03:54:47.601Z"}
{"@timestamp":"2022-09-13T03:54:53.116Z","@version":"1","message":"Sep 13 03:54:52 honeypot-sgp-1 sshd[9537]: Received disconnect from 45.61.186.49 port 59670:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:55:03.121Z","@version":"1","message":"Sep 13 03:55:02 honeypot-sgp-1 sshd[9541]: Received disconnect from 45.61.186.49 port 43106:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:55:21 honeypot-ams-1 sshd[14418]: Disconnected from authenticating user root 46.19.141.122 port 33180 [preauth]","@timestamp":"2022-09-13T03:55:22.620Z"}
{"@timestamp":"2022-09-13T03:55:51.142Z","@version":"1","message":"Sep 13 03:55:50 honeypot-sgp-1 sshd[9545]: Disconnected from authenticating user root 92.255.85.69 port 39732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:57:37 honeypot-ams-1 kernel: [83918041.931530] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.61.157.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=21101 PROTO=TCP SPT=22453 DPT=80 WINDOW=44606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:57:38.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:03:06 honeypot-fra-1 sshd[4956]: Disconnected from invalid user kolesnik 165.22.45.108 port 45124 [preauth]","@timestamp":"2022-09-13T04:03:06.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:09 honeypot-fra-1 sshd[4962]: Received disconnect from 141.255.162.226 port 34940:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T04:06:09.863Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:11 honeypot-fra-1 sshd[4966]: Received disconnect from 141.255.162.226 port 48252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T04:06:11.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:17 honeypot-fra-1 sshd[4970]: Received disconnect from 141.255.162.226 port 39994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T04:06:17.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:11:56 honeypot-fra-1 kernel: [83916740.946459] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=37466 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:11:56.994Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:16:16 honeypot-ams-1 kernel: [83919160.340057] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=45366 PROTO=TCP SPT=42728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:16:17.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:18:17 honeypot-fra-1 sshd[4981]: Invalid user minecraft3 from 89.22.165.187 port 9283","@timestamp":"2022-09-13T04:18:18.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:19:00.733Z","@version":"1","message":"Sep 13 04:18:59 honeypot-sgp-1 sshd[9552]: Received disconnect from 92.255.85.70 port 25310:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:21:45 honeypot-fra-1 kernel: [83917330.308291] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.90 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5084 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:21:46.217Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:24:29 honeypot-ams-1 sshd[14438]: Received disconnect from 92.255.85.69 port 22542:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:24:30.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:26:12 honeypot-fra-1 kernel: [83917597.119534] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.158 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=5158 PROTO=TCP SPT=43122 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:26:13.319Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T04:26:51.931Z","@version":"1","message":"Sep 13 04:26:51 honeypot-sgp-1 sshd[9557]: Disconnected from authenticating user root 143.244.158.100 port 45430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:29:35.001Z","@version":"1","message":"Sep 13 04:29:34 honeypot-sgp-1 sshd[9564]: Received disconnect from 143.244.158.100 port 48684:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:30:10 honeypot-ams-1 kernel: [83919994.230329] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.242.20.11 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=4791 DF PROTO=TCP SPT=61459 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:30:10.558Z"}
{"@timestamp":"2022-09-13T04:30:20.023Z","@version":"1","message":"Sep 13 04:30:19 honeypot-sgp-1 sshd[9568]: Received disconnect from 43.154.14.246 port 44808:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:31:58.066Z","@version":"1","message":"Sep 13 04:31:57 honeypot-sgp-1 sshd[9574]: Received disconnect from 143.244.158.100 port 56954:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:34:23.127Z","@version":"1","message":"Sep 13 04:34:22 honeypot-sgp-1 sshd[9581]: Received disconnect from 143.244.158.100 port 37392:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:36:36.209Z","@version":"1","message":"Sep 13 04:36:35 honeypot-sgp-1 kernel: [83919906.426917] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.4.89 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=4859 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:37:37.238Z","@version":"1","message":"Sep 13 04:37:36 honeypot-sgp-1 sshd[9591]: Disconnected from authenticating user root 143.244.158.100 port 47778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:37:42 honeypot-ams-1 sshd[14445]: Received disconnect from 2.139.38.109 port 39116:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:37:43.753Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:39:26 honeypot-fra-1 kernel: [83918391.139872] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=118.123.105.87 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=16342 PROTO=TCP SPT=34906 DPT=5432 WINDOW=63540 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:39:26.617Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T04:40:02.301Z","@version":"1","message":"Sep 13 04:40:01 honeypot-sgp-1 sshd[9598]: Disconnected from authenticating user root 143.244.158.100 port 36818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:40:35 honeypot-ams-1 sshd[14450]: Invalid user user from 167.99.220.160 port 49540","@timestamp":"2022-09-13T04:40:35.830Z"}
{"@timestamp":"2022-09-13T04:42:29.364Z","@version":"1","message":"Sep 13 04:42:28 honeypot-sgp-1 sshd[9604]: Disconnected from authenticating user root 143.244.158.100 port 58554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:44:04 honeypot-fra-1 sshd[5002]: Invalid user alar from 41.63.9.36 port 43580","@timestamp":"2022-09-13T04:44:04.724Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:44:11.410Z","@version":"1","message":"Sep 13 04:44:11 honeypot-sgp-1 sshd[9610]: Disconnected from authenticating user root 143.244.158.100 port 57038 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:46:44.474Z","@version":"1","message":"Sep 13 04:46:43 honeypot-sgp-1 sshd[9617]: Disconnected from authenticating user root 143.244.158.100 port 59684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:49:14.537Z","@version":"1","message":"Sep 13 04:49:13 honeypot-sgp-1 sshd[9623]: Disconnected from authenticating user root 143.244.158.100 port 40624 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:51:43.600Z","@version":"1","message":"Sep 13 04:51:42 honeypot-sgp-1 sshd[9630]: Disconnected from authenticating user root 143.244.158.100 port 53878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:53:56.659Z","@version":"1","message":"Sep 13 04:53:55 honeypot-sgp-1 kernel: [83920946.332538] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26683 PROTO=TCP SPT=38833 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:55:51.708Z","@version":"1","message":"Sep 13 04:55:50 honeypot-sgp-1 sshd[9640]: Disconnected from authenticating user root 143.244.158.100 port 51826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:57:17 honeypot-fra-1 sshd[5008]: Invalid user radio from 190.128.230.98 port 38944","@timestamp":"2022-09-13T04:57:18.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:58:21.772Z","@version":"1","message":"Sep 13 04:58:20 honeypot-sgp-1 sshd[9647]: Disconnected from authenticating user root 143.244.158.100 port 41208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:59:27 honeypot-ams-1 kernel: [83921752.020850] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.206.139.51 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=23070 PROTO=TCP SPT=45037 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:59:28.303Z"}
{"@timestamp":"2022-09-13T05:00:49.835Z","@version":"1","message":"Sep 13 05:00:49 honeypot-sgp-1 sshd[9654]: Disconnected from authenticating user root 143.244.158.100 port 57582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:00:54 honeypot-ams-1 sshd[14460]: Received disconnect from 45.61.187.160 port 58210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:00:54.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:08 honeypot-fra-1 sshd[5011]: Disconnected from invalid user user 45.61.186.49 port 49464 [preauth]","@timestamp":"2022-09-13T05:01:09.108Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:13 honeypot-ams-1 sshd[14464]: Received disconnect from 45.61.187.160 port 53236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:13.352Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:18 honeypot-fra-1 sshd[5015]: Disconnected from invalid user user 45.61.186.49 port 32946 [preauth]","@timestamp":"2022-09-13T05:01:18.113Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:31 honeypot-ams-1 sshd[14468]: Received disconnect from 45.61.187.160 port 48264:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:31.363Z"}
{"@timestamp":"2022-09-13T05:02:35.882Z","@version":"1","message":"Sep 13 05:02:35 honeypot-sgp-1 sshd[9661]: Disconnected from authenticating user root 143.244.158.100 port 38062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:02:53 honeypot-fra-1 sshd[5022]: Received disconnect from 128.201.78.253 port 56062:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:02:54.149Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:05:29 honeypot-ams-1 sshd[14473]: Connection closed by invalid user centos 179.60.147.69 port 61784 [preauth]","@timestamp":"2022-09-13T05:05:29.466Z"}
{"@timestamp":"2022-09-13T05:05:29.955Z","@version":"1","message":"Sep 13 05:05:29 honeypot-sgp-1 sshd[9667]: Disconnected from authenticating user root 143.244.158.100 port 36346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:06:24 honeypot-fra-1 sshd[5028]: Invalid user sp from 147.135.219.202 port 39346","@timestamp":"2022-09-13T05:06:25.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:07:00 honeypot-fra-1 kernel: [83920044.698194] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.178.125.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=45172 PROTO=TCP SPT=43414 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:07:00.261Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T05:07:10.999Z","@version":"1","message":"Sep 13 05:07:10 honeypot-sgp-1 sshd[9674]: Disconnected from authenticating user root 143.244.158.100 port 37828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:09:40.062Z","@version":"1","message":"Sep 13 05:09:39 honeypot-sgp-1 sshd[9680]: Disconnected from authenticating user root 143.244.158.100 port 49996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:10:51 honeypot-fra-1 sshd[5035]: Disconnected from invalid user wyo 178.46.163.191 port 37240 [preauth]","@timestamp":"2022-09-13T05:10:52.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:12:22.131Z","@version":"1","message":"Sep 13 05:12:22 honeypot-sgp-1 sshd[9687]: Disconnected from authenticating user root 143.244.158.100 port 38350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:53 honeypot-ams-1 sshd[14479]: Invalid user user from 141.255.162.226 port 37734","@timestamp":"2022-09-13T05:13:54.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:56 honeypot-ams-1 sshd[14483]: Invalid user user from 141.255.162.226 port 58160","@timestamp":"2022-09-13T05:13:57.681Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:00 honeypot-ams-1 sshd[14487]: Invalid user user from 141.255.162.226 port 43550","@timestamp":"2022-09-13T05:14:00.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:02 honeypot-ams-1 sshd[14491]: Invalid user user from 141.255.162.226 port 50360","@timestamp":"2022-09-13T05:14:02.685Z"}
{"@timestamp":"2022-09-13T05:17:02.245Z","@version":"1","message":"Sep 13 05:17:01 honeypot-sgp-1 CRON[9691]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:17:01 honeypot-ams-1 CRON[14494]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T05:17:02.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:21:01 honeypot-ams-1 sshd[14501]: Received disconnect from 104.130.135.117 port 60926:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:21:01.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:22:13 honeypot-fra-1 sshd[5042]: Invalid user bbnc from 103.188.176.251 port 58540","@timestamp":"2022-09-13T05:22:14.610Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:24:06 honeypot-fra-1 sshd[5046]: Disconnected from invalid user konghao 165.22.45.108 port 54972 [preauth]","@timestamp":"2022-09-13T05:24:07.657Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:28:59.533Z","@version":"1","message":"Sep 13 05:28:59 honeypot-sgp-1 sshd[9698]: Disconnected from authenticating user root 92.255.85.69 port 29784 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:29:57.559Z","@version":"1","message":"Sep 13 05:29:56 honeypot-sgp-1 sshd[9703]: Received disconnect from 45.61.186.49 port 37200:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:30:07.564Z","@version":"1","message":"Sep 13 05:30:06 honeypot-sgp-1 sshd[9707]: Received disconnect from 45.61.186.49 port 48994:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:30:35 honeypot-ams-1 kernel: [83923620.084086] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=17469 PROTO=TCP SPT=47002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:30:36.113Z"}
{"@timestamp":"2022-09-13T05:33:38.652Z","@version":"1","message":"Sep 13 05:33:37 honeypot-sgp-1 sshd[9710]: Disconnected from invalid user null 187.216.254.180 port 58546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:34:41 honeypot-fra-1 kernel: [83921706.328720] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45047 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:34:41.895Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T05:34:48.684Z","@version":"1","message":"Sep 13 05:34:47 honeypot-sgp-1 sshd[9716]: Received disconnect from 185.180.29.203 port 13411:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:52.686Z","@version":"1","message":"Sep 13 05:34:52 honeypot-sgp-1 sshd[9720]: Disconnected from authenticating user root 185.180.29.203 port 13434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:58.689Z","@version":"1","message":"Sep 13 05:34:58 honeypot-sgp-1 sshd[9726]: Disconnected from authenticating user root 185.180.29.203 port 13462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:05.693Z","@version":"1","message":"Sep 13 05:35:04 honeypot-sgp-1 sshd[9732]: Disconnected from authenticating user root 185.180.29.203 port 13493 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:11.697Z","@version":"1","message":"Sep 13 05:35:11 honeypot-sgp-1 sshd[9738]: Disconnected from authenticating user root 185.180.29.203 port 13529 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:35:15 honeypot-ams-1 kernel: [83923899.312321] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=42411 PROTO=TCP SPT=25746 DPT=80 WINDOW=40019 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:35:15.232Z"}
{"@timestamp":"2022-09-13T05:35:18.701Z","@version":"1","message":"Sep 13 05:35:17 honeypot-sgp-1 sshd[9744]: Disconnected from authenticating user root 185.180.29.203 port 13579 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:24.704Z","@version":"1","message":"Sep 13 05:35:24 honeypot-sgp-1 sshd[9750]: Disconnected from authenticating user root 185.180.29.203 port 13605 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:30.707Z","@version":"1","message":"Sep 13 05:35:30 honeypot-sgp-1 sshd[9756]: Disconnected from authenticating user root 185.180.29.203 port 13624 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:37.711Z","@version":"1","message":"Sep 13 05:35:37 honeypot-sgp-1 sshd[9762]: Disconnected from authenticating user root 185.180.29.203 port 13649 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:41.714Z","@version":"1","message":"Sep 13 05:35:41 honeypot-sgp-1 sshd[9767]: Received disconnect from 185.180.29.203 port 13673:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:48.718Z","@version":"1","message":"Sep 13 05:35:47 honeypot-sgp-1 sshd[9774]: Received disconnect from 185.180.29.203 port 13708:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:54.721Z","@version":"1","message":"Sep 13 05:35:54 honeypot-sgp-1 sshd[9780]: Received disconnect from 185.180.29.203 port 13755:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:01.725Z","@version":"1","message":"Sep 13 05:36:00 honeypot-sgp-1 sshd[9786]: Received disconnect from 185.180.29.203 port 13800:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:05.728Z","@version":"1","message":"Sep 13 05:36:04 honeypot-sgp-1 sshd[9790]: Received disconnect from 185.180.29.203 port 13818:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:09.730Z","@version":"1","message":"Sep 13 05:36:09 honeypot-sgp-1 sshd[9794]: Received disconnect from 185.180.29.203 port 13843:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:13.732Z","@version":"1","message":"Sep 13 05:36:13 honeypot-sgp-1 sshd[9798]: Received disconnect from 185.180.29.203 port 13880:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:17.735Z","@version":"1","message":"Sep 13 05:36:17 honeypot-sgp-1 sshd[9802]: Received disconnect from 185.180.29.203 port 13904:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:22.738Z","@version":"1","message":"Sep 13 05:36:22 honeypot-sgp-1 sshd[9806]: Received disconnect from 185.180.29.203 port 13950:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:26.740Z","@version":"1","message":"Sep 13 05:36:26 honeypot-sgp-1 sshd[9810]: Disconnected from authenticating user root 185.180.29.203 port 13989 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:32.744Z","@version":"1","message":"Sep 13 05:36:32 honeypot-sgp-1 sshd[9816]: Invalid user pi from 185.180.29.203 port 14020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:37.747Z","@version":"1","message":"Sep 13 05:36:36 honeypot-sgp-1 sshd[9820]: Invalid user ethos from 185.180.29.203 port 14051","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:41.749Z","@version":"1","message":"Sep 13 05:36:41 honeypot-sgp-1 sshd[9824]: Invalid user miner from 185.180.29.203 port 14069","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:45.751Z","@version":"1","message":"Sep 13 05:36:45 honeypot-sgp-1 sshd[9828]: Invalid user volumio from 185.180.29.203 port 14111","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:49.754Z","@version":"1","message":"Sep 13 05:36:49 honeypot-sgp-1 sshd[9832]: Invalid user nagios from 185.180.29.203 port 14129","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:36:53 honeypot-ams-1 sshd[14516]: Invalid user user1 from 134.17.94.27 port 33156","@timestamp":"2022-09-13T05:36:54.276Z"}
{"@timestamp":"2022-09-13T05:36:54.757Z","@version":"1","message":"Sep 13 05:36:53 honeypot-sgp-1 sshd[9836]: Invalid user vagrant from 185.180.29.203 port 14153","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:58.759Z","@version":"1","message":"Sep 13 05:36:58 honeypot-sgp-1 sshd[9840]: Invalid user debian from 185.180.29.203 port 14173","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:02.762Z","@version":"1","message":"Sep 13 05:37:02 honeypot-sgp-1 sshd[9844]: Invalid user debian from 185.180.29.203 port 14212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:07.765Z","@version":"1","message":"Sep 13 05:37:06 honeypot-sgp-1 sshd[9849]: Invalid user alarm from 185.180.29.203 port 14243","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:09.767Z","@version":"1","message":"Sep 13 05:37:09 honeypot-sgp-1 sshd[9853]: Received disconnect from 185.180.29.203 port 14235:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:13.769Z","@version":"1","message":"Sep 13 05:37:13 honeypot-sgp-1 sshd[9857]: Received disconnect from 185.180.29.203 port 14269:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:39:07.818Z","@version":"1","message":"Sep 13 05:39:07 honeypot-sgp-1 sshd[9861]: Connection closed by invalid user user 179.60.147.69 port 28088 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:41:43 honeypot-ams-1 sshd[14521]: Invalid user edv from 119.28.215.47 port 40832","@timestamp":"2022-09-13T05:41:43.399Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:42:30 honeypot-ams-1 sshd[14525]: Invalid user user from 179.60.147.69 port 53790","@timestamp":"2022-09-13T05:42:30.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:35 honeypot-ams-1 sshd[14530]: Invalid user user from 141.255.162.226 port 41988","@timestamp":"2022-09-13T05:45:35.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:37 honeypot-ams-1 sshd[14534]: Invalid user user from 141.255.162.226 port 48524","@timestamp":"2022-09-13T05:45:37.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:38 honeypot-ams-1 sshd[14538]: Invalid user user from 141.255.162.226 port 33370","@timestamp":"2022-09-13T05:45:38.507Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:45:50 honeypot-fra-1 kernel: [83922374.596800] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=118.123.105.87 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=60907 PROTO=TCP SPT=53989 DPT=3389 WINDOW=63540 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:45:50.148Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T05:52:59.148Z","@version":"1","message":"Sep 13 05:52:58 honeypot-sgp-1 kernel: [83924489.312153] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=44693 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:57:35 honeypot-ams-1 sshd[14541]: Disconnected from authenticating user root 92.255.85.69 port 30536 [preauth]","@timestamp":"2022-09-13T05:57:35.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:03:10 honeypot-fra-1 sshd[5063]: Connection closed by invalid user guest 165.98.12.138 port 55414 [preauth]","@timestamp":"2022-09-13T06:03:10.536Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:07:19.499Z","@version":"1","message":"Sep 13 06:07:19 honeypot-sgp-1 sshd[9873]: Did not receive identification string from 92.255.85.113 port 38076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:09:46 honeypot-ams-1 sshd[14546]: Connection closed by invalid user loan 137.116.144.39 port 56294 [preauth]","@timestamp":"2022-09-13T06:09:47.203Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5164]: Invalid user admin from 20.13.161.157 port 53572","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5175]: Invalid user mysql from 20.13.161.157 port 53518","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5173]: Connection closed by authenticating user root 20.13.161.157 port 53570 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5172]: Connection closed by invalid user ubuntu 20.13.161.157 port 53556 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5178]: Invalid user test from 20.13.161.157 port 53530","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:30 honeypot-fra-1 sshd[5203]: Invalid user postgres from 20.13.161.157 port 53544","@timestamp":"2022-09-13T06:15:30.835Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:17:01.738Z","@version":"1","message":"Sep 13 06:17:01 honeypot-sgp-1 CRON[9879]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:17:01 honeypot-fra-1 CRON[5209]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T06:17:01.872Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:19:06 honeypot-ams-1 kernel: [83926530.518048] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=23087 PROTO=TCP SPT=56971 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:19:07.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:23:23 honeypot-fra-1 sshd[5216]: Invalid user squid from 24.245.64.3 port 46222","@timestamp":"2022-09-13T06:23:24.019Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:25:01 honeypot-ams-1 CRON[14558]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T06:25:02.603Z"}
{"@timestamp":"2022-09-13T06:26:41.987Z","@version":"1","message":"Sep 13 06:26:41 honeypot-sgp-1 sshd[10041]: Invalid user cmschef from 51.15.83.17 port 50723","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:27:47 honeypot-fra-1 sshd[5354]: Received disconnect from 82.180.162.70 port 47956:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:27:48.143Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:27:59.021Z","@version":"1","message":"Sep 13 06:27:58 honeypot-sgp-1 sshd[10140]: Disconnected from invalid user user 45.61.186.249 port 44792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:18.031Z","@version":"1","message":"Sep 13 06:28:17 honeypot-sgp-1 sshd[10144]: Disconnected from invalid user user 45.61.186.249 port 39614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:36.040Z","@version":"1","message":"Sep 13 06:28:35 honeypot-sgp-1 sshd[10148]: Disconnected from invalid user user 45.61.186.249 port 34498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:28:45 honeypot-fra-1 sshd[5358]: Disconnected from authenticating user root 41.191.116.18 port 52556 [preauth]","@timestamp":"2022-09-13T06:28:46.169Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:28:51.048Z","@version":"1","message":"Sep 13 06:28:51 honeypot-sgp-1 sshd[10153]: Disconnected from invalid user user 45.61.186.249 port 57534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:29:17 honeypot-ams-1 kernel: [83927142.035734] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58524 PROTO=TCP SPT=50391 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:29:18.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:30:20 honeypot-fra-1 kernel: [83925044.591499] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.118 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35516 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:30:20.209Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T06:33:00.152Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10175]: Invalid user pi from 189.8.29.5 port 60632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10163]: Invalid user mysql from 189.8.29.5 port 60592","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10165]: Invalid user test from 189.8.29.5 port 60626","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10159]: Invalid user oracle from 189.8.29.5 port 60610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10174]: Invalid user deploy from 189.8.29.5 port 60608","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10164]: Connection closed by authenticating user root 189.8.29.5 port 60588 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10186]: Connection closed by invalid user rustserver 189.8.29.5 port 60656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10185]: Connection closed by invalid user oracle 189.8.29.5 port 60640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10160]: Connection closed by invalid user admin 189.8.29.5 port 60616 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10170]: Connection closed by invalid user devops 189.8.29.5 port 60606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:34:34 honeypot-fra-1 sshd[5373]: Received disconnect from 81.45.44.185 port 38170:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:34:34.307Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:36:52 honeypot-fra-1 sshd[5379]: Disconnected from authenticating user root 167.99.236.74 port 58436 [preauth]","@timestamp":"2022-09-13T06:36:53.361Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:36:57.253Z","@version":"1","message":"Sep 13 06:36:56 honeypot-sgp-1 kernel: [83927126.998549] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=8763 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:38:14 honeypot-ams-1 kernel: [83927678.142127] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44593 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:38:14.952Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:02 honeypot-ams-1 sshd[14840]: Invalid user admin from 80.76.51.43 port 54108","@timestamp":"2022-09-13T06:42:03.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:32 honeypot-ams-1 sshd[14844]: Invalid user admin from 80.76.51.43 port 55196","@timestamp":"2022-09-13T06:42:33.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:45:12 honeypot-fra-1 sshd[5386]: Invalid user korf from 165.22.45.108 port 37932","@timestamp":"2022-09-13T06:45:13.553Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:50:48 honeypot-ams-1 kernel: [83928432.437532] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.141.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6305 PROTO=TCP SPT=41407 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:50:49.281Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5391]: Did not receive identification string from 20.254.57.199 port 53576","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5403]: Invalid user test from 20.254.57.199 port 53994","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5396]: Connection closed by invalid user hadoop 20.254.57.199 port 53938 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5403]: Connection closed by invalid user test 20.254.57.199 port 53994 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5404]: Connection closed by invalid user testuser 20.254.57.199 port 53996 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5409]: Connection closed by invalid user admin 20.254.57.199 port 53988 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5412]: Invalid user admin from 20.254.57.199 port 54000","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5441]: Invalid user devops from 20.254.57.199 port 53932","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5440]: Connection closed by invalid user www 20.254.57.199 port 53944 [preauth]","@timestamp":"2022-09-13T06:51:13.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:15 honeypot-fra-1 sshd[5454]: Connection closed by invalid user hadoop 20.254.57.199 port 53998 [preauth]","@timestamp":"2022-09-13T06:51:15.692Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:52:32.644Z","@version":"1","message":"Sep 13 06:52:32 honeypot-sgp-1 sshd[10228]: Invalid user debian from 179.60.147.69 port 25076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:47.702Z","@version":"1","message":"Sep 13 06:54:47 honeypot-sgp-1 sshd[10232]: Disconnected from invalid user user 141.255.162.226 port 37846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:51.706Z","@version":"1","message":"Sep 13 06:54:51 honeypot-sgp-1 sshd[10236]: Disconnected from invalid user user 141.255.162.226 port 51526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:53.707Z","@version":"1","message":"Sep 13 06:54:52 honeypot-sgp-1 sshd[10240]: Disconnected from invalid user user 141.255.162.226 port 58374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:55:53 honeypot-ams-1 sshd[14855]: Invalid user debian from 179.60.147.69 port 20364","@timestamp":"2022-09-13T06:55:53.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:59:20 honeypot-fra-1 kernel: [83926784.411358] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=35154 PROTO=TCP SPT=52278 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:59:20.875Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:00:34 honeypot-ams-1 sshd[15292]: Disconnected from authenticating user root 200.72.227.83 port 58018 [preauth]","@timestamp":"2022-09-13T07:00:35.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:32 honeypot-ams-1 sshd[15298]: Received disconnect from 45.61.184.204 port 36548:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:02:32.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:51 honeypot-ams-1 sshd[15302]: Invalid user user from 45.61.184.204 port 59642","@timestamp":"2022-09-13T07:02:51.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:08 honeypot-ams-1 sshd[15306]: Invalid user user from 45.61.184.204 port 54504","@timestamp":"2022-09-13T07:03:09.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:25 honeypot-ams-1 sshd[15310]: Invalid user user from 45.61.184.204 port 49356","@timestamp":"2022-09-13T07:03:26.619Z"}
{"@timestamp":"2022-09-13T07:05:18.967Z","@version":"1","message":"Sep 13 07:05:18 honeypot-sgp-1 kernel: [83928829.147551] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.46.249 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=39989 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:06:43 honeypot-ams-1 sshd[15314]: Disconnected from invalid user user 45.61.186.249 port 33486 [preauth]","@timestamp":"2022-09-13T07:06:44.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:03 honeypot-ams-1 sshd[15318]: Disconnected from invalid user user 45.61.186.249 port 56468 [preauth]","@timestamp":"2022-09-13T07:07:03.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:20 honeypot-ams-1 sshd[15322]: Disconnected from invalid user user 45.61.186.249 port 51208 [preauth]","@timestamp":"2022-09-13T07:07:20.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:36 honeypot-ams-1 sshd[15326]: Disconnected from invalid user user 45.61.186.249 port 45958 [preauth]","@timestamp":"2022-09-13T07:07:37.736Z"}
{"@timestamp":"2022-09-13T07:07:52.034Z","@version":"1","message":"Sep 13 07:07:51 honeypot-sgp-1 sshd[10249]: Disconnected from authenticating user irc 20.91.214.19 port 34310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:17:01 honeypot-fra-1 CRON[5470]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T07:17:02.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:17:57 honeypot-fra-1 sshd[5475]: Disconnected from invalid user user 45.61.187.160 port 55646 [preauth]","@timestamp":"2022-09-13T07:17:57.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:15 honeypot-fra-1 sshd[5479]: Disconnected from invalid user user 45.61.187.160 port 50716 [preauth]","@timestamp":"2022-09-13T07:18:15.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:33 honeypot-fra-1 sshd[5483]: Received disconnect from 45.61.187.160 port 45804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:18:34.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:51 honeypot-fra-1 sshd[5487]: Received disconnect from 45.61.187.160 port 40874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:18:51.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:21:39 honeypot-ams-1 sshd[15334]: Received disconnect from 84.201.158.231 port 42810:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:21:40.096Z"}
{"@timestamp":"2022-09-13T07:23:21.421Z","@version":"1","message":"Sep 13 07:23:20 honeypot-sgp-1 sshd[10256]: Disconnected from invalid user firebird 189.45.78.175 port 14760 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:25:39 honeypot-fra-1 sshd[5492]: Received disconnect from 165.22.45.108 port 42866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:25:39.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:29:34 honeypot-fra-1 sshd[5497]: Disconnected from invalid user admin 119.28.215.47 port 45804 [preauth]","@timestamp":"2022-09-13T07:29:35.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:32:33 honeypot-ams-1 sshd[15340]: Received disconnect from 92.255.85.69 port 25364:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:32:33.393Z"}
{"@timestamp":"2022-09-13T07:33:00.688Z","@version":"1","message":"Sep 13 07:32:59 honeypot-sgp-1 sshd[10263]: Received disconnect from 51.15.56.154 port 37162:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:33:35 honeypot-fra-1 sshd[5501]: Disconnected from authenticating user root 222.252.243.104 port 28472 [preauth]","@timestamp":"2022-09-13T07:33:35.668Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:41:25.907Z","@version":"1","message":"Sep 13 07:41:25 honeypot-sgp-1 sshd[10267]: Received disconnect from 45.61.186.49 port 42490:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:34.912Z","@version":"1","message":"Sep 13 07:41:34 honeypot-sgp-1 sshd[10271]: Received disconnect from 45.61.186.49 port 54262:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:43:49.972Z","@version":"1","message":"Sep 13 07:43:49 honeypot-sgp-1 kernel: [83931140.283942] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.156.72.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34511 PROTO=TCP SPT=53876 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 07:47:50 honeypot-ams-1 kernel: [83931854.556164] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.192 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48168 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:47:50.801Z"}
{"@timestamp":"2022-09-13T07:49:58.160Z","@version":"1","message":"Sep 13 07:49:57 honeypot-sgp-1 sshd[10276]: Disconnected from authenticating user root 92.255.85.70 port 35258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:52:49 honeypot-fra-1 kernel: [83929993.754341] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.156.155.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=614 PROTO=TCP SPT=53102 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:52:50.100Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:59:26 honeypot-ams-1 sshd[15353]: Invalid user bailey from 167.172.253.42 port 58756","@timestamp":"2022-09-13T07:59:27.106Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:03:54 honeypot-ams-1 kernel: [83932818.668555] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54712 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:03:55.223Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:04:46 honeypot-fra-1 sshd[5513]: Connection closed by invalid user test 111.59.45.19 port 41639 [preauth]","@timestamp":"2022-09-13T08:04:47.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:07:32 honeypot-fra-1 sshd[5519]: Connection closed by invalid user user 179.60.147.69 port 12332 [preauth]","@timestamp":"2022-09-13T08:07:33.487Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:51 honeypot-ams-1 sshd[15362]: Received disconnect from 83.228.83.95 port 10458:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:51.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:51 honeypot-ams-1 sshd[15366]: Disconnected from invalid user ubnt 83.228.83.95 port 10564 [preauth]","@timestamp":"2022-09-13T08:07:52.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:53 honeypot-ams-1 sshd[15372]: Disconnected from authenticating user root 83.228.83.95 port 10688 [preauth]","@timestamp":"2022-09-13T08:07:53.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:54 honeypot-ams-1 sshd[15378]: Disconnected from authenticating user root 83.228.83.95 port 10262 [preauth]","@timestamp":"2022-09-13T08:07:54.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:55 honeypot-ams-1 sshd[15384]: Disconnected from authenticating user root 83.228.83.95 port 10146 [preauth]","@timestamp":"2022-09-13T08:07:56.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:56 honeypot-ams-1 sshd[15390]: Disconnected from authenticating user root 83.228.83.95 port 10222 [preauth]","@timestamp":"2022-09-13T08:07:57.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:57 honeypot-ams-1 sshd[15396]: Disconnected from authenticating user root 83.228.83.95 port 10290 [preauth]","@timestamp":"2022-09-13T08:07:58.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:58 honeypot-ams-1 sshd[15402]: Disconnected from authenticating user root 83.228.83.95 port 10728 [preauth]","@timestamp":"2022-09-13T08:07:59.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:59 honeypot-ams-1 sshd[15408]: Disconnected from authenticating user root 83.228.83.95 port 10030 [preauth]","@timestamp":"2022-09-13T08:08:00.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:01 honeypot-ams-1 sshd[15414]: Disconnected from authenticating user root 83.228.83.95 port 10554 [preauth]","@timestamp":"2022-09-13T08:08:01.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:02 honeypot-ams-1 sshd[15420]: Disconnected from authenticating user root 83.228.83.95 port 10304 [preauth]","@timestamp":"2022-09-13T08:08:02.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:03 honeypot-ams-1 sshd[15426]: Disconnected from authenticating user root 83.228.83.95 port 10818 [preauth]","@timestamp":"2022-09-13T08:08:04.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:04 honeypot-ams-1 sshd[15432]: Disconnected from authenticating user root 83.228.83.95 port 10410 [preauth]","@timestamp":"2022-09-13T08:08:05.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:05 honeypot-ams-1 sshd[15436]: Disconnected from invalid user admin 83.228.83.95 port 10856 [preauth]","@timestamp":"2022-09-13T08:08:05.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:06 honeypot-ams-1 sshd[15440]: Disconnected from invalid user admin 83.228.83.95 port 10614 [preauth]","@timestamp":"2022-09-13T08:08:06.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:06 honeypot-ams-1 sshd[15444]: Disconnected from invalid user admin 83.228.83.95 port 10960 [preauth]","@timestamp":"2022-09-13T08:08:07.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15448]: Disconnected from invalid user admin 83.228.83.95 port 10892 [preauth]","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:08 honeypot-ams-1 sshd[15452]: Disconnected from invalid user admin 83.228.83.95 port 10432 [preauth]","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:09 honeypot-ams-1 sshd[15458]: Received disconnect from 83.228.83.95 port 10632:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:10.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15462]: Received disconnect from 83.228.83.95 port 10262:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:10.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15466]: Received disconnect from 83.228.83.95 port 10984:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:11.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:11 honeypot-ams-1 sshd[15470]: Received disconnect from 83.228.83.95 port 10160:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:12.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15474]: Received disconnect from 83.228.83.95 port 10220:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:13 honeypot-ams-1 sshd[15478]: Received disconnect from 83.228.83.95 port 10130:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:14 honeypot-ams-1 sshd[15482]: Received disconnect from 83.228.83.95 port 10850:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:14.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:14 honeypot-ams-1 sshd[15486]: Received disconnect from 83.228.83.95 port 10382:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15490]: Received disconnect from 83.228.83.95 port 10564:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:16 honeypot-ams-1 sshd[15494]: Received disconnect from 83.228.83.95 port 10968:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15498]: Received disconnect from 83.228.83.95 port 10612:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:17.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15502]: Received disconnect from 83.228.83.95 port 10860:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:18.350Z"}
{"@timestamp":"2022-09-13T08:08:45.639Z","@version":"1","message":"Sep 13 08:08:44 honeypot-sgp-1 sshd[10284]: Invalid user ubnt from 50.116.41.163 port 13864","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:10:23 honeypot-ams-1 sshd[15506]: Disconnected from invalid user bu 107.175.33.240 port 48914 [preauth]","@timestamp":"2022-09-13T08:10:24.409Z"}
{"@timestamp":"2022-09-13T08:13:03.751Z","@version":"1","message":"Sep 13 08:13:02 honeypot-sgp-1 sshd[10287]: Disconnected from authenticating user root 92.255.85.70 port 28636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:15:35 honeypot-ams-1 sshd[15513]: Disconnecting authenticating user root 120.48.37.84 port 42410: Too many authentication failures [preauth]","@timestamp":"2022-09-13T08:15:35.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:29 honeypot-fra-1 sshd[5545]: Received disconnect from 45.61.186.169 port 55184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:16:29.694Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:46 honeypot-fra-1 sshd[5549]: Received disconnect from 45.61.186.169 port 50142:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:16:47.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:01 honeypot-fra-1 CRON[5553]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T08:17:01.711Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:17:01 honeypot-ams-1 CRON[15520]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T08:17:02.579Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:11 honeypot-fra-1 sshd[5559]: Disconnected from invalid user user 45.61.186.169 port 56698 [preauth]","@timestamp":"2022-09-13T08:17:11.715Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:19:46 honeypot-fra-1 sshd[5563]: Invalid user pi from 220.71.14.93 port 34088","@timestamp":"2022-09-13T08:19:46.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:21:22.993Z","@version":"1","message":"Sep 13 08:21:22 honeypot-sgp-1 sshd[10316]: Invalid user soham from 139.59.112.202 port 46060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:21:38 honeypot-fra-1 sshd[5567]: Disconnected from invalid user cyr 167.99.236.74 port 37080 [preauth]","@timestamp":"2022-09-13T08:21:38.824Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:30:24 honeypot-fra-1 kernel: [83932249.137976] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=45817 PROTO=TCP SPT=57802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:30:25.024Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T08:36:03.362Z","@version":"1","message":"Sep 13 08:36:02 honeypot-sgp-1 sshd[10321]: Disconnected from authenticating user root 92.255.85.70 port 53822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:36:48 honeypot-ams-1 sshd[15547]: Invalid user admin from 62.64.86.44 port 51743","@timestamp":"2022-09-13T08:36:49.089Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:39:14 honeypot-fra-1 sshd[5580]: Received disconnect from 218.92.0.208 port 45038:11:  [preauth]","@timestamp":"2022-09-13T08:39:14.249Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:41:57 honeypot-ams-1 sshd[15552]: Received disconnect from 92.255.85.69 port 61854:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:41:57.222Z"}
{"@timestamp":"2022-09-13T08:43:06.546Z","@version":"1","message":"Sep 13 08:43:05 honeypot-sgp-1 sshd[10328]: Invalid user test from 179.60.147.69 port 10510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:29 honeypot-fra-1 sshd[5587]: Did not receive identification string from 182.253.81.212 port 58786","@timestamp":"2022-09-13T08:44:29.371Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:33 honeypot-fra-1 sshd[5591]: Connection closed by invalid user ubuntu 182.253.81.212 port 33686 [preauth]","@timestamp":"2022-09-13T08:44:34.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:46:00.623Z","@version":"1","message":"Sep 13 08:46:00 honeypot-sgp-1 kernel: [83934870.470729] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.182.103.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51535 PROTO=TCP SPT=55764 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:46:33 honeypot-fra-1 sshd[5596]: Disconnected from invalid user kotak 165.22.45.108 port 54130 [preauth]","@timestamp":"2022-09-13T08:46:33.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:47:32.667Z","@version":"1","message":"Sep 13 08:47:31 honeypot-sgp-1 sshd[10339]: Invalid user user from 20.205.9.176 port 34860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:48:58 honeypot-fra-1 sshd[5601]: Received disconnect from 45.61.187.160 port 36432:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:48:59.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:14 honeypot-fra-1 sshd[5606]: Received disconnect from 45.61.187.160 port 59246:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:49:15.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:30 honeypot-fra-1 sshd[5610]: Received disconnect from 45.61.187.160 port 53846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:49:31.497Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:49:50 honeypot-ams-1 sshd[15559]: Invalid user user from 198.98.61.9 port 40156","@timestamp":"2022-09-13T08:49:50.427Z"}
{"@timestamp":"2022-09-13T08:50:01.730Z","@version":"1","message":"Sep 13 08:50:01 honeypot-sgp-1 sshd[10341]: Received disconnect from 181.49.50.202 port 51080:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:11 honeypot-ams-1 sshd[15562]: Invalid user user from 198.98.61.9 port 51774","@timestamp":"2022-09-13T08:50:12.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:34 honeypot-ams-1 sshd[15566]: Invalid user user from 198.98.61.9 port 46762","@timestamp":"2022-09-13T08:50:34.452Z"}
{"@timestamp":"2022-09-13T08:50:48.753Z","@version":"1","message":"Sep 13 08:50:48 honeypot-sgp-1 sshd[10345]: Disconnected from invalid user yjv 103.41.65.10 port 33298 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:55 honeypot-ams-1 sshd[15570]: Invalid user user from 198.98.61.9 port 41756","@timestamp":"2022-09-13T08:50:56.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:52:37 honeypot-fra-1 kernel: [83933582.026757] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.220.172.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=58 ID=14292 PROTO=TCP SPT=4445 DPT=80 WINDOW=32061 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:52:38.572Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:56:50 honeypot-ams-1 sshd[15575]: Received disconnect from 49.88.112.65 port 15930:11:  [preauth]","@timestamp":"2022-09-13T08:56:50.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:03 honeypot-ams-1 sshd[15579]: Did not receive identification string from 141.255.162.226 port 54820","@timestamp":"2022-09-13T09:00:03.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:21 honeypot-ams-1 sshd[15582]: Disconnected from invalid user user 141.255.162.226 port 37350 [preauth]","@timestamp":"2022-09-13T09:00:21.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:23 honeypot-ams-1 sshd[15586]: Disconnected from invalid user user 141.255.162.226 port 43962 [preauth]","@timestamp":"2022-09-13T09:00:24.710Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:00:40 honeypot-fra-1 sshd[5618]: Disconnected from invalid user mcr 198.12.114.231 port 36956 [preauth]","@timestamp":"2022-09-13T09:00:40.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:46 honeypot-ams-1 sshd[15591]: Received disconnect from 20.239.93.250 port 53248:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:00:47.722Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:04:13 honeypot-fra-1 sshd[5625]: Did not receive identification string from 219.157.79.154 port 52552","@timestamp":"2022-09-13T09:04:13.844Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:09:08 honeypot-ams-1 sshd[15597]: Received disconnect from 200.91.219.250 port 58104:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:09:08.940Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:13:23 honeypot-fra-1 sshd[5641]: Invalid user admin from 148.153.82.133 port 59286","@timestamp":"2022-09-13T09:13:23.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:13:30 honeypot-fra-1 sshd[5647]: Invalid user admin from 148.153.82.133 port 57518","@timestamp":"2022-09-13T09:13:30.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:16:54.406Z","@version":"1","message":"Sep 13 09:16:53 honeypot-sgp-1 kernel: [83936723.990506] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54915 PROTO=TCP SPT=57577 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:18:00 honeypot-ams-1 kernel: [83937264.007048] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=45786 PROTO=TCP SPT=57577 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:18:00.179Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5655]: Did not receive identification string from 92.205.165.95 port 40664","@timestamp":"2022-09-13T09:21:34.238Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5664]: Invalid user mysql from 92.205.165.95 port 40802","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5675]: Invalid user hadoop from 92.205.165.95 port 40836","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5661]: Invalid user oracle from 92.205.165.95 port 40788","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5664]: Connection closed by invalid user mysql 92.205.165.95 port 40802 [preauth]","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5682]: Invalid user git from 92.205.165.95 port 40846","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5674]: Connection closed by invalid user oracle 92.205.165.95 port 40828 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5682]: Connection closed by invalid user git 92.205.165.95 port 40846 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5687]: Invalid user postgres from 92.205.165.95 port 40858","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5679]: Connection closed by invalid user admin 92.205.165.95 port 40838 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:23:12.569Z","@version":"1","message":"Sep 13 09:23:11 honeypot-sgp-1 sshd[10358]: Disconnected from authenticating user root 92.255.85.69 port 54036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:23:15 honeypot-ams-1 sshd[15608]: Invalid user config from 179.60.147.69 port 38842","@timestamp":"2022-09-13T09:23:16.327Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:23:41 honeypot-fra-1 sshd[5717]: Received disconnect from 158.101.155.195 port 36244:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:23:41.290Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:26:25.652Z","@version":"1","message":"Sep 13 09:26:25 honeypot-sgp-1 sshd[10363]: Disconnected from authenticating user root 45.181.32.42 port 57618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:26:46 honeypot-fra-1 sshd[5725]: Invalid user kovalenko from 165.22.45.108 port 59134","@timestamp":"2022-09-13T09:26:47.364Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:28:40 honeypot-ams-1 sshd[15613]: Disconnected from invalid user pgsql 85.29.135.21 port 60516 [preauth]","@timestamp":"2022-09-13T09:28:41.470Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:31:42 honeypot-ams-1 sshd[15617]: Disconnected from invalid user ol 24.194.231.208 port 51534 [preauth]","@timestamp":"2022-09-13T09:31:42.551Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:38:24 honeypot-fra-1 kernel: [83936328.789864] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=41533 PROTO=TCP SPT=49275 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:38:25.628Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T09:42:28.042Z","@version":"1","message":"Sep 13 09:42:27 honeypot-sgp-1 kernel: [83938257.802677] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=216.218.206.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47105 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:35 honeypot-fra-1 sshd[5735]: Did not receive identification string from 141.255.162.226 port 45868","@timestamp":"2022-09-13T09:46:35.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5738]: Disconnected from invalid user user 141.255.162.226 port 57990 [preauth]","@timestamp":"2022-09-13T09:46:41.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:42 honeypot-fra-1 sshd[5742]: Disconnected from invalid user user 141.255.162.226 port 42884 [preauth]","@timestamp":"2022-09-13T09:46:42.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:46 honeypot-fra-1 sshd[5746]: Disconnected from invalid user user 141.255.162.226 port 56006 [preauth]","@timestamp":"2022-09-13T09:46:46.818Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:47:31.169Z","@version":"1","message":"Sep 13 09:47:30 honeypot-sgp-1 sshd[10377]: Invalid user field from 64.227.126.250 port 58084","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:07 honeypot-fra-1 sshd[5750]: Did not receive identification string from 45.61.186.169 port 38730","@timestamp":"2022-09-13T09:49:07.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:28 honeypot-fra-1 sshd[5753]: Disconnected from invalid user user 45.61.186.169 port 41360 [preauth]","@timestamp":"2022-09-13T09:49:28.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:45 honeypot-fra-1 sshd[5759]: Invalid user user from 45.61.186.169 port 36052","@timestamp":"2022-09-13T09:49:45.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:50:00 honeypot-fra-1 sshd[5763]: Invalid user user from 45.61.186.169 port 58952","@timestamp":"2022-09-13T09:50:00.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:50:21 honeypot-fra-1 sshd[5767]: Received disconnect from 92.255.85.69 port 51102:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:50:21.912Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:51:47 honeypot-ams-1 kernel: [83939291.193620] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=22478 PROTO=TCP SPT=47004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:51:48.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:56:49 honeypot-ams-1 sshd[15626]: Received disconnect from 198.98.61.9 port 36594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:56:50.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:13 honeypot-ams-1 sshd[15630]: Received disconnect from 198.98.61.9 port 59902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:57:14.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:43 honeypot-ams-1 sshd[15634]: Received disconnect from 198.98.61.9 port 54984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:57:44.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:58:08 honeypot-ams-1 sshd[15638]: Received disconnect from 198.98.61.9 port 50054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:58:09.257Z"}
{"@timestamp":"2022-09-13T10:02:47.538Z","@version":"1","message":"Sep 13 10:02:47 honeypot-sgp-1 sshd[10383]: Received disconnect from 147.182.184.139 port 32880:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:05:57.616Z","@version":"1","message":"Sep 13 10:05:56 honeypot-sgp-1 sshd[10388]: Received disconnect from 206.189.46.251 port 43626:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:06:44 honeypot-fra-1 sshd[5773]: Connection closed by invalid user default 218.2.101.210 port 43360 [preauth]","@timestamp":"2022-09-13T10:06:44.280Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:08:53.690Z","@version":"1","message":"Sep 13 10:08:53 honeypot-sgp-1 sshd[10394]: Received disconnect from 167.71.160.75 port 55348:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:10.699Z","@version":"1","message":"Sep 13 10:09:09 honeypot-sgp-1 sshd[10398]: Received disconnect from 45.61.184.204 port 53190:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:28.708Z","@version":"1","message":"Sep 13 10:09:27 honeypot-sgp-1 sshd[10402]: Received disconnect from 45.61.184.204 port 47790:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:09:44 honeypot-ams-1 kernel: [83940368.733837] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.128.143 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=14618 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:09:45.559Z"}
{"@timestamp":"2022-09-13T10:09:45.717Z","@version":"1","message":"Sep 13 10:09:45 honeypot-sgp-1 sshd[10406]: Received disconnect from 45.61.184.204 port 42390:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:10:05 honeypot-fra-1 sshd[5780]: Invalid user oracle from 117.86.103.243 port 48224","@timestamp":"2022-09-13T10:10:06.357Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:10:54.747Z","@version":"1","message":"Sep 13 10:10:54 honeypot-sgp-1 sshd[10410]: Disconnected from authenticating user root 92.255.85.69 port 34356 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:11:08 honeypot-fra-1 sshd[5786]: Connection closed by authenticating user root 117.86.103.243 port 48228 [preauth]","@timestamp":"2022-09-13T10:11:09.382Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:14:26 honeypot-ams-1 sshd[15647]: Received disconnect from 159.65.97.125 port 39096:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:14:27.685Z"}
{"@timestamp":"2022-09-13T10:18:13.926Z","@version":"1","message":"Sep 13 10:18:13 honeypot-sgp-1 kernel: [83940403.282319] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.96.73.34 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=244 ID=1087 PROTO=TCP SPT=59316 DPT=3389 WINDOW=63443 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:18:43 honeypot-ams-1 kernel: [83940907.465530] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24367 PROTO=TCP SPT=31159 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:18:43.797Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:19:25 honeypot-fra-1 sshd[5795]: Disconnected from authenticating user root 125.163.156.69 port 55076 [preauth]","@timestamp":"2022-09-13T10:19:25.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:22:27 honeypot-fra-1 sshd[5801]: Invalid user pi from 70.175.251.169 port 53048","@timestamp":"2022-09-13T10:22:28.643Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:27:00 honeypot-fra-1 sshd[5808]: Connection closed by authenticating user root 43.250.59.74 port 56567 [preauth]","@timestamp":"2022-09-13T10:27:00.747Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:27:26.153Z","@version":"1","message":"Sep 13 10:27:25 honeypot-sgp-1 kernel: [83940955.812265] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59643 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:34:12.322Z","@version":"1","message":"Sep 13 10:34:11 honeypot-sgp-1 sshd[10442]: Disconnected from authenticating user root 92.255.85.69 port 36652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:34:15 honeypot-ams-1 sshd[15659]: Did not receive identification string from 92.255.85.113 port 21755","@timestamp":"2022-09-13T10:34:16.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:35:43 honeypot-ams-1 sshd[15663]: Disconnected from invalid user sa 195.222.163.54 port 44922 [preauth]","@timestamp":"2022-09-13T10:35:43.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:36 honeypot-ams-1 sshd[15669]: Invalid user eemil from 172.105.37.138 port 50062","@timestamp":"2022-09-13T10:36:37.270Z"}
{"@timestamp":"2022-09-13T10:37:03.394Z","@version":"1","message":"Sep 13 10:37:03 honeypot-sgp-1 sshd[10447]: Received disconnect from 104.131.186.38 port 50930:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:37:15 honeypot-ams-1 sshd[15673]: Invalid user deborah from 159.65.115.222 port 42540","@timestamp":"2022-09-13T10:37:15.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:37:43 honeypot-ams-1 sshd[15677]: Disconnected from authenticating user root 41.85.251.8 port 37758 [preauth]","@timestamp":"2022-09-13T10:37:44.304Z"}
{"@timestamp":"2022-09-13T10:41:56.516Z","@version":"1","message":"Sep 13 10:41:55 honeypot-sgp-1 kernel: [83941826.136073] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=176.113.115.178 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50515 PROTO=TCP SPT=59896 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:42:21 honeypot-ams-1 kernel: [83942325.063311] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.1.210.201 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=57 ID=3371 PROTO=TCP SPT=24643 DPT=443 WINDOW=42736 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:42:21.425Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:44:09 honeypot-fra-1 kernel: [83940273.405355] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.17.64.240 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=43454 DF PROTO=TCP SPT=19439 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:44:10.132Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:48:45 honeypot-fra-1 kernel: [83940549.424202] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=18510 PROTO=TCP SPT=45730 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:48:46.236Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6271]: Invalid user admin from 137.184.227.149 port 55062","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6278]: Invalid user ubuntu from 137.184.227.149 port 55086","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6272]: Invalid user admin from 137.184.227.149 port 55074","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6271]: Connection closed by invalid user admin 137.184.227.149 port 55062 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6268]: Connection closed by invalid user steam 137.184.227.149 port 55066 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6281]: Connection closed by invalid user es 137.184.227.149 port 55116 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6280]: Connection closed by authenticating user root 137.184.227.149 port 55090 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:56:18.892Z","@version":"1","message":"Sep 13 10:56:18 honeypot-sgp-1 sshd[10890]: Received disconnect from 92.255.85.70 port 46790:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:57:33 honeypot-fra-1 sshd[6314]: Invalid user bzrx1098ui from 92.255.85.113 port 7395","@timestamp":"2022-09-13T10:57:34.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:58:38 honeypot-fra-1 sshd[6319]: Disconnected from authenticating user root 92.255.85.70 port 22536 [preauth]","@timestamp":"2022-09-13T10:58:39.463Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:02:16 honeypot-ams-1 sshd[15688]: Disconnected from authenticating user root 92.255.85.69 port 50404 [preauth]","@timestamp":"2022-09-13T11:02:16.938Z"}
{"@timestamp":"2022-09-13T11:05:49.131Z","@version":"1","message":"Sep 13 11:05:48 honeypot-sgp-1 sshd[10896]: Connection reset by invalid user bzrx1098ui 92.255.85.113 port 13019 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:10:36 honeypot-fra-1 sshd[6325]: Invalid user config from 179.60.147.69 port 7442","@timestamp":"2022-09-13T11:10:36.756Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:12:51 honeypot-ams-1 sshd[15693]: Invalid user config from 179.60.147.69 port 24866","@timestamp":"2022-09-13T11:12:52.214Z"}
{"@timestamp":"2022-09-13T11:14:02.335Z","@version":"1","message":"Sep 13 11:14:02 honeypot-sgp-1 sshd[10904]: Received disconnect from 143.198.165.162 port 46944:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:16:52.408Z","@version":"1","message":"Sep 13 11:16:51 honeypot-sgp-1 sshd[10910]: Received disconnect from 217.160.49.50 port 37290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:17:27.426Z","@version":"1","message":"Sep 13 11:17:26 honeypot-sgp-1 sshd[10915]: Disconnected from invalid user ilario 20.94.74.40 port 37984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:18:30 honeypot-ams-1 kernel: [83944494.725655] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=55491 DF PROTO=TCP SPT=35952 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:18:31.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:43 honeypot-fra-1 sshd[6331]: Did not receive identification string from 36.99.192.209 port 43996","@timestamp":"2022-09-13T11:18:43.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:48 honeypot-fra-1 sshd[6345]: Connection closed by invalid user ansible 36.99.192.209 port 60794 [preauth]","@timestamp":"2022-09-13T11:18:48.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:59 honeypot-fra-1 sshd[6354]: Invalid user es from 36.99.192.209 port 60812","@timestamp":"2022-09-13T11:18:59.947Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:19:14.472Z","@version":"1","message":"Sep 13 11:19:13 honeypot-sgp-1 sshd[10921]: Invalid user user from 45.61.184.204 port 56370","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:23.478Z","@version":"1","message":"Sep 13 11:19:23 honeypot-sgp-1 sshd[10927]: Invalid user user from 45.61.184.204 port 39802","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:34.483Z","@version":"1","message":"Sep 13 11:19:33 honeypot-sgp-1 sshd[10931]: Received disconnect from 150.109.7.77 port 36058:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:51.492Z","@version":"1","message":"Sep 13 11:19:51 honeypot-sgp-1 sshd[10935]: Received disconnect from 45.61.184.204 port 46550:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:25:04 honeypot-ams-1 sshd[15704]: Received disconnect from 194.150.69.207 port 59296:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:25:05.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:25:24 honeypot-fra-1 kernel: [83942748.114385] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.143.195 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14965 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:25:25.092Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:07 honeypot-ams-1 sshd[15707]: Disconnected from invalid user user 45.61.186.169 port 36686 [preauth]","@timestamp":"2022-09-13T11:26:07.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:25 honeypot-ams-1 sshd[15711]: Received disconnect from 45.61.186.169 port 60058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:26:25.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:41 honeypot-ams-1 sshd[15715]: Received disconnect from 45.61.186.169 port 55202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:26:41.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:56 honeypot-ams-1 sshd[15719]: Received disconnect from 45.61.186.169 port 50338:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:26:57.595Z"}
{"@timestamp":"2022-09-13T11:27:39.680Z","@version":"1","message":"Sep 13 11:27:38 honeypot-sgp-1 kernel: [83944569.037234] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=216.218.206.69 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44646 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:31:05 honeypot-ams-1 sshd[15723]: Received disconnect from 201.186.40.35 port 41480:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:31:06.704Z"}
{"@timestamp":"2022-09-13T11:31:48.785Z","@version":"1","message":"Sep 13 11:31:47 honeypot-sgp-1 sshd[10941]: Disconnected from invalid user user 45.61.187.160 port 38774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:07.795Z","@version":"1","message":"Sep 13 11:32:07 honeypot-sgp-1 sshd[10945]: Disconnected from invalid user user 45.61.187.160 port 33688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:26.804Z","@version":"1","message":"Sep 13 11:32:26 honeypot-sgp-1 sshd[10949]: Disconnected from invalid user user 45.61.187.160 port 56840 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:47.815Z","@version":"1","message":"Sep 13 11:32:46 honeypot-sgp-1 sshd[10954]: Disconnected from invalid user user 45.61.187.160 port 51764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:33:10 honeypot-fra-1 kernel: [83943214.181693] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.89.73.227 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34567 PROTO=TCP SPT=45743 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:33:11.260Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:34:22 honeypot-ams-1 kernel: [83945446.397068] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.252 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=31524 DF PROTO=TCP SPT=20046 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:34:22.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:32 honeypot-fra-1 sshd[6372]: Received disconnect from 45.61.184.204 port 45110:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:35:32.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:49 honeypot-fra-1 sshd[6376]: Received disconnect from 45.61.184.204 port 39522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:35:50.344Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:36:06 honeypot-fra-1 sshd[6380]: Received disconnect from 45.61.184.204 port 33954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:36:06.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:39:48 honeypot-fra-1 kernel: [83943612.374335] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=144.48.243.57 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=244 ID=3506 PROTO=TCP SPT=48314 DPT=3389 WINDOW=63443 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:39:49.438Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T11:41:06.021Z","@version":"1","message":"Sep 13 11:41:05 honeypot-sgp-1 kernel: [83945375.303918] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=16512 DF PROTO=TCP SPT=60162 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:41:15 honeypot-ams-1 kernel: [83945859.069969] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=8419 PROTO=TCP SPT=11812 DPT=80 WINDOW=48804 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:41:15.975Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:44:38 honeypot-ams-1 kernel: [83946062.732786] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=65048 PROTO=TCP SPT=39193 DPT=443 WINDOW=3512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:44:39.066Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:45:48 honeypot-fra-1 sshd[6387]: Disconnected from authenticating user root 92.255.85.69 port 23938 [preauth]","@timestamp":"2022-09-13T11:45:49.575Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:46:18.169Z","@version":"1","message":"Sep 13 11:46:17 honeypot-sgp-1 sshd[10960]: Connection closed by authenticating user nobody 179.60.147.69 port 56970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:48:11 honeypot-ams-1 sshd[15735]: Received disconnect from 210.56.25.101 port 51844:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:48:12.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:38 honeypot-ams-1 sshd[15742]: Received disconnect from 80.76.51.45 port 41326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:49:39.202Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:49:49 honeypot-fra-1 kernel: [83944213.099038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.38.12.12 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=39906 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:49:49.670Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:10 honeypot-ams-1 sshd[15746]: Invalid user test from 80.76.51.45 port 36186","@timestamp":"2022-09-13T11:50:10.219Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:50:33 honeypot-ams-1 kernel: [83946417.838820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=28421 DF PROTO=TCP SPT=41072 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:50:34.232Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:51:10 honeypot-ams-1 sshd[15754]: Received disconnect from 80.76.51.45 port 54332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:51:11.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:51:55 honeypot-ams-1 sshd[15760]: Received disconnect from 80.76.51.45 port 60892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:51:55.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:52:24 honeypot-ams-1 sshd[15765]: Received disconnect from 80.76.51.45 port 55856:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:52:25.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:54:33 honeypot-ams-1 sshd[15769]: Received disconnect from 163.177.9.152 port 45918:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:54:34.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:54:46 honeypot-fra-1 kernel: [83944510.015839] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.248.42 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31337 PROTO=TCP SPT=18823 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:54:46.783Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:01:50 honeypot-fra-1 sshd[6405]: Received disconnect from 45.61.186.249 port 60876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:01:50.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:07 honeypot-fra-1 sshd[6409]: Received disconnect from 45.61.186.249 port 55476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:02:07.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:26 honeypot-fra-1 sshd[6413]: Received disconnect from 45.61.186.249 port 50078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:02:26.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:42 honeypot-fra-1 sshd[6417]: Invalid user user from 45.61.186.249 port 44690","@timestamp":"2022-09-13T12:02:42.969Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:04:56.623Z","@version":"1","message":"Sep 13 12:04:56 honeypot-sgp-1 sshd[10968]: Invalid user user from 45.61.186.49 port 35428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:05:06.629Z","@version":"1","message":"Sep 13 12:05:06 honeypot-sgp-1 sshd[10972]: Invalid user user from 45.61.186.49 port 47048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:06:17.658Z","@version":"1","message":"Sep 13 12:06:16 honeypot-sgp-1 sshd[10976]: Received disconnect from 92.255.85.69 port 63198:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:08:33 honeypot-fra-1 sshd[6422]: Disconnected from invalid user kremzer 165.22.45.108 port 50720 [preauth]","@timestamp":"2022-09-13T12:08:34.102Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:10:57 honeypot-ams-1 sshd[15777]: Received disconnect from 92.255.85.69 port 18524:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:10:58.767Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:11:04 honeypot-fra-1 kernel: [83945488.472602] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.137.179 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=29264 PROTO=TCP SPT=40639 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:11:05.166Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T12:17:01.921Z","@version":"1","message":"Sep 13 12:17:01 honeypot-sgp-1 CRON[10980]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:17:51 honeypot-ams-1 sshd[15784]: Received disconnect from 121.165.140.242 port 42876:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:17:51.947Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:19:46 honeypot-ams-1 sshd[15788]: Received disconnect from 175.126.146.170 port 45972:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:19:46.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:23:56 honeypot-fra-1 sshd[6437]: Invalid user blank from 179.60.147.69 port 58418","@timestamp":"2022-09-13T12:23:57.455Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:26:08 honeypot-ams-1 sshd[15793]: Invalid user blank from 179.60.147.69 port 51210","@timestamp":"2022-09-13T12:26:08.160Z"}
{"@timestamp":"2022-09-13T12:31:35.284Z","@version":"1","message":"Sep 13 12:31:34 honeypot-sgp-1 sshd[10991]: Invalid user admin from 58.142.29.91 port 52479","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:32:17 honeypot-ams-1 kernel: [83948921.209818] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.99.175.188 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=28931 DF PROTO=TCP SPT=6686 DPT=5432 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:32:18.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:32:18 honeypot-fra-1 sshd[6442]: Received disconnect from 92.255.85.69 port 46224:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:32:18.648Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:37:47.445Z","@version":"1","message":"Sep 13 12:37:46 honeypot-sgp-1 kernel: [83948776.633595] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.238 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=18494 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:38:40 honeypot-ams-1 kernel: [83949304.192150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11560 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:38:40.488Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:44:32 honeypot-ams-1 sshd[15804]: Received disconnect from 23.225.191.123 port 52694:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:44:33.638Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:44:39 honeypot-fra-1 sshd[6446]: Invalid user jira from 117.251.18.98 port 36868","@timestamp":"2022-09-13T12:44:39.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6479]: Invalid user steam from 94.156.175.57 port 60749","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6467]: Invalid user hadoop from 94.156.175.57 port 60694","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6476]: Invalid user mcsv from 94.156.175.57 port 60757","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6485]: Invalid user guest from 94.156.175.57 port 60762","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6479]: Connection closed by invalid user steam 94.156.175.57 port 60749 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6470]: Connection closed by invalid user elasticsearch 94.156.175.57 port 60739 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6493]: Invalid user elastic from 94.156.175.57 port 60798","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6464]: Connection closed by invalid user ansible 94.156.175.57 port 60693 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6478]: Connection closed by invalid user hadoop 94.156.175.57 port 60746 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6484]: Connection closed by invalid user elasticsearch 94.156.175.57 port 60773 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:48:51 honeypot-fra-1 sshd[6518]: Invalid user krislew from 165.22.45.108 port 55622","@timestamp":"2022-09-13T12:48:51.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:50:52 honeypot-fra-1 kernel: [83947875.923341] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.92.32.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=63762 PROTO=TCP SPT=53452 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:50:53.078Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T12:53:43.836Z","@version":"1","message":"Sep 13 12:53:43 honeypot-sgp-1 kernel: [83949733.754280] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.116.58.149 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=17071 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:54:12 honeypot-ams-1 sshd[15811]: Received disconnect from 163.44.207.144 port 51938:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:54:12.891Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:57:47 honeypot-fra-1 kernel: [83948290.990554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=50050 PROTO=TCP SPT=51854 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:57:48.235Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:01:04 honeypot-fra-1 sshd[6535]: Invalid user juliana from 159.65.133.50 port 49436","@timestamp":"2022-09-13T13:01:05.311Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:01:52 honeypot-ams-1 sshd[15821]: Invalid user test from 193.106.191.157 port 47378","@timestamp":"2022-09-13T13:01:53.087Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:02:05 honeypot-fra-1 sshd[6538]: Disconnected from invalid user deploy 221.157.75.252 port 50532 [preauth]","@timestamp":"2022-09-13T13:02:05.336Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:04:04.092Z","@version":"1","message":"Sep 13 13:04:03 honeypot-sgp-1 sshd[11003]: Invalid user markus from 43.132.121.97 port 36418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:04:15 honeypot-fra-1 sshd[6542]: Disconnected from invalid user install 159.65.240.232 port 57116 [preauth]","@timestamp":"2022-09-13T13:04:16.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:05:58 honeypot-fra-1 sshd[6548]: Disconnected from authenticating user root 179.43.156.143 port 33372 [preauth]","@timestamp":"2022-09-13T13:05:59.428Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:06:45 honeypot-ams-1 kernel: [83950989.007416] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.132.2.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=15931 PROTO=TCP SPT=49324 DPT=80 WINDOW=63469 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:06:45.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:07:54 honeypot-fra-1 sshd[6555]: Disconnected from authenticating user root 179.43.156.143 port 47980 [preauth]","@timestamp":"2022-09-13T13:07:54.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:09:09 honeypot-fra-1 sshd[6561]: Invalid user ossuser from 179.43.156.143 port 38890","@timestamp":"2022-09-13T13:09:09.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:09:46 honeypot-fra-1 sshd[6564]: Disconnected from invalid user nfsnobod 179.43.156.143 port 34326 [preauth]","@timestamp":"2022-09-13T13:09:47.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:10:09 honeypot-ams-1 sshd[15832]: Disconnected from invalid user monitor 148.66.129.194 port 49284 [preauth]","@timestamp":"2022-09-13T13:10:10.308Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:24 honeypot-fra-1 sshd[6568]: Disconnected from authenticating user root 179.43.156.143 port 58094 [preauth]","@timestamp":"2022-09-13T13:10:25.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:37 honeypot-fra-1 sshd[6572]: Disconnected from invalid user user 45.61.186.169 port 49886 [preauth]","@timestamp":"2022-09-13T13:10:37.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:55 honeypot-fra-1 sshd[6576]: Disconnected from invalid user user 45.61.186.169 port 45282 [preauth]","@timestamp":"2022-09-13T13:10:55.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:11 honeypot-fra-1 sshd[6582]: Invalid user user from 45.61.186.169 port 40652","@timestamp":"2022-09-13T13:11:11.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:12:19 honeypot-fra-1 sshd[6589]: Received disconnect from 179.43.156.143 port 44458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:12:19.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:13:40 honeypot-fra-1 kernel: [83949244.371897] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.83.223.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=5376 DF PROTO=TCP SPT=36062 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:13:41.612Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T13:17:02.428Z","@version":"1","message":"Sep 13 13:17:01 honeypot-sgp-1 CRON[11007]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:17:47 honeypot-ams-1 sshd[15842]: Received disconnect from 46.101.132.159 port 51746:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:17:47.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:18:20 honeypot-ams-1 sshd[15847]: Received disconnect from 124.194.74.203 port 39868:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:18:20.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:19:04 honeypot-ams-1 sshd[15849]: Disconnected from invalid user postgres 165.22.1.73 port 48920 [preauth]","@timestamp":"2022-09-13T13:19:04.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:19:40 honeypot-fra-1 sshd[6599]: Received disconnect from 92.255.85.70 port 21208:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:19:41.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:20:36 honeypot-ams-1 sshd[15854]: Invalid user mkr from 143.198.179.96 port 47980","@timestamp":"2022-09-13T13:20:36.587Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:22:13 honeypot-ams-1 sshd[15858]: Connection closed by invalid user test 193.106.191.157 port 32842 [preauth]","@timestamp":"2022-09-13T13:22:14.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:29:04 honeypot-fra-1 sshd[6604]: Received disconnect from 165.22.45.108 port 60554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:29:04.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:08 honeypot-fra-1 sshd[6609]: Invalid user user from 45.61.186.169 port 51306","@timestamp":"2022-09-13T13:30:08.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:25 honeypot-fra-1 sshd[6613]: Invalid user user from 45.61.186.169 port 46304","@timestamp":"2022-09-13T13:30:25.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:42 honeypot-fra-1 sshd[6617]: Invalid user user from 45.61.186.169 port 41298","@timestamp":"2022-09-13T13:30:43.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:31:46 honeypot-fra-1 sshd[6621]: Invalid user vpn from 95.153.85.106 port 51645","@timestamp":"2022-09-13T13:31:47.046Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:32:51 honeypot-fra-1 sshd[6626]: Received disconnect from 187.235.4.20 port 45388:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:32:51.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:36:37.901Z","@version":"1","message":"Sep 13 13:36:37 honeypot-sgp-1 kernel: [83952307.548034] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.46.213.187 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=29512 PROTO=TCP SPT=56474 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:39:46 honeypot-ams-1 sshd[15866]: Connection closed by authenticating user nobody 179.60.147.69 port 39402 [preauth]","@timestamp":"2022-09-13T13:39:47.085Z"}
{"@timestamp":"2022-09-13T13:40:20.993Z","@version":"1","message":"Sep 13 13:40:20 honeypot-sgp-1 sshd[11020]: Received disconnect from 92.255.85.69 port 16230:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:41:00.012Z","@version":"1","message":"Sep 13 13:40:59 honeypot-sgp-1 kernel: [83952570.002925] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=16061 PROTO=TCP SPT=56088 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:43:15.070Z","@version":"1","message":"Sep 13 13:43:15 honeypot-sgp-1 sshd[11028]: Disconnected from invalid user oracle 68.183.78.141 port 40686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:44:12 honeypot-fra-1 sshd[6638]: Invalid user taaldage from 193.168.195.23 port 35024","@timestamp":"2022-09-13T13:44:13.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:44:58 honeypot-fra-1 kernel: [83951122.309391] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=38231 PROTO=TCP SPT=56088 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:44:59.419Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:47:51 honeypot-fra-1 sshd[6645]: Disconnected from authenticating user root 188.136.151.4 port 41888 [preauth]","@timestamp":"2022-09-13T13:47:52.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:53:15 honeypot-ams-1 kernel: [83953779.714856] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.207.248.16 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=20055 DF PROTO=TCP SPT=10076 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:53:16.431Z"}
{"@timestamp":"2022-09-13T13:55:35.373Z","@version":"1","message":"Sep 13 13:55:34 honeypot-sgp-1 sshd[11036]: Did not receive identification string from 141.255.162.226 port 35542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:56.384Z","@version":"1","message":"Sep 13 13:55:55 honeypot-sgp-1 sshd[11039]: Disconnected from invalid user user 141.255.162.226 port 39666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:59.386Z","@version":"1","message":"Sep 13 13:55:58 honeypot-sgp-1 sshd[11045]: Disconnected from invalid user user 141.255.162.226 port 48370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:59:41.479Z","@version":"1","message":"Sep 13 13:59:41 honeypot-sgp-1 kernel: [83953691.140674] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.41.152.211 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=46741 PROTO=TCP SPT=57577 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:05:15 honeypot-fra-1 sshd[6654]: Disconnected from authenticating user root 92.255.85.70 port 47798 [preauth]","@timestamp":"2022-09-13T14:05:15.884Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:08:48 honeypot-ams-1 sshd[15877]: Received disconnect from 92.255.85.70 port 44836:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:08:48.828Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:12:47 honeypot-fra-1 sshd[6662]: Invalid user ubnt from 118.69.69.120 port 42647","@timestamp":"2022-09-13T14:12:48.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:14:59.855Z","@version":"1","message":"Sep 13 14:14:59 honeypot-sgp-1 sshd[11058]: Did not receive identification string from 45.61.187.160 port 33286","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:15:36.872Z","@version":"1","message":"Sep 13 14:15:36 honeypot-sgp-1 sshd[11061]: Disconnected from invalid user user 45.61.187.160 port 34762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:15:56.882Z","@version":"1","message":"Sep 13 14:15:56 honeypot-sgp-1 sshd[11065]: Disconnected from invalid user user 45.61.187.160 port 57700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:13.892Z","@version":"1","message":"Sep 13 14:16:13 honeypot-sgp-1 sshd[11069]: Disconnected from invalid user user 45.61.187.160 port 52440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:17:01 honeypot-ams-1 CRON[15882]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T14:17:02.070Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:17:01 honeypot-fra-1 CRON[6667]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T14:17:02.153Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:19:33.979Z","@version":"1","message":"Sep 13 14:19:33 honeypot-sgp-1 sshd[11076]: Invalid user autobacs from 122.170.105.253 port 33288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:20:21.001Z","@version":"1","message":"Sep 13 14:20:20 honeypot-sgp-1 sshd[11079]: Disconnected from authenticating user root 182.74.249.110 port 47640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:25 honeypot-fra-1 sshd[6673]: Received disconnect from 165.232.173.191 port 56246:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:24:25.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:58 honeypot-fra-1 sshd[6675]: Received disconnect from 104.245.44.233 port 54054:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:24:59.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:08 honeypot-fra-1 sshd[6681]: Invalid user user from 198.98.61.9 port 53804","@timestamp":"2022-09-13T14:26:09.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:26 honeypot-fra-1 sshd[6685]: Invalid user user from 198.98.61.9 port 48450","@timestamp":"2022-09-13T14:26:26.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:35 honeypot-fra-1 sshd[6687]: Disconnected from invalid user user 198.98.61.9 port 59900 [preauth]","@timestamp":"2022-09-13T14:26:35.375Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:51 honeypot-fra-1 sshd[6691]: Disconnected from invalid user user 198.98.61.9 port 54518 [preauth]","@timestamp":"2022-09-13T14:26:52.383Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:29:14.227Z","@version":"1","message":"Sep 13 14:29:13 honeypot-sgp-1 kernel: [83955463.285663] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.198.201.142 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=31467 PROTO=TCP SPT=64434 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:29:40 honeypot-ams-1 kernel: [83955964.589331] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58275 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:29:41.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:32:53 honeypot-fra-1 sshd[6696]: Invalid user User from 178.74.44.23 port 41528","@timestamp":"2022-09-13T14:32:53.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:35:02 honeypot-ams-1 sshd[15891]: Bad protocol version identification '\\003' from 91.191.209.202 port 62411","@timestamp":"2022-09-13T14:35:02.579Z"}
{"@timestamp":"2022-09-13T14:39:02.473Z","@version":"1","message":"Sep 13 14:39:02 honeypot-sgp-1 kernel: [83956052.409210] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=7049 PROTO=TCP SPT=51407 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:44:59 honeypot-ams-1 sshd[15895]: Disconnected from invalid user oz 187.157.23.243 port 52442 [preauth]","@timestamp":"2022-09-13T14:45:00.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:46:49 honeypot-fra-1 sshd[6702]: Disconnected from authenticating user root 125.164.21.83 port 27328 [preauth]","@timestamp":"2022-09-13T14:46:49.855Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:49:31.735Z","@version":"1","message":"Sep 13 14:49:31 honeypot-sgp-1 sshd[11096]: Connection closed by authenticating user root 179.60.147.69 port 26420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:49:59 honeypot-fra-1 sshd[6707]: Received disconnect from 60.208.119.154 port 33680:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:49:59.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:51:02 honeypot-fra-1 sshd[6713]: Disconnected from authenticating user root 189.5.124.232 port 49144 [preauth]","@timestamp":"2022-09-13T14:51:02.982Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:52:24 honeypot-fra-1 sshd[6720]: Disconnected from authenticating user root 35.230.36.24 port 47738 [preauth]","@timestamp":"2022-09-13T14:52:25.018Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:55:26 honeypot-fra-1 sshd[6724]: Disconnected from invalid user capanni 68.237.78.73 port 34934 [preauth]","@timestamp":"2022-09-13T14:55:27.087Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:57:04 honeypot-ams-1 kernel: [83957608.152857] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47369 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:57:05.155Z"}
{"@timestamp":"2022-09-13T15:07:35.177Z","@version":"1","message":"Sep 13 15:07:34 honeypot-sgp-1 kernel: [83957764.893830] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=55314 PROTO=TCP SPT=41203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:09:00 honeypot-fra-1 sshd[6728]: Invalid user lin from 143.244.154.61 port 59138","@timestamp":"2022-09-13T15:09:01.387Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:12:24 honeypot-fra-1 kernel: [83956367.321007] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.156.155.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22175 PROTO=TCP SPT=53102 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:12:24.468Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:15:48 honeypot-fra-1 sshd[6737]: Disconnected from authenticating user root 92.255.85.69 port 15790 [preauth]","@timestamp":"2022-09-13T15:15:48.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:17:01 honeypot-fra-1 CRON[6742]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T15:17:01.577Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:17:02.410Z","@version":"1","message":"Sep 13 15:17:01 honeypot-sgp-1 CRON[11109]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:17:01 honeypot-ams-1 CRON[15909]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T15:17:02.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:21:09 honeypot-fra-1 sshd[6747]: Connection closed by invalid user crchen 137.116.144.39 port 32884 [preauth]","@timestamp":"2022-09-13T15:21:09.673Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:21:18.516Z","@version":"1","message":"Sep 13 15:21:18 honeypot-sgp-1 sshd[11117]: Received disconnect from 203.98.76.172 port 53748:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:24:31.596Z","@version":"1","message":"Sep 13 15:24:31 honeypot-sgp-1 sshd[11123]: Disconnected from authenticating user root 92.119.231.13 port 52302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:25:45.629Z","@version":"1","message":"Sep 13 15:25:45 honeypot-sgp-1 sshd[11128]: Disconnected from invalid user ubuntu 85.237.57.253 port 52516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:25:46 honeypot-ams-1 kernel: [83959330.448321] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41634 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:25:46.906Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:31:02 honeypot-fra-1 sshd[6755]: Invalid user test from 193.106.191.157 port 44470","@timestamp":"2022-09-13T15:31:02.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:32:09 honeypot-fra-1 sshd[6759]: Disconnected from invalid user rq 180.179.114.44 port 36232 [preauth]","@timestamp":"2022-09-13T15:32:09.945Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:38:54.952Z","@version":"1","message":"Sep 13 15:38:54 honeypot-sgp-1 sshd[11135]: Invalid user jo from 103.242.117.234 port 59810","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:39:14 honeypot-fra-1 sshd[6764]: Received disconnect from 92.255.85.70 port 42252:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:39:15.100Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:41:38 honeypot-ams-1 sshd[15922]: Received disconnect from 92.255.85.70 port 54700:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:41:38.333Z"}
{"@timestamp":"2022-09-13T15:42:09.032Z","@version":"1","message":"Sep 13 15:42:08 honeypot-sgp-1 sshd[11140]: Received disconnect from 193.95.228.126 port 46771:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:15 honeypot-fra-1 sshd[6770]: Invalid user user from 45.61.186.169 port 56996","@timestamp":"2022-09-13T15:43:16.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:32 honeypot-fra-1 sshd[6774]: Invalid user user from 45.61.186.169 port 51870","@timestamp":"2022-09-13T15:43:33.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:48 honeypot-fra-1 sshd[6778]: Invalid user user from 45.61.186.169 port 46736","@timestamp":"2022-09-13T15:43:49.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:45:54 honeypot-fra-1 sshd[6782]: Received disconnect from 206.189.151.245 port 47096:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:45:55.262Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:46:01.126Z","@version":"1","message":"Sep 13 15:46:00 honeypot-sgp-1 sshd[11144]: Disconnected from invalid user user 137.184.123.69 port 58780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:48:42 honeypot-ams-1 sshd[15937]: Received disconnect from 80.76.51.189 port 59872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:48:42.517Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:49:02 honeypot-fra-1 sshd[6787]: Received disconnect from 143.110.254.115 port 43672:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:49:03.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:50:12 honeypot-ams-1 kernel: [83960796.415857] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=49322 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:50:13.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:51:15 honeypot-ams-1 sshd[15947]: Disconnected from authenticating user root 80.76.51.189 port 43676 [preauth]","@timestamp":"2022-09-13T15:51:15.589Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:52:30 honeypot-fra-1 sshd[6792]: Disconnected from authenticating user root 159.65.232.191 port 50016 [preauth]","@timestamp":"2022-09-13T15:52:31.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:52:49 honeypot-ams-1 sshd[15954]: Disconnected from authenticating user root 80.76.51.189 port 45232 [preauth]","@timestamp":"2022-09-13T15:52:50.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:54:23 honeypot-ams-1 sshd[15960]: Received disconnect from 80.76.51.189 port 46796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:54:23.675Z"}
{"@timestamp":"2022-09-13T15:55:24.384Z","@version":"1","message":"Sep 13 15:55:23 honeypot-sgp-1 sshd[11153]: Invalid user openfiler from 91.240.118.222 port 37741","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:55:28 honeypot-ams-1 sshd[15965]: Received disconnect from 80.76.51.189 port 57256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:55:28.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:56:37 honeypot-ams-1 sshd[15969]: Received disconnect from 80.76.51.189 port 39482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:56:37.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:57:48 honeypot-ams-1 sshd[15974]: Received disconnect from 80.76.51.189 port 49944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:57:48.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:59:34 honeypot-ams-1 sshd[15980]: Invalid user oracle from 80.76.51.189 port 51508","@timestamp":"2022-09-13T15:59:34.882Z"}
{"@timestamp":"2022-09-13T15:59:49.491Z","@version":"1","message":"Sep 13 15:59:49 honeypot-sgp-1 sshd[11156]: Invalid user oracle from 92.255.85.69 port 53086","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:00:46 honeypot-ams-1 sshd[15984]: Received disconnect from 80.76.51.189 port 33732:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T16:00:46.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:01:59 honeypot-ams-1 sshd[15988]: Disconnected from invalid user odoo 80.76.51.189 port 44192 [preauth]","@timestamp":"2022-09-13T16:01:59.948Z"}
{"@timestamp":"2022-09-13T16:03:09.574Z","@version":"1","message":"Sep 13 16:03:08 honeypot-sgp-1 sshd[11163]: Invalid user user from 141.255.162.226 port 47086","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:13.577Z","@version":"1","message":"Sep 13 16:03:13 honeypot-sgp-1 sshd[11167]: Invalid user user from 141.255.162.226 port 39744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:16.579Z","@version":"1","message":"Sep 13 16:03:16 honeypot-sgp-1 sshd[11171]: Invalid user user from 141.255.162.226 port 54046","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:03:32 honeypot-fra-1 sshd[6799]: Invalid user oracle from 92.255.85.70 port 22914","@timestamp":"2022-09-13T16:03:33.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:05:10 honeypot-ams-1 sshd[15995]: Received disconnect from 92.255.85.70 port 20804:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:05:11.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:07:30 honeypot-fra-1 kernel: [83959673.656600] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=113.53.238.204 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=65238 DF PROTO=TCP SPT=58312 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:07:30.763Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:07:33 honeypot-ams-1 kernel: [83961836.959472] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.24.198.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=40164 PROTO=TCP SPT=38374 DPT=443 WINDOW=45521 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:07:34.100Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:16:53 honeypot-fra-1 sshd[6807]: Invalid user site01 from 68.183.236.92 port 41434","@timestamp":"2022-09-13T16:16:53.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:17:01.908Z","@version":"1","message":"Sep 13 16:17:01 honeypot-sgp-1 CRON[11176]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:17:05 honeypot-fra-1 sshd[6809]: Received disconnect from 58.246.187.126 port 21120:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:17:06.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:18:02 honeypot-fra-1 sshd[6816]: Disconnected from invalid user finance 128.199.187.30 port 57390 [preauth]","@timestamp":"2022-09-13T16:18:03.039Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:19:24 honeypot-ams-1 sshd[16006]: Invalid user super from 164.70.100.221 port 34520","@timestamp":"2022-09-13T16:19:24.426Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:22:54 honeypot-fra-1 sshd[6821]: Disconnected from authenticating user root 202.83.17.205 port 54404 [preauth]","@timestamp":"2022-09-13T16:22:55.149Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:24:15.083Z","@version":"1","message":"Sep 13 16:24:14 honeypot-sgp-1 sshd[11180]: Disconnected from authenticating user root 92.255.85.70 port 52854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:27:53 honeypot-fra-1 sshd[6827]: Invalid user ubnt from 46.101.132.159 port 47792","@timestamp":"2022-09-13T16:27:54.262Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:28:27 honeypot-ams-1 sshd[16009]: Disconnected from authenticating user root 92.255.85.70 port 59510 [preauth]","@timestamp":"2022-09-13T16:28:27.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:31:46 honeypot-fra-1 sshd[6832]: Received disconnect from 36.66.16.233 port 52672:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:31:46.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:32:57.291Z","@version":"1","message":"Sep 13 16:32:56 honeypot-sgp-1 sshd[11186]: Invalid user user from 45.61.186.169 port 33808","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:16.300Z","@version":"1","message":"Sep 13 16:33:15 honeypot-sgp-1 sshd[11190]: Invalid user user from 45.61.186.169 port 56742","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:33.309Z","@version":"1","message":"Sep 13 16:33:33 honeypot-sgp-1 sshd[11194]: Invalid user user from 45.61.186.169 port 51464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:37:32 honeypot-fra-1 kernel: [83961475.872648] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.108 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=14268 PROTO=TCP SPT=26055 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:37:33.472Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T16:39:21.450Z","@version":"1","message":"Sep 13 16:39:20 honeypot-sgp-1 sshd[11200]: Invalid user test from 179.60.147.69 port 21230","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:40:12 honeypot-ams-1 sshd[16015]: Disconnected from invalid user delissium 103.75.148.11 port 52310 [preauth]","@timestamp":"2022-09-13T16:40:12.983Z"}
{"@timestamp":"2022-09-13T16:46:21.621Z","@version":"1","message":"Sep 13 16:46:20 honeypot-sgp-1 sshd[11204]: Received disconnect from 92.255.85.70 port 57100:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:46:53 honeypot-ams-1 sshd[16023]: Received disconnect from 68.183.16.211 port 58114:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:46:54.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:49:19 honeypot-ams-1 sshd[16027]: Received disconnect from 154.70.208.66 port 44822:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:49:20.260Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:49:43 honeypot-fra-1 sshd[6844]: Received disconnect from 106.215.82.197 port 6829:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:49:44.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:50:14 honeypot-fra-1 sshd[6848]: Received disconnect from 91.240.118.222 port 36666:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-13T16:50:14.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:51:10 honeypot-fra-1 sshd[6852]: Received disconnect from 62.204.41.222 port 56621:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-13T16:51:10.790Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:51:21.745Z","@version":"1","message":"Sep 13 16:51:21 honeypot-sgp-1 sshd[11209]: Disconnected from authenticating user root 109.197.194.157 port 37092 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:58:03 honeypot-ams-1 sshd[16033]: Disconnected from authenticating user root 128.199.225.7 port 42110 [preauth]","@timestamp":"2022-09-13T16:58:04.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:44 honeypot-ams-1 sshd[16036]: Received disconnect from 141.255.162.226 port 56816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:00:44.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:51 honeypot-ams-1 sshd[16040]: Received disconnect from 141.255.162.226 port 58758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:00:52.565Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:53 honeypot-ams-1 sshd[16044]: Received disconnect from 141.255.162.226 port 38074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:00:54.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:02:49 honeypot-fra-1 kernel: [83962992.868093] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.46.249 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39733 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:02:50.070Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:05:22 honeypot-fra-1 kernel: [83963145.295068] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15706 PROTO=TCP SPT=45827 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:05:23.131Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:06:15.107Z","@version":"1","message":"Sep 13 17:06:14 honeypot-sgp-1 kernel: [83964884.367604] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=47.52.27.84 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=27333 PROTO=TCP SPT=48610 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:09:01 honeypot-fra-1 CRON[6864]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T17:09:02.218Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:11:29.237Z","@version":"1","message":"Sep 13 17:11:28 honeypot-sgp-1 sshd[11237]: Received disconnect from 129.226.182.174 port 57752:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:12:57 honeypot-ams-1 sshd[16050]: Disconnected from authenticating user root 92.255.85.70 port 63802 [preauth]","@timestamp":"2022-09-13T17:12:57.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:14:02 honeypot-fra-1 kernel: [83963665.258830] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=50415 PROTO=TCP SPT=10390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:14:02.333Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:15:36.339Z","@version":"1","message":"Sep 13 17:15:35 honeypot-sgp-1 sshd[11241]: Disconnected from authenticating user root 81.16.11.250 port 55550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:01 honeypot-ams-1 CRON[16057]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T17:17:01.987Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:17:01 honeypot-fra-1 CRON[6874]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T17:17:02.403Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:38 honeypot-ams-1 sshd[16061]: Disconnected from invalid user user 141.255.162.226 port 37968 [preauth]","@timestamp":"2022-09-13T17:17:39.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:40 honeypot-ams-1 sshd[16065]: Disconnected from invalid user user 141.255.162.226 port 59048 [preauth]","@timestamp":"2022-09-13T17:17:41.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:45 honeypot-ams-1 sshd[16069]: Disconnected from invalid user user 141.255.162.226 port 44880 [preauth]","@timestamp":"2022-09-13T17:17:45.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:18:49 honeypot-ams-1 sshd[16074]: Disconnected from authenticating user root 179.43.145.74 port 55142 [preauth]","@timestamp":"2022-09-13T17:18:50.039Z"}
{"@timestamp":"2022-09-13T17:19:04.428Z","@version":"1","message":"Sep 13 17:19:03 honeypot-sgp-1 kernel: [83965653.273555] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=36176 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:20:27 honeypot-ams-1 sshd[16081]: Received disconnect from 179.43.145.74 port 60646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:20:28.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:21:09 honeypot-ams-1 sshd[16086]: Received disconnect from 159.223.79.49 port 34432:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:21:10.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:22:22 honeypot-ams-1 sshd[16092]: Disconnected from authenticating user root 179.43.145.74 port 39754 [preauth]","@timestamp":"2022-09-13T17:22:23.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:24:17 honeypot-ams-1 sshd[16096]: Disconnected from invalid user test 179.43.145.74 port 47104 [preauth]","@timestamp":"2022-09-13T17:24:17.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:25:22 honeypot-ams-1 sshd[16100]: Disconnected from invalid user ansible 179.43.145.74 port 52616 [preauth]","@timestamp":"2022-09-13T17:25:23.232Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:26:50 honeypot-ams-1 sshd[16104]: Disconnected from invalid user ubuntu 179.43.145.74 port 58122 [preauth]","@timestamp":"2022-09-13T17:26:51.271Z"}
{"@timestamp":"2022-09-13T17:28:01.646Z","@version":"1","message":"Sep 13 17:28:00 honeypot-sgp-1 kernel: [83966190.485680] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.135 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48956 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:28:28 honeypot-ams-1 kernel: [83966692.113033] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.129 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38953 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:28:29.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:30:13 honeypot-ams-1 sshd[16115]: Invalid user odoo from 179.43.145.74 port 42752","@timestamp":"2022-09-13T17:30:14.364Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:32:58 honeypot-fra-1 sshd[6879]: Invalid user ftpuser from 20.239.69.124 port 35104","@timestamp":"2022-09-13T17:32:58.764Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:33:31 honeypot-ams-1 sshd[16120]: Did not receive identification string from 45.61.184.204 port 52264","@timestamp":"2022-09-13T17:33:32.449Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:34:01 honeypot-fra-1 sshd[6884]: Disconnected from authenticating user root 92.255.85.70 port 28418 [preauth]","@timestamp":"2022-09-13T17:34:02.791Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:34:17.803Z","@version":"1","message":"Sep 13 17:34:17 honeypot-sgp-1 kernel: [83966567.382656] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.222.144.15 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=5008 DF PROTO=TCP SPT=50124 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:18 honeypot-ams-1 sshd[16123]: Disconnected from invalid user user 45.61.184.204 port 40998 [preauth]","@timestamp":"2022-09-13T17:34:19.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:37 honeypot-ams-1 sshd[16127]: Disconnected from invalid user user 45.61.184.204 port 35690 [preauth]","@timestamp":"2022-09-13T17:34:37.480Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:55 honeypot-ams-1 sshd[16131]: Disconnected from invalid user user 45.61.184.204 port 58604 [preauth]","@timestamp":"2022-09-13T17:34:56.491Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:36:06 honeypot-ams-1 kernel: [83967150.592499] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.150.94.243 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=59 ID=26781 PROTO=TCP SPT=6741 DPT=443 WINDOW=25637 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:36:07.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:40:27 honeypot-fra-1 sshd[6889]: Disconnected from invalid user petern 92.9.123.122 port 46514 [preauth]","@timestamp":"2022-09-13T17:40:27.935Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:41:04.971Z","@version":"1","message":"Sep 13 17:41:04 honeypot-sgp-1 sshd[11260]: Received disconnect from 80.91.223.97 port 40484:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:45:44 honeypot-fra-1 kernel: [83965567.552410] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39766 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:45:45.056Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:42 honeypot-ams-1 sshd[16141]: Protocol major versions differ for 104.156.155.31 port 13466: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Nmap-SSH1-Hostkey","@timestamp":"2022-09-13T17:50:42.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:43 honeypot-ams-1 sshd[16143]: Connection closed by invalid user giqsw 104.156.155.31 port 62076 [preauth]","@timestamp":"2022-09-13T17:50:43.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:46 honeypot-ams-1 sshd[16158]: Unable to negotiate with 104.156.155.31 port 52685: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]","@timestamp":"2022-09-13T17:50:46.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6898]: Did not receive identification string from 94.156.175.57 port 42332","@timestamp":"2022-09-13T17:52:36.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6902]: Invalid user postgres from 94.156.175.57 port 42631","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6904]: Invalid user ansible from 94.156.175.57 port 42632","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6917]: Invalid user hadoop from 94.156.175.57 port 42659","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6903]: Invalid user steam from 94.156.175.57 port 42629","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6906]: Connection closed by invalid user ftpadmin 94.156.175.57 port 42644 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6903]: Connection closed by invalid user steam 94.156.175.57 port 42629 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6909]: Connection closed by invalid user test 94.156.175.57 port 42654 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6913]: Connection closed by invalid user guest 94.156.175.57 port 42667 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6933]: Invalid user carlos from 94.156.175.57 port 42681","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:52:39.251Z","@version":"1","message":"Sep 13 17:52:39 honeypot-sgp-1 sshd[11264]: Invalid user default from 179.60.147.69 port 21284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:58 honeypot-fra-1 sshd[6958]: Invalid user user from 45.61.184.204 port 37252","@timestamp":"2022-09-13T17:52:59.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:13 honeypot-fra-1 kernel: [83966016.147280] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.222.144.15 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=19493 DF PROTO=TCP SPT=49336 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T17:53:13.229Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:23 honeypot-fra-1 sshd[6964]: Received disconnect from 45.61.184.204 port 42608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:53:24.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:31 honeypot-fra-1 sshd[6968]: Disconnected from invalid user user 45.61.184.204 port 53808 [preauth]","@timestamp":"2022-09-13T17:53:31.238Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:56:10 honeypot-fra-1 sshd[6974]: Received disconnect from 92.255.85.70 port 22160:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:56:11.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:38 honeypot-fra-1 sshd[6978]: Disconnected from invalid user user 141.255.162.226 port 60884 [preauth]","@timestamp":"2022-09-13T17:57:39.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:40 honeypot-fra-1 sshd[6982]: Disconnected from invalid user user 141.255.162.226 port 53630 [preauth]","@timestamp":"2022-09-13T17:57:41.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:42 honeypot-fra-1 sshd[6986]: Disconnected from invalid user user 141.255.162.226 port 39906 [preauth]","@timestamp":"2022-09-13T17:57:43.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:57:55 honeypot-ams-1 sshd[16167]: Disconnected from authenticating user root 92.255.85.69 port 49772 [preauth]","@timestamp":"2022-09-13T17:57:56.108Z"}
{"@timestamp":"2022-09-13T17:58:01.383Z","@version":"1","message":"Sep 13 17:58:01 honeypot-sgp-1 kernel: [83967991.003530] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=14136 DF PROTO=TCP SPT=62651 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:43 honeypot-ams-1 sshd[16172]: Invalid user user from 45.61.186.249 port 48946","@timestamp":"2022-09-13T17:58:44.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:05 honeypot-ams-1 sshd[16176]: Invalid user user from 45.61.186.249 port 46842","@timestamp":"2022-09-13T17:59:06.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:26 honeypot-ams-1 sshd[16180]: Invalid user user from 45.61.186.249 port 44642","@timestamp":"2022-09-13T17:59:27.157Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:59:33 honeypot-fra-1 sshd[6992]: Received disconnect from 193.46.199.36 port 33664:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:59:34.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:37 honeypot-ams-1 sshd[16184]: Received disconnect from 45.61.186.249 port 57680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:59:38.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:05:58 honeypot-fra-1 sshd[6997]: Invalid user openvpn_as from 185.151.51.90 port 46346","@timestamp":"2022-09-13T18:05:59.522Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:07:21 honeypot-ams-1 sshd[16187]: Disconnected from authenticating user root 202.139.196.201 port 35500 [preauth]","@timestamp":"2022-09-13T18:07:22.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:08:50 honeypot-fra-1 sshd[7002]: Invalid user test from 193.106.191.157 port 57896","@timestamp":"2022-09-13T18:08:51.587Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:09:07 honeypot-ams-1 sshd[16191]: Received disconnect from 62.204.41.222 port 43460:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-13T18:09:08.436Z"}
{"@timestamp":"2022-09-13T18:16:05.813Z","@version":"1","message":"Sep 13 18:16:04 honeypot-sgp-1 sshd[11270]: Disconnected from authenticating user root 92.255.85.69 port 39126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:16:48 honeypot-fra-1 kernel: [83967431.438118] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.142.137.96 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=22962 DF PROTO=TCP SPT=58910 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:16:48.781Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:17:01 honeypot-ams-1 CRON[16196]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T18:17:02.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:25:01 honeypot-ams-1 sshd[16202]: Invalid user test from 193.106.191.157 port 51694","@timestamp":"2022-09-13T18:25:01.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:26:20 honeypot-fra-1 kernel: [83968003.316256] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=49172 PROTO=TCP SPT=50676 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:26:20.995Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T18:29:05.129Z","@version":"1","message":"Sep 13 18:29:04 honeypot-sgp-1 sshd[11280]: Invalid user admin from 179.60.147.69 port 33464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:32:30 honeypot-fra-1 sshd[7016]: Invalid user track from 104.248.91.215 port 51938","@timestamp":"2022-09-13T18:32:30.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:35:01 honeypot-ams-1 kernel: [83970685.204137] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.105.114.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=62781 PROTO=TCP SPT=47617 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:35:02.121Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:35:26 honeypot-fra-1 sshd[7021]: Received disconnect from 43.154.43.99 port 41382:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:35:26.218Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:31 honeypot-ams-1 sshd[16210]: Invalid user user from 45.61.186.169 port 34800","@timestamp":"2022-09-13T18:36:32.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:48 honeypot-ams-1 sshd[16214]: Invalid user user from 45.61.186.169 port 59998","@timestamp":"2022-09-13T18:36:49.172Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:36:59 honeypot-ams-1 kernel: [83970803.416602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=57834 PROTO=TCP SPT=48073 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:37:00.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:37:14 honeypot-ams-1 sshd[16221]: Disconnected from invalid user user 45.61.186.169 port 41340 [preauth]","@timestamp":"2022-09-13T18:37:15.185Z"}
{"@timestamp":"2022-09-13T18:38:30.359Z","@version":"1","message":"Sep 13 18:38:30 honeypot-sgp-1 kernel: [83970419.917685] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.230.103.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=36820 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:38:52 honeypot-fra-1 sshd[7025]: Received disconnect from 179.60.230.131 port 47310:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:38:53.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:39 honeypot-fra-1 sshd[7031]: Invalid user bonec from 144.24.116.174 port 51244","@timestamp":"2022-09-13T18:39:40.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:43 honeypot-fra-1 sshd[7035]: Received disconnect from 37.187.123.50 port 42232:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:39:44.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:41:34 honeypot-fra-1 kernel: [83968917.369510] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=44.204.88.3 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=44720 PROTO=TCP SPT=54470 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:41:35.365Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:42:51 honeypot-fra-1 sshd[7044]: Disconnected from invalid user tenancy 157.245.122.58 port 58756 [preauth]","@timestamp":"2022-09-13T18:42:51.396Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:44:42 honeypot-fra-1 sshd[7048]: Disconnected from invalid user jonitwiso 157.245.122.58 port 57592 [preauth]","@timestamp":"2022-09-13T18:44:43.461Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:44:51 honeypot-ams-1 sshd[16229]: Disconnected from authenticating user root 80.76.51.189 port 35756 [preauth]","@timestamp":"2022-09-13T18:44:52.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:46:19 honeypot-ams-1 sshd[16236]: Received disconnect from 80.76.51.189 port 38790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:46:19.426Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:46:33 honeypot-fra-1 sshd[7053]: Disconnected from invalid user cypress 157.245.122.58 port 56418 [preauth]","@timestamp":"2022-09-13T18:46:33.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:47:51 honeypot-ams-1 sshd[16242]: Received disconnect from 80.76.51.189 port 41866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:47:51.467Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:49:28 honeypot-ams-1 sshd[16249]: Received disconnect from 80.76.51.189 port 44938:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:49:29.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:50:11 honeypot-ams-1 sshd[16253]: Disconnected from authenticating user root 143.110.151.255 port 51544 [preauth]","@timestamp":"2022-09-13T18:50:12.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:51:06 honeypot-ams-1 sshd[16257]: Disconnected from invalid user admin 80.76.51.189 port 48004 [preauth]","@timestamp":"2022-09-13T18:51:07.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:52:13 honeypot-ams-1 sshd[16261]: Disconnected from invalid user ansible 80.76.51.189 port 59454 [preauth]","@timestamp":"2022-09-13T18:52:13.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:53:19 honeypot-ams-1 sshd[16267]: Invalid user ansible from 80.76.51.189 port 42688","@timestamp":"2022-09-13T18:53:19.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:54:27 honeypot-ams-1 sshd[16272]: Received disconnect from 80.76.51.189 port 54150:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:54:28.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:55:38 honeypot-ams-1 sshd[16276]: Disconnected from invalid user oracle 80.76.51.189 port 37394 [preauth]","@timestamp":"2022-09-13T18:55:39.688Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:55:44 honeypot-fra-1 sshd[7060]: Invalid user test_user from 82.196.7.111 port 42162","@timestamp":"2022-09-13T18:55:44.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:56:53 honeypot-ams-1 sshd[16280]: Disconnected from authenticating user root 80.76.51.189 port 48828 [preauth]","@timestamp":"2022-09-13T18:56:53.724Z"}
{"@timestamp":"2022-09-13T18:57:13.805Z","@version":"1","message":"Sep 13 18:57:13 honeypot-sgp-1 kernel: [83971543.069908] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=55443 DF PROTO=TCP SPT=53581 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:58:41 honeypot-ams-1 sshd[16286]: Received disconnect from 80.76.51.189 port 51900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:58:42.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:59:13 honeypot-fra-1 sshd[7065]: Invalid user admin from 94.69.226.48 port 47688","@timestamp":"2022-09-13T18:59:13.794Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:59:18 honeypot-ams-1 sshd[16291]: Disconnected from authenticating user root 80.76.51.189 port 43514 [preauth]","@timestamp":"2022-09-13T18:59:19.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:01:26 honeypot-fra-1 sshd[7069]: Disconnected from authenticating user root 43.135.144.44 port 40802 [preauth]","@timestamp":"2022-09-13T19:01:26.846Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:08:55 honeypot-ams-1 kernel: [83972719.399376] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=39895 PROTO=TCP SPT=1952 DPT=80 WINDOW=65377 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:08:56.041Z"}
{"@timestamp":"2022-09-13T19:09:07.087Z","@version":"1","message":"Sep 13 19:09:07 honeypot-sgp-1 sshd[11295]: Invalid user monitor from 45.119.9.158 port 45344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:11:12.138Z","@version":"1","message":"Sep 13 19:11:11 honeypot-sgp-1 sshd[11300]: Received disconnect from 137.184.59.80 port 55776:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:13:24 honeypot-ams-1 kernel: [83972988.242992] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36751 PROTO=TCP SPT=55962 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:13:25.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:14:10 honeypot-fra-1 sshd[7077]: Invalid user admin from 92.124.220.106 port 41948","@timestamp":"2022-09-13T19:14:11.131Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:16:02.253Z","@version":"1","message":"Sep 13 19:16:01 honeypot-sgp-1 kernel: [83972671.000615] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47014 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:17:01 honeypot-fra-1 CRON[7082]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T19:17:02.197Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:20:04.350Z","@version":"1","message":"Sep 13 19:20:03 honeypot-sgp-1 kernel: [83972913.637472] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.63 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44862 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:20:16 honeypot-ams-1 kernel: [83973400.218659] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.179.151.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46098 DF PROTO=TCP SPT=9871 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:20:17.354Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:21:19 honeypot-ams-1 sshd[16312]: Disconnected from authenticating user root 157.245.122.58 port 59422 [preauth]","@timestamp":"2022-09-13T19:21:19.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:22:21 honeypot-ams-1 sshd[16316]: Disconnected from invalid user odoo 157.245.122.58 port 44720 [preauth]","@timestamp":"2022-09-13T19:22:22.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:23:21 honeypot-ams-1 sshd[16318]: Received disconnect from 157.245.122.58 port 58260:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:23:22.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:23:24 honeypot-fra-1 sshd[7088]: Disconnected from authenticating user root 92.255.85.69 port 18692 [preauth]","@timestamp":"2022-09-13T19:23:25.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:34 honeypot-ams-1 sshd[16323]: Invalid user user from 45.61.186.169 port 39410","@timestamp":"2022-09-13T19:24:34.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:51 honeypot-ams-1 sshd[16327]: Invalid user user from 45.61.186.169 port 33524","@timestamp":"2022-09-13T19:24:52.492Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:08 honeypot-ams-1 sshd[16331]: Invalid user user from 45.61.186.169 port 55866","@timestamp":"2022-09-13T19:25:08.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:15 honeypot-ams-1 sshd[16335]: Invalid user user from 45.61.186.169 port 38800","@timestamp":"2022-09-13T19:25:16.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:23 honeypot-ams-1 sshd[16338]: Disconnected from invalid user user 45.61.186.169 port 49974 [preauth]","@timestamp":"2022-09-13T19:25:24.509Z"}
{"@timestamp":"2022-09-13T19:25:41.485Z","@version":"1","message":"Sep 13 19:25:40 honeypot-sgp-1 sshd[11313]: Received disconnect from 157.245.142.116 port 45876:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:26:08 honeypot-ams-1 sshd[16342]: Disconnected from invalid user jonitiso 157.245.122.58 port 42388 [preauth]","@timestamp":"2022-09-13T19:26:09.533Z"}
{"@timestamp":"2022-09-13T19:27:40.533Z","@version":"1","message":"Sep 13 19:27:39 honeypot-sgp-1 sshd[11317]: Received disconnect from 142.93.135.234 port 53984:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:31:54 honeypot-ams-1 kernel: [83974097.738091] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30220 PROTO=TCP SPT=30867 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:31:54.693Z"}
{"@timestamp":"2022-09-13T19:33:02.679Z","@version":"1","message":"Sep 13 19:33:02 honeypot-sgp-1 kernel: [83973692.086045] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=1560 PROTO=TCP SPT=23791 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:34:04 honeypot-fra-1 sshd[7095]: Connection closed by authenticating user root 49.73.6.110 port 36950 [preauth]","@timestamp":"2022-09-13T19:34:04.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:38:30 honeypot-fra-1 sshd[7097]: Disconnected from authenticating user root 64.135.113.136 port 44776 [preauth]","@timestamp":"2022-09-13T19:38:30.676Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:40:07.846Z","@version":"1","message":"Sep 13 19:40:07 honeypot-sgp-1 sshd[11328]: Invalid user user from 45.61.186.49 port 45254","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:40:17.852Z","@version":"1","message":"Sep 13 19:40:17 honeypot-sgp-1 sshd[11332]: Invalid user user from 45.61.186.49 port 56908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:42:39 honeypot-fra-1 sshd[7104]: Disconnected from invalid user cn 161.18.254.73 port 57154 [preauth]","@timestamp":"2022-09-13T19:42:39.770Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:43:52.936Z","@version":"1","message":"Sep 13 19:43:52 honeypot-sgp-1 sshd[11338]: Received disconnect from 92.255.85.70 port 62144:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:45:44 honeypot-fra-1 sshd[7109]: Disconnected from invalid user sysgames 209.141.52.250 port 59740 [preauth]","@timestamp":"2022-09-13T19:45:44.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:49:40 honeypot-fra-1 kernel: [83973003.131747] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.38.93.168 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8677 PROTO=TCP SPT=55185 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:49:40.935Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T19:49:41.074Z","@version":"1","message":"Sep 13 19:49:40 honeypot-sgp-1 kernel: [83974690.639513] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=48384 DF PROTO=TCP SPT=52095 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:49:52 honeypot-ams-1 kernel: [83975176.308330] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=36882 PROTO=TCP SPT=51269 DPT=80 WINDOW=29132 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:49:53.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:52:16 honeypot-ams-1 sshd[16353]: Disconnected from invalid user monitor 159.89.163.217 port 50312 [preauth]","@timestamp":"2022-09-13T19:52:16.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:54:50 honeypot-fra-1 kernel: [83973313.241066] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.209.41 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38257 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:54:51.055Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:55:36 honeypot-ams-1 sshd[16355]: Disconnected from authenticating user root 68.183.78.141 port 44948 [preauth]","@timestamp":"2022-09-13T19:55:37.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:58:33 honeypot-fra-1 sshd[7118]: Disconnected from invalid user ksb 165.22.45.108 port 50416 [preauth]","@timestamp":"2022-09-13T19:58:34.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:01:37.359Z","@version":"1","message":"Sep 13 20:01:36 honeypot-sgp-1 sshd[11346]: Invalid user oracle from 46.101.141.155 port 34472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:03:47 honeypot-ams-1 sshd[16362]: Invalid user admin from 85.31.46.45 port 46674","@timestamp":"2022-09-13T20:03:48.528Z"}
{"@timestamp":"2022-09-13T20:03:53.415Z","@version":"1","message":"Sep 13 20:03:53 honeypot-sgp-1 sshd[11349]: Disconnected from invalid user user 45.61.186.169 port 54482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:11.425Z","@version":"1","message":"Sep 13 20:04:11 honeypot-sgp-1 sshd[11355]: Invalid user user from 45.61.186.169 port 49380","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:18 honeypot-ams-1 sshd[16367]: Received disconnect from 85.31.46.45 port 38164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:04:18.543Z"}
{"@timestamp":"2022-09-13T20:04:28.433Z","@version":"1","message":"Sep 13 20:04:27 honeypot-sgp-1 sshd[11359]: Invalid user user from 45.61.186.169 port 44222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:44.441Z","@version":"1","message":"Sep 13 20:04:43 honeypot-sgp-1 sshd[11363]: Invalid user user from 45.61.186.169 port 39104","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:05:03 honeypot-ams-1 sshd[16373]: Received disconnect from 85.31.46.45 port 39332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:05:03.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:05:46 honeypot-ams-1 sshd[16379]: Received disconnect from 85.31.46.45 port 40572:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:05:46.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:15 honeypot-ams-1 sshd[16384]: Received disconnect from 85.31.46.45 port 60296:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:06:16.604Z"}
{"@timestamp":"2022-09-13T20:07:20.504Z","@version":"1","message":"Sep 13 20:07:20 honeypot-sgp-1 sshd[11368]: Received disconnect from 137.184.126.78 port 43358:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:10:31 honeypot-fra-1 sshd[7125]: Disconnected from authenticating user root 104.248.199.34 port 42434 [preauth]","@timestamp":"2022-09-13T20:10:32.413Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:10:38 honeypot-ams-1 sshd[16389]: Invalid user user from 167.99.220.160 port 48392","@timestamp":"2022-09-13T20:10:39.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:14:06 honeypot-fra-1 sshd[7129]: Received disconnect from 165.22.60.53 port 37542:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:14:06.496Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:17:01 honeypot-ams-1 CRON[16394]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T20:17:02.885Z"}
{"@timestamp":"2022-09-13T20:17:02.731Z","@version":"1","message":"Sep 13 20:17:01 honeypot-sgp-1 CRON[11375]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:19:16 honeypot-fra-1 sshd[7137]: Invalid user jkl from 118.212.146.43 port 46768","@timestamp":"2022-09-13T20:19:17.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:21:03 honeypot-fra-1 kernel: [83974886.431945] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.58 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=215 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:21:04.659Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:24:13 honeypot-ams-1 kernel: [83977237.491355] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:24:14.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:29:48 honeypot-ams-1 sshd[16403]: Invalid user tzf from 188.166.252.132 port 39888","@timestamp":"2022-09-13T20:29:49.222Z"}
{"@timestamp":"2022-09-13T20:30:35.055Z","@version":"1","message":"Sep 13 20:30:34 honeypot-sgp-1 kernel: [83977143.721372] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=14226 PROTO=TCP SPT=41003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:32:44.110Z","@version":"1","message":"Sep 13 20:32:43 honeypot-sgp-1 sshd[11386]: Disconnected from 206.81.15.128 port 47550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:33:44 honeypot-fra-1 sshd[7146]: Connection closed by authenticating user root 91.92.209.231 port 34373 [preauth]","@timestamp":"2022-09-13T20:33:44.947Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:35:36 honeypot-ams-1 sshd[16408]: Received disconnect from 92.255.85.70 port 62206:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:35:37.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:37:59 honeypot-fra-1 sshd[7152]: Invalid user user from 198.98.61.9 port 48454","@timestamp":"2022-09-13T20:38:00.045Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:16 honeypot-fra-1 sshd[7156]: Invalid user user from 198.98.61.9 port 43300","@timestamp":"2022-09-13T20:38:17.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:37 honeypot-fra-1 sshd[7161]: Invalid user user from 198.98.61.9 port 38140","@timestamp":"2022-09-13T20:38:38.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:48 honeypot-fra-1 kernel: [83975950.799043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58245 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:38:49.067Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:38:59 honeypot-ams-1 kernel: [83978123.257088] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=32827 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:39:00.467Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:41:52 honeypot-fra-1 sshd[7169]: Disconnected from invalid user user 45.61.187.160 port 38850 [preauth]","@timestamp":"2022-09-13T20:41:53.142Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:42:03 honeypot-ams-1 kernel: [83978307.412918] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.159.103.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=11711 PROTO=TCP SPT=16568 DPT=80 WINDOW=37232 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:42:04.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:07 honeypot-fra-1 sshd[7173]: Disconnected from invalid user ksb 165.22.45.108 port 55350 [preauth]","@timestamp":"2022-09-13T20:42:07.148Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:25 honeypot-fra-1 sshd[7177]: Disconnected from invalid user user 45.61.187.160 port 44982 [preauth]","@timestamp":"2022-09-13T20:42:26.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:44 honeypot-fra-1 sshd[7181]: Disconnected from invalid user user 45.61.187.160 port 39648 [preauth]","@timestamp":"2022-09-13T20:42:45.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:55 honeypot-fra-1 sshd[7183]: Disconnected from invalid user bong 3.38.231.14 port 42514 [preauth]","@timestamp":"2022-09-13T20:42:55.171Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:45:30.441Z","@version":"1","message":"Sep 13 20:45:29 honeypot-sgp-1 sshd[11392]: Received disconnect from 137.184.104.77 port 33428:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:52:51 honeypot-ams-1 kernel: [83978954.705039] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=35916 PROTO=TCP SPT=15325 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:52:51.838Z"}
{"@timestamp":"2022-09-13T20:52:55.622Z","@version":"1","message":"Sep 13 20:52:55 honeypot-sgp-1 kernel: [83978485.011445] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.4.58 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63979 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:53:55.651Z","@version":"1","message":"Sep 13 20:53:55 honeypot-sgp-1 sshd[11402]: Disconnected from authenticating user root 92.255.85.70 port 24908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:55:38 honeypot-fra-1 sshd[7194]: Connection closed by invalid user pi 80.117.229.198 port 55896 [preauth]","@timestamp":"2022-09-13T20:55:39.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:55:40.698Z","@version":"1","message":"Sep 13 20:55:40 honeypot-sgp-1 sshd[11408]: Connection closed by invalid user support 179.60.147.69 port 24984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:56:47 honeypot-fra-1 sshd[7202]: Invalid user support from 179.60.147.69 port 22778","@timestamp":"2022-09-13T20:56:48.481Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:56:55.730Z","@version":"1","message":"Sep 13 20:56:55 honeypot-sgp-1 sshd[11414]: Disconnected from authenticating user root 179.43.156.143 port 47978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:58:06.760Z","@version":"1","message":"Sep 13 20:58:06 honeypot-sgp-1 sshd[11419]: Disconnected from invalid user ossuser 179.43.156.143 port 39172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:48 honeypot-fra-1 sshd[7206]: Disconnected from invalid user user 45.61.186.49 port 57176 [preauth]","@timestamp":"2022-09-13T20:58:48.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:59 honeypot-fra-1 sshd[7212]: Invalid user user from 45.61.186.49 port 41966","@timestamp":"2022-09-13T20:58:59.535Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:59:29.795Z","@version":"1","message":"Sep 13 20:59:29 honeypot-sgp-1 sshd[11423]: Disconnected from authenticating user root 179.43.156.143 port 58640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:00:39 honeypot-ams-1 kernel: [83979422.973731] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=30561 PROTO=TCP SPT=42821 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:00:40.042Z"}
{"@timestamp":"2022-09-13T21:01:38.849Z","@version":"1","message":"Sep 13 21:01:38 honeypot-sgp-1 sshd[11429]: Disconnected from authenticating user root 179.43.156.143 port 45466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:16 honeypot-fra-1 sshd[7218]: Did not receive identification string from 45.61.186.169 port 49492","@timestamp":"2022-09-13T21:02:16.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:43 honeypot-fra-1 sshd[7221]: Disconnected from invalid user user 45.61.186.169 port 57600 [preauth]","@timestamp":"2022-09-13T21:02:43.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:02 honeypot-fra-1 sshd[7225]: Disconnected from invalid user user 45.61.186.169 port 53506 [preauth]","@timestamp":"2022-09-13T21:03:02.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:19 honeypot-fra-1 sshd[7229]: Disconnected from invalid user user 45.61.186.169 port 49404 [preauth]","@timestamp":"2022-09-13T21:03:19.636Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:06:38.970Z","@version":"1","message":"Sep 13 21:06:37 honeypot-sgp-1 kernel: [83979307.571514] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=256 PROTO=TCP SPT=51077 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:09:48 honeypot-ams-1 kernel: [83979972.046309] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.201.142 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=6909 PROTO=TCP SPT=58497 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:09:49.279Z"}
{"@timestamp":"2022-09-13T21:10:41.067Z","@version":"1","message":"Sep 13 21:10:40 honeypot-sgp-1 sshd[11437]: Invalid user huan from 103.92.24.243 port 43890","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:11:47.096Z","@version":"1","message":"Sep 13 21:11:46 honeypot-sgp-1 sshd[11441]: Received disconnect from 190.117.147.185 port 36834:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:38.119Z","@version":"1","message":"Sep 13 21:12:37 honeypot-sgp-1 sshd[11446]: Invalid user user from 141.255.162.226 port 35302","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:39.120Z","@version":"1","message":"Sep 13 21:12:38 honeypot-sgp-1 sshd[11450]: Invalid user user from 141.255.162.226 port 50700","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:13:32 honeypot-fra-1 sshd[7234]: Invalid user admin from 200.37.213.21 port 45024","@timestamp":"2022-09-13T21:13:32.866Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:14:08.157Z","@version":"1","message":"Sep 13 21:14:07 honeypot-sgp-1 kernel: [83979756.797645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.229.95.197 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=22084 PROTO=TCP SPT=42183 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:16:22 honeypot-fra-1 kernel: [83978204.738880] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.144.135.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=45097 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:16:22.934Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:17:02 honeypot-ams-1 CRON[16431]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T21:17:02.465Z"}
{"@timestamp":"2022-09-13T21:17:41.243Z","@version":"1","message":"Sep 13 21:17:40 honeypot-sgp-1 kernel: [83979970.195799] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.204.42.89 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55833 DF PROTO=TCP SPT=52176 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:18:26 honeypot-fra-1 sshd[7243]: Received disconnect from 94.139.166.33 port 59636:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:18:26.984Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:20:37.313Z","@version":"1","message":"Sep 13 21:20:36 honeypot-sgp-1 sshd[11460]: Disconnected from authenticating user root 35.210.132.198 port 42794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:20:53 honeypot-ams-1 sshd[16437]: Invalid user gozone from 187.102.174.154 port 53136","@timestamp":"2022-09-13T21:20:54.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:25:59 honeypot-fra-1 sshd[7251]: Disconnected from invalid user ksb 165.22.45.108 port 60266 [preauth]","@timestamp":"2022-09-13T21:25:59.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:26:17.451Z","@version":"1","message":"Sep 13 21:26:17 honeypot-sgp-1 kernel: [83980486.927207] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.7.143.106 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=57297 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:26:54 honeypot-ams-1 kernel: [83980997.691809] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=48624 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:26:54.728Z"}
{"@timestamp":"2022-09-13T21:28:29.505Z","@version":"1","message":"Sep 13 21:28:28 honeypot-sgp-1 sshd[11468]: Invalid user user from 198.98.61.9 port 57428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:28:46.513Z","@version":"1","message":"Sep 13 21:28:46 honeypot-sgp-1 sshd[11472]: Invalid user user from 198.98.61.9 port 53008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:02.520Z","@version":"1","message":"Sep 13 21:29:02 honeypot-sgp-1 sshd[11476]: Invalid user user from 198.98.61.9 port 48572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:10.523Z","@version":"1","message":"Sep 13 21:29:09 honeypot-sgp-1 sshd[11480]: Invalid user user from 198.98.61.9 port 60500","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:29:15 honeypot-ams-1 sshd[16448]: Received disconnect from 179.60.230.131 port 45855:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:29:15.793Z"}
{"@timestamp":"2022-09-13T21:30:23.551Z","@version":"1","message":"Sep 13 21:30:23 honeypot-sgp-1 kernel: [83980732.932738] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51328 PROTO=TCP SPT=57031 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:33:45.633Z","@version":"1","message":"Sep 13 21:33:45 honeypot-sgp-1 kernel: [83980934.963312] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52375 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:34:40 honeypot-ams-1 kernel: [83981464.156169] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x60 TTL=55 ID=21315 DF PROTO=TCP SPT=22339 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:34:40.933Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:37:32 honeypot-fra-1 kernel: [83979474.498796] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=47833 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:37:32.416Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:40:09 honeypot-fra-1 kernel: [83979632.210210] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.152.37.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44731 PROTO=TCP SPT=58953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:40:10.481Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T21:40:43.801Z","@version":"1","message":"Sep 13 21:40:42 honeypot-sgp-1 sshd[11495]: Invalid user  from 185.246.130.20 port 58810","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:10.816Z","@version":"1","message":"Sep 13 21:41:09 honeypot-sgp-1 kernel: [83981379.394384] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=182.61.58.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=45083 DF PROTO=TCP SPT=58034 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:27.824Z","@version":"1","message":"Sep 13 21:41:26 honeypot-sgp-1 sshd[11505]: Invalid user  from 185.246.130.20 port 41012","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:01.841Z","@version":"1","message":"Sep 13 21:42:01 honeypot-sgp-1 sshd[11511]: Invalid user admin from 185.246.130.20 port 20659","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:31.856Z","@version":"1","message":"Sep 13 21:42:31 honeypot-sgp-1 sshd[11517]: Disconnecting authenticating user root 185.246.130.20 port 19363: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:52.866Z","@version":"1","message":"Sep 13 21:42:52 honeypot-sgp-1 sshd[11523]: Disconnecting invalid user araknis 185.246.130.20 port 8193: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:43:29.884Z","@version":"1","message":"Sep 13 21:43:29 honeypot-sgp-1 sshd[11531]: Invalid user Admin from 185.246.130.20 port 9697","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:21.908Z","@version":"1","message":"Sep 13 21:44:21 honeypot-sgp-1 sshd[11537]: Invalid user guest from 185.246.130.20 port 59293","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:46.920Z","@version":"1","message":"Sep 13 21:44:46 honeypot-sgp-1 sshd[11543]: Disconnecting invalid user  185.246.130.20 port 28330: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:06.929Z","@version":"1","message":"Sep 13 21:45:06 honeypot-sgp-1 sshd[11549]: Disconnecting invalid user admin 185.246.130.20 port 63425: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:37.957Z","@version":"1","message":"Sep 13 21:45:36 honeypot-sgp-1 sshd[11557]: Invalid user  from 185.246.130.20 port 50936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:08.972Z","@version":"1","message":"Sep 13 21:46:08 honeypot-sgp-1 sshd[11564]: Invalid user admin from 185.246.130.20 port 19149","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:35.985Z","@version":"1","message":"Sep 13 21:46:35 honeypot-sgp-1 sshd[11569]: Disconnecting invalid user zhone 185.246.130.20 port 61137: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:08.001Z","@version":"1","message":"Sep 13 21:47:07 honeypot-sgp-1 sshd[11578]: Invalid user admin from 185.246.130.20 port 3829","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:47:15 honeypot-ams-1 kernel: [83982219.377440] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=43441 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:47:16.256Z"}
{"@timestamp":"2022-09-13T21:47:35.014Z","@version":"1","message":"Sep 13 21:47:34 honeypot-sgp-1 sshd[11584]: Invalid user cusadmin from 185.246.130.20 port 37643","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:56.024Z","@version":"1","message":"Sep 13 21:47:55 honeypot-sgp-1 sshd[11591]: Invalid user pi from 183.82.107.151 port 42134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:47:58 honeypot-ams-1 sshd[16465]: Disconnected from invalid user odoo 190.13.81.218 port 41320 [preauth]","@timestamp":"2022-09-13T21:47:59.277Z"}
{"@timestamp":"2022-09-13T21:48:13.032Z","@version":"1","message":"Sep 13 21:48:12 honeypot-sgp-1 sshd[11596]: Invalid user Admin from 185.246.130.20 port 6877","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:43.045Z","@version":"1","message":"Sep 13 21:48:42 honeypot-sgp-1 sshd[11602]: Invalid user  from 185.246.130.20 port 7811","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:57.052Z","@version":"1","message":"Sep 13 21:48:56 honeypot-sgp-1 sshd[11606]: Disconnecting invalid user admin1234 185.246.130.20 port 41835: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:28.066Z","@version":"1","message":"Sep 13 21:49:27 honeypot-sgp-1 sshd[11613]: Invalid user admin from 185.246.130.20 port 49170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:54.079Z","@version":"1","message":"Sep 13 21:49:53 honeypot-sgp-1 sshd[11619]: Invalid user blank from 185.246.130.20 port 38008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:50:29.096Z","@version":"1","message":"Sep 13 21:50:28 honeypot-sgp-1 sshd[11625]: Disconnecting invalid user airlive 185.246.130.20 port 14923: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:02.111Z","@version":"1","message":"Sep 13 21:51:01 honeypot-sgp-1 sshd[11633]: Invalid user roqos from 185.246.130.20 port 51289","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:30.124Z","@version":"1","message":"Sep 13 21:51:30 honeypot-sgp-1 sshd[11639]: Invalid user sitecom from 185.246.130.20 port 3530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:00.139Z","@version":"1","message":"Sep 13 21:51:59 honeypot-sgp-1 kernel: [83982029.114861] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=31.192.111.224 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45202 PROTO=TCP SPT=44629 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:29.153Z","@version":"1","message":"Sep 13 21:52:28 honeypot-sgp-1 sshd[11649]: Disconnecting invalid user highspeed 185.246.130.20 port 18556: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:58.166Z","@version":"1","message":"Sep 13 21:52:57 honeypot-sgp-1 sshd[11655]: Disconnecting invalid user  185.246.130.20 port 44772: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:53:05 honeypot-fra-1 sshd[7268]: Invalid user omsagent from 107.173.111.206 port 42926","@timestamp":"2022-09-13T21:53:06.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:53:33.183Z","@version":"1","message":"Sep 13 21:53:32 honeypot-sgp-1 sshd[11661]: Disconnecting invalid user public 185.246.130.20 port 14738: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:54:13.202Z","@version":"1","message":"Sep 13 21:54:12 honeypot-sgp-1 sshd[11669]: Invalid user 123456 from 185.246.130.20 port 22196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:54:59.224Z","@version":"1","message":"Sep 13 21:54:58 honeypot-sgp-1 sshd[11676]: Invalid user readwrite from 185.246.130.20 port 60043","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:54:58 honeypot-ams-1 sshd[16470]: Received disconnect from 129.151.252.157 port 50420:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:54:59.457Z"}
{"@timestamp":"2022-09-13T21:55:41.243Z","@version":"1","message":"Sep 13 21:55:40 honeypot-sgp-1 sshd[11682]: Invalid user DZY-W2914NSV2 from 185.246.130.20 port 9812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:56:27.265Z","@version":"1","message":"Sep 13 21:56:27 honeypot-sgp-1 sshd[11689]: Invalid user zoomadsl from 185.246.130.20 port 29692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:57:06.283Z","@version":"1","message":"Sep 13 21:57:06 honeypot-sgp-1 sshd[11695]: Invalid user ltecl4r0 from 185.246.130.20 port 33832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:59:48 honeypot-ams-1 sshd[16474]: Bad protocol version identification 'GET / HTTP/1.1' from 223.71.167.164 port 15182","@timestamp":"2022-09-13T21:59:48.585Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:01:13 honeypot-fra-1 sshd[7273]: Received disconnect from 92.255.85.70 port 20760:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:01:13.956Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:08:05 honeypot-fra-1 sshd[7277]: Disconnecting invalid user admin 128.53.5.55 port 62677: Too many authentication failures [preauth]","@timestamp":"2022-09-13T22:08:06.111Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:08:43 honeypot-ams-1 kernel: [83983507.359414] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=25272 DF PROTO=TCP SPT=55007 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:08:44.824Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:09:34 honeypot-fra-1 sshd[7281]: Disconnected from invalid user ksoh 165.22.45.108 port 38344 [preauth]","@timestamp":"2022-09-13T22:09:35.147Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:10:01.579Z","@version":"1","message":"Sep 13 22:10:01 honeypot-sgp-1 sshd[11702]: Invalid user muriel from 187.170.240.80 port 42278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:12:06 honeypot-ams-1 sshd[16483]: Invalid user oracle from 94.139.201.56 port 44446","@timestamp":"2022-09-13T22:12:06.933Z"}
{"@timestamp":"2022-09-13T22:12:51.651Z","@version":"1","message":"Sep 13 22:12:50 honeypot-sgp-1 sshd[11709]: Disconnected from authenticating user root 157.245.122.58 port 51084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:14:39 honeypot-ams-1 sshd[16487]: Invalid user ethos from 113.161.79.231 port 32862","@timestamp":"2022-09-13T22:14:40.000Z"}
{"@timestamp":"2022-09-13T22:14:54.703Z","@version":"1","message":"Sep 13 22:14:53 honeypot-sgp-1 sshd[11715]: Received disconnect from 157.245.122.58 port 49934:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:15:57.729Z","@version":"1","message":"Sep 13 22:15:57 honeypot-sgp-1 sshd[11719]: Disconnected from invalid user tenancy 157.245.122.58 port 35246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:17:01 honeypot-fra-1 CRON[7288]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T22:17:02.317Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:17:02.757Z","@version":"1","message":"Sep 13 22:17:01 honeypot-sgp-1 CRON[11725]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:17:54.780Z","@version":"1","message":"Sep 13 22:17:54 honeypot-sgp-1 sshd[11729]: Received disconnect from 157.245.122.58 port 34094:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:18:02 honeypot-ams-1 sshd[16493]: Received disconnect from 61.177.172.124 port 56388:11:  [preauth]","@timestamp":"2022-09-13T22:18:03.085Z"}
{"@timestamp":"2022-09-13T22:19:27.819Z","@version":"1","message":"Sep 13 22:19:27 honeypot-sgp-1 sshd[11733]: Received disconnect from 123.125.194.150 port 35090:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:20:11.839Z","@version":"1","message":"Sep 13 22:20:11 honeypot-sgp-1 sshd[11812]: Disconnected from authenticating user root 92.255.85.69 port 53024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:22:19 honeypot-fra-1 kernel: [83982162.212787] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.236 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=56768 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:22:20.439Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:25:17 honeypot-ams-1 sshd[16506]: Received disconnect from 92.255.85.70 port 39534:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:25:17.274Z"}
{"@timestamp":"2022-09-13T22:28:47.043Z","@version":"1","message":"Sep 13 22:28:46 honeypot-sgp-1 sshd[11816]: Received disconnect from 104.248.62.102 port 55400:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:29:16 honeypot-ams-1 sshd[16510]: Disconnected from invalid user lucky 59.26.216.102 port 49098 [preauth]","@timestamp":"2022-09-13T22:29:16.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:29:44 honeypot-fra-1 sshd[7370]: Invalid user admin from 119.196.184.146 port 59463","@timestamp":"2022-09-13T22:29:45.606Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:35:09 honeypot-ams-1 kernel: [83985092.688017] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=56558 PROTO=TCP SPT=44198 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:35:09.533Z"}
{"@timestamp":"2022-09-13T22:36:02.213Z","@version":"1","message":"Sep 13 22:36:01 honeypot-sgp-1 kernel: [83984670.995471] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.74.61.220 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=21767 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7389]: Invalid user chia from 52.183.129.64 port 49450","@timestamp":"2022-09-13T22:36:43.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7382]: Invalid user ec2-user from 52.183.129.64 port 49416","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7386]: Connection closed by invalid user git 52.183.129.64 port 49430 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7380]: Connection closed by invalid user chia 52.183.129.64 port 49408 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7383]: Connection closed by invalid user centos 52.183.129.64 port 49410 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7414]: Invalid user testuser from 52.183.129.64 port 49464","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7407]: Connection closed by invalid user mysql 52.183.129.64 port 49456 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7409]: Connection closed by invalid user ftpuser 52.183.129.64 port 49406 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7429]: Invalid user elasticsearch from 52.183.129.64 port 49452","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7425]: Connection closed by invalid user hadoop 52.183.129.64 port 49428 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7426]: Connection closed by invalid user user 52.183.129.64 port 49432 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:36:59.239Z","@version":"1","message":"Sep 13 22:36:58 honeypot-sgp-1 sshd[11828]: Received disconnect from 138.197.68.4 port 33884:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:37:53.262Z","@version":"1","message":"Sep 13 22:37:53 honeypot-sgp-1 sshd[11832]: Disconnected from invalid user kafka 91.144.20.198 port 40922 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:42:06 honeypot-ams-1 sshd[16524]: Received disconnect from 159.65.41.104 port 50006:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:42:06.738Z"}
{"@timestamp":"2022-09-13T22:42:53.385Z","@version":"1","message":"Sep 13 22:42:52 honeypot-sgp-1 sshd[11837]: Invalid user wp-user from 134.209.99.121 port 42204","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:44:55 honeypot-ams-1 sshd[16529]: Disconnected from authenticating user root 80.76.51.46 port 46998 [preauth]","@timestamp":"2022-09-13T22:44:55.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:45:19 honeypot-fra-1 kernel: [83983542.035333] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.156 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=55283 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:45:19.957Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:45:38 honeypot-ams-1 sshd[16535]: Disconnected from authenticating user root 80.76.51.46 port 60834 [preauth]","@timestamp":"2022-09-13T22:45:38.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:19 honeypot-ams-1 sshd[16541]: Disconnected from authenticating user root 80.76.51.46 port 46232 [preauth]","@timestamp":"2022-09-13T22:46:19.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:59 honeypot-ams-1 sshd[16547]: Disconnected from authenticating user root 80.76.51.46 port 59890 [preauth]","@timestamp":"2022-09-13T22:46:59.873Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:47:29 honeypot-ams-1 kernel: [83985833.086381] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=23332 PROTO=TCP SPT=11812 DPT=80 WINDOW=48804 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:47:29.888Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:52 honeypot-ams-1 sshd[16556]: Received disconnect from 80.76.51.46 port 40422:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:47:52.899Z"}
{"@timestamp":"2022-09-13T22:48:02.506Z","@version":"1","message":"Sep 13 22:48:01 honeypot-sgp-1 kernel: [83985391.332398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.6 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49590 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:19 honeypot-ams-1 sshd[16561]: Received disconnect from 80.76.51.46 port 58990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:48:20.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:33 honeypot-ams-1 sshd[16565]: Disconnected from invalid user ansible 80.76.51.46 port 54174 [preauth]","@timestamp":"2022-09-13T22:48:33.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:01 honeypot-ams-1 sshd[16571]: Received disconnect from 80.76.51.46 port 44538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:49:01.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:28 honeypot-ams-1 sshd[16575]: Disconnected from invalid user oracle 80.76.51.46 port 34774 [preauth]","@timestamp":"2022-09-13T22:49:28.950Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:50:06 honeypot-fra-1 sshd[7449]: Invalid user itump from 82.39.244.117 port 59622","@timestamp":"2022-09-13T22:50:07.068Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:09 honeypot-ams-1 sshd[16581]: Received disconnect from 80.76.51.46 port 48464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:50:09.970Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:36 honeypot-ams-1 sshd[16585]: Disconnected from authenticating user root 80.76.51.46 port 38788 [preauth]","@timestamp":"2022-09-13T22:50:36.985Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:52:22 honeypot-fra-1 sshd[7451]: Received disconnect from 173.186.116.37 port 44762:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:52:23.123Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:53:29 honeypot-fra-1 sshd[7455]: Connection closed by invalid user admin 195.135.28.185 port 37976 [preauth]","@timestamp":"2022-09-13T22:53:30.150Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:56:44 honeypot-ams-1 sshd[16595]: Connection closed by authenticating user root 103.188.176.251 port 33724 [preauth]","@timestamp":"2022-09-13T22:56:45.142Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:57:37 honeypot-fra-1 sshd[7463]: Connection closed by authenticating user root 141.98.10.158 port 32994 [preauth]","@timestamp":"2022-09-13T22:57:38.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:37 honeypot-fra-1 sshd[7472]: Invalid user user from 198.98.61.9 port 32882","@timestamp":"2022-09-13T23:03:37.384Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:56 honeypot-fra-1 sshd[7476]: Invalid user user from 198.98.61.9 port 57860","@timestamp":"2022-09-13T23:03:56.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:14 honeypot-fra-1 sshd[7480]: Invalid user user from 198.98.61.9 port 54612","@timestamp":"2022-09-13T23:04:15.402Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:05:34.922Z","@version":"1","message":"Sep 13 23:05:34 honeypot-sgp-1 sshd[11855]: Disconnected from authenticating user root 103.221.252.46 port 48144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:07:11 honeypot-fra-1 sshd[7485]: Received disconnect from 201.89.69.63 port 60600:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:07:11.470Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:08:02 honeypot-ams-1 kernel: [83987066.423343] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.163.103.207 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=65094 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:08:03.434Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:09:03 honeypot-fra-1 sshd[7489]: Received disconnect from 92.255.85.69 port 47248:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:09:04.516Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:09:19.014Z","@version":"1","message":"Sep 13 23:09:18 honeypot-sgp-1 sshd[11859]: Disconnected from invalid user joreji 199.115.228.186 port 35872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:12 honeypot-fra-1 sshd[7494]: Invalid user user from 45.61.186.249 port 50146","@timestamp":"2022-09-13T23:10:13.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:31 honeypot-fra-1 kernel: [83985053.486102] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=55899 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:10:31.554Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:41 honeypot-fra-1 sshd[7500]: Disconnected from invalid user user 45.61.186.249 port 56816 [preauth]","@timestamp":"2022-09-13T23:10:41.559Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:57 honeypot-fra-1 sshd[7504]: Disconnected from invalid user user 45.61.186.249 port 51846 [preauth]","@timestamp":"2022-09-13T23:10:58.567Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:15:48 honeypot-ams-1 sshd[16616]: Received disconnect from 61.177.173.36 port 11977:11:  [preauth]","@timestamp":"2022-09-13T23:15:49.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:57 honeypot-fra-1 sshd[7510]: Received disconnect from 141.255.162.226 port 47214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:15:57.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:00 honeypot-fra-1 sshd[7514]: Received disconnect from 141.255.162.226 port 47666:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:16:00.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:03 honeypot-fra-1 sshd[7518]: Received disconnect from 141.255.162.226 port 33778:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:16:04.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:19:18 honeypot-fra-1 kernel: [83985580.532819] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.134.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=9338 PROTO=TCP SPT=37228 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:19:18.762Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:20:35 honeypot-ams-1 kernel: [83987818.632771] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=707 PROTO=TCP SPT=50448 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:20:35.762Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:21:41 honeypot-ams-1 kernel: [83987885.380917] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.39.220.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=36143 PROTO=TCP SPT=50976 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:21:42.796Z"}
{"@timestamp":"2022-09-13T23:22:09.319Z","@version":"1","message":"Sep 13 23:22:09 honeypot-sgp-1 sshd[11872]: Invalid user default from 179.60.147.69 port 39368","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:24:31.379Z","@version":"1","message":"Sep 13 23:24:30 honeypot-sgp-1 sshd[11876]: Disconnected from authenticating user root 61.177.172.90 port 36003 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:26:43 honeypot-ams-1 sshd[16632]: Disconnected from authenticating user root 61.177.173.36 port 57927 [preauth]","@timestamp":"2022-09-13T23:26:43.935Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:27:12 honeypot-fra-1 sshd[7528]: Connection closed by invalid user mc 103.90.177.102 port 56420 [preauth]","@timestamp":"2022-09-13T23:27:12.939Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:31:12 honeypot-ams-1 kernel: [83988455.896500] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=40015 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:31:13.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:00 honeypot-fra-1 kernel: [83986342.157944] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=65421 PROTO=TCP SPT=17525 DPT=443 WINDOW=56888 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:32:00.051Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:34 honeypot-fra-1 sshd[7538]: Invalid user user from 198.98.61.9 port 50392","@timestamp":"2022-09-13T23:32:35.068Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:52 honeypot-fra-1 sshd[7542]: Invalid user user from 198.98.61.9 port 45188","@timestamp":"2022-09-13T23:32:52.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:05 honeypot-fra-1 sshd[7546]: Invalid user admin from 184.147.35.101 port 33823","@timestamp":"2022-09-13T23:33:06.083Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:16 honeypot-fra-1 sshd[7550]: Received disconnect from 198.98.61.9 port 51506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:33:17.089Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:34:18 honeypot-ams-1 sshd[16642]: Disconnected from authenticating user root 92.255.85.70 port 52900 [preauth]","@timestamp":"2022-09-13T23:34:19.134Z"}
{"@timestamp":"2022-09-13T23:36:01.652Z","@version":"1","message":"Sep 13 23:36:01 honeypot-sgp-1 kernel: [83988270.757482] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47322 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:38:52 honeypot-ams-1 sshd[16649]: Disconnected from authenticating user root 61.177.173.39 port 50668 [preauth]","@timestamp":"2022-09-13T23:38:52.253Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:44:56 honeypot-fra-1 sshd[7557]: Connection closed by 185.100.87.133 port 41307 [preauth]","@timestamp":"2022-09-13T23:44:56.348Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:47:35 honeypot-ams-1 sshd[16660]: Invalid user pi from 201.137.106.75 port 55256","@timestamp":"2022-09-13T23:47:36.483Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:49:07 honeypot-ams-1 kernel: [83989530.605080] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58749 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:49:07.525Z"}
{"@timestamp":"2022-09-13T23:50:29.988Z","@version":"1","message":"Sep 13 23:50:29 honeypot-sgp-1 kernel: [83989138.778719] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.230.183 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=52139 DF PROTO=TCP SPT=53314 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:51:28 honeypot-fra-1 sshd[7561]: Disconnected from invalid user salvatore 187.141.135.181 port 60750 [preauth]","@timestamp":"2022-09-13T23:51:29.515Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:54:04 honeypot-ams-1 sshd[16673]: Received disconnect from 61.177.173.53 port 18839:11:  [preauth]","@timestamp":"2022-09-13T23:54:04.659Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:55:08 honeypot-fra-1 sshd[7567]: Disconnected from authenticating user root 92.255.85.69 port 52952 [preauth]","@timestamp":"2022-09-13T23:55:09.598Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:56:15.124Z","@version":"1","message":"Sep 13 23:56:14 honeypot-sgp-1 sshd[11906]: Received disconnect from 61.177.172.124 port 18135:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:58:05 honeypot-ams-1 kernel: [83990068.902009] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.70.11.13 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=61484 DF PROTO=TCP SPT=50727 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T23:58:05.770Z"}
{"@timestamp":"2022-09-13T23:58:46.186Z","@version":"1","message":"Sep 13 23:58:45 honeypot-sgp-1 sshd[11910]: Disconnecting invalid user admin 81.17.25.50 port 34645: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:35.208Z","@version":"1","message":"Sep 13 23:59:34 honeypot-sgp-1 sshd[11916]: Disconnecting invalid user admin 81.17.25.50 port 25691: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:00:13.226Z","@version":"1","message":"Sep 14 00:00:13 honeypot-sgp-1 sshd[11924]: Connection closed by invalid user centos 179.60.147.69 port 40702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:01:47.267Z","@version":"1","message":"Sep 14 00:01:46 honeypot-sgp-1 sshd[11926]: Disconnecting invalid user aerohive 81.17.25.50 port 49727: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:03:28.314Z","@version":"1","message":"Sep 14 00:03:28 honeypot-sgp-1 sshd[11935]: Disconnecting invalid user private 81.17.25.50 port 28690: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:04:41 honeypot-ams-1 sshd[16683]: Invalid user test from 193.106.191.157 port 40460","@timestamp":"2022-09-14T00:04:41.954Z"}
{"@timestamp":"2022-09-14T00:06:11.382Z","@version":"1","message":"Sep 14 00:06:10 honeypot-sgp-1 sshd[11941]: Disconnecting invalid user Admin 81.17.25.50 port 2296: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:08:16.436Z","@version":"1","message":"Sep 14 00:08:15 honeypot-sgp-1 sshd[11949]: Disconnecting invalid user user 81.17.25.50 port 48720: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:09:47.476Z","@version":"1","message":"Sep 14 00:09:47 honeypot-sgp-1 sshd[11951]: Connection reset by 61.177.172.108 port 48892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:10:58 honeypot-ams-1 sshd[16687]: Disconnected from authenticating user root 61.177.173.50 port 64378 [preauth]","@timestamp":"2022-09-14T00:10:59.127Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:11:09 honeypot-fra-1 kernel: [83988691.521460] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26350 PROTO=TCP SPT=53603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:11:09.974Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T00:11:30.523Z","@version":"1","message":"Sep 14 00:11:30 honeypot-sgp-1 sshd[11966]: Received disconnect from 61.177.173.36 port 13782:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:13:15.569Z","@version":"1","message":"Sep 14 00:13:15 honeypot-sgp-1 kernel: [83990504.517363] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=80 PROTO=TCP SPT=53603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:15:00.614Z","@version":"1","message":"Sep 14 00:15:00 honeypot-sgp-1 sshd[11979]: Received disconnect from 61.177.173.39 port 15982:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:15:51.636Z","@version":"1","message":"Sep 14 00:15:51 honeypot-sgp-1 sshd[11985]: Invalid user cisco from 81.17.25.50 port 31093","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:17:01 honeypot-ams-1 CRON[16695]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T00:17:01.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:17:01 honeypot-fra-1 CRON[7583]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T00:17:02.111Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:17:02.668Z","@version":"1","message":"Sep 14 00:17:01 honeypot-sgp-1 CRON[11993]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:18:14.701Z","@version":"1","message":"Sep 14 00:18:13 honeypot-sgp-1 sshd[12003]: Invalid user Administrator from 81.17.25.50 port 16283","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:18:40.714Z","@version":"1","message":"Sep 14 00:18:39 honeypot-sgp-1 sshd[12009]: Invalid user sti.admin5 from 81.17.25.50 port 3706","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:11.729Z","@version":"1","message":"Sep 14 00:19:11 honeypot-sgp-1 sshd[12017]: Invalid user bpq from 143.198.11.227 port 45374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:30.738Z","@version":"1","message":"Sep 14 00:19:29 honeypot-sgp-1 sshd[12015]: Disconnecting invalid user blank 81.17.25.50 port 5355: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:20:02.755Z","@version":"1","message":"Sep 14 00:20:02 honeypot-sgp-1 sshd[12025]: Disconnecting invalid user  81.17.25.50 port 50889: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:20:30 honeypot-ams-1 sshd[16705]: Received disconnect from 61.177.172.98 port 39969:11:  [preauth]","@timestamp":"2022-09-14T00:20:30.384Z"}
{"@timestamp":"2022-09-14T00:21:05.783Z","@version":"1","message":"Sep 14 00:21:05 honeypot-sgp-1 sshd[12033]: Invalid user c1@r0 from 81.17.25.50 port 24063","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:21:47 honeypot-fra-1 sshd[7589]: Disconnected from invalid user open 211.125.67.35 port 35492 [preauth]","@timestamp":"2022-09-14T00:21:48.215Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:22:23.818Z","@version":"1","message":"Sep 14 00:22:23 honeypot-sgp-1 sshd[12039]: Invalid user superonline from 81.17.25.50 port 44235","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:22:55.834Z","@version":"1","message":"Sep 14 00:22:55 honeypot-sgp-1 sshd[12043]: Disconnecting invalid user lgnortel 81.17.25.50 port 8838: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:23:54.862Z","@version":"1","message":"Sep 14 00:23:54 honeypot-sgp-1 sshd[12050]: Disconnecting invalid user admin 81.17.25.50 port 17910: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:25:08.895Z","@version":"1","message":"Sep 14 00:25:08 honeypot-sgp-1 sshd[12056]: Disconnecting invalid user matrix 81.17.25.50 port 21523: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:25:48 honeypot-ams-1 sshd[16710]: Received disconnect from 61.177.173.39 port 15545:11:  [preauth]","@timestamp":"2022-09-14T00:25:48.524Z"}
{"@timestamp":"2022-09-14T00:25:56.917Z","@version":"1","message":"Sep 14 00:25:56 honeypot-sgp-1 sshd[12063]: Disconnecting invalid user motorola 81.17.25.50 port 38065: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:26:34.935Z","@version":"1","message":"Sep 14 00:26:34 honeypot-sgp-1 sshd[12071]: Invalid user admin from 81.17.25.50 port 12121","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:10.953Z","@version":"1","message":"Sep 14 00:27:10 honeypot-sgp-1 sshd[12077]: Invalid user admin from 81.17.25.50 port 39273","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:18.958Z","@version":"1","message":"Sep 14 00:27:18 honeypot-sgp-1 sshd[12083]: Invalid user Shiko from 81.17.25.50 port 40581","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:24.963Z","@version":"1","message":"Sep 14 00:27:24 honeypot-sgp-1 sshd[12089]: Invalid user smcadmin from 81.17.25.50 port 36827","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:27:24 honeypot-fra-1 sshd[7596]: Received disconnect from 144.217.81.162 port 56058:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:27:25.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:28:02.980Z","@version":"1","message":"Sep 14 00:28:02 honeypot-sgp-1 sshd[12098]: Invalid user rofstad from 188.166.210.28 port 58038","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:28:03.981Z","@version":"1","message":"Sep 14 00:28:03 honeypot-sgp-1 sshd[12100]: Disconnected from invalid user drupal 159.223.95.166 port 45762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:28:52 honeypot-ams-1 sshd[16718]: Invalid user ftpuser from 20.204.106.198 port 41464","@timestamp":"2022-09-14T00:28:52.619Z"}
{"@timestamp":"2022-09-14T00:28:56.007Z","@version":"1","message":"Sep 14 00:28:55 honeypot-sgp-1 sshd[12106]: Invalid user  from 81.17.25.50 port 45279","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:29:24.020Z","@version":"1","message":"Sep 14 00:29:23 honeypot-sgp-1 sshd[12112]: Invalid user public from 81.17.25.50 port 22346","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:36 honeypot-ams-1 sshd[16722]: Disconnected from authenticating user root 177.24.46.4 port 35351 [preauth]","@timestamp":"2022-09-14T00:29:36.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:42 honeypot-ams-1 sshd[16728]: Received disconnect from 177.24.46.4 port 35473:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:42.644Z"}
{"@timestamp":"2022-09-14T00:29:46.030Z","@version":"1","message":"Sep 14 00:29:45 honeypot-sgp-1 sshd[12118]: Disconnecting authenticating user root 81.17.25.50 port 2054: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:48 honeypot-ams-1 sshd[16734]: Received disconnect from 177.24.46.4 port 35655:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:48.648Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:55 honeypot-ams-1 sshd[16740]: Received disconnect from 177.24.46.4 port 35789:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:56.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:02 honeypot-ams-1 sshd[16746]: Received disconnect from 177.24.46.4 port 35986:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:02.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:07 honeypot-ams-1 sshd[16752]: Received disconnect from 177.24.46.4 port 36151:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:08.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:13 honeypot-ams-1 sshd[16758]: Received disconnect from 177.24.46.4 port 36262:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:13.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:19 honeypot-ams-1 sshd[16764]: Received disconnect from 177.24.46.4 port 36444:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:19.668Z"}
{"@timestamp":"2022-09-14T00:30:25.048Z","@version":"1","message":"Sep 14 00:30:24 honeypot-sgp-1 sshd[12124]: Disconnecting invalid user amdin 81.17.25.50 port 12028: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:26 honeypot-ams-1 sshd[16770]: Received disconnect from 177.24.46.4 port 36572:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:27.674Z"}
{"@timestamp":"2022-09-14T00:30:37.054Z","@version":"1","message":"Sep 14 00:30:36 honeypot-sgp-1 sshd[12130]: Disconnecting invalid user admin 81.17.25.50 port 4013: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:40 honeypot-ams-1 sshd[16777]: Received disconnect from 177.24.46.4 port 36904:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:40.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:30:45 honeypot-fra-1 sshd[7600]: Received disconnect from 111.93.38.34 port 39234:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:45.419Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:52 honeypot-ams-1 sshd[16781]: Disconnected from authenticating user root 177.24.46.4 port 37161 [preauth]","@timestamp":"2022-09-14T00:30:52.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:00 honeypot-ams-1 sshd[16787]: Disconnected from authenticating user root 177.24.46.4 port 37355 [preauth]","@timestamp":"2022-09-14T00:31:00.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:08 honeypot-ams-1 sshd[16793]: Received disconnect from 177.24.46.4 port 37563:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:08.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:11 honeypot-ams-1 sshd[16797]: Received disconnect from 177.24.46.4 port 37647:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:12.703Z"}
{"@timestamp":"2022-09-14T00:31:14.072Z","@version":"1","message":"Sep 14 00:31:14 honeypot-sgp-1 sshd[12136]: Disconnecting invalid user admin 81.17.25.50 port 11007: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:15 honeypot-ams-1 sshd[16801]: Received disconnect from 177.24.46.4 port 37735:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:16.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:19 honeypot-ams-1 sshd[16805]: Received disconnect from 177.24.46.4 port 37844:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:19.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:23 honeypot-ams-1 sshd[16809]: Received disconnect from 177.24.46.4 port 37918:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:23.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:27 honeypot-ams-1 sshd[16813]: Invalid user user from 177.24.46.4 port 38036","@timestamp":"2022-09-14T00:31:27.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:31 honeypot-ams-1 sshd[16817]: Disconnected from authenticating user root 177.24.46.4 port 38116 [preauth]","@timestamp":"2022-09-14T00:31:31.716Z"}
{"@timestamp":"2022-09-14T00:31:32.080Z","@version":"1","message":"Sep 14 00:31:31 honeypot-sgp-1 sshd[12142]: Disconnected from authenticating user root 144.64.1.83 port 57084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:35 honeypot-ams-1 sshd[16821]: Disconnected from invalid user pi 177.24.46.4 port 38202 [preauth]","@timestamp":"2022-09-14T00:31:35.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:38 honeypot-ams-1 sshd[16825]: Disconnected from invalid user ethos 177.24.46.4 port 38302 [preauth]","@timestamp":"2022-09-14T00:31:39.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:43 honeypot-ams-1 sshd[16829]: Disconnected from invalid user miner 177.24.46.4 port 38384 [preauth]","@timestamp":"2022-09-14T00:31:43.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:47 honeypot-ams-1 sshd[16833]: Received disconnect from 177.24.46.4 port 38506:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:47.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:50 honeypot-ams-1 sshd[16837]: Invalid user nagios from 177.24.46.4 port 38593","@timestamp":"2022-09-14T00:31:50.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:54 honeypot-ams-1 sshd[16841]: Invalid user vagrant from 177.24.46.4 port 38672","@timestamp":"2022-09-14T00:31:54.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:58 honeypot-ams-1 sshd[16845]: Invalid user debian from 177.24.46.4 port 38790","@timestamp":"2022-09-14T00:31:58.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:01 honeypot-ams-1 sshd[16849]: Invalid user debian from 177.24.46.4 port 38871","@timestamp":"2022-09-14T00:32:02.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:05 honeypot-ams-1 sshd[16853]: Invalid user alarm from 177.24.46.4 port 38961","@timestamp":"2022-09-14T00:32:05.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:09 honeypot-ams-1 sshd[16857]: Invalid user test from 177.24.46.4 port 39059","@timestamp":"2022-09-14T00:32:09.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:13 honeypot-ams-1 sshd[16861]: Invalid user cirros from 177.24.46.4 port 39141","@timestamp":"2022-09-14T00:32:13.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:33:05 honeypot-fra-1 sshd[7607]: Disconnected from authenticating user root 138.68.148.157 port 55076 [preauth]","@timestamp":"2022-09-14T00:33:05.474Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:35:14.167Z","@version":"1","message":"Sep 14 00:35:13 honeypot-sgp-1 sshd[12154]: Received disconnect from 61.177.173.36 port 43598:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:35:52 honeypot-ams-1 sshd[16866]: Disconnected from authenticating user root 61.177.172.104 port 21256 [preauth]","@timestamp":"2022-09-14T00:35:53.850Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:08 honeypot-fra-1 sshd[7612]: Invalid user user from 141.255.162.226 port 56286","@timestamp":"2022-09-14T00:36:09.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:11 honeypot-fra-1 sshd[7616]: Invalid user user from 141.255.162.226 port 49624","@timestamp":"2022-09-14T00:36:12.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:14 honeypot-fra-1 sshd[7620]: Invalid user user from 141.255.162.226 port 48034","@timestamp":"2022-09-14T00:36:14.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:37:27 honeypot-fra-1 sshd[7626]: Received disconnect from 51.83.44.100 port 54630:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:37:28.579Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:37:42.228Z","@version":"1","message":"Sep 14 00:37:41 honeypot-sgp-1 sshd[12159]: Connection closed by invalid user guest 179.60.147.69 port 42764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:41:02 honeypot-ams-1 sshd[16876]: Connection closed by invalid user guest 179.60.147.69 port 3830 [preauth]","@timestamp":"2022-09-14T00:41:02.992Z"}
{"@timestamp":"2022-09-14T00:41:06.310Z","@version":"1","message":"Sep 14 00:41:06 honeypot-sgp-1 sshd[12166]: Invalid user ubnt from 5.182.18.155 port 42994","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:41:12 honeypot-fra-1 sshd[7631]: Disconnected from authenticating user root 92.255.85.70 port 22010 [preauth]","@timestamp":"2022-09-14T00:41:12.666Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16896]: Invalid user nagios from 193.176.239.126 port 48322","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16887]: Invalid user lighthouse from 193.176.239.126 port 48326","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16892]: Invalid user ftp from 193.176.239.126 port 48360","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16905]: Invalid user ms from 193.176.239.126 port 48350","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16903]: Connection closed by authenticating user root 193.176.239.126 port 48292 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16885]: Connection closed by invalid user ansible 193.176.239.126 port 48272 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16902]: Connection closed by invalid user web 193.176.239.126 port 48288 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16907]: Invalid user elasticsearch from 193.176.239.126 port 48324","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16917]: Connection closed by invalid user es 193.176.239.126 port 48334 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16907]: Connection closed by invalid user elasticsearch 193.176.239.126 port 48324 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@timestamp":"2022-09-14T00:45:41.419Z","@version":"1","message":"Sep 14 00:45:40 honeypot-sgp-1 sshd[12173]: Disconnected from authenticating user sys 80.91.223.117 port 36616 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:49:00 honeypot-ams-1 sshd[16958]: Disconnected from invalid user marius 147.182.170.143 port 56232 [preauth]","@timestamp":"2022-09-14T00:49:01.203Z"}
{"@timestamp":"2022-09-14T00:50:42.539Z","@version":"1","message":"Sep 14 00:50:41 honeypot-sgp-1 sshd[12181]: Connection closed by invalid user  64.62.197.17 port 11478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:52:16 honeypot-fra-1 sshd[7636]: Invalid user admin from 200.215.164.83 port 47652","@timestamp":"2022-09-14T00:52:16.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:54:57.639Z","@version":"1","message":"Sep 14 00:54:57 honeypot-sgp-1 sshd[12189]: Received disconnect from 159.223.68.133 port 55218:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:00:11 honeypot-fra-1 sshd[7643]: Invalid user admin from 220.121.250.154 port 47506","@timestamp":"2022-09-14T01:00:12.097Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:00:35 honeypot-ams-1 sshd[16966]: Disconnected from authenticating user root 61.177.173.36 port 39906 [preauth]","@timestamp":"2022-09-14T01:00:36.506Z"}
{"@timestamp":"2022-09-14T01:01:32.790Z","@version":"1","message":"Sep 14 01:01:32 honeypot-sgp-1 sshd[12200]: Disconnected from authenticating user root 91.187.147.69 port 34748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:43 honeypot-ams-1 sshd[16971]: Disconnected from invalid user user 45.61.186.249 port 54812 [preauth]","@timestamp":"2022-09-14T01:02:44.565Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:02 honeypot-ams-1 sshd[16975]: Disconnected from invalid user user 45.61.186.249 port 49194 [preauth]","@timestamp":"2022-09-14T01:03:02.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:21 honeypot-ams-1 sshd[16979]: Disconnected from invalid user user 45.61.186.249 port 43582 [preauth]","@timestamp":"2022-09-14T01:03:21.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:40 honeypot-ams-1 sshd[16983]: Disconnected from invalid user user 45.61.186.249 port 37960 [preauth]","@timestamp":"2022-09-14T01:03:41.596Z"}
{"@timestamp":"2022-09-14T01:04:58.874Z","@version":"1","message":"Sep 14 01:04:58 honeypot-sgp-1 sshd[12207]: Received disconnect from 103.246.240.30 port 53538:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:05:19.884Z","@version":"1","message":"Sep 14 01:05:19 honeypot-sgp-1 sshd[12211]: Disconnected from invalid user maxim 41.59.100.34 port 33610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:07:06 honeypot-ams-1 sshd[16988]: Received disconnect from 92.255.85.70 port 47322:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:07:07.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:56 honeypot-ams-1 sshd[16996]: Invalid user ubnt from 175.4.209.29 port 32147","@timestamp":"2022-09-14T01:09:56.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:00 honeypot-ams-1 sshd[17000]: Disconnected from authenticating user root 175.4.209.29 port 32229 [preauth]","@timestamp":"2022-09-14T01:10:00.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:06 honeypot-ams-1 sshd[17007]: Disconnected from authenticating user root 175.4.209.29 port 32453 [preauth]","@timestamp":"2022-09-14T01:10:06.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:12 honeypot-ams-1 sshd[17013]: Disconnected from authenticating user root 175.4.209.29 port 32614 [preauth]","@timestamp":"2022-09-14T01:10:12.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:18 honeypot-ams-1 sshd[17019]: Disconnected from authenticating user root 175.4.209.29 port 32822 [preauth]","@timestamp":"2022-09-14T01:10:18.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:24 honeypot-ams-1 sshd[17025]: Disconnected from authenticating user root 175.4.209.29 port 33008 [preauth]","@timestamp":"2022-09-14T01:10:25.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:31 honeypot-ams-1 sshd[17031]: Disconnected from authenticating user root 175.4.209.29 port 33186 [preauth]","@timestamp":"2022-09-14T01:10:31.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:37 honeypot-ams-1 sshd[17037]: Disconnected from authenticating user root 175.4.209.29 port 33410 [preauth]","@timestamp":"2022-09-14T01:10:37.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:43 honeypot-ams-1 sshd[17043]: Disconnected from authenticating user root 175.4.209.29 port 33563 [preauth]","@timestamp":"2022-09-14T01:10:43.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:49 honeypot-ams-1 sshd[17049]: Disconnected from authenticating user root 175.4.209.29 port 33767 [preauth]","@timestamp":"2022-09-14T01:10:49.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:22 honeypot-ams-1 sshd[17061]: Disconnected from authenticating user root 175.4.209.29 port 30667 [preauth]","@timestamp":"2022-09-14T01:11:22.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:26 honeypot-ams-1 sshd[17067]: Received disconnect from 175.4.209.29 port 30825:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:26.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:30 honeypot-ams-1 sshd[17071]: Received disconnect from 175.4.209.29 port 30947:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:30.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:34 honeypot-ams-1 sshd[17075]: Received disconnect from 175.4.209.29 port 31075:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:34.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:38 honeypot-ams-1 sshd[17079]: Received disconnect from 175.4.209.29 port 31206:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:38.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:42 honeypot-ams-1 sshd[17083]: Received disconnect from 175.4.209.29 port 31317:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:42.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:46 honeypot-ams-1 sshd[17087]: Received disconnect from 175.4.209.29 port 31445:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:46.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:52 honeypot-ams-1 sshd[17093]: Invalid user pi from 175.4.209.29 port 31621","@timestamp":"2022-09-14T01:11:52.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:56 honeypot-ams-1 sshd[17097]: Invalid user user from 175.4.209.29 port 31789","@timestamp":"2022-09-14T01:11:56.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:01 honeypot-ams-1 sshd[17101]: Invalid user mine from 175.4.209.29 port 31957","@timestamp":"2022-09-14T01:12:01.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:05 honeypot-ams-1 sshd[17105]: Invalid user xbmc from 175.4.209.29 port 32104","@timestamp":"2022-09-14T01:12:05.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:09 honeypot-ams-1 sshd[17109]: Invalid user oracle from 175.4.209.29 port 32247","@timestamp":"2022-09-14T01:12:09.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:16 honeypot-ams-1 sshd[17113]: Invalid user postgres from 175.4.209.29 port 32460","@timestamp":"2022-09-14T01:12:16.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:20 honeypot-ams-1 sshd[17117]: Invalid user support from 175.4.209.29 port 32584","@timestamp":"2022-09-14T01:12:20.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:24 honeypot-ams-1 sshd[17121]: Invalid user ubuntu from 175.4.209.29 port 32731","@timestamp":"2022-09-14T01:12:24.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:28 honeypot-ams-1 sshd[17125]: Invalid user ubuntu from 175.4.209.29 port 32867","@timestamp":"2022-09-14T01:12:28.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:32 honeypot-ams-1 sshd[17129]: Invalid user guest from 175.4.209.29 port 32989","@timestamp":"2022-09-14T01:12:32.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:36 honeypot-ams-1 sshd[17133]: Invalid user cirros from 175.4.209.29 port 33144","@timestamp":"2022-09-14T01:12:36.874Z"}
{"@timestamp":"2022-09-14T01:13:59.094Z","@version":"1","message":"Sep 14 01:13:58 honeypot-sgp-1 sshd[12219]: Invalid user default from 179.60.147.69 port 1642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:14:04 honeypot-fra-1 kernel: [83992466.578403] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=17237 DF PROTO=TCP SPT=33428 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:14:05.406Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:14:34 honeypot-ams-1 sshd[17137]: Received disconnect from 61.177.173.51 port 35174:11:  [preauth]","@timestamp":"2022-09-14T01:14:34.926Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:15:06 honeypot-fra-1 sshd[7653]: Connection closed by invalid user default 179.60.147.69 port 14338 [preauth]","@timestamp":"2022-09-14T01:15:07.432Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:17:02.177Z","@version":"1","message":"Sep 14 01:17:01 honeypot-sgp-1 kernel: [83994330.884383] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.195.180.14 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=418 PROTO=TCP SPT=49072 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:17:20 honeypot-ams-1 sshd[17143]: Connection closed by invalid user default 179.60.147.69 port 61858 [preauth]","@timestamp":"2022-09-14T01:17:21.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:17:49 honeypot-fra-1 sshd[7658]: Invalid user it from 222.232.29.235 port 53216","@timestamp":"2022-09-14T01:17:49.495Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:18:21 honeypot-ams-1 sshd[17147]: Disconnected from authenticating user root 104.248.116.140 port 41192 [preauth]","@timestamp":"2022-09-14T01:18:22.030Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:11 honeypot-fra-1 sshd[7665]: Invalid user admin from 128.199.160.207 port 58604","@timestamp":"2022-09-14T01:21:11.572Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:14 honeypot-fra-1 sshd[7671]: Invalid user admin from 128.199.160.207 port 58624","@timestamp":"2022-09-14T01:21:14.574Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:22:14 honeypot-ams-1 sshd[17153]: Disconnected from authenticating user root 61.177.173.36 port 10416 [preauth]","@timestamp":"2022-09-14T01:22:15.132Z"}
{"@timestamp":"2022-09-14T01:24:46.362Z","@version":"1","message":"Sep 14 01:24:45 honeypot-sgp-1 sshd[12234]: Received disconnect from 92.255.85.69 port 34648:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:28:22.468Z","@version":"1","message":"Sep 14 01:28:21 honeypot-sgp-1 kernel: [83995011.328807] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.96.13.144 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=14440 DF PROTO=TCP SPT=55315 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:30:33 honeypot-fra-1 kernel: [83993455.630177] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.60.133 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=31913 DF PROTO=TCP SPT=46253 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:30:33.791Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:30:33 honeypot-ams-1 sshd[17166]: Received disconnect from 61.177.173.46 port 46958:11:  [preauth]","@timestamp":"2022-09-14T01:30:34.350Z"}
{"@timestamp":"2022-09-14T01:32:57.578Z","@version":"1","message":"Sep 14 01:32:57 honeypot-sgp-1 sshd[12241]: Received disconnect from 104.248.251.225 port 36412:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:36:03 honeypot-ams-1 sshd[17171]: Disconnected from authenticating user root 159.203.66.111 port 46290 [preauth]","@timestamp":"2022-09-14T01:36:04.498Z"}
{"@timestamp":"2022-09-14T01:37:16.682Z","@version":"1","message":"Sep 14 01:37:16 honeypot-sgp-1 sshd[12247]: Connection closed by invalid user admin 178.128.125.205 port 43576 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:37:25.686Z","@version":"1","message":"Sep 14 01:37:25 honeypot-sgp-1 sshd[12243]: Disconnected from 61.177.173.46 port 34429 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:41:43 honeypot-ams-1 sshd[17181]: Received disconnect from 80.76.51.45 port 54434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:41:44.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:15 honeypot-ams-1 sshd[17185]: Invalid user test from 80.76.51.45 port 49190","@timestamp":"2022-09-14T01:42:15.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:45 honeypot-ams-1 sshd[17189]: Disconnected from authenticating user root 80.76.51.45 port 43908 [preauth]","@timestamp":"2022-09-14T01:42:45.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:43:29 honeypot-ams-1 sshd[17195]: Disconnected from authenticating user root 80.76.51.45 port 50020 [preauth]","@timestamp":"2022-09-14T01:43:30.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:44:14 honeypot-ams-1 sshd[17201]: Disconnected from authenticating user root 80.76.51.45 port 56156 [preauth]","@timestamp":"2022-09-14T01:44:14.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:44:43 honeypot-ams-1 sshd[17205]: Disconnected from invalid user git 80.76.51.45 port 50836 [preauth]","@timestamp":"2022-09-14T01:44:44.779Z"}
{"@timestamp":"2022-09-14T01:48:38.955Z","@version":"1","message":"Sep 14 01:48:38 honeypot-sgp-1 sshd[12263]: Received disconnect from 92.255.85.69 port 29648:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:50:46 honeypot-fra-1 sshd[7681]: Invalid user idemo_user from 200.73.134.13 port 39594","@timestamp":"2022-09-14T01:50:47.259Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:53:28.075Z","@version":"1","message":"Sep 14 01:53:27 honeypot-sgp-1 sshd[12273]: Invalid user user from 45.61.186.49 port 46852","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:53:39.081Z","@version":"1","message":"Sep 14 01:53:38 honeypot-sgp-1 sshd[12277]: Invalid user user from 45.61.186.49 port 58492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:53:55 honeypot-ams-1 sshd[17216]: Connection closed by authenticating user nobody 179.60.147.69 port 41472 [preauth]","@timestamp":"2022-09-14T01:53:56.019Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:56:43 honeypot-ams-1 kernel: [83997186.963032] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=14794 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:56:44.097Z"}
{"@timestamp":"2022-09-14T01:57:28.192Z","@version":"1","message":"Sep 14 01:57:27 honeypot-sgp-1 sshd[12282]: Received disconnect from 61.177.173.36 port 64405:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:57:39 honeypot-fra-1 kernel: [83995081.242930] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.60.133 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=23805 DF PROTO=TCP SPT=18353 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:57:40.417Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:02:42 honeypot-fra-1 sshd[7691]: Disconnected from authenticating user root 207.249.96.147 port 53560 [preauth]","@timestamp":"2022-09-14T02:02:43.536Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:27 honeypot-fra-1 sshd[7698]: Received disconnect from 179.43.145.74 port 59262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:04:27.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:57 honeypot-fra-1 sshd[7704]: Received disconnect from 179.43.145.74 port 40156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:04:57.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:06:13 honeypot-fra-1 sshd[7708]: Disconnected from authenticating user root 179.43.145.74 port 55364 [preauth]","@timestamp":"2022-09-14T02:06:13.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:06:56 honeypot-ams-1 sshd[17229]: Received disconnect from 61.177.173.52 port 35045:11:  [preauth]","@timestamp":"2022-09-14T02:06:57.365Z"}
{"@timestamp":"2022-09-14T02:07:12.429Z","@version":"1","message":"Sep 14 02:07:12 honeypot-sgp-1 sshd[12293]: Received disconnect from 61.177.173.36 port 49113:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:07:32 honeypot-fra-1 sshd[7712]: Disconnected from authenticating user root 143.244.158.100 port 36870 [preauth]","@timestamp":"2022-09-14T02:07:32.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:09:21 honeypot-fra-1 kernel: [83995783.604880] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=45148 DF PROTO=TCP SPT=63226 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:09:22.704Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:06 honeypot-fra-1 sshd[7723]: Disconnected from authenticating user root 143.244.158.100 port 52770 [preauth]","@timestamp":"2022-09-14T02:11:06.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:54 honeypot-fra-1 sshd[7729]: Received disconnect from 143.244.158.100 port 57276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:11:54.768Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:12:25.558Z","@version":"1","message":"Sep 14 02:12:25 honeypot-sgp-1 sshd[12298]: Disconnected from authenticating user root 92.255.85.70 port 33090 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:46 honeypot-fra-1 sshd[7734]: Disconnected from authenticating user root 143.244.158.100 port 36528 [preauth]","@timestamp":"2022-09-14T02:12:46.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:56 honeypot-fra-1 sshd[7738]: Disconnected from invalid user user 45.61.184.204 port 50844 [preauth]","@timestamp":"2022-09-14T02:12:56.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:14 honeypot-fra-1 sshd[7742]: Disconnected from invalid user user 45.61.184.204 port 45708 [preauth]","@timestamp":"2022-09-14T02:13:15.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:32 honeypot-fra-1 sshd[7747]: Disconnected from invalid user user 45.61.184.204 port 40578 [preauth]","@timestamp":"2022-09-14T02:13:33.815Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:13:47 honeypot-ams-1 kernel: [83998211.319773] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.176.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64873 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:13:48.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:14:25 honeypot-fra-1 sshd[7753]: Received disconnect from 143.244.158.100 port 44910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:14:25.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:16:08 honeypot-fra-1 sshd[7761]: Invalid user admin from 141.98.10.158 port 44018","@timestamp":"2022-09-14T02:16:08.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:17:01 honeypot-fra-1 CRON[7765]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T02:17:01.898Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:18:13.697Z","@version":"1","message":"Sep 14 02:18:13 honeypot-sgp-1 sshd[12308]: Received disconnect from 61.177.173.51 port 33838:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:18:19 honeypot-ams-1 kernel: [83998482.932966] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=26510 DF PROTO=TCP SPT=50417 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:18:19.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:05 honeypot-fra-1 sshd[7773]: Did not receive identification string from 141.255.162.226 port 33570","@timestamp":"2022-09-14T02:19:05.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:19:07 honeypot-ams-1 sshd[17678]: Received disconnect from 61.177.172.124 port 51247:11:  [preauth]","@timestamp":"2022-09-14T02:19:08.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:29 honeypot-fra-1 sshd[7778]: Invalid user user from 141.255.162.226 port 41974","@timestamp":"2022-09-14T02:19:29.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:31 honeypot-fra-1 sshd[7782]: Invalid user user from 141.255.162.226 port 48492","@timestamp":"2022-09-14T02:19:31.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:35 honeypot-fra-1 sshd[7786]: Invalid user user from 141.255.162.226 port 52836","@timestamp":"2022-09-14T02:19:35.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:20:02 honeypot-fra-1 kernel: [83996423.980125] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1053 PROTO=TCP SPT=41960 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:20:02.974Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:10 honeypot-ams-1 sshd[17685]: Disconnected from authenticating user root 109.205.213.23 port 46698 [preauth]","@timestamp":"2022-09-14T02:20:10.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:34 honeypot-ams-1 sshd[17691]: Disconnected from authenticating user root 109.205.213.23 port 33536 [preauth]","@timestamp":"2022-09-14T02:20:34.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:21:00 honeypot-ams-1 sshd[17697]: Disconnected from authenticating user root 109.205.213.23 port 48604 [preauth]","@timestamp":"2022-09-14T02:21:00.744Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:21:39 honeypot-fra-1 sshd[7794]: Invalid user admin from 157.245.157.93 port 58464","@timestamp":"2022-09-14T02:21:40.017Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:21:58 honeypot-ams-1 sshd[17701]: Disconnected from authenticating user root 109.205.213.23 port 35442 [preauth]","@timestamp":"2022-09-14T02:21:58.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:22:17 honeypot-ams-1 sshd[17706]: Disconnected from invalid user admin 109.205.213.23 port 36078 [preauth]","@timestamp":"2022-09-14T02:22:17.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:22:56 honeypot-fra-1 sshd[7798]: Disconnected from authenticating user root 143.244.158.100 port 48392 [preauth]","@timestamp":"2022-09-14T02:22:57.049Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:22:58.815Z","@version":"1","message":"Sep 14 02:22:58 honeypot-sgp-1 kernel: [83998287.775162] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55474 PROTO=TCP SPT=41960 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:24:38 honeypot-fra-1 sshd[7805]: Received disconnect from 143.244.158.100 port 33280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:24:39.092Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:26:59.916Z","@version":"1","message":"Sep 14 02:26:59 honeypot-sgp-1 sshd[12318]: Connection closed by invalid user debian 179.60.147.69 port 45874 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:27:09 honeypot-fra-1 sshd[7811]: Received disconnect from 143.244.158.100 port 53512:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:27:10.152Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:28:49 honeypot-ams-1 sshd[17715]: Received disconnect from 61.177.173.36 port 44784:11:  [preauth]","@timestamp":"2022-09-14T02:28:49.956Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:28:54 honeypot-fra-1 sshd[7818]: Received disconnect from 143.244.158.100 port 58542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:28:55.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:14 honeypot-ams-1 sshd[17720]: Invalid user user from 45.61.186.169 port 44276","@timestamp":"2022-09-14T02:29:14.971Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:29:27 honeypot-ams-1 kernel: [83999150.468335] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=43407 PROTO=TCP SPT=32167 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:29:27.979Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:39 honeypot-ams-1 sshd[17726]: Received disconnect from 45.61.186.169 port 50676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:29:39.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:30:18 honeypot-ams-1 sshd[17732]: Invalid user debian from 179.60.147.69 port 55718","@timestamp":"2022-09-14T02:30:19.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:30:37 honeypot-fra-1 sshd[7822]: Disconnected from authenticating user root 143.244.158.100 port 48160 [preauth]","@timestamp":"2022-09-14T02:30:38.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:33:10 honeypot-fra-1 sshd[7829]: Received disconnect from 143.244.158.100 port 60238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:33:11.299Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:33:42 honeypot-ams-1 sshd[17735]: Disconnected from invalid user developer 164.177.31.66 port 48690 [preauth]","@timestamp":"2022-09-14T02:33:43.098Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:34:32 honeypot-fra-1 sshd[7835]: Connection closed by authenticating user root 34.92.211.177 port 46558 [preauth]","@timestamp":"2022-09-14T02:34:32.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:35:47 honeypot-fra-1 sshd[7839]: Disconnected from authenticating user root 143.244.158.100 port 45694 [preauth]","@timestamp":"2022-09-14T02:35:48.368Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:36:38.150Z","@version":"1","message":"Sep 14 02:36:37 honeypot-sgp-1 kernel: [83999106.946924] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=51127 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:37:59 honeypot-fra-1 sshd[7845]: Received disconnect from 92.255.85.70 port 20942:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:37:59.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:39:06 honeypot-fra-1 sshd[7850]: Disconnected from authenticating user root 143.244.158.100 port 33612 [preauth]","@timestamp":"2022-09-14T02:39:07.448Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:39:59 honeypot-ams-1 sshd[17742]: Disconnected from authenticating user root 61.177.173.37 port 28006 [preauth]","@timestamp":"2022-09-14T02:39:59.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:40:41 honeypot-ams-1 sshd[17746]: Disconnected from invalid user monitor 74.208.121.225 port 54148 [preauth]","@timestamp":"2022-09-14T02:40:41.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:20 honeypot-ams-1 sshd[17753]: Received disconnect from 109.205.213.23 port 42286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:41:20.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:36 honeypot-ams-1 sshd[17759]: Received disconnect from 109.205.213.23 port 41796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:41:36.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:41:38 honeypot-fra-1 sshd[7856]: Disconnected from authenticating user root 143.244.158.100 port 55072 [preauth]","@timestamp":"2022-09-14T02:41:39.508Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:42:00 honeypot-ams-1 sshd[17765]: Received disconnect from 109.205.213.23 port 55180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:42:01.348Z"}
{"@timestamp":"2022-09-14T02:42:02.283Z","@version":"1","message":"Sep 14 02:42:01 honeypot-sgp-1 kernel: [83999430.626901] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=7479 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:42:59 honeypot-ams-1 sshd[17771]: Received disconnect from 109.205.213.23 port 40330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:42:59.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:43:16 honeypot-ams-1 sshd[17775]: Received disconnect from 109.205.213.23 port 39842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:43:16.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:44:09 honeypot-fra-1 sshd[7863]: Disconnected from authenticating user root 143.244.158.100 port 60978 [preauth]","@timestamp":"2022-09-14T02:44:10.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:45:57 honeypot-fra-1 sshd[7867]: Disconnected from authenticating user root 143.244.158.100 port 56718 [preauth]","@timestamp":"2022-09-14T02:45:57.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:47:51.427Z","@version":"1","message":"Sep 14 02:47:51 honeypot-sgp-1 sshd[12340]: Received disconnect from 43.132.121.97 port 57142:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:47:51 honeypot-ams-1 sshd[17782]: Connection closed by invalid user test 193.106.191.157 port 56492 [preauth]","@timestamp":"2022-09-14T02:47:52.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:48:28 honeypot-fra-1 sshd[7873]: Disconnected from authenticating user root 143.244.158.100 port 53748 [preauth]","@timestamp":"2022-09-14T02:48:28.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:50:10 honeypot-fra-1 sshd[7880]: Received disconnect from 143.244.158.100 port 53134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:50:10.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:51:53 honeypot-fra-1 sshd[7884]: Received disconnect from 143.244.158.100 port 53522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:51:53.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:53:06 honeypot-ams-1 kernel: [84000569.761928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.31.243.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=2013 PROTO=TCP SPT=45758 DPT=443 WINDOW=33934 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:53:06.666Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:55:56 honeypot-fra-1 kernel: [83998578.151687] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.106.220 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=49661 DF PROTO=TCP SPT=47225 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:55:56.852Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T02:56:07.655Z","@version":"1","message":"Sep 14 02:56:07 honeypot-sgp-1 sshd[12346]: Received disconnect from 61.177.173.35 port 26219:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T02:58:46.723Z","@version":"1","message":"Sep 14 02:58:46 honeypot-sgp-1 sshd[12351]: Disconnected from authenticating user root 92.255.85.70 port 15950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:01:20.791Z","@version":"1","message":"Sep 14 03:01:20 honeypot-sgp-1 kernel: [84000589.570489] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=2356 DF PROTO=TCP SPT=55391 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:01:46 honeypot-fra-1 sshd[7896]: Received disconnect from 92.255.85.70 port 45618:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:01:46.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:04:22 honeypot-ams-1 sshd[17800]: Received disconnect from 92.255.85.69 port 59728:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:04:22.981Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:04:44 honeypot-fra-1 kernel: [83999105.817817] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54455 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:04:45.064Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:07:42 honeypot-ams-1 sshd[17804]: Received disconnect from 61.177.173.36 port 43748:11:  [preauth]","@timestamp":"2022-09-14T03:07:43.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:13:05 honeypot-fra-1 sshd[7903]: Received disconnect from 128.199.74.173 port 48652:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:13:06.252Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:13:23.083Z","@version":"1","message":"Sep 14 03:13:23 honeypot-sgp-1 sshd[12365]: Did not receive identification string from 45.61.186.49 port 36230","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:13:41.093Z","@version":"1","message":"Sep 14 03:13:40 honeypot-sgp-1 sshd[12368]: Disconnected from invalid user user 45.61.186.49 port 53688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:13:52.098Z","@version":"1","message":"Sep 14 03:13:51 honeypot-sgp-1 sshd[12372]: Disconnected from invalid user user 45.61.186.49 port 37054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:30 honeypot-fra-1 sshd[7907]: Received disconnect from 45.61.184.204 port 40684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:14:31.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:48 honeypot-fra-1 sshd[7912]: Received disconnect from 45.61.184.204 port 35808:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:14:49.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:05 honeypot-fra-1 sshd[7916]: Received disconnect from 45.61.184.204 port 59152:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:15:06.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:13 honeypot-fra-1 sshd[7918]: Disconnected from invalid user user 45.61.184.204 port 42604 [preauth]","@timestamp":"2022-09-14T03:15:14.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:54 honeypot-fra-1 sshd[7924]: Disconnected from authenticating user root 179.43.156.143 port 34752 [preauth]","@timestamp":"2022-09-14T03:15:54.328Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:15:58 honeypot-ams-1 kernel: [84001942.288449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=29647 PROTO=TCP SPT=44403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:15:59.302Z"}
{"@timestamp":"2022-09-14T03:17:02.179Z","@version":"1","message":"Sep 14 03:17:01 honeypot-sgp-1 CRON[12378]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:17:16 honeypot-fra-1 sshd[7931]: Disconnected from authenticating user root 179.43.156.143 port 55154 [preauth]","@timestamp":"2022-09-14T03:17:17.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:19:19 honeypot-fra-1 sshd[7938]: Received disconnect from 179.43.156.143 port 43384:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:19:20.427Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:19:35 honeypot-ams-1 sshd[17826]: Received disconnect from 201.219.220.224 port 37460:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:19:35.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:20:41 honeypot-fra-1 sshd[7942]: Invalid user nfsnobod from 179.43.156.143 port 35572","@timestamp":"2022-09-14T03:20:41.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:22:01 honeypot-fra-1 sshd[7946]: Disconnected from authenticating user root 179.43.156.143 port 55910 [preauth]","@timestamp":"2022-09-14T03:22:02.491Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:22:21.312Z","@version":"1","message":"Sep 14 03:22:21 honeypot-sgp-1 sshd[12386]: Received disconnect from 92.255.85.69 port 37896:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:23:30.342Z","@version":"1","message":"Sep 14 03:23:29 honeypot-sgp-1 sshd[12390]: Disconnected from invalid user admin 42.200.66.164 port 45194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:24:02 honeypot-fra-1 sshd[7953]: Received disconnect from 179.43.156.143 port 44182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:24:03.538Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:27:23 honeypot-ams-1 sshd[17834]: Disconnected from authenticating user root 92.255.85.69 port 52664 [preauth]","@timestamp":"2022-09-14T03:27:23.600Z"}
{"@timestamp":"2022-09-14T03:28:34.469Z","@version":"1","message":"Sep 14 03:28:33 honeypot-sgp-1 sshd[12395]: Disconnected from invalid user ninja 89.163.178.15 port 36214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:29:20 honeypot-fra-1 sshd[7960]: Received disconnect from 74.208.121.225 port 56620:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:29:20.650Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:32:18.563Z","@version":"1","message":"Sep 14 03:32:17 honeypot-sgp-1 sshd[12403]: Invalid user admin from 210.187.80.132 port 40366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:32:35 honeypot-fra-1 kernel: [84000776.842580] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=85 PROTO=TCP SPT=48325 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:32:35.723Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:32:49 honeypot-ams-1 sshd[17840]: Disconnected from authenticating user root 61.177.173.51 port 56446 [preauth]","@timestamp":"2022-09-14T03:32:49.744Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:37:11 honeypot-fra-1 sshd[7968]: Received disconnect from 154.70.208.66 port 55164:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:37:11.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:37:18 honeypot-ams-1 sshd[17846]: Received disconnect from 61.177.173.48 port 27018:11:  [preauth]","@timestamp":"2022-09-14T03:37:18.863Z"}
{"@timestamp":"2022-09-14T03:38:10.708Z","@version":"1","message":"Sep 14 03:38:10 honeypot-sgp-1 sshd[12408]: Invalid user rosco from 49.236.192.106 port 44120","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:05 honeypot-fra-1 sshd[7970]: Did not receive identification string from 198.98.61.9 port 54782","@timestamp":"2022-09-14T03:40:05.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:22 honeypot-fra-1 sshd[7973]: Disconnected from invalid user user 198.98.61.9 port 56806 [preauth]","@timestamp":"2022-09-14T03:40:22.910Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:40:34.771Z","@version":"1","message":"Sep 14 03:40:34 honeypot-sgp-1 sshd[12414]: Connection closed by invalid user centos 179.60.147.69 port 20342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:40 honeypot-fra-1 sshd[7977]: Disconnected from invalid user user 198.98.61.9 port 51276 [preauth]","@timestamp":"2022-09-14T03:40:40.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:41:01 honeypot-fra-1 sshd[7981]: Disconnected from invalid user user 198.98.61.9 port 45796 [preauth]","@timestamp":"2022-09-14T03:41:01.927Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:41:46 honeypot-ams-1 kernel: [84003489.612868] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.11.113.133 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=38664 PROTO=TCP SPT=64556 DPT=443 WINDOW=5885 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:41:46.979Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:44:07 honeypot-fra-1 sshd[7988]: Received disconnect from 159.203.113.193 port 34352:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:44:07.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:51:00 honeypot-ams-1 sshd[17856]: Disconnected from authenticating user root 92.255.85.70 port 31002 [preauth]","@timestamp":"2022-09-14T03:51:01.219Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:07 honeypot-fra-1 sshd[8012]: Disconnected from invalid user jf 115.92.154.46 port 65422 [preauth]","@timestamp":"2022-09-14T03:51:08.172Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:25 honeypot-fra-1 sshd[8016]: Disconnected from invalid user escort 60.199.224.55 port 56942 [preauth]","@timestamp":"2022-09-14T03:51:26.181Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:55:03.130Z","@version":"1","message":"Sep 14 03:55:02 honeypot-sgp-1 sshd[12422]: Disconnected from authenticating user root 61.177.173.36 port 15468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:57:40 honeypot-ams-1 sshd[17864]: Received disconnect from 61.177.173.53 port 51613:11:  [preauth]","@timestamp":"2022-09-14T03:57:41.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:59:34 honeypot-fra-1 kernel: [84002395.569685] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=50741 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:59:34.366Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T04:03:36.339Z","@version":"1","message":"Sep 14 04:03:36 honeypot-sgp-1 sshd[12434]: Disconnected from 206.81.0.243 port 45574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:04:47 honeypot-ams-1 kernel: [84004870.771979] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=23299 DF PROTO=TCP SPT=59741 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T04:04:47.580Z"}
{"@timestamp":"2022-09-14T04:05:42.393Z","@version":"1","message":"Sep 14 04:05:41 honeypot-sgp-1 sshd[12438]: Received disconnect from 144.24.190.159 port 53544:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:09:16 honeypot-fra-1 kernel: [84002977.530664] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.8 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=47763 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:09:16.593Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:13:09 honeypot-fra-1 sshd[8036]: Invalid user healthtech from 103.145.50.51 port 39518","@timestamp":"2022-09-14T04:13:10.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:13:56 honeypot-fra-1 sshd[8038]: Disconnected from invalid user rekha 178.128.165.94 port 59342 [preauth]","@timestamp":"2022-09-14T04:13:56.703Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:17:01 honeypot-ams-1 CRON[17876]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T04:17:01.897Z"}
{"@timestamp":"2022-09-14T04:17:01.671Z","@version":"1","message":"Sep 14 04:17:01 honeypot-sgp-1 CRON[12445]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:20:32 honeypot-fra-1 sshd[8046]: Received disconnect from 45.186.248.135 port 32903:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:20:32.851Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:23:47.838Z","@version":"1","message":"Sep 14 04:23:47 honeypot-sgp-1 sshd[12451]: Received disconnect from 128.199.32.98 port 57062:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:24:48 honeypot-fra-1 sshd[8053]: Invalid user kundert from 165.22.45.108 port 50012","@timestamp":"2022-09-14T04:24:48.949Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:35 honeypot-ams-1 sshd[17883]: Disconnected from authenticating user root 121.25.250.163 port 58226 [preauth]","@timestamp":"2022-09-14T04:25:36.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:41 honeypot-ams-1 sshd[17889]: Received disconnect from 121.25.250.163 port 50090:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:42.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:47 honeypot-ams-1 sshd[17895]: Received disconnect from 121.25.250.163 port 47694:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:48.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:52 honeypot-ams-1 sshd[17901]: Received disconnect from 121.25.250.163 port 37200:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:53.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:00 honeypot-ams-1 sshd[17907]: Received disconnect from 121.25.250.163 port 44432:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:00.130Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:14 honeypot-ams-1 sshd[17913]: Received disconnect from 121.25.250.163 port 52794:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:15.139Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:21 honeypot-ams-1 sshd[17919]: Received disconnect from 121.25.250.163 port 50786:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:22.144Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:27 honeypot-ams-1 sshd[17925]: Received disconnect from 121.25.250.163 port 50008:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:28.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:34 honeypot-ams-1 sshd[17931]: Received disconnect from 121.25.250.163 port 50272:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:35.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:43 honeypot-ams-1 sshd[17937]: Received disconnect from 121.25.250.163 port 42912:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:44.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:51 honeypot-ams-1 sshd[17943]: Received disconnect from 121.25.250.163 port 49082:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:52.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:58 honeypot-ams-1 sshd[17949]: Received disconnect from 121.25.250.163 port 41010:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:59.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:02 honeypot-ams-1 sshd[17953]: Disconnected from invalid user admin 121.25.250.163 port 46386 [preauth]","@timestamp":"2022-09-14T04:27:03.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:05 honeypot-ams-1 sshd[17957]: Disconnected from invalid user admin 121.25.250.163 port 46808 [preauth]","@timestamp":"2022-09-14T04:27:06.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:11 honeypot-ams-1 sshd[17961]: Disconnected from invalid user admin 121.25.250.163 port 34120 [preauth]","@timestamp":"2022-09-14T04:27:11.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:15 honeypot-ams-1 sshd[17965]: Disconnected from invalid user admin 121.25.250.163 port 56008 [preauth]","@timestamp":"2022-09-14T04:27:16.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:21 honeypot-ams-1 sshd[17969]: Disconnected from invalid user admin 121.25.250.163 port 33462 [preauth]","@timestamp":"2022-09-14T04:27:22.182Z"}
{"@timestamp":"2022-09-14T04:27:23.928Z","@version":"1","message":"Sep 14 04:27:23 honeypot-sgp-1 sshd[12456]: Received disconnect from 141.144.193.76 port 47430:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:27 honeypot-ams-1 sshd[17973]: Disconnected from invalid user user 121.25.250.163 port 57004 [preauth]","@timestamp":"2022-09-14T04:27:28.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:36 honeypot-ams-1 sshd[17979]: Received disconnect from 121.25.250.163 port 50410:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:36.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:39 honeypot-ams-1 sshd[17983]: Received disconnect from 121.25.250.163 port 33968:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:40.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:43 honeypot-ams-1 sshd[17987]: Received disconnect from 121.25.250.163 port 33426:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:43.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:49 honeypot-ams-1 sshd[17991]: Received disconnect from 121.25.250.163 port 38024:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:50.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:55 honeypot-ams-1 sshd[17995]: Received disconnect from 121.25.250.163 port 35366:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:56.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:01 honeypot-ams-1 sshd[17999]: Received disconnect from 121.25.250.163 port 37322:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:02.207Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:09 honeypot-ams-1 sshd[18003]: Received disconnect from 121.25.250.163 port 39258:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:10.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:14 honeypot-ams-1 sshd[18007]: Received disconnect from 121.25.250.163 port 41380:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:15.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:18 honeypot-ams-1 sshd[18011]: Received disconnect from 121.25.250.163 port 56446:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:19.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:23 honeypot-ams-1 sshd[18015]: Received disconnect from 121.25.250.163 port 34772:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:24.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:29 honeypot-ams-1 sshd[18019]: Received disconnect from 121.25.250.163 port 57818:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:29.226Z"}
{"@timestamp":"2022-09-14T04:30:44.014Z","@version":"1","message":"Sep 14 04:30:43 honeypot-sgp-1 kernel: [84005952.181207] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=11954 PROTO=TCP SPT=42183 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:34:06 honeypot-ams-1 kernel: [84006629.919143] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=87.4.107.101 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=2647 PROTO=TCP SPT=15434 DPT=443 WINDOW=29706 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:34:07.368Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:38:17 honeypot-fra-1 kernel: [84004719.255599] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.176.27 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61638 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:38:18.248Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:38:41 honeypot-ams-1 kernel: [84006904.737731] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40989 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:38:41.489Z"}
{"@timestamp":"2022-09-14T04:39:11.221Z","@version":"1","message":"Sep 14 04:39:10 honeypot-sgp-1 sshd[12465]: Received disconnect from 144.24.178.128 port 56870:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:44:40 honeypot-ams-1 sshd[18031]: Invalid user admin from 148.153.82.141 port 35592","@timestamp":"2022-09-14T04:44:41.645Z"}
{"@timestamp":"2022-09-14T04:46:34.403Z","@version":"1","message":"Sep 14 04:46:33 honeypot-sgp-1 sshd[12470]: Received disconnect from 183.82.96.133 port 37928:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:47:15 honeypot-ams-1 kernel: [84007418.608183] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.147.156 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=63309 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:47:15.710Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:47:52 honeypot-fra-1 sshd[8066]: Received disconnect from 45.61.186.249 port 55878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T04:47:53.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:11 honeypot-fra-1 sshd[8070]: Received disconnect from 45.61.186.249 port 50550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T04:48:11.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:28 honeypot-fra-1 sshd[8074]: Received disconnect from 45.61.186.249 port 45228:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T04:48:29.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:38 honeypot-fra-1 kernel: [84005339.828075] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.60.133 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=28382 DF PROTO=TCP SPT=55421 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:48:38.486Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T04:56:24.643Z","@version":"1","message":"Sep 14 04:56:24 honeypot-sgp-1 sshd[12475]: Received disconnect from 92.255.85.70 port 55508:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:01:59 honeypot-fra-1 kernel: [84006141.198155] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=7988 DF PROTO=TCP SPT=61430 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T05:02:00.786Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:11:13 honeypot-ams-1 sshd[18042]: Connection closed by invalid user test 193.106.191.157 port 58784 [preauth]","@timestamp":"2022-09-14T05:11:13.315Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:12:21 honeypot-fra-1 sshd[8091]: Disconnected from invalid user kundert 165.22.45.108 port 55008 [preauth]","@timestamp":"2022-09-14T05:12:22.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T05:17:01.134Z","@version":"1","message":"Sep 14 05:17:01 honeypot-sgp-1 CRON[12479]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:18:51 honeypot-ams-1 kernel: [84009315.121356] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48105 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:18:52.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:22:35 honeypot-fra-1 kernel: [84007377.129003] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.236.109 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56690 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:22:36.249Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:25:14 honeypot-ams-1 sshd[18054]: Disconnected from authenticating user root 92.255.85.69 port 28378 [preauth]","@timestamp":"2022-09-14T05:25:15.677Z"}
{"@timestamp":"2022-09-14T05:26:56.373Z","@version":"1","message":"Sep 14 05:26:56 honeypot-sgp-1 kernel: [84009325.454035] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=36942 PROTO=TCP SPT=52857 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:28:10 honeypot-fra-1 kernel: [84007711.560066] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=200.110.54.93 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=11517 DF PROTO=TCP SPT=45727 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:28:10.375Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:30:33 honeypot-ams-1 sshd[18057]: Invalid user test from 193.106.191.157 port 44046","@timestamp":"2022-09-14T05:30:34.812Z"}
{"@timestamp":"2022-09-14T05:31:05.475Z","@version":"1","message":"Sep 14 05:31:04 honeypot-sgp-1 sshd[12489]: Invalid user user from 45.61.184.204 port 33666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:24.483Z","@version":"1","message":"Sep 14 05:31:23 honeypot-sgp-1 sshd[12493]: Invalid user user from 45.61.184.204 port 56980","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:41.492Z","@version":"1","message":"Sep 14 05:31:41 honeypot-sgp-1 sshd[12497]: Invalid user user from 45.61.184.204 port 52040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:35:40.606Z","@version":"1","message":"Sep 14 05:35:39 honeypot-sgp-1 sshd[12502]: Invalid user test123 from 43.155.83.218 port 50810","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:40:54 honeypot-fra-1 sshd[8107]: Connection closed by invalid user test 193.106.191.157 port 57034 [preauth]","@timestamp":"2022-09-14T05:40:54.661Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T05:42:38.775Z","@version":"1","message":"Sep 14 05:42:38 honeypot-sgp-1 sshd[12507]: Did not receive identification string from 45.61.187.160 port 46358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:12.791Z","@version":"1","message":"Sep 14 05:43:12 honeypot-sgp-1 sshd[12510]: Disconnected from invalid user user 45.61.187.160 port 58814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:43:26 honeypot-ams-1 kernel: [84010790.053843] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=63025 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:43:27.143Z"}
{"@timestamp":"2022-09-14T05:43:31.800Z","@version":"1","message":"Sep 14 05:43:30 honeypot-sgp-1 sshd[12516]: Invalid user user from 45.61.187.160 port 53476","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:48.808Z","@version":"1","message":"Sep 14 05:43:48 honeypot-sgp-1 sshd[12520]: Invalid user user from 45.61.187.160 port 48140","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:46:17.870Z","@version":"1","message":"Sep 14 05:46:17 honeypot-sgp-1 kernel: [84010486.712204] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21926 PROTO=TCP SPT=49365 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:52:09 honeypot-ams-1 sshd[18065]: Received disconnect from 138.197.19.166 port 59666:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:52:09.381Z"}
{"@timestamp":"2022-09-14T05:57:19.160Z","@version":"1","message":"Sep 14 05:57:18 honeypot-sgp-1 kernel: [84011147.417369] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44889 PROTO=TCP SPT=54166 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:57:50 honeypot-fra-1 sshd[8118]: Received disconnect from 5.58.8.4 port 53280:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:57:51.055Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:59:31 honeypot-ams-1 kernel: [84011754.344547] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=49872 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:59:31.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:59:49 honeypot-fra-1 sshd[8122]: Received disconnect from 165.22.45.108 port 59984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T05:59:50.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:04:21 honeypot-fra-1 kernel: [84009882.911187] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.104.9 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=53497 DF PROTO=TCP SPT=7744 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:04:22.207Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:04:25 honeypot-ams-1 sshd[18076]: Received disconnect from 143.244.158.100 port 44666:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:04:26.699Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:06:55 honeypot-fra-1 sshd[8231]: Invalid user user from 45.61.186.249 port 34338","@timestamp":"2022-09-14T06:06:56.268Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:06:59 honeypot-ams-1 sshd[18084]: Received disconnect from 143.244.158.100 port 55486:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:06:59.767Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:13 honeypot-fra-1 sshd[8235]: Invalid user user from 45.61.186.249 port 57268","@timestamp":"2022-09-14T06:07:14.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:30 honeypot-fra-1 sshd[8239]: Invalid user user from 45.61.186.249 port 51990","@timestamp":"2022-09-14T06:07:31.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:08:10 honeypot-fra-1 kernel: [84010112.229382] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53432 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:08:11.302Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T06:08:30.453Z","@version":"1","message":"Sep 14 06:08:29 honeypot-sgp-1 kernel: [84011818.786464] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60983 PROTO=TCP SPT=55602 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:08:40 honeypot-ams-1 sshd[18091]: Received disconnect from 143.244.158.100 port 50538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:08:40.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:10:16 honeypot-ams-1 sshd[18095]: Disconnected from authenticating user root 143.244.158.100 port 58510 [preauth]","@timestamp":"2022-09-14T06:10:16.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:11:52 honeypot-ams-1 sshd[23795]: Disconnected from authenticating user root 143.244.158.100 port 48514 [preauth]","@timestamp":"2022-09-14T06:11:52.903Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:12:43 honeypot-fra-1 kernel: [84010385.091847] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.137.220 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=21559 PROTO=TCP SPT=55950 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:12:44.406Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:13:29 honeypot-ams-1 sshd[23804]: Disconnected from authenticating user root 143.244.158.100 port 53458 [preauth]","@timestamp":"2022-09-14T06:13:29.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:15:04 honeypot-ams-1 sshd[23810]: Received disconnect from 143.244.158.100 port 56746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:15:04.993Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:16:48 honeypot-ams-1 sshd[23816]: Received disconnect from 143.244.158.100 port 49462:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:16:49.042Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:17:01 honeypot-fra-1 CRON[8250]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T06:17:02.531Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:18:29 honeypot-ams-1 sshd[23823]: Received disconnect from 143.244.158.100 port 33032:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:18:30.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:20:56 honeypot-ams-1 sshd[23829]: Received disconnect from 143.244.158.100 port 42958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:20:57.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:21:38 honeypot-ams-1 sshd[23831]: Disconnected from invalid user admin 2.204.77.74 port 42016 [preauth]","@timestamp":"2022-09-14T06:21:39.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:23:26 honeypot-ams-1 sshd[23838]: Disconnected from authenticating user root 143.244.158.100 port 45850 [preauth]","@timestamp":"2022-09-14T06:23:27.223Z"}
{"@timestamp":"2022-09-14T06:24:05.830Z","@version":"1","message":"Sep 14 06:24:05 honeypot-sgp-1 kernel: [84012754.856976] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=51212 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:25:07 honeypot-ams-1 CRON[23842]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T06:25:07.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:26:43 honeypot-ams-1 sshd[24021]: Received disconnect from 143.244.158.100 port 38080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:26:44.319Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:27:18 honeypot-fra-1 kernel: [84011259.460973] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.201.241.41 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=42782 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:27:18.763Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:28:19 honeypot-ams-1 sshd[24026]: Disconnected from authenticating user root 143.244.158.100 port 56868 [preauth]","@timestamp":"2022-09-14T06:28:19.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:30:07 honeypot-ams-1 sshd[24030]: Received disconnect from 162.243.136.58 port 36010:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:30:07.413Z"}
{"@timestamp":"2022-09-14T06:30:26.002Z","@version":"1","message":"Sep 14 06:30:25 honeypot-sgp-1 sshd[12687]: Received disconnect from 92.255.85.69 port 51228:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:31:50 honeypot-ams-1 sshd[24036]: Received disconnect from 143.244.158.100 port 60550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:31:51.460Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:33:28 honeypot-fra-1 sshd[8393]: Disconnected from authenticating user root 92.255.85.69 port 60234 [preauth]","@timestamp":"2022-09-14T06:33:28.904Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:34:21 honeypot-ams-1 sshd[24043]: Received disconnect from 143.244.158.100 port 51552:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:34:21.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:35:50 honeypot-ams-1 sshd[24047]: Disconnected from authenticating user root 92.255.85.70 port 26118 [preauth]","@timestamp":"2022-09-14T06:35:50.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:36:51 honeypot-ams-1 sshd[24051]: Disconnected from authenticating user root 143.244.158.100 port 58248 [preauth]","@timestamp":"2022-09-14T06:36:51.600Z"}
{"@timestamp":"2022-09-14T06:37:53.188Z","@version":"1","message":"Sep 14 06:37:53 honeypot-sgp-1 sshd[12691]: Received disconnect from 45.61.186.49 port 41106:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:38:03.194Z","@version":"1","message":"Sep 14 06:38:02 honeypot-sgp-1 sshd[12695]: Received disconnect from 45.61.186.49 port 52602:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:38:04 honeypot-fra-1 kernel: [84011905.714991] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=59852 DF PROTO=TCP SPT=35708 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:38:05.009Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:39:05 honeypot-ams-1 sshd[24060]: Received disconnect from 84.42.96.48 port 54732:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:39:06.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:40:57 honeypot-ams-1 sshd[24066]: Received disconnect from 143.244.158.100 port 55840:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:40:57.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:40:59 honeypot-fra-1 kernel: [84012081.031173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.60.133 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=10108 DF PROTO=TCP SPT=51651 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:41:00.076Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T06:41:08.271Z","@version":"1","message":"Sep 14 06:41:07 honeypot-sgp-1 sshd[12700]: Disconnected from invalid user user 45.61.186.49 port 40120 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:41:17.276Z","@version":"1","message":"Sep 14 06:41:16 honeypot-sgp-1 sshd[12704]: Disconnected from invalid user user 45.61.186.49 port 51698 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:43:26 honeypot-ams-1 sshd[24072]: Received disconnect from 143.244.158.100 port 56280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:43:26.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:45:52 honeypot-ams-1 sshd[24079]: Received disconnect from 143.244.158.100 port 51962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:45:52.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:47:30 honeypot-ams-1 sshd[24083]: Disconnected from authenticating user root 143.244.158.100 port 58118 [preauth]","@timestamp":"2022-09-14T06:47:30.892Z"}
{"@timestamp":"2022-09-14T06:52:49.560Z","@version":"1","message":"Sep 14 06:52:48 honeypot-sgp-1 sshd[12714]: Connection closed by authenticating user root 103.188.176.251 port 43548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:54:19.605Z","@version":"1","message":"Sep 14 06:54:18 honeypot-sgp-1 sshd[12721]: Disconnected from authenticating user root 92.255.85.69 port 61060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:55:04 honeypot-ams-1 kernel: [84015087.676057] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=29520 DF PROTO=TCP SPT=30544 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:55:05.086Z"}
{"@timestamp":"2022-09-14T06:59:08.726Z","@version":"1","message":"Sep 14 06:59:07 honeypot-sgp-1 sshd[12821]: Received disconnect from 34.92.220.10 port 2818:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:59:26 honeypot-fra-1 sshd[8408]: Invalid user csgo from 206.189.128.17 port 42440","@timestamp":"2022-09-14T06:59:26.485Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:04:09.852Z","@version":"1","message":"Sep 14 07:04:09 honeypot-sgp-1 sshd[12826]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 40015","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:06:02 honeypot-fra-1 sshd[8413]: Invalid user admin from 195.24.148.206 port 64875","@timestamp":"2022-09-14T07:06:02.638Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:11:10 honeypot-fra-1 sshd[8418]: Received disconnect from 167.71.110.45 port 48458:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:11:10.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:14 honeypot-fra-1 sshd[8423]: Invalid user user from 141.255.162.226 port 60574","@timestamp":"2022-09-14T07:12:14.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:16 honeypot-fra-1 sshd[8425]: Disconnected from invalid user user 141.255.162.226 port 38666 [preauth]","@timestamp":"2022-09-14T07:12:16.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:21 honeypot-fra-1 sshd[8431]: Invalid user user from 141.255.162.226 port 51314","@timestamp":"2022-09-14T07:12:21.787Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:13:01 honeypot-ams-1 kernel: [84016164.284704] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.202.76.83 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=4423 PROTO=TCP SPT=15392 DPT=80 WINDOW=29792 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:13:01.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:14:29 honeypot-fra-1 kernel: [84014090.501038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.138 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=10122 PROTO=TCP SPT=49511 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:14:29.836Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T07:17:02.166Z","@version":"1","message":"Sep 14 07:17:01 honeypot-sgp-1 CRON[12833]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:07.169Z","@version":"1","message":"Sep 14 07:17:06 honeypot-sgp-1 sshd[12836]: Disconnected from invalid user user 45.61.186.49 port 47900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:15.173Z","@version":"1","message":"Sep 14 07:17:15 honeypot-sgp-1 sshd[12840]: Disconnected from invalid user user 45.61.186.49 port 59096 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:17:33 honeypot-fra-1 sshd[8441]: Did not receive identification string from 172.104.131.24 port 60534","@timestamp":"2022-09-14T07:17:34.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:19:27 honeypot-fra-1 sshd[8446]: Received disconnect from 34.231.32.12 port 47136:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:19:27.955Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:19:43 honeypot-ams-1 sshd[24097]: Disconnected from authenticating user root 46.19.141.122 port 36978 [preauth]","@timestamp":"2022-09-14T07:19:44.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:32 honeypot-ams-1 sshd[24102]: Disconnected from invalid user admin 46.19.141.122 port 47892 [preauth]","@timestamp":"2022-09-14T07:21:32.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:47 honeypot-ams-1 sshd[24106]: Disconnected from invalid user user 198.98.61.9 port 51476 [preauth]","@timestamp":"2022-09-14T07:21:47.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:05 honeypot-ams-1 sshd[24111]: Disconnected from invalid user user 198.98.61.9 port 46744 [preauth]","@timestamp":"2022-09-14T07:22:05.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:13 honeypot-ams-1 sshd[24115]: Disconnected from invalid user user 198.98.61.9 port 58462 [preauth]","@timestamp":"2022-09-14T07:22:14.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:30 honeypot-ams-1 sshd[24119]: Disconnected from invalid user user 198.98.61.9 port 53738 [preauth]","@timestamp":"2022-09-14T07:22:30.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:51 honeypot-ams-1 sshd[24123]: Disconnected from authenticating user root 46.19.141.122 port 58824 [preauth]","@timestamp":"2022-09-14T07:22:51.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:46 honeypot-ams-1 sshd[24129]: Invalid user ubnt from 46.19.141.122 port 37862","@timestamp":"2022-09-14T07:23:46.838Z"}
{"@timestamp":"2022-09-14T07:23:56.338Z","@version":"1","message":"Sep 14 07:23:56 honeypot-sgp-1 sshd[12845]: Invalid user infusion-stoked from 139.59.188.13 port 57354","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:24:04 honeypot-ams-1 sshd[24133]: Received disconnect from 46.19.141.122 port 41518:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:24:04.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:33:59 honeypot-fra-1 kernel: [84015260.876699] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=14.98.219.214 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=247 ID=17032 PROTO=TCP SPT=59630 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:34:00.278Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:35:35 honeypot-fra-1 sshd[8453]: Disconnected from invalid user kundert 165.22.45.108 port 41684 [preauth]","@timestamp":"2022-09-14T07:35:36.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:37:20 honeypot-ams-1 sshd[24139]: Connection closed by invalid user admin 221.160.105.162 port 44117 [preauth]","@timestamp":"2022-09-14T07:37:21.185Z"}
{"@timestamp":"2022-09-14T07:38:41.697Z","@version":"1","message":"Sep 14 07:38:40 honeypot-sgp-1 sshd[12851]: Invalid user user from 141.255.162.226 port 52838","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:46.701Z","@version":"1","message":"Sep 14 07:38:46 honeypot-sgp-1 sshd[12853]: Received disconnect from 141.255.162.226 port 48174:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:49.702Z","@version":"1","message":"Sep 14 07:38:49 honeypot-sgp-1 sshd[12857]: Invalid user user from 141.255.162.226 port 35692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:41:39 honeypot-fra-1 sshd[8460]: Disconnected from invalid user grid 202.53.1.114 port 45072 [preauth]","@timestamp":"2022-09-14T07:41:40.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:45:03 honeypot-ams-1 sshd[24144]: Received disconnect from 149.56.102.60 port 38928:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:45:04.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:48:35 honeypot-fra-1 kernel: [84016136.373422] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=174.138.54.142 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60366 PROTO=TCP SPT=41411 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:48:35.609Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:49:42 honeypot-ams-1 kernel: [84018365.313800] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.215 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45830 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:49:42.507Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:50:07 honeypot-fra-1 sshd[8470]: Disconnected from invalid user skynet 144.217.13.134 port 58260 [preauth]","@timestamp":"2022-09-14T07:50:08.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:20 honeypot-ams-1 sshd[24223]: Received disconnect from 45.61.184.204 port 36172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:53:21.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:41 honeypot-ams-1 sshd[24228]: Received disconnect from 45.61.184.204 port 60326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:53:41.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:54:00 honeypot-ams-1 sshd[24232]: Received disconnect from 45.61.184.204 port 56238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:54:01.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:54:46 honeypot-ams-1 sshd[24236]: Connection closed by invalid user test 193.106.191.157 port 46254 [preauth]","@timestamp":"2022-09-14T07:54:46.646Z"}
{"@timestamp":"2022-09-14T07:59:56.209Z","@version":"1","message":"Sep 14 07:59:55 honeypot-sgp-1 kernel: [84018504.276506] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.153 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56793 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:01:16 honeypot-ams-1 kernel: [84019060.033296] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.32 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59418 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:01:17.818Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:04:02 honeypot-fra-1 kernel: [84017063.750311] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37513 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:04:02.965Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T08:06:44.378Z","@version":"1","message":"Sep 14 08:06:43 honeypot-sgp-1 kernel: [84018912.626662] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.198.69.119 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=43317 PROTO=TCP SPT=41411 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:09:59 honeypot-ams-1 sshd[24243]: Disconnected from authenticating user root 92.255.85.70 port 43082 [preauth]","@timestamp":"2022-09-14T08:10:00.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:14:51 honeypot-ams-1 sshd[24249]: Disconnected from invalid user user 45.61.186.49 port 33042 [preauth]","@timestamp":"2022-09-14T08:14:52.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:15:00 honeypot-ams-1 sshd[24253]: Disconnected from invalid user user 45.61.186.49 port 44298 [preauth]","@timestamp":"2022-09-14T08:15:00.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:17:01 honeypot-ams-1 CRON[24260]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T08:17:01.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:17:01 honeypot-fra-1 CRON[8498]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T08:17:02.259Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:53 honeypot-ams-1 sshd[24264]: Disconnected from invalid user user 141.255.162.226 port 38202 [preauth]","@timestamp":"2022-09-14T08:18:54.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:55 honeypot-ams-1 sshd[24268]: Disconnected from invalid user user 141.255.162.226 port 53914 [preauth]","@timestamp":"2022-09-14T08:18:56.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:19:00 honeypot-ams-1 sshd[24272]: Disconnected from invalid user user 141.255.162.226 port 41436 [preauth]","@timestamp":"2022-09-14T08:19:00.292Z"}
{"@timestamp":"2022-09-14T08:20:26.713Z","@version":"1","message":"Sep 14 08:20:25 honeypot-sgp-1 sshd[12897]: Invalid user redis from 34.93.196.224 port 60444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:20:57 honeypot-ams-1 sshd[24278]: Received disconnect from 45.61.186.169 port 44788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:20:58.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:14 honeypot-ams-1 sshd[24282]: Received disconnect from 45.61.186.169 port 39502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:21:15.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:31 honeypot-ams-1 sshd[24286]: Received disconnect from 45.61.186.169 port 34222:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:21:31.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:46 honeypot-ams-1 sshd[24290]: Received disconnect from 45.61.186.169 port 57158:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:21:47.374Z"}
{"@timestamp":"2022-09-14T08:26:32.863Z","@version":"1","message":"Sep 14 08:26:32 honeypot-sgp-1 sshd[12921]: Invalid user godzilla from 217.67.121.75 port 10888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:28:16.908Z","@version":"1","message":"Sep 14 08:28:16 honeypot-sgp-1 sshd[12925]: Received disconnect from 92.255.85.69 port 57172:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:28:39 honeypot-fra-1 kernel: [84018540.909291] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.248.6.38 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x20 TTL=74 ID=9650 PROTO=TCP SPT=42818 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:28:40.523Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T08:30:43.970Z","@version":"1","message":"Sep 14 08:30:43 honeypot-sgp-1 kernel: [84020352.383280] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=63374 PROTO=TCP SPT=44202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:34:15 honeypot-ams-1 sshd[24313]: Disconnected from authenticating user root 92.255.85.70 port 40686 [preauth]","@timestamp":"2022-09-14T08:34:15.693Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:34:21 honeypot-fra-1 kernel: [84018882.565052] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=97.107.142.107 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63192 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:34:21.656Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:20 honeypot-ams-1 sshd[24320]: Invalid user zxvf from 69.250.26.126 port 57846","@timestamp":"2022-09-14T08:38:20.799Z"}
{"@timestamp":"2022-09-14T08:38:36.172Z","@version":"1","message":"Sep 14 08:38:35 honeypot-sgp-1 sshd[12933]: Invalid user user from 141.255.162.226 port 47534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:36 honeypot-ams-1 sshd[24323]: Disconnected from invalid user user 141.255.162.226 port 53966 [preauth]","@timestamp":"2022-09-14T08:38:36.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:37 honeypot-ams-1 sshd[24327]: Disconnected from invalid user user 141.255.162.226 port 49126 [preauth]","@timestamp":"2022-09-14T08:38:38.810Z"}
{"@timestamp":"2022-09-14T08:38:40.175Z","@version":"1","message":"Sep 14 08:38:39 honeypot-sgp-1 sshd[12937]: Invalid user user from 141.255.162.226 port 50480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:38:41.176Z","@version":"1","message":"Sep 14 08:38:40 honeypot-sgp-1 sshd[12941]: Invalid user user from 141.255.162.226 port 58278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:41 honeypot-ams-1 sshd[24331]: Disconnected from invalid user user 141.255.162.226 port 36494 [preauth]","@timestamp":"2022-09-14T08:38:42.813Z"}
{"@timestamp":"2022-09-14T08:38:44.177Z","@version":"1","message":"Sep 14 08:38:43 honeypot-sgp-1 sshd[12945]: Connection closed by 141.255.162.226 port 37850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:50:45 honeypot-ams-1 kernel: [84022028.934802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.9.150.141 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=63998 PROTO=TCP SPT=44606 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:50:46.123Z"}
{"@timestamp":"2022-09-14T08:52:02.513Z","@version":"1","message":"Sep 14 08:52:01 honeypot-sgp-1 sshd[12952]: Invalid user sampler2 from 103.240.110.130 port 36218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:54:44 honeypot-fra-1 sshd[8515]: Invalid user cnt from 141.98.10.158 port 37834","@timestamp":"2022-09-14T08:54:45.134Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:00:26 honeypot-fra-1 sshd[8520]: Connection closed by authenticating user root 103.188.176.251 port 39722 [preauth]","@timestamp":"2022-09-14T09:00:26.266Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:02:20.772Z","@version":"1","message":"Sep 14 09:02:19 honeypot-sgp-1 kernel: [84022248.675630] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41007 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:08:24 honeypot-ams-1 kernel: [84023088.045766] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.117.152.98 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=46590 PROTO=TCP SPT=2208 DPT=80 WINDOW=61739 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:08:25.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:11:05 honeypot-fra-1 sshd[8524]: Invalid user kundert from 165.22.45.108 port 51550","@timestamp":"2022-09-14T09:11:06.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:15:44.109Z","@version":"1","message":"Sep 14 09:15:43 honeypot-sgp-1 sshd[12962]: Disconnected from authenticating user root 92.255.85.69 port 22476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:17:01 honeypot-ams-1 CRON[24350]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T09:17:01.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:18:32 honeypot-fra-1 sshd[8530]: Disconnected from authenticating user root 92.255.85.69 port 61886 [preauth]","@timestamp":"2022-09-14T09:18:33.678Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:22:57.292Z","@version":"1","message":"Sep 14 09:22:56 honeypot-sgp-1 kernel: [84023485.283315] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45859 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:23:19 honeypot-ams-1 kernel: [84023982.183631] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60390 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:23:19.959Z"}
{"@timestamp":"2022-09-14T09:25:07.352Z","@version":"1","message":"Sep 14 09:25:06 honeypot-sgp-1 sshd[12972]: Received disconnect from 210.196.250.246 port 49042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:29:10 honeypot-ams-1 kernel: [84024334.027941] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=129.153.212.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=59681 PROTO=TCP SPT=26208 DPT=80 WINDOW=44238 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:29:11.111Z"}
{"@timestamp":"2022-09-14T09:29:23.461Z","@version":"1","message":"Sep 14 09:29:22 honeypot-sgp-1 sshd[12975]: Connection closed by invalid user admin 178.128.125.205 port 46936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T09:29:23.461Z","@version":"1","message":"Sep 14 09:29:22 honeypot-sgp-1 sshd[12981]: Connection closed by invalid user admin 178.128.125.205 port 46964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:30:02 honeypot-ams-1 sshd[24362]: Disconnected from authenticating user root 80.76.51.189 port 60894 [preauth]","@timestamp":"2022-09-14T09:30:03.139Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:31:07 honeypot-fra-1 sshd[8535]: Received disconnect from 80.253.31.232 port 42952:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:31:07.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:31:18 honeypot-ams-1 sshd[24368]: Disconnected from authenticating user root 80.76.51.189 port 42402 [preauth]","@timestamp":"2022-09-14T09:31:19.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:32:38 honeypot-ams-1 sshd[24374]: Received disconnect from 80.76.51.189 port 52150:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:32:38.213Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:33:38 honeypot-ams-1 kernel: [84024601.479508] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=85.184.50.128 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44359 DF PROTO=TCP SPT=45653 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:33:39.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:34:57 honeypot-ams-1 sshd[24385]: Invalid user admin from 80.76.51.189 port 40138","@timestamp":"2022-09-14T09:34:57.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:35:52 honeypot-ams-1 sshd[24389]: Invalid user ansible from 80.76.51.189 port 46626","@timestamp":"2022-09-14T09:35:53.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:36:48 honeypot-ams-1 sshd[24393]: Invalid user ansible from 80.76.51.189 port 53114","@timestamp":"2022-09-14T09:36:49.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:37:44 honeypot-ams-1 sshd[24397]: Received disconnect from 80.76.51.189 port 59602:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:37:45.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:38:42 honeypot-ams-1 sshd[24401]: Disconnected from invalid user oracle 80.76.51.189 port 37866 [preauth]","@timestamp":"2022-09-14T09:38:43.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:40:12 honeypot-ams-1 sshd[24408]: Received disconnect from 80.76.51.189 port 47594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:40:13.425Z"}
{"@timestamp":"2022-09-14T09:40:52.748Z","@version":"1","message":"Sep 14 09:40:52 honeypot-sgp-1 sshd[12988]: Received disconnect from 94.179.133.22 port 10497:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:41:13 honeypot-ams-1 sshd[24412]: Received disconnect from 80.76.51.189 port 54084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:41:14.455Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:42:56 honeypot-fra-1 kernel: [84022997.331327] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=31877 PROTO=TCP SPT=42183 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:42:57.227Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:44:33 honeypot-ams-1 sshd[24416]: Disconnected from authenticating user root 92.255.85.70 port 41298 [preauth]","@timestamp":"2022-09-14T09:44:34.542Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:46:49 honeypot-fra-1 sshd[8546]: Received disconnect from 20.224.226.157 port 43030:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:46:50.317Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:48:02 honeypot-ams-1 kernel: [84025465.563949] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=141.156.242.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=47520 PROTO=TCP SPT=30101 DPT=80 WINDOW=50270 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:48:02.634Z"}
{"@timestamp":"2022-09-14T09:50:35.992Z","@version":"1","message":"Sep 14 09:50:35 honeypot-sgp-1 sshd[12994]: Received disconnect from 207.138.39.234 port 51042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:51:24 honeypot-fra-1 sshd[8553]: Received disconnect from 134.122.30.119 port 37402:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:51:24.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:55:00 honeypot-fra-1 sshd[8558]: Disconnected from authenticating user root 89.163.178.15 port 37852 [preauth]","@timestamp":"2022-09-14T09:55:01.530Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:55:13 honeypot-ams-1 sshd[24425]: Invalid user vnc from 34.126.78.62 port 54392","@timestamp":"2022-09-14T09:55:13.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:01:10 honeypot-fra-1 sshd[8566]: Did not receive identification string from 179.43.145.74 port 49784","@timestamp":"2022-09-14T10:01:11.697Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:02:29.289Z","@version":"1","message":"Sep 14 10:02:29 honeypot-sgp-1 sshd[12999]: Received disconnect from 92.255.85.70 port 24034:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:03:08 honeypot-fra-1 sshd[8571]: Disconnected from authenticating user root 179.43.145.74 port 43480 [preauth]","@timestamp":"2022-09-14T10:03:08.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:05:06 honeypot-fra-1 sshd[8577]: Disconnected from authenticating user root 92.255.85.70 port 34858 [preauth]","@timestamp":"2022-09-14T10:05:06.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:06:44.400Z","@version":"1","message":"Sep 14 10:06:43 honeypot-sgp-1 kernel: [84026112.509427] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=7582 DF PROTO=TCP SPT=50851 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:08:02 honeypot-ams-1 kernel: [84026665.282982] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.248.27 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=15632 PROTO=TCP SPT=38932 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:08:03.156Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:11:27 honeypot-fra-1 sshd[8582]: Disconnected from authenticating user root 61.177.173.49 port 54168 [preauth]","@timestamp":"2022-09-14T10:11:27.933Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:14:27.598Z","@version":"1","message":"Sep 14 10:14:27 honeypot-sgp-1 sshd[13008]: Received disconnect from 61.177.172.19 port 34561:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:17:01 honeypot-ams-1 CRON[24435]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T10:17:01.388Z"}
{"@timestamp":"2022-09-14T10:17:01.665Z","@version":"1","message":"Sep 14 10:17:01 honeypot-sgp-1 CRON[13015]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:17:01 honeypot-fra-1 CRON[8589]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T10:17:02.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:23:38 honeypot-fra-1 sshd[8597]: Disconnected from invalid user user 134.209.233.126 port 49634 [preauth]","@timestamp":"2022-09-14T10:23:39.216Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:23:41.837Z","@version":"1","message":"Sep 14 10:23:41 honeypot-sgp-1 sshd[13021]: Disconnected from authenticating user root 61.177.173.39 port 45706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:27:17.937Z","@version":"1","message":"Sep 14 10:27:16 honeypot-sgp-1 kernel: [84027345.799264] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=18297 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:27:24 honeypot-ams-1 kernel: [84027827.206902] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.188.96 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=59210 PROTO=TCP SPT=33498 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:27:24.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:27:43 honeypot-fra-1 sshd[8605]: Disconnected from authenticating user root 61.177.173.51 port 62893 [preauth]","@timestamp":"2022-09-14T10:27:44.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:30:22 honeypot-fra-1 kernel: [84025843.285652] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=29663 PROTO=TCP SPT=51420 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:30:23.374Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:33:07 honeypot-ams-1 kernel: [84028170.948583] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=52177 PROTO=TCP SPT=52814 DPT=80 WINDOW=34318 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:33:08.826Z"}
{"@timestamp":"2022-09-14T10:35:49.158Z","@version":"1","message":"Sep 14 10:35:48 honeypot-sgp-1 sshd[13031]: Disconnected from authenticating user root 61.177.173.50 port 26826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:38:24 honeypot-fra-1 kernel: [84026324.815991] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.79.91 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=37009 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:38:24.557Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:40:34 honeypot-ams-1 sshd[24446]: Received disconnect from 190.156.238.155 port 43516:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:40:35.027Z"}
{"@timestamp":"2022-09-14T10:42:25.349Z","@version":"1","message":"Sep 14 10:42:25 honeypot-sgp-1 kernel: [84028253.996354] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.161.175 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=20376 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:47:50 honeypot-fra-1 sshd[8619]: Disconnected from invalid user kvm 165.22.45.108 port 33216 [preauth]","@timestamp":"2022-09-14T10:47:50.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:04 honeypot-ams-1 sshd[24449]: Received disconnect from 171.110.164.56 port 50940:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:04.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:08 honeypot-ams-1 sshd[24453]: Disconnected from invalid user ubnt 171.110.164.56 port 50048 [preauth]","@timestamp":"2022-09-14T10:49:08.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:14 honeypot-ams-1 sshd[24459]: Disconnected from authenticating user root 171.110.164.56 port 50086 [preauth]","@timestamp":"2022-09-14T10:49:14.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:19 honeypot-ams-1 sshd[24465]: Disconnected from authenticating user root 171.110.164.56 port 52128 [preauth]","@timestamp":"2022-09-14T10:49:20.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:25 honeypot-ams-1 sshd[24471]: Disconnected from authenticating user root 171.110.164.56 port 52152 [preauth]","@timestamp":"2022-09-14T10:49:26.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:31 honeypot-ams-1 sshd[24477]: Disconnected from authenticating user root 171.110.164.56 port 56164 [preauth]","@timestamp":"2022-09-14T10:49:32.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:37 honeypot-ams-1 sshd[24483]: Disconnected from authenticating user root 171.110.164.56 port 59710 [preauth]","@timestamp":"2022-09-14T10:49:38.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:43 honeypot-ams-1 sshd[24489]: Disconnected from authenticating user root 171.110.164.56 port 59728 [preauth]","@timestamp":"2022-09-14T10:49:44.272Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:49 honeypot-ams-1 sshd[24495]: Disconnected from authenticating user root 171.110.164.56 port 57786 [preauth]","@timestamp":"2022-09-14T10:49:50.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:56 honeypot-ams-1 sshd[24501]: Disconnected from authenticating user root 171.110.164.56 port 57808 [preauth]","@timestamp":"2022-09-14T10:49:57.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:02 honeypot-ams-1 sshd[24507]: Disconnected from authenticating user root 171.110.164.56 port 43876 [preauth]","@timestamp":"2022-09-14T10:50:03.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:08 honeypot-ams-1 sshd[24513]: Disconnected from authenticating user root 171.110.164.56 port 34172 [preauth]","@timestamp":"2022-09-14T10:50:09.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:14 honeypot-ams-1 sshd[24519]: Disconnected from authenticating user root 171.110.164.56 port 34204 [preauth]","@timestamp":"2022-09-14T10:50:15.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:18 honeypot-ams-1 sshd[24523]: Disconnected from invalid user admin 171.110.164.56 port 39450 [preauth]","@timestamp":"2022-09-14T10:50:19.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:22 honeypot-ams-1 sshd[24527]: Disconnected from invalid user admin 171.110.164.56 port 39476 [preauth]","@timestamp":"2022-09-14T10:50:23.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:26 honeypot-ams-1 sshd[24531]: Disconnected from invalid user admin 171.110.164.56 port 39492 [preauth]","@timestamp":"2022-09-14T10:50:27.300Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:30 honeypot-ams-1 sshd[24535]: Disconnected from invalid user admin 171.110.164.56 port 37644 [preauth]","@timestamp":"2022-09-14T10:50:31.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:34 honeypot-ams-1 sshd[24539]: Disconnected from invalid user admin 171.110.164.56 port 37654 [preauth]","@timestamp":"2022-09-14T10:50:35.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:40 honeypot-ams-1 sshd[24545]: Received disconnect from 171.110.164.56 port 60838:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:41.308Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:44 honeypot-ams-1 sshd[24549]: Received disconnect from 171.110.164.56 port 60864:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:45.310Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:48 honeypot-ams-1 sshd[24553]: Received disconnect from 171.110.164.56 port 49894:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:49.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:53 honeypot-ams-1 sshd[24557]: Received disconnect from 171.110.164.56 port 49918:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:54.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:57 honeypot-ams-1 sshd[24561]: Received disconnect from 171.110.164.56 port 49936:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:57.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:01 honeypot-ams-1 sshd[24565]: Received disconnect from 171.110.164.56 port 58938:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:02.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:05 honeypot-ams-1 sshd[24569]: Received disconnect from 171.110.164.56 port 58946:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:05.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:09 honeypot-ams-1 sshd[24573]: Received disconnect from 171.110.164.56 port 51514:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:09.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:13 honeypot-ams-1 sshd[24577]: Received disconnect from 171.110.164.56 port 51528:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:13.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:17 honeypot-ams-1 sshd[24581]: Received disconnect from 171.110.164.56 port 51544:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:17.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:21 honeypot-ams-1 sshd[24585]: Invalid user test from 171.110.164.56 port 53704","@timestamp":"2022-09-14T10:51:21.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:24 honeypot-ams-1 sshd[24589]: Invalid user cirros from 171.110.164.56 port 53720","@timestamp":"2022-09-14T10:51:25.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:52:13 honeypot-fra-1 sshd[8625]: Disconnected from authenticating user root 92.255.85.70 port 48832 [preauth]","@timestamp":"2022-09-14T10:52:13.895Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:53:57.641Z","@version":"1","message":"Sep 14 10:53:57 honeypot-sgp-1 sshd[13049]: Disconnected from authenticating user root 61.177.172.98 port 11882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:55:46 honeypot-ams-1 kernel: [84029529.733631] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57261 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:55:47.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:01 honeypot-ams-1 sshd[24598]: Invalid user ubnt from 183.144.121.209 port 48616","@timestamp":"2022-09-14T10:58:01.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:05 honeypot-ams-1 sshd[24602]: Disconnected from authenticating user root 183.144.121.209 port 48840 [preauth]","@timestamp":"2022-09-14T10:58:06.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:11 honeypot-ams-1 sshd[24608]: Disconnected from authenticating user root 183.144.121.209 port 49182 [preauth]","@timestamp":"2022-09-14T10:58:11.513Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:17 honeypot-ams-1 sshd[24614]: Disconnected from authenticating user root 183.144.121.209 port 49508 [preauth]","@timestamp":"2022-09-14T10:58:17.516Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:23 honeypot-ams-1 sshd[24620]: Disconnected from authenticating user root 183.144.121.209 port 49858 [preauth]","@timestamp":"2022-09-14T10:58:23.520Z"}
{"@timestamp":"2022-09-14T10:58:24.773Z","@version":"1","message":"Sep 14 10:58:24 honeypot-sgp-1 sshd[13053]: Disconnected from invalid user user 45.61.184.204 port 36774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:28 honeypot-ams-1 sshd[24626]: Disconnected from authenticating user root 183.144.121.209 port 50158 [preauth]","@timestamp":"2022-09-14T10:58:29.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:34 honeypot-ams-1 sshd[24632]: Disconnected from authenticating user root 183.144.121.209 port 50478 [preauth]","@timestamp":"2022-09-14T10:58:35.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:40 honeypot-ams-1 sshd[24638]: Disconnected from authenticating user root 183.144.121.209 port 50798 [preauth]","@timestamp":"2022-09-14T10:58:40.530Z"}
{"@timestamp":"2022-09-14T10:58:43.783Z","@version":"1","message":"Sep 14 10:58:43 honeypot-sgp-1 sshd[13057]: Disconnected from invalid user user 45.61.184.204 port 59998 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:44 honeypot-ams-1 sshd[24645]: Connection closed by 87.236.176.55 port 57687 [preauth]","@timestamp":"2022-09-14T10:58:44.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:49 honeypot-ams-1 sshd[24651]: Disconnected from authenticating user root 183.144.121.209 port 51320 [preauth]","@timestamp":"2022-09-14T10:58:50.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:55 honeypot-ams-1 sshd[24657]: Disconnected from authenticating user root 183.144.121.209 port 51648 [preauth]","@timestamp":"2022-09-14T10:58:56.539Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:01 honeypot-ams-1 sshd[24663]: Disconnected from authenticating user root 183.144.121.209 port 51962 [preauth]","@timestamp":"2022-09-14T10:59:01.542Z"}
{"@timestamp":"2022-09-14T10:59:03.793Z","@version":"1","message":"Sep 14 10:59:03 honeypot-sgp-1 sshd[13061]: Disconnected from invalid user user 45.61.184.204 port 54994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:06 honeypot-fra-1 sshd[8629]: Disconnected from invalid user user 141.255.162.226 port 53946 [preauth]","@timestamp":"2022-09-14T10:59:07.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:07 honeypot-ams-1 sshd[24669]: Received disconnect from 183.144.121.209 port 52274:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:07.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:08 honeypot-fra-1 sshd[8633]: Disconnected from invalid user user 141.255.162.226 port 39138 [preauth]","@timestamp":"2022-09-14T10:59:09.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:10 honeypot-ams-1 sshd[24673]: Received disconnect from 183.144.121.209 port 52498:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:11.549Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:12 honeypot-fra-1 sshd[8637]: Disconnected from invalid user user 141.255.162.226 port 45844 [preauth]","@timestamp":"2022-09-14T10:59:13.058Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:14 honeypot-ams-1 sshd[24677]: Received disconnect from 183.144.121.209 port 52702:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:15.551Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:15 honeypot-fra-1 sshd[8641]: Disconnected from invalid user user 141.255.162.226 port 37746 [preauth]","@timestamp":"2022-09-14T10:59:16.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:18 honeypot-ams-1 sshd[24681]: Received disconnect from 183.144.121.209 port 52914:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:19.554Z"}
{"@timestamp":"2022-09-14T10:59:20.801Z","@version":"1","message":"Sep 14 10:59:20 honeypot-sgp-1 sshd[13065]: Disconnected from invalid user user 45.61.184.204 port 49990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:22 honeypot-ams-1 sshd[24685]: Received disconnect from 183.144.121.209 port 53124:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:22.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:26 honeypot-ams-1 sshd[24689]: Received disconnect from 183.144.121.209 port 53312:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:26.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:31 honeypot-ams-1 sshd[24695]: Invalid user pi from 183.144.121.209 port 53646","@timestamp":"2022-09-14T10:59:32.563Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:35 honeypot-ams-1 sshd[24699]: Invalid user user from 183.144.121.209 port 53838","@timestamp":"2022-09-14T10:59:36.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:39 honeypot-ams-1 sshd[24703]: Invalid user mine from 183.144.121.209 port 54014","@timestamp":"2022-09-14T10:59:40.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:43 honeypot-ams-1 sshd[24708]: Invalid user xbmc from 183.144.121.209 port 54230","@timestamp":"2022-09-14T10:59:43.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:47 honeypot-ams-1 sshd[24712]: Invalid user oracle from 183.144.121.209 port 54432","@timestamp":"2022-09-14T10:59:47.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:51 honeypot-ams-1 sshd[24716]: Invalid user postgres from 183.144.121.209 port 54646","@timestamp":"2022-09-14T10:59:51.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:54 honeypot-ams-1 sshd[24720]: Invalid user support from 183.144.121.209 port 54840","@timestamp":"2022-09-14T10:59:55.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:58 honeypot-ams-1 sshd[24724]: Invalid user ubuntu from 183.144.121.209 port 55042","@timestamp":"2022-09-14T10:59:59.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:02 honeypot-ams-1 sshd[24728]: Invalid user ubuntu from 183.144.121.209 port 55262","@timestamp":"2022-09-14T11:00:02.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:06 honeypot-ams-1 sshd[24732]: Invalid user guest from 183.144.121.209 port 55446","@timestamp":"2022-09-14T11:00:06.587Z"}
{"@timestamp":"2022-09-14T11:00:08.824Z","@version":"1","message":"Sep 14 11:00:08 honeypot-sgp-1 sshd[13073]: Disconnected from invalid user user 45.61.186.249 port 53484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:10 honeypot-ams-1 sshd[24736]: Invalid user cirros from 183.144.121.209 port 55648","@timestamp":"2022-09-14T11:00:10.589Z"}
{"@timestamp":"2022-09-14T11:00:27.834Z","@version":"1","message":"Sep 14 11:00:26 honeypot-sgp-1 sshd[13077]: Disconnected from invalid user user 45.61.186.249 port 48418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:45.843Z","@version":"1","message":"Sep 14 11:00:45 honeypot-sgp-1 sshd[13081]: Disconnected from invalid user user 45.61.186.249 port 43368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:01:03.851Z","@version":"1","message":"Sep 14 11:01:02 honeypot-sgp-1 sshd[13085]: Disconnected from invalid user user 45.61.186.249 port 38318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8655]: Did not receive identification string from 34.71.244.4 port 41148","@timestamp":"2022-09-14T11:05:43.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8656]: Connection closed by invalid user admin 34.71.244.4 port 41152 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8659]: Invalid user ansible from 34.71.244.4 port 41296","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8685]: Invalid user oracle from 34.71.244.4 port 41428","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8669]: Connection closed by invalid user test 34.71.244.4 port 41222 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8661]: Connection closed by invalid user devops 34.71.244.4 port 41252 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8686]: Connection closed by invalid user devops 34.71.244.4 port 41430 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8683]: Connection closed by authenticating user root 34.71.244.4 port 41472 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8668]: Connection closed by invalid user user 34.71.244.4 port 41368 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:08:25 honeypot-fra-1 kernel: [84028125.879773] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=25081 DF PROTO=TCP SPT=64056 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T11:08:26.277Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:09:49 honeypot-ams-1 kernel: [84030372.714692] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=15919 PROTO=TCP SPT=58500 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:09:49.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8734]: Invalid user admin from 197.5.145.54 port 55376","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8730]: Connection closed by invalid user chia 197.5.145.54 port 55372 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8735]: Connection closed by invalid user test 197.5.145.54 port 55373 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:12:44 honeypot-fra-1 sshd[8752]: Disconnected from authenticating user root 61.177.172.108 port 62224 [preauth]","@timestamp":"2022-09-14T11:12:45.382Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:12:54.141Z","@version":"1","message":"Sep 14 11:12:53 honeypot-sgp-1 sshd[13095]: Received disconnect from 92.255.85.70 port 25910:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:12.152Z","@version":"1","message":"Sep 14 11:13:11 honeypot-sgp-1 sshd[13099]: Received disconnect from 45.61.186.249 port 54456:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:30.160Z","@version":"1","message":"Sep 14 11:13:29 honeypot-sgp-1 sshd[13103]: Received disconnect from 45.61.186.249 port 49652:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:47.169Z","@version":"1","message":"Sep 14 11:13:46 honeypot-sgp-1 sshd[13107]: Invalid user user from 45.61.186.249 port 44860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:15:54 honeypot-fra-1 sshd[8759]: Received disconnect from 92.255.85.69 port 15082:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:15:54.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:01 honeypot-ams-1 CRON[24746]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T11:17:02.018Z"}
{"@timestamp":"2022-09-14T11:17:02.256Z","@version":"1","message":"Sep 14 11:17:01 honeypot-sgp-1 CRON[13113]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:41 honeypot-ams-1 sshd[24752]: Received disconnect from 141.255.162.226 port 51044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T11:17:42.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:47 honeypot-ams-1 sshd[24756]: Received disconnect from 141.255.162.226 port 51728:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T11:17:48.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:49 honeypot-ams-1 sshd[24760]: Received disconnect from 141.255.162.226 port 37264:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T11:17:50.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:18:16 honeypot-ams-1 sshd[24764]: Received disconnect from 92.255.85.70 port 34030:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:18:17.055Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8777]: Invalid user es from 175.24.188.217 port 34460","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8785]: Invalid user ftpuser from 175.24.188.217 port 34456","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8786]: Invalid user user from 175.24.188.217 port 34430","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8770]: Connection closed by invalid user user 175.24.188.217 port 34500 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8777]: Connection closed by invalid user es 175.24.188.217 port 34460 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8775]: Connection closed by invalid user appuser 175.24.188.217 port 34458 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8785]: Connection closed by invalid user ftpuser 175.24.188.217 port 34456 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8790]: Connection closed by invalid user deploy 175.24.188.217 port 34490 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:22:58 honeypot-fra-1 sshd[8821]: Disconnected from authenticating user root 159.223.95.166 port 46064 [preauth]","@timestamp":"2022-09-14T11:22:58.632Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:25:19.458Z","@version":"1","message":"Sep 14 11:25:19 honeypot-sgp-1 sshd[13120]: Received disconnect from 61.177.173.36 port 51923:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:26:30 honeypot-ams-1 kernel: [84031373.832670] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=10915 PROTO=TCP SPT=42183 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:26:31.268Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:26:39 honeypot-fra-1 sshd[8831]: Received disconnect from 67.205.132.113 port 42810:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:26:39.720Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:33:17.654Z","@version":"1","message":"Sep 14 11:33:17 honeypot-sgp-1 sshd[13124]: Received disconnect from 61.177.173.53 port 10398:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:36:44 honeypot-fra-1 sshd[8839]: Invalid user kvm from 165.22.45.108 port 38166","@timestamp":"2022-09-14T11:36:44.961Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:37:07.750Z","@version":"1","message":"Sep 14 11:37:07 honeypot-sgp-1 sshd[13131]: Disconnected from authenticating user root 61.177.173.47 port 28217 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:37:43 honeypot-ams-1 kernel: [84032046.376251] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=41172 PROTO=TCP SPT=63536 DPT=80 WINDOW=8136 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:37:43.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:40:02 honeypot-fra-1 sshd[8843]: Received disconnect from 61.177.172.114 port 56712:11:  [preauth]","@timestamp":"2022-09-14T11:40:03.041Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:41:37 honeypot-ams-1 sshd[24772]: Received disconnect from 92.255.85.70 port 23534:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:41:38.661Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:46:12 honeypot-ams-1 kernel: [84032555.992732] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23580 PROTO=TCP SPT=55369 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:46:13.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:46:14 honeypot-fra-1 kernel: [84030394.697599] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=37692 PROTO=TCP SPT=33253 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:46:15.187Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T11:48:11.027Z","@version":"1","message":"Sep 14 11:48:10 honeypot-sgp-1 sshd[13137]: Received disconnect from 187.157.135.152 port 45574:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8874]: Invalid user ftpuser from 52.237.82.21 port 37950","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8875]: Invalid user testuser from 52.237.82.21 port 37928","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8852]: Invalid user testuser from 52.237.82.21 port 37824","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8864]: Invalid user deploy from 52.237.82.21 port 37898","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8879]: Connection closed by invalid user ubuntu 52.237.82.21 port 37920 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8868]: Connection closed by invalid user oracle 52.237.82.21 port 37894 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8852]: Connection closed by invalid user testuser 52.237.82.21 port 37824 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8864]: Connection closed by invalid user deploy 52.237.82.21 port 37898 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:50:19 honeypot-fra-1 sshd[8909]: Disconnected from authenticating user root 61.177.173.50 port 53471 [preauth]","@timestamp":"2022-09-14T11:50:20.303Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:51:24.105Z","@version":"1","message":"Sep 14 11:51:23 honeypot-sgp-1 sshd[13143]: Invalid user xbot_premium from 80.68.7.179 port 36532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:51:30 honeypot-fra-1 sshd[8915]: Disconnecting invalid user cameras 81.17.25.50 port 58684: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:51:31.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:52:57 honeypot-fra-1 sshd[8921]: Disconnecting invalid user  81.17.25.50 port 57179: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:52:58.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:53:08.149Z","@version":"1","message":"Sep 14 11:53:07 honeypot-sgp-1 sshd[13148]: Received disconnect from 165.227.84.172 port 50092:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:12 honeypot-fra-1 sshd[8927]: Disconnecting invalid user admin 81.17.25.50 port 20584: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:53:13.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:54:04 honeypot-fra-1 sshd[8935]: Invalid user 1234 from 81.17.25.50 port 55358","@timestamp":"2022-09-14T11:54:04.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:54:54 honeypot-fra-1 sshd[8941]: Invalid user  from 81.17.25.50 port 21989","@timestamp":"2022-09-14T11:54:55.426Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:19 honeypot-fra-1 sshd[8947]: Disconnecting invalid user Admin 81.17.25.50 port 7606: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:20.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:49 honeypot-fra-1 sshd[8954]: Disconnecting invalid user guest 81.17.25.50 port 37651: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:49.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:06 honeypot-fra-1 sshd[8962]: Invalid user Cisco from 81.17.25.50 port 13866","@timestamp":"2022-09-14T11:56:07.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:24 honeypot-fra-1 sshd[8970]: Invalid user 1234 from 81.17.25.50 port 15998","@timestamp":"2022-09-14T11:56:25.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:42 honeypot-fra-1 sshd[8976]: Disconnecting invalid user  81.17.25.50 port 16236: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:56:42.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:15 honeypot-fra-1 sshd[8983]: Disconnecting invalid user admin 81.17.25.50 port 6595: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:57:16.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:36 honeypot-fra-1 sshd[8989]: Disconnecting invalid user  81.17.25.50 port 62800: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:57:36.504Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:58:03 honeypot-ams-1 sshd[24780]: Disconnected from authenticating user root 161.35.26.171 port 54630 [preauth]","@timestamp":"2022-09-14T11:58:04.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:58:34 honeypot-fra-1 sshd[8999]: Invalid user c1@r0 from 81.17.25.50 port 20350","@timestamp":"2022-09-14T11:58:35.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:16 honeypot-fra-1 sshd[9006]: Invalid user superonline from 81.17.25.50 port 26927","@timestamp":"2022-09-14T11:59:16.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:53 honeypot-fra-1 sshd[9010]: Disconnecting invalid user lgnortel 81.17.25.50 port 52365: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:59:54.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:23 honeypot-fra-1 sshd[9016]: Disconnecting invalid user admin 81.17.25.50 port 60722: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:00:24.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:22 honeypot-fra-1 sshd[9023]: Disconnecting invalid user admin1234 81.17.25.50 port 58375: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:01:23.609Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:01:26.353Z","@version":"1","message":"Sep 14 12:01:25 honeypot-sgp-1 kernel: [84032994.431579] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=7786 DF PROTO=TCP SPT=52904 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:56 honeypot-fra-1 sshd[9029]: Invalid user admin from 81.17.25.50 port 36359","@timestamp":"2022-09-14T12:01:56.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:17 honeypot-fra-1 kernel: [84031358.193934] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.88.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=12044 PROTO=TCP SPT=44941 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:02:18.635Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:03:24 honeypot-fra-1 kernel: [84031425.418717] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=22420 DF PROTO=TCP SPT=61333 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T12:03:25.666Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:04:00 honeypot-fra-1 sshd[9045]: Invalid user 0 from 81.17.25.50 port 14596","@timestamp":"2022-09-14T12:04:00.684Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:05:10 honeypot-ams-1 sshd[24786]: Disconnected from authenticating user root 92.255.85.70 port 39338 [preauth]","@timestamp":"2022-09-14T12:05:10.295Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:05:10 honeypot-fra-1 sshd[9052]: Invalid user admin from 81.17.25.50 port 51837","@timestamp":"2022-09-14T12:05:10.716Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:05:34.455Z","@version":"1","message":"Sep 14 12:05:33 honeypot-sgp-1 sshd[13612]: Disconnected from invalid user admin 201.249.89.102 port 46136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:06:15 honeypot-fra-1 sshd[9056]: Disconnecting invalid user sitecom 81.17.25.50 port 10620: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:06:15.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:07:20 honeypot-fra-1 sshd[9065]: Invalid user admin from 81.17.25.50 port 56459","@timestamp":"2022-09-14T12:07:21.773Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:07:36.507Z","@version":"1","message":"Sep 14 12:07:35 honeypot-sgp-1 sshd[13616]: Disconnected from 61.177.172.104 port 54449 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:07:54 honeypot-fra-1 sshd[9073]: Received disconnect from 61.177.172.90 port 37241:11:  [preauth]","@timestamp":"2022-09-14T12:07:54.790Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:24 honeypot-ams-1 sshd[24792]: Disconnected from invalid user user 141.255.162.226 port 41886 [preauth]","@timestamp":"2022-09-14T12:08:25.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:28 honeypot-ams-1 sshd[24796]: Disconnected from invalid user user 141.255.162.226 port 57130 [preauth]","@timestamp":"2022-09-14T12:08:29.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:30 honeypot-ams-1 sshd[24800]: Disconnected from invalid user user 141.255.162.226 port 36524 [preauth]","@timestamp":"2022-09-14T12:08:31.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:08:36 honeypot-fra-1 sshd[9079]: Invalid user  from 81.17.25.50 port 13558","@timestamp":"2022-09-14T12:08:37.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:29 honeypot-fra-1 sshd[9085]: Invalid user public from 81.17.25.50 port 22825","@timestamp":"2022-09-14T12:09:29.833Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:43 honeypot-fra-1 sshd[9091]: Disconnecting authenticating user root 81.17.25.50 port 13180: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:43.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:47 honeypot-fra-1 sshd[9097]: Disconnecting invalid user amdin 81.17.25.50 port 28451: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:47.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:48 honeypot-fra-1 sshd[9103]: Disconnecting invalid user admin 81.17.25.50 port 41987: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:48.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:51 honeypot-fra-1 sshd[9109]: Disconnecting invalid user admin 81.17.25.50 port 17398: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:51.845Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:10:14.574Z","@version":"1","message":"Sep 14 12:10:13 honeypot-sgp-1 sshd[13622]: Disconnected from invalid user admin 142.93.145.85 port 39220 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:10:24 honeypot-fra-1 sshd[9115]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 81.17.25.50 port 63279","@timestamp":"2022-09-14T12:10:25.870Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:12:33.633Z","@version":"1","message":"Sep 14 12:12:33 honeypot-sgp-1 sshd[13627]: Disconnected from invalid user recruitment 207.154.231.64 port 45002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:14:33 honeypot-ams-1 kernel: [84034256.765367] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.190.37 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=27862 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:14:34.542Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:15:38 honeypot-fra-1 kernel: [84032159.212688] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34430 PROTO=TCP SPT=56803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:15:38.989Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:01 honeypot-ams-1 sshd[24811]: Received disconnect from 179.103.152.130 port 57396:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:01.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:05 honeypot-ams-1 sshd[24815]: Disconnected from authenticating user root 179.103.152.130 port 57556 [preauth]","@timestamp":"2022-09-14T12:20:05.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:12 honeypot-ams-1 sshd[24821]: Disconnected from authenticating user root 179.103.152.130 port 57974 [preauth]","@timestamp":"2022-09-14T12:20:12.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:18 honeypot-ams-1 sshd[24827]: Disconnected from authenticating user root 179.103.152.130 port 58310 [preauth]","@timestamp":"2022-09-14T12:20:19.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:25 honeypot-ams-1 sshd[24833]: Disconnected from authenticating user root 179.103.152.130 port 58632 [preauth]","@timestamp":"2022-09-14T12:20:26.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:32 honeypot-ams-1 sshd[24839]: Disconnected from authenticating user root 179.103.152.130 port 59020 [preauth]","@timestamp":"2022-09-14T12:20:32.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:39 honeypot-ams-1 sshd[24845]: Disconnected from authenticating user root 179.103.152.130 port 59372 [preauth]","@timestamp":"2022-09-14T12:20:39.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:46 honeypot-ams-1 sshd[24851]: Disconnected from authenticating user root 179.103.152.130 port 59764 [preauth]","@timestamp":"2022-09-14T12:20:46.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:53 honeypot-ams-1 sshd[24857]: Disconnected from authenticating user root 179.103.152.130 port 60110 [preauth]","@timestamp":"2022-09-14T12:20:53.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:00 honeypot-ams-1 sshd[24863]: Disconnected from authenticating user root 179.103.152.130 port 60470 [preauth]","@timestamp":"2022-09-14T12:21:00.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:07 honeypot-ams-1 sshd[24869]: Disconnected from authenticating user root 179.103.152.130 port 60826 [preauth]","@timestamp":"2022-09-14T12:21:07.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:14 honeypot-ams-1 sshd[24875]: Disconnected from authenticating user root 179.103.152.130 port 32940 [preauth]","@timestamp":"2022-09-14T12:21:14.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:21 honeypot-ams-1 sshd[24881]: Received disconnect from 179.103.152.130 port 33348:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:21.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:26 honeypot-ams-1 sshd[24885]: Received disconnect from 179.103.152.130 port 33650:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:27.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:31 honeypot-ams-1 sshd[24889]: Received disconnect from 179.103.152.130 port 33868:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:31.739Z"}
{"@timestamp":"2022-09-14T12:21:33.852Z","@version":"1","message":"Sep 14 12:21:33 honeypot-sgp-1 sshd[13635]: Received disconnect from 200.66.77.178 port 48738:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:36 honeypot-ams-1 sshd[24893]: Received disconnect from 179.103.152.130 port 34120:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:36.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:41 honeypot-ams-1 sshd[24897]: Received disconnect from 179.103.152.130 port 34402:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:41.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:45 honeypot-ams-1 sshd[24901]: Received disconnect from 179.103.152.130 port 34646:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:46.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:53 honeypot-ams-1 sshd[24907]: Invalid user pi from 179.103.152.130 port 35108","@timestamp":"2022-09-14T12:21:53.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:58 honeypot-ams-1 sshd[24911]: Invalid user user from 179.103.152.130 port 35344","@timestamp":"2022-09-14T12:21:59.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:03 honeypot-ams-1 sshd[24915]: Invalid user mine from 179.103.152.130 port 35592","@timestamp":"2022-09-14T12:22:04.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:08 honeypot-ams-1 sshd[24919]: Invalid user xbmc from 179.103.152.130 port 35852","@timestamp":"2022-09-14T12:22:08.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:13 honeypot-ams-1 sshd[24923]: Invalid user oracle from 179.103.152.130 port 36088","@timestamp":"2022-09-14T12:22:13.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:18 honeypot-ams-1 sshd[24927]: Invalid user postgres from 179.103.152.130 port 36326","@timestamp":"2022-09-14T12:22:18.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:22 honeypot-ams-1 sshd[24931]: Invalid user support from 179.103.152.130 port 36562","@timestamp":"2022-09-14T12:22:23.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:28 honeypot-ams-1 sshd[24935]: Invalid user ubuntu from 179.103.152.130 port 36894","@timestamp":"2022-09-14T12:22:29.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:33 honeypot-ams-1 sshd[24939]: Invalid user ubuntu from 179.103.152.130 port 37132","@timestamp":"2022-09-14T12:22:33.780Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:22:37 honeypot-ams-1 kernel: [84034740.425210] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.99.216.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=27079 PROTO=TCP SPT=54492 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:22:37.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:40 honeypot-ams-1 sshd[24947]: Invalid user test from 179.103.152.130 port 37486","@timestamp":"2022-09-14T12:22:40.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:46 honeypot-ams-1 sshd[24951]: Invalid user cirros from 179.103.152.130 port 37808","@timestamp":"2022-09-14T12:22:46.791Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:23:41 honeypot-ams-1 kernel: [84034804.592070] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=4127 DF PROTO=TCP SPT=59987 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T12:23:41.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:23:42 honeypot-fra-1 sshd[9138]: Invalid user user from 45.61.186.169 port 40220","@timestamp":"2022-09-14T12:23:42.176Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:00 honeypot-fra-1 sshd[9143]: Invalid user user from 45.61.186.169 port 35044","@timestamp":"2022-09-14T12:24:00.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:10 honeypot-fra-1 kernel: [84032671.229326] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.181.80.37 DST=165.22.82.222 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=53769 PROTO=TCP SPT=52537 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:24:11.190Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:18 honeypot-fra-1 sshd[9150]: Disconnected from invalid user kyle 165.22.45.108 port 43092 [preauth]","@timestamp":"2022-09-14T12:24:19.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:33 honeypot-fra-1 sshd[9154]: Disconnected from invalid user user 45.61.186.169 port 52922 [preauth]","@timestamp":"2022-09-14T12:24:34.202Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:25:56.973Z","@version":"1","message":"Sep 14 12:25:56 honeypot-sgp-1 sshd[13642]: Invalid user cx from 220.134.113.188 port 48513","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:26:11 honeypot-ams-1 sshd[24960]: Received disconnect from 71.251.220.249 port 55190:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:26:11.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:05 honeypot-ams-1 sshd[24966]: Invalid user ubnt from 179.151.180.133 port 52324","@timestamp":"2022-09-14T12:27:05.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:10 honeypot-ams-1 sshd[24970]: Disconnected from authenticating user root 179.151.180.133 port 52588 [preauth]","@timestamp":"2022-09-14T12:27:10.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:17 honeypot-ams-1 sshd[24976]: Disconnected from authenticating user root 179.151.180.133 port 52962 [preauth]","@timestamp":"2022-09-14T12:27:17.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:24 honeypot-ams-1 sshd[24982]: Disconnected from authenticating user root 179.151.180.133 port 53332 [preauth]","@timestamp":"2022-09-14T12:27:24.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:31 honeypot-ams-1 sshd[24988]: Disconnected from authenticating user root 179.151.180.133 port 53704 [preauth]","@timestamp":"2022-09-14T12:27:31.930Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:38 honeypot-ams-1 sshd[24994]: Disconnected from authenticating user root 179.151.180.133 port 54106 [preauth]","@timestamp":"2022-09-14T12:27:38.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:45 honeypot-ams-1 sshd[25000]: Disconnected from authenticating user root 179.151.180.133 port 54470 [preauth]","@timestamp":"2022-09-14T12:27:45.937Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:53 honeypot-ams-1 sshd[25006]: Disconnected from authenticating user root 179.151.180.133 port 54868 [preauth]","@timestamp":"2022-09-14T12:27:53.942Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:00 honeypot-ams-1 sshd[25012]: Disconnected from authenticating user root 179.151.180.133 port 55266 [preauth]","@timestamp":"2022-09-14T12:28:00.946Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:07 honeypot-ams-1 sshd[25018]: Disconnected from authenticating user root 179.151.180.133 port 55636 [preauth]","@timestamp":"2022-09-14T12:28:07.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:14 honeypot-ams-1 sshd[25024]: Disconnected from authenticating user root 179.151.180.133 port 56034 [preauth]","@timestamp":"2022-09-14T12:28:15.955Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:22 honeypot-ams-1 sshd[25030]: Disconnected from authenticating user root 179.151.180.133 port 56466 [preauth]","@timestamp":"2022-09-14T12:28:22.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:29 honeypot-ams-1 sshd[25036]: Invalid user admin from 179.151.180.133 port 56834","@timestamp":"2022-09-14T12:28:29.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:34 honeypot-ams-1 sshd[25040]: Invalid user admin from 179.151.180.133 port 57092","@timestamp":"2022-09-14T12:28:34.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:39 honeypot-ams-1 sshd[25044]: Invalid user admin from 179.151.180.133 port 57350","@timestamp":"2022-09-14T12:28:39.970Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:44 honeypot-ams-1 sshd[25048]: Invalid user admin from 179.151.180.133 port 57638","@timestamp":"2022-09-14T12:28:44.973Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:49 honeypot-ams-1 sshd[25052]: Invalid user admin from 179.151.180.133 port 57894","@timestamp":"2022-09-14T12:28:49.977Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:52 honeypot-ams-1 sshd[25058]: Received disconnect from 92.255.85.70 port 30454:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:52.979Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:58 honeypot-ams-1 sshd[25062]: Invalid user pi from 179.151.180.133 port 58412","@timestamp":"2022-09-14T12:28:58.982Z"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13655]: Invalid user devops from 35.90.115.181 port 54492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13658]: Invalid user ansible from 35.90.115.181 port 54502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13661]: Invalid user odoo from 35.90.115.181 port 54482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13670]: Invalid user test from 35.90.115.181 port 54496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13676]: Invalid user devops from 35.90.115.181 port 54512","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13654]: Connection closed by invalid user postgres 35.90.115.181 port 54448 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13661]: Connection closed by invalid user odoo 35.90.115.181 port 54482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13668]: Connection closed by invalid user postgres 35.90.115.181 port 54446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:02.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13704]: Invalid user test from 35.90.115.181 port 54478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:03 honeypot-ams-1 sshd[25066]: Invalid user user from 179.151.180.133 port 58676","@timestamp":"2022-09-14T12:29:03.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:08 honeypot-ams-1 sshd[25070]: Invalid user mine from 179.151.180.133 port 58950","@timestamp":"2022-09-14T12:29:08.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:12 honeypot-ams-1 sshd[25074]: Invalid user xbmc from 179.151.180.133 port 59188","@timestamp":"2022-09-14T12:29:12.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:17 honeypot-ams-1 sshd[25078]: Invalid user oracle from 179.151.180.133 port 59448","@timestamp":"2022-09-14T12:29:17.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:22 honeypot-ams-1 sshd[25082]: Invalid user postgres from 179.151.180.133 port 59692","@timestamp":"2022-09-14T12:29:22.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:26 honeypot-ams-1 sshd[25086]: Invalid user support from 179.151.180.133 port 59934","@timestamp":"2022-09-14T12:29:27.000Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:30 honeypot-ams-1 sshd[25090]: Invalid user ubuntu from 179.151.180.133 port 60188","@timestamp":"2022-09-14T12:29:31.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:35 honeypot-ams-1 sshd[25094]: Invalid user ubuntu from 179.151.180.133 port 60404","@timestamp":"2022-09-14T12:29:36.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:40 honeypot-ams-1 sshd[25098]: Invalid user guest from 179.151.180.133 port 60676","@timestamp":"2022-09-14T12:29:41.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:45 honeypot-ams-1 sshd[25102]: Invalid user cirros from 179.151.180.133 port 60928","@timestamp":"2022-09-14T12:29:46.013Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:30:26 honeypot-fra-1 sshd[9159]: Disconnected from authenticating user root 61.177.173.53 port 49631 [preauth]","@timestamp":"2022-09-14T12:30:26.336Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:30:34 honeypot-ams-1 kernel: [84035217.325171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.25.54.5 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=49437 PROTO=TCP SPT=64069 DPT=80 WINDOW=24821 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:30:35.036Z"}
{"@timestamp":"2022-09-14T12:30:41.095Z","@version":"1","message":"Sep 14 12:30:40 honeypot-sgp-1 kernel: [84034749.293980] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.146.42.196 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=22522 DF PROTO=TCP SPT=8959 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:31:25.118Z","@version":"1","message":"Sep 14 12:31:24 honeypot-sgp-1 sshd[13712]: Received disconnect from 61.177.173.51 port 12932:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:35:52 honeypot-fra-1 sshd[9164]: Received disconnect from 61.177.173.47 port 24886:11:  [preauth]","@timestamp":"2022-09-14T12:35:52.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:37:08.263Z","@version":"1","message":"Sep 14 12:37:07 honeypot-sgp-1 kernel: [84035136.564552] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=14354 PROTO=TCP SPT=47734 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:44:16.448Z","@version":"1","message":"Sep 14 12:44:16 honeypot-sgp-1 kernel: [84035564.958654] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.190.9 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=45721 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:45:01 honeypot-fra-1 kernel: [84033922.001565] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=17253 PROTO=TCP SPT=22123 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:45:01.673Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:49:12 honeypot-fra-1 kernel: [84034173.223011] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.42.204 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=29690 DF PROTO=TCP SPT=13163 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:49:13.772Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:51:04.622Z","@version":"1","message":"Sep 14 12:51:04 honeypot-sgp-1 sshd[13736]: Invalid user admin from 91.240.118.222 port 41757","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:51:05 honeypot-ams-1 kernel: [84036448.812710] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=36127 PROTO=TCP SPT=50670 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:51:06.560Z"}
{"@timestamp":"2022-09-14T12:52:04.650Z","@version":"1","message":"Sep 14 12:52:04 honeypot-sgp-1 sshd[13742]: Received disconnect from 61.177.173.37 port 59275:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:54:23 honeypot-fra-1 sshd[9181]: Invalid user fujiwara from 118.27.107.40 port 54032","@timestamp":"2022-09-14T12:54:24.891Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:55:54 honeypot-ams-1 kernel: [84036737.587865] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.205.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45869 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:55:54.686Z"}
{"@timestamp":"2022-09-14T12:56:40.766Z","@version":"1","message":"Sep 14 12:56:40 honeypot-sgp-1 sshd[13748]: Connection closed by invalid user  118.193.59.5 port 46892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:31.815Z","@version":"1","message":"Sep 14 12:58:31 honeypot-sgp-1 sshd[13754]: Received disconnect from 45.61.186.249 port 53534:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:51.826Z","@version":"1","message":"Sep 14 12:58:51 honeypot-sgp-1 sshd[13758]: Disconnected from authenticating user root 61.177.173.36 port 64928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:02.831Z","@version":"1","message":"Sep 14 12:59:01 honeypot-sgp-1 sshd[13762]: Disconnected from invalid user user 45.61.186.249 port 60242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:21.840Z","@version":"1","message":"Sep 14 12:59:21 honeypot-sgp-1 sshd[13766]: Received disconnect from 45.61.186.249 port 55296:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:59:39 honeypot-fra-1 sshd[9188]: Received disconnect from 61.177.172.98 port 61402:11:  [preauth]","@timestamp":"2022-09-14T12:59:40.009Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:40 honeypot-ams-1 sshd[25118]: Received disconnect from 61.245.162.61 port 56846:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:40.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:43 honeypot-ams-1 sshd[25122]: Disconnected from authenticating user root 61.245.162.61 port 56992 [preauth]","@timestamp":"2022-09-14T12:59:43.789Z"}
{"@timestamp":"2022-09-14T12:59:46.850Z","@version":"1","message":"Sep 14 12:59:46 honeypot-sgp-1 sshd[13770]: Disconnected from authenticating user root 61.177.172.19 port 42374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:47 honeypot-ams-1 sshd[25128]: Disconnected from authenticating user root 61.245.162.61 port 57188 [preauth]","@timestamp":"2022-09-14T12:59:48.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:52 honeypot-ams-1 sshd[25134]: Disconnected from authenticating user root 61.245.162.61 port 57502 [preauth]","@timestamp":"2022-09-14T12:59:52.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:57 honeypot-ams-1 sshd[25140]: Disconnected from authenticating user root 61.245.162.61 port 57658 [preauth]","@timestamp":"2022-09-14T12:59:57.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:01 honeypot-ams-1 sshd[25146]: Disconnected from authenticating user root 61.245.162.61 port 58008 [preauth]","@timestamp":"2022-09-14T13:00:01.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:06 honeypot-ams-1 sshd[25152]: Disconnected from authenticating user root 61.245.162.61 port 58218 [preauth]","@timestamp":"2022-09-14T13:00:06.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:10 honeypot-ams-1 sshd[25158]: Disconnected from authenticating user root 61.245.162.61 port 58506 [preauth]","@timestamp":"2022-09-14T13:00:11.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:53:15 honeypot-ams-1 sshd[29289]: Received disconnect from 198.98.61.9 port 45284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T02:53:15.956Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 02:57:22 honeypot-ams-1 kernel: [83396032.042188] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=56130 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T02:57:23.072Z"}
{"@timestamp":"2022-09-07T02:58:14.953Z","@version":"1","message":"Sep  7 02:58:14 honeypot-sgp-1 kernel: [83395613.983563] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=40013 DF PROTO=TCP SPT=65227 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:20 honeypot-fra-1 sshd[19260]: Invalid user ubnt from 2.57.122.190 port 49420","@timestamp":"2022-09-07T02:58:21.197Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:25 honeypot-fra-1 sshd[19264]: Invalid user jeanne from 165.22.45.108 port 45656","@timestamp":"2022-09-07T02:58:26.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:32 honeypot-fra-1 sshd[19268]: Invalid user ubnt from 2.57.122.190 port 50975","@timestamp":"2022-09-07T02:58:33.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:36 honeypot-fra-1 kernel: [83393960.623915] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=36204 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T02:58:36.206Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:38 honeypot-fra-1 sshd[19272]: Disconnected from invalid user sshadmin 181.48.60.50 port 35708 [preauth]","@timestamp":"2022-09-07T02:58:39.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:46 honeypot-fra-1 sshd[19278]: Disconnected from invalid user admin 2.57.122.190 port 52859 [preauth]","@timestamp":"2022-09-07T02:58:47.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:58 honeypot-fra-1 sshd[19284]: Received disconnect from 2.57.122.190 port 54489:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:58:59.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:08 honeypot-fra-1 sshd[19288]: Disconnected from authenticating user root 2.57.122.190 port 55791 [preauth]","@timestamp":"2022-09-07T02:59:09.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:16 honeypot-fra-1 sshd[19292]: Disconnected from invalid user CUAdmin 2.57.122.190 port 56863 [preauth]","@timestamp":"2022-09-07T02:59:17.225Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:24 honeypot-fra-1 sshd[19296]: Disconnected from invalid user test 2.57.122.190 port 57849 [preauth]","@timestamp":"2022-09-07T02:59:24.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:31 honeypot-fra-1 sshd[19300]: Disconnected from invalid user aerohive 92.255.85.70 port 28060 [preauth]","@timestamp":"2022-09-07T02:59:32.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:35 honeypot-fra-1 sshd[19304]: Disconnected from invalid user ppp 2.57.122.190 port 59392 [preauth]","@timestamp":"2022-09-07T02:59:36.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:27 honeypot-ams-1 sshd[29302]: Received disconnect from 141.255.162.226 port 51630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T03:00:28.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:29 honeypot-ams-1 sshd[29306]: Received disconnect from 141.255.162.226 port 41674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T03:00:30.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:32 honeypot-ams-1 sshd[29310]: Received disconnect from 141.255.162.226 port 50816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T03:00:33.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:35 honeypot-ams-1 sshd[29314]: Received disconnect from 141.255.162.226 port 40870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T03:00:36.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:02:29 honeypot-fra-1 sshd[19308]: Connection closed by invalid user rv 193.106.191.157 port 54306 [preauth]","@timestamp":"2022-09-07T03:02:30.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:03:04.068Z","@version":"1","message":"Sep  7 03:03:03 honeypot-sgp-1 sshd[27374]: Received disconnect from 92.255.85.69 port 22710:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:06:16 honeypot-ams-1 sshd[29319]: Connection reset by 61.177.173.53 port 58259 [preauth]","@timestamp":"2022-09-07T03:06:17.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:07:07 honeypot-fra-1 sshd[19313]: Connection closed by invalid user pi 98.128.250.169 port 35402 [preauth]","@timestamp":"2022-09-07T03:07:07.402Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:10:38 honeypot-ams-1 sshd[29326]: Disconnected from authenticating user root 61.177.173.52 port 55392 [preauth]","@timestamp":"2022-09-07T03:10:38.441Z"}
{"@timestamp":"2022-09-07T03:11:02.257Z","@version":"1","message":"Sep  7 03:11:01 honeypot-sgp-1 sshd[27379]: Received disconnect from 61.177.173.35 port 50859:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:14:54.348Z","@version":"1","message":"Sep  7 03:14:53 honeypot-sgp-1 sshd[27388]: Connection closed by invalid user admin 178.128.125.205 port 25400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:14:54.348Z","@version":"1","message":"Sep  7 03:14:53 honeypot-sgp-1 sshd[27394]: Connection closed by invalid user admin 178.128.125.205 port 25420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:15:41 honeypot-ams-1 sshd[29335]: Received disconnect from 92.255.85.70 port 61898:11: Bye Bye [preauth]","@timestamp":"2022-09-07T03:15:41.577Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:15:52 honeypot-fra-1 kernel: [83394996.667848] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=64328 PROTO=TCP SPT=55409 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:15:52.593Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 03:16:59 honeypot-ams-1 kernel: [83397208.918207] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.10 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40593 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:17:00.616Z"}
{"@timestamp":"2022-09-07T03:17:02.400Z","@version":"1","message":"Sep  7 03:17:01 honeypot-sgp-1 CRON[27397]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:17:25 honeypot-fra-1 sshd[19324]: Connection closed by invalid user admin 159.203.178.0 port 56380 [preauth]","@timestamp":"2022-09-07T03:17:26.631Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:17:27 honeypot-fra-1 sshd[19330]: Connection closed by invalid user admin 159.203.178.0 port 54666 [preauth]","@timestamp":"2022-09-07T03:17:28.633Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 03:19:19 honeypot-ams-1 kernel: [83397348.532180] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.212 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=37301 PROTO=TCP SPT=23076 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:19:19.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19338]: Invalid user test from 31.184.215.236 port 36374","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19338]: Connection closed by invalid user test 31.184.215.236 port 36374 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19334]: Invalid user ec2-user from 31.184.215.236 port 36326","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19333]: Connection closed by invalid user ubuntu 31.184.215.236 port 36338 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19345]: Connection closed by invalid user pi 31.184.215.236 port 36408 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19354]: Invalid user deploy from 31.184.215.236 port 36334","@timestamp":"2022-09-07T03:19:21.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19350]: Connection closed by authenticating user root 31.184.215.236 port 36356 [preauth]","@timestamp":"2022-09-07T03:19:21.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19359]: Connection closed by invalid user test 31.184.215.236 port 36432 [preauth]","@timestamp":"2022-09-07T03:19:21.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:22 honeypot-fra-1 sshd[19392]: Invalid user test from 31.184.215.236 port 36348","@timestamp":"2022-09-07T03:19:22.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:22:39 honeypot-fra-1 sshd[19398]: Invalid user private from 92.255.85.69 port 25808","@timestamp":"2022-09-07T03:22:39.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:25:06.592Z","@version":"1","message":"Sep  7 03:25:06 honeypot-sgp-1 sshd[27407]: Disconnected from authenticating user root 61.177.173.51 port 21608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:33:29 honeypot-fra-1 sshd[19403]: Invalid user jean from 165.22.45.108 port 59290","@timestamp":"2022-09-07T03:33:29.981Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:33:58 honeypot-ams-1 sshd[29361]: Connection closed by 180.76.173.237 port 41012 [preauth]","@timestamp":"2022-09-07T03:33:59.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:37:12 honeypot-ams-1 sshd[29368]: Received disconnect from 92.255.85.69 port 49862:11: Bye Bye [preauth]","@timestamp":"2022-09-07T03:37:13.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:39:14 honeypot-ams-1 sshd[29370]: Connection reset by 61.177.173.48 port 12159 [preauth]","@timestamp":"2022-09-07T03:39:15.196Z"}
{"@timestamp":"2022-09-07T03:40:58.986Z","@version":"1","message":"Sep  7 03:40:58 honeypot-sgp-1 kernel: [83398177.416824] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.196.63 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33075 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:43:05.038Z","@version":"1","message":"Sep  7 03:43:04 honeypot-sgp-1 kernel: [83398303.670696] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.217.153 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40370 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:44:43 honeypot-fra-1 sshd[19406]: Received disconnect from 74.44.239.58 port 13556:11: Bye Bye [preauth]","@timestamp":"2022-09-07T03:44:44.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:45:33 honeypot-fra-1 sshd[19410]: Received disconnect from 165.22.45.108 port 35620:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T03:45:33.243Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:46:32.120Z","@version":"1","message":"Sep  7 03:46:31 honeypot-sgp-1 sshd[27427]: Received disconnect from 45.61.186.249 port 44830:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:46:51.128Z","@version":"1","message":"Sep  7 03:46:50 honeypot-sgp-1 sshd[27431]: Invalid user user from 45.61.186.249 port 39880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:47:09.136Z","@version":"1","message":"Sep  7 03:47:09 honeypot-sgp-1 sshd[27435]: Invalid user user from 45.61.186.249 port 34982","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:47:28.143Z","@version":"1","message":"Sep  7 03:47:27 honeypot-sgp-1 sshd[27441]: Invalid user user from 45.61.186.249 port 58290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:02.157Z","@version":"1","message":"Sep  7 03:48:01 honeypot-sgp-1 sshd[27446]: Received disconnect from 61.177.173.36 port 26646:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:03.158Z","@version":"1","message":"Sep  7 03:48:02 honeypot-sgp-1 sshd[27448]: Received disconnect from 92.255.85.69 port 41724:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:24.167Z","@version":"1","message":"Sep  7 03:48:23 honeypot-sgp-1 sshd[27454]: Received disconnect from 45.61.184.204 port 52058:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:42.173Z","@version":"1","message":"Sep  7 03:48:41 honeypot-sgp-1 sshd[27458]: Received disconnect from 45.61.184.204 port 47442:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:49:01.181Z","@version":"1","message":"Sep  7 03:49:00 honeypot-sgp-1 sshd[27463]: Received disconnect from 45.61.184.204 port 42834:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:49:55 honeypot-fra-1 sshd[19413]: Received disconnect from 151.106.112.77 port 41516:11: Bye Bye [preauth]","@timestamp":"2022-09-07T03:49:55.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 03:51:00 honeypot-ams-1 kernel: [83399249.187921] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.89.55.201 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=6489 PROTO=TCP SPT=40728 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:51:00.500Z"}
{"@timestamp":"2022-09-07T03:51:38.242Z","@version":"1","message":"Sep  7 03:51:37 honeypot-sgp-1 sshd[27469]: Received disconnect from 61.177.172.98 port 25432:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:51:46 honeypot-fra-1 sshd[19417]: Connection closed by invalid user rw 193.106.191.157 port 55976 [preauth]","@timestamp":"2022-09-07T03:51:47.385Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:52:52.273Z","@version":"1","message":"Sep  7 03:52:51 honeypot-sgp-1 sshd[27474]: Invalid user user from 141.255.162.226 port 51768","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:52:54.276Z","@version":"1","message":"Sep  7 03:52:54 honeypot-sgp-1 sshd[27478]: Invalid user user from 141.255.162.226 port 60508","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:52:56.277Z","@version":"1","message":"Sep  7 03:52:55 honeypot-sgp-1 sshd[27482]: Invalid user user from 141.255.162.226 port 41018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:53:31.292Z","@version":"1","message":"Sep  7 03:53:30 honeypot-sgp-1 sshd[27486]: Received disconnect from 167.99.220.160 port 56562:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:57:48 honeypot-ams-1 sshd[29396]: Disconnected from authenticating user root 61.177.173.46 port 48404 [preauth]","@timestamp":"2022-09-07T03:57:48.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:00:39 honeypot-ams-1 sshd[29402]: Received disconnect from 92.255.85.69 port 37842:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:00:40.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:01:47 honeypot-ams-1 sshd[29404]: Disconnected from invalid user sean 189.195.123.28 port 48128 [preauth]","@timestamp":"2022-09-07T04:01:47.801Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:02:12 honeypot-fra-1 sshd[19422]: Received disconnect from 178.128.104.101 port 46214:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:02:13.613Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:02:28.500Z","@version":"1","message":"Sep  7 04:02:27 honeypot-sgp-1 sshd[27494]: Received disconnect from 120.202.180.65 port 62647:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:04:47 honeypot-ams-1 sshd[29408]: Disconnected from invalid user petra 200.2.120.83 port 53242 [preauth]","@timestamp":"2022-09-07T04:04:47.884Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:08:13 honeypot-fra-1 sshd[19425]: Disconnected from invalid user araknis 92.255.85.70 port 26160 [preauth]","@timestamp":"2022-09-07T04:08:13.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:00 honeypot-fra-1 sshd[19430]: Disconnected from invalid user jenbrown 165.22.45.108 port 44712 [preauth]","@timestamp":"2022-09-07T04:09:00.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:16 honeypot-fra-1 sshd[19434]: Disconnected from invalid user user 45.61.187.160 port 54878 [preauth]","@timestamp":"2022-09-07T04:09:16.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:36 honeypot-fra-1 sshd[19438]: Disconnected from invalid user user 45.61.187.160 port 50108 [preauth]","@timestamp":"2022-09-07T04:09:36.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:57 honeypot-fra-1 sshd[19443]: Disconnected from invalid user user 45.61.187.160 port 45344 [preauth]","@timestamp":"2022-09-07T04:09:57.790Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:11:29.714Z","@version":"1","message":"Sep  7 04:11:28 honeypot-sgp-1 sshd[27502]: Received disconnect from 92.255.85.69 port 33422:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:14:51 honeypot-ams-1 kernel: [83400680.972365] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.142.28.76 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=45661 PROTO=TCP SPT=18101 DPT=80 WINDOW=5613 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:14:52.145Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:17:50 honeypot-fra-1 kernel: [83398715.276807] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.206.241.219 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=33704 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:17:50.962Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:20:59 honeypot-fra-1 sshd[19453]: Received disconnect from 165.22.45.108 port 49266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:21:00.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:22:55.988Z","@version":"1","message":"Sep  7 04:22:55 honeypot-sgp-1 kernel: [83400694.269497] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=31.57.38.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=48077 PROTO=TCP SPT=7942 DPT=80 WINDOW=27680 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:23:52 honeypot-ams-1 kernel: [83401221.038098] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.39.220.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=7045 PROTO=TCP SPT=44465 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:23:52.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:25:20 honeypot-fra-1 sshd[19458]: Disconnected from invalid user yamano 31.187.76.21 port 49112 [preauth]","@timestamp":"2022-09-07T04:25:20.129Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:29:06 honeypot-ams-1 sshd[29435]: Connection closed by 180.76.173.237 port 56640 [preauth]","@timestamp":"2022-09-07T04:29:07.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:31:11 honeypot-fra-1 sshd[19463]: Disconnected from invalid user Worxcode 157.230.155.135 port 46239 [preauth]","@timestamp":"2022-09-07T04:31:12.254Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:31:33.196Z","@version":"1","message":"Sep  7 04:31:33 honeypot-sgp-1 kernel: [83401212.164746] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=31568 DF PROTO=TCP SPT=45982 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:33:10 honeypot-fra-1 sshd[19467]: Disconnected from invalid user jenkins 165.22.45.108 port 53824 [preauth]","@timestamp":"2022-09-07T04:33:11.298Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:33:36 honeypot-ams-1 sshd[29443]: Received disconnect from 213.55.79.194 port 34220:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:33:37.631Z"}
{"@timestamp":"2022-09-07T04:34:35.271Z","@version":"1","message":"Sep  7 04:34:34 honeypot-sgp-1 sshd[27513]: Received disconnect from 152.67.45.125 port 54006:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:37:09 honeypot-ams-1 sshd[29447]: Connection closed by 180.76.173.237 port 56868 [preauth]","@timestamp":"2022-09-07T04:37:09.725Z"}
{"@timestamp":"2022-09-07T04:37:58.351Z","@version":"1","message":"Sep  7 04:37:58 honeypot-sgp-1 sshd[27518]: Disconnected from authenticating user root 144.24.72.43 port 52482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:39:04 honeypot-fra-1 sshd[19472]: Invalid user rx from 193.106.191.157 port 57606","@timestamp":"2022-09-07T04:39:04.428Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:40:06 honeypot-ams-1 sshd[29450]: Connection closed by invalid user admin 211.107.213.219 port 60372 [preauth]","@timestamp":"2022-09-07T04:40:06.806Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:43:09 honeypot-fra-1 sshd[19477]: Invalid user alina from 177.93.51.98 port 43566","@timestamp":"2022-09-07T04:43:09.536Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:44:50 honeypot-fra-1 sshd[19481]: Disconnected from authenticating user root 196.223.151.194 port 59408 [preauth]","@timestamp":"2022-09-07T04:44:51.576Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:45:43.535Z","@version":"1","message":"Sep  7 04:45:43 honeypot-sgp-1 kernel: [83402062.216862] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=10822 DF PROTO=TCP SPT=49599 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:48:24 honeypot-ams-1 sshd[29460]: Invalid user Cisco from 92.255.85.70 port 31480","@timestamp":"2022-09-07T04:48:25.022Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:51:06 honeypot-fra-1 kernel: [83400711.174101] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.139 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3251 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:51:07.713Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:51:32 honeypot-fra-1 sshd[19491]: Received disconnect from 141.255.162.226 port 56590:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:51:32.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:51:33 honeypot-fra-1 sshd[19495]: Received disconnect from 141.255.162.226 port 55006:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:51:33.725Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:54:12 honeypot-ams-1 sshd[29467]: Connection closed by 180.76.173.237 port 57334 [preauth]","@timestamp":"2022-09-07T04:54:13.172Z"}
{"@timestamp":"2022-09-07T04:54:40.745Z","@version":"1","message":"Sep  7 04:54:40 honeypot-sgp-1 sshd[27524]: Disconnected from 79.110.62.213 port 32896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:55:06 honeypot-fra-1 sshd[19500]: Invalid user Cisco from 92.255.85.69 port 51716","@timestamp":"2022-09-07T04:55:06.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:57:31 honeypot-fra-1 sshd[19502]: Disconnected from invalid user jenkins 165.22.45.108 port 34704 [preauth]","@timestamp":"2022-09-07T04:57:31.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:59:33.859Z","@version":"1","message":"Sep  7 04:59:33 honeypot-sgp-1 sshd[27529]: Received disconnect from 111.67.203.234 port 36234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 05:00:10 honeypot-ams-1 kernel: [83403399.688689] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.29.127.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=56732 PROTO=TCP SPT=38791 DPT=80 WINDOW=227 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:00:11.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:05:25 honeypot-ams-1 sshd[29476]: Disconnected from invalid user user 45.61.187.160 port 54278 [preauth]","@timestamp":"2022-09-07T05:05:25.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:05:45 honeypot-ams-1 sshd[29480]: Disconnected from invalid user user 45.61.187.160 port 49500 [preauth]","@timestamp":"2022-09-07T05:05:46.484Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:05 honeypot-ams-1 sshd[29485]: Received disconnect from 45.61.187.160 port 44722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:06:05.494Z"}
{"@timestamp":"2022-09-07T05:06:08.030Z","@version":"1","message":"Sep  7 05:06:07 honeypot-sgp-1 sshd[27537]: Invalid user admin from 128.53.5.55 port 61499","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:07 honeypot-ams-1 sshd[29490]: Received disconnect from 141.255.162.226 port 40222:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:06:08.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:12 honeypot-ams-1 sshd[29495]: Invalid user user from 141.255.162.226 port 57904","@timestamp":"2022-09-07T05:06:12.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:14 honeypot-ams-1 sshd[29497]: Invalid user user from 45.61.187.160 port 56446","@timestamp":"2022-09-07T05:06:14.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:22 honeypot-ams-1 sshd[29503]: Invalid user user from 45.61.187.160 port 39978","@timestamp":"2022-09-07T05:06:23.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:20 honeypot-fra-1 sshd[19508]: Received disconnect from 45.61.187.160 port 55302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:08:21.092Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:39 honeypot-fra-1 sshd[19512]: Received disconnect from 45.61.187.160 port 51154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:08:40.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:56 honeypot-fra-1 sshd[19516]: Received disconnect from 45.61.187.160 port 47064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:08:57.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:09:34 honeypot-fra-1 sshd[19520]: Received disconnect from 165.22.45.108 port 39258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:09:35.126Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:10:27.132Z","@version":"1","message":"Sep  7 05:10:26 honeypot-sgp-1 kernel: [83403545.970568] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.92.32.148 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=42960 PROTO=TCP SPT=47425 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:10:57 honeypot-ams-1 sshd[29507]: Disconnected from invalid user user 45.61.186.249 port 45112 [preauth]","@timestamp":"2022-09-07T05:10:57.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:13 honeypot-ams-1 sshd[29511]: Disconnected from invalid user admin 92.255.85.69 port 55892 [preauth]","@timestamp":"2022-09-07T05:11:13.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:23 honeypot-ams-1 sshd[29515]: Disconnected from invalid user user 45.61.186.249 port 49892 [preauth]","@timestamp":"2022-09-07T05:11:23.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:40 honeypot-ams-1 sshd[29519]: Disconnected from invalid user user 45.61.186.249 port 43664 [preauth]","@timestamp":"2022-09-07T05:11:40.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:15:29 honeypot-ams-1 sshd[29526]: Connection closed by 180.76.173.237 port 43806 [preauth]","@timestamp":"2022-09-07T05:15:29.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:16:13 honeypot-fra-1 kernel: [83402217.381446] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2596 PROTO=TCP SPT=49275 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:16:13.273Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T05:17:02.312Z","@version":"1","message":"Sep  7 05:17:01 honeypot-sgp-1 CRON[27545]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:19:29 honeypot-ams-1 sshd[29533]: Connection closed by 180.76.173.237 port 58038 [preauth]","@timestamp":"2022-09-07T05:19:29.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:21:18 honeypot-fra-1 kernel: [83402522.511958] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.17 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=6593 PROTO=TCP SPT=51141 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:21:18.387Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:27:26 honeypot-ams-1 sshd[29540]: Connection closed by 180.76.173.237 port 58268 [preauth]","@timestamp":"2022-09-07T05:27:27.059Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:28:58 honeypot-fra-1 sshd[19536]: Invalid user ry from 193.106.191.157 port 59268","@timestamp":"2022-09-07T05:28:59.555Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:30:38.623Z","@version":"1","message":"Sep  7 05:30:38 honeypot-sgp-1 kernel: [83404757.660458] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=57693 PROTO=TCP SPT=48607 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:34:01 honeypot-fra-1 sshd[19541]: Invalid user jenkins from 165.22.45.108 port 48368","@timestamp":"2022-09-07T05:34:02.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:36:32 honeypot-ams-1 sshd[29546]: Connection closed by 180.76.173.237 port 58506 [preauth]","@timestamp":"2022-09-07T05:36:33.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:38:57 honeypot-fra-1 kernel: [83403581.983010] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=9219 PROTO=TCP SPT=55945 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:38:58.774Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T05:39:36.832Z","@version":"1","message":"Sep  7 05:39:36 honeypot-sgp-1 sshd[27553]: Disconnected from invalid user adarsh 178.128.159.1 port 34842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T05:45:31.971Z","@version":"1","message":"Sep  7 05:45:31 honeypot-sgp-1 sshd[27558]: Disconnected from invalid user adslroot 92.255.85.70 port 23240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:46:23 honeypot-fra-1 sshd[19550]: Invalid user jenkins from 165.22.45.108 port 52928","@timestamp":"2022-09-07T05:46:23.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:50:50 honeypot-fra-1 sshd[19998]: Invalid user admin from 59.126.219.115 port 43115","@timestamp":"2022-09-07T05:50:51.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20004]: Invalid user postgres from 36.41.175.109 port 34386","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20020]: Invalid user ts3srv from 36.41.175.109 port 34414","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20003]: Connection closed by invalid user test 36.41.175.109 port 34392 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20012]: Connection closed by invalid user ubuntu 36.41.175.109 port 34444 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20025]: Connection closed by invalid user ts3 36.41.175.109 port 34402 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20039]: Invalid user user from 36.41.175.109 port 34490","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20048]: Invalid user nguser from 36.41.175.109 port 34410","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20038]: Connection closed by invalid user teamspeak 36.41.175.109 port 34434 [preauth]","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20048]: Connection closed by invalid user nguser 36.41.175.109 port 34410 [preauth]","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20067]: Invalid user ansible from 36.41.175.109 port 34510","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20057]: Connection closed by invalid user web 36.41.175.109 port 34448 [preauth]","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20068]: Connection closed by invalid user ansible 36.41.175.109 port 34488 [preauth]","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:57:34 honeypot-fra-1 sshd[20078]: Invalid user sandu from 68.183.212.10 port 36502","@timestamp":"2022-09-07T05:57:35.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:58:05 honeypot-ams-1 sshd[29557]: Received disconnect from 92.255.85.69 port 27294:11: Bye Bye [preauth]","@timestamp":"2022-09-07T05:58:05.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:59:19 honeypot-fra-1 sshd[20083]: Invalid user wu from 111.67.196.49 port 35646","@timestamp":"2022-09-07T05:59:19.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:01:53 honeypot-fra-1 kernel: [83404957.844379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.240.205.160 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=15135 PROTO=TCP SPT=56188 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:01:54.284Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:02:39 honeypot-ams-1 kernel: [83407148.302765] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57801 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:02:39.983Z"}
{"@timestamp":"2022-09-07T06:03:47.392Z","@version":"1","message":"Sep  7 06:03:47 honeypot-sgp-1 sshd[27563]: Connection closed by authenticating user root 27.72.47.206 port 26081 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:04:09 honeypot-ams-1 kernel: [83407238.277437] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.172.70.217 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=53992 DF PROTO=TCP SPT=49374 DPT=5432 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:04:10.027Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:05:23 honeypot-fra-1 sshd[20089]: Disconnected from invalid user adslroot 92.255.85.70 port 51340 [preauth]","@timestamp":"2022-09-07T06:05:23.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:13:25.613Z","@version":"1","message":"Sep  7 06:13:25 honeypot-sgp-1 kernel: [83407324.066039] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=61873 PROTO=TCP SPT=51098 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:16:39 honeypot-ams-1 sshd[29576]: Connection closed by 180.76.173.237 port 45462 [preauth]","@timestamp":"2022-09-07T06:16:40.372Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:17:01 honeypot-fra-1 CRON[20097]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T06:17:01.627Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:17:02.699Z","@version":"1","message":"Sep  7 06:17:01 honeypot-sgp-1 CRON[27575]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:17:24 honeypot-ams-1 kernel: [83408033.368240] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.79 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39240 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:17:25.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:19:45 honeypot-ams-1 sshd[29587]: Invalid user admin from 216.52.136.77 port 21614","@timestamp":"2022-09-07T06:19:45.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:20:41 honeypot-ams-1 sshd[29593]: Connection closed by 180.76.173.237 port 59692 [preauth]","@timestamp":"2022-09-07T06:20:41.482Z"}
{"@timestamp":"2022-09-07T06:20:59.795Z","@version":"1","message":"Sep  7 06:20:59 honeypot-sgp-1 sshd[27581]: Disconnected from authenticating user root 181.176.145.43 port 49144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:23:31 honeypot-fra-1 sshd[20103]: Invalid user jenkins from 165.22.45.108 port 38360","@timestamp":"2022-09-07T06:23:31.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:24:59 honeypot-ams-1 sshd[29602]: Invalid user ubnt from 113.161.230.215 port 60432","@timestamp":"2022-09-07T06:24:59.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:02 honeypot-ams-1 sshd[29606]: Received disconnect from 113.161.230.215 port 60527:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:03.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:06 honeypot-ams-1 sshd[29775]: Disconnected from authenticating user root 113.161.230.215 port 60609 [preauth]","@timestamp":"2022-09-07T06:25:06.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:10 honeypot-ams-1 sshd[29781]: Disconnected from authenticating user root 113.161.230.215 port 60764 [preauth]","@timestamp":"2022-09-07T06:25:11.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:15 honeypot-ams-1 sshd[29787]: Disconnected from authenticating user root 113.161.230.215 port 60896 [preauth]","@timestamp":"2022-09-07T06:25:16.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:20 honeypot-ams-1 sshd[29793]: Disconnected from authenticating user root 113.161.230.215 port 32800 [preauth]","@timestamp":"2022-09-07T06:25:20.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:25 honeypot-ams-1 sshd[29799]: Disconnected from authenticating user root 113.161.230.215 port 32940 [preauth]","@timestamp":"2022-09-07T06:25:25.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:30 honeypot-ams-1 sshd[29805]: Disconnected from authenticating user root 113.161.230.215 port 33087 [preauth]","@timestamp":"2022-09-07T06:25:30.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:35 honeypot-ams-1 sshd[29811]: Disconnected from authenticating user root 113.161.230.215 port 33228 [preauth]","@timestamp":"2022-09-07T06:25:35.623Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:40 honeypot-ams-1 sshd[29817]: Disconnected from authenticating user root 113.161.230.215 port 33369 [preauth]","@timestamp":"2022-09-07T06:25:40.626Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:44 honeypot-ams-1 sshd[29823]: Disconnected from authenticating user root 113.161.230.215 port 33511 [preauth]","@timestamp":"2022-09-07T06:25:45.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:49 honeypot-ams-1 sshd[29829]: Disconnected from authenticating user root 113.161.230.215 port 33650 [preauth]","@timestamp":"2022-09-07T06:25:50.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:54 honeypot-ams-1 sshd[29835]: Received disconnect from 113.161.230.215 port 33790:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:54.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:57 honeypot-ams-1 sshd[29839]: Received disconnect from 113.161.230.215 port 33882:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:58.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:01 honeypot-ams-1 sshd[29843]: Received disconnect from 113.161.230.215 port 33973:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:01.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:04 honeypot-ams-1 sshd[29847]: Received disconnect from 113.161.230.215 port 34068:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:04.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:07 honeypot-ams-1 sshd[29851]: Received disconnect from 113.161.230.215 port 34150:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:07.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:10 honeypot-ams-1 sshd[29855]: Received disconnect from 113.161.230.215 port 34241:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:11.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:15 honeypot-ams-1 sshd[29861]: Invalid user pi from 113.161.230.215 port 34384","@timestamp":"2022-09-07T06:26:15.650Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:18 honeypot-ams-1 sshd[29865]: Invalid user user from 113.161.230.215 port 34478","@timestamp":"2022-09-07T06:26:18.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:21 honeypot-ams-1 sshd[29869]: Invalid user mine from 113.161.230.215 port 34581","@timestamp":"2022-09-07T06:26:22.654Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:25 honeypot-ams-1 sshd[29873]: Invalid user xbmc from 113.161.230.215 port 34670","@timestamp":"2022-09-07T06:26:25.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:28 honeypot-ams-1 sshd[29877]: Invalid user oracle from 113.161.230.215 port 34770","@timestamp":"2022-09-07T06:26:28.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:31 honeypot-ams-1 sshd[29881]: Invalid user postgres from 113.161.230.215 port 34870","@timestamp":"2022-09-07T06:26:32.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:34 honeypot-ams-1 sshd[29885]: Invalid user support from 113.161.230.215 port 34959","@timestamp":"2022-09-07T06:26:35.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:38 honeypot-ams-1 sshd[29889]: Invalid user ubuntu from 113.161.230.215 port 35055","@timestamp":"2022-09-07T06:26:38.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:41 honeypot-ams-1 sshd[29893]: Invalid user ubuntu from 113.161.230.215 port 35143","@timestamp":"2022-09-07T06:26:41.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:44 honeypot-ams-1 sshd[29897]: Invalid user guest from 113.161.230.215 port 35241","@timestamp":"2022-09-07T06:26:45.671Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:48 honeypot-ams-1 sshd[29901]: Invalid user cirros from 113.161.230.215 port 35335","@timestamp":"2022-09-07T06:26:48.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:27:42 honeypot-fra-1 sshd[20246]: Invalid user sti.admin5 from 92.255.85.70 port 43276","@timestamp":"2022-09-07T06:27:42.868Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:30:22.043Z","@version":"1","message":"Sep  7 06:30:21 honeypot-sgp-1 sshd[27729]: Invalid user sti.admin5 from 92.255.85.70 port 61548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:31:50 honeypot-fra-1 kernel: [83406754.793514] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=44.197.113.139 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=44033 DF PROTO=TCP SPT=63784 DPT=80 WINDOW=62727 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T06:31:50.960Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:33:46 honeypot-ams-1 sshd[29906]: Connection closed by 180.76.173.237 port 45936 [preauth]","@timestamp":"2022-09-07T06:33:47.855Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:35:39 honeypot-fra-1 sshd[20257]: Received disconnect from 139.59.98.121 port 33496:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:35:40.048Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:37:02.197Z","@version":"1","message":"Sep  7 06:37:01 honeypot-sgp-1 sshd[27930]: Disconnected from invalid user telnet 46.101.135.232 port 59190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:41:38 honeypot-fra-1 kernel: [83407342.800443] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52829 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:41:39.178Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:42:55 honeypot-ams-1 sshd[29913]: Connection closed by 180.76.173.237 port 46188 [preauth]","@timestamp":"2022-09-07T06:42:56.089Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:43:21 honeypot-fra-1 sshd[20264]: Disconnected from invalid user upload 189.8.68.56 port 53730 [preauth]","@timestamp":"2022-09-07T06:43:22.218Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:46:55.433Z","@version":"1","message":"Sep  7 06:46:55 honeypot-sgp-1 kernel: [83409334.260673] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.17 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40103 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:49:06 honeypot-fra-1 sshd[20267]: Disconnected from invalid user jennifer 165.22.45.108 port 47522 [preauth]","@timestamp":"2022-09-07T06:49:07.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:53:12 honeypot-ams-1 sshd[29934]: Connection closed by 180.76.173.237 port 46440 [preauth]","@timestamp":"2022-09-07T06:53:12.346Z"}
{"@timestamp":"2022-09-07T06:54:17.604Z","@version":"1","message":"Sep  7 06:54:17 honeypot-sgp-1 kernel: [83409776.074360] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48640 PROTO=TCP SPT=59509 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:56:22 honeypot-fra-1 kernel: [83408226.653764] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.250.189.103 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=34768 DF PROTO=TCP SPT=17930 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:56:23.508Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:59:01 honeypot-ams-1 sshd[29939]: Disconnected from 147.182.211.89 port 46026 [preauth]","@timestamp":"2022-09-07T06:59:01.530Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:03:34 honeypot-ams-1 kernel: [83410803.479728] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.153.77.105 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=26859 DF PROTO=TCP SPT=62810 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T07:03:34.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:06:16 honeypot-fra-1 sshd[20476]: Invalid user s from 193.106.191.157 port 34252","@timestamp":"2022-09-07T07:06:16.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:06:49 honeypot-fra-1 sshd[20480]: Disconnected from invalid user home 47.176.104.76 port 4790 [preauth]","@timestamp":"2022-09-07T07:06:50.746Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T07:07:06.901Z","@version":"1","message":"Sep  7 07:07:06 honeypot-sgp-1 kernel: [83410545.138875] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=142.147.96.220 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=38479 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:08:46 honeypot-ams-1 sshd[30046]: Connection closed by 180.76.173.237 port 60948 [preauth]","@timestamp":"2022-09-07T07:08:46.806Z"}
{"@timestamp":"2022-09-07T07:08:47.942Z","@version":"1","message":"Sep  7 07:08:47 honeypot-sgp-1 sshd[28021]: Disconnected from authenticating user root 159.89.205.198 port 51778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:09:04 honeypot-ams-1 sshd[30050]: Disconnected from invalid user yaysa 117.205.83.28 port 57852 [preauth]","@timestamp":"2022-09-07T07:09:04.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:02 honeypot-ams-1 sshd[30053]: Disconnected from invalid user user 198.98.61.9 port 47820 [preauth]","@timestamp":"2022-09-07T07:12:02.898Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:18 honeypot-ams-1 sshd[30057]: Disconnected from invalid user user 198.98.61.9 port 42220 [preauth]","@timestamp":"2022-09-07T07:12:18.906Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:32 honeypot-ams-1 sshd[30061]: Disconnected from invalid user user 198.98.61.9 port 36664 [preauth]","@timestamp":"2022-09-07T07:12:32.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:47 honeypot-ams-1 sshd[30065]: Disconnected from invalid user user 198.98.61.9 port 59340 [preauth]","@timestamp":"2022-09-07T07:12:47.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:13:36 honeypot-fra-1 sshd[20486]: Received disconnect from 92.255.85.69 port 31240:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:13:36.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T07:16:56.135Z","@version":"1","message":"Sep  7 07:16:55 honeypot-sgp-1 sshd[28024]: Invalid user zhone from 92.255.85.70 port 52932","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:17:01 honeypot-fra-1 CRON[20488]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T07:17:01.971Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:17:01 honeypot-ams-1 CRON[30074]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T07:17:02.061Z"}
{"@timestamp":"2022-09-07T07:20:14.213Z","@version":"1","message":"Sep  7 07:20:13 honeypot-sgp-1 kernel: [83411332.446695] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=13603 DF PROTO=TCP SPT=49770 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:24:09 honeypot-fra-1 sshd[20495]: Received disconnect from 165.22.45.108 port 56902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T07:24:10.134Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T07:24:29.313Z","@version":"1","message":"Sep  7 07:24:28 honeypot-sgp-1 kernel: [83411587.364086] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=37962 PROTO=TCP SPT=52987 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:25:00 honeypot-ams-1 sshd[30082]: Received disconnect from 187.33.56.200 port 51014:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:25:00.284Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:25:21 honeypot-ams-1 kernel: [83412110.202678] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25681 DF PROTO=TCP SPT=39888 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:25:21.296Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:30:02 honeypot-ams-1 kernel: [83412391.626018] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=20649 PROTO=TCP SPT=55671 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:30:03.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:33:15 honeypot-fra-1 sshd[20498]: Disconnected from authenticating user root 203.130.255.2 port 42634 [preauth]","@timestamp":"2022-09-07T07:33:15.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:35:41 honeypot-fra-1 sshd[20504]: Disconnected from authenticating user root 160.251.7.202 port 45490 [preauth]","@timestamp":"2022-09-07T07:35:42.375Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:37:07 honeypot-fra-1 sshd[20511]: Invalid user auto from 164.92.233.93 port 39812","@timestamp":"2022-09-07T07:37:07.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:37:51 honeypot-fra-1 sshd[20515]: Received disconnect from 175.207.13.22 port 50166:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:37:51.425Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:39:45 honeypot-ams-1 kernel: [83412974.813804] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=12391 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:39:46.666Z"}
{"@timestamp":"2022-09-07T07:40:24.685Z","@version":"1","message":"Sep  7 07:40:24 honeypot-sgp-1 sshd[28034]: Disconnected from invalid user admin 92.255.85.70 port 46912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:46:42 honeypot-fra-1 sshd[20520]: Invalid user zhaowen from 137.116.144.39 port 35966","@timestamp":"2022-09-07T07:46:43.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:50:36 honeypot-fra-1 sshd[20525]: Connection closed by invalid user admin 118.47.198.199 port 35048 [preauth]","@timestamp":"2022-09-07T07:50:36.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:53:33 honeypot-ams-1 sshd[30104]: Invalid user c1@r0 from 92.255.85.69 port 20812","@timestamp":"2022-09-07T07:53:34.023Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:56:13 honeypot-fra-1 kernel: [83411817.151806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.210.107.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=51132 PROTO=TCP SPT=57026 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:56:13.838Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:02:46 honeypot-fra-1 sshd[20535]: Invalid user jesse from 165.22.45.108 port 42396","@timestamp":"2022-09-07T08:02:46.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T08:03:43.248Z","@version":"1","message":"Sep  7 08:03:42 honeypot-sgp-1 sshd[28040]: Disconnected from invalid user user 45.61.186.249 port 38966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:02.257Z","@version":"1","message":"Sep  7 08:04:02 honeypot-sgp-1 sshd[28044]: Disconnected from invalid user user 45.61.186.249 port 34066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:21.266Z","@version":"1","message":"Sep  7 08:04:20 honeypot-sgp-1 sshd[28048]: Disconnected from invalid user user 45.61.186.249 port 57428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:33.272Z","@version":"1","message":"Sep  7 08:04:32 honeypot-sgp-1 sshd[28052]: Disconnected from invalid user c1@r0 92.255.85.70 port 37206 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:07:25 honeypot-ams-1 sshd[30110]: Connection closed by 180.76.173.237 port 48264 [preauth]","@timestamp":"2022-09-07T08:07:26.377Z"}
{"@timestamp":"2022-09-07T08:09:15.383Z","@version":"1","message":"Sep  7 08:09:15 honeypot-sgp-1 sshd[28057]: Disconnected from invalid user iida 211.40.129.246 port 59766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:15:39 honeypot-fra-1 sshd[20559]: Invalid user jessica from 165.22.45.108 port 46970","@timestamp":"2022-09-07T08:15:40.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:17:01 honeypot-ams-1 CRON[30113]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T08:17:01.625Z"}
{"@timestamp":"2022-09-07T08:17:01.569Z","@version":"1","message":"Sep  7 08:17:01 honeypot-sgp-1 CRON[28084]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:17:54 honeypot-fra-1 kernel: [83413118.232836] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=44.197.113.139 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=103 ID=35323 DF PROTO=TCP SPT=52883 DPT=80 WINDOW=62727 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T08:17:55.311Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:19:19 honeypot-ams-1 sshd[30120]: Connection closed by invalid user fwupgrade 79.136.67.196 port 60085 [preauth]","@timestamp":"2022-09-07T08:19:19.685Z"}
{"@timestamp":"2022-09-07T08:23:33.723Z","@version":"1","message":"Sep  7 08:23:33 honeypot-sgp-1 kernel: [83415132.041258] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17731 PROTO=TCP SPT=58589 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:25:12.766Z","@version":"1","message":"Sep  7 08:25:12 honeypot-sgp-1 sshd[28094]: Disconnected from invalid user oracle 59.103.236.85 port 16782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:28:46 honeypot-fra-1 sshd[20567]: Received disconnect from 165.22.45.108 port 51564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T08:28:47.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:30:53 honeypot-fra-1 kernel: [83413897.038397] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=4112 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:30:53.598Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 08:30:52 honeypot-ams-1 kernel: [83416041.730150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30658 PROTO=TCP SPT=59405 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:30:52.985Z"}
{"@timestamp":"2022-09-07T08:31:10.909Z","@version":"1","message":"Sep  7 08:31:10 honeypot-sgp-1 sshd[28099]: Disconnected from authenticating user root 189.68.157.223 port 54573 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:39:51 honeypot-ams-1 sshd[30151]: Disconnected from invalid user admin 92.255.85.70 port 38684 [preauth]","@timestamp":"2022-09-07T08:39:52.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:41:53 honeypot-fra-1 kernel: [83414557.207900] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64520 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:41:53.838Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T08:44:35.241Z","@version":"1","message":"Sep  7 08:44:34 honeypot-sgp-1 sshd[28110]: Invalid user dchublis from 210.106.108.250 port 44231","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:46:32 honeypot-fra-1 kernel: [83414836.078684] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.230.3 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=45395 DF PROTO=TCP SPT=58620 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:46:32.941Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T08:50:55.393Z","@version":"1","message":"Sep  7 08:50:55 honeypot-sgp-1 sshd[28115]: Invalid user admin from 92.255.85.69 port 31154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:18 honeypot-fra-1 sshd[20670]: Received disconnect from 45.61.187.160 port 49484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T08:51:19.049Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:38 honeypot-fra-1 sshd[20674]: Received disconnect from 45.61.187.160 port 44994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T08:51:38.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:54 honeypot-fra-1 sshd[20678]: Received disconnect from 45.61.187.160 port 40496:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T08:51:55.072Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:52:09 honeypot-fra-1 sshd[20682]: Received disconnect from 45.61.187.160 port 35984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T08:52:10.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:55:45 honeypot-fra-1 sshd[20685]: Received disconnect from 165.22.45.108 port 60760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T08:55:46.160Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T08:58:56.581Z","@version":"1","message":"Sep  7 08:58:56 honeypot-sgp-1 sshd[28120]: Received disconnect from 102.223.92.101 port 5327:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:00:08.611Z","@version":"1","message":"Sep  7 09:00:08 honeypot-sgp-1 sshd[28124]: Disconnected from authenticating user root 89.251.102.54 port 57030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:01:56.660Z","@version":"1","message":"Sep  7 09:01:55 honeypot-sgp-1 sshd[28126]: Received disconnect from 186.206.144.34 port 41200:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:02:38 honeypot-ams-1 sshd[30161]: Received disconnect from 92.255.85.69 port 42168:11: Bye Bye [preauth]","@timestamp":"2022-09-07T09:02:38.835Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:05:16 honeypot-fra-1 kernel: [83415960.388407] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.91.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=35138 PROTO=TCP SPT=31007 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:05:17.367Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:10:52 honeypot-fra-1 sshd[20696]: Received disconnect from 92.255.85.69 port 36480:11: Bye Bye [preauth]","@timestamp":"2022-09-07T09:10:53.487Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:13:52.938Z","@version":"1","message":"Sep  7 09:13:52 honeypot-sgp-1 sshd[28132]: Disconnected from invalid user admin 92.255.85.70 port 54888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:04 honeypot-fra-1 sshd[20700]: Received disconnect from 141.255.162.226 port 52752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T09:15:04.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:07 honeypot-fra-1 sshd[20704]: Received disconnect from 141.255.162.226 port 43724:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T09:15:07.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:11 honeypot-fra-1 sshd[20708]: Received disconnect from 141.255.162.226 port 51612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T09:15:12.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:14 honeypot-fra-1 sshd[20712]: Received disconnect from 141.255.162.226 port 41456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T09:15:14.602Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:15:25.977Z","@version":"1","message":"Sep  7 09:15:25 honeypot-sgp-1 kernel: [83418244.329380] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.40 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=27441 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:15:35.981Z","@version":"1","message":"Sep  7 09:15:35 honeypot-sgp-1 sshd[28152]: Disconnected from authenticating user root 92.95.84.184 port 39378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:15:51.989Z","@version":"1","message":"Sep  7 09:15:51 honeypot-sgp-1 sshd[28160]: Disconnected from authenticating user root 92.95.84.184 port 40070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 09:15:56 honeypot-ams-1 kernel: [83418745.433980] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.73.126.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=29881 PROTO=TCP SPT=41539 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:15:57.202Z"}
{"@timestamp":"2022-09-07T09:16:04.995Z","@version":"1","message":"Sep  7 09:16:04 honeypot-sgp-1 sshd[28168]: Disconnected from authenticating user root 92.95.84.184 port 40678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:16:15.001Z","@version":"1","message":"Sep  7 09:16:14 honeypot-sgp-1 sshd[28174]: Received disconnect from 92.95.84.184 port 41114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:17:58 honeypot-fra-1 sshd[20717]: Disconnected from authenticating user root 91.183.81.82 port 56134 [preauth]","@timestamp":"2022-09-07T09:17:59.664Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:24:40 honeypot-ams-1 sshd[30174]: Disconnected from 49.88.112.65 port 18476 [preauth]","@timestamp":"2022-09-07T09:24:41.428Z"}
{"@timestamp":"2022-09-07T09:25:52.221Z","@version":"1","message":"Sep  7 09:25:51 honeypot-sgp-1 kernel: [83418870.512583] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=84.38.185.202 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=12456 PROTO=TCP SPT=17661 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:27:45 honeypot-fra-1 sshd[20725]: Disconnected from authenticating user root 218.92.0.208 port 44612 [preauth]","@timestamp":"2022-09-07T09:27:45.873Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 09:30:19 honeypot-ams-1 kernel: [83419608.616404] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.205.50.215 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=39374 PROTO=TCP SPT=58623 DPT=443 WINDOW=35994 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:30:20.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:33:30 honeypot-fra-1 sshd[20729]: Disconnected from invalid user lgnortel 92.255.85.70 port 62028 [preauth]","@timestamp":"2022-09-07T09:33:31.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:36:11 honeypot-fra-1 sshd[20733]: Disconnected from invalid user jessica 165.22.45.108 port 46268 [preauth]","@timestamp":"2022-09-07T09:36:12.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:37:16.491Z","@version":"1","message":"Sep  7 09:37:15 honeypot-sgp-1 sshd[28190]: Invalid user user from 167.99.220.160 port 35398","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:47:46 honeypot-ams-1 sshd[30185]: Disconnected from invalid user Admin 92.255.85.69 port 62012 [preauth]","@timestamp":"2022-09-07T09:47:47.017Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:49:47 honeypot-fra-1 sshd[20740]: Received disconnect from 165.22.45.108 port 50864:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T09:49:47.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:52:01 honeypot-ams-1 sshd[30188]: Disconnected from invalid user andrei 142.93.212.10 port 50958 [preauth]","@timestamp":"2022-09-07T09:52:02.128Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 09:54:28 honeypot-ams-1 kernel: [83421056.937261] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.40.45.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=37638 PROTO=TCP SPT=5955 DPT=80 WINDOW=28468 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:54:28.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:57:16 honeypot-fra-1 sshd[20745]: Received disconnect from 20.104.91.36 port 54218:11: Bye Bye [preauth]","@timestamp":"2022-09-07T09:57:17.526Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:57:43.981Z","@version":"1","message":"Sep  7 09:57:43 honeypot-sgp-1 sshd[28193]: Did not receive identification string from 92.255.85.113 port 29040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:03:20 honeypot-fra-1 sshd[20752]: Invalid user jessica from 165.22.45.108 port 56814","@timestamp":"2022-09-07T10:03:20.660Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 10:04:16 honeypot-ams-1 kernel: [83421644.967465] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=37877 DF PROTO=TCP SPT=64886 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:04:16.451Z"}
{"@timestamp":"2022-09-07T10:05:13.162Z","@version":"1","message":"Sep  7 10:05:12 honeypot-sgp-1 kernel: [83421231.517922] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.185.25.173 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=389 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:06:14 honeypot-fra-1 sshd[20754]: Received disconnect from 62.94.193.216 port 59766:11: Bye Bye [preauth]","@timestamp":"2022-09-07T10:06:14.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:10:24 honeypot-fra-1 kernel: [83419868.376965] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=88.202.190.150 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=389 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:10:24.817Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:13:59 honeypot-fra-1 kernel: [83420083.261575] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.42 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=45912 PROTO=TCP SPT=18379 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:13:59.893Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:15:03 honeypot-ams-1 sshd[30200]: Received disconnect from 165.22.91.88 port 46996:11: Bye Bye [preauth]","@timestamp":"2022-09-07T10:15:03.728Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:17:01 honeypot-fra-1 CRON[20766]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T10:17:01.960Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T10:17:01.452Z","@version":"1","message":"Sep  7 10:17:01 honeypot-sgp-1 CRON[28202]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T10:18:46.497Z","@version":"1","message":"Sep  7 10:18:46 honeypot-sgp-1 sshd[28207]: Disconnected from 171.22.30.173 port 34908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:18:56 honeypot-fra-1 kernel: [83420380.063448] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.123.184.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=32506 PROTO=TCP SPT=45884 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:18:57.004Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:19:35 honeypot-ams-1 sshd[30210]: Disconnected from authenticating user root 61.177.173.39 port 58578 [preauth]","@timestamp":"2022-09-07T10:19:35.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:19:38 honeypot-fra-1 sshd[20776]: Invalid user user from 198.98.61.9 port 54736","@timestamp":"2022-09-07T10:19:39.023Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:19:53 honeypot-fra-1 sshd[20780]: Invalid user user from 198.98.61.9 port 48020","@timestamp":"2022-09-07T10:19:54.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:20:08 honeypot-fra-1 sshd[20784]: Invalid user user from 198.98.61.9 port 41330","@timestamp":"2022-09-07T10:20:09.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:20:54 honeypot-fra-1 kernel: [83420497.623618] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.248.28 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5869 PROTO=TCP SPT=39524 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:20:55.054Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:23:56 honeypot-fra-1 sshd[20793]: Received disconnect from 165.227.68.95 port 49932:11: Bye Bye [preauth]","@timestamp":"2022-09-07T10:23:57.118Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:25:20 honeypot-ams-1 sshd[30215]: Invalid user bzrx1098ui from 92.255.85.113 port 6397","@timestamp":"2022-09-07T10:25:20.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:26:23 honeypot-fra-1 sshd[20801]: Received disconnect from 61.177.173.51 port 20098:11:  [preauth]","@timestamp":"2022-09-07T10:26:24.174Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T10:26:27.685Z","@version":"1","message":"Sep  7 10:26:26 honeypot-sgp-1 sshd[28214]: Invalid user jnanchito from 118.200.42.47 port 39348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:32:10 honeypot-fra-1 sshd[20805]: Connection reset by 61.177.172.124 port 12010 [preauth]","@timestamp":"2022-09-07T10:32:10.296Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T10:32:10.825Z","@version":"1","message":"Sep  7 10:32:10 honeypot-sgp-1 sshd[28218]: Invalid user bzrx1098ui from 92.255.85.113 port 56617","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:34:03 honeypot-ams-1 sshd[30227]: Disconnected from authenticating user root 103.161.207.2 port 36602 [preauth]","@timestamp":"2022-09-07T10:34:03.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:37:23 honeypot-fra-1 sshd[20812]: Connection reset by 61.177.173.49 port 24905 [preauth]","@timestamp":"2022-09-07T10:37:24.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 10:37:39 honeypot-ams-1 kernel: [83423648.803424] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28600 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:37:40.341Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:43:44 honeypot-fra-1 sshd[20818]: Invalid user jesus from 165.22.45.108 port 42348","@timestamp":"2022-09-07T10:43:45.550Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T10:44:01.107Z","@version":"1","message":"Sep  7 10:44:00 honeypot-sgp-1 sshd[28224]: Disconnected from invalid user matrix 92.255.85.70 port 54468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:02 honeypot-fra-1 sshd[20825]: Invalid user user from 141.255.162.226 port 48636","@timestamp":"2022-09-07T10:46:03.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:06 honeypot-fra-1 sshd[20829]: Invalid user user from 141.255.162.226 port 38758","@timestamp":"2022-09-07T10:46:07.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:09 honeypot-fra-1 sshd[20833]: Invalid user user from 141.255.162.226 port 57116","@timestamp":"2022-09-07T10:46:10.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:54 honeypot-fra-1 kernel: [83422057.845263] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=33146 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:46:54.622Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:50:51 honeypot-ams-1 sshd[30253]: Received disconnect from 61.177.173.35 port 58410:11:  [preauth]","@timestamp":"2022-09-07T10:50:51.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:52:36 honeypot-fra-1 kernel: [83422399.760196] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.56.108.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1101 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:52:36.745Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:55:31 honeypot-ams-1 sshd[30257]: Received disconnect from 92.255.85.70 port 47606:11: Bye Bye [preauth]","@timestamp":"2022-09-07T10:55:31.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:35 honeypot-ams-1 sshd[30261]: Disconnected from invalid user user 141.255.162.226 port 44774 [preauth]","@timestamp":"2022-09-07T11:00:35.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:39 honeypot-ams-1 sshd[30265]: Disconnected from invalid user user 141.255.162.226 port 53698 [preauth]","@timestamp":"2022-09-07T11:00:39.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:41 honeypot-ams-1 sshd[30269]: Disconnected from invalid user user 141.255.162.226 port 43308 [preauth]","@timestamp":"2022-09-07T11:00:41.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:45 honeypot-ams-1 sshd[30273]: Disconnected from invalid user user 141.255.162.226 port 41846 [preauth]","@timestamp":"2022-09-07T11:00:45.939Z"}
{"@timestamp":"2022-09-07T11:00:47.504Z","@version":"1","message":"Sep  7 11:00:47 honeypot-sgp-1 sshd[28228]: Disconnected from invalid user matt 167.71.131.111 port 36964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:01:51 honeypot-fra-1 sshd[20863]: Invalid user motorola from 92.255.85.70 port 44898","@timestamp":"2022-09-07T11:01:51.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:03:03 honeypot-fra-1 sshd[20870]: Disconnected from authenticating user root 61.177.173.51 port 51342 [preauth]","@timestamp":"2022-09-07T11:03:03.972Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:05:57.628Z","@version":"1","message":"Sep  7 11:05:56 honeypot-sgp-1 sshd[28233]: Invalid user motorola from 92.255.85.70 port 63684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:08:47 honeypot-fra-1 sshd[20877]: Invalid user pi from 82.66.77.8 port 58900","@timestamp":"2022-09-07T11:08:48.099Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:10:46.743Z","@version":"1","message":"Sep  7 11:10:46 honeypot-sgp-1 sshd[28238]: Invalid user admin from 178.128.125.205 port 42070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:10:47 honeypot-fra-1 sshd[20882]: Received disconnect from 165.22.45.108 port 51506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:10:48.144Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:11:49 honeypot-fra-1 sshd[20888]: Invalid user admin from 159.203.178.0 port 63488","@timestamp":"2022-09-07T11:11:50.170Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:12:31 honeypot-ams-1 kernel: [83425740.014170] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.162.215.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=27469 PROTO=TCP SPT=20845 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:12:31.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:14:12 honeypot-fra-1 sshd[20895]: Disconnected from authenticating user root 61.177.172.19 port 15813 [preauth]","@timestamp":"2022-09-07T11:14:13.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:14:56 honeypot-fra-1 sshd[20900]: Disconnected from authenticating user root 181.129.166.202 port 36860 [preauth]","@timestamp":"2022-09-07T11:14:57.242Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:15:11.847Z","@version":"1","message":"Sep  7 11:15:11 honeypot-sgp-1 kernel: [83425430.172574] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.108.153 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=946 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:17:12 honeypot-ams-1 sshd[30284]: Received disconnect from 61.177.173.48 port 12603:11:  [preauth]","@timestamp":"2022-09-07T11:17:13.367Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:20:42 honeypot-ams-1 kernel: [83426230.829673] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=7948 PROTO=TCP SPT=48573 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:20:42.473Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:21:31 honeypot-fra-1 sshd[20912]: Received disconnect from 61.177.173.50 port 17750:11:  [preauth]","@timestamp":"2022-09-07T11:21:32.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:25:54 honeypot-fra-1 sshd[20917]: Received disconnect from 92.255.85.70 port 22988:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:25:54.483Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:28:57.168Z","@version":"1","message":"Sep  7 11:28:56 honeypot-sgp-1 sshd[28250]: Invalid user airlive from 92.255.85.69 port 37174","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:10 honeypot-ams-1 sshd[30297]: Disconnected from invalid user user 45.61.184.204 port 50558 [preauth]","@timestamp":"2022-09-07T11:29:10.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:29 honeypot-ams-1 sshd[30301]: Disconnected from invalid user user 45.61.184.204 port 45628 [preauth]","@timestamp":"2022-09-07T11:29:29.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:48 honeypot-ams-1 sshd[30305]: Disconnected from invalid user user 45.61.184.204 port 40694 [preauth]","@timestamp":"2022-09-07T11:29:48.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:30:05 honeypot-ams-1 sshd[30309]: Disconnected from invalid user user 45.61.184.204 port 35762 [preauth]","@timestamp":"2022-09-07T11:30:05.742Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:31:46 honeypot-ams-1 kernel: [83426895.389772] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=41040 PROTO=TCP SPT=51787 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:31:46.790Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:32:54 honeypot-fra-1 kernel: [83424817.461468] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.87.73.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=246 ID=33658 DF PROTO=TCP SPT=445 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:32:54.638Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:37:02 honeypot-fra-1 sshd[20928]: Invalid user rajesh from 46.101.141.155 port 52180","@timestamp":"2022-09-07T11:37:02.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:39:41 honeypot-fra-1 sshd[20937]: Disconnected from invalid user jetty 165.22.45.108 port 60738 [preauth]","@timestamp":"2022-09-07T11:39:42.788Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:41:01 honeypot-ams-1 sshd[30326]: Invalid user admin from 92.255.85.69 port 28426","@timestamp":"2022-09-07T11:41:02.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:42:21 honeypot-fra-1 kernel: [83425384.816434] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=31194 PROTO=TCP SPT=51787 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:42:21.847Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:44:01 honeypot-ams-1 sshd[30332]: Disconnected from authenticating user root 46.101.187.234 port 34654 [preauth]","@timestamp":"2022-09-07T11:44:02.131Z"}
{"@timestamp":"2022-09-07T11:46:39.567Z","@version":"1","message":"Sep  7 11:46:38 honeypot-sgp-1 sshd[28259]: Received disconnect from 202.137.26.4 port 44164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:48:57 honeypot-fra-1 sshd[20948]: Disconnected from invalid user admin 92.255.85.70 port 19028 [preauth]","@timestamp":"2022-09-07T11:48:57.991Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:49:47.658Z","@version":"1","message":"Sep  7 11:49:46 honeypot-sgp-1 sshd[28265]: Invalid user holly from 162.241.114.75 port 49620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T11:51:29.699Z","@version":"1","message":"Sep  7 11:51:28 honeypot-sgp-1 sshd[28269]: Received disconnect from 157.245.81.154 port 11288:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:55:35 honeypot-fra-1 sshd[20954]: Disconnected from authenticating user root 188.233.97.32 port 44152 [preauth]","@timestamp":"2022-09-07T11:55:36.147Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:57:28 honeypot-ams-1 sshd[30340]: Received disconnect from 61.177.173.36 port 13015:11:  [preauth]","@timestamp":"2022-09-07T11:57:29.468Z"}
{"@timestamp":"2022-09-07T11:58:26.859Z","@version":"1","message":"Sep  7 11:58:26 honeypot-sgp-1 sshd[28275]: Disconnected from 68.183.141.33 port 52304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:59:33 honeypot-fra-1 sshd[20965]: Disconnected from authenticating user root 61.177.173.46 port 17222 [preauth]","@timestamp":"2022-09-07T11:59:34.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:04:17 honeypot-ams-1 kernel: [83428846.425036] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=12448 PROTO=TCP SPT=52004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:04:18.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:06:00 honeypot-ams-1 sshd[30354]: Received disconnect from 92.255.85.70 port 33026:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:06:00.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:09:11 honeypot-fra-1 sshd[20972]: Disconnected from invalid user jetty 165.22.45.108 port 41732 [preauth]","@timestamp":"2022-09-07T12:09:12.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:12:37 honeypot-fra-1 sshd[20979]: Invalid user admin from 92.255.85.69 port 44924","@timestamp":"2022-09-07T12:12:37.537Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T12:15:14.261Z","@version":"1","message":"Sep  7 12:15:14 honeypot-sgp-1 sshd[28279]: Disconnected from invalid user admin 92.255.85.70 port 23270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:17:01 honeypot-ams-1 CRON[30364]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T12:17:01.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:19:28 honeypot-fra-1 sshd[20987]: Disconnected from authenticating user root 61.177.172.90 port 43646 [preauth]","@timestamp":"2022-09-07T12:19:28.684Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T12:19:32.363Z","@version":"1","message":"Sep  7 12:19:31 honeypot-sgp-1 sshd[28285]: Connection closed by invalid user  64.62.197.122 port 51598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:20:24 honeypot-ams-1 sshd[30369]: Disconnected from authenticating user root 61.177.172.104 port 34166 [preauth]","@timestamp":"2022-09-07T12:20:25.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:24:37 honeypot-fra-1 sshd[20991]: Disconnected from invalid user jetty 165.22.45.108 port 46366 [preauth]","@timestamp":"2022-09-07T12:24:37.798Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:26:51 honeypot-ams-1 kernel: [83430200.317709] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.57.169.95 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=12363 PROTO=TCP SPT=7303 DPT=443 WINDOW=62578 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:26:52.246Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:28:40 honeypot-ams-1 kernel: [83430309.378266] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.147.96.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56369 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:28:41.297Z"}
{"@timestamp":"2022-09-07T12:34:12.701Z","@version":"1","message":"Sep  7 12:34:12 honeypot-sgp-1 sshd[28293]: Invalid user user from 45.61.186.169 port 49124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:34:30.709Z","@version":"1","message":"Sep  7 12:34:30 honeypot-sgp-1 sshd[28297]: Invalid user user from 45.61.186.169 port 44178","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:34:47.717Z","@version":"1","message":"Sep  7 12:34:46 honeypot-sgp-1 sshd[28301]: Invalid user user from 45.61.186.169 port 39240","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:35:02 honeypot-ams-1 kernel: [83430691.158088] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=5652 PROTO=TCP SPT=46201 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:35:02.465Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:35:05 honeypot-fra-1 sshd[21000]: Received disconnect from 92.255.85.70 port 15372:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:35:06.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:37:36 honeypot-ams-1 kernel: [83430845.009395] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33932 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:37:36.532Z"}
{"@timestamp":"2022-09-07T12:38:33.806Z","@version":"1","message":"Sep  7 12:38:33 honeypot-sgp-1 sshd[28307]: Did not receive identification string from 141.255.162.226 port 58486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:38:46 honeypot-fra-1 kernel: [83428769.620701] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.88.58.163 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=124 ID=12955 PROTO=TCP SPT=38614 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:38:47.104Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T12:38:56.817Z","@version":"1","message":"Sep  7 12:38:55 honeypot-sgp-1 sshd[28310]: Received disconnect from 141.255.162.226 port 56396:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:38:56.818Z","@version":"1","message":"Sep  7 12:38:56 honeypot-sgp-1 sshd[28312]: Disconnected from invalid user user 141.255.162.226 port 40730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:42:45 honeypot-fra-1 kernel: [83429008.407269] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=60214 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:42:45.212Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:43:52 honeypot-ams-1 sshd[30840]: Received disconnect from 20.101.101.40 port 57666:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:43:53.694Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:48:06 honeypot-ams-1 kernel: [83431475.014992] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57572 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:48:06.804Z"}
{"@timestamp":"2022-09-07T12:50:00.072Z","@version":"1","message":"Sep  7 12:49:59 honeypot-sgp-1 sshd[28321]: Did not receive identification string from 122.166.124.14 port 50422","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:51:09 honeypot-ams-1 sshd[30851]: Disconnected from invalid user Shiko 92.255.85.70 port 59390 [preauth]","@timestamp":"2022-09-07T12:51:09.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:51:58 honeypot-fra-1 sshd[21027]: Invalid user carla from 14.161.50.120 port 57671","@timestamp":"2022-09-07T12:51:59.418Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:53:10 honeypot-fra-1 kernel: [83429633.832952] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.142.235.26 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=56136 DF PROTO=TCP SPT=62019 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T12:53:11.447Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:56:04 honeypot-fra-1 sshd[21035]: Disconnected from authenticating user root 61.177.173.50 port 61307 [preauth]","@timestamp":"2022-09-07T12:56:04.514Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:56:42 honeypot-ams-1 sshd[30858]: Received disconnect from 200.89.174.178 port 56326:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:56:43.034Z"}
{"@timestamp":"2022-09-07T12:58:32.270Z","@version":"1","message":"Sep  7 12:58:31 honeypot-sgp-1 kernel: [83431630.362088] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.142.11.112 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=13312 PROTO=TCP SPT=40565 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:58:40 honeypot-ams-1 sshd[30866]: Disconnected from invalid user aurelian 206.189.226.38 port 48262 [preauth]","@timestamp":"2022-09-07T12:58:41.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:59:22 honeypot-ams-1 sshd[30862]: Connection reset by 61.177.173.37 port 32382 [preauth]","@timestamp":"2022-09-07T12:59:23.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:59:34 honeypot-ams-1 sshd[30873]: Disconnected from invalid user user 45.61.184.204 port 54680 [preauth]","@timestamp":"2022-09-07T12:59:34.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:59:53 honeypot-ams-1 sshd[30877]: Disconnected from invalid user user 45.61.184.204 port 49570 [preauth]","@timestamp":"2022-09-07T12:59:54.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:00:10 honeypot-ams-1 sshd[30881]: Disconnected from invalid user user 45.61.184.204 port 44476 [preauth]","@timestamp":"2022-09-07T13:00:11.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:01:14 honeypot-ams-1 sshd[30885]: Disconnected from invalid user urea 184.92.112.149 port 49714 [preauth]","@timestamp":"2022-09-07T13:01:14.163Z"}
{"@timestamp":"2022-09-07T13:01:24.354Z","@version":"1","message":"Sep  7 13:01:24 honeypot-sgp-1 sshd[28327]: Disconnected from invalid user Shiko 92.255.85.70 port 36008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:04:26 honeypot-fra-1 sshd[21042]: Connection reset by 61.177.173.47 port 13895 [preauth]","@timestamp":"2022-09-07T13:04:26.704Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:05:17.448Z","@version":"1","message":"Sep  7 13:05:16 honeypot-sgp-1 sshd[28332]: Disconnected from invalid user izumin 103.44.27.38 port 34732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:08:27.524Z","@version":"1","message":"Sep  7 13:08:26 honeypot-sgp-1 sshd[28336]: Disconnected from invalid user tsserver 118.212.146.43 port 47530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:09:11.544Z","@version":"1","message":"Sep  7 13:09:11 honeypot-sgp-1 sshd[28342]: Invalid user hss from 103.63.212.91 port 44434","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:09:35.555Z","@version":"1","message":"Sep  7 13:09:34 honeypot-sgp-1 sshd[28346]: Received disconnect from 161.35.131.133 port 50074:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:11:32 honeypot-fra-1 sshd[21051]: Received disconnect from 61.177.172.114 port 13270:11:  [preauth]","@timestamp":"2022-09-07T13:11:32.862Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:12:20.622Z","@version":"1","message":"Sep  7 13:12:19 honeypot-sgp-1 sshd[28351]: Received disconnect from 43.154.214.20 port 53566:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 13:13:59 honeypot-ams-1 kernel: [83433028.490644] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.112.130.174 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=112 ID=1108 DF PROTO=TCP SPT=27468 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:14:00.492Z"}
{"@timestamp":"2022-09-07T13:15:16.691Z","@version":"1","message":"Sep  7 13:15:15 honeypot-sgp-1 kernel: [83432634.516876] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.155.91.150 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=58153 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:17:01 honeypot-fra-1 CRON[21062]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T13:17:01.986Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:17:19 honeypot-ams-1 sshd[30905]: Connection reset by 61.177.173.35 port 28039 [preauth]","@timestamp":"2022-09-07T13:17:20.580Z"}
{"@timestamp":"2022-09-07T13:18:23.765Z","@version":"1","message":"Sep  7 13:18:23 honeypot-sgp-1 kernel: [83432822.098236] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.195.40 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56348 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:20:40 honeypot-fra-1 sshd[21068]: Connection closed by 52.246.248.215 port 38396 [preauth]","@timestamp":"2022-09-07T13:20:41.072Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:23:32.886Z","@version":"1","message":"Sep  7 13:23:32 honeypot-sgp-1 sshd[28367]: Invalid user user from 198.98.61.9 port 49526","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:23:48.894Z","@version":"1","message":"Sep  7 13:23:48 honeypot-sgp-1 sshd[28371]: Invalid user user from 198.98.61.9 port 44060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:24:03.901Z","@version":"1","message":"Sep  7 13:24:03 honeypot-sgp-1 sshd[28375]: Invalid user user from 198.98.61.9 port 38590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:24:17 honeypot-fra-1 sshd[21074]: Invalid user chang from 2.115.171.85 port 26668","@timestamp":"2022-09-07T13:24:18.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:24:33.914Z","@version":"1","message":"Sep  7 13:24:33 honeypot-sgp-1 sshd[28379]: Disconnected from invalid user sitecom 92.255.85.69 port 46394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:26:27 honeypot-ams-1 sshd[30920]: Invalid user user from 45.61.186.249 port 38492","@timestamp":"2022-09-07T13:26:27.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:26:40 honeypot-fra-1 sshd[21079]: Received disconnect from 165.22.45.108 port 36684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:26:40.210Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:26:45 honeypot-ams-1 sshd[30924]: Invalid user user from 45.61.186.249 port 33228","@timestamp":"2022-09-07T13:26:45.825Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 13:26:55 honeypot-ams-1 kernel: [83433803.786944] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36005 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:26:55.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:27:11 honeypot-ams-1 sshd[30932]: Disconnected from invalid user user 45.61.186.249 port 39444 [preauth]","@timestamp":"2022-09-07T13:27:11.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:33:11 honeypot-fra-1 kernel: [83432034.301071] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.76 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=54965 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:33:11.355Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:34:17 honeypot-ams-1 sshd[30938]: Received disconnect from 213.215.163.233 port 35226:11: Bye Bye [preauth]","@timestamp":"2022-09-07T13:34:18.024Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:38:06 honeypot-ams-1 sshd[30945]: Disconnected from authenticating user root 61.177.173.39 port 18174 [preauth]","@timestamp":"2022-09-07T13:38:07.122Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:13 honeypot-fra-1 sshd[21096]: Received disconnect from 45.61.186.249 port 37984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:40:13.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:31 honeypot-fra-1 sshd[21100]: Received disconnect from 45.61.186.249 port 60676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:40:31.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:48 honeypot-fra-1 sshd[21104]: Received disconnect from 45.61.186.249 port 55160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:40:49.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:41:04 honeypot-fra-1 sshd[21108]: Received disconnect from 45.61.186.249 port 49602:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:41:05.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:42:21 honeypot-fra-1 sshd[21114]: Connection closed by invalid user sh 193.106.191.157 port 46450 [preauth]","@timestamp":"2022-09-07T13:42:22.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:44:16 honeypot-fra-1 sshd[21120]: Received disconnect from 92.255.85.69 port 34500:11: Bye Bye [preauth]","@timestamp":"2022-09-07T13:44:17.613Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:46:38.423Z","@version":"1","message":"Sep  7 13:46:37 honeypot-sgp-1 kernel: [83434516.423832] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=7534 PROTO=TCP SPT=53297 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:47:12 honeypot-ams-1 sshd[30954]: Disconnected from invalid user lyn 181.191.206.234 port 43798 [preauth]","@timestamp":"2022-09-07T13:47:13.354Z"}
{"@timestamp":"2022-09-07T13:48:20.465Z","@version":"1","message":"Sep  7 13:48:19 honeypot-sgp-1 sshd[28386]: Disconnected from invalid user emosfeedback 173.201.188.226 port 50328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:48:26 honeypot-fra-1 sshd[21126]: Disconnected from authenticating user root 61.177.173.48 port 59038 [preauth]","@timestamp":"2022-09-07T13:48:26.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:51:00.531Z","@version":"1","message":"Sep  7 13:50:59 honeypot-sgp-1 sshd[28392]: Invalid user suzuki-pal from 167.71.238.89 port 45374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 13:51:25 honeypot-ams-1 kernel: [83435273.940747] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.205.120.109 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=39502 PROTO=TCP SPT=2087 DPT=443 WINDOW=42918 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:51:25.463Z"}
{"@timestamp":"2022-09-07T13:58:29.703Z","@version":"1","message":"Sep  7 13:58:29 honeypot-sgp-1 sshd[28397]: Connection closed by invalid user admin 121.151.75.159 port 37159 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:58:36 honeypot-ams-1 sshd[30969]: Received disconnect from 92.255.85.70 port 45296:11: Bye Bye [preauth]","@timestamp":"2022-09-07T13:58:36.649Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:58:48 honeypot-fra-1 sshd[21135]: Received disconnect from 165.22.45.108 port 45980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:58:48.946Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:03:00 honeypot-ams-1 sshd[30976]: Disconnected from authenticating user root 61.177.173.46 port 29733 [preauth]","@timestamp":"2022-09-07T14:03:00.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:03:42 honeypot-fra-1 sshd[21144]: Did not receive identification string from 141.255.162.226 port 47774","@timestamp":"2022-09-07T14:03:42.057Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:03:56 honeypot-fra-1 sshd[21147]: Disconnected from invalid user user 141.255.162.226 port 52732 [preauth]","@timestamp":"2022-09-07T14:03:57.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:04:01 honeypot-fra-1 sshd[21151]: Disconnected from invalid user user 141.255.162.226 port 50430 [preauth]","@timestamp":"2022-09-07T14:04:02.067Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:04:03 honeypot-fra-1 sshd[21155]: Disconnected from invalid user user 141.255.162.226 port 33156 [preauth]","@timestamp":"2022-09-07T14:04:03.067Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:06:11 honeypot-fra-1 sshd[21159]: Disconnected from invalid user smcadmin 92.255.85.70 port 52546 [preauth]","@timestamp":"2022-09-07T14:06:12.114Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:08:51.945Z","@version":"1","message":"Sep  7 14:08:51 honeypot-sgp-1 sshd[28403]: Disconnected from invalid user smcadmin 92.255.85.70 port 15942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:10:22 honeypot-ams-1 kernel: [83436410.725364] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58485 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:10:22.959Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:13:06 honeypot-fra-1 sshd[21164]: Disconnected from invalid user itaction 5.195.235.226 port 58608 [preauth]","@timestamp":"2022-09-07T14:13:06.268Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:13:22 honeypot-ams-1 sshd[30987]: Invalid user to from 165.227.167.225 port 35258","@timestamp":"2022-09-07T14:13:23.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:14:36 honeypot-ams-1 sshd[30992]: Received disconnect from 43.154.178.13 port 34540:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:14:37.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:15:55 honeypot-fra-1 sshd[21172]: Received disconnect from 185.149.120.23 port 59160:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:15:56.329Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28411]: Invalid user steam from 203.23.199.236 port 43314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28436]: Invalid user steam from 203.23.199.236 port 43342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28434]: Invalid user postgres from 203.23.199.236 port 43336","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28432]: Invalid user test from 203.23.199.236 port 43326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28424]: Connection closed by authenticating user root 203.23.199.236 port 43350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28421]: Connection closed by invalid user oracle 203.23.199.236 port 43306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28433]: Connection closed by invalid user test 203.23.199.236 port 43332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28416]: Connection closed by invalid user postgres 203.23.199.236 port 43322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28432]: Connection closed by invalid user test 203.23.199.236 port 43326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:18:16 honeypot-ams-1 sshd[30997]: Received disconnect from 187.94.111.151 port 36374:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:18:16.193Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:29 honeypot-fra-1 sshd[21180]: Invalid user user from 141.255.162.226 port 47864","@timestamp":"2022-09-07T14:19:30.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:33 honeypot-fra-1 sshd[21184]: Invalid user user from 141.255.162.226 port 45576","@timestamp":"2022-09-07T14:19:34.417Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:36 honeypot-fra-1 sshd[21188]: Invalid user user from 141.255.162.226 port 56508","@timestamp":"2022-09-07T14:19:36.419Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:38 honeypot-fra-1 sshd[21192]: Invalid user user from 141.255.162.226 port 43294","@timestamp":"2022-09-07T14:19:39.420Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:20:26 honeypot-ams-1 sshd[31002]: Disconnected from authenticating user root 122.181.16.134 port 59918 [preauth]","@timestamp":"2022-09-07T14:20:27.250Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:21:33 honeypot-fra-1 sshd[21197]: Received disconnect from 61.177.173.46 port 15239:11:  [preauth]","@timestamp":"2022-09-07T14:21:34.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:21:44.248Z","@version":"1","message":"Sep  7 14:21:43 honeypot-sgp-1 kernel: [83436622.141340] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.151.205.2 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=39585 PROTO=TCP SPT=58972 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:27:38 honeypot-fra-1 sshd[21205]: Received disconnect from 92.255.85.69 port 31350:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:27:38.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:27:46 honeypot-ams-1 kernel: [83437455.093042] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=30645 PROTO=TCP SPT=57788 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:27:46.440Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:28:20 honeypot-fra-1 sshd[21209]: Connection closed by invalid user test 176.111.173.140 port 59424 [preauth]","@timestamp":"2022-09-07T14:28:20.615Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:29:26.454Z","@version":"1","message":"Sep  7 14:29:26 honeypot-sgp-1 kernel: [83437084.927501] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=38536 PROTO=TCP SPT=57788 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:31:44 honeypot-fra-1 sshd[21215]: Connection closed by invalid user si 193.106.191.157 port 47964 [preauth]","@timestamp":"2022-09-07T14:31:44.692Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:36:45 honeypot-ams-1 sshd[31023]: Received disconnect from 172.105.49.43 port 56820:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:36:46.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:37:28 honeypot-fra-1 sshd[21224]: Received disconnect from 164.90.210.8 port 60396:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:37:28.818Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:38:53.677Z","@version":"1","message":"Sep  7 14:38:53 honeypot-sgp-1 kernel: [83437652.042265] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=37.139.129.229 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43484 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:40:33 honeypot-ams-1 kernel: [83438222.501403] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.220.204.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40923 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:40:34.780Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:45:34 honeypot-ams-1 kernel: [83438522.913172] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.36.100.79 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=2330 PROTO=TCP SPT=49952 DPT=443 WINDOW=10997 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:45:34.912Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:45:57 honeypot-fra-1 sshd[21233]: Disconnected from invalid user jhkim 165.22.45.108 port 59914 [preauth]","@timestamp":"2022-09-07T14:45:58.004Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:48:41.905Z","@version":"1","message":"Sep  7 14:48:41 honeypot-sgp-1 sshd[28485]: Received disconnect from 201.52.64.100 port 41928:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:50:28 honeypot-ams-1 sshd[31039]: Disconnected from authenticating user root 61.177.172.114 port 59196 [preauth]","@timestamp":"2022-09-07T14:50:29.139Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:52:22 honeypot-fra-1 kernel: [83436785.436781] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.116.50.139 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16997 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:52:23.147Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T14:53:47.027Z","@version":"1","message":"Sep  7 14:53:46 honeypot-sgp-1 sshd[28488]: Invalid user smcadmin from 92.255.85.70 port 38256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:54:21 honeypot-fra-1 sshd[21264]: Disconnected from invalid user user 45.61.186.169 port 37260 [preauth]","@timestamp":"2022-09-07T14:54:22.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:54:41 honeypot-fra-1 sshd[21268]: Disconnected from invalid user user 45.61.186.169 port 60794 [preauth]","@timestamp":"2022-09-07T14:54:42.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:54:59 honeypot-fra-1 sshd[21272]: Disconnected from invalid user user 45.61.186.169 port 56086 [preauth]","@timestamp":"2022-09-07T14:55:00.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:55:17 honeypot-fra-1 sshd[21276]: Disconnected from invalid user user 45.61.186.169 port 51392 [preauth]","@timestamp":"2022-09-07T14:55:18.218Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:55:52.077Z","@version":"1","message":"Sep  7 14:55:51 honeypot-sgp-1 sshd[28491]: Disconnected from invalid user user 45.61.187.160 port 54564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:56:13.087Z","@version":"1","message":"Sep  7 14:56:12 honeypot-sgp-1 sshd[28495]: Disconnected from invalid user user 45.61.187.160 port 49850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:56:33.097Z","@version":"1","message":"Sep  7 14:56:32 honeypot-sgp-1 sshd[28499]: Disconnected from invalid user user 45.61.187.160 port 45086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:56:51.106Z","@version":"1","message":"Sep  7 14:56:50 honeypot-sgp-1 sshd[28503]: Disconnected from invalid user user 45.61.187.160 port 40332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:00:09 honeypot-ams-1 kernel: [83439397.730554] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.52 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56980 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:00:09.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:03:07 honeypot-fra-1 kernel: [83437430.913243] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=37.139.129.229 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=40040 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:03:08.391Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:06:10 honeypot-fra-1 kernel: [83437613.446361] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=1190 DF PROTO=TCP SPT=55526 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:06:11.459Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:06:21 honeypot-ams-1 sshd[31052]: Invalid user sweex from 92.255.85.69 port 37884","@timestamp":"2022-09-07T15:06:21.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:08:49 honeypot-ams-1 sshd[31058]: Invalid user admin from 46.100.107.36 port 43312","@timestamp":"2022-09-07T15:08:50.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:09:11 honeypot-ams-1 sshd[31060]: Did not receive identification string from 122.187.230.108 port 40106","@timestamp":"2022-09-07T15:09:11.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:10:04 honeypot-fra-1 kernel: [83437847.755720] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=15754 PROTO=TCP SPT=42537 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:10:05.546Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:13:00 honeypot-fra-1 sshd[21296]: Disconnected from invalid user sweex 92.255.85.69 port 54526 [preauth]","@timestamp":"2022-09-07T15:13:00.611Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:14:12 honeypot-ams-1 sshd[31064]: Disconnected from authenticating user root 61.177.173.53 port 58109 [preauth]","@timestamp":"2022-09-07T15:14:12.785Z"}
{"@timestamp":"2022-09-07T15:14:23.526Z","@version":"1","message":"Sep  7 15:14:23 honeypot-sgp-1 kernel: [83439781.758052] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.150 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=12761 PROTO=TCP SPT=56778 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T15:17:01.591Z","@version":"1","message":"Sep  7 15:17:01 honeypot-sgp-1 CRON[28520]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:17:01 honeypot-fra-1 CRON[21305]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T15:17:01.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:17:44 honeypot-ams-1 kernel: [83440452.865362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=59175 PROTO=TCP SPT=43585 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:17:44.883Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:20:58 honeypot-ams-1 sshd[31077]: Disconnected from authenticating user root 20.197.3.90 port 39886 [preauth]","@timestamp":"2022-09-07T15:20:58.968Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:21:09 honeypot-fra-1 sshd[21311]: Invalid user user1 from 103.188.176.251 port 35826","@timestamp":"2022-09-07T15:21:09.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:23:42 honeypot-fra-1 sshd[21320]: Invalid user viper from 180.167.214.190 port 12897","@timestamp":"2022-09-07T15:23:42.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:25:13 honeypot-fra-1 sshd[21325]: Received disconnect from 73.13.104.201 port 55178:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:25:13.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:25:31 honeypot-fra-1 sshd[21329]: Received disconnect from 138.197.178.155 port 51944:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:25:31.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:27:07 honeypot-fra-1 sshd[21335]: Disconnected from authenticating user root 61.177.172.108 port 47445 [preauth]","@timestamp":"2022-09-07T15:27:07.937Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T15:29:08.880Z","@version":"1","message":"Sep  7 15:29:08 honeypot-sgp-1 kernel: [83440666.531552] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.96.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=39040 PROTO=TCP SPT=25961 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:29:17 honeypot-ams-1 sshd[31087]: Invalid user 123456 from 92.255.85.70 port 38362","@timestamp":"2022-09-07T15:29:18.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:32:16 honeypot-fra-1 sshd[21343]: Invalid user ji from 165.22.45.108 port 45600","@timestamp":"2022-09-07T15:32:17.053Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:34:18 honeypot-ams-1 kernel: [83441446.916065] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=9341 DF PROTO=TCP SPT=40328 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:34:18.312Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:34:30 honeypot-fra-1 kernel: [83439313.813128] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=44.197.113.139 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=28252 DF PROTO=TCP SPT=53421 DPT=80 WINDOW=62727 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T15:34:31.104Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T15:35:48.061Z","@version":"1","message":"Sep  7 15:35:47 honeypot-sgp-1 sshd[28532]: Invalid user user from 45.61.186.249 port 51356","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T15:36:07.070Z","@version":"1","message":"Sep  7 15:36:06 honeypot-sgp-1 sshd[28536]: Invalid user user from 45.61.186.249 port 46360","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:36:06 honeypot-ams-1 sshd[31098]: Disconnected from invalid user ady 221.216.95.120 port 42546 [preauth]","@timestamp":"2022-09-07T15:36:07.362Z"}
{"@timestamp":"2022-09-07T15:36:26.080Z","@version":"1","message":"Sep  7 15:36:25 honeypot-sgp-1 sshd[28540]: Invalid user user from 45.61.186.249 port 41338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:38:55 honeypot-fra-1 sshd[21356]: Connection closed by 76.83.168.161 port 39973 [preauth]","@timestamp":"2022-09-07T15:38:56.205Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T15:39:18.147Z","@version":"1","message":"Sep  7 15:39:18 honeypot-sgp-1 sshd[28544]: Invalid user wsmith from 223.197.151.55 port 34124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T15:40:17.172Z","@version":"1","message":"Sep  7 15:40:16 honeypot-sgp-1 sshd[28548]: Invalid user 123456 from 92.255.85.69 port 41660","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:41:25 honeypot-fra-1 sshd[21360]: Disconnected from authenticating user root 61.177.172.19 port 57503 [preauth]","@timestamp":"2022-09-07T15:41:26.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:42:23 honeypot-ams-1 sshd[31105]: Invalid user user from 45.61.186.49 port 50184","@timestamp":"2022-09-07T15:42:23.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:42:34 honeypot-ams-1 sshd[31109]: Invalid user user from 45.61.186.49 port 33726","@timestamp":"2022-09-07T15:42:34.533Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:45:29 honeypot-ams-1 kernel: [83442118.075765] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.7 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41372 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:45:29.607Z"}
{"@timestamp":"2022-09-07T15:45:51.301Z","@version":"1","message":"Sep  7 15:45:50 honeypot-sgp-1 kernel: [83441669.073501] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.215.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33228 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:49:21 honeypot-fra-1 sshd[21371]: Invalid user yossarian from 103.57.142.108 port 45662","@timestamp":"2022-09-07T15:49:21.437Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:53:06 honeypot-ams-1 sshd[31125]: Received disconnect from 92.255.85.69 port 58336:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:53:06.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:54:25 honeypot-fra-1 sshd[21376]: Disconnected from authenticating user root 61.177.173.49 port 44988 [preauth]","@timestamp":"2022-09-07T15:54:25.550Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:00:48 honeypot-ams-1 kernel: [83443037.452336] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.53 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=30529 PROTO=TCP SPT=61002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:00:49.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:00:55 honeypot-fra-1 sshd[21385]: Invalid user amdin from 92.255.85.69 port 33726","@timestamp":"2022-09-07T16:00:56.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:03:07 honeypot-fra-1 sshd[21387]: Disconnected from invalid user ji 165.22.45.108 port 54866 [preauth]","@timestamp":"2022-09-07T16:03:07.745Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T16:03:20.693Z","@version":"1","message":"Sep  7 16:03:20 honeypot-sgp-1 sshd[28559]: Invalid user amdin from 92.255.85.69 port 34468","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:08:25 honeypot-ams-1 kernel: [83443494.559968] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=19253 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:08:26.200Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:11:30 honeypot-fra-1 sshd[21392]: Received disconnect from 107.189.14.132 port 17910:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:11:30.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:12:05 honeypot-fra-1 sshd[21396]: Disconnected from invalid user suporte 167.71.219.49 port 48236 [preauth]","@timestamp":"2022-09-07T16:12:05.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:12:17 honeypot-ams-1 sshd[31142]: Invalid user user from 45.61.186.49 port 41928","@timestamp":"2022-09-07T16:12:17.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:12:27 honeypot-ams-1 sshd[31146]: Invalid user user from 45.61.186.49 port 53648","@timestamp":"2022-09-07T16:12:28.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:13:12 honeypot-fra-1 kernel: [83441635.434400] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.158.113.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=51092 PROTO=TCP SPT=42800 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:13:12.977Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:15:54 honeypot-ams-1 sshd[31151]: Disconnected from invalid user readwrite 92.255.85.69 port 53176 [preauth]","@timestamp":"2022-09-07T16:15:55.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:17:01 honeypot-fra-1 CRON[21407]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T16:17:02.078Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T16:17:02.014Z","@version":"1","message":"Sep  7 16:17:01 honeypot-sgp-1 CRON[28564]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:20:13 honeypot-ams-1 kernel: [83444201.938082] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=52.180.152.13 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=7449 PROTO=TCP SPT=55581 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:20:13.531Z"}
{"@timestamp":"2022-09-07T16:21:55.131Z","@version":"1","message":"Sep  7 16:21:54 honeypot-sgp-1 sshd[28569]: Disconnected from invalid user prueba 91.240.118.222 port 10049 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:23:03 honeypot-fra-1 sshd[21414]: Invalid user cipy from 107.173.209.238 port 36112","@timestamp":"2022-09-07T16:23:04.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:23:22 honeypot-fra-1 sshd[21418]: Invalid user readwrite from 92.255.85.70 port 57076","@timestamp":"2022-09-07T16:23:23.224Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T16:25:56.226Z","@version":"1","message":"Sep  7 16:25:56 honeypot-sgp-1 sshd[28576]: Received disconnect from 62.204.41.222 port 36545:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:26:12 honeypot-ams-1 sshd[31162]: Received disconnect from 61.177.172.104 port 47843:11:  [preauth]","@timestamp":"2022-09-07T16:26:12.685Z"}
{"@timestamp":"2022-09-07T16:29:28.308Z","@version":"1","message":"Sep  7 16:29:28 honeypot-sgp-1 sshd[28581]: Invalid user user from 45.61.186.49 port 41608","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:29:39.314Z","@version":"1","message":"Sep  7 16:29:38 honeypot-sgp-1 sshd[28585]: Invalid user user from 45.61.186.49 port 53182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:31:08.349Z","@version":"1","message":"Sep  7 16:31:07 honeypot-sgp-1 sshd[28590]: Disconnected from invalid user fox 122.248.37.50 port 55162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:33:34 honeypot-fra-1 sshd[21421]: Disconnected from invalid user ji 165.22.45.108 port 35894 [preauth]","@timestamp":"2022-09-07T16:33:35.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:36:55 honeypot-ams-1 sshd[31171]: Disconnected from authenticating user root 61.177.173.47 port 10899 [preauth]","@timestamp":"2022-09-07T16:36:55.966Z"}
{"@timestamp":"2022-09-07T16:37:57.507Z","@version":"1","message":"Sep  7 16:37:56 honeypot-sgp-1 kernel: [83444794.991171] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.122 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58759 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:39:09 honeypot-ams-1 sshd[31176]: Received disconnect from 92.255.85.69 port 45476:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:39:10.025Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:44:53 honeypot-ams-1 kernel: [83445681.787907] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.248.252.6 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=249 ID=34669 DF PROTO=TCP SPT=31970 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:44:53.173Z"}
{"@timestamp":"2022-09-07T16:45:20.674Z","@version":"1","message":"Sep  7 16:45:20 honeypot-sgp-1 sshd[28605]: Received disconnect from 61.177.173.51 port 54899:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:47:17 honeypot-fra-1 sshd[21425]: Disconnected from invalid user admin 92.255.85.70 port 52028 [preauth]","@timestamp":"2022-09-07T16:47:18.750Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:48:45 honeypot-ams-1 sshd[31190]: Received disconnect from 104.248.251.225 port 54110:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:48:45.276Z"}
{"@timestamp":"2022-09-07T16:50:00.784Z","@version":"1","message":"Sep  7 16:50:00 honeypot-sgp-1 sshd[28613]: Disconnected from authenticating user root 61.177.172.98 port 46543 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:53:46 honeypot-ams-1 kernel: [83446215.550942] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.240.118.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=11847 PROTO=TCP SPT=56816 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:53:47.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:54:28 honeypot-fra-1 sshd[21431]: Received disconnect from 79.110.62.213 port 59544:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:54:28.908Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:57:41 honeypot-ams-1 sshd[31197]: Disconnected from authenticating user root 61.177.173.47 port 48950 [preauth]","@timestamp":"2022-09-07T16:57:41.507Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:59:09 honeypot-ams-1 kernel: [83446537.747562] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=84.38.185.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34463 PROTO=TCP SPT=40833 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:59:09.549Z"}
{"@timestamp":"2022-09-07T17:01:12.037Z","@version":"1","message":"Sep  7 17:01:11 honeypot-sgp-1 sshd[28622]: Disconnected from invalid user horikawa 159.65.204.223 port 37072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:02:25 honeypot-ams-1 kernel: [83446733.784507] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=27394 PROTO=TCP SPT=49938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:02:25.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:04:12 honeypot-fra-1 sshd[21436]: Invalid user jiang from 165.22.45.108 port 45144","@timestamp":"2022-09-07T17:04:13.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:18 honeypot-ams-1 sshd[31211]: Received disconnect from 45.61.187.160 port 38680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:06:18.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:38 honeypot-ams-1 sshd[31215]: Received disconnect from 45.61.187.160 port 33450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:06:39.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:57 honeypot-ams-1 sshd[31219]: Received disconnect from 45.61.187.160 port 56440:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:06:57.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:07:14 honeypot-ams-1 sshd[31223]: Invalid user user from 45.61.187.160 port 51198","@timestamp":"2022-09-07T17:07:14.775Z"}
{"@timestamp":"2022-09-07T17:07:26.181Z","@version":"1","message":"Sep  7 17:07:25 honeypot-sgp-1 sshd[28629]: Received disconnect from 61.177.173.52 port 58721:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:08:08 honeypot-ams-1 sshd[31227]: Disconnected from authenticating user root 61.177.173.36 port 25051 [preauth]","@timestamp":"2022-09-07T17:08:08.801Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:08:40 honeypot-fra-1 sshd[21442]: Disconnected from authenticating user root 94.180.57.15 port 46656 [preauth]","@timestamp":"2022-09-07T17:08:40.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:09:08 honeypot-fra-1 sshd[21447]: Disconnected from invalid user swenja 206.189.90.250 port 36254 [preauth]","@timestamp":"2022-09-07T17:09:09.239Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:12:13 honeypot-ams-1 kernel: [83447322.101456] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54396 PROTO=TCP SPT=50565 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:12:13.910Z"}
{"@timestamp":"2022-09-07T17:13:02.308Z","@version":"1","message":"Sep  7 17:13:02 honeypot-sgp-1 sshd[28638]: Invalid user DZY-W2914NSV2 from 92.255.85.69 port 26494","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:15:05.379Z","@version":"1","message":"Sep  7 17:15:04 honeypot-sgp-1 kernel: [83447023.129320] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.158.113.63 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=12482 PROTO=TCP SPT=42800 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:17:00.428Z","@version":"1","message":"Sep  7 17:16:59 honeypot-sgp-1 sshd[28644]: Disconnected from authenticating user root 180.179.114.44 port 43292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:17:01 honeypot-fra-1 CRON[21453]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T17:17:02.414Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:17:42 honeypot-ams-1 sshd[31245]: Disconnected from authenticating user root 61.177.173.53 port 27952 [preauth]","@timestamp":"2022-09-07T17:17:43.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:24:27 honeypot-fra-1 kernel: [83445909.750069] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.205.31.94 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=64957 PROTO=TCP SPT=18076 DPT=80 WINDOW=16107 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:24:27.581Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T17:25:24.626Z","@version":"1","message":"Sep  7 17:25:24 honeypot-sgp-1 sshd[28653]: Received disconnect from 68.183.141.33 port 60366:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:25:42 honeypot-ams-1 sshd[31252]: Received disconnect from 92.255.85.70 port 62018:11: Bye Bye [preauth]","@timestamp":"2022-09-07T17:25:43.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:29:10 honeypot-ams-1 sshd[31257]: Disconnected from invalid user jason 167.172.141.86 port 41612 [preauth]","@timestamp":"2022-09-07T17:29:11.346Z"}
{"@timestamp":"2022-09-07T17:30:44.755Z","@version":"1","message":"Sep  7 17:30:44 honeypot-sgp-1 sshd[28659]: Connection reset by 61.177.172.19 port 15357 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:33:03 honeypot-fra-1 sshd[21461]: Disconnected from invalid user 0 92.255.85.70 port 36492 [preauth]","@timestamp":"2022-09-07T17:33:03.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:35:06 honeypot-ams-1 sshd[31263]: Disconnected from invalid user tagaya 211.44.198.209 port 24170 [preauth]","@timestamp":"2022-09-07T17:35:06.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:35:53 honeypot-fra-1 sshd[21463]: Disconnected from invalid user jiasheng 165.22.45.108 port 54436 [preauth]","@timestamp":"2022-09-07T17:35:53.839Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:36:15.887Z","@version":"1","message":"Sep  7 17:36:15 honeypot-sgp-1 sshd[28663]: Disconnected from invalid user 0 92.255.85.70 port 61784 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:40:00.979Z","@version":"1","message":"Sep  7 17:40:00 honeypot-sgp-1 kernel: [83448518.921752] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.25.85.8 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=21683 DF PROTO=TCP SPT=59331 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:40:02 honeypot-ams-1 sshd[31270]: Received disconnect from 61.177.173.53 port 14180:11:  [preauth]","@timestamp":"2022-09-07T17:40:02.628Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:40:14 honeypot-fra-1 kernel: [83446856.819696] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59679 PROTO=TCP SPT=50565 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:40:14.939Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T17:42:35.044Z","@version":"1","message":"Sep  7 17:42:34 honeypot-sgp-1 sshd[28675]: Received disconnect from 45.61.187.160 port 33738:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:42:54.053Z","@version":"1","message":"Sep  7 17:42:53 honeypot-sgp-1 sshd[28679]: Received disconnect from 45.61.187.160 port 56814:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:43:13.063Z","@version":"1","message":"Sep  7 17:43:12 honeypot-sgp-1 sshd[28683]: Received disconnect from 45.61.187.160 port 51648:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:44:30.095Z","@version":"1","message":"Sep  7 17:44:29 honeypot-sgp-1 sshd[28688]: Received disconnect from 185.18.214.162 port 53420:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:47:50.175Z","@version":"1","message":"Sep  7 17:47:49 honeypot-sgp-1 sshd[28695]: Invalid user dieter from 177.6.227.84 port 52958","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:48:21.189Z","@version":"1","message":"Sep  7 17:48:20 honeypot-sgp-1 sshd[28698]: Disconnected from invalid user user 198.98.61.9 port 40904 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:48:25 honeypot-ams-1 kernel: [83449494.517809] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.156.90.160 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=8835 PROTO=TCP SPT=49397 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:48:26.847Z"}
{"@timestamp":"2022-09-07T17:48:38.198Z","@version":"1","message":"Sep  7 17:48:37 honeypot-sgp-1 sshd[28702]: Received disconnect from 198.98.61.9 port 34654:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:48:52.205Z","@version":"1","message":"Sep  7 17:48:51 honeypot-sgp-1 sshd[28707]: Received disconnect from 198.98.61.9 port 56634:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:49:00.209Z","@version":"1","message":"Sep  7 17:48:59 honeypot-sgp-1 sshd[28710]: Disconnected from invalid user user 198.98.61.9 port 39388 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:49:15.216Z","@version":"1","message":"Sep  7 17:49:14 honeypot-sgp-1 sshd[28714]: Disconnected from invalid user andi 46.101.157.187 port 51762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:50:12 honeypot-fra-1 sshd[21474]: Invalid user sm from 193.106.191.157 port 54036","@timestamp":"2022-09-07T17:50:13.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:51:34 honeypot-fra-1 sshd[21479]: Invalid user user from 45.61.187.160 port 59538","@timestamp":"2022-09-07T17:51:34.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:51:43 honeypot-fra-1 sshd[21483]: Invalid user user from 45.61.187.160 port 42670","@timestamp":"2022-09-07T17:51:44.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:52:01 honeypot-fra-1 sshd[21487]: Invalid user user from 45.61.187.160 port 37172","@timestamp":"2022-09-07T17:52:02.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:52:19 honeypot-fra-1 sshd[21491]: Invalid user user from 45.61.187.160 port 59896","@timestamp":"2022-09-07T17:52:20.211Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:53:46 honeypot-ams-1 sshd[31281]: Disconnected from authenticating user root 61.177.173.35 port 11352 [preauth]","@timestamp":"2022-09-07T17:53:46.985Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:56:56 honeypot-fra-1 sshd[21496]: Invalid user trinity from 134.17.94.27 port 36875","@timestamp":"2022-09-07T17:56:56.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:59:45.459Z","@version":"1","message":"Sep  7 17:59:44 honeypot-sgp-1 sshd[28721]: Invalid user zoomadsl from 92.255.85.69 port 26894","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:03:15 honeypot-fra-1 sshd[21499]: Invalid user user from 103.188.176.251 port 33926","@timestamp":"2022-09-07T18:03:15.454Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:06:06 honeypot-ams-1 sshd[31287]: Received disconnect from 61.177.172.124 port 45139:11:  [preauth]","@timestamp":"2022-09-07T18:06:07.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:07:09 honeypot-fra-1 sshd[21504]: Received disconnect from 165.22.45.108 port 35496:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T18:07:10.547Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:07:14.635Z","@version":"1","message":"Sep  7 18:07:13 honeypot-sgp-1 sshd[28726]: Received disconnect from 61.177.172.90 port 28150:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:08:42.674Z","@version":"1","message":"Sep  7 18:08:42 honeypot-sgp-1 sshd[28732]: Invalid user user from 45.61.186.169 port 35660","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:09:00.682Z","@version":"1","message":"Sep  7 18:08:59 honeypot-sgp-1 sshd[28736]: Invalid user user from 45.61.186.169 port 58008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:09:16.690Z","@version":"1","message":"Sep  7 18:09:16 honeypot-sgp-1 sshd[28740]: Invalid user user from 45.61.186.169 port 52144","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:09:31.697Z","@version":"1","message":"Sep  7 18:09:31 honeypot-sgp-1 sshd[28744]: Invalid user user from 45.61.186.169 port 46256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:41 honeypot-ams-1 sshd[31291]: Invalid user user from 141.255.162.226 port 40196","@timestamp":"2022-09-07T18:11:41.449Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:43 honeypot-ams-1 sshd[31295]: Invalid user user from 141.255.162.226 port 56820","@timestamp":"2022-09-07T18:11:44.450Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:45 honeypot-ams-1 sshd[31299]: Invalid user user from 141.255.162.226 port 36904","@timestamp":"2022-09-07T18:11:46.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:49 honeypot-ams-1 sshd[31303]: Invalid user user from 141.255.162.226 port 53538","@timestamp":"2022-09-07T18:11:50.455Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:12:39 honeypot-ams-1 kernel: [83450947.635428] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.125.205.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=56919 PROTO=TCP SPT=38085 DPT=80 WINDOW=19461 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:12:39.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:13:24 honeypot-fra-1 sshd[21507]: Disconnected from invalid user foster 61.19.127.228 port 51810 [preauth]","@timestamp":"2022-09-07T18:13:25.687Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:15:18.835Z","@version":"1","message":"Sep  7 18:15:18 honeypot-sgp-1 kernel: [83450636.718218] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=228 ID=34117 PROTO=TCP SPT=53603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:17:01 honeypot-fra-1 CRON[21511]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T18:17:01.770Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:18:12.907Z","@version":"1","message":"Sep  7 18:18:12 honeypot-sgp-1 sshd[28754]: Received disconnect from 137.184.216.108 port 39332:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:19:18 honeypot-ams-1 sshd[31314]: Disconnected from authenticating user root 61.177.173.51 port 19717 [preauth]","@timestamp":"2022-09-07T18:19:18.647Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:20:54 honeypot-fra-1 sshd[21517]: Connection closed by invalid user ibm 141.98.10.158 port 42578 [preauth]","@timestamp":"2022-09-07T18:20:54.856Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:23:50.042Z","@version":"1","message":"Sep  7 18:23:49 honeypot-sgp-1 sshd[28760]: Invalid user admin from 92.255.85.69 port 55064","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:26:07 honeypot-fra-1 sshd[21522]: Received disconnect from 182.75.139.26 port 63898:11: Bye Bye [preauth]","@timestamp":"2022-09-07T18:26:07.971Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:26:14 honeypot-ams-1 sshd[31319]: Disconnected from invalid user jim 159.223.58.16 port 44306 [preauth]","@timestamp":"2022-09-07T18:26:14.828Z"}
{"@timestamp":"2022-09-07T18:26:50.113Z","@version":"1","message":"Sep  7 18:26:49 honeypot-sgp-1 sshd[28765]: Disconnected from authenticating user root 61.177.172.90 port 44609 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:34:04 honeypot-ams-1 kernel: [83452232.928230] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=194.28.112.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=23410 PROTO=TCP SPT=49374 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:34:05.047Z"}
{"@timestamp":"2022-09-07T18:34:10.303Z","@version":"1","message":"Sep  7 18:34:09 honeypot-sgp-1 kernel: [83451767.752005] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.10.7.158 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=19081 DF PROTO=TCP SPT=53014 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:37:32 honeypot-fra-1 kernel: [83450295.007884] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x08 PREC=0x60 TTL=53 ID=16065 DF PROTO=TCP SPT=17089 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:37:33.217Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:38:23 honeypot-ams-1 sshd[31331]: Received disconnect from 61.177.173.35 port 63156:11:  [preauth]","@timestamp":"2022-09-07T18:38:24.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:40:40 honeypot-fra-1 sshd[21532]: Connection closed by invalid user sn 193.106.191.157 port 55488 [preauth]","@timestamp":"2022-09-07T18:40:40.286Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:42:19 honeypot-ams-1 kernel: [83452727.856219] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.78.99.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=10272 DF PROTO=TCP SPT=53869 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:42:20.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:43:31 honeypot-fra-1 sshd[21536]: Received disconnect from 92.255.85.69 port 37964:11: Bye Bye [preauth]","@timestamp":"2022-09-07T18:43:32.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:45:50.578Z","@version":"1","message":"Sep  7 18:45:50 honeypot-sgp-1 sshd[28850]: Invalid user 1admin0 from 92.255.85.69 port 29734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:45:50 honeypot-fra-1 sshd[21539]: Received disconnect from 68.183.145.59 port 60344:11: Bye Bye [preauth]","@timestamp":"2022-09-07T18:45:51.418Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:47:30.618Z","@version":"1","message":"Sep  7 18:47:29 honeypot-sgp-1 sshd[28854]: Disconnected from authenticating user root 61.177.173.53 port 17951 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:49:12 honeypot-ams-1 kernel: [83453141.290101] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.74.86.74 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x40 TTL=55 ID=28923 PROTO=TCP SPT=63481 DPT=443 WINDOW=13274 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:49:13.444Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:51:24 honeypot-ams-1 sshd[31345]: Received disconnect from 61.177.173.37 port 25972:11:  [preauth]","@timestamp":"2022-09-07T18:51:24.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:54:53 honeypot-fra-1 sshd[21542]: Disconnected from invalid user jimbeam 165.22.45.108 port 50862 [preauth]","@timestamp":"2022-09-07T18:54:53.613Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:57:12 honeypot-ams-1 sshd[31350]: Connection closed by 180.76.173.237 port 35176 [preauth]","@timestamp":"2022-09-07T18:57:13.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:59:12 honeypot-ams-1 sshd[31354]: Received disconnect from 61.177.173.53 port 44841:11:  [preauth]","@timestamp":"2022-09-07T18:59:13.710Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:02:43 honeypot-ams-1 kernel: [83453951.728332] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=13816 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:02:43.803Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:05:56 honeypot-fra-1 kernel: [83451999.040539] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52256 PROTO=TCP SPT=57158 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:05:56.846Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T19:07:11.072Z","@version":"1","message":"Sep  7 19:07:10 honeypot-sgp-1 sshd[28862]: Received disconnect from 61.177.173.53 port 41623:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:09:21 honeypot-ams-1 kernel: [83454350.485208] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=43780 PROTO=TCP SPT=57158 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:09:21.974Z"}
{"@timestamp":"2022-09-07T19:10:01.141Z","@version":"1","message":"Sep  7 19:10:00 honeypot-sgp-1 sshd[28867]: Disconnected from invalid user ltecl4r0 92.255.85.69 port 42522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:11:10 honeypot-fra-1 sshd[21551]: Disconnected from invalid user jiml 165.22.45.108 port 55596 [preauth]","@timestamp":"2022-09-07T19:11:10.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:14:20 honeypot-ams-1 kernel: [83454648.606322] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=22305 DF PROTO=TCP SPT=59048 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:14:20.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:17:01 honeypot-ams-1 CRON[31370]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T19:17:02.192Z"}
{"@timestamp":"2022-09-07T19:17:20.317Z","@version":"1","message":"Sep  7 19:17:20 honeypot-sgp-1 kernel: [83454358.329233] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.108.186 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=8996 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:19:38 honeypot-ams-1 sshd[31378]: Received disconnect from 34.136.59.157 port 48704:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:19:39.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:20:02 honeypot-ams-1 sshd[31382]: Received disconnect from 91.240.118.222 port 27178:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-07T19:20:03.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:05 honeypot-fra-1 sshd[21629]: Invalid user user from 141.255.162.226 port 39918","@timestamp":"2022-09-07T19:21:06.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:08 honeypot-fra-1 sshd[21633]: Invalid user user from 141.255.162.226 port 48556","@timestamp":"2022-09-07T19:21:09.176Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:12 honeypot-fra-1 sshd[21637]: Invalid user user from 141.255.162.226 port 37614","@timestamp":"2022-09-07T19:21:13.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:15 honeypot-fra-1 sshd[21641]: Invalid user user from 141.255.162.226 port 57198","@timestamp":"2022-09-07T19:21:15.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:22:07 honeypot-ams-1 sshd[31386]: Received disconnect from 92.255.85.69 port 57428:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:22:08.336Z"}
{"@timestamp":"2022-09-07T19:27:26.555Z","@version":"1","message":"Sep  7 19:27:25 honeypot-sgp-1 sshd[28881]: Disconnected from authenticating user root 61.177.173.46 port 48522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:28:50 honeypot-ams-1 sshd[31391]: Received disconnect from 61.177.173.51 port 29164:11:  [preauth]","@timestamp":"2022-09-07T19:28:51.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:29:35 honeypot-fra-1 sshd[21646]: Received disconnect from 92.255.85.70 port 62026:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:29:35.357Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:35:11 honeypot-ams-1 sshd[31396]: Received disconnect from 61.177.172.108 port 53261:11:  [preauth]","@timestamp":"2022-09-07T19:35:11.687Z"}
{"@timestamp":"2022-09-07T19:36:04.760Z","@version":"1","message":"Sep  7 19:36:04 honeypot-sgp-1 sshd[28892]: Disconnected from authenticating user root 128.199.16.60 port 53666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:43:48 honeypot-fra-1 sshd[21656]: Received disconnect from 181.63.245.127 port 30689:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:43:49.659Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:44:53 honeypot-ams-1 sshd[31406]: Disconnected from authenticating user root 92.255.85.69 port 56490 [preauth]","@timestamp":"2022-09-07T19:44:53.935Z"}
{"@timestamp":"2022-09-07T19:46:46.014Z","@version":"1","message":"Sep  7 19:46:45 honeypot-sgp-1 sshd[28899]: Received disconnect from 61.177.173.36 port 56634:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:47:44 honeypot-fra-1 sshd[21661]: Received disconnect from 188.166.19.128 port 56118:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:47:45.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:52:24 honeypot-fra-1 sshd[21666]: Disconnected from authenticating user root 121.179.208.82 port 39440 [preauth]","@timestamp":"2022-09-07T19:52:24.847Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:53:17 honeypot-ams-1 sshd[31415]: Disconnected from authenticating user root 82.196.113.78 port 61959 [preauth]","@timestamp":"2022-09-07T19:53:18.149Z"}
{"@timestamp":"2022-09-07T19:53:53.180Z","@version":"1","message":"Sep  7 19:53:52 honeypot-sgp-1 sshd[28906]: Invalid user admin from 178.128.125.205 port 52218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:54:42 honeypot-fra-1 sshd[21672]: Invalid user admin from 159.203.178.0 port 21604","@timestamp":"2022-09-07T19:54:42.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:55:06 honeypot-fra-1 sshd[21678]: Invalid user cz from 109.115.187.31 port 41008","@timestamp":"2022-09-07T19:55:07.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T19:55:11.211Z","@version":"1","message":"Sep  7 19:55:10 honeypot-sgp-1 sshd[28912]: Received disconnect from 92.255.85.69 port 63136:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:59:06 honeypot-ams-1 sshd[31421]: Received disconnect from 144.217.13.134 port 34434:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:59:06.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:00:54 honeypot-fra-1 sshd[21683]: Received disconnect from 165.22.45.108 port 41608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:00:55.055Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:01:11 honeypot-ams-1 sshd[31427]: Received disconnect from 104.131.45.150 port 59764:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:01:12.356Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:05:03 honeypot-fra-1 kernel: [83455545.817406] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=54924 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:05:04.146Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:07:21 honeypot-ams-1 sshd[31436]: Disconnected from authenticating user root 92.255.85.70 port 31592 [preauth]","@timestamp":"2022-09-07T20:07:21.516Z"}
{"@timestamp":"2022-09-07T20:09:16.545Z","@version":"1","message":"Sep  7 20:09:16 honeypot-sgp-1 sshd[28921]: Received disconnect from 61.177.173.37 port 46403:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:14:23 honeypot-ams-1 sshd[31445]: Connection closed by 180.76.173.237 port 51126 [preauth]","@timestamp":"2022-09-07T20:14:23.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:14:52 honeypot-fra-1 kernel: [83456134.936551] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43605 PROTO=TCP SPT=57737 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:14:53.361Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T20:15:49.701Z","@version":"1","message":"Sep  7 20:15:49 honeypot-sgp-1 sshd[28929]: Invalid user user from 198.98.61.9 port 46812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:16:04.709Z","@version":"1","message":"Sep  7 20:16:04 honeypot-sgp-1 sshd[28933]: Invalid user user from 198.98.61.9 port 40284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:16:18.716Z","@version":"1","message":"Sep  7 20:16:18 honeypot-sgp-1 sshd[28937]: Invalid user user from 198.98.61.9 port 33738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:17:01.734Z","@version":"1","message":"Sep  7 20:17:01 honeypot-sgp-1 CRON[28943]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:17:24 honeypot-fra-1 sshd[21698]: Received disconnect from 165.22.45.108 port 46356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:17:24.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T20:18:32.774Z","@version":"1","message":"Sep  7 20:18:31 honeypot-sgp-1 kernel: [83458030.062253] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.29.129 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=14841 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:21:00 honeypot-fra-1 sshd[21701]: Invalid user sp from 193.106.191.157 port 58284","@timestamp":"2022-09-07T20:21:01.493Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:22:29 honeypot-ams-1 sshd[31453]: Received disconnect from 83.221.180.202 port 34262:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:22:29.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:25:50 honeypot-ams-1 sshd[31457]: Connection closed by 180.76.173.237 port 51398 [preauth]","@timestamp":"2022-09-07T20:25:51.013Z"}
{"@timestamp":"2022-09-07T20:26:26.962Z","@version":"1","message":"Sep  7 20:26:26 honeypot-sgp-1 sshd[28956]: Disconnected from 68.183.25.187 port 49828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:00 honeypot-ams-1 sshd[31465]: Received disconnect from 45.61.186.249 port 60548:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:29:01.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:19 honeypot-ams-1 sshd[31469]: Received disconnect from 45.61.186.249 port 54966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:29:20.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:38 honeypot-ams-1 sshd[31473]: Received disconnect from 45.61.186.249 port 49372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:29:39.116Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:30:29 honeypot-ams-1 kernel: [83459218.063105] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30320 PROTO=TCP SPT=42605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:30:30.141Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:30:55 honeypot-fra-1 kernel: [83457097.754415] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=55828 PROTO=TCP SPT=42605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:30:55.721Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T20:31:07.077Z","@version":"1","message":"Sep  7 20:31:06 honeypot-sgp-1 kernel: [83458784.566833] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=29109 PROTO=TCP SPT=42605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:09 honeypot-fra-1 sshd[21709]: Invalid user user from 198.98.61.9 port 42792","@timestamp":"2022-09-07T20:35:09.815Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:25 honeypot-fra-1 sshd[21713]: Invalid user user from 198.98.61.9 port 36658","@timestamp":"2022-09-07T20:35:25.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:40 honeypot-fra-1 sshd[21717]: Invalid user user from 198.98.61.9 port 58744","@timestamp":"2022-09-07T20:35:40.829Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:35:49 honeypot-ams-1 sshd[31482]: Received disconnect from 61.177.173.39 port 27565:11:  [preauth]","@timestamp":"2022-09-07T20:35:50.281Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:54 honeypot-fra-1 sshd[21721]: Invalid user user from 198.98.61.9 port 52610","@timestamp":"2022-09-07T20:35:54.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:38:57 honeypot-ams-1 kernel: [83459725.509348] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.12 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56277 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:38:57.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:40:15 honeypot-fra-1 sshd[21726]: Received disconnect from 43.132.229.233 port 44434:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:40:16.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:40:37 honeypot-ams-1 sshd[31493]: Invalid user casillas from 103.146.202.146 port 52118","@timestamp":"2022-09-07T20:40:37.408Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:40:56 honeypot-ams-1 kernel: [83459845.363277] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=50337 DF PROTO=TCP SPT=62629 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:40:57.418Z"}
{"@timestamp":"2022-09-07T20:41:24.323Z","@version":"1","message":"Sep  7 20:41:23 honeypot-sgp-1 kernel: [83459402.170408] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54533 PROTO=TCP SPT=24135 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:42:48 honeypot-fra-1 kernel: [83457810.378596] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.221 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54472 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:42:48.992Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:43:21 honeypot-ams-1 sshd[31499]: Disconnected from authenticating user root 61.177.173.36 port 12201 [preauth]","@timestamp":"2022-09-07T20:43:22.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:44:36 honeypot-ams-1 sshd[31505]: Received disconnect from 134.122.23.33 port 51878:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:44:36.515Z"}
{"@timestamp":"2022-09-07T20:45:11.418Z","@version":"1","message":"Sep  7 20:45:10 honeypot-sgp-1 kernel: [83459628.953817] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.114.28 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=43736 PROTO=TCP SPT=43241 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:48:10.494Z","@version":"1","message":"Sep  7 20:48:10 honeypot-sgp-1 sshd[28982]: Received disconnect from 62.84.124.148 port 59436:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:48:30 honeypot-ams-1 sshd[31510]: Received disconnect from 202.69.36.45 port 38246:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:48:30.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:50:53 honeypot-fra-1 sshd[21734]: Disconnected from invalid user jin 165.22.45.108 port 55850 [preauth]","@timestamp":"2022-09-07T20:50:53.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:52:18 honeypot-fra-1 kernel: [83458380.201486] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.129 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42136 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:52:18.201Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:54:12 honeypot-ams-1 sshd[31517]: Disconnected from authenticating user root 92.255.85.69 port 46220 [preauth]","@timestamp":"2022-09-07T20:54:12.766Z"}
{"@timestamp":"2022-09-07T20:56:45.698Z","@version":"1","message":"Sep  7 20:56:44 honeypot-sgp-1 sshd[28989]: Received disconnect from 61.177.173.51 port 18988:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:59:02 honeypot-ams-1 sshd[31523]: Received disconnect from 123.108.102.2 port 47282:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:59:02.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:59:45 honeypot-ams-1 sshd[31529]: Invalid user user from 45.61.186.169 port 49738","@timestamp":"2022-09-07T20:59:46.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:59:55 honeypot-ams-1 sshd[31531]: Disconnected from invalid user user 45.61.186.169 port 33090 [preauth]","@timestamp":"2022-09-07T20:59:55.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:00:13 honeypot-ams-1 sshd[31535]: Disconnected from invalid user user 45.61.186.169 port 56280 [preauth]","@timestamp":"2022-09-07T21:00:13.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:00:29 honeypot-ams-1 sshd[31539]: Disconnected from invalid user user 45.61.186.169 port 51226 [preauth]","@timestamp":"2022-09-07T21:00:29.943Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:01:43 honeypot-fra-1 kernel: [83458945.528795] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54922 PROTO=TCP SPT=45043 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:01:44.407Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T21:04:34.885Z","@version":"1","message":"Sep  7 21:04:34 honeypot-sgp-1 sshd[28994]: Received disconnect from 92.255.85.70 port 44586:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:06 honeypot-ams-1 sshd[31546]: Invalid user user from 198.98.61.9 port 43654","@timestamp":"2022-09-07T21:05:07.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:25 honeypot-ams-1 sshd[31550]: Invalid user user from 198.98.61.9 port 41224","@timestamp":"2022-09-07T21:05:26.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:34 honeypot-ams-1 sshd[31554]: Invalid user user from 198.98.61.9 port 54192","@timestamp":"2022-09-07T21:05:35.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:51 honeypot-ams-1 sshd[31558]: Invalid user user from 198.98.61.9 port 51706","@timestamp":"2022-09-07T21:05:52.088Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 21:06:24 honeypot-ams-1 kernel: [83461372.885948] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=68.173.232.255 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=61020 PROTO=TCP SPT=59587 DPT=80 WINDOW=25755 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:06:25.106Z"}
{"@timestamp":"2022-09-07T21:06:31.934Z","@version":"1","message":"Sep  7 21:06:31 honeypot-sgp-1 sshd[28998]: Disconnected from authenticating user root 43.154.4.192 port 52128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:07:48.967Z","@version":"1","message":"Sep  7 21:07:48 honeypot-sgp-1 sshd[29005]: Disconnected from authenticating user root 61.177.173.52 port 27844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:09:18 honeypot-ams-1 sshd[31564]: Disconnected from authenticating user root 61.177.172.108 port 53139 [preauth]","@timestamp":"2022-09-07T21:09:18.182Z"}
{"@timestamp":"2022-09-07T21:09:34.011Z","@version":"1","message":"Sep  7 21:09:33 honeypot-sgp-1 kernel: [83461091.865289] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.224.186.23 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=35002 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:10:32 honeypot-fra-1 sshd[21747]: Connection closed by invalid user sq 193.106.191.157 port 59846 [preauth]","@timestamp":"2022-09-07T21:10:32.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21757]: Invalid user ftp from 101.43.252.152 port 46274","@timestamp":"2022-09-07T21:13:18.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21760]: Connection closed by authenticating user root 101.43.252.152 port 46270 [preauth]","@timestamp":"2022-09-07T21:13:18.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21769]: Connection closed by authenticating user root 101.43.252.152 port 46256 [preauth]","@timestamp":"2022-09-07T21:13:19.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:19 honeypot-fra-1 sshd[21771]: Connection closed by invalid user steam 101.43.252.152 port 46248 [preauth]","@timestamp":"2022-09-07T21:13:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:20 honeypot-fra-1 sshd[21777]: Connection closed by invalid user admin 101.43.252.152 port 46254 [preauth]","@timestamp":"2022-09-07T21:13:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:20 honeypot-fra-1 sshd[21792]: Connection closed by invalid user www 101.43.252.152 port 46298 [preauth]","@timestamp":"2022-09-07T21:13:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:21 honeypot-fra-1 sshd[21797]: Connection closed by invalid user oracle 101.43.252.152 port 46236 [preauth]","@timestamp":"2022-09-07T21:13:21.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:21 honeypot-fra-1 sshd[21800]: Connection closed by authenticating user root 101.43.252.152 port 46232 [preauth]","@timestamp":"2022-09-07T21:13:22.678Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T21:14:35.132Z","@version":"1","message":"Sep  7 21:14:34 honeypot-sgp-1 kernel: [83461392.683576] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.29.101 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=14865 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:14:54 honeypot-ams-1 sshd[31573]: Connection closed by 180.76.173.237 port 52532 [preauth]","@timestamp":"2022-09-07T21:14:55.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:17:40 honeypot-fra-1 kernel: [83459902.636208] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=1.202.249.73 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=29991 DF PROTO=TCP SPT=49484 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:17:40.773Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:18:12 honeypot-ams-1 sshd[31581]: Received disconnect from 61.177.173.51 port 46032:11:  [preauth]","@timestamp":"2022-09-07T21:18:12.415Z"}
{"@timestamp":"2022-09-07T21:21:53.302Z","@version":"1","message":"Sep  7 21:21:52 honeypot-sgp-1 sshd[29019]: Disconnected from authenticating user root 61.177.173.36 port 59495 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:27:00.423Z","@version":"1","message":"Sep  7 21:26:59 honeypot-sgp-1 sshd[29027]: Received disconnect from 92.255.85.70 port 48976:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:28:04 honeypot-ams-1 sshd[31588]: Disconnected from authenticating user root 61.177.173.46 port 14720 [preauth]","@timestamp":"2022-09-07T21:28:05.665Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:32:15 honeypot-fra-1 kernel: [83460777.705989] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.128 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=42624 PROTO=TCP SPT=41195 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:32:16.084Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T21:34:58.606Z","@version":"1","message":"Sep  7 21:34:58 honeypot-sgp-1 sshd[29034]: Disconnected from authenticating user root 61.177.173.39 port 28755 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:35:30 honeypot-fra-1 sshd[21821]: Invalid user lankacom from 43.132.180.210 port 34916","@timestamp":"2022-09-07T21:35:31.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:36:50 honeypot-fra-1 kernel: [83461053.007891] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.220.165.123 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=37312 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:36:51.187Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:38:27 honeypot-ams-1 sshd[31598]: Disconnected from authenticating user root 61.177.173.49 port 18506 [preauth]","@timestamp":"2022-09-07T21:38:27.939Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:41:59 honeypot-fra-1 sshd[21829]: Disconnected from invalid user jinlin 165.22.45.108 port 41912 [preauth]","@timestamp":"2022-09-07T21:41:59.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:36 honeypot-fra-1 sshd[21835]: Invalid user user from 141.255.162.226 port 48900","@timestamp":"2022-09-07T21:43:36.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:40 honeypot-fra-1 sshd[21839]: Invalid user user from 141.255.162.226 port 56918","@timestamp":"2022-09-07T21:43:41.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:41 honeypot-fra-1 sshd[21843]: Invalid user user from 141.255.162.226 port 40880","@timestamp":"2022-09-07T21:43:42.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:45:11 honeypot-fra-1 sshd[21848]: Received disconnect from 185.118.48.206 port 39264:11: Bye Bye [preauth]","@timestamp":"2022-09-07T21:45:12.400Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:46:07 honeypot-ams-1 sshd[31604]: Connection closed by 180.76.173.237 port 39126 [preauth]","@timestamp":"2022-09-07T21:46:08.138Z"}
{"@timestamp":"2022-09-07T21:48:53.932Z","@version":"1","message":"Sep  7 21:48:53 honeypot-sgp-1 sshd[29043]: Disconnected from authenticating user root 92.255.85.70 port 56316 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:36.972Z","@version":"1","message":"Sep  7 21:50:36 honeypot-sgp-1 sshd[29049]: Disconnected from authenticating user root 120.48.37.84 port 52994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:42.976Z","@version":"1","message":"Sep  7 21:50:42 honeypot-sgp-1 sshd[29053]: Disconnecting invalid user admin 120.48.37.84 port 56166: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:47.979Z","@version":"1","message":"Sep  7 21:50:47 honeypot-sgp-1 sshd[29057]: Disconnecting invalid user oracle 120.48.37.84 port 60136: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:53.983Z","@version":"1","message":"Sep  7 21:50:53 honeypot-sgp-1 sshd[29061]: Disconnected from invalid user oracle 120.48.37.84 port 36568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:53:56 honeypot-fra-1 sshd[21853]: Received disconnect from 111.202.249.76 port 2667:11: Bye Bye [preauth]","@timestamp":"2022-09-07T21:53:56.590Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:54:04 honeypot-ams-1 sshd[31611]: Connection closed by invalid user admin 128.199.10.193 port 57054 [preauth]","@timestamp":"2022-09-07T21:54:05.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:54:07 honeypot-ams-1 sshd[31617]: Connection closed by invalid user admin 128.199.10.193 port 57074 [preauth]","@timestamp":"2022-09-07T21:54:08.347Z"}
{"@timestamp":"2022-09-07T21:56:31.116Z","@version":"1","message":"Sep  7 21:56:30 honeypot-sgp-1 sshd[29070]: Invalid user foster from 139.59.226.255 port 52942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:58:07 honeypot-ams-1 sshd[31621]: Received disconnect from 61.177.173.50 port 42134:11:  [preauth]","@timestamp":"2022-09-07T21:58:08.452Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:59:14 honeypot-fra-1 sshd[21857]: Disconnected from invalid user jin 165.22.45.108 port 46670 [preauth]","@timestamp":"2022-09-07T21:59:15.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:02:20 honeypot-ams-1 sshd[31629]: Invalid user Admin from 191.97.5.172 port 1127","@timestamp":"2022-09-07T22:02:20.560Z"}
{"@timestamp":"2022-09-07T22:02:45.262Z","@version":"1","message":"Sep  7 22:02:44 honeypot-sgp-1 sshd[29074]: Connection closed by invalid user Admin 122.169.112.228 port 41326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:08:23 honeypot-fra-1 sshd[21864]: Received disconnect from 92.255.85.70 port 58132:11: Bye Bye [preauth]","@timestamp":"2022-09-07T22:08:23.907Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:11:38 honeypot-ams-1 sshd[31635]: Received disconnect from 187.86.132.252 port 33418:11: Bye Bye [preauth]","@timestamp":"2022-09-07T22:11:38.790Z"}
{"@timestamp":"2022-09-07T22:11:46.475Z","@version":"1","message":"Sep  7 22:11:46 honeypot-sgp-1 sshd[29081]: Received disconnect from 92.255.85.70 port 21168:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:16:06 honeypot-fra-1 sshd[21868]: Received disconnect from 165.22.45.108 port 51434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T22:16:07.077Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T22:17:01.599Z","@version":"1","message":"Sep  7 22:17:01 honeypot-sgp-1 CRON[29086]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:17:01 honeypot-ams-1 CRON[31642]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T22:17:01.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:21:28 honeypot-fra-1 sshd[21876]: Invalid user Administrator from 36.134.68.142 port 34802","@timestamp":"2022-09-07T22:21:29.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:25:45 honeypot-ams-1 sshd[31652]: Received disconnect from 128.199.124.131 port 41938:11: Bye Bye [preauth]","@timestamp":"2022-09-07T22:25:46.167Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:28:20 honeypot-fra-1 sshd[21881]: Received disconnect from 36.134.68.142 port 45636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T22:28:21.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:30:38 honeypot-fra-1 kernel: [83464280.869953] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=43017 PROTO=TCP SPT=55932 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T22:30:39.408Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T22:31:25.933Z","@version":"1","message":"Sep  7 22:31:25 honeypot-sgp-1 sshd[29092]: Invalid user pi from 98.128.250.169 port 53290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T22:38:56.108Z","@version":"1","message":"Sep  7 22:38:56 honeypot-sgp-1 sshd[29101]: Disconnected from authenticating user root 89.22.185.199 port 36696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:40:09 honeypot-ams-1 sshd[31655]: Connection closed by 180.76.173.237 port 54492 [preauth]","@timestamp":"2022-09-07T22:40:09.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:41:02 honeypot-fra-1 kernel: [83464904.173418] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.175.136.175 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=41734 DF PROTO=TCP SPT=54266 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T22:41:02.633Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T22:44:16.234Z","@version":"1","message":"Sep  7 22:44:16 honeypot-sgp-1 sshd[29104]: Disconnected from invalid user hitosuga 196.27.128.53 port 44308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T22:49:49.366Z","@version":"1","message":"Sep  7 22:49:49 honeypot-sgp-1 sshd[29108]: Disconnected from invalid user boon 77.237.224.62 port 42028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:50:25 honeypot-fra-1 sshd[21894]: Invalid user ji from 165.22.45.108 port 60912","@timestamp":"2022-09-07T22:50:25.839Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:50:54 honeypot-ams-1 sshd[31662]: Invalid user nagios from 118.70.180.189 port 33163","@timestamp":"2022-09-07T22:50:55.779Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:54:28 honeypot-fra-1 sshd[21899]: Received disconnect from 92.255.85.69 port 15638:11: Bye Bye [preauth]","@timestamp":"2022-09-07T22:54:28.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:56:49 honeypot-fra-1 kernel: [83465850.967430] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=31717 DF PROTO=TCP SPT=51317 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T22:56:49.994Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 22:58:05 honeypot-ams-1 kernel: [83468074.078308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.130.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46543 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T22:58:05.962Z"}
{"@timestamp":"2022-09-07T23:00:26.612Z","@version":"1","message":"Sep  7 23:00:26 honeypot-sgp-1 sshd[29114]: Received disconnect from 175.97.136.186 port 33808:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:04:07 honeypot-ams-1 kernel: [83468435.618810] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.55.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=35282 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:04:08.126Z"}
{"@timestamp":"2022-09-07T23:04:10.702Z","@version":"1","message":"Sep  7 23:04:10 honeypot-sgp-1 sshd[29117]: Received disconnect from 125.212.225.165 port 15351:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:04:46 honeypot-fra-1 sshd[21903]: Received disconnect from 181.49.254.238 port 54460:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:04:47.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:10:29 honeypot-fra-1 kernel: [83466671.569202] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=158.255.7.133 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=11123 PROTO=TCP SPT=51529 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:10:30.346Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T23:13:10.911Z","@version":"1","message":"Sep  7 23:13:09 honeypot-sgp-1 kernel: [83468507.987858] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.210.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46853 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:14:49 honeypot-fra-1 sshd[21910]: Disconnected from invalid user eduardo 181.28.101.14 port 49724 [preauth]","@timestamp":"2022-09-07T23:14:49.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:16:40 honeypot-ams-1 sshd[31679]: Invalid user shida from 103.226.249.51 port 60472","@timestamp":"2022-09-07T23:16:40.451Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:17:01 honeypot-fra-1 CRON[21917]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T23:17:02.490Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:19:09.051Z","@version":"1","message":"Sep  7 23:19:08 honeypot-sgp-1 sshd[29124]: Disconnected from authenticating user root 92.255.85.69 port 61676 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:19:46 honeypot-ams-1 sshd[31684]: Connection closed by invalid user hyh 103.188.176.251 port 34508 [preauth]","@timestamp":"2022-09-07T23:19:46.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:21:29 honeypot-fra-1 sshd[21924]: Invalid user Admin from 190.219.196.113 port 39244","@timestamp":"2022-09-07T23:21:30.590Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:23:03 honeypot-ams-1 sshd[31689]: Disconnected from authenticating user root 221.133.1.50 port 57380 [preauth]","@timestamp":"2022-09-07T23:23:03.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:28:49 honeypot-fra-1 kernel: [83467771.091620] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.57.122.98 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46567 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:28:49.765Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:30:10 honeypot-ams-1 kernel: [83469998.487490] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=50277 PROTO=TCP SPT=53404 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:30:10.809Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:33:20 honeypot-ams-1 kernel: [83470189.163859] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.57.122.98 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=50696 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:33:20.899Z"}
{"@timestamp":"2022-09-07T23:37:09.464Z","@version":"1","message":"Sep  7 23:37:09 honeypot-sgp-1 sshd[29131]: error: maximum authentication attempts exceeded for invalid user admin from 2.24.76.90 port 51293 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:38:29 honeypot-fra-1 sshd[21932]: Connection closed by invalid user st 193.106.191.157 port 35768 [preauth]","@timestamp":"2022-09-07T23:38:29.977Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:39:38.521Z","@version":"1","message":"Sep  7 23:39:38 honeypot-sgp-1 sshd[29136]: Disconnected from invalid user tiscali 157.245.154.129 port 57662 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:42:15 honeypot-fra-1 sshd[21937]: Disconnected from invalid user jiqun 165.22.45.108 port 46750 [preauth]","@timestamp":"2022-09-07T23:42:16.062Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:43:22 honeypot-ams-1 sshd[31702]: Disconnected from invalid user takeuchi 223.255.187.154 port 56950 [preauth]","@timestamp":"2022-09-07T23:43:23.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:45:19 honeypot-fra-1 sshd[21942]: Received disconnect from 103.219.207.118 port 35212:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:45:20.130Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:48:08.716Z","@version":"1","message":"Sep  7 23:48:08 honeypot-sgp-1 sshd[29146]: Invalid user oracle from 103.188.176.251 port 43254","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:55:16 honeypot-fra-1 sshd[21945]: Connection closed by 167.99.107.57 port 58318 [preauth]","@timestamp":"2022-09-07T23:55:17.348Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:55:36 honeypot-ams-1 sshd[31706]: Received disconnect from 92.255.85.69 port 51302:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:55:37.498Z"}
{"@timestamp":"2022-09-07T23:57:43.938Z","@version":"1","message":"Sep  7 23:57:43 honeypot-sgp-1 sshd[29152]: Did not receive identification string from 45.61.187.160 port 49582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:58:22.956Z","@version":"1","message":"Sep  7 23:58:22 honeypot-sgp-1 sshd[29155]: Disconnected from invalid user user 45.61.187.160 port 42664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:58:42.966Z","@version":"1","message":"Sep  7 23:58:42 honeypot-sgp-1 sshd[29159]: Received disconnect from 45.61.187.160 port 37386:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:59:03.975Z","@version":"1","message":"Sep  7 23:59:03 honeypot-sgp-1 sshd[29163]: Invalid user user from 45.61.187.160 port 60334","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:00:12 honeypot-ams-1 sshd[31710]: Received disconnect from 144.48.227.75 port 50568:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:00:13.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:02:15 honeypot-fra-1 sshd[21952]: Received disconnect from 92.255.85.70 port 34696:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:02:15.498Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T00:02:49.067Z","@version":"1","message":"Sep  8 00:02:48 honeypot-sgp-1 kernel: [83471486.327420] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=48340 PROTO=TCP SPT=55203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21967]: Connection closed by authenticating user root 64.225.98.47 port 43972 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21955]: Connection closed by invalid user steam 64.225.98.47 port 43884 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21965]: Connection closed by invalid user guest 64.225.98.47 port 43992 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21971]: Invalid user ec2user from 64.225.98.47 port 44000","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21958]: Connection closed by authenticating user root 64.225.98.47 port 43976 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21974]: Invalid user es from 64.225.98.47 port 44006","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21979]: Invalid user es from 64.225.98.47 port 44022","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:30 honeypot-fra-1 sshd[21981]: Connection closed by invalid user hadoop 64.225.98.47 port 44026 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:30 honeypot-fra-1 sshd[21982]: Connection closed by invalid user esuser 64.225.98.47 port 44034 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:04:10 honeypot-ams-1 sshd[31715]: Did not receive identification string from 185.246.188.60 port 50178","@timestamp":"2022-09-08T00:04:10.736Z"}
{"@timestamp":"2022-09-08T00:08:26.202Z","@version":"1","message":"Sep  8 00:08:25 honeypot-sgp-1 sshd[29173]: Invalid user leon from 220.243.178.124 port 49910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:09:21 honeypot-fra-1 kernel: [83470203.545063] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58663 PROTO=TCP SPT=55176 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:09:22.656Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T00:09:23.226Z","@version":"1","message":"Sep  8 00:09:23 honeypot-sgp-1 sshd[29175]: Disconnected from invalid user cary 128.199.57.142 port 42204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:11:48 honeypot-ams-1 sshd[31719]: Disconnected from invalid user arun 82.64.32.76 port 48848 [preauth]","@timestamp":"2022-09-08T00:11:48.971Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:15:18 honeypot-fra-1 sshd[22022]: Received disconnect from 161.35.59.177 port 58366:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:15:19.787Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 00:16:04 honeypot-ams-1 kernel: [83472752.665159] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.210.107.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=29060 PROTO=TCP SPT=55695 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:16:05.087Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:17:01 honeypot-fra-1 CRON[22026]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T00:17:01.829Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T00:18:32.440Z","@version":"1","message":"Sep  8 00:18:31 honeypot-sgp-1 sshd[29185]: Received disconnect from 41.76.175.89 port 58082:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:20:16 honeypot-fra-1 sshd[22031]: Invalid user rmaryniuk from 35.186.145.141 port 38916","@timestamp":"2022-09-08T00:20:16.901Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T00:20:22.486Z","@version":"1","message":"Sep  8 00:20:22 honeypot-sgp-1 sshd[29191]: Invalid user isabelle from 58.246.125.198 port 53566","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T00:21:58.524Z","@version":"1","message":"Sep  8 00:21:58 honeypot-sgp-1 sshd[29196]: Disconnected from authenticating user root 160.251.73.32 port 35168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:12 honeypot-fra-1 sshd[22035]: Disconnected from invalid user gomez 122.175.197.244 port 38636 [preauth]","@timestamp":"2022-09-08T00:22:12.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:22 honeypot-fra-1 sshd[22039]: Disconnected from invalid user user 141.255.162.226 port 53614 [preauth]","@timestamp":"2022-09-08T00:22:22.950Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:24 honeypot-fra-1 sshd[22043]: Disconnected from invalid user user 141.255.162.226 port 51202 [preauth]","@timestamp":"2022-09-08T00:22:24.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:27 honeypot-fra-1 sshd[22047]: Disconnected from invalid user user 141.255.162.226 port 33990 [preauth]","@timestamp":"2022-09-08T00:22:27.953Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T00:25:33.609Z","@version":"1","message":"Sep  8 00:25:32 honeypot-sgp-1 kernel: [83472850.720377] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44177 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 00:25:43 honeypot-ams-1 kernel: [83473331.981860] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=53923 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:25:44.344Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:26:12 honeypot-fra-1 sshd[22051]: Received disconnect from 92.255.85.69 port 63848:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:26:13.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:12 honeypot-ams-1 sshd[31734]: Received disconnect from 45.61.187.160 port 45498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T00:27:13.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:31 honeypot-ams-1 sshd[31738]: Received disconnect from 45.61.187.160 port 40908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T00:27:32.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:50 honeypot-ams-1 sshd[31742]: Received disconnect from 45.61.187.160 port 36336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T00:27:51.405Z"}
{"@timestamp":"2022-09-08T00:34:32.837Z","@version":"1","message":"Sep  8 00:34:32 honeypot-sgp-1 kernel: [83473389.980312] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=49.36.183.226 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=32917 DF PROTO=TCP SPT=23484 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:36:20 honeypot-fra-1 sshd[22057]: Disconnected from invalid user jira 165.22.45.108 port 60858 [preauth]","@timestamp":"2022-09-08T00:36:20.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:38:28 honeypot-ams-1 sshd[31749]: Connection closed by 180.76.173.237 port 57284 [preauth]","@timestamp":"2022-09-08T00:38:28.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:49:58 honeypot-ams-1 sshd[31754]: Connection closed by 180.76.173.237 port 57556 [preauth]","@timestamp":"2022-09-08T00:49:58.986Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:51:48 honeypot-fra-1 sshd[22062]: Invalid user atv from 141.98.10.158 port 36610","@timestamp":"2022-09-08T00:51:48.580Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T00:54:53.311Z","@version":"1","message":"Sep  8 00:54:52 honeypot-sgp-1 sshd[29216]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:56:17 honeypot-fra-1 kernel: [83473019.166155] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=3303 PROTO=TCP SPT=43861 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:56:17.678Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:01:26 honeypot-ams-1 sshd[31762]: Connection closed by 180.76.173.237 port 57828 [preauth]","@timestamp":"2022-09-08T01:01:27.287Z"}
{"@timestamp":"2022-09-08T01:04:37.536Z","@version":"1","message":"Sep  8 01:04:37 honeypot-sgp-1 sshd[29222]: Received disconnect from 143.244.144.227 port 48030:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:12:36 honeypot-fra-1 sshd[22095]: Received disconnect from 165.22.45.108 port 42024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T01:12:37.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:15:24.784Z","@version":"1","message":"Sep  8 01:15:24 honeypot-sgp-1 sshd[29229]: Received disconnect from 36.91.166.34 port 51240:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:16:24 honeypot-ams-1 sshd[31771]: Received disconnect from 107.172.63.33 port 51958:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:16:24.701Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:19:04 honeypot-fra-1 sshd[22102]: Disconnected from authenticating user root 157.245.243.224 port 53292 [preauth]","@timestamp":"2022-09-08T01:19:05.176Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:19:27.881Z","@version":"1","message":"Sep  8 01:19:27 honeypot-sgp-1 sshd[29234]: Disconnected from invalid user user 107.172.63.33 port 43080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:24:01.988Z","@version":"1","message":"Sep  8 01:24:01 honeypot-sgp-1 sshd[29239]: Disconnected from invalid user britta 51.12.92.23 port 40200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 01:26:03 honeypot-ams-1 kernel: [83476951.571857] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.212.160 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50170 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T01:26:03.952Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:31:14 honeypot-fra-1 sshd[22108]: Invalid user jira from 165.22.45.108 port 46734","@timestamp":"2022-09-08T01:31:15.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:34:58.242Z","@version":"1","message":"Sep  8 01:34:57 honeypot-sgp-1 sshd[29245]: Received disconnect from 178.13.71.142 port 53561:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:35:29 honeypot-fra-1 sshd[22112]: Invalid user Admin from 222.85.188.6 port 60423","@timestamp":"2022-09-08T01:35:29.530Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:37:58 honeypot-ams-1 sshd[31787]: Connection closed by 180.76.173.237 port 58668 [preauth]","@timestamp":"2022-09-08T01:37:58.260Z"}
{"@timestamp":"2022-09-08T01:46:13.508Z","@version":"1","message":"Sep  8 01:46:12 honeypot-sgp-1 sshd[29251]: Invalid user admin from 61.115.72.251 port 56482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:46:14 honeypot-fra-1 sshd[22118]: Received disconnect from 164.92.212.181 port 55292:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:46:14.768Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:48:35 honeypot-ams-1 sshd[31790]: Disconnected from invalid user rene 143.244.137.54 port 53112 [preauth]","@timestamp":"2022-09-08T01:48:36.537Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:49:45 honeypot-fra-1 sshd[22122]: Invalid user sepi from 93.113.61.126 port 40644","@timestamp":"2022-09-08T01:49:45.845Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:50:44 honeypot-ams-1 sshd[31794]: Disconnected from invalid user marco 111.220.139.23 port 42862 [preauth]","@timestamp":"2022-09-08T01:50:44.596Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:52:40 honeypot-fra-1 sshd[22127]: Did not receive identification string from 175.178.238.82 port 33428","@timestamp":"2022-09-08T01:52:40.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:53:47.684Z","@version":"1","message":"Sep  8 01:53:46 honeypot-sgp-1 sshd[29256]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:53:49 honeypot-ams-1 sshd[31801]: Disconnected from authenticating user root 198.199.109.204 port 35064 [preauth]","@timestamp":"2022-09-08T01:53:49.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:54:49 honeypot-ams-1 sshd[31807]: Invalid user rtkitces from 84.22.117.95 port 60564","@timestamp":"2022-09-08T01:54:49.709Z"}
{"@timestamp":"2022-09-08T01:56:13.764Z","@version":"1","message":"Sep  8 01:56:13 honeypot-sgp-1 sshd[29260]: Invalid user user from 45.61.187.160 port 33936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:56:33.773Z","@version":"1","message":"Sep  8 01:56:33 honeypot-sgp-1 sshd[29264]: Invalid user user from 45.61.187.160 port 56822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:56:52.783Z","@version":"1","message":"Sep  8 01:56:51 honeypot-sgp-1 sshd[29268]: Invalid user user from 45.61.187.160 port 51464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:57:38 honeypot-ams-1 sshd[31811]: Connection closed by invalid user oracle 103.188.176.251 port 34424 [preauth]","@timestamp":"2022-09-08T01:57:38.786Z"}
{"@timestamp":"2022-09-08T01:57:39.803Z","@version":"1","message":"Sep  8 01:57:39 honeypot-sgp-1 kernel: [83478377.231383] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=119.201.75.177 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=42799 PROTO=TCP SPT=49936 DPT=80 WINDOW=42616 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:58:37 honeypot-fra-1 kernel: [83476758.649280] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=43904 PROTO=TCP SPT=33731 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T01:58:38.037Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:02:11 honeypot-fra-1 sshd[22162]: Connection closed by invalid user oracle 103.188.176.251 port 38000 [preauth]","@timestamp":"2022-09-08T02:02:12.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:09:09 honeypot-fra-1 kernel: [83477391.131659] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.240.118.214 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=61499 PROTO=TCP SPT=44703 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:09:10.268Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:11:05 honeypot-ams-1 sshd[31819]: Disconnected from authenticating user root 92.255.85.69 port 50800 [preauth]","@timestamp":"2022-09-08T02:11:06.138Z"}
{"@timestamp":"2022-09-08T02:17:02.302Z","@version":"1","message":"Sep  8 02:17:01 honeypot-sgp-1 CRON[29279]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:18:11 honeypot-fra-1 sshd[22174]: Disconnected from authenticating user root 92.255.85.70 port 18698 [preauth]","@timestamp":"2022-09-08T02:18:12.469Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T02:23:21.458Z","@version":"1","message":"Sep  8 02:23:20 honeypot-sgp-1 sshd[29287]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 15547","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:23:42.468Z","@version":"1","message":"Sep  8 02:23:42 honeypot-sgp-1 sshd[29292]: Invalid user  from 185.246.130.20 port 25233","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:24:12.484Z","@version":"1","message":"Sep  8 02:24:11 honeypot-sgp-1 sshd[29298]: Invalid user admin from 185.246.130.20 port 20579","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:24:39.498Z","@version":"1","message":"Sep  8 02:24:39 honeypot-sgp-1 sshd[29304]: Invalid user manager from 185.246.130.20 port 63943","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:01.509Z","@version":"1","message":"Sep  8 02:25:01 honeypot-sgp-1 sshd[29310]: Disconnecting invalid user 1234 185.246.130.20 port 6587: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:25.523Z","@version":"1","message":"Sep  8 02:25:24 honeypot-sgp-1 sshd[29317]: Disconnecting invalid user  185.246.130.20 port 13462: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:47.534Z","@version":"1","message":"Sep  8 02:25:47 honeypot-sgp-1 sshd[29325]: Invalid user blank from 185.246.130.20 port 55276","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:26:25.553Z","@version":"1","message":"Sep  8 02:26:24 honeypot-sgp-1 sshd[29331]: Invalid user 1234 from 185.246.130.20 port 20211","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:26:52.571Z","@version":"1","message":"Sep  8 02:26:52 honeypot-sgp-1 sshd[29339]: Invalid user Cisco from 185.246.130.20 port 64053","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:27:19.584Z","@version":"1","message":"Sep  8 02:27:18 honeypot-sgp-1 sshd[29345]: Invalid user 1234 from 185.246.130.20 port 63242","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22180]: Did not receive identification string from 193.176.239.126 port 54254","@timestamp":"2022-09-08T02:27:27.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22197]: Connection closed by invalid user admin 193.176.239.126 port 54346 [preauth]","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22201]: Invalid user elastic from 193.176.239.126 port 54304","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22208]: Invalid user web from 193.176.239.126 port 54326","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22195]: Invalid user test from 193.176.239.126 port 54278","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22209]: Invalid user user from 193.176.239.126 port 54288","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22193]: Connection closed by invalid user hadoop 193.176.239.126 port 54282 [preauth]","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22188]: Connection closed by invalid user www 193.176.239.126 port 54330 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22211]: Connection closed by invalid user es 193.176.239.126 port 54302 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22191]: Connection closed by invalid user devops 193.176.239.126 port 54276 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:32 honeypot-fra-1 sshd[22242]: Disconnected from invalid user jira1 165.22.45.108 port 60886 [preauth]","@timestamp":"2022-09-08T02:27:32.682Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T02:27:39.595Z","@version":"1","message":"Sep  8 02:27:39 honeypot-sgp-1 sshd[29351]: Invalid user  from 185.246.130.20 port 5375","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:27:47 honeypot-ams-1 sshd[32260]: Invalid user mysql from 20.226.1.90 port 55266","@timestamp":"2022-09-08T02:27:47.563Z"}
{"@timestamp":"2022-09-08T02:27:59.605Z","@version":"1","message":"Sep  8 02:27:59 honeypot-sgp-1 sshd[29357]: Invalid user admin from 185.246.130.20 port 52327","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:28:27.621Z","@version":"1","message":"Sep  8 02:28:27 honeypot-sgp-1 sshd[29365]: Invalid user  from 185.246.130.20 port 38294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:28:50 honeypot-ams-1 kernel: [83480718.348319] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.190.42.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=123 PROTO=TCP SPT=65534 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:28:50.592Z"}
{"@timestamp":"2022-09-08T02:29:00.637Z","@version":"1","message":"Sep  8 02:28:59 honeypot-sgp-1 sshd[29371]: Disconnecting invalid user admin 185.246.130.20 port 6417: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:29:29.653Z","@version":"1","message":"Sep  8 02:29:29 honeypot-sgp-1 sshd[29377]: Disconnecting invalid user cusadmin 185.246.130.20 port 54312: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:29:56.667Z","@version":"1","message":"Sep  8 02:29:56 honeypot-sgp-1 sshd[29383]: Disconnecting invalid user lgnortel 185.246.130.20 port 50724: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:30:21.680Z","@version":"1","message":"Sep  8 02:30:20 honeypot-sgp-1 sshd[29389]: Disconnecting invalid user admin 185.246.130.20 port 50432: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:30:39.690Z","@version":"1","message":"Sep  8 02:30:39 honeypot-sgp-1 sshd[29395]: Invalid user admin1234 from 185.246.130.20 port 63243","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:30:49 honeypot-ams-1 kernel: [83480837.757031] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.108.153 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=41994 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:30:49.648Z"}
{"@timestamp":"2022-09-08T02:31:01.701Z","@version":"1","message":"Sep  8 02:31:01 honeypot-sgp-1 sshd[29399]: Disconnecting invalid user  185.246.130.20 port 62788: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:31:22.713Z","@version":"1","message":"Sep  8 02:31:22 honeypot-sgp-1 sshd[29405]: Disconnecting invalid user motorola 185.246.130.20 port 22609: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:31:43.723Z","@version":"1","message":"Sep  8 02:31:43 honeypot-sgp-1 sshd[29409]: Disconnecting invalid user blank 185.246.130.20 port 44710: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:32:20.742Z","@version":"1","message":"Sep  8 02:32:20 honeypot-sgp-1 sshd[29419]: Invalid user 0 from 185.246.130.20 port 45819","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:32:35.751Z","@version":"1","message":"Sep  8 02:32:35 honeypot-sgp-1 sshd[29421]: Disconnecting invalid user admin 185.246.130.20 port 26433: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:32:57.762Z","@version":"1","message":"Sep  8 02:32:57 honeypot-sgp-1 sshd[29429]: Disconnecting invalid user Shiko 185.246.130.20 port 26149: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:33:20.775Z","@version":"1","message":"Sep  8 02:33:20 honeypot-sgp-1 sshd[29435]: Disconnecting invalid user smcadmin 185.246.130.20 port 60274: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:33:46.787Z","@version":"1","message":"Sep  8 02:33:46 honeypot-sgp-1 sshd[29441]: Disconnecting invalid user cusadmin 185.246.130.20 port 34456: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:34:11.800Z","@version":"1","message":"Sep  8 02:34:11 honeypot-sgp-1 sshd[29448]: Disconnecting invalid user sweex 185.246.130.20 port 16972: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:34:37.814Z","@version":"1","message":"Sep  8 02:34:37 honeypot-sgp-1 sshd[29454]: Disconnecting invalid user  185.246.130.20 port 34875: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:34:43 honeypot-ams-1 sshd[32269]: Disconnected from authenticating user root 92.255.85.69 port 46800 [preauth]","@timestamp":"2022-09-08T02:34:44.754Z"}
{"@timestamp":"2022-09-08T02:35:04.828Z","@version":"1","message":"Sep  8 02:35:04 honeypot-sgp-1 sshd[29460]: Disconnecting invalid user ubnt 185.246.130.20 port 7933: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:35:09 honeypot-fra-1 kernel: [83478950.391867] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.209.164 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61682 PROTO=TCP SPT=11976 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:35:09.851Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T02:35:45.848Z","@version":"1","message":"Sep  8 02:35:44 honeypot-sgp-1 sshd[29468]: Invalid user amdin from 185.246.130.20 port 2388","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:36:15.867Z","@version":"1","message":"Sep  8 02:36:15 honeypot-sgp-1 sshd[29474]: Invalid user admin from 185.246.130.20 port 10996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:36:46.882Z","@version":"1","message":"Sep  8 02:36:46 honeypot-sgp-1 sshd[29480]: Invalid user admin from 185.246.130.20 port 39716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:37:27.904Z","@version":"1","message":"Sep  8 02:37:27 honeypot-sgp-1 sshd[29486]: Invalid user 1admin0 from 185.246.130.20 port 16587","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:45:04 honeypot-ams-1 kernel: [83481692.644908] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.90.169.173 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=6029 DF PROTO=TCP SPT=39210 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:45:05.041Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:47:08 honeypot-fra-1 sshd[22250]: Invalid user jira from 165.22.45.108 port 37400","@timestamp":"2022-09-08T02:47:09.112Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T02:48:00.175Z","@version":"1","message":"Sep  8 02:47:59 honeypot-sgp-1 kernel: [83481397.161096] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=52815 PROTO=TCP SPT=43668 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:50:24 honeypot-ams-1 sshd[32275]: Received disconnect from 204.48.30.72 port 44910:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:50:25.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:51:28 honeypot-ams-1 sshd[32279]: Did not receive identification string from 45.61.186.249 port 38566","@timestamp":"2022-09-08T02:51:29.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:51:54 honeypot-ams-1 sshd[32282]: Disconnected from invalid user user 45.61.186.249 port 35104 [preauth]","@timestamp":"2022-09-08T02:51:55.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:52:15 honeypot-ams-1 sshd[32286]: Disconnected from invalid user user 45.61.186.249 port 57832 [preauth]","@timestamp":"2022-09-08T02:52:15.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:52:34 honeypot-ams-1 sshd[32290]: Disconnected from invalid user user 45.61.186.249 port 52328 [preauth]","@timestamp":"2022-09-08T02:52:35.251Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:54:34 honeypot-fra-1 sshd[22257]: Received disconnect from 168.232.123.171 port 60353:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:54:35.270Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T02:55:22.355Z","@version":"1","message":"Sep  8 02:55:22 honeypot-sgp-1 kernel: [83481840.154077] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=83.143.246.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57239 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:56:15 honeypot-fra-1 sshd[22261]: Invalid user alvaro from 13.125.232.65 port 32838","@timestamp":"2022-09-08T02:56:15.310Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:57:29 honeypot-ams-1 sshd[32297]: Received disconnect from 92.255.85.69 port 39402:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:57:29.382Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:04:08 honeypot-fra-1 sshd[22264]: Disconnected from authenticating user root 92.255.85.70 port 23346 [preauth]","@timestamp":"2022-09-08T03:04:09.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:05:41.606Z","@version":"1","message":"Sep  8 03:05:40 honeypot-sgp-1 kernel: [83482458.702695] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.194.196 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47952 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:07:25 honeypot-fra-1 sshd[22270]: Invalid user jira from 165.22.45.108 port 42164","@timestamp":"2022-09-08T03:07:26.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:07:50 honeypot-ams-1 sshd[32303]: Invalid user neetha from 207.154.228.201 port 39206","@timestamp":"2022-09-08T03:07:50.652Z"}
{"@timestamp":"2022-09-08T03:08:05.667Z","@version":"1","message":"Sep  8 03:08:05 honeypot-sgp-1 sshd[29526]: Received disconnect from 92.255.85.70 port 27974:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:09:48 honeypot-fra-1 sshd[22275]: Received disconnect from 208.67.106.145 port 52688:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:09:48.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:11:19 honeypot-fra-1 sshd[22281]: Invalid user pi from 91.115.179.129 port 52036","@timestamp":"2022-09-08T03:11:19.648Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:12:02.767Z","@version":"1","message":"Sep  8 03:12:02 honeypot-sgp-1 sshd[29529]: Received disconnect from 189.5.124.232 port 39188:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:14:04 honeypot-fra-1 sshd[22286]: Received disconnect from 167.172.220.171 port 38916:11: Bye Bye [preauth]","@timestamp":"2022-09-08T03:14:05.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:15:05 honeypot-ams-1 sshd[32307]: Invalid user admin from 59.26.219.154 port 52184","@timestamp":"2022-09-08T03:15:05.841Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:15:33 honeypot-fra-1 sshd[22290]: Received disconnect from 208.67.106.145 port 37758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:15:33.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:16:32.876Z","@version":"1","message":"Sep  8 03:16:32 honeypot-sgp-1 sshd[29534]: Disconnected from authenticating user root 159.65.2.58 port 52556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:17:30 honeypot-fra-1 kernel: [83481491.458530] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.25 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44293 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:17:30.795Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T03:17:54.911Z","@version":"1","message":"Sep  8 03:17:54 honeypot-sgp-1 kernel: [83483192.301070] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.212.84 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57274 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22302]: Did not receive identification string from 178.62.238.239 port 54991","@timestamp":"2022-09-08T03:18:58.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22308]: Invalid user test from 178.62.238.239 port 56305","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22314]: Invalid user vagrant from 178.62.238.239 port 56158","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22314]: Connection closed by invalid user vagrant 178.62.238.239 port 56158 [preauth]","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22305]: Invalid user minecraft from 178.62.238.239 port 56300","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22321]: Invalid user ec2-user from 178.62.238.239 port 56310","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22320]: Invalid user es from 178.62.238.239 port 56309","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22321]: Connection closed by invalid user ec2-user 178.62.238.239 port 56310 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22324]: Connection closed by invalid user mcserv 178.62.238.239 port 56319 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22330]: Connection closed by invalid user ansible 178.62.238.239 port 56323 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:19:27 honeypot-ams-1 kernel: [83483756.212407] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.197.222 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54831 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:19:28.956Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:19:51 honeypot-fra-1 sshd[22360]: Disconnected from invalid user pavoni 167.172.90.213 port 38190 [preauth]","@timestamp":"2022-09-08T03:19:51.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:21:21 honeypot-fra-1 sshd[22366]: Received disconnect from 103.224.36.226 port 37320:11: Bye Bye [preauth]","@timestamp":"2022-09-08T03:21:21.889Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:21:44 honeypot-ams-1 sshd[32318]: Invalid user user from 198.98.61.9 port 40934","@timestamp":"2022-09-08T03:21:45.017Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:21:59 honeypot-ams-1 sshd[32322]: Invalid user user from 198.98.61.9 port 35106","@timestamp":"2022-09-08T03:22:00.025Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:22:13 honeypot-ams-1 sshd[32326]: Invalid user user from 198.98.61.9 port 57508","@timestamp":"2022-09-08T03:22:14.033Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:22:59 honeypot-ams-1 kernel: [83483968.153171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=3206 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:23:00.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:23:09 honeypot-fra-1 sshd[22370]: Disconnected from authenticating user root 208.67.106.145 port 33014 [preauth]","@timestamp":"2022-09-08T03:23:09.933Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:26:16 honeypot-fra-1 sshd[22375]: Disconnected from invalid user postgres 208.67.106.145 port 53746 [preauth]","@timestamp":"2022-09-08T03:26:17.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:28:08 honeypot-fra-1 sshd[22381]: Invalid user jira from 165.22.45.108 port 46924","@timestamp":"2022-09-08T03:28:09.049Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:29:21 honeypot-fra-1 sshd[22385]: Received disconnect from 208.67.106.145 port 46246:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:29:22.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:30:18 honeypot-fra-1 sshd[22390]: Disconnected from authenticating user root 157.245.122.58 port 58286 [preauth]","@timestamp":"2022-09-08T03:30:19.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:31:19 honeypot-fra-1 sshd[22394]: Disconnected from invalid user odoo 157.245.122.58 port 43614 [preauth]","@timestamp":"2022-09-08T03:31:20.127Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:32:58.276Z","@version":"1","message":"Sep  8 03:32:57 honeypot-sgp-1 sshd[29547]: Invalid user user from 45.61.186.169 port 48776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:32:58 honeypot-fra-1 kernel: [83482419.726782] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.203.57.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45439 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:32:59.165Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T03:33:19.287Z","@version":"1","message":"Sep  8 03:33:18 honeypot-sgp-1 sshd[29551]: Invalid user user from 45.61.186.169 port 43950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:33:37.296Z","@version":"1","message":"Sep  8 03:33:36 honeypot-sgp-1 sshd[29555]: Invalid user user from 45.61.186.169 port 39102","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:33:53.304Z","@version":"1","message":"Sep  8 03:33:53 honeypot-sgp-1 sshd[29559]: Invalid user user from 45.61.186.169 port 34288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:34:03 honeypot-fra-1 sshd[22404]: Invalid user jonitwiso from 157.245.122.58 port 55986","@timestamp":"2022-09-08T03:34:03.193Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:35:30 honeypot-ams-1 kernel: [83484718.343771] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.195 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=57518 PROTO=TCP SPT=10344 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:35:30.371Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:35:34 honeypot-fra-1 sshd[22409]: Invalid user ossuser from 208.67.106.145 port 59444","@timestamp":"2022-09-08T03:35:34.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:37:00 honeypot-fra-1 sshd[22413]: Received disconnect from 208.67.106.145 port 41580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:37:01.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:39:20 honeypot-ams-1 kernel: [83484949.020674] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=33359 PROTO=TCP SPT=59226 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:39:21.465Z"}
{"@timestamp":"2022-09-08T03:40:55.475Z","@version":"1","message":"Sep  8 03:40:55 honeypot-sgp-1 sshd[29563]: Received disconnect from 45.61.186.169 port 57006:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:41:14.485Z","@version":"1","message":"Sep  8 03:41:13 honeypot-sgp-1 sshd[29567]: Received disconnect from 45.61.186.169 port 51370:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:41:30 honeypot-fra-1 sshd[22420]: Received disconnect from 208.67.106.145 port 44434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:41:30.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:41:31.494Z","@version":"1","message":"Sep  8 03:41:30 honeypot-sgp-1 sshd[29571]: Received disconnect from 45.61.186.169 port 45754:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:41:47.502Z","@version":"1","message":"Sep  8 03:41:47 honeypot-sgp-1 sshd[29575]: Received disconnect from 45.61.186.169 port 40138:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:44:37 honeypot-fra-1 sshd[22424]: Received disconnect from 208.67.106.145 port 36924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:44:37.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:45:36 honeypot-ams-1 sshd[32341]: Invalid user sotokara from 177.19.226.178 port 40290","@timestamp":"2022-09-08T03:45:37.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:47:43 honeypot-fra-1 sshd[22429]: Received disconnect from 208.67.106.145 port 57660:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:47:44.506Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:48:53 honeypot-ams-1 kernel: [83485521.646915] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.90.148.15 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=58354 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:48:53.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:50:03 honeypot-fra-1 sshd[22434]: Disconnected from authenticating user root 92.255.85.70 port 50946 [preauth]","@timestamp":"2022-09-08T03:50:04.559Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:53:47.811Z","@version":"1","message":"Sep  8 03:53:47 honeypot-sgp-1 kernel: [83485345.349772] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.201.9.213 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48047 PROTO=TCP SPT=56599 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:08 honeypot-fra-1 sshd[22440]: Disconnected from authenticating user root 178.12.151.228 port 49682 [preauth]","@timestamp":"2022-09-08T04:04:08.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:09 honeypot-fra-1 sshd[22446]: Received disconnect from 178.12.151.228 port 49794:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:09.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:10 honeypot-fra-1 sshd[22452]: Received disconnect from 178.12.151.228 port 49838:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:10.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:11 honeypot-fra-1 sshd[22458]: Received disconnect from 178.12.151.228 port 49878:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:11.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:11 honeypot-fra-1 sshd[22464]: Received disconnect from 178.12.151.228 port 49954:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:12.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:12 honeypot-fra-1 sshd[22470]: Received disconnect from 178.12.151.228 port 49988:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:12.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:13 honeypot-fra-1 sshd[22476]: Received disconnect from 178.12.151.228 port 50016:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:13.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:14 honeypot-fra-1 sshd[22482]: Received disconnect from 178.12.151.228 port 50048:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:14.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:15 honeypot-fra-1 sshd[22488]: Received disconnect from 178.12.151.228 port 50088:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:15.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:16 honeypot-fra-1 sshd[22494]: Received disconnect from 178.12.151.228 port 50134:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:16.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:17 honeypot-fra-1 sshd[22500]: Received disconnect from 178.12.151.228 port 50172:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:17.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:18 honeypot-fra-1 sshd[22506]: Received disconnect from 178.12.151.228 port 50204:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:18.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:19 honeypot-fra-1 sshd[22512]: Invalid user admin from 178.12.151.228 port 50352","@timestamp":"2022-09-08T04:04:19.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:19 honeypot-fra-1 sshd[22516]: Invalid user admin from 178.12.151.228 port 50392","@timestamp":"2022-09-08T04:04:19.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:20 honeypot-fra-1 sshd[22520]: Invalid user admin from 178.12.151.228 port 50428","@timestamp":"2022-09-08T04:04:20.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:20 honeypot-fra-1 sshd[22524]: Invalid user admin from 178.12.151.228 port 50454","@timestamp":"2022-09-08T04:04:20.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:21 honeypot-fra-1 sshd[22528]: Invalid user admin from 178.12.151.228 port 50496","@timestamp":"2022-09-08T04:04:21.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:22 honeypot-fra-1 sshd[22532]: Invalid user user from 178.12.151.228 port 50556","@timestamp":"2022-09-08T04:04:22.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:22 honeypot-fra-1 sshd[22536]: Disconnected from authenticating user root 178.12.151.228 port 50586 [preauth]","@timestamp":"2022-09-08T04:04:22.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:23 honeypot-fra-1 sshd[22540]: Disconnected from invalid user pi 178.12.151.228 port 50608 [preauth]","@timestamp":"2022-09-08T04:04:23.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:23 honeypot-fra-1 sshd[22544]: Disconnected from invalid user ethos 178.12.151.228 port 50632 [preauth]","@timestamp":"2022-09-08T04:04:23.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:24 honeypot-fra-1 sshd[22548]: Disconnected from invalid user miner 178.12.151.228 port 50654 [preauth]","@timestamp":"2022-09-08T04:04:24.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:25 honeypot-fra-1 sshd[22552]: Disconnected from invalid user volumio 178.12.151.228 port 50690 [preauth]","@timestamp":"2022-09-08T04:04:25.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:25 honeypot-fra-1 sshd[22556]: Disconnected from invalid user nagios 178.12.151.228 port 50724 [preauth]","@timestamp":"2022-09-08T04:04:25.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:26 honeypot-fra-1 sshd[22560]: Disconnected from invalid user vagrant 178.12.151.228 port 50762 [preauth]","@timestamp":"2022-09-08T04:04:26.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:26 honeypot-fra-1 sshd[22564]: Disconnected from invalid user debian 178.12.151.228 port 50788 [preauth]","@timestamp":"2022-09-08T04:04:27.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:27 honeypot-fra-1 sshd[22568]: Disconnected from invalid user debian 178.12.151.228 port 50826 [preauth]","@timestamp":"2022-09-08T04:04:27.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:28 honeypot-fra-1 sshd[22572]: Disconnected from invalid user alarm 178.12.151.228 port 50854 [preauth]","@timestamp":"2022-09-08T04:04:28.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:28 honeypot-fra-1 sshd[22576]: Disconnected from invalid user test 178.12.151.228 port 50980 [preauth]","@timestamp":"2022-09-08T04:04:28.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:29 honeypot-fra-1 sshd[22580]: Disconnected from invalid user cirros 178.12.151.228 port 51020 [preauth]","@timestamp":"2022-09-08T04:04:29.882Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:08:33 honeypot-ams-1 sshd[32349]: Disconnected from authenticating user root 42.200.247.63 port 46684 [preauth]","@timestamp":"2022-09-08T04:08:34.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:10:18 honeypot-ams-1 sshd[32356]: Received disconnect from 157.245.122.58 port 57776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:10:19.261Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:11:26 honeypot-fra-1 sshd[22587]: Invalid user jira from 165.22.45.108 port 56508","@timestamp":"2022-09-08T04:11:27.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:11:35 honeypot-ams-1 sshd[32360]: Invalid user sam from 43.132.240.51 port 44910","@timestamp":"2022-09-08T04:11:36.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:13:21 honeypot-ams-1 sshd[32364]: Invalid user data.user from 157.245.122.58 port 41928","@timestamp":"2022-09-08T04:13:22.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:14:19 honeypot-ams-1 sshd[32367]: Received disconnect from 157.245.122.58 port 55446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:14:19.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:15:16 honeypot-fra-1 sshd[22591]: Received disconnect from 200.70.56.202 port 40792:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:15:17.124Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T04:15:18.332Z","@version":"1","message":"Sep  8 04:15:17 honeypot-sgp-1 sshd[29585]: Received disconnect from 92.255.85.70 port 16718:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:16:05 honeypot-ams-1 sshd[32373]: Received disconnect from 177.1.213.19 port 29269:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:16:06.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:17:01 honeypot-ams-1 CRON[32377]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T04:17:01.447Z"}
{"@timestamp":"2022-09-08T04:17:46.395Z","@version":"1","message":"Sep  8 04:17:45 honeypot-sgp-1 sshd[29593]: Received disconnect from 61.177.172.90 port 13004:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:20:52 honeypot-ams-1 sshd[32383]: Disconnected from authenticating user root 218.92.0.221 port 63888 [preauth]","@timestamp":"2022-09-08T04:20:53.549Z"}
{"@timestamp":"2022-09-08T04:25:45.590Z","@version":"1","message":"Sep  8 04:25:44 honeypot-sgp-1 sshd[29601]: Disconnected from invalid user Auguszta 157.245.243.224 port 56254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:26:39 honeypot-ams-1 kernel: [83487787.739568] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=59546 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:26:39.699Z"}
{"@timestamp":"2022-09-08T04:31:10.725Z","@version":"1","message":"Sep  8 04:31:10 honeypot-sgp-1 kernel: [83487587.970863] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.232.53.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4092 PROTO=TCP SPT=41362 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:33:49 honeypot-fra-1 sshd[22599]: Invalid user jira from 165.22.45.108 port 33088","@timestamp":"2022-09-08T04:33:50.522Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:34:09 honeypot-ams-1 kernel: [83488238.142181] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=5793 DF PROTO=TCP SPT=53059 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:34:10.898Z"}
{"@timestamp":"2022-09-08T04:34:25.809Z","@version":"1","message":"Sep  8 04:34:25 honeypot-sgp-1 kernel: [83487782.772009] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=116.62.111.9 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=46242 DF PROTO=TCP SPT=49742 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:35:22 honeypot-fra-1 sshd[22603]: Received disconnect from 92.255.85.69 port 52594:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:35:23.558Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T04:37:26.886Z","@version":"1","message":"Sep  8 04:37:26 honeypot-sgp-1 sshd[29613]: Received disconnect from 45.61.187.160 port 45756:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:37:50.898Z","@version":"1","message":"Sep  8 04:37:50 honeypot-sgp-1 sshd[29618]: Received disconnect from 45.61.187.160 port 41170:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:38:08.907Z","@version":"1","message":"Sep  8 04:38:08 honeypot-sgp-1 sshd[29622]: Received disconnect from 45.61.187.160 port 36564:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:38:16.911Z","@version":"1","message":"Sep  8 04:38:16 honeypot-sgp-1 sshd[29626]: Disconnected from invalid user user 45.61.187.160 port 48390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:41:35 honeypot-fra-1 sshd[22609]: Disconnected from invalid user user 45.61.186.169 port 32918 [preauth]","@timestamp":"2022-09-08T04:41:36.693Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:41:53 honeypot-fra-1 sshd[22613]: Disconnected from invalid user user 45.61.186.169 port 56262 [preauth]","@timestamp":"2022-09-08T04:41:54.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:42:11 honeypot-fra-1 sshd[22617]: Disconnected from invalid user user 45.61.186.169 port 51376 [preauth]","@timestamp":"2022-09-08T04:42:11.710Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:42:17 honeypot-ams-1 kernel: [83488726.152254] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=26730 PROTO=TCP SPT=44194 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:42:18.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:42:27 honeypot-fra-1 sshd[22621]: Disconnected from invalid user user 45.61.186.169 port 46474 [preauth]","@timestamp":"2022-09-08T04:42:27.717Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:51:08 honeypot-ams-1 sshd[32429]: Received disconnect from 92.255.85.69 port 44930:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:51:08.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:53:43 honeypot-fra-1 sshd[22630]: Did not receive identification string from 128.199.96.88 port 61000","@timestamp":"2022-09-08T04:53:43.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:56:07 honeypot-ams-1 sshd[32434]: Disconnected from invalid user kjayroe 43.225.158.223 port 41547 [preauth]","@timestamp":"2022-09-08T04:56:07.462Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:00:56 honeypot-fra-1 kernel: [83487697.686041] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.130 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=48562 PROTO=TCP SPT=46361 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:00:57.121Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T05:02:28.489Z","@version":"1","message":"Sep  8 05:02:28 honeypot-sgp-1 sshd[29637]: Disconnected from authenticating user root 61.177.173.35 port 10154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:09:40 honeypot-fra-1 sshd[22639]: Received disconnect from 67.222.147.161 port 37820:11: Bye Bye [preauth]","@timestamp":"2022-09-08T05:09:41.311Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 05:11:43 honeypot-ams-1 kernel: [83490491.952534] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.57.27.117 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=26107 DF PROTO=TCP SPT=20695 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:11:43.864Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:12:40 honeypot-fra-1 sshd[22646]: Invalid user user from 198.98.61.9 port 58658","@timestamp":"2022-09-08T05:12:41.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:12:53.737Z","@version":"1","message":"Sep  8 05:12:53 honeypot-sgp-1 kernel: [83490090.770854] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=22230 DF PROTO=TCP SPT=23254 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:12:55 honeypot-fra-1 sshd[22650]: Invalid user user from 198.98.61.9 port 53522","@timestamp":"2022-09-08T05:12:56.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:13:11 honeypot-fra-1 sshd[22654]: Invalid user user from 198.98.61.9 port 48378","@timestamp":"2022-09-08T05:13:11.388Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 05:13:48 honeypot-ams-1 kernel: [83490616.363425] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29885 DF PROTO=TCP SPT=38205 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:13:48.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:14:09 honeypot-fra-1 sshd[22658]: Received disconnect from 43.154.212.241 port 40154:11: Bye Bye [preauth]","@timestamp":"2022-09-08T05:14:10.411Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:16:54.835Z","@version":"1","message":"Sep  8 05:16:54 honeypot-sgp-1 sshd[29651]: Disconnected from invalid user user 45.61.186.49 port 41408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:17:03.839Z","@version":"1","message":"Sep  8 05:17:03 honeypot-sgp-1 sshd[29658]: Invalid user user from 45.61.186.49 port 53392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:17:35.854Z","@version":"1","message":"Sep  8 05:17:34 honeypot-sgp-1 sshd[29662]: Received disconnect from 61.177.173.36 port 38325:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:18:26 honeypot-fra-1 sshd[22666]: Invalid user jira from 165.22.45.108 port 42704","@timestamp":"2022-09-08T05:18:27.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:19:06 honeypot-ams-1 sshd[32454]: Invalid user user from 45.61.188.177 port 52106","@timestamp":"2022-09-08T05:19:07.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:19:28 honeypot-ams-1 sshd[32458]: Invalid user user from 45.61.188.177 port 48744","@timestamp":"2022-09-08T05:19:29.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:19:44 honeypot-ams-1 sshd[32462]: Received disconnect from 61.177.173.51 port 34621:11:  [preauth]","@timestamp":"2022-09-08T05:19:45.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:20:00 honeypot-ams-1 sshd[32466]: Received disconnect from 45.61.188.177 port 57820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:20:01.088Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:21:55 honeypot-fra-1 sshd[22670]: Invalid user mick from 143.198.123.124 port 59628","@timestamp":"2022-09-08T05:21:56.596Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:22:26.990Z","@version":"1","message":"Sep  8 05:22:26 honeypot-sgp-1 kernel: [83490664.111072] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.49.193 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=118 ID=6231 PROTO=TCP SPT=17340 DPT=80 WINDOW=26150 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:22:26 honeypot-ams-1 sshd[32471]: Disconnected from authenticating user root 61.177.173.36 port 44260 [preauth]","@timestamp":"2022-09-08T05:22:27.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:27:27 honeypot-fra-1 kernel: [83489288.497538] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=117.174.10.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=13461 DF PROTO=TCP SPT=25876 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:27:27.717Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T05:30:28.191Z","@version":"1","message":"Sep  8 05:30:28 honeypot-sgp-1 kernel: [83491145.771119] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=1366 PROTO=TCP SPT=55006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:31:27 honeypot-ams-1 sshd[32476]: Connection closed by invalid user cer-admin 137.116.144.39 port 60428 [preauth]","@timestamp":"2022-09-08T05:31:28.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:32:40 honeypot-ams-1 sshd[32483]: Disconnected from invalid user user 45.61.187.160 port 54008 [preauth]","@timestamp":"2022-09-08T05:32:41.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:32:59 honeypot-ams-1 sshd[32489]: Received disconnect from 45.61.187.160 port 49196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:33:00.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:33:17 honeypot-ams-1 sshd[32494]: Received disconnect from 45.61.187.160 port 44384:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:33:18.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:33:34 honeypot-ams-1 sshd[32499]: Invalid user user from 45.61.187.160 port 39570","@timestamp":"2022-09-08T05:33:35.449Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:39:05 honeypot-fra-1 kernel: [83489986.261859] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59738 PROTO=TCP SPT=32291 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:39:05.967Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:39:10 honeypot-ams-1 sshd[32507]: Connection closed by 180.76.173.237 port 36028 [preauth]","@timestamp":"2022-09-08T05:39:10.593Z"}
{"@timestamp":"2022-09-08T05:40:25.438Z","@version":"1","message":"Sep  8 05:40:25 honeypot-sgp-1 sshd[29677]: Bad protocol version identification '\\026\\003\\001' from 134.122.112.12 port 40890","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:48.493Z","@version":"1","message":"Sep  8 05:41:48 honeypot-sgp-1 sshd[29682]: Disconnected from invalid user user 141.255.162.226 port 59050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:49.494Z","@version":"1","message":"Sep  8 05:41:49 honeypot-sgp-1 sshd[29686]: Disconnected from invalid user user 141.255.162.226 port 38154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:52.496Z","@version":"1","message":"Sep  8 05:41:51 honeypot-sgp-1 sshd[29690]: Disconnected from invalid user user 141.255.162.226 port 37044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:53.496Z","@version":"1","message":"Sep  8 05:41:53 honeypot-sgp-1 sshd[29694]: Disconnected from invalid user user 141.255.162.226 port 52834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:42:15 honeypot-fra-1 kernel: [83490176.715662] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=23645 PROTO=TCP SPT=43275 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:42:16.038Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T05:43:23.535Z","@version":"1","message":"Sep  8 05:43:22 honeypot-sgp-1 sshd[29698]: Disconnected from invalid user esteban 159.65.115.222 port 55656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:47:23.632Z","@version":"1","message":"Sep  8 05:47:23 honeypot-sgp-1 sshd[29705]: Disconnected from authenticating user root 92.255.85.69 port 18948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:50:27.708Z","@version":"1","message":"Sep  8 05:50:27 honeypot-sgp-1 sshd[29713]: Received disconnect from 112.23.2.254 port 48356:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:55:30.831Z","@version":"1","message":"Sep  8 05:55:30 honeypot-sgp-1 sshd[29718]: Connection closed by invalid user admin 220.135.177.191 port 54020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:00:24 honeypot-fra-1 sshd[22685]: Connection closed by invalid user admin 121.159.171.57 port 41835 [preauth]","@timestamp":"2022-09-08T06:00:25.420Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:00:29 honeypot-ams-1 sshd[32520]: Received disconnect from 92.255.85.69 port 18182:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:00:30.135Z"}
{"@timestamp":"2022-09-08T06:01:06.968Z","@version":"1","message":"Sep  8 06:01:06 honeypot-sgp-1 sshd[29725]: Received disconnect from 61.177.173.52 port 43732:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:03:05 honeypot-ams-1 sshd[32529]: Invalid user pi from 158.248.51.169 port 39018","@timestamp":"2022-09-08T06:03:05.202Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:03:25 honeypot-fra-1 kernel: [83491445.989103] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.207.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39745 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:03:25.493Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:04:05 honeypot-ams-1 sshd[32535]: Disconnected from authenticating user root 61.177.172.114 port 17709 [preauth]","@timestamp":"2022-09-08T06:04:05.231Z"}
{"@timestamp":"2022-09-08T06:05:41.082Z","@version":"1","message":"Sep  8 06:05:40 honeypot-sgp-1 sshd[29733]: Disconnected from authenticating user root 14.224.169.32 port 59578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:41 honeypot-ams-1 sshd[32540]: Disconnected from invalid user user 141.255.162.226 port 54650 [preauth]","@timestamp":"2022-09-08T06:06:42.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:44 honeypot-ams-1 sshd[32544]: Disconnected from invalid user user 141.255.162.226 port 47912 [preauth]","@timestamp":"2022-09-08T06:06:44.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:47 honeypot-ams-1 sshd[32548]: Disconnected from invalid user user 141.255.162.226 port 34016 [preauth]","@timestamp":"2022-09-08T06:06:48.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:07:29 honeypot-fra-1 sshd[22692]: Disconnected from authenticating user root 92.255.85.69 port 22008 [preauth]","@timestamp":"2022-09-08T06:07:29.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:30 honeypot-ams-1 sshd[32553]: Received disconnect from 141.255.162.226 port 48544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T06:07:31.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:32 honeypot-ams-1 sshd[32559]: Invalid user user from 141.255.162.226 port 42710","@timestamp":"2022-09-08T06:07:32.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:34 honeypot-ams-1 sshd[32561]: Received disconnect from 141.255.162.226 port 50184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T06:07:34.330Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:08:02 honeypot-ams-1 kernel: [83493870.324273] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=38807 PROTO=TCP SPT=56803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:08:02.343Z"}
{"@timestamp":"2022-09-08T06:11:27.226Z","@version":"1","message":"Sep  8 06:11:26 honeypot-sgp-1 sshd[29739]: Disconnected from authenticating user root 61.177.173.50 port 19150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:31 honeypot-fra-1 sshd[23131]: Invalid user testuser from 129.226.39.43 port 55715","@timestamp":"2022-09-08T06:15:31.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:31 honeypot-fra-1 sshd[23129]: Connection closed by invalid user odoo 129.226.39.43 port 55705 [preauth]","@timestamp":"2022-09-08T06:15:32.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:32 honeypot-fra-1 sshd[23142]: Invalid user ansible from 129.226.39.43 port 55701","@timestamp":"2022-09-08T06:15:33.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:33 honeypot-fra-1 sshd[23142]: Connection closed by invalid user ansible 129.226.39.43 port 55701 [preauth]","@timestamp":"2022-09-08T06:15:33.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:34 honeypot-fra-1 sshd[23148]: Invalid user mcsv from 129.226.39.43 port 55653","@timestamp":"2022-09-08T06:15:35.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:35 honeypot-fra-1 sshd[23150]: Connection closed by invalid user mcsrv 129.226.39.43 port 55635 [preauth]","@timestamp":"2022-09-08T06:15:35.761Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:17:01 honeypot-ams-1 CRON[32571]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T06:17:01.603Z"}
{"@timestamp":"2022-09-08T06:17:06.368Z","@version":"1","message":"Sep  8 06:17:05 honeypot-sgp-1 sshd[29750]: Invalid user user from 45.61.186.169 port 51402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:24.378Z","@version":"1","message":"Sep  8 06:17:23 honeypot-sgp-1 sshd[29754]: Invalid user user from 45.61.186.169 port 46926","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:41.387Z","@version":"1","message":"Sep  8 06:17:40 honeypot-sgp-1 sshd[29758]: Invalid user user from 45.61.186.169 port 42442","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:50.391Z","@version":"1","message":"Sep  8 06:17:49 honeypot-sgp-1 sshd[29760]: Received disconnect from 45.61.186.169 port 54314:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:19:07.425Z","@version":"1","message":"Sep  8 06:19:07 honeypot-sgp-1 sshd[29766]: Disconnected from authenticating user root 178.62.127.39 port 46776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:21:15 honeypot-fra-1 sshd[23168]: Received disconnect from 118.34.14.126 port 40086:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:21:15.887Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:22:17.505Z","@version":"1","message":"Sep  8 06:22:17 honeypot-sgp-1 kernel: [83494254.755793] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.152.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63725 PROTO=TCP SPT=15599 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:23:55 honeypot-ams-1 sshd[315]: Disconnected from authenticating user root 92.255.85.70 port 20764 [preauth]","@timestamp":"2022-09-08T06:23:55.782Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:25:06 honeypot-fra-1 sshd[23307]: Received disconnect from 165.22.45.108 port 57116:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T06:25:06.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:27:57.649Z","@version":"1","message":"Sep  8 06:27:57 honeypot-sgp-1 kernel: [83494595.064389] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=19488 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:31:24 honeypot-ams-1 sshd[495]: Invalid user test from 35.247.220.198 port 46742","@timestamp":"2022-09-08T06:31:24.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:31:57 honeypot-fra-1 sshd[23414]: Received disconnect from 92.255.85.70 port 15958:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:31:58.125Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:37:09 honeypot-ams-1 sshd[504]: Invalid user yvette from 188.166.183.200 port 58564","@timestamp":"2022-09-08T06:37:10.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:39:18 honeypot-ams-1 sshd[510]: Received disconnect from 61.177.172.104 port 31120:11:  [preauth]","@timestamp":"2022-09-08T06:39:19.182Z"}
{"@timestamp":"2022-09-08T06:40:37.994Z","@version":"1","message":"Sep  8 06:40:37 honeypot-sgp-1 sshd[29925]: Invalid user admin from 210.207.186.120 port 63714","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:06.105Z","@version":"1","message":"Sep  8 06:45:05 honeypot-sgp-1 sshd[29930]: Invalid user user from 45.61.187.160 port 50132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:24.114Z","@version":"1","message":"Sep  8 06:45:23 honeypot-sgp-1 sshd[29934]: Invalid user user from 45.61.187.160 port 45180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:33.119Z","@version":"1","message":"Sep  8 06:45:32 honeypot-sgp-1 sshd[29936]: Disconnected from invalid user user 45.61.187.160 port 56822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:49.126Z","@version":"1","message":"Sep  8 06:45:48 honeypot-sgp-1 sshd[29941]: Disconnected from invalid user user 45.61.187.160 port 51870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:47:20 honeypot-fra-1 sshd[23418]: Received disconnect from 165.22.45.108 port 33690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T06:47:20.453Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:48:03 honeypot-ams-1 kernel: [83496271.457029] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.101 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57817 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:48:03.406Z"}
{"@timestamp":"2022-09-08T06:50:54.249Z","@version":"1","message":"Sep  8 06:50:53 honeypot-sgp-1 sshd[29946]: Disconnected from authenticating user root 61.177.173.39 port 30684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:54:34 honeypot-fra-1 sshd[23425]: Disconnected from authenticating user root 92.255.85.70 port 52512 [preauth]","@timestamp":"2022-09-08T06:54:34.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:55:07.353Z","@version":"1","message":"Sep  8 06:55:06 honeypot-sgp-1 sshd[30049]: Disconnected from authenticating user root 61.177.173.51 port 38452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:56:55.399Z","@version":"1","message":"Sep  8 06:56:54 honeypot-sgp-1 sshd[30056]: Received disconnect from 61.177.172.90 port 30969:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:57:19.411Z","@version":"1","message":"Sep  8 06:57:18 honeypot-sgp-1 sshd[30060]: Disconnected from authenticating user root 61.177.172.98 port 15907 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:57:55.428Z","@version":"1","message":"Sep  8 06:57:55 honeypot-sgp-1 sshd[30066]: Invalid user sya from 118.163.170.24 port 37554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:58:35 honeypot-ams-1 kernel: [83496903.599093] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6899 PROTO=TCP SPT=50641 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:58:35.672Z"}
{"@timestamp":"2022-09-08T06:59:03.458Z","@version":"1","message":"Sep  8 06:59:02 honeypot-sgp-1 kernel: [83496460.327894] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.46 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55536 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T07:00:07.488Z","@version":"1","message":"Sep  8 07:00:07 honeypot-sgp-1 sshd[30076]: Invalid user jonitiso from 157.245.122.58 port 45522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T07:01:50.534Z","@version":"1","message":"Sep  8 07:01:50 honeypot-sgp-1 sshd[30082]: Received disconnect from 111.93.191.170 port 22281:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T07:05:07.615Z","@version":"1","message":"Sep  8 07:05:07 honeypot-sgp-1 sshd[30085]: Invalid user pi from 158.248.51.169 port 40540","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:05:20 honeypot-fra-1 sshd[23431]: Invalid user git from 81.16.11.250 port 59462","@timestamp":"2022-09-08T07:05:20.845Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:08:36 honeypot-ams-1 sshd[526]: Disconnected from authenticating user root 61.177.173.46 port 35262 [preauth]","@timestamp":"2022-09-08T07:08:36.931Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:09:10 honeypot-fra-1 sshd[23433]: Received disconnect from 165.22.45.108 port 38472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T07:09:10.931Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T07:09:43.727Z","@version":"1","message":"Sep  8 07:09:43 honeypot-sgp-1 kernel: [83497101.078815] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=23170 PROTO=TCP SPT=53368 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:12:57 honeypot-ams-1 sshd[536]: Did not receive identification string from 45.61.186.169 port 45220","@timestamp":"2022-09-08T07:12:58.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:21 honeypot-ams-1 sshd[539]: Disconnected from invalid user user 45.61.186.169 port 48096 [preauth]","@timestamp":"2022-09-08T07:13:22.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:38 honeypot-ams-1 sshd[545]: Received disconnect from 45.61.186.169 port 42626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T07:13:39.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:54 honeypot-ams-1 sshd[549]: Received disconnect from 45.61.186.169 port 37188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T07:13:55.075Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 07:15:53 honeypot-ams-1 kernel: [83497941.627391] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=22845 PROTO=TCP SPT=12142 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:15:54.126Z"}
{"@timestamp":"2022-09-08T07:16:47.898Z","@version":"1","message":"Sep  8 07:16:47 honeypot-sgp-1 sshd[30099]: Invalid user michaels from 80.39.22.192 port 40228","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T07:17:41.941Z","@version":"1","message":"Sep  8 07:17:41 honeypot-sgp-1 sshd[30106]: Received disconnect from 43.154.66.195 port 53254:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:17:59 honeypot-fra-1 sshd[23439]: Disconnected from authenticating user root 92.255.85.70 port 44104 [preauth]","@timestamp":"2022-09-08T07:18:00.119Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T07:20:58.026Z","@version":"1","message":"Sep  8 07:20:57 honeypot-sgp-1 sshd[30111]: Disconnected from authenticating user root 92.255.85.70 port 63600 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:22:21 honeypot-fra-1 sshd[23444]: Disconnected from invalid user vicky 177.73.136.175 port 39820 [preauth]","@timestamp":"2022-09-08T07:22:21.216Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 07:23:08 honeypot-ams-1 kernel: [83498377.040084] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=57062 PROTO=TCP SPT=58728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:23:09.314Z"}
{"@timestamp":"2022-09-08T07:27:32.183Z","@version":"1","message":"Sep  8 07:27:31 honeypot-sgp-1 sshd[30118]: Received disconnect from 61.177.173.46 port 31740:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:31:31 honeypot-fra-1 sshd[23451]: Invalid user jira from 165.22.45.108 port 43258","@timestamp":"2022-09-08T07:31:32.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:33:33 honeypot-ams-1 sshd[572]: Received disconnect from 92.255.85.69 port 20286:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:33:33.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:34:56 honeypot-ams-1 sshd[579]: Disconnected from invalid user jurgen 211.200.178.178 port 38824 [preauth]","@timestamp":"2022-09-08T07:34:57.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:37:23 honeypot-fra-1 sshd[23455]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 57005","@timestamp":"2022-09-08T07:37:24.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:39:53 honeypot-ams-1 sshd[587]: Received disconnect from 165.227.204.174 port 53470:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:39:53.757Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:41:02 honeypot-fra-1 sshd[23459]: Disconnected from authenticating user root 92.255.85.70 port 61352 [preauth]","@timestamp":"2022-09-08T07:41:02.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T07:42:22.536Z","@version":"1","message":"Sep  8 07:42:21 honeypot-sgp-1 sshd[30125]: Invalid user user1 from 103.188.176.251 port 38410","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:44:35 honeypot-ams-1 sshd[592]: Disconnected from authenticating user root 61.177.173.36 port 49454 [preauth]","@timestamp":"2022-09-08T07:44:35.885Z"}
{"@timestamp":"2022-09-08T07:50:30.730Z","@version":"1","message":"Sep  8 07:50:29 honeypot-sgp-1 sshd[30135]: Unable to negotiate with 211.24.73.92 port 53799: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:52:00 honeypot-fra-1 sshd[23467]: Received disconnect from 163.53.91.102 port 37462:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:52:00.863Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:56:19 honeypot-ams-1 sshd[602]: Received disconnect from 92.255.85.70 port 29926:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:56:20.198Z"}
{"@timestamp":"2022-09-08T07:58:21.948Z","@version":"1","message":"Sep  8 07:58:21 honeypot-sgp-1 kernel: [83500018.820477] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=38849 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:58:57 honeypot-fra-1 sshd[23472]: Invalid user hamburg from 134.17.17.32 port 35736","@timestamp":"2022-09-08T07:58:58.015Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:03:28 honeypot-ams-1 sshd[611]: Connection closed by invalid user admin 193.106.191.157 port 38988 [preauth]","@timestamp":"2022-09-08T08:03:29.387Z"}
{"@timestamp":"2022-09-08T08:06:58.156Z","@version":"1","message":"Sep  8 08:06:57 honeypot-sgp-1 sshd[30146]: Received disconnect from 68.183.141.33 port 42722:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:09:27 honeypot-fra-1 kernel: [83499007.617452] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.232.53.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=53149 PROTO=TCP SPT=41362 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:09:27.267Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T08:13:13.311Z","@version":"1","message":"Sep  8 08:13:12 honeypot-sgp-1 kernel: [83500910.257005] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=13.56.211.68 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=39536 PROTO=TCP SPT=44791 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:13:39 honeypot-ams-1 sshd[620]: Received disconnect from 61.177.173.35 port 48042:11:  [preauth]","@timestamp":"2022-09-08T08:13:39.656Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:15:11 honeypot-fra-1 kernel: [83499352.278910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.220.205.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46160 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:15:12.395Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:16:17 honeypot-fra-1 kernel: [83499418.269474] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=1171 PROTO=TCP SPT=44774 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:16:18.422Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:17:01 honeypot-ams-1 CRON[627]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T08:17:02.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:18:39 honeypot-ams-1 sshd[633]: Received disconnect from 45.61.187.160 port 50042:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:18:39.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:18:56 honeypot-ams-1 sshd[637]: Received disconnect from 45.61.187.160 port 44938:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:18:56.808Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:11 honeypot-fra-1 sshd[23514]: Invalid user user from 198.98.61.9 port 41426","@timestamp":"2022-09-08T08:19:11.490Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:19:12 honeypot-ams-1 sshd[641]: Received disconnect from 45.61.187.160 port 39830:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:19:12.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:19 honeypot-fra-1 sshd[23518]: Invalid user user from 198.98.61.9 port 52642","@timestamp":"2022-09-08T08:19:20.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:19:20 honeypot-ams-1 sshd[645]: Disconnected from invalid user user 45.61.187.160 port 51394 [preauth]","@timestamp":"2022-09-08T08:19:20.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:35 honeypot-fra-1 sshd[23522]: Invalid user user from 198.98.61.9 port 46842","@timestamp":"2022-09-08T08:19:36.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:50 honeypot-fra-1 sshd[23526]: Invalid user user from 198.98.61.9 port 41044","@timestamp":"2022-09-08T08:19:50.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:19:56.475Z","@version":"1","message":"Sep  8 08:19:55 honeypot-sgp-1 sshd[30181]: Disconnected from authenticating user root 61.177.173.46 port 42970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:21:21 honeypot-fra-1 sshd[23531]: Unable to negotiate with 211.24.73.92 port 59537: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-08T08:21:21.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:21:28 honeypot-ams-1 sshd[652]: Received disconnect from 61.177.173.50 port 62960:11:  [preauth]","@timestamp":"2022-09-08T08:21:29.880Z"}
{"@timestamp":"2022-09-08T08:25:22.608Z","@version":"1","message":"Sep  8 08:25:21 honeypot-sgp-1 sshd[30189]: Received disconnect from 61.177.173.36 port 27912:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 08:28:39 honeypot-ams-1 kernel: [83502307.547638] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.108.158 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62163 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:28:40.075Z"}
{"@timestamp":"2022-09-08T08:30:35.736Z","@version":"1","message":"Sep  8 08:30:35 honeypot-sgp-1 sshd[30196]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 38376: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:32:59 honeypot-fra-1 sshd[23538]: Invalid user Admin from 199.241.169.128 port 59268","@timestamp":"2022-09-08T08:32:59.801Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:34:48 honeypot-ams-1 sshd[682]: Received disconnect from 198.98.61.9 port 38448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:34:49.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:05 honeypot-ams-1 sshd[686]: Received disconnect from 198.98.61.9 port 60818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:35:05.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:21 honeypot-ams-1 sshd[690]: Received disconnect from 198.98.61.9 port 54850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:35:22.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:36 honeypot-ams-1 sshd[694]: Received disconnect from 198.98.61.9 port 48910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:35:36.261Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:38:16 honeypot-fra-1 kernel: [83500736.741171] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=13676 PROTO=TCP SPT=45771 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:38:16.921Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T08:41:27.000Z","@version":"1","message":"Sep  8 08:41:26 honeypot-sgp-1 sshd[30203]: Invalid user harri from 103.246.240.30 port 37708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:41:41 honeypot-fra-1 sshd[23547]: Did not receive identification string from 121.4.246.227 port 57144","@timestamp":"2022-09-08T08:41:41.998Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:42:04.018Z","@version":"1","message":"Sep  8 08:42:03 honeypot-sgp-1 sshd[30208]: Disconnected from authenticating user root 103.111.23.22 port 48518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:43:58 honeypot-ams-1 sshd[704]: Received disconnect from 92.255.85.70 port 62708:11: Bye Bye [preauth]","@timestamp":"2022-09-08T08:43:59.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:47:18 honeypot-ams-1 sshd[706]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-08T08:47:18.567Z"}
{"@timestamp":"2022-09-08T08:55:11.334Z","@version":"1","message":"Sep  8 08:55:10 honeypot-sgp-1 sshd[30217]: Disconnected from authenticating user root 218.92.0.221 port 39565 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:09 honeypot-fra-1 sshd[23568]: Did not receive identification string from 198.98.61.9 port 39826","@timestamp":"2022-09-08T08:57:10.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:33 honeypot-fra-1 sshd[23571]: Received disconnect from 198.98.61.9 port 50374:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:57:34.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:47 honeypot-fra-1 sshd[23576]: Received disconnect from 198.98.61.9 port 44400:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:57:47.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:55 honeypot-fra-1 sshd[23580]: Received disconnect from 198.98.61.9 port 55536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:57:55.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:00 honeypot-fra-1 sshd[23584]: Received disconnect from 141.255.162.226 port 37160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:58:01.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:02 honeypot-fra-1 sshd[23588]: Received disconnect from 141.255.162.226 port 50732:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:58:02.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:10 honeypot-fra-1 sshd[23594]: Invalid user user from 198.98.61.9 port 49572","@timestamp":"2022-09-08T08:58:11.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:00:02 honeypot-fra-1 sshd[23599]: Disconnected from invalid user user 45.61.186.49 port 42446 [preauth]","@timestamp":"2022-09-08T09:00:02.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:00:11 honeypot-fra-1 sshd[23603]: Disconnected from invalid user user 45.61.186.49 port 54526 [preauth]","@timestamp":"2022-09-08T09:00:11.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:00:20 honeypot-fra-1 sshd[23607]: Disconnected from invalid user jjd 165.22.45.108 port 34902 [preauth]","@timestamp":"2022-09-08T09:00:21.417Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:03:13 honeypot-ams-1 sshd[715]: Received disconnect from 61.177.173.53 port 52425:11:  [preauth]","@timestamp":"2022-09-08T09:03:14.003Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 09:06:30 honeypot-ams-1 kernel: [83504578.652470] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.98.9.237 DST=178.62.254.91 LEN=52 TOS=0x10 PREC=0x60 TTL=114 ID=8564 DF PROTO=TCP SPT=1548 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:06:31.093Z"}
{"@timestamp":"2022-09-08T09:08:09.665Z","@version":"1","message":"Sep  8 09:08:09 honeypot-sgp-1 sshd[30226]: Invalid user kelly from 162.243.61.162 port 40300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:08:16 honeypot-fra-1 sshd[23612]: Connection closed by invalid user admin 193.106.191.157 port 60984 [preauth]","@timestamp":"2022-09-08T09:08:16.592Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:10:00 honeypot-ams-1 sshd[720]: Disconnected from authenticating user root 61.177.173.47 port 13029 [preauth]","@timestamp":"2022-09-08T09:10:00.183Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:10:29 honeypot-fra-1 sshd[23618]: Disconnected from invalid user fax 104.248.141.166 port 55678 [preauth]","@timestamp":"2022-09-08T09:10:29.642Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:10:50.731Z","@version":"1","message":"Sep  8 09:10:49 honeypot-sgp-1 kernel: [83504367.409708] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=61891 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T09:13:35.798Z","@version":"1","message":"Sep  8 09:13:35 honeypot-sgp-1 sshd[30235]: Disconnected from invalid user konstanze 202.83.17.205 port 60576 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:17:01 honeypot-fra-1 CRON[23624]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T09:17:01.786Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:17:01.882Z","@version":"1","message":"Sep  8 09:17:00 honeypot-sgp-1 sshd[30245]: Disconnected from authenticating user root 190.128.118.185 port 54443 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:17:01 honeypot-ams-1 CRON[725]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T09:17:02.367Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:21:33 honeypot-fra-1 sshd[23628]: Disconnected from invalid user lukeria 159.89.230.196 port 45854 [preauth]","@timestamp":"2022-09-08T09:21:33.891Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:22:14.007Z","@version":"1","message":"Sep  8 09:22:14 honeypot-sgp-1 sshd[30255]: Received disconnect from 61.177.173.36 port 57826:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:22:39 honeypot-ams-1 sshd[735]: Connection closed by 180.76.173.237 port 55332 [preauth]","@timestamp":"2022-09-08T09:22:39.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:24:22 honeypot-fra-1 sshd[23632]: Disconnected from invalid user maurice 43.156.241.174 port 60646 [preauth]","@timestamp":"2022-09-08T09:24:22.953Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 09:28:22 honeypot-ams-1 kernel: [83505890.830582] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.104 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34855 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:28:23.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:34:01 honeypot-ams-1 sshd[747]: Disconnected from authenticating user root 61.177.173.49 port 16230 [preauth]","@timestamp":"2022-09-08T09:34:01.828Z"}
{"@timestamp":"2022-09-08T09:36:17.344Z","@version":"1","message":"Sep  8 09:36:16 honeypot-sgp-1 sshd[30264]: Received disconnect from 61.177.173.48 port 49831:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23642]: Invalid user www from 20.111.24.241 port 39900","@timestamp":"2022-09-08T09:37:56.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23656]: Connection closed by invalid user testuser 20.111.24.241 port 40034 [preauth]","@timestamp":"2022-09-08T09:37:56.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23660]: Connection closed by invalid user vagrant 20.111.24.241 port 40048 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23667]: Invalid user user from 20.111.24.241 port 40060","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23663]: Connection closed by invalid user git 20.111.24.241 port 40052 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23654]: Invalid user user from 20.111.24.241 port 39926","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23646]: Invalid user oracle from 20.111.24.241 port 39940","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23647]: Connection closed by invalid user www 20.111.24.241 port 39890 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23645]: Connection closed by authenticating user root 20.111.24.241 port 39910 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:38:02 honeypot-fra-1 sshd[23693]: Disconnected from authenticating user root 92.255.85.70 port 32480 [preauth]","@timestamp":"2022-09-08T09:38:02.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:42:13 honeypot-fra-1 sshd[23697]: Disconnected from invalid user clark 51.250.79.55 port 48582 [preauth]","@timestamp":"2022-09-08T09:42:14.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:42:57.502Z","@version":"1","message":"Sep  8 09:42:56 honeypot-sgp-1 kernel: [83506294.063245] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65361 PROTO=TCP SPT=49819 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:46:14 honeypot-fra-1 kernel: [83504814.999366] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.101.80.192 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=21061 PROTO=TCP SPT=50373 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:46:15.438Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:46:35 honeypot-ams-1 sshd[835]: Invalid user Admin from 172.91.16.82 port 53776","@timestamp":"2022-09-08T09:46:35.157Z"}
{"@timestamp":"2022-09-08T09:50:18.678Z","@version":"1","message":"Sep  8 09:50:18 honeypot-sgp-1 sshd[30274]: Disconnected from authenticating user root 61.177.173.36 port 12499 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:52:46 honeypot-ams-1 sshd[842]: Received disconnect from 92.255.85.70 port 44354:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:52:46.322Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:54:47 honeypot-ams-1 sshd[844]: Disconnected from authenticating user root 61.177.172.98 port 46340 [preauth]","@timestamp":"2022-09-08T09:54:48.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:00:33 honeypot-fra-1 sshd[23709]: Received disconnect from 79.110.62.213 port 50874:11: Bye Bye [preauth]","@timestamp":"2022-09-08T10:00:33.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:01:00 honeypot-fra-1 sshd[23714]: Received disconnect from 104.236.91.72 port 46942:11: Bye Bye [preauth]","@timestamp":"2022-09-08T10:01:00.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:04:23 honeypot-fra-1 sshd[23718]: Received disconnect from 139.59.70.64 port 38440:11: Bye Bye [preauth]","@timestamp":"2022-09-08T10:04:23.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:07:47.137Z","@version":"1","message":"Sep  8 10:07:46 honeypot-sgp-1 sshd[30284]: Did not receive identification string from 141.255.162.226 port 35692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:07:54 honeypot-fra-1 kernel: [83506114.957824] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=48084 PROTO=TCP SPT=58728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:07:54.909Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T10:08:07.147Z","@version":"1","message":"Sep  8 10:08:06 honeypot-sgp-1 sshd[30287]: Disconnected from invalid user user 141.255.162.226 port 55270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:08:12.149Z","@version":"1","message":"Sep  8 10:08:11 honeypot-sgp-1 sshd[30291]: Disconnected from invalid user user 141.255.162.226 port 41358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:09:53 honeypot-ams-1 sshd[861]: Received disconnect from 185.149.120.61 port 36652:11: Bye Bye [preauth]","@timestamp":"2022-09-08T10:09:53.791Z"}
{"@timestamp":"2022-09-08T10:12:25.252Z","@version":"1","message":"Sep  8 10:12:24 honeypot-sgp-1 sshd[30299]: Did not receive identification string from 45.61.186.249 port 44928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:12:49.264Z","@version":"1","message":"Sep  8 10:12:48 honeypot-sgp-1 sshd[30302]: Disconnected from invalid user user 45.61.186.249 port 59840 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:13:09.274Z","@version":"1","message":"Sep  8 10:13:08 honeypot-sgp-1 sshd[30306]: Disconnected from invalid user user 45.61.186.249 port 55068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:13:29.283Z","@version":"1","message":"Sep  8 10:13:29 honeypot-sgp-1 sshd[30310]: Disconnected from invalid user user 45.61.186.249 port 50276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:13:48.293Z","@version":"1","message":"Sep  8 10:13:48 honeypot-sgp-1 sshd[30316]: Invalid user user from 45.61.186.249 port 45510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:17:01 honeypot-ams-1 CRON[866]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T10:17:01.981Z"}
{"@timestamp":"2022-09-08T10:17:02.371Z","@version":"1","message":"Sep  8 10:17:01 honeypot-sgp-1 CRON[30321]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:17:16 honeypot-fra-1 sshd[23730]: Disconnected from authenticating user root 200.42.176.235 port 51518 [preauth]","@timestamp":"2022-09-08T10:17:17.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:19 honeypot-ams-1 sshd[873]: Invalid user user from 198.98.61.9 port 58914","@timestamp":"2022-09-08T10:21:20.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:35 honeypot-ams-1 sshd[877]: Invalid user user from 198.98.61.9 port 53366","@timestamp":"2022-09-08T10:21:36.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:50 honeypot-ams-1 sshd[882]: Invalid user user from 198.98.61.9 port 47826","@timestamp":"2022-09-08T10:21:51.114Z"}
{"@timestamp":"2022-09-08T10:21:56.492Z","@version":"1","message":"Sep  8 10:21:55 honeypot-sgp-1 kernel: [83508633.266412] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.220.165.123 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=43937 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:23:33 honeypot-ams-1 sshd[886]: Received disconnect from 167.172.246.83 port 39338:11: Bye Bye [preauth]","@timestamp":"2022-09-08T10:23:34.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:23:56 honeypot-fra-1 sshd[23736]: Disconnected from authenticating user root 92.255.85.69 port 41442 [preauth]","@timestamp":"2022-09-08T10:23:57.259Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:29:31 honeypot-fra-1 sshd[23742]: Invalid user test from 176.111.173.140 port 56524","@timestamp":"2022-09-08T10:29:31.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:30:37 honeypot-ams-1 sshd[889]: Received disconnect from 49.88.112.65 port 62573:11:  [preauth]","@timestamp":"2022-09-08T10:30:38.347Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 10:34:20 honeypot-ams-1 kernel: [83509848.408666] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.91.47.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=45049 PROTO=TCP SPT=4153 DPT=80 WINDOW=9737 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:34:20.449Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:37:49 honeypot-fra-1 sshd[23751]: Received disconnect from 143.244.158.100 port 44372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:37:50.562Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:38:59 honeypot-ams-1 sshd[898]: Invalid user user from 45.61.184.204 port 42140","@timestamp":"2022-09-08T10:39:00.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:17 honeypot-ams-1 sshd[902]: Invalid user user from 45.61.184.204 port 36100","@timestamp":"2022-09-08T10:39:18.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:27 honeypot-ams-1 sshd[906]: Received disconnect from 92.255.85.70 port 27988:11: Bye Bye [preauth]","@timestamp":"2022-09-08T10:39:27.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:47 honeypot-ams-1 sshd[910]: Invalid user user from 45.61.184.204 port 41176","@timestamp":"2022-09-08T10:39:47.595Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:40:22 honeypot-fra-1 sshd[23757]: Received disconnect from 143.244.158.100 port 42030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:40:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:42:01 honeypot-fra-1 sshd[23762]: Received disconnect from 143.244.158.100 port 54182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:42:01.712Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:42:33.979Z","@version":"1","message":"Sep  8 10:42:33 honeypot-sgp-1 sshd[30768]: Connection closed by invalid user admin 128.199.160.207 port 33518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:42:33.979Z","@version":"1","message":"Sep  8 10:42:33 honeypot-sgp-1 sshd[30774]: Connection closed by invalid user admin 128.199.160.207 port 33546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:43:52 honeypot-fra-1 sshd[23768]: Received disconnect from 143.244.158.100 port 58056:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:43:52.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 10:45:52 honeypot-ams-1 kernel: [83510540.117488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.108.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=32761 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:45:52.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:46:01 honeypot-ams-1 sshd[916]: Disconnected from invalid user user 45.61.186.49 port 48170 [preauth]","@timestamp":"2022-09-08T10:46:01.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:46:11 honeypot-ams-1 sshd[920]: Disconnected from invalid user user 45.61.186.49 port 59904 [preauth]","@timestamp":"2022-09-08T10:46:11.762Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:46:20 honeypot-fra-1 sshd[23775]: Received disconnect from 143.244.158.100 port 39014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:46:20.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:48:01 honeypot-fra-1 sshd[23781]: Received disconnect from 143.244.158.100 port 53134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:48:01.846Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:48:53.130Z","@version":"1","message":"Sep  8 10:48:52 honeypot-sgp-1 sshd[30780]: Received disconnect from 141.255.162.226 port 58248:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:48:56.132Z","@version":"1","message":"Sep  8 10:48:55 honeypot-sgp-1 sshd[30783]: Received disconnect from 141.255.162.226 port 44416:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:50:02 honeypot-fra-1 kernel: [83508642.767778] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=15908 PROTO=TCP SPT=43685 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:50:02.893Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:03 honeypot-fra-1 sshd[23791]: Did not receive identification string from 141.255.162.226 port 36506","@timestamp":"2022-09-08T10:51:04.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:13 honeypot-fra-1 sshd[23794]: Disconnected from invalid user user 141.255.162.226 port 60570 [preauth]","@timestamp":"2022-09-08T10:51:13.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:15 honeypot-fra-1 sshd[23798]: Disconnected from invalid user user 141.255.162.226 port 53458 [preauth]","@timestamp":"2022-09-08T10:51:15.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:17 honeypot-fra-1 sshd[23802]: Disconnected from invalid user user 141.255.162.226 port 39456 [preauth]","@timestamp":"2022-09-08T10:51:17.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:20 honeypot-fra-1 sshd[23808]: Disconnected from invalid user user 141.255.162.226 port 60818 [preauth]","@timestamp":"2022-09-08T10:51:20.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:52:59 honeypot-fra-1 sshd[23813]: Received disconnect from 143.244.158.100 port 37452:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:52:59.967Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:55:33 honeypot-fra-1 sshd[23819]: Received disconnect from 143.244.158.100 port 35440:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:55:34.024Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:57:12 honeypot-fra-1 sshd[23824]: Disconnected from authenticating user root 143.244.158.100 port 46944 [preauth]","@timestamp":"2022-09-08T10:57:13.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:59:46 honeypot-fra-1 sshd[23830]: Received disconnect from 143.244.158.100 port 55366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:59:47.124Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:01:55 honeypot-ams-1 sshd[925]: Received disconnect from 92.255.85.69 port 50286:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:01:56.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:02:30 honeypot-fra-1 sshd[23837]: Received disconnect from 143.244.158.100 port 55816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:02:30.186Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:03:49.484Z","@version":"1","message":"Sep  8 11:03:49 honeypot-sgp-1 kernel: [83511146.690207] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=39616 DF PROTO=TCP SPT=58127 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:05:00 honeypot-fra-1 kernel: [83509540.873265] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21554 DF PROTO=TCP SPT=45359 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:05:01.242Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:06:11 honeypot-fra-1 sshd[23847]: Disconnected from authenticating user root 143.244.158.100 port 43098 [preauth]","@timestamp":"2022-09-08T11:06:12.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:08:54 honeypot-fra-1 sshd[23854]: Disconnected from authenticating user root 143.244.158.100 port 36418 [preauth]","@timestamp":"2022-09-08T11:08:55.345Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:32 honeypot-ams-1 sshd[933]: Received disconnect from 109.205.213.20 port 37582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:09:32.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:55 honeypot-ams-1 sshd[939]: Invalid user ubnt from 2.205.79.92 port 63923","@timestamp":"2022-09-08T11:09:55.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:55 honeypot-ams-1 sshd[943]: Disconnected from authenticating user root 2.205.79.92 port 52400 [preauth]","@timestamp":"2022-09-08T11:09:56.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:56 honeypot-ams-1 sshd[949]: Disconnected from authenticating user root 2.205.79.92 port 52430 [preauth]","@timestamp":"2022-09-08T11:09:57.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:57 honeypot-ams-1 sshd[955]: Disconnected from authenticating user root 2.205.79.92 port 52454 [preauth]","@timestamp":"2022-09-08T11:09:58.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:58 honeypot-ams-1 sshd[961]: Disconnected from authenticating user root 2.205.79.92 port 52475 [preauth]","@timestamp":"2022-09-08T11:09:59.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:59 honeypot-ams-1 sshd[967]: Disconnected from authenticating user root 2.205.79.92 port 52507 [preauth]","@timestamp":"2022-09-08T11:09:59.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:00 honeypot-ams-1 sshd[973]: Disconnected from authenticating user root 2.205.79.92 port 52543 [preauth]","@timestamp":"2022-09-08T11:10:00.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:00 honeypot-ams-1 sshd[979]: Disconnected from authenticating user root 2.205.79.92 port 52568 [preauth]","@timestamp":"2022-09-08T11:10:01.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:01 honeypot-ams-1 sshd[985]: Disconnected from authenticating user root 2.205.79.92 port 52586 [preauth]","@timestamp":"2022-09-08T11:10:02.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:02 honeypot-ams-1 sshd[991]: Disconnected from authenticating user root 2.205.79.92 port 52617 [preauth]","@timestamp":"2022-09-08T11:10:03.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:03 honeypot-ams-1 sshd[997]: Disconnected from authenticating user root 2.205.79.92 port 52641 [preauth]","@timestamp":"2022-09-08T11:10:04.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:04 honeypot-ams-1 sshd[1001]: Disconnected from invalid user admin 2.205.79.92 port 63995 [preauth]","@timestamp":"2022-09-08T11:10:04.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:04 honeypot-ams-1 sshd[1005]: Disconnected from invalid user admin 2.205.79.92 port 52687 [preauth]","@timestamp":"2022-09-08T11:10:05.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:05 honeypot-ams-1 sshd[1009]: Disconnected from invalid user admin 2.205.79.92 port 52708 [preauth]","@timestamp":"2022-09-08T11:10:05.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:05 honeypot-ams-1 sshd[1013]: Disconnected from invalid user admin 2.205.79.92 port 52728 [preauth]","@timestamp":"2022-09-08T11:10:06.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:06 honeypot-ams-1 sshd[1017]: Disconnected from invalid user admin 2.205.79.92 port 52748 [preauth]","@timestamp":"2022-09-08T11:10:06.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:06 honeypot-ams-1 sshd[1023]: Received disconnect from 2.205.79.92 port 52767:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:07.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:07 honeypot-ams-1 sshd[1027]: Disconnected from invalid user pi 2.205.79.92 port 52783 [preauth]","@timestamp":"2022-09-08T11:10:08.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:08 honeypot-ams-1 sshd[1031]: Disconnected from invalid user ethos 2.205.79.92 port 52797 [preauth]","@timestamp":"2022-09-08T11:10:08.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:08 honeypot-ams-1 sshd[1035]: Disconnected from invalid user xbmc 2.205.79.92 port 52810 [preauth]","@timestamp":"2022-09-08T11:10:09.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:09 honeypot-ams-1 sshd[1039]: Disconnected from invalid user oracle 2.205.79.92 port 52829 [preauth]","@timestamp":"2022-09-08T11:10:09.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:09 honeypot-ams-1 sshd[1043]: Disconnected from invalid user postgres 2.205.79.92 port 52854 [preauth]","@timestamp":"2022-09-08T11:10:10.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:10 honeypot-ams-1 sshd[1047]: Disconnected from invalid user support 2.205.79.92 port 52872 [preauth]","@timestamp":"2022-09-08T11:10:10.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:10 honeypot-ams-1 sshd[1051]: Disconnected from invalid user ubuntu 2.205.79.92 port 52889 [preauth]","@timestamp":"2022-09-08T11:10:11.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:11 honeypot-ams-1 sshd[1055]: Disconnected from invalid user ubuntu 2.205.79.92 port 52905 [preauth]","@timestamp":"2022-09-08T11:10:12.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:12 honeypot-ams-1 sshd[1059]: Disconnected from invalid user guest 2.205.79.92 port 52921 [preauth]","@timestamp":"2022-09-08T11:10:12.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:12 honeypot-ams-1 sshd[1063]: Disconnected from invalid user cirros 2.205.79.92 port 52943 [preauth]","@timestamp":"2022-09-08T11:10:13.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:10:39 honeypot-fra-1 sshd[23860]: Disconnected from authenticating user root 143.244.158.100 port 38646 [preauth]","@timestamp":"2022-09-08T11:10:39.385Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:40 honeypot-ams-1 sshd[1069]: Received disconnect from 109.205.213.20 port 52444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:10:41.399Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:12:29 honeypot-ams-1 sshd[1073]: Disconnected from invalid user user 109.205.213.20 port 34596 [preauth]","@timestamp":"2022-09-08T11:12:29.445Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:13:05 honeypot-fra-1 sshd[23868]: Invalid user jlenz from 165.22.45.108 port 35480","@timestamp":"2022-09-08T11:13:06.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:14:10 honeypot-fra-1 sshd[23872]: Disconnected from authenticating user root 106.12.107.221 port 38028 [preauth]","@timestamp":"2022-09-08T11:14:11.466Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:15:02.754Z","@version":"1","message":"Sep  8 11:15:02 honeypot-sgp-1 sshd[30797]: Connection closed by invalid user pi 79.163.138.216 port 56532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:16:00 honeypot-fra-1 sshd[23878]: Disconnected from authenticating user root 143.244.158.100 port 54156 [preauth]","@timestamp":"2022-09-08T11:16:00.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:17:42 honeypot-fra-1 sshd[23885]: Received disconnect from 143.244.158.100 port 39390:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:17:43.566Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 11:18:21 honeypot-ams-1 kernel: [83512489.605696] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41031 PROTO=TCP SPT=55505 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:18:22.599Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:19:25 honeypot-fra-1 sshd[23890]: Disconnected from authenticating user root 143.244.158.100 port 41066 [preauth]","@timestamp":"2022-09-08T11:19:26.606Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:20:30 honeypot-ams-1 sshd[1085]: Received disconnect from 198.98.61.9 port 53322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:20:30.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:20:46 honeypot-ams-1 sshd[1089]: Received disconnect from 198.98.61.9 port 47868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:20:46.667Z"}
{"@timestamp":"2022-09-08T11:20:49.897Z","@version":"1","message":"Sep  8 11:20:49 honeypot-sgp-1 kernel: [83512167.164408] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=24822 PROTO=TCP SPT=51231 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:21:01 honeypot-ams-1 sshd[1093]: Received disconnect from 198.98.61.9 port 42424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:21:01.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:22:10 honeypot-fra-1 sshd[23896]: Received disconnect from 143.244.158.100 port 45028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:22:10.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:22:48 honeypot-ams-1 sshd[1097]: Did not receive identification string from 143.198.79.64 port 41522","@timestamp":"2022-09-08T11:22:48.724Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 11:26:35 honeypot-ams-1 kernel: [83512983.268507] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=59575 PROTO=TCP SPT=51651 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:26:35.826Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:31:08 honeypot-fra-1 sshd[23901]: Invalid user admin from 159.203.178.0 port 43180","@timestamp":"2022-09-08T11:31:08.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:31:09 honeypot-fra-1 sshd[23907]: Invalid user admin from 159.203.178.0 port 43204","@timestamp":"2022-09-08T11:31:10.867Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:33:09.193Z","@version":"1","message":"Sep  8 11:33:09 honeypot-sgp-1 sshd[30805]: Invalid user paulino from 128.199.177.90 port 34660","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:35:10.245Z","@version":"1","message":"Sep  8 11:35:09 honeypot-sgp-1 sshd[30808]: Connection closed by invalid user  64.62.197.92 port 47860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:35:20 honeypot-fra-1 sshd[23912]: Disconnected from invalid user jl 165.22.45.108 port 40284 [preauth]","@timestamp":"2022-09-08T11:35:20.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:39:08 honeypot-ams-1 sshd[1106]: Disconnected from invalid user testftp 122.181.16.134 port 44389 [preauth]","@timestamp":"2022-09-08T11:39:09.159Z"}
{"@timestamp":"2022-09-08T11:40:25.375Z","@version":"1","message":"Sep  8 11:40:24 honeypot-sgp-1 kernel: [83513341.867443] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=113.131.156.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=20920 PROTO=TCP SPT=46214 DPT=80 WINDOW=52695 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:43:05 honeypot-ams-1 sshd[1111]: Disconnected from invalid user hudson 41.60.236.6 port 47868 [preauth]","@timestamp":"2022-09-08T11:43:06.264Z"}
{"@timestamp":"2022-09-08T11:45:42.505Z","@version":"1","message":"Sep  8 11:45:42 honeypot-sgp-1 sshd[30819]: Received disconnect from 179.224.196.91 port 10155:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:45:49.508Z","@version":"1","message":"Sep  8 11:45:48 honeypot-sgp-1 sshd[30823]: Disconnected from authenticating user root 179.224.196.91 port 10157 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:45:58.514Z","@version":"1","message":"Sep  8 11:45:58 honeypot-sgp-1 sshd[30829]: Disconnected from authenticating user root 179.224.196.91 port 10160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:07.518Z","@version":"1","message":"Sep  8 11:46:07 honeypot-sgp-1 sshd[30835]: Disconnected from authenticating user root 179.224.196.91 port 10163 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:17.524Z","@version":"1","message":"Sep  8 11:46:16 honeypot-sgp-1 sshd[30841]: Disconnected from authenticating user root 179.224.196.91 port 10166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:26.529Z","@version":"1","message":"Sep  8 11:46:26 honeypot-sgp-1 sshd[30847]: Disconnected from authenticating user root 179.224.196.91 port 10169 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:46:28 honeypot-fra-1 kernel: [83512028.277292] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.5 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=32831 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:46:28.198Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T11:46:36.534Z","@version":"1","message":"Sep  8 11:46:35 honeypot-sgp-1 sshd[30853]: Disconnected from authenticating user root 179.224.196.91 port 10172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:45.539Z","@version":"1","message":"Sep  8 11:46:44 honeypot-sgp-1 sshd[30859]: Disconnected from authenticating user root 179.224.196.91 port 10175 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:54.545Z","@version":"1","message":"Sep  8 11:46:54 honeypot-sgp-1 sshd[30865]: Disconnected from authenticating user root 179.224.196.91 port 10178 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:03.551Z","@version":"1","message":"Sep  8 11:47:03 honeypot-sgp-1 sshd[30871]: Disconnected from authenticating user root 179.224.196.91 port 10181 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:13.556Z","@version":"1","message":"Sep  8 11:47:12 honeypot-sgp-1 sshd[30878]: Disconnected from authenticating user root 179.224.196.91 port 10184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:22.560Z","@version":"1","message":"Sep  8 11:47:21 honeypot-sgp-1 sshd[30884]: Disconnected from authenticating user root 179.224.196.91 port 10187 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:31.566Z","@version":"1","message":"Sep  8 11:47:31 honeypot-sgp-1 sshd[30890]: Received disconnect from 179.224.196.91 port 10190:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:37.569Z","@version":"1","message":"Sep  8 11:47:37 honeypot-sgp-1 sshd[30894]: Received disconnect from 179.224.196.91 port 10192:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:43.572Z","@version":"1","message":"Sep  8 11:47:43 honeypot-sgp-1 sshd[30898]: Received disconnect from 179.224.196.91 port 10154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:50.576Z","@version":"1","message":"Sep  8 11:47:49 honeypot-sgp-1 sshd[30902]: Received disconnect from 179.224.196.91 port 10156:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:56.580Z","@version":"1","message":"Sep  8 11:47:56 honeypot-sgp-1 sshd[30906]: Received disconnect from 179.224.196.91 port 10158:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:02.584Z","@version":"1","message":"Sep  8 11:48:02 honeypot-sgp-1 sshd[30910]: Received disconnect from 179.224.196.91 port 10160:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:11.589Z","@version":"1","message":"Sep  8 11:48:11 honeypot-sgp-1 sshd[30916]: Invalid user pi from 179.224.196.91 port 10163","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:18.593Z","@version":"1","message":"Sep  8 11:48:17 honeypot-sgp-1 sshd[30920]: Invalid user user from 179.224.196.91 port 10165","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:24.595Z","@version":"1","message":"Sep  8 11:48:23 honeypot-sgp-1 sshd[30924]: Invalid user mine from 179.224.196.91 port 10167","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:30.600Z","@version":"1","message":"Sep  8 11:48:30 honeypot-sgp-1 sshd[30928]: Invalid user xbmc from 179.224.196.91 port 10169","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:36.603Z","@version":"1","message":"Sep  8 11:48:36 honeypot-sgp-1 sshd[30932]: Invalid user oracle from 179.224.196.91 port 10171","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:42.607Z","@version":"1","message":"Sep  8 11:48:42 honeypot-sgp-1 sshd[30936]: Invalid user postgres from 179.224.196.91 port 10173","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:48.610Z","@version":"1","message":"Sep  8 11:48:48 honeypot-sgp-1 sshd[30940]: Invalid user support from 179.224.196.91 port 10175","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:55.614Z","@version":"1","message":"Sep  8 11:48:54 honeypot-sgp-1 sshd[30944]: Invalid user ubuntu from 179.224.196.91 port 10177","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:01.617Z","@version":"1","message":"Sep  8 11:49:00 honeypot-sgp-1 sshd[30948]: Invalid user ubuntu from 179.224.196.91 port 10179","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:07.620Z","@version":"1","message":"Sep  8 11:49:07 honeypot-sgp-1 sshd[30952]: Invalid user guest from 179.224.196.91 port 10181","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:13.627Z","@version":"1","message":"Sep  8 11:49:13 honeypot-sgp-1 sshd[30956]: Invalid user cirros from 179.224.196.91 port 10183","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:39.638Z","@version":"1","message":"Sep  8 11:49:39 honeypot-sgp-1 kernel: [83513896.784373] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.66 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57756 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:50:11 honeypot-ams-1 sshd[1118]: Connection closed by 180.76.173.237 port 58720 [preauth]","@timestamp":"2022-09-08T11:50:12.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:51:07 honeypot-fra-1 sshd[23922]: Disconnected from invalid user lisa 157.230.47.60 port 50806 [preauth]","@timestamp":"2022-09-08T11:51:08.300Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:51:33.685Z","@version":"1","message":"Sep  8 11:51:33 honeypot-sgp-1 sshd[30963]: Invalid user user from 45.61.186.49 port 39124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:51:44.690Z","@version":"1","message":"Sep  8 11:51:44 honeypot-sgp-1 sshd[30967]: Invalid user user from 45.61.186.49 port 52464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:57:37 honeypot-fra-1 kernel: [83512697.278970] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.108.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34229 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:57:37.445Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T12:01:00.926Z","@version":"1","message":"Sep  8 12:01:00 honeypot-sgp-1 sshd[30974]: Invalid user test from 62.204.41.222 port 41943","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:58 honeypot-fra-1 sshd[23931]: Received disconnect from 178.154.203.18 port 38848:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:01:59.543Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23938]: Invalid user hadoop from 43.138.54.131 port 53282","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23934]: Connection closed by invalid user ts3srv 43.138.54.131 port 53222 [preauth]","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23942]: Connection closed by invalid user mc 43.138.54.131 port 53213 [preauth]","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23958]: Invalid user esuser from 43.138.54.131 port 53232","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23965]: Invalid user ts3server from 43.138.54.131 port 53228","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23960]: Connection closed by invalid user mcserver 43.138.54.131 port 53262 [preauth]","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:06 honeypot-fra-1 sshd[23974]: Connection closed by invalid user vagrant 43.138.54.131 port 53254 [preauth]","@timestamp":"2022-09-08T12:02:06.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23981]: Invalid user test from 43.138.54.131 port 53274","@timestamp":"2022-09-08T12:02:15.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23993]: Invalid user ts3 from 43.138.54.131 port 53284","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23977]: Connection closed by invalid user ftpuser 43.138.54.131 port 53252 [preauth]","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:15 honeypot-fra-1 sshd[23986]: Connection closed by invalid user devops 43.138.54.131 port 53270 [preauth]","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:02:58 honeypot-ams-1 sshd[1127]: Invalid user Admin from 72.190.53.219 port 53764","@timestamp":"2022-09-08T12:02:59.803Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:03:55 honeypot-fra-1 sshd[24005]: Received disconnect from 165.227.160.124 port 37128:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:03:56.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:05:19 honeypot-fra-1 sshd[24009]: Disconnected from invalid user cirino 177.3.130.63 port 39496 [preauth]","@timestamp":"2022-09-08T12:05:19.622Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T12:06:11.052Z","@version":"1","message":"Sep  8 12:06:10 honeypot-sgp-1 kernel: [83514888.022304] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.84 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=21204 PROTO=TCP SPT=57900 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:07:02 honeypot-fra-1 sshd[24013]: Invalid user  from 64.62.197.152 port 37376","@timestamp":"2022-09-08T12:07:03.663Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:09:48 honeypot-fra-1 sshd[24018]: Disconnected from authenticating user root 178.128.22.123 port 45988 [preauth]","@timestamp":"2022-09-08T12:09:48.724Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:11:42 honeypot-ams-1 sshd[1130]: Received disconnect from 92.255.85.70 port 33696:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:11:43.032Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:13:33 honeypot-fra-1 sshd[24024]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-08T12:13:33.807Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:16:22 honeypot-ams-1 sshd[1136]: Received disconnect from 134.122.123.117 port 49232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:16:22.164Z"}
{"@timestamp":"2022-09-08T12:16:50.316Z","@version":"1","message":"Sep  8 12:16:50 honeypot-sgp-1 sshd[30982]: Invalid user adm from 91.240.118.222 port 55548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:16:53 honeypot-fra-1 sshd[24028]: Disconnected from invalid user try 159.89.40.119 port 60034 [preauth]","@timestamp":"2022-09-08T12:16:53.880Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:17:06 honeypot-ams-1 sshd[1143]: Received disconnect from 134.122.123.117 port 43388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:17:07.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:04 honeypot-ams-1 sshd[1149]: Did not receive identification string from 198.98.61.9 port 43102","@timestamp":"2022-09-08T12:18:05.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:17 honeypot-ams-1 sshd[1154]: Invalid user user from 198.98.61.9 port 40294","@timestamp":"2022-09-08T12:18:17.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:31 honeypot-ams-1 sshd[1158]: Received disconnect from 134.122.123.117 port 60104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:18:32.230Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:40 honeypot-ams-1 sshd[1162]: Received disconnect from 198.98.61.9 port 45094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:18:41.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:52 honeypot-ams-1 sshd[1166]: Disconnected from authenticating user root 134.122.123.117 port 57258 [preauth]","@timestamp":"2022-09-08T12:18:53.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:19:13 honeypot-ams-1 sshd[1170]: Disconnected from invalid user user 134.122.123.117 port 54310 [preauth]","@timestamp":"2022-09-08T12:19:14.253Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:19:38 honeypot-fra-1 sshd[24035]: Invalid user jlzhu from 165.22.45.108 port 49850","@timestamp":"2022-09-08T12:19:38.943Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:19:56 honeypot-ams-1 sshd[1174]: Disconnected from invalid user postgres 134.122.123.117 port 48534 [preauth]","@timestamp":"2022-09-08T12:19:57.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:20:38 honeypot-ams-1 sshd[1179]: Disconnected from invalid user gituser 134.122.123.117 port 42794 [preauth]","@timestamp":"2022-09-08T12:20:39.295Z"}
{"@timestamp":"2022-09-08T12:21:13.424Z","@version":"1","message":"Sep  8 12:21:13 honeypot-sgp-1 kernel: [83515790.612466] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.20 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=16548 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:21:20 honeypot-ams-1 sshd[1183]: Disconnected from invalid user ansible 134.122.123.117 port 37006 [preauth]","@timestamp":"2022-09-08T12:21:21.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:22:02 honeypot-ams-1 sshd[1187]: Disconnected from invalid user test 134.122.123.117 port 59458 [preauth]","@timestamp":"2022-09-08T12:22:02.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:22:44 honeypot-ams-1 sshd[1191]: Disconnected from invalid user demo 134.122.123.117 port 53714 [preauth]","@timestamp":"2022-09-08T12:22:44.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:23:26 honeypot-ams-1 sshd[1195]: Disconnected from invalid user jenkins 134.122.123.117 port 47908 [preauth]","@timestamp":"2022-09-08T12:23:26.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:24:11 honeypot-ams-1 sshd[1199]: Disconnected from invalid user ftpadmin 134.122.123.117 port 42186 [preauth]","@timestamp":"2022-09-08T12:24:12.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:24:41 honeypot-ams-1 sshd[1206]: Received disconnect from 143.198.79.64 port 47164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:24:41.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:25:14 honeypot-fra-1 kernel: [83514354.085911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.173 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19196 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:25:14.070Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:25:17 honeypot-ams-1 sshd[1210]: Received disconnect from 134.122.123.117 port 33490:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:25:17.436Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:25:59 honeypot-ams-1 sshd[1215]: Received disconnect from 134.122.123.117 port 55922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:26:00.456Z"}
{"@timestamp":"2022-09-08T12:27:17.573Z","@version":"1","message":"Sep  8 12:27:17 honeypot-sgp-1 kernel: [83516154.304129] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.176.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30144 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 12:28:19 honeypot-ams-1 kernel: [83516687.534242] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.68 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28898 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:28:20.517Z"}
{"@timestamp":"2022-09-08T12:32:20.695Z","@version":"1","message":"Sep  8 12:32:20 honeypot-sgp-1 sshd[30995]: Disconnected from authenticating user root 103.226.249.51 port 38246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:34:11 honeypot-ams-1 sshd[1222]: Received disconnect from 92.255.85.69 port 62328:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:34:11.669Z"}
{"@timestamp":"2022-09-08T12:36:54.810Z","@version":"1","message":"Sep  8 12:36:54 honeypot-sgp-1 kernel: [83516731.954308] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=31.192.111.224 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46444 PROTO=TCP SPT=40521 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:38:31 honeypot-fra-1 kernel: [83515151.351812] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.101 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=4069 PROTO=TCP SPT=26136 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:38:31.371Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:38:46 honeypot-ams-1 sshd[1225]: Received disconnect from 49.206.244.232 port 40062:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:38:47.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:42:07 honeypot-fra-1 sshd[24047]: Disconnected from authenticating user root 92.255.85.69 port 41384 [preauth]","@timestamp":"2022-09-08T12:42:07.475Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:43:30 honeypot-ams-1 sshd[1228]: Invalid user admin from 159.203.178.0 port 55630","@timestamp":"2022-09-08T12:43:30.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:43:32 honeypot-ams-1 sshd[1234]: Invalid user admin from 159.203.178.0 port 55658","@timestamp":"2022-09-08T12:43:32.923Z"}
{"@timestamp":"2022-09-08T12:47:15.078Z","@version":"1","message":"Sep  8 12:47:14 honeypot-sgp-1 sshd[31003]: Received disconnect from 158.101.97.210 port 44806:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:50:18 honeypot-fra-1 kernel: [83515858.633613] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.107.184.122 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=117 ID=5779 DF PROTO=TCP SPT=56964 DPT=443 WINDOW=42340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:50:19.654Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:51:41 honeypot-ams-1 sshd[1242]: Invalid user nagios from 188.166.23.215 port 54898","@timestamp":"2022-09-08T12:51:42.137Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:55:21 honeypot-fra-1 kernel: [83516161.692242] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=8929 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:55:21.782Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:55:57 honeypot-ams-1 sshd[1246]: Received disconnect from 92.255.85.69 port 32128:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:55:58.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:00:22 honeypot-ams-1 sshd[1253]: Did not receive identification string from 45.61.187.160 port 51196","@timestamp":"2022-09-08T13:00:23.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:00:41 honeypot-ams-1 sshd[1256]: Disconnected from invalid user user 45.61.187.160 port 56188 [preauth]","@timestamp":"2022-09-08T13:00:41.372Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:00:51 honeypot-ams-1 kernel: [83518639.893010] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.39.220.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=48656 PROTO=TCP SPT=42032 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:00:52.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:01:09 honeypot-ams-1 sshd[1264]: Disconnected from invalid user user 45.61.187.160 port 34338 [preauth]","@timestamp":"2022-09-08T13:01:09.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:01:28 honeypot-ams-1 sshd[1268]: Disconnected from invalid user user 45.61.187.160 port 57410 [preauth]","@timestamp":"2022-09-08T13:01:29.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:04:10 honeypot-fra-1 sshd[24075]: Invalid user jm from 165.22.45.108 port 59438","@timestamp":"2022-09-08T13:04:10.977Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:05:12 honeypot-ams-1 sshd[1273]: Did not receive identification string from 45.61.186.249 port 58350","@timestamp":"2022-09-08T13:05:12.505Z"}
{"@timestamp":"2022-09-08T13:05:49.534Z","@version":"1","message":"Sep  8 13:05:48 honeypot-sgp-1 sshd[31010]: Disconnected from invalid user lestat 138.68.50.30 port 40322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:05:58 honeypot-ams-1 sshd[1276]: Disconnected from invalid user user 45.61.186.249 port 50352 [preauth]","@timestamp":"2022-09-08T13:05:58.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:06:18 honeypot-ams-1 sshd[1280]: Disconnected from invalid user user 45.61.186.249 port 45364 [preauth]","@timestamp":"2022-09-08T13:06:19.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:06:38 honeypot-ams-1 sshd[1284]: Disconnected from invalid user user 45.61.186.249 port 40378 [preauth]","@timestamp":"2022-09-08T13:06:38.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:07:06 honeypot-ams-1 sshd[1286]: Disconnected from invalid user user 167.99.220.160 port 45180 [preauth]","@timestamp":"2022-09-08T13:07:06.565Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:09:11 honeypot-fra-1 kernel: [83516991.839374] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54980 PROTO=TCP SPT=52812 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:09:12.096Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:39 honeypot-fra-1 sshd[24084]: Invalid user ubnt from 115.73.213.109 port 58512","@timestamp":"2022-09-08T13:11:40.151Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:42 honeypot-fra-1 sshd[24088]: Disconnected from authenticating user root 115.73.213.109 port 58632 [preauth]","@timestamp":"2022-09-08T13:11:43.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:46 honeypot-fra-1 sshd[24094]: Disconnected from authenticating user root 115.73.213.109 port 58766 [preauth]","@timestamp":"2022-09-08T13:11:47.155Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:51 honeypot-fra-1 sshd[24100]: Disconnected from authenticating user root 115.73.213.109 port 59122 [preauth]","@timestamp":"2022-09-08T13:11:52.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:55 honeypot-fra-1 sshd[24106]: Disconnected from authenticating user root 115.73.213.109 port 59266 [preauth]","@timestamp":"2022-09-08T13:11:56.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:00 honeypot-fra-1 sshd[24112]: Disconnected from authenticating user root 115.73.213.109 port 59592 [preauth]","@timestamp":"2022-09-08T13:12:01.162Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:04 honeypot-fra-1 sshd[24118]: Disconnected from authenticating user root 115.73.213.109 port 59760 [preauth]","@timestamp":"2022-09-08T13:12:05.165Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:08 honeypot-fra-1 sshd[24124]: Disconnected from authenticating user root 115.73.213.109 port 60066 [preauth]","@timestamp":"2022-09-08T13:12:09.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:12 honeypot-fra-1 sshd[24130]: Disconnected from authenticating user root 115.73.213.109 port 60242 [preauth]","@timestamp":"2022-09-08T13:12:13.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:17 honeypot-fra-1 sshd[24136]: Disconnected from authenticating user root 115.73.213.109 port 60528 [preauth]","@timestamp":"2022-09-08T13:12:18.172Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:22 honeypot-fra-1 sshd[24142]: Disconnected from authenticating user root 115.73.213.109 port 60746 [preauth]","@timestamp":"2022-09-08T13:12:23.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:26 honeypot-fra-1 sshd[24148]: Disconnected from authenticating user root 115.73.213.109 port 60892 [preauth]","@timestamp":"2022-09-08T13:12:27.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:30 honeypot-fra-1 sshd[24154]: Invalid user admin from 115.73.213.109 port 32984","@timestamp":"2022-09-08T13:12:31.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:33 honeypot-fra-1 sshd[24158]: Invalid user admin from 115.73.213.109 port 33072","@timestamp":"2022-09-08T13:12:34.181Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:12:34.699Z","@version":"1","message":"Sep  8 13:12:34 honeypot-sgp-1 sshd[31017]: Invalid user osip from 188.166.247.82 port 38184","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:36 honeypot-fra-1 sshd[24162]: Invalid user admin from 115.73.213.109 port 33154","@timestamp":"2022-09-08T13:12:37.182Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:38 honeypot-fra-1 sshd[24166]: Invalid user admin from 115.73.213.109 port 33410","@timestamp":"2022-09-08T13:12:39.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:41 honeypot-fra-1 sshd[24170]: Invalid user admin from 115.73.213.109 port 33542","@timestamp":"2022-09-08T13:12:42.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:44 honeypot-fra-1 sshd[24174]: Received disconnect from 115.73.213.109 port 33620:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:45.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:47 honeypot-fra-1 sshd[24178]: Disconnected from invalid user pi 115.73.213.109 port 33754 [preauth]","@timestamp":"2022-09-08T13:12:48.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:51 honeypot-fra-1 sshd[24182]: Disconnected from invalid user user 115.73.213.109 port 33968 [preauth]","@timestamp":"2022-09-08T13:12:51.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:53 honeypot-fra-1 sshd[24186]: Disconnected from invalid user mine 115.73.213.109 port 34098 [preauth]","@timestamp":"2022-09-08T13:12:54.194Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:56 honeypot-fra-1 sshd[24190]: Disconnected from invalid user xbmc 115.73.213.109 port 34178 [preauth]","@timestamp":"2022-09-08T13:12:57.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:59 honeypot-fra-1 sshd[24194]: Disconnected from invalid user oracle 115.73.213.109 port 34430 [preauth]","@timestamp":"2022-09-08T13:13:00.197Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:02 honeypot-fra-1 sshd[24198]: Disconnected from invalid user postgres 115.73.213.109 port 34562 [preauth]","@timestamp":"2022-09-08T13:13:03.199Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:05 honeypot-fra-1 sshd[24202]: Disconnected from invalid user support 115.73.213.109 port 34650 [preauth]","@timestamp":"2022-09-08T13:13:06.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:08 honeypot-fra-1 sshd[24206]: Disconnected from invalid user ubuntu 115.73.213.109 port 34892 [preauth]","@timestamp":"2022-09-08T13:13:09.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:11 honeypot-fra-1 sshd[24210]: Disconnected from invalid user ubuntu 115.73.213.109 port 35052 [preauth]","@timestamp":"2022-09-08T13:13:12.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:14 honeypot-fra-1 sshd[24214]: Disconnected from invalid user guest 115.73.213.109 port 35144 [preauth]","@timestamp":"2022-09-08T13:13:14.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:16 honeypot-fra-1 sshd[24218]: Disconnected from invalid user cirros 115.73.213.109 port 35244 [preauth]","@timestamp":"2022-09-08T13:13:17.207Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:15:53.781Z","@version":"1","message":"Sep  8 13:15:53 honeypot-sgp-1 kernel: [83519070.830721] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=190.100.32.214 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=15686 PROTO=TCP SPT=56593 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:16:59.811Z","@version":"1","message":"Sep  8 13:16:58 honeypot-sgp-1 sshd[31022]: Received disconnect from 141.255.162.226 port 44508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:17:00.812Z","@version":"1","message":"Sep  8 13:17:00 honeypot-sgp-1 sshd[31028]: Received disconnect from 141.255.162.226 port 51766:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:17:02.813Z","@version":"1","message":"Sep  8 13:17:02 honeypot-sgp-1 sshd[31030]: Disconnected from invalid user user 141.255.162.226 port 38034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:17:48 honeypot-fra-1 sshd[24226]: Invalid user sawada from 133.130.99.35 port 56146","@timestamp":"2022-09-08T13:17:49.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:19:58 honeypot-fra-1 kernel: [83517637.891624] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.176.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25144 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:19:58.369Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T13:22:10.938Z","@version":"1","message":"Sep  8 13:22:10 honeypot-sgp-1 sshd[31040]: Invalid user lgy from 137.116.144.39 port 59334","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:22:29 honeypot-fra-1 sshd[24234]: Disconnected from invalid user user 198.98.61.9 port 48918 [preauth]","@timestamp":"2022-09-08T13:22:30.426Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:22:45 honeypot-fra-1 sshd[24238]: Disconnected from invalid user user 198.98.61.9 port 42356 [preauth]","@timestamp":"2022-09-08T13:22:45.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:22:59 honeypot-fra-1 sshd[24242]: Disconnected from invalid user user 198.98.61.9 port 35802 [preauth]","@timestamp":"2022-09-08T13:23:00.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:23:13 honeypot-fra-1 sshd[24246]: Disconnected from invalid user user 198.98.61.9 port 57464 [preauth]","@timestamp":"2022-09-08T13:23:14.446Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:24:58 honeypot-ams-1 kernel: [83520085.926416] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.66.78.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=43515 PROTO=TCP SPT=57159 DPT=80 WINDOW=54217 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:24:59.019Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:26:39 honeypot-fra-1 sshd[24250]: Disconnected from authenticating user root 92.255.85.69 port 56950 [preauth]","@timestamp":"2022-09-08T13:26:39.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:10 honeypot-ams-1 sshd[1303]: Received disconnect from 78.180.95.103 port 59732:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:11.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:12 honeypot-ams-1 sshd[1309]: Received disconnect from 78.180.95.103 port 59822:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:12.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:13 honeypot-ams-1 sshd[1315]: Received disconnect from 78.180.95.103 port 59926:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:14.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:15 honeypot-ams-1 sshd[1321]: Received disconnect from 78.180.95.103 port 60038:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:16.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:16 honeypot-ams-1 sshd[1327]: Received disconnect from 78.180.95.103 port 60122:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:17.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:18 honeypot-ams-1 sshd[1333]: Received disconnect from 78.180.95.103 port 60210:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:19.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:19 honeypot-ams-1 sshd[1339]: Received disconnect from 78.180.95.103 port 60312:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:20.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:21 honeypot-ams-1 sshd[1345]: Received disconnect from 78.180.95.103 port 60394:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:22.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:23 honeypot-ams-1 sshd[1351]: Received disconnect from 78.180.95.103 port 60500:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:23.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:24 honeypot-ams-1 sshd[1357]: Received disconnect from 78.180.95.103 port 60604:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:25.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:26 honeypot-ams-1 sshd[1363]: Received disconnect from 78.180.95.103 port 60688:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:26.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:27 honeypot-ams-1 sshd[1369]: Received disconnect from 78.180.95.103 port 60762:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:28.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:28 honeypot-ams-1 sshd[1373]: Received disconnect from 78.180.95.103 port 60822:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:29.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:29 honeypot-ams-1 sshd[1377]: Received disconnect from 78.180.95.103 port 60894:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:30.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:30 honeypot-ams-1 sshd[1383]: Received disconnect from 78.180.95.103 port 60954:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:31.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:31 honeypot-ams-1 sshd[1387]: Received disconnect from 78.180.95.103 port 32776:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:32.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:32 honeypot-ams-1 sshd[1389]: Received disconnect from 78.180.95.103 port 32802:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:33.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:33 honeypot-ams-1 sshd[1393]: Received disconnect from 78.180.95.103 port 32888:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:34.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:35 honeypot-ams-1 sshd[1399]: Invalid user pi from 78.180.95.103 port 32970","@timestamp":"2022-09-08T13:30:35.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:36 honeypot-ams-1 sshd[1403]: Invalid user user from 78.180.95.103 port 33030","@timestamp":"2022-09-08T13:30:36.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:37 honeypot-ams-1 sshd[1407]: Invalid user mine from 78.180.95.103 port 33084","@timestamp":"2022-09-08T13:30:37.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:38 honeypot-ams-1 sshd[1411]: Invalid user xbmc from 78.180.95.103 port 33126","@timestamp":"2022-09-08T13:30:38.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:39 honeypot-ams-1 sshd[1415]: Invalid user oracle from 78.180.95.103 port 33186","@timestamp":"2022-09-08T13:30:39.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:40 honeypot-ams-1 sshd[1419]: Invalid user postgres from 78.180.95.103 port 33262","@timestamp":"2022-09-08T13:30:41.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:41 honeypot-ams-1 sshd[1423]: Invalid user support from 78.180.95.103 port 33320","@timestamp":"2022-09-08T13:30:42.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:42 honeypot-ams-1 sshd[1427]: Invalid user ubuntu from 78.180.95.103 port 33378","@timestamp":"2022-09-08T13:30:43.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:43 honeypot-ams-1 sshd[1431]: Invalid user ubuntu from 78.180.95.103 port 33462","@timestamp":"2022-09-08T13:30:44.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:44 honeypot-ams-1 sshd[1435]: Invalid user guest from 78.180.95.103 port 33524","@timestamp":"2022-09-08T13:30:45.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:45 honeypot-ams-1 sshd[1439]: Invalid user cirros from 78.180.95.103 port 33586","@timestamp":"2022-09-08T13:30:46.181Z"}
{"@timestamp":"2022-09-08T13:32:15.181Z","@version":"1","message":"Sep  8 13:32:14 honeypot-sgp-1 kernel: [83520051.498904] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.109.190 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=55040 PROTO=TCP SPT=40468 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:33:09 honeypot-ams-1 sshd[1443]: Received disconnect from 118.68.171.48 port 43778:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:33:09.243Z"}
{"@timestamp":"2022-09-08T13:33:15.228Z","@version":"1","message":"Sep  8 13:33:14 honeypot-sgp-1 sshd[31047]: Received disconnect from 187.216.254.180 port 35828:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:34:23 honeypot-fra-1 sshd[24256]: Disconnected from invalid user adm 91.240.118.222 port 41778 [preauth]","@timestamp":"2022-09-08T13:34:23.703Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:36:22 honeypot-ams-1 sshd[1449]: Invalid user user from 45.61.186.249 port 45134","@timestamp":"2022-09-08T13:36:23.329Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:36:42 honeypot-ams-1 kernel: [83520790.898987] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=28461 PROTO=TCP SPT=58642 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:36:43.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:36:51 honeypot-ams-1 sshd[1457]: Received disconnect from 45.61.186.249 port 51756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:36:52.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:37:00 honeypot-ams-1 sshd[1461]: Received disconnect from 45.61.186.249 port 35118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:37:01.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:37:16 honeypot-ams-1 sshd[1465]: Received disconnect from 45.61.186.249 port 58376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:37:17.361Z"}
{"@timestamp":"2022-09-08T13:38:56.373Z","@version":"1","message":"Sep  8 13:38:56 honeypot-sgp-1 sshd[31050]: Disconnected from invalid user areyes 192.241.236.30 port 37508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:39:11 honeypot-ams-1 sshd[1469]: Disconnected from invalid user tomcat 115.249.50.242 port 52358 [preauth]","@timestamp":"2022-09-08T13:39:11.410Z"}
{"@timestamp":"2022-09-08T13:42:24.460Z","@version":"1","message":"Sep  8 13:42:23 honeypot-sgp-1 sshd[31057]: Invalid user annette from 84.53.228.192 port 39808","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:42:59 honeypot-ams-1 kernel: [83521167.896980] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.108.187.129 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52876 DF PROTO=TCP SPT=57403 DPT=80 WINDOW=13140 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:43:00.507Z"}
{"@timestamp":"2022-09-08T13:43:57.500Z","@version":"1","message":"Sep  8 13:43:56 honeypot-sgp-1 sshd[31061]: Invalid user whtest from 207.154.241.112 port 36068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:47:57 honeypot-fra-1 kernel: [83519317.360894] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.143.133.224 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=16826 PROTO=TCP SPT=41832 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:47:57.998Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T13:49:18.628Z","@version":"1","message":"Sep  8 13:49:18 honeypot-sgp-1 sshd[31066]: Invalid user silas from 159.65.232.191 port 34062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:52:11.697Z","@version":"1","message":"Sep  8 13:52:11 honeypot-sgp-1 sshd[31070]: Disconnected from authenticating user root 35.216.73.53 port 45390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:52:59 honeypot-fra-1 kernel: [83519618.835191] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=58076 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:52:59.109Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T13:57:49.833Z","@version":"1","message":"Sep  8 13:57:48 honeypot-sgp-1 sshd[31075]: Disconnected from invalid user sowmow 111.93.191.170 port 22098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:04:22 honeypot-ams-1 sshd[1479]: Disconnected from authenticating user root 92.255.85.70 port 27716 [preauth]","@timestamp":"2022-09-08T14:04:23.050Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:07:42 honeypot-fra-1 sshd[24273]: Received disconnect from 20.104.91.36 port 52458:11: Bye Bye [preauth]","@timestamp":"2022-09-08T14:07:43.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:11:35 honeypot-fra-1 sshd[24277]: Received disconnect from 92.255.85.69 port 58250:11: Bye Bye [preauth]","@timestamp":"2022-09-08T14:11:35.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T14:14:50.262Z","@version":"1","message":"Sep  8 14:14:49 honeypot-sgp-1 kernel: [83522607.031767] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.79.134.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=25440 PROTO=TCP SPT=44967 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:17:01 honeypot-fra-1 CRON[24282]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T14:17:01.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:17:01 honeypot-ams-1 CRON[1488]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T14:17:02.393Z"}
{"@timestamp":"2022-09-08T14:19:20.375Z","@version":"1","message":"Sep  8 14:19:20 honeypot-sgp-1 sshd[31089]: Invalid user Admin from 143.55.92.7 port 55577","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:26:41 honeypot-ams-1 sshd[1497]: Invalid user ubuntu from 119.28.93.80 port 42484","@timestamp":"2022-09-08T14:26:42.633Z"}
{"@timestamp":"2022-09-08T14:26:50.561Z","@version":"1","message":"Sep  8 14:26:49 honeypot-sgp-1 kernel: [83523326.925224] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.176.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=30144 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:29:37 honeypot-ams-1 kernel: [83523965.339728] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=14709 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:29:37.716Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:30:51 honeypot-fra-1 kernel: [83521890.994236] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=64597 PROTO=TCP SPT=47406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:30:51.969Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T14:33:07.715Z","@version":"1","message":"Sep  8 14:33:07 honeypot-sgp-1 sshd[31097]: Invalid user user from 141.255.162.226 port 59598","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T14:33:12.717Z","@version":"1","message":"Sep  8 14:33:12 honeypot-sgp-1 sshd[31101]: Connection closed by 141.255.162.226 port 53188 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:40:06 honeypot-fra-1 kernel: [83522446.662463] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.191.209.210 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=6511 PROTO=TCP SPT=46439 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:40:07.170Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:42:02 honeypot-ams-1 kernel: [83524710.742831] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=23463 DF PROTO=TCP SPT=59943 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:42:03.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:44:23 honeypot-ams-1 sshd[1510]: Received disconnect from 143.244.158.100 port 43294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:44:23.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:46:05 honeypot-ams-1 sshd[1514]: Disconnected from authenticating user root 143.244.158.100 port 36622 [preauth]","@timestamp":"2022-09-08T14:46:06.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:48:47 honeypot-ams-1 sshd[1521]: Disconnected from authenticating user root 143.244.158.100 port 33136 [preauth]","@timestamp":"2022-09-08T14:48:48.217Z"}
{"@timestamp":"2022-09-08T14:49:53.139Z","@version":"1","message":"Sep  8 14:49:52 honeypot-sgp-1 sshd[31109]: Did not receive identification string from 173.244.210.34 port 47563","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:50:50 honeypot-ams-1 sshd[1527]: Disconnected from authenticating user root 92.255.85.69 port 24520 [preauth]","@timestamp":"2022-09-08T14:50:50.274Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:52:10 honeypot-ams-1 kernel: [83525318.009320] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.100 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=21540 PROTO=TCP SPT=27590 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:52:10.310Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:53:56 honeypot-ams-1 sshd[1537]: Disconnected from authenticating user root 143.244.158.100 port 58912 [preauth]","@timestamp":"2022-09-08T14:53:56.358Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:53:56 honeypot-fra-1 kernel: [83523275.700274] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:53:56.471Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:56:42 honeypot-ams-1 sshd[1546]: Received disconnect from 143.244.158.100 port 57566:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:56:42.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:57:56 honeypot-fra-1 sshd[24302]: Invalid user jmeter from 165.22.45.108 port 58142","@timestamp":"2022-09-08T14:57:56.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:58:25 honeypot-ams-1 sshd[1552]: Disconnected from authenticating user root 143.244.158.100 port 56642 [preauth]","@timestamp":"2022-09-08T14:58:26.479Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:01:08 honeypot-ams-1 sshd[1559]: Disconnected from authenticating user root 143.244.158.100 port 51018 [preauth]","@timestamp":"2022-09-08T15:01:08.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:04:00 honeypot-ams-1 sshd[1567]: Disconnected from authenticating user root 143.244.158.100 port 35570 [preauth]","@timestamp":"2022-09-08T15:04:00.625Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:05:23 honeypot-fra-1 sshd[24306]: Invalid user todd from 103.145.106.247 port 33882","@timestamp":"2022-09-08T15:05:24.718Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:06:03 honeypot-ams-1 kernel: [83526151.818037] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=68.173.232.255 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=19865 PROTO=TCP SPT=59587 DPT=80 WINDOW=25755 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:06:04.680Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:08:22 honeypot-ams-1 kernel: [83526290.013132] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=131 ID=45093 PROTO=TCP SPT=46117 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:08:22.743Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:08:31 honeypot-ams-1 kernel: [83526298.964248] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:08:31.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:08:51 honeypot-fra-1 kernel: [83524171.265272] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.175 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=49996 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:08:51.794Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:09:58 honeypot-ams-1 sshd[1588]: Disconnected from authenticating user root 143.244.158.100 port 43994 [preauth]","@timestamp":"2022-09-08T15:09:59.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:12:29 honeypot-ams-1 sshd[1594]: Received disconnect from 143.244.158.100 port 41810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:12:30.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:13:33 honeypot-ams-1 sshd[1601]: Did not receive identification string from 103.203.57.11 port 39576","@timestamp":"2022-09-08T15:13:33.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:15:56 honeypot-ams-1 sshd[1607]: Disconnected from authenticating user root 143.244.158.100 port 54882 [preauth]","@timestamp":"2022-09-08T15:15:56.952Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:17:01 honeypot-fra-1 CRON[24313]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T15:17:01.967Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T15:17:01.786Z","@version":"1","message":"Sep  8 15:17:01 honeypot-sgp-1 CRON[31133]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:17:40 honeypot-ams-1 sshd[1615]: Disconnected from authenticating user root 143.244.158.100 port 43856 [preauth]","@timestamp":"2022-09-08T15:17:41.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:19:29 honeypot-ams-1 sshd[1620]: Disconnected from authenticating user root 143.244.158.100 port 58122 [preauth]","@timestamp":"2022-09-08T15:19:30.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:20:54 honeypot-fra-1 sshd[24318]: Received disconnect from 165.22.45.108 port 34818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:20:55.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:22:13 honeypot-ams-1 sshd[1626]: Received disconnect from 143.244.158.100 port 51140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:22:14.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:23:46 honeypot-ams-1 sshd[1631]: Disconnected from invalid user adm 91.240.118.222 port 56540 [preauth]","@timestamp":"2022-09-08T15:23:47.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:25:33 honeypot-ams-1 sshd[1637]: Disconnected from authenticating user root 143.244.158.100 port 52516 [preauth]","@timestamp":"2022-09-08T15:25:34.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:25:47 honeypot-fra-1 kernel: [83525187.109353] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:25:48.159Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T15:26:06.002Z","@version":"1","message":"Sep  8 15:26:05 honeypot-sgp-1 sshd[31139]: Connection closed by invalid user admin 148.153.82.141 port 53362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T15:26:09.005Z","@version":"1","message":"Sep  8 15:26:08 honeypot-sgp-1 sshd[31145]: Connection closed by invalid user admin 148.153.82.141 port 53396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:28:00 honeypot-ams-1 sshd[1643]: Connection closed by invalid user admin 193.106.191.157 port 46098 [preauth]","@timestamp":"2022-09-08T15:28:01.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:29:53 honeypot-ams-1 sshd[1650]: Disconnected from authenticating user root 143.244.158.100 port 60092 [preauth]","@timestamp":"2022-09-08T15:29:54.338Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:34:07 honeypot-ams-1 kernel: [83527835.832977] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:34:08.451Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:13 honeypot-ams-1 sshd[1658]: Invalid user user from 141.255.162.226 port 57680","@timestamp":"2022-09-08T15:34:13.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:17 honeypot-ams-1 sshd[1660]: Disconnected from invalid user user 141.255.162.226 port 37276 [preauth]","@timestamp":"2022-09-08T15:34:18.456Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:34:18 honeypot-fra-1 sshd[24325]: Disconnected from invalid user tomas 163.177.9.152 port 49460 [preauth]","@timestamp":"2022-09-08T15:34:19.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:20 honeypot-ams-1 sshd[1666]: Invalid user user from 141.255.162.226 port 60770","@timestamp":"2022-09-08T15:34:21.458Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:34:32 honeypot-ams-1 kernel: [83527859.886978] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:34:32.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:35:31 honeypot-ams-1 sshd[1672]: Disconnected from authenticating user root 92.255.85.69 port 38452 [preauth]","@timestamp":"2022-09-08T15:35:31.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:37:06 honeypot-fra-1 sshd[24327]: Invalid user 6789 from 41.79.235.35 port 56402","@timestamp":"2022-09-08T15:37:06.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:38:42 honeypot-ams-1 sshd[1678]: Invalid user admin from 221.158.195.111 port 54242","@timestamp":"2022-09-08T15:38:43.573Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:39:52 honeypot-ams-1 kernel: [83528180.123395] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:39:52.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:44:11 honeypot-fra-1 sshd[24332]: Received disconnect from 165.22.45.108 port 39760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:44:12.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:44:31 honeypot-ams-1 kernel: [83528459.297340] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:44:31.726Z"}
{"@timestamp":"2022-09-08T15:44:54.451Z","@version":"1","message":"Sep  8 15:44:53 honeypot-sgp-1 kernel: [83528010.668443] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.119 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52408 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:47:53 honeypot-fra-1 sshd[24338]: Invalid user yuan from 20.229.79.224 port 1024","@timestamp":"2022-09-08T15:47:54.656Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T15:48:54.545Z","@version":"1","message":"Sep  8 15:48:54 honeypot-sgp-1 kernel: [83528251.484730] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.166 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=54645 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:49:37 honeypot-ams-1 kernel: [83528765.464913] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:49:37.861Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:51:29 honeypot-fra-1 kernel: [83526729.266432] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.180 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=38808 PROTO=TCP SPT=55966 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:51:29.741Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:53:51 honeypot-ams-1 sshd[1687]: Connection closed by 180.76.173.237 port 50324 [preauth]","@timestamp":"2022-09-08T15:53:51.970Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24346]: Invalid user ec2-user from 20.85.224.226 port 38768","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24351]: Invalid user ftpuser from 20.85.224.226 port 38766","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24345]: Connection closed by invalid user jenkins 20.85.224.226 port 38764 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24357]: Invalid user hadoop from 20.85.224.226 port 38780","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24348]: Connection closed by invalid user git 20.85.224.226 port 38762 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24355]: Connection closed by invalid user es 20.85.224.226 port 38788 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24385]: Invalid user steam from 20.85.224.226 port 38896","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24387]: Connection closed by invalid user elasticsearch 20.85.224.226 port 38892 [preauth]","@timestamp":"2022-09-08T15:56:05.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24386]: Invalid user hadoop from 20.85.224.226 port 38908","@timestamp":"2022-09-08T15:56:05.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:58:28 honeypot-ams-1 sshd[1690]: Disconnected from authenticating user root 92.255.85.69 port 62084 [preauth]","@timestamp":"2022-09-08T15:58:29.092Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:59:06 honeypot-ams-1 sshd[1692]: Disconnected from invalid user steian 190.128.118.185 port 53068 [preauth]","@timestamp":"2022-09-08T15:59:06.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:59:29 honeypot-fra-1 sshd[24401]: Invalid user bob from 159.65.103.250 port 60332","@timestamp":"2022-09-08T15:59:29.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T16:02:08.857Z","@version":"1","message":"Sep  8 16:02:08 honeypot-sgp-1 kernel: [83529045.703064] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.174.70.181 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=20843 DF PROTO=TCP SPT=58818 DPT=80 WINDOW=65320 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:03:17 honeypot-fra-1 kernel: [83527436.661945] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:03:18.002Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T16:03:28.891Z","@version":"1","message":"Sep  8 16:03:28 honeypot-sgp-1 sshd[31163]: Invalid user user from 45.61.186.249 port 56798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:03:49.902Z","@version":"1","message":"Sep  8 16:03:49 honeypot-sgp-1 sshd[31167]: Invalid user user from 45.61.186.249 port 52592","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:04:09.911Z","@version":"1","message":"Sep  8 16:04:09 honeypot-sgp-1 sshd[31171]: Invalid user user from 45.61.186.249 port 48364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:05:34 honeypot-ams-1 kernel: [83529722.271588] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=51554 DF PROTO=TCP SPT=35842 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:05:35.278Z"}
{"@timestamp":"2022-09-08T16:06:19.970Z","@version":"1","message":"Sep  8 16:06:19 honeypot-sgp-1 kernel: [83529296.475614] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23603 PROTO=TCP SPT=52849 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:06:50 honeypot-fra-1 kernel: [83527649.685478] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.119 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=42247 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-08T16:06:51.082Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:16:02 honeypot-fra-1 sshd[24409]: Disconnected from invalid user jan 161.35.138.131 port 37790 [preauth]","@timestamp":"2022-09-08T16:16:03.282Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:16:47 honeypot-ams-1 kernel: [83530394.963269] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=115.52.244.235 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=37645 DF PROTO=TCP SPT=46681 DPT=80 WINDOW=28880 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:16:47.564Z"}
{"@timestamp":"2022-09-08T16:17:02.226Z","@version":"1","message":"Sep  8 16:17:01 honeypot-sgp-1 CRON[31180]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 16:20:41 honeypot-ams-1 sshd[1704]: Disconnected from authenticating user root 92.255.85.70 port 50384 [preauth]","@timestamp":"2022-09-08T16:20:41.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:21:07 honeypot-fra-1 kernel: [83528506.832361] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.246.125.17 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=28982 PROTO=TCP SPT=17017 DPT=80 WINDOW=27440 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:21:07.392Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T16:27:33.475Z","@version":"1","message":"Sep  8 16:27:32 honeypot-sgp-1 kernel: [83530569.603235] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=58030 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:29:02 honeypot-fra-1 kernel: [83528982.166563] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.214.165.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51650 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:29:03.563Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24424]: Invalid user centos from 20.254.57.199 port 59022","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24433]: Invalid user ubuntu from 20.254.57.199 port 59014","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24429]: Connection closed by invalid user user 20.254.57.199 port 59010 [preauth]","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24431]: Connection closed by invalid user oracle 20.254.57.199 port 58970 [preauth]","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24422]: Connection closed by invalid user admin 20.254.57.199 port 58976 [preauth]","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:53 honeypot-fra-1 sshd[24450]: Connection closed by invalid user chia 20.254.57.199 port 58994 [preauth]","@timestamp":"2022-09-08T16:30:53.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:55 honeypot-fra-1 sshd[24456]: Connection closed by invalid user web 20.254.57.199 port 59006 [preauth]","@timestamp":"2022-09-08T16:30:55.605Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 16:36:24 honeypot-ams-1 sshd[1710]: Invalid user Admin from 37.255.241.143 port 40179","@timestamp":"2022-09-08T16:36:25.073Z"}
{"@timestamp":"2022-09-08T16:37:01.700Z","@version":"1","message":"Sep  8 16:37:00 honeypot-sgp-1 sshd[31190]: Connection closed by invalid user Admin 113.176.46.2 port 9664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:40:30 honeypot-fra-1 kernel: [83529669.946522] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.25 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48623 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:40:30.811Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 16:43:27 honeypot-ams-1 sshd[1713]: Disconnected from authenticating user root 92.255.85.70 port 53838 [preauth]","@timestamp":"2022-09-08T16:43:28.260Z"}
{"@timestamp":"2022-09-08T16:48:51.982Z","@version":"1","message":"Sep  8 16:48:51 honeypot-sgp-1 kernel: [83531848.682271] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.214.165.46 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=37738 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:54:30 honeypot-fra-1 sshd[24467]: Disconnected from invalid user jmq 165.22.45.108 port 54600 [preauth]","@timestamp":"2022-09-08T16:54:31.116Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:55:40 honeypot-fra-1 sshd[24472]: Disconnected from authenticating user root 188.166.233.207 port 43882 [preauth]","@timestamp":"2022-09-08T16:55:41.145Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 17:01:12 honeypot-ams-1 kernel: [83533060.437185] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.2 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49372 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:01:12.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:02:57 honeypot-ams-1 sshd[1721]: Disconnected from invalid user user 141.255.162.226 port 48152 [preauth]","@timestamp":"2022-09-08T17:02:57.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:02:59 honeypot-ams-1 sshd[1725]: Disconnected from invalid user user 141.255.162.226 port 36220 [preauth]","@timestamp":"2022-09-08T17:02:59.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:03:01 honeypot-ams-1 sshd[1729]: Disconnected from invalid user user 141.255.162.226 port 52520 [preauth]","@timestamp":"2022-09-08T17:03:01.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:03:05 honeypot-ams-1 sshd[1733]: Disconnected from invalid user user 141.255.162.226 port 40588 [preauth]","@timestamp":"2022-09-08T17:03:05.772Z"}
{"@timestamp":"2022-09-08T17:05:09.382Z","@version":"1","message":"Sep  8 17:05:09 honeypot-sgp-1 sshd[31201]: Received disconnect from 186.145.109.9 port 52820:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 17:06:16 honeypot-ams-1 kernel: [83533364.548849] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.66.78.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=55569 PROTO=TCP SPT=57159 DPT=80 WINDOW=54217 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:06:16.858Z"}
{"@timestamp":"2022-09-08T17:06:32.418Z","@version":"1","message":"Sep  8 17:06:32 honeypot-sgp-1 sshd[31206]: Invalid user user from 198.98.61.9 port 60340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:06:48.426Z","@version":"1","message":"Sep  8 17:06:47 honeypot-sgp-1 sshd[31210]: Invalid user user from 198.98.61.9 port 54570","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:07:03.433Z","@version":"1","message":"Sep  8 17:07:02 honeypot-sgp-1 sshd[31214]: Invalid user user from 198.98.61.9 port 48818","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:11:50 honeypot-fra-1 sshd[24483]: Invalid user httpd from 211.75.183.12 port 57400","@timestamp":"2022-09-08T17:11:50.504Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T17:12:49.569Z","@version":"1","message":"Sep  8 17:12:49 honeypot-sgp-1 kernel: [83533286.352621] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=61720 PROTO=TCP SPT=58728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:13:26 honeypot-fra-1 sshd[24487]: Received disconnect from 92.255.85.69 port 26600:11: Bye Bye [preauth]","@timestamp":"2022-09-08T17:13:26.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 17:14:51 honeypot-ams-1 kernel: [83533879.265874] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:14:52.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:17:01 honeypot-fra-1 CRON[24494]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T17:17:01.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 17:17:08 honeypot-ams-1 kernel: [83534016.764939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=121.16.193.102 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=15160 PROTO=TCP SPT=2056 DPT=80 WINDOW=9504 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:17:09.157Z"}
{"@timestamp":"2022-09-08T17:19:09.717Z","@version":"1","message":"Sep  8 17:19:08 honeypot-sgp-1 kernel: [83533665.801738] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=44941 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:20:43 honeypot-ams-1 sshd[1752]: Disconnected from invalid user student 128.199.233.192 port 54464 [preauth]","@timestamp":"2022-09-08T17:20:44.255Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:20:43 honeypot-fra-1 kernel: [83532083.324431] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.123.184.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=63443 PROTO=TCP SPT=57483 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:20:44.709Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T17:26:06.883Z","@version":"1","message":"Sep  8 17:26:06 honeypot-sgp-1 sshd[31234]: Received disconnect from 13.67.221.136 port 1024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:28:46 honeypot-ams-1 sshd[1759]: Received disconnect from 92.255.85.69 port 24254:11: Bye Bye [preauth]","@timestamp":"2022-09-08T17:28:47.463Z"}
{"@timestamp":"2022-09-08T17:30:40.993Z","@version":"1","message":"Sep  8 17:30:40 honeypot-sgp-1 kernel: [83534357.197294] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=64621 PROTO=TCP SPT=58204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:38:27 honeypot-fra-1 kernel: [83533146.358639] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.27 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=45524 PROTO=TCP SPT=49270 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:38:27.102Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:41:20 honeypot-ams-1 sshd[1765]: Invalid user user from 45.61.184.204 port 48230","@timestamp":"2022-09-08T17:41:20.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:41:23 honeypot-fra-1 sshd[24509]: Invalid user admin from 213.249.203.115 port 47586","@timestamp":"2022-09-08T17:41:23.172Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:41:39 honeypot-ams-1 sshd[1769]: Invalid user user from 45.61.184.204 port 42694","@timestamp":"2022-09-08T17:41:39.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:41:57 honeypot-ams-1 sshd[1773]: Invalid user user from 45.61.184.204 port 37158","@timestamp":"2022-09-08T17:41:57.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:42:13 honeypot-ams-1 sshd[1777]: Invalid user user from 45.61.184.204 port 59846","@timestamp":"2022-09-08T17:42:13.817Z"}
{"@timestamp":"2022-09-08T17:42:40.270Z","@version":"1","message":"Sep  8 17:42:40 honeypot-sgp-1 sshd[31245]: Received disconnect from 143.110.188.7 port 54870:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:45:05.331Z","@version":"1","message":"Sep  8 17:45:04 honeypot-sgp-1 sshd[31249]: Disconnecting invalid user admin 180.49.192.10 port 61763: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:45:34.345Z","@version":"1","message":"Sep  8 17:45:34 honeypot-sgp-1 sshd[31255]: Invalid user user from 45.61.186.249 port 55962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:45:53.354Z","@version":"1","message":"Sep  8 17:45:53 honeypot-sgp-1 sshd[31260]: Invalid user user from 45.61.186.249 port 50516","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:46:10.362Z","@version":"1","message":"Sep  8 17:46:10 honeypot-sgp-1 sshd[31264]: Invalid user user from 45.61.186.249 port 45070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:47:53 honeypot-ams-1 sshd[1784]: Invalid user user from 45.61.186.49 port 38318","@timestamp":"2022-09-08T17:47:53.964Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:48:03 honeypot-ams-1 sshd[1788]: Invalid user user from 45.61.186.49 port 49786","@timestamp":"2022-09-08T17:48:03.970Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:48:13 honeypot-ams-1 sshd[1792]: Received disconnect from 206.81.15.128 port 49922:11: Bye Bye [preauth]","@timestamp":"2022-09-08T17:48:13.978Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:53:39 honeypot-ams-1 sshd[1797]: Received disconnect from 161.82.233.179 port 59884:11: Bye Bye [preauth]","@timestamp":"2022-09-08T17:53:40.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:56:31 honeypot-fra-1 sshd[24515]: Received disconnect from 64.225.43.245 port 42748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:56:32.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:58:46 honeypot-fra-1 sshd[24521]: Received disconnect from 64.225.43.245 port 55158:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:58:47.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 17:58:48 honeypot-ams-1 kernel: [83536516.474973] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=68.183.37.86 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=37040 PROTO=TCP SPT=59900 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:58:49.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:32 honeypot-fra-1 sshd[24525]: Disconnected from authenticating user root 64.225.43.245 port 40458 [preauth]","@timestamp":"2022-09-08T17:59:33.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24531]: Invalid user devops from 109.224.31.68 port 52068","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24534]: Invalid user jenkins from 109.224.31.68 port 52105","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24544]: Invalid user devops from 109.224.31.68 port 52083","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24540]: Connection closed by invalid user es 109.224.31.68 port 52114 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24532]: Connection closed by invalid user jenkins 109.224.31.68 port 52089 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24543]: Connection closed by invalid user ubuntu 109.224.31.68 port 52101 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24544]: Connection closed by invalid user devops 109.224.31.68 port 52083 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24556]: Invalid user esuser from 109.224.31.68 port 52109","@timestamp":"2022-09-08T17:59:42.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24545]: Connection closed by invalid user test 109.224.31.68 port 52053 [preauth]","@timestamp":"2022-09-08T17:59:42.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24556]: Connection closed by invalid user esuser 109.224.31.68 port 52109 [preauth]","@timestamp":"2022-09-08T17:59:42.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:44 honeypot-fra-1 sshd[24592]: Connection closed by invalid user devops 109.224.31.68 port 52104 [preauth]","@timestamp":"2022-09-08T17:59:45.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:01:53 honeypot-fra-1 sshd[24600]: Received disconnect from 64.225.43.245 port 52824:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:01:53.649Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:02:28.749Z","@version":"1","message":"Sep  8 18:02:27 honeypot-sgp-1 kernel: [83536264.849424] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=52980 PROTO=TCP SPT=40004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:04:01 honeypot-fra-1 sshd[24606]: Invalid user joan from 165.22.45.108 port 41138","@timestamp":"2022-09-08T18:04:01.699Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:04:57 honeypot-fra-1 sshd[24610]: Disconnected from authenticating user root 64.225.43.245 port 50560 [preauth]","@timestamp":"2022-09-08T18:04:58.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:22 honeypot-fra-1 sshd[24615]: Received disconnect from 45.61.186.249 port 45100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:05:22.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:41 honeypot-fra-1 sshd[24619]: Received disconnect from 45.61.186.249 port 39936:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:05:42.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:51 honeypot-fra-1 sshd[24623]: Disconnected from invalid user user 45.61.186.249 port 51468 [preauth]","@timestamp":"2022-09-08T18:05:51.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:06:08 honeypot-fra-1 sshd[24627]: Disconnected from invalid user user 45.61.186.249 port 46324 [preauth]","@timestamp":"2022-09-08T18:06:09.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:07:19 honeypot-fra-1 sshd[24632]: Disconnected from invalid user oladefab 64.225.43.245 port 34690 [preauth]","@timestamp":"2022-09-08T18:07:19.823Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24642]: Invalid user chia from 122.128.79.246 port 53116","@timestamp":"2022-09-08T18:08:36.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24647]: Invalid user test from 122.128.79.246 port 53094","@timestamp":"2022-09-08T18:08:36.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24650]: Invalid user ubuntu from 122.128.79.246 port 53108","@timestamp":"2022-09-08T18:08:36.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24651]: Invalid user git from 122.128.79.246 port 53080","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24662]: Invalid user es from 122.128.79.246 port 53076","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24644]: Connection closed by invalid user vagrant 122.128.79.246 port 53118 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24640]: Connection closed by invalid user ftpuser 122.128.79.246 port 53088 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24650]: Connection closed by invalid user ubuntu 122.128.79.246 port 53108 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24657]: Connection closed by invalid user mysql 122.128.79.246 port 53104 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24662]: Connection closed by invalid user es 122.128.79.246 port 53076 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:51 honeypot-fra-1 kernel: [83534971.187361] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51395 PROTO=TCP SPT=40004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:08:52.865Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:09:43 honeypot-ams-1 sshd[1805]: Received disconnect from 129.226.138.179 port 36786:11: Bye Bye [preauth]","@timestamp":"2022-09-08T18:09:44.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:09:45 honeypot-fra-1 sshd[24701]: Disconnected from invalid user samson 64.225.43.245 port 47048 [preauth]","@timestamp":"2022-09-08T18:09:45.886Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:10:50.967Z","@version":"1","message":"Sep  8 18:10:50 honeypot-sgp-1 sshd[31275]: Invalid user gpadmin from 103.188.176.251 port 52124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:11:19 honeypot-fra-1 sshd[24706]: Disconnected from invalid user dev 64.225.43.245 port 45876 [preauth]","@timestamp":"2022-09-08T18:11:19.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:12:54 honeypot-fra-1 sshd[24711]: Disconnected from invalid user startupclerk 64.225.43.245 port 44710 [preauth]","@timestamp":"2022-09-08T18:12:54.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:14:58 honeypot-ams-1 sshd[1810]: Disconnected from authenticating user root 92.255.85.69 port 57938 [preauth]","@timestamp":"2022-09-08T18:14:58.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:15:16 honeypot-fra-1 sshd[24717]: Received disconnect from 64.225.43.245 port 57072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:15:17.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:15:38.086Z","@version":"1","message":"Sep  8 18:15:37 honeypot-sgp-1 sshd[31281]: Received disconnect from 128.199.32.98 port 44486:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:16:50 honeypot-fra-1 sshd[24722]: Received disconnect from 64.225.43.245 port 55904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:16:51.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:17:27 honeypot-ams-1 sshd[1817]: Invalid user abby from 159.65.61.163 port 55680","@timestamp":"2022-09-08T18:17:27.760Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:17:37 honeypot-fra-1 sshd[24727]: Disconnected from invalid user startupclerk_dev 64.225.43.245 port 41200 [preauth]","@timestamp":"2022-09-08T18:17:38.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:19:13 honeypot-fra-1 sshd[24735]: Received disconnect from 64.225.43.245 port 40032:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:19:14.116Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:20:55 honeypot-fra-1 sshd[24739]: Received disconnect from 64.225.43.245 port 38862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:20:56.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:22:32 honeypot-fra-1 sshd[24745]: Disconnected from authenticating user root 92.255.85.69 port 59266 [preauth]","@timestamp":"2022-09-08T18:22:33.195Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:26:32.731Z","@version":"1","message":"Sep  8 18:26:32 honeypot-sgp-1 sshd[31288]: Received disconnect from 92.255.85.69 port 59412:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:27:09 honeypot-fra-1 sshd[24751]: Invalid user joannew from 165.22.45.108 port 46040","@timestamp":"2022-09-08T18:27:10.299Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 18:31:23 honeypot-ams-1 kernel: [83538471.083728] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.27.54.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=24505 PROTO=TCP SPT=15373 DPT=80 WINDOW=32484 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:31:24.120Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:33:28 honeypot-fra-1 sshd[24756]: Invalid user ps from 92.205.19.152 port 47662","@timestamp":"2022-09-08T18:33:28.441Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:04 honeypot-ams-1 sshd[1830]: Invalid user user from 45.61.184.204 port 45292","@timestamp":"2022-09-08T18:35:05.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:23 honeypot-ams-1 sshd[1834]: Invalid user user from 45.61.184.204 port 40274","@timestamp":"2022-09-08T18:35:24.230Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:43 honeypot-ams-1 sshd[1838]: Invalid user user from 45.61.184.204 port 35280","@timestamp":"2022-09-08T18:35:44.241Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 18:36:40 honeypot-ams-1 kernel: [83538788.659410] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.221.192.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=41879 PROTO=TCP SPT=25607 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:36:41.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:37:59 honeypot-fra-1 sshd[24758]: Disconnected from invalid user vncuser 115.134.130.53 port 56138 [preauth]","@timestamp":"2022-09-08T18:37:59.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:39:10 honeypot-ams-1 sshd[1846]: Received disconnect from 221.212.204.26 port 42704:11: Bye Bye [preauth]","@timestamp":"2022-09-08T18:39:10.333Z"}
{"@timestamp":"2022-09-08T18:39:14.026Z","@version":"1","message":"Sep  8 18:39:13 honeypot-sgp-1 kernel: [83538470.204869] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.236.158 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=31017 DF PROTO=TCP SPT=35402 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:20 honeypot-fra-1 kernel: [83537220.082195] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=34904 PROTO=TCP SPT=42609 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:46:21.731Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24777]: Invalid user www from 20.243.201.105 port 59784","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24785]: Invalid user web from 20.243.201.105 port 59778","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24778]: Invalid user es from 20.243.201.105 port 59734","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24765]: Invalid user git from 20.243.201.105 port 59760","@timestamp":"2022-09-08T18:46:22.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24790]: Connection closed by invalid user ubuntu 20.243.201.105 port 59800 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24774]: Connection closed by invalid user devops 20.243.201.105 port 59772 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24783]: Connection closed by invalid user testuser 20.243.201.105 port 59798 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24785]: Connection closed by invalid user web 20.243.201.105 port 59778 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:22 honeypot-fra-1 sshd[24819]: Did not receive identification string from 20.247.118.146 port 42810","@timestamp":"2022-09-08T18:47:23.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24822]: Invalid user web from 20.247.118.146 port 43108","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24831]: Invalid user git from 20.247.118.146 port 43152","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24823]: Invalid user mysql from 20.247.118.146 port 42812","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24832]: Invalid user ansible from 20.247.118.146 port 42862","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24825]: Connection closed by invalid user guest 20.247.118.146 port 42902 [preauth]","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24835]: Connection closed by invalid user centos 20.247.118.146 port 42846 [preauth]","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24822]: Connection closed by invalid user web 20.247.118.146 port 43108 [preauth]","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24824]: Connection closed by invalid user ftpuser 20.247.118.146 port 42998 [preauth]","@timestamp":"2022-09-08T18:47:24.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24833]: Connection closed by invalid user hadoop 20.247.118.146 port 42828 [preauth]","@timestamp":"2022-09-08T18:47:24.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:47:57.229Z","@version":"1","message":"Sep  8 18:47:56 honeypot-sgp-1 sshd[31298]: Received disconnect from 92.255.85.69 port 50800:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:52:49 honeypot-fra-1 kernel: [83537608.826438] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=64993 PROTO=TCP SPT=44174 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:52:49.880Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:54:07 honeypot-ams-1 sshd[1854]: Connection closed by 180.76.173.237 port 54502 [preauth]","@timestamp":"2022-09-08T18:54:07.732Z"}
{"@timestamp":"2022-09-08T18:59:29.529Z","@version":"1","message":"Sep  8 18:59:29 honeypot-sgp-1 kernel: [83539686.279590] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.165 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=58670 PROTO=TCP SPT=28236 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:59:46 honeypot-fra-1 kernel: [83538025.946138] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=31623 PROTO=TCP SPT=42728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:59:47.039Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:59:53 honeypot-ams-1 sshd[1861]: Did not receive identification string from 45.61.184.204 port 49890","@timestamp":"2022-09-08T18:59:53.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:12 honeypot-ams-1 sshd[1864]: Disconnected from invalid user user 45.61.184.204 port 43402 [preauth]","@timestamp":"2022-09-08T19:00:12.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:31 honeypot-ams-1 sshd[1870]: Received disconnect from 45.61.184.204 port 37912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T19:00:31.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:47 honeypot-ams-1 sshd[1874]: Disconnected from authenticating user root 92.255.85.70 port 50858 [preauth]","@timestamp":"2022-09-08T19:00:47.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:59 honeypot-ams-1 sshd[1878]: Disconnected from invalid user user 45.61.184.204 port 43790 [preauth]","@timestamp":"2022-09-08T19:00:59.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:03:44 honeypot-fra-1 kernel: [83538263.708332] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=354 PROTO=TCP SPT=46438 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:03:45.132Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:07:11 honeypot-fra-1 sshd[24889]: Disconnected from authenticating user root 92.255.85.70 port 16240 [preauth]","@timestamp":"2022-09-08T19:07:12.211Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 19:07:50 honeypot-ams-1 kernel: [83540658.373254] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.204.145.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=17205 PROTO=TCP SPT=42144 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:07:51.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:08:38 honeypot-fra-1 sshd[24894]: Received disconnect from 45.61.184.204 port 52696:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T19:08:39.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:08:58 honeypot-fra-1 sshd[24898]: Received disconnect from 45.61.184.204 port 48980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T19:08:59.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:09:17 honeypot-fra-1 sshd[24902]: Received disconnect from 45.61.184.204 port 45164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T19:09:18.273Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 19:12:20 honeypot-ams-1 kernel: [83540928.571788] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=30791 PROTO=TCP SPT=59606 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:12:21.221Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:12:37 honeypot-fra-1 kernel: [83538796.983093] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=49209 PROTO=TCP SPT=42633 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:12:38.347Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T19:15:08.889Z","@version":"1","message":"Sep  8 19:15:08 honeypot-sgp-1 sshd[31309]: Received disconnect from 221.212.204.26 port 50694:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:02.913Z","@version":"1","message":"Sep  8 19:16:01 honeypot-sgp-1 sshd[31313]: Disconnected from invalid user user 198.98.61.9 port 58508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:11.917Z","@version":"1","message":"Sep  8 19:16:11 honeypot-sgp-1 sshd[31317]: Disconnected from invalid user user 198.98.61.9 port 41534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:17.921Z","@version":"1","message":"Sep  8 19:16:16 honeypot-sgp-1 sshd[31321]: Disconnected from invalid user user 45.61.186.49 port 57812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:16:20 honeypot-fra-1 kernel: [83539019.452802] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=65054 PROTO=TCP SPT=42730 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:16:20.432Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T19:16:23.924Z","@version":"1","message":"Sep  8 19:16:23 honeypot-sgp-1 sshd[31325]: Disconnected from invalid user user 198.98.61.9 port 52798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:39.932Z","@version":"1","message":"Sep  8 19:16:39 honeypot-sgp-1 sshd[31329]: Disconnected from invalid user user 198.98.61.9 port 47082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:54.939Z","@version":"1","message":"Sep  8 19:16:54 honeypot-sgp-1 sshd[31333]: Disconnected from invalid user user 198.98.61.9 port 41370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 19:17:05 honeypot-ams-1 kernel: [83541213.280318] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.194.130 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=50588 PROTO=TCP SPT=33659 DPT=80 WINDOW=28300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:17:06.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:27:47 honeypot-fra-1 sshd[24918]: Disconnected from invalid user bull 81.192.87.130 port 29576 [preauth]","@timestamp":"2022-09-08T19:27:48.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:36:18 honeypot-fra-1 sshd[24923]: Received disconnect from 165.22.45.108 port 60520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T19:36:18.876Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T19:37:22.409Z","@version":"1","message":"Sep  8 19:37:21 honeypot-sgp-1 kernel: [83541958.598485] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.42 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=51274 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:42:04 honeypot-ams-1 sshd[1969]: Connection closed by 180.76.173.237 port 55616 [preauth]","@timestamp":"2022-09-08T19:42:04.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:51:10 honeypot-fra-1 sshd[24927]: Received disconnect from 92.255.85.69 port 18858:11: Bye Bye [preauth]","@timestamp":"2022-09-08T19:51:11.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:59:16 honeypot-fra-1 sshd[24932]: Received disconnect from 165.22.45.108 port 37118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T19:59:16.386Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T20:00:52.948Z","@version":"1","message":"Sep  8 20:00:52 honeypot-sgp-1 kernel: [83543369.502158] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=37.139.129.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=43467 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:03:45 honeypot-ams-1 sshd[1992]: Invalid user user from 45.61.184.204 port 38954","@timestamp":"2022-09-08T20:03:45.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:04:04 honeypot-ams-1 sshd[1996]: Invalid user user from 45.61.184.204 port 33812","@timestamp":"2022-09-08T20:04:04.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:04:21 honeypot-fra-1 sshd[24937]: Connection closed by invalid user admin 193.106.191.157 port 41686 [preauth]","@timestamp":"2022-09-08T20:04:22.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:04:22 honeypot-ams-1 sshd[2000]: Invalid user user from 45.61.184.204 port 56908","@timestamp":"2022-09-08T20:04:22.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:04:39 honeypot-ams-1 sshd[2004]: Invalid user user from 45.61.184.204 port 51744","@timestamp":"2022-09-08T20:04:39.562Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:06:52 honeypot-ams-1 kernel: [83544200.497523] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.191.53.157 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=46941 DF PROTO=TCP SPT=53606 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:06:53.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:12:35 honeypot-ams-1 sshd[2012]: Received disconnect from 45.61.186.49 port 57516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:12:35.770Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:12:44 honeypot-fra-1 kernel: [83542403.242794] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37002 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:12:44.689Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:12:45 honeypot-ams-1 sshd[2016]: Received disconnect from 45.61.186.49 port 40318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:12:45.776Z"}
{"@timestamp":"2022-09-08T20:13:47.248Z","@version":"1","message":"Sep  8 20:13:46 honeypot-sgp-1 kernel: [83544143.519243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=58044 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:15:42 honeypot-ams-1 sshd[2021]: Disconnected from authenticating user root 64.225.43.245 port 55408 [preauth]","@timestamp":"2022-09-08T20:15:42.857Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:16:49 honeypot-fra-1 kernel: [83542647.973362] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=10466 PROTO=TCP SPT=45596 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:16:49.798Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:17:13 honeypot-ams-1 sshd[2028]: Disconnected from authenticating user root 64.225.43.245 port 54240 [preauth]","@timestamp":"2022-09-08T20:17:14.901Z"}
{"@timestamp":"2022-09-08T20:18:41.366Z","@version":"1","message":"Sep  8 20:18:41 honeypot-sgp-1 kernel: [83544437.967725] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32383 PROTO=TCP SPT=52801 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:18:44 honeypot-ams-1 sshd[2034]: Received disconnect from 64.225.43.245 port 53074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:18:45.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:21:05 honeypot-ams-1 sshd[2041]: Received disconnect from 64.225.43.245 port 37204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:21:06.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:21:08 honeypot-fra-1 kernel: [83542906.944067] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=38849 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:21:08.897Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:22:53 honeypot-fra-1 sshd[24955]: Connection closed by invalid user gpadmin 103.188.176.251 port 57000 [preauth]","@timestamp":"2022-09-08T20:22:54.941Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:23:25 honeypot-ams-1 sshd[2047]: Received disconnect from 64.225.43.245 port 49576:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:23:26.072Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:25:18 honeypot-ams-1 kernel: [83545305.683141] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42312 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:25:18.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:26:30 honeypot-ams-1 sshd[2056]: Disconnected from invalid user oladefab 64.225.43.245 port 47242 [preauth]","@timestamp":"2022-09-08T20:26:31.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:28:07 honeypot-ams-1 sshd[2060]: Disconnected from invalid user petrong 64.225.43.245 port 46082 [preauth]","@timestamp":"2022-09-08T20:28:08.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:29:07 honeypot-ams-1 sshd[2064]: Disconnected from authenticating user root 92.255.85.69 port 28724 [preauth]","@timestamp":"2022-09-08T20:29:08.226Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:29:53 honeypot-fra-1 sshd[24960]: Connection closed by authenticating user root 141.98.10.158 port 46988 [preauth]","@timestamp":"2022-09-08T20:29:54.097Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:30:48 honeypot-ams-1 kernel: [83545636.207637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=42660 PROTO=TCP SPT=49006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:30:49.272Z"}
{"@timestamp":"2022-09-08T20:31:05.658Z","@version":"1","message":"Sep  8 20:31:04 honeypot-sgp-1 sshd[31359]: Bad protocol version identification '\\003' from 193.46.254.38 port 61112","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:32:03 honeypot-ams-1 sshd[2073]: Disconnected from invalid user startupclerk 64.225.43.245 port 57282 [preauth]","@timestamp":"2022-09-08T20:32:03.306Z"}
{"@timestamp":"2022-09-08T20:32:33.695Z","@version":"1","message":"Sep  8 20:32:33 honeypot-sgp-1 sshd[31363]: Received disconnect from 178.128.114.244 port 60654:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:33:37 honeypot-ams-1 sshd[2077]: Disconnected from invalid user plandevac 64.225.43.245 port 56116 [preauth]","@timestamp":"2022-09-08T20:33:38.350Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:35:12 honeypot-ams-1 sshd[2081]: Disconnected from invalid user schoosoft_dev 64.225.43.245 port 54950 [preauth]","@timestamp":"2022-09-08T20:35:13.395Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:36:14 honeypot-ams-1 kernel: [83545962.328935] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:36:15.426Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:36:40 honeypot-fra-1 sshd[25037]: Disconnected from authenticating user root 92.255.85.69 port 24700 [preauth]","@timestamp":"2022-09-08T20:36:41.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:37:33 honeypot-ams-1 sshd[2090]: Disconnected from authenticating user root 64.225.43.245 port 39084 [preauth]","@timestamp":"2022-09-08T20:37:33.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:39:10 honeypot-ams-1 sshd[2094]: Disconnected from invalid user sandbox 64.225.43.245 port 37916 [preauth]","@timestamp":"2022-09-08T20:39:10.502Z"}
{"@timestamp":"2022-09-08T20:39:31.857Z","@version":"1","message":"Sep  8 20:39:31 honeypot-sgp-1 sshd[31368]: Disconnected from authenticating user root 92.255.85.69 port 39130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:40:49 honeypot-ams-1 sshd[2098]: Disconnected from invalid user ccapi 64.225.43.245 port 36746 [preauth]","@timestamp":"2022-09-08T20:40:50.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:45:22 honeypot-fra-1 sshd[25045]: Invalid user joe from 165.22.45.108 port 46742","@timestamp":"2022-09-08T20:45:22.463Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:47:56 honeypot-ams-1 kernel: [83546664.317524] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=23846 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:47:56.728Z"}
{"@timestamp":"2022-09-08T20:49:47.098Z","@version":"1","message":"Sep  8 20:49:46 honeypot-sgp-1 kernel: [83546303.269735] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=691 DF PROTO=TCP SPT=60488 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:58:52 honeypot-fra-1 sshd[25049]: Invalid user admin from 92.255.85.69 port 19758","@timestamp":"2022-09-08T20:58:52.762Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:59:32 honeypot-ams-1 sshd[2109]: Did not receive identification string from 198.98.61.9 port 36796","@timestamp":"2022-09-08T20:59:33.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:00 honeypot-ams-1 sshd[2112]: Disconnected from invalid user user 198.98.61.9 port 57864 [preauth]","@timestamp":"2022-09-08T21:00:01.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:20 honeypot-ams-1 sshd[2116]: Disconnected from invalid user user 198.98.61.9 port 55316 [preauth]","@timestamp":"2022-09-08T21:00:21.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:42 honeypot-ams-1 sshd[2120]: Disconnected from invalid user user 198.98.61.9 port 52708 [preauth]","@timestamp":"2022-09-08T21:00:43.070Z"}
{"@timestamp":"2022-09-08T21:02:14.381Z","@version":"1","message":"Sep  8 21:02:13 honeypot-sgp-1 sshd[31375]: Received disconnect from 92.255.85.69 port 37158:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:03:42 honeypot-fra-1 kernel: [83545461.163157] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=117.215.255.211 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=21452 DF PROTO=TCP SPT=35329 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:03:42.877Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:08:05 honeypot-ams-1 sshd[2126]: Invalid user lgy from 137.116.144.39 port 54102","@timestamp":"2022-09-08T21:08:06.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:13:46 honeypot-ams-1 sshd[2132]: Disconnected from authenticating user root 92.255.85.70 port 62720 [preauth]","@timestamp":"2022-09-08T21:13:46.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:15:12 honeypot-fra-1 kernel: [83546151.740895] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=60285 PROTO=TCP SPT=51504 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:15:13.137Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T21:17:01.738Z","@version":"1","message":"Sep  8 21:17:01 honeypot-sgp-1 CRON[31380]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:17:19 honeypot-ams-1 sshd[2141]: Invalid user pi from 70.44.38.158 port 57434","@timestamp":"2022-09-08T21:17:19.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:18:19 honeypot-ams-1 sshd[2146]: Received disconnect from 41.93.33.2 port 52926:11: Bye Bye [preauth]","@timestamp":"2022-09-08T21:18:20.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:18:47 honeypot-ams-1 sshd[2152]: Invalid user muhandash from 42.200.78.78 port 58338","@timestamp":"2022-09-08T21:18:47.547Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:19:36 honeypot-ams-1 sshd[2157]: Received disconnect from 162.19.25.127 port 51284:11: Bye Bye [preauth]","@timestamp":"2022-09-08T21:19:36.569Z"}
{"@timestamp":"2022-09-08T21:20:36.820Z","@version":"1","message":"Sep  8 21:20:36 honeypot-sgp-1 sshd[31387]: Invalid user user from 141.255.162.226 port 60090","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:20:40.822Z","@version":"1","message":"Sep  8 21:20:40 honeypot-sgp-1 sshd[31391]: Invalid user user from 141.255.162.226 port 52792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:20:41.822Z","@version":"1","message":"Sep  8 21:20:41 honeypot-sgp-1 sshd[31395]: Invalid user user from 141.255.162.226 port 59774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:22:19 honeypot-fra-1 kernel: [83546577.936882] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=43919 PROTO=TCP SPT=58301 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:22:19.322Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:23:18 honeypot-ams-1 sshd[2161]: Invalid user areyes from 103.214.112.199 port 57660","@timestamp":"2022-09-08T21:23:18.666Z"}
{"@timestamp":"2022-09-08T21:23:48.893Z","@version":"1","message":"Sep  8 21:23:48 honeypot-sgp-1 sshd[31402]: Received disconnect from 92.255.85.70 port 54762:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:24:45 honeypot-ams-1 sshd[2166]: Invalid user tonia from 186.10.125.209 port 24405","@timestamp":"2022-09-08T21:24:45.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:31:33 honeypot-fra-1 sshd[25067]: Invalid user joe from 165.22.45.108 port 56396","@timestamp":"2022-09-08T21:31:34.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T21:37:43.204Z","@version":"1","message":"Sep  8 21:37:42 honeypot-sgp-1 kernel: [83549179.232548] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=84.38.185.202 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19267 PROTO=TCP SPT=46664 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:09.216Z","@version":"1","message":"Sep  8 21:38:09 honeypot-sgp-1 sshd[31411]: Disconnected from invalid user user 198.98.61.9 port 50698 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:25.224Z","@version":"1","message":"Sep  8 21:38:24 honeypot-sgp-1 sshd[31415]: Disconnected from invalid user user 198.98.61.9 port 43720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:43.232Z","@version":"1","message":"Sep  8 21:38:42 honeypot-sgp-1 sshd[31419]: Received disconnect from 198.98.61.9 port 36736:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 21:38:42 honeypot-ams-1 kernel: [83549710.344903] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.87 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=35026 PROTO=TCP SPT=46805 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:38:43.065Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:44:18 honeypot-fra-1 kernel: [83547897.642840] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.128.231.89 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=42224 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:44:19.805Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T21:45:47.391Z","@version":"1","message":"Sep  8 21:45:46 honeypot-sgp-1 sshd[31424]: Received disconnect from 92.255.85.69 port 24216:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:09 honeypot-fra-1 sshd[25076]: Received disconnect from 141.255.162.226 port 33116:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T21:48:09.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:12 honeypot-fra-1 sshd[25080]: Received disconnect from 141.255.162.226 port 40292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T21:48:12.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:13 honeypot-fra-1 sshd[25084]: Received disconnect from 141.255.162.226 port 33612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T21:48:14.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:18 honeypot-fra-1 sshd[25088]: Received disconnect from 141.255.162.226 port 40790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T21:48:18.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25092]: Invalid user mysql from 51.79.254.140 port 37530","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25109]: Invalid user es from 51.79.254.140 port 37492","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25105]: Invalid user postgres from 51.79.254.140 port 37666","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25097]: Connection closed by invalid user mysql 51.79.254.140 port 37466 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25119]: Invalid user ubuntu from 51.79.254.140 port 37670","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25102]: Connection closed by invalid user git 51.79.254.140 port 37728 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25094]: Connection closed by invalid user centos 51.79.254.140 port 37594 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25105]: Connection closed by invalid user postgres 51.79.254.140 port 37666 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25112]: Connection closed by invalid user www 51.79.254.140 port 37600 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25121]: Connection closed by invalid user test 51.79.254.140 port 37642 [preauth]","@timestamp":"2022-09-08T21:49:07.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:52:20 honeypot-fra-1 sshd[25154]: Received disconnect from 62.204.41.222 port 25037:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-08T21:52:20.989Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:53:18 honeypot-ams-1 sshd[2180]: Disconnected from authenticating user root 180.64.115.229 port 60848 [preauth]","@timestamp":"2022-09-08T21:53:19.436Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:58:02 honeypot-ams-1 sshd[2185]: Received disconnect from 92.255.85.69 port 43110:11: Bye Bye [preauth]","@timestamp":"2022-09-08T21:58:02.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:00:54 honeypot-fra-1 sshd[25159]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-08T22:00:55.183Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:08:20 honeypot-ams-1 sshd[2189]: Disconnected from invalid user user 198.98.61.9 port 33368 [preauth]","@timestamp":"2022-09-08T22:08:20.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:08:37 honeypot-ams-1 sshd[2193]: Disconnected from invalid user user 198.98.61.9 port 55040 [preauth]","@timestamp":"2022-09-08T22:08:37.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:08:51 honeypot-ams-1 sshd[2197]: Received disconnect from 198.98.61.9 port 48430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:08:51.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:09:10 honeypot-ams-1 sshd[2201]: Received disconnect from 198.98.61.9 port 41870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:09:10.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:15:04 honeypot-fra-1 sshd[25165]: Invalid user Admin from 95.76.220.209 port 46889","@timestamp":"2022-09-08T22:15:04.507Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T22:17:02.102Z","@version":"1","message":"Sep  8 22:17:01 honeypot-sgp-1 CRON[31430]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:20:05 honeypot-fra-1 sshd[25171]: Received disconnect from 165.22.45.108 port 37862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:20:06.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:21:37 honeypot-ams-1 sshd[2207]: Disconnected from authenticating user root 92.255.85.70 port 61084 [preauth]","@timestamp":"2022-09-08T22:21:38.159Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 22:24:58 honeypot-ams-1 kernel: [83552485.908681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.156.155.12 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17913 PROTO=TCP SPT=49561 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T22:24:59.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:29:36 honeypot-ams-1 sshd[2219]: Connection closed by 180.76.173.237 port 59522 [preauth]","@timestamp":"2022-09-08T22:29:37.370Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:29:40 honeypot-fra-1 sshd[25176]: Disconnected from authenticating user root 92.255.85.69 port 34764 [preauth]","@timestamp":"2022-09-08T22:29:40.829Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 22:36:01 honeypot-ams-1 kernel: [83553148.680140] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=29123 DF PROTO=TCP SPT=56549 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T22:36:01.537Z"}
{"@timestamp":"2022-09-08T22:36:00.548Z","@version":"1","message":"Sep  8 22:35:59 honeypot-sgp-1 sshd[31436]: Received disconnect from 103.91.123.150 port 47636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:37:57 honeypot-fra-1 sshd[25182]: Did not receive identification string from 45.61.184.204 port 44016","@timestamp":"2022-09-08T22:37:58.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:38:43 honeypot-fra-1 sshd[25185]: Disconnected from invalid user user 45.61.184.204 port 48302 [preauth]","@timestamp":"2022-09-08T22:38:44.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:39:02 honeypot-fra-1 sshd[25189]: Disconnected from invalid user user 45.61.184.204 port 43460 [preauth]","@timestamp":"2022-09-08T22:39:02.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:39:18 honeypot-fra-1 sshd[25193]: Disconnected from invalid user user 45.61.184.204 port 38586 [preauth]","@timestamp":"2022-09-08T22:39:19.052Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:44 honeypot-ams-1 sshd[2227]: Received disconnect from 141.255.162.226 port 33842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:39:44.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:46 honeypot-ams-1 sshd[2231]: Received disconnect from 141.255.162.226 port 54690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:39:47.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:50 honeypot-ams-1 sshd[2235]: Received disconnect from 141.255.162.226 port 56016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:39:50.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:51 honeypot-ams-1 sshd[2239]: Received disconnect from 141.255.162.226 port 41232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:39:52.640Z"}
{"@timestamp":"2022-09-08T22:40:26.647Z","@version":"1","message":"Sep  8 22:40:26 honeypot-sgp-1 kernel: [83552942.809956] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=53313 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:44:50 honeypot-ams-1 sshd[2244]: Received disconnect from 92.255.85.69 port 38078:11: Bye Bye [preauth]","@timestamp":"2022-09-08T22:44:50.770Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:46:03 honeypot-fra-1 sshd[25198]: Disconnected from invalid user joe 165.22.45.108 port 42748 [preauth]","@timestamp":"2022-09-08T22:46:03.199Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T22:55:38.993Z","@version":"1","message":"Sep  8 22:55:38 honeypot-sgp-1 sshd[31443]: Disconnected from authenticating user root 92.255.85.70 port 31374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 23:01:14 honeypot-ams-1 kernel: [83554662.551452] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=5355 PROTO=TCP SPT=51055 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:01:15.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:03:38 honeypot-fra-1 kernel: [83552656.701902] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=9807 PROTO=TCP SPT=37454 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:03:38.584Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T23:07:07.256Z","@version":"1","message":"Sep  8 23:07:06 honeypot-sgp-1 kernel: [83554543.381558] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=117.210.152.94 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=31329 DF PROTO=TCP SPT=20655 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:07:53 honeypot-ams-1 sshd[2257]: Disconnected from authenticating user root 92.255.85.70 port 58134 [preauth]","@timestamp":"2022-09-08T23:07:54.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:14 honeypot-ams-1 sshd[2261]: Disconnected from invalid user user 45.61.184.204 port 49610 [preauth]","@timestamp":"2022-09-08T23:08:14.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:34 honeypot-ams-1 sshd[2265]: Received disconnect from 45.61.184.204 port 44206:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T23:08:35.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:52 honeypot-ams-1 sshd[2269]: Received disconnect from 45.61.184.204 port 38798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T23:08:53.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:15:37 honeypot-fra-1 sshd[25211]: Received disconnect from 92.255.85.70 port 34570:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:15:37.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:17:01 honeypot-ams-1 CRON[2274]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T23:17:01.599Z"}
{"@timestamp":"2022-09-08T23:17:59.501Z","@version":"1","message":"Sep  8 23:17:59 honeypot-sgp-1 sshd[31454]: Disconnecting invalid user  31.184.198.71 port 18117: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:18:26.513Z","@version":"1","message":"Sep  8 23:18:25 honeypot-sgp-1 sshd[31460]: Disconnecting invalid user  31.184.198.71 port 48816: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:18:48.525Z","@version":"1","message":"Sep  8 23:18:48 honeypot-sgp-1 sshd[31467]: Disconnected from authenticating user root 92.255.85.69 port 22912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:19:07.534Z","@version":"1","message":"Sep  8 23:19:07 honeypot-sgp-1 sshd[31472]: Disconnecting invalid user admin 31.184.198.71 port 20014: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:19:38.549Z","@version":"1","message":"Sep  8 23:19:37 honeypot-sgp-1 sshd[31480]: Invalid user 1234 from 31.184.198.71 port 20694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 23:19:44 honeypot-ams-1 kernel: [83555772.253111] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=30162 PROTO=TCP SPT=53086 DPT=80 WINDOW=3206 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:19:45.672Z"}
{"@timestamp":"2022-09-08T23:20:02.561Z","@version":"1","message":"Sep  8 23:20:01 honeypot-sgp-1 sshd[31486]: Invalid user  from 31.184.198.71 port 49346","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:20:10 honeypot-fra-1 kernel: [83553648.697257] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24561 PROTO=TCP SPT=42125 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:20:10.958Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T23:20:30.575Z","@version":"1","message":"Sep  8 23:20:30 honeypot-sgp-1 sshd[31492]: Disconnecting invalid user Admin 31.184.198.71 port 12763: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:20:53.586Z","@version":"1","message":"Sep  8 23:20:52 honeypot-sgp-1 sshd[31499]: Disconnecting invalid user guest 31.184.198.71 port 20677: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:21:25.600Z","@version":"1","message":"Sep  8 23:21:24 honeypot-sgp-1 sshd[31507]: Invalid user Cisco from 31.184.198.71 port 40907","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:21:40.608Z","@version":"1","message":"Sep  8 23:21:40 honeypot-sgp-1 sshd[31513]: Connection closed by invalid user jiayu 103.188.176.251 port 52224 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:22:03.620Z","@version":"1","message":"Sep  8 23:22:03 honeypot-sgp-1 sshd[31519]: Disconnecting invalid user Administrator 31.184.198.71 port 24692: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:22:33.633Z","@version":"1","message":"Sep  8 23:22:33 honeypot-sgp-1 sshd[31525]: Disconnecting invalid user sti.admin5 31.184.198.71 port 6313: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:22:57.645Z","@version":"1","message":"Sep  8 23:22:56 honeypot-sgp-1 sshd[31531]: Disconnecting invalid user zhone 31.184.198.71 port 14288: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:23:11 honeypot-ams-1 sshd[2284]: Invalid user user from 223.255.187.154 port 10874","@timestamp":"2022-09-08T23:23:11.764Z"}
{"@timestamp":"2022-09-08T23:23:26.658Z","@version":"1","message":"Sep  8 23:23:25 honeypot-sgp-1 sshd[31539]: Invalid user admin from 31.184.198.71 port 49227","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:23:55.673Z","@version":"1","message":"Sep  8 23:23:54 honeypot-sgp-1 sshd[31545]: Invalid user cusadmin from 31.184.198.71 port 60127","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:24:12.682Z","@version":"1","message":"Sep  8 23:24:12 honeypot-sgp-1 sshd[31551]: Invalid user admin from 221.158.195.111 port 37574","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:24:18 honeypot-ams-1 sshd[2286]: Disconnected from invalid user user 202.88.244.36 port 2440 [preauth]","@timestamp":"2022-09-08T23:24:18.794Z"}
{"@timestamp":"2022-09-08T23:24:34.692Z","@version":"1","message":"Sep  8 23:24:33 honeypot-sgp-1 sshd[31557]: Invalid user comcast from 31.184.198.71 port 5544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:24:58.704Z","@version":"1","message":"Sep  8 23:24:58 honeypot-sgp-1 sshd[31563]: Invalid user admin1234 from 31.184.198.71 port 51410","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:25:25.716Z","@version":"1","message":"Sep  8 23:25:25 honeypot-sgp-1 sshd[31570]: Invalid user admin from 31.184.198.71 port 54322","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:25:42.726Z","@version":"1","message":"Sep  8 23:25:42 honeypot-sgp-1 sshd[31577]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 24857","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:26:17.743Z","@version":"1","message":"Sep  8 23:26:17 honeypot-sgp-1 sshd[31585]: Invalid user airlive from 31.184.198.71 port 14892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:26:42 honeypot-ams-1 sshd[2293]: Received disconnect from 62.84.125.211 port 45088:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:26:42.859Z"}
{"@timestamp":"2022-09-08T23:26:43.755Z","@version":"1","message":"Sep  8 23:26:42 honeypot-sgp-1 sshd[31591]: Invalid user roqos from 31.184.198.71 port 48825","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:27:00.764Z","@version":"1","message":"Sep  8 23:26:59 honeypot-sgp-1 sshd[31595]: Connection closed by invalid user Admin 112.16.125.165 port 33625 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:27:25.775Z","@version":"1","message":"Sep  8 23:27:25 honeypot-sgp-1 sshd[31603]: Invalid user smcadmin from 31.184.198.71 port 8438","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:27:56.789Z","@version":"1","message":"Sep  8 23:27:55 honeypot-sgp-1 sshd[31610]: Invalid user highspeed from 31.184.198.71 port 53846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:28:20.801Z","@version":"1","message":"Sep  8 23:28:20 honeypot-sgp-1 sshd[31616]: Invalid user  from 31.184.198.71 port 61651","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:28:56.818Z","@version":"1","message":"Sep  8 23:28:56 honeypot-sgp-1 sshd[31622]: Invalid user public from 31.184.198.71 port 55982","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:29:28.834Z","@version":"1","message":"Sep  8 23:29:28 honeypot-sgp-1 kernel: [83555885.221585] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14702 PROTO=TCP SPT=59647 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:30:06.852Z","@version":"1","message":"Sep  8 23:30:06 honeypot-sgp-1 sshd[31635]: Invalid user amdin from 31.184.198.71 port 8251","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:30:37.866Z","@version":"1","message":"Sep  8 23:30:37 honeypot-sgp-1 kernel: [83555954.355095] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=18251 PROTO=TCP SPT=59806 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:31:03.880Z","@version":"1","message":"Sep  8 23:31:03 honeypot-sgp-1 sshd[31646]: Disconnecting invalid user 0 31.184.198.71 port 23265: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:31:03 honeypot-ams-1 sshd[2297]: Received disconnect from 180.168.95.234 port 46780:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:31:03.972Z"}
{"@timestamp":"2022-09-08T23:31:29.892Z","@version":"1","message":"Sep  8 23:31:29 honeypot-sgp-1 sshd[31652]: Disconnecting invalid user admin 31.184.198.71 port 42599: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:33:09 honeypot-fra-1 sshd[25219]: Invalid user vasile from 1.55.215.71 port 52412","@timestamp":"2022-09-08T23:33:10.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:38:32 honeypot-fra-1 sshd[25222]: Disconnected from invalid user joey 165.22.45.108 port 52514 [preauth]","@timestamp":"2022-09-08T23:38:32.403Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 23:39:41 honeypot-ams-1 kernel: [83556968.782295] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.82.77.33 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=125 ID=43900 PROTO=TCP SPT=31667 DPT=5432 WINDOW=13059 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:39:42.192Z"}
{"@timestamp":"2022-09-08T23:41:59.133Z","@version":"1","message":"Sep  8 23:41:58 honeypot-sgp-1 sshd[31660]: Disconnected from authenticating user root 92.255.85.69 port 53050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:43:23 honeypot-ams-1 sshd[2303]: Received disconnect from 91.201.240.153 port 47708:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:43:24.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:44:46 honeypot-fra-1 sshd[25229]: Connection closed by invalid user 01porn 141.98.10.158 port 58118 [preauth]","@timestamp":"2022-09-08T23:44:46.542Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T23:46:18.232Z","@version":"1","message":"Sep  8 23:46:17 honeypot-sgp-1 sshd[31665]: Received disconnect from 45.61.186.169 port 48128:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:46:36.241Z","@version":"1","message":"Sep  8 23:46:35 honeypot-sgp-1 sshd[31669]: Received disconnect from 45.61.186.169 port 42728:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:46:52.248Z","@version":"1","message":"Sep  8 23:46:52 honeypot-sgp-1 sshd[31673]: Received disconnect from 45.61.186.169 port 37352:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:48:40 honeypot-fra-1 sshd[25233]: Received disconnect from 162.215.1.59 port 53666:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:48:41.632Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:52:06 honeypot-ams-1 sshd[2308]: Disconnected from 134.122.30.242 port 49764 [preauth]","@timestamp":"2022-09-08T23:52:07.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:04:53 honeypot-fra-1 kernel: [83556331.657744] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.150 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35452 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:04:54.008Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T00:04:57.661Z","@version":"1","message":"Sep  9 00:04:56 honeypot-sgp-1 sshd[31679]: Received disconnect from 92.255.85.69 port 51670:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 00:08:35 honeypot-ams-1 kernel: [83558702.735641] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50101 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:08:35.957Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:15:51 honeypot-fra-1 kernel: [83556990.227363] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=129.213.160.131 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38942 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:15:52.257Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T00:16:57.936Z","@version":"1","message":"Sep  9 00:16:57 honeypot-sgp-1 sshd[31682]: Did not receive identification string from 192.241.219.148 port 36106","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:17:01 honeypot-ams-1 CRON[2324]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T00:17:01.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:25:10 honeypot-fra-1 sshd[25254]: Disconnected from authenticating user root 92.255.85.69 port 44978 [preauth]","@timestamp":"2022-09-09T00:25:11.502Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:26:15.176Z","@version":"1","message":"Sep  9 00:26:14 honeypot-sgp-1 sshd[31689]: Disconnected from authenticating user root 182.253.113.138 port 34592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:26:59 honeypot-fra-1 sshd[25261]: Disconnected from authenticating user root 165.22.42.39 port 48060 [preauth]","@timestamp":"2022-09-09T00:27:00.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:27:51 honeypot-fra-1 sshd[25267]: Invalid user admin from 128.199.10.193 port 36538","@timestamp":"2022-09-09T00:27:51.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:27:54 honeypot-fra-1 sshd[25273]: Invalid user admin from 128.199.10.193 port 36564","@timestamp":"2022-09-09T00:27:54.570Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:28:33 honeypot-fra-1 sshd[25277]: Connection closed by invalid user Admin 103.89.58.230 port 40523 [preauth]","@timestamp":"2022-09-09T00:28:34.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:30:41 honeypot-fra-1 kernel: [83557879.523990] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34143 PROTO=TCP SPT=37998 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:30:41.640Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:32:28 honeypot-fra-1 sshd[25290]: Received disconnect from 165.22.42.39 port 44576:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:32:29.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:34:22 honeypot-fra-1 sshd[25294]: Disconnected from authenticating user root 165.22.42.39 port 43408 [preauth]","@timestamp":"2022-09-09T00:34:23.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:35:09 honeypot-ams-1 sshd[2330]: Disconnected from invalid user kirk 212.33.198.55 port 50514 [preauth]","@timestamp":"2022-09-09T00:35:09.655Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:37:20 honeypot-fra-1 sshd[25301]: Received disconnect from 165.22.42.39 port 55794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:37:20.797Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:37:34.435Z","@version":"1","message":"Sep  9 00:37:33 honeypot-sgp-1 kernel: [83559970.164643] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.242.9.34 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=20543 DF PROTO=TCP SPT=53858 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:16 honeypot-fra-1 sshd[25306]: Invalid user schoosoft from 165.22.42.39 port 54626","@timestamp":"2022-09-09T00:39:16.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:30 honeypot-fra-1 sshd[25310]: Invalid user user from 198.98.61.9 port 34074","@timestamp":"2022-09-09T00:39:30.849Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:47 honeypot-fra-1 sshd[25314]: Invalid user user from 198.98.61.9 port 56698","@timestamp":"2022-09-09T00:39:47.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 00:39:56 honeypot-ams-1 kernel: [83560584.347770] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.216 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=64474 PROTO=TCP SPT=41992 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:39:57.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:40:03 honeypot-fra-1 sshd[25318]: Invalid user user from 198.98.61.9 port 51060","@timestamp":"2022-09-09T00:40:03.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:40:11 honeypot-fra-1 sshd[25322]: Invalid user user from 198.98.61.9 port 34122","@timestamp":"2022-09-09T00:40:11.869Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:40:17.498Z","@version":"1","message":"Sep  9 00:40:17 honeypot-sgp-1 sshd[31698]: Received disconnect from 52.139.183.239 port 42564:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:42:05 honeypot-fra-1 sshd[25327]: Received disconnect from 165.22.42.39 port 38800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:42:05.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:43:04 honeypot-fra-1 kernel: [83558622.890300] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.176.47 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52186 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:43:04.937Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T00:43:13.586Z","@version":"1","message":"Sep  9 00:43:12 honeypot-sgp-1 sshd[31703]: Invalid user admin from 128.199.160.207 port 55992","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T00:43:13.586Z","@version":"1","message":"Sep  9 00:43:12 honeypot-sgp-1 sshd[31709]: Invalid user admin from 128.199.160.207 port 56008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:44:50 honeypot-fra-1 sshd[25333]: Invalid user startupclerk from 165.22.42.39 port 51168","@timestamp":"2022-09-09T00:44:50.982Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:46:41 honeypot-fra-1 sshd[25337]: Received disconnect from 165.22.42.39 port 50004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:46:42.024Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:46:54.672Z","@version":"1","message":"Sep  9 00:46:54 honeypot-sgp-1 kernel: [83560530.754362] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=87.246.7.194 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=23034 PROTO=TCP SPT=48705 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:48:32 honeypot-fra-1 sshd[25344]: Invalid user schoosoft_dev from 165.22.42.39 port 48836","@timestamp":"2022-09-09T00:48:33.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:50:26 honeypot-fra-1 sshd[25348]: Invalid user startupclerk_dev from 165.22.42.39 port 47680","@timestamp":"2022-09-09T00:50:27.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:52:18 honeypot-fra-1 sshd[25352]: Received disconnect from 165.22.42.39 port 46510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:52:19.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:54:14 honeypot-fra-1 sshd[25357]: Received disconnect from 165.22.42.39 port 45342:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:54:15.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:56:09 honeypot-fra-1 sshd[25361]: Disconnected from authenticating user root 165.22.42.39 port 44186 [preauth]","@timestamp":"2022-09-09T00:56:10.246Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:56:15 honeypot-ams-1 sshd[2344]: Received disconnect from 202.157.184.153 port 46042:11: Bye Bye [preauth]","@timestamp":"2022-09-09T00:56:16.214Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:59:27 honeypot-fra-1 sshd[25368]: Connection closed by 192.241.207.200 port 36846 [preauth]","@timestamp":"2022-09-09T00:59:27.322Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:59:31.965Z","@version":"1","message":"Sep  9 00:59:31 honeypot-sgp-1 sshd[31719]: Connection closed by 192.241.220.84 port 35234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 01:00:45 honeypot-ams-1 kernel: [83561833.226295] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.203.57.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59792 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:00:46.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:07:59 honeypot-ams-1 sshd[2353]: Disconnected from invalid user dani 154.120.243.194 port 58006 [preauth]","@timestamp":"2022-09-09T01:08:00.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:12:49 honeypot-fra-1 kernel: [83560408.160829] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=171.244.80.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=26081 PROTO=TCP SPT=6221 DPT=80 WINDOW=15469 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:12:50.625Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T01:13:14.282Z","@version":"1","message":"Sep  9 01:13:14 honeypot-sgp-1 sshd[31723]: Received disconnect from 209.141.52.250 port 45382:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:14:54 honeypot-fra-1 sshd[25375]: Invalid user emily from 101.255.65.138 port 34798","@timestamp":"2022-09-09T01:14:54.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:15:30 honeypot-ams-1 sshd[2358]: Disconnected from authenticating user root 190.128.230.98 port 57740 [preauth]","@timestamp":"2022-09-09T01:15:30.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:17:01 honeypot-ams-1 CRON[2364]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T01:17:01.778Z"}
{"@timestamp":"2022-09-09T01:17:02.375Z","@version":"1","message":"Sep  9 01:17:01 honeypot-sgp-1 CRON[31729]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:20:48 honeypot-fra-1 sshd[25382]: Received disconnect from 185.74.6.58 port 55714:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:20:48.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25395]: Connection closed by invalid user esuser 193.176.239.126 port 60740 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25404]: Invalid user web from 193.176.239.126 port 60752","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25388]: Invalid user ftpuser from 193.176.239.126 port 60804","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25389]: Invalid user hadoop from 193.176.239.126 port 60734","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25387]: Connection closed by invalid user admin 193.176.239.126 port 60758 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25406]: Connection closed by invalid user oracle 193.176.239.126 port 60814 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25405]: Connection closed by invalid user git 193.176.239.126 port 60744 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25389]: Connection closed by invalid user hadoop 193.176.239.126 port 60734 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:23:58 honeypot-fra-1 sshd[25438]: Invalid user john from 165.22.45.108 port 43882","@timestamp":"2022-09-09T01:23:58.881Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:28:08 honeypot-ams-1 sshd[2371]: Disconnected from authenticating user root 92.255.85.69 port 37460 [preauth]","@timestamp":"2022-09-09T01:28:09.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:35:08 honeypot-fra-1 sshd[25443]: Received disconnect from 92.255.85.69 port 19700:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:35:09.134Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T01:38:49.878Z","@version":"1","message":"Sep  9 01:38:49 honeypot-sgp-1 sshd[31738]: Disconnected from authenticating user root 92.255.85.70 port 54368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:42:35 honeypot-fra-1 sshd[25448]: Invalid user bomb from 178.22.168.219 port 47830","@timestamp":"2022-09-09T01:42:36.301Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 01:42:59 honeypot-ams-1 kernel: [83564366.695460] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.251.118.122 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=2966 PROTO=TCP SPT=51421 DPT=80 WINDOW=45172 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:42:59.464Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:48:04 honeypot-fra-1 sshd[25455]: Invalid user trixi from 157.230.179.247 port 48506","@timestamp":"2022-09-09T01:48:05.425Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 01:50:10 honeypot-ams-1 kernel: [83564797.578587] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.97 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=53857 PROTO=TCP SPT=45357 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:50:10.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:50:24 honeypot-fra-1 sshd[25457]: Disconnected from invalid user john 165.22.45.108 port 49466 [preauth]","@timestamp":"2022-09-09T01:50:25.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T01:50:48.163Z","@version":"1","message":"Sep  9 01:50:47 honeypot-sgp-1 kernel: [83564364.438336] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45155 PROTO=TCP SPT=10909 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:15.201Z","@version":"1","message":"Sep  9 01:52:14 honeypot-sgp-1 sshd[31747]: Received disconnect from 45.61.186.249 port 33876:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:32.210Z","@version":"1","message":"Sep  9 01:52:31 honeypot-sgp-1 sshd[31752]: Invalid user user from 45.61.186.249 port 56380","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:49.218Z","@version":"1","message":"Sep  9 01:52:49 honeypot-sgp-1 sshd[31756]: Invalid user user from 45.61.186.249 port 50650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:53:56.247Z","@version":"1","message":"Sep  9 01:53:55 honeypot-sgp-1 kernel: [83564552.101848] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=113.196.124.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=39959 PROTO=TCP SPT=49332 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:58:46 honeypot-fra-1 sshd[25460]: Received disconnect from 92.255.85.69 port 39804:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:58:46.690Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:06:10 honeypot-ams-1 sshd[2384]: Received disconnect from 158.69.111.17 port 47430:11: Bye Bye [preauth]","@timestamp":"2022-09-09T02:06:11.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:12:01 honeypot-fra-1 kernel: [83563959.612616] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=49098 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:12:01.988Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:17 honeypot-ams-1 sshd[2391]: Received disconnect from 198.98.61.9 port 34310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T02:12:17.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:34 honeypot-ams-1 sshd[2395]: Received disconnect from 198.98.61.9 port 57020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T02:12:35.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:49 honeypot-ams-1 sshd[2399]: Received disconnect from 198.98.61.9 port 51500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T02:12:50.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:13:08 honeypot-ams-1 sshd[2403]: Received disconnect from 198.98.61.9 port 45966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T02:13:09.257Z"}
{"@timestamp":"2022-09-09T02:13:32.724Z","@version":"1","message":"Sep  9 02:13:31 honeypot-sgp-1 sshd[32208]: Did not receive identification string from 45.61.186.49 port 46938","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:14:01.738Z","@version":"1","message":"Sep  9 02:14:01 honeypot-sgp-1 sshd[32212]: Disconnected from invalid user user 45.61.186.49 port 35668 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:14:12.744Z","@version":"1","message":"Sep  9 02:14:12 honeypot-sgp-1 sshd[32216]: Disconnected from invalid user user 45.61.186.49 port 47266 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:17:01 honeypot-ams-1 CRON[2407]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T02:17:01.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:21:33 honeypot-fra-1 sshd[25471]: Received disconnect from 92.255.85.69 port 17424:11: Bye Bye [preauth]","@timestamp":"2022-09-09T02:21:34.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T02:24:32.995Z","@version":"1","message":"Sep  9 02:24:32 honeypot-sgp-1 sshd[32225]: Received disconnect from 92.255.85.69 port 45426:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:31:06 honeypot-fra-1 kernel: [83565104.391674] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=40076 PROTO=TCP SPT=50605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:31:06.419Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:33:40 honeypot-ams-1 sshd[2414]: Disconnected from 185.100.86.74 port 38843 [preauth]","@timestamp":"2022-09-09T02:33:40.811Z"}
{"@timestamp":"2022-09-09T02:37:32.308Z","@version":"1","message":"Sep  9 02:37:31 honeypot-sgp-1 sshd[32229]: Received disconnect from 163.177.9.152 port 58806:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:37:36 honeypot-ams-1 sshd[2419]: Disconnected from invalid user grid 103.215.221.158 port 32860 [preauth]","@timestamp":"2022-09-09T02:37:36.916Z"}
{"@timestamp":"2022-09-09T02:38:11.327Z","@version":"1","message":"Sep  9 02:38:10 honeypot-sgp-1 sshd[32234]: Received disconnect from 198.98.61.9 port 55436:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:26.334Z","@version":"1","message":"Sep  9 02:38:26 honeypot-sgp-1 sshd[32238]: Received disconnect from 198.98.61.9 port 49678:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:40.340Z","@version":"1","message":"Sep  9 02:38:40 honeypot-sgp-1 sshd[32242]: Received disconnect from 198.98.61.9 port 43934:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:54.347Z","@version":"1","message":"Sep  9 02:38:54 honeypot-sgp-1 sshd[32246]: Received disconnect from 198.98.61.9 port 38180:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:39:05 honeypot-fra-1 kernel: [83565583.702649] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=20597 PROTO=TCP SPT=51231 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:39:06.598Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T02:39:35.366Z","@version":"1","message":"Sep  9 02:39:35 honeypot-sgp-1 sshd[32250]: Disconnected from authenticating user root 34.126.71.110 port 40378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:43:34.465Z","@version":"1","message":"Sep  9 02:43:34 honeypot-sgp-1 kernel: [83567530.613609] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44334 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:43:40 honeypot-ams-1 sshd[2424]: Connection closed by 180.76.173.237 port 51360 [preauth]","@timestamp":"2022-09-09T02:43:41.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:44:36 honeypot-fra-1 sshd[25486]: Received disconnect from 92.255.85.69 port 53084:11: Bye Bye [preauth]","@timestamp":"2022-09-09T02:44:36.725Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:56:13 honeypot-ams-1 sshd[2430]: Connection closed by 180.76.173.237 port 51646 [preauth]","@timestamp":"2022-09-09T02:56:14.424Z"}
{"@timestamp":"2022-09-09T02:56:16.769Z","@version":"1","message":"Sep  9 02:56:16 honeypot-sgp-1 kernel: [83568292.632194] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.29.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=4477 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T03:01:02.885Z","@version":"1","message":"Sep  9 03:01:02 honeypot-sgp-1 sshd[32262]: Disconnected from invalid user vill 96.56.221.138 port 24863 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:01:18 honeypot-ams-1 sshd[2438]: Invalid user jason from 40.114.65.77 port 55534","@timestamp":"2022-09-09T03:01:18.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:02:08 honeypot-fra-1 kernel: [83566966.708054] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=190.74.94.68 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=54864 PROTO=TCP SPT=53728 DPT=80 WINDOW=62912 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:02:09.117Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:02:45 honeypot-ams-1 sshd[2442]: Disconnected from invalid user user 45.61.186.49 port 59226 [preauth]","@timestamp":"2022-09-09T03:02:46.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:02:59 honeypot-ams-1 sshd[2446]: Disconnected from invalid user user 45.61.186.49 port 42116 [preauth]","@timestamp":"2022-09-09T03:02:59.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:04:14 honeypot-fra-1 kernel: [83567092.689761] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=113.196.124.11 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=23943 PROTO=TCP SPT=23622 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:04:15.166Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:07:32 honeypot-ams-1 kernel: [83569439.666812] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=14328 PROTO=TCP SPT=52841 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:07:32.724Z"}
{"@timestamp":"2022-09-09T03:10:31.116Z","@version":"1","message":"Sep  9 03:10:30 honeypot-sgp-1 sshd[32267]: Received disconnect from 92.255.85.70 port 36416:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:10:57 honeypot-fra-1 kernel: [83567495.233621] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3233 PROTO=TCP SPT=52403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:10:57.318Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:12:24 honeypot-ams-1 sshd[2456]: Received disconnect from 165.22.42.39 port 56106:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:12:24.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:14:23 honeypot-ams-1 sshd[2463]: Disconnected from authenticating user root 165.22.42.39 port 54938 [preauth]","@timestamp":"2022-09-09T03:14:24.909Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:15:16 honeypot-fra-1 kernel: [83567754.304715] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.186 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=52230 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:15:16.415Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T03:16:41.265Z","@version":"1","message":"Sep  9 03:16:40 honeypot-sgp-1 sshd[32272]: Invalid user vo from 147.182.169.252 port 38196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:17:01 honeypot-ams-1 CRON[2469]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T03:17:01.980Z"}
{"@timestamp":"2022-09-09T03:17:39.291Z","@version":"1","message":"Sep  9 03:17:38 honeypot-sgp-1 sshd[32277]: Disconnected from authenticating user root 128.199.247.226 port 59388 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:19:09 honeypot-ams-1 sshd[2477]: Received disconnect from 165.22.42.39 port 37924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:19:10.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:21:04 honeypot-ams-1 sshd[2481]: Received disconnect from 165.22.42.39 port 36776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:21:04.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:23:04 honeypot-ams-1 sshd[2487]: Received disconnect from 165.22.42.39 port 35606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:23:04.145Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:24:21 honeypot-fra-1 sshd[25513]: Connection closed by invalid user admin 193.106.191.157 port 47298 [preauth]","@timestamp":"2022-09-09T03:24:21.619Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:24:52 honeypot-ams-1 sshd[2492]: Invalid user oladefab from 165.22.42.39 port 34592","@timestamp":"2022-09-09T03:24:53.194Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:25:55 honeypot-ams-1 sshd[2496]: Disconnected from invalid user schoosoft 165.22.42.39 port 48136 [preauth]","@timestamp":"2022-09-09T03:25:56.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:27:50 honeypot-ams-1 sshd[2500]: Invalid user samson from 165.22.42.39 port 46980","@timestamp":"2022-09-09T03:27:50.275Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:29:41 honeypot-ams-1 sshd[2504]: Received disconnect from 165.22.42.39 port 45826:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:29:42.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:30:39 honeypot-ams-1 sshd[2509]: Received disconnect from 159.65.181.179 port 58994:11: Bye Bye [preauth]","@timestamp":"2022-09-09T03:30:39.353Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:32:25 honeypot-ams-1 sshd[2513]: Disconnected from authenticating user root 165.22.42.39 port 58224 [preauth]","@timestamp":"2022-09-09T03:32:25.397Z"}
{"@timestamp":"2022-09-09T03:32:59.655Z","@version":"1","message":"Sep  9 03:32:59 honeypot-sgp-1 kernel: [83570495.672083] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.174.70.181 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=123 ID=221 DF PROTO=TCP SPT=51986 DPT=80 WINDOW=65320 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T03:34:08.688Z","@version":"1","message":"Sep  9 03:34:08 honeypot-sgp-1 sshd[32285]: Received disconnect from 52.151.24.212 port 37790:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:34:16 honeypot-ams-1 kernel: [83571043.867845] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51159 PROTO=TCP SPT=51637 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:34:16.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:36:08 honeypot-ams-1 sshd[2523]: Received disconnect from 165.22.42.39 port 55906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:36:09.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:37:36 honeypot-fra-1 kernel: [83569094.446695] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=16876 DF PROTO=TCP SPT=53295 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:37:36.915Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:37:56 honeypot-ams-1 sshd[2527]: Disconnected from authenticating user root 165.22.42.39 port 54742 [preauth]","@timestamp":"2022-09-09T03:37:57.557Z"}
{"@timestamp":"2022-09-09T03:38:09.787Z","@version":"1","message":"Sep  9 03:38:09 honeypot-sgp-1 sshd[32290]: Received disconnect from 204.48.30.72 port 40758:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:39:41 honeypot-fra-1 sshd[25523]: Disconnected from authenticating user root 158.69.111.17 port 45908 [preauth]","@timestamp":"2022-09-09T03:39:41.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:39:50 honeypot-ams-1 sshd[2531]: Disconnected from invalid user sandbox 165.22.42.39 port 53578 [preauth]","@timestamp":"2022-09-09T03:39:51.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:41:45 honeypot-ams-1 sshd[2536]: Disconnected from invalid user ccapi 165.22.42.39 port 52424 [preauth]","@timestamp":"2022-09-09T03:41:45.656Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:41:57 honeypot-fra-1 kernel: [83569355.826032] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40868 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:41:58.019Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25538]: Invalid user ftpuser from 194.247.12.102 port 46466","@timestamp":"2022-09-09T03:43:57.065Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25534]: Invalid user centos from 194.247.12.102 port 46410","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25545]: Invalid user ubuntu from 194.247.12.102 port 46458","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25539]: Connection closed by invalid user centos 194.247.12.102 port 46402 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25543]: Connection closed by authenticating user root 194.247.12.102 port 46408 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25529]: Connection closed by invalid user oracle 194.247.12.102 port 46380 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25554]: Invalid user devops from 194.247.12.102 port 46432","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25551]: Connection closed by invalid user ubuntu 194.247.12.102 port 46450 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25549]: Connection closed by invalid user es 194.247.12.102 port 46476 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:43:57 honeypot-ams-1 sshd[2542]: Received disconnect from 185.237.14.115 port 28004:11: Bye Bye [preauth]","@timestamp":"2022-09-09T03:43:58.716Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:47:20 honeypot-fra-1 kernel: [83569678.235048] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.215.168.206 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=21890 PROTO=TCP SPT=51590 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:47:21.144Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:49:37 honeypot-ams-1 sshd[2558]: Received disconnect from 134.209.212.125 port 59794:11: Bye Bye [preauth]","@timestamp":"2022-09-09T03:49:37.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:49:59 honeypot-fra-1 sshd[25590]: Received disconnect from 220.134.113.188 port 54944:11: Bye Bye [preauth]","@timestamp":"2022-09-09T03:50:00.206Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T03:53:07.144Z","@version":"1","message":"Sep  9 03:53:06 honeypot-sgp-1 sshd[32294]: Disconnected from invalid user nag 103.70.144.140 port 45710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:54:13 honeypot-ams-1 kernel: [83572240.965584] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=59877 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:54:13.981Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:54:52 honeypot-fra-1 sshd[25596]: Invalid user user from 45.61.187.160 port 58422","@timestamp":"2022-09-09T03:54:53.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:13 honeypot-fra-1 sshd[25600]: Invalid user user from 45.61.187.160 port 53442","@timestamp":"2022-09-09T03:55:13.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:34 honeypot-fra-1 sshd[25604]: Invalid user user from 45.61.187.160 port 48472","@timestamp":"2022-09-09T03:55:34.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:52 honeypot-fra-1 sshd[25608]: Invalid user user from 45.61.187.160 port 43498","@timestamp":"2022-09-09T03:55:53.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:56:05 honeypot-ams-1 sshd[2566]: Invalid user Admin from 201.173.205.148 port 50099","@timestamp":"2022-09-09T03:56:06.032Z"}
{"@timestamp":"2022-09-09T03:57:17.249Z","@version":"1","message":"Sep  9 03:57:16 honeypot-sgp-1 sshd[32300]: Disconnected from authenticating user root 92.255.85.70 port 19072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 04:04:26 honeypot-ams-1 kernel: [83572853.573484] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50411 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:04:26.250Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:03 honeypot-fra-1 sshd[25623]: Received disconnect from 141.255.162.226 port 52596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T04:05:04.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:05 honeypot-fra-1 sshd[25627]: Received disconnect from 141.255.162.226 port 41096:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T04:05:06.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:09 honeypot-fra-1 sshd[25631]: Received disconnect from 141.255.162.226 port 57856:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T04:05:09.554Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:12 honeypot-fra-1 sshd[25635]: Received disconnect from 141.255.162.226 port 46384:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T04:05:13.556Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T04:07:39.494Z","@version":"1","message":"Sep  9 04:07:38 honeypot-sgp-1 kernel: [83572575.107352] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=43233 DF PROTO=TCP SPT=44428 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:08:11 honeypot-fra-1 sshd[25639]: Connection closed by authenticating user root 103.188.176.251 port 43938 [preauth]","@timestamp":"2022-09-09T04:08:12.626Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T04:14:25.659Z","@version":"1","message":"Sep  9 04:14:25 honeypot-sgp-1 sshd[32311]: Did not receive identification string from 152.32.142.133 port 21556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:15:28 honeypot-fra-1 sshd[25648]: Did not receive identification string from 45.61.184.204 port 33644","@timestamp":"2022-09-09T04:15:28.805Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:15:59 honeypot-fra-1 sshd[25651]: Disconnected from invalid user user 45.61.184.204 port 38536 [preauth]","@timestamp":"2022-09-09T04:15:59.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:16:18 honeypot-fra-1 sshd[25655]: Disconnected from invalid user user 45.61.184.204 port 33582 [preauth]","@timestamp":"2022-09-09T04:16:18.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:16:37 honeypot-fra-1 sshd[25659]: Disconnected from invalid user user 45.61.184.204 port 56872 [preauth]","@timestamp":"2022-09-09T04:16:37.837Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 04:16:59 honeypot-ams-1 kernel: [83573606.640658] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=174.138.61.44 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=15212 PROTO=TCP SPT=49052 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:16:59.562Z"}
{"@timestamp":"2022-09-09T04:17:26.735Z","@version":"1","message":"Sep  9 04:17:26 honeypot-sgp-1 sshd[32320]: Invalid user nieto from 202.165.17.131 port 55118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:17:46 honeypot-fra-1 sshd[25666]: Invalid user applprod from 118.212.146.44 port 40606","@timestamp":"2022-09-09T04:17:46.864Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:17:54 honeypot-ams-1 sshd[2587]: Connection closed by 180.76.173.237 port 53572 [preauth]","@timestamp":"2022-09-09T04:17:54.591Z"}
{"@timestamp":"2022-09-09T04:18:27.762Z","@version":"1","message":"Sep  9 04:18:26 honeypot-sgp-1 sshd[32324]: Disconnected from authenticating user root 161.132.209.246 port 35800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:22:23 honeypot-fra-1 kernel: [83571781.703164] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.227.97.195 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=63692 DF PROTO=TCP SPT=58790 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:22:23.965Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T04:26:32.956Z","@version":"1","message":"Sep  9 04:26:32 honeypot-sgp-1 sshd[32332]: Disconnected from authenticating user root 178.176.225.151 port 60984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T04:28:07.997Z","@version":"1","message":"Sep  9 04:28:07 honeypot-sgp-1 sshd[32336]: Received disconnect from 170.210.203.212 port 50737:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:29:58 honeypot-ams-1 sshd[2598]: Received disconnect from 61.177.173.53 port 19571:11:  [preauth]","@timestamp":"2022-09-09T04:29:58.918Z"}
{"@timestamp":"2022-09-09T04:33:25.123Z","@version":"1","message":"Sep  9 04:33:24 honeypot-sgp-1 sshd[32343]: Bad protocol version identification '' from 103.107.8.171 port 37628","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:34:17 honeypot-fra-1 sshd[25673]: Invalid user john from 165.22.45.108 port 50796","@timestamp":"2022-09-09T04:34:18.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:41:53 honeypot-fra-1 sshd[25676]: Received disconnect from 91.138.228.31 port 49384:11: Bye Bye [preauth]","@timestamp":"2022-09-09T04:41:54.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:44:15 honeypot-ams-1 sshd[2606]: Invalid user charles from 178.128.114.244 port 50424","@timestamp":"2022-09-09T04:44:16.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:48:12 honeypot-ams-1 sshd[2611]: Connection closed by 180.76.173.237 port 40152 [preauth]","@timestamp":"2022-09-09T04:48:12.417Z"}
{"@timestamp":"2022-09-09T04:48:13.475Z","@version":"1","message":"Sep  9 04:48:12 honeypot-sgp-1 sshd[32348]: Invalid user gill from 150.136.132.142 port 11032","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 04:49:13 honeypot-ams-1 kernel: [83575540.397980] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.25 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57405 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:49:13.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:49:27 honeypot-fra-1 kernel: [83573405.565909] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=174.138.61.44 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15212 PROTO=TCP SPT=48658 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:49:28.581Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:54:01 honeypot-ams-1 sshd[2622]: Invalid user admin from 220.121.250.154 port 42384","@timestamp":"2022-09-09T04:54:02.573Z"}
{"@timestamp":"2022-09-09T04:56:49.699Z","@version":"1","message":"Sep  9 04:56:48 honeypot-sgp-1 kernel: [83575525.046073] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=165.227.75.220 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=44655 PROTO=TCP SPT=59399 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:58:03 honeypot-fra-1 kernel: [83573921.129418] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.142.104 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6782 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:58:03.780Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:58:12 honeypot-ams-1 sshd[2626]: Connection closed by 154.89.5.220 port 35866 [preauth]","@timestamp":"2022-09-09T04:58:13.683Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:01:51 honeypot-fra-1 sshd[25689]: Received disconnect from 165.22.45.108 port 55730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:01:51.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 05:15:29 honeypot-ams-1 kernel: [83577116.949145] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=35737 PROTO=TCP SPT=36567 DPT=80 WINDOW=25606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:15:30.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:18:32 honeypot-ams-1 sshd[2641]: Connection closed by 180.76.173.237 port 54978 [preauth]","@timestamp":"2022-09-09T05:18:33.250Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:49 honeypot-fra-1 sshd[25696]: Did not receive identification string from 194.247.12.102 port 53724","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25711]: Invalid user ansible from 194.247.12.102 port 56498","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25719]: Invalid user hadoop from 194.247.12.102 port 56434","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25717]: Invalid user ftpuser from 194.247.12.102 port 56454","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25700]: Invalid user testuser from 194.247.12.102 port 56474","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25704]: Connection closed by invalid user vagrant 194.247.12.102 port 56464 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25697]: Connection closed by invalid user elasticsearch 194.247.12.102 port 56496 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25720]: Connection closed by invalid user oracle 194.247.12.102 port 56472 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25700]: Connection closed by invalid user testuser 194.247.12.102 port 56474 [preauth]","@timestamp":"2022-09-09T05:23:50.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25701]: Connection closed by invalid user ubuntu 194.247.12.102 port 56520 [preauth]","@timestamp":"2022-09-09T05:23:50.379Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T05:26:09.403Z","@version":"1","message":"Sep  9 05:26:08 honeypot-sgp-1 sshd[32358]: Received disconnect from 138.94.75.17 port 33626:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 05:29:16 honeypot-ams-1 kernel: [83577944.348081] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.203.56.0 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58476 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:29:17.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:29:18 honeypot-fra-1 sshd[25758]: Invalid user john from 165.22.45.108 port 60652","@timestamp":"2022-09-09T05:29:18.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:32:06 honeypot-fra-1 sshd[25760]: Disconnected from authenticating user root 191.185.66.134 port 35134 [preauth]","@timestamp":"2022-09-09T05:32:07.573Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T05:32:35.556Z","@version":"1","message":"Sep  9 05:32:34 honeypot-sgp-1 sshd[32361]: Disconnected from invalid user jason 121.7.31.13 port 8889 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:37:52 honeypot-ams-1 sshd[2659]: Invalid user user from 45.61.187.160 port 60416","@timestamp":"2022-09-09T05:37:52.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:12 honeypot-ams-1 sshd[2663]: Invalid user user from 45.61.187.160 port 55520","@timestamp":"2022-09-09T05:38:12.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:30 honeypot-ams-1 sshd[2667]: Invalid user user from 45.61.187.160 port 50628","@timestamp":"2022-09-09T05:38:30.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:47 honeypot-ams-1 sshd[2671]: Invalid user user from 45.61.187.160 port 45738","@timestamp":"2022-09-09T05:38:47.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:40:11 honeypot-ams-1 sshd[2674]: Disconnected from authenticating user root 61.177.173.49 port 47428 [preauth]","@timestamp":"2022-09-09T05:40:11.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:41:28 honeypot-ams-1 sshd[2679]: Disconnected from invalid user admin 80.76.51.43 port 35314 [preauth]","@timestamp":"2022-09-09T05:41:28.852Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:41:46 honeypot-fra-1 sshd[25765]: Connection closed by 119.240.188.148 port 60428 [preauth]","@timestamp":"2022-09-09T05:41:46.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:42:11 honeypot-ams-1 sshd[2687]: Received disconnect from 80.76.51.43 port 50242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:42:11.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:42:53 honeypot-ams-1 sshd[2695]: Received disconnect from 80.76.51.43 port 37046:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:42:53.896Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:43:35 honeypot-ams-1 sshd[2701]: Received disconnect from 80.76.51.43 port 52064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:43:35.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:44:03 honeypot-ams-1 sshd[2705]: Received disconnect from 80.76.51.43 port 52684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:44:03.932Z"}
{"@timestamp":"2022-09-09T05:46:28.884Z","@version":"1","message":"Sep  9 05:46:28 honeypot-sgp-1 kernel: [83578504.373426] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9498 PROTO=TCP SPT=57070 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:47:32.913Z","@version":"1","message":"Sep  9 05:47:32 honeypot-sgp-1 sshd[32370]: Received disconnect from 45.61.184.204 port 53802:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:47:51.922Z","@version":"1","message":"Sep  9 05:47:51 honeypot-sgp-1 sshd[32374]: Received disconnect from 45.61.184.204 port 48798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:48:10.932Z","@version":"1","message":"Sep  9 05:48:10 honeypot-sgp-1 sshd[32378]: Received disconnect from 45.61.184.204 port 43796:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:48:15 honeypot-ams-1 sshd[2711]: Disconnected from invalid user user 45.61.187.160 port 44752 [preauth]","@timestamp":"2022-09-09T05:48:16.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:48:35 honeypot-ams-1 sshd[2715]: Disconnected from invalid user user 45.61.187.160 port 39690 [preauth]","@timestamp":"2022-09-09T05:48:36.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:48:53 honeypot-ams-1 sshd[2721]: Disconnected from invalid user user 45.61.187.160 port 34660 [preauth]","@timestamp":"2022-09-09T05:48:54.062Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:49:11 honeypot-ams-1 sshd[2725]: Disconnected from invalid user user 45.61.187.160 port 57850 [preauth]","@timestamp":"2022-09-09T05:49:12.073Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:51:10 honeypot-fra-1 kernel: [83577107.781690] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.93.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53264 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:51:11.010Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T05:55:37.109Z","@version":"1","message":"Sep  9 05:55:36 honeypot-sgp-1 kernel: [83579053.060869] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.162.210.95 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60057 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:10.148Z","@version":"1","message":"Sep  9 05:57:10 honeypot-sgp-1 sshd[32386]: Disconnected from invalid user user 141.255.162.226 port 53112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:12.149Z","@version":"1","message":"Sep  9 05:57:11 honeypot-sgp-1 sshd[32390]: Disconnected from invalid user user 141.255.162.226 port 39878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:15.152Z","@version":"1","message":"Sep  9 05:57:14 honeypot-sgp-1 sshd[32394]: Disconnected from invalid user user 141.255.162.226 port 47386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:19.154Z","@version":"1","message":"Sep  9 05:57:18 honeypot-sgp-1 sshd[32398]: Disconnected from invalid user user 141.255.162.226 port 41678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:59:16.204Z","@version":"1","message":"Sep  9 05:59:15 honeypot-sgp-1 sshd[32404]: Received disconnect from 64.225.43.245 port 50374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:01:01 honeypot-fra-1 kernel: [83577699.536583] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=15219 PROTO=TCP SPT=43204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:01:02.230Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T06:01:36.262Z","@version":"1","message":"Sep  9 06:01:35 honeypot-sgp-1 sshd[32411]: Received disconnect from 64.225.43.245 port 34522:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:02:41 honeypot-ams-1 sshd[2732]: Invalid user admin from 193.106.191.157 port 59690","@timestamp":"2022-09-09T06:02:42.421Z"}
{"@timestamp":"2022-09-09T06:03:17.306Z","@version":"1","message":"Sep  9 06:03:17 honeypot-sgp-1 sshd[32417]: Did not receive identification string from 45.61.186.49 port 50602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:03:37.315Z","@version":"1","message":"Sep  9 06:03:36 honeypot-sgp-1 sshd[32420]: Disconnected from invalid user user 45.61.186.49 port 33862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:03:46.321Z","@version":"1","message":"Sep  9 06:03:46 honeypot-sgp-1 sshd[32424]: Disconnected from invalid user user 45.61.186.49 port 45508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:05:28.367Z","@version":"1","message":"Sep  9 06:05:27 honeypot-sgp-1 sshd[32430]: Received disconnect from 64.225.43.245 port 45800:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:05:52 honeypot-fra-1 kernel: [83577989.777914] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.85.8 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=51448 DF PROTO=TCP SPT=64821 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:05:52.339Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:06:30 honeypot-ams-1 sshd[2740]: Connection closed by invalid user  152.32.154.27 port 41444 [preauth]","@timestamp":"2022-09-09T06:06:30.523Z"}
{"@timestamp":"2022-09-09T06:07:02.408Z","@version":"1","message":"Sep  9 06:07:02 honeypot-sgp-1 sshd[32435]: Received disconnect from 64.225.43.245 port 44640:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:08:37.448Z","@version":"1","message":"Sep  9 06:08:36 honeypot-sgp-1 sshd[32439]: Received disconnect from 64.225.43.245 port 43482:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 06:09:19 honeypot-ams-1 kernel: [83580347.123146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.227.19.149 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=47782 PROTO=TCP SPT=13897 DPT=443 WINDOW=21281 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:09:20.598Z"}
{"@timestamp":"2022-09-09T06:10:12.489Z","@version":"1","message":"Sep  9 06:10:11 honeypot-sgp-1 sshd[32443]: Received disconnect from 64.225.43.245 port 42320:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:11:45.529Z","@version":"1","message":"Sep  9 06:11:45 honeypot-sgp-1 sshd[32448]: Disconnected from invalid user dev 64.225.43.245 port 41160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:13:08 honeypot-fra-1 kernel: [83578426.299334] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=56257 DF PROTO=TCP SPT=57281 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:13:09.507Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T06:13:19.571Z","@version":"1","message":"Sep  9 06:13:19 honeypot-sgp-1 sshd[32452]: Invalid user startupclerk from 64.225.43.245 port 39996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:14:53.612Z","@version":"1","message":"Sep  9 06:14:52 honeypot-sgp-1 sshd[32456]: Invalid user plandevac from 64.225.43.245 port 38836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:16:25.652Z","@version":"1","message":"Sep  9 06:16:25 honeypot-sgp-1 sshd[32460]: Invalid user schoosoft_dev from 64.225.43.245 port 37676","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:17:12.675Z","@version":"1","message":"Sep  9 06:17:12 honeypot-sgp-1 sshd[32466]: Received disconnect from 64.225.43.245 port 51212:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:18:07 honeypot-ams-1 sshd[2759]: Disconnected from authenticating user root 58.27.95.2 port 48220 [preauth]","@timestamp":"2022-09-09T06:18:07.822Z"}
{"@timestamp":"2022-09-09T06:18:47.715Z","@version":"1","message":"Sep  9 06:18:47 honeypot-sgp-1 sshd[32470]: Disconnected from authenticating user root 64.225.43.245 port 50052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:20:25.757Z","@version":"1","message":"Sep  9 06:20:25 honeypot-sgp-1 sshd[32474]: Disconnected from invalid user sandbox 64.225.43.245 port 48890 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:20:30 honeypot-fra-1 sshd[25788]: Connection closed by invalid user tester 141.98.10.158 port 52060 [preauth]","@timestamp":"2022-09-09T06:20:31.674Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:20:59 honeypot-ams-1 sshd[2764]: Disconnected from authenticating user root 104.131.33.117 port 56706 [preauth]","@timestamp":"2022-09-09T06:20:59.903Z"}
{"@timestamp":"2022-09-09T06:22:00.801Z","@version":"1","message":"Sep  9 06:22:00 honeypot-sgp-1 sshd[32481]: Invalid user ccapi from 64.225.43.245 port 47732","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:23:34.841Z","@version":"1","message":"Sep  9 06:23:34 honeypot-sgp-1 sshd[32486]: Disconnected from authenticating user root 64.225.43.245 port 46572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:23:51 honeypot-ams-1 sshd[2771]: Disconnected from authenticating user root 186.233.210.86 port 37156 [preauth]","@timestamp":"2022-09-09T06:23:51.978Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:25:01 honeypot-fra-1 CRON[25793]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T06:25:01.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:32:38 honeypot-fra-1 kernel: [83579596.446287] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.145.83 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=16003 PROTO=TCP SPT=5801 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:32:38.949Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 06:33:29 honeypot-ams-1 kernel: [83581797.318343] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.84.199.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=3539 PROTO=TCP SPT=52260 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:33:30.228Z"}
{"@timestamp":"2022-09-09T06:36:22.157Z","@version":"1","message":"Sep  9 06:36:21 honeypot-sgp-1 sshd[32637]: Received disconnect from 213.190.4.147 port 48998:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:40:06 honeypot-ams-1 sshd[2952]: Connection closed by invalid user user1 103.188.176.251 port 51194 [preauth]","@timestamp":"2022-09-09T06:40:06.400Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:19 honeypot-fra-1 sshd[26029]: Invalid user ansible from 43.138.54.131 port 38870","@timestamp":"2022-09-09T06:40:20.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:20 honeypot-fra-1 sshd[26035]: Connection closed by invalid user jenkins 43.138.54.131 port 38834 [preauth]","@timestamp":"2022-09-09T06:40:21.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:23 honeypot-fra-1 sshd[26041]: Connection closed by invalid user postgres 43.138.54.131 port 38818 [preauth]","@timestamp":"2022-09-09T06:40:24.123Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:27 honeypot-fra-1 sshd[26046]: Connection closed by invalid user steam 43.138.54.131 port 38856 [preauth]","@timestamp":"2022-09-09T06:40:28.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:35 honeypot-fra-1 sshd[26056]: Invalid user devops from 43.138.54.131 port 38890","@timestamp":"2022-09-09T06:40:35.130Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:35 honeypot-fra-1 sshd[26057]: Connection closed by invalid user ts3srv 43.138.54.131 port 38824 [preauth]","@timestamp":"2022-09-09T06:40:36.130Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:51 honeypot-fra-1 sshd[26064]: Connection closed by invalid user test 43.138.54.131 port 38850 [preauth]","@timestamp":"2022-09-09T06:40:52.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:40:59.275Z","@version":"1","message":"Sep  9 06:40:59 honeypot-sgp-1 sshd[32639]: Disconnected from authenticating user root 133.130.103.212 port 37746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:14 honeypot-ams-1 sshd[2959]: Received disconnect from 45.61.186.169 port 50616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:41:15.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:32 honeypot-ams-1 sshd[2963]: Received disconnect from 45.61.186.169 port 46088:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:41:32.443Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:40 honeypot-ams-1 sshd[2967]: Disconnected from invalid user user 45.61.186.169 port 57942 [preauth]","@timestamp":"2022-09-09T06:41:41.448Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:41:45 honeypot-fra-1 sshd[26071]: Received disconnect from 46.101.31.237 port 58700:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:41:46.160Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:56 honeypot-ams-1 sshd[2971]: Disconnected from invalid user user 45.61.186.169 port 53414 [preauth]","@timestamp":"2022-09-09T06:41:57.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:42:40 honeypot-ams-1 sshd[2975]: Disconnected from invalid user rt 139.59.14.1 port 53580 [preauth]","@timestamp":"2022-09-09T06:42:40.477Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:44:11 honeypot-ams-1 sshd[2982]: Received disconnect from 178.128.184.213 port 45836:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:44:11.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26092]: Invalid user testuser from 20.115.2.51 port 48114","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26092]: Connection closed by invalid user testuser 20.115.2.51 port 48114 [preauth]","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26101]: Invalid user user from 20.115.2.51 port 48018","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26104]: Invalid user vagrant from 20.115.2.51 port 48104","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26093]: Invalid user admin from 20.115.2.51 port 48072","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26100]: Connection closed by invalid user ubuntu 20.115.2.51 port 48028 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26087]: Connection closed by invalid user mysql 20.115.2.51 port 48092 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26084]: Connection closed by invalid user elastic 20.115.2.51 port 48030 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26093]: Connection closed by invalid user admin 20.115.2.51 port 48072 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26101]: Connection closed by invalid user user 20.115.2.51 port 48018 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:49:42 honeypot-fra-1 sshd[26139]: Received disconnect from 45.61.187.160 port 54608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:49:43.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:49:44.493Z","@version":"1","message":"Sep  9 06:49:44 honeypot-sgp-1 sshd[32742]: Received disconnect from 144.126.215.161 port 52796:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:00 honeypot-fra-1 sshd[26144]: Invalid user user from 45.61.187.160 port 50030","@timestamp":"2022-09-09T06:50:01.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:16 honeypot-fra-1 sshd[26148]: Invalid user user from 141.255.162.226 port 57906","@timestamp":"2022-09-09T06:50:17.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:18 honeypot-fra-1 sshd[26152]: Invalid user user from 45.61.187.160 port 45466","@timestamp":"2022-09-09T06:50:18.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:20 honeypot-fra-1 sshd[26156]: Invalid user user from 141.255.162.226 port 59232","@timestamp":"2022-09-09T06:50:20.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:24 honeypot-fra-1 sshd[26160]: Invalid user user from 141.255.162.226 port 45778","@timestamp":"2022-09-09T06:50:24.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:52:04 honeypot-fra-1 sshd[26165]: Invalid user jolena from 165.22.45.108 port 47242","@timestamp":"2022-09-09T06:52:04.403Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:52:05 honeypot-ams-1 sshd[3094]: Connection closed by 180.76.173.237 port 57164 [preauth]","@timestamp":"2022-09-09T06:52:05.720Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:58:23 honeypot-fra-1 kernel: [83581140.622333] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=182.254.225.35 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=56201 DF PROTO=TCP SPT=33482 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:58:23.547Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T07:00:22.759Z","@version":"1","message":"Sep  9 07:00:21 honeypot-sgp-1 sshd[32750]: Did not receive identification string from 141.255.162.226 port 48428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:00:42.770Z","@version":"1","message":"Sep  9 07:00:42 honeypot-sgp-1 sshd[32754]: Disconnected from invalid user user 141.255.162.226 port 45648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:00:46.772Z","@version":"1","message":"Sep  9 07:00:45 honeypot-sgp-1 sshd[32758]: Disconnected from invalid user user 141.255.162.226 port 60550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:02:13.810Z","@version":"1","message":"Sep  9 07:02:13 honeypot-sgp-1 kernel: [83583049.534463] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=34421 DF PROTO=TCP SPT=56924 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:02:59 honeypot-ams-1 sshd[3102]: Disconnected from 61.177.172.124 port 49147 [preauth]","@timestamp":"2022-09-09T07:03:00.001Z"}
{"@timestamp":"2022-09-09T07:10:04.008Z","@version":"1","message":"Sep  9 07:10:03 honeypot-sgp-1 sshd[302]: Received disconnect from 46.101.220.193 port 44406:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:10:25.019Z","@version":"1","message":"Sep  9 07:10:24 honeypot-sgp-1 sshd[306]: Disconnected from invalid user teamspeak3 221.193.248.166 port 46896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:14:37 honeypot-ams-1 sshd[3111]: Received disconnect from 45.61.186.169 port 54540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:14:38.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:14:55 honeypot-ams-1 sshd[3116]: Received disconnect from 45.61.186.169 port 49916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:14:56.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:15:12 honeypot-ams-1 sshd[3120]: Received disconnect from 45.61.186.169 port 45284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:15:13.322Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:15:28 honeypot-ams-1 sshd[3125]: Received disconnect from 45.61.186.169 port 40718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:15:29.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:17:01 honeypot-fra-1 CRON[26177]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T07:17:01.958Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T07:17:02.183Z","@version":"1","message":"Sep  9 07:17:01 honeypot-sgp-1 CRON[313]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:34.198Z","@version":"1","message":"Sep  9 07:17:33 honeypot-sgp-1 sshd[319]: Received disconnect from 141.255.162.226 port 34256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:40.202Z","@version":"1","message":"Sep  9 07:17:39 honeypot-sgp-1 sshd[325]: Received disconnect from 141.255.162.226 port 35864:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:42.203Z","@version":"1","message":"Sep  9 07:17:42 honeypot-sgp-1 sshd[329]: Invalid user user from 141.255.162.226 port 41714","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:23:02 honeypot-ams-1 kernel: [83584769.905962] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=44939 PROTO=TCP SPT=47736 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:23:03.529Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:00 honeypot-ams-1 sshd[3140]: Received disconnect from 45.61.187.160 port 44594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:24:00.556Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:08 honeypot-ams-1 sshd[3144]: Received disconnect from 45.61.187.160 port 55820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:24:09.562Z"}
{"@timestamp":"2022-09-09T07:24:26.370Z","@version":"1","message":"Sep  9 07:24:26 honeypot-sgp-1 sshd[337]: Invalid user user from 45.61.186.169 port 51576","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:25 honeypot-ams-1 sshd[3148]: Received disconnect from 45.61.187.160 port 50070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:24:26.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:41 honeypot-ams-1 sshd[3153]: Received disconnect from 45.61.187.160 port 44292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:24:42.579Z"}
{"@timestamp":"2022-09-09T07:24:45.403Z","@version":"1","message":"Sep  9 07:24:44 honeypot-sgp-1 sshd[341]: Invalid user user from 45.61.186.169 port 46806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:25:02.411Z","@version":"1","message":"Sep  9 07:25:02 honeypot-sgp-1 sshd[345]: Invalid user user from 45.61.186.169 port 42014","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:25:20.420Z","@version":"1","message":"Sep  9 07:25:19 honeypot-sgp-1 sshd[349]: Invalid user user from 45.61.186.169 port 37248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:26:05 honeypot-fra-1 kernel: [83582803.335499] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=58421 PROTO=TCP SPT=18549 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:26:06.157Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:27:23 honeypot-ams-1 sshd[3160]: Connection closed by 180.76.173.237 port 58008 [preauth]","@timestamp":"2022-09-09T07:27:23.649Z"}
{"@timestamp":"2022-09-09T07:31:38.573Z","@version":"1","message":"Sep  9 07:31:37 honeypot-sgp-1 sshd[352]: Disconnected from authenticating user root 20.163.60.255 port 48930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:32:36 honeypot-ams-1 sshd[3172]: Received disconnect from 61.177.173.51 port 34044:11:  [preauth]","@timestamp":"2022-09-09T07:32:36.785Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:32:53 honeypot-fra-1 sshd[26189]: Invalid user nick from 51.210.108.253 port 38662","@timestamp":"2022-09-09T07:32:53.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:37:45 honeypot-fra-1 sshd[26194]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-09T07:37:45.417Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:37:57 honeypot-ams-1 sshd[3181]: Bad protocol version identification 'GET / HTTP/1.1' from 124.223.156.79 port 59428","@timestamp":"2022-09-09T07:37:57.927Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:42:00 honeypot-ams-1 sshd[3191]: Invalid user fujino from 52.140.126.117 port 39182","@timestamp":"2022-09-09T07:42:01.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:44:25 honeypot-ams-1 sshd[3195]: Disconnected from authenticating user root 105.28.108.165 port 60700 [preauth]","@timestamp":"2022-09-09T07:44:26.119Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:45:09 honeypot-fra-1 sshd[26201]: Received disconnect from 179.43.156.143 port 40842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:45:09.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:46:22 honeypot-fra-1 sshd[26205]: Disconnected from authenticating user root 179.43.156.143 port 32928 [preauth]","@timestamp":"2022-09-09T07:46:22.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:47:36 honeypot-fra-1 sshd[26211]: Invalid user nutanix from 179.43.156.143 port 53290","@timestamp":"2022-09-09T07:47:37.645Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:48:54 honeypot-fra-1 sshd[26216]: Invalid user nfsnobod from 179.43.156.143 port 45476","@timestamp":"2022-09-09T07:48:54.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:49:14 honeypot-ams-1 kernel: [83586341.925365] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.194.196 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60839 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:49:15.248Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:50:09 honeypot-fra-1 sshd[26220]: Disconnected from authenticating user root 179.43.156.143 port 37628 [preauth]","@timestamp":"2022-09-09T07:50:10.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:52:05 honeypot-fra-1 sshd[26226]: Disconnected from authenticating user root 179.43.156.143 port 54114 [preauth]","@timestamp":"2022-09-09T07:52:06.752Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T07:52:51.097Z","@version":"1","message":"Sep  9 07:52:51 honeypot-sgp-1 sshd[360]: Received disconnect from 103.42.57.139 port 45702:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:53:12 honeypot-ams-1 sshd[3205]: Invalid user tukituki from 35.224.2.98 port 51196","@timestamp":"2022-09-09T07:53:12.355Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:54:51 honeypot-ams-1 kernel: [83586678.425843] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:54:51.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:56:58 honeypot-fra-1 kernel: [83584655.765324] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:56:58.864Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T07:57:16.205Z","@version":"1","message":"Sep  9 07:57:15 honeypot-sgp-1 sshd[364]: Received disconnect from 89.163.178.15 port 48658:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:57:41 honeypot-ams-1 kernel: [83586849.156064] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=25436 DF PROTO=TCP SPT=50061 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:57:42.489Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:03:03 honeypot-fra-1 kernel: [83585020.350161] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=5473 PROTO=TCP SPT=24265 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:03:04.005Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:05:06 honeypot-ams-1 sshd[3214]: Received disconnect from 61.177.173.49 port 56560:11:  [preauth]","@timestamp":"2022-09-09T08:05:06.678Z"}
{"@timestamp":"2022-09-09T08:10:08.513Z","@version":"1","message":"Sep  9 08:10:07 honeypot-sgp-1 kernel: [83587123.903228] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=32029 DF PROTO=TCP SPT=59357 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 08:13:48 honeypot-ams-1 kernel: [83587816.247979] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=40212 DF PROTO=TCP SPT=50955 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:13:49.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:15:59 honeypot-fra-1 sshd[26264]: Received disconnect from 165.22.45.108 port 33852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T08:15:59.296Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:17:48 honeypot-fra-1 kernel: [83585905.998151] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.92.32.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=17285 PROTO=TCP SPT=51466 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:17:49.342Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:21:23 honeypot-ams-1 sshd[3232]: Invalid user lisa from 143.244.154.61 port 52470","@timestamp":"2022-09-09T08:21:24.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:26:10 honeypot-ams-1 sshd[3257]: Received disconnect from 164.155.120.94 port 38844:11: Bye Bye [preauth]","@timestamp":"2022-09-09T08:26:11.229Z"}
{"@timestamp":"2022-09-09T08:30:35.008Z","@version":"1","message":"Sep  9 08:30:34 honeypot-sgp-1 kernel: [83588350.402831] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=33943 PROTO=TCP SPT=52219 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:33:40.085Z","@version":"1","message":"Sep  9 08:33:39 honeypot-sgp-1 sshd[400]: Disconnected from authenticating user root 143.244.158.100 port 60618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:34:54 honeypot-fra-1 sshd[26275]: Received disconnect from 119.65.149.106 port 35088:11: Bye Bye [preauth]","@timestamp":"2022-09-09T08:34:54.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T08:35:34.136Z","@version":"1","message":"Sep  9 08:35:34 honeypot-sgp-1 sshd[406]: Disconnected from authenticating user root 143.244.158.100 port 44022 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:38:21.206Z","@version":"1","message":"Sep  9 08:38:20 honeypot-sgp-1 sshd[413]: Disconnected from authenticating user root 143.244.158.100 port 60542 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:39:03 honeypot-ams-1 sshd[3268]: Disconnected from authenticating user root 61.177.173.46 port 41895 [preauth]","@timestamp":"2022-09-09T08:39:03.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:40:24 honeypot-fra-1 kernel: [83587261.567924] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.85.8 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=63272 DF PROTO=TCP SPT=60204 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:40:24.854Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T08:41:05.276Z","@version":"1","message":"Sep  9 08:41:04 honeypot-sgp-1 sshd[421]: Disconnected from authenticating user root 143.244.158.100 port 43426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:06 honeypot-ams-1 sshd[3273]: Received disconnect from 198.98.61.9 port 33332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T08:43:06.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:21 honeypot-ams-1 sshd[3277]: Received disconnect from 198.98.61.9 port 55274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T08:43:21.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:39 honeypot-ams-1 sshd[3281]: Received disconnect from 198.98.61.9 port 48984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T08:43:40.684Z"}
{"@timestamp":"2022-09-09T08:43:49.346Z","@version":"1","message":"Sep  9 08:43:48 honeypot-sgp-1 sshd[429]: Disconnected from authenticating user root 143.244.158.100 port 45606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:44:51 honeypot-fra-1 sshd[26281]: Received disconnect from 165.22.45.108 port 38828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T08:44:51.955Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T08:46:32.414Z","@version":"1","message":"Sep  9 08:46:31 honeypot-sgp-1 sshd[437]: Disconnected from authenticating user root 143.244.158.100 port 37900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:47:13 honeypot-ams-1 sshd[3286]: Received disconnect from 61.177.173.50 port 54320:11:  [preauth]","@timestamp":"2022-09-09T08:47:13.773Z"}
{"@timestamp":"2022-09-09T08:49:02.479Z","@version":"1","message":"Sep  9 08:49:02 honeypot-sgp-1 kernel: [83589458.375168] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.193 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34855 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:50:11.510Z","@version":"1","message":"Sep  9 08:50:11 honeypot-sgp-1 sshd[447]: Disconnected from authenticating user root 143.244.158.100 port 41768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:52:38.574Z","@version":"1","message":"Sep  9 08:52:37 honeypot-sgp-1 sshd[454]: Received disconnect from 45.134.173.95 port 54378:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:53:49.604Z","@version":"1","message":"Sep  9 08:53:49 honeypot-sgp-1 sshd[461]: Received disconnect from 143.244.158.100 port 37202:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 08:54:33 honeypot-ams-1 kernel: [83590260.677414] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.58.107.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=42177 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:54:33.962Z"}
{"@timestamp":"2022-09-09T08:55:36.650Z","@version":"1","message":"Sep  9 08:55:35 honeypot-sgp-1 sshd[465]: Disconnected from authenticating user root 143.244.158.100 port 56374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:58:27.722Z","@version":"1","message":"Sep  9 08:58:27 honeypot-sgp-1 sshd[471]: Disconnected from authenticating user root 143.244.158.100 port 48464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:01:15.792Z","@version":"1","message":"Sep  9 09:01:15 honeypot-sgp-1 sshd[478]: Disconnected from authenticating user root 143.244.158.100 port 47170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:02:11 honeypot-ams-1 sshd[3298]: Received disconnect from 51.250.21.73 port 33242:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:02:12.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:03:59 honeypot-ams-1 sshd[3303]: Received disconnect from 61.177.173.46 port 36104:11:  [preauth]","@timestamp":"2022-09-09T09:04:00.212Z"}
{"@timestamp":"2022-09-09T09:04:00.862Z","@version":"1","message":"Sep  9 09:04:00 honeypot-sgp-1 sshd[485]: Received disconnect from 143.244.158.100 port 59576:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:06:44.929Z","@version":"1","message":"Sep  9 09:06:44 honeypot-sgp-1 sshd[492]: Received disconnect from 143.244.158.100 port 36674:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:08:34.975Z","@version":"1","message":"Sep  9 09:08:34 honeypot-sgp-1 sshd[498]: Disconnected from authenticating user root 143.244.158.100 port 44170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:08:52 honeypot-fra-1 sshd[26300]: Did not receive identification string from 45.61.186.169 port 59614","@timestamp":"2022-09-09T09:08:52.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:09:35 honeypot-fra-1 sshd[26303]: Disconnected from invalid user user 45.61.186.169 port 46482 [preauth]","@timestamp":"2022-09-09T09:09:36.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:09:52 honeypot-fra-1 sshd[26307]: Disconnected from invalid user user 45.61.186.169 port 41402 [preauth]","@timestamp":"2022-09-09T09:09:53.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:10:08 honeypot-fra-1 sshd[26312]: Disconnected from invalid user user 45.61.186.169 port 36318 [preauth]","@timestamp":"2022-09-09T09:10:09.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T09:11:24.042Z","@version":"1","message":"Sep  9 09:11:23 honeypot-sgp-1 sshd[505]: Disconnected from authenticating user root 143.244.158.100 port 49222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:13:35 honeypot-fra-1 sshd[26318]: Disconnected from invalid user joomla 165.22.45.108 port 43784 [preauth]","@timestamp":"2022-09-09T09:13:35.603Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:13:43 honeypot-ams-1 sshd[3311]: Disconnected from authenticating user root 61.177.173.39 port 32246 [preauth]","@timestamp":"2022-09-09T09:13:44.464Z"}
{"@timestamp":"2022-09-09T09:14:12.110Z","@version":"1","message":"Sep  9 09:14:11 honeypot-sgp-1 sshd[511]: Disconnected from authenticating user root 143.244.158.100 port 44450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:16:55.175Z","@version":"1","message":"Sep  9 09:16:54 honeypot-sgp-1 sshd[518]: Disconnected from authenticating user root 143.244.158.100 port 35940 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:17:01 honeypot-ams-1 CRON[3316]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T09:17:01.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:17:38 honeypot-ams-1 sshd[3324]: Invalid user test from 80.76.51.43 port 42492","@timestamp":"2022-09-09T09:17:38.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:18:06 honeypot-ams-1 sshd[3328]: Disconnected from authenticating user root 80.76.51.43 port 45810 [preauth]","@timestamp":"2022-09-09T09:18:07.592Z"}
{"@timestamp":"2022-09-09T09:18:46.222Z","@version":"1","message":"Sep  9 09:18:45 honeypot-sgp-1 sshd[525]: Disconnected from authenticating user root 143.244.158.100 port 35158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:18:48 honeypot-ams-1 sshd[3334]: Received disconnect from 80.76.51.43 port 36522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:18:48.614Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:19:30 honeypot-ams-1 sshd[3340]: Received disconnect from 80.76.51.43 port 55606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:19:30.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:19:58 honeypot-ams-1 sshd[3344]: Received disconnect from 80.76.51.43 port 58776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:19:58.651Z"}
{"@timestamp":"2022-09-09T09:21:32.290Z","@version":"1","message":"Sep  9 09:21:31 honeypot-sgp-1 sshd[532]: Received disconnect from 143.244.158.100 port 39396:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:23:16 honeypot-fra-1 kernel: [83589833.762985] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56631 PROTO=TCP SPT=10320 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:23:16.826Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:23 honeypot-ams-1 sshd[3351]: Received disconnect from 88.149.195.109 port 45308:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:23.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:24 honeypot-ams-1 sshd[3355]: Disconnected from invalid user ubnt 88.149.195.109 port 45360 [preauth]","@timestamp":"2022-09-09T09:25:24.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:25 honeypot-ams-1 sshd[3361]: Disconnected from authenticating user root 88.149.195.109 port 45446 [preauth]","@timestamp":"2022-09-09T09:25:25.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:26 honeypot-ams-1 sshd[3367]: Disconnected from authenticating user root 88.149.195.109 port 45538 [preauth]","@timestamp":"2022-09-09T09:25:26.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:27 honeypot-ams-1 sshd[3373]: Disconnected from authenticating user root 88.149.195.109 port 45610 [preauth]","@timestamp":"2022-09-09T09:25:27.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:28 honeypot-ams-1 sshd[3379]: Disconnected from authenticating user root 88.149.195.109 port 45686 [preauth]","@timestamp":"2022-09-09T09:25:29.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:30 honeypot-ams-1 sshd[3385]: Disconnected from authenticating user root 88.149.195.109 port 45752 [preauth]","@timestamp":"2022-09-09T09:25:30.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:31 honeypot-ams-1 sshd[3391]: Disconnected from authenticating user root 88.149.195.109 port 45844 [preauth]","@timestamp":"2022-09-09T09:25:31.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:32 honeypot-ams-1 sshd[3397]: Disconnected from authenticating user root 88.149.195.109 port 45926 [preauth]","@timestamp":"2022-09-09T09:25:32.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:33 honeypot-ams-1 sshd[3403]: Disconnected from authenticating user root 88.149.195.109 port 46002 [preauth]","@timestamp":"2022-09-09T09:25:33.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:34 honeypot-ams-1 sshd[3409]: Disconnected from authenticating user root 88.149.195.109 port 46048 [preauth]","@timestamp":"2022-09-09T09:25:34.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:35 honeypot-ams-1 sshd[3415]: Disconnected from authenticating user root 88.149.195.109 port 46126 [preauth]","@timestamp":"2022-09-09T09:25:35.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:36 honeypot-ams-1 sshd[3421]: Disconnected from authenticating user root 88.149.195.109 port 46206 [preauth]","@timestamp":"2022-09-09T09:25:36.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:37 honeypot-ams-1 sshd[3425]: Disconnected from invalid user admin 88.149.195.109 port 46250 [preauth]","@timestamp":"2022-09-09T09:25:37.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:38 honeypot-ams-1 sshd[3429]: Disconnected from invalid user admin 88.149.195.109 port 46310 [preauth]","@timestamp":"2022-09-09T09:25:38.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:38 honeypot-ams-1 sshd[3433]: Disconnected from invalid user admin 88.149.195.109 port 46370 [preauth]","@timestamp":"2022-09-09T09:25:39.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:39 honeypot-ams-1 sshd[3437]: Disconnected from invalid user admin 88.149.195.109 port 46410 [preauth]","@timestamp":"2022-09-09T09:25:39.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:40 honeypot-ams-1 sshd[3441]: Disconnected from invalid user admin 88.149.195.109 port 46440 [preauth]","@timestamp":"2022-09-09T09:25:40.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:41 honeypot-ams-1 sshd[3447]: Received disconnect from 88.149.195.109 port 46536:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:41.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:43 honeypot-ams-1 sshd[3451]: Received disconnect from 88.149.195.109 port 46636:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:43.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:44 honeypot-ams-1 sshd[3455]: Received disconnect from 88.149.195.109 port 46676:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:44.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:45 honeypot-ams-1 sshd[3459]: Received disconnect from 88.149.195.109 port 46748:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:45.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:46 honeypot-ams-1 sshd[3463]: Received disconnect from 88.149.195.109 port 46810:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:46.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:46 honeypot-ams-1 sshd[3467]: Received disconnect from 88.149.195.109 port 46856:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:47.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:47 honeypot-ams-1 sshd[3471]: Received disconnect from 88.149.195.109 port 46912:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:47.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:48 honeypot-ams-1 sshd[3475]: Received disconnect from 88.149.195.109 port 46960:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:48.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:49 honeypot-ams-1 sshd[3479]: Received disconnect from 88.149.195.109 port 47016:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:49.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:50 honeypot-ams-1 sshd[3483]: Received disconnect from 88.149.195.109 port 47062:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:50.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:50 honeypot-ams-1 sshd[3487]: Received disconnect from 88.149.195.109 port 47108:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:51.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:51 honeypot-ams-1 sshd[3491]: Received disconnect from 88.149.195.109 port 47158:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:51.815Z"}
{"@timestamp":"2022-09-09T09:26:32.411Z","@version":"1","message":"Sep  9 09:26:32 honeypot-sgp-1 sshd[534]: Received disconnect from 59.3.76.218 port 54694:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:27:57.447Z","@version":"1","message":"Sep  9 09:27:57 honeypot-sgp-1 sshd[539]: Disconnected from authenticating user root 82.200.65.218 port 36516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:31:47.539Z","@version":"1","message":"Sep  9 09:31:47 honeypot-sgp-1 kernel: [83592023.131761] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=17131 PROTO=TCP SPT=52723 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:13 honeypot-fra-1 sshd[26332]: Invalid user user from 141.255.162.226 port 51780","@timestamp":"2022-09-09T09:33:14.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:19 honeypot-fra-1 sshd[26336]: Invalid user user from 141.255.162.226 port 43306","@timestamp":"2022-09-09T09:33:20.060Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:20 honeypot-fra-1 sshd[26340]: Invalid user user from 141.255.162.226 port 48982","@timestamp":"2022-09-09T09:33:21.061Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:35:11 honeypot-ams-1 sshd[3505]: Received disconnect from 103.226.249.51 port 48698:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:35:12.057Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:37:36 honeypot-fra-1 sshd[26345]: Invalid user gladmin from 141.98.10.158 port 34904","@timestamp":"2022-09-09T09:37:37.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:42:12 honeypot-fra-1 sshd[26349]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.212.147 port 52430","@timestamp":"2022-09-09T09:42:13.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T09:42:49.801Z","@version":"1","message":"Sep  9 09:42:49 honeypot-sgp-1 sshd[554]: Invalid user user1 from 103.188.176.251 port 35196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 09:43:09 honeypot-ams-1 kernel: [83593176.878732] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=27275 DF PROTO=TCP SPT=55665 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:43:10.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:46:11 honeypot-ams-1 sshd[3518]: Disconnected from 161.35.131.133 port 48518 [preauth]","@timestamp":"2022-09-09T09:46:12.352Z"}
{"@timestamp":"2022-09-09T09:48:24.937Z","@version":"1","message":"Sep  9 09:48:24 honeypot-sgp-1 kernel: [83593020.833229] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54991 PROTO=TCP SPT=31764 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:54:41.093Z","@version":"1","message":"Sep  9 09:54:40 honeypot-sgp-1 sshd[566]: Did not receive identification string from 121.185.139.70 port 6709","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:58:06 honeypot-ams-1 sshd[3527]: Connection closed by invalid user  64.62.197.137 port 20630 [preauth]","@timestamp":"2022-09-09T09:58:06.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:59:55 honeypot-ams-1 sshd[3533]: Received disconnect from 61.177.173.37 port 30032:11:  [preauth]","@timestamp":"2022-09-09T09:59:56.716Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:00:35 honeypot-fra-1 sshd[26353]: ssh_dispatch_run_fatal: Connection from 136.52.13.251 port 60651: Connection corrupted [preauth]","@timestamp":"2022-09-09T10:00:36.754Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:05:12.348Z","@version":"1","message":"Sep  9 10:05:12 honeypot-sgp-1 sshd[569]: Received disconnect from 84.54.74.130 port 58802:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:05:38 honeypot-ams-1 kernel: [83594526.174523] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.126.71.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=1365 PROTO=TCP SPT=65197 DPT=80 WINDOW=55949 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:05:39.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:15:32 honeypot-fra-1 kernel: [83592969.793186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=47154 PROTO=TCP SPT=46578 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:15:33.087Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T10:16:42.625Z","@version":"1","message":"Sep  9 10:16:42 honeypot-sgp-1 sshd[572]: Disconnected from invalid user ubuntu 1.224.37.98 port 48396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:19:02 honeypot-ams-1 kernel: [83595329.635762] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4759 PROTO=TCP SPT=40761 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:19:03.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:19:33 honeypot-fra-1 sshd[26365]: Received disconnect from 45.61.186.49 port 60682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T10:19:34.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:19:41 honeypot-fra-1 sshd[26369]: Received disconnect from 45.61.186.49 port 43668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T10:19:42.187Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:20:10.713Z","@version":"1","message":"Sep  9 10:20:09 honeypot-sgp-1 sshd[578]: Disconnected from invalid user user 45.61.186.169 port 34510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:20:29.723Z","@version":"1","message":"Sep  9 10:20:29 honeypot-sgp-1 sshd[582]: Disconnected from invalid user user 45.61.186.169 port 58004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:20:46.732Z","@version":"1","message":"Sep  9 10:20:45 honeypot-sgp-1 sshd[586]: Disconnected from invalid user user 45.61.186.169 port 53300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:21:02.740Z","@version":"1","message":"Sep  9 10:21:01 honeypot-sgp-1 sshd[590]: Disconnected from invalid user user 45.61.186.169 port 48606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:22:08.770Z","@version":"1","message":"Sep  9 10:22:07 honeypot-sgp-1 sshd[596]: Received disconnect from 45.61.187.160 port 38202:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:22:25.779Z","@version":"1","message":"Sep  9 10:22:25 honeypot-sgp-1 sshd[600]: Received disconnect from 45.61.187.160 port 33196:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:22:29 honeypot-fra-1 sshd[26376]: Did not receive identification string from 45.61.186.249 port 37980","@timestamp":"2022-09-09T10:22:30.252Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:22:41.787Z","@version":"1","message":"Sep  9 10:22:41 honeypot-sgp-1 sshd[604]: Received disconnect from 45.61.187.160 port 56430:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:22:58 honeypot-fra-1 sshd[26379]: Disconnected from invalid user user 45.61.186.249 port 53876 [preauth]","@timestamp":"2022-09-09T10:22:58.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:23:17 honeypot-fra-1 sshd[26383]: Disconnected from invalid user user 45.61.186.249 port 48472 [preauth]","@timestamp":"2022-09-09T10:23:18.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:23:36 honeypot-fra-1 sshd[26387]: Disconnected from invalid user user 45.61.186.249 port 43068 [preauth]","@timestamp":"2022-09-09T10:23:37.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:25:46.863Z","@version":"1","message":"Sep  9 10:25:46 honeypot-sgp-1 kernel: [83595261.993398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=40074 DF PROTO=TCP SPT=63076 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:28:17 honeypot-fra-1 kernel: [83593734.938664] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2982 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:28:18.389Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T10:36:21.120Z","@version":"1","message":"Sep  9 10:36:20 honeypot-sgp-1 kernel: [83595896.511110] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.49 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=45134 PROTO=TCP SPT=50429 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:39:45 honeypot-ams-1 kernel: [83596573.160855] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.203.138 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37051 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:39:46.760Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:40:21 honeypot-fra-1 kernel: [83594458.455848] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.29 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35067 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:40:21.682Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:29 honeypot-ams-1 sshd[3554]: Received disconnect from 198.98.61.9 port 42944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T10:43:29.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:45 honeypot-ams-1 sshd[3558]: Received disconnect from 198.98.61.9 port 37498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T10:43:45.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:59 honeypot-ams-1 sshd[3562]: Received disconnect from 198.98.61.9 port 60292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T10:44:00.876Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:46:25 honeypot-ams-1 kernel: [83596972.754706] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.201.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60749 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:46:25.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:47:43 honeypot-fra-1 sshd[26402]: Connection closed by invalid user admin 193.106.191.157 port 52790 [preauth]","@timestamp":"2022-09-09T10:47:44.850Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:50:49.494Z","@version":"1","message":"Sep  9 10:50:49 honeypot-sgp-1 kernel: [83596765.178670] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.38 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=38829 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:56:42.641Z","@version":"1","message":"Sep  9 10:56:41 honeypot-sgp-1 sshd[629]: Disconnected from invalid user kkk 62.84.124.238 port 34446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:00:36.739Z","@version":"1","message":"Sep  9 11:00:36 honeypot-sgp-1 sshd[636]: Received disconnect from 179.131.10.103 port 51066:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:03:13 honeypot-ams-1 kernel: [83597980.180047] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=39048 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:03:13.365Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:09:32 honeypot-fra-1 sshd[26407]: Disconnected from invalid user joseph 165.22.45.108 port 36748 [preauth]","@timestamp":"2022-09-09T11:09:33.321Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:09:37.960Z","@version":"1","message":"Sep  9 11:09:36 honeypot-sgp-1 sshd[641]: Disconnected from invalid user alla 142.93.65.9 port 47546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:16:22.126Z","@version":"1","message":"Sep  9 11:16:21 honeypot-sgp-1 sshd[649]: Received disconnect from 103.9.36.251 port 15748:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:17:01 honeypot-ams-1 CRON[3573]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T11:17:01.724Z"}
{"@timestamp":"2022-09-09T11:17:34.159Z","@version":"1","message":"Sep  9 11:17:33 honeypot-sgp-1 sshd[655]: Disconnected from authenticating user root 43.225.53.39 port 38870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:19:02.198Z","@version":"1","message":"Sep  9 11:19:02 honeypot-sgp-1 sshd[661]: Received disconnect from 103.9.36.251 port 37233:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:20:30 honeypot-ams-1 kernel: [83599017.307940] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=85.105.6.157 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=51100 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:20:30.819Z"}
{"@timestamp":"2022-09-09T11:22:48.292Z","@version":"1","message":"Sep  9 11:22:48 honeypot-sgp-1 kernel: [83598684.104554] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.101 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=50213 PROTO=TCP SPT=4040 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:24:33 honeypot-fra-1 sshd[26417]: Invalid user pi from 82.66.3.241 port 45060","@timestamp":"2022-09-09T11:24:34.641Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:26:19.382Z","@version":"1","message":"Sep  9 11:26:18 honeypot-sgp-1 sshd[672]: Received disconnect from 103.9.36.251 port 62703:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:31:03.515Z","@version":"1","message":"Sep  9 11:31:02 honeypot-sgp-1 kernel: [83599178.697376] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=17402 PROTO=TCP SPT=43003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:33:26 honeypot-ams-1 sshd[3582]: Invalid user varvara from 98.146.197.7 port 58834","@timestamp":"2022-09-09T11:33:27.162Z"}
{"@timestamp":"2022-09-09T11:35:57.636Z","@version":"1","message":"Sep  9 11:35:56 honeypot-sgp-1 kernel: [83599472.731324] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=11904 DF PROTO=TCP SPT=54137 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:36:05 honeypot-fra-1 kernel: [83597802.213527] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.29 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45149 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:36:05.914Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:40:44 honeypot-fra-1 sshd[26430]: Invalid user pi from 46.198.170.74 port 47966","@timestamp":"2022-09-09T11:40:45.016Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:41:02.761Z","@version":"1","message":"Sep  9 11:41:02 honeypot-sgp-1 kernel: [83599777.938639] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.230.103.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=49210 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:42:08 honeypot-ams-1 kernel: [83600315.782209] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=33710 PROTO=TCP SPT=20405 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:42:09.388Z"}
{"@timestamp":"2022-09-09T11:45:28.870Z","@version":"1","message":"Sep  9 11:45:28 honeypot-sgp-1 kernel: [83600044.663368] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.175.130.186 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=232 ID=41541 PROTO=TCP SPT=43636 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:46:56.908Z","@version":"1","message":"Sep  9 11:46:56 honeypot-sgp-1 sshd[696]: Disconnected from invalid user berta 20.212.61.4 port 54212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:48:48 honeypot-ams-1 sshd[3591]: Disconnected from invalid user ronda 81.182.254.124 port 54872 [preauth]","@timestamp":"2022-09-09T11:48:49.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:50:18 honeypot-fra-1 kernel: [83598655.455424] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=52078 PROTO=TCP SPT=56878 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:50:19.239Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:52:38 honeypot-ams-1 kernel: [83600945.456183] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=113 ID=330 PROTO=TCP SPT=49842 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:52:38.665Z"}
{"@timestamp":"2022-09-09T11:56:02.133Z","@version":"1","message":"Sep  9 11:56:02 honeypot-sgp-1 sshd[703]: Disconnected from authenticating user root 103.9.36.251 port 57201 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:59:18 honeypot-fra-1 kernel: [83599194.843773] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=60737 PROTO=TCP SPT=43659 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:59:18.446Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T12:01:08.261Z","@version":"1","message":"Sep  9 12:01:08 honeypot-sgp-1 kernel: [83600983.866194] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=59976 DF PROTO=TCP SPT=43090 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:04:46 honeypot-ams-1 sshd[3601]: Disconnected from authenticating user root 134.209.102.211 port 55770 [preauth]","@timestamp":"2022-09-09T12:04:46.989Z"}
{"@timestamp":"2022-09-09T12:07:29.420Z","@version":"1","message":"Sep  9 12:07:29 honeypot-sgp-1 sshd[712]: Disconnected from invalid user angela 220.130.164.120 port 46796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T12:10:36.499Z","@version":"1","message":"Sep  9 12:10:35 honeypot-sgp-1 kernel: [83601551.789681] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=12431 PROTO=TCP SPT=28841 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:11:18 honeypot-fra-1 sshd[26442]: Invalid user jpg from 165.22.45.108 port 48130","@timestamp":"2022-09-09T12:11:18.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:17:02.655Z","@version":"1","message":"Sep  9 12:17:01 honeypot-sgp-1 CRON[725]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:17:44 honeypot-ams-1 sshd[3608]: Invalid user admin from 175.193.249.203 port 60516","@timestamp":"2022-09-09T12:17:45.349Z"}
{"@timestamp":"2022-09-09T12:18:43.701Z","@version":"1","message":"Sep  9 12:18:43 honeypot-sgp-1 sshd[732]: Invalid user user1 from 103.188.176.251 port 44932","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:22:20 honeypot-fra-1 kernel: [83600577.252661] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=6993 PROTO=TCP SPT=31457 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:22:20.989Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:27:21 honeypot-ams-1 sshd[3613]: Invalid user xie from 124.158.5.133 port 53966","@timestamp":"2022-09-09T12:27:21.596Z"}
{"@timestamp":"2022-09-09T12:29:41.973Z","@version":"1","message":"Sep  9 12:29:41 honeypot-sgp-1 sshd[738]: Received disconnect from 103.9.36.251 port 47751:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:29:54 honeypot-ams-1 sshd[3617]: Received disconnect from 187.230.177.3 port 38234:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:29:54.664Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:32:51 honeypot-ams-1 kernel: [83603358.300207] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.215.79.30 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=13899 DF PROTO=TCP SPT=42068 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:32:51.743Z"}
{"@timestamp":"2022-09-09T12:36:27.140Z","@version":"1","message":"Sep  9 12:36:26 honeypot-sgp-1 kernel: [83603102.768600] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.164 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=24115 PROTO=TCP SPT=18242 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:36:37 honeypot-ams-1 kernel: [83603584.423872] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34692 PROTO=TCP SPT=10019 DPT=80 WINDOW=65507 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:36:37.845Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:36:55 honeypot-fra-1 sshd[26453]: Invalid user httpd2 from 162.241.201.224 port 46558","@timestamp":"2022-09-09T12:36:56.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:37:39 honeypot-fra-1 kernel: [83601496.265977] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=16801 PROTO=TCP SPT=45717 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:37:40.348Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:00 honeypot-fra-1 sshd[26460]: Received disconnect from 141.255.162.226 port 48908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T12:38:01.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:02 honeypot-fra-1 sshd[26464]: Received disconnect from 141.255.162.226 port 35036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T12:38:03.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:06 honeypot-fra-1 sshd[26468]: Received disconnect from 141.255.162.226 port 49398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T12:38:07.410Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:39:49.223Z","@version":"1","message":"Sep  9 12:39:49 honeypot-sgp-1 kernel: [83603304.868008] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=42.81.157.50 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=36052 PROTO=TCP SPT=45919 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:41:58 honeypot-fra-1 sshd[26473]: Received disconnect from 20.232.175.215 port 45236:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:41:59.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:44:22 honeypot-ams-1 kernel: [83604049.587738] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11153 PROTO=TCP SPT=51317 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:44:23.046Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:44:43 honeypot-fra-1 sshd[26480]: Invalid user user from 45.61.186.249 port 34668","@timestamp":"2022-09-09T12:44:43.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:02 honeypot-fra-1 sshd[26486]: Invalid user user from 45.61.186.249 port 57658","@timestamp":"2022-09-09T12:45:02.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:11 honeypot-fra-1 sshd[26488]: Received disconnect from 45.61.186.249 port 40928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T12:45:12.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:28 honeypot-fra-1 sshd[26492]: Received disconnect from 45.61.186.249 port 35742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T12:45:28.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:51 honeypot-fra-1 sshd[26496]: Received disconnect from 115.236.8.253 port 35960:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:45:52.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:45:53.375Z","@version":"1","message":"Sep  9 12:45:53 honeypot-sgp-1 sshd[751]: Did not receive identification string from 141.255.162.226 port 37120","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:46:45 honeypot-fra-1 sshd[26500]: Received disconnect from 187.106.203.217 port 48642:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:46:46.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:50:31 honeypot-fra-1 sshd[26505]: Disconnected from invalid user vicky 51.250.5.16 port 36026 [preauth]","@timestamp":"2022-09-09T12:50:32.723Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:53:40.564Z","@version":"1","message":"Sep  9 12:53:40 honeypot-sgp-1 sshd[759]: Connection closed by 167.248.133.46 port 37816 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:55:09 honeypot-fra-1 sshd[26512]: Connection closed by invalid user sobalanka 141.98.10.158 port 46004 [preauth]","@timestamp":"2022-09-09T12:55:09.828Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:01:36.757Z","@version":"1","message":"Sep  9 13:01:36 honeypot-sgp-1 sshd[764]: Disconnected from invalid user alan 159.223.65.243 port 44232 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:05:56 honeypot-ams-1 sshd[3632]: Received disconnect from 80.76.51.43 port 41656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:05:56.611Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:06:26 honeypot-ams-1 sshd[3636]: Received disconnect from 80.76.51.43 port 46360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:06:27.627Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:07:04 honeypot-fra-1 sshd[26517]: Received disconnect from 124.109.61.121 port 50752:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:07:05.096Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:07:08.894Z","@version":"1","message":"Sep  9 13:07:08 honeypot-sgp-1 kernel: [83604943.896074] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5899 PROTO=TCP SPT=46578 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:07:10 honeypot-ams-1 sshd[3642]: Received disconnect from 80.76.51.43 port 39268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:07:10.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:07:40 honeypot-ams-1 sshd[3648]: Invalid user scooper from 100.42.48.11 port 57248","@timestamp":"2022-09-09T13:07:40.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:08:06 honeypot-ams-1 sshd[3652]: Received disconnect from 80.76.51.43 port 48554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:08:06.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:08:35 honeypot-ams-1 sshd[3657]: Disconnected from invalid user user 80.76.51.43 port 53180 [preauth]","@timestamp":"2022-09-09T13:08:35.696Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:10:12 honeypot-ams-1 sshd[3663]: Received disconnect from 51.250.90.116 port 57658:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:10:13.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:12:55 honeypot-fra-1 sshd[26524]: Invalid user admin from 218.161.109.35 port 43871","@timestamp":"2022-09-09T13:12:56.228Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:13:07.040Z","@version":"1","message":"Sep  9 13:13:06 honeypot-sgp-1 sshd[776]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:14:32 honeypot-ams-1 sshd[3667]: Disconnected from invalid user user 45.61.186.169 port 43646 [preauth]","@timestamp":"2022-09-09T13:14:32.860Z"}
{"@timestamp":"2022-09-09T13:14:45.082Z","@version":"1","message":"Sep  9 13:14:44 honeypot-sgp-1 kernel: [83605400.044478] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.95.17 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54315 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:14:49 honeypot-ams-1 sshd[3671]: Received disconnect from 45.61.186.169 port 38628:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:14:49.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:15:06 honeypot-ams-1 sshd[3675]: Received disconnect from 45.61.186.169 port 33604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:15:06.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:15:22 honeypot-ams-1 sshd[3679]: Received disconnect from 45.61.186.169 port 56810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:15:22.888Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:16:27 honeypot-fra-1 kernel: [83603823.666318] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.150.187.160 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=43686 PROTO=TCP SPT=46327 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:16:27.309Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T13:16:33.127Z","@version":"1","message":"Sep  9 13:16:33 honeypot-sgp-1 sshd[783]: Disconnected from invalid user gkrellmd 139.59.231.14 port 48900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:20:43 honeypot-ams-1 sshd[3685]: Received disconnect from 79.60.237.168 port 49688:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:20:44.031Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 13:23:17 honeypot-ams-1 kernel: [83606384.733371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=50783 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:23:18.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:23:43 honeypot-ams-1 sshd[3691]: Disconnected from invalid user superman 118.26.110.160 port 43784 [preauth]","@timestamp":"2022-09-09T13:23:44.115Z"}
{"@timestamp":"2022-09-09T13:26:56.378Z","@version":"1","message":"Sep  9 13:26:55 honeypot-sgp-1 sshd[789]: Received disconnect from 103.9.36.251 port 38402:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:28:20 honeypot-fra-1 kernel: [83604537.002245] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=90 TOS=0x00 PREC=0x00 TTL=250 ID=54220 PROTO=TCP SPT=28137 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:28:20.577Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:31:01 honeypot-ams-1 sshd[3698]: Invalid user oracle from 92.255.85.70 port 48852","@timestamp":"2022-09-09T13:31:02.312Z"}
{"@timestamp":"2022-09-09T13:35:26.583Z","@version":"1","message":"Sep  9 13:35:26 honeypot-sgp-1 kernel: [83606642.189788] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.88.48 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=27400 PROTO=TCP SPT=47710 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:44:10 honeypot-fra-1 kernel: [83605487.367031] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 PROTO=TCP SPT=1302 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:44:10.926Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T13:47:02.894Z","@version":"1","message":"Sep  9 13:47:01 honeypot-sgp-1 sshd[805]: Received disconnect from 103.9.36.251 port 20969:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T13:53:23.059Z","@version":"1","message":"Sep  9 13:53:22 honeypot-sgp-1 sshd[811]: Received disconnect from 92.255.85.70 port 48846:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:54:31 honeypot-ams-1 sshd[3702]: Disconnected from invalid user xe 182.23.63.23 port 40682 [preauth]","@timestamp":"2022-09-09T13:54:31.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26546]: Invalid user es from 212.87.251.118 port 59044","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26551]: Invalid user oracle from 212.87.251.118 port 59054","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26557]: Invalid user user from 212.87.251.118 port 59088","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26554]: Invalid user guest from 212.87.251.118 port 59070","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26545]: Connection closed by invalid user dev 212.87.251.118 port 59040 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26551]: Connection closed by invalid user oracle 212.87.251.118 port 59054 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26553]: Connection closed by invalid user esuser 212.87.251.118 port 59066 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26566]: Invalid user user from 212.87.251.118 port 59114","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26570]: Invalid user test from 212.87.251.118 port 59138","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:20 honeypot-fra-1 sshd[26569]: Connection closed by invalid user ubuntu 212.87.251.118 port 59134 [preauth]","@timestamp":"2022-09-09T13:56:21.198Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:57:56.171Z","@version":"1","message":"Sep  9 13:57:56 honeypot-sgp-1 kernel: [83607991.761996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.189.141.190 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=4723 PROTO=TCP SPT=50332 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:59:32 honeypot-ams-1 sshd[3710]: Invalid user kiran from 159.65.148.176 port 39692","@timestamp":"2022-09-09T13:59:33.060Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 14:00:39 honeypot-ams-1 kernel: [83608626.628408] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.245.151.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=5885 PROTO=TCP SPT=55542 DPT=443 WINDOW=5639 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:00:40.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:13:15 honeypot-ams-1 sshd[3720]: Invalid user inge from 94.30.68.41 port 59510","@timestamp":"2022-09-09T14:13:16.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:16:17 honeypot-fra-1 sshd[26603]: Invalid user caobin from 167.71.231.98 port 33870","@timestamp":"2022-09-09T14:16:17.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:17:37 honeypot-ams-1 sshd[3727]: Disconnected from 147.182.211.89 port 54910 [preauth]","@timestamp":"2022-09-09T14:17:37.542Z"}
{"@timestamp":"2022-09-09T14:18:31.687Z","@version":"1","message":"Sep  9 14:18:31 honeypot-sgp-1 sshd[822]: Disconnected from authenticating user root 92.255.85.70 port 56974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:19:25 honeypot-fra-1 sshd[26608]: Disconnected from invalid user jschaffner 165.22.45.108 port 40054 [preauth]","@timestamp":"2022-09-09T14:19:25.697Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:28:50 honeypot-ams-1 sshd[3735]: Disconnected from authenticating user root 190.192.207.223 port 34356 [preauth]","@timestamp":"2022-09-09T14:28:50.835Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:28:59 honeypot-fra-1 sshd[26615]: Invalid user user from 198.98.61.9 port 56786","@timestamp":"2022-09-09T14:28:59.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:08 honeypot-fra-1 sshd[26619]: Disconnected from invalid user user 198.98.61.9 port 39948 [preauth]","@timestamp":"2022-09-09T14:29:08.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:26 honeypot-fra-1 sshd[26623]: Received disconnect from 198.98.61.9 port 34522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T14:29:26.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:42 honeypot-fra-1 sshd[26627]: Received disconnect from 198.98.61.9 port 57310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T14:29:42.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:30:58 honeypot-fra-1 kernel: [83608295.170554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=49169 PROTO=TCP SPT=53805 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:30:58.957Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:32:35 honeypot-ams-1 sshd[3740]: Disconnected from authenticating user root 83.229.115.152 port 52076 [preauth]","@timestamp":"2022-09-09T14:32:35.937Z"}
{"@timestamp":"2022-09-09T14:36:32.148Z","@version":"1","message":"Sep  9 14:36:31 honeypot-sgp-1 kernel: [83610306.975436] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.82 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=13631 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:36:36 honeypot-fra-1 kernel: [83608633.161591] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.98 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=13922 PROTO=TCP SPT=47503 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:36:37.076Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:44:21 honeypot-fra-1 sshd[26657]: Connection closed by invalid user ubuntu 101.33.218.153 port 55460 [preauth]","@timestamp":"2022-09-09T14:44:22.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 14:44:22 honeypot-ams-1 kernel: [83611249.634546] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.243.97.39 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=25451 PROTO=TCP SPT=63361 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:44:23.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:20 honeypot-fra-1 sshd[26674]: Invalid user steam from 20.243.201.105 port 50256","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26694]: Invalid user ubuntu from 20.243.201.105 port 50338","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26682]: Invalid user mysql from 20.243.201.105 port 50288","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26676]: Invalid user mysql from 20.243.201.105 port 50262","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26690]: Connection closed by invalid user steam 20.243.201.105 port 50320 [preauth]","@timestamp":"2022-09-09T14:46:22.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26677]: Connection closed by invalid user ubuntu 20.243.201.105 port 50278 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26685]: Connection closed by invalid user web 20.243.201.105 port 50316 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26691]: Connection closed by authenticating user root 20.243.201.105 port 50334 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26694]: Connection closed by invalid user ubuntu 20.243.201.105 port 50338 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 14:49:44 honeypot-ams-1 kernel: [83611571.319247] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4143 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:49:44.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:50:26 honeypot-fra-1 kernel: [83609462.868518] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54393 PROTO=TCP SPT=47275 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:50:27.373Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T14:51:11.522Z","@version":"1","message":"Sep  9 14:51:11 honeypot-sgp-1 sshd[835]: Disconnected from authenticating user root 165.22.42.39 port 42444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:54:17.599Z","@version":"1","message":"Sep  9 14:54:17 honeypot-sgp-1 sshd[841]: Disconnected from authenticating user root 165.22.42.39 port 54818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:56:13.649Z","@version":"1","message":"Sep  9 14:56:12 honeypot-sgp-1 sshd[848]: Received disconnect from 165.22.42.39 port 53666:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:58:16.700Z","@version":"1","message":"Sep  9 14:58:16 honeypot-sgp-1 sshd[854]: Invalid user admin from 103.9.36.251 port 60243","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:59:58.743Z","@version":"1","message":"Sep  9 14:59:58 honeypot-sgp-1 sshd[858]: Disconnected from authenticating user root 165.22.42.39 port 51344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:23 honeypot-ams-1 sshd[3751]: Invalid user user from 141.255.162.226 port 56496","@timestamp":"2022-09-09T15:00:24.657Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:25 honeypot-ams-1 sshd[3755]: Invalid user user from 141.255.162.226 port 49794","@timestamp":"2022-09-09T15:00:26.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:28 honeypot-ams-1 sshd[3759]: Invalid user user from 141.255.162.226 port 35940","@timestamp":"2022-09-09T15:00:29.660Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 15:01:22 honeypot-ams-1 kernel: [83612269.432384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=42966 PROTO=TCP SPT=27783 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:01:22.683Z"}
{"@timestamp":"2022-09-09T15:02:44.814Z","@version":"1","message":"Sep  9 15:02:44 honeypot-sgp-1 sshd[866]: Invalid user dev from 165.22.42.39 port 35500","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:03:11 honeypot-fra-1 sshd[26734]: Connection closed by 121.157.23.122 port 59242 [preauth]","@timestamp":"2022-09-09T15:03:11.671Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:03:39.840Z","@version":"1","message":"Sep  9 15:03:38 honeypot-sgp-1 sshd[869]: Disconnected from invalid user oladefab 165.22.42.39 port 49034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:05:34.891Z","@version":"1","message":"Sep  9 15:05:34 honeypot-sgp-1 sshd[873]: Received disconnect from 165.22.42.39 port 47890:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:06:56 honeypot-fra-1 sshd[26740]: Invalid user user from 45.61.184.204 port 53226","@timestamp":"2022-09-09T15:06:56.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:07:13 honeypot-fra-1 kernel: [83610469.687915] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.73.116.255 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18508 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:07:13.765Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:07:24 honeypot-fra-1 sshd[26746]: Disconnected from invalid user user 45.61.184.204 port 59624 [preauth]","@timestamp":"2022-09-09T15:07:24.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:07:29.938Z","@version":"1","message":"Sep  9 15:07:29 honeypot-sgp-1 sshd[878]: Disconnected from authenticating user root 165.22.42.39 port 46728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:07:43 honeypot-fra-1 sshd[26750]: Disconnected from invalid user user 45.61.184.204 port 54460 [preauth]","@timestamp":"2022-09-09T15:07:43.779Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:08:28.964Z","@version":"1","message":"Sep  9 15:08:28 honeypot-sgp-1 sshd[882]: Disconnected from invalid user dev 165.22.42.39 port 60264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:09:12 honeypot-ams-1 sshd[3767]: Disconnected from 204.48.30.72 port 40216 [preauth]","@timestamp":"2022-09-09T15:09:12.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:10:05 honeypot-fra-1 sshd[26755]: Received disconnect from 92.255.85.69 port 28842:11: Bye Bye [preauth]","@timestamp":"2022-09-09T15:10:05.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:10:19.011Z","@version":"1","message":"Sep  9 15:10:18 honeypot-sgp-1 sshd[886]: Disconnected from invalid user startupclerk 165.22.42.39 port 59116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:11:29 honeypot-ams-1 sshd[3771]: Disconnected from invalid user 0 92.255.85.69 port 29616 [preauth]","@timestamp":"2022-09-09T15:11:30.948Z"}
{"@timestamp":"2022-09-09T15:12:37.068Z","@version":"1","message":"Sep  9 15:12:36 honeypot-sgp-1 kernel: [83612471.925131] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.131 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=47971 PROTO=TCP SPT=60721 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:08 honeypot-ams-1 sshd[3776]: Invalid user user from 141.255.162.226 port 53318","@timestamp":"2022-09-09T15:13:08.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:10 honeypot-ams-1 sshd[3780]: Invalid user user from 141.255.162.226 port 39114","@timestamp":"2022-09-09T15:13:10.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:15 honeypot-ams-1 sshd[3784]: Invalid user user from 141.255.162.226 port 46132","@timestamp":"2022-09-09T15:13:15.996Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 15:14:01 honeypot-ams-1 kernel: [83613028.378961] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.251.102.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30911 PROTO=TCP SPT=25149 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:14:02.017Z"}
{"@timestamp":"2022-09-09T15:14:54.128Z","@version":"1","message":"Sep  9 15:14:53 honeypot-sgp-1 sshd[899]: Invalid user gbadebo from 165.22.42.39 port 42102","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:16:46.177Z","@version":"1","message":"Sep  9 15:16:46 honeypot-sgp-1 sshd[904]: Received disconnect from 165.22.42.39 port 40954:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:17:01 honeypot-ams-1 CRON[3791]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T15:17:02.098Z"}
{"@timestamp":"2022-09-09T15:17:42.201Z","@version":"1","message":"Sep  9 15:17:41 honeypot-sgp-1 sshd[910]: Disconnected from invalid user sandbox 165.22.42.39 port 54490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:17:53 honeypot-fra-1 sshd[26762]: Received disconnect from 148.72.209.121 port 35984:11: Bye Bye [preauth]","@timestamp":"2022-09-09T15:17:54.004Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:19:39.254Z","@version":"1","message":"Sep  9 15:19:38 honeypot-sgp-1 sshd[915]: Received disconnect from 165.22.42.39 port 53326:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:21:30.301Z","@version":"1","message":"Sep  9 15:21:29 honeypot-sgp-1 sshd[920]: Disconnected from authenticating user root 165.22.42.39 port 52176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:04 honeypot-fra-1 sshd[26766]: Disconnected from invalid user user 141.255.162.226 port 45134 [preauth]","@timestamp":"2022-09-09T15:22:05.099Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:07 honeypot-fra-1 sshd[26770]: Disconnected from invalid user user 141.255.162.226 port 37558 [preauth]","@timestamp":"2022-09-09T15:22:08.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:10 honeypot-fra-1 sshd[26774]: Disconnected from invalid user user 141.255.162.226 port 51338 [preauth]","@timestamp":"2022-09-09T15:22:11.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:23:45 honeypot-fra-1 sshd[26778]: Disconnected from invalid user judith 165.22.45.108 port 50138 [preauth]","@timestamp":"2022-09-09T15:23:46.136Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:25:40.406Z","@version":"1","message":"Sep  9 15:25:39 honeypot-sgp-1 sshd[925]: Disconnected from invalid user warrior 142.93.187.197 port 55184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 15:25:45 honeypot-ams-1 kernel: [83613732.929298] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=37241 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:25:46.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:28:39 honeypot-fra-1 sshd[26784]: Received disconnect from 45.61.186.49 port 53878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:28:39.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:28:49 honeypot-fra-1 sshd[26788]: Received disconnect from 45.61.186.49 port 37350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:28:49.253Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:30:32.528Z","@version":"1","message":"Sep  9 15:30:32 honeypot-sgp-1 kernel: [83613547.920355] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=237 ID=24064 PROTO=TCP SPT=6375 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:32:59 honeypot-ams-1 sshd[3801]: Received disconnect from 92.255.85.70 port 62456:11: Bye Bye [preauth]","@timestamp":"2022-09-09T15:32:59.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:35:06 honeypot-fra-1 sshd[26794]: Connection closed by invalid user admin 220.121.250.154 port 41357 [preauth]","@timestamp":"2022-09-09T15:35:06.392Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:48:29 honeypot-ams-1 sshd[3805]: Connection closed by invalid user Admin 80.65.90.155 port 45770 [preauth]","@timestamp":"2022-09-09T15:48:29.931Z"}
{"@timestamp":"2022-09-09T15:49:17.980Z","@version":"1","message":"Sep  9 15:49:17 honeypot-sgp-1 sshd[937]: Connection closed by invalid user Admin 72.138.167.50 port 39712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:50:33 honeypot-fra-1 sshd[27235]: Disconnected from authenticating user root 92.255.85.69 port 52594 [preauth]","@timestamp":"2022-09-09T15:50:34.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:07 honeypot-fra-1 sshd[27241]: Received disconnect from 198.98.61.9 port 36168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:56:07.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:24 honeypot-fra-1 sshd[27245]: Received disconnect from 198.98.61.9 port 59250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:56:24.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:40 honeypot-fra-1 sshd[27249]: Received disconnect from 198.98.61.9 port 54084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:56:40.890Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:56 honeypot-fra-1 sshd[27253]: Invalid user user from 198.98.61.9 port 48916","@timestamp":"2022-09-09T15:56:56.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:57:16 honeypot-ams-1 sshd[3808]: Connection closed by invalid user pi 92.152.11.18 port 59856 [preauth]","@timestamp":"2022-09-09T15:57:17.159Z"}
{"@timestamp":"2022-09-09T15:57:36.182Z","@version":"1","message":"Sep  9 15:57:35 honeypot-sgp-1 sshd[942]: Connection closed by invalid user admin 128.199.160.207 port 54392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:57:36.182Z","@version":"1","message":"Sep  9 15:57:35 honeypot-sgp-1 sshd[948]: Connection closed by invalid user admin 128.199.160.207 port 54404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 15:58:34 honeypot-ams-1 kernel: [83615701.519572] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4539 PROTO=TCP SPT=55047 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:58:35.195Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 16:04:44 honeypot-ams-1 kernel: [83616071.074240] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=30396 PROTO=TCP SPT=16847 DPT=443 WINDOW=12723 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:04:44.355Z"}
{"@timestamp":"2022-09-09T16:11:14.505Z","@version":"1","message":"Sep  9 16:11:13 honeypot-sgp-1 sshd[953]: Disconnected from authenticating user root 92.255.85.70 port 61234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:12:02 honeypot-ams-1 sshd[3820]: Disconnected from authenticating user root 61.177.173.51 port 17364 [preauth]","@timestamp":"2022-09-09T16:12:03.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:12:37 honeypot-fra-1 sshd[27261]: Invalid user admin from 141.98.10.158 port 57088","@timestamp":"2022-09-09T16:12:38.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:17:23 honeypot-fra-1 sshd[27268]: Did not receive identification string from 205.210.31.59 port 57041","@timestamp":"2022-09-09T16:17:23.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 16:18:50 honeypot-ams-1 kernel: [83616917.937940] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.248.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=27929 PROTO=TCP SPT=15791 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:18:51.733Z"}
{"@timestamp":"2022-09-09T16:19:02.691Z","@version":"1","message":"Sep  9 16:19:02 honeypot-sgp-1 sshd[961]: Received disconnect from 170.210.71.10 port 60702:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:21:53.761Z","@version":"1","message":"Sep  9 16:21:53 honeypot-sgp-1 sshd[966]: Received disconnect from 45.61.186.49 port 45106:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:22:04.767Z","@version":"1","message":"Sep  9 16:22:04 honeypot-sgp-1 sshd[971]: Received disconnect from 45.61.186.49 port 56686:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:24:10.818Z","@version":"1","message":"Sep  9 16:24:10 honeypot-sgp-1 sshd[975]: Received disconnect from 159.65.188.65 port 45868:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:27:02 honeypot-ams-1 sshd[4283]: Received disconnect from 61.177.173.39 port 36085:11:  [preauth]","@timestamp":"2022-09-09T16:27:02.947Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:27:26 honeypot-fra-1 sshd[27271]: Disconnected from invalid user julian 165.22.45.108 port 60204 [preauth]","@timestamp":"2022-09-09T16:27:26.578Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:31:48 honeypot-ams-1 sshd[4287]: Disconnected from authenticating user root 61.177.172.114 port 47726 [preauth]","@timestamp":"2022-09-09T16:31:49.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:35:07 honeypot-ams-1 sshd[4292]: Invalid user rupert from 165.227.204.174 port 36158","@timestamp":"2022-09-09T16:35:08.161Z"}
{"@timestamp":"2022-09-09T16:35:23.089Z","@version":"1","message":"Sep  9 16:35:22 honeypot-sgp-1 sshd[979]: Disconnected from invalid user admin 92.255.85.70 port 49750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:39:43 honeypot-fra-1 sshd[27275]: Received disconnect from 92.255.85.69 port 47596:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:39:43.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:39:50 honeypot-ams-1 sshd[4295]: Received disconnect from 92.255.85.70 port 60758:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:39:51.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:41:02 honeypot-ams-1 sshd[4299]: Disconnecting invalid user admin 100.12.133.226 port 60782: Too many authentication failures [preauth]","@timestamp":"2022-09-09T16:41:03.318Z"}
{"@timestamp":"2022-09-09T16:43:52.296Z","@version":"1","message":"Sep  9 16:43:52 honeypot-sgp-1 kernel: [83617947.699038] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=43142 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:45:13 honeypot-ams-1 sshd[4304]: Received disconnect from 42.200.212.120 port 35870:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:45:14.426Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:48:26 honeypot-fra-1 kernel: [83616542.274568] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=85 TOS=0x00 PREC=0x00 TTL=250 ID=10110 PROTO=TCP SPT=3449 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:48:27.046Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:50:28 honeypot-ams-1 sshd[4307]: Disconnected from invalid user unix 162.243.172.239 port 46382 [preauth]","@timestamp":"2022-09-09T16:50:29.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:52:19 honeypot-fra-1 sshd[27283]: Received disconnect from 132.145.168.70 port 59732:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:52:20.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:53:56 honeypot-ams-1 sshd[4313]: Disconnected from authenticating user root 126.77.170.137 port 45218 [preauth]","@timestamp":"2022-09-09T16:53:57.648Z"}
{"@timestamp":"2022-09-09T16:54:16.549Z","@version":"1","message":"Sep  9 16:54:16 honeypot-sgp-1 sshd[988]: Received disconnect from 170.210.71.10 port 41200:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:55:44.586Z","@version":"1","message":"Sep  9 16:55:43 honeypot-sgp-1 sshd[990]: Disconnected from invalid user vk 188.254.0.110 port 60464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:58:29 honeypot-fra-1 sshd[27288]: Received disconnect from 14.232.243.151 port 58452:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:58:29.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:58:52 honeypot-ams-1 sshd[4322]: Disconnected from authenticating user root 61.177.173.53 port 10061 [preauth]","@timestamp":"2022-09-09T16:58:52.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:59:42 honeypot-fra-1 sshd[27292]: Disconnected from authenticating user root 68.183.56.198 port 50166 [preauth]","@timestamp":"2022-09-09T16:59:43.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T17:00:30.702Z","@version":"1","message":"Sep  9 17:00:30 honeypot-sgp-1 sshd[997]: Disconnected from invalid user oracle 92.255.85.69 port 19752 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:02:54 honeypot-fra-1 sshd[27297]: Disconnected from invalid user oracle 92.255.85.69 port 58888 [preauth]","@timestamp":"2022-09-09T17:02:55.371Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:04:01 honeypot-ams-1 sshd[4329]: Received disconnect from 92.255.85.69 port 35488:11: Bye Bye [preauth]","@timestamp":"2022-09-09T17:04:01.912Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27303]: Invalid user devops from 34.92.211.177 port 34890","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27318]: Invalid user devops from 34.92.211.177 port 34894","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27304]: Invalid user ubuntu from 34.92.211.177 port 34958","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27310]: Connection closed by invalid user jenkins 34.92.211.177 port 34906 [preauth]","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27318]: Connection closed by invalid user devops 34.92.211.177 port 34894 [preauth]","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27307]: Connection closed by invalid user ubuntu 34.92.211.177 port 34916 [preauth]","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27312]: Connection closed by invalid user test 34.92.211.177 port 34930 [preauth]","@timestamp":"2022-09-09T17:06:01.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:03 honeypot-fra-1 sshd[27346]: Connection closed by invalid user test 34.92.211.177 port 34934 [preauth]","@timestamp":"2022-09-09T17:06:04.441Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:09:01 honeypot-ams-1 CRON[4335]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T17:09:02.046Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:09:02 honeypot-fra-1 CRON[27353]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T17:09:02.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:11:16 honeypot-ams-1 sshd[4345]: Received disconnect from 179.43.156.143 port 59136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:11:17.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:11:57 honeypot-ams-1 sshd[4351]: Received disconnect from 109.205.213.20 port 47418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:11:58.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:13:15 honeypot-ams-1 sshd[4358]: Received disconnect from 179.43.156.143 port 46906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:13:16.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:13:54 honeypot-ams-1 sshd[4362]: Disconnected from authenticating user root 179.43.156.143 port 42820 [preauth]","@timestamp":"2022-09-09T17:13:55.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:14:34 honeypot-ams-1 sshd[4366]: Disconnected from invalid user nutanix 179.43.156.143 port 38686 [preauth]","@timestamp":"2022-09-09T17:14:35.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:15:59 honeypot-ams-1 sshd[4371]: Disconnected from invalid user nfsnobod 179.43.156.143 port 58762 [preauth]","@timestamp":"2022-09-09T17:16:00.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:08 honeypot-fra-1 sshd[27360]: Invalid user user from 198.98.61.9 port 59842","@timestamp":"2022-09-09T17:16:09.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:26 honeypot-fra-1 sshd[27364]: Invalid user user from 198.98.61.9 port 54828","@timestamp":"2022-09-09T17:16:26.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:43 honeypot-fra-1 sshd[27368]: Invalid user user from 198.98.61.9 port 49812","@timestamp":"2022-09-09T17:16:44.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:17:01 honeypot-fra-1 CRON[27372]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T17:17:01.693Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:17:01 honeypot-ams-1 CRON[4378]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T17:17:02.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:18:41 honeypot-ams-1 sshd[4385]: Received disconnect from 179.43.156.143 port 42392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:18:42.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:19:34 honeypot-ams-1 sshd[4389]: Disconnected from invalid user ssh 223.171.32.55 port 4446 [preauth]","@timestamp":"2022-09-09T17:19:35.344Z"}
{"@timestamp":"2022-09-09T17:23:33.248Z","@version":"1","message":"Sep  9 17:23:32 honeypot-sgp-1 sshd[1081]: Invalid user oracle from 92.255.85.69 port 23742","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:25:39 honeypot-ams-1 sshd[4397]: Disconnected from authenticating user root 50.192.223.205 port 37278 [preauth]","@timestamp":"2022-09-09T17:25:39.501Z"}
{"@timestamp":"2022-09-09T17:26:19.315Z","@version":"1","message":"Sep  9 17:26:18 honeypot-sgp-1 sshd[1084]: Disconnected from invalid user user 45.61.184.204 port 42798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:26:39.330Z","@version":"1","message":"Sep  9 17:26:38 honeypot-sgp-1 sshd[1088]: Disconnected from invalid user user 45.61.184.204 port 37982 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:26:57.339Z","@version":"1","message":"Sep  9 17:26:57 honeypot-sgp-1 sshd[1092]: Disconnected from invalid user user 45.61.184.204 port 33166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:27:15.351Z","@version":"1","message":"Sep  9 17:27:14 honeypot-sgp-1 sshd[1096]: Disconnected from invalid user user 45.61.184.204 port 56586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:27:21 honeypot-fra-1 kernel: [83618877.138933] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=10800 PROTO=TCP SPT=45922 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:27:21.920Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:29:08 honeypot-ams-1 sshd[4403]: Disconnected from invalid user oracle 92.255.85.70 port 43294 [preauth]","@timestamp":"2022-09-09T17:29:09.594Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:31:15 honeypot-fra-1 sshd[27409]: Received disconnect from 165.22.45.108 port 42060:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:31:16.007Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T17:32:37.482Z","@version":"1","message":"Sep  9 17:32:36 honeypot-sgp-1 sshd[1101]: Disconnected from invalid user bart 138.68.166.2 port 36114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:32:58 honeypot-ams-1 sshd[4411]: Received disconnect from 167.172.152.18 port 40106:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:32:59.694Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 17:33:55 honeypot-ams-1 kernel: [83621422.740329] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.154 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=54033 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:33:56.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:35:00 honeypot-ams-1 sshd[4437]: Disconnected from authenticating user root 167.172.152.18 port 46116 [preauth]","@timestamp":"2022-09-09T17:35:01.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:36:10 honeypot-ams-1 sshd[4445]: Disconnected from authenticating user root 167.172.152.18 port 55246 [preauth]","@timestamp":"2022-09-09T17:36:10.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:36:57 honeypot-ams-1 sshd[4450]: Disconnected from invalid user git 167.172.152.18 port 51886 [preauth]","@timestamp":"2022-09-09T17:36:57.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:37:44 honeypot-ams-1 sshd[4454]: Disconnected from invalid user oracle 167.172.152.18 port 48698 [preauth]","@timestamp":"2022-09-09T17:37:44.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:38:31 honeypot-ams-1 sshd[4458]: Received disconnect from 167.172.152.18 port 45596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:38:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:39:17 honeypot-ams-1 sshd[4462]: Received disconnect from 167.172.152.18 port 42130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:39:17.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:40:03 honeypot-ams-1 sshd[4466]: Received disconnect from 167.172.152.18 port 38834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:40:03.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:40:49 honeypot-ams-1 sshd[4474]: Received disconnect from 167.172.152.18 port 35664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:40:49.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:41:36 honeypot-ams-1 sshd[4479]: Received disconnect from 167.172.152.18 port 60488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:41:36.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:42:00 honeypot-ams-1 sshd[4483]: Disconnected from invalid user ftpadmin 167.172.152.18 port 44968 [preauth]","@timestamp":"2022-09-09T17:42:00.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:42:46 honeypot-ams-1 sshd[4489]: Invalid user svn from 167.172.152.18 port 41468","@timestamp":"2022-09-09T17:42:47.980Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:43:33 honeypot-ams-1 sshd[4493]: Invalid user www from 167.172.152.18 port 38146","@timestamp":"2022-09-09T17:43:34.001Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:44:21 honeypot-ams-1 sshd[4497]: Invalid user db2inst1 from 167.172.152.18 port 34870","@timestamp":"2022-09-09T17:44:22.025Z"}
{"@timestamp":"2022-09-09T17:44:45.777Z","@version":"1","message":"Sep  9 17:44:45 honeypot-sgp-1 sshd[1107]: Disconnected from authenticating user root 213.108.241.222 port 43948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:48:21 honeypot-ams-1 sshd[4502]: Received disconnect from 61.177.173.36 port 25977:11:  [preauth]","@timestamp":"2022-09-09T17:48:22.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:29 honeypot-fra-1 sshd[27414]: Received disconnect from 141.255.162.226 port 34500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:49:30.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:30 honeypot-fra-1 sshd[27418]: Received disconnect from 141.255.162.226 port 50568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:49:31.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:35 honeypot-fra-1 sshd[27422]: Received disconnect from 141.255.162.226 port 58608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:49:36.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:38 honeypot-fra-1 sshd[27426]: Received disconnect from 141.255.162.226 port 54498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:49:39.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:52:53 honeypot-fra-1 kernel: [83620409.289154] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.255.242.209 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=48156 DF PROTO=TCP SPT=19226 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:52:53.479Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 17:55:24 honeypot-ams-1 kernel: [83622711.628718] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.200 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49461 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-09T17:55:25.313Z"}
{"@timestamp":"2022-09-09T18:00:50.164Z","@version":"1","message":"Sep  9 18:00:49 honeypot-sgp-1 kernel: [83622564.750211] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.115.49.158 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=65094 PROTO=TCP SPT=46378 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:01:28 honeypot-fra-1 kernel: [83620924.702416] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.115.49.158 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8436 PROTO=TCP SPT=46378 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:01:29.668Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:02:12 honeypot-ams-1 sshd[4510]: Disconnected from authenticating user root 61.177.172.124 port 11944 [preauth]","@timestamp":"2022-09-09T18:02:12.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:04:17 honeypot-ams-1 sshd[4518]: Disconnected from authenticating user root 20.198.178.75 port 33768 [preauth]","@timestamp":"2022-09-09T18:04:17.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:05:03 honeypot-fra-1 kernel: [83621139.044043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40632 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:05:03.765Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:05:35 honeypot-fra-1 sshd[27440]: Invalid user user from 45.61.184.204 port 38268","@timestamp":"2022-09-09T18:05:35.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:05:55 honeypot-fra-1 sshd[27444]: Invalid user user from 45.61.184.204 port 33140","@timestamp":"2022-09-09T18:05:55.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:06:12 honeypot-fra-1 sshd[27448]: Invalid user user from 45.61.184.204 port 56248","@timestamp":"2022-09-09T18:06:12.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:07:41 honeypot-fra-1 kernel: [83621297.131370] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=53574 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:07:41.829Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T18:07:59.341Z","@version":"1","message":"Sep  9 18:07:58 honeypot-sgp-1 sshd[1116]: Received disconnect from 43.129.222.252 port 53716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:08:22 honeypot-ams-1 kernel: [83623489.152110] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37643 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:08:22.656Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:09:51 honeypot-fra-1 sshd[27455]: Connection closed by invalid user admin 193.106.191.157 port 58128 [preauth]","@timestamp":"2022-09-09T18:09:51.883Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T18:12:29.450Z","@version":"1","message":"Sep  9 18:12:29 honeypot-sgp-1 kernel: [83623264.821426] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.153.33.197 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=57719 DF PROTO=TCP SPT=26875 DPT=80 WINDOW=32120 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:13:12 honeypot-ams-1 sshd[4527]: Disconnected from authenticating user root 80.76.51.44 port 49752 [preauth]","@timestamp":"2022-09-09T18:13:12.783Z"}
{"@timestamp":"2022-09-09T18:13:39.480Z","@version":"1","message":"Sep  9 18:13:39 honeypot-sgp-1 sshd[1121]: Disconnected from invalid user dietrich 221.193.248.166 port 53092 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:13:45 honeypot-ams-1 sshd[4531]: Disconnected from invalid user test 80.76.51.44 port 46330 [preauth]","@timestamp":"2022-09-09T18:13:45.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:14:16 honeypot-ams-1 sshd[4537]: Disconnected from authenticating user root 80.76.51.44 port 42688 [preauth]","@timestamp":"2022-09-09T18:14:16.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:14:46 honeypot-ams-1 sshd[4543]: Received disconnect from 80.76.51.44 port 39154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:14:46.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:15:30 honeypot-ams-1 sshd[4549]: Received disconnect from 80.76.51.44 port 48096:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:15:30.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:16:01 honeypot-ams-1 sshd[4553]: Disconnected from invalid user user 80.76.51.44 port 44370 [preauth]","@timestamp":"2022-09-09T18:16:01.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:17:01 honeypot-ams-1 CRON[4559]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T18:17:01.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:19:33 honeypot-ams-1 sshd[4565]: Received disconnect from 61.177.173.37 port 59337:11:  [preauth]","@timestamp":"2022-09-09T18:19:33.966Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:22:07 honeypot-fra-1 sshd[27465]: Received disconnect from 164.90.149.69 port 46696:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:22:08.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T18:22:16.682Z","@version":"1","message":"Sep  9 18:22:15 honeypot-sgp-1 kernel: [83623851.405373] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.95 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51835 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:26:52 honeypot-fra-1 kernel: [83622448.133125] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.242.16 DST=165.22.82.222 LEN=40 TOS=0x08 PREC=0x00 TTL=45 ID=19709 DF PROTO=TCP SPT=29812 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:26:52.255Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:31:15 honeypot-fra-1 kernel: [83622711.324304] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=12028 PROTO=TCP SPT=49374 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:31:16.356Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:33:49 honeypot-fra-1 kernel: [83622865.021380] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34839 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:33:49.415Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:33:54 honeypot-ams-1 kernel: [83625021.692206] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=12477 PROTO=TCP SPT=48006 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:33:55.334Z"}
{"@timestamp":"2022-09-09T18:35:38.002Z","@version":"1","message":"Sep  9 18:35:37 honeypot-sgp-1 sshd[1136]: Received disconnect from 92.255.85.70 port 57682:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:35:38 honeypot-ams-1 sshd[4579]: Received disconnect from 61.177.173.50 port 64010:11:  [preauth]","@timestamp":"2022-09-09T18:35:39.382Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:36:02 honeypot-fra-1 sshd[27483]: Invalid user ewald from 103.57.142.108 port 40760","@timestamp":"2022-09-09T18:36:02.467Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:36:12 honeypot-ams-1 sshd[4585]: Received disconnect from 109.206.241.219 port 58522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:36:12.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:36:15 honeypot-fra-1 sshd[27487]: Received disconnect from 92.255.85.69 port 51520:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:36:15.474Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:36:45 honeypot-ams-1 sshd[4591]: Received disconnect from 109.206.241.219 port 54344:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:36:45.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:38:15 honeypot-fra-1 sshd[27491]: Disconnected from invalid user web 178.128.41.141 port 60406 [preauth]","@timestamp":"2022-09-09T18:38:15.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:39:25 honeypot-ams-1 sshd[4598]: Received disconnect from 92.255.85.70 port 20346:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:39:25.486Z"}
{"@timestamp":"2022-09-09T18:51:19.377Z","@version":"1","message":"Sep  9 18:51:19 honeypot-sgp-1 kernel: [83625594.737221] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.161.47.13 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=40378 PROTO=TCP SPT=48852 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:52:33 honeypot-fra-1 kernel: [83623989.357027] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.161.47.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24549 PROTO=TCP SPT=48852 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:52:33.851Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:55:40 honeypot-ams-1 kernel: [83626327.469245] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=15115 PROTO=TCP SPT=49509 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:55:40.929Z"}
{"@timestamp":"2022-09-09T18:55:56.489Z","@version":"1","message":"Sep  9 18:55:55 honeypot-sgp-1 kernel: [83625871.059526] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42385 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:12 honeypot-fra-1 sshd[27512]: Received disconnect from 43.154.123.160 port 33524:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:59:12.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:34 honeypot-fra-1 sshd[27518]: Protocol major versions differ for 104.156.155.28 port 29004: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-NmapNSE_1.0","@timestamp":"2022-09-09T18:59:35.008Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:36 honeypot-fra-1 sshd[27521]: Connection closed by 104.156.155.28 port 10811 [preauth]","@timestamp":"2022-09-09T18:59:37.009Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:47 honeypot-fra-1 kernel: [83624423.621350] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.230.103.246 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=48943 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:59:48.014Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:03:28 honeypot-fra-1 sshd[27541]: Connection closed by invalid user admin 114.35.42.13 port 47178 [preauth]","@timestamp":"2022-09-09T19:03:29.095Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:03:37 honeypot-ams-1 sshd[4620]: Disconnected from authenticating user root 92.255.85.69 port 53720 [preauth]","@timestamp":"2022-09-09T19:03:38.136Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:06:23 honeypot-ams-1 sshd[4626]: Disconnecting invalid user admin 114.35.235.34 port 39805: Too many authentication failures [preauth]","@timestamp":"2022-09-09T19:06:23.211Z"}
{"@timestamp":"2022-09-09T19:08:06.775Z","@version":"1","message":"Sep  9 19:08:06 honeypot-sgp-1 sshd[1149]: Invalid user admin from 183.107.114.23 port 35592","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T19:09:55.820Z","@version":"1","message":"Sep  9 19:09:54 honeypot-sgp-1 sshd[1153]: Received disconnect from 8.38.172.89 port 37018:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:12:54 honeypot-ams-1 sshd[4632]: Disconnected from authenticating user root 80.76.51.44 port 45628 [preauth]","@timestamp":"2022-09-09T19:12:54.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:13:29 honeypot-ams-1 sshd[4638]: Invalid user test from 80.76.51.44 port 43458","@timestamp":"2022-09-09T19:13:30.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:14:02 honeypot-ams-1 sshd[4642]: Received disconnect from 80.76.51.44 port 41236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:14:02.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:14:48 honeypot-ams-1 sshd[4648]: Received disconnect from 80.76.51.44 port 51968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:14:48.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:32 honeypot-ams-1 sshd[4654]: Did not receive identification string from 141.255.162.226 port 51656","@timestamp":"2022-09-09T19:15:32.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:52 honeypot-ams-1 sshd[4659]: Invalid user user from 141.255.162.226 port 51756","@timestamp":"2022-09-09T19:15:53.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:56 honeypot-ams-1 sshd[4663]: Invalid user user from 141.255.162.226 port 59418","@timestamp":"2022-09-09T19:15:56.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:59 honeypot-ams-1 sshd[4667]: Invalid user user from 141.255.162.226 port 46502","@timestamp":"2022-09-09T19:15:59.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:16:01 honeypot-ams-1 sshd[4671]: Invalid user user from 141.255.162.226 port 54164","@timestamp":"2022-09-09T19:16:02.477Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:17:01 honeypot-ams-1 CRON[4675]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T19:17:01.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:17:01 honeypot-fra-1 CRON[27549]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T19:17:01.405Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T19:18:22.032Z","@version":"1","message":"Sep  9 19:18:21 honeypot-sgp-1 sshd[1159]: Disconnected from authenticating user root 92.255.85.69 port 52716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 19:24:33 honeypot-ams-1 kernel: [83628059.886991] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=39395 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:24:33.696Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:41 honeypot-ams-1 sshd[4689]: Invalid user user from 141.255.162.226 port 52556","@timestamp":"2022-09-09T19:24:41.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:44 honeypot-ams-1 sshd[4693]: Invalid user user from 141.255.162.226 port 46874","@timestamp":"2022-09-09T19:24:45.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:46 honeypot-ams-1 sshd[4697]: Invalid user user from 141.255.162.226 port 54402","@timestamp":"2022-09-09T19:24:47.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:26:02 honeypot-ams-1 sshd[4701]: Received disconnect from 61.177.173.39 port 28761:11:  [preauth]","@timestamp":"2022-09-09T19:26:02.738Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:30:12 honeypot-fra-1 sshd[27555]: Connection closed by invalid user pat 141.98.10.158 port 39938 [preauth]","@timestamp":"2022-09-09T19:30:13.709Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:34:50 honeypot-ams-1 sshd[4708]: Disconnected from authenticating user root 61.177.173.36 port 23465 [preauth]","@timestamp":"2022-09-09T19:34:50.966Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:38:42 honeypot-fra-1 kernel: [83626758.148373] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=51845 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:38:42.918Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 19:40:05 honeypot-ams-1 kernel: [83628991.883522] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=6921 PROTO=TCP SPT=63614 DPT=80 WINDOW=45118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:40:05.104Z"}
{"@timestamp":"2022-09-09T19:41:59.588Z","@version":"1","message":"Sep  9 19:41:59 honeypot-sgp-1 sshd[1165]: Disconnected from authenticating user root 92.255.85.70 port 23920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:43:03 honeypot-fra-1 kernel: [83627019.591112] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=30935 PROTO=TCP SPT=44702 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:43:04.014Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:45:24 honeypot-fra-1 sshd[27569]: Disconnected from authenticating user root 92.255.85.70 port 20258 [preauth]","@timestamp":"2022-09-09T19:45:25.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:50:36 honeypot-fra-1 sshd[27575]: Disconnected from invalid user orange 159.89.205.198 port 53556 [preauth]","@timestamp":"2022-09-09T19:50:37.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:55:00 honeypot-ams-1 sshd[4724]: Received disconnect from 61.177.172.104 port 17686:11:  [preauth]","@timestamp":"2022-09-09T19:55:00.485Z"}
{"@timestamp":"2022-09-09T19:55:35.904Z","@version":"1","message":"Sep  9 19:55:35 honeypot-sgp-1 kernel: [83629450.792111] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=238 ID=11809 PROTO=TCP SPT=13853 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:05:20 honeypot-ams-1 sshd[4735]: Received disconnect from 61.177.172.19 port 63430:11:  [preauth]","@timestamp":"2022-09-09T20:05:20.744Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:08:52 honeypot-fra-1 kernel: [83628568.254814] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=197.246.225.79 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=11530 PROTO=TCP SPT=48424 DPT=80 WINDOW=42291 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:08:53.562Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:09:40 honeypot-ams-1 sshd[4743]: Disconnected from authenticating user root 92.255.85.70 port 51836 [preauth]","@timestamp":"2022-09-09T20:09:40.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:12:13 honeypot-ams-1 sshd[4747]: Disconnected from invalid user flower 178.62.81.147 port 34811 [preauth]","@timestamp":"2022-09-09T20:12:14.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:14:00 honeypot-ams-1 sshd[4751]: Received disconnect from 137.184.225.163 port 39216:11: Bye Bye [preauth]","@timestamp":"2022-09-09T20:14:00.973Z"}
{"@timestamp":"2022-09-09T20:15:49.377Z","@version":"1","message":"Sep  9 20:15:48 honeypot-sgp-1 kernel: [83630664.334983] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9087 PROTO=TCP SPT=54465 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:17:01 honeypot-fra-1 CRON[27591]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T20:17:01.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:17:11 honeypot-ams-1 sshd[4760]: Disconnected from authenticating user root 193.142.146.50 port 55346 [preauth]","@timestamp":"2022-09-09T20:17:12.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:17:53 honeypot-ams-1 sshd[4766]: Disconnected from authenticating user root 193.142.146.50 port 54976 [preauth]","@timestamp":"2022-09-09T20:17:54.082Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:19:17 honeypot-ams-1 sshd[4772]: Disconnected from authenticating user root 193.142.146.50 port 45064 [preauth]","@timestamp":"2022-09-09T20:19:18.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:19:43 honeypot-ams-1 sshd[4776]: Disconnected from invalid user user 193.142.146.50 port 54228 [preauth]","@timestamp":"2022-09-09T20:19:44.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:22:22 honeypot-ams-1 sshd[4784]: Invalid user admin from 80.76.51.189 port 47072","@timestamp":"2022-09-09T20:22:22.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:24:10 honeypot-ams-1 sshd[4788]: Received disconnect from 80.76.51.189 port 51704:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:24:11.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:25:13 honeypot-ams-1 sshd[4792]: Disconnected from authenticating user root 80.76.51.189 port 54020 [preauth]","@timestamp":"2022-09-09T20:25:13.283Z"}
{"@timestamp":"2022-09-09T20:25:28.600Z","@version":"1","message":"Sep  9 20:25:28 honeypot-sgp-1 sshd[1201]: Invalid user Admin from 207.42.135.98 port 33192","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:26:17 honeypot-ams-1 sshd[4796]: Received disconnect from 61.177.173.50 port 53799:11:  [preauth]","@timestamp":"2022-09-09T20:26:18.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:27:15 honeypot-ams-1 sshd[4803]: Disconnected from authenticating user root 80.76.51.189 port 58648 [preauth]","@timestamp":"2022-09-09T20:27:16.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:29:46 honeypot-ams-1 sshd[4809]: Disconnected from authenticating user root 80.76.51.189 port 37358 [preauth]","@timestamp":"2022-09-09T20:29:47.407Z"}
{"@timestamp":"2022-09-09T20:30:34.723Z","@version":"1","message":"Sep  9 20:30:33 honeypot-sgp-1 kernel: [83631549.349485] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=17765 PROTO=TCP SPT=55403 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:31:36 honeypot-ams-1 sshd[4813]: Received disconnect from 80.76.51.189 port 41990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:31:37.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:32:40 honeypot-ams-1 sshd[4820]: Invalid user git from 80.76.51.189 port 44306","@timestamp":"2022-09-09T20:32:41.488Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:34:13 honeypot-ams-1 kernel: [83632240.341570] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=23083 PROTO=TCP SPT=21233 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:34:13.529Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:36:58 honeypot-fra-1 sshd[27598]: Did not receive identification string from 45.61.187.160 port 52054","@timestamp":"2022-09-09T20:36:59.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:37:48 honeypot-fra-1 sshd[27601]: Disconnected from invalid user user 45.61.187.160 port 39182 [preauth]","@timestamp":"2022-09-09T20:37:49.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:38:08 honeypot-fra-1 sshd[27605]: Disconnected from invalid user user 45.61.187.160 port 34536 [preauth]","@timestamp":"2022-09-09T20:38:09.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:38:29 honeypot-fra-1 sshd[27609]: Disconnected from invalid user user 45.61.187.160 port 58140 [preauth]","@timestamp":"2022-09-09T20:38:30.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:41:18 honeypot-fra-1 sshd[27613]: Disconnected from invalid user jussi 165.22.45.108 port 44018 [preauth]","@timestamp":"2022-09-09T20:41:19.323Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:42:42 honeypot-ams-1 kernel: [83632749.713828] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.18.18.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=59664 PROTO=TCP SPT=40850 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:42:43.751Z"}
{"@timestamp":"2022-09-09T20:44:05.036Z","@version":"1","message":"Sep  9 20:44:04 honeypot-sgp-1 kernel: [83632360.209077] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.100 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=43409 PROTO=TCP SPT=39222 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:46:02 honeypot-ams-1 sshd[4834]: Received disconnect from 61.177.173.36 port 10244:11:  [preauth]","@timestamp":"2022-09-09T20:46:02.842Z"}
{"@timestamp":"2022-09-09T20:50:45.191Z","@version":"1","message":"Sep  9 20:50:44 honeypot-sgp-1 sshd[1215]: Invalid user pi from 183.133.33.111 port 51990","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:53:09 honeypot-ams-1 kernel: [83633376.513612] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=717 PROTO=TCP SPT=58709 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:53:10.026Z"}
{"@timestamp":"2022-09-09T20:55:19.316Z","@version":"1","message":"Sep  9 20:55:19 honeypot-sgp-1 kernel: [83633034.553753] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.157 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20922 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:58:28 honeypot-ams-1 sshd[4844]: Did not receive identification string from 198.98.61.9 port 46870","@timestamp":"2022-09-09T20:58:28.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:58:41 honeypot-ams-1 sshd[4847]: Received disconnect from 198.98.61.9 port 33864:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:58:41.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:58:59 honeypot-ams-1 sshd[4851]: Received disconnect from 198.98.61.9 port 56776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:59:00.182Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:14 honeypot-fra-1 sshd[27621]: Received disconnect from 45.61.186.169 port 50594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:59:15.718Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:59:15 honeypot-ams-1 sshd[4855]: Received disconnect from 198.98.61.9 port 51474:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:59:16.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:32 honeypot-fra-1 sshd[27625]: Received disconnect from 45.61.186.169 port 45318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:59:33.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:49 honeypot-fra-1 sshd[27629]: Invalid user user from 45.61.186.169 port 40026","@timestamp":"2022-09-09T20:59:49.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:00:05 honeypot-fra-1 sshd[27633]: Invalid user user from 45.61.186.169 port 34752","@timestamp":"2022-09-09T21:00:05.742Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:04:07 honeypot-ams-1 sshd[4862]: Disconnected from authenticating user root 61.177.172.114 port 37804 [preauth]","@timestamp":"2022-09-09T21:04:08.316Z"}
{"@timestamp":"2022-09-09T21:04:57.538Z","@version":"1","message":"Sep  9 21:04:57 honeypot-sgp-1 kernel: [83633612.596465] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.166.147 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=3874 DF PROTO=TCP SPT=36078 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:05:22 honeypot-fra-1 sshd[27643]: Invalid user oracle from 27.150.190.96 port 37018","@timestamp":"2022-09-09T21:05:22.860Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T21:09:44.647Z","@version":"1","message":"Sep  9 21:09:44 honeypot-sgp-1 sshd[1226]: Disconnected from invalid user nella 137.184.96.200 port 43104 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:12:44 honeypot-fra-1 sshd[27650]: Invalid user justin from 165.22.45.108 port 49060","@timestamp":"2022-09-09T21:12:45.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:14:24 honeypot-fra-1 sshd[27654]: Received disconnect from 157.245.122.58 port 37558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:14:25.063Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:15:10 honeypot-ams-1 sshd[4871]: Received disconnect from 61.177.173.53 port 34815:11:  [preauth]","@timestamp":"2022-09-09T21:15:10.599Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:15:30 honeypot-fra-1 kernel: [83632565.756112] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=42150 PROTO=TCP SPT=50209 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:15:31.089Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:16:43 honeypot-fra-1 sshd[27660]: Received disconnect from 157.245.122.58 port 36384:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:16:43.119Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T21:17:00.817Z","@version":"1","message":"Sep  9 21:17:00 honeypot-sgp-1 sshd[1232]: Invalid user bart from 143.110.185.3 port 41988","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:17:21 honeypot-ams-1 sshd[4877]: Invalid user pi from 77.185.148.98 port 45832","@timestamp":"2022-09-09T21:17:21.656Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:17:42 honeypot-fra-1 sshd[27665]: Disconnected from invalid user data.user 157.245.122.58 port 49922 [preauth]","@timestamp":"2022-09-09T21:17:43.142Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:18:22 honeypot-ams-1 kernel: [83634889.672056] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.55 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=35523 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:18:23.685Z"}
{"@timestamp":"2022-09-09T21:19:38.878Z","@version":"1","message":"Sep  9 21:19:38 honeypot-sgp-1 sshd[1237]: Received disconnect from 200.85.60.130 port 34326:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:19:39 honeypot-fra-1 sshd[27670]: Disconnected from invalid user jonitiso 157.245.122.58 port 48746 [preauth]","@timestamp":"2022-09-09T21:19:40.185Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T21:20:54.910Z","@version":"1","message":"Sep  9 21:20:54 honeypot-sgp-1 sshd[1241]: Invalid user marco from 221.0.94.20 port 53993","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T21:26:43.044Z","@version":"1","message":"Sep  9 21:26:42 honeypot-sgp-1 kernel: [83634917.791438] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=202.95.1.25 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=42493 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:34:44 honeypot-fra-1 kernel: [83633719.892634] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5913 PROTO=TCP SPT=15104 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:34:44.512Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:35:00 honeypot-ams-1 sshd[4889]: Received disconnect from 61.177.173.53 port 45814:11:  [preauth]","@timestamp":"2022-09-09T21:35:01.108Z"}
{"@timestamp":"2022-09-09T21:38:55.325Z","@version":"1","message":"Sep  9 21:38:54 honeypot-sgp-1 sshd[1251]: Received disconnect from 157.245.9.6 port 41050:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:40:23 honeypot-ams-1 sshd[4894]: Invalid user oracle from 92.255.85.69 port 17958","@timestamp":"2022-09-09T21:40:23.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:41:25 honeypot-ams-1 sshd[4896]: Disconnected from authenticating user root 61.177.173.36 port 55291 [preauth]","@timestamp":"2022-09-09T21:41:26.291Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:43:41 honeypot-fra-1 kernel: [83634256.947416] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.120.122.29 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=35117 DF PROTO=TCP SPT=64339 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:43:41.727Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:47:04 honeypot-ams-1 kernel: [83636610.845412] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=4957 PROTO=TCP SPT=56287 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:47:04.434Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:47:06 honeypot-fra-1 sshd[27681]: Connection closed by invalid user maowei 137.116.144.39 port 54150 [preauth]","@timestamp":"2022-09-09T21:47:06.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:48:53 honeypot-fra-1 kernel: [83634569.236943] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.131 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=22211 PROTO=TCP SPT=52831 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:48:53.847Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:49:52 honeypot-ams-1 sshd[4908]: Invalid user admin from 80.76.51.189 port 40784","@timestamp":"2022-09-09T21:49:52.508Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:50:59 honeypot-ams-1 sshd[4915]: Received disconnect from 80.76.51.189 port 44918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:50:59.538Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:52:43 honeypot-ams-1 sshd[4921]: Received disconnect from 80.76.51.189 port 36982:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:52:43.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:54:35 honeypot-ams-1 sshd[4927]: Received disconnect from 80.76.51.189 port 57268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:54:35.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:55:21 honeypot-ams-1 sshd[4935]: Received disconnect from 61.177.173.48 port 54519:11:  [preauth]","@timestamp":"2022-09-09T21:55:21.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:56:21 honeypot-ams-1 sshd[4940]: Received disconnect from 157.245.122.58 port 37048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:56:21.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:57:25 honeypot-ams-1 sshd[4944]: Received disconnect from 157.245.122.58 port 50578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:57:25.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:59:06 honeypot-fra-1 sshd[27691]: Disconnected from invalid user oracle 92.255.85.70 port 42432 [preauth]","@timestamp":"2022-09-09T21:59:07.092Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:59:11 honeypot-ams-1 kernel: [83637338.472722] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.91.47.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=52064 PROTO=TCP SPT=64366 DPT=80 WINDOW=48622 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:59:11.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:00:27 honeypot-ams-1 sshd[4953]: Invalid user jonitwiso from 157.245.122.58 port 34742","@timestamp":"2022-09-09T22:00:27.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:02:23 honeypot-ams-1 sshd[4958]: Invalid user cypress from 157.245.122.58 port 33546","@timestamp":"2022-09-09T22:02:23.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:02:50 honeypot-ams-1 sshd[4962]: Received disconnect from 3.108.66.72 port 38454:11: Bye Bye [preauth]","@timestamp":"2022-09-09T22:02:50.863Z"}
{"@timestamp":"2022-09-09T22:05:48.935Z","@version":"1","message":"Sep  9 22:05:48 honeypot-sgp-1 kernel: [83637263.646907] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=7848 PROTO=TCP SPT=19676 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 22:09:37 honeypot-ams-1 kernel: [83637964.728481] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.106.191.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=54321 PROTO=TCP SPT=57401 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:09:38.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:10:46 honeypot-ams-1 sshd[4970]: Disconnected from invalid user admin 80.76.51.189 port 50156 [preauth]","@timestamp":"2022-09-09T22:10:47.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:12:25 honeypot-ams-1 sshd[4976]: Invalid user user1 from 103.188.176.251 port 58928","@timestamp":"2022-09-09T22:12:26.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:13:47 honeypot-ams-1 sshd[4983]: Received disconnect from 80.76.51.189 port 47086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T22:13:47.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:14:25 honeypot-ams-1 sshd[4987]: Disconnected from authenticating user root 80.76.51.189 port 35178 [preauth]","@timestamp":"2022-09-09T22:14:26.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:16:20 honeypot-ams-1 sshd[4994]: Disconnected from authenticating user root 80.76.51.189 port 55924 [preauth]","@timestamp":"2022-09-09T22:16:21.225Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:16:24 honeypot-fra-1 sshd[27699]: Received disconnect from 165.22.45.108 port 59160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T22:16:25.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:16:48 honeypot-fra-1 sshd[27703]: Disconnected from invalid user heidi 164.92.87.79 port 43178 [preauth]","@timestamp":"2022-09-09T22:16:48.477Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:17:01 honeypot-ams-1 CRON[4998]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T22:17:02.246Z"}
{"@timestamp":"2022-09-09T22:18:39.235Z","@version":"1","message":"Sep  9 22:18:38 honeypot-sgp-1 sshd[1261]: Disconnected from authenticating user root 92.255.85.70 port 48010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27717]: Invalid user ubuntu from 162.19.25.213 port 41954","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27713]: Invalid user test from 162.19.25.213 port 41926","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27724]: Connection closed by invalid user web 162.19.25.213 port 41938 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27720]: Connection closed by invalid user kibana 162.19.25.213 port 41956 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27725]: Invalid user ms from 162.19.25.213 port 41944","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27725]: Connection closed by invalid user ms 162.19.25.213 port 41944 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27733]: Invalid user deploy from 162.19.25.213 port 41960","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27735]: Invalid user user from 162.19.25.213 port 41994","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27737]: Connection closed by invalid user test 162.19.25.213 port 41998 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:35 honeypot-fra-1 sshd[27768]: Invalid user oracle from 162.19.25.213 port 42000","@timestamp":"2022-09-09T22:19:36.563Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 22:22:30 honeypot-ams-1 kernel: [83638736.983983] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36273 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:22:30.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:23:06 honeypot-fra-1 kernel: [83636622.297822] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=23909 PROTO=TCP SPT=57571 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:23:07.639Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:25:13 honeypot-ams-1 sshd[5011]: Disconnected from authenticating user root 61.177.173.53 port 32942 [preauth]","@timestamp":"2022-09-09T22:25:13.458Z"}
{"@timestamp":"2022-09-09T22:36:47.657Z","@version":"1","message":"Sep  9 22:36:47 honeypot-sgp-1 sshd[1266]: Disconnected from authenticating user root 51.250.82.130 port 47526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:38:58 honeypot-ams-1 sshd[5022]: Received disconnect from 47.45.227.119 port 45884:11: Bye Bye [preauth]","@timestamp":"2022-09-09T22:38:58.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:40:33 honeypot-ams-1 sshd[5026]: Disconnected from authenticating user root 34.93.196.224 port 55096 [preauth]","@timestamp":"2022-09-09T22:40:33.850Z"}
{"@timestamp":"2022-09-09T22:41:02.761Z","@version":"1","message":"Sep  9 22:41:02 honeypot-sgp-1 sshd[1274]: Invalid user danislav from 58.144.251.22 port 60816","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T22:43:19.820Z","@version":"1","message":"Sep  9 22:43:19 honeypot-sgp-1 sshd[1280]: Invalid user user from 45.61.186.49 port 57934","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T22:43:25.823Z","@version":"1","message":"Sep  9 22:43:25 honeypot-sgp-1 sshd[1282]: Disconnected from invalid user user 45.61.186.49 port 35532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:43:28 honeypot-ams-1 sshd[5033]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-09T22:43:29.928Z"}
{"@timestamp":"2022-09-09T22:43:36.829Z","@version":"1","message":"Sep  9 22:43:35 honeypot-sgp-1 sshd[1286]: Disconnected from invalid user user 45.61.186.49 port 47274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:45:34 honeypot-ams-1 sshd[5037]: Disconnected from authenticating user root 61.177.173.47 port 48553 [preauth]","@timestamp":"2022-09-09T22:45:34.986Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:46:12 honeypot-fra-1 sshd[27779]: Invalid user ftpuser from 141.98.10.158 port 51008","@timestamp":"2022-09-09T22:46:13.127Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 22:49:42 honeypot-ams-1 kernel: [83640368.820341] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.209.46 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18812 PROTO=TCP SPT=38440 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:49:42.094Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:51:14 honeypot-ams-1 sshd[5048]: Disconnected from authenticating user root 61.177.173.37 port 47455 [preauth]","@timestamp":"2022-09-09T22:51:15.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:54:21 honeypot-fra-1 sshd[27784]: Disconnected from authenticating user root 143.198.165.162 port 60548 [preauth]","@timestamp":"2022-09-09T22:54:22.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:00:31 honeypot-fra-1 sshd[27789]: Received disconnect from 23.224.121.241 port 36150:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:00:32.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:01:46 honeypot-ams-1 sshd[5055]: Disconnected from authenticating user root 61.177.173.52 port 49620 [preauth]","@timestamp":"2022-09-09T23:01:47.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:01 honeypot-ams-1 sshd[5061]: Received disconnect from 92.4.128.152 port 46798:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:01.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:02 honeypot-ams-1 sshd[5067]: Received disconnect from 92.4.128.152 port 46818:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:02.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:02 honeypot-ams-1 sshd[5073]: Received disconnect from 92.4.128.152 port 46858:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:03.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:03 honeypot-ams-1 sshd[5079]: Received disconnect from 92.4.128.152 port 46888:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:03.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:04 honeypot-ams-1 sshd[5085]: Received disconnect from 92.4.128.152 port 46958:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:04.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:04 honeypot-ams-1 sshd[5091]: Received disconnect from 92.4.128.152 port 46988:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:05.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:05 honeypot-ams-1 sshd[5097]: Received disconnect from 92.4.128.152 port 47014:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:05.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:06 honeypot-ams-1 sshd[5103]: Received disconnect from 92.4.128.152 port 47030:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:06.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:06 honeypot-ams-1 sshd[5109]: Received disconnect from 92.4.128.152 port 47048:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:07.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:07 honeypot-ams-1 sshd[5115]: Received disconnect from 92.4.128.152 port 47074:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:08.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:08 honeypot-ams-1 sshd[5121]: Received disconnect from 92.4.128.152 port 47088:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:08.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:08 honeypot-ams-1 sshd[5127]: Received disconnect from 92.4.128.152 port 47104:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:09.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:09 honeypot-ams-1 sshd[5131]: Received disconnect from 92.4.128.152 port 47118:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:09.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:09 honeypot-ams-1 sshd[5135]: Received disconnect from 92.4.128.152 port 47130:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:10.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:10 honeypot-ams-1 sshd[5139]: Received disconnect from 92.4.128.152 port 47140:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:10.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:10 honeypot-ams-1 sshd[5143]: Received disconnect from 92.4.128.152 port 47144:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:11.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:11 honeypot-ams-1 sshd[5147]: Received disconnect from 92.4.128.152 port 47330:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:11.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:11 honeypot-ams-1 sshd[5151]: Disconnected from authenticating user root 92.4.128.152 port 47476 [preauth]","@timestamp":"2022-09-09T23:02:11.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:12 honeypot-ams-1 sshd[5158]: Invalid user pi from 92.4.128.152 port 47498","@timestamp":"2022-09-09T23:02:12.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:12 honeypot-ams-1 sshd[5162]: Invalid user ethos from 92.4.128.152 port 47520","@timestamp":"2022-09-09T23:02:13.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:12 honeypot-ams-1 sshd[5166]: Invalid user miner from 92.4.128.152 port 47538","@timestamp":"2022-09-09T23:02:13.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:13 honeypot-ams-1 sshd[5170]: Invalid user volumio from 92.4.128.152 port 47558","@timestamp":"2022-09-09T23:02:13.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:13 honeypot-ams-1 sshd[5174]: Invalid user nagios from 92.4.128.152 port 47568","@timestamp":"2022-09-09T23:02:14.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:14 honeypot-ams-1 sshd[5178]: Invalid user vagrant from 92.4.128.152 port 47614","@timestamp":"2022-09-09T23:02:14.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:15 honeypot-ams-1 sshd[5182]: Invalid user debian from 92.4.128.152 port 47618","@timestamp":"2022-09-09T23:02:16.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:16 honeypot-ams-1 sshd[5186]: Invalid user debian from 92.4.128.152 port 47652","@timestamp":"2022-09-09T23:02:16.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:16 honeypot-ams-1 sshd[5190]: Invalid user alarm from 92.4.128.152 port 47662","@timestamp":"2022-09-09T23:02:17.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:17 honeypot-ams-1 sshd[5194]: Invalid user test from 92.4.128.152 port 47678","@timestamp":"2022-09-09T23:02:17.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:17 honeypot-ams-1 sshd[5198]: Invalid user cirros from 92.4.128.152 port 47686","@timestamp":"2022-09-09T23:02:18.429Z"}
{"@timestamp":"2022-09-09T23:05:09.339Z","@version":"1","message":"Sep  9 23:05:09 honeypot-sgp-1 sshd[1291]: Received disconnect from 92.255.85.69 port 44758:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:07:20 honeypot-fra-1 sshd[27794]: Received disconnect from 92.255.85.70 port 37092:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:07:21.607Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:08:23 honeypot-ams-1 sshd[5204]: Received disconnect from 193.142.146.50 port 45826:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:08:23.586Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 23:09:11 honeypot-ams-1 kernel: [83641538.675649] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.175 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=51083 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:09:12.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:09:57 honeypot-ams-1 sshd[5218]: Disconnected from authenticating user root 193.142.146.50 port 56100 [preauth]","@timestamp":"2022-09-09T23:09:57.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:10:20 honeypot-ams-1 sshd[5222]: Disconnected from authenticating user root 193.142.146.50 port 56568 [preauth]","@timestamp":"2022-09-09T23:10:21.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:13:00 honeypot-ams-1 sshd[5229]: Received disconnect from 61.177.173.48 port 56241:11:  [preauth]","@timestamp":"2022-09-09T23:13:01.716Z"}
{"@timestamp":"2022-09-09T23:14:38.564Z","@version":"1","message":"Sep  9 23:14:38 honeypot-sgp-1 kernel: [83641393.755528] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.38.93.168 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=11813 PROTO=TCP SPT=50776 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:01 honeypot-fra-1 CRON[27799]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T23:17:01.835Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27810]: Invalid user ubuntu from 43.140.196.227 port 48268","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27822]: Invalid user test from 43.140.196.227 port 48238","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27820]: Connection closed by authenticating user root 43.140.196.227 port 48270 [preauth]","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27811]: Invalid user testuser from 43.140.196.227 port 48287","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:41 honeypot-fra-1 sshd[27807]: Connection closed by invalid user grid 43.140.196.227 port 48255 [preauth]","@timestamp":"2022-09-09T23:17:41.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:42 honeypot-fra-1 sshd[27844]: Invalid user postgres from 43.140.196.227 port 48302","@timestamp":"2022-09-09T23:17:42.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27861]: Invalid user pi from 43.140.196.227 port 48300","@timestamp":"2022-09-09T23:17:43.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27855]: Connection closed by invalid user cloud 43.140.196.227 port 48286 [preauth]","@timestamp":"2022-09-09T23:17:43.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27858]: Invalid user oracle from 43.140.196.227 port 48296","@timestamp":"2022-09-09T23:17:44.855Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:44 honeypot-fra-1 sshd[27870]: Connection closed by invalid user postgres 43.140.196.227 port 48294 [preauth]","@timestamp":"2022-09-09T23:17:44.855Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:17:56 honeypot-ams-1 sshd[5236]: Received disconnect from 61.177.173.39 port 17630:11:  [preauth]","@timestamp":"2022-09-09T23:17:57.848Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:18:52 honeypot-fra-1 sshd[27874]: Received disconnect from 31.47.192.98 port 52986:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:18:52.897Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:21:11.718Z","@version":"1","message":"Sep  9 23:21:11 honeypot-sgp-1 sshd[1301]: Disconnecting invalid user admin 220.150.186.57 port 56845: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:51.737Z","@version":"1","message":"Sep  9 23:21:51 honeypot-sgp-1 sshd[1308]: Invalid user user from 141.255.162.226 port 43756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:56.739Z","@version":"1","message":"Sep  9 23:21:56 honeypot-sgp-1 sshd[1312]: Invalid user user from 141.255.162.226 port 60294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:59.741Z","@version":"1","message":"Sep  9 23:21:59 honeypot-sgp-1 sshd[1316]: Invalid user user from 141.255.162.226 port 48604","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:22:21 honeypot-fra-1 sshd[27880]: Received disconnect from 8.38.172.89 port 49586:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:22:21.976Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:25:24.821Z","@version":"1","message":"Sep  9 23:25:24 honeypot-sgp-1 sshd[1320]: Disconnected from invalid user user 45.61.186.169 port 41156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:25:41.830Z","@version":"1","message":"Sep  9 23:25:41 honeypot-sgp-1 sshd[1324]: Disconnected from invalid user user 45.61.186.169 port 35670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:25:58.838Z","@version":"1","message":"Sep  9 23:25:58 honeypot-sgp-1 sshd[1328]: Disconnected from invalid user user 45.61.186.169 port 58426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:26:15.846Z","@version":"1","message":"Sep  9 23:26:14 honeypot-sgp-1 sshd[1335]: Invalid user user from 45.61.186.169 port 52924","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:26:43.859Z","@version":"1","message":"Sep  9 23:26:43 honeypot-sgp-1 sshd[1341]: error: maximum authentication attempts exceeded for root from 114.92.195.10 port 11157 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:28:28 honeypot-ams-1 sshd[5241]: Disconnected from authenticating user root 61.177.173.51 port 35395 [preauth]","@timestamp":"2022-09-09T23:28:29.119Z"}
{"@timestamp":"2022-09-09T23:30:13.942Z","@version":"1","message":"Sep  9 23:30:13 honeypot-sgp-1 kernel: [83642328.456602] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=11002 PROTO=TCP SPT=46203 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:30:24 honeypot-fra-1 sshd[27886]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-09T23:30:25.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:32:42 honeypot-fra-1 sshd[27889]: Disconnected from invalid user wesley2 159.65.64.70 port 36412 [preauth]","@timestamp":"2022-09-09T23:32:43.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:35:41 honeypot-fra-1 sshd[27894]: Disconnected from invalid user oracle 182.253.79.194 port 33452 [preauth]","@timestamp":"2022-09-09T23:35:41.280Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:37:37.117Z","@version":"1","message":"Sep  9 23:37:36 honeypot-sgp-1 sshd[1351]: Received disconnect from 200.10.192.5 port 37020:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 23:37:42 honeypot-ams-1 kernel: [83643249.116042] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=58507 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:37:43.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:39:27 honeypot-ams-1 sshd[5249]: Disconnected from authenticating user root 61.177.173.39 port 10216 [preauth]","@timestamp":"2022-09-09T23:39:28.406Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:40:01 honeypot-ams-1 sshd[5254]: Disconnected from invalid user admin 80.76.51.46 port 48366 [preauth]","@timestamp":"2022-09-09T23:40:02.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:40:17 honeypot-ams-1 sshd[5260]: Received disconnect from 80.76.51.46 port 49302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:40:17.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:40:47 honeypot-fra-1 sshd[27901]: Invalid user admin from 128.199.168.83 port 58918","@timestamp":"2022-09-09T23:40:47.396Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:41:01 honeypot-ams-1 sshd[5266]: Received disconnect from 80.76.51.46 port 51980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:41:02.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:41:31 honeypot-ams-1 sshd[5270]: Disconnected from authenticating user root 80.76.51.46 port 53700 [preauth]","@timestamp":"2022-09-09T23:41:31.470Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:42:15 honeypot-ams-1 sshd[5276]: Disconnected from authenticating user root 80.76.51.46 port 56230 [preauth]","@timestamp":"2022-09-09T23:42:15.493Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:41 honeypot-fra-1 sshd[27906]: Received disconnect from 141.255.162.226 port 45882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:42:41.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:43 honeypot-fra-1 sshd[27910]: Received disconnect from 141.255.162.226 port 54526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:42:44.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:42:44 honeypot-ams-1 sshd[5281]: Received disconnect from 80.76.51.46 port 57992:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:42:45.509Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:45 honeypot-fra-1 sshd[27914]: Received disconnect from 141.255.162.226 port 52232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:42:46.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:49 honeypot-fra-1 sshd[27918]: Received disconnect from 141.255.162.226 port 41292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:42:50.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:32 honeypot-fra-1 sshd[27922]: Disconnected from invalid user user 141.255.162.226 port 48506 [preauth]","@timestamp":"2022-09-09T23:46:33.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:34 honeypot-fra-1 sshd[27926]: Disconnected from invalid user user 141.255.162.226 port 56118 [preauth]","@timestamp":"2022-09-09T23:46:34.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:37 honeypot-fra-1 sshd[27930]: Disconnected from invalid user user 141.255.162.226 port 50708 [preauth]","@timestamp":"2022-09-09T23:46:38.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:40 honeypot-fra-1 sshd[27934]: Disconnected from invalid user user 141.255.162.226 port 37684 [preauth]","@timestamp":"2022-09-09T23:46:40.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:51:40 honeypot-ams-1 sshd[5288]: Invalid user romero from 182.253.117.99 port 48934","@timestamp":"2022-09-09T23:51:40.742Z"}
{"@timestamp":"2022-09-09T23:51:42.455Z","@version":"1","message":"Sep  9 23:51:41 honeypot-sgp-1 kernel: [83643617.092725] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=33061 PROTO=TCP SPT=59273 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:52:40.480Z","@version":"1","message":"Sep  9 23:52:40 honeypot-sgp-1 sshd[1360]: Invalid user user from 45.61.187.160 port 47348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:53:01.490Z","@version":"1","message":"Sep  9 23:53:01 honeypot-sgp-1 sshd[1364]: Invalid user user from 45.61.187.160 port 42124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:53:06 honeypot-ams-1 sshd[5292]: Received disconnect from 188.170.13.225 port 52504:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:53:06.783Z"}
{"@timestamp":"2022-09-09T23:53:20.500Z","@version":"1","message":"Sep  9 23:53:19 honeypot-sgp-1 sshd[1368]: Invalid user user from 45.61.187.160 port 36902","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:53:33 honeypot-fra-1 sshd[27939]: Disconnected from authenticating user root 92.255.85.69 port 31172 [preauth]","@timestamp":"2022-09-09T23:53:33.685Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:54:18.523Z","@version":"1","message":"Sep  9 23:54:17 honeypot-sgp-1 kernel: [83643772.738636] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35844 PROTO=TCP SPT=14420 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:54:52.537Z","@version":"1","message":"Sep  9 23:54:51 honeypot-sgp-1 sshd[1376]: Connection closed by invalid user admin 128.199.160.207 port 24446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:55:14 honeypot-ams-1 sshd[5298]: Disconnected from authenticating user root 177.93.51.98 port 42172 [preauth]","@timestamp":"2022-09-09T23:55:14.842Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 23:57:33 honeypot-ams-1 kernel: [83644440.577723] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17549 PROTO=TCP SPT=47577 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:57:33.902Z"}
{"@timestamp":"2022-09-09T23:58:02.610Z","@version":"1","message":"Sep  9 23:58:01 honeypot-sgp-1 sshd[1383]: Received disconnect from 165.227.87.78 port 40504:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:29 honeypot-ams-1 sshd[5310]: Disconnected from authenticating user root 149.90.249.162 port 44566 [preauth]","@timestamp":"2022-09-10T00:01:30.016Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:30 honeypot-ams-1 sshd[5316]: Received disconnect from 149.90.249.162 port 44596:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:31.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:31 honeypot-ams-1 sshd[5322]: Received disconnect from 149.90.249.162 port 44632:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:32.019Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:32 honeypot-ams-1 sshd[5328]: Received disconnect from 149.90.249.162 port 44658:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:33.020Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:33 honeypot-ams-1 sshd[5334]: Received disconnect from 149.90.249.162 port 45042:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:34.020Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:35 honeypot-ams-1 sshd[5340]: Received disconnect from 149.90.249.162 port 45084:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:35.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:36 honeypot-ams-1 sshd[5346]: Received disconnect from 149.90.249.162 port 45138:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:37.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:37 honeypot-ams-1 sshd[5352]: Received disconnect from 149.90.249.162 port 45194:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:38.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:38 honeypot-ams-1 sshd[5358]: Received disconnect from 149.90.249.162 port 45230:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:39.024Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:39 honeypot-ams-1 sshd[5364]: Received disconnect from 149.90.249.162 port 45254:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:40.025Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:40 honeypot-ams-1 sshd[5370]: Received disconnect from 149.90.249.162 port 45288:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:41.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:42 honeypot-ams-1 sshd[5376]: Received disconnect from 149.90.249.162 port 45320:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:43.027Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:43 honeypot-ams-1 sshd[5382]: Invalid user admin from 149.90.249.162 port 45684","@timestamp":"2022-09-10T00:01:44.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:44 honeypot-ams-1 sshd[5386]: Invalid user admin from 149.90.249.162 port 19032","@timestamp":"2022-09-10T00:01:45.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:44 honeypot-ams-1 sshd[5390]: Invalid user admin from 149.90.249.162 port 45750","@timestamp":"2022-09-10T00:01:45.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:45 honeypot-ams-1 sshd[5394]: Invalid user admin from 149.90.249.162 port 45778","@timestamp":"2022-09-10T00:01:46.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:46 honeypot-ams-1 sshd[5398]: Invalid user admin from 149.90.249.162 port 45830","@timestamp":"2022-09-10T00:01:47.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:47 honeypot-ams-1 sshd[5402]: Invalid user user from 149.90.249.162 port 45856","@timestamp":"2022-09-10T00:01:48.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:48 honeypot-ams-1 sshd[5406]: Disconnected from authenticating user root 149.90.249.162 port 45874 [preauth]","@timestamp":"2022-09-10T00:01:49.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:48 honeypot-ams-1 sshd[5410]: Disconnected from invalid user pi 149.90.249.162 port 45902 [preauth]","@timestamp":"2022-09-10T00:01:49.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:49 honeypot-ams-1 sshd[5414]: Disconnected from invalid user ethos 149.90.249.162 port 45920 [preauth]","@timestamp":"2022-09-10T00:01:50.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:50 honeypot-ams-1 sshd[5418]: Disconnected from invalid user miner 149.90.249.162 port 45946 [preauth]","@timestamp":"2022-09-10T00:01:51.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:51 honeypot-ams-1 sshd[5422]: Disconnected from invalid user volumio 149.90.249.162 port 45972 [preauth]","@timestamp":"2022-09-10T00:01:52.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:52 honeypot-ams-1 sshd[5426]: Disconnected from invalid user nagios 149.90.249.162 port 45990 [preauth]","@timestamp":"2022-09-10T00:01:52.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:52 honeypot-ams-1 sshd[5430]: Disconnected from invalid user vagrant 149.90.249.162 port 46004 [preauth]","@timestamp":"2022-09-10T00:01:53.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:53 honeypot-ams-1 sshd[5434]: Disconnected from invalid user debian 149.90.249.162 port 46336 [preauth]","@timestamp":"2022-09-10T00:01:54.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:54 honeypot-ams-1 sshd[5438]: Received disconnect from 149.90.249.162 port 46374:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:55.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:55 honeypot-ams-1 sshd[5442]: Invalid user alarm from 149.90.249.162 port 46400","@timestamp":"2022-09-10T00:01:56.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:55 honeypot-ams-1 sshd[5446]: Invalid user test from 149.90.249.162 port 46440","@timestamp":"2022-09-10T00:01:56.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:56 honeypot-ams-1 sshd[5450]: Invalid user cirros from 149.90.249.162 port 46502","@timestamp":"2022-09-10T00:01:57.041Z"}
{"@timestamp":"2022-09-10T00:05:29.784Z","@version":"1","message":"Sep 10 00:05:29 honeypot-sgp-1 kernel: [83644444.697593] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.37 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42861 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:06:00 honeypot-ams-1 sshd[5456]: Disconnected from authenticating user root 61.177.172.108 port 11942 [preauth]","@timestamp":"2022-09-10T00:06:00.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:09:31 honeypot-fra-1 kernel: [83643006.921600] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12110 PROTO=TCP SPT=48003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:09:32.057Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:19 honeypot-fra-1 sshd[27949]: Disconnected from invalid user user 198.98.61.9 port 58166 [preauth]","@timestamp":"2022-09-10T00:13:19.145Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:35 honeypot-fra-1 sshd[27953]: Disconnected from invalid user user 198.98.61.9 port 52970 [preauth]","@timestamp":"2022-09-10T00:13:36.154Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:51 honeypot-fra-1 sshd[27957]: Disconnected from invalid user user 198.98.61.9 port 47800 [preauth]","@timestamp":"2022-09-10T00:13:52.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:14:06 honeypot-fra-1 sshd[27961]: Disconnected from invalid user user 198.98.61.9 port 42612 [preauth]","@timestamp":"2022-09-10T00:14:07.173Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:17:01.053Z","@version":"1","message":"Sep 10 00:17:01 honeypot-sgp-1 CRON[1393]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:17:49 honeypot-fra-1 kernel: [83643504.246023] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=50269 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:17:49.260Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:19:51 honeypot-ams-1 sshd[5471]: Received disconnect from 92.255.85.70 port 32436:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:19:52.542Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:23:28 honeypot-fra-1 sshd[27970]: Disconnected from invalid user justin 165.22.45.108 port 51062 [preauth]","@timestamp":"2022-09-10T00:23:29.391Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:25:46 honeypot-fra-1 sshd[27974]: Disconnected from authenticating user root 103.174.114.55 port 44532 [preauth]","@timestamp":"2022-09-10T00:25:46.445Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:30:32 honeypot-ams-1 kernel: [83646419.022920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=21395 PROTO=TCP SPT=47967 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:30:32.828Z"}
{"@timestamp":"2022-09-10T00:33:26.438Z","@version":"1","message":"Sep 10 00:33:25 honeypot-sgp-1 sshd[1403]: Connection reset by authenticating user root 143.198.136.88 port 39684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:34:29 honeypot-fra-1 sshd[27978]: Disconnected from authenticating user root 59.148.18.136 port 47280 [preauth]","@timestamp":"2022-09-10T00:34:30.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:39:02 honeypot-ams-1 kernel: [83646929.204618] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.141 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=28525 PROTO=TCP SPT=1679 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:39:03.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:41:33 honeypot-fra-1 sshd[27983]: Received disconnect from 70.37.75.157 port 35048:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:41:33.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:46:35.766Z","@version":"1","message":"Sep 10 00:46:35 honeypot-sgp-1 sshd[1409]: Disconnecting invalid user  185.246.130.20 port 15217: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:46:46 honeypot-ams-1 sshd[5495]: Received disconnect from 61.177.173.36 port 34437:11:  [preauth]","@timestamp":"2022-09-10T00:46:47.260Z"}
{"@timestamp":"2022-09-10T00:47:05.780Z","@version":"1","message":"Sep 10 00:47:05 honeypot-sgp-1 sshd[1415]: Disconnecting invalid user  185.246.130.20 port 31033: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:47:46.799Z","@version":"1","message":"Sep 10 00:47:46 honeypot-sgp-1 sshd[1422]: Disconnecting invalid user admin 185.246.130.20 port 36300: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:24 honeypot-fra-1 sshd[27990]: Invalid user user from 141.255.162.226 port 40022","@timestamp":"2022-09-10T00:48:24.957Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:48:26.818Z","@version":"1","message":"Sep 10 00:48:26 honeypot-sgp-1 sshd[1428]: Disconnecting invalid user manager 185.246.130.20 port 29309: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:26 honeypot-fra-1 sshd[27994]: Invalid user user from 141.255.162.226 port 57256","@timestamp":"2022-09-10T00:48:26.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:30 honeypot-fra-1 sshd[27998]: Invalid user user from 141.255.162.226 port 59644","@timestamp":"2022-09-10T00:48:30.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:32 honeypot-fra-1 sshd[28002]: Invalid user user from 141.255.162.226 port 54880","@timestamp":"2022-09-10T00:48:32.962Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:48:53.832Z","@version":"1","message":"Sep 10 00:48:53 honeypot-sgp-1 sshd[1435]: Disconnecting invalid user 1234 185.246.130.20 port 7380: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:49:26.847Z","@version":"1","message":"Sep 10 00:49:26 honeypot-sgp-1 sshd[1441]: Disconnecting invalid user  185.246.130.20 port 13554: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:50:02.864Z","@version":"1","message":"Sep 10 00:50:01 honeypot-sgp-1 sshd[1448]: Invalid user Admin from 185.246.130.20 port 16702","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:50:14 honeypot-fra-1 sshd[28006]: Invalid user rj from 181.117.244.23 port 33828","@timestamp":"2022-09-10T00:50:15.003Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:50:23 honeypot-ams-1 sshd[5499]: Disconnected from authenticating user root 61.177.173.53 port 39296 [preauth]","@timestamp":"2022-09-10T00:50:23.357Z"}
{"@timestamp":"2022-09-10T00:50:32.879Z","@version":"1","message":"Sep 10 00:50:32 honeypot-sgp-1 sshd[1456]: Invalid user guest from 185.246.130.20 port 45274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:50:51.889Z","@version":"1","message":"Sep 10 00:50:51 honeypot-sgp-1 sshd[1462]: Disconnecting authenticating user root 185.246.130.20 port 15133: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:03.894Z","@version":"1","message":"Sep 10 00:51:03 honeypot-sgp-1 sshd[1468]: Received disconnect from 157.245.122.58 port 41800:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:06.897Z","@version":"1","message":"Sep 10 00:51:06 honeypot-sgp-1 sshd[1470]: Disconnecting invalid user Cisco 185.246.130.20 port 9345: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:24.905Z","@version":"1","message":"Sep 10 00:51:24 honeypot-sgp-1 sshd[1480]: Invalid user user from 45.61.184.204 port 57070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:33.909Z","@version":"1","message":"Sep 10 00:51:33 honeypot-sgp-1 sshd[1482]: Invalid user user from 45.61.184.204 port 40224","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:42.914Z","@version":"1","message":"Sep 10 00:51:42 honeypot-sgp-1 sshd[1487]: Disconnected from invalid user user 45.61.184.204 port 51606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:55.921Z","@version":"1","message":"Sep 10 00:51:54 honeypot-sgp-1 sshd[1489]: Disconnecting authenticating user root 185.246.130.20 port 44924: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:52:13.929Z","@version":"1","message":"Sep 10 00:52:13 honeypot-sgp-1 sshd[1497]: Invalid user  from 185.246.130.20 port 26408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:52:43.944Z","@version":"1","message":"Sep 10 00:52:43 honeypot-sgp-1 sshd[1504]: Invalid user admin from 185.246.130.20 port 63431","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:04.955Z","@version":"1","message":"Sep 10 00:53:04 honeypot-sgp-1 sshd[1510]: Invalid user tenancy from 157.245.122.58 port 40644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:28.966Z","@version":"1","message":"Sep 10 00:53:28 honeypot-sgp-1 sshd[1516]: Invalid user default from 185.246.130.20 port 11161","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:48.976Z","@version":"1","message":"Sep 10 00:53:48 honeypot-sgp-1 sshd[1520]: Invalid user c1@r0 from 185.246.130.20 port 50274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:54:06.988Z","@version":"1","message":"Sep 10 00:54:06 honeypot-sgp-1 sshd[1522]: Disconnecting invalid user Administrator 185.246.130.20 port 19306: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:54:47.006Z","@version":"1","message":"Sep 10 00:54:46 honeypot-sgp-1 sshd[1530]: Disconnecting invalid user admin 185.246.130.20 port 35128: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:55:10.018Z","@version":"1","message":"Sep 10 00:55:09 honeypot-sgp-1 sshd[1536]: Invalid user Admin from 185.246.130.20 port 24134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:55:14 honeypot-fra-1 sshd[28010]: Disconnected from invalid user justin 165.22.45.108 port 56112 [preauth]","@timestamp":"2022-09-10T00:55:14.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:55:44.034Z","@version":"1","message":"Sep 10 00:55:43 honeypot-sgp-1 sshd[1542]: Invalid user  from 185.246.130.20 port 43208","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:56:01.042Z","@version":"1","message":"Sep 10 00:56:00 honeypot-sgp-1 sshd[1544]: Disconnecting invalid user admin1234 185.246.130.20 port 3635: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:56:29.057Z","@version":"1","message":"Sep 10 00:56:29 honeypot-sgp-1 sshd[1552]: Disconnecting invalid user admin 185.246.130.20 port 53257: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:56:47.065Z","@version":"1","message":"Sep 10 00:56:46 honeypot-sgp-1 sshd[1558]: Disconnected from invalid user cypress 157.245.122.58 port 38318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:57:23.084Z","@version":"1","message":"Sep 10 00:57:22 honeypot-sgp-1 sshd[1564]: Invalid user admin from 185.246.130.20 port 54688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:57:59.100Z","@version":"1","message":"Sep 10 00:57:58 honeypot-sgp-1 sshd[1571]: Invalid user admin from 185.246.130.20 port 33975","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:58:30.117Z","@version":"1","message":"Sep 10 00:58:30 honeypot-sgp-1 sshd[1577]: Invalid user Shiko from 185.246.130.20 port 43628","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:58:53.129Z","@version":"1","message":"Sep 10 00:58:52 honeypot-sgp-1 sshd[1582]: Disconnecting invalid user Broadcom 185.246.130.20 port 20303: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:59:07.136Z","@version":"1","message":"Sep 10 00:59:07 honeypot-sgp-1 kernel: [83647662.165031] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=56456 PROTO=TCP SPT=51221 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:59:36.150Z","@version":"1","message":"Sep 10 00:59:35 honeypot-sgp-1 sshd[1592]: Disconnecting invalid user highspeed 185.246.130.20 port 44487: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:00:03 honeypot-ams-1 sshd[5505]: Disconnected from authenticating user root 61.177.173.35 port 16309 [preauth]","@timestamp":"2022-09-10T01:00:03.624Z"}
{"@timestamp":"2022-09-10T01:00:15.168Z","@version":"1","message":"Sep 10 01:00:14 honeypot-sgp-1 sshd[1598]: Disconnecting invalid user  185.246.130.20 port 38311: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:01:07.194Z","@version":"1","message":"Sep 10 01:01:06 honeypot-sgp-1 sshd[1604]: Disconnecting invalid user public 185.246.130.20 port 17223: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:02:01.219Z","@version":"1","message":"Sep 10 01:02:00 honeypot-sgp-1 sshd[1612]: Invalid user db2inst1 from 140.86.39.162 port 56604","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:02:31.233Z","@version":"1","message":"Sep 10 01:02:30 honeypot-sgp-1 sshd[1616]: Disconnecting invalid user user 185.246.130.20 port 58285: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:03:07.251Z","@version":"1","message":"Sep 10 01:03:06 honeypot-sgp-1 sshd[1623]: Disconnecting invalid user Admin 185.246.130.20 port 9472: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:03:48.270Z","@version":"1","message":"Sep 10 01:03:47 honeypot-sgp-1 sshd[1629]: Invalid user 0 from 185.246.130.20 port 62913","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:03:57.275Z","@version":"1","message":"Sep 10 01:03:56 honeypot-sgp-1 sshd[1636]: Received disconnect from 141.255.162.226 port 57582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:00.276Z","@version":"1","message":"Sep 10 01:04:00 honeypot-sgp-1 sshd[1640]: Received disconnect from 141.255.162.226 port 46426:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:05.280Z","@version":"1","message":"Sep 10 01:04:04 honeypot-sgp-1 sshd[1644]: Invalid user user from 141.255.162.226 port 35268","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:15.285Z","@version":"1","message":"Sep 10 01:04:14 honeypot-sgp-1 sshd[1648]: Invalid user zoomadsl from 185.246.130.20 port 17708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:54.304Z","@version":"1","message":"Sep 10 01:04:53 honeypot-sgp-1 sshd[1654]: Invalid user ltecl4r0 from 185.246.130.20 port 14204","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:10:30 honeypot-ams-1 kernel: [83648816.822843] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=17896 PROTO=TCP SPT=3670 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:10:30.905Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:11:49 honeypot-fra-1 sshd[28016]: Invalid user amanda from 165.232.172.31 port 47676","@timestamp":"2022-09-10T01:11:49.481Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T01:13:19.500Z","@version":"1","message":"Sep 10 01:13:19 honeypot-sgp-1 sshd[1659]: Connection closed by invalid user user 103.188.176.251 port 34790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:14:12 honeypot-ams-1 kernel: [83649038.961362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=32439 PROTO=TCP SPT=47964 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:14:13.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:15:41 honeypot-fra-1 kernel: [83646976.874880] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.222 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=39824 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:15:42.571Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:17:01 honeypot-ams-1 CRON[5519]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T01:17:02.112Z"}
{"@timestamp":"2022-09-10T01:17:40.623Z","@version":"1","message":"Sep 10 01:17:39 honeypot-sgp-1 sshd[1666]: Received disconnect from 200.207.224.148 port 37164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:22:16.731Z","@version":"1","message":"Sep 10 01:22:16 honeypot-sgp-1 sshd[1671]: Disconnected from authenticating user root 92.255.85.69 port 20504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:23:09 honeypot-fra-1 sshd[28025]: error: maximum authentication attempts exceeded for invalid user admin from 31.52.230.39 port 60647 ssh2 [preauth]","@timestamp":"2022-09-10T01:23:10.740Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:23:59 honeypot-ams-1 sshd[5530]: Disconnected from invalid user user 45.61.186.169 port 33412 [preauth]","@timestamp":"2022-09-10T01:24:00.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:17 honeypot-ams-1 sshd[5534]: Disconnected from invalid user user 45.61.186.169 port 56250 [preauth]","@timestamp":"2022-09-10T01:24:18.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:34 honeypot-ams-1 sshd[5538]: Disconnected from invalid user user 45.61.186.169 port 50848 [preauth]","@timestamp":"2022-09-10T01:24:34.376Z"}
{"@timestamp":"2022-09-06T20:04:34.417Z","@version":"1","message":"Sep  6 20:04:33 honeypot-sgp-1 sshd[26176]: Disconnected from authenticating user root 143.244.158.100 port 57744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:06:48 honeypot-fra-1 kernel: [83369253.890188] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.154.82.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=5474 DF PROTO=TCP SPT=1131 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T20:06:49.051Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-06T20:06:59.473Z","@version":"1","message":"Sep  6 20:06:59 honeypot-sgp-1 sshd[26183]: Disconnected from authenticating user root 143.244.158.100 port 50058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:09:19.528Z","@version":"1","message":"Sep  6 20:09:19 honeypot-sgp-1 sshd[26189]: Received disconnect from 92.255.85.69 port 21122:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:11:05 honeypot-fra-1 kernel: [83369510.925949] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=197.37.194.105 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=65243 PROTO=TCP SPT=59786 DPT=80 WINDOW=61841 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T20:11:06.145Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-06T20:11:11.572Z","@version":"1","message":"Sep  6 20:11:11 honeypot-sgp-1 sshd[26195]: Received disconnect from 143.244.158.100 port 53366:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:11:59 honeypot-ams-1 sshd[28579]: Did not receive identification string from 159.89.44.32 port 41798","@timestamp":"2022-09-06T20:12:00.093Z"}
{"@timestamp":"2022-09-06T20:12:57.614Z","@version":"1","message":"Sep  6 20:12:56 honeypot-sgp-1 sshd[26202]: Did not receive identification string from 45.61.187.160 port 54110","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:13:11 honeypot-fra-1 sshd[18733]: Invalid user user from 45.61.186.169 port 34440","@timestamp":"2022-09-06T20:13:11.194Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:13:28 honeypot-fra-1 sshd[18737]: Invalid user user from 45.61.186.169 port 57104","@timestamp":"2022-09-06T20:13:29.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:13:45 honeypot-fra-1 sshd[18741]: Invalid user user from 45.61.186.169 port 51596","@timestamp":"2022-09-06T20:13:45.209Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T20:13:48.635Z","@version":"1","message":"Sep  6 20:13:48 honeypot-sgp-1 sshd[26207]: Invalid user user from 45.61.187.160 port 40626","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:13:53 honeypot-fra-1 kernel: [83369679.109714] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.144.135.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18635 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T20:13:54.213Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-06T20:14:08.643Z","@version":"1","message":"Sep  6 20:14:08 honeypot-sgp-1 sshd[26211]: Invalid user user from 45.61.187.160 port 35504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:14:27.652Z","@version":"1","message":"Sep  6 20:14:26 honeypot-sgp-1 sshd[26215]: Invalid user user from 45.61.187.160 port 58612","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:14:36.656Z","@version":"1","message":"Sep  6 20:14:36 honeypot-sgp-1 sshd[26219]: Received disconnect from 45.61.187.160 port 41930:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:17:01 honeypot-ams-1 CRON[28585]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-06T20:17:02.227Z"}
{"@timestamp":"2022-09-06T20:17:02.728Z","@version":"1","message":"Sep  6 20:17:01 honeypot-sgp-1 CRON[26228]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:18:23 honeypot-fra-1 sshd[18751]: Received disconnect from 165.22.45.108 port 52004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T20:18:24.313Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T20:18:42.767Z","@version":"1","message":"Sep  6 20:18:42 honeypot-sgp-1 sshd[26233]: Received disconnect from 143.244.158.100 port 59658:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:20:38 honeypot-ams-1 sshd[28591]: Disconnected from authenticating user root 109.125.128.53 port 33402 [preauth]","@timestamp":"2022-09-06T20:20:39.344Z"}
{"@timestamp":"2022-09-06T20:21:04.823Z","@version":"1","message":"Sep  6 20:21:04 honeypot-sgp-1 kernel: [83371784.441248] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.68 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=31920 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:22:57.867Z","@version":"1","message":"Sep  6 20:22:56 honeypot-sgp-1 sshd[26244]: Disconnected from authenticating user root 143.244.158.100 port 56314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:23:08 honeypot-fra-1 sshd[18754]: Disconnected from authenticating user root 92.255.85.70 port 34926 [preauth]","@timestamp":"2022-09-06T20:23:09.416Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T20:24:35.905Z","@version":"1","message":"Sep  6 20:24:35 honeypot-sgp-1 sshd[26250]: Disconnected from authenticating user root 143.244.158.100 port 60954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:27:10.965Z","@version":"1","message":"Sep  6 20:27:09 honeypot-sgp-1 sshd[26257]: Disconnected from authenticating user root 143.244.158.100 port 41112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:29:00 honeypot-fra-1 sshd[18761]: Received disconnect from 165.22.45.108 port 56544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T20:29:01.550Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T20:29:26.020Z","@version":"1","message":"Sep  6 20:29:25 honeypot-sgp-1 sshd[26264]: Did not receive identification string from 141.255.162.226 port 53284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:29:37.026Z","@version":"1","message":"Sep  6 20:29:36 honeypot-sgp-1 sshd[26267]: Disconnected from invalid user user 141.255.162.226 port 44156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:29:40.027Z","@version":"1","message":"Sep  6 20:29:39 honeypot-sgp-1 sshd[26271]: Disconnected from invalid user user 141.255.162.226 port 33772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:29:42.029Z","@version":"1","message":"Sep  6 20:29:41 honeypot-sgp-1 sshd[26277]: Invalid user user from 141.255.162.226 port 42694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 20:30:55 honeypot-ams-1 kernel: [83372844.862008] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=29129 PROTO=TCP SPT=56204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T20:30:55.605Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:31:08 honeypot-fra-1 sshd[18765]: Invalid user appltest from 103.188.176.251 port 33064","@timestamp":"2022-09-06T20:31:09.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:31:27 honeypot-ams-1 sshd[28602]: Disconnected from invalid user user 45.61.187.160 port 50520 [preauth]","@timestamp":"2022-09-06T20:31:28.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:31:46 honeypot-ams-1 sshd[28607]: Disconnected from invalid user user 45.61.187.160 port 45400 [preauth]","@timestamp":"2022-09-06T20:31:46.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:32:03 honeypot-ams-1 sshd[28611]: Disconnected from invalid user user 45.61.187.160 port 40288 [preauth]","@timestamp":"2022-09-06T20:32:03.647Z"}
{"@timestamp":"2022-09-06T20:32:57.101Z","@version":"1","message":"Sep  6 20:32:56 honeypot-sgp-1 kernel: [83372496.213108] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.232.183.59 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=35497 DF PROTO=TCP SPT=57843 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 20:35:04 honeypot-ams-1 kernel: [83373093.406921] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.199.90.48 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=56751 DF PROTO=TCP SPT=59211 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T20:35:04.725Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:36:21 honeypot-fra-1 sshd[18768]: Disconnected from invalid user allison 2.228.139.162 port 61562 [preauth]","@timestamp":"2022-09-06T20:36:21.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:36:44 honeypot-fra-1 sshd[18772]: Disconnected from invalid user luisa 20.106.195.16 port 1024 [preauth]","@timestamp":"2022-09-06T20:36:44.746Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T20:37:07.212Z","@version":"1","message":"Sep  6 20:37:06 honeypot-sgp-1 kernel: [83372745.838632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.46.215.90 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=240 ID=22657 DF PROTO=TCP SPT=44642 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:39:53 honeypot-fra-1 sshd[18777]: Received disconnect from 165.22.45.108 port 32826:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T20:39:53.817Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 20:40:07 honeypot-ams-1 kernel: [83373396.583341] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.246.249.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=64058 PROTO=TCP SPT=11264 DPT=443 WINDOW=1069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T20:40:07.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:40:17 honeypot-fra-1 sshd[18781]: Disconnected from authenticating user root 220.117.232.74 port 60164 [preauth]","@timestamp":"2022-09-06T20:40:17.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:40:56 honeypot-fra-1 sshd[18792]: Invalid user postgres from 183.146.30.163 port 57302","@timestamp":"2022-09-06T20:40:56.859Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T20:41:07.302Z","@version":"1","message":"Sep  6 20:41:06 honeypot-sgp-1 kernel: [83372986.111908] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.137.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=55281 PROTO=TCP SPT=40025 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:43:18.352Z","@version":"1","message":"Sep  6 20:43:17 honeypot-sgp-1 kernel: [83373117.376139] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=39665 PROTO=TCP SPT=54479 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:45:36 honeypot-ams-1 sshd[28624]: Invalid user user from 45.61.186.249 port 43746","@timestamp":"2022-09-06T20:45:37.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:45:55 honeypot-ams-1 sshd[28628]: Invalid user user from 45.61.186.249 port 38438","@timestamp":"2022-09-06T20:45:56.015Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:46:14 honeypot-ams-1 sshd[28632]: Invalid user user from 45.61.186.249 port 33136","@timestamp":"2022-09-06T20:46:15.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:46:22 honeypot-fra-1 sshd[18805]: Disconnected from invalid user oracle 92.255.85.69 port 16536 [preauth]","@timestamp":"2022-09-06T20:46:23.978Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T20:46:44.430Z","@version":"1","message":"Sep  6 20:46:44 honeypot-sgp-1 sshd[26294]: Received disconnect from 198.98.61.9 port 36708:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:47:01.437Z","@version":"1","message":"Sep  6 20:47:01 honeypot-sgp-1 sshd[26298]: Received disconnect from 198.98.61.9 port 58994:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T20:47:17.445Z","@version":"1","message":"Sep  6 20:47:16 honeypot-sgp-1 sshd[26302]: Received disconnect from 198.98.61.9 port 53054:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 20:47:28 honeypot-ams-1 kernel: [83373837.778540] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.185.135 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=18582 PROTO=TCP SPT=20000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T20:47:29.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:48:22 honeypot-ams-1 sshd[28714]: Invalid user user from 45.61.186.249 port 41028","@timestamp":"2022-09-06T20:48:23.086Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:48:40 honeypot-ams-1 sshd[28718]: Invalid user user from 45.61.186.249 port 35858","@timestamp":"2022-09-06T20:48:41.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:48:57 honeypot-ams-1 sshd[28722]: Invalid user user from 45.61.186.249 port 58930","@timestamp":"2022-09-06T20:48:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 20:49:06 honeypot-ams-1 sshd[28724]: Disconnected from invalid user user 45.61.186.249 port 42230 [preauth]","@timestamp":"2022-09-06T20:49:07.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 20:50:45 honeypot-fra-1 sshd[18811]: Disconnected from invalid user java 165.22.45.108 port 37348 [preauth]","@timestamp":"2022-09-06T20:50:46.074Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T20:55:07.617Z","@version":"1","message":"Sep  6 20:55:07 honeypot-sgp-1 sshd[26307]: Connection closed by invalid user user 103.188.176.251 port 55492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 21:00:11 honeypot-ams-1 kernel: [83374600.573842] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=4199 PROTO=TCP SPT=44527 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T21:00:11.395Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:01:34 honeypot-fra-1 sshd[18816]: Disconnected from invalid user javadev 165.22.45.108 port 41858 [preauth]","@timestamp":"2022-09-06T21:01:35.309Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T21:09:34.938Z","@version":"1","message":"Sep  6 21:09:34 honeypot-sgp-1 kernel: [83374694.515638] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44483 PROTO=TCP SPT=15781 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:12:26 honeypot-fra-1 sshd[18821]: Invalid user javadev from 165.22.45.108 port 46396","@timestamp":"2022-09-06T21:12:26.546Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 21:15:17 honeypot-ams-1 sshd[28734]: Disconnected from authenticating user root 167.99.176.15 port 46832 [preauth]","@timestamp":"2022-09-06T21:15:18.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:17:01 honeypot-fra-1 CRON[18826]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-06T21:17:01.648Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T21:19:19.155Z","@version":"1","message":"Sep  6 21:19:18 honeypot-sgp-1 sshd[26317]: Invalid user test from 92.255.85.70 port 52252","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 21:20:26 honeypot-ams-1 sshd[28742]: Received disconnect from 35.202.200.207 port 1926:11: Bye Bye [preauth]","@timestamp":"2022-09-06T21:20:26.917Z"}
{"@timestamp":"2022-09-06T21:21:52.212Z","@version":"1","message":"Sep  6 21:21:51 honeypot-sgp-1 sshd[26321]: Received disconnect from 51.250.5.16 port 40082:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 21:22:36 honeypot-ams-1 kernel: [83375946.120640] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.51.254 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=37974 DF PROTO=TCP SPT=42732 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T21:22:36.973Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 21:24:17 honeypot-ams-1 sshd[28746]: Disconnected from invalid user sham 43.134.162.83 port 52424 [preauth]","@timestamp":"2022-09-06T21:24:18.018Z"}
{"@timestamp":"2022-09-06T21:26:13.331Z","@version":"1","message":"Sep  6 21:26:12 honeypot-sgp-1 sshd[26340]: Received disconnect from 196.223.151.194 port 49920:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T21:29:43.409Z","@version":"1","message":"Sep  6 21:29:42 honeypot-sgp-1 sshd[26346]: Received disconnect from 114.4.227.194 port 41400:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 21:30:57 honeypot-ams-1 kernel: [83376446.901431] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=41428 PROTO=TCP SPT=16430 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T21:30:58.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:32:10 honeypot-fra-1 kernel: [83374375.705911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=22459 PROTO=TCP SPT=58861 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T21:32:10.970Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 21:32:23 honeypot-ams-1 sshd[28753]: Disconnected from invalid user tonia 182.160.154.181 port 52230 [preauth]","@timestamp":"2022-09-06T21:32:23.229Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:34:23 honeypot-fra-1 sshd[18837]: Did not receive identification string from 45.61.186.249 port 56548","@timestamp":"2022-09-06T21:34:24.020Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:34:45 honeypot-fra-1 sshd[18840]: Disconnected from invalid user user 45.61.186.249 port 53666 [preauth]","@timestamp":"2022-09-06T21:34:46.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:35:02 honeypot-fra-1 sshd[18844]: Disconnected from invalid user user 45.61.186.249 port 48630 [preauth]","@timestamp":"2022-09-06T21:35:03.039Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:35:19 honeypot-fra-1 sshd[18848]: Disconnected from invalid user user 45.61.186.249 port 43604 [preauth]","@timestamp":"2022-09-06T21:35:20.047Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 21:35:25 honeypot-ams-1 sshd[28758]: Received disconnect from 190.99.148.244 port 54930:11: Bye Bye [preauth]","@timestamp":"2022-09-06T21:35:26.309Z"}
{"@timestamp":"2022-09-06T21:38:16.597Z","@version":"1","message":"Sep  6 21:38:16 honeypot-sgp-1 sshd[26351]: Received disconnect from 159.223.164.107 port 55988:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T21:43:25.710Z","@version":"1","message":"Sep  6 21:43:24 honeypot-sgp-1 kernel: [83376724.542837] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.113 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56432 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 21:44:53 honeypot-ams-1 sshd[28763]: Received disconnect from 92.255.85.69 port 35850:11: Bye Bye [preauth]","@timestamp":"2022-09-06T21:44:54.553Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:45:23 honeypot-fra-1 sshd[18853]: Invalid user javaop from 165.22.45.108 port 59978","@timestamp":"2022-09-06T21:45:23.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 21:46:51 honeypot-ams-1 sshd[28767]: Disconnected from invalid user mac 129.146.57.206 port 42333 [preauth]","@timestamp":"2022-09-06T21:46:51.618Z"}
{"@timestamp":"2022-09-06T21:47:07.794Z","@version":"1","message":"Sep  6 21:47:07 honeypot-sgp-1 sshd[26362]: Received disconnect from 157.245.122.58 port 41516:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T21:48:05.818Z","@version":"1","message":"Sep  6 21:48:05 honeypot-sgp-1 sshd[26367]: Disconnected from authenticating user root 157.245.122.58 port 55048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:48:51 honeypot-fra-1 kernel: [83375376.396500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.152.52.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=39784 PROTO=TCP SPT=40930 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T21:48:51.336Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:49:15 honeypot-fra-1 sshd[18859]: Invalid user aurora from 128.199.52.104 port 60612","@timestamp":"2022-09-06T21:49:15.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T21:49:56.860Z","@version":"1","message":"Sep  6 21:49:56 honeypot-sgp-1 sshd[26371]: Disconnected from invalid user kim 162.215.1.196 port 57996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T21:50:55.884Z","@version":"1","message":"Sep  6 21:50:55 honeypot-sgp-1 sshd[26375]: Disconnected from invalid user data.user 157.245.122.58 port 39194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T21:51:47.906Z","@version":"1","message":"Sep  6 21:51:47 honeypot-sgp-1 sshd[26379]: Disconnected from invalid user jonitwiso 157.245.122.58 port 52724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T21:53:28.946Z","@version":"1","message":"Sep  6 21:53:27 honeypot-sgp-1 sshd[26386]: Invalid user cypress from 157.245.122.58 port 51578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 21:54:27 honeypot-ams-1 kernel: [83377856.927886] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.227.107.37 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44982 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T21:54:27.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 21:56:25 honeypot-fra-1 sshd[18864]: Invalid user javaop from 165.22.45.108 port 36282","@timestamp":"2022-09-06T21:56:26.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:00:40 honeypot-ams-1 sshd[28778]: Invalid user admin from 67.22.223.124 port 45880","@timestamp":"2022-09-06T22:00:40.973Z"}
{"@timestamp":"2022-09-06T22:01:20.122Z","@version":"1","message":"Sep  6 22:01:19 honeypot-sgp-1 sshd[26395]: Invalid user admin from 223.171.92.59 port 57526","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:05:08 honeypot-fra-1 sshd[18869]: Invalid user rp from 193.106.191.157 port 43018","@timestamp":"2022-09-06T22:05:08.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:08:10 honeypot-ams-1 sshd[28783]: Invalid user 1234 from 92.255.85.70 port 28416","@timestamp":"2022-09-06T22:08:11.166Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:08:20 honeypot-fra-1 sshd[18874]: Did not receive identification string from 45.61.186.49 port 44150","@timestamp":"2022-09-06T22:08:21.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:08:31 honeypot-fra-1 sshd[18877]: Disconnected from invalid user user 45.61.186.49 port 58498 [preauth]","@timestamp":"2022-09-06T22:08:31.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:08:41 honeypot-fra-1 sshd[18881]: Disconnected from invalid user user 45.61.186.49 port 41838 [preauth]","@timestamp":"2022-09-06T22:08:41.770Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T22:09:20.303Z","@version":"1","message":"Sep  6 22:09:20 honeypot-sgp-1 kernel: [83378279.546677] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.248.6.56 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=59 ID=41118 PROTO=TCP SPT=58015 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:14:25 honeypot-ams-1 sshd[28788]: Disconnected from authenticating user root 61.177.173.48 port 41620 [preauth]","@timestamp":"2022-09-06T22:14:26.328Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:15:25 honeypot-fra-1 sshd[18887]: Invalid user watson from 91.201.240.153 port 53024","@timestamp":"2022-09-06T22:15:25.917Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:16:05 honeypot-ams-1 sshd[28795]: Connection closed by invalid user admin 185.216.71.180 port 35422 [preauth]","@timestamp":"2022-09-06T22:16:06.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:17:01 honeypot-ams-1 CRON[28802]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-06T22:17:02.397Z"}
{"@timestamp":"2022-09-06T22:17:02.474Z","@version":"1","message":"Sep  6 22:17:01 honeypot-sgp-1 CRON[26405]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:18:05 honeypot-fra-1 sshd[18893]: Received disconnect from 159.89.44.32 port 41124:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T22:18:05.977Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:18:29 honeypot-fra-1 sshd[18900]: Invalid user admin from 185.216.71.180 port 48948","@timestamp":"2022-09-06T22:18:29.988Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:18:32 honeypot-fra-1 sshd[18901]: Connection closed by invalid user guest 185.216.71.180 port 48946 [preauth]","@timestamp":"2022-09-06T22:18:32.989Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:19:41 honeypot-fra-1 sshd[18912]: Disconnected from invalid user admin 92.255.85.69 port 31488 [preauth]","@timestamp":"2022-09-06T22:19:42.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:21:18 honeypot-ams-1 sshd[28810]: Disconnected from authenticating user root 165.227.68.95 port 40962 [preauth]","@timestamp":"2022-09-06T22:21:18.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:23:25 honeypot-ams-1 sshd[28816]: Disconnected from invalid user adm 62.204.41.222 port 51085 [preauth]","@timestamp":"2022-09-06T22:23:26.563Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:28:38 honeypot-ams-1 sshd[28821]: Disconnected from invalid user admin 91.240.118.222 port 55834 [preauth]","@timestamp":"2022-09-06T22:28:38.696Z"}
{"@timestamp":"2022-09-06T22:28:51.736Z","@version":"1","message":"Sep  6 22:28:50 honeypot-sgp-1 sshd[26417]: Received disconnect from 159.89.44.32 port 40512:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T22:29:53.761Z","@version":"1","message":"Sep  6 22:29:53 honeypot-sgp-1 sshd[26421]: Disconnected from invalid user admin 92.255.85.70 port 46086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:30:14 honeypot-fra-1 sshd[18918]: Unable to negotiate with 113.5.234.18 port 3675: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-06T22:30:15.244Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T22:34:28.865Z","@version":"1","message":"Sep  6 22:34:28 honeypot-sgp-1 sshd[26424]: Disconnected from invalid user wayne 171.244.39.233 port 49138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 22:38:55 honeypot-ams-1 kernel: [83380524.432715] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=62435 PROTO=TCP SPT=43736 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T22:38:55.963Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:39:36 honeypot-fra-1 sshd[18923]: Invalid user pi from 221.161.222.237 port 48802","@timestamp":"2022-09-06T22:39:36.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:40:18 honeypot-fra-1 sshd[18927]: Disconnected from invalid user jaydev 165.22.45.108 port 54384 [preauth]","@timestamp":"2022-09-06T22:40:18.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:42:43 honeypot-ams-1 sshd[28834]: Received disconnect from 141.255.162.226 port 53214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T22:42:44.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:42:44 honeypot-ams-1 sshd[28838]: Received disconnect from 141.255.162.226 port 42956:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T22:42:45.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:42:48 honeypot-ams-1 sshd[28842]: Received disconnect from 141.255.162.226 port 60936:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T22:42:49.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:42:52 honeypot-ams-1 sshd[28846]: Received disconnect from 141.255.162.226 port 50682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T22:42:53.073Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:44:47 honeypot-fra-1 kernel: [83378732.812413] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=47561 PROTO=TCP SPT=58850 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T22:44:48.562Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:44:55 honeypot-ams-1 sshd[28876]: Invalid user testuser from 20.224.203.215 port 49132","@timestamp":"2022-09-06T22:44:56.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:44:55 honeypot-ams-1 sshd[28879]: Connection closed by authenticating user root 20.224.203.215 port 49146 [preauth]","@timestamp":"2022-09-06T22:44:56.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:44:55 honeypot-ams-1 sshd[28858]: Invalid user es from 20.224.203.215 port 49090","@timestamp":"2022-09-06T22:44:56.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:44:55 honeypot-ams-1 sshd[28868]: Invalid user steam from 20.224.203.215 port 49102","@timestamp":"2022-09-06T22:44:56.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:44:55 honeypot-ams-1 sshd[28881]: Connection closed by authenticating user root 20.224.203.215 port 49112 [preauth]","@timestamp":"2022-09-06T22:44:56.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:44:55 honeypot-ams-1 sshd[28863]: Connection closed by authenticating user root 20.224.203.215 port 49084 [preauth]","@timestamp":"2022-09-06T22:44:56.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:44:55 honeypot-ams-1 sshd[28862]: Connection closed by invalid user test 20.224.203.215 port 49100 [preauth]","@timestamp":"2022-09-06T22:44:56.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:44:55 honeypot-ams-1 sshd[28867]: Connection closed by invalid user test 20.224.203.215 port 49080 [preauth]","@timestamp":"2022-09-06T22:44:56.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:49:30 honeypot-ams-1 sshd[28930]: Invalid user admin from 100.12.133.226 port 61249","@timestamp":"2022-09-06T22:49:30.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:51:19 honeypot-fra-1 sshd[18938]: Invalid user jbackof from 165.22.45.108 port 58908","@timestamp":"2022-09-06T22:51:19.699Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T22:53:08.276Z","@version":"1","message":"Sep  6 22:53:07 honeypot-sgp-1 sshd[26432]: Received disconnect from 61.177.173.49 port 57007:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 22:53:30 honeypot-ams-1 sshd[28933]: Disconnecting invalid user admin 60.132.35.157 port 63309: Too many authentication failures [preauth]","@timestamp":"2022-09-06T22:53:31.351Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 22:55:09 honeypot-fra-1 sshd[18942]: Connection closed by 20.187.88.167 port 43892 [preauth]","@timestamp":"2022-09-06T22:55:10.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 22:58:45 honeypot-ams-1 kernel: [83381714.704613] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.73.126.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=53397 PROTO=TCP SPT=44217 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T22:58:45.501Z"}
{"@timestamp":"2022-09-06T23:02:26.483Z","@version":"1","message":"Sep  6 23:02:25 honeypot-sgp-1 sshd[26439]: Received disconnect from 200.118.57.190 port 47950:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:03:02 honeypot-fra-1 sshd[18948]: Invalid user yonemitsu from 197.155.234.157 port 34292","@timestamp":"2022-09-06T23:03:02.951Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:06:39 honeypot-ams-1 sshd[28947]: Received disconnect from 61.177.172.124 port 26111:11:  [preauth]","@timestamp":"2022-09-06T23:06:39.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:07:08 honeypot-ams-1 sshd[28952]: Received disconnect from 45.61.187.160 port 59346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T23:07:08.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:07:30 honeypot-fra-1 sshd[18953]: Received disconnect from 92.255.85.69 port 18788:11: Bye Bye [preauth]","@timestamp":"2022-09-06T23:07:31.048Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:07:31 honeypot-ams-1 sshd[28956]: Received disconnect from 45.61.187.160 port 54318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T23:07:31.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:07:50 honeypot-ams-1 sshd[28960]: Received disconnect from 45.61.187.160 port 49300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T23:07:50.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:08:08 honeypot-ams-1 sshd[28964]: Invalid user user from 45.61.187.160 port 44266","@timestamp":"2022-09-06T23:08:08.750Z"}
{"@timestamp":"2022-09-06T23:10:58.673Z","@version":"1","message":"Sep  6 23:10:57 honeypot-sgp-1 sshd[26444]: Received disconnect from 92.255.85.69 port 36790:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 23:12:59 honeypot-ams-1 kernel: [83382568.332188] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=27433 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T23:12:59.876Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:13:12 honeypot-fra-1 sshd[18958]: Received disconnect from 165.22.45.108 port 39712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T23:13:13.172Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T23:15:10.768Z","@version":"1","message":"Sep  6 23:15:09 honeypot-sgp-1 sshd[26451]: Received disconnect from 61.177.172.104 port 59164:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:15:55 honeypot-fra-1 sshd[18963]: Connection closed by authenticating user root 171.22.30.130 port 52960 [preauth]","@timestamp":"2022-09-06T23:15:56.231Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:17:01 honeypot-ams-1 CRON[28974]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-06T23:17:01.979Z"}
{"@timestamp":"2022-09-06T23:18:48.851Z","@version":"1","message":"Sep  6 23:18:47 honeypot-sgp-1 sshd[26457]: Received disconnect from 68.183.141.33 port 36908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T23:19:22.867Z","@version":"1","message":"Sep  6 23:19:22 honeypot-sgp-1 sshd[26462]: Invalid user user from 45.61.187.160 port 50630","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T23:19:43.876Z","@version":"1","message":"Sep  6 23:19:43 honeypot-sgp-1 sshd[26466]: Invalid user user from 45.61.187.160 port 45230","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T23:20:00.884Z","@version":"1","message":"Sep  6 23:20:00 honeypot-sgp-1 sshd[26470]: Invalid user user from 45.61.187.160 port 39836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T23:21:10.912Z","@version":"1","message":"Sep  6 23:21:10 honeypot-sgp-1 sshd[26474]: Received disconnect from 179.48.124.250 port 59758:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:23:26 honeypot-ams-1 sshd[28984]: Received disconnect from 92.255.85.70 port 52660:11: Bye Bye [preauth]","@timestamp":"2022-09-06T23:23:27.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:24:14 honeypot-fra-1 sshd[18973]: Disconnected from invalid user jbodyalberta 165.22.45.108 port 44254 [preauth]","@timestamp":"2022-09-06T23:24:15.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:28:45 honeypot-fra-1 sshd[18977]: Disconnected from invalid user aecpro 178.128.221.237 port 52296 [preauth]","@timestamp":"2022-09-06T23:28:45.510Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-06T23:29:10.090Z","@version":"1","message":"Sep  6 23:29:09 honeypot-sgp-1 kernel: [83383068.664110] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=40506 DF PROTO=TCP SPT=41530 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:29:27 honeypot-ams-1 sshd[28989]: Received disconnect from 61.177.173.36 port 61335:11:  [preauth]","@timestamp":"2022-09-06T23:29:28.304Z"}
{"@timestamp":"2022-09-06T23:35:12.224Z","@version":"1","message":"Sep  6 23:35:11 honeypot-sgp-1 sshd[26490]: Connection closed by invalid user bbnc 103.188.176.251 port 36596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:35:13 honeypot-fra-1 sshd[18982]: Received disconnect from 165.22.45.108 port 48774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-06T23:35:13.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:39:29 honeypot-fra-1 kernel: [83382014.325229] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.88 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45544 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T23:39:29.745Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:44:36 honeypot-fra-1 sshd[18994]: Invalid user rr from 193.106.191.157 port 47002","@timestamp":"2022-09-06T23:44:36.855Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  6 23:44:50 honeypot-ams-1 sshd[29001]: Connection closed by 180.76.173.237 port 35424 [preauth]","@timestamp":"2022-09-06T23:44:50.695Z"}
{"@timestamp":"2022-09-06T23:51:28.585Z","@version":"1","message":"Sep  6 23:51:28 honeypot-sgp-1 kernel: [83384407.451574] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=44601 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  6 23:53:48 honeypot-fra-1 sshd[18999]: Invalid user default from 92.255.85.69 port 40320","@timestamp":"2022-09-06T23:53:49.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  6 23:54:48 honeypot-ams-1 kernel: [83385077.805757] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.68.206.147 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=25901 DF PROTO=TCP SPT=26938 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-06T23:54:48.954Z"}
{"@timestamp":"2022-09-06T23:57:43.724Z","@version":"1","message":"Sep  6 23:57:43 honeypot-sgp-1 sshd[26504]: Invalid user default from 92.255.85.69 port 25924","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-06T23:57:59.732Z","@version":"1","message":"Sep  6 23:57:59 honeypot-sgp-1 sshd[26508]: Disconnected from authenticating user root 61.177.173.35 port 17801 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:02:28 honeypot-ams-1 sshd[29021]: Disconnected from authenticating user root 47.188.48.3 port 46072 [preauth]","@timestamp":"2022-09-07T00:02:29.159Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:04:49 honeypot-fra-1 sshd[19005]: Invalid user ventas from 202.29.13.51 port 53828","@timestamp":"2022-09-07T00:04:50.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:05:30 honeypot-fra-1 sshd[19009]: Disconnected from authenticating user root 31.187.75.74 port 54070 [preauth]","@timestamp":"2022-09-07T00:05:31.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:05:37 honeypot-ams-1 sshd[29026]: Invalid user anneliese from 20.196.207.134 port 47884","@timestamp":"2022-09-07T00:05:37.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:08:49 honeypot-ams-1 sshd[29031]: Connection closed by 180.76.173.237 port 35990 [preauth]","@timestamp":"2022-09-07T00:08:50.334Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:08:50 honeypot-fra-1 sshd[19014]: Received disconnect from 46.101.47.30 port 33144:11: Bye Bye [preauth]","@timestamp":"2022-09-07T00:08:50.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:12:45 honeypot-fra-1 kernel: [83384010.295669] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27412 PROTO=TCP SPT=48803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T00:12:45.468Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 00:12:48 honeypot-ams-1 kernel: [83386158.121082] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=31723 PROTO=TCP SPT=47246 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T00:12:49.444Z"}
{"@timestamp":"2022-09-07T00:13:27.079Z","@version":"1","message":"Sep  7 00:13:26 honeypot-sgp-1 sshd[26518]: Disconnecting invalid user admin 31.184.198.71 port 11935: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:13:55.092Z","@version":"1","message":"Sep  7 00:13:54 honeypot-sgp-1 sshd[26524]: Disconnecting invalid user admin 31.184.198.71 port 56644: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:14:17 honeypot-fra-1 sshd[19024]: Invalid user user from 198.98.61.9 port 60954","@timestamp":"2022-09-07T00:14:18.505Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T00:14:21.105Z","@version":"1","message":"Sep  7 00:14:20 honeypot-sgp-1 sshd[26530]: Disconnecting invalid user aerohive 31.184.198.71 port 61422: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:14:33 honeypot-fra-1 sshd[19028]: Invalid user user from 198.98.61.9 port 55310","@timestamp":"2022-09-07T00:14:34.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T00:14:51.119Z","@version":"1","message":"Sep  7 00:14:51 honeypot-sgp-1 sshd[26536]: Disconnecting invalid user private 31.184.198.71 port 22589: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:14:52 honeypot-fra-1 sshd[19032]: Invalid user user from 198.98.61.9 port 49652","@timestamp":"2022-09-07T00:14:53.522Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T00:15:18.132Z","@version":"1","message":"Sep  7 00:15:17 honeypot-sgp-1 sshd[26542]: Invalid user Admin from 31.184.198.71 port 49054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:15:49.146Z","@version":"1","message":"Sep  7 00:15:49 honeypot-sgp-1 sshd[26548]: Invalid user user from 31.184.198.71 port 22572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:16:04 honeypot-fra-1 kernel: [83384209.677612] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.148.82.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=49688 DF PROTO=TCP SPT=1237 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T00:16:05.550Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T00:16:17.159Z","@version":"1","message":"Sep  7 00:16:16 honeypot-sgp-1 sshd[26555]: Disconnecting invalid user blank 31.184.198.71 port 64084: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:16:42.171Z","@version":"1","message":"Sep  7 00:16:41 honeypot-sgp-1 sshd[26561]: Disconnecting invalid user 1234 31.184.198.71 port 4052: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:17:07.182Z","@version":"1","message":"Sep  7 00:17:06 honeypot-sgp-1 sshd[26570]: Invalid user Cisco from 31.184.198.71 port 19344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 00:17:38 honeypot-ams-1 kernel: [83386447.650701] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.149.137.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=47043 PROTO=TCP SPT=33853 DPT=443 WINDOW=17348 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T00:17:38.577Z"}
{"@timestamp":"2022-09-07T00:17:39.197Z","@version":"1","message":"Sep  7 00:17:38 honeypot-sgp-1 sshd[26576]: Invalid user 1234 from 31.184.198.71 port 28525","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:17:52 honeypot-fra-1 sshd[19040]: Disconnected from invalid user 1234 92.255.85.69 port 46120 [preauth]","@timestamp":"2022-09-07T00:17:53.590Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T00:18:18.215Z","@version":"1","message":"Sep  7 00:18:17 honeypot-sgp-1 sshd[26583]: Disconnecting invalid user  31.184.198.71 port 16169: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:18:50.230Z","@version":"1","message":"Sep  7 00:18:49 honeypot-sgp-1 sshd[26589]: Disconnecting invalid user admin 31.184.198.71 port 16360: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:19:19.244Z","@version":"1","message":"Sep  7 00:19:19 honeypot-sgp-1 sshd[26595]: Disconnecting invalid user  31.184.198.71 port 50679: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:19:58.260Z","@version":"1","message":"Sep  7 00:19:58 honeypot-sgp-1 sshd[26603]: Invalid user c1@r0 from 31.184.198.71 port 6654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:20:16.270Z","@version":"1","message":"Sep  7 00:20:15 honeypot-sgp-1 sshd[26608]: Received disconnect from 92.255.85.69 port 18310:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:20:36.279Z","@version":"1","message":"Sep  7 00:20:36 honeypot-sgp-1 sshd[26614]: Invalid user admin from 31.184.198.71 port 38936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:21:04.291Z","@version":"1","message":"Sep  7 00:21:03 honeypot-sgp-1 sshd[26622]: Received disconnect from 89.22.67.66 port 45236:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:21:17.298Z","@version":"1","message":"Sep  7 00:21:17 honeypot-sgp-1 sshd[26627]: Invalid user  from 31.184.198.71 port 38091","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:21:37.307Z","@version":"1","message":"Sep  7 00:21:36 honeypot-sgp-1 sshd[26633]: Received disconnect from 59.150.105.114 port 64444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:22:01.319Z","@version":"1","message":"Sep  7 00:22:01 honeypot-sgp-1 sshd[26639]: Invalid user motorola from 31.184.198.71 port 35285","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:22:22.329Z","@version":"1","message":"Sep  7 00:22:22 honeypot-sgp-1 sshd[26645]: Received disconnect from 154.92.19.8 port 33778:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:22:51.342Z","@version":"1","message":"Sep  7 00:22:50 honeypot-sgp-1 sshd[26651]: Disconnecting invalid user airlive 31.184.198.71 port 56581: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:23:23.356Z","@version":"1","message":"Sep  7 00:23:22 honeypot-sgp-1 sshd[26657]: Disconnecting invalid user roqos 31.184.198.71 port 15967: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 00:23:30 honeypot-ams-1 kernel: [83386799.304190] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.93.213.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65037 DF PROTO=TCP SPT=10446 DPT=443 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T00:23:30.739Z"}
{"@timestamp":"2022-09-07T00:23:52.370Z","@version":"1","message":"Sep  7 00:23:52 honeypot-sgp-1 sshd[26663]: Disconnecting invalid user sitecom 31.184.198.71 port 1638: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:24:19.383Z","@version":"1","message":"Sep  7 00:24:18 honeypot-sgp-1 sshd[26669]: Disconnecting invalid user admin 31.184.198.71 port 50408: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:24:42.393Z","@version":"1","message":"Sep  7 00:24:42 honeypot-sgp-1 sshd[26675]: Disconnecting invalid user smcadmin 31.184.198.71 port 20424: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:25:12.407Z","@version":"1","message":"Sep  7 00:25:11 honeypot-sgp-1 sshd[26681]: Disconnecting invalid user admin 31.184.198.71 port 13120: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:25:38.419Z","@version":"1","message":"Sep  7 00:25:37 honeypot-sgp-1 sshd[26687]: Disconnecting invalid user user 31.184.198.71 port 11602: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:26:04.432Z","@version":"1","message":"Sep  7 00:26:03 honeypot-sgp-1 sshd[26693]: Disconnecting invalid user 123456 31.184.198.71 port 51563: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:26:28.443Z","@version":"1","message":"Sep  7 00:26:27 honeypot-sgp-1 sshd[26700]: Disconnected from 61.177.173.48 port 64900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:26:33 honeypot-fra-1 sshd[19045]: Disconnected from invalid user kureyon 182.23.67.99 port 59803 [preauth]","@timestamp":"2022-09-07T00:26:33.775Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T00:26:54.455Z","@version":"1","message":"Sep  7 00:26:54 honeypot-sgp-1 sshd[26708]: Disconnecting invalid user admin 31.184.198.71 port 23497: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:27:12.464Z","@version":"1","message":"Sep  7 00:27:12 honeypot-sgp-1 sshd[26712]: Disconnecting invalid user 0 31.184.198.71 port 34128: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:27:32.474Z","@version":"1","message":"Sep  7 00:27:32 honeypot-sgp-1 sshd[26718]: Disconnecting invalid user zoomadsl 31.184.198.71 port 54741: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:27:58.485Z","@version":"1","message":"Sep  7 00:27:58 honeypot-sgp-1 sshd[26724]: Connection closed by invalid user ltecl4r0 31.184.198.71 port 63095 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:28:24 honeypot-ams-1 sshd[29051]: Received disconnect from 61.177.173.53 port 18805:11:  [preauth]","@timestamp":"2022-09-07T00:28:24.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:28:44 honeypot-ams-1 sshd[29057]: Invalid user user from 141.255.162.226 port 33878","@timestamp":"2022-09-07T00:28:44.888Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:28:48 honeypot-ams-1 sshd[29061]: Invalid user user from 141.255.162.226 port 52240","@timestamp":"2022-09-07T00:28:48.891Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:28:51 honeypot-ams-1 sshd[29065]: Invalid user user from 141.255.162.226 port 42376","@timestamp":"2022-09-07T00:28:52.893Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 00:30:38 honeypot-ams-1 kernel: [83387227.222011] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.206.241.219 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=34752 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T00:30:38.941Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:31:47 honeypot-ams-1 sshd[29070]: Received disconnect from 45.61.184.204 port 55322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T00:31:47.977Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:32:05 honeypot-ams-1 sshd[29074]: Invalid user user from 45.61.184.204 port 50322","@timestamp":"2022-09-07T00:32:06.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:32:23 honeypot-ams-1 sshd[29078]: Invalid user user from 45.61.184.204 port 45328","@timestamp":"2022-09-07T00:32:24.015Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:32:41 honeypot-ams-1 sshd[29082]: Invalid user user from 45.61.184.204 port 40318","@timestamp":"2022-09-07T00:32:42.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:33:48 honeypot-fra-1 kernel: [83385273.807011] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.213.49 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55326 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T00:33:48.933Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:33:48 honeypot-ams-1 sshd[29087]: Connection closed by 180.76.173.237 port 36564 [preauth]","@timestamp":"2022-09-07T00:33:49.056Z"}
{"@timestamp":"2022-09-07T00:34:53.639Z","@version":"1","message":"Sep  7 00:34:53 honeypot-sgp-1 sshd[26730]: Received disconnect from 141.255.162.226 port 49662:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:34:56.640Z","@version":"1","message":"Sep  7 00:34:56 honeypot-sgp-1 sshd[26732]: Received disconnect from 141.255.162.226 port 58688:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:35:00.643Z","@version":"1","message":"Sep  7 00:34:59 honeypot-sgp-1 sshd[26738]: Received disconnect from 141.255.162.226 port 48494:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T00:37:13.693Z","@version":"1","message":"Sep  7 00:37:13 honeypot-sgp-1 sshd[26742]: Connection closed by authenticating user root 121.141.215.37 port 60950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:39:18 honeypot-fra-1 sshd[19074]: Connection closed by authenticating user root 42.193.130.165 port 56654 [preauth]","@timestamp":"2022-09-07T00:39:19.057Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:39:56 honeypot-ams-1 sshd[29096]: Invalid user watchdog from 93.189.11.246 port 41394","@timestamp":"2022-09-07T00:39:57.221Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:40:26 honeypot-fra-1 sshd[19080]: Disconnected from invalid user admin 92.255.85.69 port 34522 [preauth]","@timestamp":"2022-09-07T00:40:27.084Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 00:41:20 honeypot-ams-1 sshd[29098]: Disconnected from invalid user fax 51.79.65.236 port 52760 [preauth]","@timestamp":"2022-09-07T00:41:21.261Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:44:17 honeypot-fra-1 sshd[19085]: Disconnected from authenticating user root 129.226.31.13 port 53024 [preauth]","@timestamp":"2022-09-07T00:44:18.172Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T00:49:54.968Z","@version":"1","message":"Sep  7 00:49:54 honeypot-sgp-1 sshd[26768]: Received disconnect from 61.177.173.51 port 47152:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 00:52:09 honeypot-fra-1 sshd[19090]: Invalid user jc3 from 165.22.45.108 port 52206","@timestamp":"2022-09-07T00:52:09.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 01:01:15 honeypot-ams-1 kernel: [83389064.173445] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=49511 PROTO=TCP SPT=46485 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T01:01:15.803Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:03:16 honeypot-fra-1 sshd[19098]: Invalid user jc3server from 165.22.45.108 port 56734","@timestamp":"2022-09-07T01:03:16.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:03:40 honeypot-fra-1 sshd[19100]: Disconnected from invalid user test 103.92.24.242 port 35656 [preauth]","@timestamp":"2022-09-07T01:03:41.596Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T01:05:21.306Z","@version":"1","message":"Sep  7 01:05:20 honeypot-sgp-1 kernel: [83388839.681481] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=32404 PROTO=TCP SPT=52536 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:06:54 honeypot-fra-1 sshd[19106]: Received disconnect from 159.89.172.207 port 49186:11: Bye Bye [preauth]","@timestamp":"2022-09-07T01:06:54.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:10:41 honeypot-ams-1 sshd[29118]: Disconnected from authenticating user root 61.177.172.114 port 46758 [preauth]","@timestamp":"2022-09-07T01:10:42.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:14:21 honeypot-fra-1 sshd[19114]: Disconnected from invalid user jca 165.22.45.108 port 33028 [preauth]","@timestamp":"2022-09-07T01:14:22.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T01:17:02.580Z","@version":"1","message":"Sep  7 01:17:01 honeypot-sgp-1 CRON[27224]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:17:24 honeypot-ams-1 sshd[29127]: Received disconnect from 161.35.90.77 port 33184:11: Bye Bye [preauth]","@timestamp":"2022-09-07T01:17:25.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:18:15 honeypot-fra-1 sshd[19120]: Disconnected from invalid user monica 184.168.123.187 port 48130 [preauth]","@timestamp":"2022-09-07T01:18:15.920Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:24:46 honeypot-ams-1 sshd[29135]: Received disconnect from 61.177.173.35 port 20138:11:  [preauth]","@timestamp":"2022-09-07T01:24:46.445Z"}
{"@timestamp":"2022-09-07T01:25:30.771Z","@version":"1","message":"Sep  7 01:25:29 honeypot-sgp-1 sshd[27233]: Disconnected from invalid user user 141.255.162.226 port 56046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T01:25:32.772Z","@version":"1","message":"Sep  7 01:25:32 honeypot-sgp-1 sshd[27237]: Disconnected from invalid user user 141.255.162.226 port 46852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T01:25:34.774Z","@version":"1","message":"Sep  7 01:25:34 honeypot-sgp-1 sshd[27241]: Disconnected from invalid user user 141.255.162.226 port 55382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:25:43 honeypot-fra-1 sshd[19127]: Received disconnect from 165.22.45.108 port 37558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T01:25:44.084Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T01:25:48.780Z","@version":"1","message":"Sep  7 01:25:48 honeypot-sgp-1 sshd[27248]: Invalid user  from 152.32.143.202 port 29746","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T01:31:20.922Z","@version":"1","message":"Sep  7 01:31:20 honeypot-sgp-1 sshd[27259]: Disconnected from authenticating user root 64.225.52.206 port 39468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:32:54 honeypot-fra-1 sshd[19132]: Received disconnect from 68.183.25.187 port 36846:11: Bye Bye [preauth]","@timestamp":"2022-09-07T01:32:55.248Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:35:23 honeypot-ams-1 sshd[29144]: Connection closed by 180.76.173.237 port 37992 [preauth]","@timestamp":"2022-09-07T01:35:23.732Z"}
{"@timestamp":"2022-09-07T01:40:23.128Z","@version":"1","message":"Sep  7 01:40:23 honeypot-sgp-1 sshd[27265]: Received disconnect from 61.177.173.49 port 23489:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 01:40:24 honeypot-ams-1 kernel: [83391413.909281] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44456 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T01:40:24.872Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:41:30 honeypot-fra-1 kernel: [83389335.270763] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=62513 PROTO=TCP SPT=52141 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T01:41:31.435Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:43:18 honeypot-ams-1 sshd[29156]: Disconnected from invalid user cusadmin 92.255.85.70 port 22662 [preauth]","@timestamp":"2022-09-07T01:43:18.965Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:44:18 honeypot-ams-1 sshd[29164]: Unable to negotiate with 41.86.17.229 port 52009: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-07T01:44:18.996Z"}
{"@timestamp":"2022-09-07T01:46:01.256Z","@version":"1","message":"Sep  7 01:46:00 honeypot-sgp-1 sshd[27272]: Received disconnect from 218.92.0.221 port 15895:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:48:02 honeypot-fra-1 sshd[19140]: Disconnected from authenticating user root 157.245.218.29 port 47022 [preauth]","@timestamp":"2022-09-07T01:48:03.578Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 01:49:18 honeypot-ams-1 kernel: [83391948.120681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.165.13.75 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=14535 DF PROTO=TCP SPT=54289 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T01:49:19.134Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:51:10 honeypot-fra-1 sshd[19147]: Invalid user cusadmin from 92.255.85.70 port 18636","@timestamp":"2022-09-07T01:51:11.649Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T01:53:24.427Z","@version":"1","message":"Sep  7 01:53:23 honeypot-sgp-1 sshd[27278]: Invalid user cusadmin from 92.255.85.70 port 24266","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T01:54:45.460Z","@version":"1","message":"Sep  7 01:54:44 honeypot-sgp-1 sshd[27280]: Received disconnect from 187.190.40.6 port 11506:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 01:56:38 honeypot-fra-1 sshd[19151]: Connection closed by invalid user store 141.98.10.158 port 43356 [preauth]","@timestamp":"2022-09-07T01:56:38.768Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:57:10 honeypot-ams-1 sshd[29175]: Invalid user user from 141.255.162.226 port 39322","@timestamp":"2022-09-07T01:57:11.353Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:57:13 honeypot-ams-1 sshd[29179]: Invalid user user from 141.255.162.226 port 55784","@timestamp":"2022-09-07T01:57:13.354Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:57:16 honeypot-ams-1 sshd[29183]: Invalid user user from 141.255.162.226 port 44026","@timestamp":"2022-09-07T01:57:17.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:57:20 honeypot-ams-1 sshd[29187]: Invalid user user from 141.255.162.226 port 60494","@timestamp":"2022-09-07T01:57:20.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:58:40 honeypot-ams-1 sshd[29190]: Disconnected from invalid user user 198.98.61.9 port 59818 [preauth]","@timestamp":"2022-09-07T01:58:41.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:58:58 honeypot-ams-1 sshd[29194]: Disconnected from invalid user user 198.98.61.9 port 53776 [preauth]","@timestamp":"2022-09-07T01:58:59.405Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:59:16 honeypot-ams-1 sshd[29200]: Disconnected from invalid user user 198.98.61.9 port 47732 [preauth]","@timestamp":"2022-09-07T01:59:16.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 01:59:32 honeypot-ams-1 sshd[29204]: Disconnected from invalid user user 198.98.61.9 port 41670 [preauth]","@timestamp":"2022-09-07T01:59:32.422Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:00:11 honeypot-fra-1 sshd[19153]: Disconnected from invalid user jean 165.22.45.108 port 51172 [preauth]","@timestamp":"2022-09-07T02:00:11.847Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:01:24 honeypot-fra-1 sshd[19158]: Disconnected from invalid user carta 51.38.49.17 port 45886 [preauth]","@timestamp":"2022-09-07T02:01:24.875Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 02:04:02 honeypot-ams-1 kernel: [83392831.236420] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=134.122.135.64 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=47959 PROTO=TCP SPT=56240 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T02:04:02.558Z"}
{"@timestamp":"2022-09-07T02:09:31.796Z","@version":"1","message":"Sep  7 02:09:31 honeypot-sgp-1 sshd[27298]: Received disconnect from 61.177.173.47 port 31626:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:11:14 honeypot-ams-1 sshd[29216]: Disconnected from authenticating user root 61.177.173.36 port 60610 [preauth]","@timestamp":"2022-09-07T02:11:15.760Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:13:17 honeypot-fra-1 sshd[19163]: Invalid user ru from 193.106.191.157 port 52646","@timestamp":"2022-09-07T02:13:18.131Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T02:16:40.965Z","@version":"1","message":"Sep  7 02:16:39 honeypot-sgp-1 sshd[27307]: Received disconnect from 52.140.126.117 port 61884:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T02:17:37.988Z","@version":"1","message":"Sep  7 02:17:37 honeypot-sgp-1 kernel: [83393176.336197] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.185 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46106 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:17:56 honeypot-ams-1 sshd[29224]: Disconnected from invalid user tiffany 123.31.12.113 port 60484 [preauth]","@timestamp":"2022-09-07T02:17:56.947Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:20:13 honeypot-fra-1 sshd[19171]: Received disconnect from 102.65.103.130 port 39530:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:20:14.354Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T02:23:21.125Z","@version":"1","message":"Sep  7 02:23:20 honeypot-sgp-1 kernel: [83393519.704995] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.222 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59294 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T02:24:07.144Z","@version":"1","message":"Sep  7 02:24:06 honeypot-sgp-1 sshd[27327]: Disconnected from invalid user poizxc 42.117.5.13 port 51600 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:25:33 honeypot-ams-1 sshd[29233]: Connection reset by 61.177.173.48 port 35824 [preauth]","@timestamp":"2022-09-07T02:25:33.154Z"}
{"@timestamp":"2022-09-07T02:26:33.202Z","@version":"1","message":"Sep  7 02:26:32 honeypot-sgp-1 sshd[27334]: Received disconnect from 206.189.189.7 port 35486:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:26:55 honeypot-fra-1 sshd[19176]: Received disconnect from 179.104.16.66 port 48524:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:26:55.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:29:27 honeypot-ams-1 sshd[29238]: Received disconnect from 104.192.7.232 port 33158:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:29:28.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19192]: Invalid user oracle from 82.157.143.20 port 37446","@timestamp":"2022-09-07T02:30:42.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19194]: Invalid user esuser from 82.157.143.20 port 37512","@timestamp":"2022-09-07T02:30:42.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19200]: Invalid user esuser from 82.157.143.20 port 37456","@timestamp":"2022-09-07T02:30:42.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19210]: Invalid user hadoop from 82.157.143.20 port 37490","@timestamp":"2022-09-07T02:30:42.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19192]: Connection closed by invalid user oracle 82.157.143.20 port 37446 [preauth]","@timestamp":"2022-09-07T02:30:42.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19196]: Connection closed by invalid user es 82.157.143.20 port 37458 [preauth]","@timestamp":"2022-09-07T02:30:42.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19199]: Connection closed by invalid user ubuntu 82.157.143.20 port 37476 [preauth]","@timestamp":"2022-09-07T02:30:42.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19211]: Connection closed by invalid user test 82.157.143.20 port 37472 [preauth]","@timestamp":"2022-09-07T02:30:42.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:42 honeypot-fra-1 sshd[19183]: Invalid user odoo from 82.157.143.20 port 37452","@timestamp":"2022-09-07T02:30:43.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:30:44 honeypot-fra-1 sshd[19191]: Connection closed by invalid user grid 82.157.143.20 port 37488 [preauth]","@timestamp":"2022-09-07T02:30:44.586Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T02:33:11.360Z","@version":"1","message":"Sep  7 02:33:10 honeypot-sgp-1 kernel: [83394110.262507] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.142.146.50 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=48773 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:34:49 honeypot-fra-1 kernel: [83392533.897303] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17942 DF PROTO=TCP SPT=54156 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T02:34:49.678Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:35:01 honeypot-ams-1 sshd[29243]: Connection closed by 180.76.173.237 port 39390 [preauth]","@timestamp":"2022-09-07T02:35:02.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:36:44 honeypot-fra-1 sshd[19244]: Disconnected from invalid user admin 92.255.85.69 port 60466 [preauth]","@timestamp":"2022-09-07T02:36:45.722Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T02:36:49.447Z","@version":"1","message":"Sep  7 02:36:48 honeypot-sgp-1 sshd[27348]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 02:41:47 honeypot-ams-1 kernel: [83395096.461586] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=31458 PROTO=TCP SPT=49074 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T02:41:47.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:42:46 honeypot-fra-1 sshd[19247]: Disconnected from invalid user dev_info 47.176.104.76 port 4747 [preauth]","@timestamp":"2022-09-07T02:42:46.855Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:44:25 honeypot-ams-1 sshd[29258]: Connection closed by invalid user pi 91.183.33.93 port 54204 [preauth]","@timestamp":"2022-09-07T02:44:25.704Z"}
{"@timestamp":"2022-09-07T02:44:40.630Z","@version":"1","message":"Sep  7 02:44:40 honeypot-sgp-1 sshd[27356]: Connection reset by 61.177.173.50 port 51382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:45:53 honeypot-ams-1 sshd[29264]: Received disconnect from 61.177.173.49 port 58999:11:  [preauth]","@timestamp":"2022-09-07T02:45:54.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:46:46 honeypot-fra-1 sshd[19251]: Disconnected from invalid user jean 165.22.45.108 port 41114 [preauth]","@timestamp":"2022-09-07T02:46:46.945Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:52:24 honeypot-ams-1 sshd[29274]: Invalid user user from 198.98.61.9 port 35866","@timestamp":"2022-09-07T02:52:24.931Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:52:27 honeypot-ams-1 sshd[29276]: Disconnected from invalid user aerohive 92.255.85.70 port 26452 [preauth]","@timestamp":"2022-09-07T02:52:27.932Z"}
{"@timestamp":"2022-09-07T02:52:40.819Z","@version":"1","message":"Sep  7 02:52:40 honeypot-sgp-1 sshd[27364]: Disconnected from authenticating user root 61.177.173.53 port 33026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:52:40 honeypot-ams-1 sshd[29280]: Disconnected from invalid user user 198.98.61.9 port 57826 [preauth]","@timestamp":"2022-09-07T02:52:40.940Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:52:56 honeypot-ams-1 sshd[29285]: Disconnected from invalid user user 198.98.61.9 port 51552 [preauth]","@timestamp":"2022-09-07T02:52:56.947Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:53:15 honeypot-ams-1 sshd[29289]: Disconnected from invalid user user 198.98.61.9 port 45284 [preauth]","@timestamp":"2022-09-07T02:53:15.956Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:57:43 honeypot-ams-1 sshd[29297]: Received disconnect from 61.177.172.98 port 11716:11:  [preauth]","@timestamp":"2022-09-07T02:57:44.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:20 honeypot-fra-1 sshd[19260]: Received disconnect from 2.57.122.190 port 49420:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:58:21.198Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:25 honeypot-fra-1 sshd[19264]: Received disconnect from 165.22.45.108 port 45656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T02:58:26.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:32 honeypot-fra-1 sshd[19268]: Received disconnect from 2.57.122.190 port 50975:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:58:33.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:38 honeypot-fra-1 sshd[19274]: Invalid user operator from 2.57.122.190 port 51812","@timestamp":"2022-09-07T02:58:39.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:42 honeypot-fra-1 sshd[19276]: Invalid user ftp from 2.57.122.190 port 52323","@timestamp":"2022-09-07T02:58:43.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:50 honeypot-fra-1 sshd[19280]: Received disconnect from 2.57.122.190 port 53393:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:58:51.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:58 honeypot-fra-1 sshd[19284]: Disconnected from invalid user oracle 2.57.122.190 port 54489 [preauth]","@timestamp":"2022-09-07T02:58:59.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:12 honeypot-fra-1 sshd[19290]: Invalid user scanner from 2.57.122.190 port 56341","@timestamp":"2022-09-07T02:59:13.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:20 honeypot-fra-1 sshd[19294]: Invalid user user from 2.57.122.190 port 57369","@timestamp":"2022-09-07T02:59:21.228Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T02:59:24.980Z","@version":"1","message":"Sep  7 02:59:24 honeypot-sgp-1 kernel: [83395683.915497] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=44.197.113.139 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=34228 DF PROTO=TCP SPT=60300 DPT=80 WINDOW=62727 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:28 honeypot-fra-1 sshd[19298]: Invalid user user from 2.57.122.190 port 58338","@timestamp":"2022-09-07T02:59:28.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:32 honeypot-fra-1 sshd[19302]: Invalid user admin from 2.57.122.190 port 58860","@timestamp":"2022-09-07T02:59:32.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:39 honeypot-fra-1 sshd[19306]: Invalid user user from 2.57.122.190 port 59890","@timestamp":"2022-09-07T02:59:40.237Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:27 honeypot-ams-1 sshd[29302]: Disconnected from invalid user user 141.255.162.226 port 51630 [preauth]","@timestamp":"2022-09-07T03:00:28.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:29 honeypot-ams-1 sshd[29306]: Disconnected from invalid user user 141.255.162.226 port 41674 [preauth]","@timestamp":"2022-09-07T03:00:30.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:32 honeypot-ams-1 sshd[29310]: Disconnected from invalid user user 141.255.162.226 port 50816 [preauth]","@timestamp":"2022-09-07T03:00:33.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:35 honeypot-ams-1 sshd[29314]: Disconnected from invalid user user 141.255.162.226 port 40870 [preauth]","@timestamp":"2022-09-07T03:00:36.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:02:50 honeypot-fra-1 kernel: [83394214.901567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=35743 PROTO=TCP SPT=59603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:02:51.309Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T03:03:04.068Z","@version":"1","message":"Sep  7 03:03:03 honeypot-sgp-1 sshd[27374]: Disconnected from invalid user aerohive 92.255.85.69 port 22710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 03:07:49 honeypot-ams-1 kernel: [83396658.635031] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=4514 PROTO=TCP SPT=40048 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:07:50.366Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:09:57 honeypot-fra-1 sshd[19317]: Invalid user jean from 165.22.45.108 port 50182","@timestamp":"2022-09-07T03:09:58.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:11:02.257Z","@version":"1","message":"Sep  7 03:11:01 honeypot-sgp-1 sshd[27379]: Disconnected from authenticating user root 61.177.173.35 port 50859 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 03:12:20 honeypot-ams-1 kernel: [83396929.637301] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=29039 PROTO=TCP SPT=59603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:12:21.486Z"}
{"@timestamp":"2022-09-07T03:14:54.348Z","@version":"1","message":"Sep  7 03:14:53 honeypot-sgp-1 sshd[27390]: Invalid user admin from 178.128.125.205 port 25402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:14:57.350Z","@version":"1","message":"Sep  7 03:14:56 honeypot-sgp-1 sshd[27383]: Connection reset by 61.177.172.19 port 45329 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:15:41 honeypot-ams-1 sshd[29335]: Disconnected from invalid user private 92.255.85.70 port 61898 [preauth]","@timestamp":"2022-09-07T03:15:41.577Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:16:42 honeypot-fra-1 sshd[19320]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-07T03:16:43.612Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:17:01 honeypot-ams-1 CRON[29341]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T03:17:02.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:17:26 honeypot-fra-1 sshd[19326]: Invalid user admin from 159.203.178.0 port 54656","@timestamp":"2022-09-07T03:17:26.631Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:17:38.415Z","@version":"1","message":"Sep  7 03:17:37 honeypot-sgp-1 sshd[27400]: Received disconnect from 61.177.173.53 port 53015:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:17:50 honeypot-fra-1 kernel: [83395114.909452] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.29 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53620 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:17:50.642Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19337]: Connection closed by authenticating user root 31.184.215.236 port 36384 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19340]: Connection closed by invalid user test 31.184.215.236 port 36324 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19347]: Invalid user esuser from 31.184.215.236 port 36412","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19346]: Connection closed by authenticating user root 31.184.215.236 port 36434 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19349]: Connection closed by invalid user ubuntu 31.184.215.236 port 36346 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19355]: Invalid user ftpuser from 31.184.215.236 port 36332","@timestamp":"2022-09-07T03:19:21.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19358]: Connection closed by authenticating user root 31.184.215.236 port 36426 [preauth]","@timestamp":"2022-09-07T03:19:21.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19369]: Invalid user pi from 31.184.215.236 port 36420","@timestamp":"2022-09-07T03:19:21.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:22 honeypot-fra-1 sshd[19392]: Connection closed by invalid user test 31.184.215.236 port 36348 [preauth]","@timestamp":"2022-09-07T03:19:22.677Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:20:17 honeypot-ams-1 sshd[29347]: Connection closed by 180.76.173.237 port 54766 [preauth]","@timestamp":"2022-09-07T03:20:17.699Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:22:39 honeypot-fra-1 sshd[19398]: Received disconnect from 92.255.85.69 port 25808:11: Bye Bye [preauth]","@timestamp":"2022-09-07T03:22:39.750Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:25:48.610Z","@version":"1","message":"Sep  7 03:25:47 honeypot-sgp-1 sshd[27409]: Invalid user private from 92.255.85.70 port 26566","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:33:29 honeypot-fra-1 sshd[19403]: Received disconnect from 165.22.45.108 port 59290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T03:33:29.981Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:35:30 honeypot-ams-1 sshd[29364]: Received disconnect from 61.177.172.114 port 12823:11:  [preauth]","@timestamp":"2022-09-07T03:35:31.094Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:37:12 honeypot-ams-1 sshd[29368]: Disconnected from invalid user Admin 92.255.85.69 port 49862 [preauth]","@timestamp":"2022-09-07T03:37:13.140Z"}
{"@timestamp":"2022-09-07T03:40:58.986Z","@version":"1","message":"Sep  7 03:40:58 honeypot-sgp-1 kernel: [83398177.798120] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48124 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:41:56 honeypot-ams-1 sshd[29377]: Connection closed by 180.76.173.237 port 41240 [preauth]","@timestamp":"2022-09-07T03:41:56.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:44:43 honeypot-fra-1 sshd[19406]: Disconnected from authenticating user root 74.44.239.58 port 13556 [preauth]","@timestamp":"2022-09-07T03:44:44.224Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:44:59.082Z","@version":"1","message":"Sep  7 03:44:58 honeypot-sgp-1 sshd[27423]: Invalid user john from 45.80.184.57 port 48694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:45:33 honeypot-fra-1 sshd[19410]: Disconnected from invalid user jean 165.22.45.108 port 35620 [preauth]","@timestamp":"2022-09-07T03:45:33.243Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:46:32.120Z","@version":"1","message":"Sep  7 03:46:31 honeypot-sgp-1 sshd[27427]: Disconnected from invalid user user 45.61.186.249 port 44830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:46:51.128Z","@version":"1","message":"Sep  7 03:46:51 honeypot-sgp-1 sshd[27431]: Received disconnect from 45.61.186.249 port 39880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:47:10.137Z","@version":"1","message":"Sep  7 03:47:09 honeypot-sgp-1 sshd[27435]: Received disconnect from 45.61.186.249 port 34982:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:47:28.143Z","@version":"1","message":"Sep  7 03:47:28 honeypot-sgp-1 sshd[27441]: Received disconnect from 45.61.186.249 port 58290:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:02.157Z","@version":"1","message":"Sep  7 03:48:01 honeypot-sgp-1 sshd[27446]: Disconnected from authenticating user root 61.177.173.36 port 26646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:03.158Z","@version":"1","message":"Sep  7 03:48:02 honeypot-sgp-1 sshd[27448]: Disconnected from invalid user Admin 92.255.85.69 port 41724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:24.167Z","@version":"1","message":"Sep  7 03:48:23 honeypot-sgp-1 sshd[27454]: Disconnected from invalid user user 45.61.184.204 port 52058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:42.174Z","@version":"1","message":"Sep  7 03:48:41 honeypot-sgp-1 sshd[27458]: Disconnected from invalid user user 45.61.184.204 port 47442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:49:01.181Z","@version":"1","message":"Sep  7 03:49:00 honeypot-sgp-1 sshd[27463]: Disconnected from invalid user user 45.61.184.204 port 42834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:49:55 honeypot-fra-1 sshd[19413]: Disconnected from invalid user britney 151.106.112.77 port 41516 [preauth]","@timestamp":"2022-09-07T03:49:55.341Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:51:38.242Z","@version":"1","message":"Sep  7 03:51:37 honeypot-sgp-1 sshd[27469]: Disconnected from authenticating user root 61.177.172.98 port 25432 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:52:52.273Z","@version":"1","message":"Sep  7 03:52:52 honeypot-sgp-1 sshd[27474]: Received disconnect from 141.255.162.226 port 51768:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:52:54.276Z","@version":"1","message":"Sep  7 03:52:54 honeypot-sgp-1 sshd[27478]: Received disconnect from 141.255.162.226 port 60508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:52:56.277Z","@version":"1","message":"Sep  7 03:52:55 honeypot-sgp-1 sshd[27482]: Received disconnect from 141.255.162.226 port 41018:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:53:31.292Z","@version":"1","message":"Sep  7 03:53:30 honeypot-sgp-1 sshd[27486]: Disconnected from invalid user user 167.99.220.160 port 56562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:54:36 honeypot-ams-1 sshd[29390]: Received disconnect from 61.177.172.98 port 47377:11:  [preauth]","@timestamp":"2022-09-07T03:54:36.591Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:57:23 honeypot-fra-1 sshd[19420]: Invalid user Jeff from 165.22.45.108 port 40178","@timestamp":"2022-09-07T03:57:23.506Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:59:00 honeypot-ams-1 sshd[29399]: Connection closed by 180.76.173.237 port 41706 [preauth]","@timestamp":"2022-09-07T03:59:00.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:00:39 honeypot-ams-1 sshd[29402]: Disconnected from invalid user araknis 92.255.85.69 port 37842 [preauth]","@timestamp":"2022-09-07T04:00:40.769Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:02:12 honeypot-fra-1 sshd[19422]: Disconnected from invalid user youkhanna 178.128.104.101 port 46214 [preauth]","@timestamp":"2022-09-07T04:02:13.613Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:02:28.500Z","@version":"1","message":"Sep  7 04:02:27 honeypot-sgp-1 sshd[27494]: Disconnected from authenticating user root 120.202.180.65 port 62647 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:04:11 honeypot-ams-1 kernel: [83400040.793651] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.62.227.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=31186 PROTO=TCP SPT=41290 DPT=443 WINDOW=59659 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:04:11.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:08:07 honeypot-ams-1 sshd[29413]: Connection reset by 61.177.173.52 port 33214 [preauth]","@timestamp":"2022-09-07T04:08:07.969Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:08:56 honeypot-fra-1 sshd[19428]: Invalid user user from 45.61.187.160 port 59640","@timestamp":"2022-09-07T04:08:56.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:06 honeypot-fra-1 sshd[19432]: Invalid user user from 45.61.187.160 port 43146","@timestamp":"2022-09-07T04:09:07.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:26 honeypot-fra-1 sshd[19436]: Invalid user user from 45.61.187.160 port 38372","@timestamp":"2022-09-07T04:09:27.776Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:47 honeypot-fra-1 sshd[19441]: Invalid user user from 45.61.187.160 port 33620","@timestamp":"2022-09-07T04:09:47.785Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:11:29.714Z","@version":"1","message":"Sep  7 04:11:28 honeypot-sgp-1 sshd[27502]: Disconnected from invalid user araknis 92.255.85.69 port 33422 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:14:43 honeypot-fra-1 sshd[19445]: Invalid user solaris from 103.253.147.160 port 40252","@timestamp":"2022-09-07T04:14:44.895Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:17:01 honeypot-ams-1 CRON[29420]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T04:17:02.200Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:18:17 honeypot-fra-1 kernel: [83398742.068734] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=31049 PROTO=TCP SPT=21441 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:18:17.973Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:20:59 honeypot-fra-1 sshd[19453]: Disconnected from invalid user jenifer 165.22.45.108 port 49266 [preauth]","@timestamp":"2022-09-07T04:21:00.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:22:56.989Z","@version":"1","message":"Sep  7 04:22:56 honeypot-sgp-1 kernel: [83400695.260130] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=31.57.38.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=48135 PROTO=TCP SPT=7942 DPT=80 WINDOW=27680 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:24:35 honeypot-ams-1 sshd[29430]: Invalid user admin from 92.255.85.69 port 31804","@timestamp":"2022-09-07T04:24:36.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:25:25 honeypot-fra-1 kernel: [83399170.182365] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.209.90 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=6175 PROTO=TCP SPT=43747 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:25:26.132Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:29:19 honeypot-ams-1 kernel: [83401548.803393] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=54422 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:29:20.522Z"}
{"@timestamp":"2022-09-07T04:31:34.198Z","@version":"1","message":"Sep  7 04:31:34 honeypot-sgp-1 kernel: [83401213.184509] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=31569 DF PROTO=TCP SPT=45982 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:31:40 honeypot-fra-1 sshd[19465]: Invalid user admin from 92.255.85.70 port 20320","@timestamp":"2022-09-07T04:31:41.266Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:33:36 honeypot-fra-1 kernel: [83399660.645382] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=59014 DF PROTO=TCP SPT=50192 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:33:36.307Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:33:36 honeypot-ams-1 sshd[29443]: Disconnected from invalid user kawasima 213.55.79.194 port 34220 [preauth]","@timestamp":"2022-09-07T04:33:37.631Z"}
{"@timestamp":"2022-09-07T04:34:35.271Z","@version":"1","message":"Sep  7 04:34:34 honeypot-sgp-1 sshd[27513]: Disconnected from authenticating user root 152.67.45.125 port 54006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:37:17 honeypot-ams-1 kernel: [83402026.939854] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=47662 DF PROTO=TCP SPT=51992 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:37:18.730Z"}
{"@timestamp":"2022-09-07T04:38:45.370Z","@version":"1","message":"Sep  7 04:38:44 honeypot-sgp-1 sshd[27520]: Received disconnect from 84.2.226.70 port 59692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:39:13 honeypot-fra-1 sshd[19472]: Connection closed by invalid user rx 193.106.191.157 port 57606 [preauth]","@timestamp":"2022-09-07T04:39:13.432Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:41:12 honeypot-ams-1 kernel: [83402261.120920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=51413 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:41:12.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:43:09 honeypot-fra-1 sshd[19477]: Received disconnect from 177.93.51.98 port 43566:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:43:09.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:45:22 honeypot-fra-1 sshd[19483]: Invalid user jenkins from 165.22.45.108 port 58382","@timestamp":"2022-09-07T04:45:23.588Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:46:48.561Z","@version":"1","message":"Sep  7 04:46:48 honeypot-sgp-1 kernel: [83402127.164633] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=14642 PROTO=TCP SPT=55409 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:48:24 honeypot-ams-1 sshd[29460]: Received disconnect from 92.255.85.70 port 31480:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:48:25.022Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:51:15 honeypot-fra-1 sshd[19488]: Did not receive identification string from 141.255.162.226 port 52782","@timestamp":"2022-09-07T04:51:15.717Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:51:32 honeypot-fra-1 sshd[19491]: Disconnected from invalid user user 141.255.162.226 port 56590 [preauth]","@timestamp":"2022-09-07T04:51:32.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:51:33 honeypot-fra-1 sshd[19495]: Disconnected from invalid user user 141.255.162.226 port 55006 [preauth]","@timestamp":"2022-09-07T04:51:33.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:54:50.750Z","@version":"1","message":"Sep  7 04:54:50 honeypot-sgp-1 kernel: [83402609.167019] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.160 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36326 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:55:06 honeypot-fra-1 sshd[19500]: Received disconnect from 92.255.85.69 port 51716:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:55:06.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:55:10 honeypot-ams-1 kernel: [83403099.808776] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.205.213.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58888 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:55:11.197Z"}
{"@timestamp":"2022-09-07T04:59:33.859Z","@version":"1","message":"Sep  7 04:59:33 honeypot-sgp-1 sshd[27529]: Disconnected from invalid user takeda-pal 111.67.203.234 port 36234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 05:00:22 honeypot-ams-1 kernel: [83403411.469302] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=134.249.88.196 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=57973 DF PROTO=TCP SPT=51928 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:00:23.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:05:35 honeypot-ams-1 sshd[29478]: Invalid user user from 45.61.187.160 port 37750","@timestamp":"2022-09-07T05:05:35.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:05:54 honeypot-ams-1 sshd[29482]: Did not receive identification string from 141.255.162.226 port 33960","@timestamp":"2022-09-07T05:05:54.487Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:05 honeypot-ams-1 sshd[29485]: Disconnected from invalid user user 45.61.187.160 port 44722 [preauth]","@timestamp":"2022-09-07T05:06:05.494Z"}
{"@timestamp":"2022-09-07T05:06:08.030Z","@version":"1","message":"Sep  7 05:06:07 honeypot-sgp-1 sshd[27538]: Invalid user admin from 128.53.5.55 port 61507","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:07 honeypot-ams-1 sshd[29490]: Disconnected from invalid user user 141.255.162.226 port 40222 [preauth]","@timestamp":"2022-09-07T05:06:08.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:12 honeypot-ams-1 sshd[29495]: Received disconnect from 141.255.162.226 port 57904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:06:12.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:14 honeypot-ams-1 sshd[29497]: Received disconnect from 45.61.187.160 port 56446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:06:14.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:22 honeypot-ams-1 sshd[29503]: Received disconnect from 45.61.187.160 port 39978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:06:23.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:07:52 honeypot-fra-1 sshd[19505]: Did not receive identification string from 45.61.187.160 port 46440","@timestamp":"2022-09-07T05:07:53.080Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:20 honeypot-fra-1 sshd[19508]: Disconnected from invalid user user 45.61.187.160 port 55302 [preauth]","@timestamp":"2022-09-07T05:08:21.092Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:39 honeypot-fra-1 sshd[19512]: Disconnected from invalid user user 45.61.187.160 port 51154 [preauth]","@timestamp":"2022-09-07T05:08:40.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:56 honeypot-fra-1 sshd[19516]: Disconnected from invalid user user 45.61.187.160 port 47064 [preauth]","@timestamp":"2022-09-07T05:08:57.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:09:34 honeypot-fra-1 sshd[19520]: Disconnected from invalid user jenkins 165.22.45.108 port 39258 [preauth]","@timestamp":"2022-09-07T05:09:35.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:06 honeypot-ams-1 sshd[29509]: Invalid user user from 45.61.186.249 port 56132","@timestamp":"2022-09-07T05:11:06.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:14 honeypot-ams-1 sshd[29513]: Invalid user user from 45.61.186.249 port 38888","@timestamp":"2022-09-07T05:11:15.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:31 honeypot-ams-1 sshd[29517]: Invalid user user from 45.61.186.249 port 60892","@timestamp":"2022-09-07T05:11:32.643Z"}
{"@timestamp":"2022-09-07T05:11:38.159Z","@version":"1","message":"Sep  7 05:11:38 honeypot-sgp-1 kernel: [83403617.113642] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.206.241.219 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=59397 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:48 honeypot-ams-1 sshd[29521]: Invalid user user from 45.61.186.249 port 54676","@timestamp":"2022-09-07T05:11:49.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:16:35 honeypot-ams-1 sshd[29528]: Invalid user play from 34.93.204.90 port 33672","@timestamp":"2022-09-07T05:16:35.774Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:17:01 honeypot-fra-1 CRON[19527]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T05:17:02.292Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:17:02.312Z","@version":"1","message":"Sep  7 05:17:01 honeypot-sgp-1 CRON[27545]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:21:44 honeypot-fra-1 sshd[19533]: Invalid user jenkins from 165.22.45.108 port 43816","@timestamp":"2022-09-07T05:21:45.398Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:23:33 honeypot-ams-1 sshd[29536]: Connection closed by 180.76.173.237 port 44036 [preauth]","@timestamp":"2022-09-07T05:23:33.956Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 05:27:50 honeypot-ams-1 kernel: [83405059.283038] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.59.164.126 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24987 PROTO=TCP SPT=43071 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:27:51.070Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:29:07 honeypot-fra-1 sshd[19536]: Connection closed by invalid user ry 193.106.191.157 port 59268 [preauth]","@timestamp":"2022-09-07T05:29:08.559Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:33:01.677Z","@version":"1","message":"Sep  7 05:33:01 honeypot-sgp-1 kernel: [83404900.557902] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.151.124.68 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=6586 PROTO=TCP SPT=47922 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:34:01 honeypot-fra-1 sshd[19541]: Received disconnect from 165.22.45.108 port 48368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:34:02.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:40:51 honeypot-fra-1 kernel: [83403695.273576] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.134.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=56796 PROTO=TCP SPT=28652 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:40:51.815Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T05:40:53.864Z","@version":"1","message":"Sep  7 05:40:53 honeypot-sgp-1 sshd[27555]: Received disconnect from 191.190.153.8 port 40178:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:45:58 honeypot-ams-1 sshd[29549]: Connection closed by 180.76.173.237 port 58750 [preauth]","@timestamp":"2022-09-07T05:45:59.542Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:46:23 honeypot-fra-1 sshd[19550]: Received disconnect from 165.22.45.108 port 52928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:46:23.935Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:46:59.005Z","@version":"1","message":"Sep  7 05:46:58 honeypot-sgp-1 kernel: [83405737.587900] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.255.230.187 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=53953 PROTO=TCP SPT=49616 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:50:50 honeypot-fra-1 sshd[19998]: Connection closed by invalid user admin 59.126.219.115 port 43115 [preauth]","@timestamp":"2022-09-07T05:50:51.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20008]: Invalid user elasticsearch from 36.41.175.109 port 34366","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20022]: Invalid user ansible from 36.41.175.109 port 34398","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20005]: Connection closed by invalid user postgres 36.41.175.109 port 34388 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20014]: Connection closed by invalid user es 36.41.175.109 port 34372 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20026]: Connection closed by invalid user alarm 36.41.175.109 port 34378 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20038]: Invalid user teamspeak from 36.41.175.109 port 34434","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20049]: Invalid user ubuntu from 36.41.175.109 port 34376","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20039]: Connection closed by invalid user user 36.41.175.109 port 34490 [preauth]","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20049]: Connection closed by invalid user ubuntu 36.41.175.109 port 34376 [preauth]","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20068]: Invalid user ansible from 36.41.175.109 port 34488","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20059]: Connection closed by invalid user es 36.41.175.109 port 34494 [preauth]","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20069]: Connection closed by invalid user hduser 36.41.175.109 port 34474 [preauth]","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:57:34 honeypot-fra-1 sshd[20078]: Received disconnect from 68.183.212.10 port 36502:11: Bye Bye [preauth]","@timestamp":"2022-09-07T05:57:35.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:58:05 honeypot-ams-1 sshd[29557]: Disconnected from invalid user adslroot 92.255.85.69 port 27294 [preauth]","@timestamp":"2022-09-07T05:58:05.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:59:20 honeypot-fra-1 sshd[20083]: Received disconnect from 111.67.196.49 port 35646:11: Bye Bye [preauth]","@timestamp":"2022-09-07T05:59:21.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:02:12 honeypot-fra-1 kernel: [83404976.650450] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57691 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:02:13.292Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:03:06 honeypot-ams-1 sshd[29564]: Connection closed by authenticating user root 173.9.27.109 port 36690 [preauth]","@timestamp":"2022-09-07T06:03:06.995Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:07:11 honeypot-ams-1 kernel: [83407420.809826] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.85.16.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1705 PROTO=TCP SPT=43789 DPT=443 WINDOW=28094 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:07:12.105Z"}
{"@timestamp":"2022-09-07T06:07:42.480Z","@version":"1","message":"Sep  7 06:07:41 honeypot-sgp-1 kernel: [83406980.753451] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=57259 PROTO=TCP SPT=50404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:10:13 honeypot-fra-1 kernel: [83405458.134847] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.254.76.122 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=41094 PROTO=TCP SPT=51068 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:10:14.472Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T06:13:26.615Z","@version":"1","message":"Sep  7 06:13:26 honeypot-sgp-1 sshd[27572]: Received disconnect from 192.241.243.84 port 60858:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:16:56 honeypot-ams-1 sshd[29578]: Invalid user mario from 119.148.2.82 port 53394","@timestamp":"2022-09-07T06:16:56.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:17:01 honeypot-fra-1 CRON[20097]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T06:17:01.627Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:17:08.703Z","@version":"1","message":"Sep  7 06:17:07 honeypot-sgp-1 sshd[27574]: Connection closed by 185.220.101.187 port 29538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:19:17 honeypot-ams-1 sshd[29583]: Invalid user sti.admin5 from 92.255.85.70 port 27806","@timestamp":"2022-09-07T06:19:17.442Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:19:45 honeypot-ams-1 sshd[29587]: Connection closed by invalid user admin 216.52.136.77 port 21614 [preauth]","@timestamp":"2022-09-07T06:19:45.455Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:23:31 honeypot-fra-1 sshd[20103]: Received disconnect from 165.22.45.108 port 38360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T06:23:31.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:24:38 honeypot-ams-1 sshd[29596]: Connection closed by 180.76.173.237 port 45694 [preauth]","@timestamp":"2022-09-07T06:24:39.584Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:24:59 honeypot-ams-1 sshd[29602]: Received disconnect from 113.161.230.215 port 60432:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:24:59.596Z"}
{"@timestamp":"2022-09-07T06:25:02.915Z","@version":"1","message":"Sep  7 06:25:02 honeypot-sgp-1 CRON[27584]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:02 honeypot-ams-1 sshd[29606]: Disconnected from authenticating user root 113.161.230.215 port 60527 [preauth]","@timestamp":"2022-09-07T06:25:03.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:07 honeypot-ams-1 sshd[29777]: Received disconnect from 113.161.230.215 port 60666:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:08.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:12 honeypot-ams-1 sshd[29783]: Received disconnect from 113.161.230.215 port 60808:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:13.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:17 honeypot-ams-1 sshd[29789]: Received disconnect from 113.161.230.215 port 60936:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:17.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:22 honeypot-ams-1 sshd[29795]: Received disconnect from 113.161.230.215 port 32852:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:22.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:27 honeypot-ams-1 sshd[29801]: Received disconnect from 113.161.230.215 port 32996:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:27.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:31 honeypot-ams-1 sshd[29807]: Received disconnect from 113.161.230.215 port 33144:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:32.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:36 honeypot-ams-1 sshd[29813]: Received disconnect from 113.161.230.215 port 33263:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:37.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:41 honeypot-ams-1 sshd[29819]: Received disconnect from 113.161.230.215 port 33425:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:42.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:46 honeypot-ams-1 sshd[29825]: Received disconnect from 113.161.230.215 port 33551:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:46.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:51 honeypot-ams-1 sshd[29831]: Received disconnect from 113.161.230.215 port 33699:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:51.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:54 honeypot-ams-1 sshd[29835]: Disconnected from invalid user admin 113.161.230.215 port 33790 [preauth]","@timestamp":"2022-09-07T06:25:54.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:57 honeypot-ams-1 sshd[29839]: Disconnected from invalid user admin 113.161.230.215 port 33882 [preauth]","@timestamp":"2022-09-07T06:25:58.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:01 honeypot-ams-1 sshd[29843]: Disconnected from invalid user admin 113.161.230.215 port 33973 [preauth]","@timestamp":"2022-09-07T06:26:01.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:04 honeypot-ams-1 sshd[29847]: Disconnected from invalid user admin 113.161.230.215 port 34068 [preauth]","@timestamp":"2022-09-07T06:26:04.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:07 honeypot-ams-1 sshd[29851]: Disconnected from invalid user admin 113.161.230.215 port 34150 [preauth]","@timestamp":"2022-09-07T06:26:07.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:10 honeypot-ams-1 sshd[29855]: Disconnected from invalid user user 113.161.230.215 port 34241 [preauth]","@timestamp":"2022-09-07T06:26:11.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:15 honeypot-ams-1 sshd[29861]: Received disconnect from 113.161.230.215 port 34384:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:15.650Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:18 honeypot-ams-1 sshd[29865]: Received disconnect from 113.161.230.215 port 34478:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:19.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:22 honeypot-ams-1 sshd[29869]: Received disconnect from 113.161.230.215 port 34581:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:22.654Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:25 honeypot-ams-1 sshd[29873]: Received disconnect from 113.161.230.215 port 34670:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:25.657Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:28 honeypot-ams-1 sshd[29877]: Received disconnect from 113.161.230.215 port 34770:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:29.660Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:31 honeypot-ams-1 sshd[29881]: Received disconnect from 113.161.230.215 port 34870:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:32.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:35 honeypot-ams-1 sshd[29885]: Received disconnect from 113.161.230.215 port 34959:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:35.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:38 honeypot-ams-1 sshd[29889]: Received disconnect from 113.161.230.215 port 35055:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:38.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:41 honeypot-ams-1 sshd[29893]: Received disconnect from 113.161.230.215 port 35143:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:42.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:44 honeypot-ams-1 sshd[29897]: Received disconnect from 113.161.230.215 port 35241:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:45.672Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:48 honeypot-ams-1 sshd[29901]: Received disconnect from 113.161.230.215 port 35335:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:26:48.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:27:42 honeypot-fra-1 sshd[20246]: Received disconnect from 92.255.85.70 port 43276:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:27:42.868Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:30:22.043Z","@version":"1","message":"Sep  7 06:30:21 honeypot-sgp-1 sshd[27729]: Received disconnect from 92.255.85.70 port 61548:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:33:50 honeypot-fra-1 sshd[20252]: Invalid user webmaster from 189.112.196.1 port 20438","@timestamp":"2022-09-07T06:33:51.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:35:39 honeypot-fra-1 sshd[20257]: Disconnected from authenticating user root 139.59.98.121 port 33496 [preauth]","@timestamp":"2022-09-07T06:35:40.048Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:37:28 honeypot-ams-1 kernel: [83409237.310959] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60598 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:37:28.948Z"}
{"@timestamp":"2022-09-07T06:39:43.260Z","@version":"1","message":"Sep  7 06:39:42 honeypot-sgp-1 sshd[27932]: Invalid user mick from 167.99.12.43 port 51434","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:42:37 honeypot-fra-1 sshd[20262]: Invalid user bill from 73.3.242.105 port 49440","@timestamp":"2022-09-07T06:42:38.201Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:43:50 honeypot-fra-1 kernel: [83407474.727558] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=44.197.113.139 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=42678 DF PROTO=TCP SPT=60356 DPT=443 WINDOW=62727 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T06:43:51.229Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:45:04 honeypot-ams-1 kernel: [83409693.154853] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.81.157.50 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=59198 PROTO=TCP SPT=52165 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:45:05.144Z"}
{"@timestamp":"2022-09-07T06:47:21.444Z","@version":"1","message":"Sep  7 06:47:20 honeypot-sgp-1 kernel: [83409359.483165] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=42515 PROTO=TCP SPT=13584 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:49:32 honeypot-fra-1 sshd[20269]: Connection closed by 192.241.196.56 port 48338 [preauth]","@timestamp":"2022-09-07T06:49:33.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:55:49.640Z","@version":"1","message":"Sep  7 06:55:49 honeypot-sgp-1 kernel: [83409868.574350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.227.107.37 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54747 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:57:59 honeypot-ams-1 sshd[29937]: Connection closed by 180.76.173.237 port 60686 [preauth]","@timestamp":"2022-09-07T06:57:59.500Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:59:37 honeypot-ams-1 kernel: [83410565.982953] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.129 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55593 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:59:37.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:02:06 honeypot-fra-1 sshd[20474]: Invalid user jenni from 165.22.45.108 port 52106","@timestamp":"2022-09-07T07:02:06.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:03:40 honeypot-ams-1 kernel: [83410809.478435] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.153.77.105 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=26973 DF PROTO=TCP SPT=62810 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:03:40.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:06:25 honeypot-fra-1 sshd[20476]: Connection closed by invalid user s 193.106.191.157 port 34252 [preauth]","@timestamp":"2022-09-07T07:06:25.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:06:54 honeypot-fra-1 kernel: [83408858.949382] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.39.83.14 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x20 TTL=247 ID=15686 PROTO=TCP SPT=51694 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:06:55.748Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T07:08:18.929Z","@version":"1","message":"Sep  7 07:08:18 honeypot-sgp-1 sshd[28017]: Received disconnect from 182.16.245.79 port 39262:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:08:51 honeypot-ams-1 sshd[30048]: Invalid user xq from 200.91.219.250 port 55752","@timestamp":"2022-09-07T07:08:51.810Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:10:52 honeypot-ams-1 kernel: [83411241.185018] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=8497 PROTO=TCP SPT=54026 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:10:52.865Z"}
{"@timestamp":"2022-09-07T07:11:59.016Z","@version":"1","message":"Sep  7 07:11:58 honeypot-sgp-1 kernel: [83410837.791628] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16516 PROTO=TCP SPT=10575 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:10 honeypot-ams-1 sshd[30055]: Invalid user user from 198.98.61.9 port 59122","@timestamp":"2022-09-07T07:12:10.902Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:25 honeypot-ams-1 sshd[30059]: Invalid user user from 198.98.61.9 port 53556","@timestamp":"2022-09-07T07:12:25.910Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:39 honeypot-ams-1 sshd[30063]: Invalid user user from 198.98.61.9 port 47996","@timestamp":"2022-09-07T07:12:39.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:13:29 honeypot-ams-1 sshd[30067]: Connection closed by 180.76.173.237 port 46960 [preauth]","@timestamp":"2022-09-07T07:13:29.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:13:36 honeypot-fra-1 sshd[20486]: Disconnected from invalid user zhone 92.255.85.69 port 31240 [preauth]","@timestamp":"2022-09-07T07:13:36.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T07:16:56.135Z","@version":"1","message":"Sep  7 07:16:55 honeypot-sgp-1 sshd[28024]: Received disconnect from 92.255.85.70 port 52932:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:17:01 honeypot-ams-1 CRON[30074]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T07:17:02.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:18:53 honeypot-fra-1 sshd[20492]: Connection closed by authenticating user root 103.188.176.251 port 55122 [preauth]","@timestamp":"2022-09-07T07:18:54.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T07:20:15.214Z","@version":"1","message":"Sep  7 07:20:14 honeypot-sgp-1 kernel: [83411333.470250] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=13604 DF PROTO=TCP SPT=49770 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:24:09 honeypot-fra-1 sshd[20495]: Disconnected from invalid user jenny 165.22.45.108 port 56902 [preauth]","@timestamp":"2022-09-07T07:24:10.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:25:00 honeypot-ams-1 sshd[30082]: Disconnected from authenticating user root 187.33.56.200 port 51014 [preauth]","@timestamp":"2022-09-07T07:25:00.284Z"}
{"@timestamp":"2022-09-07T07:26:04.351Z","@version":"1","message":"Sep  7 07:26:03 honeypot-sgp-1 kernel: [83411682.447005] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.204.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50679 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:26:29 honeypot-ams-1 sshd[30086]: Received disconnect from 164.70.100.221 port 40960:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:26:30.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:30:10 honeypot-ams-1 sshd[30091]: Invalid user admin from 92.255.85.70 port 33316","@timestamp":"2022-09-07T07:30:11.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:34:08 honeypot-fra-1 sshd[20500]: Connection closed by 114.246.10.197 port 43032 [preauth]","@timestamp":"2022-09-07T07:34:08.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:36:19 honeypot-fra-1 sshd[20507]: Received disconnect from 34.93.196.224 port 43188:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:36:20.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:37:07 honeypot-fra-1 sshd[20511]: Received disconnect from 164.92.233.93 port 39812:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:37:07.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:37:51 honeypot-fra-1 sshd[20515]: Disconnected from authenticating user root 175.207.13.22 port 50166 [preauth]","@timestamp":"2022-09-07T07:37:51.425Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T07:43:13.773Z","@version":"1","message":"Sep  7 07:43:13 honeypot-sgp-1 sshd[28036]: Invalid user user from 103.188.176.251 port 55486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:43:43 honeypot-ams-1 sshd[30095]: Connection closed by 180.76.173.237 port 47710 [preauth]","@timestamp":"2022-09-07T07:43:43.769Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:46:42 honeypot-fra-1 sshd[20520]: Connection closed by invalid user zhaowen 137.116.144.39 port 35966 [preauth]","@timestamp":"2022-09-07T07:46:43.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:53:09 honeypot-fra-1 kernel: [83411633.461753] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.210.107.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=31823 PROTO=TCP SPT=57026 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:53:09.754Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:53:33 honeypot-ams-1 sshd[30104]: Received disconnect from 92.255.85.69 port 20812:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:53:34.023Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:56:14 honeypot-fra-1 sshd[20530]: Connection closed by invalid user sa 193.106.191.157 port 35742 [preauth]","@timestamp":"2022-09-07T07:56:15.839Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:02:46 honeypot-fra-1 sshd[20535]: Received disconnect from 165.22.45.108 port 42396:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T08:02:46.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T08:03:53.252Z","@version":"1","message":"Sep  7 08:03:52 honeypot-sgp-1 sshd[28042]: Invalid user user from 45.61.186.249 port 50638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:11.261Z","@version":"1","message":"Sep  7 08:04:11 honeypot-sgp-1 sshd[28046]: Invalid user user from 45.61.186.249 port 45734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:29.270Z","@version":"1","message":"Sep  7 08:04:29 honeypot-sgp-1 sshd[28050]: Invalid user user from 45.61.186.249 port 40866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:39.275Z","@version":"1","message":"Sep  7 08:04:38 honeypot-sgp-1 sshd[28054]: Invalid user user from 45.61.186.249 port 52496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 08:11:04 honeypot-ams-1 kernel: [83414853.136140] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9764 PROTO=TCP SPT=47606 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:11:04.473Z"}
{"@timestamp":"2022-09-07T08:11:50.444Z","@version":"1","message":"Sep  7 08:11:49 honeypot-sgp-1 sshd[28059]: Received disconnect from 146.59.156.163 port 34156:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:15:39 honeypot-fra-1 sshd[20559]: Received disconnect from 165.22.45.108 port 46970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T08:15:40.261Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T08:17:01.569Z","@version":"1","message":"Sep  7 08:17:01 honeypot-sgp-1 CRON[28084]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:17:14 honeypot-ams-1 sshd[30116]: Invalid user superonline from 92.255.85.69 port 31934","@timestamp":"2022-09-07T08:17:15.632Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 08:20:27 honeypot-ams-1 kernel: [83415416.168478] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13832 PROTO=TCP SPT=58589 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:20:27.716Z"}
{"@timestamp":"2022-09-07T08:24:12.739Z","@version":"1","message":"Sep  7 08:24:12 honeypot-sgp-1 kernel: [83415171.430723] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=3.90.148.15 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=60464 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:24:26 honeypot-fra-1 kernel: [83413510.336216] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=51648 PROTO=TCP SPT=58930 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:24:27.452Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T08:27:34.822Z","@version":"1","message":"Sep  7 08:27:34 honeypot-sgp-1 sshd[28096]: Invalid user superonline from 92.255.85.70 port 61952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:28:46 honeypot-fra-1 sshd[20567]: Disconnected from invalid user jessica 165.22.45.108 port 51564 [preauth]","@timestamp":"2022-09-07T08:28:47.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:31:17 honeypot-fra-1 sshd[20571]: Connection closed by authenticating user root 141.98.10.158 port 37426 [preauth]","@timestamp":"2022-09-07T08:31:17.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 08:35:53 honeypot-ams-1 kernel: [83416341.939628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.65.139.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=33906 PROTO=TCP SPT=27720 DPT=80 WINDOW=44765 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:35:53.131Z"}
{"@timestamp":"2022-09-07T08:38:06.088Z","@version":"1","message":"Sep  7 08:38:06 honeypot-sgp-1 kernel: [83416004.938241] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.48 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=26285 PROTO=TCP SPT=55563 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:42:04 honeypot-fra-1 sshd[20654]: Invalid user jessica from 165.22.45.108 port 56154","@timestamp":"2022-09-07T08:42:04.843Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:43:44 honeypot-ams-1 sshd[30156]: Connection closed by 180.76.173.237 port 49104 [preauth]","@timestamp":"2022-09-07T08:43:45.357Z"}
{"@timestamp":"2022-09-07T08:44:35.241Z","@version":"1","message":"Sep  7 08:44:34 honeypot-sgp-1 sshd[28110]: Received disconnect from 210.106.108.250 port 44231:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:47:17 honeypot-fra-1 sshd[20665]: Invalid user admin from 92.255.85.70 port 47960","@timestamp":"2022-09-07T08:47:17.958Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T08:50:56.394Z","@version":"1","message":"Sep  7 08:50:55 honeypot-sgp-1 sshd[28115]: Received disconnect from 92.255.85.69 port 31154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:18 honeypot-fra-1 sshd[20670]: Disconnected from invalid user user 45.61.187.160 port 49484 [preauth]","@timestamp":"2022-09-07T08:51:19.049Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:38 honeypot-fra-1 sshd[20674]: Disconnected from invalid user user 45.61.187.160 port 44994 [preauth]","@timestamp":"2022-09-07T08:51:38.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:54 honeypot-fra-1 sshd[20678]: Disconnected from invalid user user 45.61.187.160 port 40496 [preauth]","@timestamp":"2022-09-07T08:51:55.072Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:52:09 honeypot-fra-1 sshd[20682]: Disconnected from invalid user user 45.61.187.160 port 35984 [preauth]","@timestamp":"2022-09-07T08:52:10.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:55:45 honeypot-fra-1 sshd[20685]: Disconnected from invalid user jessica 165.22.45.108 port 60760 [preauth]","@timestamp":"2022-09-07T08:55:46.160Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T08:58:56.581Z","@version":"1","message":"Sep  7 08:58:56 honeypot-sgp-1 sshd[28120]: Disconnected from invalid user or 102.223.92.101 port 5327 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:00:39.624Z","@version":"1","message":"Sep  7 09:00:39 honeypot-sgp-1 kernel: [83417358.141354] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.55.227 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=55849 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:01:56.660Z","@version":"1","message":"Sep  7 09:01:55 honeypot-sgp-1 sshd[28126]: Disconnected from invalid user noc 186.206.144.34 port 41200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:02:38 honeypot-ams-1 sshd[30161]: Disconnected from invalid user admin 92.255.85.69 port 42168 [preauth]","@timestamp":"2022-09-07T09:02:38.835Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:06:42 honeypot-fra-1 kernel: [83416046.531892] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1971 PROTO=TCP SPT=52987 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:06:43.398Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:10:52 honeypot-fra-1 sshd[20696]: Disconnected from invalid user admin 92.255.85.69 port 36480 [preauth]","@timestamp":"2022-09-07T09:10:53.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:04 honeypot-fra-1 sshd[20700]: Disconnected from invalid user user 141.255.162.226 port 52752 [preauth]","@timestamp":"2022-09-07T09:15:04.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:07 honeypot-fra-1 sshd[20704]: Disconnected from invalid user user 141.255.162.226 port 43724 [preauth]","@timestamp":"2022-09-07T09:15:07.598Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:15:08.968Z","@version":"1","message":"Sep  7 09:15:08 honeypot-sgp-1 sshd[28136]: Received disconnect from 92.95.84.184 port 38098:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:11 honeypot-fra-1 sshd[20708]: Disconnected from invalid user user 141.255.162.226 port 51612 [preauth]","@timestamp":"2022-09-07T09:15:12.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:14 honeypot-fra-1 sshd[20712]: Disconnected from invalid user user 141.255.162.226 port 41456 [preauth]","@timestamp":"2022-09-07T09:15:14.602Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:15:29.978Z","@version":"1","message":"Sep  7 09:15:29 honeypot-sgp-1 sshd[28148]: Received disconnect from 92.95.84.184 port 39058:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:15:39.984Z","@version":"1","message":"Sep  7 09:15:39 honeypot-sgp-1 sshd[28154]: Received disconnect from 92.95.84.184 port 39486:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:15:54.991Z","@version":"1","message":"Sep  7 09:15:54 honeypot-sgp-1 sshd[28162]: Received disconnect from 92.95.84.184 port 40234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:16:07.997Z","@version":"1","message":"Sep  7 09:16:07 honeypot-sgp-1 sshd[28170]: Received disconnect from 92.95.84.184 port 40776:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:16:15.001Z","@version":"1","message":"Sep  7 09:16:14 honeypot-sgp-1 sshd[28174]: Disconnected from authenticating user root 92.95.84.184 port 41114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:17:01 honeypot-ams-1 CRON[30166]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T09:17:02.230Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:22:43 honeypot-fra-1 sshd[20720]: Invalid user Jessica from 165.22.45.108 port 41690","@timestamp":"2022-09-07T09:22:43.763Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:26:00 honeypot-ams-1 sshd[30176]: Invalid user lgnortel from 92.255.85.70 port 54374","@timestamp":"2022-09-07T09:26:01.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:28:54 honeypot-fra-1 kernel: [83417377.883214] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=46753 PROTO=TCP SPT=46833 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:28:54.899Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T09:34:35.428Z","@version":"1","message":"Sep  7 09:34:34 honeypot-sgp-1 sshd[28187]: Did not receive identification string from 167.99.220.160 port 41014","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:34:41 honeypot-fra-1 kernel: [83417725.141172] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=2865 PROTO=TCP SPT=57211 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:34:42.040Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T09:37:17.493Z","@version":"1","message":"Sep  7 09:37:17 honeypot-sgp-1 sshd[28190]: Received disconnect from 167.99.220.160 port 35398:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:38:04 honeypot-ams-1 sshd[30182]: Connection closed by 180.76.173.237 port 36254 [preauth]","@timestamp":"2022-09-07T09:38:04.768Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:38:14 honeypot-fra-1 kernel: [83417938.127746] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=34924 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:38:15.120Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:49:47 honeypot-fra-1 sshd[20740]: Disconnected from invalid user jessica 165.22.45.108 port 50864 [preauth]","@timestamp":"2022-09-07T09:49:47.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:49:51 honeypot-ams-1 sshd[30187]: Did not receive identification string from 92.255.85.113 port 31907","@timestamp":"2022-09-07T09:49:52.070Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 09:53:11 honeypot-ams-1 kernel: [83420980.514033] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=42911 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:53:12.158Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:57:16 honeypot-fra-1 sshd[20745]: Disconnected from authenticating user root 20.104.91.36 port 54218 [preauth]","@timestamp":"2022-09-07T09:57:17.526Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:58:18.996Z","@version":"1","message":"Sep  7 09:58:18 honeypot-sgp-1 sshd[28194]: Invalid user Admin from 92.255.85.70 port 46706","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 09:58:33 honeypot-ams-1 kernel: [83421302.658896] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34800 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:58:34.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:03:20 honeypot-fra-1 sshd[20752]: Received disconnect from 165.22.45.108 port 56814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T10:03:20.660Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T10:05:50.177Z","@version":"1","message":"Sep  7 10:05:49 honeypot-sgp-1 kernel: [83421268.028882] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.152.46 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=2493 PROTO=TCP SPT=11488 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:06:14 honeypot-fra-1 sshd[20754]: Disconnected from authenticating user root 62.94.193.216 port 59766 [preauth]","@timestamp":"2022-09-07T10:06:14.725Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:10:54 honeypot-ams-1 sshd[30198]: Invalid user admin1234 from 92.255.85.70 port 18230","@timestamp":"2022-09-07T10:10:54.619Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:12:02 honeypot-fra-1 sshd[20759]: Received disconnect from 61.177.173.39 port 45190:11:  [preauth]","@timestamp":"2022-09-07T10:12:02.851Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:14:55 honeypot-fra-1 kernel: [83420138.999613] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.179.166.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=33040 PROTO=TCP SPT=9178 DPT=80 WINDOW=55837 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:14:55.914Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:15:03 honeypot-ams-1 sshd[30200]: Disconnected from authenticating user root 165.22.91.88 port 46996 [preauth]","@timestamp":"2022-09-07T10:15:03.728Z"}
{"@timestamp":"2022-09-07T10:17:01.452Z","@version":"1","message":"Sep  7 10:17:01 honeypot-sgp-1 CRON[28202]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:17:01 honeypot-fra-1 CRON[20766]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T10:17:01.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:19:02 honeypot-fra-1 kernel: [83420386.445528] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=20993 PROTO=TCP SPT=45902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:19:03.006Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T10:19:09.507Z","@version":"1","message":"Sep  7 10:19:09 honeypot-sgp-1 kernel: [83422067.983267] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.108.186 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=4083 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:19:38 honeypot-fra-1 sshd[20776]: Received disconnect from 198.98.61.9 port 54736:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T10:19:39.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 10:19:45 honeypot-ams-1 kernel: [83422574.804333] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.205.213.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60946 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:19:46.852Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:19:53 honeypot-fra-1 sshd[20780]: Received disconnect from 198.98.61.9 port 48020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T10:19:54.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:20:08 honeypot-fra-1 sshd[20784]: Received disconnect from 198.98.61.9 port 41330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T10:20:09.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:21:39 honeypot-fra-1 sshd[20789]: Received disconnect from 61.177.173.36 port 63791:11:  [preauth]","@timestamp":"2022-09-07T10:21:40.070Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:23:56 honeypot-fra-1 sshd[20793]: Disconnected from invalid user admins 165.227.68.95 port 49932 [preauth]","@timestamp":"2022-09-07T10:23:57.118Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:25:20 honeypot-ams-1 sshd[30215]: Connection reset by invalid user bzrx1098ui 92.255.85.113 port 6397 [preauth]","@timestamp":"2022-09-07T10:25:21.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:26:23 honeypot-fra-1 sshd[20801]: Disconnected from authenticating user root 61.177.173.51 port 20098 [preauth]","@timestamp":"2022-09-07T10:26:24.174Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T10:26:27.685Z","@version":"1","message":"Sep  7 10:26:26 honeypot-sgp-1 sshd[28214]: Received disconnect from 118.200.42.47 port 39348:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T10:32:10.825Z","@version":"1","message":"Sep  7 10:32:10 honeypot-sgp-1 sshd[28218]: Connection reset by invalid user bzrx1098ui 92.255.85.113 port 56617 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:32:25 honeypot-fra-1 sshd[20808]: Received disconnect from 147.182.219.221 port 40274:11: Bye Bye [preauth]","@timestamp":"2022-09-07T10:32:26.303Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:34:24 honeypot-ams-1 sshd[30225]: Connection reset by 61.177.172.19 port 43864 [preauth]","@timestamp":"2022-09-07T10:34:25.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:37:49 honeypot-ams-1 sshd[30234]: Connection reset by 61.177.173.51 port 24082 [preauth]","@timestamp":"2022-09-07T10:37:49.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:38:25 honeypot-fra-1 kernel: [83421549.224864] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=41017 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:38:26.434Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:43:45 honeypot-fra-1 sshd[20818]: Received disconnect from 165.22.45.108 port 42348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T10:43:45.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:02 honeypot-fra-1 sshd[20825]: Received disconnect from 141.255.162.226 port 48636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T10:46:03.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:06 honeypot-fra-1 sshd[20829]: Received disconnect from 141.255.162.226 port 38758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T10:46:07.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:09 honeypot-fra-1 sshd[20833]: Received disconnect from 141.255.162.226 port 57116:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T10:46:10.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:47:15 honeypot-fra-1 kernel: [83422078.790276] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.102.95 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=46400 DF PROTO=TCP SPT=41088 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:47:15.631Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T10:50:05.248Z","@version":"1","message":"Sep  7 10:50:04 honeypot-sgp-1 kernel: [83423923.210358] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35179 PROTO=TCP SPT=16057 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:50:51 honeypot-ams-1 sshd[30253]: Disconnected from authenticating user root 61.177.173.35 port 58410 [preauth]","@timestamp":"2022-09-07T10:50:51.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:53:19 honeypot-fra-1 kernel: [83422443.304320] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.96 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=6784 PROTO=TCP SPT=34443 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:53:20.761Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:55:31 honeypot-ams-1 sshd[30257]: Disconnected from invalid user motorola 92.255.85.70 port 47606 [preauth]","@timestamp":"2022-09-07T10:55:31.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:36 honeypot-ams-1 sshd[30263]: Invalid user user from 141.255.162.226 port 34398","@timestamp":"2022-09-07T11:00:36.934Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:41 honeypot-ams-1 sshd[30267]: Invalid user user from 141.255.162.226 port 52230","@timestamp":"2022-09-07T11:00:41.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:43 honeypot-ams-1 sshd[30271]: Invalid user user from 141.255.162.226 port 32920","@timestamp":"2022-09-07T11:00:43.937Z"}
{"@timestamp":"2022-09-07T11:01:41.526Z","@version":"1","message":"Sep  7 11:01:41 honeypot-sgp-1 sshd[28230]: Invalid user monit from 157.245.107.128 port 57832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:01:51 honeypot-fra-1 sshd[20863]: Received disconnect from 92.255.85.70 port 44898:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:01:51.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:03:15 honeypot-fra-1 kernel: [83423039.062311] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.88 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54567 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:03:15.977Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:03:33 honeypot-ams-1 kernel: [83425201.929152] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.238.45.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=7054 PROTO=TCP SPT=46427 DPT=443 WINDOW=27505 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:03:34.009Z"}
{"@timestamp":"2022-09-07T11:05:57.628Z","@version":"1","message":"Sep  7 11:05:57 honeypot-sgp-1 sshd[28233]: Received disconnect from 92.255.85.70 port 63684:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:08:47 honeypot-fra-1 sshd[20878]: Invalid user pi from 82.66.77.8 port 58902","@timestamp":"2022-09-07T11:08:48.099Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:10:46.743Z","@version":"1","message":"Sep  7 11:10:46 honeypot-sgp-1 sshd[28238]: Connection closed by invalid user admin 178.128.125.205 port 42070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:10:47 honeypot-fra-1 sshd[20882]: Disconnected from invalid user jetty 165.22.45.108 port 51506 [preauth]","@timestamp":"2022-09-07T11:10:48.144Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:11:50 honeypot-fra-1 sshd[20888]: Connection closed by invalid user admin 159.203.178.0 port 63488 [preauth]","@timestamp":"2022-09-07T11:11:50.170Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:13:14 honeypot-ams-1 kernel: [83425783.211970] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.217.224.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=44168 PROTO=TCP SPT=33861 DPT=443 WINDOW=52228 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:13:15.263Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:14:17 honeypot-fra-1 sshd[20897]: Invalid user se from 193.106.191.157 port 41810","@timestamp":"2022-09-07T11:14:18.226Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:15:47.862Z","@version":"1","message":"Sep  7 11:15:46 honeypot-sgp-1 kernel: [83425465.661094] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.135.45.243 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=123 ID=33720 PROTO=TCP SPT=34580 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:15:59 honeypot-fra-1 sshd[20902]: Received disconnect from 61.177.173.47 port 42753:11:  [preauth]","@timestamp":"2022-09-07T11:15:59.265Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:17:12 honeypot-ams-1 sshd[30284]: Disconnected from 61.177.173.48 port 12603 [preauth]","@timestamp":"2022-09-07T11:17:13.367Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:21:31 honeypot-fra-1 sshd[20912]: Disconnected from authenticating user root 61.177.173.50 port 17750 [preauth]","@timestamp":"2022-09-07T11:21:32.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:25:54 honeypot-fra-1 sshd[20917]: Disconnected from invalid user airlive 92.255.85.70 port 22988 [preauth]","@timestamp":"2022-09-07T11:25:54.483Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:27:41 honeypot-ams-1 kernel: [83426650.740682] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34134 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:27:42.648Z"}
{"@timestamp":"2022-09-07T11:28:57.168Z","@version":"1","message":"Sep  7 11:28:56 honeypot-sgp-1 sshd[28250]: Received disconnect from 92.255.85.69 port 37174:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:19 honeypot-ams-1 sshd[30299]: Invalid user user from 45.61.184.204 port 33976","@timestamp":"2022-09-07T11:29:20.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:38 honeypot-ams-1 sshd[30303]: Invalid user user from 45.61.184.204 port 57274","@timestamp":"2022-09-07T11:29:38.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:56 honeypot-ams-1 sshd[30307]: Invalid user user from 45.61.184.204 port 52336","@timestamp":"2022-09-07T11:29:57.738Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:30:22 honeypot-ams-1 kernel: [83426811.592195] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=29067 PROTO=TCP SPT=50204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:30:23.751Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:33:40 honeypot-fra-1 kernel: [83424863.726951] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.6.130.144 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55690 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:33:40.655Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:34:01 honeypot-ams-1 kernel: [83427030.503565] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=42953 PROTO=TCP SPT=36567 DPT=80 WINDOW=25606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:34:01.847Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:37:02 honeypot-fra-1 sshd[20928]: Received disconnect from 46.101.141.155 port 52180:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:37:02.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:39:44 honeypot-fra-1 sshd[20936]: Received disconnect from 61.177.173.53 port 18175:11:  [preauth]","@timestamp":"2022-09-07T11:39:44.790Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:41:01 honeypot-ams-1 sshd[30326]: Received disconnect from 92.255.85.69 port 28426:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:41:02.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:42:30 honeypot-fra-1 sshd[20943]: Received disconnect from 104.248.143.226 port 50236:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:42:30.852Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:45:53 honeypot-ams-1 sshd[30334]: Connection closed by 180.76.173.237 port 53362 [preauth]","@timestamp":"2022-09-07T11:45:54.178Z"}
{"@timestamp":"2022-09-07T11:46:39.567Z","@version":"1","message":"Sep  7 11:46:38 honeypot-sgp-1 sshd[28259]: Disconnected from authenticating user root 202.137.26.4 port 44164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T11:49:47.658Z","@version":"1","message":"Sep  7 11:49:46 honeypot-sgp-1 sshd[28265]: Received disconnect from 162.241.114.75 port 49620:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:50:48 honeypot-fra-1 sshd[20950]: Did not receive identification string from 34.92.211.177 port 48688","@timestamp":"2022-09-07T11:50:49.045Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:51:29.699Z","@version":"1","message":"Sep  7 11:51:28 honeypot-sgp-1 sshd[28269]: Disconnected from invalid user yoshichika 157.245.81.154 port 11288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:55:38 honeypot-fra-1 sshd[20956]: Received disconnect from 137.184.28.240 port 46928:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:55:38.149Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:57:28 honeypot-ams-1 sshd[30340]: Disconnected from authenticating user root 61.177.173.36 port 13015 [preauth]","@timestamp":"2022-09-07T11:57:29.468Z"}
{"@timestamp":"2022-09-07T12:00:56.917Z","@version":"1","message":"Sep  7 12:00:56 honeypot-sgp-1 kernel: [83428174.829652] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.206.241.219 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=34007 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:03:43 honeypot-fra-1 sshd[20967]: Invalid user sf from 193.106.191.157 port 43362","@timestamp":"2022-09-07T12:03:44.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:04:21 honeypot-ams-1 sshd[30352]: Received disconnect from 139.59.70.64 port 41084:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:04:21.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:06:00 honeypot-ams-1 sshd[30354]: Disconnected from invalid user admin 92.255.85.70 port 33026 [preauth]","@timestamp":"2022-09-07T12:06:00.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:09:32 honeypot-fra-1 sshd[20974]: Received disconnect from 61.177.173.47 port 19234:11:  [preauth]","@timestamp":"2022-09-07T12:09:32.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:12:37 honeypot-fra-1 sshd[20979]: Received disconnect from 92.255.85.69 port 44924:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:12:37.537Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T12:15:54.278Z","@version":"1","message":"Sep  7 12:15:53 honeypot-sgp-1 kernel: [83429072.179741] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26648 PROTO=TCP SPT=52024 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:17:01 honeypot-ams-1 CRON[30364]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T12:17:01.983Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:19:55 honeypot-fra-1 sshd[20985]: Connection reset by 61.177.173.51 port 29331 [preauth]","@timestamp":"2022-09-07T12:19:56.695Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:22:35 honeypot-ams-1 kernel: [83429944.350493] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.96.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44546 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:22:36.134Z"}
{"@timestamp":"2022-09-07T12:24:06.468Z","@version":"1","message":"Sep  7 12:24:05 honeypot-sgp-1 kernel: [83429564.672237] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.204.145.8 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=62776 PROTO=TCP SPT=53317 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:25:30 honeypot-fra-1 kernel: [83427973.403669] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=56523 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:25:30.819Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:27:57 honeypot-ams-1 sshd[30375]: Invalid user roqos from 92.255.85.70 port 47506","@timestamp":"2022-09-07T12:27:58.276Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:29:03 honeypot-ams-1 kernel: [83430332.573953] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=177.131.211.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=15661 PROTO=TCP SPT=55251 DPT=80 WINDOW=3859 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:29:04.308Z"}
{"@timestamp":"2022-09-07T12:34:13.702Z","@version":"1","message":"Sep  7 12:34:12 honeypot-sgp-1 sshd[28293]: Received disconnect from 45.61.186.169 port 49124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:34:30.709Z","@version":"1","message":"Sep  7 12:34:30 honeypot-sgp-1 sshd[28297]: Received disconnect from 45.61.186.169 port 44178:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:34:47.717Z","@version":"1","message":"Sep  7 12:34:47 honeypot-sgp-1 sshd[28301]: Received disconnect from 45.61.186.169 port 39240:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:35:05 honeypot-fra-1 sshd[21000]: Disconnected from invalid user roqos 92.255.85.70 port 15372 [preauth]","@timestamp":"2022-09-07T12:35:06.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:35:51 honeypot-ams-1 sshd[30819]: Connection closed by authenticating user root 103.188.176.251 port 33284 [preauth]","@timestamp":"2022-09-07T12:35:51.485Z"}
{"@timestamp":"2022-09-07T12:38:53.815Z","@version":"1","message":"Sep  7 12:38:53 honeypot-sgp-1 sshd[28308]: Invalid user user from 141.255.162.226 port 35998","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:38:56.817Z","@version":"1","message":"Sep  7 12:38:55 honeypot-sgp-1 sshd[28310]: Disconnected from invalid user user 141.255.162.226 port 56396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:38:57.818Z","@version":"1","message":"Sep  7 12:38:57 honeypot-sgp-1 sshd[28316]: Connection closed by 141.255.162.226 port 51682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:39:03 honeypot-ams-1 sshd[30827]: Received disconnect from 61.177.173.37 port 14695:11:  [preauth]","@timestamp":"2022-09-07T12:39:03.570Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:40:11 honeypot-fra-1 sshd[21011]: Invalid user jetty from 165.22.45.108 port 51020","@timestamp":"2022-09-07T12:40:12.152Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:43:52 honeypot-ams-1 sshd[30840]: Disconnected from invalid user armani 20.101.101.40 port 57666 [preauth]","@timestamp":"2022-09-07T12:43:53.694Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:45:18 honeypot-fra-1 sshd[21020]: Received disconnect from 134.122.119.221 port 50344:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:45:19.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:49:32 honeypot-ams-1 kernel: [83431561.574272] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5907 PROTO=TCP SPT=49914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:49:32.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:51:19 honeypot-ams-1 sshd[30853]: Connection closed by authenticating user root 121.135.254.185 port 51882 [preauth]","@timestamp":"2022-09-07T12:51:19.893Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:51:59 honeypot-fra-1 sshd[21027]: Received disconnect from 14.161.50.120 port 57671:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:51:59.418Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T12:52:00.117Z","@version":"1","message":"Sep  7 12:51:59 honeypot-sgp-1 sshd[28322]: Connection closed by authenticating user root 41.214.117.25 port 57768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:53:13 honeypot-fra-1 sshd[21029]: Connection closed by invalid user sg 193.106.191.157 port 44822 [preauth]","@timestamp":"2022-09-07T12:53:14.448Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:56:42 honeypot-ams-1 sshd[30858]: Disconnected from invalid user don 200.89.174.178 port 56326 [preauth]","@timestamp":"2022-09-07T12:56:43.034Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:58:48 honeypot-ams-1 kernel: [83432117.610551] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.176.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21903 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:58:49.091Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:59:24 honeypot-ams-1 sshd[30871]: Invalid user user from 45.61.184.204 port 43124","@timestamp":"2022-09-07T12:59:25.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:59:26 honeypot-fra-1 sshd[21038]: Received disconnect from 187.94.111.151 port 33542:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:59:27.589Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:59:44 honeypot-ams-1 sshd[30875]: Invalid user user from 45.61.184.204 port 38010","@timestamp":"2022-09-07T12:59:45.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:00:01 honeypot-ams-1 sshd[30879]: Invalid user user from 45.61.184.204 port 32896","@timestamp":"2022-09-07T13:00:02.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:00:18 honeypot-ams-1 sshd[30883]: Invalid user user from 45.61.184.204 port 56022","@timestamp":"2022-09-07T13:00:19.138Z"}
{"@timestamp":"2022-09-07T13:00:55.342Z","@version":"1","message":"Sep  7 13:00:54 honeypot-sgp-1 kernel: [83431773.082265] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.189.4.162 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=123 ID=54012 PROTO=TCP SPT=50942 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 13:01:33 honeypot-ams-1 kernel: [83432282.103329] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=24299 PROTO=TCP SPT=36567 DPT=80 WINDOW=25606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:01:34.172Z"}
{"@timestamp":"2022-09-07T13:02:43.386Z","@version":"1","message":"Sep  7 13:02:43 honeypot-sgp-1 kernel: [83431881.782246] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=28279 PROTO=TCP SPT=57211 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:06:03.466Z","@version":"1","message":"Sep  7 13:06:03 honeypot-sgp-1 kernel: [83432081.740396] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=58231 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:06:57 honeypot-fra-1 kernel: [83430460.306106] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60660 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:06:57.760Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T13:08:32.527Z","@version":"1","message":"Sep  7 13:08:32 honeypot-sgp-1 sshd[28338]: Invalid user hanno from 203.170.129.197 port 49900","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:09:11.544Z","@version":"1","message":"Sep  7 13:09:11 honeypot-sgp-1 sshd[28342]: Received disconnect from 103.63.212.91 port 44434:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:09:35.555Z","@version":"1","message":"Sep  7 13:09:34 honeypot-sgp-1 sshd[28346]: Disconnected from 161.35.131.133 port 50074 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:11:32 honeypot-fra-1 sshd[21051]: Disconnected from authenticating user root 61.177.172.114 port 13270 [preauth]","@timestamp":"2022-09-07T13:11:32.862Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:12:20.622Z","@version":"1","message":"Sep  7 13:12:19 honeypot-sgp-1 sshd[28351]: Disconnected from invalid user niko 43.154.214.20 port 53566 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:14:37 honeypot-ams-1 sshd[30901]: Invalid user sitecom from 92.255.85.70 port 29542","@timestamp":"2022-09-07T13:14:37.509Z"}
{"@timestamp":"2022-09-07T13:16:17.715Z","@version":"1","message":"Sep  7 13:16:16 honeypot-sgp-1 sshd[28358]: Invalid user niko from 187.94.111.151 port 44608","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:17:01 honeypot-fra-1 CRON[21062]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T13:17:01.986Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 13:20:28 honeypot-ams-1 kernel: [83433417.472371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41076 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:20:29.660Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:20:53 honeypot-fra-1 sshd[21070]: Invalid user sitecom from 92.255.85.70 port 40676","@timestamp":"2022-09-07T13:20:54.078Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:22:50.868Z","@version":"1","message":"Sep  7 13:22:50 honeypot-sgp-1 sshd[28364]: Did not receive identification string from 198.98.61.9 port 54902","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:23:33.887Z","@version":"1","message":"Sep  7 13:23:33 honeypot-sgp-1 sshd[28367]: Received disconnect from 198.98.61.9 port 49526:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:23:48.894Z","@version":"1","message":"Sep  7 13:23:48 honeypot-sgp-1 sshd[28371]: Received disconnect from 198.98.61.9 port 44060:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:24:03.901Z","@version":"1","message":"Sep  7 13:24:03 honeypot-sgp-1 sshd[28375]: Received disconnect from 198.98.61.9 port 38590:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:24:17 honeypot-fra-1 sshd[21074]: Received disconnect from 2.115.171.85 port 26668:11: Bye Bye [preauth]","@timestamp":"2022-09-07T13:24:18.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:26:27 honeypot-ams-1 sshd[30920]: Received disconnect from 45.61.186.249 port 38492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:26:27.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:26:40 honeypot-fra-1 sshd[21079]: Disconnected from invalid user jevitube 165.22.45.108 port 36684 [preauth]","@timestamp":"2022-09-07T13:26:40.210Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:26:45 honeypot-ams-1 sshd[30924]: Received disconnect from 45.61.186.249 port 33228:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:26:45.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:27:03 honeypot-ams-1 sshd[30930]: Invalid user user from 45.61.186.249 port 56194","@timestamp":"2022-09-07T13:27:03.835Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 13:28:10 honeypot-ams-1 kernel: [83433878.945536] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.67.66.107 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=25715 DF PROTO=TCP SPT=17560 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:28:10.866Z"}
{"@timestamp":"2022-09-07T13:29:28.028Z","@version":"1","message":"Sep  7 13:29:27 honeypot-sgp-1 kernel: [83433486.080794] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.91.204 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=22603 PROTO=TCP SPT=20460 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:34:17 honeypot-ams-1 sshd[30938]: Disconnected from invalid user beavis 213.215.163.233 port 35226 [preauth]","@timestamp":"2022-09-07T13:34:18.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:39:34 honeypot-fra-1 sshd[21093]: Did not receive identification string from 45.61.186.249 port 49292","@timestamp":"2022-09-07T13:39:35.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:13 honeypot-fra-1 sshd[21096]: Disconnected from invalid user user 45.61.186.249 port 37984 [preauth]","@timestamp":"2022-09-07T13:40:13.514Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 13:40:20 honeypot-ams-1 kernel: [83434609.545277] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.209.125.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=36413 DF PROTO=TCP SPT=29294 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:40:21.179Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:31 honeypot-fra-1 sshd[21100]: Disconnected from invalid user user 45.61.186.249 port 60676 [preauth]","@timestamp":"2022-09-07T13:40:31.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:48 honeypot-fra-1 sshd[21104]: Disconnected from invalid user user 45.61.186.249 port 55160 [preauth]","@timestamp":"2022-09-07T13:40:49.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:41:04 honeypot-fra-1 sshd[21108]: Disconnected from invalid user user 45.61.186.249 port 49602 [preauth]","@timestamp":"2022-09-07T13:41:05.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:42:44 honeypot-fra-1 sshd[21118]: Invalid user jfedu1 from 165.22.45.108 port 41342","@timestamp":"2022-09-07T13:42:44.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:44:16 honeypot-fra-1 sshd[21120]: Disconnected from invalid user Broadcom 92.255.85.69 port 34500 [preauth]","@timestamp":"2022-09-07T13:44:17.613Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:47:23 honeypot-ams-1 sshd[30950]: Connection reset by 61.177.172.114 port 62672 [preauth]","@timestamp":"2022-09-07T13:47:24.359Z"}
{"@timestamp":"2022-09-07T13:47:44.449Z","@version":"1","message":"Sep  7 13:47:43 honeypot-sgp-1 sshd[28384]: Invalid user Broadcom from 92.255.85.69 port 26246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:48:53.478Z","@version":"1","message":"Sep  7 13:48:53 honeypot-sgp-1 sshd[28388]: Invalid user lsfadmin from 92.143.202.219 port 34392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:50:17 honeypot-fra-1 kernel: [83433060.536117] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=31656 PROTO=TCP SPT=58198 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:50:17.764Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T13:51:00.531Z","@version":"1","message":"Sep  7 13:50:59 honeypot-sgp-1 sshd[28392]: Received disconnect from 167.71.238.89 port 45374:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:52:56 honeypot-ams-1 sshd[30961]: Connection closed by 180.76.173.237 port 42200 [preauth]","@timestamp":"2022-09-07T13:52:57.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:58:36 honeypot-ams-1 sshd[30969]: Disconnected from invalid user smcadmin 92.255.85.70 port 45296 [preauth]","@timestamp":"2022-09-07T13:58:36.649Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:58:48 honeypot-fra-1 sshd[21135]: Disconnected from invalid user jfpena 165.22.45.108 port 45980 [preauth]","@timestamp":"2022-09-07T13:58:48.946Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:03:25.819Z","@version":"1","message":"Sep  7 14:03:25 honeypot-sgp-1 kernel: [83435523.971693] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.175.136.175 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=1046 DF PROTO=TCP SPT=56778 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:03:56 honeypot-fra-1 sshd[21145]: Invalid user user from 141.255.162.226 port 41794","@timestamp":"2022-09-07T14:03:57.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:04:00 honeypot-fra-1 sshd[21149]: Invalid user user from 141.255.162.226 port 59064","@timestamp":"2022-09-07T14:04:01.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:04:02 honeypot-fra-1 sshd[21153]: Invalid user user from 141.255.162.226 port 39470","@timestamp":"2022-09-07T14:04:03.067Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:04:04 honeypot-fra-1 sshd[21157]: Invalid user user from 141.255.162.226 port 48106","@timestamp":"2022-09-07T14:04:05.068Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:07:38 honeypot-ams-1 kernel: [83436247.031000] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=5915 DF PROTO=TCP SPT=60693 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:07:38.886Z"}
{"@timestamp":"2022-09-07T14:08:58.948Z","@version":"1","message":"Sep  7 14:08:58 honeypot-sgp-1 kernel: [83435856.892270] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=21221 DF PROTO=TCP SPT=47852 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:10:32 honeypot-fra-1 kernel: [83434275.188827] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=33553 PROTO=TCP SPT=57788 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:10:32.210Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:12:17 honeypot-ams-1 sshd[30981]: Received disconnect from 61.177.173.36 port 20014:11:  [preauth]","@timestamp":"2022-09-07T14:12:18.010Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:13:22 honeypot-ams-1 sshd[30987]: Received disconnect from 165.227.167.225 port 35258:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:13:23.041Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:14:34 honeypot-fra-1 sshd[21168]: Invalid user jgalvez from 165.22.45.108 port 50634","@timestamp":"2022-09-07T14:14:35.300Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:14:36 honeypot-ams-1 sshd[30992]: Disconnected from invalid user newsmagazine 43.154.178.13 port 34540 [preauth]","@timestamp":"2022-09-07T14:14:37.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:15:55 honeypot-fra-1 sshd[21172]: Disconnected from invalid user poornendu 185.149.120.23 port 59160 [preauth]","@timestamp":"2022-09-07T14:15:56.329Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28414]: Invalid user test from 203.23.199.236 port 43296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28429]: Invalid user ubuntu from 203.23.199.236 port 43364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28419]: Invalid user postgres from 203.23.199.236 port 43352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28449]: Invalid user esuser from 203.23.199.236 port 43340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28427]: Connection closed by invalid user test 203.23.199.236 port 43338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28425]: Connection closed by authenticating user root 203.23.199.236 port 43312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28412]: Connection closed by invalid user oracle 203.23.199.236 port 43354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28430]: Connection closed by authenticating user root 203.23.199.236 port 43318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28449]: Connection closed by invalid user esuser 203.23.199.236 port 43340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:18:16 honeypot-ams-1 sshd[30997]: Disconnected from invalid user test2 187.94.111.151 port 36374 [preauth]","@timestamp":"2022-09-07T14:18:16.193Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:29 honeypot-fra-1 sshd[21180]: Received disconnect from 141.255.162.226 port 47864:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:19:30.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:33 honeypot-fra-1 sshd[21184]: Received disconnect from 141.255.162.226 port 45576:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:19:34.418Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:36 honeypot-fra-1 sshd[21188]: Received disconnect from 141.255.162.226 port 56508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:19:36.419Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:38 honeypot-fra-1 sshd[21192]: Received disconnect from 141.255.162.226 port 43294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:19:39.420Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:21:18 honeypot-ams-1 kernel: [83437067.450467] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=12 DF PROTO=TCP SPT=57670 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:21:19.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:21:33 honeypot-fra-1 sshd[21197]: Disconnected from authenticating user root 61.177.173.46 port 15239 [preauth]","@timestamp":"2022-09-07T14:21:34.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:22:10.258Z","@version":"1","message":"Sep  7 14:22:10 honeypot-sgp-1 kernel: [83436648.726849] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57670 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:27:38 honeypot-fra-1 sshd[21205]: Disconnected from invalid user highspeed 92.255.85.69 port 31350 [preauth]","@timestamp":"2022-09-07T14:27:38.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:29:19 honeypot-ams-1 sshd[31010]: Received disconnect from 61.177.172.104 port 35070:11:  [preauth]","@timestamp":"2022-09-07T14:29:19.482Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:30:05 honeypot-fra-1 kernel: [83435448.596220] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=1069 PROTO=TCP SPT=41005 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:30:05.653Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T14:30:44.485Z","@version":"1","message":"Sep  7 14:30:44 honeypot-sgp-1 kernel: [83437162.721468] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=24501 PROTO=TCP SPT=41005 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:33:01 honeypot-fra-1 kernel: [83435624.579776] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.175.136.175 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=37345 DF PROTO=TCP SPT=52582 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T14:33:01.719Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:36:45 honeypot-ams-1 sshd[31023]: Disconnected from authenticating user root 172.105.49.43 port 56820 [preauth]","@timestamp":"2022-09-07T14:36:46.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:37:28 honeypot-fra-1 sshd[21224]: Disconnected from authenticating user root 164.90.210.8 port 60396 [preauth]","@timestamp":"2022-09-07T14:37:28.818Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:41:02.727Z","@version":"1","message":"Sep  7 14:41:01 honeypot-sgp-1 kernel: [83437780.491147] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.146.64 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=34560 PROTO=TCP SPT=13858 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:42:26 honeypot-ams-1 kernel: [83438335.533680] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=38986 PROTO=TCP SPT=49911 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:42:27.828Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:45:37 honeypot-ams-1 kernel: [83438526.587522] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.45.30.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=13631 PROTO=TCP SPT=20201 DPT=80 WINDOW=26308 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:45:37.915Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:46:20 honeypot-fra-1 kernel: [83436423.157622] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.250.66.68 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41765 DF PROTO=TCP SPT=46588 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:46:21.013Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T14:48:41.905Z","@version":"1","message":"Sep  7 14:48:41 honeypot-sgp-1 sshd[28485]: Disconnected from invalid user apple 201.52.64.100 port 41928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:52:28 honeypot-fra-1 sshd[21261]: Received disconnect from 61.177.173.51 port 43696:11:  [preauth]","@timestamp":"2022-09-07T14:52:29.150Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:53:47.027Z","@version":"1","message":"Sep  7 14:53:46 honeypot-sgp-1 sshd[28488]: Received disconnect from 92.255.85.70 port 38256:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:54:25 honeypot-ams-1 sshd[31042]: Received disconnect from 61.177.173.46 port 30418:11:  [preauth]","@timestamp":"2022-09-07T14:54:26.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:54:31 honeypot-fra-1 sshd[21266]: Invalid user user from 45.61.186.169 port 49038","@timestamp":"2022-09-07T14:54:32.198Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:54:51 honeypot-fra-1 sshd[21270]: Invalid user user from 45.61.186.169 port 44328","@timestamp":"2022-09-07T14:54:51.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:55:08 honeypot-fra-1 sshd[21274]: Invalid user user from 45.61.186.169 port 39630","@timestamp":"2022-09-07T14:55:09.215Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:56:02.082Z","@version":"1","message":"Sep  7 14:56:01 honeypot-sgp-1 sshd[28493]: Invalid user user from 45.61.187.160 port 38086","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:56:22.091Z","@version":"1","message":"Sep  7 14:56:21 honeypot-sgp-1 sshd[28497]: Invalid user user from 45.61.187.160 port 33342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:56:38 honeypot-fra-1 kernel: [83437041.286127] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=37506 PROTO=TCP SPT=59710 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:56:39.247Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T14:56:42.101Z","@version":"1","message":"Sep  7 14:56:41 honeypot-sgp-1 sshd[28501]: Invalid user user from 45.61.187.160 port 56830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:57:33.123Z","@version":"1","message":"Sep  7 14:57:32 honeypot-sgp-1 kernel: [83438770.835079] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13890 PROTO=TCP SPT=17320 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:01:00 honeypot-ams-1 kernel: [83439448.925391] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=60671 PROTO=TCP SPT=42537 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:01:00.421Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:04:43 honeypot-fra-1 sshd[21286]: Invalid user redis from 141.98.10.158 port 59702","@timestamp":"2022-09-07T15:04:44.425Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:06:21 honeypot-ams-1 sshd[31052]: Received disconnect from 92.255.85.69 port 37884:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:06:21.576Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:06:40 honeypot-fra-1 kernel: [83437643.661095] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=54728 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:06:41.471Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:08:50 honeypot-ams-1 sshd[31058]: Connection closed by invalid user admin 46.100.107.36 port 43312 [preauth]","@timestamp":"2022-09-07T15:08:50.642Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:10:04 honeypot-ams-1 kernel: [83439993.447363] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41834 PROTO=TCP SPT=42803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:10:05.679Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:10:40 honeypot-fra-1 kernel: [83437883.175697] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.163.18.46 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=15235 DF PROTO=TCP SPT=55146 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T15:10:40.560Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:15:07 honeypot-ams-1 kernel: [83440295.985282] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61780 PROTO=TCP SPT=53091 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:15:07.810Z"}
{"@timestamp":"2022-09-07T15:15:52.562Z","@version":"1","message":"Sep  7 15:15:52 honeypot-sgp-1 kernel: [83439870.679872] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.98 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=45048 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:15:58 honeypot-fra-1 sshd[21301]: Received disconnect from 61.177.172.90 port 14042:11:  [preauth]","@timestamp":"2022-09-07T15:15:59.676Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T15:17:01.591Z","@version":"1","message":"Sep  7 15:17:01 honeypot-sgp-1 CRON[28520]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:17:01 honeypot-fra-1 CRON[21305]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T15:17:01.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:19:28 honeypot-ams-1 sshd[31073]: Connection closed by 180.76.173.237 port 44186 [preauth]","@timestamp":"2022-09-07T15:19:28.928Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:21:09 honeypot-fra-1 sshd[21311]: Connection closed by invalid user user1 103.188.176.251 port 35826 [preauth]","@timestamp":"2022-09-07T15:21:10.795Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:23:34 honeypot-ams-1 sshd[31080]: Received disconnect from 61.177.173.36 port 63223:11:  [preauth]","@timestamp":"2022-09-07T15:23:35.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:23:42 honeypot-fra-1 sshd[21320]: Received disconnect from 180.167.214.190 port 12897:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:23:42.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:25:13 honeypot-fra-1 sshd[21325]: Disconnected from authenticating user root 73.13.104.201 port 55178 [preauth]","@timestamp":"2022-09-07T15:25:13.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:25:31 honeypot-fra-1 sshd[21329]: Disconnected from invalid user hy 138.197.178.155 port 51944 [preauth]","@timestamp":"2022-09-07T15:25:31.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:28:08 honeypot-fra-1 sshd[21338]: Invalid user duke from 137.184.113.110 port 50034","@timestamp":"2022-09-07T15:28:08.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:29:17 honeypot-ams-1 sshd[31087]: Received disconnect from 92.255.85.70 port 38362:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:29:18.181Z"}
{"@timestamp":"2022-09-07T15:32:15.954Z","@version":"1","message":"Sep  7 15:32:15 honeypot-sgp-1 kernel: [83440854.094553] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.180.152.13 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=50337 PROTO=TCP SPT=55581 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:32:16 honeypot-fra-1 sshd[21343]: Received disconnect from 165.22.45.108 port 45600:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T15:32:17.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:34:44 honeypot-fra-1 kernel: [83439327.133661] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=58307 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:34:45.110Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:35:22 honeypot-ams-1 kernel: [83441510.832802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.177.232.14 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=37150 PROTO=TCP SPT=30800 DPT=443 WINDOW=32951 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:35:22.341Z"}
{"@timestamp":"2022-09-07T15:35:48.062Z","@version":"1","message":"Sep  7 15:35:47 honeypot-sgp-1 sshd[28532]: Received disconnect from 45.61.186.249 port 51356:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T15:36:08.072Z","@version":"1","message":"Sep  7 15:36:07 honeypot-sgp-1 sshd[28536]: Received disconnect from 45.61.186.249 port 46360:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T15:36:26.080Z","@version":"1","message":"Sep  7 15:36:25 honeypot-sgp-1 sshd[28540]: Received disconnect from 45.61.186.249 port 41338:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T15:39:18.147Z","@version":"1","message":"Sep  7 15:39:18 honeypot-sgp-1 sshd[28544]: Received disconnect from 223.197.151.55 port 34124:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:39:54 honeypot-fra-1 sshd[21358]: Invalid user steve from 187.85.19.32 port 47375","@timestamp":"2022-09-07T15:39:55.227Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:39:57 honeypot-ams-1 sshd[31102]: Received disconnect from 35.199.97.42 port 50420:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:39:58.459Z"}
{"@timestamp":"2022-09-07T15:40:17.172Z","@version":"1","message":"Sep  7 15:40:16 honeypot-sgp-1 sshd[28548]: Received disconnect from 92.255.85.69 port 41660:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:42:23 honeypot-ams-1 sshd[31105]: Received disconnect from 45.61.186.49 port 50184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T15:42:23.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:42:34 honeypot-ams-1 sshd[31109]: Received disconnect from 45.61.186.49 port 33726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T15:42:34.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:44:52 honeypot-fra-1 kernel: [83439934.935629] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.112.185 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54227 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:44:52.336Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:46:13 honeypot-ams-1 sshd[31115]: Received disconnect from 61.177.173.46 port 64604:11:  [preauth]","@timestamp":"2022-09-07T15:46:13.627Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:49:21 honeypot-fra-1 sshd[21371]: Received disconnect from 103.57.142.108 port 45662:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:49:22.438Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T15:49:27.383Z","@version":"1","message":"Sep  7 15:49:26 honeypot-sgp-1 sshd[28554]: Invalid user pi from 94.131.132.139 port 35926","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:53:06 honeypot-ams-1 sshd[31125]: Disconnected from invalid user amdin 92.255.85.69 port 58336 [preauth]","@timestamp":"2022-09-07T15:53:06.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:56:13 honeypot-fra-1 sshd[21378]: Received disconnect from 204.48.30.72 port 48890:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:56:13.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:00:55 honeypot-fra-1 sshd[21385]: Received disconnect from 92.255.85.69 port 33726:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:00:56.696Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:01:32 honeypot-ams-1 sshd[31132]: Connection closed by 180.76.173.237 port 59276 [preauth]","@timestamp":"2022-09-07T16:01:33.019Z"}
{"@timestamp":"2022-09-07T16:03:20.693Z","@version":"1","message":"Sep  7 16:03:20 honeypot-sgp-1 sshd[28559]: Received disconnect from 92.255.85.69 port 34468:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:07:12 honeypot-fra-1 kernel: [83441274.852815] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=6555 PROTO=TCP SPT=53091 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:07:12.834Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:11:07 honeypot-ams-1 kernel: [83443656.210725] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=37015 PROTO=TCP SPT=45042 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:11:08.268Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:11:30 honeypot-fra-1 sshd[21392]: Disconnected from authenticating user root 107.189.14.132 port 17910 [preauth]","@timestamp":"2022-09-07T16:11:30.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:12:17 honeypot-ams-1 sshd[31142]: Received disconnect from 45.61.186.49 port 41928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T16:12:18.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:12:27 honeypot-ams-1 sshd[31146]: Received disconnect from 45.61.186.49 port 53648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T16:12:28.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:12:31 honeypot-fra-1 sshd[21399]: Invalid user netscreen from 157.122.198.36 port 53762","@timestamp":"2022-09-07T16:12:31.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:14:41 honeypot-fra-1 kernel: [83441724.426572] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.174 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=418 PROTO=TCP SPT=50175 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:14:42.023Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:16:20 honeypot-ams-1 kernel: [83443968.999477] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.11 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49209 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:16:20.426Z"}
{"@timestamp":"2022-09-07T16:17:02.014Z","@version":"1","message":"Sep  7 16:17:01 honeypot-sgp-1 CRON[28564]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:17:38 honeypot-fra-1 kernel: [83441901.739498] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=52.180.152.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=55767 PROTO=TCP SPT=55581 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:17:39.093Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:20:26 honeypot-ams-1 kernel: [83444215.442567] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x60 TTL=55 ID=55250 DF PROTO=TCP SPT=56274 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:20:27.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:23:04 honeypot-fra-1 sshd[21414]: Received disconnect from 107.173.209.238 port 36112:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:23:04.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:23:22 honeypot-fra-1 sshd[21418]: Received disconnect from 92.255.85.70 port 57076:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:23:23.224Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T16:24:38.195Z","@version":"1","message":"Sep  7 16:24:37 honeypot-sgp-1 sshd[28571]: Received disconnect from 61.177.172.98 port 55394:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:25:56.226Z","@version":"1","message":"Sep  7 16:25:56 honeypot-sgp-1 sshd[28576]: Disconnected from invalid user debian 62.204.41.222 port 36545 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:26:12 honeypot-ams-1 sshd[31162]: Disconnected from authenticating user root 61.177.172.104 port 47843 [preauth]","@timestamp":"2022-09-07T16:26:12.685Z"}
{"@timestamp":"2022-09-07T16:29:29.309Z","@version":"1","message":"Sep  7 16:29:28 honeypot-sgp-1 sshd[28581]: Received disconnect from 45.61.186.49 port 41608:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:29:39.314Z","@version":"1","message":"Sep  7 16:29:38 honeypot-sgp-1 sshd[28585]: Received disconnect from 45.61.186.49 port 53182:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:32:45.387Z","@version":"1","message":"Sep  7 16:32:44 honeypot-sgp-1 kernel: [83444482.950865] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=233 ID=15212 PROTO=TCP SPT=39335 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:36:55 honeypot-fra-1 kernel: [83443058.261890] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=15212 PROTO=TCP SPT=33752 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:36:56.521Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:37:00 honeypot-ams-1 sshd[31173]: Received disconnect from 61.177.173.50 port 28707:11:  [preauth]","@timestamp":"2022-09-07T16:37:00.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:39:09 honeypot-ams-1 sshd[31176]: Disconnected from invalid user admin 92.255.85.69 port 45476 [preauth]","@timestamp":"2022-09-07T16:39:10.025Z"}
{"@timestamp":"2022-09-07T16:44:25.652Z","@version":"1","message":"Sep  7 16:44:25 honeypot-sgp-1 sshd[28600]: Received disconnect from 61.177.173.37 port 56182:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:45:20.674Z","@version":"1","message":"Sep  7 16:45:20 honeypot-sgp-1 sshd[28605]: Disconnected from authenticating user root 61.177.173.51 port 54899 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:46:56 honeypot-ams-1 kernel: [83445805.251620] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.114.212.33 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=15930 DF PROTO=TCP SPT=44446 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:46:57.226Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:48:28 honeypot-fra-1 kernel: [83443751.327777] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=74.82.47.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=38235 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:48:28.776Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:48:45 honeypot-ams-1 sshd[31190]: Disconnected from authenticating user root 104.248.251.225 port 54110 [preauth]","@timestamp":"2022-09-07T16:48:45.276Z"}
{"@timestamp":"2022-09-07T16:50:08.788Z","@version":"1","message":"Sep  7 16:50:07 honeypot-sgp-1 sshd[28615]: Invalid user admin from 92.255.85.70 port 47352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:53:57 honeypot-ams-1 sshd[31193]: Received disconnect from 61.177.172.124 port 42529:11:  [preauth]","@timestamp":"2022-09-07T16:53:57.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:54:28 honeypot-fra-1 sshd[21431]: Disconnected from 79.110.62.213 port 59544 [preauth]","@timestamp":"2022-09-07T16:54:28.908Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:58:33 honeypot-ams-1 kernel: [83446502.126571] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=96.126.111.88 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36491 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:58:33.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:59:28 honeypot-ams-1 sshd[31205]: Received disconnect from 61.177.173.39 port 58860:11:  [preauth]","@timestamp":"2022-09-07T16:59:28.558Z"}
{"@timestamp":"2022-09-07T17:01:19.041Z","@version":"1","message":"Sep  7 17:01:18 honeypot-sgp-1 kernel: [83446196.666153] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=2077 PROTO=TCP SPT=49938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:03:53 honeypot-ams-1 kernel: [83446821.672758] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=27814 PROTO=TCP SPT=52122 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:03:53.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:04:12 honeypot-fra-1 sshd[21436]: Received disconnect from 165.22.45.108 port 45144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:04:13.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:18 honeypot-ams-1 sshd[31211]: Disconnected from invalid user user 45.61.187.160 port 38680 [preauth]","@timestamp":"2022-09-07T17:06:18.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:38 honeypot-ams-1 sshd[31215]: Disconnected from invalid user user 45.61.187.160 port 33450 [preauth]","@timestamp":"2022-09-07T17:06:39.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:57 honeypot-ams-1 sshd[31219]: Disconnected from invalid user user 45.61.187.160 port 56440 [preauth]","@timestamp":"2022-09-07T17:06:57.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:07:14 honeypot-ams-1 sshd[31223]: Received disconnect from 45.61.187.160 port 51198:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:07:15.776Z"}
{"@timestamp":"2022-09-07T17:07:26.181Z","@version":"1","message":"Sep  7 17:07:25 honeypot-sgp-1 sshd[28629]: Disconnected from authenticating user root 61.177.173.52 port 58721 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:09:01 honeypot-ams-1 CRON[31229]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T17:09:01.825Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:09:01 honeypot-fra-1 CRON[21444]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T17:09:02.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:09:58 honeypot-fra-1 sshd[21449]: Invalid user DZY-W2914NSV2 from 92.255.85.70 port 46770","@timestamp":"2022-09-07T17:09:59.258Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:13:03.310Z","@version":"1","message":"Sep  7 17:13:02 honeypot-sgp-1 sshd[28638]: Received disconnect from 92.255.85.69 port 26494:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:15:30.389Z","@version":"1","message":"Sep  7 17:15:30 honeypot-sgp-1 kernel: [83447048.409511] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61393 PROTO=TCP SPT=45737 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:15:35 honeypot-ams-1 sshd[31239]: Received disconnect from 61.177.172.114 port 27009:11:  [preauth]","@timestamp":"2022-09-07T17:15:35.995Z"}
{"@timestamp":"2022-09-07T17:17:01.430Z","@version":"1","message":"Sep  7 17:17:01 honeypot-sgp-1 CRON[28646]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:17:28 honeypot-fra-1 kernel: [83445491.136227] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5255 PROTO=TCP SPT=52122 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:17:29.425Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:23:22 honeypot-ams-1 kernel: [83447991.405392] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=36583 PROTO=TCP SPT=45780 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:23:23.194Z"}
{"@timestamp":"2022-09-07T17:25:24.626Z","@version":"1","message":"Sep  7 17:25:24 honeypot-sgp-1 sshd[28653]: Disconnected from 68.183.141.33 port 60366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:25:42 honeypot-ams-1 sshd[31252]: Disconnected from invalid user 0 92.255.85.70 port 62018 [preauth]","@timestamp":"2022-09-07T17:25:43.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:26:35 honeypot-fra-1 kernel: [83446037.675435] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.175.136.175 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=55372 DF PROTO=TCP SPT=51538 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T17:26:35.629Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:30:31 honeypot-ams-1 kernel: [83448420.461266] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=45389 PROTO=TCP SPT=51805 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:30:32.382Z"}
{"@timestamp":"2022-09-07T17:31:04.764Z","@version":"1","message":"Sep  7 17:31:04 honeypot-sgp-1 kernel: [83447982.524303] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=30429 PROTO=TCP SPT=51805 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:33:57 honeypot-fra-1 kernel: [83446479.645167] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.77 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16776 PROTO=TCP SPT=37079 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:33:57.794Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:35:40 honeypot-ams-1 sshd[31265]: Received disconnect from 165.232.76.182 port 54770:11: Bye Bye [preauth]","@timestamp":"2022-09-07T17:35:40.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:36:42 honeypot-fra-1 kernel: [83446645.374949] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.131 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=38785 PROTO=TCP SPT=56782 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:36:42.858Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T17:37:44.923Z","@version":"1","message":"Sep  7 17:37:44 honeypot-sgp-1 sshd[28666]: Received disconnect from 61.177.173.36 port 28740:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:40:02 honeypot-ams-1 sshd[31270]: Disconnected from authenticating user root 61.177.173.53 port 14180 [preauth]","@timestamp":"2022-09-07T17:40:02.628Z"}
{"@timestamp":"2022-09-07T17:41:57.028Z","@version":"1","message":"Sep  7 17:41:56 honeypot-sgp-1 sshd[28671]: Did not receive identification string from 45.61.187.160 port 33332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:42:35.044Z","@version":"1","message":"Sep  7 17:42:34 honeypot-sgp-1 sshd[28675]: Disconnected from invalid user user 45.61.187.160 port 33738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:42:54.053Z","@version":"1","message":"Sep  7 17:42:53 honeypot-sgp-1 sshd[28679]: Disconnected from invalid user user 45.61.187.160 port 56814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:43:13.063Z","@version":"1","message":"Sep  7 17:43:12 honeypot-sgp-1 sshd[28683]: Disconnected from invalid user user 45.61.187.160 port 51648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:44:30.095Z","@version":"1","message":"Sep  7 17:44:29 honeypot-sgp-1 sshd[28688]: Disconnected from authenticating user root 185.18.214.162 port 53420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:44:55 honeypot-fra-1 sshd[21469]: Invalid user debian from 62.204.41.222 port 47712","@timestamp":"2022-09-07T17:44:56.043Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:47:51.177Z","@version":"1","message":"Sep  7 17:47:50 honeypot-sgp-1 sshd[28695]: Received disconnect from 177.6.227.84 port 52958:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:48:29.193Z","@version":"1","message":"Sep  7 17:48:28 honeypot-sgp-1 sshd[28700]: Invalid user user from 198.98.61.9 port 51886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:48:38.198Z","@version":"1","message":"Sep  7 17:48:37 honeypot-sgp-1 sshd[28702]: Disconnected from invalid user user 198.98.61.9 port 34654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:48:52.205Z","@version":"1","message":"Sep  7 17:48:51 honeypot-sgp-1 sshd[28707]: Disconnected from invalid user user 198.98.61.9 port 56634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:49:08.213Z","@version":"1","message":"Sep  7 17:49:08 honeypot-sgp-1 sshd[28712]: Invalid user user from 198.98.61.9 port 50378","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:49:37 honeypot-ams-1 sshd[31278]: Invalid user zoomadsl from 92.255.85.69 port 32920","@timestamp":"2022-09-07T17:49:37.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:50:22 honeypot-fra-1 sshd[21474]: Connection closed by invalid user sm 193.106.191.157 port 54036 [preauth]","@timestamp":"2022-09-07T17:50:22.160Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:51:21.265Z","@version":"1","message":"Sep  7 17:51:20 honeypot-sgp-1 sshd[28716]: Received disconnect from 61.177.173.36 port 46868:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:51:34 honeypot-fra-1 sshd[21479]: Received disconnect from 45.61.187.160 port 59538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:51:34.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:51:43 honeypot-fra-1 sshd[21483]: Received disconnect from 45.61.187.160 port 42670:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:51:44.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:52:02 honeypot-fra-1 sshd[21487]: Received disconnect from 45.61.187.160 port 37172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:52:02.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:52:19 honeypot-fra-1 sshd[21491]: Received disconnect from 45.61.187.160 port 59896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:52:20.211Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:55:10 honeypot-ams-1 kernel: [83449898.831227] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.233.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=636 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:55:11.023Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:56:56 honeypot-fra-1 sshd[21496]: Received disconnect from 134.17.94.27 port 36875:11: Bye Bye [preauth]","@timestamp":"2022-09-07T17:56:56.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:59:45.459Z","@version":"1","message":"Sep  7 17:59:44 honeypot-sgp-1 sshd[28721]: Received disconnect from 92.255.85.69 port 26894:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:03:16 honeypot-fra-1 sshd[21499]: Connection closed by invalid user user 103.188.176.251 port 33926 [preauth]","@timestamp":"2022-09-07T18:03:17.456Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:06:06 honeypot-ams-1 sshd[31287]: Disconnected from authenticating user root 61.177.172.124 port 45139 [preauth]","@timestamp":"2022-09-07T18:06:07.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:07:09 honeypot-fra-1 sshd[21504]: Disconnected from invalid user jifei 165.22.45.108 port 35496 [preauth]","@timestamp":"2022-09-07T18:07:10.547Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:07:14.635Z","@version":"1","message":"Sep  7 18:07:13 honeypot-sgp-1 sshd[28726]: Disconnected from 61.177.172.90 port 28150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:08:42.674Z","@version":"1","message":"Sep  7 18:08:42 honeypot-sgp-1 sshd[28732]: Received disconnect from 45.61.186.169 port 35660:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:09:00.682Z","@version":"1","message":"Sep  7 18:09:00 honeypot-sgp-1 sshd[28736]: Received disconnect from 45.61.186.169 port 58008:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:09:17.691Z","@version":"1","message":"Sep  7 18:09:16 honeypot-sgp-1 sshd[28740]: Received disconnect from 45.61.186.169 port 52144:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:09:32.698Z","@version":"1","message":"Sep  7 18:09:31 honeypot-sgp-1 sshd[28744]: Received disconnect from 45.61.186.169 port 46256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:41 honeypot-ams-1 sshd[31291]: Received disconnect from 141.255.162.226 port 40196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T18:11:41.449Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:43 honeypot-ams-1 sshd[31295]: Received disconnect from 141.255.162.226 port 56820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T18:11:44.451Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:45 honeypot-ams-1 sshd[31299]: Received disconnect from 141.255.162.226 port 36904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T18:11:46.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:49 honeypot-ams-1 sshd[31303]: Received disconnect from 141.255.162.226 port 53538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T18:11:50.455Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:14:38 honeypot-fra-1 sshd[21509]: Invalid user yang from 43.224.110.21 port 57156","@timestamp":"2022-09-07T18:14:38.715Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:15:32 honeypot-ams-1 sshd[31307]: Connection closed by 180.76.173.237 port 48322 [preauth]","@timestamp":"2022-09-07T18:15:32.551Z"}
{"@timestamp":"2022-09-07T18:16:14.859Z","@version":"1","message":"Sep  7 18:16:14 honeypot-sgp-1 kernel: [83450692.564361] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.233.236 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=636 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:17:24 honeypot-fra-1 kernel: [83449087.454896] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.98.76 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38102 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:17:25.780Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T18:18:12.907Z","@version":"1","message":"Sep  7 18:18:12 honeypot-sgp-1 sshd[28754]: Disconnected from invalid user choi 137.184.216.108 port 39332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:22:52 honeypot-fra-1 sshd[21519]: Invalid user ji from 165.22.45.108 port 40144","@timestamp":"2022-09-07T18:22:52.898Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:23:19 honeypot-ams-1 sshd[31317]: Received disconnect from 61.177.173.36 port 16178:11:  [preauth]","@timestamp":"2022-09-07T18:23:19.750Z"}
{"@timestamp":"2022-09-07T18:23:50.042Z","@version":"1","message":"Sep  7 18:23:49 honeypot-sgp-1 sshd[28760]: Received disconnect from 92.255.85.69 port 55064:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:26:07 honeypot-fra-1 sshd[21522]: Disconnected from invalid user teodosia 182.75.139.26 port 63898 [preauth]","@timestamp":"2022-09-07T18:26:07.971Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:26:21 honeypot-ams-1 sshd[31321]: Received disconnect from 137.184.105.25 port 40302:11: Bye Bye [preauth]","@timestamp":"2022-09-07T18:26:21.832Z"}
{"@timestamp":"2022-09-07T18:27:54.138Z","@version":"1","message":"Sep  7 18:27:53 honeypot-sgp-1 sshd[28769]: Invalid user user from 103.188.176.251 port 34876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:34:11.305Z","@version":"1","message":"Sep  7 18:34:10 honeypot-sgp-1 kernel: [83451768.762949] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.10.7.158 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=19082 DF PROTO=TCP SPT=54321 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:36:11 honeypot-ams-1 kernel: [83452359.660820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.92.182.236 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=25125 DF PROTO=TCP SPT=61262 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:36:12.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:38:23 honeypot-ams-1 sshd[31331]: Disconnected from authenticating user root 61.177.173.35 port 63156 [preauth]","@timestamp":"2022-09-07T18:38:24.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:38:37 honeypot-fra-1 sshd[21530]: Invalid user jillm from 165.22.45.108 port 44790","@timestamp":"2022-09-07T18:38:38.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:41:27 honeypot-fra-1 kernel: [83450530.173355] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.179 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7749 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:41:28.317Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:42:30 honeypot-ams-1 kernel: [83452739.434241] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=18072 PROTO=TCP SPT=46385 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:42:31.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:43:31 honeypot-fra-1 sshd[21536]: Disconnected from invalid user 1admin0 92.255.85.69 port 37964 [preauth]","@timestamp":"2022-09-07T18:43:32.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:45:50.578Z","@version":"1","message":"Sep  7 18:45:50 honeypot-sgp-1 sshd[28850]: Received disconnect from 92.255.85.69 port 29734:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:45:50 honeypot-fra-1 sshd[21539]: Disconnected from authenticating user root 68.183.145.59 port 60344 [preauth]","@timestamp":"2022-09-07T18:45:51.418Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:48:58.652Z","@version":"1","message":"Sep  7 18:48:57 honeypot-sgp-1 kernel: [83452656.256996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=37.120.148.78 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=57239 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:49:58 honeypot-ams-1 kernel: [83453187.270783] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.150.125.204 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=53835 PROTO=TCP SPT=45038 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:49:59.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:51:24 honeypot-ams-1 sshd[31345]: Disconnected from authenticating user root 61.177.173.37 port 25972 [preauth]","@timestamp":"2022-09-07T18:51:24.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:57:23 honeypot-fra-1 kernel: [83451485.911443] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=49958 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:57:23.666Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:58:43 honeypot-ams-1 kernel: [83453712.379655] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43181 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:58:44.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:59:13 honeypot-ams-1 sshd[31354]: Disconnected from authenticating user root 61.177.173.53 port 44841 [preauth]","@timestamp":"2022-09-07T18:59:13.710Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:06:02 honeypot-fra-1 sshd[21548]: Invalid user ltecl4r0 from 92.255.85.70 port 32474","@timestamp":"2022-09-07T19:06:03.850Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:06:09 honeypot-ams-1 kernel: [83454157.749971] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=85.234.187.222 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=44378 PROTO=TCP SPT=32954 DPT=443 WINDOW=65226 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:06:09.891Z"}
{"@timestamp":"2022-09-07T19:07:11.072Z","@version":"1","message":"Sep  7 19:07:10 honeypot-sgp-1 sshd[28862]: Disconnected from authenticating user root 61.177.173.53 port 41623 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:10:20 honeypot-ams-1 sshd[31367]: Received disconnect from 218.10.34.1 port 59138:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:10:21.000Z"}
{"@timestamp":"2022-09-07T19:11:30.176Z","@version":"1","message":"Sep  7 19:11:29 honeypot-sgp-1 kernel: [83454008.011152] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.248.186.49 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=37762 PROTO=TCP SPT=51799 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:12:43 honeypot-fra-1 kernel: [83452406.215217] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=222.128.103.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=33713 PROTO=TCP SPT=52573 DPT=80 WINDOW=59773 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:12:43.992Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:14:22 honeypot-ams-1 kernel: [83454650.606362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=22306 DF PROTO=TCP SPT=59048 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:14:22.121Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:18:20 honeypot-ams-1 kernel: [83454889.042061] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=177.131.211.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=63232 PROTO=TCP SPT=11289 DPT=80 WINDOW=59081 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:18:21.226Z"}
{"@timestamp":"2022-09-07T19:18:45.350Z","@version":"1","message":"Sep  7 19:18:45 honeypot-sgp-1 sshd[28876]: Received disconnect from 61.177.173.47 port 38256:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:19:38 honeypot-ams-1 sshd[31378]: Disconnected from invalid user vm 34.136.59.157 port 48704 [preauth]","@timestamp":"2022-09-07T19:19:39.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:20:02 honeypot-ams-1 sshd[31382]: Disconnected from invalid user prueba 91.240.118.222 port 27178 [preauth]","@timestamp":"2022-09-07T19:20:03.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:05 honeypot-fra-1 sshd[21629]: Received disconnect from 141.255.162.226 port 39918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T19:21:06.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:08 honeypot-fra-1 sshd[21633]: Received disconnect from 141.255.162.226 port 48556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T19:21:09.176Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:12 honeypot-fra-1 sshd[21637]: Received disconnect from 141.255.162.226 port 37614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T19:21:13.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:15 honeypot-fra-1 sshd[21641]: Received disconnect from 141.255.162.226 port 57198:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T19:21:15.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:22:07 honeypot-ams-1 sshd[31386]: Disconnected from authenticating user root 92.255.85.69 port 57428 [preauth]","@timestamp":"2022-09-07T19:22:08.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:28:50 honeypot-ams-1 sshd[31391]: Disconnected from authenticating user root 61.177.173.51 port 29164 [preauth]","@timestamp":"2022-09-07T19:28:51.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:29:35 honeypot-fra-1 sshd[21646]: Disconnected from authenticating user root 92.255.85.70 port 62026 [preauth]","@timestamp":"2022-09-07T19:29:35.357Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T19:30:30.626Z","@version":"1","message":"Sep  7 19:30:29 honeypot-sgp-1 kernel: [83455148.234801] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.175.136.175 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=49917 DF PROTO=TCP SPT=57757 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:35:11 honeypot-ams-1 sshd[31396]: Disconnected from authenticating user root 61.177.172.108 port 53261 [preauth]","@timestamp":"2022-09-07T19:35:11.687Z"}
{"@timestamp":"2022-09-07T19:36:43.776Z","@version":"1","message":"Sep  7 19:36:42 honeypot-sgp-1 sshd[28894]: Invalid user zeiler from 46.101.254.194 port 40710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:43:48 honeypot-fra-1 sshd[21656]: Disconnected from authenticating user root 181.63.245.127 port 30689 [preauth]","@timestamp":"2022-09-07T19:43:49.660Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T19:46:46.014Z","@version":"1","message":"Sep  7 19:46:45 honeypot-sgp-1 sshd[28899]: Disconnected from authenticating user root 61.177.173.36 port 56634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:47:44 honeypot-fra-1 sshd[21661]: Disconnected from authenticating user root 188.166.19.128 port 56118 [preauth]","@timestamp":"2022-09-07T19:47:45.746Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:49:15 honeypot-ams-1 sshd[31409]: Received disconnect from 61.177.173.47 port 21646:11:  [preauth]","@timestamp":"2022-09-07T19:49:16.047Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:53:51 honeypot-fra-1 sshd[21668]: Invalid user yh from 123.142.3.137 port 55674","@timestamp":"2022-09-07T19:53:52.879Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T19:53:53.180Z","@version":"1","message":"Sep  7 19:53:52 honeypot-sgp-1 sshd[28906]: Connection closed by invalid user admin 178.128.125.205 port 52218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:54:42 honeypot-fra-1 sshd[21672]: Connection closed by invalid user admin 159.203.178.0 port 21604 [preauth]","@timestamp":"2022-09-07T19:54:42.899Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:54:49 honeypot-ams-1 kernel: [83457078.304240] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.225.180.203 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=35061 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:54:50.189Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:55:06 honeypot-fra-1 sshd[21678]: Received disconnect from 109.115.187.31 port 41008:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:55:07.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T19:55:11.211Z","@version":"1","message":"Sep  7 19:55:10 honeypot-sgp-1 sshd[28912]: Disconnected from authenticating user root 92.255.85.69 port 63136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:59:06 honeypot-ams-1 sshd[31421]: Disconnected from invalid user mirc 144.217.13.134 port 34434 [preauth]","@timestamp":"2022-09-07T19:59:06.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:00:54 honeypot-fra-1 sshd[21683]: Disconnected from invalid user jin 165.22.45.108 port 41608 [preauth]","@timestamp":"2022-09-07T20:00:55.055Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:01:11 honeypot-ams-1 sshd[31427]: Disconnected from invalid user tu 104.131.45.150 port 59764 [preauth]","@timestamp":"2022-09-07T20:01:12.356Z"}
{"@timestamp":"2022-09-07T20:09:16.545Z","@version":"1","message":"Sep  7 20:09:16 honeypot-sgp-1 sshd[28921]: Disconnected from authenticating user root 61.177.173.37 port 46403 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:09:37 honeypot-fra-1 kernel: [83455819.443373] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=27798 PROTO=TCP SPT=41092 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:09:37.243Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:12:43 honeypot-ams-1 sshd[31443]: Received disconnect from 61.177.172.104 port 21432:11:  [preauth]","@timestamp":"2022-09-07T20:12:44.667Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:14:57 honeypot-fra-1 sshd[21691]: Received disconnect from 92.255.85.69 port 54976:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:14:57.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T20:15:49.701Z","@version":"1","message":"Sep  7 20:15:49 honeypot-sgp-1 sshd[28929]: Received disconnect from 198.98.61.9 port 46812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:15:52 honeypot-ams-1 kernel: [83458340.673151] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=51294 DF PROTO=TCP SPT=62375 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:15:52.754Z"}
{"@timestamp":"2022-09-07T20:16:05.709Z","@version":"1","message":"Sep  7 20:16:04 honeypot-sgp-1 sshd[28933]: Received disconnect from 198.98.61.9 port 40284:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:16:19.716Z","@version":"1","message":"Sep  7 20:16:18 honeypot-sgp-1 sshd[28937]: Received disconnect from 198.98.61.9 port 33738:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:17:01.735Z","@version":"1","message":"Sep  7 20:17:01 honeypot-sgp-1 CRON[28943]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:17:24 honeypot-fra-1 sshd[21698]: Disconnected from invalid user jin 165.22.45.108 port 46356 [preauth]","@timestamp":"2022-09-07T20:17:24.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:21:09 honeypot-fra-1 sshd[21701]: Connection closed by invalid user sp 193.106.191.157 port 58284 [preauth]","@timestamp":"2022-09-07T20:21:10.498Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:22:29 honeypot-ams-1 sshd[31453]: Disconnected from authenticating user root 83.221.180.202 port 34262 [preauth]","@timestamp":"2022-09-07T20:22:29.925Z"}
{"@timestamp":"2022-09-07T20:23:17.886Z","@version":"1","message":"Sep  7 20:23:17 honeypot-sgp-1 kernel: [83458315.914558] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=22582 PROTO=TCP SPT=57211 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:26:48.972Z","@version":"1","message":"Sep  7 20:26:48 honeypot-sgp-1 sshd[28958]: Received disconnect from 61.177.173.51 port 53810:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:28:18 honeypot-ams-1 sshd[31460]: Did not receive identification string from 45.61.186.249 port 46198","@timestamp":"2022-09-07T20:28:18.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:00 honeypot-ams-1 sshd[31465]: Disconnected from invalid user user 45.61.186.249 port 60548 [preauth]","@timestamp":"2022-09-07T20:29:01.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:19 honeypot-ams-1 sshd[31469]: Disconnected from invalid user user 45.61.186.249 port 54966 [preauth]","@timestamp":"2022-09-07T20:29:20.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:38 honeypot-ams-1 sshd[31473]: Disconnected from invalid user user 45.61.186.249 port 49372 [preauth]","@timestamp":"2022-09-07T20:29:39.116Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:30:40 honeypot-ams-1 kernel: [83459229.013889] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54283 PROTO=TCP SPT=61002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:30:41.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:32:49 honeypot-fra-1 kernel: [83457211.700735] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=75.119.158.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=64595 PROTO=TCP SPT=54341 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:32:49.762Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:09 honeypot-fra-1 sshd[21709]: Received disconnect from 198.98.61.9 port 42792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:35:09.815Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T20:35:18.176Z","@version":"1","message":"Sep  7 20:35:17 honeypot-sgp-1 sshd[28965]: Connection closed by 162.142.125.211 port 44776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:25 honeypot-fra-1 sshd[21713]: Received disconnect from 198.98.61.9 port 36658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:35:25.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:40 honeypot-fra-1 sshd[21717]: Received disconnect from 198.98.61.9 port 58744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:35:40.829Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:35:49 honeypot-ams-1 sshd[31482]: Disconnected from authenticating user root 61.177.173.39 port 27565 [preauth]","@timestamp":"2022-09-07T20:35:50.281Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:54 honeypot-fra-1 sshd[21721]: Received disconnect from 198.98.61.9 port 52610:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:35:54.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:40:08 honeypot-ams-1 sshd[31489]: Received disconnect from 35.199.73.100 port 44216:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:40:09.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:40:15 honeypot-fra-1 sshd[21726]: Disconnected from invalid user hollowaye 43.132.229.233 port 44434 [preauth]","@timestamp":"2022-09-07T20:40:16.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:40:37 honeypot-ams-1 sshd[31493]: Received disconnect from 103.146.202.146 port 52118:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:40:38.409Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:40:58 honeypot-ams-1 kernel: [83459847.363308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=50338 DF PROTO=TCP SPT=62629 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:40:59.419Z"}
{"@timestamp":"2022-09-07T20:41:25.325Z","@version":"1","message":"Sep  7 20:41:24 honeypot-sgp-1 sshd[28974]: Received disconnect from 92.255.85.70 port 28800:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:43:24 honeypot-ams-1 sshd[31501]: Received disconnect from 43.154.99.250 port 50768:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:43:25.484Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:44:36 honeypot-ams-1 sshd[31505]: Disconnected from invalid user billy 134.122.23.33 port 51878 [preauth]","@timestamp":"2022-09-07T20:44:36.515Z"}
{"@timestamp":"2022-09-07T20:45:48.434Z","@version":"1","message":"Sep  7 20:45:48 honeypot-sgp-1 sshd[28977]: Invalid user alvaro from 167.172.142.20 port 48864","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:46:26 honeypot-fra-1 kernel: [83458028.422168] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.219.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=9600 PROTO=TCP SPT=43161 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:46:27.070Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T20:48:10.494Z","@version":"1","message":"Sep  7 20:48:10 honeypot-sgp-1 sshd[28982]: Disconnected from authenticating user root 62.84.124.148 port 59436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:48:30 honeypot-ams-1 sshd[31510]: Disconnected from invalid user bks 202.69.36.45 port 38246 [preauth]","@timestamp":"2022-09-07T20:48:30.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:51:09 honeypot-fra-1 sshd[21736]: Invalid user pi from 193.183.247.216 port 50478","@timestamp":"2022-09-07T20:51:09.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:52:21 honeypot-fra-1 kernel: [83458383.817670] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.167.91.252 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=45828 PROTO=TCP SPT=43841 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:52:22.204Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:54:45 honeypot-ams-1 sshd[31519]: Received disconnect from 61.177.172.19 port 20985:11:  [preauth]","@timestamp":"2022-09-07T20:54:45.781Z"}
{"@timestamp":"2022-09-07T20:56:45.698Z","@version":"1","message":"Sep  7 20:56:44 honeypot-sgp-1 sshd[28989]: Disconnected from authenticating user root 61.177.173.51 port 18988 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:59:02 honeypot-ams-1 sshd[31523]: Disconnected from invalid user noc 123.108.102.2 port 47282 [preauth]","@timestamp":"2022-09-07T20:59:02.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:59:46 honeypot-ams-1 sshd[31529]: Received disconnect from 45.61.186.169 port 49738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:59:46.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:00:04 honeypot-ams-1 sshd[31533]: Invalid user user from 45.61.186.169 port 44726","@timestamp":"2022-09-07T21:00:04.930Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:00:21 honeypot-ams-1 sshd[31537]: Invalid user user from 45.61.186.169 port 39628","@timestamp":"2022-09-07T21:00:21.939Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:02:59 honeypot-ams-1 sshd[31542]: Invalid user christophe from 112.111.0.245 port 22996","@timestamp":"2022-09-07T21:03:00.007Z"}
{"@timestamp":"2022-09-07T21:04:34.885Z","@version":"1","message":"Sep  7 21:04:34 honeypot-sgp-1 sshd[28994]: Disconnected from authenticating user root 92.255.85.70 port 44586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:06 honeypot-ams-1 sshd[31546]: Received disconnect from 198.98.61.9 port 43654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:05:07.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:25 honeypot-ams-1 sshd[31550]: Received disconnect from 198.98.61.9 port 41224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:05:26.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:34 honeypot-ams-1 sshd[31554]: Received disconnect from 198.98.61.9 port 54192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:05:35.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:51 honeypot-ams-1 sshd[31558]: Received disconnect from 198.98.61.9 port 51706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:05:52.088Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:06:41 honeypot-fra-1 kernel: [83459243.748750] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=2686 PROTO=TCP SPT=44403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:06:42.514Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T21:06:43.939Z","@version":"1","message":"Sep  7 21:06:43 honeypot-sgp-1 sshd[29001]: Received disconnect from 61.177.173.49 port 43515:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 21:07:45 honeypot-ams-1 kernel: [83461453.643295] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=5436 DF PROTO=TCP SPT=40950 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:07:46.141Z"}
{"@timestamp":"2022-09-07T21:08:04.974Z","@version":"1","message":"Sep  7 21:08:04 honeypot-sgp-1 sshd[29007]: Received disconnect from 61.177.173.47 port 57369:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:10:15 honeypot-ams-1 sshd[31567]: Received disconnect from 61.177.173.36 port 64932:11:  [preauth]","@timestamp":"2022-09-07T21:10:16.208Z"}
{"@timestamp":"2022-09-07T21:10:29.034Z","@version":"1","message":"Sep  7 21:10:28 honeypot-sgp-1 kernel: [83461146.673078] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=30528 DF PROTO=TCP SPT=60958 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:12:23 honeypot-fra-1 kernel: [83459585.519766] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.75.100.210 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=44589 DF PROTO=TCP SPT=40797 DPT=80 WINDOW=5808 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:12:23.652Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21763]: Invalid user admin from 101.43.252.152 port 46284","@timestamp":"2022-09-07T21:13:18.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21763]: Connection closed by invalid user admin 101.43.252.152 port 46284 [preauth]","@timestamp":"2022-09-07T21:13:18.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21771]: Invalid user steam from 101.43.252.152 port 46248","@timestamp":"2022-09-07T21:13:19.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:19 honeypot-fra-1 sshd[21777]: Invalid user admin from 101.43.252.152 port 46254","@timestamp":"2022-09-07T21:13:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:20 honeypot-fra-1 sshd[21788]: Invalid user ftpuser from 101.43.252.152 port 46296","@timestamp":"2022-09-07T21:13:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:20 honeypot-fra-1 sshd[21788]: Connection closed by invalid user ftpuser 101.43.252.152 port 46296 [preauth]","@timestamp":"2022-09-07T21:13:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:21 honeypot-fra-1 sshd[21778]: Connection closed by invalid user steam 101.43.252.152 port 46246 [preauth]","@timestamp":"2022-09-07T21:13:21.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:21 honeypot-fra-1 sshd[21805]: Invalid user test from 101.43.252.152 port 46260","@timestamp":"2022-09-07T21:13:22.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 21:15:26 honeypot-ams-1 kernel: [83461914.652269] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=17320 PROTO=TCP SPT=45043 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:15:26.343Z"}
{"@timestamp":"2022-09-07T21:17:02.190Z","@version":"1","message":"Sep  7 21:17:01 honeypot-sgp-1 CRON[29013]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:18:12 honeypot-ams-1 sshd[31581]: Disconnected from authenticating user root 61.177.173.51 port 46032 [preauth]","@timestamp":"2022-09-07T21:18:12.415Z"}
{"@timestamp":"2022-09-07T21:22:31.317Z","@version":"1","message":"Sep  7 21:22:30 honeypot-sgp-1 kernel: [83461868.610490] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38020 PROTO=TCP SPT=54923 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:23:44 honeypot-fra-1 sshd[21812]: Received disconnect from 92.255.85.70 port 61248:11: Bye Bye [preauth]","@timestamp":"2022-09-07T21:23:44.903Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T21:27:00.423Z","@version":"1","message":"Sep  7 21:26:59 honeypot-sgp-1 sshd[29027]: Disconnected from authenticating user root 92.255.85.70 port 48976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 21:32:26 honeypot-ams-1 kernel: [83462934.976009] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.3.104.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=19468 PROTO=TCP SPT=56248 DPT=80 WINDOW=39074 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:32:26.785Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:34:44 honeypot-fra-1 sshd[21817]: Invalid user menyhart from 168.138.209.113 port 59642","@timestamp":"2022-09-07T21:34:45.139Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:35:31 honeypot-fra-1 sshd[21821]: Received disconnect from 43.132.180.210 port 34916:11: Bye Bye [preauth]","@timestamp":"2022-09-07T21:35:31.157Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T21:36:35.644Z","@version":"1","message":"Sep  7 21:36:34 honeypot-sgp-1 sshd[29036]: Received disconnect from 61.177.173.53 port 54000:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:38:52 honeypot-ams-1 sshd[31600]: Received disconnect from 92.255.85.70 port 34634:11: Bye Bye [preauth]","@timestamp":"2022-09-07T21:38:52.951Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:39:57 honeypot-fra-1 sshd[21827]: Invalid user takahama from 202.125.94.71 port 38230","@timestamp":"2022-09-07T21:39:58.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:01 honeypot-fra-1 kernel: [83461423.102470] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=112.95.154.5 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=60993 DF PROTO=TCP SPT=54970 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:43:01.350Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:36 honeypot-fra-1 sshd[21835]: Received disconnect from 141.255.162.226 port 48900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:43:36.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:40 honeypot-fra-1 sshd[21839]: Received disconnect from 141.255.162.226 port 56918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:43:41.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:41 honeypot-fra-1 sshd[21843]: Received disconnect from 141.255.162.226 port 40880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:43:42.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:45:11 honeypot-fra-1 sshd[21848]: Disconnected from authenticating user root 185.118.48.206 port 39264 [preauth]","@timestamp":"2022-09-07T21:45:12.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:48:09 honeypot-ams-1 sshd[31606]: Received disconnect from 61.177.173.53 port 22337:11:  [preauth]","@timestamp":"2022-09-07T21:48:10.189Z"}
{"@timestamp":"2022-09-07T21:50:30.969Z","@version":"1","message":"Sep  7 21:50:30 honeypot-sgp-1 sshd[29045]: error: maximum authentication attempts exceeded for root from 120.48.37.84 port 49754 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:37.973Z","@version":"1","message":"Sep  7 21:50:37 honeypot-sgp-1 sshd[29051]: Invalid user admin from 120.48.37.84 port 54390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:44.977Z","@version":"1","message":"Sep  7 21:50:44 honeypot-sgp-1 sshd[29055]: Invalid user admin from 120.48.37.84 port 58666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:49.980Z","@version":"1","message":"Sep  7 21:50:49 honeypot-sgp-1 sshd[29059]: Invalid user oracle from 120.48.37.84 port 34318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:54.983Z","@version":"1","message":"Sep  7 21:50:54 honeypot-sgp-1 sshd[29063]: Invalid user usuario from 120.48.37.84 port 38186","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:53:56 honeypot-fra-1 sshd[21853]: Disconnected from invalid user chandru 111.202.249.76 port 2667 [preauth]","@timestamp":"2022-09-07T21:53:56.590Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:54:05 honeypot-ams-1 sshd[31613]: Invalid user admin from 128.199.10.193 port 57058","@timestamp":"2022-09-07T21:54:06.345Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 21:55:09 honeypot-ams-1 kernel: [83464298.305539] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.95.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37587 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:55:10.374Z"}
{"@timestamp":"2022-09-07T21:56:31.116Z","@version":"1","message":"Sep  7 21:56:30 honeypot-sgp-1 sshd[29070]: Received disconnect from 139.59.226.255 port 52942:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:58:07 honeypot-ams-1 sshd[31621]: Disconnected from authenticating user root 61.177.173.50 port 42134 [preauth]","@timestamp":"2022-09-07T21:58:08.452Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:59:52 honeypot-fra-1 sshd[21859]: Connection closed by 36.156.145.28 port 58018 [preauth]","@timestamp":"2022-09-07T21:59:52.720Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:02:20 honeypot-ams-1 sshd[31629]: Connection closed by invalid user Admin 191.97.5.172 port 1127 [preauth]","@timestamp":"2022-09-07T22:02:21.561Z"}
{"@timestamp":"2022-09-07T22:05:39.330Z","@version":"1","message":"Sep  7 22:05:39 honeypot-sgp-1 kernel: [83464457.170858] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46962 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:08:23 honeypot-fra-1 sshd[21864]: Disconnected from authenticating user root 92.255.85.70 port 58132 [preauth]","@timestamp":"2022-09-07T22:08:23.907Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:11:38 honeypot-ams-1 sshd[31635]: Disconnected from authenticating user root 187.86.132.252 port 33418 [preauth]","@timestamp":"2022-09-07T22:11:38.790Z"}
{"@timestamp":"2022-09-07T22:11:46.475Z","@version":"1","message":"Sep  7 22:11:46 honeypot-sgp-1 sshd[29081]: Disconnected from authenticating user root 92.255.85.70 port 21168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:16:06 honeypot-fra-1 sshd[21868]: Disconnected from invalid user jin 165.22.45.108 port 51434 [preauth]","@timestamp":"2022-09-07T22:16:07.077Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T22:17:01.599Z","@version":"1","message":"Sep  7 22:17:01 honeypot-sgp-1 CRON[29086]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:20:13 honeypot-ams-1 sshd[31645]: Received disconnect from 62.202.41.155 port 53138:11: Bye Bye [preauth]","@timestamp":"2022-09-07T22:20:14.025Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:21:28 honeypot-fra-1 sshd[21876]: Received disconnect from 36.134.68.142 port 34802:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T22:21:29.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:25:45 honeypot-ams-1 sshd[31652]: Disconnected from authenticating user root 128.199.124.131 port 41938 [preauth]","@timestamp":"2022-09-07T22:25:46.167Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:28:20 honeypot-fra-1 sshd[21881]: Disconnected from authenticating user root 36.134.68.142 port 45636 [preauth]","@timestamp":"2022-09-07T22:28:21.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T22:31:25.933Z","@version":"1","message":"Sep  7 22:31:25 honeypot-sgp-1 sshd[29091]: Connection closed by invalid user pi 98.128.250.169 port 53282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:31:47 honeypot-fra-1 sshd[21886]: Received disconnect from 92.255.85.69 port 22858:11: Bye Bye [preauth]","@timestamp":"2022-09-07T22:31:48.433Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T22:39:47.129Z","@version":"1","message":"Sep  7 22:39:46 honeypot-sgp-1 kernel: [83466504.955758] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36452 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:41:09 honeypot-fra-1 kernel: [83464911.461716] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.176.54 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64702 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T22:41:09.636Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 22:41:51 honeypot-ams-1 kernel: [83467099.901375] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=57787 PROTO=TCP SPT=34951 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T22:41:51.560Z"}
{"@timestamp":"2022-09-07T22:44:39.244Z","@version":"1","message":"Sep  7 22:44:38 honeypot-sgp-1 kernel: [83466796.424778] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=55710 PROTO=TCP SPT=56429 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:50:25 honeypot-fra-1 sshd[21894]: Received disconnect from 165.22.45.108 port 60912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T22:50:25.839Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:50:55 honeypot-ams-1 sshd[31662]: Received disconnect from 118.70.180.189 port 33163:11: Bye Bye [preauth]","@timestamp":"2022-09-07T22:50:55.779Z"}
{"@timestamp":"2022-09-07T22:52:00.416Z","@version":"1","message":"Sep  7 22:51:59 honeypot-sgp-1 kernel: [83467237.728647] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.143.131.221 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=49870 PROTO=TCP SPT=49670 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:54:28 honeypot-fra-1 sshd[21899]: Disconnected from authenticating user root 92.255.85.69 port 15638 [preauth]","@timestamp":"2022-09-07T22:54:28.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:59:20 honeypot-fra-1 kernel: [83466002.160504] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=158.255.7.133 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=62355 PROTO=TCP SPT=51529 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T22:59:21.048Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:59:23 honeypot-ams-1 sshd[31669]: Invalid user lemwal from 159.89.163.158 port 54066","@timestamp":"2022-09-07T22:59:23.995Z"}
{"@timestamp":"2022-09-07T23:00:26.612Z","@version":"1","message":"Sep  7 23:00:26 honeypot-sgp-1 sshd[29114]: Disconnected from invalid user press 175.97.136.186 port 33808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:04:10.702Z","@version":"1","message":"Sep  7 23:04:10 honeypot-sgp-1 sshd[29117]: Disconnected from invalid user csilla 125.212.225.165 port 15351 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:04:11 honeypot-ams-1 kernel: [83468439.634292] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=182.86.221.11 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=51704 PROTO=TCP SPT=16656 DPT=443 WINDOW=27704 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:04:12.129Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:04:46 honeypot-fra-1 sshd[21903]: Disconnected from invalid user elfi 181.49.254.238 port 54460 [preauth]","@timestamp":"2022-09-07T23:04:47.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:11:25 honeypot-fra-1 sshd[21908]: Invalid user pb from 165.227.182.136 port 39318","@timestamp":"2022-09-07T23:11:26.366Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:15:53.974Z","@version":"1","message":"Sep  7 23:15:53 honeypot-sgp-1 kernel: [83468671.345914] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=2.57.122.98 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=36750 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:16:25 honeypot-fra-1 sshd[21913]: Received disconnect from 92.255.85.70 port 51786:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:16:25.475Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:16:40 honeypot-ams-1 sshd[31679]: Received disconnect from 103.226.249.51 port 60472:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:16:40.451Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:17:05 honeypot-fra-1 kernel: [83467067.634808] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.199.87 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54878 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:17:06.492Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:20:10 honeypot-ams-1 kernel: [83469399.047560] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=26478 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:20:11.545Z"}
{"@timestamp":"2022-09-07T23:22:43.133Z","@version":"1","message":"Sep  7 23:22:42 honeypot-sgp-1 kernel: [83469080.864589] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=15813 DF PROTO=TCP SPT=16837 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:24:00 honeypot-fra-1 sshd[21926]: Invalid user hyh from 103.188.176.251 port 38668","@timestamp":"2022-09-07T23:24:01.645Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:25:46 honeypot-ams-1 sshd[31692]: Invalid user yuho from 188.112.63.67 port 30672","@timestamp":"2022-09-07T23:25:46.693Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:30:10 honeypot-ams-1 kernel: [83469998.926763] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.194.111 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43808 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:30:10.810Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:30:28 honeypot-fra-1 kernel: [83467870.129424] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.151.124.68 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=16461 PROTO=TCP SPT=47922 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:30:28.801Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T23:37:09.464Z","@version":"1","message":"Sep  7 23:37:09 honeypot-sgp-1 sshd[29131]: Disconnecting invalid user admin 2.24.76.90 port 51293: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:38:37 honeypot-fra-1 sshd[21934]: Received disconnect from 92.255.85.69 port 46480:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:38:37.981Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:40:04.532Z","@version":"1","message":"Sep  7 23:40:03 honeypot-sgp-1 sshd[29138]: Received disconnect from 27.50.54.88 port 52196:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:42:19 honeypot-ams-1 sshd[31700]: Invalid user silke from 187.235.4.20 port 45940","@timestamp":"2022-09-07T23:42:20.146Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:43:28 honeypot-fra-1 kernel: [83468650.502895] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.49.193 DST=165.22.82.222 LEN=44 TOS=0x10 PREC=0x00 TTL=123 ID=36876 PROTO=TCP SPT=17340 DPT=80 WINDOW=56929 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:43:29.089Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:43:38 honeypot-ams-1 kernel: [83470807.209956] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.161.27.89 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=39219 PROTO=TCP SPT=47943 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:43:39.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:45:19 honeypot-fra-1 sshd[21942]: Disconnected from invalid user schiek 103.219.207.118 port 35212 [preauth]","@timestamp":"2022-09-07T23:45:20.130Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:48:08.716Z","@version":"1","message":"Sep  7 23:48:08 honeypot-sgp-1 sshd[29146]: Connection closed by invalid user oracle 103.188.176.251 port 43254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:55:36 honeypot-ams-1 sshd[31706]: Disconnected from authenticating user root 92.255.85.69 port 51302 [preauth]","@timestamp":"2022-09-07T23:55:37.498Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:55:41 honeypot-fra-1 sshd[21948]: Did not receive identification string from 172.105.96.215 port 34630","@timestamp":"2022-09-07T23:55:41.358Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:58:11.950Z","@version":"1","message":"Sep  7 23:58:11 honeypot-sgp-1 sshd[29153]: Invalid user user from 45.61.187.160 port 59420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:58:25.957Z","@version":"1","message":"Sep  7 23:58:25 honeypot-sgp-1 kernel: [83471223.651244] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48954 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:58:42.966Z","@version":"1","message":"Sep  7 23:58:42 honeypot-sgp-1 sshd[29159]: Disconnected from invalid user user 45.61.187.160 port 37386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:59:03.975Z","@version":"1","message":"Sep  7 23:59:03 honeypot-sgp-1 sshd[29163]: Received disconnect from 45.61.187.160 port 60334:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:00:12 honeypot-ams-1 sshd[31710]: Disconnected from authenticating user root 144.48.227.75 port 50568 [preauth]","@timestamp":"2022-09-08T00:00:13.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:02:15 honeypot-fra-1 sshd[21952]: Disconnected from authenticating user root 92.255.85.70 port 34696 [preauth]","@timestamp":"2022-09-08T00:02:15.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21960]: Invalid user ubuntu from 64.225.98.47 port 43980","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21965]: Invalid user guest from 64.225.98.47 port 43992","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21969]: Connection closed by invalid user es 64.225.98.47 port 43984 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21964]: Invalid user esuser from 64.225.98.47 port 43990","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21956]: Connection closed by invalid user azureadmin 64.225.98.47 port 43968 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21973]: Connection closed by invalid user esuser 64.225.98.47 port 44004 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21980]: Connection closed by invalid user es 64.225.98.47 port 44024 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:30 honeypot-fra-1 sshd[21972]: Invalid user ubuntu from 64.225.98.47 port 43998","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:30 honeypot-fra-1 sshd[21983]: Invalid user ftpuser from 64.225.98.47 port 44036","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:04:11 honeypot-ams-1 sshd[31716]: Connection closed by 185.246.188.60 port 50180 [preauth]","@timestamp":"2022-09-08T00:04:11.738Z"}
{"@timestamp":"2022-09-08T00:05:10.123Z","@version":"1","message":"Sep  8 00:05:09 honeypot-sgp-1 kernel: [83471627.296094] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=46580 PROTO=TCP SPT=55176 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T00:08:26.202Z","@version":"1","message":"Sep  8 00:08:25 honeypot-sgp-1 sshd[29173]: Received disconnect from 220.243.178.124 port 49910:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:10:03 honeypot-fra-1 sshd[22014]: Received disconnect from 87.245.184.58 port 55536:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:10:03.671Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T00:11:23.272Z","@version":"1","message":"Sep  8 00:11:22 honeypot-sgp-1 sshd[29177]: Connection closed by 192.241.216.29 port 33920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 00:12:03 honeypot-ams-1 kernel: [83472511.442887] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.210.107.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=250 ID=34664 PROTO=TCP SPT=55695 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:12:03.978Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:15:18 honeypot-fra-1 sshd[22022]: Disconnected from authenticating user root 161.35.59.177 port 58366 [preauth]","@timestamp":"2022-09-08T00:15:19.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:17:01 honeypot-fra-1 CRON[22026]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T00:17:01.829Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:17:01 honeypot-ams-1 CRON[31724]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T00:17:02.114Z"}
{"@timestamp":"2022-09-08T00:18:32.440Z","@version":"1","message":"Sep  8 00:18:31 honeypot-sgp-1 sshd[29185]: Disconnected from authenticating user root 41.76.175.89 port 58082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:20:16 honeypot-fra-1 sshd[22031]: Received disconnect from 35.186.145.141 port 38916:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:20:16.902Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T00:20:22.486Z","@version":"1","message":"Sep  8 00:20:22 honeypot-sgp-1 sshd[29191]: Received disconnect from 58.246.125.198 port 53566:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:18 honeypot-fra-1 sshd[22037]: Invalid user user from 141.255.162.226 port 45022","@timestamp":"2022-09-08T00:22:18.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:22 honeypot-fra-1 sshd[22041]: Invalid user user from 141.255.162.226 port 42596","@timestamp":"2022-09-08T00:22:22.950Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:26 honeypot-fra-1 sshd[22045]: Invalid user user from 141.255.162.226 port 59806","@timestamp":"2022-09-08T00:22:26.952Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:28 honeypot-fra-1 sshd[22049]: Invalid user user from 141.255.162.226 port 40184","@timestamp":"2022-09-08T00:22:28.953Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T00:24:30.583Z","@version":"1","message":"Sep  8 00:24:29 honeypot-sgp-1 sshd[29199]: Received disconnect from 92.241.68.2 port 52870:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:26:12 honeypot-fra-1 sshd[22051]: Disconnected from authenticating user root 92.255.85.69 port 63848 [preauth]","@timestamp":"2022-09-08T00:26:13.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:26:33 honeypot-ams-1 sshd[31731]: Did not receive identification string from 45.61.187.160 port 44504","@timestamp":"2022-09-08T00:26:34.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:12 honeypot-ams-1 sshd[31734]: Disconnected from invalid user user 45.61.187.160 port 45498 [preauth]","@timestamp":"2022-09-08T00:27:13.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:31 honeypot-ams-1 sshd[31738]: Disconnected from invalid user user 45.61.187.160 port 40908 [preauth]","@timestamp":"2022-09-08T00:27:32.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:50 honeypot-ams-1 sshd[31742]: Disconnected from invalid user user 45.61.187.160 port 36336 [preauth]","@timestamp":"2022-09-08T00:27:51.405Z"}
{"@timestamp":"2022-09-08T00:29:00.706Z","@version":"1","message":"Sep  8 00:29:00 honeypot-sgp-1 sshd[29203]: Received disconnect from 92.255.85.69 port 18472:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T00:35:56.871Z","@version":"1","message":"Sep  8 00:35:55 honeypot-sgp-1 kernel: [83473473.843143] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=22792 PROTO=TCP SPT=54594 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:39:02 honeypot-fra-1 kernel: [83471984.211019] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.17 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=43061 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:39:03.310Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:41:09 honeypot-ams-1 sshd[31751]: Received disconnect from 92.255.85.69 port 17224:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:41:09.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:51:48 honeypot-fra-1 sshd[22062]: Connection closed by invalid user atv 141.98.10.158 port 36610 [preauth]","@timestamp":"2022-09-08T00:51:48.580Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 00:54:38 honeypot-ams-1 kernel: [83475067.190847] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.27.172.39 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=26364 PROTO=TCP SPT=49353 DPT=80 WINDOW=6153 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:54:39.107Z"}
{"@timestamp":"2022-09-08T00:59:00.405Z","@version":"1","message":"Sep  8 00:59:00 honeypot-sgp-1 kernel: [83474858.160314] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=7608 PROTO=TCP SPT=27678 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:00:25 honeypot-fra-1 sshd[22069]: Connection closed by 27.212.160.219 port 45574 [preauth]","@timestamp":"2022-09-08T01:00:26.768Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:03:49 honeypot-ams-1 sshd[31764]: Received disconnect from 92.255.85.70 port 37288:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:03:49.348Z"}
{"@timestamp":"2022-09-08T01:04:37.536Z","@version":"1","message":"Sep  8 01:04:37 honeypot-sgp-1 sshd[29222]: Disconnected from invalid user oracle 143.244.144.227 port 48030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:12:36 honeypot-fra-1 sshd[22095]: Disconnected from invalid user jira 165.22.45.108 port 42024 [preauth]","@timestamp":"2022-09-08T01:12:37.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:15:24.784Z","@version":"1","message":"Sep  8 01:15:24 honeypot-sgp-1 sshd[29229]: Disconnected from invalid user admin 36.91.166.34 port 51240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:16:24 honeypot-ams-1 sshd[31771]: Disconnected from invalid user user 107.172.63.33 port 51958 [preauth]","@timestamp":"2022-09-08T01:16:24.701Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:19:11 honeypot-fra-1 sshd[22104]: Invalid user ismail from 222.252.243.104 port 32829","@timestamp":"2022-09-08T01:19:12.180Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:19:36.886Z","@version":"1","message":"Sep  8 01:19:36 honeypot-sgp-1 kernel: [83476094.677215] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=33861 PROTO=TCP SPT=52158 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:25:41.026Z","@version":"1","message":"Sep  8 01:25:40 honeypot-sgp-1 kernel: [83476458.366024] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.214.163 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49372 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:26:26 honeypot-ams-1 sshd[31783]: Received disconnect from 92.255.85.69 port 16184:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:26:26.962Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:31:14 honeypot-fra-1 sshd[22108]: Received disconnect from 165.22.45.108 port 46734:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T01:31:15.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:34:58.242Z","@version":"1","message":"Sep  8 01:34:57 honeypot-sgp-1 sshd[29245]: Disconnected from authenticating user root 178.13.71.142 port 53561 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:35:30 honeypot-fra-1 sshd[22112]: Connection closed by invalid user Admin 222.85.188.6 port 60423 [preauth]","@timestamp":"2022-09-08T01:35:31.532Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 01:38:10 honeypot-ams-1 kernel: [83477679.099385] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=38459 PROTO=TCP SPT=40879 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T01:38:11.267Z"}
{"@timestamp":"2022-09-08T01:46:13.508Z","@version":"1","message":"Sep  8 01:46:13 honeypot-sgp-1 sshd[29251]: error: maximum authentication attempts exceeded for invalid user admin from 61.115.72.251 port 56482 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:46:14 honeypot-fra-1 sshd[22118]: Disconnected from authenticating user root 164.92.212.181 port 55292 [preauth]","@timestamp":"2022-09-08T01:46:14.768Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:49:19 honeypot-ams-1 sshd[31792]: Received disconnect from 92.255.85.69 port 54812:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:49:20.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:49:45 honeypot-fra-1 sshd[22122]: Received disconnect from 93.113.61.126 port 40644:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:49:45.845Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:50:47 honeypot-ams-1 sshd[31796]: Received disconnect from 162.215.1.202 port 49522:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:50:48.599Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:52:49 honeypot-fra-1 sshd[22153]: Invalid user postgres from 175.178.238.82 port 41958","@timestamp":"2022-09-08T01:52:49.913Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:54:01 honeypot-ams-1 sshd[31803]: Invalid user testing from 212.49.70.200 port 51120","@timestamp":"2022-09-08T01:54:01.685Z"}
{"@timestamp":"2022-09-08T01:54:42.706Z","@version":"1","message":"Sep  8 01:54:41 honeypot-sgp-1 kernel: [83478199.611452] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.137.89.38 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x40 TTL=55 ID=65444 DF PROTO=TCP SPT=25177 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:54:49 honeypot-ams-1 sshd[31807]: Received disconnect from 84.22.117.95 port 60564:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:54:49.709Z"}
{"@timestamp":"2022-09-08T01:56:13.764Z","@version":"1","message":"Sep  8 01:56:13 honeypot-sgp-1 sshd[29260]: Received disconnect from 45.61.187.160 port 33936:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:56:33.773Z","@version":"1","message":"Sep  8 01:56:33 honeypot-sgp-1 sshd[29264]: Received disconnect from 45.61.187.160 port 56822:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:56:52.783Z","@version":"1","message":"Sep  8 01:56:52 honeypot-sgp-1 sshd[29268]: Received disconnect from 45.61.187.160 port 51464:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:58:51.832Z","@version":"1","message":"Sep  8 01:58:51 honeypot-sgp-1 sshd[29273]: Received disconnect from 92.255.85.70 port 17822:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:59:33 honeypot-fra-1 sshd[22160]: Invalid user keller from 124.152.76.180 port 43652","@timestamp":"2022-09-08T01:59:34.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:02:29 honeypot-ams-1 sshd[31814]: Received disconnect from 165.227.118.71 port 33928:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:02:29.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:02:46 honeypot-fra-1 sshd[22164]: Received disconnect from 186.10.245.152 port 45638:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:02:47.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:12:54 honeypot-fra-1 kernel: [83477615.989713] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.220.165.103 DST=165.22.82.222 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=11767 DF PROTO=TCP SPT=35505 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:12:55.350Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:13:04 honeypot-ams-1 kernel: [83479772.849746] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=42145 PROTO=TCP SPT=53209 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:13:05.190Z"}
{"@timestamp":"2022-09-08T02:21:27.408Z","@version":"1","message":"Sep  8 02:21:27 honeypot-sgp-1 sshd[29282]: Received disconnect from 92.255.85.70 port 37176:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:22:30 honeypot-fra-1 sshd[22177]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-08T02:22:31.565Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T02:23:27.461Z","@version":"1","message":"Sep  8 02:23:27 honeypot-sgp-1 sshd[29288]: Invalid user admin from 185.246.130.20 port 36665","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:23:45.470Z","@version":"1","message":"Sep  8 02:23:44 honeypot-sgp-1 sshd[29292]: Disconnecting invalid user  185.246.130.20 port 25233: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:24:14.485Z","@version":"1","message":"Sep  8 02:24:13 honeypot-sgp-1 sshd[29298]: Disconnecting invalid user admin 185.246.130.20 port 20579: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:24:40.498Z","@version":"1","message":"Sep  8 02:24:40 honeypot-sgp-1 sshd[29304]: Disconnecting invalid user manager 185.246.130.20 port 63943: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:06.513Z","@version":"1","message":"Sep  8 02:25:06 honeypot-sgp-1 sshd[29312]: Invalid user Admin from 185.246.130.20 port 22882","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:29.525Z","@version":"1","message":"Sep  8 02:25:28 honeypot-sgp-1 sshd[29319]: Invalid user user from 185.246.130.20 port 56265","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:48.535Z","@version":"1","message":"Sep  8 02:25:48 honeypot-sgp-1 sshd[29325]: Disconnecting invalid user blank 185.246.130.20 port 55276: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:26:28.554Z","@version":"1","message":"Sep  8 02:26:28 honeypot-sgp-1 sshd[29331]: Disconnecting invalid user 1234 185.246.130.20 port 20211: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:26:54.572Z","@version":"1","message":"Sep  8 02:26:54 honeypot-sgp-1 sshd[29339]: Disconnecting invalid user Cisco 185.246.130.20 port 64053: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:27:20.585Z","@version":"1","message":"Sep  8 02:27:19 honeypot-sgp-1 sshd[29345]: Disconnecting invalid user 1234 185.246.130.20 port 63242: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22189]: Invalid user ubuntu from 193.176.239.126 port 54334","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22185]: Invalid user esuser from 193.176.239.126 port 54352","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22193]: Invalid user hadoop from 193.176.239.126 port 54282","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22211]: Invalid user es from 193.176.239.126 port 54302","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22186]: Invalid user hadoop from 193.176.239.126 port 54314","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22185]: Connection closed by invalid user esuser 193.176.239.126 port 54352 [preauth]","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22201]: Connection closed by invalid user elastic 193.176.239.126 port 54304 [preauth]","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22184]: Connection closed by invalid user postgres 193.176.239.126 port 54356 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22195]: Connection closed by invalid user test 193.176.239.126 port 54278 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22212]: Connection closed by authenticating user root 193.176.239.126 port 54272 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T02:27:40.595Z","@version":"1","message":"Sep  8 02:27:39 honeypot-sgp-1 sshd[29351]: Disconnecting invalid user  185.246.130.20 port 5375: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:45 honeypot-fra-1 kernel: [83478506.647927] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=61584 PROTO=TCP SPT=45020 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:27:45.687Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:27:47 honeypot-ams-1 sshd[32260]: Received disconnect from 20.226.1.90 port 55266:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:27:48.564Z"}
{"@timestamp":"2022-09-08T02:28:02.607Z","@version":"1","message":"Sep  8 02:28:02 honeypot-sgp-1 sshd[29357]: Disconnecting invalid user admin 185.246.130.20 port 52327: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:28:29.622Z","@version":"1","message":"Sep  8 02:28:29 honeypot-sgp-1 sshd[29365]: Disconnecting invalid user  185.246.130.20 port 38294: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:29:06.641Z","@version":"1","message":"Sep  8 02:29:06 honeypot-sgp-1 sshd[29373]: Invalid user c1@r0 from 185.246.130.20 port 2364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:29:36.657Z","@version":"1","message":"Sep  8 02:29:36 honeypot-sgp-1 sshd[29379]: Invalid user superonline from 185.246.130.20 port 15685","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:30:03.671Z","@version":"1","message":"Sep  8 02:30:02 honeypot-sgp-1 sshd[29385]: Invalid user Admin from 185.246.130.20 port 5335","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:30:22 honeypot-ams-1 sshd[32264]: Invalid user jack from 159.65.133.176 port 34416","@timestamp":"2022-09-08T02:30:22.633Z"}
{"@timestamp":"2022-09-08T02:30:22.681Z","@version":"1","message":"Sep  8 02:30:22 honeypot-sgp-1 sshd[29391]: Invalid user herbert from 139.59.230.111 port 54674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:30:41.691Z","@version":"1","message":"Sep  8 02:30:41 honeypot-sgp-1 sshd[29395]: Disconnecting invalid user admin1234 185.246.130.20 port 63243: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:31:03 honeypot-ams-1 kernel: [83480851.456121] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.233.191 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=389 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:31:03.655Z"}
{"@timestamp":"2022-09-08T02:31:05.704Z","@version":"1","message":"Sep  8 02:31:05 honeypot-sgp-1 sshd[29401]: Received disconnect from 52.227.167.147 port 45994:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:31:28.715Z","@version":"1","message":"Sep  8 02:31:28 honeypot-sgp-1 sshd[29407]: Invalid user admin from 185.246.130.20 port 11892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:31:52.728Z","@version":"1","message":"Sep  8 02:31:52 honeypot-sgp-1 sshd[29413]: Disconnecting authenticating user root 185.246.130.20 port 33454: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:32:22.743Z","@version":"1","message":"Sep  8 02:32:22 honeypot-sgp-1 sshd[29419]: Disconnecting invalid user 0 185.246.130.20 port 45819: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:32:42.754Z","@version":"1","message":"Sep  8 02:32:42 honeypot-sgp-1 sshd[29425]: Invalid user roqos from 185.246.130.20 port 23862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:33:03.766Z","@version":"1","message":"Sep  8 02:33:03 honeypot-sgp-1 sshd[29431]: Invalid user sitecom from 185.246.130.20 port 20510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:33:27.778Z","@version":"1","message":"Sep  8 02:33:27 honeypot-sgp-1 sshd[29438]: Invalid user admin from 185.246.130.20 port 53250","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:33:53.791Z","@version":"1","message":"Sep  8 02:33:53 honeypot-sgp-1 sshd[29444]: Invalid user highspeed from 185.246.130.20 port 22759","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:34:17.803Z","@version":"1","message":"Sep  8 02:34:17 honeypot-sgp-1 sshd[29450]: Invalid user  from 185.246.130.20 port 21432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:34:45.818Z","@version":"1","message":"Sep  8 02:34:44 honeypot-sgp-1 sshd[29456]: Invalid user public from 185.246.130.20 port 14195","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:35:17.834Z","@version":"1","message":"Sep  8 02:35:16 honeypot-sgp-1 sshd[29462]: Disconnecting authenticating user root 185.246.130.20 port 15942: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:35:48.851Z","@version":"1","message":"Sep  8 02:35:47 honeypot-sgp-1 sshd[29468]: Disconnecting invalid user amdin 185.246.130.20 port 2388: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:36:18.869Z","@version":"1","message":"Sep  8 02:36:17 honeypot-sgp-1 sshd[29474]: Disconnecting invalid user admin 185.246.130.20 port 10996: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:36:50.885Z","@version":"1","message":"Sep  8 02:36:50 honeypot-sgp-1 sshd[29480]: Disconnecting invalid user admin 185.246.130.20 port 39716: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:37:30.905Z","@version":"1","message":"Sep  8 02:37:29 honeypot-sgp-1 sshd[29486]: Disconnecting invalid user 1admin0 185.246.130.20 port 16587: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:38:30 honeypot-ams-1 sshd[32271]: Connection closed by 180.76.173.237 port 60078 [preauth]","@timestamp":"2022-09-08T02:38:30.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:40:28 honeypot-fra-1 kernel: [83479269.713634] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=46163 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:40:28.967Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:45:05 honeypot-ams-1 kernel: [83481693.645011] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.90.169.173 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=15307 DF PROTO=TCP SPT=39210 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:45:06.042Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:47:08 honeypot-fra-1 sshd[22250]: Received disconnect from 165.22.45.108 port 37400:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T02:47:09.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:50:24 honeypot-ams-1 sshd[32275]: Disconnected from 204.48.30.72 port 44910 [preauth]","@timestamp":"2022-09-08T02:50:25.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:51:41 honeypot-ams-1 sshd[32280]: Invalid user user from 45.61.186.249 port 51968","@timestamp":"2022-09-08T02:51:42.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:52:04 honeypot-ams-1 sshd[32284]: Invalid user user from 45.61.186.249 port 46456","@timestamp":"2022-09-08T02:52:05.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:52:24 honeypot-ams-1 sshd[32288]: Invalid user user from 45.61.186.249 port 40972","@timestamp":"2022-09-08T02:52:25.245Z"}
{"@timestamp":"2022-09-08T02:52:29.282Z","@version":"1","message":"Sep  8 02:52:28 honeypot-sgp-1 sshd[29495]: Received disconnect from 79.110.62.213 port 39302:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:52:44 honeypot-ams-1 sshd[32292]: Invalid user user from 45.61.186.249 port 35460","@timestamp":"2022-09-08T02:52:45.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:54:34 honeypot-fra-1 sshd[22257]: Disconnected from authenticating user root 168.232.123.171 port 60353 [preauth]","@timestamp":"2022-09-08T02:54:35.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:56:15 honeypot-fra-1 sshd[22261]: Received disconnect from 13.125.232.65 port 32838:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:56:16.310Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:57:29 honeypot-ams-1 sshd[32297]: Disconnected from authenticating user root 92.255.85.69 port 39402 [preauth]","@timestamp":"2022-09-08T02:57:29.382Z"}
{"@timestamp":"2022-09-08T02:57:47.414Z","@version":"1","message":"Sep  8 02:57:47 honeypot-sgp-1 sshd[29502]: Invalid user Admin from 110.39.144.54 port 59085","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:05:43.608Z","@version":"1","message":"Sep  8 03:05:43 honeypot-sgp-1 kernel: [83482461.179291] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.202.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51156 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:05:50 honeypot-fra-1 sshd[22266]: Did not receive identification string from 208.67.106.145 port 48204","@timestamp":"2022-09-08T03:05:50.521Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:07:26 honeypot-fra-1 sshd[22270]: Received disconnect from 165.22.45.108 port 42164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:07:26.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:07:50 honeypot-ams-1 sshd[32303]: Received disconnect from 207.154.228.201 port 39206:11: Bye Bye [preauth]","@timestamp":"2022-09-08T03:07:50.653Z"}
{"@timestamp":"2022-09-08T03:08:05.667Z","@version":"1","message":"Sep  8 03:08:05 honeypot-sgp-1 sshd[29526]: Disconnected from authenticating user root 92.255.85.70 port 27974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:09:48 honeypot-fra-1 sshd[22275]: Disconnected from invalid user ts3 208.67.106.145 port 52688 [preauth]","@timestamp":"2022-09-08T03:09:48.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:11:19 honeypot-fra-1 sshd[22281]: Connection closed by invalid user pi 91.115.179.129 port 52036 [preauth]","@timestamp":"2022-09-08T03:11:19.648Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:12:02.767Z","@version":"1","message":"Sep  8 03:12:02 honeypot-sgp-1 sshd[29529]: Disconnected from invalid user hrykymmt 189.5.124.232 port 39188 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:14:05 honeypot-fra-1 sshd[22286]: Disconnected from authenticating user root 167.172.220.171 port 38916 [preauth]","@timestamp":"2022-09-08T03:14:05.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:15:07 honeypot-ams-1 sshd[32307]: Connection closed by invalid user admin 59.26.219.154 port 52184 [preauth]","@timestamp":"2022-09-08T03:15:07.843Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:15:33 honeypot-fra-1 sshd[22290]: Disconnected from authenticating user root 208.67.106.145 port 37758 [preauth]","@timestamp":"2022-09-08T03:15:33.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:17:01.888Z","@version":"1","message":"Sep  8 03:17:01 honeypot-sgp-1 CRON[29536]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:08 honeypot-fra-1 sshd[22298]: Invalid user webpop from 104.248.181.156 port 33774","@timestamp":"2022-09-08T03:18:08.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22311]: Invalid user ansible from 178.62.238.239 port 56325","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22309]: Invalid user ansible from 178.62.238.239 port 56315","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22315]: Invalid user ansible from 178.62.238.239 port 56296","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22313]: Connection closed by invalid user steam 178.62.238.239 port 56330 [preauth]","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22305]: Connection closed by invalid user minecraft 178.62.238.239 port 56300 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22317]: Connection closed by invalid user guest 178.62.238.239 port 56328 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22325]: Invalid user vagrant from 178.62.238.239 port 56321","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22320]: Connection closed by invalid user es 178.62.238.239 port 56309 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22328]: Connection closed by invalid user oracle 178.62.238.239 port 56313 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22326]: Invalid user elastic from 178.62.238.239 port 56298","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:20:02 honeypot-fra-1 sshd[22362]: Received disconnect from 208.67.106.145 port 40514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:20:02.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:20:24 honeypot-ams-1 kernel: [83483812.534076] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.93.18.219 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=23333 DF PROTO=TCP SPT=53607 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-08T03:20:24.979Z"}
{"@timestamp":"2022-09-08T03:20:56.985Z","@version":"1","message":"Sep  8 03:20:56 honeypot-sgp-1 sshd[29542]: Bad protocol version identification '\\026\\003\\001' from 172.104.11.4 port 57864","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:21:21 honeypot-fra-1 sshd[22366]: Disconnected from authenticating user root 103.224.36.226 port 37320 [preauth]","@timestamp":"2022-09-08T03:21:21.889Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:21:44 honeypot-ams-1 sshd[32318]: Received disconnect from 198.98.61.9 port 40934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:21:45.017Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:22:00 honeypot-ams-1 sshd[32322]: Received disconnect from 198.98.61.9 port 35106:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:22:01.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:22:14 honeypot-ams-1 sshd[32326]: Received disconnect from 198.98.61.9 port 57508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:22:14.033Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:24:41 honeypot-fra-1 sshd[22373]: Invalid user teamspeak from 208.67.106.145 port 43374","@timestamp":"2022-09-08T03:24:41.968Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:25:00 honeypot-ams-1 kernel: [83484089.005689] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.203.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49899 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:25:01.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:27:22 honeypot-fra-1 sshd[22377]: Received disconnect from 92.255.85.69 port 29314:11: Bye Bye [preauth]","@timestamp":"2022-09-08T03:27:23.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:28:08 honeypot-fra-1 sshd[22381]: Received disconnect from 165.22.45.108 port 46924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:28:09.049Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:29:21 honeypot-fra-1 sshd[22385]: Disconnected from invalid user ansible 208.67.106.145 port 46246 [preauth]","@timestamp":"2022-09-08T03:29:22.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:30:56 honeypot-fra-1 sshd[22392]: Invalid user test from 208.67.106.145 port 56582","@timestamp":"2022-09-08T03:30:57.117Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:32:16 honeypot-fra-1 sshd[22396]: Invalid user tenancy from 157.245.122.58 port 57118","@timestamp":"2022-09-08T03:32:17.147Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:32:58.276Z","@version":"1","message":"Sep  8 03:32:57 honeypot-sgp-1 sshd[29547]: Received disconnect from 45.61.186.169 port 48776:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:33:11 honeypot-fra-1 sshd[22400]: Invalid user data.user from 157.245.122.58 port 42424","@timestamp":"2022-09-08T03:33:11.171Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:33:19.287Z","@version":"1","message":"Sep  8 03:33:18 honeypot-sgp-1 sshd[29551]: Received disconnect from 45.61.186.169 port 43950:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:33:37.296Z","@version":"1","message":"Sep  8 03:33:36 honeypot-sgp-1 sshd[29555]: Received disconnect from 45.61.186.169 port 39102:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:33:54.304Z","@version":"1","message":"Sep  8 03:33:53 honeypot-sgp-1 sshd[29559]: Received disconnect from 45.61.186.169 port 34288:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:34:03 honeypot-fra-1 sshd[22404]: Received disconnect from 157.245.122.58 port 55986:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:34:04.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:35:34 honeypot-fra-1 sshd[22409]: Received disconnect from 208.67.106.145 port 59444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:35:34.226Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:36:04 honeypot-ams-1 sshd[32332]: Invalid user admin from 59.127.48.5 port 35744","@timestamp":"2022-09-08T03:36:05.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:37:00 honeypot-fra-1 sshd[22413]: Disconnected from authenticating user root 208.67.106.145 port 41580 [preauth]","@timestamp":"2022-09-08T03:37:01.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:40:16 honeypot-ams-1 kernel: [83485004.425823] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.117.122.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57920 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:40:16.488Z"}
{"@timestamp":"2022-09-08T03:40:55.475Z","@version":"1","message":"Sep  8 03:40:55 honeypot-sgp-1 sshd[29563]: Disconnected from invalid user user 45.61.186.169 port 57006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:41:14.485Z","@version":"1","message":"Sep  8 03:41:13 honeypot-sgp-1 sshd[29567]: Disconnected from invalid user user 45.61.186.169 port 51370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:41:30 honeypot-fra-1 sshd[22420]: Disconnected from authenticating user root 208.67.106.145 port 44434 [preauth]","@timestamp":"2022-09-08T03:41:30.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:41:31.494Z","@version":"1","message":"Sep  8 03:41:30 honeypot-sgp-1 sshd[29571]: Disconnected from invalid user user 45.61.186.169 port 45754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:41:47.502Z","@version":"1","message":"Sep  8 03:41:47 honeypot-sgp-1 sshd[29575]: Disconnected from invalid user user 45.61.186.169 port 40138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:44:37 honeypot-fra-1 sshd[22424]: Disconnected from invalid user ubuntu 208.67.106.145 port 36924 [preauth]","@timestamp":"2022-09-08T03:44:37.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:45:37 honeypot-ams-1 sshd[32341]: Received disconnect from 177.19.226.178 port 40290:11: Bye Bye [preauth]","@timestamp":"2022-09-08T03:45:37.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:47:43 honeypot-fra-1 sshd[22429]: Disconnected from invalid user mos 208.67.106.145 port 57660 [preauth]","@timestamp":"2022-09-08T03:47:44.506Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:55:15.847Z","@version":"1","message":"Sep  8 03:55:15 honeypot-sgp-1 kernel: [83485433.273405] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=35223 DF PROTO=TCP SPT=51594 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:56:21 honeypot-fra-1 kernel: [83483822.877224] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=177.36.244.83 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43935 DF PROTO=TCP SPT=39883 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:56:22.691Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:08 honeypot-fra-1 sshd[22442]: Received disconnect from 178.12.151.228 port 49762:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:08.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:09 honeypot-fra-1 sshd[22446]: Disconnected from authenticating user root 178.12.151.228 port 49794 [preauth]","@timestamp":"2022-09-08T04:04:09.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:10 honeypot-fra-1 sshd[22452]: Disconnected from authenticating user root 178.12.151.228 port 49838 [preauth]","@timestamp":"2022-09-08T04:04:10.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:11 honeypot-fra-1 sshd[22458]: Disconnected from authenticating user root 178.12.151.228 port 49878 [preauth]","@timestamp":"2022-09-08T04:04:11.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:11 honeypot-fra-1 sshd[22464]: Disconnected from authenticating user root 178.12.151.228 port 49954 [preauth]","@timestamp":"2022-09-08T04:04:12.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:12 honeypot-fra-1 sshd[22470]: Disconnected from authenticating user root 178.12.151.228 port 49988 [preauth]","@timestamp":"2022-09-08T04:04:12.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:13 honeypot-fra-1 sshd[22476]: Disconnected from authenticating user root 178.12.151.228 port 50016 [preauth]","@timestamp":"2022-09-08T04:04:13.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:14 honeypot-fra-1 sshd[22482]: Disconnected from authenticating user root 178.12.151.228 port 50048 [preauth]","@timestamp":"2022-09-08T04:04:14.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:15 honeypot-fra-1 sshd[22488]: Disconnected from authenticating user root 178.12.151.228 port 50088 [preauth]","@timestamp":"2022-09-08T04:04:15.872Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:04:15 honeypot-ams-1 kernel: [83486443.509924] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.135.246.112 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=61122 PROTO=TCP SPT=59921 DPT=443 WINDOW=49724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:04:16.101Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:16 honeypot-fra-1 sshd[22494]: Disconnected from authenticating user root 178.12.151.228 port 50134 [preauth]","@timestamp":"2022-09-08T04:04:16.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:17 honeypot-fra-1 sshd[22500]: Disconnected from authenticating user root 178.12.151.228 port 50172 [preauth]","@timestamp":"2022-09-08T04:04:17.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:18 honeypot-fra-1 sshd[22506]: Disconnected from authenticating user root 178.12.151.228 port 50204 [preauth]","@timestamp":"2022-09-08T04:04:18.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:19 honeypot-fra-1 sshd[22512]: Received disconnect from 178.12.151.228 port 50352:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:19.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:19 honeypot-fra-1 sshd[22516]: Received disconnect from 178.12.151.228 port 50392:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:19.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:20 honeypot-fra-1 sshd[22520]: Received disconnect from 178.12.151.228 port 50428:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:20.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:20 honeypot-fra-1 sshd[22524]: Received disconnect from 178.12.151.228 port 50454:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:20.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:21 honeypot-fra-1 sshd[22528]: Received disconnect from 178.12.151.228 port 50496:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:21.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:22 honeypot-fra-1 sshd[22532]: Received disconnect from 178.12.151.228 port 50556:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:22.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:22 honeypot-fra-1 sshd[22538]: Invalid user pi from 178.12.151.228 port 50598","@timestamp":"2022-09-08T04:04:23.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:23 honeypot-fra-1 sshd[22542]: Invalid user user from 178.12.151.228 port 50622","@timestamp":"2022-09-08T04:04:23.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:24 honeypot-fra-1 sshd[22546]: Invalid user mine from 178.12.151.228 port 50642","@timestamp":"2022-09-08T04:04:24.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:24 honeypot-fra-1 sshd[22550]: Invalid user xbmc from 178.12.151.228 port 50674","@timestamp":"2022-09-08T04:04:24.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:25 honeypot-fra-1 sshd[22554]: Invalid user oracle from 178.12.151.228 port 50704","@timestamp":"2022-09-08T04:04:25.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:25 honeypot-fra-1 sshd[22558]: Invalid user postgres from 178.12.151.228 port 50746","@timestamp":"2022-09-08T04:04:26.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:26 honeypot-fra-1 sshd[22562]: Invalid user support from 178.12.151.228 port 50774","@timestamp":"2022-09-08T04:04:26.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:27 honeypot-fra-1 sshd[22566]: Invalid user ubuntu from 178.12.151.228 port 50814","@timestamp":"2022-09-08T04:04:27.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:27 honeypot-fra-1 sshd[22570]: Invalid user ubuntu from 178.12.151.228 port 50844","@timestamp":"2022-09-08T04:04:27.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:28 honeypot-fra-1 sshd[22574]: Invalid user guest from 178.12.151.228 port 50908","@timestamp":"2022-09-08T04:04:28.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:28 honeypot-fra-1 sshd[22578]: Invalid user cirros from 178.12.151.228 port 50996","@timestamp":"2022-09-08T04:04:29.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:07:50 honeypot-fra-1 sshd[22582]: Invalid user kobayashi from 141.98.10.158 port 47732","@timestamp":"2022-09-08T04:07:51.956Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:09:15 honeypot-ams-1 sshd[32351]: Received disconnect from 157.245.122.58 port 44252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:09:16.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:10:18 honeypot-ams-1 sshd[32356]: Disconnected from authenticating user root 157.245.122.58 port 57776 [preauth]","@timestamp":"2022-09-08T04:10:19.262Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:11:26 honeypot-fra-1 sshd[22587]: Received disconnect from 165.22.45.108 port 56508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:11:27.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:11:35 honeypot-ams-1 sshd[32360]: Received disconnect from 43.132.240.51 port 44910:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:11:36.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:13:21 honeypot-ams-1 sshd[32364]: Received disconnect from 157.245.122.58 port 41928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:13:22.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:14:19 honeypot-ams-1 sshd[32367]: Disconnected from invalid user jonitwiso 157.245.122.58 port 55446 [preauth]","@timestamp":"2022-09-08T04:14:19.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:15:16 honeypot-fra-1 sshd[22591]: Disconnected from invalid user alfred 200.70.56.202 port 40792 [preauth]","@timestamp":"2022-09-08T04:15:17.124Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T04:15:18.332Z","@version":"1","message":"Sep  8 04:15:17 honeypot-sgp-1 sshd[29585]: Disconnected from authenticating user root 92.255.85.70 port 16718 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:16:05 honeypot-ams-1 sshd[32373]: Disconnected from invalid user ftp_user 177.1.213.19 port 29269 [preauth]","@timestamp":"2022-09-08T04:16:06.421Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:17:29 honeypot-ams-1 kernel: [83487237.607750] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=217.77.61.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=37300 PROTO=TCP SPT=34743 DPT=80 WINDOW=53239 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:17:29.460Z"}
{"@timestamp":"2022-09-08T04:17:46.395Z","@version":"1","message":"Sep  8 04:17:45 honeypot-sgp-1 sshd[29593]: Disconnected from authenticating user root 61.177.172.90 port 13004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:22:16 honeypot-ams-1 kernel: [83487524.420845] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.99.175.188 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=46555 DF PROTO=TCP SPT=60101 DPT=389 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:22:16.585Z"}
{"@timestamp":"2022-09-08T04:26:31.610Z","@version":"1","message":"Sep  8 04:26:31 honeypot-sgp-1 kernel: [83487309.139772] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.147.124 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=60038 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:27:47 honeypot-ams-1 sshd[32393]: Received disconnect from 92.255.85.70 port 55952:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:27:47.729Z"}
{"@timestamp":"2022-09-08T04:31:16.728Z","@version":"1","message":"Sep  8 04:31:16 honeypot-sgp-1 sshd[29606]: Received disconnect from 143.198.50.154 port 57666:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:33:49 honeypot-fra-1 sshd[22599]: Received disconnect from 165.22.45.108 port 33088:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:33:50.523Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:35:22 honeypot-ams-1 sshd[32397]: Connection closed by authenticating user root 103.188.176.251 port 53366 [preauth]","@timestamp":"2022-09-08T04:35:22.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:35:22 honeypot-fra-1 sshd[22603]: Disconnected from authenticating user root 92.255.85.69 port 52594 [preauth]","@timestamp":"2022-09-08T04:35:23.558Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T04:36:48.867Z","@version":"1","message":"Sep  8 04:36:48 honeypot-sgp-1 sshd[29610]: Did not receive identification string from 45.61.187.160 port 47234","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:37:26.886Z","@version":"1","message":"Sep  8 04:37:26 honeypot-sgp-1 sshd[29613]: Disconnected from invalid user user 45.61.187.160 port 45756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:37:50.898Z","@version":"1","message":"Sep  8 04:37:50 honeypot-sgp-1 sshd[29618]: Disconnected from invalid user user 45.61.187.160 port 41170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:38:08.907Z","@version":"1","message":"Sep  8 04:38:08 honeypot-sgp-1 sshd[29622]: Disconnected from invalid user user 45.61.187.160 port 36564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:41:44 honeypot-fra-1 sshd[22611]: Invalid user user from 45.61.186.169 port 44590","@timestamp":"2022-09-08T04:41:45.698Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:42:02 honeypot-fra-1 sshd[22615]: Invalid user user from 45.61.186.169 port 39704","@timestamp":"2022-09-08T04:42:02.705Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:42:19 honeypot-fra-1 sshd[22619]: Invalid user user from 45.61.186.169 port 34814","@timestamp":"2022-09-08T04:42:19.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:42:53 honeypot-ams-1 kernel: [83488761.847158] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.135.32.50 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=50254 PROTO=TCP SPT=61008 DPT=443 WINDOW=9344 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:42:54.120Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:44:33 honeypot-fra-1 sshd[22623]: Invalid user carlo from 128.199.28.158 port 43396","@timestamp":"2022-09-08T04:44:33.763Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T04:50:23.202Z","@version":"1","message":"Sep  8 04:50:22 honeypot-sgp-1 sshd[29630]: Received disconnect from 61.177.173.52 port 40627:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:51:08 honeypot-ams-1 sshd[32429]: Disconnected from authenticating user root 92.255.85.69 port 44930 [preauth]","@timestamp":"2022-09-08T04:51:08.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:56:15 honeypot-fra-1 sshd[22631]: Invalid user jira from 165.22.45.108 port 37898","@timestamp":"2022-09-08T04:56:16.018Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:58:47 honeypot-ams-1 sshd[32436]: Received disconnect from 61.177.173.53 port 36515:11:  [preauth]","@timestamp":"2022-09-08T04:58:47.530Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:01:36 honeypot-fra-1 kernel: [83487737.952109] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=4892 PROTO=TCP SPT=61002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:01:37.136Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T05:04:03.527Z","@version":"1","message":"Sep  8 05:04:03 honeypot-sgp-1 sshd[29639]: Connection closed by authenticating user root 103.188.176.251 port 47048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:09:40 honeypot-fra-1 sshd[22639]: Disconnected from invalid user ftpuser 67.222.147.161 port 37820 [preauth]","@timestamp":"2022-09-08T05:09:41.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:12:40 honeypot-fra-1 sshd[22646]: Received disconnect from 198.98.61.9 port 58658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:12:41.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:12:56 honeypot-fra-1 sshd[22650]: Received disconnect from 198.98.61.9 port 53522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:12:56.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:13:04 honeypot-ams-1 sshd[32443]: Invalid user Admin from 223.197.142.137 port 52004","@timestamp":"2022-09-08T05:13:04.899Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:13:11 honeypot-fra-1 sshd[22654]: Received disconnect from 198.98.61.9 port 48378:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:13:12.389Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:13:40.756Z","@version":"1","message":"Sep  8 05:13:40 honeypot-sgp-1 sshd[29648]: Invalid user Admin from 220.247.242.85 port 57072","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 05:13:50 honeypot-ams-1 kernel: [83490618.441378] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29886 DF PROTO=TCP SPT=38205 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:13:50.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:14:09 honeypot-fra-1 sshd[22658]: Disconnected from authenticating user root 43.154.212.241 port 40154 [preauth]","@timestamp":"2022-09-08T05:14:10.411Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:16:59.837Z","@version":"1","message":"Sep  8 05:16:59 honeypot-sgp-1 sshd[29653]: Invalid user user from 45.61.186.49 port 47404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:17:04.841Z","@version":"1","message":"Sep  8 05:17:03 honeypot-sgp-1 sshd[29658]: Received disconnect from 45.61.186.49 port 53392:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:17:35.854Z","@version":"1","message":"Sep  8 05:17:34 honeypot-sgp-1 sshd[29662]: Disconnected from authenticating user root 61.177.173.36 port 38325 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:18:27 honeypot-fra-1 sshd[22666]: Received disconnect from 165.22.45.108 port 42704:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:18:27.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:19:06 honeypot-ams-1 sshd[32454]: Received disconnect from 45.61.188.177 port 52106:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:19:07.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:19:28 honeypot-ams-1 sshd[32458]: Received disconnect from 45.61.188.177 port 48744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:19:29.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:19:44 honeypot-ams-1 sshd[32462]: Disconnected from authenticating user root 61.177.173.51 port 34621 [preauth]","@timestamp":"2022-09-08T05:19:45.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:20:00 honeypot-ams-1 sshd[32466]: Disconnected from invalid user user 45.61.188.177 port 57820 [preauth]","@timestamp":"2022-09-08T05:20:01.088Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:21:55 honeypot-fra-1 sshd[22670]: Received disconnect from 143.198.123.124 port 59628:11: Bye Bye [preauth]","@timestamp":"2022-09-08T05:21:56.596Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:23:44.022Z","@version":"1","message":"Sep  8 05:23:43 honeypot-sgp-1 kernel: [83490740.923202] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34104 PROTO=TCP SPT=54418 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:28:06 honeypot-fra-1 kernel: [83489327.849215] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38309 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:28:07.732Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 05:28:24 honeypot-ams-1 kernel: [83491492.314901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46713 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:28:24.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:31:38 honeypot-ams-1 sshd[32479]: Received disconnect from 61.177.172.108 port 63362:11:  [preauth]","@timestamp":"2022-09-08T05:31:39.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:32:50 honeypot-ams-1 sshd[32485]: Invalid user user from 45.61.187.160 port 37484","@timestamp":"2022-09-08T05:32:50.424Z"}
{"@timestamp":"2022-09-08T05:32:58.254Z","@version":"1","message":"Sep  8 05:32:57 honeypot-sgp-1 sshd[29672]: Received disconnect from 61.177.173.36 port 22793:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:32:59 honeypot-ams-1 sshd[32489]: Disconnected from invalid user user 45.61.187.160 port 49196 [preauth]","@timestamp":"2022-09-08T05:33:00.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:33:17 honeypot-ams-1 sshd[32494]: Disconnected from invalid user user 45.61.187.160 port 44384 [preauth]","@timestamp":"2022-09-08T05:33:18.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:33:35 honeypot-ams-1 sshd[32499]: Received disconnect from 45.61.187.160 port 39570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:33:35.450Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:39:17 honeypot-fra-1 kernel: [83489998.163611] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=7583 PROTO=TCP SPT=42633 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:39:17.973Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T05:40:26.439Z","@version":"1","message":"Sep  8 05:40:25 honeypot-sgp-1 sshd[29678]: Bad protocol version identification 'GET / HTTP/1.1' from 134.122.112.12 port 41046","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:48.493Z","@version":"1","message":"Sep  8 05:41:48 honeypot-sgp-1 sshd[29684]: Invalid user user from 141.255.162.226 port 51710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:51.495Z","@version":"1","message":"Sep  8 05:41:50 honeypot-sgp-1 sshd[29688]: Invalid user user from 141.255.162.226 port 45498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:52.496Z","@version":"1","message":"Sep  8 05:41:52 honeypot-sgp-1 sshd[29692]: Invalid user user from 141.255.162.226 port 44378","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:43:02.524Z","@version":"1","message":"Sep  8 05:43:01 honeypot-sgp-1 sshd[29696]: Invalid user wagholi from 107.173.156.9 port 55530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:43:59 honeypot-fra-1 kernel: [83490280.024546] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37054 PROTO=TCP SPT=55666 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:44:00.076Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T05:46:38.612Z","@version":"1","message":"Sep  8 05:46:37 honeypot-sgp-1 kernel: [83492115.528371] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54340 PROTO=TCP SPT=55666 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:47:36.638Z","@version":"1","message":"Sep  8 05:47:35 honeypot-sgp-1 sshd[29707]: Received disconnect from 43.154.172.57 port 37732:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:50:27.708Z","@version":"1","message":"Sep  8 05:50:27 honeypot-sgp-1 sshd[29713]: Disconnected from authenticating user root 112.23.2.254 port 48356 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:51:40 honeypot-ams-1 sshd[32512]: Connection closed by 180.76.173.237 port 36312 [preauth]","@timestamp":"2022-09-08T05:51:40.909Z"}
{"@timestamp":"2022-09-08T05:56:37.859Z","@version":"1","message":"Sep  8 05:56:37 honeypot-sgp-1 kernel: [83492714.980903] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.190.135 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=40110 PROTO=TCP SPT=20000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:00:29 honeypot-ams-1 sshd[32520]: Disconnected from authenticating user root 92.255.85.69 port 18182 [preauth]","@timestamp":"2022-09-08T06:00:30.135Z"}
{"@timestamp":"2022-09-08T06:01:06.968Z","@version":"1","message":"Sep  8 06:01:06 honeypot-sgp-1 sshd[29725]: Disconnected from authenticating user root 61.177.173.52 port 43732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:02:06 honeypot-fra-1 kernel: [83491367.747503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.135.123.64 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=58834 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:02:07.458Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:03:05 honeypot-ams-1 sshd[32529]: Connection closed by invalid user pi 158.248.51.169 port 39018 [preauth]","@timestamp":"2022-09-08T06:03:06.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:05:53 honeypot-ams-1 sshd[32537]: Received disconnect from 61.177.172.98 port 53322:11:  [preauth]","@timestamp":"2022-09-08T06:05:53.279Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:05:58 honeypot-fra-1 sshd[22690]: Invalid user ibe from 51.77.194.125 port 39738","@timestamp":"2022-09-08T06:05:59.548Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:06:13.096Z","@version":"1","message":"Sep  8 06:06:12 honeypot-sgp-1 kernel: [83493289.899468] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=11265 PROTO=TCP SPT=50049 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:43 honeypot-ams-1 sshd[32542]: Invalid user user from 141.255.162.226 port 40752","@timestamp":"2022-09-08T06:06:44.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:46 honeypot-ams-1 sshd[32546]: Invalid user user from 141.255.162.226 port 55078","@timestamp":"2022-09-08T06:06:47.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:49 honeypot-ams-1 sshd[32550]: Invalid user user from 141.255.162.226 port 41180","@timestamp":"2022-09-08T06:06:50.307Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:30 honeypot-ams-1 sshd[32553]: Disconnected from invalid user user 141.255.162.226 port 48544 [preauth]","@timestamp":"2022-09-08T06:07:31.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:32 honeypot-ams-1 sshd[32557]: Received disconnect from 141.255.162.226 port 35244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T06:07:32.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:34 honeypot-ams-1 sshd[32561]: Disconnected from invalid user user 141.255.162.226 port 50184 [preauth]","@timestamp":"2022-09-08T06:07:34.330Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:07:39 honeypot-fra-1 sshd[22694]: Received disconnect from 204.48.30.72 port 53216:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:07:40.587Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:08:07 honeypot-ams-1 kernel: [83493875.960093] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.112.27.132 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=249 ID=49396 DF PROTO=TCP SPT=33283 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:08:08.347Z"}
{"@timestamp":"2022-09-08T06:11:58.239Z","@version":"1","message":"Sep  8 06:11:57 honeypot-sgp-1 sshd[29741]: Received disconnect from 92.255.85.70 port 40152:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:31 honeypot-fra-1 sshd[23132]: Invalid user teamspeak from 129.226.39.43 port 55631","@timestamp":"2022-09-08T06:15:31.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:31 honeypot-fra-1 sshd[23137]: Invalid user hduser from 129.226.39.43 port 55643","@timestamp":"2022-09-08T06:15:32.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:32 honeypot-fra-1 sshd[23145]: Invalid user elastic from 129.226.39.43 port 55749","@timestamp":"2022-09-08T06:15:33.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:33 honeypot-fra-1 sshd[23145]: Connection closed by invalid user elastic 129.226.39.43 port 55749 [preauth]","@timestamp":"2022-09-08T06:15:33.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:34 honeypot-fra-1 sshd[23157]: Connection closed by invalid user oracle 129.226.39.43 port 55733 [preauth]","@timestamp":"2022-09-08T06:15:35.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:16:19 honeypot-fra-1 sshd[23161]: Invalid user Admin from 93.160.80.7 port 43722","@timestamp":"2022-09-08T06:16:20.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:17:01 honeypot-ams-1 CRON[32571]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T06:17:01.603Z"}
{"@timestamp":"2022-09-08T06:17:06.368Z","@version":"1","message":"Sep  8 06:17:05 honeypot-sgp-1 sshd[29750]: Received disconnect from 45.61.186.169 port 51402:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:24.378Z","@version":"1","message":"Sep  8 06:17:23 honeypot-sgp-1 sshd[29754]: Received disconnect from 45.61.186.169 port 46926:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:41.387Z","@version":"1","message":"Sep  8 06:17:41 honeypot-sgp-1 sshd[29758]: Received disconnect from 45.61.186.169 port 42442:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:50.391Z","@version":"1","message":"Sep  8 06:17:49 honeypot-sgp-1 sshd[29760]: Disconnected from invalid user user 45.61.186.169 port 54314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:20:41.463Z","@version":"1","message":"Sep  8 06:20:40 honeypot-sgp-1 sshd[29768]: Received disconnect from 61.177.172.98 port 24133:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:21:15 honeypot-fra-1 sshd[23168]: Disconnected from invalid user corinna 118.34.14.126 port 40086 [preauth]","@timestamp":"2022-09-08T06:21:15.887Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:23:53.544Z","@version":"1","message":"Sep  8 06:23:52 honeypot-sgp-1 kernel: [83494350.170575] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=28090 PROTO=TCP SPT=57958 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:25:01 honeypot-ams-1 CRON[318]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T06:25:01.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:25:06 honeypot-fra-1 sshd[23307]: Disconnected from invalid user jira 165.22.45.108 port 57116 [preauth]","@timestamp":"2022-09-08T06:25:06.973Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:31:24 honeypot-ams-1 sshd[495]: Received disconnect from 35.247.220.198 port 46742:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:31:24.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:31:57 honeypot-fra-1 sshd[23414]: Disconnected from authenticating user root 92.255.85.70 port 15958 [preauth]","@timestamp":"2022-09-08T06:31:58.125Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:32:13.752Z","@version":"1","message":"Sep  8 06:32:12 honeypot-sgp-1 sshd[29917]: Connection reset by authenticating user root 61.177.173.51 port 61929 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:37:10 honeypot-ams-1 sshd[504]: Received disconnect from 188.166.183.200 port 58564:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:37:10.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:39:18 honeypot-ams-1 sshd[510]: Disconnected from authenticating user root 61.177.172.104 port 31120 [preauth]","@timestamp":"2022-09-08T06:39:19.182Z"}
{"@timestamp":"2022-09-08T06:40:38.996Z","@version":"1","message":"Sep  8 06:40:38 honeypot-sgp-1 sshd[29925]: error: maximum authentication attempts exceeded for invalid user admin from 210.207.186.120 port 63714 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:06.105Z","@version":"1","message":"Sep  8 06:45:05 honeypot-sgp-1 sshd[29930]: Received disconnect from 45.61.187.160 port 50132:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:24.115Z","@version":"1","message":"Sep  8 06:45:24 honeypot-sgp-1 sshd[29934]: Received disconnect from 45.61.187.160 port 45180:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:41.123Z","@version":"1","message":"Sep  8 06:45:40 honeypot-sgp-1 sshd[29939]: Invalid user user from 45.61.187.160 port 40228","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:57.130Z","@version":"1","message":"Sep  8 06:45:56 honeypot-sgp-1 sshd[29943]: Invalid user user from 45.61.187.160 port 35278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:47:20 honeypot-fra-1 sshd[23418]: Disconnected from invalid user jira 165.22.45.108 port 33690 [preauth]","@timestamp":"2022-09-08T06:47:20.453Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:49:37 honeypot-ams-1 kernel: [83496365.497297] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.5 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58665 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:49:37.444Z"}
{"@timestamp":"2022-09-08T06:52:14.282Z","@version":"1","message":"Sep  8 06:52:13 honeypot-sgp-1 kernel: [83496051.316049] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.99 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=32851 PROTO=TCP SPT=27247 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:55:43.368Z","@version":"1","message":"Sep  8 06:55:43 honeypot-sgp-1 sshd[30051]: Received disconnect from 157.245.122.58 port 34306:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:56:55.399Z","@version":"1","message":"Sep  8 06:56:54 honeypot-sgp-1 sshd[30056]: Disconnected from 61.177.172.90 port 30969 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:57:36.419Z","@version":"1","message":"Sep  8 06:57:35 honeypot-sgp-1 sshd[30062]: Invalid user tenancy from 157.245.122.58 port 33136","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:57:55.428Z","@version":"1","message":"Sep  8 06:57:55 honeypot-sgp-1 sshd[30066]: Received disconnect from 118.163.170.24 port 37554:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:59:17.465Z","@version":"1","message":"Sep  8 06:59:17 honeypot-sgp-1 sshd[30070]: Invalid user jonitwiso from 157.245.122.58 port 60214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:00:01 honeypot-fra-1 kernel: [83494842.116920] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=42467 PROTO=TCP SPT=40321 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:00:01.728Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T07:00:08.490Z","@version":"1","message":"Sep  8 07:00:07 honeypot-sgp-1 sshd[30076]: Received disconnect from 157.245.122.58 port 45522:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 07:00:14 honeypot-ams-1 kernel: [83497002.325204] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40083 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:00:14.716Z"}
{"@timestamp":"2022-09-08T07:01:50.534Z","@version":"1","message":"Sep  8 07:01:50 honeypot-sgp-1 sshd[30082]: Disconnected from authenticating user root 111.93.191.170 port 22281 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T07:05:07.615Z","@version":"1","message":"Sep  8 07:05:07 honeypot-sgp-1 sshd[30084]: Connection closed by invalid user pi 158.248.51.169 port 40448 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:05:20 honeypot-fra-1 sshd[23431]: Received disconnect from 81.16.11.250 port 59462:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:05:20.845Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:08:47 honeypot-ams-1 sshd[528]: Received disconnect from 79.110.62.205 port 34598:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:08:47.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:09:10 honeypot-fra-1 sshd[23433]: Disconnected from invalid user jira 165.22.45.108 port 38472 [preauth]","@timestamp":"2022-09-08T07:09:10.931Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:13 honeypot-ams-1 sshd[537]: Invalid user user from 45.61.186.169 port 36684","@timestamp":"2022-09-08T07:13:14.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:29 honeypot-ams-1 sshd[541]: Connection closed by authenticating user root 103.188.176.251 port 57978 [preauth]","@timestamp":"2022-09-08T07:13:29.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:38 honeypot-ams-1 sshd[545]: Disconnected from invalid user user 45.61.186.169 port 42626 [preauth]","@timestamp":"2022-09-08T07:13:39.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:54 honeypot-ams-1 sshd[549]: Disconnected from invalid user user 45.61.186.169 port 37188 [preauth]","@timestamp":"2022-09-08T07:13:55.075Z"}
{"@timestamp":"2022-09-08T07:14:23.837Z","@version":"1","message":"Sep  8 07:14:23 honeypot-sgp-1 sshd[30092]: Received disconnect from 101.231.146.34 port 60867:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T07:16:48.900Z","@version":"1","message":"Sep  8 07:16:48 honeypot-sgp-1 sshd[30099]: Received disconnect from 80.39.22.192 port 40228:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:17:01 honeypot-ams-1 CRON[555]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T07:17:02.155Z"}
{"@timestamp":"2022-09-08T07:17:41.941Z","@version":"1","message":"Sep  8 07:17:41 honeypot-sgp-1 sshd[30106]: Disconnected from invalid user milan 43.154.66.195 port 53254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:18:06 honeypot-fra-1 sshd[23441]: Connection closed by authenticating user root 103.188.176.251 port 60568 [preauth]","@timestamp":"2022-09-08T07:18:07.123Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T07:21:08.031Z","@version":"1","message":"Sep  8 07:21:07 honeypot-sgp-1 sshd[30113]: Invalid user marcelo from 2.115.171.85 port 53958","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:22:37 honeypot-fra-1 kernel: [83496198.167985] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.17.105.85 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=61313 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:22:38.223Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T07:27:32.183Z","@version":"1","message":"Sep  8 07:27:31 honeypot-sgp-1 sshd[30118]: Disconnected from authenticating user root 61.177.173.46 port 31740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:29:38 honeypot-ams-1 sshd[568]: Invalid user Admin from 186.215.234.129 port 41773","@timestamp":"2022-09-08T07:29:39.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:31:31 honeypot-fra-1 sshd[23451]: Received disconnect from 165.22.45.108 port 43258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T07:31:32.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:33:33 honeypot-ams-1 sshd[572]: Disconnected from authenticating user root 92.255.85.69 port 20286 [preauth]","@timestamp":"2022-09-08T07:33:33.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:36:26 honeypot-ams-1 sshd[581]: Invalid user cliente from 64.227.134.154 port 39462","@timestamp":"2022-09-08T07:36:26.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:38:36 honeypot-fra-1 kernel: [83497156.915672] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=13452 PROTO=TCP SPT=42796 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:38:36.572Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:39:53 honeypot-ams-1 sshd[587]: Disconnected from authenticating user root 165.227.204.174 port 53470 [preauth]","@timestamp":"2022-09-08T07:39:53.757Z"}
{"@timestamp":"2022-09-08T07:42:22.536Z","@version":"1","message":"Sep  8 07:42:22 honeypot-sgp-1 sshd[30125]: Connection closed by invalid user user1 103.188.176.251 port 38410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:43:10 honeypot-fra-1 sshd[23462]: Received disconnect from 198.12.114.231 port 38722:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:43:11.673Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:45:40 honeypot-ams-1 sshd[594]: Connection closed by 180.76.173.237 port 53082 [preauth]","@timestamp":"2022-09-08T07:45:40.914Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:52:00 honeypot-fra-1 sshd[23467]: Disconnected from invalid user connor 163.53.91.102 port 37462 [preauth]","@timestamp":"2022-09-08T07:52:00.863Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T07:53:24.798Z","@version":"1","message":"Sep  8 07:53:24 honeypot-sgp-1 kernel: [83499721.865871] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=63721 PROTO=TCP SPT=43414 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:56:19 honeypot-ams-1 sshd[602]: Disconnected from authenticating user root 92.255.85.70 port 29926 [preauth]","@timestamp":"2022-09-08T07:56:20.198Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:58:57 honeypot-fra-1 sshd[23472]: Received disconnect from 134.17.17.32 port 35736:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:58:58.016Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:00:05.989Z","@version":"1","message":"Sep  8 08:00:05 honeypot-sgp-1 kernel: [83500122.741924] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.183.176.149 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=56886 PROTO=TCP SPT=18751 DPT=80 WINDOW=27680 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:04:38 honeypot-ams-1 sshd[613]: Bad protocol version identification 'ABCDEFGHIJKLMNOPQRSTUVWXYZ9999' from 172.104.131.24 port 48032","@timestamp":"2022-09-08T08:04:39.418Z"}
{"@timestamp":"2022-09-08T08:06:58.156Z","@version":"1","message":"Sep  8 08:06:57 honeypot-sgp-1 sshd[30146]: Disconnected from 68.183.141.33 port 42722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:10:37 honeypot-fra-1 sshd[23499]: Did not receive identification string from 20.127.48.140 port 50974","@timestamp":"2022-09-08T08:10:37.294Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:13:39 honeypot-ams-1 sshd[620]: Disconnected from authenticating user root 61.177.173.35 port 48042 [preauth]","@timestamp":"2022-09-08T08:13:39.656Z"}
{"@timestamp":"2022-09-08T08:15:04.356Z","@version":"1","message":"Sep  8 08:15:03 honeypot-sgp-1 kernel: [83501020.942766] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=87.246.7.198 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=57096 PROTO=TCP SPT=48828 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:15:41 honeypot-fra-1 sshd[23505]: Received disconnect from 64.227.105.120 port 47344:11: Bye Bye [preauth]","@timestamp":"2022-09-08T08:15:42.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:16:27 honeypot-fra-1 kernel: [83499428.436054] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.144.193 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=60855 DF PROTO=TCP SPT=1536 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:16:28.427Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:17:36 honeypot-ams-1 sshd[630]: Invalid user magic from 61.2.241.214 port 38616","@timestamp":"2022-09-08T08:17:36.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:18:39 honeypot-ams-1 sshd[633]: Disconnected from invalid user user 45.61.187.160 port 50042 [preauth]","@timestamp":"2022-09-08T08:18:39.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:18:56 honeypot-ams-1 sshd[637]: Disconnected from invalid user user 45.61.187.160 port 44938 [preauth]","@timestamp":"2022-09-08T08:18:56.808Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:11 honeypot-fra-1 sshd[23514]: Received disconnect from 198.98.61.9 port 41426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:19:12.490Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:19:12 honeypot-ams-1 sshd[641]: Disconnected from invalid user user 45.61.187.160 port 39830 [preauth]","@timestamp":"2022-09-08T08:19:12.817Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:19 honeypot-fra-1 sshd[23518]: Received disconnect from 198.98.61.9 port 52642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:19:20.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:19:23 honeypot-ams-1 sshd[647]: Received disconnect from 92.255.85.70 port 43530:11: Bye Bye [preauth]","@timestamp":"2022-09-08T08:19:23.822Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:35 honeypot-fra-1 sshd[23522]: Received disconnect from 198.98.61.9 port 46842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:19:36.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:50 honeypot-fra-1 sshd[23526]: Received disconnect from 198.98.61.9 port 41044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:19:50.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:20:01.478Z","@version":"1","message":"Sep  8 08:20:00 honeypot-sgp-1 sshd[30183]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.210.196 port 48282","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:21:28 honeypot-ams-1 sshd[652]: Disconnected from authenticating user root 61.177.173.50 port 62960 [preauth]","@timestamp":"2022-09-08T08:21:29.880Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:21:32 honeypot-fra-1 sshd[23533]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.220.10 port 36136","@timestamp":"2022-09-08T08:21:32.549Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:25:22.608Z","@version":"1","message":"Sep  8 08:25:21 honeypot-sgp-1 sshd[30189]: Disconnected from authenticating user root 61.177.173.36 port 27912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 08:30:47 honeypot-ams-1 kernel: [83502435.300971] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31752 PROTO=TCP SPT=45804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:30:48.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:33:01 honeypot-fra-1 sshd[23538]: Connection closed by invalid user Admin 199.241.169.128 port 59268 [preauth]","@timestamp":"2022-09-08T08:33:02.803Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:34:48 honeypot-ams-1 sshd[682]: Disconnected from invalid user user 198.98.61.9 port 38448 [preauth]","@timestamp":"2022-09-08T08:34:49.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:05 honeypot-ams-1 sshd[686]: Disconnected from invalid user user 198.98.61.9 port 60818 [preauth]","@timestamp":"2022-09-08T08:35:05.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:21 honeypot-ams-1 sshd[690]: Disconnected from invalid user user 198.98.61.9 port 54850 [preauth]","@timestamp":"2022-09-08T08:35:22.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:36 honeypot-ams-1 sshd[694]: Disconnected from invalid user user 198.98.61.9 port 48910 [preauth]","@timestamp":"2022-09-08T08:35:36.261Z"}
{"@timestamp":"2022-09-08T08:36:40.883Z","@version":"1","message":"Sep  8 08:36:40 honeypot-sgp-1 sshd[30199]: Invalid user oracle from 206.189.145.158 port 44684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:40:37 honeypot-fra-1 sshd[23543]: Received disconnect from 159.65.2.58 port 50142:11: Bye Bye [preauth]","@timestamp":"2022-09-08T08:40:37.972Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:41:27.000Z","@version":"1","message":"Sep  8 08:41:26 honeypot-sgp-1 sshd[30203]: Received disconnect from 103.246.240.30 port 37708:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T08:42:54.038Z","@version":"1","message":"Sep  8 08:42:53 honeypot-sgp-1 kernel: [83502691.248537] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.111 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48095 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:43:58 honeypot-ams-1 sshd[704]: Disconnected from authenticating user root 92.255.85.70 port 62708 [preauth]","@timestamp":"2022-09-08T08:43:59.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:45:59 honeypot-fra-1 kernel: [83501200.445258] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.207.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49334 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:46:00.093Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 08:54:05 honeypot-ams-1 kernel: [83503834.018417] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.195.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42012 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:54:06.758Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:18 honeypot-fra-1 sshd[23569]: Invalid user user from 198.98.61.9 port 39230","@timestamp":"2022-09-08T08:57:19.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:33 honeypot-fra-1 sshd[23571]: Disconnected from invalid user user 198.98.61.9 port 50374 [preauth]","@timestamp":"2022-09-08T08:57:34.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:47 honeypot-fra-1 sshd[23576]: Disconnected from invalid user user 198.98.61.9 port 44400 [preauth]","@timestamp":"2022-09-08T08:57:47.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:55 honeypot-fra-1 sshd[23580]: Disconnected from invalid user user 198.98.61.9 port 55536 [preauth]","@timestamp":"2022-09-08T08:57:55.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:00 honeypot-fra-1 sshd[23584]: Disconnected from invalid user user 141.255.162.226 port 37160 [preauth]","@timestamp":"2022-09-08T08:58:01.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:02 honeypot-fra-1 sshd[23588]: Disconnected from invalid user user 141.255.162.226 port 50732 [preauth]","@timestamp":"2022-09-08T08:58:02.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:11 honeypot-fra-1 sshd[23594]: Received disconnect from 198.98.61.9 port 49572:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:58:11.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:58:15.408Z","@version":"1","message":"Sep  8 08:58:14 honeypot-sgp-1 kernel: [83503612.042774] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.163.149 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=18358 PROTO=TCP SPT=43703 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:00:06 honeypot-fra-1 sshd[23601]: Invalid user user from 45.61.186.49 port 48484","@timestamp":"2022-09-08T09:00:07.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:00:15 honeypot-fra-1 sshd[23605]: Invalid user user from 45.61.186.49 port 60574","@timestamp":"2022-09-08T09:00:16.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:03:13 honeypot-ams-1 sshd[715]: Disconnected from authenticating user root 61.177.173.53 port 52425 [preauth]","@timestamp":"2022-09-08T09:03:14.003Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:03:43 honeypot-fra-1 kernel: [83502263.562993] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.167.131 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=123 ID=51071 PROTO=TCP SPT=30378 DPT=389 WINDOW=6514 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:03:43.491Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 09:06:36 honeypot-ams-1 kernel: [83504584.655008] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.98.9.237 DST=178.62.254.91 LEN=48 TOS=0x10 PREC=0x60 TTL=114 ID=8657 DF PROTO=TCP SPT=1548 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:06:37.096Z"}
{"@timestamp":"2022-09-08T09:08:09.665Z","@version":"1","message":"Sep  8 09:08:09 honeypot-sgp-1 sshd[30226]: Received disconnect from 162.243.61.162 port 40300:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:09:45 honeypot-fra-1 sshd[23616]: Received disconnect from 218.92.0.208 port 50948:11:  [preauth]","@timestamp":"2022-09-08T09:09:45.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:11:13.742Z","@version":"1","message":"Sep  8 09:11:13 honeypot-sgp-1 sshd[30230]: Invalid user norm from 38.83.78.212 port 57012","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 09:12:22 honeypot-ams-1 kernel: [83504930.472829] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.17.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=40691 PROTO=TCP SPT=20980 DPT=80 WINDOW=55109 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:12:23.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:13:24 honeypot-fra-1 sshd[23621]: Received disconnect from 92.255.85.69 port 56270:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:13:24.703Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:14:02.810Z","@version":"1","message":"Sep  8 09:14:02 honeypot-sgp-1 sshd[30237]: Received disconnect from 178.128.165.94 port 54472:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:17:01 honeypot-fra-1 CRON[23624]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T09:17:01.786Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:17:01.882Z","@version":"1","message":"Sep  8 09:17:01 honeypot-sgp-1 CRON[30247]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:19:16 honeypot-ams-1 sshd[730]: Received disconnect from 61.177.172.90 port 50004:11:  [preauth]","@timestamp":"2022-09-08T09:19:16.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:22:11 honeypot-fra-1 sshd[23630]: Invalid user jkchoi from 165.22.45.108 port 39698","@timestamp":"2022-09-08T09:22:11.906Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:22:14.007Z","@version":"1","message":"Sep  8 09:22:14 honeypot-sgp-1 sshd[30255]: Disconnected from 61.177.173.36 port 57826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 09:23:00 honeypot-ams-1 kernel: [83505568.343866] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59787 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:23:00.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:29:51 honeypot-fra-1 kernel: [83503832.259840] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.207.221 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45017 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:29:52.073Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:29:59 honeypot-ams-1 sshd[742]: Received disconnect from 92.255.85.69 port 47040:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:30:00.720Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 09:36:02 honeypot-ams-1 kernel: [83506350.089545] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54646 PROTO=TCP SPT=49697 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:36:02.881Z"}
{"@timestamp":"2022-09-08T09:36:17.344Z","@version":"1","message":"Sep  8 09:36:16 honeypot-sgp-1 sshd[30264]: Disconnected from authenticating user root 61.177.173.48 port 49831 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23664]: Invalid user steam from 20.111.24.241 port 40038","@timestamp":"2022-09-08T09:37:56.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23653]: Connection closed by invalid user guest 20.111.24.241 port 39908 [preauth]","@timestamp":"2022-09-08T09:37:56.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23661]: Invalid user admin from 20.111.24.241 port 40064","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23665]: Connection closed by invalid user oracle 20.111.24.241 port 40058 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23644]: Invalid user mysql from 20.111.24.241 port 39864","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23647]: Invalid user www from 20.111.24.241 port 39890","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23652]: Connection closed by invalid user esuser 20.111.24.241 port 39920 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23640]: Invalid user elasticsearch from 20.111.24.241 port 39938","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:56 honeypot-fra-1 sshd[23639]: Connection closed by invalid user ftpuser 20.111.24.241 port 39922 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:41:23 honeypot-fra-1 kernel: [83504524.327618] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=14345 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:41:24.327Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:44:21 honeypot-fra-1 sshd[23700]: Received disconnect from 159.65.220.18 port 48496:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:44:21.394Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:45:42.567Z","@version":"1","message":"Sep  8 09:45:42 honeypot-sgp-1 kernel: [83506459.517806] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.95.197 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41777 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:46:35 honeypot-ams-1 sshd[835]: Connection closed by invalid user Admin 172.91.16.82 port 53776 [preauth]","@timestamp":"2022-09-08T09:46:36.158Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:49:27 honeypot-fra-1 kernel: [83505008.071333] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=24453 PROTO=TCP SPT=50390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:49:28.508Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T09:50:33.685Z","@version":"1","message":"Sep  8 09:50:33 honeypot-sgp-1 kernel: [83506750.553426] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.120.122.29 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=104 ID=4036 DF PROTO=TCP SPT=56328 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:52:46 honeypot-ams-1 sshd[842]: Disconnected from authenticating user root 92.255.85.70 port 44354 [preauth]","@timestamp":"2022-09-08T09:52:46.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:00:33 honeypot-fra-1 sshd[23709]: Disconnected from 79.110.62.213 port 50874 [preauth]","@timestamp":"2022-09-08T10:00:33.748Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 10:00:37 honeypot-ams-1 kernel: [83507825.571169] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.130 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=56306 PROTO=TCP SPT=39338 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:00:37.552Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:01:00 honeypot-fra-1 sshd[23714]: Disconnected from invalid user allan 104.236.91.72 port 46942 [preauth]","@timestamp":"2022-09-08T10:01:00.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:04:23 honeypot-fra-1 sshd[23718]: Disconnected from invalid user river 139.59.70.64 port 38440 [preauth]","@timestamp":"2022-09-08T10:04:23.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:08:06.145Z","@version":"1","message":"Sep  8 10:08:05 honeypot-sgp-1 sshd[30285]: Invalid user user from 141.255.162.226 port 40962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:08:09.148Z","@version":"1","message":"Sep  8 10:08:08 honeypot-sgp-1 sshd[30289]: Invalid user user from 141.255.162.226 port 34196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:08:14.150Z","@version":"1","message":"Sep  8 10:08:13 honeypot-sgp-1 sshd[30293]: Invalid user user from 141.255.162.226 port 48116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:09:53 honeypot-ams-1 sshd[861]: Disconnected from invalid user nadezhda 185.149.120.61 port 36652 [preauth]","@timestamp":"2022-09-08T10:09:53.791Z"}
{"@timestamp":"2022-09-08T10:12:46.262Z","@version":"1","message":"Sep  8 10:12:45 honeypot-sgp-1 sshd[30300]: Invalid user wayne from 213.27.189.252 port 38506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:12:59.268Z","@version":"1","message":"Sep  8 10:12:58 honeypot-sgp-1 sshd[30304]: Invalid user user from 45.61.186.249 port 43332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:13:04 honeypot-fra-1 sshd[23724]: Did not receive identification string from 36.134.68.138 port 42264","@timestamp":"2022-09-08T10:13:05.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:13:19.278Z","@version":"1","message":"Sep  8 10:13:18 honeypot-sgp-1 sshd[30308]: Invalid user user from 45.61.186.249 port 38558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:13:33.285Z","@version":"1","message":"Sep  8 10:13:32 honeypot-sgp-1 sshd[30312]: Received disconnect from 139.59.121.221 port 47330:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:13:48.293Z","@version":"1","message":"Sep  8 10:13:48 honeypot-sgp-1 sshd[30316]: Received disconnect from 45.61.186.249 port 45510:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:18:08.398Z","@version":"1","message":"Sep  8 10:18:07 honeypot-sgp-1 sshd[30324]: Received disconnect from 165.227.175.44 port 45266:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:19:51 honeypot-fra-1 kernel: [83506831.454449] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.8.18.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=18114 PROTO=TCP SPT=51479 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:19:51.169Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 10:20:36 honeypot-ams-1 kernel: [83509024.432171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=23855 PROTO=TCP SPT=10019 DPT=80 WINDOW=65507 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:20:37.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:19 honeypot-ams-1 sshd[873]: Received disconnect from 198.98.61.9 port 58914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:21:20.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:35 honeypot-ams-1 sshd[877]: Received disconnect from 198.98.61.9 port 53366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:21:36.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:50 honeypot-ams-1 sshd[882]: Received disconnect from 198.98.61.9 port 47826:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:21:51.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:23:33 honeypot-ams-1 sshd[886]: Disconnected from authenticating user root 167.172.246.83 port 39338 [preauth]","@timestamp":"2022-09-08T10:23:34.163Z"}
{"@timestamp":"2022-09-08T10:23:39.534Z","@version":"1","message":"Sep  8 10:23:38 honeypot-sgp-1 kernel: [83508736.121729] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.197.205.241 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39979 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:25:16 honeypot-fra-1 kernel: [83507156.373420] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.12.17 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15431 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:25:16.288Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:29:46 honeypot-fra-1 sshd[23742]: Connection closed by invalid user test 176.111.173.140 port 56524 [preauth]","@timestamp":"2022-09-08T10:29:46.387Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:30:37 honeypot-ams-1 sshd[889]: Disconnected from 49.88.112.65 port 62573 [preauth]","@timestamp":"2022-09-08T10:30:38.347Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:37:49 honeypot-fra-1 sshd[23751]: Disconnected from authenticating user root 143.244.158.100 port 44372 [preauth]","@timestamp":"2022-09-08T10:37:50.562Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:38:43 honeypot-ams-1 sshd[895]: Did not receive identification string from 45.61.184.204 port 41282","@timestamp":"2022-09-08T10:38:43.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:00 honeypot-ams-1 sshd[898]: Received disconnect from 45.61.184.204 port 42140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:39:00.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:18 honeypot-ams-1 sshd[902]: Received disconnect from 45.61.184.204 port 36100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:39:18.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:27 honeypot-ams-1 sshd[906]: Disconnected from authenticating user root 92.255.85.70 port 27988 [preauth]","@timestamp":"2022-09-08T10:39:27.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:47 honeypot-ams-1 sshd[910]: Received disconnect from 45.61.184.204 port 41176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:39:48.595Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:40:22 honeypot-fra-1 sshd[23757]: Disconnected from authenticating user root 143.244.158.100 port 42030 [preauth]","@timestamp":"2022-09-08T10:40:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:42:01 honeypot-fra-1 sshd[23762]: Disconnected from authenticating user root 143.244.158.100 port 54182 [preauth]","@timestamp":"2022-09-08T10:42:01.712Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:42:33.979Z","@version":"1","message":"Sep  8 10:42:33 honeypot-sgp-1 sshd[30770]: Invalid user admin from 128.199.160.207 port 33532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:43:52 honeypot-fra-1 sshd[23768]: Disconnected from authenticating user root 143.244.158.100 port 58056 [preauth]","@timestamp":"2022-09-08T10:43:52.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:45:55 honeypot-ams-1 sshd[914]: Invalid user user from 45.61.186.49 port 42360","@timestamp":"2022-09-08T10:45:55.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:46:06 honeypot-ams-1 sshd[918]: Invalid user user from 45.61.186.49 port 54034","@timestamp":"2022-09-08T10:46:06.760Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:46:20 honeypot-fra-1 sshd[23775]: Disconnected from authenticating user root 143.244.158.100 port 39014 [preauth]","@timestamp":"2022-09-08T10:46:20.807Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 10:47:13 honeypot-ams-1 kernel: [83510621.927242] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=84.38.185.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=373 PROTO=TCP SPT=37999 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:47:14.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:48:01 honeypot-fra-1 sshd[23781]: Disconnected from authenticating user root 143.244.158.100 port 53134 [preauth]","@timestamp":"2022-09-08T10:48:01.846Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:48:43.124Z","@version":"1","message":"Sep  8 10:48:42 honeypot-sgp-1 sshd[30777]: Did not receive identification string from 141.255.162.226 port 60100","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:48:53.130Z","@version":"1","message":"Sep  8 10:48:52 honeypot-sgp-1 sshd[30780]: Disconnected from invalid user user 141.255.162.226 port 58248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:48:56.132Z","@version":"1","message":"Sep  8 10:48:55 honeypot-sgp-1 sshd[30783]: Disconnected from invalid user user 141.255.162.226 port 44416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:50:10 honeypot-fra-1 sshd[23787]: Invalid user Admin from 95.90.110.204 port 53634","@timestamp":"2022-09-08T10:50:10.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:10 honeypot-fra-1 sshd[23792]: Invalid user jkpre from 165.22.45.108 port 58918","@timestamp":"2022-09-08T10:51:10.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:15 honeypot-fra-1 sshd[23796]: Invalid user user from 141.255.162.226 port 46338","@timestamp":"2022-09-08T10:51:15.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:16 honeypot-fra-1 sshd[23800]: Invalid user user from 141.255.162.226 port 46578","@timestamp":"2022-09-08T10:51:16.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:18 honeypot-fra-1 sshd[23804]: Invalid user user from 141.255.162.226 port 53698","@timestamp":"2022-09-08T10:51:18.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:20 honeypot-fra-1 sshd[23806]: Received disconnect from 143.244.158.100 port 46074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:51:20.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:52:59 honeypot-fra-1 sshd[23813]: Disconnected from authenticating user root 143.244.158.100 port 37452 [preauth]","@timestamp":"2022-09-08T10:52:59.967Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:55:33 honeypot-fra-1 sshd[23819]: Disconnected from authenticating user root 143.244.158.100 port 35440 [preauth]","@timestamp":"2022-09-08T10:55:34.024Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:57:33 honeypot-fra-1 kernel: [83509094.124122] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=47150 PROTO=TCP SPT=55362 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:57:34.072Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:59:46 honeypot-fra-1 sshd[23830]: Disconnected from authenticating user root 143.244.158.100 port 55366 [preauth]","@timestamp":"2022-09-08T10:59:47.124Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:01:55 honeypot-ams-1 sshd[925]: Disconnected from authenticating user root 92.255.85.69 port 50286 [preauth]","@timestamp":"2022-09-08T11:01:56.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:02:30 honeypot-fra-1 sshd[23837]: Disconnected from authenticating user root 143.244.158.100 port 55816 [preauth]","@timestamp":"2022-09-08T11:02:30.186Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:05:09 honeypot-fra-1 sshd[23843]: Received disconnect from 143.244.158.100 port 45090:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:05:10.246Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:06:02.537Z","@version":"1","message":"Sep  8 11:06:02 honeypot-sgp-1 kernel: [83511279.383940] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=41649 PROTO=TCP SPT=54970 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:07:08 honeypot-fra-1 sshd[23849]: Received disconnect from 143.244.158.100 port 45166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:07:09.291Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:32 honeypot-ams-1 sshd[933]: Disconnected from authenticating user root 109.205.213.20 port 37582 [preauth]","@timestamp":"2022-09-08T11:09:32.358Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:09:47 honeypot-fra-1 sshd[23856]: Received disconnect from 143.244.158.100 port 36850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:09:47.365Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:55 honeypot-ams-1 sshd[939]: Received disconnect from 2.205.79.92 port 63923:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:55.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:56 honeypot-ams-1 sshd[945]: Received disconnect from 2.205.79.92 port 52415:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:56.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:56 honeypot-ams-1 sshd[951]: Received disconnect from 2.205.79.92 port 52441:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:57.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:57 honeypot-ams-1 sshd[957]: Received disconnect from 2.205.79.92 port 52457:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:58.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:58 honeypot-ams-1 sshd[963]: Received disconnect from 2.205.79.92 port 52484:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:59.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:59 honeypot-ams-1 sshd[969]: Received disconnect from 2.205.79.92 port 63950:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:00.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:00 honeypot-ams-1 sshd[975]: Received disconnect from 2.205.79.92 port 52549:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:01.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:01 honeypot-ams-1 sshd[981]: Received disconnect from 2.205.79.92 port 52574:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:01.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:02 honeypot-ams-1 sshd[987]: Received disconnect from 2.205.79.92 port 52597:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:02.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:02 honeypot-ams-1 sshd[993]: Received disconnect from 2.205.79.92 port 52624:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:03.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:03 honeypot-ams-1 sshd[999]: Invalid user admin from 2.205.79.92 port 52654","@timestamp":"2022-09-08T11:10:04.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:04 honeypot-ams-1 sshd[1003]: Invalid user admin from 2.205.79.92 port 52677","@timestamp":"2022-09-08T11:10:04.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:04 honeypot-ams-1 sshd[1007]: Invalid user admin from 2.205.79.92 port 52693","@timestamp":"2022-09-08T11:10:05.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:05 honeypot-ams-1 sshd[1011]: Invalid user admin from 2.205.79.92 port 52714","@timestamp":"2022-09-08T11:10:06.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:06 honeypot-ams-1 sshd[1015]: Invalid user admin from 2.205.79.92 port 52739","@timestamp":"2022-09-08T11:10:06.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:06 honeypot-ams-1 sshd[1021]: Invalid user user from 2.205.79.92 port 52757","@timestamp":"2022-09-08T11:10:07.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:06 honeypot-ams-1 sshd[1023]: Disconnected from authenticating user root 2.205.79.92 port 52767 [preauth]","@timestamp":"2022-09-08T11:10:07.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:07 honeypot-ams-1 sshd[1029]: Invalid user user from 2.205.79.92 port 64020","@timestamp":"2022-09-08T11:10:08.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:08 honeypot-ams-1 sshd[1033]: Invalid user mine from 2.205.79.92 port 52804","@timestamp":"2022-09-08T11:10:08.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:08 honeypot-ams-1 sshd[1037]: Invalid user volumio from 2.205.79.92 port 64026","@timestamp":"2022-09-08T11:10:09.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:09 honeypot-ams-1 sshd[1041]: Invalid user nagios from 2.205.79.92 port 52842","@timestamp":"2022-09-08T11:10:10.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:09 honeypot-ams-1 sshd[1045]: Invalid user vagrant from 2.205.79.92 port 52867","@timestamp":"2022-09-08T11:10:10.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:10 honeypot-ams-1 sshd[1049]: Invalid user debian from 2.205.79.92 port 52879","@timestamp":"2022-09-08T11:10:11.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:11 honeypot-ams-1 sshd[1053]: Invalid user debian from 2.205.79.92 port 52898","@timestamp":"2022-09-08T11:10:11.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:11 honeypot-ams-1 sshd[1057]: Invalid user alarm from 2.205.79.92 port 52911","@timestamp":"2022-09-08T11:10:12.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:12 honeypot-ams-1 sshd[1061]: Invalid user test from 2.205.79.92 port 52936","@timestamp":"2022-09-08T11:10:12.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:12 honeypot-ams-1 sshd[1065]: Invalid user cirros from 2.205.79.92 port 52954","@timestamp":"2022-09-08T11:10:13.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:40 honeypot-ams-1 sshd[1069]: Disconnected from authenticating user root 109.205.213.20 port 52444 [preauth]","@timestamp":"2022-09-08T11:10:41.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:11:33 honeypot-fra-1 sshd[23862]: Received disconnect from 143.244.158.100 port 33394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:11:33.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:13:06 honeypot-fra-1 sshd[23868]: Received disconnect from 165.22.45.108 port 35480:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:13:06.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:14:13 honeypot-fra-1 sshd[23874]: Received disconnect from 143.244.158.100 port 59546:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:14:13.468Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:15:02.754Z","@version":"1","message":"Sep  8 11:15:02 honeypot-sgp-1 sshd[30795]: Connection closed by invalid user pi 79.163.138.216 port 56530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:15:20 honeypot-ams-1 sshd[1076]: Invalid user  from 64.62.197.167 port 14894","@timestamp":"2022-09-08T11:15:20.518Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:16:49 honeypot-fra-1 sshd[23880]: Received disconnect from 143.244.158.100 port 43488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:16:49.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:17:42 honeypot-fra-1 sshd[23885]: Disconnected from authenticating user root 143.244.158.100 port 39390 [preauth]","@timestamp":"2022-09-08T11:17:43.566Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:19:57 honeypot-ams-1 sshd[1081]: Did not receive identification string from 198.98.61.9 port 57428","@timestamp":"2022-09-08T11:19:58.641Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:20:20 honeypot-fra-1 sshd[23892]: Received disconnect from 143.244.158.100 port 44278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:20:21.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:20:30 honeypot-ams-1 sshd[1085]: Disconnected from invalid user user 198.98.61.9 port 53322 [preauth]","@timestamp":"2022-09-08T11:20:30.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:20:46 honeypot-ams-1 sshd[1089]: Disconnected from invalid user user 198.98.61.9 port 47868 [preauth]","@timestamp":"2022-09-08T11:20:46.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:21:01 honeypot-ams-1 sshd[1093]: Disconnected from invalid user user 198.98.61.9 port 42424 [preauth]","@timestamp":"2022-09-08T11:21:01.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:22:10 honeypot-fra-1 sshd[23896]: Disconnected from authenticating user root 143.244.158.100 port 45028 [preauth]","@timestamp":"2022-09-08T11:22:10.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:23:01 honeypot-ams-1 sshd[1098]: Received disconnect from 143.198.79.64 port 58308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:23:01.731Z"}
{"@timestamp":"2022-09-08T11:24:20.982Z","@version":"1","message":"Sep  8 11:24:20 honeypot-sgp-1 kernel: [83512378.022352] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35791 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 11:30:49 honeypot-ams-1 kernel: [83513237.278016] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=24995 PROTO=TCP SPT=56607 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:30:49.940Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:31:08 honeypot-fra-1 sshd[23901]: Connection closed by invalid user admin 159.203.178.0 port 43180 [preauth]","@timestamp":"2022-09-08T11:31:08.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:31:10 honeypot-fra-1 sshd[23907]: Connection closed by invalid user admin 159.203.178.0 port 43204 [preauth]","@timestamp":"2022-09-08T11:31:10.867Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:33:09.193Z","@version":"1","message":"Sep  8 11:33:09 honeypot-sgp-1 sshd[30805]: Received disconnect from 128.199.177.90 port 34660:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:35:19.249Z","@version":"1","message":"Sep  8 11:35:18 honeypot-sgp-1 kernel: [83513035.798395] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.59.26.32 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=57850 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:37:34 honeypot-fra-1 kernel: [83511494.841184] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.35 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37745 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:37:35.007Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:40:35 honeypot-ams-1 sshd[1108]: Invalid user download from 38.83.78.212 port 49948","@timestamp":"2022-09-08T11:40:35.198Z"}
{"@timestamp":"2022-09-08T11:42:03.415Z","@version":"1","message":"Sep  8 11:42:03 honeypot-sgp-1 sshd[30815]: Invalid user lauren from 35.236.14.147 port 43758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 11:44:35 honeypot-ams-1 kernel: [83514062.981594] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.103.181.180 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=25963 PROTO=TCP SPT=7669 DPT=80 WINDOW=4069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:44:35.302Z"}
{"@timestamp":"2022-09-08T11:45:42.505Z","@version":"1","message":"Sep  8 11:45:42 honeypot-sgp-1 sshd[30819]: Disconnected from authenticating user root 179.224.196.91 port 10155 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:45:52.510Z","@version":"1","message":"Sep  8 11:45:51 honeypot-sgp-1 sshd[30825]: Received disconnect from 179.224.196.91 port 10158:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:01.515Z","@version":"1","message":"Sep  8 11:46:01 honeypot-sgp-1 sshd[30831]: Received disconnect from 179.224.196.91 port 10161:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:11.521Z","@version":"1","message":"Sep  8 11:46:10 honeypot-sgp-1 sshd[30837]: Received disconnect from 179.224.196.91 port 10164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:20.525Z","@version":"1","message":"Sep  8 11:46:20 honeypot-sgp-1 sshd[30843]: Received disconnect from 179.224.196.91 port 10167:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:29.530Z","@version":"1","message":"Sep  8 11:46:29 honeypot-sgp-1 sshd[30849]: Received disconnect from 179.224.196.91 port 10170:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:38.535Z","@version":"1","message":"Sep  8 11:46:38 honeypot-sgp-1 sshd[30855]: Received disconnect from 179.224.196.91 port 10173:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:48.540Z","@version":"1","message":"Sep  8 11:46:47 honeypot-sgp-1 sshd[30861]: Received disconnect from 179.224.196.91 port 10176:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:57.548Z","@version":"1","message":"Sep  8 11:46:57 honeypot-sgp-1 sshd[30867]: Received disconnect from 179.224.196.91 port 10179:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:06.552Z","@version":"1","message":"Sep  8 11:47:06 honeypot-sgp-1 sshd[30874]: Received disconnect from 179.224.196.91 port 10182:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:16.558Z","@version":"1","message":"Sep  8 11:47:15 honeypot-sgp-1 sshd[30880]: Received disconnect from 179.224.196.91 port 10185:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:25.563Z","@version":"1","message":"Sep  8 11:47:24 honeypot-sgp-1 sshd[30886]: Received disconnect from 179.224.196.91 port 10188:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:31.566Z","@version":"1","message":"Sep  8 11:47:31 honeypot-sgp-1 sshd[30890]: Disconnected from invalid user admin 179.224.196.91 port 10190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:37.569Z","@version":"1","message":"Sep  8 11:47:37 honeypot-sgp-1 sshd[30894]: Disconnected from invalid user admin 179.224.196.91 port 10192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:43.572Z","@version":"1","message":"Sep  8 11:47:43 honeypot-sgp-1 sshd[30898]: Disconnected from invalid user admin 179.224.196.91 port 10154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:50.576Z","@version":"1","message":"Sep  8 11:47:49 honeypot-sgp-1 sshd[30902]: Disconnected from invalid user admin 179.224.196.91 port 10156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:56.580Z","@version":"1","message":"Sep  8 11:47:56 honeypot-sgp-1 sshd[30906]: Disconnected from invalid user admin 179.224.196.91 port 10158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:02.584Z","@version":"1","message":"Sep  8 11:48:02 honeypot-sgp-1 sshd[30910]: Disconnected from invalid user user 179.224.196.91 port 10160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:12.590Z","@version":"1","message":"Sep  8 11:48:11 honeypot-sgp-1 sshd[30916]: Received disconnect from 179.224.196.91 port 10163:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:18.593Z","@version":"1","message":"Sep  8 11:48:18 honeypot-sgp-1 sshd[30920]: Received disconnect from 179.224.196.91 port 10165:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:24.596Z","@version":"1","message":"Sep  8 11:48:24 honeypot-sgp-1 sshd[30924]: Received disconnect from 179.224.196.91 port 10167:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:30.600Z","@version":"1","message":"Sep  8 11:48:30 honeypot-sgp-1 sshd[30928]: Received disconnect from 179.224.196.91 port 10169:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:37.603Z","@version":"1","message":"Sep  8 11:48:36 honeypot-sgp-1 sshd[30932]: Received disconnect from 179.224.196.91 port 10171:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:43.607Z","@version":"1","message":"Sep  8 11:48:42 honeypot-sgp-1 sshd[30936]: Received disconnect from 179.224.196.91 port 10173:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:49.611Z","@version":"1","message":"Sep  8 11:48:49 honeypot-sgp-1 sshd[30940]: Received disconnect from 179.224.196.91 port 10175:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:55.615Z","@version":"1","message":"Sep  8 11:48:55 honeypot-sgp-1 sshd[30944]: Received disconnect from 179.224.196.91 port 10177:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:01.617Z","@version":"1","message":"Sep  8 11:49:01 honeypot-sgp-1 sshd[30948]: Received disconnect from 179.224.196.91 port 10179:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:07.620Z","@version":"1","message":"Sep  8 11:49:07 honeypot-sgp-1 sshd[30952]: Received disconnect from 179.224.196.91 port 10181:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:14.627Z","@version":"1","message":"Sep  8 11:49:13 honeypot-sgp-1 sshd[30956]: Received disconnect from 179.224.196.91 port 10183:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:50:09 honeypot-fra-1 sshd[23919]: Received disconnect from 165.227.84.172 port 57532:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:50:10.277Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:51:15.676Z","@version":"1","message":"Sep  8 11:51:14 honeypot-sgp-1 sshd[30960]: Did not receive identification string from 45.61.186.49 port 46842","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:51:34.686Z","@version":"1","message":"Sep  8 11:51:33 honeypot-sgp-1 sshd[30963]: Received disconnect from 45.61.186.49 port 39124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:51:44.690Z","@version":"1","message":"Sep  8 11:51:44 honeypot-sgp-1 sshd[30967]: Received disconnect from 45.61.186.49 port 52464:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:52:00 honeypot-ams-1 sshd[1120]: Did not receive identification string from 58.72.18.130 port 17791","@timestamp":"2022-09-08T11:52:01.493Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:54:33 honeypot-fra-1 kernel: [83512513.904554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=3248 PROTO=TCP SPT=40010 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:54:34.375Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:57:37 honeypot-fra-1 sshd[23929]: Invalid user jlm from 165.22.45.108 port 45090","@timestamp":"2022-09-08T11:57:38.446Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T12:01:00.926Z","@version":"1","message":"Sep  8 12:01:00 honeypot-sgp-1 sshd[30974]: Received disconnect from 62.204.41.222 port 41943:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:58 honeypot-fra-1 sshd[23931]: Disconnected from authenticating user root 178.154.203.18 port 38848 [preauth]","@timestamp":"2022-09-08T12:01:59.543Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23942]: Invalid user mc from 43.138.54.131 port 53213","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23935]: Connection closed by invalid user ts3 43.138.54.131 port 53212 [preauth]","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23944]: Connection closed by invalid user hadoop 43.138.54.131 port 53220 [preauth]","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23959]: Invalid user centos from 43.138.54.131 port 53230","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23966]: Invalid user ansible from 43.138.54.131 port 53240","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23962]: Connection closed by invalid user centos 43.138.54.131 port 53246 [preauth]","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23978]: Invalid user elastic from 43.138.54.131 port 53276","@timestamp":"2022-09-08T12:02:15.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23983]: Invalid user ansible from 43.138.54.131 port 53272","@timestamp":"2022-09-08T12:02:15.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23996]: Invalid user vagrant from 43.138.54.131 port 53248","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23980]: Connection closed by invalid user teamspeak3 43.138.54.131 port 53264 [preauth]","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:15 honeypot-fra-1 sshd[23989]: Connection closed by invalid user ansible 43.138.54.131 port 53280 [preauth]","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:03:00 honeypot-ams-1 sshd[1127]: Connection closed by invalid user Admin 72.190.53.219 port 53764 [preauth]","@timestamp":"2022-09-08T12:03:00.804Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:03:55 honeypot-fra-1 sshd[24005]: Disconnected from invalid user physics 165.227.160.124 port 37128 [preauth]","@timestamp":"2022-09-08T12:03:56.590Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T12:06:28.060Z","@version":"1","message":"Sep  8 12:06:27 honeypot-sgp-1 kernel: [83514905.088442] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.17 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44642 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:06:39 honeypot-fra-1 kernel: [83513239.969161] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.201.224 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39570 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:06:40.652Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:07:06 honeypot-fra-1 sshd[24013]: Connection closed by invalid user  64.62.197.152 port 37376 [preauth]","@timestamp":"2022-09-08T12:07:06.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:10:14 honeypot-fra-1 sshd[24020]: Invalid user gavrila from 112.196.62.36 port 54198","@timestamp":"2022-09-08T12:10:14.735Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:11:42 honeypot-ams-1 sshd[1130]: Disconnected from authenticating user root 92.255.85.70 port 33696 [preauth]","@timestamp":"2022-09-08T12:11:43.032Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:13:41 honeypot-fra-1 sshd[24025]: Invalid user simoni from 68.183.88.186 port 39258","@timestamp":"2022-09-08T12:13:41.811Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:16:22 honeypot-ams-1 sshd[1136]: Disconnected from authenticating user root 134.122.123.117 port 49232 [preauth]","@timestamp":"2022-09-08T12:16:22.164Z"}
{"@timestamp":"2022-09-08T12:16:51.318Z","@version":"1","message":"Sep  8 12:16:50 honeypot-sgp-1 kernel: [83515528.230728] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=56151 PROTO=TCP SPT=58421 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:17:01 honeypot-fra-1 CRON[24030]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T12:17:01.884Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:17:06 honeypot-ams-1 sshd[1143]: Disconnected from authenticating user root 134.122.123.117 port 43388 [preauth]","@timestamp":"2022-09-08T12:17:07.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:08 honeypot-ams-1 sshd[1150]: Invalid user user from 198.98.61.9 port 57522","@timestamp":"2022-09-08T12:18:09.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:17 honeypot-ams-1 sshd[1154]: Received disconnect from 198.98.61.9 port 40294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:18:17.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:31 honeypot-ams-1 sshd[1158]: Disconnected from authenticating user root 134.122.123.117 port 60104 [preauth]","@timestamp":"2022-09-08T12:18:32.230Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:40 honeypot-ams-1 sshd[1162]: Disconnected from invalid user user 198.98.61.9 port 45094 [preauth]","@timestamp":"2022-09-08T12:18:41.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:55 honeypot-ams-1 sshd[1168]: Invalid user user from 198.98.61.9 port 38852","@timestamp":"2022-09-08T12:18:56.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:19:34 honeypot-ams-1 sshd[1172]: Invalid user git from 134.122.123.117 port 51426","@timestamp":"2022-09-08T12:19:35.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:19:39 honeypot-fra-1 sshd[24035]: Received disconnect from 165.22.45.108 port 49850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:19:39.945Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:20:17 honeypot-ams-1 sshd[1176]: Invalid user oracle from 134.122.123.117 port 45656","@timestamp":"2022-09-08T12:20:17.285Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:20:59 honeypot-ams-1 sshd[1181]: Invalid user odoo from 134.122.123.117 port 39916","@timestamp":"2022-09-08T12:21:00.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:21:41 honeypot-ams-1 sshd[1185]: Invalid user ec2-user from 134.122.123.117 port 34108","@timestamp":"2022-09-08T12:21:42.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:22:23 honeypot-ams-1 sshd[1189]: Invalid user ubuntu from 134.122.123.117 port 56588","@timestamp":"2022-09-08T12:22:23.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:23:05 honeypot-ams-1 sshd[1193]: Invalid user spark from 134.122.123.117 port 50770","@timestamp":"2022-09-08T12:23:05.367Z"}
{"@timestamp":"2022-09-08T12:23:10.471Z","@version":"1","message":"Sep  8 12:23:09 honeypot-sgp-1 sshd[30988]: Received disconnect from 92.255.85.70 port 45164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:23:47 honeypot-ams-1 sshd[1197]: Invalid user debian from 134.122.123.117 port 45022","@timestamp":"2022-09-08T12:23:47.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:24:28 honeypot-ams-1 sshd[1201]: Did not receive identification string from 143.198.79.64 port 54042","@timestamp":"2022-09-08T12:24:29.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:24:41 honeypot-ams-1 sshd[1206]: Disconnected from authenticating user root 143.198.79.64 port 47164 [preauth]","@timestamp":"2022-09-08T12:24:41.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:25:17 honeypot-ams-1 sshd[1210]: Disconnected from invalid user student 134.122.123.117 port 33490 [preauth]","@timestamp":"2022-09-08T12:25:17.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:25:49 honeypot-fra-1 kernel: [83514389.599003] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.203.59.0 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34417 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:25:50.084Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:25:59 honeypot-ams-1 sshd[1215]: Disconnected from invalid user weblogic 134.122.123.117 port 55922 [preauth]","@timestamp":"2022-09-08T12:26:00.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:28:45 honeypot-ams-1 sshd[1219]: Invalid user user from 103.188.176.251 port 58178","@timestamp":"2022-09-08T12:28:46.530Z"}
{"@timestamp":"2022-09-08T12:29:05.616Z","@version":"1","message":"Sep  8 12:29:05 honeypot-sgp-1 kernel: [83516262.769723] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.243.97.39 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=52203 PROTO=TCP SPT=51662 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T12:32:25.699Z","@version":"1","message":"Sep  8 12:32:25 honeypot-sgp-1 kernel: [83516462.276674] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=95.161.131.237 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37277 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:34:11 honeypot-ams-1 sshd[1222]: Disconnected from authenticating user root 92.255.85.69 port 62328 [preauth]","@timestamp":"2022-09-08T12:34:11.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:38:46 honeypot-ams-1 sshd[1225]: Disconnected from invalid user ro 49.206.244.232 port 40062 [preauth]","@timestamp":"2022-09-08T12:38:47.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:40:25 honeypot-fra-1 kernel: [83515265.941486] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.220.165.123 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=59878 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:40:26.414Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:43:30 honeypot-ams-1 sshd[1228]: Connection closed by invalid user admin 159.203.178.0 port 55630 [preauth]","@timestamp":"2022-09-08T12:43:30.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:43:32 honeypot-ams-1 sshd[1234]: Connection closed by invalid user admin 159.203.178.0 port 55658 [preauth]","@timestamp":"2022-09-08T12:43:32.923Z"}
{"@timestamp":"2022-09-08T12:44:17.995Z","@version":"1","message":"Sep  8 12:44:17 honeypot-sgp-1 sshd[31001]: Received disconnect from 92.255.85.69 port 51482:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:44:38 honeypot-fra-1 sshd[24050]: Received disconnect from 43.134.175.203 port 37750:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:44:38.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T12:47:15.078Z","@version":"1","message":"Sep  8 12:47:14 honeypot-sgp-1 sshd[31003]: Disconnected from invalid user bart 158.101.97.210 port 44806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:50:19 honeypot-fra-1 kernel: [83515859.632895] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.107.180.142 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=117 ID=48456 DF PROTO=TCP SPT=25849 DPT=80 WINDOW=42340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:50:20.655Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:51:41 honeypot-ams-1 sshd[1242]: Received disconnect from 188.166.23.215 port 54898:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:51:42.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:55:32 honeypot-fra-1 kernel: [83516172.048350] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.201.241.59 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=40214 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:55:32.787Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:55:57 honeypot-ams-1 sshd[1246]: Disconnected from authenticating user root 92.255.85.69 port 32128 [preauth]","@timestamp":"2022-09-08T12:55:58.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:00:30 honeypot-ams-1 sshd[1254]: Invalid user user from 45.61.187.160 port 44650","@timestamp":"2022-09-08T13:00:31.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:00:44 honeypot-ams-1 sshd[1258]: Received disconnect from 14.225.255.14 port 36440:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:00:44.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:00:59 honeypot-ams-1 sshd[1262]: Invalid user user from 45.61.187.160 port 51024","@timestamp":"2022-09-08T13:01:00.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:01:19 honeypot-ams-1 sshd[1266]: Invalid user user from 45.61.187.160 port 45872","@timestamp":"2022-09-08T13:01:19.398Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:01:31 honeypot-ams-1 kernel: [83518679.331024] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=61435 PROTO=TCP SPT=41036 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:01:32.405Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:04:10 honeypot-fra-1 sshd[24075]: Received disconnect from 165.22.45.108 port 59438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:04:10.977Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:05:47 honeypot-ams-1 sshd[1274]: Invalid user user from 45.61.186.249 port 38728","@timestamp":"2022-09-08T13:05:48.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:06:07 honeypot-ams-1 sshd[1278]: Invalid user user from 45.61.186.249 port 33734","@timestamp":"2022-09-08T13:06:08.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:06:28 honeypot-ams-1 sshd[1282]: Invalid user user from 45.61.186.249 port 57016","@timestamp":"2022-09-08T13:06:28.544Z"}
{"@timestamp":"2022-09-08T13:06:44.557Z","@version":"1","message":"Sep  8 13:06:43 honeypot-sgp-1 sshd[31012]: Received disconnect from 92.255.85.70 port 51402:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:06:47 honeypot-ams-1 sshd[1288]: Invalid user user from 45.61.186.249 port 51998","@timestamp":"2022-09-08T13:06:48.555Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:08:03 honeypot-ams-1 kernel: [83519071.882599] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=129.153.212.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=36870 PROTO=TCP SPT=15738 DPT=80 WINDOW=44238 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:08:04.591Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:10:18 honeypot-fra-1 kernel: [83517058.793118] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.182.80.250 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=14682 DF PROTO=TCP SPT=20777 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:10:19.120Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:39 honeypot-fra-1 sshd[24084]: Received disconnect from 115.73.213.109 port 58512:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:40.151Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:44 honeypot-fra-1 sshd[24090]: Received disconnect from 115.73.213.109 port 58684:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:44.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:48 honeypot-fra-1 sshd[24096]: Received disconnect from 115.73.213.109 port 58984:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:49.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:52 honeypot-fra-1 sshd[24102]: Received disconnect from 115.73.213.109 port 59170:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:53.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:57 honeypot-fra-1 sshd[24108]: Received disconnect from 115.73.213.109 port 59314:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:57.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:01 honeypot-fra-1 sshd[24114]: Received disconnect from 115.73.213.109 port 59676:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:02.163Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:05 honeypot-fra-1 sshd[24120]: Received disconnect from 115.73.213.109 port 59802:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:06.165Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:10 honeypot-fra-1 sshd[24126]: Received disconnect from 115.73.213.109 port 60120:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:10.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:14 honeypot-fra-1 sshd[24132]: Received disconnect from 115.73.213.109 port 60278:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:15.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:19 honeypot-fra-1 sshd[24138]: Received disconnect from 115.73.213.109 port 60618:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:20.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:23 honeypot-fra-1 sshd[24144]: Received disconnect from 115.73.213.109 port 60798:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:24.176Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:28 honeypot-fra-1 sshd[24150]: Received disconnect from 115.73.213.109 port 32832:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:28.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:30 honeypot-fra-1 sshd[24154]: Received disconnect from 115.73.213.109 port 32984:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:31.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:33 honeypot-fra-1 sshd[24158]: Received disconnect from 115.73.213.109 port 33072:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:34.181Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:12:34.699Z","@version":"1","message":"Sep  8 13:12:34 honeypot-sgp-1 sshd[31017]: Received disconnect from 188.166.247.82 port 38184:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:36 honeypot-fra-1 sshd[24162]: Received disconnect from 115.73.213.109 port 33154:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:37.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:39 honeypot-fra-1 sshd[24166]: Received disconnect from 115.73.213.109 port 33410:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:39.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:41 honeypot-fra-1 sshd[24170]: Received disconnect from 115.73.213.109 port 33542:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:42.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:44 honeypot-fra-1 sshd[24174]: Disconnected from authenticating user root 115.73.213.109 port 33620 [preauth]","@timestamp":"2022-09-08T13:12:45.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:48 honeypot-fra-1 sshd[24180]: Invalid user pi from 115.73.213.109 port 33906","@timestamp":"2022-09-08T13:12:49.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:52 honeypot-fra-1 sshd[24184]: Invalid user ethos from 115.73.213.109 port 34056","@timestamp":"2022-09-08T13:12:53.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:55 honeypot-fra-1 sshd[24188]: Invalid user miner from 115.73.213.109 port 34142","@timestamp":"2022-09-08T13:12:55.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:57 honeypot-fra-1 sshd[24192]: Invalid user volumio from 115.73.213.109 port 34340","@timestamp":"2022-09-08T13:12:58.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:00 honeypot-fra-1 sshd[24196]: Invalid user nagios from 115.73.213.109 port 34498","@timestamp":"2022-09-08T13:13:01.198Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:03 honeypot-fra-1 sshd[24200]: Invalid user vagrant from 115.73.213.109 port 34608","@timestamp":"2022-09-08T13:13:04.199Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:06 honeypot-fra-1 sshd[24204]: Invalid user debian from 115.73.213.109 port 34702","@timestamp":"2022-09-08T13:13:07.201Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:09 honeypot-fra-1 sshd[24208]: Invalid user debian from 115.73.213.109 port 34966","@timestamp":"2022-09-08T13:13:10.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:12 honeypot-fra-1 sshd[24212]: Invalid user alarm from 115.73.213.109 port 35098","@timestamp":"2022-09-08T13:13:13.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:15 honeypot-fra-1 sshd[24216]: Invalid user test from 115.73.213.109 port 35186","@timestamp":"2022-09-08T13:13:16.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:18 honeypot-fra-1 sshd[24220]: Invalid user cirros from 115.73.213.109 port 35426","@timestamp":"2022-09-08T13:13:18.208Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:16:40.801Z","@version":"1","message":"Sep  8 13:16:40 honeypot-sgp-1 sshd[31021]: Did not receive identification string from 141.255.162.226 port 35376","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:16:59.811Z","@version":"1","message":"Sep  8 13:16:58 honeypot-sgp-1 sshd[31022]: Disconnected from invalid user user 141.255.162.226 port 44508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:17:00.812Z","@version":"1","message":"Sep  8 13:17:00 honeypot-sgp-1 sshd[31028]: Disconnected from invalid user user 141.255.162.226 port 51766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:17:03.814Z","@version":"1","message":"Sep  8 13:17:03 honeypot-sgp-1 sshd[31035]: Invalid user user from 141.255.162.226 port 45296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:17:48 honeypot-fra-1 sshd[24226]: Received disconnect from 133.130.99.35 port 56146:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:17:49.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:21:46 honeypot-fra-1 sshd[24230]: Received disconnect from 182.59.139.27 port 50148:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:21:47.409Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:22:10.938Z","@version":"1","message":"Sep  8 13:22:10 honeypot-sgp-1 sshd[31040]: Connection closed by invalid user lgy 137.116.144.39 port 59334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:22:37 honeypot-fra-1 sshd[24236]: Invalid user user from 198.98.61.9 port 59754","@timestamp":"2022-09-08T13:22:37.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:22:52 honeypot-fra-1 sshd[24240]: Invalid user user from 198.98.61.9 port 53194","@timestamp":"2022-09-08T13:22:53.436Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:23:07 honeypot-fra-1 sshd[24244]: Invalid user user from 198.98.61.9 port 46628","@timestamp":"2022-09-08T13:23:07.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:23:37 honeypot-fra-1 kernel: [83517857.721118] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=17110 PROTO=TCP SPT=45309 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:23:38.468Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:27:35 honeypot-fra-1 kernel: [83518095.687835] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=22783 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:27:36.557Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:09 honeypot-ams-1 sshd[1299]: Received disconnect from 78.180.95.103 port 59664:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:10.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:10 honeypot-ams-1 sshd[1303]: Disconnected from invalid user ubnt 78.180.95.103 port 59732 [preauth]","@timestamp":"2022-09-08T13:30:11.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:12 honeypot-ams-1 sshd[1309]: Disconnected from authenticating user root 78.180.95.103 port 59822 [preauth]","@timestamp":"2022-09-08T13:30:12.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:13 honeypot-ams-1 sshd[1315]: Disconnected from authenticating user root 78.180.95.103 port 59926 [preauth]","@timestamp":"2022-09-08T13:30:14.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:15 honeypot-ams-1 sshd[1321]: Disconnected from authenticating user root 78.180.95.103 port 60038 [preauth]","@timestamp":"2022-09-08T13:30:16.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:16 honeypot-ams-1 sshd[1327]: Disconnected from authenticating user root 78.180.95.103 port 60122 [preauth]","@timestamp":"2022-09-08T13:30:17.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:18 honeypot-ams-1 sshd[1333]: Disconnected from authenticating user root 78.180.95.103 port 60210 [preauth]","@timestamp":"2022-09-08T13:30:19.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:19 honeypot-ams-1 sshd[1339]: Disconnected from authenticating user root 78.180.95.103 port 60312 [preauth]","@timestamp":"2022-09-08T13:30:20.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:21 honeypot-ams-1 sshd[1345]: Disconnected from authenticating user root 78.180.95.103 port 60394 [preauth]","@timestamp":"2022-09-08T13:30:22.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:23 honeypot-ams-1 sshd[1351]: Disconnected from authenticating user root 78.180.95.103 port 60500 [preauth]","@timestamp":"2022-09-08T13:30:23.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:24 honeypot-ams-1 sshd[1357]: Disconnected from authenticating user root 78.180.95.103 port 60604 [preauth]","@timestamp":"2022-09-08T13:30:25.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:26 honeypot-ams-1 sshd[1363]: Disconnected from authenticating user root 78.180.95.103 port 60688 [preauth]","@timestamp":"2022-09-08T13:30:26.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:27 honeypot-ams-1 sshd[1369]: Disconnected from authenticating user root 78.180.95.103 port 60762 [preauth]","@timestamp":"2022-09-08T13:30:28.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:28 honeypot-ams-1 sshd[1373]: Disconnected from invalid user admin 78.180.95.103 port 60822 [preauth]","@timestamp":"2022-09-08T13:30:29.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:29 honeypot-ams-1 sshd[1377]: Disconnected from invalid user admin 78.180.95.103 port 60894 [preauth]","@timestamp":"2022-09-08T13:30:30.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:30 honeypot-ams-1 sshd[1383]: Disconnected from invalid user admin 78.180.95.103 port 60954 [preauth]","@timestamp":"2022-09-08T13:30:31.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:31 honeypot-ams-1 sshd[1387]: Disconnected from invalid user admin 78.180.95.103 port 32776 [preauth]","@timestamp":"2022-09-08T13:30:32.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:32 honeypot-ams-1 sshd[1389]: Disconnected from invalid user admin 78.180.95.103 port 32802 [preauth]","@timestamp":"2022-09-08T13:30:33.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:33 honeypot-ams-1 sshd[1393]: Disconnected from invalid user user 78.180.95.103 port 32888 [preauth]","@timestamp":"2022-09-08T13:30:34.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:35 honeypot-ams-1 sshd[1399]: Received disconnect from 78.180.95.103 port 32970:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:35.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:36 honeypot-ams-1 sshd[1403]: Received disconnect from 78.180.95.103 port 33030:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:36.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:37 honeypot-ams-1 sshd[1407]: Received disconnect from 78.180.95.103 port 33084:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:37.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:38 honeypot-ams-1 sshd[1411]: Received disconnect from 78.180.95.103 port 33126:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:39.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:39 honeypot-ams-1 sshd[1415]: Received disconnect from 78.180.95.103 port 33186:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:40.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:40 honeypot-ams-1 sshd[1419]: Received disconnect from 78.180.95.103 port 33262:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:41.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:41 honeypot-ams-1 sshd[1423]: Received disconnect from 78.180.95.103 port 33320:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:42.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:42 honeypot-ams-1 sshd[1427]: Received disconnect from 78.180.95.103 port 33378:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:43.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:43 honeypot-ams-1 sshd[1431]: Received disconnect from 78.180.95.103 port 33462:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:44.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:44 honeypot-ams-1 sshd[1435]: Received disconnect from 78.180.95.103 port 33524:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:45.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:45 honeypot-ams-1 sshd[1439]: Received disconnect from 78.180.95.103 port 33586:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:30:46.181Z"}
{"@timestamp":"2022-09-08T13:32:15.181Z","@version":"1","message":"Sep  8 13:32:14 honeypot-sgp-1 kernel: [83520051.533768] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.109.190 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=31 ID=61161 PROTO=TCP SPT=40468 DPT=80 WINDOW=1024 RES=0x00 ACK URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:33:09 honeypot-ams-1 sshd[1443]: Disconnected from authenticating user root 118.68.171.48 port 43778 [preauth]","@timestamp":"2022-09-08T13:33:09.243Z"}
{"@timestamp":"2022-09-08T13:33:15.228Z","@version":"1","message":"Sep  8 13:33:14 honeypot-sgp-1 sshd[31047]: Disconnected from invalid user anne 187.216.254.180 port 35828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:35:01 honeypot-fra-1 kernel: [83518541.708387] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.175.136.175 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=12128 DF PROTO=TCP SPT=60310 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-08T13:35:02.717Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:36:22 honeypot-ams-1 sshd[1449]: Received disconnect from 45.61.186.249 port 45134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:36:23.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:36:42 honeypot-ams-1 sshd[1455]: Invalid user user from 45.61.186.249 port 40140","@timestamp":"2022-09-08T13:36:43.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:36:51 honeypot-ams-1 sshd[1457]: Disconnected from invalid user user 45.61.186.249 port 51756 [preauth]","@timestamp":"2022-09-08T13:36:52.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:37:00 honeypot-ams-1 sshd[1461]: Disconnected from invalid user user 45.61.186.249 port 35118 [preauth]","@timestamp":"2022-09-08T13:37:01.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:37:16 honeypot-ams-1 sshd[1465]: Disconnected from invalid user user 45.61.186.249 port 58376 [preauth]","@timestamp":"2022-09-08T13:37:17.361Z"}
{"@timestamp":"2022-09-08T13:39:31.388Z","@version":"1","message":"Sep  8 13:39:30 honeypot-sgp-1 sshd[31052]: Received disconnect from 190.129.60.125 port 51200:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:41:16 honeypot-ams-1 sshd[1472]: Received disconnect from 92.255.85.70 port 58014:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:41:17.464Z"}
{"@timestamp":"2022-09-08T13:42:24.460Z","@version":"1","message":"Sep  8 13:42:24 honeypot-sgp-1 sshd[31057]: Received disconnect from 84.53.228.192 port 39808:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:43:00 honeypot-ams-1 kernel: [83521168.719815] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.108.187.129 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52877 DF PROTO=TCP SPT=57403 DPT=80 WINDOW=13140 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:43:01.509Z"}
{"@timestamp":"2022-09-08T13:43:57.500Z","@version":"1","message":"Sep  8 13:43:57 honeypot-sgp-1 sshd[31061]: Received disconnect from 207.154.241.112 port 36068:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:48:38 honeypot-fra-1 sshd[24262]: Invalid user jm from 165.22.45.108 port 40792","@timestamp":"2022-09-08T13:48:39.015Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:49:18.628Z","@version":"1","message":"Sep  8 13:49:18 honeypot-sgp-1 sshd[31066]: Received disconnect from 159.65.232.191 port 34062:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:53:58 honeypot-fra-1 kernel: [83519678.164821] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=5736 PROTO=TCP SPT=33357 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:53:59.131Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T13:55:25.775Z","@version":"1","message":"Sep  8 13:55:25 honeypot-sgp-1 kernel: [83521442.607021] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.98.59.132 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53151 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T14:03:31.987Z","@version":"1","message":"Sep  8 14:03:31 honeypot-sgp-1 kernel: [83521928.511716] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=13544 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:05:24 honeypot-ams-1 kernel: [83522512.516777] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.187.205.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=53215 PROTO=TCP SPT=55603 DPT=80 WINDOW=52003 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:05:25.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:07:42 honeypot-fra-1 sshd[24273]: Disconnected from authenticating user root 20.104.91.36 port 52458 [preauth]","@timestamp":"2022-09-08T14:07:43.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:11:35 honeypot-fra-1 sshd[24277]: Disconnected from authenticating user root 92.255.85.69 port 58250 [preauth]","@timestamp":"2022-09-08T14:11:35.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T14:16:35.304Z","@version":"1","message":"Sep  8 14:16:35 honeypot-sgp-1 sshd[31083]: Invalid user kirk from 175.25.18.57 port 47467","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:17:27 honeypot-ams-1 kernel: [83523234.974698] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=62518 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:17:27.404Z"}
{"@timestamp":"2022-09-08T14:19:21.377Z","@version":"1","message":"Sep  8 14:19:20 honeypot-sgp-1 sshd[31089]: Connection closed by invalid user Admin 143.55.92.7 port 55577 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:21:13 honeypot-fra-1 sshd[24286]: Received disconnect from 128.199.120.146 port 38386:11: Bye Bye [preauth]","@timestamp":"2022-09-08T14:21:14.738Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:26:42 honeypot-ams-1 sshd[1497]: Received disconnect from 119.28.93.80 port 42484:11: Bye Bye [preauth]","@timestamp":"2022-09-08T14:26:42.634Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:30:32 honeypot-ams-1 kernel: [83524020.406882] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=7324 PROTO=TCP SPT=47406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:30:32.740Z"}
{"@timestamp":"2022-09-08T14:30:38.652Z","@version":"1","message":"Sep  8 14:30:38 honeypot-sgp-1 kernel: [83523555.547960] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=41381 PROTO=TCP SPT=47406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T14:33:07.715Z","@version":"1","message":"Sep  8 14:33:07 honeypot-sgp-1 sshd[31097]: Received disconnect from 141.255.162.226 port 59598:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T14:33:12.717Z","@version":"1","message":"Sep  8 14:33:12 honeypot-sgp-1 sshd[31103]: Connection closed by 141.255.162.226 port 39510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:33:41 honeypot-fra-1 sshd[24289]: Received disconnect from 92.255.85.69 port 18364:11: Bye Bye [preauth]","@timestamp":"2022-09-08T14:33:42.030Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:42:35 honeypot-ams-1 sshd[1504]: Received disconnect from 143.244.158.100 port 34442:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:42:36.052Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:43:28 honeypot-fra-1 kernel: [83522648.261266] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=61315 PROTO=TCP SPT=44390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:43:29.242Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:44:23 honeypot-ams-1 sshd[1510]: Disconnected from authenticating user root 143.244.158.100 port 43294 [preauth]","@timestamp":"2022-09-08T14:44:23.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:47:00 honeypot-ams-1 sshd[1516]: Received disconnect from 143.244.158.100 port 60974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:47:00.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:49:39 honeypot-ams-1 sshd[1523]: Received disconnect from 143.244.158.100 port 43760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:49:40.241Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:51:21 honeypot-ams-1 sshd[1529]: Received disconnect from 143.244.158.100 port 45088:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:51:22.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:52:14 honeypot-ams-1 sshd[1532]: Received disconnect from 143.244.158.100 port 57028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:52:14.313Z"}
{"@timestamp":"2022-09-08T14:53:30.227Z","@version":"1","message":"Sep  8 14:53:29 honeypot-sgp-1 kernel: [83524926.736819] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15546 PROTO=TCP SPT=52812 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:53:56 honeypot-fra-1 kernel: [83523275.700327] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:53:56.471Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:54:50 honeypot-ams-1 sshd[1539]: Received disconnect from 143.244.158.100 port 49028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:54:51.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:56:42 honeypot-ams-1 sshd[1546]: Disconnected from authenticating user root 143.244.158.100 port 57566 [preauth]","@timestamp":"2022-09-08T14:56:42.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:57:56 honeypot-fra-1 sshd[24302]: Received disconnect from 165.22.45.108 port 58142:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:57:56.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:59:19 honeypot-ams-1 sshd[1554]: Received disconnect from 143.244.158.100 port 48890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:59:20.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:02:04 honeypot-ams-1 sshd[1561]: Received disconnect from 143.244.158.100 port 44110:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:02:05.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:04:53 honeypot-ams-1 sshd[1569]: Received disconnect from 143.244.158.100 port 41354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:04:53.648Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:05:24 honeypot-fra-1 sshd[24306]: Received disconnect from 103.145.106.247 port 33882:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:05:24.718Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:06:38 honeypot-ams-1 sshd[1575]: Connection closed by 180.76.173.237 port 49212 [preauth]","@timestamp":"2022-09-08T15:06:38.695Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:08:22 honeypot-ams-1 kernel: [83526290.013200] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=131 ID=45093 PROTO=TCP SPT=46117 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:08:22.743Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:08:31 honeypot-ams-1 kernel: [83526298.964316] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:08:31.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:08:56 honeypot-fra-1 kernel: [83524176.442910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=42.192.144.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=26305 DF PROTO=TCP SPT=52226 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:08:57.797Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:10:51 honeypot-ams-1 sshd[1590]: Received disconnect from 143.244.158.100 port 58474:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:10:51.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:12:29 honeypot-ams-1 sshd[1594]: Disconnected from authenticating user root 143.244.158.100 port 41810 [preauth]","@timestamp":"2022-09-08T15:12:30.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:14:10 honeypot-ams-1 sshd[1602]: Received disconnect from 143.244.158.100 port 35308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:14:10.905Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:16:47 honeypot-ams-1 sshd[1610]: Received disconnect from 143.244.158.100 port 42868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:16:47.975Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:17:01 honeypot-fra-1 CRON[24313]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T15:17:01.967Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T15:17:01.786Z","@version":"1","message":"Sep  8 15:17:01 honeypot-sgp-1 CRON[31133]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:17:49 honeypot-ams-1 kernel: [83526857.191655] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.97.124.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=43954 PROTO=TCP SPT=30788 DPT=443 WINDOW=7468 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:17:50.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:20:24 honeypot-ams-1 sshd[1622]: Received disconnect from 143.244.158.100 port 40274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:20:25.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:20:54 honeypot-fra-1 sshd[24318]: Disconnected from invalid user jm 165.22.45.108 port 34818 [preauth]","@timestamp":"2022-09-08T15:20:55.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:22:13 honeypot-ams-1 sshd[1626]: Disconnected from authenticating user root 143.244.158.100 port 51140 [preauth]","@timestamp":"2022-09-08T15:22:14.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:23:53 honeypot-ams-1 sshd[1633]: Received disconnect from 143.244.158.100 port 40652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:23:53.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:25:47 honeypot-fra-1 kernel: [83525187.109424] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:25:48.159Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T15:26:07.003Z","@version":"1","message":"Sep  8 15:26:06 honeypot-sgp-1 sshd[31141]: Invalid user admin from 148.153.82.141 port 53376","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:26:24 honeypot-ams-1 sshd[1639]: Received disconnect from 143.244.158.100 port 45050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:26:25.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:28:03 honeypot-ams-1 sshd[1645]: Received disconnect from 143.244.158.100 port 46998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:28:03.288Z"}
{"@timestamp":"2022-09-08T15:30:25.109Z","@version":"1","message":"Sep  8 15:30:24 honeypot-sgp-1 kernel: [83527141.848829] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.12.51.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=60724 PROTO=TCP SPT=44128 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:30:38 honeypot-ams-1 kernel: [83527625.995657] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=20186 PROTO=TCP SPT=45499 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:30:38.358Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:34:07 honeypot-ams-1 kernel: [83527835.833062] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:34:08.451Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:13 honeypot-ams-1 sshd[1658]: Received disconnect from 141.255.162.226 port 57680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:34:13.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:17 honeypot-ams-1 sshd[1661]: Received disconnect from 141.255.162.226 port 45110:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:34:18.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:20 honeypot-ams-1 sshd[1666]: Received disconnect from 141.255.162.226 port 60770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:34:21.458Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:34:32 honeypot-ams-1 kernel: [83527859.887042] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:34:32.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:35:37 honeypot-ams-1 sshd[1674]: Received disconnect from 120.28.150.36 port 43428:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:35:37.493Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:35:54 honeypot-fra-1 kernel: [83525793.775181] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.28.241.178 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=55251 DF PROTO=TCP SPT=56764 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:35:54.374Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:37:06 honeypot-fra-1 sshd[24327]: Received disconnect from 41.79.235.35 port 56402:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:37:06.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:38:44 honeypot-ams-1 sshd[1678]: Connection closed by invalid user admin 221.158.195.111 port 54242 [preauth]","@timestamp":"2022-09-08T15:38:44.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:41:39 honeypot-ams-1 sshd[1681]: Invalid user ens from 129.150.50.94 port 32988","@timestamp":"2022-09-08T15:41:39.653Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:44:11 honeypot-fra-1 sshd[24332]: Disconnected from invalid user jm 165.22.45.108 port 39760 [preauth]","@timestamp":"2022-09-08T15:44:12.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:44:31 honeypot-ams-1 kernel: [83528459.297363] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:44:31.726Z"}
{"@timestamp":"2022-09-08T15:46:29.488Z","@version":"1","message":"Sep  8 15:46:29 honeypot-sgp-1 sshd[31152]: Invalid user netfonts from 101.32.95.39 port 54610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:47:53 honeypot-fra-1 sshd[24338]: Received disconnect from 20.229.79.224 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:47:54.656Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:49:37 honeypot-ams-1 kernel: [83528765.464931] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:49:37.861Z"}
{"@timestamp":"2022-09-08T15:53:14.646Z","@version":"1","message":"Sep  8 15:53:14 honeypot-sgp-1 kernel: [83528511.683949] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=43749 DF PROTO=TCP SPT=46162 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:53:26 honeypot-fra-1 kernel: [83526846.090755] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=40789 PROTO=TCP SPT=30054 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:53:26.784Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:53:54 honeypot-ams-1 kernel: [83529021.927959] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:53:54.973Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24343]: Invalid user devops from 20.85.224.226 port 38754","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24354]: Invalid user elastic from 20.85.224.226 port 38782","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24347]: Connection closed by invalid user testuser 20.85.224.226 port 38770 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24353]: Invalid user devops from 20.85.224.226 port 38756","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24351]: Connection closed by invalid user ftpuser 20.85.224.226 port 38766 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24356]: Connection closed by invalid user upload 20.85.224.226 port 38784 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24387]: Invalid user elasticsearch from 20.85.224.226 port 38892","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24382]: Connection closed by authenticating user root 20.85.224.226 port 38906 [preauth]","@timestamp":"2022-09-08T15:56:05.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24384]: Connection closed by invalid user es 20.85.224.226 port 38904 [preauth]","@timestamp":"2022-09-08T15:56:05.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:58:53 honeypot-ams-1 kernel: [83529321.293638] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:58:54.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:59:29 honeypot-fra-1 sshd[24401]: Received disconnect from 159.65.103.250 port 60332:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:59:29.917Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:59:38 honeypot-ams-1 sshd[1694]: Invalid user andreas from 203.194.103.202 port 16577","@timestamp":"2022-09-08T15:59:39.125Z"}
{"@timestamp":"2022-09-08T16:02:10.858Z","@version":"1","message":"Sep  8 16:02:10 honeypot-sgp-1 kernel: [83529047.704475] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.174.70.181 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=20844 DF PROTO=TCP SPT=58818 DPT=80 WINDOW=65320 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:03:28.891Z","@version":"1","message":"Sep  8 16:03:28 honeypot-sgp-1 sshd[31163]: Received disconnect from 45.61.186.249 port 56798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:03:49.902Z","@version":"1","message":"Sep  8 16:03:49 honeypot-sgp-1 sshd[31167]: Received disconnect from 45.61.186.249 port 52592:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:04:10.912Z","@version":"1","message":"Sep  8 16:04:10 honeypot-sgp-1 sshd[31171]: Received disconnect from 45.61.186.249 port 48364:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:05:22 honeypot-fra-1 kernel: [83527562.374551] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27260 PROTO=TCP SPT=52849 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:05:23.047Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:07:13 honeypot-fra-1 sshd[24406]: Invalid user jm from 165.22.45.108 port 44698","@timestamp":"2022-09-08T16:07:14.091Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:07:33 honeypot-ams-1 kernel: [83529841.153908] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18547 PROTO=TCP SPT=52849 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:07:34.330Z"}
{"@timestamp":"2022-09-08T16:08:24.020Z","@version":"1","message":"Sep  8 16:08:23 honeypot-sgp-1 sshd[31176]: Received disconnect from 92.255.85.70 port 19114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:16:32 honeypot-fra-1 kernel: [83528231.955865] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=6369 PROTO=TCP SPT=22359 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:16:33.293Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T16:17:02.227Z","@version":"1","message":"Sep  8 16:17:01 honeypot-sgp-1 CRON[31180]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 16:17:02 honeypot-ams-1 CRON[1699]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T16:17:02.571Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:21:11 honeypot-fra-1 kernel: [83528510.842061] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.246.125.17 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=29220 PROTO=TCP SPT=17017 DPT=80 WINDOW=27440 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:21:11.394Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 16:24:09 honeypot-ams-1 sshd[1707]: Received disconnect from 162.243.116.41 port 36298:11: Bye Bye [preauth]","@timestamp":"2022-09-08T16:24:10.754Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:29:57 honeypot-fra-1 sshd[24418]: Invalid user admin from 193.106.191.157 port 38754","@timestamp":"2022-09-08T16:29:57.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24426]: Connection closed by invalid user ec2-user 20.254.57.199 port 59036 [preauth]","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24432]: Invalid user hadoop from 20.254.57.199 port 59002","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24421]: Invalid user vagrant from 20.254.57.199 port 58988","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24428]: Connection closed by invalid user www 20.254.57.199 port 58980 [preauth]","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:53 honeypot-fra-1 sshd[24447]: Invalid user es from 20.254.57.199 port 59042","@timestamp":"2022-09-08T16:30:53.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:55 honeypot-fra-1 sshd[24453]: Invalid user ec2-user from 20.254.57.199 port 59034","@timestamp":"2022-09-08T16:30:55.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:55 honeypot-fra-1 sshd[24455]: Connection closed by invalid user ubuntu 20.254.57.199 port 59038 [preauth]","@timestamp":"2022-09-08T16:30:55.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T16:31:14.561Z","@version":"1","message":"Sep  8 16:31:14 honeypot-sgp-1 sshd[31187]: Received disconnect from 92.255.85.70 port 41126:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:38:31.736Z","@version":"1","message":"Sep  8 16:38:31 honeypot-sgp-1 kernel: [83531228.318955] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.165 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=33616 PROTO=TCP SPT=32837 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:39:22 honeypot-ams-1 kernel: [83531750.626298] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=816 PROTO=TCP SPT=462 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:39:23.149Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:46:13 honeypot-ams-1 kernel: [83532160.982939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=65513 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:46:13.332Z"}
{"@timestamp":"2022-09-08T16:49:38.001Z","@version":"1","message":"Sep  8 16:49:37 honeypot-sgp-1 kernel: [83531894.693860] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60091 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:50:11 honeypot-fra-1 kernel: [83530250.808862] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=20084 DF PROTO=TCP SPT=40160 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:50:12.022Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:55:14 honeypot-fra-1 sshd[24470]: Invalid user alfredo from 191.232.193.91 port 1024","@timestamp":"2022-09-08T16:55:15.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:56:43 honeypot-fra-1 kernel: [83530643.296108] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=35297 DF PROTO=TCP SPT=41568 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:56:44.169Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:02:44 honeypot-ams-1 sshd[1718]: Did not receive identification string from 141.255.162.226 port 36914","@timestamp":"2022-09-08T17:02:45.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:02:58 honeypot-ams-1 sshd[1723]: Invalid user user from 141.255.162.226 port 56304","@timestamp":"2022-09-08T17:02:58.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:03:00 honeypot-ams-1 sshd[1727]: Invalid user user from 141.255.162.226 port 44370","@timestamp":"2022-09-08T17:03:00.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:03:04 honeypot-ams-1 sshd[1731]: Invalid user user from 141.255.162.226 port 60670","@timestamp":"2022-09-08T17:03:04.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:03:46 honeypot-ams-1 sshd[1735]: Invalid user shell from 117.217.125.87 port 47724","@timestamp":"2022-09-08T17:03:46.790Z"}
{"@timestamp":"2022-09-08T17:05:09.382Z","@version":"1","message":"Sep  8 17:05:09 honeypot-sgp-1 sshd[31201]: Disconnected from invalid user sysman 186.145.109.9 port 52820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:06:25 honeypot-ams-1 sshd[1740]: Received disconnect from 92.255.85.70 port 47368:11: Bye Bye [preauth]","@timestamp":"2022-09-08T17:06:25.863Z"}
{"@timestamp":"2022-09-08T17:06:33.419Z","@version":"1","message":"Sep  8 17:06:32 honeypot-sgp-1 sshd[31206]: Received disconnect from 198.98.61.9 port 60340:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:06:48.426Z","@version":"1","message":"Sep  8 17:06:48 honeypot-sgp-1 sshd[31210]: Received disconnect from 198.98.61.9 port 54570:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:07:03.434Z","@version":"1","message":"Sep  8 17:07:02 honeypot-sgp-1 sshd[31214]: Received disconnect from 198.98.61.9 port 48818:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:11:50 honeypot-fra-1 sshd[24483]: Received disconnect from 211.75.183.12 port 57400:11: Bye Bye [preauth]","@timestamp":"2022-09-08T17:11:51.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:13:26 honeypot-fra-1 sshd[24487]: Disconnected from authenticating user root 92.255.85.69 port 26600 [preauth]","@timestamp":"2022-09-08T17:13:26.544Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T17:14:04.598Z","@version":"1","message":"Sep  8 17:14:04 honeypot-sgp-1 kernel: [83533361.472959] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=239 ID=29640 PROTO=TCP SPT=47275 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 17:14:51 honeypot-ams-1 kernel: [83533879.265887] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:14:52.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:17:01 honeypot-fra-1 CRON[24494]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T17:17:01.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:18:23 honeypot-ams-1 sshd[1749]: Connection closed by 180.76.173.237 port 52272 [preauth]","@timestamp":"2022-09-08T17:18:23.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:21:42 honeypot-ams-1 sshd[1754]: Received disconnect from 193.114.140.202 port 33020:11: Bye Bye [preauth]","@timestamp":"2022-09-08T17:21:43.281Z"}
{"@timestamp":"2022-09-08T17:22:18.791Z","@version":"1","message":"Sep  8 17:22:18 honeypot-sgp-1 kernel: [83533855.730260] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57255 PROTO=TCP SPT=57244 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:23:56 honeypot-fra-1 kernel: [83532276.190959] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=53414 PROTO=TCP SPT=57244 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:23:57.782Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T17:26:06.883Z","@version":"1","message":"Sep  8 17:26:06 honeypot-sgp-1 sshd[31234]: Disconnected from invalid user 69 13.67.221.136 port 1024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:28:46 honeypot-ams-1 sshd[1759]: Disconnected from authenticating user root 92.255.85.69 port 24254 [preauth]","@timestamp":"2022-09-08T17:28:47.463Z"}
{"@timestamp":"2022-09-08T17:35:28.105Z","@version":"1","message":"Sep  8 17:35:27 honeypot-sgp-1 kernel: [83534644.564642] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=44607 DF PROTO=TCP SPT=56043 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:40:39 honeypot-fra-1 sshd[24504]: Invalid user Admin from 125.34.240.33 port 20507","@timestamp":"2022-09-08T17:40:40.153Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:41:20 honeypot-ams-1 sshd[1765]: Received disconnect from 45.61.184.204 port 48230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:41:20.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:41:23 honeypot-fra-1 sshd[24509]: error: maximum authentication attempts exceeded for invalid user admin from 213.249.203.115 port 47586 ssh2 [preauth]","@timestamp":"2022-09-08T17:41:24.174Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:41:39 honeypot-ams-1 sshd[1769]: Received disconnect from 45.61.184.204 port 42694:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:41:40.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:41:57 honeypot-ams-1 sshd[1773]: Received disconnect from 45.61.184.204 port 37158:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:41:57.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:42:13 honeypot-ams-1 sshd[1777]: Received disconnect from 45.61.184.204 port 59846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:42:13.817Z"}
{"@timestamp":"2022-09-08T17:42:40.270Z","@version":"1","message":"Sep  8 17:42:40 honeypot-sgp-1 sshd[31245]: Disconnected from authenticating user root 143.110.188.7 port 54870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:45:06.331Z","@version":"1","message":"Sep  8 17:45:05 honeypot-sgp-1 sshd[31251]: Corrupted MAC on input. [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:45:35.345Z","@version":"1","message":"Sep  8 17:45:34 honeypot-sgp-1 sshd[31255]: Received disconnect from 45.61.186.249 port 55962:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:45:54.355Z","@version":"1","message":"Sep  8 17:45:53 honeypot-sgp-1 sshd[31260]: Received disconnect from 45.61.186.249 port 50516:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:46:10.362Z","@version":"1","message":"Sep  8 17:46:10 honeypot-sgp-1 sshd[31264]: Received disconnect from 45.61.186.249 port 45070:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:47:53 honeypot-ams-1 sshd[1784]: Received disconnect from 45.61.186.49 port 38318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:47:53.964Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:48:03 honeypot-ams-1 sshd[1788]: Received disconnect from 45.61.186.49 port 49786:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:48:04.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:48:13 honeypot-ams-1 sshd[1792]: Disconnected from 206.81.15.128 port 49922 [preauth]","@timestamp":"2022-09-08T17:48:13.978Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:53:39 honeypot-ams-1 sshd[1797]: Disconnected from authenticating user root 161.82.233.179 port 59884 [preauth]","@timestamp":"2022-09-08T17:53:40.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:56:31 honeypot-fra-1 sshd[24515]: Disconnected from authenticating user root 64.225.43.245 port 42748 [preauth]","@timestamp":"2022-09-08T17:56:32.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:58:46 honeypot-fra-1 sshd[24521]: Disconnected from authenticating user root 64.225.43.245 port 55158 [preauth]","@timestamp":"2022-09-08T17:58:47.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24591]: Did not receive identification string from 109.224.31.68 port 50375","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24538]: Invalid user admin from 109.224.31.68 port 52106","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24527]: Invalid user jenkins from 109.224.31.68 port 52064","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24549]: Invalid user centos from 109.224.31.68 port 52092","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24529]: Connection closed by invalid user user 109.224.31.68 port 52063 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24528]: Connection closed by invalid user esuser 109.224.31.68 port 52061 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24550]: Invalid user test from 109.224.31.68 port 52094","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24549]: Connection closed by invalid user centos 109.224.31.68 port 52092 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24546]: Connection closed by invalid user ftpuser 109.224.31.68 port 52059 [preauth]","@timestamp":"2022-09-08T17:59:42.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24548]: Connection closed by invalid user guest 109.224.31.68 port 52082 [preauth]","@timestamp":"2022-09-08T17:59:42.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24536]: Invalid user oracle from 109.224.31.68 port 52047","@timestamp":"2022-09-08T17:59:43.595Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 18:00:06 honeypot-ams-1 kernel: [83536594.686470] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.190.27.9 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=254 ID=45766 PROTO=TCP SPT=40002 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:00:07.308Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:00:19 honeypot-fra-1 sshd[24594]: Received disconnect from 64.225.43.245 port 53988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:00:19.610Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:01:53 honeypot-fra-1 sshd[24600]: Disconnected from authenticating user root 64.225.43.245 port 52824 [preauth]","@timestamp":"2022-09-08T18:01:53.649Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:02:35.753Z","@version":"1","message":"Sep  8 18:02:35 honeypot-sgp-1 sshd[31270]: Received disconnect from 92.255.85.70 port 17282:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:04:01 honeypot-fra-1 sshd[24606]: Received disconnect from 165.22.45.108 port 41138:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:04:01.699Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:01 honeypot-fra-1 sshd[24612]: Did not receive identification string from 45.61.186.249 port 50132","@timestamp":"2022-09-08T18:05:02.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:22 honeypot-fra-1 sshd[24615]: Disconnected from invalid user user 45.61.186.249 port 45100 [preauth]","@timestamp":"2022-09-08T18:05:22.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:41 honeypot-fra-1 sshd[24619]: Disconnected from invalid user user 45.61.186.249 port 39936 [preauth]","@timestamp":"2022-09-08T18:05:42.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:59 honeypot-fra-1 sshd[24625]: Invalid user user from 45.61.186.249 port 34826","@timestamp":"2022-09-08T18:06:00.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:06:31 honeypot-fra-1 sshd[24629]: Invalid user dev from 64.225.43.245 port 49388","@timestamp":"2022-09-08T18:06:31.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:06 honeypot-fra-1 sshd[24634]: Invalid user schoosoft from 64.225.43.245 port 48222","@timestamp":"2022-09-08T18:08:06.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24644]: Invalid user vagrant from 122.128.79.246 port 53118","@timestamp":"2022-09-08T18:08:36.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24646]: Invalid user oracle from 122.128.79.246 port 53142","@timestamp":"2022-09-08T18:08:36.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24637]: Invalid user centos from 122.128.79.246 port 53106","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24658]: Invalid user ec2-user from 122.128.79.246 port 53072","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24666]: Invalid user elasticsearch from 122.128.79.246 port 53156","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24642]: Connection closed by invalid user chia 122.128.79.246 port 53116 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24647]: Connection closed by invalid user test 122.128.79.246 port 53094 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24637]: Connection closed by invalid user centos 122.128.79.246 port 53106 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24656]: Connection closed by invalid user elasticsearch 122.128.79.246 port 53054 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24664]: Connection closed by invalid user chia 122.128.79.246 port 53140 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:56 honeypot-fra-1 sshd[24699]: Invalid user petrong from 64.225.43.245 port 33518","@timestamp":"2022-09-08T18:08:56.867Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:09:43 honeypot-ams-1 sshd[1805]: Disconnected from authenticating user root 129.226.138.179 port 36786 [preauth]","@timestamp":"2022-09-08T18:09:44.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:10:09 honeypot-fra-1 kernel: [83535048.696044] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45308 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:10:09.896Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T18:10:50.967Z","@version":"1","message":"Sep  8 18:10:50 honeypot-sgp-1 sshd[31275]: Connection closed by invalid user gpadmin 103.188.176.251 port 52124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:12:07 honeypot-fra-1 sshd[24708]: Invalid user samson from 64.225.43.245 port 59408","@timestamp":"2022-09-08T18:12:07.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:13:42 honeypot-fra-1 sshd[24713]: Received disconnect from 64.225.43.245 port 58242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:13:42.981Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:15:16 honeypot-fra-1 sshd[24717]: Disconnected from authenticating user root 64.225.43.245 port 57072 [preauth]","@timestamp":"2022-09-08T18:15:17.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:15:38.086Z","@version":"1","message":"Sep  8 18:15:37 honeypot-sgp-1 sshd[31281]: Disconnected from invalid user mark 128.199.32.98 port 44486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:16:10 honeypot-ams-1 sshd[1812]: Received disconnect from 104.168.68.119 port 43336:11: Bye Bye [preauth]","@timestamp":"2022-09-08T18:16:10.724Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:16:50 honeypot-fra-1 sshd[24722]: Disconnected from invalid user gbadebo 64.225.43.245 port 55904 [preauth]","@timestamp":"2022-09-08T18:16:51.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:17:27 honeypot-ams-1 sshd[1817]: Received disconnect from 159.65.61.163 port 55680:11: Bye Bye [preauth]","@timestamp":"2022-09-08T18:17:27.760Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:18:17 honeypot-fra-1 sshd[24731]: Invalid user admin from 112.171.39.240 port 44469","@timestamp":"2022-09-08T18:18:18.092Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:19:13 honeypot-fra-1 sshd[24735]: Disconnected from invalid user sandbox 64.225.43.245 port 40032 [preauth]","@timestamp":"2022-09-08T18:19:14.116Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:20:55 honeypot-fra-1 sshd[24739]: Disconnected from invalid user dev 64.225.43.245 port 38862 [preauth]","@timestamp":"2022-09-08T18:20:56.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:22:33 honeypot-fra-1 sshd[24743]: Received disconnect from 64.225.43.245 port 37694:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:22:33.195Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:26:32.731Z","@version":"1","message":"Sep  8 18:26:32 honeypot-sgp-1 sshd[31288]: Disconnected from authenticating user root 92.255.85.69 port 59412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:27:09 honeypot-fra-1 sshd[24751]: Received disconnect from 165.22.45.108 port 46040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:27:10.299Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 18:32:03 honeypot-ams-1 kernel: [83538511.233063] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=38069 PROTO=TCP SPT=58687 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:32:04.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:33:28 honeypot-fra-1 sshd[24756]: Received disconnect from 92.205.19.152 port 47662:11: Bye Bye [preauth]","@timestamp":"2022-09-08T18:33:28.441Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:04 honeypot-ams-1 sshd[1830]: Received disconnect from 45.61.184.204 port 45292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:35:05.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:23 honeypot-ams-1 sshd[1834]: Received disconnect from 45.61.184.204 port 40274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:35:24.230Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:43 honeypot-ams-1 sshd[1838]: Received disconnect from 45.61.184.204 port 35280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:35:44.241Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:37:44 honeypot-ams-1 sshd[1843]: Invalid user admin from 92.255.85.70 port 29046","@timestamp":"2022-09-08T18:37:45.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:39:10 honeypot-ams-1 sshd[1846]: Disconnected from invalid user webdev 221.212.204.26 port 42704 [preauth]","@timestamp":"2022-09-08T18:39:10.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:40:30 honeypot-fra-1 kernel: [83536870.063978] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=47161 PROTO=TCP SPT=52020 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:40:31.600Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T18:44:23.144Z","@version":"1","message":"Sep  8 18:44:22 honeypot-sgp-1 kernel: [83538779.060401] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=55512 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:20 honeypot-fra-1 sshd[24764]: Did not receive identification string from 20.243.201.105 port 59690","@timestamp":"2022-09-08T18:46:21.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24770]: Invalid user mysql from 20.243.201.105 port 59742","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24766]: Invalid user steam from 20.243.201.105 port 59736","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24780]: Invalid user testuser from 20.243.201.105 port 59768","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24789]: Invalid user steam from 20.243.201.105 port 59782","@timestamp":"2022-09-08T18:46:22.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24770]: Connection closed by invalid user mysql 20.243.201.105 port 59742 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24766]: Connection closed by invalid user steam 20.243.201.105 port 59736 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24780]: Connection closed by invalid user testuser 20.243.201.105 port 59768 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24786]: Connection closed by authenticating user root 20.243.201.105 port 59796 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:23 honeypot-fra-1 sshd[24834]: Invalid user devops from 20.247.118.146 port 42994","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24820]: Invalid user devops from 20.247.118.146 port 42820","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24837]: Invalid user vagrant from 20.247.118.146 port 43162","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24844]: Invalid user admin from 20.247.118.146 port 43064","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24828]: Invalid user es from 20.247.118.146 port 42844","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24826]: Connection closed by invalid user steam 20.247.118.146 port 43136 [preauth]","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24831]: Connection closed by invalid user git 20.247.118.146 port 43152 [preauth]","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24823]: Connection closed by invalid user mysql 20.247.118.146 port 42812 [preauth]","@timestamp":"2022-09-08T18:47:24.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24838]: Connection closed by invalid user user 20.247.118.146 port 42912 [preauth]","@timestamp":"2022-09-08T18:47:24.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24853]: Connection closed by invalid user user 20.247.118.146 port 42918 [preauth]","@timestamp":"2022-09-08T18:47:24.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:47:57.229Z","@version":"1","message":"Sep  8 18:47:56 honeypot-sgp-1 sshd[31298]: Disconnected from invalid user admin 92.255.85.69 port 50800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:53:50 honeypot-fra-1 sshd[24880]: Invalid user pi from 96.3.36.65 port 47074","@timestamp":"2022-09-08T18:53:50.903Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:54:23 honeypot-ams-1 sshd[1856]: Invalid user Admin from 84.40.77.56 port 36024","@timestamp":"2022-09-08T18:54:23.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:02 honeypot-ams-1 sshd[1862]: Invalid user user from 45.61.184.204 port 60274","@timestamp":"2022-09-08T19:00:02.894Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:00:03 honeypot-fra-1 sshd[24884]: Invalid user ei from 164.92.210.129 port 58420","@timestamp":"2022-09-08T19:00:04.046Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:21 honeypot-ams-1 sshd[1866]: Invalid user user from 45.61.184.204 port 54774","@timestamp":"2022-09-08T19:00:21.903Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:31 honeypot-ams-1 sshd[1870]: Disconnected from invalid user user 45.61.184.204 port 37912 [preauth]","@timestamp":"2022-09-08T19:00:31.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:50 honeypot-ams-1 sshd[1876]: Invalid user user from 45.61.184.204 port 60654","@timestamp":"2022-09-08T19:00:50.921Z"}
{"@timestamp":"2022-09-08T19:02:12.592Z","@version":"1","message":"Sep  8 19:02:11 honeypot-sgp-1 kernel: [83539848.695352] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=113.59.52.144 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=61161 PROTO=TCP SPT=18770 DPT=80 WINDOW=25722 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:02:58 honeypot-ams-1 sshd[1880]: Invalid user admin from 193.106.191.157 port 49472","@timestamp":"2022-09-08T19:02:58.977Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:05:04 honeypot-fra-1 kernel: [83538343.335146] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47593 PROTO=TCP SPT=43689 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:05:05.161Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:08:09 honeypot-fra-1 sshd[24891]: Did not receive identification string from 45.61.184.204 port 54004","@timestamp":"2022-09-08T19:08:09.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:08:38 honeypot-fra-1 sshd[24894]: Disconnected from invalid user user 45.61.184.204 port 52696 [preauth]","@timestamp":"2022-09-08T19:08:39.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:08:58 honeypot-fra-1 sshd[24898]: Disconnected from invalid user user 45.61.184.204 port 48980 [preauth]","@timestamp":"2022-09-08T19:08:59.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:09:17 honeypot-fra-1 sshd[24902]: Disconnected from invalid user user 45.61.184.204 port 45164 [preauth]","@timestamp":"2022-09-08T19:09:18.273Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:09:20 honeypot-ams-1 sshd[1883]: Invalid user hadoop from 35.205.118.1 port 42317","@timestamp":"2022-09-08T19:09:21.143Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 19:12:46 honeypot-ams-1 kernel: [83540953.808380] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.203.62.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=28274 PROTO=TCP SPT=57893 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:12:46.233Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:13:14 honeypot-fra-1 sshd[24907]: Invalid user jody from 165.22.45.108 port 55716","@timestamp":"2022-09-08T19:13:15.361Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T19:15:08.889Z","@version":"1","message":"Sep  8 19:15:08 honeypot-sgp-1 sshd[31309]: Disconnected from authenticating user root 221.212.204.26 port 50694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:06.915Z","@version":"1","message":"Sep  8 19:16:06 honeypot-sgp-1 sshd[31315]: Invalid user user from 45.61.186.49 port 46296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:11.917Z","@version":"1","message":"Sep  8 19:16:11 honeypot-sgp-1 sshd[31319]: Invalid user user from 45.61.186.49 port 52056","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:21.923Z","@version":"1","message":"Sep  8 19:16:21 honeypot-sgp-1 sshd[31323]: Invalid user user from 45.61.186.49 port 35392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:32.929Z","@version":"1","message":"Sep  8 19:16:31 honeypot-sgp-1 sshd[31327]: Invalid user user from 198.98.61.9 port 35824","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:46.935Z","@version":"1","message":"Sep  8 19:16:46 honeypot-sgp-1 sshd[31331]: Invalid user user from 198.98.61.9 port 58338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:17:01 honeypot-fra-1 CRON[24911]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T19:17:01.448Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T19:17:01.943Z","@version":"1","message":"Sep  8 19:17:01 honeypot-sgp-1 CRON[31335]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:22:33 honeypot-ams-1 sshd[1963]: Received disconnect from 92.255.85.69 port 41748:11: Bye Bye [preauth]","@timestamp":"2022-09-08T19:22:33.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:29:12 honeypot-fra-1 sshd[24920]: Received disconnect from 92.255.85.70 port 26130:11: Bye Bye [preauth]","@timestamp":"2022-09-08T19:29:13.719Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:36:18 honeypot-fra-1 sshd[24923]: Disconnected from invalid user joe 165.22.45.108 port 60520 [preauth]","@timestamp":"2022-09-08T19:36:18.876Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T19:42:44.532Z","@version":"1","message":"Sep  8 19:42:44 honeypot-sgp-1 kernel: [83542280.946325] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=7078 PROTO=TCP SPT=46133 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 19:43:14 honeypot-ams-1 kernel: [83542782.318443] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=828 PROTO=TCP SPT=46438 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:43:15.010Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:51:10 honeypot-fra-1 sshd[24927]: Disconnected from authenticating user root 92.255.85.69 port 18858 [preauth]","@timestamp":"2022-09-08T19:51:11.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:59:16 honeypot-fra-1 sshd[24932]: Disconnected from invalid user joe 165.22.45.108 port 37118 [preauth]","@timestamp":"2022-09-08T19:59:16.386Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:03:45 honeypot-ams-1 sshd[1992]: Received disconnect from 45.61.184.204 port 38954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:03:45.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:04:04 honeypot-ams-1 sshd[1996]: Received disconnect from 45.61.184.204 port 33812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:04:04.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:04:22 honeypot-ams-1 sshd[2000]: Received disconnect from 45.61.184.204 port 56908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:04:22.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:04:39 honeypot-ams-1 sshd[2004]: Received disconnect from 45.61.184.204 port 51744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:04:40.562Z"}
{"@timestamp":"2022-09-08T20:05:25.054Z","@version":"1","message":"Sep  8 20:05:24 honeypot-sgp-1 kernel: [83543641.194281] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=46190 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:06:53 honeypot-ams-1 kernel: [83544201.498186] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.191.53.157 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=46942 DF PROTO=TCP SPT=53606 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:06:54.624Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:09:15 honeypot-fra-1 sshd[24940]: Received disconnect from 13.125.155.88 port 42530:11: Bye Bye [preauth]","@timestamp":"2022-09-08T20:09:16.611Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:12:35 honeypot-ams-1 sshd[2012]: Disconnected from invalid user user 45.61.186.49 port 57516 [preauth]","@timestamp":"2022-09-08T20:12:35.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:12:45 honeypot-ams-1 sshd[2016]: Disconnected from invalid user user 45.61.186.49 port 40318 [preauth]","@timestamp":"2022-09-08T20:12:45.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:12:52 honeypot-fra-1 kernel: [83542411.759823] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46912 PROTO=TCP SPT=47960 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:12:53.692Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T20:14:11.259Z","@version":"1","message":"Sep  8 20:14:10 honeypot-sgp-1 kernel: [83544167.623893] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37166 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:16:28 honeypot-ams-1 sshd[2023]: Received disconnect from 64.225.43.245 port 40708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:16:28.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:17:01 honeypot-fra-1 CRON[24947]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T20:17:01.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:17:44 honeypot-ams-1 kernel: [83544851.904933] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48668 PROTO=TCP SPT=48032 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:17:44.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:18:44 honeypot-ams-1 sshd[2034]: Disconnected from authenticating user root 64.225.43.245 port 53074 [preauth]","@timestamp":"2022-09-08T20:18:45.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:21:05 honeypot-ams-1 sshd[2041]: Disconnected from authenticating user root 64.225.43.245 port 37204 [preauth]","@timestamp":"2022-09-08T20:21:06.008Z"}
{"@timestamp":"2022-09-08T20:21:49.439Z","@version":"1","message":"Sep  8 20:21:49 honeypot-sgp-1 kernel: [83544625.879341] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.29.101 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=4677 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:21:55 honeypot-fra-1 kernel: [83542953.975850] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=38849 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:21:55.915Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:23:25 honeypot-ams-1 sshd[2047]: Disconnected from authenticating user root 64.225.43.245 port 49576 [preauth]","@timestamp":"2022-09-08T20:23:26.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:24:54 honeypot-fra-1 kernel: [83543133.627872] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.130 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=38626 PROTO=TCP SPT=18580 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:24:54.985Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:25:43 honeypot-ams-1 sshd[2053]: Invalid user dev from 64.225.43.245 port 33710","@timestamp":"2022-09-08T20:25:44.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:27:17 honeypot-ams-1 sshd[2058]: Invalid user schoosoft from 64.225.43.245 port 60776","@timestamp":"2022-09-08T20:27:18.175Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:28:39 honeypot-ams-1 kernel: [83545507.367788] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=15844 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:28:40.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:29:43 honeypot-ams-1 sshd[2066]: Received disconnect from 64.225.43.245 port 44912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:29:44.242Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:31:05 honeypot-fra-1 kernel: [83543504.647045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=34902 PROTO=TCP SPT=49006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:31:06.125Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:31:16 honeypot-ams-1 sshd[2070]: Invalid user samson from 64.225.43.245 port 43748","@timestamp":"2022-09-08T20:31:17.286Z"}
{"@timestamp":"2022-09-08T20:31:20.665Z","@version":"1","message":"Sep  8 20:31:20 honeypot-sgp-1 sshd[31360]: Invalid user Joshua from 188.166.252.132 port 46908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:32:22 honeypot-ams-1 kernel: [83545730.439040] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.87 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=23735 PROTO=TCP SPT=46805 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:32:23.316Z"}
{"@timestamp":"2022-09-08T20:32:33.695Z","@version":"1","message":"Sep  8 20:32:33 honeypot-sgp-1 sshd[31363]: Disconnected from invalid user cz 178.128.114.244 port 60654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:34:25 honeypot-ams-1 sshd[2079]: Received disconnect from 64.225.43.245 port 41418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:34:25.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:35:59 honeypot-ams-1 sshd[2083]: Invalid user gbadebo from 64.225.43.245 port 40250","@timestamp":"2022-09-08T20:35:59.416Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:36:14 honeypot-ams-1 kernel: [83545962.328957] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:36:15.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:38:20 honeypot-ams-1 sshd[2092]: Invalid user sandbox from 64.225.43.245 port 52618","@timestamp":"2022-09-08T20:38:21.481Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:39:17 honeypot-fra-1 sshd[25040]: Invalid user hugo from 119.202.72.87 port 24460","@timestamp":"2022-09-08T20:39:17.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:40:00 honeypot-ams-1 sshd[2096]: Invalid user dev from 64.225.43.245 port 51448","@timestamp":"2022-09-08T20:40:00.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:41:39 honeypot-ams-1 sshd[2100]: Received disconnect from 64.225.43.245 port 50280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:41:39.568Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:45:22 honeypot-fra-1 sshd[25045]: Received disconnect from 165.22.45.108 port 46742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:45:22.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T20:46:57.030Z","@version":"1","message":"Sep  8 20:46:56 honeypot-sgp-1 sshd[31371]: Invalid user sysman from 103.188.176.251 port 56426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T20:49:50.099Z","@version":"1","message":"Sep  8 20:49:49 honeypot-sgp-1 kernel: [83546306.532075] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=23522 DF PROTO=TCP SPT=60990 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:51:49 honeypot-ams-1 sshd[2106]: Invalid user admin from 92.255.85.69 port 16780","@timestamp":"2022-09-08T20:51:49.830Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:58:52 honeypot-fra-1 sshd[25049]: Received disconnect from 92.255.85.69 port 19758:11: Bye Bye [preauth]","@timestamp":"2022-09-08T20:58:52.762Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:59:51 honeypot-ams-1 sshd[2110]: Invalid user user from 198.98.61.9 port 45032","@timestamp":"2022-09-08T20:59:52.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:10 honeypot-ams-1 sshd[2114]: Invalid user user from 198.98.61.9 port 42460","@timestamp":"2022-09-08T21:00:11.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:33 honeypot-ams-1 sshd[2118]: Invalid user user from 198.98.61.9 port 39880","@timestamp":"2022-09-08T21:00:34.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:54 honeypot-ams-1 sshd[2122]: Invalid user user from 198.98.61.9 port 37294","@timestamp":"2022-09-08T21:00:55.077Z"}
{"@timestamp":"2022-09-08T21:02:14.381Z","@version":"1","message":"Sep  8 21:02:13 honeypot-sgp-1 sshd[31375]: Disconnected from invalid user admin 92.255.85.69 port 37158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:04:19 honeypot-fra-1 kernel: [83545498.635274] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16747 PROTO=TCP SPT=50803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:04:19.892Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:08:05 honeypot-ams-1 sshd[2126]: Connection closed by invalid user lgy 137.116.144.39 port 54102 [preauth]","@timestamp":"2022-09-08T21:08:06.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:16:38 honeypot-ams-1 sshd[2134]: Connection closed by 180.76.173.237 port 57834 [preauth]","@timestamp":"2022-09-08T21:16:39.484Z"}
{"@timestamp":"2022-09-08T21:17:01.738Z","@version":"1","message":"Sep  8 21:17:01 honeypot-sgp-1 CRON[31380]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:17:01 honeypot-fra-1 CRON[25058]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T21:17:02.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:17:19 honeypot-ams-1 sshd[2141]: Connection closed by invalid user pi 70.44.38.158 port 57434 [preauth]","@timestamp":"2022-09-08T21:17:20.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:18:19 honeypot-ams-1 sshd[2146]: Disconnected from authenticating user root 41.93.33.2 port 52926 [preauth]","@timestamp":"2022-09-08T21:18:20.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:18:47 honeypot-ams-1 sshd[2152]: Received disconnect from 42.200.78.78 port 58338:11: Bye Bye [preauth]","@timestamp":"2022-09-08T21:18:47.547Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:19:36 honeypot-ams-1 sshd[2157]: Disconnected from invalid user sumainet 162.19.25.127 port 51284 [preauth]","@timestamp":"2022-09-08T21:19:36.569Z"}
{"@timestamp":"2022-09-08T21:20:36.820Z","@version":"1","message":"Sep  8 21:20:36 honeypot-sgp-1 sshd[31387]: Received disconnect from 141.255.162.226 port 60090:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:20:40.822Z","@version":"1","message":"Sep  8 21:20:40 honeypot-sgp-1 sshd[31391]: Received disconnect from 141.255.162.226 port 52792:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:20:41.822Z","@version":"1","message":"Sep  8 21:20:41 honeypot-sgp-1 sshd[31395]: Received disconnect from 141.255.162.226 port 59774:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:23:18 honeypot-ams-1 sshd[2161]: Received disconnect from 103.214.112.199 port 57660:11: Bye Bye [preauth]","@timestamp":"2022-09-08T21:23:18.666Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:23:34 honeypot-fra-1 kernel: [83546653.416417] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=9643 PROTO=TCP SPT=54201 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:23:35.350Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T21:23:48.893Z","@version":"1","message":"Sep  8 21:23:48 honeypot-sgp-1 sshd[31402]: Disconnected from authenticating user root 92.255.85.70 port 54762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:24:45 honeypot-ams-1 sshd[2166]: Received disconnect from 186.10.125.209 port 24405:11: Bye Bye [preauth]","@timestamp":"2022-09-08T21:24:46.707Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:31:33 honeypot-fra-1 sshd[25067]: Received disconnect from 165.22.45.108 port 56396:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T21:31:34.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T21:38:00.211Z","@version":"1","message":"Sep  8 21:38:00 honeypot-sgp-1 sshd[31409]: Invalid user user from 198.98.61.9 port 40078","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:17.219Z","@version":"1","message":"Sep  8 21:38:16 honeypot-sgp-1 sshd[31413]: Invalid user user from 198.98.61.9 port 33096","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:31.226Z","@version":"1","message":"Sep  8 21:38:31 honeypot-sgp-1 sshd[31417]: Invalid user user from 198.98.61.9 port 54344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:43.232Z","@version":"1","message":"Sep  8 21:38:42 honeypot-sgp-1 sshd[31419]: Disconnected from invalid user user 198.98.61.9 port 36736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:45:47.392Z","@version":"1","message":"Sep  8 21:45:46 honeypot-sgp-1 sshd[31424]: Disconnected from authenticating user root 92.255.85.69 port 24216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:46:44 honeypot-fra-1 sshd[25073]: Invalid user admin from 162.19.25.127 port 40346","@timestamp":"2022-09-08T21:46:44.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:09 honeypot-fra-1 sshd[25076]: Disconnected from invalid user user 141.255.162.226 port 33116 [preauth]","@timestamp":"2022-09-08T21:48:09.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:12 honeypot-fra-1 sshd[25080]: Disconnected from invalid user user 141.255.162.226 port 40292 [preauth]","@timestamp":"2022-09-08T21:48:12.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:13 honeypot-fra-1 sshd[25084]: Disconnected from invalid user user 141.255.162.226 port 33612 [preauth]","@timestamp":"2022-09-08T21:48:14.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:18 honeypot-fra-1 sshd[25088]: Disconnected from invalid user user 141.255.162.226 port 40790 [preauth]","@timestamp":"2022-09-08T21:48:18.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25102]: Invalid user git from 51.79.254.140 port 37728","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25096]: Invalid user ec2-user from 51.79.254.140 port 37444","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25094]: Invalid user centos from 51.79.254.140 port 37594","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25117]: Invalid user webadmin from 51.79.254.140 port 37686","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25121]: Invalid user test from 51.79.254.140 port 37642","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25106]: Connection closed by invalid user elasticsearch 51.79.254.140 port 37434 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25100]: Connection closed by invalid user oracle 51.79.254.140 port 37404 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25108]: Invalid user vagrant from 51.79.254.140 port 37396","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25117]: Connection closed by invalid user webadmin 51.79.254.140 port 37686 [preauth]","@timestamp":"2022-09-08T21:49:07.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25107]: Connection closed by invalid user elasticsearch 51.79.254.140 port 37658 [preauth]","@timestamp":"2022-09-08T21:49:07.918Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:51:15 honeypot-ams-1 sshd[2178]: Invalid user klement from 190.156.231.245 port 34620","@timestamp":"2022-09-08T21:51:16.382Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:52:20 honeypot-fra-1 sshd[25154]: Disconnected from authenticating user root 62.204.41.222 port 25037 [preauth]","@timestamp":"2022-09-08T21:52:20.989Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:55:53 honeypot-ams-1 sshd[2182]: Invalid user oi from 154.72.194.207 port 48088","@timestamp":"2022-09-08T21:55:54.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:58:02 honeypot-ams-1 sshd[2185]: Disconnected from authenticating user root 92.255.85.69 port 43110 [preauth]","@timestamp":"2022-09-08T21:58:02.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:01:05 honeypot-fra-1 kernel: [83548904.502222] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=37.139.129.11 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34501 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T22:01:06.189Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:08:29 honeypot-ams-1 sshd[2191]: Invalid user user from 198.98.61.9 port 44208","@timestamp":"2022-09-08T22:08:29.822Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 22:08:44 honeypot-ams-1 kernel: [83551511.753470] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=256 PROTO=TCP SPT=39580 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T22:08:44.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:08:51 honeypot-ams-1 sshd[2197]: Disconnected from invalid user user 198.98.61.9 port 48430 [preauth]","@timestamp":"2022-09-08T22:08:51.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:09:10 honeypot-ams-1 sshd[2201]: Disconnected from invalid user user 198.98.61.9 port 41870 [preauth]","@timestamp":"2022-09-08T22:09:10.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:15:06 honeypot-fra-1 sshd[25165]: Connection closed by invalid user Admin 95.76.220.209 port 46889 [preauth]","@timestamp":"2022-09-08T22:15:06.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:20:05 honeypot-fra-1 sshd[25171]: Disconnected from invalid user joe 165.22.45.108 port 37862 [preauth]","@timestamp":"2022-09-08T22:20:06.621Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T22:20:47.187Z","@version":"1","message":"Sep  8 22:20:47 honeypot-sgp-1 kernel: [83551763.794613] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=116.62.111.9 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=63443 DF PROTO=TCP SPT=49952 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:22:51 honeypot-ams-1 sshd[2210]: Received disconnect from 165.22.60.53 port 37832:11: Bye Bye [preauth]","@timestamp":"2022-09-08T22:22:52.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:25:39 honeypot-ams-1 sshd[2214]: Received disconnect from 190.56.224.166 port 40494:11: Bye Bye [preauth]","@timestamp":"2022-09-08T22:25:39.266Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:30:10 honeypot-ams-1 sshd[2221]: Received disconnect from 62.204.41.222 port 17351:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-08T22:30:10.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:33:40 honeypot-fra-1 kernel: [83550859.262330] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.240.118.77 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=16674 PROTO=TCP SPT=45536 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T22:33:40.917Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T22:36:00.548Z","@version":"1","message":"Sep  8 22:35:59 honeypot-sgp-1 sshd[31436]: Disconnected from invalid user clint 103.91.123.150 port 47636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:38:32 honeypot-fra-1 sshd[25183]: Invalid user user from 45.61.184.204 port 36618","@timestamp":"2022-09-08T22:38:33.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:38:53 honeypot-fra-1 sshd[25187]: Invalid user user from 45.61.184.204 port 59990","@timestamp":"2022-09-08T22:38:54.039Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:02 honeypot-ams-1 sshd[2224]: Invalid user admin from 193.106.191.157 port 52810","@timestamp":"2022-09-08T22:39:02.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:39:10 honeypot-fra-1 sshd[25191]: Invalid user user from 45.61.184.204 port 55142","@timestamp":"2022-09-08T22:39:11.047Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:39:27 honeypot-fra-1 sshd[25195]: Invalid user user from 45.61.184.204 port 50270","@timestamp":"2022-09-08T22:39:28.055Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:44 honeypot-ams-1 sshd[2227]: Disconnected from invalid user user 141.255.162.226 port 33842 [preauth]","@timestamp":"2022-09-08T22:39:44.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:46 honeypot-ams-1 sshd[2231]: Disconnected from invalid user user 141.255.162.226 port 54690 [preauth]","@timestamp":"2022-09-08T22:39:47.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:50 honeypot-ams-1 sshd[2235]: Disconnected from invalid user user 141.255.162.226 port 56016 [preauth]","@timestamp":"2022-09-08T22:39:50.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:51 honeypot-ams-1 sshd[2239]: Disconnected from invalid user user 141.255.162.226 port 41232 [preauth]","@timestamp":"2022-09-08T22:39:52.640Z"}
{"@timestamp":"2022-09-08T22:40:37.652Z","@version":"1","message":"Sep  8 22:40:37 honeypot-sgp-1 kernel: [83552953.704469] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.25.152.20 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=51715 PROTO=TCP SPT=58160 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:44:50 honeypot-ams-1 sshd[2244]: Disconnected from authenticating user root 92.255.85.69 port 38078 [preauth]","@timestamp":"2022-09-08T22:44:50.771Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:51:58 honeypot-fra-1 sshd[25201]: Received disconnect from 92.255.85.70 port 56244:11: Bye Bye [preauth]","@timestamp":"2022-09-08T22:51:59.328Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T22:57:13.029Z","@version":"1","message":"Sep  8 22:57:12 honeypot-sgp-1 kernel: [83553949.000413] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=61298 PROTO=TCP SPT=45596 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 23:02:47 honeypot-ams-1 kernel: [83554754.669273] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61886 PROTO=TCP SPT=37454 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:02:47.230Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:05:09 honeypot-fra-1 sshd[25207]: Bad protocol version identification '\\003' from 193.46.254.38 port 63378","@timestamp":"2022-09-08T23:05:09.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:03 honeypot-ams-1 sshd[2259]: Invalid user user from 45.61.184.204 port 38196","@timestamp":"2022-09-08T23:08:04.368Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 23:08:15 honeypot-ams-1 kernel: [83555082.615270] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.178.239.124 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=53575 DF PROTO=TCP SPT=11910 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:08:15.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:34 honeypot-ams-1 sshd[2265]: Disconnected from invalid user user 45.61.184.204 port 44206 [preauth]","@timestamp":"2022-09-08T23:08:35.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:52 honeypot-ams-1 sshd[2269]: Disconnected from invalid user user 45.61.184.204 port 38798 [preauth]","@timestamp":"2022-09-08T23:08:53.394Z"}
{"@timestamp":"2022-09-08T23:15:29.443Z","@version":"1","message":"Sep  8 23:15:29 honeypot-sgp-1 sshd[31449]: Received disconnect from 20.214.205.109 port 52720:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:15:37 honeypot-fra-1 sshd[25211]: Disconnected from authenticating user root 92.255.85.70 port 34570 [preauth]","@timestamp":"2022-09-08T23:15:37.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:17:01 honeypot-ams-1 CRON[2274]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T23:17:01.599Z"}
{"@timestamp":"2022-09-08T23:18:07.504Z","@version":"1","message":"Sep  8 23:18:07 honeypot-sgp-1 sshd[31456]: Invalid user admin from 31.184.198.71 port 39833","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:18:33.517Z","@version":"1","message":"Sep  8 23:18:33 honeypot-sgp-1 sshd[31462]: Invalid user admin from 31.184.198.71 port 9990","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:18:51.526Z","@version":"1","message":"Sep  8 23:18:50 honeypot-sgp-1 sshd[31466]: Invalid user admin from 31.184.198.71 port 3461","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:19:14.538Z","@version":"1","message":"Sep  8 23:19:14 honeypot-sgp-1 sshd[31474]: Invalid user manager from 31.184.198.71 port 36381","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:19:41.551Z","@version":"1","message":"Sep  8 23:19:40 honeypot-sgp-1 sshd[31480]: Disconnecting invalid user 1234 31.184.198.71 port 20694: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:20:03.562Z","@version":"1","message":"Sep  8 23:20:02 honeypot-sgp-1 sshd[31486]: Disconnecting invalid user  31.184.198.71 port 49346: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:20:35.577Z","@version":"1","message":"Sep  8 23:20:34 honeypot-sgp-1 sshd[31495]: Invalid user blank from 31.184.198.71 port 8661","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:20:57 honeypot-ams-1 sshd[2280]: Received disconnect from 223.26.28.178 port 52584:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:20:57.703Z"}
{"@timestamp":"2022-09-08T23:21:02.590Z","@version":"1","message":"Sep  8 23:21:01 honeypot-sgp-1 sshd[31501]: Invalid user 1234 from 31.184.198.71 port 1895","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:21:27.602Z","@version":"1","message":"Sep  8 23:21:27 honeypot-sgp-1 sshd[31507]: Disconnecting invalid user Cisco 31.184.198.71 port 40907: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:21:41.608Z","@version":"1","message":"Sep  8 23:21:40 honeypot-sgp-1 sshd[31511]: Disconnecting invalid user admin 31.184.198.71 port 59490: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:22:11.622Z","@version":"1","message":"Sep  8 23:22:10 honeypot-sgp-1 sshd[31521]: Invalid user  from 31.184.198.71 port 64142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:22:38.636Z","@version":"1","message":"Sep  8 23:22:37 honeypot-sgp-1 sshd[31527]: Invalid user admin from 31.184.198.71 port 49076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:23:04.648Z","@version":"1","message":"Sep  8 23:23:03 honeypot-sgp-1 sshd[31533]: Invalid user  from 31.184.198.71 port 29675","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:23:11 honeypot-ams-1 sshd[2284]: Received disconnect from 223.255.187.154 port 10874:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:23:11.764Z"}
{"@timestamp":"2022-09-08T23:23:27.660Z","@version":"1","message":"Sep  8 23:23:27 honeypot-sgp-1 sshd[31539]: Disconnecting invalid user admin 31.184.198.71 port 49227: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:23:57.675Z","@version":"1","message":"Sep  8 23:23:57 honeypot-sgp-1 sshd[31545]: Disconnecting invalid user cusadmin 31.184.198.71 port 60127: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:24:13.683Z","@version":"1","message":"Sep  8 23:24:13 honeypot-sgp-1 sshd[31551]: Connection closed by invalid user admin 221.158.195.111 port 37574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:24:34.692Z","@version":"1","message":"Sep  8 23:24:34 honeypot-sgp-1 sshd[31557]: Disconnecting invalid user comcast 31.184.198.71 port 5544: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:24:56 honeypot-fra-1 kernel: [83553934.623308] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.123.198.153 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64480 PROTO=TCP SPT=51385 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:24:57.064Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T23:25:00.705Z","@version":"1","message":"Sep  8 23:24:59 honeypot-sgp-1 sshd[31563]: Disconnecting invalid user admin1234 31.184.198.71 port 51410: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:25:26.717Z","@version":"1","message":"Sep  8 23:25:26 honeypot-sgp-1 sshd[31570]: Disconnecting invalid user admin 31.184.198.71 port 54322: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:25:51.730Z","@version":"1","message":"Sep  8 23:25:51 honeypot-sgp-1 sshd[31578]: Invalid user blank from 31.184.198.71 port 55130","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:26:13 honeypot-ams-1 sshd[2289]: Received disconnect from 175.212.89.108 port 60593:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:26:13.844Z"}
{"@timestamp":"2022-09-08T23:26:20.744Z","@version":"1","message":"Sep  8 23:26:20 honeypot-sgp-1 sshd[31585]: Disconnecting invalid user airlive 31.184.198.71 port 14892: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:26:42 honeypot-ams-1 sshd[2293]: Disconnected from invalid user web 62.84.125.211 port 45088 [preauth]","@timestamp":"2022-09-08T23:26:42.859Z"}
{"@timestamp":"2022-09-08T23:26:43.755Z","@version":"1","message":"Sep  8 23:26:43 honeypot-sgp-1 sshd[31591]: Disconnecting invalid user roqos 31.184.198.71 port 48825: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:27:00.764Z","@version":"1","message":"Sep  8 23:27:00 honeypot-sgp-1 sshd[31596]: Disconnecting invalid user Shiko 31.184.198.71 port 2790: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:27:26.776Z","@version":"1","message":"Sep  8 23:27:26 honeypot-sgp-1 sshd[31603]: Disconnecting invalid user smcadmin 31.184.198.71 port 8438: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:27:57.791Z","@version":"1","message":"Sep  8 23:27:57 honeypot-sgp-1 sshd[31610]: Disconnecting invalid user highspeed 31.184.198.71 port 53846: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:28:23.803Z","@version":"1","message":"Sep  8 23:28:22 honeypot-sgp-1 sshd[31616]: Disconnecting invalid user  31.184.198.71 port 61651: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:28:58.820Z","@version":"1","message":"Sep  8 23:28:58 honeypot-sgp-1 sshd[31622]: Disconnecting invalid user public 31.184.198.71 port 55982: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:29:35.837Z","@version":"1","message":"Sep  8 23:29:34 honeypot-sgp-1 sshd[31628]: Disconnecting authenticating user root 31.184.198.71 port 8231: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:30:11.854Z","@version":"1","message":"Sep  8 23:30:11 honeypot-sgp-1 sshd[31635]: Disconnecting invalid user amdin 31.184.198.71 port 8251: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:30:42.870Z","@version":"1","message":"Sep  8 23:30:42 honeypot-sgp-1 sshd[31642]: Invalid user admin from 31.184.198.71 port 10048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:31:03 honeypot-ams-1 sshd[2297]: Disconnected from invalid user claudia 180.168.95.234 port 46780 [preauth]","@timestamp":"2022-09-08T23:31:03.972Z"}
{"@timestamp":"2022-09-08T23:31:07.881Z","@version":"1","message":"Sep  8 23:31:07 honeypot-sgp-1 sshd[31648]: Invalid user admin from 31.184.198.71 port 10467","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:31:35.895Z","@version":"1","message":"Sep  8 23:31:35 honeypot-sgp-1 sshd[31654]: Invalid user 1admin0 from 31.184.198.71 port 63290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:33:10 honeypot-fra-1 sshd[25219]: Received disconnect from 1.55.215.71 port 52412:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:33:10.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:39:00 honeypot-fra-1 sshd[25224]: Received disconnect from 92.255.85.69 port 19454:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:39:01.414Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 23:40:03 honeypot-ams-1 kernel: [83556991.363492] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=121 ID=5188 PROTO=TCP SPT=4164 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:40:04.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:43:23 honeypot-ams-1 sshd[2303]: Disconnected from invalid user sh 91.201.240.153 port 47708 [preauth]","@timestamp":"2022-09-08T23:43:24.289Z"}
{"@timestamp":"2022-09-08T23:45:49.220Z","@version":"1","message":"Sep  8 23:45:48 honeypot-sgp-1 sshd[31662]: Did not receive identification string from 45.61.186.169 port 48894","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:46:05 honeypot-fra-1 kernel: [83555203.684325] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=35740 PROTO=TCP SPT=47284 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:46:05.573Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T23:46:18.232Z","@version":"1","message":"Sep  8 23:46:17 honeypot-sgp-1 sshd[31665]: Disconnected from invalid user user 45.61.186.169 port 48128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:46:36.241Z","@version":"1","message":"Sep  8 23:46:35 honeypot-sgp-1 sshd[31669]: Disconnected from invalid user user 45.61.186.169 port 42728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:46:52.248Z","@version":"1","message":"Sep  8 23:46:52 honeypot-sgp-1 sshd[31673]: Disconnected from invalid user user 45.61.186.169 port 37352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:48:40 honeypot-fra-1 sshd[25233]: Disconnected from invalid user casillas 162.215.1.59 port 53666 [preauth]","@timestamp":"2022-09-08T23:48:41.632Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:52:38 honeypot-ams-1 sshd[2310]: Connection closed by 180.76.173.237 port 33226 [preauth]","@timestamp":"2022-09-08T23:52:39.528Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:04:53 honeypot-fra-1 sshd[25239]: Invalid user johan from 165.22.45.108 port 57406","@timestamp":"2022-09-09T00:04:54.010Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:04:57.661Z","@version":"1","message":"Sep  9 00:04:56 honeypot-sgp-1 sshd[31679]: Disconnected from authenticating user root 92.255.85.69 port 51670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 00:11:43 honeypot-ams-1 kernel: [83558891.212808] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.42 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=50952 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:11:44.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:17:01 honeypot-ams-1 CRON[2324]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T00:17:01.173Z"}
{"@timestamp":"2022-09-09T00:17:01.939Z","@version":"1","message":"Sep  9 00:17:01 honeypot-sgp-1 CRON[31683]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:17:01 honeypot-fra-1 CRON[25246]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T00:17:02.284Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:25:41 honeypot-fra-1 sshd[25256]: Received disconnect from 165.22.42.39 port 34528:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:25:42.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:27:42 honeypot-fra-1 sshd[25263]: Received disconnect from 165.22.42.39 port 33360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:27:42.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:27:51 honeypot-fra-1 sshd[25267]: Connection closed by invalid user admin 128.199.10.193 port 36538 [preauth]","@timestamp":"2022-09-09T00:27:51.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:27:54 honeypot-fra-1 sshd[25273]: Connection closed by invalid user admin 128.199.10.193 port 36564 [preauth]","@timestamp":"2022-09-09T00:27:55.571Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:28:15.222Z","@version":"1","message":"Sep  9 00:28:14 honeypot-sgp-1 sshd[31691]: Received disconnect from 92.255.85.69 port 27318:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:29:11 honeypot-fra-1 kernel: [83557789.707992] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.243.97.39 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=23492 PROTO=TCP SPT=56651 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:29:11.604Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:31:13 honeypot-fra-1 sshd[25285]: Invalid user john from 165.22.45.108 port 34084","@timestamp":"2022-09-09T00:31:13.653Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:32:28 honeypot-fra-1 sshd[25290]: Disconnected from authenticating user root 165.22.42.39 port 44576 [preauth]","@timestamp":"2022-09-09T00:32:29.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:35:26 honeypot-fra-1 sshd[25296]: Received disconnect from 165.22.42.39 port 56948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:35:26.752Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 00:35:38 honeypot-ams-1 kernel: [83560325.714153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=121.237.60.156 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32679 DF PROTO=TCP SPT=2949 DPT=80 WINDOW=5808 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:35:38.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:37:20 honeypot-fra-1 sshd[25301]: Disconnected from invalid user dev 165.22.42.39 port 55794 [preauth]","@timestamp":"2022-09-09T00:37:20.797Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:37:35.437Z","@version":"1","message":"Sep  9 00:37:34 honeypot-sgp-1 kernel: [83559971.159839] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.242.9.34 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=20544 DF PROTO=TCP SPT=53843 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:16 honeypot-fra-1 sshd[25306]: Received disconnect from 165.22.42.39 port 54626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:39:16.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:30 honeypot-fra-1 sshd[25310]: Received disconnect from 198.98.61.9 port 34074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:39:30.849Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:47 honeypot-fra-1 sshd[25314]: Received disconnect from 198.98.61.9 port 56698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:39:47.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:40:03 honeypot-fra-1 sshd[25318]: Received disconnect from 198.98.61.9 port 51060:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:40:03.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:40:11 honeypot-fra-1 sshd[25322]: Received disconnect from 198.98.61.9 port 34122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:40:11.869Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:40:17.498Z","@version":"1","message":"Sep  9 00:40:17 honeypot-sgp-1 sshd[31698]: Disconnected from invalid user clock 52.139.183.239 port 42564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:41:24 honeypot-ams-1 sshd[2337]: Received disconnect from 92.255.85.69 port 45160:11: Bye Bye [preauth]","@timestamp":"2022-09-09T00:41:24.825Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:42:05 honeypot-fra-1 sshd[25327]: Disconnected from authenticating user root 165.22.42.39 port 38800 [preauth]","@timestamp":"2022-09-09T00:42:05.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:43:13.586Z","@version":"1","message":"Sep  9 00:43:12 honeypot-sgp-1 sshd[31703]: Connection closed by invalid user admin 128.199.160.207 port 55992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T00:43:13.586Z","@version":"1","message":"Sep  9 00:43:12 honeypot-sgp-1 sshd[31709]: Connection closed by invalid user admin 128.199.160.207 port 56008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:43:57 honeypot-fra-1 sshd[25331]: Invalid user samson from 165.22.42.39 port 37634","@timestamp":"2022-09-09T00:43:57.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:44:50 honeypot-fra-1 sshd[25333]: Received disconnect from 165.22.42.39 port 51168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:44:50.982Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:46:41 honeypot-fra-1 sshd[25337]: Disconnected from invalid user plandevac 165.22.42.39 port 50004 [preauth]","@timestamp":"2022-09-09T00:46:42.024Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:48:32 honeypot-fra-1 sshd[25344]: Received disconnect from 165.22.42.39 port 48836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:48:33.069Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:49:22.730Z","@version":"1","message":"Sep  9 00:49:22 honeypot-sgp-1 kernel: [83560678.884224] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=61712 PROTO=TCP SPT=58860 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:50:26 honeypot-fra-1 sshd[25348]: Received disconnect from 165.22.42.39 port 47680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:50:27.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:52:18 honeypot-fra-1 sshd[25352]: Disconnected from invalid user sandbox 165.22.42.39 port 46510 [preauth]","@timestamp":"2022-09-09T00:52:19.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:54:14 honeypot-fra-1 sshd[25357]: Disconnected from invalid user dev 165.22.42.39 port 45342 [preauth]","@timestamp":"2022-09-09T00:54:15.202Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:56:15 honeypot-ams-1 sshd[2344]: Disconnected from authenticating user root 202.157.184.153 port 46042 [preauth]","@timestamp":"2022-09-09T00:56:16.214Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:57:04 honeypot-fra-1 sshd[25363]: Received disconnect from 165.22.42.39 port 57722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:57:05.267Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T01:02:58.044Z","@version":"1","message":"Sep  9 01:02:57 honeypot-sgp-1 kernel: [83561494.363991] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50545 PROTO=TCP SPT=27124 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 01:04:32 honeypot-ams-1 kernel: [83562060.003247] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.10 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16074 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:04:33.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:08:01 honeypot-ams-1 sshd[2355]: Invalid user romero from 177.73.2.57 port 38796","@timestamp":"2022-09-09T01:08:01.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:10:32 honeypot-fra-1 kernel: [83560270.507555] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=19776 PROTO=TCP SPT=45488 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:10:32.568Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:13:07 honeypot-fra-1 kernel: [83560426.080840] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.167 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=58638 PROTO=TCP SPT=53584 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:13:08.633Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T01:13:14.282Z","@version":"1","message":"Sep  9 01:13:14 honeypot-sgp-1 sshd[31723]: Disconnected from invalid user prasad 209.141.52.250 port 45382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:14:54 honeypot-fra-1 sshd[25375]: Received disconnect from 101.255.65.138 port 34798:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:14:55.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:16:05 honeypot-ams-1 sshd[2360]: Connection closed by 180.76.173.237 port 35176 [preauth]","@timestamp":"2022-09-09T01:16:05.736Z"}
{"@timestamp":"2022-09-09T01:17:02.375Z","@version":"1","message":"Sep  9 01:17:01 honeypot-sgp-1 CRON[31729]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 01:20:28 honeypot-ams-1 kernel: [83563015.890075] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=26389 PROTO=TCP SPT=41845 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:20:28.870Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:20:48 honeypot-fra-1 sshd[25382]: Disconnected from invalid user nana 185.74.6.58 port 55714 [preauth]","@timestamp":"2022-09-09T01:20:48.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25387]: Invalid user admin from 193.176.239.126 port 60758","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25405]: Invalid user git from 193.176.239.126 port 60744","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25407]: Invalid user es from 193.176.239.126 port 60738","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25396]: Invalid user pi from 193.176.239.126 port 60790","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25394]: Connection closed by authenticating user root 193.176.239.126 port 60780 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25393]: Connection closed by invalid user guest 193.176.239.126 port 60762 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25407]: Connection closed by invalid user es 193.176.239.126 port 60738 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25396]: Connection closed by invalid user pi 193.176.239.126 port 60790 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:23:58 honeypot-fra-1 sshd[25438]: Received disconnect from 165.22.45.108 port 43882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T01:23:58.881Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 01:32:17 honeypot-ams-1 kernel: [83563725.284039] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.108.102 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60227 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:32:18.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:35:08 honeypot-fra-1 sshd[25443]: Disconnected from authenticating user root 92.255.85.69 port 19700 [preauth]","@timestamp":"2022-09-09T01:35:09.134Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T01:40:51.924Z","@version":"1","message":"Sep  9 01:40:51 honeypot-sgp-1 sshd[31740]: Invalid user Admin from 74.194.51.45 port 53687","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:42:35 honeypot-fra-1 sshd[25448]: Received disconnect from 178.22.168.219 port 47830:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:42:36.302Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 01:43:59 honeypot-ams-1 kernel: [83564426.618818] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.125.205.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=22006 PROTO=TCP SPT=38085 DPT=80 WINDOW=19461 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:43:59.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:48:04 honeypot-fra-1 sshd[25455]: Received disconnect from 157.230.179.247 port 48506:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:48:05.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:50:28 honeypot-fra-1 kernel: [83562666.206631] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.42.105.14 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=117 ID=38455 DF PROTO=TCP SPT=38104 DPT=80 WINDOW=42340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:50:28.481Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:50:50 honeypot-ams-1 sshd[2380]: Received disconnect from 92.255.85.70 port 47398:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:50:50.670Z"}
{"@timestamp":"2022-09-09T01:51:33.182Z","@version":"1","message":"Sep  9 01:51:32 honeypot-sgp-1 sshd[31744]: Did not receive identification string from 45.61.186.249 port 54010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:15.201Z","@version":"1","message":"Sep  9 01:52:14 honeypot-sgp-1 sshd[31747]: Disconnected from invalid user user 45.61.186.249 port 33876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:33.211Z","@version":"1","message":"Sep  9 01:52:32 honeypot-sgp-1 sshd[31752]: Received disconnect from 45.61.186.249 port 56380:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:50.219Z","@version":"1","message":"Sep  9 01:52:49 honeypot-sgp-1 sshd[31756]: Received disconnect from 45.61.186.249 port 50650:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:56:20.304Z","@version":"1","message":"Sep  9 01:56:19 honeypot-sgp-1 sshd[31761]: Connection closed by authenticating user root 103.188.176.251 port 53754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:58:46 honeypot-fra-1 sshd[25460]: Disconnected from authenticating user root 92.255.85.69 port 39804 [preauth]","@timestamp":"2022-09-09T01:58:47.691Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:06:10 honeypot-ams-1 sshd[2384]: Disconnected from invalid user roberto 158.69.111.17 port 47430 [preauth]","@timestamp":"2022-09-09T02:06:11.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:17 honeypot-ams-1 sshd[2391]: Disconnected from invalid user user 198.98.61.9 port 34310 [preauth]","@timestamp":"2022-09-09T02:12:17.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:34 honeypot-ams-1 sshd[2395]: Disconnected from invalid user user 198.98.61.9 port 57020 [preauth]","@timestamp":"2022-09-09T02:12:35.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:49 honeypot-ams-1 sshd[2399]: Disconnected from invalid user user 198.98.61.9 port 51500 [preauth]","@timestamp":"2022-09-09T02:12:50.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:13:08 honeypot-ams-1 sshd[2403]: Disconnected from invalid user user 198.98.61.9 port 45966 [preauth]","@timestamp":"2022-09-09T02:13:09.257Z"}
{"@timestamp":"2022-09-09T02:13:54.734Z","@version":"1","message":"Sep  9 02:13:54 honeypot-sgp-1 sshd[32210]: Invalid user user from 45.61.186.49 port 58116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:14:07.741Z","@version":"1","message":"Sep  9 02:14:06 honeypot-sgp-1 sshd[32214]: Invalid user user from 45.61.186.49 port 41468","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:16:42 honeypot-fra-1 sshd[25464]: Invalid user john from 165.22.45.108 port 54358","@timestamp":"2022-09-09T02:16:43.093Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T02:17:01.813Z","@version":"1","message":"Sep  9 02:17:01 honeypot-sgp-1 CRON[32219]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 02:19:48 honeypot-ams-1 kernel: [83566576.241257] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=24276 PROTO=TCP SPT=45488 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:19:49.433Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:21:33 honeypot-fra-1 sshd[25471]: Disconnected from authenticating user root 92.255.85.69 port 17424 [preauth]","@timestamp":"2022-09-09T02:21:34.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T02:24:32.995Z","@version":"1","message":"Sep  9 02:24:32 honeypot-sgp-1 sshd[32225]: Disconnected from authenticating user root 92.255.85.69 port 45426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 02:35:06 honeypot-ams-1 kernel: [83567493.688637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=8050 DF PROTO=TCP SPT=45104 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:35:06.850Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:35:08 honeypot-fra-1 sshd[25479]: Received disconnect from 46.101.121.35 port 44286:11: Bye Bye [preauth]","@timestamp":"2022-09-09T02:35:09.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T02:37:32.308Z","@version":"1","message":"Sep  9 02:37:31 honeypot-sgp-1 sshd[32229]: Disconnected from invalid user sanjeev 163.177.9.152 port 58806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:11.327Z","@version":"1","message":"Sep  9 02:38:10 honeypot-sgp-1 sshd[32234]: Disconnected from invalid user user 198.98.61.9 port 55436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:26.334Z","@version":"1","message":"Sep  9 02:38:26 honeypot-sgp-1 sshd[32238]: Disconnected from invalid user user 198.98.61.9 port 49678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:40.340Z","@version":"1","message":"Sep  9 02:38:40 honeypot-sgp-1 sshd[32242]: Disconnected from invalid user user 198.98.61.9 port 43934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:54.347Z","@version":"1","message":"Sep  9 02:38:54 honeypot-sgp-1 sshd[32246]: Disconnected from invalid user user 198.98.61.9 port 38180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:39:00 honeypot-ams-1 sshd[2421]: Invalid user linuxtest from 20.122.67.76 port 55356","@timestamp":"2022-09-09T02:39:00.952Z"}
{"@timestamp":"2022-09-09T02:39:57.376Z","@version":"1","message":"Sep  9 02:39:56 honeypot-sgp-1 sshd[32252]: Invalid user maximiliano from 177.91.41.68 port 40117","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:42:51 honeypot-fra-1 kernel: [83565809.614779] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42642 PROTO=TCP SPT=51095 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:42:51.683Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:44:26 honeypot-ams-1 sshd[2426]: Received disconnect from 68.183.141.36 port 52714:11: Bye Bye [preauth]","@timestamp":"2022-09-09T02:44:27.101Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:44:36 honeypot-fra-1 sshd[25486]: Disconnected from authenticating user root 92.255.85.69 port 53084 [preauth]","@timestamp":"2022-09-09T02:44:36.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T02:47:37.563Z","@version":"1","message":"Sep  9 02:47:37 honeypot-sgp-1 sshd[32255]: Received disconnect from 92.255.85.69 port 59994:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:57:16 honeypot-ams-1 sshd[2432]: Invalid user o2 from 106.74.128.99 port 39062","@timestamp":"2022-09-09T02:57:16.451Z"}
{"@timestamp":"2022-09-09T02:57:22.796Z","@version":"1","message":"Sep  9 02:57:22 honeypot-sgp-1 kernel: [83568358.729220] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=174.138.61.44 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15212 PROTO=TCP SPT=46918 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:01:18 honeypot-ams-1 sshd[2438]: Received disconnect from 40.114.65.77 port 55534:11: Bye Bye [preauth]","@timestamp":"2022-09-09T03:01:18.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:02:11 honeypot-fra-1 sshd[25493]: Connection closed by authenticating user root 141.98.10.158 port 40968 [preauth]","@timestamp":"2022-09-09T03:02:12.119Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:02:52 honeypot-ams-1 sshd[2444]: Invalid user user from 45.61.186.49 port 36548","@timestamp":"2022-09-09T03:02:52.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:03:05 honeypot-ams-1 sshd[2448]: Invalid user user from 45.61.186.49 port 47696","@timestamp":"2022-09-09T03:03:05.607Z"}
{"@timestamp":"2022-09-09T03:04:17.963Z","@version":"1","message":"Sep  9 03:04:16 honeypot-sgp-1 kernel: [83568773.380493] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.52.126 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=26609 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:05:45 honeypot-fra-1 kernel: [83567183.365652] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=27221 PROTO=TCP SPT=40297 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:05:46.201Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:08:46 honeypot-ams-1 kernel: [83569514.417442] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:08:47.759Z"}
{"@timestamp":"2022-09-09T03:10:31.116Z","@version":"1","message":"Sep  9 03:10:30 honeypot-sgp-1 sshd[32267]: Disconnected from authenticating user root 92.255.85.70 port 36416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:11:01 honeypot-fra-1 kernel: [83567499.393757] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=30867 DF PROTO=TCP SPT=59668 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-09T03:11:02.322Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:12:24 honeypot-ams-1 sshd[2456]: Disconnected from authenticating user root 165.22.42.39 port 56106 [preauth]","@timestamp":"2022-09-09T03:12:24.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:15:34 honeypot-ams-1 sshd[2465]: Received disconnect from 165.22.42.39 port 40254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:15:34.939Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:16:31 honeypot-fra-1 kernel: [83567829.911641] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=38.132.109.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49471 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:16:32.444Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T03:16:41.265Z","@version":"1","message":"Sep  9 03:16:40 honeypot-sgp-1 sshd[32272]: Received disconnect from 147.182.169.252 port 38196:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:17:01 honeypot-ams-1 CRON[2469]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T03:17:01.980Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:19:09 honeypot-ams-1 sshd[2477]: Disconnected from authenticating user root 165.22.42.39 port 37924 [preauth]","@timestamp":"2022-09-09T03:19:10.036Z"}
{"@timestamp":"2022-09-09T03:19:23.333Z","@version":"1","message":"Sep  9 03:19:22 honeypot-sgp-1 sshd[32279]: Invalid user justin from 13.82.216.149 port 33664","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:21:04 honeypot-ams-1 sshd[2481]: Disconnected from authenticating user root 165.22.42.39 port 36776 [preauth]","@timestamp":"2022-09-09T03:21:04.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:23:04 honeypot-ams-1 sshd[2487]: Disconnected from authenticating user root 165.22.42.39 port 35606 [preauth]","@timestamp":"2022-09-09T03:23:04.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:24:52 honeypot-ams-1 sshd[2492]: Received disconnect from 165.22.42.39 port 34592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:24:53.194Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:25:47 honeypot-fra-1 kernel: [83568385.946056] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=55546 PROTO=TCP SPT=12486 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:25:48.652Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:26:16 honeypot-ams-1 kernel: [83570564.194543] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.221 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49850 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:26:17.233Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:27:50 honeypot-ams-1 sshd[2500]: Received disconnect from 165.22.42.39 port 46980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:27:50.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:29:41 honeypot-ams-1 sshd[2504]: Disconnected from invalid user dev 165.22.42.39 port 45826 [preauth]","@timestamp":"2022-09-09T03:29:42.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:30:39 honeypot-ams-1 sshd[2509]: Disconnected from invalid user laura 159.65.181.179 port 58994 [preauth]","@timestamp":"2022-09-09T03:30:39.353Z"}
{"@timestamp":"2022-09-09T03:33:00.657Z","@version":"1","message":"Sep  9 03:33:00 honeypot-sgp-1 kernel: [83570496.671100] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.174.70.181 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=123 ID=222 DF PROTO=TCP SPT=51986 DPT=80 WINDOW=65320 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:33:18 honeypot-ams-1 sshd[2515]: Invalid user plandevac from 165.22.42.39 port 43526","@timestamp":"2022-09-09T03:33:18.420Z"}
{"@timestamp":"2022-09-09T03:34:08.688Z","@version":"1","message":"Sep  9 03:34:08 honeypot-sgp-1 sshd[32285]: Disconnected from invalid user abby 52.151.24.212 port 37790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:34:26 honeypot-ams-1 kernel: [83571054.342680] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=118.73.85.101 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=35984 PROTO=TCP SPT=17499 DPT=443 WINDOW=26995 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:34:27.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:36:08 honeypot-ams-1 sshd[2523]: Disconnected from invalid user gbadebo 165.22.42.39 port 55906 [preauth]","@timestamp":"2022-09-09T03:36:09.510Z"}
{"@timestamp":"2022-09-09T03:38:09.787Z","@version":"1","message":"Sep  9 03:38:09 honeypot-sgp-1 sshd[32290]: Disconnected from 204.48.30.72 port 40758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:38:53 honeypot-ams-1 sshd[2529]: Invalid user sandbox from 165.22.42.39 port 40044","@timestamp":"2022-09-09T03:38:53.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:38:58 honeypot-fra-1 kernel: [83569176.273330] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.236 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55363 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:38:58.945Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:40:48 honeypot-ams-1 sshd[2533]: Invalid user dev from 165.22.42.39 port 38894","@timestamp":"2022-09-09T03:40:49.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:41:00 honeypot-fra-1 sshd[25525]: Invalid user zp from 167.172.253.42 port 49420","@timestamp":"2022-09-09T03:41:00.992Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:42:41 honeypot-ams-1 sshd[2538]: Received disconnect from 165.22.42.39 port 37730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:42:41.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:55 honeypot-fra-1 sshd[25528]: Did not receive identification string from 194.247.12.102 port 44566","@timestamp":"2022-09-09T03:43:56.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25532]: Invalid user mysql from 194.247.12.102 port 46412","@timestamp":"2022-09-09T03:43:57.065Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25541]: Invalid user www from 194.247.12.102 port 46446","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25532]: Connection closed by invalid user mysql 194.247.12.102 port 46412 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25536]: Connection closed by invalid user testuser 194.247.12.102 port 46434 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25545]: Connection closed by invalid user ubuntu 194.247.12.102 port 46458 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25546]: Connection closed by invalid user ftpuser 194.247.12.102 port 46396 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25555]: Invalid user testuser from 194.247.12.102 port 46436","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25554]: Connection closed by invalid user devops 194.247.12.102 port 46432 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25563]: Connection closed by authenticating user root 194.247.12.102 port 46394 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:43:57 honeypot-ams-1 sshd[2542]: Disconnected from authenticating user root 185.237.14.115 port 28004 [preauth]","@timestamp":"2022-09-09T03:43:58.716Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:47:51 honeypot-fra-1 kernel: [83569709.314547] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.215.168.206 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=53247 PROTO=TCP SPT=51590 DPT=80 WINDOW=1024 RES=0x00 RST URGP=0 ","@timestamp":"2022-09-09T03:47:52.157Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:49:37 honeypot-ams-1 sshd[2558]: Disconnected from invalid user takechi 134.209.212.125 port 59794 [preauth]","@timestamp":"2022-09-09T03:49:37.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:49:59 honeypot-fra-1 sshd[25590]: Disconnected from invalid user nagios 220.134.113.188 port 54944 [preauth]","@timestamp":"2022-09-09T03:50:00.206Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T03:54:08.170Z","@version":"1","message":"Sep  9 03:54:07 honeypot-sgp-1 sshd[32296]: Invalid user admin from 211.250.4.137 port 49542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:54:52 honeypot-fra-1 sshd[25596]: Received disconnect from 45.61.187.160 port 58422:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:54:53.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:54:53 honeypot-ams-1 sshd[2564]: Connection closed by 180.76.173.237 port 53028 [preauth]","@timestamp":"2022-09-09T03:54:53.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:13 honeypot-fra-1 sshd[25600]: Received disconnect from 45.61.187.160 port 53442:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:55:14.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:34 honeypot-fra-1 sshd[25604]: Received disconnect from 45.61.187.160 port 48472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:55:34.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:52 honeypot-fra-1 sshd[25608]: Received disconnect from 45.61.187.160 port 43498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:55:53.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:56:07 honeypot-ams-1 sshd[2566]: Connection closed by invalid user Admin 201.173.205.148 port 50099 [preauth]","@timestamp":"2022-09-09T03:56:08.033Z"}
{"@timestamp":"2022-09-09T03:59:27.300Z","@version":"1","message":"Sep  9 03:59:26 honeypot-sgp-1 sshd[32303]: Invalid user gill from 165.227.118.41 port 38878","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:03 honeypot-fra-1 sshd[25623]: Disconnected from invalid user user 141.255.162.226 port 52596 [preauth]","@timestamp":"2022-09-09T04:05:04.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:05 honeypot-fra-1 sshd[25627]: Disconnected from invalid user user 141.255.162.226 port 41096 [preauth]","@timestamp":"2022-09-09T04:05:06.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:09 honeypot-fra-1 sshd[25631]: Disconnected from invalid user user 141.255.162.226 port 57856 [preauth]","@timestamp":"2022-09-09T04:05:09.554Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:12 honeypot-fra-1 sshd[25635]: Disconnected from invalid user user 141.255.162.226 port 46384 [preauth]","@timestamp":"2022-09-09T04:05:13.556Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:06:23 honeypot-ams-1 sshd[2574]: Connection closed by 180.76.173.237 port 53302 [preauth]","@timestamp":"2022-09-09T04:06:23.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:09:38 honeypot-fra-1 sshd[25643]: Received disconnect from 34.100.234.1 port 60844:11: Bye Bye [preauth]","@timestamp":"2022-09-09T04:09:38.659Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T04:10:12.556Z","@version":"1","message":"Sep  9 04:10:12 honeypot-sgp-1 sshd[32306]: Received disconnect from 58.186.85.94 port 34744:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T04:14:25.659Z","@version":"1","message":"Sep  9 04:14:25 honeypot-sgp-1 sshd[32312]: Connection closed by invalid user  152.32.142.133 port 21868 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:15:50 honeypot-fra-1 sshd[25649]: Invalid user user from 45.61.184.204 port 55128","@timestamp":"2022-09-09T04:15:50.814Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:16:08 honeypot-fra-1 sshd[25653]: Invalid user user from 45.61.184.204 port 50166","@timestamp":"2022-09-09T04:16:09.823Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:16:27 honeypot-fra-1 sshd[25657]: Invalid user user from 45.61.184.204 port 45244","@timestamp":"2022-09-09T04:16:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:16:45 honeypot-fra-1 sshd[25661]: Invalid user user from 45.61.184.204 port 40296","@timestamp":"2022-09-09T04:16:45.840Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:17:01 honeypot-ams-1 CRON[2581]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T04:17:01.564Z"}
{"@timestamp":"2022-09-09T04:17:26.735Z","@version":"1","message":"Sep  9 04:17:26 honeypot-sgp-1 sshd[32320]: Received disconnect from 202.165.17.131 port 55118:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:17:46 honeypot-fra-1 sshd[25666]: Received disconnect from 118.212.146.44 port 40606:11: Bye Bye [preauth]","@timestamp":"2022-09-09T04:17:47.865Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T04:19:31.789Z","@version":"1","message":"Sep  9 04:19:31 honeypot-sgp-1 sshd[32327]: Received disconnect from 123.30.187.208 port 52828:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:25:22 honeypot-fra-1 kernel: [83571960.391297] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.85.8 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=33952 DF PROTO=TCP SPT=63278 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:25:23.029Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:25:31 honeypot-ams-1 sshd[2592]: Invalid user admin from 121.187.251.210 port 45725","@timestamp":"2022-09-09T04:25:31.796Z"}
{"@timestamp":"2022-09-09T04:27:08.971Z","@version":"1","message":"Sep  9 04:27:07 honeypot-sgp-1 sshd[32334]: Invalid user wolf from 123.31.29.131 port 46544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T04:28:07.997Z","@version":"1","message":"Sep  9 04:28:07 honeypot-sgp-1 sshd[32336]: Disconnected from invalid user kuwahara 170.210.203.212 port 50737 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:29:58 honeypot-ams-1 sshd[2598]: Disconnected from authenticating user root 61.177.173.53 port 19571 [preauth]","@timestamp":"2022-09-09T04:29:58.918Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:34:17 honeypot-fra-1 sshd[25673]: Received disconnect from 165.22.45.108 port 50796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T04:34:18.248Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T04:37:30.219Z","@version":"1","message":"Sep  9 04:37:30 honeypot-sgp-1 kernel: [83574366.389765] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.108.102 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=50064 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:41:53 honeypot-fra-1 sshd[25676]: Disconnected from invalid user james 91.138.228.31 port 49384 [preauth]","@timestamp":"2022-09-09T04:41:54.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:44:16 honeypot-ams-1 sshd[2606]: Received disconnect from 178.128.114.244 port 50424:11: Bye Bye [preauth]","@timestamp":"2022-09-09T04:44:16.311Z"}
{"@timestamp":"2022-09-09T04:48:13.475Z","@version":"1","message":"Sep  9 04:48:12 honeypot-sgp-1 sshd[32348]: Received disconnect from 150.136.132.142 port 11032:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:48:54 honeypot-ams-1 sshd[2613]: Received disconnect from 61.177.172.124 port 14435:11:  [preauth]","@timestamp":"2022-09-09T04:48:54.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:50:13 honeypot-fra-1 sshd[25682]: Received disconnect from 190.119.187.173 port 42313:11: Bye Bye [preauth]","@timestamp":"2022-09-09T04:50:14.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:51:48 honeypot-ams-1 sshd[2618]: Received disconnect from 61.177.173.47 port 25843:11:  [preauth]","@timestamp":"2022-09-09T04:51:48.513Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:54:02 honeypot-ams-1 sshd[2622]: Connection closed by invalid user admin 220.121.250.154 port 42384 [preauth]","@timestamp":"2022-09-09T04:54:02.573Z"}
{"@timestamp":"2022-09-09T04:57:24.713Z","@version":"1","message":"Sep  9 04:57:24 honeypot-sgp-1 kernel: [83575560.484715] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.108.102 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=31955 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:59:44 honeypot-fra-1 sshd[25687]: Invalid user Admin from 122.165.141.96 port 41232","@timestamp":"2022-09-09T04:59:44.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:01:51 honeypot-fra-1 sshd[25689]: Disconnected from invalid user john 165.22.45.108 port 55730 [preauth]","@timestamp":"2022-09-09T05:01:51.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 05:03:49 honeypot-ams-1 kernel: [83576416.979137] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.156.155.12 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52715 PROTO=TCP SPT=49561 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:03:49.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:17:01 honeypot-ams-1 CRON[2638]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T05:17:02.207Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 05:18:37 honeypot-ams-1 kernel: [83577305.102937] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=21244 PROTO=TCP SPT=41079 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:18:38.253Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25704]: Invalid user vagrant from 194.247.12.102 port 56464","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25718]: Invalid user ec2-user from 194.247.12.102 port 56452","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25720]: Invalid user oracle from 194.247.12.102 port 56472","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25712]: Invalid user es from 194.247.12.102 port 56436","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25705]: Invalid user chia from 194.247.12.102 port 56486","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25711]: Connection closed by invalid user ansible 194.247.12.102 port 56498 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25722]: Connection closed by invalid user ubuntu 194.247.12.102 port 56470 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25703]: Connection closed by invalid user www 194.247.12.102 port 56478 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25713]: Connection closed by invalid user ZXDSL 194.247.12.102 port 56526 [preauth]","@timestamp":"2022-09-09T05:23:50.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25706]: Connection closed by invalid user esuser 194.247.12.102 port 56504 [preauth]","@timestamp":"2022-09-09T05:23:50.379Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T05:26:09.403Z","@version":"1","message":"Sep  9 05:26:08 honeypot-sgp-1 sshd[32358]: Disconnected from authenticating user root 138.94.75.17 port 33626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:29:18 honeypot-fra-1 sshd[25758]: Received disconnect from 165.22.45.108 port 60652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:29:18.506Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 05:30:29 honeypot-ams-1 kernel: [83578016.622412] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=15533 PROTO=TCP SPT=41407 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:30:29.556Z"}
{"@timestamp":"2022-09-09T05:34:18.597Z","@version":"1","message":"Sep  9 05:34:18 honeypot-sgp-1 sshd[32363]: Invalid user public from 46.101.171.235 port 58956","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:37:52 honeypot-ams-1 sshd[2659]: Received disconnect from 45.61.187.160 port 60416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:37:52.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:12 honeypot-ams-1 sshd[2663]: Received disconnect from 45.61.187.160 port 55520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:38:12.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:30 honeypot-ams-1 sshd[2667]: Received disconnect from 45.61.187.160 port 50628:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:38:30.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:47 honeypot-ams-1 sshd[2671]: Received disconnect from 45.61.187.160 port 45738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:38:47.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:40:55 honeypot-ams-1 sshd[2676]: Did not receive identification string from 80.76.51.43 port 57604","@timestamp":"2022-09-09T05:40:55.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:41:14 honeypot-fra-1 kernel: [83576512.533671] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.162.210.152 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34311 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:41:15.775Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:41:43 honeypot-ams-1 sshd[2681]: Invalid user test from 80.76.51.43 port 49614","@timestamp":"2022-09-09T05:41:43.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:42:11 honeypot-ams-1 sshd[2687]: Disconnected from authenticating user root 80.76.51.43 port 50242 [preauth]","@timestamp":"2022-09-09T05:42:11.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:42:53 honeypot-ams-1 sshd[2695]: Disconnected from authenticating user root 80.76.51.43 port 37046 [preauth]","@timestamp":"2022-09-09T05:42:53.896Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:43:35 honeypot-ams-1 sshd[2701]: Disconnected from authenticating user root 80.76.51.43 port 52064 [preauth]","@timestamp":"2022-09-09T05:43:35.916Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:43:36 honeypot-fra-1 kernel: [83576653.809727] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.141 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25213 PROTO=TCP SPT=23158 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:43:36.833Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:44:03 honeypot-ams-1 sshd[2705]: Disconnected from invalid user git 80.76.51.43 port 52684 [preauth]","@timestamp":"2022-09-09T05:44:03.932Z"}
{"@timestamp":"2022-09-09T05:47:05.899Z","@version":"1","message":"Sep  9 05:47:05 honeypot-sgp-1 sshd[32367]: Did not receive identification string from 45.61.184.204 port 40564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:47:32.913Z","@version":"1","message":"Sep  9 05:47:32 honeypot-sgp-1 sshd[32370]: Disconnected from invalid user user 45.61.184.204 port 53802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:47:51.922Z","@version":"1","message":"Sep  9 05:47:51 honeypot-sgp-1 sshd[32374]: Disconnected from invalid user user 45.61.184.204 port 48798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:48:10.932Z","@version":"1","message":"Sep  9 05:48:10 honeypot-sgp-1 sshd[32378]: Disconnected from invalid user user 45.61.184.204 port 43796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:48:25 honeypot-ams-1 sshd[2713]: Invalid user user from 45.61.187.160 port 56316","@timestamp":"2022-09-09T05:48:26.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:48:44 honeypot-ams-1 sshd[2719]: Invalid user user from 45.61.187.160 port 51306","@timestamp":"2022-09-09T05:48:45.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:49:03 honeypot-ams-1 sshd[2723]: Invalid user user from 45.61.187.160 port 46326","@timestamp":"2022-09-09T05:49:04.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:55:03 honeypot-fra-1 kernel: [83577340.970081] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.197.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=32945 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:55:04.097Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T05:56:59.142Z","@version":"1","message":"Sep  9 05:56:58 honeypot-sgp-1 sshd[32383]: Received disconnect from 64.225.43.245 port 38002:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:57:03 honeypot-ams-1 sshd[2729]: Invalid user lisa from 103.153.92.50 port 37210","@timestamp":"2022-09-09T05:57:04.275Z"}
{"@timestamp":"2022-09-09T05:57:12.149Z","@version":"1","message":"Sep  9 05:57:11 honeypot-sgp-1 sshd[32388]: Invalid user user from 141.255.162.226 port 60614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:14.150Z","@version":"1","message":"Sep  9 05:57:13 honeypot-sgp-1 sshd[32392]: Invalid user user from 141.255.162.226 port 54890","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:16.153Z","@version":"1","message":"Sep  9 05:57:15 honeypot-sgp-1 sshd[32396]: Invalid user user from 141.255.162.226 port 34168","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:44.165Z","@version":"1","message":"Sep  9 05:57:44 honeypot-sgp-1 sshd[32400]: Received disconnect from 64.225.43.245 port 51536:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:59:16.204Z","@version":"1","message":"Sep  9 05:59:15 honeypot-sgp-1 sshd[32404]: Disconnected from authenticating user root 64.225.43.245 port 50374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:01:36.262Z","@version":"1","message":"Sep  9 06:01:35 honeypot-sgp-1 sshd[32411]: Disconnected from authenticating user root 64.225.43.245 port 34522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:02:56 honeypot-ams-1 sshd[2732]: Connection closed by invalid user admin 193.106.191.157 port 59690 [preauth]","@timestamp":"2022-09-09T06:02:57.429Z"}
{"@timestamp":"2022-09-09T06:03:31.312Z","@version":"1","message":"Sep  9 06:03:31 honeypot-sgp-1 sshd[32418]: Invalid user user from 45.61.186.49 port 56276","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:03:41.318Z","@version":"1","message":"Sep  9 06:03:41 honeypot-sgp-1 sshd[32422]: Invalid user user from 45.61.186.49 port 39684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:03:55.325Z","@version":"1","message":"Sep  9 06:03:54 honeypot-sgp-1 sshd[32426]: Received disconnect from 64.225.43.245 port 46966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:04:27 honeypot-fra-1 sshd[25775]: Received disconnect from 217.218.56.142 port 33208:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:04:27.306Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:05:28.367Z","@version":"1","message":"Sep  9 06:05:27 honeypot-sgp-1 sshd[32430]: Disconnected from authenticating user root 64.225.43.245 port 45800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:05:53 honeypot-fra-1 kernel: [83577990.787709] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.85.8 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=51449 DF PROTO=TCP SPT=64821 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:05:53.341Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T06:07:02.408Z","@version":"1","message":"Sep  9 06:07:02 honeypot-sgp-1 sshd[32435]: Disconnected from invalid user dev 64.225.43.245 port 44640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:07:07 honeypot-ams-1 sshd[2744]: Received disconnect from 61.177.173.35 port 39848:11:  [preauth]","@timestamp":"2022-09-09T06:07:08.540Z"}
{"@timestamp":"2022-09-09T06:08:37.448Z","@version":"1","message":"Sep  9 06:08:36 honeypot-sgp-1 sshd[32439]: Disconnected from invalid user schoosoft 64.225.43.245 port 43482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:09:41 honeypot-ams-1 sshd[2749]: Received disconnect from 61.177.172.104 port 47067:11:  [preauth]","@timestamp":"2022-09-09T06:09:42.609Z"}
{"@timestamp":"2022-09-09T06:10:12.489Z","@version":"1","message":"Sep  9 06:10:11 honeypot-sgp-1 sshd[32443]: Disconnected from invalid user samson 64.225.43.245 port 42320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:11:52.533Z","@version":"1","message":"Sep  9 06:11:51 honeypot-sgp-1 kernel: [83580027.793356] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.198.144.118 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=5306 DF PROTO=TCP SPT=54570 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:13:20.572Z","@version":"1","message":"Sep  9 06:13:19 honeypot-sgp-1 sshd[32452]: Received disconnect from 64.225.43.245 port 39996:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:14:23 honeypot-fra-1 sshd[25782]: Received disconnect from 177.23.138.158 port 63015:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:14:23.536Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:14:53.612Z","@version":"1","message":"Sep  9 06:14:53 honeypot-sgp-1 sshd[32456]: Received disconnect from 64.225.43.245 port 38836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:16:26.654Z","@version":"1","message":"Sep  9 06:16:25 honeypot-sgp-1 sshd[32460]: Received disconnect from 64.225.43.245 port 37676:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:17:12.675Z","@version":"1","message":"Sep  9 06:17:12 honeypot-sgp-1 sshd[32466]: Disconnected from invalid user gbadebo 64.225.43.245 port 51212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 06:18:23 honeypot-ams-1 kernel: [83580891.117409] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=57203 PROTO=TCP SPT=52628 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:18:23.830Z"}
{"@timestamp":"2022-09-09T06:19:35.735Z","@version":"1","message":"Sep  9 06:19:35 honeypot-sgp-1 sshd[32472]: Invalid user sandbox from 64.225.43.245 port 35356","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:20:27.759Z","@version":"1","message":"Sep  9 06:20:27 honeypot-sgp-1 sshd[32476]: Did not receive identification string from 154.89.5.209 port 58740","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:22:00.801Z","@version":"1","message":"Sep  9 06:22:00 honeypot-sgp-1 sshd[32481]: Received disconnect from 64.225.43.245 port 47732:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:22:13 honeypot-ams-1 sshd[2767]: Invalid user excite from 27.71.238.138 port 43928","@timestamp":"2022-09-09T06:22:13.933Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:23:49 honeypot-fra-1 kernel: [83579066.990121] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.182.141.90 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31046 DF PROTO=TCP SPT=12556 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:23:49.747Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T06:24:25.863Z","@version":"1","message":"Sep  9 06:24:25 honeypot-sgp-1 sshd[32488]: Connection closed by authenticating user root 167.71.231.98 port 40214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:25:01 honeypot-ams-1 CRON[2773]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T06:25:02.010Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:25:02 honeypot-fra-1 CRON[25793]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T06:25:03.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:33:32 honeypot-fra-1 sshd[26025]: Invalid user mac from 103.161.207.2 port 52600","@timestamp":"2022-09-09T06:33:32.970Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 06:35:00 honeypot-ams-1 kernel: [83581888.187914] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.101 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42564 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:35:01.267Z"}
{"@timestamp":"2022-09-09T06:36:22.157Z","@version":"1","message":"Sep  9 06:36:21 honeypot-sgp-1 sshd[32637]: Disconnected from authenticating user root 213.190.4.147 port 48998 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:19 honeypot-fra-1 sshd[26031]: Invalid user ts3 from 43.138.54.131 port 38820","@timestamp":"2022-09-09T06:40:20.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:22 honeypot-fra-1 sshd[26037]: Invalid user mc from 43.138.54.131 port 38816","@timestamp":"2022-09-09T06:40:23.123Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:26 honeypot-fra-1 sshd[26043]: Invalid user devops from 43.138.54.131 port 38848","@timestamp":"2022-09-09T06:40:27.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:30 honeypot-fra-1 sshd[26049]: Invalid user ftpuser from 43.138.54.131 port 38868","@timestamp":"2022-09-09T06:40:31.127Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:35 honeypot-fra-1 sshd[26057]: Invalid user ts3srv from 43.138.54.131 port 38824","@timestamp":"2022-09-09T06:40:35.130Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:40:37 honeypot-ams-1 sshd[2954]: Connection closed by 180.76.173.237 port 56892 [preauth]","@timestamp":"2022-09-09T06:40:38.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:50 honeypot-fra-1 sshd[26061]: Invalid user vagrant from 43.138.54.131 port 38840","@timestamp":"2022-09-09T06:40:51.137Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:14 honeypot-ams-1 sshd[2959]: Disconnected from invalid user user 45.61.186.169 port 50616 [preauth]","@timestamp":"2022-09-09T06:41:15.434Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:41:23 honeypot-fra-1 sshd[26067]: Invalid user centos from 43.138.54.131 port 38864","@timestamp":"2022-09-09T06:41:23.149Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:32 honeypot-ams-1 sshd[2963]: Disconnected from invalid user user 45.61.186.169 port 46088 [preauth]","@timestamp":"2022-09-09T06:41:32.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:41:45 honeypot-fra-1 sshd[26071]: Disconnected from invalid user courtney 46.101.31.237 port 58700 [preauth]","@timestamp":"2022-09-09T06:41:46.160Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:49 honeypot-ams-1 sshd[2969]: Invalid user user from 45.61.186.169 port 41560","@timestamp":"2022-09-09T06:41:49.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:42:04 honeypot-ams-1 sshd[2973]: Invalid user user from 45.61.186.169 port 37008","@timestamp":"2022-09-09T06:42:05.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:43:06 honeypot-ams-1 sshd[2979]: Received disconnect from 68.183.25.187 port 36858:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:43:07.489Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:44:11 honeypot-ams-1 sshd[2982]: Disconnected from invalid user courtney 178.128.184.213 port 45836 [preauth]","@timestamp":"2022-09-09T06:44:11.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26090]: Connection closed by invalid user centos 20.115.2.51 port 48068 [preauth]","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26091]: Invalid user esuser from 20.115.2.51 port 48054","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26096]: Invalid user ec2-user from 20.115.2.51 port 48122","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26083]: Invalid user jenkins from 20.115.2.51 port 48118","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26098]: Invalid user jenkins from 20.115.2.51 port 48142","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26095]: Connection closed by invalid user chia 20.115.2.51 port 48146 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26078]: Connection closed by invalid user postgres 20.115.2.51 port 48024 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26098]: Connection closed by invalid user jenkins 20.115.2.51 port 48142 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26088]: Connection closed by invalid user testuser 20.115.2.51 port 48080 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:47:34.437Z","@version":"1","message":"Sep  9 06:47:34 honeypot-sgp-1 kernel: [83582170.387576] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.237.97.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=37687 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:49:01 honeypot-fra-1 sshd[26135]: Did not receive identification string from 45.61.187.160 port 55278","@timestamp":"2022-09-09T06:49:01.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:49:42 honeypot-fra-1 sshd[26139]: Disconnected from invalid user user 45.61.187.160 port 54608 [preauth]","@timestamp":"2022-09-09T06:49:43.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:49:44.493Z","@version":"1","message":"Sep  9 06:49:44 honeypot-sgp-1 sshd[32742]: Disconnected from invalid user dennis 144.126.215.161 port 52796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:00 honeypot-fra-1 sshd[26144]: Received disconnect from 45.61.187.160 port 50030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:50:01.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:16 honeypot-fra-1 sshd[26148]: Received disconnect from 141.255.162.226 port 57906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:50:17.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:18 honeypot-fra-1 sshd[26152]: Received disconnect from 45.61.187.160 port 45466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:50:19.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:20 honeypot-fra-1 sshd[26156]: Received disconnect from 141.255.162.226 port 59232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:50:20.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:24 honeypot-fra-1 sshd[26160]: Received disconnect from 141.255.162.226 port 45778:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:50:24.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:52:04 honeypot-fra-1 sshd[26165]: Received disconnect from 165.22.45.108 port 47242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:52:05.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:00:24 honeypot-ams-1 kernel: [83583411.845511] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=16780 PROTO=TCP SPT=47969 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:00:24.931Z"}
{"@timestamp":"2022-09-09T07:00:40.768Z","@version":"1","message":"Sep  9 07:00:40 honeypot-sgp-1 sshd[32752]: Invalid user user from 141.255.162.226 port 59016","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:00:45.771Z","@version":"1","message":"Sep  9 07:00:44 honeypot-sgp-1 sshd[32756]: Invalid user user from 141.255.162.226 port 38220","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:00:47.773Z","@version":"1","message":"Sep  9 07:00:47 honeypot-sgp-1 sshd[32760]: Invalid user user from 141.255.162.226 port 39762","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:01:25 honeypot-fra-1 kernel: [83581322.739348] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.209.77 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59839 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:01:25.615Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T07:02:16.812Z","@version":"1","message":"Sep  9 07:02:16 honeypot-sgp-1 kernel: [83583052.541523] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=34422 DF PROTO=TCP SPT=56924 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:07:26 honeypot-ams-1 sshd[3105]: Received disconnect from 61.177.173.36 port 64353:11:  [preauth]","@timestamp":"2022-09-09T07:07:27.115Z"}
{"@timestamp":"2022-09-09T07:10:04.008Z","@version":"1","message":"Sep  9 07:10:03 honeypot-sgp-1 sshd[302]: Disconnected from invalid user miguel 46.101.220.193 port 44406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:12:20.065Z","@version":"1","message":"Sep  9 07:12:19 honeypot-sgp-1 sshd[308]: Invalid user taka from 185.53.229.86 port 58846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:14:37 honeypot-ams-1 sshd[3111]: Disconnected from invalid user user 45.61.186.169 port 54540 [preauth]","@timestamp":"2022-09-09T07:14:38.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:14:55 honeypot-ams-1 sshd[3116]: Disconnected from invalid user user 45.61.186.169 port 49916 [preauth]","@timestamp":"2022-09-09T07:14:56.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:15:12 honeypot-ams-1 sshd[3120]: Disconnected from invalid user user 45.61.186.169 port 45284 [preauth]","@timestamp":"2022-09-09T07:15:13.322Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:15:28 honeypot-ams-1 sshd[3125]: Disconnected from invalid user user 45.61.186.169 port 40718 [preauth]","@timestamp":"2022-09-09T07:15:29.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:17:01 honeypot-fra-1 CRON[26177]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T07:17:01.958Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T07:17:15.189Z","@version":"1","message":"Sep  9 07:17:14 honeypot-sgp-1 sshd[316]: Did not receive identification string from 141.255.162.226 port 54488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:34.198Z","@version":"1","message":"Sep  9 07:17:33 honeypot-sgp-1 sshd[319]: Disconnected from invalid user user 141.255.162.226 port 34256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:40.202Z","@version":"1","message":"Sep  9 07:17:39 honeypot-sgp-1 sshd[325]: Disconnected from invalid user user 141.255.162.226 port 35864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:42.203Z","@version":"1","message":"Sep  9 07:17:42 honeypot-sgp-1 sshd[329]: Connection closed by invalid user user 141.255.162.226 port 41714 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:23:19 honeypot-ams-1 sshd[3135]: Invalid user paula from 35.240.137.176 port 37058","@timestamp":"2022-09-09T07:23:20.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:00 honeypot-ams-1 sshd[3140]: Disconnected from invalid user user 45.61.187.160 port 44594 [preauth]","@timestamp":"2022-09-09T07:24:00.556Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:08 honeypot-ams-1 sshd[3144]: Disconnected from invalid user user 45.61.187.160 port 55820 [preauth]","@timestamp":"2022-09-09T07:24:09.562Z"}
{"@timestamp":"2022-09-09T07:24:26.370Z","@version":"1","message":"Sep  9 07:24:26 honeypot-sgp-1 sshd[337]: Received disconnect from 45.61.186.169 port 51576:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:25 honeypot-ams-1 sshd[3148]: Disconnected from invalid user user 45.61.187.160 port 50070 [preauth]","@timestamp":"2022-09-09T07:24:26.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:41 honeypot-ams-1 sshd[3153]: Disconnected from invalid user user 45.61.187.160 port 44292 [preauth]","@timestamp":"2022-09-09T07:24:42.579Z"}
{"@timestamp":"2022-09-09T07:24:45.403Z","@version":"1","message":"Sep  9 07:24:44 honeypot-sgp-1 sshd[341]: Received disconnect from 45.61.186.169 port 46806:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:25:02.411Z","@version":"1","message":"Sep  9 07:25:02 honeypot-sgp-1 sshd[345]: Received disconnect from 45.61.186.169 port 42014:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:25:20.420Z","@version":"1","message":"Sep  9 07:25:19 honeypot-sgp-1 sshd[349]: Received disconnect from 45.61.186.169 port 37248:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:26:30 honeypot-fra-1 kernel: [83582828.092353] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44369 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:26:31.167Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:27:57 honeypot-ams-1 kernel: [83585065.238080] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.37.190.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56812 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:27:58.665Z"}
{"@timestamp":"2022-09-09T07:31:51.579Z","@version":"1","message":"Sep  9 07:31:51 honeypot-sgp-1 sshd[354]: Received disconnect from 161.35.112.95 port 52108:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:32:36 honeypot-ams-1 sshd[3172]: Disconnected from authenticating user root 61.177.173.51 port 34044 [preauth]","@timestamp":"2022-09-09T07:32:36.785Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:32:53 honeypot-fra-1 sshd[26189]: Received disconnect from 51.210.108.253 port 38662:11: Bye Bye [preauth]","@timestamp":"2022-09-09T07:32:53.310Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:37:58 honeypot-ams-1 sshd[3182]: Connection closed by authenticating user root 124.223.156.79 port 59636 [preauth]","@timestamp":"2022-09-09T07:37:58.929Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:42:01 honeypot-ams-1 sshd[3191]: Received disconnect from 52.140.126.117 port 39182:11: Bye Bye [preauth]","@timestamp":"2022-09-09T07:42:02.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:43:19 honeypot-fra-1 sshd[26196]: Did not receive identification string from 179.43.156.143 port 48750","@timestamp":"2022-09-09T07:43:19.542Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:44:41 honeypot-ams-1 kernel: [83586068.533315] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=8394 PROTO=TCP SPT=57070 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:44:42.127Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:45:09 honeypot-fra-1 sshd[26201]: Disconnected from authenticating user root 179.43.156.143 port 40842 [preauth]","@timestamp":"2022-09-09T07:45:09.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:46:58 honeypot-fra-1 sshd[26207]: Received disconnect from 179.43.156.143 port 57226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:46:59.629Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:47:36 honeypot-fra-1 sshd[26211]: Received disconnect from 179.43.156.143 port 53290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:47:37.645Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:48:54 honeypot-fra-1 sshd[26216]: Received disconnect from 179.43.156.143 port 45476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:48:54.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:49:26 honeypot-ams-1 sshd[3200]: Received disconnect from 61.177.172.98 port 16436:11:  [preauth]","@timestamp":"2022-09-09T07:49:27.255Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:50:49 honeypot-fra-1 sshd[26222]: Received disconnect from 179.43.156.143 port 33732:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:50:49.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:52:43 honeypot-fra-1 sshd[26228]: Received disconnect from 179.43.156.143 port 50220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:52:43.766Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T07:52:51.097Z","@version":"1","message":"Sep  9 07:52:51 honeypot-sgp-1 sshd[360]: Disconnected from invalid user michael 103.42.57.139 port 45702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:53:12 honeypot-ams-1 sshd[3205]: Received disconnect from 35.224.2.98 port 51196:11: Bye Bye [preauth]","@timestamp":"2022-09-09T07:53:12.355Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:54:51 honeypot-ams-1 kernel: [83586678.425928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:54:51.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:56:58 honeypot-fra-1 kernel: [83584655.765338] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:56:58.864Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T07:57:16.205Z","@version":"1","message":"Sep  9 07:57:15 honeypot-sgp-1 sshd[364]: Disconnected from invalid user silas 89.163.178.15 port 48658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:57:43 honeypot-ams-1 kernel: [83586851.159398] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=25437 DF PROTO=TCP SPT=50061 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:57:44.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:04:51 honeypot-fra-1 sshd[26238]: Connection reset by 161.35.52.126 port 23237 [preauth]","@timestamp":"2022-09-09T08:04:52.046Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:05:06 honeypot-ams-1 sshd[3214]: Disconnected from authenticating user root 61.177.173.49 port 56560 [preauth]","@timestamp":"2022-09-09T08:05:06.678Z"}
{"@timestamp":"2022-09-09T08:13:19.591Z","@version":"1","message":"Sep  9 08:13:18 honeypot-sgp-1 kernel: [83587314.922859] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=41470 PROTO=TCP SPT=51164 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:15:59 honeypot-fra-1 sshd[26264]: Disconnected from invalid user joomla 165.22.45.108 port 33852 [preauth]","@timestamp":"2022-09-09T08:15:59.296Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:16:56 honeypot-ams-1 sshd[3226]: Received disconnect from 61.177.173.47 port 30019:11:  [preauth]","@timestamp":"2022-09-09T08:16:56.988Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:21:23 honeypot-ams-1 sshd[3232]: Received disconnect from 143.244.154.61 port 52470:11: Bye Bye [preauth]","@timestamp":"2022-09-09T08:21:24.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:26:10 honeypot-ams-1 sshd[3257]: Disconnected from invalid user admin 164.155.120.94 port 38844 [preauth]","@timestamp":"2022-09-09T08:26:11.229Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:30:38 honeypot-fra-1 sshd[26270]: Connection closed by authenticating user root 167.71.231.98 port 37102 [preauth]","@timestamp":"2022-09-09T08:30:39.628Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T08:31:45.037Z","@version":"1","message":"Sep  9 08:31:44 honeypot-sgp-1 sshd[396]: Received disconnect from 143.244.158.100 port 49920:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:34:40.111Z","@version":"1","message":"Sep  9 08:34:39 honeypot-sgp-1 sshd[402]: Received disconnect from 143.244.158.100 port 54520:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:34:54 honeypot-fra-1 sshd[26275]: Disconnected from authenticating user root 119.65.149.106 port 35088 [preauth]","@timestamp":"2022-09-09T08:34:54.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T08:36:29.159Z","@version":"1","message":"Sep  9 08:36:28 honeypot-sgp-1 sshd[408]: Received disconnect from 143.244.158.100 port 49034:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:39:17.229Z","@version":"1","message":"Sep  9 08:39:16 honeypot-sgp-1 sshd[417]: Received disconnect from 143.244.158.100 port 51462:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:40:26 honeypot-fra-1 kernel: [83587263.567985] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.85.8 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=63273 DF PROTO=TCP SPT=60204 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:40:26.855Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T08:41:58.299Z","@version":"1","message":"Sep  9 08:41:58 honeypot-sgp-1 sshd[423]: Received disconnect from 143.244.158.100 port 55336:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:42:39 honeypot-ams-1 sshd[3270]: Did not receive identification string from 198.98.61.9 port 43036","@timestamp":"2022-09-09T08:42:39.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:06 honeypot-ams-1 sshd[3273]: Disconnected from invalid user user 198.98.61.9 port 33332 [preauth]","@timestamp":"2022-09-09T08:43:06.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:21 honeypot-ams-1 sshd[3277]: Disconnected from invalid user user 198.98.61.9 port 55274 [preauth]","@timestamp":"2022-09-09T08:43:21.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:39 honeypot-ams-1 sshd[3281]: Disconnected from invalid user user 198.98.61.9 port 48984 [preauth]","@timestamp":"2022-09-09T08:43:40.684Z"}
{"@timestamp":"2022-09-09T08:44:45.370Z","@version":"1","message":"Sep  9 08:44:44 honeypot-sgp-1 sshd[432]: Received disconnect from 143.244.158.100 port 52646:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:44:51 honeypot-fra-1 sshd[26281]: Disconnected from invalid user joomla 165.22.45.108 port 38828 [preauth]","@timestamp":"2022-09-09T08:44:51.955Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:47:13 honeypot-ams-1 sshd[3286]: Disconnected from authenticating user root 61.177.173.50 port 54320 [preauth]","@timestamp":"2022-09-09T08:47:13.773Z"}
{"@timestamp":"2022-09-09T08:47:24.435Z","@version":"1","message":"Sep  9 08:47:23 honeypot-sgp-1 sshd[439]: Received disconnect from 143.244.158.100 port 42252:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:49:15.485Z","@version":"1","message":"Sep  9 08:49:15 honeypot-sgp-1 sshd[445]: Received disconnect from 143.244.158.100 port 59540:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:51:05.533Z","@version":"1","message":"Sep  9 08:51:05 honeypot-sgp-1 sshd[449]: Received disconnect from 143.244.158.100 port 54608:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:52:38.574Z","@version":"1","message":"Sep  9 08:52:37 honeypot-sgp-1 sshd[454]: Disconnected from invalid user network 45.134.173.95 port 54378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:53:49.604Z","@version":"1","message":"Sep  9 08:53:49 honeypot-sgp-1 sshd[461]: Disconnected from authenticating user root 143.244.158.100 port 37202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:56:30.673Z","@version":"1","message":"Sep  9 08:56:29 honeypot-sgp-1 sshd[467]: Received disconnect from 143.244.158.100 port 56664:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:59:03 honeypot-ams-1 sshd[3293]: Received disconnect from 61.177.172.19 port 54469:11:  [preauth]","@timestamp":"2022-09-09T08:59:04.077Z"}
{"@timestamp":"2022-09-09T08:59:23.745Z","@version":"1","message":"Sep  9 08:59:23 honeypot-sgp-1 sshd[474]: Received disconnect from 143.244.158.100 port 41502:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:02:08.814Z","@version":"1","message":"Sep  9 09:02:08 honeypot-sgp-1 sshd[480]: Received disconnect from 143.244.158.100 port 58338:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:02:11 honeypot-ams-1 sshd[3298]: Disconnected from authenticating user root 51.250.21.73 port 33242 [preauth]","@timestamp":"2022-09-09T09:02:12.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:03:59 honeypot-ams-1 sshd[3303]: Disconnected from authenticating user root 61.177.173.46 port 36104 [preauth]","@timestamp":"2022-09-09T09:04:00.212Z"}
{"@timestamp":"2022-09-09T09:04:00.862Z","@version":"1","message":"Sep  9 09:04:00 honeypot-sgp-1 sshd[485]: Disconnected from authenticating user root 143.244.158.100 port 59576 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:06:44.929Z","@version":"1","message":"Sep  9 09:06:44 honeypot-sgp-1 sshd[492]: Disconnected from authenticating user root 143.244.158.100 port 36674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:09:27 honeypot-fra-1 sshd[26301]: Invalid user user from 45.61.186.169 port 34918","@timestamp":"2022-09-09T09:09:27.501Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T09:09:29.996Z","@version":"1","message":"Sep  9 09:09:29 honeypot-sgp-1 sshd[500]: Received disconnect from 143.244.158.100 port 52342:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:09:44 honeypot-fra-1 sshd[26305]: Invalid user user from 45.61.186.169 port 58060","@timestamp":"2022-09-09T09:09:44.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:10:00 honeypot-fra-1 sshd[26310]: Invalid user user from 45.61.186.169 port 52980","@timestamp":"2022-09-09T09:10:00.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:10:15 honeypot-fra-1 sshd[26314]: Invalid user user from 45.61.186.169 port 47896","@timestamp":"2022-09-09T09:10:16.528Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T09:12:22.067Z","@version":"1","message":"Sep  9 09:12:21 honeypot-sgp-1 sshd[507]: Received disconnect from 143.244.158.100 port 37178:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:14:48 honeypot-ams-1 sshd[3313]: Invalid user user1 from 103.188.176.251 port 34240","@timestamp":"2022-09-09T09:14:48.493Z"}
{"@timestamp":"2022-09-09T09:15:08.131Z","@version":"1","message":"Sep  9 09:15:08 honeypot-sgp-1 sshd[513]: Received disconnect from 143.244.158.100 port 34568:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:17:02.179Z","@version":"1","message":"Sep  9 09:17:01 honeypot-sgp-1 CRON[520]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:17:01 honeypot-fra-1 CRON[26320]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T09:17:02.682Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:17:07 honeypot-ams-1 sshd[3319]: Received disconnect from 80.76.51.43 port 39188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:17:07.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:17:38 honeypot-ams-1 sshd[3324]: Received disconnect from 80.76.51.43 port 42492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:17:38.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:18:20 honeypot-ams-1 sshd[3330]: Received disconnect from 80.76.51.43 port 33310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:18:21.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:18:48 honeypot-ams-1 sshd[3334]: Disconnected from authenticating user root 80.76.51.43 port 36522 [preauth]","@timestamp":"2022-09-09T09:18:48.614Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:19:30 honeypot-ams-1 sshd[3340]: Disconnected from authenticating user root 80.76.51.43 port 55606 [preauth]","@timestamp":"2022-09-09T09:19:30.636Z"}
{"@timestamp":"2022-09-09T09:19:38.243Z","@version":"1","message":"Sep  9 09:19:37 honeypot-sgp-1 sshd[527]: Received disconnect from 143.244.158.100 port 56748:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:19:58 honeypot-ams-1 sshd[3344]: Disconnected from invalid user git 80.76.51.43 port 58776 [preauth]","@timestamp":"2022-09-09T09:19:58.651Z"}
{"@timestamp":"2022-09-09T09:21:32.290Z","@version":"1","message":"Sep  9 09:21:31 honeypot-sgp-1 sshd[532]: Disconnected from authenticating user root 143.244.158.100 port 39396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:23 honeypot-ams-1 sshd[3351]: Disconnected from authenticating user root 88.149.195.109 port 45308 [preauth]","@timestamp":"2022-09-09T09:25:23.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:24 honeypot-ams-1 sshd[3357]: Received disconnect from 88.149.195.109 port 45396:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:24.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:25 honeypot-ams-1 sshd[3363]: Received disconnect from 88.149.195.109 port 45478:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:25.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:26 honeypot-ams-1 sshd[3369]: Received disconnect from 88.149.195.109 port 45552:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:27.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:28 honeypot-ams-1 sshd[3375]: Received disconnect from 88.149.195.109 port 45632:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:28.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:29 honeypot-ams-1 sshd[3381]: Received disconnect from 88.149.195.109 port 45706:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:29.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:30 honeypot-ams-1 sshd[3387]: Received disconnect from 88.149.195.109 port 45772:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:30.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:31 honeypot-ams-1 sshd[3393]: Received disconnect from 88.149.195.109 port 45870:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:31.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:32 honeypot-ams-1 sshd[3399]: Received disconnect from 88.149.195.109 port 45952:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:32.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:33 honeypot-ams-1 sshd[3405]: Received disconnect from 88.149.195.109 port 46010:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:33.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:34 honeypot-ams-1 sshd[3411]: Received disconnect from 88.149.195.109 port 46074:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:35.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:35 honeypot-ams-1 sshd[3417]: Received disconnect from 88.149.195.109 port 46150:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:36.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:37 honeypot-ams-1 sshd[3423]: Invalid user admin from 88.149.195.109 port 46220","@timestamp":"2022-09-09T09:25:37.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:37 honeypot-ams-1 sshd[3427]: Invalid user admin from 88.149.195.109 port 46280","@timestamp":"2022-09-09T09:25:38.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:38 honeypot-ams-1 sshd[3431]: Invalid user admin from 88.149.195.109 port 46336","@timestamp":"2022-09-09T09:25:38.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:39 honeypot-ams-1 sshd[3435]: Invalid user admin from 88.149.195.109 port 46386","@timestamp":"2022-09-09T09:25:39.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:40 honeypot-ams-1 sshd[3439]: Invalid user admin from 88.149.195.109 port 46424","@timestamp":"2022-09-09T09:25:40.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:40 honeypot-ams-1 sshd[3443]: Invalid user user from 88.149.195.109 port 46486","@timestamp":"2022-09-09T09:25:41.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:41 honeypot-ams-1 sshd[3447]: Disconnected from authenticating user root 88.149.195.109 port 46536 [preauth]","@timestamp":"2022-09-09T09:25:41.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:43 honeypot-ams-1 sshd[3451]: Disconnected from invalid user pi 88.149.195.109 port 46636 [preauth]","@timestamp":"2022-09-09T09:25:43.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:44 honeypot-ams-1 sshd[3455]: Disconnected from invalid user ethos 88.149.195.109 port 46676 [preauth]","@timestamp":"2022-09-09T09:25:44.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:45 honeypot-ams-1 sshd[3459]: Disconnected from invalid user miner 88.149.195.109 port 46748 [preauth]","@timestamp":"2022-09-09T09:25:45.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:46 honeypot-ams-1 sshd[3463]: Disconnected from invalid user volumio 88.149.195.109 port 46810 [preauth]","@timestamp":"2022-09-09T09:25:46.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:46 honeypot-ams-1 sshd[3467]: Disconnected from invalid user nagios 88.149.195.109 port 46856 [preauth]","@timestamp":"2022-09-09T09:25:47.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:47 honeypot-ams-1 sshd[3471]: Disconnected from invalid user vagrant 88.149.195.109 port 46912 [preauth]","@timestamp":"2022-09-09T09:25:47.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:48 honeypot-ams-1 sshd[3475]: Disconnected from invalid user debian 88.149.195.109 port 46960 [preauth]","@timestamp":"2022-09-09T09:25:48.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:49 honeypot-ams-1 sshd[3479]: Disconnected from invalid user debian 88.149.195.109 port 47016 [preauth]","@timestamp":"2022-09-09T09:25:49.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:50 honeypot-ams-1 sshd[3483]: Disconnected from invalid user alarm 88.149.195.109 port 47062 [preauth]","@timestamp":"2022-09-09T09:25:50.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:50 honeypot-ams-1 sshd[3487]: Disconnected from invalid user test 88.149.195.109 port 47108 [preauth]","@timestamp":"2022-09-09T09:25:51.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:51 honeypot-ams-1 sshd[3491]: Disconnected from invalid user cirros 88.149.195.109 port 47158 [preauth]","@timestamp":"2022-09-09T09:25:51.815Z"}
{"@timestamp":"2022-09-09T09:26:32.411Z","@version":"1","message":"Sep  9 09:26:32 honeypot-sgp-1 sshd[534]: Disconnected from invalid user nieto 59.3.76.218 port 54694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:29:06 honeypot-fra-1 sshd[26327]: Unable to negotiate with 211.24.73.92 port 49444: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-09T09:29:06.959Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T09:30:02.496Z","@version":"1","message":"Sep  9 09:30:01 honeypot-sgp-1 sshd[541]: Invalid user norm from 104.248.244.119 port 58808","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:13 honeypot-fra-1 sshd[26332]: Received disconnect from 141.255.162.226 port 51780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:33:14.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:19 honeypot-fra-1 sshd[26336]: Received disconnect from 141.255.162.226 port 43306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:33:20.060Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:20 honeypot-fra-1 sshd[26340]: Received disconnect from 141.255.162.226 port 48982:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:33:21.061Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:35:11 honeypot-ams-1 sshd[3505]: Disconnected from authenticating user root 103.226.249.51 port 48698 [preauth]","@timestamp":"2022-09-09T09:35:12.057Z"}
{"@timestamp":"2022-09-09T09:36:06.640Z","@version":"1","message":"Sep  9 09:36:06 honeypot-sgp-1 sshd[547]: Connection closed by authenticating user root 167.71.231.98 port 50330 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:37:36 honeypot-fra-1 sshd[26345]: Connection closed by invalid user gladmin 141.98.10.158 port 34904 [preauth]","@timestamp":"2022-09-09T09:37:37.173Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T09:42:50.803Z","@version":"1","message":"Sep  9 09:42:50 honeypot-sgp-1 sshd[554]: Connection closed by invalid user user1 103.188.176.251 port 35196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 09:43:13 honeypot-ams-1 kernel: [83593180.884888] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=27276 DF PROTO=TCP SPT=55665 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:43:14.271Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:45:44 honeypot-fra-1 kernel: [83591181.959780] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57146 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:45:45.416Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:47:13 honeypot-ams-1 sshd[3520]: Received disconnect from 61.177.173.53 port 31491:11:  [preauth]","@timestamp":"2022-09-09T09:47:14.381Z"}
{"@timestamp":"2022-09-09T09:49:19.960Z","@version":"1","message":"Sep  9 09:49:19 honeypot-sgp-1 kernel: [83593075.205053] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39483 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:54:41.094Z","@version":"1","message":"Sep  9 09:54:40 honeypot-sgp-1 kernel: [83593396.535088] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=121.185.139.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=8597 DF PROTO=TCP SPT=6409 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:58:22 honeypot-ams-1 sshd[3529]: Received disconnect from 61.177.172.98 port 43501:11:  [preauth]","@timestamp":"2022-09-09T09:58:22.672Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:59:55 honeypot-ams-1 sshd[3533]: Disconnected from authenticating user root 61.177.173.37 port 30032 [preauth]","@timestamp":"2022-09-09T09:59:56.716Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:03:25 honeypot-fra-1 kernel: [83592242.144871] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.200.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41536 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:03:25.818Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T10:05:12.348Z","@version":"1","message":"Sep  9 10:05:12 honeypot-sgp-1 sshd[569]: Disconnected from authenticating user root 84.54.74.130 port 58802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:10:23 honeypot-ams-1 kernel: [83594810.681856] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=52093 PROTO=TCP SPT=39458 DPT=80 WINDOW=17122 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:10:23.991Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:17:01 honeypot-fra-1 CRON[26361]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T10:17:02.122Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:17:02.635Z","@version":"1","message":"Sep  9 10:17:01 honeypot-sgp-1 CRON[574]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:19:33 honeypot-fra-1 sshd[26365]: Disconnected from invalid user user 45.61.186.49 port 60682 [preauth]","@timestamp":"2022-09-09T10:19:34.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:19:41 honeypot-fra-1 sshd[26369]: Disconnected from invalid user user 45.61.186.49 port 43668 [preauth]","@timestamp":"2022-09-09T10:19:42.187Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:20:19.717Z","@version":"1","message":"Sep  9 10:20:19 honeypot-sgp-1 sshd[580]: Invalid user user from 45.61.186.169 port 46238","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:20:37.726Z","@version":"1","message":"Sep  9 10:20:37 honeypot-sgp-1 sshd[584]: Invalid user user from 45.61.186.169 port 41556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:20:53.735Z","@version":"1","message":"Sep  9 10:20:53 honeypot-sgp-1 sshd[588]: Invalid user user from 45.61.186.169 port 36840","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:21:36.755Z","@version":"1","message":"Sep  9 10:21:36 honeypot-sgp-1 sshd[593]: Did not receive identification string from 45.61.187.160 port 47730","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:22:08.770Z","@version":"1","message":"Sep  9 10:22:07 honeypot-sgp-1 sshd[596]: Disconnected from invalid user user 45.61.187.160 port 38202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:22:25.779Z","@version":"1","message":"Sep  9 10:22:25 honeypot-sgp-1 sshd[600]: Disconnected from invalid user user 45.61.187.160 port 33196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:22:41.787Z","@version":"1","message":"Sep  9 10:22:41 honeypot-sgp-1 sshd[604]: Disconnected from invalid user user 45.61.187.160 port 56430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:22:48 honeypot-fra-1 sshd[26377]: Invalid user user from 45.61.186.249 port 42454","@timestamp":"2022-09-09T10:22:48.260Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:23:07 honeypot-fra-1 sshd[26381]: Invalid user user from 45.61.186.249 port 37048","@timestamp":"2022-09-09T10:23:08.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:23:27 honeypot-fra-1 sshd[26385]: Invalid user user from 45.61.186.249 port 59878","@timestamp":"2022-09-09T10:23:27.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:23:46 honeypot-fra-1 sshd[26389]: Invalid user user from 45.61.186.249 port 54472","@timestamp":"2022-09-09T10:23:46.288Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:25:49.866Z","@version":"1","message":"Sep  9 10:25:49 honeypot-sgp-1 kernel: [83595265.009901] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=40075 DF PROTO=TCP SPT=63076 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:27:37 honeypot-ams-1 sshd[3546]: Received disconnect from 159.65.235.114 port 54856:11: Bye Bye [preauth]","@timestamp":"2022-09-09T10:27:38.445Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:28:18 honeypot-fra-1 sshd[26394]: Invalid user  from 64.62.197.122 port 30924","@timestamp":"2022-09-09T10:28:19.391Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:38:21.169Z","@version":"1","message":"Sep  9 10:38:20 honeypot-sgp-1 kernel: [83596016.632181] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.43 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40962 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:42:46 honeypot-fra-1 kernel: [83594603.419302] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=12365 DF PROTO=TCP SPT=42044 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:42:46.736Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:42:47 honeypot-ams-1 sshd[3551]: Did not receive identification string from 198.98.61.9 port 33942","@timestamp":"2022-09-09T10:42:48.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:29 honeypot-ams-1 sshd[3554]: Disconnected from invalid user user 198.98.61.9 port 42944 [preauth]","@timestamp":"2022-09-09T10:43:29.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:45 honeypot-ams-1 sshd[3558]: Disconnected from invalid user user 198.98.61.9 port 37498 [preauth]","@timestamp":"2022-09-09T10:43:45.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:59 honeypot-ams-1 sshd[3562]: Disconnected from invalid user user 198.98.61.9 port 60292 [preauth]","@timestamp":"2022-09-09T10:44:00.876Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:49:06 honeypot-ams-1 kernel: [83597134.004624] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.108.153 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=52677 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:49:07.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:49:08 honeypot-fra-1 kernel: [83594985.701038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=182.59.180.62 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x40 TTL=54 ID=29202 DF PROTO=TCP SPT=60778 DPT=80 WINDOW=5760 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:49:08.881Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T10:55:08.599Z","@version":"1","message":"Sep  9 10:55:07 honeypot-sgp-1 kernel: [83597023.655800] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.176.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=31894 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:56:47.644Z","@version":"1","message":"Sep  9 10:56:47 honeypot-sgp-1 sshd[631]: Invalid user ww from 154.221.26.62 port 55630","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:00:36.739Z","@version":"1","message":"Sep  9 11:00:36 honeypot-sgp-1 sshd[636]: Disconnected from authenticating user root 179.131.10.103 port 51066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:09:03 honeypot-ams-1 kernel: [83598330.651479] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.7.59.32 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=54457 PROTO=TCP SPT=59469 DPT=443 WINDOW=50533 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:09:03.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:09:52 honeypot-fra-1 kernel: [83596229.118463] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.230.103.248 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=38356 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:09:52.329Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T11:11:57.017Z","@version":"1","message":"Sep  9 11:11:56 honeypot-sgp-1 sshd[644]: Did not receive identification string from 103.9.36.251 port 61742","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:16:22.126Z","@version":"1","message":"Sep  9 11:16:21 honeypot-sgp-1 sshd[649]: Disconnected from authenticating user root 103.9.36.251 port 15748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:17:01 honeypot-ams-1 CRON[3573]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T11:17:01.724Z"}
{"@timestamp":"2022-09-09T11:17:42.164Z","@version":"1","message":"Sep  9 11:17:41 honeypot-sgp-1 sshd[657]: Received disconnect from 103.9.36.251 port 54740:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:19:02.198Z","@version":"1","message":"Sep  9 11:19:02 honeypot-sgp-1 sshd[661]: Disconnected from authenticating user root 103.9.36.251 port 37233 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:23:05.301Z","@version":"1","message":"Sep  9 11:23:04 honeypot-sgp-1 sshd[668]: Received disconnect from 103.9.36.251 port 41216:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:24:33 honeypot-ams-1 sshd[3577]: Received disconnect from 68.183.25.156 port 36010:11: Bye Bye [preauth]","@timestamp":"2022-09-09T11:24:33.925Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:24:33 honeypot-fra-1 sshd[26419]: Invalid user pi from 82.66.3.241 port 45062","@timestamp":"2022-09-09T11:24:34.641Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:26:19.382Z","@version":"1","message":"Sep  9 11:26:18 honeypot-sgp-1 sshd[672]: Disconnected from authenticating user root 103.9.36.251 port 62703 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:32:23.547Z","@version":"1","message":"Sep  9 11:32:22 honeypot-sgp-1 sshd[679]: Received disconnect from 103.9.36.251 port 10188:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:33:26 honeypot-ams-1 sshd[3582]: Received disconnect from 98.146.197.7 port 58834:11: Bye Bye [preauth]","@timestamp":"2022-09-09T11:33:27.162Z"}
{"@timestamp":"2022-09-09T11:36:04.639Z","@version":"1","message":"Sep  9 11:36:04 honeypot-sgp-1 kernel: [83599480.241090] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.236 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34883 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:39:59 honeypot-fra-1 sshd[26426]: Invalid user joshua from 165.22.45.108 port 43120","@timestamp":"2022-09-09T11:39:59.999Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:40:45 honeypot-fra-1 sshd[26430]: Connection closed by invalid user pi 46.198.170.74 port 47966 [preauth]","@timestamp":"2022-09-09T11:40:46.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:41:16.768Z","@version":"1","message":"Sep  9 11:41:16 honeypot-sgp-1 sshd[689]: Invalid user schmidt from 134.122.30.119 port 58092","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:46:13.889Z","@version":"1","message":"Sep  9 11:46:13 honeypot-sgp-1 sshd[694]: Invalid user kayla from 51.143.96.123 port 57968","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:47:49 honeypot-ams-1 kernel: [83600656.866990] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5353 PROTO=TCP SPT=45273 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:47:50.531Z"}
{"@timestamp":"2022-09-09T11:48:11.939Z","@version":"1","message":"Sep  9 11:48:11 honeypot-sgp-1 sshd[698]: Received disconnect from 103.9.36.251 port 35692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:50:32 honeypot-ams-1 sshd[3593]: Invalid user user1 from 103.188.176.251 port 37710","@timestamp":"2022-09-09T11:50:32.603Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:54:45 honeypot-fra-1 sshd[26437]: Invalid user user1 from 103.188.176.251 port 54398","@timestamp":"2022-09-09T11:54:46.341Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:56:16.140Z","@version":"1","message":"Sep  9 11:56:15 honeypot-sgp-1 kernel: [83600691.730743] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.123.198.153 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=40237 PROTO=TCP SPT=44458 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:00:01 honeypot-ams-1 kernel: [83601388.172544] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=49997 PROTO=TCP SPT=25870 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:00:01.865Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:01:04 honeypot-fra-1 kernel: [83599301.078001] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=30002 PROTO=TCP SPT=46695 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:01:04.487Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T12:04:10.337Z","@version":"1","message":"Sep  9 12:04:10 honeypot-sgp-1 sshd[710]: Received disconnect from 103.9.36.251 port 22208:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:08:33 honeypot-ams-1 kernel: [83601900.286324] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=52032 PROTO=TCP SPT=44803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:08:34.091Z"}
{"@timestamp":"2022-09-09T12:08:39.449Z","@version":"1","message":"Sep  9 12:08:38 honeypot-sgp-1 sshd[714]: Received disconnect from 103.9.36.251 port 61215:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:11:18 honeypot-fra-1 sshd[26442]: Received disconnect from 165.22.45.108 port 48130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T12:11:19.734Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:13:20.565Z","@version":"1","message":"Sep  9 12:13:20 honeypot-sgp-1 sshd[720]: Received disconnect from 103.9.36.251 port 43722:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T12:17:02.656Z","@version":"1","message":"Sep  9 12:17:01 honeypot-sgp-1 CRON[725]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:17:45 honeypot-ams-1 sshd[3608]: Connection closed by invalid user admin 175.193.249.203 port 60516 [preauth]","@timestamp":"2022-09-09T12:17:46.350Z"}
{"@timestamp":"2022-09-09T12:18:44.703Z","@version":"1","message":"Sep  9 12:18:43 honeypot-sgp-1 sshd[732]: Connection closed by invalid user user1 103.188.176.251 port 44932 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:23:30 honeypot-fra-1 kernel: [83600647.610816] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=42.81.157.50 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=24340 PROTO=TCP SPT=45919 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:23:31.032Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:27:21 honeypot-ams-1 sshd[3613]: Received disconnect from 124.158.5.133 port 53966:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:27:21.597Z"}
{"@timestamp":"2022-09-09T12:29:41.973Z","@version":"1","message":"Sep  9 12:29:41 honeypot-sgp-1 sshd[738]: Disconnected from authenticating user root 103.9.36.251 port 47751 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:29:54 honeypot-ams-1 sshd[3617]: Disconnected from invalid user antivirus 187.230.177.3 port 38234 [preauth]","@timestamp":"2022-09-09T12:29:54.664Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:32:51 honeypot-ams-1 kernel: [83603358.922114] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.215.79.30 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=40 ID=62055 DF PROTO=TCP SPT=42070 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:32:52.744Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:36:55 honeypot-fra-1 sshd[26453]: Received disconnect from 162.241.201.224 port 46558:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:36:56.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:37:42 honeypot-fra-1 sshd[26457]: Did not receive identification string from 141.255.162.226 port 51534","@timestamp":"2022-09-09T12:37:42.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:00 honeypot-fra-1 sshd[26460]: Disconnected from invalid user user 141.255.162.226 port 48908 [preauth]","@timestamp":"2022-09-09T12:38:01.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:02 honeypot-fra-1 sshd[26464]: Disconnected from invalid user user 141.255.162.226 port 35036 [preauth]","@timestamp":"2022-09-09T12:38:03.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:06 honeypot-fra-1 sshd[26468]: Disconnected from invalid user user 141.255.162.226 port 49398 [preauth]","@timestamp":"2022-09-09T12:38:07.410Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:38:18.184Z","@version":"1","message":"Sep  9 12:38:18 honeypot-sgp-1 sshd[744]: Received disconnect from 134.209.109.149 port 37310:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:38:19 honeypot-ams-1 kernel: [83603686.589641] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.117.94.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=26347 PROTO=TCP SPT=14458 DPT=443 WINDOW=5458 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:38:19.888Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:41:58 honeypot-fra-1 sshd[26473]: Disconnected from invalid user br 20.232.175.215 port 45236 [preauth]","@timestamp":"2022-09-09T12:41:59.499Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:42:21.285Z","@version":"1","message":"Sep  9 12:42:21 honeypot-sgp-1 kernel: [83603457.075888] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=2536 DF PROTO=TCP SPT=50826 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:44:36 honeypot-ams-1 kernel: [83604063.901181] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=49867 DF PROTO=TCP SPT=45131 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:44:37.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:44:43 honeypot-fra-1 sshd[26480]: Received disconnect from 45.61.186.249 port 34668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T12:44:43.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:02 honeypot-fra-1 sshd[26486]: Received disconnect from 45.61.186.249 port 57658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T12:45:02.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:11 honeypot-fra-1 sshd[26488]: Disconnected from invalid user user 45.61.186.249 port 40928 [preauth]","@timestamp":"2022-09-09T12:45:12.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:28 honeypot-fra-1 sshd[26492]: Disconnected from invalid user user 45.61.186.249 port 35742 [preauth]","@timestamp":"2022-09-09T12:45:28.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:51 honeypot-fra-1 sshd[26496]: Disconnected from invalid user 3.141.127.192 115.236.8.253 port 35960 [preauth]","@timestamp":"2022-09-09T12:45:52.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:46:45 honeypot-fra-1 sshd[26500]: Disconnected from invalid user shearer 187.106.203.217 port 48642 [preauth]","@timestamp":"2022-09-09T12:46:46.636Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:48:10.431Z","@version":"1","message":"Sep  9 12:48:10 honeypot-sgp-1 kernel: [83603806.122876] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=45115 PROTO=TCP SPT=47679 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:50:48 honeypot-fra-1 sshd[26507]: Received disconnect from 150.230.235.117 port 52648:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:50:48.730Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:55:11.601Z","@version":"1","message":"Sep  9 12:55:11 honeypot-sgp-1 kernel: [83604227.215891] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9614 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:55:26 honeypot-fra-1 kernel: [83602562.770392] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=82.157.25.28 DST=165.22.82.222 LEN=40 TOS=0x08 PREC=0x00 TTL=45 ID=37408 DF PROTO=TCP SPT=12848 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:55:26.836Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T13:03:39.808Z","@version":"1","message":"Sep  9 13:03:39 honeypot-sgp-1 sshd[766]: Invalid user daniel from 180.228.243.235 port 53371","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:05:56 honeypot-ams-1 sshd[3632]: Disconnected from authenticating user root 80.76.51.43 port 41656 [preauth]","@timestamp":"2022-09-09T13:05:56.611Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:06:26 honeypot-ams-1 sshd[3636]: Disconnected from invalid user test 80.76.51.43 port 46360 [preauth]","@timestamp":"2022-09-09T13:06:27.627Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:07:04 honeypot-fra-1 sshd[26517]: Disconnected from invalid user phpbb2 124.109.61.121 port 50752 [preauth]","@timestamp":"2022-09-09T13:07:05.096Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:07:10 honeypot-ams-1 sshd[3642]: Disconnected from authenticating user root 80.76.51.43 port 39268 [preauth]","@timestamp":"2022-09-09T13:07:10.649Z"}
{"@timestamp":"2022-09-09T13:07:33.905Z","@version":"1","message":"Sep  9 13:07:33 honeypot-sgp-1 kernel: [83604969.335502] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49551 PROTO=TCP SPT=20471 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:07:40 honeypot-ams-1 sshd[3648]: Received disconnect from 100.42.48.11 port 57248:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:07:41.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:08:06 honeypot-ams-1 sshd[3652]: Disconnected from authenticating user root 80.76.51.43 port 48554 [preauth]","@timestamp":"2022-09-09T13:08:06.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:08:49 honeypot-ams-1 sshd[3661]: Invalid user git from 80.76.51.43 port 41372","@timestamp":"2022-09-09T13:08:49.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:10:12 honeypot-ams-1 sshd[3663]: Disconnected from invalid user jose 51.250.90.116 port 57658 [preauth]","@timestamp":"2022-09-09T13:10:13.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:12:57 honeypot-fra-1 sshd[26524]: Connection closed by invalid user admin 218.161.109.35 port 43871 [preauth]","@timestamp":"2022-09-09T13:12:58.230Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:13:47.057Z","@version":"1","message":"Sep  9 13:13:46 honeypot-sgp-1 sshd[777]: Invalid user izawa from 128.199.4.167 port 47310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 13:14:37 honeypot-ams-1 kernel: [83605864.724305] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.95.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42450 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:14:37.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:14:49 honeypot-ams-1 sshd[3671]: Disconnected from invalid user user 45.61.186.169 port 38628 [preauth]","@timestamp":"2022-09-09T13:14:49.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:15:06 honeypot-ams-1 sshd[3675]: Disconnected from invalid user user 45.61.186.169 port 33604 [preauth]","@timestamp":"2022-09-09T13:15:06.879Z"}
{"@timestamp":"2022-09-09T13:15:13.094Z","@version":"1","message":"Sep  9 13:15:12 honeypot-sgp-1 sshd[781]: Invalid user hugo from 142.93.112.39 port 34720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:15:22 honeypot-ams-1 sshd[3679]: Disconnected from invalid user user 45.61.186.169 port 56810 [preauth]","@timestamp":"2022-09-09T13:15:22.888Z"}
{"@timestamp":"2022-09-09T13:16:43.132Z","@version":"1","message":"Sep  9 13:16:42 honeypot-sgp-1 kernel: [83605518.065473] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=238 ID=58813 PROTO=TCP SPT=23687 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:17:01 honeypot-fra-1 CRON[26529]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T13:17:02.323Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:20:43 honeypot-ams-1 sshd[3685]: Disconnected from invalid user metser 79.60.237.168 port 49688 [preauth]","@timestamp":"2022-09-09T13:20:44.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:23:19 honeypot-ams-1 sshd[3689]: Received disconnect from 202.165.17.131 port 51560:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:23:19.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:24:31 honeypot-ams-1 sshd[3693]: Invalid user garry from 217.17.230.180 port 39236","@timestamp":"2022-09-09T13:24:32.139Z"}
{"@timestamp":"2022-09-09T13:26:56.378Z","@version":"1","message":"Sep  9 13:26:55 honeypot-sgp-1 sshd[789]: Disconnected from authenticating user root 103.9.36.251 port 38402 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:31:01 honeypot-ams-1 sshd[3698]: Received disconnect from 92.255.85.70 port 48852:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:31:02.312Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:32:08 honeypot-fra-1 sshd[26534]: Invalid user oracle from 92.255.85.69 port 40614","@timestamp":"2022-09-09T13:32:09.662Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:35:27.585Z","@version":"1","message":"Sep  9 13:35:27 honeypot-sgp-1 kernel: [83606643.303112] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.233.239 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=9596 PROTO=TCP SPT=52817 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T13:47:02.894Z","@version":"1","message":"Sep  9 13:47:01 honeypot-sgp-1 sshd[805]: Disconnected from authenticating user root 103.9.36.251 port 20969 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:47:24 honeypot-fra-1 sshd[26538]: Invalid user jritchey from 165.22.45.108 port 35018","@timestamp":"2022-09-09T13:47:24.997Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:53:23.059Z","@version":"1","message":"Sep  9 13:53:22 honeypot-sgp-1 sshd[811]: Disconnected from authenticating user root 92.255.85.70 port 48846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 13:54:47 honeypot-ams-1 kernel: [83608274.240363] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=90 TOS=0x00 PREC=0x00 TTL=252 ID=59397 PROTO=TCP SPT=15437 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:54:47.930Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26555]: Invalid user user from 212.87.251.118 port 59074","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26558]: Invalid user git from 212.87.251.118 port 59092","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26560]: Invalid user es from 212.87.251.118 port 59102","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26549]: Connection closed by invalid user elasticsearch 212.87.251.118 port 59026 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26556]: Connection closed by invalid user ubuntu 212.87.251.118 port 59082 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26560]: Connection closed by invalid user es 212.87.251.118 port 59102 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26550]: Connection closed by invalid user ubuntu 212.87.251.118 port 59052 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26571]: Invalid user postgres from 212.87.251.118 port 59148","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26572]: Connection closed by invalid user oracle 212.87.251.118 port 59144 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:58:13 honeypot-fra-1 sshd[26598]: Received disconnect from 92.255.85.69 port 28730:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:58:14.239Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:58:31.187Z","@version":"1","message":"Sep  9 13:58:30 honeypot-sgp-1 kernel: [83608026.305713] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=44.210.86.208 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=29038 DF PROTO=TCP SPT=61568 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:59:32 honeypot-ams-1 sshd[3710]: Received disconnect from 159.65.148.176 port 39692:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:59:33.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:03:34 honeypot-ams-1 sshd[3715]: Connection closed by 43.156.25.237 port 55530 [preauth]","@timestamp":"2022-09-09T14:03:35.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:13:15 honeypot-ams-1 sshd[3720]: Received disconnect from 94.30.68.41 port 59510:11: Bye Bye [preauth]","@timestamp":"2022-09-09T14:13:16.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:16:17 honeypot-fra-1 sshd[26603]: Connection closed by invalid user caobin 167.71.231.98 port 33870 [preauth]","@timestamp":"2022-09-09T14:16:17.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:22:11 honeypot-ams-1 sshd[3730]: Received disconnect from 92.255.85.70 port 37904:11: Bye Bye [preauth]","@timestamp":"2022-09-09T14:22:12.659Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:22:57 honeypot-fra-1 sshd[26611]: Received disconnect from 92.255.85.69 port 50898:11: Bye Bye [preauth]","@timestamp":"2022-09-09T14:22:57.773Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T14:23:08.800Z","@version":"1","message":"Sep  9 14:23:08 honeypot-sgp-1 kernel: [83609504.373234] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=90 TOS=0x00 PREC=0x00 TTL=238 ID=38239 PROTO=TCP SPT=4857 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:28:59 honeypot-fra-1 sshd[26615]: Received disconnect from 198.98.61.9 port 56786:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T14:28:59.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:16 honeypot-fra-1 sshd[26617]: Connection closed by invalid user admin 193.106.191.157 port 55518 [preauth]","@timestamp":"2022-09-09T14:29:16.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:26 honeypot-fra-1 sshd[26623]: Disconnected from invalid user user 198.98.61.9 port 34522 [preauth]","@timestamp":"2022-09-09T14:29:26.921Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:29:42 honeypot-ams-1 sshd[3737]: Received disconnect from 103.200.21.229 port 55448:11: Bye Bye [preauth]","@timestamp":"2022-09-09T14:29:42.859Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:42 honeypot-fra-1 sshd[26627]: Disconnected from invalid user user 198.98.61.9 port 57310 [preauth]","@timestamp":"2022-09-09T14:29:42.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:31:22 honeypot-fra-1 sshd[26632]: Invalid user user1 from 103.188.176.251 port 46978","@timestamp":"2022-09-09T14:31:22.966Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 14:33:42 honeypot-ams-1 kernel: [83610609.683530] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.146.62.210 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=122 DF PROTO=TCP SPT=3175 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:33:42.966Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:39:05 honeypot-fra-1 kernel: [83608781.908026] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.221.192.29 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=8323 PROTO=TCP SPT=13366 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:39:06.127Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T14:43:45.322Z","@version":"1","message":"Sep  9 14:43:45 honeypot-sgp-1 sshd[829]: Received disconnect from 92.255.85.69 port 34122:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 14:46:00 honeypot-ams-1 kernel: [83611347.831493] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=22018 PROTO=TCP SPT=53711 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:46:01.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:19 honeypot-fra-1 sshd[26669]: Did not receive identification string from 20.243.201.105 port 50238","@timestamp":"2022-09-09T14:46:20.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:20 honeypot-fra-1 sshd[26686]: Invalid user elasticsearch from 20.243.201.105 port 50300","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26693]: Invalid user elastic from 20.243.201.105 port 50304","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26685]: Invalid user web from 20.243.201.105 port 50316","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26689]: Invalid user mysql from 20.243.201.105 port 50282","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26678]: Connection closed by invalid user es 20.243.201.105 port 50272 [preauth]","@timestamp":"2022-09-09T14:46:22.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26674]: Connection closed by invalid user steam 20.243.201.105 port 50256 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26681]: Connection closed by invalid user opc 20.243.201.105 port 50284 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26698]: Connection closed by invalid user test 20.243.201.105 port 50318 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26683]: Connection closed by invalid user git 20.243.201.105 port 50298 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:51:32 honeypot-fra-1 sshd[26731]: Invalid user js from 165.22.45.108 port 45094","@timestamp":"2022-09-09T14:51:33.401Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T14:52:19.550Z","@version":"1","message":"Sep  9 14:52:18 honeypot-sgp-1 sshd[837]: Received disconnect from 165.22.42.39 port 55976:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:55:03.618Z","@version":"1","message":"Sep  9 14:55:03 honeypot-sgp-1 sshd[843]: Invalid user user1 from 103.188.176.251 port 60120","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:56:01 honeypot-ams-1 sshd[3747]: Did not receive identification string from 143.198.79.64 port 44670","@timestamp":"2022-09-09T14:56:01.541Z"}
{"@timestamp":"2022-09-09T14:56:13.649Z","@version":"1","message":"Sep  9 14:56:12 honeypot-sgp-1 sshd[848]: Disconnected from authenticating user root 165.22.42.39 port 53666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:58:16.700Z","@version":"1","message":"Sep  9 14:58:16 honeypot-sgp-1 sshd[854]: Received disconnect from 103.9.36.251 port 60243:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:23 honeypot-ams-1 sshd[3751]: Received disconnect from 141.255.162.226 port 56496:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:00:24.657Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:25 honeypot-ams-1 sshd[3755]: Received disconnect from 141.255.162.226 port 49794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:00:26.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:28 honeypot-ams-1 sshd[3759]: Received disconnect from 141.255.162.226 port 35940:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:00:29.660Z"}
{"@timestamp":"2022-09-09T15:00:49.765Z","@version":"1","message":"Sep  9 15:00:49 honeypot-sgp-1 kernel: [83611764.827368] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=54273 PROTO=TCP SPT=55603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:02:44.814Z","@version":"1","message":"Sep  9 15:02:44 honeypot-sgp-1 sshd[866]: Received disconnect from 165.22.42.39 port 35500:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:03:34 honeypot-ams-1 sshd[3764]: Invalid user samantha from 143.198.77.227 port 59964","@timestamp":"2022-09-09T15:03:34.740Z"}
{"@timestamp":"2022-09-09T15:04:40.866Z","@version":"1","message":"Sep  9 15:04:40 honeypot-sgp-1 sshd[871]: Invalid user schoosoft from 165.22.42.39 port 34340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:04:55 honeypot-fra-1 kernel: [83610332.122279] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51216 PROTO=TCP SPT=55603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:04:56.710Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T15:05:34.891Z","@version":"1","message":"Sep  9 15:05:34 honeypot-sgp-1 sshd[873]: Disconnected from invalid user petrong 165.22.42.39 port 47890 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:06:56 honeypot-fra-1 sshd[26740]: Received disconnect from 45.61.184.204 port 53226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:06:56.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:07:15 honeypot-fra-1 sshd[26744]: Invalid user user from 45.61.184.204 port 48094","@timestamp":"2022-09-09T15:07:15.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:07:33 honeypot-fra-1 sshd[26748]: Invalid user user from 45.61.184.204 port 42922","@timestamp":"2022-09-09T15:07:34.774Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:07:59.952Z","@version":"1","message":"Sep  9 15:07:59 honeypot-sgp-1 sshd[880]: Invalid user 0 from 92.255.85.70 port 47084","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:08:05 honeypot-fra-1 kernel: [83610521.691474] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=53771 PROTO=TCP SPT=16744 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:08:05.788Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T15:09:20.986Z","@version":"1","message":"Sep  9 15:09:20 honeypot-sgp-1 sshd[884]: Invalid user samson from 165.22.42.39 port 45568","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:10:05 honeypot-fra-1 sshd[26755]: Disconnected from invalid user 0 92.255.85.69 port 28842 [preauth]","@timestamp":"2022-09-09T15:10:05.832Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:11:02 honeypot-ams-1 sshd[3769]: Invalid user hans from 167.71.235.223 port 39340","@timestamp":"2022-09-09T15:11:02.934Z"}
{"@timestamp":"2022-09-09T15:11:12.033Z","@version":"1","message":"Sep  9 15:11:11 honeypot-sgp-1 sshd[888]: Received disconnect from 165.22.42.39 port 44416:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 15:11:38 honeypot-ams-1 kernel: [83612885.834755] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=58579 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:11:38.951Z"}
{"@timestamp":"2022-09-09T15:13:02.080Z","@version":"1","message":"Sep  9 15:13:01 honeypot-sgp-1 sshd[894]: Received disconnect from 165.22.42.39 port 43256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:08 honeypot-ams-1 sshd[3776]: Received disconnect from 141.255.162.226 port 53318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:13:08.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:10 honeypot-ams-1 sshd[3780]: Received disconnect from 141.255.162.226 port 39114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:13:10.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:15 honeypot-ams-1 sshd[3784]: Received disconnect from 141.255.162.226 port 46132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:13:15.996Z"}
{"@timestamp":"2022-09-09T15:14:54.128Z","@version":"1","message":"Sep  9 15:14:53 honeypot-sgp-1 sshd[899]: Received disconnect from 165.22.42.39 port 42102:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:14:56 honeypot-ams-1 sshd[3789]: Invalid user vyatta from 178.46.163.191 port 48406","@timestamp":"2022-09-09T15:14:56.042Z"}
{"@timestamp":"2022-09-09T15:16:46.177Z","@version":"1","message":"Sep  9 15:16:46 honeypot-sgp-1 sshd[904]: Disconnected from authenticating user root 165.22.42.39 port 40954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:17:44.203Z","@version":"1","message":"Sep  9 15:17:43 honeypot-sgp-1 kernel: [83612779.430621] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.191.163 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=43332 PROTO=TCP SPT=57953 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:17:53 honeypot-fra-1 sshd[26762]: Disconnected from invalid user klara 148.72.209.121 port 35984 [preauth]","@timestamp":"2022-09-09T15:17:54.004Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:19:27 honeypot-ams-1 sshd[3794]: Invalid user viola from 178.62.63.15 port 35070","@timestamp":"2022-09-09T15:19:28.161Z"}
{"@timestamp":"2022-09-09T15:19:39.254Z","@version":"1","message":"Sep  9 15:19:38 honeypot-sgp-1 sshd[915]: Disconnected from invalid user dev 165.22.42.39 port 53326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:21:49.310Z","@version":"1","message":"Sep  9 15:21:49 honeypot-sgp-1 kernel: [83613024.791907] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=87.246.7.194 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=25191 PROTO=TCP SPT=48705 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:05 honeypot-fra-1 sshd[26768]: Invalid user user from 141.255.162.226 port 58900","@timestamp":"2022-09-09T15:22:06.100Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:08 honeypot-fra-1 sshd[26772]: Invalid user user from 141.255.162.226 port 44446","@timestamp":"2022-09-09T15:22:09.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:12 honeypot-fra-1 sshd[26776]: Invalid user user from 141.255.162.226 port 58228","@timestamp":"2022-09-09T15:22:13.104Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:26:24.426Z","@version":"1","message":"Sep  9 15:26:23 honeypot-sgp-1 sshd[927]: Received disconnect from 206.189.49.35 port 56306:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:28:09 honeypot-fra-1 sshd[26781]: Did not receive identification string from 45.61.186.49 port 39180","@timestamp":"2022-09-09T15:28:10.237Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 15:28:33 honeypot-ams-1 kernel: [83613900.581889] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=32899 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:28:34.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:28:39 honeypot-fra-1 sshd[26784]: Disconnected from invalid user user 45.61.186.49 port 53878 [preauth]","@timestamp":"2022-09-09T15:28:39.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:28:49 honeypot-fra-1 sshd[26788]: Disconnected from invalid user user 45.61.186.49 port 37350 [preauth]","@timestamp":"2022-09-09T15:28:49.253Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:31:40.557Z","@version":"1","message":"Sep  9 15:31:40 honeypot-sgp-1 kernel: [83613615.694525] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.131 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=49748 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:32:59 honeypot-ams-1 sshd[3801]: Disconnected from invalid user admin 92.255.85.70 port 62456 [preauth]","@timestamp":"2022-09-09T15:32:59.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:39:12 honeypot-fra-1 kernel: [83612388.474135] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=37663 PROTO=TCP SPT=51319 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:39:12.484Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T15:51:40.036Z","@version":"1","message":"Sep  9 15:51:39 honeypot-sgp-1 kernel: [83614814.803740] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.38.172.78 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=26 ID=36225 PROTO=TCP SPT=39799 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 15:52:11 honeypot-ams-1 kernel: [83615318.170766] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.123.248.67 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=22947 DF PROTO=TCP SPT=63988 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:52:12.027Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:55:43 honeypot-fra-1 sshd[27238]: Invalid user julia from 165.22.45.108 port 55178","@timestamp":"2022-09-09T15:55:43.863Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:07 honeypot-fra-1 sshd[27241]: Disconnected from invalid user user 198.98.61.9 port 36168 [preauth]","@timestamp":"2022-09-09T15:56:07.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:24 honeypot-fra-1 sshd[27245]: Disconnected from invalid user user 198.98.61.9 port 59250 [preauth]","@timestamp":"2022-09-09T15:56:24.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:40 honeypot-fra-1 sshd[27249]: Disconnected from invalid user user 198.98.61.9 port 54084 [preauth]","@timestamp":"2022-09-09T15:56:40.890Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:56 honeypot-fra-1 sshd[27253]: Received disconnect from 198.98.61.9 port 48916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:56:57.898Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:57:16 honeypot-ams-1 sshd[3810]: Invalid user pi from 92.152.11.18 port 59862","@timestamp":"2022-09-09T15:57:17.159Z"}
{"@timestamp":"2022-09-09T15:57:36.182Z","@version":"1","message":"Sep  9 15:57:35 honeypot-sgp-1 sshd[944]: Invalid user admin from 128.199.160.207 port 54398","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:57:52.189Z","@version":"1","message":"Sep  9 15:57:51 honeypot-sgp-1 sshd[950]: Invalid user annemarie from 162.243.61.162 port 50218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 16:01:31 honeypot-ams-1 kernel: [83615878.981374] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.227.93.198 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32468 DF PROTO=TCP SPT=42066 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:01:32.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:07:03 honeypot-ams-1 sshd[3818]: Received disconnect from 139.135.229.27 port 60328:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:07:03.415Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:12:37 honeypot-fra-1 sshd[27261]: Connection closed by invalid user admin 141.98.10.158 port 57088 [preauth]","@timestamp":"2022-09-09T16:12:38.232Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 16:14:31 honeypot-ams-1 kernel: [83616658.352365] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=45057 PROTO=TCP SPT=44360 DPT=80 WINDOW=65040 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:14:31.622Z"}
{"@timestamp":"2022-09-09T16:17:02.642Z","@version":"1","message":"Sep  9 16:17:01 honeypot-sgp-1 CRON[956]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:19:02.691Z","@version":"1","message":"Sep  9 16:19:02 honeypot-sgp-1 sshd[961]: Disconnected from authenticating user root 170.210.71.10 port 60702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 16:19:19 honeypot-ams-1 kernel: [83616946.281417] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.67.66.107 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=26598 DF PROTO=TCP SPT=28251 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:19:19.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:20:40 honeypot-fra-1 kernel: [83614876.723911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=53654 PROTO=TCP SPT=41348 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:20:41.429Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T16:21:53.761Z","@version":"1","message":"Sep  9 16:21:53 honeypot-sgp-1 sshd[966]: Disconnected from invalid user user 45.61.186.49 port 45106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:22:04.767Z","@version":"1","message":"Sep  9 16:22:04 honeypot-sgp-1 sshd[971]: Disconnected from invalid user user 45.61.186.49 port 56686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:24:10.818Z","@version":"1","message":"Sep  9 16:24:10 honeypot-sgp-1 sshd[975]: Disconnected from invalid user scott 159.65.188.65 port 45868 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:27:02 honeypot-ams-1 sshd[4283]: Disconnected from authenticating user root 61.177.173.39 port 36085 [preauth]","@timestamp":"2022-09-09T16:27:02.947Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:28:40 honeypot-fra-1 kernel: [83615356.343734] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.132 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=11508 PROTO=TCP SPT=27539 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:28:40.606Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 16:32:52 honeypot-ams-1 kernel: [83617759.312660] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.124.251.167 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=8871 PROTO=TCP SPT=65087 DPT=80 WINDOW=55839 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:32:53.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:35:07 honeypot-ams-1 sshd[4292]: Received disconnect from 165.227.204.174 port 36158:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:35:08.161Z"}
{"@timestamp":"2022-09-09T16:36:54.126Z","@version":"1","message":"Sep  9 16:36:53 honeypot-sgp-1 kernel: [83617529.451691] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57401 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:39:43 honeypot-fra-1 sshd[27275]: Disconnected from invalid user admin 92.255.85.69 port 47596 [preauth]","@timestamp":"2022-09-09T16:39:43.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:39:50 honeypot-ams-1 sshd[4295]: Disconnected from invalid user admin 92.255.85.70 port 60758 [preauth]","@timestamp":"2022-09-09T16:39:51.284Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 16:41:04 honeypot-ams-1 kernel: [83618251.888296] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.236.225.41 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=59347 PROTO=TCP SPT=60301 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:41:05.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:45:13 honeypot-ams-1 sshd[4304]: Disconnected from invalid user skkb 42.200.212.120 port 35870 [preauth]","@timestamp":"2022-09-09T16:45:14.426Z"}
{"@timestamp":"2022-09-09T16:48:23.405Z","@version":"1","message":"Sep  9 16:48:23 honeypot-sgp-1 sshd[983]: Received disconnect from 157.245.9.6 port 50142:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:49:07 honeypot-fra-1 sshd[27280]: Invalid user gerry from 211.210.152.106 port 55288","@timestamp":"2022-09-09T16:49:08.062Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:50:45 honeypot-ams-1 sshd[4309]: Received disconnect from 139.59.189.130 port 44284:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:50:46.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:52:19 honeypot-fra-1 sshd[27283]: Disconnected from invalid user cz 132.145.168.70 port 59732 [preauth]","@timestamp":"2022-09-09T16:52:20.134Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T16:54:16.549Z","@version":"1","message":"Sep  9 16:54:16 honeypot-sgp-1 sshd[988]: Disconnected from invalid user whipple 170.210.71.10 port 41200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:54:59 honeypot-ams-1 sshd[4315]: Received disconnect from 150.136.65.184 port 54970:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:55:00.675Z"}
{"@timestamp":"2022-09-09T16:55:56.591Z","@version":"1","message":"Sep  9 16:55:56 honeypot-sgp-1 kernel: [83618671.692177] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.151 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=64552 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:58:29 honeypot-fra-1 sshd[27288]: Disconnected from authenticating user root 14.232.243.151 port 58452 [preauth]","@timestamp":"2022-09-09T16:58:29.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:00:48 honeypot-ams-1 sshd[4324]: Received disconnect from 61.177.173.48 port 43027:11:  [preauth]","@timestamp":"2022-09-09T17:00:48.828Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:02:20 honeypot-fra-1 sshd[27294]: Invalid user reinaldo from 143.198.104.9 port 40176","@timestamp":"2022-09-09T17:02:21.359Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:04:01 honeypot-ams-1 sshd[4329]: Disconnected from invalid user oracle 92.255.85.69 port 35488 [preauth]","@timestamp":"2022-09-09T17:04:01.912Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:04:26 honeypot-fra-1 sshd[27299]: Invalid user deborah from 164.92.210.129 port 60304","@timestamp":"2022-09-09T17:04:27.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27310]: Invalid user jenkins from 34.92.211.177 port 34906","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27321]: Invalid user test from 34.92.211.177 port 34922","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27315]: Invalid user admin from 34.92.211.177 port 34896","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27305]: Connection closed by invalid user ftp 34.92.211.177 port 34898 [preauth]","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27309]: Connection closed by invalid user test 34.92.211.177 port 34944 [preauth]","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27316]: Connection closed by invalid user test 34.92.211.177 port 34892 [preauth]","@timestamp":"2022-09-09T17:06:01.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:03 honeypot-fra-1 sshd[27344]: Invalid user ftpuser from 34.92.211.177 port 34936","@timestamp":"2022-09-09T17:06:03.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:21 honeypot-fra-1 sshd[27350]: Invalid user user1 from 103.188.176.251 port 54632","@timestamp":"2022-09-09T17:06:22.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:09:01 honeypot-ams-1 CRON[4335]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T17:09:02.046Z"}
{"@timestamp":"2022-09-09T17:09:01.905Z","@version":"1","message":"Sep  9 17:09:01 honeypot-sgp-1 CRON[1073]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:11:09 honeypot-fra-1 sshd[27356]: Invalid user pc from 147.182.167.232 port 45690","@timestamp":"2022-09-09T17:11:09.558Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:11:16 honeypot-ams-1 sshd[4345]: Disconnected from authenticating user root 179.43.156.143 port 59136 [preauth]","@timestamp":"2022-09-09T17:11:17.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:11:57 honeypot-ams-1 sshd[4351]: Disconnected from authenticating user root 109.205.213.20 port 47418 [preauth]","@timestamp":"2022-09-09T17:11:58.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:13:15 honeypot-ams-1 sshd[4358]: Disconnected from authenticating user root 179.43.156.143 port 46906 [preauth]","@timestamp":"2022-09-09T17:13:16.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:14:16 honeypot-ams-1 sshd[4364]: Invalid user user from 109.205.213.20 port 50868","@timestamp":"2022-09-09T17:14:17.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:15:16 honeypot-ams-1 sshd[4369]: Invalid user ossuser from 179.43.156.143 port 34610","@timestamp":"2022-09-09T17:15:17.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:09 honeypot-fra-1 sshd[27360]: Received disconnect from 198.98.61.9 port 59842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:16:09.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:16:10 honeypot-ams-1 sshd[4373]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-09T17:16:11.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:26 honeypot-fra-1 sshd[27364]: Received disconnect from 198.98.61.9 port 54828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:16:26.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:43 honeypot-fra-1 sshd[27368]: Received disconnect from 198.98.61.9 port 49812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:16:44.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:17:01 honeypot-fra-1 CRON[27372]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T17:17:01.693Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 17:17:11 honeypot-ams-1 kernel: [83620418.646194] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.17.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=57706 PROTO=TCP SPT=45832 DPT=80 WINDOW=59736 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:17:12.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:18:41 honeypot-ams-1 sshd[4385]: Disconnected from authenticating user root 179.43.156.143 port 42392 [preauth]","@timestamp":"2022-09-09T17:18:42.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:19:59 honeypot-ams-1 sshd[4391]: Received disconnect from 179.43.156.143 port 34218:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:20:00.355Z"}
{"@timestamp":"2022-09-09T17:23:33.248Z","@version":"1","message":"Sep  9 17:23:32 honeypot-sgp-1 sshd[1081]: Received disconnect from 92.255.85.69 port 23742:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:26:29.320Z","@version":"1","message":"Sep  9 17:26:29 honeypot-sgp-1 sshd[1086]: Invalid user user from 45.61.184.204 port 54506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:26:48.334Z","@version":"1","message":"Sep  9 17:26:48 honeypot-sgp-1 sshd[1090]: Invalid user user from 45.61.184.204 port 49690","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:27:06.347Z","@version":"1","message":"Sep  9 17:27:05 honeypot-sgp-1 sshd[1094]: Invalid user user from 45.61.184.204 port 44876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:27:35 honeypot-fra-1 sshd[27407]: Invalid user oracle from 92.255.85.69 port 57870","@timestamp":"2022-09-09T17:27:35.927Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:27:40 honeypot-ams-1 sshd[4399]: Invalid user hst from 104.236.151.120 port 59922","@timestamp":"2022-09-09T17:27:40.554Z"}
{"@timestamp":"2022-09-09T17:29:39.407Z","@version":"1","message":"Sep  9 17:29:39 honeypot-sgp-1 sshd[1099]: Connection closed by authenticating user root 103.188.176.251 port 42880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 17:29:39 honeypot-ams-1 kernel: [83621166.579529] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=41089 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:29:40.608Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:31:15 honeypot-fra-1 sshd[27409]: Disconnected from invalid user jumanji 165.22.45.108 port 42060 [preauth]","@timestamp":"2022-09-09T17:31:16.007Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:32:59 honeypot-ams-1 sshd[4411]: Disconnected from authenticating user root 167.172.152.18 port 40106 [preauth]","@timestamp":"2022-09-09T17:32:59.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:34:13 honeypot-ams-1 sshd[4417]: Received disconnect from 167.172.152.18 port 49520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:34:14.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:35:24 honeypot-ams-1 sshd[4439]: Received disconnect from 167.172.152.18 port 58516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:35:24.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:36:33 honeypot-ams-1 sshd[4448]: Invalid user user from 167.172.152.18 port 39508","@timestamp":"2022-09-09T17:36:34.799Z"}
{"@timestamp":"2022-09-09T17:37:06.591Z","@version":"1","message":"Sep  9 17:37:05 honeypot-sgp-1 kernel: [83621141.440975] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=19359 PROTO=TCP SPT=44590 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:37:20 honeypot-ams-1 sshd[4452]: Invalid user postgres from 167.172.152.18 port 36216","@timestamp":"2022-09-09T17:37:20.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:38:07 honeypot-ams-1 sshd[4456]: Invalid user gituser from 167.172.152.18 port 33056","@timestamp":"2022-09-09T17:38:07.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:38:31 honeypot-ams-1 sshd[4458]: Disconnected from invalid user odoo 167.172.152.18 port 45596 [preauth]","@timestamp":"2022-09-09T17:38:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:39:17 honeypot-ams-1 sshd[4462]: Disconnected from invalid user ec2-user 167.172.152.18 port 42130 [preauth]","@timestamp":"2022-09-09T17:39:17.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:40:03 honeypot-ams-1 sshd[4466]: Disconnected from invalid user ubuntu 167.172.152.18 port 38834 [preauth]","@timestamp":"2022-09-09T17:40:03.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:40:49 honeypot-ams-1 sshd[4474]: Disconnected from invalid user spark 167.172.152.18 port 35664 [preauth]","@timestamp":"2022-09-09T17:40:49.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:41:36 honeypot-ams-1 sshd[4479]: Disconnected from invalid user debian 167.172.152.18 port 60488 [preauth]","@timestamp":"2022-09-09T17:41:36.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:42:08 honeypot-ams-1 sshd[4485]: Received disconnect from 61.177.173.51 port 31942:11:  [preauth]","@timestamp":"2022-09-09T17:42:08.961Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:42:47 honeypot-ams-1 sshd[4489]: Received disconnect from 167.172.152.18 port 41468:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:42:47.980Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:43:34 honeypot-ams-1 sshd[4493]: Received disconnect from 167.172.152.18 port 38146:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:43:35.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:44:21 honeypot-ams-1 sshd[4497]: Received disconnect from 167.172.152.18 port 34870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:44:22.025Z"}
{"@timestamp":"2022-09-09T17:46:02.810Z","@version":"1","message":"Sep  9 17:46:02 honeypot-sgp-1 sshd[1109]: Did not receive identification string from 128.199.96.88 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:48:21 honeypot-ams-1 sshd[4502]: Disconnected from authenticating user root 61.177.173.36 port 25977 [preauth]","@timestamp":"2022-09-09T17:48:22.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:29 honeypot-fra-1 sshd[27414]: Disconnected from invalid user user 141.255.162.226 port 34500 [preauth]","@timestamp":"2022-09-09T17:49:30.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:30 honeypot-fra-1 sshd[27418]: Disconnected from invalid user user 141.255.162.226 port 50568 [preauth]","@timestamp":"2022-09-09T17:49:31.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:35 honeypot-fra-1 sshd[27422]: Disconnected from invalid user user 141.255.162.226 port 58608 [preauth]","@timestamp":"2022-09-09T17:49:36.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:38 honeypot-fra-1 sshd[27426]: Disconnected from invalid user user 141.255.162.226 port 54498 [preauth]","@timestamp":"2022-09-09T17:49:39.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:52:53 honeypot-fra-1 kernel: [83620409.396012] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=42873 PROTO=TCP SPT=31197 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:52:53.479Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 17:58:29 honeypot-ams-1 kernel: [83622896.407334] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.171.59.221 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9578 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:58:30.393Z"}
{"@timestamp":"2022-09-09T18:02:21.202Z","@version":"1","message":"Sep  9 18:02:20 honeypot-sgp-1 kernel: [83622655.926614] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35205 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:02:43 honeypot-fra-1 kernel: [83620999.818724] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=31652 PROTO=TCP SPT=46403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:02:44.696Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:03:24 honeypot-ams-1 sshd[4512]: Received disconnect from 94.23.27.28 port 56976:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:03:24.522Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:04:20 honeypot-ams-1 kernel: [83623247.567148] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.53 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50011 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:04:21.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:05:08 honeypot-fra-1 sshd[27437]: Did not receive identification string from 45.61.184.204 port 55690","@timestamp":"2022-09-09T18:05:08.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:05:35 honeypot-fra-1 sshd[27440]: Received disconnect from 45.61.184.204 port 38268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:05:35.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:05:55 honeypot-fra-1 sshd[27444]: Received disconnect from 45.61.184.204 port 33140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:05:55.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:06:12 honeypot-fra-1 sshd[27448]: Received disconnect from 45.61.184.204 port 56248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:06:12.797Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T18:07:59.341Z","@version":"1","message":"Sep  9 18:07:58 honeypot-sgp-1 sshd[1116]: Disconnected from authenticating user root 43.129.222.252 port 53716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:08:30 honeypot-ams-1 kernel: [83623497.168069] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=26754 PROTO=TCP SPT=46403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:08:30.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:08:34 honeypot-fra-1 sshd[27453]: Invalid user mikidutza from 39.129.9.180 port 39985","@timestamp":"2022-09-09T18:08:34.850Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T18:12:35.452Z","@version":"1","message":"Sep  9 18:12:34 honeypot-sgp-1 kernel: [83623270.127636] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.153.33.197 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=57719 DF PROTO=TCP SPT=26875 DPT=80 WINDOW=32120 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:13:29 honeypot-ams-1 sshd[4529]: Invalid user admin from 80.76.51.44 port 33856","@timestamp":"2022-09-09T18:13:29.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:14:00 honeypot-ams-1 sshd[4533]: Received disconnect from 51.38.70.212 port 46776:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:14:00.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:14:31 honeypot-ams-1 sshd[4539]: Received disconnect from 80.76.51.44 port 54992:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:14:32.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:14:46 honeypot-ams-1 sshd[4543]: Disconnected from authenticating user root 80.76.51.44 port 39154 [preauth]","@timestamp":"2022-09-09T18:14:46.833Z"}
{"@timestamp":"2022-09-09T18:15:07.514Z","@version":"1","message":"Sep  9 18:15:07 honeypot-sgp-1 sshd[1123]: Received disconnect from 167.172.144.144 port 44908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:15:07 honeypot-fra-1 sshd[27458]: Received disconnect from 92.255.85.69 port 61524:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:15:08.009Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:15:30 honeypot-ams-1 sshd[4549]: Disconnected from authenticating user root 80.76.51.44 port 48096 [preauth]","@timestamp":"2022-09-09T18:15:30.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:16:18 honeypot-ams-1 sshd[4555]: Invalid user git from 80.76.51.44 port 56734","@timestamp":"2022-09-09T18:16:18.880Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:17:01 honeypot-ams-1 CRON[4559]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T18:17:01.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:19:33 honeypot-ams-1 sshd[4565]: Disconnected from authenticating user root 61.177.173.37 port 59337 [preauth]","@timestamp":"2022-09-09T18:19:33.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:22:07 honeypot-fra-1 sshd[27465]: Disconnected from invalid user yoon 164.90.149.69 port 46696 [preauth]","@timestamp":"2022-09-09T18:22:08.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T18:22:16.682Z","@version":"1","message":"Sep  9 18:22:15 honeypot-sgp-1 kernel: [83623851.405433] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.95 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51835 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:28:08 honeypot-fra-1 kernel: [83622524.688898] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.141.7 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58159 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:28:09.283Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:31:35 honeypot-fra-1 sshd[27474]: Invalid user pi from 178.164.142.134 port 34974","@timestamp":"2022-09-09T18:31:36.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:34:18 honeypot-fra-1 sshd[27479]: Received disconnect from 152.179.67.70 port 4283:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:34:19.427Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:34:42 honeypot-ams-1 sshd[4574]: Did not receive identification string from 109.206.241.219 port 55928","@timestamp":"2022-09-09T18:34:42.355Z"}
{"@timestamp":"2022-09-09T18:35:38.002Z","@version":"1","message":"Sep  9 18:35:37 honeypot-sgp-1 sshd[1136]: Disconnected from authenticating user root 92.255.85.70 port 57682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:35:38 honeypot-ams-1 sshd[4579]: Disconnected from authenticating user root 61.177.173.50 port 64010 [preauth]","@timestamp":"2022-09-09T18:35:39.382Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:36:02 honeypot-fra-1 sshd[27483]: Received disconnect from 103.57.142.108 port 40760:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:36:03.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:36:12 honeypot-ams-1 sshd[4585]: Disconnected from authenticating user root 109.206.241.219 port 58522 [preauth]","@timestamp":"2022-09-09T18:36:12.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:36:15 honeypot-fra-1 sshd[27487]: Disconnected from authenticating user root 92.255.85.69 port 51520 [preauth]","@timestamp":"2022-09-09T18:36:15.474Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:36:45 honeypot-ams-1 sshd[4591]: Disconnected from authenticating user root 109.206.241.219 port 54344 [preauth]","@timestamp":"2022-09-09T18:36:45.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:39:25 honeypot-ams-1 sshd[4598]: Disconnected from authenticating user root 92.255.85.70 port 20346 [preauth]","@timestamp":"2022-09-09T18:39:25.486Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:42:06 honeypot-fra-1 kernel: [83623362.043985] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=44.210.86.208 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=7991 DF PROTO=TCP SPT=55277 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-09T18:42:06.602Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T18:51:54.391Z","@version":"1","message":"Sep  9 18:51:53 honeypot-sgp-1 sshd[1141]: Invalid user craig from 139.59.28.53 port 37192","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:52:39 honeypot-fra-1 kernel: [83623995.380079] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.28 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56543 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:52:39.854Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:55:41 honeypot-ams-1 kernel: [83626328.802664] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=10376 PROTO=TCP SPT=49374 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:55:41.931Z"}
{"@timestamp":"2022-09-09T18:56:35.505Z","@version":"1","message":"Sep  9 18:56:34 honeypot-sgp-1 sshd[1144]: Received disconnect from 92.255.85.70 port 54394:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:12 honeypot-fra-1 sshd[27512]: Disconnected from invalid user josh 43.154.123.160 port 33524 [preauth]","@timestamp":"2022-09-09T18:59:12.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:34 honeypot-fra-1 sshd[27520]: Unable to negotiate with 104.156.155.28 port 39899: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]","@timestamp":"2022-09-09T18:59:35.008Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:37 honeypot-fra-1 sshd[27529]: Connection closed by 104.156.155.28 port 30859 [preauth]","@timestamp":"2022-09-09T18:59:38.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:00:19 honeypot-fra-1 kernel: [83624455.077515] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=33047 PROTO=TCP SPT=16443 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:00:20.027Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:04:51 honeypot-ams-1 sshd[4622]: Received disconnect from 61.177.173.36 port 29985:11:  [preauth]","@timestamp":"2022-09-09T19:04:52.167Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:06:40 honeypot-fra-1 sshd[27543]: Invalid user jupiter from 165.22.45.108 port 57180","@timestamp":"2022-09-09T19:06:41.168Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:06:59 honeypot-ams-1 sshd[4628]: Received disconnect from 61.177.173.46 port 45980:11:  [preauth]","@timestamp":"2022-09-09T19:07:00.228Z"}
{"@timestamp":"2022-09-09T19:08:06.775Z","@version":"1","message":"Sep  9 19:08:06 honeypot-sgp-1 sshd[1149]: Connection closed by invalid user admin 183.107.114.23 port 35592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T19:09:55.820Z","@version":"1","message":"Sep  9 19:09:54 honeypot-sgp-1 sshd[1153]: Disconnected from invalid user user 8.38.172.89 port 37018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:13:12 honeypot-ams-1 sshd[4634]: Invalid user admin from 80.76.51.44 port 58874","@timestamp":"2022-09-09T19:13:12.390Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:13:29 honeypot-ams-1 sshd[4638]: Received disconnect from 80.76.51.44 port 43458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:13:30.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:14:02 honeypot-ams-1 sshd[4642]: Disconnected from authenticating user root 80.76.51.44 port 41236 [preauth]","@timestamp":"2022-09-09T19:14:02.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:14:48 honeypot-ams-1 sshd[4648]: Disconnected from authenticating user root 80.76.51.44 port 51968 [preauth]","@timestamp":"2022-09-09T19:14:48.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:35 honeypot-ams-1 sshd[4655]: Received disconnect from 80.76.51.44 port 34478:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:15:35.462Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:52 honeypot-ams-1 sshd[4659]: Received disconnect from 141.255.162.226 port 51756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:15:53.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:56 honeypot-ams-1 sshd[4663]: Received disconnect from 141.255.162.226 port 59418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:15:56.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:59 honeypot-ams-1 sshd[4667]: Received disconnect from 141.255.162.226 port 46502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:15:59.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:16:01 honeypot-ams-1 sshd[4671]: Received disconnect from 141.255.162.226 port 54164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:16:02.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:15 honeypot-ams-1 sshd[25164]: Disconnected from authenticating user root 61.245.162.61 port 58702 [preauth]","@timestamp":"2022-09-14T13:00:15.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:20 honeypot-ams-1 sshd[25170]: Disconnected from authenticating user root 61.245.162.61 port 59022 [preauth]","@timestamp":"2022-09-14T13:00:20.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:24 honeypot-ams-1 sshd[25176]: Disconnected from authenticating user root 61.245.162.61 port 59246 [preauth]","@timestamp":"2022-09-14T13:00:24.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:29 honeypot-ams-1 sshd[25182]: Disconnected from authenticating user root 61.245.162.61 port 59530 [preauth]","@timestamp":"2022-09-14T13:00:29.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:34 honeypot-ams-1 sshd[25188]: Received disconnect from 61.245.162.61 port 59782:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:34.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:37 honeypot-ams-1 sshd[25192]: Received disconnect from 61.245.162.61 port 59936:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:37.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:40 honeypot-ams-1 sshd[25196]: Received disconnect from 61.245.162.61 port 60144:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:40.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:43 honeypot-ams-1 sshd[25200]: Received disconnect from 61.245.162.61 port 60322:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:43.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:46 honeypot-ams-1 sshd[25204]: Received disconnect from 61.245.162.61 port 60452:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:46.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:49 honeypot-ams-1 sshd[25208]: Received disconnect from 61.245.162.61 port 60666:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:49.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:54 honeypot-ams-1 sshd[25214]: Invalid user pi from 61.245.162.61 port 60918","@timestamp":"2022-09-14T13:00:54.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:57 honeypot-ams-1 sshd[25218]: Invalid user user from 61.245.162.61 port 32820","@timestamp":"2022-09-14T13:00:57.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:00 honeypot-ams-1 sshd[25222]: Invalid user mine from 61.245.162.61 port 33024","@timestamp":"2022-09-14T13:01:00.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:03 honeypot-ams-1 sshd[25226]: Invalid user xbmc from 61.245.162.61 port 33212","@timestamp":"2022-09-14T13:01:03.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:07 honeypot-ams-1 sshd[25230]: Invalid user oracle from 61.245.162.61 port 33358","@timestamp":"2022-09-14T13:01:07.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:10 honeypot-ams-1 sshd[25234]: Invalid user postgres from 61.245.162.61 port 33590","@timestamp":"2022-09-14T13:01:10.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:13 honeypot-ams-1 sshd[25238]: Invalid user support from 61.245.162.61 port 33764","@timestamp":"2022-09-14T13:01:13.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:16 honeypot-ams-1 sshd[25242]: Invalid user ubuntu from 61.245.162.61 port 33918","@timestamp":"2022-09-14T13:01:16.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:19 honeypot-ams-1 sshd[25246]: Invalid user ubuntu from 61.245.162.61 port 34120","@timestamp":"2022-09-14T13:01:19.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:22 honeypot-ams-1 sshd[25250]: Invalid user guest from 61.245.162.61 port 34298","@timestamp":"2022-09-14T13:01:22.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:26 honeypot-ams-1 sshd[25254]: Invalid user cirros from 61.245.162.61 port 34452","@timestamp":"2022-09-14T13:01:26.861Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:05:04 honeypot-ams-1 kernel: [84037287.683670] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=194.39.205.210 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=55858 PROTO=TCP SPT=59809 DPT=80 WINDOW=20834 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:05:04.954Z"}
{"@timestamp":"2022-09-14T13:05:07.982Z","@version":"1","message":"Sep 14 13:05:07 honeypot-sgp-1 sshd[13778]: Disconnected from invalid user ubnt 105.28.108.165 port 56222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:05:27.992Z","@version":"1","message":"Sep 14 13:05:27 honeypot-sgp-1 sshd[13782]: Disconnected from invalid user naigos 13.67.221.136 port 1024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:10:54.128Z","@version":"1","message":"Sep 14 13:10:54 honeypot-sgp-1 sshd[13789]: Disconnected from authenticating user root 61.177.173.49 port 50750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:12:21 honeypot-fra-1 kernel: [84035562.114090] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=32489 PROTO=TCP SPT=56064 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:12:22.291Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:15:35 honeypot-ams-1 sshd[25261]: Received disconnect from 92.255.85.69 port 25800:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:15:35.227Z"}
{"@timestamp":"2022-09-14T13:17:02.286Z","@version":"1","message":"Sep 14 13:17:01 honeypot-sgp-1 CRON[13794]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:17:01 honeypot-fra-1 CRON[9204]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T13:17:02.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:21:21 honeypot-fra-1 sshd[9212]: Invalid user jfk from 175.197.233.197 port 44890","@timestamp":"2022-09-14T13:21:22.497Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:22:02 honeypot-ams-1 sshd[25267]: Received disconnect from 161.35.131.133 port 45410:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:22:03.400Z"}
{"@timestamp":"2022-09-14T13:22:14.418Z","@version":"1","message":"Sep 14 13:22:13 honeypot-sgp-1 sshd[13801]: Received disconnect from 61.177.173.36 port 30722:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:24:47 honeypot-ams-1 kernel: [84038470.400657] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57230 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:24:47.474Z"}
{"@timestamp":"2022-09-14T13:28:50.582Z","@version":"1","message":"Sep 14 13:28:50 honeypot-sgp-1 sshd[13806]: Disconnected from authenticating user root 61.177.172.108 port 24354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:29:03 honeypot-ams-1 sshd[25275]: Invalid user eversec from 177.94.199.94 port 48144","@timestamp":"2022-09-14T13:29:03.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:29:08 honeypot-fra-1 kernel: [84036569.131197] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.83.65.249 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=59 ID=3033 DF PROTO=TCP SPT=10960 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:29:09.674Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:07 honeypot-fra-1 sshd[9660]: Received disconnect from 115.112.152.114 port 2030:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:31:08.754Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:31:17 honeypot-ams-1 sshd[25277]: Disconnected from invalid user git 103.137.75.79 port 44180 [preauth]","@timestamp":"2022-09-14T13:31:17.647Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:32 honeypot-fra-1 sshd[9664]: Received disconnect from 198.98.61.9 port 56932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:31:32.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:50 honeypot-fra-1 sshd[9668]: Received disconnect from 198.98.61.9 port 51844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:31:50.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:07 honeypot-fra-1 sshd[9672]: Received disconnect from 198.98.61.9 port 46760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:32:07.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:34 honeypot-fra-1 sshd[9678]: Received disconnect from 159.65.98.176 port 58346:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:32:35.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:35:13 honeypot-fra-1 sshd[9682]: Disconnected from authenticating user root 61.177.173.51 port 24873 [preauth]","@timestamp":"2022-09-14T13:35:14.856Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:35:58 honeypot-ams-1 sshd[25282]: Disconnected from invalid user instrume 117.161.75.116 port 59262 [preauth]","@timestamp":"2022-09-14T13:35:58.768Z"}
{"@timestamp":"2022-09-14T13:37:27.799Z","@version":"1","message":"Sep 14 13:37:26 honeypot-sgp-1 kernel: [84038755.593495] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=47481 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:43:31.955Z","@version":"1","message":"Sep 14 13:43:31 honeypot-sgp-1 sshd[13820]: Received disconnect from 139.59.102.10 port 54578:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:43:54 honeypot-fra-1 sshd[9689]: Received disconnect from 179.43.156.143 port 49788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:43:54.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:53 honeypot-fra-1 sshd[9694]: Received disconnect from 45.61.186.49 port 43112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:44:53.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:03 honeypot-fra-1 sshd[9698]: Received disconnect from 45.61.186.49 port 54698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:45:04.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:12 honeypot-fra-1 sshd[9702]: Disconnected from authenticating user root 179.43.156.143 port 42930 [preauth]","@timestamp":"2022-09-14T13:45:13.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:47:11 honeypot-fra-1 sshd[9710]: Received disconnect from 179.43.156.143 port 60908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:47:12.138Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:47:23 honeypot-ams-1 kernel: [84039826.029152] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.54.56.108 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=16674 PROTO=TCP SPT=33054 DPT=80 WINDOW=1754 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:47:23.064Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:48:29 honeypot-fra-1 sshd[9715]: Received disconnect from 179.43.156.143 port 54010:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:48:30.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:49:51 honeypot-fra-1 sshd[9721]: Received disconnect from 179.43.156.143 port 47186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:49:52.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:51:21.172Z","@version":"1","message":"Sep 14 13:51:20 honeypot-sgp-1 sshd[13829]: Invalid user admin from 178.128.125.205 port 63112","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:51:21.172Z","@version":"1","message":"Sep 14 13:51:21 honeypot-sgp-1 sshd[13835]: Invalid user admin from 178.128.125.205 port 63150","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:51:58 honeypot-fra-1 sshd[9731]: Received disconnect from 179.43.156.143 port 36924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:51:59.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:53:24 honeypot-fra-1 sshd[9735]: Received disconnect from 179.43.156.143 port 58324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:53:24.306Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:55:10 honeypot-ams-1 sshd[25293]: Received disconnect from 204.48.30.72 port 35452:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:55:11.267Z"}
{"@timestamp":"2022-09-14T13:57:29.328Z","@version":"1","message":"Sep 14 13:57:28 honeypot-sgp-1 sshd[13842]: Received disconnect from 92.255.85.69 port 58766:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:00:01 honeypot-fra-1 sshd[9744]: Disconnected from authenticating user root 92.255.85.69 port 19580 [preauth]","@timestamp":"2022-09-14T14:00:02.457Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:00:49.416Z","@version":"1","message":"Sep 14 14:00:48 honeypot-sgp-1 kernel: [84040157.162386] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9670 PROTO=TCP SPT=27033 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:02:15 honeypot-ams-1 sshd[25296]: Disconnected from authenticating user root 92.255.85.69 port 19882 [preauth]","@timestamp":"2022-09-14T14:02:15.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:13 honeypot-ams-1 sshd[25301]: Received disconnect from 45.61.186.49 port 56130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:04:14.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:27 honeypot-ams-1 sshd[25305]: Received disconnect from 45.61.186.49 port 39672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:04:27.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:04:31 honeypot-fra-1 sshd[9755]: Did not receive identification string from 205.210.31.32 port 53878","@timestamp":"2022-09-14T14:04:31.562Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:07:56.596Z","@version":"1","message":"Sep 14 14:07:56 honeypot-sgp-1 kernel: [84040584.993827] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.132 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=65124 PROTO=TCP SPT=54027 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:11:04 honeypot-fra-1 kernel: [84039084.662995] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=137.184.66.255 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18261 PROTO=TCP SPT=58156 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:11:04.711Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:12:19 honeypot-ams-1 sshd[25310]: Disconnected from authenticating user root 35.219.98.224 port 60792 [preauth]","@timestamp":"2022-09-14T14:12:19.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:17:01 honeypot-fra-1 CRON[9767]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T14:17:01.848Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:17:01 honeypot-ams-1 CRON[25317]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T14:17:01.854Z"}
{"@timestamp":"2022-09-14T14:18:47.855Z","@version":"1","message":"Sep 14 14:18:47 honeypot-sgp-1 sshd[13865]: Invalid user teodora from 173.82.235.128 port 49910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:20:53.906Z","@version":"1","message":"Sep 14 14:20:53 honeypot-sgp-1 sshd[13869]: Disconnected from authenticating user root 92.255.85.69 port 28674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:21:38 honeypot-fra-1 kernel: [84039718.730902] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=223.181.142.232 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=29240 DF PROTO=TCP SPT=64242 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T14:21:38.953Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:23:54 honeypot-fra-1 sshd[9777]: Disconnected from authenticating user root 92.255.85.69 port 60616 [preauth]","@timestamp":"2022-09-14T14:23:55.009Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:25:01.031Z","@version":"1","message":"Sep 14 14:25:00 honeypot-sgp-1 sshd[13877]: Received disconnect from 61.177.173.51 port 41685:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:09.060Z","@version":"1","message":"Sep 14 14:26:09 honeypot-sgp-1 sshd[13882]: Invalid user user from 45.61.184.204 port 36678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:28.070Z","@version":"1","message":"Sep 14 14:26:27 honeypot-sgp-1 sshd[13886]: Invalid user user from 45.61.184.204 port 60042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:49.080Z","@version":"1","message":"Sep 14 14:26:48 honeypot-sgp-1 sshd[13890]: Invalid user user from 45.61.184.204 port 55166","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:27:04.087Z","@version":"1","message":"Sep 14 14:27:03 honeypot-sgp-1 sshd[13894]: Connection closed by 45.61.184.204 port 50300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:27:20 honeypot-ams-1 sshd[25329]: Received disconnect from 80.76.51.189 port 41516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:27:21.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:28:39 honeypot-ams-1 sshd[25336]: Received disconnect from 80.76.51.189 port 49862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:28:39.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:29:31 honeypot-ams-1 sshd[25340]: Disconnected from authenticating user root 80.76.51.189 port 55402 [preauth]","@timestamp":"2022-09-14T14:29:32.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:30:51 honeypot-ams-1 sshd[25347]: Received disconnect from 80.76.51.189 port 35550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:30:52.223Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:30:54 honeypot-fra-1 kernel: [84040274.834058] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=29114 PROTO=TCP SPT=45802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:30:55.168Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:32:14 honeypot-ams-1 sshd[25354]: Invalid user test from 80.76.51.189 port 43904","@timestamp":"2022-09-14T14:32:14.262Z"}
{"@timestamp":"2022-09-14T14:32:18.223Z","@version":"1","message":"Sep 14 14:32:17 honeypot-sgp-1 sshd[13899]: Disconnected from authenticating user root 61.177.172.124 port 13707 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:33:11 honeypot-ams-1 sshd[25358]: Invalid user testuser from 80.76.51.189 port 49458","@timestamp":"2022-09-14T14:33:12.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:33:35 honeypot-fra-1 kernel: [84040436.017078] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=15212 PROTO=TCP SPT=39628 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:33:36.233Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:34:09 honeypot-ams-1 sshd[25363]: Invalid user ubuntu from 80.76.51.189 port 55040","@timestamp":"2022-09-14T14:34:10.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:35:06 honeypot-ams-1 sshd[25367]: Invalid user ubuntu from 80.76.51.189 port 60610","@timestamp":"2022-09-14T14:35:07.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:36:03 honeypot-ams-1 sshd[25371]: Disconnected from authenticating user root 80.76.51.189 port 37940 [preauth]","@timestamp":"2022-09-14T14:36:04.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:37:02 honeypot-ams-1 sshd[25376]: Disconnected from invalid user postgres 80.76.51.189 port 43512 [preauth]","@timestamp":"2022-09-14T14:37:03.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9801]: Invalid user test from 185.209.179.41 port 58240","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9813]: Invalid user postgres from 185.209.179.41 port 58178","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9800]: Invalid user es from 185.209.179.41 port 58166","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9804]: Connection closed by invalid user postgres 185.209.179.41 port 58250 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9806]: Connection closed by invalid user mcsv 185.209.179.41 port 58188 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9800]: Connection closed by invalid user es 185.209.179.41 port 58166 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9835]: Invalid user oracle from 185.209.179.41 port 58186","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9840]: Invalid user test from 185.209.179.41 port 58212","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9836]: Connection closed by invalid user devops 185.209.179.41 port 58252 [preauth]","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9852]: Invalid user admin from 185.209.179.41 port 58246","@timestamp":"2022-09-14T14:37:07.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9856]: Connection closed by invalid user esuser 185.209.179.41 port 58226 [preauth]","@timestamp":"2022-09-14T14:37:08.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:38:33 honeypot-ams-1 sshd[25382]: Received disconnect from 80.76.51.189 port 51866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:38:33.438Z"}
{"@timestamp":"2022-09-14T14:41:23.451Z","@version":"1","message":"Sep 14 14:41:23 honeypot-sgp-1 kernel: [84042591.655666] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.248.6.38 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=60 ID=30875 PROTO=TCP SPT=56372 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:41:51 honeypot-ams-1 kernel: [84043094.237859] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=27.8.196.133 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=45803 PROTO=TCP SPT=37043 DPT=443 WINDOW=44939 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:41:51.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:46:01 honeypot-fra-1 sshd[9869]: Invalid user fnjoroge from 191.251.56.156 port 44293","@timestamp":"2022-09-14T14:46:02.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:47:59 honeypot-fra-1 sshd[9875]: Invalid user test from 111.67.193.58 port 35044","@timestamp":"2022-09-14T14:48:00.593Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:48:48 honeypot-ams-1 kernel: [84043511.011393] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=31.44.3.112 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=7562 PROTO=TCP SPT=13986 DPT=80 WINDOW=36125 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:48:48.737Z"}
{"@timestamp":"2022-09-14T14:49:37.655Z","@version":"1","message":"Sep 14 14:49:36 honeypot-sgp-1 kernel: [84043085.541962] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=74.207.233.151 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=42102 PROTO=TCP SPT=36954 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:50:03 honeypot-fra-1 sshd[9883]: Received disconnect from 51.222.116.82 port 47576:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:50:04.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:51:07 honeypot-fra-1 kernel: [84041488.014190] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57023 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:51:08.688Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:31 honeypot-ams-1 sshd[25400]: Received disconnect from 109.205.213.23 port 41494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:52:31.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:54 honeypot-ams-1 sshd[25406]: Received disconnect from 109.205.213.23 port 56948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:52:54.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:53:19 honeypot-ams-1 sshd[25412]: Received disconnect from 109.205.213.23 port 44170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:53:19.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:34 honeypot-ams-1 sshd[25418]: Invalid user test from 109.205.213.23 port 45954","@timestamp":"2022-09-14T14:54:34.902Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:51 honeypot-ams-1 sshd[25422]: Connection closed by 109.205.213.23 port 46844 [preauth]","@timestamp":"2022-09-14T14:54:51.911Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:56:55 honeypot-fra-1 sshd[9895]: Received disconnect from 61.177.173.51 port 32817:11:  [preauth]","@timestamp":"2022-09-14T14:56:55.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:03:09 honeypot-fra-1 sshd[9900]: Received disconnect from 61.177.172.124 port 18269:11:  [preauth]","@timestamp":"2022-09-14T15:03:09.961Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:03:50.998Z","@version":"1","message":"Sep 14 15:03:50 honeypot-sgp-1 sshd[13928]: Disconnected from invalid user brother 170.106.167.158 port 59984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:06:20 honeypot-ams-1 sshd[25425]: Received disconnect from 104.248.113.173 port 53094:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:06:21.209Z"}
{"@timestamp":"2022-09-14T15:08:10.107Z","@version":"1","message":"Sep 14 15:08:09 honeypot-sgp-1 sshd[13934]: Received disconnect from 92.255.85.70 port 40250:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:09:08 honeypot-ams-1 kernel: [84044731.798300] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.98.76 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60778 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:09:09.284Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:09:37 honeypot-fra-1 sshd[9907]: Disconnected from authenticating user root 61.177.173.35 port 34606 [preauth]","@timestamp":"2022-09-14T15:09:38.108Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:17:01 honeypot-ams-1 CRON[25433]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T15:17:01.504Z"}
{"@timestamp":"2022-09-14T15:17:02.342Z","@version":"1","message":"Sep 14 15:17:01 honeypot-sgp-1 CRON[13944]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:19:21 honeypot-fra-1 sshd[9917]: Received disconnect from 61.177.173.36 port 21104:11:  [preauth]","@timestamp":"2022-09-14T15:19:22.328Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:05 honeypot-ams-1 sshd[25438]: Received disconnect from 45.61.186.49 port 59954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:21:05.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:15 honeypot-ams-1 sshd[25442]: Received disconnect from 45.61.186.49 port 43358:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:21:16.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:22:37 honeypot-fra-1 sshd[9923]: Disconnected from invalid user fa 45.33.107.51 port 42158 [preauth]","@timestamp":"2022-09-14T15:22:37.408Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:23:47.510Z","@version":"1","message":"Sep 14 15:23:46 honeypot-sgp-1 sshd[13953]: Received disconnect from 45.61.186.49 port 57326:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:23:58.516Z","@version":"1","message":"Sep 14 15:23:57 honeypot-sgp-1 sshd[13959]: Received disconnect from 45.61.186.49 port 40954:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:24:50 honeypot-ams-1 kernel: [84045673.692712] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.170 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=63679 PROTO=TCP SPT=52338 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:24:51.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:13 honeypot-fra-1 sshd[9931]: Disconnected from invalid user ubuntu 92.106.169.34 port 56852 [preauth]","@timestamp":"2022-09-14T15:26:13.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:58 honeypot-fra-1 sshd[9938]: Received disconnect from 193.142.146.50 port 47620:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:26:58.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:28:21 honeypot-fra-1 sshd[9945]: Received disconnect from 193.142.146.50 port 45178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:28:22.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:29:01 honeypot-fra-1 sshd[9953]: Received disconnect from 193.142.146.50 port 42738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:29:02.567Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:29:40 honeypot-ams-1 kernel: [84045963.096169] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=14689 PROTO=TCP SPT=57387 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:29:40.855Z"}
{"@timestamp":"2022-09-14T15:29:50.666Z","@version":"1","message":"Sep 14 15:29:50 honeypot-sgp-1 sshd[13970]: Received disconnect from 175.203.61.33 port 33502:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:30:19 honeypot-fra-1 sshd[9959]: Invalid user test from 193.142.146.50 port 40298","@timestamp":"2022-09-14T15:30:19.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:30:57.695Z","@version":"1","message":"Sep 14 15:30:56 honeypot-sgp-1 sshd[13974]: Disconnected from invalid user mmmm 139.59.248.243 port 49466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:31:25 honeypot-fra-1 kernel: [84043905.178631] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=39296 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:31:25.625Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T15:34:11.774Z","@version":"1","message":"Sep 14 15:34:11 honeypot-sgp-1 kernel: [84045759.727793] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5497 PROTO=TCP SPT=17168 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:34:12 honeypot-fra-1 sshd[9969]: Disconnected from authenticating user root 92.255.85.69 port 17878 [preauth]","@timestamp":"2022-09-14T15:34:12.690Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:35:00 honeypot-ams-1 sshd[25454]: Invalid user todds from 148.72.244.44 port 43904","@timestamp":"2022-09-14T15:35:00.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:39 honeypot-ams-1 sshd[25460]: Invalid user user from 141.255.162.226 port 59100","@timestamp":"2022-09-14T15:37:40.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:42 honeypot-ams-1 sshd[25464]: Invalid user user from 141.255.162.226 port 45038","@timestamp":"2022-09-14T15:37:43.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:44 honeypot-ams-1 sshd[25468]: Invalid user user from 141.255.162.226 port 52120","@timestamp":"2022-09-14T15:37:45.070Z"}
{"@timestamp":"2022-09-14T15:38:37.882Z","@version":"1","message":"Sep 14 15:38:37 honeypot-sgp-1 sshd[13985]: Disconnected from 61.177.172.124 port 20274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:41:00 honeypot-fra-1 kernel: [84044480.796385] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.236.158 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=7993 DF PROTO=TCP SPT=42506 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:41:01.843Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T15:43:39.024Z","@version":"1","message":"Sep 14 15:43:38 honeypot-sgp-1 sshd[13990]: Received disconnect from 37.110.25.185 port 54648:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:44:29 honeypot-ams-1 kernel: [84046852.317157] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=15212 PROTO=TCP SPT=41077 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:44:30.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:48:14 honeypot-fra-1 sshd[9981]: Disconnected from authenticating user root 61.177.173.36 port 35862 [preauth]","@timestamp":"2022-09-14T15:48:15.005Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:48:24.136Z","@version":"1","message":"Sep 14 15:48:23 honeypot-sgp-1 sshd[13998]: Disconnected from authenticating user root 159.223.179.50 port 43840 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:57:41.378Z","@version":"1","message":"Sep 14 15:57:40 honeypot-sgp-1 sshd[14007]: Received disconnect from 61.177.173.39 port 32650:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:59:05 honeypot-fra-1 sshd[9993]: Received disconnect from 61.177.172.104 port 42367:11:  [preauth]","@timestamp":"2022-09-14T15:59:06.260Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:00:13 honeypot-ams-1 sshd[25492]: Received disconnect from 92.255.85.70 port 27248:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:00:14.651Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:04:14 honeypot-ams-1 kernel: [84048037.476675] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.214.231.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=49977 PROTO=TCP SPT=45399 DPT=80 WINDOW=32920 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:04:14.754Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:05:18 honeypot-ams-1 kernel: [84048101.873625] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=53706 PROTO=TCP SPT=22362 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:05:19.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:06:31 honeypot-ams-1 sshd[25503]: Disconnected from invalid user admin 187.200.175.193 port 56417 [preauth]","@timestamp":"2022-09-14T16:06:31.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:08:26 honeypot-fra-1 kernel: [84046126.403657] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=118.126.82.157 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=62338 DF PROTO=TCP SPT=42312 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:08:27.462Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:09:05 honeypot-ams-1 sshd[25507]: Received disconnect from 62.204.41.222 port 26334:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-14T16:09:05.887Z"}
{"@timestamp":"2022-09-14T16:09:39.665Z","@version":"1","message":"Sep 14 16:09:38 honeypot-sgp-1 sshd[14015]: Disconnecting invalid user  31.184.198.71 port 23714: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:08.679Z","@version":"1","message":"Sep 14 16:10:08 honeypot-sgp-1 sshd[14021]: Invalid user  from 31.184.198.71 port 26333","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:30.691Z","@version":"1","message":"Sep 14 16:10:29 honeypot-sgp-1 sshd[14027]: Invalid user admin from 31.184.198.71 port 23405","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:57.704Z","@version":"1","message":"Sep 14 16:10:56 honeypot-sgp-1 sshd[14033]: Invalid user manager from 31.184.198.71 port 42154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:27.720Z","@version":"1","message":"Sep 14 16:11:27 honeypot-sgp-1 sshd[14039]: Disconnecting invalid user 1234 31.184.198.71 port 33807: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:50.731Z","@version":"1","message":"Sep 14 16:11:50 honeypot-sgp-1 sshd[14046]: Invalid user  from 31.184.198.71 port 16134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:18.746Z","@version":"1","message":"Sep 14 16:12:18 honeypot-sgp-1 sshd[14052]: Disconnecting invalid user Admin 31.184.198.71 port 32631: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:31.753Z","@version":"1","message":"Sep 14 16:12:30 honeypot-sgp-1 sshd[14058]: Invalid user user from 45.61.184.204 port 56050","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:40.758Z","@version":"1","message":"Sep 14 16:12:40 honeypot-sgp-1 sshd[14062]: Received disconnect from 45.61.184.204 port 39534:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:50.763Z","@version":"1","message":"Sep 14 16:12:50 honeypot-sgp-1 sshd[14066]: Disconnected from invalid user user 45.61.184.204 port 51152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:06.771Z","@version":"1","message":"Sep 14 16:13:06 honeypot-sgp-1 sshd[14072]: Disconnecting authenticating user root 31.184.198.71 port 9029: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:17.778Z","@version":"1","message":"Sep 14 16:13:16 honeypot-sgp-1 sshd[14078]: Invalid user user from 45.61.184.204 port 57912","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:31.785Z","@version":"1","message":"Sep 14 16:13:30 honeypot-sgp-1 sshd[14082]: Disconnecting invalid user cisco 31.184.198.71 port 58596: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:58.799Z","@version":"1","message":"Sep 14 16:13:58 honeypot-sgp-1 sshd[14090]: Invalid user Administrator from 31.184.198.71 port 48380","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:26.814Z","@version":"1","message":"Sep 14 16:14:26 honeypot-sgp-1 sshd[14096]: Invalid user sti.admin5 from 31.184.198.71 port 19323","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:52.827Z","@version":"1","message":"Sep 14 16:14:52 honeypot-sgp-1 sshd[14103]: Invalid user zhone from 31.184.198.71 port 54242","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:26.845Z","@version":"1","message":"Sep 14 16:15:26 honeypot-sgp-1 sshd[14110]: Invalid user default from 31.184.198.71 port 33047","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:53.858Z","@version":"1","message":"Sep 14 16:15:53 honeypot-sgp-1 sshd[14116]: Invalid user Administrator from 31.184.198.71 port 29715","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:54 honeypot-ams-1 sshd[25514]: Disconnected from authenticating user root 191.49.65.97 port 42949 [preauth]","@timestamp":"2022-09-14T16:15:55.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:02 honeypot-ams-1 sshd[25520]: Received disconnect from 191.49.65.97 port 43206:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:03.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:10 honeypot-ams-1 sshd[25526]: Received disconnect from 191.49.65.97 port 43402:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:11.070Z"}
{"@timestamp":"2022-09-14T16:16:15.871Z","@version":"1","message":"Sep 14 16:16:15 honeypot-sgp-1 sshd[14121]: Disconnecting invalid user superonline 31.184.198.71 port 16169: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:19 honeypot-ams-1 sshd[25530]: Disconnected from authenticating user root 191.49.65.97 port 43617 [preauth]","@timestamp":"2022-09-14T16:16:20.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:31 honeypot-ams-1 sshd[25536]: Disconnected from authenticating user root 191.49.65.97 port 43841 [preauth]","@timestamp":"2022-09-14T16:16:32.082Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:43 honeypot-ams-1 sshd[25542]: Disconnected from authenticating user root 191.49.65.97 port 44151 [preauth]","@timestamp":"2022-09-14T16:16:44.089Z"}
{"@timestamp":"2022-09-14T16:16:45.886Z","@version":"1","message":"Sep 14 16:16:45 honeypot-sgp-1 sshd[14127]: Disconnecting invalid user Admin 31.184.198.71 port 45935: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:17:04.896Z","@version":"1","message":"Sep 14 16:17:04 honeypot-sgp-1 sshd[14131]: Disconnecting invalid user admin 31.184.198.71 port 14025: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:17:34.911Z","@version":"1","message":"Sep 14 16:17:34 honeypot-sgp-1 sshd[14140]: Disconnecting invalid user matrix 31.184.198.71 port 53753: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:03.926Z","@version":"1","message":"Sep 14 16:18:03 honeypot-sgp-1 sshd[14146]: Disconnecting invalid user motorola 31.184.198.71 port 47503: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:23.936Z","@version":"1","message":"Sep 14 16:18:22 honeypot-sgp-1 sshd[14150]: Disconnecting invalid user blank 31.184.198.71 port 40308: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:18:47 honeypot-ams-1 sshd[25549]: Received disconnect from 162.241.222.29 port 49682:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:18:47.144Z"}
{"@timestamp":"2022-09-14T16:18:49.949Z","@version":"1","message":"Sep 14 16:18:49 honeypot-sgp-1 sshd[14159]: Disconnecting invalid user airlive 31.184.198.71 port 20698: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:19.965Z","@version":"1","message":"Sep 14 16:19:19 honeypot-sgp-1 sshd[14165]: Disconnecting invalid user roqos 31.184.198.71 port 64161: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:39.976Z","@version":"1","message":"Sep 14 16:19:39 honeypot-sgp-1 sshd[14171]: Disconnecting invalid user sitecom 31.184.198.71 port 1838: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:01.987Z","@version":"1","message":"Sep 14 16:20:01 honeypot-sgp-1 sshd[14178]: Disconnecting invalid user admin 31.184.198.71 port 62457: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:30.002Z","@version":"1","message":"Sep 14 16:20:29 honeypot-sgp-1 sshd[14184]: Invalid user smcadmin from 31.184.198.71 port 17402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:45.009Z","@version":"1","message":"Sep 14 16:20:44 honeypot-sgp-1 sshd[14189]: Disconnecting invalid user  31.184.198.71 port 15632: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:13.024Z","@version":"1","message":"Sep 14 16:21:12 honeypot-sgp-1 sshd[14195]: Disconnecting invalid user public 31.184.198.71 port 47091: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:43.039Z","@version":"1","message":"Sep 14 16:21:42 honeypot-sgp-1 sshd[14203]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 34739","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:17.055Z","@version":"1","message":"Sep 14 16:22:16 honeypot-sgp-1 sshd[14208]: Disconnecting invalid user amdin 31.184.198.71 port 62665: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:47.071Z","@version":"1","message":"Sep 14 16:22:46 honeypot-sgp-1 sshd[14214]: Disconnecting invalid user admin 31.184.198.71 port 55343: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:23:19 honeypot-fra-1 kernel: [84047019.837476] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=93.189.222.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=250 ID=3197 DF PROTO=TCP SPT=64389 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:23:20.798Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:23:27 honeypot-ams-1 sshd[25554]: Received disconnect from 92.255.85.70 port 33178:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:23:27.264Z"}
{"@timestamp":"2022-09-14T16:23:28.091Z","@version":"1","message":"Sep 14 16:23:27 honeypot-sgp-1 sshd[14221]: Disconnecting invalid user admin 31.184.198.71 port 45803: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:23:59.106Z","@version":"1","message":"Sep 14 16:23:58 honeypot-sgp-1 sshd[14227]: Disconnecting invalid user 1admin0 31.184.198.71 port 33175: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:29:48 honeypot-ams-1 sshd[25561]: Invalid user test2 from 200.137.5.196 port 44284","@timestamp":"2022-09-14T16:29:49.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:32:04 honeypot-fra-1 sshd[10007]: Connection closed by authenticating user root 103.188.176.251 port 40994 [preauth]","@timestamp":"2022-09-14T16:32:04.996Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:32:16.321Z","@version":"1","message":"Sep 14 16:32:16 honeypot-sgp-1 kernel: [84049244.695976] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=12446 PROTO=TCP SPT=42183 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:34:13 honeypot-ams-1 sshd[25566]: Invalid user friend from 201.17.133.138 port 39914","@timestamp":"2022-09-14T16:34:13.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:39:16 honeypot-fra-1 kernel: [84047976.338451] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.109 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42223 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:39:17.161Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:42:21.562Z","@version":"1","message":"Sep 14 16:42:21 honeypot-sgp-1 kernel: [84049849.666672] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=117.210.203.138 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=14023 DF PROTO=TCP SPT=20693 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:47:10 honeypot-ams-1 kernel: [84050613.535531] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.239.14.49 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23095 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:47:10.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:51:21 honeypot-fra-1 kernel: [84048701.617869] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=58743 DF PROTO=TCP SPT=56228 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:51:22.436Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:52:29.810Z","@version":"1","message":"Sep 14 16:52:29 honeypot-sgp-1 sshd[14242]: Disconnected from authenticating user root 193.142.146.50 port 56258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:53:05.828Z","@version":"1","message":"Sep 14 16:53:05 honeypot-sgp-1 sshd[14248]: Disconnected from authenticating user root 193.142.146.50 port 52288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:54:29.866Z","@version":"1","message":"Sep 14 16:54:29 honeypot-sgp-1 sshd[14255]: Disconnected from authenticating user root 193.142.146.50 port 48314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:55:08.885Z","@version":"1","message":"Sep 14 16:55:08 honeypot-sgp-1 sshd[14261]: Disconnected from authenticating user root 193.142.146.50 port 44344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:15 honeypot-fra-1 sshd[10020]: Disconnected from invalid user user 45.61.186.49 port 55076 [preauth]","@timestamp":"2022-09-14T16:55:16.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:25 honeypot-fra-1 sshd[10024]: Disconnected from invalid user user 45.61.186.49 port 38134 [preauth]","@timestamp":"2022-09-14T16:55:25.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:56:12.914Z","@version":"1","message":"Sep 14 16:56:12 honeypot-sgp-1 sshd[14267]: Received disconnect from 193.142.146.50 port 51108:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:58:14 honeypot-ams-1 kernel: [84051277.073352] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=60388 PROTO=TCP SPT=38671 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:58:15.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:00:53 honeypot-fra-1 kernel: [84049272.799539] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=70.185.203.182 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=43704 PROTO=TCP SPT=62001 DPT=80 WINDOW=54024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:00:53.673Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T17:05:11.125Z","@version":"1","message":"Sep 14 17:05:10 honeypot-sgp-1 sshd[14272]: Disconnected from authenticating user root 92.255.85.69 port 32218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:30 honeypot-fra-1 sshd[10032]: Received disconnect from 45.61.187.160 port 52154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:05:30.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:49 honeypot-fra-1 sshd[10036]: Received disconnect from 45.61.187.160 port 46660:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:05:49.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:06:06 honeypot-fra-1 sshd[10041]: Received disconnect from 45.61.187.160 port 41186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:06:06.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:07:30 honeypot-fra-1 sshd[10045]: Disconnected from authenticating user root 92.255.85.69 port 37508 [preauth]","@timestamp":"2022-09-14T17:07:30.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:08:14 honeypot-ams-1 kernel: [84051877.238631] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.23.148.223 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:08:14.411Z"}
{"@timestamp":"2022-09-14T17:08:56.218Z","@version":"1","message":"Sep 14 17:08:55 honeypot-sgp-1 sshd[14278]: Disconnected from authenticating user root 109.205.213.23 port 51068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:11.225Z","@version":"1","message":"Sep 14 17:09:10 honeypot-sgp-1 sshd[14285]: Disconnected from authenticating user root 109.205.213.23 port 52384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:36.237Z","@version":"1","message":"Sep 14 17:09:35 honeypot-sgp-1 sshd[14291]: Received disconnect from 109.205.213.23 port 40242:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:10:15 honeypot-ams-1 sshd[25582]: Received disconnect from 192.241.243.84 port 36810:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:10:15.465Z"}
{"@timestamp":"2022-09-14T17:10:53.271Z","@version":"1","message":"Sep 14 17:10:53 honeypot-sgp-1 sshd[14298]: Received disconnect from 109.205.213.23 port 42874:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:11:12.280Z","@version":"1","message":"Sep 14 17:11:11 honeypot-sgp-1 sshd[14302]: Received disconnect from 109.205.213.23 port 44190:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:13:35 honeypot-ams-1 sshd[25587]: Received disconnect from 162.19.64.34 port 37500:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:13:35.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:14:29 honeypot-fra-1 sshd[10052]: Invalid user la from 165.22.45.108 port 44584","@timestamp":"2022-09-14T17:14:29.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:15:05 honeypot-ams-1 sshd[25591]: Disconnected from authenticating user root 51.83.131.123 port 53616 [preauth]","@timestamp":"2022-09-14T17:15:06.591Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:17:01 honeypot-fra-1 CRON[10055]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T17:17:02.051Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:17:02.423Z","@version":"1","message":"Sep 14 17:17:01 honeypot-sgp-1 CRON[14307]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:19:08 honeypot-ams-1 kernel: [84052530.884752] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.23.148.223 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=131 ID=45093 PROTO=TCP SPT=46117 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:19:08.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:39 honeypot-ams-1 sshd[25601]: Invalid user user from 198.98.61.9 port 44746","@timestamp":"2022-09-14T17:22:39.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:57 honeypot-ams-1 sshd[25605]: Invalid user user from 198.98.61.9 port 39062","@timestamp":"2022-09-14T17:22:57.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:14 honeypot-ams-1 sshd[25609]: Invalid user user from 198.98.61.9 port 33286","@timestamp":"2022-09-14T17:23:14.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:24:38 honeypot-fra-1 sshd[10059]: Disconnected from authenticating user root 107.175.150.83 port 53320 [preauth]","@timestamp":"2022-09-14T17:24:38.226Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:26:53 honeypot-ams-1 sshd[25616]: Invalid user webmo from 190.128.230.98 port 36030","@timestamp":"2022-09-14T17:26:53.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:27:17 honeypot-fra-1 kernel: [84050857.213783] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=54199 PROTO=TCP SPT=56372 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:27:18.289Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T17:28:00.682Z","@version":"1","message":"Sep 14 17:28:00 honeypot-sgp-1 sshd[14312]: Received disconnect from 92.255.85.69 port 42764:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:28:55 honeypot-fra-1 sshd[10070]: Received disconnect from 45.61.184.204 port 47670:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:28:56.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:14 honeypot-fra-1 sshd[10074]: Received disconnect from 45.61.184.204 port 42244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:29:14.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:27 honeypot-fra-1 sshd[10078]: Disconnected from authenticating user root 68.183.212.10 port 39350 [preauth]","@timestamp":"2022-09-14T17:29:28.344Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:40 honeypot-fra-1 sshd[10082]: Disconnected from invalid user user 45.61.184.204 port 48238 [preauth]","@timestamp":"2022-09-14T17:29:41.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:30:15 honeypot-ams-1 sshd[25619]: Disconnected from invalid user monitor 159.65.91.105 port 41716 [preauth]","@timestamp":"2022-09-14T17:30:15.984Z"}
{"@timestamp":"2022-09-14T17:34:45.843Z","@version":"1","message":"Sep 14 17:34:45 honeypot-sgp-1 sshd[14316]: Disconnected from invalid user set 190.64.136.124 port 42451 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:37:32 honeypot-ams-1 sshd[25626]: Connection closed by 157.245.252.5 port 43496 [preauth]","@timestamp":"2022-09-14T17:37:33.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:40:27 honeypot-fra-1 sshd[10088]: Received disconnect from 51.222.13.62 port 35868:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:40:27.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:41:55 honeypot-fra-1 sshd[10092]: Disconnected from invalid user zxx 122.53.86.126 port 52206 [preauth]","@timestamp":"2022-09-14T17:41:55.633Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:45:45 honeypot-fra-1 kernel: [84051964.859285] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.134.114.97 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=63091 DF PROTO=TCP SPT=43278 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:45:45.723Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:49:14 honeypot-fra-1 sshd[10102]: Received disconnect from 20.126.126.43 port 41826:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:49:14.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:51:05 honeypot-ams-1 kernel: [84054448.673306] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20684 PROTO=TCP SPT=57464 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:51:06.518Z"}
{"@timestamp":"2022-09-14T17:51:47.241Z","@version":"1","message":"Sep 14 17:51:46 honeypot-sgp-1 sshd[14322]: Received disconnect from 92.255.85.69 port 44418:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:54:40 honeypot-fra-1 sshd[10107]: Received disconnect from 92.255.85.69 port 46036:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:54:40.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:01:43 honeypot-fra-1 kernel: [84052923.409423] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=69.164.213.115 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45660 PROTO=TCP SPT=58497 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:01:44.089Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T18:02:38.495Z","@version":"1","message":"Sep 14 18:02:37 honeypot-sgp-1 sshd[14326]: Did not receive identification string from 87.236.176.2 port 54469","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:02:40 honeypot-fra-1 sshd[10114]: Disconnected from authenticating user root 186.109.86.184 port 48116 [preauth]","@timestamp":"2022-09-14T18:02:41.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:02:49 honeypot-ams-1 kernel: [84055152.533299] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56357 PROTO=TCP SPT=55101 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:02:49.820Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:05:36 honeypot-fra-1 sshd[10119]: Invalid user pi from 78.43.206.165 port 48750","@timestamp":"2022-09-14T18:05:37.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:08:12 honeypot-ams-1 sshd[25639]: Invalid user admin from 185.118.48.206 port 57724","@timestamp":"2022-09-14T18:08:12.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:08:25 honeypot-fra-1 kernel: [84053325.066638] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.38.4.204 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56425 PROTO=TCP SPT=58894 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:08:26.246Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:10:29 honeypot-fra-1 kernel: [84053449.487846] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=47481 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:10:30.299Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:11:52 honeypot-fra-1 sshd[10133]: Received disconnect from 170.210.203.212 port 56870:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:11:53.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T18:15:08.219Z","@version":"1","message":"Sep 14 18:15:07 honeypot-sgp-1 sshd[14331]: Received disconnect from 92.255.85.70 port 56664:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:17:01 honeypot-ams-1 CRON[25642]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T18:17:02.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:17:48 honeypot-fra-1 sshd[10142]: Disconnected from authenticating user root 92.255.85.69 port 34528 [preauth]","@timestamp":"2022-09-14T18:17:48.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:20:44 honeypot-fra-1 sshd[10147]: Disconnected from invalid user aleksandar 165.22.3.63 port 56592 [preauth]","@timestamp":"2022-09-14T18:20:44.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:25:27 honeypot-ams-1 kernel: [84056510.238205] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.238.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=49311 DF PROTO=TCP SPT=43364 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:25:28.409Z"}
{"@timestamp":"2022-09-14T18:26:57.497Z","@version":"1","message":"Sep 14 18:26:57 honeypot-sgp-1 sshd[14337]: Received disconnect from 185.143.45.150 port 58748:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:34:33 honeypot-fra-1 kernel: [84054892.727037] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.203.59 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=566 PROTO=TCP SPT=49190 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:34:33.848Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T18:34:48.683Z","@version":"1","message":"Sep 14 18:34:47 honeypot-sgp-1 sshd[14353]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:00 honeypot-ams-1 sshd[25652]: Received disconnect from 80.76.51.45 port 60846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:40:00.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:31 honeypot-ams-1 sshd[25656]: Received disconnect from 80.76.51.45 port 59330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:40:31.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:14 honeypot-ams-1 sshd[25662]: Received disconnect from 80.76.51.45 port 43138:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:41:14.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:58 honeypot-ams-1 sshd[25668]: Received disconnect from 80.76.51.45 port 55304:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:41:58.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:42:05 honeypot-fra-1 sshd[10157]: Disconnected from 200.54.189.102 port 43340 [preauth]","@timestamp":"2022-09-14T18:42:06.020Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:40 honeypot-ams-1 sshd[25674]: Invalid user user from 80.76.51.45 port 39094","@timestamp":"2022-09-14T18:42:41.890Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:43:38 honeypot-ams-1 sshd[25678]: Received disconnect from 92.255.85.70 port 58376:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:43:38.916Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:47:16 honeypot-ams-1 kernel: [84057818.945494] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=69.164.214.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47128 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:47:17.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:50:34 honeypot-fra-1 sshd[10162]: Invalid user lacrosse from 165.22.45.108 port 54562","@timestamp":"2022-09-14T18:50:35.216Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:23 honeypot-ams-1 sshd[25685]: Received disconnect from 80.76.51.46 port 34674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:53:24.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:52 honeypot-ams-1 sshd[25691]: Received disconnect from 80.76.51.46 port 45416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:53:53.224Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:53:58 honeypot-fra-1 sshd[10165]: Invalid user degenius from 103.19.229.213 port 51576","@timestamp":"2022-09-14T18:53:59.318Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:12 honeypot-ams-1 sshd[25696]: Disconnected from authenticating user root 80.76.51.46 port 52500 [preauth]","@timestamp":"2022-09-14T18:54:13.234Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:15 honeypot-ams-1 sshd[25700]: Disconnected from invalid user user 141.255.162.226 port 46228 [preauth]","@timestamp":"2022-09-14T18:54:16.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:21 honeypot-ams-1 sshd[25704]: Disconnected from invalid user user 141.255.162.226 port 54572 [preauth]","@timestamp":"2022-09-14T18:54:22.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:22 honeypot-ams-1 sshd[25708]: Disconnected from invalid user user 141.255.162.226 port 43022 [preauth]","@timestamp":"2022-09-14T18:54:23.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:33 honeypot-ams-1 sshd[25714]: Received disconnect from 80.76.51.46 port 59630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:33.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:54:55 honeypot-fra-1 sshd[10169]: Disconnected from invalid user wmm 73.52.12.202 port 46530 [preauth]","@timestamp":"2022-09-14T18:54:56.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:04 honeypot-ams-1 sshd[25720]: Received disconnect from 80.76.51.46 port 42074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:55:05.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:26 honeypot-ams-1 sshd[25724]: Received disconnect from 80.76.51.46 port 49212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:55:27.275Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:58:03 honeypot-ams-1 kernel: [84058466.415984] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=47481 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:58:04.345Z"}
{"@timestamp":"2022-09-14T18:59:30.254Z","@version":"1","message":"Sep 14 18:59:30 honeypot-sgp-1 kernel: [84058078.541189] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.17.105.85 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=31211 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:01:13 honeypot-fra-1 kernel: [84056492.514474] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.37.86 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=6272 PROTO=TCP SPT=42049 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:01:13.487Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T19:02:19.325Z","@version":"1","message":"Sep 14 19:02:18 honeypot-sgp-1 sshd[14363]: Received disconnect from 200.195.162.66 port 48138:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:04:22 honeypot-fra-1 sshd[10178]: Disconnected from authenticating user root 92.255.85.69 port 36538 [preauth]","@timestamp":"2022-09-14T19:04:22.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10196]: Invalid user es from 43.138.12.15 port 44070","@timestamp":"2022-09-14T19:07:59.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10217]: Invalid user admin from 43.138.12.15 port 44084","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10212]: Connection closed by invalid user esuser 43.138.12.15 port 44082 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10190]: Invalid user centos from 43.138.12.15 port 44088","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10197]: Invalid user ftpuser from 43.138.12.15 port 44051","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10199]: Invalid user mcserv from 43.138.12.15 port 44034","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10215]: Invalid user ec2-user from 43.138.12.15 port 44102","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10193]: Connection closed by invalid user esuser 43.138.12.15 port 44024 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10192]: Connection closed by invalid user vagrant 43.138.12.15 port 44058 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10211]: Connection closed by invalid user devops 43.138.12.15 port 44098 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:09:06 honeypot-ams-1 kernel: [84059129.377418] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.212.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53251 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:09:06.628Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:11:45 honeypot-fra-1 kernel: [84057125.396169] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.99.88.62 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=6994 PROTO=TCP SPT=42696 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:11:46.735Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:14:42 honeypot-ams-1 sshd[25737]: Invalid user iz from 179.96.150.109 port 49284","@timestamp":"2022-09-14T19:14:42.779Z"}
{"@timestamp":"2022-09-14T19:17:01.676Z","@version":"1","message":"Sep 14 19:17:01 honeypot-sgp-1 CRON[14369]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:22:56 honeypot-ams-1 sshd[25743]: Received disconnect from 187.33.56.200 port 38559:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:22:57.013Z"}
{"@timestamp":"2022-09-14T19:24:21.856Z","@version":"1","message":"Sep 14 19:24:21 honeypot-sgp-1 sshd[14373]: Connection closed by invalid user es 103.188.176.251 port 38022 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:26:53.937Z","@version":"1","message":"Sep 14 19:26:53 honeypot-sgp-1 sshd[14379]: Received disconnect from 47.250.47.151 port 48868:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:28:34 honeypot-fra-1 kernel: [84058134.384876] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=36624 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:28:35.113Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T19:30:05.015Z","@version":"1","message":"Sep 14 19:30:04 honeypot-sgp-1 sshd[14385]: Received disconnect from 68.183.156.109 port 57542:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:31:08 honeypot-ams-1 kernel: [84060451.388509] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59215 PROTO=TCP SPT=43092 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:31:09.227Z"}
{"@timestamp":"2022-09-14T19:32:54.087Z","@version":"1","message":"Sep 14 19:32:53 honeypot-sgp-1 kernel: [84060081.584214] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=56166 PROTO=TCP SPT=43092 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:38:40 honeypot-fra-1 sshd[10356]: Invalid user lafeiorg from 165.22.45.108 port 59550","@timestamp":"2022-09-14T19:38:41.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:42:34 honeypot-ams-1 kernel: [84061137.697854] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=23454 PROTO=TCP SPT=11812 DPT=80 WINDOW=48804 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:42:35.519Z"}
{"@timestamp":"2022-09-14T19:46:09.403Z","@version":"1","message":"Sep 14 19:46:09 honeypot-sgp-1 sshd[14395]: Disconnected from authenticating user root 128.199.90.73 port 44740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:48:41.466Z","@version":"1","message":"Sep 14 19:48:40 honeypot-sgp-1 sshd[14402]: Received disconnect from 92.255.85.70 port 32696:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:50:01 honeypot-fra-1 sshd[10362]: Received disconnect from 115.36.144.104 port 40272:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:50:01.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:53:42 honeypot-ams-1 sshd[25755]: Received disconnect from 92.255.85.69 port 17840:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:53:42.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:52 honeypot-fra-1 sshd[10368]: Did not receive identification string from 45.127.108.174 port 46522","@timestamp":"2022-09-14T19:53:52.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10386]: Invalid user chia from 45.127.108.174 port 54254","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10385]: Invalid user zabbix from 45.127.108.174 port 54220","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10399]: Invalid user es from 45.127.108.174 port 54202","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10375]: Connection closed by invalid user hadoop 45.127.108.174 port 54188 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10389]: Connection closed by authenticating user root 45.127.108.174 port 54206 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10372]: Connection closed by invalid user oracle 45.127.108.174 port 54234 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10392]: Connection closed by authenticating user root 45.127.108.174 port 54264 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:54 honeypot-fra-1 sshd[10394]: Connection closed by invalid user testuser 45.127.108.174 port 54242 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:01:57.784Z","@version":"1","message":"Sep 14 20:01:57 honeypot-sgp-1 kernel: [84061825.759530] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=5180 PROTO=TCP SPT=45258 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:10:18 honeypot-ams-1 sshd[25762]: Connection closed by invalid user tomcat 193.106.191.157 port 47474 [preauth]","@timestamp":"2022-09-14T20:10:19.251Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:10:54 honeypot-fra-1 sshd[10436]: Connection closed by 167.94.146.59 port 59110 [preauth]","@timestamp":"2022-09-14T20:10:54.070Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:11:48.020Z","@version":"1","message":"Sep 14 20:11:47 honeypot-sgp-1 sshd[14410]: Disconnected from authenticating user root 92.255.85.70 port 25066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:30.063Z","@version":"1","message":"Sep 14 20:13:29 honeypot-sgp-1 sshd[14416]: Invalid user user from 141.255.162.226 port 41582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:35.066Z","@version":"1","message":"Sep 14 20:13:34 honeypot-sgp-1 sshd[14422]: Did not receive identification string from 45.61.186.49 port 50478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:36.067Z","@version":"1","message":"Sep 14 20:13:35 honeypot-sgp-1 sshd[14423]: Disconnected from invalid user user 141.255.162.226 port 57762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:38.068Z","@version":"1","message":"Sep 14 20:13:37 honeypot-sgp-1 sshd[14427]: Disconnected from invalid user user 141.255.162.226 port 53820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:53.076Z","@version":"1","message":"Sep 14 20:13:52 honeypot-sgp-1 sshd[14433]: Invalid user user from 45.61.186.49 port 37174","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:14:04.081Z","@version":"1","message":"Sep 14 20:14:03 honeypot-sgp-1 sshd[14437]: Invalid user user from 45.61.186.49 port 48572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:15:07 honeypot-fra-1 sshd[10442]: Invalid user ca from 217.218.215.101 port 42584","@timestamp":"2022-09-14T20:15:08.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:17:02.154Z","@version":"1","message":"Sep 14 20:17:01 honeypot-sgp-1 CRON[14441]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:17:21 honeypot-ams-1 sshd[25768]: Disconnected from authenticating user root 92.255.85.70 port 23228 [preauth]","@timestamp":"2022-09-14T20:17:21.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:20:14 honeypot-fra-1 sshd[10448]: Invalid user tomcat from 193.106.191.157 port 55534","@timestamp":"2022-09-14T20:20:15.285Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:22:02.276Z","@version":"1","message":"Sep 14 20:22:01 honeypot-sgp-1 sshd[14447]: Disconnected from authenticating user root 210.4.123.219 port 43945 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:28:24 honeypot-ams-1 sshd[25773]: Received disconnect from 128.199.22.126 port 57474:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:28:24.733Z"}
{"@timestamp":"2022-09-14T20:29:55.470Z","@version":"1","message":"Sep 14 20:29:54 honeypot-sgp-1 kernel: [84063502.704424] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.118.253.217 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=43432 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:30:39 honeypot-fra-1 kernel: [84061859.271180] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=61425 PROTO=TCP SPT=47402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:30:40.521Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:30:41 honeypot-ams-1 sshd[25777]: Disconnected from authenticating user root 64.227.126.250 port 33386 [preauth]","@timestamp":"2022-09-14T20:30:41.795Z"}
{"@timestamp":"2022-09-14T20:36:34.815Z","@version":"1","message":"Sep 14 20:36:34 honeypot-sgp-1 sshd[14456]: Did not receive identification string from 141.255.162.226 port 60362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:42.820Z","@version":"1","message":"Sep 14 20:36:42 honeypot-sgp-1 sshd[14459]: Disconnected from invalid user user 141.255.162.226 port 33322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:45.822Z","@version":"1","message":"Sep 14 20:36:44 honeypot-sgp-1 sshd[14463]: Disconnected from invalid user user 141.255.162.226 port 41750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:37:55 honeypot-fra-1 kernel: [84062294.850610] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56734 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:37:55.686Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:38:10 honeypot-ams-1 kernel: [84064473.590337] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=202.164.131.68 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=33138 DF PROTO=TCP SPT=39059 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:38:10.994Z"}
{"@timestamp":"2022-09-14T20:42:56.963Z","@version":"1","message":"Sep 14 20:42:56 honeypot-sgp-1 kernel: [84064285.139602] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.12.192 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=58114 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:47:41 honeypot-ams-1 sshd[25783]: Received disconnect from 72.167.55.58 port 42204:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:47:42.248Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:54:14 honeypot-ams-1 kernel: [84065437.221768] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.126.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48429 PROTO=TCP SPT=47992 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:54:15.421Z"}
{"@timestamp":"2022-09-14T20:54:47.238Z","@version":"1","message":"Sep 14 20:54:46 honeypot-sgp-1 sshd[14472]: Disconnected from invalid user admin 107.173.209.238 port 59402 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:59:22 honeypot-fra-1 kernel: [84063581.924876] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.236.109 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40586 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:59:23.166Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T20:59:46.354Z","@version":"1","message":"Sep 14 20:59:46 honeypot-sgp-1 sshd[14479]: Disconnected from invalid user cms 206.189.136.28 port 40144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:03:34 honeypot-ams-1 sshd[25791]: Received disconnect from 92.255.85.69 port 38216:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:03:34.665Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:04:10 honeypot-fra-1 kernel: [84063869.457154] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64808 PROTO=TCP SPT=49203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:04:10.274Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T21:06:19.507Z","@version":"1","message":"Sep 14 21:06:18 honeypot-sgp-1 sshd[14561]: Invalid user pi from 50.45.186.194 port 38320","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:03 honeypot-fra-1 sshd[10464]: Invalid user ec2-user from 43.138.12.15 port 55982","@timestamp":"2022-09-14T21:08:03.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10481]: Invalid user ftpuser from 43.138.12.15 port 55956","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10483]: Invalid user elasticsearch from 43.138.12.15 port 55920","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10495]: Invalid user elastic from 43.138.12.15 port 55926","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10478]: Connection closed by invalid user admin 43.138.12.15 port 55976 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10488]: Connection closed by invalid user ubuntu 43.138.12.15 port 55938 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10490]: Invalid user postgres from 43.138.12.15 port 55952","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10490]: Connection closed by invalid user postgres 43.138.12.15 port 55952 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10486]: Connection closed by invalid user ansible 43.138.12.15 port 55978 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10491]: Invalid user elastic from 43.138.12.15 port 55970","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10493]: Connection closed by invalid user ec2 43.138.12.15 port 55930 [preauth]","@timestamp":"2022-09-14T21:08:07.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T21:09:32.580Z","@version":"1","message":"Sep 14 21:09:32 honeypot-sgp-1 kernel: [84065880.572904] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=9694 DF PROTO=TCP SPT=41654 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T21:12:34.653Z","@version":"1","message":"Sep 14 21:12:33 honeypot-sgp-1 kernel: [84066062.016698] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=26037 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T21:17:01.756Z","@version":"1","message":"Sep 14 21:17:01 honeypot-sgp-1 CRON[14570]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:17:01 honeypot-fra-1 CRON[10533]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T21:17:02.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:17:01 honeypot-ams-1 CRON[25795]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T21:17:02.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:25:51 honeypot-ams-1 sshd[25801]: Connection closed by invalid user es 103.188.176.251 port 42202 [preauth]","@timestamp":"2022-09-14T21:25:52.259Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:26:13 honeypot-fra-1 kernel: [84065193.143133] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.152.52.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3470 PROTO=TCP SPT=50773 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:26:14.769Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:29:59 honeypot-fra-1 sshd[10540]: Connection closed by invalid user es 103.188.176.251 port 39662 [preauth]","@timestamp":"2022-09-14T21:30:00.855Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:36 honeypot-ams-1 sshd[25807]: Disconnected from invalid user user 198.98.61.9 port 59768 [preauth]","@timestamp":"2022-09-14T21:31:37.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:58 honeypot-ams-1 sshd[25811]: Disconnected from invalid user user 198.98.61.9 port 54646 [preauth]","@timestamp":"2022-09-14T21:31:58.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:15 honeypot-ams-1 sshd[25815]: Disconnected from invalid user user 198.98.61.9 port 49524 [preauth]","@timestamp":"2022-09-14T21:32:16.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:34 honeypot-ams-1 sshd[25819]: Disconnected from invalid user user 198.98.61.9 port 44392 [preauth]","@timestamp":"2022-09-14T21:32:34.438Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:38:57 honeypot-ams-1 kernel: [84068120.369477] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.61.133.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=32581 PROTO=TCP SPT=24501 DPT=80 WINDOW=61054 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:38:58.631Z"}
{"@timestamp":"2022-09-14T21:45:50.424Z","@version":"1","message":"Sep 14 21:45:49 honeypot-sgp-1 sshd[14578]: Disconnected from authenticating user root 92.255.85.69 port 25656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:48:35 honeypot-fra-1 sshd[10546]: Disconnected from authenticating user root 92.255.85.69 port 28938 [preauth]","@timestamp":"2022-09-14T21:48:36.266Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:50:44 honeypot-ams-1 sshd[25828]: Did not receive identification string from 45.61.186.249 port 48856","@timestamp":"2022-09-14T21:50:44.939Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:14 honeypot-ams-1 sshd[25831]: Disconnected from invalid user user 45.61.186.249 port 46190 [preauth]","@timestamp":"2022-09-14T21:51:15.955Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:34 honeypot-ams-1 sshd[25835]: Disconnected from invalid user user 45.61.186.249 port 40254 [preauth]","@timestamp":"2022-09-14T21:51:34.965Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:53 honeypot-ams-1 sshd[25839]: Disconnected from invalid user user 45.61.186.249 port 34312 [preauth]","@timestamp":"2022-09-14T21:51:53.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:52:09 honeypot-ams-1 sshd[25843]: Disconnected from invalid user user 45.61.186.249 port 56626 [preauth]","@timestamp":"2022-09-14T21:52:09.982Z"}
{"@timestamp":"2022-09-14T21:55:13.638Z","@version":"1","message":"Sep 14 21:55:13 honeypot-sgp-1 sshd[14584]: Disconnected from authenticating user root 195.19.4.22 port 65505 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:00:14.755Z","@version":"1","message":"Sep 14 22:00:13 honeypot-sgp-1 sshd[14586]: Received disconnect from 41.169.26.228 port 44780:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:02:48 honeypot-fra-1 sshd[10550]: Invalid user lance from 165.22.45.108 port 46276","@timestamp":"2022-09-14T22:02:48.618Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:05:26.877Z","@version":"1","message":"Sep 14 22:05:26 honeypot-sgp-1 sshd[14591]: Disconnected from invalid user user 141.255.162.226 port 40056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:32.879Z","@version":"1","message":"Sep 14 22:05:32 honeypot-sgp-1 sshd[14595]: Disconnected from invalid user user 141.255.162.226 port 49330 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:57.890Z","@version":"1","message":"Sep 14 22:05:57 honeypot-sgp-1 kernel: [84069265.156460] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:05:58 honeypot-fra-1 sshd[10553]: Disconnected from invalid user star 188.166.127.59 port 45086 [preauth]","@timestamp":"2022-09-14T22:05:59.691Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:22 honeypot-ams-1 sshd[25847]: Received disconnect from 101.32.213.77 port 36780:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:09:23.423Z"}
{"@timestamp":"2022-09-14T22:09:36.975Z","@version":"1","message":"Sep 14 22:09:36 honeypot-sgp-1 sshd[14603]: Received disconnect from 61.177.173.51 port 19799:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:39 honeypot-ams-1 sshd[25851]: Received disconnect from 208.184.30.130 port 46884:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:09:39.434Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:11:08 honeypot-ams-1 kernel: [84070051.304794] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.91.221.105 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:11:09.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:12:16 honeypot-ams-1 sshd[25859]: Received disconnect from 61.177.173.35 port 45746:11:  [preauth]","@timestamp":"2022-09-14T22:12:17.505Z"}
{"@timestamp":"2022-09-14T22:12:49.051Z","@version":"1","message":"Sep 14 22:12:48 honeypot-sgp-1 sshd[14608]: Received disconnect from 217.165.114.155 port 46177:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:13:56 honeypot-fra-1 sshd[10559]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.212.233 port 59780","@timestamp":"2022-09-14T22:13:56.885Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:14:57 honeypot-ams-1 sshd[25864]: Disconnected from authenticating user root 61.177.172.98 port 10113 [preauth]","@timestamp":"2022-09-14T22:14:57.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:17:01 honeypot-ams-1 CRON[25869]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T22:17:01.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:18:15 honeypot-fra-1 sshd[10565]: Connection closed by invalid user tomcat 193.106.191.157 port 38158 [preauth]","@timestamp":"2022-09-14T22:18:15.985Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:18:18 honeypot-ams-1 kernel: [84070481.350755] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=27943 PROTO=TCP SPT=36567 DPT=80 WINDOW=25606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:18:18.671Z"}
{"@timestamp":"2022-09-14T22:19:19.200Z","@version":"1","message":"Sep 14 22:19:18 honeypot-sgp-1 kernel: [84070066.673579] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.100.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=59118 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:22:45 honeypot-ams-1 sshd[25877]: Disconnected from authenticating user root 79.127.55.178 port 50868 [preauth]","@timestamp":"2022-09-14T22:22:45.790Z"}
{"@timestamp":"2022-09-14T22:24:58.353Z","@version":"1","message":"Sep 14 22:24:57 honeypot-sgp-1 sshd[14620]: Received disconnect from 115.75.146.156 port 47450:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:24.390Z","@version":"1","message":"Sep 14 22:26:24 honeypot-sgp-1 sshd[14624]: Invalid user beny from 223.197.151.55 port 43553","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:46.401Z","@version":"1","message":"Sep 14 22:26:46 honeypot-sgp-1 sshd[14628]: Connection closed by invalid user pi 60.221.50.163 port 39814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:28:57.453Z","@version":"1","message":"Sep 14 22:28:57 honeypot-sgp-1 sshd[14634]: Invalid user odoo9 from 213.222.20.244 port 43234","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:29:43.473Z","@version":"1","message":"Sep 14 22:29:42 honeypot-sgp-1 sshd[14639]: Received disconnect from 61.177.173.51 port 60602:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:30:45.501Z","@version":"1","message":"Sep 14 22:30:44 honeypot-sgp-1 sshd[14645]: Invalid user admin from 103.147.4.202 port 46450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:31:05 honeypot-ams-1 sshd[25886]: Received disconnect from 61.177.173.51 port 11565:11:  [preauth]","@timestamp":"2022-09-14T22:31:06.007Z"}
{"@timestamp":"2022-09-14T22:31:43.527Z","@version":"1","message":"Sep 14 22:31:43 honeypot-sgp-1 sshd[14647]: Disconnected from invalid user postgres 202.61.105.17 port 43350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:31:56 honeypot-fra-1 kernel: [84069135.555778] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.203.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45178 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:31:57.331Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:32:22.546Z","@version":"1","message":"Sep 14 22:32:21 honeypot-sgp-1 sshd[14651]: Disconnected from authenticating user root 92.255.85.69 port 58510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:33:59.586Z","@version":"1","message":"Sep 14 22:33:59 honeypot-sgp-1 sshd[14657]: Invalid user rw from 81.16.11.250 port 54256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:35:55 honeypot-ams-1 kernel: [84071538.263724] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=19710 PROTO=TCP SPT=41615 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:35:56.138Z"}
{"@timestamp":"2022-09-14T22:37:26.668Z","@version":"1","message":"Sep 14 22:37:25 honeypot-sgp-1 sshd[14662]: Disconnected from invalid user user 141.255.162.226 port 45180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:28.669Z","@version":"1","message":"Sep 14 22:37:28 honeypot-sgp-1 sshd[14666]: Disconnected from invalid user user 141.255.162.226 port 40284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:34.672Z","@version":"1","message":"Sep 14 22:37:34 honeypot-sgp-1 sshd[14670]: Disconnected from invalid user user 141.255.162.226 port 35394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:38:35 honeypot-fra-1 sshd[10572]: Invalid user seven from 219.240.99.77 port 55354","@timestamp":"2022-09-14T22:38:36.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:38:51 honeypot-ams-1 sshd[25896]: Disconnected from authenticating user root 61.177.172.124 port 15534 [preauth]","@timestamp":"2022-09-14T22:38:52.215Z"}
{"@timestamp":"2022-09-14T22:39:12.714Z","@version":"1","message":"Sep 14 22:39:12 honeypot-sgp-1 kernel: [84071260.145364] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=53413 PROTO=TCP SPT=24971 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:40:49 honeypot-fra-1 kernel: [84069668.360784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.254.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60753 PROTO=TCP SPT=54815 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:40:49.550Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:43:56.830Z","@version":"1","message":"Sep 14 22:43:56 honeypot-sgp-1 kernel: [84071544.196948] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.44.85.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=44306 PROTO=TCP SPT=47438 DPT=80 WINDOW=24146 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:44:33 honeypot-fra-1 sshd[10579]: Disconnected from invalid user admin 186.206.151.246 port 41950 [preauth]","@timestamp":"2022-09-14T22:44:34.638Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:45:07 honeypot-ams-1 sshd[25905]: Did not receive identification string from 92.255.85.183 port 61150","@timestamp":"2022-09-14T22:45:08.377Z"}
{"@timestamp":"2022-09-14T22:49:29.963Z","@version":"1","message":"Sep 14 22:49:29 honeypot-sgp-1 sshd[14686]: Disconnected from authenticating user root 61.177.173.46 port 29378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:50:26 honeypot-ams-1 sshd[25915]: Received disconnect from 179.43.156.143 port 50218:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:50:26.517Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:50:35 honeypot-fra-1 kernel: [84070254.390861] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.83 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=25335 PROTO=TCP SPT=44029 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:50:35.773Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:51:46 honeypot-ams-1 sshd[25922]: Received disconnect from 179.43.156.143 port 43274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:51:46.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:53:02 honeypot-ams-1 sshd[25926]: Received disconnect from 179.43.156.143 port 36218:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:53:02.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:53:39 honeypot-ams-1 sshd[25931]: Disconnected from invalid user nutanix 179.43.156.143 port 60950 [preauth]","@timestamp":"2022-09-14T22:53:40.606Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:19 honeypot-fra-1 sshd[10589]: Disconnected from invalid user user 198.98.61.9 port 34836 [preauth]","@timestamp":"2022-09-14T22:54:19.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:39 honeypot-fra-1 sshd[10593]: Disconnected from invalid user user 198.98.61.9 port 56978 [preauth]","@timestamp":"2022-09-14T22:54:39.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:56 honeypot-fra-1 sshd[10597]: Disconnected from invalid user user 198.98.61.9 port 50884 [preauth]","@timestamp":"2022-09-14T22:54:56.875Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:54:56 honeypot-ams-1 sshd[25935]: Invalid user nfsnobod from 179.43.156.143 port 53934","@timestamp":"2022-09-14T22:54:57.641Z"}
{"@timestamp":"2022-09-14T22:55:04.100Z","@version":"1","message":"Sep 14 22:55:04 honeypot-sgp-1 sshd[14693]: Invalid user postgres from 202.88.244.36 port 60727","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:55:12 honeypot-fra-1 sshd[10601]: Disconnected from invalid user user 198.98.61.9 port 44792 [preauth]","@timestamp":"2022-09-14T22:55:12.882Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:55:37 honeypot-ams-1 sshd[25940]: Disconnected from authenticating user root 179.43.156.143 port 50426 [preauth]","@timestamp":"2022-09-14T22:55:37.659Z"}
{"@timestamp":"2022-09-14T22:56:12.127Z","@version":"1","message":"Sep 14 22:56:12 honeypot-sgp-1 kernel: [84072280.057988] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.81.55 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x20 TTL=115 ID=13823 DF PROTO=TCP SPT=63227 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:57:37 honeypot-ams-1 sshd[25946]: Received disconnect from 179.43.156.143 port 39920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:57:37.714Z"}
{"@timestamp":"2022-09-14T22:59:26.206Z","@version":"1","message":"Sep 14 22:59:25 honeypot-sgp-1 kernel: [84072473.605113] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=53610 PROTO=TCP SPT=54634 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:00:00 honeypot-ams-1 kernel: [84072982.677040] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 PROTO=TCP SPT=17543 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:00:00.778Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:01:16 honeypot-ams-1 sshd[25957]: Disconnected from authenticating user root 61.177.172.19 port 58963 [preauth]","@timestamp":"2022-09-14T23:01:16.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:02:19 honeypot-fra-1 sshd[10607]: Received disconnect from 45.181.32.42 port 33024:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:02:20.058Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:09:11.436Z","@version":"1","message":"Sep 14 23:09:10 honeypot-sgp-1 kernel: [84073058.795894] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.38.211 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=1878 PROTO=TCP SPT=54895 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:09:48 honeypot-ams-1 sshd[25966]: Received disconnect from 61.177.173.35 port 48495:11:  [preauth]","@timestamp":"2022-09-14T23:09:49.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:11:58 honeypot-ams-1 sshd[25971]: Invalid user admin from 46.19.141.122 port 33724","@timestamp":"2022-09-14T23:11:59.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:12:45 honeypot-fra-1 kernel: [84071584.069935] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58505 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:12:45.286Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:13:40 honeypot-ams-1 sshd[25975]: Received disconnect from 46.19.141.122 port 35242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:13:40.142Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:15 honeypot-ams-1 sshd[25980]: Received disconnect from 46.19.141.122 port 36220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:14:16.159Z"}
{"@timestamp":"2022-09-14T23:14:39.567Z","@version":"1","message":"Sep 14 23:14:39 honeypot-sgp-1 sshd[14713]: Disconnected from authenticating user root 62.171.146.208 port 38980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:15:39 honeypot-ams-1 sshd[25984]: Disconnected from authenticating user root 46.19.141.122 port 37232 [preauth]","@timestamp":"2022-09-14T23:15:40.196Z"}
{"@timestamp":"2022-09-14T23:17:02.627Z","@version":"1","message":"Sep 14 23:17:01 honeypot-sgp-1 CRON[14718]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:17:24 honeypot-fra-1 kernel: [84071863.415427] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.212.98 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52728 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:17:25.392Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:51 honeypot-fra-1 sshd[10625]: Received disconnect from 45.61.186.169 port 38290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:18:51.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:07 honeypot-fra-1 sshd[10629]: Received disconnect from 45.61.186.169 port 32962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:19:08.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:23 honeypot-fra-1 sshd[10633]: Received disconnect from 45.61.186.169 port 55862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:19:24.442Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:19:32.688Z","@version":"1","message":"Sep 14 23:19:32 honeypot-sgp-1 sshd[14724]: Disconnected from authenticating user root 92.255.85.69 port 33740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:20:27.712Z","@version":"1","message":"Sep 14 23:20:26 honeypot-sgp-1 sshd[14731]: Did not receive identification string from 45.61.186.169 port 46830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:07.730Z","@version":"1","message":"Sep 14 23:21:07 honeypot-sgp-1 sshd[14734]: Disconnected from invalid user user 45.61.186.169 port 59064 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:25.739Z","@version":"1","message":"Sep 14 23:21:25 honeypot-sgp-1 sshd[14738]: Disconnected from invalid user user 45.61.186.169 port 53614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:41.746Z","@version":"1","message":"Sep 14 23:21:41 honeypot-sgp-1 sshd[14746]: Invalid user user from 45.61.186.169 port 48144","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:49.750Z","@version":"1","message":"Sep 14 23:21:49 honeypot-sgp-1 sshd[14749]: Received disconnect from 45.61.186.169 port 59540:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:22:18 honeypot-fra-1 sshd[10637]: Disconnected from authenticating user root 92.255.85.70 port 41384 [preauth]","@timestamp":"2022-09-14T23:22:19.511Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:23:25 honeypot-ams-1 sshd[25992]: Received disconnect from 61.177.173.47 port 45350:11:  [preauth]","@timestamp":"2022-09-14T23:23:26.396Z"}
{"@timestamp":"2022-09-14T23:24:32.816Z","@version":"1","message":"Sep 14 23:24:32 honeypot-sgp-1 sshd[14755]: Received disconnect from 143.244.158.100 port 47786:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:25:29 honeypot-ams-1 sshd[25998]: Received disconnect from 159.223.79.49 port 60530:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:25:30.452Z"}
{"@timestamp":"2022-09-14T23:27:09.881Z","@version":"1","message":"Sep 14 23:27:09 honeypot-sgp-1 sshd[14762]: Received disconnect from 37.139.1.197 port 37730:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:28:17.911Z","@version":"1","message":"Sep 14 23:28:17 honeypot-sgp-1 sshd[14766]: Received disconnect from 143.244.158.100 port 60806:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:30:01.954Z","@version":"1","message":"Sep 14 23:30:00 honeypot-sgp-1 sshd[14772]: Received disconnect from 61.177.173.46 port 30476:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:30:38 honeypot-ams-1 kernel: [84074820.701390] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=194.28.112.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=27536 PROTO=TCP SPT=51499 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:30:38.586Z"}
{"@timestamp":"2022-09-14T23:31:02.981Z","@version":"1","message":"Sep 14 23:31:02 honeypot-sgp-1 sshd[14777]: Disconnected from authenticating user root 61.177.172.104 port 16043 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:33:18.039Z","@version":"1","message":"Sep 14 23:33:17 honeypot-sgp-1 sshd[14783]: Received disconnect from 143.244.158.100 port 43618:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:36:10.107Z","@version":"1","message":"Sep 14 23:36:10 honeypot-sgp-1 sshd[14790]: Received disconnect from 143.244.158.100 port 39838:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:36:57 honeypot-ams-1 kernel: [84075200.246195] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22795 PROTO=TCP SPT=58606 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:36:57.749Z"}
{"@timestamp":"2022-09-14T23:38:03.280Z","@version":"1","message":"Sep 14 23:38:02 honeypot-sgp-1 sshd[14796]: Received disconnect from 143.244.158.100 port 56888:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:40:03.328Z","@version":"1","message":"Sep 14 23:40:02 honeypot-sgp-1 sshd[14802]: Disconnected from authenticating user root 143.244.158.100 port 49456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:41:07 honeypot-ams-1 sshd[26015]: Received disconnect from 12.191.116.182 port 35304:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:41:07.859Z"}
{"@timestamp":"2022-09-14T23:42:57.398Z","@version":"1","message":"Sep 14 23:42:57 honeypot-sgp-1 sshd[14810]: Received disconnect from 92.255.85.70 port 51924:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:44:29.436Z","@version":"1","message":"Sep 14 23:44:28 honeypot-sgp-1 sshd[14816]: Received disconnect from 61.177.172.124 port 41819:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:45:26 honeypot-fra-1 sshd[10646]: Received disconnect from 92.255.85.69 port 42328:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:45:27.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:45:34.463Z","@version":"1","message":"Sep 14 23:45:34 honeypot-sgp-1 sshd[14820]: Disconnected from invalid user ds 43.155.80.159 port 41500 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:46:31 honeypot-ams-1 sshd[26022]: Received disconnect from 134.122.8.241 port 50676:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:46:32.006Z"}
{"@timestamp":"2022-09-14T23:47:43.515Z","@version":"1","message":"Sep 14 23:47:43 honeypot-sgp-1 sshd[14827]: Disconnected from authenticating user root 143.244.158.100 port 35428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:49:38.561Z","@version":"1","message":"Sep 14 23:49:38 honeypot-sgp-1 sshd[14835]: Received disconnect from 143.244.158.100 port 56854:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:51:04 honeypot-ams-1 sshd[26029]: Received disconnect from 61.177.173.50 port 31348:11:  [preauth]","@timestamp":"2022-09-14T23:51:05.130Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:51:57 honeypot-ams-1 sshd[26035]: Received disconnect from 51.250.30.155 port 43248:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:51:58.156Z"}
{"@timestamp":"2022-09-14T23:52:22.627Z","@version":"1","message":"Sep 14 23:52:21 honeypot-sgp-1 sshd[14843]: Received disconnect from 143.244.158.100 port 42614:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:52:59 honeypot-ams-1 sshd[26039]: Connection closed by invalid user user 103.188.176.251 port 53450 [preauth]","@timestamp":"2022-09-14T23:53:00.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:53:54 honeypot-ams-1 sshd[26046]: Disconnected from invalid user user 45.61.186.249 port 41476 [preauth]","@timestamp":"2022-09-14T23:53:55.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:13 honeypot-ams-1 sshd[26052]: Invalid user user from 45.61.186.249 port 36610","@timestamp":"2022-09-14T23:54:14.225Z"}
{"@timestamp":"2022-09-14T23:54:16.674Z","@version":"1","message":"Sep 14 23:54:16 honeypot-sgp-1 sshd[14850]: Received disconnect from 143.244.158.100 port 35762:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:31 honeypot-ams-1 sshd[26056]: Invalid user user from 45.61.186.249 port 59930","@timestamp":"2022-09-14T23:54:31.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:48 honeypot-ams-1 sshd[26060]: Invalid user user from 45.61.186.249 port 55034","@timestamp":"2022-09-14T23:54:48.244Z"}
{"@timestamp":"2022-09-14T23:56:57.739Z","@version":"1","message":"Sep 14 23:56:57 honeypot-sgp-1 sshd[14856]: Received disconnect from 143.244.158.100 port 56846:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:58:35 honeypot-fra-1 kernel: [84074334.757510] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=53449 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:58:36.317Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:14 honeypot-fra-1 sshd[10655]: Received disconnect from 45.61.186.169 port 48708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:59:15.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:32 honeypot-fra-1 sshd[10659]: Received disconnect from 45.61.186.169 port 43518:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:59:32.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:59:46.807Z","@version":"1","message":"Sep 14 23:59:46 honeypot-sgp-1 sshd[14864]: Received disconnect from 61.177.173.51 port 16955:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:48 honeypot-fra-1 sshd[10663]: Received disconnect from 45.61.186.169 port 38328:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:59:49.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:01:20 honeypot-ams-1 sshd[26063]: Disconnected from authenticating user root 61.177.173.49 port 13983 [preauth]","@timestamp":"2022-09-15T00:01:20.416Z"}
{"@timestamp":"2022-09-15T00:01:52.859Z","@version":"1","message":"Sep 15 00:01:52 honeypot-sgp-1 sshd[14870]: Received disconnect from 143.244.158.100 port 51032:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:03:50.907Z","@version":"1","message":"Sep 15 00:03:50 honeypot-sgp-1 sshd[14875]: Disconnected from authenticating user root 143.244.158.100 port 37958 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:05:49.957Z","@version":"1","message":"Sep 15 00:05:49 honeypot-sgp-1 sshd[14881]: Disconnected from authenticating user root 143.244.158.100 port 34692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:07:49.007Z","@version":"1","message":"Sep 15 00:07:48 honeypot-sgp-1 sshd[14887]: Received disconnect from 143.244.158.100 port 58640:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:08:50 honeypot-ams-1 kernel: [84077113.592796] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14121 PROTO=TCP SPT=40003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:08:51.614Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:09:28 honeypot-fra-1 sshd[10668]: Disconnected from authenticating user root 92.255.85.70 port 58734 [preauth]","@timestamp":"2022-09-15T00:09:28.569Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:09:44.053Z","@version":"1","message":"Sep 15 00:09:43 honeypot-sgp-1 sshd[14892]: Received disconnect from 61.177.173.46 port 12516:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:12:10.109Z","@version":"1","message":"Sep 15 00:12:09 honeypot-sgp-1 sshd[14900]: Invalid user chinchilla from 179.104.53.194 port 58316","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:12:46.126Z","@version":"1","message":"Sep 15 00:12:45 honeypot-sgp-1 sshd[14904]: Received disconnect from 143.244.158.100 port 46284:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:14:25 honeypot-fra-1 sshd[10672]: Invalid user darioopen from 37.77.105.29 port 47342","@timestamp":"2022-09-15T00:14:25.685Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:15:51 honeypot-ams-1 sshd[26076]: Did not receive identification string from 45.61.186.49 port 51642","@timestamp":"2022-09-15T00:15:51.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:16 honeypot-ams-1 sshd[26079]: Disconnected from invalid user user 45.61.186.49 port 46216 [preauth]","@timestamp":"2022-09-15T00:16:16.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:25 honeypot-ams-1 sshd[26083]: Disconnected from invalid user user 45.61.186.49 port 57820 [preauth]","@timestamp":"2022-09-15T00:16:26.820Z"}
{"@timestamp":"2022-09-15T00:17:02.227Z","@version":"1","message":"Sep 15 00:17:01 honeypot-sgp-1 CRON[14913]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:18:09 honeypot-fra-1 sshd[10680]: Invalid user ih from 128.199.128.68 port 39298","@timestamp":"2022-09-15T00:18:10.803Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:20:03.300Z","@version":"1","message":"Sep 15 00:20:02 honeypot-sgp-1 sshd[14920]: Disconnected from authenticating user root 104.236.237.117 port 52271 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:22 honeypot-ams-1 sshd[26093]: Did not receive identification string from 141.255.162.226 port 49588","@timestamp":"2022-09-15T00:22:22.978Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:34 honeypot-ams-1 sshd[26096]: Disconnected from invalid user user 141.255.162.226 port 34448 [preauth]","@timestamp":"2022-09-15T00:22:34.985Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:38 honeypot-ams-1 sshd[26100]: Disconnected from invalid user user 141.255.162.226 port 39932 [preauth]","@timestamp":"2022-09-15T00:22:38.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:39 honeypot-ams-1 sshd[26104]: Disconnected from invalid user user 141.255.162.226 port 48370 [preauth]","@timestamp":"2022-09-15T00:22:39.989Z"}
{"@timestamp":"2022-09-15T00:23:27.381Z","@version":"1","message":"Sep 15 00:23:26 honeypot-sgp-1 sshd[14927]: Disconnected from authenticating user root 61.177.173.37 port 34041 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:25:01.419Z","@version":"1","message":"Sep 15 00:25:00 honeypot-sgp-1 sshd[14931]: Disconnected from invalid user ha 20.87.8.78 port 38884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:30:11.545Z","@version":"1","message":"Sep 15 00:30:11 honeypot-sgp-1 sshd[14936]: Received disconnect from 92.255.85.70 port 59236:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:31:11 honeypot-ams-1 kernel: [84078454.190191] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=12874 PROTO=TCP SPT=49036 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:31:12.213Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:32:22 honeypot-fra-1 sshd[10688]: Disconnected from authenticating user root 92.255.85.69 port 19292 [preauth]","@timestamp":"2022-09-15T00:32:23.122Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:33:47.633Z","@version":"1","message":"Sep 15 00:33:46 honeypot-sgp-1 sshd[14942]: Connection closed by invalid user ubnt 179.60.147.69 port 37974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:34:26 honeypot-ams-1 kernel: [84078649.036397] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=8212 PROTO=TCP SPT=42348 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:34:27.303Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:35:28 honeypot-fra-1 sshd[10694]: Received disconnect from 165.22.45.108 port 33136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:35:29.197Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:36:56 honeypot-ams-1 sshd[26122]: Disconnected from authenticating user root 111.67.197.237 port 32940 [preauth]","@timestamp":"2022-09-15T00:36:57.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:39:58 honeypot-ams-1 sshd[26128]: Received disconnect from 61.177.173.49 port 41578:11:  [preauth]","@timestamp":"2022-09-15T00:39:58.452Z"}
{"@timestamp":"2022-09-15T00:40:24.790Z","@version":"1","message":"Sep 15 00:40:24 honeypot-sgp-1 sshd[14948]: Disconnected from invalid user applmgr 20.55.113.203 port 1024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:43:12.857Z","@version":"1","message":"Sep 15 00:43:12 honeypot-sgp-1 sshd[14954]: Invalid user admin from 128.199.168.83 port 48558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:45:03.903Z","@version":"1","message":"Sep 15 00:45:03 honeypot-sgp-1 sshd[14960]: Received disconnect from 61.177.173.36 port 27768:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:49:45 honeypot-ams-1 sshd[26133]: Received disconnect from 61.177.173.49 port 21007:11:  [preauth]","@timestamp":"2022-09-15T00:49:46.722Z"}
{"@timestamp":"2022-09-15T00:52:41.101Z","@version":"1","message":"Sep 15 00:52:41 honeypot-sgp-1 sshd[14969]: Received disconnect from 61.177.172.114 port 15644:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:55:27 honeypot-fra-1 sshd[10699]: Received disconnect from 111.99.190.118 port 43412:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:55:27.659Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:58:57 honeypot-ams-1 sshd[26143]: Received disconnect from 92.255.85.70 port 60318:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:58:57.962Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:59:25 honeypot-fra-1 sshd[10703]: Disconnected from authenticating user root 200.66.77.178 port 41354 [preauth]","@timestamp":"2022-09-15T00:59:25.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:03:41 honeypot-ams-1 kernel: [84080403.710539] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=93.51.100.95 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=62396 PROTO=TCP SPT=15921 DPT=80 WINDOW=44721 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:03:42.090Z"}
{"@timestamp":"2022-09-15T01:03:54.383Z","@version":"1","message":"Sep 15 01:03:53 honeypot-sgp-1 sshd[14978]: Received disconnect from 43.154.138.122 port 52176:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:04:08 honeypot-fra-1 kernel: [84078267.487095] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=52936 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:04:08.870Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:09:01 honeypot-ams-1 sshd[26151]: Disconnected from authenticating user root 61.177.173.51 port 59357 [preauth]","@timestamp":"2022-09-15T01:09:02.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:33 honeypot-fra-1 sshd[10714]: Received disconnect from 45.61.186.169 port 40794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:10:34.106Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:49 honeypot-fra-1 sshd[10718]: Invalid user user from 45.61.186.169 port 35436","@timestamp":"2022-09-15T01:10:50.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:11:05 honeypot-fra-1 sshd[10723]: Invalid user user from 45.61.186.169 port 58308","@timestamp":"2022-09-15T01:11:06.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:11:38 honeypot-fra-1 sshd[10727]: Invalid user guest from 179.60.147.69 port 42074","@timestamp":"2022-09-15T01:11:38.134Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:15:50.681Z","@version":"1","message":"Sep 15 01:15:50 honeypot-sgp-1 kernel: [84080658.353917] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.143.203.59 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=15368 PROTO=TCP SPT=49190 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:16:19 honeypot-ams-1 sshd[26161]: Invalid user tomcat from 193.106.191.157 port 37144","@timestamp":"2022-09-15T01:16:20.422Z"}
{"@timestamp":"2022-09-15T01:17:40.726Z","@version":"1","message":"Sep 15 01:17:40 honeypot-sgp-1 sshd[14994]: Disconnected from authenticating user root 61.177.173.49 port 57462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:20:47.802Z","@version":"1","message":"Sep 15 01:20:46 honeypot-sgp-1 kernel: [84080954.893551] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=56606 DF PROTO=TCP SPT=49153 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:21:50 honeypot-ams-1 sshd[26174]: Received disconnect from 92.255.85.69 port 49852:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:21:50.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:27:30 honeypot-fra-1 sshd[10740]: Received disconnect from 165.22.45.108 port 38178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:27:30.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:28:07.978Z","@version":"1","message":"Sep 15 01:28:07 honeypot-sgp-1 sshd[15024]: Received disconnect from 152.254.197.149 port 33622:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:30:57 honeypot-fra-1 sshd[10743]: Disconnected from invalid user user 45.61.184.204 port 39318 [preauth]","@timestamp":"2022-09-15T01:30:58.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:16 honeypot-fra-1 sshd[10759]: Disconnected from invalid user user 45.61.184.204 port 34862 [preauth]","@timestamp":"2022-09-15T01:31:16.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:33 honeypot-fra-1 sshd[10763]: Disconnected from invalid user user 45.61.184.204 port 58624 [preauth]","@timestamp":"2022-09-15T01:31:34.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:52 honeypot-fra-1 sshd[10771]: Disconnected from invalid user user 45.61.184.204 port 54168 [preauth]","@timestamp":"2022-09-15T01:31:52.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:34:31 honeypot-ams-1 kernel: [84082253.609977] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.9.190.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=14099 PROTO=TCP SPT=33235 DPT=80 WINDOW=50509 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:34:31.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:35:54 honeypot-ams-1 sshd[26191]: Received disconnect from 61.177.173.36 port 49960:11:  [preauth]","@timestamp":"2022-09-15T01:35:54.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:36:51 honeypot-fra-1 sshd[10787]: Connection closed by invalid user admin 141.98.10.158 port 36418 [preauth]","@timestamp":"2022-09-15T01:36:51.717Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:38:20 honeypot-ams-1 sshd[26196]: Disconnected from authenticating user root 61.177.173.49 port 48263 [preauth]","@timestamp":"2022-09-15T01:38:21.003Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:39:41 honeypot-fra-1 sshd[10795]: Connection closed by 167.172.148.206 port 36712 [preauth]","@timestamp":"2022-09-15T01:39:41.785Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:39:49.254Z","@version":"1","message":"Sep 15 01:39:48 honeypot-sgp-1 sshd[15031]: Received disconnect from 92.255.85.69 port 38134:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:45:46 honeypot-fra-1 sshd[10802]: Invalid user tomcat from 193.106.191.157 port 53364","@timestamp":"2022-09-15T01:45:46.926Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:46:08.407Z","@version":"1","message":"Sep 15 01:46:07 honeypot-sgp-1 kernel: [84082475.418754] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.196.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55931 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:14 honeypot-ams-1 sshd[26206]: Invalid user support from 179.60.147.69 port 34030","@timestamp":"2022-09-15T01:50:15.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:21 honeypot-ams-1 sshd[26211]: Received disconnect from 141.255.162.226 port 36324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:50:22.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:24 honeypot-ams-1 sshd[26215]: Received disconnect from 141.255.162.226 port 44706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:50:25.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:30 honeypot-ams-1 sshd[26219]: Received disconnect from 141.255.162.226 port 49990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:50:31.325Z"}
{"@timestamp":"2022-09-15T01:52:57.569Z","@version":"1","message":"Sep 15 01:52:57 honeypot-sgp-1 sshd[15041]: Disconnected from invalid user wp-user 36.156.145.28 port 37738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:53:16 honeypot-ams-1 kernel: [84083379.238629] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=35536 PROTO=TCP SPT=56701 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:53:17.399Z"}
{"@timestamp":"2022-09-15T01:59:19.723Z","@version":"1","message":"Sep 15 01:59:19 honeypot-sgp-1 kernel: [84083267.487199] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=53336 DF PROTO=TCP SPT=63194 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:01:33.780Z","@version":"1","message":"Sep 15 02:01:32 honeypot-sgp-1 sshd[15054]: Disconnected from authenticating user root 64.227.172.225 port 59626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:01:48 honeypot-fra-1 sshd[10808]: Invalid user teamspeak from 206.189.126.211 port 60504","@timestamp":"2022-09-15T02:01:49.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:05:55 honeypot-fra-1 sshd[10814]: Received disconnect from 92.255.85.70 port 48844:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:05:55.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:06:09 honeypot-fra-1 sshd[10812]: Received disconnect from 97.64.122.66 port 8350:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:06:10.413Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T02:06:38.905Z","@version":"1","message":"Sep 15 02:06:38 honeypot-sgp-1 sshd[15062]: Received disconnect from 157.230.254.228 port 54974:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:07:29 honeypot-ams-1 sshd[26235]: Received disconnect from 61.177.173.46 port 24085:11:  [preauth]","@timestamp":"2022-09-15T02:07:29.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26241]: Disconnecting authenticating user root 89.163.142.195 port 53616: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:14.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26247]: error: maximum authentication attempts exceeded for invalid user admin from 89.163.142.195 port 53624 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:14.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26251]: Received disconnect from 89.163.142.195 port 53630:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26255]: error: maximum authentication attempts exceeded for invalid user oracle from 89.163.142.195 port 53636 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26259]: error: maximum authentication attempts exceeded for invalid user usuario from 89.163.142.195 port 53640 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26263]: Received disconnect from 89.163.142.195 port 53644:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26267]: error: maximum authentication attempts exceeded for invalid user test from 89.163.142.195 port 53650 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26271]: error: maximum authentication attempts exceeded for invalid user user from 89.163.142.195 port 53658 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26275]: Received disconnect from 89.163.142.195 port 53662:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26279]: error: maximum authentication attempts exceeded for invalid user ftpuser from 89.163.142.195 port 53668 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26283]: error: maximum authentication attempts exceeded for invalid user test1 from 89.163.142.195 port 53674 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26287]: Received disconnect from 89.163.142.195 port 53678:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26291]: error: maximum authentication attempts exceeded for invalid user test2 from 89.163.142.195 port 53686 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26295]: Received disconnect from 89.163.142.195 port 53690:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26299]: error: maximum authentication attempts exceeded for invalid user ubuntu from 89.163.142.195 port 53694 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26303]: Received disconnect from 89.163.142.195 port 53700:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:21 honeypot-ams-1 sshd[26307]: Received disconnect from 89.163.142.195 port 53704:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:12:01 honeypot-ams-1 sshd[26312]: Disconnected from authenticating user root 193.142.146.50 port 58096 [preauth]","@timestamp":"2022-09-15T02:12:02.899Z"}
{"@timestamp":"2022-09-15T02:12:28.067Z","@version":"1","message":"Sep 15 02:12:27 honeypot-sgp-1 kernel: [84084055.508781] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=27527 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:13:28 honeypot-ams-1 sshd[26317]: Disconnected from authenticating user root 193.142.146.50 port 54276 [preauth]","@timestamp":"2022-09-15T02:13:28.938Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:14:07 honeypot-ams-1 sshd[26323]: Disconnected from authenticating user root 193.142.146.50 port 50456 [preauth]","@timestamp":"2022-09-15T02:14:07.958Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:15:43 honeypot-ams-1 sshd[26329]: Received disconnect from 193.142.146.50 port 35950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:15:44.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:17:01 honeypot-ams-1 CRON[26333]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T02:17:02.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:15 honeypot-ams-1 sshd[26343]: Disconnected from invalid user user 141.255.162.226 port 46692 [preauth]","@timestamp":"2022-09-15T02:18:16.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:18 honeypot-ams-1 sshd[26347]: Disconnected from invalid user user 141.255.162.226 port 34984 [preauth]","@timestamp":"2022-09-15T02:18:18.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:21 honeypot-ams-1 sshd[26351]: Disconnected from invalid user user 141.255.162.226 port 51524 [preauth]","@timestamp":"2022-09-15T02:18:22.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:25 honeypot-ams-1 sshd[26355]: Disconnected from invalid user user 141.255.162.226 port 39836 [preauth]","@timestamp":"2022-09-15T02:18:26.080Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:19:12 honeypot-fra-1 kernel: [84082770.834850] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=41709 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:19:12.711Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T02:19:24.238Z","@version":"1","message":"Sep 15 02:19:23 honeypot-sgp-1 kernel: [84084471.561119] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=30184 DF PROTO=TCP SPT=51892 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:21:40.297Z","@version":"1","message":"Sep 15 02:21:39 honeypot-sgp-1 sshd[15077]: Disconnected from authenticating user root 61.177.172.124 port 27506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:24:26 honeypot-fra-1 sshd[10847]: Connection closed by invalid user support 179.60.147.69 port 63060 [preauth]","@timestamp":"2022-09-15T02:24:27.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:27:23 honeypot-ams-1 sshd[26368]: Received disconnect from 167.99.147.105 port 60550:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:27:24.316Z"}
{"@timestamp":"2022-09-15T02:28:50.475Z","@version":"1","message":"Sep 15 02:28:50 honeypot-sgp-1 kernel: [84085038.184051] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33226 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:29:00 honeypot-fra-1 sshd[10851]: Received disconnect from 92.255.85.70 port 22504:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:29:00.937Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:29:50 honeypot-ams-1 sshd[26372]: Invalid user admin from 59.30.229.42 port 58066","@timestamp":"2022-09-15T02:29:51.383Z"}
{"@timestamp":"2022-09-15T02:31:56.552Z","@version":"1","message":"Sep 15 02:31:55 honeypot-sgp-1 sshd[15088]: Disconnected from invalid user mo 192.241.174.44 port 60850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:32:26 honeypot-ams-1 kernel: [84085728.808021] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35895 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:32:26.455Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:34:12 honeypot-fra-1 sshd[10854]: Disconnected from 190.153.222.250 port 34615 [preauth]","@timestamp":"2022-09-15T02:34:13.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T02:37:06.678Z","@version":"1","message":"Sep 15 02:37:06 honeypot-sgp-1 kernel: [84085534.098906] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=48731 DF PROTO=TCP SPT=59781 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:38:14 honeypot-ams-1 sshd[26384]: Connection reset by 61.177.173.51 port 22966 [preauth]","@timestamp":"2022-09-15T02:38:15.607Z"}
{"@timestamp":"2022-09-15T02:44:39.864Z","@version":"1","message":"Sep 15 02:44:39 honeypot-sgp-1 kernel: [84085987.397714] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=144.255.16.183 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=12359 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:47:17 honeypot-ams-1 sshd[26397]: Invalid user bianyuzhe from 137.116.144.39 port 34286","@timestamp":"2022-09-15T02:47:17.841Z"}
{"@timestamp":"2022-09-15T02:49:37.987Z","@version":"1","message":"Sep 15 02:49:37 honeypot-sgp-1 sshd[15107]: Disconnected from authenticating user root 92.255.85.69 port 34442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:21 honeypot-ams-1 sshd[26407]: Invalid user user from 45.61.184.204 port 57796","@timestamp":"2022-09-15T02:52:21.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:41 honeypot-ams-1 sshd[26411]: Invalid user user from 45.61.184.204 port 52210","@timestamp":"2022-09-15T02:52:41.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:59 honeypot-ams-1 sshd[26415]: Invalid user user from 45.61.184.204 port 46652","@timestamp":"2022-09-15T02:52:59.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:53:49 honeypot-fra-1 kernel: [84084847.932465] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=32713 PROTO=TCP SPT=55466 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:53:50.498Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:54:02 honeypot-ams-1 kernel: [84087024.532165] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.224.71.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=8554 DF PROTO=TCP SPT=39035 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:54:02.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:56:29 honeypot-fra-1 sshd[10862]: Disconnected from invalid user info 51.83.131.123 port 36612 [preauth]","@timestamp":"2022-09-15T02:56:29.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:59:10 honeypot-ams-1 sshd[26426]: Disconnected from authenticating user root 61.177.172.19 port 17687 [preauth]","@timestamp":"2022-09-15T02:59:11.158Z"}
{"@timestamp":"2022-09-15T03:04:09.345Z","@version":"1","message":"Sep 15 03:04:08 honeypot-sgp-1 sshd[15119]: Received disconnect from 61.177.172.19 port 11042:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:05:39 honeypot-ams-1 sshd[26433]: Disconnected from authenticating user root 61.177.173.46 port 29263 [preauth]","@timestamp":"2022-09-15T03:05:40.330Z"}
{"@timestamp":"2022-09-15T03:08:58.469Z","@version":"1","message":"Sep 15 03:08:57 honeypot-sgp-1 sshd[15124]: Invalid user fedor from 180.250.115.121 port 53045","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:12:04 honeypot-ams-1 sshd[26438]: Disconnected from authenticating user root 51.15.105.243 port 41074 [preauth]","@timestamp":"2022-09-15T03:12:05.494Z"}
{"@timestamp":"2022-09-15T03:13:06.573Z","@version":"1","message":"Sep 15 03:13:05 honeypot-sgp-1 sshd[15128]: Disconnected from authenticating user root 92.255.85.69 port 40390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:14:00 honeypot-fra-1 kernel: [84086058.532642] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=110.77.230.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18069 DF PROTO=TCP SPT=1620 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:14:00.952Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:15:18 honeypot-ams-1 sshd[26445]: Received disconnect from 68.183.88.186 port 35048:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:15:18.576Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10878]: Invalid user ftptest from 160.86.90.2 port 46252","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10875]: Connection closed by authenticating user root 160.86.90.2 port 46424 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:44 honeypot-fra-1 sshd[10892]: Invalid user testuser from 160.86.90.2 port 46376","@timestamp":"2022-09-15T03:15:44.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:44 honeypot-fra-1 sshd[10890]: Connection closed by invalid user teamspeak 160.86.90.2 port 46224 [preauth]","@timestamp":"2022-09-15T03:15:44.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10901]: Invalid user steam from 160.86.90.2 port 46340","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10901]: Connection closed by invalid user steam 160.86.90.2 port 46340 [preauth]","@timestamp":"2022-09-15T03:15:46.995Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:17:01 honeypot-fra-1 CRON[10913]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T03:17:02.026Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:17:42.689Z","@version":"1","message":"Sep 15 03:17:42 honeypot-sgp-1 sshd[15137]: Received disconnect from 61.177.173.39 port 50682:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:18:30 honeypot-ams-1 kernel: [84088492.593219] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.28.218.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57239 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:18:30.674Z"}
{"@timestamp":"2022-09-15T03:21:16.783Z","@version":"1","message":"Sep 15 03:21:16 honeypot-sgp-1 kernel: [84088184.279377] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=147.182.152.186 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56175 PROTO=TCP SPT=15539 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:23 honeypot-fra-1 sshd[10920]: Received disconnect from 45.61.186.169 port 51792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:22:24.150Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:38 honeypot-fra-1 sshd[10924]: Disconnected from authenticating user root 157.245.122.58 port 54298 [preauth]","@timestamp":"2022-09-15T03:22:39.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:50 honeypot-fra-1 sshd[10928]: Disconnected from invalid user user 45.61.186.169 port 58450 [preauth]","@timestamp":"2022-09-15T03:22:51.163Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:09 honeypot-fra-1 sshd[10932]: Received disconnect from 45.61.186.169 port 53474:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:10.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:23 honeypot-fra-1 sshd[10937]: Invalid user user from 141.255.162.226 port 51508","@timestamp":"2022-09-15T03:23:24.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:24 honeypot-fra-1 sshd[10941]: Invalid user user from 141.255.162.226 port 39284","@timestamp":"2022-09-15T03:23:25.181Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:30 honeypot-fra-1 kernel: [84086628.861133] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.197.34.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=30331 PROTO=TCP SPT=57941 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:23:31.183Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:31 honeypot-fra-1 sshd[10947]: Disconnected from invalid user user 141.255.162.226 port 35070 [preauth]","@timestamp":"2022-09-15T03:23:32.184Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:23:39 honeypot-ams-1 kernel: [84088801.804871] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=7521 PROTO=TCP SPT=24810 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:23:39.808Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:39 honeypot-fra-1 sshd[10951]: Disconnected from invalid user odoo 157.245.122.58 port 39606 [preauth]","@timestamp":"2022-09-15T03:23:40.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:24:37 honeypot-fra-1 sshd[10958]: Invalid user engenhar from 103.180.95.2 port 60942","@timestamp":"2022-09-15T03:24:38.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:25:19 honeypot-fra-1 sshd[10962]: Received disconnect from 45.240.88.234 port 32904:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:25:19.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:26:34 honeypot-fra-1 sshd[10966]: Received disconnect from 157.245.122.58 port 51996:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:26:35.260Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:27:28 honeypot-fra-1 sshd[10970]: Disconnected from invalid user jonitiso 157.245.122.58 port 37306 [preauth]","@timestamp":"2022-09-15T03:27:28.282Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:29:54.998Z","@version":"1","message":"Sep 15 03:29:54 honeypot-sgp-1 sshd[15148]: Invalid user deon from 190.129.60.125 port 38602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:30:53 honeypot-ams-1 sshd[26464]: Disconnected from authenticating user root 61.177.173.52 port 53756 [preauth]","@timestamp":"2022-09-15T03:30:53.995Z"}
{"@timestamp":"2022-09-15T03:34:11.104Z","@version":"1","message":"Sep 15 03:34:11 honeypot-sgp-1 sshd[15152]: Received disconnect from 104.244.75.159 port 55354:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:35:00 honeypot-fra-1 kernel: [84087319.202343] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=6867 PROTO=TCP SPT=20240 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:35:01.453Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T03:36:32.163Z","@version":"1","message":"Sep 15 03:36:31 honeypot-sgp-1 kernel: [84089099.726424] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21413 PROTO=TCP SPT=57822 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:39:27.239Z","@version":"1","message":"Sep 15 03:39:27 honeypot-sgp-1 sshd[15162]: Invalid user user from 179.60.147.69 port 53446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:42:38 honeypot-fra-1 sshd[10981]: Invalid user tomcat from 193.106.191.157 port 35938","@timestamp":"2022-09-15T03:42:39.629Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:43:09 honeypot-ams-1 sshd[26475]: Connection closed by invalid user user 179.60.147.69 port 53086 [preauth]","@timestamp":"2022-09-15T03:43:10.301Z"}
{"@timestamp":"2022-09-15T03:47:12.431Z","@version":"1","message":"Sep 15 03:47:11 honeypot-sgp-1 sshd[15171]: Received disconnect from 61.177.173.37 port 46059:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:51:59 honeypot-ams-1 sshd[26485]: Disconnected from invalid user user 198.98.61.9 port 40044 [preauth]","@timestamp":"2022-09-15T03:52:00.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:20 honeypot-ams-1 sshd[26489]: Disconnected from invalid user user 198.98.61.9 port 35354 [preauth]","@timestamp":"2022-09-15T03:52:20.538Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:40 honeypot-ams-1 sshd[26493]: Disconnected from invalid user user 198.98.61.9 port 58916 [preauth]","@timestamp":"2022-09-15T03:52:41.549Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:53:00 honeypot-ams-1 sshd[26497]: Disconnected from invalid user user 198.98.61.9 port 54242 [preauth]","@timestamp":"2022-09-15T03:53:00.558Z"}
{"@timestamp":"2022-09-15T03:53:13.582Z","@version":"1","message":"Sep 15 03:53:13 honeypot-sgp-1 sshd[15180]: Received disconnect from 61.177.173.49 port 18030:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:54:16 honeypot-fra-1 kernel: [84088474.987226] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63829 PROTO=TCP SPT=58933 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:54:16.894Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T03:57:14.682Z","@version":"1","message":"Sep 15 03:57:14 honeypot-sgp-1 sshd[15184]: Invalid user vpl from 220.203.8.38 port 55330","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:00:20 honeypot-ams-1 sshd[26506]: Received disconnect from 60.196.69.234 port 39995:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:00:20.749Z"}
{"@timestamp":"2022-09-15T04:00:48.772Z","@version":"1","message":"Sep 15 04:00:48 honeypot-sgp-1 kernel: [84090556.506042] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=118 ID=26615 PROTO=TCP SPT=47879 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:03:38 honeypot-ams-1 sshd[26510]: Disconnected from authenticating user root 157.245.122.58 port 54082 [preauth]","@timestamp":"2022-09-15T04:03:38.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:05:44 honeypot-ams-1 sshd[26515]: Disconnected from invalid user tenancy 157.245.122.58 port 52920 [preauth]","@timestamp":"2022-09-15T04:05:44.892Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:05:46 honeypot-fra-1 sshd[10990]: Disconnected from invalid user la 165.22.45.108 port 53350 [preauth]","@timestamp":"2022-09-15T04:05:47.154Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:06:40 honeypot-ams-1 sshd[26521]: Disconnected from invalid user data.user 157.245.122.58 port 38238 [preauth]","@timestamp":"2022-09-15T04:06:40.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:08:07 honeypot-ams-1 sshd[26525]: Disconnected from invalid user git 189.112.0.11 port 50124 [preauth]","@timestamp":"2022-09-15T04:08:07.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:09:30 honeypot-ams-1 sshd[26529]: Disconnected from invalid user cypress 157.245.122.58 port 50620 [preauth]","@timestamp":"2022-09-15T04:09:30.994Z"}
{"@timestamp":"2022-09-15T04:11:49.046Z","@version":"1","message":"Sep 15 04:11:48 honeypot-sgp-1 sshd[15194]: Did not receive identification string from 193.142.146.50 port 53372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:12:19.062Z","@version":"1","message":"Sep 15 04:12:18 honeypot-sgp-1 sshd[15199]: Disconnected from authenticating user root 193.142.146.50 port 46724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:13:12.086Z","@version":"1","message":"Sep 15 04:13:12 honeypot-sgp-1 sshd[15204]: Disconnected from invalid user superadmin 46.101.31.237 port 37678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:14:14.115Z","@version":"1","message":"Sep 15 04:14:13 honeypot-sgp-1 sshd[15210]: Disconnected from authenticating user root 193.142.146.50 port 49828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:16:05.162Z","@version":"1","message":"Sep 15 04:16:04 honeypot-sgp-1 sshd[15216]: Invalid user admin from 193.142.146.50 port 52928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:19:35.255Z","@version":"1","message":"Sep 15 04:19:34 honeypot-sgp-1 sshd[15222]: Invalid user default from 179.60.147.69 port 4044","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:20:02 honeypot-ams-1 kernel: [84092184.917850] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.198.86.183 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=33409 PROTO=TCP SPT=51787 DPT=443 WINDOW=37400 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:20:03.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:20:50 honeypot-fra-1 sshd[10997]: Connection closed by invalid user default 179.60.147.69 port 55148 [preauth]","@timestamp":"2022-09-15T04:20:50.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:32 honeypot-fra-1 sshd[11002]: Received disconnect from 141.255.162.226 port 33372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:21:33.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:39 honeypot-fra-1 sshd[11006]: Received disconnect from 141.255.162.226 port 47652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:21:39.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:40 honeypot-fra-1 sshd[11010]: Received disconnect from 141.255.162.226 port 40840:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:21:40.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T04:26:31.428Z","@version":"1","message":"Sep 15 04:26:31 honeypot-sgp-1 kernel: [84092098.909972] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=47949 PROTO=TCP SPT=55664 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:27:13 honeypot-ams-1 kernel: [84092615.905879] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=56814 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:27:13.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:28:16 honeypot-fra-1 sshd[11015]: Invalid user tomcat from 193.106.191.157 port 38368","@timestamp":"2022-09-15T04:28:17.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:30:01 honeypot-ams-1 kernel: [84092783.661675] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41615 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:30:01.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:44:58 honeypot-fra-1 kernel: [84091516.457244] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6858 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:44:59.053Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11027]: Invalid user postgres from 45.127.108.174 port 42404","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11030]: Invalid user oracle from 45.127.108.174 port 42398","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11035]: Invalid user lighthouse from 45.127.108.174 port 42400","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11024]: Connection closed by invalid user chia 45.127.108.174 port 42280 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11058]: Invalid user zabbix from 45.127.108.174 port 42392","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11029]: Connection closed by invalid user es 45.127.108.174 port 42374 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11039]: Connection closed by invalid user mysql 45.127.108.174 port 42424 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11046]: Connection closed by authenticating user root 45.127.108.174 port 42416 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11058]: Connection closed by invalid user zabbix 45.127.108.174 port 42392 [preauth]","@timestamp":"2022-09-15T04:50:13.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:52:49 honeypot-fra-1 sshd[11090]: Connection closed by authenticating user root 103.188.176.251 port 57534 [preauth]","@timestamp":"2022-09-15T04:52:49.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:52:59 honeypot-ams-1 sshd[26547]: Disconnected from authenticating user root 92.255.85.70 port 39858 [preauth]","@timestamp":"2022-09-15T04:53:00.127Z"}
{"@timestamp":"2022-09-15T04:56:03.165Z","@version":"1","message":"Sep 15 04:56:02 honeypot-sgp-1 kernel: [84093870.542464] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=14289 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:58:51 honeypot-fra-1 sshd[11097]: Disconnected from invalid user la 165.22.45.108 port 58410 [preauth]","@timestamp":"2022-09-15T04:58:51.386Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:02:26.326Z","@version":"1","message":"Sep 15 05:02:25 honeypot-sgp-1 sshd[15236]: Invalid user supra from 37.77.105.29 port 33354","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:37 honeypot-fra-1 sshd[11104]: Received disconnect from 45.61.186.249 port 59668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:02:38.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:56 honeypot-fra-1 sshd[11108]: Received disconnect from 45.61.186.249 port 54268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:02:57.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:12 honeypot-fra-1 sshd[11112]: Received disconnect from 45.61.186.249 port 48872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:03:13.511Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:04:39.382Z","@version":"1","message":"Sep 15 05:04:38 honeypot-sgp-1 sshd[15239]: Received disconnect from 45.61.186.169 port 37270:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:04:56.390Z","@version":"1","message":"Sep 15 05:04:56 honeypot-sgp-1 sshd[15243]: Received disconnect from 45.61.186.169 port 60568:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:13.399Z","@version":"1","message":"Sep 15 05:05:12 honeypot-sgp-1 sshd[15247]: Invalid user user from 45.61.186.169 port 55622","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:28.407Z","@version":"1","message":"Sep 15 05:05:27 honeypot-sgp-1 sshd[15251]: Invalid user user from 45.61.186.169 port 50664","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:08:10 honeypot-fra-1 kernel: [84092908.677434] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=261 DF PROTO=TCP SPT=54694 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:08:10.624Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:05 honeypot-ams-1 sshd[26993]: Invalid user user from 45.61.186.169 port 42702","@timestamp":"2022-09-15T05:14:06.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:22 honeypot-ams-1 sshd[26997]: Invalid user user from 45.61.186.169 port 37754","@timestamp":"2022-09-15T05:14:22.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:38 honeypot-ams-1 sshd[27001]: Invalid user user from 45.61.186.169 port 32770","@timestamp":"2022-09-15T05:14:38.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:54 honeypot-ams-1 sshd[27006]: Invalid user user from 45.61.186.169 port 56044","@timestamp":"2022-09-15T05:14:54.705Z"}
{"@timestamp":"2022-09-15T05:15:45.652Z","@version":"1","message":"Sep 15 05:15:44 honeypot-sgp-1 sshd[15257]: Invalid user zf from 103.188.176.251 port 32884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:16:31 honeypot-ams-1 sshd[27008]: Disconnected from authenticating user root 92.255.85.69 port 53350 [preauth]","@timestamp":"2022-09-15T05:16:32.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:17:01 honeypot-fra-1 CRON[11123]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T05:17:01.823Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:27:07 honeypot-ams-1 sshd[27019]: Disconnected from authenticating user root 58.144.251.23 port 43552 [preauth]","@timestamp":"2022-09-15T05:27:08.014Z"}
{"@timestamp":"2022-09-15T05:31:00.039Z","@version":"1","message":"Sep 15 05:30:59 honeypot-sgp-1 kernel: [84095967.057208] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=8666 PROTO=TCP SPT=59802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:34:02 honeypot-fra-1 sshd[11130]: Connection closed by invalid user user 179.60.147.69 port 46260 [preauth]","@timestamp":"2022-09-15T05:34:03.227Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:35:40.171Z","@version":"1","message":"Sep 15 05:35:40 honeypot-sgp-1 kernel: [84096247.705179] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=47.242.107.32 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3111 PROTO=TCP SPT=40096 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:36:16 honeypot-ams-1 sshd[27024]: Connection closed by invalid user user 179.60.147.69 port 59084 [preauth]","@timestamp":"2022-09-15T05:36:16.245Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:40:56 honeypot-ams-1 kernel: [84097038.519493] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.99.135.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=23124 PROTO=TCP SPT=59284 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:40:56.364Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:47:44 honeypot-fra-1 kernel: [84095282.938646] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40293 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:47:45.542Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T05:50:59.542Z","@version":"1","message":"Sep 15 05:50:59 honeypot-sgp-1 sshd[15272]: Received disconnect from 45.61.186.49 port 58488:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:09.548Z","@version":"1","message":"Sep 15 05:51:08 honeypot-sgp-1 sshd[15276]: Received disconnect from 45.61.186.49 port 41858:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:54:20 honeypot-fra-1 kernel: [84095678.978197] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=38.146.70.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24175 PROTO=TCP SPT=54058 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:54:21.693Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T05:56:36.682Z","@version":"1","message":"Sep 15 05:56:35 honeypot-sgp-1 sshd[15281]: Received disconnect from 5.188.36.164 port 57716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:56:38 honeypot-ams-1 sshd[27034]: Disconnected from invalid user monitor 45.128.209.111 port 51376 [preauth]","@timestamp":"2022-09-15T05:56:38.756Z"}
{"@timestamp":"2022-09-15T05:57:57.716Z","@version":"1","message":"Sep 15 05:57:56 honeypot-sgp-1 sshd[15286]: Disconnected from authenticating user root 92.255.85.70 port 24368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:01:05 honeypot-ams-1 kernel: [84098248.027812] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6892 PROTO=TCP SPT=41603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:01:05.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:05:57 honeypot-fra-1 sshd[11145]: Received disconnect from 45.61.184.204 port 38704:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:05:57.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:18 honeypot-fra-1 sshd[11149]: Received disconnect from 45.61.184.204 port 34312:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:06:18.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:38 honeypot-fra-1 sshd[11153]: Invalid user user from 45.61.184.204 port 58144","@timestamp":"2022-09-15T06:06:38.971Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:56 honeypot-fra-1 sshd[11157]: Invalid user user from 45.61.184.204 port 53754","@timestamp":"2022-09-15T06:06:56.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:09:21.998Z","@version":"1","message":"Sep 15 06:09:21 honeypot-sgp-1 sshd[20997]: Connection closed by invalid user admin 179.60.147.69 port 19808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27049]: Invalid user web from 52.237.82.21 port 48826","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27065]: Invalid user ubuntu from 52.237.82.21 port 48836","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27052]: Invalid user testuser from 52.237.82.21 port 48840","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27070]: Invalid user admin from 52.237.82.21 port 48804","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27049]: Connection closed by invalid user web 52.237.82.21 port 48826 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27059]: Connection closed by authenticating user root 52.237.82.21 port 48788 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27062]: Connection closed by invalid user momo 52.237.82.21 port 48792 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27058]: Connection closed by invalid user ubuntu 52.237.82.21 port 48768 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:15:15 honeypot-fra-1 kernel: [84096933.512341] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=55041 PROTO=TCP SPT=42359 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:15:16.186Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:17:01 honeypot-ams-1 CRON[27101]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T06:17:02.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:18:27 honeypot-fra-1 kernel: [84097125.067201] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=47010 PROTO=TCP SPT=32428 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:18:27.260Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:20:24 honeypot-fra-1 sshd[11171]: Received disconnect from 193.142.146.50 port 52400:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:20:25.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:06 honeypot-fra-1 sshd[11177]: Received disconnect from 193.142.146.50 port 42878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:22:07.353Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:47 honeypot-fra-1 sshd[11183]: Received disconnect from 193.142.146.50 port 42796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:22:48.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:22:47.333Z","@version":"1","message":"Sep 15 06:22:46 honeypot-sgp-1 sshd[21007]: Received disconnect from 92.255.85.69 port 20206:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:23:58 honeypot-fra-1 sshd[11187]: Disconnected from authenticating user root 193.142.146.50 port 52152 [preauth]","@timestamp":"2022-09-15T06:23:59.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:24:26 honeypot-fra-1 sshd[11191]: Disconnected from invalid user admin 193.142.146.50 port 33276 [preauth]","@timestamp":"2022-09-15T06:24:26.414Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:25:15 honeypot-ams-1 kernel: [84099698.315994] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=38275 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:25:16.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:25:39 honeypot-fra-1 sshd[11331]: Disconnected from authenticating user root 92.255.85.69 port 24548 [preauth]","@timestamp":"2022-09-15T06:25:40.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:11 honeypot-ams-1 sshd[27274]: Received disconnect from 45.61.187.160 port 36030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:26:11.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:30 honeypot-ams-1 sshd[27278]: Received disconnect from 45.61.187.160 port 59220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:26:30.555Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:47 honeypot-ams-1 sshd[27282]: Received disconnect from 45.61.187.160 port 54176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:26:47.564Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:26:56 honeypot-fra-1 sshd[11336]: Received disconnect from 193.70.21.56 port 58596:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:26:56.481Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:27:38 honeypot-ams-1 kernel: [84099841.007976] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.37.210.120 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=3575 PROTO=TCP SPT=6959 DPT=443 WINDOW=58312 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:27:39.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:29:57 honeypot-ams-1 sshd[27291]: Received disconnect from 186.215.70.14 port 55251:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:29:57.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:36:36 honeypot-ams-1 sshd[27294]: Invalid user admin from 165.22.55.238 port 59538","@timestamp":"2022-09-15T06:36:37.827Z"}
{"@timestamp":"2022-09-15T06:37:21.696Z","@version":"1","message":"Sep 15 06:37:21 honeypot-sgp-1 kernel: [84099948.914021] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=23796 PROTO=TCP SPT=41459 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:41:57 honeypot-ams-1 sshd[27297]: Connection closed by invalid user tomcat 193.106.191.157 port 39818 [preauth]","@timestamp":"2022-09-15T06:41:57.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:43:30 honeypot-fra-1 sshd[17475]: Invalid user larin from 165.22.45.108 port 40276","@timestamp":"2022-09-15T06:43:30.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:46:23 honeypot-fra-1 sshd[17477]: Disconnected from invalid user o 161.82.233.183 port 41264 [preauth]","@timestamp":"2022-09-15T06:46:23.938Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:46:27.926Z","@version":"1","message":"Sep 15 06:46:27 honeypot-sgp-1 sshd[21161]: Received disconnect from 92.255.85.70 port 37256:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:50:30 honeypot-fra-1 kernel: [84099048.231369] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.86.113.103 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=219 ID=54321 PROTO=TCP SPT=36763 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:50:31.036Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:54:05 honeypot-ams-1 kernel: [84101427.400654] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46647 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:54:05.277Z"}
{"@timestamp":"2022-09-15T06:57:21.204Z","@version":"1","message":"Sep 15 06:57:20 honeypot-sgp-1 sshd[21167]: Received disconnect from 157.245.122.58 port 60020:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T06:59:16.256Z","@version":"1","message":"Sep 15 06:59:15 honeypot-sgp-1 sshd[21171]: Invalid user tenancy from 157.245.122.58 port 58872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:01:12.309Z","@version":"1","message":"Sep 15 07:01:12 honeypot-sgp-1 sshd[21175]: Invalid user jonitwiso from 157.245.122.58 port 57720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:01:32 honeypot-ams-1 sshd[27406]: Connection closed by invalid user tomcat 193.106.191.157 port 53332 [preauth]","@timestamp":"2022-09-15T07:01:33.473Z"}
{"@timestamp":"2022-09-15T07:02:09.336Z","@version":"1","message":"Sep 15 07:02:09 honeypot-sgp-1 sshd[21178]: Disconnected from invalid user jonitiso 157.245.122.58 port 43048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:33 honeypot-fra-1 sshd[17490]: Did not receive identification string from 103.125.189.140 port 60823","@timestamp":"2022-09-15T07:04:34.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:43 honeypot-fra-1 sshd[17495]: Invalid user admin from 103.125.189.140 port 62052","@timestamp":"2022-09-15T07:04:44.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:53 honeypot-fra-1 sshd[17499]: Invalid user admin from 103.125.189.140 port 63640","@timestamp":"2022-09-15T07:04:54.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:00 honeypot-fra-1 sshd[17503]: Invalid user support from 103.125.189.140 port 64570","@timestamp":"2022-09-15T07:05:00.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:06 honeypot-fra-1 sshd[17507]: Invalid user username from 103.125.189.140 port 49374","@timestamp":"2022-09-15T07:05:07.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:13 honeypot-fra-1 sshd[17511]: Invalid user ftp from 103.125.189.140 port 50105","@timestamp":"2022-09-15T07:05:14.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:18 honeypot-fra-1 sshd[17515]: Invalid user super from 103.125.189.140 port 51332","@timestamp":"2022-09-15T07:05:18.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:26 honeypot-fra-1 sshd[17519]: error: Received disconnect from 103.125.189.140 port 52331:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:27.383Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:10:07.539Z","@version":"1","message":"Sep 15 07:10:07 honeypot-sgp-1 sshd[21186]: Received disconnect from 92.255.85.69 port 31760:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:11:37 honeypot-fra-1 sshd[17524]: Connection closed by invalid user tomcat 193.106.191.157 port 51346 [preauth]","@timestamp":"2022-09-15T07:11:38.523Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:12:24 honeypot-ams-1 sshd[27409]: Invalid user svk from 175.212.89.108 port 58318","@timestamp":"2022-09-15T07:12:24.760Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:14:57 honeypot-fra-1 kernel: [84100515.712202] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=190.185.115.253 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=745 DF PROTO=TCP SPT=41207 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:14:58.603Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:15:14 honeypot-ams-1 sshd[27415]: Received disconnect from 92.255.85.69 port 41666:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:15:14.838Z"}
{"@timestamp":"2022-09-15T07:17:38.752Z","@version":"1","message":"Sep 15 07:17:38 honeypot-sgp-1 sshd[21195]: Connection closed by invalid user  152.32.157.116 port 49774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:17:56 honeypot-ams-1 sshd[27421]: Invalid user zf from 103.188.176.251 port 35822","@timestamp":"2022-09-15T07:17:56.911Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:20:10 honeypot-ams-1 sshd[27427]: Received disconnect from 202.88.244.36 port 37367:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:20:10.972Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:22:12 honeypot-fra-1 sshd[17535]: Invalid user zf from 103.188.176.251 port 60444","@timestamp":"2022-09-15T07:22:13.769Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:24:27 honeypot-ams-1 sshd[27433]: Invalid user admin from 222.105.103.72 port 44224","@timestamp":"2022-09-15T07:24:28.085Z"}
{"@timestamp":"2022-09-15T07:30:59.086Z","@version":"1","message":"Sep 15 07:30:58 honeypot-sgp-1 sshd[21201]: Received disconnect from 51.254.101.166 port 60458:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:31:46.109Z","@version":"1","message":"Sep 15 07:31:45 honeypot-sgp-1 sshd[21205]: Invalid user quantip from 187.235.106.121 port 57760","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:32:36 honeypot-fra-1 sshd[17540]: Received disconnect from 43.128.106.101 port 44020:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:32:37.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:36:00.218Z","@version":"1","message":"Sep 15 07:35:59 honeypot-sgp-1 kernel: [84103466.866430] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34454 PROTO=TCP SPT=40184 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17547]: Invalid user zabbix from 101.43.159.25 port 41530","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17548]: Connection closed by invalid user dev 101.43.159.25 port 41526 [preauth]","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17568]: Connection closed by invalid user user 101.43.159.25 port 41562 [preauth]","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17555]: Invalid user admin from 101.43.159.25 port 41600","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17550]: Invalid user steam from 101.43.159.25 port 41560","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17557]: Connection closed by invalid user centos 101.43.159.25 port 41558 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17559]: Connection closed by invalid user admin 101.43.159.25 port 41520 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17566]: Invalid user admin from 101.43.159.25 port 41544","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:42 honeypot-fra-1 sshd[17592]: Connection closed by invalid user user 101.43.159.25 port 41580 [preauth]","@timestamp":"2022-09-15T07:36:43.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:37:08 honeypot-fra-1 sshd[17607]: Invalid user larry from 165.22.45.108 port 45340","@timestamp":"2022-09-15T07:37:08.125Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:37:17 honeypot-ams-1 kernel: [84104019.893166] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.42.128.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=62225 PROTO=TCP SPT=50507 DPT=443 WINDOW=36106 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:37:18.437Z"}
{"@timestamp":"2022-09-15T07:41:04.348Z","@version":"1","message":"Sep 15 07:41:03 honeypot-sgp-1 kernel: [84103770.895943] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=54.241.71.147 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=60628 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:41:56 honeypot-fra-1 kernel: [84102134.121768] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=54.241.71.147 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=48927 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:41:57.236Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:44:05 honeypot-ams-1 kernel: [84104428.119802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=50827 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:44:06.615Z"}
{"@timestamp":"2022-09-15T07:45:22.458Z","@version":"1","message":"Sep 15 07:45:21 honeypot-sgp-1 sshd[21218]: Disconnected from authenticating user root 179.43.156.143 port 49380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:46:21.487Z","@version":"1","message":"Sep 15 07:46:21 honeypot-sgp-1 sshd[21225]: Disconnected from authenticating user root 128.199.68.220 port 53326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:47:49.526Z","@version":"1","message":"Sep 15 07:47:49 honeypot-sgp-1 sshd[21231]: Received disconnect from 206.217.131.233 port 39004:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:48:51 honeypot-ams-1 kernel: [84104713.844926] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.105 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=14073 PROTO=TCP SPT=22262 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:48:51.741Z"}
{"@timestamp":"2022-09-15T07:48:58.559Z","@version":"1","message":"Sep 15 07:48:58 honeypot-sgp-1 sshd[21237]: Invalid user nutanix from 179.43.156.143 port 59222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:50:12.593Z","@version":"1","message":"Sep 15 07:50:12 honeypot-sgp-1 sshd[21241]: Invalid user nfsnobod from 179.43.156.143 port 53062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:50:26 honeypot-fra-1 kernel: [84102644.411680] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=45280 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:50:27.431Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:51:28.628Z","@version":"1","message":"Sep 15 07:51:27 honeypot-sgp-1 sshd[21246]: Disconnected from authenticating user root 179.43.156.143 port 46882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:52:27 honeypot-ams-1 sshd[27448]: Invalid user albertm from 104.131.185.48 port 36174","@timestamp":"2022-09-15T07:52:27.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:52:59 honeypot-ams-1 sshd[27452]: Received disconnect from 162.215.1.199 port 52930:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:53:00.854Z"}
{"@timestamp":"2022-09-15T07:53:21.677Z","@version":"1","message":"Sep 15 07:53:21 honeypot-sgp-1 sshd[21252]: Disconnected from authenticating user root 179.43.156.143 port 37728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:55:16 honeypot-ams-1 kernel: [84105098.984785] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.130 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=44674 PROTO=TCP SPT=41588 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:55:16.917Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:59:14 honeypot-fra-1 sshd[17616]: Disconnected from authenticating user root 92.255.85.69 port 22812 [preauth]","@timestamp":"2022-09-15T07:59:14.635Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:59:33.834Z","@version":"1","message":"Sep 15 07:59:33 honeypot-sgp-1 kernel: [84104881.019008] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=38.146.70.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11505 PROTO=TCP SPT=43259 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:02:37 honeypot-ams-1 sshd[27460]: Connection reset by 179.149.226.217 port 26080 [preauth]","@timestamp":"2022-09-15T08:02:38.109Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:06 honeypot-ams-1 sshd[27468]: Received disconnect from 45.61.186.169 port 60330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:08:07.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:24 honeypot-ams-1 sshd[27472]: Received disconnect from 45.61.186.169 port 55218:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:08:24.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:40 honeypot-ams-1 sshd[27476]: Received disconnect from 45.61.186.169 port 50110:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:08:40.274Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:56 honeypot-ams-1 sshd[27480]: Received disconnect from 45.61.186.169 port 44998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:08:56.282Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:12:45 honeypot-fra-1 sshd[17625]: Disconnected from authenticating user root 218.92.0.211 port 23016 [preauth]","@timestamp":"2022-09-15T08:12:45.963Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:14:29.205Z","@version":"1","message":"Sep 15 08:14:28 honeypot-sgp-1 kernel: [84105776.229269] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.12.89.184 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=13310 PROTO=TCP SPT=49520 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:18:15 honeypot-ams-1 sshd[27486]: Connection reset by 61.177.173.33 port 47674 [preauth]","@timestamp":"2022-09-15T08:18:15.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:19:20 honeypot-fra-1 sshd[17655]: Received disconnect from 88.169.87.158 port 43948:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:19:21.116Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:21:43.386Z","@version":"1","message":"Sep 15 08:21:42 honeypot-sgp-1 sshd[21287]: Disconnected from 49.88.112.60 port 34181 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:22:40 honeypot-fra-1 sshd[17660]: Received disconnect from 92.255.85.70 port 35878:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:22:40.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:24:41 honeypot-fra-1 sshd[17667]: Received disconnect from 40.70.0.187 port 46836:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:24:42.244Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:24:53 honeypot-ams-1 kernel: [84106875.920279] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.36.106.191 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15732 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:24:53.717Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:27:33 honeypot-fra-1 sshd[17669]: Disconnected from invalid user pz 162.241.114.75 port 36774 [preauth]","@timestamp":"2022-09-15T08:27:33.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:27:55.541Z","@version":"1","message":"Sep 15 08:27:54 honeypot-sgp-1 sshd[21292]: Received disconnect from 49.88.112.60 port 43421:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:28:40 honeypot-fra-1 sshd[17673]: Disconnected from invalid user sebastian 221.0.94.20 port 35610 [preauth]","@timestamp":"2022-09-15T08:28:41.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:29:51 honeypot-ams-1 kernel: [84107173.612429] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.122.108.112 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=35588 PROTO=TCP SPT=27841 DPT=80 WINDOW=61009 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:29:51.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:30:47 honeypot-fra-1 sshd[17678]: Received disconnect from 165.22.45.108 port 50416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:30:48.391Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:32:09.646Z","@version":"1","message":"Sep 15 08:32:08 honeypot-sgp-1 sshd[21301]: Disconnected from invalid user esteban 51.250.5.16 port 35208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:38:55 honeypot-ams-1 kernel: [84107717.389669] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.211.215.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9140 PROTO=TCP SPT=41571 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:38:55.088Z"}
{"@timestamp":"2022-09-15T08:39:10.821Z","@version":"1","message":"Sep 15 08:39:10 honeypot-sgp-1 kernel: [84107258.163444] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=33572 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:42:53 honeypot-fra-1 sshd[17683]: Invalid user admin from 179.60.147.69 port 8144","@timestamp":"2022-09-15T08:42:54.671Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:42:56.917Z","@version":"1","message":"Sep 15 08:42:56 honeypot-sgp-1 sshd[21317]: Received disconnect from 49.88.112.60 port 22357:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T08:43:51.944Z","@version":"1","message":"Sep 15 08:43:51 honeypot-sgp-1 sshd[21321]: Disconnected from authenticating user root 49.88.112.60 port 26128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:45:45 honeypot-ams-1 kernel: [84108128.151097] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.80.76.212 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=12918 PROTO=TCP SPT=51515 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:45:46.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:58 honeypot-ams-1 sshd[27535]: Disconnected from invalid user user 141.255.162.226 port 60868 [preauth]","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:59 honeypot-ams-1 sshd[27539]: Disconnected from invalid user user 141.255.162.226 port 47722 [preauth]","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:02 honeypot-ams-1 sshd[27543]: Disconnected from invalid user user 141.255.162.226 port 34606 [preauth]","@timestamp":"2022-09-15T08:46:03.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:26 honeypot-ams-1 sshd[27547]: Disconnected from 61.177.173.33 port 37108 [preauth]","@timestamp":"2022-09-15T08:46:27.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17690]: Did not receive identification string from 172.104.240.40 port 43692","@timestamp":"2022-09-15T08:48:35.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17710]: Invalid user postgres from 172.104.240.40 port 43948","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17696]: Invalid user guest from 172.104.240.40 port 43796","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17693]: Connection closed by invalid user git 172.104.240.40 port 43720 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17705]: Invalid user devops from 172.104.240.40 port 43860","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17695]: Invalid user user from 172.104.240.40 port 43766","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17702]: Connection closed by invalid user steam 172.104.240.40 port 43836 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17709]: Connection closed by invalid user admin 172.104.240.40 port 43958 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17722]: Invalid user chia from 172.104.240.40 port 44028","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17723]: Connection closed by invalid user postgres 172.104.240.40 port 44036 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:50:18 honeypot-ams-1 kernel: [84108400.854223] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.104.179.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=2789 PROTO=TCP SPT=56203 DPT=80 WINDOW=10818 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:50:19.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:54:48 honeypot-fra-1 kernel: [84106506.321170] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.227.100.147 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=39315 PROTO=TCP SPT=20000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:54:48.946Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:59:18 honeypot-ams-1 kernel: [84108941.250756] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=40758 PROTO=TCP SPT=37401 DPT=80 WINDOW=21984 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:59:19.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:04:07 honeypot-ams-1 sshd[27570]: Invalid user admin2 from 119.180.97.100 port 35137","@timestamp":"2022-09-15T09:04:08.768Z"}
{"@timestamp":"2022-09-15T09:04:13.444Z","@version":"1","message":"Sep 15 09:04:13 honeypot-sgp-1 sshd[21325]: Invalid user friends from 115.92.154.46 port 17050","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:21 honeypot-fra-1 sshd[17760]: Invalid user user from 141.255.162.226 port 40094","@timestamp":"2022-09-15T09:04:22.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:22 honeypot-fra-1 sshd[17764]: Invalid user user from 141.255.162.226 port 55392","@timestamp":"2022-09-15T09:04:23.176Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:28 honeypot-fra-1 sshd[17768]: Invalid user user from 141.255.162.226 port 34814","@timestamp":"2022-09-15T09:04:28.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:30 honeypot-fra-1 sshd[17772]: Invalid user user from 141.255.162.226 port 57784","@timestamp":"2022-09-15T09:04:31.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:05:28 honeypot-ams-1 sshd[27572]: Invalid user odhagent from 181.129.14.218 port 63267","@timestamp":"2022-09-15T09:05:28.807Z"}
{"@timestamp":"2022-09-15T09:07:09.520Z","@version":"1","message":"Sep 15 09:07:09 honeypot-sgp-1 sshd[21330]: Invalid user user from 45.61.184.204 port 60216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:29.530Z","@version":"1","message":"Sep 15 09:07:29 honeypot-sgp-1 sshd[21334]: Invalid user user from 45.61.184.204 port 56048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:50.542Z","@version":"1","message":"Sep 15 09:07:50 honeypot-sgp-1 sshd[21339]: Invalid user user from 45.61.184.204 port 51868","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:08:09.551Z","@version":"1","message":"Sep 15 09:08:08 honeypot-sgp-1 sshd[21343]: Invalid user user from 45.61.184.204 port 47688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:08:53 honeypot-ams-1 sshd[27577]: Did not receive identification string from 104.218.164.12 port 16120","@timestamp":"2022-09-15T09:08:53.898Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:11:22 honeypot-fra-1 kernel: [84107500.049878] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=34065 PROTO=TCP SPT=52404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:11:23.337Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:12:01 honeypot-ams-1 sshd[27584]: Received disconnect from 92.255.85.69 port 51826:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:12:01.985Z"}
{"@timestamp":"2022-09-15T09:17:01.769Z","@version":"1","message":"Sep 15 09:17:01 honeypot-sgp-1 CRON[21348]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:17:01 honeypot-ams-1 CRON[27594]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T09:17:02.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:36 honeypot-ams-1 sshd[27602]: Received disconnect from 141.255.162.226 port 48450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:19:37.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:40 honeypot-ams-1 sshd[27606]: Received disconnect from 141.255.162.226 port 42200:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:19:40.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:41 honeypot-ams-1 sshd[27611]: Received disconnect from 141.255.162.226 port 49526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:19:42.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:21:42 honeypot-ams-1 sshd[27616]: Connection closed by invalid user ubnt 179.60.147.69 port 28716 [preauth]","@timestamp":"2022-09-15T09:21:43.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:23:36 honeypot-fra-1 sshd[17787]: Invalid user laura from 165.22.45.108 port 55476","@timestamp":"2022-09-15T09:23:36.616Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T09:30:03.084Z","@version":"1","message":"Sep 15 09:30:03 honeypot-sgp-1 sshd[21355]: Disconnected from invalid user dzhu 111.202.249.76 port 2613 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:31:53 honeypot-ams-1 sshd[27622]: Disconnected from 61.177.173.33 port 53587 [preauth]","@timestamp":"2022-09-15T09:31:54.527Z"}
{"@timestamp":"2022-09-15T09:32:20.143Z","@version":"1","message":"Sep 15 09:32:20 honeypot-sgp-1 sshd[21361]: Invalid user tss from 154.214.4.199 port 48528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:33:29.174Z","@version":"1","message":"Sep 15 09:33:28 honeypot-sgp-1 sshd[21365]: Disconnected from authenticating user root 178.128.19.209 port 60812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:34:19 honeypot-ams-1 sshd[27628]: Disconnected from 61.177.173.33 port 11593 [preauth]","@timestamp":"2022-09-15T09:34:19.596Z"}
{"@timestamp":"2022-09-15T09:34:27.201Z","@version":"1","message":"Sep 15 09:34:26 honeypot-sgp-1 sshd[21369]: Received disconnect from 182.73.123.118 port 16008:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:41:15.367Z","@version":"1","message":"Sep 15 09:41:14 honeypot-sgp-1 sshd[21375]: Did not receive identification string from 179.43.156.143 port 34256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:43:03 honeypot-fra-1 sshd[17795]: Invalid user tomcat from 193.106.191.157 port 36040","@timestamp":"2022-09-15T09:43:04.043Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:43:04 honeypot-ams-1 sshd[27633]: Invalid user ubuntu from 82.196.5.251 port 47294","@timestamp":"2022-09-15T09:43:04.820Z"}
{"@timestamp":"2022-09-15T09:43:05.414Z","@version":"1","message":"Sep 15 09:43:05 honeypot-sgp-1 sshd[21380]: Disconnected from authenticating user root 179.43.156.143 port 57674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:44:14.445Z","@version":"1","message":"Sep 15 09:44:14 honeypot-sgp-1 sshd[21386]: Received disconnect from 179.43.156.143 port 50024:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:45:24.475Z","@version":"1","message":"Sep 15 09:45:24 honeypot-sgp-1 sshd[21390]: Disconnected from invalid user nutanix 179.43.156.143 port 42402 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:45:25 honeypot-ams-1 sshd[27638]: Connection reset by 61.177.173.33 port 53427 [preauth]","@timestamp":"2022-09-15T09:45:25.884Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:45:25 honeypot-fra-1 sshd[17798]: Invalid user  from 64.62.197.92 port 9310","@timestamp":"2022-09-15T09:45:26.119Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T09:46:00.492Z","@version":"1","message":"Sep 15 09:45:59 honeypot-sgp-1 sshd[21394]: Disconnected from invalid user ossuser 179.43.156.143 port 38560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:47:43.536Z","@version":"1","message":"Sep 15 09:47:43 honeypot-sgp-1 sshd[21401]: Received disconnect from 179.43.156.143 port 55352:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:47:42 honeypot-ams-1 sshd[27645]: Invalid user nvidia from 103.188.176.251 port 48884","@timestamp":"2022-09-15T09:47:43.945Z"}
{"@timestamp":"2022-09-15T09:48:58.570Z","@version":"1","message":"Sep 15 09:48:57 honeypot-sgp-1 sshd[21407]: Received disconnect from 179.43.156.143 port 47684:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:52:05.647Z","@version":"1","message":"Sep 15 09:52:05 honeypot-sgp-1 sshd[21414]: Received disconnect from 47.254.179.224 port 33808:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:54:35.710Z","@version":"1","message":"Sep 15 09:54:35 honeypot-sgp-1 sshd[21418]: Connection closed by invalid user support 179.60.147.69 port 1578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:55:42 honeypot-fra-1 sshd[17805]: Connection closed by invalid user support 179.60.147.69 port 53290 [preauth]","@timestamp":"2022-09-15T09:55:43.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:00:06 honeypot-ams-1 kernel: [84112589.034278] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.65.232.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=54321 PROTO=TCP SPT=60724 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:00:07.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:06:25 honeypot-fra-1 kernel: [84110802.614354] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=60183 DF PROTO=TCP SPT=49815 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:06:25.601Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:06:58 honeypot-ams-1 sshd[27674]: Received disconnect from 210.106.108.250 port 38344:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:06:59.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:08:19 honeypot-fra-1 kernel: [84110917.226327] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=60188 DF PROTO=TCP SPT=52357 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:08:20.652Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:08:27.047Z","@version":"1","message":"Sep 15 10:08:26 honeypot-sgp-1 sshd[21427]: Invalid user pmd from 103.138.10.78 port 57194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:10:08 honeypot-ams-1 kernel: [84113190.614664] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.12 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50838 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:10:08.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:13:45 honeypot-ams-1 sshd[27689]: Disconnected from authenticating user root 179.43.156.143 port 55366 [preauth]","@timestamp":"2022-09-15T10:13:46.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:14:25 honeypot-fra-1 sshd[17813]: Disconnected from invalid user ecomode 202.170.60.201 port 52718 [preauth]","@timestamp":"2022-09-15T10:14:25.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:15:05 honeypot-ams-1 sshd[27694]: Connection reset by 61.177.173.33 port 27973 [preauth]","@timestamp":"2022-09-15T10:15:05.654Z"}
{"@timestamp":"2022-09-15T10:15:08.210Z","@version":"1","message":"Sep 15 10:15:08 honeypot-sgp-1 sshd[21430]: Connection closed by invalid user pengfan 103.188.176.251 port 48464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:16:13 honeypot-ams-1 sshd[27702]: Did not receive identification string from 115.182.232.8 port 52370","@timestamp":"2022-09-15T10:16:13.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:01 honeypot-ams-1 CRON[27706]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T10:17:02.712Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:17:01 honeypot-fra-1 CRON[17818]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T10:17:02.852Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:16 honeypot-ams-1 sshd[27713]: Invalid user ossuser from 179.43.156.143 port 36470","@timestamp":"2022-09-15T10:17:16.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:18:26 honeypot-ams-1 sshd[27719]: Received disconnect from 179.43.156.143 port 58378:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:18:26.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:20:11 honeypot-ams-1 sshd[27726]: Received disconnect from 179.43.156.143 port 48932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:20:11.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:21:44 honeypot-ams-1 sshd[27732]: Received disconnect from 61.177.173.33 port 46273:11:  [preauth]","@timestamp":"2022-09-15T10:21:45.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:23:21 honeypot-ams-1 sshd[27739]: Disconnected from authenticating user root 118.27.27.133 port 44346 [preauth]","@timestamp":"2022-09-15T10:23:21.892Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:25:23 honeypot-ams-1 sshd[27746]: Disconnected from invalid user majordomo 124.160.96.249 port 63612 [preauth]","@timestamp":"2022-09-15T10:25:23.947Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:27:18 honeypot-fra-1 sshd[17825]: Received disconnect from 161.132.180.117 port 2461:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:27:19.087Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T10:30:52.586Z","@version":"1","message":"Sep 15 10:30:51 honeypot-sgp-1 sshd[21437]: Connection closed by invalid user blank 179.60.147.69 port 45270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:31:00 honeypot-ams-1 sshd[27754]: Disconnected from authenticating user root 61.177.173.33 port 59259 [preauth]","@timestamp":"2022-09-15T10:31:01.095Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:31:57 honeypot-fra-1 sshd[17827]: Invalid user blank from 179.60.147.69 port 37742","@timestamp":"2022-09-15T10:31:58.197Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:34:09 honeypot-ams-1 sshd[27760]: Invalid user blank from 179.60.147.69 port 65176","@timestamp":"2022-09-15T10:34:09.178Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:35:52 honeypot-fra-1 kernel: [84112570.100762] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=13301 DF PROTO=TCP SPT=64421 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:35:53.288Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:38:28 honeypot-ams-1 kernel: [84114891.203639] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39235 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:38:29.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:40:08 honeypot-ams-1 sshd[27774]: Invalid user sync1 from 43.224.110.21 port 36948","@timestamp":"2022-09-15T10:40:09.337Z"}
{"@timestamp":"2022-09-15T10:41:41.847Z","@version":"1","message":"Sep 15 10:41:41 honeypot-sgp-1 kernel: [84114608.638700] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.156 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=26456 PROTO=TCP SPT=40098 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:31.918Z","@version":"1","message":"Sep 15 10:44:31 honeypot-sgp-1 sshd[21446]: Received disconnect from 198.98.61.9 port 35586:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:49.927Z","@version":"1","message":"Sep 15 10:44:48 honeypot-sgp-1 sshd[21450]: Received disconnect from 198.98.61.9 port 58908:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:45:05.935Z","@version":"1","message":"Sep 15 10:45:05 honeypot-sgp-1 sshd[21454]: Received disconnect from 198.98.61.9 port 54006:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:46:01 honeypot-ams-1 sshd[27779]: Disconnected from authenticating user root 61.177.173.51 port 47439 [preauth]","@timestamp":"2022-09-15T10:46:01.486Z"}
{"@timestamp":"2022-09-15T10:51:29.090Z","@version":"1","message":"Sep 15 10:51:28 honeypot-sgp-1 kernel: [84115196.349032] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.149.192.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=49861 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:20 honeypot-ams-1 sshd[27787]: Received disconnect from 141.255.162.226 port 44970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:52:21.650Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:23 honeypot-ams-1 sshd[27791]: Received disconnect from 141.255.162.226 port 59582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:52:23.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:27 honeypot-ams-1 sshd[27795]: Received disconnect from 141.255.162.226 port 37674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:52:27.654Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:56:47 honeypot-ams-1 kernel: [84115989.838224] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37128 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:56:47.769Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:59:56 honeypot-fra-1 kernel: [84114014.282429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=20915 PROTO=TCP SPT=47472 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:59:57.830Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:05:01 honeypot-ams-1 sshd[27813]: Received disconnect from 61.177.173.36 port 32239:11:  [preauth]","@timestamp":"2022-09-15T11:05:01.990Z"}
{"@timestamp":"2022-09-15T11:06:31.448Z","@version":"1","message":"Sep 15 11:06:30 honeypot-sgp-1 kernel: [84116098.170168] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4246 PROTO=TCP SPT=11678 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:10:03 honeypot-fra-1 sshd[17837]: Received disconnect from 165.22.45.108 port 37370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:10:04.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:10:49 honeypot-ams-1 sshd[27818]: Connection closed by invalid user test 179.60.147.69 port 17074 [preauth]","@timestamp":"2022-09-15T11:10:50.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:17:01 honeypot-ams-1 CRON[27827]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T11:17:02.305Z"}
{"@timestamp":"2022-09-15T11:17:01.700Z","@version":"1","message":"Sep 15 11:17:01 honeypot-sgp-1 CRON[21468]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:19:26 honeypot-fra-1 sshd[17843]: Received disconnect from 43.132.254.141 port 47766:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:19:26.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:23:22 honeypot-ams-1 kernel: [84117584.861577] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51242 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:23:23.471Z"}
{"@timestamp":"2022-09-15T11:28:04.972Z","@version":"1","message":"Sep 15 11:28:04 honeypot-sgp-1 sshd[21474]: Received disconnect from 43.245.185.66 port 47338:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:31:10 honeypot-fra-1 sshd[17849]: Invalid user pi from 73.100.162.94 port 56200","@timestamp":"2022-09-15T11:31:11.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:34:41 honeypot-ams-1 kernel: [84118263.877400] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.244 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59548 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:34:41.760Z"}
{"@timestamp":"2022-09-15T11:34:46.142Z","@version":"1","message":"Sep 15 11:34:45 honeypot-sgp-1 sshd[21480]: Invalid user amavis from 210.97.86.61 port 42294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:36:25.184Z","@version":"1","message":"Sep 15 11:36:24 honeypot-sgp-1 sshd[21485]: Received disconnect from 128.199.80.233 port 52278:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:37:44.218Z","@version":"1","message":"Sep 15 11:37:43 honeypot-sgp-1 sshd[21489]: Disconnected from authenticating user root 122.155.0.205 port 43672 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:37:55 honeypot-fra-1 sshd[17854]: Invalid user plex from 141.98.10.158 port 41204","@timestamp":"2022-09-15T11:37:55.719Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:39:44 honeypot-ams-1 sshd[27848]: Received disconnect from 143.244.190.237 port 54492:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:39:44.895Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:40:14 honeypot-fra-1 sshd[17858]: Connection closed by invalid user tomcat 193.106.191.157 port 46724 [preauth]","@timestamp":"2022-09-15T11:40:14.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:41:40 honeypot-fra-1 sshd[17862]: Invalid user admin from 178.176.225.151 port 33690","@timestamp":"2022-09-15T11:41:40.808Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:14 honeypot-ams-1 sshd[27853]: Disconnected from authenticating user root 61.177.173.46 port 18636 [preauth]","@timestamp":"2022-09-15T11:43:15.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:32 honeypot-ams-1 sshd[27857]: Disconnected from invalid user test 80.76.51.45 port 47346 [preauth]","@timestamp":"2022-09-15T11:43:33.014Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:44:23 honeypot-ams-1 sshd[27863]: Disconnected from authenticating user root 80.76.51.45 port 43868 [preauth]","@timestamp":"2022-09-15T11:44:24.039Z"}
{"@timestamp":"2022-09-15T11:44:47.394Z","@version":"1","message":"Sep 15 11:44:47 honeypot-sgp-1 kernel: [84118394.443744] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57563 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:45:13 honeypot-ams-1 sshd[27872]: Disconnected from authenticating user root 80.76.51.45 port 40456 [preauth]","@timestamp":"2022-09-15T11:45:14.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:45:59 honeypot-ams-1 sshd[27878]: Received disconnect from 61.177.173.36 port 55865:11:  [preauth]","@timestamp":"2022-09-15T11:46:00.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:46:19 honeypot-ams-1 sshd[27882]: Received disconnect from 80.76.51.45 port 54660:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:46:20.100Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:48:38 honeypot-fra-1 sshd[17867]: Invalid user guest from 179.60.147.69 port 15806","@timestamp":"2022-09-15T11:48:38.968Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:52:48 honeypot-fra-1 sshd[17872]: Received disconnect from 142.93.101.157 port 47930:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:52:49.064Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:56:02 honeypot-ams-1 sshd[27892]: Invalid user tomcat from 193.106.191.157 port 42644","@timestamp":"2022-09-15T11:56:02.349Z"}
{"@timestamp":"2022-09-15T11:57:11.694Z","@version":"1","message":"Sep 15 11:57:11 honeypot-sgp-1 kernel: [84119138.290632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=144.126.130.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20224 PROTO=TCP SPT=42943 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:00:19 honeypot-fra-1 kernel: [84117636.672385] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55132 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:00:20.236Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:00:39.783Z","@version":"1","message":"Sep 15 12:00:38 honeypot-sgp-1 sshd[21503]: Received disconnect from 193.142.146.50 port 43924:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:17.825Z","@version":"1","message":"Sep 15 12:02:17 honeypot-sgp-1 sshd[21510]: Did not receive identification string from 45.61.186.49 port 45842","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:37.835Z","@version":"1","message":"Sep 15 12:02:36 honeypot-sgp-1 sshd[21515]: Received disconnect from 193.142.146.50 port 52426:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:46.840Z","@version":"1","message":"Sep 15 12:02:46 honeypot-sgp-1 sshd[21519]: Received disconnect from 45.61.186.49 port 60710:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:03:04.849Z","@version":"1","message":"Sep 15 12:03:04 honeypot-sgp-1 sshd[21523]: Disconnected from authenticating user root 193.142.146.50 port 42832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:19.883Z","@version":"1","message":"Sep 15 12:04:19 honeypot-sgp-1 sshd[21529]: Received disconnect from 193.142.146.50 port 42288:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:05:22 honeypot-fra-1 sshd[17880]: Received disconnect from 101.255.65.138 port 39088:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:05:23.354Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:08:26.984Z","@version":"1","message":"Sep 15 12:08:26 honeypot-sgp-1 sshd[21535]: Received disconnect from 134.209.106.124 port 60792:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:10:58.049Z","@version":"1","message":"Sep 15 12:10:57 honeypot-sgp-1 sshd[21540]: Invalid user user from 45.61.184.204 port 55902","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:11:02 honeypot-ams-1 sshd[27905]: Received disconnect from 61.177.173.46 port 53155:11:  [preauth]","@timestamp":"2022-09-15T12:11:02.744Z"}
{"@timestamp":"2022-09-15T12:11:18.060Z","@version":"1","message":"Sep 15 12:11:17 honeypot-sgp-1 sshd[21544]: Invalid user user from 45.61.184.204 port 50708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:37.069Z","@version":"1","message":"Sep 15 12:11:36 honeypot-sgp-1 sshd[21549]: Invalid user user from 45.61.184.204 port 45504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:54.078Z","@version":"1","message":"Sep 15 12:11:53 honeypot-sgp-1 sshd[21553]: Invalid user user from 45.61.184.204 port 40310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:12:45 honeypot-fra-1 sshd[17885]: Invalid user admin from 128.199.160.207 port 54912","@timestamp":"2022-09-15T12:12:46.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:12:48 honeypot-fra-1 sshd[17891]: Invalid user admin from 128.199.160.207 port 54940","@timestamp":"2022-09-15T12:12:49.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:01 honeypot-fra-1 sshd[17894]: Disconnected from invalid user user 45.61.187.160 port 59388 [preauth]","@timestamp":"2022-09-15T12:15:02.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:21 honeypot-fra-1 sshd[17898]: Disconnected from invalid user user 45.61.187.160 port 53846 [preauth]","@timestamp":"2022-09-15T12:15:22.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:40 honeypot-fra-1 sshd[17902]: Disconnected from invalid user user 45.61.187.160 port 48302 [preauth]","@timestamp":"2022-09-15T12:15:40.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:57 honeypot-fra-1 sshd[17908]: Invalid user user from 45.61.187.160 port 42780","@timestamp":"2022-09-15T12:15:57.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:17:01 honeypot-ams-1 CRON[27912]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T12:17:01.898Z"}
{"@timestamp":"2022-09-15T12:17:02.205Z","@version":"1","message":"Sep 15 12:17:01 honeypot-sgp-1 CRON[21558]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:17:02 honeypot-fra-1 CRON[17913]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T12:17:02.654Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:30 honeypot-ams-1 sshd[27918]: Disconnected from invalid user user 45.61.186.249 port 55184 [preauth]","@timestamp":"2022-09-15T12:18:30.938Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:50 honeypot-ams-1 sshd[27922]: Disconnected from invalid user user 45.61.186.249 port 49518 [preauth]","@timestamp":"2022-09-15T12:18:50.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:08 honeypot-ams-1 sshd[27926]: Disconnected from invalid user user 45.61.186.249 port 43854 [preauth]","@timestamp":"2022-09-15T12:19:08.977Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:25 honeypot-ams-1 sshd[27930]: Disconnected from invalid user user 45.61.186.249 port 38192 [preauth]","@timestamp":"2022-09-15T12:19:25.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:20:40 honeypot-ams-1 sshd[27936]: Received disconnect from 61.177.173.39 port 14189:11:  [preauth]","@timestamp":"2022-09-15T12:20:41.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:23:37 honeypot-fra-1 sshd[17919]: Received disconnect from 42.119.111.155 port 50910:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:23:37.826Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:25:29.408Z","@version":"1","message":"Sep 15 12:25:29 honeypot-sgp-1 sshd[21565]: Connection closed by invalid user admin 178.128.125.205 port 48440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:25:35 honeypot-fra-1 sshd[17923]: Invalid user tomcat from 193.106.191.157 port 48890","@timestamp":"2022-09-15T12:25:35.875Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:26:44.440Z","@version":"1","message":"Sep 15 12:26:43 honeypot-sgp-1 sshd[21571]: Received disconnect from 92.255.85.70 port 55624:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 12:27:35 honeypot-ams-1 kernel: [84121437.847450] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.137.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25128 PROTO=TCP SPT=20691 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:27:36.203Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:27:53 honeypot-fra-1 sshd[17927]: Invalid user ubnt from 179.60.147.69 port 31958","@timestamp":"2022-09-15T12:27:53.930Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:28:30.486Z","@version":"1","message":"Sep 15 12:28:30 honeypot-sgp-1 sshd[21578]: Received disconnect from 109.42.178.255 port 31532:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:33.487Z","@version":"1","message":"Sep 15 12:28:33 honeypot-sgp-1 sshd[21582]: Disconnected from authenticating user root 109.42.178.255 port 15068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:38.490Z","@version":"1","message":"Sep 15 12:28:37 honeypot-sgp-1 sshd[21588]: Disconnected from authenticating user root 109.42.178.255 port 16243 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:42.492Z","@version":"1","message":"Sep 15 12:28:42 honeypot-sgp-1 sshd[21594]: Disconnected from authenticating user root 109.42.178.255 port 8603 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:46.495Z","@version":"1","message":"Sep 15 12:28:46 honeypot-sgp-1 sshd[21600]: Disconnected from authenticating user root 109.42.178.255 port 14782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:51.498Z","@version":"1","message":"Sep 15 12:28:50 honeypot-sgp-1 sshd[21606]: Disconnected from authenticating user root 109.42.178.255 port 14469 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:55.500Z","@version":"1","message":"Sep 15 12:28:55 honeypot-sgp-1 sshd[21612]: Disconnected from authenticating user root 109.42.178.255 port 1751 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:00.504Z","@version":"1","message":"Sep 15 12:28:59 honeypot-sgp-1 sshd[21618]: Disconnected from authenticating user root 109.42.178.255 port 22268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:04.506Z","@version":"1","message":"Sep 15 12:29:03 honeypot-sgp-1 sshd[21624]: Disconnected from authenticating user root 109.42.178.255 port 22829 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:08.509Z","@version":"1","message":"Sep 15 12:29:08 honeypot-sgp-1 sshd[21630]: Disconnected from authenticating user root 109.42.178.255 port 9200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:13.511Z","@version":"1","message":"Sep 15 12:29:12 honeypot-sgp-1 sshd[21636]: Disconnected from authenticating user root 109.42.178.255 port 11639 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:17.515Z","@version":"1","message":"Sep 15 12:29:17 honeypot-sgp-1 sshd[21642]: Disconnected from authenticating user root 109.42.178.255 port 26415 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:21.517Z","@version":"1","message":"Sep 15 12:29:21 honeypot-sgp-1 sshd[21648]: Received disconnect from 109.42.178.255 port 21286:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:24.519Z","@version":"1","message":"Sep 15 12:29:24 honeypot-sgp-1 sshd[21652]: Received disconnect from 109.42.178.255 port 27407:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:27.521Z","@version":"1","message":"Sep 15 12:29:27 honeypot-sgp-1 sshd[21656]: Received disconnect from 109.42.178.255 port 2122:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:30.524Z","@version":"1","message":"Sep 15 12:29:29 honeypot-sgp-1 sshd[21660]: Received disconnect from 109.42.178.255 port 15075:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:33.525Z","@version":"1","message":"Sep 15 12:29:32 honeypot-sgp-1 sshd[21664]: Received disconnect from 109.42.178.255 port 17228:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:36.527Z","@version":"1","message":"Sep 15 12:29:35 honeypot-sgp-1 sshd[21668]: Received disconnect from 109.42.178.255 port 22577:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:40.529Z","@version":"1","message":"Sep 15 12:29:39 honeypot-sgp-1 sshd[21674]: Invalid user pi from 109.42.178.255 port 2162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:43.531Z","@version":"1","message":"Sep 15 12:29:42 honeypot-sgp-1 sshd[21678]: Invalid user user from 109.42.178.255 port 23788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:46.534Z","@version":"1","message":"Sep 15 12:29:45 honeypot-sgp-1 sshd[21682]: Invalid user mine from 109.42.178.255 port 29830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:49.536Z","@version":"1","message":"Sep 15 12:29:48 honeypot-sgp-1 sshd[21686]: Invalid user xbmc from 109.42.178.255 port 4849","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:52.537Z","@version":"1","message":"Sep 15 12:29:51 honeypot-sgp-1 sshd[21690]: Invalid user oracle from 109.42.178.255 port 10275","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:55.539Z","@version":"1","message":"Sep 15 12:29:54 honeypot-sgp-1 sshd[21694]: Invalid user postgres from 109.42.178.255 port 6094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:57.540Z","@version":"1","message":"Sep 15 12:29:57 honeypot-sgp-1 sshd[21698]: Invalid user support from 109.42.178.255 port 3964","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:00.544Z","@version":"1","message":"Sep 15 12:30:00 honeypot-sgp-1 sshd[21702]: Invalid user ubuntu from 109.42.178.255 port 30295","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:03.545Z","@version":"1","message":"Sep 15 12:30:03 honeypot-sgp-1 sshd[21706]: Invalid user ubuntu from 109.42.178.255 port 1248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:06.547Z","@version":"1","message":"Sep 15 12:30:06 honeypot-sgp-1 sshd[21710]: Invalid user guest from 109.42.178.255 port 28644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:09.549Z","@version":"1","message":"Sep 15 12:30:08 honeypot-sgp-1 sshd[21714]: Invalid user cirros from 109.42.178.255 port 16156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:30.559Z","@version":"1","message":"Sep 15 12:30:30 honeypot-sgp-1 kernel: [84121137.664222] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.87.109.58 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=58265 PROTO=TCP SPT=43510 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:33:24 honeypot-ams-1 sshd[28026]: Invalid user  from 81.17.25.50 port 2567","@timestamp":"2022-09-15T12:33:25.355Z"}
{"@timestamp":"2022-09-15T12:34:42.664Z","@version":"1","message":"Sep 15 12:34:42 honeypot-sgp-1 sshd[21722]: Disconnected from invalid user user 141.255.162.226 port 57876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:34:45 honeypot-ams-1 sshd[28032]: Disconnected from authenticating user root 189.33.0.103 port 55195 [preauth]","@timestamp":"2022-09-15T12:34:45.394Z"}
{"@timestamp":"2022-09-15T12:34:45.667Z","@version":"1","message":"Sep 15 12:34:44 honeypot-sgp-1 sshd[21726]: Disconnected from invalid user user 141.255.162.226 port 51414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:34:48.669Z","@version":"1","message":"Sep 15 12:34:48 honeypot-sgp-1 sshd[21730]: Disconnected from invalid user user 141.255.162.226 port 37704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:36:03 honeypot-ams-1 sshd[28036]: Disconnecting invalid user  81.17.25.50 port 55245: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:36:03.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:38:28 honeypot-ams-1 sshd[28042]: Disconnecting invalid user admin 81.17.25.50 port 19226: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:38:29.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:40:04 honeypot-ams-1 sshd[28053]: Invalid user manager from 81.17.25.50 port 63005","@timestamp":"2022-09-15T12:40:05.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:42:29 honeypot-ams-1 sshd[28059]: Disconnecting invalid user 1234 81.17.25.50 port 2358: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:42:30.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:43:36 honeypot-ams-1 sshd[28065]: Invalid user araknis from 81.17.25.50 port 2060","@timestamp":"2022-09-15T12:43:36.649Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:44:10 honeypot-fra-1 kernel: [84120268.025136] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.195.136 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18003 PROTO=TCP SPT=45807 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:44:11.303Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:44:16.899Z","@version":"1","message":"Sep 15 12:44:15 honeypot-sgp-1 sshd[21735]: Connection closed by invalid user yanhao 103.188.176.251 port 43810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:45:23 honeypot-ams-1 sshd[28074]: Disconnecting authenticating user root 81.17.25.50 port 35665: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:45:23.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:46:35 honeypot-ams-1 sshd[28082]: Disconnecting invalid user admin 81.17.25.50 port 51883: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:46:35.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:47:38 honeypot-ams-1 sshd[28092]: Invalid user  from 81.17.25.50 port 9213","@timestamp":"2022-09-15T12:47:38.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:33 honeypot-ams-1 sshd[28098]: Invalid user cisco from 81.17.25.50 port 13248","@timestamp":"2022-09-15T12:48:33.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:11 honeypot-ams-1 sshd[28105]: Disconnecting authenticating user root 81.17.25.50 port 49658: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:49:12.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:40 honeypot-ams-1 sshd[28111]: Disconnecting invalid user adslroot 81.17.25.50 port 4081: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:49:40.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:50:14 honeypot-ams-1 sshd[28115]: Invalid user admin from 81.17.25.50 port 31765","@timestamp":"2022-09-15T12:50:14.859Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:50:14 honeypot-fra-1 sshd[17937]: Invalid user test2 from 159.65.27.32 port 40038","@timestamp":"2022-09-15T12:50:15.443Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 12:51:22 honeypot-ams-1 kernel: [84122864.402702] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=202.95.12.41 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=39005 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:51:22.894Z"}
{"@timestamp":"2022-09-15T12:51:55.090Z","@version":"1","message":"Sep 15 12:51:54 honeypot-sgp-1 sshd[21740]: Received disconnect from 46.101.231.66 port 43742:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:52:22.104Z","@version":"1","message":"Sep 15 12:52:21 honeypot-sgp-1 sshd[21746]: Invalid user Administrator from 92.255.85.69 port 31850","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:52:51 honeypot-fra-1 sshd[17941]: Invalid user odoo from 138.68.166.112 port 54500","@timestamp":"2022-09-15T12:52:51.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:52:55 honeypot-ams-1 sshd[28127]: Disconnecting invalid user default 81.17.25.50 port 56872: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:52:55.941Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:53:37 honeypot-ams-1 sshd[28133]: Disconnecting invalid user c1@r0 81.17.25.50 port 41224: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:53:37.961Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:54:27 honeypot-ams-1 sshd[28140]: Invalid user superonline from 81.17.25.50 port 19669","@timestamp":"2022-09-15T12:54:27.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:57:03 honeypot-ams-1 sshd[28146]: Invalid user Admin from 81.17.25.50 port 14616","@timestamp":"2022-09-15T12:57:04.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:57:52 honeypot-ams-1 sshd[28153]: Received disconnect from 61.177.173.51 port 38302:11:  [preauth]","@timestamp":"2022-09-15T12:57:53.085Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:58:59 honeypot-fra-1 sshd[17946]: Received disconnect from 81.6.41.4 port 53626:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:58:59.643Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:59:05 honeypot-ams-1 sshd[28159]: Invalid user matrix from 81.17.25.50 port 46453","@timestamp":"2022-09-15T12:59:06.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:13 honeypot-ams-1 sshd[28166]: Invalid user motorola from 81.17.25.50 port 55245","@timestamp":"2022-09-15T13:00:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:50 honeypot-ams-1 sshd[28172]: Disconnecting authenticating user root 81.17.25.50 port 18957: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:00:51.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:01:25 honeypot-fra-1 sshd[17950]: Received disconnect from 138.0.239.70 port 36246:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:01:25.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:01:59 honeypot-ams-1 sshd[28178]: Disconnecting invalid user 0 81.17.25.50 port 30634: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:02:00.212Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:02:49 honeypot-ams-1 kernel: [84123551.388141] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.18.118.149 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=15533 PROTO=TCP SPT=57828 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:02:49.304Z"}
{"@timestamp":"2022-09-15T13:03:02.373Z","@version":"1","message":"Sep 15 13:03:01 honeypot-sgp-1 sshd[21751]: Connection closed by invalid user debian 179.60.147.69 port 61758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:03:58 honeypot-ams-1 kernel: [84123620.437130] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.138.248 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=49038 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:03:58.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:04:24 honeypot-ams-1 sshd[28195]: Disconnecting invalid user admin 81.17.25.50 port 19287: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:04:25.353Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:05:32 honeypot-ams-1 sshd[28202]: Disconnecting invalid user smcadmin 81.17.25.50 port 60590: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:05:33.405Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:19 honeypot-ams-1 sshd[28211]: Received disconnect from 61.177.173.39 port 42420:11:  [preauth]","@timestamp":"2022-09-15T13:06:19.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:40 honeypot-ams-1 sshd[28217]: Received disconnect from 80.76.51.189 port 60500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:06:40.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:06:45 honeypot-fra-1 sshd[17957]: Received disconnect from 34.91.0.68 port 44938:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:06:45.823Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:09 honeypot-ams-1 sshd[28225]: Received disconnect from 80.76.51.189 port 52654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:07:09.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:28 honeypot-ams-1 sshd[28227]: Disconnecting invalid user ubnt 81.17.25.50 port 15118: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:07:29.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:06 honeypot-ams-1 sshd[28237]: Received disconnect from 92.255.85.69 port 59976:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:08:06.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:19 honeypot-ams-1 sshd[28241]: Disconnecting invalid user user 81.17.25.50 port 5851: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:08:19.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:43 honeypot-ams-1 sshd[28245]: Disconnecting invalid user readwrite 81.17.25.50 port 60152: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:08:44.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:12 honeypot-ams-1 sshd[28256]: Received disconnect from 80.76.51.189 port 49514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:09:12.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:29 honeypot-ams-1 sshd[28260]: Disconnecting invalid user admin 81.17.25.50 port 11685: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:09:29.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:44 honeypot-ams-1 sshd[28268]: Received disconnect from 80.76.51.189 port 41664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:09:44.544Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:10:15 honeypot-ams-1 sshd[28272]: Received disconnect from 80.76.51.189 port 33764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:10:16.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:11:50 honeypot-ams-1 sshd[28281]: Received disconnect from 80.76.51.189 port 38492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:11:50.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:12:55 honeypot-ams-1 sshd[28285]: Invalid user admin from 80.76.51.189 port 51024","@timestamp":"2022-09-15T13:12:55.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:14:02 honeypot-ams-1 sshd[28289]: Invalid user ansible from 80.76.51.189 port 35330","@timestamp":"2022-09-15T13:14:02.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:15:11 honeypot-ams-1 sshd[28294]: Invalid user ansible from 80.76.51.189 port 47868","@timestamp":"2022-09-15T13:15:11.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:16:19 honeypot-ams-1 sshd[28298]: Received disconnect from 80.76.51.189 port 60402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:16:20.729Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:17:01 honeypot-fra-1 CRON[17962]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T13:17:01.055Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:02 honeypot-ams-1 sshd[28302]: Received disconnect from 61.177.173.50 port 32200:11:  [preauth]","@timestamp":"2022-09-15T13:17:03.750Z"}
{"@timestamp":"2022-09-15T13:17:31.737Z","@version":"1","message":"Sep 15 13:17:31 honeypot-sgp-1 sshd[21760]: Invalid user steam from 92.255.85.70 port 41166","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:45 honeypot-ams-1 sshd[28311]: Invalid user user from 198.98.61.9 port 35552","@timestamp":"2022-09-15T13:17:46.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:01 honeypot-ams-1 sshd[28315]: Invalid user postgres from 80.76.51.189 port 36844","@timestamp":"2022-09-15T13:18:01.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:12 honeypot-ams-1 sshd[28319]: Invalid user user from 198.98.61.9 port 42500","@timestamp":"2022-09-15T13:18:12.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:23 honeypot-ams-1 sshd[28323]: Received disconnect from 61.177.172.114 port 32331:11:  [preauth]","@timestamp":"2022-09-15T13:18:23.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:36 honeypot-ams-1 sshd[28329]: Disconnected from authenticating user root 80.76.51.189 port 57236 [preauth]","@timestamp":"2022-09-15T13:18:36.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:19:11 honeypot-ams-1 sshd[28333]: Received disconnect from 80.76.51.189 port 49384:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:19:11.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:20:23 honeypot-ams-1 sshd[28338]: Disconnected from authenticating user root 80.76.51.189 port 33682 [preauth]","@timestamp":"2022-09-15T13:20:23.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:28 honeypot-fra-1 sshd[17967]: Disconnected from invalid user admin 192.174.125.154 port 63105 [preauth]","@timestamp":"2022-09-15T13:23:29.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:30 honeypot-fra-1 sshd[17974]: Invalid user user from 192.174.125.154 port 17857","@timestamp":"2022-09-15T13:23:31.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:33 honeypot-fra-1 sshd[17978]: Received disconnect from 192.174.125.154 port 30561:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:33.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:35 honeypot-fra-1 sshd[17982]: Received disconnect from 192.174.125.154 port 42689:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:35.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:36 honeypot-fra-1 sshd[17986]: Disconnected from authenticating user root 192.174.125.154 port 54593 [preauth]","@timestamp":"2022-09-15T13:23:37.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:39 honeypot-fra-1 sshd[17990]: Disconnected from invalid user user 192.174.125.154 port 3201 [preauth]","@timestamp":"2022-09-15T13:23:39.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:41 honeypot-fra-1 sshd[17996]: Invalid user admin from 192.174.125.154 port 19841","@timestamp":"2022-09-15T13:23:42.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:43 honeypot-fra-1 sshd[18000]: Invalid user user2 from 192.174.125.154 port 31457","@timestamp":"2022-09-15T13:23:44.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:45 honeypot-fra-1 sshd[18004]: Received disconnect from 192.174.125.154 port 43297:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:46.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:47 honeypot-fra-1 sshd[18008]: Received disconnect from 192.174.125.154 port 55521:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:48.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:49 honeypot-fra-1 sshd[18012]: Disconnected from invalid user admin 192.174.125.154 port 3938 [preauth]","@timestamp":"2022-09-15T13:23:50.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:51 honeypot-fra-1 sshd[18016]: Disconnected from invalid user user2 192.174.125.154 port 15681 [preauth]","@timestamp":"2022-09-15T13:23:52.217Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:54 honeypot-fra-1 sshd[18022]: Invalid user user from 192.174.125.154 port 33025","@timestamp":"2022-09-15T13:23:55.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:56 honeypot-fra-1 sshd[18026]: Received disconnect from 192.174.125.154 port 45281:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:57.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:58 honeypot-fra-1 sshd[18030]: Received disconnect from 192.174.125.154 port 56801:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:59.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:00 honeypot-fra-1 sshd[18034]: Disconnected from authenticating user root 192.174.125.154 port 6113 [preauth]","@timestamp":"2022-09-15T13:24:01.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:02 honeypot-fra-1 sshd[18038]: Disconnected from invalid user user 192.174.125.154 port 19010 [preauth]","@timestamp":"2022-09-15T13:24:03.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:24:05 honeypot-ams-1 sshd[28342]: Disconnected from invalid user steam 92.255.85.70 port 16392 [preauth]","@timestamp":"2022-09-15T13:24:05.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:11 honeypot-fra-1 sshd[18042]: Disconnected from authenticating user root 192.174.125.154 port 10529 [preauth]","@timestamp":"2022-09-15T13:24:12.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:13 honeypot-fra-1 sshd[18046]: Disconnected from invalid user user 192.174.125.154 port 22145 [preauth]","@timestamp":"2022-09-15T13:24:14.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:16 honeypot-fra-1 sshd[18052]: Invalid user admin from 192.174.125.154 port 39777","@timestamp":"2022-09-15T13:24:17.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:18 honeypot-fra-1 sshd[18056]: Invalid user user2 from 192.174.125.154 port 51585","@timestamp":"2022-09-15T13:24:19.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:21 honeypot-fra-1 sshd[18060]: Received disconnect from 192.174.125.154 port 63777:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:21.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:23 honeypot-fra-1 sshd[18064]: Received disconnect from 192.174.125.154 port 12801:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:23.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:25 honeypot-fra-1 sshd[18068]: Disconnected from invalid user admin 192.174.125.154 port 24737 [preauth]","@timestamp":"2022-09-15T13:24:25.238Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:27 honeypot-fra-1 sshd[18072]: Disconnected from invalid user user2 192.174.125.154 port 37217 [preauth]","@timestamp":"2022-09-15T13:24:27.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:29 honeypot-fra-1 sshd[18078]: Invalid user user from 192.174.125.154 port 55201","@timestamp":"2022-09-15T13:24:30.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:32 honeypot-fra-1 sshd[18082]: Received disconnect from 192.174.125.154 port 4353:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:32.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:34 honeypot-fra-1 sshd[18086]: Received disconnect from 192.174.125.154 port 16257:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:34.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:36 honeypot-fra-1 sshd[18090]: Disconnected from authenticating user root 192.174.125.154 port 27969 [preauth]","@timestamp":"2022-09-15T13:24:36.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:38 honeypot-fra-1 sshd[18094]: Disconnected from invalid user user 192.174.125.154 port 40257 [preauth]","@timestamp":"2022-09-15T13:24:38.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:40 honeypot-fra-1 sshd[18100]: Invalid user admin from 192.174.125.154 port 58497","@timestamp":"2022-09-15T13:24:41.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:42 honeypot-fra-1 sshd[18104]: Invalid user user2 from 192.174.125.154 port 7681","@timestamp":"2022-09-15T13:24:43.251Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:45 honeypot-fra-1 sshd[18108]: Received disconnect from 192.174.125.154 port 19809:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:45.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:47 honeypot-fra-1 sshd[18112]: Received disconnect from 192.174.125.154 port 32225:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:47.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:49 honeypot-fra-1 sshd[18116]: Disconnected from invalid user admin 192.174.125.154 port 44865 [preauth]","@timestamp":"2022-09-15T13:24:49.255Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:51 honeypot-fra-1 sshd[18120]: Disconnected from invalid user user2 192.174.125.154 port 57537 [preauth]","@timestamp":"2022-09-15T13:24:51.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:53 honeypot-fra-1 sshd[18126]: Invalid user user from 192.174.125.154 port 12450","@timestamp":"2022-09-15T13:24:54.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:56 honeypot-fra-1 sshd[18130]: Received disconnect from 192.174.125.154 port 24609:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:56.259Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:58 honeypot-fra-1 sshd[18134]: Received disconnect from 192.174.125.154 port 36802:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:58.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:00 honeypot-fra-1 sshd[18138]: Disconnected from authenticating user root 192.174.125.154 port 49409 [preauth]","@timestamp":"2022-09-15T13:25:00.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:02 honeypot-fra-1 sshd[18142]: Disconnected from invalid user user 192.174.125.154 port 61761 [preauth]","@timestamp":"2022-09-15T13:25:02.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:04 honeypot-fra-1 sshd[18146]: Disconnected from authenticating user root 192.174.125.154 port 10401 [preauth]","@timestamp":"2022-09-15T13:25:04.266Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:06 honeypot-fra-1 sshd[18150]: Disconnected from invalid user user 192.174.125.154 port 22209 [preauth]","@timestamp":"2022-09-15T13:25:06.267Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:09 honeypot-fra-1 sshd[18156]: Invalid user admin from 192.174.125.154 port 39905","@timestamp":"2022-09-15T13:25:09.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:10 honeypot-fra-1 sshd[18160]: Invalid user user2 from 192.174.125.154 port 51330","@timestamp":"2022-09-15T13:25:11.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:13 honeypot-fra-1 sshd[18164]: Received disconnect from 192.174.125.154 port 63553:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:13.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:15 honeypot-fra-1 sshd[18168]: Received disconnect from 192.174.125.154 port 12577:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:15.274Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:17 honeypot-fra-1 sshd[18172]: Disconnected from invalid user admin 192.174.125.154 port 24929 [preauth]","@timestamp":"2022-09-15T13:25:17.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:19 honeypot-fra-1 sshd[18176]: Disconnected from invalid user user2 192.174.125.154 port 36161 [preauth]","@timestamp":"2022-09-15T13:25:19.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:22 honeypot-fra-1 sshd[18182]: Invalid user user from 192.174.125.154 port 54049","@timestamp":"2022-09-15T13:25:22.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:24 honeypot-fra-1 sshd[18186]: Received disconnect from 192.174.125.154 port 3073:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:24.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:26 honeypot-fra-1 sshd[18190]: Received disconnect from 192.174.125.154 port 15361:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:26.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:28 honeypot-fra-1 sshd[18194]: Disconnected from authenticating user root 192.174.125.154 port 27457 [preauth]","@timestamp":"2022-09-15T13:25:28.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:30 honeypot-fra-1 sshd[18198]: Disconnected from invalid user user 192.174.125.154 port 39009 [preauth]","@timestamp":"2022-09-15T13:25:30.284Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:33 honeypot-fra-1 sshd[18204]: Invalid user admin from 192.174.125.154 port 56193","@timestamp":"2022-09-15T13:25:33.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:35 honeypot-fra-1 sshd[18208]: Invalid user user2 from 192.174.125.154 port 5633","@timestamp":"2022-09-15T13:25:35.287Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:37 honeypot-fra-1 sshd[18212]: Received disconnect from 192.174.125.154 port 17154:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:37.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:39 honeypot-fra-1 sshd[18216]: Received disconnect from 192.174.125.154 port 28705:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:39.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:41 honeypot-fra-1 sshd[18220]: Disconnected from invalid user admin 192.174.125.154 port 40097 [preauth]","@timestamp":"2022-09-15T13:25:41.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:43 honeypot-fra-1 sshd[18224]: Disconnected from invalid user user2 192.174.125.154 port 51041 [preauth]","@timestamp":"2022-09-15T13:25:43.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:46 honeypot-fra-1 sshd[18230]: Invalid user user from 192.174.125.154 port 5025","@timestamp":"2022-09-15T13:25:46.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:48 honeypot-fra-1 sshd[18234]: Received disconnect from 192.174.125.154 port 16545:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:48.296Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:50 honeypot-fra-1 sshd[18238]: Received disconnect from 192.174.125.154 port 27905:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:51.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:52 honeypot-fra-1 sshd[18242]: Disconnected from authenticating user root 192.174.125.154 port 39297 [preauth]","@timestamp":"2022-09-15T13:25:52.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:54 honeypot-fra-1 sshd[18246]: Disconnected from invalid user user 192.174.125.154 port 49633 [preauth]","@timestamp":"2022-09-15T13:25:55.300Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:57 honeypot-fra-1 sshd[18252]: Invalid user admin from 192.174.125.154 port 4417","@timestamp":"2022-09-15T13:25:57.302Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:59 honeypot-fra-1 sshd[18256]: Invalid user user2 from 192.174.125.154 port 14529","@timestamp":"2022-09-15T13:25:59.304Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:01 honeypot-fra-1 sshd[18260]: Received disconnect from 192.174.125.154 port 26081:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:01.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:03 honeypot-fra-1 sshd[18264]: Received disconnect from 192.174.125.154 port 37217:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:03.307Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:05 honeypot-fra-1 sshd[18268]: Disconnected from invalid user admin 192.174.125.154 port 47969 [preauth]","@timestamp":"2022-09-15T13:26:05.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:07 honeypot-fra-1 sshd[18273]: Disconnected from invalid user user2 192.174.125.154 port 58945 [preauth]","@timestamp":"2022-09-15T13:26:07.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:10 honeypot-fra-1 sshd[18279]: Invalid user user from 192.174.125.154 port 12449","@timestamp":"2022-09-15T13:26:10.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:12 honeypot-fra-1 sshd[18283]: Received disconnect from 192.174.125.154 port 22561:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:12.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:14 honeypot-fra-1 sshd[18287]: Received disconnect from 192.174.125.154 port 32801:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:14.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:16 honeypot-fra-1 sshd[18291]: Disconnected from authenticating user root 192.174.125.154 port 43617 [preauth]","@timestamp":"2022-09-15T13:26:16.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:18 honeypot-fra-1 sshd[18295]: Disconnected from invalid user user 192.174.125.154 port 54625 [preauth]","@timestamp":"2022-09-15T13:26:18.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:21 honeypot-fra-1 sshd[18301]: Invalid user admin from 192.174.125.154 port 7393","@timestamp":"2022-09-15T13:26:21.319Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:23 honeypot-fra-1 sshd[18305]: Invalid user user2 from 192.174.125.154 port 17921","@timestamp":"2022-09-15T13:26:23.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:25 honeypot-fra-1 sshd[18309]: Received disconnect from 192.174.125.154 port 28833:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:25.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:27 honeypot-fra-1 sshd[18313]: Received disconnect from 192.174.125.154 port 39489:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:27.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:29 honeypot-fra-1 sshd[18317]: Disconnected from invalid user admin 192.174.125.154 port 50465 [preauth]","@timestamp":"2022-09-15T13:26:29.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:31 honeypot-fra-1 sshd[18321]: Disconnected from invalid user user2 192.174.125.154 port 61601 [preauth]","@timestamp":"2022-09-15T13:26:31.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:34 honeypot-fra-1 sshd[18327]: Invalid user user from 192.174.125.154 port 14561","@timestamp":"2022-09-15T13:26:34.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:36 honeypot-fra-1 sshd[18331]: Received disconnect from 192.174.125.154 port 24385:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:36.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:38 honeypot-fra-1 sshd[18335]: Received disconnect from 192.174.125.154 port 34785:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:38.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:40 honeypot-fra-1 sshd[18339]: Disconnected from authenticating user root 192.174.125.154 port 44897 [preauth]","@timestamp":"2022-09-15T13:26:40.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:42 honeypot-fra-1 sshd[18343]: Disconnected from invalid user user 192.174.125.154 port 54689 [preauth]","@timestamp":"2022-09-15T13:26:42.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:44 honeypot-fra-1 sshd[18349]: Invalid user admin from 192.174.125.154 port 6017","@timestamp":"2022-09-15T13:26:45.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:46 honeypot-fra-1 sshd[18353]: Invalid user user2 from 192.174.125.154 port 16065","@timestamp":"2022-09-15T13:26:47.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:48 honeypot-fra-1 sshd[18357]: Received disconnect from 192.174.125.154 port 26401:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:49.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:50 honeypot-fra-1 sshd[18361]: Received disconnect from 192.174.125.154 port 36257:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:51.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:52 honeypot-fra-1 sshd[18365]: Disconnected from invalid user admin 192.174.125.154 port 46465 [preauth]","@timestamp":"2022-09-15T13:26:53.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:54 honeypot-fra-1 sshd[18369]: Disconnected from invalid user user2 192.174.125.154 port 56545 [preauth]","@timestamp":"2022-09-15T13:26:55.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:57 honeypot-fra-1 sshd[18375]: Invalid user user from 192.174.125.154 port 8353","@timestamp":"2022-09-15T13:26:58.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:59 honeypot-fra-1 sshd[18379]: Received disconnect from 192.174.125.154 port 18498:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:00.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:01 honeypot-fra-1 sshd[18383]: Received disconnect from 192.174.125.154 port 28321:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:02.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:03 honeypot-fra-1 sshd[18387]: Disconnected from authenticating user root 192.174.125.154 port 37857 [preauth]","@timestamp":"2022-09-15T13:27:04.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:05 honeypot-fra-1 sshd[18391]: Disconnected from invalid user user 192.174.125.154 port 47905 [preauth]","@timestamp":"2022-09-15T13:27:06.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:08 honeypot-fra-1 sshd[18397]: Invalid user admin from 192.174.125.154 port 62561","@timestamp":"2022-09-15T13:27:08.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:10 honeypot-fra-1 sshd[18401]: Invalid user user2 from 192.174.125.154 port 9089","@timestamp":"2022-09-15T13:27:10.353Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:12 honeypot-fra-1 sshd[18405]: Received disconnect from 192.174.125.154 port 19105:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:13.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:14 honeypot-fra-1 sshd[18409]: Received disconnect from 192.174.125.154 port 29121:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:15.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:16 honeypot-fra-1 sshd[18413]: Disconnected from invalid user admin 192.174.125.154 port 39553 [preauth]","@timestamp":"2022-09-15T13:27:17.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:18 honeypot-fra-1 sshd[18417]: Disconnected from invalid user user2 192.174.125.154 port 49345 [preauth]","@timestamp":"2022-09-15T13:27:18.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:21 honeypot-fra-1 sshd[18423]: Invalid user user from 192.174.125.154 port 64193","@timestamp":"2022-09-15T13:27:21.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:23 honeypot-fra-1 sshd[18427]: Received disconnect from 192.174.125.154 port 10785:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:23.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:25 honeypot-fra-1 sshd[18431]: Received disconnect from 192.174.125.154 port 20513:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:25.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:27 honeypot-fra-1 sshd[18435]: Disconnected from authenticating user root 192.174.125.154 port 30369 [preauth]","@timestamp":"2022-09-15T13:27:27.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:29 honeypot-fra-1 sshd[18439]: Received disconnect from 192.174.125.154 port 40321:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:29.367Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:31 honeypot-fra-1 sshd[18443]: Disconnected from authenticating user root 192.174.125.154 port 50274 [preauth]","@timestamp":"2022-09-15T13:27:31.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:40 honeypot-fra-1 sshd[18447]: Disconnected from invalid user user 192.174.125.154 port 30945 [preauth]","@timestamp":"2022-09-15T13:27:40.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:43 honeypot-fra-1 sshd[18453]: Invalid user admin from 192.174.125.154 port 45825","@timestamp":"2022-09-15T13:27:43.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:45 honeypot-fra-1 sshd[18457]: Invalid user user2 from 192.174.125.154 port 56097","@timestamp":"2022-09-15T13:27:45.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:47 honeypot-fra-1 sshd[18461]: Received disconnect from 192.174.125.154 port 3233:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:47.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:49 honeypot-fra-1 sshd[18465]: Received disconnect from 192.174.125.154 port 12963:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:49.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:50 honeypot-fra-1 sshd[18469]: Disconnected from invalid user admin 192.174.125.154 port 22401 [preauth]","@timestamp":"2022-09-15T13:27:51.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:52 honeypot-fra-1 sshd[18473]: Disconnected from invalid user user2 192.174.125.154 port 32641 [preauth]","@timestamp":"2022-09-15T13:27:53.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:55 honeypot-fra-1 sshd[18479]: Invalid user user from 192.174.125.154 port 47777","@timestamp":"2022-09-15T13:27:56.384Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:57 honeypot-fra-1 sshd[18483]: Received disconnect from 192.174.125.154 port 58017:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:58.386Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:59 honeypot-fra-1 sshd[18487]: Received disconnect from 192.174.125.154 port 5409:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:00.387Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:01 honeypot-fra-1 sshd[18491]: Disconnected from authenticating user root 192.174.125.154 port 16097 [preauth]","@timestamp":"2022-09-15T13:28:02.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:03 honeypot-fra-1 sshd[18495]: Disconnected from invalid user user 192.174.125.154 port 26433 [preauth]","@timestamp":"2022-09-15T13:28:04.390Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:06 honeypot-fra-1 sshd[18501]: Invalid user admin from 192.174.125.154 port 42177","@timestamp":"2022-09-15T13:28:07.392Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:08 honeypot-fra-1 sshd[18505]: Invalid user user2 from 192.174.125.154 port 52769","@timestamp":"2022-09-15T13:28:09.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:10 honeypot-fra-1 sshd[18509]: Received disconnect from 192.174.125.154 port 63361:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:11.394Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:12 honeypot-fra-1 sshd[18513]: Received disconnect from 192.174.125.154 port 11489:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:13.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:14 honeypot-fra-1 sshd[18517]: Disconnected from invalid user admin 192.174.125.154 port 21889 [preauth]","@timestamp":"2022-09-15T13:28:15.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:16 honeypot-fra-1 sshd[18521]: Disconnected from invalid user user2 192.174.125.154 port 32481 [preauth]","@timestamp":"2022-09-15T13:28:17.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:19 honeypot-fra-1 sshd[18527]: Invalid user user from 192.174.125.154 port 48737","@timestamp":"2022-09-15T13:28:19.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:21 honeypot-fra-1 sshd[18531]: Received disconnect from 192.174.125.154 port 59425:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:22.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:23 honeypot-fra-1 sshd[18535]: Received disconnect from 192.174.125.154 port 6945:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:24.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:25 honeypot-fra-1 sshd[18539]: Disconnected from authenticating user root 192.174.125.154 port 17730 [preauth]","@timestamp":"2022-09-15T13:28:25.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:27 honeypot-fra-1 sshd[18543]: Disconnected from invalid user user 192.174.125.154 port 28545 [preauth]","@timestamp":"2022-09-15T13:28:27.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:30 honeypot-fra-1 sshd[18549]: Invalid user admin from 192.174.125.154 port 44642","@timestamp":"2022-09-15T13:28:30.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:32 honeypot-fra-1 sshd[18553]: Invalid user user2 from 192.174.125.154 port 55425","@timestamp":"2022-09-15T13:28:32.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:34 honeypot-fra-1 sshd[18557]: Received disconnect from 192.174.125.154 port 4097:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:34.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:36 honeypot-fra-1 sshd[18561]: Received disconnect from 192.174.125.154 port 15041:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:36.413Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:37 honeypot-fra-1 sshd[18565]: Disconnected from invalid user admin 192.174.125.154 port 25921 [preauth]","@timestamp":"2022-09-15T13:28:38.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:39 honeypot-fra-1 sshd[18569]: Disconnected from invalid user user2 192.174.125.154 port 36930 [preauth]","@timestamp":"2022-09-15T13:28:40.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:49 honeypot-fra-1 sshd[18575]: Invalid user user from 192.174.125.154 port 31137","@timestamp":"2022-09-15T13:28:50.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:51 honeypot-fra-1 sshd[18579]: Received disconnect from 192.174.125.154 port 42337:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:52.422Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:53 honeypot-fra-1 sshd[18583]: Received disconnect from 192.174.125.154 port 53634:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:54.423Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:55 honeypot-fra-1 sshd[18587]: Disconnected from authenticating user root 192.174.125.154 port 2081 [preauth]","@timestamp":"2022-09-15T13:28:56.424Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:57 honeypot-fra-1 sshd[18591]: Disconnected from invalid user user 192.174.125.154 port 13057 [preauth]","@timestamp":"2022-09-15T13:28:58.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:00 honeypot-fra-1 sshd[18597]: Invalid user admin from 192.174.125.154 port 30177","@timestamp":"2022-09-15T13:29:01.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:02 honeypot-fra-1 sshd[18601]: Invalid user user2 from 192.174.125.154 port 41441","@timestamp":"2022-09-15T13:29:03.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:04 honeypot-fra-1 sshd[18605]: Received disconnect from 192.174.125.154 port 52929:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:05.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:06 honeypot-fra-1 sshd[18609]: Received disconnect from 192.174.125.154 port 64289:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:07.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:08 honeypot-fra-1 sshd[18613]: Disconnected from invalid user admin 192.174.125.154 port 12769 [preauth]","@timestamp":"2022-09-15T13:29:09.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:10 honeypot-fra-1 sshd[18617]: Disconnected from invalid user user2 192.174.125.154 port 23905 [preauth]","@timestamp":"2022-09-15T13:29:11.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:13 honeypot-fra-1 sshd[18623]: Invalid user user from 192.174.125.154 port 40609","@timestamp":"2022-09-15T13:29:14.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:15 honeypot-fra-1 sshd[18627]: Received disconnect from 192.174.125.154 port 52321:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:16.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:18 honeypot-fra-1 kernel: [84122974.980298] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=15117 PROTO=TCP SPT=58116 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:29:18.440Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:19 honeypot-fra-1 sshd[18635]: Received disconnect from 192.174.125.154 port 11873:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:20.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:21 honeypot-fra-1 sshd[18639]: Received disconnect from 192.174.125.154 port 22689:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:21.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:23 honeypot-fra-1 sshd[18643]: Disconnected from authenticating user root 192.174.125.154 port 33313 [preauth]","@timestamp":"2022-09-15T13:29:23.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:25 honeypot-fra-1 sshd[18647]: Disconnected from invalid user user 192.174.125.154 port 44577 [preauth]","@timestamp":"2022-09-15T13:29:25.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:28 honeypot-fra-1 sshd[18653]: Invalid user admin from 192.174.125.154 port 62849","@timestamp":"2022-09-15T13:29:28.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:30 honeypot-fra-1 sshd[18657]: Invalid user user2 from 192.174.125.154 port 11425","@timestamp":"2022-09-15T13:29:30.449Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:32 honeypot-fra-1 sshd[18661]: Received disconnect from 192.174.125.154 port 23841:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:32.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:33 honeypot-fra-1 sshd[18665]: Received disconnect from 192.174.125.154 port 34562:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:34.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:35 honeypot-fra-1 sshd[18669]: Disconnected from invalid user admin 192.174.125.154 port 45409 [preauth]","@timestamp":"2022-09-15T13:29:36.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:37 honeypot-fra-1 sshd[18673]: Disconnected from invalid user user2 192.174.125.154 port 56993 [preauth]","@timestamp":"2022-09-15T13:29:38.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:40 honeypot-fra-1 sshd[18679]: Invalid user user from 192.174.125.154 port 11873","@timestamp":"2022-09-15T13:29:41.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:42 honeypot-fra-1 sshd[18683]: Received disconnect from 192.174.125.154 port 23169:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:43.457Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:44 honeypot-fra-1 sshd[18687]: Received disconnect from 192.174.125.154 port 34113:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:45.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:46 honeypot-fra-1 sshd[18691]: Disconnected from authenticating user root 192.174.125.154 port 45217 [preauth]","@timestamp":"2022-09-15T13:29:47.460Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:48 honeypot-fra-1 sshd[18695]: Disconnected from invalid user user 192.174.125.154 port 56545 [preauth]","@timestamp":"2022-09-15T13:29:49.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:51 honeypot-fra-1 sshd[18701]: Invalid user admin from 192.174.125.154 port 10273","@timestamp":"2022-09-15T13:29:52.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:53 honeypot-fra-1 sshd[18705]: Invalid user user2 from 192.174.125.154 port 21441","@timestamp":"2022-09-15T13:29:54.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:55 honeypot-fra-1 sshd[18709]: Received disconnect from 192.174.125.154 port 32897:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:56.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:57 honeypot-fra-1 sshd[18713]: Received disconnect from 192.174.125.154 port 44033:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:58.468Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:59 honeypot-fra-1 sshd[18717]: Disconnected from invalid user admin 192.174.125.154 port 55457 [preauth]","@timestamp":"2022-09-15T13:30:00.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:01 honeypot-fra-1 sshd[18721]: Disconnected from invalid user user2 192.174.125.154 port 3457 [preauth]","@timestamp":"2022-09-15T13:30:02.471Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:04 honeypot-fra-1 sshd[18727]: Invalid user user from 192.174.125.154 port 20289","@timestamp":"2022-09-15T13:30:05.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:06 honeypot-fra-1 sshd[18731]: Received disconnect from 192.174.125.154 port 31969:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:07.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:08 honeypot-fra-1 sshd[18735]: Received disconnect from 192.174.125.154 port 43169:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:09.475Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:10 honeypot-fra-1 sshd[18739]: Disconnected from authenticating user root 192.174.125.154 port 54817 [preauth]","@timestamp":"2022-09-15T13:30:11.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:12 honeypot-fra-1 sshd[18743]: Disconnected from invalid user user 192.174.125.154 port 2273 [preauth]","@timestamp":"2022-09-15T13:30:12.477Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:15 honeypot-fra-1 sshd[18749]: Invalid user admin from 192.174.125.154 port 18145","@timestamp":"2022-09-15T13:30:15.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:17 honeypot-fra-1 sshd[18753]: Invalid user user2 from 192.174.125.154 port 29121","@timestamp":"2022-09-15T13:30:17.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:19 honeypot-fra-1 sshd[18757]: Received disconnect from 192.174.125.154 port 40226:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:19.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:21 honeypot-fra-1 sshd[18761]: Received disconnect from 192.174.125.154 port 51649:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:21.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:23 honeypot-fra-1 sshd[18765]: Disconnected from invalid user admin 192.174.125.154 port 63169 [preauth]","@timestamp":"2022-09-15T13:30:23.485Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:25 honeypot-fra-1 sshd[18769]: Disconnected from invalid user user2 192.174.125.154 port 11745 [preauth]","@timestamp":"2022-09-15T13:30:25.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:27 honeypot-fra-1 sshd[18775]: Invalid user user from 192.174.125.154 port 27457","@timestamp":"2022-09-15T13:30:28.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:30 honeypot-fra-1 sshd[18779]: Received disconnect from 192.174.125.154 port 38977:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:30.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:32 honeypot-fra-1 sshd[18783]: Received disconnect from 192.174.125.154 port 49633:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:32.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:34 honeypot-fra-1 sshd[18787]: Disconnected from authenticating user root 192.174.125.154 port 60769 [preauth]","@timestamp":"2022-09-15T13:30:34.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:36 honeypot-fra-1 sshd[18791]: Disconnected from invalid user user 192.174.125.154 port 8705 [preauth]","@timestamp":"2022-09-15T13:30:36.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:38 honeypot-fra-1 sshd[18797]: Invalid user admin from 192.174.125.154 port 25953","@timestamp":"2022-09-15T13:30:39.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:40 honeypot-fra-1 sshd[18801]: Invalid user user2 from 192.174.125.154 port 37281","@timestamp":"2022-09-15T13:30:41.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:43 honeypot-fra-1 sshd[18805]: Received disconnect from 192.174.125.154 port 49377:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:43.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:45 honeypot-fra-1 sshd[18809]: Received disconnect from 192.174.125.154 port 61121:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:45.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:46 honeypot-fra-1 sshd[18813]: Disconnected from invalid user admin 192.174.125.154 port 9441 [preauth]","@timestamp":"2022-09-15T13:30:47.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:49 honeypot-fra-1 sshd[18817]: Disconnected from invalid user user2 192.174.125.154 port 20897 [preauth]","@timestamp":"2022-09-15T13:30:49.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:51 honeypot-fra-1 sshd[18823]: Invalid user user from 192.174.125.154 port 37377","@timestamp":"2022-09-15T13:30:52.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:53 honeypot-fra-1 sshd[18827]: Received disconnect from 192.174.125.154 port 48129:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:54.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:55 honeypot-fra-1 sshd[18831]: Received disconnect from 192.174.125.154 port 59105:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:56.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:57 honeypot-fra-1 sshd[18835]: Disconnected from authenticating user root 192.174.125.154 port 6849 [preauth]","@timestamp":"2022-09-15T13:30:58.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:59 honeypot-fra-1 sshd[18839]: Disconnected from invalid user user 192.174.125.154 port 18369 [preauth]","@timestamp":"2022-09-15T13:31:00.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:02 honeypot-fra-1 sshd[18845]: Invalid user admin from 192.174.125.154 port 34369","@timestamp":"2022-09-15T13:31:03.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:04 honeypot-fra-1 sshd[18849]: Invalid user user2 from 192.174.125.154 port 45249","@timestamp":"2022-09-15T13:31:05.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:06 honeypot-fra-1 sshd[18854]: Received disconnect from 192.174.125.154 port 56545:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:07.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:08 honeypot-fra-1 sshd[18858]: Received disconnect from 192.174.125.154 port 4481:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:08.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:10 honeypot-fra-1 sshd[18862]: Disconnected from authenticating user root 192.174.125.154 port 15905 [preauth]","@timestamp":"2022-09-15T13:31:10.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:31:54.099Z","@version":"1","message":"Sep 15 13:31:53 honeypot-sgp-1 kernel: [84124820.378691] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.110.62.205 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=55891 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:36:53 honeypot-fra-1 sshd[18868]: Received disconnect from 65.73.231.122 port 48076:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:36:54.652Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:39:03 honeypot-fra-1 sshd[18872]: Received disconnect from 92.255.85.69 port 37708:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:39:03.704Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:39:40.293Z","@version":"1","message":"Sep 15 13:39:40 honeypot-sgp-1 sshd[22214]: Connection closed by authenticating user root 179.60.147.69 port 63790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:25 honeypot-fra-1 sshd[18877]: Received disconnect from 45.61.184.204 port 42596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:40:25.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:43 honeypot-fra-1 sshd[18881]: Received disconnect from 45.61.184.204 port 37418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:40:43.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:02 honeypot-fra-1 sshd[18887]: Invalid user user from 45.61.184.204 port 60372","@timestamp":"2022-09-15T13:41:02.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:19 honeypot-fra-1 sshd[18891]: Invalid user user from 45.61.184.204 port 55142","@timestamp":"2022-09-15T13:41:19.762Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:42:42.370Z","@version":"1","message":"Sep 15 13:42:42 honeypot-sgp-1 sshd[22216]: Disconnected from invalid user user1 92.255.85.69 port 45324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:43:02 honeypot-ams-1 sshd[28359]: Connection closed by authenticating user root 179.60.147.69 port 17754 [preauth]","@timestamp":"2022-09-15T13:43:03.454Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:50:49 honeypot-fra-1 sshd[18894]: Disconnected from invalid user lawyer 165.22.45.108 port 52582 [preauth]","@timestamp":"2022-09-15T13:50:50.983Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:54:21 honeypot-ams-1 kernel: [84126643.191011] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.46.222.131 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=36542 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:54:21.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:55:29 honeypot-fra-1 sshd[18899]: Received disconnect from 165.22.100.115 port 54582:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:55:30.091Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:59:22 honeypot-fra-1 sshd[18903]: Disconnected from authenticating user root 188.166.39.184 port 36162 [preauth]","@timestamp":"2022-09-15T13:59:22.178Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:35 honeypot-ams-1 sshd[28377]: Disconnected from invalid user user 198.98.61.9 port 46044 [preauth]","@timestamp":"2022-09-15T14:00:35.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:53 honeypot-ams-1 sshd[28381]: Disconnected from invalid user user 198.98.61.9 port 40798 [preauth]","@timestamp":"2022-09-15T14:00:53.922Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:09 honeypot-ams-1 sshd[28385]: Disconnected from invalid user user 198.98.61.9 port 35656 [preauth]","@timestamp":"2022-09-15T14:01:09.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:24 honeypot-ams-1 sshd[28389]: Disconnected from invalid user user 198.98.61.9 port 58532 [preauth]","@timestamp":"2022-09-15T14:01:24.944Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:06:51 honeypot-ams-1 sshd[28396]: Disconnected from authenticating user root 61.177.173.35 port 11813 [preauth]","@timestamp":"2022-09-15T14:06:52.091Z"}
{"@timestamp":"2022-09-15T14:09:12.029Z","@version":"1","message":"Sep 15 14:09:11 honeypot-sgp-1 kernel: [84127058.795848] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=26456 PROTO=TCP SPT=44726 DPT=443 WINDOW=49878 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:35 honeypot-ams-1 sshd[28401]: Received disconnect from 198.98.61.9 port 56854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:10:36.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:53 honeypot-ams-1 sshd[28406]: Received disconnect from 198.98.61.9 port 51970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:10:54.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:10 honeypot-ams-1 sshd[28410]: Received disconnect from 198.98.61.9 port 47082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:11:11.208Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:12:59 honeypot-ams-1 kernel: [84127761.710940] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=131.159.24.205 DST=178.62.254.91 LEN=64 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=51262 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:13:00.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:45 honeypot-ams-1 sshd[28422]: Invalid user admin from 216.52.136.77 port 32030","@timestamp":"2022-09-15T14:14:45.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:49 honeypot-ams-1 sshd[28428]: Invalid user admin from 216.52.136.77 port 26772","@timestamp":"2022-09-15T14:14:49.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:17:01 honeypot-fra-1 CRON[18909]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T14:17:01.594Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:19:23 honeypot-ams-1 sshd[28435]: Invalid user blank from 179.60.147.69 port 35150","@timestamp":"2022-09-15T14:19:24.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:20:33 honeypot-fra-1 sshd[18914]: Disconnected from invalid user admin 92.255.85.69 port 58456 [preauth]","@timestamp":"2022-09-15T14:20:33.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:24:46 honeypot-ams-1 sshd[28442]: Disconnected from authenticating user root 61.177.172.90 port 17161 [preauth]","@timestamp":"2022-09-15T14:24:47.572Z"}
{"@timestamp":"2022-09-15T14:25:04.425Z","@version":"1","message":"Sep 15 14:25:03 honeypot-sgp-1 kernel: [84128010.665655] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.151.125.160 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=14579 PROTO=TCP SPT=42470 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:27:41 honeypot-fra-1 kernel: [84126478.744572] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.158.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5384 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:27:42.846Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T14:31:10.575Z","@version":"1","message":"Sep 15 14:31:10 honeypot-sgp-1 sshd[22231]: Disconnected from invalid user user 45.61.186.249 port 46062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:30.584Z","@version":"1","message":"Sep 15 14:31:29 honeypot-sgp-1 sshd[22235]: Disconnected from invalid user user 45.61.186.249 port 40570 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:50.595Z","@version":"1","message":"Sep 15 14:31:49 honeypot-sgp-1 sshd[22239]: Disconnected from invalid user user 45.61.186.249 port 35074 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:32:04.603Z","@version":"1","message":"Sep 15 14:32:04 honeypot-sgp-1 sshd[22243]: Received disconnect from 92.255.85.69 port 58054:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:32:53.624Z","@version":"1","message":"Sep 15 14:32:53 honeypot-sgp-1 sshd[22247]: Disconnected from authenticating user root 43.154.17.218 port 47410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:38:55 honeypot-ams-1 sshd[28454]: Invalid user tomcat from 193.106.191.157 port 58154","@timestamp":"2022-09-15T14:38:55.948Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:42:36 honeypot-fra-1 sshd[18923]: Invalid user lbitind from 165.22.45.108 port 57608","@timestamp":"2022-09-15T14:42:37.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:44:01 honeypot-fra-1 kernel: [84127458.613524] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.158.95 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16744 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:44:02.212Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:44:03 honeypot-ams-1 sshd[28463]: Received disconnect from 61.177.172.104 port 53530:11:  [preauth]","@timestamp":"2022-09-15T14:44:04.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:44:56 honeypot-ams-1 sshd[28467]: Disconnected from invalid user testid 138.68.230.183 port 41814 [preauth]","@timestamp":"2022-09-15T14:44:57.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:48:48 honeypot-ams-1 sshd[28475]: Disconnected from authenticating user root 61.177.173.51 port 37490 [preauth]","@timestamp":"2022-09-15T14:48:49.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:49:52 honeypot-fra-1 sshd[18932]: Received disconnect from 62.204.41.222 port 3627:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-15T14:49:53.344Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:51:53 honeypot-fra-1 sshd[18939]: Invalid user admin from 91.240.118.222 port 39167","@timestamp":"2022-09-15T14:51:54.393Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:52:24.103Z","@version":"1","message":"Sep 15 14:52:23 honeypot-sgp-1 sshd[22254]: Connection closed by invalid user test 179.60.147.69 port 2040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:52:34 honeypot-ams-1 sshd[28480]: Disconnected from 206.81.0.243 port 57598 [preauth]","@timestamp":"2022-09-15T14:52:35.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:53:28 honeypot-fra-1 sshd[18943]: Disconnected from 157.245.9.6 port 52660 [preauth]","@timestamp":"2022-09-15T14:53:28.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:54:41.163Z","@version":"1","message":"Sep 15 14:54:41 honeypot-sgp-1 kernel: [84129788.247815] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=14590 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:58:21 honeypot-fra-1 sshd[18946]: Connection closed by invalid user documenti-per-aprire-un-impresa-sicurezza-sul-lavoro 141.98.10.158 port 52208 [preauth]","@timestamp":"2022-09-15T14:58:22.550Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:58:28 honeypot-ams-1 sshd[28489]: Invalid user tomcat from 193.106.191.157 port 43426","@timestamp":"2022-09-15T14:58:28.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18954]: Invalid user steam from 137.184.77.246 port 54588","@timestamp":"2022-09-15T15:01:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18966]: Invalid user cloud from 137.184.77.246 port 54526","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18959]: Invalid user ts3 from 137.184.77.246 port 54556","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18992]: Invalid user es from 137.184.77.246 port 54516","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18956]: Connection closed by invalid user elasticsearch 137.184.77.246 port 54514 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18951]: Connection closed by authenticating user root 137.184.77.246 port 54544 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18966]: Connection closed by invalid user cloud 137.184.77.246 port 54526 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18968]: Connection closed by invalid user admin 137.184.77.246 port 54534 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18974]: Connection closed by invalid user admin 137.184.77.246 port 54582 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:03:45 honeypot-ams-1 sshd[28496]: Disconnected from invalid user carlos 92.255.85.70 port 35726 [preauth]","@timestamp":"2022-09-15T15:03:45.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:07:32 honeypot-ams-1 sshd[28502]: Disconnected from authenticating user root 61.177.173.49 port 41648 [preauth]","@timestamp":"2022-09-15T15:07:32.711Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:08:29 honeypot-fra-1 sshd[19013]: Invalid user tomcat from 193.106.191.157 port 33570","@timestamp":"2022-09-15T15:08:29.781Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:15:33.665Z","@version":"1","message":"Sep 15 15:15:33 honeypot-sgp-1 sshd[22268]: Invalid user node02 from 103.188.176.251 port 54434","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:16:12 honeypot-fra-1 kernel: [84129388.927567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.202.145.175 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=51228 DF PROTO=TCP SPT=19100 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:16:12.953Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:17:01 honeypot-ams-1 CRON[28506]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T15:17:01.954Z"}
{"@timestamp":"2022-09-15T15:18:43.743Z","@version":"1","message":"Sep 15 15:18:43 honeypot-sgp-1 sshd[22274]: Received disconnect from 92.255.85.70 port 39252:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:21:41 honeypot-fra-1 kernel: [84129718.623225] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=201.150.185.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=12228 DF PROTO=TCP SPT=49122 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:21:42.079Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:23:15 honeypot-ams-1 kernel: [84131977.740969] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=46119 PROTO=TCP SPT=55076 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:23:16.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:28:23 honeypot-ams-1 sshd[28523]: Disconnected from invalid user admin 92.255.85.69 port 48916 [preauth]","@timestamp":"2022-09-15T15:28:24.249Z"}
{"@timestamp":"2022-09-15T15:30:13.021Z","@version":"1","message":"Sep 15 15:30:12 honeypot-sgp-1 sshd[22280]: Disconnected from authenticating user root 179.43.156.143 port 50482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:31:19.053Z","@version":"1","message":"Sep 15 15:31:18 honeypot-sgp-1 sshd[22287]: Disconnected from authenticating user root 179.43.156.143 port 43666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:32:55.095Z","@version":"1","message":"Sep 15 15:32:54 honeypot-sgp-1 sshd[22294]: Disconnected from authenticating user root 179.43.156.143 port 33442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:34:00.123Z","@version":"1","message":"Sep 15 15:33:59 honeypot-sgp-1 sshd[22299]: Disconnected from invalid user ossuser 179.43.156.143 port 54970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:10 honeypot-fra-1 sshd[19028]: Invalid user user from 45.61.186.169 port 40172","@timestamp":"2022-09-15T15:34:11.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:27 honeypot-fra-1 sshd[19032]: Invalid user user from 45.61.186.169 port 34394","@timestamp":"2022-09-15T15:34:28.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:35 honeypot-fra-1 sshd[19036]: Invalid user user from 45.61.186.169 port 45634","@timestamp":"2022-09-15T15:34:36.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:34:49 honeypot-ams-1 sshd[28530]: Connection closed by authenticating user nobody 179.60.147.69 port 61448 [preauth]","@timestamp":"2022-09-15T15:34:50.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:50 honeypot-fra-1 sshd[19040]: Invalid user user from 45.61.186.169 port 39872","@timestamp":"2022-09-15T15:34:51.380Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:35:36.167Z","@version":"1","message":"Sep 15 15:35:35 honeypot-sgp-1 sshd[22305]: Received disconnect from 179.43.156.143 port 44866:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:36:34 honeypot-ams-1 kernel: [84132776.617610] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=131 ID=45093 PROTO=TCP SPT=46117 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:36:35.465Z"}
{"@timestamp":"2022-09-15T15:37:19.212Z","@version":"1","message":"Sep 15 15:37:18 honeypot-sgp-1 sshd[22311]: Received disconnect from 179.43.156.143 port 34620:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:39:46 honeypot-fra-1 sshd[19045]: Invalid user postgres from 197.248.2.229 port 51285","@timestamp":"2022-09-15T15:39:46.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:41:35 honeypot-ams-1 sshd[28539]: Disconnected from authenticating user root 61.177.172.90 port 11793 [preauth]","@timestamp":"2022-09-15T15:41:35.590Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:43:49 honeypot-fra-1 sshd[19050]: ssh_dispatch_run_fatal: Connection from 207.229.167.36 port 33234: Connection corrupted [preauth]","@timestamp":"2022-09-15T15:43:50.584Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:45:43.420Z","@version":"1","message":"Sep 15 15:45:42 honeypot-sgp-1 kernel: [84132849.793287] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=30566 DF PROTO=TCP SPT=50428 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:45:45 honeypot-fra-1 sshd[19056]: Disconnected from invalid user suva 178.128.22.123 port 42064 [preauth]","@timestamp":"2022-09-15T15:45:46.631Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:50:55 honeypot-ams-1 sshd[28548]: Invalid user Administrator from 106.53.153.69 port 34556","@timestamp":"2022-09-15T15:50:55.828Z"}
{"@timestamp":"2022-09-15T15:52:21.584Z","@version":"1","message":"Sep 15 15:52:21 honeypot-sgp-1 sshd[22320]: Disconnected from invalid user wcsadmin 117.131.215.49 port 55374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:54:45 honeypot-ams-1 sshd[28560]: Invalid user pi from 96.48.254.68 port 60030","@timestamp":"2022-09-15T15:54:45.932Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:59:01 honeypot-fra-1 sshd[19080]: Received disconnect from 92.255.85.69 port 32364:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:59:01.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:01:48 honeypot-ams-1 sshd[28568]: Disconnected from invalid user test 128.199.87.28 port 45686 [preauth]","@timestamp":"2022-09-15T16:01:49.109Z"}
{"@timestamp":"2022-09-15T16:02:54.841Z","@version":"1","message":"Sep 15 16:02:53 honeypot-sgp-1 sshd[22325]: Disconnected from invalid user 02 92.255.85.69 port 62674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:05:15 honeypot-fra-1 sshd[19083]: Disconnected from invalid user 3comcso 152.89.198.129 port 25225 [preauth]","@timestamp":"2022-09-15T16:05:16.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:07:47.964Z","@version":"1","message":"Sep 15 16:07:47 honeypot-sgp-1 sshd[22330]: Invalid user chiba from 128.199.19.74 port 55270","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:12:15 honeypot-fra-1 sshd[19086]: Invalid user user from 179.60.147.69 port 27540","@timestamp":"2022-09-15T16:12:16.236Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:14:42 honeypot-ams-1 sshd[28573]: Connection closed by invalid user user 179.60.147.69 port 55226 [preauth]","@timestamp":"2022-09-15T16:14:43.477Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:17:01 honeypot-ams-1 CRON[28578]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T16:17:02.540Z"}
{"@timestamp":"2022-09-15T16:17:02.215Z","@version":"1","message":"Sep 15 16:17:01 honeypot-sgp-1 CRON[22338]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:18:41 honeypot-fra-1 sshd[19096]: Received disconnect from 159.223.164.107 port 42280:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:18:41.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:19:43 honeypot-fra-1 kernel: [84133200.548658] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.172.166.5 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=3394 DF PROTO=TCP SPT=50722 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:19:44.431Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:22:51.356Z","@version":"1","message":"Sep 15 16:22:50 honeypot-sgp-1 sshd[22346]: Invalid user ubnt from 134.17.17.35 port 15979","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:22:52 honeypot-fra-1 sshd[19101]: Disconnected from authenticating user root 69.250.26.126 port 34708 [preauth]","@timestamp":"2022-09-15T16:22:53.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:24:25 honeypot-fra-1 sshd[19107]: Invalid user araujo from 114.4.110.242 port 41654","@timestamp":"2022-09-15T16:24:26.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:27:33.470Z","@version":"1","message":"Sep 15 16:27:32 honeypot-sgp-1 sshd[22350]: Invalid user ubnt from 92.255.85.69 port 29744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:28:03 honeypot-fra-1 sshd[19112]: Invalid user lc from 165.22.45.108 port 39482","@timestamp":"2022-09-15T16:28:03.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:28:46 honeypot-ams-1 kernel: [84135908.442658] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.117.17.214 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55845 DF PROTO=TCP SPT=50125 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:28:46.850Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:34:03 honeypot-fra-1 sshd[19121]: Received disconnect from 13.67.221.136 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:34:03.777Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:35:47.669Z","@version":"1","message":"Sep 15 16:35:47 honeypot-sgp-1 kernel: [84135854.351948] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=176.58.124.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47054 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:37:35 honeypot-ams-1 sshd[28587]: Received disconnect from 182.75.139.26 port 53312:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:37:36.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:41:53 honeypot-fra-1 sshd[19129]: Received disconnect from 61.177.173.36 port 47575:11:  [preauth]","@timestamp":"2022-09-15T16:41:53.954Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:42:24 honeypot-ams-1 sshd[28592]: Disconnected from authenticating user root 62.204.41.222 port 30433 [preauth]","@timestamp":"2022-09-15T16:42:25.222Z"}
{"@timestamp":"2022-09-15T16:46:30.929Z","@version":"1","message":"Sep 15 16:46:30 honeypot-sgp-1 kernel: [84136497.679142] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.248.6.65 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=60 ID=56661 PROTO=TCP SPT=50191 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:39 honeypot-fra-1 sshd[19135]: Disconnected from invalid user user 45.61.186.169 port 43888 [preauth]","@timestamp":"2022-09-15T16:46:40.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:49 honeypot-fra-1 sshd[19141]: Invalid user user from 45.61.186.169 port 55294","@timestamp":"2022-09-15T16:46:50.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:08 honeypot-fra-1 sshd[19145]: Invalid user user from 45.61.186.169 port 49908","@timestamp":"2022-09-15T16:47:09.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:17 honeypot-fra-1 sshd[19148]: Disconnected from invalid user user 45.61.186.169 port 33094 [preauth]","@timestamp":"2022-09-15T16:47:18.083Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:34 honeypot-fra-1 sshd[19152]: Disconnected from invalid user user 45.61.186.169 port 55932 [preauth]","@timestamp":"2022-09-15T16:47:35.092Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:51:32 honeypot-ams-1 sshd[28598]: Invalid user user from 179.60.147.69 port 39886","@timestamp":"2022-09-15T16:51:33.455Z"}
{"@timestamp":"2022-09-15T16:51:41.058Z","@version":"1","message":"Sep 15 16:51:40 honeypot-sgp-1 sshd[22372]: Disconnected from invalid user git 92.255.85.69 port 57406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:51:57 honeypot-fra-1 sshd[19162]: Disconnected from authenticating user root 61.177.173.37 port 28325 [preauth]","@timestamp":"2022-09-15T16:51:58.193Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:29 honeypot-ams-1 sshd[28601]: Disconnected from invalid user user 45.61.186.169 port 43786 [preauth]","@timestamp":"2022-09-15T16:54:29.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:48 honeypot-ams-1 sshd[28605]: Disconnected from invalid user user 45.61.186.169 port 38744 [preauth]","@timestamp":"2022-09-15T16:54:48.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:04 honeypot-ams-1 sshd[28609]: Disconnected from invalid user admin 106.51.37.85 port 52892 [preauth]","@timestamp":"2022-09-15T16:55:05.550Z"}
{"@timestamp":"2022-09-15T16:55:10.146Z","@version":"1","message":"Sep 15 16:55:10 honeypot-sgp-1 kernel: [84137017.060792] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=6835 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:14 honeypot-ams-1 sshd[28613]: Disconnected from invalid user user 45.61.186.169 port 45302 [preauth]","@timestamp":"2022-09-15T16:55:15.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:59:25 honeypot-fra-1 sshd[19170]: Received disconnect from 179.43.156.143 port 44460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:59:26.362Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:37 honeypot-ams-1 sshd[28618]: Invalid user correoweb from 200.60.92.170 port 34940","@timestamp":"2022-09-15T16:59:37.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:58 honeypot-ams-1 sshd[28622]: Invalid user git from 92.255.85.69 port 49288","@timestamp":"2022-09-15T16:59:59.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:00:32 honeypot-fra-1 sshd[19174]: Disconnected from authenticating user root 179.43.156.143 port 37188 [preauth]","@timestamp":"2022-09-15T17:00:33.391Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:02:10 honeypot-fra-1 sshd[19180]: Disconnected from authenticating user root 179.43.156.143 port 54526 [preauth]","@timestamp":"2022-09-15T17:02:11.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:02:43 honeypot-fra-1 sshd[19184]: Disconnected from invalid user nutanix 179.43.156.143 port 50894 [preauth]","@timestamp":"2022-09-15T17:02:44.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:03:51 honeypot-fra-1 sshd[19189]: Received disconnect from 179.43.156.143 port 43678:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:03:51.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:04:02 honeypot-ams-1 sshd[28627]: Received disconnect from 103.101.125.37 port 52032:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:04:02.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:05:03 honeypot-fra-1 kernel: [84135920.375592] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=47.90.203.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35217 PROTO=TCP SPT=41456 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:05:04.507Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T17:05:42.401Z","@version":"1","message":"Sep 15 17:05:42 honeypot-sgp-1 sshd[22385]: Disconnected from authenticating user root 61.177.173.52 port 12441 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:06:01 honeypot-fra-1 sshd[19199]: Connection closed by invalid user tomcat 193.106.191.157 port 44324 [preauth]","@timestamp":"2022-09-15T17:06:01.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:06:54 honeypot-fra-1 sshd[19205]: Received disconnect from 180.180.123.207 port 51872:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:06:54.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:07:49 honeypot-fra-1 sshd[19209]: Disconnected from invalid user gfj 117.2.161.45 port 49242 [preauth]","@timestamp":"2022-09-15T17:07:49.598Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:09:36 honeypot-ams-1 kernel: [84138358.120140] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.236.52.125 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32163 DF PROTO=TCP SPT=34619 DPT=80 WINDOW=5440 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:09:36.931Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:09:47 honeypot-fra-1 kernel: [84136203.673556] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=32350 PROTO=TCP SPT=43121 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:09:47.645Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T17:10:37.520Z","@version":"1","message":"Sep 15 17:10:36 honeypot-sgp-1 sshd[22393]: Disconnected from invalid user temp 40.114.69.14 port 43952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:13:12 honeypot-fra-1 sshd[19220]: Received disconnect from 61.177.172.104 port 33063:11:  [preauth]","@timestamp":"2022-09-15T17:13:12.723Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:16:12.657Z","@version":"1","message":"Sep 15 17:16:12 honeypot-sgp-1 sshd[22398]: Received disconnect from 92.255.85.69 port 53856:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:17:01 honeypot-fra-1 CRON[19225]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T17:17:01.807Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:17:12 honeypot-ams-1 sshd[28639]: Received disconnect from 208.109.32.171 port 47282:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:17:13.127Z"}
{"@timestamp":"2022-09-15T17:20:17.759Z","@version":"1","message":"Sep 15 17:20:17 honeypot-sgp-1 sshd[22405]: Invalid user user from 45.61.186.169 port 41396","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:34.769Z","@version":"1","message":"Sep 15 17:20:34 honeypot-sgp-1 sshd[22407]: Received disconnect from 61.177.172.19 port 57042:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:45.774Z","@version":"1","message":"Sep 15 17:20:45 honeypot-sgp-1 sshd[22413]: Received disconnect from 45.61.186.169 port 47558:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:21:01.782Z","@version":"1","message":"Sep 15 17:21:01 honeypot-sgp-1 sshd[22417]: Received disconnect from 45.61.186.169 port 42256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:22:27 honeypot-ams-1 sshd[28646]: Received disconnect from 117.202.8.55 port 38516:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:22:28.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:23:20 honeypot-fra-1 sshd[19236]: Invalid user node02 from 103.188.176.251 port 52530","@timestamp":"2022-09-15T17:23:20.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:23:21 honeypot-ams-1 sshd[28651]: Disconnected from invalid user kevin 92.255.85.69 port 61148 [preauth]","@timestamp":"2022-09-15T17:23:21.291Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:24:44 honeypot-ams-1 kernel: [84139266.783919] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:24:45.328Z"}
{"@timestamp":"2022-09-15T17:24:48.876Z","@version":"1","message":"Sep 15 17:24:48 honeypot-sgp-1 sshd[22423]: Connection closed by invalid user guest 179.60.147.69 port 16510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:25:54 honeypot-fra-1 sshd[19243]: Invalid user guest from 179.60.147.69 port 18272","@timestamp":"2022-09-15T17:25:55.010Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:27:38.946Z","@version":"1","message":"Sep 15 17:27:38 honeypot-sgp-1 sshd[22429]: Received disconnect from 181.84.108.242 port 57278:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:28:04 honeypot-ams-1 sshd[28660]: Invalid user guest from 179.60.147.69 port 50684","@timestamp":"2022-09-15T17:28:05.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:29:00 honeypot-fra-1 sshd[19247]: Disconnected from authenticating user root 61.177.173.36 port 28922 [preauth]","@timestamp":"2022-09-15T17:29:01.082Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:30:06 honeypot-ams-1 sshd[28664]: Disconnected from authenticating user root 52.237.203.60 port 41228 [preauth]","@timestamp":"2022-09-15T17:30:06.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:33:27 honeypot-fra-1 sshd[19252]: Disconnected from 161.35.131.133 port 57612 [preauth]","@timestamp":"2022-09-15T17:33:28.183Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:33:52 honeypot-ams-1 sshd[28668]: Disconnected from invalid user sysop 49.146.253.11 port 25595 [preauth]","@timestamp":"2022-09-15T17:33:52.569Z"}
{"@timestamp":"2022-09-15T17:34:02.102Z","@version":"1","message":"Sep 15 17:34:02 honeypot-sgp-1 sshd[22438]: Disconnected from authenticating user root 61.177.172.124 port 60630 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:35:27 honeypot-fra-1 sshd[19260]: Disconnected from 61.177.172.98 port 31098 [preauth]","@timestamp":"2022-09-15T17:35:27.251Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:40:29.258Z","@version":"1","message":"Sep 15 17:40:28 honeypot-sgp-1 sshd[22441]: Disconnected from invalid user admin 92.255.85.70 port 23010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:41:10 honeypot-fra-1 sshd[19282]: Disconnected from authenticating user root 61.177.173.35 port 51799 [preauth]","@timestamp":"2022-09-15T17:41:11.382Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:45:43 honeypot-ams-1 sshd[28674]: Received disconnect from 138.94.193.68 port 42304:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:45:44.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:47:51 honeypot-ams-1 sshd[28678]: Received disconnect from 92.255.85.70 port 38402:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:47:51.927Z"}
{"@timestamp":"2022-09-15T17:49:11.466Z","@version":"1","message":"Sep 15 17:49:10 honeypot-sgp-1 sshd[22450]: Disconnected from authenticating user root 61.177.173.51 port 21266 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:51:09 honeypot-ams-1 sshd[28684]: Disconnected from invalid user jnode1 155.0.2.218 port 28368 [preauth]","@timestamp":"2022-09-15T17:51:10.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:51:30 honeypot-fra-1 sshd[19289]: Invalid user tomcat from 193.106.191.157 port 46636","@timestamp":"2022-09-15T17:51:31.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:52:44 honeypot-fra-1 sshd[19294]: Disconnected from authenticating user root 61.177.173.35 port 43623 [preauth]","@timestamp":"2022-09-15T17:52:44.648Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:29 honeypot-ams-1 sshd[28690]: Invalid user user from 198.98.61.9 port 57584","@timestamp":"2022-09-15T17:58:30.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:46 honeypot-ams-1 sshd[28694]: Invalid user user from 198.98.61.9 port 52382","@timestamp":"2022-09-15T17:58:47.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:59:04 honeypot-ams-1 sshd[28698]: Invalid user user from 198.98.61.9 port 47186","@timestamp":"2022-09-15T17:59:04.219Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:59:34 honeypot-fra-1 kernel: [84139191.213246] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=22509 PROTO=TCP SPT=43744 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:59:35.805Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T17:59:36.714Z","@version":"1","message":"Sep 15 17:59:36 honeypot-sgp-1 kernel: [84140883.140194] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=61279 PROTO=TCP SPT=43691 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:59:54.723Z","@version":"1","message":"Sep 15 17:59:54 honeypot-sgp-1 sshd[22463]: Disconnected from invalid user user 45.61.186.49 port 36070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:00:04.729Z","@version":"1","message":"Sep 15 18:00:03 honeypot-sgp-1 sshd[22467]: Disconnected from invalid user user 45.61.186.49 port 47560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:00:59 honeypot-ams-1 kernel: [84141441.800317] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.3.136.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=6832 PROTO=TCP SPT=43370 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:01:00.270Z"}
{"@timestamp":"2022-09-15T18:01:08.758Z","@version":"1","message":"Sep 15 18:01:07 honeypot-sgp-1 kernel: [84140974.829644] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=46213 PROTO=TCP SPT=43744 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:02:55 honeypot-fra-1 sshd[19306]: Received disconnect from 61.177.172.108 port 58557:11:  [preauth]","@timestamp":"2022-09-15T18:02:55.882Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:03:50.826Z","@version":"1","message":"Sep 15 18:03:50 honeypot-sgp-1 sshd[22475]: Invalid user operator from 92.255.85.70 port 46178","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:05:41.872Z","@version":"1","message":"Sep 15 18:05:41 honeypot-sgp-1 sshd[22480]: Received disconnect from 198.46.152.24 port 39138:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:09:40 honeypot-fra-1 kernel: [84139796.505719] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=168.63.40.51 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=7985 DF PROTO=TCP SPT=55822 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T18:09:41.039Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:12:06 honeypot-ams-1 sshd[28707]: Invalid user operator from 92.255.85.69 port 30300","@timestamp":"2022-09-15T18:12:07.555Z"}
{"@timestamp":"2022-09-15T18:15:23.103Z","@version":"1","message":"Sep 15 18:15:22 honeypot-sgp-1 sshd[22487]: Disconnected from authenticating user root 61.177.172.98 port 64558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:15:47 honeypot-fra-1 sshd[19319]: Disconnected from authenticating user root 61.177.173.36 port 30102 [preauth]","@timestamp":"2022-09-15T18:15:48.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:17:27 honeypot-fra-1 kernel: [84140263.359020] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18529 PROTO=TCP SPT=45784 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:17:27.221Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T18:17:33.158Z","@version":"1","message":"Sep 15 18:17:32 honeypot-sgp-1 kernel: [84141959.715915] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=36735 PROTO=TCP SPT=45518 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:19:00 honeypot-fra-1 sshd[19328]: Disconnected from invalid user operator 92.255.85.69 port 31914 [preauth]","@timestamp":"2022-09-15T18:19:01.260Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:23:47 honeypot-ams-1 kernel: [84142809.978499] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.142.7.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=14984 PROTO=TCP SPT=59743 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:23:48.851Z"}
{"@timestamp":"2022-09-15T18:25:35.352Z","@version":"1","message":"Sep 15 18:25:34 honeypot-sgp-1 sshd[22498]: Invalid user admin from 92.255.85.70 port 57466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:25:55 honeypot-fra-1 kernel: [84140772.001254] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.11.135 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64386 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:25:56.418Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:29:44 honeypot-fra-1 sshd[19343]: Disconnected from 61.177.172.124 port 14347 [preauth]","@timestamp":"2022-09-15T18:29:44.506Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:30:08.463Z","@version":"1","message":"Sep 15 18:30:07 honeypot-sgp-1 sshd[22505]: Received disconnect from 51.75.224.152 port 45654:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:31:28.516Z","@version":"1","message":"Sep 15 18:31:28 honeypot-sgp-1 sshd[22510]: Received disconnect from 198.98.61.9 port 49942:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:31:49.526Z","@version":"1","message":"Sep 15 18:31:49 honeypot-sgp-1 sshd[22514]: Received disconnect from 198.98.61.9 port 44806:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:32:15 honeypot-ams-1 sshd[28715]: Received disconnect from 122.165.93.92 port 59612:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:32:15.069Z"}
{"@timestamp":"2022-09-15T18:32:15.539Z","@version":"1","message":"Sep 15 18:32:15 honeypot-sgp-1 sshd[22518]: Received disconnect from 198.98.61.9 port 39684:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:31.547Z","@version":"1","message":"Sep 15 18:32:31 honeypot-sgp-1 sshd[22522]: Received disconnect from 198.98.61.9 port 34568:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:36:25 honeypot-ams-1 sshd[28722]: Invalid user admin from 92.255.85.69 port 34306","@timestamp":"2022-09-15T18:36:26.181Z"}
{"@timestamp":"2022-09-15T18:37:06.658Z","@version":"1","message":"Sep 15 18:37:06 honeypot-sgp-1 sshd[22527]: Connection closed by invalid user default 179.60.147.69 port 62918 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:41:35 honeypot-fra-1 sshd[19354]: Did not receive identification string from 179.43.145.74 port 49744","@timestamp":"2022-09-15T18:41:35.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:30 honeypot-fra-1 sshd[19358]: Received disconnect from 43.154.138.122 port 54624:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:42:30.798Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:42:36 honeypot-ams-1 sshd[28728]: Invalid user yo from 192.3.134.93 port 36248","@timestamp":"2022-09-15T18:42:37.341Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:41 honeypot-fra-1 sshd[19362]: Received disconnect from 198.98.61.9 port 36094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T18:42:42.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:50 honeypot-fra-1 sshd[19366]: Received disconnect from 198.98.61.9 port 47654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T18:42:50.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:05 honeypot-fra-1 sshd[19370]: Disconnected from authenticating user root 61.177.172.124 port 59374 [preauth]","@timestamp":"2022-09-15T18:43:05.815Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:18 honeypot-fra-1 sshd[19376]: Disconnected from invalid user user 198.98.61.9 port 53934 [preauth]","@timestamp":"2022-09-15T18:43:18.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:46:36 honeypot-fra-1 sshd[19381]: Received disconnect from 188.134.83.209 port 55286:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:46:37.916Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:47:48 honeypot-ams-1 sshd[28733]: Invalid user pi from 121.178.241.243 port 46700","@timestamp":"2022-09-15T18:47:49.474Z"}
{"@timestamp":"2022-09-15T18:47:53.918Z","@version":"1","message":"Sep 15 18:47:53 honeypot-sgp-1 sshd[22534]: Disconnected from authenticating user root 92.255.85.70 port 18132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:48:38 honeypot-fra-1 kernel: [84142134.289349] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=10238 PROTO=TCP SPT=49686 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:48:38.964Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T18:55:41.104Z","@version":"1","message":"Sep 15 18:55:40 honeypot-sgp-1 sshd[22539]: Received disconnect from 61.177.172.19 port 61579:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:57:30 honeypot-fra-1 sshd[19395]: Disconnected from invalid user terror 190.181.25.210 port 52081 [preauth]","@timestamp":"2022-09-15T18:57:31.165Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:59:26.195Z","@version":"1","message":"Sep 15 18:59:25 honeypot-sgp-1 sshd[22543]: Disconnected from authenticating user root 61.177.173.39 port 41629 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:00:09 honeypot-fra-1 sshd[19400]: Disconnected from authenticating user root 61.177.173.37 port 61817 [preauth]","@timestamp":"2022-09-15T19:00:09.226Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:00:40 honeypot-ams-1 sshd[28737]: Received disconnect from 92.255.85.69 port 24770:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:00:40.804Z"}
{"@timestamp":"2022-09-15T19:00:54.265Z","@version":"1","message":"Sep 15 19:00:53 honeypot-sgp-1 sshd[22548]: Disconnected from invalid user irfan 45.90.218.197 port 48396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:02:49 honeypot-fra-1 sshd[19408]: Disconnected from authenticating user root 61.177.173.36 port 11724 [preauth]","@timestamp":"2022-09-15T19:02:50.288Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:04:31 honeypot-ams-1 sshd[28756]: Disconnected from invalid user postmaster 119.159.226.30 port 37834 [preauth]","@timestamp":"2022-09-15T19:04:31.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:07:05 honeypot-fra-1 sshd[19425]: Disconnected from invalid user lc 165.22.45.108 port 54668 [preauth]","@timestamp":"2022-09-15T19:07:05.385Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:10:12.485Z","@version":"1","message":"Sep 15 19:10:12 honeypot-sgp-1 sshd[22559]: Received disconnect from 193.142.146.50 port 47706:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:10:21 honeypot-fra-1 sshd[19432]: Received disconnect from 61.177.172.124 port 15241:11:  [preauth]","@timestamp":"2022-09-15T19:10:21.460Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:12:03.532Z","@version":"1","message":"Sep 15 19:12:02 honeypot-sgp-1 sshd[22566]: Received disconnect from 193.142.146.50 port 34432:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:13:43.575Z","@version":"1","message":"Sep 15 19:13:42 honeypot-sgp-1 sshd[22570]: Received disconnect from 61.177.173.48 port 44927:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:14:12.588Z","@version":"1","message":"Sep 15 19:14:12 honeypot-sgp-1 sshd[22576]: Received disconnect from 193.142.146.50 port 44966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:38 honeypot-fra-1 sshd[19442]: Received disconnect from 198.98.61.9 port 51186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:15:38.587Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:15:40.626Z","@version":"1","message":"Sep 15 19:15:40 honeypot-sgp-1 sshd[22581]: Disconnected from authenticating user root 193.142.146.50 port 36118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:04 honeypot-fra-1 sshd[19446]: Received disconnect from 198.98.61.9 port 46778:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:16:05.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:26 honeypot-fra-1 sshd[19450]: Received disconnect from 198.98.61.9 port 42374:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:16:27.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:44 honeypot-fra-1 sshd[19454]: Received disconnect from 198.98.61.9 port 37962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:16:44.620Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:17:01.660Z","@version":"1","message":"Sep 15 19:17:01 honeypot-sgp-1 CRON[22588]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:17:01 honeypot-ams-1 CRON[28764]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T19:17:02.247Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:20:01 honeypot-fra-1 sshd[19459]: Disconnected from authenticating user root 103.137.75.78 port 54788 [preauth]","@timestamp":"2022-09-15T19:20:01.698Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:20:56.770Z","@version":"1","message":"Sep 15 19:20:56 honeypot-sgp-1 sshd[22593]: Disconnected from authenticating user root 61.177.172.104 port 18696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:21:44 honeypot-ams-1 kernel: [84146286.631917] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.196.184.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=33827 PROTO=TCP SPT=54157 DPT=443 WINDOW=39884 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:21:45.394Z"}
{"@timestamp":"2022-09-15T19:25:26.877Z","@version":"1","message":"Sep 15 19:25:26 honeypot-sgp-1 sshd[22600]: Disconnected from authenticating user root 61.177.173.48 port 21972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:31:31 honeypot-fra-1 sshd[19471]: Disconnected from authenticating user root 92.255.85.70 port 19080 [preauth]","@timestamp":"2022-09-15T19:31:31.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:34:05.096Z","@version":"1","message":"Sep 15 19:34:04 honeypot-sgp-1 sshd[22608]: Invalid user zeus from 157.245.13.253 port 59914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:37:24.175Z","@version":"1","message":"Sep 15 19:37:23 honeypot-sgp-1 sshd[22616]: Received disconnect from 61.177.172.124 port 42648:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:37:44 honeypot-fra-1 sshd[19477]: Disconnected from authenticating user root 61.177.173.48 port 24993 [preauth]","@timestamp":"2022-09-15T19:37:45.116Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:42:32.292Z","@version":"1","message":"Sep 15 19:42:31 honeypot-sgp-1 sshd[22623]: Received disconnect from 128.199.68.220 port 42624:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:44:52 honeypot-ams-1 sshd[28776]: Invalid user manager from 92.255.85.69 port 48034","@timestamp":"2022-09-15T19:44:52.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:44:58 honeypot-fra-1 kernel: [84145514.674647] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=59654 PROTO=TCP SPT=29406 DPT=443 WINDOW=42621 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:44:59.280Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T19:49:28.452Z","@version":"1","message":"Sep 15 19:49:28 honeypot-sgp-1 sshd[22630]: Disconnected from authenticating user root 61.177.173.39 port 37127 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:51:34.506Z","@version":"1","message":"Sep 15 19:51:34 honeypot-sgp-1 sshd[22634]: Received disconnect from 61.177.172.98 port 42534:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:53:20 honeypot-fra-1 sshd[19499]: Invalid user manager from 92.255.85.69 port 32324","@timestamp":"2022-09-15T19:53:21.467Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:53:44 honeypot-ams-1 sshd[28782]: Received disconnect from 180.179.24.156 port 40404:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:53:45.210Z"}
{"@timestamp":"2022-09-15T19:54:47.580Z","@version":"1","message":"Sep 15 19:54:46 honeypot-sgp-1 sshd[22641]: Disconnected from invalid user xkc 189.112.196.1 port 29255 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:56:45 honeypot-ams-1 sshd[28784]: Disconnected from invalid user share 103.133.57.242 port 45350 [preauth]","@timestamp":"2022-09-15T19:56:45.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:57:13 honeypot-ams-1 sshd[28788]: Disconnected from invalid user wwwroot 142.93.50.201 port 35610 [preauth]","@timestamp":"2022-09-15T19:57:13.304Z"}
{"@timestamp":"2022-09-15T19:59:34.711Z","@version":"1","message":"Sep 15 19:59:34 honeypot-sgp-1 sshd[22646]: Received disconnect from 61.177.173.47 port 53183:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:59:39 honeypot-fra-1 sshd[19504]: Invalid user lc from 165.22.45.108 port 59720","@timestamp":"2022-09-15T19:59:40.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:00:24 honeypot-fra-1 sshd[19509]: Disconnected from authenticating user root 61.177.173.52 port 40204 [preauth]","@timestamp":"2022-09-15T20:00:24.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:02:03 honeypot-ams-1 sshd[28795]: Disconnected from authenticating user root 157.230.47.241 port 54822 [preauth]","@timestamp":"2022-09-15T20:02:03.431Z"}
{"@timestamp":"2022-09-15T20:02:21.779Z","@version":"1","message":"Sep 15 20:02:21 honeypot-sgp-1 sshd[22650]: Invalid user  from 185.246.130.20 port 34577","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:02:46.792Z","@version":"1","message":"Sep 15 20:02:46 honeypot-sgp-1 sshd[22657]: Invalid user  from 185.246.130.20 port 11358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:11.805Z","@version":"1","message":"Sep 15 20:03:11 honeypot-sgp-1 sshd[22663]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 35646","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:36.817Z","@version":"1","message":"Sep 15 20:03:35 honeypot-sgp-1 sshd[22668]: Disconnecting invalid user admin 185.246.130.20 port 52196: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:18.838Z","@version":"1","message":"Sep 15 20:04:18 honeypot-sgp-1 sshd[22676]: Invalid user 1234 from 185.246.130.20 port 40661","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:42.849Z","@version":"1","message":"Sep 15 20:04:42 honeypot-sgp-1 sshd[22683]: Invalid user  from 185.246.130.20 port 24478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:19.867Z","@version":"1","message":"Sep 15 20:05:19 honeypot-sgp-1 sshd[22689]: Disconnecting invalid user Admin 185.246.130.20 port 58533: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:46.880Z","@version":"1","message":"Sep 15 20:05:46 honeypot-sgp-1 sshd[22697]: Disconnecting invalid user guest 185.246.130.20 port 33363: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:17.895Z","@version":"1","message":"Sep 15 20:06:17 honeypot-sgp-1 sshd[22704]: Disconnecting invalid user  185.246.130.20 port 26939: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:40.907Z","@version":"1","message":"Sep 15 20:06:40 honeypot-sgp-1 sshd[22710]: Disconnecting invalid user admin 185.246.130.20 port 63674: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:12.923Z","@version":"1","message":"Sep 15 20:07:12 honeypot-sgp-1 sshd[22718]: Invalid user  from 185.246.130.20 port 21402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:40.937Z","@version":"1","message":"Sep 15 20:07:40 honeypot-sgp-1 sshd[22724]: Invalid user admin from 185.246.130.20 port 64125","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:58.945Z","@version":"1","message":"Sep 15 20:07:58 honeypot-sgp-1 sshd[22730]: Invalid user zhone from 185.246.130.20 port 16408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:21.956Z","@version":"1","message":"Sep 15 20:08:21 honeypot-sgp-1 sshd[22736]: Disconnecting authenticating user root 185.246.130.20 port 55250: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:08:38 honeypot-fra-1 sshd[19514]: Received disconnect from 61.177.173.50 port 62890:11:  [preauth]","@timestamp":"2022-09-15T20:08:38.820Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:08:41.971Z","@version":"1","message":"Sep 15 20:08:41 honeypot-sgp-1 sshd[22742]: Disconnecting invalid user c1@r0 185.246.130.20 port 53159: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:56.978Z","@version":"1","message":"Sep 15 20:08:56 honeypot-sgp-1 sshd[22748]: Disconnecting invalid user superonline 185.246.130.20 port 63242: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:29.994Z","@version":"1","message":"Sep 15 20:09:29 honeypot-sgp-1 sshd[22754]: Disconnecting invalid user Admin 185.246.130.20 port 16533: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:02.009Z","@version":"1","message":"Sep 15 20:10:01 honeypot-sgp-1 sshd[22761]: Disconnecting invalid user  185.246.130.20 port 29542: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:31.024Z","@version":"1","message":"Sep 15 20:10:30 honeypot-sgp-1 sshd[22767]: Disconnecting invalid user  185.246.130.20 port 19181: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:00.038Z","@version":"1","message":"Sep 15 20:10:59 honeypot-sgp-1 sshd[22775]: Disconnecting invalid user admin 185.246.130.20 port 52192: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:39.057Z","@version":"1","message":"Sep 15 20:11:38 honeypot-sgp-1 sshd[22783]: Invalid user airlive from 185.246.130.20 port 23440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:01.067Z","@version":"1","message":"Sep 15 20:12:00 honeypot-sgp-1 sshd[22789]: Invalid user roqos from 185.246.130.20 port 18901","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:29.081Z","@version":"1","message":"Sep 15 20:12:28 honeypot-sgp-1 sshd[22795]: Invalid user sitecom from 185.246.130.20 port 44203","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:52.092Z","@version":"1","message":"Sep 15 20:12:51 honeypot-sgp-1 sshd[22801]: Invalid user admin from 185.246.130.20 port 31305","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:19.105Z","@version":"1","message":"Sep 15 20:13:18 honeypot-sgp-1 sshd[22807]: Invalid user smcadmin from 185.246.130.20 port 41076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:48.119Z","@version":"1","message":"Sep 15 20:13:47 honeypot-sgp-1 sshd[22813]: Invalid user admin from 185.246.130.20 port 49596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:01.126Z","@version":"1","message":"Sep 15 20:14:00 honeypot-sgp-1 sshd[22818]: Invalid user public from 185.246.130.20 port 52049","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:26.139Z","@version":"1","message":"Sep 15 20:14:26 honeypot-sgp-1 sshd[22825]: Disconnecting authenticating user root 185.246.130.20 port 11992: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:55.154Z","@version":"1","message":"Sep 15 20:14:54 honeypot-sgp-1 sshd[22832]: Disconnecting invalid user amdin 185.246.130.20 port 3786: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:22.167Z","@version":"1","message":"Sep 15 20:15:21 honeypot-sgp-1 sshd[22838]: Disconnecting invalid user admin 185.246.130.20 port 32458: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:41.177Z","@version":"1","message":"Sep 15 20:15:40 honeypot-sgp-1 sshd[22842]: Disconnecting invalid user 0 185.246.130.20 port 52846: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:00 honeypot-fra-1 sshd[19521]: Disconnected from invalid user master 92.255.85.70 port 42154 [preauth]","@timestamp":"2022-09-15T20:16:00.989Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:16:11.192Z","@version":"1","message":"Sep 15 20:16:10 honeypot-sgp-1 sshd[22850]: Invalid user admin from 185.246.130.20 port 50872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:16:34.203Z","@version":"1","message":"Sep 15 20:16:33 honeypot-sgp-1 sshd[22856]: Invalid user ltecl4r0 from 185.246.130.20 port 4798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:49 honeypot-fra-1 kernel: [84147425.906935] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59013 PROTO=TCP SPT=15370 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:16:50.011Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:17:01 honeypot-ams-1 CRON[28801]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T20:17:02.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:23:39 honeypot-fra-1 sshd[19536]: Disconnected from authenticating user root 61.177.173.49 port 20729 [preauth]","@timestamp":"2022-09-15T20:23:39.168Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:24:35.392Z","@version":"1","message":"Sep 15 20:24:35 honeypot-sgp-1 sshd[22864]: Disconnected from invalid user oracle 92.255.85.70 port 23582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:27:21 honeypot-ams-1 sshd[28807]: Disconnected from authenticating user root 212.20.41.28 port 54103 [preauth]","@timestamp":"2022-09-15T20:27:22.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:29:50 honeypot-fra-1 sshd[19543]: Connection closed by invalid user tomcat 193.106.191.157 port 59494 [preauth]","@timestamp":"2022-09-15T20:29:51.309Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:30:52.539Z","@version":"1","message":"Sep 15 20:30:51 honeypot-sgp-1 sshd[22871]: Disconnected from authenticating user root 61.177.173.49 port 54113 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:32:59 honeypot-ams-1 sshd[28812]: Disconnected from invalid user oracle 92.255.85.70 port 19014 [preauth]","@timestamp":"2022-09-15T20:33:00.220Z"}
{"@timestamp":"2022-09-15T20:35:57.660Z","@version":"1","message":"Sep 15 20:35:57 honeypot-sgp-1 kernel: [84150264.171573] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=6534 PROTO=TCP SPT=43206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:39:19 honeypot-fra-1 sshd[19553]: Invalid user oracle from 92.255.85.70 port 28924","@timestamp":"2022-09-15T20:39:20.522Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:39:46.750Z","@version":"1","message":"Sep 15 20:39:46 honeypot-sgp-1 sshd[22882]: Received disconnect from 128.199.91.252 port 50260:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:43:27 honeypot-fra-1 kernel: [84149023.036144] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.100 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24713 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:43:27.618Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T20:46:23.907Z","@version":"1","message":"Sep 15 20:46:23 honeypot-sgp-1 kernel: [84150889.971277] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.140.230 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=3365 DF PROTO=TCP SPT=51021 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:46:50.920Z","@version":"1","message":"Sep 15 20:46:50 honeypot-sgp-1 sshd[22890]: Received disconnect from 61.177.173.39 port 47051:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:47:45 honeypot-fra-1 sshd[19564]: Received disconnect from 61.177.172.108 port 24194:11:  [preauth]","@timestamp":"2022-09-15T20:47:45.716Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:49:07.976Z","@version":"1","message":"Sep 15 20:49:07 honeypot-sgp-1 sshd[22897]: Disconnected from authenticating user root 206.217.131.233 port 53320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:50:09 honeypot-fra-1 sshd[19570]: Invalid user gs from 20.214.104.165 port 57946","@timestamp":"2022-09-15T20:50:09.772Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:51:35 honeypot-ams-1 kernel: [84151677.726721] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.103.32.192 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=57894 DF PROTO=TCP SPT=53270 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:51:36.692Z"}
{"@timestamp":"2022-09-15T20:54:03.093Z","@version":"1","message":"Sep 15 20:54:02 honeypot-sgp-1 sshd[22903]: Received disconnect from 45.61.186.249 port 50168:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:12.098Z","@version":"1","message":"Sep 15 20:54:11 honeypot-sgp-1 sshd[22921]: Disconnected from invalid user user 45.61.186.249 port 33148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:29.106Z","@version":"1","message":"Sep 15 20:54:28 honeypot-sgp-1 sshd[22925]: Disconnected from invalid user user 45.61.186.249 port 55596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:48.114Z","@version":"1","message":"Sep 15 20:54:47 honeypot-sgp-1 sshd[22929]: Disconnected from invalid user user 45.61.186.249 port 49812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:54:49 honeypot-fra-1 sshd[19577]: Received disconnect from 61.177.173.46 port 52634:11:  [preauth]","@timestamp":"2022-09-15T20:54:49.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:06 honeypot-fra-1 kernel: [84149842.126732] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=3208 PROTO=TCP SPT=61003 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:57:06.929Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:16 honeypot-fra-1 sshd[19584]: Disconnected from invalid user user 198.98.61.9 port 46530 [preauth]","@timestamp":"2022-09-15T20:57:16.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:37 honeypot-fra-1 sshd[19589]: Disconnected from invalid user user 198.98.61.9 port 40930 [preauth]","@timestamp":"2022-09-15T20:57:37.944Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:56 honeypot-fra-1 sshd[19593]: Disconnected from invalid user user 198.98.61.9 port 35334 [preauth]","@timestamp":"2022-09-15T20:57:56.953Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:59:40 honeypot-ams-1 sshd[28821]: Invalid user nh from 45.64.134.14 port 65320","@timestamp":"2022-09-15T20:59:40.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:01:06 honeypot-ams-1 sshd[28826]: Received disconnect from 51.250.5.16 port 54738:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:01:06.951Z"}
{"@timestamp":"2022-09-15T21:01:48.277Z","@version":"1","message":"Sep 15 21:01:48 honeypot-sgp-1 sshd[22936]: Invalid user amark from 92.9.123.122 port 56332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:04:19 honeypot-ams-1 kernel: [84152441.269102] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=38216 PROTO=TCP SPT=46381 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:04:20.038Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:05:29 honeypot-fra-1 kernel: [84150345.913041] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=38944 PROTO=TCP SPT=46443 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:05:30.124Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:08:20 honeypot-fra-1 sshd[19604]: Invalid user admin from 114.108.150.156 port 59324","@timestamp":"2022-09-15T21:08:21.191Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:08:45.457Z","@version":"1","message":"Sep 15 21:08:45 honeypot-sgp-1 sshd[22945]: Invalid user default from 179.60.147.69 port 52620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:09:39 honeypot-fra-1 sshd[19608]: Received disconnect from 61.177.172.108 port 45682:11:  [preauth]","@timestamp":"2022-09-15T21:09:40.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:10:17 honeypot-fra-1 sshd[19613]: Invalid user monitor from 185.231.245.49 port 60830","@timestamp":"2022-09-15T21:10:18.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:11:12 honeypot-fra-1 sshd[19618]: Disconnected from authenticating user root 68.183.56.198 port 57942 [preauth]","@timestamp":"2022-09-15T21:11:13.264Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:12:02 honeypot-ams-1 sshd[28831]: Connection closed by invalid user default 179.60.147.69 port 49016 [preauth]","@timestamp":"2022-09-15T21:12:03.242Z"}
{"@timestamp":"2022-09-15T21:12:46.554Z","@version":"1","message":"Sep 15 21:12:46 honeypot-sgp-1 sshd[22951]: error: maximum authentication attempts exceeded for invalid user admin from 118.21.144.227 port 53642 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:13:46 honeypot-ams-1 sshd[28838]: Unable to negotiate with 13.56.251.189 port 44622: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]","@timestamp":"2022-09-15T21:13:46.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:01 honeypot-ams-1 sshd[28848]: Did not receive identification string from 198.98.61.9 port 42832","@timestamp":"2022-09-15T21:15:01.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:26 honeypot-ams-1 sshd[28853]: Disconnected from invalid user user 198.98.61.9 port 40040 [preauth]","@timestamp":"2022-09-15T21:15:26.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:38 honeypot-ams-1 sshd[28855]: Received disconnect from 198.98.61.9 port 51624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T21:15:39.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:59 honeypot-ams-1 sshd[28859]: Received disconnect from 198.98.61.9 port 46562:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T21:16:00.356Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:16:01 honeypot-fra-1 sshd[19623]: Bad protocol version identification 'GET / HTTP/1.1' from 103.55.26.211 port 38854","@timestamp":"2022-09-15T21:16:02.375Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:11 honeypot-ams-1 sshd[28863]: Disconnected from authenticating user root 159.65.129.227 port 45584 [preauth]","@timestamp":"2022-09-15T21:16:12.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:35 honeypot-ams-1 sshd[28867]: Disconnected from invalid user intaller 128.199.137.41 port 54932 [preauth]","@timestamp":"2022-09-15T21:16:35.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:18:06 honeypot-fra-1 sshd[19630]: Received disconnect from 61.177.173.46 port 43753:11:  [preauth]","@timestamp":"2022-09-15T21:18:07.424Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:18:32 honeypot-ams-1 sshd[28873]: Received disconnect from 92.255.85.69 port 63140:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:18:33.431Z"}
{"@timestamp":"2022-09-15T21:19:17.727Z","@version":"1","message":"Sep 15 21:19:17 honeypot-sgp-1 sshd[22961]: Received disconnect from 61.177.173.46 port 17458:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T21:25:22.889Z","@version":"1","message":"Sep 15 21:25:22 honeypot-sgp-1 kernel: [84153229.194606] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.73 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43152 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:25:41 honeypot-fra-1 sshd[19635]: Invalid user admin from 92.255.85.70 port 43006","@timestamp":"2022-09-15T21:25:42.595Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:27:41 honeypot-ams-1 sshd[28879]: Invalid user paraccel from 148.72.244.44 port 39282","@timestamp":"2022-09-15T21:27:42.660Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:29:09 honeypot-ams-1 sshd[28882]: Disconnected from authenticating user root 186.10.125.209 port 26016 [preauth]","@timestamp":"2022-09-15T21:29:10.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:31:06 honeypot-fra-1 sshd[19640]: Disconnected from authenticating user root 61.177.172.124 port 53529 [preauth]","@timestamp":"2022-09-15T21:31:07.718Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:32:51.065Z","@version":"1","message":"Sep 15 21:32:51 honeypot-sgp-1 sshd[22974]: Received disconnect from 61.177.173.35 port 49115:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T21:40:47.252Z","@version":"1","message":"Sep 15 21:40:46 honeypot-sgp-1 sshd[22981]: Received disconnect from 61.177.173.49 port 29352:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:42:38 honeypot-fra-1 sshd[19653]: Received disconnect from 61.177.173.35 port 58163:11:  [preauth]","@timestamp":"2022-09-15T21:42:38.974Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:43:14 honeypot-ams-1 sshd[28891]: Disconnected from authenticating user root 92.255.85.69 port 61376 [preauth]","@timestamp":"2022-09-15T21:43:15.062Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:47:09 honeypot-fra-1 kernel: [84152845.148986] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=51375 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:47:10.076Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T21:47:44.412Z","@version":"1","message":"Sep 15 21:47:43 honeypot-sgp-1 kernel: [84154570.450795] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=9608 DF PROTO=TCP SPT=39474 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:51:58 honeypot-fra-1 sshd[19665]: Received disconnect from 61.177.173.47 port 46998:11:  [preauth]","@timestamp":"2022-09-15T21:51:59.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:54:24.567Z","@version":"1","message":"Sep 15 21:54:24 honeypot-sgp-1 kernel: [84154970.753074] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4327 PROTO=TCP SPT=58790 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:54:38 honeypot-ams-1 sshd[28899]: Received disconnect from 211.252.84.133 port 55224:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:54:39.352Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:59:56 honeypot-fra-1 kernel: [84153612.757270] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48443 PROTO=TCP SPT=58790 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:59:57.382Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:00:56 honeypot-ams-1 sshd[28902]: Disconnected from invalid user server 209.73.215.135 port 34736 [preauth]","@timestamp":"2022-09-15T22:00:57.521Z"}
{"@timestamp":"2022-09-15T22:01:11.721Z","@version":"1","message":"Sep 15 22:01:11 honeypot-sgp-1 sshd[23068]: Received disconnect from 61.177.173.36 port 23076:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:20 honeypot-fra-1 sshd[19682]: Disconnected from invalid user user 162.241.189.135 port 47922 [preauth]","@timestamp":"2022-09-15T22:02:21.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:27 honeypot-fra-1 sshd[19686]: Disconnected from invalid user user 162.241.189.135 port 33108 [preauth]","@timestamp":"2022-09-15T22:02:28.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:35 honeypot-fra-1 sshd[19690]: Disconnected from invalid user user 162.241.189.135 port 38496 [preauth]","@timestamp":"2022-09-15T22:02:36.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:44 honeypot-fra-1 sshd[19694]: Disconnected from invalid user user 162.241.189.135 port 51100 [preauth]","@timestamp":"2022-09-15T22:02:44.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:52 honeypot-fra-1 sshd[19698]: Disconnected from invalid user user 162.241.189.135 port 34848 [preauth]","@timestamp":"2022-09-15T22:02:52.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:00 honeypot-fra-1 sshd[19702]: Disconnected from invalid user user 162.241.189.135 port 47892 [preauth]","@timestamp":"2022-09-15T22:03:00.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:07 honeypot-fra-1 sshd[19706]: Disconnected from invalid user user 162.241.189.135 port 60136 [preauth]","@timestamp":"2022-09-15T22:03:08.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:15 honeypot-fra-1 sshd[19710]: Received disconnect from 162.241.189.135 port 44310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:16.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:26 honeypot-fra-1 sshd[19714]: Received disconnect from 162.241.189.135 port 57486:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:27.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:31 honeypot-fra-1 sshd[19718]: Received disconnect from 162.241.189.135 port 43534:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:32.475Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:39 honeypot-fra-1 sshd[19722]: Received disconnect from 162.241.189.135 port 57430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:40.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:47 honeypot-fra-1 sshd[19726]: Received disconnect from 162.241.189.135 port 42648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:47.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:54 honeypot-fra-1 sshd[19730]: Invalid user user from 162.241.189.135 port 55314","@timestamp":"2022-09-15T22:03:55.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:02 honeypot-fra-1 sshd[19734]: Invalid user user from 162.241.189.135 port 42988","@timestamp":"2022-09-15T22:04:03.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:17 honeypot-fra-1 sshd[19738]: Invalid user user from 162.241.189.135 port 47260","@timestamp":"2022-09-15T22:04:18.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:25 honeypot-fra-1 sshd[19742]: Invalid user user from 162.241.189.135 port 38578","@timestamp":"2022-09-15T22:04:25.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:32 honeypot-fra-1 sshd[19746]: Invalid user user from 162.241.189.135 port 49540","@timestamp":"2022-09-15T22:04:33.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:40 honeypot-fra-1 sshd[19750]: Invalid user user from 162.241.189.135 port 36018","@timestamp":"2022-09-15T22:04:41.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:48 honeypot-fra-1 sshd[19754]: Invalid user user from 162.241.189.135 port 49328","@timestamp":"2022-09-15T22:04:49.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:56 honeypot-fra-1 sshd[19758]: Invalid user user from 162.241.189.135 port 34562","@timestamp":"2022-09-15T22:04:57.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:04 honeypot-fra-1 sshd[19762]: Invalid user user from 162.241.189.135 port 47972","@timestamp":"2022-09-15T22:05:05.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:12 honeypot-fra-1 sshd[19766]: Invalid user user from 162.241.189.135 port 33560","@timestamp":"2022-09-15T22:05:12.528Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:20 honeypot-fra-1 sshd[19770]: Invalid user user from 162.241.189.135 port 49900","@timestamp":"2022-09-15T22:05:20.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:28 honeypot-fra-1 sshd[19774]: Invalid user user from 162.241.189.135 port 37036","@timestamp":"2022-09-15T22:05:28.536Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:35 honeypot-fra-1 sshd[19778]: Invalid user user from 162.241.189.135 port 49416","@timestamp":"2022-09-15T22:05:36.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:47 honeypot-fra-1 sshd[19782]: Invalid user user from 162.241.189.135 port 57832","@timestamp":"2022-09-15T22:05:47.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:51 honeypot-fra-1 sshd[19786]: Invalid user user from 162.241.189.135 port 49718","@timestamp":"2022-09-15T22:05:51.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:02 honeypot-fra-1 sshd[19790]: Invalid user user from 162.241.189.135 port 42016","@timestamp":"2022-09-15T22:06:02.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:06 honeypot-fra-1 sshd[19794]: Invalid user user from 162.241.189.135 port 48978","@timestamp":"2022-09-15T22:06:07.556Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:16 honeypot-fra-1 sshd[19798]: Invalid user user from 162.241.189.135 port 32794","@timestamp":"2022-09-15T22:06:16.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:23 honeypot-fra-1 sshd[19802]: Invalid user user from 162.241.189.135 port 45220","@timestamp":"2022-09-15T22:06:24.565Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:31 honeypot-fra-1 sshd[19806]: Invalid user user from 162.241.189.135 port 58588","@timestamp":"2022-09-15T22:06:31.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:39 honeypot-fra-1 sshd[19810]: Invalid user user from 162.241.189.135 port 43654","@timestamp":"2022-09-15T22:06:39.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:47 honeypot-fra-1 sshd[19814]: Invalid user user from 162.241.189.135 port 57280","@timestamp":"2022-09-15T22:06:47.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:55 honeypot-fra-1 kernel: [84154031.018689] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.203.56.0 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55355 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:06:55.581Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:59 honeypot-fra-1 sshd[19820]: Disconnected from invalid user user 162.241.189.135 port 33790 [preauth]","@timestamp":"2022-09-15T22:06:59.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:07 honeypot-fra-1 sshd[19824]: Disconnected from invalid user user 162.241.189.135 port 45890 [preauth]","@timestamp":"2022-09-15T22:07:07.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:15 honeypot-fra-1 sshd[19828]: Disconnected from invalid user user 162.241.189.135 port 33068 [preauth]","@timestamp":"2022-09-15T22:07:15.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:22 honeypot-fra-1 sshd[19833]: Disconnected from invalid user user 162.241.189.135 port 46540 [preauth]","@timestamp":"2022-09-15T22:07:23.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:30 honeypot-fra-1 sshd[19837]: Disconnected from invalid user user 162.241.189.135 port 58990 [preauth]","@timestamp":"2022-09-15T22:07:31.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:38 honeypot-fra-1 sshd[19841]: Disconnected from invalid user user 162.241.189.135 port 45108 [preauth]","@timestamp":"2022-09-15T22:07:39.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:07:54 honeypot-ams-1 kernel: [84156256.846324] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=53168 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:07:55.702Z"}
{"@timestamp":"2022-09-15T22:08:06.889Z","@version":"1","message":"Sep 15 22:08:06 honeypot-sgp-1 kernel: [84155793.534904] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.251.102.77 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=59711 PROTO=TCP SPT=19483 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:12:14 honeypot-ams-1 sshd[28910]: Disconnected from authenticating user root 23.95.115.90 port 43138 [preauth]","@timestamp":"2022-09-15T22:12:15.818Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:14:01 honeypot-fra-1 sshd[19844]: Received disconnect from 92.255.85.70 port 35780:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:14:01.764Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:14:32.047Z","@version":"1","message":"Sep 15 22:14:31 honeypot-sgp-1 kernel: [84156178.226052] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=62190 PROTO=TCP SPT=61003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:16:43 honeypot-ams-1 kernel: [84156785.677985] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=18519 PROTO=TCP SPT=40176 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:16:43.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:18:46 honeypot-fra-1 sshd[19850]: Connection closed by invalid user user1 103.188.176.251 port 36906 [preauth]","@timestamp":"2022-09-15T22:18:46.872Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:19:11.161Z","@version":"1","message":"Sep 15 22:19:10 honeypot-sgp-1 sshd[23082]: Invalid user admin from 92.255.85.70 port 45958","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T22:21:17.213Z","@version":"1","message":"Sep 15 22:21:16 honeypot-sgp-1 sshd[23086]: Connection closed by invalid user default 179.60.147.69 port 63974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:22:25 honeypot-fra-1 sshd[19854]: Connection closed by invalid user default 179.60.147.69 port 36798 [preauth]","@timestamp":"2022-09-15T22:22:25.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:25:44 honeypot-fra-1 kernel: [84155160.406018] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=97.107.139.79 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55907 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:25:45.037Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:28:22 honeypot-ams-1 sshd[28923]: Received disconnect from 92.255.85.70 port 40676:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:28:22.246Z"}
{"@timestamp":"2022-09-15T22:31:50.460Z","@version":"1","message":"Sep 15 22:31:49 honeypot-sgp-1 sshd[23092]: Disconnected from authenticating user root 104.194.75.112 port 31112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:37:30 honeypot-fra-1 sshd[19868]: Invalid user ldggzxc from 165.22.45.108 port 46662","@timestamp":"2022-09-15T22:37:31.301Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:37:52 honeypot-ams-1 sshd[28927]: Received disconnect from 27.74.254.115 port 54606:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:37:52.497Z"}
{"@timestamp":"2022-09-15T22:42:53.722Z","@version":"1","message":"Sep 15 22:42:53 honeypot-sgp-1 sshd[23098]: Invalid user jenkins from 92.255.85.70 port 58910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:43:19 honeypot-ams-1 sshd[28930]: Connection closed by invalid user tomcat 193.106.191.157 port 48294 [preauth]","@timestamp":"2022-09-15T22:43:19.641Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:44:23 honeypot-fra-1 kernel: [84156279.331605] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.255.237.28 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48545 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:44:24.471Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T22:55:52.033Z","@version":"1","message":"Sep 15 22:55:51 honeypot-sgp-1 kernel: [84158657.810526] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.29.234 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=25504 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19883]: Invalid user note from 20.13.161.157 port 57032","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19886]: Connection closed by invalid user test 20.13.161.157 port 57022 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19885]: Connection closed by invalid user postgres 20.13.161.157 port 57034 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19882]: Connection closed by invalid user centos 20.13.161.157 port 57050 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19912]: Invalid user ec2-user from 20.13.161.157 port 57020","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19903]: Invalid user support from 20.13.161.157 port 56982","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19911]: Connection closed by invalid user vagrant 20.13.161.157 port 57000 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19904]: Connection closed by invalid user systems 20.13.161.157 port 56980 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:00:42 honeypot-ams-1 sshd[28936]: Invalid user default from 179.60.147.69 port 27160","@timestamp":"2022-09-15T23:00:43.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:01:07 honeypot-fra-1 kernel: [84157283.340195] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.215 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37723 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:01:07.853Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T23:02:22.191Z","@version":"1","message":"Sep 15 23:02:22 honeypot-sgp-1 kernel: [84159048.712092] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47512 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:02:54 honeypot-ams-1 kernel: [84159556.147760] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.47 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=55538 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:02:55.161Z"}
{"@timestamp":"2022-09-15T23:05:37.270Z","@version":"1","message":"Sep 15 23:05:36 honeypot-sgp-1 kernel: [84159243.506587] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=239 ID=11030 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:10:20.386Z","@version":"1","message":"Sep 15 23:10:19 honeypot-sgp-1 kernel: [84159526.550914] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.118.120 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53378 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:10:33 honeypot-fra-1 kernel: [84157848.914343] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.58.124.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51423 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:10:34.069Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:16:06 honeypot-ams-1 sshd[28942]: Invalid user adm from 92.255.85.69 port 63414","@timestamp":"2022-09-15T23:16:07.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:17:01 honeypot-fra-1 CRON[19936]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T23:17:01.217Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:17:02.571Z","@version":"1","message":"Sep 15 23:17:01 honeypot-sgp-1 CRON[23123]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:19:34 honeypot-ams-1 kernel: [84160556.803003] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.123.198.153 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24410 PROTO=TCP SPT=56148 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:19:35.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:48 honeypot-ams-1 sshd[28953]: Invalid user administrador from 139.59.92.30 port 44524","@timestamp":"2022-09-15T23:21:48.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:04 honeypot-ams-1 sshd[28958]: Disconnected from authenticating user root 80.76.51.46 port 45656 [preauth]","@timestamp":"2022-09-15T23:22:04.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:31 honeypot-ams-1 sshd[28964]: Disconnected from authenticating user root 80.76.51.46 port 56398 [preauth]","@timestamp":"2022-09-15T23:22:32.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:01 honeypot-ams-1 sshd[28970]: Disconnected from authenticating user root 80.76.51.46 port 38894 [preauth]","@timestamp":"2022-09-15T23:23:01.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:32 honeypot-ams-1 sshd[28976]: Invalid user admin from 80.76.51.46 port 49624","@timestamp":"2022-09-15T23:23:32.714Z"}
{"@timestamp":"2022-09-15T23:28:23.839Z","@version":"1","message":"Sep 15 23:28:23 honeypot-sgp-1 kernel: [84160610.121685] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=42387 PROTO=TCP SPT=44005 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:30:32 honeypot-fra-1 sshd[19943]: Invalid user lebedevalk from 165.22.45.108 port 51722","@timestamp":"2022-09-15T23:30:32.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:30:36 honeypot-ams-1 sshd[28981]: Invalid user monitor from 40.124.120.52 port 47660","@timestamp":"2022-09-15T23:30:36.897Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:37:45 honeypot-fra-1 sshd[19949]: Invalid user admin from 179.60.147.69 port 10734","@timestamp":"2022-09-15T23:37:45.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:38:39 honeypot-fra-1 sshd[19959]: Unable to negotiate with 100.20.101.213 port 57894: no matching host key type found. Their offer: ssh-dss [preauth]","@timestamp":"2022-09-15T23:38:40.749Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:39:57 honeypot-ams-1 sshd[28987]: Received disconnect from 92.255.85.70 port 30836:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:39:58.143Z"}
{"@timestamp":"2022-09-15T23:41:39.161Z","@version":"1","message":"Sep 15 23:41:38 honeypot-sgp-1 kernel: [84161405.171683] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.135 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=55230 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:46:41 honeypot-ams-1 sshd[28992]: Received disconnect from 147.182.247.29 port 51196:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:46:41.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:49:54 honeypot-ams-1 sshd[28998]: Invalid user user from 45.61.186.249 port 44426","@timestamp":"2022-09-15T23:49:55.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:14 honeypot-ams-1 sshd[29002]: Invalid user user from 45.61.186.249 port 38854","@timestamp":"2022-09-15T23:50:14.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:31 honeypot-ams-1 sshd[29006]: Invalid user user from 45.61.186.249 port 33306","@timestamp":"2022-09-15T23:50:32.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:35 honeypot-fra-1 sshd[19967]: Unable to negotiate with 31.192.105.81 port 24516: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]","@timestamp":"2022-09-15T23:50:36.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:36 honeypot-fra-1 sshd[19978]: Connection closed by 31.192.105.81 port 56129 [preauth]","@timestamp":"2022-09-15T23:50:37.032Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:52:12 honeypot-ams-1 sshd[29011]: Did not receive identification string from 80.76.51.45 port 50110","@timestamp":"2022-09-15T23:52:12.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:04 honeypot-ams-1 sshd[29016]: Invalid user test from 80.76.51.45 port 36118","@timestamp":"2022-09-15T23:53:05.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:37 honeypot-ams-1 sshd[29020]: Disconnected from authenticating user root 80.76.51.45 port 44014 [preauth]","@timestamp":"2022-09-15T23:53:38.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:54:26 honeypot-ams-1 sshd[29026]: Disconnected from authenticating user root 80.76.51.45 port 42016 [preauth]","@timestamp":"2022-09-15T23:54:27.540Z"}
{"@timestamp":"2022-09-15T23:55:10.479Z","@version":"1","message":"Sep 15 23:55:10 honeypot-sgp-1 sshd[23143]: Disconnected from authenticating user root 92.255.85.69 port 37774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:55:15 honeypot-ams-1 sshd[29032]: Disconnected from authenticating user root 80.76.51.45 port 39984 [preauth]","@timestamp":"2022-09-15T23:55:16.567Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:55:48 honeypot-ams-1 sshd[29036]: Disconnected from invalid user git 80.76.51.45 port 48076 [preauth]","@timestamp":"2022-09-15T23:55:49.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:24 honeypot-fra-1 sshd[19992]: Did not receive identification string from 182.253.81.212 port 33346","@timestamp":"2022-09-15T23:56:25.164Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19998]: Connection closed by authenticating user root 182.253.81.212 port 33848 [preauth]","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:26 honeypot-fra-1 sshd[20005]: Invalid user admin from 182.253.81.212 port 33850","@timestamp":"2022-09-15T23:56:27.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:28 honeypot-fra-1 sshd[20007]: Connection closed by invalid user admin 182.253.81.212 port 33834 [preauth]","@timestamp":"2022-09-15T23:56:29.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:56:41.518Z","@version":"1","message":"Sep 15 23:56:41 honeypot-sgp-1 sshd[23147]: Disconnected from invalid user monitor 14.52.249.27 port 38760 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:42.543Z","@version":"1","message":"Sep 15 23:57:42 honeypot-sgp-1 sshd[23152]: Received disconnect from 190.115.208.250 port 44568:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:50.548Z","@version":"1","message":"Sep 15 23:57:50 honeypot-sgp-1 sshd[23156]: Received disconnect from 45.61.186.49 port 60380:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:58:49.572Z","@version":"1","message":"Sep 15 23:58:48 honeypot-sgp-1 sshd[23161]: Invalid user user from 45.61.186.169 port 34190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:06.581Z","@version":"1","message":"Sep 15 23:59:06 honeypot-sgp-1 sshd[23166]: Invalid user user from 45.61.186.169 port 57106","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:23.589Z","@version":"1","message":"Sep 15 23:59:22 honeypot-sgp-1 sshd[23170]: Invalid user user from 45.61.186.169 port 51764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:37.596Z","@version":"1","message":"Sep 15 23:59:37 honeypot-sgp-1 sshd[23174]: Invalid user user from 45.61.186.169 port 46424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:03:17 honeypot-ams-1 kernel: [84163179.550197] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.84.131.120 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48433 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:03:17.789Z"}
{"@timestamp":"2022-09-16T00:08:32.824Z","@version":"1","message":"Sep 16 00:08:32 honeypot-sgp-1 sshd[23177]: Connection closed by authenticating user root 137.116.144.39 port 49122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:10:53 honeypot-fra-1 sshd[20015]: Disconnected from authenticating user root 92.255.85.69 port 22518 [preauth]","@timestamp":"2022-09-16T00:10:53.494Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T00:11:13.890Z","@version":"1","message":"Sep 16 00:11:13 honeypot-sgp-1 sshd[23181]: Disconnected from invalid user user 45.61.186.249 port 47544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:31.898Z","@version":"1","message":"Sep 16 00:11:31 honeypot-sgp-1 sshd[23185]: Disconnected from invalid user user 45.61.186.249 port 41832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:48.936Z","@version":"1","message":"Sep 16 00:11:48 honeypot-sgp-1 sshd[23189]: Disconnected from invalid user user 45.61.186.249 port 36122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:12:04.943Z","@version":"1","message":"Sep 16 00:12:04 honeypot-sgp-1 sshd[23193]: Disconnected from invalid user user 45.61.186.249 port 58678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:17:02.064Z","@version":"1","message":"Sep 16 00:17:01 honeypot-sgp-1 CRON[23200]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:17:40 honeypot-fra-1 sshd[20021]: Invalid user centos from 179.60.147.69 port 9046","@timestamp":"2022-09-16T00:17:40.654Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:20:05 honeypot-ams-1 sshd[29046]: Invalid user centos from 179.60.147.69 port 24598","@timestamp":"2022-09-16T00:20:05.262Z"}
{"@timestamp":"2022-09-16T00:20:09.141Z","@version":"1","message":"Sep 16 00:20:08 honeypot-sgp-1 sshd[23204]: Disconnected from invalid user user 45.61.184.204 port 49656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:27.150Z","@version":"1","message":"Sep 16 00:20:26 honeypot-sgp-1 sshd[23208]: Disconnected from invalid user user 45.61.184.204 port 43892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:45.159Z","@version":"1","message":"Sep 16 00:20:45 honeypot-sgp-1 sshd[23212]: Disconnected from invalid user user 45.61.184.204 port 38148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:20:59 honeypot-fra-1 kernel: [84162074.823033] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=18202 PROTO=TCP SPT=54978 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:20:59.735Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:21:01.167Z","@version":"1","message":"Sep 16 00:21:00 honeypot-sgp-1 sshd[23216]: Disconnected from invalid user user 45.61.184.204 port 60618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:23:34 honeypot-ams-1 sshd[29049]: Invalid user soporte from 73.3.242.105 port 60874","@timestamp":"2022-09-16T00:23:35.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:26:48 honeypot-ams-1 sshd[29051]: Disconnected from authenticating user root 92.255.85.69 port 54292 [preauth]","@timestamp":"2022-09-16T00:26:49.449Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:31:09 honeypot-fra-1 kernel: [84162685.468457] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=21079 PROTO=TCP SPT=47491 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:31:10.014Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:35:33.507Z","@version":"1","message":"Sep 16 00:35:32 honeypot-sgp-1 sshd[23222]: Invalid user rq from 138.97.64.134 port 50736","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:39:02.591Z","@version":"1","message":"Sep 16 00:39:02 honeypot-sgp-1 sshd[23226]: Received disconnect from 20.205.9.176 port 47152:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:41:03.641Z","@version":"1","message":"Sep 16 00:41:02 honeypot-sgp-1 sshd[23232]: Received disconnect from 120.88.46.226 port 46092:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:42:07 honeypot-ams-1 sshd[29061]: Invalid user boon from 128.199.71.153 port 39408","@timestamp":"2022-09-16T00:42:07.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:42:40 honeypot-ams-1 sshd[29065]: Disconnected from 137.184.118.54 port 53310 [preauth]","@timestamp":"2022-09-16T00:42:40.910Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:43:55 honeypot-fra-1 sshd[20031]: Invalid user sftpuser from 103.188.176.251 port 51186","@timestamp":"2022-09-16T00:43:56.304Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:50:41 honeypot-ams-1 sshd[29070]: Invalid user Guest from 92.255.85.70 port 37024","@timestamp":"2022-09-16T00:50:41.127Z"}
{"@timestamp":"2022-09-16T00:52:01.902Z","@version":"1","message":"Sep 16 00:52:01 honeypot-sgp-1 sshd[23236]: Invalid user admin from 178.128.125.205 port 63246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:52:01.902Z","@version":"1","message":"Sep 16 00:52:01 honeypot-sgp-1 sshd[23242]: Invalid user admin from 178.128.125.205 port 63270","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:56:08 honeypot-fra-1 sshd[20036]: Invalid user Guest from 92.255.85.70 port 26836","@timestamp":"2022-09-16T00:56:08.586Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:56:22 honeypot-ams-1 sshd[29073]: Connection closed by invalid user debian 179.60.147.69 port 39438 [preauth]","@timestamp":"2022-09-16T00:56:22.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:01:44 honeypot-fra-1 kernel: [84164519.613029] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18331 PROTO=TCP SPT=50057 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:01:44.716Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:03:27.169Z","@version":"1","message":"Sep 16 01:03:26 honeypot-sgp-1 sshd[23247]: Received disconnect from 92.255.85.69 port 15316:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:09:18.308Z","@version":"1","message":"Sep 16 01:09:17 honeypot-sgp-1 kernel: [84166663.997964] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50617 PROTO=TCP SPT=57423 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:09:37 honeypot-ams-1 sshd[29077]: Received disconnect from 185.74.4.17 port 57076:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:09:37.626Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:09:44 honeypot-fra-1 sshd[20047]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.215.45 port 56648","@timestamp":"2022-09-16T01:09:44.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:11:15 honeypot-fra-1 sshd[20050]: Disconnected from authenticating user root 159.65.41.104 port 60546 [preauth]","@timestamp":"2022-09-16T01:11:15.939Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:11:34 honeypot-ams-1 sshd[29083]: Received disconnect from 92.255.85.69 port 36546:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:11:34.679Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:15:21 honeypot-fra-1 sshd[20055]: Received disconnect from 165.22.45.108 port 34114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:15:22.037Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:16 honeypot-fra-1 sshd[20061]: Received disconnect from 45.61.186.49 port 39558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:17:17.083Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:26 honeypot-fra-1 sshd[20065]: Received disconnect from 45.61.186.49 port 51506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:17:27.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:20:30 honeypot-fra-1 sshd[20070]: Received disconnect from 92.255.85.69 port 23374:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:20:31.160Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:21:19.593Z","@version":"1","message":"Sep 16 01:21:18 honeypot-sgp-1 sshd[23259]: Received disconnect from 75.188.17.172 port 44864:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:22:09.616Z","@version":"1","message":"Sep 16 01:22:09 honeypot-sgp-1 sshd[23266]: Invalid user bb from 167.172.98.89 port 51393","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:24:38 honeypot-ams-1 sshd[29091]: Disconnected from authenticating user root 147.182.188.81 port 48658 [preauth]","@timestamp":"2022-09-16T01:24:39.031Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:25:16 honeypot-fra-1 kernel: [84165931.511145] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.93.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44951 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:25:16.273Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:25:35.699Z","@version":"1","message":"Sep 16 01:25:35 honeypot-sgp-1 sshd[23270]: Received disconnect from 188.166.95.44 port 53714:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:28:37.773Z","@version":"1","message":"Sep 16 01:28:37 honeypot-sgp-1 sshd[23277]: Disconnected from authenticating user root 177.170.20.12 port 37940 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:29:55.826Z","@version":"1","message":"Sep 16 01:29:55 honeypot-sgp-1 kernel: [84167901.745354] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=200.90.145.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=44553 DF PROTO=TCP SPT=65435 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:30:50 honeypot-fra-1 sshd[20093]: Connection closed by 192.241.219.44 port 46124 [preauth]","@timestamp":"2022-09-16T01:30:50.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:53 honeypot-fra-1 sshd[20111]: Connection closed by authenticating user root 121.4.171.88 port 45624 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20114]: Invalid user momo from 121.4.171.88 port 45628","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20110]: Connection closed by authenticating user root 121.4.171.88 port 45648 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20125]: Connection closed by invalid user devops 121.4.171.88 port 45640 [preauth]","@timestamp":"2022-09-16T01:31:55.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:31:57 honeypot-ams-1 kernel: [84168499.244726] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.248.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=56691 PROTO=TCP SPT=14975 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:31:58.225Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:36:02 honeypot-ams-1 sshd[29102]: Received disconnect from 43.154.230.33 port 44372:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:36:03.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:18 honeypot-fra-1 sshd[20146]: Invalid user user from 45.61.186.49 port 54592","@timestamp":"2022-09-16T01:37:19.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:29 honeypot-fra-1 sshd[20150]: Invalid user user from 45.61.186.49 port 37894","@timestamp":"2022-09-16T01:37:29.562Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:38:33 honeypot-ams-1 kernel: [84168895.032613] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.142.27.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=18845 PROTO=TCP SPT=50399 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:38:33.401Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:38:55 honeypot-ams-1 kernel: [84168917.135040] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.82.121.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=54 ID=314 PROTO=TCP SPT=59077 DPT=80 WINDOW=44677 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:38:55.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:21 honeypot-ams-1 sshd[29116]: Disconnected from authenticating user root 80.76.51.46 port 44876 [preauth]","@timestamp":"2022-09-16T01:39:22.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:51 honeypot-ams-1 sshd[29122]: Disconnected from authenticating user root 80.76.51.46 port 55398 [preauth]","@timestamp":"2022-09-16T01:39:51.445Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:21 honeypot-ams-1 sshd[29128]: Disconnected from authenticating user root 80.76.51.46 port 37682 [preauth]","@timestamp":"2022-09-16T01:40:22.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:43 honeypot-ams-1 sshd[29134]: Invalid user admin from 80.76.51.46 port 44678","@timestamp":"2022-09-16T01:40:43.472Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:48:52 honeypot-ams-1 kernel: [84169514.667734] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.226.103.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=27143 PROTO=TCP SPT=44220 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:48:53.688Z"}
{"@timestamp":"2022-09-16T01:50:10.308Z","@version":"1","message":"Sep 16 01:50:09 honeypot-sgp-1 kernel: [84169115.954137] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=15833 DF PROTO=TCP SPT=16857 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:43 honeypot-ams-1 sshd[29144]: Received disconnect from 111.226.108.58 port 43350:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:44.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:48 honeypot-ams-1 sshd[29150]: Received disconnect from 111.226.108.58 port 43593:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:49.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:53 honeypot-ams-1 sshd[29156]: Received disconnect from 111.226.108.58 port 43838:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:53.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:58 honeypot-ams-1 sshd[29162]: Received disconnect from 111.226.108.58 port 44074:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:58.749Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:02 honeypot-ams-1 sshd[29168]: Received disconnect from 111.226.108.58 port 44305:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:02.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:07 honeypot-ams-1 sshd[29174]: Received disconnect from 111.226.108.58 port 44547:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:07.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:12 honeypot-ams-1 sshd[29180]: Received disconnect from 111.226.108.58 port 44796:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:12.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:16 honeypot-ams-1 sshd[29186]: Received disconnect from 111.226.108.58 port 45047:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:17.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:21 honeypot-ams-1 sshd[29192]: Received disconnect from 111.226.108.58 port 45281:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:21.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:26 honeypot-ams-1 sshd[29198]: Received disconnect from 111.226.108.58 port 45547:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:26.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:31 honeypot-ams-1 sshd[29204]: Received disconnect from 111.226.108.58 port 45798:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:31.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:35 honeypot-ams-1 sshd[29210]: Received disconnect from 111.226.108.58 port 46046:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:35.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:38 honeypot-ams-1 sshd[29214]: Received disconnect from 111.226.108.58 port 46222:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:39.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:42 honeypot-ams-1 sshd[29218]: Received disconnect from 111.226.108.58 port 46391:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:42.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:45 honeypot-ams-1 sshd[29222]: Received disconnect from 111.226.108.58 port 46553:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:45.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:48 honeypot-ams-1 sshd[29226]: Received disconnect from 111.226.108.58 port 46731:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:48.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:51 honeypot-ams-1 sshd[29230]: Received disconnect from 111.226.108.58 port 46877:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:51.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:54 honeypot-ams-1 sshd[29234]: Disconnected from authenticating user root 111.226.108.58 port 47057 [preauth]","@timestamp":"2022-09-16T01:51:54.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:59 honeypot-ams-1 sshd[29240]: Invalid user pi from 111.226.108.58 port 47302","@timestamp":"2022-09-16T01:51:59.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:02 honeypot-ams-1 sshd[29244]: Invalid user ethos from 111.226.108.58 port 47456","@timestamp":"2022-09-16T01:52:02.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:05 honeypot-ams-1 sshd[29248]: Invalid user miner from 111.226.108.58 port 47633","@timestamp":"2022-09-16T01:52:05.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:08 honeypot-ams-1 sshd[29252]: Invalid user volumio from 111.226.108.58 port 47786","@timestamp":"2022-09-16T01:52:08.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:11 honeypot-ams-1 sshd[29256]: Invalid user nagios from 111.226.108.58 port 47957","@timestamp":"2022-09-16T01:52:11.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:14 honeypot-ams-1 sshd[29260]: Invalid user vagrant from 111.226.108.58 port 48127","@timestamp":"2022-09-16T01:52:15.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:18 honeypot-ams-1 sshd[29264]: Invalid user debian from 111.226.108.58 port 48288","@timestamp":"2022-09-16T01:52:18.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:21 honeypot-ams-1 sshd[29268]: Invalid user debian from 111.226.108.58 port 48438","@timestamp":"2022-09-16T01:52:21.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:24 honeypot-ams-1 sshd[29272]: Invalid user alarm from 111.226.108.58 port 48597","@timestamp":"2022-09-16T01:52:24.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:27 honeypot-ams-1 sshd[29276]: Invalid user test from 111.226.108.58 port 48754","@timestamp":"2022-09-16T01:52:27.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:30 honeypot-ams-1 sshd[29280]: Invalid user cirros from 111.226.108.58 port 48919","@timestamp":"2022-09-16T01:52:30.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:54:27 honeypot-fra-1 sshd[20156]: Invalid user monitor from 200.108.139.242 port 58125","@timestamp":"2022-09-16T01:54:27.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:54:56 honeypot-fra-1 sshd[20160]: Connection closed by 217.42.70.30 port 55330 [preauth]","@timestamp":"2022-09-16T01:54:56.976Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:57:42 honeypot-fra-1 sshd[20166]: Received disconnect from 122.117.25.149 port 57176:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:57:43.045Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:59:55 honeypot-ams-1 sshd[29285]: Received disconnect from 92.255.85.69 port 19114:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:59:56.008Z"}
{"@timestamp":"2022-09-16T02:04:18.649Z","@version":"1","message":"Sep 16 02:04:17 honeypot-sgp-1 kernel: [84169964.404211] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.195.114 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36141 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:20 honeypot-fra-1 sshd[20170]: Disconnected from invalid user user 45.61.186.169 port 41326 [preauth]","@timestamp":"2022-09-16T02:05:21.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:37 honeypot-fra-1 sshd[20174]: Disconnected from invalid user user 45.61.186.169 port 36228 [preauth]","@timestamp":"2022-09-16T02:05:38.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:55 honeypot-fra-1 sshd[20178]: Disconnected from invalid user user 45.61.186.169 port 59360 [preauth]","@timestamp":"2022-09-16T02:05:56.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:11 honeypot-fra-1 sshd[20182]: Disconnected from invalid user user 45.61.186.169 port 54252 [preauth]","@timestamp":"2022-09-16T02:06:12.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:07:42 honeypot-ams-1 sshd[29288]: Invalid user app from 178.62.97.236 port 41476","@timestamp":"2022-09-16T02:07:43.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:08:09 honeypot-fra-1 sshd[20188]: Received disconnect from 165.22.45.108 port 39164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:08:10.374Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:09:07 honeypot-ams-1 sshd[29292]: Connection closed by invalid user admin 179.60.147.69 port 12320 [preauth]","@timestamp":"2022-09-16T02:09:08.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:10:43 honeypot-ams-1 sshd[29296]: Disconnected from invalid user orangedev 196.203.105.41 port 51352 [preauth]","@timestamp":"2022-09-16T02:10:44.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:40 honeypot-fra-1 sshd[20194]: Invalid user user from 45.61.186.249 port 54542","@timestamp":"2022-09-16T02:11:41.456Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:11:47.836Z","@version":"1","message":"Sep 16 02:11:47 honeypot-sgp-1 kernel: [84170413.718793] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.212.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42900 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:58 honeypot-fra-1 sshd[20198]: Invalid user user from 45.61.186.249 port 49154","@timestamp":"2022-09-16T02:11:59.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:09 honeypot-fra-1 kernel: [84168744.938703] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=60101 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:12:10.471Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:24 honeypot-fra-1 sshd[20204]: Disconnected from invalid user user 45.61.186.249 port 55124 [preauth]","@timestamp":"2022-09-16T02:12:24.478Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:13:48 honeypot-ams-1 sshd[29301]: Disconnected from invalid user mikyla 187.190.252.164 port 45481 [preauth]","@timestamp":"2022-09-16T02:13:48.389Z"}
{"@timestamp":"2022-09-16T02:15:15.924Z","@version":"1","message":"Sep 16 02:15:15 honeypot-sgp-1 sshd[23317]: Invalid user dw from 119.187.147.110 port 2268","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:18:45 honeypot-ams-1 sshd[29308]: Invalid user admin from 89.22.173.148 port 52754","@timestamp":"2022-09-16T02:18:45.519Z"}
{"@timestamp":"2022-09-16T02:19:46.034Z","@version":"1","message":"Sep 16 02:19:45 honeypot-sgp-1 sshd[23323]: Invalid user saaf from 165.227.231.151 port 56604","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:22:55 honeypot-ams-1 sshd[29313]: Invalid user ansible from 92.255.85.69 port 18194","@timestamp":"2022-09-16T02:22:55.630Z"}
{"@timestamp":"2022-09-16T02:24:56.161Z","@version":"1","message":"Sep 16 02:24:55 honeypot-sgp-1 sshd[23326]: Disconnected from invalid user admin 185.149.120.23 port 39018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:27:25 honeypot-fra-1 kernel: [84169660.773342] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.54 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=16264 PROTO=TCP SPT=52926 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:27:25.901Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:30:34 honeypot-ams-1 kernel: [84172015.891000] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=63596 PROTO=TCP SPT=2231 DPT=80 WINDOW=16631 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:30:34.826Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:30:38 honeypot-fra-1 sshd[20212]: Disconnected from invalid user ansible 92.255.85.70 port 22776 [preauth]","@timestamp":"2022-09-16T02:30:38.978Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:32:52.356Z","@version":"1","message":"Sep 16 02:32:51 honeypot-sgp-1 sshd[23330]: Received disconnect from 45.61.186.249 port 44980:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:11.367Z","@version":"1","message":"Sep 16 02:33:10 honeypot-sgp-1 sshd[23334]: Received disconnect from 45.61.186.249 port 39782:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:28.375Z","@version":"1","message":"Sep 16 02:33:28 honeypot-sgp-1 sshd[23338]: Received disconnect from 45.61.186.249 port 34590:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:33:33 honeypot-ams-1 kernel: [84172195.326851] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.122.108.112 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=51257 PROTO=TCP SPT=25793 DPT=80 WINDOW=44561 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:33:33.909Z"}
{"@timestamp":"2022-09-16T02:33:48.385Z","@version":"1","message":"Sep 16 02:33:47 honeypot-sgp-1 sshd[23342]: Received disconnect from 45.61.186.249 port 57626:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:42:11.587Z","@version":"1","message":"Sep 16 02:42:11 honeypot-sgp-1 sshd[23347]: Connection closed by authenticating user nobody 179.60.147.69 port 4030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:46:22 honeypot-ams-1 sshd[29325]: Invalid user admin from 92.255.85.70 port 44432","@timestamp":"2022-09-16T02:46:23.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:48:56 honeypot-fra-1 kernel: [84170951.300561] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.200 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10666 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:48:56.389Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:49:30 honeypot-ams-1 kernel: [84173151.975569] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=21606 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:49:30.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:51:13 honeypot-ams-1 sshd[29333]: Disconnected from invalid user vp 52.172.208.61 port 51400 [preauth]","@timestamp":"2022-09-16T02:51:14.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:54:05 honeypot-fra-1 kernel: [84171260.294273] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.53 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=248 ID=55291 PROTO=TCP SPT=53347 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:54:05.507Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:59:47 honeypot-ams-1 kernel: [84173769.278509] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=31578 PROTO=TCP SPT=63749 DPT=80 WINDOW=65274 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:59:47.596Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:00:07 honeypot-fra-1 kernel: [84171622.975577] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.127 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40284 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:00:08.649Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T03:01:05.053Z","@version":"1","message":"Sep 16 03:01:04 honeypot-sgp-1 kernel: [84173370.671227] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.67 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42756 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:03:17 honeypot-ams-1 kernel: [84173978.810606] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=22780 PROTO=TCP SPT=2231 DPT=80 WINDOW=16631 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:03:17.691Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:07:04 honeypot-ams-1 kernel: [84174206.164059] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.112.169.248 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=30391 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:07:04.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:10:07 honeypot-ams-1 sshd[29349]: Disconnected from authenticating user root 92.255.85.69 port 48798 [preauth]","@timestamp":"2022-09-16T03:10:07.880Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:11:24 honeypot-fra-1 sshd[20232]: Invalid user nl from 188.166.23.215 port 47222","@timestamp":"2022-09-16T03:11:24.905Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:11:55.321Z","@version":"1","message":"Sep 16 03:11:54 honeypot-sgp-1 kernel: [84174020.791692] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.218.173 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=35093 PROTO=TCP SPT=57907 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:17:01 honeypot-fra-1 CRON[20237]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T03:17:02.035Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:01 honeypot-ams-1 CRON[29355]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T03:17:02.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:23 honeypot-ams-1 sshd[29362]: Received disconnect from 80.76.51.46 port 45072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:17:24.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:42 honeypot-ams-1 sshd[29367]: Disconnected from authenticating user root 80.76.51.46 port 53278 [preauth]","@timestamp":"2022-09-16T03:17:42.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:56 honeypot-ams-1 sshd[29373]: Invalid user user from 45.61.186.169 port 53758","@timestamp":"2022-09-16T03:17:57.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:06 honeypot-ams-1 sshd[29377]: Received disconnect from 45.61.186.169 port 37198:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:07.093Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:14 honeypot-ams-1 sshd[29381]: Disconnected from invalid user user 45.61.186.169 port 48874 [preauth]","@timestamp":"2022-09-16T03:18:15.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:28 honeypot-ams-1 sshd[29387]: Received disconnect from 80.76.51.46 port 45518:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:29.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:38 honeypot-ams-1 sshd[29391]: Received disconnect from 80.76.51.46 port 49616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:38.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:47 honeypot-ams-1 sshd[29395]: Received disconnect from 80.76.51.46 port 53706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:48.115Z"}
{"@timestamp":"2022-09-16T03:19:44.516Z","@version":"1","message":"Sep 16 03:19:44 honeypot-sgp-1 sshd[23364]: Connection closed by invalid user debian 179.60.147.69 port 29226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:23:59.623Z","@version":"1","message":"Sep 16 03:23:59 honeypot-sgp-1 sshd[23372]: Received disconnect from 92.255.85.69 port 36518:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:24:38 honeypot-fra-1 kernel: [84173093.994756] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.132.195.37 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=58752 PROTO=TCP SPT=44342 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:24:39.356Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:26:27 honeypot-ams-1 sshd[29400]: Invalid user zabbix from 217.182.253.249 port 48592","@timestamp":"2022-09-16T03:26:27.311Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:29:09 honeypot-ams-1 kernel: [84175531.530115] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=19329 PROTO=TCP SPT=42742 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:29:10.399Z"}
{"@timestamp":"2022-09-16T03:31:33.811Z","@version":"1","message":"Sep 16 03:31:33 honeypot-sgp-1 sshd[23378]: Disconnected from 206.81.15.128 port 53848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:39:21 honeypot-ams-1 kernel: [84176143.443201] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45217 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:39:22.655Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:39:51 honeypot-fra-1 kernel: [84174006.319254] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=196.2.14.138 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=242 ID=39790 DF PROTO=TCP SPT=48490 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:39:51.696Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T03:40:01.024Z","@version":"1","message":"Sep 16 03:40:00 honeypot-sgp-1 sshd[23385]: Invalid user info from 35.221.82.156 port 46830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:31 honeypot-fra-1 sshd[20255]: Received disconnect from 45.61.186.169 port 51286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:42:31.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:48 honeypot-fra-1 sshd[20259]: Received disconnect from 45.61.186.169 port 46094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:42:48.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:04 honeypot-fra-1 sshd[20264]: Received disconnect from 45.61.186.169 port 40908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:43:05.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:20 honeypot-fra-1 sshd[20268]: Received disconnect from 45.61.186.169 port 35718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:43:20.798Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:44:20.134Z","@version":"1","message":"Sep 16 03:44:19 honeypot-sgp-1 sshd[23391]: Received disconnect from 134.17.95.120 port 26290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:45:40 honeypot-ams-1 sshd[29414]: Received disconnect from 80.76.51.46 port 43886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:45:40.822Z"}
{"@timestamp":"2022-09-16T03:45:58.177Z","@version":"1","message":"Sep 16 03:45:57 honeypot-sgp-1 sshd[23395]: Disconnected from invalid user distccd 84.54.74.130 port 49866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:09 honeypot-ams-1 sshd[29420]: Received disconnect from 80.76.51.46 port 57080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:46:09.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:39 honeypot-ams-1 sshd[29426]: Received disconnect from 80.76.51.46 port 42326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:46:39.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:11 honeypot-ams-1 sshd[29432]: Received disconnect from 80.76.51.46 port 55698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:47:11.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:33 honeypot-ams-1 sshd[29436]: Disconnected from invalid user test 80.76.51.46 port 36388 [preauth]","@timestamp":"2022-09-16T03:47:33.883Z"}
{"@timestamp":"2022-09-16T03:48:15.238Z","@version":"1","message":"Sep 16 03:48:15 honeypot-sgp-1 sshd[23399]: Disconnected from invalid user admin 138.2.245.103 port 34732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:51:14.313Z","@version":"1","message":"Sep 16 03:51:13 honeypot-sgp-1 sshd[23404]: Disconnected from invalid user merje 13.233.208.64 port 47182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:52:43 honeypot-fra-1 sshd[20272]: Connection closed by invalid user tomcat 193.106.191.157 port 39484 [preauth]","@timestamp":"2022-09-16T03:52:44.008Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:57:45.480Z","@version":"1","message":"Sep 16 03:57:45 honeypot-sgp-1 sshd[23411]: Received disconnect from 165.22.202.225 port 43628:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:58:21 honeypot-ams-1 kernel: [84177283.223285] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=13.125.127.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=39 ID=4611 PROTO=TCP SPT=54603 DPT=80 WINDOW=17867 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:58:22.156Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:01:26 honeypot-fra-1 sshd[20279]: Invalid user admin from 125.4.158.186 port 58878","@timestamp":"2022-09-16T04:01:27.207Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:04:22.649Z","@version":"1","message":"Sep 16 04:04:22 honeypot-sgp-1 kernel: [84177168.911208] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=40123 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:07:07 honeypot-ams-1 sshd[29446]: Received disconnect from 125.209.85.186 port 51772:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:07:08.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:09:32 honeypot-fra-1 sshd[20284]: Did not receive identification string from 45.61.186.249 port 34946","@timestamp":"2022-09-16T04:09:33.391Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:09:55 honeypot-fra-1 sshd[20288]: Disconnected from invalid user user 45.61.186.249 port 45834 [preauth]","@timestamp":"2022-09-16T04:09:56.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:14 honeypot-fra-1 sshd[20292]: Disconnected from invalid user user 45.61.186.249 port 40450 [preauth]","@timestamp":"2022-09-16T04:10:15.412Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:10:26 honeypot-ams-1 kernel: [84178007.868641] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=34079 PROTO=TCP SPT=59555 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:10:26.474Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:32 honeypot-fra-1 sshd[20296]: Disconnected from invalid user user 45.61.186.249 port 35064 [preauth]","@timestamp":"2022-09-16T04:10:32.420Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:14:30.909Z","@version":"1","message":"Sep 16 04:14:29 honeypot-sgp-1 sshd[23420]: Disconnected from authenticating user root 61.177.173.51 port 27648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:15:48 honeypot-ams-1 sshd[29456]: Received disconnect from 61.177.173.51 port 63156:11:  [preauth]","@timestamp":"2022-09-16T04:15:48.618Z"}
{"@timestamp":"2022-09-16T04:16:39.969Z","@version":"1","message":"Sep 16 04:16:39 honeypot-sgp-1 sshd[23426]: Received disconnect from 45.61.184.204 port 45634:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:58.978Z","@version":"1","message":"Sep 16 04:16:58 honeypot-sgp-1 sshd[23430]: Received disconnect from 45.61.184.204 port 41166:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:17:01 honeypot-fra-1 CRON[20301]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T04:17:01.570Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:17:08.984Z","@version":"1","message":"Sep 16 04:17:08 honeypot-sgp-1 sshd[23435]: Disconnected from invalid user user 45.61.184.204 port 53080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:25.993Z","@version":"1","message":"Sep 16 04:17:25 honeypot-sgp-1 sshd[23440]: Disconnected from invalid user user 45.61.184.204 port 48574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:16 honeypot-ams-1 sshd[29462]: Invalid user user from 45.61.184.204 port 56204","@timestamp":"2022-09-16T04:19:16.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:34 honeypot-ams-1 sshd[29466]: Invalid user user from 45.61.184.204 port 51166","@timestamp":"2022-09-16T04:19:35.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:52 honeypot-ams-1 sshd[29470]: Invalid user user from 45.61.184.204 port 46136","@timestamp":"2022-09-16T04:19:53.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:20:06 honeypot-ams-1 sshd[29474]: Received disconnect from 61.177.173.35 port 31736:11:  [preauth]","@timestamp":"2022-09-16T04:20:06.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:20:34 honeypot-fra-1 sshd[20308]: Received disconnect from 37.59.120.179 port 50924:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:20:35.652Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:21:06 honeypot-ams-1 sshd[29479]: Received disconnect from 92.255.85.69 port 43934:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:21:07.768Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:23:06 honeypot-fra-1 kernel: [84176601.247597] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=27115 PROTO=TCP SPT=56206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:23:06.713Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:24:10.167Z","@version":"1","message":"Sep 16 04:24:10 honeypot-sgp-1 sshd[23447]: Received disconnect from 61.177.173.46 port 24720:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:25:22 honeypot-ams-1 sshd[29483]: Disconnected from authenticating user root 61.177.173.51 port 38629 [preauth]","@timestamp":"2022-09-16T04:25:22.881Z"}
{"@timestamp":"2022-09-16T04:25:48.210Z","@version":"1","message":"Sep 16 04:25:47 honeypot-sgp-1 sshd[23453]: Received disconnect from 61.177.173.37 port 51962:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:33:20.403Z","@version":"1","message":"Sep 16 04:33:19 honeypot-sgp-1 sshd[23458]: Disconnected from authenticating user root 61.177.173.51 port 53485 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:34:19 honeypot-ams-1 kernel: [84179441.504715] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=60254 PROTO=TCP SPT=25575 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:34:20.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:36:35 honeypot-fra-1 sshd[20317]: Invalid user blank from 179.60.147.69 port 48592","@timestamp":"2022-09-16T04:36:36.034Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:38:39.543Z","@version":"1","message":"Sep 16 04:38:38 honeypot-sgp-1 kernel: [84179225.219013] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.214.142 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60238 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:39:17 honeypot-ams-1 sshd[29930]: Received disconnect from 61.177.172.114 port 37642:11:  [preauth]","@timestamp":"2022-09-16T04:39:18.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:39:31 honeypot-fra-1 sshd[20321]: Received disconnect from 87.245.17.229 port 43525:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:39:32.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:44:27 honeypot-ams-1 sshd[29935]: Received disconnect from 92.255.85.69 port 16098:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:44:27.381Z"}
{"@timestamp":"2022-09-16T04:45:17.712Z","@version":"1","message":"Sep 16 04:45:16 honeypot-sgp-1 sshd[23468]: Disconnected from invalid user bots 23.83.239.130 port 48040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:46:29.744Z","@version":"1","message":"Sep 16 04:46:29 honeypot-sgp-1 sshd[23474]: Connection closed by invalid user  64.62.197.47 port 33746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:48:45 honeypot-fra-1 kernel: [84178139.939527] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41922 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:48:45.313Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:49:08.814Z","@version":"1","message":"Sep 16 04:49:07 honeypot-sgp-1 sshd[23480]: Received disconnect from 61.177.172.108 port 30664:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:52:12.893Z","@version":"1","message":"Sep 16 04:52:12 honeypot-sgp-1 sshd[23485]: Disconnected from authenticating user root 61.177.173.49 port 16736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:52:32 honeypot-fra-1 kernel: [84178367.239929] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=51605 PROTO=TCP SPT=59555 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:52:32.400Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:52:36.905Z","@version":"1","message":"Sep 16 04:52:36 honeypot-sgp-1 sshd[23491]: Unable to negotiate with 100.20.101.213 port 60734: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:54:26 honeypot-fra-1 sshd[20771]: Received disconnect from 68.183.156.109 port 33554:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:54:27.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:55:58 honeypot-fra-1 sshd[20775]: Disconnected from authenticating user root 103.160.24.2 port 40244 [preauth]","@timestamp":"2022-09-16T04:55:58.483Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:56:36.008Z","@version":"1","message":"Sep 16 04:56:35 honeypot-sgp-1 sshd[23500]: Disconnected from invalid user volumio 218.10.34.1 port 35746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:58:17 honeypot-fra-1 sshd[20782]: Invalid user anon from 162.215.1.198 port 55670","@timestamp":"2022-09-16T04:58:18.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:00:42 honeypot-ams-1 kernel: [84181023.666409] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.38.12.13 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57702 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:00:42.797Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:00:45 honeypot-fra-1 sshd[20786]: Connection closed by invalid user  64.62.197.227 port 64892 [preauth]","@timestamp":"2022-09-16T05:00:46.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:01:54.145Z","@version":"1","message":"Sep 16 05:01:53 honeypot-sgp-1 sshd[23507]: Received disconnect from 61.177.173.50 port 20830:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:02:48 honeypot-fra-1 kernel: [84178983.550367] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=37059 PROTO=TCP SPT=41711 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:02:49.648Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:06:53 honeypot-ams-1 sshd[29954]: Disconnected from authenticating user root 61.177.173.52 port 57780 [preauth]","@timestamp":"2022-09-16T05:06:53.958Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:11:16 honeypot-fra-1 kernel: [84179491.441024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=43983 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:11:16.841Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T05:11:47.391Z","@version":"1","message":"Sep 16 05:11:47 honeypot-sgp-1 sshd[23516]: Connection closed by authenticating user nobody 179.60.147.69 port 10804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:15:18 honeypot-fra-1 sshd[20805]: Received disconnect from 92.255.85.70 port 63956:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:15:18.938Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:17:01 honeypot-ams-1 CRON[29967]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T05:17:01.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:17:01 honeypot-fra-1 CRON[20809]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T05:17:01.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:18:43.567Z","@version":"1","message":"Sep 16 05:18:43 honeypot-sgp-1 sshd[23525]: Invalid user cs from 172.247.194.147 port 40888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:21:57.651Z","@version":"1","message":"Sep 16 05:21:57 honeypot-sgp-1 sshd[23530]: Received disconnect from 92.255.85.70 port 52382:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:22:13 honeypot-ams-1 sshd[29973]: Disconnected from authenticating user root 61.177.173.37 port 45487 [preauth]","@timestamp":"2022-09-16T05:22:13.353Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:22:52 honeypot-fra-1 sshd[20815]: Disconnected from invalid user www 134.17.95.120 port 57082 [preauth]","@timestamp":"2022-09-16T05:22:53.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:30:12 honeypot-fra-1 sshd[20822]: Invalid user vagrant from 202.74.243.26 port 64062","@timestamp":"2022-09-16T05:30:13.282Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:30:37.868Z","@version":"1","message":"Sep 16 05:30:36 honeypot-sgp-1 kernel: [84182343.162387] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=55094 PROTO=TCP SPT=46202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:32:01 honeypot-ams-1 sshd[29980]: Invalid user ubuntu from 92.255.85.69 port 58636","@timestamp":"2022-09-16T05:32:01.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:32:53 honeypot-ams-1 sshd[29985]: Received disconnect from 61.177.173.53 port 64839:11:  [preauth]","@timestamp":"2022-09-16T05:32:53.630Z"}
{"@timestamp":"2022-09-16T05:33:07.933Z","@version":"1","message":"Sep 16 05:33:07 honeypot-sgp-1 sshd[23543]: Disconnected from authenticating user root 193.142.146.50 port 36752 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:33:46.952Z","@version":"1","message":"Sep 16 05:33:46 honeypot-sgp-1 sshd[23549]: Disconnected from authenticating user root 193.142.146.50 port 56900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:35:43.004Z","@version":"1","message":"Sep 16 05:35:42 honeypot-sgp-1 sshd[23555]: Received disconnect from 193.142.146.50 port 44774:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:38:00.063Z","@version":"1","message":"Sep 16 05:37:59 honeypot-sgp-1 sshd[23562]: Invalid user test from 193.142.146.50 port 56838","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:38:44 honeypot-fra-1 sshd[20825]: Disconnected from invalid user leo 165.22.45.108 port 59388 [preauth]","@timestamp":"2022-09-16T05:38:44.474Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:39:28.103Z","@version":"1","message":"Sep 16 05:39:27 honeypot-sgp-1 kernel: [84182873.621098] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.138 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34499 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:41:42 honeypot-fra-1 sshd[20829]: Invalid user zabbix from 103.188.176.251 port 56462","@timestamp":"2022-09-16T05:41:42.546Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:42:54 honeypot-ams-1 sshd[29990]: Disconnected from authenticating user root 61.177.173.46 port 19831 [preauth]","@timestamp":"2022-09-16T05:42:54.889Z"}
{"@timestamp":"2022-09-16T05:45:18.249Z","@version":"1","message":"Sep 16 05:45:17 honeypot-sgp-1 sshd[23577]: Invalid user ubnt from 92.255.85.70 port 50854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:46:45 honeypot-ams-1 kernel: [84183787.041995] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.200.103.234 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=57883 PROTO=TCP SPT=54254 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:46:45.991Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:46:53 honeypot-fra-1 sshd[20836]: Invalid user com from 81.28.167.30 port 33798","@timestamp":"2022-09-16T05:46:54.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:46:55 honeypot-ams-1 sshd[29999]: Disconnected from invalid user user 45.61.187.160 port 44640 [preauth]","@timestamp":"2022-09-16T05:46:55.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:14 honeypot-ams-1 sshd[30005]: Disconnected from invalid user user 45.61.187.160 port 39080 [preauth]","@timestamp":"2022-09-16T05:47:15.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:32 honeypot-ams-1 sshd[30009]: Disconnected from invalid user user 45.61.187.160 port 33514 [preauth]","@timestamp":"2022-09-16T05:47:33.017Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:55:03 honeypot-ams-1 sshd[30021]: Invalid user ubnt from 92.255.85.69 port 23262","@timestamp":"2022-09-16T05:55:04.210Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:02:52 honeypot-fra-1 sshd[20844]: Invalid user ubnt from 92.255.85.69 port 43030","@timestamp":"2022-09-16T06:02:53.029Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:04:27.716Z","@version":"1","message":"Sep 16 06:04:26 honeypot-sgp-1 sshd[23583]: Invalid user dell from 103.188.176.251 port 38496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:07:41 honeypot-ams-1 sshd[30029]: Received disconnect from 61.177.172.114 port 63437:11:  [preauth]","@timestamp":"2022-09-16T06:07:41.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:08:26 honeypot-fra-1 sshd[20849]: Invalid user ubnt from 97.112.107.231 port 49730","@timestamp":"2022-09-16T06:08:26.156Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:08:53.828Z","@version":"1","message":"Sep 16 06:08:53 honeypot-sgp-1 sshd[23588]: Disconnected from invalid user ftpuser 92.255.85.69 port 39260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:11:51 honeypot-fra-1 sshd[20853]: Received disconnect from 121.6.175.44 port 59568:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:11:51.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:17:01 honeypot-fra-1 CRON[20858]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T06:17:01.353Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:17:01 honeypot-ams-1 CRON[30036]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T06:17:01.788Z"}
{"@timestamp":"2022-09-16T06:18:43.074Z","@version":"1","message":"Sep 16 06:18:42 honeypot-sgp-1 sshd[23598]: Did not receive identification string from 38.143.137.90 port 41548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:21:02 honeypot-ams-1 sshd[30042]: Disconnected from authenticating user root 61.177.172.19 port 49191 [preauth]","@timestamp":"2022-09-16T06:21:03.895Z"}
{"@timestamp":"2022-09-16T06:25:02.235Z","@version":"1","message":"Sep 16 06:25:01 honeypot-sgp-1 CRON[23604]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:31 honeypot-fra-1 sshd[20995]: Received disconnect from 60.249.82.125 port 57094:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:25:31.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:57 honeypot-fra-1 sshd[20997]: Connection closed by invalid user test 179.60.147.69 port 4494 [preauth]","@timestamp":"2022-09-16T06:25:57.560Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:29:09.361Z","@version":"1","message":"Sep 16 06:29:08 honeypot-sgp-1 sshd[23760]: Invalid user install from 38.143.137.90 port 28928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:29:59 honeypot-ams-1 sshd[30838]: Received disconnect from 61.177.173.36 port 60642:11:  [preauth]","@timestamp":"2022-09-16T06:30:00.150Z"}
{"@timestamp":"2022-09-16T06:30:09.388Z","@version":"1","message":"Sep 16 06:30:08 honeypot-sgp-1 sshd[23764]: Invalid user user from 38.143.137.90 port 17938","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:30:38.403Z","@version":"1","message":"Sep 16 06:30:38 honeypot-sgp-1 sshd[23766]: Disconnected from invalid user user 38.143.137.90 port 35944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:19 honeypot-ams-1 sshd[30843]: Received disconnect from 80.76.51.46 port 50756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:31:19.189Z"}
{"@timestamp":"2022-09-16T06:31:37.429Z","@version":"1","message":"Sep 16 06:31:36 honeypot-sgp-1 sshd[24306]: Disconnected from invalid user user 38.143.137.90 port 8620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:41 honeypot-ams-1 sshd[30849]: Received disconnect from 61.177.173.50 port 62684:11:  [preauth]","@timestamp":"2022-09-16T06:31:42.201Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:31:58 honeypot-ams-1 kernel: [84186500.533645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.112.207.147 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=26619 DF PROTO=TCP SPT=20844 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:31:59.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:28 honeypot-ams-1 sshd[30859]: Received disconnect from 80.76.51.46 port 50238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:32:29.228Z"}
{"@timestamp":"2022-09-16T06:32:37.456Z","@version":"1","message":"Sep 16 06:32:37 honeypot-sgp-1 sshd[24315]: Invalid user user from 38.143.137.90 port 15992","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:59 honeypot-ams-1 sshd[30865]: Invalid user test from 80.76.51.46 port 33902","@timestamp":"2022-09-16T06:33:00.244Z"}
{"@timestamp":"2022-09-16T06:33:37.483Z","@version":"1","message":"Sep 16 06:33:36 honeypot-sgp-1 sshd[24319]: Invalid user user from 38.143.137.90 port 31820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:34:37.511Z","@version":"1","message":"Sep 16 06:34:37 honeypot-sgp-1 sshd[24324]: Invalid user user from 38.143.137.90 port 3474","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:35:37.539Z","@version":"1","message":"Sep 16 06:35:37 honeypot-sgp-1 sshd[24329]: Invalid user user from 38.143.137.90 port 26042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:36:08 honeypot-fra-1 sshd[21620]: Connection closed by invalid user guest 193.106.191.157 port 52642 [preauth]","@timestamp":"2022-09-16T06:36:08.787Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:36:39.569Z","@version":"1","message":"Sep 16 06:36:38 honeypot-sgp-1 sshd[24333]: Invalid user user from 38.143.137.90 port 56318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:37:40.596Z","@version":"1","message":"Sep 16 06:37:39 honeypot-sgp-1 sshd[24337]: Invalid user chia from 38.143.137.90 port 15670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:38:08 honeypot-ams-1 sshd[30870]: Invalid user monitor from 103.94.168.42 port 3147","@timestamp":"2022-09-16T06:38:08.373Z"}
{"@timestamp":"2022-09-16T06:38:30.621Z","@version":"1","message":"Sep 16 06:38:30 honeypot-sgp-1 kernel: [84186416.206153] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.205.5.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49489 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:39:27 honeypot-ams-1 sshd[30875]: Disconnected from invalid user debian 34.70.38.122 port 39654 [preauth]","@timestamp":"2022-09-16T06:39:27.410Z"}
{"@timestamp":"2022-09-16T06:39:44.654Z","@version":"1","message":"Sep 16 06:39:44 honeypot-sgp-1 sshd[24346]: Invalid user wangbing from 38.143.137.90 port 58310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:40:49.684Z","@version":"1","message":"Sep 16 06:40:48 honeypot-sgp-1 sshd[24352]: Invalid user wangxiong from 38.143.137.90 port 50140","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:41:52.712Z","@version":"1","message":"Sep 16 06:41:52 honeypot-sgp-1 sshd[24356]: Disconnected from authenticating user root 38.143.137.90 port 13344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:42:56.741Z","@version":"1","message":"Sep 16 06:42:56 honeypot-sgp-1 sshd[24362]: Received disconnect from 38.143.137.90 port 15316:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:44:02.769Z","@version":"1","message":"Sep 16 06:44:02 honeypot-sgp-1 sshd[24366]: Disconnected from authenticating user root 38.143.137.90 port 23710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:44:17 honeypot-ams-1 kernel: [84187239.478030] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=42337 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:44:18.535Z"}
{"@timestamp":"2022-09-16T06:45:39.812Z","@version":"1","message":"Sep 16 06:45:39 honeypot-sgp-1 sshd[24373]: Invalid user dev from 38.143.137.90 port 10628","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:46:11.829Z","@version":"1","message":"Sep 16 06:46:11 honeypot-sgp-1 sshd[24377]: Received disconnect from 38.143.137.90 port 25562:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:47:47.872Z","@version":"1","message":"Sep 16 06:47:47 honeypot-sgp-1 sshd[24383]: Invalid user gaodongsheng from 38.143.137.90 port 18992","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:48:53.904Z","@version":"1","message":"Sep 16 06:48:52 honeypot-sgp-1 sshd[24387]: Disconnected from authenticating user root 38.143.137.90 port 7546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:50:00.935Z","@version":"1","message":"Sep 16 06:50:00 honeypot-sgp-1 sshd[24395]: Invalid user xdp from 38.143.137.90 port 34018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:50:34.952Z","@version":"1","message":"Sep 16 06:50:34 honeypot-sgp-1 sshd[24399]: Disconnected from authenticating user root 38.143.137.90 port 9942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:51:43.985Z","@version":"1","message":"Sep 16 06:51:43 honeypot-sgp-1 sshd[24403]: Disconnected from invalid user amax 38.143.137.90 port 7764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:53:16 honeypot-ams-1 kernel: [84187778.166175] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.96 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36757 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:53:16.765Z"}
{"@timestamp":"2022-09-16T06:53:23.029Z","@version":"1","message":"Sep 16 06:53:23 honeypot-sgp-1 sshd[24409]: Received disconnect from 38.143.137.90 port 8682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:50 honeypot-fra-1 sshd[21626]: Did not receive identification string from 101.33.218.153 port 63834","@timestamp":"2022-09-16T06:53:51.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21651]: Connection closed by invalid user ftpadmin 101.33.218.153 port 36279 [preauth]","@timestamp":"2022-09-16T06:53:54.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:54 honeypot-fra-1 sshd[21634]: Connection closed by invalid user minecraft 101.33.218.153 port 36339 [preauth]","@timestamp":"2022-09-16T06:53:55.208Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:54:29.076Z","@version":"1","message":"Sep 16 06:54:28 honeypot-sgp-1 sshd[24413]: Disconnected from invalid user weblogic 38.143.137.90 port 8006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:09.120Z","@version":"1","message":"Sep 16 06:56:08 honeypot-sgp-1 sshd[24420]: Received disconnect from 38.143.137.90 port 14094:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:32.132Z","@version":"1","message":"Sep 16 06:56:31 honeypot-sgp-1 sshd[24424]: Received disconnect from 61.177.173.35 port 63054:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:57:16.154Z","@version":"1","message":"Sep 16 06:57:15 honeypot-sgp-1 sshd[24430]: Invalid user omnisky from 38.143.137.90 port 23596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:58:16.182Z","@version":"1","message":"Sep 16 06:58:15 honeypot-sgp-1 sshd[24434]: Received disconnect from 134.209.236.191 port 53416:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:58:26 honeypot-ams-1 sshd[30897]: Disconnected from authenticating user root 61.177.173.36 port 17231 [preauth]","@timestamp":"2022-09-16T06:58:26.899Z"}
{"@timestamp":"2022-09-16T06:59:24.214Z","@version":"1","message":"Sep 16 06:59:23 honeypot-sgp-1 kernel: [84187669.651027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.163.41 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26582 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:00:40.251Z","@version":"1","message":"Sep 16 07:00:39 honeypot-sgp-1 sshd[24449]: Invalid user user from 38.143.137.90 port 38150","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:01:13.268Z","@version":"1","message":"Sep 16 07:01:13 honeypot-sgp-1 sshd[24453]: Received disconnect from 38.143.137.90 port 6868:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:02:55.312Z","@version":"1","message":"Sep 16 07:02:55 honeypot-sgp-1 sshd[24460]: Received disconnect from 38.143.137.90 port 17218:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:04:03.343Z","@version":"1","message":"Sep 16 07:04:03 honeypot-sgp-1 sshd[24464]: Received disconnect from 38.143.137.90 port 61686:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:04:11 honeypot-ams-1 sshd[30906]: Connection closed by authenticating user root 137.116.144.39 port 37246 [preauth]","@timestamp":"2022-09-16T07:04:12.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:05:34 honeypot-ams-1 sshd[30912]: Disconnected from invalid user tomcat 92.255.85.69 port 26420 [preauth]","@timestamp":"2022-09-16T07:05:35.083Z"}
{"@timestamp":"2022-09-16T07:05:44.387Z","@version":"1","message":"Sep 16 07:05:44 honeypot-sgp-1 sshd[24472]: Received disconnect from 38.143.137.90 port 36602:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:06:51.418Z","@version":"1","message":"Sep 16 07:06:50 honeypot-sgp-1 sshd[24476]: Disconnected from authenticating user root 38.143.137.90 port 29694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:08:05 honeypot-fra-1 sshd[21670]: error: maximum authentication attempts exceeded for invalid user admin from 59.126.178.69 port 48532 ssh2 [preauth]","@timestamp":"2022-09-16T07:08:06.554Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:08:30.462Z","@version":"1","message":"Sep 16 07:08:29 honeypot-sgp-1 sshd[24483]: Invalid user xdp from 38.143.137.90 port 14306","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:09:37.492Z","@version":"1","message":"Sep 16 07:09:36 honeypot-sgp-1 sshd[24487]: Received disconnect from 38.143.137.90 port 20944:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:10:43.521Z","@version":"1","message":"Sep 16 07:10:43 honeypot-sgp-1 sshd[24496]: Received disconnect from 38.143.137.90 port 63202:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:11:49.550Z","@version":"1","message":"Sep 16 07:11:48 honeypot-sgp-1 sshd[24501]: Disconnected from authenticating user root 38.143.137.90 port 7650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:11:57 honeypot-ams-1 sshd[30917]: Connection closed by invalid user guest 193.106.191.157 port 51662 [preauth]","@timestamp":"2022-09-16T07:11:58.255Z"}
{"@timestamp":"2022-09-16T07:12:59.582Z","@version":"1","message":"Sep 16 07:12:58 honeypot-sgp-1 kernel: [84188484.826931] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=39781 DF PROTO=TCP SPT=40805 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:13:06 honeypot-fra-1 sshd[21677]: Invalid user tomcat from 92.255.85.69 port 25746","@timestamp":"2022-09-16T07:13:06.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:13:13 honeypot-ams-1 kernel: [84188974.608216] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=24141 PROTO=TCP SPT=51265 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:13:13.293Z"}
{"@timestamp":"2022-09-16T07:14:34.624Z","@version":"1","message":"Sep 16 07:14:33 honeypot-sgp-1 sshd[24511]: Invalid user zhengchaolei from 38.143.137.90 port 30462","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:15:39.653Z","@version":"1","message":"Sep 16 07:15:39 honeypot-sgp-1 sshd[24519]: Disconnected from authenticating user root 38.143.137.90 port 19902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:17:01 honeypot-ams-1 CRON[30929]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T07:17:02.396Z"}
{"@timestamp":"2022-09-16T07:17:02.689Z","@version":"1","message":"Sep 16 07:17:02 honeypot-sgp-1 CRON[24525]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:17:53.712Z","@version":"1","message":"Sep 16 07:17:53 honeypot-sgp-1 sshd[24531]: Disconnected from authenticating user root 38.143.137.90 port 64654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:19:00.742Z","@version":"1","message":"Sep 16 07:19:00 honeypot-sgp-1 sshd[24537]: Received disconnect from 38.143.137.90 port 29518:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:20:05.772Z","@version":"1","message":"Sep 16 07:20:05 honeypot-sgp-1 sshd[24543]: Invalid user eduinfo from 38.143.137.90 port 13290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:20:38.787Z","@version":"1","message":"Sep 16 07:20:37 honeypot-sgp-1 sshd[24547]: Received disconnect from 38.143.137.90 port 2260:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:21:01 honeypot-fra-1 kernel: [84187275.694635] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50658 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:21:01.849Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T07:21:44.816Z","@version":"1","message":"Sep 16 07:21:43 honeypot-sgp-1 sshd[24552]: Disconnected from authenticating user root 38.143.137.90 port 58700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:23:24.860Z","@version":"1","message":"Sep 16 07:23:24 honeypot-sgp-1 sshd[24558]: Received disconnect from 38.143.137.90 port 48358:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:24:20.886Z","@version":"1","message":"Sep 16 07:24:20 honeypot-sgp-1 sshd[24564]: Received disconnect from 61.177.173.36 port 21353:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:25:06.908Z","@version":"1","message":"Sep 16 07:25:06 honeypot-sgp-1 sshd[24570]: Invalid user luguoliang from 38.143.137.90 port 16126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:25:15 honeypot-fra-1 sshd[21686]: Invalid user leonardo from 165.22.45.108 port 41286","@timestamp":"2022-09-16T07:25:15.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:25:54 honeypot-ams-1 sshd[30952]: Received disconnect from 157.245.230.64 port 57458:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:25:55.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:29:16 honeypot-ams-1 sshd[30961]: Invalid user 123 from 92.255.85.69 port 43504","@timestamp":"2022-09-16T07:29:16.716Z"}
{"@timestamp":"2022-09-16T07:33:15.109Z","@version":"1","message":"Sep 16 07:33:15 honeypot-sgp-1 sshd[24575]: Received disconnect from 52.172.225.142 port 58532:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:36:25 honeypot-fra-1 sshd[21691]: Received disconnect from 92.255.85.70 port 51812:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:36:26.265Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:38:15.231Z","@version":"1","message":"Sep 16 07:38:14 honeypot-sgp-1 sshd[24580]: Disconnected from authenticating user root 61.177.172.108 port 51508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:39:21 honeypot-fra-1 sshd[21695]: Received disconnect from 43.155.86.244 port 49274:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:39:22.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:40:58 honeypot-fra-1 sshd[21702]: Invalid user sherrill from 5.101.1.20 port 52758","@timestamp":"2022-09-16T07:40:58.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:41:23 honeypot-ams-1 sshd[30974]: Disconnected from authenticating user root 61.177.173.46 port 11130 [preauth]","@timestamp":"2022-09-16T07:41:24.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:50:03 honeypot-fra-1 kernel: [84189017.600656] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.2 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=55556 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:50:03.595Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:50:33 honeypot-ams-1 sshd[30979]: Disconnected from authenticating user root 61.177.173.46 port 20948 [preauth]","@timestamp":"2022-09-16T07:50:34.261Z"}
{"@timestamp":"2022-09-16T07:52:10.566Z","@version":"1","message":"Sep 16 07:52:10 honeypot-sgp-1 kernel: [84190836.485578] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.86 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53869 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:53:10 honeypot-ams-1 sshd[30984]: Received disconnect from 61.177.173.36 port 15879:11:  [preauth]","@timestamp":"2022-09-16T07:53:11.333Z"}
{"@timestamp":"2022-09-16T07:56:40.679Z","@version":"1","message":"Sep 16 07:56:40 honeypot-sgp-1 sshd[24596]: Invalid user user from 45.61.184.204 port 58012","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:56:52 honeypot-ams-1 sshd[30988]: Received disconnect from 61.177.172.104 port 39651:11:  [preauth]","@timestamp":"2022-09-16T07:56:52.431Z"}
{"@timestamp":"2022-09-16T07:57:01.689Z","@version":"1","message":"Sep 16 07:57:00 honeypot-sgp-1 sshd[24600]: Invalid user user from 45.61.184.204 port 52878","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:18.697Z","@version":"1","message":"Sep 16 07:57:17 honeypot-sgp-1 sshd[24605]: Invalid user user from 45.61.184.204 port 47718","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:36.707Z","@version":"1","message":"Sep 16 07:57:36 honeypot-sgp-1 sshd[24609]: Invalid user user from 45.61.184.204 port 42580","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:00:05 honeypot-fra-1 sshd[21709]: Received disconnect from 92.255.85.70 port 61974:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:00:05.824Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:02:25 honeypot-fra-1 kernel: [84189759.697406] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=110.138.22.17 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=60513 DF PROTO=TCP SPT=57012 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:02:25.879Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T08:04:45.901Z","@version":"1","message":"Sep 16 08:04:45 honeypot-sgp-1 sshd[24614]: Disconnected from authenticating user root 61.177.173.36 port 13227 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:06:17 honeypot-ams-1 sshd[30996]: Connection closed by invalid user dell 103.188.176.251 port 52214 [preauth]","@timestamp":"2022-09-16T08:06:18.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:10:05 honeypot-ams-1 sshd[31003]: Received disconnect from 61.177.173.51 port 61520:11:  [preauth]","@timestamp":"2022-09-16T08:10:05.779Z"}
{"@timestamp":"2022-09-16T08:12:14.089Z","@version":"1","message":"Sep 16 08:12:13 honeypot-sgp-1 kernel: [84192039.950855] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.115 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40932 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:13:50.131Z","@version":"1","message":"Sep 16 08:13:49 honeypot-sgp-1 sshd[24622]: Received disconnect from 178.176.228.45 port 53546:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:15:16 honeypot-fra-1 sshd[21738]: Connection closed by invalid user guest 179.60.147.69 port 64092 [preauth]","@timestamp":"2022-09-16T08:15:17.174Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T08:16:01.187Z","@version":"1","message":"Sep 16 08:16:00 honeypot-sgp-1 sshd[24626]: Disconnected from invalid user telsoft 40.85.90.154 port 51546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:16:45 honeypot-ams-1 sshd[31007]: Invalid user a from 92.255.85.70 port 37524","@timestamp":"2022-09-16T08:16:45.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:17:08 honeypot-ams-1 sshd[31012]: Received disconnect from 159.223.95.166 port 53078:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:17:08.981Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:17:35 honeypot-fra-1 sshd[21744]: Received disconnect from 165.22.45.108 port 46326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T08:17:36.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T08:19:13.268Z","@version":"1","message":"Sep 16 08:19:12 honeypot-sgp-1 sshd[24637]: Received disconnect from 61.177.172.98 port 47738:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:21:10 honeypot-ams-1 kernel: [84193052.290004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42839 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:21:11.086Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:23:26 honeypot-fra-1 sshd[21747]: Received disconnect from 92.255.85.70 port 19324:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:23:27.370Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:24:45 honeypot-ams-1 kernel: [84193266.704535] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.191.136.69 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=35512 DF PROTO=TCP SPT=47948 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:24:45.184Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:26:53 honeypot-ams-1 kernel: [84193395.276537] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.14.51.134 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=14639 DF PROTO=TCP SPT=48842 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:26:54.244Z"}
{"@timestamp":"2022-09-16T08:27:14.468Z","@version":"1","message":"Sep 16 08:27:14 honeypot-sgp-1 sshd[24658]: Invalid user koellner from 165.227.118.71 port 38502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:30:36 honeypot-ams-1 kernel: [84193617.794476] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=2656 PROTO=TCP SPT=57003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:30:36.343Z"}
{"@timestamp":"2022-09-16T08:30:49.560Z","@version":"1","message":"Sep 16 08:30:49 honeypot-sgp-1 kernel: [84193155.433887] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54945 PROTO=TCP SPT=57003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:33:28.628Z","@version":"1","message":"Sep 16 08:33:28 honeypot-sgp-1 sshd[24669]: Invalid user user1 from 103.188.176.251 port 53304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:33:37 honeypot-ams-1 sshd[31056]: Received disconnect from 61.177.172.108 port 61667:11:  [preauth]","@timestamp":"2022-09-16T08:33:38.425Z"}
{"@timestamp":"2022-09-16T08:34:33.656Z","@version":"1","message":"Sep 16 08:34:33 honeypot-sgp-1 sshd[24673]: Disconnected from invalid user zhouh 52.163.248.162 port 43310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:40:45 honeypot-ams-1 sshd[31059]: Received disconnect from 95.85.15.86 port 55464:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:40:46.608Z"}
{"@timestamp":"2022-09-16T08:43:41.904Z","@version":"1","message":"Sep 16 08:43:41 honeypot-sgp-1 sshd[24681]: Disconnected from authenticating user root 61.177.173.37 port 52974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:46:39 honeypot-ams-1 sshd[31067]: Received disconnect from 61.177.172.98 port 50047:11:  [preauth]","@timestamp":"2022-09-16T08:46:39.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:47:26 honeypot-fra-1 sshd[21751]: Received disconnect from 92.255.85.70 port 45442:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:47:26.923Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T08:50:27.075Z","@version":"1","message":"Sep 16 08:50:26 honeypot-sgp-1 sshd[24690]: Connection closed by invalid user blank 179.60.147.69 port 54802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:51:34 honeypot-fra-1 sshd[21754]: Connection closed by invalid user blank 179.60.147.69 port 52622 [preauth]","@timestamp":"2022-09-16T08:51:35.019Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:57:18 honeypot-ams-1 sshd[31077]: Received disconnect from 61.177.173.46 port 50694:11:  [preauth]","@timestamp":"2022-09-16T08:57:19.042Z"}
{"@timestamp":"2022-09-16T08:58:38.281Z","@version":"1","message":"Sep 16 08:58:38 honeypot-sgp-1 kernel: [84194824.119991] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=48949 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:01:05 honeypot-ams-1 kernel: [84195446.741285] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=3012 PROTO=TCP SPT=43691 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:01:06.148Z"}
{"@timestamp":"2022-09-16T09:01:06.352Z","@version":"1","message":"Sep 16 09:01:05 honeypot-sgp-1 sshd[24698]: Invalid user fjh from 177.137.87.209 port 34220","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:01:29 honeypot-fra-1 kernel: [84193304.106680] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27033 PROTO=TCP SPT=58803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:01:30.246Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:03:11 honeypot-ams-1 sshd[31088]: Did not receive identification string from 45.61.184.204 port 38104","@timestamp":"2022-09-16T09:03:12.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:03:54 honeypot-ams-1 sshd[31091]: Disconnected from invalid user user 45.61.184.204 port 51900 [preauth]","@timestamp":"2022-09-16T09:03:55.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:13 honeypot-ams-1 sshd[31097]: Invalid user user from 45.61.184.204 port 47458","@timestamp":"2022-09-16T09:04:14.239Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:31 honeypot-ams-1 sshd[31101]: Invalid user user from 45.61.184.204 port 43008","@timestamp":"2022-09-16T09:04:31.249Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:07:45 honeypot-ams-1 kernel: [84195846.713081] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=56463 PROTO=TCP SPT=30686 DPT=80 WINDOW=36437 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:07:45.334Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:11:25 honeypot-fra-1 sshd[21763]: Disconnected from authenticating user root 92.255.85.69 port 30540 [preauth]","@timestamp":"2022-09-16T09:11:26.472Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:15:55 honeypot-ams-1 kernel: [84196337.364042] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=41382 PROTO=TCP SPT=25746 DPT=80 WINDOW=40019 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:15:56.546Z"}
{"@timestamp":"2022-09-16T09:16:43.737Z","@version":"1","message":"Sep 16 09:16:42 honeypot-sgp-1 sshd[24709]: Unable to negotiate with 113.5.234.18 port 40398: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:19:09 honeypot-fra-1 sshd[21771]: Received disconnect from 43.154.190.157 port 46722:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:19:09.649Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:21:06.847Z","@version":"1","message":"Sep 16 09:21:06 honeypot-sgp-1 kernel: [84196172.185235] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=41.76.154.214 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=232 ID=47350 DF PROTO=TCP SPT=35183 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:22:58 honeypot-fra-1 kernel: [84194592.957034] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=11163 PROTO=TCP SPT=51265 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:22:58.736Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:24:02 honeypot-ams-1 kernel: [84196824.446797] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=189.34.24.214 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=65393 PROTO=TCP SPT=39170 DPT=443 WINDOW=50002 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:24:03.755Z"}
{"@timestamp":"2022-09-16T09:26:51.989Z","@version":"1","message":"Sep 16 09:26:51 honeypot-sgp-1 sshd[24724]: Received disconnect from 112.25.135.51 port 38236:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:27:14 honeypot-ams-1 sshd[31130]: Disconnected from invalid user odoo 92.255.85.69 port 31386 [preauth]","@timestamp":"2022-09-16T09:27:14.841Z"}
{"@timestamp":"2022-09-16T09:30:30.082Z","@version":"1","message":"Sep 16 09:30:29 honeypot-sgp-1 sshd[24730]: Invalid user hadoop from 187.37.77.251 port 38541","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:31:42 honeypot-fra-1 sshd[21783]: Disconnected from 218.92.0.200 port 22715 [preauth]","@timestamp":"2022-09-16T09:31:42.938Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:31:50.118Z","@version":"1","message":"Sep 16 09:31:49 honeypot-sgp-1 sshd[24735]: Received disconnect from 45.61.186.169 port 54564:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:31:59.123Z","@version":"1","message":"Sep 16 09:31:58 honeypot-sgp-1 sshd[24738]: Disconnected from invalid user user 45.61.186.169 port 37666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:15.131Z","@version":"1","message":"Sep 16 09:32:15 honeypot-sgp-1 sshd[24742]: Disconnected from invalid user user 45.61.186.169 port 60324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:31.139Z","@version":"1","message":"Sep 16 09:32:30 honeypot-sgp-1 sshd[24746]: Disconnected from invalid user user 45.61.186.169 port 54758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:34:51 honeypot-fra-1 sshd[21788]: Received disconnect from 92.255.85.69 port 36492:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:34:52.014Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:35:03 honeypot-ams-1 kernel: [84197484.574400] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34227 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:35:04.043Z"}
{"@timestamp":"2022-09-16T09:35:05.205Z","@version":"1","message":"Sep 16 09:35:05 honeypot-sgp-1 sshd[24751]: Received disconnect from 61.177.173.35 port 60870:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:37:34 honeypot-ams-1 sshd[31143]: Received disconnect from 61.177.173.51 port 56667:11:  [preauth]","@timestamp":"2022-09-16T09:37:35.111Z"}
{"@timestamp":"2022-09-16T09:40:04.330Z","@version":"1","message":"Sep 16 09:40:04 honeypot-sgp-1 sshd[24757]: Disconnected from invalid user user 45.61.186.49 port 53540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:40:13.335Z","@version":"1","message":"Sep 16 09:40:12 honeypot-sgp-1 sshd[24761]: Disconnected from invalid user user 45.61.186.49 port 36704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:41:33 honeypot-fra-1 sshd[21791]: Disconnected from authenticating user root 218.92.0.200 port 11188 [preauth]","@timestamp":"2022-09-16T09:41:33.169Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:45:35 honeypot-ams-1 sshd[31152]: Received disconnect from 61.177.173.50 port 47094:11:  [preauth]","@timestamp":"2022-09-16T09:45:35.319Z"}
{"@timestamp":"2022-09-16T09:47:47.521Z","@version":"1","message":"Sep 16 09:47:46 honeypot-sgp-1 sshd[24770]: Received disconnect from 61.177.173.35 port 50005:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:50:26 honeypot-ams-1 sshd[31157]: Invalid user testuser from 92.255.85.69 port 54322","@timestamp":"2022-09-16T09:50:27.451Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:53:58 honeypot-ams-1 kernel: [84198619.991984] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=42949 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:53:58.545Z"}
{"@timestamp":"2022-09-16T09:57:21.758Z","@version":"1","message":"Sep 16 09:57:21 honeypot-sgp-1 kernel: [84198347.727532] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53913 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:00:07 honeypot-ams-1 sshd[31169]: Received disconnect from 51.161.96.65 port 54625:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:00:07.705Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:01:24 honeypot-fra-1 kernel: [84196898.738794] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.97.98.117 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=27348 DF PROTO=TCP SPT=55228 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T10:01:24.633Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:01:44 honeypot-ams-1 sshd[31173]: Disconnected from invalid user admin 13.67.201.190 port 56392 [preauth]","@timestamp":"2022-09-16T10:01:45.750Z"}
{"@timestamp":"2022-09-16T10:03:06.923Z","@version":"1","message":"Sep 16 10:03:06 honeypot-sgp-1 sshd[24782]: Invalid user support from 179.60.147.69 port 52822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:03:16 honeypot-fra-1 sshd[21798]: Disconnected from invalid user lesya 165.22.45.108 port 56442 [preauth]","@timestamp":"2022-09-16T10:03:16.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:04:01 honeypot-ams-1 kernel: [84199222.890548] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=54.37.242.67 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=39029 PROTO=TCP SPT=42104 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:04:01.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:04:50 honeypot-fra-1 sshd[21802]: Connection closed by invalid user guest 193.106.191.157 port 39528 [preauth]","@timestamp":"2022-09-16T10:04:50.720Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:08:05.046Z","@version":"1","message":"Sep 16 10:08:04 honeypot-sgp-1 sshd[24787]: Disconnected from authenticating user root 179.84.67.240 port 37533 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:12:32 honeypot-ams-1 kernel: [84199734.393035] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=180.215.130.45 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=39005 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:12:33.037Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21809]: Invalid user ubuntu from 137.184.77.246 port 42052","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21815]: Invalid user elasticsearch from 137.184.77.246 port 41998","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21819]: Invalid user user from 137.184.77.246 port 41992","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21832]: Invalid user devops from 137.184.77.246 port 42034","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21814]: Connection closed by authenticating user root 137.184.77.246 port 42014 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21813]: Connection closed by invalid user deployer 137.184.77.246 port 42072 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21825]: Connection closed by authenticating user root 137.184.77.246 port 42012 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21831]: Connection closed by invalid user mc 137.184.77.246 port 42060 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21837]: Invalid user es from 137.184.77.246 port 42064","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21839]: Connection closed by invalid user chia 137.184.77.246 port 42050 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:18:29 honeypot-ams-1 kernel: [84200091.219208] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.49.93 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=22210 DF PROTO=TCP SPT=56577 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:18:30.195Z"}
{"@timestamp":"2022-09-16T10:19:03.317Z","@version":"1","message":"Sep 16 10:19:02 honeypot-sgp-1 sshd[24793]: Disconnected from invalid user super 62.204.41.222 port 54470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:20:07 honeypot-fra-1 kernel: [84198021.867784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=54.37.242.67 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=55526 PROTO=TCP SPT=42104 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:20:08.071Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:24:50 honeypot-fra-1 kernel: [84198304.941244] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.124.168.230 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=250 ID=54321 PROTO=TCP SPT=48533 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:24:51.182Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T10:26:26.498Z","@version":"1","message":"Sep 16 10:26:26 honeypot-sgp-1 sshd[24798]: Disconnected from authenticating user root 175.170.149.29 port 25593 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:27:07 honeypot-ams-1 kernel: [84200609.200017] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.141.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=59677 PROTO=TCP SPT=24116 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:27:08.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:30:13 honeypot-fra-1 sshd[21885]: Disconnected from invalid user te 187.188.206.106 port 47856 [preauth]","@timestamp":"2022-09-16T10:30:13.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21893]: Connection closed by invalid user deployer 137.184.77.246 port 37902 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21908]: Invalid user cloud from 137.184.77.246 port 37842","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21921]: Invalid user es from 137.184.77.246 port 37834","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21901]: Invalid user www from 137.184.77.246 port 37840","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21910]: Connection closed by invalid user www 137.184.77.246 port 37850 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21907]: Connection closed by invalid user chia 137.184.77.246 port 37838 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21921]: Connection closed by invalid user es 137.184.77.246 port 37834 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21918]: Connection closed by invalid user ts3 137.184.77.246 port 37872 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21905]: Connection closed by authenticating user root 137.184.77.246 port 37870 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:33:58 honeypot-ams-1 sshd[31197]: Received disconnect from 134.122.123.117 port 56214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:33:59.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:35:08 honeypot-ams-1 sshd[31203]: Received disconnect from 134.122.123.117 port 52354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:35:08.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:36:48 honeypot-ams-1 sshd[31210]: Received disconnect from 134.122.123.117 port 46934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:36:48.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:37:21 honeypot-ams-1 sshd[31214]: Disconnected from authenticating user root 134.122.123.117 port 45156 [preauth]","@timestamp":"2022-09-16T10:37:21.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:38:59 honeypot-ams-1 sshd[31220]: Invalid user user from 134.122.123.117 port 39696","@timestamp":"2022-09-16T10:38:59.765Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:39:42 honeypot-fra-1 sshd[21955]: Received disconnect from 103.133.57.242 port 57302:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:39:42.529Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:39:53.825Z","@version":"1","message":"Sep 16 10:39:52 honeypot-sgp-1 kernel: [84200898.854449] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.98.76 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=49012 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:40:05 honeypot-ams-1 sshd[31224]: Invalid user postgres from 134.122.123.117 port 36130","@timestamp":"2022-09-16T10:40:05.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:40:26 honeypot-fra-1 sshd[21959]: Disconnected from invalid user facturacion 51.12.81.43 port 50212 [preauth]","@timestamp":"2022-09-16T10:40:27.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:41:11 honeypot-ams-1 sshd[31228]: Invalid user gituser from 134.122.123.117 port 60658","@timestamp":"2022-09-16T10:41:12.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:41:45 honeypot-ams-1 sshd[31230]: Disconnected from invalid user odoo 134.122.123.117 port 58856 [preauth]","@timestamp":"2022-09-16T10:41:45.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:42:49 honeypot-ams-1 sshd[31237]: Invalid user ec2-user from 134.122.123.117 port 55214","@timestamp":"2022-09-16T10:42:49.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:43:53 honeypot-ams-1 sshd[31241]: Invalid user ubuntu from 134.122.123.117 port 51568","@timestamp":"2022-09-16T10:43:54.909Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:44:58 honeypot-ams-1 sshd[31245]: Invalid user spark from 134.122.123.117 port 47950","@timestamp":"2022-09-16T10:44:58.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:46:03 honeypot-ams-1 sshd[31249]: Invalid user debian from 134.122.123.117 port 44280","@timestamp":"2022-09-16T10:46:03.972Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:46:36 honeypot-ams-1 sshd[31251]: Disconnected from invalid user ftpadmin 134.122.123.117 port 42456 [preauth]","@timestamp":"2022-09-16T10:46:36.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:47:42 honeypot-ams-1 sshd[31256]: Disconnected from invalid user svn 134.122.123.117 port 38892 [preauth]","@timestamp":"2022-09-16T10:47:43.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:48:48 honeypot-ams-1 sshd[31260]: Received disconnect from 134.122.123.117 port 35182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:48:49.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:49:19 honeypot-fra-1 kernel: [84199773.418849] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.110 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=47518 PROTO=TCP SPT=36869 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:49:19.754Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:49:53 honeypot-ams-1 sshd[31264]: Invalid user db2inst1 from 134.122.123.117 port 59772","@timestamp":"2022-09-16T10:49:54.085Z"}
{"@timestamp":"2022-09-16T10:51:33.110Z","@version":"1","message":"Sep 16 10:51:32 honeypot-sgp-1 sshd[24808]: Received disconnect from 92.255.85.70 port 40364:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:59:54 honeypot-ams-1 sshd[31268]: Invalid user vcsa from 98.252.188.193 port 59598","@timestamp":"2022-09-16T10:59:55.343Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:01:25 honeypot-fra-1 kernel: [84200499.189494] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=13673 DF PROTO=TCP SPT=41162 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:01:26.027Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T11:01:41.362Z","@version":"1","message":"Sep 16 11:01:40 honeypot-sgp-1 sshd[24816]: Invalid user wangfei from 103.188.176.251 port 54492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T11:06:08.472Z","@version":"1","message":"Sep 16 11:06:07 honeypot-sgp-1 kernel: [84202473.706392] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=56129 DF PROTO=TCP SPT=58946 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:08:29 honeypot-fra-1 kernel: [84200923.508100] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=11518 PROTO=TCP SPT=45163 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:08:30.189Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:10:17 honeypot-ams-1 kernel: [84203199.135833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=41995 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:10:18.605Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:15:58 honeypot-ams-1 kernel: [84203539.786843] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=32788 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:15:58.755Z"}
{"@timestamp":"2022-09-16T11:17:01.734Z","@version":"1","message":"Sep 16 11:17:01 honeypot-sgp-1 CRON[24827]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T11:20:41.825Z","@version":"1","message":"Sep 16 11:20:41 honeypot-sgp-1 kernel: [84203347.002286] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=43469 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:21:09 honeypot-fra-1 kernel: [84201683.855158] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=6179 PROTO=TCP SPT=45166 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:21:10.479Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:24:14 honeypot-ams-1 kernel: [84204036.281446] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.169.113.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=43395 PROTO=TCP SPT=47440 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:24:14.986Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:27:23 honeypot-fra-1 sshd[21983]: Disconnected from invalid user csgoserver 190.128.230.98 port 59204 [preauth]","@timestamp":"2022-09-16T11:27:24.622Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:28:38 honeypot-ams-1 sshd[31286]: Disconnected from invalid user nicolas 161.82.233.183 port 45902 [preauth]","@timestamp":"2022-09-16T11:28:39.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:29:43 honeypot-fra-1 sshd[21988]: Disconnected from authenticating user root 159.65.127.239 port 54092 [preauth]","@timestamp":"2022-09-16T11:29:43.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:31:08 honeypot-fra-1 sshd[21992]: Disconnected from authenticating user root 92.255.85.70 port 25188 [preauth]","@timestamp":"2022-09-16T11:31:08.715Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:34:53 honeypot-ams-1 kernel: [84204675.015435] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=37833 PROTO=TCP SPT=47639 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:34:54.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:35:40 honeypot-fra-1 sshd[21997]: Disconnected from invalid user mts 91.240.118.222 port 59838 [preauth]","@timestamp":"2022-09-16T11:35:40.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:35:45.189Z","@version":"1","message":"Sep 16 11:35:45 honeypot-sgp-1 kernel: [84204250.882094] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.98 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=49506 PROTO=TCP SPT=38344 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:42:09 honeypot-ams-1 sshd[31366]: Disconnected from invalid user aaag 61.80.56.252 port 44782 [preauth]","@timestamp":"2022-09-16T11:42:09.473Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:44:54 honeypot-fra-1 kernel: [84203108.692437] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20289 PROTO=TCP SPT=44104 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:44:55.031Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:24 honeypot-fra-1 sshd[22004]: Received disconnect from 45.61.186.169 port 59428:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T11:51:25.183Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:51:29.567Z","@version":"1","message":"Sep 16 11:51:29 honeypot-sgp-1 sshd[24842]: Invalid user aid from 213.158.29.179 port 41784","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:41 honeypot-fra-1 sshd[22008]: Received disconnect from 45.61.186.169 port 54176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T11:51:42.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:58 honeypot-fra-1 sshd[22012]: Invalid user user from 45.61.186.169 port 48920","@timestamp":"2022-09-16T11:51:59.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:52:08 honeypot-ams-1 kernel: [84205709.892542] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48238 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:52:08.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:52:14 honeypot-fra-1 sshd[22016]: Invalid user user from 45.61.186.169 port 43662","@timestamp":"2022-09-16T11:52:14.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:54:59 honeypot-fra-1 sshd[22021]: Disconnected from authenticating user root 92.255.85.69 port 43322 [preauth]","@timestamp":"2022-09-16T11:55:00.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:55:31.667Z","@version":"1","message":"Sep 16 11:55:30 honeypot-sgp-1 sshd[24846]: Disconnected from authenticating user root 134.209.153.189 port 48532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:57:04 honeypot-ams-1 kernel: [84206005.760219] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54618 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:57:04.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:58:57 honeypot-fra-1 kernel: [84203951.110806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=37829 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:58:57.366Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:01:29.816Z","@version":"1","message":"Sep 16 12:01:28 honeypot-sgp-1 sshd[24849]: Disconnected from invalid user oracle 159.65.43.192 port 54194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:04:28.888Z","@version":"1","message":"Sep 16 12:04:28 honeypot-sgp-1 sshd[24857]: Invalid user fmw from 60.50.99.134 port 48904","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:05:59 honeypot-fra-1 sshd[22031]: Invalid user admin from 159.203.178.0 port 48116","@timestamp":"2022-09-16T12:05:59.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:06:01 honeypot-fra-1 sshd[22037]: Invalid user admin from 159.203.178.0 port 48140","@timestamp":"2022-09-16T12:06:01.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:12 honeypot-ams-1 sshd[31376]: Disconnected from invalid user user 45.61.187.160 port 56184 [preauth]","@timestamp":"2022-09-16T12:06:13.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:33 honeypot-ams-1 sshd[31380]: Disconnected from invalid user user 45.61.187.160 port 50178 [preauth]","@timestamp":"2022-09-16T12:06:34.142Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:52 honeypot-ams-1 sshd[31384]: Disconnected from invalid user user 45.61.187.160 port 44156 [preauth]","@timestamp":"2022-09-16T12:06:53.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:07:09 honeypot-ams-1 sshd[31388]: Disconnected from invalid user user 45.61.187.160 port 38150 [preauth]","@timestamp":"2022-09-16T12:07:10.160Z"}
{"@timestamp":"2022-09-16T12:08:58.996Z","@version":"1","message":"Sep 16 12:08:58 honeypot-sgp-1 kernel: [84206244.567091] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.78.214.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=23055 PROTO=TCP SPT=48618 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:10:58.048Z","@version":"1","message":"Sep 16 12:10:57 honeypot-sgp-1 sshd[24865]: Disconnected from invalid user testing 45.126.184.170 port 45806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:17:01 honeypot-fra-1 CRON[22040]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T12:17:02.788Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:17:31 honeypot-ams-1 sshd[31397]: Invalid user guest from 193.106.191.157 port 40800","@timestamp":"2022-09-16T12:17:32.428Z"}
{"@timestamp":"2022-09-16T12:18:20.227Z","@version":"1","message":"Sep 16 12:18:19 honeypot-sgp-1 kernel: [84206805.748190] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.118.55.90 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=34821 DF PROTO=TCP SPT=64683 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:19:33 honeypot-ams-1 sshd[31399]: Received disconnect from 45.119.215.150 port 39056:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:19:34.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:19:48 honeypot-fra-1 sshd[22048]: Received disconnect from 174.138.28.154 port 39218:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:19:48.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:23:25 honeypot-ams-1 kernel: [84207586.486752] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=57800 PROTO=TCP SPT=48891 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:23:25.585Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:23:41 honeypot-fra-1 kernel: [84205435.672469] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=20146 PROTO=TCP SPT=45173 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:23:41.944Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:29:49 honeypot-fra-1 sshd[22055]: Disconnected from invalid user admin 177.184.133.130 port 58132 [preauth]","@timestamp":"2022-09-16T12:29:50.082Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:30:17.542Z","@version":"1","message":"Sep 16 12:30:16 honeypot-sgp-1 sshd[24880]: Invalid user test from 179.60.147.69 port 59176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:32:23.596Z","@version":"1","message":"Sep 16 12:32:23 honeypot-sgp-1 sshd[24886]: Invalid user admin from 43.154.77.244 port 45976","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:33:09.616Z","@version":"1","message":"Sep 16 12:33:08 honeypot-sgp-1 sshd[24890]: Connection closed by invalid user admin 128.199.160.207 port 21312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:33:13 honeypot-fra-1 sshd[22060]: Disconnected from invalid user ace 104.248.251.225 port 45234 [preauth]","@timestamp":"2022-09-16T12:33:14.161Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:33:43 honeypot-ams-1 sshd[31405]: Connection closed by invalid user test 179.60.147.69 port 51470 [preauth]","@timestamp":"2022-09-16T12:33:44.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:34:43 honeypot-fra-1 sshd[22064]: Received disconnect from 43.134.240.234 port 34488:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:34:43.197Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:35:41.676Z","@version":"1","message":"Sep 16 12:35:41 honeypot-sgp-1 sshd[24897]: Disconnected from authenticating user root 159.223.42.103 port 35026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:41:10 honeypot-fra-1 kernel: [84206484.189554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.118.55.90 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=24679 DF PROTO=TCP SPT=49395 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T12:41:11.346Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:46:45 honeypot-ams-1 kernel: [84208987.103340] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40874 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:46:46.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:47:01 honeypot-fra-1 sshd[22072]: Invalid user guest from 193.106.191.157 port 52524","@timestamp":"2022-09-16T12:47:02.481Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:47:13.962Z","@version":"1","message":"Sep 16 12:47:12 honeypot-sgp-1 sshd[24904]: Invalid user user from 45.61.186.249 port 56356","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:31.970Z","@version":"1","message":"Sep 16 12:47:31 honeypot-sgp-1 sshd[24908]: Invalid user user from 45.61.186.249 port 50488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:42.976Z","@version":"1","message":"Sep 16 12:47:42 honeypot-sgp-1 kernel: [84208568.753466] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=8580 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:57.984Z","@version":"1","message":"Sep 16 12:47:57 honeypot-sgp-1 sshd[24914]: Disconnected from invalid user user 45.61.186.249 port 55802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:55:57 honeypot-fra-1 sshd[22079]: Received disconnect from 165.22.45.108 port 43606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T12:55:58.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:58:07 honeypot-ams-1 sshd[31415]: Disconnected from authenticating user root 92.255.85.69 port 52474 [preauth]","@timestamp":"2022-09-16T12:58:08.488Z"}
{"@timestamp":"2022-09-16T12:58:21.241Z","@version":"1","message":"Sep 16 12:58:21 honeypot-sgp-1 kernel: [84209206.980322] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.175.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=18743 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:01 honeypot-fra-1 sshd[22085]: Did not receive identification string from 57.128.11.39 port 56340","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22087]: Invalid user admin from 57.128.11.39 port 57362","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22094]: Connection closed by authenticating user root 57.128.11.39 port 57382 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22086]: Connection closed by invalid user user 57.128.11.39 port 57376 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22096]: Connection closed by invalid user devops 57.128.11.39 port 57472 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22104]: Invalid user mc from 57.128.11.39 port 57394","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22105]: Connection closed by invalid user oracle 57.128.11.39 port 57400 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22117]: Invalid user oracle from 57.128.11.39 port 57462","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22116]: Invalid user esuser from 57.128.11.39 port 57464","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22111]: Connection closed by authenticating user root 57.128.11.39 port 57414 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:20 honeypot-fra-1 sshd[22151]: Disconnected from authenticating user root 92.255.85.70 port 39948 [preauth]","@timestamp":"2022-09-16T13:05:20.904Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:07:42.477Z","@version":"1","message":"Sep 16 13:07:41 honeypot-sgp-1 sshd[24922]: Connection closed by authenticating user nobody 179.60.147.69 port 6938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:11:01 honeypot-ams-1 sshd[31421]: Connection closed by authenticating user nobody 179.60.147.69 port 29854 [preauth]","@timestamp":"2022-09-16T13:11:01.813Z"}
{"@timestamp":"2022-09-16T13:11:57.584Z","@version":"1","message":"Sep 16 13:11:57 honeypot-sgp-1 sshd[24927]: Received disconnect from 92.255.85.70 port 59678:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:17:01.712Z","@version":"1","message":"Sep 16 13:17:01 honeypot-sgp-1 CRON[24930]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:17:01 honeypot-fra-1 CRON[22159]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T13:17:02.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:20:19 honeypot-ams-1 sshd[31427]: Invalid user super from 62.204.41.222 port 31528","@timestamp":"2022-09-16T13:20:20.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:21:27 honeypot-ams-1 sshd[31431]: Invalid user sysroot from 92.255.85.69 port 57784","@timestamp":"2022-09-16T13:21:28.085Z"}
{"@timestamp":"2022-09-16T13:27:59.985Z","@version":"1","message":"Sep 16 13:27:59 honeypot-sgp-1 sshd[24938]: Did not receive identification string from 193.142.146.50 port 40534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:28:47 honeypot-fra-1 sshd[22166]: Invalid user sysroot from 92.255.85.70 port 53222","@timestamp":"2022-09-16T13:28:48.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:30:01 honeypot-ams-1 sshd[31435]: Invalid user watanabe from 61.135.214.124 port 46757","@timestamp":"2022-09-16T13:30:02.306Z"}
{"@timestamp":"2022-09-16T13:30:30.050Z","@version":"1","message":"Sep 16 13:30:29 honeypot-sgp-1 sshd[24944]: Disconnected from authenticating user root 193.142.146.50 port 58088 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:31:43 honeypot-ams-1 sshd[31439]: Invalid user tose from 178.128.238.19 port 41936","@timestamp":"2022-09-16T13:31:44.352Z"}
{"@timestamp":"2022-09-16T13:32:06.094Z","@version":"1","message":"Sep 16 13:32:06 honeypot-sgp-1 sshd[24948]: Disconnected from authenticating user root 193.142.146.50 port 48118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:32:25 honeypot-ams-1 sshd[31443]: Disconnected from authenticating user root 128.199.1.140 port 41696 [preauth]","@timestamp":"2022-09-16T13:32:26.372Z"}
{"@timestamp":"2022-09-16T13:34:22.171Z","@version":"1","message":"Sep 16 13:34:21 honeypot-sgp-1 sshd[24954]: Disconnected from authenticating user root 193.142.146.50 port 56412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:36:15.220Z","@version":"1","message":"Sep 16 13:36:14 honeypot-sgp-1 sshd[24961]: Invalid user admin from 193.142.146.50 port 41450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:44:03 honeypot-ams-1 kernel: [84212424.468457] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=14.21.203.146 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=24973 DF PROTO=TCP SPT=54304 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:44:03.669Z"}
{"@timestamp":"2022-09-16T13:45:38.481Z","@version":"1","message":"Sep 16 13:45:37 honeypot-sgp-1 sshd[24966]: Did not receive identification string from 134.209.155.186 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:46:09 honeypot-ams-1 kernel: [84212550.411283] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=53898 PROTO=TCP SPT=40707 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:46:09.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:48:05 honeypot-fra-1 kernel: [84210499.435453] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=203.172.109.165 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=45329 PROTO=TCP SPT=55874 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:48:05.888Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:51:32 honeypot-ams-1 sshd[31454]: Disconnected from authenticating user root 190.145.12.233 port 39782 [preauth]","@timestamp":"2022-09-16T13:51:32.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:52:09 honeypot-fra-1 sshd[22174]: Disconnected from invalid user remote 92.255.85.70 port 55650 [preauth]","@timestamp":"2022-09-16T13:52:09.984Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:53:06.677Z","@version":"1","message":"Sep 16 13:53:06 honeypot-sgp-1 kernel: [84212491.799323] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=9722 PROTO=TCP SPT=44460 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:54:04 honeypot-ams-1 kernel: [84213025.912929] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59146 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:54:04.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:55:35 honeypot-ams-1 sshd[31464]: Connection closed by invalid user pi 73.173.30.173 port 58118 [preauth]","@timestamp":"2022-09-16T13:55:35.983Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:57:04 honeypot-fra-1 sshd[22179]: Received disconnect from 206.81.5.191 port 48630:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:57:05.098Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:58:18 honeypot-ams-1 sshd[31468]: Received disconnect from 140.238.167.51 port 52056:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:58:19.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:59:30 honeypot-ams-1 sshd[31473]: Disconnected from authenticating user root 106.215.82.197 port 15860 [preauth]","@timestamp":"2022-09-16T13:59:31.093Z"}
{"@timestamp":"2022-09-16T14:00:12.854Z","@version":"1","message":"Sep 16 14:00:12 honeypot-sgp-1 kernel: [84212917.957379] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.225.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=53652 PROTO=TCP SPT=51503 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:00:23 honeypot-fra-1 sshd[22183]: Received disconnect from 59.26.216.102 port 48964:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:00:24.175Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:02:18.911Z","@version":"1","message":"Sep 16 14:02:18 honeypot-sgp-1 sshd[24978]: Invalid user user from 45.61.184.204 port 52180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:38.921Z","@version":"1","message":"Sep 16 14:02:38 honeypot-sgp-1 sshd[24982]: Invalid user user from 45.61.184.204 port 47010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:56.931Z","@version":"1","message":"Sep 16 14:02:56 honeypot-sgp-1 sshd[24986]: Invalid user user from 45.61.184.204 port 41830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:03:03 honeypot-ams-1 sshd[31477]: Received disconnect from 64.227.36.9 port 60030:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:03:04.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:05:34 honeypot-ams-1 sshd[31482]: Received disconnect from 81.1.219.10 port 50640:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:05:35.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:05:47 honeypot-fra-1 sshd[22255]: Disconnected from authenticating user root 20.40.73.192 port 46674 [preauth]","@timestamp":"2022-09-16T14:05:48.295Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:06:53.030Z","@version":"1","message":"Sep 16 14:06:52 honeypot-sgp-1 sshd[24991]: Received disconnect from 110.39.147.66 port 16076:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:09:02 honeypot-ams-1 sshd[31486]: Disconnected from authenticating user root 79.225.75.199 port 53484 [preauth]","@timestamp":"2022-09-16T14:09:03.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:15:24 honeypot-fra-1 sshd[22263]: Disconnected from authenticating user root 92.255.85.69 port 17186 [preauth]","@timestamp":"2022-09-16T14:15:24.513Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:17:01 honeypot-ams-1 CRON[31492]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T14:17:02.551Z"}
{"@timestamp":"2022-09-16T14:20:31.390Z","@version":"1","message":"Sep 16 14:20:31 honeypot-sgp-1 sshd[25431]: Connection closed by invalid user centos 179.60.147.69 port 42182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:21:23 honeypot-fra-1 sshd[22270]: Connection closed by authenticating user root 141.98.10.158 port 44512 [preauth]","@timestamp":"2022-09-16T14:21:24.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:23:51 honeypot-ams-1 sshd[31498]: Connection closed by invalid user centos 179.60.147.69 port 65096 [preauth]","@timestamp":"2022-09-16T14:23:51.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:24:36 honeypot-fra-1 sshd[22274]: Disconnected from invalid user database 103.45.69.246 port 55712 [preauth]","@timestamp":"2022-09-16T14:24:36.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:31:57 honeypot-ams-1 sshd[31505]: Invalid user admin from 92.255.85.69 port 51488","@timestamp":"2022-09-16T14:31:57.945Z"}
{"@timestamp":"2022-09-16T14:34:25.741Z","@version":"1","message":"Sep 16 14:34:25 honeypot-sgp-1 kernel: [84214971.106568] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.216.178.114 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=3417 PROTO=TCP SPT=26581 DPT=80 WINDOW=32718 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:38:52 honeypot-fra-1 sshd[22281]: Invalid user admin from 92.255.85.70 port 53288","@timestamp":"2022-09-16T14:38:52.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:47:37 honeypot-ams-1 sshd[31509]: Connection closed by invalid user pi 92.89.85.54 port 47030 [preauth]","@timestamp":"2022-09-16T14:47:38.354Z"}
{"@timestamp":"2022-09-16T14:48:09.080Z","@version":"1","message":"Sep 16 14:48:08 honeypot-sgp-1 kernel: [84215794.072200] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.251.17.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=6505 PROTO=TCP SPT=55361 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:48:45 honeypot-fra-1 sshd[22284]: Received disconnect from 167.99.236.74 port 50352:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:48:46.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:49:42 honeypot-ams-1 kernel: [84216363.674953] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.105.225.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=17809 PROTO=TCP SPT=1384 DPT=80 WINDOW=63880 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:49:42.410Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:53:27 honeypot-fra-1 sshd[22290]: Received disconnect from 165.22.45.108 port 53896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T14:53:27.429Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:59:09.364Z","@version":"1","message":"Sep 16 14:59:08 honeypot-sgp-1 sshd[25449]: Invalid user admin from 157.230.47.155 port 57108","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:00:31.399Z","@version":"1","message":"Sep 16 15:00:31 honeypot-sgp-1 kernel: [84216536.689526] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.127.126.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=52425 DF PROTO=TCP SPT=56282 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:02:03 honeypot-fra-1 kernel: [84214937.132693] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=38161 PROTO=TCP SPT=30411 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:02:04.624Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:04:41.503Z","@version":"1","message":"Sep 16 15:04:40 honeypot-sgp-1 sshd[25458]: Disconnected from invalid user zk 111.67.197.134 port 43248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:07:10 honeypot-ams-1 kernel: [84217412.122685] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=32519 PROTO=TCP SPT=40403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:07:10.865Z"}
{"@timestamp":"2022-09-16T15:09:33.625Z","@version":"1","message":"Sep 16 15:09:33 honeypot-sgp-1 sshd[25463]: Disconnected from authenticating user root 92.255.85.70 port 60150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:10:48 honeypot-fra-1 kernel: [84215462.241846] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:10:48.821Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:12:03.690Z","@version":"1","message":"Sep 16 15:12:03 honeypot-sgp-1 sshd[25469]: Invalid user cameras from 31.184.198.71 port 26373","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:28.703Z","@version":"1","message":"Sep 16 15:12:28 honeypot-sgp-1 sshd[25475]: Invalid user  from 31.184.198.71 port 51785","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:57.718Z","@version":"1","message":"Sep 16 15:12:57 honeypot-sgp-1 sshd[25481]: Invalid user admin from 31.184.198.71 port 40697","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:25.732Z","@version":"1","message":"Sep 16 15:13:25 honeypot-sgp-1 sshd[25487]: Disconnecting authenticating user root 31.184.198.71 port 17738: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:46.743Z","@version":"1","message":"Sep 16 15:13:46 honeypot-sgp-1 sshd[25493]: Disconnecting invalid user araknis 31.184.198.71 port 61113: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:20.761Z","@version":"1","message":"Sep 16 15:14:20 honeypot-sgp-1 sshd[25501]: Invalid user Admin from 31.184.198.71 port 1804","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:44.773Z","@version":"1","message":"Sep 16 15:14:44 honeypot-sgp-1 sshd[25508]: Invalid user guest from 31.184.198.71 port 14944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:16.789Z","@version":"1","message":"Sep 16 15:15:15 honeypot-sgp-1 sshd[25514]: Disconnecting invalid user  31.184.198.71 port 16995: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:15:24 honeypot-ams-1 sshd[31526]: Disconnected from authenticating user root 190.226.244.9 port 35548 [preauth]","@timestamp":"2022-09-16T15:15:25.076Z"}
{"@timestamp":"2022-09-16T15:15:51.808Z","@version":"1","message":"Sep 16 15:15:50 honeypot-sgp-1 sshd[25520]: Disconnecting invalid user admin 31.184.198.71 port 16090: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:16:16 honeypot-fra-1 kernel: [84215789.658589] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=13279 PROTO=TCP SPT=40483 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:16:16.944Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:16:24.827Z","@version":"1","message":"Sep 16 15:16:23 honeypot-sgp-1 sshd[25528]: Invalid user  from 31.184.198.71 port 43211","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:52.841Z","@version":"1","message":"Sep 16 15:16:52 honeypot-sgp-1 sshd[25536]: Invalid user admin from 31.184.198.71 port 20112","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:01.845Z","@version":"1","message":"Sep 16 15:17:01 honeypot-sgp-1 CRON[25540]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:22.857Z","@version":"1","message":"Sep 16 15:17:22 honeypot-sgp-1 sshd[25545]: Disconnecting invalid user  31.184.198.71 port 51214: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:58.874Z","@version":"1","message":"Sep 16 15:17:58 honeypot-sgp-1 sshd[25553]: Invalid user c1@r0 from 31.184.198.71 port 48307","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:18:25.889Z","@version":"1","message":"Sep 16 15:18:25 honeypot-sgp-1 sshd[25559]: Invalid user superonline from 31.184.198.71 port 23493","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:03.907Z","@version":"1","message":"Sep 16 15:19:03 honeypot-sgp-1 sshd[25565]: Invalid user Admin from 31.184.198.71 port 48754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:19:06 honeypot-ams-1 sshd[31534]: Received disconnect from 92.255.85.69 port 51564:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:19:07.174Z"}
{"@timestamp":"2022-09-16T15:19:24.918Z","@version":"1","message":"Sep 16 15:19:24 honeypot-sgp-1 sshd[25571]: Invalid user  from 31.184.198.71 port 22728","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:52.933Z","@version":"1","message":"Sep 16 15:19:52 honeypot-sgp-1 sshd[25578]: Invalid user  from 31.184.198.71 port 43822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:16.944Z","@version":"1","message":"Sep 16 15:20:16 honeypot-sgp-1 sshd[25584]: Invalid user admin from 31.184.198.71 port 46167","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:40.957Z","@version":"1","message":"Sep 16 15:20:40 honeypot-sgp-1 sshd[25590]: Disconnecting invalid user admin 31.184.198.71 port 17278: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:03.969Z","@version":"1","message":"Sep 16 15:21:03 honeypot-sgp-1 sshd[25596]: Disconnecting invalid user admin 31.184.198.71 port 44122: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:26.981Z","@version":"1","message":"Sep 16 15:21:26 honeypot-sgp-1 sshd[25602]: Disconnecting invalid user Shiko 31.184.198.71 port 11594: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:53.995Z","@version":"1","message":"Sep 16 15:21:53 honeypot-sgp-1 sshd[25608]: Disconnecting invalid user smcadmin 31.184.198.71 port 46623: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:22:07 honeypot-fra-1 sshd[22312]: Invalid user pi from 188.2.132.158 port 43678","@timestamp":"2022-09-16T15:22:07.080Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:22:27.012Z","@version":"1","message":"Sep 16 15:22:26 honeypot-sgp-1 sshd[25614]: Disconnecting invalid user highspeed 31.184.198.71 port 52658: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:52.025Z","@version":"1","message":"Sep 16 15:22:51 honeypot-sgp-1 sshd[25620]: Disconnecting invalid user  31.184.198.71 port 49330: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:19.039Z","@version":"1","message":"Sep 16 15:23:18 honeypot-sgp-1 sshd[25626]: Disconnecting invalid user public 31.184.198.71 port 32413: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:51.055Z","@version":"1","message":"Sep 16 15:23:50 honeypot-sgp-1 sshd[25634]: Invalid user 123456 from 31.184.198.71 port 22245","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:21.070Z","@version":"1","message":"Sep 16 15:24:20 honeypot-sgp-1 sshd[25640]: Invalid user readwrite from 31.184.198.71 port 45445","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:50.085Z","@version":"1","message":"Sep 16 15:24:49 honeypot-sgp-1 sshd[25647]: Invalid user DZY-W2914NSV2 from 31.184.198.71 port 24654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:24.103Z","@version":"1","message":"Sep 16 15:25:23 honeypot-sgp-1 sshd[25653]: Invalid user zoomadsl from 31.184.198.71 port 11615","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:52.118Z","@version":"1","message":"Sep 16 15:25:51 honeypot-sgp-1 sshd[25659]: Invalid user ltecl4r0 from 31.184.198.71 port 12286","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:27:42 honeypot-fra-1 sshd[22320]: Invalid user user from 45.61.187.160 port 43044","@timestamp":"2022-09-16T15:27:43.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:08 honeypot-fra-1 sshd[22324]: Invalid user user from 45.61.187.160 port 37402","@timestamp":"2022-09-16T15:28:08.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:28 honeypot-fra-1 sshd[22328]: Invalid user user from 45.61.187.160 port 60024","@timestamp":"2022-09-16T15:28:29.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:36 honeypot-fra-1 sshd[22330]: Disconnected from invalid user user 45.61.187.160 port 43080 [preauth]","@timestamp":"2022-09-16T15:28:37.227Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:33:46 honeypot-ams-1 sshd[31538]: Connection closed by invalid user zookeeper 103.188.176.251 port 51794 [preauth]","@timestamp":"2022-09-16T15:33:47.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:34:10 honeypot-fra-1 sshd[22338]: Connection closed by invalid user debian 179.60.147.69 port 62684 [preauth]","@timestamp":"2022-09-16T15:34:10.348Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:34:57.338Z","@version":"1","message":"Sep 16 15:34:57 honeypot-sgp-1 kernel: [84218602.837486] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.176.40.25 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=28958 PROTO=TCP SPT=42406 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22356]: Invalid user hadoop from 139.59.152.202 port 36144","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22353]: Invalid user oracle from 139.59.152.202 port 36138","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22364]: Invalid user es from 139.59.152.202 port 36166","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22346]: Connection closed by invalid user steam 139.59.152.202 port 36124 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22354]: Connection closed by invalid user spark 139.59.152.202 port 36142 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22356]: Connection closed by invalid user hadoop 139.59.152.202 port 36144 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22361]: Connection closed by invalid user deploy 139.59.152.202 port 36164 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22353]: Connection closed by invalid user oracle 139.59.152.202 port 36138 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22369]: Connection closed by invalid user www 139.59.152.202 port 36188 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:41:00 honeypot-ams-1 kernel: [84219441.346253] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.182 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=53011 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:41:00.731Z"}
{"@timestamp":"2022-09-16T15:41:38.520Z","@version":"1","message":"Sep 16 15:41:38 honeypot-sgp-1 sshd[25667]: Disconnected from authenticating user root 79.225.75.199 port 40288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:16 honeypot-ams-1 sshd[31547]: Received disconnect from 60.181.19.237 port 21542:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:16.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:22 honeypot-ams-1 sshd[31553]: Received disconnect from 60.181.19.237 port 21736:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:22.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:29 honeypot-ams-1 sshd[31561]: Received disconnect from 92.255.85.70 port 37266:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:30.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:35 honeypot-ams-1 sshd[31565]: Received disconnect from 60.181.19.237 port 22054:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:35.776Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:42:42 honeypot-ams-1 kernel: [84219543.917499] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58335 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:42:42.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:46 honeypot-ams-1 sshd[31575]: Disconnected from authenticating user root 60.181.19.237 port 22384 [preauth]","@timestamp":"2022-09-16T15:42:46.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:53 honeypot-ams-1 sshd[31581]: Disconnected from authenticating user root 60.181.19.237 port 22561 [preauth]","@timestamp":"2022-09-16T15:42:53.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:59 honeypot-ams-1 sshd[31587]: Disconnected from authenticating user root 60.181.19.237 port 22753 [preauth]","@timestamp":"2022-09-16T15:43:00.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:06 honeypot-ams-1 sshd[31593]: Disconnected from authenticating user root 60.181.19.237 port 22931 [preauth]","@timestamp":"2022-09-16T15:43:06.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:13 honeypot-ams-1 sshd[31599]: Disconnected from authenticating user root 60.181.19.237 port 22812 [preauth]","@timestamp":"2022-09-16T15:43:14.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:21 honeypot-ams-1 sshd[31605]: Disconnected from authenticating user root 60.181.19.237 port 23330 [preauth]","@timestamp":"2022-09-16T15:43:21.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:28 honeypot-ams-1 sshd[31611]: Disconnected from authenticating user root 60.181.19.237 port 23449 [preauth]","@timestamp":"2022-09-16T15:43:28.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:35 honeypot-ams-1 sshd[31617]: Received disconnect from 60.181.19.237 port 23718:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:35.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:39 honeypot-ams-1 sshd[31621]: Received disconnect from 60.181.19.237 port 23848:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:40.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:45 honeypot-ams-1 sshd[31625]: Received disconnect from 60.181.19.237 port 23957:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:45.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:49 honeypot-ams-1 sshd[31629]: Received disconnect from 60.181.19.237 port 23994:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:49.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:54 honeypot-ams-1 sshd[31633]: Received disconnect from 60.181.19.237 port 24814:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:54.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:58 honeypot-ams-1 sshd[31637]: Received disconnect from 60.181.19.237 port 24944:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:58.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:04 honeypot-ams-1 sshd[31643]: Invalid user pi from 60.181.19.237 port 25120","@timestamp":"2022-09-16T15:44:05.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:09 honeypot-ams-1 sshd[31647]: Invalid user user from 60.181.19.237 port 21565","@timestamp":"2022-09-16T15:44:09.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:15 honeypot-ams-1 sshd[31651]: Invalid user mine from 60.181.19.237 port 21757","@timestamp":"2022-09-16T15:44:15.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:19 honeypot-ams-1 sshd[31655]: Invalid user xbmc from 60.181.19.237 port 21922","@timestamp":"2022-09-16T15:44:19.866Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:24 honeypot-ams-1 sshd[31660]: Invalid user oracle from 60.181.19.237 port 22057","@timestamp":"2022-09-16T15:44:24.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:30 honeypot-ams-1 sshd[31664]: Invalid user postgres from 60.181.19.237 port 22198","@timestamp":"2022-09-16T15:44:30.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:36 honeypot-ams-1 sshd[31668]: Invalid user support from 60.181.19.237 port 22532","@timestamp":"2022-09-16T15:44:36.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:40 honeypot-ams-1 sshd[31672]: Invalid user ubuntu from 60.181.19.237 port 22757","@timestamp":"2022-09-16T15:44:40.880Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:46 honeypot-ams-1 sshd[31676]: Invalid user ubuntu from 60.181.19.237 port 22957","@timestamp":"2022-09-16T15:44:46.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:50 honeypot-ams-1 sshd[31680]: Invalid user guest from 60.181.19.237 port 23113","@timestamp":"2022-09-16T15:44:50.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:55 honeypot-ams-1 sshd[31684]: Invalid user cirros from 60.181.19.237 port 23253","@timestamp":"2022-09-16T15:44:55.890Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:47:49 honeypot-ams-1 sshd[31688]: Invalid user farid from 134.209.244.230 port 58858","@timestamp":"2022-09-16T15:47:49.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:49:44 honeypot-fra-1 sshd[22403]: Received disconnect from 92.255.85.69 port 61744:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:49:44.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:52:53 honeypot-ams-1 sshd[31691]: Disconnected from authenticating user root 189.126.202.121 port 57097 [preauth]","@timestamp":"2022-09-16T15:52:54.099Z"}
{"@timestamp":"2022-09-16T15:53:03.799Z","@version":"1","message":"Sep 16 15:53:03 honeypot-sgp-1 kernel: [84219688.862564] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=220.250.62.12 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=3646 DF PROTO=TCP SPT=57578 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:00:05 honeypot-fra-1 kernel: [84218418.918921] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.44 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56991 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:00:05.938Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T16:00:58.991Z","@version":"1","message":"Sep 16 16:00:58 honeypot-sgp-1 sshd[25679]: Connection closed by invalid user developer 103.188.176.251 port 45788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:41.085Z","@version":"1","message":"Sep 16 16:04:40 honeypot-sgp-1 sshd[25686]: Received disconnect from 45.61.186.49 port 44288:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:04:44 honeypot-ams-1 sshd[31697]: Received disconnect from 92.255.85.69 port 51586:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:04:44.403Z"}
{"@timestamp":"2022-09-16T16:04:51.089Z","@version":"1","message":"Sep 16 16:04:50 honeypot-sgp-1 sshd[25690]: Received disconnect from 45.61.186.49 port 55672:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:09:29.206Z","@version":"1","message":"Sep 16 16:09:28 honeypot-sgp-1 sshd[25693]: Connection closed by invalid user user 179.60.147.69 port 29468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:11:38 honeypot-fra-1 sshd[22412]: Disconnected from authenticating user daemon 92.255.85.70 port 22120 [preauth]","@timestamp":"2022-09-16T16:11:39.198Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T16:17:01.427Z","@version":"1","message":"Sep 16 16:17:01 honeypot-sgp-1 CRON[25700]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:17:00 honeypot-ams-1 kernel: [84221602.265511] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=45038 PROTO=TCP SPT=61509 DPT=80 WINDOW=45325 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:17:01.716Z"}
{"@timestamp":"2022-09-16T16:18:09.457Z","@version":"1","message":"Sep 16 16:18:08 honeypot-sgp-1 sshd[25705]: Received disconnect from 103.221.221.247 port 45590:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:18:47.474Z","@version":"1","message":"Sep 16 16:18:47 honeypot-sgp-1 sshd[25709]: Received disconnect from 92.255.85.70 port 16112:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:19:00 honeypot-fra-1 sshd[22418]: Received disconnect from 104.236.122.193 port 59650:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:19:01.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:23:35 honeypot-fra-1 kernel: [84219828.948207] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=197.221.80.136 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59539 DF PROTO=TCP SPT=56409 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:23:36.472Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:34 honeypot-fra-1 sshd[22428]: Received disconnect from 187.116.49.64 port 47063:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:35.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:41 honeypot-fra-1 sshd[22434]: Received disconnect from 187.116.49.64 port 47066:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:41.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:47 honeypot-fra-1 sshd[22440]: Received disconnect from 187.116.49.64 port 47069:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:48.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:54 honeypot-fra-1 sshd[22446]: Received disconnect from 187.116.49.64 port 47072:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:54.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:00 honeypot-fra-1 sshd[22452]: Received disconnect from 187.116.49.64 port 47075:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:01.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:07 honeypot-fra-1 sshd[22458]: Received disconnect from 187.116.49.64 port 47078:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:07.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:13 honeypot-fra-1 sshd[22464]: Received disconnect from 187.116.49.64 port 47081:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:14.519Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:20 honeypot-fra-1 sshd[22470]: Received disconnect from 187.116.49.64 port 47084:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:20.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:26 honeypot-fra-1 sshd[22476]: Received disconnect from 187.116.49.64 port 47087:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:27.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:33 honeypot-fra-1 sshd[22482]: Received disconnect from 187.116.49.64 port 47090:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:34.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:40 honeypot-fra-1 sshd[22488]: Received disconnect from 187.116.49.64 port 47093:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:40.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:46 honeypot-fra-1 sshd[22494]: Received disconnect from 187.116.49.64 port 47096:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:46.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:50 honeypot-fra-1 sshd[22498]: Received disconnect from 187.116.49.64 port 47098:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:51.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:55 honeypot-fra-1 sshd[22502]: Received disconnect from 187.116.49.64 port 47100:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:55.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:59 honeypot-fra-1 sshd[22506]: Received disconnect from 187.116.49.64 port 47102:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:59.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:03 honeypot-fra-1 sshd[22510]: Received disconnect from 187.116.49.64 port 47104:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:03.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:07 honeypot-fra-1 sshd[22514]: Received disconnect from 187.116.49.64 port 47106:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:08.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:12 honeypot-fra-1 sshd[22518]: Disconnected from authenticating user root 187.116.49.64 port 47108 [preauth]","@timestamp":"2022-09-16T16:26:12.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:18 honeypot-fra-1 sshd[22524]: Invalid user pi from 187.116.49.64 port 47111","@timestamp":"2022-09-16T16:26:18.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:22 honeypot-fra-1 sshd[22528]: Invalid user ethos from 187.116.49.64 port 47113","@timestamp":"2022-09-16T16:26:22.610Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:26 honeypot-fra-1 sshd[22532]: Invalid user miner from 187.116.49.64 port 47115","@timestamp":"2022-09-16T16:26:27.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:31 honeypot-fra-1 sshd[22536]: Invalid user volumio from 187.116.49.64 port 47117","@timestamp":"2022-09-16T16:26:31.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:35 honeypot-fra-1 sshd[22540]: Invalid user nagios from 187.116.49.64 port 47062","@timestamp":"2022-09-16T16:26:36.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:40 honeypot-fra-1 sshd[22544]: Invalid user vagrant from 187.116.49.64 port 47064","@timestamp":"2022-09-16T16:26:40.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:44 honeypot-fra-1 sshd[22548]: Invalid user debian from 187.116.49.64 port 47066","@timestamp":"2022-09-16T16:26:44.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:48 honeypot-fra-1 sshd[22552]: Invalid user debian from 187.116.49.64 port 47068","@timestamp":"2022-09-16T16:26:49.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:52 honeypot-fra-1 sshd[22556]: Invalid user alarm from 187.116.49.64 port 47070","@timestamp":"2022-09-16T16:26:53.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:56 honeypot-fra-1 sshd[22560]: Invalid user test from 187.116.49.64 port 47072","@timestamp":"2022-09-16T16:26:57.629Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:27:01 honeypot-fra-1 sshd[22564]: Invalid user cirros from 187.116.49.64 port 47074","@timestamp":"2022-09-16T16:27:01.631Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:27:17 honeypot-ams-1 sshd[31709]: Received disconnect from 92.255.85.69 port 24236:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:27:17.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:34:21 honeypot-fra-1 sshd[22567]: Disconnected from invalid user adrian 92.255.85.69 port 17470 [preauth]","@timestamp":"2022-09-16T16:34:21.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T16:39:34.996Z","@version":"1","message":"Sep 16 16:39:34 honeypot-sgp-1 sshd[25715]: Invalid user frosty from 144.217.4.123 port 52470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:40:37 honeypot-ams-1 kernel: [84223018.294476] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.156.155.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11307 PROTO=TCP SPT=45326 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:40:37.328Z"}
{"@timestamp":"2022-09-16T16:41:06.036Z","@version":"1","message":"Sep 16 16:41:05 honeypot-sgp-1 kernel: [84222571.298522] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=213.47.240.171 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=21981 DF PROTO=TCP SPT=39291 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:42:55 honeypot-ams-1 sshd[31715]: Disconnected from invalid user user 209.14.136.27 port 40338 [preauth]","@timestamp":"2022-09-16T16:42:56.390Z"}
{"@timestamp":"2022-09-16T16:45:09.136Z","@version":"1","message":"Sep 16 16:45:09 honeypot-sgp-1 sshd[25724]: Received disconnect from 69.10.39.91 port 47158:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:45:59 honeypot-ams-1 sshd[31721]: Received disconnect from 206.189.42.104 port 41662:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:46:00.471Z"}
{"@timestamp":"2022-09-16T16:46:25.171Z","@version":"1","message":"Sep 16 16:46:24 honeypot-sgp-1 sshd[25730]: Received disconnect from 157.230.245.64 port 38626:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:48:05 honeypot-ams-1 sshd[31726]: Disconnected from authenticating user root 46.101.244.79 port 45768 [preauth]","@timestamp":"2022-09-16T16:48:06.526Z"}
{"@timestamp":"2022-09-16T16:49:06.238Z","@version":"1","message":"Sep 16 16:49:05 honeypot-sgp-1 sshd[25734]: Disconnected from authenticating user root 106.245.234.10 port 56912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:50:48 honeypot-fra-1 sshd[22590]: Invalid user lhdong from 165.22.45.108 port 35952","@timestamp":"2022-09-16T16:50:49.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:53:10 honeypot-ams-1 kernel: [84223771.965172] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=217.77.61.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=48564 PROTO=TCP SPT=34231 DPT=80 WINDOW=57319 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:53:11.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:56:26 honeypot-fra-1 sshd[22595]: Did not receive identification string from 45.61.184.204 port 59294","@timestamp":"2022-09-16T16:56:27.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:56:59 honeypot-fra-1 sshd[22598]: Disconnected from invalid user user 45.61.184.204 port 56680 [preauth]","@timestamp":"2022-09-16T16:56:59.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:18 honeypot-fra-1 sshd[22602]: Disconnected from invalid user user 45.61.184.204 port 51368 [preauth]","@timestamp":"2022-09-16T16:57:19.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:36 honeypot-fra-1 sshd[22606]: Disconnected from invalid user user 45.61.184.204 port 46052 [preauth]","@timestamp":"2022-09-16T16:57:37.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:58:36 honeypot-fra-1 sshd[22614]: Did not receive identification string from 194.163.169.7 port 10413","@timestamp":"2022-09-16T16:58:36.382Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:13 honeypot-ams-1 sshd[31736]: Disconnected from invalid user user 45.61.187.160 port 55178 [preauth]","@timestamp":"2022-09-16T17:01:13.894Z"}
{"@timestamp":"2022-09-16T17:01:24.537Z","@version":"1","message":"Sep 16 17:01:23 honeypot-sgp-1 sshd[25741]: Invalid user win from 220.203.8.38 port 49788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:32 honeypot-ams-1 sshd[31740]: Disconnected from invalid user user 45.61.187.160 port 49482 [preauth]","@timestamp":"2022-09-16T17:01:32.905Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:51 honeypot-ams-1 sshd[31744]: Disconnected from invalid user user 45.61.187.160 port 43796 [preauth]","@timestamp":"2022-09-16T17:01:51.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:02:08 honeypot-ams-1 sshd[31748]: Disconnected from invalid user user 45.61.187.160 port 38090 [preauth]","@timestamp":"2022-09-16T17:02:08.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:07:36 honeypot-fra-1 sshd[22620]: Received disconnect from 183.194.1.194 port 39666:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:07:37.593Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:09:01.719Z","@version":"1","message":"Sep 16 17:09:01 honeypot-sgp-1 CRON[25746]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:09:01 honeypot-fra-1 CRON[22625]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T17:09:02.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:11:10 honeypot-ams-1 kernel: [84224852.115838] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.134.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51138 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:11:11.157Z"}
{"@timestamp":"2022-09-16T17:17:34.926Z","@version":"1","message":"Sep 16 17:17:34 honeypot-sgp-1 kernel: [84224759.856763] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.137.180 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=49520 PROTO=TCP SPT=25575 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:18:52 honeypot-fra-1 kernel: [84223145.514422] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=33486 PROTO=TCP SPT=48133 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:18:53.160Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:19:32 honeypot-ams-1 kernel: [84225353.523156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.77.157.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=30594 PROTO=TCP SPT=46360 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:19:32.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:23:01 honeypot-fra-1 sshd[22639]: Connection closed by invalid user user 179.60.147.69 port 31666 [preauth]","@timestamp":"2022-09-16T17:23:02.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:25:11 honeypot-ams-1 kernel: [84225692.313260] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.208.169.221 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=29642 PROTO=TCP SPT=27118 DPT=443 WINDOW=17606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:25:11.520Z"}
{"@timestamp":"2022-09-16T17:26:11.137Z","@version":"1","message":"Sep 16 17:26:10 honeypot-sgp-1 kernel: [84225276.391084] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.129 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=26401 PROTO=TCP SPT=39515 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:12 honeypot-fra-1 kernel: [84223645.174171] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61019 PROTO=TCP SPT=49024 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:27:12.352Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T17:28:05.186Z","@version":"1","message":"Sep 16 17:28:05 honeypot-sgp-1 sshd[25760]: Disconnected from invalid user service 92.255.85.69 port 39674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:28:39 honeypot-fra-1 kernel: [84223733.045606] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42964 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:28:40.390Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:30:57 honeypot-ams-1 kernel: [84226039.205552] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.68 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=40807 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:30:58.669Z"}
{"@timestamp":"2022-09-16T17:34:25.340Z","@version":"1","message":"Sep 16 17:34:24 honeypot-sgp-1 kernel: [84225769.918915] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=47061 PROTO=TCP SPT=49640 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:36:18 honeypot-ams-1 sshd[31772]: Invalid user service from 92.255.85.70 port 62484","@timestamp":"2022-09-16T17:36:18.809Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:41:19 honeypot-ams-1 kernel: [84226661.022650] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59529 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:41:19.942Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:41:33 honeypot-fra-1 sshd[22651]: Invalid user admin from 141.98.10.158 port 55494","@timestamp":"2022-09-16T17:41:34.694Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:45:07.593Z","@version":"1","message":"Sep 16 17:45:07 honeypot-sgp-1 sshd[25767]: Received disconnect from 34.93.204.90 port 37068:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T17:47:19.648Z","@version":"1","message":"Sep 16 17:47:19 honeypot-sgp-1 sshd[25772]: Received disconnect from 41.77.186.96 port 56438:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:48:42 honeypot-fra-1 sshd[22656]: Invalid user liams from 165.22.45.108 port 41094","@timestamp":"2022-09-16T17:48:42.854Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:48:48.685Z","@version":"1","message":"Sep 16 17:48:48 honeypot-sgp-1 sshd[25776]: Disconnected from invalid user admin 64.227.185.119 port 43148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:55:52 honeypot-ams-1 sshd[31782]: Invalid user hc from 181.30.99.114 port 50892","@timestamp":"2022-09-16T17:55:53.313Z"}
{"@timestamp":"2022-09-16T17:57:37.894Z","@version":"1","message":"Sep 16 17:57:36 honeypot-sgp-1 kernel: [84227162.429211] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=38.68.52.28 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=5931 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:59:26 honeypot-fra-1 sshd[22662]: Connection closed by authenticating user nobody 179.60.147.69 port 26004 [preauth]","@timestamp":"2022-09-16T17:59:27.098Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:42 honeypot-fra-1 sshd[22667]: Invalid user user from 45.61.186.249 port 59068","@timestamp":"2022-09-16T18:02:43.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:02:45 honeypot-ams-1 sshd[31789]: Received disconnect from 52.183.141.32 port 58246:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:02:46.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:01 honeypot-fra-1 sshd[22671]: Invalid user user from 45.61.186.249 port 53506","@timestamp":"2022-09-16T18:03:02.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:20 honeypot-fra-1 sshd[22675]: Invalid user user from 45.61.186.249 port 47934","@timestamp":"2022-09-16T18:03:20.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:05:29 honeypot-fra-1 kernel: [84225942.127196] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48369 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:05:29.258Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:06:01 honeypot-ams-1 sshd[31793]: Connection closed by invalid user admin 165.232.158.22 port 37830 [preauth]","@timestamp":"2022-09-16T18:06:01.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:06:04 honeypot-ams-1 sshd[31799]: Connection closed by invalid user admin 165.232.158.22 port 37862 [preauth]","@timestamp":"2022-09-16T18:06:04.573Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:09:48 honeypot-ams-1 kernel: [84228369.826309] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.150.37.58 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=28190 PROTO=TCP SPT=46919 DPT=80 WINDOW=37063 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:09:48.671Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:12:40 honeypot-fra-1 kernel: [84226373.658588] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.97.141.112 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=44873 DF PROTO=TCP SPT=37208 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:12:41.423Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T18:14:33.318Z","@version":"1","message":"Sep 16 18:14:32 honeypot-sgp-1 sshd[25789]: Invalid user test from 92.255.85.69 port 53964","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:17:01 honeypot-fra-1 CRON[22685]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T18:17:01.527Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T18:18:12.407Z","@version":"1","message":"Sep 16 18:18:11 honeypot-sgp-1 kernel: [84228397.448132] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=8190 PROTO=TCP SPT=51874 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:18:37 honeypot-ams-1 kernel: [84228898.208495] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54828 PROTO=TCP SPT=51874 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:18:37.898Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:24:54 honeypot-ams-1 sshd[31812]: Disconnected from invalid user test 92.255.85.69 port 61302 [preauth]","@timestamp":"2022-09-16T18:24:55.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:26:04 honeypot-ams-1 sshd[31816]: Disconnected from invalid user admin 20.25.38.254 port 34024 [preauth]","@timestamp":"2022-09-16T18:26:05.091Z"}
{"@timestamp":"2022-09-16T18:31:18.722Z","@version":"1","message":"Sep 16 18:31:18 honeypot-sgp-1 sshd[25796]: Connection closed by authenticating user root 103.188.176.251 port 34362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:31:46 honeypot-fra-1 sshd[22690]: Disconnected from invalid user test 92.255.85.69 port 34080 [preauth]","@timestamp":"2022-09-16T18:31:46.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:36:01 honeypot-ams-1 sshd[31823]: Did not receive identification string from 46.19.141.122 port 41546","@timestamp":"2022-09-16T18:36:02.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:37:17 honeypot-ams-1 sshd[31828]: Received disconnect from 46.19.141.122 port 34466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:37:18.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:38:04 honeypot-ams-1 sshd[31834]: Invalid user admin from 46.19.141.122 port 45050","@timestamp":"2022-09-16T18:38:05.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:38:34 honeypot-ams-1 sshd[31838]: Received disconnect from 46.19.141.122 port 55618:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:38:35.440Z"}
{"@timestamp":"2022-09-16T18:39:26.919Z","@version":"1","message":"Sep 16 18:39:26 honeypot-sgp-1 kernel: [84229671.653770] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.172.44.162 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=8590 DF PROTO=TCP SPT=58012 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:39:40 honeypot-ams-1 sshd[31842]: Invalid user ubnt from 46.19.141.122 port 37966","@timestamp":"2022-09-16T18:39:41.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:40:04 honeypot-ams-1 sshd[31844]: Disconnected from invalid user support 46.19.141.122 port 43250 [preauth]","@timestamp":"2022-09-16T18:40:05.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:46:30 honeypot-fra-1 sshd[22697]: Invalid user liang from 165.22.45.108 port 46220","@timestamp":"2022-09-16T18:46:31.217Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:47:50 honeypot-ams-1 sshd[31849]: Invalid user sftpuser from 92.255.85.70 port 51604","@timestamp":"2022-09-16T18:47:50.684Z"}
{"@timestamp":"2022-09-16T18:48:11.127Z","@version":"1","message":"Sep 16 18:48:10 honeypot-sgp-1 sshd[25806]: Received disconnect from 122.155.169.49 port 46959:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:53:03 honeypot-ams-1 sshd[31852]: Received disconnect from 43.154.99.157 port 33092:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:53:03.825Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:55:27 honeypot-fra-1 kernel: [84228940.692866] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=90 TOS=0x00 PREC=0x00 TTL=250 ID=42699 PROTO=TCP SPT=16081 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:55:28.435Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T18:58:26.367Z","@version":"1","message":"Sep 16 18:58:25 honeypot-sgp-1 kernel: [84230811.208830] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.118.53.212 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=64290 PROTO=TCP SPT=39681 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:02:40 honeypot-fra-1 kernel: [84229373.909243] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=36376 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:02:41.600Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T19:04:38.514Z","@version":"1","message":"Sep 16 19:04:37 honeypot-sgp-1 sshd[25812]: Received disconnect from 178.128.159.1 port 56530:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:26.535Z","@version":"1","message":"Sep 16 19:05:26 honeypot-sgp-1 sshd[25817]: Invalid user user from 45.61.186.249 port 49612","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:46.545Z","@version":"1","message":"Sep 16 19:05:46 honeypot-sgp-1 sshd[25821]: Invalid user user from 45.61.186.249 port 43978","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:06:05.554Z","@version":"1","message":"Sep 16 19:06:04 honeypot-sgp-1 sshd[25825]: Invalid user user from 45.61.186.249 port 38300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:34 honeypot-ams-1 sshd[31931]: Invalid user user from 45.61.184.204 port 34268","@timestamp":"2022-09-16T19:06:35.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:53 honeypot-ams-1 sshd[31935]: Invalid user user from 45.61.184.204 port 56750","@timestamp":"2022-09-16T19:06:54.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:11 honeypot-ams-1 sshd[31939]: Invalid user user from 45.61.184.204 port 50998","@timestamp":"2022-09-16T19:07:12.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:26 honeypot-ams-1 sshd[31943]: Invalid user zaida from 159.223.195.196 port 50512","@timestamp":"2022-09-16T19:07:26.204Z"}
{"@timestamp":"2022-09-16T19:10:38.660Z","@version":"1","message":"Sep 16 19:10:37 honeypot-sgp-1 sshd[25830]: Invalid user debian from 179.60.147.69 port 54944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:11 honeypot-fra-1 sshd[22709]: Disconnected from authenticating user root 139.59.4.184 port 48160 [preauth]","@timestamp":"2022-09-16T19:11:12.793Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:11:13 honeypot-ams-1 kernel: [84232055.046932] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.182 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=55956 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:11:14.304Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:56 honeypot-fra-1 sshd[22715]: Received disconnect from 170.106.75.162 port 55020:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:11:56.813Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:13:58 honeypot-ams-1 sshd[31952]: Invalid user debian from 179.60.147.69 port 48346","@timestamp":"2022-09-16T19:13:58.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:17:01 honeypot-fra-1 CRON[22721]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T19:17:01.927Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:21:50 honeypot-ams-1 kernel: [84232691.943268] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.212.65.122 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=12820 DF PROTO=TCP SPT=64801 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:21:51.589Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:24:47 honeypot-fra-1 kernel: [84230700.695907] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=114.132.186.122 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=63389 PROTO=TCP SPT=48564 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:24:48.105Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T19:25:50.013Z","@version":"1","message":"Sep 16 19:25:49 honeypot-sgp-1 sshd[25839]: Invalid user admin1 from 92.255.85.69 port 51392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:33:05 honeypot-ams-1 kernel: [84233366.464060] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=57416 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:33:05.884Z"}
{"@timestamp":"2022-09-16T19:34:46.221Z","@version":"1","message":"Sep 16 19:34:45 honeypot-sgp-1 sshd[25842]: Disconnected from invalid user ygy 20.228.209.161 port 33908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:37:17 honeypot-fra-1 kernel: [84231449.872696] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=41073 PROTO=TCP SPT=56921 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:37:17.387Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:41:59 honeypot-fra-1 sshd[22739]: Received disconnect from 92.255.85.70 port 58120:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:42:00.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:46:59 honeypot-fra-1 kernel: [84232032.146917] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39415 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:46:59.608Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T19:47:01.509Z","@version":"1","message":"Sep 16 19:47:01 honeypot-sgp-1 sshd[25847]: Invalid user test from 179.60.147.69 port 54542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:47:52 honeypot-ams-1 sshd[31965]: Invalid user tony from 94.75.123.43 port 33444","@timestamp":"2022-09-16T19:47:52.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:49:35 honeypot-ams-1 sshd[31971]: Received disconnect from 46.19.141.122 port 59916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:49:35.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:50:42 honeypot-ams-1 sshd[31977]: Invalid user admin from 46.19.141.122 port 45872","@timestamp":"2022-09-16T19:50:43.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:16 honeypot-ams-1 sshd[31981]: Invalid user ubuntu from 46.19.141.122 port 60030","@timestamp":"2022-09-16T19:51:17.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:51:28 honeypot-fra-1 sshd[22750]: Received disconnect from 45.191.91.45 port 40732:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:51:29.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31992]: Invalid user ubuntu from 176.31.240.226 port 44158","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31999]: Invalid user user from 176.31.240.226 port 44180","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31999]: Connection closed by invalid user user 176.31.240.226 port 44180 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31990]: Connection closed by authenticating user root 176.31.240.226 port 44144 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[32002]: Invalid user teamspeak from 176.31.240.226 port 44182","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32021]: Connection closed by authenticating user root 176.31.240.226 port 44174 [preauth]","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32020]: Invalid user es from 176.31.240.226 port 44186","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:45 honeypot-ams-1 sshd[32036]: Invalid user www from 176.31.240.226 port 44156","@timestamp":"2022-09-16T19:51:46.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32040]: Connection closed by invalid user esuser 176.31.240.226 port 44128 [preauth]","@timestamp":"2022-09-16T19:51:47.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:47 honeypot-ams-1 sshd[32050]: Invalid user testuser from 176.31.240.226 port 44168","@timestamp":"2022-09-16T19:51:48.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:52:44 honeypot-ams-1 sshd[32054]: Invalid user ubnt from 46.19.141.122 port 53058","@timestamp":"2022-09-16T19:52:45.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:53:20 honeypot-ams-1 sshd[32058]: Received disconnect from 46.19.141.122 port 39004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:53:21.425Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:54:29 honeypot-fra-1 kernel: [84232482.304049] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=34961 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:54:29.783Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T19:55:17.699Z","@version":"1","message":"Sep 16 19:55:16 honeypot-sgp-1 kernel: [84234222.169037] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=247 ID=32148 PROTO=TCP SPT=52066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:56:58 honeypot-ams-1 sshd[32063]: Disconnected from invalid user cacheusr 138.68.166.112 port 43636 [preauth]","@timestamp":"2022-09-16T19:56:59.519Z"}
{"@timestamp":"2022-09-16T20:01:11.838Z","@version":"1","message":"Sep 16 20:01:10 honeypot-sgp-1 sshd[25856]: Invalid user admin from 137.184.225.34 port 48854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:03:07.885Z","@version":"1","message":"Sep 16 20:03:07 honeypot-sgp-1 kernel: [84234692.896428] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.199.202.242 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=10317 PROTO=TCP SPT=57141 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:05:03 honeypot-fra-1 sshd[22763]: Disconnected from authenticating user root 92.255.85.69 port 47814 [preauth]","@timestamp":"2022-09-16T20:05:04.015Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:06:04.955Z","@version":"1","message":"Sep 16 20:06:03 honeypot-sgp-1 kernel: [84234869.372318] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.176 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56371 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:09:02 honeypot-ams-1 kernel: [84235523.619384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.142 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=14606 PROTO=TCP SPT=46745 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:09:02.836Z"}
{"@timestamp":"2022-09-16T20:12:12.101Z","@version":"1","message":"Sep 16 20:12:12 honeypot-sgp-1 sshd[25867]: Disconnected from invalid user mysql 92.255.85.70 port 51310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:12:48 honeypot-fra-1 sshd[22770]: Invalid user admin from 118.42.18.46 port 53440","@timestamp":"2022-09-16T20:12:49.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:17:01 honeypot-fra-1 CRON[22775]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T20:17:01.279Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:17:01 honeypot-ams-1 CRON[32074]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T20:17:02.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:18 honeypot-ams-1 sshd[32078]: Disconnected from invalid user user 45.61.186.169 port 45668 [preauth]","@timestamp":"2022-09-16T20:19:19.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:34 honeypot-ams-1 sshd[32082]: Disconnected from invalid user user 45.61.186.169 port 40102 [preauth]","@timestamp":"2022-09-16T20:19:35.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:50 honeypot-ams-1 sshd[32086]: Disconnected from invalid user user 45.61.186.169 port 34536 [preauth]","@timestamp":"2022-09-16T20:19:50.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:20:04 honeypot-ams-1 sshd[32090]: Disconnected from invalid user user 45.61.186.169 port 57212 [preauth]","@timestamp":"2022-09-16T20:20:05.138Z"}
{"@timestamp":"2022-09-16T20:23:10.359Z","@version":"1","message":"Sep 16 20:23:09 honeypot-sgp-1 sshd[25873]: Invalid user guest from 179.60.147.69 port 27510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:24:16 honeypot-fra-1 sshd[22783]: Invalid user guest from 179.60.147.69 port 19088","@timestamp":"2022-09-16T20:24:17.446Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:26:29 honeypot-ams-1 sshd[32095]: Invalid user guest from 179.60.147.69 port 47212","@timestamp":"2022-09-16T20:26:29.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:30:49 honeypot-ams-1 sshd[32099]: Connection closed by authenticating user root 103.188.176.251 port 52952 [preauth]","@timestamp":"2022-09-16T20:30:49.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:30:56 honeypot-fra-1 kernel: [84234668.763695] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=57541 PROTO=TCP SPT=40204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:30:56.601Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:35:03.638Z","@version":"1","message":"Sep 16 20:35:03 honeypot-sgp-1 sshd[25877]: Received disconnect from 92.255.85.69 port 63614:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:40:03 honeypot-fra-1 kernel: [84235215.876298] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.54 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60636 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:40:03.804Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:40:27.766Z","@version":"1","message":"Sep 16 20:40:27 honeypot-sgp-1 sshd[25884]: Connection closed by authenticating user root 116.98.174.154 port 41468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:40:58.781Z","@version":"1","message":"Sep 16 20:40:57 honeypot-sgp-1 sshd[25890]: Connection closed by invalid user ftpuser 116.98.174.154 port 53536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:02.784Z","@version":"1","message":"Sep 16 20:41:02 honeypot-sgp-1 sshd[25896]: Connection closed by invalid user nginx 116.98.174.154 port 44896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:10.788Z","@version":"1","message":"Sep 16 20:41:10 honeypot-sgp-1 sshd[25902]: Connection closed by invalid user ubnt 116.98.174.154 port 34594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:22.794Z","@version":"1","message":"Sep 16 20:41:22 honeypot-sgp-1 sshd[25910]: Invalid user username from 116.98.174.154 port 56134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:31.800Z","@version":"1","message":"Sep 16 20:41:30 honeypot-sgp-1 sshd[25916]: Invalid user listd from 116.98.174.154 port 33994","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:38.803Z","@version":"1","message":"Sep 16 20:41:38 honeypot-sgp-1 sshd[25920]: Connection closed by authenticating user root 116.98.174.154 port 37364 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:55.812Z","@version":"1","message":"Sep 16 20:41:55 honeypot-sgp-1 sshd[25926]: Connection closed by invalid user admin 116.98.174.154 port 52992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:09.819Z","@version":"1","message":"Sep 16 20:42:09 honeypot-sgp-1 sshd[25934]: Invalid user ftpuser from 116.98.174.154 port 34646","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:12.820Z","@version":"1","message":"Sep 16 20:42:11 honeypot-sgp-1 sshd[25940]: Invalid user admin from 116.98.174.154 port 48124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:34.832Z","@version":"1","message":"Sep 16 20:42:34 honeypot-sgp-1 sshd[25948]: Invalid user ron from 116.98.174.154 port 43742","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:36.833Z","@version":"1","message":"Sep 16 20:42:36 honeypot-sgp-1 sshd[25952]: Invalid user kelly from 116.98.174.154 port 55142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:45.838Z","@version":"1","message":"Sep 16 20:42:45 honeypot-sgp-1 sshd[25958]: Invalid user user1 from 116.98.174.154 port 59858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:49.840Z","@version":"1","message":"Sep 16 20:42:49 honeypot-sgp-1 sshd[25964]: Invalid user informix from 116.98.174.154 port 35164","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:55.843Z","@version":"1","message":"Sep 16 20:42:55 honeypot-sgp-1 sshd[25972]: Invalid user guest from 116.98.174.154 port 51414","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:00.847Z","@version":"1","message":"Sep 16 20:43:00 honeypot-sgp-1 sshd[25978]: Invalid user amosdev from 116.98.174.154 port 36278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:12.852Z","@version":"1","message":"Sep 16 20:43:12 honeypot-sgp-1 sshd[25984]: Connection closed by authenticating user root 116.98.174.154 port 47046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:43:13 honeypot-ams-1 kernel: [84237574.379251] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.17 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49247 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:43:13.735Z"}
{"@timestamp":"2022-09-16T20:43:19.856Z","@version":"1","message":"Sep 16 20:43:19 honeypot-sgp-1 sshd[25990]: Connection closed by invalid user rebecca 116.98.174.154 port 42814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:21.858Z","@version":"1","message":"Sep 16 20:43:21 honeypot-sgp-1 sshd[25996]: Connection closed by invalid user gary 116.98.174.154 port 41130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:43:29 honeypot-fra-1 kernel: [84235422.392745] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17361 PROTO=TCP SPT=54254 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:43:29.885Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:43:30.863Z","@version":"1","message":"Sep 16 20:43:30 honeypot-sgp-1 sshd[26005]: Connection closed by invalid user administrator 116.98.174.154 port 49944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:35.865Z","@version":"1","message":"Sep 16 20:43:35 honeypot-sgp-1 sshd[26010]: Connection closed by invalid user ggg 116.98.174.154 port 54014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:48.872Z","@version":"1","message":"Sep 16 20:43:48 honeypot-sgp-1 sshd[26016]: Connection closed by invalid user default 116.98.174.154 port 60366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:00.878Z","@version":"1","message":"Sep 16 20:44:00 honeypot-sgp-1 sshd[26024]: Invalid user dc5151 from 116.98.174.154 port 44326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:06.881Z","@version":"1","message":"Sep 16 20:44:06 honeypot-sgp-1 sshd[26028]: Connection closed by invalid user cusadmin 116.98.174.154 port 53932 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:07.882Z","@version":"1","message":"Sep 16 20:44:07 honeypot-sgp-1 sshd[26034]: Connection closed by invalid user minecraft 116.98.174.154 port 54688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:11.884Z","@version":"1","message":"Sep 16 20:44:10 honeypot-sgp-1 sshd[26038]: Connection closed by invalid user press 116.98.174.154 port 33606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:18.888Z","@version":"1","message":"Sep 16 20:44:18 honeypot-sgp-1 sshd[26048]: Invalid user test from 116.98.174.154 port 60824","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:35.896Z","@version":"1","message":"Sep 16 20:44:35 honeypot-sgp-1 sshd[26054]: Did not receive identification string from 45.61.186.169 port 37510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:51.904Z","@version":"1","message":"Sep 16 20:44:51 honeypot-sgp-1 sshd[26059]: Connection closed by invalid user office 116.98.174.154 port 59712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:58.907Z","@version":"1","message":"Sep 16 20:44:58 honeypot-sgp-1 sshd[26065]: Connection closed by invalid user 5fe5d4 116.98.174.154 port 48688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:07.912Z","@version":"1","message":"Sep 16 20:45:07 honeypot-sgp-1 sshd[26073]: Invalid user customs from 116.98.174.154 port 59558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:11.914Z","@version":"1","message":"Sep 16 20:45:11 honeypot-sgp-1 sshd[26077]: Invalid user service from 116.98.174.154 port 44756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:15.917Z","@version":"1","message":"Sep 16 20:45:15 honeypot-sgp-1 sshd[26082]: Disconnected from invalid user user 45.61.186.169 port 46126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:20.920Z","@version":"1","message":"Sep 16 20:45:20 honeypot-sgp-1 sshd[26090]: Connection closed by authenticating user root 116.98.174.154 port 50184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:22.921Z","@version":"1","message":"Sep 16 20:45:22 honeypot-sgp-1 sshd[26096]: Connection closed by invalid user super 116.98.174.154 port 39906 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:27.923Z","@version":"1","message":"Sep 16 20:45:27 honeypot-sgp-1 sshd[26102]: Invalid user www from 116.98.174.154 port 55836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:31.926Z","@version":"1","message":"Sep 16 20:45:31 honeypot-sgp-1 sshd[26104]: Invalid user user from 45.61.186.169 port 40516","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:37.929Z","@version":"1","message":"Sep 16 20:45:37 honeypot-sgp-1 sshd[26114]: Invalid user alpha from 116.98.174.154 port 51520","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:39.930Z","@version":"1","message":"Sep 16 20:45:39 honeypot-sgp-1 sshd[26118]: Disconnected from invalid user user 45.61.186.169 port 51824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:44.934Z","@version":"1","message":"Sep 16 20:45:44 honeypot-sgp-1 sshd[26126]: Connection closed by invalid user admin 116.98.174.154 port 53342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:49.936Z","@version":"1","message":"Sep 16 20:45:49 honeypot-sgp-1 sshd[26132]: Invalid user upload from 116.98.174.154 port 52722","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:54.938Z","@version":"1","message":"Sep 16 20:45:54 honeypot-sgp-1 sshd[26138]: Invalid user user from 45.61.186.169 port 46194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:56.939Z","@version":"1","message":"Sep 16 20:45:56 honeypot-sgp-1 sshd[26142]: Invalid user jay from 116.98.174.154 port 53354","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:02.944Z","@version":"1","message":"Sep 16 20:46:02 honeypot-sgp-1 sshd[26148]: Invalid user client from 116.98.174.154 port 39218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:10.948Z","@version":"1","message":"Sep 16 20:46:10 honeypot-sgp-1 sshd[26154]: Connection closed by invalid user jack 116.98.174.154 port 55156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:16.951Z","@version":"1","message":"Sep 16 20:46:16 honeypot-sgp-1 sshd[26160]: Invalid user steve from 116.98.174.154 port 37040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:19.953Z","@version":"1","message":"Sep 16 20:46:19 honeypot-sgp-1 sshd[26166]: Invalid user yang from 116.98.174.154 port 38490","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:30.958Z","@version":"1","message":"Sep 16 20:46:30 honeypot-sgp-1 sshd[26172]: Invalid user oracle from 116.98.174.154 port 41152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:34.961Z","@version":"1","message":"Sep 16 20:46:34 honeypot-sgp-1 sshd[26178]: Connection closed by invalid user rotarypoperinge 116.98.174.154 port 37772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:54.970Z","@version":"1","message":"Sep 16 20:46:54 honeypot-sgp-1 sshd[26186]: Connection closed by authenticating user root 116.98.174.154 port 49228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:08.977Z","@version":"1","message":"Sep 16 20:47:08 honeypot-sgp-1 sshd[26194]: Invalid user webmaster from 116.98.174.154 port 38866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:23.985Z","@version":"1","message":"Sep 16 20:47:23 honeypot-sgp-1 sshd[26200]: Invalid user admin from 116.98.174.154 port 41342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:34.991Z","@version":"1","message":"Sep 16 20:47:34 honeypot-sgp-1 sshd[26206]: Invalid user admin from 116.98.174.154 port 46868","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:40.993Z","@version":"1","message":"Sep 16 20:47:40 honeypot-sgp-1 sshd[26212]: Invalid user admin from 116.98.174.154 port 57854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:44.996Z","@version":"1","message":"Sep 16 20:47:44 honeypot-sgp-1 sshd[26218]: Invalid user keaton from 116.98.174.154 port 41324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:49.999Z","@version":"1","message":"Sep 16 20:47:49 honeypot-sgp-1 sshd[26224]: Connection closed by invalid user boss 116.98.174.154 port 45778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:58.002Z","@version":"1","message":"Sep 16 20:47:57 honeypot-sgp-1 sshd[26232]: Invalid user webmaster from 116.98.174.154 port 53372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:03.006Z","@version":"1","message":"Sep 16 20:48:02 honeypot-sgp-1 sshd[26238]: Connection closed by authenticating user root 116.98.174.154 port 53280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:06.008Z","@version":"1","message":"Sep 16 20:48:05 honeypot-sgp-1 sshd[26246]: Connection closed by invalid user admin 116.98.174.154 port 42468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:10.010Z","@version":"1","message":"Sep 16 20:48:09 honeypot-sgp-1 sshd[26252]: Connection closed by invalid user admin 116.98.174.154 port 34170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:13.012Z","@version":"1","message":"Sep 16 20:48:12 honeypot-sgp-1 sshd[26258]: Connection closed by invalid user odoo 116.98.174.154 port 51422 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:23.017Z","@version":"1","message":"Sep 16 20:48:22 honeypot-sgp-1 sshd[26264]: Connection closed by invalid user admin 116.98.174.154 port 49580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:45.029Z","@version":"1","message":"Sep 16 20:48:44 honeypot-sgp-1 sshd[26272]: Invalid user test from 116.98.174.154 port 48896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:54.033Z","@version":"1","message":"Sep 16 20:48:53 honeypot-sgp-1 sshd[26276]: Connection closed by invalid user apple 116.98.174.154 port 36312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:00.037Z","@version":"1","message":"Sep 16 20:48:59 honeypot-sgp-1 sshd[26284]: Invalid user carlos from 116.98.174.154 port 38916","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:10.042Z","@version":"1","message":"Sep 16 20:49:10 honeypot-sgp-1 sshd[26290]: Invalid user admi from 116.98.174.154 port 43822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:19.047Z","@version":"1","message":"Sep 16 20:49:18 honeypot-sgp-1 sshd[26296]: Invalid user michael from 116.98.174.154 port 55628","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:38.056Z","@version":"1","message":"Sep 16 20:49:37 honeypot-sgp-1 sshd[26302]: Invalid user sandesh from 116.98.174.154 port 47534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:41.058Z","@version":"1","message":"Sep 16 20:49:40 honeypot-sgp-1 sshd[26308]: Connection closed by invalid user hadoop 116.98.174.154 port 50178 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:43.059Z","@version":"1","message":"Sep 16 20:49:42 honeypot-sgp-1 sshd[26314]: Connection closed by invalid user contact 116.98.174.154 port 51598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:45.061Z","@version":"1","message":"Sep 16 20:49:44 honeypot-sgp-1 sshd[26322]: Invalid user ftp from 116.98.174.154 port 55486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:51.064Z","@version":"1","message":"Sep 16 20:49:50 honeypot-sgp-1 sshd[26326]: Invalid user abe from 116.98.174.154 port 59266","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:03.070Z","@version":"1","message":"Sep 16 20:50:02 honeypot-sgp-1 sshd[26332]: Connection closed by invalid user tmax 116.98.174.154 port 45384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:17.077Z","@version":"1","message":"Sep 16 20:50:16 honeypot-sgp-1 sshd[26341]: Invalid user a1 from 116.98.174.154 port 34282","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:27.082Z","@version":"1","message":"Sep 16 20:50:26 honeypot-sgp-1 sshd[26347]: Connection closed by invalid user ftpuser 116.98.174.154 port 55328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:28.082Z","@version":"1","message":"Sep 16 20:50:27 honeypot-sgp-1 sshd[26353]: Connection closed by invalid user 0f9246 116.98.174.154 port 42126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:36.087Z","@version":"1","message":"Sep 16 20:50:35 honeypot-sgp-1 sshd[26361]: Connection closed by invalid user test 116.98.174.154 port 37160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:48.093Z","@version":"1","message":"Sep 16 20:50:47 honeypot-sgp-1 sshd[26369]: Connection closed by invalid user test01 116.98.174.154 port 42936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:16.106Z","@version":"1","message":"Sep 16 20:51:15 honeypot-sgp-1 sshd[26377]: Invalid user nicole from 116.98.174.154 port 35282","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:21.109Z","@version":"1","message":"Sep 16 20:51:20 honeypot-sgp-1 sshd[26383]: Invalid user admin from 116.98.174.154 port 50780","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:31.114Z","@version":"1","message":"Sep 16 20:51:30 honeypot-sgp-1 sshd[26389]: Connection closed by invalid user psybnc 116.98.174.154 port 47064 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:36.116Z","@version":"1","message":"Sep 16 20:51:36 honeypot-sgp-1 sshd[26395]: Connection closed by invalid user incoming 116.98.174.154 port 58482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:40.118Z","@version":"1","message":"Sep 16 20:51:40 honeypot-sgp-1 sshd[26401]: Connection closed by invalid user chris 116.98.174.154 port 40328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:58.127Z","@version":"1","message":"Sep 16 20:51:57 honeypot-sgp-1 sshd[26411]: Connection closed by invalid user tester 116.98.174.154 port 56278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:05.131Z","@version":"1","message":"Sep 16 20:52:04 honeypot-sgp-1 sshd[26417]: Connection closed by invalid user www 116.98.174.154 port 49030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:18.138Z","@version":"1","message":"Sep 16 20:52:17 honeypot-sgp-1 sshd[26423]: Connection closed by invalid user postmaster 116.98.174.154 port 39424 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:22.140Z","@version":"1","message":"Sep 16 20:52:21 honeypot-sgp-1 sshd[26431]: Invalid user dummy from 116.98.174.154 port 60844","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:52:33 honeypot-ams-1 kernel: [84238134.692173] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=19448 PROTO=TCP SPT=49434 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:52:33.979Z"}
{"@timestamp":"2022-09-16T20:52:35.147Z","@version":"1","message":"Sep 16 20:52:34 honeypot-sgp-1 sshd[26437]: Connection closed by authenticating user root 116.98.174.154 port 41066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:41.150Z","@version":"1","message":"Sep 16 20:52:40 honeypot-sgp-1 sshd[26441]: Connection closed by invalid user operations 116.98.174.154 port 34400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:52.155Z","@version":"1","message":"Sep 16 20:52:51 honeypot-sgp-1 sshd[26447]: Connection closed by invalid user monolit1 116.98.174.154 port 47700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:00 honeypot-ams-1 sshd[32115]: Received disconnect from 80.76.51.189 port 59168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:53:00.995Z"}
{"@timestamp":"2022-09-16T20:53:03.162Z","@version":"1","message":"Sep 16 20:53:02 honeypot-sgp-1 sshd[26455]: Invalid user ncuser from 116.98.174.154 port 37416","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:23.171Z","@version":"1","message":"Sep 16 20:53:22 honeypot-sgp-1 sshd[26461]: Invalid user user1 from 116.98.174.154 port 47040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:36.177Z","@version":"1","message":"Sep 16 20:53:35 honeypot-sgp-1 sshd[26467]: Invalid user valerie from 116.98.174.154 port 49028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:40 honeypot-ams-1 sshd[32120]: Received disconnect from 45.61.186.49 port 60554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:53:41.016Z"}
{"@timestamp":"2022-09-16T20:53:42.180Z","@version":"1","message":"Sep 16 20:53:42 honeypot-sgp-1 sshd[26473]: Invalid user help from 116.98.174.154 port 48174","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:46.183Z","@version":"1","message":"Sep 16 20:53:45 honeypot-sgp-1 sshd[26477]: Connection closed by invalid user hyperic 116.98.174.154 port 54770 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:54 honeypot-ams-1 sshd[32124]: Received disconnect from 45.61.186.49 port 43606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:53:55.022Z"}
{"@timestamp":"2022-09-16T20:53:57.188Z","@version":"1","message":"Sep 16 20:53:56 honeypot-sgp-1 sshd[26483]: Connection closed by invalid user tracy 116.98.174.154 port 48970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:59 honeypot-ams-1 sshd[32128]: Disconnected from invalid user user 45.61.186.49 port 49186 [preauth]","@timestamp":"2022-09-16T20:54:00.026Z"}
{"@timestamp":"2022-09-16T20:54:04.192Z","@version":"1","message":"Sep 16 20:54:03 honeypot-sgp-1 sshd[26489]: Connection closed by invalid user 1 116.98.174.154 port 42572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:14.197Z","@version":"1","message":"Sep 16 20:54:13 honeypot-sgp-1 sshd[26495]: Connection closed by invalid user apache 116.98.174.154 port 58370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:24.202Z","@version":"1","message":"Sep 16 20:54:24 honeypot-sgp-1 sshd[26503]: Invalid user anthony from 116.98.174.154 port 35964","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:29.205Z","@version":"1","message":"Sep 16 20:54:28 honeypot-sgp-1 sshd[26509]: Connection closed by authenticating user root 116.98.174.154 port 51338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:39.209Z","@version":"1","message":"Sep 16 20:54:39 honeypot-sgp-1 sshd[26517]: Invalid user admin from 116.98.174.154 port 35836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:43.211Z","@version":"1","message":"Sep 16 20:54:42 honeypot-sgp-1 sshd[26523]: Invalid user geral from 116.98.174.154 port 44218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:50.215Z","@version":"1","message":"Sep 16 20:54:50 honeypot-sgp-1 sshd[26529]: Invalid user ubnt from 116.98.174.154 port 40320","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:07.224Z","@version":"1","message":"Sep 16 20:55:07 honeypot-sgp-1 sshd[26535]: Connection closed by invalid user training 116.98.174.154 port 60880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:55:21 honeypot-ams-1 sshd[32135]: Disconnected from authenticating user root 80.76.51.189 port 37604 [preauth]","@timestamp":"2022-09-16T20:55:22.066Z"}
{"@timestamp":"2022-09-16T20:55:31.236Z","@version":"1","message":"Sep 16 20:55:30 honeypot-sgp-1 sshd[26544]: Invalid user baba from 116.98.174.154 port 38114","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:36.238Z","@version":"1","message":"Sep 16 20:55:35 honeypot-sgp-1 sshd[26550]: Invalid user admin from 116.98.174.154 port 34888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:42.241Z","@version":"1","message":"Sep 16 20:55:41 honeypot-sgp-1 sshd[26558]: Invalid user production from 116.98.174.154 port 58002","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:47.245Z","@version":"1","message":"Sep 16 20:55:46 honeypot-sgp-1 sshd[26564]: Connection closed by invalid user nagios 116.98.174.154 port 50594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:53.248Z","@version":"1","message":"Sep 16 20:55:52 honeypot-sgp-1 sshd[26570]: Connection closed by invalid user nagios 116.98.174.154 port 47502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:58.250Z","@version":"1","message":"Sep 16 20:55:57 honeypot-sgp-1 sshd[26578]: Invalid user david from 116.98.174.154 port 57310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:13.258Z","@version":"1","message":"Sep 16 20:56:12 honeypot-sgp-1 sshd[26584]: Invalid user bananapi from 116.98.174.154 port 38004","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:22.263Z","@version":"1","message":"Sep 16 20:56:22 honeypot-sgp-1 sshd[26592]: Invalid user weblogic from 116.98.174.154 port 48934","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:29.268Z","@version":"1","message":"Sep 16 20:56:29 honeypot-sgp-1 sshd[26596]: Connection closed by invalid user admIndian 116.98.174.154 port 44212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:40.272Z","@version":"1","message":"Sep 16 20:56:39 honeypot-sgp-1 sshd[26604]: Invalid user admin from 116.98.174.154 port 58462","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:45.276Z","@version":"1","message":"Sep 16 20:56:45 honeypot-sgp-1 sshd[26610]: Connection closed by invalid user joggler 116.98.174.154 port 40478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:56:50 honeypot-ams-1 sshd[32142]: Disconnected from authenticating user root 80.76.51.189 port 47242 [preauth]","@timestamp":"2022-09-16T20:56:51.108Z"}
{"@timestamp":"2022-09-16T20:56:59.283Z","@version":"1","message":"Sep 16 20:56:58 honeypot-sgp-1 sshd[26618]: Invalid user dan from 116.98.174.154 port 59710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:57:06.286Z","@version":"1","message":"Sep 16 20:57:05 honeypot-sgp-1 sshd[26624]: Connection closed by authenticating user root 116.98.174.154 port 47498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:57:52 honeypot-ams-1 sshd[32146]: Disconnected from invalid user test 80.76.51.189 port 44254 [preauth]","@timestamp":"2022-09-16T20:57:53.137Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:58:45 honeypot-fra-1 sshd[22809]: Connection closed by authenticating user root 194.163.190.53 port 33030 [preauth]","@timestamp":"2022-09-16T20:58:46.222Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:58:46.328Z","@version":"1","message":"Sep 16 20:58:45 honeypot-sgp-1 sshd[26632]: Received disconnect from 92.255.85.69 port 45742:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:58:55 honeypot-ams-1 sshd[32150]: Disconnected from invalid user testuser 80.76.51.189 port 41260 [preauth]","@timestamp":"2022-09-16T20:58:56.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:59:58 honeypot-ams-1 sshd[32154]: Disconnected from invalid user ubuntu 80.76.51.189 port 38270 [preauth]","@timestamp":"2022-09-16T20:59:59.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:01 honeypot-ams-1 sshd[32159]: Disconnected from invalid user ubuntu 80.76.51.189 port 35286 [preauth]","@timestamp":"2022-09-16T21:01:02.226Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:45 honeypot-ams-1 sshd[32165]: Received disconnect from 179.171.158.147 port 59342:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:01:46.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:49 honeypot-ams-1 sshd[32169]: Disconnected from authenticating user root 179.171.158.147 port 59610 [preauth]","@timestamp":"2022-09-16T21:01:50.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:56 honeypot-ams-1 sshd[32175]: Disconnected from authenticating user root 179.171.158.147 port 59884 [preauth]","@timestamp":"2022-09-16T21:01:57.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:05 honeypot-ams-1 sshd[32181]: Disconnected from authenticating user root 179.171.158.147 port 60270 [preauth]","@timestamp":"2022-09-16T21:02:05.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:11 honeypot-ams-1 sshd[32187]: Disconnected from authenticating user root 179.171.158.147 port 60664 [preauth]","@timestamp":"2022-09-16T21:02:12.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:18 honeypot-ams-1 sshd[32193]: Disconnected from authenticating user root 179.171.158.147 port 60992 [preauth]","@timestamp":"2022-09-16T21:02:18.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:25 honeypot-ams-1 sshd[32199]: Disconnected from authenticating user root 179.171.158.147 port 33126 [preauth]","@timestamp":"2022-09-16T21:02:26.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:32 honeypot-ams-1 sshd[32205]: Connection closed by invalid user blank 179.60.147.69 port 36796 [preauth]","@timestamp":"2022-09-16T21:02:33.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:37 honeypot-ams-1 sshd[32211]: Disconnected from authenticating user root 179.171.158.147 port 33780 [preauth]","@timestamp":"2022-09-16T21:02:38.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:42 honeypot-ams-1 sshd[32217]: Received disconnect from 179.171.158.147 port 34014:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:42.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:49 honeypot-ams-1 sshd[32223]: Received disconnect from 179.171.158.147 port 34402:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:50.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:56 honeypot-ams-1 sshd[32229]: Received disconnect from 179.171.158.147 port 34786:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:57.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:02 honeypot-ams-1 sshd[32235]: Received disconnect from 179.171.158.147 port 35114:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:03.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:10 honeypot-ams-1 sshd[32241]: Invalid user admin from 179.171.158.147 port 35528","@timestamp":"2022-09-16T21:03:10.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:13 honeypot-ams-1 sshd[32247]: Invalid user postgres from 80.76.51.189 port 57544","@timestamp":"2022-09-16T21:03:14.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:17 honeypot-ams-1 sshd[32249]: Invalid user admin from 179.171.158.147 port 35910","@timestamp":"2022-09-16T21:03:17.391Z"}
{"@timestamp":"2022-09-16T21:03:21.436Z","@version":"1","message":"Sep 16 21:03:21 honeypot-sgp-1 sshd[26637]: Invalid user cmd from 81.16.121.206 port 5812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:22 honeypot-ams-1 sshd[32253]: Invalid user admin from 179.171.158.147 port 36140","@timestamp":"2022-09-16T21:03:23.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:27 honeypot-ams-1 sshd[32257]: Invalid user admin from 179.171.158.147 port 36408","@timestamp":"2022-09-16T21:03:27.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:03:28 honeypot-fra-1 sshd[22817]: Invalid user admin from 194.226.49.130 port 46096","@timestamp":"2022-09-16T21:03:29.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:32 honeypot-ams-1 sshd[32261]: Invalid user admin from 179.171.158.147 port 36672","@timestamp":"2022-09-16T21:03:33.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:37 honeypot-ams-1 sshd[32265]: Received disconnect from 179.171.158.147 port 36940:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:37.404Z"}
{"@timestamp":"2022-09-16T21:03:42.446Z","@version":"1","message":"Sep 16 21:03:41 honeypot-sgp-1 sshd[26641]: Invalid user ubnt from 71.206.128.118 port 48104","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:42 honeypot-ams-1 sshd[32269]: Disconnected from invalid user pi 179.171.158.147 port 37190 [preauth]","@timestamp":"2022-09-16T21:03:43.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:46 honeypot-ams-1 sshd[32273]: Disconnected from invalid user user 179.171.158.147 port 37448 [preauth]","@timestamp":"2022-09-16T21:03:47.410Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:49 honeypot-ams-1 sshd[32277]: Disconnected from authenticating user root 80.76.51.189 port 41936 [preauth]","@timestamp":"2022-09-16T21:03:49.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:54 honeypot-ams-1 sshd[32281]: Disconnected from invalid user miner 179.171.158.147 port 37792 [preauth]","@timestamp":"2022-09-16T21:03:54.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:59 honeypot-ams-1 sshd[32285]: Disconnected from invalid user volumio 179.171.158.147 port 38100 [preauth]","@timestamp":"2022-09-16T21:03:59.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:03 honeypot-ams-1 sshd[32289]: Disconnected from invalid user nagios 179.171.158.147 port 38304 [preauth]","@timestamp":"2022-09-16T21:04:03.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:08 honeypot-ams-1 sshd[32293]: Received disconnect from 179.171.158.147 port 38538:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:08.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:12 honeypot-ams-1 sshd[32297]: Received disconnect from 179.171.158.147 port 38818:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:13.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:16 honeypot-ams-1 sshd[32301]: Received disconnect from 179.171.158.147 port 39044:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:17.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:22 honeypot-ams-1 sshd[32305]: Received disconnect from 179.171.158.147 port 39352:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:23.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:24 honeypot-ams-1 sshd[32309]: Disconnected from authenticating user root 80.76.51.189 port 54560 [preauth]","@timestamp":"2022-09-16T21:04:25.436Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:28 honeypot-ams-1 sshd[32313]: Disconnected from invalid user cirros 179.171.158.147 port 39656 [preauth]","@timestamp":"2022-09-16T21:04:28.438Z"}
{"@timestamp":"2022-09-16T21:04:53.475Z","@version":"1","message":"Sep 16 21:04:53 honeypot-sgp-1 sshd[26645]: Received disconnect from 193.114.115.146 port 39808:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:00 honeypot-ams-1 sshd[32317]: Disconnected from invalid user odoo 80.76.51.189 port 38954 [preauth]","@timestamp":"2022-09-16T21:05:01.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:36 honeypot-ams-1 sshd[32322]: Disconnected from invalid user admin 182.52.90.164 port 34696 [preauth]","@timestamp":"2022-09-16T21:05:36.473Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:08:10 honeypot-fra-1 sshd[22822]: Invalid user music from 64.227.178.106 port 46428","@timestamp":"2022-09-16T21:08:11.442Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:11:35.630Z","@version":"1","message":"Sep 16 21:11:34 honeypot-sgp-1 sshd[26650]: Invalid user ubuntu from 66.76.55.84 port 52800","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:11:45.634Z","@version":"1","message":"Sep 16 21:11:45 honeypot-sgp-1 kernel: [84238810.540196] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=38330 DF PROTO=TCP SPT=60424 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:12:41.658Z","@version":"1","message":"Sep 16 21:12:40 honeypot-sgp-1 sshd[26656]: Disconnected from invalid user pi 82.112.131.162 port 37896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:13:02 honeypot-ams-1 kernel: [84239363.946617] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=36210 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:13:03.690Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:16:16 honeypot-fra-1 sshd[22827]: Received disconnect from 92.255.85.70 port 45038:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:16:17.632Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:18:10.786Z","@version":"1","message":"Sep 16 21:18:10 honeypot-sgp-1 sshd[26665]: Disconnected from authenticating user root 23.105.217.120 port 58786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22833]: Connection closed by invalid user testuser 134.209.151.21 port 49338 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22853]: Invalid user admin from 134.209.151.21 port 49348","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22838]: Invalid user ansible from 134.209.151.21 port 49370","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22837]: Connection closed by authenticating user root 134.209.151.21 port 49404 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22848]: Connection closed by authenticating user root 134.209.151.21 port 49350 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22852]: Connection closed by invalid user oracle 134.209.151.21 port 49368 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22841]: Connection closed by authenticating user root 134.209.151.21 port 49396 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:19:29 honeypot-ams-1 kernel: [84239751.052688] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=40887 DF PROTO=TCP SPT=60265 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:19:30.864Z"}
{"@timestamp":"2022-09-16T21:22:22.885Z","@version":"1","message":"Sep 16 21:22:22 honeypot-sgp-1 kernel: [84239447.759377] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=28432 PROTO=TCP SPT=13818 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:23:11 honeypot-fra-1 kernel: [84237803.780332] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=32134 DF PROTO=TCP SPT=63265 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:23:11.791Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:24:17 honeypot-ams-1 kernel: [84240038.251437] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24298 PROTO=TCP SPT=54254 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:24:17.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:28:19 honeypot-ams-1 sshd[32341]: Disconnected from invalid user temp 103.186.48.7 port 48810 [preauth]","@timestamp":"2022-09-16T21:28:20.097Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:34:14 honeypot-ams-1 kernel: [84240635.150683] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.48.122.52 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=44 ID=11457 PROTO=TCP SPT=49127 DPT=80 WINDOW=32991 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:34:14.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:36:28 honeypot-fra-1 sshd[22895]: Invalid user ubnt from 179.60.147.69 port 29908","@timestamp":"2022-09-16T21:36:29.092Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:39:51 honeypot-ams-1 kernel: [84240972.363592] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53981 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:39:51.415Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:12 honeypot-fra-1 sshd[22899]: Received disconnect from 122.53.86.126 port 51520:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:40:13.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:45 honeypot-fra-1 sshd[22903]: Disconnected from invalid user libevent 165.22.45.108 port 33408 [preauth]","@timestamp":"2022-09-16T21:40:46.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:41:32 honeypot-fra-1 sshd[22908]: Disconnected from invalid user galaxytab18 129.146.241.147 port 44576 [preauth]","@timestamp":"2022-09-16T21:41:33.213Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:45:24.411Z","@version":"1","message":"Sep 16 21:45:23 honeypot-sgp-1 sshd[26691]: Disconnected from invalid user admin 92.255.85.69 port 17872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:48:25 honeypot-ams-1 kernel: [84241486.607805] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5892 PROTO=TCP SPT=44127 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:48:25.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:53:50 honeypot-fra-1 sshd[22913]: Disconnected from invalid user remi 188.166.176.236 port 55178 [preauth]","@timestamp":"2022-09-16T21:53:51.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:56:40 honeypot-ams-1 kernel: [84241981.620684] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=18683 DF PROTO=TCP SPT=52440 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:56:40.855Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:57:12 honeypot-fra-1 sshd[22919]: Received disconnect from 138.197.19.166 port 59074:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:57:13.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:02:30 honeypot-fra-1 sshd[22924]: Received disconnect from 92.255.85.69 port 48954:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:02:30.684Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:03:26.825Z","@version":"1","message":"Sep 16 22:03:26 honeypot-sgp-1 sshd[26697]: Received disconnect from 43.155.70.28 port 59042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:05:53 honeypot-fra-1 sshd[22928]: Disconnected from invalid user ftpuser1 182.23.23.42 port 46856 [preauth]","@timestamp":"2022-09-16T22:05:54.760Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:08:10.936Z","@version":"1","message":"Sep 16 22:08:10 honeypot-sgp-1 kernel: [84242195.294407] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=51499 DF PROTO=TCP SPT=51972 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:08:44 honeypot-fra-1 sshd[22935]: Invalid user aj from 89.22.67.66 port 51118","@timestamp":"2022-09-16T22:08:44.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:09:37.971Z","@version":"1","message":"Sep 16 22:09:37 honeypot-sgp-1 kernel: [84242282.362476] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46395 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:10:08 honeypot-fra-1 sshd[22939]: Connection closed by invalid user guest 193.106.191.157 port 45330 [preauth]","@timestamp":"2022-09-16T22:10:08.892Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:10:49.002Z","@version":"1","message":"Sep 16 22:10:48 honeypot-sgp-1 sshd[26707]: Received disconnect from 45.61.184.204 port 44404:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:06.010Z","@version":"1","message":"Sep 16 22:11:05 honeypot-sgp-1 sshd[26711]: Received disconnect from 45.61.184.204 port 38844:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:23.018Z","@version":"1","message":"Sep 16 22:11:22 honeypot-sgp-1 sshd[26715]: Received disconnect from 45.61.184.204 port 33284:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:13:48 honeypot-ams-1 kernel: [84243010.016920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.22.30.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=64023 PROTO=TCP SPT=50479 DPT=80 WINDOW=5365 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:13:49.299Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:16:51 honeypot-fra-1 sshd[22946]: Connection closed by authenticating user root 194.163.190.53 port 39796 [preauth]","@timestamp":"2022-09-16T22:16:52.047Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:17:02.151Z","@version":"1","message":"Sep 16 22:17:01 honeypot-sgp-1 CRON[26722]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:19:58 honeypot-ams-1 sshd[32385]: Invalid user ubnt from 46.101.23.51 port 56416","@timestamp":"2022-09-16T22:19:58.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:22:42 honeypot-ams-1 sshd[32387]: Received disconnect from 45.120.69.82 port 47054:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:22:42.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:24:59 honeypot-fra-1 kernel: [84241511.536469] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=59583 DF PROTO=TCP SPT=61399 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T22:24:59.233Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:26:05 honeypot-fra-1 sshd[22958]: Disconnected from authenticating user root 92.255.85.70 port 22682 [preauth]","@timestamp":"2022-09-16T22:26:06.261Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:28:33.419Z","@version":"1","message":"Sep 16 22:28:32 honeypot-sgp-1 sshd[26726]: Received disconnect from 71.128.32.24 port 47356:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:30:09.460Z","@version":"1","message":"Sep 16 22:30:08 honeypot-sgp-1 sshd[26731]: Received disconnect from 143.198.209.48 port 37570:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:30:46 honeypot-ams-1 sshd[32392]: Invalid user admin from 210.183.21.48 port 24588","@timestamp":"2022-09-16T22:30:46.743Z"}
{"@timestamp":"2022-09-16T22:33:27.539Z","@version":"1","message":"Sep 16 22:33:26 honeypot-sgp-1 sshd[26735]: Received disconnect from 92.255.85.69 port 23638:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:34:33 honeypot-fra-1 sshd[22967]: Received disconnect from 159.65.218.99 port 58524:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:34:33.451Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:35:36 honeypot-ams-1 sshd[32397]: Received disconnect from 62.84.124.148 port 53124:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:35:36.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:41:42 honeypot-ams-1 sshd[32400]: Disconnected from invalid user mysql 92.255.85.69 port 58240 [preauth]","@timestamp":"2022-09-16T22:41:43.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:43:31 honeypot-fra-1 kernel: [84242623.908354] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.29 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=51689 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:43:31.652Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:36 honeypot-fra-1 sshd[22978]: Connection closed by invalid user admin 128.199.168.83 port 32278 [preauth]","@timestamp":"2022-09-16T22:44:36.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:25 honeypot-ams-1 sshd[32406]: Invalid user user from 45.61.184.204 port 40960","@timestamp":"2022-09-16T22:45:26.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:35 honeypot-ams-1 sshd[32410]: Disconnected from invalid user user 45.61.184.204 port 52162 [preauth]","@timestamp":"2022-09-16T22:45:36.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:54 honeypot-ams-1 sshd[32414]: Received disconnect from 45.61.184.204 port 46348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T22:45:55.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:46:11 honeypot-ams-1 sshd[32418]: Received disconnect from 45.61.184.204 port 40528:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T22:46:12.162Z"}
{"@timestamp":"2022-09-16T22:48:28.929Z","@version":"1","message":"Sep 16 22:48:28 honeypot-sgp-1 sshd[26738]: Received disconnect from 31.3.91.99 port 34866:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:48:58 honeypot-fra-1 sshd[22985]: Received disconnect from 92.255.85.70 port 42342:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:48:58.783Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:52:58 honeypot-ams-1 sshd[32423]: Invalid user pi from 220.71.14.93 port 36306","@timestamp":"2022-09-16T22:52:58.341Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:55:29 honeypot-fra-1 sshd[22990]: Invalid user guest from 193.106.191.157 port 47546","@timestamp":"2022-09-16T22:55:29.931Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:56:22.116Z","@version":"1","message":"Sep 16 22:56:21 honeypot-sgp-1 sshd[26743]: Disconnected from invalid user it.support 92.255.85.70 port 52892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:57:01 honeypot-ams-1 sshd[32428]: Connection closed by invalid user nginx 103.188.176.251 port 58862 [preauth]","@timestamp":"2022-09-16T22:57:01.449Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:02:38 honeypot-fra-1 kernel: [84243770.910386] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.161.27.89 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=48667 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:02:39.116Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:05:18 honeypot-ams-1 sshd[32431]: Disconnected from invalid user it.support 92.255.85.69 port 52694 [preauth]","@timestamp":"2022-09-16T23:05:18.652Z"}
{"@timestamp":"2022-09-16T23:05:56.339Z","@version":"1","message":"Sep 16 23:05:56 honeypot-sgp-1 sshd[26751]: Connection closed by invalid user admin 128.199.160.207 port 45914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:05:56.339Z","@version":"1","message":"Sep 16 23:05:56 honeypot-sgp-1 sshd[26757]: Connection closed by invalid user admin 128.199.160.207 port 45946 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:11.418Z","@version":"1","message":"Sep 16 23:09:10 honeypot-sgp-1 sshd[26760]: Disconnected from invalid user user 45.61.184.204 port 43744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:30.426Z","@version":"1","message":"Sep 16 23:09:30 honeypot-sgp-1 sshd[26764]: Disconnected from invalid user user 45.61.184.204 port 38362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:49.435Z","@version":"1","message":"Sep 16 23:09:49 honeypot-sgp-1 sshd[26768]: Disconnected from invalid user user 45.61.184.204 port 32976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:10:06.443Z","@version":"1","message":"Sep 16 23:10:05 honeypot-sgp-1 sshd[26772]: Disconnected from invalid user user 45.61.184.204 port 55824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:12:28 honeypot-fra-1 sshd[23000]: Disconnected from invalid user it.support 92.255.85.69 port 26620 [preauth]","@timestamp":"2022-09-16T23:12:29.337Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:14:53.555Z","@version":"1","message":"Sep 16 23:14:52 honeypot-sgp-1 sshd[26778]: Received disconnect from 45.61.186.49 port 58300:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:15:06.561Z","@version":"1","message":"Sep 16 23:15:06 honeypot-sgp-1 sshd[26782]: Received disconnect from 45.61.186.49 port 41330:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:17:01 honeypot-ams-1 CRON[32437]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T23:17:01.948Z"}
{"@timestamp":"2022-09-16T23:19:34.665Z","@version":"1","message":"Sep 16 23:19:33 honeypot-sgp-1 sshd[26789]: Invalid user admin from 92.255.85.69 port 47636","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:23:12 honeypot-fra-1 kernel: [84245004.612198] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42689 PROTO=TCP SPT=50037 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:23:12.579Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:08 honeypot-ams-1 sshd[32443]: Received disconnect from 185.172.77.242 port 59742:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:09.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32447]: Disconnected from authenticating user root 185.172.77.242 port 59770 [preauth]","@timestamp":"2022-09-16T23:25:10.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:10 honeypot-ams-1 sshd[32453]: Disconnected from authenticating user root 185.172.77.242 port 59798 [preauth]","@timestamp":"2022-09-16T23:25:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:10 honeypot-ams-1 sshd[32459]: Disconnected from authenticating user root 185.172.77.242 port 59836 [preauth]","@timestamp":"2022-09-16T23:25:11.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:11 honeypot-ams-1 sshd[32465]: Disconnected from authenticating user root 185.172.77.242 port 59868 [preauth]","@timestamp":"2022-09-16T23:25:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:12 honeypot-ams-1 sshd[32471]: Disconnected from authenticating user root 185.172.77.242 port 59914 [preauth]","@timestamp":"2022-09-16T23:25:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:13 honeypot-ams-1 sshd[32477]: Disconnected from authenticating user root 185.172.77.242 port 60050 [preauth]","@timestamp":"2022-09-16T23:25:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:14 honeypot-ams-1 sshd[32483]: Disconnected from authenticating user root 185.172.77.242 port 60098 [preauth]","@timestamp":"2022-09-16T23:25:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:14 honeypot-ams-1 sshd[32489]: Disconnected from authenticating user root 185.172.77.242 port 60154 [preauth]","@timestamp":"2022-09-16T23:25:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:15 honeypot-ams-1 sshd[32495]: Disconnected from authenticating user root 185.172.77.242 port 60198 [preauth]","@timestamp":"2022-09-16T23:25:16.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:16 honeypot-ams-1 sshd[32501]: Disconnected from authenticating user root 185.172.77.242 port 60266 [preauth]","@timestamp":"2022-09-16T23:25:17.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:17 honeypot-ams-1 sshd[32507]: Disconnected from authenticating user root 185.172.77.242 port 60304 [preauth]","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32513]: Received disconnect from 185.172.77.242 port 60346:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32517]: Received disconnect from 185.172.77.242 port 60370:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32521]: Received disconnect from 185.172.77.242 port 60408:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32525]: Received disconnect from 185.172.77.242 port 60428:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32529]: Received disconnect from 185.172.77.242 port 60448:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32533]: Received disconnect from 185.172.77.242 port 60476:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32539]: Invalid user pi from 185.172.77.242 port 60518","@timestamp":"2022-09-16T23:25:22.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32543]: Invalid user user from 185.172.77.242 port 60552","@timestamp":"2022-09-16T23:25:22.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32547]: Invalid user mine from 185.172.77.242 port 60582","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32551]: Invalid user xbmc from 185.172.77.242 port 60672","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32555]: Invalid user oracle from 185.172.77.242 port 60732","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32559]: Invalid user postgres from 185.172.77.242 port 60760","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32563]: Invalid user support from 185.172.77.242 port 60806","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32567]: Invalid user ubuntu from 185.172.77.242 port 60842","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32571]: Invalid user ubuntu from 185.172.77.242 port 60866","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32575]: Invalid user guest from 185.172.77.242 port 60920","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32579]: Invalid user cirros from 185.172.77.242 port 60954","@timestamp":"2022-09-16T23:25:27.168Z"}
{"@timestamp":"2022-09-16T23:25:35.829Z","@version":"1","message":"Sep 16 23:25:35 honeypot-sgp-1 sshd[26794]: Invalid user test from 179.60.147.69 port 3458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:26:42 honeypot-fra-1 sshd[23014]: Invalid user test from 179.60.147.69 port 9872","@timestamp":"2022-09-16T23:26:43.660Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:28:30 honeypot-ams-1 kernel: [84247491.188199] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.77 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=12750 PROTO=TCP SPT=39923 DPT=636 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:28:30.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:34 honeypot-fra-1 sshd[23023]: Connection closed by invalid user es 125.88.226.4 port 41652 [preauth]","@timestamp":"2022-09-16T23:29:34.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:35 honeypot-fra-1 sshd[23027]: Invalid user esuser from 125.88.226.4 port 41688","@timestamp":"2022-09-16T23:29:35.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:36 honeypot-fra-1 sshd[23022]: Connection closed by invalid user steam 125.88.226.4 port 41674 [preauth]","@timestamp":"2022-09-16T23:29:37.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:37 honeypot-fra-1 sshd[23051]: Connection closed by invalid user ftpuser 125.88.226.4 port 41660 [preauth]","@timestamp":"2022-09-16T23:29:38.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:40 honeypot-fra-1 sshd[23025]: Connection closed by invalid user postgres 125.88.226.4 port 41702 [preauth]","@timestamp":"2022-09-16T23:29:40.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:05 honeypot-fra-1 sshd[23020]: Invalid user esuser from 125.88.226.4 port 41684","@timestamp":"2022-09-16T23:30:06.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:08 honeypot-fra-1 sshd[23038]: Invalid user steam from 125.88.226.4 port 41720","@timestamp":"2022-09-16T23:30:09.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:13 honeypot-fra-1 sshd[23046]: Connection closed by invalid user ec2-user 125.88.226.4 port 41680 [preauth]","@timestamp":"2022-09-16T23:30:13.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:22 honeypot-fra-1 sshd[23040]: Connection closed by authenticating user root 125.88.226.4 port 41718 [preauth]","@timestamp":"2022-09-16T23:30:23.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:30:50 honeypot-ams-1 kernel: [84247631.439219] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=9432 DF PROTO=TCP SPT=61119 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T23:30:51.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:35:19 honeypot-ams-1 sshd[32592]: Invalid user test4 from 157.230.228.27 port 39718","@timestamp":"2022-09-16T23:35:20.477Z"}
{"@timestamp":"2022-09-16T23:36:02.070Z","@version":"1","message":"Sep 16 23:36:01 honeypot-sgp-1 sshd[26801]: Did not receive identification string from 207.65.145.87 port 45078","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:36:14 honeypot-fra-1 sshd[23077]: Received disconnect from 92.255.85.69 port 57706:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:36:14.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:42:31 honeypot-fra-1 sshd[23084]: Did not receive identification string from 109.248.6.112 port 57768","@timestamp":"2022-09-16T23:42:32.028Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:45:18.286Z","@version":"1","message":"Sep 16 23:45:17 honeypot-sgp-1 sshd[26805]: Disconnected from authenticating user root 172.87.22.100 port 35324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:53:19 honeypot-ams-1 sshd[32599]: Invalid user init from 92.255.85.69 port 27018","@timestamp":"2022-09-16T23:53:19.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:57:48 honeypot-fra-1 sshd[23093]: Invalid user  from 213.108.170.34 port 42776","@timestamp":"2022-09-16T23:57:48.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:00:02 honeypot-fra-1 sshd[23098]: Invalid user amy from 196.132.38.47 port 53771","@timestamp":"2022-09-17T00:00:02.427Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:00:06 honeypot-ams-1 kernel: [84249387.276629] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49138 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:00:07.129Z"}
{"@timestamp":"2022-09-17T00:01:54.673Z","@version":"1","message":"Sep 17 00:01:54 honeypot-sgp-1 sshd[26808]: Connection closed by invalid user support 179.60.147.69 port 6792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:02:11 honeypot-fra-1 sshd[23102]: Received disconnect from 186.117.165.67 port 48022:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:02:12.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:06:02 honeypot-fra-1 kernel: [84247574.976968] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=57408 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:06:03.569Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:13:24 honeypot-ams-1 kernel: [84250185.741219] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=65517 PROTO=TCP SPT=52804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:13:25.488Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:13:29 honeypot-fra-1 sshd[23113]: Received disconnect from 179.43.156.143 port 34974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:13:30.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:15:17 honeypot-fra-1 sshd[23119]: Received disconnect from 179.43.156.143 port 52834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:15:17.803Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:16:09.021Z","@version":"1","message":"Sep 17 00:16:08 honeypot-sgp-1 kernel: [84249873.798643] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50306 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:16:27 honeypot-fra-1 sshd[23123]: Disconnected from authenticating user root 179.43.156.143 port 45904 [preauth]","@timestamp":"2022-09-17T00:16:27.833Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:15 honeypot-fra-1 sshd[23130]: Connection closed by authenticating user root 194.163.190.53 port 44798 [preauth]","@timestamp":"2022-09-17T00:17:15.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:29 honeypot-ams-1 sshd[32612]: Did not receive identification string from 45.61.186.249 port 36736","@timestamp":"2022-09-17T00:17:30.598Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:36 honeypot-fra-1 sshd[23138]: Received disconnect from 179.43.156.143 port 39000:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:17:37.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:38 honeypot-fra-1 sshd[23140]: Disconnected from authenticating user root 27.77.249.10 port 48584 [preauth]","@timestamp":"2022-09-17T00:17:39.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:43 honeypot-fra-1 sshd[23146]: Disconnected from authenticating user root 27.77.249.10 port 48966 [preauth]","@timestamp":"2022-09-17T00:17:43.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:45 honeypot-ams-1 sshd[32617]: Invalid user user from 45.61.186.249 port 39544","@timestamp":"2022-09-17T00:17:46.608Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:47 honeypot-fra-1 sshd[23152]: Disconnected from authenticating user root 27.77.249.10 port 49110 [preauth]","@timestamp":"2022-09-17T00:17:47.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:51 honeypot-fra-1 sshd[23158]: Disconnected from authenticating user root 27.77.249.10 port 49404 [preauth]","@timestamp":"2022-09-17T00:17:51.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:55 honeypot-fra-1 sshd[23164]: Disconnected from authenticating user root 27.77.249.10 port 49582 [preauth]","@timestamp":"2022-09-17T00:17:55.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:59 honeypot-fra-1 sshd[23170]: Disconnected from authenticating user root 27.77.249.10 port 49836 [preauth]","@timestamp":"2022-09-17T00:18:00.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:03 honeypot-fra-1 sshd[23177]: Disconnected from authenticating user root 27.77.249.10 port 50012 [preauth]","@timestamp":"2022-09-17T00:18:04.880Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:04 honeypot-ams-1 sshd[32621]: Invalid user user from 45.61.186.249 port 33746","@timestamp":"2022-09-17T00:18:05.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:08 honeypot-fra-1 sshd[23183]: Disconnected from authenticating user root 27.77.249.10 port 50118 [preauth]","@timestamp":"2022-09-17T00:18:08.883Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:12 honeypot-fra-1 sshd[23189]: Disconnected from authenticating user root 27.77.249.10 port 50410 [preauth]","@timestamp":"2022-09-17T00:18:12.885Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:15 honeypot-fra-1 sshd[23195]: Received disconnect from 27.77.249.10 port 50516:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:15.887Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:19 honeypot-fra-1 sshd[23201]: Received disconnect from 27.77.249.10 port 50660:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:19.889Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:22 honeypot-ams-1 sshd[32625]: Invalid user user from 45.61.186.249 port 56168","@timestamp":"2022-09-17T00:18:22.627Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:23 honeypot-fra-1 sshd[23207]: Received disconnect from 27.77.249.10 port 50946:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:23.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:26 honeypot-fra-1 sshd[23211]: Received disconnect from 27.77.249.10 port 51016:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:26.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:29 honeypot-fra-1 sshd[23215]: Received disconnect from 27.77.249.10 port 51110:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:29.896Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:31 honeypot-fra-1 sshd[23219]: Received disconnect from 27.77.249.10 port 51328:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:32.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:34 honeypot-fra-1 sshd[23223]: Received disconnect from 27.77.249.10 port 51452:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:34.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:37 honeypot-fra-1 sshd[23227]: Received disconnect from 27.77.249.10 port 51526:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:37.902Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:39 honeypot-ams-1 sshd[32629]: Invalid user user from 45.61.186.249 port 50366","@timestamp":"2022-09-17T00:18:39.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:40 honeypot-fra-1 sshd[23231]: Disconnected from authenticating user root 27.77.249.10 port 51734 [preauth]","@timestamp":"2022-09-17T00:18:40.903Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:44 honeypot-fra-1 sshd[23237]: Invalid user pi from 27.77.249.10 port 51906","@timestamp":"2022-09-17T00:18:44.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:47 honeypot-fra-1 sshd[23241]: Invalid user ethos from 27.77.249.10 port 51990","@timestamp":"2022-09-17T00:18:47.907Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:49 honeypot-fra-1 sshd[23245]: Invalid user miner from 27.77.249.10 port 52198","@timestamp":"2022-09-17T00:18:49.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:51 honeypot-fra-1 sshd[23247]: Received disconnect from 27.77.249.10 port 52256:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:51.911Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:54 honeypot-fra-1 sshd[23253]: Received disconnect from 27.77.249.10 port 52382:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:54.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:56 honeypot-fra-1 sshd[23257]: Received disconnect from 27.77.249.10 port 52456:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:56.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:59 honeypot-fra-1 sshd[23261]: Received disconnect from 27.77.249.10 port 52650:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:59.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:02 honeypot-fra-1 sshd[23265]: Received disconnect from 27.77.249.10 port 52798:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:02.916Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:05 honeypot-fra-1 sshd[23269]: Received disconnect from 27.77.249.10 port 52900:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:05.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:08 honeypot-fra-1 sshd[23273]: Received disconnect from 27.77.249.10 port 52982:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:08.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:10 honeypot-fra-1 sshd[23277]: Received disconnect from 27.77.249.10 port 53208:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:10.922Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:28 honeypot-fra-1 sshd[23281]: Disconnected from authenticating user root 179.43.156.143 port 56890 [preauth]","@timestamp":"2022-09-17T00:19:28.930Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:20:08 honeypot-ams-1 sshd[32633]: Connection closed by invalid user pi 95.91.249.69 port 41101 [preauth]","@timestamp":"2022-09-17T00:20:08.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:20:52 honeypot-fra-1 sshd[23287]: Connection closed by invalid user git 141.98.10.158 port 49208 [preauth]","@timestamp":"2022-09-17T00:20:52.964Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:21:04.137Z","@version":"1","message":"Sep 17 00:21:03 honeypot-sgp-1 sshd[26818]: Disconnected from authenticating user root 157.230.132.100 port 34312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:21:21 honeypot-ams-1 sshd[32637]: Received disconnect from 202.47.117.222 port 60820:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:21:21.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:22:04 honeypot-fra-1 sshd[23293]: Disconnected from authenticating user root 179.43.156.143 port 43012 [preauth]","@timestamp":"2022-09-17T00:22:04.995Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:24:47 honeypot-ams-1 sshd[32640]: Disconnected from invalid user cui 187.190.40.6 port 10304 [preauth]","@timestamp":"2022-09-17T00:24:47.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32653]: Invalid user test from 36.93.83.5 port 43506","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32649]: Connection closed by authenticating user root 36.93.83.5 port 43270 [preauth]","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32664]: Connection closed by invalid user mysql 36.93.83.5 port 43468 [preauth]","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32648]: Connection closed by invalid user odoo 36.93.83.5 port 43374 [preauth]","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32687]: Invalid user chia from 36.93.83.5 port 43448","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32688]: Connection closed by authenticating user root 36.93.83.5 port 43292 [preauth]","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:32 honeypot-ams-1 sshd[32692]: Connection closed by invalid user esuser 36.93.83.5 port 43338 [preauth]","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:32 honeypot-ams-1 sshd[32696]: Connection closed by authenticating user root 36.93.83.5 port 43300 [preauth]","@timestamp":"2022-09-17T00:26:32.857Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:27:02 honeypot-fra-1 kernel: [84248834.236606] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37469 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:27:02.113Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:27:17 honeypot-ams-1 kernel: [84251018.399708] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.161.27.89 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=59159 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:27:17.878Z"}
{"@timestamp":"2022-09-17T00:29:47.344Z","@version":"1","message":"Sep 17 00:29:47 honeypot-sgp-1 sshd[26823]: Received disconnect from 92.255.85.69 port 47004:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:36:40 honeypot-fra-1 kernel: [84249413.013638] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=15996 PROTO=TCP SPT=45400 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:36:41.334Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:38:10 honeypot-ams-1 sshd[32707]: Invalid user admin from 128.199.42.242 port 35766","@timestamp":"2022-09-17T00:38:11.165Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:38:54 honeypot-ams-1 kernel: [84251715.721258] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17733 PROTO=TCP SPT=45433 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:38:55.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:40:52 honeypot-ams-1 sshd[32714]: Connection closed by 192.241.219.29 port 35052 [preauth]","@timestamp":"2022-09-17T00:40:53.242Z"}
{"@timestamp":"2022-09-17T00:41:13.614Z","@version":"1","message":"Sep 17 00:41:13 honeypot-sgp-1 kernel: [84251378.555136] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=43668 DF PROTO=TCP SPT=52824 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:41:40 honeypot-fra-1 sshd[23314]: Connection closed by invalid user user 193.106.191.157 port 58300 [preauth]","@timestamp":"2022-09-17T00:41:40.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:49:09 honeypot-fra-1 kernel: [84250161.354372] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.207.167 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44154 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:49:09.625Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:50:53 honeypot-ams-1 kernel: [84252434.531332] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=32906 PROTO=TCP SPT=22181 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:50:54.523Z"}
{"@timestamp":"2022-09-17T00:56:46.982Z","@version":"1","message":"Sep 17 00:56:46 honeypot-sgp-1 sshd[26834]: Invalid user silver from 206.81.9.31 port 19168","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:57:31 honeypot-ams-1 sshd[32723]: Invalid user user from 193.106.191.157 port 33444","@timestamp":"2022-09-17T00:57:31.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:21 honeypot-ams-1 sshd[32726]: Invalid user user from 45.61.187.160 port 42538","@timestamp":"2022-09-17T00:59:21.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:46 honeypot-ams-1 sshd[32730]: Invalid user user from 45.61.187.160 port 37038","@timestamp":"2022-09-17T00:59:46.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:05 honeypot-ams-1 sshd[32734]: Invalid user user from 45.61.187.160 port 59788","@timestamp":"2022-09-17T01:00:05.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:23 honeypot-ams-1 sshd[32738]: Invalid user user from 45.61.187.160 port 54294","@timestamp":"2022-09-17T01:00:23.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:01:10 honeypot-fra-1 sshd[23327]: Received disconnect from 161.35.131.133 port 48492:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:01:10.897Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:02:24.117Z","@version":"1","message":"Sep 17 01:02:23 honeypot-sgp-1 sshd[26839]: Received disconnect from 194.67.27.30 port 41914:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:03:59 honeypot-ams-1 sshd[32743]: Invalid user hadoop from 81.192.87.130 port 37757","@timestamp":"2022-09-17T01:04:00.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:18 honeypot-ams-1 sshd[32747]: Disconnected from authenticating user root 116.70.238.244 port 58423 [preauth]","@timestamp":"2022-09-17T01:06:18.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:25 honeypot-ams-1 sshd[32753]: Received disconnect from 116.70.238.244 port 58561:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:25.955Z"}
{"@timestamp":"2022-09-17T01:06:27.212Z","@version":"1","message":"Sep 17 01:06:27 honeypot-sgp-1 sshd[26844]: Disconnected from invalid user zimbra 223.70.243.190 port 54596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:31 honeypot-ams-1 sshd[32759]: Received disconnect from 116.70.238.244 port 58758:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:31.958Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:39 honeypot-ams-1 sshd[32765]: Received disconnect from 116.70.238.244 port 58965:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:39.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:58 honeypot-ams-1 sshd[303]: Connection closed by 116.70.238.244 port 59106 [preauth]","@timestamp":"2022-09-17T01:06:58.973Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:09:27 honeypot-fra-1 sshd[23334]: Invalid user admin from 159.223.92.205 port 55956","@timestamp":"2022-09-17T01:09:28.086Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:11:03.323Z","@version":"1","message":"Sep 17 01:11:02 honeypot-sgp-1 sshd[26849]: Disconnected from authenticating user root 178.176.228.45 port 45290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T01:14:13.399Z","@version":"1","message":"Sep 17 01:14:12 honeypot-sgp-1 sshd[26853]: Invalid user user from 179.60.147.69 port 28004","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:14:47 honeypot-fra-1 sshd[23339]: Received disconnect from 128.199.238.70 port 48438:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:14:48.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:17:01 honeypot-fra-1 CRON[23345]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T01:17:01.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:17:01.468Z","@version":"1","message":"Sep 17 01:17:01 honeypot-sgp-1 CRON[26858]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:17:22 honeypot-ams-1 sshd[310]: Connection closed by invalid user user 193.106.191.157 port 46872 [preauth]","@timestamp":"2022-09-17T01:17:23.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:27:12 honeypot-fra-1 sshd[23354]: Invalid user user from 193.106.191.157 port 60516","@timestamp":"2022-09-17T01:27:12.492Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:29:26 honeypot-ams-1 kernel: [84254747.005576] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=1760 DF PROTO=TCP SPT=50642 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T01:29:26.568Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:31:01 honeypot-fra-1 kernel: [84252673.329528] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=87 TOS=0x00 PREC=0x00 TTL=250 ID=52059 PROTO=TCP SPT=29163 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:31:01.582Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:33:44 honeypot-fra-1 sshd[23365]: Disconnected from authenticating user root 92.255.85.70 port 26642 [preauth]","@timestamp":"2022-09-17T01:33:45.654Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:33:44.857Z","@version":"1","message":"Sep 17 01:33:44 honeypot-sgp-1 sshd[26866]: Invalid user kyivstar from 62.204.41.222 port 56479","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:35:35 honeypot-fra-1 kernel: [84252947.431981] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=51951 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:35:35.698Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:37:17 honeypot-ams-1 kernel: [84255218.591220] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=33864 PROTO=TCP SPT=4062 DPT=80 WINDOW=20118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:37:17.784Z"}
{"@timestamp":"2022-09-17T01:40:47.027Z","@version":"1","message":"Sep 17 01:40:47 honeypot-sgp-1 sshd[26873]: Received disconnect from 92.255.85.70 port 26172:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:41:08 honeypot-ams-1 sshd[342]: Received disconnect from 177.74.124.101 port 45454:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:41:08.894Z"}
{"@timestamp":"2022-09-17T01:44:43.120Z","@version":"1","message":"Sep 17 01:44:42 honeypot-sgp-1 sshd[26877]: Disconnected from invalid user marcel 199.192.24.154 port 49290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:46:32 honeypot-ams-1 sshd[347]: Invalid user publish from 185.53.170.6 port 44494","@timestamp":"2022-09-17T01:46:33.041Z"}
{"@timestamp":"2022-09-17T01:48:53.223Z","@version":"1","message":"Sep 17 01:48:52 honeypot-sgp-1 sshd[26884]: Disconnected from authenticating user root 186.121.203.115 port 45740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:51:38 honeypot-fra-1 sshd[23377]: Connection closed by invalid user test 179.60.147.69 port 8492 [preauth]","@timestamp":"2022-09-17T01:51:39.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:51:52 honeypot-ams-1 sshd[352]: Invalid user admin from 123.194.235.54 port 47843","@timestamp":"2022-09-17T01:51:53.184Z"}
{"@timestamp":"2022-09-17T01:55:27.389Z","@version":"1","message":"Sep 17 01:55:26 honeypot-sgp-1 kernel: [84255831.973309] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5084 PROTO=TCP SPT=57690 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:56:08 honeypot-ams-1 kernel: [84256348.993304] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=52897 DF PROTO=TCP SPT=54739 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T01:56:08.302Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:01:58 honeypot-ams-1 kernel: [84256699.094303] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.161.155.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=50216 PROTO=TCP SPT=10952 DPT=80 WINDOW=23984 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:01:58.464Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:04 honeypot-fra-1 kernel: [84254596.208617] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:03:04.318Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23397]: Invalid user michael from 168.167.72.179 port 3134","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23402]: Invalid user ubuntu from 168.167.72.179 port 3155","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23411]: Invalid user admin from 168.167.72.179 port 3147","@timestamp":"2022-09-17T02:03:21.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23393]: Connection closed by invalid user devops 168.167.72.179 port 3161 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23401]: Connection closed by authenticating user root 168.167.72.179 port 3153 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23408]: Connection closed by authenticating user root 168.167.72.179 port 3151 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23403]: Connection closed by invalid user es 168.167.72.179 port 3141 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:05:33.641Z","@version":"1","message":"Sep 17 02:05:33 honeypot-sgp-1 kernel: [84256438.296796] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50113 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:06:41 honeypot-ams-1 kernel: [84256982.343249] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=46529 DF PROTO=TCP SPT=55680 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T02:06:41.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:08:58 honeypot-ams-1 sshd[364]: Received disconnect from 52.178.155.67 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:08:59.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:09:54 honeypot-fra-1 sshd[23439]: Connection closed by authenticating user root 194.163.190.53 port 44736 [preauth]","@timestamp":"2022-09-17T02:09:55.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:14:27 honeypot-ams-1 sshd[369]: Disconnected from authenticating user root 209.141.52.250 port 36678 [preauth]","@timestamp":"2022-09-17T02:14:27.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:17:01 honeypot-fra-1 CRON[23446]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T02:17:01.638Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:17:59 honeypot-ams-1 sshd[376]: Invalid user onfroy from 103.117.220.24 port 46324","@timestamp":"2022-09-17T02:17:59.911Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:20:28 honeypot-ams-1 sshd[381]: Received disconnect from 159.65.151.241 port 37794:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:20:29.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:21:28 honeypot-ams-1 sshd[385]: Received disconnect from 107.170.113.190 port 34040:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:21:29.035Z"}
{"@timestamp":"2022-09-17T02:24:25.125Z","@version":"1","message":"Sep 17 02:24:24 honeypot-sgp-1 kernel: [84257569.942824] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=87 TOS=0x00 PREC=0x00 TTL=245 ID=44547 PROTO=TCP SPT=31373 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:26:45.188Z","@version":"1","message":"Sep 17 02:26:44 honeypot-sgp-1 sshd[26907]: Did not receive identification string from 45.61.186.49 port 44558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:26:58.195Z","@version":"1","message":"Sep 17 02:26:58 honeypot-sgp-1 sshd[26910]: Disconnected from invalid user user 45.61.186.49 port 53194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:08.200Z","@version":"1","message":"Sep 17 02:27:07 honeypot-sgp-1 sshd[26914]: Disconnected from invalid user user 45.61.186.49 port 35952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:27:50 honeypot-fra-1 sshd[23454]: Connection closed by invalid user debian 179.60.147.69 port 9728 [preauth]","@timestamp":"2022-09-17T02:27:50.883Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:30:33 honeypot-fra-1 sshd[23461]: Invalid user global from 107.204.170.133 port 40894","@timestamp":"2022-09-17T02:30:33.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:30:46 honeypot-ams-1 kernel: [84258427.462371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=9084 PROTO=TCP SPT=12212 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:30:47.288Z"}
{"@timestamp":"2022-09-17T02:30:58.298Z","@version":"1","message":"Sep 17 02:30:57 honeypot-sgp-1 sshd[26919]: Disconnected from authenticating user root 209.97.183.120 port 57444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:32:57 honeypot-ams-1 sshd[395]: Received disconnect from 85.31.46.45 port 52332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:32:57.350Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:25 honeypot-ams-1 sshd[399]: Disconnected from authenticating user root 85.31.46.45 port 32788 [preauth]","@timestamp":"2022-09-17T02:33:26.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:34:07 honeypot-ams-1 sshd[406]: Disconnected from authenticating user root 85.31.46.45 port 59684 [preauth]","@timestamp":"2022-09-17T02:34:08.387Z"}
{"@timestamp":"2022-09-17T02:34:24.385Z","@version":"1","message":"Sep 17 02:34:23 honeypot-sgp-1 sshd[26925]: Received disconnect from 114.33.239.231 port 49972:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:34:49 honeypot-ams-1 sshd[413]: Received disconnect from 85.31.46.45 port 58540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:34:50.409Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:35:18 honeypot-ams-1 sshd[417]: Disconnected from invalid user user 85.31.46.45 port 38844 [preauth]","@timestamp":"2022-09-17T02:35:18.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:36:15 honeypot-fra-1 kernel: [84256587.832958] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=26002 PROTO=TCP SPT=8121 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:36:16.075Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:36:53 honeypot-ams-1 sshd[425]: Disconnected from invalid user operator 92.255.85.69 port 26596 [preauth]","@timestamp":"2022-09-17T02:36:54.464Z"}
{"@timestamp":"2022-09-17T02:40:54.544Z","@version":"1","message":"Sep 17 02:40:53 honeypot-sgp-1 sshd[26930]: Disconnected from invalid user pisica 27.118.22.221 port 39540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:25 honeypot-fra-1 sshd[23470]: Received disconnect from 45.61.186.169 port 37968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:41:26.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:43 honeypot-fra-1 sshd[23474]: Received disconnect from 45.61.186.169 port 60720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:41:43.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:59 honeypot-fra-1 sshd[23478]: Received disconnect from 45.61.186.169 port 55242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:42:00.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:42:15 honeypot-fra-1 sshd[23482]: Received disconnect from 45.61.186.169 port 49774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:42:16.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:08 honeypot-ams-1 sshd[428]: Disconnected from authenticating user root 60.179.177.78 port 54016 [preauth]","@timestamp":"2022-09-17T02:44:08.660Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:13 honeypot-ams-1 sshd[435]: Received disconnect from 60.179.177.78 port 54344:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:14.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:19 honeypot-ams-1 sshd[441]: Received disconnect from 60.179.177.78 port 54652:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:19.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:25 honeypot-ams-1 sshd[447]: Received disconnect from 60.179.177.78 port 54962:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:25.673Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:30 honeypot-ams-1 sshd[453]: Received disconnect from 60.179.177.78 port 55296:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:30.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:36 honeypot-ams-1 sshd[459]: Received disconnect from 60.179.177.78 port 55634:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:36.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:42 honeypot-ams-1 sshd[465]: Received disconnect from 60.179.177.78 port 55972:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:42.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:47 honeypot-ams-1 sshd[471]: Received disconnect from 60.179.177.78 port 56274:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:48.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:53 honeypot-ams-1 sshd[477]: Received disconnect from 60.179.177.78 port 56600:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:53.689Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:59 honeypot-ams-1 sshd[483]: Received disconnect from 60.179.177.78 port 56912:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:59.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:04 honeypot-ams-1 sshd[489]: Received disconnect from 60.179.177.78 port 57246:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:04.696Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:10 honeypot-ams-1 sshd[495]: Received disconnect from 60.179.177.78 port 57592:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:10.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:15 honeypot-ams-1 sshd[501]: Invalid user admin from 60.179.177.78 port 57934","@timestamp":"2022-09-17T02:45:16.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:20 honeypot-ams-1 sshd[505]: Invalid user admin from 60.179.177.78 port 58150","@timestamp":"2022-09-17T02:45:20.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:24 honeypot-ams-1 sshd[509]: Invalid user admin from 60.179.177.78 port 58426","@timestamp":"2022-09-17T02:45:24.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:28 honeypot-ams-1 sshd[513]: Invalid user admin from 60.179.177.78 port 58632","@timestamp":"2022-09-17T02:45:28.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:31 honeypot-ams-1 sshd[517]: Invalid user admin from 60.179.177.78 port 58868","@timestamp":"2022-09-17T02:45:32.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:35 honeypot-ams-1 sshd[521]: Invalid user user from 60.179.177.78 port 59074","@timestamp":"2022-09-17T02:45:35.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:39 honeypot-ams-1 sshd[525]: Disconnected from authenticating user root 60.179.177.78 port 59298 [preauth]","@timestamp":"2022-09-17T02:45:39.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:43 honeypot-ams-1 sshd[529]: Disconnected from invalid user pi 60.179.177.78 port 59528 [preauth]","@timestamp":"2022-09-17T02:45:43.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:47 honeypot-ams-1 sshd[533]: Disconnected from invalid user ethos 60.179.177.78 port 59746 [preauth]","@timestamp":"2022-09-17T02:45:47.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:51 honeypot-ams-1 sshd[537]: Disconnected from invalid user miner 60.179.177.78 port 59966 [preauth]","@timestamp":"2022-09-17T02:45:51.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:54 honeypot-ams-1 sshd[541]: Disconnected from invalid user volumio 60.179.177.78 port 60184 [preauth]","@timestamp":"2022-09-17T02:45:55.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:58 honeypot-ams-1 sshd[545]: Disconnected from invalid user nagios 60.179.177.78 port 60422 [preauth]","@timestamp":"2022-09-17T02:45:59.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:02 honeypot-ams-1 sshd[549]: Disconnected from invalid user vagrant 60.179.177.78 port 60656 [preauth]","@timestamp":"2022-09-17T02:46:02.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:06 honeypot-ams-1 sshd[553]: Disconnected from invalid user debian 60.179.177.78 port 60864 [preauth]","@timestamp":"2022-09-17T02:46:06.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:10 honeypot-ams-1 sshd[557]: Disconnected from invalid user debian 60.179.177.78 port 32852 [preauth]","@timestamp":"2022-09-17T02:46:10.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:14 honeypot-ams-1 sshd[561]: Disconnected from invalid user alarm 60.179.177.78 port 33120 [preauth]","@timestamp":"2022-09-17T02:46:14.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:17 honeypot-ams-1 sshd[565]: Disconnected from invalid user test 60.179.177.78 port 33332 [preauth]","@timestamp":"2022-09-17T02:46:18.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:21 honeypot-ams-1 sshd[569]: Disconnected from invalid user cirros 60.179.177.78 port 33570 [preauth]","@timestamp":"2022-09-17T02:46:21.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:47:48 honeypot-fra-1 sshd[23489]: Invalid user kyivstar from 62.204.41.222 port 15139","@timestamp":"2022-09-17T02:47:49.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:48:50 honeypot-fra-1 kernel: [84257342.779144] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55730 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:48:51.364Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T02:53:34.859Z","@version":"1","message":"Sep 17 02:53:34 honeypot-sgp-1 kernel: [84259319.747340] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37923 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:59:28 honeypot-fra-1 sshd[23501]: Received disconnect from 213.74.115.162 port 36714:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:59:28.603Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:00:40 honeypot-ams-1 sshd[573]: Disconnected from authenticating user root 92.255.85.70 port 29500 [preauth]","@timestamp":"2022-09-17T03:00:41.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:03:50 honeypot-fra-1 sshd[23508]: Invalid user support from 179.60.147.69 port 20840","@timestamp":"2022-09-17T03:03:50.703Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:05:36.159Z","@version":"1","message":"Sep 17 03:05:35 honeypot-sgp-1 kernel: [84260040.286809] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=142.147.97.169 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=48605 PROTO=TCP SPT=45502 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:07:34 honeypot-fra-1 sshd[23513]: Received disconnect from 92.255.85.70 port 57192:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:07:34.795Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:08:02 honeypot-ams-1 kernel: [84260663.322937] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=56294 PROTO=TCP SPT=43604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:08:03.322Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:13:25 honeypot-fra-1 sshd[23518]: Connection closed by invalid user user 193.106.191.157 port 42984 [preauth]","@timestamp":"2022-09-17T03:13:25.928Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:14:53.399Z","@version":"1","message":"Sep 17 03:14:53 honeypot-sgp-1 kernel: [84260598.099241] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.248.45.9 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=56116 PROTO=TCP SPT=44313 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:17:01 honeypot-fra-1 CRON[23524]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T03:17:02.012Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:18:50 honeypot-ams-1 sshd[584]: Invalid user wc from 123.30.157.54 port 32776","@timestamp":"2022-09-17T03:18:50.605Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:22:29 honeypot-ams-1 kernel: [84261530.517482] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=42969 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:22:29.700Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:25:08 honeypot-fra-1 sshd[23532]: Received disconnect from 219.78.72.195 port 43230:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:25:08.190Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:26:50.694Z","@version":"1","message":"Sep 17 03:26:50 honeypot-sgp-1 sshd[26950]: Connection reset by 124.71.209.98 port 54626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:26:56 honeypot-fra-1 sshd[23536]: Disconnected from invalid user user 45.61.186.49 port 59920 [preauth]","@timestamp":"2022-09-17T03:26:56.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:06 honeypot-fra-1 sshd[23540]: Disconnected from invalid user user 45.61.186.49 port 43286 [preauth]","@timestamp":"2022-09-17T03:27:07.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:54 honeypot-fra-1 sshd[23544]: Disconnected from invalid user licongcong 165.22.45.108 port 35984 [preauth]","@timestamp":"2022-09-17T03:27:54.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:05 honeypot-ams-1 sshd[594]: Received disconnect from 45.61.186.49 port 52342:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:36:06.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:16 honeypot-ams-1 sshd[598]: Received disconnect from 45.61.186.49 port 35762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:36:17.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:37:37 honeypot-ams-1 sshd[602]: Received disconnect from 93.153.192.254 port 33800:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:37:38.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:39:26 honeypot-fra-1 sshd[23550]: Invalid user  from 101.78.172.126 port 50122","@timestamp":"2022-09-17T03:39:26.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:40:25.024Z","@version":"1","message":"Sep 17 03:40:24 honeypot-sgp-1 kernel: [84262129.720672] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50263 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:40:28 honeypot-ams-1 kernel: [84262609.388493] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=44512 PROTO=TCP SPT=44204 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:40:29.175Z"}
{"@timestamp":"2022-09-17T03:42:58.086Z","@version":"1","message":"Sep 17 03:42:57 honeypot-sgp-1 sshd[26961]: Disconnected from invalid user rdp 187.102.174.154 port 53854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:43:53 honeypot-fra-1 sshd[23556]: Received disconnect from 103.139.186.58 port 54652:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:43:53.626Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:48:53.231Z","@version":"1","message":"Sep 17 03:48:52 honeypot-sgp-1 sshd[26966]: Received disconnect from 137.184.123.69 port 40872:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T03:51:05.287Z","@version":"1","message":"Sep 17 03:51:04 honeypot-sgp-1 sshd[26982]: Disconnected from authenticating user root 24.69.190.84 port 45804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:52:07 honeypot-fra-1 sshd[23564]: Disconnected from invalid user admin 182.70.115.11 port 46606 [preauth]","@timestamp":"2022-09-17T03:52:07.826Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:52:55 honeypot-ams-1 kernel: [84263356.291724] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=51396 DF PROTO=TCP SPT=52420 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:52:55.494Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:56:33 honeypot-fra-1 sshd[23570]: Invalid user admin from 118.42.18.46 port 47038","@timestamp":"2022-09-17T03:56:33.921Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:58:06 honeypot-ams-1 kernel: [84263667.280872] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=15049 PROTO=TCP SPT=44204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:58:06.631Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:02:29 honeypot-fra-1 sshd[23577]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.214.230 port 40542","@timestamp":"2022-09-17T04:02:30.098Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:07:41 honeypot-ams-1 kernel: [84264242.410062] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=32298 DF PROTO=TCP SPT=60205 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T04:07:41.890Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:12:48 honeypot-fra-1 kernel: [84262380.313085] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=16338 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:12:49.338Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:14:14.844Z","@version":"1","message":"Sep 17 04:14:14 honeypot-sgp-1 kernel: [84264158.940124] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=82 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=12246 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:17:01 honeypot-ams-1 CRON[623]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T04:17:01.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:17:01 honeypot-fra-1 CRON[23591]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T04:17:01.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:17:01.916Z","@version":"1","message":"Sep 17 04:17:01 honeypot-sgp-1 CRON[26996]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:20:06 honeypot-fra-1 sshd[23597]: Connection closed by authenticating user root 194.163.190.53 port 36588 [preauth]","@timestamp":"2022-09-17T04:20:06.513Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:50 honeypot-ams-1 sshd[5542]: Disconnected from invalid user user 45.61.186.169 port 45450 [preauth]","@timestamp":"2022-09-10T01:24:50.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:26:48 honeypot-fra-1 sshd[28029]: Received disconnect from 165.22.45.108 port 32912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:26:48.849Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:27:55 honeypot-ams-1 kernel: [83649862.286789] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.127.205.85 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=17933 DF PROTO=TCP SPT=58583 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-10T01:27:56.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28040]: Connection closed by invalid user oracle 82.165.53.144 port 39062 [preauth]","@timestamp":"2022-09-10T01:31:38.956Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28044]: Connection closed by invalid user steam 82.165.53.144 port 39108 [preauth]","@timestamp":"2022-09-10T01:31:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28039]: Invalid user odoo from 82.165.53.144 port 39114","@timestamp":"2022-09-10T01:31:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28052]: Invalid user devops from 82.165.53.144 port 39404","@timestamp":"2022-09-10T01:31:39.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28043]: Connection closed by invalid user oracle 82.165.53.144 port 39132 [preauth]","@timestamp":"2022-09-10T01:31:39.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28037]: Connection closed by invalid user www 82.165.53.144 port 39074 [preauth]","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28058]: Connection closed by invalid user demo 82.165.53.144 port 39258 [preauth]","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28062]: Connection closed by invalid user mysql 82.165.53.144 port 39360 [preauth]","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:33:22 honeypot-fra-1 kernel: [83648037.703564] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=43162 DF PROTO=TCP SPT=61594 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-10T01:33:22.998Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T01:33:40.997Z","@version":"1","message":"Sep 10 01:33:39 honeypot-sgp-1 sshd[1678]: Connection closed by 192.241.220.79 port 40846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:37:20 honeypot-ams-1 sshd[5554]: Received disconnect from 61.177.173.47 port 50389:11:  [preauth]","@timestamp":"2022-09-10T01:37:21.715Z"}
{"@timestamp":"2022-09-10T01:38:59.124Z","@version":"1","message":"Sep 10 01:38:58 honeypot-sgp-1 kernel: [83650053.749589] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54945 PROTO=TCP SPT=44688 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:41:29 honeypot-fra-1 sshd[28096]: Invalid user lemwal from 154.120.243.194 port 47954","@timestamp":"2022-09-10T01:41:30.199Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T01:44:00.241Z","@version":"1","message":"Sep 10 01:43:59 honeypot-sgp-1 kernel: [83650354.923223] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.224.186.183 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=53822 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:44:05 honeypot-ams-1 sshd[5563]: Invalid user admin from 216.52.136.77 port 44728","@timestamp":"2022-09-10T01:44:05.892Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:27 honeypot-fra-1 sshd[28099]: Connection closed by invalid user web 137.184.77.246 port 58426 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28101]: Invalid user oracle from 137.184.77.246 port 58458","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28118]: Invalid user ubuntu from 137.184.77.246 port 58508","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28127]: Invalid user ubuntu from 137.184.77.246 port 58494","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28117]: Connection closed by authenticating user root 137.184.77.246 port 58500 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28116]: Connection closed by invalid user testuser 137.184.77.246 port 58470 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28124]: Connection closed by invalid user testuser 137.184.77.246 port 58472 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:47:27 honeypot-ams-1 kernel: [83651034.130955] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=45374 PROTO=TCP SPT=18115 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:47:27.979Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:47:46 honeypot-fra-1 sshd[28154]: Invalid user usuario from 92.255.85.69 port 21858","@timestamp":"2022-09-10T01:47:47.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:51:33 honeypot-fra-1 sshd[28158]: Invalid user  from 64.62.197.122 port 20576","@timestamp":"2022-09-10T01:51:33.424Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:52:32 honeypot-ams-1 sshd[5575]: Invalid user user from 198.98.61.9 port 53264","@timestamp":"2022-09-10T01:52:33.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:52:49 honeypot-ams-1 sshd[5579]: Invalid user user from 198.98.61.9 port 48256","@timestamp":"2022-09-10T01:52:50.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:53:10 honeypot-ams-1 sshd[5583]: Invalid user user from 198.98.61.9 port 43258","@timestamp":"2022-09-10T01:53:11.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:53:25 honeypot-ams-1 sshd[5587]: Invalid user user from 198.98.61.9 port 38250","@timestamp":"2022-09-10T01:53:26.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:57:55 honeypot-ams-1 sshd[5592]: Did not receive identification string from 141.255.162.226 port 50118","@timestamp":"2022-09-10T01:57:56.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:11 honeypot-ams-1 sshd[5595]: Disconnected from invalid user user 141.255.162.226 port 45572 [preauth]","@timestamp":"2022-09-10T01:58:12.279Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:16 honeypot-ams-1 sshd[5599]: Disconnected from invalid user user 141.255.162.226 port 34248 [preauth]","@timestamp":"2022-09-10T01:58:17.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:18 honeypot-ams-1 sshd[5603]: Disconnected from invalid user user 141.255.162.226 port 59610 [preauth]","@timestamp":"2022-09-10T01:58:19.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:59:32 honeypot-fra-1 sshd[28163]: Did not receive identification string from 128.14.232.100 port 38488","@timestamp":"2022-09-10T01:59:32.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:04:42 honeypot-fra-1 kernel: [83649916.911661] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=53151 PROTO=TCP SPT=45075 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:04:42.716Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:06:03 honeypot-ams-1 kernel: [83652150.424934] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.27.92.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=30268 PROTO=TCP SPT=52810 DPT=443 WINDOW=1178 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:06:04.489Z"}
{"@timestamp":"2022-09-10T02:07:30.787Z","@version":"1","message":"Sep 10 02:07:30 honeypot-sgp-1 sshd[1692]: Received disconnect from 92.255.85.69 port 18202:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:09:07 honeypot-ams-1 sshd[5616]: Invalid user user from 141.255.162.226 port 54522","@timestamp":"2022-09-10T02:09:08.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:09:09 honeypot-ams-1 sshd[5620]: Invalid user user from 141.255.162.226 port 34850","@timestamp":"2022-09-10T02:09:10.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:09:33 honeypot-ams-1 sshd[5624]: Connection closed by 162.142.125.212 port 43914 [preauth]","@timestamp":"2022-09-10T02:09:33.585Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:10:15 honeypot-fra-1 sshd[28174]: Disconnected from authenticating user root 92.255.85.70 port 19916 [preauth]","@timestamp":"2022-09-10T02:10:16.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:12:03 honeypot-ams-1 sshd[5631]: Invalid user guadalupe from 190.11.80.188 port 43814","@timestamp":"2022-09-10T02:12:04.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:12:35 honeypot-ams-1 sshd[5635]: Received disconnect from 61.177.173.50 port 27155:11:  [preauth]","@timestamp":"2022-09-10T02:12:36.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:34 honeypot-fra-1 sshd[28179]: Received disconnect from 141.255.162.226 port 60084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:14:34.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:38 honeypot-fra-1 sshd[28183]: Received disconnect from 141.255.162.226 port 57690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:14:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:42 honeypot-fra-1 sshd[28187]: Received disconnect from 141.255.162.226 port 38070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:14:42.960Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T02:17:02.016Z","@version":"1","message":"Sep 10 02:17:01 honeypot-sgp-1 CRON[1695]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:18:24 honeypot-ams-1 kernel: [83652890.820009] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.125.205.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=62385 PROTO=TCP SPT=38085 DPT=80 WINDOW=19461 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:18:24.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:21:41 honeypot-ams-1 sshd[5644]: Disconnected from authenticating user root 61.177.173.50 port 18230 [preauth]","@timestamp":"2022-09-10T02:21:41.924Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:23:38 honeypot-ams-1 kernel: [83653204.959640] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=45655 PROTO=TCP SPT=56040 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:23:38.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:23:40 honeypot-fra-1 sshd[28194]: Received disconnect from 151.84.64.165 port 38028:11: Bye Bye [preauth]","@timestamp":"2022-09-10T02:23:40.165Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:26:11 honeypot-ams-1 sshd[5651]: Disconnected from authenticating user root 31.187.76.21 port 44264 [preauth]","@timestamp":"2022-09-10T02:26:12.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:26:19 honeypot-fra-1 sshd[28198]: Connection closed by invalid user test 34.92.211.177 port 37960 [preauth]","@timestamp":"2022-09-10T02:26:20.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:30:06 honeypot-ams-1 kernel: [83653593.389844] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.132.109.180 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46788 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:30:07.152Z"}
{"@timestamp":"2022-09-10T02:30:16.365Z","@version":"1","message":"Sep 10 02:30:15 honeypot-sgp-1 sshd[1701]: Disconnected from authenticating user root 92.255.85.69 port 51492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:30:39 honeypot-fra-1 sshd[28204]: Disconnected from invalid user justin 165.22.45.108 port 42986 [preauth]","@timestamp":"2022-09-10T02:30:39.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:37:21 honeypot-ams-1 sshd[5664]: Invalid user user from 45.61.186.49 port 48206","@timestamp":"2022-09-10T02:37:22.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:37:33 honeypot-ams-1 sshd[5668]: Invalid user user from 45.61.186.49 port 59512","@timestamp":"2022-09-10T02:37:34.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:37:38 honeypot-ams-1 sshd[5670]: Disconnected from invalid user user 45.61.186.49 port 36934 [preauth]","@timestamp":"2022-09-10T02:37:39.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:42:52 honeypot-fra-1 kernel: [83652207.150048] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=43953 PROTO=TCP SPT=57432 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:42:52.595Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:49:49 honeypot-ams-1 kernel: [83654775.751223] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.220.205.13 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40232 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:49:49.675Z"}
{"@timestamp":"2022-09-10T02:54:11.938Z","@version":"1","message":"Sep 10 02:54:11 honeypot-sgp-1 sshd[1706]: Disconnected from authenticating user root 92.255.85.69 port 63126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:56:37 honeypot-fra-1 sshd[28216]: Disconnected from authenticating user root 92.255.85.70 port 27596 [preauth]","@timestamp":"2022-09-10T02:56:37.903Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:57:02 honeypot-ams-1 sshd[5685]: Invalid user gctech from 172.87.22.100 port 43938","@timestamp":"2022-09-10T02:57:02.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:58:50 honeypot-ams-1 sshd[5690]: Received disconnect from 92.255.85.70 port 18098:11: Bye Bye [preauth]","@timestamp":"2022-09-10T02:58:50.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:59:24 honeypot-ams-1 sshd[5694]: Received disconnect from 45.61.187.160 port 55646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:59:24.942Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:59:43 honeypot-ams-1 sshd[5698]: Received disconnect from 45.61.187.160 port 49804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:59:43.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:00:01 honeypot-ams-1 sshd[5702]: Invalid user user from 45.61.187.160 port 43956","@timestamp":"2022-09-10T03:00:01.964Z"}
{"@timestamp":"2022-09-10T03:01:51.119Z","@version":"1","message":"Sep 10 03:01:50 honeypot-sgp-1 sshd[1711]: Received disconnect from 103.228.204.79 port 36194:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:03:17 honeypot-ams-1 kernel: [83655584.470583] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=735 PROTO=TCP SPT=48301 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:03:18.053Z"}
{"@timestamp":"2022-09-10T03:05:35.206Z","@version":"1","message":"Sep 10 03:05:34 honeypot-sgp-1 sshd[1716]: Disconnected from authenticating user root 167.99.68.65 port 52422 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:08:06 honeypot-ams-1 kernel: [83655873.428098] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=57617 PROTO=TCP SPT=59237 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:08:07.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:09:06 honeypot-fra-1 kernel: [83653780.832692] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.176.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=25144 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:09:06.180Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T03:10:02.314Z","@version":"1","message":"Sep 10 03:10:01 honeypot-sgp-1 kernel: [83655516.882812] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=36357 PROTO=TCP SPT=58803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:11:55 honeypot-ams-1 kernel: [83656101.668216] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=38295 PROTO=TCP SPT=27269 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:11:55.291Z"}
{"@timestamp":"2022-09-10T03:15:03.435Z","@version":"1","message":"Sep 10 03:15:02 honeypot-sgp-1 sshd[1723]: ssh_dispatch_run_fatal: Connection from 211.23.144.139 port 53105: message authentication code incorrect [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:17:01 honeypot-fra-1 CRON[28225]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T03:17:01.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:17:01 honeypot-ams-1 CRON[5719]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T03:17:02.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:22:54 honeypot-fra-1 sshd[28233]: Connection closed by invalid user user 103.188.176.251 port 56002 [preauth]","@timestamp":"2022-09-10T03:22:54.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:23:15 honeypot-ams-1 sshd[5732]: Received disconnect from 61.177.172.108 port 51931:11:  [preauth]","@timestamp":"2022-09-10T03:23:15.597Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:31:11 honeypot-fra-1 sshd[28674]: Did not receive identification string from 45.61.186.49 port 34746","@timestamp":"2022-09-10T03:31:12.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:31:35 honeypot-fra-1 sshd[28677]: Disconnected from invalid user user 45.61.186.49 port 46982 [preauth]","@timestamp":"2022-09-10T03:31:36.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:31:46 honeypot-fra-1 sshd[28681]: Disconnected from invalid user user 45.61.186.49 port 58458 [preauth]","@timestamp":"2022-09-10T03:31:46.692Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T03:32:44.859Z","@version":"1","message":"Sep 10 03:32:44 honeypot-sgp-1 sshd[2163]: Did not receive identification string from 68.183.139.251 port 49831","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:33:22 honeypot-ams-1 kernel: [83657389.303600] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=20254 DF PROTO=TCP SPT=21278 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:33:22.856Z"}
{"@timestamp":"2022-09-10T03:37:02.968Z","@version":"1","message":"Sep 10 03:37:02 honeypot-sgp-1 kernel: [83657137.732629] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.194 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53964 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:37:18 honeypot-ams-1 sshd[5745]: Received disconnect from 61.177.173.36 port 17933:11:  [preauth]","@timestamp":"2022-09-10T03:37:18.961Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:41:47 honeypot-fra-1 sshd[28686]: Received disconnect from 189.112.0.11 port 46662:11: Bye Bye [preauth]","@timestamp":"2022-09-10T03:41:47.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:43:34 honeypot-fra-1 kernel: [83655849.443830] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.212 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57174 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:43:34.958Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:45:31 honeypot-ams-1 kernel: [83658117.735674] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51100 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:45:31.172Z"}
{"@timestamp":"2022-09-10T03:45:57.180Z","@version":"1","message":"Sep 10 03:45:56 honeypot-sgp-1 sshd[2170]: Invalid user x from 103.188.176.251 port 46426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:49:11 honeypot-ams-1 sshd[5752]: Invalid user service from 27.1.253.142 port 49240","@timestamp":"2022-09-10T03:49:12.271Z"}
{"@timestamp":"2022-09-10T03:49:56.278Z","@version":"1","message":"Sep 10 03:49:55 honeypot-sgp-1 sshd[2175]: Invalid user user from 45.61.184.204 port 47338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:15.288Z","@version":"1","message":"Sep 10 03:50:15 honeypot-sgp-1 sshd[2179]: Invalid user user from 45.61.184.204 port 41812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:32.296Z","@version":"1","message":"Sep 10 03:50:32 honeypot-sgp-1 sshd[2183]: Invalid user user from 45.61.184.204 port 36306","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:49.305Z","@version":"1","message":"Sep 10 03:50:48 honeypot-sgp-1 sshd[2187]: Invalid user user from 45.61.184.204 port 59010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:51:08 honeypot-ams-1 sshd[5757]: Received disconnect from 161.35.100.253 port 46660:11: Bye Bye [preauth]","@timestamp":"2022-09-10T03:51:08.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:51:28 honeypot-fra-1 sshd[28694]: Disconnected from invalid user user5 167.71.236.26 port 33664 [preauth]","@timestamp":"2022-09-10T03:51:29.138Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:59:59 honeypot-ams-1 sshd[5764]: Disconnected from authenticating user root 139.59.36.71 port 50250 [preauth]","@timestamp":"2022-09-10T03:59:59.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:10 honeypot-fra-1 sshd[28708]: Connection closed by invalid user test7 101.34.221.23 port 42602 [preauth]","@timestamp":"2022-09-10T04:00:11.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:12 honeypot-fra-1 sshd[28713]: Invalid user test5 from 101.34.221.23 port 42594","@timestamp":"2022-09-10T04:00:13.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:17 honeypot-fra-1 sshd[28722]: Connection closed by invalid user test4 101.34.221.23 port 42590 [preauth]","@timestamp":"2022-09-10T04:00:18.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:31 honeypot-fra-1 sshd[28721]: Invalid user jboss from 101.34.221.23 port 42586","@timestamp":"2022-09-10T04:00:32.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:02:56 honeypot-ams-1 sshd[5771]: Invalid user admin from 193.106.191.157 port 51116","@timestamp":"2022-09-10T04:02:57.627Z"}
{"@timestamp":"2022-09-10T04:03:21.604Z","@version":"1","message":"Sep 10 04:03:21 honeypot-sgp-1 sshd[2191]: Disconnected from authenticating user root 92.255.85.69 port 18684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:04:15 honeypot-fra-1 sshd[28750]: Received disconnect from 68.183.156.109 port 36468:11: Bye Bye [preauth]","@timestamp":"2022-09-10T04:04:16.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:19 honeypot-fra-1 sshd[28756]: Invalid user user from 198.98.61.9 port 54852","@timestamp":"2022-09-10T04:05:19.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:36 honeypot-fra-1 sshd[28760]: Invalid user user from 198.98.61.9 port 49744","@timestamp":"2022-09-10T04:05:36.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:49 honeypot-fra-1 sshd[28764]: Received disconnect from 92.255.85.70 port 60402:11: Bye Bye [preauth]","@timestamp":"2022-09-10T04:05:49.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:58 honeypot-fra-1 sshd[28768]: Received disconnect from 198.98.61.9 port 56208:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:05:59.471Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:06:16 honeypot-ams-1 kernel: [83659363.035861] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.127.205.85 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=9094 DF PROTO=TCP SPT=54411 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:06:16.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:08:44 honeypot-fra-1 sshd[28772]: Connection closed by 104.160.32.161 port 38906 [preauth]","@timestamp":"2022-09-10T04:08:45.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:15:48 honeypot-ams-1 kernel: [83659934.789678] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=39475 PROTO=TCP SPT=4852 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:15:48.962Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:17:01 honeypot-fra-1 CRON[28777]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T04:17:01.720Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:17:01.932Z","@version":"1","message":"Sep 10 04:17:01 honeypot-sgp-1 CRON[2196]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:21:41 honeypot-fra-1 sshd[28785]: Disconnected from authenticating user root 51.250.65.201 port 42286 [preauth]","@timestamp":"2022-09-10T04:21:42.824Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:23:49 honeypot-fra-1 sshd[28791]: Disconnected from authenticating user root 143.244.158.100 port 57336 [preauth]","@timestamp":"2022-09-10T04:23:49.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:26:09 honeypot-fra-1 sshd[28798]: Disconnected from authenticating user root 143.244.158.100 port 39016 [preauth]","@timestamp":"2022-09-10T04:26:09.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:28:32 honeypot-fra-1 sshd[28804]: Disconnected from authenticating user root 143.244.158.100 port 32842 [preauth]","@timestamp":"2022-09-10T04:28:32.984Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:30:08 honeypot-fra-1 sshd[28810]: Disconnected from authenticating user root 143.244.158.100 port 52514 [preauth]","@timestamp":"2022-09-10T04:30:09.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:30:49 honeypot-ams-1 kernel: [83660836.124047] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=61198 DF PROTO=TCP SPT=51660 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:30:50.347Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:32:32 honeypot-fra-1 sshd[28817]: Received disconnect from 143.244.158.100 port 44456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:32:33.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:35:00 honeypot-fra-1 sshd[28823]: Received disconnect from 143.244.158.100 port 33172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:35:01.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28840]: Invalid user admin from 161.35.100.253 port 40098","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28836]: Invalid user test from 161.35.100.253 port 40084","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28840]: Connection closed by invalid user admin 161.35.100.253 port 40098 [preauth]","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28834]: Connection closed by invalid user mysql 161.35.100.253 port 40086 [preauth]","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28842]: Connection closed by authenticating user root 161.35.100.253 port 40100 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28836]: Connection closed by invalid user test 161.35.100.253 port 40084 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28837]: Connection closed by invalid user testuser 161.35.100.253 port 40056 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28853]: Invalid user test from 161.35.100.253 port 40096","@timestamp":"2022-09-10T04:36:07.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28853]: Connection closed by invalid user test 161.35.100.253 port 40096 [preauth]","@timestamp":"2022-09-10T04:36:07.315Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:36:39.409Z","@version":"1","message":"Sep 10 04:36:39 honeypot-sgp-1 sshd[2203]: Disconnected from invalid user viktor 122.160.82.93 port 32930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:37:35 honeypot-fra-1 sshd[28891]: Received disconnect from 143.244.158.100 port 37324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:37:35.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:38:28 honeypot-fra-1 sshd[28895]: Disconnected from authenticating user root 143.244.158.100 port 47124 [preauth]","@timestamp":"2022-09-10T04:38:29.374Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:39:26 honeypot-ams-1 sshd[6235]: Connection closed by 27.124.32.142 port 43962 [preauth]","@timestamp":"2022-09-10T04:39:26.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:40:55 honeypot-fra-1 sshd[28901]: Disconnected from authenticating user root 143.244.158.100 port 36844 [preauth]","@timestamp":"2022-09-10T04:40:56.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:42:31 honeypot-fra-1 sshd[28906]: Disconnected from authenticating user root 143.244.158.100 port 42458 [preauth]","@timestamp":"2022-09-10T04:42:32.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:44:06 honeypot-fra-1 sshd[28912]: Received disconnect from 143.244.158.100 port 58588:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:44:06.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:45:40 honeypot-fra-1 sshd[28916]: Disconnected from authenticating user root 143.244.158.100 port 58766 [preauth]","@timestamp":"2022-09-10T04:45:40.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:48:09 honeypot-fra-1 sshd[28924]: Received disconnect from 143.244.158.100 port 40636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:48:10.608Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:49:43.720Z","@version":"1","message":"Sep 10 04:49:43 honeypot-sgp-1 sshd[2209]: Received disconnect from 92.255.85.70 port 25068:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:49:47 honeypot-fra-1 sshd[28928]: Disconnected from authenticating user root 143.244.158.100 port 38500 [preauth]","@timestamp":"2022-09-10T04:49:48.647Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:51:38.768Z","@version":"1","message":"Sep 10 04:51:37 honeypot-sgp-1 sshd[2214]: Received disconnect from 141.255.162.226 port 46426:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T04:51:42.771Z","@version":"1","message":"Sep 10 04:51:42 honeypot-sgp-1 sshd[2218]: Received disconnect from 141.255.162.226 port 35134:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T04:51:47.774Z","@version":"1","message":"Sep 10 04:51:46 honeypot-sgp-1 sshd[2222]: Connection closed by invalid user user 141.255.162.226 port 60550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:52:18 honeypot-fra-1 sshd[28934]: Disconnected from authenticating user root 143.244.158.100 port 55714 [preauth]","@timestamp":"2022-09-10T04:52:18.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:53:09 honeypot-fra-1 sshd[28940]: Disconnected from authenticating user root 143.244.158.100 port 43048 [preauth]","@timestamp":"2022-09-10T04:53:09.723Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:54:24 honeypot-ams-1 kernel: [83662251.168667] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=57896 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:54:24.950Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:54:50 honeypot-fra-1 sshd[28946]: Disconnected from authenticating user root 143.244.158.100 port 33656 [preauth]","@timestamp":"2022-09-10T04:54:51.763Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:56:28 honeypot-fra-1 sshd[28952]: Received disconnect from 143.244.158.100 port 52610:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:56:28.801Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:58:05.921Z","@version":"1","message":"Sep 10 04:58:05 honeypot-sgp-1 kernel: [83662000.737833] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=54.237.215.76 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=56973 DF PROTO=TCP SPT=20589 DPT=80 WINDOW=26733 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:58:11 honeypot-fra-1 sshd[28957]: Disconnected from authenticating user root 143.244.158.100 port 56564 [preauth]","@timestamp":"2022-09-10T04:58:11.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:59:11 honeypot-fra-1 sshd[28961]: Disconnected from authenticating user root 143.244.158.100 port 41564 [preauth]","@timestamp":"2022-09-10T04:59:11.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:01:48 honeypot-fra-1 sshd[28967]: Disconnected from authenticating user root 143.244.158.100 port 51512 [preauth]","@timestamp":"2022-09-10T05:01:48.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:04:28 honeypot-fra-1 sshd[28974]: Received disconnect from 143.244.158.100 port 33502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:04:28.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:05:38 honeypot-ams-1 sshd[6248]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-10T05:05:39.236Z"}
{"@timestamp":"2022-09-10T05:05:46.106Z","@version":"1","message":"Sep 10 05:05:45 honeypot-sgp-1 sshd[2228]: Disconnected from authenticating user root 206.189.65.29 port 49772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:07:39 honeypot-fra-1 sshd[28980]: Invalid user admin from 193.106.191.157 port 38194","@timestamp":"2022-09-10T05:07:40.063Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:09:36.200Z","@version":"1","message":"Sep 10 05:09:35 honeypot-sgp-1 sshd[2232]: Disconnected from invalid user shimada 189.195.123.54 port 38152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:10:59 honeypot-ams-1 sshd[6254]: Invalid user spring from 187.173.235.183 port 50052","@timestamp":"2022-09-10T05:10:59.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:15:25 honeypot-fra-1 kernel: [83661359.982002] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.143.186.118 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=28680 PROTO=TCP SPT=52580 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:15:26.232Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T05:17:01.376Z","@version":"1","message":"Sep 10 05:17:01 honeypot-sgp-1 CRON[2237]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 05:18:25 honeypot-ams-1 kernel: [83663692.501885] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17209 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:18:26.565Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:18:34 honeypot-fra-1 sshd[28993]: Invalid user guest from 141.98.10.158 port 44944","@timestamp":"2022-09-10T05:18:35.307Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:26:30 honeypot-fra-1 kernel: [83662024.546867] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=51719 PROTO=TCP SPT=37240 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:26:30.483Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:29:24 honeypot-fra-1 sshd[29007]: Disconnected from authenticating user root 161.35.236.24 port 43056 [preauth]","@timestamp":"2022-09-10T05:29:24.547Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:31:24 honeypot-ams-1 sshd[6264]: Did not receive identification string from 45.61.186.49 port 37586","@timestamp":"2022-09-10T05:31:24.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:31:37 honeypot-ams-1 sshd[6267]: Disconnected from invalid user user 45.61.186.49 port 37256 [preauth]","@timestamp":"2022-09-10T05:31:38.922Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:31:47 honeypot-ams-1 sshd[6271]: Disconnected from invalid user user 45.61.186.49 port 48938 [preauth]","@timestamp":"2022-09-10T05:31:47.927Z"}
{"@timestamp":"2022-09-10T05:33:29.767Z","@version":"1","message":"Sep 10 05:33:29 honeypot-sgp-1 sshd[2244]: Invalid user user from 45.61.187.160 port 53758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:33:49.777Z","@version":"1","message":"Sep 10 05:33:48 honeypot-sgp-1 sshd[2248]: Invalid user user from 45.61.187.160 port 48892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:34:07.786Z","@version":"1","message":"Sep 10 05:34:06 honeypot-sgp-1 sshd[2252]: Invalid user user from 45.61.187.160 port 44020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:34:25.794Z","@version":"1","message":"Sep 10 05:34:25 honeypot-sgp-1 sshd[2256]: Invalid user user from 45.61.187.160 port 39154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:36:00 honeypot-fra-1 sshd[29015]: Received disconnect from 64.225.43.245 port 40028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:36:01.694Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:38:18 honeypot-fra-1 sshd[29021]: Received disconnect from 64.225.43.245 port 52392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:38:18.745Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:38:43.895Z","@version":"1","message":"Sep 10 05:38:43 honeypot-sgp-1 kernel: [83664438.256985] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.59.164.126 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=36685 PROTO=TCP SPT=43071 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:39:57 honeypot-fra-1 kernel: [83662832.152618] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=52626 PROTO=TCP SPT=50829 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:39:57.783Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:41:25 honeypot-fra-1 sshd[29033]: Received disconnect from 64.225.43.245 port 50048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:41:25.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:41:53 honeypot-fra-1 kernel: [83662947.618705] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16703 PROTO=TCP SPT=48121 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:41:53.832Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:42:04 honeypot-ams-1 sshd[6275]: Disconnected from invalid user usuario 92.255.85.70 port 43492 [preauth]","@timestamp":"2022-09-10T05:42:05.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:43:42 honeypot-fra-1 sshd[29042]: Received disconnect from 64.225.43.245 port 34174:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:43:42.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:45:16 honeypot-fra-1 sshd[29046]: Received disconnect from 64.225.43.245 port 33002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:45:16.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:46:00.092Z","@version":"1","message":"Sep 10 05:45:59 honeypot-sgp-1 sshd[2264]: Disconnected from invalid user harry 167.71.65.64 port 59850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:47:37 honeypot-fra-1 sshd[29053]: Received disconnect from 64.225.43.245 port 45364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:47:37.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:50:01 honeypot-fra-1 sshd[29059]: Received disconnect from 64.225.43.245 port 57724:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:50:02.024Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:52:24 honeypot-fra-1 sshd[29066]: Received disconnect from 64.225.43.245 port 41852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:52:25.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:54:44 honeypot-fra-1 sshd[29072]: Received disconnect from 64.225.43.245 port 54212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:54:45.130Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:57:03 honeypot-fra-1 sshd[29078]: Received disconnect from 64.225.43.245 port 38334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:57:04.182Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:57:45 honeypot-ams-1 sshd[6281]: error: maximum authentication attempts exceeded for invalid user admin from 122.23.90.2 port 63968 ssh2 [preauth]","@timestamp":"2022-09-10T05:57:45.592Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:58:39 honeypot-fra-1 sshd[29085]: Received disconnect from 64.225.43.245 port 37162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:58:40.219Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:59:07.429Z","@version":"1","message":"Sep 10 05:59:07 honeypot-sgp-1 kernel: [83665662.169660] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.146.186 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=24268 PROTO=TCP SPT=7349 DPT=636 WINDOW=59932 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:00:59.476Z","@version":"1","message":"Sep 10 06:00:59 honeypot-sgp-1 sshd[2274]: Disconnected from invalid user usuario 92.255.85.70 port 26768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:01:06 honeypot-fra-1 sshd[29091]: Received disconnect from 64.225.43.245 port 49526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:01:07.275Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:02:32.536Z","@version":"1","message":"Sep 10 06:02:32 honeypot-sgp-1 sshd[2281]: Invalid user zu from 128.199.162.67 port 38290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:02:55 honeypot-fra-1 sshd[29098]: Received disconnect from 213.136.72.226 port 41430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:02:56.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:03:32 honeypot-fra-1 sshd[29102]: Received disconnect from 64.225.43.245 port 33726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:03:33.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:05:25 honeypot-fra-1 kernel: [83664359.392878] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=6856 PROTO=TCP SPT=50539 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:05:25.375Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:07:35 honeypot-fra-1 sshd[29112]: Disconnected from authenticating user root 64.225.43.245 port 44918 [preauth]","@timestamp":"2022-09-10T06:07:36.426Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:08:16 honeypot-ams-1 sshd[6286]: Received disconnect from 213.136.72.226 port 46438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:08:16.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:10:00 honeypot-fra-1 sshd[29119]: Received disconnect from 64.225.43.245 port 57280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:10:00.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:11:38 honeypot-fra-1 sshd[29123]: Disconnected from authenticating user root 64.225.43.245 port 56110 [preauth]","@timestamp":"2022-09-10T06:11:39.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:13:35 honeypot-fra-1 sshd[29131]: Received disconnect from 165.22.45.108 port 50036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:13:35.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:14:58 honeypot-fra-1 sshd[29135]: Disconnected from invalid user casiano 165.227.118.41 port 58854 [preauth]","@timestamp":"2022-09-10T06:14:58.616Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:15:11.869Z","@version":"1","message":"Sep 10 06:15:11 honeypot-sgp-1 sshd[2289]: Invalid user fred from 102.65.103.130 port 32832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:16:37 honeypot-fra-1 sshd[29142]: Received disconnect from 64.225.43.245 port 52604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:16:37.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:17:01.917Z","@version":"1","message":"Sep 10 06:17:01 honeypot-sgp-1 CRON[2293]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:18:17 honeypot-fra-1 sshd[29149]: Received disconnect from 64.225.43.245 port 51436:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:18:17.694Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:20:12 honeypot-ams-1 sshd[6293]: Received disconnect from 128.199.167.161 port 35560:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:20:12.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:20:45 honeypot-fra-1 sshd[29156]: Received disconnect from 64.225.43.245 port 35598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:20:45.751Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:21:09.020Z","@version":"1","message":"Sep 10 06:21:08 honeypot-sgp-1 sshd[2394]: Connection closed by authenticating user root 103.188.176.251 port 44772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:23:15 honeypot-fra-1 sshd[29163]: Received disconnect from 64.225.43.245 port 47958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:23:15.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:02 honeypot-fra-1 kernel: [83665476.563416] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.210 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53305 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:24:02.830Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:14 honeypot-fra-1 sshd[29173]: Invalid user user from 45.61.186.249 port 34348","@timestamp":"2022-09-10T06:24:14.836Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:30 honeypot-fra-1 sshd[29177]: Invalid user rich from 142.93.58.181 port 43566","@timestamp":"2022-09-10T06:24:30.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:43 honeypot-fra-1 sshd[29181]: Invalid user user from 45.61.186.249 port 40942","@timestamp":"2022-09-10T06:24:43.851Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:58 honeypot-fra-1 sshd[29185]: Received disconnect from 64.225.43.245 port 46788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:24:58.858Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:24:59 honeypot-ams-1 sshd[6389]: Received disconnect from 119.77.166.51 port 45678:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:25:00.288Z"}
{"@timestamp":"2022-09-10T06:25:02.116Z","@version":"1","message":"Sep 10 06:25:01 honeypot-sgp-1 CRON[2400]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:25:39 honeypot-fra-1 sshd[29320]: Disconnected from invalid user nils 107.170.113.190 port 52572 [preauth]","@timestamp":"2022-09-10T06:25:39.876Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:26:03.145Z","@version":"1","message":"Sep 10 06:26:02 honeypot-sgp-1 sshd[2549]: Disconnected from invalid user erik 61.76.169.138 port 1926 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:27:09 honeypot-fra-1 sshd[29326]: Received disconnect from 92.255.85.69 port 54450:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:27:09.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:29:13 honeypot-fra-1 sshd[29332]: Received disconnect from 64.225.43.245 port 57970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:29:13.977Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:29:59 honeypot-ams-1 sshd[6560]: Invalid user ftpuser from 92.255.85.70 port 36952","@timestamp":"2022-09-10T06:30:00.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:32:03 honeypot-fra-1 sshd[29337]: Disconnected from invalid user db2user 119.92.70.82 port 58938 [preauth]","@timestamp":"2022-09-10T06:32:04.041Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:38:41 honeypot-ams-1 sshd[6564]: Received disconnect from 193.142.146.50 port 50558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:38:41.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:38:51 honeypot-fra-1 kernel: [83666365.660626] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1381 PROTO=TCP SPT=51861 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:38:52.195Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:39:58 honeypot-ams-1 sshd[6570]: Received disconnect from 193.142.146.50 port 53582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:39:58.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:40:49 honeypot-ams-1 sshd[6576]: Received disconnect from 193.142.146.50 port 41736:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:40:50.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:42:10 honeypot-ams-1 sshd[6582]: Invalid user diane from 89.40.53.35 port 37470","@timestamp":"2022-09-10T06:42:10.751Z"}
{"@timestamp":"2022-09-10T06:45:13.633Z","@version":"1","message":"Sep 10 06:45:12 honeypot-sgp-1 kernel: [83668427.593714] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=14244 PROTO=TCP SPT=58323 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:46:45.672Z","@version":"1","message":"Sep 10 06:46:44 honeypot-sgp-1 sshd[2559]: Disconnected from invalid user wang 170.106.168.129 port 60582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:47:06 honeypot-fra-1 sshd[29344]: Invalid user jake from 128.199.1.140 port 40940","@timestamp":"2022-09-10T06:47:06.379Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:47:27.691Z","@version":"1","message":"Sep 10 06:47:27 honeypot-sgp-1 sshd[2579]: Disconnected from invalid user konitada 142.93.64.67 port 56706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:01 honeypot-ams-1 sshd[6586]: Received disconnect from 45.61.187.160 port 55960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:49:02.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:20 honeypot-ams-1 sshd[6590]: Received disconnect from 45.61.187.160 port 51148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:49:20.937Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:37 honeypot-ams-1 sshd[6594]: Received disconnect from 45.61.187.160 port 46304:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:49:37.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:49:47 honeypot-fra-1 kernel: [83667021.337897] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=39169 PROTO=TCP SPT=52076 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:49:47.440Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T06:49:49.749Z","@version":"1","message":"Sep 10 06:49:49 honeypot-sgp-1 sshd[2584]: Disconnected from invalid user gleb 13.67.201.190 port 48574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:53 honeypot-ams-1 sshd[6598]: Received disconnect from 45.61.187.160 port 41484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:49:53.954Z"}
{"@timestamp":"2022-09-10T06:50:21.763Z","@version":"1","message":"Sep 10 06:50:21 honeypot-sgp-1 sshd[2588]: Disconnected from invalid user rock 41.227.27.129 port 15956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:51:12.787Z","@version":"1","message":"Sep 10 06:51:12 honeypot-sgp-1 sshd[2592]: Received disconnect from 46.101.5.100 port 59296:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:52:08.811Z","@version":"1","message":"Sep 10 06:52:08 honeypot-sgp-1 sshd[2596]: Disconnected from invalid user tonkou 98.110.183.53 port 32872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:53:08 honeypot-ams-1 sshd[6603]: Invalid user ftpuser from 92.255.85.69 port 44256","@timestamp":"2022-09-10T06:53:09.040Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:54:37 honeypot-fra-1 kernel: [83667311.632613] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.59.7.139 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=20323 DF PROTO=TCP SPT=40054 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:54:37.547Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T06:58:47.969Z","@version":"1","message":"Sep 10 06:58:47 honeypot-sgp-1 kernel: [83669242.196680] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=238 ID=29509 PROTO=TCP SPT=11473 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 06:59:22 honeypot-ams-1 kernel: [83669748.690318] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.114 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48119 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:59:23.196Z"}
{"@timestamp":"2022-09-10T07:08:16.208Z","@version":"1","message":"Sep 10 07:08:15 honeypot-sgp-1 kernel: [83669810.186537] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.145.38.224 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=35690 PROTO=TCP SPT=20888 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:10:32 honeypot-fra-1 kernel: [83668266.312455] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=37383 PROTO=TCP SPT=17547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:10:32.898Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T07:16:26.412Z","@version":"1","message":"Sep 10 07:16:25 honeypot-sgp-1 kernel: [83670300.646192] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.94 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41921 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:16:46 honeypot-ams-1 kernel: [83670792.775095] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.95.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60640 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:16:46.633Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:17:01 honeypot-fra-1 CRON[29463]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T07:17:02.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:19:08 honeypot-fra-1 sshd[29469]: Connection closed by invalid user test 193.106.191.157 port 37374 [preauth]","@timestamp":"2022-09-10T07:19:09.106Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:20:18 honeypot-ams-1 kernel: [83671004.929723] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.29.127.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=21956 PROTO=TCP SPT=51599 DPT=80 WINDOW=45393 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:20:18.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:22:10 honeypot-fra-1 sshd[29473]: Disconnected from invalid user siva 202.162.109.25 port 49684 [preauth]","@timestamp":"2022-09-10T07:22:11.175Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T07:25:24.631Z","@version":"1","message":"Sep 10 07:25:23 honeypot-sgp-1 sshd[2613]: Disconnected from authenticating user root 157.255.28.157 port 47118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T07:34:32.865Z","@version":"1","message":"Sep 10 07:34:31 honeypot-sgp-1 sshd[2620]: Disconnected from authenticating user root 92.255.85.70 port 47964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:39:07 honeypot-fra-1 sshd[29479]: Invalid user test from 193.106.191.157 port 50514","@timestamp":"2022-09-10T07:39:07.546Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:40:30 honeypot-ams-1 kernel: [83672216.819470] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.168.35.131 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=31295 DF PROTO=TCP SPT=61545 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-10T07:40:31.258Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:26 honeypot-fra-1 sshd[29488]: Invalid user postgres from 147.182.210.165 port 34046","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29485]: Invalid user test from 147.182.210.165 port 33956","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29492]: Invalid user ftp from 147.182.210.165 port 34056","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29494]: Invalid user admin from 147.182.210.165 port 34096","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29501]: Invalid user admin from 147.182.210.165 port 34068","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29492]: Connection closed by invalid user ftp 147.182.210.165 port 34056 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29500]: Connection closed by invalid user steam 147.182.210.165 port 34088 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29511]: Connection closed by invalid user centos 147.182.210.165 port 34054 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:28 honeypot-fra-1 sshd[29537]: Connection closed by invalid user test 147.182.210.165 port 34060 [preauth]","@timestamp":"2022-09-10T07:42:28.624Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:44:50 honeypot-ams-1 kernel: [83672476.599012] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=61979 PROTO=TCP SPT=55883 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:44:50.373Z"}
{"@timestamp":"2022-09-10T07:44:59.125Z","@version":"1","message":"Sep 10 07:44:58 honeypot-sgp-1 kernel: [83672013.313949] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.137 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48047 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:48:53 honeypot-fra-1 sshd[29540]: Disconnected from invalid user ka 165.22.45.108 port 36908 [preauth]","@timestamp":"2022-09-10T07:48:53.768Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:40 honeypot-ams-1 sshd[6625]: error: Received disconnect from 20.118.188.175 port 57626:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-10T07:53:40.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:47 honeypot-ams-1 sshd[6629]: Disconnected from authenticating user root 20.118.188.175 port 57854 [preauth]","@timestamp":"2022-09-10T07:53:48.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:55 honeypot-ams-1 sshd[6633]: Disconnected from invalid user admin 20.118.188.175 port 58131 [preauth]","@timestamp":"2022-09-10T07:53:55.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:55:29 honeypot-ams-1 sshd[6637]: Disconnected from invalid user support 20.118.188.175 port 61298 [preauth]","@timestamp":"2022-09-10T07:55:30.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:55:35 honeypot-ams-1 sshd[6641]: Disconnected from invalid user user 20.118.188.175 port 61555 [preauth]","@timestamp":"2022-09-10T07:55:36.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:02:42 honeypot-fra-1 kernel: [83671396.371207] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=3554 PROTO=TCP SPT=59281 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:02:43.074Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:03:21 honeypot-ams-1 sshd[6646]: Disconnected from authenticating user root 92.255.85.70 port 30580 [preauth]","@timestamp":"2022-09-10T08:03:22.850Z"}
{"@timestamp":"2022-09-10T08:03:49.594Z","@version":"1","message":"Sep 10 08:03:49 honeypot-sgp-1 kernel: [83673144.253021] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.61 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55194 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:06:31 honeypot-ams-1 sshd[6652]: Disconnected from authenticating user root 143.244.158.100 port 51992 [preauth]","@timestamp":"2022-09-10T08:06:31.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:08:51 honeypot-ams-1 sshd[6659]: Received disconnect from 143.244.158.100 port 45810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:08:51.999Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 08:10:29 honeypot-ams-1 kernel: [83674016.151288] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=52047 PROTO=TCP SPT=44402 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:10:30.045Z"}
{"@timestamp":"2022-09-10T08:10:53.768Z","@version":"1","message":"Sep 10 08:10:53 honeypot-sgp-1 kernel: [83673568.235544] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=11228 PROTO=TCP SPT=52555 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:11:53 honeypot-fra-1 sshd[29569]: Received disconnect from 168.232.123.171 port 52378:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:11:54.281Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:12:47 honeypot-ams-1 sshd[6670]: Disconnected from authenticating user root 143.244.158.100 port 34812 [preauth]","@timestamp":"2022-09-10T08:12:48.107Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:14:10 honeypot-fra-1 sshd[29573]: Received disconnect from 114.246.10.197 port 43854:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:14:11.336Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:15:11 honeypot-ams-1 sshd[6676]: Disconnected from authenticating user root 143.244.158.100 port 53448 [preauth]","@timestamp":"2022-09-10T08:15:12.172Z"}
{"@timestamp":"2022-09-10T08:16:25.901Z","@version":"1","message":"Sep 10 08:16:25 honeypot-sgp-1 sshd[2635]: Disconnected from invalid user nagios 122.181.16.134 port 44762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:16:27 honeypot-fra-1 kernel: [83672221.202115] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=19022 PROTO=TCP SPT=11385 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:16:27.387Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:17:01 honeypot-ams-1 CRON[6682]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T08:17:02.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:19:14 honeypot-ams-1 sshd[6690]: Disconnected from authenticating user root 143.244.158.100 port 53730 [preauth]","@timestamp":"2022-09-10T08:19:15.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:20:54 honeypot-ams-1 sshd[6696]: Received disconnect from 190.119.187.173 port 59497:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:20:54.325Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 08:22:45 honeypot-ams-1 kernel: [83674751.584125] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.83 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28436 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:22:45.375Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:23:29 honeypot-fra-1 kernel: [83672643.546931] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34658 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:23:29.550Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:24:01 honeypot-ams-1 sshd[6707]: Disconnected from authenticating user root 143.244.158.100 port 54132 [preauth]","@timestamp":"2022-09-10T08:24:02.413Z"}
{"@timestamp":"2022-09-10T08:26:32.169Z","@version":"1","message":"Sep 10 08:26:31 honeypot-sgp-1 kernel: [83674506.057501] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.123 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52638 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:26:36 honeypot-ams-1 sshd[6730]: Received disconnect from 143.244.158.100 port 40994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:26:36.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:27:28 honeypot-ams-1 sshd[6736]: Disconnected from authenticating user root 143.244.158.100 port 50972 [preauth]","@timestamp":"2022-09-10T08:27:29.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:30:13 honeypot-ams-1 sshd[6743]: Disconnected from authenticating user root 143.244.158.100 port 35266 [preauth]","@timestamp":"2022-09-10T08:30:14.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:32:59 honeypot-ams-1 sshd[6749]: Disconnected from authenticating user root 143.244.158.100 port 46990 [preauth]","@timestamp":"2022-09-10T08:32:59.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:35:47 honeypot-ams-1 sshd[6756]: Disconnected from authenticating user root 143.244.158.100 port 47108 [preauth]","@timestamp":"2022-09-10T08:35:47.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:38:25 honeypot-ams-1 sshd[6762]: Received disconnect from 143.244.158.100 port 59336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:38:25.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:40:12 honeypot-ams-1 sshd[6770]: Received disconnect from 181.129.166.202 port 50920:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:40:12.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:41:03 honeypot-ams-1 sshd[6774]: Disconnected from authenticating user root 143.244.158.100 port 49430 [preauth]","@timestamp":"2022-09-10T08:41:04.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:43:01 honeypot-ams-1 sshd[6780]: Invalid user dana from 203.151.81.77 port 60274","@timestamp":"2022-09-10T08:43:01.928Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:43:03 honeypot-fra-1 sshd[29593]: Received disconnect from 51.222.196.77 port 52548:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:43:03.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T08:43:13.568Z","@version":"1","message":"Sep 10 08:43:12 honeypot-sgp-1 sshd[2665]: Received disconnect from 104.248.131.9 port 57710:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:43:39 honeypot-ams-1 sshd[6782]: Disconnected from invalid user finance 184.168.123.65 port 48722 [preauth]","@timestamp":"2022-09-10T08:43:39.946Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:44:54 honeypot-ams-1 sshd[6788]: Invalid user station from 91.205.128.170 port 60756","@timestamp":"2022-09-10T08:44:54.982Z"}
{"@timestamp":"2022-09-10T08:45:52.631Z","@version":"1","message":"Sep 10 08:45:52 honeypot-sgp-1 sshd[2670]: Disconnected from authenticating user root 206.189.233.23 port 59936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:46:37 honeypot-ams-1 sshd[6793]: Disconnected from authenticating user root 143.244.158.100 port 59710 [preauth]","@timestamp":"2022-09-10T08:46:38.027Z"}
{"@timestamp":"2022-09-10T08:46:49.656Z","@version":"1","message":"Sep 10 08:46:49 honeypot-sgp-1 sshd[2675]: Received disconnect from 45.61.186.249 port 48794:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:47:06 honeypot-fra-1 sshd[29597]: Received disconnect from 165.227.232.25 port 59064:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:47:07.088Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T08:47:08.665Z","@version":"1","message":"Sep 10 08:47:08 honeypot-sgp-1 sshd[2679]: Received disconnect from 45.61.186.249 port 43406:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T08:47:25.674Z","@version":"1","message":"Sep 10 08:47:25 honeypot-sgp-1 sshd[2683]: Received disconnect from 45.61.186.249 port 38018:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:48:22 honeypot-ams-1 sshd[6797]: Disconnected from invalid user oracle 103.20.188.28 port 33296 [preauth]","@timestamp":"2022-09-10T08:48:23.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:50:09 honeypot-ams-1 sshd[6803]: Disconnected from authenticating user root 143.244.158.100 port 48580 [preauth]","@timestamp":"2022-09-10T08:50:10.122Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:50:48 honeypot-fra-1 kernel: [83674282.230603] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33330 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:50:49.173Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:53:01 honeypot-fra-1 sshd[29606]: Disconnected from authenticating user root 178.128.22.123 port 56020 [preauth]","@timestamp":"2022-09-10T08:53:02.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 08:54:27 honeypot-ams-1 kernel: [83676653.658825] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.91.47.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=26338 PROTO=TCP SPT=4153 DPT=80 WINDOW=9737 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:54:28.237Z"}
{"@timestamp":"2022-09-10T08:55:01.880Z","@version":"1","message":"Sep 10 08:55:01 honeypot-sgp-1 sshd[2688]: Received disconnect from 79.62.236.130 port 43864:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:59:42 honeypot-fra-1 kernel: [83674816.047956] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=37186 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:59:42.377Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T09:08:11.211Z","@version":"1","message":"Sep 10 09:08:10 honeypot-sgp-1 kernel: [83677004.872580] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11593 PROTO=TCP SPT=43711 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:08:38 honeypot-ams-1 sshd[6817]: Received disconnect from 178.62.17.51 port 40480:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:08:38.599Z"}
{"@timestamp":"2022-09-10T09:10:45.278Z","@version":"1","message":"Sep 10 09:10:44 honeypot-sgp-1 kernel: [83677158.874089] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=238 ID=54206 PROTO=TCP SPT=28603 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:11:55 honeypot-fra-1 sshd[29614]: Disconnected from authenticating user root 92.255.85.70 port 15606 [preauth]","@timestamp":"2022-09-10T09:11:55.651Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:13:57 honeypot-ams-1 sshd[6822]: Disconnected from authenticating user root 92.255.85.70 port 40696 [preauth]","@timestamp":"2022-09-10T09:13:57.734Z"}
{"@timestamp":"2022-09-10T09:14:58.386Z","@version":"1","message":"Sep 10 09:14:57 honeypot-sgp-1 sshd[2774]: Invalid user user from 141.255.162.226 port 46250","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:15:01.388Z","@version":"1","message":"Sep 10 09:15:00 honeypot-sgp-1 sshd[2778]: Invalid user user from 141.255.162.226 port 43506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:15:03.390Z","@version":"1","message":"Sep 10 09:15:02 honeypot-sgp-1 sshd[2782]: Invalid user user from 141.255.162.226 port 52008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:15:07.392Z","@version":"1","message":"Sep 10 09:15:06 honeypot-sgp-1 sshd[2786]: Invalid user user from 141.255.162.226 port 40786","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:18:33.474Z","@version":"1","message":"Sep 10 09:18:32 honeypot-sgp-1 sshd[2802]: Invalid user user from 114.67.225.93 port 43750","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:21:16 honeypot-fra-1 sshd[29623]: Invalid user vagelis from 82.196.5.251 port 48520","@timestamp":"2022-09-10T09:21:16.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:23:23 honeypot-fra-1 sshd[29625]: Disconnected from invalid user kafka 165.22.45.108 port 52024 [preauth]","@timestamp":"2022-09-10T09:23:23.920Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T09:24:35.624Z","@version":"1","message":"Sep 10 09:24:34 honeypot-sgp-1 sshd[2872]: Disconnected from 218.92.0.205 port 32722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:27:18.690Z","@version":"1","message":"Sep 10 09:27:18 honeypot-sgp-1 kernel: [83678153.260003] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=64368 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:29:21 honeypot-ams-1 sshd[6830]: Did not receive identification string from 152.32.255.215 port 22032","@timestamp":"2022-09-10T09:29:21.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:35:33 honeypot-fra-1 sshd[29629]: Received disconnect from 92.255.85.69 port 36204:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:35:34.206Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:33 honeypot-ams-1 sshd[6838]: Received disconnect from 191.211.61.227 port 44924:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:35:34.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:37 honeypot-ams-1 sshd[6842]: Received disconnect from 191.211.61.227 port 45028:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:35:38.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:42 honeypot-ams-1 sshd[6848]: Received disconnect from 191.211.61.227 port 45223:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:35:43.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:47 honeypot-ams-1 sshd[6854]: Received disconnect from 191.211.61.227 port 45381:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:35:48.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:52 honeypot-ams-1 sshd[6860]: Received disconnect from 191.211.61.227 port 45559:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:35:53.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:58 honeypot-ams-1 sshd[6866]: Received disconnect from 191.211.61.227 port 45753:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:35:58.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:04 honeypot-ams-1 sshd[6872]: Received disconnect from 191.211.61.227 port 45921:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:04.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:08 honeypot-ams-1 sshd[6878]: Received disconnect from 191.211.61.227 port 46119:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:09.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:14 honeypot-ams-1 sshd[6884]: Received disconnect from 191.211.61.227 port 46315:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:15.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:19 honeypot-ams-1 sshd[6890]: Received disconnect from 191.211.61.227 port 46524:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:20.353Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 09:36:24 honeypot-ams-1 kernel: [83679171.159903] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=10629 PROTO=TCP SPT=43003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T09:36:25.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:27 honeypot-ams-1 sshd[6900]: Disconnected from authenticating user root 191.211.61.227 port 46819 [preauth]","@timestamp":"2022-09-10T09:36:28.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:32 honeypot-ams-1 sshd[6906]: Disconnected from authenticating user root 191.211.61.227 port 46990 [preauth]","@timestamp":"2022-09-10T09:36:33.361Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:35 honeypot-ams-1 sshd[6910]: Disconnected from invalid user admin 191.211.61.227 port 47111 [preauth]","@timestamp":"2022-09-10T09:36:36.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:42 honeypot-ams-1 sshd[6914]: Disconnected from invalid user admin 191.211.61.227 port 47331 [preauth]","@timestamp":"2022-09-10T09:36:42.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:45 honeypot-ams-1 sshd[6918]: Disconnected from invalid user admin 191.211.61.227 port 47446 [preauth]","@timestamp":"2022-09-10T09:36:46.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:48 honeypot-ams-1 sshd[6922]: Disconnected from invalid user admin 191.211.61.227 port 47566 [preauth]","@timestamp":"2022-09-10T09:36:49.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:51 honeypot-ams-1 sshd[6926]: Disconnected from invalid user admin 191.211.61.227 port 47687 [preauth]","@timestamp":"2022-09-10T09:36:52.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:57 honeypot-ams-1 sshd[6932]: Received disconnect from 191.211.61.227 port 47877:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:58.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:00 honeypot-ams-1 sshd[6936]: Received disconnect from 191.211.61.227 port 48030:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:01.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:04 honeypot-ams-1 sshd[6940]: Received disconnect from 191.211.61.227 port 48161:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:04.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:08 honeypot-ams-1 sshd[6944]: Received disconnect from 191.211.61.227 port 48322:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:09.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:11 honeypot-ams-1 sshd[6948]: Received disconnect from 191.211.61.227 port 48450:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:12.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:15 honeypot-ams-1 sshd[6952]: Received disconnect from 191.211.61.227 port 48594:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:16.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:19 honeypot-ams-1 sshd[6956]: Received disconnect from 191.211.61.227 port 48715:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:19.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:22 honeypot-ams-1 sshd[6960]: Received disconnect from 191.211.61.227 port 48850:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:23.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:26 honeypot-ams-1 sshd[6964]: Received disconnect from 191.211.61.227 port 49006:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:27.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:30 honeypot-ams-1 sshd[6968]: Received disconnect from 191.211.61.227 port 49133:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:30.399Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:33 honeypot-ams-1 sshd[6972]: Received disconnect from 191.211.61.227 port 49258:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:33.402Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:36 honeypot-ams-1 sshd[6976]: Received disconnect from 191.211.61.227 port 49373:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:37:37.404Z"}
{"@timestamp":"2022-09-10T09:40:29.007Z","@version":"1","message":"Sep 10 09:40:28 honeypot-sgp-1 kernel: [83678943.216142] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.44.191.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=15686 PROTO=TCP SPT=43369 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 09:42:50 honeypot-ams-1 kernel: [83679556.725746] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=29528 PROTO=TCP SPT=40367 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T09:42:50.536Z"}
{"@timestamp":"2022-09-10T09:44:38.107Z","@version":"1","message":"Sep 10 09:44:37 honeypot-sgp-1 sshd[2888]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:52:03 honeypot-fra-1 sshd[29636]: Invalid user test from 193.106.191.157 port 45780","@timestamp":"2022-09-10T09:52:03.560Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T09:56:44.395Z","@version":"1","message":"Sep 10 09:56:43 honeypot-sgp-1 kernel: [83679918.137920] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.85.190.64 DST=159.89.202.188 LEN=60 TOS=0x08 PREC=0x00 TTL=44 ID=20437 DF PROTO=TCP SPT=54816 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:58:37 honeypot-fra-1 sshd[29641]: Received disconnect from 92.255.85.69 port 17716:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:58:37.722Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:01:22 honeypot-ams-1 sshd[7003]: Invalid user admin from 92.255.85.70 port 36128","@timestamp":"2022-09-10T10:01:23.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:06:04 honeypot-ams-1 sshd[7009]: Disconnected from authenticating user root 36.89.238.235 port 60260 [preauth]","@timestamp":"2022-09-10T10:06:05.147Z"}
{"@timestamp":"2022-09-10T10:06:28.629Z","@version":"1","message":"Sep 10 10:06:28 honeypot-sgp-1 sshd[2905]: Did not receive identification string from 45.61.187.160 port 53230","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:06:54.642Z","@version":"1","message":"Sep 10 10:06:53 honeypot-sgp-1 sshd[2908]: Disconnected from invalid user robin 20.228.209.161 port 51030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:10.650Z","@version":"1","message":"Sep 10 10:07:10 honeypot-sgp-1 sshd[2912]: Disconnected from invalid user user 45.61.187.160 port 52806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:26.684Z","@version":"1","message":"Sep 10 10:07:26 honeypot-sgp-1 sshd[2916]: Disconnected from invalid user user 45.61.187.160 port 47428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:37.689Z","@version":"1","message":"Sep 10 10:07:36 honeypot-sgp-1 sshd[2920]: Disconnected from invalid user johan 104.248.138.141 port 38754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:13:07.824Z","@version":"1","message":"Sep 10 10:13:07 honeypot-sgp-1 sshd[2925]: Received disconnect from 61.177.173.51 port 57478:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:13:39 honeypot-ams-1 sshd[7016]: Disconnected from authenticating user root 64.225.43.245 port 54498 [preauth]","@timestamp":"2022-09-10T10:13:40.340Z"}
{"@timestamp":"2022-09-10T10:15:06.873Z","@version":"1","message":"Sep 10 10:15:06 honeypot-sgp-1 kernel: [83681020.768020] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=238 ID=18713 PROTO=TCP SPT=22907 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:15:09 honeypot-fra-1 sshd[29647]: Disconnected from authenticating user root 61.177.172.124 port 57468 [preauth]","@timestamp":"2022-09-10T10:15:10.085Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:15:58 honeypot-ams-1 sshd[7026]: Received disconnect from 64.225.43.245 port 38636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:15:59.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:17:13 honeypot-ams-1 sshd[7035]: Received disconnect from 61.177.172.19 port 37099:11:  [preauth]","@timestamp":"2022-09-10T10:17:13.461Z"}
{"@timestamp":"2022-09-10T10:18:25.953Z","@version":"1","message":"Sep 10 10:18:25 honeypot-sgp-1 sshd[2938]: Invalid user admin from 49.167.15.161 port 60411","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:19:07 honeypot-ams-1 sshd[7041]: Received disconnect from 64.225.43.245 port 36308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:19:08.513Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:21:30 honeypot-ams-1 sshd[7048]: Received disconnect from 64.225.43.245 port 48676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:21:31.575Z"}
{"@timestamp":"2022-09-10T10:22:39.056Z","@version":"1","message":"Sep 10 10:22:38 honeypot-sgp-1 sshd[2943]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.214.40 port 50460","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:23:05 honeypot-ams-1 sshd[7053]: Disconnected from authenticating user root 64.225.43.245 port 47516 [preauth]","@timestamp":"2022-09-10T10:23:05.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:23:11 honeypot-fra-1 kernel: [83679825.601147] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.85.190.64 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=10206 DF PROTO=TCP SPT=41306 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:23:12.276Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:24:57 honeypot-ams-1 sshd[7059]: Disconnected from authenticating user root 92.255.85.69 port 46180 [preauth]","@timestamp":"2022-09-10T10:24:58.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:26:10 honeypot-fra-1 sshd[29660]: Invalid user kafka from 165.22.45.108 port 33892","@timestamp":"2022-09-10T10:26:11.345Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:27:10 honeypot-ams-1 sshd[7069]: Received disconnect from 64.225.43.245 port 58720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:27:11.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:29:05 honeypot-ams-1 sshd[7078]: Received disconnect from 61.177.173.36 port 45489:11:  [preauth]","@timestamp":"2022-09-10T10:29:05.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:31:07 honeypot-ams-1 sshd[7085]: Received disconnect from 64.225.43.245 port 41690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:31:08.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:31:10 honeypot-fra-1 kernel: [83680304.272986] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=38253 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:31:11.458Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:33:32 honeypot-ams-1 sshd[7092]: Received disconnect from 64.225.43.245 port 54072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:33:32.900Z"}
{"@timestamp":"2022-09-10T10:34:47.340Z","@version":"1","message":"Sep 10 10:34:46 honeypot-sgp-1 sshd[2954]: Received disconnect from 61.177.173.46 port 64364:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:35:07 honeypot-ams-1 sshd[7096]: Received disconnect from 64.225.43.245 port 52904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:35:07.962Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:36:37 honeypot-ams-1 sshd[7102]: Connection closed by invalid user test 193.106.191.157 port 56690 [preauth]","@timestamp":"2022-09-10T10:36:38.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:37:46 honeypot-fra-1 sshd[29668]: Received disconnect from 61.177.172.108 port 18057:11:  [preauth]","@timestamp":"2022-09-10T10:37:47.605Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:38:27 honeypot-ams-1 sshd[7108]: Disconnected from authenticating user root 64.225.43.245 port 50568 [preauth]","@timestamp":"2022-09-10T10:38:28.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:40:54 honeypot-ams-1 sshd[7115]: Received disconnect from 64.225.43.245 port 34702:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:40:55.122Z"}
{"@timestamp":"2022-09-10T10:42:04.514Z","@version":"1","message":"Sep 10 10:42:04 honeypot-sgp-1 kernel: [83682638.972561] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.212.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36132 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:42:31 honeypot-ams-1 sshd[7121]: Received disconnect from 64.225.43.245 port 33538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:42:32.164Z"}
{"@timestamp":"2022-09-10T10:43:07.541Z","@version":"1","message":"Sep 10 10:43:07 honeypot-sgp-1 sshd[2961]: Disconnected from invalid user ftpuser 92.255.85.69 port 51320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:44:09 honeypot-ams-1 sshd[7125]: Disconnected from authenticating user root 64.225.43.245 port 60606 [preauth]","@timestamp":"2022-09-10T10:44:10.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29675]: Invalid user elastic from 152.136.130.81 port 36906","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29680]: Invalid user ec2-user from 152.136.130.81 port 36894","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29693]: Invalid user devops from 152.136.130.81 port 36898","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29675]: Connection closed by invalid user elastic 152.136.130.81 port 36906 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29705]: Invalid user esuser from 152.136.130.81 port 36866","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29698]: Invalid user centos from 152.136.130.81 port 36918","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29683]: Connection closed by invalid user oracle 152.136.130.81 port 36934 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29681]: Connection closed by invalid user ftpuser 152.136.130.81 port 36932 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29687]: Connection closed by invalid user guest 152.136.130.81 port 36922 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29690]: Connection closed by invalid user git 152.136.130.81 port 36950 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:45:32 honeypot-fra-1 sshd[29734]: Invalid user ftpuser from 92.255.85.70 port 33936","@timestamp":"2022-09-10T10:45:33.782Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:45:49 honeypot-ams-1 sshd[7132]: Received disconnect from 64.225.43.245 port 59440:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:45:49.259Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:46:21 honeypot-fra-1 sshd[29737]: Disconnected from invalid user user 45.61.186.49 port 34920 [preauth]","@timestamp":"2022-09-10T10:46:22.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:46:30 honeypot-fra-1 sshd[29741]: Disconnected from invalid user user 45.61.186.49 port 46354 [preauth]","@timestamp":"2022-09-10T10:46:30.808Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T10:47:03.636Z","@version":"1","message":"Sep 10 10:47:03 honeypot-sgp-1 kernel: [83682937.877583] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.241 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=241 ID=17218 DF PROTO=TCP SPT=14296 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:47:26 honeypot-ams-1 sshd[7136]: Disconnected from authenticating user root 64.225.43.245 port 58278 [preauth]","@timestamp":"2022-09-10T10:47:26.303Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 10:48:33 honeypot-ams-1 kernel: [83683499.859306] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.199.209.90 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=45344 PROTO=TCP SPT=46730 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:48:34.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:49:21 honeypot-ams-1 sshd[7148]: Invalid user admin from 80.76.51.46 port 42630","@timestamp":"2022-09-10T10:49:21.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:49:51 honeypot-ams-1 sshd[7152]: Received disconnect from 80.76.51.46 port 42631:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:49:51.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:50:05 honeypot-ams-1 sshd[7157]: Received disconnect from 80.76.51.46 port 42690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:50:06.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:50:46 honeypot-ams-1 sshd[7163]: Received disconnect from 64.225.43.245 port 55948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:50:46.406Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:51:18 honeypot-ams-1 sshd[7169]: Received disconnect from 80.76.51.46 port 42828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:51:19.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:51:39 honeypot-fra-1 sshd[29750]: Disconnected from authenticating user root 20.249.12.244 port 37238 [preauth]","@timestamp":"2022-09-10T10:51:39.922Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:51:48 honeypot-ams-1 sshd[7175]: Invalid user user from 80.76.51.46 port 42854","@timestamp":"2022-09-10T10:51:48.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:52:24 honeypot-ams-1 sshd[7179]: Received disconnect from 64.225.43.245 port 54774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:52:25.459Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:54:01 honeypot-ams-1 sshd[7185]: Disconnected from authenticating user root 64.225.43.245 port 53608 [preauth]","@timestamp":"2022-09-10T10:54:02.503Z"}
{"@timestamp":"2022-09-10T10:54:52.821Z","@version":"1","message":"Sep 10 10:54:52 honeypot-sgp-1 sshd[2973]: Disconnected from invalid user user 141.255.162.226 port 38478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:54:55.823Z","@version":"1","message":"Sep 10 10:54:54 honeypot-sgp-1 sshd[2977]: Disconnected from invalid user user 141.255.162.226 port 53450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:54:58 honeypot-ams-1 sshd[7192]: Disconnected from invalid user user 45.61.184.204 port 40674 [preauth]","@timestamp":"2022-09-10T10:54:59.529Z"}
{"@timestamp":"2022-09-10T10:54:59.825Z","@version":"1","message":"Sep 10 10:54:59 honeypot-sgp-1 sshd[2981]: Disconnected from invalid user user 141.255.162.226 port 60942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:18 honeypot-ams-1 sshd[7198]: Invalid user user from 45.61.184.204 port 35766","@timestamp":"2022-09-10T10:55:18.539Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:28 honeypot-ams-1 sshd[7200]: Received disconnect from 61.177.172.90 port 47726:11:  [preauth]","@timestamp":"2022-09-10T10:55:28.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:39 honeypot-ams-1 sshd[7206]: Disconnected from authenticating user root 64.225.43.245 port 52444 [preauth]","@timestamp":"2022-09-10T10:55:39.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:54 honeypot-ams-1 sshd[7212]: Invalid user user from 45.61.184.204 port 54292","@timestamp":"2022-09-10T10:55:54.560Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:56:19 honeypot-fra-1 kernel: [83681812.818298] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.92.87.63 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=12041 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:56:20.029Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:56:34 honeypot-ams-1 sshd[7216]: Disconnected from authenticating user root 118.27.30.17 port 48094 [preauth]","@timestamp":"2022-09-10T10:56:35.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:58:09 honeypot-ams-1 sshd[7222]: Disconnected from authenticating user root 64.225.43.245 port 36578 [preauth]","@timestamp":"2022-09-10T10:58:09.624Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:59:35 honeypot-fra-1 sshd[29781]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-10T10:59:36.100Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:00:37 honeypot-ams-1 sshd[7229]: Disconnected from authenticating user root 64.225.43.245 port 48948 [preauth]","@timestamp":"2022-09-10T11:00:38.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:03:08 honeypot-ams-1 sshd[7237]: Received disconnect from 64.225.43.245 port 33162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:03:08.759Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:04:47 honeypot-ams-1 kernel: [83684473.381698] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.156.73.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=43731 PROTO=TCP SPT=44795 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:04:47.804Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:05:09 honeypot-fra-1 sshd[29788]: Connection closed by authenticating user root 103.188.176.251 port 55074 [preauth]","@timestamp":"2022-09-10T11:05:10.241Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:05:21.068Z","@version":"1","message":"Sep 10 11:05:20 honeypot-sgp-1 kernel: [83684035.277925] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=44385 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:05:32 honeypot-ams-1 sshd[7247]: Received disconnect from 64.225.43.245 port 45530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:05:33.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:06:12 honeypot-ams-1 sshd[7252]: Disconnected from authenticating user root 206.189.134.26 port 45244 [preauth]","@timestamp":"2022-09-10T11:06:12.847Z"}
{"@timestamp":"2022-09-10T11:07:01.110Z","@version":"1","message":"Sep 10 11:07:00 honeypot-sgp-1 kernel: [83684134.857265] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=44385 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:08:44 honeypot-fra-1 kernel: [83682558.209712] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=942 PROTO=TCP SPT=57817 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:08:45.322Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:08:55 honeypot-ams-1 sshd[7259]: Received disconnect from 121.79.128.37 port 38491:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:08:55.920Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:09:23 honeypot-ams-1 kernel: [83684749.973743] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.145 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53996 PROTO=TCP SPT=48124 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:09:23.934Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:09:54 honeypot-fra-1 kernel: [83682627.778093] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=97.107.129.10 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14376 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:09:54.352Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T11:11:45.223Z","@version":"1","message":"Sep 10 11:11:45 honeypot-sgp-1 sshd[3001]: Invalid user user from 141.255.162.226 port 33638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T11:11:49.225Z","@version":"1","message":"Sep 10 11:11:49 honeypot-sgp-1 sshd[3005]: Invalid user user from 141.255.162.226 port 48764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:11:50 honeypot-ams-1 sshd[7265]: Disconnected from invalid user ftpuser 92.255.85.70 port 62326 [preauth]","@timestamp":"2022-09-10T11:11:51.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:13:25 honeypot-fra-1 sshd[29803]: Received disconnect from 61.177.173.51 port 38393:11:  [preauth]","@timestamp":"2022-09-10T11:13:25.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:17:01 honeypot-fra-1 CRON[29807]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T11:17:01.514Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:17:02.349Z","@version":"1","message":"Sep 10 11:17:01 honeypot-sgp-1 CRON[3012]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T11:19:24.406Z","@version":"1","message":"Sep 10 11:19:23 honeypot-sgp-1 sshd[3018]: ssh_dispatch_run_fatal: Connection from 153.180.100.143 port 42062: message authentication code incorrect [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:19:37 honeypot-ams-1 sshd[7274]: Received disconnect from 218.92.0.202 port 52662:11:  [preauth]","@timestamp":"2022-09-10T11:19:38.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:21:10 honeypot-ams-1 sshd[7278]: Disconnected from authenticating user root 61.177.172.90 port 63166 [preauth]","@timestamp":"2022-09-10T11:21:11.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:22:36 honeypot-fra-1 kernel: [83683389.854343] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=3873 PROTO=TCP SPT=48835 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:22:36.640Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:23:18 honeypot-ams-1 sshd[7284]: Connection closed by invalid user pi 37.189.36.203 port 55358 [preauth]","@timestamp":"2022-09-10T11:23:19.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:23:41 honeypot-ams-1 sshd[7290]: Disconnected from invalid user admin 80.76.51.46 port 43452 [preauth]","@timestamp":"2022-09-10T11:23:42.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:24:27 honeypot-ams-1 sshd[7298]: Received disconnect from 80.76.51.46 port 49366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:24:28.337Z"}
{"@timestamp":"2022-09-10T11:24:42.531Z","@version":"1","message":"Sep 10 11:24:42 honeypot-sgp-1 sshd[3024]: Disconnected from authenticating user root 61.177.172.114 port 18032 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:24:43 honeypot-ams-1 sshd[7302]: Disconnected from authenticating user root 80.76.51.46 port 51398 [preauth]","@timestamp":"2022-09-10T11:24:43.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:25:25 honeypot-fra-1 sshd[29819]: Received disconnect from 160.153.252.142 port 53816:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:25:25.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:25:28 honeypot-ams-1 sshd[7308]: Disconnected from authenticating user root 80.76.51.46 port 57306 [preauth]","@timestamp":"2022-09-10T11:25:28.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:26:13 honeypot-ams-1 sshd[7314]: Received disconnect from 80.76.51.46 port 35036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:26:14.391Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:26:58 honeypot-ams-1 kernel: [83685804.701439] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5388 PROTO=TCP SPT=12446 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:26:58.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:28:51 honeypot-fra-1 sshd[29821]: Disconnected from invalid user kafka 165.22.45.108 port 43928 [preauth]","@timestamp":"2022-09-10T11:28:51.784Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:29:39.648Z","@version":"1","message":"Sep 10 11:29:39 honeypot-sgp-1 sshd[3028]: Disconnected from invalid user ftpuser 92.255.85.70 port 29528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:33:02 honeypot-fra-1 sshd[29826]: Disconnected from authenticating user root 61.177.173.36 port 55776 [preauth]","@timestamp":"2022-09-10T11:33:02.879Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:34:39.778Z","@version":"1","message":"Sep 10 11:34:39 honeypot-sgp-1 kernel: [83685793.786678] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.127.189.90 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48226 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:34:59 honeypot-ams-1 sshd[7325]: Received disconnect from 92.255.85.70 port 23354:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:35:00.614Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:42:54 honeypot-ams-1 sshd[7331]: Received disconnect from 62.231.21.18 port 34596:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:42:54.815Z"}
{"@timestamp":"2022-09-10T11:43:59.999Z","@version":"1","message":"Sep 10 11:43:59 honeypot-sgp-1 sshd[3039]: Received disconnect from 1.245.61.144 port 29739:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:49:40 honeypot-ams-1 kernel: [83687166.452367] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.87 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55514 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:49:40.988Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:51:44 honeypot-fra-1 sshd[29836]: Received disconnect from 61.177.173.49 port 22712:11:  [preauth]","@timestamp":"2022-09-10T11:51:45.291Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:53:05.209Z","@version":"1","message":"Sep 10 11:53:04 honeypot-sgp-1 sshd[3044]: Received disconnect from 92.255.85.69 port 40506:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:56:35 honeypot-fra-1 sshd[29841]: Disconnected from authenticating user root 92.255.85.69 port 39798 [preauth]","@timestamp":"2022-09-10T11:56:36.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:58:28 honeypot-fra-1 sshd[29845]: Disconnected from invalid user kate 103.146.202.151 port 43196 [preauth]","@timestamp":"2022-09-10T11:58:29.445Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:58:58 honeypot-ams-1 kernel: [83687725.232566] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=55719 PROTO=TCP SPT=49801 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:58:59.228Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:01:44 honeypot-ams-1 sshd[7350]: Disconnected from authenticating user root 61.177.172.19 port 60446 [preauth]","@timestamp":"2022-09-10T12:01:44.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:02:24 honeypot-fra-1 sshd[29852]: Invalid user User from 122.170.3.203 port 36286","@timestamp":"2022-09-10T12:02:24.535Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T12:05:26.512Z","@version":"1","message":"Sep 10 12:05:25 honeypot-sgp-1 kernel: [83687640.367515] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=9845 PROTO=TCP SPT=51203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:10:35 honeypot-fra-1 sshd[29858]: Disconnected from authenticating user root 61.177.173.37 port 51821 [preauth]","@timestamp":"2022-09-10T12:10:36.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:11:59 honeypot-fra-1 sshd[29863]: Received disconnect from 157.245.46.21 port 54250:11: Bye Bye [preauth]","@timestamp":"2022-09-10T12:11:59.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:12:51 honeypot-fra-1 sshd[29865]: Disconnected from invalid user mike 140.206.157.242 port 48888 [preauth]","@timestamp":"2022-09-10T12:12:51.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:16:08 honeypot-fra-1 sshd[29872]: Disconnected from invalid user mike 43.154.6.172 port 35396 [preauth]","@timestamp":"2022-09-10T12:16:08.858Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T12:17:12.794Z","@version":"1","message":"Sep 10 12:17:12 honeypot-sgp-1 sshd[3064]: Received disconnect from 92.255.85.69 port 32818:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:19:01 honeypot-ams-1 sshd[7359]: Received disconnect from 61.177.172.98 port 28801:11:  [preauth]","@timestamp":"2022-09-10T12:19:02.759Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:19:56 honeypot-fra-1 sshd[29880]: Disconnected from authenticating user root 92.255.85.69 port 23102 [preauth]","@timestamp":"2022-09-10T12:19:56.945Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:22:21 honeypot-ams-1 kernel: [83689127.761839] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=36072 PROTO=TCP SPT=39462 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:22:21.843Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:55 honeypot-fra-1 sshd[29885]: Connection closed by invalid user ubuntu 75.90.49.160 port 48362 [preauth]","@timestamp":"2022-09-10T12:22:56.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29901]: Invalid user appuser from 75.90.49.160 port 48672","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29897]: Connection closed by authenticating user root 75.90.49.160 port 48586 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29917]: Invalid user ubuntu from 75.90.49.160 port 48658","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29914]: Invalid user oracle from 75.90.49.160 port 48408","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29903]: Connection closed by authenticating user root 75.90.49.160 port 48378 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29921]: Connection closed by invalid user admin 75.90.49.160 port 48626 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29911]: Connection closed by invalid user ubuntu 75.90.49.160 port 48604 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:57 honeypot-fra-1 sshd[29912]: Connection closed by invalid user rustserver 75.90.49.160 port 48384 [preauth]","@timestamp":"2022-09-10T12:22:58.013Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T12:26:21.029Z","@version":"1","message":"Sep 10 12:26:20 honeypot-sgp-1 kernel: [83688895.182846] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.152.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=12382 PROTO=TCP SPT=25316 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:30:21 honeypot-ams-1 kernel: [83689607.795731] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.214.234.16 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=107 ID=9767 DF PROTO=TCP SPT=58294 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:30:22.042Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:30:41 honeypot-fra-1 sshd[29952]: Received disconnect from 61.177.173.51 port 39565:11:  [preauth]","@timestamp":"2022-09-10T12:30:41.180Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T12:31:16.145Z","@version":"1","message":"Sep 10 12:31:15 honeypot-sgp-1 sshd[3075]: Disconnected from invalid user aiza 128.199.177.224 port 40452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:33:34 honeypot-fra-1 sshd[29956]: Disconnected from authenticating user root 61.177.172.124 port 11615 [preauth]","@timestamp":"2022-09-10T12:33:34.247Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:35:38 honeypot-ams-1 sshd[7375]: Received disconnect from 61.177.172.98 port 59838:11:  [preauth]","@timestamp":"2022-09-10T12:35:39.182Z"}
{"@timestamp":"2022-09-10T12:36:03.257Z","@version":"1","message":"Sep 10 12:36:03 honeypot-sgp-1 sshd[3080]: Disconnected from invalid user uwe 103.42.57.139 port 33712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T12:40:16.357Z","@version":"1","message":"Sep 10 12:40:16 honeypot-sgp-1 sshd[3102]: Received disconnect from 61.177.173.51 port 44867:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:41:04 honeypot-ams-1 kernel: [83690250.534278] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.92.32.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30430 PROTO=TCP SPT=53663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:41:04.326Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:42:59 honeypot-fra-1 sshd[29972]: Received disconnect from 61.177.172.108 port 64338:11:  [preauth]","@timestamp":"2022-09-10T12:42:59.465Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:46:02 honeypot-ams-1 kernel: [83690548.605731] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=5319 PROTO=TCP SPT=51591 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:46:02.454Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:49:35 honeypot-fra-1 kernel: [83688608.601481] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.220 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=61397 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:49:35.618Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:49:36 honeypot-ams-1 sshd[7393]: Invalid user kiran from 178.49.141.172 port 38998","@timestamp":"2022-09-10T12:49:36.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:51:19 honeypot-ams-1 sshd[7397]: Received disconnect from 61.177.173.51 port 42541:11:  [preauth]","@timestamp":"2022-09-10T12:51:19.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:54:50 honeypot-ams-1 sshd[7404]: Invalid user friends from 14.232.243.151 port 44862","@timestamp":"2022-09-10T12:54:50.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:59:09 honeypot-ams-1 sshd[7406]: Invalid user dennis from 187.72.70.33 port 58302","@timestamp":"2022-09-10T12:59:09.813Z"}
{"@timestamp":"2022-09-10T12:59:28.808Z","@version":"1","message":"Sep 10 12:59:28 honeypot-sgp-1 kernel: [83690883.037660] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=21438 PROTO=TCP SPT=42440 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:00:04 honeypot-fra-1 sshd[29984]: Received disconnect from 61.177.173.50 port 17278:11:  [preauth]","@timestamp":"2022-09-10T13:00:04.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:18 honeypot-fra-1 sshd[29987]: Disconnected from invalid user user 198.98.61.9 port 58556 [preauth]","@timestamp":"2022-09-10T13:01:18.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:36 honeypot-fra-1 sshd[29991]: Disconnected from invalid user user 198.98.61.9 port 53324 [preauth]","@timestamp":"2022-09-10T13:01:36.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:44 honeypot-fra-1 sshd[29995]: Disconnected from invalid user user 198.98.61.9 port 36570 [preauth]","@timestamp":"2022-09-10T13:01:44.902Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:02:00 honeypot-fra-1 sshd[29999]: Disconnected from invalid user user 198.98.61.9 port 59564 [preauth]","@timestamp":"2022-09-10T13:02:00.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:02:54 honeypot-fra-1 sshd[30003]: Disconnected from authenticating user root 61.177.173.48 port 11928 [preauth]","@timestamp":"2022-09-10T13:02:54.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:03:11 honeypot-ams-1 sshd[7413]: Invalid user hari from 101.36.108.12 port 43488","@timestamp":"2022-09-10T13:03:11.924Z"}
{"@timestamp":"2022-09-10T13:03:50.915Z","@version":"1","message":"Sep 10 13:03:50 honeypot-sgp-1 sshd[3114]: Disconnected from authenticating user root 92.255.85.69 port 19056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:06:19 honeypot-fra-1 sshd[30008]: Invalid user ba from 101.32.95.39 port 49694","@timestamp":"2022-09-10T13:06:20.012Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:06:44.008Z","@version":"1","message":"Sep 10 13:06:43 honeypot-sgp-1 sshd[3120]: Disconnected from 68.183.25.187 port 36114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:08:40 honeypot-ams-1 sshd[7420]: Invalid user watson from 51.83.44.100 port 36528","@timestamp":"2022-09-10T13:08:40.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:08:54 honeypot-fra-1 kernel: [83689767.947332] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56804 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:08:55.072Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:09:35 honeypot-fra-1 kernel: [83689808.910697] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=38501 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:09:36.095Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:11:06 honeypot-ams-1 sshd[7424]: Disconnected from authenticating user root 61.177.172.124 port 27907 [preauth]","@timestamp":"2022-09-10T13:11:07.135Z"}
{"@timestamp":"2022-09-10T13:12:31.148Z","@version":"1","message":"Sep 10 13:12:30 honeypot-sgp-1 kernel: [83691665.018229] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.133 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=58869 PROTO=TCP SPT=52771 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:16:00 honeypot-ams-1 sshd[7433]: Received disconnect from 61.177.173.36 port 32304:11:  [preauth]","@timestamp":"2022-09-10T13:16:00.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:17:01 honeypot-fra-1 CRON[30024]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T13:17:01.263Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:17:02.259Z","@version":"1","message":"Sep 10 13:17:01 honeypot-sgp-1 CRON[3134]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:22:59 honeypot-fra-1 sshd[30052]: Invalid user user from 45.61.186.249 port 58322","@timestamp":"2022-09-10T13:22:59.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:23:16 honeypot-fra-1 sshd[30056]: Invalid user user from 45.61.186.249 port 53176","@timestamp":"2022-09-10T13:23:16.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:23:34 honeypot-fra-1 sshd[30060]: Invalid user user from 45.61.186.249 port 48082","@timestamp":"2022-09-10T13:23:34.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:25:21 honeypot-fra-1 sshd[30064]: Invalid user ssw from 137.116.144.39 port 50918","@timestamp":"2022-09-10T13:25:22.454Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:26:47.491Z","@version":"1","message":"Sep 10 13:26:46 honeypot-sgp-1 sshd[3144]: Disconnected from authenticating user root 61.177.173.37 port 62886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:28:46 honeypot-ams-1 sshd[7447]: Received disconnect from 61.177.172.98 port 18229:11:  [preauth]","@timestamp":"2022-09-10T13:28:46.605Z"}
{"@timestamp":"2022-09-10T13:30:27.581Z","@version":"1","message":"Sep 10 13:30:26 honeypot-sgp-1 sshd[3148]: Received disconnect from 61.177.173.46 port 29140:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:31 honeypot-fra-1 sshd[30076]: Did not receive identification string from 183.146.30.220 port 44041","@timestamp":"2022-09-10T13:32:31.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30083]: Invalid user steam from 183.146.30.220 port 61757","@timestamp":"2022-09-10T13:32:33.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30107]: Invalid user elastic from 183.146.30.220 port 61703","@timestamp":"2022-09-10T13:32:33.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:32:32 honeypot-ams-1 sshd[7452]: Received disconnect from 92.255.85.69 port 38532:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:32:33.728Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30094]: Connection closed by authenticating user root 183.146.30.220 port 61758 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:34 honeypot-fra-1 sshd[30091]: Connection closed by invalid user test 183.146.30.220 port 61745 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:34 honeypot-fra-1 sshd[30100]: Connection closed by invalid user admin 183.146.30.220 port 61730 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:35 honeypot-fra-1 sshd[30103]: Invalid user ZXDSL from 183.146.30.220 port 61723","@timestamp":"2022-09-10T13:32:36.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:34:35 honeypot-fra-1 sshd[30129]: Invalid user kafka from 165.22.45.108 port 35506","@timestamp":"2022-09-10T13:34:36.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:39:41 honeypot-ams-1 sshd[7459]: Disconnected from authenticating user root 61.177.173.36 port 21950 [preauth]","@timestamp":"2022-09-10T13:39:41.917Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:39:44 honeypot-fra-1 sshd[30135]: Connection closed by authenticating user root 103.188.176.251 port 52226 [preauth]","@timestamp":"2022-09-10T13:39:44.870Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:43:46.902Z","@version":"1","message":"Sep 10 13:43:46 honeypot-sgp-1 sshd[3155]: Received disconnect from 61.177.172.98 port 24752:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:44:28 honeypot-fra-1 sshd[30139]: Disconnected from authenticating user root 137.184.197.218 port 39752 [preauth]","@timestamp":"2022-09-10T13:44:28.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:50:46.073Z","@version":"1","message":"Sep 10 13:50:45 honeypot-sgp-1 sshd[3159]: Disconnected from invalid user usuario 92.255.85.70 port 31732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:48 honeypot-fra-1 sshd[30147]: Received disconnect from 141.255.162.226 port 36070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:50:49.124Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:50 honeypot-fra-1 sshd[30151]: Received disconnect from 141.255.162.226 port 51494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:50:51.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:53 honeypot-fra-1 sshd[30155]: Received disconnect from 141.255.162.226 port 38700:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:50:54.127Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:53:17 honeypot-ams-1 sshd[7475]: Invalid user test from 193.106.191.157 port 36072","@timestamp":"2022-09-10T13:53:17.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:53:26 honeypot-fra-1 sshd[30161]: Invalid user usuario from 92.255.85.69 port 35210","@timestamp":"2022-09-10T13:53:27.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:55:56 honeypot-ams-1 sshd[7478]: Disconnected from invalid user usuario 92.255.85.69 port 33194 [preauth]","@timestamp":"2022-09-10T13:55:56.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:58:24 honeypot-fra-1 sshd[30166]: Invalid user harris from 159.203.81.114 port 57592","@timestamp":"2022-09-10T13:58:25.297Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:01:10.326Z","@version":"1","message":"Sep 10 14:01:09 honeypot-sgp-1 sshd[3168]: Received disconnect from 61.177.173.46 port 47241:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:01:24 honeypot-fra-1 sshd[30170]: Disconnected from authenticating user root 61.177.173.49 port 20894 [preauth]","@timestamp":"2022-09-10T14:01:25.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:03:29 honeypot-ams-1 sshd[7487]: Received disconnect from 61.177.173.35 port 62156:11:  [preauth]","@timestamp":"2022-09-10T14:03:30.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:06:06 honeypot-fra-1 sshd[30177]: Invalid user kailiang from 165.22.45.108 port 40280","@timestamp":"2022-09-10T14:06:07.477Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:07:16.482Z","@version":"1","message":"Sep 10 14:07:15 honeypot-sgp-1 sshd[3177]: Disconnected from authenticating user root 61.177.173.37 port 54245 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:07:28.488Z","@version":"1","message":"Sep 10 14:07:28 honeypot-sgp-1 sshd[3181]: Disconnected from invalid user user 45.61.186.249 port 33328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:07:47.499Z","@version":"1","message":"Sep 10 14:07:47 honeypot-sgp-1 sshd[3185]: Disconnected from invalid user user 45.61.186.249 port 56670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:08:03.507Z","@version":"1","message":"Sep 10 14:08:03 honeypot-sgp-1 sshd[3189]: Disconnected from invalid user user 45.61.186.249 port 51808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:09:27.543Z","@version":"1","message":"Sep 10 14:09:26 honeypot-sgp-1 sshd[3193]: Received disconnect from 91.240.118.222 port 50033:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:13:43 honeypot-fra-1 sshd[30184]: Received disconnect from 61.177.173.48 port 14604:11:  [preauth]","@timestamp":"2022-09-10T14:13:43.642Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:14:13.659Z","@version":"1","message":"Sep 10 14:14:13 honeypot-sgp-1 sshd[3200]: Received disconnect from 92.255.85.69 port 61010:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 14:16:06 honeypot-ams-1 kernel: [83695952.611362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=33032 PROTO=TCP SPT=19503 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:16:06.881Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:16:45 honeypot-fra-1 kernel: [83693838.962958] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.224.186.206 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=50401 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:16:46.713Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:18:09 honeypot-fra-1 kernel: [83693923.001368] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24560 PROTO=TCP SPT=56793 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:18:10.745Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T14:20:58.823Z","@version":"1","message":"Sep 10 14:20:58 honeypot-sgp-1 sshd[3207]: Disconnected from authenticating user root 61.177.173.50 port 46326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 14:21:37 honeypot-ams-1 kernel: [83696283.444193] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=147.135.1.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=45185 PROTO=TCP SPT=52118 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:21:38.037Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:26:54 honeypot-fra-1 sshd[30197]: Disconnected from invalid user angela 41.93.33.2 port 54300 [preauth]","@timestamp":"2022-09-10T14:26:54.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:28:32 honeypot-fra-1 sshd[30204]: Disconnected from invalid user jayden 167.99.184.212 port 58548 [preauth]","@timestamp":"2022-09-10T14:28:32.976Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:31:08 honeypot-ams-1 sshd[7514]: Received disconnect from 61.177.172.90 port 54750:11:  [preauth]","@timestamp":"2022-09-10T14:31:09.287Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:31:27 honeypot-fra-1 sshd[30210]: Received disconnect from 61.177.173.46 port 30905:11:  [preauth]","@timestamp":"2022-09-10T14:31:28.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:31:45 honeypot-fra-1 sshd[30214]: Received disconnect from 27.71.238.208 port 49688:11: Bye Bye [preauth]","@timestamp":"2022-09-10T14:31:46.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:35:18 honeypot-fra-1 sshd[30220]: Invalid user user from 45.61.186.49 port 56146","@timestamp":"2022-09-10T14:35:19.132Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:35:28 honeypot-fra-1 sshd[30224]: Invalid user user from 45.61.186.49 port 39540","@timestamp":"2022-09-10T14:35:29.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:37:04.234Z","@version":"1","message":"Sep 10 14:37:03 honeypot-sgp-1 sshd[3220]: Disconnected from authenticating user root 61.177.173.35 port 12827 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:37:42.254Z","@version":"1","message":"Sep 10 14:37:42 honeypot-sgp-1 sshd[3230]: Connection closed by authenticating user root 43.142.168.245 port 55958 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:37:46 honeypot-fra-1 sshd[30228]: Received disconnect from 165.22.45.108 port 45022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T14:37:47.190Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:37:52.259Z","@version":"1","message":"Sep 10 14:37:51 honeypot-sgp-1 sshd[3239]: Connection closed by authenticating user root 43.142.168.245 port 35076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:38:11.270Z","@version":"1","message":"Sep 10 14:38:10 honeypot-sgp-1 sshd[3248]: Connection closed by authenticating user root 43.142.168.245 port 47010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:38:36.282Z","@version":"1","message":"Sep 10 14:38:35 honeypot-sgp-1 sshd[3260]: Connection closed by authenticating user root 43.142.168.245 port 37590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:39:27.306Z","@version":"1","message":"Sep 10 14:39:26 honeypot-sgp-1 sshd[3272]: Connection closed by authenticating user root 43.142.168.245 port 41916 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:39:45.316Z","@version":"1","message":"Sep 10 14:39:45 honeypot-sgp-1 sshd[3284]: Connection closed by authenticating user root 43.142.168.245 port 58280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:40:28.338Z","@version":"1","message":"Sep 10 14:40:27 honeypot-sgp-1 sshd[3296]: Connection closed by authenticating user root 43.142.168.245 port 33742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:40:58 honeypot-ams-1 sshd[7521]: Disconnected from authenticating user root 61.177.172.19 port 64058 [preauth]","@timestamp":"2022-09-10T14:40:58.555Z"}
{"@timestamp":"2022-09-10T14:41:15.361Z","@version":"1","message":"Sep 10 14:41:14 honeypot-sgp-1 sshd[3311]: Connection closed by authenticating user root 43.142.168.245 port 37800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:41:26 honeypot-fra-1 sshd[30235]: Disconnected from authenticating user root 61.177.173.51 port 50835 [preauth]","@timestamp":"2022-09-10T14:41:27.269Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:41:37.373Z","@version":"1","message":"Sep 10 14:41:36 honeypot-sgp-1 sshd[3323]: Connection closed by authenticating user root 43.142.168.245 port 52188 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:42:06.389Z","@version":"1","message":"Sep 10 14:42:05 honeypot-sgp-1 sshd[3335]: Connection closed by authenticating user root 43.142.168.245 port 46504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:42:25.398Z","@version":"1","message":"Sep 10 14:42:24 honeypot-sgp-1 sshd[3347]: Connection closed by authenticating user root 43.142.168.245 port 32838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:42:50.410Z","@version":"1","message":"Sep 10 14:42:49 honeypot-sgp-1 sshd[3359]: Connection closed by authenticating user root 43.142.168.245 port 49560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:43:26.429Z","@version":"1","message":"Sep 10 14:43:25 honeypot-sgp-1 sshd[3371]: Connection closed by authenticating user root 43.142.168.245 port 43468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:03.447Z","@version":"1","message":"Sep 10 14:44:02 honeypot-sgp-1 sshd[3383]: Connection closed by authenticating user root 43.142.168.245 port 46208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:20.456Z","@version":"1","message":"Sep 10 14:44:19 honeypot-sgp-1 sshd[3391]: Invalid user user from 43.142.168.245 port 58216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:33.463Z","@version":"1","message":"Sep 10 14:44:32 honeypot-sgp-1 sshd[3397]: Invalid user user from 43.142.168.245 port 39946","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:41.468Z","@version":"1","message":"Sep 10 14:44:41 honeypot-sgp-1 sshd[3403]: Connection closed by invalid user user 43.142.168.245 port 46026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:50.473Z","@version":"1","message":"Sep 10 14:44:49 honeypot-sgp-1 sshd[3409]: Invalid user user from 43.142.168.245 port 50412","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:55.477Z","@version":"1","message":"Sep 10 14:44:54 honeypot-sgp-1 sshd[3415]: Invalid user user from 43.142.168.245 port 56144","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:13.486Z","@version":"1","message":"Sep 10 14:45:13 honeypot-sgp-1 sshd[3421]: Invalid user user from 43.142.168.245 port 38570","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:32.496Z","@version":"1","message":"Sep 10 14:45:32 honeypot-sgp-1 sshd[3427]: Invalid user user from 43.142.168.245 port 51438","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:49.504Z","@version":"1","message":"Sep 10 14:45:48 honeypot-sgp-1 sshd[3433]: Invalid user user from 43.142.168.245 port 60450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:59.510Z","@version":"1","message":"Sep 10 14:45:59 honeypot-sgp-1 sshd[3440]: Invalid user user from 43.142.168.245 port 44044","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:07.515Z","@version":"1","message":"Sep 10 14:46:07 honeypot-sgp-1 sshd[3446]: Invalid user user from 43.142.168.245 port 50348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:21.523Z","@version":"1","message":"Sep 10 14:46:20 honeypot-sgp-1 sshd[3452]: Invalid user user from 43.142.168.245 port 55992","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:36.530Z","@version":"1","message":"Sep 10 14:46:36 honeypot-sgp-1 sshd[3458]: Invalid user user from 43.142.168.245 port 42930","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:16.549Z","@version":"1","message":"Sep 10 14:47:16 honeypot-sgp-1 sshd[3464]: Invalid user user from 43.142.168.245 port 53704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:32.557Z","@version":"1","message":"Sep 10 14:47:31 honeypot-sgp-1 sshd[3470]: Invalid user user from 43.142.168.245 port 51528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:44.564Z","@version":"1","message":"Sep 10 14:47:44 honeypot-sgp-1 sshd[3478]: Received disconnect from 61.177.172.104 port 33921:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:52.569Z","@version":"1","message":"Sep 10 14:47:51 honeypot-sgp-1 sshd[3482]: Invalid user user from 43.142.168.245 port 36408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:48:13.580Z","@version":"1","message":"Sep 10 14:48:13 honeypot-sgp-1 sshd[3488]: Invalid user user from 43.142.168.245 port 47156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:48:29.589Z","@version":"1","message":"Sep 10 14:48:28 honeypot-sgp-1 sshd[3494]: Invalid user user from 43.142.168.245 port 32884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:48:30 honeypot-ams-1 sshd[7531]: Invalid user casillas from 78.37.125.18 port 37167","@timestamp":"2022-09-10T14:48:31.753Z"}
{"@timestamp":"2022-09-10T14:48:39.596Z","@version":"1","message":"Sep 10 14:48:39 honeypot-sgp-1 sshd[3500]: Invalid user user from 43.142.168.245 port 43464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:49:33.622Z","@version":"1","message":"Sep 10 14:49:32 honeypot-sgp-1 sshd[3506]: Invalid user user from 43.142.168.245 port 39466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:50:13.722Z","@version":"1","message":"Sep 10 14:50:13 honeypot-sgp-1 sshd[3512]: Invalid user user from 43.142.168.245 port 47516","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:50:36.734Z","@version":"1","message":"Sep 10 14:50:36 honeypot-sgp-1 sshd[3518]: Invalid user user from 43.142.168.245 port 38068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:51:04.747Z","@version":"1","message":"Sep 10 14:51:04 honeypot-sgp-1 sshd[3525]: Received disconnect from 61.177.173.46 port 37887:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:51:22.782Z","@version":"1","message":"Sep 10 14:51:22 honeypot-sgp-1 sshd[3531]: Invalid user user from 43.142.168.245 port 41014","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:51:26 honeypot-fra-1 sshd[30244]: Received disconnect from 61.177.173.53 port 25735:11:  [preauth]","@timestamp":"2022-09-10T14:51:26.487Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:52:06.803Z","@version":"1","message":"Sep 10 14:52:06 honeypot-sgp-1 sshd[3537]: Invalid user user from 43.142.168.245 port 35298","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:52:48 honeypot-ams-1 sshd[7538]: Disconnected from authenticating user root 61.177.173.49 port 60010 [preauth]","@timestamp":"2022-09-10T14:52:49.871Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 14:56:44 honeypot-ams-1 kernel: [83698390.346961] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.28 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49803 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:56:44.976Z"}
{"@timestamp":"2022-09-10T14:57:33.939Z","@version":"1","message":"Sep 10 14:57:33 honeypot-sgp-1 sshd[3542]: Invalid user teamspeak from 118.238.221.54 port 40614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:59:08 honeypot-fra-1 kernel: [83696381.756174] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=64736 PROTO=TCP SPT=18937 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:59:08.657Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T15:00:18.009Z","@version":"1","message":"Sep 10 15:00:17 honeypot-sgp-1 sshd[3546]: Received disconnect from 92.255.85.70 port 55194:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:03:09 honeypot-ams-1 sshd[7549]: Received disconnect from 61.177.173.47 port 53344:11:  [preauth]","@timestamp":"2022-09-10T15:03:10.149Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:04:20 honeypot-fra-1 sshd[30252]: Invalid user buster from 143.198.62.66 port 43878","@timestamp":"2022-09-10T15:04:20.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:05:53 honeypot-fra-1 sshd[30257]: Invalid user nicole from 185.149.120.61 port 51496","@timestamp":"2022-09-10T15:05:53.812Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:06:57.175Z","@version":"1","message":"Sep 10 15:06:57 honeypot-sgp-1 kernel: [83698531.361367] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=16347 PROTO=TCP SPT=42004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:09:03 honeypot-fra-1 sshd[30261]: Received disconnect from 165.22.45.108 port 49776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T15:09:04.885Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:10:52 honeypot-ams-1 sshd[7554]: Disconnected from invalid user chenyr 91.138.228.31 port 35636 [preauth]","@timestamp":"2022-09-10T15:10:52.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:12:13 honeypot-ams-1 sshd[7558]: Received disconnect from 61.93.186.125 port 33999:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:12:13.386Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 15:12:43 honeypot-ams-1 kernel: [83699349.676932] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.197.40.144 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=18598 DF PROTO=TCP SPT=54815 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:12:44.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:13:20 honeypot-fra-1 sshd[30339]: Disconnected from 68.183.25.156 port 56528 [preauth]","@timestamp":"2022-09-10T15:13:21.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:15:05.397Z","@version":"1","message":"Sep 10 15:15:04 honeypot-sgp-1 sshd[3559]: Received disconnect from 61.177.172.124 port 39116:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:16:14.428Z","@version":"1","message":"Sep 10 15:16:13 honeypot-sgp-1 sshd[3565]: Received disconnect from 157.245.9.6 port 50462:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:16:35 honeypot-ams-1 sshd[7569]: Disconnected from authenticating user root 123.142.3.137 port 43974 [preauth]","@timestamp":"2022-09-10T15:16:36.506Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:17:01 honeypot-fra-1 CRON[30347]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T15:17:02.064Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:17:02.449Z","@version":"1","message":"Sep 10 15:17:01 honeypot-sgp-1 CRON[3569]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:19:41.516Z","@version":"1","message":"Sep 10 15:19:40 honeypot-sgp-1 sshd[3576]: Disconnected from invalid user user 198.98.61.9 port 58682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:20:01.526Z","@version":"1","message":"Sep 10 15:20:01 honeypot-sgp-1 sshd[3582]: Disconnected from invalid user history 115.241.20.242 port 58162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:20:12.532Z","@version":"1","message":"Sep 10 15:20:11 honeypot-sgp-1 sshd[3584]: Disconnected from invalid user user 198.98.61.9 port 36856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:20:34 honeypot-fra-1 sshd[30353]: Invalid user test from 193.106.191.157 port 47906","@timestamp":"2022-09-10T15:20:34.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:20:35.543Z","@version":"1","message":"Sep 10 15:20:34 honeypot-sgp-1 sshd[3586]: Disconnected from invalid user user 198.98.61.9 port 48408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 15:23:33 honeypot-ams-1 kernel: [83699999.707964] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=1.15.85.44 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=23890 DF PROTO=TCP SPT=13204 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:23:33.696Z"}
{"@timestamp":"2022-09-10T15:24:20.634Z","@version":"1","message":"Sep 10 15:24:20 honeypot-sgp-1 kernel: [83699574.692548] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=2675 PROTO=TCP SPT=42976 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:25:39 honeypot-fra-1 kernel: [83697972.512808] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=17989 PROTO=TCP SPT=59644 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:25:40.258Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:27:33 honeypot-fra-1 sshd[30364]: Received disconnect from 92.255.85.69 port 61204:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:27:33.303Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:28:48.747Z","@version":"1","message":"Sep 10 15:28:47 honeypot-sgp-1 kernel: [83699842.222429] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.69.6 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=46040 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:28:58 honeypot-ams-1 sshd[7583]: Received disconnect from 92.255.85.69 port 54576:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:28:58.845Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:33:34 honeypot-fra-1 sshd[30369]: Disconnected from authenticating user root 61.177.173.50 port 29242 [preauth]","@timestamp":"2022-09-10T15:33:35.435Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 15:36:20 honeypot-ams-1 kernel: [83700766.378360] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=6674 PROTO=TCP SPT=5581 DPT=80 WINDOW=1687 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:36:21.042Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:36:48 honeypot-fra-1 sshd[30375]: Invalid user link from 94.180.57.15 port 38572","@timestamp":"2022-09-10T15:36:49.526Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:38:20 honeypot-fra-1 sshd[30379]: Received disconnect from 61.177.173.36 port 59738:11:  [preauth]","@timestamp":"2022-09-10T15:38:20.561Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:38:32.985Z","@version":"1","message":"Sep 10 15:38:32 honeypot-sgp-1 kernel: [83700427.106861] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.129.8.44 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=243 ID=10589 PROTO=TCP SPT=42306 DPT=3389 WINDOW=63443 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:40:38 honeypot-fra-1 sshd[30384]: Invalid user kangaroo from 165.22.45.108 port 54530","@timestamp":"2022-09-10T15:40:38.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:45:03 honeypot-ams-1 sshd[7672]: Disconnected from authenticating user root 61.177.173.49 port 18624 [preauth]","@timestamp":"2022-09-10T15:45:04.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:47:11 honeypot-fra-1 sshd[30389]: Received disconnect from 164.90.229.196 port 42054:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:47:11.775Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:50:40.276Z","@version":"1","message":"Sep 10 15:50:40 honeypot-sgp-1 sshd[3619]: Received disconnect from 61.177.172.90 port 28662:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:50:50 honeypot-fra-1 sshd[30396]: Disconnected from authenticating user root 92.255.85.70 port 16816 [preauth]","@timestamp":"2022-09-10T15:50:50.856Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:52:33.323Z","@version":"1","message":"Sep 10 15:52:32 honeypot-sgp-1 sshd[3622]: Disconnected from invalid user user 141.255.162.226 port 48124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:35.326Z","@version":"1","message":"Sep 10 15:52:34 honeypot-sgp-1 sshd[3626]: Disconnected from invalid user user 141.255.162.226 port 55684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:38.328Z","@version":"1","message":"Sep 10 15:52:37 honeypot-sgp-1 sshd[3630]: Disconnected from invalid user user 141.255.162.226 port 53682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:53:34 honeypot-ams-1 sshd[7682]: Received disconnect from 92.255.85.69 port 54420:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:53:35.499Z"}
{"@timestamp":"2022-09-10T15:54:32.377Z","@version":"1","message":"Sep 10 15:54:31 honeypot-sgp-1 sshd[3636]: Did not receive identification string from 173.244.210.34 port 35105","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:00:21 honeypot-ams-1 sshd[7693]: Received disconnect from 209.141.52.250 port 49084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T16:00:21.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:00:46 honeypot-fra-1 kernel: [83700079.582737] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=13905 PROTO=TCP SPT=59640 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:00:47.073Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T16:07:37.693Z","@version":"1","message":"Sep 10 16:07:37 honeypot-sgp-1 sshd[3641]: Invalid user user from 141.255.162.226 port 57388","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:41.695Z","@version":"1","message":"Sep 10 16:07:40 honeypot-sgp-1 sshd[3645]: Invalid user user from 141.255.162.226 port 36638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:43.696Z","@version":"1","message":"Sep 10 16:07:43 honeypot-sgp-1 sshd[3649]: Invalid user user from 141.255.162.226 port 51620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:07:44 honeypot-ams-1 kernel: [83702650.939359] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.187 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41411 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:07:44.882Z"}
{"@timestamp":"2022-09-10T16:12:02.802Z","@version":"1","message":"Sep 10 16:12:02 honeypot-sgp-1 kernel: [83702436.710645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=42282 PROTO=TCP SPT=45980 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:12:59 honeypot-fra-1 kernel: [83700812.211600] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.38.12.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51357 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:12:59.370Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T16:15:27.888Z","@version":"1","message":"Sep 10 16:15:27 honeypot-sgp-1 sshd[3659]: Received disconnect from 45.61.187.160 port 59038:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:15:48.899Z","@version":"1","message":"Sep 10 16:15:48 honeypot-sgp-1 sshd[3663]: Received disconnect from 45.61.187.160 port 53890:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:16:10.910Z","@version":"1","message":"Sep 10 16:16:10 honeypot-sgp-1 sshd[3667]: Received disconnect from 45.61.187.160 port 48752:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:16:37 honeypot-fra-1 kernel: [83701030.764562] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=46340 PROTO=TCP SPT=47202 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:16:38.458Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T16:16:41.925Z","@version":"1","message":"Sep 10 16:16:41 honeypot-sgp-1 kernel: [83702715.324599] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.207 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35040 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:17:01 honeypot-ams-1 CRON[7706]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T16:17:02.130Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:20:32 honeypot-ams-1 kernel: [83703418.326467] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=34693 PROTO=TCP SPT=41901 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:20:32.225Z"}
{"@timestamp":"2022-09-10T16:21:35.045Z","@version":"1","message":"Sep 10 16:21:34 honeypot-sgp-1 sshd[3675]: Disconnected from invalid user carlo 190.18.110.53 port 60416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30425]: Invalid user alex from 193.187.101.187 port 57100","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30429]: Invalid user ec2-user from 193.187.101.187 port 57150","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30424]: Connection closed by invalid user chia 193.187.101.187 port 57154 [preauth]","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30431]: Connection closed by invalid user devops 193.187.101.187 port 57122 [preauth]","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30425]: Connection closed by invalid user alex 193.187.101.187 port 57100 [preauth]","@timestamp":"2022-09-10T16:22:02.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:05 honeypot-fra-1 sshd[30422]: Invalid user ubuntu from 193.187.101.187 port 57108","@timestamp":"2022-09-10T16:22:05.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:26:14 honeypot-fra-1 kernel: [83701607.096014] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=39637 PROTO=TCP SPT=46508 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:26:14.681Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:28:21 honeypot-ams-1 kernel: [83703887.958128] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.37.190.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50547 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:28:22.437Z"}
{"@timestamp":"2022-09-10T16:29:59.247Z","@version":"1","message":"Sep 10 16:29:59 honeypot-sgp-1 sshd[3681]: Invalid user kenkou from 61.194.35.119 port 54706","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:30:44 honeypot-fra-1 kernel: [83701877.341320] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.209.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=14860 PROTO=TCP SPT=40755 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:30:44.784Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T16:32:39.314Z","@version":"1","message":"Sep 10 16:32:38 honeypot-sgp-1 kernel: [83703672.916681] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.37.190.250 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=36674 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:34:22 honeypot-ams-1 sshd[7736]: Invalid user mircea from 177.73.136.175 port 53362","@timestamp":"2022-09-10T16:34:23.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:36:59 honeypot-ams-1 sshd[7740]: Disconnected from 68.183.141.33 port 48934 [preauth]","@timestamp":"2022-09-10T16:36:59.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:37:53 honeypot-fra-1 sshd[30470]: Disconnected from authenticating user root 92.255.85.70 port 50644 [preauth]","@timestamp":"2022-09-10T16:37:53.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:43:34 honeypot-fra-1 sshd[30475]: Disconnected from invalid user kantor 165.22.45.108 port 35798 [preauth]","@timestamp":"2022-09-10T16:43:35.092Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:48:07.683Z","@version":"1","message":"Sep 10 16:48:07 honeypot-sgp-1 kernel: [83704601.754174] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.116.30.224 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=63886 PROTO=TCP SPT=48199 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:49:43 honeypot-ams-1 sshd[7749]: Invalid user sudip from 114.4.110.242 port 41470","@timestamp":"2022-09-10T16:49:44.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:58:14 honeypot-fra-1 sshd[30480]: Received disconnect from 164.92.87.79 port 38530:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:58:15.422Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:58:36.931Z","@version":"1","message":"Sep 10 16:58:36 honeypot-sgp-1 sshd[3692]: Disconnected from authenticating user root 92.255.85.69 port 55150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:58:42 honeypot-ams-1 kernel: [83705709.135495] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.83.66.200 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=59 ID=38785 DF PROTO=TCP SPT=13579 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:58:43.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:01:22 honeypot-fra-1 sshd[30484]: Disconnected from authenticating user root 92.255.85.70 port 46650 [preauth]","@timestamp":"2022-09-10T17:01:22.492Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:06:13 honeypot-ams-1 kernel: [83706160.018044] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=25783 PROTO=TCP SPT=61509 DPT=80 WINDOW=45325 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:06:14.469Z"}
{"@timestamp":"2022-09-10T17:09:02.197Z","@version":"1","message":"Sep 10 17:09:01 honeypot-sgp-1 CRON[3698]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:09:01 honeypot-ams-1 CRON[7763]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T17:09:02.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:10:39 honeypot-ams-1 sshd[7768]: Disconnected from invalid user gusztav 43.154.50.12 port 42356 [preauth]","@timestamp":"2022-09-10T17:10:39.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:11:42 honeypot-ams-1 sshd[7774]: Received disconnect from 91.240.118.222 port 23194:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-10T17:11:42.616Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:12:13 honeypot-fra-1 sshd[30491]: Disconnected from authenticating user root 51.195.91.241 port 41158 [preauth]","@timestamp":"2022-09-10T17:12:13.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:14:23 honeypot-fra-1 sshd[30496]: Disconnected from invalid user kathy 188.170.13.225 port 51918 [preauth]","@timestamp":"2022-09-10T17:14:23.813Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:14:48 honeypot-fra-1 sshd[30500]: Disconnected from invalid user kanwarpreet 165.22.45.108 port 40564 [preauth]","@timestamp":"2022-09-10T17:14:49.825Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:18:50.458Z","@version":"1","message":"Sep 10 17:18:49 honeypot-sgp-1 sshd[3705]: Received disconnect from 189.4.149.140 port 49258:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:21:24 honeypot-ams-1 sshd[7783]: Invalid user admin from 121.130.13.166 port 40498","@timestamp":"2022-09-10T17:21:24.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:24:26 honeypot-fra-1 sshd[30507]: Disconnected from authenticating user root 92.255.85.70 port 57108 [preauth]","@timestamp":"2022-09-10T17:24:27.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:25:07.610Z","@version":"1","message":"Sep 10 17:25:06 honeypot-sgp-1 sshd[3712]: Received disconnect from 134.209.210.254 port 53708:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:27:20 honeypot-ams-1 sshd[7788]: Disconnected from authenticating user root 92.255.85.69 port 26996 [preauth]","@timestamp":"2022-09-10T17:27:21.017Z"}
{"@timestamp":"2022-09-10T17:27:33.671Z","@version":"1","message":"Sep 10 17:27:33 honeypot-sgp-1 sshd[3718]: Invalid user user from 45.61.186.49 port 51260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:27:43.675Z","@version":"1","message":"Sep 10 17:27:42 honeypot-sgp-1 sshd[3722]: Invalid user user from 45.61.186.49 port 34330","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:33:30.818Z","@version":"1","message":"Sep 10 17:33:29 honeypot-sgp-1 sshd[3726]: Invalid user user from 45.61.184.204 port 43094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:33:50.829Z","@version":"1","message":"Sep 10 17:33:49 honeypot-sgp-1 sshd[3730]: Invalid user user from 45.61.184.204 port 38034","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:33:59.833Z","@version":"1","message":"Sep 10 17:33:59 honeypot-sgp-1 sshd[3732]: Disconnected from invalid user user 45.61.184.204 port 49618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:34:17.843Z","@version":"1","message":"Sep 10 17:34:17 honeypot-sgp-1 sshd[3736]: Disconnected from invalid user user 45.61.184.204 port 44564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:37:16 honeypot-fra-1 kernel: [83705869.083276] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=1.15.85.44 DST=165.22.82.222 LEN=40 TOS=0x08 PREC=0x00 TTL=45 ID=29940 DF PROTO=TCP SPT=43237 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:37:16.328Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T17:38:53.955Z","@version":"1","message":"Sep 10 17:38:53 honeypot-sgp-1 kernel: [83707647.251888] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=59850 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:38 honeypot-fra-1 sshd[30515]: Received disconnect from 141.255.162.226 port 33206:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T17:40:38.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:39 honeypot-fra-1 sshd[30519]: Received disconnect from 141.255.162.226 port 46682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T17:40:40.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:43 honeypot-fra-1 sshd[30523]: Received disconnect from 141.255.162.226 port 34504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T17:40:44.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:41:36 honeypot-fra-1 kernel: [83706129.435048] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37779 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:41:37.434Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:46:52 honeypot-ams-1 sshd[7795]: Invalid user User from 181.210.22.182 port 39131","@timestamp":"2022-09-10T17:46:52.534Z"}
{"@timestamp":"2022-09-10T17:47:30.156Z","@version":"1","message":"Sep 10 17:47:29 honeypot-sgp-1 sshd[3747]: Connection closed by invalid user User 59.120.23.124 port 38526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:48:17 honeypot-fra-1 sshd[30530]: Disconnected from authenticating user root 92.255.85.70 port 62400 [preauth]","@timestamp":"2022-09-10T17:48:18.585Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:52:42.282Z","@version":"1","message":"Sep 10 17:52:41 honeypot-sgp-1 sshd[3753]: Invalid user lukas from 139.255.245.86 port 55466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:55:36.349Z","@version":"1","message":"Sep 10 17:55:35 honeypot-sgp-1 sshd[3757]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:13 honeypot-ams-1 sshd[7803]: Did not receive identification string from 141.255.162.226 port 50482","@timestamp":"2022-09-10T18:01:13.907Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:36 honeypot-ams-1 sshd[7806]: Disconnected from invalid user user 141.255.162.226 port 46362 [preauth]","@timestamp":"2022-09-10T18:01:36.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:36 honeypot-ams-1 sshd[7810]: Disconnected from invalid user user 141.255.162.226 port 41214 [preauth]","@timestamp":"2022-09-10T18:01:36.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:40 honeypot-ams-1 sshd[7814]: Disconnected from invalid user user 141.255.162.226 port 56604 [preauth]","@timestamp":"2022-09-10T18:01:40.921Z"}
{"@timestamp":"2022-09-10T18:01:49.497Z","@version":"1","message":"Sep 10 18:01:49 honeypot-sgp-1 sshd[3761]: Invalid user sheba from 45.230.167.36 port 33442","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:04:36 honeypot-ams-1 kernel: [83709662.905226] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55834 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:04:36.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:06:12 honeypot-fra-1 kernel: [83707604.867879] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.237.145.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9773 PROTO=TCP SPT=53163 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:06:12.982Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T18:07:48.658Z","@version":"1","message":"Sep 10 18:07:48 honeypot-sgp-1 kernel: [83709382.512903] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=53777 DF PROTO=TCP SPT=58748 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T18:12:56.782Z","@version":"1","message":"Sep 10 18:12:56 honeypot-sgp-1 kernel: [83709690.419629] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=134.122.120.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=39222 PROTO=TCP SPT=53282 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:13:13 honeypot-fra-1 kernel: [83708025.861083] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49418 PROTO=TCP SPT=41868 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:13:14.140Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:16:09 honeypot-ams-1 sshd[7825]: Invalid user test from 193.106.191.157 port 55658","@timestamp":"2022-09-10T18:16:10.288Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:18:03 honeypot-fra-1 sshd[30543]: Disconnected from invalid user kanwarpreet 165.22.45.108 port 50108 [preauth]","@timestamp":"2022-09-10T18:18:04.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:08 honeypot-fra-1 sshd[30548]: Received disconnect from 141.255.162.226 port 48910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:19:08.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:13 honeypot-fra-1 sshd[30552]: Received disconnect from 141.255.162.226 port 42086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:19:14.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:14 honeypot-fra-1 sshd[30556]: Received disconnect from 141.255.162.226 port 49226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:19:15.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:22:22 honeypot-fra-1 sshd[30560]: Disconnected from authenticating user root 13.67.201.190 port 59362 [preauth]","@timestamp":"2022-09-10T18:22:23.349Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:23:51 honeypot-ams-1 kernel: [83710817.184587] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.108 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=29340 PROTO=TCP SPT=52963 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:23:51.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:24:54 honeypot-fra-1 sshd[30566]: Received disconnect from 45.61.186.249 port 34844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:24:55.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:13 honeypot-fra-1 sshd[30570]: Received disconnect from 45.61.186.249 port 57626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:25:14.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:22 honeypot-fra-1 sshd[30574]: Received disconnect from 45.61.186.249 port 40816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:25:23.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:32 honeypot-fra-1 sshd[30578]: Received disconnect from 45.61.186.249 port 52202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:25:32.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:49 honeypot-fra-1 sshd[30583]: Received disconnect from 45.61.186.249 port 46780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:25:50.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:32:20 honeypot-fra-1 sshd[30589]: Invalid user admin from 141.98.10.158 port 32768","@timestamp":"2022-09-10T18:32:21.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:35:59 honeypot-fra-1 sshd[30594]: Received disconnect from 92.255.85.69 port 42402:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:36:00.666Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:37:54.385Z","@version":"1","message":"Sep 10 18:37:54 honeypot-sgp-1 sshd[3778]: Did not receive identification string from 209.236.66.52 port 34912","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:43:25 honeypot-ams-1 sshd[7843]: Invalid user easyits from 103.188.176.251 port 56638","@timestamp":"2022-09-10T18:43:25.999Z"}
{"@timestamp":"2022-09-10T18:46:45.592Z","@version":"1","message":"Sep 10 18:46:45 honeypot-sgp-1 sshd[3783]: Received disconnect from 164.92.142.65 port 58416:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:47:52 honeypot-fra-1 sshd[30599]: Connection closed by invalid user easyits 103.188.176.251 port 41104 [preauth]","@timestamp":"2022-09-10T18:47:52.933Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:51:12 honeypot-fra-1 sshd[30603]: Invalid user User from 81.184.234.222 port 45192","@timestamp":"2022-09-10T18:51:13.011Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:52:35 honeypot-ams-1 kernel: [83712542.058489] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.113.188.160 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=112 ID=157 DF PROTO=TCP SPT=49663 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:52:36.235Z"}
{"@timestamp":"2022-09-10T18:53:52.759Z","@version":"1","message":"Sep 10 18:53:52 honeypot-sgp-1 sshd[3788]: Received disconnect from 149.7.217.27 port 50158:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:58:34 honeypot-ams-1 sshd[7853]: Disconnected from invalid user kati 97.74.92.195 port 55542 [preauth]","@timestamp":"2022-09-10T18:58:35.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:58:38 honeypot-fra-1 sshd[30608]: Received disconnect from 92.255.85.69 port 49254:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:58:39.178Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:01:49 honeypot-ams-1 sshd[7858]: Received disconnect from 83.221.180.202 port 33642:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:01:50.476Z"}
{"@timestamp":"2022-09-10T19:03:00.970Z","@version":"1","message":"Sep 10 19:03:00 honeypot-sgp-1 sshd[3793]: Received disconnect from 159.65.136.44 port 38122:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:07:06 honeypot-ams-1 kernel: [83713412.686355] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.91.47.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=35896 PROTO=TCP SPT=64366 DPT=80 WINDOW=48622 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:07:06.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:09:37 honeypot-ams-1 sshd[7868]: Invalid user admin from 80.76.51.189 port 33672","@timestamp":"2022-09-10T19:09:37.700Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:10:02 honeypot-fra-1 kernel: [83711435.201380] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56960 PROTO=TCP SPT=45748 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:10:03.450Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T19:10:29.144Z","@version":"1","message":"Sep 10 19:10:28 honeypot-sgp-1 sshd[3798]: Did not receive identification string from 94.156.175.57 port 33095","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3809]: Invalid user mcsv from 94.156.175.57 port 34824","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3810]: Invalid user oracle from 94.156.175.57 port 34865","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3811]: Invalid user ec2 from 94.156.175.57 port 34906","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3825]: Invalid user testuser from 94.156.175.57 port 34911","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3808]: Connection closed by invalid user mcserver 94.156.175.57 port 34836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3802]: Connection closed by invalid user minecraft 94.156.175.57 port 34850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3817]: Connection closed by invalid user guest 94.156.175.57 port 34846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3822]: Connection closed by invalid user admin 94.156.175.57 port 34895 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3818]: Connection closed by invalid user ubuntu 94.156.175.57 port 34817 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:10:41 honeypot-ams-1 sshd[7872]: Invalid user admin from 80.76.51.189 port 55318","@timestamp":"2022-09-10T19:10:41.730Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:13:59 honeypot-ams-1 kernel: [83713825.477077] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.117.192.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=49042 PROTO=TCP SPT=56431 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:13:59.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:17:46 honeypot-fra-1 sshd[30618]: Invalid user sharon from 67.205.174.220 port 45420","@timestamp":"2022-09-10T19:17:46.627Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:19:27.352Z","@version":"1","message":"Sep 10 19:19:26 honeypot-sgp-1 sshd[3861]: Invalid user usuario from 92.255.85.69 port 61988","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:21:03 honeypot-fra-1 sshd[30621]: Received disconnect from 165.22.45.108 port 59642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:21:04.702Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:21:20 honeypot-ams-1 kernel: [83714266.823045] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.34.56.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37545 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:21:21.010Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:22:12 honeypot-fra-1 sshd[30625]: Disconnected from authenticating user root 41.93.33.2 port 46314 [preauth]","@timestamp":"2022-09-10T19:22:13.729Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:25:20 honeypot-ams-1 sshd[7888]: Invalid user usuario from 92.255.85.70 port 51818","@timestamp":"2022-09-10T19:25:21.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:26:39 honeypot-ams-1 sshd[7891]: Disconnected from invalid user user 45.61.184.204 port 54244 [preauth]","@timestamp":"2022-09-10T19:26:40.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:01 honeypot-ams-1 sshd[7897]: Received disconnect from 45.61.184.204 port 49360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:02.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:10 honeypot-ams-1 sshd[7901]: Received disconnect from 45.61.184.204 port 32798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:11.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:19 honeypot-ams-1 sshd[7905]: Received disconnect from 45.61.184.204 port 44480:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:20.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:28 honeypot-ams-1 sshd[7909]: Received disconnect from 45.61.184.204 port 56196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:29.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:37 honeypot-ams-1 sshd[7913]: Received disconnect from 45.61.184.204 port 39592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:37.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:49 honeypot-ams-1 sshd[7917]: Received disconnect from 45.61.186.169 port 46502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:50.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:30:25 honeypot-ams-1 sshd[7922]: Connection closed by invalid user ssw 137.116.144.39 port 49954 [preauth]","@timestamp":"2022-09-10T19:30:25.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:32:47 honeypot-fra-1 sshd[30631]: Connection reset by 198.235.24.45 port 59393 [preauth]","@timestamp":"2022-09-10T19:32:47.966Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:36:21.734Z","@version":"1","message":"Sep 10 19:36:20 honeypot-sgp-1 kernel: [83714694.828874] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=57958 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:43:20 honeypot-ams-1 kernel: [83715586.489141] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=23337 PROTO=TCP SPT=56793 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:43:20.599Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:43:46 honeypot-fra-1 sshd[30639]: Connection closed by invalid user test 193.106.191.157 port 38356 [preauth]","@timestamp":"2022-09-10T19:43:47.213Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:49:05 honeypot-ams-1 kernel: [83715931.143671] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.67.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=33973 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:49:05.752Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:52:21 honeypot-fra-1 sshd[30645]: Received disconnect from 165.22.45.108 port 36152:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:52:22.404Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:55:23.179Z","@version":"1","message":"Sep 10 19:55:22 honeypot-sgp-1 kernel: [83715836.788934] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=34079 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:59:02 honeypot-fra-1 sshd[30654]: ssh_dispatch_run_fatal: Connection from 88.88.97.30 port 33835: Connection corrupted [preauth]","@timestamp":"2022-09-10T19:59:03.553Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:04:33 honeypot-ams-1 sshd[7951]: Invalid user User from 113.160.198.128 port 29302","@timestamp":"2022-09-10T20:04:34.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:17 honeypot-fra-1 sshd[30661]: Received disconnect from 45.61.187.160 port 46262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T20:05:17.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:37 honeypot-fra-1 sshd[30665]: Received disconnect from 45.61.187.160 port 40980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T20:05:38.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:55 honeypot-fra-1 sshd[30669]: Received disconnect from 45.61.187.160 port 35696:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T20:05:55.714Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:06:13.437Z","@version":"1","message":"Sep 10 20:06:13 honeypot-sgp-1 sshd[3877]: Disconnected from invalid user usuario 92.255.85.70 port 43424 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:08:49 honeypot-fra-1 sshd[30673]: Invalid user usuario from 92.255.85.70 port 50562","@timestamp":"2022-09-10T20:08:49.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:11:22 honeypot-ams-1 sshd[7955]: Disconnected from invalid user usuario 92.255.85.70 port 33578 [preauth]","@timestamp":"2022-09-10T20:11:22.326Z"}
{"@timestamp":"2022-09-10T20:13:58.622Z","@version":"1","message":"Sep 10 20:13:58 honeypot-sgp-1 kernel: [83716952.161041] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.38 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=59746 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:16:04.675Z","@version":"1","message":"Sep 10 20:16:04 honeypot-sgp-1 sshd[3890]: Received disconnect from 36.93.7.178 port 34106:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:16:23 honeypot-ams-1 sshd[7961]: Received disconnect from 183.81.32.198 port 34276:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:16:23.481Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:21:33 honeypot-fra-1 kernel: [83715725.984291] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.180 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=54439 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:21:34.059Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:21:37.809Z","@version":"1","message":"Sep 10 20:21:37 honeypot-sgp-1 kernel: [83717411.587352] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.124.145 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54947 PROTO=TCP SPT=28553 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:21:54 honeypot-ams-1 kernel: [83717900.609425] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.108.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=32761 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:21:54.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:23:33 honeypot-fra-1 sshd[30682]: Disconnected from invalid user kanwarpreet 165.22.45.108 port 42314 [preauth]","@timestamp":"2022-09-10T20:23:33.103Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:27:52 honeypot-ams-1 sshd[7972]: Connection closed by invalid user test 193.106.191.157 port 51250 [preauth]","@timestamp":"2022-09-10T20:27:52.781Z"}
{"@timestamp":"2022-09-10T20:29:01.010Z","@version":"1","message":"Sep 10 20:29:00 honeypot-sgp-1 sshd[3899]: Invalid user brianmac from 210.196.250.246 port 54068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:30:26 honeypot-fra-1 kernel: [83716258.739455] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.190.113.89 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=4427 DF PROTO=TCP SPT=19976 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:30:27.271Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:30:29.046Z","@version":"1","message":"Sep 10 20:30:28 honeypot-sgp-1 kernel: [83717942.103775] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55164 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:36:28 honeypot-ams-1 kernel: [83718774.324364] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=39431 PROTO=TCP SPT=41901 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:36:29.001Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:40:33 honeypot-fra-1 sshd[30697]: Invalid user admin from 178.62.99.217 port 39490","@timestamp":"2022-09-10T20:40:33.493Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:40:58.302Z","@version":"1","message":"Sep 10 20:40:58 honeypot-sgp-1 sshd[3906]: Invalid user photo from 1.224.37.98 port 49376","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:42:49.347Z","@version":"1","message":"Sep 10 20:42:48 honeypot-sgp-1 kernel: [83718682.774418] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=50311 PROTO=TCP SPT=57821 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:42:52 honeypot-ams-1 kernel: [83719158.395710] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47671 PROTO=TCP SPT=45116 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:42:53.166Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:43:01 honeypot-fra-1 sshd[30703]: Received disconnect from 51.79.250.95 port 56792:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:43:02.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:44:33 honeypot-fra-1 sshd[30707]: Disconnected from authenticating user root 94.75.123.43 port 46020 [preauth]","@timestamp":"2022-09-10T20:44:33.589Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:44:53.401Z","@version":"1","message":"Sep 10 20:44:52 honeypot-sgp-1 sshd[3915]: Invalid user user from 45.61.186.249 port 60522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:13.411Z","@version":"1","message":"Sep 10 20:45:13 honeypot-sgp-1 sshd[3919]: Invalid user user from 45.61.186.249 port 55682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:31.419Z","@version":"1","message":"Sep 10 20:45:30 honeypot-sgp-1 sshd[3923]: Invalid user user from 45.61.186.249 port 50850","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:50.427Z","@version":"1","message":"Sep 10 20:45:49 honeypot-sgp-1 sshd[3927]: Invalid user user from 45.61.186.249 port 46008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:52:38 honeypot-ams-1 kernel: [83719744.329574] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.97.124.227 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=30232 PROTO=TCP SPT=14954 DPT=80 WINDOW=19730 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:52:38.412Z"}
{"@timestamp":"2022-09-10T20:52:51.594Z","@version":"1","message":"Sep 10 20:52:51 honeypot-sgp-1 sshd[3930]: Invalid user usuario from 92.255.85.69 port 58858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:53:01 honeypot-fra-1 kernel: [83717614.143902] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.200 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53234 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:53:02.799Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:54:59.673Z","@version":"1","message":"Sep 10 20:54:59 honeypot-sgp-1 kernel: [83719412.997053] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12097 DF PROTO=TCP SPT=33796 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:56:08 honeypot-fra-1 sshd[30716]: Disconnected from invalid user usuario 92.255.85.70 port 60034 [preauth]","@timestamp":"2022-09-10T20:56:08.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:58:11 honeypot-ams-1 sshd[7991]: Disconnected from invalid user usuario 92.255.85.70 port 31346 [preauth]","@timestamp":"2022-09-10T20:58:11.558Z"}
{"@timestamp":"2022-09-10T20:58:55.765Z","@version":"1","message":"Sep 10 20:58:55 honeypot-sgp-1 sshd[3933]: Received disconnect from 23.224.98.194 port 33056:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:59:31 honeypot-ams-1 sshd[7995]: Disconnected from authenticating user root 128.199.251.65 port 39142 [preauth]","@timestamp":"2022-09-10T20:59:31.595Z"}
{"@timestamp":"2022-09-10T21:05:21.929Z","@version":"1","message":"Sep 10 21:05:20 honeypot-sgp-1 kernel: [83720034.814274] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=21080 PROTO=TCP SPT=43603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:05:58 honeypot-fra-1 kernel: [83718390.485623] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=38133 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:05:59.120Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:08:55 honeypot-fra-1 sshd[30729]: Invalid user user from 45.61.186.49 port 43230","@timestamp":"2022-09-10T21:08:56.192Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:08:56 honeypot-ams-1 kernel: [83720722.446863] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.45.100.120 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=13815 PROTO=TCP SPT=26251 DPT=80 WINDOW=42323 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:08:56.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:09:07 honeypot-fra-1 sshd[30733]: Invalid user user from 45.61.186.49 port 55042","@timestamp":"2022-09-10T21:09:08.198Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:10:05 honeypot-fra-1 sshd[30728]: Did not receive identification string from 177.86.158.78 port 47166","@timestamp":"2022-09-10T21:10:06.222Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:10:36.050Z","@version":"1","message":"Sep 10 21:10:35 honeypot-sgp-1 kernel: [83720349.418296] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9614 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:13:28 honeypot-ams-1 sshd[8002]: Disconnected from invalid user raymond 139.59.26.69 port 43144 [preauth]","@timestamp":"2022-09-10T21:13:29.962Z"}
{"@timestamp":"2022-09-10T21:14:07.131Z","@version":"1","message":"Sep 10 21:14:06 honeypot-sgp-1 sshd[3947]: Received disconnect from 45.61.186.49 port 44870:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T21:14:16.136Z","@version":"1","message":"Sep 10 21:14:15 honeypot-sgp-1 sshd[3951]: Received disconnect from 45.61.186.49 port 56454:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:40 honeypot-fra-1 sshd[30743]: Invalid user user from 45.61.184.204 port 38530","@timestamp":"2022-09-10T21:14:41.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:59 honeypot-fra-1 sshd[30747]: Invalid user user from 45.61.184.204 port 33326","@timestamp":"2022-09-10T21:15:00.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:15:17 honeypot-fra-1 sshd[30751]: Invalid user user from 45.61.184.204 port 56402","@timestamp":"2022-09-10T21:15:17.346Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:16:50.196Z","@version":"1","message":"Sep 10 21:16:49 honeypot-sgp-1 sshd[3957]: Disconnected from invalid user test 92.255.85.70 port 63586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:17:01 honeypot-ams-1 CRON[8007]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T21:17:02.055Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:17:01 honeypot-fra-1 CRON[30755]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T21:17:02.385Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:18:30 honeypot-ams-1 sshd[8013]: Received disconnect from 159.89.230.196 port 50408:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:18:31.095Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:20:14 honeypot-fra-1 sshd[30761]: Disconnected from invalid user test 92.255.85.69 port 45166 [preauth]","@timestamp":"2022-09-10T21:20:15.457Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:21:32 honeypot-ams-1 sshd[8017]: Disconnected from invalid user test 92.255.85.70 port 52496 [preauth]","@timestamp":"2022-09-10T21:21:33.172Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:26:27 honeypot-fra-1 sshd[30768]: Invalid user kanwarpreet from 165.22.45.108 port 52242","@timestamp":"2022-09-10T21:26:27.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:27:57 honeypot-ams-1 sshd[8025]: Connection closed by 178.79.177.104 port 41684 [preauth]","@timestamp":"2022-09-10T21:27:58.339Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:30:32 honeypot-ams-1 kernel: [83722018.682823] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=40150 PROTO=TCP SPT=41901 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:30:33.410Z"}
{"@timestamp":"2022-09-10T21:33:00.581Z","@version":"1","message":"Sep 10 21:33:00 honeypot-sgp-1 sshd[3964]: Disconnected from invalid user db 118.200.42.47 port 55710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T21:36:20.659Z","@version":"1","message":"Sep 10 21:36:20 honeypot-sgp-1 kernel: [83721894.349789] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17873 PROTO=TCP SPT=45598 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:36:55 honeypot-ams-1 sshd[8040]: Received disconnect from 161.82.233.179 port 41730:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:36:55.595Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:38:02 honeypot-fra-1 sshd[30776]: Received disconnect from 200.108.143.6 port 40032:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:38:02.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:41:53 honeypot-fra-1 kernel: [83720545.607967] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64318 PROTO=TCP SPT=45598 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:41:53.941Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T21:42:13.792Z","@version":"1","message":"Sep 10 21:42:12 honeypot-sgp-1 sshd[3977]: Connection closed by invalid user nvidia 103.188.176.251 port 40872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:42:20 honeypot-ams-1 kernel: [83722726.341308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.251.9.97 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=8613 PROTO=TCP SPT=43845 DPT=80 WINDOW=59917 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:42:20.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:50:53 honeypot-fra-1 kernel: [83721086.129964] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.95.48.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=34411 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:50:54.142Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T21:50:56.999Z","@version":"1","message":"Sep 10 21:50:56 honeypot-sgp-1 sshd[3985]: Invalid user qs from 198.12.85.154 port 48924","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:52:01 honeypot-ams-1 sshd[8048]: Received disconnect from 84.201.164.50 port 57414:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:52:01.985Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:55:48 honeypot-fra-1 kernel: [83721380.973511] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=64737 PROTO=TCP SPT=35060 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:55:49.258Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:57:56 honeypot-ams-1 kernel: [83723662.885556] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=48797 PROTO=TCP SPT=22486 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:57:57.139Z"}
{"@timestamp":"2022-09-10T21:59:22.203Z","@version":"1","message":"Sep 10 21:59:21 honeypot-sgp-1 kernel: [83723275.455191] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.198.90.175 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=46659 PROTO=TCP SPT=45713 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:00:29 honeypot-ams-1 sshd[8055]: Did not receive identification string from 109.205.213.23 port 49590","@timestamp":"2022-09-10T22:00:30.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:01:30 honeypot-ams-1 sshd[8060]: Disconnected from authenticating user root 109.205.213.23 port 60536 [preauth]","@timestamp":"2022-09-10T22:01:31.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:03:29 honeypot-ams-1 sshd[8067]: Received disconnect from 109.205.213.23 port 44976:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:03:30.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:04:42 honeypot-ams-1 sshd[8073]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-10T22:04:43.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:05:47 honeypot-ams-1 sshd[8078]: Received disconnect from 109.205.213.23 port 53758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:05:47.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:09:55 honeypot-ams-1 sshd[8085]: Received disconnect from 134.122.8.241 port 59852:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:09:55.460Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:11:46 honeypot-fra-1 kernel: [83722338.955097] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=4722 PROTO=TCP SPT=39268 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:11:47.615Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T22:13:55.562Z","@version":"1","message":"Sep 10 22:13:54 honeypot-sgp-1 kernel: [83724148.595538] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.116.52.177 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=12089 DF PROTO=TCP SPT=52827 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:14:05 honeypot-ams-1 sshd[8089]: Disconnected from invalid user admin 79.127.36.98 port 51134 [preauth]","@timestamp":"2022-09-10T22:14:06.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:20:52 honeypot-ams-1 sshd[8097]: Received disconnect from 178.46.163.191 port 44682:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:20:52.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:22:29 honeypot-fra-1 sshd[30876]: Disconnected from invalid user db 165.232.172.31 port 47416 [preauth]","@timestamp":"2022-09-10T22:22:29.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:23:37 honeypot-ams-1 sshd[8105]: Disconnected from authenticating user root 61.177.172.114 port 27018 [preauth]","@timestamp":"2022-09-10T22:23:37.811Z"}
{"@timestamp":"2022-09-10T22:24:01.045Z","@version":"1","message":"Sep 10 22:24:00 honeypot-sgp-1 sshd[4004]: Invalid user user from 45.61.187.160 port 35596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:13.051Z","@version":"1","message":"Sep 10 22:24:12 honeypot-sgp-1 sshd[4009]: Invalid user user from 45.61.187.160 port 47022","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:23.056Z","@version":"1","message":"Sep 10 22:24:22 honeypot-sgp-1 sshd[4015]: Invalid user user from 45.61.187.160 port 58466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:32.060Z","@version":"1","message":"Sep 10 22:24:32 honeypot-sgp-1 sshd[4019]: Invalid user user from 45.61.187.160 port 41694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:39.064Z","@version":"1","message":"Sep 10 22:24:38 honeypot-sgp-1 sshd[4023]: Received disconnect from 51.77.185.70 port 54402:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:39 honeypot-ams-1 sshd[8110]: Received disconnect from 45.61.186.169 port 53820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:24:39.843Z"}
{"@timestamp":"2022-09-10T22:24:45.067Z","@version":"1","message":"Sep 10 22:24:44 honeypot-sgp-1 sshd[4025]: Disconnecting invalid user  31.184.198.71 port 17077: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:57.073Z","@version":"1","message":"Sep 10 22:24:56 honeypot-sgp-1 sshd[4033]: Invalid user aerohive from 31.184.198.71 port 10640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:57 honeypot-ams-1 sshd[8114]: Received disconnect from 45.61.186.169 port 48902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:24:57.852Z"}
{"@timestamp":"2022-09-10T22:25:04.076Z","@version":"1","message":"Sep 10 22:25:03 honeypot-sgp-1 sshd[4037]: Disconnecting invalid user admin 31.184.198.71 port 6723: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:25:14 honeypot-ams-1 sshd[8118]: Received disconnect from 45.61.186.169 port 43934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:25:14.861Z"}
{"@timestamp":"2022-09-10T22:25:28.087Z","@version":"1","message":"Sep 10 22:25:27 honeypot-sgp-1 sshd[4045]: Invalid user 1234 from 31.184.198.71 port 33823","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:25:47.096Z","@version":"1","message":"Sep 10 22:25:46 honeypot-sgp-1 sshd[4051]: Invalid user  from 31.184.198.71 port 45903","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:04.104Z","@version":"1","message":"Sep 10 22:26:04 honeypot-sgp-1 sshd[4057]: Disconnecting invalid user Admin 31.184.198.71 port 30231: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:24.114Z","@version":"1","message":"Sep 10 22:26:23 honeypot-sgp-1 sshd[4063]: Disconnecting invalid user guest 31.184.198.71 port 51695: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:47.125Z","@version":"1","message":"Sep 10 22:26:46 honeypot-sgp-1 sshd[4069]: Disconnecting invalid user  31.184.198.71 port 46158: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:59.132Z","@version":"1","message":"Sep 10 22:26:58 honeypot-sgp-1 sshd[4075]: Disconnecting invalid user cisco 31.184.198.71 port 13216: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:28.145Z","@version":"1","message":"Sep 10 22:27:27 honeypot-sgp-1 sshd[4083]: Invalid user Administrator from 31.184.198.71 port 44939","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:45.153Z","@version":"1","message":"Sep 10 22:27:44 honeypot-sgp-1 kernel: [83724978.098538] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55856 PROTO=TCP SPT=48466 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:27:55 honeypot-ams-1 sshd[8123]: Disconnected from authenticating user root 61.177.173.35 port 12397 [preauth]","@timestamp":"2022-09-10T22:27:55.929Z"}
{"@timestamp":"2022-09-10T22:28:03.162Z","@version":"1","message":"Sep 10 22:28:02 honeypot-sgp-1 sshd[4096]: Disconnected from authenticating user root 188.166.184.30 port 37774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:21.172Z","@version":"1","message":"Sep 10 22:28:20 honeypot-sgp-1 sshd[4100]: Disconnecting invalid user  31.184.198.71 port 41137: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:48.184Z","@version":"1","message":"Sep 10 22:28:47 honeypot-sgp-1 sshd[4108]: Invalid user c1@r0 from 31.184.198.71 port 56717","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:10.195Z","@version":"1","message":"Sep 10 22:29:09 honeypot-sgp-1 sshd[4114]: Invalid user superonline from 31.184.198.71 port 36425","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:34.206Z","@version":"1","message":"Sep 10 22:29:33 honeypot-sgp-1 sshd[4120]: Invalid user Admin from 31.184.198.71 port 39578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:29:43 honeypot-fra-1 sshd[30881]: Disconnected from invalid user ka 165.22.45.108 port 33946 [preauth]","@timestamp":"2022-09-10T22:29:44.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T22:29:51.215Z","@version":"1","message":"Sep 10 22:29:50 honeypot-sgp-1 sshd[4126]: Invalid user  from 31.184.198.71 port 26092","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:07.223Z","@version":"1","message":"Sep 10 22:30:06 honeypot-sgp-1 sshd[4132]: Invalid user  from 31.184.198.71 port 1318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:23.231Z","@version":"1","message":"Sep 10 22:30:22 honeypot-sgp-1 sshd[4138]: Invalid user admin from 31.184.198.71 port 39548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:39.239Z","@version":"1","message":"Sep 10 22:30:38 honeypot-sgp-1 sshd[4144]: Disconnecting invalid user admin 31.184.198.71 port 51065: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:30:50 honeypot-fra-1 sshd[30883]: Disconnected from invalid user minthu 187.218.23.85 port 54726 [preauth]","@timestamp":"2022-09-10T22:30:51.047Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T22:31:04.250Z","@version":"1","message":"Sep 10 22:31:04 honeypot-sgp-1 sshd[4150]: Disconnecting invalid user admin 31.184.198.71 port 19655: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:25.262Z","@version":"1","message":"Sep 10 22:31:24 honeypot-sgp-1 sshd[4156]: Disconnecting invalid user Shiko 31.184.198.71 port 52128: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:46.272Z","@version":"1","message":"Sep 10 22:31:46 honeypot-sgp-1 sshd[4162]: Disconnecting invalid user smcadmin 31.184.198.71 port 40555: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:58.279Z","@version":"1","message":"Sep 10 22:31:57 honeypot-sgp-1 sshd[4166]: Disconnecting invalid user cusadmin 31.184.198.71 port 5093: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:13.286Z","@version":"1","message":"Sep 10 22:32:13 honeypot-sgp-1 sshd[4172]: Disconnecting invalid user sweex 31.184.198.71 port 47150: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:32:29 honeypot-ams-1 sshd[8127]: Received disconnect from 92.255.85.69 port 30668:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:32:30.049Z"}
{"@timestamp":"2022-09-10T22:32:32.295Z","@version":"1","message":"Sep 10 22:32:31 honeypot-sgp-1 sshd[4178]: Disconnecting invalid user  31.184.198.71 port 3839: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:51.306Z","@version":"1","message":"Sep 10 22:32:50 honeypot-sgp-1 sshd[4184]: Disconnecting invalid user ubnt 31.184.198.71 port 41834: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:13.316Z","@version":"1","message":"Sep 10 22:33:13 honeypot-sgp-1 sshd[4193]: Invalid user amdin from 31.184.198.71 port 26956","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:38.329Z","@version":"1","message":"Sep 10 22:33:37 honeypot-sgp-1 sshd[4199]: Invalid user admin from 31.184.198.71 port 61087","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:00.339Z","@version":"1","message":"Sep 10 22:33:59 honeypot-sgp-1 sshd[4205]: Invalid user admin from 31.184.198.71 port 26017","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:12.345Z","@version":"1","message":"Sep 10 22:34:11 honeypot-sgp-1 sshd[4211]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 25996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:40:41.493Z","@version":"1","message":"Sep 10 22:40:41 honeypot-sgp-1 kernel: [83725755.015060] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24883 PROTO=TCP SPT=34932 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:45:34.608Z","@version":"1","message":"Sep 10 22:45:34 honeypot-sgp-1 kernel: [83726047.870335] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.152.52.104 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38014 PROTO=TCP SPT=49933 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:47:50 honeypot-ams-1 kernel: [83726656.068646] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=6962 PROTO=TCP SPT=4000 DPT=80 WINDOW=48929 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:47:50.443Z"}
{"@timestamp":"2022-09-10T22:49:11.692Z","@version":"1","message":"Sep 10 22:49:11 honeypot-sgp-1 sshd[4219]: Invalid user velocity from 43.154.172.57 port 55550","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:50:20 honeypot-fra-1 sshd[30888]: Invalid user microsoft from 73.204.6.32 port 49466","@timestamp":"2022-09-10T22:50:21.481Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:52:25 honeypot-ams-1 sshd[8151]: Disconnected from authenticating user root 80.76.51.41 port 59026 [preauth]","@timestamp":"2022-09-10T22:52:26.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:52:55 honeypot-ams-1 sshd[8155]: Disconnected from invalid user test 80.76.51.41 port 45472 [preauth]","@timestamp":"2022-09-10T22:52:55.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:53:23 honeypot-ams-1 sshd[8161]: Disconnected from authenticating user root 80.76.51.41 port 60192 [preauth]","@timestamp":"2022-09-10T22:53:23.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:04 honeypot-ams-1 sshd[8167]: Disconnected from authenticating user root 80.76.51.41 port 53928 [preauth]","@timestamp":"2022-09-10T22:54:04.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:54:42 honeypot-fra-1 kernel: [83724914.930762] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.145.63.181 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=14549 DF PROTO=TCP SPT=48467 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-10T22:54:43.580Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:45 honeypot-ams-1 sshd[8173]: Disconnected from authenticating user root 80.76.51.41 port 47730 [preauth]","@timestamp":"2022-09-10T22:54:45.636Z"}
{"@timestamp":"2022-09-10T22:54:51.831Z","@version":"1","message":"Sep 10 22:54:51 honeypot-sgp-1 kernel: [83726605.233265] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=18.194.17.5 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=226 ID=8770 DF PROTO=TCP SPT=7402 DPT=443 WINDOW=62727 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:55:12 honeypot-ams-1 sshd[8177]: Disconnected from invalid user git 80.76.51.41 port 33954 [preauth]","@timestamp":"2022-09-10T22:55:13.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:00:08 honeypot-ams-1 sshd[8184]: Disconnected from authenticating user root 61.177.172.124 port 64693 [preauth]","@timestamp":"2022-09-10T23:00:08.779Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:00:41 honeypot-fra-1 sshd[30896]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-10T23:00:41.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T23:00:59.970Z","@version":"1","message":"Sep 10 23:00:59 honeypot-sgp-1 sshd[4228]: Received disconnect from 45.61.186.249 port 53794:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:19.998Z","@version":"1","message":"Sep 10 23:01:19 honeypot-sgp-1 sshd[4232]: Received disconnect from 45.61.186.249 port 48862:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:39.007Z","@version":"1","message":"Sep 10 23:01:38 honeypot-sgp-1 sshd[4236]: Received disconnect from 45.61.186.249 port 43884:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:04:08 honeypot-fra-1 sshd[30902]: Invalid user two from 139.59.233.124 port 44436","@timestamp":"2022-09-10T23:04:08.796Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:06:04 honeypot-ams-1 sshd[8189]: Received disconnect from 61.177.173.36 port 43241:11:  [preauth]","@timestamp":"2022-09-10T23:06:04.937Z"}
{"@timestamp":"2022-09-10T23:07:37.143Z","@version":"1","message":"Sep 10 23:07:36 honeypot-sgp-1 sshd[4241]: Disconnected from authenticating user root 43.155.65.44 port 49454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:09:02 honeypot-fra-1 kernel: [83725774.467425] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=188.3.37.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15686 PROTO=TCP SPT=53504 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:09:02.971Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:11:57 honeypot-ams-1 kernel: [83728103.650896] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.178 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=57079 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:11:58.092Z"}
{"@timestamp":"2022-09-10T23:14:11.311Z","@version":"1","message":"Sep 10 23:14:10 honeypot-sgp-1 sshd[4246]: Received disconnect from 92.255.85.70 port 25418:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:17:25 honeypot-ams-1 kernel: [83728431.888350] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57849 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:17:26.236Z"}
{"@timestamp":"2022-09-10T23:17:51.399Z","@version":"1","message":"Sep 10 23:17:50 honeypot-sgp-1 sshd[4251]: Disconnected from invalid user admin 105.159.249.53 port 17137 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:23 honeypot-ams-1 sshd[8205]: Received disconnect from 80.76.51.46 port 49612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:19:24.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:53 honeypot-ams-1 sshd[8212]: Received disconnect from 80.76.51.46 port 45976:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:19:53.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:20:35 honeypot-ams-1 sshd[8218]: Received disconnect from 61.177.172.124 port 29141:11:  [preauth]","@timestamp":"2022-09-10T23:20:36.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:20:49 honeypot-ams-1 sshd[8222]: Disconnected from authenticating user root 80.76.51.46 port 38638 [preauth]","@timestamp":"2022-09-10T23:20:50.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:21:32 honeypot-ams-1 sshd[8228]: Disconnected from authenticating user root 80.76.51.46 port 33186 [preauth]","@timestamp":"2022-09-10T23:21:32.373Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:24:51 honeypot-fra-1 sshd[30911]: Invalid user User from 61.158.169.229 port 33540","@timestamp":"2022-09-10T23:24:51.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:30:49 honeypot-ams-1 sshd[8237]: Disconnected from authenticating user root 61.177.173.35 port 29639 [preauth]","@timestamp":"2022-09-10T23:30:50.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:33:02 honeypot-ams-1 sshd[8246]: Received disconnect from 61.177.173.39 port 19796:11:  [preauth]","@timestamp":"2022-09-10T23:33:02.671Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:33:52 honeypot-ams-1 sshd[8250]: Received disconnect from 80.76.51.189 port 58256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:33:53.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:34:09 honeypot-fra-1 sshd[30917]: Received disconnect from 37.187.146.134 port 39428:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:34:09.549Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T23:37:29.856Z","@version":"1","message":"Sep 10 23:37:29 honeypot-sgp-1 sshd[4257]: Disconnected from invalid user test 92.255.85.70 port 25936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:38:35 honeypot-ams-1 sshd[8257]: Received disconnect from 35.199.93.228 port 34800:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:38:35.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:08 honeypot-ams-1 sshd[8263]: Received disconnect from 18.140.57.224 port 42800:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:39:08.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:13 honeypot-ams-1 sshd[8267]: error: maximum authentication attempts exceeded for invalid user admin from 18.140.57.224 port 42822 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:13.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:19 honeypot-ams-1 sshd[8271]: error: maximum authentication attempts exceeded for invalid user oracle from 18.140.57.224 port 42846 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:19.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:24 honeypot-ams-1 sshd[8275]: Received disconnect from 18.140.57.224 port 42864:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:39:24.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:30 honeypot-ams-1 sshd[8279]: error: maximum authentication attempts exceeded for invalid user usuario from 18.140.57.224 port 42884 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:30.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:35 honeypot-ams-1 sshd[8283]: error: maximum authentication attempts exceeded for invalid user test from 18.140.57.224 port 42904 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:35.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:41 honeypot-ams-1 sshd[8287]: Received disconnect from 18.140.57.224 port 42924:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:39:41.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:46 honeypot-ams-1 sshd[8291]: error: maximum authentication attempts exceeded for invalid user user from 18.140.57.224 port 42946 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:46.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:52 honeypot-ams-1 sshd[8295]: error: maximum authentication attempts exceeded for invalid user ftpuser from 18.140.57.224 port 42960 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:52.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:57 honeypot-ams-1 sshd[8299]: Received disconnect from 18.140.57.224 port 42980:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:39:57.866Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:03 honeypot-ams-1 sshd[8303]: error: maximum authentication attempts exceeded for invalid user test1 from 18.140.57.224 port 42992 ssh2 [preauth]","@timestamp":"2022-09-10T23:40:03.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:08 honeypot-ams-1 sshd[8307]: error: maximum authentication attempts exceeded for invalid user test2 from 18.140.57.224 port 43004 ssh2 [preauth]","@timestamp":"2022-09-10T23:40:08.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:14 honeypot-ams-1 sshd[8311]: Received disconnect from 18.140.57.224 port 43026:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:40:14.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:19 honeypot-ams-1 sshd[8315]: error: maximum authentication attempts exceeded for invalid user ubuntu from 18.140.57.224 port 43036 ssh2 [preauth]","@timestamp":"2022-09-10T23:40:19.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:24 honeypot-ams-1 sshd[8319]: Received disconnect from 18.140.57.224 port 43058:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:40:25.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:29 honeypot-ams-1 sshd[8323]: Received disconnect from 18.140.57.224 port 43066:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:40:29.888Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:41:31 honeypot-ams-1 sshd[8327]: Disconnected from authenticating user root 61.177.172.19 port 51850 [preauth]","@timestamp":"2022-09-10T23:41:31.916Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:43:21 honeypot-ams-1 kernel: [83729987.861868] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.92.87.63 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=34009 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:43:21.967Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:46:27 honeypot-ams-1 sshd[8339]: Disconnected from invalid user oliver 35.216.73.53 port 52660 [preauth]","@timestamp":"2022-09-10T23:46:28.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:49:34 honeypot-ams-1 sshd[8348]: Invalid user  from 118.193.59.59 port 47928","@timestamp":"2022-09-10T23:49:35.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:50:15 honeypot-fra-1 sshd[30923]: error: maximum authentication attempts exceeded for root from 120.48.37.84 port 50162 ssh2 [preauth]","@timestamp":"2022-09-10T23:50:15.901Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T23:51:13.198Z","@version":"1","message":"Sep 10 23:51:12 honeypot-sgp-1 sshd[4260]: Received disconnect from 164.92.117.121 port 51234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:52:35 honeypot-ams-1 sshd[8353]: Disconnected from authenticating user root 103.3.247.120 port 47708 [preauth]","@timestamp":"2022-09-10T23:52:36.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:55:41 honeypot-ams-1 sshd[8361]: Received disconnect from 61.177.173.48 port 18823:11:  [preauth]","@timestamp":"2022-09-10T23:55:42.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:57:24 honeypot-fra-1 kernel: [83728676.546415] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.146.76.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=64413 PROTO=TCP SPT=58577 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:57:25.062Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T23:58:57.369Z","@version":"1","message":"Sep 10 23:58:56 honeypot-sgp-1 sshd[4265]: Disconnected from invalid user user 92.255.85.69 port 28750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:00:32 honeypot-fra-1 sshd[30928]: Disconnected from invalid user user 92.255.85.70 port 39982 [preauth]","@timestamp":"2022-09-11T00:00:33.137Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:02:04 honeypot-ams-1 sshd[8366]: Received disconnect from 61.177.172.124 port 25932:11:  [preauth]","@timestamp":"2022-09-11T00:02:05.484Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:03:51 honeypot-ams-1 kernel: [83731217.417514] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.211.241.141 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=25297 DF PROTO=TCP SPT=32776 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:03:51.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:04 honeypot-ams-1 sshd[8372]: Received disconnect from 141.255.162.226 port 44126:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:06:04.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:07 honeypot-ams-1 sshd[8376]: Received disconnect from 141.255.162.226 port 58718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:06:07.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:12 honeypot-ams-1 sshd[8380]: Received disconnect from 141.255.162.226 port 52368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:06:13.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:06:16 honeypot-fra-1 sshd[30933]: Invalid user test from 193.106.191.157 port 57040","@timestamp":"2022-09-11T00:06:17.266Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:15:31 honeypot-ams-1 kernel: [83731917.061229] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.218.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49835 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:15:31.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:17:01 honeypot-fra-1 CRON[30953]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T00:17:01.505Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:17:01.789Z","@version":"1","message":"Sep 11 00:17:01 honeypot-sgp-1 CRON[4273]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:19:57.859Z","@version":"1","message":"Sep 11 00:19:57 honeypot-sgp-1 sshd[4278]: Disconnected from authenticating user root 143.244.158.100 port 34598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:20:01 honeypot-ams-1 sshd[8390]: Received disconnect from 61.177.173.35 port 43035:11:  [preauth]","@timestamp":"2022-09-11T00:20:01.974Z"}
{"@timestamp":"2022-09-11T00:21:44.904Z","@version":"1","message":"Sep 11 00:21:44 honeypot-sgp-1 sshd[4285]: Disconnected from authenticating user root 143.244.158.100 port 38620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:22:48 honeypot-ams-1 kernel: [83732354.786517] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.203.57.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35137 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:22:49.053Z"}
{"@timestamp":"2022-09-11T00:23:21.944Z","@version":"1","message":"Sep 11 00:23:21 honeypot-sgp-1 sshd[4688]: Received disconnect from 143.244.158.100 port 44720:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:24:52.983Z","@version":"1","message":"Sep 11 00:24:52 honeypot-sgp-1 sshd[4726]: Disconnected from invalid user boot 94.75.123.43 port 38642 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:26:36.025Z","@version":"1","message":"Sep 11 00:26:35 honeypot-sgp-1 sshd[4734]: Disconnected from authenticating user root 143.244.158.100 port 35304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:27:38 honeypot-ams-1 sshd[8399]: Disconnected from authenticating user root 92.255.85.69 port 62854 [preauth]","@timestamp":"2022-09-11T00:27:39.182Z"}
{"@timestamp":"2022-09-11T00:28:58.082Z","@version":"1","message":"Sep 11 00:28:57 honeypot-sgp-1 sshd[4740]: Disconnected from authenticating user root 143.244.158.100 port 41172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:31:23.141Z","@version":"1","message":"Sep 11 00:31:22 honeypot-sgp-1 sshd[4746]: Disconnected from authenticating user root 143.244.158.100 port 52874 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:32:15 honeypot-ams-1 sshd[8404]: Received disconnect from 61.177.173.48 port 35808:11:  [preauth]","@timestamp":"2022-09-11T00:32:15.308Z"}
{"@timestamp":"2022-09-11T00:33:52.202Z","@version":"1","message":"Sep 11 00:33:51 honeypot-sgp-1 sshd[4753]: Received disconnect from 143.244.158.100 port 55394:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:35:28.242Z","@version":"1","message":"Sep 11 00:35:28 honeypot-sgp-1 sshd[4757]: Disconnected from authenticating user root 143.244.158.100 port 39484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:35:41 honeypot-fra-1 sshd[30962]: Invalid user karim from 165.22.45.108 port 55020","@timestamp":"2022-09-11T00:35:41.920Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:37:50.300Z","@version":"1","message":"Sep 11 00:37:49 honeypot-sgp-1 sshd[4764]: Disconnected from authenticating user root 143.244.158.100 port 43742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:39:24.340Z","@version":"1","message":"Sep 11 00:39:23 honeypot-sgp-1 sshd[4770]: Received disconnect from 143.244.158.100 port 54296:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:41:44.416Z","@version":"1","message":"Sep 11 00:41:43 honeypot-sgp-1 sshd[4776]: Received disconnect from 143.244.158.100 port 59362:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:42:30 honeypot-ams-1 sshd[8414]: Received disconnect from 61.177.173.51 port 32464:11:  [preauth]","@timestamp":"2022-09-11T00:42:30.574Z"}
{"@timestamp":"2022-09-11T00:44:08.475Z","@version":"1","message":"Sep 11 00:44:08 honeypot-sgp-1 sshd[4783]: Received disconnect from 143.244.158.100 port 57604:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:46:09.526Z","@version":"1","message":"Sep 11 00:46:08 honeypot-sgp-1 sshd[4790]: Received disconnect from 92.255.85.70 port 30504:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:47:22.558Z","@version":"1","message":"Sep 11 00:47:22 honeypot-sgp-1 sshd[4796]: Received disconnect from 143.244.158.100 port 52788:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:47:46 honeypot-fra-1 kernel: [83731698.479250] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=17535 PROTO=TCP SPT=58766 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:47:47.189Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T00:49:04.600Z","@version":"1","message":"Sep 11 00:49:04 honeypot-sgp-1 kernel: [83733458.241580] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=60.26.120.135 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=55164 DF PROTO=TCP SPT=13439 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:49:54 honeypot-ams-1 sshd[8424]: Received disconnect from 92.255.85.69 port 61062:11: Bye Bye [preauth]","@timestamp":"2022-09-11T00:49:54.768Z"}
{"@timestamp":"2022-09-11T00:51:05.650Z","@version":"1","message":"Sep 11 00:51:05 honeypot-sgp-1 kernel: [83733579.047780] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.123.143.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=48038 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:51:44 honeypot-ams-1 sshd[8431]: Received disconnect from 61.177.173.46 port 33536:11:  [preauth]","@timestamp":"2022-09-11T00:51:44.824Z"}
{"@timestamp":"2022-09-11T00:52:55.695Z","@version":"1","message":"Sep 11 00:52:55 honeypot-sgp-1 sshd[4811]: Disconnected from authenticating user root 143.244.158.100 port 36618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:53:57 honeypot-ams-1 sshd[8436]: Invalid user user from 45.61.186.169 port 34880","@timestamp":"2022-09-11T00:53:57.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:14 honeypot-ams-1 sshd[8440]: Invalid user user from 45.61.186.169 port 58114","@timestamp":"2022-09-11T00:54:14.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:23 honeypot-ams-1 sshd[8442]: Disconnected from invalid user user 45.61.186.169 port 41504 [preauth]","@timestamp":"2022-09-11T00:54:23.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:38 honeypot-ams-1 sshd[8446]: Received disconnect from 45.61.186.169 port 36560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:54:39.908Z"}
{"@timestamp":"2022-09-11T00:55:27.756Z","@version":"1","message":"Sep 11 00:55:27 honeypot-sgp-1 sshd[4818]: Disconnected from authenticating user root 143.244.158.100 port 58824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:57:01 honeypot-ams-1 CRON[8451]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T00:57:01.974Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:57:01 honeypot-fra-1 CRON[30970]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T00:57:02.398Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:57:05.798Z","@version":"1","message":"Sep 11 00:57:05 honeypot-sgp-1 sshd[4825]: Disconnected from authenticating user root 143.244.158.100 port 58114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:59:33.856Z","@version":"1","message":"Sep 11 00:59:33 honeypot-sgp-1 sshd[4831]: Disconnected from authenticating user root 143.244.158.100 port 56376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:02:06.918Z","@version":"1","message":"Sep 11 01:02:06 honeypot-sgp-1 sshd[4838]: Disconnected from authenticating user root 143.244.158.100 port 49912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:04:28.974Z","@version":"1","message":"Sep 11 01:04:28 honeypot-sgp-1 kernel: [83734382.274223] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=33268 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:07:27 honeypot-fra-1 sshd[30976]: Disconnected from invalid user karl 165.22.45.108 port 60002 [preauth]","@timestamp":"2022-09-11T01:07:27.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:08:05 honeypot-ams-1 sshd[8463]: Received disconnect from 61.177.173.39 port 24429:11:  [preauth]","@timestamp":"2022-09-11T01:08:06.264Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:09:23 honeypot-ams-1 kernel: [83735149.466450] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.180.105.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=5591 PROTO=TCP SPT=17337 DPT=80 WINDOW=4321 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:09:24.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:04 honeypot-ams-1 sshd[8472]: Disconnected from invalid user admin 80.76.51.41 port 38698 [preauth]","@timestamp":"2022-09-11T01:12:04.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:42 honeypot-ams-1 sshd[8478]: Received disconnect from 80.76.51.41 port 53406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:12:43.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:12:42 honeypot-fra-1 sshd[30983]: Connection closed by invalid user test 193.106.191.157 port 40508 [preauth]","@timestamp":"2022-09-11T01:12:43.749Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:13:19 honeypot-ams-1 sshd[8485]: Received disconnect from 80.76.51.41 port 39982:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:13:20.416Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:13:50 honeypot-ams-1 kernel: [83735416.571671] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.130 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=29154 PROTO=TCP SPT=14271 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:13:51.432Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:14:12 honeypot-ams-1 kernel: [83735438.456704] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=81.213.146.109 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=38171 PROTO=TCP SPT=3873 DPT=80 WINDOW=44282 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:14:13.443Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:17:01 honeypot-ams-1 CRON[8499]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T01:17:02.518Z"}
{"@timestamp":"2022-09-11T01:17:01.267Z","@version":"1","message":"Sep 11 01:17:01 honeypot-sgp-1 CRON[4853]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:20.275Z","@version":"1","message":"Sep 11 01:17:19 honeypot-sgp-1 sshd[4858]: Disconnected from invalid user user 45.61.186.249 port 32926 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:39.284Z","@version":"1","message":"Sep 11 01:17:38 honeypot-sgp-1 sshd[4862]: Received disconnect from 45.61.186.249 port 56296:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:57.293Z","@version":"1","message":"Sep 11 01:17:56 honeypot-sgp-1 sshd[4866]: Received disconnect from 45.61.186.249 port 51440:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:19:50.338Z","@version":"1","message":"Sep 11 01:19:49 honeypot-sgp-1 sshd[4871]: Connection closed by 208.180.124.137 port 35403 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:26:26 honeypot-ams-1 sshd[8510]: Received disconnect from 61.177.172.104 port 33284:11:  [preauth]","@timestamp":"2022-09-11T01:26:26.765Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:28:09 honeypot-fra-1 sshd[30992]: Connection closed by invalid user  64.62.197.197 port 15660 [preauth]","@timestamp":"2022-09-11T01:28:09.097Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:29:40 honeypot-ams-1 sshd[8518]: Did not receive identification string from 83.137.158.6 port 35814","@timestamp":"2022-09-11T01:29:40.855Z"}
{"@timestamp":"2022-09-11T01:31:26.605Z","@version":"1","message":"Sep 11 01:31:25 honeypot-sgp-1 kernel: [83735999.273732] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.152.119.24 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=34478 DF PROTO=TCP SPT=29619 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:38:29 honeypot-ams-1 sshd[8526]: Received disconnect from 92.255.85.69 port 17908:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:38:30.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:39:07 honeypot-fra-1 sshd[30999]: Invalid user karpenko from 165.22.45.108 port 36740","@timestamp":"2022-09-11T01:39:08.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:40:34 honeypot-fra-1 sshd[31005]: Received disconnect from 187.188.240.7 port 40510:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:40:34.375Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:44:42 honeypot-ams-1 sshd[8531]: Disconnected from authenticating user root 61.177.173.49 port 26191 [preauth]","@timestamp":"2022-09-11T01:44:43.262Z"}
{"@timestamp":"2022-09-11T01:46:49.962Z","@version":"1","message":"Sep 11 01:46:49 honeypot-sgp-1 kernel: [83736922.866583] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.135 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7383 PROTO=TCP SPT=47656 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:49:37 honeypot-ams-1 sshd[8538]: Disconnected from authenticating user root 61.177.172.114 port 33015 [preauth]","@timestamp":"2022-09-11T01:49:37.392Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:52:54 honeypot-fra-1 sshd[31011]: Invalid user ghost from 157.230.98.148 port 40116","@timestamp":"2022-09-11T01:52:54.654Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:53:49.128Z","@version":"1","message":"Sep 11 01:53:48 honeypot-sgp-1 sshd[4886]: Received disconnect from 45.249.247.148 port 60494:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:55:04 honeypot-fra-1 sshd[31013]: Received disconnect from 187.190.40.6 port 54970:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:55:04.708Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:56:48 honeypot-ams-1 sshd[8543]: Connection closed by invalid user test 193.106.191.157 port 54160 [preauth]","@timestamp":"2022-09-11T01:56:49.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:59:03 honeypot-fra-1 sshd[31019]: Received disconnect from 92.255.85.70 port 27944:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:59:03.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:59:40 honeypot-ams-1 sshd[8549]: Invalid user ftpuser from 157.245.101.171 port 43332","@timestamp":"2022-09-11T01:59:40.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:01:52 honeypot-ams-1 sshd[8552]: Received disconnect from 190.252.185.131 port 14936:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:01:52.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:08:21 honeypot-ams-1 sshd[8563]: Received disconnect from 61.177.172.114 port 61485:11:  [preauth]","@timestamp":"2022-09-11T02:08:21.900Z"}
{"@timestamp":"2022-09-11T02:08:26.516Z","@version":"1","message":"Sep 11 02:08:25 honeypot-sgp-1 sshd[4892]: Invalid user lizal123 from 49.236.192.106 port 41032","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:10:47 honeypot-fra-1 sshd[31023]: Invalid user kastyn from 165.22.45.108 port 41702","@timestamp":"2022-09-11T02:10:48.068Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:11:37 honeypot-ams-1 sshd[8569]: Disconnected from invalid user admin 189.5.124.232 port 48950 [preauth]","@timestamp":"2022-09-11T02:11:37.989Z"}
{"@timestamp":"2022-09-11T02:11:54.601Z","@version":"1","message":"Sep 11 02:11:53 honeypot-sgp-1 kernel: [83738427.374027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43116 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:17:01 honeypot-fra-1 CRON[31028]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T02:17:02.211Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:17:57.746Z","@version":"1","message":"Sep 11 02:17:56 honeypot-sgp-1 sshd[4901]: Disconnected from invalid user user 45.61.186.249 port 33928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:15.755Z","@version":"1","message":"Sep 11 02:18:14 honeypot-sgp-1 sshd[4905]: Disconnected from invalid user user 45.61.186.249 port 56774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:32.764Z","@version":"1","message":"Sep 11 02:18:31 honeypot-sgp-1 sshd[4910]: Disconnected from invalid user user 45.61.186.249 port 51456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:49.773Z","@version":"1","message":"Sep 11 02:18:49 honeypot-sgp-1 sshd[4914]: Disconnected from invalid user user 45.61.186.249 port 46096 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:20:47 honeypot-ams-1 sshd[8579]: Disconnected from authenticating user root 61.177.172.104 port 27940 [preauth]","@timestamp":"2022-09-11T02:20:48.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:25:08 honeypot-ams-1 sshd[8586]: Received disconnect from 139.226.68.213 port 34206:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:25:09.383Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:25:19 honeypot-fra-1 sshd[31036]: Invalid user ubuntu from 103.188.176.251 port 58996","@timestamp":"2022-09-11T02:25:19.400Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:28:35 honeypot-ams-1 sshd[8592]: Disconnected from authenticating user root 61.177.173.49 port 57776 [preauth]","@timestamp":"2022-09-11T02:28:35.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:30:26 honeypot-ams-1 sshd[8597]: error: maximum authentication attempts exceeded for invalid user admin from 61.199.47.58 port 62550 ssh2 [preauth]","@timestamp":"2022-09-11T02:30:26.530Z"}
{"@timestamp":"2022-09-11T02:37:37.218Z","@version":"1","message":"Sep 11 02:37:36 honeypot-sgp-1 kernel: [83739970.025219] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=85.239.34.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=48543 PROTO=TCP SPT=59582 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:40:03 honeypot-fra-1 sshd[31045]: Invalid user demo from 189.178.2.155 port 48582","@timestamp":"2022-09-11T02:40:03.728Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:40:17.285Z","@version":"1","message":"Sep 11 02:40:16 honeypot-sgp-1 sshd[4928]: Received disconnect from 45.61.186.49 port 59260:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:40:28.289Z","@version":"1","message":"Sep 11 02:40:28 honeypot-sgp-1 sshd[4932]: Received disconnect from 45.61.186.49 port 42540:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:40:29 honeypot-ams-1 sshd[8606]: Received disconnect from 61.177.173.36 port 17970:11:  [preauth]","@timestamp":"2022-09-11T02:40:29.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:44:03 honeypot-fra-1 sshd[31049]: Connection closed by invalid user pi 79.248.107.21 port 59516 [preauth]","@timestamp":"2022-09-11T02:44:03.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:47:15 honeypot-fra-1 kernel: [83738867.210977] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=27012 PROTO=TCP SPT=16115 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:47:15.904Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T02:48:20.496Z","@version":"1","message":"Sep 11 02:48:19 honeypot-sgp-1 sshd[4938]: Invalid user test123 from 103.188.176.251 port 41508","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:48:42 honeypot-ams-1 kernel: [83741108.384449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.49.20.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=43982 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:48:43.029Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:52:39 honeypot-fra-1 sshd[31059]: Disconnected from invalid user jordan 201.71.186.82 port 40224 [preauth]","@timestamp":"2022-09-11T02:52:40.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:53:04 honeypot-ams-1 sshd[8616]: Received disconnect from 128.199.91.252 port 34240:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:53:05.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:54:34 honeypot-ams-1 sshd[8620]: Disconnected from authenticating user root 61.177.173.49 port 29510 [preauth]","@timestamp":"2022-09-11T02:54:34.195Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:58:32 honeypot-ams-1 kernel: [83741698.575223] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=56266 PROTO=TCP SPT=46638 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:58:33.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:22 honeypot-ams-1 sshd[8630]: Received disconnect from 141.255.162.226 port 47058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T02:59:23.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:25 honeypot-ams-1 sshd[8634]: Received disconnect from 141.255.162.226 port 40032:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T02:59:26.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:29 honeypot-ams-1 sshd[8638]: Received disconnect from 141.255.162.226 port 54170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T02:59:30.335Z"}
{"@timestamp":"2022-09-11T03:01:58.822Z","@version":"1","message":"Sep 11 03:01:57 honeypot-sgp-1 kernel: [83741431.435178] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=34901 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:02:27 honeypot-ams-1 sshd[8642]: Connection closed by invalid user test 193.106.191.157 port 37712 [preauth]","@timestamp":"2022-09-11T03:02:27.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:18 honeypot-ams-1 sshd[8648]: Received disconnect from 45.61.187.160 port 41394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:05:19.497Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:38 honeypot-ams-1 sshd[8652]: Received disconnect from 45.61.187.160 port 36156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:05:38.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:57 honeypot-ams-1 sshd[8656]: Received disconnect from 45.61.187.160 port 59092:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:05:57.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:06:15 honeypot-ams-1 sshd[8660]: Received disconnect from 45.61.187.160 port 53828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:06:15.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:07:05 honeypot-fra-1 kernel: [83740057.160629] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=33676 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:07:06.345Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:11:25 honeypot-ams-1 sshd[8665]: Disconnected from authenticating user root 92.255.85.70 port 53906 [preauth]","@timestamp":"2022-09-11T03:11:26.679Z"}
{"@timestamp":"2022-09-11T03:12:00.056Z","@version":"1","message":"Sep 11 03:11:59 honeypot-sgp-1 sshd[4950]: Received disconnect from 139.59.23.154 port 34958:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:17:01.175Z","@version":"1","message":"Sep 11 03:17:01 honeypot-sgp-1 CRON[4956]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:17:01 honeypot-fra-1 CRON[31068]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T03:17:01.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:17:01 honeypot-ams-1 CRON[8674]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T03:17:02.827Z"}
{"@timestamp":"2022-09-11T03:20:23.257Z","@version":"1","message":"Sep 11 03:20:23 honeypot-sgp-1 sshd[4963]: Invalid user user from 198.98.61.9 port 55804","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:20:48.269Z","@version":"1","message":"Sep 11 03:20:47 honeypot-sgp-1 sshd[4967]: Invalid user user from 198.98.61.9 port 49858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:21:05.277Z","@version":"1","message":"Sep 11 03:21:04 honeypot-sgp-1 sshd[4971]: Invalid user user from 198.98.61.9 port 44022","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:25:10.373Z","@version":"1","message":"Sep 11 03:25:09 honeypot-sgp-1 sshd[4976]: Did not receive identification string from 45.61.186.49 port 34156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:25:34.385Z","@version":"1","message":"Sep 11 03:25:33 honeypot-sgp-1 sshd[4979]: Disconnected from invalid user user 45.61.186.49 port 50342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:25:44.390Z","@version":"1","message":"Sep 11 03:25:44 honeypot-sgp-1 sshd[4983]: Disconnected from invalid user user 45.61.186.49 port 33780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:26:08 honeypot-fra-1 sshd[31076]: Invalid user test from 193.106.191.157 port 35644","@timestamp":"2022-09-11T03:26:08.759Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:26:42 honeypot-ams-1 sshd[8682]: Disconnected from authenticating user root 61.177.172.124 port 18244 [preauth]","@timestamp":"2022-09-11T03:26:43.079Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:31:26 honeypot-ams-1 kernel: [83743672.623556] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=8391 DF PROTO=TCP SPT=63848 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T03:31:27.207Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:32:29 honeypot-fra-1 sshd[31081]: Disconnected from authenticating user root 92.255.85.69 port 35842 [preauth]","@timestamp":"2022-09-11T03:32:29.902Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:35:49 honeypot-ams-1 kernel: [83743935.120531] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40365 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:35:50.327Z"}
{"@timestamp":"2022-09-11T03:42:59.798Z","@version":"1","message":"Sep 11 03:42:59 honeypot-sgp-1 kernel: [83743893.002346] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.201.9.213 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60089 PROTO=TCP SPT=56599 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:44:35 honeypot-fra-1 sshd[31100]: Invalid user ubuntu from 101.33.218.153 port 57244","@timestamp":"2022-09-11T03:44:36.164Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:47:54.922Z","@version":"1","message":"Sep 11 03:47:54 honeypot-sgp-1 sshd[4990]: Received disconnect from 128.199.152.105 port 44450:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:52:55 honeypot-ams-1 sshd[8704]: Disconnected from authenticating user root 61.177.173.47 port 49076 [preauth]","@timestamp":"2022-09-11T03:52:55.782Z"}
{"@timestamp":"2022-09-11T03:53:11.050Z","@version":"1","message":"Sep 11 03:53:10 honeypot-sgp-1 sshd[4995]: Received disconnect from 92.255.85.70 port 19772:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:56:10 honeypot-fra-1 sshd[31120]: Received disconnect from 92.255.85.70 port 51976:11: Bye Bye [preauth]","@timestamp":"2022-09-11T03:56:11.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:57:50 honeypot-ams-1 sshd[8708]: Disconnected from authenticating user root 92.255.85.69 port 56048 [preauth]","@timestamp":"2022-09-11T03:57:50.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:58:58 honeypot-fra-1 sshd[31126]: Invalid user admin from 51.79.224.191 port 57230","@timestamp":"2022-09-11T03:58:59.478Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:00:43 honeypot-fra-1 kernel: [83743275.279467] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=9185 PROTO=TCP SPT=57944 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:00:44.529Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T04:01:23.261Z","@version":"1","message":"Sep 11 04:01:23 honeypot-sgp-1 sshd[5001]: Invalid user user from 45.61.184.204 port 52034","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:01:44.271Z","@version":"1","message":"Sep 11 04:01:43 honeypot-sgp-1 sshd[5005]: Invalid user user from 45.61.184.204 port 47948","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:02:03.280Z","@version":"1","message":"Sep 11 04:02:02 honeypot-sgp-1 sshd[5009]: Invalid user user from 45.61.184.204 port 43882","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:02:21.289Z","@version":"1","message":"Sep 11 04:02:20 honeypot-sgp-1 sshd[5013]: Invalid user user from 45.61.184.204 port 39758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:03:58 honeypot-fra-1 sshd[31135]: Connection closed by invalid user user 121.5.54.92 port 43246 [preauth]","@timestamp":"2022-09-11T04:03:59.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:04:28 honeypot-ams-1 sshd[8716]: Received disconnect from 103.102.42.42 port 57026:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:04:29.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:06:38 honeypot-ams-1 sshd[8721]: Disconnected from invalid user saturne 43.134.197.174 port 43436 [preauth]","@timestamp":"2022-09-11T04:06:39.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:10:29 honeypot-ams-1 sshd[8728]: Invalid user test from 193.106.191.157 port 49650","@timestamp":"2022-09-11T04:10:29.270Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:12:39 honeypot-fra-1 kernel: [83743990.383709] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=165.22.82.222 LEN=52 TOS=0x08 PREC=0x60 TTL=53 ID=48581 DF PROTO=TCP SPT=49605 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:12:39.797Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:16:35 honeypot-ams-1 kernel: [83746381.024465] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.19 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45463 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:16:35.442Z"}
{"@timestamp":"2022-09-11T04:16:46.661Z","@version":"1","message":"Sep 11 04:16:45 honeypot-sgp-1 sshd[5018]: Received disconnect from 92.255.85.69 port 18492:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:17:01 honeypot-fra-1 CRON[31149]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T04:17:01.896Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:20:51 honeypot-ams-1 kernel: [83746637.436004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.180.224.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=56258 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:20:52.558Z"}
{"@timestamp":"2022-09-11T04:21:57.785Z","@version":"1","message":"Sep 11 04:21:57 honeypot-sgp-1 sshd[5024]: Connection closed by invalid user admin 128.199.160.207 port 20426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:21:57.785Z","@version":"1","message":"Sep 11 04:21:57 honeypot-sgp-1 sshd[5030]: Connection closed by invalid user admin 128.199.160.207 port 20460 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:22:35 honeypot-fra-1 sshd[31157]: Invalid user test from 185.74.5.184 port 42800","@timestamp":"2022-09-11T04:22:36.021Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:24:02 honeypot-fra-1 sshd[31159]: Disconnected from invalid user katrin 165.22.45.108 port 32786 [preauth]","@timestamp":"2022-09-11T04:24:03.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:27:08 honeypot-fra-1 sshd[31167]: Invalid user vnc from 80.68.3.98 port 52360","@timestamp":"2022-09-11T04:27:09.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:27:17 honeypot-ams-1 sshd[8740]: Disconnected from authenticating user root 201.217.143.51 port 20896 [preauth]","@timestamp":"2022-09-11T04:27:18.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:30:50 honeypot-fra-1 sshd[31170]: Received disconnect from 58.8.148.64 port 57170:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:30:51.211Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:34:31 honeypot-ams-1 sshd[8745]: Received disconnect from 20.40.73.192 port 47180:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:34:31.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:28 honeypot-ams-1 sshd[8750]: Invalid user user from 45.61.184.204 port 38784","@timestamp":"2022-09-11T04:35:28.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:48 honeypot-ams-1 sshd[8754]: Invalid user user from 45.61.184.204 port 33696","@timestamp":"2022-09-11T04:35:48.979Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:07 honeypot-ams-1 sshd[8758]: Invalid user user from 45.61.184.204 port 56906","@timestamp":"2022-09-11T04:36:07.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:20 honeypot-ams-1 sshd[8762]: Received disconnect from 64.227.180.226 port 50366:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:36:20.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:39:06 honeypot-ams-1 sshd[8767]: Received disconnect from 101.231.146.34 port 49801:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:39:07.070Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:39:25 honeypot-fra-1 sshd[31175]: Received disconnect from 161.82.233.179 port 40642:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:39:26.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:39:50 honeypot-ams-1 kernel: [83747776.572564] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.140.155.213 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=45813 DF PROTO=TCP SPT=25110 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:39:51.091Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:41:23 honeypot-fra-1 kernel: [83745715.117652] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=20297 PROTO=TCP SPT=20212 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:41:24.447Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T04:41:58.271Z","@version":"1","message":"Sep 11 04:41:57 honeypot-sgp-1 sshd[5036]: Invalid user temp from 161.82.233.179 port 38444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:43:41 honeypot-fra-1 sshd[31185]: Did not receive identification string from 50.31.21.8 port 44052","@timestamp":"2022-09-11T04:43:42.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:45:34 honeypot-ams-1 sshd[8772]: Disconnected from authenticating user root 92.255.85.70 port 58622 [preauth]","@timestamp":"2022-09-11T04:45:35.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:47:14 honeypot-fra-1 kernel: [83746065.704538] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=42.192.144.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=3555 DF PROTO=TCP SPT=54112 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:47:14.582Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T04:48:44.434Z","@version":"1","message":"Sep 11 04:48:44 honeypot-sgp-1 sshd[5044]: Connection closed by 75.134.58.155 port 40373 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:57:40 honeypot-fra-1 sshd[31195]: Invalid user katrin from 165.22.45.108 port 37564","@timestamp":"2022-09-11T04:57:40.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:58:19 honeypot-ams-1 kernel: [83748885.092358] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.222.52.108 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=63234 PROTO=TCP SPT=48013 DPT=80 WINDOW=20828 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:58:19.578Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:00:50 honeypot-fra-1 sshd[31201]: Invalid user user from 45.61.187.160 port 40472","@timestamp":"2022-09-11T05:00:50.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:09 honeypot-fra-1 sshd[31206]: Invalid user user from 45.61.187.160 port 35664","@timestamp":"2022-09-11T05:01:10.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:28 honeypot-fra-1 sshd[31210]: Invalid user user from 45.61.187.160 port 59116","@timestamp":"2022-09-11T05:01:28.922Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:01:41.743Z","@version":"1","message":"Sep 11 05:01:41 honeypot-sgp-1 sshd[5068]: Disconnected from authenticating user root 71.25.118.117 port 41270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:45 honeypot-fra-1 sshd[31214]: Invalid user user from 45.61.187.160 port 54296","@timestamp":"2022-09-11T05:01:45.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:06:24 honeypot-fra-1 sshd[31220]: Invalid user jh from 159.65.11.5 port 47690","@timestamp":"2022-09-11T05:06:25.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:07:24 honeypot-fra-1 sshd[31224]: Received disconnect from 189.7.129.60 port 54450:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:07:24.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:07:26.884Z","@version":"1","message":"Sep 11 05:07:26 honeypot-sgp-1 kernel: [83748960.223404] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=165.22.56.103 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=126 ID=925 DF PROTO=TCP SPT=64082 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:11:13 honeypot-ams-1 sshd[8782]: Connection closed by invalid user User 121.128.205.161 port 51284 [preauth]","@timestamp":"2022-09-11T05:11:13.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:17:01 honeypot-fra-1 CRON[31229]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T05:17:02.265Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:17:02.115Z","@version":"1","message":"Sep 11 05:17:01 honeypot-sgp-1 CRON[5078]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:20:06 honeypot-ams-1 kernel: [83750192.154465] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=23411 DF PROTO=TCP SPT=65228 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T05:20:07.155Z"}
{"@timestamp":"2022-09-11T05:23:49.276Z","@version":"1","message":"Sep 11 05:23:49 honeypot-sgp-1 sshd[5085]: Disconnected from authenticating user root 64.225.43.245 port 59342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:01.283Z","@version":"1","message":"Sep 11 05:24:00 honeypot-sgp-1 sshd[5091]: Invalid user user from 198.98.61.9 port 59494","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:22.292Z","@version":"1","message":"Sep 11 05:24:22 honeypot-sgp-1 sshd[5096]: Invalid user user from 198.98.61.9 port 55214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:37.300Z","@version":"1","message":"Sep 11 05:24:36 honeypot-sgp-1 sshd[5100]: Received disconnect from 64.225.43.245 port 44646:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:48.306Z","@version":"1","message":"Sep 11 05:24:47 honeypot-sgp-1 sshd[5104]: Received disconnect from 198.98.61.9 port 34688:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:26:11.340Z","@version":"1","message":"Sep 11 05:26:11 honeypot-sgp-1 sshd[5110]: Received disconnect from 64.225.43.245 port 43522:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:27:32.374Z","@version":"1","message":"Sep 11 05:27:31 honeypot-sgp-1 sshd[5114]: Disconnected from invalid user ftpuser 92.255.85.70 port 28708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:29:19.418Z","@version":"1","message":"Sep 11 05:29:18 honeypot-sgp-1 sshd[5121]: Disconnected from authenticating user root 64.225.43.245 port 41194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:29:20 honeypot-fra-1 sshd[31238]: Received disconnect from 92.255.85.69 port 52218:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:29:21.532Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:29:44 honeypot-ams-1 sshd[9229]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-11T05:29:44.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:30:57 honeypot-ams-1 sshd[9232]: Disconnected from invalid user kafka 157.230.32.105 port 56104 [preauth]","@timestamp":"2022-09-11T05:30:58.447Z"}
{"@timestamp":"2022-09-11T05:31:42.478Z","@version":"1","message":"Sep 11 05:31:42 honeypot-sgp-1 sshd[5127]: Received disconnect from 64.225.43.245 port 53566:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:32:46.506Z","@version":"1","message":"Sep 11 05:32:46 honeypot-sgp-1 kernel: [83750479.527738] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.88.125.200 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=3311 DF PROTO=TCP SPT=53263 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:34:05.541Z","@version":"1","message":"Sep 11 05:34:04 honeypot-sgp-1 sshd[5134]: Received disconnect from 179.43.156.143 port 39844:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:34:30 honeypot-ams-1 kernel: [83751056.124816] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=16206 PROTO=TCP SPT=53727 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:34:30.539Z"}
{"@timestamp":"2022-09-11T05:35:25.599Z","@version":"1","message":"Sep 11 05:35:24 honeypot-sgp-1 sshd[5143]: Received disconnect from 179.43.156.143 port 34660:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:36:32.628Z","@version":"1","message":"Sep 11 05:36:32 honeypot-sgp-1 sshd[5149]: Received disconnect from 64.225.43.245 port 50084:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:36:35 honeypot-fra-1 kernel: [83749026.468485] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=200.84.200.188 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=29261 DF PROTO=TCP SPT=23924 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:36:35.686Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:37:21.650Z","@version":"1","message":"Sep 11 05:37:21 honeypot-sgp-1 sshd[5155]: Received disconnect from 64.225.43.245 port 35396:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:38:09.670Z","@version":"1","message":"Sep 11 05:38:09 honeypot-sgp-1 sshd[5159]: Disconnected from authenticating user root 64.225.43.245 port 48932 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:39:17.701Z","@version":"1","message":"Sep 11 05:39:16 honeypot-sgp-1 sshd[5165]: Invalid user nfsnobod from 179.43.156.143 port 47448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:39:55.719Z","@version":"1","message":"Sep 11 05:39:55 honeypot-sgp-1 sshd[5170]: Received disconnect from 179.43.156.143 port 44876:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:20 honeypot-fra-1 sshd[31249]: Disconnected from invalid user monitor 141.94.76.58 port 54200 [preauth]","@timestamp":"2022-09-11T05:40:20.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:43 honeypot-fra-1 sshd[31254]: Received disconnect from 141.255.162.226 port 56652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:40:43.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:45 honeypot-fra-1 sshd[31258]: Received disconnect from 141.255.162.226 port 36100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:40:45.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:41:06 honeypot-fra-1 kernel: [83749297.326394] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.33.247.52 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=55365 DF PROTO=TCP SPT=54292 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:41:06.792Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:41:17.754Z","@version":"1","message":"Sep 11 05:41:17 honeypot-sgp-1 sshd[5176]: Received disconnect from 179.43.156.143 port 39734:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:42:08.777Z","@version":"1","message":"Sep 11 05:42:08 honeypot-sgp-1 sshd[5182]: Received disconnect from 64.225.43.245 port 60176:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:43:20.809Z","@version":"1","message":"Sep 11 05:43:20 honeypot-sgp-1 sshd[5188]: Received disconnect from 179.43.156.143 port 60250:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:43:57 honeypot-ams-1 kernel: [83751623.106011] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=21361 PROTO=TCP SPT=54926 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:43:57.783Z"}
{"@timestamp":"2022-09-11T05:44:49.848Z","@version":"1","message":"Sep 11 05:44:48 honeypot-sgp-1 kernel: [83751202.278039] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64059 PROTO=TCP SPT=54926 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:46:58.903Z","@version":"1","message":"Sep 11 05:46:58 honeypot-sgp-1 sshd[5199]: Disconnected from authenticating user root 64.225.43.245 port 56694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:47:10 honeypot-fra-1 sshd[31265]: Received disconnect from 164.92.154.145 port 39272:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:47:10.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:48:37.945Z","@version":"1","message":"Sep 11 05:48:37 honeypot-sgp-1 sshd[5205]: Disconnected from authenticating user root 64.225.43.245 port 55538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:50:25.991Z","@version":"1","message":"Sep 11 05:50:25 honeypot-sgp-1 sshd[5212]: Invalid user iku from 119.92.70.82 port 54888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:50:31 honeypot-fra-1 sshd[31268]: Disconnected from invalid user testuser 34.78.205.135 port 50229 [preauth]","@timestamp":"2022-09-11T05:50:32.003Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:51:04.009Z","@version":"1","message":"Sep 11 05:51:03 honeypot-sgp-1 sshd[5216]: Received disconnect from 64.225.43.245 port 39680:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:52:56 honeypot-fra-1 sshd[31272]: Disconnected from invalid user annie-zhang 187.230.139.33 port 54497 [preauth]","@timestamp":"2022-09-11T05:52:57.060Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:53:28.067Z","@version":"1","message":"Sep 11 05:53:27 honeypot-sgp-1 sshd[5222]: Received disconnect from 64.225.43.245 port 52058:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:55:01.107Z","@version":"1","message":"Sep 11 05:55:00 honeypot-sgp-1 kernel: [83751813.613711] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=61.140.176.26 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29936 DF PROTO=TCP SPT=34722 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:56:39 honeypot-ams-1 sshd[9247]: Received disconnect from 92.255.85.70 port 59100:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:56:40.110Z"}
{"@timestamp":"2022-09-11T05:56:42.149Z","@version":"1","message":"Sep 11 05:56:41 honeypot-sgp-1 sshd[5231]: Received disconnect from 64.225.43.245 port 49736:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:58:34.195Z","@version":"1","message":"Sep 11 05:58:33 honeypot-sgp-1 sshd[5237]: Invalid user wolfgang from 165.227.236.118 port 56350","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:59:57.229Z","@version":"1","message":"Sep 11 05:59:56 honeypot-sgp-1 sshd[5241]: Disconnected from authenticating user root 64.225.43.245 port 47416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:01:20 honeypot-ams-1 sshd[9249]: Disconnected from invalid user wup 107.189.10.112 port 56394 [preauth]","@timestamp":"2022-09-11T06:01:20.230Z"}
{"@timestamp":"2022-09-11T06:02:23.292Z","@version":"1","message":"Sep 11 06:02:23 honeypot-sgp-1 sshd[5248]: Received disconnect from 64.225.43.245 port 59864:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:02:54 honeypot-fra-1 sshd[31278]: Did not receive identification string from 45.61.187.160 port 43582","@timestamp":"2022-09-11T06:02:54.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:28 honeypot-fra-1 sshd[31281]: Disconnected from invalid user user 45.61.187.160 port 43080 [preauth]","@timestamp":"2022-09-11T06:03:29.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:46 honeypot-fra-1 sshd[31285]: Disconnected from invalid user user 45.61.187.160 port 37596 [preauth]","@timestamp":"2022-09-11T06:03:46.302Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:04:01.334Z","@version":"1","message":"Sep 11 06:04:00 honeypot-sgp-1 sshd[5252]: Disconnected from authenticating user root 64.225.43.245 port 58706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:04:02 honeypot-fra-1 sshd[31289]: Disconnected from invalid user user 45.61.187.160 port 60354 [preauth]","@timestamp":"2022-09-11T06:04:03.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:04:10 honeypot-fra-1 sshd[31293]: Disconnected from invalid user user 45.61.187.160 port 43482 [preauth]","@timestamp":"2022-09-11T06:04:11.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:05:55 honeypot-fra-1 sshd[31298]: Received disconnect from 198.98.61.9 port 49812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:05:55.355Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:06:10.390Z","@version":"1","message":"Sep 11 06:06:09 honeypot-sgp-1 sshd[5259]: Invalid user qg from 178.62.34.139 port 42572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:17 honeypot-fra-1 sshd[31302]: Received disconnect from 198.98.61.9 port 44714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:06:17.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:35 honeypot-fra-1 sshd[31306]: Received disconnect from 198.98.61.9 port 39620:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:06:36.373Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:07:15.418Z","@version":"1","message":"Sep 11 06:07:15 honeypot-sgp-1 sshd[5264]: Disconnected from authenticating user root 64.225.43.245 port 56382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:07:53 honeypot-ams-1 kernel: [83753058.881729] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.221.190.104 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=35541 PROTO=TCP SPT=45449 DPT=80 WINDOW=32350 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:07:53.400Z"}
{"@timestamp":"2022-09-11T06:08:55.462Z","@version":"1","message":"Sep 11 06:08:54 honeypot-sgp-1 sshd[5270]: Received disconnect from 64.225.43.245 port 55222:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:08:59 honeypot-fra-1 sshd[31311]: Did not receive identification string from 128.199.96.88 port 61000","@timestamp":"2022-09-11T06:09:00.424Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:10:33.504Z","@version":"1","message":"Sep 11 06:10:33 honeypot-sgp-1 sshd[5274]: Disconnected from authenticating user root 64.225.43.245 port 54060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:11:27.530Z","@version":"1","message":"Sep 11 06:11:27 honeypot-sgp-1 sshd[5280]: Invalid user weblogic from 43.154.190.157 port 53446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:13:01.569Z","@version":"1","message":"Sep 11 06:13:01 honeypot-sgp-1 sshd[5285]: Disconnected from authenticating user root 64.225.43.245 port 38206 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:14:38.612Z","@version":"1","message":"Sep 11 06:14:37 honeypot-sgp-1 sshd[5291]: Received disconnect from 64.225.43.245 port 37046:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:15:23 honeypot-fra-1 sshd[31407]: Invalid user User from 182.70.118.41 port 57500","@timestamp":"2022-09-11T06:15:24.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:17:01 honeypot-fra-1 CRON[31411]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T06:17:01.610Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:17:01.672Z","@version":"1","message":"Sep 11 06:17:01 honeypot-sgp-1 CRON[5297]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:17:01 honeypot-ams-1 CRON[9257]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T06:17:02.636Z"}
{"@timestamp":"2022-09-11T06:18:24.712Z","@version":"1","message":"Sep 11 06:18:23 honeypot-sgp-1 sshd[5304]: Received disconnect from 45.61.187.160 port 53952:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:18:42.720Z","@version":"1","message":"Sep 11 06:18:42 honeypot-sgp-1 sshd[5308]: Received disconnect from 45.61.187.160 port 49078:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:19:00.729Z","@version":"1","message":"Sep 11 06:19:00 honeypot-sgp-1 sshd[5312]: Received disconnect from 45.61.187.160 port 44216:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:19:17.737Z","@version":"1","message":"Sep 11 06:19:16 honeypot-sgp-1 sshd[5316]: Received disconnect from 45.61.187.160 port 39264:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:19:49 honeypot-ams-1 sshd[9262]: Invalid user wp-admin from 64.227.98.3 port 59618","@timestamp":"2022-09-11T06:19:49.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:23:33 honeypot-fra-1 sshd[31417]: Disconnected from invalid user rp1999a 8.213.17.47 port 36474 [preauth]","@timestamp":"2022-09-11T06:23:33.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:25:05 honeypot-ams-1 CRON[9267]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T06:25:05.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:19 honeypot-ams-1 sshd[9436]: Disconnected from invalid user user 141.255.162.226 port 59514 [preauth]","@timestamp":"2022-09-11T06:31:20.010Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:22 honeypot-ams-1 sshd[9440]: Disconnected from invalid user user 141.255.162.226 port 38556 [preauth]","@timestamp":"2022-09-11T06:31:23.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:24 honeypot-ams-1 sshd[9444]: Disconnected from invalid user user 141.255.162.226 port 60356 [preauth]","@timestamp":"2022-09-11T06:31:25.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:31:34 honeypot-fra-1 sshd[31562]: Did not receive identification string from 198.98.61.9 port 50848","@timestamp":"2022-09-11T06:31:34.987Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:31:53.049Z","@version":"1","message":"Sep 11 06:31:52 honeypot-sgp-1 kernel: [83754025.708607] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.198.79.96 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65291 PROTO=TCP SPT=54944 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:31:56 honeypot-fra-1 sshd[31565]: Disconnected from invalid user user 198.98.61.9 port 51178 [preauth]","@timestamp":"2022-09-11T06:31:56.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:16 honeypot-fra-1 sshd[31569]: Disconnected from invalid user user 198.98.61.9 port 46360 [preauth]","@timestamp":"2022-09-11T06:32:17.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:33 honeypot-fra-1 sshd[31573]: Disconnected from invalid user user 198.98.61.9 port 41546 [preauth]","@timestamp":"2022-09-11T06:32:34.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:37:40 honeypot-fra-1 sshd[31579]: Invalid user katrin from 165.22.45.108 port 53268","@timestamp":"2022-09-11T06:37:41.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:38:14 honeypot-ams-1 sshd[9449]: Connection closed by invalid user pi 78.70.114.29 port 57688 [preauth]","@timestamp":"2022-09-11T06:38:15.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:42:33 honeypot-ams-1 sshd[9453]: Disconnected from invalid user test1 92.255.85.69 port 44122 [preauth]","@timestamp":"2022-09-11T06:42:34.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:42:37 honeypot-fra-1 sshd[31584]: Invalid user florian from 138.197.19.166 port 55508","@timestamp":"2022-09-11T06:42:37.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:47:02 honeypot-fra-1 CRON[31588]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T06:47:02.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:47:02.429Z","@version":"1","message":"Sep 11 06:47:01 honeypot-sgp-1 CRON[5571]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:50:36 honeypot-ams-1 sshd[9477]: Invalid user zabbix from 167.172.86.212 port 42462","@timestamp":"2022-09-11T06:50:37.511Z"}
{"@timestamp":"2022-09-11T06:50:41.520Z","@version":"1","message":"Sep 11 06:50:40 honeypot-sgp-1 sshd[5593]: Received disconnect from 45.61.187.160 port 34444:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:50:58.528Z","@version":"1","message":"Sep 11 06:50:58 honeypot-sgp-1 sshd[5597]: Received disconnect from 45.61.187.160 port 57002:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:15.537Z","@version":"1","message":"Sep 11 06:51:15 honeypot-sgp-1 sshd[5601]: Received disconnect from 45.61.187.160 port 51340:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:31.545Z","@version":"1","message":"Sep 11 06:51:31 honeypot-sgp-1 sshd[5605]: Received disconnect from 45.61.187.160 port 45676:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:52:46 honeypot-fra-1 kernel: [83753597.574410] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=218.55.63.134 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=28510 PROTO=TCP SPT=19505 DPT=443 WINDOW=8273 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:52:47.461Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:55:44 honeypot-ams-1 kernel: [83755930.051875] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.146.63.210 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=196 DF PROTO=TCP SPT=56817 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:55:44.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:58:59 honeypot-fra-1 sshd[31614]: Disconnected from authenticating user root 45.240.88.36 port 44384 [preauth]","@timestamp":"2022-09-11T06:59:00.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:02:21 honeypot-fra-1 sshd[31620]: Invalid user csc from 221.216.95.120 port 45079","@timestamp":"2022-09-11T07:02:22.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:04:16 honeypot-fra-1 sshd[31622]: Disconnected from invalid user test1 92.255.85.70 port 22410 [preauth]","@timestamp":"2022-09-11T07:04:17.711Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:06:12 honeypot-ams-1 sshd[9575]: Invalid user test1 from 92.255.85.70 port 41270","@timestamp":"2022-09-11T07:06:12.927Z"}
{"@timestamp":"2022-09-11T07:09:49.993Z","@version":"1","message":"Sep 11 07:09:49 honeypot-sgp-1 sshd[5611]: Did not receive identification string from 45.61.187.160 port 47924","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:14.006Z","@version":"1","message":"Sep 11 07:10:13 honeypot-sgp-1 sshd[5614]: Disconnected from invalid user user 45.61.187.160 port 37328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:31.014Z","@version":"1","message":"Sep 11 07:10:30 honeypot-sgp-1 sshd[5618]: Disconnected from invalid user user 45.61.187.160 port 32962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:48.022Z","@version":"1","message":"Sep 11 07:10:47 honeypot-sgp-1 sshd[5622]: Disconnected from invalid user user 45.61.187.160 port 56828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:37 honeypot-fra-1 sshd[31628]: Received disconnect from 45.61.186.169 port 40022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:12:37.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:54 honeypot-fra-1 sshd[31632]: Received disconnect from 45.61.186.169 port 35020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:12:55.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:11 honeypot-fra-1 sshd[31636]: Received disconnect from 45.61.186.169 port 58266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:13:11.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:26 honeypot-fra-1 sshd[31640]: Received disconnect from 45.61.186.169 port 53298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:13:27.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:15:02.122Z","@version":"1","message":"Sep 11 07:15:01 honeypot-sgp-1 sshd[5629]: Received disconnect from 161.35.112.155 port 50622:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:16:27.159Z","@version":"1","message":"Sep 11 07:16:26 honeypot-sgp-1 sshd[5633]: Disconnected from invalid user teste 104.248.181.156 port 48674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:17:01 honeypot-fra-1 CRON[31645]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T07:17:01.998Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:17:02.176Z","@version":"1","message":"Sep 11 07:17:01 honeypot-sgp-1 CRON[5639]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:17:01 honeypot-ams-1 CRON[9579]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T07:17:02.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:43 honeypot-fra-1 sshd[31652]: Invalid user esuser from 43.138.12.15 port 37080","@timestamp":"2022-09-11T07:18:44.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31652]: Connection closed by invalid user esuser 43.138.12.15 port 37080 [preauth]","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31660]: Invalid user steam from 43.138.12.15 port 37082","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:45 honeypot-fra-1 sshd[31657]: Connection closed by invalid user vagrant 43.138.12.15 port 37110 [preauth]","@timestamp":"2022-09-11T07:18:46.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31673]: Invalid user user from 43.138.12.15 port 37114","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31690]: Connection closed by invalid user postgres 43.138.12.15 port 37152 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31676]: Invalid user mcsrv from 43.138.12.15 port 37084","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31673]: Connection closed by invalid user user 43.138.12.15 port 37114 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31678]: Connection closed by invalid user esuser 43.138.12.15 port 37112 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31675]: Connection closed by invalid user ec2 43.138.12.15 port 37108 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31688]: Connection closed by invalid user user 43.138.12.15 port 37132 [preauth]","@timestamp":"2022-09-11T07:18:49.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:49 honeypot-fra-1 sshd[31684]: Connection closed by invalid user ubuntu 43.138.12.15 port 37124 [preauth]","@timestamp":"2022-09-11T07:18:50.045Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:21:56.293Z","@version":"1","message":"Sep 11 07:21:55 honeypot-sgp-1 sshd[5647]: Invalid user raju from 147.182.189.140 port 33654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:26:57.414Z","@version":"1","message":"Sep 11 07:26:57 honeypot-sgp-1 sshd[5653]: Did not receive identification string from 45.61.184.204 port 53280","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:27:39.433Z","@version":"1","message":"Sep 11 07:27:38 honeypot-sgp-1 sshd[5656]: Disconnected from invalid user user 45.61.184.204 port 58406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:00.443Z","@version":"1","message":"Sep 11 07:28:00 honeypot-sgp-1 sshd[5660]: Disconnected from invalid user user 45.61.184.204 port 53916 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:18.452Z","@version":"1","message":"Sep 11 07:28:18 honeypot-sgp-1 sshd[5664]: Disconnected from invalid user user 45.61.184.204 port 49462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:28:24 honeypot-fra-1 sshd[31722]: Disconnected from invalid user test1 92.255.85.69 port 58188 [preauth]","@timestamp":"2022-09-11T07:28:25.268Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:28:48 honeypot-ams-1 sshd[9585]: Connection closed by invalid user test 193.106.191.157 port 57096 [preauth]","@timestamp":"2022-09-11T07:28:48.510Z"}
{"@timestamp":"2022-09-11T07:31:01.521Z","@version":"1","message":"Sep 11 07:31:01 honeypot-sgp-1 kernel: [83757574.360393] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.142.169.22 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=35546 DF PROTO=TCP SPT=42292 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:31:10 honeypot-ams-1 sshd[9591]: Invalid user user from 103.188.176.251 port 59886","@timestamp":"2022-09-11T07:31:11.576Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:43:02 honeypot-fra-1 kernel: [83756613.404028] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=168.232.14.86 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=50773 DF PROTO=TCP SPT=51524 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:43:02.596Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:47:55 honeypot-ams-1 sshd[9597]: Received disconnect from 45.61.186.249 port 57108:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:47:56.011Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:15 honeypot-ams-1 sshd[9601]: Received disconnect from 45.61.186.249 port 51818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:48:16.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:32 honeypot-ams-1 sshd[9605]: Received disconnect from 45.61.186.249 port 46494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:48:33.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:49 honeypot-ams-1 sshd[9609]: Received disconnect from 45.61.186.249 port 41162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:48:50.040Z"}
{"@timestamp":"2022-09-11T07:49:12.960Z","@version":"1","message":"Sep 11 07:49:12 honeypot-sgp-1 sshd[5673]: Invalid user test1 from 92.255.85.70 port 55814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:50:35 honeypot-fra-1 sshd[31733]: Did not receive identification string from 83.137.158.10 port 42793","@timestamp":"2022-09-11T07:50:35.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:52:21 honeypot-fra-1 kernel: [83757171.860727] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=60.212.157.173 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=25971 PROTO=TCP SPT=57785 DPT=80 WINDOW=64161 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:52:21.809Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:53:53 honeypot-ams-1 sshd[9614]: Disconnected from invalid user test1 92.255.85.70 port 62808 [preauth]","@timestamp":"2022-09-11T07:53:54.172Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:56:27 honeypot-fra-1 sshd[31742]: Invalid user test from 193.106.191.157 port 54248","@timestamp":"2022-09-11T07:56:27.906Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:59:21 honeypot-fra-1 sshd[31747]: Received disconnect from 178.217.102.225 port 52376:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:59:21.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:01:11.244Z","@version":"1","message":"Sep 11 08:01:11 honeypot-sgp-1 sshd[5679]: Invalid user tb from 58.246.125.198 port 32815","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:04:36 honeypot-ams-1 sshd[9619]: Disconnected from authenticating user root 167.172.152.18 port 44898 [preauth]","@timestamp":"2022-09-11T08:04:37.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:05:57 honeypot-ams-1 sshd[9625]: Disconnected from authenticating user root 167.172.152.18 port 44716 [preauth]","@timestamp":"2022-09-11T08:05:58.493Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:07:14 honeypot-ams-1 sshd[9631]: Disconnected from authenticating user root 167.172.152.18 port 46144 [preauth]","@timestamp":"2022-09-11T08:07:15.529Z"}
{"@timestamp":"2022-09-11T08:08:19.417Z","@version":"1","message":"Sep 11 08:08:19 honeypot-sgp-1 kernel: [83759812.541329] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=55203 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:08:30 honeypot-ams-1 sshd[9638]: Invalid user user from 167.172.152.18 port 46714","@timestamp":"2022-09-11T08:08:30.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:09:20 honeypot-ams-1 sshd[9642]: Invalid user postgres from 167.172.152.18 port 56558","@timestamp":"2022-09-11T08:09:21.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:10:11 honeypot-ams-1 sshd[9647]: Invalid user gituser from 167.172.152.18 port 38346","@timestamp":"2022-09-11T08:10:11.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:11:01 honeypot-ams-1 sshd[9651]: Invalid user ansible from 167.172.152.18 port 48870","@timestamp":"2022-09-11T08:11:01.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:11:50 honeypot-ams-1 sshd[9655]: Invalid user test from 167.172.152.18 port 57792","@timestamp":"2022-09-11T08:11:50.664Z"}
{"@timestamp":"2022-09-11T08:12:15.517Z","@version":"1","message":"Sep 11 08:12:15 honeypot-sgp-1 sshd[5685]: Received disconnect from 45.61.184.204 port 41908:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:12:34.530Z","@version":"1","message":"Sep 11 08:12:34 honeypot-sgp-1 sshd[5689]: Received disconnect from 45.61.184.204 port 37436:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:12:40 honeypot-ams-1 sshd[9659]: Invalid user demo from 167.172.152.18 port 39326","@timestamp":"2022-09-11T08:12:40.692Z"}
{"@timestamp":"2022-09-11T08:12:46.536Z","@version":"1","message":"Sep 11 08:12:46 honeypot-sgp-1 sshd[5693]: Received disconnect from 92.255.85.70 port 47536:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:13:02.543Z","@version":"1","message":"Sep 11 08:13:01 honeypot-sgp-1 sshd[5697]: Received disconnect from 45.61.184.204 port 44902:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:13:30 honeypot-ams-1 sshd[9663]: Invalid user jenkins from 167.172.152.18 port 49078","@timestamp":"2022-09-11T08:13:30.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:13:50 honeypot-fra-1 sshd[31775]: Connection closed by 94.102.61.20 port 34612 [preauth]","@timestamp":"2022-09-11T08:13:51.303Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:14:20 honeypot-ams-1 sshd[9667]: Invalid user ftpadmin from 167.172.152.18 port 59016","@timestamp":"2022-09-11T08:14:20.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:15:10 honeypot-ams-1 sshd[9672]: Invalid user svn from 167.172.152.18 port 40598","@timestamp":"2022-09-11T08:15:10.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:16:01 honeypot-ams-1 sshd[9676]: Invalid user www from 167.172.152.18 port 50408","@timestamp":"2022-09-11T08:16:01.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:16:52 honeypot-ams-1 sshd[9680]: Invalid user db2inst1 from 167.172.152.18 port 60068","@timestamp":"2022-09-11T08:16:53.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:17:01 honeypot-fra-1 CRON[31779]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T08:17:01.377Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:17:01.638Z","@version":"1","message":"Sep 11 08:17:01 honeypot-sgp-1 CRON[5702]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:18:02 honeypot-ams-1 sshd[9685]: Received disconnect from 92.255.85.69 port 60934:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:18:02.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:23:03 honeypot-ams-1 sshd[9688]: Disconnected from invalid user arma3server 203.128.242.166 port 58612 [preauth]","@timestamp":"2022-09-11T08:23:03.971Z"}
{"@timestamp":"2022-09-11T08:29:15.937Z","@version":"1","message":"Sep 11 08:29:14 honeypot-sgp-1 sshd[5726]: Received disconnect from 186.10.86.130 port 51498:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:30:35 honeypot-fra-1 kernel: [83759466.014333] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33184 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:30:35.704Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:33:56 honeypot-ams-1 sshd[9708]: Received disconnect from 182.52.90.164 port 44264:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:33:56.252Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:35:26 honeypot-fra-1 kernel: [83759757.057376] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=48600 PROTO=TCP SPT=46584 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:35:26.812Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:37:49 honeypot-ams-1 sshd[9711]: Disconnected from invalid user rstudio-server 143.198.45.196 port 53044 [preauth]","@timestamp":"2022-09-11T08:37:49.352Z"}
{"@timestamp":"2022-09-11T08:39:02.171Z","@version":"1","message":"Sep 11 08:39:02 honeypot-sgp-1 sshd[5731]: Invalid user garv from 27.1.253.142 port 50142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:41:35 honeypot-ams-1 sshd[9717]: Invalid user test1 from 92.255.85.70 port 30256","@timestamp":"2022-09-11T08:41:35.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:32 honeypot-ams-1 sshd[9721]: Received disconnect from 45.61.186.169 port 51500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:43:32.510Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:48 honeypot-ams-1 sshd[9725]: Received disconnect from 45.61.186.169 port 46646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:43:49.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:44:04 honeypot-ams-1 sshd[9729]: Received disconnect from 45.61.186.169 port 41798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:44:05.528Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:44:13 honeypot-ams-1 kernel: [83762439.584445] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=29669 DF PROTO=TCP SPT=9797 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T08:44:14.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:44:53 honeypot-fra-1 sshd[31792]: Invalid user db2as from 119.17.253.250 port 36078","@timestamp":"2022-09-11T08:44:54.024Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:45:27 honeypot-fra-1 kernel: [83760357.940435] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.98.104.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=9298 PROTO=TCP SPT=48337 DPT=443 WINDOW=5960 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:45:28.040Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T08:46:48.352Z","@version":"1","message":"Sep 11 08:46:48 honeypot-sgp-1 sshd[5736]: Invalid user voz from 1.220.185.149 port 34978","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:49:22 honeypot-fra-1 sshd[31798]: Disconnected from authenticating user root 161.35.113.188 port 44400 [preauth]","@timestamp":"2022-09-11T08:49:23.126Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:50:40 honeypot-fra-1 sshd[31803]: Disconnected from invalid user iv 189.29.171.10 port 60024 [preauth]","@timestamp":"2022-09-11T08:50:41.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:52:13 honeypot-ams-1 kernel: [83762919.098977] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53085 PROTO=TCP SPT=54145 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:52:13.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:01:52 honeypot-fra-1 sshd[31808]: Received disconnect from 92.255.85.69 port 22458:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:01:53.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:03:10.734Z","@version":"1","message":"Sep 11 09:03:10 honeypot-sgp-1 kernel: [83763103.446589] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=38253 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:04:26 honeypot-ams-1 sshd[9741]: Disconnected from invalid user test1 92.255.85.69 port 45298 [preauth]","@timestamp":"2022-09-11T09:04:26.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:12 honeypot-fra-1 sshd[31814]: Invalid user user from 45.61.186.49 port 40368","@timestamp":"2022-09-11T09:05:13.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:21 honeypot-fra-1 sshd[31818]: Invalid user user from 45.61.186.49 port 52122","@timestamp":"2022-09-11T09:05:21.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:07:02 honeypot-ams-1 sshd[9749]: Received disconnect from 167.172.152.18 port 33352:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:07:03.139Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:07:55 honeypot-ams-1 sshd[9753]: Disconnected from authenticating user root 167.172.152.18 port 41874 [preauth]","@timestamp":"2022-09-11T09:07:55.164Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:08:09 honeypot-fra-1 kernel: [83761720.109227] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33328 PROTO=TCP SPT=46803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:08:09.561Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T09:08:12.860Z","@version":"1","message":"Sep 11 09:08:12 honeypot-sgp-1 kernel: [83763405.191970] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=38253 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:09:10 honeypot-ams-1 sshd[9759]: Received disconnect from 167.172.152.18 port 40426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:09:11.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:10:01 honeypot-ams-1 sshd[9763]: Disconnected from invalid user user 167.172.152.18 port 49120 [preauth]","@timestamp":"2022-09-11T09:10:02.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:10:52 honeypot-ams-1 sshd[9768]: Disconnected from invalid user postgres 167.172.152.18 port 57422 [preauth]","@timestamp":"2022-09-11T09:10:52.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:11:42 honeypot-ams-1 sshd[9782]: Invalid user gituser from 167.172.152.18 port 37712","@timestamp":"2022-09-11T09:11:43.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:07 honeypot-ams-1 sshd[9786]: Invalid user odoo from 167.172.152.18 port 56068","@timestamp":"2022-09-11T09:12:08.287Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:18 honeypot-ams-1 sshd[9790]: Invalid user user from 45.61.187.160 port 34690","@timestamp":"2022-09-11T09:12:19.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:32 honeypot-ams-1 sshd[9794]: Invalid user ansible from 167.172.152.18 port 46112","@timestamp":"2022-09-11T09:12:33.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:43 honeypot-ams-1 sshd[9798]: Invalid user user from 45.61.187.160 port 40926","@timestamp":"2022-09-11T09:12:43.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:57 honeypot-ams-1 sshd[9802]: Invalid user ec2-user from 167.172.152.18 port 36288","@timestamp":"2022-09-11T09:12:58.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:13:28 honeypot-ams-1 sshd[9806]: Invalid user monitor from 185.126.8.102 port 51848","@timestamp":"2022-09-11T09:13:29.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:14:12 honeypot-ams-1 sshd[9810]: Invalid user demo from 167.172.152.18 port 34912","@timestamp":"2022-09-11T09:14:12.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:15:02 honeypot-ams-1 sshd[9814]: Invalid user jenkins from 167.172.152.18 port 43336","@timestamp":"2022-09-11T09:15:03.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:15:52 honeypot-ams-1 sshd[9818]: Invalid user ftpadmin from 167.172.152.18 port 51830","@timestamp":"2022-09-11T09:15:53.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:16:42 honeypot-ams-1 sshd[9824]: Invalid user svn from 167.172.152.18 port 60326","@timestamp":"2022-09-11T09:16:43.423Z"}
{"@timestamp":"2022-09-11T09:17:02.069Z","@version":"1","message":"Sep 11 09:17:01 honeypot-sgp-1 CRON[5746]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:17:08 honeypot-ams-1 sshd[9829]: Invalid user student from 167.172.152.18 port 50414","@timestamp":"2022-09-11T09:17:09.437Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:18:00 honeypot-ams-1 sshd[9833]: Invalid user weblogic from 167.172.152.18 port 58888","@timestamp":"2022-09-11T09:18:00.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:12 honeypot-fra-1 sshd[31828]: Did not receive identification string from 141.255.162.226 port 37468","@timestamp":"2022-09-11T09:18:12.780Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:18:26 honeypot-ams-1 sshd[9837]: Invalid user db2inst1 from 167.172.152.18 port 49112","@timestamp":"2022-09-11T09:18:26.475Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:28 honeypot-fra-1 sshd[31831]: Disconnected from invalid user user 141.255.162.226 port 50126 [preauth]","@timestamp":"2022-09-11T09:18:28.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:31 honeypot-fra-1 sshd[31835]: Disconnected from invalid user user 141.255.162.226 port 43088 [preauth]","@timestamp":"2022-09-11T09:18:32.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:36 honeypot-fra-1 sshd[31839]: Disconnected from invalid user user 141.255.162.226 port 50164 [preauth]","@timestamp":"2022-09-11T09:18:36.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:23:09 honeypot-fra-1 sshd[31846]: Received disconnect from 178.128.72.150 port 57386:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:23:09.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:23:58 honeypot-fra-1 sshd[31850]: Received disconnect from 178.128.72.150 port 55994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:23:58.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:24:23 honeypot-fra-1 sshd[31854]: Received disconnect from 178.128.72.150 port 41198:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:24:23.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:10 honeypot-fra-1 sshd[31858]: Received disconnect from 178.128.72.150 port 39814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:25:10.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:44 honeypot-fra-1 sshd[31862]: Received disconnect from 92.255.85.70 port 51818:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:25:44.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:26:22 honeypot-fra-1 sshd[31866]: Invalid user cat from 178.128.72.150 port 51834","@timestamp":"2022-09-11T09:26:22.977Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:27:09 honeypot-fra-1 sshd[31870]: Invalid user chiara from 178.128.72.150 port 50468","@timestamp":"2022-09-11T09:27:09.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:27:57 honeypot-fra-1 sshd[31875]: Invalid user claude from 178.128.72.150 port 49054","@timestamp":"2022-09-11T09:27:58.017Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:28:03 honeypot-ams-1 sshd[9840]: Invalid user test2 from 92.255.85.69 port 31476","@timestamp":"2022-09-11T09:28:04.744Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:28:21 honeypot-fra-1 sshd[31879]: Invalid user cora from 178.128.72.150 port 34240","@timestamp":"2022-09-11T09:28:22.032Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:29:10 honeypot-fra-1 sshd[31883]: Invalid user denise from 178.128.72.150 port 32854","@timestamp":"2022-09-11T09:29:11.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:29:57 honeypot-fra-1 sshd[31887]: Invalid user music from 178.128.72.150 port 59690","@timestamp":"2022-09-11T09:29:58.071Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:30:22 honeypot-fra-1 sshd[31889]: Disconnected from invalid user rap 178.128.72.150 port 44882 [preauth]","@timestamp":"2022-09-11T09:30:22.083Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:36:50.548Z","@version":"1","message":"Sep 11 09:36:50 honeypot-sgp-1 sshd[5753]: Disconnected from invalid user sio 159.223.217.44 port 45246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:37:58 honeypot-ams-1 kernel: [83765664.570932] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=57900 PROTO=TCP SPT=50804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:37:59.000Z"}
{"@timestamp":"2022-09-11T09:42:09.674Z","@version":"1","message":"Sep 11 09:42:09 honeypot-sgp-1 sshd[5761]: Received disconnect from 170.210.203.212 port 49099:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:45:36 honeypot-fra-1 sshd[31899]: Invalid user admin from 45.148.122.228 port 41150","@timestamp":"2022-09-11T09:45:36.422Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:49:40 honeypot-ams-1 kernel: [83766366.421863] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=19520 PROTO=TCP SPT=45116 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:49:41.303Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:50:40 honeypot-fra-1 kernel: [83764270.734167] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.31 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46090 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:50:40.537Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T09:50:46.878Z","@version":"1","message":"Sep 11 09:50:46 honeypot-sgp-1 kernel: [83765959.915789] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.233 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45907 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:52:34 honeypot-fra-1 sshd[31907]: Received disconnect from 163.172.251.68 port 58840:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:52:34.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:53:10 honeypot-fra-1 sshd[31911]: Received disconnect from 163.172.251.68 port 28636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:53:10.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:53:45 honeypot-fra-1 sshd[31915]: Received disconnect from 163.172.251.68 port 54942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:53:46.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:21 honeypot-fra-1 sshd[31919]: Received disconnect from 163.172.251.68 port 24746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:54:22.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:57 honeypot-fra-1 sshd[31923]: Received disconnect from 163.172.251.68 port 51054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:54:57.643Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:54:58 honeypot-ams-1 sshd[9852]: Received disconnect from 128.199.129.68 port 40192:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:54:58.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:55:33 honeypot-fra-1 sshd[31927]: Disconnected from authenticating user root 163.172.251.68 port 20858 [preauth]","@timestamp":"2022-09-11T09:55:33.660Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:56:10 honeypot-fra-1 sshd[31932]: Disconnected from invalid user user 163.172.251.68 port 47160 [preauth]","@timestamp":"2022-09-11T09:56:10.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:57:14 honeypot-ams-1 sshd[9856]: Disconnected from authenticating user backup 220.205.122.4 port 59192 [preauth]","@timestamp":"2022-09-11T09:57:14.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:57:27 honeypot-fra-1 sshd[31936]: Received disconnect from 165.22.45.108 port 53752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:57:27.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:01:49 honeypot-fra-1 sshd[31941]: Received disconnect from 179.221.221.78 port 34304:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:01:49.829Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:07:18 honeypot-ams-1 sshd[9860]: Connection closed by invalid user prueba 103.188.176.251 port 47502 [preauth]","@timestamp":"2022-09-11T10:07:19.763Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:08:40 honeypot-fra-1 sshd[31946]: Invalid user test from 193.106.191.157 port 49538","@timestamp":"2022-09-11T10:08:40.983Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:09:48.341Z","@version":"1","message":"Sep 11 10:09:47 honeypot-sgp-1 sshd[5844]: Disconnected from authenticating user root 92.255.85.69 port 38908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:11:37.389Z","@version":"1","message":"Sep 11 10:11:36 honeypot-sgp-1 kernel: [83767209.659544] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=27872 DF PROTO=TCP SPT=28896 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:12:42 honeypot-fra-1 sshd[31955]: Disconnected from authenticating user root 92.255.85.69 port 59866 [preauth]","@timestamp":"2022-09-11T10:12:43.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:16:33 honeypot-fra-1 sshd[31961]: Disconnected from authenticating user root 61.177.173.37 port 28448 [preauth]","@timestamp":"2022-09-11T10:16:34.165Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:16:45.516Z","@version":"1","message":"Sep 11 10:16:44 honeypot-sgp-1 sshd[5857]: Did not receive identification string from 45.61.186.249 port 49006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:17:01 honeypot-ams-1 CRON[9866]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T10:17:02.013Z"}
{"@timestamp":"2022-09-11T10:17:28.537Z","@version":"1","message":"Sep 11 10:17:28 honeypot-sgp-1 sshd[5863]: Invalid user user from 45.61.186.249 port 34506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:17:48.548Z","@version":"1","message":"Sep 11 10:17:48 honeypot-sgp-1 sshd[5868]: Invalid user user from 45.61.186.249 port 57628","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:18:06.557Z","@version":"1","message":"Sep 11 10:18:06 honeypot-sgp-1 sshd[5872]: Invalid user user from 45.61.186.249 port 52510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:18:15 honeypot-fra-1 sshd[31967]: Disconnected from invalid user deploy 81.169.137.181 port 55140 [preauth]","@timestamp":"2022-09-11T10:18:16.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:19:00 honeypot-fra-1 sshd[31973]: Received disconnect from 81.169.137.181 port 40282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:19:01.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:20:25 honeypot-fra-1 sshd[31977]: Received disconnect from 81.169.137.181 port 38822:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:20:26.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:21:46 honeypot-fra-1 sshd[31982]: Invalid user vic from 81.169.137.181 port 37424","@timestamp":"2022-09-11T10:21:47.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:22:25 honeypot-fra-1 sshd[31986]: Invalid user weblogic from 81.169.137.181 port 50736","@timestamp":"2022-09-11T10:22:25.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31993]: Invalid user mcserv from 185.209.179.41 port 45170","@timestamp":"2022-09-11T10:23:16.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31993]: Connection closed by invalid user mcserv 185.209.179.41 port 45170 [preauth]","@timestamp":"2022-09-11T10:23:16.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31998]: Invalid user mcsv from 185.209.179.41 port 45114","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31991]: Connection closed by invalid user es 185.209.179.41 port 45144 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31998]: Connection closed by invalid user mcsv 185.209.179.41 port 45114 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32022]: Invalid user ubuntu from 185.209.179.41 port 45142","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32022]: Connection closed by invalid user ubuntu 185.209.179.41 port 45142 [preauth]","@timestamp":"2022-09-11T10:23:18.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:19 honeypot-fra-1 sshd[32036]: Invalid user devops from 185.209.179.41 port 45184","@timestamp":"2022-09-11T10:23:19.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:19 honeypot-fra-1 sshd[32039]: Connection closed by invalid user ansible 185.209.179.41 port 45164 [preauth]","@timestamp":"2022-09-11T10:23:20.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:42 honeypot-fra-1 sshd[32046]: Received disconnect from 81.169.137.181 port 49268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:23:42.341Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:24:58.718Z","@version":"1","message":"Sep 11 10:24:58 honeypot-sgp-1 kernel: [83768011.756860] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=182.139.135.66 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=35335 DF PROTO=TCP SPT=24428 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:24:58 honeypot-fra-1 sshd[32050]: Disconnected from invalid user view 81.169.137.181 port 47780 [preauth]","@timestamp":"2022-09-11T10:24:59.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:26:17 honeypot-fra-1 sshd[32056]: Disconnected from invalid user vftpuser 81.169.137.181 port 46308 [preauth]","@timestamp":"2022-09-11T10:26:18.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:27:34 honeypot-fra-1 sshd[32061]: Received disconnect from 81.169.137.181 port 44854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:27:35.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:28:43 honeypot-fra-1 sshd[32066]: Disconnected from authenticating user root 61.177.173.51 port 47554 [preauth]","@timestamp":"2022-09-11T10:28:44.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:29:31 honeypot-fra-1 sshd[32070]: Received disconnect from 81.169.137.181 port 56734:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:29:31.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:30:47 honeypot-fra-1 sshd[32074]: Received disconnect from 165.22.45.108 port 59540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:30:48.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:31:31 honeypot-fra-1 sshd[32078]: Received disconnect from 81.169.137.181 port 40410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:31:32.528Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:32:48 honeypot-fra-1 sshd[32082]: Disconnected from authenticating user root 61.177.173.52 port 43879 [preauth]","@timestamp":"2022-09-11T10:32:49.558Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:35:06 honeypot-fra-1 sshd[32089]: Received disconnect from 61.177.172.124 port 37334:11:  [preauth]","@timestamp":"2022-09-11T10:35:06.613Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:36:54.000Z","@version":"1","message":"Sep 11 10:36:53 honeypot-sgp-1 sshd[5895]: Received disconnect from 61.177.173.46 port 36597:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:36:59 honeypot-fra-1 sshd[32093]: Disconnected from invalid user paintball 203.223.191.206 port 46274 [preauth]","@timestamp":"2022-09-11T10:36:59.656Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:38:32 honeypot-ams-1 sshd[9871]: Disconnected from authenticating user root 92.255.85.70 port 23638 [preauth]","@timestamp":"2022-09-11T10:38:32.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:39:39 honeypot-ams-1 sshd[9888]: Received disconnect from 178.128.72.150 port 56784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:39:39.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:39:44 honeypot-fra-1 sshd[32100]: Disconnected from authenticating user root 61.177.173.39 port 34159 [preauth]","@timestamp":"2022-09-11T10:39:44.720Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:40:33 honeypot-ams-1 sshd[9896]: Received disconnect from 178.128.72.150 port 60498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:40:33.630Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:41:21 honeypot-ams-1 kernel: [83769467.497913] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=38253 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:41:22.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:38 honeypot-fra-1 sshd[32105]: Disconnected from invalid user user 45.61.186.249 port 42254 [preauth]","@timestamp":"2022-09-11T10:41:38.764Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:41:54 honeypot-ams-1 sshd[9911]: Received disconnect from 178.128.72.150 port 51922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:41:54.671Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:58 honeypot-fra-1 sshd[32110]: Disconnected from invalid user user 45.61.186.249 port 37284 [preauth]","@timestamp":"2022-09-11T10:41:58.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:16 honeypot-fra-1 sshd[32114]: Disconnected from invalid user user 45.61.186.249 port 60550 [preauth]","@timestamp":"2022-09-11T10:42:16.782Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:42:20 honeypot-ams-1 sshd[9916]: Received disconnect from 178.128.72.150 port 39658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:42:21.685Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:32 honeypot-fra-1 sshd[32118]: Disconnected from invalid user user 45.61.186.249 port 55578 [preauth]","@timestamp":"2022-09-11T10:42:33.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:14 honeypot-ams-1 sshd[9921]: Invalid user cat from 178.128.72.150 port 43332","@timestamp":"2022-09-11T10:43:15.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:29 honeypot-ams-1 sshd[9925]: Invalid user postgres from 163.172.251.68 port 49990","@timestamp":"2022-09-11T10:43:30.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:46 honeypot-ams-1 sshd[9930]: Invalid user ftpuser from 163.172.251.68 port 9182","@timestamp":"2022-09-11T10:43:46.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:08 honeypot-ams-1 sshd[9934]: Invalid user chiara from 178.128.72.150 port 47054","@timestamp":"2022-09-11T10:44:08.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:35 honeypot-ams-1 sshd[9938]: Invalid user class from 178.128.72.150 port 34780","@timestamp":"2022-09-11T10:44:35.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:54 honeypot-ams-1 sshd[9942]: Invalid user elastic from 163.172.251.68 port 15478","@timestamp":"2022-09-11T10:44:54.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:11 honeypot-ams-1 sshd[9946]: Invalid user tim from 163.172.251.68 port 31178","@timestamp":"2022-09-11T10:45:11.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:29 honeypot-ams-1 sshd[9950]: Invalid user test from 163.172.251.68 port 46878","@timestamp":"2022-09-11T10:45:29.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:46 honeypot-ams-1 sshd[9952]: Disconnected from invalid user mosquitto 163.172.251.68 port 62572 [preauth]","@timestamp":"2022-09-11T10:45:46.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:03 honeypot-ams-1 sshd[9956]: Disconnected from invalid user teamspeak 163.172.251.68 port 21772 [preauth]","@timestamp":"2022-09-11T10:46:03.799Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:46:34 honeypot-fra-1 sshd[32125]: Received disconnect from 58.144.251.22 port 35870:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:46:34.885Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:38 honeypot-ams-1 sshd[9962]: Invalid user ubuntu from 163.172.251.68 port 53168","@timestamp":"2022-09-11T10:46:38.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:56 honeypot-ams-1 sshd[9966]: Invalid user user from 163.172.251.68 port 12368","@timestamp":"2022-09-11T10:46:56.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:47:16 honeypot-ams-1 sshd[9970]: Invalid user music from 178.128.72.150 port 45912","@timestamp":"2022-09-11T10:47:16.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:48:58 honeypot-ams-1 sshd[9975]: Received disconnect from 188.166.252.149 port 59356:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:48:58.884Z"}
{"@timestamp":"2022-09-11T10:49:39.299Z","@version":"1","message":"Sep 11 10:49:38 honeypot-sgp-1 sshd[5902]: Disconnected from invalid user fy 61.82.54.57 port 48032 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:53:12.383Z","@version":"1","message":"Sep 11 10:53:12 honeypot-sgp-1 kernel: [83769705.087690] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.165.190.34 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=110 ID=41339 PROTO=TCP SPT=16655 DPT=3389 WINDOW=2848 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:09 honeypot-ams-1 sshd[9980]: Did not receive identification string from 141.255.162.226 port 59512","@timestamp":"2022-09-11T10:54:10.020Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:33 honeypot-ams-1 sshd[9983]: Disconnected from invalid user user 141.255.162.226 port 36828 [preauth]","@timestamp":"2022-09-11T10:54:34.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:35 honeypot-ams-1 sshd[9987]: Disconnected from invalid user user 141.255.162.226 port 57812 [preauth]","@timestamp":"2022-09-11T10:54:36.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:40 honeypot-ams-1 sshd[9991]: Disconnected from invalid user user 141.255.162.226 port 44848 [preauth]","@timestamp":"2022-09-11T10:54:41.035Z"}
{"@timestamp":"2022-09-11T10:58:42.514Z","@version":"1","message":"Sep 11 10:58:42 honeypot-sgp-1 kernel: [83770035.229537] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.82.77.33 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=111 ID=60328 PROTO=TCP SPT=16655 DPT=3389 WINDOW=36009 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:59:57 honeypot-fra-1 sshd[32131]: Received disconnect from 92.255.85.69 port 58362:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:59:58.183Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:02:12 honeypot-ams-1 sshd[9998]: Received disconnect from 92.255.85.69 port 27492:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:02:13.227Z"}
{"@timestamp":"2022-09-11T11:03:46.654Z","@version":"1","message":"Sep 11 11:03:46 honeypot-sgp-1 sshd[5922]: Received disconnect from 45.61.187.160 port 33662:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:04:03.662Z","@version":"1","message":"Sep 11 11:04:03 honeypot-sgp-1 sshd[5926]: Received disconnect from 45.61.187.160 port 56654:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:04:07 honeypot-fra-1 sshd[32137]: Received disconnect from 165.22.45.108 port 36466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:04:08.274Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:04:19.670Z","@version":"1","message":"Sep 11 11:04:18 honeypot-sgp-1 sshd[5930]: Received disconnect from 45.61.187.160 port 51400:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:08:46 honeypot-fra-1 sshd[32143]: Invalid user luca from 115.241.20.242 port 50552","@timestamp":"2022-09-11T11:08:47.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:14:43 honeypot-fra-1 sshd[32151]: Received disconnect from 61.177.172.108 port 32685:11:  [preauth]","@timestamp":"2022-09-11T11:14:43.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:15:03.921Z","@version":"1","message":"Sep 11 11:15:03 honeypot-sgp-1 sshd[5940]: Received disconnect from 61.177.173.47 port 24587:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:16:06.948Z","@version":"1","message":"Sep 11 11:16:06 honeypot-sgp-1 sshd[5944]: Received disconnect from 91.240.118.222 port 49329:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:17:01 honeypot-fra-1 CRON[32157]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T11:17:01.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:17:23 honeypot-ams-1 sshd[10006]: Invalid user admin from 178.128.73.254 port 34122","@timestamp":"2022-09-11T11:17:23.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:00 honeypot-ams-1 sshd[10011]: Invalid user user from 45.61.187.160 port 49318","@timestamp":"2022-09-11T11:20:00.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:17 honeypot-ams-1 sshd[10015]: Invalid user user from 45.61.187.160 port 43890","@timestamp":"2022-09-11T11:20:18.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:34 honeypot-ams-1 sshd[10019]: Invalid user user from 45.61.187.160 port 38470","@timestamp":"2022-09-11T11:20:34.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:50 honeypot-ams-1 sshd[10023]: Invalid user user from 45.61.187.160 port 33036","@timestamp":"2022-09-11T11:20:50.706Z"}
{"@timestamp":"2022-09-11T11:21:25.076Z","@version":"1","message":"Sep 11 11:21:25 honeypot-sgp-1 sshd[5952]: Received disconnect from 61.177.173.53 port 39128:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:25:12 honeypot-fra-1 sshd[32165]: Invalid user CenturyL1nk from 141.98.10.158 port 59892","@timestamp":"2022-09-11T11:25:12.746Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:26:11 honeypot-ams-1 sshd[10028]: Received disconnect from 181.53.251.199 port 43406:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:26:11.847Z"}
{"@timestamp":"2022-09-11T11:28:43.248Z","@version":"1","message":"Sep 11 11:28:42 honeypot-sgp-1 kernel: [83771835.744262] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=13605 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:30:06 honeypot-fra-1 sshd[32175]: Invalid user blake from 142.93.135.234 port 42538","@timestamp":"2022-09-11T11:30:06.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:34:40 honeypot-fra-1 sshd[32183]: Received disconnect from 61.177.173.52 port 18360:11:  [preauth]","@timestamp":"2022-09-11T11:34:40.956Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:37:27.487Z","@version":"1","message":"Sep 11 11:37:26 honeypot-sgp-1 sshd[5964]: Received disconnect from 61.177.173.53 port 40988:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:37:40 honeypot-fra-1 sshd[32188]: Disconnected from invalid user kaystrenko 165.22.45.108 port 41258 [preauth]","@timestamp":"2022-09-11T11:37:41.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:37:57 honeypot-ams-1 kernel: [83772862.672130] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.61.245.79 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=44368 PROTO=TCP SPT=24501 DPT=80 WINDOW=61054 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:37:58.151Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:39:40 honeypot-fra-1 sshd[32195]: Received disconnect from 138.68.50.30 port 36392:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:39:41.069Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:41:12.578Z","@version":"1","message":"Sep 11 11:41:12 honeypot-sgp-1 sshd[5969]: Disconnected from authenticating user root 61.177.172.114 port 47186 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:41:41 honeypot-fra-1 kernel: [83770931.685543] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=221.2.155.199 DST=165.22.82.222 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=2677 PROTO=TCP SPT=51436 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:41:42.116Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:49:06 honeypot-ams-1 sshd[10035]: Received disconnect from 119.202.72.87 port 60715:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:49:07.444Z"}
{"@timestamp":"2022-09-11T11:51:40.824Z","@version":"1","message":"Sep 11 11:51:40 honeypot-sgp-1 sshd[5977]: Received disconnect from 61.177.173.39 port 22433:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:53:36 honeypot-fra-1 kernel: [83771646.722708] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.58.113.41 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55917 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:53:37.376Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T11:53:39.873Z","@version":"1","message":"Sep 11 11:53:39 honeypot-sgp-1 sshd[5981]: Received disconnect from 140.213.201.45 port 48757:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:55:55 honeypot-fra-1 sshd[32217]: Invalid user princess from 79.127.36.98 port 42234","@timestamp":"2022-09-11T11:55:56.431Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:56:42 honeypot-ams-1 kernel: [83773987.771668] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.2.52.93 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=40504 PROTO=TCP SPT=36105 DPT=80 WINDOW=23745 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:56:42.635Z"}
{"@timestamp":"2022-09-11T12:01:24.059Z","@version":"1","message":"Sep 11 12:01:23 honeypot-sgp-1 kernel: [83773796.669662] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7904 PROTO=TCP SPT=38145 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:03:07 honeypot-fra-1 sshd[32220]: Disconnected from authenticating user root 61.177.173.50 port 13049 [preauth]","@timestamp":"2022-09-11T12:03:07.591Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:04:23.133Z","@version":"1","message":"Sep 11 12:04:22 honeypot-sgp-1 sshd[5992]: Did not receive identification string from 45.61.186.249 port 56928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:04:46.144Z","@version":"1","message":"Sep 11 12:04:45 honeypot-sgp-1 sshd[5995]: Disconnected from invalid user user 45.61.186.249 port 42988 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:05.154Z","@version":"1","message":"Sep 11 12:05:04 honeypot-sgp-1 sshd[5999]: Disconnected from invalid user user 45.61.186.249 port 37676 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:23.163Z","@version":"1","message":"Sep 11 12:05:22 honeypot-sgp-1 sshd[6003]: Disconnected from invalid user user 45.61.186.249 port 60424 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:47 honeypot-fra-1 sshd[32227]: Received disconnect from 141.255.162.226 port 40008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:05:47.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:49 honeypot-fra-1 sshd[32231]: Received disconnect from 141.255.162.226 port 47078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:05:49.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:07:28.215Z","@version":"1","message":"Sep 11 12:07:27 honeypot-sgp-1 sshd[6008]: Received disconnect from 92.255.85.70 port 25136:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:09:55 honeypot-ams-1 kernel: [83774780.703327] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.158.14.109 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x20 TTL=57 ID=37293 PROTO=TCP SPT=47967 DPT=80 WINDOW=27287 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:09:55.986Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:10:17 honeypot-fra-1 sshd[32235]: Invalid user test2 from 92.255.85.70 port 61364","@timestamp":"2022-09-11T12:10:18.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:11:32 honeypot-fra-1 sshd[32240]: Received disconnect from 61.177.173.51 port 40250:11:  [preauth]","@timestamp":"2022-09-11T12:11:32.785Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:12:37.339Z","@version":"1","message":"Sep 11 12:12:37 honeypot-sgp-1 sshd[6015]: Disconnected from invalid user admin 220.134.113.188 port 40308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:17:01 honeypot-fra-1 CRON[32247]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T12:17:01.906Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:17:01 honeypot-ams-1 CRON[10047]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T12:17:02.172Z"}
{"@timestamp":"2022-09-11T12:17:02.446Z","@version":"1","message":"Sep 11 12:17:01 honeypot-sgp-1 CRON[6023]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:23:34 honeypot-ams-1 kernel: [83775600.163756] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.117.198.12 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x20 TTL=119 ID=9557 DF PROTO=TCP SPT=57139 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:23:35.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:24:55 honeypot-ams-1 sshd[10056]: Invalid user will from 81.169.137.181 port 48476","@timestamp":"2022-09-11T12:24:56.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:26:22 honeypot-ams-1 sshd[10060]: Invalid user win from 81.169.137.181 port 52122","@timestamp":"2022-09-11T12:26:22.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:27:40 honeypot-ams-1 sshd[10065]: Invalid user weblogic from 81.169.137.181 port 55760","@timestamp":"2022-09-11T12:27:41.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:19 honeypot-ams-1 sshd[10068]: Disconnected from invalid user webmaster 81.169.137.181 port 43464 [preauth]","@timestamp":"2022-09-11T12:28:20.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:28:23 honeypot-fra-1 sshd[32255]: Received disconnect from 61.177.173.36 port 46570:11:  [preauth]","@timestamp":"2022-09-11T12:28:24.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:55 honeypot-ams-1 sshd[10072]: Did not receive identification string from 80.76.51.45 port 51008","@timestamp":"2022-09-11T12:28:55.494Z"}
{"@timestamp":"2022-09-11T12:28:59.728Z","@version":"1","message":"Sep 11 12:28:59 honeypot-sgp-1 sshd[6032]: Received disconnect from 61.177.173.46 port 38459:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:11 honeypot-ams-1 sshd[10077]: Received disconnect from 80.76.51.45 port 45134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:29:11.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:27 honeypot-ams-1 sshd[10081]: Disconnected from invalid user admin 80.76.51.45 port 56080 [preauth]","@timestamp":"2022-09-11T12:29:28.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:44 honeypot-ams-1 sshd[10085]: Disconnected from invalid user test 80.76.51.45 port 38794 [preauth]","@timestamp":"2022-09-11T12:29:44.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:14 honeypot-ams-1 sshd[10091]: Disconnected from authenticating user root 167.172.152.18 port 36394 [preauth]","@timestamp":"2022-09-11T12:30:15.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:30 honeypot-ams-1 sshd[10097]: Received disconnect from 80.76.51.45 port 43596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:30:31.549Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:35 honeypot-fra-1 sshd[32261]: Disconnected from invalid user gateway 62.204.41.222 port 39441 [preauth]","@timestamp":"2022-09-11T12:30:36.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:46 honeypot-fra-1 sshd[32267]: Received disconnect from 62.218.227.178 port 40402:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:46.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:46 honeypot-fra-1 sshd[32273]: Received disconnect from 62.218.227.178 port 40490:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:47.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:47 honeypot-fra-1 sshd[32279]: Received disconnect from 62.218.227.178 port 40550:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:48.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:48 honeypot-fra-1 sshd[32285]: Received disconnect from 62.218.227.178 port 40580:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:49.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:49 honeypot-fra-1 sshd[32291]: Received disconnect from 62.218.227.178 port 40638:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:50.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:50 honeypot-fra-1 sshd[32297]: Received disconnect from 62.218.227.178 port 40682:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:51.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:51 honeypot-fra-1 sshd[32303]: Received disconnect from 62.218.227.178 port 40718:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:52.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:52 honeypot-fra-1 sshd[32309]: Received disconnect from 62.218.227.178 port 40752:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:52.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:53 honeypot-fra-1 sshd[32315]: Received disconnect from 62.218.227.178 port 40786:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:53.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:53 honeypot-fra-1 sshd[32321]: Received disconnect from 62.218.227.178 port 40840:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:54.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:54 honeypot-fra-1 sshd[32327]: Received disconnect from 62.218.227.178 port 40886:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:55.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:54 honeypot-ams-1 sshd[10103]: Invalid user virus from 81.169.137.181 port 50742","@timestamp":"2022-09-11T12:30:55.563Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:55 honeypot-fra-1 sshd[32333]: Received disconnect from 62.218.227.178 port 40972:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:56.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:56 honeypot-fra-1 sshd[32337]: Received disconnect from 62.218.227.178 port 41042:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:56 honeypot-fra-1 sshd[32341]: Received disconnect from 62.218.227.178 port 41092:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:57 honeypot-fra-1 sshd[32345]: Received disconnect from 62.218.227.178 port 41138:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:58.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32349]: Received disconnect from 62.218.227.178 port 41154:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:58.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32353]: Received disconnect from 62.218.227.178 port 41176:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:59.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:59 honeypot-fra-1 sshd[32357]: Disconnected from authenticating user root 62.218.227.178 port 41224 [preauth]","@timestamp":"2022-09-11T12:31:00.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:00 honeypot-fra-1 sshd[32363]: Invalid user pi from 62.218.227.178 port 41254","@timestamp":"2022-09-11T12:31:00.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:00 honeypot-fra-1 sshd[32367]: Invalid user ethos from 62.218.227.178 port 41280","@timestamp":"2022-09-11T12:31:01.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32371]: Invalid user miner from 62.218.227.178 port 41294","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32375]: Invalid user volumio from 62.218.227.178 port 41312","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:02 honeypot-fra-1 sshd[32379]: Invalid user nagios from 62.218.227.178 port 41326","@timestamp":"2022-09-11T12:31:03.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32383]: Invalid user vagrant from 62.218.227.178 port 41352","@timestamp":"2022-09-11T12:31:03.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32387]: Invalid user debian from 62.218.227.178 port 41376","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:04 honeypot-fra-1 sshd[32391]: Invalid user debian from 62.218.227.178 port 41408","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:04 honeypot-fra-1 sshd[32395]: Invalid user alarm from 62.218.227.178 port 41428","@timestamp":"2022-09-11T12:31:05.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32399]: Invalid user test from 62.218.227.178 port 41446","@timestamp":"2022-09-11T12:31:06.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32403]: Invalid user cirros from 62.218.227.178 port 41512","@timestamp":"2022-09-11T12:31:06.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:06 honeypot-ams-1 sshd[10107]: Disconnected from authenticating user root 167.172.152.18 port 45970 [preauth]","@timestamp":"2022-09-11T12:31:06.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:32 honeypot-ams-1 sshd[10111]: Disconnected from authenticating user root 167.172.152.18 port 36674 [preauth]","@timestamp":"2022-09-11T12:31:32.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:57 honeypot-ams-1 sshd[10119]: Received disconnect from 167.172.152.18 port 55646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:31:58.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:13 honeypot-ams-1 sshd[10123]: Disconnected from authenticating user uucp 81.169.137.181 port 54392 [preauth]","@timestamp":"2022-09-11T12:32:13.604Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:32:23 honeypot-ams-1 kernel: [83776128.531190] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.104 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48129 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-11T12:32:23.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:49 honeypot-ams-1 sshd[10130]: Disconnected from invalid user git 167.172.152.18 port 37020 [preauth]","@timestamp":"2022-09-11T12:32:49.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:33:15 honeypot-ams-1 sshd[10134]: Disconnected from invalid user postgres 167.172.152.18 port 55958 [preauth]","@timestamp":"2022-09-11T12:33:15.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:33:35 honeypot-fra-1 sshd[32407]: Received disconnect from 92.255.85.70 port 39752:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:33:36.290Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:33:41 honeypot-ams-1 sshd[10138]: Disconnected from invalid user oracle 167.172.152.18 port 46612 [preauth]","@timestamp":"2022-09-11T12:33:41.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:11 honeypot-ams-1 sshd[10142]: Received disconnect from 81.169.137.181 port 45738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:34:12.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:51 honeypot-ams-1 sshd[10146]: Received disconnect from 81.169.137.181 port 33476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:34:52.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:35:24 honeypot-ams-1 sshd[10150]: Received disconnect from 167.172.152.18 port 37680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:35:24.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:35:49 honeypot-ams-1 sshd[10154]: Received disconnect from 167.172.152.18 port 56592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:35:49.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:11 honeypot-ams-1 sshd[10158]: Received disconnect from 81.169.137.181 port 37082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:36:11.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:39 honeypot-ams-1 sshd[10162]: Received disconnect from 167.172.152.18 port 37972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:36:39.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:04 honeypot-ams-1 sshd[10166]: Received disconnect from 167.172.152.18 port 56916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:37:05.755Z"}
{"@timestamp":"2022-09-11T12:37:20.926Z","@version":"1","message":"Sep 11 12:37:20 honeypot-sgp-1 kernel: [83775953.116951] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.163.149 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=16707 PROTO=TCP SPT=41207 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:36 honeypot-ams-1 sshd[10170]: Received disconnect from 81.169.137.181 port 40726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:37:36.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:38:20 honeypot-ams-1 sshd[10175]: Received disconnect from 167.172.152.18 port 57246:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:38:20.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:39:11 honeypot-ams-1 sshd[10179]: Invalid user svn from 167.172.152.18 port 38632","@timestamp":"2022-09-11T12:39:11.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:40:03 honeypot-ams-1 sshd[10183]: Invalid user www from 167.172.152.18 port 48240","@timestamp":"2022-09-11T12:40:03.842Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:40:40 honeypot-fra-1 sshd[32418]: Received disconnect from 61.177.173.36 port 12846:11:  [preauth]","@timestamp":"2022-09-11T12:40:40.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:40:54 honeypot-ams-1 sshd[10187]: Invalid user db2inst1 from 167.172.152.18 port 57984","@timestamp":"2022-09-11T12:40:55.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:41:24 honeypot-ams-1 sshd[10191]: Invalid user inspur from 103.188.176.251 port 49586","@timestamp":"2022-09-11T12:41:24.884Z"}
{"@timestamp":"2022-09-11T12:43:00.063Z","@version":"1","message":"Sep 11 12:42:59 honeypot-sgp-1 sshd[6049]: Received disconnect from 146.19.133.233 port 60556:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:45:38 honeypot-fra-1 sshd[32423]: Connection closed by invalid user inspur 103.188.176.251 port 60286 [preauth]","@timestamp":"2022-09-11T12:45:38.583Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:49:48 honeypot-ams-1 sshd[10197]: Invalid user python from 223.197.186.7 port 37550","@timestamp":"2022-09-11T12:49:49.106Z"}
{"@timestamp":"2022-09-11T12:50:25.244Z","@version":"1","message":"Sep 11 12:50:25 honeypot-sgp-1 sshd[6059]: Invalid user support from 189.219.253.17 port 35653","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:56:37.397Z","@version":"1","message":"Sep 11 12:56:36 honeypot-sgp-1 sshd[6068]: Invalid user musicbot from 139.59.126.129 port 37666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:57:24 honeypot-fra-1 sshd[32437]: Received disconnect from 92.255.85.69 port 50272:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:57:24.845Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:59:55 honeypot-ams-1 sshd[10202]: Disconnected from authenticating user root 92.255.85.70 port 59874 [preauth]","@timestamp":"2022-09-11T12:59:56.372Z"}
{"@timestamp":"2022-09-11T13:05:16.602Z","@version":"1","message":"Sep 11 13:05:16 honeypot-sgp-1 sshd[6071]: Disconnected from authenticating user root 61.177.172.114 port 22746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:05:19 honeypot-fra-1 sshd[32440]: Disconnected from authenticating user root 61.177.173.36 port 48247 [preauth]","@timestamp":"2022-09-11T13:05:20.020Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:12:42 honeypot-ams-1 sshd[10225]: Disconnected from invalid user facai 221.195.49.78 port 24498 [preauth]","@timestamp":"2022-09-11T13:12:43.716Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:13:39 honeypot-fra-1 sshd[32447]: Received disconnect from 63.41.225.61 port 57794:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:13:40.209Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:16:34.871Z","@version":"1","message":"Sep 11 13:16:34 honeypot-sgp-1 sshd[6082]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.214.8 port 57054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:16:37 honeypot-fra-1 sshd[32451]: Disconnected from invalid user kbuye 165.22.45.108 port 57694 [preauth]","@timestamp":"2022-09-11T13:16:37.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:18:34 honeypot-fra-1 sshd[32459]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.213.228 port 37866","@timestamp":"2022-09-11T13:18:35.324Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:19:07.935Z","@version":"1","message":"Sep 11 13:19:07 honeypot-sgp-1 sshd[6088]: Disconnected from authenticating user root 61.177.173.47 port 26721 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:20:17 honeypot-fra-1 sshd[32464]: Received disconnect from 137.135.226.173 port 49390:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:20:18.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:21:45 honeypot-fra-1 sshd[32470]: Received disconnect from 61.177.173.50 port 23081:11:  [preauth]","@timestamp":"2022-09-11T13:21:46.401Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:22:44.021Z","@version":"1","message":"Sep 11 13:22:43 honeypot-sgp-1 sshd[6098]: Received disconnect from 141.255.162.226 port 38688:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:22:47.023Z","@version":"1","message":"Sep 11 13:22:46 honeypot-sgp-1 sshd[6104]: Received disconnect from 141.255.162.226 port 59256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:31 honeypot-ams-1 sshd[10235]: Received disconnect from 92.255.85.69 port 63268:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:23:32.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:43 honeypot-ams-1 sshd[10239]: Received disconnect from 45.61.186.169 port 48156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:23:44.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:02 honeypot-ams-1 sshd[10243]: Received disconnect from 45.61.186.169 port 42956:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:24:03.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:20 honeypot-ams-1 sshd[10248]: Received disconnect from 45.61.186.169 port 37754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:24:21.058Z"}
{"@timestamp":"2022-09-11T13:30:12.202Z","@version":"1","message":"Sep 11 13:30:12 honeypot-sgp-1 sshd[6113]: Did not receive identification string from 45.61.184.204 port 51052","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:30.212Z","@version":"1","message":"Sep 11 13:30:29 honeypot-sgp-1 sshd[6116]: Disconnected from invalid user user 45.61.184.204 port 40436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:50.221Z","@version":"1","message":"Sep 11 13:30:49 honeypot-sgp-1 sshd[6120]: Disconnected from invalid user user 45.61.184.204 port 35444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:31:07.230Z","@version":"1","message":"Sep 11 13:31:06 honeypot-sgp-1 sshd[6124]: Disconnected from invalid user user 45.61.184.204 port 58690 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:34:36 honeypot-fra-1 sshd[32483]: Received disconnect from 121.130.111.133 port 59446:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:34:37.711Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:35:21 honeypot-fra-1 sshd[32487]: Disconnected from invalid user mpiuser 104.248.159.207 port 19096 [preauth]","@timestamp":"2022-09-11T13:35:21.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:35:22 honeypot-ams-1 sshd[10254]: Did not receive identification string from 45.61.184.204 port 53822","@timestamp":"2022-09-11T13:35:23.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:13 honeypot-ams-1 sshd[10257]: Disconnected from invalid user user 45.61.184.204 port 56488 [preauth]","@timestamp":"2022-09-11T13:36:14.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:32 honeypot-ams-1 sshd[10261]: Disconnected from invalid user user 45.61.184.204 port 51870 [preauth]","@timestamp":"2022-09-11T13:36:32.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:50 honeypot-ams-1 sshd[10265]: Received disconnect from 45.61.184.204 port 47262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:36:51.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:39:08 honeypot-fra-1 sshd[32493]: Disconnected from authenticating user root 61.177.173.36 port 53999 [preauth]","@timestamp":"2022-09-11T13:39:09.813Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:39:20 honeypot-ams-1 sshd[10269]: Received disconnect from 14.102.74.99 port 48774:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:39:21.447Z"}
{"@timestamp":"2022-09-11T13:41:48.484Z","@version":"1","message":"Sep 11 13:41:47 honeypot-sgp-1 sshd[6136]: Received disconnect from 92.255.85.70 port 58402:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:43:29.527Z","@version":"1","message":"Sep 11 13:43:28 honeypot-sgp-1 sshd[6140]: Disconnected from invalid user wj 180.168.192.126 port 59533 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:45:55 honeypot-fra-1 kernel: [83778385.986060] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.54.41 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=8133 DF PROTO=TCP SPT=42480 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:45:55.966Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:47:03 honeypot-ams-1 kernel: [83780608.556459] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30322 PROTO=TCP SPT=43566 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:47:03.651Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:49:59 honeypot-fra-1 sshd[32507]: Disconnected from invalid user kdkim 165.22.45.108 port 34460 [preauth]","@timestamp":"2022-09-11T13:49:59.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:51:04.709Z","@version":"1","message":"Sep 11 13:51:04 honeypot-sgp-1 sshd[6150]: Disconnected from authenticating user root 209.65.66.239 port 43439 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:53:19.767Z","@version":"1","message":"Sep 11 13:53:18 honeypot-sgp-1 kernel: [83780511.706370] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=41842 PROTO=TCP SPT=45326 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:55:13 honeypot-ams-1 kernel: [83781099.210421] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.97.146.180 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=48216 PROTO=TCP SPT=44214 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:55:13.867Z"}
{"@timestamp":"2022-09-11T13:59:18.913Z","@version":"1","message":"Sep 11 13:59:18 honeypot-sgp-1 sshd[6161]: Disconnected from authenticating user root 200.111.119.58 port 43664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:00:50 honeypot-ams-1 kernel: [83781435.675725] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33042 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:00:51.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:03:08 honeypot-fra-1 kernel: [83779418.537355] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.200.118.49 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40112 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:03:09.349Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:03:53 honeypot-ams-1 sshd[10282]: Received disconnect from 203.190.55.203 port 34989:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:03:54.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:26 honeypot-fra-1 sshd[32526]: Invalid user user from 45.61.184.204 port 56662","@timestamp":"2022-09-11T14:06:27.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:46 honeypot-fra-1 sshd[32530]: Invalid user user from 45.61.184.204 port 51670","@timestamp":"2022-09-11T14:06:47.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:07:05 honeypot-fra-1 sshd[32535]: Invalid user user from 45.61.184.204 port 46672","@timestamp":"2022-09-11T14:07:06.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:08:00 honeypot-fra-1 kernel: [83779710.431038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=22901 PROTO=TCP SPT=45326 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:08:00.465Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:09:56 honeypot-fra-1 sshd[32545]: Invalid user jsa from 137.184.59.232 port 50812","@timestamp":"2022-09-11T14:09:56.510Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:10:06.177Z","@version":"1","message":"Sep 11 14:10:05 honeypot-sgp-1 sshd[6174]: Received disconnect from 61.177.173.36 port 50612:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:10:41 honeypot-ams-1 sshd[10285]: Disconnected from authenticating user root 92.255.85.70 port 21874 [preauth]","@timestamp":"2022-09-11T14:10:41.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:13:16 honeypot-fra-1 kernel: [83780026.279856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.223.131.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1616 PROTO=TCP SPT=45544 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:13:16.585Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:15:31 honeypot-ams-1 kernel: [83782316.722399] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.124.26.193 DST=178.62.254.91 LEN=40 TOS=0x18 PREC=0xA0 TTL=54 ID=60673 PROTO=TCP SPT=39404 DPT=443 WINDOW=45020 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:15:31.423Z"}
{"@timestamp":"2022-09-11T14:15:46.313Z","@version":"1","message":"Sep 11 14:15:45 honeypot-sgp-1 kernel: [83781858.786142] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.198.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55839 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:17:01 honeypot-fra-1 CRON[32558]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T14:17:01.672Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:19:29 honeypot-ams-1 sshd[10300]: Received disconnect from 62.204.41.222 port 8746:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-11T14:19:30.531Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:23:00 honeypot-fra-1 kernel: [83780610.176911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.109 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35798 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:23:00.807Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:23:08 honeypot-ams-1 kernel: [83782774.267902] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36737 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:23:09.634Z"}
{"@timestamp":"2022-09-11T14:23:57.513Z","@version":"1","message":"Sep 11 14:23:56 honeypot-sgp-1 sshd[6187]: Received disconnect from 61.177.173.50 port 20141:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:26:53 honeypot-fra-1 sshd[32569]: Invalid user admin from 103.91.123.150 port 53860","@timestamp":"2022-09-11T14:26:54.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:31:43 honeypot-fra-1 sshd[32572]: Disconnected from authenticating user root 92.255.85.70 port 63802 [preauth]","@timestamp":"2022-09-11T14:31:44.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:33:12 honeypot-fra-1 sshd[32578]: Connection closed by invalid user test 193.106.191.157 port 40022 [preauth]","@timestamp":"2022-09-11T14:33:13.042Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:54 honeypot-ams-1 sshd[10310]: Received disconnect from 182.105.189.1 port 39971:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:33:55.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:02 honeypot-ams-1 sshd[10316]: Received disconnect from 182.105.189.1 port 40158:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:02.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:10 honeypot-ams-1 sshd[10322]: Received disconnect from 182.105.189.1 port 40382:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:10.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:17 honeypot-ams-1 sshd[10328]: Received disconnect from 182.105.189.1 port 40568:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:17.929Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:23 honeypot-ams-1 sshd[10334]: Received disconnect from 182.105.189.1 port 40737:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:23.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:30 honeypot-ams-1 sshd[10340]: Received disconnect from 182.105.189.1 port 40896:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:30.988Z"}
{"@timestamp":"2022-09-11T14:34:34.768Z","@version":"1","message":"Sep 11 14:34:34 honeypot-sgp-1 sshd[6193]: Connection reset by 61.177.173.50 port 12355 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:38 honeypot-ams-1 sshd[10346]: Received disconnect from 182.105.189.1 port 41070:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:38.994Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:39 honeypot-fra-1 sshd[32586]: Received disconnect from 45.61.184.204 port 57776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:34:40.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:46 honeypot-ams-1 sshd[10352]: Received disconnect from 182.105.189.1 port 41277:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:46.998Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:53 honeypot-ams-1 sshd[10358]: Received disconnect from 182.105.189.1 port 41475:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:54.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:58 honeypot-ams-1 sshd[10366]: Received disconnect from 92.255.85.69 port 60464:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:59.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:59 honeypot-fra-1 sshd[32590]: Received disconnect from 45.61.184.204 port 53366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:35:00.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:05 honeypot-ams-1 sshd[10370]: Received disconnect from 182.105.189.1 port 41770:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:06.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:12 honeypot-ams-1 sshd[10376]: Received disconnect from 182.105.189.1 port 41970:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:13.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:17 honeypot-ams-1 sshd[10380]: Disconnected from invalid user admin 182.105.189.1 port 42082 [preauth]","@timestamp":"2022-09-11T14:35:18.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:35:17 honeypot-fra-1 sshd[32594]: Received disconnect from 45.61.184.204 port 48966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:35:18.094Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:23 honeypot-ams-1 sshd[10384]: Disconnected from invalid user admin 182.105.189.1 port 42256 [preauth]","@timestamp":"2022-09-11T14:35:24.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:29 honeypot-ams-1 sshd[10388]: Disconnected from invalid user admin 182.105.189.1 port 42406 [preauth]","@timestamp":"2022-09-11T14:35:30.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:33 honeypot-ams-1 sshd[10392]: Disconnected from invalid user admin 182.105.189.1 port 42507 [preauth]","@timestamp":"2022-09-11T14:35:34.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:37 honeypot-ams-1 sshd[10396]: Disconnected from invalid user admin 182.105.189.1 port 42602 [preauth]","@timestamp":"2022-09-11T14:35:38.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:42 honeypot-ams-1 sshd[10400]: Disconnected from invalid user user 182.105.189.1 port 42705 [preauth]","@timestamp":"2022-09-11T14:35:43.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:48 honeypot-ams-1 sshd[10406]: Received disconnect from 182.105.189.1 port 42865:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:49.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:53 honeypot-ams-1 sshd[10410]: Received disconnect from 182.105.189.1 port 42995:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:54.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:58 honeypot-ams-1 sshd[10414]: Received disconnect from 182.105.189.1 port 43125:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:59.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:06 honeypot-ams-1 sshd[10418]: Received disconnect from 182.105.189.1 port 43319:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:07.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:13 honeypot-ams-1 sshd[10422]: Received disconnect from 182.105.189.1 port 43419:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:14.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:19 honeypot-ams-1 sshd[10426]: Received disconnect from 182.105.189.1 port 43631:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:20.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:23 honeypot-ams-1 sshd[10430]: Received disconnect from 182.105.189.1 port 43733:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:24.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:30 honeypot-ams-1 sshd[10434]: Received disconnect from 182.105.189.1 port 43835:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:30.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:34 honeypot-ams-1 sshd[10438]: Received disconnect from 182.105.189.1 port 44001:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:35.085Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:40 honeypot-ams-1 sshd[10442]: Received disconnect from 182.105.189.1 port 44155:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:41.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:46 honeypot-ams-1 sshd[10446]: Received disconnect from 182.105.189.1 port 44311:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:47.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:42:09 honeypot-fra-1 kernel: [83781759.449803] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.191.209.190 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=53878 PROTO=TCP SPT=50995 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:42:10.248Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T14:43:46.008Z","@version":"1","message":"Sep 11 14:43:45 honeypot-sgp-1 sshd[6204]: Invalid user aboud from 115.246.237.179 port 41011","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:13 honeypot-ams-1 sshd[10452]: Invalid user user from 45.61.186.49 port 41868","@timestamp":"2022-09-11T14:44:14.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:23 honeypot-ams-1 sshd[10456]: Invalid user user from 45.61.186.49 port 53364","@timestamp":"2022-09-11T14:44:24.287Z"}
{"@timestamp":"2022-09-11T14:45:28.051Z","@version":"1","message":"Sep 11 14:45:27 honeypot-sgp-1 kernel: [83783640.373943] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.200.118.49 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=44639 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:45:29 honeypot-ams-1 kernel: [83784115.366544] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.199.74.113 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=41589 PROTO=TCP SPT=38337 DPT=80 WINDOW=34992 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:45:30.317Z"}
{"@timestamp":"2022-09-11T14:51:39.201Z","@version":"1","message":"Sep 11 14:51:38 honeypot-sgp-1 sshd[6213]: Received disconnect from 61.177.173.37 port 22656:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:51:48 honeypot-fra-1 kernel: [83782338.421788] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=12355 PROTO=TCP SPT=47532 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:51:49.461Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T14:53:55.257Z","@version":"1","message":"Sep 11 14:53:54 honeypot-sgp-1 sshd[6219]: Disconnected from authenticating user root 61.177.173.36 port 48408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:55:02 honeypot-fra-1 sshd[32613]: Received disconnect from 159.223.74.125 port 42556:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:55:03.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:56:41 honeypot-fra-1 sshd[32618]: Received disconnect from 165.22.45.108 port 44458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:56:41.576Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:58:38 honeypot-ams-1 sshd[10464]: Received disconnect from 111.67.200.73 port 58662:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:58:39.657Z"}
{"@timestamp":"2022-09-11T15:01:35.441Z","@version":"1","message":"Sep 11 15:01:34 honeypot-sgp-1 sshd[6229]: Invalid user user from 45.61.186.249 port 48980","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:01:53.451Z","@version":"1","message":"Sep 11 15:01:52 honeypot-sgp-1 sshd[6233]: Invalid user user from 45.61.186.249 port 43654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:02:11.461Z","@version":"1","message":"Sep 11 15:02:11 honeypot-sgp-1 sshd[6237]: Invalid user user from 45.61.186.249 port 38370","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:04:01.505Z","@version":"1","message":"Sep 11 15:04:01 honeypot-sgp-1 kernel: [83784754.301371] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=44784 PROTO=TCP SPT=48403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:04:38 honeypot-fra-1 sshd[32624]: Received disconnect from 61.177.172.108 port 27262:11:  [preauth]","@timestamp":"2022-09-11T15:04:39.756Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:05:47 honeypot-ams-1 sshd[10469]: Invalid user admin from 99.97.212.80 port 56281","@timestamp":"2022-09-11T15:05:47.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:07:00 honeypot-fra-1 kernel: [83783250.448181] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.167.131 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=123 ID=17017 PROTO=TCP SPT=30378 DPT=389 WINDOW=25573 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:07:00.810Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T15:08:39.635Z","@version":"1","message":"Sep 11 15:08:39 honeypot-sgp-1 sshd[6248]: Disconnected from authenticating user root 61.177.172.90 port 44833 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:11:32 honeypot-ams-1 kernel: [83785678.264123] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.28.218.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57239 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:11:32.993Z"}
{"@timestamp":"2022-09-11T15:13:03.742Z","@version":"1","message":"Sep 11 15:13:03 honeypot-sgp-1 sshd[6255]: Received disconnect from 96.78.175.36 port 46612:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:15:18 honeypot-fra-1 sshd[32638]: Received disconnect from 147.182.210.165 port 53498:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:15:18.994Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:17:01.840Z","@version":"1","message":"Sep 11 15:17:01 honeypot-sgp-1 CRON[6261]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:17:22 honeypot-ams-1 sshd[10480]: Invalid user test from 193.106.191.157 port 55996","@timestamp":"2022-09-11T15:17:23.145Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:18:51 honeypot-fra-1 sshd[32645]: Received disconnect from 92.255.85.70 port 49576:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:18:52.076Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:21:29 honeypot-ams-1 sshd[10482]: Disconnected from authenticating user root 92.255.85.70 port 45492 [preauth]","@timestamp":"2022-09-11T15:21:30.255Z"}
{"@timestamp":"2022-09-11T15:24:22.016Z","@version":"1","message":"Sep 11 15:24:21 honeypot-sgp-1 kernel: [83785974.564028] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=49122 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:24:27 honeypot-fra-1 sshd[32654]: Bad protocol version identification 'GET / HTTP/1.0' from 106.75.227.154 port 39666","@timestamp":"2022-09-11T15:24:27.203Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:26:06 honeypot-ams-1 sshd[10487]: Received disconnect from 103.42.57.139 port 36954:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:26:06.377Z"}
{"@timestamp":"2022-09-11T15:28:14.111Z","@version":"1","message":"Sep 11 15:28:13 honeypot-sgp-1 sshd[6271]: Disconnected from authenticating user root 141.94.223.98 port 53440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:29:31 honeypot-fra-1 sshd[32660]: Disconnected from authenticating user root 61.177.173.46 port 22341 [preauth]","@timestamp":"2022-09-11T15:29:32.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:31:28 honeypot-fra-1 kernel: [83784718.048421] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.58.105.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37061 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:31:28.381Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:37:21 honeypot-ams-1 kernel: [83787226.721417] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=29796 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:37:21.663Z"}
{"@timestamp":"2022-09-11T15:37:25.332Z","@version":"1","message":"Sep 11 15:37:24 honeypot-sgp-1 sshd[6278]: Disconnected from authenticating user root 61.177.173.36 port 37622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:38:54 honeypot-fra-1 sshd[32669]: Disconnected from authenticating user root 61.177.173.46 port 47284 [preauth]","@timestamp":"2022-09-11T15:38:54.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:39:22 honeypot-fra-1 sshd[32676]: Received disconnect from 187.51.55.82 port 38879:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:39:22.560Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:43:18 honeypot-fra-1 sshd[32680]: Disconnected from 68.183.141.33 port 51402 [preauth]","@timestamp":"2022-09-11T15:43:18.650Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:43:24.475Z","@version":"1","message":"Sep 11 15:43:24 honeypot-sgp-1 sshd[6285]: Connection closed by authenticating user root 103.188.176.251 port 49210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:44:35 honeypot-ams-1 sshd[10568]: Disconnected from authenticating user root 92.255.85.70 port 51244 [preauth]","@timestamp":"2022-09-11T15:44:35.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:47:21 honeypot-fra-1 kernel: [83785670.865830] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42066 PROTO=TCP SPT=40209 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:47:21.742Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T15:48:12.592Z","@version":"1","message":"Sep 11 15:48:12 honeypot-sgp-1 sshd[6291]: Disconnected from authenticating user root 61.177.173.36 port 58341 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:51:10 honeypot-ams-1 kernel: [83788056.261567] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.133 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51045 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:51:11.020Z"}
{"@timestamp":"2022-09-11T15:53:47.725Z","@version":"1","message":"Sep 11 15:53:47 honeypot-sgp-1 sshd[6298]: Disconnected from authenticating user root 157.245.243.224 port 51688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:56:06 honeypot-fra-1 kernel: [83786195.861675] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=8530 PROTO=TCP SPT=51715 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:56:06.950Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T15:57:30.814Z","@version":"1","message":"Sep 11 15:57:29 honeypot-sgp-1 sshd[6305]: Received disconnect from 61.177.173.35 port 64772:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:00:53 honeypot-ams-1 kernel: [83788638.722120] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=11439 PROTO=TCP SPT=52475 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:00:54.271Z"}
{"@timestamp":"2022-09-11T16:02:53.942Z","@version":"1","message":"Sep 11 16:02:53 honeypot-sgp-1 sshd[6313]: Disconnected from authenticating user root 92.255.85.70 port 20182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:03:25 honeypot-fra-1 sshd[32698]: Received disconnect from 165.22.45.108 port 54458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T16:03:26.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:06:57 honeypot-ams-1 kernel: [83789002.532729] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.97.210.187 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=60409 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:06:57.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:12:32 honeypot-ams-1 sshd[10584]: Received disconnect from 27.1.253.142 port 46852:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:12:33.579Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:13:10 honeypot-fra-1 sshd[32703]: Invalid user support from 192.72.105.75 port 34208","@timestamp":"2022-09-11T16:13:11.349Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:17:01 honeypot-ams-1 CRON[10589]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T16:17:01.698Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:23:45 honeypot-fra-1 sshd[32710]: Invalid user admin from 220.86.33.251 port 37379","@timestamp":"2022-09-11T16:23:46.586Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T16:25:55.506Z","@version":"1","message":"Sep 11 16:25:54 honeypot-sgp-1 sshd[6325]: Connection closed by 204.131.249.226 port 58952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:30:14 honeypot-fra-1 kernel: [83788244.648497] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.143.58.236 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=15234 DF PROTO=TCP SPT=61444 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:30:15.745Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:31:38 honeypot-ams-1 sshd[10596]: Received disconnect from 92.255.85.70 port 37562:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:31:38.086Z"}
{"@timestamp":"2022-09-11T16:33:08.680Z","@version":"1","message":"Sep 11 16:33:07 honeypot-sgp-1 kernel: [83790100.631297] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.46 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48090 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T16:34:42.718Z","@version":"1","message":"Sep 11 16:34:42 honeypot-sgp-1 sshd[6334]: Disconnected from invalid user ubnt 187.216.90.114 port 56534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:36:36 honeypot-fra-1 sshd[32716]: Disconnected from invalid user kelly 165.22.45.108 port 59448 [preauth]","@timestamp":"2022-09-11T16:36:36.888Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T16:43:01.918Z","@version":"1","message":"Sep 11 16:43:01 honeypot-sgp-1 sshd[6339]: Received disconnect from 187.216.90.114 port 57128:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:46:46 honeypot-ams-1 kernel: [83791392.208562] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.54.18.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=2880 PROTO=TCP SPT=40792 DPT=443 WINDOW=57104 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:46:47.509Z"}
{"@timestamp":"2022-09-11T16:50:13.088Z","@version":"1","message":"Sep 11 16:50:12 honeypot-sgp-1 sshd[6344]: Disconnected from authenticating user root 92.255.85.70 port 16282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:50:49 honeypot-ams-1 kernel: [83791634.542329] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=51708 PROTO=TCP SPT=57501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:50:49.619Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:56:54 honeypot-ams-1 kernel: [83792000.115124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.62.170.160 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=64465 DF PROTO=TCP SPT=2114 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:56:55.781Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:00:41 honeypot-fra-1 kernel: [83790071.408459] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.244.139.16 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=14361 PROTO=TCP SPT=32157 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:00:42.418Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:01:36 honeypot-ams-1 kernel: [83792282.211105] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=118.200.40.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=15686 PROTO=TCP SPT=53335 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:01:36.910Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:16 honeypot-fra-1 sshd[32728]: Did not receive identification string from 141.255.162.226 port 37016","@timestamp":"2022-09-11T17:02:16.457Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:41 honeypot-fra-1 sshd[32732]: Received disconnect from 141.255.162.226 port 39196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:02:42.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:45 honeypot-fra-1 sshd[32736]: Received disconnect from 141.255.162.226 port 53274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:02:46.471Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:04:37 honeypot-ams-1 kernel: [83792462.734815] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=10889 PROTO=TCP SPT=55847 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:04:37.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:06:35 honeypot-fra-1 sshd[32742]: Invalid user user from 45.61.186.169 port 57492","@timestamp":"2022-09-11T17:06:36.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:06:53 honeypot-fra-1 sshd[32746]: Invalid user user from 45.61.186.169 port 52532","@timestamp":"2022-09-11T17:06:53.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:09 honeypot-fra-1 sshd[32750]: Invalid user user from 45.61.186.169 port 47538","@timestamp":"2022-09-11T17:07:10.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:25 honeypot-fra-1 sshd[32754]: Invalid user user from 45.61.186.169 port 42578","@timestamp":"2022-09-11T17:07:26.588Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:09:02.530Z","@version":"1","message":"Sep 11 17:09:01 honeypot-sgp-1 CRON[6356]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:09:30 honeypot-fra-1 sshd[32759]: Disconnected from authenticating user root 202.83.17.205 port 60952 [preauth]","@timestamp":"2022-09-11T17:09:31.634Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:12:02 honeypot-fra-1 kernel: [83790751.680257] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46063 PROTO=TCP SPT=41106 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:12:02.694Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:12:57.625Z","@version":"1","message":"Sep 11 17:12:57 honeypot-sgp-1 sshd[6361]: Did not receive identification string from 45.61.187.160 port 60560","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:26.639Z","@version":"1","message":"Sep 11 17:13:25 honeypot-sgp-1 sshd[6364]: Disconnected from invalid user user 45.61.187.160 port 37572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:45.649Z","@version":"1","message":"Sep 11 17:13:44 honeypot-sgp-1 sshd[6368]: Disconnected from invalid user user 45.61.187.160 port 60534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:14:02.658Z","@version":"1","message":"Sep 11 17:14:01 honeypot-sgp-1 sshd[6372]: Disconnected from invalid user user 45.61.187.160 port 55256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:14:11.662Z","@version":"1","message":"Sep 11 17:14:10 honeypot-sgp-1 sshd[6377]: Disconnected from invalid user test2 92.255.85.69 port 15680 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:37 honeypot-ams-1 sshd[10619]: Received disconnect from 45.61.186.49 port 44608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:14:38.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:47 honeypot-ams-1 sshd[10623]: Received disconnect from 45.61.186.49 port 56362:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:14:48.254Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:14:55 honeypot-fra-1 sshd[747]: Disconnected from invalid user ftpuser 35.219.62.194 port 44798 [preauth]","@timestamp":"2022-09-11T17:14:55.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:17:01 honeypot-ams-1 CRON[10627]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T17:17:02.315Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:17:34 honeypot-fra-1 kernel: [83791083.791429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43067 PROTO=TCP SPT=50552 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:17:34.816Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:21:49.842Z","@version":"1","message":"Sep 11 17:21:49 honeypot-sgp-1 kernel: [83793021.995703] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.223.115.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=41918 PROTO=TCP SPT=56132 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:28:05 honeypot-ams-1 sshd[10633]: Invalid user support from 78.127.125.41 port 50694","@timestamp":"2022-09-11T17:28:06.599Z"}
{"@timestamp":"2022-09-11T17:28:52.008Z","@version":"1","message":"Sep 11 17:28:51 honeypot-sgp-1 sshd[6390]: Invalid user support from 203.64.153.68 port 52055","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:30:47 honeypot-ams-1 sshd[10639]: Received disconnect from 45.61.187.160 port 35812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:30:48.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:30:57 honeypot-fra-1 sshd[758]: Invalid user admin from 128.199.160.207 port 57014","@timestamp":"2022-09-11T17:30:57.110Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:09 honeypot-ams-1 sshd[10643]: Received disconnect from 45.61.187.160 port 59208:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:31:10.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:29 honeypot-ams-1 sshd[10647]: Received disconnect from 45.61.187.160 port 54368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:31:29.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:47 honeypot-ams-1 sshd[10651]: Invalid user user from 45.61.187.160 port 49530","@timestamp":"2022-09-11T17:31:47.705Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:35:14 honeypot-fra-1 kernel: [83792144.338763] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=29836 PROTO=TCP SPT=50554 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:35:15.207Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:37:57.221Z","@version":"1","message":"Sep 11 17:37:56 honeypot-sgp-1 sshd[6397]: Received disconnect from 92.255.85.69 port 51132:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:39:48 honeypot-fra-1 sshd[767]: Invalid user test2 from 92.255.85.70 port 27642","@timestamp":"2022-09-11T17:39:48.310Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:40:29 honeypot-ams-1 kernel: [83794614.886308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.75.93.241 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=6017 PROTO=TCP SPT=58914 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:40:29.929Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:42:54 honeypot-ams-1 sshd[10660]: Invalid user test2 from 92.255.85.69 port 41196","@timestamp":"2022-09-11T17:42:54.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:43:13 honeypot-fra-1 sshd[772]: Received disconnect from 165.22.45.108 port 41024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:43:13.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:48:58 honeypot-fra-1 sshd[777]: Disconnected from 157.245.9.6 port 48442 [preauth]","@timestamp":"2022-09-11T17:48:59.516Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:49:17 honeypot-ams-1 sshd[10665]: Connection closed by authenticating user root 103.188.176.251 port 56440 [preauth]","@timestamp":"2022-09-11T17:49:17.160Z"}
{"@timestamp":"2022-09-11T17:50:23.527Z","@version":"1","message":"Sep 11 17:50:22 honeypot-sgp-1 sshd[6402]: Connection closed by invalid user admin 178.128.125.205 port 31290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:51:52.564Z","@version":"1","message":"Sep 11 17:51:52 honeypot-sgp-1 sshd[6408]: Received disconnect from 210.245.111.33 port 55724:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:51:59 honeypot-ams-1 kernel: [83795304.776569] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.181 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=1901 PROTO=TCP SPT=49917 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:52:00.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:31 honeypot-fra-1 sshd[785]: Received disconnect from 141.255.162.226 port 52570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:55:31.665Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:33 honeypot-fra-1 sshd[789]: Received disconnect from 141.255.162.226 port 37572:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:55:34.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:37 honeypot-fra-1 sshd[793]: Received disconnect from 141.255.162.226 port 50816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:55:38.670Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:56:24.675Z","@version":"1","message":"Sep 11 17:56:23 honeypot-sgp-1 sshd[6414]: Did not receive identification string from 132.148.75.125 port 57350","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:58:26.727Z","@version":"1","message":"Sep 11 17:58:26 honeypot-sgp-1 sshd[6420]: Received disconnect from 132.148.75.125 port 47932:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:00:15 honeypot-ams-1 sshd[10671]: Invalid user user from 178.217.102.225 port 57084","@timestamp":"2022-09-11T18:00:15.447Z"}
{"@timestamp":"2022-09-11T18:00:21.776Z","@version":"1","message":"Sep 11 18:00:21 honeypot-sgp-1 sshd[6426]: Received disconnect from 132.148.75.125 port 59756:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:01:01.795Z","@version":"1","message":"Sep 11 18:01:01 honeypot-sgp-1 sshd[6430]: Disconnected from authenticating user root 132.148.75.125 port 47808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:02:21.834Z","@version":"1","message":"Sep 11 18:02:21 honeypot-sgp-1 sshd[6434]: Received disconnect from 132.148.75.125 port 51648:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:02:58 honeypot-fra-1 sshd[796]: Disconnected from invalid user test2 92.255.85.69 port 39944 [preauth]","@timestamp":"2022-09-11T18:02:58.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:03:37 honeypot-ams-1 sshd[10676]: Invalid user admin from 134.17.17.32 port 32879","@timestamp":"2022-09-11T18:03:38.535Z"}
{"@timestamp":"2022-09-11T18:03:42.899Z","@version":"1","message":"Sep 11 18:03:42 honeypot-sgp-1 sshd[6439]: Disconnected from authenticating user root 132.148.75.125 port 59326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:05:40.952Z","@version":"1","message":"Sep 11 18:05:40 honeypot-sgp-1 sshd[6445]: Disconnected from authenticating user root 132.148.75.125 port 54024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:07:42.004Z","@version":"1","message":"Sep 11 18:07:41 honeypot-sgp-1 sshd[6451]: Disconnected from authenticating user root 132.148.75.125 port 49214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:09:49.059Z","@version":"1","message":"Sep 11 18:09:48 honeypot-sgp-1 sshd[6458]: Disconnected from authenticating user root 132.148.75.125 port 51396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:10:11 honeypot-ams-1 kernel: [83796396.497091] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35306 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:10:11.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:10:57 honeypot-fra-1 sshd[799]: Invalid user admin from 141.98.10.158 port 53782","@timestamp":"2022-09-11T18:10:58.016Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:11:50.112Z","@version":"1","message":"Sep 11 18:11:49 honeypot-sgp-1 sshd[6464]: Disconnected from authenticating user root 132.148.75.125 port 45242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:12:22 honeypot-ams-1 kernel: [83796528.207173] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.97.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40935 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:12:23.763Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:13:38 honeypot-fra-1 sshd[801]: Disconnected from invalid user tolee 103.9.36.69 port 57676 [preauth]","@timestamp":"2022-09-11T18:13:39.079Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:13:49.182Z","@version":"1","message":"Sep 11 18:13:48 honeypot-sgp-1 sshd[6470]: Received disconnect from 132.148.75.125 port 36844:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:15:41.231Z","@version":"1","message":"Sep 11 18:15:40 honeypot-sgp-1 kernel: [83796253.047609] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.92.32.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=41493 PROTO=TCP SPT=40139 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:05.243Z","@version":"1","message":"Sep 11 18:16:04 honeypot-sgp-1 sshd[6480]: Disconnected from invalid user user 141.255.162.226 port 46648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:10.246Z","@version":"1","message":"Sep 11 18:16:09 honeypot-sgp-1 sshd[6485]: Disconnected from invalid user user 141.255.162.226 port 38046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:31.255Z","@version":"1","message":"Sep 11 18:16:31 honeypot-sgp-1 sshd[6492]: Received disconnect from 132.148.75.125 port 48478:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:17:01 honeypot-fra-1 CRON[806]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T18:17:02.156Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:17:51.288Z","@version":"1","message":"Sep 11 18:17:50 honeypot-sgp-1 sshd[6499]: Received disconnect from 132.148.75.125 port 52282:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:19:14.327Z","@version":"1","message":"Sep 11 18:19:13 honeypot-sgp-1 kernel: [83796466.429836] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.145.74 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=32938 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:19:50 honeypot-ams-1 sshd[10687]: Invalid user george from 212.205.99.56 port 39510","@timestamp":"2022-09-11T18:19:50.958Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:20:42 honeypot-ams-1 sshd[10690]: Received disconnect from 103.253.175.10 port 41556:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:20:42.984Z"}
{"@timestamp":"2022-09-11T18:21:23.381Z","@version":"1","message":"Sep 11 18:21:22 honeypot-sgp-1 sshd[6510]: Disconnected from authenticating user root 132.148.75.125 port 35514 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:23:28.435Z","@version":"1","message":"Sep 11 18:23:27 honeypot-sgp-1 sshd[6516]: Disconnected from authenticating user root 132.148.75.125 port 34778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:24:01 honeypot-ams-1 sshd[10694]: Received disconnect from 50.193.220.21 port 60962:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:24:02.071Z"}
{"@timestamp":"2022-09-11T18:24:29.464Z","@version":"1","message":"Sep 11 18:24:29 honeypot-sgp-1 kernel: [83796781.956717] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=12564 PROTO=TCP SPT=19747 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:26:11.510Z","@version":"1","message":"Sep 11 18:26:11 honeypot-sgp-1 sshd[6528]: Disconnected from authenticating user root 132.148.75.125 port 47300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:28:16.564Z","@version":"1","message":"Sep 11 18:28:16 honeypot-sgp-1 sshd[6534]: Disconnected from authenticating user root 132.148.75.125 port 48196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:30:20.617Z","@version":"1","message":"Sep 11 18:30:19 honeypot-sgp-1 sshd[6540]: Disconnected from authenticating user root 132.148.75.125 port 44838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:31:54 honeypot-fra-1 sshd[816]: Received disconnect from 43.132.240.51 port 53464:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:31:55.482Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:32:25.670Z","@version":"1","message":"Sep 11 18:32:24 honeypot-sgp-1 sshd[6547]: Disconnected from authenticating user root 132.148.75.125 port 44974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:34:35.727Z","@version":"1","message":"Sep 11 18:34:34 honeypot-sgp-1 sshd[6553]: Received disconnect from 132.148.75.125 port 49268:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:34:47 honeypot-fra-1 sshd[824]: Received disconnect from 211.45.162.52 port 51472:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:34:48.553Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:35:39 honeypot-ams-1 sshd[10700]: Invalid user test from 193.106.191.157 port 35012","@timestamp":"2022-09-11T18:35:39.370Z"}
{"@timestamp":"2022-09-11T18:35:58.763Z","@version":"1","message":"Sep 11 18:35:57 honeypot-sgp-1 sshd[6557]: Disconnected from authenticating user root 132.148.75.125 port 55618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:38:00.816Z","@version":"1","message":"Sep 11 18:38:00 honeypot-sgp-1 sshd[6564]: Disconnected from authenticating user root 132.148.75.125 port 49686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:39:47 honeypot-ams-1 sshd[10704]: Disconnected from invalid user geq 79.7.186.65 port 49008 [preauth]","@timestamp":"2022-09-11T18:39:47.476Z"}
{"@timestamp":"2022-09-11T18:40:06.870Z","@version":"1","message":"Sep 11 18:40:06 honeypot-sgp-1 sshd[6570]: Disconnected from authenticating user root 132.148.75.125 port 48968 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:41:43.910Z","@version":"1","message":"Sep 11 18:41:43 honeypot-sgp-1 sshd[6577]: Disconnected from 161.35.131.133 port 44014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:42:51.940Z","@version":"1","message":"Sep 11 18:42:51 honeypot-sgp-1 sshd[6584]: Disconnected from authenticating user root 132.148.75.125 port 37782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:43:34 honeypot-ams-1 sshd[10710]: Received disconnect from 167.71.142.220 port 54556:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:43:35.574Z"}
{"@timestamp":"2022-09-11T18:44:59.993Z","@version":"1","message":"Sep 11 18:44:59 honeypot-sgp-1 sshd[6590]: Received disconnect from 132.148.75.125 port 40808:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:45:00 honeypot-fra-1 kernel: [83796329.928209] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42309 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:45:00.780Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:47:08.047Z","@version":"1","message":"Sep 11 18:47:07 honeypot-sgp-1 sshd[6597]: Received disconnect from 132.148.75.125 port 41244:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:47:13 honeypot-ams-1 sshd[10715]: Received disconnect from 109.227.63.3 port 34731:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:47:13.671Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:49:01 honeypot-ams-1 kernel: [83798726.304181] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.49.81.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=3505 DF PROTO=TCP SPT=47356 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:49:01.720Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:49:33 honeypot-fra-1 sshd[837]: Received disconnect from 165.22.45.108 port 50616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T18:49:33.882Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:50:52.138Z","@version":"1","message":"Sep 11 18:50:51 honeypot-sgp-1 kernel: [83798364.107981] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.103 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=9415 PROTO=TCP SPT=26807 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:26 honeypot-ams-1 sshd[10720]: Disconnected from invalid user user 45.61.184.204 port 57132 [preauth]","@timestamp":"2022-09-11T18:51:26.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:48 honeypot-ams-1 sshd[10724]: Disconnected from invalid user user 45.61.184.204 port 52682 [preauth]","@timestamp":"2022-09-11T18:51:48.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:07 honeypot-ams-1 sshd[10728]: Disconnected from invalid user user 45.61.184.204 port 48260 [preauth]","@timestamp":"2022-09-11T18:52:08.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:26 honeypot-ams-1 sshd[10733]: Disconnected from invalid user user 45.61.184.204 port 43800 [preauth]","@timestamp":"2022-09-11T18:52:26.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:53:40 honeypot-fra-1 sshd[843]: Connection closed by invalid user wry 137.116.144.39 port 55442 [preauth]","@timestamp":"2022-09-11T18:53:41.974Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:59:06 honeypot-ams-1 sshd[10739]: Received disconnect from 39.118.192.135 port 52310:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:59:06.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:24 honeypot-fra-1 sshd[849]: Invalid user user from 45.61.184.204 port 45714","@timestamp":"2022-09-11T19:00:24.127Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:47 honeypot-fra-1 sshd[853]: Invalid user user from 45.61.184.204 port 42066","@timestamp":"2022-09-11T19:00:48.138Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:01:07 honeypot-fra-1 sshd[858]: Invalid user user from 45.61.184.204 port 38424","@timestamp":"2022-09-11T19:01:08.147Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:01:27 honeypot-fra-1 sshd[863]: Invalid user user from 45.61.184.204 port 34762","@timestamp":"2022-09-11T19:01:28.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:04:38.466Z","@version":"1","message":"Sep 11 19:04:38 honeypot-sgp-1 sshd[6607]: Did not receive identification string from 14.56.74.230 port 7584","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:40.516Z","@version":"1","message":"Sep 11 19:06:40 honeypot-sgp-1 sshd[6611]: Invalid user user from 141.255.162.226 port 38200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:42.517Z","@version":"1","message":"Sep 11 19:06:42 honeypot-sgp-1 sshd[6617]: Received disconnect from 141.255.162.226 port 44582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:45.519Z","@version":"1","message":"Sep 11 19:06:44 honeypot-sgp-1 sshd[6619]: Connection closed by invalid user user 141.255.162.226 port 50966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:04 honeypot-ams-1 sshd[10746]: Did not receive identification string from 45.61.186.249 port 40190","@timestamp":"2022-09-11T19:08:05.224Z"}
{"@timestamp":"2022-09-11T19:08:45.569Z","@version":"1","message":"Sep 11 19:08:45 honeypot-sgp-1 kernel: [83799437.652053] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=56704 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:45 honeypot-ams-1 sshd[10749]: Disconnected from invalid user user 45.61.186.249 port 40144 [preauth]","@timestamp":"2022-09-11T19:08:46.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:00 honeypot-ams-1 sshd[10754]: Disconnecting invalid user admin 222.228.6.98 port 34666: Too many authentication failures [preauth]","@timestamp":"2022-09-11T19:09:00.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:12 honeypot-ams-1 sshd[10759]: Received disconnect from 45.61.186.249 port 46280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:09:12.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:28 honeypot-ams-1 sshd[10763]: Received disconnect from 45.61.186.249 port 40948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:09:29.268Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:13:21 honeypot-fra-1 kernel: [83798030.282257] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=43135 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:13:21.416Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:16:03 honeypot-ams-1 sshd[10771]: Received disconnect from 92.255.85.69 port 41000:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:16:04.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:17:01 honeypot-fra-1 CRON[871]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T19:17:02.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:17:02.765Z","@version":"1","message":"Sep 11 19:17:01 honeypot-sgp-1 CRON[6627]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:19:41.839Z","@version":"1","message":"Sep 11 19:19:41 honeypot-sgp-1 sshd[6633]: Received disconnect from 170.210.46.4 port 47952:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:19:42 honeypot-fra-1 sshd[878]: Connection closed by invalid user admin 220.86.33.251 port 52495 [preauth]","@timestamp":"2022-09-11T19:19:43.575Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:19:53.845Z","@version":"1","message":"Sep 11 19:19:53 honeypot-sgp-1 sshd[6637]: Received disconnect from 198.98.61.9 port 58986:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:11.854Z","@version":"1","message":"Sep 11 19:20:11 honeypot-sgp-1 sshd[6641]: Received disconnect from 198.98.61.9 port 53870:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:28.861Z","@version":"1","message":"Sep 11 19:20:28 honeypot-sgp-1 sshd[6645]: Received disconnect from 198.98.61.9 port 48754:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:23:35 honeypot-ams-1 sshd[10777]: Disconnected from authenticating user root 85.18.236.229 port 55282 [preauth]","@timestamp":"2022-09-11T19:23:36.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:40 honeypot-fra-1 sshd[884]: Received disconnect from 198.98.61.9 port 39014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:24:40.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:58 honeypot-fra-1 sshd[888]: Invalid user user from 198.98.61.9 port 34122","@timestamp":"2022-09-11T19:24:58.697Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:14 honeypot-fra-1 sshd[892]: Invalid user user from 198.98.61.9 port 57466","@timestamp":"2022-09-11T19:25:14.705Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:29 honeypot-fra-1 sshd[896]: Invalid user user from 198.98.61.9 port 52630","@timestamp":"2022-09-11T19:25:29.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:29:35 honeypot-ams-1 sshd[10782]: Received disconnect from 138.94.75.17 port 52548:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:29:36.792Z"}
{"@timestamp":"2022-09-11T19:34:51.200Z","@version":"1","message":"Sep 11 19:34:50 honeypot-sgp-1 sshd[6651]: Disconnected from authenticating user root 92.255.85.69 port 42126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:35:59 honeypot-ams-1 kernel: [83801544.642784] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=51780 PROTO=TCP SPT=40276 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:35:59.966Z"}
{"@timestamp":"2022-09-11T19:37:17.260Z","@version":"1","message":"Sep 11 19:37:16 honeypot-sgp-1 sshd[6656]: Received disconnect from 198.98.61.9 port 35862:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:36.269Z","@version":"1","message":"Sep 11 19:37:36 honeypot-sgp-1 sshd[6660]: Received disconnect from 198.98.61.9 port 59470:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:56.280Z","@version":"1","message":"Sep 11 19:37:55 honeypot-sgp-1 sshd[6664]: Received disconnect from 198.98.61.9 port 54846:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:38:55 honeypot-fra-1 kernel: [83799565.060322] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=190.8.178.161 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=22338 DF PROTO=TCP SPT=35696 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:38:56.013Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:42:32 honeypot-ams-1 kernel: [83801937.987402] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=48785 PROTO=TCP SPT=39224 DPT=80 WINDOW=22147 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:42:33.140Z"}
{"@timestamp":"2022-09-11T19:47:56.511Z","@version":"1","message":"Sep 11 19:47:56 honeypot-sgp-1 sshd[6669]: Did not receive identification string from 197.237.150.100 port 43280","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:48:57 honeypot-ams-1 sshd[10796]: Invalid user user from 45.61.187.160 port 47938","@timestamp":"2022-09-11T19:48:58.309Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:49:02 honeypot-fra-1 kernel: [83800171.420923] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.226.95.33 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=50274 DF PROTO=TCP SPT=31676 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:49:02.239Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:17 honeypot-ams-1 sshd[10800]: Invalid user user from 45.61.187.160 port 42408","@timestamp":"2022-09-11T19:49:18.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:34 honeypot-ams-1 sshd[10804]: Invalid user user from 45.61.187.160 port 36860","@timestamp":"2022-09-11T19:49:35.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:52 honeypot-ams-1 sshd[10808]: Invalid user user from 45.61.187.160 port 59550","@timestamp":"2022-09-11T19:49:53.339Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:54:02 honeypot-ams-1 kernel: [83802627.784554] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=93.188.164.45 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=29037 DF PROTO=TCP SPT=55694 DPT=5432 WINDOW=42340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:54:03.448Z"}
{"@timestamp":"2022-09-11T19:54:49.668Z","@version":"1","message":"Sep 11 19:54:48 honeypot-sgp-1 kernel: [83802201.249543] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.234.137.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=10720 PROTO=TCP SPT=31708 DPT=80 WINDOW=24572 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[912]: Invalid user test from 34.71.244.4 port 56172","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[913]: Invalid user user from 34.71.244.4 port 56310","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[921]: Invalid user user from 34.71.244.4 port 56270","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[934]: Invalid user www from 34.71.244.4 port 56124","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[932]: Connection closed by invalid user oracle 34.71.244.4 port 56428 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[944]: Connection closed by authenticating user root 34.71.244.4 port 56204 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[920]: Connection closed by invalid user ts3 34.71.244.4 port 56168 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[912]: Connection closed by invalid user test 34.71.244.4 port 56172 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:57:57.743Z","@version":"1","message":"Sep 11 19:57:57 honeypot-sgp-1 sshd[6677]: Disconnected from authenticating user root 92.255.85.70 port 45602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:00:45 honeypot-fra-1 sshd[968]: Disconnected from authenticating user root 92.255.85.70 port 41210 [preauth]","@timestamp":"2022-09-11T20:00:46.500Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:05:20 honeypot-ams-1 sshd[10817]: Disconnected from authenticating user root 106.51.48.117 port 53267 [preauth]","@timestamp":"2022-09-11T20:05:20.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:08:18 honeypot-ams-1 sshd[10824]: Invalid user admin from 148.153.82.133 port 53442","@timestamp":"2022-09-11T20:08:18.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:17:01 honeypot-ams-1 CRON[10829]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T20:17:02.040Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:17:01 honeypot-fra-1 CRON[983]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T20:17:01.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T20:19:53.255Z","@version":"1","message":"Sep 11 20:19:52 honeypot-sgp-1 kernel: [83803705.005502] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.69.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=53737 DF PROTO=TCP SPT=49248 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:23:27 honeypot-fra-1 kernel: [83802236.303676] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.137.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=58796 PROTO=TCP SPT=37727 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:23:28.022Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:26:32 honeypot-ams-1 sshd[10840]: Received disconnect from 92.255.85.69 port 62762:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:26:33.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:30:47 honeypot-fra-1 sshd[992]: Received disconnect from 165.22.45.108 port 36838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T20:30:48.187Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:31:59 honeypot-ams-1 kernel: [83804904.543315] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=49299 PROTO=TCP SPT=39224 DPT=80 WINDOW=22147 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:31:59.438Z"}
{"@timestamp":"2022-09-11T20:34:06.587Z","@version":"1","message":"Sep 11 20:34:06 honeypot-sgp-1 kernel: [83804558.879002] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.69.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=52628 DF PROTO=TCP SPT=43934 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T20:41:23.756Z","@version":"1","message":"Sep 11 20:41:22 honeypot-sgp-1 kernel: [83804995.411920] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.163.140 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56724 PROTO=TCP SPT=42193 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:43:51 honeypot-fra-1 sshd[999]: Connection closed by 193.106.191.157 port 39972 [preauth]","@timestamp":"2022-09-11T20:43:52.473Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:45:04 honeypot-ams-1 sshd[10848]: Connection reset by 152.251.118.65 port 18333 [preauth]","@timestamp":"2022-09-11T20:45:04.781Z"}
{"@timestamp":"2022-09-11T20:50:46.973Z","@version":"1","message":"Sep 11 20:50:46 honeypot-sgp-1 sshd[6705]: Invalid user xiejz from 103.188.176.251 port 53494","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:52:03 honeypot-fra-1 sshd[1008]: Invalid user support from 182.75.197.174 port 44000","@timestamp":"2022-09-11T20:52:03.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:53:55 honeypot-fra-1 sshd[1013]: Invalid user user from 45.61.184.204 port 60060","@timestamp":"2022-09-11T20:53:55.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:16 honeypot-fra-1 sshd[1017]: Invalid user user from 45.61.184.204 port 55686","@timestamp":"2022-09-11T20:54:16.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:36 honeypot-fra-1 sshd[1021]: Invalid user user from 45.61.184.204 port 51352","@timestamp":"2022-09-11T20:54:36.721Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:58:59 honeypot-ams-1 sshd[10854]: Disconnected from authenticating user root 218.92.0.204 port 23148 [preauth]","@timestamp":"2022-09-11T20:59:00.140Z"}
{"@timestamp":"2022-09-11T20:59:50.185Z","@version":"1","message":"Sep 11 20:59:49 honeypot-sgp-1 kernel: [83806102.311478] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=15207 DF PROTO=TCP SPT=44296 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:00:09 honeypot-fra-1 kernel: [83804438.594686] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=28089 PROTO=TCP SPT=50004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:00:09.844Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:11:21 honeypot-fra-1 sshd[1030]: Received disconnect from 92.255.85.69 port 62316:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:11:22.095Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:11:37.455Z","@version":"1","message":"Sep 11 21:11:36 honeypot-sgp-1 kernel: [83806809.144668] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.178.125.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=53582 PROTO=TCP SPT=59880 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:13:22 honeypot-ams-1 sshd[10858]: Received disconnect from 92.255.85.69 port 53818:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:13:23.515Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:14:54 honeypot-ams-1 sshd[10861]: Connection closed by invalid user pi 189.180.95.203 port 38792 [preauth]","@timestamp":"2022-09-11T21:14:54.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:17:01 honeypot-fra-1 CRON[1035]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T21:17:02.222Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:17:02.582Z","@version":"1","message":"Sep 11 21:17:01 honeypot-sgp-1 CRON[6716]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:25:59.785Z","@version":"1","message":"Sep 11 21:25:59 honeypot-sgp-1 sshd[6722]: Disconnected from invalid user user 45.61.186.49 port 43318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:26:07 honeypot-ams-1 kernel: [83808152.438784] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26953 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:26:07.846Z"}
{"@timestamp":"2022-09-11T21:26:09.790Z","@version":"1","message":"Sep 11 21:26:09 honeypot-sgp-1 sshd[6726]: Disconnected from invalid user user 45.61.186.49 port 55208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:28:58.855Z","@version":"1","message":"Sep 11 21:28:58 honeypot-sgp-1 sshd[6731]: Received disconnect from 45.61.186.249 port 35076:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:29:11 honeypot-fra-1 sshd[1046]: Invalid user photos from 141.98.10.158 port 36628","@timestamp":"2022-09-11T21:29:12.492Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:29:16.864Z","@version":"1","message":"Sep 11 21:29:16 honeypot-sgp-1 sshd[6735]: Received disconnect from 45.61.186.249 port 57564:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:35.873Z","@version":"1","message":"Sep 11 21:29:35 honeypot-sgp-1 sshd[6740]: Invalid user user from 45.61.186.249 port 51884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:44.878Z","@version":"1","message":"Sep 11 21:29:44 honeypot-sgp-1 sshd[6744]: Invalid user user from 45.61.186.249 port 34908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:52.880Z","@version":"1","message":"Sep 11 21:29:52 honeypot-sgp-1 sshd[6748]: Invalid user user from 45.61.186.249 port 46180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:30:01.885Z","@version":"1","message":"Sep 11 21:30:01 honeypot-sgp-1 sshd[6752]: Invalid user user from 45.61.186.49 port 38954","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1052]: Invalid user mysql from 13.229.182.132 port 24228","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1066]: Invalid user dev from 13.229.182.132 port 24324","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1059]: Invalid user nagios from 13.229.182.132 port 24278","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1068]: Connection closed by authenticating user root 13.229.182.132 port 24386 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1055]: Connection closed by authenticating user root 13.229.182.132 port 24154 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1053]: Connection closed by invalid user postgres 13.229.182.132 port 24184 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1059]: Connection closed by invalid user nagios 13.229.182.132 port 24278 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1073]: Connection closed by invalid user mysql 13.229.182.132 port 24072 [preauth]","@timestamp":"2022-09-11T21:31:17.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:34:27 honeypot-fra-1 sshd[1106]: Disconnected from authenticating user root 92.255.85.69 port 50426 [preauth]","@timestamp":"2022-09-11T21:34:28.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:36:51 honeypot-ams-1 sshd[10873]: Disconnected from authenticating user root 92.255.85.69 port 24942 [preauth]","@timestamp":"2022-09-11T21:36:52.139Z"}
{"@timestamp":"2022-09-11T21:40:47.128Z","@version":"1","message":"Sep 11 21:40:46 honeypot-sgp-1 kernel: [83808559.230340] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.23.206.55 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=21753 PROTO=TCP SPT=57923 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:45:11 honeypot-fra-1 sshd[1111]: Received disconnect from 211.125.67.35 port 35554:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:45:11.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:51:39 honeypot-fra-1 sshd[1114]: Received disconnect from 138.68.178.64 port 35230:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:51:40.007Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:04 honeypot-ams-1 sshd[10882]: Received disconnect from 141.255.162.226 port 58132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T21:55:05.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:08 honeypot-ams-1 sshd[10886]: Received disconnect from 141.255.162.226 port 33318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T21:55:08.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:09 honeypot-ams-1 sshd[10890]: Received disconnect from 141.255.162.226 port 39648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T21:55:10.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:56:02 honeypot-ams-1 sshd[10894]: Disconnected from authenticating user root 211.22.236.44 port 35705 [preauth]","@timestamp":"2022-09-11T21:56:03.635Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:57:37 honeypot-fra-1 sshd[1120]: Disconnected from authenticating user root 92.255.85.70 port 62802 [preauth]","@timestamp":"2022-09-11T21:57:38.140Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:59:45.562Z","@version":"1","message":"Sep 11 21:59:45 honeypot-sgp-1 sshd[6764]: Connection closed by invalid user admin 121.171.55.115 port 45310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:02:46 honeypot-ams-1 kernel: [83810351.169587] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.188.210.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=9309 PROTO=TCP SPT=40969 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:02:46.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:07 honeypot-fra-1 sshd[1130]: Received disconnect from 45.61.186.49 port 48340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:08:08.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:18 honeypot-fra-1 sshd[1134]: Received disconnect from 45.61.186.49 port 60256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:08:19.378Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:12:30 honeypot-ams-1 sshd[10906]: Received disconnect from 84.201.178.241 port 49290:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:12:31.088Z"}
{"@timestamp":"2022-09-11T22:16:13.936Z","@version":"1","message":"Sep 11 22:16:13 honeypot-sgp-1 sshd[6769]: Invalid user ernest from 94.110.108.120 port 34386","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:16:27 honeypot-ams-1 sshd[10909]: Disconnected from invalid user wksys 178.176.224.148 port 59510 [preauth]","@timestamp":"2022-09-11T22:16:28.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:17:01 honeypot-fra-1 CRON[1137]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T22:17:02.572Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:18:12.982Z","@version":"1","message":"Sep 11 22:18:12 honeypot-sgp-1 sshd[6774]: Disconnected from authenticating user root 92.255.85.69 port 37796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:18:59 honeypot-ams-1 sshd[10914]: Disconnected from invalid user chinchilla 128.199.177.224 port 52872 [preauth]","@timestamp":"2022-09-11T22:19:00.260Z"}
{"@timestamp":"2022-09-11T22:29:16.234Z","@version":"1","message":"Sep 11 22:29:15 honeypot-sgp-1 kernel: [83811468.341433] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.210.35 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=60911 DF PROTO=TCP SPT=57780 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:30:04 honeypot-ams-1 kernel: [83811989.993928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54970 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:30:05.544Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:32:34 honeypot-ams-1 sshd[10927]: Received disconnect from 80.76.51.46 port 51220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:32:35.611Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:33:07 honeypot-fra-1 sshd[1149]: Received disconnect from 189.195.123.54 port 55960:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:33:07.924Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:33:19 honeypot-ams-1 sshd[10933]: Received disconnect from 80.76.51.46 port 45176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:33:19.633Z"}
{"@timestamp":"2022-09-11T22:33:41.342Z","@version":"1","message":"Sep 11 22:33:40 honeypot-sgp-1 sshd[6786]: Invalid user user from 198.98.61.9 port 54472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:33:47 honeypot-ams-1 sshd[10937]: Received disconnect from 80.76.51.46 port 41362:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:33:47.647Z"}
{"@timestamp":"2022-09-11T22:34:02.351Z","@version":"1","message":"Sep 11 22:34:01 honeypot-sgp-1 sshd[6790]: Invalid user user from 198.98.61.9 port 49030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:15 honeypot-ams-1 sshd[10942]: Disconnected from authenticating user root 80.76.51.46 port 37218 [preauth]","@timestamp":"2022-09-11T22:34:15.662Z"}
{"@timestamp":"2022-09-11T22:34:22.362Z","@version":"1","message":"Sep 11 22:34:21 honeypot-sgp-1 sshd[6795]: Invalid user user from 198.98.61.9 port 43580","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:34:37.369Z","@version":"1","message":"Sep 11 22:34:37 honeypot-sgp-1 sshd[6799]: Invalid user user from 198.98.61.9 port 38140","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:44 honeypot-fra-1 sshd[1155]: Invalid user user from 141.255.162.226 port 41028","@timestamp":"2022-09-11T22:34:44.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:48 honeypot-fra-1 sshd[1159]: Invalid user user from 141.255.162.226 port 54248","@timestamp":"2022-09-11T22:34:48.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:50 honeypot-fra-1 sshd[1163]: Invalid user user from 141.255.162.226 port 45846","@timestamp":"2022-09-11T22:34:50.966Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:58 honeypot-ams-1 sshd[10948]: Invalid user admin from 80.76.51.46 port 59406","@timestamp":"2022-09-11T22:34:59.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:27 honeypot-ams-1 sshd[10952]: Invalid user ansible from 80.76.51.46 port 55370","@timestamp":"2022-09-11T22:35:27.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:56 honeypot-ams-1 sshd[10956]: Invalid user ansible from 80.76.51.46 port 51510","@timestamp":"2022-09-11T22:35:56.714Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:36:21 honeypot-ams-1 kernel: [83812366.581535] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=68.132.136.54 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=62229 PROTO=TCP SPT=28083 DPT=80 WINDOW=467 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:36:21.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:54 honeypot-ams-1 sshd[10964]: Received disconnect from 80.76.51.46 port 43412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:36:54.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:23 honeypot-ams-1 sshd[10968]: Disconnected from authenticating user root 80.76.51.46 port 39472 [preauth]","@timestamp":"2022-09-11T22:37:23.761Z"}
{"@timestamp":"2022-09-11T22:37:27.437Z","@version":"1","message":"Sep 11 22:37:26 honeypot-sgp-1 sshd[6805]: Received disconnect from 118.27.107.120 port 56650:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:38:06 honeypot-ams-1 sshd[10974]: Received disconnect from 80.76.51.46 port 33400:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:38:07.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:38:45 honeypot-fra-1 sshd[1168]: Received disconnect from 41.93.33.2 port 45264:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:38:46.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:46:25 honeypot-ams-1 sshd[10979]: Connection closed by invalid user support 136.185.7.173 port 39652 [preauth]","@timestamp":"2022-09-11T22:46:26.001Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1173]: Did not receive identification string from 147.135.252.17 port 49666","@timestamp":"2022-09-11T22:46:45.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1180]: Invalid user admin from 147.135.252.17 port 49684","@timestamp":"2022-09-11T22:46:45.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1178]: Connection closed by invalid user oracle 147.135.252.17 port 49686 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1175]: Invalid user vnc from 147.135.252.17 port 49696","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1189]: Invalid user user from 147.135.252.17 port 49744","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1176]: Invalid user ftpuser from 147.135.252.17 port 49700","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1195]: Invalid user www from 147.135.252.17 port 49716","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1201]: Invalid user test from 147.135.252.17 port 49748","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1197]: Connection closed by invalid user esuser 147.135.252.17 port 49726 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:48:31 honeypot-fra-1 sshd[1232]: Invalid user silvano from 68.183.232.27 port 59752","@timestamp":"2022-09-11T22:48:32.275Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:52:13 honeypot-ams-1 kernel: [83813319.018953] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=147.124.222.183 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=37633 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:52:14.154Z"}
{"@timestamp":"2022-09-11T22:53:11.801Z","@version":"1","message":"Sep 11 22:53:10 honeypot-sgp-1 sshd[6886]: Received disconnect from 93.153.192.254 port 38098:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:56:36.884Z","@version":"1","message":"Sep 11 22:56:36 honeypot-sgp-1 sshd[6890]: Received disconnect from 20.57.113.125 port 56434:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:58:26 honeypot-fra-1 kernel: [83811535.736488] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=34908 PROTO=TCP SPT=58130 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:58:27.495Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:58:42 honeypot-ams-1 kernel: [83813707.663786] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=6028 DF PROTO=TCP SPT=55875 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T22:58:43.325Z"}
{"@timestamp":"2022-09-11T23:00:08.969Z","@version":"1","message":"Sep 11 23:00:08 honeypot-sgp-1 kernel: [83813321.086247] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=27578 DF PROTO=TCP SPT=56468 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:03:06 honeypot-fra-1 sshd[1240]: Disconnected from invalid user kelimoff 181.49.254.238 port 42686 [preauth]","@timestamp":"2022-09-11T23:03:06.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:04:46.078Z","@version":"1","message":"Sep 11 23:04:46 honeypot-sgp-1 sshd[6913]: Invalid user testik from 109.115.187.31 port 48538","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:05:47.108Z","@version":"1","message":"Sep 11 23:05:46 honeypot-sgp-1 sshd[6920]: Disconnected from authenticating user root 202.158.139.57 port 33784 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:10:36 honeypot-ams-1 sshd[10989]: Received disconnect from 92.255.85.69 port 33476:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:10:36.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:17:01 honeypot-fra-1 CRON[1249]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T23:17:01.903Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:17:12.393Z","@version":"1","message":"Sep 11 23:17:11 honeypot-sgp-1 sshd[6931]: Invalid user  from 185.246.130.20 port 58015","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:17:42.408Z","@version":"1","message":"Sep 11 23:17:41 honeypot-sgp-1 sshd[6945]: Invalid user  from 185.246.130.20 port 24304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:18:22.426Z","@version":"1","message":"Sep 11 23:18:22 honeypot-sgp-1 sshd[6951]: Invalid user admin from 185.246.130.20 port 36142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:18:45.436Z","@version":"1","message":"Sep 11 23:18:45 honeypot-sgp-1 sshd[6957]: Invalid user manager from 185.246.130.20 port 3076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:15.449Z","@version":"1","message":"Sep 11 23:19:14 honeypot-sgp-1 sshd[6964]: Disconnecting invalid user 1234 185.246.130.20 port 17211: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:19:41 honeypot-fra-1 kernel: [83812810.463396] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.188.210.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=2531 PROTO=TCP SPT=40969 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:19:41.964Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:19:42.462Z","@version":"1","message":"Sep 11 23:19:41 honeypot-sgp-1 sshd[6971]: Disconnecting invalid user  185.246.130.20 port 24582: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:16.477Z","@version":"1","message":"Sep 11 23:20:15 honeypot-sgp-1 sshd[6979]: Invalid user blank from 185.246.130.20 port 16990","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:49.493Z","@version":"1","message":"Sep 11 23:20:48 honeypot-sgp-1 sshd[6985]: Invalid user 1234 from 185.246.130.20 port 20967","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:16.505Z","@version":"1","message":"Sep 11 23:21:15 honeypot-sgp-1 sshd[6991]: Disconnecting invalid user Cisco 185.246.130.20 port 32068: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:34.514Z","@version":"1","message":"Sep 11 23:21:33 honeypot-sgp-1 sshd[6997]: Disconnecting invalid user 1234 185.246.130.20 port 1646: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:05.528Z","@version":"1","message":"Sep 11 23:22:05 honeypot-sgp-1 sshd[7005]: Invalid user adslroot from 185.246.130.20 port 13407","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:22.537Z","@version":"1","message":"Sep 11 23:22:21 honeypot-sgp-1 sshd[7010]: Connection closed by invalid user ubuntu 103.188.176.251 port 38618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:55.551Z","@version":"1","message":"Sep 11 23:22:54 honeypot-sgp-1 sshd[7016]: Disconnecting invalid user zhone 185.246.130.20 port 11147: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:20 honeypot-ams-1 sshd[10997]: Received disconnect from 85.31.46.45 port 39204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:23:21.071Z"}
{"@timestamp":"2022-09-11T23:23:28.567Z","@version":"1","message":"Sep 11 23:23:27 honeypot-sgp-1 sshd[7024]: Invalid user admin from 185.246.130.20 port 2926","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:50.578Z","@version":"1","message":"Sep 11 23:23:49 honeypot-sgp-1 sshd[7030]: Invalid user cusadmin from 185.246.130.20 port 19779","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:53 honeypot-ams-1 sshd[11001]: Received disconnect from 85.31.46.45 port 35726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:23:54.088Z"}
{"@timestamp":"2022-09-11T23:24:16.590Z","@version":"1","message":"Sep 11 23:24:16 honeypot-sgp-1 sshd[7037]: Invalid user lgnortel from 185.246.130.20 port 50650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:24:45.604Z","@version":"1","message":"Sep 11 23:24:44 honeypot-sgp-1 sshd[7044]: Invalid user admin from 185.246.130.20 port 10879","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:24.623Z","@version":"1","message":"Sep 11 23:25:23 honeypot-sgp-1 sshd[7050]: Invalid user matrix from 185.246.130.20 port 61170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:59.640Z","@version":"1","message":"Sep 11 23:25:58 honeypot-sgp-1 sshd[7056]: Invalid user motorola from 185.246.130.20 port 16340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:26.653Z","@version":"1","message":"Sep 11 23:26:26 honeypot-sgp-1 sshd[7062]: Disconnecting authenticating user root 185.246.130.20 port 42344: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:52.666Z","@version":"1","message":"Sep 11 23:26:52 honeypot-sgp-1 sshd[7068]: Disconnecting invalid user 0 185.246.130.20 port 55856: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:23.681Z","@version":"1","message":"Sep 11 23:27:23 honeypot-sgp-1 sshd[7074]: Disconnecting invalid user admin 185.246.130.20 port 46448: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:53.695Z","@version":"1","message":"Sep 11 23:27:53 honeypot-sgp-1 sshd[7089]: Disconnecting invalid user Broadcom 185.246.130.20 port 33829: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:25.710Z","@version":"1","message":"Sep 11 23:28:25 honeypot-sgp-1 sshd[7097]: Invalid user test2 from 92.255.85.69 port 57862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:28:30 honeypot-fra-1 kernel: [83813339.256674] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50723 PROTO=TCP SPT=51407 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:28:31.174Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:28:41.718Z","@version":"1","message":"Sep 11 23:28:41 honeypot-sgp-1 sshd[7101]: Invalid user smcadmin from 185.246.130.20 port 42052","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:12.732Z","@version":"1","message":"Sep 11 23:29:11 honeypot-sgp-1 sshd[7107]: Invalid user admin from 185.246.130.20 port 5180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:37.745Z","@version":"1","message":"Sep 11 23:29:37 honeypot-sgp-1 sshd[7114]: Invalid user user from 185.246.130.20 port 34015","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:09.760Z","@version":"1","message":"Sep 11 23:30:09 honeypot-sgp-1 sshd[7120]: Disconnecting invalid user 123456 185.246.130.20 port 4590: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:39.775Z","@version":"1","message":"Sep 11 23:30:39 honeypot-sgp-1 sshd[7126]: Disconnecting invalid user readwrite 185.246.130.20 port 9055: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:58.784Z","@version":"1","message":"Sep 11 23:30:58 honeypot-sgp-1 sshd[7130]: Disconnecting invalid user admin 185.246.130.20 port 19506: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:31:35.803Z","@version":"1","message":"Sep 11 23:31:34 honeypot-sgp-1 sshd[7136]: Invalid user admin from 197.248.7.238 port 51968","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:32:01.814Z","@version":"1","message":"Sep 11 23:32:01 honeypot-sgp-1 sshd[7140]: Disconnecting invalid user zoomadsl 185.246.130.20 port 28743: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:32:43.834Z","@version":"1","message":"Sep 11 23:32:42 honeypot-sgp-1 sshd[7146]: Connection closed by invalid user ltecl4r0 185.246.130.20 port 37228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:32:51 honeypot-fra-1 sshd[1263]: Invalid user user from 45.61.184.204 port 32978","@timestamp":"2022-09-11T23:32:51.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:10 honeypot-fra-1 sshd[1267]: Invalid user user from 45.61.184.204 port 56366","@timestamp":"2022-09-11T23:33:10.301Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:27 honeypot-fra-1 sshd[1271]: Invalid user user from 45.61.184.204 port 51514","@timestamp":"2022-09-11T23:33:27.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:44 honeypot-fra-1 sshd[1275]: Invalid user user from 45.61.184.204 port 46656","@timestamp":"2022-09-11T23:33:44.317Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:34:36 honeypot-ams-1 kernel: [83815861.236355] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.53 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=54487 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:34:36.371Z"}
{"@timestamp":"2022-09-11T23:37:16.941Z","@version":"1","message":"Sep 11 23:37:16 honeypot-sgp-1 sshd[7154]: Received disconnect from 157.230.32.156 port 52948:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:38:48 honeypot-fra-1 kernel: [83813956.894910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.221.114.88 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24675 PROTO=TCP SPT=43863 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:38:48.432Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:40:06 honeypot-ams-1 kernel: [83816192.072994] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=57908 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:40:07.514Z"}
{"@timestamp":"2022-09-11T23:40:34.022Z","@version":"1","message":"Sep 11 23:40:33 honeypot-sgp-1 kernel: [83815745.430594] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=60810 DF PROTO=TCP SPT=64732 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:18 honeypot-ams-1 sshd[11013]: Received disconnect from 45.61.187.160 port 40782:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:43:18.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:39 honeypot-ams-1 sshd[11017]: Received disconnect from 45.61.187.160 port 35638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:43:40.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:44:00 honeypot-ams-1 sshd[11021]: Received disconnect from 45.61.187.160 port 58712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:44:00.621Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:54:57 honeypot-fra-1 sshd[1358]: Received disconnect from 92.255.85.69 port 58572:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:54:57.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:55:14 honeypot-ams-1 kernel: [83817099.586339] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=12107 DF PROTO=TCP SPT=13131 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:55:14.915Z"}
{"@timestamp":"2022-09-12T00:00:08.467Z","@version":"1","message":"Sep 12 00:00:08 honeypot-sgp-1 kernel: [83816920.425306] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=48218 PROTO=TCP SPT=40803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:03:52 honeypot-fra-1 sshd[1374]: Invalid user kym from 107.189.14.132 port 55738","@timestamp":"2022-09-12T00:03:53.005Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:04:09 honeypot-ams-1 kernel: [83817634.852245] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.7.210.247 DST=178.62.254.91 LEN=56 TOS=0x00 PREC=0x00 TTL=51 ID=16514 DF PROTO=TCP SPT=52931 DPT=80 WINDOW=5808 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:04:10.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:08:40 honeypot-ams-1 sshd[11042]: Invalid user chris from 159.223.57.252 port 55202","@timestamp":"2022-09-12T00:08:41.286Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:12:40 honeypot-ams-1 kernel: [83818145.639526] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.247.131.88 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15533 PROTO=TCP SPT=53815 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:12:41.392Z"}
{"@timestamp":"2022-09-12T00:15:46.841Z","@version":"1","message":"Sep 12 00:15:46 honeypot-sgp-1 sshd[7182]: Received disconnect from 92.255.85.69 port 63084:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:17:01 honeypot-fra-1 CRON[1377]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T00:17:02.298Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:20:48 honeypot-ams-1 sshd[11052]: Disconnected from authenticating user root 92.255.85.70 port 27932 [preauth]","@timestamp":"2022-09-12T00:20:48.623Z"}
{"@timestamp":"2022-09-12T00:23:48.038Z","@version":"1","message":"Sep 12 00:23:47 honeypot-sgp-1 sshd[7189]: Invalid user cybcomm from 207.46.227.197 port 1728","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:25:09.072Z","@version":"1","message":"Sep 12 00:25:08 honeypot-sgp-1 sshd[7191]: Disconnected from invalid user usuario 85.237.57.193 port 34762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:26:24.108Z","@version":"1","message":"Sep 12 00:26:23 honeypot-sgp-1 sshd[7195]: Received disconnect from 45.175.18.29 port 45606:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:13.154Z","@version":"1","message":"Sep 12 00:28:12 honeypot-sgp-1 sshd[7200]: Received disconnect from 45.61.187.160 port 34090:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:34.165Z","@version":"1","message":"Sep 12 00:28:34 honeypot-sgp-1 sshd[7204]: Received disconnect from 45.61.187.160 port 57632:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:57.174Z","@version":"1","message":"Sep 12 00:28:56 honeypot-sgp-1 sshd[7209]: Received disconnect from 45.61.187.160 port 52928:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:12.181Z","@version":"1","message":"Sep 12 00:29:12 honeypot-sgp-1 sshd[7213]: Disconnected from authenticating user root 43.154.66.195 port 37094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:30:08.204Z","@version":"1","message":"Sep 12 00:30:07 honeypot-sgp-1 sshd[7219]: Invalid user drive from 213.32.77.242 port 53072","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:30:09 honeypot-fra-1 kernel: [83817038.373676] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.166 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44296 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:30:10.614Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:34:32 honeypot-ams-1 kernel: [83819457.903491] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.99.32.14 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=42820 PROTO=TCP SPT=61953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:34:32.988Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:38:14 honeypot-fra-1 sshd[1390]: Invalid user kevin1 from 165.22.45.108 port 43788","@timestamp":"2022-09-12T00:38:15.797Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:39:16.423Z","@version":"1","message":"Sep 12 00:39:15 honeypot-sgp-1 sshd[7223]: Disconnected from authenticating user root 92.255.85.69 port 32560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:42:37 honeypot-fra-1 sshd[1398]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-12T00:42:37.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:44:36 honeypot-fra-1 sshd[1401]: Received disconnect from 157.245.122.58 port 58598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:44:36.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:46:27 honeypot-fra-1 sshd[1405]: Invalid user data.user from 157.245.122.58 port 57428","@timestamp":"2022-09-12T00:46:27.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:47:20 honeypot-fra-1 sshd[1409]: Received disconnect from 157.245.122.58 port 42726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:47:21.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:49:00 honeypot-fra-1 sshd[1414]: Received disconnect from 157.245.122.58 port 41556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:49:01.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:49:55.680Z","@version":"1","message":"Sep 12 00:49:55 honeypot-sgp-1 sshd[7228]: Received disconnect from 62.204.41.222 port 38176:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:54:47.799Z","@version":"1","message":"Sep 12 00:54:47 honeypot-sgp-1 sshd[7231]: Received disconnect from 91.240.118.222 port 52945:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:58:03 honeypot-ams-1 kernel: [83820868.660658] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=35991 DF PROTO=TCP SPT=54201 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T00:58:03.608Z"}
{"@timestamp":"2022-09-12T01:02:59.999Z","@version":"1","message":"Sep 12 01:02:59 honeypot-sgp-1 sshd[7236]: Invalid user support from 223.82.232.208 port 1524","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:07:58 honeypot-ams-1 sshd[11071]: Received disconnect from 92.255.85.70 port 63434:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:07:58.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:13:08 honeypot-fra-1 sshd[1421]: Invalid user kevin from 165.22.45.108 port 48624","@timestamp":"2022-09-12T01:13:09.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T01:13:43.258Z","@version":"1","message":"Sep 12 01:13:43 honeypot-sgp-1 sshd[7241]: Disconnected from invalid user monitor 27.74.254.115 port 52690 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:14:40 honeypot-ams-1 sshd[11076]: Did not receive identification string from 45.61.186.249 port 45706","@timestamp":"2022-09-12T01:14:41.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:19 honeypot-ams-1 sshd[11081]: Invalid user user from 45.61.186.249 port 35706","@timestamp":"2022-09-12T01:15:20.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:39 honeypot-ams-1 sshd[11085]: Invalid user user from 45.61.186.249 port 58398","@timestamp":"2022-09-12T01:15:40.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:15:52 honeypot-fra-1 sshd[1426]: Received disconnect from 37.139.1.197 port 46904:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:15:52.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:54 honeypot-ams-1 sshd[11089]: Invalid user user from 198.98.61.9 port 39682","@timestamp":"2022-09-12T01:15:54.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:02 honeypot-ams-1 sshd[11093]: Invalid user user from 198.98.61.9 port 51192","@timestamp":"2022-09-12T01:16:03.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:11 honeypot-ams-1 sshd[11097]: Invalid user user from 198.98.61.9 port 34502","@timestamp":"2022-09-12T01:16:12.110Z"}
{"@timestamp":"2022-09-12T01:16:19.322Z","@version":"1","message":"Sep 12 01:16:19 honeypot-sgp-1 sshd[7245]: Disconnected from invalid user hvq 103.174.114.55 port 45010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:32 honeypot-ams-1 sshd[11101]: Invalid user user from 198.98.61.9 port 57502","@timestamp":"2022-09-12T01:16:33.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:48 honeypot-ams-1 sshd[11105]: Invalid user user from 198.98.61.9 port 52260","@timestamp":"2022-09-12T01:16:49.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:20:40 honeypot-ams-1 sshd[11113]: Disconnected from authenticating user root 157.245.122.58 port 59244 [preauth]","@timestamp":"2022-09-12T01:20:41.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:21:53 honeypot-fra-1 kernel: [83820142.223882] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=13258 PROTO=TCP SPT=44300 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:21:53.828Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:22:41 honeypot-ams-1 sshd[11119]: Invalid user odoo from 157.245.122.58 port 58086","@timestamp":"2022-09-12T01:22:42.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:24:30 honeypot-ams-1 sshd[11124]: Invalid user data.user from 157.245.122.58 port 56928","@timestamp":"2022-09-12T01:24:30.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:25:22 honeypot-ams-1 sshd[11126]: Received disconnect from 157.245.122.58 port 42222:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:25:22.371Z"}
{"@timestamp":"2022-09-12T01:26:30.571Z","@version":"1","message":"Sep 12 01:26:30 honeypot-sgp-1 sshd[7252]: Received disconnect from 92.255.85.69 port 55650:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:26:57 honeypot-ams-1 sshd[11133]: Did not receive identification string from 45.61.186.169 port 57142","@timestamp":"2022-09-12T01:26:57.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:25 honeypot-ams-1 sshd[11136]: Invalid user user from 45.61.186.169 port 58874","@timestamp":"2022-09-12T01:27:26.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:43 honeypot-ams-1 sshd[11140]: Invalid user user from 45.61.186.169 port 54164","@timestamp":"2022-09-12T01:27:44.444Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:00 honeypot-ams-1 sshd[11144]: Invalid user user from 45.61.186.169 port 49458","@timestamp":"2022-09-12T01:28:01.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:16 honeypot-ams-1 sshd[11148]: Invalid user user from 45.61.186.169 port 44746","@timestamp":"2022-09-12T01:28:16.463Z"}
{"@timestamp":"2022-09-12T01:28:27.622Z","@version":"1","message":"Sep 12 01:28:27 honeypot-sgp-1 sshd[7254]: Received disconnect from 122.176.119.202 port 47708:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:31:10 honeypot-ams-1 kernel: [83822856.021534] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=2878 PROTO=TCP SPT=43081 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:31:11.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:31:27 honeypot-fra-1 sshd[1441]: Connection closed by invalid user ubuntu 103.188.176.251 port 54010 [preauth]","@timestamp":"2022-09-12T01:31:28.049Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1451]: Invalid user hadoop from 49.234.154.127 port 33854","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1460]: Invalid user git from 49.234.154.127 port 33876","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1449]: Connection closed by invalid user testuser 49.234.154.127 port 33914 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1466]: Connection closed by invalid user user 49.234.154.127 port 33902 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1464]: Connection closed by invalid user oracle 49.234.154.127 port 33852 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:33 honeypot-fra-1 sshd[1453]: Connection closed by invalid user admin 49.234.154.127 port 33872 [preauth]","@timestamp":"2022-09-12T01:37:34.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:34 honeypot-fra-1 sshd[1497]: Connection closed by invalid user oracle 49.234.154.127 port 33844 [preauth]","@timestamp":"2022-09-12T01:37:35.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:39 honeypot-fra-1 sshd[1493]: Invalid user teamspeak from 49.234.154.127 port 33862","@timestamp":"2022-09-12T01:37:39.194Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T01:38:44.884Z","@version":"1","message":"Sep 12 01:38:44 honeypot-sgp-1 sshd[7260]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:39:54 honeypot-fra-1 sshd[1501]: Connection closed by 192.241.220.92 port 58238 [preauth]","@timestamp":"2022-09-12T01:39:55.246Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:40:09 honeypot-ams-1 kernel: [83823394.076808] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=52738 DF PROTO=TCP SPT=49653 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T01:40:09.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:43:14 honeypot-ams-1 sshd[11160]: Received disconnect from 80.76.51.45 port 55106:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:43:14.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:43:45 honeypot-ams-1 sshd[11164]: Disconnected from authenticating user root 80.76.51.45 port 50032 [preauth]","@timestamp":"2022-09-12T01:43:45.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:30 honeypot-ams-1 sshd[11170]: Received disconnect from 80.76.51.45 port 56456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:44:30.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:14 honeypot-ams-1 sshd[11176]: Received disconnect from 80.76.51.45 port 34646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:45:14.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:44 honeypot-ams-1 sshd[11180]: Disconnected from invalid user user 80.76.51.45 port 57874 [preauth]","@timestamp":"2022-09-12T01:45:44.965Z"}
{"@timestamp":"2022-09-12T01:50:19.177Z","@version":"1","message":"Sep 12 01:50:18 honeypot-sgp-1 sshd[7264]: Disconnected from invalid user banner 202.29.13.51 port 58580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:51:12 honeypot-ams-1 sshd[11185]: Received disconnect from 208.184.30.130 port 34414:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:51:13.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:52:03 honeypot-fra-1 sshd[1510]: Disconnected from authenticating user root 92.255.85.69 port 26320 [preauth]","@timestamp":"2022-09-12T01:52:04.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:01:41 honeypot-ams-1 sshd[11190]: Invalid user kongxx from 139.59.3.114 port 50514","@timestamp":"2022-09-12T02:01:41.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:03:17 honeypot-ams-1 sshd[11194]: Invalid user mihai from 46.101.23.51 port 52498","@timestamp":"2022-09-12T02:03:18.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:05:07 honeypot-fra-1 kernel: [83822735.961170] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35498 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:05:07.811Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:37 honeypot-fra-1 sshd[1520]: Disconnected from invalid user admin 62.204.41.222 port 56546 [preauth]","@timestamp":"2022-09-12T02:06:37.849Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:53 honeypot-fra-1 sshd[1524]: Disconnected from invalid user user 45.61.186.169 port 40654 [preauth]","@timestamp":"2022-09-12T02:06:53.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:11 honeypot-fra-1 sshd[1528]: Disconnected from invalid user user 45.61.186.169 port 35504 [preauth]","@timestamp":"2022-09-12T02:07:11.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:27 honeypot-fra-1 sshd[1532]: Disconnected from invalid user user 45.61.186.169 port 58594 [preauth]","@timestamp":"2022-09-12T02:07:27.892Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:07:40.602Z","@version":"1","message":"Sep 12 02:07:40 honeypot-sgp-1 kernel: [83824572.602211] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.80 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=64800 PROTO=TCP SPT=38393 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:10:55 honeypot-fra-1 sshd[1537]: Received disconnect from 91.240.118.222 port 40068:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-12T02:10:55.972Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:12:22 honeypot-ams-1 kernel: [83825327.643362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=21383 DF PROTO=TCP SPT=51789 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:12:22.687Z"}
{"@timestamp":"2022-09-12T02:13:42.754Z","@version":"1","message":"Sep 12 02:13:42 honeypot-sgp-1 sshd[7274]: Disconnected from invalid user operator 212.33.250.241 port 36870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:15:26 honeypot-fra-1 kernel: [83823354.897687] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.97.148.73 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=34446 PROTO=TCP SPT=48909 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:15:27.079Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:23:21 honeypot-ams-1 kernel: [83825986.441775] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=34814 DF PROTO=TCP SPT=56758 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T02:23:21.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:28:44 honeypot-fra-1 kernel: [83824152.878890] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.209.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=396 PROTO=TCP SPT=22689 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:28:45.379Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T02:28:44.132Z","@version":"1","message":"Sep 12 02:28:43 honeypot-sgp-1 kernel: [83825835.326337] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44436 PROTO=TCP SPT=58435 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:29:30 honeypot-ams-1 sshd[11218]: Received disconnect from 91.201.240.153 port 59006:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:29:31.149Z"}
{"@timestamp":"2022-09-12T02:31:25.199Z","@version":"1","message":"Sep 12 02:31:24 honeypot-sgp-1 kernel: [83825996.493597] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.251 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34206 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T02:36:07.316Z","@version":"1","message":"Sep 12 02:36:07 honeypot-sgp-1 sshd[7289]: Disconnected from authenticating user root 92.255.85.69 port 54530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:41:28 honeypot-ams-1 sshd[11221]: Received disconnect from 92.255.85.69 port 52578:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:41:28.473Z"}
{"@timestamp":"2022-09-12T02:45:21.537Z","@version":"1","message":"Sep 12 02:45:21 honeypot-sgp-1 kernel: [83826833.558625] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=39088 PROTO=TCP SPT=50489 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:47:30 honeypot-fra-1 kernel: [83825278.358445] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.102.181 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=58629 DF PROTO=TCP SPT=35756 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:47:30.800Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:56:24 honeypot-fra-1 sshd[1557]: Disconnected from invalid user gzuser 210.4.123.219 port 59553 [preauth]","@timestamp":"2022-09-12T02:56:24.997Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:58:39 honeypot-ams-1 kernel: [83828104.053622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.158.14.109 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x20 TTL=57 ID=14178 PROTO=TCP SPT=2438 DPT=80 WINDOW=36878 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:58:39.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:58:54 honeypot-fra-1 sshd[1561]: Disconnected from invalid user kevin 165.22.45.108 port 36698 [preauth]","@timestamp":"2022-09-12T02:58:55.055Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:59:56.892Z","@version":"1","message":"Sep 12 02:59:56 honeypot-sgp-1 sshd[7302]: Received disconnect from 92.255.85.69 port 30790:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:10:32 honeypot-fra-1 sshd[1569]: Disconnected from authenticating user root 159.65.77.254 port 48874 [preauth]","@timestamp":"2022-09-12T03:10:33.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:12:39 honeypot-ams-1 sshd[11230]: Disconnected from authenticating user root 139.59.2.151 port 38156 [preauth]","@timestamp":"2022-09-12T03:12:40.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:16:38 honeypot-fra-1 kernel: [83827026.320462] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=56654 DF PROTO=TCP SPT=49565 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T03:16:38.450Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T03:17:02.313Z","@version":"1","message":"Sep 12 03:17:01 honeypot-sgp-1 CRON[7306]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:19:10 honeypot-ams-1 sshd[11236]: Connection closed by invalid user guest 203.122.48.130 port 33217 [preauth]","@timestamp":"2022-09-12T03:19:10.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:26:03 honeypot-fra-1 sshd[1578]: Received disconnect from 92.255.85.69 port 37744:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:26:03.669Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:29:18.609Z","@version":"1","message":"Sep 12 03:29:17 honeypot-sgp-1 sshd[7316]: Invalid user yes from 211.252.84.133 port 52630","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:28 honeypot-ams-1 sshd[11243]: Invalid user user from 45.61.184.204 port 57540","@timestamp":"2022-09-12T03:29:28.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:47 honeypot-ams-1 sshd[11247]: Invalid user user from 45.61.184.204 port 52788","@timestamp":"2022-09-12T03:29:47.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:04 honeypot-ams-1 sshd[11251]: Invalid user user from 45.61.184.204 port 48034","@timestamp":"2022-09-12T03:30:04.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:21 honeypot-ams-1 sshd[11255]: Invalid user user from 45.61.184.204 port 43284","@timestamp":"2022-09-12T03:30:21.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:31:17 honeypot-fra-1 sshd[1582]: Disconnected from invalid user cyrus 159.65.129.227 port 52830 [preauth]","@timestamp":"2022-09-12T03:31:17.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:22 honeypot-fra-1 sshd[1587]: Received disconnect from 45.61.184.204 port 50542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:32:22.814Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:40 honeypot-fra-1 sshd[1591]: Received disconnect from 45.61.184.204 port 45132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:32:40.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:57 honeypot-fra-1 sshd[1595]: Received disconnect from 45.61.184.204 port 39720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:32:57.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:33:57 honeypot-fra-1 sshd[1599]: Received disconnect from 165.22.45.108 port 41740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:33:57.854Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:34:06.759Z","@version":"1","message":"Sep 12 03:34:06 honeypot-sgp-1 sshd[7320]: Received disconnect from 68.183.25.156 port 54144:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:46:13 honeypot-ams-1 kernel: [83830958.870632] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41812 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:46:14.210Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:49:18 honeypot-fra-1 sshd[1603]: Disconnected from authenticating user root 92.255.85.69 port 43958 [preauth]","@timestamp":"2022-09-12T03:49:19.192Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:50:33 honeypot-ams-1 sshd[11262]: Received disconnect from 43.135.1.155 port 45292:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:50:34.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:15 honeypot-ams-1 sshd[11266]: Did not receive identification string from 46.19.141.122 port 48980","@timestamp":"2022-09-12T03:52:15.374Z"}
{"@timestamp":"2022-09-12T03:52:26.203Z","@version":"1","message":"Sep 12 03:52:25 honeypot-sgp-1 kernel: [83830857.914857] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.123.210.115 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=18076 PROTO=TCP SPT=56481 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:51 honeypot-ams-1 sshd[11271]: Disconnected from authenticating user root 46.19.141.122 port 42206 [preauth]","@timestamp":"2022-09-12T03:52:52.393Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:17 honeypot-ams-1 sshd[11277]: Received disconnect from 46.19.141.122 port 39300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:54:18.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:44 honeypot-ams-1 sshd[11281]: Invalid user kv from 209.73.215.135 port 36126","@timestamp":"2022-09-12T03:54:45.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:55:09 honeypot-ams-1 sshd[11286]: Received disconnect from 46.19.141.122 port 36388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:55:10.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:56:04 honeypot-ams-1 sshd[11290]: Received disconnect from 46.19.141.122 port 53268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:56:04.488Z"}
{"@timestamp":"2022-09-12T03:57:20.324Z","@version":"1","message":"Sep 12 03:57:20 honeypot-sgp-1 sshd[7329]: Disconnected from invalid user gaby 64.227.98.3 port 52250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:57:58 honeypot-ams-1 sshd[11294]: Disconnected from invalid user admin 62.204.41.222 port 45124 [preauth]","@timestamp":"2022-09-12T03:57:58.539Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:01:15 honeypot-ams-1 kernel: [83831860.385854] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=2750 DF PROTO=TCP SPT=38992 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:01:15.631Z"}
{"@timestamp":"2022-09-12T04:03:17.476Z","@version":"1","message":"Sep 12 04:03:17 honeypot-sgp-1 sshd[7337]: Received disconnect from 157.245.122.58 port 49296:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:05:18.529Z","@version":"1","message":"Sep 12 04:05:17 honeypot-sgp-1 sshd[7343]: Invalid user tenancy from 157.245.122.58 port 48142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:07:09.578Z","@version":"1","message":"Sep 12 04:07:09 honeypot-sgp-1 sshd[7347]: Invalid user jonitwiso from 157.245.122.58 port 46976","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:08:33.614Z","@version":"1","message":"Sep 12 04:08:33 honeypot-sgp-1 sshd[7352]: Received disconnect from 154.211.12.170 port 32848:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:09:25 honeypot-fra-1 sshd[1613]: Invalid user kevin from 165.22.45.108 port 46790","@timestamp":"2022-09-12T04:09:26.674Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:09:56.651Z","@version":"1","message":"Sep 12 04:09:56 honeypot-sgp-1 sshd[7356]: Disconnected from authenticating user root 92.255.85.69 port 51690 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:46 honeypot-fra-1 sshd[1633]: Invalid user admin from 204.44.66.189 port 59082","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1637]: Invalid user testuser from 204.44.66.189 port 59074","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1635]: Invalid user es from 204.44.66.189 port 59116","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1617]: Invalid user lighthouse from 204.44.66.189 port 59094","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1622]: Connection closed by invalid user cloud 204.44.66.189 port 59070 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1634]: Connection closed by invalid user user 204.44.66.189 port 59050 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1630]: Connection closed by invalid user git 204.44.66.189 port 59054 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1625]: Connection closed by invalid user rustserver 204.44.66.189 port 59076 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:54 honeypot-fra-1 sshd[1668]: Disconnected from authenticating user root 92.255.85.69 port 19222 [preauth]","@timestamp":"2022-09-12T04:13:55.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:14:01 honeypot-ams-1 sshd[11303]: Received disconnect from 111.42.133.43 port 42586:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:14:01.973Z"}
{"@timestamp":"2022-09-12T04:17:32.838Z","@version":"1","message":"Sep 12 04:17:32 honeypot-sgp-1 sshd[7363]: Invalid user user from 45.61.186.169 port 57342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:49.848Z","@version":"1","message":"Sep 12 04:17:49 honeypot-sgp-1 sshd[7367]: Invalid user user from 45.61.186.169 port 52336","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:17:49 honeypot-ams-1 kernel: [83832854.028410] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.88.49.77 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=28396 DF PROTO=TCP SPT=50404 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:17:50.075Z"}
{"@timestamp":"2022-09-12T04:18:06.856Z","@version":"1","message":"Sep 12 04:18:06 honeypot-sgp-1 sshd[7371]: Invalid user user from 45.61.186.169 port 47316","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:18:21.864Z","@version":"1","message":"Sep 12 04:18:21 honeypot-sgp-1 sshd[7375]: Invalid user user from 45.61.186.169 port 42326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:19:44 honeypot-fra-1 sshd[1674]: Disconnected from invalid user sinusbot 165.22.56.109 port 54594 [preauth]","@timestamp":"2022-09-12T04:19:44.902Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:08 honeypot-ams-1 sshd[11314]: Received disconnect from 45.61.186.49 port 38492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:20:09.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:18 honeypot-ams-1 sshd[11318]: Received disconnect from 45.61.186.49 port 50410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:20:19.147Z"}
{"@timestamp":"2022-09-12T04:20:37.924Z","@version":"1","message":"Sep 12 04:20:37 honeypot-sgp-1 kernel: [83832549.812871] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.91.204 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=29384 PROTO=TCP SPT=17034 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:20:56 honeypot-ams-1 kernel: [83833041.586104] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=56570 DF PROTO=TCP SPT=62755 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T04:20:57.167Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:26:12 honeypot-fra-1 kernel: [83831200.097713] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=22627 PROTO=TCP SPT=22415 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:26:13.048Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:33 honeypot-ams-1 sshd[11326]: Disconnected from invalid user admin 80.76.51.43 port 56006 [preauth]","@timestamp":"2022-09-12T04:30:33.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:31:03 honeypot-ams-1 sshd[11330]: Disconnected from invalid user admin 80.76.51.43 port 55486 [preauth]","@timestamp":"2022-09-12T04:31:03.437Z"}
{"@timestamp":"2022-09-12T04:34:36.265Z","@version":"1","message":"Sep 12 04:34:35 honeypot-sgp-1 sshd[7396]: Disconnected from authenticating user root 92.255.85.69 port 25780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:36:42 honeypot-fra-1 sshd[1685]: Disconnected from authenticating user root 92.255.85.69 port 21562 [preauth]","@timestamp":"2022-09-12T04:36:43.282Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:01 honeypot-ams-1 sshd[11338]: Received disconnect from 45.61.184.204 port 43448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:40:01.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:22 honeypot-ams-1 sshd[11342]: Received disconnect from 45.61.184.204 port 39384:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:40:22.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:40 honeypot-ams-1 sshd[11346]: Invalid user user from 45.61.184.204 port 35314","@timestamp":"2022-09-12T04:40:41.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:51 honeypot-ams-1 sshd[11348]: Disconnected from invalid user user 45.61.184.204 port 47470 [preauth]","@timestamp":"2022-09-12T04:40:51.725Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:42:59 honeypot-fra-1 sshd[1688]: Disconnected from invalid user qgq 159.223.95.166 port 59870 [preauth]","@timestamp":"2022-09-12T04:43:00.422Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:45:22 honeypot-fra-1 sshd[1692]: Disconnected from invalid user kf 165.22.45.108 port 51854 [preauth]","@timestamp":"2022-09-12T04:45:23.478Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:45:42 honeypot-ams-1 kernel: [83834527.435134] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=12808 DF PROTO=TCP SPT=49700 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T04:45:42.858Z"}
{"@timestamp":"2022-09-12T04:49:57.656Z","@version":"1","message":"Sep 12 04:49:56 honeypot-sgp-1 sshd[7400]: Disconnected from invalid user ah 217.147.1.240 port 48866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:51:26 honeypot-ams-1 sshd[11359]: Received disconnect from 43.154.55.148 port 32808:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:51:27.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1711]: Invalid user vagrant from 212.87.251.118 port 45352","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1707]: Invalid user ubuntu from 212.87.251.118 port 45338","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1701]: Invalid user steam from 212.87.251.118 port 45312","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1722]: Invalid user es from 212.87.251.118 port 45386","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1703]: Connection closed by invalid user es 212.87.251.118 port 45332 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1705]: Connection closed by invalid user www 212.87.251.118 port 45336 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1711]: Connection closed by invalid user vagrant 212.87.251.118 port 45352 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1713]: Connection closed by invalid user guest 212.87.251.118 port 45358 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1699]: Connection closed by invalid user elasticsearch 212.87.251.118 port 45314 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1728]: Invalid user ubuntu from 212.87.251.118 port 45420","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:37 honeypot-fra-1 sshd[1720]: Connection closed by invalid user ubuntu 212.87.251.118 port 45380 [preauth]","@timestamp":"2022-09-12T04:55:37.707Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:57:23.838Z","@version":"1","message":"Sep 12 04:57:23 honeypot-sgp-1 sshd[7407]: Disconnected from authenticating user root 92.255.85.70 port 16282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:57:34 honeypot-ams-1 kernel: [83835239.377063] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=499 PROTO=TCP SPT=54672 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:57:35.181Z"}
{"@timestamp":"2022-09-12T04:59:18.888Z","@version":"1","message":"Sep 12 04:59:18 honeypot-sgp-1 sshd[7412]: Received disconnect from 45.61.186.49 port 41046:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:59:27.893Z","@version":"1","message":"Sep 12 04:59:26 honeypot-sgp-1 sshd[7416]: Received disconnect from 45.61.186.49 port 52466:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:07:15 honeypot-fra-1 kernel: [83833663.015291] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.125.47.173 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=22840 DF PROTO=TCP SPT=40649 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:07:15.964Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T05:08:22.108Z","@version":"1","message":"Sep 12 05:08:22 honeypot-sgp-1 kernel: [83835414.054191] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.220.31.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=1195 DF PROTO=TCP SPT=65119 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:14:29 honeypot-ams-1 sshd[11823]: Did not receive identification string from 45.61.186.249 port 52962","@timestamp":"2022-09-12T05:14:29.627Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:14:52 honeypot-ams-1 sshd[11826]: Disconnected from invalid user user 45.61.186.249 port 37598 [preauth]","@timestamp":"2022-09-12T05:14:52.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:10 honeypot-ams-1 sshd[11830]: Disconnected from invalid user user 45.61.186.249 port 60914 [preauth]","@timestamp":"2022-09-12T05:15:11.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:28 honeypot-ams-1 sshd[11834]: Disconnected from invalid user user 45.61.186.249 port 55998 [preauth]","@timestamp":"2022-09-12T05:15:29.661Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:16:00 honeypot-ams-1 kernel: [83836345.720768] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=50464 DF PROTO=TCP SPT=64304 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T05:16:01.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:17:01 honeypot-fra-1 CRON[1772]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T05:17:02.182Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:17:02.321Z","@version":"1","message":"Sep 12 05:17:01 honeypot-sgp-1 CRON[7425]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:19:06.374Z","@version":"1","message":"Sep 12 05:19:05 honeypot-sgp-1 sshd[7429]: Disconnected from invalid user qk 159.89.173.162 port 53332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:20:29 honeypot-fra-1 sshd[1780]: Invalid user kf from 165.22.45.108 port 56800","@timestamp":"2022-09-12T05:20:30.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:20:40.416Z","@version":"1","message":"Sep 12 05:20:39 honeypot-sgp-1 sshd[7435]: Disconnected from authenticating user root 92.255.85.69 port 23790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:23:21 honeypot-fra-1 sshd[1784]: Disconnected from authenticating user root 92.255.85.69 port 15686 [preauth]","@timestamp":"2022-09-12T05:23:22.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:26:09 honeypot-ams-1 sshd[11844]: Disconnected from authenticating user root 92.255.85.69 port 49648 [preauth]","@timestamp":"2022-09-12T05:26:09.949Z"}
{"@timestamp":"2022-09-12T05:29:34.630Z","@version":"1","message":"Sep 12 05:29:34 honeypot-sgp-1 kernel: [83836686.271971] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58295 PROTO=TCP SPT=40527 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:31.704Z","@version":"1","message":"Sep 12 05:32:31 honeypot-sgp-1 sshd[7446]: Received disconnect from 45.61.187.160 port 33980:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:51.714Z","@version":"1","message":"Sep 12 05:32:50 honeypot-sgp-1 sshd[7450]: Received disconnect from 45.61.187.160 port 57430:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:33:09.724Z","@version":"1","message":"Sep 12 05:33:08 honeypot-sgp-1 sshd[7454]: Received disconnect from 45.61.187.160 port 52658:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:00 honeypot-ams-1 sshd[11848]: Disconnected from invalid user user 45.61.187.160 port 48324 [preauth]","@timestamp":"2022-09-12T05:35:00.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:18 honeypot-ams-1 sshd[11852]: Disconnected from invalid user user 45.61.187.160 port 43020 [preauth]","@timestamp":"2022-09-12T05:35:19.194Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:36 honeypot-ams-1 sshd[11856]: Disconnected from invalid user user 45.61.187.160 port 37710 [preauth]","@timestamp":"2022-09-12T05:35:37.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:54 honeypot-ams-1 sshd[11860]: Disconnected from invalid user user 45.61.187.160 port 60636 [preauth]","@timestamp":"2022-09-12T05:35:54.212Z"}
{"@timestamp":"2022-09-12T05:37:17.824Z","@version":"1","message":"Sep 12 05:37:17 honeypot-sgp-1 kernel: [83837149.281928] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=37008 PROTO=TCP SPT=32374 DPT=443 WINDOW=62958 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:38 honeypot-fra-1 sshd[1791]: Invalid user user from 141.255.162.226 port 40170","@timestamp":"2022-09-12T05:44:39.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:41 honeypot-fra-1 sshd[1795]: Invalid user user from 141.255.162.226 port 47256","@timestamp":"2022-09-12T05:44:41.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:45 honeypot-fra-1 sshd[1799]: Invalid user user from 141.255.162.226 port 54238","@timestamp":"2022-09-12T05:44:45.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:46:42 honeypot-fra-1 sshd[1804]: Received disconnect from 92.255.85.69 port 49662:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:46:42.845Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:49:23 honeypot-ams-1 sshd[11866]: Received disconnect from 92.255.85.70 port 51744:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:49:23.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:49:59 honeypot-fra-1 kernel: [83836227.279407] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.152.41.83 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=37752 PROTO=TCP SPT=48582 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:49:59.923Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T05:50:24.142Z","@version":"1","message":"Sep 12 05:50:23 honeypot-sgp-1 sshd[7466]: Disconnected from 157.245.9.6 port 57416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:51:17 honeypot-ams-1 kernel: [83838462.061316] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=61514 DF PROTO=TCP SPT=49276 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T05:51:17.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:54:21 honeypot-ams-1 sshd[11872]: Disconnected from authenticating user root 181.95.50.114 port 50434 [preauth]","@timestamp":"2022-09-12T05:54:22.719Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:54:53 honeypot-fra-1 sshd[1808]: Disconnected from invalid user user 45.61.187.160 port 41460 [preauth]","@timestamp":"2022-09-12T05:54:54.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:11 honeypot-fra-1 sshd[1812]: Disconnected from invalid user user 45.61.187.160 port 37436 [preauth]","@timestamp":"2022-09-12T05:55:12.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:28 honeypot-fra-1 sshd[1816]: Disconnected from invalid user user 45.61.187.160 port 33420 [preauth]","@timestamp":"2022-09-12T05:55:29.050Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:45 honeypot-fra-1 sshd[1820]: Disconnected from invalid user user 45.61.187.160 port 57630 [preauth]","@timestamp":"2022-09-12T05:55:46.058Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:00:52.394Z","@version":"1","message":"Sep 12 06:00:52 honeypot-sgp-1 sshd[7470]: Disconnected from invalid user user 141.255.162.226 port 59658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:00:58.398Z","@version":"1","message":"Sep 12 06:00:57 honeypot-sgp-1 sshd[7474]: Disconnected from invalid user user 141.255.162.226 port 51802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:05:10.503Z","@version":"1","message":"Sep 12 06:05:10 honeypot-sgp-1 sshd[7572]: Invalid user pi from 161.8.12.170 port 40756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:06:38 honeypot-fra-1 sshd[1829]: Invalid user  from 152.32.249.159 port 46976","@timestamp":"2022-09-12T06:06:38.298Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:07:58.574Z","@version":"1","message":"Sep 12 06:07:57 honeypot-sgp-1 kernel: [83838989.534287] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.68.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=15164 PROTO=TCP SPT=42871 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:10:48 honeypot-fra-1 sshd[1832]: Disconnected from authenticating user root 92.255.85.70 port 22788 [preauth]","@timestamp":"2022-09-12T06:10:48.392Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:15:29 honeypot-ams-1 kernel: [83839914.651298] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43280 PROTO=TCP SPT=42403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:15:30.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1931]: Received disconnect from 185.196.220.81 port 53246:11: end [preauth]","@timestamp":"2022-09-12T06:15:33.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1935]: Received disconnect from 185.196.220.81 port 54488:11: end [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1941]: Invalid user support from 185.196.220.81 port 56420","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1945]: Received disconnect from 185.196.220.81 port 57844:11: end [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1949]: Received disconnect from 185.196.220.81 port 59410:11: end [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1955]: Invalid user Admin from 185.196.220.81 port 32978","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1959]: Invalid user admin from 185.196.220.81 port 34684","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1963]: Received disconnect from 185.196.220.81 port 36400:11: end [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1967]: Disconnected from authenticating user root 185.196.220.81 port 38026 [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1971]: Disconnected from invalid user admin 185.196.220.81 port 39678 [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1977]: Received disconnect from 185.196.220.81 port 42370:11: end [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1981]: Received disconnect from 185.196.220.81 port 43826:11: end [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1985]: Received disconnect from 185.196.220.81 port 45410:11: end [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1989]: Received disconnect from 185.196.220.81 port 46804:11: end [preauth]","@timestamp":"2022-09-12T06:15:39.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:17:01 honeypot-fra-1 CRON[1993]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T06:17:02.536Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:21:53.914Z","@version":"1","message":"Sep 12 06:21:53 honeypot-sgp-1 sshd[7586]: Invalid user sysgames from 209.141.52.250 port 53254","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:25:01.997Z","@version":"1","message":"Sep 12 06:25:01 honeypot-sgp-1 CRON[7589]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:25:05 honeypot-ams-1 CRON[11883]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T06:25:05.512Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:31:09 honeypot-fra-1 sshd[2132]: Invalid user kf from 165.22.45.108 port 39598","@timestamp":"2022-09-12T06:31:09.854Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:32:01.173Z","@version":"1","message":"Sep 12 06:32:01 honeypot-sgp-1 kernel: [83840433.050874] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=117.223.89.231 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=54849 DF PROTO=TCP SPT=52985 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:33:25 honeypot-fra-1 sshd[2137]: Connection closed by authenticating user root 206.251.214.120 port 45646 [preauth]","@timestamp":"2022-09-12T06:33:25.905Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:34:14 honeypot-ams-1 kernel: [83841039.624245] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.156.73.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=33671 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:34:15.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:35:22 honeypot-fra-1 kernel: [83838949.765813] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.184.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44968 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:35:22.955Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:39:58 honeypot-ams-1 sshd[12152]: Disconnected from authenticating user root 165.227.84.172 port 49218 [preauth]","@timestamp":"2022-09-12T06:39:58.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:43:51 honeypot-ams-1 sshd[12157]: Invalid user user from 45.61.187.160 port 34308","@timestamp":"2022-09-12T06:43:52.002Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:44:01 honeypot-ams-1 kernel: [83841626.840350] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x60 TTL=55 ID=26660 DF PROTO=TCP SPT=27684 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:44:02.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:18 honeypot-ams-1 sshd[12163]: Disconnected from invalid user user 45.61.187.160 port 42082 [preauth]","@timestamp":"2022-09-12T06:44:19.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:34 honeypot-ams-1 sshd[12167]: Disconnected from invalid user user 45.61.187.160 port 37858 [preauth]","@timestamp":"2022-09-12T06:44:35.027Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:50:21 honeypot-fra-1 sshd[2150]: Received disconnect from 195.206.60.116 port 58352:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:50:22.288Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:51:51.679Z","@version":"1","message":"Sep 12 06:51:51 honeypot-sgp-1 sshd[7742]: Invalid user ubuntu from 137.184.207.13 port 34764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:54:06 honeypot-fra-1 sshd[2158]: Invalid user mpy from 124.160.96.249 port 34066","@timestamp":"2022-09-12T06:54:07.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:54:25.744Z","@version":"1","message":"Sep 12 06:54:24 honeypot-sgp-1 sshd[7746]: Received disconnect from 207.254.224.220 port 49846:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:55:53 honeypot-ams-1 kernel: [83842338.616633] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=33677 PROTO=TCP SPT=40159 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:55:54.342Z"}
{"@timestamp":"2022-09-12T06:56:51.809Z","@version":"1","message":"Sep 12 06:56:51 honeypot-sgp-1 sshd[7752]: Received disconnect from 137.184.28.240 port 44410:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:58:15.847Z","@version":"1","message":"Sep 12 06:58:15 honeypot-sgp-1 sshd[7757]: Connection closed by invalid user zabbix 103.188.176.251 port 48226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:06:27 honeypot-fra-1 sshd[2165]: Invalid user kf from 165.22.45.108 port 44470","@timestamp":"2022-09-12T07:06:27.650Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:10:35 honeypot-ams-1 sshd[12180]: Invalid user User from 179.60.147.69 port 20542","@timestamp":"2022-09-12T07:10:35.715Z"}
{"@timestamp":"2022-09-12T07:13:41.228Z","@version":"1","message":"Sep 12 07:13:41 honeypot-sgp-1 sshd[7766]: Invalid user sashaspaket from 203.190.55.203 port 46952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:15:56 honeypot-fra-1 sshd[2170]: Did not receive identification string from 45.61.184.204 port 55048","@timestamp":"2022-09-12T07:15:56.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:24 honeypot-fra-1 sshd[2173]: Disconnected from invalid user user 45.61.184.204 port 45928 [preauth]","@timestamp":"2022-09-12T07:16:24.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:44 honeypot-fra-1 sshd[2177]: Disconnected from invalid user user 45.61.184.204 port 41268 [preauth]","@timestamp":"2022-09-12T07:16:44.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:01 honeypot-fra-1 sshd[2181]: Invalid user user from 45.61.184.204 port 36634","@timestamp":"2022-09-12T07:17:01.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:52 honeypot-fra-1 kernel: [83841500.227166] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=36283 PROTO=TCP SPT=54390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:17:52.913Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T07:18:16.342Z","@version":"1","message":"Sep 12 07:18:16 honeypot-sgp-1 sshd[7771]: Disconnected from authenticating user root 92.255.85.69 port 44164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:19:12 honeypot-ams-1 kernel: [83843737.077612] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.180.105.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=28285 PROTO=TCP SPT=17337 DPT=80 WINDOW=4321 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:19:12.939Z"}
{"@timestamp":"2022-09-12T07:21:29.423Z","@version":"1","message":"Sep 12 07:21:28 honeypot-sgp-1 sshd[7775]: Disconnected from invalid user user 141.255.162.226 port 45236 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:33.425Z","@version":"1","message":"Sep 12 07:21:33 honeypot-sgp-1 sshd[7781]: Invalid user user from 141.255.162.226 port 59032","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:23:12.469Z","@version":"1","message":"Sep 12 07:23:12 honeypot-sgp-1 sshd[7785]: Invalid user gambam from 188.254.0.160 port 39212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:23:27 honeypot-fra-1 sshd[2194]: Connection closed by authenticating user root 141.98.10.158 port 41596 [preauth]","@timestamp":"2022-09-12T07:23:28.060Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:12 honeypot-fra-1 sshd[2200]: Disconnected from invalid user user 45.61.187.160 port 57040 [preauth]","@timestamp":"2022-09-12T07:26:13.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:30 honeypot-fra-1 sshd[2204]: Disconnected from invalid user user 45.61.187.160 port 52514 [preauth]","@timestamp":"2022-09-12T07:26:31.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:48 honeypot-fra-1 sshd[2208]: Disconnected from invalid user user 45.61.187.160 port 47962 [preauth]","@timestamp":"2022-09-12T07:26:48.141Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:27:03 honeypot-fra-1 sshd[2212]: Disconnected from invalid user user 45.61.187.160 port 43446 [preauth]","@timestamp":"2022-09-12T07:27:04.149Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:27:52.616Z","@version":"1","message":"Sep 12 07:27:52 honeypot-sgp-1 sshd[7790]: Disconnected from authenticating user root 139.59.231.120 port 38948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:31:42 honeypot-ams-1 sshd[12192]: Did not receive identification string from 45.61.186.249 port 47824","@timestamp":"2022-09-12T07:31:43.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:22 honeypot-ams-1 sshd[12196]: Disconnected from invalid user user 45.61.186.249 port 43986 [preauth]","@timestamp":"2022-09-12T07:32:23.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:43 honeypot-ams-1 sshd[12200]: Disconnected from invalid user user 45.61.186.249 port 39720 [preauth]","@timestamp":"2022-09-12T07:32:43.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:33:01 honeypot-ams-1 sshd[12204]: Disconnected from invalid user user 45.61.186.249 port 35416 [preauth]","@timestamp":"2022-09-12T07:33:01.332Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:33 honeypot-fra-1 sshd[2219]: Received disconnect from 141.255.162.226 port 36098:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:33:34.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:37 honeypot-fra-1 sshd[2223]: Received disconnect from 141.255.162.226 port 41392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:33:38.295Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:38:19 honeypot-ams-1 kernel: [83844884.160640] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=39895 PROTO=TCP SPT=49914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:38:19.471Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:40:25 honeypot-fra-1 sshd[2228]: Invalid user ekp from 178.154.205.230 port 44526","@timestamp":"2022-09-12T07:40:26.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:41:59 honeypot-fra-1 sshd[2232]: Invalid user ircop from 192.241.157.126 port 36472","@timestamp":"2022-09-12T07:42:00.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:41:59.966Z","@version":"1","message":"Sep 12 07:41:59 honeypot-sgp-1 sshd[7798]: Connection closed by invalid user User 179.60.147.69 port 6008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:42:45 honeypot-fra-1 sshd[2236]: Received disconnect from 143.244.158.100 port 49304:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:42:45.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:44:11 honeypot-fra-1 sshd[2242]: Invalid user kai from 143.110.189.191 port 34786","@timestamp":"2022-09-12T07:44:11.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:44:30 honeypot-fra-1 sshd[2246]: Received disconnect from 92.255.85.69 port 39508:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:44:31.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:46:31 honeypot-fra-1 sshd[2253]: Invalid user ftp_user from 128.199.99.204 port 34504","@timestamp":"2022-09-12T07:46:32.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:47:11 honeypot-ams-1 sshd[12214]: Received disconnect from 92.255.85.70 port 62888:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:47:11.701Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:47:42 honeypot-fra-1 sshd[2257]: Received disconnect from 143.244.158.100 port 60962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:47:42.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:49:17 honeypot-fra-1 sshd[2261]: Disconnected from authenticating user root 143.244.158.100 port 41998 [preauth]","@timestamp":"2022-09-12T07:49:17.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:51:40 honeypot-fra-1 sshd[2268]: Disconnected from authenticating user root 143.244.158.100 port 50144 [preauth]","@timestamp":"2022-09-12T07:51:40.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:54:03 honeypot-fra-1 sshd[2274]: Received disconnect from 143.244.158.100 port 54046:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:54:03.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:54:19.270Z","@version":"1","message":"Sep 12 07:54:18 honeypot-sgp-1 kernel: [83845370.629515] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.204.132 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36422 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:54:54 honeypot-fra-1 sshd[2278]: Disconnected from authenticating user root 143.244.158.100 port 34568 [preauth]","@timestamp":"2022-09-12T07:54:54.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:57:21 honeypot-fra-1 sshd[2285]: Disconnected from authenticating user root 143.244.158.100 port 33770 [preauth]","@timestamp":"2022-09-12T07:57:22.859Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:59:01 honeypot-fra-1 sshd[2289]: Received disconnect from 137.184.96.200 port 50440:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:59:01.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:00:44 honeypot-fra-1 sshd[2297]: Disconnected from authenticating user root 143.244.158.100 port 55528 [preauth]","@timestamp":"2022-09-12T08:00:44.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:02:25 honeypot-fra-1 sshd[2302]: Disconnected from authenticating user root 143.244.158.100 port 42748 [preauth]","@timestamp":"2022-09-12T08:02:25.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:03:37.503Z","@version":"1","message":"Sep 12 08:03:37 honeypot-sgp-1 kernel: [83845928.957842] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.21 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58003 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:04:00 honeypot-fra-1 sshd[2308]: Disconnected from authenticating user root 143.244.158.100 port 34248 [preauth]","@timestamp":"2022-09-12T08:04:01.018Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:01 honeypot-ams-1 sshd[12222]: Did not receive identification string from 45.61.186.249 port 41376","@timestamp":"2022-09-12T08:04:02.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:31 honeypot-ams-1 sshd[12225]: Disconnected from invalid user user 45.61.186.249 port 47050 [preauth]","@timestamp":"2022-09-12T08:04:31.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:51 honeypot-ams-1 sshd[12229]: Disconnected from invalid user user 45.61.186.249 port 42648 [preauth]","@timestamp":"2022-09-12T08:04:52.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:09 honeypot-ams-1 sshd[12233]: Disconnected from invalid user user 45.61.186.249 port 38268 [preauth]","@timestamp":"2022-09-12T08:05:09.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:05:33 honeypot-fra-1 sshd[2314]: Disconnected from authenticating user root 143.244.158.100 port 49746 [preauth]","@timestamp":"2022-09-12T08:05:34.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:07:58 honeypot-fra-1 sshd[2321]: Received disconnect from 143.244.158.100 port 39166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:07:59.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:08:47 honeypot-fra-1 sshd[2325]: Disconnected from authenticating user root 143.244.158.100 port 55070 [preauth]","@timestamp":"2022-09-12T08:08:48.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:10:34 honeypot-fra-1 sshd[2332]: Received disconnect from 20.55.113.203 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:10:35.177Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:10:59 honeypot-ams-1 sshd[12238]: Invalid user baikal from 92.255.85.69 port 59530","@timestamp":"2022-09-12T08:11:00.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:12:01 honeypot-fra-1 sshd[2358]: Received disconnect from 143.244.158.100 port 46602:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:12:02.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:13:35 honeypot-fra-1 sshd[2364]: Invalid user mc from 157.230.6.213 port 58214","@timestamp":"2022-09-12T08:13:36.252Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:13:58.785Z","@version":"1","message":"Sep 12 08:13:57 honeypot-sgp-1 kernel: [83846549.627378] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=6802 PROTO=TCP SPT=43901 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:14:30 honeypot-fra-1 sshd[2368]: Disconnected from authenticating user root 143.244.158.100 port 35032 [preauth]","@timestamp":"2022-09-12T08:14:30.274Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:15:16 honeypot-ams-1 sshd[12240]: Disconnected from 147.182.219.221 port 42566 [preauth]","@timestamp":"2022-09-12T08:15:16.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:16:12 honeypot-fra-1 sshd[2374]: Disconnected from authenticating user root 143.244.158.100 port 54364 [preauth]","@timestamp":"2022-09-12T08:16:13.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:17:01 honeypot-fra-1 CRON[2380]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T08:17:01.337Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:17:49.885Z","@version":"1","message":"Sep 12 08:17:49 honeypot-sgp-1 sshd[7816]: Invalid user User from 179.60.147.69 port 37314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:18:41 honeypot-ams-1 sshd[12248]: Received disconnect from 159.65.180.64 port 50478:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:18:41.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:19:16 honeypot-fra-1 kernel: [83845184.484993] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.18 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=55159 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:19:17.390Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:20:45 honeypot-fra-1 sshd[2392]: Received disconnect from 196.219.43.242 port 48732:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:20:46.425Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:43 honeypot-ams-1 sshd[12253]: Did not receive identification string from 141.255.162.226 port 46532","@timestamp":"2022-09-12T08:21:44.611Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:46 honeypot-ams-1 sshd[12256]: Disconnected from invalid user user 141.255.162.226 port 41536 [preauth]","@timestamp":"2022-09-12T08:21:47.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:52 honeypot-ams-1 sshd[12260]: Disconnected from invalid user user 141.255.162.226 port 55302 [preauth]","@timestamp":"2022-09-12T08:21:52.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:54 honeypot-ams-1 sshd[12264]: Disconnected from invalid user user 141.255.162.226 port 33944 [preauth]","@timestamp":"2022-09-12T08:21:54.619Z"}
{"@timestamp":"2022-09-12T08:21:55.990Z","@version":"1","message":"Sep 12 08:21:55 honeypot-sgp-1 sshd[7844]: Invalid user steam from 159.223.52.187 port 48544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:22:47 honeypot-fra-1 sshd[2399]: Received disconnect from 143.244.158.100 port 46808:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:22:47.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:25:11 honeypot-fra-1 sshd[2405]: Received disconnect from 143.244.158.100 port 36056:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:25:11.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:29:02.169Z","@version":"1","message":"Sep 12 08:29:01 honeypot-sgp-1 sshd[7849]: Received disconnect from 92.255.85.69 port 30668:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:30:06 honeypot-ams-1 kernel: [83847991.268031] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.105 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36676 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:30:06.854Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:30:18 honeypot-fra-1 sshd[2421]: Connection closed by invalid user User 179.60.147.69 port 37630 [preauth]","@timestamp":"2022-09-12T08:30:18.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:34:49 honeypot-fra-1 sshd[2429]: Disconnected from invalid user default 159.65.136.44 port 49936 [preauth]","@timestamp":"2022-09-12T08:34:49.751Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:36:27 honeypot-ams-1 kernel: [83848371.963235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.209.78.189 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=60934 PROTO=TCP SPT=56646 DPT=80 WINDOW=25989 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:36:28.019Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:39:05 honeypot-ams-1 kernel: [83848530.164593] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52061 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:39:06.091Z"}
{"@timestamp":"2022-09-12T08:41:27.480Z","@version":"1","message":"Sep 12 08:41:26 honeypot-sgp-1 sshd[7853]: Invalid user user from 45.61.186.169 port 49932","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:44.489Z","@version":"1","message":"Sep 12 08:41:43 honeypot-sgp-1 sshd[7857]: Invalid user user from 45.61.186.169 port 45726","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:00.498Z","@version":"1","message":"Sep 12 08:42:00 honeypot-sgp-1 sshd[7861]: Invalid user user from 45.61.186.169 port 41536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:15.506Z","@version":"1","message":"Sep 12 08:42:15 honeypot-sgp-1 kernel: [83848246.933875] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=3991 PROTO=TCP SPT=32774 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:44:21.561Z","@version":"1","message":"Sep 12 08:44:21 honeypot-sgp-1 sshd[7868]: Invalid user admin from 221.161.74.247 port 40318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:45:52 honeypot-fra-1 sshd[2439]: Invalid user ogp_agent from 60.10.160.73 port 43210","@timestamp":"2022-09-12T08:45:52.999Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:51:27 honeypot-fra-1 sshd[2445]: Invalid user 1234 from 111.74.8.12 port 59024","@timestamp":"2022-09-12T08:51:28.126Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:52:34 honeypot-fra-1 sshd[2449]: Received disconnect from 60.10.160.75 port 39290:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:52:34.152Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:53:49 honeypot-ams-1 sshd[12294]: Did not receive identification string from 141.255.162.226 port 52328","@timestamp":"2022-09-12T08:53:50.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:14 honeypot-ams-1 sshd[12297]: Disconnected from invalid user user 141.255.162.226 port 40404 [preauth]","@timestamp":"2022-09-12T08:54:14.486Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:19 honeypot-ams-1 sshd[12301]: Disconnected from invalid user user 141.255.162.226 port 33164 [preauth]","@timestamp":"2022-09-12T08:54:20.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:21 honeypot-ams-1 sshd[12305]: Disconnected from invalid user user 141.255.162.226 port 40160 [preauth]","@timestamp":"2022-09-12T08:54:22.492Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:54:39 honeypot-fra-1 sshd[2453]: Disconnected from authenticating user root 164.92.66.116 port 46210 [preauth]","@timestamp":"2022-09-12T08:54:40.203Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:55:56.848Z","@version":"1","message":"Sep 12 08:55:55 honeypot-sgp-1 kernel: [83849067.612598] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=59666 DF PROTO=TCP SPT=52066 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:58:24 honeypot-fra-1 kernel: [83847531.436281] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55114 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:58:24.291Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:04:33 honeypot-ams-1 sshd[12313]: Invalid user zabbix from 103.188.176.251 port 56580","@timestamp":"2022-09-12T09:04:33.754Z"}
{"@timestamp":"2022-09-12T09:05:35.115Z","@version":"1","message":"Sep 12 09:05:34 honeypot-sgp-1 kernel: [83849646.325046] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.65.119.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=43825 DF PROTO=TCP SPT=48425 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:05:57 honeypot-fra-1 sshd[2465]: Did not receive identification string from 45.61.186.49 port 57544","@timestamp":"2022-09-12T09:05:57.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:10 honeypot-fra-1 sshd[2468]: Disconnected from invalid user user 45.61.186.49 port 49184 [preauth]","@timestamp":"2022-09-12T09:06:11.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:19 honeypot-fra-1 sshd[2472]: Disconnected from invalid user user 45.61.186.49 port 60792 [preauth]","@timestamp":"2022-09-12T09:06:19.470Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:07:33.166Z","@version":"1","message":"Sep 12 09:07:32 honeypot-sgp-1 sshd[7879]: Received disconnect from 52.172.5.99 port 42458:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:10:35 honeypot-fra-1 kernel: [83848262.724981] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=42984 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:10:35.570Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T09:15:42.372Z","@version":"1","message":"Sep 12 09:15:42 honeypot-sgp-1 kernel: [83850253.884763] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=2672 PROTO=TCP SPT=54090 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:16:42 honeypot-ams-1 kernel: [83850787.757123] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=56663 PROTO=TCP SPT=43015 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:16:43.065Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:17:54 honeypot-fra-1 sshd[2483]: Disconnected from invalid user rui 123.1.234.238 port 37588 [preauth]","@timestamp":"2022-09-12T09:17:55.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:19:21 honeypot-ams-1 sshd[12322]: Disconnected from authenticating user root 207.249.96.168 port 40062 [preauth]","@timestamp":"2022-09-12T09:19:22.136Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:20:28 honeypot-ams-1 sshd[12326]: Received disconnect from 159.65.132.116 port 39734:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:20:29.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:20:50 honeypot-ams-1 sshd[12331]: Disconnected from authenticating user root 92.255.85.69 port 23208 [preauth]","@timestamp":"2022-09-12T09:20:50.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:24:57 honeypot-fra-1 sshd[2491]: Received disconnect from 188.226.207.26 port 58133:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:24:57.913Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:25:07 honeypot-ams-1 sshd[12336]: Disconnected from invalid user o 68.183.56.198 port 55968 [preauth]","@timestamp":"2022-09-12T09:25:07.292Z"}
{"@timestamp":"2022-09-12T09:27:02.650Z","@version":"1","message":"Sep 12 09:27:01 honeypot-sgp-1 sshd[7889]: Invalid user zv from 60.220.185.61 port 47070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:27:08 honeypot-fra-1 sshd[2497]: Invalid user kf from 165.22.45.108 port 35672","@timestamp":"2022-09-12T09:27:08.968Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:29:26 honeypot-fra-1 kernel: [83849393.849728] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31040 DF PROTO=TCP SPT=54435 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T09:29:27.023Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T09:32:06.776Z","@version":"1","message":"Sep 12 09:32:06 honeypot-sgp-1 sshd[7896]: Connection closed by invalid user user 103.188.176.251 port 49504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:34:46 honeypot-ams-1 kernel: [83851870.806225] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=63978 PROTO=TCP SPT=40116 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:34:46.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:36:40 honeypot-fra-1 sshd[2507]: Received disconnect from 217.182.253.249 port 54958:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:36:41.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:41:45 honeypot-fra-1 kernel: [83850132.977639] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.128.127.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=36782 PROTO=TCP SPT=54573 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:41:46.306Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:37 honeypot-fra-1 sshd[2521]: Invalid user user from 45.61.186.49 port 51488","@timestamp":"2022-09-12T09:44:38.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:44:39.085Z","@version":"1","message":"Sep 12 09:44:38 honeypot-sgp-1 kernel: [83851990.218552] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=13023 PROTO=TCP SPT=58738 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:46 honeypot-fra-1 sshd[2525]: Invalid user user from 45.61.186.49 port 35180","@timestamp":"2022-09-12T09:44:47.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:46:39 honeypot-fra-1 sshd[2529]: Received disconnect from 220.134.113.188 port 53632:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:46:39.420Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:51:35.260Z","@version":"1","message":"Sep 12 09:51:34 honeypot-sgp-1 kernel: [83852406.568409] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.130 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=15794 PROTO=TCP SPT=15495 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:52:18 honeypot-ams-1 sshd[12349]: Received disconnect from 142.93.117.15 port 54314:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:52:18.987Z"}
{"@timestamp":"2022-09-12T09:55:11.373Z","@version":"1","message":"Sep 12 09:55:10 honeypot-sgp-1 sshd[7907]: Received disconnect from 103.221.252.46 port 36222:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:35 honeypot-fra-1 sshd[2537]: Did not receive identification string from 51.79.254.140 port 52008","@timestamp":"2022-09-12T10:01:35.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2556]: Invalid user ansible from 51.79.254.140 port 52072","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2541]: Invalid user ubuntu from 51.79.254.140 port 52200","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2546]: Invalid user postgres from 51.79.254.140 port 52294","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2588]: Invalid user oracle from 51.79.254.140 port 52314","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2548]: Connection closed by authenticating user root 51.79.254.140 port 52116 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2541]: Connection closed by invalid user ubuntu 51.79.254.140 port 52200 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2542]: Connection closed by invalid user oracle 51.79.254.140 port 52278 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2546]: Connection closed by invalid user postgres 51.79.254.140 port 52294 [preauth]","@timestamp":"2022-09-12T10:01:37.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:01:43 honeypot-ams-1 kernel: [83853488.234994] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=53735 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:01:44.226Z"}
{"@timestamp":"2022-09-12T10:01:49.538Z","@version":"1","message":"Sep 12 10:01:49 honeypot-sgp-1 sshd[7911]: Connection closed by invalid user User 179.60.147.69 port 55440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:02:16 honeypot-fra-1 sshd[2617]: Invalid user guest from 113.160.211.78 port 40736","@timestamp":"2022-09-12T10:02:16.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:05:04.621Z","@version":"1","message":"Sep 12 10:05:04 honeypot-sgp-1 sshd[7917]: Unable to negotiate with 113.5.234.18 port 25748: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:05:18 honeypot-ams-1 sshd[12364]: Received disconnect from 46.19.141.122 port 48926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:05:19.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:06:09 honeypot-fra-1 sshd[2621]: Received disconnect from 92.255.85.70 port 62276:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:06:09.862Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:06:48 honeypot-ams-1 sshd[12369]: Received disconnect from 46.19.141.122 port 43222:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:06:48.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:07:20 honeypot-ams-1 sshd[12373]: Disconnected from authenticating user root 46.19.141.122 port 58200 [preauth]","@timestamp":"2022-09-12T10:07:21.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:08:13 honeypot-ams-1 sshd[12379]: Invalid user ubnt from 46.19.141.122 port 44970","@timestamp":"2022-09-12T10:08:14.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:08:41 honeypot-ams-1 sshd[12381]: Received disconnect from 46.19.141.122 port 52472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:08:42.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:11:08 honeypot-fra-1 sshd[2626]: Disconnected from authenticating user root 157.245.122.58 port 52458 [preauth]","@timestamp":"2022-09-12T10:11:08.979Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:07 honeypot-ams-1 sshd[12388]: Did not receive identification string from 45.61.186.49 port 51800","@timestamp":"2022-09-12T10:12:07.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:18 honeypot-ams-1 sshd[12393]: Disconnected from invalid user user 45.61.186.49 port 36242 [preauth]","@timestamp":"2022-09-12T10:12:19.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:28 honeypot-ams-1 sshd[12397]: Invalid user user from 45.61.186.49 port 48250","@timestamp":"2022-09-12T10:12:28.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:12:57 honeypot-fra-1 kernel: [83852004.935353] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=22596 DF PROTO=TCP SPT=49723 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:12:58.021Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:13:55 honeypot-fra-1 sshd[2632]: Received disconnect from 157.245.122.58 port 36592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:13:56.044Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:14:28.851Z","@version":"1","message":"Sep 12 10:14:28 honeypot-sgp-1 sshd[7924]: Invalid user pi from 136.37.6.214 port 38755","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:14:44 honeypot-ams-1 sshd[12400]: Connection closed by invalid user pi 50.45.186.194 port 45244 [preauth]","@timestamp":"2022-09-12T10:14:44.583Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:14:49 honeypot-fra-1 sshd[2637]: Disconnected from invalid user jonitwiso 157.245.122.58 port 50120 [preauth]","@timestamp":"2022-09-12T10:14:50.067Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:16:38 honeypot-fra-1 sshd[2641]: Disconnected from invalid user cypress 157.245.122.58 port 48982 [preauth]","@timestamp":"2022-09-12T10:16:39.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:17:01 honeypot-ams-1 CRON[12405]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T10:17:01.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2648]: Invalid user testuser from 81.69.194.231 port 57586","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2655]: Connection closed by invalid user mysql 81.69.194.231 port 57571 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2670]: Connection closed by invalid user test 81.69.194.231 port 57540 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2656]: Invalid user ubuntu from 81.69.194.231 port 57542","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2665]: Connection closed by invalid user admin 81.69.194.231 port 57580 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2656]: Connection closed by invalid user ubuntu 81.69.194.231 port 57542 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2663]: Invalid user deploy from 81.69.194.231 port 57575","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:35 honeypot-fra-1 sshd[2671]: Invalid user admin from 81.69.194.231 port 57554","@timestamp":"2022-09-12T10:18:36.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2705]: Invalid user test from 217.115.58.242 port 57134","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2705]: Connection closed by invalid user test 217.115.58.242 port 57134 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2713]: Connection closed by authenticating user root 217.115.58.242 port 57204 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2699]: Connection closed by invalid user zabbix 217.115.58.242 port 57126 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2702]: Connection closed by invalid user admin 217.115.58.242 port 57124 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2712]: Invalid user git from 217.115.58.242 port 57190","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2743]: Connection closed by authenticating user root 217.115.58.242 port 57166 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2736]: Connection closed by invalid user user 217.115.58.242 port 57156 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2759]: Invalid user testuser from 217.115.58.242 port 57208","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2757]: Connection closed by invalid user www 217.115.58.242 port 57216 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:20:31.999Z","@version":"1","message":"Sep 12 10:20:31 honeypot-sgp-1 sshd[7931]: Did not receive identification string from 45.61.186.49 port 37542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:20:49.009Z","@version":"1","message":"Sep 12 10:20:48 honeypot-sgp-1 sshd[7934]: Disconnected from invalid user user 45.61.186.49 port 54546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:23:53.086Z","@version":"1","message":"Sep 12 10:23:52 honeypot-sgp-1 sshd[7940]: Invalid user packer from 146.19.133.233 port 43314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:29:16 honeypot-fra-1 sshd[2765]: Disconnected from authenticating user root 139.59.93.234 port 50720 [preauth]","@timestamp":"2022-09-12T10:29:17.403Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:29:57.234Z","@version":"1","message":"Sep 12 10:29:56 honeypot-sgp-1 sshd[7945]: Received disconnect from 158.69.111.17 port 33944:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:30:01 honeypot-ams-1 sshd[12412]: Received disconnect from 61.177.172.114 port 37853:11:  [preauth]","@timestamp":"2022-09-12T10:30:01.979Z"}
{"@timestamp":"2022-09-12T10:38:27.444Z","@version":"1","message":"Sep 12 10:38:26 honeypot-sgp-1 sshd[7950]: Invalid user jsl from 103.242.166.5 port 41030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:41:24 honeypot-ams-1 kernel: [83855869.718243] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16441 PROTO=TCP SPT=59209 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:41:25.270Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:41:50 honeypot-fra-1 sshd[2772]: Invalid user admin from 141.98.10.158 port 52668","@timestamp":"2022-09-12T10:41:50.687Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:44:34.598Z","@version":"1","message":"Sep 12 10:44:33 honeypot-sgp-1 sshd[7955]: Invalid user ubnt from 186.234.249.196 port 30863","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:44:46.604Z","@version":"1","message":"Sep 12 10:44:46 honeypot-sgp-1 sshd[7957]: Invalid user gestiongestion from 20.224.226.157 port 47250","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:45:55 honeypot-ams-1 sshd[12429]: Received disconnect from 61.177.172.124 port 29325:11:  [preauth]","@timestamp":"2022-09-12T10:45:56.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:49:17 honeypot-ams-1 sshd[12439]: Received disconnect from 157.245.122.58 port 51954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:49:18.479Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:51:07 honeypot-ams-1 sshd[12443]: Received disconnect from 157.245.122.58 port 50784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:51:08.528Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:52:51 honeypot-fra-1 sshd[2777]: Disconnected from authenticating user root 92.255.85.70 port 50256 [preauth]","@timestamp":"2022-09-12T10:52:51.939Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:52:58 honeypot-ams-1 sshd[12447]: Invalid user jonitwiso from 157.245.122.58 port 49618","@timestamp":"2022-09-12T10:52:58.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:53:51 honeypot-ams-1 sshd[12453]: Invalid user jonitiso from 157.245.122.58 port 34920","@timestamp":"2022-09-12T10:53:52.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:55:26 honeypot-ams-1 sshd[12457]: Received disconnect from 61.177.172.90 port 42226:11:  [preauth]","@timestamp":"2022-09-12T10:55:26.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:57:27 honeypot-ams-1 sshd[12463]: Received disconnect from 51.250.68.47 port 46934:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:57:28.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:02:37 honeypot-ams-1 sshd[12471]: Received disconnect from 61.177.173.51 port 33216:11:  [preauth]","@timestamp":"2022-09-12T11:02:37.839Z"}
{"@timestamp":"2022-09-12T11:05:22.120Z","@version":"1","message":"Sep 12 11:05:21 honeypot-sgp-1 kernel: [83856833.600941] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.79.204.144 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=65472 DF PROTO=TCP SPT=34019 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:08:04 honeypot-fra-1 sshd[2783]: Invalid user lukasz from 192.241.157.126 port 43442","@timestamp":"2022-09-12T11:08:05.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:12:03 honeypot-fra-1 sshd[2787]: Received disconnect from 154.72.194.207 port 44278:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:12:03.374Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:12:04 honeypot-ams-1 kernel: [83857709.394973] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.55.63.134 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=54296 PROTO=TCP SPT=19249 DPT=80 WINDOW=6249 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:12:05.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:14:59 honeypot-fra-1 sshd[2792]: Received disconnect from 161.35.112.95 port 42086:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:14:59.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:09 honeypot-ams-1 sshd[12485]: Received disconnect from 45.61.186.169 port 56692:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:15:10.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:27 honeypot-ams-1 sshd[12489]: Received disconnect from 45.61.186.169 port 52170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:15:28.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:44 honeypot-ams-1 sshd[12493]: Received disconnect from 45.61.186.169 port 47638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:15:45.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:16:00 honeypot-ams-1 sshd[12497]: Received disconnect from 45.61.186.169 port 43110:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:16:01.191Z"}
{"@timestamp":"2022-09-12T11:16:32.393Z","@version":"1","message":"Sep 12 11:16:31 honeypot-sgp-1 sshd[7968]: Invalid user User from 179.60.147.69 port 19122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:16:38 honeypot-fra-1 sshd[2798]: Received disconnect from 92.255.85.70 port 23782:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:16:38.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:03 honeypot-ams-1 sshd[12505]: Disconnected from authenticating user root 61.177.173.37 port 18313 [preauth]","@timestamp":"2022-09-12T11:19:04.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:19:19 honeypot-fra-1 sshd[2805]: Invalid user admin from 148.153.82.141 port 45826","@timestamp":"2022-09-12T11:19:19.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:35 honeypot-ams-1 sshd[12511]: Connection closed by invalid user pi 2.205.35.215 port 57000 [preauth]","@timestamp":"2022-09-12T11:19:35.286Z"}
{"@timestamp":"2022-09-12T11:22:56.551Z","@version":"1","message":"Sep 12 11:22:56 honeypot-sgp-1 kernel: [83857888.089194] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49723 PROTO=TCP SPT=59648 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:23:14 honeypot-fra-1 kernel: [83856221.638409] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=7625 PROTO=TCP SPT=59648 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:23:14.634Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:26:05 honeypot-ams-1 sshd[12588]: Received disconnect from 61.177.173.36 port 43123:11:  [preauth]","@timestamp":"2022-09-12T11:26:06.456Z"}
{"@timestamp":"2022-09-12T11:30:33.735Z","@version":"1","message":"Sep 12 11:30:33 honeypot-sgp-1 sshd[7979]: Connection closed by invalid user admin 178.128.125.205 port 59458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T11:30:33.735Z","@version":"1","message":"Sep 12 11:30:33 honeypot-sgp-1 sshd[7985]: Connection closed by invalid user admin 178.128.125.205 port 59486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:31:18 honeypot-ams-1 sshd[12593]: Received disconnect from 61.177.172.19 port 37771:11:  [preauth]","@timestamp":"2022-09-12T11:31:19.593Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:33:00 honeypot-fra-1 sshd[2816]: Invalid user admin from 185.17.229.65 port 34102","@timestamp":"2022-09-12T11:33:01.860Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:35:06 honeypot-ams-1 kernel: [83859091.162923] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38625 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:35:06.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:37:20 honeypot-ams-1 sshd[12604]: Disconnected from authenticating user root 143.244.158.100 port 59802 [preauth]","@timestamp":"2022-09-12T11:37:20.769Z"}
{"@timestamp":"2022-09-12T11:37:23.902Z","@version":"1","message":"Sep 12 11:37:22 honeypot-sgp-1 sshd[7991]: Disconnected from authenticating user root 92.255.85.69 port 63046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:37:41 honeypot-fra-1 kernel: [83857088.670434] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46649 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:37:41.968Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:38:55 honeypot-ams-1 sshd[12610]: Received disconnect from 193.194.91.166 port 16299:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:38:56.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:39:25 honeypot-fra-1 kernel: [83857192.608586] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=38526 DF PROTO=TCP SPT=59874 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T11:39:26.013Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:39:50 honeypot-ams-1 sshd[12614]: Disconnected from authenticating user root 61.177.173.51 port 43993 [preauth]","@timestamp":"2022-09-12T11:39:51.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:41:25 honeypot-ams-1 sshd[12623]: Received disconnect from 182.253.28.123 port 58674:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:41:25.885Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:41:46 honeypot-fra-1 sshd[2831]: Invalid user user from 103.188.176.251 port 48390","@timestamp":"2022-09-12T11:41:46.067Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:42:37 honeypot-ams-1 sshd[12629]: Received disconnect from 92.255.85.69 port 46072:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:42:37.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:44:54 honeypot-ams-1 sshd[12637]: Received disconnect from 143.244.158.100 port 54380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:44:54.979Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:46:44 honeypot-ams-1 sshd[12644]: Received disconnect from 143.244.158.100 port 34558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:46:45.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:48:29 honeypot-ams-1 sshd[12648]: Received disconnect from 143.244.158.100 port 39534:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:48:30.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:49:49 honeypot-fra-1 sshd[2834]: Disconnected from invalid user kfrench 165.22.45.108 port 56988 [preauth]","@timestamp":"2022-09-12T11:49:50.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:50:17 honeypot-ams-1 sshd[12654]: Received disconnect from 143.244.158.100 port 57188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:50:18.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:52:03 honeypot-ams-1 sshd[12659]: Disconnected from authenticating user root 143.244.158.100 port 35074 [preauth]","@timestamp":"2022-09-12T11:52:04.176Z"}
{"@timestamp":"2022-09-12T11:53:29.288Z","@version":"1","message":"Sep 12 11:53:29 honeypot-sgp-1 kernel: [83859720.615657] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.133 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=32245 PROTO=TCP SPT=57890 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:53:47 honeypot-ams-1 sshd[12667]: Disconnected from authenticating user root 143.244.158.100 port 44708 [preauth]","@timestamp":"2022-09-12T11:53:48.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:55:44 honeypot-ams-1 sshd[12675]: Connection closed by invalid user userPgfF2xN52xEUobF0P3__wasadmin 193.106.191.157 port 37596 [preauth]","@timestamp":"2022-09-12T11:55:45.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:57:19 honeypot-fra-1 kernel: [83858266.584329] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=87.246.7.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=37229 PROTO=TCP SPT=58327 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:57:20.441Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:58:06 honeypot-ams-1 sshd[12682]: Disconnected from authenticating user root 143.244.158.100 port 58190 [preauth]","@timestamp":"2022-09-12T11:58:07.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:00:37 honeypot-ams-1 sshd[12692]: Disconnected from authenticating user root 143.244.158.100 port 45850 [preauth]","@timestamp":"2022-09-12T12:00:37.405Z"}
{"@timestamp":"2022-09-12T12:01:09.478Z","@version":"1","message":"Sep 12 12:01:09 honeypot-sgp-1 kernel: [83860180.733381] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.88.247 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=31077 PROTO=TCP SPT=44941 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:02:14 honeypot-ams-1 sshd[12697]: Received disconnect from 143.244.158.100 port 59372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:02:14.452Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:02:38 honeypot-fra-1 sshd[2846]: Invalid user User from 179.60.147.69 port 22068","@timestamp":"2022-09-12T12:02:39.568Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:03:22.535Z","@version":"1","message":"Sep 12 12:03:22 honeypot-sgp-1 kernel: [83860313.954235] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=54.37.163.160 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7689 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:03:54 honeypot-ams-1 sshd[12701]: Disconnected from authenticating user root 143.244.158.100 port 52290 [preauth]","@timestamp":"2022-09-12T12:03:55.498Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:04:32 honeypot-fra-1 kernel: [83858699.577181] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=12230 DF PROTO=TCP SPT=58096 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:04:32.615Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:06:06 honeypot-ams-1 sshd[12707]: Disconnected from authenticating user root 92.255.85.70 port 23604 [preauth]","@timestamp":"2022-09-12T12:06:06.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:07:34 honeypot-ams-1 sshd[12716]: Disconnected from authenticating user root 61.177.173.52 port 63157 [preauth]","@timestamp":"2022-09-12T12:07:35.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:08:20 honeypot-ams-1 sshd[12718]: Received disconnect from 143.244.158.100 port 42006:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:08:21.624Z"}
{"@timestamp":"2022-09-12T12:10:06.702Z","@version":"1","message":"Sep 12 12:10:06 honeypot-sgp-1 sshd[8008]: Disconnected from invalid user user7 154.209.4.54 port 41584 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:10:08 honeypot-ams-1 sshd[12724]: Received disconnect from 143.244.158.100 port 52648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:10:09.674Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:12:42 honeypot-ams-1 kernel: [83861346.994297] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14758 PROTO=TCP SPT=44004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:12:42.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:14:32 honeypot-ams-1 sshd[12736]: Disconnected from authenticating user root 143.244.158.100 port 43906 [preauth]","@timestamp":"2022-09-12T12:14:33.792Z"}
{"@timestamp":"2022-09-12T12:15:31.837Z","@version":"1","message":"Sep 12 12:15:31 honeypot-sgp-1 sshd[8011]: Disconnected from invalid user libsys 211.245.31.15 port 45548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:16:10 honeypot-ams-1 sshd[12743]: Received disconnect from 143.244.158.100 port 45584:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:16:10.840Z"}
{"@timestamp":"2022-09-12T12:17:01.876Z","@version":"1","message":"Sep 12 12:17:01 honeypot-sgp-1 CRON[8017]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:17:01 honeypot-fra-1 CRON[2851]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T12:17:01.902Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:17:08 honeypot-ams-1 sshd[12751]: Received disconnect from 61.177.173.51 port 24190:11:  [preauth]","@timestamp":"2022-09-12T12:17:08.867Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:50 honeypot-fra-1 sshd[2858]: Invalid user user from 45.61.186.49 port 46516","@timestamp":"2022-09-12T12:18:50.946Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:59 honeypot-fra-1 sshd[2862]: Invalid user user from 45.61.186.49 port 58224","@timestamp":"2022-09-12T12:18:59.949Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:19:32 honeypot-ams-1 sshd[12757]: Received disconnect from 143.244.158.100 port 59860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:19:32.930Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:24:49 honeypot-ams-1 sshd[12762]: Connection closed by 167.94.146.57 port 42850 [preauth]","@timestamp":"2022-09-12T12:24:50.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:25:02 honeypot-fra-1 sshd[2865]: Invalid user blue from 103.47.184.2 port 35482","@timestamp":"2022-09-12T12:25:03.089Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:26:27 honeypot-fra-1 sshd[2869]: Received disconnect from 92.255.85.69 port 61828:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:26:28.122Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:27:08 honeypot-ams-1 sshd[12766]: Connection closed by invalid user User 179.60.147.69 port 40794 [preauth]","@timestamp":"2022-09-12T12:27:09.140Z"}
{"@timestamp":"2022-09-12T12:29:37.180Z","@version":"1","message":"Sep 12 12:29:36 honeypot-sgp-1 sshd[8027]: Invalid user support from 77.221.4.98 port 59920","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:33:16 honeypot-ams-1 kernel: [83862580.880580] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.176.194.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=7543 PROTO=TCP SPT=23340 DPT=80 WINDOW=53133 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:33:16.298Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:36:03 honeypot-fra-1 sshd[2875]: Connection closed by invalid user User 179.60.147.69 port 49414 [preauth]","@timestamp":"2022-09-12T12:36:04.344Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:40:54.456Z","@version":"1","message":"Sep 12 12:40:54 honeypot-sgp-1 sshd[8032]: Disconnected from authenticating user root 175.144.17.41 port 32970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:41:40 honeypot-ams-1 sshd[12784]: Disconnected from invalid user user 45.61.184.204 port 59278 [preauth]","@timestamp":"2022-09-12T12:41:40.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:02 honeypot-ams-1 sshd[12788]: Disconnected from invalid user user 45.61.184.204 port 55698 [preauth]","@timestamp":"2022-09-12T12:42:02.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:21 honeypot-ams-1 sshd[12792]: Disconnected from invalid user user 45.61.184.204 port 52058 [preauth]","@timestamp":"2022-09-12T12:42:22.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:38 honeypot-ams-1 sshd[12796]: Disconnected from invalid user user 45.61.184.204 port 48426 [preauth]","@timestamp":"2022-09-12T12:42:39.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:45:43 honeypot-fra-1 sshd[2887]: Disconnected from invalid user ts3 43.132.183.192 port 57468 [preauth]","@timestamp":"2022-09-12T12:45:44.570Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2895]: Invalid user admin from 52.66.15.94 port 52472","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2894]: Connection closed by invalid user admin 52.66.15.94 port 52470 [preauth]","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:48:19.639Z","@version":"1","message":"Sep 12 12:48:19 honeypot-sgp-1 kernel: [83863010.997307] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=43825 DF PROTO=TCP SPT=60294 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:49:07 honeypot-ams-1 sshd[12805]: Disconnected from authenticating user root 201.217.143.51 port 34335 [preauth]","@timestamp":"2022-09-12T12:49:08.712Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:50:58 honeypot-ams-1 kernel: [83863642.820818] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=64610 DF PROTO=TCP SPT=62997 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T12:50:58.765Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:53:42 honeypot-fra-1 sshd[2909]: Invalid user test from 200.105.183.118 port 37666","@timestamp":"2022-09-12T12:53:42.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:54:23 honeypot-ams-1 sshd[12812]: Received disconnect from 61.177.173.53 port 22827:11:  [preauth]","@timestamp":"2022-09-12T12:54:23.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:57:11 honeypot-fra-1 sshd[2913]: Invalid user admin from 137.184.219.69 port 42642","@timestamp":"2022-09-12T12:57:11.841Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:00:48 honeypot-ams-1 sshd[12821]: Invalid user User from 179.60.147.69 port 2548","@timestamp":"2022-09-12T13:00:49.028Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:00:54 honeypot-fra-1 sshd[2918]: Invalid user khjin from 165.22.45.108 port 38818","@timestamp":"2022-09-12T13:00:54.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:03:45.046Z","@version":"1","message":"Sep 12 13:03:44 honeypot-sgp-1 kernel: [83863936.084297] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.197.40.144 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=926 DF PROTO=TCP SPT=55741 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:04:18 honeypot-ams-1 sshd[12830]: Received disconnect from 61.177.173.51 port 13961:11:  [preauth]","@timestamp":"2022-09-12T13:04:19.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:34 honeypot-fra-1 sshd[2922]: Disconnected from invalid user leganger 20.198.66.189 port 34806 [preauth]","@timestamp":"2022-09-12T13:05:35.037Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:47 honeypot-fra-1 sshd[2926]: Disconnected from invalid user user 45.61.186.169 port 36426 [preauth]","@timestamp":"2022-09-12T13:05:48.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:04 honeypot-fra-1 sshd[2932]: Invalid user user from 45.61.186.169 port 59768","@timestamp":"2022-09-12T13:06:05.051Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:21 honeypot-fra-1 sshd[2936]: Invalid user user from 45.61.186.169 port 54814","@timestamp":"2022-09-12T13:06:22.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:08:38 honeypot-fra-1 sshd[2940]: Did not receive identification string from 167.99.220.160 port 48472","@timestamp":"2022-09-12T13:08:39.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:47 honeypot-fra-1 sshd[2942]: Connection closed by invalid user User 179.60.147.69 port 59758 [preauth]","@timestamp":"2022-09-12T13:09:48.144Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:05 honeypot-fra-1 sshd[2948]: Disconnected from invalid user user 45.61.184.204 port 42298 [preauth]","@timestamp":"2022-09-12T13:10:06.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:23 honeypot-fra-1 sshd[2953]: Disconnected from invalid user user 45.61.184.204 port 37704 [preauth]","@timestamp":"2022-09-12T13:10:24.161Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:10:39.215Z","@version":"1","message":"Sep 12 13:10:38 honeypot-sgp-1 sshd[8044]: Disconnected from invalid user elsa 198.100.155.70 port 54678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:42 honeypot-fra-1 sshd[2957]: Disconnected from invalid user user 45.61.184.204 port 33118 [preauth]","@timestamp":"2022-09-12T13:10:42.169Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:13:57 honeypot-ams-1 sshd[12837]: Invalid user guest from 193.106.191.157 port 45860","@timestamp":"2022-09-12T13:13:57.370Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:16:26 honeypot-fra-1 sshd[2962]: Received disconnect from 51.38.49.17 port 37012:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:16:27.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:17:53.395Z","@version":"1","message":"Sep 12 13:17:52 honeypot-sgp-1 sshd[8054]: Invalid user user from 45.61.184.204 port 48362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:03.400Z","@version":"1","message":"Sep 12 13:18:03 honeypot-sgp-1 sshd[8056]: Disconnected from invalid user user 45.61.184.204 port 59930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:18:19 honeypot-fra-1 sshd[2967]: Received disconnect from 46.101.187.234 port 53688:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:18:19.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:18:23.410Z","@version":"1","message":"Sep 12 13:18:22 honeypot-sgp-1 sshd[8060]: Disconnected from invalid user user 45.61.184.204 port 54788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:38.418Z","@version":"1","message":"Sep 12 13:18:37 honeypot-sgp-1 kernel: [83864829.351795] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=15649 DF PROTO=TCP SPT=52978 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:50.424Z","@version":"1","message":"Sep 12 13:18:49 honeypot-sgp-1 sshd[8066]: Disconnected from invalid user user 45.61.184.204 port 32978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:19:15 honeypot-ams-1 kernel: [83865339.684561] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=37231 PROTO=TCP SPT=14027 DPT=80 WINDOW=32395 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:19:15.509Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:20:09 honeypot-fra-1 sshd[2973]: Received disconnect from 59.52.27.235 port 54768:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:20:09.392Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:27:31.633Z","@version":"1","message":"Sep 12 13:27:31 honeypot-sgp-1 sshd[8073]: Received disconnect from 157.245.122.58 port 43166:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:27:55 honeypot-fra-1 sshd[2976]: Received disconnect from 128.199.177.90 port 56012:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:27:56.570Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:29:22.679Z","@version":"1","message":"Sep 12 13:29:21 honeypot-sgp-1 sshd[8077]: Disconnected from invalid user odoo 157.245.122.58 port 42004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:30:44.716Z","@version":"1","message":"Sep 12 13:30:44 honeypot-sgp-1 kernel: [83865555.673706] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.20.227 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33193 PROTO=TCP SPT=52883 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:15 honeypot-fra-1 sshd[2981]: Invalid user user from 45.61.184.204 port 44390","@timestamp":"2022-09-12T13:31:15.645Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:34 honeypot-fra-1 sshd[2985]: Invalid user user from 45.61.184.204 port 39654","@timestamp":"2022-09-12T13:31:35.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:52 honeypot-fra-1 sshd[2989]: Invalid user user from 45.61.184.204 port 34920","@timestamp":"2022-09-12T13:31:53.664Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:32:03.753Z","@version":"1","message":"Sep 12 13:32:03 honeypot-sgp-1 sshd[8086]: Invalid user jonitwiso from 157.245.122.58 port 54374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:32:09 honeypot-fra-1 sshd[2993]: Invalid user user from 45.61.184.204 port 58430","@timestamp":"2022-09-12T13:32:09.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:33:30.792Z","@version":"1","message":"Sep 12 13:33:29 honeypot-sgp-1 sshd[8090]: Invalid user syretta from 138.197.19.166 port 54330","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:34:01 honeypot-ams-1 kernel: [83866226.398648] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=53045 PROTO=TCP SPT=30905 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:34:01.883Z"}
{"@timestamp":"2022-09-12T13:35:07.833Z","@version":"1","message":"Sep 12 13:35:07 honeypot-sgp-1 sshd[8094]: Received disconnect from 92.255.85.70 port 40416:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:35:53 honeypot-fra-1 sshd[2998]: Invalid user khlee from 165.22.45.108 port 43814","@timestamp":"2022-09-12T13:35:53.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:37:11 honeypot-ams-1 sshd[12866]: Invalid user aoseko from 165.227.204.174 port 50884","@timestamp":"2022-09-12T13:37:11.968Z"}
{"@timestamp":"2022-09-12T13:37:40.900Z","@version":"1","message":"Sep 12 13:37:40 honeypot-sgp-1 sshd[8100]: Invalid user user from 45.61.186.249 port 40974","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:37:59.910Z","@version":"1","message":"Sep 12 13:37:59 honeypot-sgp-1 sshd[8104]: Invalid user user from 45.61.186.249 port 36010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:04 honeypot-fra-1 sshd[3003]: Invalid user user from 141.255.162.226 port 44808","@timestamp":"2022-09-12T13:38:04.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:06 honeypot-fra-1 sshd[3007]: Invalid user user from 141.255.162.226 port 37366","@timestamp":"2022-09-12T13:38:06.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:10 honeypot-fra-1 sshd[3011]: Invalid user user from 141.255.162.226 port 51226","@timestamp":"2022-09-12T13:38:10.813Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:17.920Z","@version":"1","message":"Sep 12 13:38:17 honeypot-sgp-1 sshd[8108]: Invalid user user from 45.61.186.249 port 59304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:38:33.928Z","@version":"1","message":"Sep 12 13:38:33 honeypot-sgp-1 sshd[8112]: Invalid user user from 45.61.186.249 port 54358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:39:24 honeypot-ams-1 sshd[12872]: Received disconnect from 190.1.203.180 port 56576:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:39:25.029Z"}
{"@timestamp":"2022-09-12T13:40:02.967Z","@version":"1","message":"Sep 12 13:40:02 honeypot-sgp-1 sshd[8114]: Disconnected from 206.189.197.134 port 50726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:40:42 honeypot-ams-1 sshd[12876]: Received disconnect from 61.177.173.51 port 36721:11:  [preauth]","@timestamp":"2022-09-12T13:40:43.069Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:40:52 honeypot-fra-1 kernel: [83864479.652704] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=15069 PROTO=TCP SPT=52204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:40:53.885Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:45:32 honeypot-ams-1 kernel: [83866917.598214] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.133.58 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33143 PROTO=TCP SPT=22235 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:45:33.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:15 honeypot-ams-1 sshd[12888]: Received disconnect from 141.255.162.226 port 37622:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:46:16.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:18 honeypot-ams-1 sshd[12892]: Received disconnect from 141.255.162.226 port 51864:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:46:19.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:46:28 honeypot-fra-1 sshd[3019]: Disconnected from authenticating user root 128.199.171.119 port 47342 [preauth]","@timestamp":"2022-09-12T13:46:29.012Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:48:34 honeypot-ams-1 kernel: [83867099.099360] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.106.6.216 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=24773 PROTO=TCP SPT=43363 DPT=443 WINDOW=53524 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:48:35.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:51:13 honeypot-fra-1 sshd[3025]: Received disconnect from 206.81.15.128 port 34690:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:51:14.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:51:53 honeypot-fra-1 sshd[3028]: Disconnected from invalid user rahul 43.153.29.185 port 39106 [preauth]","@timestamp":"2022-09-12T13:51:54.141Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:55:25 honeypot-ams-1 sshd[12901]: Received disconnect from 61.177.173.37 port 47546:11:  [preauth]","@timestamp":"2022-09-12T13:55:25.464Z"}
{"@timestamp":"2022-09-12T13:57:09.388Z","@version":"1","message":"Sep 12 13:57:09 honeypot-sgp-1 kernel: [83867140.573598] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=28637 DF PROTO=TCP SPT=60067 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:59:32.450Z","@version":"1","message":"Sep 12 13:59:31 honeypot-sgp-1 sshd[8122]: Disconnected from invalid user user4 122.168.194.41 port 59752 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:00:16 honeypot-ams-1 sshd[12908]: Received disconnect from 61.177.173.51 port 52418:11:  [preauth]","@timestamp":"2022-09-12T14:00:17.594Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:04:41 honeypot-fra-1 kernel: [83865908.704425] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.201.142 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=54586 PROTO=TCP SPT=56914 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:04:42.426Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T14:07:05.640Z","@version":"1","message":"Sep 12 14:07:04 honeypot-sgp-1 sshd[8129]: Received disconnect from 8.213.129.130 port 46472:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:08:47 honeypot-ams-1 sshd[12915]: Received disconnect from 61.177.173.36 port 30280:11:  [preauth]","@timestamp":"2022-09-12T14:08:47.815Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:09:36 honeypot-ams-1 kernel: [83868361.022044] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.219.89.138 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=16310 DF PROTO=TCP SPT=58356 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:09:36.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:11:04 honeypot-fra-1 sshd[3039]: Disconnected from invalid user kibana 165.22.45.108 port 48810 [preauth]","@timestamp":"2022-09-12T14:11:04.589Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:17:01 honeypot-ams-1 CRON[12929]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T14:17:02.027Z"}
{"@timestamp":"2022-09-12T14:17:01.884Z","@version":"1","message":"Sep 12 14:17:01 honeypot-sgp-1 CRON[8132]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:17:46 honeypot-fra-1 sshd[3050]: Invalid user User from 179.60.147.69 port 2654","@timestamp":"2022-09-12T14:17:46.742Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:22:24 honeypot-ams-1 kernel: [83869129.100411] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.255.233.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=36050 PROTO=TCP SPT=46527 DPT=80 WINDOW=61423 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:22:25.187Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:31:24 honeypot-ams-1 kernel: [83869668.686618] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=2384 DF PROTO=TCP SPT=60309 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:31:24.428Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:33:36 honeypot-ams-1 kernel: [83869801.494921] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57651 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:33:37.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:34:59 honeypot-fra-1 kernel: [83867726.544960] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=50102 PROTO=TCP SPT=53457 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:35:00.124Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T14:37:22.399Z","@version":"1","message":"Sep 12 14:37:21 honeypot-sgp-1 sshd[8142]: Invalid user devops from 103.188.176.251 port 33532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:42:20.533Z","@version":"1","message":"Sep 12 14:42:20 honeypot-sgp-1 sshd[8149]: Did not receive identification string from 45.61.187.160 port 46758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:42:40 honeypot-fra-1 sshd[3059]: Disconnected from authenticating user root 165.22.97.194 port 33174 [preauth]","@timestamp":"2022-09-12T14:42:40.296Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:07.554Z","@version":"1","message":"Sep 12 14:43:07 honeypot-sgp-1 sshd[8152]: Disconnected from invalid user user 45.61.187.160 port 39474 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:15 honeypot-fra-1 sshd[3064]: Disconnected from invalid user user 45.61.187.160 port 51346 [preauth]","@timestamp":"2022-09-12T14:43:16.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:29.566Z","@version":"1","message":"Sep 12 14:43:29 honeypot-sgp-1 sshd[8157]: Disconnected from invalid user user 45.61.187.160 port 34520 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:37 honeypot-fra-1 sshd[3068]: Disconnected from invalid user user 45.61.187.160 port 46404 [preauth]","@timestamp":"2022-09-12T14:43:38.322Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:50.575Z","@version":"1","message":"Sep 12 14:43:50 honeypot-sgp-1 sshd[8161]: Disconnected from invalid user user 45.61.187.160 port 57798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:57 honeypot-fra-1 sshd[3072]: Disconnected from invalid user user 45.61.187.160 port 41436 [preauth]","@timestamp":"2022-09-12T14:43:58.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:44:53 honeypot-ams-1 sshd[12958]: Invalid user User from 179.60.147.69 port 22202","@timestamp":"2022-09-12T14:44:53.804Z"}
{"@timestamp":"2022-09-12T14:46:05.633Z","@version":"1","message":"Sep 12 14:46:05 honeypot-sgp-1 kernel: [83870076.758165] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=69.164.222.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=65326 PROTO=TCP SPT=44944 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:46:25 honeypot-fra-1 sshd[3076]: Disconnected from invalid user kibana 165.22.45.108 port 53676 [preauth]","@timestamp":"2022-09-12T14:46:26.390Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:50:00.736Z","@version":"1","message":"Sep 12 14:49:59 honeypot-sgp-1 sshd[8173]: Disconnected from authenticating user root 103.242.199.234 port 41938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:50:49 honeypot-ams-1 sshd[12963]: Disconnected from authenticating user root 92.255.85.69 port 59698 [preauth]","@timestamp":"2022-09-12T14:50:49.966Z"}
{"@timestamp":"2022-09-12T14:55:26.874Z","@version":"1","message":"Sep 12 14:55:25 honeypot-sgp-1 sshd[8178]: Received disconnect from 206.189.46.251 port 56840:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:05.944Z","@version":"1","message":"Sep 12 14:58:05 honeypot-sgp-1 sshd[8183]: Invalid user user from 45.61.186.49 port 56198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:58:08 honeypot-fra-1 kernel: [83869115.183177] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=17592 DF PROTO=TCP SPT=18616 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:58:08.649Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T14:58:16.949Z","@version":"1","message":"Sep 12 14:58:16 honeypot-sgp-1 sshd[8187]: Invalid user user from 45.61.186.49 port 39758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T15:07:14.176Z","@version":"1","message":"Sep 12 15:07:13 honeypot-sgp-1 kernel: [83871344.722690] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.96.73.34 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=244 ID=22134 PROTO=TCP SPT=54863 DPT=3389 WINDOW=63443 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:07:54 honeypot-ams-1 sshd[12976]: Received disconnect from 61.177.173.50 port 52178:11:  [preauth]","@timestamp":"2022-09-12T15:07:55.401Z"}
{"@timestamp":"2022-09-12T15:08:56.242Z","@version":"1","message":"Sep 12 15:08:55 honeypot-sgp-1 sshd[8195]: Invalid user rochester from 183.88.15.191 port 53080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:11:05 honeypot-fra-1 sshd[3087]: Disconnected from authenticating user root 92.255.85.70 port 62904 [preauth]","@timestamp":"2022-09-12T15:11:05.967Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:12:54.346Z","@version":"1","message":"Sep 12 15:12:54 honeypot-sgp-1 kernel: [83871685.519749] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53363 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:11 honeypot-ams-1 sshd[12981]: Did not receive identification string from 45.61.187.160 port 53038","@timestamp":"2022-09-12T15:15:12.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:49 honeypot-ams-1 sshd[12986]: Invalid user user from 45.61.187.160 port 54066","@timestamp":"2022-09-12T15:15:49.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:59 honeypot-ams-1 sshd[12990]: Received disconnect from 45.61.187.160 port 37286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:16:00.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:17 honeypot-ams-1 sshd[12994]: Received disconnect from 45.61.187.160 port 60186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:16:17.621Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:34 honeypot-ams-1 sshd[12998]: Received disconnect from 45.61.187.160 port 54854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:16:35.630Z"}
{"@timestamp":"2022-09-12T15:17:25.464Z","@version":"1","message":"Sep 12 15:17:25 honeypot-sgp-1 kernel: [83871956.410872] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1233 PROTO=TCP SPT=49753 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:18:31 honeypot-ams-1 sshd[13006]: Disconnected from authenticating user root 61.177.173.36 port 60519 [preauth]","@timestamp":"2022-09-12T15:18:31.684Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:21:45 honeypot-fra-1 sshd[3096]: Received disconnect from 165.22.45.108 port 58510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:21:46.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:22:36.596Z","@version":"1","message":"Sep 12 15:22:36 honeypot-sgp-1 sshd[8208]: Disconnected from invalid user dev 138.197.142.81 port 58736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:20 honeypot-fra-1 sshd[3100]: Received disconnect from 198.98.61.9 port 54174:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:27:21.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:38 honeypot-fra-1 sshd[3104]: Received disconnect from 198.98.61.9 port 49334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:27:39.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:55 honeypot-fra-1 sshd[3108]: Invalid user user from 198.98.61.9 port 44492","@timestamp":"2022-09-12T15:27:55.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:28:15 honeypot-fra-1 sshd[3112]: Invalid user user from 198.98.61.9 port 39664","@timestamp":"2022-09-12T15:28:16.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:31:57 honeypot-fra-1 sshd[3117]: Invalid user User from 179.60.147.69 port 31108","@timestamp":"2022-09-12T15:31:57.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:32:46 honeypot-ams-1 sshd[13016]: Received disconnect from 61.177.173.52 port 62834:11:  [preauth]","@timestamp":"2022-09-12T15:32:47.051Z"}
{"@timestamp":"2022-09-12T15:34:35.890Z","@version":"1","message":"Sep 12 15:34:35 honeypot-sgp-1 sshd[8652]: Received disconnect from 193.46.199.36 port 43688:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:38 honeypot-fra-1 sshd[3124]: Invalid user user from 45.61.186.49 port 33904","@timestamp":"2022-09-12T15:36:38.575Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:36:47 honeypot-ams-1 sshd[13022]: Disconnected from authenticating user root 92.255.85.69 port 40372 [preauth]","@timestamp":"2022-09-12T15:36:48.158Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:51 honeypot-fra-1 sshd[3128]: Invalid user user from 45.61.186.49 port 45308","@timestamp":"2022-09-12T15:36:52.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:15 honeypot-ams-1 sshd[13026]: Disconnected from invalid user user 45.61.184.204 port 33002 [preauth]","@timestamp":"2022-09-12T15:37:16.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:35 honeypot-ams-1 sshd[13030]: Disconnected from invalid user user 45.61.184.204 port 56952 [preauth]","@timestamp":"2022-09-12T15:37:36.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:54 honeypot-ams-1 sshd[13035]: Received disconnect from 45.61.184.204 port 52670:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:37:55.198Z"}
{"@timestamp":"2022-09-12T15:38:09.979Z","@version":"1","message":"Sep 12 15:38:09 honeypot-sgp-1 sshd[8656]: Received disconnect from 23.94.194.115 port 57548:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:38:19 honeypot-fra-1 kernel: [83871525.514128] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52787 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:38:19.616Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:39:58 honeypot-ams-1 kernel: [83873782.765009] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=33301 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:39:58.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:45:51 honeypot-ams-1 sshd[13049]: Disconnected from invalid user user 45.61.187.160 port 33234 [preauth]","@timestamp":"2022-09-12T15:45:51.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:12 honeypot-ams-1 sshd[13053]: Invalid user user from 45.61.187.160 port 56028","@timestamp":"2022-09-12T15:46:12.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:30 honeypot-ams-1 sshd[13057]: Invalid user user from 45.61.187.160 port 50594","@timestamp":"2022-09-12T15:46:31.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:49 honeypot-ams-1 sshd[13061]: Invalid user user from 45.61.187.160 port 45160","@timestamp":"2022-09-12T15:46:49.441Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:52:34 honeypot-fra-1 sshd[3136]: Connection closed by invalid user guest 148.66.39.117 port 60226 [preauth]","@timestamp":"2022-09-12T15:52:34.935Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:52:49 honeypot-ams-1 sshd[13068]: Received disconnect from 61.177.173.36 port 51264:11:  [preauth]","@timestamp":"2022-09-12T15:52:49.597Z"}
{"@timestamp":"2022-09-12T15:55:51.404Z","@version":"1","message":"Sep 12 15:55:51 honeypot-sgp-1 sshd[8663]: Connection closed by invalid user User 179.60.147.69 port 15632 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:56:52 honeypot-fra-1 sshd[3142]: Received disconnect from 165.22.45.108 port 35104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:56:53.034Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:58:54 honeypot-ams-1 sshd[13073]: Connection closed by invalid user User 179.60.147.69 port 48686 [preauth]","@timestamp":"2022-09-12T15:58:54.754Z"}
{"@timestamp":"2022-09-12T16:01:56.553Z","@version":"1","message":"Sep 12 16:01:56 honeypot-sgp-1 sshd[8668]: Disconnected from invalid user postgres 51.38.227.101 port 43736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:02:59 honeypot-fra-1 sshd[3149]: Disconnected from authenticating user root 96.78.175.36 port 36406 [preauth]","@timestamp":"2022-09-12T16:03:00.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:02 honeypot-fra-1 sshd[3157]: Invalid user vagrant from 122.128.79.246 port 56326","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3170]: Invalid user es from 122.128.79.246 port 56370","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3168]: Invalid user ftpuser from 122.128.79.246 port 56324","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3179]: Invalid user ec2-user from 122.128.79.246 port 56402","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3164]: Invalid user es from 122.128.79.246 port 56388","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3156]: Connection closed by invalid user mysql 122.128.79.246 port 56358 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3169]: Connection closed by invalid user esuser 122.128.79.246 port 56394 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3161]: Connection closed by invalid user ec2-user 122.128.79.246 port 56372 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3175]: Connection closed by invalid user es 122.128.79.246 port 56346 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:49 honeypot-fra-1 sshd[3211]: Invalid user User from 179.60.147.69 port 6198","@timestamp":"2022-09-12T16:08:49.304Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:05 honeypot-fra-1 sshd[3216]: Invalid user user from 45.61.186.49 port 37074","@timestamp":"2022-09-12T16:09:06.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:15 honeypot-fra-1 sshd[3220]: Invalid user user from 45.61.186.49 port 48748","@timestamp":"2022-09-12T16:09:16.317Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:10:14 honeypot-ams-1 sshd[13078]: Received disconnect from 178.46.163.191 port 50816:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:10:15.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:15:28 honeypot-ams-1 sshd[13085]: Invalid user fujimoto from 200.94.86.84 port 50141","@timestamp":"2022-09-12T16:15:29.183Z"}
{"@timestamp":"2022-09-12T16:17:01.948Z","@version":"1","message":"Sep 12 16:17:01 honeypot-sgp-1 CRON[8674]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:17:15 honeypot-fra-1 kernel: [83873862.210216] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.6.130.144 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49215 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:17:16.513Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T16:20:19.031Z","@version":"1","message":"Sep 12 16:20:18 honeypot-sgp-1 sshd[8681]: Received disconnect from 84.154.21.138 port 35708:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:21:10 honeypot-fra-1 sshd[3229]: Invalid user es from 207.254.224.220 port 46114","@timestamp":"2022-09-12T16:21:11.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:22:00 honeypot-ams-1 sshd[13093]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-12T16:22:00.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:22:09 honeypot-fra-1 sshd[3232]: Disconnected from invalid user svn 159.65.156.159 port 33064 [preauth]","@timestamp":"2022-09-12T16:22:10.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3243]: Invalid user oracle from 1.13.177.251 port 47630","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3246]: Invalid user mysql from 1.13.177.251 port 47692","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3248]: Invalid user testuser from 1.13.177.251 port 47656","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3240]: Connection closed by authenticating user root 1.13.177.251 port 47674 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3243]: Connection closed by invalid user oracle 1.13.177.251 port 47630 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3257]: Connection closed by authenticating user root 1.13.177.251 port 47682 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3258]: Connection closed by invalid user devops 1.13.177.251 port 47686 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3252]: Connection closed by invalid user test 1.13.177.251 port 47672 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:54 honeypot-fra-1 sshd[3295]: Invalid user www from 1.13.177.251 port 47670","@timestamp":"2022-09-12T16:23:55.671Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:24:24.131Z","@version":"1","message":"Sep 12 16:24:23 honeypot-sgp-1 sshd[8685]: Disconnected from invalid user katja 177.37.164.118 port 42320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:26:37 honeypot-ams-1 kernel: [83876582.332900] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=46182 DF PROTO=TCP SPT=53407 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T16:26:38.471Z"}
{"@timestamp":"2022-09-12T16:30:43.315Z","@version":"1","message":"Sep 12 16:30:42 honeypot-sgp-1 sshd[8691]: Received disconnect from 143.198.39.132 port 56740:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:33:37.388Z","@version":"1","message":"Sep 12 16:33:36 honeypot-sgp-1 sshd[8695]: Received disconnect from 134.209.198.12 port 58410:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:36:29.461Z","@version":"1","message":"Sep 12 16:36:28 honeypot-sgp-1 sshd[8701]: Invalid user  from 64.62.197.92 port 29592","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:36:51 honeypot-fra-1 kernel: [83875038.102045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.124 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56209 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:36:51.953Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T16:37:43.494Z","@version":"1","message":"Sep 12 16:37:42 honeypot-sgp-1 sshd[8706]: Invalid user frappe from 195.19.105.13 port 40885","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:38:40 honeypot-ams-1 kernel: [83877305.236066] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47803 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:38:40.780Z"}
{"@timestamp":"2022-09-12T16:41:47.593Z","@version":"1","message":"Sep 12 16:41:47 honeypot-sgp-1 sshd[8712]: Invalid user ns from 157.230.9.57 port 37774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:43:24 honeypot-fra-1 sshd[3748]: Connection closed by invalid user User 179.60.147.69 port 10694 [preauth]","@timestamp":"2022-09-12T16:43:25.100Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:44:11.651Z","@version":"1","message":"Sep 12 16:44:11 honeypot-sgp-1 kernel: [83877162.487430] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=58389 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:47:09 honeypot-fra-1 sshd[3755]: Invalid user ftp from 193.106.191.157 port 49894","@timestamp":"2022-09-12T16:47:10.211Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:48:38 honeypot-ams-1 sshd[13106]: Invalid user postgres from 68.183.177.69 port 37436","@timestamp":"2022-09-12T16:48:39.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:49:28 honeypot-ams-1 sshd[13108]: Invalid user lucent01 from 107.173.159.85 port 40712","@timestamp":"2022-09-12T16:49:29.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:50:37 honeypot-fra-1 sshd[3763]: Received disconnect from 51.15.83.17 port 18051:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:50:38.292Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:17 honeypot-ams-1 sshd[13117]: Disconnected from authenticating user root 206.189.14.223 port 45322 [preauth]","@timestamp":"2022-09-12T16:51:18.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:50 honeypot-ams-1 sshd[13119]: Received disconnect from 60.210.40.210 port 2420:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:51:51.132Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:53:12 honeypot-fra-1 sshd[3767]: Invalid user jmuser from 190.129.60.186 port 53784","@timestamp":"2022-09-12T16:53:13.353Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:54:01 honeypot-fra-1 sshd[3772]: Received disconnect from 172.104.51.35 port 49636:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:54:01.373Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:54:16 honeypot-ams-1 sshd[13124]: Received disconnect from 80.107.88.203 port 58358:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:54:17.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:55:19 honeypot-ams-1 sshd[13128]: Connection closed by invalid user ftp 193.106.191.157 port 56600 [preauth]","@timestamp":"2022-09-12T16:55:19.225Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:56:57 honeypot-ams-1 sshd[13132]: Disconnected from invalid user enr 194.31.55.148 port 37854 [preauth]","@timestamp":"2022-09-12T16:56:57.272Z"}
{"@timestamp":"2022-09-12T17:01:38.088Z","@version":"1","message":"Sep 12 17:01:37 honeypot-sgp-1 sshd[8720]: Received disconnect from 167.71.235.223 port 57772:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:02:21 honeypot-ams-1 sshd[13139]: Invalid user mo from 68.183.52.2 port 34264","@timestamp":"2022-09-12T17:02:22.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:05:04 honeypot-ams-1 sshd[13143]: Connection closed by invalid user ftp 193.106.191.157 port 40772 [preauth]","@timestamp":"2022-09-12T17:05:05.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:07:24 honeypot-fra-1 sshd[3779]: Received disconnect from 165.22.45.108 port 44740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:07:25.670Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:07:47.238Z","@version":"1","message":"Sep 12 17:07:46 honeypot-sgp-1 sshd[8727]: Invalid user guest from 183.64.62.34 port 41605","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:07:50 honeypot-ams-1 sshd[13150]: Received disconnect from 46.101.253.249 port 46235:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:07:50.559Z"}
{"@timestamp":"2022-09-12T17:08:55.268Z","@version":"1","message":"Sep 12 17:08:54 honeypot-sgp-1 sshd[8731]: Invalid user user1 from 103.188.176.251 port 43826","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:09:01 honeypot-fra-1 CRON[3783]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T17:09:01.709Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:09:02.273Z","@version":"1","message":"Sep 12 17:09:01 honeypot-sgp-1 CRON[8735]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:09:01 honeypot-ams-1 CRON[13154]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T17:09:02.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:12:39 honeypot-ams-1 sshd[13160]: Disconnected from invalid user fox 141.8.195.167 port 60018 [preauth]","@timestamp":"2022-09-12T17:12:39.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:13:17 honeypot-fra-1 sshd[3789]: Did not receive identification string from 103.231.214.252 port 10668","@timestamp":"2022-09-12T17:13:18.811Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:16:56 honeypot-fra-1 sshd[3794]: Connection closed by invalid user User 179.60.147.69 port 39414 [preauth]","@timestamp":"2022-09-12T17:16:56.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:19:00 honeypot-fra-1 sshd[3804]: Connection closed by invalid user admin 141.98.10.158 port 46550 [preauth]","@timestamp":"2022-09-12T17:19:00.944Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:19:54.535Z","@version":"1","message":"Sep 12 17:19:54 honeypot-sgp-1 kernel: [83879305.298678] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56360 PROTO=TCP SPT=58257 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:20:11 honeypot-ams-1 sshd[13166]: Received disconnect from 180.167.207.234 port 46029:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:20:11.895Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:22:09 honeypot-ams-1 sshd[13170]: Invalid user anu from 165.227.167.225 port 50476","@timestamp":"2022-09-12T17:22:10.948Z"}
{"@timestamp":"2022-09-12T17:23:09.615Z","@version":"1","message":"Sep 12 17:23:09 honeypot-sgp-1 sshd[8745]: Received disconnect from 43.154.17.218 port 53790:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:23:40 honeypot-fra-1 sshd[3810]: Connection closed by 103.231.214.252 port 12117 [preauth]","@timestamp":"2022-09-12T17:23:41.053Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:25:47.680Z","@version":"1","message":"Sep 12 17:25:46 honeypot-sgp-1 sshd[8750]: Invalid user fred from 92.80.217.82 port 51154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:26:47 honeypot-fra-1 sshd[3817]: Connection closed by 103.231.214.252 port 17552 [preauth]","@timestamp":"2022-09-12T17:26:48.127Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:28:15 honeypot-fra-1 sshd[3822]: Received disconnect from 129.205.124.253 port 36474:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:28:16.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:28:16 honeypot-ams-1 sshd[13174]: Invalid user admin from 46.243.226.11 port 48488","@timestamp":"2022-09-12T17:28:17.106Z"}
{"@timestamp":"2022-09-12T17:28:52.756Z","@version":"1","message":"Sep 12 17:28:52 honeypot-sgp-1 sshd[8754]: Received disconnect from 92.255.85.70 port 33392:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:30:36 honeypot-ams-1 sshd[13177]: Disconnected from invalid user ts3bot3 188.166.95.44 port 42468 [preauth]","@timestamp":"2022-09-12T17:30:37.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:30:38 honeypot-fra-1 sshd[3830]: Disconnected from authenticating user root 92.255.85.70 port 16726 [preauth]","@timestamp":"2022-09-12T17:30:38.220Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:31:41 honeypot-ams-1 kernel: [83880485.727881] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=32496 DF PROTO=TCP SPT=40993 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:31:42.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:32:36 honeypot-ams-1 sshd[13186]: Invalid user alceu from 159.65.77.254 port 57034","@timestamp":"2022-09-12T17:32:37.223Z"}
{"@timestamp":"2022-09-12T17:32:38.849Z","@version":"1","message":"Sep 12 17:32:38 honeypot-sgp-1 sshd[8760]: Received disconnect from 198.98.61.9 port 43062:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:01.861Z","@version":"1","message":"Sep 12 17:33:01 honeypot-sgp-1 sshd[8764]: Received disconnect from 198.98.61.9 port 39200:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:20.870Z","@version":"1","message":"Sep 12 17:33:20 honeypot-sgp-1 sshd[8768]: Received disconnect from 198.98.61.9 port 35346:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:33:29 honeypot-ams-1 sshd[13190]: Disconnected from authenticating user root 4.7.94.244 port 51532 [preauth]","@timestamp":"2022-09-12T17:33:30.249Z"}
{"@timestamp":"2022-09-12T17:33:39.881Z","@version":"1","message":"Sep 12 17:33:39 honeypot-sgp-1 sshd[8772]: Received disconnect from 198.98.61.9 port 59716:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:35:21 honeypot-ams-1 sshd[13194]: Disconnected from invalid user su 129.226.167.18 port 34000 [preauth]","@timestamp":"2022-09-12T17:35:21.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:36:10 honeypot-fra-1 sshd[3844]: Connection closed by 103.231.214.252 port 38940 [preauth]","@timestamp":"2022-09-12T17:36:11.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:36:56 honeypot-ams-1 kernel: [83880801.455982] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2446 PROTO=TCP SPT=58888 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:36:57.346Z"}
{"@timestamp":"2022-09-12T17:39:38.028Z","@version":"1","message":"Sep 12 17:39:37 honeypot-sgp-1 kernel: [83880488.720938] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=53163 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:40:37 honeypot-ams-1 sshd[13203]: Received disconnect from 2.232.250.91 port 49302:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:40:38.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:42:25 honeypot-fra-1 sshd[3856]: Connection closed by 103.231.214.252 port 45622 [preauth]","@timestamp":"2022-09-12T17:42:26.490Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:43:33 honeypot-ams-1 kernel: [83881198.115968] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=62535 PROTO=TCP SPT=10978 DPT=80 WINDOW=25250 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:43:34.513Z"}
{"@timestamp":"2022-09-12T17:45:15.162Z","@version":"1","message":"Sep 12 17:45:14 honeypot-sgp-1 sshd[8780]: Disconnected from authenticating user root 111.193.237.29 port 42128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:46:13 honeypot-fra-1 sshd[3865]: Did not receive identification string from 161.35.231.174 port 60000","@timestamp":"2022-09-12T17:46:14.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:48:11 honeypot-fra-1 sshd[3871]: Disconnected from authenticating user nobody 103.113.104.43 port 35534 [preauth]","@timestamp":"2022-09-12T17:48:12.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:50:14 honeypot-fra-1 sshd[3879]: Connection closed by 103.231.214.252 port 46396 [preauth]","@timestamp":"2022-09-12T17:50:15.674Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:51:26 honeypot-ams-1 kernel: [83881671.430496] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=29581 PROTO=TCP SPT=40115 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:51:27.715Z"}
{"@timestamp":"2022-09-12T17:52:33.336Z","@version":"1","message":"Sep 12 17:52:33 honeypot-sgp-1 sshd[8787]: Received disconnect from 60.250.94.62 port 52361:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:53:58 honeypot-fra-1 sshd[3888]: Received disconnect from 92.255.85.70 port 25788:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:53:58.761Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:18 honeypot-ams-1 sshd[13217]: Invalid user user from 45.61.184.204 port 60346","@timestamp":"2022-09-12T17:56:19.844Z"}
{"@timestamp":"2022-09-12T17:56:23.427Z","@version":"1","message":"Sep 12 17:56:23 honeypot-sgp-1 kernel: [83881494.600660] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.136 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42638 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:37 honeypot-ams-1 sshd[13221]: Invalid user user from 45.61.184.204 port 55500","@timestamp":"2022-09-12T17:56:37.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:46 honeypot-ams-1 sshd[13223]: Received disconnect from 45.61.184.204 port 38942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:56:46.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:54 honeypot-ams-1 sshd[13227]: Disconnected from invalid user user 45.61.184.204 port 50626 [preauth]","@timestamp":"2022-09-12T17:56:55.864Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:58:03 honeypot-fra-1 sshd[3896]: Connection closed by 103.231.214.252 port 58778 [preauth]","@timestamp":"2022-09-12T17:58:03.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:01:33 honeypot-ams-1 kernel: [83882277.897673] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=51025 PROTO=TCP SPT=53323 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:01:33.999Z"}
{"@timestamp":"2022-09-12T18:01:38.554Z","@version":"1","message":"Sep 12 18:01:38 honeypot-sgp-1 sshd[8795]: Disconnected from authenticating user root 157.245.252.34 port 41498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:02:00 honeypot-fra-1 kernel: [83880146.800135] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32460 PROTO=TCP SPT=31922 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:02:00.948Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:02:49 honeypot-fra-1 sshd[3905]: Connection closed by authenticating user root 193.106.191.157 port 55682 [preauth]","@timestamp":"2022-09-12T18:02:49.970Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:04:23.622Z","@version":"1","message":"Sep 12 18:04:23 honeypot-sgp-1 sshd[8801]: Disconnected from invalid user user 45.61.184.204 port 35938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:04:43.633Z","@version":"1","message":"Sep 12 18:04:42 honeypot-sgp-1 sshd[8806]: Disconnected from invalid user user 45.61.184.204 port 59278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:00 honeypot-ams-1 sshd[13246]: Received disconnect from 188.250.234.67 port 36126:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:00.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:00 honeypot-ams-1 sshd[13250]: Disconnected from invalid user ubnt 188.250.234.67 port 36175 [preauth]","@timestamp":"2022-09-12T18:05:01.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:02 honeypot-ams-1 sshd[13256]: Disconnected from authenticating user root 188.250.234.67 port 36240 [preauth]","@timestamp":"2022-09-12T18:05:03.100Z"}
{"@timestamp":"2022-09-12T18:05:03.643Z","@version":"1","message":"Sep 12 18:05:02 honeypot-sgp-1 sshd[8810]: Disconnected from invalid user user 45.61.184.204 port 54394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:03 honeypot-ams-1 sshd[13262]: Disconnected from authenticating user root 188.250.234.67 port 36293 [preauth]","@timestamp":"2022-09-12T18:05:04.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:04 honeypot-ams-1 sshd[13268]: Disconnected from authenticating user root 188.250.234.67 port 36340 [preauth]","@timestamp":"2022-09-12T18:05:05.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:06 honeypot-ams-1 sshd[13274]: Disconnected from authenticating user root 188.250.234.67 port 36380 [preauth]","@timestamp":"2022-09-12T18:05:06.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:07 honeypot-ams-1 sshd[13280]: Disconnected from authenticating user root 188.250.234.67 port 36422 [preauth]","@timestamp":"2022-09-12T18:05:08.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:08 honeypot-ams-1 sshd[13286]: Disconnected from authenticating user root 188.250.234.67 port 36455 [preauth]","@timestamp":"2022-09-12T18:05:09.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:09 honeypot-ams-1 sshd[13292]: Disconnected from authenticating user root 188.250.234.67 port 36493 [preauth]","@timestamp":"2022-09-12T18:05:10.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:11 honeypot-ams-1 sshd[13298]: Disconnected from authenticating user root 188.250.234.67 port 36559 [preauth]","@timestamp":"2022-09-12T18:05:12.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:12 honeypot-ams-1 sshd[13304]: Disconnected from authenticating user root 188.250.234.67 port 36628 [preauth]","@timestamp":"2022-09-12T18:05:13.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:13 honeypot-ams-1 sshd[13310]: Disconnected from authenticating user root 188.250.234.67 port 36672 [preauth]","@timestamp":"2022-09-12T18:05:14.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:15 honeypot-ams-1 sshd[13316]: Disconnected from authenticating user root 188.250.234.67 port 36712 [preauth]","@timestamp":"2022-09-12T18:05:15.109Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:15 honeypot-ams-1 sshd[13320]: Disconnected from invalid user admin 188.250.234.67 port 36736 [preauth]","@timestamp":"2022-09-12T18:05:16.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:16 honeypot-ams-1 sshd[13324]: Disconnected from invalid user admin 188.250.234.67 port 36766 [preauth]","@timestamp":"2022-09-12T18:05:17.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:17 honeypot-ams-1 sshd[13328]: Disconnected from invalid user admin 188.250.234.67 port 36791 [preauth]","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:18 honeypot-ams-1 sshd[13332]: Disconnected from invalid user admin 188.250.234.67 port 36809 [preauth]","@timestamp":"2022-09-12T18:05:19.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:19 honeypot-ams-1 sshd[13336]: Disconnected from invalid user admin 188.250.234.67 port 36838 [preauth]","@timestamp":"2022-09-12T18:05:20.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:20 honeypot-ams-1 sshd[13342]: Received disconnect from 188.250.234.67 port 36886:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:21.115Z"}
{"@timestamp":"2022-09-12T18:05:21.654Z","@version":"1","message":"Sep 12 18:05:20 honeypot-sgp-1 sshd[8814]: Received disconnect from 45.61.184.204 port 49506:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:21 honeypot-ams-1 sshd[13346]: Received disconnect from 188.250.234.67 port 36929:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:22.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:22 honeypot-ams-1 sshd[13350]: Received disconnect from 188.250.234.67 port 36973:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:23.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:23 honeypot-ams-1 sshd[13355]: Received disconnect from 188.250.234.67 port 37003:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:24 honeypot-ams-1 sshd[13359]: Received disconnect from 188.250.234.67 port 37028:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:24 honeypot-ams-1 sshd[13363]: Received disconnect from 188.250.234.67 port 37054:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:25.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:25 honeypot-ams-1 sshd[13367]: Received disconnect from 188.250.234.67 port 37071:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:26.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:26 honeypot-ams-1 sshd[13371]: Received disconnect from 188.250.234.67 port 37088:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:27 honeypot-ams-1 sshd[13375]: Received disconnect from 188.250.234.67 port 37112:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:28.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:28 honeypot-ams-1 sshd[13379]: Received disconnect from 188.250.234.67 port 37130:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:29.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:29 honeypot-ams-1 sshd[13383]: Received disconnect from 188.250.234.67 port 37146:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:30.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:30 honeypot-ams-1 sshd[13387]: Received disconnect from 188.250.234.67 port 37163:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:30.123Z"}
{"@timestamp":"2022-09-12T18:06:14.679Z","@version":"1","message":"Sep 12 18:06:13 honeypot-sgp-1 sshd[8818]: Disconnected from authenticating user root 123.22.57.119 port 53058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:07:27 honeypot-fra-1 sshd[3914]: Connection closed by 103.231.214.252 port 35954 [preauth]","@timestamp":"2022-09-12T18:07:28.079Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:09:26.763Z","@version":"1","message":"Sep 12 18:09:26 honeypot-sgp-1 sshd[8823]: Received disconnect from 201.217.194.32 port 30876:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:10:14.785Z","@version":"1","message":"Sep 12 18:10:14 honeypot-sgp-1 kernel: [83882325.789341] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=53459 DF PROTO=TCP SPT=61491 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:10:24 honeypot-ams-1 kernel: [83882809.098682] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34772 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:10:25.269Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:11:11 honeypot-fra-1 sshd[3923]: Connection closed by invalid user guest 125.19.244.54 port 46120 [preauth]","@timestamp":"2022-09-12T18:11:12.168Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:11:44 honeypot-ams-1 sshd[13395]: Received disconnect from 45.61.186.169 port 56184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:11:45.310Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:03 honeypot-ams-1 sshd[13399]: Received disconnect from 45.61.186.169 port 51080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:12:03.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:20 honeypot-ams-1 sshd[13405]: Received disconnect from 165.227.160.124 port 59052:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:12:21.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:29 honeypot-ams-1 sshd[13407]: Received disconnect from 45.61.186.169 port 57558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:12:29.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:13:53 honeypot-fra-1 kernel: [83880859.471905] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=4923 PROTO=TCP SPT=41363 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:13:54.233Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:13:59.879Z","@version":"1","message":"Sep 12 18:13:58 honeypot-sgp-1 sshd[8833]: Received disconnect from 129.226.182.174 port 55954:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:14:27 honeypot-ams-1 sshd[13412]: Invalid user User from 179.60.147.69 port 26858","@timestamp":"2022-09-12T18:14:28.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:44 honeypot-ams-1 sshd[13417]: Invalid user user from 141.255.162.226 port 60388","@timestamp":"2022-09-12T18:15:45.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:48 honeypot-ams-1 sshd[13421]: Invalid user user from 141.255.162.226 port 39144","@timestamp":"2022-09-12T18:15:49.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:50 honeypot-ams-1 sshd[13425]: Invalid user user from 141.255.162.226 port 46130","@timestamp":"2022-09-12T18:15:51.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:17:01 honeypot-fra-1 CRON[3939]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T18:17:02.305Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:17:01 honeypot-ams-1 CRON[13429]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T18:17:02.459Z"}
{"@timestamp":"2022-09-12T18:17:21.964Z","@version":"1","message":"Sep 12 18:17:21 honeypot-sgp-1 sshd[8841]: Received disconnect from 221.140.57.201 port 49264:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:18:24 honeypot-fra-1 sshd[3946]: Connection closed by 103.231.214.252 port 23529 [preauth]","@timestamp":"2022-09-12T18:18:25.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:20:24 honeypot-ams-1 sshd[13511]: Disconnected from invalid user kundert 200.111.119.58 port 37694 [preauth]","@timestamp":"2022-09-12T18:20:24.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:22:28 honeypot-fra-1 sshd[3955]: Disconnected from authenticating user root 206.189.213.126 port 43370 [preauth]","@timestamp":"2022-09-12T18:22:29.432Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:23:44 honeypot-ams-1 sshd[13515]: Disconnected from authenticating user root 101.178.223.39 port 43914 [preauth]","@timestamp":"2022-09-12T18:23:45.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:24:18 honeypot-ams-1 sshd[13522]: Invalid user search from 102.216.117.235 port 50408","@timestamp":"2022-09-12T18:24:18.650Z"}
{"@timestamp":"2022-09-12T18:24:59.144Z","@version":"1","message":"Sep 12 18:24:58 honeypot-sgp-1 kernel: [83883209.920315] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=42.224.65.138 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19208 DF PROTO=TCP SPT=36294 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:26:14 honeypot-fra-1 kernel: [83881600.996489] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33521 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:26:15.520Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:28:09.223Z","@version":"1","message":"Sep 12 18:28:08 honeypot-sgp-1 sshd[8851]: Invalid user hnd from 106.51.72.221 port 50488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:28:56 honeypot-fra-1 sshd[3972]: Received disconnect from 157.130.44.246 port 42484:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:28:56.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:29:35 honeypot-fra-1 sshd[3978]: Received disconnect from 38.72.132.40 port 60252:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:29:36.603Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:31:36 honeypot-ams-1 sshd[13525]: Invalid user ts3 from 164.92.197.101 port 43868","@timestamp":"2022-09-12T18:31:36.843Z"}
{"@timestamp":"2022-09-12T18:32:16.323Z","@version":"1","message":"Sep 12 18:32:15 honeypot-sgp-1 sshd[8856]: Invalid user db2inst1 from 190.145.123.26 port 36508","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:33:22 honeypot-fra-1 sshd[3985]: Disconnected from invalid user darbee 154.86.27.92 port 53068 [preauth]","@timestamp":"2022-09-12T18:33:23.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:37:13 honeypot-fra-1 sshd[3993]: Connection closed by 103.231.214.252 port 23439 [preauth]","@timestamp":"2022-09-12T18:37:13.778Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:43:14 honeypot-ams-1 sshd[13530]: Received disconnect from 92.255.85.69 port 30226:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:43:14.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:43:30 honeypot-fra-1 sshd[4004]: Connection closed by 103.231.214.252 port 21736 [preauth]","@timestamp":"2022-09-12T18:43:30.921Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:44:09.624Z","@version":"1","message":"Sep 12 18:44:08 honeypot-sgp-1 kernel: [83884360.155248] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.78 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39700 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:47:38 honeypot-ams-1 sshd[13532]: Connection closed by invalid user User 179.60.147.69 port 8516 [preauth]","@timestamp":"2022-09-12T18:47:39.260Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:51:20 honeypot-fra-1 sshd[4016]: Connection closed by 103.231.214.252 port 41087 [preauth]","@timestamp":"2022-09-12T18:51:21.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:54:28 honeypot-fra-1 sshd[4022]: Connection closed by 103.231.214.252 port 53755 [preauth]","@timestamp":"2022-09-12T18:54:29.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:00:45 honeypot-fra-1 sshd[4033]: Connection closed by 103.231.214.252 port 33385 [preauth]","@timestamp":"2022-09-12T19:00:45.317Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:02:04 honeypot-ams-1 kernel: [83885908.489718] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48247 PROTO=TCP SPT=48949 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:02:04.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:03:53 honeypot-fra-1 sshd[4040]: Connection closed by 103.231.214.252 port 20498 [preauth]","@timestamp":"2022-09-12T19:03:53.389Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:04:02.095Z","@version":"1","message":"Sep 12 19:04:01 honeypot-sgp-1 kernel: [83885552.878796] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=81 TOS=0x00 PREC=0x00 TTL=241 ID=23832 DF PROTO=TCP SPT=8144 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:06:25.154Z","@version":"1","message":"Sep 12 19:06:25 honeypot-sgp-1 sshd[8871]: Disconnected from authenticating user root 146.59.45.211 port 44454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:06:51 honeypot-ams-1 sshd[13540]: Disconnected from authenticating user root 115.68.248.184 port 37154 [preauth]","@timestamp":"2022-09-12T19:06:51.750Z"}
{"@timestamp":"2022-09-12T19:08:10.198Z","@version":"1","message":"Sep 12 19:08:09 honeypot-sgp-1 sshd[8875]: Received disconnect from 165.227.204.174 port 49056:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:08:35 honeypot-fra-1 sshd[4049]: Connection closed by 103.231.214.252 port 10225 [preauth]","@timestamp":"2022-09-12T19:08:36.498Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:09:50.240Z","@version":"1","message":"Sep 12 19:09:50 honeypot-sgp-1 sshd[8879]: Disconnected from authenticating user sync 104.248.199.34 port 50100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:10:10 honeypot-fra-1 sshd[4055]: Connection closed by 103.231.214.252 port 44058 [preauth]","@timestamp":"2022-09-12T19:10:10.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:10:39 honeypot-ams-1 sshd[13544]: Disconnected from 68.183.25.156 port 44868 [preauth]","@timestamp":"2022-09-12T19:10:39.853Z"}
{"@timestamp":"2022-09-12T19:12:45.311Z","@version":"1","message":"Sep 12 19:12:44 honeypot-sgp-1 sshd[8886]: Did not receive identification string from 218.57.73.174 port 35774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:13:18 honeypot-fra-1 sshd[4063]: Connection closed by 103.231.214.252 port 61502 [preauth]","@timestamp":"2022-09-12T19:13:18.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:16:21 honeypot-fra-1 sshd[4070]: Connection closed by invalid user user1 103.188.176.251 port 56238 [preauth]","@timestamp":"2022-09-12T19:16:22.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:17:01 honeypot-ams-1 CRON[13551]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T19:17:02.016Z"}
{"@timestamp":"2022-09-12T19:17:13.419Z","@version":"1","message":"Sep 12 19:17:13 honeypot-sgp-1 sshd[8892]: Received disconnect from 188.166.153.99 port 60148:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:18:41 honeypot-fra-1 sshd[4079]: Connection closed by invalid user user 193.106.191.157 port 33208 [preauth]","@timestamp":"2022-09-12T19:18:41.730Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:19:55.485Z","@version":"1","message":"Sep 12 19:19:54 honeypot-sgp-1 sshd[8899]: Connection closed by invalid user User 179.60.147.69 port 14176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:22:41 honeypot-fra-1 sshd[4088]: Connection closed by 103.231.214.252 port 41774 [preauth]","@timestamp":"2022-09-12T19:22:41.824Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:24:39.602Z","@version":"1","message":"Sep 12 19:24:39 honeypot-sgp-1 sshd[8913]: Disconnected from authenticating user root 92.255.85.69 port 22116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:26:29 honeypot-fra-1 sshd[4095]: Received disconnect from 91.240.118.222 port 7584:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-12T19:26:29.912Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:26:36 honeypot-ams-1 sshd[13559]: Invalid user user from 193.106.191.157 port 43240","@timestamp":"2022-09-12T19:26:37.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:27:54 honeypot-fra-1 sshd[4101]: Invalid user kiran from 165.22.45.108 port 36428","@timestamp":"2022-09-12T19:27:54.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:32:41 honeypot-fra-1 sshd[4110]: Invalid user User from 179.60.147.69 port 62404","@timestamp":"2022-09-12T19:32:42.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:33:56 honeypot-ams-1 kernel: [83887820.942318] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=69.164.209.47 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59754 PROTO=TCP SPT=44948 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:33:57.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:38:22 honeypot-fra-1 sshd[4119]: Connection closed by 103.231.214.252 port 44277 [preauth]","@timestamp":"2022-09-12T19:38:23.188Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:39:41.948Z","@version":"1","message":"Sep 12 19:39:41 honeypot-sgp-1 sshd[8924]: Connection closed by invalid user user1 103.188.176.251 port 36900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:43:46.045Z","@version":"1","message":"Sep 12 19:43:45 honeypot-sgp-1 sshd[8927]: Received disconnect from 197.248.2.229 port 39510:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:44:30 honeypot-fra-1 sshd[4130]: ssh_dispatch_run_fatal: Connection from 136.52.13.251 port 51593: Connection corrupted [preauth]","@timestamp":"2022-09-12T19:44:30.327Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:48:52 honeypot-ams-1 kernel: [83888717.247711] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=6893 DF PROTO=TCP SPT=64200 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T19:48:52.853Z"}
{"@timestamp":"2022-09-12T19:49:03.171Z","@version":"1","message":"Sep 12 19:49:03 honeypot-sgp-1 sshd[8934]: Received disconnect from 156.67.219.143 port 41832:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:49:20 honeypot-fra-1 sshd[4218]: Connection closed by 103.231.214.252 port 46066 [preauth]","@timestamp":"2022-09-12T19:49:21.440Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:52:38 honeypot-ams-1 sshd[13573]: Received disconnect from 92.255.85.70 port 38076:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:52:38.953Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:52:53 honeypot-fra-1 kernel: [83886799.534072] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.152.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=37839 PROTO=TCP SPT=16403 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:52:54.523Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T19:55:36.327Z","@version":"1","message":"Sep 12 19:55:36 honeypot-sgp-1 sshd[8939]: Received disconnect from 143.244.162.174 port 48026:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:55:36 honeypot-fra-1 sshd[4232]: Connection closed by 103.231.214.252 port 56648 [preauth]","@timestamp":"2022-09-12T19:55:37.588Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:59:04 honeypot-ams-1 sshd[13576]: Received disconnect from 161.97.81.82 port 34072:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:59:05.121Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:15 honeypot-fra-1 sshd[4239]: Received disconnect from 141.255.162.226 port 51564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T19:59:15.674Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:16 honeypot-fra-1 sshd[4243]: Received disconnect from 141.255.162.226 port 43984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T19:59:17.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:20 honeypot-fra-1 sshd[4247]: Received disconnect from 141.255.162.226 port 57768:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T19:59:21.678Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:00:05.433Z","@version":"1","message":"Sep 12 20:00:04 honeypot-sgp-1 kernel: [83888915.917844] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56510 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:01:52 honeypot-fra-1 sshd[4254]: Connection closed by 103.231.214.252 port 58908 [preauth]","@timestamp":"2022-09-12T20:01:52.736Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:02:03 honeypot-ams-1 sshd[13581]: Received disconnect from 103.189.234.107 port 51452:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:02:04.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:05:00 honeypot-fra-1 sshd[4260]: Connection closed by 103.231.214.252 port 16574 [preauth]","@timestamp":"2022-09-12T20:05:00.807Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:05:06 honeypot-ams-1 kernel: [83889691.012306] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.57 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=55178 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:05:07.282Z"}
{"@timestamp":"2022-09-12T20:06:22.585Z","@version":"1","message":"Sep 12 20:06:21 honeypot-sgp-1 sshd[8950]: Received disconnect from 134.209.153.189 port 43710:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:08:26.637Z","@version":"1","message":"Sep 12 20:08:26 honeypot-sgp-1 sshd[8957]: Received disconnect from 164.155.77.123 port 40778:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:09:25 honeypot-fra-1 sshd[4269]: Connection closed by invalid user User 179.60.147.69 port 45448 [preauth]","@timestamp":"2022-09-12T20:09:26.912Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:11:25 honeypot-ams-1 kernel: [83890069.893841] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=73.57.60.247 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=27895 DF PROTO=TCP SPT=49579 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:11:25.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:12:07 honeypot-fra-1 sshd[4275]: Disconnected from authenticating user root 92.255.85.70 port 41000 [preauth]","@timestamp":"2022-09-12T20:12:07.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:12:14.730Z","@version":"1","message":"Sep 12 20:12:13 honeypot-sgp-1 sshd[8963]: Invalid user vicenzig from 81.250.204.52 port 50878","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:17:32 honeypot-fra-1 sshd[4287]: Connection closed by 103.231.214.252 port 16369 [preauth]","@timestamp":"2022-09-12T20:17:33.099Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:17:37 honeypot-ams-1 sshd[13593]: Received disconnect from 210.196.250.246 port 46270:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:17:38.653Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:20:40 honeypot-fra-1 sshd[4294]: Connection closed by 103.231.214.252 port 29037 [preauth]","@timestamp":"2022-09-12T20:20:41.172Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:22:39 honeypot-ams-1 sshd[13600]: Invalid user guest from 190.144.232.142 port 44872","@timestamp":"2022-09-12T20:22:39.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:25:22 honeypot-fra-1 sshd[4304]: Connection closed by 103.231.214.252 port 13874 [preauth]","@timestamp":"2022-09-12T20:25:23.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:27:03 honeypot-fra-1 sshd[4310]: Disconnected from authenticating user root 190.18.110.53 port 36758 [preauth]","@timestamp":"2022-09-12T20:27:04.320Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:30:24.158Z","@version":"1","message":"Sep 12 20:30:23 honeypot-sgp-1 sshd[8970]: Invalid user admin from 144.34.212.207 port 45856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:31:28.185Z","@version":"1","message":"Sep 12 20:31:27 honeypot-sgp-1 sshd[8974]: Invalid user informix from 138.68.2.22 port 42324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:13.206Z","@version":"1","message":"Sep 12 20:32:12 honeypot-sgp-1 sshd[8978]: Connection closed by invalid user User 179.60.147.69 port 7060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:32.213Z","@version":"1","message":"Sep 12 20:32:31 honeypot-sgp-1 sshd[8983]: Disconnected from invalid user user 141.255.162.226 port 40804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:34.215Z","@version":"1","message":"Sep 12 20:32:33 honeypot-sgp-1 sshd[8987]: Disconnected from invalid user user 141.255.162.226 port 34612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:32:35 honeypot-fra-1 sshd[4322]: Received disconnect from 24.135.138.224 port 54508:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:32:35.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:32:37.239Z","@version":"1","message":"Sep 12 20:32:36 honeypot-sgp-1 sshd[8991]: Disconnected from invalid user user 141.255.162.226 port 37378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:33:07.254Z","@version":"1","message":"Sep 12 20:33:06 honeypot-sgp-1 sshd[8995]: Disconnected from invalid user postgres 139.59.233.124 port 37042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:33:17 honeypot-ams-1 sshd[13603]: Received disconnect from 144.24.214.117 port 44452:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:33:18.069Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:35:19 honeypot-fra-1 sshd[4330]: Received disconnect from 92.255.85.70 port 41060:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:35:19.515Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:36:14.330Z","@version":"1","message":"Sep 12 20:36:14 honeypot-sgp-1 sshd[9000]: Received disconnect from 165.227.25.154 port 56536:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:38:12 honeypot-fra-1 kernel: [83889518.815527] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=112.206.122.108 DST=165.22.82.222 LEN=552 TOS=0x00 PREC=0x00 TTL=247 ID=48764 PROTO=TCP SPT=29847 DPT=443 WINDOW=18701 RES=0x08 ACK PSH FIN URGP=39455 ","@timestamp":"2022-09-12T20:38:13.585Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:38:20 honeypot-ams-1 sshd[13610]: Received disconnect from 92.255.85.70 port 31582:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:38:21.200Z"}
{"@timestamp":"2022-09-12T20:38:56.397Z","@version":"1","message":"Sep 12 20:38:55 honeypot-sgp-1 sshd[9005]: Invalid user user from 141.255.162.226 port 58024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:38:57.399Z","@version":"1","message":"Sep 12 20:38:57 honeypot-sgp-1 sshd[9009]: Invalid user user from 141.255.162.226 port 43286","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:39:01.401Z","@version":"1","message":"Sep 12 20:39:00 honeypot-sgp-1 sshd[9013]: Invalid user user from 141.255.162.226 port 56786","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:39:01 honeypot-ams-1 sshd[13614]: Invalid user be from 138.68.178.64 port 42516","@timestamp":"2022-09-12T20:39:02.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:40:43 honeypot-ams-1 sshd[13619]: Invalid user wjc from 31.220.17.116 port 39096","@timestamp":"2022-09-12T20:40:44.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:40:54 honeypot-fra-1 sshd[4341]: Disconnected from invalid user kitkat 165.22.45.108 port 46072 [preauth]","@timestamp":"2022-09-12T20:40:54.646Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:43:08 honeypot-ams-1 kernel: [83891972.888614] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=6589 PROTO=TCP SPT=58738 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:43:09.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:45:45 honeypot-fra-1 sshd[4352]: Connection closed by 103.231.214.252 port 27036 [preauth]","@timestamp":"2022-09-12T20:45:45.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:48:51 honeypot-fra-1 sshd[4360]: Disconnected from invalid user www 36.91.38.31 port 39694 [preauth]","@timestamp":"2022-09-12T20:48:51.829Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:51:15.683Z","@version":"1","message":"Sep 12 20:51:14 honeypot-sgp-1 sshd[9018]: Disconnected from authenticating user root 89.190.84.6 port 59718 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:53:57 honeypot-fra-1 sshd[4371]: Connection closed by 103.231.214.252 port 19179 [preauth]","@timestamp":"2022-09-12T20:53:57.947Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:54:37 honeypot-ams-1 sshd[13631]: Received disconnect from 157.230.234.93 port 40462:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:54:37.621Z"}
{"@timestamp":"2022-09-12T20:55:58.797Z","@version":"1","message":"Sep 12 20:55:57 honeypot-sgp-1 sshd[9020]: Received disconnect from 92.255.85.70 port 22760:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:57:05 honeypot-ams-1 sshd[13635]: Disconnected from invalid user project 202.53.175.36 port 32964 [preauth]","@timestamp":"2022-09-12T20:57:05.685Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:57:15 honeypot-fra-1 sshd[4375]: Connection closed by 103.231.214.252 port 14616 [preauth]","@timestamp":"2022-09-12T20:57:16.026Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:02 honeypot-ams-1 sshd[13641]: Received disconnect from 193.142.146.50 port 38050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:58:02.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:29 honeypot-ams-1 sshd[13647]: Invalid user test from 160.120.130.101 port 13358","@timestamp":"2022-09-12T20:58:29.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:58:52 honeypot-fra-1 kernel: [83890758.044433] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=53552 DF PROTO=TCP SPT=33170 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:58:53.068Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T20:59:10.876Z","@version":"1","message":"Sep 12 20:59:10 honeypot-sgp-1 sshd[9023]: Disconnected from invalid user sshvpn 161.35.125.167 port 39060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:59:38 honeypot-ams-1 sshd[13651]: Received disconnect from 193.142.146.50 port 38642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:59:38.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:21 honeypot-ams-1 sshd[13657]: Received disconnect from 193.142.146.50 port 50290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:00:21.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:53 honeypot-ams-1 sshd[13661]: Disconnected from invalid user test 193.142.146.50 port 39234 [preauth]","@timestamp":"2022-09-12T21:00:53.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:01:56 honeypot-ams-1 sshd[13667]: Invalid user ansible from 193.142.146.50 port 50876","@timestamp":"2022-09-12T21:01:56.830Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:02:03 honeypot-fra-1 sshd[4386]: Connection closed by 103.231.214.252 port 20145 [preauth]","@timestamp":"2022-09-12T21:02:04.141Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:27 honeypot-ams-1 sshd[13671]: Invalid user ansible from 193.142.146.50 port 39820","@timestamp":"2022-09-12T21:02:28.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:03:04 honeypot-ams-1 sshd[13676]: Received disconnect from 193.142.146.50 port 56996:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:03:04.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:03:45 honeypot-ams-1 sshd[13680]: Disconnected from invalid user oracle 193.142.146.50 port 45940 [preauth]","@timestamp":"2022-09-12T21:03:45.884Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:04:21 honeypot-ams-1 kernel: [83893245.935799] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=26341 DF PROTO=TCP SPT=53680 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:04:21.902Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:04:43 honeypot-ams-1 kernel: [83893268.230035] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=1830 DF PROTO=TCP SPT=42004 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:04:43.914Z"}
{"@timestamp":"2022-09-12T21:05:29.025Z","@version":"1","message":"Sep 12 21:05:28 honeypot-sgp-1 sshd[9029]: Invalid user su from 209.141.59.131 port 60420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:05:32 honeypot-ams-1 sshd[13692]: Received disconnect from 193.142.146.50 port 41002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:05:32.939Z"}
{"@timestamp":"2022-09-12T21:07:11.066Z","@version":"1","message":"Sep 12 21:07:10 honeypot-sgp-1 sshd[9033]: Invalid user oracle from 14.224.169.32 port 56260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:07:46 honeypot-fra-1 sshd[4395]: Received disconnect from 150.136.65.184 port 40478:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:07:47.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:11:27 honeypot-fra-1 sshd[4404]: Connection closed by 103.231.214.252 port 63192 [preauth]","@timestamp":"2022-09-12T21:11:28.377Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:14:06 honeypot-ams-1 sshd[13699]: Invalid user scan from 91.240.118.222 port 47168","@timestamp":"2022-09-12T21:14:07.166Z"}
{"@timestamp":"2022-09-12T21:15:16.251Z","@version":"1","message":"Sep 12 21:15:15 honeypot-sgp-1 kernel: [83893426.274480] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=42648 PROTO=TCP SPT=56403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:17:01 honeypot-fra-1 CRON[4413]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T21:17:01.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:19:57 honeypot-fra-1 sshd[4422]: Received disconnect from 165.22.45.108 port 50972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:19:57.574Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:20 honeypot-ams-1 sshd[13706]: Invalid user user from 45.61.186.169 port 46692","@timestamp":"2022-09-12T21:22:20.377Z"}
{"@timestamp":"2022-09-12T21:22:36.423Z","@version":"1","message":"Sep 12 21:22:35 honeypot-sgp-1 kernel: [83893866.784275] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=30478 PROTO=TCP SPT=58889 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:37 honeypot-ams-1 sshd[13710]: Invalid user user from 45.61.186.169 port 41026","@timestamp":"2022-09-12T21:22:38.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:54 honeypot-ams-1 sshd[13714]: Invalid user user from 45.61.186.169 port 35362","@timestamp":"2022-09-12T21:22:55.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:11 honeypot-ams-1 sshd[13719]: Invalid user user from 45.61.186.169 port 57920","@timestamp":"2022-09-12T21:23:12.405Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:17 honeypot-ams-1 sshd[13721]: Disconnected from invalid user zhanghua 202.74.243.26 port 12541 [preauth]","@timestamp":"2022-09-12T21:23:17.408Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:23:59 honeypot-fra-1 sshd[4432]: Connection closed by 103.231.214.252 port 36537 [preauth]","@timestamp":"2022-09-12T21:24:00.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:30:56 honeypot-ams-1 kernel: [83894841.073281] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=4344 DF PROTO=TCP SPT=59108 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T21:30:57.602Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:31:50 honeypot-fra-1 sshd[4443]: Connection closed by 103.231.214.252 port 64211 [preauth]","@timestamp":"2022-09-12T21:31:50.847Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:38:39.789Z","@version":"1","message":"Sep 12 21:38:39 honeypot-sgp-1 sshd[9047]: Connection closed by invalid user User 179.60.147.69 port 13570 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:41:24 honeypot-ams-1 sshd[13728]: Connection closed by invalid user User 179.60.147.69 port 47440 [preauth]","@timestamp":"2022-09-12T21:41:24.869Z"}
{"@timestamp":"2022-09-12T21:42:20.877Z","@version":"1","message":"Sep 12 21:42:20 honeypot-sgp-1 sshd[9052]: Received disconnect from 92.255.85.69 port 30626:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:38.885Z","@version":"1","message":"Sep 12 21:42:37 honeypot-sgp-1 sshd[9057]: Invalid user user from 198.98.61.9 port 36672","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:52.892Z","@version":"1","message":"Sep 12 21:42:52 honeypot-sgp-1 sshd[9061]: Invalid user user from 198.98.61.9 port 59022","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:43:07.899Z","@version":"1","message":"Sep 12 21:43:06 honeypot-sgp-1 sshd[9065]: Invalid user user from 198.98.61.9 port 53162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:43:18 honeypot-ams-1 kernel: [83895583.255398] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.222.159.245 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=15533 PROTO=TCP SPT=52391 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:43:18.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:45:34 honeypot-fra-1 sshd[4459]: Received disconnect from 92.255.85.70 port 49448:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:45:35.154Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:46:11 honeypot-ams-1 kernel: [83895755.931144] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.29.127.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=33561 PROTO=TCP SPT=38791 DPT=80 WINDOW=227 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:46:11.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:48:19 honeypot-ams-1 sshd[13743]: Received disconnect from 92.255.85.70 port 16440:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:48:20.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:51:23 honeypot-fra-1 sshd[4466]: Invalid user test from 193.106.191.157 port 45418","@timestamp":"2022-09-12T21:51:24.285Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:51:45.122Z","@version":"1","message":"Sep 12 21:51:44 honeypot-sgp-1 sshd[9070]: Received disconnect from 115.68.219.249 port 36936:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:54:53 honeypot-ams-1 sshd[13746]: Disconnected from 159.223.172.195 port 37068 [preauth]","@timestamp":"2022-09-12T21:54:53.225Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:57:13 honeypot-ams-1 sshd[13750]: Received disconnect from 37.110.25.185 port 55058:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:57:14.319Z"}
{"@timestamp":"2022-09-12T21:57:59.266Z","@version":"1","message":"Sep 12 21:57:58 honeypot-sgp-1 sshd[9152]: Received disconnect from 206.81.0.243 port 42850:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:13 honeypot-fra-1 sshd[4469]: Did not receive identification string from 45.61.186.169 port 55328","@timestamp":"2022-09-12T21:59:14.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:31 honeypot-fra-1 sshd[4472]: Disconnected from invalid user user 45.61.186.169 port 58210 [preauth]","@timestamp":"2022-09-12T21:59:32.485Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:59:34 honeypot-ams-1 sshd[13755]: Connection closed by invalid user test 193.106.191.157 port 58202 [preauth]","@timestamp":"2022-09-12T21:59:34.382Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:49 honeypot-fra-1 sshd[4478]: Disconnected from invalid user user 45.61.186.169 port 54070 [preauth]","@timestamp":"2022-09-12T21:59:50.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:08 honeypot-fra-1 sshd[4482]: Received disconnect from 45.61.186.169 port 49950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:00:08.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:23 honeypot-fra-1 sshd[4486]: Received disconnect from 165.22.45.108 port 55890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:00:24.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:06:08.458Z","@version":"1","message":"Sep 12 22:06:07 honeypot-sgp-1 sshd[9159]: Received disconnect from 92.255.85.70 port 59634:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:06:29 honeypot-fra-1 sshd[4491]: Invalid user yd from 40.89.190.3 port 1024","@timestamp":"2022-09-12T22:06:29.646Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:07:59 honeypot-ams-1 kernel: [83897063.403070] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=59384 DF PROTO=TCP SPT=52338 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T22:07:59.594Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:08:45 honeypot-fra-1 sshd[4495]: Disconnected from authenticating user root 111.67.197.106 port 33688 [preauth]","@timestamp":"2022-09-12T22:08:45.697Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:09:53.546Z","@version":"1","message":"Sep 12 22:09:53 honeypot-sgp-1 kernel: [83896704.439686] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=25284 DF PROTO=TCP SPT=53295 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:09:58 honeypot-ams-1 sshd[13767]: Received disconnect from 114.206.23.151 port 59614:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:09:59.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:04 honeypot-fra-1 sshd[4501]: Received disconnect from 141.255.162.226 port 51088:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:12:04.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:06 honeypot-fra-1 sshd[4505]: Received disconnect from 141.255.162.226 port 43070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:12:06.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:09 honeypot-fra-1 sshd[4509]: Received disconnect from 141.255.162.226 port 56518:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:12:09.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:12 honeypot-fra-1 sshd[4513]: Received disconnect from 141.255.162.226 port 36314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:12:12.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:12:54 honeypot-ams-1 kernel: [83897359.104380] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=190.225.238.193 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=15533 PROTO=TCP SPT=45260 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:12:55.730Z"}
{"@timestamp":"2022-09-12T22:15:13.674Z","@version":"1","message":"Sep 12 22:15:13 honeypot-sgp-1 kernel: [83897024.056302] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=69.164.222.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=9647 PROTO=TCP SPT=44944 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:17:01 honeypot-ams-1 CRON[13776]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T22:17:01.857Z"}
{"@timestamp":"2022-09-12T22:19:59.787Z","@version":"1","message":"Sep 12 22:19:59 honeypot-sgp-1 sshd[9174]: Received disconnect from 198.98.61.9 port 60888:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:16.796Z","@version":"1","message":"Sep 12 22:20:16 honeypot-sgp-1 sshd[9179]: Received disconnect from 198.98.61.9 port 55062:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:33.805Z","@version":"1","message":"Sep 12 22:20:33 honeypot-sgp-1 sshd[9184]: Received disconnect from 198.98.61.9 port 49224:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:49.812Z","@version":"1","message":"Sep 12 22:20:49 honeypot-sgp-1 sshd[9188]: Received disconnect from 198.98.61.9 port 43396:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:22:04 honeypot-fra-1 kernel: [83895749.780320] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.74.61.220 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57490 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:22:04.998Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:28:29 honeypot-ams-1 sshd[13787]: Disconnected from authenticating user root 61.177.172.108 port 56042 [preauth]","@timestamp":"2022-09-12T22:28:30.160Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:29:08 honeypot-fra-1 sshd[4528]: Invalid user recruit from 149.56.22.235 port 60210","@timestamp":"2022-09-12T22:29:09.158Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:35:42 honeypot-ams-1 sshd[13796]: Received disconnect from 179.157.7.171 port 47320:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:35:43.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:21 honeypot-ams-1 sshd[13803]: Disconnected from authenticating user list 2.139.220.58 port 58358 [preauth]","@timestamp":"2022-09-12T22:36:22.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:39 honeypot-ams-1 sshd[13805]: Disconnected from invalid user user 45.61.186.249 port 47132 [preauth]","@timestamp":"2022-09-12T22:36:40.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:59 honeypot-ams-1 sshd[13809]: Disconnected from invalid user user 45.61.186.249 port 42162 [preauth]","@timestamp":"2022-09-12T22:36:59.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:17 honeypot-ams-1 sshd[13813]: Disconnected from invalid user user 45.61.186.249 port 37196 [preauth]","@timestamp":"2022-09-12T22:37:17.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:33 honeypot-ams-1 sshd[13817]: Disconnected from invalid user user 45.61.186.249 port 60462 [preauth]","@timestamp":"2022-09-12T22:37:34.404Z"}
{"@timestamp":"2022-09-12T22:37:56.211Z","@version":"1","message":"Sep 12 22:37:55 honeypot-sgp-1 kernel: [83898386.899419] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.208.197 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=59340 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:38:36 honeypot-fra-1 sshd[4533]: Disconnected from authenticating user root 180.69.254.177 port 52315 [preauth]","@timestamp":"2022-09-12T22:38:37.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:38:54 honeypot-ams-1 sshd[13822]: Invalid user user from 45.61.186.169 port 59892","@timestamp":"2022-09-12T22:38:54.443Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:12 honeypot-ams-1 sshd[13826]: Invalid user user from 45.61.186.169 port 54850","@timestamp":"2022-09-12T22:39:13.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:30 honeypot-ams-1 sshd[13830]: Invalid user user from 45.61.186.169 port 49810","@timestamp":"2022-09-12T22:39:31.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:47 honeypot-ams-1 sshd[13835]: Invalid user user from 45.61.186.169 port 44776","@timestamp":"2022-09-12T22:39:47.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:40:57 honeypot-ams-1 sshd[13839]: Received disconnect from 157.230.45.177 port 43138:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:40:58.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:41:33 honeypot-ams-1 sshd[13843]: Received disconnect from 40.114.69.14 port 56404:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:41:34.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:43:25 honeypot-ams-1 sshd[13847]: Received disconnect from 61.177.173.48 port 42783:11:  [preauth]","@timestamp":"2022-09-12T22:43:25.571Z"}
{"@timestamp":"2022-09-12T22:43:42.348Z","@version":"1","message":"Sep 12 22:43:41 honeypot-sgp-1 sshd[9198]: Invalid user loan from 137.116.144.39 port 43944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:47:39 honeypot-ams-1 sshd[13854]: Connection closed by invalid user User 179.60.147.69 port 21638 [preauth]","@timestamp":"2022-09-12T22:47:39.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:51:47 honeypot-fra-1 kernel: [83897532.646751] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=50990 PROTO=TCP SPT=40115 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:51:47.661Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T22:52:36.555Z","@version":"1","message":"Sep 12 22:52:36 honeypot-sgp-1 sshd[9203]: Disconnected from authenticating user root 92.255.85.70 port 52256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:56:28 honeypot-fra-1 sshd[4543]: Connection closed by invalid user User 179.60.147.69 port 10124 [preauth]","@timestamp":"2022-09-12T22:56:28.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:58:17.689Z","@version":"1","message":"Sep 12 22:58:17 honeypot-sgp-1 kernel: [83899608.090101] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49692 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:59:10 honeypot-ams-1 sshd[13864]: Received disconnect from 61.177.172.108 port 49034:11:  [preauth]","@timestamp":"2022-09-12T22:59:10.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:24 honeypot-ams-1 sshd[13868]: Invalid user user from 141.255.162.226 port 36316","@timestamp":"2022-09-12T23:04:25.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:27 honeypot-ams-1 sshd[13872]: Invalid user user from 141.255.162.226 port 49708","@timestamp":"2022-09-12T23:04:28.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:31 honeypot-ams-1 sshd[13876]: Invalid user user from 141.255.162.226 port 34876","@timestamp":"2022-09-12T23:04:32.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:05:05 honeypot-ams-1 sshd[13880]: Received disconnect from 50.208.237.91 port 37792:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:05:06.142Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:06:41 honeypot-fra-1 sshd[4548]: Connection closed by invalid user Admin 193.106.191.157 port 51318 [preauth]","@timestamp":"2022-09-12T23:06:41.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4554]: Invalid user testuser from 114.116.221.4 port 58488","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4554]: Connection closed by invalid user testuser 114.116.221.4 port 58488 [preauth]","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:14 honeypot-fra-1 sshd[4575]: Connection closed by invalid user oracle 114.116.221.4 port 58474 [preauth]","@timestamp":"2022-09-12T23:09:15.057Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:09:57 honeypot-ams-1 sshd[13887]: Received disconnect from 61.177.173.36 port 52766:11:  [preauth]","@timestamp":"2022-09-12T23:09:58.270Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:14:46 honeypot-fra-1 sshd[4582]: Received disconnect from 177.37.164.118 port 42629:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:14:47.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:06 honeypot-ams-1 sshd[13893]: Disconnected from authenticating user root 61.177.172.104 port 29633 [preauth]","@timestamp":"2022-09-12T23:15:07.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:33 honeypot-ams-1 sshd[13897]: Disconnected from invalid user user 45.61.184.204 port 42800 [preauth]","@timestamp":"2022-09-12T23:15:33.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:54 honeypot-ams-1 sshd[13901]: Disconnected from invalid user user 45.61.184.204 port 40324 [preauth]","@timestamp":"2022-09-12T23:15:55.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:14 honeypot-ams-1 sshd[13905]: Disconnected from invalid user user 45.61.184.204 port 37872 [preauth]","@timestamp":"2022-09-12T23:16:14.439Z"}
{"@timestamp":"2022-09-12T23:17:02.135Z","@version":"1","message":"Sep 12 23:17:01 honeypot-sgp-1 CRON[9214]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:17:13 honeypot-ams-1 sshd[13912]: Received disconnect from 64.227.180.226 port 39488:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:17:14.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:17:39 honeypot-fra-1 kernel: [83899085.047148] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.143.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45555 PROTO=TCP SPT=44943 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:17:40.248Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T23:20:18.214Z","@version":"1","message":"Sep 12 23:20:17 honeypot-sgp-1 sshd[9219]: Disconnected from invalid user pr 139.59.28.53 port 40444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:21:17 honeypot-fra-1 kernel: [83899302.893150] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=24522 PROTO=TCP SPT=40612 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:21:18.331Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:22:42 honeypot-ams-1 sshd[13917]: Invalid user User from 179.60.147.69 port 55892","@timestamp":"2022-09-12T23:22:42.615Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:25:50 honeypot-ams-1 kernel: [83901735.090927] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=50050 PROTO=TCP SPT=45039 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:25:51.700Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:27:00 honeypot-fra-1 sshd[4593]: Connection closed by invalid user ubnt 179.60.147.69 port 16648 [preauth]","@timestamp":"2022-09-12T23:27:01.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:27:35.386Z","@version":"1","message":"Sep 12 23:27:34 honeypot-sgp-1 kernel: [83901365.560280] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.55.210 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=42905 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:28:59 honeypot-fra-1 kernel: [83899764.474341] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=723 PROTO=TCP SPT=45133 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:28:59.512Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:29:43 honeypot-ams-1 sshd[13931]: Disconnected from authenticating user root 61.177.172.108 port 40354 [preauth]","@timestamp":"2022-09-12T23:29:43.802Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:33:46 honeypot-fra-1 sshd[4602]: Received disconnect from 167.114.67.95 port 41402:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:33:46.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:33:49 honeypot-ams-1 sshd[13938]: Received disconnect from 160.119.69.41 port 44858:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:33:49.910Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:40:24 honeypot-fra-1 sshd[4608]: Invalid user ubuntu from 159.89.194.103 port 48680","@timestamp":"2022-09-12T23:40:24.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:41:17 honeypot-fra-1 sshd[4613]: Invalid user admin from 185.17.229.65 port 2728","@timestamp":"2022-09-12T23:41:17.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:42:03 honeypot-ams-1 kernel: [83902707.494452] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.191.79.210 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=21331 PROTO=TCP SPT=3733 DPT=80 WINDOW=5086 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:42:04.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:30 honeypot-ams-1 sshd[13952]: Received disconnect from 45.61.186.169 port 44314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:43:31.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:48 honeypot-ams-1 sshd[13956]: Received disconnect from 45.61.186.169 port 39432:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:43:49.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:05 honeypot-ams-1 sshd[13960]: Received disconnect from 45.61.186.169 port 34554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:44:06.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:13 honeypot-ams-1 sshd[13964]: Disconnected from invalid user user 45.61.186.169 port 46226 [preauth]","@timestamp":"2022-09-12T23:44:14.187Z"}
{"@timestamp":"2022-09-12T23:45:43.828Z","@version":"1","message":"Sep 12 23:45:43 honeypot-sgp-1 sshd[9233]: Disconnected from authenticating user root 204.48.30.77 port 58018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:46:18 honeypot-ams-1 sshd[13969]: Disconnected from authenticating user root 177.129.4.35 port 46602 [preauth]","@timestamp":"2022-09-12T23:46:19.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:47:49 honeypot-fra-1 sshd[4619]: Invalid user test2 from 142.93.211.192 port 39116","@timestamp":"2022-09-12T23:47:49.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:10 honeypot-fra-1 sshd[4623]: Connection closed by invalid user admin 159.203.178.0 port 50728 [preauth]","@timestamp":"2022-09-12T23:49:10.970Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:49:44 honeypot-ams-1 kernel: [83903168.419560] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=57931 DF PROTO=TCP SPT=53609 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T23:49:44.336Z"}
{"@timestamp":"2022-09-12T23:51:07.956Z","@version":"1","message":"Sep 12 23:51:07 honeypot-sgp-1 sshd[9240]: Received disconnect from 49.0.129.25 port 42848:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:53:46 honeypot-fra-1 kernel: [83901251.663121] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.9.168.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=64867 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:53:47.075Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T23:54:45.042Z","@version":"1","message":"Sep 12 23:54:44 honeypot-sgp-1 sshd[9244]: Disconnected from authenticating user root 186.96.22.59 port 48242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:57:18 honeypot-ams-1 kernel: [83903622.675614] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.55.210 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=44292 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:57:18.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:03:32 honeypot-ams-1 sshd[13987]: Disconnected from authenticating user root 61.177.173.47 port 25684 [preauth]","@timestamp":"2022-09-13T00:03:32.703Z"}
{"@timestamp":"2022-09-13T00:05:28.319Z","@version":"1","message":"Sep 13 00:05:28 honeypot-sgp-1 sshd[9251]: Connection closed by invalid user admin 128.199.160.207 port 47576 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:05:38 honeypot-fra-1 sshd[4639]: Received disconnect from 92.255.85.70 port 34044:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:05:38.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:17:01 honeypot-fra-1 CRON[27549]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T19:17:01.405Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:17:01 honeypot-ams-1 CRON[4675]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T19:17:01.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:37 honeypot-ams-1 sshd[4685]: Received disconnect from 92.255.85.70 port 22150:11: Bye Bye [preauth]","@timestamp":"2022-09-09T19:24:37.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:41 honeypot-ams-1 sshd[4689]: Received disconnect from 141.255.162.226 port 52556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:24:41.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:44 honeypot-ams-1 sshd[4693]: Received disconnect from 141.255.162.226 port 46874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:24:45.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:46 honeypot-ams-1 sshd[4697]: Received disconnect from 141.255.162.226 port 54402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:24:47.705Z"}
{"@timestamp":"2022-09-09T19:25:59.202Z","@version":"1","message":"Sep  9 19:25:58 honeypot-sgp-1 kernel: [83627673.819202] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.191.91 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=26136 PROTO=TCP SPT=57945 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:26:02 honeypot-ams-1 sshd[4701]: Disconnected from authenticating user root 61.177.173.39 port 28761 [preauth]","@timestamp":"2022-09-09T19:26:02.738Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:32:11 honeypot-fra-1 kernel: [83626367.763141] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=47342 PROTO=TCP SPT=53080 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:32:12.751Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 19:35:06 honeypot-ams-1 kernel: [83628693.351454] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=20781 PROTO=TCP SPT=51061 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:35:06.975Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:39:25 honeypot-fra-1 kernel: [83626801.193410] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.163.148.53 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=42390 PROTO=TCP SPT=52364 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:39:25.934Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T19:42:24.599Z","@version":"1","message":"Sep  9 19:42:24 honeypot-sgp-1 sshd[1167]: Invalid user craig from 218.25.130.220 port 13539","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:43:51 honeypot-fra-1 sshd[27565]: Received disconnect from 92.119.231.13 port 60606:11: Bye Bye [preauth]","@timestamp":"2022-09-09T19:43:52.031Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:46:12 honeypot-fra-1 sshd[27571]: Received disconnect from 207.154.205.115 port 39194:11: Bye Bye [preauth]","@timestamp":"2022-09-09T19:46:13.083Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:46:35 honeypot-ams-1 sshd[4716]: Received disconnect from 92.255.85.70 port 42390:11: Bye Bye [preauth]","@timestamp":"2022-09-09T19:46:36.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:55:00 honeypot-ams-1 sshd[4724]: Disconnected from authenticating user root 61.177.172.104 port 17686 [preauth]","@timestamp":"2022-09-09T19:55:00.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:55:51 honeypot-fra-1 sshd[27580]: Connection closed by 167.248.133.46 port 36002 [preauth]","@timestamp":"2022-09-09T19:55:51.285Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T20:05:07.126Z","@version":"1","message":"Sep  9 20:05:06 honeypot-sgp-1 sshd[1189]: Invalid user user1 from 103.188.176.251 port 35854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:05:20 honeypot-ams-1 sshd[4735]: Disconnected from authenticating user root 61.177.172.19 port 63430 [preauth]","@timestamp":"2022-09-09T20:05:20.744Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:09:32 honeypot-fra-1 sshd[27586]: Invalid user jusierra from 165.22.45.108 port 38992","@timestamp":"2022-09-09T20:09:33.577Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:11:17 honeypot-ams-1 sshd[4745]: Invalid user ib from 77.52.12.151 port 53684","@timestamp":"2022-09-09T20:11:17.900Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:13:00 honeypot-ams-1 kernel: [83630967.759309] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=39262 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:13:00.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:14:00 honeypot-ams-1 sshd[4751]: Disconnected from invalid user ftpuser 137.184.225.163 port 39216 [preauth]","@timestamp":"2022-09-09T20:14:00.973Z"}
{"@timestamp":"2022-09-09T20:16:03.384Z","@version":"1","message":"Sep  9 20:16:03 honeypot-sgp-1 sshd[1194]: Invalid user maowei from 137.116.144.39 port 36102","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:17:01 honeypot-fra-1 CRON[27591]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T20:17:01.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:17:22 honeypot-ams-1 sshd[4762]: Received disconnect from 193.142.146.50 port 45812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:17:23.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:18:12 honeypot-ams-1 sshd[4768]: Received disconnect from 193.142.146.50 port 45442:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:18:13.091Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:19:19 honeypot-ams-1 kernel: [83631346.721138] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=53927 PROTO=TCP SPT=51061 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:19:20.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:20:46 honeypot-ams-1 sshd[4778]: Did not receive identification string from 80.76.51.189 port 59542","@timestamp":"2022-09-09T20:20:46.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:22:22 honeypot-ams-1 sshd[4784]: Received disconnect from 80.76.51.189 port 47072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:22:22.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:24:10 honeypot-ams-1 sshd[4788]: Disconnected from authenticating user root 80.76.51.189 port 51704 [preauth]","@timestamp":"2022-09-09T20:24:11.252Z"}
{"@timestamp":"2022-09-09T20:25:29.602Z","@version":"1","message":"Sep  9 20:25:29 honeypot-sgp-1 sshd[1201]: Connection closed by invalid user Admin 207.42.135.98 port 33192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:26:13 honeypot-ams-1 sshd[4794]: Invalid user ja from 141.136.36.203 port 47480","@timestamp":"2022-09-09T20:26:14.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:26:17 honeypot-ams-1 sshd[4796]: Disconnected from authenticating user root 61.177.173.50 port 53799 [preauth]","@timestamp":"2022-09-09T20:26:18.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:28:13 honeypot-ams-1 sshd[4805]: Received disconnect from 80.76.51.189 port 60960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:28:14.365Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:30:01 honeypot-ams-1 kernel: [83631987.952939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=147.124.217.203 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=37959 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:30:01.414Z"}
{"@timestamp":"2022-09-09T20:30:44.728Z","@version":"1","message":"Sep  9 20:30:44 honeypot-sgp-1 kernel: [83631559.927560] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.141.35 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13647 PROTO=TCP SPT=11621 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:31:36 honeypot-ams-1 sshd[4813]: Disconnected from invalid user user 80.76.51.189 port 41990 [preauth]","@timestamp":"2022-09-09T20:31:37.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:32:40 honeypot-ams-1 sshd[4820]: Received disconnect from 80.76.51.189 port 44306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:32:41.488Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:36:00 honeypot-ams-1 sshd[4824]: Received disconnect from 61.177.172.19 port 56640:11:  [preauth]","@timestamp":"2022-09-09T20:36:01.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:37:36 honeypot-fra-1 sshd[27599]: Invalid user user from 45.61.187.160 port 55614","@timestamp":"2022-09-09T20:37:37.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:37:59 honeypot-fra-1 sshd[27603]: Invalid user user from 45.61.187.160 port 50978","@timestamp":"2022-09-09T20:37:59.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:38:19 honeypot-fra-1 sshd[27607]: Invalid user user from 45.61.187.160 port 46332","@timestamp":"2022-09-09T20:38:20.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:38:38 honeypot-fra-1 sshd[27611]: Invalid user user from 45.61.187.160 port 41702","@timestamp":"2022-09-09T20:38:39.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:42:00 honeypot-fra-1 kernel: [83630556.121389] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=96.232.89.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46557 PROTO=TCP SPT=55603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:42:01.339Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:44:01 honeypot-ams-1 sshd[4829]: Invalid user admin from 193.106.191.157 port 44428","@timestamp":"2022-09-09T20:44:01.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:46:02 honeypot-ams-1 sshd[4834]: Disconnected from authenticating user root 61.177.173.36 port 10244 [preauth]","@timestamp":"2022-09-09T20:46:02.842Z"}
{"@timestamp":"2022-09-09T20:47:27.113Z","@version":"1","message":"Sep  9 20:47:26 honeypot-sgp-1 kernel: [83632562.064324] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.92.32.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=44849 PROTO=TCP SPT=56445 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T20:50:45.191Z","@version":"1","message":"Sep  9 20:50:44 honeypot-sgp-1 sshd[1215]: Connection closed by invalid user pi 183.133.33.111 port 51990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:54:22 honeypot-ams-1 sshd[4840]: Received disconnect from 92.255.85.70 port 38748:11: Bye Bye [preauth]","@timestamp":"2022-09-09T20:54:23.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:58:32 honeypot-ams-1 sshd[4845]: Invalid user user from 198.98.61.9 port 50614","@timestamp":"2022-09-09T20:58:33.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:58:41 honeypot-ams-1 sshd[4847]: Disconnected from invalid user user 198.98.61.9 port 33864 [preauth]","@timestamp":"2022-09-09T20:58:41.172Z"}
{"@timestamp":"2022-09-09T20:58:45.395Z","@version":"1","message":"Sep  9 20:58:45 honeypot-sgp-1 sshd[1222]: Received disconnect from 164.92.85.159 port 35766:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:58:59 honeypot-ams-1 sshd[4851]: Disconnected from invalid user user 198.98.61.9 port 56776 [preauth]","@timestamp":"2022-09-09T20:59:00.182Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:14 honeypot-fra-1 sshd[27621]: Disconnected from invalid user user 45.61.186.169 port 50594 [preauth]","@timestamp":"2022-09-09T20:59:15.718Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:59:15 honeypot-ams-1 sshd[4855]: Disconnected from invalid user user 198.98.61.9 port 51474 [preauth]","@timestamp":"2022-09-09T20:59:16.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:32 honeypot-fra-1 sshd[27625]: Disconnected from invalid user user 45.61.186.169 port 45318 [preauth]","@timestamp":"2022-09-09T20:59:33.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:49 honeypot-fra-1 sshd[27629]: Received disconnect from 45.61.186.169 port 40026:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:59:49.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:00:05 honeypot-fra-1 sshd[27633]: Received disconnect from 45.61.186.169 port 34752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:00:05.742Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:04:08 honeypot-ams-1 kernel: [83634035.720875] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.168.42.78 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=60285 DF PROTO=TCP SPT=51779 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:04:09.318Z"}
{"@timestamp":"2022-09-09T21:04:57.538Z","@version":"1","message":"Sep  9 21:04:57 honeypot-sgp-1 kernel: [83633612.647890] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.166.147 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=50557 DF PROTO=TCP SPT=36540 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:05:22 honeypot-fra-1 sshd[27643]: Connection closed by invalid user oracle 27.150.190.96 port 37018 [preauth]","@timestamp":"2022-09-09T21:05:23.860Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T21:10:26.664Z","@version":"1","message":"Sep  9 21:10:26 honeypot-sgp-1 kernel: [83633941.747365] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=33180 PROTO=TCP SPT=57203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:12:44 honeypot-fra-1 sshd[27650]: Received disconnect from 165.22.45.108 port 49060:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:12:45.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:14:24 honeypot-fra-1 sshd[27654]: Disconnected from authenticating user root 157.245.122.58 port 37558 [preauth]","@timestamp":"2022-09-09T21:14:25.063Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:15:10 honeypot-ams-1 sshd[4871]: Disconnected from authenticating user root 61.177.173.53 port 34815 [preauth]","@timestamp":"2022-09-09T21:15:10.599Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:15:33 honeypot-fra-1 sshd[27658]: Invalid user odoo from 157.245.122.58 port 51078","@timestamp":"2022-09-09T21:15:34.091Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:16:43 honeypot-fra-1 sshd[27660]: Disconnected from invalid user tenancy 157.245.122.58 port 36384 [preauth]","@timestamp":"2022-09-09T21:16:43.119Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T21:17:00.817Z","@version":"1","message":"Sep  9 21:17:00 honeypot-sgp-1 sshd[1232]: Received disconnect from 143.110.185.3 port 41988:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:17:21 honeypot-ams-1 sshd[4877]: Connection closed by invalid user pi 77.185.148.98 port 45832 [preauth]","@timestamp":"2022-09-09T21:17:21.656Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:18:47 honeypot-fra-1 sshd[27668]: Invalid user jonitwiso from 157.245.122.58 port 35226","@timestamp":"2022-09-09T21:18:48.166Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:18:58 honeypot-ams-1 kernel: [83634925.616336] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=177.131.211.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=18509 PROTO=TCP SPT=38019 DPT=80 WINDOW=32338 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:18:59.701Z"}
{"@timestamp":"2022-09-09T21:19:38.878Z","@version":"1","message":"Sep  9 21:19:38 honeypot-sgp-1 sshd[1237]: Disconnected from invalid user willie 200.85.60.130 port 34326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:20:39 honeypot-fra-1 sshd[27672]: Invalid user cypress from 157.245.122.58 port 34046","@timestamp":"2022-09-09T21:20:40.207Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T21:20:55.910Z","@version":"1","message":"Sep  9 21:20:55 honeypot-sgp-1 sshd[1241]: Received disconnect from 221.0.94.20 port 53993:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:35:00 honeypot-ams-1 sshd[4889]: Disconnected from authenticating user root 61.177.173.53 port 45814 [preauth]","@timestamp":"2022-09-09T21:35:01.108Z"}
{"@timestamp":"2022-09-09T21:35:27.242Z","@version":"1","message":"Sep  9 21:35:27 honeypot-sgp-1 sshd[1247]: Invalid user oracle from 92.255.85.69 port 52474","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:36:41 honeypot-fra-1 kernel: [83633836.763422] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.168.35.131 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=43981 DF PROTO=TCP SPT=61381 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-09T21:36:41.556Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T21:38:55.325Z","@version":"1","message":"Sep  9 21:38:54 honeypot-sgp-1 sshd[1251]: Disconnected from 157.245.9.6 port 41050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:40:23 honeypot-ams-1 sshd[4894]: Received disconnect from 92.255.85.69 port 17958:11: Bye Bye [preauth]","@timestamp":"2022-09-09T21:40:23.247Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:43:20 honeypot-ams-1 kernel: [83636386.981955] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.230.103.244 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=56074 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:43:20.341Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:44:41 honeypot-fra-1 sshd[27679]: Invalid user justin from 165.22.45.108 port 54116","@timestamp":"2022-09-09T21:44:41.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:48:04 honeypot-fra-1 sshd[27683]: Invalid user admin from 193.106.191.157 port 60772","@timestamp":"2022-09-09T21:48:05.825Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:48:49 honeypot-ams-1 sshd[4903]: Did not receive identification string from 80.76.51.189 port 39044","@timestamp":"2022-09-09T21:48:50.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:49:52 honeypot-ams-1 sshd[4908]: Received disconnect from 80.76.51.189 port 40784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:49:52.508Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:50:59 honeypot-ams-1 sshd[4915]: Disconnected from authenticating user root 80.76.51.189 port 44918 [preauth]","@timestamp":"2022-09-09T21:50:59.538Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:52:07 honeypot-fra-1 kernel: [83634763.415760] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.106.191.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=54321 PROTO=TCP SPT=56190 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:52:08.938Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:52:43 honeypot-ams-1 sshd[4921]: Disconnected from authenticating user root 80.76.51.189 port 36982 [preauth]","@timestamp":"2022-09-09T21:52:43.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:54:35 honeypot-ams-1 sshd[4927]: Disconnected from authenticating user root 80.76.51.189 port 57268 [preauth]","@timestamp":"2022-09-09T21:54:35.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:55:21 honeypot-ams-1 sshd[4935]: Disconnected from authenticating user root 61.177.173.48 port 54519 [preauth]","@timestamp":"2022-09-09T21:55:21.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:56:21 honeypot-ams-1 sshd[4940]: Disconnected from authenticating user root 157.245.122.58 port 37048 [preauth]","@timestamp":"2022-09-09T21:56:21.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:57:25 honeypot-ams-1 sshd[4944]: Disconnected from invalid user odoo 157.245.122.58 port 50578 [preauth]","@timestamp":"2022-09-09T21:57:25.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:59:25 honeypot-ams-1 sshd[4949]: Invalid user data.user from 157.245.122.58 port 49414","@timestamp":"2022-09-09T21:59:25.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:00:27 honeypot-ams-1 sshd[4953]: Received disconnect from 157.245.122.58 port 34742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T22:00:27.798Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:01:08 honeypot-fra-1 sshd[27694]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-09T22:01:09.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:02:23 honeypot-ams-1 sshd[4958]: Received disconnect from 157.245.122.58 port 33546:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T22:02:23.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:02:50 honeypot-ams-1 sshd[4962]: Disconnected from authenticating user root 3.108.66.72 port 38454 [preauth]","@timestamp":"2022-09-09T22:02:50.863Z"}
{"@timestamp":"2022-09-09T22:07:34.977Z","@version":"1","message":"Sep  9 22:07:34 honeypot-sgp-1 kernel: [83637369.916503] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=238 ID=34836 PROTO=TCP SPT=22059 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:10:04 honeypot-ams-1 sshd[4967]: Did not receive identification string from 80.76.51.189 port 37878","@timestamp":"2022-09-09T22:10:04.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:11:20 honeypot-ams-1 sshd[4972]: Invalid user test from 80.76.51.189 port 38250","@timestamp":"2022-09-09T22:11:20.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:12:26 honeypot-ams-1 sshd[4976]: Connection closed by invalid user user1 103.188.176.251 port 58928 [preauth]","@timestamp":"2022-09-09T22:12:27.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:13:47 honeypot-ams-1 sshd[4983]: Disconnected from authenticating user root 80.76.51.189 port 47086 [preauth]","@timestamp":"2022-09-09T22:13:47.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:15:03 honeypot-ams-1 sshd[4990]: Received disconnect from 80.76.51.189 port 51506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T22:15:04.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:16:24 honeypot-fra-1 sshd[27699]: Disconnected from invalid user justin 165.22.45.108 port 59160 [preauth]","@timestamp":"2022-09-09T22:16:25.465Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 22:16:44 honeypot-ams-1 kernel: [83638391.148153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16974 PROTO=TCP SPT=59196 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:16:45.236Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:17:01 honeypot-fra-1 CRON[27705]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T22:17:01.483Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:17:37 honeypot-ams-1 sshd[5003]: Invalid user git from 80.76.51.189 port 60340","@timestamp":"2022-09-09T22:17:38.263Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27722]: Invalid user esuser from 162.19.25.213 port 41974","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27726]: Invalid user ubuntu from 162.19.25.213 port 41942","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27722]: Connection closed by invalid user esuser 162.19.25.213 port 41974 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27719]: Connection closed by invalid user postgres 162.19.25.213 port 41970 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27729]: Invalid user postgres from 162.19.25.213 port 41964","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27729]: Connection closed by invalid user postgres 162.19.25.213 port 41964 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27731]: Connection closed by invalid user esuser 162.19.25.213 port 41966 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27737]: Invalid user test from 162.19.25.213 port 41998","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27764]: Invalid user test from 162.19.25.213 port 41932","@timestamp":"2022-09-09T22:19:34.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:35 honeypot-fra-1 sshd[27769]: Connection closed by invalid user web 162.19.25.213 port 41952 [preauth]","@timestamp":"2022-09-09T22:19:36.563Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T22:21:00.290Z","@version":"1","message":"Sep  9 22:20:59 honeypot-sgp-1 kernel: [83638174.897201] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3760 PROTO=TCP SPT=22521 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:23:29 honeypot-ams-1 sshd[5007]: Received disconnect from 61.177.172.124 port 38911:11:  [preauth]","@timestamp":"2022-09-09T22:23:30.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:24:33 honeypot-fra-1 kernel: [83636709.200479] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=9625 PROTO=TCP SPT=41928 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:24:34.671Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 22:32:45 honeypot-ams-1 kernel: [83639352.348029] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=64448 PROTO=TCP SPT=40681 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:32:45.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:38:58 honeypot-ams-1 sshd[5022]: Disconnected from invalid user penelope 47.45.227.119 port 45884 [preauth]","@timestamp":"2022-09-09T22:38:58.805Z"}
{"@timestamp":"2022-09-09T22:40:13.739Z","@version":"1","message":"Sep  9 22:40:13 honeypot-sgp-1 sshd[1270]: Invalid user chenliang from 103.188.176.251 port 41888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T22:41:02.761Z","@version":"1","message":"Sep  9 22:41:02 honeypot-sgp-1 sshd[1274]: Received disconnect from 58.144.251.22 port 60816:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 22:41:14 honeypot-ams-1 kernel: [83639860.862661] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=37972 PROTO=TCP SPT=42901 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:41:14.869Z"}
{"@timestamp":"2022-09-09T22:43:19.820Z","@version":"1","message":"Sep  9 22:43:19 honeypot-sgp-1 sshd[1280]: Received disconnect from 45.61.186.49 port 57934:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T22:43:30.825Z","@version":"1","message":"Sep  9 22:43:30 honeypot-sgp-1 sshd[1284]: Invalid user user from 45.61.186.49 port 41418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:44:37 honeypot-ams-1 sshd[5035]: Received disconnect from 218.248.16.73 port 46214:11: Bye Bye [preauth]","@timestamp":"2022-09-09T22:44:37.959Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:46:00 honeypot-ams-1 sshd[5039]: Received disconnect from 92.255.85.69 port 56092:11: Bye Bye [preauth]","@timestamp":"2022-09-09T22:46:00.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:46:12 honeypot-fra-1 sshd[27779]: Connection closed by invalid user ftpuser 141.98.10.158 port 51008 [preauth]","@timestamp":"2022-09-09T22:46:13.127Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:49:47 honeypot-ams-1 sshd[5046]: Invalid user honorio from 220.86.29.35 port 9986","@timestamp":"2022-09-09T22:49:48.097Z"}
{"@timestamp":"2022-09-09T22:50:04.983Z","@version":"1","message":"Sep  9 22:50:04 honeypot-sgp-1 kernel: [83639919.941386] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.255.230.165 DST=159.89.202.188 LEN=40 TOS=0x18 PREC=0x00 TTL=240 ID=51254 PROTO=TCP SPT=49930 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:55:57 honeypot-fra-1 sshd[27786]: Invalid user lars from 103.101.125.37 port 33140","@timestamp":"2022-09-09T22:55:58.333Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 22:57:11 honeypot-ams-1 kernel: [83640818.200460] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.34.203.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=16029 PROTO=TCP SPT=16201 DPT=80 WINDOW=51080 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:57:12.287Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:00:31 honeypot-fra-1 sshd[27789]: Disconnected from invalid user applvis 23.224.121.241 port 36150 [preauth]","@timestamp":"2022-09-09T23:00:32.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:00 honeypot-ams-1 sshd[5057]: Received disconnect from 92.4.128.152 port 46594:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:01.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:01 honeypot-ams-1 sshd[5061]: Disconnected from invalid user ubnt 92.4.128.152 port 46798 [preauth]","@timestamp":"2022-09-09T23:02:01.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:02 honeypot-ams-1 sshd[5067]: Disconnected from authenticating user root 92.4.128.152 port 46818 [preauth]","@timestamp":"2022-09-09T23:02:02.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:02 honeypot-ams-1 sshd[5073]: Disconnected from authenticating user root 92.4.128.152 port 46858 [preauth]","@timestamp":"2022-09-09T23:02:03.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:03 honeypot-ams-1 sshd[5079]: Disconnected from authenticating user root 92.4.128.152 port 46888 [preauth]","@timestamp":"2022-09-09T23:02:03.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:04 honeypot-ams-1 sshd[5085]: Disconnected from authenticating user root 92.4.128.152 port 46958 [preauth]","@timestamp":"2022-09-09T23:02:04.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:04 honeypot-ams-1 sshd[5091]: Disconnected from authenticating user root 92.4.128.152 port 46988 [preauth]","@timestamp":"2022-09-09T23:02:05.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:05 honeypot-ams-1 sshd[5097]: Disconnected from authenticating user root 92.4.128.152 port 47014 [preauth]","@timestamp":"2022-09-09T23:02:05.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:06 honeypot-ams-1 sshd[5103]: Disconnected from authenticating user root 92.4.128.152 port 47030 [preauth]","@timestamp":"2022-09-09T23:02:06.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:06 honeypot-ams-1 sshd[5109]: Disconnected from authenticating user root 92.4.128.152 port 47048 [preauth]","@timestamp":"2022-09-09T23:02:07.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:07 honeypot-ams-1 sshd[5115]: Disconnected from authenticating user root 92.4.128.152 port 47074 [preauth]","@timestamp":"2022-09-09T23:02:08.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:08 honeypot-ams-1 sshd[5121]: Disconnected from authenticating user root 92.4.128.152 port 47088 [preauth]","@timestamp":"2022-09-09T23:02:08.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:08 honeypot-ams-1 sshd[5127]: Disconnected from authenticating user root 92.4.128.152 port 47104 [preauth]","@timestamp":"2022-09-09T23:02:09.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:09 honeypot-ams-1 sshd[5131]: Disconnected from invalid user admin 92.4.128.152 port 47118 [preauth]","@timestamp":"2022-09-09T23:02:09.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:09 honeypot-ams-1 sshd[5135]: Disconnected from invalid user admin 92.4.128.152 port 47130 [preauth]","@timestamp":"2022-09-09T23:02:10.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:10 honeypot-ams-1 sshd[5139]: Disconnected from invalid user admin 92.4.128.152 port 47140 [preauth]","@timestamp":"2022-09-09T23:02:10.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:10 honeypot-ams-1 sshd[5143]: Disconnected from invalid user admin 92.4.128.152 port 47144 [preauth]","@timestamp":"2022-09-09T23:02:11.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:11 honeypot-ams-1 sshd[5147]: Disconnected from invalid user admin 92.4.128.152 port 47330 [preauth]","@timestamp":"2022-09-09T23:02:11.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:11 honeypot-ams-1 sshd[5153]: Received disconnect from 92.4.128.152 port 47480:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:12.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:12 honeypot-ams-1 sshd[5158]: Received disconnect from 92.4.128.152 port 47498:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:12.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:12 honeypot-ams-1 sshd[5162]: Received disconnect from 92.4.128.152 port 47520:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:13.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:12 honeypot-ams-1 sshd[5166]: Received disconnect from 92.4.128.152 port 47538:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:13.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:13 honeypot-ams-1 sshd[5170]: Received disconnect from 92.4.128.152 port 47558:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:13.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:13 honeypot-ams-1 sshd[5174]: Received disconnect from 92.4.128.152 port 47568:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:14.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:14 honeypot-ams-1 sshd[5178]: Received disconnect from 92.4.128.152 port 47614:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:14.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:15 honeypot-ams-1 sshd[5182]: Received disconnect from 92.4.128.152 port 47618:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:16.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:16 honeypot-ams-1 sshd[5186]: Received disconnect from 92.4.128.152 port 47652:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:16.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:16 honeypot-ams-1 sshd[5190]: Received disconnect from 92.4.128.152 port 47662:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:17.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:17 honeypot-ams-1 sshd[5194]: Received disconnect from 92.4.128.152 port 47678:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:17.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:17 honeypot-ams-1 sshd[5198]: Received disconnect from 92.4.128.152 port 47686:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:18.430Z"}
{"@timestamp":"2022-09-09T23:05:09.339Z","@version":"1","message":"Sep  9 23:05:09 honeypot-sgp-1 sshd[1291]: Disconnected from authenticating user root 92.255.85.69 port 44758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:07:20 honeypot-fra-1 sshd[27794]: Disconnected from authenticating user root 92.255.85.70 port 37092 [preauth]","@timestamp":"2022-09-09T23:07:21.607Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:08:23 honeypot-ams-1 sshd[5204]: Disconnected from authenticating user root 193.142.146.50 port 45826 [preauth]","@timestamp":"2022-09-09T23:08:23.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:09:24 honeypot-ams-1 sshd[5212]: Received disconnect from 193.142.146.50 port 57964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:09:25.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:09:57 honeypot-ams-1 sshd[5216]: Received disconnect from 92.255.85.69 port 44042:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:09:57.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:10:32 honeypot-ams-1 sshd[5224]: Received disconnect from 193.142.146.50 port 56456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:10:33.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:13:00 honeypot-ams-1 sshd[5229]: Disconnected from authenticating user root 61.177.173.48 port 56241 [preauth]","@timestamp":"2022-09-09T23:13:01.716Z"}
{"@timestamp":"2022-09-09T23:17:02.621Z","@version":"1","message":"Sep  9 23:17:01 honeypot-sgp-1 CRON[1297]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:38 honeypot-fra-1 sshd[27803]: Did not receive identification string from 43.140.196.227 port 46586","@timestamp":"2022-09-09T23:17:38.850Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27814]: Invalid user admin from 43.140.196.227 port 48254","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27817]: Invalid user momo from 43.140.196.227 port 48246","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27819]: Connection closed by invalid user devops 43.140.196.227 port 48258 [preauth]","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27812]: Invalid user test from 43.140.196.227 port 48282","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:41 honeypot-fra-1 sshd[27812]: Connection closed by invalid user test 43.140.196.227 port 48282 [preauth]","@timestamp":"2022-09-09T23:17:41.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:42 honeypot-fra-1 sshd[27845]: Invalid user steam from 43.140.196.227 port 48312","@timestamp":"2022-09-09T23:17:42.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27864]: Invalid user testuser from 43.140.196.227 port 48308","@timestamp":"2022-09-09T23:17:43.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27845]: Connection closed by invalid user steam 43.140.196.227 port 48312 [preauth]","@timestamp":"2022-09-09T23:17:43.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27860]: Invalid user oracle from 43.140.196.227 port 48292","@timestamp":"2022-09-09T23:17:44.855Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:44 honeypot-fra-1 sshd[27853]: Connection closed by invalid user esuser 43.140.196.227 port 48304 [preauth]","@timestamp":"2022-09-09T23:17:44.855Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:17:56 honeypot-ams-1 sshd[5236]: Disconnected from authenticating user root 61.177.173.39 port 17630 [preauth]","@timestamp":"2022-09-09T23:17:57.848Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:18:52 honeypot-fra-1 sshd[27874]: Disconnected from authenticating user root 31.47.192.98 port 52986 [preauth]","@timestamp":"2022-09-09T23:18:52.897Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:21:12.720Z","@version":"1","message":"Sep  9 23:21:12 honeypot-sgp-1 sshd[1303]: Connection closed by 220.150.186.57 port 56856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:51.737Z","@version":"1","message":"Sep  9 23:21:51 honeypot-sgp-1 sshd[1308]: Received disconnect from 141.255.162.226 port 43756:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:56.739Z","@version":"1","message":"Sep  9 23:21:56 honeypot-sgp-1 sshd[1312]: Received disconnect from 141.255.162.226 port 60294:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:59.741Z","@version":"1","message":"Sep  9 23:21:59 honeypot-sgp-1 sshd[1316]: Received disconnect from 141.255.162.226 port 48604:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:22:21 honeypot-fra-1 sshd[27880]: Disconnected from invalid user ronald 8.38.172.89 port 49586 [preauth]","@timestamp":"2022-09-09T23:22:21.976Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:25:33.826Z","@version":"1","message":"Sep  9 23:25:32 honeypot-sgp-1 sshd[1322]: Invalid user user from 45.61.186.169 port 52528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:25:50.834Z","@version":"1","message":"Sep  9 23:25:49 honeypot-sgp-1 sshd[1326]: Invalid user user from 45.61.186.169 port 47038","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:26:06.841Z","@version":"1","message":"Sep  9 23:26:06 honeypot-sgp-1 sshd[1330]: Invalid user user from 45.61.186.169 port 41554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:26:15.846Z","@version":"1","message":"Sep  9 23:26:15 honeypot-sgp-1 sshd[1335]: Received disconnect from 45.61.186.169 port 52924:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:26:43.859Z","@version":"1","message":"Sep  9 23:26:43 honeypot-sgp-1 sshd[1341]: Disconnecting authenticating user root 114.92.195.10 port 11157: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:30:19.945Z","@version":"1","message":"Sep  9 23:30:19 honeypot-sgp-1 kernel: [83642334.881134] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.48 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=63049 PROTO=TCP SPT=53137 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 23:30:30 honeypot-ams-1 kernel: [83642817.350805] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=32555 PROTO=TCP SPT=46203 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:30:31.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:30:48 honeypot-fra-1 kernel: [83640684.178701] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=37204 PROTO=TCP SPT=46203 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:30:49.167Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:34:24 honeypot-fra-1 sshd[27891]: Invalid user kriskov from 38.64.92.48 port 55114","@timestamp":"2022-09-09T23:34:24.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:37:37.117Z","@version":"1","message":"Sep  9 23:37:36 honeypot-sgp-1 sshd[1351]: Disconnected from authenticating user root 200.10.192.5 port 37020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:38:15 honeypot-ams-1 sshd[5247]: Invalid user suimon from 20.39.241.10 port 60860","@timestamp":"2022-09-09T23:38:15.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:39:41 honeypot-ams-1 sshd[5251]: Did not receive identification string from 80.76.51.46 port 54072","@timestamp":"2022-09-09T23:39:42.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:39:46 honeypot-fra-1 kernel: [83641222.141625] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=147.28.148.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=37249 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:39:47.371Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:40:07 honeypot-ams-1 sshd[5256]: Received disconnect from 61.177.173.36 port 23230:11:  [preauth]","@timestamp":"2022-09-09T23:40:07.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:40:17 honeypot-ams-1 sshd[5260]: Disconnected from invalid user test 80.76.51.46 port 49302 [preauth]","@timestamp":"2022-09-09T23:40:17.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:40:47 honeypot-fra-1 sshd[27901]: Connection closed by invalid user admin 128.199.168.83 port 58918 [preauth]","@timestamp":"2022-09-09T23:40:48.396Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:41:01 honeypot-ams-1 sshd[5266]: Disconnected from authenticating user root 80.76.51.46 port 51980 [preauth]","@timestamp":"2022-09-09T23:41:02.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:41:45 honeypot-ams-1 sshd[5272]: Received disconnect from 80.76.51.46 port 54614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:41:46.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:42:30 honeypot-ams-1 sshd[5278]: Invalid user user from 80.76.51.46 port 57156","@timestamp":"2022-09-09T23:42:30.501Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:41 honeypot-fra-1 sshd[27906]: Disconnected from invalid user user 141.255.162.226 port 45882 [preauth]","@timestamp":"2022-09-09T23:42:41.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:43 honeypot-fra-1 sshd[27910]: Disconnected from invalid user user 141.255.162.226 port 54526 [preauth]","@timestamp":"2022-09-09T23:42:44.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:42:44 honeypot-ams-1 sshd[5281]: Disconnected from invalid user git 80.76.51.46 port 57992 [preauth]","@timestamp":"2022-09-09T23:42:45.509Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:45 honeypot-fra-1 sshd[27914]: Disconnected from invalid user user 141.255.162.226 port 52232 [preauth]","@timestamp":"2022-09-09T23:42:46.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:49 honeypot-fra-1 sshd[27918]: Disconnected from invalid user user 141.255.162.226 port 41292 [preauth]","@timestamp":"2022-09-09T23:42:50.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:33 honeypot-fra-1 sshd[27924]: Invalid user user from 141.255.162.226 port 35492","@timestamp":"2022-09-09T23:46:33.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:34 honeypot-fra-1 sshd[27928]: Invalid user user from 141.255.162.226 port 43100","@timestamp":"2022-09-09T23:46:34.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:38 honeypot-fra-1 sshd[27932]: Invalid user user from 141.255.162.226 port 58308","@timestamp":"2022-09-09T23:46:38.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:49:50 honeypot-fra-1 kernel: [83641825.435908] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=180.101.56.56 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=53575 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:49:50.603Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:51:40 honeypot-ams-1 sshd[5288]: Received disconnect from 182.253.117.99 port 48934:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:51:40.742Z"}
{"@timestamp":"2022-09-09T23:51:49.458Z","@version":"1","message":"Sep  9 23:51:49 honeypot-sgp-1 kernel: [83643624.571048] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.163.149 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=41750 PROTO=TCP SPT=43738 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:52:41.481Z","@version":"1","message":"Sep  9 23:52:40 honeypot-sgp-1 sshd[1360]: Received disconnect from 45.61.187.160 port 47348:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:53:01.490Z","@version":"1","message":"Sep  9 23:53:01 honeypot-sgp-1 sshd[1364]: Received disconnect from 45.61.187.160 port 42124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:53:06 honeypot-ams-1 sshd[5292]: Disconnected from invalid user user 188.170.13.225 port 52504 [preauth]","@timestamp":"2022-09-09T23:53:06.783Z"}
{"@timestamp":"2022-09-09T23:53:20.500Z","@version":"1","message":"Sep  9 23:53:20 honeypot-sgp-1 sshd[1368]: Received disconnect from 45.61.187.160 port 36902:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:54:00 honeypot-fra-1 sshd[27941]: Received disconnect from 154.72.194.207 port 59444:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:54:00.696Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:54:52.537Z","@version":"1","message":"Sep  9 23:54:51 honeypot-sgp-1 sshd[1372]: Invalid user admin from 128.199.160.207 port 24420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:54:52.537Z","@version":"1","message":"Sep  9 23:54:51 honeypot-sgp-1 sshd[1378]: Invalid user admin from 128.199.160.207 port 24456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:55:43 honeypot-ams-1 sshd[5301]: Received disconnect from 92.255.85.70 port 33392:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:55:43.856Z"}
{"@timestamp":"2022-09-09T23:58:02.610Z","@version":"1","message":"Sep  9 23:58:01 honeypot-sgp-1 sshd[1383]: Disconnected from invalid user chuma 165.227.87.78 port 40504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:00:50 honeypot-ams-1 kernel: [83644637.257431] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=8251 PROTO=TCP SPT=54336 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:00:50.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:29 honeypot-ams-1 sshd[5312]: Received disconnect from 149.90.249.162 port 44578:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:30.016Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:30 honeypot-ams-1 sshd[5316]: Disconnected from authenticating user root 149.90.249.162 port 44596 [preauth]","@timestamp":"2022-09-10T00:01:31.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:31 honeypot-ams-1 sshd[5322]: Disconnected from authenticating user root 149.90.249.162 port 44632 [preauth]","@timestamp":"2022-09-10T00:01:32.019Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:32 honeypot-ams-1 sshd[5328]: Disconnected from authenticating user root 149.90.249.162 port 44658 [preauth]","@timestamp":"2022-09-10T00:01:33.020Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:33 honeypot-ams-1 sshd[5334]: Disconnected from authenticating user root 149.90.249.162 port 45042 [preauth]","@timestamp":"2022-09-10T00:01:34.020Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:35 honeypot-ams-1 sshd[5340]: Disconnected from authenticating user root 149.90.249.162 port 45084 [preauth]","@timestamp":"2022-09-10T00:01:35.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:36 honeypot-ams-1 sshd[5346]: Disconnected from authenticating user root 149.90.249.162 port 45138 [preauth]","@timestamp":"2022-09-10T00:01:37.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:37 honeypot-ams-1 sshd[5352]: Disconnected from authenticating user root 149.90.249.162 port 45194 [preauth]","@timestamp":"2022-09-10T00:01:38.024Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:38 honeypot-ams-1 sshd[5358]: Disconnected from authenticating user root 149.90.249.162 port 45230 [preauth]","@timestamp":"2022-09-10T00:01:39.024Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:39 honeypot-ams-1 sshd[5364]: Disconnected from authenticating user root 149.90.249.162 port 45254 [preauth]","@timestamp":"2022-09-10T00:01:40.025Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:40 honeypot-ams-1 sshd[5370]: Disconnected from authenticating user root 149.90.249.162 port 45288 [preauth]","@timestamp":"2022-09-10T00:01:41.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:42 honeypot-ams-1 sshd[5376]: Disconnected from authenticating user root 149.90.249.162 port 45320 [preauth]","@timestamp":"2022-09-10T00:01:43.027Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:43 honeypot-ams-1 sshd[5382]: Received disconnect from 149.90.249.162 port 45684:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:44.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:44 honeypot-ams-1 sshd[5386]: Received disconnect from 149.90.249.162 port 19032:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:45.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:44 honeypot-ams-1 sshd[5390]: Received disconnect from 149.90.249.162 port 45750:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:45.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:45 honeypot-ams-1 sshd[5394]: Received disconnect from 149.90.249.162 port 45778:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:46.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:46 honeypot-ams-1 sshd[5398]: Received disconnect from 149.90.249.162 port 45830:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:47.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:47 honeypot-ams-1 sshd[5402]: Received disconnect from 149.90.249.162 port 45856:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:48.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:48 honeypot-ams-1 sshd[5408]: Invalid user pi from 149.90.249.162 port 45890","@timestamp":"2022-09-10T00:01:49.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:49 honeypot-ams-1 sshd[5412]: Invalid user user from 149.90.249.162 port 45912","@timestamp":"2022-09-10T00:01:50.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:49 honeypot-ams-1 sshd[5416]: Invalid user mine from 149.90.249.162 port 45926","@timestamp":"2022-09-10T00:01:50.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:50 honeypot-ams-1 sshd[5420]: Invalid user xbmc from 149.90.249.162 port 45960","@timestamp":"2022-09-10T00:01:51.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:51 honeypot-ams-1 sshd[5424]: Invalid user oracle from 149.90.249.162 port 45986","@timestamp":"2022-09-10T00:01:52.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:52 honeypot-ams-1 sshd[5428]: Invalid user postgres from 149.90.249.162 port 45998","@timestamp":"2022-09-10T00:01:53.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:53 honeypot-ams-1 sshd[5432]: Invalid user support from 149.90.249.162 port 46248","@timestamp":"2022-09-10T00:01:54.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:53 honeypot-ams-1 sshd[5436]: Invalid user ubuntu from 149.90.249.162 port 46352","@timestamp":"2022-09-10T00:01:54.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:54 honeypot-ams-1 sshd[5438]: Disconnected from invalid user debian 149.90.249.162 port 46374 [preauth]","@timestamp":"2022-09-10T00:01:55.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:55 honeypot-ams-1 sshd[5442]: Received disconnect from 149.90.249.162 port 46400:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:56.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:56 honeypot-ams-1 sshd[5446]: Received disconnect from 149.90.249.162 port 46440:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:56.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:56 honeypot-ams-1 sshd[5450]: Received disconnect from 149.90.249.162 port 46502:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:57.041Z"}
{"@timestamp":"2022-09-10T00:06:09.799Z","@version":"1","message":"Sep 10 00:06:09 honeypot-sgp-1 kernel: [83644484.178753] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46068 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:07:28 honeypot-ams-1 kernel: [83645034.925213] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.103.181.180 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=28684 PROTO=TCP SPT=7669 DPT=80 WINDOW=4069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:07:29.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:12:25 honeypot-fra-1 sshd[27946]: Received disconnect from 204.48.30.72 port 46458:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:12:26.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:27 honeypot-fra-1 sshd[27951]: Invalid user user from 198.98.61.9 port 41464","@timestamp":"2022-09-10T00:13:28.149Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:43 honeypot-fra-1 sshd[27955]: Invalid user user from 198.98.61.9 port 36278","@timestamp":"2022-09-10T00:13:44.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:59 honeypot-fra-1 sshd[27959]: Invalid user user from 198.98.61.9 port 59310","@timestamp":"2022-09-10T00:13:59.164Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:16:39 honeypot-fra-1 sshd[27963]: Received disconnect from 92.255.85.70 port 50030:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:16:39.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:17:01.053Z","@version":"1","message":"Sep 10 00:17:01 honeypot-sgp-1 CRON[1393]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:19:51 honeypot-ams-1 sshd[5471]: Disconnected from authenticating user root 92.255.85.70 port 32436 [preauth]","@timestamp":"2022-09-10T00:19:52.542Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:21:02 honeypot-fra-1 kernel: [83643698.116954] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=9855 PROTO=TCP SPT=41838 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:21:03.333Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:23:32 honeypot-fra-1 sshd[27972]: Received disconnect from 134.17.16.196 port 15444:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:23:33.392Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:29:13 honeypot-fra-1 kernel: [83644188.592038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=51216 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:29:13.522Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:33:24 honeypot-ams-1 kernel: [83646590.859007] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=60932 PROTO=TCP SPT=49549 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:33:24.903Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:35:19 honeypot-fra-1 kernel: [83644554.511987] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=147.28.148.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=35317 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:35:19.660Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T00:36:05.502Z","@version":"1","message":"Sep 10 00:36:04 honeypot-sgp-1 sshd[1405]: Received disconnect from 92.255.85.70 port 21326:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:41:10 honeypot-ams-1 sshd[5488]: Received disconnect from 92.255.85.70 port 21852:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:41:11.109Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:41:33 honeypot-fra-1 sshd[27983]: Disconnected from invalid user josh 70.37.75.157 port 35048 [preauth]","@timestamp":"2022-09-10T00:41:33.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:46:43.769Z","@version":"1","message":"Sep 10 00:46:42 honeypot-sgp-1 sshd[1411]: Invalid user admin from 185.246.130.20 port 23839","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:46:46 honeypot-ams-1 sshd[5495]: Disconnected from authenticating user root 61.177.173.36 port 34437 [preauth]","@timestamp":"2022-09-10T00:46:47.260Z"}
{"@timestamp":"2022-09-10T00:47:19.787Z","@version":"1","message":"Sep 10 00:47:19 honeypot-sgp-1 sshd[1417]: Invalid user admin from 185.246.130.20 port 59678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:47:56.804Z","@version":"1","message":"Sep 10 00:47:55 honeypot-sgp-1 sshd[1424]: Invalid user aerohive from 185.246.130.20 port 60632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:24 honeypot-fra-1 sshd[27990]: Received disconnect from 141.255.162.226 port 40022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:48:24.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:26 honeypot-fra-1 sshd[27994]: Received disconnect from 141.255.162.226 port 57256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:48:26.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:30 honeypot-fra-1 sshd[27998]: Received disconnect from 141.255.162.226 port 59644:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:48:30.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:32 honeypot-fra-1 sshd[28002]: Received disconnect from 141.255.162.226 port 54880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:48:32.962Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:48:35.822Z","@version":"1","message":"Sep 10 00:48:35 honeypot-sgp-1 sshd[1430]: Invalid user private from 185.246.130.20 port 22928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:49:02.835Z","@version":"1","message":"Sep 10 00:49:02 honeypot-sgp-1 sshd[1437]: Invalid user Admin from 185.246.130.20 port 21836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:49:35.852Z","@version":"1","message":"Sep 10 00:49:35 honeypot-sgp-1 sshd[1444]: Invalid user user from 185.246.130.20 port 60436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:50:03.864Z","@version":"1","message":"Sep 10 00:50:03 honeypot-sgp-1 sshd[1448]: Disconnecting invalid user Admin 185.246.130.20 port 16702: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:50:15 honeypot-fra-1 sshd[28006]: Received disconnect from 181.117.244.23 port 33828:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:50:16.003Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:50:34.880Z","@version":"1","message":"Sep 10 00:50:34 honeypot-sgp-1 sshd[1456]: Disconnecting invalid user guest 185.246.130.20 port 45274: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:50:55.891Z","@version":"1","message":"Sep 10 00:50:55 honeypot-sgp-1 sshd[1466]: Invalid user user from 45.61.184.204 port 51138","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:03.894Z","@version":"1","message":"Sep 10 00:51:03 honeypot-sgp-1 sshd[1468]: Disconnected from authenticating user root 157.245.122.58 port 41800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:15.900Z","@version":"1","message":"Sep 10 00:51:15 honeypot-sgp-1 sshd[1476]: Invalid user user from 45.61.184.204 port 45684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:24.905Z","@version":"1","message":"Sep 10 00:51:24 honeypot-sgp-1 sshd[1480]: Received disconnect from 45.61.184.204 port 57070:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:33.909Z","@version":"1","message":"Sep 10 00:51:33 honeypot-sgp-1 sshd[1482]: Received disconnect from 45.61.184.204 port 40224:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:42.914Z","@version":"1","message":"Sep 10 00:51:42 honeypot-sgp-1 sshd[1485]: Disconnecting invalid user 1234 185.246.130.20 port 38723: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:52:04.925Z","@version":"1","message":"Sep 10 00:52:04 honeypot-sgp-1 sshd[1493]: Invalid user Administrator from 185.246.130.20 port 2838","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:52:17.931Z","@version":"1","message":"Sep 10 00:52:17 honeypot-sgp-1 sshd[1497]: Disconnecting invalid user  185.246.130.20 port 26408: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:52:46.945Z","@version":"1","message":"Sep 10 00:52:46 honeypot-sgp-1 sshd[1504]: Disconnecting invalid user admin 185.246.130.20 port 63431: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:04.955Z","@version":"1","message":"Sep 10 00:53:04 honeypot-sgp-1 sshd[1510]: Received disconnect from 157.245.122.58 port 40644:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:31.968Z","@version":"1","message":"Sep 10 00:53:31 honeypot-sgp-1 sshd[1516]: Disconnecting invalid user default 185.246.130.20 port 11161: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:51.978Z","@version":"1","message":"Sep 10 00:53:51 honeypot-sgp-1 sshd[1520]: Disconnecting invalid user c1@r0 185.246.130.20 port 50274: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:54:15.991Z","@version":"1","message":"Sep 10 00:54:15 honeypot-sgp-1 sshd[1526]: Invalid user cusadmin from 185.246.130.20 port 62624","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:54:38 honeypot-ams-1 kernel: [83647865.384522] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=147.28.148.13 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=60452 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:54:39.467Z"}
{"@timestamp":"2022-09-10T00:54:57.011Z","@version":"1","message":"Sep 10 00:54:56 honeypot-sgp-1 sshd[1532]: Invalid user lgnortel from 185.246.130.20 port 31763","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:55:12.019Z","@version":"1","message":"Sep 10 00:55:11 honeypot-sgp-1 sshd[1536]: Disconnecting invalid user Admin 185.246.130.20 port 24134: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:55:47.035Z","@version":"1","message":"Sep 10 00:55:46 honeypot-sgp-1 sshd[1542]: Disconnecting invalid user  185.246.130.20 port 43208: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:56:08.046Z","@version":"1","message":"Sep 10 00:56:07 honeypot-sgp-1 sshd[1548]: Invalid user matrix from 185.246.130.20 port 28741","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:56:36.061Z","@version":"1","message":"Sep 10 00:56:35 honeypot-sgp-1 sshd[1554]: Invalid user motorola from 185.246.130.20 port 63269","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:56:48.066Z","@version":"1","message":"Sep 10 00:56:47 honeypot-sgp-1 sshd[1556]: Invalid user admin from 185.246.130.20 port 11053","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:57:26.085Z","@version":"1","message":"Sep 10 00:57:25 honeypot-sgp-1 sshd[1564]: Disconnecting invalid user admin 185.246.130.20 port 54688: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:57:59 honeypot-fra-1 kernel: [83645914.639429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=58733 PROTO=TCP SPT=51221 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:58:00.177Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T00:58:03.102Z","@version":"1","message":"Sep 10 00:58:02 honeypot-sgp-1 sshd[1571]: Disconnecting invalid user admin 185.246.130.20 port 33975: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:58:32.118Z","@version":"1","message":"Sep 10 00:58:31 honeypot-sgp-1 sshd[1577]: Disconnecting invalid user Shiko 185.246.130.20 port 43628: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:58:57.131Z","@version":"1","message":"Sep 10 00:58:56 honeypot-sgp-1 sshd[1586]: Invalid user blank from 92.255.85.70 port 58780","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:59:12.138Z","@version":"1","message":"Sep 10 00:59:11 honeypot-sgp-1 sshd[1588]: Invalid user admin from 185.246.130.20 port 13882","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:59:44.154Z","@version":"1","message":"Sep 10 00:59:43 honeypot-sgp-1 sshd[1594]: Invalid user smcadmin from 185.246.130.20 port 51427","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:00:28.175Z","@version":"1","message":"Sep 10 01:00:28 honeypot-sgp-1 sshd[1600]: Invalid user admin from 185.246.130.20 port 10077","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:01:20.200Z","@version":"1","message":"Sep 10 01:01:20 honeypot-sgp-1 sshd[1606]: Invalid user user from 185.246.130.20 port 28485","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:02:01.219Z","@version":"1","message":"Sep 10 01:02:00 honeypot-sgp-1 sshd[1612]: Received disconnect from 140.86.39.162 port 56604:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:02:42.238Z","@version":"1","message":"Sep 10 01:02:41 honeypot-sgp-1 sshd[1619]: Invalid user amdin from 185.246.130.20 port 11643","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:03:02 honeypot-ams-1 kernel: [83648369.494859] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.70.156.194 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=15686 PROTO=TCP SPT=59545 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:03:03.704Z"}
{"@timestamp":"2022-09-10T01:03:19.256Z","@version":"1","message":"Sep 10 01:03:18 honeypot-sgp-1 sshd[1625]: Invalid user admin from 185.246.130.20 port 54479","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:03:52.272Z","@version":"1","message":"Sep 10 01:03:51 honeypot-sgp-1 sshd[1629]: Disconnecting invalid user 0 185.246.130.20 port 62913: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:03:57.275Z","@version":"1","message":"Sep 10 01:03:56 honeypot-sgp-1 sshd[1636]: Disconnected from invalid user user 141.255.162.226 port 57582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:00.276Z","@version":"1","message":"Sep 10 01:04:00 honeypot-sgp-1 sshd[1640]: Disconnected from invalid user user 141.255.162.226 port 46426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:05.280Z","@version":"1","message":"Sep 10 01:04:05 honeypot-sgp-1 sshd[1644]: Received disconnect from 141.255.162.226 port 35268:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:16.285Z","@version":"1","message":"Sep 10 01:04:15 honeypot-sgp-1 sshd[1648]: Disconnecting invalid user zoomadsl 185.246.130.20 port 17708: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:56.305Z","@version":"1","message":"Sep 10 01:04:56 honeypot-sgp-1 sshd[1654]: Connection closed by invalid user ltecl4r0 185.246.130.20 port 14204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:11:49 honeypot-fra-1 sshd[28016]: Received disconnect from 165.232.172.31 port 47676:11: Bye Bye [preauth]","@timestamp":"2022-09-10T01:11:49.481Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:12:28 honeypot-ams-1 kernel: [83648935.468788] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.200 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38236 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:12:28.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:14:13 honeypot-ams-1 sshd[5515]: Received disconnect from 133.130.89.4 port 34574:11: Bye Bye [preauth]","@timestamp":"2022-09-10T01:14:14.007Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:16:36 honeypot-fra-1 kernel: [83647031.925422] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=3186 PROTO=TCP SPT=12982 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:16:37.593Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T01:17:01.606Z","@version":"1","message":"Sep 10 01:17:01 honeypot-sgp-1 CRON[1661]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:17:40.623Z","@version":"1","message":"Sep 10 01:17:39 honeypot-sgp-1 sshd[1666]: Disconnected from authenticating user root 200.207.224.148 port 37164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:21:18 honeypot-ams-1 sshd[5524]: Received disconnect from 68.183.141.36 port 51792:11: Bye Bye [preauth]","@timestamp":"2022-09-10T01:21:18.226Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:23:09 honeypot-fra-1 sshd[28025]: Disconnecting invalid user admin 31.52.230.39 port 60647: Too many authentication failures [preauth]","@timestamp":"2022-09-10T01:23:10.740Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T01:23:14.754Z","@version":"1","message":"Sep 10 01:23:13 honeypot-sgp-1 kernel: [83649108.999463] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.164 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37733 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:08 honeypot-ams-1 sshd[5532]: Invalid user user from 45.61.186.169 port 44834","@timestamp":"2022-09-10T01:24:09.307Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:25 honeypot-ams-1 sshd[5536]: Invalid user user from 45.61.186.169 port 39428","@timestamp":"2022-09-10T01:24:26.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:41 honeypot-ams-1 sshd[5540]: Invalid user user from 45.61.186.169 port 34036","@timestamp":"2022-09-10T01:24:42.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:26:07 honeypot-ams-1 sshd[5544]: Received disconnect from 61.177.173.47 port 56597:11:  [preauth]","@timestamp":"2022-09-10T01:26:08.420Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:26:48 honeypot-fra-1 sshd[28029]: Disconnected from invalid user justin 165.22.45.108 port 32912 [preauth]","@timestamp":"2022-09-10T01:26:48.849Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:27:57 honeypot-ams-1 kernel: [83649864.286958] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.127.205.85 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=17934 DF PROTO=TCP SPT=58583 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:27:58.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28045]: Invalid user ubuntu from 82.165.53.144 port 39116","@timestamp":"2022-09-10T01:31:38.956Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28053]: Invalid user momo from 82.165.53.144 port 39438","@timestamp":"2022-09-10T01:31:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28053]: Connection closed by invalid user momo 82.165.53.144 port 39438 [preauth]","@timestamp":"2022-09-10T01:31:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28039]: Connection closed by invalid user odoo 82.165.53.144 port 39114 [preauth]","@timestamp":"2022-09-10T01:31:39.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28046]: Invalid user test from 82.165.53.144 port 39148","@timestamp":"2022-09-10T01:31:39.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28059]: Invalid user cloud from 82.165.53.144 port 39286","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28056]: Invalid user web from 82.165.53.144 port 39158","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28054]: Invalid user postgres from 82.165.53.144 port 39170","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:33:25 honeypot-fra-1 kernel: [83648040.559818] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=43163 DF PROTO=TCP SPT=62352 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-10T01:33:26.001Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T01:36:15.059Z","@version":"1","message":"Sep 10 01:36:15 honeypot-sgp-1 kernel: [83649890.090114] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.68.252.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=20698 PROTO=TCP SPT=53773 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:37:20 honeypot-ams-1 sshd[5554]: Disconnected from authenticating user root 61.177.173.47 port 50389 [preauth]","@timestamp":"2022-09-10T01:37:21.715Z"}
{"@timestamp":"2022-09-10T01:39:34.138Z","@version":"1","message":"Sep 10 01:39:33 honeypot-sgp-1 sshd[1683]: Received disconnect from 24.194.231.208 port 42260:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:41:30 honeypot-fra-1 sshd[28096]: Received disconnect from 154.120.243.194 port 47954:11: Bye Bye [preauth]","@timestamp":"2022-09-10T01:41:30.199Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:44:05 honeypot-ams-1 sshd[5563]: Connection closed by invalid user admin 216.52.136.77 port 44728 [preauth]","@timestamp":"2022-09-10T01:44:05.892Z"}
{"@timestamp":"2022-09-10T01:44:58.264Z","@version":"1","message":"Sep 10 01:44:57 honeypot-sgp-1 sshd[1689]: Invalid user usuario from 92.255.85.70 port 62284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:27 honeypot-fra-1 sshd[28105]: Invalid user appuser from 137.184.77.246 port 58430","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28113]: Invalid user devops from 137.184.77.246 port 58488","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28106]: Connection closed by authenticating user root 137.184.77.246 port 58484 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28110]: Connection closed by authenticating user root 137.184.77.246 port 58454 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28113]: Connection closed by invalid user devops 137.184.77.246 port 58488 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28120]: Connection closed by invalid user ubuntu 137.184.77.246 port 58464 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28126]: Connection closed by invalid user es 137.184.77.246 port 58460 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:47:46 honeypot-fra-1 sshd[28154]: Received disconnect from 92.255.85.69 port 21858:11: Bye Bye [preauth]","@timestamp":"2022-09-10T01:47:47.339Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:48:54 honeypot-ams-1 kernel: [83651120.684392] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=63260 PROTO=TCP SPT=45968 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:48:55.019Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:51:36 honeypot-fra-1 sshd[28158]: Connection closed by invalid user  64.62.197.122 port 20576 [preauth]","@timestamp":"2022-09-10T01:51:37.427Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:52:32 honeypot-ams-1 sshd[5575]: Received disconnect from 198.98.61.9 port 53264:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:52:33.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:52:49 honeypot-ams-1 sshd[5579]: Received disconnect from 198.98.61.9 port 48256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:52:50.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:53:10 honeypot-ams-1 sshd[5583]: Received disconnect from 198.98.61.9 port 43258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:53:11.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:53:25 honeypot-ams-1 sshd[5587]: Received disconnect from 198.98.61.9 port 38250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:53:26.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:11 honeypot-ams-1 sshd[5593]: Invalid user user from 141.255.162.226 port 54026","@timestamp":"2022-09-10T01:58:11.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:15 honeypot-ams-1 sshd[5597]: Invalid user user from 141.255.162.226 port 42710","@timestamp":"2022-09-10T01:58:16.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:17 honeypot-ams-1 sshd[5601]: Invalid user user from 141.255.162.226 port 51156","@timestamp":"2022-09-10T01:58:17.282Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:59:32 honeypot-fra-1 sshd[28164]: Connection closed by invalid user  128.14.232.100 port 38798 [preauth]","@timestamp":"2022-09-10T01:59:32.602Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:59:38 honeypot-ams-1 sshd[5605]: Received disconnect from 61.177.173.36 port 53331:11:  [preauth]","@timestamp":"2022-09-10T01:59:39.318Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:07:27 honeypot-ams-1 kernel: [83652234.140234] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48164 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:07:27.525Z"}
{"@timestamp":"2022-09-10T02:07:30.787Z","@version":"1","message":"Sep 10 02:07:30 honeypot-sgp-1 sshd[1692]: Disconnected from authenticating user root 92.255.85.69 port 18202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:07:39 honeypot-fra-1 sshd[28171]: Invalid user yoshimoto from 2.139.220.58 port 33802","@timestamp":"2022-09-10T02:07:39.797Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:09:07 honeypot-ams-1 sshd[5616]: Received disconnect from 141.255.162.226 port 54522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:09:08.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:09:09 honeypot-ams-1 sshd[5620]: Received disconnect from 141.255.162.226 port 34850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:09:10.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:10:51 honeypot-ams-1 sshd[5626]: Invalid user rivera from 45.175.18.29 port 43016","@timestamp":"2022-09-10T02:10:51.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:12:04 honeypot-ams-1 sshd[5631]: Received disconnect from 190.11.80.188 port 43814:11: Bye Bye [preauth]","@timestamp":"2022-09-10T02:12:04.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:12:35 honeypot-ams-1 sshd[5635]: Disconnected from authenticating user root 61.177.173.50 port 27155 [preauth]","@timestamp":"2022-09-10T02:12:36.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:26 honeypot-fra-1 sshd[28176]: Did not receive identification string from 141.255.162.226 port 34022","@timestamp":"2022-09-10T02:14:26.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:34 honeypot-fra-1 sshd[28179]: Disconnected from invalid user user 141.255.162.226 port 60084 [preauth]","@timestamp":"2022-09-10T02:14:34.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:38 honeypot-fra-1 sshd[28183]: Disconnected from invalid user user 141.255.162.226 port 57690 [preauth]","@timestamp":"2022-09-10T02:14:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:42 honeypot-fra-1 sshd[28187]: Disconnected from invalid user user 141.255.162.226 port 38070 [preauth]","@timestamp":"2022-09-10T02:14:42.960Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T02:18:33.053Z","@version":"1","message":"Sep 10 02:18:32 honeypot-sgp-1 kernel: [83652427.979380] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55236 PROTO=TCP SPT=55902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:19:37 honeypot-ams-1 sshd[5642]: Received disconnect from 61.177.173.52 port 39503:11:  [preauth]","@timestamp":"2022-09-10T02:19:37.866Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:21:50 honeypot-ams-1 kernel: [83653097.073708] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=223.94.32.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=3547 PROTO=TCP SPT=20125 DPT=443 WINDOW=58446 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:21:50.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:23:40 honeypot-fra-1 sshd[28194]: Disconnected from invalid user kala 151.84.64.165 port 38028 [preauth]","@timestamp":"2022-09-10T02:23:40.165Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:24:35 honeypot-ams-1 kernel: [83653262.277363] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=58823 DF PROTO=TCP SPT=35117 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:24:36.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:26:22 honeypot-fra-1 sshd[28201]: Invalid user test from 34.92.211.177 port 37970","@timestamp":"2022-09-10T02:26:23.227Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:26:29 honeypot-ams-1 sshd[5653]: Invalid user patrick from 51.250.85.165 port 53618","@timestamp":"2022-09-10T02:26:30.060Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:31:38 honeypot-fra-1 kernel: [83651533.785878] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=54647 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:31:39.345Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:33:31 honeypot-ams-1 sshd[5658]: Received disconnect from 61.177.173.35 port 55093:11:  [preauth]","@timestamp":"2022-09-10T02:33:31.239Z"}
{"@timestamp":"2022-09-10T02:34:06.457Z","@version":"1","message":"Sep 10 02:34:06 honeypot-sgp-1 kernel: [83653361.205730] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=93 TOS=0x00 PREC=0x00 TTL=238 ID=35361 PROTO=TCP SPT=23007 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:37:21 honeypot-ams-1 sshd[5664]: Received disconnect from 45.61.186.49 port 48206:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:37:22.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:37:33 honeypot-ams-1 sshd[5668]: Received disconnect from 45.61.186.49 port 59512:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:37:34.347Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:38:25 honeypot-ams-1 kernel: [83654091.679751] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.8.249.215 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=38274 PROTO=TCP SPT=22124 DPT=443 WINDOW=3647 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:38:25.369Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:45:41 honeypot-fra-1 kernel: [83652376.304519] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=41676 PROTO=TCP SPT=27243 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:45:41.659Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:50:34 honeypot-ams-1 kernel: [83654821.431549] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.221.192.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32583 PROTO=TCP SPT=18806 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:50:35.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:57:02 honeypot-ams-1 sshd[5685]: Received disconnect from 172.87.22.100 port 43938:11: Bye Bye [preauth]","@timestamp":"2022-09-10T02:57:02.876Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:58:47 honeypot-fra-1 kernel: [83653162.536407] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.193 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=41263 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:58:47.953Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:58:50 honeypot-ams-1 sshd[5690]: Disconnected from authenticating user root 92.255.85.70 port 18098 [preauth]","@timestamp":"2022-09-10T02:58:50.926Z"}
{"@timestamp":"2022-09-10T02:59:15.057Z","@version":"1","message":"Sep 10 02:59:14 honeypot-sgp-1 kernel: [83654869.620344] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=45563 PROTO=TCP SPT=58971 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:59:24 honeypot-ams-1 sshd[5694]: Disconnected from invalid user user 45.61.187.160 port 55646 [preauth]","@timestamp":"2022-09-10T02:59:24.942Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:59:43 honeypot-ams-1 sshd[5698]: Disconnected from invalid user user 45.61.187.160 port 49804 [preauth]","@timestamp":"2022-09-10T02:59:43.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:00:01 honeypot-ams-1 sshd[5702]: Received disconnect from 45.61.187.160 port 43956:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T03:00:02.965Z"}
{"@timestamp":"2022-09-10T03:01:51.119Z","@version":"1","message":"Sep 10 03:01:50 honeypot-sgp-1 sshd[1711]: Disconnected from invalid user masuda 103.228.204.79 port 36194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:03:29 honeypot-ams-1 sshd[5709]: Received disconnect from 61.177.173.36 port 35238:11:  [preauth]","@timestamp":"2022-09-10T03:03:30.059Z"}
{"@timestamp":"2022-09-10T03:07:24.248Z","@version":"1","message":"Sep 10 03:07:23 honeypot-sgp-1 sshd[1718]: Invalid user hiroki from 157.245.148.189 port 56770","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:08:07 honeypot-ams-1 sshd[5711]: Received disconnect from 61.177.173.51 port 39104:11:  [preauth]","@timestamp":"2022-09-10T03:08:08.188Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:09:59 honeypot-fra-1 kernel: [83653834.702123] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=38.132.109.180 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=50825 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:10:00.201Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T03:13:52.405Z","@version":"1","message":"Sep 10 03:13:52 honeypot-sgp-1 kernel: [83655747.250914] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.17.105.85 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=50405 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:14:50 honeypot-ams-1 sshd[5717]: Received disconnect from 61.177.173.36 port 13562:11:  [preauth]","@timestamp":"2022-09-10T03:14:51.365Z"}
{"@timestamp":"2022-09-10T03:16:44.479Z","@version":"1","message":"Sep 10 03:16:43 honeypot-sgp-1 sshd[1725]: Received disconnect from 92.255.85.70 port 42450:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:18:14 honeypot-ams-1 kernel: [83656481.187083] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.176.48 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64740 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:18:15.454Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:19:01 honeypot-fra-1 sshd[28228]: Received disconnect from 92.255.85.70 port 62510:11: Bye Bye [preauth]","@timestamp":"2022-09-10T03:19:02.402Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:23:15 honeypot-ams-1 sshd[5732]: Disconnected from authenticating user root 61.177.172.108 port 51931 [preauth]","@timestamp":"2022-09-10T03:23:15.597Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:24:01 honeypot-fra-1 sshd[28235]: Received disconnect from 116.88.190.93 port 54344:11: Bye Bye [preauth]","@timestamp":"2022-09-10T03:24:01.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:31:29 honeypot-fra-1 sshd[28675]: Invalid user user from 45.61.186.49 port 41244","@timestamp":"2022-09-10T03:31:29.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:31:41 honeypot-fra-1 sshd[28679]: Invalid user user from 45.61.186.49 port 52712","@timestamp":"2022-09-10T03:31:41.688Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T03:33:51.887Z","@version":"1","message":"Sep 10 03:33:51 honeypot-sgp-1 sshd[2164]: Invalid user nicole from 89.40.72.166 port 53028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:33:56 honeypot-ams-1 kernel: [83657422.979291] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.88 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36602 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:33:56.871Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:34:32 honeypot-fra-1 kernel: [83655307.660667] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41642 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:34:33.753Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:37:18 honeypot-ams-1 sshd[5745]: Disconnected from authenticating user root 61.177.173.36 port 17933 [preauth]","@timestamp":"2022-09-10T03:37:18.961Z"}
{"@timestamp":"2022-09-10T03:39:04.016Z","@version":"1","message":"Sep 10 03:39:03 honeypot-sgp-1 kernel: [83657258.937226] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=145 PROTO=TCP SPT=44702 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:41:47 honeypot-fra-1 sshd[28686]: Disconnected from authenticating user root 189.112.0.11 port 46662 [preauth]","@timestamp":"2022-09-10T03:41:47.915Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:45:31 honeypot-ams-1 kernel: [83658117.735738] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.92 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51100 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-10T03:45:31.172Z"}
{"@timestamp":"2022-09-10T03:45:57.180Z","@version":"1","message":"Sep 10 03:45:57 honeypot-sgp-1 sshd[2170]: Connection closed by invalid user x 103.188.176.251 port 46426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:47:37 honeypot-fra-1 kernel: [83656091.945940] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.209.164 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=27715 PROTO=TCP SPT=13832 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:47:38.048Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:49:11 honeypot-ams-1 sshd[5752]: Received disconnect from 27.1.253.142 port 49240:11: Bye Bye [preauth]","@timestamp":"2022-09-10T03:49:12.271Z"}
{"@timestamp":"2022-09-10T03:49:56.278Z","@version":"1","message":"Sep 10 03:49:56 honeypot-sgp-1 sshd[2175]: Received disconnect from 45.61.184.204 port 47338:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:16.288Z","@version":"1","message":"Sep 10 03:50:15 honeypot-sgp-1 sshd[2179]: Received disconnect from 45.61.184.204 port 41812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:33.297Z","@version":"1","message":"Sep 10 03:50:32 honeypot-sgp-1 sshd[2183]: Received disconnect from 45.61.184.204 port 36306:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:49.305Z","@version":"1","message":"Sep 10 03:50:48 honeypot-sgp-1 sshd[2187]: Received disconnect from 45.61.184.204 port 59010:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:51:08 honeypot-ams-1 sshd[5757]: Disconnected from invalid user wallimo_phpbb1 161.35.100.253 port 46660 [preauth]","@timestamp":"2022-09-10T03:51:08.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:51:46 honeypot-fra-1 kernel: [83656341.176446] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=23253 PROTO=TCP SPT=5577 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:51:47.145Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:00:08 honeypot-ams-1 sshd[5767]: Received disconnect from 184.168.123.187 port 47886:11: Bye Bye [preauth]","@timestamp":"2022-09-10T04:00:08.554Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:10 honeypot-fra-1 sshd[28710]: Invalid user wp from 101.34.221.23 port 42566","@timestamp":"2022-09-10T04:00:11.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:12 honeypot-fra-1 sshd[28711]: Invalid user svn from 101.34.221.23 port 42574","@timestamp":"2022-09-10T04:00:13.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:19 honeypot-fra-1 sshd[28746]: Connection closed by authenticating user root 101.34.221.23 port 42616 [preauth]","@timestamp":"2022-09-10T04:00:19.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:31 honeypot-fra-1 sshd[28721]: Connection closed by invalid user jboss 101.34.221.23 port 42586 [preauth]","@timestamp":"2022-09-10T04:00:32.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:03:12 honeypot-ams-1 sshd[5771]: Connection closed by invalid user admin 193.106.191.157 port 51116 [preauth]","@timestamp":"2022-09-10T04:03:12.634Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:04:15 honeypot-fra-1 sshd[28750]: Disconnected from invalid user bird 68.183.156.109 port 36468 [preauth]","@timestamp":"2022-09-10T04:04:16.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:19 honeypot-fra-1 sshd[28756]: Received disconnect from 198.98.61.9 port 54852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:05:20.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:36 honeypot-fra-1 sshd[28760]: Received disconnect from 198.98.61.9 port 49744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:05:36.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:49 honeypot-fra-1 sshd[28764]: Disconnected from authenticating user root 92.255.85.70 port 60402 [preauth]","@timestamp":"2022-09-10T04:05:49.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:58 honeypot-fra-1 sshd[28768]: Disconnected from invalid user user 198.98.61.9 port 56208 [preauth]","@timestamp":"2022-09-10T04:05:59.471Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:08:12 honeypot-ams-1 sshd[6213]: Received disconnect from 92.255.85.69 port 19840:11: Bye Bye [preauth]","@timestamp":"2022-09-10T04:08:12.765Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:12:58 honeypot-fra-1 sshd[28775]: Invalid user ftp from 104.128.89.207 port 48288","@timestamp":"2022-09-10T04:12:58.629Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:14:04.858Z","@version":"1","message":"Sep 10 04:14:04 honeypot-sgp-1 kernel: [83659359.479975] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=91.240.118.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56179 PROTO=TCP SPT=42626 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:17:01 honeypot-ams-1 CRON[6221]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T04:17:01.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:20:21 honeypot-fra-1 sshd[28781]: Received disconnect from 51.140.185.84 port 48396:11: Bye Bye [preauth]","@timestamp":"2022-09-10T04:20:21.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:22:08 honeypot-fra-1 sshd[28787]: Received disconnect from 143.244.158.100 port 45514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:22:08.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:23:34.090Z","@version":"1","message":"Sep 10 04:23:33 honeypot-sgp-1 kernel: [83659928.087753] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.96 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=44672 PROTO=TCP SPT=41078 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:24:36 honeypot-fra-1 sshd[28793]: Received disconnect from 143.244.158.100 port 36578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:24:37.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:26:57 honeypot-fra-1 sshd[28800]: Received disconnect from 143.244.158.100 port 57948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:26:57.947Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:29:03 honeypot-fra-1 sshd[28806]: Received disconnect from 92.255.85.70 port 19414:11: Bye Bye [preauth]","@timestamp":"2022-09-10T04:29:03.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:30:57 honeypot-fra-1 sshd[28813]: Received disconnect from 143.244.158.100 port 41554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:30:57.043Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:31:21 honeypot-ams-1 kernel: [83660867.984647] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=65193 DF PROTO=TCP SPT=34184 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:31:22.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:32:32 honeypot-fra-1 sshd[28817]: Disconnected from authenticating user root 143.244.158.100 port 44456 [preauth]","@timestamp":"2022-09-10T04:32:33.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:35:00 honeypot-fra-1 sshd[28823]: Disconnected from authenticating user root 143.244.158.100 port 33172 [preauth]","@timestamp":"2022-09-10T04:35:01.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28843]: Invalid user ubuntu from 161.35.100.253 port 40076","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28848]: Invalid user grid from 161.35.100.253 port 40104","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28855]: Invalid user admin from 161.35.100.253 port 40134","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28829]: Invalid user oracle from 161.35.100.253 port 40070","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28845]: Connection closed by invalid user steam 161.35.100.253 port 40112 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28848]: Connection closed by invalid user grid 161.35.100.253 port 40104 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28855]: Connection closed by invalid user admin 161.35.100.253 port 40134 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28829]: Connection closed by invalid user oracle 161.35.100.253 port 40070 [preauth]","@timestamp":"2022-09-10T04:36:07.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28847]: Connection closed by authenticating user root 161.35.100.253 port 40114 [preauth]","@timestamp":"2022-09-10T04:36:07.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:37:35 honeypot-fra-1 sshd[28891]: Disconnected from authenticating user root 143.244.158.100 port 37324 [preauth]","@timestamp":"2022-09-10T04:37:35.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:38:35.456Z","@version":"1","message":"Sep 10 04:38:35 honeypot-sgp-1 sshd[2205]: Received disconnect from 134.122.30.242 port 34830:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:39:19 honeypot-fra-1 sshd[28897]: Received disconnect from 143.244.158.100 port 53978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:39:19.394Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:39:30 honeypot-ams-1 sshd[6237]: Protocol major versions differ for 27.124.32.142 port 44720: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Server","@timestamp":"2022-09-10T04:39:30.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:41:43 honeypot-fra-1 sshd[28904]: Received disconnect from 143.244.158.100 port 54792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:41:43.448Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:43:19 honeypot-fra-1 sshd[28908]: Received disconnect from 143.244.158.100 port 45072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:43:19.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:44:06 honeypot-fra-1 sshd[28912]: Disconnected from authenticating user root 143.244.158.100 port 58588 [preauth]","@timestamp":"2022-09-10T04:44:06.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:46:29 honeypot-fra-1 sshd[28918]: Received disconnect from 143.244.158.100 port 40632:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:46:30.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:48:09 honeypot-fra-1 sshd[28924]: Disconnected from authenticating user root 143.244.158.100 port 40636 [preauth]","@timestamp":"2022-09-10T04:48:10.608Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:49:43.720Z","@version":"1","message":"Sep 10 04:49:43 honeypot-sgp-1 sshd[2209]: Disconnected from invalid user oracle 92.255.85.70 port 25068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:50:39 honeypot-fra-1 sshd[28930]: Received disconnect from 143.244.158.100 port 54376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:50:40.665Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:51:38.769Z","@version":"1","message":"Sep 10 04:51:37 honeypot-sgp-1 sshd[2214]: Disconnected from invalid user user 141.255.162.226 port 46426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T04:51:42.771Z","@version":"1","message":"Sep 10 04:51:42 honeypot-sgp-1 sshd[2218]: Disconnected from invalid user user 141.255.162.226 port 35134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T04:51:52.776Z","@version":"1","message":"Sep 10 04:51:51 honeypot-sgp-1 kernel: [83661626.702113] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.182.234.16 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=12726 PROTO=TCP SPT=29840 DPT=80 WINDOW=1641 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:52:37 honeypot-fra-1 sshd[28937]: Invalid user oracle from 92.255.85.69 port 39592","@timestamp":"2022-09-10T04:52:37.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:54:01 honeypot-fra-1 sshd[28942]: Received disconnect from 143.244.158.100 port 52122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:54:01.743Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:55:25 honeypot-ams-1 sshd[6242]: Invalid user oracle from 92.255.85.70 port 33378","@timestamp":"2022-09-10T04:55:25.977Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:55:38 honeypot-fra-1 sshd[28948]: Received disconnect from 143.244.158.100 port 41260:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:55:38.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:56:28 honeypot-fra-1 sshd[28952]: Disconnected from authenticating user root 143.244.158.100 port 52610 [preauth]","@timestamp":"2022-09-10T04:56:28.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:58:23 honeypot-fra-1 kernel: [83660338.036274] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=86 TOS=0x00 PREC=0x00 TTL=250 ID=6135 PROTO=TCP SPT=22293 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:58:23.848Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T04:59:16.950Z","@version":"1","message":"Sep 10 04:59:16 honeypot-sgp-1 kernel: [83662070.964945] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.33 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=54401 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:00:07 honeypot-fra-1 sshd[28963]: Received disconnect from 143.244.158.100 port 59932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:00:07.888Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:01:50 honeypot-fra-1 kernel: [83660545.091088] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.142.201 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4388 DF PROTO=TCP SPT=52402 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:01:50.930Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:04:28 honeypot-fra-1 sshd[28974]: Disconnected from authenticating user root 143.244.158.100 port 33502 [preauth]","@timestamp":"2022-09-10T05:04:28.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:07:07 honeypot-ams-1 sshd[6249]: Received disconnect from 157.245.140.49 port 43980:11: Bye Bye [preauth]","@timestamp":"2022-09-10T05:07:07.275Z"}
{"@timestamp":"2022-09-10T05:07:29.147Z","@version":"1","message":"Sep 10 05:07:28 honeypot-sgp-1 sshd[2230]: Received disconnect from 71.67.66.226 port 36722:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:07:54 honeypot-fra-1 sshd[28980]: Connection closed by invalid user admin 193.106.191.157 port 38194 [preauth]","@timestamp":"2022-09-10T05:07:55.069Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:10:02.211Z","@version":"1","message":"Sep 10 05:10:01 honeypot-sgp-1 kernel: [83662716.827411] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20454 PROTO=TCP SPT=42579 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:10:59 honeypot-ams-1 sshd[6254]: Received disconnect from 187.173.235.183 port 50052:11: Bye Bye [preauth]","@timestamp":"2022-09-10T05:10:59.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:15:57 honeypot-fra-1 sshd[28988]: Invalid user oracle from 92.255.85.69 port 44790","@timestamp":"2022-09-10T05:15:58.248Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:17:01.377Z","@version":"1","message":"Sep 10 05:17:01 honeypot-sgp-1 CRON[2237]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:18:32 honeypot-ams-1 sshd[6260]: Invalid user oracle from 92.255.85.69 port 60378","@timestamp":"2022-09-10T05:18:33.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:18:34 honeypot-fra-1 sshd[28993]: Connection closed by invalid user guest 141.98.10.158 port 44944 [preauth]","@timestamp":"2022-09-10T05:18:35.307Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:28:01 honeypot-fra-1 sshd[29003]: Received disconnect from 178.128.144.227 port 43978:11: Bye Bye [preauth]","@timestamp":"2022-09-10T05:28:01.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:29:25 honeypot-fra-1 sshd[29009]: Invalid user vic from 209.73.215.135 port 38410","@timestamp":"2022-09-10T05:29:25.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:31:33 honeypot-ams-1 sshd[6265]: Invalid user user from 45.61.186.49 port 59644","@timestamp":"2022-09-10T05:31:33.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:31:42 honeypot-ams-1 sshd[6269]: Invalid user user from 45.61.186.49 port 43096","@timestamp":"2022-09-10T05:31:42.924Z"}
{"@timestamp":"2022-09-10T05:33:30.768Z","@version":"1","message":"Sep 10 05:33:29 honeypot-sgp-1 sshd[2244]: Received disconnect from 45.61.187.160 port 53758:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:33:49.777Z","@version":"1","message":"Sep 10 05:33:49 honeypot-sgp-1 sshd[2248]: Received disconnect from 45.61.187.160 port 48892:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:34:07.786Z","@version":"1","message":"Sep 10 05:34:07 honeypot-sgp-1 sshd[2252]: Received disconnect from 45.61.187.160 port 44020:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:34:25.794Z","@version":"1","message":"Sep 10 05:34:25 honeypot-sgp-1 sshd[2256]: Received disconnect from 45.61.187.160 port 39154:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:36:01 honeypot-fra-1 sshd[29015]: Disconnected from authenticating user root 64.225.43.245 port 40028 [preauth]","@timestamp":"2022-09-10T05:36:01.694Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 05:37:01 honeypot-ams-1 kernel: [83664808.077915] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11474 PROTO=TCP SPT=48121 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:37:02.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:38:18 honeypot-fra-1 sshd[29021]: Disconnected from authenticating user root 64.225.43.245 port 52392 [preauth]","@timestamp":"2022-09-10T05:38:18.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:40:16 honeypot-fra-1 sshd[29027]: Invalid user usuario from 92.255.85.69 port 20178","@timestamp":"2022-09-10T05:40:16.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:41:25 honeypot-fra-1 sshd[29033]: Disconnected from authenticating user root 64.225.43.245 port 50048 [preauth]","@timestamp":"2022-09-10T05:41:25.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:42:10 honeypot-fra-1 sshd[29037]: Received disconnect from 64.225.43.245 port 35348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:42:11.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:43:42 honeypot-fra-1 sshd[29042]: Disconnected from authenticating user root 64.225.43.245 port 34174 [preauth]","@timestamp":"2022-09-10T05:43:42.876Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:44:37.057Z","@version":"1","message":"Sep 10 05:44:36 honeypot-sgp-1 sshd[2262]: Received disconnect from 206.189.197.134 port 48550:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:45:16 honeypot-fra-1 sshd[29046]: Disconnected from authenticating user root 64.225.43.245 port 33002 [preauth]","@timestamp":"2022-09-10T05:45:16.914Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 05:45:19 honeypot-ams-1 kernel: [83665305.910924] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=13381 PROTO=TCP SPT=5270 DPT=80 WINDOW=9836 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:45:20.275Z"}
{"@timestamp":"2022-09-10T05:46:15.099Z","@version":"1","message":"Sep 10 05:46:14 honeypot-sgp-1 kernel: [83664889.077679] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.201.9.96 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30695 PROTO=TCP SPT=58298 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:47:37 honeypot-fra-1 sshd[29053]: Disconnected from authenticating user root 64.225.43.245 port 45364 [preauth]","@timestamp":"2022-09-10T05:47:37.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:50:01 honeypot-fra-1 sshd[29059]: Disconnected from authenticating user root 64.225.43.245 port 57724 [preauth]","@timestamp":"2022-09-10T05:50:02.024Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:52:24 honeypot-fra-1 sshd[29066]: Disconnected from authenticating user root 64.225.43.245 port 41852 [preauth]","@timestamp":"2022-09-10T05:52:25.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:54:44 honeypot-fra-1 sshd[29072]: Disconnected from authenticating user root 64.225.43.245 port 54212 [preauth]","@timestamp":"2022-09-10T05:54:45.130Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:57:03 honeypot-fra-1 sshd[29078]: Disconnected from authenticating user root 64.225.43.245 port 38334 [preauth]","@timestamp":"2022-09-10T05:57:04.182Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:57:45 honeypot-ams-1 sshd[6281]: Disconnecting invalid user admin 122.23.90.2 port 63968: Too many authentication failures [preauth]","@timestamp":"2022-09-10T05:57:45.592Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:58:39 honeypot-fra-1 sshd[29085]: Disconnected from authenticating user root 64.225.43.245 port 37162 [preauth]","@timestamp":"2022-09-10T05:58:40.219Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:00:34.464Z","@version":"1","message":"Sep 10 06:00:33 honeypot-sgp-1 sshd[2270]: Received disconnect from 118.98.121.241 port 58556:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:01:06 honeypot-fra-1 sshd[29091]: Disconnected from authenticating user root 64.225.43.245 port 49526 [preauth]","@timestamp":"2022-09-10T06:01:07.275Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:01:36.512Z","@version":"1","message":"Sep 10 06:01:36 honeypot-sgp-1 sshd[2276]: Invalid user support from 187.207.140.212 port 60091","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:02:32.536Z","@version":"1","message":"Sep 10 06:02:32 honeypot-sgp-1 sshd[2281]: Received disconnect from 128.199.162.67 port 38290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:02:55 honeypot-fra-1 sshd[29098]: Disconnected from authenticating user root 213.136.72.226 port 41430 [preauth]","@timestamp":"2022-09-10T06:02:56.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:03:32 honeypot-fra-1 sshd[29102]: Disconnected from authenticating user root 64.225.43.245 port 33726 [preauth]","@timestamp":"2022-09-10T06:03:33.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:05:59 honeypot-fra-1 sshd[29108]: Received disconnect from 64.225.43.245 port 46086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:06:00.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:08:16 honeypot-ams-1 sshd[6286]: Disconnected from authenticating user root 213.136.72.226 port 46438 [preauth]","@timestamp":"2022-09-10T06:08:16.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:08:23 honeypot-fra-1 sshd[29115]: Received disconnect from 64.225.43.245 port 58460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:08:23.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:10:00 honeypot-fra-1 sshd[29119]: Disconnected from authenticating user root 64.225.43.245 port 57280 [preauth]","@timestamp":"2022-09-10T06:10:00.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:12:29 honeypot-fra-1 sshd[29125]: Received disconnect from 64.225.43.245 port 41408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:12:30.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:13:35 honeypot-fra-1 sshd[29131]: Disconnected from invalid user ka 165.22.45.108 port 50036 [preauth]","@timestamp":"2022-09-10T06:13:35.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:14:59 honeypot-fra-1 sshd[29137]: Received disconnect from 64.225.43.245 port 53776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:14:59.618Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:15:11.870Z","@version":"1","message":"Sep 10 06:15:11 honeypot-sgp-1 sshd[2289]: Received disconnect from 102.65.103.130 port 32832:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:16:37 honeypot-fra-1 sshd[29142]: Disconnected from authenticating user root 64.225.43.245 port 52604 [preauth]","@timestamp":"2022-09-10T06:16:37.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:17:01.917Z","@version":"1","message":"Sep 10 06:17:01 honeypot-sgp-1 CRON[2293]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:18:17 honeypot-fra-1 sshd[29149]: Disconnected from authenticating user root 64.225.43.245 port 51436 [preauth]","@timestamp":"2022-09-10T06:18:17.694Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:20:12 honeypot-ams-1 sshd[6293]: Disconnected from authenticating user root 128.199.167.161 port 35560 [preauth]","@timestamp":"2022-09-10T06:20:12.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:20:45 honeypot-fra-1 sshd[29156]: Disconnected from authenticating user root 64.225.43.245 port 35598 [preauth]","@timestamp":"2022-09-10T06:20:45.751Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:21:30.029Z","@version":"1","message":"Sep 10 06:21:29 honeypot-sgp-1 kernel: [83667004.484062] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.240 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48356 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:23:15 honeypot-fra-1 sshd[29163]: Disconnected from authenticating user root 64.225.43.245 port 47958 [preauth]","@timestamp":"2022-09-10T06:23:15.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:04 honeypot-fra-1 sshd[29168]: Invalid user user from 45.61.186.249 port 50972","@timestamp":"2022-09-10T06:24:04.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:14 honeypot-fra-1 sshd[29173]: Received disconnect from 45.61.186.249 port 34348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:24:14.836Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:30 honeypot-fra-1 sshd[29177]: Received disconnect from 142.93.58.181 port 43566:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:24:30.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:43 honeypot-fra-1 sshd[29181]: Received disconnect from 45.61.186.249 port 40942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:24:44.851Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:58 honeypot-fra-1 sshd[29185]: Disconnected from authenticating user root 64.225.43.245 port 46788 [preauth]","@timestamp":"2022-09-10T06:24:58.858Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:24:59 honeypot-ams-1 sshd[6389]: Disconnected from authenticating user root 119.77.166.51 port 45678 [preauth]","@timestamp":"2022-09-10T06:25:00.288Z"}
{"@timestamp":"2022-09-10T06:25:04.119Z","@version":"1","message":"Sep 10 06:25:03 honeypot-sgp-1 CRON[2400]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:25:51 honeypot-fra-1 sshd[29322]: Received disconnect from 64.225.43.245 port 60312:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:25:51.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:27:09 honeypot-fra-1 sshd[29326]: Disconnected from invalid user ftpuser 92.255.85.69 port 54450 [preauth]","@timestamp":"2022-09-10T06:27:09.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:29:13 honeypot-fra-1 sshd[29332]: Disconnected from authenticating user root 64.225.43.245 port 57970 [preauth]","@timestamp":"2022-09-10T06:29:13.977Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:29:59 honeypot-ams-1 sshd[6560]: Received disconnect from 92.255.85.70 port 36952:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:30:00.419Z"}
{"@timestamp":"2022-09-10T06:30:51.288Z","@version":"1","message":"Sep 10 06:30:51 honeypot-sgp-1 sshd[2552]: Received disconnect from 213.136.72.226 port 32912:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:33:26 honeypot-fra-1 kernel: [83666040.404721] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.142.201 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=64753 DF PROTO=TCP SPT=44582 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:33:27.072Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:38:41 honeypot-ams-1 sshd[6564]: Disconnected from authenticating user root 193.142.146.50 port 50558 [preauth]","@timestamp":"2022-09-10T06:38:41.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:39:58 honeypot-ams-1 sshd[6570]: Disconnected from authenticating user root 193.142.146.50 port 53582 [preauth]","@timestamp":"2022-09-10T06:39:58.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:40:49 honeypot-ams-1 sshd[6576]: Disconnected from authenticating user root 193.142.146.50 port 41736 [preauth]","@timestamp":"2022-09-10T06:40:50.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:41:55 honeypot-fra-1 kernel: [83666549.276534] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34243 PROTO=TCP SPT=50055 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:41:55.263Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:42:10 honeypot-ams-1 sshd[6582]: Received disconnect from 89.40.53.35 port 37470:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:42:10.751Z"}
{"@timestamp":"2022-09-10T06:46:00.651Z","@version":"1","message":"Sep 10 06:46:00 honeypot-sgp-1 sshd[2557]: Invalid user snelson from 142.93.145.85 port 44084","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:47:05.681Z","@version":"1","message":"Sep 10 06:47:04 honeypot-sgp-1 sshd[2561]: Invalid user netadmin from 165.227.236.118 port 46712","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:47:06 honeypot-fra-1 sshd[29344]: Received disconnect from 128.199.1.140 port 40940:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:47:06.379Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:47:53.702Z","@version":"1","message":"Sep 10 06:47:52 honeypot-sgp-1 sshd[2581]: Invalid user ftpuser from 92.255.85.70 port 47112","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:01 honeypot-ams-1 sshd[6586]: Disconnected from invalid user user 45.61.187.160 port 55960 [preauth]","@timestamp":"2022-09-10T06:49:02.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:20 honeypot-ams-1 sshd[6590]: Disconnected from invalid user user 45.61.187.160 port 51148 [preauth]","@timestamp":"2022-09-10T06:49:20.937Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:37 honeypot-ams-1 sshd[6594]: Disconnected from invalid user user 45.61.187.160 port 46304 [preauth]","@timestamp":"2022-09-10T06:49:37.946Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:53 honeypot-ams-1 sshd[6598]: Disconnected from invalid user user 45.61.187.160 port 41484 [preauth]","@timestamp":"2022-09-10T06:49:53.954Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:50:08 honeypot-fra-1 kernel: [83667042.531443] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.105 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43350 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:50:08.449Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T06:50:11.758Z","@version":"1","message":"Sep 10 06:50:11 honeypot-sgp-1 sshd[2586]: Invalid user test from 103.150.136.70 port 53910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:50:30.768Z","@version":"1","message":"Sep 10 06:50:29 honeypot-sgp-1 kernel: [83668744.589661] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=44553 PROTO=TCP SPT=52347 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:51:12.787Z","@version":"1","message":"Sep 10 06:51:12 honeypot-sgp-1 sshd[2592]: Disconnected from invalid user images 46.101.5.100 port 59296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:53:08 honeypot-ams-1 sshd[6603]: Received disconnect from 92.255.85.69 port 44256:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:53:09.040Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:54:37 honeypot-fra-1 kernel: [83667311.776168] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.59.7.139 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=5184 DF PROTO=TCP SPT=36488 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:54:38.549Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T06:55:28.889Z","@version":"1","message":"Sep 10 06:55:27 honeypot-sgp-1 kernel: [83669042.735167] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.101.161.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=31459 DF PROTO=TCP SPT=42271 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:59:31.988Z","@version":"1","message":"Sep 10 06:59:31 honeypot-sgp-1 kernel: [83669285.826744] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54425 PROTO=TCP SPT=50055 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:06:38 honeypot-ams-1 kernel: [83670185.245670] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.251.102.76 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=33116 PROTO=TCP SPT=28189 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:06:39.381Z"}
{"@timestamp":"2022-09-10T07:08:20.211Z","@version":"1","message":"Sep 10 07:08:20 honeypot-sgp-1 kernel: [83669814.818849] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.18.41 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29799 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:12:49 honeypot-fra-1 kernel: [83668403.704726] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.34 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58054 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:12:49.947Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:16:47 honeypot-ams-1 sshd[6610]: Received disconnect from 92.255.85.69 port 21424:11: Bye Bye [preauth]","@timestamp":"2022-09-10T07:16:47.634Z"}
{"@timestamp":"2022-09-10T07:17:02.428Z","@version":"1","message":"Sep 10 07:17:01 honeypot-sgp-1 CRON[2609]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:17:23 honeypot-fra-1 kernel: [83668677.657440] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.196.147 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49094 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:17:24.065Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:20:01 honeypot-fra-1 sshd[29471]: Invalid user sm0k3y from 112.133.228.250 port 41978","@timestamp":"2022-09-10T07:20:01.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:22:47 honeypot-fra-1 kernel: [83669001.557233] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.142.47.218 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=32108 DF PROTO=TCP SPT=43464 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:22:48.190Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:28:49 honeypot-ams-1 kernel: [83671515.637957] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.113.152.46 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=35425 PROTO=TCP SPT=44223 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:28:49.962Z"}
{"@timestamp":"2022-09-10T07:28:55.721Z","@version":"1","message":"Sep 10 07:28:55 honeypot-sgp-1 sshd[2616]: Received disconnect from 167.172.141.86 port 60192:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T07:35:24.888Z","@version":"1","message":"Sep 10 07:35:24 honeypot-sgp-1 sshd[2622]: Invalid user admin from 220.90.156.4 port 40079","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:39:22 honeypot-fra-1 sshd[29479]: Connection closed by invalid user test 193.106.191.157 port 50514 [preauth]","@timestamp":"2022-09-10T07:39:22.553Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:42:19 honeypot-ams-1 kernel: [83672326.454939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=3921 PROTO=TCP SPT=28628 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:42:20.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:26 honeypot-fra-1 sshd[29483]: Connection closed by authenticating user root 147.182.210.165 port 34038 [preauth]","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29495]: Invalid user es from 147.182.210.165 port 34084","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29509]: Invalid user elasticsearch from 147.182.210.165 port 34094","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29490]: Invalid user user from 147.182.210.165 port 34066","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29495]: Connection closed by invalid user es 147.182.210.165 port 34084 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29505]: Connection closed by invalid user ubuntu 147.182.210.165 port 34062 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29487]: Connection closed by invalid user testuser 147.182.210.165 port 34042 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29508]: Connection closed by invalid user zabbix 147.182.210.165 port 34112 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:44:47 honeypot-fra-1 kernel: [83670321.169483] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.209.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50230 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:44:47.676Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:45:00 honeypot-ams-1 kernel: [83672486.919161] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.214 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=43414 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:45:01.380Z"}
{"@timestamp":"2022-09-10T07:48:51.218Z","@version":"1","message":"Sep 10 07:48:50 honeypot-sgp-1 kernel: [83672245.136059] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=194.147.58.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20431 PROTO=TCP SPT=55855 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:40 honeypot-ams-1 sshd[6625]: Disconnected from invalid user ubnt 20.118.188.175 port 57626 [preauth]","@timestamp":"2022-09-10T07:53:40.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:51 honeypot-ams-1 sshd[6631]: Invalid user pi from 20.118.188.175 port 58034","@timestamp":"2022-09-10T07:53:51.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:59 honeypot-ams-1 sshd[6635]: Invalid user ubuntu from 20.118.188.175 port 58217","@timestamp":"2022-09-10T07:53:59.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:55:32 honeypot-ams-1 sshd[6639]: Invalid user test from 20.118.188.175 port 61419","@timestamp":"2022-09-10T07:55:32.650Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:55:37 honeypot-ams-1 sshd[6643]: Invalid user ftp from 20.118.188.175 port 61692","@timestamp":"2022-09-10T07:55:38.653Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:56:07 honeypot-fra-1 kernel: [83671001.751825] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.147.58.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=24702 PROTO=TCP SPT=56477 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:56:07.926Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:03:46 honeypot-fra-1 kernel: [83671460.124122] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39770 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:03:46.099Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T08:04:38.613Z","@version":"1","message":"Sep 10 08:04:38 honeypot-sgp-1 kernel: [83673193.233610] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=3.129.64.50 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=44378 PROTO=TCP SPT=57064 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:04:53 honeypot-ams-1 sshd[6648]: Received disconnect from 143.244.158.100 port 55324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:04:53.892Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:07:19 honeypot-ams-1 sshd[6655]: Received disconnect from 143.244.158.100 port 37324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:07:19.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:08:51 honeypot-ams-1 sshd[6659]: Disconnected from authenticating user root 143.244.158.100 port 45810 [preauth]","@timestamp":"2022-09-10T08:08:51.999Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:11:12 honeypot-ams-1 sshd[6665]: Received disconnect from 143.244.158.100 port 58122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:11:13.065Z"}
{"@timestamp":"2022-09-10T08:11:13.777Z","@version":"1","message":"Sep 10 08:11:13 honeypot-sgp-1 kernel: [83673587.762686] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.207.204.151 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=6576 DF PROTO=TCP SPT=55866 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:11:53 honeypot-fra-1 sshd[29569]: Disconnected from authenticating user root 168.232.123.171 port 52378 [preauth]","@timestamp":"2022-09-10T08:11:54.281Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:13:34 honeypot-ams-1 sshd[6672]: Received disconnect from 143.244.158.100 port 56098:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:13:35.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:14:10 honeypot-fra-1 sshd[29573]: Disconnected from invalid user noel 114.246.10.197 port 43854 [preauth]","@timestamp":"2022-09-10T08:14:11.336Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:15:58 honeypot-ams-1 sshd[6678]: Received disconnect from 143.244.158.100 port 59630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:15:58.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:17:01 honeypot-fra-1 CRON[29578]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T08:17:01.400Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T08:17:01.917Z","@version":"1","message":"Sep 10 08:17:01 honeypot-sgp-1 CRON[2637]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:17:35 honeypot-ams-1 sshd[6685]: Received disconnect from 143.244.158.100 port 55258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:17:36.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:20:01 honeypot-ams-1 sshd[6692]: Received disconnect from 143.244.158.100 port 52350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:20:02.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:20:54 honeypot-ams-1 sshd[6696]: Disconnected from invalid user jacuna 190.119.187.173 port 59497 [preauth]","@timestamp":"2022-09-10T08:20:54.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:23:14 honeypot-ams-1 sshd[6702]: Received disconnect from 143.244.158.100 port 34812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:23:14.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:24:04 honeypot-fra-1 sshd[29584]: Received disconnect from 92.255.85.69 port 46070:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:24:04.563Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:24:05 honeypot-ams-1 sshd[6705]: Connection closed by invalid user test 193.106.191.157 port 60982 [preauth]","@timestamp":"2022-09-10T08:24:05.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:26:36 honeypot-ams-1 sshd[6730]: Disconnected from authenticating user root 143.244.158.100 port 40994 [preauth]","@timestamp":"2022-09-10T08:26:36.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:28:22 honeypot-ams-1 sshd[6738]: Received disconnect from 143.244.158.100 port 44326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:28:23.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:31:08 honeypot-ams-1 sshd[6745]: Received disconnect from 143.244.158.100 port 48252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:31:08.603Z"}
{"@timestamp":"2022-09-10T08:31:37.288Z","@version":"1","message":"Sep 10 08:31:36 honeypot-sgp-1 sshd[2662]: Received disconnect from 157.245.9.6 port 36026:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:33:57 honeypot-ams-1 sshd[6751]: Received disconnect from 143.244.158.100 port 55158:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:33:58.678Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 08:36:23 honeypot-ams-1 kernel: [83675569.822163] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24606 PROTO=TCP SPT=20029 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:36:23.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:38:25 honeypot-ams-1 sshd[6762]: Disconnected from authenticating user root 143.244.158.100 port 59336 [preauth]","@timestamp":"2022-09-10T08:38:25.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:40:12 honeypot-ams-1 sshd[6770]: Disconnected from authenticating user root 181.129.166.202 port 50920 [preauth]","@timestamp":"2022-09-10T08:40:12.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:41:59 honeypot-ams-1 sshd[6776]: Received disconnect from 143.244.158.100 port 41340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:41:59.898Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:43:01 honeypot-ams-1 sshd[6780]: Received disconnect from 203.151.81.77 port 60274:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:43:01.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:43:03 honeypot-fra-1 sshd[29593]: Disconnected from authenticating user root 51.222.196.77 port 52548 [preauth]","@timestamp":"2022-09-10T08:43:03.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T08:43:13.568Z","@version":"1","message":"Sep 10 08:43:12 honeypot-sgp-1 sshd[2665]: Disconnected from invalid user sham 104.248.131.9 port 57710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 08:43:47 honeypot-ams-1 kernel: [83676014.360747] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=85.184.39.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=47693 DF PROTO=TCP SPT=29698 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:43:47.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:44:55 honeypot-ams-1 sshd[6788]: Received disconnect from 91.205.128.170 port 60756:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:44:55.982Z"}
{"@timestamp":"2022-09-10T08:46:14.641Z","@version":"1","message":"Sep 10 08:46:14 honeypot-sgp-1 sshd[2672]: Did not receive identification string from 45.61.186.249 port 44066","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T08:46:49.656Z","@version":"1","message":"Sep 10 08:46:49 honeypot-sgp-1 sshd[2675]: Disconnected from invalid user user 45.61.186.249 port 48794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:47:06 honeypot-fra-1 sshd[29597]: Disconnected from invalid user wsmith 165.227.232.25 port 59064 [preauth]","@timestamp":"2022-09-10T08:47:07.088Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T08:47:08.665Z","@version":"1","message":"Sep 10 08:47:08 honeypot-sgp-1 sshd[2679]: Disconnected from invalid user user 45.61.186.249 port 43406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T08:47:25.674Z","@version":"1","message":"Sep 10 08:47:25 honeypot-sgp-1 sshd[2683]: Disconnected from invalid user user 45.61.186.249 port 38018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:47:31 honeypot-ams-1 sshd[6795]: Received disconnect from 143.244.158.100 port 56306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:47:32.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:48:24 honeypot-ams-1 sshd[6799]: Received disconnect from 143.244.158.100 port 49170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:48:25.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:50:46 honeypot-ams-1 sshd[6806]: Received disconnect from 92.255.85.69 port 20638:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:50:47.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:51:33 honeypot-fra-1 kernel: [83674327.916216] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.147.58.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=38385 PROTO=TCP SPT=59651 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:51:34.191Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T08:55:01.880Z","@version":"1","message":"Sep 10 08:55:01 honeypot-sgp-1 sshd[2688]: Disconnected from invalid user guest 79.62.236.130 port 43864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:55:12 honeypot-fra-1 sshd[29609]: Invalid user duckie from 206.189.233.163 port 37584","@timestamp":"2022-09-10T08:55:12.273Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 08:57:07 honeypot-ams-1 kernel: [83676813.456695] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.172 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=27714 PROTO=TCP SPT=56167 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:57:07.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:00:38 honeypot-fra-1 kernel: [83674872.166943] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=30842 PROTO=TCP SPT=10417 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T09:00:38.399Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:08:38 honeypot-ams-1 sshd[6817]: Disconnected from authenticating user root 178.62.17.51 port 40480 [preauth]","@timestamp":"2022-09-10T09:08:38.599Z"}
{"@timestamp":"2022-09-10T09:09:00.233Z","@version":"1","message":"Sep 10 09:08:59 honeypot-sgp-1 kernel: [83677054.499368] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=39318 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:13:44.354Z","@version":"1","message":"Sep 10 09:13:44 honeypot-sgp-1 kernel: [83677338.931636] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=201.171.20.237 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=24731 DF PROTO=TCP SPT=59956 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:14:16 honeypot-fra-1 sshd[29617]: Invalid user rkpandian from 139.59.230.111 port 40344","@timestamp":"2022-09-10T09:14:16.719Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T09:14:58.386Z","@version":"1","message":"Sep 10 09:14:58 honeypot-sgp-1 sshd[2774]: Received disconnect from 141.255.162.226 port 46250:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:15:01.388Z","@version":"1","message":"Sep 10 09:15:00 honeypot-sgp-1 sshd[2778]: Received disconnect from 141.255.162.226 port 43506:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:15:03.390Z","@version":"1","message":"Sep 10 09:15:02 honeypot-sgp-1 sshd[2782]: Received disconnect from 141.255.162.226 port 52008:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:15:07.392Z","@version":"1","message":"Sep 10 09:15:06 honeypot-sgp-1 sshd[2786]: Received disconnect from 141.255.162.226 port 40786:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:17:01 honeypot-ams-1 CRON[6824]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T09:17:01.829Z"}
{"@timestamp":"2022-09-10T09:18:33.474Z","@version":"1","message":"Sep 10 09:18:32 honeypot-sgp-1 sshd[2802]: Connection closed by invalid user user 114.67.225.93 port 43750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:21:16 honeypot-fra-1 sshd[29623]: Received disconnect from 82.196.5.251 port 48520:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:21:16.871Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T09:26:25.667Z","@version":"1","message":"Sep 10 09:26:25 honeypot-sgp-1 sshd[2876]: Invalid user togashi from 135.125.233.142 port 48610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:28:23 honeypot-fra-1 kernel: [83676536.956381] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=29393 PROTO=TCP SPT=43003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T09:28:24.031Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T09:28:29.722Z","@version":"1","message":"Sep 10 09:28:28 honeypot-sgp-1 kernel: [83678223.435188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.175.70.147 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=232 ID=12330 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:30:29 honeypot-ams-1 sshd[6833]: Invalid user test from 193.106.191.157 port 44694","@timestamp":"2022-09-10T09:30:30.193Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:35:33 honeypot-fra-1 sshd[29629]: Disconnected from invalid user cameras 92.255.85.69 port 36204 [preauth]","@timestamp":"2022-09-10T09:35:34.206Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:33 honeypot-ams-1 sshd[6838]: Disconnected from authenticating user root 191.211.61.227 port 44924 [preauth]","@timestamp":"2022-09-10T09:35:34.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:37 honeypot-ams-1 sshd[6842]: Disconnected from authenticating user root 191.211.61.227 port 45028 [preauth]","@timestamp":"2022-09-10T09:35:38.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:42 honeypot-ams-1 sshd[6848]: Disconnected from authenticating user root 191.211.61.227 port 45223 [preauth]","@timestamp":"2022-09-10T09:35:43.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:47 honeypot-ams-1 sshd[6854]: Disconnected from authenticating user root 191.211.61.227 port 45381 [preauth]","@timestamp":"2022-09-10T09:35:48.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:52 honeypot-ams-1 sshd[6860]: Disconnected from authenticating user root 191.211.61.227 port 45559 [preauth]","@timestamp":"2022-09-10T09:35:53.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:58 honeypot-ams-1 sshd[6866]: Disconnected from authenticating user root 191.211.61.227 port 45753 [preauth]","@timestamp":"2022-09-10T09:35:58.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:04 honeypot-ams-1 sshd[6872]: Disconnected from authenticating user root 191.211.61.227 port 45921 [preauth]","@timestamp":"2022-09-10T09:36:04.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:08 honeypot-ams-1 sshd[6878]: Disconnected from authenticating user root 191.211.61.227 port 46119 [preauth]","@timestamp":"2022-09-10T09:36:09.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:14 honeypot-ams-1 sshd[6884]: Disconnected from authenticating user root 191.211.61.227 port 46315 [preauth]","@timestamp":"2022-09-10T09:36:15.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:19 honeypot-ams-1 sshd[6890]: Disconnected from authenticating user root 191.211.61.227 port 46524 [preauth]","@timestamp":"2022-09-10T09:36:20.353Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:24 honeypot-ams-1 sshd[6896]: Received disconnect from 191.211.61.227 port 46685:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:25.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:29 honeypot-ams-1 sshd[6902]: Received disconnect from 191.211.61.227 port 46885:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:29.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:33 honeypot-ams-1 sshd[6908]: Invalid user admin from 191.211.61.227 port 47054","@timestamp":"2022-09-10T09:36:34.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:40 honeypot-ams-1 sshd[6912]: Invalid user admin from 191.211.61.227 port 47190","@timestamp":"2022-09-10T09:36:40.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:43 honeypot-ams-1 sshd[6916]: Invalid user admin from 191.211.61.227 port 47386","@timestamp":"2022-09-10T09:36:44.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:46 honeypot-ams-1 sshd[6920]: Invalid user admin from 191.211.61.227 port 47523","@timestamp":"2022-09-10T09:36:47.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:49 honeypot-ams-1 sshd[6924]: Invalid user admin from 191.211.61.227 port 47635","@timestamp":"2022-09-10T09:36:50.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:53 honeypot-ams-1 sshd[6928]: Invalid user user from 191.211.61.227 port 47750","@timestamp":"2022-09-10T09:36:53.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:57 honeypot-ams-1 sshd[6932]: Disconnected from authenticating user root 191.211.61.227 port 47877 [preauth]","@timestamp":"2022-09-10T09:36:58.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:00 honeypot-ams-1 sshd[6936]: Disconnected from invalid user pi 191.211.61.227 port 48030 [preauth]","@timestamp":"2022-09-10T09:37:01.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:04 honeypot-ams-1 sshd[6940]: Disconnected from invalid user ethos 191.211.61.227 port 48161 [preauth]","@timestamp":"2022-09-10T09:37:04.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:08 honeypot-ams-1 sshd[6944]: Disconnected from invalid user miner 191.211.61.227 port 48322 [preauth]","@timestamp":"2022-09-10T09:37:09.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:11 honeypot-ams-1 sshd[6948]: Disconnected from invalid user volumio 191.211.61.227 port 48450 [preauth]","@timestamp":"2022-09-10T09:37:12.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:15 honeypot-ams-1 sshd[6952]: Disconnected from invalid user nagios 191.211.61.227 port 48594 [preauth]","@timestamp":"2022-09-10T09:37:16.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:19 honeypot-ams-1 sshd[6956]: Disconnected from invalid user vagrant 191.211.61.227 port 48715 [preauth]","@timestamp":"2022-09-10T09:37:19.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:22 honeypot-ams-1 sshd[6960]: Disconnected from invalid user debian 191.211.61.227 port 48850 [preauth]","@timestamp":"2022-09-10T09:37:23.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:26 honeypot-ams-1 sshd[6964]: Disconnected from invalid user debian 191.211.61.227 port 49006 [preauth]","@timestamp":"2022-09-10T09:37:27.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:30 honeypot-ams-1 sshd[6968]: Disconnected from invalid user alarm 191.211.61.227 port 49133 [preauth]","@timestamp":"2022-09-10T09:37:30.399Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:33 honeypot-ams-1 sshd[6972]: Disconnected from invalid user test 191.211.61.227 port 49258 [preauth]","@timestamp":"2022-09-10T09:37:33.402Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:36 honeypot-ams-1 sshd[6976]: Disconnected from invalid user cirros 191.211.61.227 port 49373 [preauth]","@timestamp":"2022-09-10T09:37:37.404Z"}
{"@timestamp":"2022-09-10T09:41:39.035Z","@version":"1","message":"Sep 10 09:41:38 honeypot-sgp-1 kernel: [83679013.455323] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=4451 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 09:44:54 honeypot-ams-1 kernel: [83679680.892465] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5553 PROTO=TCP SPT=42932 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T09:44:54.588Z"}
{"@timestamp":"2022-09-10T09:50:41.249Z","@version":"1","message":"Sep 10 09:50:41 honeypot-sgp-1 sshd[2891]: Invalid user admin from 101.183.15.192 port 45076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:52:18 honeypot-fra-1 sshd[29636]: Connection closed by invalid user test 193.106.191.157 port 45780 [preauth]","@timestamp":"2022-09-10T09:52:19.567Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T09:56:57.401Z","@version":"1","message":"Sep 10 09:56:57 honeypot-sgp-1 kernel: [83679931.605917] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.171.59.221 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=32378 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:58:37 honeypot-fra-1 sshd[29641]: Disconnected from invalid user admin 92.255.85.69 port 17716 [preauth]","@timestamp":"2022-09-10T09:58:37.722Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:01:22 honeypot-ams-1 sshd[7003]: Received disconnect from 92.255.85.70 port 36128:11: Bye Bye [preauth]","@timestamp":"2022-09-10T10:01:23.009Z"}
{"@timestamp":"2022-09-10T10:06:52.640Z","@version":"1","message":"Sep 10 10:06:52 honeypot-sgp-1 sshd[2906]: Invalid user user from 45.61.187.160 port 58170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:01.645Z","@version":"1","message":"Sep 10 10:07:01 honeypot-sgp-1 sshd[2910]: Invalid user user from 45.61.187.160 port 41390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:18.654Z","@version":"1","message":"Sep 10 10:07:18 honeypot-sgp-1 sshd[2914]: Invalid user user from 45.61.187.160 port 35986","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:33.686Z","@version":"1","message":"Sep 10 10:07:33 honeypot-sgp-1 sshd[2918]: Invalid user user from 45.61.187.160 port 58854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:41.692Z","@version":"1","message":"Sep 10 10:07:41 honeypot-sgp-1 sshd[2922]: Invalid user user from 45.61.187.160 port 42066","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:12:04 honeypot-ams-1 sshd[7012]: Received disconnect from 64.225.43.245 port 55662:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:12:05.298Z"}
{"@timestamp":"2022-09-10T10:13:07.824Z","@version":"1","message":"Sep 10 10:13:07 honeypot-sgp-1 sshd[2925]: Disconnected from authenticating user root 61.177.173.51 port 57478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:14:26 honeypot-ams-1 sshd[7019]: Received disconnect from 64.225.43.245 port 39798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:14:26.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:15:58 honeypot-ams-1 sshd[7026]: Disconnected from authenticating user root 64.225.43.245 port 38636 [preauth]","@timestamp":"2022-09-10T10:15:59.426Z"}
{"@timestamp":"2022-09-10T10:16:48.913Z","@version":"1","message":"Sep 10 10:16:48 honeypot-sgp-1 sshd[2932]: Invalid user andrea from 178.176.225.151 port 55830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:17:01 honeypot-fra-1 CRON[29649]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T10:17:02.125Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:17:13 honeypot-ams-1 sshd[7035]: Disconnected from authenticating user root 61.177.172.19 port 37099 [preauth]","@timestamp":"2022-09-10T10:17:13.461Z"}
{"@timestamp":"2022-09-10T10:18:25.953Z","@version":"1","message":"Sep 10 10:18:25 honeypot-sgp-1 sshd[2938]: error: maximum authentication attempts exceeded for invalid user admin from 49.167.15.161 port 60411 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:19:07 honeypot-ams-1 sshd[7041]: Disconnected from authenticating user root 64.225.43.245 port 36308 [preauth]","@timestamp":"2022-09-10T10:19:08.513Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:21:30 honeypot-ams-1 sshd[7048]: Disconnected from authenticating user root 64.225.43.245 port 48676 [preauth]","@timestamp":"2022-09-10T10:21:31.575Z"}
{"@timestamp":"2022-09-10T10:23:18.073Z","@version":"1","message":"Sep 10 10:23:18 honeypot-sgp-1 sshd[2944]: Received disconnect from 61.177.172.104 port 25929:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:23:33 honeypot-fra-1 sshd[29655]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.197.37 port 46840","@timestamp":"2022-09-10T10:23:34.285Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:23:53 honeypot-ams-1 sshd[7055]: Received disconnect from 64.225.43.245 port 32818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:23:53.639Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:25:05 honeypot-ams-1 sshd[7061]: Bad protocol version identification 'MGLNDD_178.62.254.91_22' from 192.241.213.210 port 55816","@timestamp":"2022-09-10T10:25:05.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:26:10 honeypot-fra-1 sshd[29660]: Received disconnect from 165.22.45.108 port 33892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:26:11.345Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:27:10 honeypot-ams-1 sshd[7069]: Disconnected from authenticating user root 64.225.43.245 port 58720 [preauth]","@timestamp":"2022-09-10T10:27:11.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:29:05 honeypot-ams-1 sshd[7078]: Disconnected from authenticating user root 61.177.173.36 port 45489 [preauth]","@timestamp":"2022-09-10T10:29:05.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:31:07 honeypot-ams-1 sshd[7085]: Disconnected from authenticating user root 64.225.43.245 port 41690 [preauth]","@timestamp":"2022-09-10T10:31:08.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:31:12 honeypot-fra-1 kernel: [83680305.885807] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=38253 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:31:12.460Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:33:32 honeypot-ams-1 sshd[7092]: Disconnected from authenticating user root 64.225.43.245 port 54072 [preauth]","@timestamp":"2022-09-10T10:33:32.900Z"}
{"@timestamp":"2022-09-10T10:34:47.340Z","@version":"1","message":"Sep 10 10:34:46 honeypot-sgp-1 sshd[2954]: Disconnected from authenticating user root 61.177.173.46 port 64364 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:35:07 honeypot-ams-1 sshd[7096]: Disconnected from authenticating user root 64.225.43.245 port 52904 [preauth]","@timestamp":"2022-09-10T10:35:07.962Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:36:45 honeypot-ams-1 sshd[7104]: Received disconnect from 64.225.43.245 port 51736:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:36:46.010Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:37:46 honeypot-fra-1 sshd[29668]: Disconnected from authenticating user root 61.177.172.108 port 18057 [preauth]","@timestamp":"2022-09-10T10:37:47.605Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:39:16 honeypot-ams-1 sshd[7111]: Received disconnect from 64.225.43.245 port 35870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:39:17.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:40:54 honeypot-ams-1 sshd[7115]: Disconnected from authenticating user root 64.225.43.245 port 34702 [preauth]","@timestamp":"2022-09-10T10:40:55.122Z"}
{"@timestamp":"2022-09-10T10:42:12.519Z","@version":"1","message":"Sep 10 10:42:11 honeypot-sgp-1 kernel: [83682646.164143] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.214.239.113 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=52063 PROTO=TCP SPT=48759 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:42:31 honeypot-ams-1 sshd[7121]: Disconnected from authenticating user root 64.225.43.245 port 33538 [preauth]","@timestamp":"2022-09-10T10:42:32.165Z"}
{"@timestamp":"2022-09-10T10:44:32.575Z","@version":"1","message":"Sep 10 10:44:32 honeypot-sgp-1 sshd[2963]: Received disconnect from 61.177.173.52 port 18163:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29678]: Invalid user ftpuser from 152.136.130.81 port 36920","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29683]: Invalid user oracle from 152.136.130.81 port 36934","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29696]: Invalid user devops from 152.136.130.81 port 36908","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29692]: Invalid user dev from 152.136.130.81 port 36940","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29687]: Invalid user guest from 152.136.130.81 port 36922","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29689]: Invalid user es from 152.136.130.81 port 36948","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29680]: Connection closed by invalid user ec2-user 152.136.130.81 port 36894 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29699]: Connection closed by invalid user alex 152.136.130.81 port 36930 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29697]: Connection closed by invalid user web 152.136.130.81 port 36880 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29689]: Connection closed by invalid user es 152.136.130.81 port 36948 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:44:52 honeypot-ams-1 sshd[7128]: Received disconnect from 61.177.172.108 port 26421:11:  [preauth]","@timestamp":"2022-09-10T10:44:53.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:45:32 honeypot-fra-1 sshd[29734]: Received disconnect from 92.255.85.70 port 33936:11: Bye Bye [preauth]","@timestamp":"2022-09-10T10:45:33.782Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:45:49 honeypot-ams-1 sshd[7132]: Disconnected from authenticating user root 64.225.43.245 port 59440 [preauth]","@timestamp":"2022-09-10T10:45:49.259Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:46:26 honeypot-fra-1 sshd[29739]: Invalid user user from 45.61.186.49 port 40638","@timestamp":"2022-09-10T10:46:26.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:46:34 honeypot-fra-1 sshd[29743]: Invalid user user from 45.61.186.49 port 52084","@timestamp":"2022-09-10T10:46:35.810Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:48:14 honeypot-ams-1 sshd[7139]: Received disconnect from 64.225.43.245 port 43580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:48:14.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:48:56 honeypot-ams-1 sshd[7143]: Did not receive identification string from 80.76.51.46 port 51340","@timestamp":"2022-09-10T10:48:57.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:49:21 honeypot-ams-1 sshd[7148]: Received disconnect from 80.76.51.46 port 42630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:49:21.360Z"}
{"@timestamp":"2022-09-10T10:49:49.701Z","@version":"1","message":"Sep 10 10:49:49 honeypot-sgp-1 sshd[2969]: Received disconnect from 61.177.172.124 port 51033:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:49:51 honeypot-ams-1 sshd[7152]: Disconnected from authenticating user root 80.76.51.46 port 42631 [preauth]","@timestamp":"2022-09-10T10:49:51.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:50:05 honeypot-ams-1 sshd[7157]: Disconnected from authenticating user root 80.76.51.46 port 42690 [preauth]","@timestamp":"2022-09-10T10:50:06.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:50:46 honeypot-ams-1 sshd[7163]: Disconnected from authenticating user root 64.225.43.245 port 55948 [preauth]","@timestamp":"2022-09-10T10:50:46.406Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:51:18 honeypot-ams-1 sshd[7169]: Disconnected from authenticating user root 80.76.51.46 port 42828 [preauth]","@timestamp":"2022-09-10T10:51:19.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:51:48 honeypot-ams-1 sshd[7175]: Received disconnect from 80.76.51.46 port 42854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:51:48.441Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:52:24 honeypot-ams-1 sshd[7179]: Disconnected from authenticating user root 64.225.43.245 port 54774 [preauth]","@timestamp":"2022-09-10T10:52:25.459Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:53:54 honeypot-fra-1 sshd[29752]: Received disconnect from 61.177.173.47 port 47108:11:  [preauth]","@timestamp":"2022-09-10T10:53:54.972Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:54:50 honeypot-ams-1 sshd[7187]: Received disconnect from 64.225.43.245 port 38910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:54:50.524Z"}
{"@timestamp":"2022-09-10T10:54:52.821Z","@version":"1","message":"Sep 10 10:54:52 honeypot-sgp-1 sshd[2975]: Invalid user user from 141.255.162.226 port 45962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:54:58.825Z","@version":"1","message":"Sep 10 10:54:57 honeypot-sgp-1 sshd[2979]: Invalid user user from 141.255.162.226 port 40198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:55:00.826Z","@version":"1","message":"Sep 10 10:55:00 honeypot-sgp-1 sshd[2983]: Connection closed by 141.255.162.226 port 47688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:08 honeypot-ams-1 sshd[7194]: Invalid user user from 45.61.184.204 port 52312","@timestamp":"2022-09-10T10:55:09.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:18 honeypot-ams-1 sshd[7198]: Received disconnect from 45.61.184.204 port 35766:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:55:18.539Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:28 honeypot-ams-1 sshd[7200]: Disconnected from authenticating user root 61.177.172.90 port 47726 [preauth]","@timestamp":"2022-09-10T10:55:28.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:42 honeypot-ams-1 sshd[7208]: Received disconnect from 61.177.173.51 port 64324:11:  [preauth]","@timestamp":"2022-09-10T10:55:42.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:54 honeypot-ams-1 sshd[7212]: Received disconnect from 45.61.184.204 port 54292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:55:55.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:57:19 honeypot-ams-1 sshd[7218]: Received disconnect from 64.225.43.245 port 51276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:57:19.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:57:40 honeypot-fra-1 sshd[29777]: Invalid user kafka from 165.22.45.108 port 38914","@timestamp":"2022-09-10T10:57:41.058Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:58:58 honeypot-ams-1 sshd[7224]: Received disconnect from 64.225.43.245 port 50112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:58:59.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:00:46 honeypot-ams-1 sshd[7231]: Connection closed by authenticating user root 103.188.176.251 port 42202 [preauth]","@timestamp":"2022-09-10T11:00:46.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:02:36 honeypot-fra-1 sshd[29783]: Invalid user admin from 59.26.145.206 port 33254","@timestamp":"2022-09-10T11:02:36.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:03:08 honeypot-ams-1 sshd[7237]: Disconnected from authenticating user root 64.225.43.245 port 33162 [preauth]","@timestamp":"2022-09-10T11:03:08.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:04:58 honeypot-ams-1 sshd[7243]: Received disconnect from 79.59.251.230 port 34542:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:04:58.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:05:25 honeypot-fra-1 kernel: [83682358.753381] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.156.73.91 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=12364 PROTO=TCP SPT=44795 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:05:25.247Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:05:32 honeypot-ams-1 sshd[7247]: Disconnected from authenticating user root 64.225.43.245 port 45530 [preauth]","@timestamp":"2022-09-10T11:05:33.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:06:20 honeypot-ams-1 sshd[7254]: Received disconnect from 64.225.43.245 port 59064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:06:20.852Z"}
{"@timestamp":"2022-09-10T11:06:22.092Z","@version":"1","message":"Sep 10 11:06:21 honeypot-sgp-1 sshd[2992]: Invalid user ftpuser from 92.255.85.70 port 57030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T11:08:41.148Z","@version":"1","message":"Sep 10 11:08:40 honeypot-sgp-1 kernel: [83684234.896624] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.216.97 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=37652 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:08:55 honeypot-ams-1 sshd[7259]: Disconnected from invalid user taketo 121.79.128.37 port 38491 [preauth]","@timestamp":"2022-09-10T11:08:55.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:08:59 honeypot-fra-1 sshd[29795]: Invalid user ftpuser from 92.255.85.70 port 35594","@timestamp":"2022-09-10T11:09:00.329Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:09:30 honeypot-ams-1 kernel: [83684756.584472] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.145 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26993 PROTO=TCP SPT=48124 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:09:30.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:10:28 honeypot-fra-1 kernel: [83682661.901443] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.197.40.144 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=9158 DF PROTO=TCP SPT=59224 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:10:28.365Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T11:11:45.223Z","@version":"1","message":"Sep 10 11:11:45 honeypot-sgp-1 sshd[3001]: Received disconnect from 141.255.162.226 port 33638:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T11:11:49.225Z","@version":"1","message":"Sep 10 11:11:49 honeypot-sgp-1 sshd[3005]: Received disconnect from 141.255.162.226 port 48764:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:13:25 honeypot-fra-1 sshd[29803]: Disconnected from authenticating user root 61.177.173.51 port 38393 [preauth]","@timestamp":"2022-09-10T11:13:25.433Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:14:57 honeypot-ams-1 sshd[7267]: Connection reset by 61.177.173.51 port 20070 [preauth]","@timestamp":"2022-09-10T11:14:58.080Z"}
{"@timestamp":"2022-09-10T11:17:02.349Z","@version":"1","message":"Sep 10 11:17:01 honeypot-sgp-1 CRON[3012]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:18:07 honeypot-fra-1 sshd[29811]: Received disconnect from 178.128.25.31 port 40688:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:18:07.539Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:19:37.411Z","@version":"1","message":"Sep 10 11:19:36 honeypot-sgp-1 sshd[3020]: Received disconnect from 61.177.173.36 port 23858:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:19:37 honeypot-ams-1 sshd[7274]: Disconnected from authenticating user root 218.92.0.202 port 52662 [preauth]","@timestamp":"2022-09-10T11:19:38.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:21:28 honeypot-ams-1 sshd[7280]: Received disconnect from 61.177.173.47 port 16937:11:  [preauth]","@timestamp":"2022-09-10T11:21:29.254Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:22:44 honeypot-fra-1 kernel: [83683398.548121] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=14.225.5.25 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=27906 PROTO=TCP SPT=47274 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:22:45.644Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:23:18 honeypot-ams-1 sshd[7285]: Connection closed by invalid user pi 37.189.36.203 port 55360 [preauth]","@timestamp":"2022-09-10T11:23:19.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:23:57 honeypot-ams-1 sshd[7292]: Invalid user test from 80.76.51.46 port 45400","@timestamp":"2022-09-10T11:23:57.322Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:24:27 honeypot-ams-1 sshd[7298]: Disconnected from authenticating user root 80.76.51.46 port 49366 [preauth]","@timestamp":"2022-09-10T11:24:28.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:24:58 honeypot-ams-1 sshd[7304]: Received disconnect from 80.76.51.46 port 53368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:24:58.352Z"}
{"@timestamp":"2022-09-10T11:25:15.544Z","@version":"1","message":"Sep 10 11:25:15 honeypot-sgp-1 kernel: [83685229.634041] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.150 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39109 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:25:25 honeypot-fra-1 sshd[29819]: Disconnected from invalid user jeronimo 160.153.252.142 port 53816 [preauth]","@timestamp":"2022-09-10T11:25:25.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:25:43 honeypot-ams-1 sshd[7310]: Received disconnect from 80.76.51.46 port 59316:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:25:43.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:26:13 honeypot-ams-1 sshd[7314]: Disconnected from invalid user user 80.76.51.46 port 35036 [preauth]","@timestamp":"2022-09-10T11:26:14.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:27:06 honeypot-ams-1 sshd[7319]: Received disconnect from 61.177.172.124 port 41391:11:  [preauth]","@timestamp":"2022-09-10T11:27:06.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:28:56 honeypot-fra-1 kernel: [83683769.772551] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.127.189.90 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35383 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:28:56.787Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T11:30:31.671Z","@version":"1","message":"Sep 10 11:30:31 honeypot-sgp-1 kernel: [83685545.606396] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.194.198 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47219 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T11:34:48.783Z","@version":"1","message":"Sep 10 11:34:47 honeypot-sgp-1 kernel: [83685802.352251] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.196.214 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50562 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:34:52 honeypot-fra-1 kernel: [83684125.650994] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=26250 PROTO=TCP SPT=28639 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:34:52.920Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:34:59 honeypot-ams-1 sshd[7325]: Disconnected from invalid user ftpuser 92.255.85.70 port 23354 [preauth]","@timestamp":"2022-09-10T11:35:00.614Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:42:54 honeypot-ams-1 sshd[7331]: Disconnected from invalid user kurita 62.231.21.18 port 34596 [preauth]","@timestamp":"2022-09-10T11:42:54.815Z"}
{"@timestamp":"2022-09-10T11:43:59.999Z","@version":"1","message":"Sep 10 11:43:59 honeypot-sgp-1 sshd[3039]: Disconnected from authenticating user root 1.245.61.144 port 29739 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:51:44 honeypot-fra-1 sshd[29836]: Disconnected from authenticating user root 61.177.173.49 port 22712 [preauth]","@timestamp":"2022-09-10T11:51:45.291Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:52:55 honeypot-ams-1 sshd[7343]: Received disconnect from 61.177.173.46 port 60206:11:  [preauth]","@timestamp":"2022-09-10T11:52:56.071Z"}
{"@timestamp":"2022-09-10T11:53:05.209Z","@version":"1","message":"Sep 10 11:53:04 honeypot-sgp-1 sshd[3044]: Disconnected from authenticating user root 92.255.85.69 port 40506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:57:11 honeypot-fra-1 sshd[29843]: Invalid user reyes from 43.154.228.228 port 48270","@timestamp":"2022-09-10T11:57:12.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:58:55 honeypot-fra-1 sshd[29847]: Received disconnect from 61.177.173.47 port 57746:11:  [preauth]","@timestamp":"2022-09-10T11:58:56.456Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:00:04 honeypot-ams-1 kernel: [83687790.646633] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.141.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4089 PROTO=TCP SPT=11965 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:00:05.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:02:24 honeypot-fra-1 sshd[29852]: Connection closed by invalid user User 122.170.3.203 port 36286 [preauth]","@timestamp":"2022-09-10T12:02:25.537Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:03:01 honeypot-ams-1 kernel: [83687967.987295] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=28745 PROTO=TCP SPT=51203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:03:02.357Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:11:20 honeypot-fra-1 kernel: [83686314.262499] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.196.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=32988 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:11:21.738Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:11:59 honeypot-fra-1 sshd[29863]: Disconnected from invalid user zhangtao 157.245.46.21 port 54250 [preauth]","@timestamp":"2022-09-10T12:11:59.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:13:34 honeypot-fra-1 kernel: [83686448.326603] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.175 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55703 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:13:35.799Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T12:15:02.739Z","@version":"1","message":"Sep 10 12:15:02 honeypot-sgp-1 kernel: [83688216.781492] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=190.78.80.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=51699 DF PROTO=TCP SPT=31245 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:16:47 honeypot-fra-1 sshd[29874]: Received disconnect from 61.177.172.124 port 15084:11:  [preauth]","@timestamp":"2022-09-10T12:16:47.874Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T12:17:12.794Z","@version":"1","message":"Sep 10 12:17:12 honeypot-sgp-1 sshd[3064]: Disconnected from authenticating user root 92.255.85.69 port 32818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:19:01 honeypot-ams-1 sshd[7359]: Disconnected from authenticating user root 61.177.172.98 port 28801 [preauth]","@timestamp":"2022-09-10T12:19:02.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:22:21 honeypot-ams-1 sshd[7367]: Invalid user ps from 139.255.245.86 port 52798","@timestamp":"2022-09-10T12:22:21.843Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:55 honeypot-fra-1 sshd[29896]: Did not receive identification string from 75.90.49.160 port 48262","@timestamp":"2022-09-10T12:22:56.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:55 honeypot-fra-1 sshd[29884]: Connection closed by invalid user mysql 75.90.49.160 port 48428 [preauth]","@timestamp":"2022-09-10T12:22:56.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29906]: Invalid user jenkins from 75.90.49.160 port 48434","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29898]: Connection closed by invalid user admin 75.90.49.160 port 48504 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29909]: Invalid user michael from 75.90.49.160 port 48674","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29912]: Invalid user rustserver from 75.90.49.160 port 48384","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29906]: Connection closed by invalid user jenkins 75.90.49.160 port 48434 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29923]: Connection closed by invalid user mysql 75.90.49.160 port 48304 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29918]: Connection closed by invalid user admin 75.90.49.160 port 48332 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:57 honeypot-fra-1 sshd[29907]: Connection closed by invalid user steam 75.90.49.160 port 48556 [preauth]","@timestamp":"2022-09-10T12:22:58.013Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T12:26:36.036Z","@version":"1","message":"Sep 10 12:26:35 honeypot-sgp-1 sshd[3071]: Received disconnect from 61.177.173.51 port 17699:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:30:27 honeypot-ams-1 kernel: [83689613.838508] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.214.234.16 DST=178.62.254.91 LEN=56 TOS=0x18 PREC=0x20 TTL=107 ID=9873 DF PROTO=TCP SPT=58294 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:30:28.045Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:30:41 honeypot-fra-1 sshd[29952]: Disconnected from authenticating user root 61.177.173.51 port 39565 [preauth]","@timestamp":"2022-09-10T12:30:41.180Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T12:31:58.162Z","@version":"1","message":"Sep 10 12:31:57 honeypot-sgp-1 kernel: [83689231.720844] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=40029 DF PROTO=TCP SPT=50624 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:34:49 honeypot-fra-1 kernel: [83687722.599543] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.143.58.236 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=20216 DF PROTO=TCP SPT=16239 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:34:49.275Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:35:38 honeypot-ams-1 sshd[7375]: Disconnected from authenticating user root 61.177.172.98 port 59838 [preauth]","@timestamp":"2022-09-10T12:35:39.182Z"}
{"@timestamp":"2022-09-10T12:36:47.275Z","@version":"1","message":"Sep 10 12:36:46 honeypot-sgp-1 sshd[3082]: Unable to negotiate with 41.86.17.229 port 49863: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T12:40:16.357Z","@version":"1","message":"Sep 10 12:40:16 honeypot-sgp-1 sshd[3102]: Disconnected from authenticating user root 61.177.173.51 port 44867 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:42:59 honeypot-fra-1 sshd[29972]: Disconnected from authenticating user root 61.177.172.108 port 64338 [preauth]","@timestamp":"2022-09-10T12:42:59.465Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:43:50 honeypot-ams-1 sshd[7384]: Invalid user mythtv from 41.209.43.93 port 52696","@timestamp":"2022-09-10T12:43:51.396Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:47:27 honeypot-ams-1 kernel: [83690633.723667] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=48101 PROTO=TCP SPT=51102 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:47:27.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:49:36 honeypot-ams-1 sshd[7393]: Received disconnect from 178.49.141.172 port 38998:11: Bye Bye [preauth]","@timestamp":"2022-09-10T12:49:36.552Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:50:12 honeypot-fra-1 sshd[29979]: Received disconnect from 61.177.173.49 port 37916:11:  [preauth]","@timestamp":"2022-09-10T12:50:12.633Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:51:19 honeypot-ams-1 sshd[7397]: Disconnected from authenticating user root 61.177.173.51 port 42541 [preauth]","@timestamp":"2022-09-10T12:51:19.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:54:50 honeypot-ams-1 sshd[7404]: Received disconnect from 14.232.243.151 port 44862:11: Bye Bye [preauth]","@timestamp":"2022-09-10T12:54:50.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:59:09 honeypot-ams-1 sshd[7406]: Received disconnect from 187.72.70.33 port 58302:11: Bye Bye [preauth]","@timestamp":"2022-09-10T12:59:09.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:00:04 honeypot-fra-1 sshd[29984]: Disconnected from authenticating user root 61.177.173.50 port 17278 [preauth]","@timestamp":"2022-09-10T13:00:04.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:00:05.824Z","@version":"1","message":"Sep 10 13:00:05 honeypot-sgp-1 sshd[3109]: Received disconnect from 61.177.173.53 port 37782:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:27 honeypot-fra-1 sshd[29989]: Invalid user user from 198.98.61.9 port 41812","@timestamp":"2022-09-10T13:01:27.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:42 honeypot-fra-1 sshd[29993]: Invalid user mas from 201.236.101.194 port 58415","@timestamp":"2022-09-10T13:01:42.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:52 honeypot-fra-1 sshd[29997]: Invalid user user from 198.98.61.9 port 48070","@timestamp":"2022-09-10T13:01:52.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:02:08 honeypot-fra-1 sshd[30001]: Invalid user user from 198.98.61.9 port 42820","@timestamp":"2022-09-10T13:02:08.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:02:56 honeypot-fra-1 kernel: [83689410.363605] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=37222 PROTO=TCP SPT=56488 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:02:57.933Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:03:11 honeypot-ams-1 sshd[7413]: Received disconnect from 101.36.108.12 port 43488:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:03:11.924Z"}
{"@timestamp":"2022-09-10T13:05:08.947Z","@version":"1","message":"Sep 10 13:05:08 honeypot-sgp-1 sshd[3116]: Invalid user admin from 59.27.98.103 port 58124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:06:19 honeypot-fra-1 sshd[30008]: Received disconnect from 101.32.95.39 port 49694:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:06:20.012Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:08:07.041Z","@version":"1","message":"Sep 10 13:08:06 honeypot-sgp-1 sshd[3123]: Received disconnect from 61.177.172.98 port 10122:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:08:40 honeypot-ams-1 sshd[7420]: Received disconnect from 51.83.44.100 port 36528:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:08:40.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:09:11 honeypot-fra-1 sshd[30013]: Invalid user test from 193.106.191.157 port 52780","@timestamp":"2022-09-10T13:09:12.080Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:10:12 honeypot-fra-1 sshd[30017]: Received disconnect from 61.177.173.46 port 47650:11:  [preauth]","@timestamp":"2022-09-10T13:10:13.110Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:11:24 honeypot-ams-1 sshd[7426]: Received disconnect from 61.177.173.51 port 11577:11:  [preauth]","@timestamp":"2022-09-10T13:11:24.144Z"}
{"@timestamp":"2022-09-10T13:13:58.183Z","@version":"1","message":"Sep 10 13:13:58 honeypot-sgp-1 sshd[3130]: Invalid user User from 210.121.243.157 port 38798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:16:00 honeypot-ams-1 sshd[7433]: Disconnected from authenticating user root 61.177.173.36 port 32304 [preauth]","@timestamp":"2022-09-10T13:16:00.267Z"}
{"@timestamp":"2022-09-10T13:17:02.259Z","@version":"1","message":"Sep 10 13:17:01 honeypot-sgp-1 CRON[3134]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:17:53 honeypot-fra-1 kernel: [83690307.235113] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=201.150.177.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=17072 DF PROTO=TCP SPT=53986 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:17:54.283Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:22:59 honeypot-fra-1 sshd[30052]: Received disconnect from 45.61.186.249 port 58322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:22:59.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:23:16 honeypot-fra-1 sshd[30056]: Received disconnect from 45.61.186.249 port 53176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:23:17.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:23:34 honeypot-fra-1 sshd[30060]: Received disconnect from 45.61.186.249 port 48082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:23:34.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:25:22 honeypot-fra-1 sshd[30064]: Connection closed by invalid user ssw 137.116.144.39 port 50918 [preauth]","@timestamp":"2022-09-10T13:25:23.456Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:26:56.495Z","@version":"1","message":"Sep 10 13:26:55 honeypot-sgp-1 kernel: [83692530.042291] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.218.147 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=7629 PROTO=TCP SPT=33897 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:28:46 honeypot-ams-1 sshd[7447]: Disconnected from authenticating user root 61.177.172.98 port 18229 [preauth]","@timestamp":"2022-09-10T13:28:46.605Z"}
{"@timestamp":"2022-09-10T13:30:27.581Z","@version":"1","message":"Sep 10 13:30:26 honeypot-sgp-1 sshd[3148]: Disconnected from 61.177.173.46 port 29140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:32 honeypot-fra-1 sshd[30077]: Invalid user support from 183.146.30.220 port 61709","@timestamp":"2022-09-10T13:32:33.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30091]: Invalid user test from 183.146.30.220 port 61745","@timestamp":"2022-09-10T13:32:33.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30081]: Connection closed by invalid user test 183.146.30.220 port 61743 [preauth]","@timestamp":"2022-09-10T13:32:33.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:32:32 honeypot-ams-1 sshd[7452]: Disconnected from authenticating user root 92.255.85.69 port 38532 [preauth]","@timestamp":"2022-09-10T13:32:33.728Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30107]: Connection closed by invalid user elastic 183.146.30.220 port 61703 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:34 honeypot-fra-1 sshd[30088]: Connection closed by authenticating user root 183.146.30.220 port 61687 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:34 honeypot-fra-1 sshd[30090]: Connection closed by invalid user steam 183.146.30.220 port 61689 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:35 honeypot-fra-1 sshd[30098]: Connection closed by authenticating user root 183.146.30.220 port 61763 [preauth]","@timestamp":"2022-09-10T13:32:36.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:34:36 honeypot-fra-1 sshd[30129]: Received disconnect from 165.22.45.108 port 35506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:34:36.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:40:18 honeypot-fra-1 kernel: [83691651.596871] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40962 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:40:18.884Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 13:40:27 honeypot-ams-1 kernel: [83693813.761747] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.84 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38002 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:40:27.938Z"}
{"@timestamp":"2022-09-10T13:43:46.902Z","@version":"1","message":"Sep 10 13:43:46 honeypot-sgp-1 sshd[3155]: Disconnected from authenticating user root 61.177.172.98 port 24752 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:44:34 honeypot-fra-1 sshd[30141]: Received disconnect from 61.177.172.124 port 23994:11:  [preauth]","@timestamp":"2022-09-10T13:44:34.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:48 honeypot-fra-1 sshd[30147]: Disconnected from invalid user user 141.255.162.226 port 36070 [preauth]","@timestamp":"2022-09-10T13:50:49.124Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:50 honeypot-fra-1 sshd[30151]: Disconnected from invalid user user 141.255.162.226 port 51494 [preauth]","@timestamp":"2022-09-10T13:50:51.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:53 honeypot-fra-1 sshd[30155]: Disconnected from invalid user user 141.255.162.226 port 38700 [preauth]","@timestamp":"2022-09-10T13:50:54.127Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:51:14.086Z","@version":"1","message":"Sep 10 13:51:13 honeypot-sgp-1 sshd[3161]: Received disconnect from 61.177.173.50 port 30364:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:53:26 honeypot-fra-1 sshd[30161]: Received disconnect from 92.255.85.69 port 35210:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:53:27.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 13:53:29 honeypot-ams-1 kernel: [83694596.161612] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51017 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:53:30.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:56:19 honeypot-ams-1 sshd[7480]: Received disconnect from 118.27.107.40 port 38904:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:56:19.360Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:58:24 honeypot-fra-1 sshd[30166]: Received disconnect from 159.203.81.114 port 57592:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:58:25.297Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:01:10.326Z","@version":"1","message":"Sep 10 14:01:09 honeypot-sgp-1 sshd[3168]: Disconnected from authenticating user root 61.177.173.46 port 47241 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:01:48 honeypot-fra-1 kernel: [83692941.937460] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49619 PROTO=TCP SPT=40367 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:01:49.377Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:03:29 honeypot-ams-1 sshd[7487]: Disconnected from authenticating user root 61.177.173.35 port 62156 [preauth]","@timestamp":"2022-09-10T14:03:30.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:06:06 honeypot-fra-1 sshd[30177]: Received disconnect from 165.22.45.108 port 40280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T14:06:07.477Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:07:19.484Z","@version":"1","message":"Sep 10 14:07:18 honeypot-sgp-1 sshd[3179]: Invalid user user from 45.61.186.249 port 49872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:07:37.493Z","@version":"1","message":"Sep 10 14:07:37 honeypot-sgp-1 sshd[3183]: Invalid user user from 45.61.186.249 port 45000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:07:55.502Z","@version":"1","message":"Sep 10 14:07:54 honeypot-sgp-1 sshd[3187]: Invalid user user from 45.61.186.249 port 40128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:08:11.510Z","@version":"1","message":"Sep 10 14:08:11 honeypot-sgp-1 sshd[3191]: Invalid user user from 45.61.186.249 port 35256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:09:27.543Z","@version":"1","message":"Sep 10 14:09:26 honeypot-sgp-1 sshd[3193]: Disconnected from invalid user admin 91.240.118.222 port 50033 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:13:43 honeypot-fra-1 sshd[30184]: Disconnected from authenticating user root 61.177.173.48 port 14604 [preauth]","@timestamp":"2022-09-10T14:13:43.642Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:14:13.659Z","@version":"1","message":"Sep 10 14:14:13 honeypot-sgp-1 sshd[3200]: Disconnected from invalid user test 92.255.85.69 port 61010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:17:01 honeypot-fra-1 CRON[30191]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T14:17:01.720Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:17:01 honeypot-ams-1 CRON[7501]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T14:17:01.905Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:18:21 honeypot-fra-1 kernel: [83693935.027638] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54180 PROTO=TCP SPT=59368 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:18:22.751Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:22:35 honeypot-ams-1 sshd[7507]: Received disconnect from 61.177.173.46 port 29258:11:  [preauth]","@timestamp":"2022-09-10T14:22:35.063Z"}
{"@timestamp":"2022-09-10T14:23:51.893Z","@version":"1","message":"Sep 10 14:23:51 honeypot-sgp-1 kernel: [83695945.730043] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=37804 PROTO=TCP SPT=59368 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:28:04 honeypot-fra-1 sshd[30201]: Invalid user ignacio from 51.255.204.101 port 45376","@timestamp":"2022-09-10T14:28:04.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:29:58 honeypot-fra-1 sshd[30206]: Received disconnect from 37.187.146.134 port 33331:11: Bye Bye [preauth]","@timestamp":"2022-09-10T14:29:59.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:31:08 honeypot-ams-1 sshd[7514]: Disconnected from authenticating user root 61.177.172.90 port 54750 [preauth]","@timestamp":"2022-09-10T14:31:09.287Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:31:27 honeypot-fra-1 sshd[30210]: Disconnected from authenticating user root 61.177.173.46 port 30905 [preauth]","@timestamp":"2022-09-10T14:31:28.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:31:45 honeypot-fra-1 sshd[30214]: Disconnected from invalid user dulap 27.71.238.208 port 49688 [preauth]","@timestamp":"2022-09-10T14:31:46.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:35:18 honeypot-fra-1 sshd[30220]: Received disconnect from 45.61.186.49 port 56146:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T14:35:19.132Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:35:28 honeypot-fra-1 sshd[30224]: Received disconnect from 45.61.186.49 port 39540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T14:35:29.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:37:23.243Z","@version":"1","message":"Sep 10 14:37:22 honeypot-sgp-1 sshd[3217]: Connection closed by authenticating user root 43.142.168.245 port 58856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:37:45.255Z","@version":"1","message":"Sep 10 14:37:44 honeypot-sgp-1 sshd[3232]: Connection closed by authenticating user root 43.142.168.245 port 59274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:37:46 honeypot-fra-1 sshd[30228]: Disconnected from invalid user kaliakra 165.22.45.108 port 45022 [preauth]","@timestamp":"2022-09-10T14:37:47.190Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:37:56.262Z","@version":"1","message":"Sep 10 14:37:56 honeypot-sgp-1 sshd[3234]: Received disconnect from 61.177.172.19 port 50351:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:38:19.273Z","@version":"1","message":"Sep 10 14:38:18 honeypot-sgp-1 sshd[3250]: Connection closed by authenticating user root 43.142.168.245 port 50858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:39:05.295Z","@version":"1","message":"Sep 10 14:39:04 honeypot-sgp-1 sshd[3262]: Connection closed by authenticating user root 43.142.168.245 port 40458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:39:31.308Z","@version":"1","message":"Sep 10 14:39:31 honeypot-sgp-1 sshd[3274]: Connection closed by authenticating user root 43.142.168.245 port 47766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:39:50.318Z","@version":"1","message":"Sep 10 14:39:49 honeypot-sgp-1 sshd[3286]: Connection closed by authenticating user root 43.142.168.245 port 33808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:40:31.339Z","@version":"1","message":"Sep 10 14:40:31 honeypot-sgp-1 sshd[3298]: Connection closed by authenticating user root 43.142.168.245 port 36254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:41:16.362Z","@version":"1","message":"Sep 10 14:41:16 honeypot-sgp-1 sshd[3313]: Connection closed by authenticating user root 43.142.168.245 port 40488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:41:41.375Z","@version":"1","message":"Sep 10 14:41:40 honeypot-sgp-1 sshd[3325]: Connection closed by authenticating user root 43.142.168.245 port 56250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:42:11.391Z","@version":"1","message":"Sep 10 14:42:10 honeypot-sgp-1 sshd[3337]: Connection closed by authenticating user root 43.142.168.245 port 48802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:42:28.399Z","@version":"1","message":"Sep 10 14:42:27 honeypot-sgp-1 sshd[3349]: Connection closed by authenticating user root 43.142.168.245 port 34034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:42:40 honeypot-ams-1 sshd[7524]: Received disconnect from 61.177.173.51 port 56791:11:  [preauth]","@timestamp":"2022-09-10T14:42:40.599Z"}
{"@timestamp":"2022-09-10T14:42:53.413Z","@version":"1","message":"Sep 10 14:42:52 honeypot-sgp-1 sshd[3361]: Connection closed by authenticating user root 43.142.168.245 port 51864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:43:32.431Z","@version":"1","message":"Sep 10 14:43:31 honeypot-sgp-1 kernel: [83697125.835609] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=238 ID=28408 PROTO=TCP SPT=29899 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:03.447Z","@version":"1","message":"Sep 10 14:44:03 honeypot-sgp-1 sshd[3381]: Received disconnect from 61.177.172.108 port 40759:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:21.457Z","@version":"1","message":"Sep 10 14:44:20 honeypot-sgp-1 sshd[3391]: Connection closed by invalid user user 43.142.168.245 port 58216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:33.463Z","@version":"1","message":"Sep 10 14:44:32 honeypot-sgp-1 sshd[3397]: Connection closed by invalid user user 43.142.168.245 port 39946 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:44:33 honeypot-fra-1 kernel: [83695506.993739] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47994 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:44:34.336Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T14:44:42.469Z","@version":"1","message":"Sep 10 14:44:41 honeypot-sgp-1 sshd[3401]: Connection closed by invalid user user 43.142.168.245 port 43114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:50.473Z","@version":"1","message":"Sep 10 14:44:50 honeypot-sgp-1 sshd[3409]: Connection closed by invalid user user 43.142.168.245 port 50412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:55.477Z","@version":"1","message":"Sep 10 14:44:55 honeypot-sgp-1 sshd[3415]: Connection closed by invalid user user 43.142.168.245 port 56144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:14.487Z","@version":"1","message":"Sep 10 14:45:13 honeypot-sgp-1 sshd[3421]: Connection closed by invalid user user 43.142.168.245 port 38570 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:32.496Z","@version":"1","message":"Sep 10 14:45:32 honeypot-sgp-1 sshd[3427]: Connection closed by invalid user user 43.142.168.245 port 51438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:49.504Z","@version":"1","message":"Sep 10 14:45:48 honeypot-sgp-1 sshd[3433]: Connection closed by invalid user user 43.142.168.245 port 60450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:00.511Z","@version":"1","message":"Sep 10 14:46:00 honeypot-sgp-1 sshd[3440]: Connection closed by invalid user user 43.142.168.245 port 44044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:07.515Z","@version":"1","message":"Sep 10 14:46:07 honeypot-sgp-1 sshd[3446]: Connection closed by invalid user user 43.142.168.245 port 50348 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:21.523Z","@version":"1","message":"Sep 10 14:46:20 honeypot-sgp-1 sshd[3452]: Connection closed by invalid user user 43.142.168.245 port 55992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:37.531Z","@version":"1","message":"Sep 10 14:46:36 honeypot-sgp-1 sshd[3458]: Connection closed by invalid user user 43.142.168.245 port 42930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:17.550Z","@version":"1","message":"Sep 10 14:47:17 honeypot-sgp-1 sshd[3464]: Connection closed by invalid user user 43.142.168.245 port 53704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:32.557Z","@version":"1","message":"Sep 10 14:47:31 honeypot-sgp-1 sshd[3470]: Connection closed by invalid user user 43.142.168.245 port 51528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:44.564Z","@version":"1","message":"Sep 10 14:47:44 honeypot-sgp-1 sshd[3478]: Disconnected from authenticating user root 61.177.172.104 port 33921 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:52.569Z","@version":"1","message":"Sep 10 14:47:52 honeypot-sgp-1 sshd[3482]: Connection closed by invalid user user 43.142.168.245 port 36408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:48:15.581Z","@version":"1","message":"Sep 10 14:48:14 honeypot-sgp-1 sshd[3488]: Connection closed by invalid user user 43.142.168.245 port 47156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:48:30.590Z","@version":"1","message":"Sep 10 14:48:29 honeypot-sgp-1 sshd[3494]: Connection closed by invalid user user 43.142.168.245 port 32884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:48:31 honeypot-ams-1 sshd[7531]: Received disconnect from 78.37.125.18 port 37167:11: Bye Bye [preauth]","@timestamp":"2022-09-10T14:48:31.753Z"}
{"@timestamp":"2022-09-10T14:48:40.596Z","@version":"1","message":"Sep 10 14:48:40 honeypot-sgp-1 sshd[3500]: Connection closed by invalid user user 43.142.168.245 port 43464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:49:33.622Z","@version":"1","message":"Sep 10 14:49:33 honeypot-sgp-1 sshd[3506]: Connection closed by invalid user user 43.142.168.245 port 39466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:50:13.722Z","@version":"1","message":"Sep 10 14:50:13 honeypot-sgp-1 sshd[3512]: Connection closed by invalid user user 43.142.168.245 port 47516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:50:36.734Z","@version":"1","message":"Sep 10 14:50:36 honeypot-sgp-1 sshd[3518]: Connection closed by invalid user user 43.142.168.245 port 38068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:51:04.747Z","@version":"1","message":"Sep 10 14:51:04 honeypot-sgp-1 sshd[3525]: Disconnected from authenticating user root 61.177.173.46 port 37887 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:51:26 honeypot-fra-1 sshd[30244]: Disconnected from authenticating user root 61.177.173.53 port 25735 [preauth]","@timestamp":"2022-09-10T14:51:26.487Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:51:27.784Z","@version":"1","message":"Sep 10 14:51:27 honeypot-sgp-1 sshd[3533]: Invalid user user from 43.142.168.245 port 46696","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:52:06.803Z","@version":"1","message":"Sep 10 14:52:06 honeypot-sgp-1 sshd[3537]: Connection closed by invalid user user 43.142.168.245 port 35298 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 14:53:14 honeypot-ams-1 kernel: [83698180.402043] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=34278 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:53:14.883Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 14:57:03 honeypot-ams-1 kernel: [83698409.758862] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.35 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54483 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:57:03.985Z"}
{"@timestamp":"2022-09-10T14:57:33.940Z","@version":"1","message":"Sep 10 14:57:33 honeypot-sgp-1 sshd[3542]: Received disconnect from 118.238.221.54 port 40614:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:00:18.009Z","@version":"1","message":"Sep 10 15:00:17 honeypot-sgp-1 sshd[3546]: Disconnected from authenticating user root 92.255.85.70 port 55194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:00:23 honeypot-fra-1 kernel: [83696456.773648] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=62528 PROTO=TCP SPT=59648 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:00:23.687Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:03:09 honeypot-ams-1 sshd[7549]: Disconnected from authenticating user root 61.177.173.47 port 53344 [preauth]","@timestamp":"2022-09-10T15:03:10.149Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:04:20 honeypot-fra-1 sshd[30252]: Received disconnect from 143.198.62.66 port 43878:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:04:21.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:05:53 honeypot-fra-1 sshd[30257]: Received disconnect from 185.149.120.61 port 51496:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:05:53.812Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:07:36.193Z","@version":"1","message":"Sep 10 15:07:35 honeypot-sgp-1 kernel: [83698569.634451] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.108.175 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30543 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:09:03 honeypot-fra-1 sshd[30261]: Disconnected from invalid user kandlharsh 165.22.45.108 port 49776 [preauth]","@timestamp":"2022-09-10T15:09:04.885Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 15:11:08 honeypot-ams-1 kernel: [83699254.302871] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.45.100.120 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=65499 PROTO=TCP SPT=26251 DPT=80 WINDOW=42323 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:11:08.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:12:13 honeypot-ams-1 sshd[7558]: Disconnected from invalid user robert 61.93.186.125 port 33999 [preauth]","@timestamp":"2022-09-10T15:12:13.386Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 15:12:49 honeypot-ams-1 kernel: [83699355.677324] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.197.40.144 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=18599 DF PROTO=TCP SPT=54815 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:12:50.406Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:13:38 honeypot-fra-1 sshd[30341]: Invalid user devops from 141.98.10.158 port 49946","@timestamp":"2022-09-10T15:13:38.987Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:15:05.397Z","@version":"1","message":"Sep 10 15:15:04 honeypot-sgp-1 sshd[3559]: Disconnected from authenticating user root 61.177.172.124 port 39116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:16:14.428Z","@version":"1","message":"Sep 10 15:16:13 honeypot-sgp-1 sshd[3565]: Disconnected from 157.245.9.6 port 50462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:17:01 honeypot-fra-1 CRON[30347]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T15:17:02.064Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:17:01 honeypot-ams-1 CRON[7571]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T15:17:02.518Z"}
{"@timestamp":"2022-09-10T15:18:26.483Z","@version":"1","message":"Sep 10 15:18:25 honeypot-sgp-1 sshd[3572]: Received disconnect from 142.93.116.249 port 38980:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:19:51.520Z","@version":"1","message":"Sep 10 15:19:51 honeypot-sgp-1 sshd[3578]: Invalid user user from 198.98.61.9 port 41992","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:20:03.527Z","@version":"1","message":"Sep 10 15:20:02 honeypot-sgp-1 sshd[3580]: Invalid user user from 198.98.61.9 port 53548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:20:21.536Z","@version":"1","message":"Sep 10 15:20:20 honeypot-sgp-1 sshd[3586]: Invalid user user from 198.98.61.9 port 48408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:20:40.545Z","@version":"1","message":"Sep 10 15:20:39 honeypot-sgp-1 sshd[3590]: Invalid user user from 198.98.61.9 port 43262","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:20:49 honeypot-fra-1 sshd[30353]: Connection closed by invalid user test 193.106.191.157 port 47906 [preauth]","@timestamp":"2022-09-10T15:20:50.151Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:24:29 honeypot-ams-1 sshd[7578]: Received disconnect from 61.177.173.46 port 25391:11:  [preauth]","@timestamp":"2022-09-10T15:24:29.722Z"}
{"@timestamp":"2022-09-10T15:24:47.646Z","@version":"1","message":"Sep 10 15:24:46 honeypot-sgp-1 sshd[3595]: Received disconnect from 92.255.85.69 port 16392:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:25:59 honeypot-fra-1 kernel: [83697992.558956] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.23.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=19619 PROTO=TCP SPT=56101 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:26:00.266Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:27:33 honeypot-fra-1 sshd[30364]: Disconnected from authenticating user root 92.255.85.69 port 61204 [preauth]","@timestamp":"2022-09-10T15:27:33.303Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:28:58 honeypot-ams-1 sshd[7583]: Disconnected from authenticating user root 92.255.85.69 port 54576 [preauth]","@timestamp":"2022-09-10T15:28:58.845Z"}
{"@timestamp":"2022-09-10T15:30:15.782Z","@version":"1","message":"Sep 10 15:30:15 honeypot-sgp-1 sshd[3605]: Invalid user User from 138.99.93.14 port 35032","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:33:51 honeypot-fra-1 sshd[30371]: Received disconnect from 61.177.172.124 port 35859:11:  [preauth]","@timestamp":"2022-09-10T15:33:51.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:36:48 honeypot-fra-1 sshd[30375]: Received disconnect from 94.180.57.15 port 38572:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:36:49.526Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 15:37:49 honeypot-ams-1 kernel: [83700855.699158] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=34500 PROTO=TCP SPT=59082 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:37:50.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:38:20 honeypot-fra-1 sshd[30379]: Disconnected from authenticating user root 61.177.173.36 port 59738 [preauth]","@timestamp":"2022-09-10T15:38:20.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:40:38 honeypot-fra-1 sshd[30384]: Received disconnect from 165.22.45.108 port 54530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T15:40:38.615Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:43:52.112Z","@version":"1","message":"Sep 10 15:43:51 honeypot-sgp-1 sshd[3612]: Received disconnect from 61.177.173.49 port 24356:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:47:11 honeypot-fra-1 sshd[30389]: Disconnected from authenticating user root 164.90.229.196 port 42054 [preauth]","@timestamp":"2022-09-10T15:47:11.775Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:49:37 honeypot-ams-1 sshd[7674]: Invalid user 73.121.11.77 from 200.69.141.210 port 43025","@timestamp":"2022-09-10T15:49:38.396Z"}
{"@timestamp":"2022-09-10T15:50:40.276Z","@version":"1","message":"Sep 10 15:50:40 honeypot-sgp-1 sshd[3619]: Disconnected from authenticating user root 61.177.172.90 port 28662 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:34.325Z","@version":"1","message":"Sep 10 15:52:34 honeypot-sgp-1 sshd[3624]: Invalid user user from 141.255.162.226 port 40568","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:36.327Z","@version":"1","message":"Sep 10 15:52:36 honeypot-sgp-1 sshd[3628]: Invalid user user from 141.255.162.226 port 35008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:38.328Z","@version":"1","message":"Sep 10 15:52:37 honeypot-sgp-1 sshd[3632]: Invalid user user from 141.255.162.226 port 42574","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:53:34 honeypot-ams-1 sshd[7682]: Disconnected from authenticating user root 92.255.85.69 port 54420 [preauth]","@timestamp":"2022-09-10T15:53:35.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:53:53 honeypot-fra-1 sshd[30400]: Received disconnect from 206.189.197.134 port 46514:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:53:53.919Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:00:21 honeypot-ams-1 sshd[7693]: Disconnected from invalid user prasad 209.141.52.250 port 49084 [preauth]","@timestamp":"2022-09-10T16:00:21.678Z"}
{"@timestamp":"2022-09-10T16:06:05.653Z","@version":"1","message":"Sep 10 16:06:05 honeypot-sgp-1 kernel: [83702079.675421] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41195 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:06:48 honeypot-fra-1 kernel: [83700441.101823] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33992 PROTO=TCP SPT=45980 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:06:48.207Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T16:07:37.693Z","@version":"1","message":"Sep 10 16:07:37 honeypot-sgp-1 sshd[3641]: Received disconnect from 141.255.162.226 port 57388:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:41.696Z","@version":"1","message":"Sep 10 16:07:41 honeypot-sgp-1 sshd[3645]: Received disconnect from 141.255.162.226 port 36638:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:44.697Z","@version":"1","message":"Sep 10 16:07:43 honeypot-sgp-1 sshd[3649]: Received disconnect from 141.255.162.226 port 51620:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:09:04 honeypot-ams-1 sshd[7702]: Invalid user test2 from 103.188.176.251 port 54642","@timestamp":"2022-09-10T16:09:04.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:13:23 honeypot-fra-1 sshd[30409]: Invalid user test2 from 103.188.176.251 port 39342","@timestamp":"2022-09-10T16:13:23.383Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:14:54.872Z","@version":"1","message":"Sep 10 16:14:54 honeypot-sgp-1 sshd[3656]: Did not receive identification string from 45.61.187.160 port 53042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:15:27.888Z","@version":"1","message":"Sep 10 16:15:27 honeypot-sgp-1 sshd[3659]: Disconnected from invalid user user 45.61.187.160 port 59038 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:15:48.899Z","@version":"1","message":"Sep 10 16:15:48 honeypot-sgp-1 sshd[3663]: Disconnected from invalid user user 45.61.187.160 port 53890 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:16:10.910Z","@version":"1","message":"Sep 10 16:16:10 honeypot-sgp-1 sshd[3667]: Disconnected from invalid user user 45.61.187.160 port 48752 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:17:01 honeypot-fra-1 CRON[30414]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T16:17:01.468Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:17:01.934Z","@version":"1","message":"Sep 10 16:17:01 honeypot-sgp-1 CRON[3672]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:17:10 honeypot-ams-1 sshd[7709]: Received disconnect from 92.255.85.69 port 61496:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:17:11.136Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30432]: Invalid user guest from 193.187.101.187 port 57174","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30427]: Invalid user devops from 193.187.101.187 port 57112","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30427]: Connection closed by invalid user devops 193.187.101.187 port 57112 [preauth]","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30423]: Connection closed by invalid user ftpuser 193.187.101.187 port 57106 [preauth]","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30432]: Connection closed by invalid user guest 193.187.101.187 port 57174 [preauth]","@timestamp":"2022-09-10T16:22:02.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:05 honeypot-fra-1 sshd[30420]: Invalid user git from 193.187.101.187 port 57170","@timestamp":"2022-09-10T16:22:05.586Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:22:15.061Z","@version":"1","message":"Sep 10 16:22:14 honeypot-sgp-1 kernel: [83703048.468239] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.45 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56488 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:22:57 honeypot-ams-1 kernel: [83703563.755589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.216.98 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=35067 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:22:58.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:26:28 honeypot-fra-1 sshd[30460]: Connection closed by invalid user test 193.106.191.157 port 59588 [preauth]","@timestamp":"2022-09-10T16:26:28.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:28:44 honeypot-ams-1 sshd[7719]: Received disconnect from 137.184.105.25 port 40140:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:28:45.447Z"}
{"@timestamp":"2022-09-10T16:30:00.249Z","@version":"1","message":"Sep 10 16:29:59 honeypot-sgp-1 sshd[3681]: Received disconnect from 61.194.35.119 port 54706:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:32:40 honeypot-fra-1 sshd[30466]: Did not receive identification string from 144.217.86.109 port 58470","@timestamp":"2022-09-10T16:32:40.843Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:34:22 honeypot-ams-1 sshd[7736]: Received disconnect from 177.73.136.175 port 53362:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:34:23.599Z"}
{"@timestamp":"2022-09-10T16:34:49.366Z","@version":"1","message":"Sep 10 16:34:49 honeypot-sgp-1 sshd[3685]: Received disconnect from 92.255.85.70 port 43378:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:38:53 honeypot-ams-1 kernel: [83704519.378432] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=36947 PROTO=TCP SPT=47202 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:38:53.719Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:43:26 honeypot-fra-1 sshd[30473]: Invalid user alan from 84.52.103.234 port 37679","@timestamp":"2022-09-10T16:43:27.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:43:40 honeypot-fra-1 sshd[30477]: Received disconnect from 102.129.37.140 port 44428:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:43:41.095Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:49:44 honeypot-ams-1 sshd[7749]: Received disconnect from 114.4.110.242 port 41470:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:49:45.008Z"}
{"@timestamp":"2022-09-10T16:51:26.762Z","@version":"1","message":"Sep 10 16:51:25 honeypot-sgp-1 kernel: [83704800.088818] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45015 PROTO=TCP SPT=47794 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:58:14 honeypot-fra-1 sshd[30480]: Disconnected from invalid user john 164.92.87.79 port 38530 [preauth]","@timestamp":"2022-09-10T16:58:15.422Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:01:14.995Z","@version":"1","message":"Sep 10 17:01:14 honeypot-sgp-1 sshd[3695]: Received disconnect from 208.68.39.20 port 54260:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:02:21 honeypot-ams-1 kernel: [83705927.820558] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.3 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=20708 PROTO=TCP SPT=56336 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:02:22.339Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:06:21 honeypot-fra-1 kernel: [83704014.259691] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.92.32.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=11001 PROTO=TCP SPT=49579 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:06:21.619Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:07:14 honeypot-ams-1 sshd[7758]: Invalid user flopy from 117.144.178.162 port 46760","@timestamp":"2022-09-10T17:07:14.495Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:09:01 honeypot-ams-1 CRON[7763]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T17:09:02.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:10:39 honeypot-ams-1 sshd[7766]: Connection closed by invalid user test 193.106.191.157 port 43710 [preauth]","@timestamp":"2022-09-10T17:10:40.587Z"}
{"@timestamp":"2022-09-10T17:10:48.238Z","@version":"1","message":"Sep 10 17:10:48 honeypot-sgp-1 kernel: [83705962.229399] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=85.237.200.148 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42176 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:11:42 honeypot-ams-1 sshd[7774]: Disconnected from invalid user admin 91.240.118.222 port 23194 [preauth]","@timestamp":"2022-09-10T17:11:42.616Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:13:52 honeypot-fra-1 sshd[30494]: Invalid user takashi from 139.59.247.236 port 42844","@timestamp":"2022-09-10T17:13:52.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:14:41 honeypot-fra-1 sshd[30498]: Invalid user shanthala from 157.230.47.60 port 53700","@timestamp":"2022-09-10T17:14:41.821Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:14:53 honeypot-fra-1 kernel: [83704526.242251] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.92.22.114 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47386 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:14:53.826Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T17:18:50.458Z","@version":"1","message":"Sep 10 17:18:49 honeypot-sgp-1 sshd[3705]: Disconnected from invalid user vis123 189.4.149.140 port 49258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:21:24 honeypot-ams-1 sshd[7783]: Connection closed by invalid user admin 121.130.13.166 port 40498 [preauth]","@timestamp":"2022-09-10T17:21:24.866Z"}
{"@timestamp":"2022-09-10T17:25:07.610Z","@version":"1","message":"Sep 10 17:25:06 honeypot-sgp-1 sshd[3712]: Disconnected from authenticating user root 134.209.210.254 port 53708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:27:33.671Z","@version":"1","message":"Sep 10 17:27:33 honeypot-sgp-1 sshd[3718]: Received disconnect from 45.61.186.49 port 51260:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:27:43.676Z","@version":"1","message":"Sep 10 17:27:43 honeypot-sgp-1 sshd[3722]: Received disconnect from 45.61.186.49 port 34330:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:28:22 honeypot-fra-1 kernel: [83705335.318280] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=65363 PROTO=TCP SPT=51968 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:28:23.126Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:30:39 honeypot-ams-1 kernel: [83707625.994991] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.203.245 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39331 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:30:40.105Z"}
{"@timestamp":"2022-09-10T17:33:30.818Z","@version":"1","message":"Sep 10 17:33:30 honeypot-sgp-1 sshd[3726]: Received disconnect from 45.61.184.204 port 43094:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:33:50.829Z","@version":"1","message":"Sep 10 17:33:50 honeypot-sgp-1 sshd[3730]: Received disconnect from 45.61.184.204 port 38034:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:34:08.838Z","@version":"1","message":"Sep 10 17:34:08 honeypot-sgp-1 sshd[3734]: Invalid user user from 45.61.184.204 port 32972","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:34:25.846Z","@version":"1","message":"Sep 10 17:34:25 honeypot-sgp-1 sshd[3738]: Invalid user user from 45.61.184.204 port 56148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:37:24 honeypot-fra-1 kernel: [83705877.047417] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56182 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:37:24.332Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T17:40:21.990Z","@version":"1","message":"Sep 10 17:40:21 honeypot-sgp-1 kernel: [83707735.714195] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.146.23.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=60207 PROTO=TCP SPT=56101 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:38 honeypot-fra-1 sshd[30515]: Disconnected from invalid user user 141.255.162.226 port 33206 [preauth]","@timestamp":"2022-09-10T17:40:38.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:39 honeypot-fra-1 sshd[30519]: Disconnected from invalid user user 141.255.162.226 port 46682 [preauth]","@timestamp":"2022-09-10T17:40:40.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:43 honeypot-fra-1 sshd[30523]: Disconnected from invalid user user 141.255.162.226 port 34504 [preauth]","@timestamp":"2022-09-10T17:40:44.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:45:21 honeypot-fra-1 kernel: [83706354.370184] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51697 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:45:22.518Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:46:52 honeypot-ams-1 sshd[7795]: Connection closed by invalid user User 181.210.22.182 port 39131 [preauth]","@timestamp":"2022-09-10T17:46:53.535Z"}
{"@timestamp":"2022-09-10T17:48:02.170Z","@version":"1","message":"Sep 10 17:48:01 honeypot-sgp-1 sshd[3749]: Connection closed by 207.65.145.87 port 45279 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:52:42.282Z","@version":"1","message":"Sep 10 17:52:41 honeypot-sgp-1 sshd[3753]: Received disconnect from 139.255.245.86 port 55466:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:55:51.356Z","@version":"1","message":"Sep 10 17:55:50 honeypot-sgp-1 sshd[3758]: Invalid user duke from 223.75.144.193 port 43251","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:00:39 honeypot-fra-1 kernel: [83707272.163417] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57752 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:00:39.856Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:34 honeypot-ams-1 sshd[7804]: Invalid user user from 141.255.162.226 port 33518","@timestamp":"2022-09-10T18:01:34.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:36 honeypot-ams-1 sshd[7808]: Invalid user user from 141.255.162.226 port 54054","@timestamp":"2022-09-10T18:01:36.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:38 honeypot-ams-1 sshd[7812]: Invalid user user from 141.255.162.226 port 48904","@timestamp":"2022-09-10T18:01:38.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:42 honeypot-ams-1 sshd[7816]: Invalid user user from 141.255.162.226 port 36072","@timestamp":"2022-09-10T18:01:42.922Z"}
{"@timestamp":"2022-09-10T18:01:49.497Z","@version":"1","message":"Sep 10 18:01:49 honeypot-sgp-1 sshd[3761]: Received disconnect from 45.230.167.36 port 33442:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T18:07:51.660Z","@version":"1","message":"Sep 10 18:07:51 honeypot-sgp-1 kernel: [83709385.514996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=53778 DF PROTO=TCP SPT=58748 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:09:30 honeypot-fra-1 kernel: [83707803.313574] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=134.122.120.243 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36901 PROTO=TCP SPT=53282 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:09:31.055Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:09:40 honeypot-ams-1 kernel: [83709967.079745] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55176 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:09:41.125Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:14:17 honeypot-fra-1 kernel: [83708090.189395] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=40461 PROTO=TCP SPT=49663 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:14:18.164Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:16:24 honeypot-ams-1 sshd[7825]: Connection closed by invalid user test 193.106.191.157 port 55658 [preauth]","@timestamp":"2022-09-10T18:16:25.296Z"}
{"@timestamp":"2022-09-10T18:17:02.878Z","@version":"1","message":"Sep 10 18:17:01 honeypot-sgp-1 CRON[3771]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:18:55 honeypot-fra-1 sshd[30545]: Did not receive identification string from 141.255.162.226 port 58524","@timestamp":"2022-09-10T18:18:55.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:08 honeypot-fra-1 sshd[30548]: Disconnected from invalid user user 141.255.162.226 port 48910 [preauth]","@timestamp":"2022-09-10T18:19:08.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:13 honeypot-fra-1 sshd[30552]: Disconnected from invalid user user 141.255.162.226 port 42086 [preauth]","@timestamp":"2022-09-10T18:19:14.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:14 honeypot-fra-1 sshd[30556]: Disconnected from invalid user user 141.255.162.226 port 49226 [preauth]","@timestamp":"2022-09-10T18:19:15.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:24:29 honeypot-fra-1 sshd[30563]: Did not receive identification string from 45.61.186.249 port 40038","@timestamp":"2022-09-10T18:24:30.395Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:24:54 honeypot-fra-1 sshd[30566]: Disconnected from invalid user user 45.61.186.249 port 34844 [preauth]","@timestamp":"2022-09-10T18:24:55.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:13 honeypot-fra-1 sshd[30570]: Disconnected from invalid user user 45.61.186.249 port 57626 [preauth]","@timestamp":"2022-09-10T18:25:14.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:22 honeypot-fra-1 sshd[30574]: Disconnected from invalid user user 45.61.186.249 port 40816 [preauth]","@timestamp":"2022-09-10T18:25:23.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:32 honeypot-fra-1 sshd[30578]: Disconnected from invalid user user 45.61.186.249 port 52202 [preauth]","@timestamp":"2022-09-10T18:25:32.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:49 honeypot-fra-1 sshd[30583]: Disconnected from invalid user user 45.61.186.249 port 46780 [preauth]","@timestamp":"2022-09-10T18:25:50.433Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:29:36 honeypot-ams-1 kernel: [83711162.515908] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51246 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:29:36.648Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:32:20 honeypot-fra-1 sshd[30589]: Connection closed by invalid user admin 141.98.10.158 port 32768 [preauth]","@timestamp":"2022-09-10T18:32:21.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:35:59 honeypot-fra-1 sshd[30594]: Disconnected from authenticating user root 92.255.85.69 port 42402 [preauth]","@timestamp":"2022-09-10T18:36:00.666Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:42:39.495Z","@version":"1","message":"Sep 10 18:42:39 honeypot-sgp-1 kernel: [83711473.200774] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.83.64.217 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=1816 DF PROTO=TCP SPT=4060 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:43:26 honeypot-ams-1 sshd[7843]: Connection closed by invalid user easyits 103.188.176.251 port 56638 [preauth]","@timestamp":"2022-09-10T18:43:27.001Z"}
{"@timestamp":"2022-09-10T18:46:45.592Z","@version":"1","message":"Sep 10 18:46:45 honeypot-sgp-1 sshd[3783]: Disconnected from invalid user eddie 164.92.142.65 port 58416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:48:34 honeypot-fra-1 kernel: [83710147.507986] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.83.67.213 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=59 ID=44779 DF PROTO=TCP SPT=57765 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:48:34.949Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:51:12 honeypot-fra-1 sshd[30603]: Connection closed by invalid user User 81.184.234.222 port 45192 [preauth]","@timestamp":"2022-09-10T18:51:13.011Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:53:52.759Z","@version":"1","message":"Sep 10 18:53:52 honeypot-sgp-1 sshd[3788]: Disconnected from invalid user gast 149.7.217.27 port 50158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:55:55 honeypot-ams-1 sshd[7850]: Invalid user hudson from 41.185.26.240 port 46434","@timestamp":"2022-09-10T18:55:55.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:58:38 honeypot-fra-1 sshd[30608]: Disconnected from invalid user usuario 92.255.85.69 port 49254 [preauth]","@timestamp":"2022-09-10T18:58:39.178Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:00:42 honeypot-ams-1 kernel: [83713029.045514] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=62653 PROTO=TCP SPT=57909 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:00:43.444Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:01:49 honeypot-ams-1 sshd[7858]: Disconnected from invalid user snelson 83.221.180.202 port 33642 [preauth]","@timestamp":"2022-09-10T19:01:50.476Z"}
{"@timestamp":"2022-09-10T19:03:00.970Z","@version":"1","message":"Sep 10 19:03:00 honeypot-sgp-1 sshd[3793]: Disconnected from authenticating user root 159.65.136.44 port 38122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:07:10 honeypot-ams-1 kernel: [83713416.660923] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.158.14.109 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x20 TTL=57 ID=55665 PROTO=TCP SPT=2438 DPT=80 WINDOW=36878 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:07:10.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:09:37 honeypot-ams-1 sshd[7868]: Received disconnect from 80.76.51.189 port 33672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:09:37.700Z"}
{"@timestamp":"2022-09-10T19:10:31.146Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3803]: Invalid user esuser from 94.156.175.57 port 34863","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3801]: Invalid user steam from 94.156.175.57 port 34838","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3807]: Invalid user postgres from 94.156.175.57 port 34839","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3819]: Invalid user steam from 94.156.175.57 port 34855","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3804]: Connection closed by invalid user elastic 94.156.175.57 port 34820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3818]: Invalid user ubuntu from 94.156.175.57 port 34817","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3812]: Connection closed by invalid user ts3server 94.156.175.57 port 34849 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3800]: Connection closed by invalid user ftpuser 94.156.175.57 port 34842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3823]: Connection closed by invalid user ts3 94.156.175.57 port 34871 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3826]: Connection closed by invalid user mcsv 94.156.175.57 port 34834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:10:41 honeypot-ams-1 sshd[7872]: Received disconnect from 80.76.51.189 port 55318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:10:41.730Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:10:50 honeypot-fra-1 kernel: [83711483.173121] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=64911 PROTO=TCP SPT=57909 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:10:51.469Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:16:53 honeypot-ams-1 sshd[7877]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-10T19:16:54.894Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:17:46 honeypot-fra-1 sshd[30618]: Received disconnect from 67.205.174.220 port 45420:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:17:47.629Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:19:27.352Z","@version":"1","message":"Sep 10 19:19:27 honeypot-sgp-1 sshd[3861]: Received disconnect from 92.255.85.69 port 61988:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:21:03 honeypot-fra-1 sshd[30621]: Disconnected from invalid user kanwarpreet 165.22.45.108 port 59642 [preauth]","@timestamp":"2022-09-10T19:21:04.702Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:21:49 honeypot-ams-1 kernel: [83714295.267171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.38 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=30866 PROTO=TCP SPT=58530 DPT=3389 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:21:50.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:22:29 honeypot-fra-1 kernel: [83712181.957007] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=37114 PROTO=TCP SPT=40096 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:22:29.736Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:25:20 honeypot-ams-1 sshd[7888]: Received disconnect from 92.255.85.70 port 51818:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:25:21.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:26:51 honeypot-ams-1 sshd[7893]: Invalid user user from 45.61.184.204 port 37684","@timestamp":"2022-09-10T19:26:51.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:01 honeypot-ams-1 sshd[7897]: Disconnected from invalid user user 45.61.184.204 port 49360 [preauth]","@timestamp":"2022-09-10T19:27:02.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:10 honeypot-ams-1 sshd[7901]: Disconnected from invalid user user 45.61.184.204 port 32798 [preauth]","@timestamp":"2022-09-10T19:27:11.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:19 honeypot-ams-1 sshd[7905]: Disconnected from invalid user user 45.61.184.204 port 44480 [preauth]","@timestamp":"2022-09-10T19:27:20.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:28 honeypot-ams-1 sshd[7909]: Disconnected from invalid user user 45.61.184.204 port 56196 [preauth]","@timestamp":"2022-09-10T19:27:29.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:37 honeypot-ams-1 sshd[7913]: Disconnected from invalid user user 45.61.184.204 port 39592 [preauth]","@timestamp":"2022-09-10T19:27:37.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:49 honeypot-ams-1 sshd[7917]: Disconnected from invalid user user 45.61.186.169 port 46502 [preauth]","@timestamp":"2022-09-10T19:27:50.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:31:54 honeypot-ams-1 sshd[7924]: Connection closed by authenticating user root 111.68.111.100 port 39088 [preauth]","@timestamp":"2022-09-10T19:31:55.303Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:36:21 honeypot-fra-1 sshd[30634]: Invalid user mama from 51.255.168.152 port 51024","@timestamp":"2022-09-10T19:36:22.046Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:42:47.877Z","@version":"1","message":"Sep 10 19:42:46 honeypot-sgp-1 sshd[3866]: Invalid user usuario from 92.255.85.70 port 63054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:45:37 honeypot-fra-1 kernel: [83713570.268184] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.255.108.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=331 PROTO=TCP SPT=58535 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:45:38.255Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:47:08 honeypot-ams-1 sshd[7937]: Connection closed by authenticating user root 111.68.111.100 port 35362 [preauth]","@timestamp":"2022-09-10T19:47:08.698Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:49:45 honeypot-ams-1 kernel: [83715971.919326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.230.197.216 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=24708 PROTO=TCP SPT=13076 DPT=80 WINDOW=31572 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:49:46.770Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:52:21 honeypot-fra-1 sshd[30645]: Disconnected from invalid user kanwarpreet 165.22.45.108 port 36152 [preauth]","@timestamp":"2022-09-10T19:52:22.404Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:59:32.278Z","@version":"1","message":"Sep 10 19:59:31 honeypot-sgp-1 kernel: [83716085.297693] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.8 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33436 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:04:34 honeypot-ams-1 sshd[7951]: Connection closed by invalid user User 113.160.198.128 port 29302 [preauth]","@timestamp":"2022-09-10T20:04:35.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:04:39 honeypot-fra-1 sshd[30658]: Did not receive identification string from 45.61.187.160 port 35540","@timestamp":"2022-09-10T20:04:39.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:17 honeypot-fra-1 sshd[30661]: Disconnected from invalid user user 45.61.187.160 port 46262 [preauth]","@timestamp":"2022-09-10T20:05:17.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:37 honeypot-fra-1 sshd[30665]: Disconnected from invalid user user 45.61.187.160 port 40980 [preauth]","@timestamp":"2022-09-10T20:05:38.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:55 honeypot-fra-1 sshd[30669]: Disconnected from invalid user user 45.61.187.160 port 35696 [preauth]","@timestamp":"2022-09-10T20:05:55.714Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:08:40.493Z","@version":"1","message":"Sep 10 20:08:39 honeypot-sgp-1 sshd[3880]: Unable to negotiate with 113.5.234.18 port 23866: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:08:49 honeypot-fra-1 sshd[30673]: Received disconnect from 92.255.85.70 port 50562:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:08:49.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:13:22 honeypot-ams-1 kernel: [83717388.680620] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.91.47.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=31155 PROTO=TCP SPT=64366 DPT=80 WINDOW=48622 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:13:23.380Z"}
{"@timestamp":"2022-09-10T20:15:08.652Z","@version":"1","message":"Sep 10 20:15:07 honeypot-sgp-1 sshd[3885]: Invalid user test3 from 190.52.39.248 port 41888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:16:04.676Z","@version":"1","message":"Sep 10 20:16:04 honeypot-sgp-1 sshd[3890]: Disconnected from authenticating user root 36.93.7.178 port 34106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:16:23 honeypot-ams-1 sshd[7961]: Disconnected from authenticating user root 183.81.32.198 port 34276 [preauth]","@timestamp":"2022-09-10T20:16:23.481Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:22:55 honeypot-fra-1 sshd[30680]: Invalid user forever-agent from 212.112.98.98 port 35032","@timestamp":"2022-09-10T20:22:56.089Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:23:29.851Z","@version":"1","message":"Sep 10 20:23:29 honeypot-sgp-1 kernel: [83717523.616791] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=12875 DF PROTO=TCP SPT=50199 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:24:05 honeypot-ams-1 kernel: [83718031.707884] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=25520 PROTO=TCP SPT=23670 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:24:05.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:24:20 honeypot-fra-1 kernel: [83715893.387001] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=325 PROTO=TCP SPT=45116 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:24:21.121Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:29:01.010Z","@version":"1","message":"Sep 10 20:29:00 honeypot-sgp-1 sshd[3899]: Received disconnect from 210.196.250.246 port 54068:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:31:19 honeypot-ams-1 kernel: [83718465.593344] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=24875 PROTO=TCP SPT=59508 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:31:19.869Z"}
{"@timestamp":"2022-09-10T20:31:26.069Z","@version":"1","message":"Sep 10 20:31:25 honeypot-sgp-1 sshd[3903]: Invalid user admin from 213.190.4.147 port 36670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:32:14 honeypot-fra-1 sshd[30691]: Invalid user usuario from 92.255.85.70 port 55902","@timestamp":"2022-09-10T20:32:14.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:38:33 honeypot-ams-1 kernel: [83718899.282491] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.234.159.72 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=14993 PROTO=TCP SPT=2672 DPT=80 WINDOW=13640 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:38:34.055Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:40:33 honeypot-fra-1 sshd[30697]: Received disconnect from 178.62.99.217 port 39490:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:40:33.493Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:40:59.304Z","@version":"1","message":"Sep 10 20:40:58 honeypot-sgp-1 sshd[3906]: Received disconnect from 1.224.37.98 port 49376:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:43:01 honeypot-fra-1 sshd[30703]: Disconnected from authenticating user root 51.79.250.95 port 56792 [preauth]","@timestamp":"2022-09-10T20:43:02.551Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:43:52 honeypot-ams-1 sshd[7984]: Received disconnect from 162.241.222.29 port 59666:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:43:53.192Z"}
{"@timestamp":"2022-09-10T20:43:54.374Z","@version":"1","message":"Sep 10 20:43:54 honeypot-sgp-1 kernel: [83718748.249291] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.165.225.206 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=37253 DF PROTO=TCP SPT=22452 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:44:53.401Z","@version":"1","message":"Sep 10 20:44:52 honeypot-sgp-1 sshd[3915]: Received disconnect from 45.61.186.249 port 60522:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:13.411Z","@version":"1","message":"Sep 10 20:45:13 honeypot-sgp-1 sshd[3919]: Received disconnect from 45.61.186.249 port 55682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:31.419Z","@version":"1","message":"Sep 10 20:45:31 honeypot-sgp-1 sshd[3923]: Received disconnect from 45.61.186.249 port 50850:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:50.427Z","@version":"1","message":"Sep 10 20:45:50 honeypot-sgp-1 sshd[3927]: Received disconnect from 45.61.186.249 port 46008:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:46:12 honeypot-fra-1 kernel: [83717205.132603] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60181 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:46:13.627Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:52:51.594Z","@version":"1","message":"Sep 10 20:52:51 honeypot-sgp-1 sshd[3930]: Received disconnect from 92.255.85.69 port 58858:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:53:34 honeypot-ams-1 kernel: [83719800.499682] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.158.14.109 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x20 TTL=57 ID=45719 PROTO=TCP SPT=47967 DPT=80 WINDOW=27287 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:53:35.438Z"}
{"@timestamp":"2022-09-10T20:55:00.674Z","@version":"1","message":"Sep 10 20:54:59 honeypot-sgp-1 kernel: [83719413.719154] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=36280 DF PROTO=TCP SPT=34038 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:55:04 honeypot-fra-1 sshd[30714]: Invalid user kanwarpreet from 165.22.45.108 port 47282","@timestamp":"2022-09-10T20:55:04.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:57:25 honeypot-fra-1 sshd[30719]: Received disconnect from 51.15.140.163 port 44536:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:57:25.926Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:58:55.765Z","@version":"1","message":"Sep 10 20:58:55 honeypot-sgp-1 sshd[3933]: Disconnected from invalid user vnc 23.224.98.194 port 33056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:58:57 honeypot-ams-1 kernel: [83720123.621466] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.248.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63409 PROTO=TCP SPT=38975 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:58:58.579Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:00:00 honeypot-ams-1 kernel: [83720186.476014] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=60978 PROTO=TCP SPT=41228 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:00:00.608Z"}
{"@timestamp":"2022-09-10T21:07:26.977Z","@version":"1","message":"Sep 10 21:07:26 honeypot-sgp-1 sshd[3938]: Invalid user alien from 122.160.65.215 port 35450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:08:04 honeypot-fra-1 kernel: [83718516.427749] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7105 PROTO=TCP SPT=43603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:08:04.168Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:08:55 honeypot-fra-1 sshd[30729]: Received disconnect from 45.61.186.49 port 43230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:08:56.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:09:07 honeypot-fra-1 sshd[30733]: Received disconnect from 45.61.186.49 port 55042:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:09:08.198Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:11:30.070Z","@version":"1","message":"Sep 10 21:11:29 honeypot-sgp-1 sshd[3943]: Received disconnect from 80.229.18.62 port 34876:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:11:34 honeypot-fra-1 sshd[30737]: Connection closed by 192.241.219.227 port 32844 [preauth]","@timestamp":"2022-09-10T21:11:34.255Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:13:14 honeypot-ams-1 sshd[8000]: Invalid user fred from 89.163.178.15 port 46952","@timestamp":"2022-09-10T21:13:14.954Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:13:57 honeypot-ams-1 kernel: [83721023.611538] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.125.205.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=5170 PROTO=TCP SPT=26970 DPT=443 WINDOW=13066 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:13:57.975Z"}
{"@timestamp":"2022-09-10T21:14:07.132Z","@version":"1","message":"Sep 10 21:14:06 honeypot-sgp-1 sshd[3947]: Disconnected from invalid user user 45.61.186.49 port 44870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T21:14:16.136Z","@version":"1","message":"Sep 10 21:14:15 honeypot-sgp-1 sshd[3951]: Disconnected from invalid user user 45.61.186.49 port 56454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:40 honeypot-fra-1 sshd[30743]: Received disconnect from 45.61.184.204 port 38530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:14:41.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:59 honeypot-fra-1 sshd[30747]: Received disconnect from 45.61.184.204 port 33326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:15:00.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:15:17 honeypot-fra-1 sshd[30751]: Received disconnect from 45.61.184.204 port 56402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:15:17.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:17:01 honeypot-ams-1 CRON[8007]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T21:17:02.055Z"}
{"@timestamp":"2022-09-10T21:17:02.202Z","@version":"1","message":"Sep 10 21:17:02 honeypot-sgp-1 CRON[3959]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:17:01 honeypot-fra-1 CRON[30755]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T21:17:02.385Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:18:30 honeypot-ams-1 sshd[8013]: Disconnected from authenticating user root 159.89.230.196 port 50408 [preauth]","@timestamp":"2022-09-10T21:18:31.095Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:22:12 honeypot-ams-1 kernel: [83721518.724567] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.187.205.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=37572 PROTO=TCP SPT=55603 DPT=80 WINDOW=52003 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:22:13.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:23:04 honeypot-fra-1 sshd[30763]: Invalid user uuj from 201.186.40.35 port 35156","@timestamp":"2022-09-10T21:23:05.521Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:26:27 honeypot-fra-1 sshd[30768]: Received disconnect from 165.22.45.108 port 52242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:26:27.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:27:58 honeypot-ams-1 sshd[8027]: Unable to negotiate with 178.79.177.104 port 41750: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]","@timestamp":"2022-09-10T21:27:58.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:33:24 honeypot-ams-1 sshd[8037]: Invalid user test from 193.106.191.157 port 34954","@timestamp":"2022-09-10T21:33:24.503Z"}
{"@timestamp":"2022-09-10T21:34:37.621Z","@version":"1","message":"Sep 10 21:34:36 honeypot-sgp-1 sshd[3966]: Invalid user jhartley from 60.220.185.22 port 42408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:36:55 honeypot-ams-1 sshd[8040]: Disconnected from invalid user abcdef 161.82.233.179 port 41730 [preauth]","@timestamp":"2022-09-10T21:36:55.595Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:38:02 honeypot-fra-1 sshd[30776]: Disconnected from authenticating user root 200.108.143.6 port 40032 [preauth]","@timestamp":"2022-09-10T21:38:02.853Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:39:41.731Z","@version":"1","message":"Sep 10 21:39:41 honeypot-sgp-1 kernel: [83722095.540674] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.238.83.133 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=61887 PROTO=TCP SPT=53887 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:43:06 honeypot-fra-1 sshd[30781]: Received disconnect from 92.255.85.70 port 50164:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:43:06.967Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:45:15.860Z","@version":"1","message":"Sep 10 21:45:15 honeypot-sgp-1 sshd[3980]: Received disconnect from 137.184.225.34 port 49630:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:45:30 honeypot-ams-1 sshd[8045]: Received disconnect from 92.255.85.69 port 60340:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:45:31.817Z"}
{"@timestamp":"2022-09-10T21:50:56.999Z","@version":"1","message":"Sep 10 21:50:56 honeypot-sgp-1 sshd[3985]: Received disconnect from 198.12.85.154 port 48924:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:52:01 honeypot-ams-1 sshd[8048]: Disconnected from invalid user ncuser 84.201.164.50 port 57414 [preauth]","@timestamp":"2022-09-10T21:52:01.985Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:52:04 honeypot-fra-1 kernel: [83721156.418530] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=51300 PROTO=TCP SPT=46668 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:52:05.169Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:58:04 honeypot-fra-1 sshd[30864]: Invalid user ka from 165.22.45.108 port 57206","@timestamp":"2022-09-10T21:58:05.310Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:58:13 honeypot-ams-1 kernel: [83723679.331928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=44385 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:58:14.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:00:43 honeypot-ams-1 sshd[8056]: Received disconnect from 109.205.213.23 port 40056:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:00:44.216Z"}
{"@timestamp":"2022-09-10T22:01:38.258Z","@version":"1","message":"Sep 10 22:01:38 honeypot-sgp-1 kernel: [83723412.063411] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=17700 PROTO=TCP SPT=51102 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:02:41 honeypot-ams-1 sshd[8063]: Received disconnect from 109.205.213.23 port 52756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:02:41.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:03:29 honeypot-ams-1 sshd[8067]: Disconnected from authenticating user root 109.205.213.23 port 44976 [preauth]","@timestamp":"2022-09-10T22:03:30.291Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:04:49 honeypot-ams-1 kernel: [83724075.425993] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.72.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=60337 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:04:50.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:05:47 honeypot-ams-1 sshd[8078]: Disconnected from authenticating user root 109.205.213.23 port 53758 [preauth]","@timestamp":"2022-09-10T22:05:47.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:09:55 honeypot-ams-1 sshd[8085]: Disconnected from authenticating user root 134.122.8.241 port 59852 [preauth]","@timestamp":"2022-09-10T22:09:55.460Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:13:27 honeypot-fra-1 kernel: [83722439.979220] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.68.37 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=30587 DF PROTO=TCP SPT=45948 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:13:28.654Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:15:54 honeypot-ams-1 kernel: [83724740.931653] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=58.65.202.63 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=51830 PROTO=TCP SPT=63236 DPT=443 WINDOW=40091 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:15:55.607Z"}
{"@timestamp":"2022-09-10T22:17:01.636Z","@version":"1","message":"Sep 10 22:17:01 honeypot-sgp-1 CRON[3995]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:20:52 honeypot-ams-1 sshd[8097]: Disconnected from authenticating user root 178.46.163.191 port 44682 [preauth]","@timestamp":"2022-09-10T22:20:52.737Z"}
{"@timestamp":"2022-09-10T22:24:01.045Z","@version":"1","message":"Sep 10 22:24:00 honeypot-sgp-1 sshd[4004]: Received disconnect from 45.61.187.160 port 35596:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:14.052Z","@version":"1","message":"Sep 10 22:24:13 honeypot-sgp-1 sshd[4009]: Received disconnect from 45.61.187.160 port 47022:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:23.056Z","@version":"1","message":"Sep 10 22:24:22 honeypot-sgp-1 sshd[4015]: Received disconnect from 45.61.187.160 port 58466:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:23 honeypot-ams-1 sshd[8107]: Did not receive identification string from 45.61.186.169 port 51022","@timestamp":"2022-09-10T22:24:23.833Z"}
{"@timestamp":"2022-09-10T22:24:33.061Z","@version":"1","message":"Sep 10 22:24:32 honeypot-sgp-1 sshd[4019]: Received disconnect from 45.61.187.160 port 41694:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:39.064Z","@version":"1","message":"Sep 10 22:24:38 honeypot-sgp-1 sshd[4023]: Disconnected from invalid user lisi 51.77.185.70 port 54402 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:39 honeypot-ams-1 sshd[8110]: Disconnected from invalid user user 45.61.186.169 port 53820 [preauth]","@timestamp":"2022-09-10T22:24:39.843Z"}
{"@timestamp":"2022-09-10T22:24:48.068Z","@version":"1","message":"Sep 10 22:24:47 honeypot-sgp-1 sshd[4029]: Invalid user admin from 31.184.198.71 port 31983","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:57.073Z","@version":"1","message":"Sep 10 22:24:56 honeypot-sgp-1 sshd[4033]: Disconnecting invalid user aerohive 31.184.198.71 port 10640: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:57 honeypot-ams-1 sshd[8114]: Disconnected from invalid user user 45.61.186.169 port 48902 [preauth]","@timestamp":"2022-09-10T22:24:57.852Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:24:57 honeypot-fra-1 kernel: [83723129.959297] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64097 PROTO=TCP SPT=48466 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:24:57.911Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T22:25:09.079Z","@version":"1","message":"Sep 10 22:25:08 honeypot-sgp-1 sshd[4039]: Invalid user manager from 31.184.198.71 port 44510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:25:14 honeypot-ams-1 sshd[8118]: Disconnected from invalid user user 45.61.186.169 port 43934 [preauth]","@timestamp":"2022-09-10T22:25:14.861Z"}
{"@timestamp":"2022-09-10T22:25:29.088Z","@version":"1","message":"Sep 10 22:25:28 honeypot-sgp-1 sshd[4045]: Disconnecting invalid user 1234 31.184.198.71 port 33823: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:25:48.097Z","@version":"1","message":"Sep 10 22:25:47 honeypot-sgp-1 sshd[4051]: Disconnecting invalid user  31.184.198.71 port 45903: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:11.108Z","@version":"1","message":"Sep 10 22:26:10 honeypot-sgp-1 sshd[4059]: Invalid user blank from 31.184.198.71 port 19638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:32.118Z","@version":"1","message":"Sep 10 22:26:31 honeypot-sgp-1 sshd[4065]: Invalid user 1234 from 31.184.198.71 port 39333","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:51.128Z","@version":"1","message":"Sep 10 22:26:50 honeypot-sgp-1 sshd[4071]: Invalid user Cisco from 31.184.198.71 port 8626","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:06.135Z","@version":"1","message":"Sep 10 22:27:05 honeypot-sgp-1 sshd[4077]: Invalid user admin from 31.184.198.71 port 60951","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:28.145Z","@version":"1","message":"Sep 10 22:27:28 honeypot-sgp-1 sshd[4083]: Disconnecting invalid user Administrator 31.184.198.71 port 44939: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:48.155Z","@version":"1","message":"Sep 10 22:27:47 honeypot-sgp-1 sshd[4089]: Invalid user sti.admin5 from 31.184.198.71 port 53902","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:03.162Z","@version":"1","message":"Sep 10 22:28:02 honeypot-sgp-1 sshd[4094]: Invalid user blank from 31.184.198.71 port 64908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:30.175Z","@version":"1","message":"Sep 10 22:28:29 honeypot-sgp-1 sshd[4102]: Disconnecting authenticating user root 31.184.198.71 port 2230: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:28:44 honeypot-ams-1 kernel: [83725510.826513] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=36578 PROTO=TCP SPT=51102 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:28:44.950Z"}
{"@timestamp":"2022-09-10T22:28:49.184Z","@version":"1","message":"Sep 10 22:28:48 honeypot-sgp-1 sshd[4108]: Disconnecting invalid user c1@r0 31.184.198.71 port 56717: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:11.196Z","@version":"1","message":"Sep 10 22:29:10 honeypot-sgp-1 sshd[4114]: Disconnecting invalid user superonline 31.184.198.71 port 36425: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:34.206Z","@version":"1","message":"Sep 10 22:29:34 honeypot-sgp-1 sshd[4120]: Disconnecting invalid user Admin 31.184.198.71 port 39578: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:53.216Z","@version":"1","message":"Sep 10 22:29:52 honeypot-sgp-1 sshd[4126]: Disconnecting invalid user  31.184.198.71 port 26092: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:29:53 honeypot-fra-1 kernel: [83723425.492108] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.169.88.168 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=25246 DF PROTO=TCP SPT=61362 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:29:54.022Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T22:30:08.224Z","@version":"1","message":"Sep 10 22:30:07 honeypot-sgp-1 sshd[4132]: Disconnecting invalid user  31.184.198.71 port 1318: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:24.232Z","@version":"1","message":"Sep 10 22:30:23 honeypot-sgp-1 sshd[4138]: Disconnecting invalid user admin 31.184.198.71 port 39548: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:46.242Z","@version":"1","message":"Sep 10 22:30:45 honeypot-sgp-1 sshd[4146]: Invalid user airlive from 31.184.198.71 port 62147","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:08.253Z","@version":"1","message":"Sep 10 22:31:07 honeypot-sgp-1 sshd[4152]: Invalid user roqos from 31.184.198.71 port 10462","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:31.264Z","@version":"1","message":"Sep 10 22:31:31 honeypot-sgp-1 sshd[4158]: Invalid user sitecom from 31.184.198.71 port 60874","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:31:50 honeypot-fra-1 kernel: [83723542.249567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=18449 PROTO=TCP SPT=34932 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:31:51.069Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T22:31:51.275Z","@version":"1","message":"Sep 10 22:31:51 honeypot-sgp-1 sshd[4164]: Invalid user admin from 31.184.198.71 port 16911","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:02.280Z","@version":"1","message":"Sep 10 22:32:01 honeypot-sgp-1 sshd[4168]: Invalid user highspeed from 31.184.198.71 port 62829","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:18.288Z","@version":"1","message":"Sep 10 22:32:17 honeypot-sgp-1 sshd[4174]: Invalid user  from 31.184.198.71 port 30575","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:32:29 honeypot-ams-1 sshd[8127]: Disconnected from authenticating user root 92.255.85.69 port 30668 [preauth]","@timestamp":"2022-09-10T22:32:30.049Z"}
{"@timestamp":"2022-09-10T22:32:37.298Z","@version":"1","message":"Sep 10 22:32:37 honeypot-sgp-1 sshd[4180]: Invalid user public from 31.184.198.71 port 6758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:55.308Z","@version":"1","message":"Sep 10 22:32:54 honeypot-sgp-1 sshd[4186]: Disconnecting authenticating user root 31.184.198.71 port 47989: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:15.317Z","@version":"1","message":"Sep 10 22:33:14 honeypot-sgp-1 sshd[4193]: Disconnecting invalid user amdin 31.184.198.71 port 26956: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:40.330Z","@version":"1","message":"Sep 10 22:33:39 honeypot-sgp-1 sshd[4199]: Disconnecting invalid user admin 31.184.198.71 port 61087: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:01.339Z","@version":"1","message":"Sep 10 22:34:00 honeypot-sgp-1 sshd[4205]: Disconnecting invalid user admin 31.184.198.71 port 26017: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:18.348Z","@version":"1","message":"Sep 10 22:34:17 honeypot-sgp-1 sshd[4212]: Invalid user 1admin0 from 31.184.198.71 port 12178","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:42:36.536Z","@version":"1","message":"Sep 10 22:42:35 honeypot-sgp-1 kernel: [83725869.410012] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=51518 PROTO=TCP SPT=49720 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:45:34.608Z","@version":"1","message":"Sep 10 22:45:34 honeypot-sgp-1 kernel: [83726047.884776] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.152.52.104 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22120 PROTO=TCP SPT=49933 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:48:04 honeypot-ams-1 sshd[8147]: Received disconnect from 61.177.173.46 port 11944:11:  [preauth]","@timestamp":"2022-09-10T22:48:04.450Z"}
{"@timestamp":"2022-09-10T22:49:11.692Z","@version":"1","message":"Sep 10 22:49:11 honeypot-sgp-1 sshd[4219]: Received disconnect from 43.154.172.57 port 55550:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:50:20 honeypot-fra-1 sshd[30888]: Received disconnect from 73.204.6.32 port 49466:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:50:21.481Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:52:40 honeypot-ams-1 sshd[8153]: Invalid user admin from 80.76.51.41 port 38170","@timestamp":"2022-09-10T22:52:41.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:53:07 honeypot-ams-1 sshd[8157]: Received disconnect from 61.177.173.36 port 54317:11:  [preauth]","@timestamp":"2022-09-10T22:53:07.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:53:36 honeypot-ams-1 sshd[8163]: Received disconnect from 80.76.51.41 port 39266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:53:37.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:17 honeypot-ams-1 sshd[8169]: Received disconnect from 80.76.51.41 port 32908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:54:18.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:58 honeypot-ams-1 sshd[8175]: Invalid user user from 80.76.51.41 port 54808","@timestamp":"2022-09-10T22:54:59.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:55:29 honeypot-fra-1 kernel: [83724961.189912] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.220.205.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49916 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:55:29.598Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:55:44 honeypot-ams-1 sshd[8180]: Received disconnect from 92.255.85.69 port 16252:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:55:45.665Z"}
{"@timestamp":"2022-09-10T23:00:24.954Z","@version":"1","message":"Sep 10 23:00:23 honeypot-sgp-1 sshd[4225]: Did not receive identification string from 45.61.186.249 port 42546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:00:37 honeypot-ams-1 kernel: [83727423.211715] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.31.67.185 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=8659 PROTO=TCP SPT=28531 DPT=443 WINDOW=17837 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:00:37.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:00:44 honeypot-fra-1 sshd[30897]: Invalid user test from 193.106.191.157 port 45364","@timestamp":"2022-09-10T23:00:44.718Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T23:00:59.970Z","@version":"1","message":"Sep 10 23:00:59 honeypot-sgp-1 sshd[4228]: Disconnected from invalid user user 45.61.186.249 port 53794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:19.998Z","@version":"1","message":"Sep 10 23:01:19 honeypot-sgp-1 sshd[4232]: Disconnected from invalid user user 45.61.186.249 port 48862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:39.007Z","@version":"1","message":"Sep 10 23:01:38 honeypot-sgp-1 sshd[4236]: Disconnected from invalid user user 45.61.186.249 port 43884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:04:08 honeypot-fra-1 sshd[30902]: Received disconnect from 139.59.233.124 port 44436:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:04:09.862Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:06:04 honeypot-ams-1 sshd[8189]: Disconnected from authenticating user root 61.177.173.36 port 43241 [preauth]","@timestamp":"2022-09-10T23:06:04.937Z"}
{"@timestamp":"2022-09-10T23:08:06.154Z","@version":"1","message":"Sep 10 23:08:05 honeypot-sgp-1 kernel: [83727399.500035] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.179 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=40815 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:14:11.311Z","@version":"1","message":"Sep 10 23:14:10 honeypot-sgp-1 sshd[4246]: Disconnected from authenticating user root 92.255.85.70 port 25418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:14:35 honeypot-ams-1 sshd[8195]: Received disconnect from 61.177.173.51 port 21024:11:  [preauth]","@timestamp":"2022-09-10T23:14:36.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:16:52 honeypot-fra-1 sshd[30905]: Received disconnect from 92.255.85.69 port 49136:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:16:52.163Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:18:16 honeypot-ams-1 sshd[8200]: Received disconnect from 61.177.173.36 port 19763:11:  [preauth]","@timestamp":"2022-09-10T23:18:17.257Z"}
{"@timestamp":"2022-09-10T23:19:05.428Z","@version":"1","message":"Sep 10 23:19:04 honeypot-sgp-1 sshd[4253]: Received disconnect from 80.107.88.203 port 58282:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:23 honeypot-ams-1 sshd[8205]: Disconnected from authenticating user root 80.76.51.46 port 49612 [preauth]","@timestamp":"2022-09-10T23:19:24.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:53 honeypot-ams-1 sshd[8212]: Disconnected from authenticating user root 80.76.51.46 port 45976 [preauth]","@timestamp":"2022-09-10T23:19:53.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:20:35 honeypot-ams-1 sshd[8218]: Disconnected from authenticating user root 61.177.172.124 port 29141 [preauth]","@timestamp":"2022-09-10T23:20:36.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:21:03 honeypot-ams-1 sshd[8224]: Received disconnect from 80.76.51.46 port 36838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:21:04.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:21:46 honeypot-ams-1 sshd[8230]: Received disconnect from 80.76.51.46 port 59576:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:21:47.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:24:52 honeypot-fra-1 sshd[30911]: Connection closed by invalid user User 61.158.169.229 port 33540 [preauth]","@timestamp":"2022-09-10T23:24:52.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:32:40 honeypot-ams-1 sshd[8241]: Did not receive identification string from 80.76.51.189 port 34378","@timestamp":"2022-09-10T23:32:41.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:33:02 honeypot-ams-1 sshd[8246]: Disconnected from authenticating user root 61.177.173.39 port 19796 [preauth]","@timestamp":"2022-09-10T23:33:02.671Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:33:52 honeypot-ams-1 sshd[8250]: Disconnected from invalid user support 80.76.51.189 port 58256 [preauth]","@timestamp":"2022-09-10T23:33:53.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:34:09 honeypot-fra-1 sshd[30917]: Disconnected from invalid user alimov 37.187.146.134 port 39428 [preauth]","@timestamp":"2022-09-10T23:34:09.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:38:35 honeypot-ams-1 sshd[8257]: Disconnected from authenticating user root 35.199.93.228 port 34800 [preauth]","@timestamp":"2022-09-10T23:38:35.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:08 honeypot-ams-1 sshd[8263]: Disconnected from authenticating user root 18.140.57.224 port 42800 [preauth]","@timestamp":"2022-09-10T23:39:08.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:13 honeypot-ams-1 sshd[8267]: Disconnecting invalid user admin 18.140.57.224 port 42822: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:13.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:19 honeypot-ams-1 sshd[8271]: Disconnecting invalid user oracle 18.140.57.224 port 42846: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:19.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:24 honeypot-ams-1 sshd[8275]: Disconnected from invalid user oracle 18.140.57.224 port 42864 [preauth]","@timestamp":"2022-09-10T23:39:24.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:30 honeypot-ams-1 sshd[8279]: Disconnecting invalid user usuario 18.140.57.224 port 42884: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:30.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:35 honeypot-ams-1 sshd[8283]: Disconnecting invalid user test 18.140.57.224 port 42904: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:35.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:41 honeypot-ams-1 sshd[8287]: Disconnected from invalid user test 18.140.57.224 port 42924 [preauth]","@timestamp":"2022-09-10T23:39:41.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:46 honeypot-ams-1 sshd[8291]: Disconnecting invalid user user 18.140.57.224 port 42946: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:46.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:52 honeypot-ams-1 sshd[8295]: Disconnecting invalid user ftpuser 18.140.57.224 port 42960: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:52.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:57 honeypot-ams-1 sshd[8299]: Disconnected from invalid user ftpuser 18.140.57.224 port 42980 [preauth]","@timestamp":"2022-09-10T23:39:57.866Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:03 honeypot-ams-1 sshd[8303]: Disconnecting invalid user test1 18.140.57.224 port 42992: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:40:03.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:08 honeypot-ams-1 sshd[8307]: Disconnecting invalid user test2 18.140.57.224 port 43004: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:40:08.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:14 honeypot-ams-1 sshd[8311]: Disconnected from invalid user test2 18.140.57.224 port 43026 [preauth]","@timestamp":"2022-09-10T23:40:14.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:19 honeypot-ams-1 sshd[8315]: Disconnecting invalid user ubuntu 18.140.57.224 port 43036: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:40:19.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:24 honeypot-ams-1 sshd[8319]: Disconnected from invalid user ubuntu 18.140.57.224 port 43058 [preauth]","@timestamp":"2022-09-10T23:40:25.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:29 honeypot-ams-1 sshd[8323]: Disconnected from invalid user pi 18.140.57.224 port 43066 [preauth]","@timestamp":"2022-09-10T23:40:29.888Z"}
{"@timestamp":"2022-09-10T23:40:57.937Z","@version":"1","message":"Sep 10 23:40:57 honeypot-sgp-1 kernel: [83729371.491763] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.89.0.197 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=23443 PROTO=TCP SPT=2908 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:43:04 honeypot-ams-1 sshd[8331]: Invalid user test from 92.255.85.69 port 20424","@timestamp":"2022-09-10T23:43:04.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:44:50 honeypot-ams-1 sshd[8336]: Invalid user test from 193.106.191.157 port 58580","@timestamp":"2022-09-10T23:44:51.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:47:55 honeypot-ams-1 sshd[8341]: Connection closed by 152.32.186.242 port 57580 [preauth]","@timestamp":"2022-09-10T23:47:56.092Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:49:34 honeypot-ams-1 sshd[8348]: Connection closed by invalid user  118.193.59.59 port 47928 [preauth]","@timestamp":"2022-09-10T23:49:35.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:50:15 honeypot-fra-1 sshd[30923]: Disconnecting authenticating user root 120.48.37.84 port 50162: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:50:15.901Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T23:51:13.198Z","@version":"1","message":"Sep 10 23:51:12 honeypot-sgp-1 sshd[4260]: Disconnected from invalid user homekit 164.92.117.121 port 51234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:52:37 honeypot-ams-1 sshd[8355]: Received disconnect from 159.203.170.197 port 43238:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:52:38.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:55:41 honeypot-ams-1 sshd[8361]: Disconnected from authenticating user root 61.177.173.48 port 18823 [preauth]","@timestamp":"2022-09-10T23:55:42.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:57:35 honeypot-fra-1 kernel: [83728687.736117] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.89.174.180 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=29558 PROTO=TCP SPT=29390 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:57:36.067Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T00:01:16.425Z","@version":"1","message":"Sep 11 00:01:15 honeypot-sgp-1 kernel: [83730589.258412] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=39152 PROTO=TCP SPT=54403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:02:04 honeypot-ams-1 sshd[8366]: Disconnected from authenticating user root 61.177.172.124 port 25932 [preauth]","@timestamp":"2022-09-11T00:02:05.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:03:28 honeypot-fra-1 kernel: [83729039.996087] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.168.126.42 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=19373 DF PROTO=TCP SPT=61531 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T00:03:28.202Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:04:12 honeypot-ams-1 sshd[8369]: Invalid user user from 92.255.85.70 port 26318","@timestamp":"2022-09-11T00:04:12.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:04 honeypot-ams-1 sshd[8372]: Disconnected from invalid user user 141.255.162.226 port 44126 [preauth]","@timestamp":"2022-09-11T00:06:04.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:07 honeypot-ams-1 sshd[8376]: Disconnected from invalid user user 141.255.162.226 port 58718 [preauth]","@timestamp":"2022-09-11T00:06:07.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:12 honeypot-ams-1 sshd[8380]: Disconnected from invalid user user 141.255.162.226 port 52368 [preauth]","@timestamp":"2022-09-11T00:06:13.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:06:31 honeypot-fra-1 sshd[30933]: Connection closed by invalid user test 193.106.191.157 port 57040 [preauth]","@timestamp":"2022-09-11T00:06:32.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:17:01.789Z","@version":"1","message":"Sep 11 00:17:01 honeypot-sgp-1 CRON[4273]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:17:01 honeypot-ams-1 CRON[8385]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T00:17:01.892Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:20:01 honeypot-ams-1 sshd[8390]: Disconnected from authenticating user root 61.177.173.35 port 43035 [preauth]","@timestamp":"2022-09-11T00:20:01.974Z"}
{"@timestamp":"2022-09-11T00:20:50.881Z","@version":"1","message":"Sep 11 00:20:50 honeypot-sgp-1 sshd[4280]: Received disconnect from 143.244.158.100 port 54716:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:22:10.915Z","@version":"1","message":"Sep 11 00:22:10 honeypot-sgp-1 sshd[4287]: Invalid user aiuap from 188.166.114.8 port 43616","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:23:21.944Z","@version":"1","message":"Sep 11 00:23:21 honeypot-sgp-1 sshd[4688]: Disconnected from authenticating user root 143.244.158.100 port 44720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:24:40 honeypot-ams-1 sshd[8396]: Received disconnect from 61.177.173.50 port 55101:11:  [preauth]","@timestamp":"2022-09-11T00:24:41.102Z"}
{"@timestamp":"2022-09-11T00:25:00.986Z","@version":"1","message":"Sep 11 00:25:00 honeypot-sgp-1 sshd[4728]: Received disconnect from 143.244.158.100 port 49886:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:25:09 honeypot-fra-1 kernel: [83730341.467379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=10058 PROTO=TCP SPT=57821 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:25:09.681Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T00:27:23.044Z","@version":"1","message":"Sep 11 00:27:22 honeypot-sgp-1 sshd[4736]: Received disconnect from 143.244.158.100 port 50928:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:29:03 honeypot-ams-1 kernel: [83732729.470168] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.27.23.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=36723 PROTO=TCP SPT=47355 DPT=443 WINDOW=30218 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:29:04.220Z"}
{"@timestamp":"2022-09-11T00:29:45.101Z","@version":"1","message":"Sep 11 00:29:44 honeypot-sgp-1 sshd[4742]: Received disconnect from 143.244.158.100 port 42316:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:31:28.144Z","@version":"1","message":"Sep 11 00:31:27 honeypot-sgp-1 kernel: [83732401.532253] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=47993 PROTO=TCP SPT=55827 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:32:15 honeypot-ams-1 sshd[8404]: Disconnected from authenticating user root 61.177.173.48 port 35808 [preauth]","@timestamp":"2022-09-11T00:32:15.308Z"}
{"@timestamp":"2022-09-11T00:33:52.202Z","@version":"1","message":"Sep 11 00:33:51 honeypot-sgp-1 sshd[4753]: Disconnected from authenticating user root 143.244.158.100 port 55394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:35:41 honeypot-fra-1 sshd[30962]: Received disconnect from 165.22.45.108 port 55020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:35:41.920Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:36:17.262Z","@version":"1","message":"Sep 11 00:36:16 honeypot-sgp-1 sshd[4759]: Received disconnect from 143.244.158.100 port 52146:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:38:00.305Z","@version":"1","message":"Sep 11 00:37:59 honeypot-sgp-1 sshd[4766]: Invalid user User from 103.194.243.179 port 38808","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:39:24.340Z","@version":"1","message":"Sep 11 00:39:23 honeypot-sgp-1 sshd[4770]: Disconnected from authenticating user root 143.244.158.100 port 54296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:41:44.416Z","@version":"1","message":"Sep 11 00:41:43 honeypot-sgp-1 sshd[4776]: Disconnected from authenticating user root 143.244.158.100 port 59362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:42:30 honeypot-ams-1 sshd[8414]: Disconnected from authenticating user root 61.177.173.51 port 32464 [preauth]","@timestamp":"2022-09-11T00:42:30.574Z"}
{"@timestamp":"2022-09-11T00:44:08.475Z","@version":"1","message":"Sep 11 00:44:08 honeypot-sgp-1 sshd[4783]: Disconnected from authenticating user root 143.244.158.100 port 57604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:46:09.526Z","@version":"1","message":"Sep 11 00:46:08 honeypot-sgp-1 sshd[4790]: Disconnected from authenticating user root 92.255.85.70 port 30504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:47:22.558Z","@version":"1","message":"Sep 11 00:47:22 honeypot-sgp-1 sshd[4796]: Disconnected from authenticating user root 143.244.158.100 port 52788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:49:05.600Z","@version":"1","message":"Sep 11 00:49:04 honeypot-sgp-1 kernel: [83733458.361701] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=60.26.120.135 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=48970 DF PROTO=TCP SPT=13444 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:49:12 honeypot-fra-1 sshd[30967]: Received disconnect from 92.255.85.69 port 54958:11: Bye Bye [preauth]","@timestamp":"2022-09-11T00:49:13.221Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:49:54 honeypot-ams-1 sshd[8424]: Disconnected from authenticating user root 92.255.85.69 port 61062 [preauth]","@timestamp":"2022-09-11T00:49:54.769Z"}
{"@timestamp":"2022-09-11T00:51:18.656Z","@version":"1","message":"Sep 11 00:51:18 honeypot-sgp-1 sshd[4807]: Received disconnect from 143.244.158.100 port 58190:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:51:44 honeypot-ams-1 sshd[8431]: Disconnected from authenticating user root 61.177.173.46 port 33536 [preauth]","@timestamp":"2022-09-11T00:51:44.824Z"}
{"@timestamp":"2022-09-11T00:53:48.716Z","@version":"1","message":"Sep 11 00:53:48 honeypot-sgp-1 sshd[4813]: Received disconnect from 143.244.158.100 port 41206:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:53:57 honeypot-ams-1 sshd[8436]: Received disconnect from 45.61.186.169 port 34880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:53:57.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:14 honeypot-ams-1 sshd[8440]: Received disconnect from 45.61.186.169 port 58114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:54:14.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:31 honeypot-ams-1 sshd[8444]: Invalid user user from 45.61.186.169 port 53106","@timestamp":"2022-09-11T00:54:31.902Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:38 honeypot-ams-1 sshd[8446]: Disconnected from invalid user user 45.61.186.169 port 36560 [preauth]","@timestamp":"2022-09-11T00:54:39.908Z"}
{"@timestamp":"2022-09-11T00:56:16.776Z","@version":"1","message":"Sep 11 00:56:16 honeypot-sgp-1 sshd[4820]: Received disconnect from 143.244.158.100 port 34958:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:57:01 honeypot-ams-1 CRON[8451]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T00:57:01.974Z"}
{"@timestamp":"2022-09-11T00:57:54.817Z","@version":"1","message":"Sep 11 00:57:54 honeypot-sgp-1 sshd[4827]: Received disconnect from 143.244.158.100 port 45082:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:00:23.877Z","@version":"1","message":"Sep 11 01:00:23 honeypot-sgp-1 sshd[4834]: Received disconnect from 143.244.158.100 port 60326:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:02:31.929Z","@version":"1","message":"Sep 11 01:02:31 honeypot-sgp-1 sshd[4840]: Invalid user ubuntu from 81.150.9.251 port 42892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:03:33 honeypot-fra-1 sshd[30974]: Invalid user friends from 186.10.245.152 port 47316","@timestamp":"2022-09-11T01:03:34.542Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:08:05 honeypot-ams-1 sshd[8463]: Disconnected from authenticating user root 61.177.173.39 port 24429 [preauth]","@timestamp":"2022-09-11T01:08:06.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:08:40 honeypot-fra-1 sshd[30979]: Invalid user test from 141.98.10.158 port 54904","@timestamp":"2022-09-11T01:08:40.656Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:09:49.098Z","@version":"1","message":"Sep 11 01:09:48 honeypot-sgp-1 sshd[4845]: Received disconnect from 92.255.85.69 port 57130:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:11:42 honeypot-ams-1 sshd[8469]: Did not receive identification string from 80.76.51.41 port 46342","@timestamp":"2022-09-11T01:11:43.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:17 honeypot-ams-1 sshd[8474]: Invalid user test from 80.76.51.41 port 43536","@timestamp":"2022-09-11T01:12:17.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:42 honeypot-ams-1 sshd[8478]: Disconnected from authenticating user root 80.76.51.41 port 53406 [preauth]","@timestamp":"2022-09-11T01:12:43.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:13:19 honeypot-ams-1 sshd[8485]: Disconnected from authenticating user root 80.76.51.41 port 39982 [preauth]","@timestamp":"2022-09-11T01:13:20.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:13:58 honeypot-ams-1 sshd[8491]: Received disconnect from 80.76.51.41 port 54818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:13:59.437Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:14:23 honeypot-ams-1 sshd[8495]: Invalid user git from 80.76.51.41 port 36386","@timestamp":"2022-09-11T01:14:23.448Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:15:13 honeypot-fra-1 sshd[30986]: Connection closed by 192.241.220.125 port 60486 [preauth]","@timestamp":"2022-09-11T01:15:13.805Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:17:01 honeypot-ams-1 CRON[8499]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T01:17:02.518Z"}
{"@timestamp":"2022-09-11T01:17:11.270Z","@version":"1","message":"Sep 11 01:17:10 honeypot-sgp-1 sshd[4856]: Invalid user user from 45.61.186.249 port 49480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:22.276Z","@version":"1","message":"Sep 11 01:17:22 honeypot-sgp-1 kernel: [83735155.778606] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.201.9.213 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3861 PROTO=TCP SPT=56599 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:39.285Z","@version":"1","message":"Sep 11 01:17:38 honeypot-sgp-1 sshd[4862]: Disconnected from invalid user user 45.61.186.249 port 56296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:57.293Z","@version":"1","message":"Sep 11 01:17:56 honeypot-sgp-1 sshd[4866]: Disconnected from invalid user user 45.61.186.249 port 51440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:26:26 honeypot-ams-1 sshd[8510]: Disconnected from authenticating user root 61.177.172.104 port 33284 [preauth]","@timestamp":"2022-09-11T01:26:26.765Z"}
{"@timestamp":"2022-09-11T01:29:14.552Z","@version":"1","message":"Sep 11 01:29:13 honeypot-sgp-1 sshd[4875]: Invalid user  from 64.62.197.2 port 20630","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:29:44 honeypot-ams-1 sshd[8519]: Connection closed by 83.137.158.6 port 37626 [preauth]","@timestamp":"2022-09-11T01:29:44.858Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:31:42 honeypot-fra-1 sshd[30994]: Invalid user mobile from 187.190.252.164 port 24981","@timestamp":"2022-09-11T01:31:43.174Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:33:10.645Z","@version":"1","message":"Sep 11 01:33:10 honeypot-sgp-1 sshd[4879]: Received disconnect from 92.255.85.70 port 20120:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:38:29 honeypot-ams-1 sshd[8526]: Disconnected from authenticating user root 92.255.85.69 port 17908 [preauth]","@timestamp":"2022-09-11T01:38:30.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:39:07 honeypot-fra-1 sshd[30999]: Received disconnect from 165.22.45.108 port 36740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:39:08.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:40:34 honeypot-fra-1 sshd[31005]: Disconnected from authenticating user root 187.188.240.7 port 40510 [preauth]","@timestamp":"2022-09-11T01:40:34.375Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:47:16 honeypot-ams-1 sshd[8533]: Received disconnect from 61.177.172.98 port 43194:11:  [preauth]","@timestamp":"2022-09-11T01:47:17.329Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:50:43 honeypot-ams-1 kernel: [83737629.117768] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=55608 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:50:43.420Z"}
{"@timestamp":"2022-09-11T01:52:41.099Z","@version":"1","message":"Sep 11 01:52:40 honeypot-sgp-1 kernel: [83737273.943124] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47361 PROTO=TCP SPT=27571 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:52:54 honeypot-fra-1 sshd[31011]: Received disconnect from 157.230.98.148 port 40116:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:52:54.654Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:53:49.128Z","@version":"1","message":"Sep 11 01:53:48 honeypot-sgp-1 sshd[4886]: Disconnected from invalid user postgres 45.249.247.148 port 60494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:55:04 honeypot-fra-1 sshd[31013]: Disconnected from invalid user user5 187.190.40.6 port 54970 [preauth]","@timestamp":"2022-09-11T01:55:04.708Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:58:49 honeypot-ams-1 sshd[8545]: Invalid user support from 43.156.237.102 port 57406","@timestamp":"2022-09-11T01:58:50.635Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:59:03 honeypot-fra-1 sshd[31019]: Disconnected from authenticating user root 92.255.85.70 port 27944 [preauth]","@timestamp":"2022-09-11T01:59:03.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:59:40 honeypot-ams-1 sshd[8549]: Received disconnect from 157.245.101.171 port 43332:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:59:40.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:01:52 honeypot-ams-1 sshd[8552]: Disconnected from authenticating user root 190.252.185.131 port 14936 [preauth]","@timestamp":"2022-09-11T02:01:52.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:08:21 honeypot-ams-1 sshd[8563]: Disconnected from authenticating user root 61.177.172.114 port 61485 [preauth]","@timestamp":"2022-09-11T02:08:21.900Z"}
{"@timestamp":"2022-09-11T02:08:26.516Z","@version":"1","message":"Sep 11 02:08:25 honeypot-sgp-1 sshd[4892]: Received disconnect from 49.236.192.106 port 41032:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:10:47 honeypot-fra-1 sshd[31023]: Received disconnect from 165.22.45.108 port 41702:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T02:10:48.068Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:17:01.722Z","@version":"1","message":"Sep 11 02:17:01 honeypot-sgp-1 CRON[4897]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:17:01 honeypot-ams-1 CRON[8572]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T02:17:02.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:17:01 honeypot-fra-1 CRON[31028]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T02:17:02.211Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:18:05.750Z","@version":"1","message":"Sep 11 02:18:05 honeypot-sgp-1 sshd[4903]: Invalid user user from 45.61.186.249 port 45334","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:23.759Z","@version":"1","message":"Sep 11 02:18:23 honeypot-sgp-1 sshd[4907]: Invalid user user from 45.61.186.249 port 39994","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:40.768Z","@version":"1","message":"Sep 11 02:18:40 honeypot-sgp-1 sshd[4912]: Invalid user user from 45.61.186.249 port 34640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:19:43.794Z","@version":"1","message":"Sep 11 02:19:43 honeypot-sgp-1 sshd[4916]: Received disconnect from 92.255.85.69 port 19022:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:21:02 honeypot-ams-1 sshd[8581]: Invalid user ubuntu from 103.188.176.251 port 47236","@timestamp":"2022-09-11T02:21:03.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:25:08 honeypot-ams-1 sshd[8586]: Disconnected from invalid user monitor 139.226.68.213 port 34206 [preauth]","@timestamp":"2022-09-11T02:25:09.383Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:25:20 honeypot-fra-1 sshd[31036]: Connection closed by invalid user ubuntu 103.188.176.251 port 58996 [preauth]","@timestamp":"2022-09-11T02:25:20.402Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:29:31 honeypot-ams-1 kernel: [83739956.890589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.132.109.117 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54391 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:29:31.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:30:26 honeypot-ams-1 sshd[8597]: Disconnecting invalid user admin 61.199.47.58 port 62550: Too many authentication failures [preauth]","@timestamp":"2022-09-11T02:30:26.530Z"}
{"@timestamp":"2022-09-11T02:40:01.276Z","@version":"1","message":"Sep 11 02:40:00 honeypot-sgp-1 sshd[4925]: Did not receive identification string from 45.61.186.49 port 50226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:40:03 honeypot-fra-1 sshd[31045]: Received disconnect from 189.178.2.155 port 48582:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:40:03.728Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:40:17.285Z","@version":"1","message":"Sep 11 02:40:16 honeypot-sgp-1 sshd[4928]: Disconnected from invalid user user 45.61.186.49 port 59260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:40:28.289Z","@version":"1","message":"Sep 11 02:40:28 honeypot-sgp-1 sshd[4932]: Disconnected from invalid user user 45.61.186.49 port 42540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:40:29 honeypot-ams-1 sshd[8606]: Disconnected from authenticating user root 61.177.173.36 port 17970 [preauth]","@timestamp":"2022-09-11T02:40:29.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:44:09 honeypot-fra-1 sshd[31051]: Invalid user katerina from 165.22.45.108 port 46618","@timestamp":"2022-09-11T02:44:10.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:48:20.496Z","@version":"1","message":"Sep 11 02:48:20 honeypot-sgp-1 sshd[4938]: Connection closed by invalid user test123 103.188.176.251 port 41508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:50:25 honeypot-fra-1 sshd[31056]: Invalid user ubuntu from 94.75.123.43 port 37950","@timestamp":"2022-09-11T02:50:25.973Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:52:35 honeypot-ams-1 kernel: [83741341.045080] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34072 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:52:36.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:53:04 honeypot-ams-1 sshd[8616]: Disconnected from authenticating user root 128.199.91.252 port 34240 [preauth]","@timestamp":"2022-09-11T02:53:05.153Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:53:42 honeypot-fra-1 sshd[31061]: Invalid user ubuntu from 128.199.95.60 port 34212","@timestamp":"2022-09-11T02:53:43.048Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:56:14 honeypot-ams-1 sshd[8624]: Received disconnect from 61.177.173.52 port 27326:11:  [preauth]","@timestamp":"2022-09-11T02:56:15.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:17 honeypot-ams-1 sshd[8627]: Did not receive identification string from 141.255.162.226 port 46460","@timestamp":"2022-09-11T02:59:18.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:22 honeypot-ams-1 sshd[8630]: Disconnected from invalid user user 141.255.162.226 port 47058 [preauth]","@timestamp":"2022-09-11T02:59:23.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:25 honeypot-ams-1 sshd[8634]: Disconnected from invalid user user 141.255.162.226 port 40032 [preauth]","@timestamp":"2022-09-11T02:59:26.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:29 honeypot-ams-1 sshd[8638]: Disconnected from invalid user user 141.255.162.226 port 54170 [preauth]","@timestamp":"2022-09-11T02:59:30.335Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:02:29 honeypot-ams-1 kernel: [83741935.141403] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=41024 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:02:29.419Z"}
{"@timestamp":"2022-09-11T03:05:18.899Z","@version":"1","message":"Sep 11 03:05:18 honeypot-sgp-1 sshd[4947]: Received disconnect from 92.255.85.70 port 21748:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:18 honeypot-ams-1 sshd[8648]: Disconnected from invalid user user 45.61.187.160 port 41394 [preauth]","@timestamp":"2022-09-11T03:05:19.497Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:38 honeypot-ams-1 sshd[8652]: Disconnected from invalid user user 45.61.187.160 port 36156 [preauth]","@timestamp":"2022-09-11T03:05:38.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:57 honeypot-ams-1 sshd[8656]: Disconnected from invalid user user 45.61.187.160 port 59092 [preauth]","@timestamp":"2022-09-11T03:05:57.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:06:15 honeypot-ams-1 sshd[8660]: Disconnected from invalid user user 45.61.187.160 port 53828 [preauth]","@timestamp":"2022-09-11T03:06:15.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:07:31 honeypot-fra-1 kernel: [83740083.072164] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55419 PROTO=TCP SPT=45204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:07:32.356Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:11:31 honeypot-ams-1 sshd[8667]: Received disconnect from 61.177.173.47 port 46732:11:  [preauth]","@timestamp":"2022-09-11T03:11:31.683Z"}
{"@timestamp":"2022-09-11T03:12:00.056Z","@version":"1","message":"Sep 11 03:11:59 honeypot-sgp-1 sshd[4950]: Disconnected from invalid user javira 139.59.23.154 port 34958 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:17:01.175Z","@version":"1","message":"Sep 11 03:17:01 honeypot-sgp-1 CRON[4956]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:17:01 honeypot-fra-1 CRON[31068]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T03:17:01.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:17:01 honeypot-ams-1 CRON[8674]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T03:17:02.827Z"}
{"@timestamp":"2022-09-11T03:20:24.257Z","@version":"1","message":"Sep 11 03:20:23 honeypot-sgp-1 sshd[4963]: Received disconnect from 198.98.61.9 port 55804:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:20:48.269Z","@version":"1","message":"Sep 11 03:20:48 honeypot-sgp-1 sshd[4967]: Received disconnect from 198.98.61.9 port 49858:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:21:06.277Z","@version":"1","message":"Sep 11 03:21:05 honeypot-sgp-1 sshd[4971]: Received disconnect from 198.98.61.9 port 44022:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:25:27.381Z","@version":"1","message":"Sep 11 03:25:27 honeypot-sgp-1 sshd[4977]: Invalid user user from 45.61.186.49 port 44496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:25:39.387Z","@version":"1","message":"Sep 11 03:25:38 honeypot-sgp-1 sshd[4981]: Invalid user user from 45.61.186.49 port 56196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:26:23 honeypot-fra-1 sshd[31076]: Connection closed by invalid user test 193.106.191.157 port 35644 [preauth]","@timestamp":"2022-09-11T03:26:23.766Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:29:07.470Z","@version":"1","message":"Sep 11 03:29:06 honeypot-sgp-1 sshd[4985]: Received disconnect from 92.255.85.69 port 53258:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:29:08 honeypot-ams-1 sshd[8685]: Received disconnect from 61.177.173.50 port 22939:11:  [preauth]","@timestamp":"2022-09-11T03:29:09.144Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:31:29 honeypot-ams-1 kernel: [83743675.644068] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=8392 DF PROTO=TCP SPT=63848 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T03:31:30.209Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:35:21 honeypot-fra-1 kernel: [83741752.921470] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58606 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:35:21.966Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:35:52 honeypot-ams-1 kernel: [83743937.815761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.237.213.61 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=25837 DF PROTO=TCP SPT=35137 DPT=80 WINDOW=28880 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:35:52.330Z"}
{"@timestamp":"2022-09-11T03:43:17.806Z","@version":"1","message":"Sep 11 03:43:17 honeypot-sgp-1 kernel: [83743911.040446] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.47.225.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=53385 DF PROTO=TCP SPT=65021 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:44:35 honeypot-fra-1 sshd[31100]: Connection closed by invalid user ubuntu 101.33.218.153 port 57244 [preauth]","@timestamp":"2022-09-11T03:44:36.164Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:47:54.922Z","@version":"1","message":"Sep 11 03:47:54 honeypot-sgp-1 sshd[4990]: Disconnected from authenticating user root 128.199.152.105 port 44450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:53:11.050Z","@version":"1","message":"Sep 11 03:53:10 honeypot-sgp-1 sshd[4995]: Disconnected from authenticating user root 92.255.85.70 port 19772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:53:19 honeypot-ams-1 kernel: [83744985.583753] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.160.167.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=47373 PROTO=TCP SPT=23967 DPT=80 WINDOW=30547 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:53:20.793Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:56:10 honeypot-fra-1 sshd[31120]: Disconnected from authenticating user root 92.255.85.70 port 51976 [preauth]","@timestamp":"2022-09-11T03:56:11.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:58:58 honeypot-fra-1 sshd[31126]: Connection closed by invalid user admin 51.79.224.191 port 57230 [preauth]","@timestamp":"2022-09-11T03:58:59.478Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:01:23.261Z","@version":"1","message":"Sep 11 04:01:23 honeypot-sgp-1 sshd[5001]: Received disconnect from 45.61.184.204 port 52034:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:01:36 honeypot-ams-1 sshd[8711]: Did not receive identification string from 50.31.21.11 port 42224","@timestamp":"2022-09-11T04:01:37.028Z"}
{"@timestamp":"2022-09-11T04:01:44.271Z","@version":"1","message":"Sep 11 04:01:44 honeypot-sgp-1 sshd[5005]: Received disconnect from 45.61.184.204 port 47948:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:02:03.280Z","@version":"1","message":"Sep 11 04:02:03 honeypot-sgp-1 sshd[5009]: Received disconnect from 45.61.184.204 port 43882:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:02:21.289Z","@version":"1","message":"Sep 11 04:02:21 honeypot-sgp-1 sshd[5013]: Received disconnect from 45.61.184.204 port 39758:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:02:53 honeypot-fra-1 sshd[31133]: Did not receive identification string from 121.5.54.92 port 42146","@timestamp":"2022-09-11T04:02:54.578Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:04:28 honeypot-ams-1 sshd[8716]: Disconnected from authenticating user root 103.102.42.42 port 57026 [preauth]","@timestamp":"2022-09-11T04:04:29.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:06:13 honeypot-fra-1 sshd[31138]: Received disconnect from 43.156.57.83 port 60862:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:06:14.653Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:07:57 honeypot-ams-1 sshd[8723]: Invalid user admin from 200.42.176.235 port 37664","@timestamp":"2022-09-11T04:07:58.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:10:44 honeypot-ams-1 sshd[8728]: Connection closed by invalid user test 193.106.191.157 port 49650 [preauth]","@timestamp":"2022-09-11T04:10:45.279Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:12:51 honeypot-fra-1 sshd[31146]: Received disconnect from 199.188.203.210 port 51078:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:12:51.803Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:16:46.661Z","@version":"1","message":"Sep 11 04:16:45 honeypot-sgp-1 sshd[5018]: Disconnected from authenticating user root 92.255.85.69 port 18492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:17:01 honeypot-ams-1 CRON[8734]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T04:17:02.454Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:19:46 honeypot-fra-1 kernel: [83744417.997265] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=35861 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:19:46.956Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T04:21:57.785Z","@version":"1","message":"Sep 11 04:21:57 honeypot-sgp-1 sshd[5026]: Invalid user admin from 128.199.160.207 port 20438","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:21:57 honeypot-ams-1 sshd[8737]: Received disconnect from 92.255.85.70 port 61742:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:21:58.587Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:22:35 honeypot-fra-1 sshd[31157]: Received disconnect from 185.74.5.184 port 42800:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:22:36.021Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:25:08 honeypot-fra-1 sshd[31162]: Invalid user administrator from 62.84.125.211 port 43048","@timestamp":"2022-09-11T04:25:09.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:27:08 honeypot-fra-1 sshd[31167]: Received disconnect from 80.68.3.98 port 52360:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:27:09.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:29:06 honeypot-ams-1 kernel: [83747132.007969] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=52476 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:29:06.791Z"}
{"@timestamp":"2022-09-11T04:29:59.978Z","@version":"1","message":"Sep 11 04:29:59 honeypot-sgp-1 kernel: [83746712.943471] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.248.28 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=3352 PROTO=TCP SPT=36099 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:30:50 honeypot-fra-1 sshd[31170]: Disconnected from authenticating user root 58.8.148.64 port 57170 [preauth]","@timestamp":"2022-09-11T04:30:51.211Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:34:31 honeypot-ams-1 sshd[8745]: Disconnected from invalid user tf2 20.40.73.192 port 47180 [preauth]","@timestamp":"2022-09-11T04:34:31.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:28 honeypot-ams-1 sshd[8750]: Received disconnect from 45.61.184.204 port 38784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:35:28.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:48 honeypot-ams-1 sshd[8754]: Received disconnect from 45.61.184.204 port 33696:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:35:48.980Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:07 honeypot-ams-1 sshd[8758]: Received disconnect from 45.61.184.204 port 56906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:36:07.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:20 honeypot-ams-1 sshd[8762]: Disconnected from authenticating user root 64.227.180.226 port 50366 [preauth]","@timestamp":"2022-09-11T04:36:20.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:39:06 honeypot-ams-1 sshd[8767]: Disconnected from invalid user matt 101.231.146.34 port 49801 [preauth]","@timestamp":"2022-09-11T04:39:07.070Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:39:25 honeypot-fra-1 sshd[31175]: Disconnected from authenticating user root 161.82.233.179 port 40642 [preauth]","@timestamp":"2022-09-11T04:39:26.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:40:03 honeypot-ams-1 kernel: [83747788.882515] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=54011 PROTO=TCP SPT=1952 DPT=80 WINDOW=65377 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:40:04.098Z"}
{"@timestamp":"2022-09-11T04:41:58.271Z","@version":"1","message":"Sep 11 04:41:58 honeypot-sgp-1 sshd[5036]: Received disconnect from 161.82.233.179 port 38444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:43:03 honeypot-fra-1 sshd[31181]: Invalid user tawny from 139.59.2.151 port 45812","@timestamp":"2022-09-11T04:43:04.485Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:44:42 honeypot-fra-1 kernel: [83745913.502856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.93 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=54008 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:44:42.524Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:47:26 honeypot-fra-1 sshd[31191]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-11T04:47:27.588Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:49:04 honeypot-ams-1 kernel: [83748330.178466] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.91.246 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=49647 DF PROTO=TCP SPT=50124 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:49:05.336Z"}
{"@timestamp":"2022-09-11T04:51:09.492Z","@version":"1","message":"Sep 11 04:51:09 honeypot-sgp-1 sshd[5048]: Connection closed by 61.239.31.134 port 56315 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:57:40 honeypot-fra-1 sshd[31195]: Received disconnect from 165.22.45.108 port 37564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:57:40.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:00:04 honeypot-ams-1 kernel: [83748990.407402] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.182.250.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=8788 PROTO=TCP SPT=12868 DPT=80 WINDOW=25118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:00:05.625Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:00:50 honeypot-fra-1 sshd[31201]: Received disconnect from 45.61.187.160 port 40472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:00:50.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:10 honeypot-fra-1 sshd[31206]: Received disconnect from 45.61.187.160 port 35664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:01:10.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:28 honeypot-fra-1 sshd[31210]: Received disconnect from 45.61.187.160 port 59116:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:01:28.922Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:45 honeypot-fra-1 sshd[31214]: Received disconnect from 45.61.187.160 port 54296:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:01:45.930Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:04:04.801Z","@version":"1","message":"Sep 11 05:04:04 honeypot-sgp-1 sshd[5070]: Received disconnect from 92.255.85.69 port 47608:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:06:24 honeypot-fra-1 sshd[31220]: Received disconnect from 159.65.11.5 port 47690:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:06:25.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:07:24 honeypot-fra-1 sshd[31224]: Disconnected from invalid user wpyan 189.7.129.60 port 54450 [preauth]","@timestamp":"2022-09-11T05:07:24.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:10:54.967Z","@version":"1","message":"Sep 11 05:10:54 honeypot-sgp-1 kernel: [83749167.626078] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=53647 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:11:29 honeypot-ams-1 kernel: [83749675.700388] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.245.21.133 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=53015 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:11:30.931Z"}
{"@timestamp":"2022-09-11T05:19:05.163Z","@version":"1","message":"Sep 11 05:19:04 honeypot-sgp-1 kernel: [83749657.968497] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=42.81.157.50 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54271 PROTO=TCP SPT=57574 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:19:06 honeypot-fra-1 sshd[31232]: Unable to negotiate with 59.173.241.166 port 2300: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-11T05:19:07.311Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:20:09 honeypot-ams-1 kernel: [83750195.162737] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=23412 DF PROTO=TCP SPT=65228 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T05:20:10.158Z"}
{"@timestamp":"2022-09-11T05:23:51.277Z","@version":"1","message":"Sep 11 05:23:50 honeypot-sgp-1 sshd[5087]: Invalid user user from 198.98.61.9 port 47512","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:01.283Z","@version":"1","message":"Sep 11 05:24:01 honeypot-sgp-1 sshd[5091]: Received disconnect from 198.98.61.9 port 59494:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:23.293Z","@version":"1","message":"Sep 11 05:24:22 honeypot-sgp-1 sshd[5096]: Received disconnect from 198.98.61.9 port 55214:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:37.300Z","@version":"1","message":"Sep 11 05:24:36 honeypot-sgp-1 sshd[5100]: Disconnected from authenticating user root 64.225.43.245 port 44646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:48.306Z","@version":"1","message":"Sep 11 05:24:47 honeypot-sgp-1 sshd[5104]: Disconnected from invalid user user 198.98.61.9 port 34688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:26:11.340Z","@version":"1","message":"Sep 11 05:26:11 honeypot-sgp-1 sshd[5110]: Disconnected from authenticating user root 64.225.43.245 port 43522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:27:45.380Z","@version":"1","message":"Sep 11 05:27:44 honeypot-sgp-1 sshd[5116]: Received disconnect from 64.225.43.245 port 42360:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:29:20 honeypot-fra-1 sshd[31238]: Disconnected from invalid user ftpuser 92.255.85.69 port 52218 [preauth]","@timestamp":"2022-09-11T05:29:21.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:30:06.438Z","@version":"1","message":"Sep 11 05:30:06 honeypot-sgp-1 sshd[5123]: Received disconnect from 64.225.43.245 port 54730:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:30:44 honeypot-ams-1 sshd[9230]: Invalid user mjuma from 68.183.233.64 port 53776","@timestamp":"2022-09-11T05:30:45.439Z"}
{"@timestamp":"2022-09-11T05:31:42.478Z","@version":"1","message":"Sep 11 05:31:42 honeypot-sgp-1 sshd[5127]: Disconnected from authenticating user root 64.225.43.245 port 53566 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:33:02 honeypot-ams-1 sshd[9234]: Invalid user ftpuser from 92.255.85.70 port 43228","@timestamp":"2022-09-11T05:33:02.501Z"}
{"@timestamp":"2022-09-11T05:33:17.519Z","@version":"1","message":"Sep 11 05:33:17 honeypot-sgp-1 sshd[5131]: Received disconnect from 64.225.43.245 port 52408:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:34:05.541Z","@version":"1","message":"Sep 11 05:34:04 honeypot-sgp-1 sshd[5134]: Disconnected from authenticating user root 179.43.156.143 port 39844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:35:25.599Z","@version":"1","message":"Sep 11 05:35:24 honeypot-sgp-1 sshd[5143]: Disconnected from authenticating user root 179.43.156.143 port 34660 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:36:32.628Z","@version":"1","message":"Sep 11 05:36:32 honeypot-sgp-1 sshd[5149]: Disconnected from authenticating user root 64.225.43.245 port 50084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:37:21.650Z","@version":"1","message":"Sep 11 05:37:21 honeypot-sgp-1 sshd[5155]: Disconnected from authenticating user root 64.225.43.245 port 35396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:37:59 honeypot-fra-1 sshd[31246]: Invalid user test from 193.106.191.157 port 59148","@timestamp":"2022-09-11T05:37:59.717Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:38:23 honeypot-ams-1 kernel: [83751288.821044] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=58447 PROTO=TCP SPT=48728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:38:23.636Z"}
{"@timestamp":"2022-09-11T05:38:38.684Z","@version":"1","message":"Sep 11 05:38:37 honeypot-sgp-1 sshd[5161]: Invalid user ossuser from 179.43.156.143 port 50042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:39:17.702Z","@version":"1","message":"Sep 11 05:39:16 honeypot-sgp-1 sshd[5165]: Received disconnect from 179.43.156.143 port 47448:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:39:55.719Z","@version":"1","message":"Sep 11 05:39:55 honeypot-sgp-1 sshd[5170]: Disconnected from authenticating user root 179.43.156.143 port 44876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:29 honeypot-fra-1 sshd[31251]: Did not receive identification string from 141.255.162.226 port 35198","@timestamp":"2022-09-11T05:40:30.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:43 honeypot-fra-1 sshd[31254]: Disconnected from invalid user user 141.255.162.226 port 56652 [preauth]","@timestamp":"2022-09-11T05:40:43.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:45 honeypot-fra-1 sshd[31258]: Disconnected from invalid user user 141.255.162.226 port 36100 [preauth]","@timestamp":"2022-09-11T05:40:45.782Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:41:17.754Z","@version":"1","message":"Sep 11 05:41:17 honeypot-sgp-1 sshd[5176]: Disconnected from authenticating user root 179.43.156.143 port 39734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:42:08.777Z","@version":"1","message":"Sep 11 05:42:08 honeypot-sgp-1 sshd[5182]: Disconnected from authenticating user root 64.225.43.245 port 60176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:43:20.809Z","@version":"1","message":"Sep 11 05:43:20 honeypot-sgp-1 sshd[5188]: Disconnected from authenticating user root 179.43.156.143 port 60250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:43:36 honeypot-fra-1 sshd[31263]: Received disconnect from 222.252.243.104 port 41261:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:43:36.848Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:45:22.862Z","@version":"1","message":"Sep 11 05:45:22 honeypot-sgp-1 sshd[5195]: Received disconnect from 64.225.43.245 port 57854:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:45:51 honeypot-ams-1 kernel: [83751737.318564] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=3004 PROTO=TCP SPT=39674 DPT=80 WINDOW=53946 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:45:51.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:47:10 honeypot-fra-1 sshd[31265]: Disconnected from invalid user clock 164.92.154.145 port 39272 [preauth]","@timestamp":"2022-09-11T05:47:10.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:47:47.923Z","@version":"1","message":"Sep 11 05:47:47 honeypot-sgp-1 sshd[5201]: Received disconnect from 64.225.43.245 port 42002:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:49:26.965Z","@version":"1","message":"Sep 11 05:49:26 honeypot-sgp-1 sshd[5207]: Received disconnect from 64.225.43.245 port 40840:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:50:25.991Z","@version":"1","message":"Sep 11 05:50:25 honeypot-sgp-1 sshd[5212]: Received disconnect from 119.92.70.82 port 54888:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:51:04.009Z","@version":"1","message":"Sep 11 05:51:03 honeypot-sgp-1 sshd[5216]: Disconnected from authenticating user root 64.225.43.245 port 39680 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:51:13 honeypot-fra-1 sshd[31270]: Invalid user mysql from 211.75.183.12 port 57068","@timestamp":"2022-09-11T05:51:14.020Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:52:58 honeypot-fra-1 sshd[31274]: Invalid user ftpuser from 92.255.85.69 port 50982","@timestamp":"2022-09-11T05:52:59.062Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:53:28.068Z","@version":"1","message":"Sep 11 05:53:27 honeypot-sgp-1 sshd[5222]: Disconnected from authenticating user root 64.225.43.245 port 52058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:55:01.107Z","@version":"1","message":"Sep 11 05:55:00 honeypot-sgp-1 kernel: [83751813.869449] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=61.140.176.26 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=8468 DF PROTO=TCP SPT=34900 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:56:39 honeypot-ams-1 sshd[9247]: Disconnected from invalid user ftpuser 92.255.85.70 port 59100 [preauth]","@timestamp":"2022-09-11T05:56:40.110Z"}
{"@timestamp":"2022-09-11T05:56:42.149Z","@version":"1","message":"Sep 11 05:56:41 honeypot-sgp-1 sshd[5231]: Disconnected from authenticating user root 64.225.43.245 port 49736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:58:34.195Z","@version":"1","message":"Sep 11 05:58:34 honeypot-sgp-1 sshd[5237]: Received disconnect from 165.227.236.118 port 56350:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:00:41.248Z","@version":"1","message":"Sep 11 06:00:40 honeypot-sgp-1 kernel: [83752153.657897] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=57855 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:02:23.292Z","@version":"1","message":"Sep 11 06:02:23 honeypot-sgp-1 sshd[5248]: Disconnected from authenticating user root 64.225.43.245 port 59864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:02:39 honeypot-ams-1 kernel: [83752744.961431] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=61213 PROTO=TCP SPT=56003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:02:39.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:19 honeypot-fra-1 sshd[31279]: Invalid user user from 45.61.187.160 port 59934","@timestamp":"2022-09-11T06:03:20.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:37 honeypot-fra-1 sshd[31283]: Invalid user user from 45.61.187.160 port 54440","@timestamp":"2022-09-11T06:03:38.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:54 honeypot-fra-1 sshd[31287]: Invalid user user from 45.61.187.160 port 48968","@timestamp":"2022-09-11T06:03:55.307Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:04:04 honeypot-fra-1 sshd[31291]: Invalid user katrin from 165.22.45.108 port 48474","@timestamp":"2022-09-11T06:04:05.311Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:04:50.354Z","@version":"1","message":"Sep 11 06:04:49 honeypot-sgp-1 sshd[5255]: Received disconnect from 64.225.43.245 port 44008:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:05:19 honeypot-fra-1 sshd[31295]: Did not receive identification string from 198.98.61.9 port 59934","@timestamp":"2022-09-11T06:05:19.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:05:55 honeypot-fra-1 sshd[31298]: Disconnected from invalid user user 198.98.61.9 port 49812 [preauth]","@timestamp":"2022-09-11T06:05:55.355Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:06:10.390Z","@version":"1","message":"Sep 11 06:06:10 honeypot-sgp-1 sshd[5259]: Received disconnect from 178.62.34.139 port 42572:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:17 honeypot-fra-1 sshd[31302]: Disconnected from invalid user user 198.98.61.9 port 44714 [preauth]","@timestamp":"2022-09-11T06:06:17.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:35 honeypot-fra-1 sshd[31306]: Disconnected from invalid user user 198.98.61.9 port 39620 [preauth]","@timestamp":"2022-09-11T06:06:36.373Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:07:20.421Z","@version":"1","message":"Sep 11 06:07:20 honeypot-sgp-1 kernel: [83752553.354078] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=13874 PROTO=TCP SPT=56003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:08:55.462Z","@version":"1","message":"Sep 11 06:08:54 honeypot-sgp-1 sshd[5270]: Disconnected from authenticating user root 64.225.43.245 port 55222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:10:28 honeypot-fra-1 kernel: [83751059.888275] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=37803 PROTO=TCP SPT=56003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:10:29.457Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T06:11:09.520Z","@version":"1","message":"Sep 11 06:11:08 honeypot-sgp-1 sshd[5276]: Invalid user dst from 67.205.167.168 port 42626","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:11:27.530Z","@version":"1","message":"Sep 11 06:11:27 honeypot-sgp-1 sshd[5280]: Received disconnect from 43.154.190.157 port 53446:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:11:43 honeypot-ams-1 kernel: [83753288.964730] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=25926 DF PROTO=TCP SPT=53733 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T06:11:43.496Z"}
{"@timestamp":"2022-09-11T06:13:47.588Z","@version":"1","message":"Sep 11 06:13:47 honeypot-sgp-1 sshd[5287]: Invalid user ftpuser from 92.255.85.69 port 38834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:14:38.612Z","@version":"1","message":"Sep 11 06:14:37 honeypot-sgp-1 sshd[5291]: Disconnected from authenticating user root 64.225.43.245 port 37046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:15:24 honeypot-fra-1 sshd[31407]: Connection closed by invalid user User 182.70.118.41 port 57500 [preauth]","@timestamp":"2022-09-11T06:15:24.571Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:17:01.672Z","@version":"1","message":"Sep 11 06:17:01 honeypot-sgp-1 CRON[5297]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:17:01 honeypot-ams-1 CRON[9257]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T06:17:02.636Z"}
{"@timestamp":"2022-09-11T06:18:24.712Z","@version":"1","message":"Sep 11 06:18:23 honeypot-sgp-1 sshd[5304]: Disconnected from invalid user user 45.61.187.160 port 53952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:18:42.720Z","@version":"1","message":"Sep 11 06:18:42 honeypot-sgp-1 sshd[5308]: Disconnected from invalid user user 45.61.187.160 port 49078 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:19:00.729Z","@version":"1","message":"Sep 11 06:19:00 honeypot-sgp-1 sshd[5312]: Disconnected from invalid user user 45.61.187.160 port 44216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:19:17.737Z","@version":"1","message":"Sep 11 06:19:16 honeypot-sgp-1 sshd[5316]: Disconnected from invalid user user 45.61.187.160 port 39264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:19:49 honeypot-ams-1 sshd[9262]: Received disconnect from 64.227.98.3 port 59618:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:19:49.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:23:05 honeypot-fra-1 kernel: [83751816.537181] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=16725 PROTO=TCP SPT=58211 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:23:05.742Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:25:01 honeypot-fra-1 CRON[31419]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T06:25:01.789Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:25:56 honeypot-ams-1 kernel: [83754141.821066] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=7209 PROTO=TCP SPT=57176 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:25:56.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:22 honeypot-ams-1 sshd[9438]: Invalid user user from 141.255.162.226 port 53088","@timestamp":"2022-09-11T06:31:23.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:23 honeypot-ams-1 sshd[9442]: Invalid user user from 141.255.162.226 port 45818","@timestamp":"2022-09-11T06:31:24.014Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:28 honeypot-ams-1 sshd[9446]: Invalid user user from 141.255.162.226 port 46666","@timestamp":"2022-09-11T06:31:29.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:31:45 honeypot-fra-1 sshd[31563]: Invalid user user from 198.98.61.9 port 39474","@timestamp":"2022-09-11T06:31:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:06 honeypot-fra-1 sshd[31567]: Invalid user user from 198.98.61.9 port 34658","@timestamp":"2022-09-11T06:32:07.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:25 honeypot-fra-1 sshd[31571]: Invalid user user from 198.98.61.9 port 58060","@timestamp":"2022-09-11T06:32:26.011Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:41 honeypot-fra-1 sshd[31575]: Invalid user user from 198.98.61.9 port 53232","@timestamp":"2022-09-11T06:32:42.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:34:06.104Z","@version":"1","message":"Sep 11 06:34:05 honeypot-sgp-1 kernel: [83754158.796851] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=50096 DF PROTO=TCP SPT=51120 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:37:40 honeypot-fra-1 sshd[31579]: Received disconnect from 165.22.45.108 port 53268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:37:41.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:38:14 honeypot-ams-1 sshd[9451]: Invalid user pi from 78.70.114.29 port 57692","@timestamp":"2022-09-11T06:38:15.188Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:42:37 honeypot-fra-1 sshd[31584]: Received disconnect from 138.197.19.166 port 55508:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:42:37.236Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:42:36 honeypot-ams-1 kernel: [83755142.643930] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=32025 PROTO=TCP SPT=54779 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:42:37.304Z"}
{"@timestamp":"2022-09-11T06:47:03.431Z","@version":"1","message":"Sep 11 06:47:02 honeypot-sgp-1 CRON[5571]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:47:19 honeypot-fra-1 kernel: [83753270.143071] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=44385 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:47:19.340Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:50:36 honeypot-ams-1 sshd[9477]: Received disconnect from 167.172.86.212 port 42462:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:50:37.511Z"}
{"@timestamp":"2022-09-11T06:50:41.520Z","@version":"1","message":"Sep 11 06:50:40 honeypot-sgp-1 sshd[5593]: Disconnected from invalid user user 45.61.187.160 port 34444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:50:58.528Z","@version":"1","message":"Sep 11 06:50:58 honeypot-sgp-1 sshd[5597]: Disconnected from invalid user user 45.61.187.160 port 57002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:15.537Z","@version":"1","message":"Sep 11 06:51:15 honeypot-sgp-1 sshd[5601]: Disconnected from invalid user user 45.61.187.160 port 51340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:31.545Z","@version":"1","message":"Sep 11 06:51:31 honeypot-sgp-1 sshd[5605]: Disconnected from invalid user user 45.61.187.160 port 45676 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:55:47 honeypot-ams-1 kernel: [83755933.146607] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.146.63.210 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=615 DF PROTO=TCP SPT=56817 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:55:47.657Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:56:16 honeypot-fra-1 kernel: [83753807.850893] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=58573 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:56:17.537Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:59:13 honeypot-fra-1 sshd[31616]: Invalid user chmod from 45.119.85.97 port 44464","@timestamp":"2022-09-11T06:59:13.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:02:22 honeypot-fra-1 sshd[31620]: Received disconnect from 221.216.95.120 port 45079:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:02:22.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:06:12 honeypot-ams-1 sshd[9575]: Received disconnect from 92.255.85.70 port 41270:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:06:12.928Z"}
{"@timestamp":"2022-09-11T07:10:05.001Z","@version":"1","message":"Sep 11 07:10:04 honeypot-sgp-1 sshd[5612]: Invalid user user from 45.61.187.160 port 53620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:23.010Z","@version":"1","message":"Sep 11 07:10:22 honeypot-sgp-1 sshd[5616]: Invalid user user from 45.61.187.160 port 49254","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:40.018Z","@version":"1","message":"Sep 11 07:10:39 honeypot-sgp-1 sshd[5620]: Invalid user user from 45.61.187.160 port 44898","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:56.026Z","@version":"1","message":"Sep 11 07:10:55 honeypot-sgp-1 sshd[5624]: Invalid user user from 45.61.187.160 port 40542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:11:02 honeypot-fra-1 sshd[31625]: Invalid user katrin from 165.22.45.108 port 58048","@timestamp":"2022-09-11T07:11:03.859Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:37 honeypot-fra-1 sshd[31628]: Disconnected from invalid user user 45.61.186.169 port 40022 [preauth]","@timestamp":"2022-09-11T07:12:37.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:54 honeypot-fra-1 sshd[31632]: Disconnected from invalid user user 45.61.186.169 port 35020 [preauth]","@timestamp":"2022-09-11T07:12:55.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:11 honeypot-fra-1 sshd[31636]: Disconnected from invalid user user 45.61.186.169 port 58266 [preauth]","@timestamp":"2022-09-11T07:13:11.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:26 honeypot-fra-1 sshd[31640]: Disconnected from invalid user user 45.61.186.169 port 53298 [preauth]","@timestamp":"2022-09-11T07:13:27.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:15:02.122Z","@version":"1","message":"Sep 11 07:15:01 honeypot-sgp-1 sshd[5629]: Disconnected from invalid user admin 161.35.112.155 port 50622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:16:35.163Z","@version":"1","message":"Sep 11 07:16:34 honeypot-sgp-1 sshd[5635]: Invalid user lf from 123.142.3.137 port 37720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:17:02.176Z","@version":"1","message":"Sep 11 07:17:01 honeypot-sgp-1 CRON[5639]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:13 honeypot-fra-1 sshd[31648]: Received disconnect from 34.92.176.182 port 42788:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:18:14.027Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:43 honeypot-fra-1 sshd[31656]: Invalid user elasticsearch from 43.138.12.15 port 37078","@timestamp":"2022-09-11T07:18:44.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31658]: Connection closed by invalid user user 43.138.12.15 port 37094 [preauth]","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31653]: Invalid user elasticsearch from 43.138.12.15 port 37086","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:45 honeypot-fra-1 sshd[31660]: Connection closed by invalid user steam 43.138.12.15 port 37082 [preauth]","@timestamp":"2022-09-11T07:18:46.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31678]: Invalid user esuser from 43.138.12.15 port 37112","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31692]: Connection closed by invalid user es 43.138.12.15 port 37122 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31682]: Invalid user ansible from 43.138.12.15 port 37118","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31677]: Connection closed by invalid user ansible 43.138.12.15 port 37146 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31694]: Invalid user devops from 43.138.12.15 port 37150","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31691]: Connection closed by invalid user centos 43.138.12.15 port 37120 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31689]: Connection closed by invalid user ftpuser 43.138.12.15 port 37100 [preauth]","@timestamp":"2022-09-11T07:18:49.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:50 honeypot-fra-1 sshd[31719]: Connection closed by invalid user admin 43.138.12.15 port 37116 [preauth]","@timestamp":"2022-09-11T07:18:51.045Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 07:19:18 honeypot-ams-1 kernel: [83757344.129634] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=180.182.228.200 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=52514 PROTO=TCP SPT=18362 DPT=80 WINDOW=13418 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:19:19.264Z"}
{"@timestamp":"2022-09-11T07:21:56.293Z","@version":"1","message":"Sep 11 07:21:56 honeypot-sgp-1 sshd[5647]: Received disconnect from 147.182.189.140 port 33654:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:27:28.427Z","@version":"1","message":"Sep 11 07:27:27 honeypot-sgp-1 sshd[5654]: Invalid user user from 45.61.184.204 port 46532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:27:49.438Z","@version":"1","message":"Sep 11 07:27:49 honeypot-sgp-1 sshd[5658]: Invalid user user from 45.61.184.204 port 42046","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:09.447Z","@version":"1","message":"Sep 11 07:28:09 honeypot-sgp-1 sshd[5662]: Invalid user user from 45.61.184.204 port 37562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:27.456Z","@version":"1","message":"Sep 11 07:28:26 honeypot-sgp-1 sshd[5666]: Invalid user user from 45.61.184.204 port 33072","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:29:47 honeypot-ams-1 sshd[9587]: Invalid user User from 201.63.83.37 port 33720","@timestamp":"2022-09-11T07:29:47.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:31:11 honeypot-ams-1 sshd[9591]: Connection closed by invalid user user 103.188.176.251 port 59886 [preauth]","@timestamp":"2022-09-11T07:31:11.576Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:35:35 honeypot-fra-1 sshd[31725]: Invalid user user from 103.188.176.251 port 42798","@timestamp":"2022-09-11T07:35:35.424Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:44:23 honeypot-fra-1 sshd[31728]: Invalid user katrin from 165.22.45.108 port 34604","@timestamp":"2022-09-11T07:44:23.627Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:45:05.857Z","@version":"1","message":"Sep 11 07:45:05 honeypot-sgp-1 sshd[5671]: Connection closed by 94.102.61.20 port 40574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:47:55 honeypot-ams-1 sshd[9597]: Disconnected from invalid user user 45.61.186.249 port 57108 [preauth]","@timestamp":"2022-09-11T07:47:56.011Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:15 honeypot-ams-1 sshd[9601]: Disconnected from invalid user user 45.61.186.249 port 51818 [preauth]","@timestamp":"2022-09-11T07:48:16.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:32 honeypot-ams-1 sshd[9605]: Disconnected from invalid user user 45.61.186.249 port 46494 [preauth]","@timestamp":"2022-09-11T07:48:33.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:49 honeypot-ams-1 sshd[9609]: Disconnected from invalid user user 45.61.186.249 port 41162 [preauth]","@timestamp":"2022-09-11T07:48:50.040Z"}
{"@timestamp":"2022-09-11T07:49:12.960Z","@version":"1","message":"Sep 11 07:49:12 honeypot-sgp-1 sshd[5673]: Received disconnect from 92.255.85.70 port 55814:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:50:35 honeypot-fra-1 sshd[31734]: Did not receive identification string from 103.203.57.11 port 58412","@timestamp":"2022-09-11T07:50:35.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:53:28 honeypot-fra-1 kernel: [83757239.029814] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=18812 DF PROTO=TCP SPT=49744 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:53:28.835Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:56:40 honeypot-fra-1 kernel: [83757431.809946] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=58811 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:56:41.912Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 07:58:56 honeypot-ams-1 kernel: [83759722.183934] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.214.26.53 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37663 PROTO=TCP SPT=42229 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:58:57.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:59:21 honeypot-fra-1 sshd[31747]: Disconnected from authenticating user root 178.217.102.225 port 52376 [preauth]","@timestamp":"2022-09-11T07:59:21.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:01:11.244Z","@version":"1","message":"Sep 11 08:01:11 honeypot-sgp-1 sshd[5679]: Received disconnect from 58.246.125.198 port 32815:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:05:04 honeypot-ams-1 sshd[9621]: Received disconnect from 167.172.152.18 port 35964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:05:04.467Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:06:23 honeypot-ams-1 sshd[9627]: Received disconnect from 167.172.152.18 port 36430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:06:24.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:07:39 honeypot-ams-1 sshd[9633]: Received disconnect from 167.172.152.18 port 36944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:07:40.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:08:30 honeypot-ams-1 sshd[9638]: Received disconnect from 167.172.152.18 port 46714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:08:30.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:09:20 honeypot-ams-1 sshd[9642]: Received disconnect from 167.172.152.18 port 56558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:09:21.592Z"}
{"@timestamp":"2022-09-11T08:09:54.455Z","@version":"1","message":"Sep 11 08:09:54 honeypot-sgp-1 kernel: [83759907.436127] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=95.161.131.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39976 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:10:11 honeypot-ams-1 sshd[9647]: Received disconnect from 167.172.152.18 port 38346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:10:11.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:11:01 honeypot-ams-1 sshd[9651]: Received disconnect from 167.172.152.18 port 48870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:11:01.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:11:50 honeypot-ams-1 sshd[9655]: Received disconnect from 167.172.152.18 port 57792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:11:51.666Z"}
{"@timestamp":"2022-09-11T08:12:15.517Z","@version":"1","message":"Sep 11 08:12:15 honeypot-sgp-1 sshd[5685]: Disconnected from invalid user user 45.61.184.204 port 41908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:12:34.530Z","@version":"1","message":"Sep 11 08:12:34 honeypot-sgp-1 sshd[5689]: Disconnected from invalid user user 45.61.184.204 port 37436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:12:40 honeypot-ams-1 sshd[9659]: Received disconnect from 167.172.152.18 port 39326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:12:40.692Z"}
{"@timestamp":"2022-09-11T08:12:46.536Z","@version":"1","message":"Sep 11 08:12:46 honeypot-sgp-1 sshd[5693]: Disconnected from invalid user test1 92.255.85.70 port 47536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:13:02.543Z","@version":"1","message":"Sep 11 08:13:01 honeypot-sgp-1 sshd[5697]: Disconnected from invalid user user 45.61.184.204 port 44902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:13:30 honeypot-ams-1 sshd[9663]: Received disconnect from 167.172.152.18 port 49078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:13:30.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:14:20 honeypot-ams-1 sshd[9667]: Received disconnect from 167.172.152.18 port 59016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:14:20.741Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:14:24 honeypot-fra-1 kernel: [83758495.483225] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=54020 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:14:25.316Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:15:10 honeypot-ams-1 sshd[9672]: Received disconnect from 167.172.152.18 port 40598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:15:10.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:16:01 honeypot-ams-1 sshd[9676]: Received disconnect from 167.172.152.18 port 50408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:16:02.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:16:53 honeypot-ams-1 sshd[9680]: Received disconnect from 167.172.152.18 port 60068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:16:53.814Z"}
{"@timestamp":"2022-09-11T08:17:01.638Z","@version":"1","message":"Sep 11 08:17:01 honeypot-sgp-1 CRON[5702]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:17:17 honeypot-fra-1 kernel: [83758668.279327] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.145.84 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=37364 PROTO=TCP SPT=15958 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:17:18.385Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:18:02 honeypot-ams-1 sshd[9685]: Disconnected from invalid user test1 92.255.85.69 port 60934 [preauth]","@timestamp":"2022-09-11T08:18:02.846Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:24:31 honeypot-ams-1 kernel: [83761257.069179] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=51452 PROTO=TCP SPT=51300 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:24:32.008Z"}
{"@timestamp":"2022-09-11T08:29:15.937Z","@version":"1","message":"Sep 11 08:29:14 honeypot-sgp-1 sshd[5726]: Disconnected from authenticating user mail 186.10.86.130 port 51498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:33:56 honeypot-ams-1 sshd[9708]: Disconnected from invalid user katie 182.52.90.164 port 44264 [preauth]","@timestamp":"2022-09-11T08:33:56.252Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:34:20 honeypot-fra-1 sshd[31786]: Invalid user network from 43.155.63.124 port 37122","@timestamp":"2022-09-11T08:34:20.786Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:38:10 honeypot-ams-1 sshd[9713]: Invalid user emily from 185.149.120.51 port 60288","@timestamp":"2022-09-11T08:38:11.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:38:24 honeypot-fra-1 sshd[31789]: Invalid user test1 from 92.255.85.69 port 61394","@timestamp":"2022-09-11T08:38:24.878Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:39:02.171Z","@version":"1","message":"Sep 11 08:39:02 honeypot-sgp-1 sshd[5731]: Received disconnect from 27.1.253.142 port 50142:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:41:35 honeypot-ams-1 sshd[9717]: Received disconnect from 92.255.85.70 port 30256:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:41:35.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:32 honeypot-ams-1 sshd[9721]: Disconnected from invalid user user 45.61.186.169 port 51500 [preauth]","@timestamp":"2022-09-11T08:43:32.510Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:48 honeypot-ams-1 sshd[9725]: Disconnected from invalid user user 45.61.186.169 port 46646 [preauth]","@timestamp":"2022-09-11T08:43:49.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:44:04 honeypot-ams-1 sshd[9729]: Disconnected from invalid user user 45.61.186.169 port 41798 [preauth]","@timestamp":"2022-09-11T08:44:05.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:44:20 honeypot-ams-1 sshd[9733]: Invalid user user from 45.61.186.169 port 36934","@timestamp":"2022-09-11T08:44:21.537Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:44:53 honeypot-fra-1 sshd[31792]: Received disconnect from 119.17.253.250 port 36078:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:44:54.024Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:46:48.352Z","@version":"1","message":"Sep 11 08:46:48 honeypot-sgp-1 sshd[5736]: Received disconnect from 1.220.185.149 port 34978:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:48:24 honeypot-fra-1 kernel: [83760535.451011] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=30145 PROTO=TCP SPT=41214 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:48:25.103Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:50:36 honeypot-fra-1 sshd[31801]: Invalid user toby from 34.69.39.31 port 49056","@timestamp":"2022-09-11T08:50:37.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:51:02 honeypot-fra-1 sshd[31805]: Invalid user katrin from 165.22.45.108 port 44168","@timestamp":"2022-09-11T08:51:02.164Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:53:33 honeypot-ams-1 sshd[9736]: Connection closed by 94.102.61.20 port 59932 [preauth]","@timestamp":"2022-09-11T08:53:33.793Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:01:52 honeypot-fra-1 sshd[31808]: Disconnected from invalid user test1 92.255.85.69 port 22458 [preauth]","@timestamp":"2022-09-11T09:01:53.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:03:11.735Z","@version":"1","message":"Sep 11 09:03:11 honeypot-sgp-1 kernel: [83763104.512904] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=32286 DF PROTO=TCP SPT=38521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:12 honeypot-fra-1 sshd[31814]: Received disconnect from 45.61.186.49 port 40368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:05:13.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:21 honeypot-fra-1 sshd[31818]: Received disconnect from 45.61.186.49 port 52122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:05:21.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:05:44 honeypot-ams-1 sshd[9744]: Did not receive identification string from 167.172.152.18 port 59652","@timestamp":"2022-09-11T09:05:45.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:07:02 honeypot-ams-1 sshd[9749]: Disconnected from authenticating user root 167.172.152.18 port 33352 [preauth]","@timestamp":"2022-09-11T09:07:03.139Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:08:20 honeypot-ams-1 sshd[9755]: Received disconnect from 167.172.152.18 port 60252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:08:21.176Z"}
{"@timestamp":"2022-09-11T09:08:38.871Z","@version":"1","message":"Sep 11 09:08:38 honeypot-sgp-1 kernel: [83763431.985070] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.220.205.196 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59946 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:09:10 honeypot-ams-1 sshd[9759]: Disconnected from authenticating user root 167.172.152.18 port 40426 [preauth]","@timestamp":"2022-09-11T09:09:11.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:10:27 honeypot-ams-1 sshd[9765]: Invalid user git from 167.172.152.18 port 40538","@timestamp":"2022-09-11T09:10:28.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:11:17 honeypot-ams-1 sshd[9779]: Invalid user oracle from 167.172.152.18 port 47534","@timestamp":"2022-09-11T09:11:18.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:11:42 honeypot-ams-1 sshd[9782]: Received disconnect from 167.172.152.18 port 37712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:11:43.274Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:07 honeypot-ams-1 sshd[9786]: Received disconnect from 167.172.152.18 port 56068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:08.287Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:19 honeypot-ams-1 sshd[9790]: Received disconnect from 45.61.187.160 port 34690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:19.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:32 honeypot-ams-1 sshd[9794]: Received disconnect from 167.172.152.18 port 46112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:33.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:43 honeypot-ams-1 sshd[9798]: Received disconnect from 45.61.187.160 port 40926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:44.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:57 honeypot-ams-1 sshd[9802]: Received disconnect from 167.172.152.18 port 36288:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:58.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:13:28 honeypot-ams-1 sshd[9806]: Received disconnect from 185.126.8.102 port 51848:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:13:29.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:14:12 honeypot-ams-1 sshd[9810]: Received disconnect from 167.172.152.18 port 34912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:14:12.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:15:02 honeypot-ams-1 sshd[9814]: Received disconnect from 167.172.152.18 port 43336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:15:03.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:15:52 honeypot-ams-1 sshd[9818]: Received disconnect from 167.172.152.18 port 51830:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:15:53.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:16:42 honeypot-ams-1 sshd[9824]: Received disconnect from 167.172.152.18 port 60326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:16:43.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:17:01 honeypot-fra-1 CRON[31823]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T09:17:01.751Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:17:08 honeypot-ams-1 sshd[9829]: Received disconnect from 167.172.152.18 port 50414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:17:09.437Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:18:00 honeypot-ams-1 sshd[9833]: Received disconnect from 167.172.152.18 port 58888:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:18:00.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:18:26 honeypot-ams-1 sshd[9837]: Received disconnect from 167.172.152.18 port 49112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:18:26.475Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:28 honeypot-fra-1 sshd[31829]: Invalid user user from 141.255.162.226 port 43066","@timestamp":"2022-09-11T09:18:28.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:30 honeypot-fra-1 sshd[31833]: Invalid user user from 141.255.162.226 port 36004","@timestamp":"2022-09-11T09:18:31.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:35 honeypot-fra-1 sshd[31837]: Invalid user user from 141.255.162.226 port 57228","@timestamp":"2022-09-11T09:18:35.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:21:05 honeypot-fra-1 sshd[31841]: Did not receive identification string from 178.128.72.150 port 43084","@timestamp":"2022-09-11T09:21:05.846Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:22:35.198Z","@version":"1","message":"Sep 11 09:22:34 honeypot-sgp-1 sshd[5750]: Invalid user test2 from 92.255.85.70 port 29502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:23:09 honeypot-fra-1 sshd[31846]: Disconnected from invalid user best 178.128.72.150 port 57386 [preauth]","@timestamp":"2022-09-11T09:23:09.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:23:58 honeypot-fra-1 sshd[31850]: Disconnected from invalid user blackjack 178.128.72.150 port 55994 [preauth]","@timestamp":"2022-09-11T09:23:58.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:24:23 honeypot-fra-1 sshd[31854]: Disconnected from invalid user blood 178.128.72.150 port 41198 [preauth]","@timestamp":"2022-09-11T09:24:23.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:10 honeypot-fra-1 sshd[31858]: Disconnected from invalid user boxer 178.128.72.150 port 39814 [preauth]","@timestamp":"2022-09-11T09:25:10.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:44 honeypot-fra-1 sshd[31862]: Disconnected from invalid user test2 92.255.85.70 port 51818 [preauth]","@timestamp":"2022-09-11T09:25:44.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:26:22 honeypot-fra-1 sshd[31866]: Received disconnect from 178.128.72.150 port 51834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:26:22.977Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:27:09 honeypot-fra-1 sshd[31870]: Received disconnect from 178.128.72.150 port 50468:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:27:09.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:27:57 honeypot-fra-1 sshd[31875]: Received disconnect from 178.128.72.150 port 49054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:27:58.017Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:28:03 honeypot-ams-1 sshd[9840]: Received disconnect from 92.255.85.69 port 31476:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:28:04.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:28:21 honeypot-fra-1 sshd[31879]: Received disconnect from 178.128.72.150 port 34240:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:28:22.032Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:29:10 honeypot-fra-1 sshd[31883]: Received disconnect from 178.128.72.150 port 32854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:29:11.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:29:57 honeypot-fra-1 sshd[31887]: Received disconnect from 178.128.72.150 port 59690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:29:58.071Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:35:50 honeypot-fra-1 sshd[31892]: Received disconnect from 161.132.219.115 port 40142:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:35:51.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:38:10.580Z","@version":"1","message":"Sep 11 09:38:09 honeypot-sgp-1 sshd[5756]: Invalid user admin from 2.42.138.122 port 57082","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:39:26 honeypot-ams-1 kernel: [83765752.392565] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.161.131.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=54321 PROTO=TCP SPT=57727 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:39:27.038Z"}
{"@timestamp":"2022-09-11T09:42:09.674Z","@version":"1","message":"Sep 11 09:42:09 honeypot-sgp-1 sshd[5761]: Disconnected from authenticating user root 170.210.203.212 port 49099 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:45:36 honeypot-fra-1 sshd[31899]: Received disconnect from 45.148.122.228 port 41150:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:45:36.422Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:50:43 honeypot-fra-1 sshd[31904]: Did not receive identification string from 163.172.251.68 port 44994","@timestamp":"2022-09-11T09:50:43.539Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:51:24 honeypot-ams-1 sshd[9848]: Received disconnect from 92.255.85.70 port 55800:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:51:24.347Z"}
{"@timestamp":"2022-09-11T09:52:24.916Z","@version":"1","message":"Sep 11 09:52:24 honeypot-sgp-1 kernel: [83766057.843934] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.34.56.97 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47738 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:52:34 honeypot-fra-1 sshd[31907]: Disconnected from invalid user postgres 163.172.251.68 port 58840 [preauth]","@timestamp":"2022-09-11T09:52:34.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:53:10 honeypot-fra-1 sshd[31911]: Disconnected from invalid user oracle 163.172.251.68 port 28636 [preauth]","@timestamp":"2022-09-11T09:53:10.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:53:45 honeypot-fra-1 sshd[31915]: Disconnected from invalid user git 163.172.251.68 port 54942 [preauth]","@timestamp":"2022-09-11T09:53:46.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:21 honeypot-fra-1 sshd[31919]: Disconnected from invalid user tim 163.172.251.68 port 24746 [preauth]","@timestamp":"2022-09-11T09:54:22.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:57 honeypot-fra-1 sshd[31923]: Disconnected from invalid user mosquitto 163.172.251.68 port 51054 [preauth]","@timestamp":"2022-09-11T09:54:57.644Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:54:58 honeypot-ams-1 sshd[9852]: Disconnected from invalid user brenda 128.199.129.68 port 40192 [preauth]","@timestamp":"2022-09-11T09:54:58.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:55:51 honeypot-fra-1 sshd[31930]: Invalid user ubuntu from 163.172.251.68 port 34008","@timestamp":"2022-09-11T09:55:52.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:56:28 honeypot-fra-1 sshd[31934]: Invalid user test from 163.172.251.68 port 60316","@timestamp":"2022-09-11T09:56:28.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:57:27 honeypot-fra-1 sshd[31936]: Disconnected from invalid user kavita 165.22.45.108 port 53752 [preauth]","@timestamp":"2022-09-11T09:57:27.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:00:25 honeypot-ams-1 kernel: [83767010.951747] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.122.52.214 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=5354 PROTO=TCP SPT=31509 DPT=80 WINDOW=3181 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:00:25.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:01:49 honeypot-fra-1 sshd[31941]: Disconnected from invalid user elastic 179.221.221.78 port 34304 [preauth]","@timestamp":"2022-09-11T10:01:49.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:08:55 honeypot-fra-1 sshd[31946]: Connection closed by invalid user test 193.106.191.157 port 49538 [preauth]","@timestamp":"2022-09-11T10:08:55.990Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:11:05.373Z","@version":"1","message":"Sep 11 10:11:04 honeypot-sgp-1 sshd[5848]: Invalid user admin from 220.132.210.118 port 37010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:11:32 honeypot-ams-1 kernel: [83767677.870901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51038 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:11:32.874Z"}
{"@timestamp":"2022-09-11T10:12:03.401Z","@version":"1","message":"Sep 11 10:12:03 honeypot-sgp-1 sshd[5851]: Received disconnect from 61.177.173.36 port 60140:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:13:30 honeypot-fra-1 sshd[31957]: Did not receive identification string from 209.141.60.201 port 51864","@timestamp":"2022-09-11T10:13:31.094Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:17:01 honeypot-fra-1 CRON[31963]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T10:17:02.176Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:17:02.524Z","@version":"1","message":"Sep 11 10:17:01 honeypot-sgp-1 CRON[5858]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:17:13 honeypot-ams-1 kernel: [83768018.727397] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.45.100.120 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=26126 PROTO=TCP SPT=26251 DPT=80 WINDOW=42323 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:17:14.019Z"}
{"@timestamp":"2022-09-11T10:17:28.538Z","@version":"1","message":"Sep 11 10:17:28 honeypot-sgp-1 sshd[5863]: Received disconnect from 45.61.186.249 port 34506:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:17:48.548Z","@version":"1","message":"Sep 11 10:17:48 honeypot-sgp-1 sshd[5868]: Received disconnect from 45.61.186.249 port 57628:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:18:06.558Z","@version":"1","message":"Sep 11 10:18:06 honeypot-sgp-1 sshd[5872]: Received disconnect from 45.61.186.249 port 52510:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:18:19 honeypot-fra-1 sshd[31969]: Received disconnect from 61.177.172.108 port 26153:11:  [preauth]","@timestamp":"2022-09-11T10:18:20.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:19:00 honeypot-fra-1 sshd[31973]: Disconnected from invalid user demo 81.169.137.181 port 40282 [preauth]","@timestamp":"2022-09-11T10:19:01.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:20:25 honeypot-fra-1 sshd[31977]: Disconnected from invalid user willie 81.169.137.181 port 38822 [preauth]","@timestamp":"2022-09-11T10:20:26.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:21:46 honeypot-fra-1 sshd[31982]: Received disconnect from 81.169.137.181 port 37424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:21:47.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:22:25 honeypot-fra-1 sshd[31986]: Received disconnect from 81.169.137.181 port 50736:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:22:25.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31992]: Invalid user ts3srv from 185.209.179.41 port 45178","@timestamp":"2022-09-11T10:23:16.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[32000]: Invalid user es from 185.209.179.41 port 45154","@timestamp":"2022-09-11T10:23:16.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31996]: Invalid user test from 185.209.179.41 port 45148","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31994]: Connection closed by invalid user steam 185.209.179.41 port 45174 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[32000]: Connection closed by invalid user es 185.209.179.41 port 45154 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32026]: Invalid user es from 185.209.179.41 port 45132","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32026]: Connection closed by invalid user es 185.209.179.41 port 45132 [preauth]","@timestamp":"2022-09-11T10:23:18.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:19 honeypot-fra-1 sshd[32039]: Invalid user ansible from 185.209.179.41 port 45164","@timestamp":"2022-09-11T10:23:19.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:19 honeypot-fra-1 sshd[32038]: Connection closed by invalid user admin 185.209.179.41 port 45196 [preauth]","@timestamp":"2022-09-11T10:23:20.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:42 honeypot-fra-1 sshd[32046]: Disconnected from invalid user vnc 81.169.137.181 port 49268 [preauth]","@timestamp":"2022-09-11T10:23:42.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:25:37 honeypot-fra-1 sshd[32054]: Invalid user virus from 81.169.137.181 port 32924","@timestamp":"2022-09-11T10:25:38.385Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:26:30.755Z","@version":"1","message":"Sep 11 10:26:30 honeypot-sgp-1 kernel: [83768103.630984] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.76.215.189 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=26689 DF PROTO=TCP SPT=56332 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:26:42 honeypot-fra-1 kernel: [83766433.470489] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28758 PROTO=TCP SPT=54145 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:26:43.410Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:27:34 honeypot-fra-1 sshd[32061]: Disconnected from invalid user vagrant 81.169.137.181 port 44854 [preauth]","@timestamp":"2022-09-11T10:27:35.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:28:45 honeypot-fra-1 kernel: [83766555.961172] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=55940 PROTO=TCP SPT=39224 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:28:46.461Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:29:31 honeypot-fra-1 sshd[32070]: Disconnected from invalid user vbox 81.169.137.181 port 56734 [preauth]","@timestamp":"2022-09-11T10:29:31.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:30:47 honeypot-fra-1 sshd[32074]: Disconnected from invalid user kayama 165.22.45.108 port 59540 [preauth]","@timestamp":"2022-09-11T10:30:48.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:31:31 honeypot-fra-1 sshd[32078]: Disconnected from invalid user ubnt 81.169.137.181 port 40410 [preauth]","@timestamp":"2022-09-11T10:31:32.528Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:32:50 honeypot-fra-1 sshd[32084]: Invalid user bzrx1098ui from 92.255.85.113 port 42426","@timestamp":"2022-09-11T10:32:50.560Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:35:06 honeypot-fra-1 sshd[32089]: Disconnected from authenticating user root 61.177.172.124 port 37334 [preauth]","@timestamp":"2022-09-11T10:35:06.613Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:36:54.000Z","@version":"1","message":"Sep 11 10:36:53 honeypot-sgp-1 sshd[5895]: Disconnected from authenticating user root 61.177.173.46 port 36597 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:37:10 honeypot-fra-1 sshd[32095]: Received disconnect from 61.177.173.51 port 32751:11:  [preauth]","@timestamp":"2022-09-11T10:37:10.661Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:38:38 honeypot-ams-1 sshd[9873]: Did not receive identification string from 178.128.72.150 port 52788","@timestamp":"2022-09-11T10:38:39.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:39:39 honeypot-ams-1 sshd[9888]: Disconnected from invalid user best 178.128.72.150 port 56784 [preauth]","@timestamp":"2022-09-11T10:39:39.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:39:57 honeypot-fra-1 sshd[32102]: Received disconnect from 61.177.172.104 port 26976:11:  [preauth]","@timestamp":"2022-09-11T10:39:57.725Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:40:33 honeypot-ams-1 sshd[9896]: Disconnected from invalid user blackjack 178.128.72.150 port 60498 [preauth]","@timestamp":"2022-09-11T10:40:33.630Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:41:26 honeypot-ams-1 kernel: [83769472.132797] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=38253 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:41:26.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:48 honeypot-fra-1 sshd[32107]: Invalid user user from 45.61.186.249 port 53902","@timestamp":"2022-09-11T10:41:49.769Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:41:54 honeypot-ams-1 sshd[9911]: Disconnected from invalid user boxer 178.128.72.150 port 51922 [preauth]","@timestamp":"2022-09-11T10:41:54.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:07 honeypot-fra-1 sshd[32112]: Invalid user user from 45.61.186.249 port 48920","@timestamp":"2022-09-11T10:42:07.778Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:42:20 honeypot-ams-1 sshd[9916]: Disconnected from invalid user brain 178.128.72.150 port 39658 [preauth]","@timestamp":"2022-09-11T10:42:21.685Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:24 honeypot-fra-1 sshd[32116]: Invalid user user from 45.61.186.249 port 43964","@timestamp":"2022-09-11T10:42:24.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:43:10 honeypot-fra-1 sshd[32120]: Invalid user forevermd from 118.69.71.109 port 58053","@timestamp":"2022-09-11T10:43:10.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:14 honeypot-ams-1 sshd[9921]: Received disconnect from 178.128.72.150 port 43332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:43:15.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:29 honeypot-ams-1 sshd[9925]: Received disconnect from 163.172.251.68 port 49990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:43:30.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:46 honeypot-ams-1 sshd[9930]: Received disconnect from 163.172.251.68 port 9182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:43:46.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:08 honeypot-ams-1 sshd[9934]: Received disconnect from 178.128.72.150 port 47054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:44:09.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:35 honeypot-ams-1 sshd[9938]: Received disconnect from 178.128.72.150 port 34780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:44:35.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:54 honeypot-ams-1 sshd[9942]: Received disconnect from 163.172.251.68 port 15478:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:44:54.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:11 honeypot-ams-1 sshd[9946]: Received disconnect from 163.172.251.68 port 31178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:45:11.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:29 honeypot-ams-1 sshd[9950]: Received disconnect from 163.172.251.68 port 46878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:45:29.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:55 honeypot-ams-1 sshd[9954]: Invalid user def from 178.128.72.150 port 54476","@timestamp":"2022-09-11T10:45:55.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:21 honeypot-ams-1 sshd[9958]: Received disconnect from 163.172.251.68 port 37468:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:46:21.808Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:46:34 honeypot-fra-1 sshd[32125]: Disconnected from authenticating user root 58.144.251.22 port 35870 [preauth]","@timestamp":"2022-09-11T10:46:34.885Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:38 honeypot-ams-1 sshd[9962]: Received disconnect from 163.172.251.68 port 53168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:46:38.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:56 honeypot-ams-1 sshd[9966]: Received disconnect from 163.172.251.68 port 12368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:46:56.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:47:16 honeypot-ams-1 sshd[9970]: Received disconnect from 178.128.72.150 port 45912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:47:16.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:48:58 honeypot-ams-1 sshd[9975]: Disconnected from authenticating user root 188.166.252.149 port 59356 [preauth]","@timestamp":"2022-09-11T10:48:58.884Z"}
{"@timestamp":"2022-09-11T10:49:48.303Z","@version":"1","message":"Sep 11 10:49:48 honeypot-sgp-1 sshd[5904]: Received disconnect from 61.177.173.35 port 53806:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:54:12.407Z","@version":"1","message":"Sep 11 10:54:11 honeypot-sgp-1 sshd[5908]: Received disconnect from 61.177.173.53 port 52812:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:33 honeypot-ams-1 sshd[9981]: Invalid user user from 141.255.162.226 port 44072","@timestamp":"2022-09-11T10:54:34.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:35 honeypot-ams-1 sshd[9985]: Invalid user user from 141.255.162.226 port 51324","@timestamp":"2022-09-11T10:54:36.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:39 honeypot-ams-1 sshd[9989]: Invalid user user from 141.255.162.226 port 58574","@timestamp":"2022-09-11T10:54:40.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:41 honeypot-ams-1 sshd[9993]: Connection closed by 141.255.162.226 port 37600 [preauth]","@timestamp":"2022-09-11T10:54:42.035Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:59:57 honeypot-fra-1 sshd[32131]: Disconnected from authenticating user root 92.255.85.69 port 58362 [preauth]","@timestamp":"2022-09-11T10:59:58.183Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:02:12 honeypot-ams-1 sshd[9998]: Disconnected from authenticating user root 92.255.85.69 port 27492 [preauth]","@timestamp":"2022-09-11T11:02:13.227Z"}
{"@timestamp":"2022-09-11T11:03:15.639Z","@version":"1","message":"Sep 11 11:03:14 honeypot-sgp-1 sshd[5919]: Did not receive identification string from 45.61.187.160 port 35462","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:03:46.654Z","@version":"1","message":"Sep 11 11:03:46 honeypot-sgp-1 sshd[5922]: Disconnected from invalid user user 45.61.187.160 port 33662 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:04:03.662Z","@version":"1","message":"Sep 11 11:04:03 honeypot-sgp-1 sshd[5926]: Disconnected from invalid user user 45.61.187.160 port 56654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:04:07 honeypot-fra-1 sshd[32137]: Disconnected from invalid user kay 165.22.45.108 port 36466 [preauth]","@timestamp":"2022-09-11T11:04:08.274Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:04:19.670Z","@version":"1","message":"Sep 11 11:04:18 honeypot-sgp-1 sshd[5930]: Disconnected from invalid user user 45.61.187.160 port 51400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:08:46 honeypot-fra-1 sshd[32143]: Received disconnect from 115.241.20.242 port 50552:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:08:47.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:14:43 honeypot-fra-1 sshd[32151]: Disconnected from authenticating user root 61.177.172.108 port 32685 [preauth]","@timestamp":"2022-09-11T11:14:43.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:15:03.921Z","@version":"1","message":"Sep 11 11:15:03 honeypot-sgp-1 sshd[5940]: Disconnected from 61.177.173.47 port 24587 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:16:06.948Z","@version":"1","message":"Sep 11 11:16:06 honeypot-sgp-1 sshd[5944]: Disconnected from invalid user tomcat7 91.240.118.222 port 49329 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:17:01 honeypot-fra-1 CRON[32157]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T11:17:01.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:17:23 honeypot-ams-1 sshd[10006]: Received disconnect from 178.128.73.254 port 34122:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:17:24.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:00 honeypot-ams-1 sshd[10011]: Received disconnect from 45.61.187.160 port 49318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:20:00.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:17 honeypot-ams-1 sshd[10015]: Received disconnect from 45.61.187.160 port 43890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:20:18.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:34 honeypot-ams-1 sshd[10019]: Received disconnect from 45.61.187.160 port 38470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:20:34.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:50 honeypot-ams-1 sshd[10023]: Received disconnect from 45.61.187.160 port 33036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:20:50.706Z"}
{"@timestamp":"2022-09-11T11:21:25.076Z","@version":"1","message":"Sep 11 11:21:25 honeypot-sgp-1 sshd[5952]: Disconnected from authenticating user root 61.177.173.53 port 39128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:25:12 honeypot-fra-1 sshd[32165]: Connection closed by invalid user CenturyL1nk 141.98.10.158 port 59892 [preauth]","@timestamp":"2022-09-11T11:25:13.748Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:26:11 honeypot-ams-1 sshd[10028]: Disconnected from authenticating user root 181.53.251.199 port 43406 [preauth]","@timestamp":"2022-09-11T11:26:11.847Z"}
{"@timestamp":"2022-09-11T11:28:45.280Z","@version":"1","message":"Sep 11 11:28:45 honeypot-sgp-1 sshd[5959]: Received disconnect from 61.177.173.50 port 41199:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:30:06 honeypot-fra-1 sshd[32175]: Received disconnect from 142.93.135.234 port 42538:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:30:06.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:34:40 honeypot-fra-1 sshd[32183]: Disconnected from authenticating user root 61.177.173.52 port 18360 [preauth]","@timestamp":"2022-09-11T11:34:40.956Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:37:27.487Z","@version":"1","message":"Sep 11 11:37:26 honeypot-sgp-1 sshd[5964]: Disconnected from authenticating user root 61.177.173.53 port 40988 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:38:35 honeypot-fra-1 sshd[32193]: Invalid user mj from 202.137.20.53 port 56951","@timestamp":"2022-09-11T11:38:36.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:39:40 honeypot-fra-1 sshd[32195]: Disconnected from invalid user faruk 138.68.50.30 port 36392 [preauth]","@timestamp":"2022-09-11T11:39:41.069Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:39:42 honeypot-ams-1 kernel: [83772967.582199] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.230.183 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=3940 DF PROTO=TCP SPT=43710 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:39:42.204Z"}
{"@timestamp":"2022-09-11T11:41:28.584Z","@version":"1","message":"Sep 11 11:41:28 honeypot-sgp-1 kernel: [83772601.449029] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.223.59.166 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=1324 PROTO=TCP SPT=56058 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:42:32 honeypot-fra-1 kernel: [83770982.818966] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.184 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=53068 PROTO=TCP SPT=45473 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:42:33.136Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:49:06 honeypot-ams-1 sshd[10035]: Disconnected from invalid user amit 119.202.72.87 port 60715 [preauth]","@timestamp":"2022-09-11T11:49:07.444Z"}
{"@timestamp":"2022-09-11T11:51:40.824Z","@version":"1","message":"Sep 11 11:51:40 honeypot-sgp-1 sshd[5977]: Disconnected from authenticating user root 61.177.173.39 port 22433 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:53:39.873Z","@version":"1","message":"Sep 11 11:53:39 honeypot-sgp-1 sshd[5981]: Disconnected from invalid user muthu 140.213.201.45 port 48757 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:54:06 honeypot-fra-1 sshd[32211]: Invalid user dkauffman from 78.37.125.18 port 38110","@timestamp":"2022-09-11T11:54:07.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:55:55 honeypot-fra-1 sshd[32217]: Received disconnect from 79.127.36.98 port 42234:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:55:56.431Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:59:13 honeypot-ams-1 sshd[10040]: Invalid user test from 193.106.191.157 port 48314","@timestamp":"2022-09-11T11:59:13.702Z"}
{"@timestamp":"2022-09-11T12:01:38.066Z","@version":"1","message":"Sep 11 12:01:37 honeypot-sgp-1 kernel: [83773810.422722] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=12434 PROTO=TCP SPT=57604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:04:35.139Z","@version":"1","message":"Sep 11 12:04:34 honeypot-sgp-1 sshd[5993]: Invalid user user from 45.61.186.249 port 59836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:04:56.149Z","@version":"1","message":"Sep 11 12:04:55 honeypot-sgp-1 sshd[5997]: Invalid user user from 45.61.186.249 port 54412","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:14.158Z","@version":"1","message":"Sep 11 12:05:13 honeypot-sgp-1 sshd[6001]: Invalid user user from 45.61.186.249 port 49012","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:29 honeypot-fra-1 sshd[32224]: Did not receive identification string from 141.255.162.226 port 43470","@timestamp":"2022-09-11T12:05:29.644Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:05:31.167Z","@version":"1","message":"Sep 11 12:05:30 honeypot-sgp-1 sshd[6005]: Invalid user user from 45.61.186.249 port 43614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:47 honeypot-fra-1 sshd[32227]: Disconnected from invalid user user 141.255.162.226 port 40008 [preauth]","@timestamp":"2022-09-11T12:05:47.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:49 honeypot-fra-1 sshd[32231]: Disconnected from invalid user user 141.255.162.226 port 47078 [preauth]","@timestamp":"2022-09-11T12:05:49.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:07:28.215Z","@version":"1","message":"Sep 11 12:07:27 honeypot-sgp-1 sshd[6008]: Disconnected from invalid user test2 92.255.85.70 port 25136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:10:17 honeypot-fra-1 sshd[32235]: Received disconnect from 92.255.85.70 port 61364:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:10:18.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:11:32 honeypot-fra-1 sshd[32240]: Disconnected from authenticating user root 61.177.173.51 port 40250 [preauth]","@timestamp":"2022-09-11T12:11:32.785Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:12:18 honeypot-ams-1 kernel: [83774923.925566] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.58.113.41 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=55477 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:12:19.049Z"}
{"@timestamp":"2022-09-11T12:13:31.360Z","@version":"1","message":"Sep 11 12:13:30 honeypot-sgp-1 kernel: [83774523.596386] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.135.233.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=29526 PROTO=TCP SPT=43475 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:17:01 honeypot-ams-1 CRON[10047]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T12:17:02.172Z"}
{"@timestamp":"2022-09-11T12:17:02.446Z","@version":"1","message":"Sep 11 12:17:01 honeypot-sgp-1 CRON[6023]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:20:02 honeypot-fra-1 sshd[32250]: Received disconnect from 61.177.173.51 port 18576:11:  [preauth]","@timestamp":"2022-09-11T12:20:02.973Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:23:37 honeypot-ams-1 kernel: [83775603.163480] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.117.198.12 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x20 TTL=119 ID=9675 DF PROTO=TCP SPT=57139 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:23:38.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:24:55 honeypot-ams-1 sshd[10056]: Received disconnect from 81.169.137.181 port 48476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:24:56.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:26:22 honeypot-ams-1 sshd[10060]: Received disconnect from 81.169.137.181 port 52122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:26:22.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:27:40 honeypot-ams-1 sshd[10065]: Received disconnect from 81.169.137.181 port 55760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:27:41.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:28:23 honeypot-fra-1 sshd[32255]: Disconnected from authenticating user root 61.177.173.36 port 46570 [preauth]","@timestamp":"2022-09-11T12:28:24.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:28:27 honeypot-ams-1 kernel: [83775893.420881] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.117.198.12 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x20 TTL=119 ID=13209 DF PROTO=TCP SPT=57417 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:28:28.480Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:56 honeypot-ams-1 sshd[10073]: Received disconnect from 167.172.152.18 port 35916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:28:56.495Z"}
{"@timestamp":"2022-09-11T12:28:59.728Z","@version":"1","message":"Sep 11 12:28:59 honeypot-sgp-1 sshd[6032]: Disconnected from 61.177.173.46 port 38459 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:11 honeypot-ams-1 sshd[10077]: Disconnected from authenticating user root 80.76.51.45 port 45134 [preauth]","@timestamp":"2022-09-11T12:29:11.504Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:29:35 honeypot-ams-1 kernel: [83775961.360735] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=61171 PROTO=TCP SPT=46076 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:29:36.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:49 honeypot-ams-1 sshd[10087]: Received disconnect from 167.172.152.18 port 45622:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:29:49.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:15 honeypot-ams-1 sshd[10093]: Received disconnect from 80.76.51.45 port 32900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:30:16.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:30 honeypot-ams-1 sshd[10097]: Disconnected from authenticating user root 80.76.51.45 port 43596 [preauth]","@timestamp":"2022-09-11T12:30:31.549Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:45 honeypot-fra-1 sshd[32263]: Received disconnect from 62.218.227.178 port 40322:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:46.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:46 honeypot-fra-1 sshd[32267]: Disconnected from invalid user ubnt 62.218.227.178 port 40402 [preauth]","@timestamp":"2022-09-11T12:30:46.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:46 honeypot-fra-1 sshd[32273]: Disconnected from authenticating user root 62.218.227.178 port 40490 [preauth]","@timestamp":"2022-09-11T12:30:47.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:47 honeypot-fra-1 sshd[32279]: Disconnected from authenticating user root 62.218.227.178 port 40550 [preauth]","@timestamp":"2022-09-11T12:30:48.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:48 honeypot-fra-1 sshd[32285]: Disconnected from authenticating user root 62.218.227.178 port 40580 [preauth]","@timestamp":"2022-09-11T12:30:49.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:49 honeypot-fra-1 sshd[32291]: Disconnected from authenticating user root 62.218.227.178 port 40638 [preauth]","@timestamp":"2022-09-11T12:30:50.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:50 honeypot-fra-1 sshd[32297]: Disconnected from authenticating user root 62.218.227.178 port 40682 [preauth]","@timestamp":"2022-09-11T12:30:51.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:51 honeypot-fra-1 sshd[32303]: Disconnected from authenticating user root 62.218.227.178 port 40718 [preauth]","@timestamp":"2022-09-11T12:30:52.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:52 honeypot-fra-1 sshd[32309]: Disconnected from authenticating user root 62.218.227.178 port 40752 [preauth]","@timestamp":"2022-09-11T12:30:52.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:53 honeypot-fra-1 sshd[32315]: Disconnected from authenticating user root 62.218.227.178 port 40786 [preauth]","@timestamp":"2022-09-11T12:30:53.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:53 honeypot-fra-1 sshd[32321]: Disconnected from authenticating user root 62.218.227.178 port 40840 [preauth]","@timestamp":"2022-09-11T12:30:54.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:54 honeypot-fra-1 sshd[32327]: Disconnected from authenticating user root 62.218.227.178 port 40886 [preauth]","@timestamp":"2022-09-11T12:30:55.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:55 honeypot-ams-1 sshd[10103]: Received disconnect from 81.169.137.181 port 50742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:30:55.563Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:55 honeypot-fra-1 sshd[32333]: Disconnected from authenticating user root 62.218.227.178 port 40972 [preauth]","@timestamp":"2022-09-11T12:30:56.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:56 honeypot-fra-1 sshd[32337]: Disconnected from invalid user admin 62.218.227.178 port 41042 [preauth]","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:56 honeypot-fra-1 sshd[32341]: Disconnected from invalid user admin 62.218.227.178 port 41092 [preauth]","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:57 honeypot-fra-1 sshd[32345]: Disconnected from invalid user admin 62.218.227.178 port 41138 [preauth]","@timestamp":"2022-09-11T12:30:58.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32349]: Disconnected from invalid user admin 62.218.227.178 port 41154 [preauth]","@timestamp":"2022-09-11T12:30:58.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32353]: Disconnected from invalid user admin 62.218.227.178 port 41176 [preauth]","@timestamp":"2022-09-11T12:30:59.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:59 honeypot-fra-1 sshd[32359]: Received disconnect from 62.218.227.178 port 41228:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:00.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:00 honeypot-fra-1 sshd[32363]: Received disconnect from 62.218.227.178 port 41254:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:00.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:00 honeypot-fra-1 sshd[32367]: Received disconnect from 62.218.227.178 port 41280:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:01.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32371]: Received disconnect from 62.218.227.178 port 41294:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32375]: Received disconnect from 62.218.227.178 port 41312:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:02 honeypot-fra-1 sshd[32379]: Received disconnect from 62.218.227.178 port 41326:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:03.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32383]: Received disconnect from 62.218.227.178 port 41352:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:03.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32387]: Received disconnect from 62.218.227.178 port 41376:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:04 honeypot-fra-1 sshd[32391]: Received disconnect from 62.218.227.178 port 41408:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:04 honeypot-fra-1 sshd[32395]: Received disconnect from 62.218.227.178 port 41428:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:05.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32399]: Received disconnect from 62.218.227.178 port 41446:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:06.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32403]: Received disconnect from 62.218.227.178 port 41512:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:06.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:16 honeypot-ams-1 sshd[10109]: Received disconnect from 80.76.51.45 port 48494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:31:16.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:34 honeypot-ams-1 sshd[10115]: Invalid user vftpuser from 81.169.137.181 port 38448","@timestamp":"2022-09-11T12:31:34.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:57 honeypot-ams-1 sshd[10119]: Disconnected from authenticating user root 167.172.152.18 port 55646 [preauth]","@timestamp":"2022-09-11T12:31:58.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:17 honeypot-ams-1 sshd[10125]: Invalid user git from 80.76.51.45 port 35898","@timestamp":"2022-09-11T12:32:17.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:23 honeypot-ams-1 sshd[10127]: Invalid user user from 167.172.152.18 port 46300","@timestamp":"2022-09-11T12:32:24.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:52 honeypot-ams-1 sshd[10132]: Invalid user vagrant from 81.169.137.181 port 42100","@timestamp":"2022-09-11T12:32:52.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:33:31 honeypot-ams-1 sshd[10136]: Invalid user vanesa from 81.169.137.181 port 58080","@timestamp":"2022-09-11T12:33:32.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:33:35 honeypot-fra-1 sshd[32407]: Disconnected from authenticating user root 92.255.85.70 port 39752 [preauth]","@timestamp":"2022-09-11T12:33:36.290Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:34:01 honeypot-ams-1 kernel: [83776226.688179] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=15060 PROTO=TCP SPT=10968 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:34:01.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:11 honeypot-ams-1 sshd[10142]: Disconnected from invalid user vanessa 81.169.137.181 port 45738 [preauth]","@timestamp":"2022-09-11T12:34:12.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:51 honeypot-ams-1 sshd[10146]: Disconnected from invalid user vbox 81.169.137.181 port 33476 [preauth]","@timestamp":"2022-09-11T12:34:52.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:35:24 honeypot-ams-1 sshd[10150]: Disconnected from invalid user ec2-user 167.172.152.18 port 37680 [preauth]","@timestamp":"2022-09-11T12:35:24.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:35:49 honeypot-ams-1 sshd[10154]: Disconnected from invalid user test 167.172.152.18 port 56592 [preauth]","@timestamp":"2022-09-11T12:35:49.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:11 honeypot-ams-1 sshd[10158]: Disconnected from invalid user update 81.169.137.181 port 37082 [preauth]","@timestamp":"2022-09-11T12:36:11.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:39 honeypot-ams-1 sshd[10162]: Disconnected from invalid user demo 167.172.152.18 port 37972 [preauth]","@timestamp":"2022-09-11T12:36:39.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:04 honeypot-ams-1 sshd[10166]: Disconnected from invalid user spark 167.172.152.18 port 56916 [preauth]","@timestamp":"2022-09-11T12:37:05.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:36 honeypot-ams-1 sshd[10170]: Disconnected from invalid user tony 81.169.137.181 port 40726 [preauth]","@timestamp":"2022-09-11T12:37:36.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:38:20 honeypot-ams-1 sshd[10175]: Disconnected from invalid user ftpadmin 167.172.152.18 port 57246 [preauth]","@timestamp":"2022-09-11T12:38:20.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:39:11 honeypot-ams-1 sshd[10179]: Received disconnect from 167.172.152.18 port 38632:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:39:11.816Z"}
{"@timestamp":"2022-09-11T12:39:46.984Z","@version":"1","message":"Sep 11 12:39:46 honeypot-sgp-1 kernel: [83776099.663034] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=40854 DF PROTO=TCP SPT=55977 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:40:03 honeypot-ams-1 sshd[10183]: Received disconnect from 167.172.152.18 port 48240:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:40:03.842Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:40:40 honeypot-fra-1 sshd[32418]: Disconnected from authenticating user root 61.177.173.36 port 12846 [preauth]","@timestamp":"2022-09-11T12:40:40.450Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:40:55 honeypot-ams-1 sshd[10187]: Received disconnect from 167.172.152.18 port 57984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:40:55.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:41:25 honeypot-ams-1 sshd[10191]: Connection closed by invalid user inspur 103.188.176.251 port 49586 [preauth]","@timestamp":"2022-09-11T12:41:25.885Z"}
{"@timestamp":"2022-09-11T12:43:00.063Z","@version":"1","message":"Sep 11 12:42:59 honeypot-sgp-1 sshd[6049]: Disconnected from invalid user samba1 146.19.133.233 port 60556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:48:59 honeypot-fra-1 kernel: [83774969.467254] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=42634 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:48:59.657Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:49:49 honeypot-ams-1 sshd[10197]: Received disconnect from 223.197.186.7 port 37550:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:49:49.106Z"}
{"@timestamp":"2022-09-11T12:50:26.246Z","@version":"1","message":"Sep 11 12:50:25 honeypot-sgp-1 sshd[6059]: Connection closed by invalid user support 189.219.253.17 port 35653 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:56:37.397Z","@version":"1","message":"Sep 11 12:56:36 honeypot-sgp-1 sshd[6068]: Received disconnect from 139.59.126.129 port 37666:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:57:24 honeypot-fra-1 sshd[32437]: Disconnected from authenticating user root 92.255.85.69 port 50272 [preauth]","@timestamp":"2022-09-11T12:57:24.845Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:01:44 honeypot-ams-1 kernel: [83777890.152820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=37160 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:01:45.423Z"}
{"@timestamp":"2022-09-11T13:05:32.609Z","@version":"1","message":"Sep 11 13:05:31 honeypot-sgp-1 sshd[6073]: Received disconnect from 61.177.173.36 port 32294:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:06:02 honeypot-fra-1 kernel: [83775992.803357] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.214 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=38986 PROTO=TCP SPT=37267 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:06:03.037Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:13:39 honeypot-fra-1 sshd[32447]: Disconnected from authenticating user root 63.41.225.61 port 57794 [preauth]","@timestamp":"2022-09-11T13:13:40.209Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:16:48 honeypot-ams-1 kernel: [83778794.109810] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=64306 PROTO=TCP SPT=53095 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:16:48.855Z"}
{"@timestamp":"2022-09-11T13:17:01.883Z","@version":"1","message":"Sep 11 13:17:01 honeypot-sgp-1 CRON[6083]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:17:01 honeypot-fra-1 CRON[32453]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T13:17:02.287Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:18:48 honeypot-fra-1 sshd[32460]: Received disconnect from 61.177.172.124 port 15831:11:  [preauth]","@timestamp":"2022-09-11T13:18:49.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:20:17 honeypot-fra-1 sshd[32464]: Disconnected from invalid user cet 137.135.226.173 port 49390 [preauth]","@timestamp":"2022-09-11T13:20:18.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:21:45 honeypot-fra-1 sshd[32470]: Disconnected from authenticating user root 61.177.173.50 port 23081 [preauth]","@timestamp":"2022-09-11T13:21:46.401Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:22:32.016Z","@version":"1","message":"Sep 11 13:22:31 honeypot-sgp-1 sshd[6097]: Did not receive identification string from 141.255.162.226 port 47352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:22:44.021Z","@version":"1","message":"Sep 11 13:22:43 honeypot-sgp-1 sshd[6098]: Disconnected from invalid user user 141.255.162.226 port 38688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:22:47.023Z","@version":"1","message":"Sep 11 13:22:46 honeypot-sgp-1 sshd[6104]: Disconnected from invalid user user 141.255.162.226 port 59256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:31 honeypot-ams-1 sshd[10235]: Disconnected from authenticating user root 92.255.85.69 port 63268 [preauth]","@timestamp":"2022-09-11T13:23:32.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:43 honeypot-ams-1 sshd[10239]: Disconnected from invalid user user 45.61.186.169 port 48156 [preauth]","@timestamp":"2022-09-11T13:23:44.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:02 honeypot-ams-1 sshd[10243]: Disconnected from invalid user user 45.61.186.169 port 42956 [preauth]","@timestamp":"2022-09-11T13:24:03.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:20 honeypot-ams-1 sshd[10248]: Disconnected from invalid user user 45.61.186.169 port 37754 [preauth]","@timestamp":"2022-09-11T13:24:21.058Z"}
{"@timestamp":"2022-09-11T13:30:20.207Z","@version":"1","message":"Sep 11 13:30:19 honeypot-sgp-1 sshd[6114]: Invalid user user from 45.61.184.204 port 57044","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:40.216Z","@version":"1","message":"Sep 11 13:30:39 honeypot-sgp-1 sshd[6118]: Invalid user user from 45.61.184.204 port 52074","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:58.225Z","@version":"1","message":"Sep 11 13:30:58 honeypot-sgp-1 sshd[6122]: Invalid user user from 45.61.184.204 port 47062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:31:16.234Z","@version":"1","message":"Sep 11 13:31:15 honeypot-sgp-1 sshd[6126]: Invalid user user from 45.61.184.204 port 42070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:34:36 honeypot-fra-1 sshd[32483]: Disconnected from invalid user oracle 121.130.111.133 port 59446 [preauth]","@timestamp":"2022-09-11T13:34:37.711Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:03 honeypot-ams-1 sshd[10255]: Invalid user user from 45.61.184.204 port 44684","@timestamp":"2022-09-11T13:36:04.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:22 honeypot-ams-1 sshd[10259]: Invalid user user from 45.61.184.204 port 40062","@timestamp":"2022-09-11T13:36:23.365Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:36:32 honeypot-fra-1 sshd[32491]: Invalid user shipping from 190.210.182.179 port 38153","@timestamp":"2022-09-11T13:36:32.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:41 honeypot-ams-1 sshd[10263]: Invalid user user from 45.61.184.204 port 35444","@timestamp":"2022-09-11T13:36:42.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:50 honeypot-ams-1 sshd[10265]: Disconnected from invalid user user 45.61.184.204 port 47262 [preauth]","@timestamp":"2022-09-11T13:36:51.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:39:20 honeypot-ams-1 sshd[10269]: Disconnected from invalid user fork1 14.102.74.99 port 48774 [preauth]","@timestamp":"2022-09-11T13:39:21.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:39:57 honeypot-fra-1 sshd[32496]: Received disconnect from 61.177.172.98 port 31949:11:  [preauth]","@timestamp":"2022-09-11T13:39:57.833Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:41:48.484Z","@version":"1","message":"Sep 11 13:41:47 honeypot-sgp-1 sshd[6136]: Disconnected from authenticating user root 92.255.85.70 port 58402 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:44:58.562Z","@version":"1","message":"Sep 11 13:44:58 honeypot-sgp-1 kernel: [83780010.997553] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=16216 PROTO=TCP SPT=43566 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:46:57 honeypot-fra-1 kernel: [83778447.023922] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=47994 PROTO=TCP SPT=43566 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:46:57.989Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:47:39 honeypot-ams-1 sshd[10275]: Received disconnect from 92.255.85.70 port 56110:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:47:39.667Z"}
{"@timestamp":"2022-09-11T13:51:20.717Z","@version":"1","message":"Sep 11 13:51:20 honeypot-sgp-1 kernel: [83780392.962118] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=58831 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:53:44.778Z","@version":"1","message":"Sep 11 13:53:43 honeypot-sgp-1 kernel: [83780536.747241] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.194.198 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38871 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:53:52 honeypot-fra-1 sshd[32510]: Invalid user guest from 187.160.2.187 port 39440","@timestamp":"2022-09-11T13:53:53.142Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:57:01 honeypot-ams-1 kernel: [83781206.531800] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=13.233.174.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=51817 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:57:01.913Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:01:02 honeypot-ams-1 kernel: [83781447.662945] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.187.167.133 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=3069 DF PROTO=TCP SPT=46199 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:01:03.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:03:53 honeypot-ams-1 sshd[10282]: Disconnected from invalid user electrum 203.190.55.203 port 34989 [preauth]","@timestamp":"2022-09-11T14:03:54.096Z"}
{"@timestamp":"2022-09-11T14:04:24.037Z","@version":"1","message":"Sep 11 14:04:23 honeypot-sgp-1 kernel: [83781176.560953] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.41.8.254 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55289 PROTO=TCP SPT=43684 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:05:49 honeypot-fra-1 sshd[32521]: Did not receive identification string from 45.61.184.204 port 58152","@timestamp":"2022-09-11T14:05:50.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:26 honeypot-fra-1 sshd[32526]: Received disconnect from 45.61.184.204 port 56662:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:06:27.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:46 honeypot-fra-1 sshd[32530]: Received disconnect from 45.61.184.204 port 51670:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:06:47.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:07:05 honeypot-fra-1 sshd[32535]: Received disconnect from 45.61.184.204 port 46672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:07:06.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:08:30 honeypot-fra-1 sshd[32539]: Invalid user jrobinson from 203.190.153.19 port 43600","@timestamp":"2022-09-11T14:08:31.477Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:09:56 honeypot-fra-1 sshd[32545]: Received disconnect from 137.184.59.232 port 50812:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:09:56.510Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:10:06.177Z","@version":"1","message":"Sep 11 14:10:05 honeypot-sgp-1 sshd[6174]: Disconnected from authenticating user root 61.177.173.36 port 50612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:11:22 honeypot-ams-1 sshd[10289]: Invalid user test from 193.106.191.157 port 44062","@timestamp":"2022-09-11T14:11:23.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:13:53 honeypot-fra-1 sshd[32552]: Received disconnect from 134.209.179.100 port 39604:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:13:54.600Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:17:02.343Z","@version":"1","message":"Sep 11 14:17:01 honeypot-sgp-1 CRON[6181]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:17:01 honeypot-ams-1 CRON[10296]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T14:17:02.464Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:17:58 honeypot-fra-1 sshd[32561]: Received disconnect from 61.177.172.19 port 34050:11:  [preauth]","@timestamp":"2022-09-11T14:17:58.694Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:19:29 honeypot-ams-1 sshd[10300]: Disconnected from invalid user gateway 62.204.41.222 port 8746 [preauth]","@timestamp":"2022-09-11T14:19:30.531Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:23:14 honeypot-fra-1 sshd[32564]: Invalid user kdougherty from 165.22.45.108 port 39454","@timestamp":"2022-09-11T14:23:14.813Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:23:57.513Z","@version":"1","message":"Sep 11 14:23:56 honeypot-sgp-1 sshd[6187]: Disconnected from authenticating user root 61.177.173.50 port 20141 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:26:54 honeypot-fra-1 sshd[32569]: Received disconnect from 103.91.123.150 port 53860:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:26:54.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:32:09 honeypot-fra-1 sshd[32574]: Received disconnect from 61.177.173.36 port 11073:11:  [preauth]","@timestamp":"2022-09-11T14:32:10.015Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:49 honeypot-ams-1 sshd[10306]: Received disconnect from 182.105.189.1 port 39769:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:33:49.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:54 honeypot-ams-1 sshd[10310]: Disconnected from invalid user ubnt 182.105.189.1 port 39971 [preauth]","@timestamp":"2022-09-11T14:33:55.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:02 honeypot-ams-1 sshd[10316]: Disconnected from authenticating user root 182.105.189.1 port 40158 [preauth]","@timestamp":"2022-09-11T14:34:02.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:10 honeypot-ams-1 sshd[10322]: Disconnected from authenticating user root 182.105.189.1 port 40382 [preauth]","@timestamp":"2022-09-11T14:34:10.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:17 honeypot-ams-1 sshd[10328]: Disconnected from authenticating user root 182.105.189.1 port 40568 [preauth]","@timestamp":"2022-09-11T14:34:17.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:17 honeypot-fra-1 sshd[32583]: Did not receive identification string from 45.61.184.204 port 51484","@timestamp":"2022-09-11T14:34:18.067Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:23 honeypot-ams-1 sshd[10334]: Disconnected from authenticating user root 182.105.189.1 port 40737 [preauth]","@timestamp":"2022-09-11T14:34:23.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:30 honeypot-ams-1 sshd[10340]: Disconnected from authenticating user root 182.105.189.1 port 40896 [preauth]","@timestamp":"2022-09-11T14:34:30.988Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:38 honeypot-ams-1 sshd[10346]: Disconnected from authenticating user root 182.105.189.1 port 41070 [preauth]","@timestamp":"2022-09-11T14:34:38.994Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:39 honeypot-fra-1 sshd[32586]: Disconnected from invalid user user 45.61.184.204 port 57776 [preauth]","@timestamp":"2022-09-11T14:34:40.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:46 honeypot-ams-1 sshd[10352]: Disconnected from authenticating user root 182.105.189.1 port 41277 [preauth]","@timestamp":"2022-09-11T14:34:46.998Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:53 honeypot-ams-1 sshd[10358]: Disconnected from authenticating user root 182.105.189.1 port 41475 [preauth]","@timestamp":"2022-09-11T14:34:54.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:58 honeypot-ams-1 sshd[10366]: Disconnected from authenticating user root 92.255.85.69 port 60464 [preauth]","@timestamp":"2022-09-11T14:34:59.007Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:59 honeypot-fra-1 sshd[32590]: Disconnected from invalid user user 45.61.184.204 port 53366 [preauth]","@timestamp":"2022-09-11T14:35:00.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:05 honeypot-ams-1 sshd[10370]: Disconnected from authenticating user root 182.105.189.1 port 41770 [preauth]","@timestamp":"2022-09-11T14:35:06.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:12 honeypot-ams-1 sshd[10376]: Disconnected from authenticating user root 182.105.189.1 port 41970 [preauth]","@timestamp":"2022-09-11T14:35:13.032Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:35:17 honeypot-fra-1 sshd[32594]: Disconnected from invalid user user 45.61.184.204 port 48966 [preauth]","@timestamp":"2022-09-11T14:35:18.094Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:20 honeypot-ams-1 sshd[10382]: Invalid user admin from 182.105.189.1 port 42148","@timestamp":"2022-09-11T14:35:21.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:27 honeypot-ams-1 sshd[10386]: Invalid user admin from 182.105.189.1 port 42319","@timestamp":"2022-09-11T14:35:28.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:31 honeypot-ams-1 sshd[10390]: Invalid user admin from 182.105.189.1 port 42453","@timestamp":"2022-09-11T14:35:32.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:35 honeypot-ams-1 sshd[10394]: Invalid user admin from 182.105.189.1 port 42559","@timestamp":"2022-09-11T14:35:36.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:39 honeypot-ams-1 sshd[10398]: Invalid user admin from 182.105.189.1 port 42655","@timestamp":"2022-09-11T14:35:40.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:44 honeypot-ams-1 sshd[10402]: Received disconnect from 182.105.189.1 port 42766:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:45.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:48 honeypot-ams-1 sshd[10406]: Disconnected from invalid user pi 182.105.189.1 port 42865 [preauth]","@timestamp":"2022-09-11T14:35:49.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:53 honeypot-ams-1 sshd[10410]: Disconnected from invalid user user 182.105.189.1 port 42995 [preauth]","@timestamp":"2022-09-11T14:35:54.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:58 honeypot-ams-1 sshd[10414]: Disconnected from invalid user mine 182.105.189.1 port 43125 [preauth]","@timestamp":"2022-09-11T14:35:59.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:06 honeypot-ams-1 sshd[10418]: Disconnected from invalid user xbmc 182.105.189.1 port 43319 [preauth]","@timestamp":"2022-09-11T14:36:07.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:13 honeypot-ams-1 sshd[10422]: Disconnected from invalid user oracle 182.105.189.1 port 43419 [preauth]","@timestamp":"2022-09-11T14:36:14.069Z"}
{"@timestamp":"2022-09-11T14:36:17.810Z","@version":"1","message":"Sep 11 14:36:17 honeypot-sgp-1 sshd[6198]: Received disconnect from 61.177.173.35 port 21707:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:19 honeypot-ams-1 sshd[10426]: Disconnected from invalid user postgres 182.105.189.1 port 43631 [preauth]","@timestamp":"2022-09-11T14:36:20.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:23 honeypot-ams-1 sshd[10430]: Disconnected from invalid user support 182.105.189.1 port 43733 [preauth]","@timestamp":"2022-09-11T14:36:24.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:30 honeypot-ams-1 sshd[10434]: Disconnected from invalid user ubuntu 182.105.189.1 port 43835 [preauth]","@timestamp":"2022-09-11T14:36:30.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:34 honeypot-ams-1 sshd[10438]: Disconnected from invalid user ubuntu 182.105.189.1 port 44001 [preauth]","@timestamp":"2022-09-11T14:36:35.085Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:40 honeypot-ams-1 sshd[10442]: Disconnected from invalid user guest 182.105.189.1 port 44155 [preauth]","@timestamp":"2022-09-11T14:36:41.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:46 honeypot-ams-1 sshd[10446]: Disconnected from invalid user cirros 182.105.189.1 port 44311 [preauth]","@timestamp":"2022-09-11T14:36:47.092Z"}
{"@timestamp":"2022-09-11T14:43:46.008Z","@version":"1","message":"Sep 11 14:43:45 honeypot-sgp-1 sshd[6204]: Received disconnect from 115.246.237.179 port 41011:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:13 honeypot-ams-1 sshd[10452]: Received disconnect from 45.61.186.49 port 41868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:44:14.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:23 honeypot-ams-1 sshd[10456]: Received disconnect from 45.61.186.49 port 53364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:44:24.287Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:45:36 honeypot-ams-1 kernel: [83784121.579960] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.75.21.236 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=51781 PROTO=TCP SPT=56795 DPT=443 WINDOW=62966 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:45:36.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:45:40 honeypot-fra-1 kernel: [83781970.231215] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=220.198.240.178 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=11919 DF PROTO=TCP SPT=5124 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:45:41.324Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T14:45:54.062Z","@version":"1","message":"Sep 11 14:45:53 honeypot-sgp-1 sshd[6210]: Invalid user owncloud from 175.118.152.100 port 45013","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T14:51:39.201Z","@version":"1","message":"Sep 11 14:51:38 honeypot-sgp-1 sshd[6213]: Disconnected from authenticating user root 61.177.173.37 port 22656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:51:59 honeypot-fra-1 sshd[32607]: Invalid user postgres from 141.98.10.158 port 42732","@timestamp":"2022-09-11T14:52:00.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:55:02 honeypot-fra-1 sshd[32613]: Disconnected from authenticating user root 159.223.74.125 port 42556 [preauth]","@timestamp":"2022-09-11T14:55:03.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:56:41 honeypot-fra-1 sshd[32618]: Disconnected from invalid user kehuceshi 165.22.45.108 port 44458 [preauth]","@timestamp":"2022-09-11T14:56:41.576Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:58:16.360Z","@version":"1","message":"Sep 11 14:58:16 honeypot-sgp-1 kernel: [83784409.165119] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=37414 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:58:38 honeypot-ams-1 sshd[10464]: Disconnected from authenticating user root 111.67.200.73 port 58662 [preauth]","@timestamp":"2022-09-11T14:58:39.657Z"}
{"@timestamp":"2022-09-11T15:01:35.442Z","@version":"1","message":"Sep 11 15:01:34 honeypot-sgp-1 sshd[6229]: Received disconnect from 45.61.186.249 port 48980:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:01:53.451Z","@version":"1","message":"Sep 11 15:01:53 honeypot-sgp-1 sshd[6233]: Received disconnect from 45.61.186.249 port 43654:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:02:12.461Z","@version":"1","message":"Sep 11 15:02:11 honeypot-sgp-1 sshd[6237]: Received disconnect from 45.61.186.249 port 38370:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:04:38 honeypot-fra-1 sshd[32624]: Disconnected from authenticating user root 61.177.172.108 port 27262 [preauth]","@timestamp":"2022-09-11T15:04:39.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:05:47 honeypot-ams-1 sshd[10469]: Connection closed by invalid user admin 99.97.212.80 port 56281 [preauth]","@timestamp":"2022-09-11T15:05:47.844Z"}
{"@timestamp":"2022-09-11T15:06:35.584Z","@version":"1","message":"Sep 11 15:06:35 honeypot-sgp-1 kernel: [83784908.007244] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.225.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=35899 PROTO=TCP SPT=43349 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:08:13 honeypot-fra-1 kernel: [83783323.715832] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.225.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28370 PROTO=TCP SPT=43349 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:08:14.837Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T15:09:25.654Z","@version":"1","message":"Sep 11 15:09:25 honeypot-sgp-1 sshd[6251]: Invalid user guest from 187.160.2.187 port 48449","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:13:03.742Z","@version":"1","message":"Sep 11 15:13:03 honeypot-sgp-1 sshd[6255]: Disconnected from invalid user db2inst 96.78.175.36 port 46612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:15:13 honeypot-ams-1 sshd[10474]: Invalid user user1 from 103.188.176.251 port 45242","@timestamp":"2022-09-11T15:15:14.087Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:15:18 honeypot-fra-1 sshd[32638]: Disconnected from invalid user sbot 147.182.210.165 port 53498 [preauth]","@timestamp":"2022-09-11T15:15:18.994Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:17:01.840Z","@version":"1","message":"Sep 11 15:17:01 honeypot-sgp-1 CRON[6261]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:17:37 honeypot-ams-1 sshd[10480]: Connection closed by invalid user test 193.106.191.157 port 55996 [preauth]","@timestamp":"2022-09-11T15:17:38.153Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:18:51 honeypot-fra-1 sshd[32645]: Disconnected from authenticating user root 92.255.85.70 port 49576 [preauth]","@timestamp":"2022-09-11T15:18:52.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:22:55 honeypot-ams-1 kernel: [83786361.057711] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=28858 PROTO=TCP SPT=57654 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:22:56.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:24:35 honeypot-fra-1 kernel: [83784304.884830] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=42002 PROTO=TCP SPT=43495 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:24:35.206Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T15:25:59.055Z","@version":"1","message":"Sep 11 15:25:58 honeypot-sgp-1 kernel: [83786071.364073] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.149 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=50351 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:26:06 honeypot-ams-1 sshd[10487]: Disconnected from authenticating user root 103.42.57.139 port 36954 [preauth]","@timestamp":"2022-09-11T15:26:06.377Z"}
{"@timestamp":"2022-09-11T15:29:56.152Z","@version":"1","message":"Sep 11 15:29:55 honeypot-sgp-1 kernel: [83786308.114131] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=115.231.235.56 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=2829 PROTO=TCP SPT=48100 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:30:08 honeypot-fra-1 sshd[32662]: Invalid user keith1 from 165.22.45.108 port 49456","@timestamp":"2022-09-11T15:30:08.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:34:17 honeypot-fra-1 kernel: [83784887.104626] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.232.46.222 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=7350 PROTO=TCP SPT=49837 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:34:17.444Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:38:59 honeypot-fra-1 sshd[32671]: Invalid user test from 193.106.191.157 port 51838","@timestamp":"2022-09-11T15:38:59.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:39:22 honeypot-fra-1 sshd[32676]: Disconnected from invalid user kt 187.51.55.82 port 38879 [preauth]","@timestamp":"2022-09-11T15:39:22.561Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:39:39.384Z","@version":"1","message":"Sep 11 15:39:38 honeypot-sgp-1 sshd[6282]: Received disconnect from 92.255.85.70 port 25744:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:39:40 honeypot-ams-1 sshd[10563]: Invalid user test from 202.74.243.26 port 30072","@timestamp":"2022-09-11T15:39:40.720Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:43:51 honeypot-fra-1 kernel: [83785460.911579] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.50 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=47663 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:43:51.662Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:44:42 honeypot-ams-1 kernel: [83787667.682223] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=58830 PROTO=TCP SPT=2231 DPT=80 WINDOW=16631 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:44:42.857Z"}
{"@timestamp":"2022-09-11T15:45:38.528Z","@version":"1","message":"Sep 11 15:45:37 honeypot-sgp-1 kernel: [83787250.754354] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.71.254.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49066 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:47:59 honeypot-fra-1 sshd[32687]: Received disconnect from 93.189.11.246 port 59175:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:47:59.756Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:48:21.596Z","@version":"1","message":"Sep 11 15:48:20 honeypot-sgp-1 sshd[6293]: Invalid user debug from 51.79.164.95 port 50274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:53:49 honeypot-ams-1 kernel: [83788215.270093] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54053 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:53:50.087Z"}
{"@timestamp":"2022-09-11T15:54:56.752Z","@version":"1","message":"Sep 11 15:54:56 honeypot-sgp-1 sshd[6300]: Received disconnect from 188.6.162.76 port 53500:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:57:21 honeypot-fra-1 sshd[32693]: Received disconnect from 61.177.173.53 port 59885:11:  [preauth]","@timestamp":"2022-09-11T15:57:21.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:57:30.814Z","@version":"1","message":"Sep 11 15:57:29 honeypot-sgp-1 sshd[6305]: Disconnected from authenticating user root 61.177.173.35 port 64772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:01:57 honeypot-ams-1 sshd[10575]: Invalid user aker from 112.217.169.138 port 11196","@timestamp":"2022-09-11T16:01:58.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:03:25 honeypot-fra-1 sshd[32698]: Disconnected from invalid user keiv 165.22.45.108 port 54458 [preauth]","@timestamp":"2022-09-11T16:03:26.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:08:27 honeypot-ams-1 sshd[10580]: Received disconnect from 138.68.27.174 port 51815:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:08:27.469Z"}
{"@timestamp":"2022-09-11T16:12:21.182Z","@version":"1","message":"Sep 11 16:12:20 honeypot-sgp-1 kernel: [83788853.086129] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=221.2.155.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41755 PROTO=TCP SPT=51436 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:12:32 honeypot-ams-1 sshd[10584]: Disconnected from authenticating user root 27.1.253.142 port 46852 [preauth]","@timestamp":"2022-09-11T16:12:33.579Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:13:12 honeypot-fra-1 sshd[32703]: Connection closed by invalid user support 192.72.105.75 port 34208 [preauth]","@timestamp":"2022-09-11T16:13:13.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:18:29 honeypot-ams-1 kernel: [83789695.252459] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.66.78.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=62641 PROTO=TCP SPT=57161 DPT=80 WINDOW=61678 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:18:30.737Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:23:46 honeypot-fra-1 sshd[32710]: Connection closed by invalid user admin 220.86.33.251 port 37379 [preauth]","@timestamp":"2022-09-11T16:23:46.586Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T16:26:18.516Z","@version":"1","message":"Sep 11 16:26:17 honeypot-sgp-1 kernel: [83789690.323104] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=31.220.1.83 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=33054 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:31:01 honeypot-fra-1 kernel: [83788291.268679] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48931 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:31:01.763Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:31:38 honeypot-ams-1 sshd[10596]: Disconnected from authenticating user root 92.255.85.70 port 37562 [preauth]","@timestamp":"2022-09-11T16:31:38.086Z"}
{"@timestamp":"2022-09-11T16:33:39.693Z","@version":"1","message":"Sep 11 16:33:39 honeypot-sgp-1 sshd[6332]: Invalid user ubuntu from 204.131.249.226 port 59540","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T16:36:02.751Z","@version":"1","message":"Sep 11 16:36:02 honeypot-sgp-1 kernel: [83790275.159973] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=69.61.79.144 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=11030 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T16:43:01.918Z","@version":"1","message":"Sep 11 16:43:01 honeypot-sgp-1 sshd[6339]: Disconnected from invalid user ubnt 187.216.90.114 port 57128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:45:04 honeypot-fra-1 sshd[32719]: Invalid user test from 193.106.191.157 port 35272","@timestamp":"2022-09-11T16:45:05.073Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:47:29 honeypot-ams-1 kernel: [83791435.093201] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=518 PROTO=TCP SPT=54109 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:47:30.528Z"}
{"@timestamp":"2022-09-11T16:51:23.117Z","@version":"1","message":"Sep 11 16:51:22 honeypot-sgp-1 kernel: [83791195.225992] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.197.44 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60913 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:55:53 honeypot-ams-1 sshd[10604]: Received disconnect from 92.255.85.69 port 48128:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:55:53.750Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:56:55 honeypot-ams-1 kernel: [83792001.221002] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.62.170.160 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=64466 DF PROTO=TCP SPT=2120 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:56:56.781Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:00:41 honeypot-fra-1 kernel: [83790071.454043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.223.71.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55435 PROTO=TCP SPT=28237 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:00:42.418Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:02:10 honeypot-ams-1 sshd[10609]: Invalid user alexia from 192.241.243.84 port 52572","@timestamp":"2022-09-11T17:02:10.925Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:31 honeypot-fra-1 sshd[32729]: Did not receive identification string from 167.99.220.160 port 46532","@timestamp":"2022-09-11T17:02:32.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:41 honeypot-fra-1 sshd[32732]: Disconnected from invalid user user 141.255.162.226 port 39196 [preauth]","@timestamp":"2022-09-11T17:02:42.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:45 honeypot-fra-1 sshd[32736]: Disconnected from invalid user user 141.255.162.226 port 53274 [preauth]","@timestamp":"2022-09-11T17:02:46.471Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:06:35 honeypot-fra-1 sshd[32742]: Received disconnect from 45.61.186.169 port 57492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:06:36.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:06:53 honeypot-fra-1 sshd[32746]: Received disconnect from 45.61.186.169 port 52532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:06:53.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:10 honeypot-fra-1 sshd[32750]: Received disconnect from 45.61.186.169 port 47538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:07:10.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:26 honeypot-fra-1 sshd[32754]: Received disconnect from 45.61.186.169 port 42578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:07:26.588Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:09:01 honeypot-ams-1 CRON[10614]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T17:09:02.104Z"}
{"@timestamp":"2022-09-11T17:09:02.530Z","@version":"1","message":"Sep 11 17:09:01 honeypot-sgp-1 CRON[6356]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:09:48 honeypot-fra-1 sshd[32761]: Invalid user kelvin from 165.22.45.108 port 36208","@timestamp":"2022-09-11T17:09:49.641Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:13:16.634Z","@version":"1","message":"Sep 11 17:13:15 honeypot-sgp-1 sshd[6362]: Invalid user user from 45.61.187.160 port 54338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:35.644Z","@version":"1","message":"Sep 11 17:13:35 honeypot-sgp-1 sshd[6366]: Invalid user user from 45.61.187.160 port 49052","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:53.653Z","@version":"1","message":"Sep 11 17:13:53 honeypot-sgp-1 sshd[6370]: Invalid user user from 45.61.187.160 port 43774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:14:10.662Z","@version":"1","message":"Sep 11 17:14:10 honeypot-sgp-1 sshd[6375]: Invalid user user from 45.61.187.160 port 38504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:14:24 honeypot-fra-1 sshd[745]: Invalid user user from 167.99.220.160 port 56718","@timestamp":"2022-09-11T17:14:24.743Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:37 honeypot-ams-1 sshd[10619]: Disconnected from invalid user user 45.61.186.49 port 44608 [preauth]","@timestamp":"2022-09-11T17:14:38.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:47 honeypot-ams-1 sshd[10623]: Disconnected from invalid user user 45.61.186.49 port 56362 [preauth]","@timestamp":"2022-09-11T17:14:48.254Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:16:55 honeypot-fra-1 sshd[750]: Invalid user test2 from 92.255.85.70 port 63044","@timestamp":"2022-09-11T17:16:55.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:17:01 honeypot-ams-1 CRON[10627]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T17:17:02.315Z"}
{"@timestamp":"2022-09-11T17:17:02.730Z","@version":"1","message":"Sep 11 17:17:01 honeypot-sgp-1 CRON[6379]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:17:51 honeypot-fra-1 kernel: [83791101.532936] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=83 PROTO=TCP SPT=50560 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:17:52.824Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:24:02.894Z","@version":"1","message":"Sep 11 17:24:02 honeypot-sgp-1 kernel: [83793154.921148] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=64010 PROTO=TCP SPT=40209 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:28:07 honeypot-ams-1 sshd[10633]: Connection closed by invalid user support 78.127.125.41 port 50694 [preauth]","@timestamp":"2022-09-11T17:28:07.601Z"}
{"@timestamp":"2022-09-11T17:28:54.010Z","@version":"1","message":"Sep 11 17:28:53 honeypot-sgp-1 sshd[6390]: Connection closed by invalid user support 203.64.153.68 port 52055 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:30:47 honeypot-ams-1 sshd[10639]: Disconnected from invalid user user 45.61.187.160 port 35812 [preauth]","@timestamp":"2022-09-11T17:30:48.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:30:57 honeypot-fra-1 sshd[758]: Connection closed by invalid user admin 128.199.160.207 port 57014 [preauth]","@timestamp":"2022-09-11T17:30:58.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:09 honeypot-ams-1 sshd[10643]: Disconnected from invalid user user 45.61.187.160 port 59208 [preauth]","@timestamp":"2022-09-11T17:31:10.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:29 honeypot-ams-1 sshd[10647]: Disconnected from invalid user user 45.61.187.160 port 54368 [preauth]","@timestamp":"2022-09-11T17:31:29.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:47 honeypot-ams-1 sshd[10651]: Received disconnect from 45.61.187.160 port 49530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:31:48.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:35:57 honeypot-fra-1 kernel: [83792187.323106] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.68.37 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=28820 DF PROTO=TCP SPT=60364 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:35:58.223Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:37:57.221Z","@version":"1","message":"Sep 11 17:37:56 honeypot-sgp-1 sshd[6397]: Disconnected from invalid user test2 92.255.85.69 port 51132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:39:48 honeypot-fra-1 sshd[767]: Received disconnect from 92.255.85.70 port 27642:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:39:48.310Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:42:18 honeypot-ams-1 sshd[10656]: Received disconnect from 186.101.16.90 port 49837:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:42:18.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:42:54 honeypot-ams-1 sshd[10660]: Received disconnect from 92.255.85.69 port 41196:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:42:54.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:43:13 honeypot-fra-1 sshd[772]: Disconnected from invalid user ken 165.22.45.108 port 41024 [preauth]","@timestamp":"2022-09-11T17:43:13.388Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:50:23.527Z","@version":"1","message":"Sep 11 17:50:22 honeypot-sgp-1 sshd[6404]: Invalid user admin from 178.128.125.205 port 31300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:51:05 honeypot-ams-1 kernel: [83795250.727323] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.251.9.244 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=50 ID=10938 DF PROTO=TCP SPT=60212 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:51:06.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:51:12 honeypot-fra-1 sshd[779]: Invalid user test from 193.106.191.157 port 47038","@timestamp":"2022-09-11T17:51:12.566Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:51:52.564Z","@version":"1","message":"Sep 11 17:51:52 honeypot-sgp-1 sshd[6408]: Disconnected from invalid user fedora 210.245.111.33 port 55724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:55:29 honeypot-ams-1 kernel: [83795514.485810] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34930 PROTO=TCP SPT=48575 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:55:29.320Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:31 honeypot-fra-1 sshd[785]: Disconnected from invalid user user 141.255.162.226 port 52570 [preauth]","@timestamp":"2022-09-11T17:55:31.665Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:33 honeypot-fra-1 sshd[789]: Disconnected from invalid user user 141.255.162.226 port 37572 [preauth]","@timestamp":"2022-09-11T17:55:34.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:37 honeypot-fra-1 sshd[793]: Disconnected from invalid user user 141.255.162.226 port 50816 [preauth]","@timestamp":"2022-09-11T17:55:38.670Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:57:10.694Z","@version":"1","message":"Sep 11 17:57:09 honeypot-sgp-1 sshd[6415]: Received disconnect from 132.148.75.125 port 47690:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:58:26.727Z","@version":"1","message":"Sep 11 17:58:26 honeypot-sgp-1 sshd[6420]: Disconnected from authenticating user root 132.148.75.125 port 47932 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:00:15 honeypot-ams-1 sshd[10671]: Received disconnect from 178.217.102.225 port 57084:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:00:15.447Z"}
{"@timestamp":"2022-09-11T18:00:21.777Z","@version":"1","message":"Sep 11 18:00:21 honeypot-sgp-1 sshd[6426]: Disconnected from authenticating user root 132.148.75.125 port 59756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:01:14.802Z","@version":"1","message":"Sep 11 18:01:14 honeypot-sgp-1 kernel: [83795386.650358] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=33457 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:02:21.834Z","@version":"1","message":"Sep 11 18:02:21 honeypot-sgp-1 sshd[6434]: Disconnected from authenticating user root 132.148.75.125 port 51648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:03:36 honeypot-fra-1 kernel: [83793846.130183] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=58372 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:03:36.850Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:03:38 honeypot-ams-1 sshd[10676]: Received disconnect from 134.17.17.32 port 32879:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:03:38.535Z"}
{"@timestamp":"2022-09-11T18:04:22.916Z","@version":"1","message":"Sep 11 18:04:21 honeypot-sgp-1 sshd[6441]: Received disconnect from 132.148.75.125 port 49558:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:06:20.968Z","@version":"1","message":"Sep 11 18:06:20 honeypot-sgp-1 sshd[6447]: Received disconnect from 132.148.75.125 port 41434:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:08:23.022Z","@version":"1","message":"Sep 11 18:08:22 honeypot-sgp-1 sshd[6453]: Received disconnect from 132.148.75.125 port 38632:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:10:31.077Z","@version":"1","message":"Sep 11 18:10:30 honeypot-sgp-1 sshd[6460]: Received disconnect from 132.148.75.125 port 41218:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:10:57 honeypot-fra-1 sshd[799]: Connection closed by invalid user admin 141.98.10.158 port 53782 [preauth]","@timestamp":"2022-09-11T18:10:58.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:11:12 honeypot-ams-1 kernel: [83796457.783356] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.251.9.244 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2770 DF PROTO=TCP SPT=60358 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:11:12.729Z"}
{"@timestamp":"2022-09-11T18:12:12.139Z","@version":"1","message":"Sep 11 18:12:11 honeypot-sgp-1 kernel: [83796044.588649] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=17570 PROTO=TCP SPT=57501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:13:49.182Z","@version":"1","message":"Sep 11 18:13:48 honeypot-sgp-1 sshd[6470]: Disconnected from authenticating user root 132.148.75.125 port 36844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:15:40 honeypot-ams-1 kernel: [83796725.574002] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64175 PROTO=TCP SPT=59203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:15:40.848Z"}
{"@timestamp":"2022-09-11T18:15:51.236Z","@version":"1","message":"Sep 11 18:15:50 honeypot-sgp-1 sshd[6477]: Received disconnect from 132.148.75.125 port 59278:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:15:54 honeypot-fra-1 kernel: [83794583.517865] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49014 PROTO=TCP SPT=59203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:15:54.128Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:16:07.244Z","@version":"1","message":"Sep 11 18:16:06 honeypot-sgp-1 sshd[6482]: Invalid user user from 141.255.162.226 port 40108","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:11.246Z","@version":"1","message":"Sep 11 18:16:10 honeypot-sgp-1 sshd[6484]: Invalid user user from 141.255.162.226 port 59740","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:31.256Z","@version":"1","message":"Sep 11 18:16:31 honeypot-sgp-1 sshd[6492]: Disconnected from authenticating user root 132.148.75.125 port 48478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:17:51.288Z","@version":"1","message":"Sep 11 18:17:50 honeypot-sgp-1 sshd[6499]: Disconnected from authenticating user root 132.148.75.125 port 52282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:19:50 honeypot-ams-1 sshd[10687]: Received disconnect from 212.205.99.56 port 39510:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:19:50.958Z"}
{"@timestamp":"2022-09-11T18:19:55.344Z","@version":"1","message":"Sep 11 18:19:54 honeypot-sgp-1 sshd[6506]: Received disconnect from 132.148.75.125 port 49294:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:20:42 honeypot-ams-1 sshd[10690]: Disconnected from invalid user batch 103.253.175.10 port 41556 [preauth]","@timestamp":"2022-09-11T18:20:42.984Z"}
{"@timestamp":"2022-09-11T18:22:06.400Z","@version":"1","message":"Sep 11 18:22:06 honeypot-sgp-1 sshd[6512]: Received disconnect from 132.148.75.125 port 56010:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:23:53.447Z","@version":"1","message":"Sep 11 18:23:52 honeypot-sgp-1 sshd[6518]: Invalid user contador from 92.255.85.69 port 21270","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:24:01 honeypot-ams-1 sshd[10694]: Disconnected from authenticating user root 50.193.220.21 port 60962 [preauth]","@timestamp":"2022-09-11T18:24:02.071Z"}
{"@timestamp":"2022-09-11T18:24:49.473Z","@version":"1","message":"Sep 11 18:24:48 honeypot-sgp-1 sshd[6523]: Received disconnect from 132.148.75.125 port 39258:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:26:44 honeypot-fra-1 sshd[813]: Invalid user contador from 92.255.85.70 port 23596","@timestamp":"2022-09-11T18:26:45.366Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:26:53.528Z","@version":"1","message":"Sep 11 18:26:52 honeypot-sgp-1 sshd[6530]: Received disconnect from 132.148.75.125 port 37520:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:28:58.582Z","@version":"1","message":"Sep 11 18:28:57 honeypot-sgp-1 sshd[6536]: Received disconnect from 132.148.75.125 port 38028:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:31:00.634Z","@version":"1","message":"Sep 11 18:31:00 honeypot-sgp-1 sshd[6543]: Received disconnect from 132.148.75.125 port 34172:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:31:54 honeypot-fra-1 sshd[816]: Disconnected from authenticating user root 43.132.240.51 port 53464 [preauth]","@timestamp":"2022-09-11T18:31:55.482Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:33:08.688Z","@version":"1","message":"Sep 11 18:33:08 honeypot-sgp-1 sshd[6549]: Received disconnect from 132.148.75.125 port 37740:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:34:35.727Z","@version":"1","message":"Sep 11 18:34:34 honeypot-sgp-1 sshd[6553]: Disconnected from authenticating user root 132.148.75.125 port 49268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:34:47 honeypot-fra-1 sshd[824]: Disconnected from invalid user temp 211.45.162.52 port 51472 [preauth]","@timestamp":"2022-09-11T18:34:48.553Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:35:54 honeypot-ams-1 sshd[10700]: Connection closed by invalid user test 193.106.191.157 port 35012 [preauth]","@timestamp":"2022-09-11T18:35:55.378Z"}
{"@timestamp":"2022-09-11T18:36:38.780Z","@version":"1","message":"Sep 11 18:36:38 honeypot-sgp-1 sshd[6560]: Received disconnect from 132.148.75.125 port 44034:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:38:42.834Z","@version":"1","message":"Sep 11 18:38:42 honeypot-sgp-1 sshd[6566]: Received disconnect from 132.148.75.125 port 39866:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:40:48.887Z","@version":"1","message":"Sep 11 18:40:48 honeypot-sgp-1 sshd[6572]: Received disconnect from 132.148.75.125 port 39880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:41:36 honeypot-ams-1 kernel: [83798281.634227] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.145.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=36524 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:41:36.521Z"}
{"@timestamp":"2022-09-11T18:42:11.922Z","@version":"1","message":"Sep 11 18:42:11 honeypot-sgp-1 sshd[6579]: Received disconnect from 132.148.75.125 port 47428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:43:05.945Z","@version":"1","message":"Sep 11 18:43:05 honeypot-sgp-1 sshd[6582]: Connection closed by 154.89.5.123 port 33648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:43:34 honeypot-ams-1 sshd[10710]: Disconnected from invalid user raymon 167.71.142.220 port 54556 [preauth]","@timestamp":"2022-09-11T18:43:35.574Z"}
{"@timestamp":"2022-09-11T18:44:59.993Z","@version":"1","message":"Sep 11 18:44:59 honeypot-sgp-1 sshd[6590]: Disconnected from authenticating user root 132.148.75.125 port 40808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:46:06 honeypot-fra-1 kernel: [83796396.175936] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=41843 PROTO=TCP SPT=43799 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:46:07.806Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:47:08.047Z","@version":"1","message":"Sep 11 18:47:07 honeypot-sgp-1 sshd[6597]: Disconnected from authenticating user root 132.148.75.125 port 41244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:47:13 honeypot-ams-1 sshd[10715]: Disconnected from authenticating user root 109.227.63.3 port 34731 [preauth]","@timestamp":"2022-09-11T18:47:13.671Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:49:09 honeypot-ams-1 kernel: [83798734.600667] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=36950 PROTO=TCP SPT=57968 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:49:09.725Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:49:33 honeypot-fra-1 sshd[837]: Disconnected from invalid user kenneth.heslop 165.22.45.108 port 50616 [preauth]","@timestamp":"2022-09-11T18:49:33.882Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:37 honeypot-ams-1 sshd[10722]: Invalid user user from 45.61.184.204 port 40794","@timestamp":"2022-09-11T18:51:37.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:58 honeypot-ams-1 sshd[10726]: Invalid user user from 45.61.184.204 port 36346","@timestamp":"2022-09-11T18:51:58.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:16 honeypot-ams-1 sshd[10731]: Invalid user user from 45.61.184.204 port 60126","@timestamp":"2022-09-11T18:52:17.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:33 honeypot-ams-1 sshd[10735]: Received disconnect from 92.255.85.69 port 63002:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:52:33.824Z"}
{"@timestamp":"2022-09-11T18:52:40.182Z","@version":"1","message":"Sep 11 18:52:40 honeypot-sgp-1 kernel: [83798472.724332] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=47883 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:54:59 honeypot-fra-1 kernel: [83796928.887595] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=220.191.185.242 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=44 ID=36490 DF PROTO=TCP SPT=6778 DPT=5432 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:55:00.003Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:59:06 honeypot-ams-1 sshd[10739]: Disconnected from invalid user django 39.118.192.135 port 52310 [preauth]","@timestamp":"2022-09-11T18:59:06.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:24 honeypot-fra-1 sshd[849]: Received disconnect from 45.61.184.204 port 45714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:00:25.128Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:47 honeypot-fra-1 sshd[853]: Received disconnect from 45.61.184.204 port 42066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:00:48.138Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:01:07 honeypot-fra-1 sshd[858]: Received disconnect from 45.61.184.204 port 38424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:01:08.147Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:01:27 honeypot-fra-1 sshd[863]: Received disconnect from 45.61.184.204 port 34762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:01:28.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:06:18.505Z","@version":"1","message":"Sep 11 19:06:17 honeypot-sgp-1 sshd[6608]: Did not receive identification string from 141.255.162.226 port 52400","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:41.517Z","@version":"1","message":"Sep 11 19:06:40 honeypot-sgp-1 sshd[6613]: Received disconnect from 141.255.162.226 port 47302:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:42.518Z","@version":"1","message":"Sep 11 19:06:42 honeypot-sgp-1 sshd[6617]: Disconnected from invalid user user 141.255.162.226 port 44582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:08:28.560Z","@version":"1","message":"Sep 11 19:08:28 honeypot-sgp-1 kernel: [83799420.623102] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=32844 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:35 honeypot-ams-1 sshd[10747]: Invalid user user from 45.61.186.249 port 56916","@timestamp":"2022-09-11T19:08:36.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:54 honeypot-ams-1 sshd[10752]: Invalid user user from 45.61.186.249 port 51602","@timestamp":"2022-09-11T19:08:55.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:00 honeypot-ams-1 sshd[10756]: Did not receive identification string from 222.228.6.98 port 34682","@timestamp":"2022-09-11T19:09:01.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:12 honeypot-ams-1 sshd[10759]: Disconnected from invalid user user 45.61.186.249 port 46280 [preauth]","@timestamp":"2022-09-11T19:09:12.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:28 honeypot-ams-1 sshd[10763]: Disconnected from invalid user user 45.61.186.249 port 40948 [preauth]","@timestamp":"2022-09-11T19:09:29.268Z"}
{"@timestamp":"2022-09-11T19:10:38.613Z","@version":"1","message":"Sep 11 19:10:38 honeypot-sgp-1 sshd[6624]: Received disconnect from 92.255.85.70 port 60320:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:14:12 honeypot-fra-1 sshd[867]: Received disconnect from 92.255.85.70 port 58266:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:14:13.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:16:03 honeypot-ams-1 sshd[10771]: Disconnected from authenticating user root 92.255.85.69 port 41000 [preauth]","@timestamp":"2022-09-11T19:16:04.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:17:01 honeypot-fra-1 CRON[871]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T19:17:02.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:19:20.828Z","@version":"1","message":"Sep 11 19:19:20 honeypot-sgp-1 sshd[6630]: Did not receive identification string from 198.98.61.9 port 44678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:19:41.839Z","@version":"1","message":"Sep 11 19:19:41 honeypot-sgp-1 sshd[6633]: Disconnected from invalid user km 170.210.46.4 port 47952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:19:53.845Z","@version":"1","message":"Sep 11 19:19:53 honeypot-sgp-1 sshd[6637]: Disconnected from invalid user user 198.98.61.9 port 58986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:11.854Z","@version":"1","message":"Sep 11 19:20:11 honeypot-sgp-1 sshd[6641]: Disconnected from invalid user user 198.98.61.9 port 53870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:28.861Z","@version":"1","message":"Sep 11 19:20:28 honeypot-sgp-1 sshd[6645]: Disconnected from invalid user user 198.98.61.9 port 48754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:22:38 honeypot-fra-1 sshd[880]: Invalid user kent from 165.22.45.108 port 55436","@timestamp":"2022-09-11T19:22:38.639Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:40 honeypot-fra-1 sshd[884]: Disconnected from invalid user user 198.98.61.9 port 39014 [preauth]","@timestamp":"2022-09-11T19:24:40.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:58 honeypot-fra-1 sshd[888]: Received disconnect from 198.98.61.9 port 34122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:24:58.697Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:14 honeypot-fra-1 sshd[892]: Received disconnect from 198.98.61.9 port 57466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:25:14.705Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:25:18 honeypot-ams-1 kernel: [83800903.477516] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.57.122.153 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58309 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:25:18.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:29 honeypot-fra-1 sshd[896]: Received disconnect from 198.98.61.9 port 52630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:25:29.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:29:35 honeypot-ams-1 sshd[10782]: Disconnected from authenticating user root 138.94.75.17 port 52548 [preauth]","@timestamp":"2022-09-11T19:29:36.792Z"}
{"@timestamp":"2022-09-11T19:36:45.245Z","@version":"1","message":"Sep 11 19:36:44 honeypot-sgp-1 sshd[6653]: Did not receive identification string from 198.98.61.9 port 36780","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:17.260Z","@version":"1","message":"Sep 11 19:37:16 honeypot-sgp-1 sshd[6656]: Disconnected from invalid user user 198.98.61.9 port 35862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:36.269Z","@version":"1","message":"Sep 11 19:37:36 honeypot-sgp-1 sshd[6660]: Disconnected from invalid user user 198.98.61.9 port 59470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:56.280Z","@version":"1","message":"Sep 11 19:37:55 honeypot-sgp-1 sshd[6664]: Disconnected from invalid user user 198.98.61.9 port 54846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:38:56 honeypot-fra-1 kernel: [83799566.089682] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=190.8.178.161 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=22339 DF PROTO=TCP SPT=35696 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:38:57.015Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:39:21 honeypot-ams-1 sshd[10787]: Received disconnect from 92.255.85.70 port 62104:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:39:22.054Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:44:40 honeypot-ams-1 kernel: [83802065.249493] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=37461 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:44:40.195Z"}
{"@timestamp":"2022-09-11T19:48:01.514Z","@version":"1","message":"Sep 11 19:48:01 honeypot-sgp-1 sshd[6670]: Invalid user guest from 165.100.191.248 port 1283","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:48:58 honeypot-ams-1 sshd[10796]: Received disconnect from 45.61.187.160 port 47938:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:48:58.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:17 honeypot-ams-1 sshd[10800]: Received disconnect from 45.61.187.160 port 42408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:49:18.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:34 honeypot-ams-1 sshd[10804]: Received disconnect from 45.61.187.160 port 36860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:49:35.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:52 honeypot-ams-1 sshd[10808]: Received disconnect from 45.61.187.160 port 59550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:49:53.339Z"}
{"@timestamp":"2022-09-11T19:55:09.677Z","@version":"1","message":"Sep 11 19:55:09 honeypot-sgp-1 sshd[6675]: Invalid user admin from 128.199.124.231 port 51292","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:55:53 honeypot-fra-1 sshd[906]: Invalid user Kepler from 165.22.45.108 port 60238","@timestamp":"2022-09-11T19:55:53.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[930]: Invalid user odoo from 34.71.244.4 port 56148","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[919]: Invalid user www from 34.71.244.4 port 56126","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[915]: Invalid user admin from 34.71.244.4 port 56456","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[922]: Connection closed by authenticating user root 34.71.244.4 port 56176 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[927]: Connection closed by authenticating user root 34.71.244.4 port 56462 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[928]: Connection closed by authenticating user root 34.71.244.4 port 56240 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[921]: Connection closed by invalid user user 34.71.244.4 port 56270 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[934]: Connection closed by invalid user www 34.71.244.4 port 56124 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:57:49 honeypot-ams-1 kernel: [83802854.559992] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10273 PROTO=TCP SPT=46160 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:57:49.544Z"}
{"@timestamp":"2022-09-11T19:59:30.779Z","@version":"1","message":"Sep 11 19:59:30 honeypot-sgp-1 kernel: [83802482.602933] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23069 PROTO=TCP SPT=46160 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:02:24 honeypot-fra-1 kernel: [83800974.157804] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.145.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55675 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:02:25.537Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:08:04 honeypot-ams-1 kernel: [83803469.803077] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=55031 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:08:04.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:08:18 honeypot-ams-1 sshd[10824]: Connection closed by invalid user admin 148.153.82.133 port 53442 [preauth]","@timestamp":"2022-09-11T20:08:18.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:17:15 honeypot-ams-1 sshd[10832]: Did not receive identification string from 154.89.5.78 port 54056","@timestamp":"2022-09-11T20:17:16.047Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:17:19 honeypot-fra-1 kernel: [83801868.578186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.222.252.92 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=17646 DF PROTO=TCP SPT=45021 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:17:19.865Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T20:20:39.274Z","@version":"1","message":"Sep 11 20:20:38 honeypot-sgp-1 kernel: [83803751.292894] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.233.20 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x60 TTL=53 ID=6309 DF PROTO=TCP SPT=41374 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:24:06 honeypot-fra-1 sshd[987]: Received disconnect from 92.255.85.70 port 34672:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:24:07.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:26:32 honeypot-ams-1 sshd[10840]: Disconnected from authenticating user root 92.255.85.69 port 62762 [preauth]","@timestamp":"2022-09-11T20:26:33.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:30:47 honeypot-fra-1 sshd[992]: Disconnected from invalid user Kepler 165.22.45.108 port 36838 [preauth]","@timestamp":"2022-09-11T20:30:48.187Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:32:30 honeypot-ams-1 kernel: [83804935.860132] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.94.123.234 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=58 ID=37019 PROTO=TCP SPT=61584 DPT=443 WINDOW=38392 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:32:31.453Z"}
{"@timestamp":"2022-09-11T20:37:49.672Z","@version":"1","message":"Sep 11 20:37:49 honeypot-sgp-1 sshd[6690]: Connection closed by 223.71.167.164 port 63145 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T20:42:29.783Z","@version":"1","message":"Sep 11 20:42:29 honeypot-sgp-1 sshd[6699]: Invalid user anna from 165.22.52.171 port 45738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:44:06 honeypot-fra-1 sshd[1001]: Connection closed by 67.207.95.230 port 45278 [preauth]","@timestamp":"2022-09-11T20:44:07.480Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:48:41 honeypot-ams-1 kernel: [83805907.066281] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=27515 PROTO=TCP SPT=1952 DPT=80 WINDOW=65377 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:48:41.875Z"}
{"@timestamp":"2022-09-11T20:50:47.974Z","@version":"1","message":"Sep 11 20:50:47 honeypot-sgp-1 sshd[6705]: Connection closed by invalid user xiejz 103.188.176.251 port 53494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:52:04 honeypot-fra-1 sshd[1008]: Connection closed by invalid user support 182.75.197.174 port 44000 [preauth]","@timestamp":"2022-09-11T20:52:04.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:53:55 honeypot-fra-1 sshd[1013]: Received disconnect from 45.61.184.204 port 60060:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T20:53:55.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:16 honeypot-fra-1 sshd[1017]: Received disconnect from 45.61.184.204 port 55686:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T20:54:16.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:36 honeypot-fra-1 sshd[1021]: Received disconnect from 45.61.184.204 port 51352:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T20:54:36.721Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T20:59:53.187Z","@version":"1","message":"Sep 11 20:59:52 honeypot-sgp-1 kernel: [83806105.436752] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=30965 DF PROTO=TCP SPT=45194 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:59:55 honeypot-ams-1 kernel: [83806580.608727] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.199.23 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=34581 PROTO=TCP SPT=31667 DPT=5432 WINDOW=65357 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:59:56.164Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:00:19 honeypot-fra-1 kernel: [83804448.995248] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=40552 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:00:20.850Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:11:21 honeypot-fra-1 sshd[1030]: Disconnected from authenticating user root 92.255.85.69 port 62316 [preauth]","@timestamp":"2022-09-11T21:11:22.095Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:11:49.461Z","@version":"1","message":"Sep 11 21:11:48 honeypot-sgp-1 kernel: [83806821.435006] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=42916 PROTO=TCP SPT=50004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:13:22 honeypot-ams-1 sshd[10858]: Disconnected from authenticating user root 92.255.85.69 port 53818 [preauth]","@timestamp":"2022-09-11T21:13:23.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:17:01 honeypot-fra-1 CRON[1035]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T21:17:02.222Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:17:01 honeypot-ams-1 CRON[10865]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T21:17:02.610Z"}
{"@timestamp":"2022-09-11T21:17:02.582Z","@version":"1","message":"Sep 11 21:17:01 honeypot-sgp-1 CRON[6716]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:26:04.788Z","@version":"1","message":"Sep 11 21:26:04 honeypot-sgp-1 sshd[6724]: Invalid user user from 45.61.186.49 port 49256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:26:14.792Z","@version":"1","message":"Sep 11 21:26:14 honeypot-sgp-1 sshd[6728]: Invalid user user from 45.61.186.49 port 32936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:26:32 honeypot-ams-1 kernel: [83808177.922280] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=38251 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:26:32.858Z"}
{"@timestamp":"2022-09-11T21:28:58.855Z","@version":"1","message":"Sep 11 21:28:58 honeypot-sgp-1 sshd[6731]: Disconnected from invalid user user 45.61.186.249 port 35076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:29:11 honeypot-fra-1 sshd[1046]: Connection closed by invalid user photos 141.98.10.158 port 36628 [preauth]","@timestamp":"2022-09-11T21:29:12.492Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:29:16.864Z","@version":"1","message":"Sep 11 21:29:16 honeypot-sgp-1 sshd[6735]: Disconnected from invalid user user 45.61.186.249 port 57564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:35.873Z","@version":"1","message":"Sep 11 21:29:35 honeypot-sgp-1 sshd[6740]: Received disconnect from 45.61.186.249 port 51884:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:44.878Z","@version":"1","message":"Sep 11 21:29:44 honeypot-sgp-1 sshd[6744]: Received disconnect from 45.61.186.249 port 34908:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:52.880Z","@version":"1","message":"Sep 11 21:29:52 honeypot-sgp-1 sshd[6748]: Received disconnect from 45.61.186.249 port 46180:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:30:01.885Z","@version":"1","message":"Sep 11 21:30:01 honeypot-sgp-1 sshd[6752]: Connection closed by invalid user user 45.61.186.49 port 38954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1062]: Invalid user steam from 13.229.182.132 port 24290","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1065]: Invalid user deploy from 13.229.182.132 port 24142","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1053]: Invalid user postgres from 13.229.182.132 port 24184","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1056]: Connection closed by authenticating user root 13.229.182.132 port 24190 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1069]: Connection closed by invalid user grid 13.229.182.132 port 24048 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1071]: Connection closed by invalid user chia 13.229.182.132 port 24206 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1073]: Invalid user mysql from 13.229.182.132 port 24072","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1075]: Connection closed by invalid user testuser 13.229.182.132 port 24240 [preauth]","@timestamp":"2022-09-11T21:31:17.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:38:30 honeypot-fra-1 kernel: [83806739.165158] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.116.185 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46949 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:38:30.713Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:42:06 honeypot-ams-1 kernel: [83809111.579216] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.17 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39148 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:42:07.273Z"}
{"@timestamp":"2022-09-11T21:43:52.198Z","@version":"1","message":"Sep 11 21:43:51 honeypot-sgp-1 kernel: [83808743.669707] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.105.172.64 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=11746 PROTO=TCP SPT=51182 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:45:11 honeypot-fra-1 sshd[1111]: Disconnected from invalid user mythtv 211.125.67.35 port 35554 [preauth]","@timestamp":"2022-09-11T21:45:11.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:51:39 honeypot-fra-1 sshd[1114]: Disconnected from invalid user jiu 138.68.178.64 port 35230 [preauth]","@timestamp":"2022-09-11T21:51:40.007Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:04 honeypot-ams-1 sshd[10882]: Disconnected from invalid user user 141.255.162.226 port 58132 [preauth]","@timestamp":"2022-09-11T21:55:05.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:08 honeypot-ams-1 sshd[10886]: Disconnected from invalid user user 141.255.162.226 port 33318 [preauth]","@timestamp":"2022-09-11T21:55:08.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:09 honeypot-ams-1 sshd[10890]: Disconnected from invalid user user 141.255.162.226 port 39648 [preauth]","@timestamp":"2022-09-11T21:55:10.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:56:56 honeypot-ams-1 sshd[10896]: Invalid user admin from 221.158.195.111 port 46681","@timestamp":"2022-09-11T21:56:56.658Z"}
{"@timestamp":"2022-09-11T22:02:41.629Z","@version":"1","message":"Sep 11 22:02:41 honeypot-sgp-1 kernel: [83809873.844601] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=10470 PROTO=TCP SPT=52144 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:07:52 honeypot-fra-1 sshd[1127]: Did not receive identification string from 45.61.186.49 port 43780","@timestamp":"2022-09-11T22:07:53.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:07 honeypot-fra-1 sshd[1130]: Disconnected from invalid user user 45.61.186.49 port 48340 [preauth]","@timestamp":"2022-09-11T22:08:08.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:18 honeypot-fra-1 sshd[1134]: Disconnected from invalid user user 45.61.186.49 port 60256 [preauth]","@timestamp":"2022-09-11T22:08:19.378Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:09:03 honeypot-ams-1 sshd[10902]: Received disconnect from 82.6.16.46 port 59050:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:09:03.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:12:30 honeypot-ams-1 sshd[10906]: Disconnected from authenticating user root 84.201.178.241 port 49290 [preauth]","@timestamp":"2022-09-11T22:12:31.088Z"}
{"@timestamp":"2022-09-11T22:16:13.936Z","@version":"1","message":"Sep 11 22:16:13 honeypot-sgp-1 sshd[6769]: Received disconnect from 94.110.108.120 port 34386:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:17:01 honeypot-ams-1 CRON[10911]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T22:17:02.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:17:29 honeypot-fra-1 sshd[1140]: Invalid user kettelson from 165.22.45.108 port 51354","@timestamp":"2022-09-11T22:17:29.583Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:18:47.996Z","@version":"1","message":"Sep 11 22:18:47 honeypot-sgp-1 sshd[6776]: Invalid user admin from 24.142.183.126 port 31530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:21:33 honeypot-ams-1 kernel: [83811478.804118] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34816 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:21:34.327Z"}
{"@timestamp":"2022-09-11T22:29:17.236Z","@version":"1","message":"Sep 11 22:29:16 honeypot-sgp-1 kernel: [83811468.637155] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.210.35 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=867 DF PROTO=TCP SPT=41028 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:31:47 honeypot-ams-1 sshd[10922]: Did not receive identification string from 80.76.51.46 port 42094","@timestamp":"2022-09-11T22:31:47.589Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:32:34 honeypot-ams-1 sshd[10927]: Disconnected from authenticating user root 80.76.51.46 port 51220 [preauth]","@timestamp":"2022-09-11T22:32:35.611Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:33:07 honeypot-fra-1 sshd[1149]: Disconnected from authenticating user root 189.195.123.54 port 55960 [preauth]","@timestamp":"2022-09-11T22:33:07.924Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:33:19 honeypot-ams-1 sshd[10933]: Disconnected from authenticating user root 80.76.51.46 port 45176 [preauth]","@timestamp":"2022-09-11T22:33:19.633Z"}
{"@timestamp":"2022-09-11T22:33:41.342Z","@version":"1","message":"Sep 11 22:33:41 honeypot-sgp-1 sshd[6786]: Received disconnect from 198.98.61.9 port 54472:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:33:47 honeypot-ams-1 sshd[10937]: Disconnected from authenticating user root 80.76.51.46 port 41362 [preauth]","@timestamp":"2022-09-11T22:33:47.648Z"}
{"@timestamp":"2022-09-11T22:34:02.351Z","@version":"1","message":"Sep 11 22:34:02 honeypot-sgp-1 sshd[6790]: Received disconnect from 198.98.61.9 port 49030:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:34:22.362Z","@version":"1","message":"Sep 11 22:34:22 honeypot-sgp-1 sshd[6795]: Received disconnect from 198.98.61.9 port 43580:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:30 honeypot-ams-1 sshd[10944]: Received disconnect from 80.76.51.46 port 35148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:30.670Z"}
{"@timestamp":"2022-09-11T22:34:37.369Z","@version":"1","message":"Sep 11 22:34:37 honeypot-sgp-1 sshd[6799]: Received disconnect from 198.98.61.9 port 38140:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:44 honeypot-fra-1 sshd[1155]: Received disconnect from 141.255.162.226 port 41028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:44.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:48 honeypot-fra-1 sshd[1159]: Received disconnect from 141.255.162.226 port 54248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:48.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:50 honeypot-fra-1 sshd[1163]: Received disconnect from 141.255.162.226 port 45846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:50.966Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:58 honeypot-ams-1 sshd[10948]: Received disconnect from 80.76.51.46 port 59406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:59.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:27 honeypot-ams-1 sshd[10952]: Received disconnect from 80.76.51.46 port 55370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:35:27.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:56 honeypot-ams-1 sshd[10956]: Received disconnect from 80.76.51.46 port 51510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:35:56.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:25 honeypot-ams-1 sshd[10960]: Received disconnect from 80.76.51.46 port 47430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:36:25.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:54 honeypot-ams-1 sshd[10964]: Disconnected from invalid user oracle 80.76.51.46 port 43412 [preauth]","@timestamp":"2022-09-11T22:36:54.746Z"}
{"@timestamp":"2022-09-11T22:37:27.437Z","@version":"1","message":"Sep 11 22:37:26 honeypot-sgp-1 sshd[6805]: Disconnected from invalid user ratequote 118.27.107.120 port 56650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:38 honeypot-ams-1 sshd[10970]: Received disconnect from 80.76.51.46 port 37394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:37:38.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:38:06 honeypot-ams-1 sshd[10974]: Disconnected from authenticating user root 80.76.51.46 port 33400 [preauth]","@timestamp":"2022-09-11T22:38:07.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:38:45 honeypot-fra-1 sshd[1168]: Disconnected from authenticating user root 41.93.33.2 port 45264 [preauth]","@timestamp":"2022-09-11T22:38:46.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1185]: Invalid user ubuntu from 147.135.252.17 port 49752","@timestamp":"2022-09-11T22:46:45.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1182]: Connection closed by authenticating user root 147.135.252.17 port 49708 [preauth]","@timestamp":"2022-09-11T22:46:45.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1185]: Connection closed by invalid user ubuntu 147.135.252.17 port 49752 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1187]: Connection closed by invalid user mysql 147.135.252.17 port 49704 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1190]: Invalid user admin from 147.135.252.17 port 49766","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1176]: Connection closed by invalid user ftpuser 147.135.252.17 port 49700 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1199]: Invalid user ansible from 147.135.252.17 port 49734","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1196]: Connection closed by invalid user admin 147.135.252.17 port 49724 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1198]: Connection closed by invalid user oracle 147.135.252.17 port 49720 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:46:48 honeypot-ams-1 sshd[10981]: Received disconnect from 92.255.85.70 port 45880:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:46:49.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:48:32 honeypot-fra-1 sshd[1232]: Received disconnect from 68.183.232.27 port 59752:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:48:32.275Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:52:15 honeypot-ams-1 kernel: [83813320.797933] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4328 PROTO=TCP SPT=50536 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:52:16.157Z"}
{"@timestamp":"2022-09-11T22:53:11.801Z","@version":"1","message":"Sep 11 22:53:10 honeypot-sgp-1 sshd[6886]: Disconnected from authenticating user root 93.153.192.254 port 38098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:56:36.884Z","@version":"1","message":"Sep 11 22:56:36 honeypot-sgp-1 sshd[6890]: Disconnected from authenticating user root 20.57.113.125 port 56434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:58:50 honeypot-ams-1 kernel: [83813715.466540] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=59965 PROTO=TCP SPT=58130 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:58:51.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:59:18 honeypot-fra-1 kernel: [83811587.047803] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=40140 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:59:18.515Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:00:11.970Z","@version":"1","message":"Sep 11 23:00:11 honeypot-sgp-1 sshd[6896]: Invalid user cpanelphppgadmin from 103.37.83.26 port 43018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:03:27 honeypot-fra-1 kernel: [83811835.791185] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=147.124.222.183 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44407 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:03:27.608Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:04:47.079Z","@version":"1","message":"Sep 11 23:04:46 honeypot-sgp-1 sshd[6913]: Received disconnect from 109.115.187.31 port 48538:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:06:27.148Z","@version":"1","message":"Sep 11 23:06:26 honeypot-sgp-1 kernel: [83813698.969100] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=147.124.222.183 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=48194 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:10:36 honeypot-ams-1 sshd[10989]: Disconnected from authenticating user root 92.255.85.69 port 33476 [preauth]","@timestamp":"2022-09-11T23:10:36.714Z"}
{"@timestamp":"2022-09-11T23:17:14.394Z","@version":"1","message":"Sep 11 23:17:13 honeypot-sgp-1 sshd[6931]: Disconnecting invalid user  185.246.130.20 port 58015: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:17:43.409Z","@version":"1","message":"Sep 11 23:17:42 honeypot-sgp-1 sshd[6945]: Disconnecting invalid user  185.246.130.20 port 24304: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:17:50 honeypot-fra-1 sshd[1252]: Invalid user git from 164.90.201.235 port 34592","@timestamp":"2022-09-11T23:17:50.921Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:18:26.428Z","@version":"1","message":"Sep 11 23:18:25 honeypot-sgp-1 sshd[6951]: Disconnecting invalid user admin 185.246.130.20 port 36142: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:18:48.438Z","@version":"1","message":"Sep 11 23:18:47 honeypot-sgp-1 sshd[6957]: Disconnecting invalid user manager 185.246.130.20 port 3076: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:25.454Z","@version":"1","message":"Sep 11 23:19:24 honeypot-sgp-1 sshd[6967]: Invalid user Admin from 185.246.130.20 port 42959","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:45.463Z","@version":"1","message":"Sep 11 23:19:45 honeypot-sgp-1 sshd[6973]: Invalid user user from 185.246.130.20 port 52868","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:18.479Z","@version":"1","message":"Sep 11 23:20:18 honeypot-sgp-1 sshd[6979]: Disconnecting invalid user blank 185.246.130.20 port 16990: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:50.494Z","@version":"1","message":"Sep 11 23:20:49 honeypot-sgp-1 sshd[6985]: Disconnecting invalid user 1234 185.246.130.20 port 20967: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:20.508Z","@version":"1","message":"Sep 11 23:21:19 honeypot-sgp-1 sshd[6993]: Invalid user cisco from 185.246.130.20 port 20638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:21:34 honeypot-fra-1 kernel: [83812923.482462] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=144.126.130.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14188 PROTO=TCP SPT=58484 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:21:35.022Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:21:43.517Z","@version":"1","message":"Sep 11 23:21:42 honeypot-sgp-1 sshd[6999]: Disconnecting authenticating user root 185.246.130.20 port 55599: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:08.529Z","@version":"1","message":"Sep 11 23:22:08 honeypot-sgp-1 sshd[7005]: Disconnecting invalid user adslroot 185.246.130.20 port 13407: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:32.541Z","@version":"1","message":"Sep 11 23:22:32 honeypot-sgp-1 sshd[7012]: Invalid user admin from 185.246.130.20 port 2923","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:01.554Z","@version":"1","message":"Sep 11 23:23:01 honeypot-sgp-1 sshd[7018]: Invalid user  from 185.246.130.20 port 8795","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:20 honeypot-ams-1 sshd[10997]: Disconnected from authenticating user root 85.31.46.45 port 39204 [preauth]","@timestamp":"2022-09-11T23:23:21.071Z"}
{"@timestamp":"2022-09-11T23:23:28.567Z","@version":"1","message":"Sep 11 23:23:28 honeypot-sgp-1 sshd[7024]: Disconnecting invalid user admin 185.246.130.20 port 2926: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:51.579Z","@version":"1","message":"Sep 11 23:23:50 honeypot-sgp-1 sshd[7030]: Disconnecting invalid user cusadmin 185.246.130.20 port 19779: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:53 honeypot-ams-1 sshd[11001]: Disconnected from invalid user test 85.31.46.45 port 35726 [preauth]","@timestamp":"2022-09-11T23:23:54.088Z"}
{"@timestamp":"2022-09-11T23:24:17.591Z","@version":"1","message":"Sep 11 23:24:16 honeypot-sgp-1 sshd[7037]: Disconnecting invalid user lgnortel 185.246.130.20 port 50650: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:24:47.605Z","@version":"1","message":"Sep 11 23:24:46 honeypot-sgp-1 sshd[7044]: Disconnecting invalid user admin 185.246.130.20 port 10879: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:30.626Z","@version":"1","message":"Sep 11 23:25:29 honeypot-sgp-1 sshd[7050]: Disconnecting invalid user matrix 185.246.130.20 port 61170: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:00.640Z","@version":"1","message":"Sep 11 23:25:59 honeypot-sgp-1 sshd[7056]: Disconnecting invalid user motorola 185.246.130.20 port 16340: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:32.655Z","@version":"1","message":"Sep 11 23:26:32 honeypot-sgp-1 sshd[7064]: Invalid user admin from 185.246.130.20 port 30591","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:02.670Z","@version":"1","message":"Sep 11 23:27:02 honeypot-sgp-1 sshd[7070]: Invalid user admin from 185.246.130.20 port 21091","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:33.685Z","@version":"1","message":"Sep 11 23:27:33 honeypot-sgp-1 sshd[7076]: Invalid user Shiko from 185.246.130.20 port 32078","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:04.700Z","@version":"1","message":"Sep 11 23:28:04 honeypot-sgp-1 sshd[7091]: Invalid user smcadmin from 185.246.130.20 port 54651","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:25.710Z","@version":"1","message":"Sep 11 23:28:25 honeypot-sgp-1 sshd[7097]: Received disconnect from 92.255.85.69 port 57862:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:44.719Z","@version":"1","message":"Sep 11 23:28:44 honeypot-sgp-1 sshd[7101]: Disconnecting invalid user smcadmin 185.246.130.20 port 42052: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:15.734Z","@version":"1","message":"Sep 11 23:29:14 honeypot-sgp-1 sshd[7107]: Disconnecting invalid user admin 185.246.130.20 port 5180: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:39.746Z","@version":"1","message":"Sep 11 23:29:39 honeypot-sgp-1 sshd[7114]: Disconnecting invalid user user 185.246.130.20 port 34015: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:20.766Z","@version":"1","message":"Sep 11 23:30:20 honeypot-sgp-1 sshd[7122]: Invalid user user from 185.246.130.20 port 40974","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:45.777Z","@version":"1","message":"Sep 11 23:30:45 honeypot-sgp-1 kernel: [83815157.346211] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=338 DF PROTO=TCP SPT=59029 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:31:08.789Z","@version":"1","message":"Sep 11 23:31:08 honeypot-sgp-1 kernel: [83815180.799995] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=14615 PROTO=TCP SPT=58738 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:31:11 honeypot-fra-1 kernel: [83813500.555265] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43862 PROTO=TCP SPT=40276 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:31:12.232Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:31:35.803Z","@version":"1","message":"Sep 11 23:31:35 honeypot-sgp-1 sshd[7136]: Received disconnect from 197.248.7.238 port 51968:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:32:10.819Z","@version":"1","message":"Sep 11 23:32:10 honeypot-sgp-1 sshd[7142]: Invalid user admin from 185.246.130.20 port 32440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:32:51 honeypot-fra-1 sshd[1263]: Received disconnect from 45.61.184.204 port 32978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:32:51.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:10 honeypot-fra-1 sshd[1267]: Received disconnect from 45.61.184.204 port 56366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:33:10.301Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:27 honeypot-fra-1 sshd[1271]: Received disconnect from 45.61.184.204 port 51514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:33:28.310Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:33:29.852Z","@version":"1","message":"Sep 11 23:33:28 honeypot-sgp-1 sshd[7148]: Received disconnect from 70.37.75.157 port 42520:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:44 honeypot-fra-1 sshd[1275]: Received disconnect from 45.61.184.204 port 46656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:33:44.317Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:37:16.941Z","@version":"1","message":"Sep 11 23:37:16 honeypot-sgp-1 sshd[7154]: Disconnected from authenticating user root 157.230.32.156 port 52948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:37:29 honeypot-ams-1 sshd[11006]: Invalid user admin from 206.189.86.91 port 40314","@timestamp":"2022-09-11T23:37:30.444Z"}
{"@timestamp":"2022-09-11T23:41:49.052Z","@version":"1","message":"Sep 11 23:41:48 honeypot-sgp-1 kernel: [83815820.927791] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.137.180 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=42621 PROTO=TCP SPT=30673 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:42:24 honeypot-ams-1 sshd[11009]: Did not receive identification string from 45.61.187.160 port 33966","@timestamp":"2022-09-11T23:42:24.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:18 honeypot-ams-1 sshd[11013]: Disconnected from invalid user user 45.61.187.160 port 40782 [preauth]","@timestamp":"2022-09-11T23:43:18.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:39 honeypot-ams-1 sshd[11017]: Disconnected from invalid user user 45.61.187.160 port 35638 [preauth]","@timestamp":"2022-09-11T23:43:40.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:44:00 honeypot-ams-1 sshd[11021]: Disconnected from invalid user user 45.61.187.160 port 58712 [preauth]","@timestamp":"2022-09-11T23:44:00.621Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:49:16 honeypot-fra-1 sshd[1279]: Invalid user support from 113.175.240.127 port 36922","@timestamp":"2022-09-11T23:49:17.661Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:54:57 honeypot-fra-1 sshd[1358]: Disconnected from invalid user contador 92.255.85.69 port 58572 [preauth]","@timestamp":"2022-09-11T23:54:57.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:56:53 honeypot-ams-1 kernel: [83817198.510181] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.237 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42299 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:56:53.958Z"}
{"@timestamp":"2022-09-12T00:03:36.550Z","@version":"1","message":"Sep 12 00:03:35 honeypot-sgp-1 kernel: [83817127.885868] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=41591 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:03:52 honeypot-fra-1 sshd[1374]: Received disconnect from 107.189.14.132 port 55738:11: Bye Bye [preauth]","@timestamp":"2022-09-12T00:03:53.005Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:06:25 honeypot-ams-1 sshd[11040]: Invalid user ubnt from 142.93.58.181 port 48922","@timestamp":"2022-09-12T00:06:26.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:08:40 honeypot-ams-1 sshd[11042]: Received disconnect from 159.223.57.252 port 55202:11: Bye Bye [preauth]","@timestamp":"2022-09-12T00:08:41.286Z"}
{"@timestamp":"2022-09-12T00:15:46.841Z","@version":"1","message":"Sep 12 00:15:46 honeypot-sgp-1 sshd[7182]: Disconnected from authenticating user root 92.255.85.69 port 63084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:16:52 honeypot-ams-1 kernel: [83818397.411826] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.16.28.136 DST=178.62.254.91 LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=33192 DF PROTO=TCP SPT=20018 DPT=80 WINDOW=35902 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:16:52.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:17:01 honeypot-fra-1 CRON[1377]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T00:17:02.298Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:23:48.038Z","@version":"1","message":"Sep 12 00:23:47 honeypot-sgp-1 sshd[7189]: Received disconnect from 207.46.227.197 port 1728:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:25:36.084Z","@version":"1","message":"Sep 12 00:25:35 honeypot-sgp-1 sshd[7193]: Invalid user ekp from 104.131.93.177 port 46269","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:26:24.108Z","@version":"1","message":"Sep 12 00:26:23 honeypot-sgp-1 sshd[7195]: Disconnected from invalid user hw01 45.175.18.29 port 45606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:13.154Z","@version":"1","message":"Sep 12 00:28:12 honeypot-sgp-1 sshd[7200]: Disconnected from invalid user user 45.61.187.160 port 34090 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:34.165Z","@version":"1","message":"Sep 12 00:28:34 honeypot-sgp-1 sshd[7204]: Disconnected from invalid user user 45.61.187.160 port 57632 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:57.174Z","@version":"1","message":"Sep 12 00:28:56 honeypot-sgp-1 sshd[7209]: Disconnected from invalid user user 45.61.187.160 port 52928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:14.182Z","@version":"1","message":"Sep 12 00:29:13 honeypot-sgp-1 sshd[7215]: Invalid user user from 45.61.187.160 port 48216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:29:19 honeypot-ams-1 kernel: [83819144.346149] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60030 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:29:19.846Z"}
{"@timestamp":"2022-09-12T00:30:08.204Z","@version":"1","message":"Sep 12 00:30:07 honeypot-sgp-1 sshd[7219]: Received disconnect from 213.32.77.242 port 53072:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:33:08 honeypot-fra-1 sshd[1386]: Invalid user admin from 23.94.194.115 port 41330","@timestamp":"2022-09-12T00:33:08.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:38:14 honeypot-fra-1 sshd[1390]: Received disconnect from 165.22.45.108 port 43788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:38:15.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:42:38 honeypot-fra-1 sshd[1396]: Received disconnect from 157.245.122.58 port 59768:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:42:38.901Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:43:27 honeypot-ams-1 kernel: [83819992.848762] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.9.36.106 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15533 PROTO=TCP SPT=48410 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:43:28.222Z"}
{"@timestamp":"2022-09-12T00:43:48.531Z","@version":"1","message":"Sep 12 00:43:48 honeypot-sgp-1 kernel: [83819540.581491] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.126.201.201 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52300 DF PROTO=TCP SPT=42137 DPT=80 WINDOW=5440 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:44:36 honeypot-fra-1 sshd[1401]: Disconnected from invalid user odoo 157.245.122.58 port 58598 [preauth]","@timestamp":"2022-09-12T00:44:36.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:46:27 honeypot-fra-1 sshd[1405]: Received disconnect from 157.245.122.58 port 57428:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:46:27.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:47:20 honeypot-fra-1 sshd[1409]: Disconnected from invalid user jonitwiso 157.245.122.58 port 42726 [preauth]","@timestamp":"2022-09-12T00:47:21.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:49:00 honeypot-fra-1 sshd[1414]: Disconnected from invalid user cypress 157.245.122.58 port 41556 [preauth]","@timestamp":"2022-09-12T00:49:01.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:49:55.680Z","@version":"1","message":"Sep 12 00:49:55 honeypot-sgp-1 sshd[7228]: Disconnected from invalid user admin 62.204.41.222 port 38176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:54:47.799Z","@version":"1","message":"Sep 12 00:54:47 honeypot-sgp-1 sshd[7231]: Disconnected from invalid user git 91.240.118.222 port 52945 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:58:04 honeypot-ams-1 kernel: [83820869.664739] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=35992 DF PROTO=TCP SPT=54597 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T00:58:04.609Z"}
{"@timestamp":"2022-09-12T01:03:03.001Z","@version":"1","message":"Sep 12 01:03:02 honeypot-sgp-1 sshd[7236]: Connection closed by invalid user support 223.82.232.208 port 1524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:07:58 honeypot-ams-1 sshd[11071]: Disconnected from authenticating user root 92.255.85.70 port 63434 [preauth]","@timestamp":"2022-09-12T01:07:58.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:13:08 honeypot-fra-1 sshd[1421]: Received disconnect from 165.22.45.108 port 48624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:13:09.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T01:13:46.260Z","@version":"1","message":"Sep 12 01:13:45 honeypot-sgp-1 sshd[7243]: Invalid user adonai from 173.82.235.128 port 47908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:15:06 honeypot-ams-1 kernel: [83821891.392842] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.193.80.233 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=15533 PROTO=TCP SPT=57854 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:15:07.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:19 honeypot-ams-1 sshd[11081]: Received disconnect from 45.61.186.249 port 35706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:15:20.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:39 honeypot-ams-1 sshd[11085]: Received disconnect from 45.61.186.249 port 58398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:15:40.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:15:52 honeypot-fra-1 sshd[1426]: Disconnected from authenticating user root 37.139.1.197 port 46904 [preauth]","@timestamp":"2022-09-12T01:15:52.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:54 honeypot-ams-1 sshd[11089]: Received disconnect from 198.98.61.9 port 39682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:15:55.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:02 honeypot-ams-1 sshd[11093]: Received disconnect from 198.98.61.9 port 51192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:16:03.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:11 honeypot-ams-1 sshd[11097]: Received disconnect from 198.98.61.9 port 34502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:16:12.110Z"}
{"@timestamp":"2022-09-12T01:16:21.324Z","@version":"1","message":"Sep 12 01:16:20 honeypot-sgp-1 kernel: [83821493.171453] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=54188 DF PROTO=TCP SPT=55440 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:32 honeypot-ams-1 sshd[11101]: Received disconnect from 198.98.61.9 port 57502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:16:33.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:48 honeypot-ams-1 sshd[11105]: Received disconnect from 198.98.61.9 port 52260:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:16:49.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:21:42 honeypot-ams-1 sshd[11115]: Received disconnect from 157.245.122.58 port 44554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:21:42.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:22:39 honeypot-fra-1 kernel: [83820187.553765] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=60845 PROTO=TCP SPT=26779 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:22:39.846Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:22:41 honeypot-ams-1 sshd[11119]: Received disconnect from 157.245.122.58 port 58086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:22:42.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:24:30 honeypot-ams-1 sshd[11124]: Received disconnect from 157.245.122.58 port 56928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:24:30.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:25:22 honeypot-ams-1 sshd[11126]: Disconnected from invalid user jonitwiso 157.245.122.58 port 42222 [preauth]","@timestamp":"2022-09-12T01:25:22.371Z"}
{"@timestamp":"2022-09-12T01:26:30.571Z","@version":"1","message":"Sep 12 01:26:30 honeypot-sgp-1 sshd[7252]: Disconnected from authenticating user root 92.255.85.69 port 55650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:26:59 honeypot-ams-1 sshd[11131]: Invalid user ubuntu from 103.188.176.251 port 45582","@timestamp":"2022-09-12T01:27:00.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:26 honeypot-ams-1 sshd[11136]: Received disconnect from 45.61.186.169 port 58874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:27:26.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:44 honeypot-ams-1 sshd[11140]: Received disconnect from 45.61.186.169 port 54164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:27:44.444Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:00 honeypot-ams-1 sshd[11144]: Received disconnect from 45.61.186.169 port 49458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:28:01.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:16 honeypot-ams-1 sshd[11148]: Received disconnect from 45.61.186.169 port 44746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:28:16.463Z"}
{"@timestamp":"2022-09-12T01:28:27.622Z","@version":"1","message":"Sep 12 01:28:27 honeypot-sgp-1 sshd[7254]: Disconnected from invalid user aldric 122.176.119.202 port 47708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:32:01 honeypot-ams-1 kernel: [83822906.656466] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=65006 PROTO=TCP SPT=58738 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:32:02.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:32:28 honeypot-fra-1 kernel: [83820777.329342] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=39960 PROTO=TCP SPT=57371 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:32:29.073Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1455]: Invalid user admin from 49.234.154.127 port 33920","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1461]: Invalid user guest from 49.234.154.127 port 33924","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1451]: Connection closed by invalid user hadoop 49.234.154.127 port 33854 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1459]: Connection closed by invalid user ubuntu 49.234.154.127 port 33848 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1470]: Connection closed by invalid user mysql 49.234.154.127 port 33904 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:33 honeypot-fra-1 sshd[1454]: Connection closed by authenticating user root 49.234.154.127 port 33864 [preauth]","@timestamp":"2022-09-12T01:37:34.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:36 honeypot-fra-1 sshd[1471]: Connection closed by authenticating user root 49.234.154.127 port 33868 [preauth]","@timestamp":"2022-09-12T01:37:37.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:39 honeypot-fra-1 sshd[1493]: Connection closed by invalid user teamspeak 49.234.154.127 port 33862 [preauth]","@timestamp":"2022-09-12T01:37:40.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:40:50 honeypot-fra-1 kernel: [83821279.320853] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.107.76.94 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=50464 PROTO=TCP SPT=21173 DPT=443 WINDOW=34326 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:40:51.269Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:40:56 honeypot-ams-1 kernel: [83823441.493434] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.112.53.85 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=54172 PROTO=TCP SPT=37008 DPT=443 WINDOW=47293 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:40:56.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:43:14 honeypot-ams-1 sshd[11160]: Disconnected from invalid user admin 80.76.51.45 port 55106 [preauth]","@timestamp":"2022-09-12T01:43:14.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:00 honeypot-ams-1 sshd[11166]: Received disconnect from 80.76.51.45 port 33328:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:44:00.908Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:30 honeypot-ams-1 sshd[11170]: Disconnected from authenticating user root 80.76.51.45 port 56456 [preauth]","@timestamp":"2022-09-12T01:44:30.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:14 honeypot-ams-1 sshd[11176]: Disconnected from authenticating user root 80.76.51.45 port 34646 [preauth]","@timestamp":"2022-09-12T01:45:14.949Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:45:48 honeypot-ams-1 kernel: [83823733.176625] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.180.105.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=57500 PROTO=TCP SPT=17337 DPT=80 WINDOW=4321 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:45:48.967Z"}
{"@timestamp":"2022-09-12T01:49:37.157Z","@version":"1","message":"Sep 12 01:49:36 honeypot-sgp-1 kernel: [83823488.359596] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.205.137.195 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=50948 DF PROTO=TCP SPT=57480 DPT=5432 WINDOW=65320 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:51:12 honeypot-ams-1 sshd[11185]: Disconnected from invalid user cpage 208.184.30.130 port 34414 [preauth]","@timestamp":"2022-09-12T01:51:13.115Z"}
{"@timestamp":"2022-09-12T01:54:45.286Z","@version":"1","message":"Sep 12 01:54:44 honeypot-sgp-1 sshd[7267]: Invalid user linan from 103.188.176.251 port 42008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:54:48 honeypot-fra-1 kernel: [83822117.259585] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.99.32.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=3341 PROTO=TCP SPT=61953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:54:49.579Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:01:41 honeypot-ams-1 sshd[11190]: Received disconnect from 139.59.3.114 port 50514:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:01:41.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:03:17 honeypot-ams-1 sshd[11194]: Received disconnect from 46.101.23.51 port 52498:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:03:18.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:05:56 honeypot-fra-1 sshd[1517]: Invalid user guest from 177.85.70.147 port 52588","@timestamp":"2022-09-12T02:05:57.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:44 honeypot-fra-1 sshd[1522]: Invalid user user from 45.61.186.169 port 57330","@timestamp":"2022-09-12T02:06:44.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:02 honeypot-fra-1 sshd[1526]: Invalid user user from 45.61.186.169 port 52186","@timestamp":"2022-09-12T02:07:02.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:19 honeypot-fra-1 sshd[1530]: Invalid user user from 45.61.186.169 port 47050","@timestamp":"2022-09-12T02:07:19.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:35 honeypot-fra-1 sshd[1534]: Invalid user user from 45.61.186.169 port 41904","@timestamp":"2022-09-12T02:07:35.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:08:14.616Z","@version":"1","message":"Sep 12 02:08:13 honeypot-sgp-1 kernel: [83824606.065135] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=81.30.27.51 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=33329 PROTO=TCP SPT=47693 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:10:55 honeypot-fra-1 sshd[1537]: Disconnected from invalid user git 91.240.118.222 port 40068 [preauth]","@timestamp":"2022-09-12T02:10:55.972Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:17:01 honeypot-fra-1 CRON[1542]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T02:17:02.116Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:17:01 honeypot-ams-1 CRON[11209]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T02:17:02.811Z"}
{"@timestamp":"2022-09-12T02:17:02.836Z","@version":"1","message":"Sep 12 02:17:01 honeypot-sgp-1 CRON[7276]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:23:22 honeypot-ams-1 kernel: [83825987.450122] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=34815 DF PROTO=TCP SPT=65387 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T02:23:22.984Z"}
{"@timestamp":"2022-09-12T02:29:07.143Z","@version":"1","message":"Sep 12 02:29:06 honeypot-sgp-1 sshd[7281]: Received disconnect from 211.44.212.27 port 58048:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:29:30 honeypot-ams-1 sshd[11218]: Disconnected from invalid user admin 91.201.240.153 port 59006 [preauth]","@timestamp":"2022-09-12T02:29:31.149Z"}
{"@timestamp":"2022-09-12T02:31:36.205Z","@version":"1","message":"Sep 12 02:31:35 honeypot-sgp-1 kernel: [83826008.116606] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=235 ID=15212 PROTO=TCP SPT=37276 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:32:55 honeypot-fra-1 kernel: [83824403.924028] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=35089 PROTO=TCP SPT=17534 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:32:56.475Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T02:36:43.331Z","@version":"1","message":"Sep 12 02:36:43 honeypot-sgp-1 sshd[7291]: Invalid user vm from 123.142.3.137 port 34428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:41:28 honeypot-ams-1 sshd[11221]: Disconnected from authenticating user root 92.255.85.69 port 52578 [preauth]","@timestamp":"2022-09-12T02:41:28.473Z"}
{"@timestamp":"2022-09-12T02:45:49.549Z","@version":"1","message":"Sep 12 02:45:49 honeypot-sgp-1 kernel: [83826861.141216] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=142.44.139.2 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54538 PROTO=TCP SPT=50742 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:49:34 honeypot-fra-1 sshd[1554]: Invalid user ruben from 60.10.160.75 port 38221","@timestamp":"2022-09-12T02:49:34.846Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:58:06 honeypot-fra-1 sshd[1559]: Invalid user deploy from 121.79.128.37 port 36620","@timestamp":"2022-09-12T02:58:07.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:59:56.892Z","@version":"1","message":"Sep 12 02:59:56 honeypot-sgp-1 sshd[7302]: Disconnected from authenticating user root 92.255.85.69 port 30790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:02:34 honeypot-fra-1 sshd[1564]: Connection closed by 167.94.138.117 port 48826 [preauth]","@timestamp":"2022-09-12T03:02:35.135Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:02:41 honeypot-ams-1 kernel: [83828346.581533] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=50258 PROTO=TCP SPT=51603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:02:42.047Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:10:58 honeypot-fra-1 kernel: [83826686.257339] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.197 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=39952 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:10:58.322Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:14:26 honeypot-ams-1 kernel: [83829051.620944] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=57200 PROTO=TCP SPT=37178 DPT=80 WINDOW=55674 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:14:27.359Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:16:38 honeypot-fra-1 kernel: [83827026.361126] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=56655 DF PROTO=TCP SPT=50336 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T03:16:38.450Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T03:17:02.313Z","@version":"1","message":"Sep 12 03:17:01 honeypot-sgp-1 CRON[7306]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:21:49 honeypot-ams-1 kernel: [83829494.521262] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27219 PROTO=TCP SPT=47363 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:21:49.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:26:03 honeypot-fra-1 sshd[1578]: Disconnected from authenticating user root 92.255.85.69 port 37744 [preauth]","@timestamp":"2022-09-12T03:26:03.669Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:29:18.610Z","@version":"1","message":"Sep 12 03:29:17 honeypot-sgp-1 sshd[7316]: Received disconnect from 211.252.84.133 port 52630:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:28 honeypot-ams-1 sshd[11243]: Received disconnect from 45.61.184.204 port 57540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:29:28.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:47 honeypot-ams-1 sshd[11247]: Received disconnect from 45.61.184.204 port 52788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:29:47.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:04 honeypot-ams-1 sshd[11251]: Received disconnect from 45.61.184.204 port 48034:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:30:04.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:21 honeypot-ams-1 sshd[11255]: Received disconnect from 45.61.184.204 port 43284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:30:21.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:31:39 honeypot-fra-1 sshd[1584]: Did not receive identification string from 45.61.184.204 port 45176","@timestamp":"2022-09-12T03:31:39.796Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:22 honeypot-fra-1 sshd[1587]: Disconnected from invalid user user 45.61.184.204 port 50542 [preauth]","@timestamp":"2022-09-12T03:32:22.814Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:40 honeypot-fra-1 sshd[1591]: Disconnected from invalid user user 45.61.184.204 port 45132 [preauth]","@timestamp":"2022-09-12T03:32:40.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:57 honeypot-fra-1 sshd[1595]: Disconnected from invalid user user 45.61.184.204 port 39720 [preauth]","@timestamp":"2022-09-12T03:32:57.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:33:57 honeypot-fra-1 sshd[1599]: Disconnected from invalid user kevin 165.22.45.108 port 41740 [preauth]","@timestamp":"2022-09-12T03:33:57.854Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:34:06.759Z","@version":"1","message":"Sep 12 03:34:06 honeypot-sgp-1 sshd[7320]: Disconnected from 68.183.25.156 port 54144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:49:03 honeypot-ams-1 sshd[11259]: Received disconnect from 132.145.95.37 port 23185:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:49:04.285Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:49:57 honeypot-fra-1 sshd[1605]: Connection closed by 193.106.191.157 port 58866 [preauth]","@timestamp":"2022-09-12T03:49:57.207Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:50:33 honeypot-ams-1 sshd[11262]: Disconnected from invalid user user 43.135.1.155 port 45292 [preauth]","@timestamp":"2022-09-12T03:50:34.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:24 honeypot-ams-1 sshd[11267]: Received disconnect from 92.255.85.70 port 15834:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:52:25.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:54 honeypot-ams-1 sshd[11273]: Received disconnect from 104.45.17.110 port 45706:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:52:55.396Z"}
{"@timestamp":"2022-09-12T03:54:15.249Z","@version":"1","message":"Sep 12 03:54:14 honeypot-sgp-1 sshd[7327]: Received disconnect from 34.91.0.68 port 32956:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:17 honeypot-ams-1 sshd[11277]: Disconnected from invalid user admin 46.19.141.122 port 39300 [preauth]","@timestamp":"2022-09-12T03:54:18.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:44 honeypot-ams-1 sshd[11281]: Received disconnect from 209.73.215.135 port 36126:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:54:45.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:55:09 honeypot-ams-1 sshd[11286]: Disconnected from invalid user user 46.19.141.122 port 36388 [preauth]","@timestamp":"2022-09-12T03:55:10.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:56:04 honeypot-ams-1 sshd[11290]: Disconnected from invalid user support 46.19.141.122 port 53268 [preauth]","@timestamp":"2022-09-12T03:56:04.488Z"}
{"@timestamp":"2022-09-12T03:57:48.337Z","@version":"1","message":"Sep 12 03:57:48 honeypot-sgp-1 kernel: [83831180.129713] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=20438 PROTO=TCP SPT=41516 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:58:39 honeypot-ams-1 sshd[11296]: Invalid user linan from 103.188.176.251 port 42126","@timestamp":"2022-09-12T03:58:40.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:02:03 honeypot-ams-1 sshd[11299]: Invalid user git from 91.240.118.222 port 55767","@timestamp":"2022-09-12T04:02:03.654Z"}
{"@timestamp":"2022-09-12T04:03:17.476Z","@version":"1","message":"Sep 12 04:03:17 honeypot-sgp-1 sshd[7337]: Disconnected from authenticating user root 157.245.122.58 port 49296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:05:18.529Z","@version":"1","message":"Sep 12 04:05:18 honeypot-sgp-1 sshd[7343]: Received disconnect from 157.245.122.58 port 48142:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:07:09.578Z","@version":"1","message":"Sep 12 04:07:09 honeypot-sgp-1 sshd[7347]: Received disconnect from 157.245.122.58 port 46976:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:08:33.614Z","@version":"1","message":"Sep 12 04:08:33 honeypot-sgp-1 sshd[7352]: Disconnected from authenticating user root 154.211.12.170 port 32848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:09:26 honeypot-fra-1 sshd[1613]: Received disconnect from 165.22.45.108 port 46790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:09:26.674Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:11:50.697Z","@version":"1","message":"Sep 12 04:11:50 honeypot-sgp-1 kernel: [83832022.254550] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.181.53 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=26159 PROTO=TCP SPT=55130 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1622]: Invalid user cloud from 204.44.66.189 port 59070","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1623]: Invalid user admin from 204.44.66.189 port 59058","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1632]: Invalid user chia from 204.44.66.189 port 59108","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1636]: Invalid user oracle from 204.44.66.189 port 59062","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1619]: Connection closed by invalid user chia 204.44.66.189 port 59042 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1644]: Connection closed by invalid user chia 204.44.66.189 port 59114 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1641]: Connection closed by invalid user admin 204.44.66.189 port 59096 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1626]: Connection closed by invalid user web 204.44.66.189 port 59098 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:14:01 honeypot-ams-1 sshd[11303]: Disconnected from 111.42.133.43 port 42586 [preauth]","@timestamp":"2022-09-12T04:14:01.973Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:16:10 honeypot-fra-1 kernel: [83830598.928579] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.123.210.115 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4060 PROTO=TCP SPT=56481 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:16:11.822Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T04:17:32.838Z","@version":"1","message":"Sep 12 04:17:32 honeypot-sgp-1 sshd[7363]: Received disconnect from 45.61.186.169 port 57342:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:50.848Z","@version":"1","message":"Sep 12 04:17:49 honeypot-sgp-1 sshd[7367]: Received disconnect from 45.61.186.169 port 52336:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:17:50 honeypot-ams-1 kernel: [83832855.073067] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.88.49.77 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=28397 DF PROTO=TCP SPT=50404 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:17:51.077Z"}
{"@timestamp":"2022-09-12T04:18:06.857Z","@version":"1","message":"Sep 12 04:18:06 honeypot-sgp-1 sshd[7371]: Received disconnect from 45.61.186.169 port 47316:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:18:22.865Z","@version":"1","message":"Sep 12 04:18:22 honeypot-sgp-1 sshd[7375]: Received disconnect from 45.61.186.169 port 42326:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:08 honeypot-ams-1 sshd[11314]: Disconnected from invalid user user 45.61.186.49 port 38492 [preauth]","@timestamp":"2022-09-12T04:20:09.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:18 honeypot-ams-1 sshd[11318]: Disconnected from invalid user user 45.61.186.49 port 50410 [preauth]","@timestamp":"2022-09-12T04:20:19.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:22:11 honeypot-fra-1 kernel: [83830959.640207] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=25299 PROTO=TCP SPT=56564 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:22:11.957Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T04:22:14.964Z","@version":"1","message":"Sep 12 04:22:14 honeypot-sgp-1 sshd[7379]: Received disconnect from 103.240.110.130 port 49666:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:27:51 honeypot-fra-1 kernel: [83831299.676575] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.198.46.250 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=59606 PROTO=TCP SPT=42561 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:27:52.085Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:04 honeypot-ams-1 sshd[11323]: Did not receive identification string from 80.76.51.43 port 57760","@timestamp":"2022-09-12T04:30:04.405Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:48 honeypot-ams-1 sshd[11328]: Invalid user support from 80.76.51.43 port 41570","@timestamp":"2022-09-12T04:30:49.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:31:17 honeypot-ams-1 sshd[11332]: Connection closed by 80.76.51.43 port 41240 [preauth]","@timestamp":"2022-09-12T04:31:18.445Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:37:00 honeypot-fra-1 kernel: [83831848.259012] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=504 PROTO=TCP SPT=40764 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:37:00.289Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:01 honeypot-ams-1 sshd[11338]: Disconnected from invalid user user 45.61.184.204 port 43448 [preauth]","@timestamp":"2022-09-12T04:40:01.692Z"}
{"@timestamp":"2022-09-12T04:40:08.399Z","@version":"1","message":"Sep 12 04:40:08 honeypot-sgp-1 kernel: [83833720.333968] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=101.35.161.133 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=10805 DF PROTO=TCP SPT=55290 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:22 honeypot-ams-1 sshd[11342]: Disconnected from invalid user user 45.61.184.204 port 39384 [preauth]","@timestamp":"2022-09-12T04:40:22.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:40 honeypot-ams-1 sshd[11346]: Received disconnect from 45.61.184.204 port 35314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:40:41.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:41:00 honeypot-ams-1 sshd[11350]: Invalid user user from 45.61.184.204 port 59480","@timestamp":"2022-09-12T04:41:00.730Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:44:27 honeypot-fra-1 kernel: [83832295.551033] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38245 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:44:28.455Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:45:43 honeypot-ams-1 kernel: [83834528.438710] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=12809 DF PROTO=TCP SPT=49226 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T04:45:43.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:48:05 honeypot-fra-1 sshd[1695]: Connection closed by 176.111.173.150 port 33334 [preauth]","@timestamp":"2022-09-12T04:48:05.537Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:50:59.682Z","@version":"1","message":"Sep 12 04:50:59 honeypot-sgp-1 sshd[7402]: Received disconnect from 157.245.9.6 port 44528:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:51:26 honeypot-ams-1 sshd[11359]: Disconnected from invalid user awa 43.154.55.148 port 32808 [preauth]","@timestamp":"2022-09-12T04:51:27.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1703]: Invalid user es from 212.87.251.118 port 45332","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1704]: Invalid user web from 212.87.251.118 port 45320","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1717]: Invalid user user from 212.87.251.118 port 45372","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1726]: Invalid user www from 212.87.251.118 port 45406","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1712]: Connection closed by invalid user esuser 212.87.251.118 port 45354 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1701]: Connection closed by invalid user steam 212.87.251.118 port 45312 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1714]: Connection closed by invalid user user 212.87.251.118 port 45360 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1723]: Connection closed by invalid user admin 212.87.251.118 port 45390 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1729]: Invalid user test from 212.87.251.118 port 45424","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1727]: Invalid user guest from 212.87.251.118 port 45414","@timestamp":"2022-09-12T04:55:37.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:56:54 honeypot-fra-1 kernel: [83833041.972901] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.94.197 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=65336 PROTO=TCP SPT=61953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:56:54.735Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T04:58:54.876Z","@version":"1","message":"Sep 12 04:58:53 honeypot-sgp-1 sshd[7409]: Did not receive identification string from 45.61.186.49 port 56312","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:59:18.888Z","@version":"1","message":"Sep 12 04:59:18 honeypot-sgp-1 sshd[7412]: Disconnected from invalid user user 45.61.186.49 port 41046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:59:27.893Z","@version":"1","message":"Sep 12 04:59:26 honeypot-sgp-1 sshd[7416]: Disconnected from invalid user user 45.61.186.49 port 52466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:03:20 honeypot-ams-1 sshd[11366]: Received disconnect from 92.255.85.69 port 37806:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:03:20.334Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:08:27 honeypot-fra-1 kernel: [83833735.597513] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.152.41.83 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18882 PROTO=TCP SPT=48582 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:08:27.991Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T05:10:01.148Z","@version":"1","message":"Sep 12 05:10:00 honeypot-sgp-1 kernel: [83835512.537013] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.152.41.83 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16282 PROTO=TCP SPT=48582 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:14:42 honeypot-ams-1 sshd[11824]: Invalid user user from 45.61.186.249 port 54192","@timestamp":"2022-09-12T05:14:43.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:01 honeypot-ams-1 sshd[11828]: Invalid user user from 45.61.186.249 port 49252","@timestamp":"2022-09-12T05:15:01.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:19 honeypot-ams-1 sshd[11832]: Invalid user user from 45.61.186.249 port 44340","@timestamp":"2022-09-12T05:15:19.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:37 honeypot-ams-1 sshd[11836]: Invalid user user from 45.61.186.249 port 39424","@timestamp":"2022-09-12T05:15:38.665Z"}
{"@timestamp":"2022-09-12T05:17:02.321Z","@version":"1","message":"Sep 12 05:17:01 honeypot-sgp-1 CRON[7425]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:17:01 honeypot-ams-1 CRON[11839]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T05:17:02.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:19:25 honeypot-fra-1 sshd[1775]: Received disconnect from 51.83.71.70 port 39250:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:19:25.235Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:19:49.394Z","@version":"1","message":"Sep 12 05:19:48 honeypot-sgp-1 sshd[7431]: Received disconnect from 68.183.25.156 port 33512:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:20:29 honeypot-fra-1 sshd[1780]: Received disconnect from 165.22.45.108 port 56800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:20:30.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:21:20.433Z","@version":"1","message":"Sep 12 05:21:20 honeypot-sgp-1 kernel: [83836192.072367] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=137.184.66.255 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=8538 PROTO=TCP SPT=58237 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:29:59 honeypot-fra-1 kernel: [83835027.242321] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=30382 PROTO=TCP SPT=47678 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:29:59.472Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T05:31:53.686Z","@version":"1","message":"Sep 12 05:31:53 honeypot-sgp-1 sshd[7443]: Did not receive identification string from 45.61.187.160 port 56832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:32:03 honeypot-ams-1 kernel: [83837308.855946] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=37465 PROTO=TCP SPT=46919 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:32:04.106Z"}
{"@timestamp":"2022-09-12T05:32:31.704Z","@version":"1","message":"Sep 12 05:32:31 honeypot-sgp-1 sshd[7446]: Disconnected from invalid user user 45.61.187.160 port 33980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:51.714Z","@version":"1","message":"Sep 12 05:32:50 honeypot-sgp-1 sshd[7450]: Disconnected from invalid user user 45.61.187.160 port 57430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:33:09.724Z","@version":"1","message":"Sep 12 05:33:08 honeypot-sgp-1 sshd[7454]: Disconnected from invalid user user 45.61.187.160 port 52658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:09 honeypot-ams-1 sshd[11850]: Invalid user user from 45.61.187.160 port 59786","@timestamp":"2022-09-12T05:35:10.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:28 honeypot-ams-1 sshd[11854]: Invalid user user from 45.61.187.160 port 54480","@timestamp":"2022-09-12T05:35:28.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:45 honeypot-ams-1 sshd[11858]: Invalid user user from 45.61.187.160 port 49170","@timestamp":"2022-09-12T05:35:46.208Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:36:22 honeypot-ams-1 kernel: [83837567.161682] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=31755 PROTO=TCP SPT=52425 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:36:23.226Z"}
{"@timestamp":"2022-09-12T05:40:28.901Z","@version":"1","message":"Sep 12 05:40:28 honeypot-sgp-1 sshd[7460]: Invalid user support from 67.249.160.145 port 43182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:38 honeypot-fra-1 sshd[1791]: Received disconnect from 141.255.162.226 port 40170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:44:39.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:41 honeypot-fra-1 sshd[1795]: Received disconnect from 141.255.162.226 port 47256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:44:41.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:45 honeypot-fra-1 sshd[1799]: Received disconnect from 141.255.162.226 port 54238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:44:45.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:46:42 honeypot-fra-1 sshd[1804]: Disconnected from authenticating user root 92.255.85.69 port 49662 [preauth]","@timestamp":"2022-09-12T05:46:42.845Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:49:23 honeypot-ams-1 sshd[11866]: Disconnected from authenticating user root 92.255.85.70 port 51744 [preauth]","@timestamp":"2022-09-12T05:49:23.582Z"}
{"@timestamp":"2022-09-12T05:51:32.170Z","@version":"1","message":"Sep 12 05:51:31 honeypot-sgp-1 kernel: [83838003.335625] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.198.178.96 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=39548 PROTO=TCP SPT=59079 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:51:36 honeypot-ams-1 sshd[11870]: Invalid user beau from 95.86.165.90 port 36544","@timestamp":"2022-09-12T05:51:36.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:52:00 honeypot-fra-1 kernel: [83836348.053936] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=44829 DF PROTO=TCP SPT=54140 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T05:52:00.967Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:02 honeypot-fra-1 sshd[1810]: Invalid user user from 45.61.187.160 port 53566","@timestamp":"2022-09-12T05:55:03.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:20 honeypot-fra-1 sshd[1814]: Invalid user user from 45.61.187.160 port 49546","@timestamp":"2022-09-12T05:55:21.046Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:37 honeypot-fra-1 sshd[1818]: Invalid user user from 45.61.187.160 port 45524","@timestamp":"2022-09-12T05:55:38.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:56:10 honeypot-fra-1 sshd[1822]: Invalid user kf from 165.22.45.108 port 33418","@timestamp":"2022-09-12T05:56:11.068Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:00:54.396Z","@version":"1","message":"Sep 12 06:00:53 honeypot-sgp-1 sshd[7472]: Invalid user user from 141.255.162.226 port 38214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:00:58.398Z","@version":"1","message":"Sep 12 06:00:58 honeypot-sgp-1 sshd[7476]: Invalid user user from 141.255.162.226 port 45006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:04:48 honeypot-ams-1 kernel: [83839273.848927] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.118.142.149 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=56141 PROTO=TCP SPT=25288 DPT=443 WINDOW=7352 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:04:48.985Z"}
{"@timestamp":"2022-09-12T06:05:10.503Z","@version":"1","message":"Sep 12 06:05:10 honeypot-sgp-1 sshd[7572]: Connection closed by invalid user pi 161.8.12.170 port 40756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:06:38 honeypot-fra-1 sshd[1829]: Connection closed by invalid user  152.32.249.159 port 46976 [preauth]","@timestamp":"2022-09-12T06:06:39.300Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:11:29.659Z","@version":"1","message":"Sep 12 06:11:29 honeypot-sgp-1 kernel: [83839200.995024] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=16357 PROTO=TCP SPT=42454 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:12:23 honeypot-fra-1 kernel: [83837571.762752] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=137.184.66.255 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61435 PROTO=TCP SPT=58237 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:12:24.429Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1931]: Disconnected from invalid user admin 185.196.220.81 port 53246 [preauth]","@timestamp":"2022-09-12T06:15:33.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1935]: Disconnected from invalid user admin 185.196.220.81 port 54488 [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1941]: Received disconnect from 185.196.220.81 port 56420:11: end [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1945]: Disconnected from invalid user admin 185.196.220.81 port 57844 [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1949]: Disconnected from invalid user test 185.196.220.81 port 59410 [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1955]: Received disconnect from 185.196.220.81 port 32978:11: end [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1959]: Received disconnect from 185.196.220.81 port 34684:11: end [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1963]: Disconnected from invalid user telnet 185.196.220.81 port 36400 [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1969]: Invalid user oracle from 185.196.220.81 port 38838","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1973]: Received disconnect from 185.196.220.81 port 40552:11: end [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1977]: Disconnected from authenticating user root 185.196.220.81 port 42370 [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1981]: Disconnected from invalid user guest 185.196.220.81 port 43826 [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1985]: Disconnected from invalid user Admin 185.196.220.81 port 45410 [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1989]: Disconnected from invalid user user 185.196.220.81 port 46804 [preauth]","@timestamp":"2022-09-12T06:15:39.504Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:16:55 honeypot-ams-1 kernel: [83840000.032739] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=42032 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:16:55.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:17:51 honeypot-fra-1 kernel: [83837898.908575] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=2324 PROTO=TCP SPT=42974 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:17:51.555Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T06:21:53.914Z","@version":"1","message":"Sep 12 06:21:53 honeypot-sgp-1 sshd[7586]: Received disconnect from 209.141.52.250 port 53254:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:25:05.001Z","@version":"1","message":"Sep 12 06:25:04 honeypot-sgp-1 CRON[7589]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:27:39 honeypot-ams-1 kernel: [83840644.092053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=65340 PROTO=TCP SPT=43577 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:27:39.577Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:31:09 honeypot-fra-1 sshd[2132]: Received disconnect from 165.22.45.108 port 39598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T06:31:09.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:34:15 honeypot-fra-1 sshd[2140]: Received disconnect from 92.255.85.70 port 36048:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:34:15.925Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:34:51.241Z","@version":"1","message":"Sep 12 06:34:50 honeypot-sgp-1 kernel: [83840602.373035] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=27011 PROTO=TCP SPT=44070 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:35:10 honeypot-ams-1 kernel: [83841095.117482] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5640 PROTO=TCP SPT=44070 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:35:10.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:36:47 honeypot-fra-1 kernel: [83839035.242229] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37741 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:36:47.987Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:43:32 honeypot-ams-1 sshd[12154]: Did not receive identification string from 45.61.187.160 port 50962","@timestamp":"2022-09-12T06:43:32.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:43:51 honeypot-ams-1 sshd[12157]: Received disconnect from 45.61.187.160 port 34308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T06:43:52.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:09 honeypot-ams-1 sshd[12161]: Invalid user user from 45.61.187.160 port 58322","@timestamp":"2022-09-12T06:44:10.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:26 honeypot-ams-1 sshd[12165]: Invalid user user from 45.61.187.160 port 54096","@timestamp":"2022-09-12T06:44:27.021Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:50:21 honeypot-fra-1 sshd[2150]: Disconnected from authenticating user root 195.206.60.116 port 58352 [preauth]","@timestamp":"2022-09-12T06:50:22.288Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:51:33 honeypot-ams-1 kernel: [83842078.486449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59283 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:51:34.229Z"}
{"@timestamp":"2022-09-12T06:51:51.679Z","@version":"1","message":"Sep 12 06:51:51 honeypot-sgp-1 sshd[7742]: Received disconnect from 137.184.207.13 port 34764:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:54:07 honeypot-fra-1 sshd[2158]: Received disconnect from 124.160.96.249 port 34066:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:54:07.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:54:25.744Z","@version":"1","message":"Sep 12 06:54:24 honeypot-sgp-1 sshd[7746]: Disconnected from invalid user wkv 207.254.224.220 port 49846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:56:51.809Z","@version":"1","message":"Sep 12 06:56:51 honeypot-sgp-1 sshd[7752]: Disconnected from authenticating user root 137.184.28.240 port 44410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:59:41 honeypot-ams-1 kernel: [83842566.443001] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33161 PROTO=TCP SPT=44724 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:59:42.438Z"}
{"@timestamp":"2022-09-12T07:03:09.967Z","@version":"1","message":"Sep 12 07:03:09 honeypot-sgp-1 sshd[7760]: Received disconnect from 68.183.141.36 port 36136:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:06:27 honeypot-fra-1 sshd[2165]: Received disconnect from 165.22.45.108 port 44470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:06:27.650Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:10:35 honeypot-ams-1 sshd[12180]: Connection closed by invalid user User 179.60.147.69 port 20542 [preauth]","@timestamp":"2022-09-12T07:10:36.717Z"}
{"@timestamp":"2022-09-12T07:13:41.228Z","@version":"1","message":"Sep 12 07:13:41 honeypot-sgp-1 sshd[7766]: Received disconnect from 203.190.55.203 port 46952:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:14 honeypot-fra-1 sshd[2171]: Invalid user user from 45.61.184.204 port 34124","@timestamp":"2022-09-12T07:16:14.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:34 honeypot-fra-1 sshd[2175]: Invalid user user from 45.61.184.204 port 57714","@timestamp":"2022-09-12T07:16:34.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:53 honeypot-fra-1 sshd[2179]: Invalid user user from 45.61.184.204 port 53066","@timestamp":"2022-09-12T07:16:53.888Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:01 honeypot-fra-1 sshd[2181]: Received disconnect from 45.61.184.204 port 36634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:17:01.893Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:19:22.369Z","@version":"1","message":"Sep 12 07:19:21 honeypot-sgp-1 kernel: [83843273.282820] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.234 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35024 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:19:25 honeypot-ams-1 kernel: [83843750.003483] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.184.66.255 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=75 PROTO=TCP SPT=58237 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:19:25.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:19:47 honeypot-fra-1 sshd[2189]: Invalid user User from 179.60.147.69 port 24944","@timestamp":"2022-09-12T07:19:47.959Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:21:29.423Z","@version":"1","message":"Sep 12 07:21:29 honeypot-sgp-1 sshd[7777]: Received disconnect from 141.255.162.226 port 52784:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:34.426Z","@version":"1","message":"Sep 12 07:21:33 honeypot-sgp-1 sshd[7781]: Received disconnect from 141.255.162.226 port 59032:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:23:13.471Z","@version":"1","message":"Sep 12 07:23:12 honeypot-sgp-1 sshd[7785]: Received disconnect from 188.254.0.160 port 39212:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:25:27 honeypot-fra-1 sshd[2197]: Invalid user admin from 195.242.232.122 port 46153","@timestamp":"2022-09-12T07:25:28.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:21 honeypot-fra-1 sshd[2202]: Invalid user user from 45.61.187.160 port 40656","@timestamp":"2022-09-12T07:26:22.129Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:39 honeypot-fra-1 sshd[2206]: Invalid user user from 45.61.187.160 port 36120","@timestamp":"2022-09-12T07:26:40.137Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:55 honeypot-fra-1 sshd[2210]: Invalid user user from 45.61.187.160 port 59804","@timestamp":"2022-09-12T07:26:56.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:28:58.644Z","@version":"1","message":"Sep 12 07:28:58 honeypot-sgp-1 sshd[7792]: Invalid user teamspeak from 77.24.124.41 port 48566","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:12 honeypot-ams-1 sshd[12193]: Invalid user user from 45.61.186.249 port 60244","@timestamp":"2022-09-12T07:32:12.300Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:33 honeypot-ams-1 sshd[12198]: Invalid user user from 45.61.186.249 port 55984","@timestamp":"2022-09-12T07:32:34.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:52 honeypot-ams-1 sshd[12202]: Invalid user user from 45.61.186.249 port 51666","@timestamp":"2022-09-12T07:32:53.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:33:09 honeypot-ams-1 sshd[12206]: Invalid user user from 45.61.186.249 port 47392","@timestamp":"2022-09-12T07:33:10.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:24 honeypot-fra-1 sshd[2216]: Did not receive identification string from 141.255.162.226 port 40082","@timestamp":"2022-09-12T07:33:25.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:33 honeypot-fra-1 sshd[2219]: Disconnected from invalid user user 141.255.162.226 port 36098 [preauth]","@timestamp":"2022-09-12T07:33:34.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:37 honeypot-fra-1 sshd[2223]: Disconnected from invalid user user 141.255.162.226 port 41392 [preauth]","@timestamp":"2022-09-12T07:33:38.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:40:25 honeypot-fra-1 sshd[2228]: Received disconnect from 178.154.205.230 port 44526:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:40:26.446Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:40:41 honeypot-ams-1 kernel: [83845026.307766] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.112.47.211 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=4965 PROTO=TCP SPT=3806 DPT=443 WINDOW=22157 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:40:41.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:41:59 honeypot-fra-1 sshd[2232]: Received disconnect from 192.241.157.126 port 36472:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:42:00.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:42:13.972Z","@version":"1","message":"Sep 12 07:42:13 honeypot-sgp-1 sshd[7800]: Invalid user duni from 92.255.85.69 port 45470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:42:45 honeypot-fra-1 sshd[2236]: Disconnected from authenticating user root 143.244.158.100 port 49304 [preauth]","@timestamp":"2022-09-12T07:42:45.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:44:11 honeypot-fra-1 sshd[2242]: Received disconnect from 143.110.189.191 port 34786:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:44:11.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:44:30 honeypot-fra-1 sshd[2246]: Disconnected from invalid user duni 92.255.85.69 port 39508 [preauth]","@timestamp":"2022-09-12T07:44:31.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:46:31 honeypot-fra-1 sshd[2253]: Received disconnect from 128.199.99.204 port 34504:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:46:32.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:47:11 honeypot-ams-1 sshd[12214]: Disconnected from invalid user duni 92.255.85.70 port 62888 [preauth]","@timestamp":"2022-09-12T07:47:11.701Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:47:42 honeypot-fra-1 sshd[2257]: Disconnected from authenticating user root 143.244.158.100 port 60962 [preauth]","@timestamp":"2022-09-12T07:47:42.629Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:50:05 honeypot-fra-1 sshd[2263]: Received disconnect from 143.244.158.100 port 48616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:50:05.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:52:26 honeypot-fra-1 sshd[2270]: Received disconnect from 143.244.158.100 port 37276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:52:26.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:54:03 honeypot-fra-1 sshd[2274]: Disconnected from authenticating user root 143.244.158.100 port 54046 [preauth]","@timestamp":"2022-09-12T07:54:03.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:54:57.286Z","@version":"1","message":"Sep 12 07:54:56 honeypot-sgp-1 kernel: [83845408.465853] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.81.10.173 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=17864 PROTO=TCP SPT=49140 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:55:44 honeypot-fra-1 sshd[2280]: Received disconnect from 143.244.158.100 port 43376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:55:44.820Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:58:10 honeypot-fra-1 sshd[2287]: Received disconnect from 143.244.158.100 port 44130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:58:10.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:59:01 honeypot-fra-1 sshd[2289]: Disconnected from invalid user amssys 137.184.96.200 port 50440 [preauth]","@timestamp":"2022-09-12T07:59:01.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:01:36 honeypot-fra-1 sshd[2300]: Received disconnect from 143.244.158.100 port 49788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:01:36.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:02:48 honeypot-fra-1 sshd[2304]: Received disconnect from 128.199.91.252 port 49802:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:02:48.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:04:20 honeypot-fra-1 sshd[2310]: Received disconnect from 182.75.139.26 port 44405:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:04:21.027Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:20 honeypot-ams-1 sshd[12223]: Invalid user user from 45.61.186.249 port 35084","@timestamp":"2022-09-12T08:04:21.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:41 honeypot-ams-1 sshd[12227]: Invalid user user from 45.61.186.249 port 58950","@timestamp":"2022-09-12T08:04:41.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:00 honeypot-ams-1 sshd[12231]: Invalid user user from 45.61.186.249 port 54576","@timestamp":"2022-09-12T08:05:01.164Z"}
{"@timestamp":"2022-09-12T08:05:14.545Z","@version":"1","message":"Sep 12 08:05:13 honeypot-sgp-1 sshd[7808]: Invalid user baikal from 92.255.85.69 port 54692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:16 honeypot-ams-1 sshd[12235]: Invalid user user from 45.61.186.249 port 50194","@timestamp":"2022-09-12T08:05:17.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:06:20 honeypot-fra-1 sshd[2316]: Received disconnect from 143.244.158.100 port 51344:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:06:21.074Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:07:58 honeypot-fra-1 sshd[2321]: Disconnected from authenticating user root 143.244.158.100 port 39166 [preauth]","@timestamp":"2022-09-12T08:07:59.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:09:35 honeypot-fra-1 sshd[2327]: Received disconnect from 143.244.158.100 port 59516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:09:36.152Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:10:34 honeypot-fra-1 sshd[2332]: Disconnected from authenticating user root 20.55.113.203 port 1024 [preauth]","@timestamp":"2022-09-12T08:10:35.178Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:10:59 honeypot-ams-1 sshd[12238]: Received disconnect from 92.255.85.69 port 59530:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:11:00.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:12:01 honeypot-fra-1 sshd[2358]: Disconnected from authenticating user root 143.244.158.100 port 46602 [preauth]","@timestamp":"2022-09-12T08:12:02.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:13:36 honeypot-fra-1 sshd[2364]: Received disconnect from 157.230.6.213 port 58214:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:13:36.252Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:14:11.791Z","@version":"1","message":"Sep 12 08:14:11 honeypot-sgp-1 sshd[7811]: Invalid user yueyiran from 137.116.144.39 port 59246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:15:22 honeypot-fra-1 sshd[2370]: Received disconnect from 143.244.158.100 port 50568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:15:23.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:16:53 honeypot-fra-1 sshd[2376]: Invalid user kf2server from 165.22.45.108 port 54190","@timestamp":"2022-09-12T08:16:54.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:17:01 honeypot-fra-1 CRON[2380]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T08:17:01.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:17:01 honeypot-ams-1 CRON[12243]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T08:17:01.481Z"}
{"@timestamp":"2022-09-12T08:17:50.887Z","@version":"1","message":"Sep 12 08:17:49 honeypot-sgp-1 sshd[7816]: Connection closed by invalid user User 179.60.147.69 port 37314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:18:41 honeypot-ams-1 sshd[12248]: Disconnected from authenticating user root 159.65.180.64 port 50478 [preauth]","@timestamp":"2022-09-12T08:18:41.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:19:27 honeypot-fra-1 sshd[2388]: Received disconnect from 143.244.158.100 port 46078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:19:28.395Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:20:45 honeypot-fra-1 sshd[2392]: Disconnected from invalid user admin 196.219.43.242 port 48732 [preauth]","@timestamp":"2022-09-12T08:20:46.425Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:45 honeypot-ams-1 sshd[12254]: Invalid user user from 141.255.162.226 port 49112","@timestamp":"2022-09-12T08:21:46.614Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:47 honeypot-ams-1 sshd[12258]: Invalid user user from 141.255.162.226 port 34652","@timestamp":"2022-09-12T08:21:47.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:52 honeypot-ams-1 sshd[12262]: Invalid user user from 141.255.162.226 port 48416","@timestamp":"2022-09-12T08:21:52.617Z"}
{"@timestamp":"2022-09-12T08:21:55.990Z","@version":"1","message":"Sep 12 08:21:55 honeypot-sgp-1 sshd[7844]: Received disconnect from 159.223.52.187 port 48544:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:22:28 honeypot-ams-1 kernel: [83847533.295748] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.111 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=7071 PROTO=TCP SPT=62699 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:22:28.634Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:22:47 honeypot-fra-1 sshd[2399]: Disconnected from authenticating user root 143.244.158.100 port 46808 [preauth]","@timestamp":"2022-09-12T08:22:47.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:25:11 honeypot-fra-1 sshd[2405]: Disconnected from authenticating user root 143.244.158.100 port 36056 [preauth]","@timestamp":"2022-09-12T08:25:11.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:29:02.169Z","@version":"1","message":"Sep 12 08:29:01 honeypot-sgp-1 sshd[7849]: Disconnected from authenticating user root 92.255.85.69 port 30668 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:30:06 honeypot-ams-1 kernel: [83847991.268122] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.105 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36676 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-12T08:30:06.854Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:31:21 honeypot-fra-1 sshd[2423]: Received disconnect from 92.255.85.70 port 20352:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:31:21.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:36:22 honeypot-fra-1 sshd[2432]: Received disconnect from 134.122.66.121 port 36666:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:36:23.787Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:37:13 honeypot-ams-1 kernel: [83848417.877082] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.120.202.242 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=21079 DF PROTO=TCP SPT=51092 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:37:14.041Z"}
{"@timestamp":"2022-09-12T08:41:27.480Z","@version":"1","message":"Sep 12 08:41:26 honeypot-sgp-1 sshd[7853]: Received disconnect from 45.61.186.169 port 49932:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:44.489Z","@version":"1","message":"Sep 12 08:41:44 honeypot-sgp-1 sshd[7857]: Received disconnect from 45.61.186.169 port 45726:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:01.498Z","@version":"1","message":"Sep 12 08:42:00 honeypot-sgp-1 sshd[7861]: Received disconnect from 45.61.186.169 port 41536:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:16.507Z","@version":"1","message":"Sep 12 08:42:16 honeypot-sgp-1 sshd[7866]: Invalid user user from 45.61.186.169 port 37342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:43:38 honeypot-ams-1 kernel: [83848802.820485] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.103.181.180 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=44891 PROTO=TCP SPT=7669 DPT=80 WINDOW=4069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:43:38.208Z"}
{"@timestamp":"2022-09-12T08:44:21.561Z","@version":"1","message":"Sep 12 08:44:21 honeypot-sgp-1 sshd[7868]: Connection closed by invalid user admin 221.161.74.247 port 40318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:45:52 honeypot-fra-1 sshd[2439]: Received disconnect from 60.10.160.73 port 43210:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:45:52.999Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:51:27 honeypot-fra-1 sshd[2445]: Connection closed by invalid user 1234 111.74.8.12 port 59024 [preauth]","@timestamp":"2022-09-12T08:51:28.126Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:52:34 honeypot-fra-1 sshd[2449]: Disconnected from invalid user ling 60.10.160.75 port 39290 [preauth]","@timestamp":"2022-09-12T08:52:34.152Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:13 honeypot-ams-1 sshd[12295]: Invalid user user from 141.255.162.226 port 33410","@timestamp":"2022-09-12T08:54:14.486Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:18 honeypot-ams-1 sshd[12299]: Invalid user user from 141.255.162.226 port 47404","@timestamp":"2022-09-12T08:54:19.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:20 honeypot-ams-1 sshd[12303]: Invalid user user from 141.255.162.226 port 54402","@timestamp":"2022-09-12T08:54:21.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:55:01 honeypot-fra-1 sshd[2455]: Received disconnect from 92.255.85.69 port 46402:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:55:01.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:55:57.850Z","@version":"1","message":"Sep 12 08:55:56 honeypot-sgp-1 kernel: [83849068.645837] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=59667 DF PROTO=TCP SPT=63952 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:56:35 honeypot-ams-1 sshd[12307]: Invalid user User from 179.60.147.69 port 35098","@timestamp":"2022-09-12T08:56:36.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:59:00 honeypot-fra-1 kernel: [83847567.910361] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.122.20.85 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=31085 DF PROTO=TCP SPT=33711 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:59:01.305Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:04:33 honeypot-ams-1 sshd[12313]: Connection closed by invalid user zabbix 103.188.176.251 port 56580 [preauth]","@timestamp":"2022-09-12T09:04:34.757Z"}
{"@timestamp":"2022-09-12T09:05:36.117Z","@version":"1","message":"Sep 12 09:05:35 honeypot-sgp-1 kernel: [83849647.324142] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.65.119.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=44549 DF PROTO=TCP SPT=48425 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:05 honeypot-fra-1 sshd[2466]: Invalid user user from 45.61.186.49 port 43380","@timestamp":"2022-09-12T09:06:06.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:14 honeypot-fra-1 sshd[2470]: Invalid user user from 45.61.186.49 port 54984","@timestamp":"2022-09-12T09:06:15.468Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:23 honeypot-fra-1 kernel: [83848011.247560] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=63491 PROTO=TCP SPT=27503 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:06:24.473Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T09:07:33.166Z","@version":"1","message":"Sep 12 09:07:32 honeypot-sgp-1 sshd[7879]: Disconnected from invalid user jukka 52.172.5.99 port 42458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:13:56 honeypot-fra-1 kernel: [83848463.612830] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=15982 PROTO=TCP SPT=53203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:13:56.645Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:16:46 honeypot-ams-1 sshd[12317]: Received disconnect from 104.248.117.154 port 54336:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:16:47.068Z"}
{"@timestamp":"2022-09-12T09:17:01.406Z","@version":"1","message":"Sep 12 09:17:01 honeypot-sgp-1 CRON[7884]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:18:28 honeypot-fra-1 sshd[2485]: Received disconnect from 92.255.85.69 port 45820:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:18:29.767Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:19:26 honeypot-ams-1 sshd[12324]: Invalid user flume from 190.144.139.235 port 35753","@timestamp":"2022-09-12T09:19:27.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:20:28 honeypot-ams-1 sshd[12326]: Disconnected from authenticating user root 159.65.132.116 port 39734 [preauth]","@timestamp":"2022-09-12T09:20:29.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:23:12 honeypot-ams-1 sshd[12333]: Received disconnect from 91.144.158.231 port 61917:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:23:13.242Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:24:57 honeypot-fra-1 sshd[2491]: Disconnected from authenticating user root 188.226.207.26 port 58133 [preauth]","@timestamp":"2022-09-12T09:24:57.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:27:02.650Z","@version":"1","message":"Sep 12 09:27:02 honeypot-sgp-1 sshd[7889]: Received disconnect from 60.220.185.61 port 47070:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:27:06 honeypot-ams-1 sshd[12339]: Received disconnect from 206.189.233.82 port 54378:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:27:07.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:27:08 honeypot-fra-1 sshd[2497]: Received disconnect from 165.22.45.108 port 35672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:27:08.968Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:30:00 honeypot-fra-1 kernel: [83849427.510178] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=74.82.47.16 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=38999 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:30:01.037Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T09:34:45.841Z","@version":"1","message":"Sep 12 09:34:45 honeypot-sgp-1 kernel: [83851397.379853] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41721 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:35:22 honeypot-ams-1 kernel: [83851906.937459] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33599 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:35:22.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:36:40 honeypot-fra-1 sshd[2507]: Disconnected from invalid user cent 217.182.253.249 port 54958 [preauth]","@timestamp":"2022-09-12T09:36:41.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:41:59 honeypot-fra-1 sshd[2514]: Received disconnect from 92.255.85.70 port 39982:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:41:59.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:37 honeypot-fra-1 sshd[2521]: Received disconnect from 45.61.186.49 port 51488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:44:38.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:46 honeypot-fra-1 sshd[2525]: Received disconnect from 45.61.186.49 port 35180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:44:47.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:46:39 honeypot-fra-1 sshd[2529]: Disconnected from authenticating user root 220.134.113.188 port 53632 [preauth]","@timestamp":"2022-09-12T09:46:39.420Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:46:59.143Z","@version":"1","message":"Sep 12 09:46:58 honeypot-sgp-1 kernel: [83852130.621026] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=12752 DF PROTO=TCP SPT=55206 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:52:18 honeypot-ams-1 sshd[12349]: Disconnected from invalid user conciergerie 142.93.117.15 port 54314 [preauth]","@timestamp":"2022-09-12T09:52:18.987Z"}
{"@timestamp":"2022-09-12T09:53:04.298Z","@version":"1","message":"Sep 12 09:53:03 honeypot-sgp-1 kernel: [83852495.052987] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.3.26.226 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=39977 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T09:55:11.373Z","@version":"1","message":"Sep 12 09:55:10 honeypot-sgp-1 sshd[7907]: Disconnected from authenticating user root 103.221.252.46 port 36222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2538]: Invalid user elastic from 51.79.254.140 port 52088","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2552]: Invalid user user from 51.79.254.140 port 52040","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2540]: Invalid user test from 51.79.254.140 port 52180","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2581]: Invalid user oracle from 51.79.254.140 port 52032","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2587]: Invalid user cloud from 51.79.254.140 port 52256","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2543]: Connection closed by invalid user oracle 51.79.254.140 port 52224 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2552]: Connection closed by invalid user user 51.79.254.140 port 52040 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2561]: Connection closed by invalid user oracle 51.79.254.140 port 52306 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2581]: Connection closed by invalid user oracle 51.79.254.140 port 52032 [preauth]","@timestamp":"2022-09-12T10:01:37.755Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:02:09.548Z","@version":"1","message":"Sep 12 10:02:09 honeypot-sgp-1 sshd[7913]: Invalid user guest from 103.147.159.49 port 38488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:02:16 honeypot-fra-1 sshd[2617]: Connection closed by invalid user guest 113.160.211.78 port 40736 [preauth]","@timestamp":"2022-09-12T10:02:16.771Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:04:39 honeypot-ams-1 sshd[12359]: Invalid user User from 179.60.147.69 port 17514","@timestamp":"2022-09-12T10:04:40.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:05:18 honeypot-ams-1 sshd[12364]: Disconnected from authenticating user root 46.19.141.122 port 48926 [preauth]","@timestamp":"2022-09-12T10:05:19.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:06:09 honeypot-fra-1 sshd[2621]: Disconnected from authenticating user root 92.255.85.70 port 62276 [preauth]","@timestamp":"2022-09-12T10:06:09.862Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:06:48 honeypot-ams-1 sshd[12369]: Disconnected from invalid user admin 46.19.141.122 port 43222 [preauth]","@timestamp":"2022-09-12T10:06:48.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:07:41 honeypot-ams-1 sshd[12375]: Invalid user user from 46.19.141.122 port 37466","@timestamp":"2022-09-12T10:07:42.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:08:13 honeypot-ams-1 sshd[12379]: Received disconnect from 46.19.141.122 port 44970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:08:14.408Z"}
{"@timestamp":"2022-09-12T10:08:36.706Z","@version":"1","message":"Sep 12 10:08:36 honeypot-sgp-1 kernel: [83853427.786561] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=72.68.192.9 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=42663 PROTO=TCP SPT=57655 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:08:41 honeypot-ams-1 sshd[12381]: Disconnected from invalid user support 46.19.141.122 port 52472 [preauth]","@timestamp":"2022-09-12T10:08:42.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:12:04 honeypot-fra-1 sshd[2628]: Invalid user odoo from 157.245.122.58 port 37748","@timestamp":"2022-09-12T10:12:04.999Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:14 honeypot-ams-1 sshd[12389]: Invalid user user from 45.61.186.49 port 58482","@timestamp":"2022-09-12T10:12:15.518Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:19 honeypot-ams-1 sshd[12391]: Invalid user support from 58.216.218.238 port 33555","@timestamp":"2022-09-12T10:12:19.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:28 honeypot-ams-1 sshd[12397]: Received disconnect from 45.61.186.49 port 48250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:12:28.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:13:01 honeypot-fra-1 sshd[2630]: Invalid user tenancy from 157.245.122.58 port 51288","@timestamp":"2022-09-12T10:13:02.023Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:13:55 honeypot-fra-1 sshd[2632]: Disconnected from invalid user data.user 157.245.122.58 port 36592 [preauth]","@timestamp":"2022-09-12T10:13:56.044Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:14:28.851Z","@version":"1","message":"Sep 12 10:14:28 honeypot-sgp-1 sshd[7923]: Connection closed by invalid user pi 136.37.6.214 port 19379 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:14:46 honeypot-ams-1 kernel: [83854271.218698] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x60 TTL=55 ID=30764 DF PROTO=TCP SPT=31788 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:14:46.585Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:15:44 honeypot-fra-1 sshd[2639]: Invalid user jonitiso from 157.245.122.58 port 35418","@timestamp":"2022-09-12T10:15:45.089Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:17:01 honeypot-ams-1 CRON[12405]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T10:17:01.646Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:17:01 honeypot-fra-1 CRON[2643]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T10:17:02.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2658]: Invalid user mysql from 81.69.194.231 port 57570","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2647]: Connection closed by invalid user chia 81.69.194.231 port 57528 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2664]: Connection closed by authenticating user root 81.69.194.231 port 57591 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2654]: Invalid user steam from 81.69.194.231 port 57552","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2650]: Connection closed by invalid user bot 81.69.194.231 port 57548 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2661]: Connection closed by invalid user postgres 81.69.194.231 port 57530 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2651]: Connection closed by invalid user test 81.69.194.231 port 57599 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:35 honeypot-fra-1 sshd[2671]: Connection closed by invalid user admin 81.69.194.231 port 57554 [preauth]","@timestamp":"2022-09-12T10:18:36.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2715]: Invalid user testuser from 217.115.58.242 port 57200","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2710]: Connection closed by invalid user jenkins 217.115.58.242 port 57192 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2714]: Connection closed by authenticating user root 217.115.58.242 port 57201 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2706]: Invalid user docker from 217.115.58.242 port 57140","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2742]: Invalid user mysql from 217.115.58.242 port 57182","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2739]: Invalid user admin from 217.115.58.242 port 57160","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2738]: Connection closed by authenticating user root 217.115.58.242 port 57167 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2712]: Connection closed by invalid user git 217.115.58.242 port 57190 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2758]: Invalid user testuser from 217.115.58.242 port 57210","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2756]: Connection closed by invalid user steam 217.115.58.242 port 57212 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:20:44.005Z","@version":"1","message":"Sep 12 10:20:43 honeypot-sgp-1 sshd[7932]: Invalid user user from 45.61.186.49 port 48638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:20:53.010Z","@version":"1","message":"Sep 12 10:20:52 honeypot-sgp-1 sshd[7936]: Invalid user user from 45.61.186.49 port 60452","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:23:53.086Z","@version":"1","message":"Sep 12 10:23:52 honeypot-sgp-1 sshd[7940]: Received disconnect from 146.19.133.233 port 43314:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:29:23 honeypot-fra-1 sshd[2767]: Received disconnect from 92.255.85.70 port 43812:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:29:24.407Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:29:57.234Z","@version":"1","message":"Sep 12 10:29:56 honeypot-sgp-1 sshd[7945]: Disconnected from authenticating user root 158.69.111.17 port 33944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:30:01 honeypot-ams-1 sshd[12412]: Disconnected from authenticating user root 61.177.172.114 port 37853 [preauth]","@timestamp":"2022-09-12T10:30:01.980Z"}
{"@timestamp":"2022-09-12T10:38:27.444Z","@version":"1","message":"Sep 12 10:38:26 honeypot-sgp-1 sshd[7950]: Received disconnect from 103.242.166.5 port 41030:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:41:50 honeypot-fra-1 sshd[2772]: Connection closed by invalid user admin 141.98.10.158 port 52668 [preauth]","@timestamp":"2022-09-12T10:41:50.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:41:59 honeypot-ams-1 sshd[12421]: Invalid user User from 179.60.147.69 port 2798","@timestamp":"2022-09-12T10:42:00.289Z"}
{"@timestamp":"2022-09-12T10:44:34.598Z","@version":"1","message":"Sep 12 10:44:34 honeypot-sgp-1 sshd[7955]: Received disconnect from 186.234.249.196 port 30863:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:44:46.604Z","@version":"1","message":"Sep 12 10:44:46 honeypot-sgp-1 sshd[7957]: Received disconnect from 20.224.226.157 port 47250:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:45:55 honeypot-ams-1 sshd[12429]: Disconnected from authenticating user root 61.177.172.124 port 29325 [preauth]","@timestamp":"2022-09-12T10:45:56.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:49:17 honeypot-ams-1 sshd[12439]: Disconnected from authenticating user root 157.245.122.58 port 51954 [preauth]","@timestamp":"2022-09-12T10:49:18.479Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:51:07 honeypot-ams-1 sshd[12443]: Disconnected from invalid user tenancy 157.245.122.58 port 50784 [preauth]","@timestamp":"2022-09-12T10:51:08.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:52:58 honeypot-ams-1 sshd[12447]: Received disconnect from 157.245.122.58 port 49618:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:52:58.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:53:51 honeypot-ams-1 sshd[12453]: Received disconnect from 157.245.122.58 port 34920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:53:52.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:54:27 honeypot-fra-1 kernel: [83854494.173602] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.17.105.85 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=39817 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:54:27.975Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:55:26 honeypot-ams-1 sshd[12457]: Disconnected from authenticating user root 61.177.172.90 port 42226 [preauth]","@timestamp":"2022-09-12T10:55:26.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:57:27 honeypot-ams-1 sshd[12463]: Disconnected from authenticating user root 51.250.68.47 port 46934 [preauth]","@timestamp":"2022-09-12T10:57:28.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:02:37 honeypot-ams-1 sshd[12471]: Disconnected from authenticating user root 61.177.173.51 port 33216 [preauth]","@timestamp":"2022-09-12T11:02:37.839Z"}
{"@timestamp":"2022-09-12T11:06:03.137Z","@version":"1","message":"Sep 12 11:06:02 honeypot-sgp-1 kernel: [83856874.578085] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=61016 DF PROTO=TCP SPT=50149 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:08:04 honeypot-fra-1 sshd[2783]: Received disconnect from 192.241.157.126 port 43442:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:08:05.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:12:03 honeypot-fra-1 sshd[2787]: Disconnected from authenticating user root 154.72.194.207 port 44278 [preauth]","@timestamp":"2022-09-12T11:12:03.374Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:12:52 honeypot-ams-1 sshd[12480]: Received disconnect from 61.177.172.124 port 50180:11:  [preauth]","@timestamp":"2022-09-12T11:12:52.103Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:14:59 honeypot-fra-1 sshd[2792]: Disconnected from invalid user eran 161.35.112.95 port 42086 [preauth]","@timestamp":"2022-09-12T11:14:59.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:09 honeypot-ams-1 sshd[12485]: Disconnected from invalid user user 45.61.186.169 port 56692 [preauth]","@timestamp":"2022-09-12T11:15:10.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:27 honeypot-ams-1 sshd[12489]: Disconnected from invalid user user 45.61.186.169 port 52170 [preauth]","@timestamp":"2022-09-12T11:15:28.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:44 honeypot-ams-1 sshd[12493]: Disconnected from invalid user user 45.61.186.169 port 47638 [preauth]","@timestamp":"2022-09-12T11:15:45.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:16:00 honeypot-ams-1 sshd[12497]: Disconnected from invalid user user 45.61.186.169 port 43110 [preauth]","@timestamp":"2022-09-12T11:16:01.191Z"}
{"@timestamp":"2022-09-12T11:16:33.395Z","@version":"1","message":"Sep 12 11:16:32 honeypot-sgp-1 sshd[7968]: Connection closed by invalid user User 179.60.147.69 port 19122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:16:38 honeypot-fra-1 sshd[2798]: Disconnected from authenticating user root 92.255.85.70 port 23782 [preauth]","@timestamp":"2022-09-12T11:16:38.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:05 honeypot-ams-1 sshd[12507]: Received disconnect from 92.255.85.69 port 63830:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:19:06.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:19:19 honeypot-fra-1 sshd[2805]: Connection closed by invalid user admin 148.153.82.141 port 45826 [preauth]","@timestamp":"2022-09-12T11:19:19.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:40 honeypot-ams-1 sshd[12513]: Invalid user User from 179.60.147.69 port 5772","@timestamp":"2022-09-12T11:19:40.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:23:51 honeypot-fra-1 sshd[2812]: Did not receive identification string from 54.91.86.145 port 41390","@timestamp":"2022-09-12T11:23:51.649Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:26:05 honeypot-ams-1 sshd[12588]: Disconnected from authenticating user root 61.177.173.36 port 43123 [preauth]","@timestamp":"2022-09-12T11:26:06.456Z"}
{"@timestamp":"2022-09-12T11:28:34.686Z","@version":"1","message":"Sep 12 11:28:33 honeypot-sgp-1 kernel: [83858225.392424] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.140.251.37 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=2563 PROTO=TCP SPT=57808 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T11:30:33.735Z","@version":"1","message":"Sep 12 11:30:33 honeypot-sgp-1 sshd[7981]: Invalid user admin from 178.128.125.205 port 59466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:31:18 honeypot-ams-1 sshd[12593]: Disconnected from authenticating user root 61.177.172.19 port 37771 [preauth]","@timestamp":"2022-09-12T11:31:19.593Z"}
{"@timestamp":"2022-09-12T11:32:02.770Z","@version":"1","message":"Sep 12 11:32:02 honeypot-sgp-1 kernel: [83858433.712118] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=16175 PROTO=TCP SPT=21433 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:33:00 honeypot-fra-1 sshd[2816]: Received disconnect from 185.17.229.65 port 34102:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:33:01.860Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:35:32 honeypot-ams-1 sshd[12600]: Received disconnect from 143.244.158.100 port 42100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:35:33.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:37:25 honeypot-ams-1 sshd[12606]: Invalid user user from 103.188.176.251 port 41956","@timestamp":"2022-09-12T11:37:25.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:38:11 honeypot-fra-1 sshd[2822]: Invalid user finexa from 94.75.123.43 port 58938","@timestamp":"2022-09-12T11:38:11.980Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:38:55 honeypot-ams-1 sshd[12610]: Disconnected from invalid user admin 193.194.91.166 port 16299 [preauth]","@timestamp":"2022-09-12T11:38:56.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:39:33 honeypot-fra-1 sshd[2827]: Received disconnect from 92.255.85.69 port 19692:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:39:34.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:39:53 honeypot-ams-1 sshd[12616]: Received disconnect from 143.244.158.100 port 51556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:39:53.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:41:25 honeypot-ams-1 sshd[12623]: Disconnected from invalid user heaven 182.253.28.123 port 58674 [preauth]","@timestamp":"2022-09-12T11:41:25.885Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:41:46 honeypot-fra-1 sshd[2831]: Connection closed by invalid user user 103.188.176.251 port 48390 [preauth]","@timestamp":"2022-09-12T11:41:47.069Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:42:37 honeypot-ams-1 sshd[12629]: Disconnected from authenticating user root 92.255.85.69 port 46072 [preauth]","@timestamp":"2022-09-12T11:42:37.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:44:54 honeypot-ams-1 sshd[12637]: Disconnected from authenticating user root 143.244.158.100 port 54380 [preauth]","@timestamp":"2022-09-12T11:44:54.979Z"}
{"@timestamp":"2022-09-12T11:45:19.089Z","@version":"1","message":"Sep 12 11:45:18 honeypot-sgp-1 sshd[7995]: Invalid user  from 152.32.157.116 port 39772","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:46:44 honeypot-ams-1 sshd[12644]: Disconnected from authenticating user root 143.244.158.100 port 34558 [preauth]","@timestamp":"2022-09-12T11:46:45.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:48:29 honeypot-ams-1 sshd[12648]: Disconnected from authenticating user root 143.244.158.100 port 39534 [preauth]","@timestamp":"2022-09-12T11:48:30.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:50:17 honeypot-ams-1 sshd[12654]: Disconnected from authenticating user root 143.244.158.100 port 57188 [preauth]","@timestamp":"2022-09-12T11:50:18.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:52:54 honeypot-ams-1 sshd[12661]: Received disconnect from 143.244.158.100 port 36220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:52:55.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:54:39 honeypot-ams-1 sshd[12669]: Received disconnect from 143.244.158.100 port 41978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:54:40.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:55:54 honeypot-fra-1 sshd[2837]: Invalid user ys from 178.62.90.145 port 55236","@timestamp":"2022-09-12T11:55:55.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:56:19 honeypot-ams-1 sshd[12678]: Received disconnect from 143.244.158.100 port 48620:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:56:19.292Z"}
{"@timestamp":"2022-09-12T11:56:35.364Z","@version":"1","message":"Sep 12 11:56:34 honeypot-sgp-1 kernel: [83859906.222547] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.141 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=13117 PROTO=TCP SPT=37673 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:58:56 honeypot-ams-1 sshd[12688]: Received disconnect from 143.244.158.100 port 36412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:58:57.360Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:59:23 honeypot-fra-1 sshd[2841]: Received disconnect from 179.107.34.178 port 56220:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:59:23.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:01:04 honeypot-ams-1 kernel: [83860649.476758] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58261 PROTO=TCP SPT=43658 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:01:05.418Z"}
{"@timestamp":"2022-09-12T12:02:11.503Z","@version":"1","message":"Sep 12 12:02:11 honeypot-sgp-1 kernel: [83860242.852112] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=9841 DF PROTO=TCP SPT=45558 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:02:14 honeypot-ams-1 sshd[12697]: Disconnected from authenticating user root 143.244.158.100 port 59372 [preauth]","@timestamp":"2022-09-12T12:02:14.452Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:02:39 honeypot-fra-1 sshd[2846]: Connection closed by invalid user User 179.60.147.69 port 22068 [preauth]","@timestamp":"2022-09-12T12:02:39.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:04:34 honeypot-fra-1 kernel: [83858701.593232] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=12231 DF PROTO=TCP SPT=58096 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:04:34.616Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T12:04:36.566Z","@version":"1","message":"Sep 12 12:04:35 honeypot-sgp-1 kernel: [83860387.283012] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.177 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17737 PROTO=TCP SPT=14144 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:04:44 honeypot-ams-1 sshd[12703]: Received disconnect from 143.244.158.100 port 56686:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:04:44.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:06:38 honeypot-ams-1 sshd[12712]: Received disconnect from 143.244.158.100 port 42814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:06:39.573Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:08:07 honeypot-ams-1 kernel: [83861071.864239] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=42370 DF PROTO=TCP SPT=46796 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:08:07.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:08:20 honeypot-ams-1 sshd[12718]: Disconnected from authenticating user root 143.244.158.100 port 42006 [preauth]","@timestamp":"2022-09-12T12:08:21.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:10:08 honeypot-ams-1 sshd[12724]: Disconnected from authenticating user root 143.244.158.100 port 52648 [preauth]","@timestamp":"2022-09-12T12:10:09.674Z"}
{"@timestamp":"2022-09-12T12:11:23.735Z","@version":"1","message":"Sep 12 12:11:22 honeypot-sgp-1 kernel: [83860794.288745] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.145.135.221 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=11143 PROTO=TCP SPT=49712 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:12:51 honeypot-ams-1 sshd[12731]: Received disconnect from 143.244.158.100 port 38284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:12:51.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:15:22 honeypot-ams-1 sshd[12738]: Received disconnect from 143.244.158.100 port 44566:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:15:23.815Z"}
{"@timestamp":"2022-09-12T12:16:03.851Z","@version":"1","message":"Sep 12 12:16:03 honeypot-sgp-1 sshd[8013]: Invalid user monitor from 45.119.85.97 port 54308","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:16:10 honeypot-ams-1 sshd[12743]: Disconnected from authenticating user root 143.244.158.100 port 45584 [preauth]","@timestamp":"2022-09-12T12:16:10.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:17:01 honeypot-fra-1 CRON[2851]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T12:17:01.902Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:17:01.876Z","@version":"1","message":"Sep 12 12:17:01 honeypot-sgp-1 CRON[8017]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:17:08 honeypot-ams-1 sshd[12751]: Disconnected from authenticating user root 61.177.173.51 port 24190 [preauth]","@timestamp":"2022-09-12T12:17:08.867Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:50 honeypot-fra-1 sshd[2858]: Received disconnect from 45.61.186.49 port 46516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:18:50.946Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:59 honeypot-fra-1 sshd[2862]: Received disconnect from 45.61.186.49 port 58224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:18:59.949Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:19:32 honeypot-ams-1 sshd[12757]: Disconnected from authenticating user root 143.244.158.100 port 59860 [preauth]","@timestamp":"2022-09-12T12:19:32.930Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:25:02 honeypot-fra-1 sshd[2865]: Received disconnect from 103.47.184.2 port 35482:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:25:03.089Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:25:12 honeypot-ams-1 kernel: [83862097.548345] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.213.149.103 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=106 ID=5378 DF PROTO=TCP SPT=53322 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:25:13.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:26:27 honeypot-fra-1 sshd[2869]: Disconnected from authenticating user root 92.255.85.69 port 61828 [preauth]","@timestamp":"2022-09-12T12:26:28.122Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:28:58 honeypot-ams-1 sshd[12770]: Invalid user support from 185.216.128.124 port 45598","@timestamp":"2022-09-12T12:28:59.187Z"}
{"@timestamp":"2022-09-12T12:29:37.180Z","@version":"1","message":"Sep 12 12:29:36 honeypot-sgp-1 sshd[8027]: Connection closed by invalid user support 77.221.4.98 port 59920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:33:52 honeypot-ams-1 sshd[12775]: Received disconnect from 61.177.173.37 port 26587:11:  [preauth]","@timestamp":"2022-09-12T12:33:53.315Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:36:30 honeypot-fra-1 kernel: [83860617.106338] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47202 PROTO=TCP SPT=58002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:36:30.355Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:41:51 honeypot-ams-1 sshd[12786]: Invalid user user from 45.61.184.204 port 43372","@timestamp":"2022-09-12T12:41:51.519Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:12 honeypot-ams-1 sshd[12790]: Invalid user user from 45.61.184.204 port 39754","@timestamp":"2022-09-12T12:42:12.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:30 honeypot-ams-1 sshd[12794]: Invalid user user from 45.61.184.204 port 36130","@timestamp":"2022-09-12T12:42:31.540Z"}
{"@timestamp":"2022-09-12T12:44:25.542Z","@version":"1","message":"Sep 12 12:44:25 honeypot-sgp-1 kernel: [83862776.735726] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.211.175.168 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=18672 PROTO=TCP SPT=17880 DPT=80 WINDOW=11709 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:46:23 honeypot-ams-1 sshd[12801]: Received disconnect from 61.177.173.36 port 63543:11:  [preauth]","@timestamp":"2022-09-12T12:46:24.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:37 honeypot-fra-1 sshd[2889]: Did not receive identification string from 52.66.15.94 port 51334","@timestamp":"2022-09-12T12:47:38.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2894]: Invalid user admin from 52.66.15.94 port 52470","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2896]: Connection closed by invalid user cloud 52.66.15.94 port 52474 [preauth]","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:48:20.641Z","@version":"1","message":"Sep 12 12:48:20 honeypot-sgp-1 kernel: [83863012.012774] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=43826 DF PROTO=TCP SPT=54049 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:49:38 honeypot-ams-1 kernel: [83863562.979824] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40559 PROTO=TCP SPT=46444 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:49:38.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:52:14 honeypot-ams-1 sshd[12808]: Received disconnect from 92.255.85.69 port 58262:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:52:14.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:53:42 honeypot-fra-1 sshd[2909]: Received disconnect from 200.105.183.118 port 37666:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:53:42.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:54:23 honeypot-ams-1 sshd[12812]: Disconnected from authenticating user root 61.177.173.53 port 22827 [preauth]","@timestamp":"2022-09-12T12:54:23.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:57:11 honeypot-fra-1 sshd[2913]: Received disconnect from 137.184.219.69 port 42642:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:57:11.841Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:00:49 honeypot-ams-1 sshd[12821]: Connection closed by invalid user User 179.60.147.69 port 2548 [preauth]","@timestamp":"2022-09-12T13:00:50.029Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:00:54 honeypot-fra-1 sshd[2918]: Received disconnect from 165.22.45.108 port 38818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:00:55.929Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:04:18 honeypot-ams-1 sshd[12830]: Disconnected from authenticating user root 61.177.173.51 port 13961 [preauth]","@timestamp":"2022-09-12T13:04:19.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:37 honeypot-fra-1 sshd[2924]: Invalid user user from 45.61.186.169 port 53004","@timestamp":"2022-09-12T13:05:38.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:49 honeypot-fra-1 sshd[2928]: Received disconnect from 128.199.138.145 port 48516:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:05:50.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:04 honeypot-fra-1 sshd[2932]: Received disconnect from 45.61.186.169 port 59768:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:06:05.051Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:21 honeypot-fra-1 sshd[2936]: Received disconnect from 45.61.186.169 port 54814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:06:22.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:25 honeypot-fra-1 sshd[2941]: Did not receive identification string from 45.61.184.204 port 53104","@timestamp":"2022-09-12T13:09:26.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:56 honeypot-fra-1 sshd[2946]: Invalid user user from 45.61.184.204 port 58712","@timestamp":"2022-09-12T13:09:57.147Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:10:06.200Z","@version":"1","message":"Sep 12 13:10:06 honeypot-sgp-1 sshd[8042]: Received disconnect from 93.67.138.66 port 56454:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:14 honeypot-fra-1 sshd[2951]: Invalid user user from 45.61.184.204 port 54126","@timestamp":"2022-09-12T13:10:15.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:32 honeypot-fra-1 sshd[2955]: Invalid user user from 45.61.184.204 port 49530","@timestamp":"2022-09-12T13:10:33.165Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:11:00.225Z","@version":"1","message":"Sep 12 13:10:59 honeypot-sgp-1 sshd[8046]: Received disconnect from 92.255.85.70 port 46776:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:11:43 honeypot-fra-1 kernel: [83862730.469329] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.197.252 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39980 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:11:44.192Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:14:06 honeypot-ams-1 sshd[12837]: Connection closed by invalid user guest 193.106.191.157 port 45860 [preauth]","@timestamp":"2022-09-12T13:14:06.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:16:26 honeypot-fra-1 sshd[2962]: Disconnected from invalid user applmgr 51.38.49.17 port 37012 [preauth]","@timestamp":"2022-09-12T13:16:27.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:17:53.395Z","@version":"1","message":"Sep 12 13:17:53 honeypot-sgp-1 sshd[8054]: Received disconnect from 45.61.184.204 port 48362:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:13.406Z","@version":"1","message":"Sep 12 13:18:12 honeypot-sgp-1 sshd[8058]: Invalid user user from 45.61.184.204 port 43240","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:18:19 honeypot-fra-1 sshd[2967]: Disconnected from invalid user csgoserver 46.101.187.234 port 53688 [preauth]","@timestamp":"2022-09-12T13:18:19.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:18:26.412Z","@version":"1","message":"Sep 12 13:18:25 honeypot-sgp-1 kernel: [83864817.223753] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.139.192.83 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=32577 PROTO=TCP SPT=47155 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:41.420Z","@version":"1","message":"Sep 12 13:18:40 honeypot-sgp-1 sshd[8064]: Invalid user user from 45.61.184.204 port 49660","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:20:09 honeypot-fra-1 sshd[2973]: Disconnected from invalid user banet 59.52.27.235 port 54768 [preauth]","@timestamp":"2022-09-12T13:20:09.392Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:22:47 honeypot-ams-1 sshd[12849]: Received disconnect from 61.177.173.47 port 61568:11:  [preauth]","@timestamp":"2022-09-12T13:22:48.599Z"}
{"@timestamp":"2022-09-12T13:25:41.587Z","@version":"1","message":"Sep 12 13:25:41 honeypot-sgp-1 sshd[8069]: Received disconnect from 103.55.38.26 port 52770:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:27:31.634Z","@version":"1","message":"Sep 12 13:27:31 honeypot-sgp-1 sshd[8073]: Disconnected from authenticating user root 157.245.122.58 port 43166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:27:55 honeypot-fra-1 sshd[2976]: Disconnected from invalid user lam 128.199.177.90 port 56012 [preauth]","@timestamp":"2022-09-12T13:27:56.570Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:30:17.702Z","@version":"1","message":"Sep 12 13:30:16 honeypot-sgp-1 sshd[8079]: Invalid user tenancy from 157.245.122.58 port 55538","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:31:12.728Z","@version":"1","message":"Sep 12 13:31:11 honeypot-sgp-1 sshd[8082]: Invalid user data.user from 157.245.122.58 port 40848","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:15 honeypot-fra-1 sshd[2981]: Received disconnect from 45.61.184.204 port 44390:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:31:15.645Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:34 honeypot-fra-1 sshd[2985]: Received disconnect from 45.61.184.204 port 39654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:31:35.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:52 honeypot-fra-1 sshd[2989]: Received disconnect from 45.61.184.204 port 34920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:31:53.664Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:32:04.755Z","@version":"1","message":"Sep 12 13:32:03 honeypot-sgp-1 sshd[8086]: Received disconnect from 157.245.122.58 port 54374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:32:09 honeypot-fra-1 sshd[2993]: Received disconnect from 45.61.184.204 port 58430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:32:09.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:33:30.792Z","@version":"1","message":"Sep 12 13:33:30 honeypot-sgp-1 sshd[8090]: Received disconnect from 138.197.19.166 port 54330:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:34:14 honeypot-ams-1 sshd[12859]: Invalid user User from 179.60.147.69 port 27036","@timestamp":"2022-09-12T13:34:14.889Z"}
{"@timestamp":"2022-09-12T13:35:07.833Z","@version":"1","message":"Sep 12 13:35:07 honeypot-sgp-1 sshd[8094]: Disconnected from authenticating user root 92.255.85.70 port 40416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:35:53 honeypot-fra-1 sshd[2998]: Received disconnect from 165.22.45.108 port 43814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:35:53.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:37:11 honeypot-ams-1 sshd[12866]: Received disconnect from 165.227.204.174 port 50884:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:37:11.968Z"}
{"@timestamp":"2022-09-12T13:37:41.901Z","@version":"1","message":"Sep 12 13:37:41 honeypot-sgp-1 sshd[8100]: Received disconnect from 45.61.186.249 port 40974:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:37:59.910Z","@version":"1","message":"Sep 12 13:37:59 honeypot-sgp-1 sshd[8104]: Received disconnect from 45.61.186.249 port 36010:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:04 honeypot-fra-1 sshd[3003]: Received disconnect from 141.255.162.226 port 44808:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:38:05.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:06 honeypot-fra-1 sshd[3007]: Received disconnect from 141.255.162.226 port 37366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:38:06.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:10 honeypot-fra-1 sshd[3011]: Received disconnect from 141.255.162.226 port 51226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:38:10.813Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:17.920Z","@version":"1","message":"Sep 12 13:38:17 honeypot-sgp-1 sshd[8108]: Received disconnect from 45.61.186.249 port 59304:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:38:33.928Z","@version":"1","message":"Sep 12 13:38:33 honeypot-sgp-1 sshd[8112]: Received disconnect from 45.61.186.249 port 54358:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:39:24 honeypot-ams-1 sshd[12872]: Disconnected from invalid user javadog 190.1.203.180 port 56576 [preauth]","@timestamp":"2022-09-12T13:39:25.029Z"}
{"@timestamp":"2022-09-12T13:40:16.974Z","@version":"1","message":"Sep 12 13:40:16 honeypot-sgp-1 sshd[8116]: Received disconnect from 206.189.197.134 port 38490:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:40:42 honeypot-ams-1 sshd[12876]: Disconnected from authenticating user root 61.177.173.51 port 36721 [preauth]","@timestamp":"2022-09-12T13:40:43.069Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:42:55 honeypot-fra-1 kernel: [83864602.556011] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=33025 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:42:55.931Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:45:48 honeypot-ams-1 sshd[12883]: Did not receive identification string from 141.255.162.226 port 44992","@timestamp":"2022-09-12T13:45:48.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:15 honeypot-ams-1 sshd[12888]: Disconnected from invalid user user 141.255.162.226 port 37622 [preauth]","@timestamp":"2022-09-12T13:46:16.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:18 honeypot-ams-1 sshd[12892]: Disconnected from invalid user user 141.255.162.226 port 51864 [preauth]","@timestamp":"2022-09-12T13:46:19.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:47:18 honeypot-fra-1 kernel: [83864865.651127] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2185 PROTO=TCP SPT=48973 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:47:19.032Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:50:20 honeypot-ams-1 sshd[12898]: Received disconnect from 61.177.173.46 port 28239:11:  [preauth]","@timestamp":"2022-09-12T13:50:20.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:51:13 honeypot-fra-1 sshd[3025]: Disconnected from 206.81.15.128 port 34690 [preauth]","@timestamp":"2022-09-12T13:51:14.122Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:55:25 honeypot-ams-1 sshd[12901]: Disconnected from authenticating user root 61.177.173.37 port 47546 [preauth]","@timestamp":"2022-09-12T13:55:25.464Z"}
{"@timestamp":"2022-09-12T13:57:10.389Z","@version":"1","message":"Sep 12 13:57:10 honeypot-sgp-1 kernel: [83867141.569720] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=28638 DF PROTO=TCP SPT=56633 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:57:52 honeypot-fra-1 kernel: [83865498.895780] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42129 PROTO=TCP SPT=50422 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:57:52.272Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:00:16 honeypot-ams-1 sshd[12908]: Disconnected from authenticating user root 61.177.173.51 port 52418 [preauth]","@timestamp":"2022-09-12T14:00:17.594Z"}
{"@timestamp":"2022-09-12T14:03:15.541Z","@version":"1","message":"Sep 12 14:03:15 honeypot-sgp-1 sshd[8125]: Received disconnect from 85.113.58.161 port 42862:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:07:05.640Z","@version":"1","message":"Sep 12 14:07:04 honeypot-sgp-1 sshd[8129]: Disconnected from invalid user ronjones 8.213.129.130 port 46472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:08:47 honeypot-ams-1 sshd[12915]: Disconnected from authenticating user root 61.177.173.36 port 30280 [preauth]","@timestamp":"2022-09-12T14:08:47.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:09:25 honeypot-fra-1 kernel: [83866191.869106] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.184 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=32777 PROTO=TCP SPT=51729 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:09:25.532Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:09:42 honeypot-ams-1 sshd[12920]: Connection closed by authenticating user root 103.188.176.251 port 43492 [preauth]","@timestamp":"2022-09-12T14:09:42.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:12:39 honeypot-fra-1 sshd[3041]: Invalid user admin from 193.106.191.157 port 37930","@timestamp":"2022-09-12T14:12:39.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:17:46 honeypot-fra-1 sshd[3050]: Connection closed by invalid user User 179.60.147.69 port 2654 [preauth]","@timestamp":"2022-09-12T14:17:47.743Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:19:21.943Z","@version":"1","message":"Sep 12 14:19:21 honeypot-sgp-1 kernel: [83868473.351374] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.197.198 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55894 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:19:27 honeypot-ams-1 kernel: [83868952.231623] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.203.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60167 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:19:28.091Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:27:24 honeypot-ams-1 sshd[12939]: Received disconnect from 92.255.85.69 port 39848:11: Bye Bye [preauth]","@timestamp":"2022-09-12T14:27:25.320Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:31:25 honeypot-ams-1 kernel: [83869669.674829] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=2385 DF PROTO=TCP SPT=60309 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:31:25.430Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:35:54 honeypot-fra-1 sshd[3056]: Invalid user admin from 193.106.191.157 port 38100","@timestamp":"2022-09-12T14:35:54.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:37:22.399Z","@version":"1","message":"Sep 12 14:37:22 honeypot-sgp-1 sshd[8142]: Connection closed by invalid user devops 103.188.176.251 port 33532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:37:21 honeypot-ams-1 kernel: [83870026.300975] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.196.114.129 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=49619 PROTO=TCP SPT=27217 DPT=443 WINDOW=41600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:37:22.588Z"}
{"@timestamp":"2022-09-12T14:42:56.549Z","@version":"1","message":"Sep 12 14:42:56 honeypot-sgp-1 sshd[8150]: Invalid user user from 45.61.187.160 port 56070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:04 honeypot-fra-1 sshd[3062]: Invalid user user from 45.61.187.160 port 39708","@timestamp":"2022-09-12T14:43:05.306Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:18.560Z","@version":"1","message":"Sep 12 14:43:18 honeypot-sgp-1 sshd[8154]: Invalid user user from 45.61.187.160 port 51116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:27 honeypot-fra-1 sshd[3066]: Invalid user user from 45.61.187.160 port 34752","@timestamp":"2022-09-12T14:43:27.317Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:40.570Z","@version":"1","message":"Sep 12 14:43:39 honeypot-sgp-1 sshd[8159]: Invalid user user from 45.61.187.160 port 46156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:48 honeypot-fra-1 sshd[3070]: Invalid user user from 45.61.187.160 port 58050","@timestamp":"2022-09-12T14:43:48.327Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:44:00.581Z","@version":"1","message":"Sep 12 14:44:00 honeypot-sgp-1 sshd[8164]: Invalid user user from 45.61.187.160 port 41200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:44:10 honeypot-fra-1 sshd[3074]: Invalid user user from 45.61.187.160 port 53068","@timestamp":"2022-09-12T14:44:10.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:44:54 honeypot-ams-1 sshd[12958]: Connection closed by invalid user User 179.60.147.69 port 22202 [preauth]","@timestamp":"2022-09-12T14:44:54.806Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:47:24 honeypot-fra-1 sshd[3078]: Received disconnect from 92.255.85.70 port 63076:11: Bye Bye [preauth]","@timestamp":"2022-09-12T14:47:24.412Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:48:27.694Z","@version":"1","message":"Sep 12 14:48:27 honeypot-sgp-1 sshd[8168]: Invalid user guest from 60.251.216.27 port 56537","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:50:20.746Z","@version":"1","message":"Sep 12 14:50:20 honeypot-sgp-1 sshd[8175]: Invalid user ftpuser from 89.97.218.142 port 39006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:54:53 honeypot-ams-1 sshd[12966]: Received disconnect from 61.177.173.36 port 26515:11:  [preauth]","@timestamp":"2022-09-12T14:54:53.069Z"}
{"@timestamp":"2022-09-12T14:55:26.874Z","@version":"1","message":"Sep 12 14:55:25 honeypot-sgp-1 sshd[8178]: Disconnected from invalid user mcserver 206.189.46.251 port 56840 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:06.944Z","@version":"1","message":"Sep 12 14:58:05 honeypot-sgp-1 sshd[8183]: Received disconnect from 45.61.186.49 port 56198:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:16.949Z","@version":"1","message":"Sep 12 14:58:16 honeypot-sgp-1 sshd[8187]: Received disconnect from 45.61.186.49 port 39758:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:05:19 honeypot-fra-1 sshd[3084]: Invalid user admin from 59.26.145.206 port 46251","@timestamp":"2022-09-12T15:05:19.821Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:07:54 honeypot-ams-1 sshd[12976]: Disconnected from authenticating user root 61.177.173.50 port 52178 [preauth]","@timestamp":"2022-09-12T15:07:55.401Z"}
{"@timestamp":"2022-09-12T15:08:06.199Z","@version":"1","message":"Sep 12 15:08:05 honeypot-sgp-1 sshd[8190]: Received disconnect from 92.255.85.70 port 61982:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T15:08:56.242Z","@version":"1","message":"Sep 12 15:08:55 honeypot-sgp-1 sshd[8195]: Received disconnect from 183.88.15.191 port 53080:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:11:32 honeypot-fra-1 kernel: [83869919.299208] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.91.202 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=40812 PROTO=TCP SPT=39302 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:11:32.978Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T15:13:46.369Z","@version":"1","message":"Sep 12 15:13:45 honeypot-sgp-1 sshd[8199]: Invalid user bt from 62.202.41.155 port 50118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:17 honeypot-ams-1 sshd[12982]: Received disconnect from 61.177.173.37 port 42238:11:  [preauth]","@timestamp":"2022-09-12T15:15:17.589Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:49 honeypot-ams-1 sshd[12986]: Received disconnect from 45.61.187.160 port 54066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:15:50.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:59 honeypot-ams-1 sshd[12990]: Disconnected from invalid user user 45.61.187.160 port 37286 [preauth]","@timestamp":"2022-09-12T15:16:00.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:17 honeypot-ams-1 sshd[12994]: Disconnected from invalid user user 45.61.187.160 port 60186 [preauth]","@timestamp":"2022-09-12T15:16:17.621Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:34 honeypot-ams-1 sshd[12998]: Disconnected from invalid user user 45.61.187.160 port 54854 [preauth]","@timestamp":"2022-09-12T15:16:35.630Z"}
{"@timestamp":"2022-09-12T15:18:08.483Z","@version":"1","message":"Sep 12 15:18:07 honeypot-sgp-1 kernel: [83871999.116087] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=113.59.52.194 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=2080 PROTO=TCP SPT=63308 DPT=80 WINDOW=39724 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:21:45 honeypot-fra-1 sshd[3096]: Disconnected from invalid user killer 165.22.45.108 port 58510 [preauth]","@timestamp":"2022-09-12T15:21:46.204Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:22:04 honeypot-ams-1 sshd[13008]: Invalid user User from 179.60.147.69 port 17784","@timestamp":"2022-09-12T15:22:04.774Z"}
{"@timestamp":"2022-09-12T15:24:47.651Z","@version":"1","message":"Sep 12 15:24:46 honeypot-sgp-1 sshd[8210]: Received disconnect from 96.84.149.98 port 45268:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:20 honeypot-fra-1 sshd[3100]: Disconnected from invalid user user 198.98.61.9 port 54174 [preauth]","@timestamp":"2022-09-12T15:27:21.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:38 honeypot-fra-1 sshd[3104]: Disconnected from invalid user user 198.98.61.9 port 49334 [preauth]","@timestamp":"2022-09-12T15:27:39.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:55 honeypot-fra-1 sshd[3108]: Received disconnect from 198.98.61.9 port 44492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:27:56.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:28:15 honeypot-fra-1 sshd[3112]: Received disconnect from 198.98.61.9 port 39664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:28:16.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:31:58 honeypot-fra-1 sshd[3117]: Connection closed by invalid user User 179.60.147.69 port 31108 [preauth]","@timestamp":"2022-09-12T15:31:58.465Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:32:46 honeypot-ams-1 sshd[13016]: Disconnected from authenticating user root 61.177.173.52 port 62834 [preauth]","@timestamp":"2022-09-12T15:32:47.052Z"}
{"@timestamp":"2022-09-12T15:34:35.890Z","@version":"1","message":"Sep 12 15:34:35 honeypot-sgp-1 sshd[8652]: Disconnected from invalid user cvsroot 193.46.199.36 port 43688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:38 honeypot-fra-1 sshd[3124]: Received disconnect from 45.61.186.49 port 33904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:36:38.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:51 honeypot-fra-1 sshd[3128]: Received disconnect from 45.61.186.49 port 45308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:36:52.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:05 honeypot-ams-1 sshd[13024]: Invalid user user from 45.61.184.204 port 49262","@timestamp":"2022-09-12T15:37:06.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:25 honeypot-ams-1 sshd[13028]: Invalid user user from 45.61.184.204 port 44980","@timestamp":"2022-09-12T15:37:26.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:44 honeypot-ams-1 sshd[13032]: Invalid user user from 45.61.184.204 port 40700","@timestamp":"2022-09-12T15:37:45.194Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:54 honeypot-ams-1 sshd[13035]: Disconnected from invalid user user 45.61.184.204 port 52670 [preauth]","@timestamp":"2022-09-12T15:37:55.198Z"}
{"@timestamp":"2022-09-12T15:38:09.979Z","@version":"1","message":"Sep 12 15:38:09 honeypot-sgp-1 sshd[8656]: Disconnected from invalid user admin 23.94.194.115 port 57548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:40:41 honeypot-ams-1 sshd[13041]: Invalid user yueyiran from 137.116.144.39 port 40346","@timestamp":"2022-09-12T15:40:41.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:45:40 honeypot-fra-1 kernel: [83871966.903568] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=39044 PROTO=TCP SPT=50426 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:45:40.778Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:45:51 honeypot-ams-1 sshd[13047]: Received disconnect from 61.177.173.51 port 28890:11:  [preauth]","@timestamp":"2022-09-12T15:45:52.410Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:12 honeypot-ams-1 sshd[13053]: Received disconnect from 45.61.187.160 port 56028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:46:12.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:30 honeypot-ams-1 sshd[13057]: Received disconnect from 45.61.187.160 port 50594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:46:31.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:49 honeypot-ams-1 sshd[13061]: Received disconnect from 45.61.187.160 port 45160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:46:49.441Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:52:49 honeypot-ams-1 sshd[13068]: Disconnected from authenticating user root 61.177.173.36 port 51264 [preauth]","@timestamp":"2022-09-12T15:52:49.597Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:52:56 honeypot-fra-1 sshd[3138]: Connection closed by authenticating user mail 193.106.191.157 port 44004 [preauth]","@timestamp":"2022-09-12T15:52:56.944Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:56:21.417Z","@version":"1","message":"Sep 12 15:56:20 honeypot-sgp-1 kernel: [83874292.048195] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.175 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=50320 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:56:52 honeypot-fra-1 sshd[3142]: Disconnected from invalid user KILLER 165.22.45.108 port 35104 [preauth]","@timestamp":"2022-09-12T15:56:53.034Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:00:21 honeypot-ams-1 kernel: [83875006.159585] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=87.246.7.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=58873 PROTO=TCP SPT=58327 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:00:21.792Z"}
{"@timestamp":"2022-09-12T16:06:53.676Z","@version":"1","message":"Sep 12 16:06:52 honeypot-sgp-1 sshd[8670]: Invalid user autobacs from 138.68.178.64 port 41352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:07:36 honeypot-fra-1 kernel: [83873283.280651] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.153 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=51824 PROTO=TCP SPT=50200 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:07:37.273Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:02 honeypot-fra-1 sshd[3155]: Invalid user git from 122.128.79.246 port 56386","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3171]: Invalid user centos from 122.128.79.246 port 56384","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3167]: Invalid user esuser from 122.128.79.246 port 56366","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3175]: Invalid user es from 122.128.79.246 port 56346","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3158]: Connection closed by invalid user web 122.128.79.246 port 56364 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3172]: Connection closed by invalid user chia 122.128.79.246 port 56406 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3153]: Connection closed by invalid user ubuntu 122.128.79.246 port 56382 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3176]: Connection closed by invalid user web 122.128.79.246 port 56404 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3166]: Connection closed by invalid user centos 122.128.79.246 port 56338 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:49 honeypot-fra-1 sshd[3211]: Connection closed by invalid user User 179.60.147.69 port 6198 [preauth]","@timestamp":"2022-09-12T16:08:50.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:05 honeypot-fra-1 sshd[3216]: Received disconnect from 45.61.186.49 port 37074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T16:09:06.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:16 honeypot-fra-1 sshd[3220]: Received disconnect from 45.61.186.49 port 48748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T16:09:16.318Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:10:14 honeypot-ams-1 sshd[13078]: Disconnected from invalid user git 178.46.163.191 port 50816 [preauth]","@timestamp":"2022-09-12T16:10:15.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:15:28 honeypot-ams-1 sshd[13085]: Received disconnect from 200.94.86.84 port 50141:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:15:29.183Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:18:23 honeypot-fra-1 sshd[3226]: Received disconnect from 178.154.203.18 port 58342:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:18:23.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:19:06.999Z","@version":"1","message":"Sep 12 16:19:06 honeypot-sgp-1 sshd[8677]: Received disconnect from 92.255.85.69 port 44604:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:20:19.032Z","@version":"1","message":"Sep 12 16:20:18 honeypot-sgp-1 sshd[8681]: Disconnected from invalid user tanis 84.154.21.138 port 35708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:21:10 honeypot-fra-1 sshd[3229]: Received disconnect from 207.254.224.220 port 46114:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:21:11.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:22:26 honeypot-fra-1 sshd[3234]: Received disconnect from 92.255.85.70 port 34230:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:22:26.635Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3242]: Invalid user ubuntu from 1.13.177.251 port 47628","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3245]: Invalid user admin from 1.13.177.251 port 47662","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3261]: Invalid user hadoop from 1.13.177.251 port 47640","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3238]: Connection closed by invalid user admin 1.13.177.251 port 47634 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3242]: Connection closed by invalid user ubuntu 1.13.177.251 port 47628 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3250]: Connection closed by invalid user ftpuser 1.13.177.251 port 47624 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3245]: Connection closed by invalid user admin 1.13.177.251 port 47662 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3260]: Connection closed by invalid user ubuntu 1.13.177.251 port 47650 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:54 honeypot-fra-1 sshd[3293]: Connection closed by authenticating user root 1.13.177.251 port 47644 [preauth]","@timestamp":"2022-09-12T16:23:55.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:24:22 honeypot-ams-1 sshd[13094]: Received disconnect from 92.255.85.69 port 62350:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:24:23.411Z"}
{"@timestamp":"2022-09-12T16:26:48.189Z","@version":"1","message":"Sep 12 16:26:48 honeypot-sgp-1 sshd[8687]: Received disconnect from 45.87.2.91 port 44370:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:30:43.315Z","@version":"1","message":"Sep 12 16:30:42 honeypot-sgp-1 sshd[8691]: Disconnected from invalid user bremen 143.198.39.132 port 56740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:31:16 honeypot-ams-1 kernel: [83876861.301973] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=169.228.66.212 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=44974 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:31:17.589Z"}
{"@timestamp":"2022-09-12T16:33:37.388Z","@version":"1","message":"Sep 12 16:33:36 honeypot-sgp-1 sshd[8695]: Disconnected from authenticating user root 134.209.198.12 port 58410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:36:32.463Z","@version":"1","message":"Sep 12 16:36:31 honeypot-sgp-1 sshd[8701]: Connection closed by invalid user  64.62.197.92 port 29592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:37:40 honeypot-fra-1 kernel: [83875087.257262] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=51068 PROTO=TCP SPT=41820 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:37:40.972Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T16:37:43.494Z","@version":"1","message":"Sep 12 16:37:43 honeypot-sgp-1 sshd[8706]: Received disconnect from 195.19.105.13 port 40885:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:41:46 honeypot-ams-1 sshd[13101]: Invalid user devops from 103.188.176.251 port 54738","@timestamp":"2022-09-12T16:41:46.861Z"}
{"@timestamp":"2022-09-12T16:41:47.593Z","@version":"1","message":"Sep 12 16:41:47 honeypot-sgp-1 sshd[8712]: Received disconnect from 157.230.9.57 port 37774:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:44:53 honeypot-fra-1 kernel: [83875519.747775] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.230.219.196 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=13995 DF PROTO=TCP SPT=44347 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:44:54.132Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:47:18 honeypot-fra-1 sshd[3755]: Connection closed by invalid user ftp 193.106.191.157 port 49894 [preauth]","@timestamp":"2022-09-12T16:47:19.216Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:48:38 honeypot-ams-1 sshd[13106]: Received disconnect from 68.183.177.69 port 37436:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:48:39.036Z"}
{"@timestamp":"2022-09-12T16:49:02.785Z","@version":"1","message":"Sep 12 16:49:02 honeypot-sgp-1 sshd[8717]: Received disconnect from 210.114.1.46 port 43900:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:49:28 honeypot-ams-1 sshd[13108]: Received disconnect from 107.173.159.85 port 40712:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:49:29.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:50:37 honeypot-fra-1 sshd[3763]: Disconnected from authenticating user root 51.15.83.17 port 18051 [preauth]","@timestamp":"2022-09-12T16:50:38.292Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:17 honeypot-ams-1 sshd[13113]: Invalid user x from 96.78.175.36 port 39536","@timestamp":"2022-09-12T16:51:18.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:50 honeypot-ams-1 sshd[13119]: Disconnected from authenticating user root 60.210.40.210 port 2420 [preauth]","@timestamp":"2022-09-12T16:51:51.132Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:53:13 honeypot-fra-1 sshd[3767]: Received disconnect from 190.129.60.186 port 53784:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:53:13.353Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:54:01 honeypot-fra-1 sshd[3772]: Disconnected from invalid user oracle 172.104.51.35 port 49636 [preauth]","@timestamp":"2022-09-12T16:54:01.373Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:54:16 honeypot-ams-1 sshd[13124]: Disconnected from authenticating user root 80.107.88.203 port 58358 [preauth]","@timestamp":"2022-09-12T16:54:17.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:55:53 honeypot-ams-1 sshd[13130]: Received disconnect from 20.39.241.10 port 45764:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:55:54.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:57:47 honeypot-ams-1 sshd[13134]: Invalid user oracle from 220.117.14.191 port 64420","@timestamp":"2022-09-12T16:57:48.294Z"}
{"@timestamp":"2022-09-12T17:01:38.088Z","@version":"1","message":"Sep 12 17:01:37 honeypot-sgp-1 sshd[8720]: Disconnected from invalid user hcat 167.71.235.223 port 57772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:02:21 honeypot-ams-1 sshd[13139]: Received disconnect from 68.183.52.2 port 34264:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:02:22.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:07:03 honeypot-ams-1 sshd[13146]: Invalid user guest from 131.161.184.19 port 52808","@timestamp":"2022-09-12T17:07:04.536Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:07:24 honeypot-fra-1 sshd[3779]: Disconnected from invalid user kim 165.22.45.108 port 44740 [preauth]","@timestamp":"2022-09-12T17:07:25.671Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:21:24.024Z","@version":"1","message":"Sep 17 04:21:23 honeypot-sgp-1 sshd[27003]: Disconnected from invalid user taev 221.148.45.168 port 43496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:26:08 honeypot-fra-1 sshd[23609]: Invalid user licongcong from 165.22.45.108 port 41130","@timestamp":"2022-09-17T04:26:09.653Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:26:49 honeypot-ams-1 sshd[629]: Did not receive identification string from 45.61.186.49 port 46314","@timestamp":"2022-09-17T04:26:50.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:05 honeypot-ams-1 sshd[632]: Disconnected from invalid user user 45.61.186.49 port 51058 [preauth]","@timestamp":"2022-09-17T04:27:06.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:15 honeypot-ams-1 sshd[636]: Disconnected from invalid user user 45.61.186.49 port 34540 [preauth]","@timestamp":"2022-09-17T04:27:16.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:30:48 honeypot-fra-1 sshd[23617]: Connection closed by authenticating user root 194.163.190.53 port 48406 [preauth]","@timestamp":"2022-09-17T04:30:48.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:13 honeypot-fra-1 sshd[23625]: Received disconnect from 45.61.186.169 port 51332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:32:13.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:31 honeypot-fra-1 sshd[23629]: Received disconnect from 45.61.186.169 port 46294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:32:31.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:48 honeypot-fra-1 sshd[23633]: Received disconnect from 45.61.186.169 port 41236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:32:49.812Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:34:56 honeypot-ams-1 sshd[639]: Received disconnect from 62.204.41.222 port 38288:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-17T04:34:56.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:35:01 honeypot-fra-1 kernel: [84263713.464744] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.144.102 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29581 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:35:01.865Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:36:22 honeypot-ams-1 sshd[643]: Disconnected from 206.81.0.243 port 53094 [preauth]","@timestamp":"2022-09-17T04:36:22.658Z"}
{"@timestamp":"2022-09-17T04:39:09.454Z","@version":"1","message":"Sep 17 04:39:08 honeypot-sgp-1 sshd[27012]: Invalid user labs from 159.203.177.51 port 49278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:41:37 honeypot-fra-1 sshd[23646]: Received disconnect from 61.177.173.52 port 30943:11:  [preauth]","@timestamp":"2022-09-17T04:41:38.015Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:41:45.520Z","@version":"1","message":"Sep 17 04:41:45 honeypot-sgp-1 sshd[27015]: Disconnected from authenticating user root 61.177.173.36 port 21089 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:45:18 honeypot-fra-1 sshd[23653]: Invalid user servidor from 143.198.154.97 port 39322","@timestamp":"2022-09-17T04:45:19.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:49:10 honeypot-fra-1 kernel: [84264562.426949] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=90 TOS=0x00 PREC=0x00 TTL=250 ID=56789 PROTO=TCP SPT=21789 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:49:11.192Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:50:11 honeypot-ams-1 sshd[648]: Disconnected from authenticating user root 211.252.84.224 port 41918 [preauth]","@timestamp":"2022-09-17T04:50:12.035Z"}
{"@timestamp":"2022-09-17T04:50:37.739Z","@version":"1","message":"Sep 17 04:50:36 honeypot-sgp-1 sshd[27021]: Disconnected from authenticating user root 61.177.173.37 port 64859 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:51:25 honeypot-fra-1 sshd[23661]: Invalid user kedma from 206.189.146.112 port 39946","@timestamp":"2022-09-17T04:51:26.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23672]: Invalid user esuser from 185.209.179.41 port 40890","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23690]: Invalid user es from 185.209.179.41 port 40928","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23681]: Invalid user es from 185.209.179.41 port 40920","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23678]: Invalid user mcsv from 185.209.179.41 port 40904","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23676]: Connection closed by authenticating user root 185.209.179.41 port 40884 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23691]: Connection closed by invalid user mcserv 185.209.179.41 port 40922 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23669]: Connection closed by invalid user es 185.209.179.41 port 40852 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23683]: Connection closed by invalid user esuser 185.209.179.41 port 40886 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:19 honeypot-fra-1 sshd[23717]: Connection closed by invalid user ftpuser 185.209.179.41 port 40878 [preauth]","@timestamp":"2022-09-17T04:52:19.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23728]: Invalid user steam from 185.209.179.41 port 40950","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23728]: Connection closed by invalid user steam 185.209.179.41 port 40950 [preauth]","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:39 honeypot-fra-1 sshd[23739]: Invalid user user from 179.60.147.69 port 9090","@timestamp":"2022-09-17T04:52:40.281Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:53:04.804Z","@version":"1","message":"Sep 17 04:53:03 honeypot-sgp-1 sshd[27025]: Disconnected from invalid user ulka 104.131.190.193 port 50722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T04:55:54.874Z","@version":"1","message":"Sep 17 04:55:54 honeypot-sgp-1 sshd[27032]: Disconnected from authenticating user root 61.177.173.36 port 44475 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:58:42 honeypot-ams-1 kernel: [84267302.941045] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.232.54.5 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=31725 DF PROTO=TCP SPT=62924 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T04:58:42.262Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:59:34 honeypot-fra-1 kernel: [84265186.153392] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53530 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:59:35.440Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T05:00:48.996Z","@version":"1","message":"Sep 17 05:00:48 honeypot-sgp-1 sshd[27039]: Received disconnect from 41.138.54.13 port 49886:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:44.069Z","@version":"1","message":"Sep 17 05:03:43 honeypot-sgp-1 sshd[27044]: Received disconnect from 45.61.186.49 port 47702:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:53.075Z","@version":"1","message":"Sep 17 05:03:53 honeypot-sgp-1 sshd[27048]: Received disconnect from 45.61.186.49 port 59320:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:04:03.079Z","@version":"1","message":"Sep 17 05:04:02 honeypot-sgp-1 sshd[27052]: Disconnected from authenticating user root 186.233.210.86 port 42160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:08:25.186Z","@version":"1","message":"Sep 17 05:08:24 honeypot-sgp-1 sshd[27057]: Disconnected from authenticating user root 61.177.173.37 port 39056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:09:04 honeypot-ams-1 sshd[656]: Connection closed by 174.81.180.107 port 50974 [preauth]","@timestamp":"2022-09-17T05:09:04.528Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:11:00 honeypot-fra-1 sshd[23757]: Did not receive identification string from 42.193.130.165 port 51444","@timestamp":"2022-09-17T05:11:01.696Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:14:49.340Z","@version":"1","message":"Sep 17 05:14:49 honeypot-sgp-1 sshd[27064]: Received disconnect from 61.177.173.46 port 44230:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:17:52 honeypot-ams-1 kernel: [84268453.404612] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=60757 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:17:52.759Z"}
{"@timestamp":"2022-09-17T05:20:29.478Z","@version":"1","message":"Sep 17 05:20:29 honeypot-sgp-1 kernel: [84268134.246359] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.101.49.103 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=519 PROTO=TCP SPT=45639 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:20:30 honeypot-fra-1 sshd[23771]: Invalid user admin from 168.121.105.25 port 22704","@timestamp":"2022-09-17T05:20:31.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:22:18 honeypot-fra-1 sshd[23776]: Received disconnect from 103.92.26.252 port 53800:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:22:18.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:23:58 honeypot-fra-1 sshd[23782]: Received disconnect from 61.177.173.39 port 11555:11:  [preauth]","@timestamp":"2022-09-17T05:23:58.994Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:25:46 honeypot-ams-1 sshd[664]: Did not receive identification string from 45.61.187.160 port 56754","@timestamp":"2022-09-17T05:25:46.966Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:26:09 honeypot-fra-1 sshd[23788]: Received disconnect from 15.235.140.144 port 50624:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:26:10.047Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:14 honeypot-ams-1 sshd[667]: Disconnected from invalid user user 45.61.187.160 port 33266 [preauth]","@timestamp":"2022-09-17T05:26:14.980Z"}
{"@timestamp":"2022-09-17T05:26:25.620Z","@version":"1","message":"Sep 17 05:26:25 honeypot-sgp-1 kernel: [84268490.127253] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=14088 DF PROTO=TCP SPT=61586 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:32 honeypot-ams-1 sshd[671]: Disconnected from invalid user user 45.61.187.160 port 55840 [preauth]","@timestamp":"2022-09-17T05:26:32.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:49 honeypot-ams-1 sshd[675]: Disconnected from invalid user user 45.61.187.160 port 50170 [preauth]","@timestamp":"2022-09-17T05:26:49.998Z"}
{"@timestamp":"2022-09-17T05:27:43.655Z","@version":"1","message":"Sep 17 05:27:43 honeypot-sgp-1 sshd[27516]: Connection closed by invalid user debian 179.60.147.69 port 45244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:30:23 honeypot-ams-1 kernel: [84269204.554559] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=27780 PROTO=TCP SPT=52605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:30:24.094Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:30:38 honeypot-fra-1 sshd[23795]: Disconnected from authenticating user root 138.94.75.17 port 47896 [preauth]","@timestamp":"2022-09-17T05:30:39.151Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:33:42.801Z","@version":"1","message":"Sep 17 05:33:42 honeypot-sgp-1 sshd[27522]: Disconnected from invalid user user 45.61.184.204 port 58048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:01.812Z","@version":"1","message":"Sep 17 05:34:01 honeypot-sgp-1 sshd[27526]: Disconnected from invalid user user 45.61.184.204 port 52514 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:21.821Z","@version":"1","message":"Sep 17 05:34:21 honeypot-sgp-1 sshd[27530]: Received disconnect from 45.61.184.204 port 46986:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:40.830Z","@version":"1","message":"Sep 17 05:34:40 honeypot-sgp-1 sshd[27534]: Received disconnect from 45.61.184.204 port 41446:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:38:38 honeypot-fra-1 sshd[24239]: Received disconnect from 183.83.49.121 port 51340:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:38:38.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:38:51 honeypot-ams-1 sshd[683]: Disconnecting invalid user admin 61.190.73.102 port 42046: Too many authentication failures [preauth]","@timestamp":"2022-09-17T05:38:51.313Z"}
{"@timestamp":"2022-09-17T05:39:41.954Z","@version":"1","message":"Sep 17 05:39:41 honeypot-sgp-1 kernel: [84269286.280193] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=42427 PROTO=TCP SPT=52948 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:42:58 honeypot-fra-1 sshd[24244]: Received disconnect from 61.177.172.114 port 35462:11:  [preauth]","@timestamp":"2022-09-17T05:42:59.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:45:44 honeypot-fra-1 sshd[24252]: Received disconnect from 61.177.172.104 port 54713:11:  [preauth]","@timestamp":"2022-09-17T05:45:44.498Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:50:56.228Z","@version":"1","message":"Sep 17 05:50:55 honeypot-sgp-1 sshd[27547]: Disconnected from authenticating user root 61.177.173.51 port 62102 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:53:20 honeypot-fra-1 sshd[24258]: Connection closed by authenticating user root 194.163.190.53 port 60872 [preauth]","@timestamp":"2022-09-17T05:53:20.673Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:53:29 honeypot-ams-1 sshd[692]: Received disconnect from 159.65.11.5 port 33764:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:53:29.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:55:13 honeypot-fra-1 kernel: [84268524.608512] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53963 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:55:13.720Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:56:50 honeypot-ams-1 sshd[697]: Did not receive identification string from 59.28.33.12 port 6956","@timestamp":"2022-09-17T05:56:50.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:01:28 honeypot-fra-1 kernel: [84268899.593707] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=37404 PROTO=TCP SPT=54403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:01:28.864Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:02:21 honeypot-ams-1 kernel: [84271122.127019] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45770 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:02:21.922Z"}
{"@timestamp":"2022-09-17T06:03:40.532Z","@version":"1","message":"Sep 17 06:03:40 honeypot-sgp-1 sshd[27555]: Disconnected from authenticating user root 61.177.173.36 port 30020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:05:46 honeypot-fra-1 sshd[24277]: Invalid user marcel from 23.94.194.115 port 60302","@timestamp":"2022-09-17T06:05:46.966Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:07:35.632Z","@version":"1","message":"Sep 17 06:07:35 honeypot-sgp-1 sshd[27563]: Connection closed by invalid user pi 210.125.97.225 port 37196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:08:22 honeypot-ams-1 sshd[706]: Invalid user user from 116.177.233.76 port 7934","@timestamp":"2022-09-17T06:08:23.085Z"}
{"@timestamp":"2022-09-17T06:08:51.664Z","@version":"1","message":"Sep 17 06:08:50 honeypot-sgp-1 sshd[27569]: Invalid user mi from 123.30.187.208 port 47124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:11:20 honeypot-ams-1 sshd[708]: Received disconnect from 164.92.233.93 port 52232:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:11:21.163Z"}
{"@timestamp":"2022-09-17T06:13:03.888Z","@version":"1","message":"Sep 17 06:13:03 honeypot-sgp-1 kernel: [84271288.346110] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=5352 PROTO=TCP SPT=54442 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:16:57 honeypot-fra-1 sshd[24287]: Received disconnect from 61.177.173.36 port 43644:11:  [preauth]","@timestamp":"2022-09-17T06:16:58.221Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:17:01 honeypot-ams-1 CRON[715]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T06:17:01.354Z"}
{"@timestamp":"2022-09-17T06:17:01.990Z","@version":"1","message":"Sep 17 06:17:01 honeypot-sgp-1 CRON[27577]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:21:06 honeypot-fra-1 kernel: [84270077.581299] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=177.221.74.140 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=58611 PROTO=TCP SPT=40388 DPT=443 WINDOW=8300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:21:06.315Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:23:40 honeypot-fra-1 sshd[24299]: Received disconnect from 61.177.173.39 port 58905:11:  [preauth]","@timestamp":"2022-09-17T06:23:41.376Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:23:58 honeypot-ams-1 sshd[722]: Invalid user ts3 from 221.165.227.155 port 38870","@timestamp":"2022-09-17T06:23:58.535Z"}
{"@timestamp":"2022-09-17T06:25:02.191Z","@version":"1","message":"Sep 17 06:25:01 honeypot-sgp-1 CRON[27589]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:25:02 honeypot-ams-1 CRON[726]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T06:25:03.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:25:09 honeypot-fra-1 CRON[24306]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T06:25:09.417Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:30:58 honeypot-fra-1 sshd[24468]: Invalid user user from 193.106.191.157 port 57914","@timestamp":"2022-09-17T06:30:58.554Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:35:15 honeypot-fra-1 sshd[24566]: Received disconnect from 103.170.246.22 port 56964:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:35:16.677Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:35:33.452Z","@version":"1","message":"Sep 17 06:35:32 honeypot-sgp-1 sshd[27746]: Received disconnect from 61.177.173.46 port 24250:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:36:28.478Z","@version":"1","message":"Sep 17 06:36:27 honeypot-sgp-1 kernel: [84272692.522500] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=111.7.96.139 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=8558 DF PROTO=TCP SPT=38800 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:38:32 honeypot-fra-1 sshd[24570]: Received disconnect from 115.75.142.7 port 51206:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:38:32.753Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:40:27.578Z","@version":"1","message":"Sep 17 06:40:26 honeypot-sgp-1 sshd[27754]: Invalid user support from 179.60.147.69 port 16018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:42:19.625Z","@version":"1","message":"Sep 17 06:42:19 honeypot-sgp-1 sshd[27759]: Disconnected from 61.177.173.47 port 44270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:42:21 honeypot-ams-1 kernel: [84273521.970800] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.9.129 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=30177 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:42:22.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:42:57 honeypot-fra-1 sshd[24577]: Received disconnect from 61.177.173.35 port 21755:11:  [preauth]","@timestamp":"2022-09-17T06:42:57.855Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:49:38.805Z","@version":"1","message":"Sep 17 06:49:38 honeypot-sgp-1 sshd[27948]: Received disconnect from 61.177.173.52 port 58181:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:53:08 honeypot-fra-1 kernel: [84271999.823617] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=97.107.134.253 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62492 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:53:09.086Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T06:54:53.938Z","@version":"1","message":"Sep 17 06:54:53 honeypot-sgp-1 sshd[27955]: Received disconnect from 61.177.172.98 port 17821:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:58:59 honeypot-fra-1 kernel: [84272351.011549] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.83.130 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=31687 DF PROTO=TCP SPT=46322 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:59:00.219Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:03:27 honeypot-fra-1 sshd[24602]: Connection reset by 61.177.173.51 port 29662 [preauth]","@timestamp":"2022-09-17T07:03:27.325Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:03:49.154Z","@version":"1","message":"Sep 17 07:03:48 honeypot-sgp-1 kernel: [84274333.194920] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=59227 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:04:09 honeypot-ams-1 kernel: [84274830.712449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=136.143.104.11 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=59 ID=30794 PROTO=TCP SPT=36607 DPT=80 WINDOW=22079 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:04:10.570Z"}
{"@timestamp":"2022-09-17T07:14:22.415Z","@version":"1","message":"Sep 17 07:14:22 honeypot-sgp-1 sshd[27972]: Received disconnect from 218.92.0.221 port 41299:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:01 honeypot-fra-1 CRON[24616]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T07:17:01.631Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:46 honeypot-fra-1 sshd[24620]: Disconnected from invalid user user 45.61.186.169 port 46172 [preauth]","@timestamp":"2022-09-17T07:17:46.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:03 honeypot-fra-1 sshd[24626]: Invalid user user from 45.61.186.169 port 41162","@timestamp":"2022-09-17T07:18:03.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:19 honeypot-fra-1 sshd[24630]: Invalid user user from 45.61.186.169 port 36156","@timestamp":"2022-09-17T07:18:19.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:35 honeypot-fra-1 sshd[24634]: Invalid user user from 45.61.186.169 port 59370","@timestamp":"2022-09-17T07:18:35.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:20:02 honeypot-ams-1 sshd[1000]: Invalid user ubnt from 179.60.147.69 port 37358","@timestamp":"2022-09-17T07:20:02.981Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:20:58 honeypot-fra-1 sshd[24638]: Disconnected from invalid user liferay 165.22.45.108 port 56546 [preauth]","@timestamp":"2022-09-17T07:20:58.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:27:40 honeypot-fra-1 sshd[24647]: Connection closed by invalid user admin 14.47.57.72 port 57987 [preauth]","@timestamp":"2022-09-17T07:27:40.886Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:27:45.754Z","@version":"1","message":"Sep 17 07:27:45 honeypot-sgp-1 sshd[27983]: Received disconnect from 61.177.172.19 port 31280:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:01 honeypot-ams-1 sshd[1007]: Received disconnect from 193.142.146.50 port 45286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:28:02.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:24 honeypot-ams-1 sshd[1011]: Invalid user oracle from 193.142.146.50 port 44154","@timestamp":"2022-09-17T07:28:25.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:29:50 honeypot-ams-1 sshd[1013]: Disconnected from invalid user ftpuser 193.142.146.50 port 43022 [preauth]","@timestamp":"2022-09-17T07:29:50.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:26 honeypot-ams-1 sshd[1019]: Invalid user test from 193.142.146.50 port 41320","@timestamp":"2022-09-17T07:30:27.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:31:16 honeypot-ams-1 sshd[1023]: Invalid user centos from 193.142.146.50 port 40188","@timestamp":"2022-09-17T07:31:17.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:08 honeypot-ams-1 sshd[1465]: Invalid user mysql from 193.142.146.50 port 39056","@timestamp":"2022-09-17T07:32:08.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:22 honeypot-ams-1 sshd[1467]: Disconnected from invalid user admin 193.142.146.50 port 38488 [preauth]","@timestamp":"2022-09-17T07:32:22.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:53 honeypot-ams-1 sshd[1471]: Disconnected from invalid user hadoop 193.142.146.50 port 37356 [preauth]","@timestamp":"2022-09-17T07:32:53.337Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:33:48 honeypot-fra-1 sshd[24660]: Disconnected from authenticating user root 61.177.173.47 port 52510 [preauth]","@timestamp":"2022-09-17T07:33:49.025Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:39:41.035Z","@version":"1","message":"Sep 17 07:39:40 honeypot-sgp-1 sshd[27996]: Disconnected from invalid user sao 1.235.192.218 port 47784 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:39:57 honeypot-fra-1 kernel: [84274808.752233] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.244 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59638 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:39:58.170Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:41:17 honeypot-ams-1 kernel: [84277057.838314] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=136.143.104.11 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=59 ID=42331 PROTO=TCP SPT=35583 DPT=80 WINDOW=30239 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:41:17.551Z"}
{"@timestamp":"2022-09-17T07:42:29.106Z","@version":"1","message":"Sep 17 07:42:28 honeypot-sgp-1 sshd[28002]: Received disconnect from 1.224.37.98 port 39196:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T07:43:19.127Z","@version":"1","message":"Sep 17 07:43:19 honeypot-sgp-1 sshd[28006]: Disconnected from invalid user minerva 210.187.80.132 port 37694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:46 honeypot-ams-1 sshd[1483]: Disconnected from authenticating user root 39.90.161.165 port 38310 [preauth]","@timestamp":"2022-09-17T07:43:46.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:52 honeypot-ams-1 sshd[1489]: Received disconnect from 39.90.161.165 port 38422:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:43:52.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:57 honeypot-ams-1 sshd[1495]: Received disconnect from 39.90.161.165 port 38880:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:43:58.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:03 honeypot-ams-1 sshd[1501]: Received disconnect from 39.90.161.165 port 39000:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:03.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:09 honeypot-ams-1 sshd[1507]: Received disconnect from 39.90.161.165 port 39470:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:09.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:15 honeypot-ams-1 sshd[1513]: Received disconnect from 39.90.161.165 port 39830:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:15.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:20 honeypot-ams-1 sshd[1519]: Received disconnect from 39.90.161.165 port 40052:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:21.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:26 honeypot-ams-1 sshd[1525]: Received disconnect from 39.90.161.165 port 40476:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:26.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:31 honeypot-ams-1 sshd[1531]: Received disconnect from 39.90.161.165 port 40624:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:32.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:37 honeypot-ams-1 sshd[1537]: Received disconnect from 39.90.161.165 port 41068:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:38.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:43 honeypot-ams-1 sshd[1543]: Received disconnect from 39.90.161.165 port 41224:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:43.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:06 honeypot-ams-1 sshd[1551]: Did not receive identification string from 45.61.186.49 port 56416","@timestamp":"2022-09-17T07:45:07.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:16 honeypot-ams-1 sshd[1554]: Disconnected from invalid user user 45.61.186.49 port 58466 [preauth]","@timestamp":"2022-09-17T07:45:17.671Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:24 honeypot-ams-1 sshd[1558]: Disconnected from invalid user user 45.61.186.49 port 41836 [preauth]","@timestamp":"2022-09-17T07:45:25.676Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:46:26 honeypot-fra-1 sshd[24682]: Connection closed by authenticating user root 194.163.190.53 port 59456 [preauth]","@timestamp":"2022-09-17T07:46:27.318Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:47:23 honeypot-ams-1 sshd[1563]: Disconnected from authenticating user root 165.232.176.114 port 35074 [preauth]","@timestamp":"2022-09-17T07:47:23.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:49:56 honeypot-ams-1 sshd[1569]: Received disconnect from 161.35.229.78 port 58504:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:49:56.796Z"}
{"@timestamp":"2022-09-17T07:50:37.303Z","@version":"1","message":"Sep 17 07:50:37 honeypot-sgp-1 kernel: [84277141.819284] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.131.38.131 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=26365 DF PROTO=TCP SPT=45232 DPT=5432 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:54:05 honeypot-fra-1 sshd[24688]: Connection closed by invalid user blank 179.60.147.69 port 15722 [preauth]","@timestamp":"2022-09-17T07:54:06.494Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:54:15.394Z","@version":"1","message":"Sep 17 07:54:15 honeypot-sgp-1 sshd[28018]: Disconnected from authenticating user root 190.156.238.155 port 34004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:56:20 honeypot-ams-1 sshd[1574]: Invalid user blank from 179.60.147.69 port 38108","@timestamp":"2022-09-17T07:56:20.963Z"}
{"@timestamp":"2022-09-17T08:00:35.545Z","@version":"1","message":"Sep 17 08:00:35 honeypot-sgp-1 sshd[28027]: Received disconnect from 61.177.172.98 port 32280:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T08:07:08.701Z","@version":"1","message":"Sep 17 08:07:08 honeypot-sgp-1 sshd[28032]: Connection reset by 61.177.173.51 port 44044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:07:23 honeypot-fra-1 sshd[24721]: Disconnected from authenticating user root 61.177.173.51 port 33072 [preauth]","@timestamp":"2022-09-17T08:07:23.795Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:09:05 honeypot-ams-1 sshd[1581]: Received disconnect from 189.100.73.39 port 51177:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:09:06.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:10:40 honeypot-fra-1 sshd[24725]: Disconnected from authenticating user root 61.177.173.36 port 12162 [preauth]","@timestamp":"2022-09-17T08:10:40.871Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:15:30 honeypot-ams-1 kernel: [84279111.200396] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.124.70.143 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=29290 PROTO=TCP SPT=27630 DPT=80 WINDOW=26183 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:15:31.462Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:15:53 honeypot-fra-1 sshd[24758]: Did not receive identification string from 178.128.72.150 port 36514","@timestamp":"2022-09-17T08:15:53.994Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:17:01.937Z","@version":"1","message":"Sep 17 08:17:01 honeypot-sgp-1 CRON[28041]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:30 honeypot-fra-1 sshd[24766]: Received disconnect from 178.128.72.150 port 37532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:17:31.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:18:21 honeypot-fra-1 sshd[24771]: Invalid user minecraft from 178.128.72.150 port 36458","@timestamp":"2022-09-17T08:18:22.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:09 honeypot-fra-1 sshd[24775]: Invalid user oracle from 178.128.72.150 port 35376","@timestamp":"2022-09-17T08:19:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:56 honeypot-fra-1 sshd[24779]: Invalid user test from 178.128.72.150 port 34340","@timestamp":"2022-09-17T08:19:57.099Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:29 honeypot-fra-1 sshd[24783]: Invalid user lifferay from 165.22.45.108 port 33476","@timestamp":"2022-09-17T08:20:29.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:07 honeypot-fra-1 sshd[24787]: Invalid user ftpuser from 178.128.72.150 port 46806","@timestamp":"2022-09-17T08:21:08.132Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:34 honeypot-fra-1 sshd[24791]: Connection closed by authenticating user root 194.163.190.53 port 47910 [preauth]","@timestamp":"2022-09-17T08:21:35.145Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:22:18 honeypot-fra-1 sshd[24795]: Disconnected from invalid user postgres 178.128.72.150 port 59310 [preauth]","@timestamp":"2022-09-17T08:22:19.164Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:23:25 honeypot-fra-1 kernel: [84277416.355816] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58126 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:23:26.192Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T08:29:18.236Z","@version":"1","message":"Sep 17 08:29:17 honeypot-sgp-1 kernel: [84279462.622648] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.117.125 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35638 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:30:51 honeypot-fra-1 kernel: [84277862.770514] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.54 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33899 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:30:52.364Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24815]: Invalid user ec2-user from 43.138.78.204 port 49874","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24826]: Invalid user sanlang from 43.138.78.204 port 49904","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24834]: Invalid user alem from 43.138.78.204 port 49830","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24826]: Connection closed by invalid user sanlang 43.138.78.204 port 49904 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:22 honeypot-fra-1 sshd[24838]: Connection closed by invalid user wy 43.138.78.204 port 49818 [preauth]","@timestamp":"2022-09-17T08:31:23.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24848]: Invalid user contributor from 43.138.78.204 port 49838","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24855]: Invalid user testuser from 43.138.78.204 port 49854","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24843]: Connection closed by invalid user dominion 43.138.78.204 port 49824 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24850]: Connection closed by invalid user systemd 43.138.78.204 port 49880 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24858]: Connection closed by invalid user chinochan 43.138.78.204 port 49932 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:31:43 honeypot-ams-1 kernel: [84280084.024425] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.73 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42877 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:31:43.885Z"}
{"@timestamp":"2022-09-17T08:33:48.348Z","@version":"1","message":"Sep 17 08:33:47 honeypot-sgp-1 sshd[28070]: Disconnected from authenticating user root 61.177.173.50 port 45942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:34:52 honeypot-ams-1 kernel: [84280273.133759] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.217.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47662 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:34:52.971Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:40:47 honeypot-fra-1 sshd[24881]: Disconnected from authenticating user root 61.177.172.114 port 13750 [preauth]","@timestamp":"2022-09-17T08:40:48.593Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:43:45 honeypot-ams-1 sshd[1620]: Invalid user nodeproxy from 103.188.176.251 port 49254","@timestamp":"2022-09-17T08:43:46.212Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:12 honeypot-fra-1 sshd[24890]: Disconnected from 200.54.15.172 port 43168 [preauth]","@timestamp":"2022-09-17T08:46:12.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:28 honeypot-fra-1 sshd[24896]: Invalid user user from 45.61.186.49 port 38948","@timestamp":"2022-09-17T08:46:29.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:36 honeypot-fra-1 sshd[24900]: Invalid user user from 45.61.186.49 port 50454","@timestamp":"2022-09-17T08:46:36.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:47:25.679Z","@version":"1","message":"Sep 17 08:47:24 honeypot-sgp-1 kernel: [84280549.615632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.102 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=45191 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:48:22 honeypot-fra-1 sshd[24906]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-17T08:48:22.771Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:49:43 honeypot-ams-1 sshd[1627]: Invalid user zx from 203.223.191.206 port 37808","@timestamp":"2022-09-17T08:49:43.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:51:49 honeypot-ams-1 sshd[1630]: Disconnected from authenticating user root 106.241.54.211 port 54248 [preauth]","@timestamp":"2022-09-17T08:51:49.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:54:20 honeypot-ams-1 sshd[1637]: Invalid user  from 64.62.197.92 port 3020","@timestamp":"2022-09-17T08:54:21.495Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:57:09 honeypot-fra-1 sshd[24910]: Invalid user admin from 194.163.190.53 port 58488","@timestamp":"2022-09-17T08:57:09.975Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:58:23 honeypot-fra-1 sshd[24917]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-17T08:58:24.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:03:13 honeypot-fra-1 sshd[24922]: Connection closed by invalid user user 193.106.191.157 port 42550 [preauth]","@timestamp":"2022-09-17T09:03:14.142Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:03:36 honeypot-ams-1 kernel: [84281996.804387] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58950 PROTO=TCP SPT=45204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:03:36.735Z"}
{"@timestamp":"2022-09-17T09:05:10.112Z","@version":"1","message":"Sep 17 09:05:09 honeypot-sgp-1 sshd[28093]: Received disconnect from 61.177.172.19 port 49798:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T09:05:37.125Z","@version":"1","message":"Sep 17 09:05:36 honeypot-sgp-1 kernel: [84281640.981864] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35879 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:07:08 honeypot-fra-1 sshd[24931]: Received disconnect from 61.177.173.52 port 51099:11:  [preauth]","@timestamp":"2022-09-17T09:07:09.235Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:08:31.197Z","@version":"1","message":"Sep 17 09:08:30 honeypot-sgp-1 kernel: [84281815.552631] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.241.69.0 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=65409 DF PROTO=TCP SPT=7487 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T09:11:39.279Z","@version":"1","message":"Sep 17 09:11:38 honeypot-sgp-1 kernel: [84282003.389010] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=551 PROTO=TCP SPT=45204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:12:59 honeypot-ams-1 kernel: [84282560.511144] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.216.191.54 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53320 DF PROTO=TCP SPT=51102 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:12:59.986Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:13:40 honeypot-fra-1 kernel: [84280431.611528] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=39306 PROTO=TCP SPT=4333 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:13:41.383Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:16:29 honeypot-ams-1 sshd[1651]: Received disconnect from 178.128.72.150 port 56238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:16:30.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:16:39 honeypot-fra-1 kernel: [84280610.339892] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.216.71.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=59838 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:16:39.453Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:17:01 honeypot-ams-1 CRON[1655]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T09:17:02.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:17:50 honeypot-ams-1 sshd[1660]: Disconnected from invalid user postgres 178.128.72.150 port 45278 [preauth]","@timestamp":"2022-09-17T09:17:51.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:18:26 honeypot-fra-1 sshd[24946]: Disconnected from invalid user lifferay 165.22.45.108 port 38618 [preauth]","@timestamp":"2022-09-17T09:18:26.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:18:28.448Z","@version":"1","message":"Sep 17 09:18:28 honeypot-sgp-1 sshd[28116]: Disconnected from authenticating user root 61.177.173.46 port 51899 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:18:43 honeypot-ams-1 sshd[1665]: Disconnected from invalid user mysql 178.128.72.150 port 47360 [preauth]","@timestamp":"2022-09-17T09:18:44.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:19:35 honeypot-ams-1 sshd[1669]: Disconnected from invalid user teamspeak 178.128.72.150 port 49446 [preauth]","@timestamp":"2022-09-17T09:19:36.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:19:59 honeypot-fra-1 sshd[24951]: Disconnected from invalid user user 45.61.186.169 port 44180 [preauth]","@timestamp":"2022-09-17T09:19:59.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:17 honeypot-fra-1 sshd[24956]: Disconnected from invalid user user 45.61.186.169 port 39378 [preauth]","@timestamp":"2022-09-17T09:20:17.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:28 honeypot-ams-1 sshd[1673]: Disconnected from invalid user ftpuser 178.128.72.150 port 51550 [preauth]","@timestamp":"2022-09-17T09:20:28.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:33 honeypot-fra-1 sshd[24960]: Received disconnect from 45.61.186.169 port 34580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:34.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:49 honeypot-fra-1 sshd[24964]: Invalid user user from 45.61.186.169 port 58024","@timestamp":"2022-09-17T09:20:49.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:21:20 honeypot-ams-1 sshd[1677]: Disconnected from invalid user ts3 178.128.72.150 port 53658 [preauth]","@timestamp":"2022-09-17T09:21:21.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:22:13 honeypot-ams-1 sshd[1681]: Disconnected from invalid user postgres 178.128.72.150 port 55774 [preauth]","@timestamp":"2022-09-17T09:22:14.245Z"}
{"@timestamp":"2022-09-17T09:27:18.662Z","@version":"1","message":"Sep 17 09:27:18 honeypot-sgp-1 sshd[28124]: Received disconnect from 61.177.173.51 port 52515:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:32:54 honeypot-fra-1 sshd[24977]: Connection closed by invalid user cdiptv 194.163.190.53 port 44480 [preauth]","@timestamp":"2022-09-17T09:32:54.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:36:34.888Z","@version":"1","message":"Sep 17 09:36:34 honeypot-sgp-1 sshd[28129]: Disconnected from authenticating user root 61.177.173.53 port 60143 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:38:32 honeypot-ams-1 sshd[1687]: Invalid user stats from 152.179.67.70 port 3707","@timestamp":"2022-09-17T09:38:32.669Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:38:48 honeypot-ams-1 kernel: [84284109.011891] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=17140 PROTO=TCP SPT=47066 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:38:48.679Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:33 honeypot-fra-1 sshd[24988]: Invalid user git from 193.142.146.50 port 39560","@timestamp":"2022-09-17T09:40:34.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:56 honeypot-fra-1 sshd[24993]: Received disconnect from 193.142.146.50 port 38042:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:40:57.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:21 honeypot-fra-1 sshd[24997]: Disconnected from authenticating user root 193.142.146.50 port 36526 [preauth]","@timestamp":"2022-09-17T09:42:22.068Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:46 honeypot-fra-1 sshd[25001]: Disconnected from invalid user test 193.142.146.50 port 35008 [preauth]","@timestamp":"2022-09-17T09:42:47.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:43:17 honeypot-fra-1 sshd[25007]: Invalid user centos from 193.142.146.50 port 33490","@timestamp":"2022-09-17T09:43:18.093Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:12 honeypot-fra-1 sshd[25011]: Received disconnect from 193.142.146.50 port 60964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:44:13.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:44:34.105Z","@version":"1","message":"Sep 17 09:44:33 honeypot-sgp-1 sshd[28136]: Received disconnect from 61.177.173.36 port 50308:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:41 honeypot-fra-1 sshd[25015]: Invalid user admin from 193.142.146.50 port 59446","@timestamp":"2022-09-17T09:44:41.128Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:57 honeypot-fra-1 sshd[25019]: Received disconnect from 61.177.173.36 port 31743:11:  [preauth]","@timestamp":"2022-09-17T09:44:58.137Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:45:15 honeypot-ams-1 sshd[1692]: Connection closed by invalid user centos 179.60.147.69 port 11020 [preauth]","@timestamp":"2022-09-17T09:45:15.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:46:21 honeypot-fra-1 sshd[25026]: Received disconnect from 193.142.146.50 port 56414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:46:22.170Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:50:28.251Z","@version":"1","message":"Sep 17 09:50:28 honeypot-sgp-1 sshd[28144]: Received disconnect from 61.177.172.104 port 52620:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:49 honeypot-ams-1 sshd[1698]: Received disconnect from 45.61.186.249 port 47152:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:50:49.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:08 honeypot-ams-1 sshd[1702]: Invalid user user from 45.61.186.249 port 42654","@timestamp":"2022-09-17T09:51:09.000Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:27 honeypot-ams-1 sshd[1706]: Invalid user user from 45.61.186.249 port 38162","@timestamp":"2022-09-17T09:51:28.011Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:51:49 honeypot-fra-1 sshd[25036]: Received disconnect from 104.248.131.9 port 46190:11: Bye Bye [preauth]","@timestamp":"2022-09-17T09:51:50.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:54:59 honeypot-fra-1 sshd[25041]: Disconnected from authenticating user root 61.177.173.50 port 26528 [preauth]","@timestamp":"2022-09-17T09:55:00.366Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:55:57 honeypot-ams-1 sshd[1713]: Did not receive identification string from 46.19.141.122 port 47608","@timestamp":"2022-09-17T09:55:58.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:56:28 honeypot-ams-1 sshd[1716]: Disconnected from invalid user admin 46.19.141.122 port 57120 [preauth]","@timestamp":"2022-09-17T09:56:29.140Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:57:11 honeypot-ams-1 kernel: [84285211.854600] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.159.175.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=45890 PROTO=TCP SPT=37751 DPT=443 WINDOW=60679 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:57:12.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:29 honeypot-ams-1 sshd[1726]: Invalid user admin from 46.19.141.122 port 60794","@timestamp":"2022-09-17T09:58:30.196Z"}
{"@timestamp":"2022-09-17T09:58:40.454Z","@version":"1","message":"Sep 17 09:58:40 honeypot-sgp-1 sshd[28153]: Received disconnect from 62.231.21.18 port 37742:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:59:08 honeypot-fra-1 sshd[25050]: Disconnected from invalid user cms 103.55.38.26 port 33694 [preauth]","@timestamp":"2022-09-17T09:59:08.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:10 honeypot-ams-1 sshd[1731]: Invalid user raspberry from 46.19.141.122 port 50904","@timestamp":"2022-09-17T09:59:10.216Z"}
{"@timestamp":"2022-09-17T09:59:51.486Z","@version":"1","message":"Sep 17 09:59:50 honeypot-sgp-1 sshd[28155]: Disconnected from invalid user bsamexico 211.224.131.58 port 20059 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:55 honeypot-ams-1 sshd[1735]: Invalid user usuario from 46.19.141.122 port 41070","@timestamp":"2022-09-17T09:59:56.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:00:41 honeypot-ams-1 sshd[1739]: Invalid user 1234 from 46.19.141.122 port 59446","@timestamp":"2022-09-17T10:00:41.260Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:01:02 honeypot-fra-1 sshd[25054]: Disconnected from invalid user jonny 51.222.13.62 port 40594 [preauth]","@timestamp":"2022-09-17T10:01:02.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:01:29 honeypot-ams-1 sshd[1744]: Disconnected from authenticating user root 46.19.141.122 port 49574 [preauth]","@timestamp":"2022-09-17T10:01:29.282Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:02:41 honeypot-ams-1 kernel: [84285541.674169] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=210.245.120.108 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=7930 PROTO=TCP SPT=48241 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:02:41.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:03:38 honeypot-ams-1 sshd[1754]: Disconnected from authenticating user root 46.19.141.122 port 53154 [preauth]","@timestamp":"2022-09-17T10:03:39.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:13:45 honeypot-ams-1 sshd[1764]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-17T10:13:45.603Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:16:16 honeypot-fra-1 sshd[25062]: Invalid user lifferay from 165.22.45.108 port 43740","@timestamp":"2022-09-17T10:16:17.852Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:17:01.910Z","@version":"1","message":"Sep 17 10:17:01 honeypot-sgp-1 CRON[28163]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:17:01 honeypot-ams-1 CRON[1769]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T10:17:02.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:17:15 honeypot-fra-1 sshd[25067]: Connection closed by invalid user juzici 194.163.190.53 port 44120 [preauth]","@timestamp":"2022-09-17T10:17:15.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:21:06 honeypot-fra-1 kernel: [84284477.189993] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=24527 PROTO=TCP SPT=20527 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:21:06.970Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:21:40 honeypot-ams-1 sshd[1778]: Invalid user blank from 179.60.147.69 port 20392","@timestamp":"2022-09-17T10:21:40.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25079]: Invalid user oracle from 196.216.253.24 port 38536","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25082]: Connection closed by authenticating user root 196.216.253.24 port 38552 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25077]: Connection closed by invalid user testuser 196.216.253.24 port 38496 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:24:46 honeypot-ams-1 kernel: [84286867.002774] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42427 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:24:46.893Z"}
{"@timestamp":"2022-09-17T10:28:12.187Z","@version":"1","message":"Sep 17 10:28:11 honeypot-sgp-1 kernel: [84286596.153485] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=202.55.132.19 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=16891 PROTO=TCP SPT=42893 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:29:01 honeypot-fra-1 sshd[25100]: Invalid user lk from 45.80.64.246 port 41072","@timestamp":"2022-09-17T10:29:02.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:30:25 honeypot-ams-1 kernel: [84287206.000063] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=2703 DF PROTO=TCP SPT=55763 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:30:26.039Z"}
{"@timestamp":"2022-09-17T10:31:23.267Z","@version":"1","message":"Sep 17 10:31:22 honeypot-sgp-1 kernel: [84286787.352162] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=36567 DF PROTO=TCP SPT=35362 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:33:09 honeypot-fra-1 sshd[25103]: Disconnected from invalid user yong 123.122.160.39 port 35639 [preauth]","@timestamp":"2022-09-17T10:33:10.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:34:26.346Z","@version":"1","message":"Sep 17 10:34:25 honeypot-sgp-1 sshd[28246]: Invalid user discord from 157.245.252.34 port 34506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:34:43 honeypot-ams-1 sshd[1791]: error: maximum authentication attempts exceeded for invalid user admin from 222.228.6.98 port 43943 ssh2 [preauth]","@timestamp":"2022-09-17T10:34:44.151Z"}
{"@timestamp":"2022-09-17T10:36:04.389Z","@version":"1","message":"Sep 17 10:36:03 honeypot-sgp-1 sshd[28250]: Received disconnect from 220.80.223.144 port 54136:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:40:22 honeypot-fra-1 kernel: [84285633.768650] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.135 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36882 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:40:23.415Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:41:31 honeypot-ams-1 kernel: [84287871.910799] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.205.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52452 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:41:31.340Z"}
{"@timestamp":"2022-09-17T10:42:16.541Z","@version":"1","message":"Sep 17 10:42:15 honeypot-sgp-1 kernel: [84287440.195253] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=45068 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:43:53 honeypot-fra-1 sshd[25114]: Connection closed by invalid user cdh 194.163.190.53 port 50548 [preauth]","@timestamp":"2022-09-17T10:43:53.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:45:42 honeypot-ams-1 sshd[1799]: Connection closed by invalid user xuwenhua 137.116.144.39 port 43146 [preauth]","@timestamp":"2022-09-17T10:45:43.450Z"}
{"@timestamp":"2022-09-17T10:46:09.637Z","@version":"1","message":"Sep 17 10:46:09 honeypot-sgp-1 sshd[28258]: Disconnected from invalid user ubuntu 81.183.222.181 port 48444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:46:55 honeypot-ams-1 sshd[1805]: Received disconnect from 45.61.184.204 port 58372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:46:55.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:14 honeypot-ams-1 sshd[1809]: Received disconnect from 45.61.184.204 port 53648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:47:15.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:32 honeypot-ams-1 sshd[1813]: Received disconnect from 45.61.184.204 port 48936:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:47:33.506Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:50:59 honeypot-fra-1 sshd[25119]: Received disconnect from 159.65.171.230 port 44346:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:51:00.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:53:59 honeypot-fra-1 sshd[25123]: Disconnected from invalid user jasmine 182.23.63.23 port 56108 [preauth]","@timestamp":"2022-09-17T10:53:59.731Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:54:12 honeypot-ams-1 kernel: [84288633.526228] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54326 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:54:13.676Z"}
{"@timestamp":"2022-09-17T10:59:52.995Z","@version":"1","message":"Sep 17 10:59:52 honeypot-sgp-1 kernel: [84288497.338472] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.244.213.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=13008 PROTO=TCP SPT=50903 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:01:29 honeypot-fra-1 sshd[25129]: Connection closed by invalid user cdh 194.163.190.53 port 43856 [preauth]","@timestamp":"2022-09-17T11:01:29.905Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:05:11 honeypot-ams-1 kernel: [84289292.029988] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51441 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:05:11.959Z"}
{"@timestamp":"2022-09-17T11:08:04.194Z","@version":"1","message":"Sep 17 11:08:03 honeypot-sgp-1 kernel: [84288987.831410] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.96.150 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=47840 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:12:38 honeypot-ams-1 sshd[1827]: Connection closed by invalid user user1 103.188.176.251 port 39124 [preauth]","@timestamp":"2022-09-17T11:12:39.154Z"}
{"@timestamp":"2022-09-17T11:13:36.339Z","@version":"1","message":"Sep 17 11:13:36 honeypot-sgp-1 sshd[28268]: Disconnected from invalid user beau 187.235.106.121 port 38450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:13:46.344Z","@version":"1","message":"Sep 17 11:13:45 honeypot-sgp-1 sshd[28272]: Disconnected from invalid user ben 27.254.159.123 port 40699 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:15:06 honeypot-fra-1 sshd[25137]: Invalid user lifferay from 165.22.45.108 port 48894","@timestamp":"2022-09-17T11:15:06.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:16:36 honeypot-fra-1 sshd[25141]: Invalid user mang from 112.132.249.164 port 45216","@timestamp":"2022-09-17T11:16:37.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:17:01 honeypot-fra-1 CRON[25145]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T11:17:01.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:17:02.428Z","@version":"1","message":"Sep 17 11:17:01 honeypot-sgp-1 CRON[28277]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:21:21.536Z","@version":"1","message":"Sep 17 11:21:20 honeypot-sgp-1 kernel: [84289785.339627] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=121.180.163.250 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=7936 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:26:36 honeypot-ams-1 kernel: [84290577.295503] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13666 PROTO=TCP SPT=53675 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:26:37.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:27:33 honeypot-fra-1 sshd[25152]: Received disconnect from 60.10.72.203 port 44826:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:27:33.500Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:30:46.769Z","@version":"1","message":"Sep 17 11:30:46 honeypot-sgp-1 sshd[28286]: Invalid user ubnt from 179.60.147.69 port 10468","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:30:56 honeypot-fra-1 kernel: [84288666.911244] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10373 PROTO=TCP SPT=53675 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:30:56.579Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:32:06 honeypot-fra-1 sshd[25161]: Disconnected from invalid user dude 193.227.16.23 port 46610 [preauth]","@timestamp":"2022-09-17T11:32:06.607Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:32:20 honeypot-ams-1 kernel: [84290921.003279] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.94.33.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=250 ID=8465 DF PROTO=TCP SPT=15186 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:32:20.672Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:34:04 honeypot-ams-1 sshd[1843]: Connection closed by invalid user ubnt 179.60.147.69 port 25616 [preauth]","@timestamp":"2022-09-17T11:34:04.720Z"}
{"@timestamp":"2022-09-17T11:34:48.873Z","@version":"1","message":"Sep 17 11:34:48 honeypot-sgp-1 kernel: [84290592.698895] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=117.199.204.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=61707 DF PROTO=TCP SPT=29184 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:35:27 honeypot-fra-1 sshd[25166]: Connection closed by invalid user user 193.106.191.157 port 55264 [preauth]","@timestamp":"2022-09-17T11:35:27.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:40:29 honeypot-fra-1 sshd[25172]: Received disconnect from 103.129.221.188 port 58954:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:40:29.798Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:43:00.081Z","@version":"1","message":"Sep 17 11:42:59 honeypot-sgp-1 sshd[28294]: Invalid user fhv from 51.83.45.72 port 45016","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:43:57.110Z","@version":"1","message":"Sep 17 11:43:56 honeypot-sgp-1 sshd[28298]: Invalid user nagios from 217.79.178.122 port 42722","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:45:03.139Z","@version":"1","message":"Sep 17 11:45:02 honeypot-sgp-1 sshd[28302]: Received disconnect from 157.245.148.189 port 43842:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:45:32 honeypot-ams-1 kernel: [84291713.495065] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56812 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:45:33.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:46:05 honeypot-fra-1 sshd[25179]: Invalid user meta from 194.163.190.53 port 43030","@timestamp":"2022-09-17T11:46:05.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:55:12 honeypot-fra-1 sshd[25182]: Connection closed by invalid user rna 194.163.190.53 port 54856 [preauth]","@timestamp":"2022-09-17T11:55:13.154Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:58:44 honeypot-fra-1 sshd[25189]: Did not receive identification string from 198.235.24.134 port 52174","@timestamp":"2022-09-17T11:58:45.237Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:59:47 honeypot-ams-1 kernel: [84292568.553554] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.217.140.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=20014 PROTO=TCP SPT=16344 DPT=443 WINDOW=60978 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:59:48.409Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:03:24 honeypot-fra-1 sshd[25192]: Disconnected from authenticating user root 165.22.21.143 port 55638 [preauth]","@timestamp":"2022-09-17T12:03:24.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:04:41 honeypot-ams-1 sshd[1851]: Received disconnect from 5.200.70.148 port 55414:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:04:41.540Z"}
{"@timestamp":"2022-09-17T12:07:08.676Z","@version":"1","message":"Sep 17 12:07:08 honeypot-sgp-1 sshd[28306]: Invalid user admin from 179.60.147.69 port 2934","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:07:29 honeypot-fra-1 sshd[25200]: Invalid user weng from 106.251.237.178 port 38358","@timestamp":"2022-09-17T12:07:30.445Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:10:29 honeypot-ams-1 sshd[1854]: Connection closed by invalid user admin 179.60.147.69 port 33078 [preauth]","@timestamp":"2022-09-17T12:10:29.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:12:36 honeypot-fra-1 sshd[25205]: Connection closed by invalid user rna 194.163.190.53 port 49020 [preauth]","@timestamp":"2022-09-17T12:12:37.560Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:13:54.846Z","@version":"1","message":"Sep 17 12:13:54 honeypot-sgp-1 kernel: [84292938.865405] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=46535 PROTO=TCP SPT=56004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:14:24 honeypot-fra-1 kernel: [84291274.800272] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=25829 PROTO=TCP SPT=52778 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:14:24.606Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:19:33 honeypot-fra-1 kernel: [84291583.725253] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=36660 PROTO=TCP SPT=54418 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:19:33.732Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:26:13.150Z","@version":"1","message":"Sep 17 12:26:12 honeypot-sgp-1 kernel: [84293677.157891] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50470 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:28:00 honeypot-ams-1 sshd[1864]: Disconnected from authenticating user root 162.243.237.90 port 46204 [preauth]","@timestamp":"2022-09-17T12:28:01.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:33:13 honeypot-ams-1 sshd[1871]: Invalid user machiko from 134.209.212.125 port 58944","@timestamp":"2022-09-17T12:33:13.312Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:35:12 honeypot-fra-1 sshd[25218]: Connection closed by 94.102.61.20 port 47880 [preauth]","@timestamp":"2022-09-17T12:35:13.092Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:36:18.402Z","@version":"1","message":"Sep 17 12:36:17 honeypot-sgp-1 kernel: [84294282.342687] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=38228 PROTO=TCP SPT=41154 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:36:35 honeypot-ams-1 sshd[1873]: Disconnected from invalid user israel 188.68.220.190 port 50916 [preauth]","@timestamp":"2022-09-17T12:36:36.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:38:45 honeypot-fra-1 sshd[25221]: Invalid user sunp from 194.163.190.53 port 53170","@timestamp":"2022-09-17T12:38:46.182Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:45:39 honeypot-ams-1 kernel: [84295319.668778] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.150.37.58 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=43228 PROTO=TCP SPT=46919 DPT=80 WINDOW=37063 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:45:39.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:45:54 honeypot-fra-1 sshd[25228]: Invalid user had from 211.21.113.128 port 1392","@timestamp":"2022-09-17T12:45:54.348Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:46:47.662Z","@version":"1","message":"Sep 17 12:46:46 honeypot-sgp-1 kernel: [84294911.131809] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3541 PROTO=TCP SPT=56890 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:49:29 honeypot-fra-1 sshd[25233]: Received disconnect from 190.217.69.202 port 60888:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:49:29.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:53:31 honeypot-fra-1 sshd[25239]: Disconnected from authenticating user root 178.128.43.209 port 49344 [preauth]","@timestamp":"2022-09-17T12:53:32.526Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:56:14.899Z","@version":"1","message":"Sep 17 12:56:14 honeypot-sgp-1 sshd[28342]: Invalid user admin from 128.199.168.83 port 35028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T12:56:14.899Z","@version":"1","message":"Sep 17 12:56:14 honeypot-sgp-1 sshd[28348]: Invalid user admin from 128.199.168.83 port 35058","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:56:32 honeypot-fra-1 sshd[25243]: Connection closed by invalid user sunp 194.163.190.53 port 48210 [preauth]","@timestamp":"2022-09-17T12:56:33.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:05:23 honeypot-fra-1 sshd[25249]: Connection closed by invalid user yangjy 194.163.190.53 port 58484 [preauth]","@timestamp":"2022-09-17T13:05:23.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:05:26.127Z","@version":"1","message":"Sep 17 13:05:25 honeypot-sgp-1 sshd[28355]: Received disconnect from 45.61.187.160 port 37562:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:05:46.138Z","@version":"1","message":"Sep 17 13:05:45 honeypot-sgp-1 sshd[28359]: Invalid user user from 45.61.187.160 port 60796","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:04.147Z","@version":"1","message":"Sep 17 13:06:03 honeypot-sgp-1 sshd[28364]: Invalid user user from 45.61.187.160 port 55828","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:13.152Z","@version":"1","message":"Sep 17 13:06:12 honeypot-sgp-1 sshd[28366]: Disconnected from invalid user user 45.61.187.160 port 39246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:16.230Z","@version":"1","message":"Sep 17 13:09:15 honeypot-sgp-1 sshd[28373]: Invalid user user from 45.61.186.169 port 38020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:34.348Z","@version":"1","message":"Sep 17 13:09:33 honeypot-sgp-1 sshd[28377]: Invalid user user from 45.61.186.169 port 32956","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:50.356Z","@version":"1","message":"Sep 17 13:09:50 honeypot-sgp-1 sshd[28381]: Invalid user user from 45.61.186.169 port 56116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:10:06.364Z","@version":"1","message":"Sep 17 13:10:05 honeypot-sgp-1 sshd[28385]: Invalid user user from 45.61.186.169 port 51036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:11:06 honeypot-ams-1 kernel: [84296846.909468] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44869 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:11:07.327Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:11:59 honeypot-fra-1 sshd[25255]: Invalid user lifferay from 165.22.45.108 port 59184","@timestamp":"2022-09-17T13:11:59.951Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:12:32.427Z","@version":"1","message":"Sep 17 13:12:32 honeypot-sgp-1 sshd[28389]: Did not receive identification string from 45.61.186.249 port 33686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:12:53 honeypot-fra-1 sshd[25259]: Connection closed by authenticating user root 60.173.195.214 port 50396 [preauth]","@timestamp":"2022-09-17T13:12:53.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:13:13.446Z","@version":"1","message":"Sep 17 13:13:13 honeypot-sgp-1 sshd[28392]: Disconnected from invalid user user 45.61.186.249 port 33058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:13:30.455Z","@version":"1","message":"Sep 17 13:13:30 honeypot-sgp-1 sshd[28396]: Disconnected from invalid user user 45.61.186.249 port 55942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:30 honeypot-ams-1 sshd[1886]: Invalid user user from 45.61.184.204 port 53326","@timestamp":"2022-09-17T13:13:31.394Z"}
{"@timestamp":"2022-09-17T13:13:47.463Z","@version":"1","message":"Sep 17 13:13:47 honeypot-sgp-1 sshd[28401]: Disconnected from invalid user user 45.61.186.249 port 50582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:49 honeypot-ams-1 sshd[1890]: Invalid user user from 45.61.184.204 port 47930","@timestamp":"2022-09-17T13:13:50.405Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:59 honeypot-ams-1 sshd[1892]: Disconnected from invalid user user 45.61.184.204 port 59352 [preauth]","@timestamp":"2022-09-17T13:13:59.410Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:15 honeypot-ams-1 sshd[1898]: Invalid user user from 45.61.184.204 port 53964","@timestamp":"2022-09-17T13:14:15.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:14:54 honeypot-fra-1 sshd[25265]: Received disconnect from 51.83.71.70 port 37574:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:14:55.025Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:15:05.498Z","@version":"1","message":"Sep 17 13:15:04 honeypot-sgp-1 sshd[28405]: Disconnected from invalid user adalberto 143.110.151.255 port 56814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:16:26 honeypot-ams-1 kernel: [84297167.468085] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=62690 PROTO=TCP SPT=1952 DPT=80 WINDOW=65377 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:16:27.478Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:17:01 honeypot-fra-1 CRON[25270]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T13:17:02.075Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:17:02.549Z","@version":"1","message":"Sep 17 13:17:01 honeypot-sgp-1 CRON[28411]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:18:04 honeypot-ams-1 sshd[1908]: Connection closed by 94.102.61.20 port 52334 [preauth]","@timestamp":"2022-09-17T13:18:04.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:23:02 honeypot-fra-1 sshd[25278]: Connection closed by invalid user yangjy 194.163.190.53 port 55298 [preauth]","@timestamp":"2022-09-17T13:23:03.232Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:28:17.827Z","@version":"1","message":"Sep 17 13:28:17 honeypot-sgp-1 kernel: [84297401.827539] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=245 ID=12816 PROTO=TCP SPT=3629 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:33:45.963Z","@version":"1","message":"Sep 17 13:33:45 honeypot-sgp-1 sshd[28428]: Invalid user user from 45.61.186.169 port 53352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:04.973Z","@version":"1","message":"Sep 17 13:34:04 honeypot-sgp-1 sshd[28432]: Invalid user user from 45.61.186.169 port 47894","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:20.980Z","@version":"1","message":"Sep 17 13:34:20 honeypot-sgp-1 sshd[28436]: Invalid user user from 45.61.186.169 port 42428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:28.986Z","@version":"1","message":"Sep 17 13:34:28 honeypot-sgp-1 sshd[28438]: Disconnected from invalid user user 45.61.186.169 port 53810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:34:57 honeypot-ams-1 sshd[1915]: Received disconnect from 159.223.164.107 port 34324:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:34:57.977Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:40:26 honeypot-fra-1 sshd[25284]: Connection closed by invalid user wangyi 194.163.190.53 port 49000 [preauth]","@timestamp":"2022-09-17T13:40:27.622Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:41:08.151Z","@version":"1","message":"Sep 17 13:41:07 honeypot-sgp-1 sshd[28447]: Received disconnect from 45.61.186.169 port 49272:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:25.160Z","@version":"1","message":"Sep 17 13:41:24 honeypot-sgp-1 sshd[28451]: Invalid user user from 45.61.186.169 port 44642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:42.172Z","@version":"1","message":"Sep 17 13:41:41 honeypot-sgp-1 sshd[28455]: Invalid user user from 45.61.186.169 port 39966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:43:03.207Z","@version":"1","message":"Sep 17 13:43:02 honeypot-sgp-1 sshd[28459]: Unable to negotiate with 190.124.32.18 port 57463: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:44:30 honeypot-fra-1 sshd[25288]: Disconnected from authenticating user root 217.10.103.163 port 56210 [preauth]","@timestamp":"2022-09-17T13:44:30.719Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:47:55 honeypot-ams-1 kernel: [84299056.472541] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=5254 PROTO=TCP SPT=42107 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:47:56.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:51:23 honeypot-fra-1 kernel: [84297093.557707] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=57165 PROTO=TCP SPT=42616 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:51:23.878Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:54:42.486Z","@version":"1","message":"Sep 17 13:54:42 honeypot-sgp-1 sshd[28466]: Disconnected from authenticating user root 91.240.118.222 port 17957 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:57:29.558Z","@version":"1","message":"Sep 17 13:57:28 honeypot-sgp-1 kernel: [84299152.868998] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=12444 PROTO=TCP SPT=43001 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:04:15 honeypot-fra-1 sshd[25301]: Connection closed by invalid user wangyi 194.163.190.53 port 46218 [preauth]","@timestamp":"2022-09-17T14:04:16.166Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:06:02 honeypot-ams-1 kernel: [84300143.523968] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=3006 PROTO=TCP SPT=32095 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:06:03.810Z"}
{"@timestamp":"2022-09-17T14:06:12.788Z","@version":"1","message":"Sep 17 14:06:12 honeypot-sgp-1 kernel: [84299676.550432] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.47 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36034 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:07:55 honeypot-fra-1 sshd[25303]: Connection closed by invalid user user 193.106.191.157 port 39898 [preauth]","@timestamp":"2022-09-17T14:07:56.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:13:33 honeypot-fra-1 kernel: [84298423.568466] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=175.111.181.85 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49133 DF PROTO=TCP SPT=13357 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:13:33.379Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:15:28 honeypot-ams-1 kernel: [84300708.541029] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31805 PROTO=TCP SPT=49353 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:15:28.064Z"}
{"@timestamp":"2022-09-17T14:18:43.096Z","@version":"1","message":"Sep 17 14:18:42 honeypot-sgp-1 sshd[28480]: Invalid user wwsi from 178.128.187.192 port 42282","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:20:58 honeypot-ams-1 sshd[1939]: Invalid user user from 45.61.184.204 port 60060","@timestamp":"2022-09-17T14:20:59.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:17 honeypot-ams-1 sshd[1943]: Invalid user user from 45.61.184.204 port 54914","@timestamp":"2022-09-17T14:21:17.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:35 honeypot-ams-1 sshd[1947]: Invalid user user from 45.61.184.204 port 49796","@timestamp":"2022-09-17T14:21:35.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:51 honeypot-ams-1 sshd[1952]: Invalid user user from 45.61.184.204 port 44664","@timestamp":"2022-09-17T14:21:52.268Z"}
{"@timestamp":"2022-09-17T14:22:41.194Z","@version":"1","message":"Sep 17 14:22:40 honeypot-sgp-1 kernel: [84300665.089850] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58629 PROTO=TCP SPT=57968 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:26:28 honeypot-fra-1 kernel: [84299198.704727] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46938 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:26:28.666Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:29:26 honeypot-fra-1 kernel: [84299376.437436] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=165.22.82.222 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=406 DF PROTO=TCP SPT=26739 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:29:26.736Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T14:30:48.397Z","@version":"1","message":"Sep 17 14:30:47 honeypot-sgp-1 sshd[28492]: Received disconnect from 202.21.123.124 port 45602:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T14:33:10.460Z","@version":"1","message":"Sep 17 14:33:09 honeypot-sgp-1 sshd[28498]: Disconnected from authenticating user root 159.223.213.242 port 37730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25335]: Invalid user oracle from 20.243.201.105 port 60794","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25328]: Invalid user postgres from 20.243.201.105 port 60806","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25341]: Invalid user admin from 20.243.201.105 port 60834","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25338]: Invalid user cloud from 20.243.201.105 port 60798","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25343]: Connection closed by authenticating user root 20.243.201.105 port 60786 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25352]: Connection closed by invalid user elastic 20.243.201.105 port 60844 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25341]: Connection closed by invalid user admin 20.243.201.105 port 60834 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25340]: Connection closed by invalid user oracle 20.243.201.105 port 60816 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:05 honeypot-fra-1 sshd[25378]: Connection closed by authenticating user root 20.243.201.105 port 60850 [preauth]","@timestamp":"2022-09-17T14:34:05.847Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:34:42 honeypot-ams-1 kernel: [84301862.812143] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37625 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:34:42.598Z"}
{"@timestamp":"2022-09-17T14:36:13.538Z","@version":"1","message":"Sep 17 14:36:12 honeypot-sgp-1 kernel: [84301476.941271] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=13249 DF PROTO=TCP SPT=59188 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:40:18 honeypot-ams-1 kernel: [84302199.477648] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60189 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:40:19.749Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:42:01 honeypot-fra-1 sshd[25383]: Invalid user admin from 128.199.160.207 port 60532","@timestamp":"2022-09-17T14:42:02.026Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:42:04 honeypot-fra-1 sshd[25389]: Invalid user admin from 128.199.160.207 port 60562","@timestamp":"2022-09-17T14:42:05.029Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:49:48.877Z","@version":"1","message":"Sep 17 14:49:48 honeypot-sgp-1 sshd[28506]: Received disconnect from 107.173.111.206 port 49170:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:51:47 honeypot-fra-1 sshd[25395]: Received disconnect from 159.65.1.92 port 41388:11: Bye Bye [preauth]","@timestamp":"2022-09-17T14:51:48.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:53:36 honeypot-fra-1 sshd[25399]: Connection closed by invalid user admin 221.158.195.111 port 42296 [preauth]","@timestamp":"2022-09-17T14:53:37.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:55:53 honeypot-ams-1 kernel: [84303134.200859] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16229 PROTO=TCP SPT=46277 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:55:54.156Z"}
{"@timestamp":"2022-09-17T14:58:03.103Z","@version":"1","message":"Sep 17 14:58:02 honeypot-sgp-1 kernel: [84302786.360667] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55215 PROTO=TCP SPT=46677 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:02:15 honeypot-fra-1 sshd[25404]: Disconnected from invalid user admin 62.204.41.222 port 40237 [preauth]","@timestamp":"2022-09-17T15:02:15.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:08:45 honeypot-fra-1 sshd[25410]: Invalid user chenlei from 194.163.190.53 port 52318","@timestamp":"2022-09-17T15:08:45.651Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:09:01.376Z","@version":"1","message":"Sep 17 15:09:00 honeypot-sgp-1 kernel: [84303444.898323] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.74.61.179 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=19052 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:11:43 honeypot-fra-1 sshd[25416]: Received disconnect from 91.240.118.222 port 11758:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-17T15:11:43.723Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:12:12 honeypot-ams-1 sshd[1964]: Invalid user debian from 179.60.147.69 port 49898","@timestamp":"2022-09-17T15:12:12.582Z"}
{"@timestamp":"2022-09-17T15:15:02.527Z","@version":"1","message":"Sep 17 15:15:02 honeypot-sgp-1 kernel: [84303806.523492] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=13779 PROTO=TCP SPT=46803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:16:53.577Z","@version":"1","message":"Sep 17 15:16:52 honeypot-sgp-1 sshd[28530]: Invalid user ankesh from 187.188.240.7 port 53854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:17:01 honeypot-fra-1 CRON[25421]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T15:17:01.845Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:19:44 honeypot-fra-1 sshd[25426]: Received disconnect from 103.235.170.195 port 57792:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:19:45.907Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:20:11.660Z","@version":"1","message":"Sep 17 15:20:11 honeypot-sgp-1 kernel: [84304115.723755] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.93.201.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=28679 PROTO=TCP SPT=46982 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:22:50 honeypot-fra-1 kernel: [84302581.020191] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=22528 PROTO=TCP SPT=48079 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:22:50.977Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T15:25:34.825Z","@version":"1","message":"Sep 17 15:25:34 honeypot-sgp-1 sshd[28541]: Disconnected from authenticating user root 184.168.122.62 port 59350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:25:54 honeypot-fra-1 kernel: [84302764.556910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.251 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60028 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:25:55.052Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:26:46 honeypot-ams-1 kernel: [84304986.715965] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.69 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37456 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:26:46.960Z"}
{"@timestamp":"2022-09-17T15:27:11.868Z","@version":"1","message":"Sep 17 15:27:10 honeypot-sgp-1 kernel: [84304535.126726] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39218 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:32:46 honeypot-ams-1 kernel: [84305347.089987] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.142.186.224 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=53266 PROTO=TCP SPT=64291 DPT=80 WINDOW=45923 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:32:47.140Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:51 honeypot-fra-1 sshd[25442]: Connection closed by invalid user fuweijie 194.163.190.53 port 49766 [preauth]","@timestamp":"2022-09-17T15:32:52.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:33:21 honeypot-fra-1 sshd[25446]: Received disconnect from 139.59.26.97 port 40698:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:33:21.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:35:50 honeypot-fra-1 sshd[25450]: Disconnected from authenticating user root 206.189.226.38 port 52090 [preauth]","@timestamp":"2022-09-17T15:35:51.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:37:20 honeypot-fra-1 sshd[25455]: Received disconnect from 103.226.248.61 port 48346:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:37:21.310Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:41:09 honeypot-ams-1 sshd[1979]: Disconnected from authenticating user root 213.82.38.225 port 49506 [preauth]","@timestamp":"2022-09-17T15:41:10.355Z"}
{"@timestamp":"2022-09-17T15:45:11.310Z","@version":"1","message":"Sep 17 15:45:11 honeypot-sgp-1 sshd[28552]: Connection closed by invalid user ubnt 179.60.147.69 port 63888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:46:17 honeypot-fra-1 sshd[25460]: Invalid user ubnt from 179.60.147.69 port 10306","@timestamp":"2022-09-17T15:46:17.545Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:48:25.392Z","@version":"1","message":"Sep 17 15:48:24 honeypot-sgp-1 sshd[28558]: Received disconnect from 45.61.184.204 port 33098:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:48:44.401Z","@version":"1","message":"Sep 17 15:48:44 honeypot-sgp-1 sshd[28562]: Received disconnect from 45.61.184.204 port 56614:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:49:02.412Z","@version":"1","message":"Sep 17 15:49:01 honeypot-sgp-1 sshd[28566]: Received disconnect from 45.61.184.204 port 51898:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:50:03 honeypot-fra-1 sshd[25464]: Invalid user benoit from 111.93.214.67 port 45430","@timestamp":"2022-09-17T15:50:04.633Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:53:59.535Z","@version":"1","message":"Sep 17 15:53:58 honeypot-sgp-1 sshd[28572]: Connection closed by invalid user pi 173.17.219.96 port 38298 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:54:12.541Z","@version":"1","message":"Sep 17 15:54:11 honeypot-sgp-1 sshd[28578]: Connection closed by invalid user pi 79.232.97.97 port 39108 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:54:15 honeypot-fra-1 sshd[25469]: Received disconnect from 134.209.210.254 port 50480:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:54:16.731Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:59:01 honeypot-ams-1 kernel: [84306921.723824] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=60452 PROTO=TCP SPT=61001 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:59:01.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:59:21 honeypot-fra-1 sshd[25474]: Disconnected from authenticating user root 112.196.54.35 port 50650 [preauth]","@timestamp":"2022-09-17T15:59:21.847Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:03:04.763Z","@version":"1","message":"Sep 17 16:03:03 honeypot-sgp-1 sshd[28584]: Invalid user pi from 47.208.246.201 port 46224","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:06:43 honeypot-fra-1 sshd[25479]: Received disconnect from 165.22.45.108 port 46368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T16:06:44.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:10:32 honeypot-ams-1 kernel: [84307613.081149] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=43175 PROTO=TCP SPT=50844 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:10:33.116Z"}
{"@timestamp":"2022-09-17T16:14:50.050Z","@version":"1","message":"Sep 17 16:14:49 honeypot-sgp-1 sshd[28592]: Received disconnect from 61.177.172.124 port 35824:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:17:01 honeypot-fra-1 CRON[25486]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T16:17:02.249Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:17:01 honeypot-ams-1 CRON[1998]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T16:17:02.288Z"}
{"@timestamp":"2022-09-17T16:18:18.138Z","@version":"1","message":"Sep 17 16:18:17 honeypot-sgp-1 sshd[28599]: Received disconnect from 61.177.173.37 port 38298:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:20:07 honeypot-fra-1 sshd[25492]: Connection closed by invalid user huzhou 194.163.190.53 port 43266 [preauth]","@timestamp":"2022-09-17T16:20:08.322Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:21:41.222Z","@version":"1","message":"Sep 17 16:21:41 honeypot-sgp-1 sshd[28604]: Connection closed by invalid user default 179.60.147.69 port 56212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:22:19.239Z","@version":"1","message":"Sep 17 16:22:18 honeypot-sgp-1 sshd[28608]: Disconnected from invalid user training 206.189.153.72 port 55988 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:25:50.327Z","@version":"1","message":"Sep 17 16:25:49 honeypot-sgp-1 kernel: [84308054.135135] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18643 PROTO=TCP SPT=51442 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:29:33 honeypot-fra-1 kernel: [84306583.950234] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.158.217.52 DST=165.22.82.222 LEN=40 TOS=0x08 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=52159 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:29:34.538Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:30:05 honeypot-ams-1 sshd[2005]: Invalid user user from 193.106.191.157 port 54810","@timestamp":"2022-09-17T16:30:05.652Z"}
{"@timestamp":"2022-09-17T16:37:08.608Z","@version":"1","message":"Sep 17 16:37:08 honeypot-sgp-1 sshd[28622]: Invalid user admin from 144.24.131.170 port 60496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:37:23 honeypot-fra-1 sshd[25504]: Received disconnect from 103.246.240.30 port 45084:11: Bye Bye [preauth]","@timestamp":"2022-09-17T16:37:24.719Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:38:14.638Z","@version":"1","message":"Sep 17 16:38:13 honeypot-sgp-1 sshd[28626]: Disconnected from authenticating user root 61.177.173.36 port 34993 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:40:47 honeypot-fra-1 sshd[25510]: Received disconnect from 43.154.143.45 port 60874:11: Bye Bye [preauth]","@timestamp":"2022-09-17T16:40:48.801Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:44:10 honeypot-ams-1 kernel: [84309631.431287] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=38348 PROTO=TCP SPT=46089 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:44:11.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:44:36 honeypot-fra-1 sshd[25514]: Connection closed by invalid user huzhou 194.163.190.53 port 43414 [preauth]","@timestamp":"2022-09-17T16:44:36.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:49:56.927Z","@version":"1","message":"Sep 17 16:49:56 honeypot-sgp-1 sshd[28633]: Disconnected from invalid user cv 113.21.232.39 port 42986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:51:51 honeypot-ams-1 kernel: [84310092.302305] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.241.92.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=28018 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:51:52.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:56:23 honeypot-fra-1 sshd[25522]: Received disconnect from 196.3.164.45 port 45116:11: Bye Bye [preauth]","@timestamp":"2022-09-17T16:56:24.153Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:57:00 honeypot-ams-1 kernel: [84310401.311004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.58.118.141 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=62709 PROTO=TCP SPT=61445 DPT=80 WINDOW=13277 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:57:01.356Z"}
{"@timestamp":"2022-09-17T16:57:49.122Z","@version":"1","message":"Sep 17 16:57:48 honeypot-sgp-1 sshd[28640]: Connection closed by invalid user centos 179.60.147.69 port 49960 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:59:00 honeypot-fra-1 sshd[25527]: Received disconnect from 190.35.38.226 port 53620:11: Bye Bye [preauth]","@timestamp":"2022-09-17T16:59:00.214Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:00:57 honeypot-ams-1 sshd[2020]: Disconnected from authenticating user root 134.122.57.194 port 55162 [preauth]","@timestamp":"2022-09-17T17:00:57.461Z"}
{"@timestamp":"2022-09-17T17:02:05.229Z","@version":"1","message":"Sep 17 17:02:05 honeypot-sgp-1 kernel: [84310229.250887] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=19216 PROTO=TCP SPT=53935 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:02:36 honeypot-fra-1 sshd[25531]: Connection closed by invalid user openerp 141.98.10.158 port 47592 [preauth]","@timestamp":"2022-09-17T17:02:37.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:17 honeypot-fra-1 sshd[25537]: Invalid user ligh from 165.22.45.108 port 51516","@timestamp":"2022-09-17T17:05:18.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:43 honeypot-fra-1 sshd[25541]: Invalid user user from 45.61.186.169 port 57718","@timestamp":"2022-09-17T17:05:44.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:01 honeypot-fra-1 sshd[25546]: Invalid user user from 45.61.186.169 port 53012","@timestamp":"2022-09-17T17:06:02.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:19 honeypot-fra-1 sshd[25550]: Invalid user user from 45.61.186.169 port 48336","@timestamp":"2022-09-17T17:06:20.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:07:21 honeypot-fra-1 kernel: [84308851.544515] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=36184 PROTO=TCP SPT=61001 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:07:22.504Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:07:25.362Z","@version":"1","message":"Sep 17 17:07:24 honeypot-sgp-1 sshd[28652]: Received disconnect from 139.59.14.70 port 50650:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:09:02.403Z","@version":"1","message":"Sep 17 17:09:01 honeypot-sgp-1 CRON[28656]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:09:01 honeypot-ams-1 CRON[2025]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T17:09:02.671Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:09:33 honeypot-fra-1 kernel: [84308983.342219] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16418 PROTO=TCP SPT=49032 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:09:33.558Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:11:07.455Z","@version":"1","message":"Sep 17 17:11:07 honeypot-sgp-1 sshd[28661]: Disconnected from invalid user vic 68.183.92.26 port 49944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:15:29.563Z","@version":"1","message":"Sep 17 17:15:28 honeypot-sgp-1 sshd[28672]: Disconnected from authenticating user root 64.227.185.119 port 34318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:16:26 honeypot-fra-1 sshd[25566]: Connection closed by invalid user luosuchang 194.163.190.53 port 52540 [preauth]","@timestamp":"2022-09-17T17:16:27.717Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:17:24.612Z","@version":"1","message":"Sep 17 17:17:23 honeypot-sgp-1 sshd[28680]: Received disconnect from 190.89.12.2 port 39944:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:19:31 honeypot-fra-1 sshd[25571]: Received disconnect from 189.112.251.33 port 56593:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:19:31.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:25:03.799Z","@version":"1","message":"Sep 17 17:25:03 honeypot-sgp-1 kernel: [84311607.477573] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.87.10 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=22815 PROTO=TCP SPT=55351 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:28:49 honeypot-fra-1 kernel: [84310139.174527] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52089 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:28:50.003Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:30:22.928Z","@version":"1","message":"Sep 17 17:30:22 honeypot-sgp-1 sshd[28688]: Disconnected from invalid user onapp 190.210.182.179 port 39114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:29.933Z","@version":"1","message":"Sep 17 17:30:29 honeypot-sgp-1 sshd[28692]: Disconnected from invalid user admin 202.88.241.158 port 3496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:30:57 honeypot-ams-1 kernel: [84312437.572886] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=5046 PROTO=TCP SPT=55805 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:30:57.237Z"}
{"@timestamp":"2022-09-17T17:31:26.960Z","@version":"1","message":"Sep 17 17:31:26 honeypot-sgp-1 sshd[28698]: Invalid user shares from 45.89.26.119 port 60554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:32:12 honeypot-fra-1 sshd[25582]: Received disconnect from 60.249.82.125 port 51466:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:32:13.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:32:43 honeypot-fra-1 sshd[25586]: Disconnected from invalid user usher 79.129.29.237 port 54606 [preauth]","@timestamp":"2022-09-17T17:32:44.097Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:33:56.021Z","@version":"1","message":"Sep 17 17:33:56 honeypot-sgp-1 sshd[28702]: Invalid user centos from 179.60.147.69 port 64878","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:35:05 honeypot-fra-1 sshd[25593]: Invalid user centos from 179.60.147.69 port 27646","@timestamp":"2022-09-17T17:35:05.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:37:15.105Z","@version":"1","message":"Sep 17 17:37:14 honeypot-sgp-1 sshd[28708]: Connection closed by invalid user thumvass 137.116.144.39 port 59642 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:37:16 honeypot-ams-1 sshd[2053]: Connection closed by invalid user centos 179.60.147.69 port 30296 [preauth]","@timestamp":"2022-09-17T17:37:17.405Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:44:26 honeypot-fra-1 kernel: [84311076.295387] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.162.39.160 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=8116 PROTO=TCP SPT=56031 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:44:27.364Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:51:28.447Z","@version":"1","message":"Sep 17 17:51:27 honeypot-sgp-1 sshd[28718]: Received disconnect from 61.177.173.37 port 42281:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:55:24 honeypot-fra-1 sshd[25672]: Connection closed by invalid user shaopengyang 194.163.190.53 port 35776 [preauth]","@timestamp":"2022-09-17T17:55:24.638Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:55:55.903Z","@version":"1","message":"Sep 17 17:55:54 honeypot-sgp-1 sshd[28723]: Unable to negotiate with 118.68.171.196 port 63908: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:56:15 honeypot-ams-1 kernel: [84313956.024030] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.49 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=49421 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:56:15.895Z"}
{"@timestamp":"2022-09-17T17:58:14.961Z","@version":"1","message":"Sep 17 17:58:14 honeypot-sgp-1 kernel: [84313598.839581] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=33177 DF PROTO=TCP SPT=34201 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:02:38 honeypot-fra-1 sshd[25677]: Received disconnect from 118.70.170.120 port 45970:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:02:38.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:03:27 honeypot-fra-1 sshd[25681]: Connection closed by invalid user shaopengyang 194.163.190.53 port 45592 [preauth]","@timestamp":"2022-09-17T18:03:27.826Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:10:10.256Z","@version":"1","message":"Sep 17 18:10:09 honeypot-sgp-1 kernel: [84314313.454204] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=49384 PROTO=TCP SPT=61001 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:11:32 honeypot-fra-1 sshd[25687]: Connection closed by authenticating user root 179.60.147.69 port 46580 [preauth]","@timestamp":"2022-09-17T18:11:33.015Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:13:02 honeypot-ams-1 kernel: [84314962.677719] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3171 PROTO=TCP SPT=57603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:13:02.330Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:19:10 honeypot-fra-1 sshd[25693]: Invalid user shaopengyang from 194.163.190.53 port 34046","@timestamp":"2022-09-17T18:19:11.191Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:24:34.610Z","@version":"1","message":"Sep 17 18:24:34 honeypot-sgp-1 sshd[28752]: Disconnected from authenticating user root 177.93.51.98 port 57618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:26:40 honeypot-fra-1 sshd[25700]: Invalid user share from 194.163.190.53 port 40290","@timestamp":"2022-09-17T18:26:40.359Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:27:27.683Z","@version":"1","message":"Sep 17 18:27:27 honeypot-sgp-1 sshd[28758]: Invalid user  from 185.246.130.20 port 28487","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:27:57.699Z","@version":"1","message":"Sep 17 18:27:56 honeypot-sgp-1 sshd[28764]: Invalid user  from 185.246.130.20 port 25319","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:11.706Z","@version":"1","message":"Sep 17 18:28:11 honeypot-sgp-1 sshd[28766]: Disconnecting invalid user admin 185.246.130.20 port 22998: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:28:36 honeypot-ams-1 sshd[2069]: Invalid user admin from 80.68.7.179 port 56938","@timestamp":"2022-09-17T18:28:36.756Z"}
{"@timestamp":"2022-09-17T18:28:37.720Z","@version":"1","message":"Sep 17 18:28:37 honeypot-sgp-1 sshd[28774]: Invalid user aerohive from 185.246.130.20 port 1720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:08.735Z","@version":"1","message":"Sep 17 18:29:08 honeypot-sgp-1 sshd[28780]: Invalid user private from 185.246.130.20 port 25940","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:35.751Z","@version":"1","message":"Sep 17 18:29:35 honeypot-sgp-1 sshd[28786]: Disconnecting invalid user Admin 185.246.130.20 port 11345: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:58.764Z","@version":"1","message":"Sep 17 18:29:58 honeypot-sgp-1 sshd[28793]: Disconnecting invalid user user 185.246.130.20 port 46669: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:30:32 honeypot-fra-1 sshd[25777]: Connection closed by invalid user  152.32.157.116 port 43472 [preauth]","@timestamp":"2022-09-17T18:30:32.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:30:40.783Z","@version":"1","message":"Sep 17 18:30:40 honeypot-sgp-1 sshd[28803]: Did not receive identification string from 45.61.184.204 port 45574","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:49.788Z","@version":"1","message":"Sep 17 18:30:49 honeypot-sgp-1 sshd[28804]: Invalid user guest from 185.246.130.20 port 23073","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:03.795Z","@version":"1","message":"Sep 17 18:31:03 honeypot-sgp-1 sshd[28808]: Disconnecting invalid user 1234 185.246.130.20 port 53638: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:16.801Z","@version":"1","message":"Sep 17 18:31:16 honeypot-sgp-1 sshd[28817]: Received disconnect from 45.61.184.204 port 59498:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:24.805Z","@version":"1","message":"Sep 17 18:31:24 honeypot-sgp-1 sshd[28820]: Disconnected from invalid user user 45.61.184.204 port 42608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:37.811Z","@version":"1","message":"Sep 17 18:31:37 honeypot-sgp-1 sshd[28826]: Invalid user cisco from 185.246.130.20 port 55292","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:31:40 honeypot-ams-1 kernel: [84316081.063957] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53787 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:31:40.838Z"}
{"@timestamp":"2022-09-17T18:31:46.817Z","@version":"1","message":"Sep 17 18:31:46 honeypot-sgp-1 sshd[28828]: Disconnecting invalid user admin 185.246.130.20 port 56085: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:32:16.832Z","@version":"1","message":"Sep 17 18:32:16 honeypot-sgp-1 sshd[28839]: Received disconnect from 61.177.173.52 port 27030:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:24 honeypot-fra-1 sshd[25782]: Received disconnect from 45.61.187.160 port 41942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:32:25.494Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:32:42.844Z","@version":"1","message":"Sep 17 18:32:42 honeypot-sgp-1 sshd[28844]: Invalid user sti.admin5 from 185.246.130.20 port 31399","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:46 honeypot-fra-1 sshd[25786]: Received disconnect from 45.61.187.160 port 36960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:32:46.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:33:04 honeypot-fra-1 sshd[25790]: Received disconnect from 45.61.187.160 port 60170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:33:04.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:33:08.858Z","@version":"1","message":"Sep 17 18:33:08 honeypot-sgp-1 sshd[28850]: Invalid user zhone from 185.246.130.20 port 4812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:36.873Z","@version":"1","message":"Sep 17 18:33:36 honeypot-sgp-1 sshd[28857]: Disconnecting invalid user default 185.246.130.20 port 29013: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:51.881Z","@version":"1","message":"Sep 17 18:33:51 honeypot-sgp-1 sshd[28862]: Disconnecting invalid user c1@r0 185.246.130.20 port 9351: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:34:11 honeypot-fra-1 sshd[25794]: Invalid user share from 194.163.190.53 port 46780","@timestamp":"2022-09-17T18:34:12.542Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:34:12.891Z","@version":"1","message":"Sep 17 18:34:12 honeypot-sgp-1 sshd[28868]: Disconnecting invalid user superonline 185.246.130.20 port 56182: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:34:39.905Z","@version":"1","message":"Sep 17 18:34:39 honeypot-sgp-1 sshd[28874]: Disconnecting invalid user Admin 185.246.130.20 port 12561: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:34:46 honeypot-ams-1 sshd[2074]: Disconnected from invalid user wp-user 190.226.244.9 port 41058 [preauth]","@timestamp":"2022-09-17T18:34:46.923Z"}
{"@timestamp":"2022-09-17T18:35:14.923Z","@version":"1","message":"Sep 17 18:35:14 honeypot-sgp-1 sshd[28881]: Disconnecting invalid user  185.246.130.20 port 31963: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:35:51.941Z","@version":"1","message":"Sep 17 18:35:51 honeypot-sgp-1 sshd[28887]: Disconnecting invalid user  185.246.130.20 port 14013: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:36:23.956Z","@version":"1","message":"Sep 17 18:36:23 honeypot-sgp-1 sshd[28893]: Disconnecting invalid user admin 185.246.130.20 port 27436: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:02.980Z","@version":"1","message":"Sep 17 18:37:02 honeypot-sgp-1 sshd[28903]: Received disconnect from 61.177.173.35 port 19967:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:24.990Z","@version":"1","message":"Sep 17 18:37:24 honeypot-sgp-1 sshd[28907]: Invalid user admin from 185.246.130.20 port 44378","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:54.005Z","@version":"1","message":"Sep 17 18:37:53 honeypot-sgp-1 sshd[28913]: Invalid user Shiko from 185.246.130.20 port 59852","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:25.021Z","@version":"1","message":"Sep 17 18:38:24 honeypot-sgp-1 sshd[28919]: Invalid user smcadmin from 185.246.130.20 port 4362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:51.034Z","@version":"1","message":"Sep 17 18:38:50 honeypot-sgp-1 sshd[28925]: Invalid user highspeed from 185.246.130.20 port 4288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:24.050Z","@version":"1","message":"Sep 17 18:39:23 honeypot-sgp-1 sshd[28931]: Invalid user  from 185.246.130.20 port 30026","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:39:39 honeypot-fra-1 kernel: [84314389.305162] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.111.174.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=10814 PROTO=TCP SPT=44229 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:39:39.668Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T18:39:51.065Z","@version":"1","message":"Sep 17 18:39:51 honeypot-sgp-1 sshd[28938]: Invalid user public from 185.246.130.20 port 4226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:16.078Z","@version":"1","message":"Sep 17 18:40:15 honeypot-sgp-1 sshd[28944]: Disconnecting authenticating user root 185.246.130.20 port 7156: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:41.090Z","@version":"1","message":"Sep 17 18:40:40 honeypot-sgp-1 sshd[28950]: Disconnecting invalid user amdin 185.246.130.20 port 29313: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:15.108Z","@version":"1","message":"Sep 17 18:41:14 honeypot-sgp-1 sshd[28957]: Disconnecting invalid user admin 185.246.130.20 port 53160: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:41:29 honeypot-ams-1 sshd[2080]: Disconnected from authenticating user root 167.172.152.18 port 40386 [preauth]","@timestamp":"2022-09-17T18:41:30.109Z"}
{"@timestamp":"2022-09-17T18:41:40.120Z","@version":"1","message":"Sep 17 18:41:39 honeypot-sgp-1 sshd[28961]: Disconnecting invalid user 0 185.246.130.20 port 60368: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:42:12.135Z","@version":"1","message":"Sep 17 18:42:11 honeypot-sgp-1 sshd[28969]: Disconnecting invalid user admin 185.246.130.20 port 48242: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:42:50 honeypot-ams-1 sshd[2086]: Invalid user admin from 193.106.191.157 port 56756","@timestamp":"2022-09-17T18:42:51.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:42:54 honeypot-fra-1 sshd[25806]: error: maximum authentication attempts exceeded for invalid user admin from 14.241.100.188 port 49577 ssh2 [preauth]","@timestamp":"2022-09-17T18:42:54.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:43:54 honeypot-ams-1 sshd[2092]: Received disconnect from 167.172.152.18 port 33348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:43:55.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:45:18 honeypot-ams-1 sshd[2098]: Received disconnect from 167.172.152.18 port 57364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:45:19.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:46:14 honeypot-ams-1 sshd[2103]: Received disconnect from 167.172.152.18 port 54660:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:46:15.250Z"}
{"@timestamp":"2022-09-17T18:46:39.244Z","@version":"1","message":"Sep 17 18:46:38 honeypot-sgp-1 sshd[28976]: Connection closed by invalid user default 179.60.147.69 port 21172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:47:09 honeypot-ams-1 sshd[2107]: Received disconnect from 167.172.152.18 port 51762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:47:10.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:04 honeypot-ams-1 sshd[2111]: Received disconnect from 167.172.152.18 port 48926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:48:05.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:59 honeypot-ams-1 sshd[2115]: Received disconnect from 167.172.152.18 port 46068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:49:00.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:49:54 honeypot-ams-1 sshd[2119]: Received disconnect from 167.172.152.18 port 43588:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:49:55.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:50:21 honeypot-ams-1 sshd[2123]: Disconnected from invalid user demo 167.172.152.18 port 41888 [preauth]","@timestamp":"2022-09-17T18:50:22.387Z"}
{"@timestamp":"2022-09-17T18:50:29.338Z","@version":"1","message":"Sep 17 18:50:28 honeypot-sgp-1 kernel: [84316732.740547] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.7.109 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=39850 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:51:16 honeypot-ams-1 sshd[2128]: Disconnected from invalid user jenkins 167.172.152.18 port 38770 [preauth]","@timestamp":"2022-09-17T18:51:16.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:52:10 honeypot-ams-1 sshd[2132]: Disconnected from invalid user ftpadmin 167.172.152.18 port 36278 [preauth]","@timestamp":"2022-09-17T18:52:11.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:52:55 honeypot-fra-1 kernel: [84315185.587288] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.82.191 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47798 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:52:55.971Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:53:06 honeypot-ams-1 sshd[2136]: Received disconnect from 167.172.152.18 port 33412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:53:07.466Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:02 honeypot-ams-1 sshd[2140]: Received disconnect from 167.172.152.18 port 58920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:54:03.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:58 honeypot-ams-1 sshd[2144]: Received disconnect from 167.172.152.18 port 56036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:54:58.518Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:56:46 honeypot-fra-1 sshd[25821]: Connection closed by invalid user songzijie 194.163.190.53 port 41592 [preauth]","@timestamp":"2022-09-17T18:56:47.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:57:10 honeypot-ams-1 sshd[2149]: Invalid user pum from 96.79.228.114 port 58228","@timestamp":"2022-09-17T18:57:10.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:58:33 honeypot-ams-1 sshd[2153]: Disconnected from authenticating user root 128.199.97.155 port 3859 [preauth]","@timestamp":"2022-09-17T18:58:33.618Z"}
{"@timestamp":"2022-09-17T18:59:48.557Z","@version":"1","message":"Sep 17 18:59:48 honeypot-sgp-1 kernel: [84317292.437927] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:02:01 honeypot-fra-1 sshd[25829]: Received disconnect from 165.22.45.108 port 33568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T19:02:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:02:53 honeypot-ams-1 kernel: [84317954.279733] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=42607 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:02:54.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:04:46 honeypot-fra-1 sshd[25833]: Connection closed by invalid user songzijie 194.163.190.53 port 49280 [preauth]","@timestamp":"2022-09-17T19:04:47.243Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:05:20.684Z","@version":"1","message":"Sep 17 19:05:20 honeypot-sgp-1 sshd[28992]: Invalid user liu from 103.188.176.251 port 40728","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:12:13.852Z","@version":"1","message":"Sep 17 19:12:13 honeypot-sgp-1 sshd[28999]: Received disconnect from 61.177.172.104 port 44044:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:12:45 honeypot-fra-1 sshd[25838]: Connection closed by invalid user admin 193.106.191.157 port 37342 [preauth]","@timestamp":"2022-09-17T19:12:46.426Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:12:52 honeypot-ams-1 sshd[2164]: Received disconnect from 124.221.41.109 port 46154:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:12:53.019Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:14:33 honeypot-fra-1 sshd[25845]: Received disconnect from 34.151.215.28 port 37108:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:14:33.469Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:14:48.916Z","@version":"1","message":"Sep 17 19:14:48 honeypot-sgp-1 sshd[29003]: Disconnected from authenticating user root 77.37.248.144 port 48728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:16:51 honeypot-ams-1 sshd[2169]: Disconnected from authenticating user root 124.221.41.109 port 40914 [preauth]","@timestamp":"2022-09-17T19:16:52.126Z"}
{"@timestamp":"2022-09-17T19:17:52.993Z","@version":"1","message":"Sep 17 19:17:52 honeypot-sgp-1 kernel: [84318376.976638] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=4800 PROTO=TCP SPT=40620 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:20:36 honeypot-ams-1 sshd[2177]: Received disconnect from 124.221.41.109 port 34800:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:20:37.226Z"}
{"@timestamp":"2022-09-17T19:20:43.081Z","@version":"1","message":"Sep 17 19:20:42 honeypot-sgp-1 sshd[29017]: Received disconnect from 61.177.173.39 port 41645:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:20:57 honeypot-fra-1 sshd[25853]: Invalid user songzijie from 194.163.190.53 port 36920","@timestamp":"2022-09-17T19:20:58.614Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:22:24 honeypot-ams-1 sshd[2181]: Received disconnect from 124.221.41.109 port 45058:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:22:25.277Z"}
{"@timestamp":"2022-09-17T19:22:53.136Z","@version":"1","message":"Sep 17 19:22:52 honeypot-sgp-1 sshd[29024]: Invalid user centos from 179.60.147.69 port 44424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:24:10 honeypot-ams-1 sshd[2185]: Disconnected from authenticating user root 124.221.41.109 port 55164 [preauth]","@timestamp":"2022-09-17T19:24:10.326Z"}
{"@timestamp":"2022-09-17T19:26:57.236Z","@version":"1","message":"Sep 17 19:26:56 honeypot-sgp-1 kernel: [84318920.803768] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=47465 DF PROTO=TCP SPT=53969 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:27:35 honeypot-ams-1 sshd[2193]: Disconnected from authenticating user root 124.221.41.109 port 46054 [preauth]","@timestamp":"2022-09-17T19:27:36.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:28:38 honeypot-fra-1 sshd[25860]: Invalid user sunpeijie from 194.163.190.53 port 44676","@timestamp":"2022-09-17T19:28:38.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:31:27 honeypot-fra-1 kernel: [84317497.352449] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=25002 DF PROTO=TCP SPT=56433 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T19:31:27.855Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:32:27 honeypot-ams-1 sshd[2202]: Received disconnect from 124.221.41.109 port 45096:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:32:27.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:35:40 honeypot-ams-1 sshd[2207]: Disconnected from authenticating user root 124.221.41.109 port 34980 [preauth]","@timestamp":"2022-09-17T19:35:41.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:35:58 honeypot-fra-1 sshd[25870]: Connection closed by 180.49.192.10 port 62868 [preauth]","@timestamp":"2022-09-17T19:35:58.960Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:36:18.456Z","@version":"1","message":"Sep 17 19:36:18 honeypot-sgp-1 sshd[29037]: Disconnected from authenticating user root 61.177.173.52 port 43600 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:38:54 honeypot-ams-1 sshd[2213]: Disconnected from authenticating user root 124.221.41.109 port 53044 [preauth]","@timestamp":"2022-09-17T19:38:55.729Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:41:27 honeypot-fra-1 kernel: [84318097.335827] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=13109 PROTO=TCP SPT=48980 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:41:28.088Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:42:20 honeypot-ams-1 sshd[2220]: Connection reset by 205.210.31.60 port 35723 [preauth]","@timestamp":"2022-09-17T19:42:20.824Z"}
{"@timestamp":"2022-09-17T19:43:31.627Z","@version":"1","message":"Sep 17 19:43:30 honeypot-sgp-1 sshd[29044]: Disconnected from authenticating user root 61.177.173.36 port 18561 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:45:29 honeypot-ams-1 kernel: [84320510.228164] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.171.140.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=57988 PROTO=TCP SPT=9868 DPT=80 WINDOW=54116 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:45:29.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:48:20 honeypot-ams-1 sshd[2230]: Disconnected from authenticating user root 124.221.41.109 port 49682 [preauth]","@timestamp":"2022-09-17T19:48:20.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:50:08 honeypot-fra-1 sshd[25880]: Received disconnect from 67.205.132.113 port 43686:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:50:09.282Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:52:14 honeypot-ams-1 sshd[2238]: Received disconnect from 147.182.179.237 port 36652:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:52:15.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:53:24 honeypot-ams-1 sshd[2242]: Disconnected from invalid user kirkwood 188.234.247.110 port 37644 [preauth]","@timestamp":"2022-09-17T19:53:25.127Z"}
{"@timestamp":"2022-09-17T19:54:27.880Z","@version":"1","message":"Sep 17 19:54:27 honeypot-sgp-1 sshd[29051]: Received disconnect from 61.177.173.36 port 30403:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:55:33.908Z","@version":"1","message":"Sep 17 19:55:33 honeypot-sgp-1 sshd[29056]: Received disconnect from 45.61.186.169 port 38100:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:55:51.917Z","@version":"1","message":"Sep 17 19:55:51 honeypot-sgp-1 sshd[29060]: Received disconnect from 45.61.186.169 port 33340:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:09.926Z","@version":"1","message":"Sep 17 19:56:09 honeypot-sgp-1 sshd[29064]: Received disconnect from 45.61.186.169 port 56846:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:56:09 honeypot-ams-1 sshd[2249]: Received disconnect from 124.221.41.109 port 37006:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:56:10.219Z"}
{"@timestamp":"2022-09-17T19:56:25.933Z","@version":"1","message":"Sep 17 19:56:25 honeypot-sgp-1 sshd[29068]: Received disconnect from 45.61.186.169 port 52074:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:56:30 honeypot-ams-1 sshd[2254]: Received disconnect from 45.140.141.188 port 42438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T19:56:30.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:57:24 honeypot-fra-1 sshd[25889]: Connection closed by authenticating user root 34.168.2.103 port 48682 [preauth]","@timestamp":"2022-09-17T19:57:25.448Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:59:16 honeypot-ams-1 sshd[2258]: Disconnected from authenticating user root 124.221.41.109 port 54432 [preauth]","@timestamp":"2022-09-17T19:59:16.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:59:15 honeypot-fra-1 sshd[25901]: Connection closed by authenticating user root 34.168.2.103 port 59314 [preauth]","@timestamp":"2022-09-17T19:59:16.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:00:08 honeypot-fra-1 sshd[25910]: Connection closed by invalid user blank 179.60.147.69 port 5040 [preauth]","@timestamp":"2022-09-17T20:00:09.521Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:49 honeypot-ams-1 sshd[2264]: Disconnected from authenticating user root 124.221.41.109 port 34896 [preauth]","@timestamp":"2022-09-17T20:00:50.351Z"}
{"@timestamp":"2022-09-17T20:01:00.042Z","@version":"1","message":"Sep 17 20:00:59 honeypot-sgp-1 sshd[29073]: Disconnected from authenticating user root 61.177.172.104 port 43701 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:04 honeypot-ams-1 sshd[2268]: Disconnected from invalid user user 45.61.186.249 port 45758 [preauth]","@timestamp":"2022-09-17T20:01:05.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:22 honeypot-ams-1 sshd[2272]: Disconnected from invalid user user 45.61.186.249 port 40594 [preauth]","@timestamp":"2022-09-17T20:01:23.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:40 honeypot-ams-1 sshd[2276]: Disconnected from invalid user user 45.61.186.249 port 35418 [preauth]","@timestamp":"2022-09-17T20:01:40.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:01:42 honeypot-fra-1 sshd[25919]: Connection closed by authenticating user root 34.168.2.103 port 60018 [preauth]","@timestamp":"2022-09-17T20:01:43.563Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:02:22 honeypot-ams-1 sshd[2282]: Received disconnect from 124.221.41.109 port 43582:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:02:23.401Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:03:05 honeypot-fra-1 sshd[25926]: Connection closed by authenticating user root 34.168.2.103 port 33634 [preauth]","@timestamp":"2022-09-17T20:03:05.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:05:26 honeypot-fra-1 sshd[25940]: Connection closed by authenticating user root 34.168.2.103 port 48886 [preauth]","@timestamp":"2022-09-17T20:05:26.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:07:00 honeypot-ams-1 sshd[2289]: Received disconnect from 124.221.41.109 port 41274:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:07:01.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:07:24 honeypot-fra-1 sshd[25953]: Connection closed by invalid user wanghao 194.163.190.53 port 55528 [preauth]","@timestamp":"2022-09-17T20:07:24.729Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:07:41.200Z","@version":"1","message":"Sep 17 20:07:40 honeypot-sgp-1 kernel: [84321364.341412] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=34522 PROTO=TCP SPT=14795 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:09:08 honeypot-fra-1 sshd[25963]: Connection closed by authenticating user root 34.168.2.103 port 53530 [preauth]","@timestamp":"2022-09-17T20:09:08.774Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:09:42.247Z","@version":"1","message":"Sep 17 20:09:41 honeypot-sgp-1 sshd[29084]: Disconnected from authenticating user root 61.177.172.108 port 12683 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:10:04 honeypot-ams-1 sshd[2293]: Received disconnect from 124.221.41.109 port 58494:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:10:05.609Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:10:50 honeypot-fra-1 sshd[25973]: Connection closed by authenticating user root 34.168.2.103 port 54398 [preauth]","@timestamp":"2022-09-17T20:10:50.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:12:32 honeypot-fra-1 sshd[25986]: Connection closed by authenticating user root 34.168.2.103 port 43170 [preauth]","@timestamp":"2022-09-17T20:12:32.865Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:13:08 honeypot-ams-1 sshd[2299]: Disconnected from authenticating user root 124.221.41.109 port 47442 [preauth]","@timestamp":"2022-09-17T20:13:08.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:14:07 honeypot-fra-1 sshd[25994]: Connection closed by authenticating user root 34.168.2.103 port 51420 [preauth]","@timestamp":"2022-09-17T20:14:08.907Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:14:17.356Z","@version":"1","message":"Sep 17 20:14:16 honeypot-sgp-1 sshd[29091]: Disconnected from authenticating user root 178.128.148.229 port 41780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:15:29 honeypot-fra-1 sshd[26006]: Connection closed by authenticating user root 34.168.2.103 port 33052 [preauth]","@timestamp":"2022-09-17T20:15:29.944Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:16:14.403Z","@version":"1","message":"Sep 17 20:16:14 honeypot-sgp-1 sshd[29097]: Disconnected from invalid user wargames 51.250.90.116 port 50156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:17:01 honeypot-ams-1 CRON[2305]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T20:17:01.822Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:17:01 honeypot-fra-1 CRON[26019]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T20:17:01.986Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:17:21.433Z","@version":"1","message":"Sep 17 20:17:21 honeypot-sgp-1 sshd[29105]: Received disconnect from 198.46.152.24 port 55174:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:18:43 honeypot-fra-1 kernel: [84320332.861624] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=13982 PROTO=TCP SPT=50279 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:18:44.031Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:19:35 honeypot-fra-1 sshd[26034]: Connection closed by authenticating user root 34.168.2.103 port 48360 [preauth]","@timestamp":"2022-09-17T20:19:36.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:20:45 honeypot-ams-1 sshd[2314]: Received disconnect from 124.221.41.109 port 33708:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:20:45.929Z"}
{"@timestamp":"2022-09-17T20:21:15.526Z","@version":"1","message":"Sep 17 20:21:15 honeypot-sgp-1 sshd[29112]: Did not receive identification string from 117.173.165.22 port 2760","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:23:37.585Z","@version":"1","message":"Sep 17 20:23:37 honeypot-sgp-1 sshd[29117]: Received disconnect from 61.177.172.108 port 37248:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:23:48 honeypot-ams-1 sshd[2318]: Disconnected from authenticating user root 124.221.41.109 port 50736 [preauth]","@timestamp":"2022-09-17T20:23:49.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:25:35 honeypot-fra-1 kernel: [84320744.896380] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56980 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:25:36.189Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:26:50 honeypot-ams-1 sshd[2325]: Disconnected from authenticating user root 124.221.41.109 port 39490 [preauth]","@timestamp":"2022-09-17T20:26:51.101Z"}
{"@timestamp":"2022-09-17T20:27:26.678Z","@version":"1","message":"Sep 17 20:27:26 honeypot-sgp-1 sshd[29126]: Received disconnect from 13.76.166.169 port 46018:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:29:52 honeypot-ams-1 sshd[2331]: Received disconnect from 124.221.41.109 port 56440:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:29:53.186Z"}
{"@timestamp":"2022-09-17T20:31:07.783Z","@version":"1","message":"Sep 17 20:31:07 honeypot-sgp-1 sshd[29130]: Invalid user new from 182.253.117.100 port 48714","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:31:23 honeypot-ams-1 sshd[2336]: Disconnected from authenticating user root 124.221.41.109 port 36670 [preauth]","@timestamp":"2022-09-17T20:31:24.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:32:09 honeypot-fra-1 kernel: [84321139.454314] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.93.16.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=45791 PROTO=TCP SPT=43460 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:32:10.335Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:34:50 honeypot-ams-1 kernel: [84323470.335004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53057 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:34:50.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:38:50 honeypot-ams-1 sshd[2348]: Connection closed by invalid user guest 179.60.147.69 port 62870 [preauth]","@timestamp":"2022-09-17T20:38:50.696Z"}
{"@timestamp":"2022-09-17T20:39:01.965Z","@version":"1","message":"Sep 17 20:39:01 honeypot-sgp-1 kernel: [84323245.635807] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=3141 DF PROTO=TCP SPT=52344 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:18.999Z","@version":"1","message":"Sep 17 20:40:18 honeypot-sgp-1 kernel: [84323322.061849] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=8177 PROTO=TCP SPT=42499 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:39.008Z","@version":"1","message":"Sep 17 20:40:38 honeypot-sgp-1 sshd[29147]: Disconnected from invalid user user 45.61.186.249 port 40708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:58.017Z","@version":"1","message":"Sep 17 20:40:57 honeypot-sgp-1 sshd[29151]: Disconnected from invalid user user 45.61.186.249 port 35768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26054]: Invalid user es from 212.87.251.118 port 35384","@timestamp":"2022-09-17T20:41:10.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26066]: Invalid user esuser from 212.87.251.118 port 35416","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26053]: Invalid user elasticsearch from 212.87.251.118 port 35382","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26060]: Invalid user ubuntu from 212.87.251.118 port 35396","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26061]: Connection closed by authenticating user root 212.87.251.118 port 35402 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26073]: Connection closed by invalid user hadoop 212.87.251.118 port 35444 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26071]: Connection closed by invalid user guest 212.87.251.118 port 35442 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26076]: Invalid user mysql from 212.87.251.118 port 35450","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26076]: Connection closed by invalid user mysql 212.87.251.118 port 35450 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:41:15.026Z","@version":"1","message":"Sep 17 20:41:14 honeypot-sgp-1 sshd[29155]: Disconnected from invalid user user 45.61.186.249 port 59072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:41:54 honeypot-ams-1 sshd[2355]: Received disconnect from 124.221.41.109 port 38950:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:41:55.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:44:52 honeypot-ams-1 sshd[2359]: Received disconnect from 124.221.41.109 port 55632:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:44:52.864Z"}
{"@timestamp":"2022-09-17T20:47:15.166Z","@version":"1","message":"Sep 17 20:47:14 honeypot-sgp-1 sshd[29163]: Received disconnect from 61.177.172.98 port 58537:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:48:55.206Z","@version":"1","message":"Sep 17 20:48:54 honeypot-sgp-1 sshd[29167]: Disconnected from invalid user postgres 99.37.212.75 port 47686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:49:19 honeypot-ams-1 sshd[2366]: Received disconnect from 124.221.41.109 port 52326:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:49:19.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:11 honeypot-fra-1 sshd[26105]: Received disconnect from 45.61.186.249 port 43122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:51:11.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:29 honeypot-fra-1 sshd[26109]: Received disconnect from 45.61.186.249 port 38206:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:51:29.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:46 honeypot-fra-1 sshd[26113]: Received disconnect from 45.61.186.249 port 33278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:51:46.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:52:18 honeypot-ams-1 sshd[2370]: Disconnected from authenticating user root 124.221.41.109 port 40660 [preauth]","@timestamp":"2022-09-17T20:52:19.066Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:53:32 honeypot-fra-1 sshd[26117]: Did not receive identification string from 178.32.197.81 port 50973","@timestamp":"2022-09-17T20:53:32.815Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:53:54.321Z","@version":"1","message":"Sep 17 20:53:53 honeypot-sgp-1 sshd[29173]: Disconnected from authenticating user root 79.69.57.2 port 55002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:54:26.336Z","@version":"1","message":"Sep 17 20:54:25 honeypot-sgp-1 sshd[29178]: Disconnected from invalid user ubnt 165.22.55.238 port 50740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:56:04.375Z","@version":"1","message":"Sep 17 20:56:03 honeypot-sgp-1 sshd[29182]: Disconnected from invalid user vy 94.23.27.28 port 41218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:56:43 honeypot-ams-1 sshd[2377]: Disconnected from authenticating user root 124.221.41.109 port 37196 [preauth]","@timestamp":"2022-09-17T20:56:43.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:01:07 honeypot-ams-1 sshd[2385]: Disconnected from authenticating user root 124.221.41.109 port 33664 [preauth]","@timestamp":"2022-09-17T21:01:08.302Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:02:43 honeypot-fra-1 sshd[26123]: Received disconnect from 92.255.85.69 port 38072:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:02:44.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:04:12.562Z","@version":"1","message":"Sep 17 21:04:11 honeypot-sgp-1 kernel: [84324755.874905] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=29061 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:05:31 honeypot-ams-1 sshd[2392]: Received disconnect from 124.221.41.109 port 58284:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:05:32.420Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:06:36 honeypot-fra-1 kernel: [84323206.045505] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43492 PROTO=TCP SPT=48404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:06:37.111Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T21:06:42.624Z","@version":"1","message":"Sep 17 21:06:42 honeypot-sgp-1 sshd[29197]: Invalid user admin from 92.255.85.69 port 59606","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:06:59 honeypot-ams-1 sshd[2396]: Disconnected from authenticating user root 124.221.41.109 port 38242 [preauth]","@timestamp":"2022-09-17T21:06:59.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:07:54 honeypot-fra-1 sshd[26131]: Disconnected from invalid user emanono 81.169.137.181 port 54368 [preauth]","@timestamp":"2022-09-17T21:07:55.141Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:08:27 honeypot-ams-1 sshd[2402]: Received disconnect from 124.221.41.109 port 46406:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:08:28.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:09:18 honeypot-fra-1 sshd[26135]: Disconnected from invalid user emily 81.169.137.181 port 53416 [preauth]","@timestamp":"2022-09-17T21:09:19.199Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:09:54 honeypot-ams-1 sshd[2406]: Disconnected from authenticating user root 124.221.41.109 port 54566 [preauth]","@timestamp":"2022-09-17T21:09:55.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:33 honeypot-fra-1 sshd[26140]: Received disconnect from 45.61.184.204 port 53168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:10:34.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:43 honeypot-fra-1 sshd[26144]: Received disconnect from 45.61.184.204 port 36520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:10:44.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:01 honeypot-fra-1 sshd[26148]: Received disconnect from 45.61.184.204 port 59634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:11:02.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:16 honeypot-fra-1 sshd[26152]: Received disconnect from 81.169.137.181 port 37908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:11:16.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:23 honeypot-fra-1 sshd[26154]: Connection closed by invalid user liu 103.188.176.251 port 35780 [preauth]","@timestamp":"2022-09-17T21:11:24.254Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:11:42.742Z","@version":"1","message":"Sep 17 21:11:42 honeypot-sgp-1 sshd[29204]: Connection closed by invalid user test 179.60.147.69 port 27458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:43 honeypot-fra-1 sshd[26160]: Disconnected from invalid user likrain 165.22.45.108 port 44050 [preauth]","@timestamp":"2022-09-17T21:11:44.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:12:08 honeypot-fra-1 kernel: [84323538.200848] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=41366 PROTO=TCP SPT=47873 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:12:09.275Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:12:49 honeypot-ams-1 sshd[2414]: Disconnected from authenticating user root 124.221.41.109 port 42638 [preauth]","@timestamp":"2022-09-17T21:12:50.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:13:12 honeypot-fra-1 sshd[26169]: Invalid user erna from 81.169.137.181 port 50658","@timestamp":"2022-09-17T21:13:13.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:14:28 honeypot-fra-1 kernel: [84323677.899359] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=8992 PROTO=TCP SPT=44939 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:14:29.333Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T21:14:29.811Z","@version":"1","message":"Sep 17 21:14:28 honeypot-sgp-1 kernel: [84325372.858296] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=57854 DF PROTO=TCP SPT=54984 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:15:09 honeypot-fra-1 sshd[26175]: Disconnected from invalid user esteban 81.169.137.181 port 35100 [preauth]","@timestamp":"2022-09-17T21:15:09.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:15:22 honeypot-ams-1 sshd[2420]: Connection closed by invalid user admin 193.106.191.157 port 43566 [preauth]","@timestamp":"2022-09-17T21:15:22.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:16:27 honeypot-fra-1 sshd[26179]: Disconnected from invalid user euis 81.169.137.181 port 34146 [preauth]","@timestamp":"2022-09-17T21:16:27.383Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:17:01 honeypot-ams-1 CRON[2427]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T21:17:01.740Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:46 honeypot-fra-1 sshd[26187]: Invalid user fabienne from 81.169.137.181 port 33208","@timestamp":"2022-09-17T21:17:47.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:18:27 honeypot-fra-1 sshd[26190]: Received disconnect from 81.169.137.181 port 46854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:18:28.435Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:19:28.926Z","@version":"1","message":"Sep 17 21:19:28 honeypot-sgp-1 sshd[29217]: Disconnected from 61.177.173.48 port 13590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:19:48 honeypot-fra-1 sshd[26194]: Received disconnect from 81.169.137.181 port 45902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:19:49.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:20:03 honeypot-ams-1 sshd[2434]: Received disconnect from 124.221.41.109 port 55102:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:20:03.820Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:21:11 honeypot-fra-1 sshd[26198]: Received disconnect from 81.169.137.181 port 44968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:21:12.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:22:34 honeypot-fra-1 sshd[26202]: Received disconnect from 81.169.137.181 port 44050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:22:34.537Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:22:58 honeypot-ams-1 sshd[2439]: Disconnected from authenticating user root 124.221.41.109 port 43082 [preauth]","@timestamp":"2022-09-17T21:22:58.902Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:26:30 honeypot-ams-1 sshd[2445]: Received disconnect from 119.4.210.70 port 35860:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:26:30.996Z"}
{"@timestamp":"2022-09-17T21:28:30.160Z","@version":"1","message":"Sep 17 21:28:29 honeypot-sgp-1 kernel: [84326213.354307] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=190.107.20.189 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=47551 PROTO=TCP SPT=37577 DPT=80 WINDOW=20849 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:28:44 honeypot-ams-1 sshd[2450]: Received disconnect from 124.221.41.109 port 47182:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:28:45.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:30:52 honeypot-ams-1 sshd[2454]: Received disconnect from 189.105.10.204 port 44006:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:30:53.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:31:19 honeypot-fra-1 sshd[26206]: Connection reset by invalid user bzrx1098ui 92.255.85.113 port 39526 [preauth]","@timestamp":"2022-09-17T21:31:19.734Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:33:03 honeypot-ams-1 sshd[2458]: Disconnected from authenticating user root 124.221.41.109 port 43122 [preauth]","@timestamp":"2022-09-17T21:33:04.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:35:55 honeypot-ams-1 sshd[2466]: Received disconnect from 124.221.41.109 port 59188:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:35:56.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:37:43 honeypot-ams-1 sshd[2470]: Disconnected from authenticating user root 128.199.208.187 port 52250 [preauth]","@timestamp":"2022-09-17T21:37:43.301Z"}
{"@timestamp":"2022-09-17T21:37:46.374Z","@version":"1","message":"Sep 17 21:37:46 honeypot-sgp-1 kernel: [84326769.904059] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.189.26.37 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=41498 DF PROTO=TCP SPT=58973 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T21:39:41.421Z","@version":"1","message":"Sep 17 21:39:41 honeypot-sgp-1 sshd[29314]: Disconnected from authenticating user root 61.177.173.52 port 19695 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:40:14 honeypot-ams-1 sshd[2476]: Disconnected from authenticating user root 124.221.41.109 port 55012 [preauth]","@timestamp":"2022-09-17T21:40:14.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:43:04 honeypot-ams-1 sshd[2482]: Received disconnect from 124.221.41.109 port 42780:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:43:05.452Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:44:05 honeypot-fra-1 sshd[26209]: Invalid user telecomadmin from 92.255.85.70 port 18302","@timestamp":"2022-09-17T21:44:06.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:44:43 honeypot-ams-1 kernel: [84327664.191928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.80.255.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=4386 DF PROTO=TCP SPT=9907 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:44:44.498Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:44:57 honeypot-fra-1 sshd[26213]: Invalid user admin from 193.106.191.157 port 50112","@timestamp":"2022-09-17T21:44:58.044Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:47:26 honeypot-ams-1 sshd[2493]: Invalid user nichole from 206.189.233.163 port 43266","@timestamp":"2022-09-17T21:47:26.572Z"}
{"@timestamp":"2022-09-17T21:47:52.616Z","@version":"1","message":"Sep 17 21:47:52 honeypot-sgp-1 sshd[29322]: Connection closed by invalid user admin 179.60.147.69 port 6296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:49:54 honeypot-ams-1 sshd[2497]: Received disconnect from 190.103.202.7 port 33200:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:49:54.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:50:59 honeypot-fra-1 sshd[26218]: Invalid user admin from 157.230.10.173 port 41546","@timestamp":"2022-09-17T21:51:00.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:51:01 honeypot-fra-1 sshd[26224]: Invalid user admin from 157.230.10.173 port 41584","@timestamp":"2022-09-17T21:51:02.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:51:10 honeypot-ams-1 sshd[2502]: Connection closed by invalid user admin 179.60.147.69 port 47980 [preauth]","@timestamp":"2022-09-17T21:51:11.674Z"}
{"@timestamp":"2022-09-17T21:51:15.696Z","@version":"1","message":"Sep 17 21:51:15 honeypot-sgp-1 kernel: [84327579.419791] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.189.12.78 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=37371 PROTO=TCP SPT=50494 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:53:01 honeypot-ams-1 sshd[2508]: Received disconnect from 124.221.41.109 port 41982:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:53:01.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:55:51 honeypot-ams-1 sshd[2512]: Disconnected from authenticating user root 124.221.41.109 port 57774 [preauth]","@timestamp":"2022-09-17T21:55:51.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:58:39 honeypot-ams-1 sshd[2520]: Disconnected from authenticating user root 124.221.41.109 port 45306 [preauth]","@timestamp":"2022-09-17T21:58:39.883Z"}
{"@timestamp":"2022-09-17T22:00:27.909Z","@version":"1","message":"Sep 17 22:00:26 honeypot-sgp-1 sshd[29332]: Received disconnect from 92.255.85.69 port 54686:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:01:10 honeypot-fra-1 kernel: [84326479.457503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.159.202 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5984 PROTO=TCP SPT=56872 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:01:10.410Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:01:29 honeypot-ams-1 sshd[2524]: Disconnected from authenticating user root 124.221.41.109 port 32800 [preauth]","@timestamp":"2022-09-17T22:01:29.960Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:01:59 honeypot-fra-1 sshd[26231]: Disconnected from invalid user alarm 190.85.108.186 port 35304 [preauth]","@timestamp":"2022-09-17T22:01:59.430Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T22:03:49.990Z","@version":"1","message":"Sep 17 22:03:49 honeypot-sgp-1 sshd[29338]: Invalid user admin from 159.203.178.0 port 54532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T22:03:54.994Z","@version":"1","message":"Sep 17 22:03:54 honeypot-sgp-1 sshd[29344]: Invalid user admin from 159.203.178.0 port 54562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:05:16 honeypot-ams-1 sshd[2531]: Invalid user admin from 123.31.29.131 port 49058","@timestamp":"2022-09-17T22:05:17.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:05:46 honeypot-fra-1 sshd[26236]: Disconnected from invalid user yw 206.189.65.29 port 48606 [preauth]","@timestamp":"2022-09-17T22:05:47.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:07:04 honeypot-ams-1 sshd[2536]: Received disconnect from 124.221.41.109 port 35900:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:07:05.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:09:50 honeypot-ams-1 sshd[2543]: Received disconnect from 124.221.41.109 port 51536:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:09:51.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:16 honeypot-ams-1 sshd[2547]: Did not receive identification string from 45.61.186.249 port 55524","@timestamp":"2022-09-17T22:11:17.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:58 honeypot-ams-1 sshd[2550]: Disconnected from invalid user user 45.61.186.249 port 34454 [preauth]","@timestamp":"2022-09-17T22:11:58.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:16 honeypot-ams-1 sshd[2554]: Received disconnect from 45.61.186.249 port 57250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T22:12:16.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:33 honeypot-ams-1 sshd[2558]: Received disconnect from 45.61.186.249 port 51828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T22:12:33.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:41 honeypot-ams-1 sshd[2562]: Disconnected from invalid user user 45.61.186.249 port 35000 [preauth]","@timestamp":"2022-09-17T22:12:42.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:16:49 honeypot-ams-1 sshd[2569]: Received disconnect from 124.221.41.109 port 34058:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:16:50.414Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:18:28 honeypot-ams-1 kernel: [84329688.884432] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.185.227.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39518 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:18:29.459Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:22:21 honeypot-ams-1 sshd[2581]: Received disconnect from 124.221.41.109 port 36890:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:22:22.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:24:24 honeypot-ams-1 sshd[2585]: Disconnected from invalid user telecomadmin 92.255.85.69 port 62734 [preauth]","@timestamp":"2022-09-17T22:24:25.632Z"}
{"@timestamp":"2022-09-17T22:24:25.464Z","@version":"1","message":"Sep 17 22:24:24 honeypot-sgp-1 sshd[29351]: Connection closed by invalid user support 179.60.147.69 port 62142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:25:32 honeypot-fra-1 sshd[26243]: Connection closed by invalid user support 179.60.147.69 port 54766 [preauth]","@timestamp":"2022-09-17T22:25:32.981Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:27:42 honeypot-ams-1 sshd[2593]: Invalid user support from 179.60.147.69 port 52198","@timestamp":"2022-09-17T22:27:42.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:29:13 honeypot-ams-1 sshd[2599]: Invalid user testftp from 43.130.3.44 port 37328","@timestamp":"2022-09-17T22:29:13.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:31:11 honeypot-fra-1 sshd[26248]: Disconnected from invalid user lilmalli 165.22.45.108 port 49522 [preauth]","@timestamp":"2022-09-17T22:31:12.124Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:31:58 honeypot-ams-1 sshd[2604]: Disconnected from authenticating user root 124.221.41.109 port 34466 [preauth]","@timestamp":"2022-09-17T22:31:58.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:36:03 honeypot-ams-1 sshd[2611]: Disconnected from authenticating user root 124.221.41.109 port 57476 [preauth]","@timestamp":"2022-09-17T22:36:03.947Z"}
{"@timestamp":"2022-09-17T22:37:38.765Z","@version":"1","message":"Sep 17 22:37:38 honeypot-sgp-1 kernel: [84330361.868534] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.20.227 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45084 DF PROTO=TCP SPT=44500 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:40:08 honeypot-ams-1 sshd[2617]: Disconnected from authenticating user root 124.221.41.109 port 52158 [preauth]","@timestamp":"2022-09-17T22:40:09.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:42:50 honeypot-ams-1 sshd[2626]: Disconnected from authenticating user root 124.221.41.109 port 39152 [preauth]","@timestamp":"2022-09-17T22:42:51.128Z"}
{"@timestamp":"2022-09-17T22:43:28.899Z","@version":"1","message":"Sep 17 22:43:28 honeypot-sgp-1 sshd[29358]: Received disconnect from 93.189.11.246 port 57893:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:44:40 honeypot-fra-1 kernel: [84329090.168509] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=47850 PROTO=TCP SPT=58763 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:44:41.426Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:46:54 honeypot-ams-1 sshd[2633]: Received disconnect from 124.221.41.109 port 33682:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:46:54.236Z"}
{"@timestamp":"2022-09-17T22:47:03.983Z","@version":"1","message":"Sep 17 22:47:03 honeypot-sgp-1 sshd[29362]: Received disconnect from 182.71.227.50 port 39550:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:50:38 honeypot-ams-1 kernel: [84331618.629006] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=6590 PROTO=TCP SPT=55901 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:50:39.333Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:53:00 honeypot-ams-1 kernel: [84331760.843947] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=27.41.8.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=63476 PROTO=TCP SPT=49786 DPT=80 WINDOW=35386 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:53:01.398Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:54:09 honeypot-ams-1 kernel: [84331829.844869] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34187 PROTO=TCP SPT=49406 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:54:10.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:56:18 honeypot-ams-1 sshd[2653]: Disconnected from authenticating user root 124.221.41.109 port 58350 [preauth]","@timestamp":"2022-09-17T22:56:19.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:59:00 honeypot-ams-1 sshd[2659]: Disconnected from authenticating user root 124.221.41.109 port 45174 [preauth]","@timestamp":"2022-09-17T22:59:01.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:01:34 honeypot-fra-1 sshd[26273]: Connection closed by invalid user debian 179.60.147.69 port 57634 [preauth]","@timestamp":"2022-09-17T23:01:34.807Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:01:39 honeypot-ams-1 sshd[2663]: Received disconnect from 124.221.41.109 port 60186:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:01:40.631Z"}
{"@timestamp":"2022-09-17T23:04:05.374Z","@version":"1","message":"Sep 17 23:04:04 honeypot-sgp-1 sshd[29368]: Did not receive identification string from 45.61.184.204 port 59432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:04:24 honeypot-ams-1 sshd[2670]: Received disconnect from 124.221.41.109 port 46934:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:04:24.705Z"}
{"@timestamp":"2022-09-17T23:04:42.390Z","@version":"1","message":"Sep 17 23:04:41 honeypot-sgp-1 sshd[29371]: Disconnected from invalid user user 45.61.184.204 port 48736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:01.399Z","@version":"1","message":"Sep 17 23:05:00 honeypot-sgp-1 sshd[29375]: Disconnected from invalid user user 45.61.184.204 port 44152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:18.408Z","@version":"1","message":"Sep 17 23:05:18 honeypot-sgp-1 sshd[29379]: Disconnected from invalid user user 45.61.184.204 port 39594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:08:21 honeypot-ams-1 sshd[2678]: Received disconnect from 124.221.41.109 port 41036:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:08:21.810Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:11:46 honeypot-ams-1 kernel: [84332886.322809] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.222.213.53 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=54771 PROTO=TCP SPT=13734 DPT=80 WINDOW=29934 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:11:46.902Z"}
{"@timestamp":"2022-09-17T23:13:47.602Z","@version":"1","message":"Sep 17 23:13:47 honeypot-sgp-1 sshd[29386]: Invalid user rsbcmon from 64.227.13.125 port 36646","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:14:56 honeypot-ams-1 sshd[2690]: Disconnected from authenticating user root 124.221.41.109 port 49772 [preauth]","@timestamp":"2022-09-17T23:14:56.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:17:10 honeypot-ams-1 sshd[2697]: Received disconnect from 43.154.4.192 port 42334:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:17:11.049Z"}
{"@timestamp":"2022-09-17T23:19:43.739Z","@version":"1","message":"Sep 17 23:19:42 honeypot-sgp-1 sshd[29392]: Received disconnect from 155.0.2.218 port 39849:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:20:09 honeypot-ams-1 sshd[2704]: Received disconnect from 124.221.41.109 port 50940:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:20:10.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:21:44 honeypot-fra-1 sshd[26281]: Received disconnect from 72.240.125.133 port 46904:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:21:45.257Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:22:47 honeypot-ams-1 sshd[2708]: Disconnected from authenticating user root 124.221.41.109 port 37366 [preauth]","@timestamp":"2022-09-17T23:22:48.197Z"}
{"@timestamp":"2022-09-17T23:23:59.836Z","@version":"1","message":"Sep 17 23:23:58 honeypot-sgp-1 sshd[29396]: Disconnected from authenticating user sshd 92.255.85.70 port 36142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:25:49 honeypot-ams-1 sshd[2716]: Invalid user ellen from 81.169.137.181 port 32772","@timestamp":"2022-09-17T23:25:50.280Z"}
{"@timestamp":"2022-09-17T23:26:14.891Z","@version":"1","message":"Sep 17 23:26:14 honeypot-sgp-1 sshd[29415]: Received disconnect from 175.203.61.33 port 58174:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:26:36 honeypot-ams-1 sshd[2720]: Received disconnect from 81.169.137.181 port 47896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:26:37.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:27:19 honeypot-ams-1 sshd[2724]: Disconnected from invalid user emanono 81.169.137.181 port 34812 [preauth]","@timestamp":"2022-09-17T23:27:20.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:28:46 honeypot-ams-1 sshd[2730]: Invalid user emily from 81.169.137.181 port 36878","@timestamp":"2022-09-17T23:28:46.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:29:25 honeypot-ams-1 sshd[2735]: Received disconnect from 81.169.137.181 port 52102:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:29:25.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:30:27 honeypot-fra-1 kernel: [84331836.902848] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44649 PROTO=TCP SPT=57408 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:30:28.453Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:30:34 honeypot-ams-1 sshd[2739]: Received disconnect from 124.221.41.109 port 52944:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:30:34.419Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:31:03 honeypot-ams-1 kernel: [84334043.637582] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:31:03.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:31:20 honeypot-ams-1 sshd[2744]: Disconnected from invalid user eric 81.169.137.181 port 41022 [preauth]","@timestamp":"2022-09-17T23:31:20.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:43 honeypot-fra-1 sshd[26290]: Disconnected from invalid user user 45.61.186.49 port 35184 [preauth]","@timestamp":"2022-09-17T23:31:43.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:54 honeypot-fra-1 sshd[26294]: Disconnected from invalid user user 45.61.186.49 port 46904 [preauth]","@timestamp":"2022-09-17T23:31:54.492Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T23:32:04.025Z","@version":"1","message":"Sep 17 23:32:03 honeypot-sgp-1 sshd[29418]: Disconnected from authenticating user root 46.101.82.89 port 49826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:32:36 honeypot-ams-1 sshd[2750]: Invalid user erna from 81.169.137.181 port 43044","@timestamp":"2022-09-17T23:32:37.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:33:15 honeypot-ams-1 sshd[2754]: Received disconnect from 81.169.137.181 port 58160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:33:16.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:34:05 honeypot-ams-1 sshd[2758]: Invalid user guest from 103.188.176.251 port 60388","@timestamp":"2022-09-17T23:34:06.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:34:32 honeypot-ams-1 sshd[2763]: Received disconnect from 81.169.137.181 port 60216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:34:33.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:35:44 honeypot-ams-1 sshd[2767]: Disconnected from authenticating user root 124.221.41.109 port 53768 [preauth]","@timestamp":"2022-09-17T23:35:45.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:36:28 honeypot-ams-1 sshd[2771]: Disconnected from invalid user exit 81.169.137.181 port 49192 [preauth]","@timestamp":"2022-09-17T23:36:29.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:37:08 honeypot-ams-1 sshd[2775]: Received disconnect from 81.169.137.181 port 36086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:37:09.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:37:17 honeypot-fra-1 kernel: [84332246.553756] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=44245 PROTO=TCP SPT=2801 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:37:17.616Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:19 honeypot-ams-1 sshd[2779]: Received disconnect from 124.221.41.109 port 40008:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:19.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:34 honeypot-ams-1 sshd[2783]: Received disconnect from 39.71.48.53 port 31645:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:35.677Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:38 honeypot-ams-1 sshd[2787]: Disconnected from invalid user ubnt 39.71.48.53 port 31704 [preauth]","@timestamp":"2022-09-17T23:38:38.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:43 honeypot-ams-1 sshd[2793]: Disconnected from authenticating user root 39.71.48.53 port 29810 [preauth]","@timestamp":"2022-09-17T23:38:43.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:48 honeypot-ams-1 sshd[2799]: Disconnected from authenticating user root 39.71.48.53 port 29939 [preauth]","@timestamp":"2022-09-17T23:38:48.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:53 honeypot-ams-1 sshd[2805]: Disconnected from authenticating user root 39.71.48.53 port 30136 [preauth]","@timestamp":"2022-09-17T23:38:54.689Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:59 honeypot-ams-1 sshd[2811]: Disconnected from authenticating user root 39.71.48.53 port 30221 [preauth]","@timestamp":"2022-09-17T23:38:59.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:04 honeypot-ams-1 sshd[2817]: Disconnected from authenticating user root 39.71.48.53 port 30420 [preauth]","@timestamp":"2022-09-17T23:39:04.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:09 honeypot-ams-1 sshd[2823]: Disconnected from authenticating user root 39.71.48.53 port 30510 [preauth]","@timestamp":"2022-09-17T23:39:09.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:12 honeypot-ams-1 sshd[2829]: Received disconnect from 39.71.48.53 port 30557:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:13.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:18 honeypot-ams-1 sshd[2835]: Received disconnect from 39.71.48.53 port 30791:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:18.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:23 honeypot-ams-1 sshd[2841]: Received disconnect from 39.71.48.53 port 30958:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:23.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:25 honeypot-ams-1 sshd[2843]: Disconnected from authenticating user root 39.71.48.53 port 31015 [preauth]","@timestamp":"2022-09-17T23:39:25.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:30 honeypot-ams-1 sshd[2852]: Disconnected from authenticating user root 39.71.48.53 port 31151 [preauth]","@timestamp":"2022-09-17T23:39:30.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:35 honeypot-ams-1 sshd[2860]: Disconnected from authenticating user root 39.71.48.53 port 31350 [preauth]","@timestamp":"2022-09-17T23:39:35.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:38 honeypot-ams-1 sshd[2864]: Invalid user admin from 39.71.48.53 port 31421","@timestamp":"2022-09-17T23:39:38.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:42 honeypot-ams-1 sshd[2868]: Invalid user admin from 39.71.48.53 port 31469","@timestamp":"2022-09-17T23:39:42.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:45 honeypot-ams-1 sshd[2872]: Invalid user admin from 39.71.48.53 port 30120","@timestamp":"2022-09-17T23:39:45.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:49 honeypot-ams-1 sshd[2878]: Invalid user admin from 39.71.48.53 port 31703","@timestamp":"2022-09-17T23:39:49.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:50 honeypot-ams-1 sshd[2880]: Disconnected from invalid user admin 39.71.48.53 port 31729 [preauth]","@timestamp":"2022-09-17T23:39:51.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:52 honeypot-ams-1 sshd[2882]: Disconnected from invalid user admin 39.71.48.53 port 29697 [preauth]","@timestamp":"2022-09-17T23:39:52.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:57 honeypot-ams-1 sshd[2890]: Received disconnect from 39.71.48.53 port 29895:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:58.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:01 honeypot-ams-1 sshd[2894]: Received disconnect from 39.71.48.53 port 29951:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:01.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:04 honeypot-ams-1 sshd[2898]: Received disconnect from 39.71.48.53 port 30126:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:05.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:08 honeypot-ams-1 sshd[2902]: Received disconnect from 39.71.48.53 port 30199:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:08.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:11 honeypot-ams-1 sshd[2906]: Received disconnect from 39.71.48.53 port 30250:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:11.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:13 honeypot-ams-1 sshd[2910]: Received disconnect from 103.235.170.195 port 36550:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:13.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:16 honeypot-ams-1 sshd[2914]: Received disconnect from 39.71.48.53 port 30446:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:17.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:20 honeypot-ams-1 sshd[2918]: Received disconnect from 39.71.48.53 port 30518:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:20.749Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:23 honeypot-ams-1 sshd[2922]: Received disconnect from 39.71.48.53 port 30645:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:23.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:27 honeypot-ams-1 sshd[2926]: Received disconnect from 39.71.48.53 port 30766:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:27.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:30 honeypot-ams-1 sshd[2930]: Received disconnect from 39.71.48.53 port 30848:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:30.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:34 honeypot-ams-1 sshd[2934]: Received disconnect from 39.71.48.53 port 30988:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:34.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:35 honeypot-ams-1 sshd[2938]: Received disconnect from 39.71.48.53 port 31028:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:36.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:41:16 honeypot-ams-1 sshd[2942]: Disconnected from invalid user fifi 81.169.137.181 port 42250 [preauth]","@timestamp":"2022-09-17T23:41:16.780Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:42:37 honeypot-ams-1 kernel: [84334738.197612] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.89.30.112 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=65383 PROTO=TCP SPT=43269 DPT=80 WINDOW=30241 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:42:38.819Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:43:49 honeypot-ams-1 kernel: [84334809.713392] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.188.76.254 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=33593 PROTO=TCP SPT=34687 DPT=80 WINDOW=54411 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:43:49.855Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:43:56 honeypot-fra-1 kernel: [84332646.023048] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54492 PROTO=TCP SPT=49999 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:43:57.770Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:45:38 honeypot-ams-1 sshd[2957]: Invalid user admin from 36.92.143.137 port 56244","@timestamp":"2022-09-17T23:45:38.907Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:47:15 honeypot-ams-1 sshd[2961]: Received disconnect from 124.221.41.109 port 34000:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:47:16.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:31 honeypot-ams-1 sshd[2967]: Did not receive identification string from 212.192.246.174 port 60640","@timestamp":"2022-09-17T23:48:31.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:34 honeypot-ams-1 sshd[2965]: Received disconnect from 124.221.41.109 port 41174:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:48:34.992Z"}
{"@timestamp":"2022-09-17T23:50:10.437Z","@version":"1","message":"Sep 17 23:50:09 honeypot-sgp-1 sshd[29424]: Disconnected from invalid user slb 167.172.112.115 port 55554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:52:23 honeypot-ams-1 sshd[2980]: Received disconnect from 124.221.41.109 port 34384:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:52:24.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:53:21 honeypot-fra-1 sshd[26309]: Disconnected from invalid user limuyu 165.22.45.108 port 55030 [preauth]","@timestamp":"2022-09-17T23:53:21.985Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:56:10 honeypot-ams-1 sshd[2987]: Received disconnect from 124.221.41.109 port 55744:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:56:11.199Z"}
{"@timestamp":"2022-09-17T23:56:51.588Z","@version":"1","message":"Sep 17 23:56:50 honeypot-sgp-1 kernel: [84335114.455261] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=47288 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:57:26 honeypot-ams-1 sshd[2991]: Disconnected from authenticating user root 124.221.41.109 port 34622 [preauth]","@timestamp":"2022-09-17T23:57:26.236Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:59:27 honeypot-fra-1 kernel: [84333576.773652] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=34047 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:59:28.122Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:01:12 honeypot-ams-1 sshd[2998]: Received disconnect from 124.221.41.109 port 55906:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:01:13.348Z"}
{"@timestamp":"2022-09-18T00:01:45.705Z","@version":"1","message":"Sep 18 00:01:45 honeypot-sgp-1 kernel: [84335409.050078] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=57160 PROTO=TCP SPT=59204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:01:58 honeypot-fra-1 sshd[26320]: Disconnected from invalid user userftp 157.230.81.123 port 46058 [preauth]","@timestamp":"2022-09-18T00:01:59.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:03:45 honeypot-ams-1 sshd[3002]: Disconnected from authenticating user root 124.221.41.109 port 41830 [preauth]","@timestamp":"2022-09-18T00:03:46.420Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:05:10 honeypot-fra-1 kernel: [84333919.251846] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=46521 PROTO=TCP SPT=59204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:05:10.281Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:07:03 honeypot-ams-1 sshd[3009]: Invalid user admin from 193.106.191.157 port 44224","@timestamp":"2022-09-18T00:07:04.514Z"}
{"@timestamp":"2022-09-18T00:08:49.870Z","@version":"1","message":"Sep 18 00:08:49 honeypot-sgp-1 sshd[29438]: Received disconnect from 138.68.189.163 port 39754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:09:14 honeypot-ams-1 sshd[3015]: Unable to negotiate with 190.124.32.18 port 59745: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-18T00:09:14.576Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:10:45 honeypot-fra-1 sshd[26330]: Received disconnect from 92.255.85.69 port 42744:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:10:45.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:12:18 honeypot-ams-1 sshd[3022]: Invalid user user from 92.255.85.70 port 24266","@timestamp":"2022-09-18T00:12:18.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:12:28 honeypot-fra-1 sshd[26334]: Disconnected from invalid user admin 111.95.141.34 port 56344 [preauth]","@timestamp":"2022-09-18T00:12:28.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:13:42 honeypot-ams-1 sshd[3026]: Disconnected from authenticating user root 124.221.41.109 port 41448 [preauth]","@timestamp":"2022-09-18T00:13:42.700Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:21 honeypot-fra-1 sshd[26341]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26352]: Invalid user spark from 139.59.152.202 port 34762","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26377]: Invalid user testuser from 139.59.152.202 port 34814","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26344]: Connection closed by invalid user steam 139.59.152.202 port 34744 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26350]: Connection closed by invalid user cloud 139.59.152.202 port 34756 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26346]: Connection closed by invalid user oracle 139.59.152.202 port 34750 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26369]: Invalid user www from 139.59.152.202 port 34808","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26359]: Invalid user deploy from 139.59.152.202 port 34784","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26357]: Invalid user devops from 139.59.152.202 port 34776","@timestamp":"2022-09-18T00:14:23.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:30 honeypot-fra-1 sshd[26401]: Disconnected from invalid user webmin 113.193.191.132 port 43159 [preauth]","@timestamp":"2022-09-18T00:14:30.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:14:41.008Z","@version":"1","message":"Sep 18 00:14:40 honeypot-sgp-1 kernel: [84336184.236181] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.99 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=36419 PROTO=TCP SPT=34970 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:15:04 honeypot-ams-1 kernel: [84336684.201434] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32346 PROTO=TCP SPT=59204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:15:04.742Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:16:59 honeypot-ams-1 kernel: [84336800.124495] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.37 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60557 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:17:00.800Z"}
{"@timestamp":"2022-09-18T00:17:02.067Z","@version":"1","message":"Sep 18 00:17:01 honeypot-sgp-1 CRON[29445]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:17:06 honeypot-fra-1 sshd[26409]: Invalid user admin from 193.106.191.157 port 34532","@timestamp":"2022-09-18T00:17:06.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:18:37 honeypot-ams-1 sshd[3041]: Disconnected from authenticating user root 124.221.41.109 port 40678 [preauth]","@timestamp":"2022-09-18T00:18:37.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:22:17 honeypot-ams-1 sshd[3048]: Received disconnect from 124.221.41.109 port 32948:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:22:17.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:24:44 honeypot-ams-1 sshd[3052]: Disconnected from authenticating user root 124.221.41.109 port 46590 [preauth]","@timestamp":"2022-09-18T00:24:45.023Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:28:08 honeypot-ams-1 kernel: [84337469.097812] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54039 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:28:09.119Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:29:42 honeypot-fra-1 kernel: [84335391.814872] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58721 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:29:43.852Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:30:29 honeypot-ams-1 sshd[3063]: Connection closed by invalid user thumvass 137.116.144.39 port 59412 [preauth]","@timestamp":"2022-09-18T00:30:30.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:33:15 honeypot-ams-1 sshd[3070]: Disconnected from authenticating user root 124.221.41.109 port 37610 [preauth]","@timestamp":"2022-09-18T00:33:16.266Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:35:57 honeypot-ams-1 sshd[3076]: Disconnected from authenticating user root 186.103.169.12 port 43058 [preauth]","@timestamp":"2022-09-18T00:35:57.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:38:05 honeypot-ams-1 sshd[3082]: Received disconnect from 124.221.41.109 port 36374:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:38:05.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:41:42 honeypot-ams-1 sshd[3089]: Received disconnect from 124.221.41.109 port 56528:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:41:42.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:45:17 honeypot-ams-1 sshd[3096]: Received disconnect from 124.221.41.109 port 48402:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:45:17.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:46:15 honeypot-fra-1 sshd[26416]: Disconnected from authenticating user root 46.101.141.33 port 34766 [preauth]","@timestamp":"2022-09-18T00:46:15.226Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:46:17.757Z","@version":"1","message":"Sep 18 00:46:16 honeypot-sgp-1 sshd[29450]: Disconnected from authenticating user root 165.232.158.187 port 46984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:47:42 honeypot-ams-1 sshd[3102]: Received disconnect from 124.221.41.109 port 33548:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:47:42.668Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:48:28 honeypot-ams-1 kernel: [84338688.370937] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=2659 PROTO=TCP SPT=47138 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:48:28.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:49:20 honeypot-ams-1 sshd[3108]: Disconnected from invalid user denise 113.161.79.231 port 40510 [preauth]","@timestamp":"2022-09-18T00:49:20.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:52:30 honeypot-ams-1 sshd[3115]: Disconnected from authenticating user root 124.221.41.109 port 60246 [preauth]","@timestamp":"2022-09-18T00:52:30.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:53:57 honeypot-ams-1 sshd[3121]: Received disconnect from 128.199.171.119 port 53868:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:53:57.850Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:54:31 honeypot-fra-1 sshd[26421]: Disconnected from invalid user mysql 92.255.85.70 port 38328 [preauth]","@timestamp":"2022-09-18T00:54:32.413Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:56:06 honeypot-ams-1 sshd[3125]: Received disconnect from 124.221.41.109 port 51986:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:56:06.917Z"}
{"@timestamp":"2022-09-18T00:57:02.013Z","@version":"1","message":"Sep 18 00:57:01 honeypot-sgp-1 CRON[29457]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:57:01 honeypot-fra-1 CRON[26427]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T00:57:02.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:58:27 honeypot-ams-1 sshd[3134]: Received disconnect from 124.221.41.109 port 37020:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:58:27.985Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:01:59 honeypot-ams-1 sshd[3140]: Received disconnect from 124.221.41.109 port 56828:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:02:00.084Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:02:52 honeypot-ams-1 sshd[3145]: Disconnected from invalid user lizal123 210.4.123.219 port 58353 [preauth]","@timestamp":"2022-09-18T01:02:53.110Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:04:22 honeypot-ams-1 sshd[3151]: Received disconnect from 124.221.41.109 port 41758:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:04:23.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:05:33 honeypot-ams-1 sshd[3155]: Disconnected from authenticating user root 124.221.41.109 port 48330 [preauth]","@timestamp":"2022-09-18T01:05:34.190Z"}
{"@timestamp":"2022-09-18T01:05:57.223Z","@version":"1","message":"Sep 18 01:05:56 honeypot-sgp-1 kernel: [84339260.623575] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=37836 PROTO=TCP SPT=42792 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:07:06.251Z","@version":"1","message":"Sep 18 01:07:05 honeypot-sgp-1 sshd[29463]: Disconnected from invalid user mcserver 205.185.123.128 port 59884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:08:02 honeypot-ams-1 kernel: [84339863.052099] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=14.253.78.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=39459 PROTO=TCP SPT=35533 DPT=443 WINDOW=48381 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:08:03.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:09:04 honeypot-ams-1 sshd[3164]: Disconnected from authenticating user root 124.221.41.109 port 39748 [preauth]","@timestamp":"2022-09-18T01:09:05.293Z"}
{"@timestamp":"2022-09-18T01:09:06.299Z","@version":"1","message":"Sep 18 01:09:06 honeypot-sgp-1 sshd[29470]: Invalid user jomar from 49.205.179.22 port 43358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:09:43.316Z","@version":"1","message":"Sep 18 01:09:42 honeypot-sgp-1 sshd[29474]: Invalid user user from 186.215.70.14 port 36569","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:10:38.339Z","@version":"1","message":"Sep 18 01:10:38 honeypot-sgp-1 sshd[29477]: Connection closed by invalid user  152.32.142.133 port 45250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:11:34 honeypot-fra-1 sshd[26434]: Connection closed by 137.220.228.81 port 56906 [preauth]","@timestamp":"2022-09-18T01:11:34.805Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:12:35 honeypot-ams-1 sshd[3170]: Received disconnect from 124.221.41.109 port 59316:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:12:36.390Z"}
{"@timestamp":"2022-09-18T01:13:28.407Z","@version":"1","message":"Sep 18 01:13:27 honeypot-sgp-1 sshd[29484]: Disconnected from authenticating user root 147.182.184.139 port 35782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:36 honeypot-ams-1 sshd[3176]: Invalid user user from 45.61.186.49 port 37550","@timestamp":"2022-09-18T01:14:36.466Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:49 honeypot-ams-1 sshd[3180]: Invalid user user from 45.61.186.49 port 49314","@timestamp":"2022-09-18T01:14:49.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:55 honeypot-ams-1 sshd[3182]: Received disconnect from 124.221.41.109 port 44096:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:14:56.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:16:39 honeypot-fra-1 sshd[26442]: Invalid user lincoln from 165.22.45.108 port 60550","@timestamp":"2022-09-18T01:16:39.923Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T01:17:02.491Z","@version":"1","message":"Sep 18 01:17:01 honeypot-sgp-1 CRON[29490]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:17:15 honeypot-ams-1 sshd[3192]: Received disconnect from 124.221.41.109 port 57102:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:17:15.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:19:30 honeypot-fra-1 kernel: [84338379.243932] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52813 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:19:30.990Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:19:34 honeypot-ams-1 sshd[3199]: Disconnected from authenticating user root 124.221.41.109 port 41856 [preauth]","@timestamp":"2022-09-18T01:19:35.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:21:15 honeypot-fra-1 kernel: [84338484.145446] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.183.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=36536 PROTO=TCP SPT=26465 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 ","@timestamp":"2022-09-18T01:21:16.034Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:21:55 honeypot-ams-1 sshd[3203]: Disconnected from authenticating user root 124.221.41.109 port 54822 [preauth]","@timestamp":"2022-09-18T01:21:55.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:25:24 honeypot-ams-1 sshd[3210]: Received disconnect from 124.221.41.109 port 45956:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:25:24.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:27:41 honeypot-ams-1 sshd[3214]: Received disconnect from 124.221.41.109 port 58836:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:27:41.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:28:51 honeypot-ams-1 sshd[3218]: Received disconnect from 124.221.41.109 port 37034:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:28:51.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:31:09 honeypot-ams-1 sshd[3223]: Disconnected from authenticating user root 124.221.41.109 port 49890 [preauth]","@timestamp":"2022-09-18T01:31:09.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:34:36 honeypot-ams-1 sshd[3229]: Disconnected from authenticating user root 124.221.41.109 port 40896 [preauth]","@timestamp":"2022-09-18T01:34:37.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:41 honeypot-ams-1 sshd[3237]: Connection closed by invalid user admin 143.198.135.228 port 45656 [preauth]","@timestamp":"2022-09-18T01:35:42.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:36:53 honeypot-ams-1 sshd[3242]: Disconnected from authenticating user root 124.221.41.109 port 53698 [preauth]","@timestamp":"2022-09-18T01:36:54.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:38:02 honeypot-ams-1 sshd[3246]: Received disconnect from 124.221.41.109 port 60094:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:38:03.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:38:08 honeypot-fra-1 sshd[26456]: Disconnected from invalid user admin 92.255.85.70 port 58062 [preauth]","@timestamp":"2022-09-18T01:38:08.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:39:32 honeypot-ams-1 kernel: [84341752.727104] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.244.244.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=21743 PROTO=TCP SPT=28499 DPT=80 WINDOW=46768 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:39:33.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:42:36 honeypot-ams-1 sshd[3259]: Received disconnect from 124.221.41.109 port 57382:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:42:37.253Z"}
{"@timestamp":"2022-09-18T01:42:54.089Z","@version":"1","message":"Sep 18 01:42:53 honeypot-sgp-1 sshd[29500]: Received disconnect from 159.223.172.195 port 51052:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:44:55 honeypot-ams-1 sshd[3263]: Disconnected from authenticating user root 124.221.41.109 port 41858 [preauth]","@timestamp":"2022-09-18T01:44:56.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:48:18 honeypot-ams-1 sshd[3270]: Received disconnect from 124.221.41.109 port 60874:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:48:18.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:51:45 honeypot-ams-1 sshd[3276]: Received disconnect from 124.221.41.109 port 51578:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:51:45.511Z"}
{"@timestamp":"2022-09-18T01:52:12.322Z","@version":"1","message":"Sep 18 01:52:12 honeypot-sgp-1 kernel: [84342035.763846] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51071 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:53:44 honeypot-ams-1 kernel: [84342604.171961] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.219.142.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=40485 PROTO=TCP SPT=60973 DPT=443 WINDOW=13710 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:53:44.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:56:14 honeypot-ams-1 sshd[3285]: Disconnected from authenticating user root 124.221.41.109 port 48488 [preauth]","@timestamp":"2022-09-18T01:56:15.641Z"}
{"@timestamp":"2022-09-18T01:56:34.427Z","@version":"1","message":"Sep 18 01:56:33 honeypot-sgp-1 kernel: [84342297.466008] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.9.236 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=21882 DF PROTO=TCP SPT=52921 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:58:30 honeypot-ams-1 sshd[3291]: Disconnected from authenticating user root 124.221.41.109 port 32796 [preauth]","@timestamp":"2022-09-18T01:58:30.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:09 honeypot-fra-1 sshd[26463]: Received disconnect from 45.61.186.49 port 46686:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:00:09.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:18 honeypot-fra-1 sshd[26468]: Invalid user user from 45.61.186.49 port 58048","@timestamp":"2022-09-18T02:00:18.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:00:33.525Z","@version":"1","message":"Sep 18 02:00:33 honeypot-sgp-1 kernel: [84342536.846317] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=84.21.170.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=57239 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:51 honeypot-fra-1 kernel: [84340860.550479] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=42607 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:00:51.927Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:01:51 honeypot-ams-1 sshd[3298]: Received disconnect from 124.221.41.109 port 51564:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:01:51.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:03:32 honeypot-fra-1 sshd[26478]: Connection closed by invalid user admin 193.106.191.157 port 44968 [preauth]","@timestamp":"2022-09-18T02:03:32.996Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:04:07 honeypot-ams-1 sshd[3303]: Disconnected from authenticating user root 124.221.41.109 port 35810 [preauth]","@timestamp":"2022-09-18T02:04:07.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:06:19 honeypot-ams-1 sshd[3310]: Disconnected from authenticating user root 124.221.41.109 port 48262 [preauth]","@timestamp":"2022-09-18T02:06:19.933Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:08:58 honeypot-fra-1 sshd[26486]: Received disconnect from 51.250.79.55 port 37306:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:08:59.122Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:09:00.727Z","@version":"1","message":"Sep 18 02:09:00 honeypot-sgp-1 kernel: [84343044.181961] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=109 ID=48443 DF PROTO=TCP SPT=59004 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:09:40 honeypot-ams-1 sshd[3316]: Received disconnect from 124.221.41.109 port 38668:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:09:41.029Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:11:23 honeypot-ams-1 sshd[3321]: Received disconnect from 147.182.184.139 port 34342:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:11:24.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:13:00 honeypot-ams-1 sshd[3325]: Disconnected from authenticating user root 124.221.41.109 port 57244 [preauth]","@timestamp":"2022-09-18T02:13:01.125Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:13:50 honeypot-fra-1 kernel: [84341638.836900] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.99.9.236 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=1184 DF PROTO=TCP SPT=50646 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:13:50.234Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:14:18 honeypot-ams-1 sshd[3331]: Received disconnect from 31.47.192.98 port 46218:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:14:19.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:16:18 honeypot-ams-1 sshd[3336]: Disconnected from authenticating user root 124.221.41.109 port 47544 [preauth]","@timestamp":"2022-09-18T02:16:19.219Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:16:23 honeypot-fra-1 kernel: [84341792.642307] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.222.169.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=7119 DF PROTO=TCP SPT=28660 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:16:24.299Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:17:27 honeypot-ams-1 sshd[3343]: Received disconnect from 124.221.41.109 port 53716:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:17:27.254Z"}
{"@timestamp":"2022-09-18T02:18:24.948Z","@version":"1","message":"Sep 18 02:18:24 honeypot-sgp-1 kernel: [84343607.713792] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=37208 PROTO=TCP SPT=39025 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:31 honeypot-ams-1 sshd[3351]: Received disconnect from 124.79.243.92 port 21197:11: disconnected by user [preauth]","@timestamp":"2022-09-18T02:18:32.285Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:34 honeypot-ams-1 sshd[3353]: Disconnecting invalid user admin 124.79.243.92 port 21911: Too many authentication failures [preauth]","@timestamp":"2022-09-18T02:18:35.287Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:40 honeypot-ams-1 sshd[3357]: Disconnected from invalid user admin 124.79.243.92 port 23290 [preauth]","@timestamp":"2022-09-18T02:18:41.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:46 honeypot-ams-1 sshd[3361]: Disconnecting invalid user oracle 124.79.243.92 port 24564: Too many authentication failures [preauth]","@timestamp":"2022-09-18T02:18:47.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:19:38 honeypot-ams-1 sshd[3367]: Disconnected from authenticating user root 124.221.41.109 port 37812 [preauth]","@timestamp":"2022-09-18T02:19:39.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:21:51 honeypot-ams-1 sshd[3374]: Received disconnect from 124.221.41.109 port 50128:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:21:52.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:21:54 honeypot-fra-1 sshd[26502]: Received disconnect from 45.61.186.249 port 58758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:21:55.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:13 honeypot-fra-1 sshd[26506]: Received disconnect from 45.61.186.249 port 53532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:22:14.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:31 honeypot-fra-1 sshd[26510]: Received disconnect from 45.61.186.249 port 48356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:22:32.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:49 honeypot-fra-1 sshd[26514]: Received disconnect from 45.61.186.249 port 43068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:22:50.458Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:24:03 honeypot-ams-1 sshd[3380]: Received disconnect from 124.221.41.109 port 34188:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:24:03.459Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:26:13 honeypot-ams-1 sshd[3385]: Received disconnect from 124.221.41.109 port 46462:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:26:14.519Z"}
{"@timestamp":"2022-09-18T02:27:04.154Z","@version":"1","message":"Sep 18 02:27:03 honeypot-sgp-1 kernel: [84344127.329571] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=37028 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:27:21 honeypot-ams-1 sshd[3387]: Disconnected from authenticating user root 124.221.41.109 port 52586 [preauth]","@timestamp":"2022-09-18T02:27:22.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:30:37 honeypot-ams-1 sshd[3393]: Disconnected from authenticating user root 124.221.41.109 port 42652 [preauth]","@timestamp":"2022-09-18T02:30:38.768Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:32:10 honeypot-fra-1 sshd[26518]: Disconnected from authenticating user root 179.43.156.143 port 43794 [preauth]","@timestamp":"2022-09-18T02:32:10.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:32:49 honeypot-ams-1 sshd[3398]: Disconnected from authenticating user root 124.221.41.109 port 54814 [preauth]","@timestamp":"2022-09-18T02:32:49.832Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:33:55 honeypot-fra-1 sshd[26524]: Disconnected from authenticating user root 179.43.156.143 port 35964 [preauth]","@timestamp":"2022-09-18T02:33:55.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:35:05 honeypot-fra-1 sshd[26530]: Received disconnect from 179.43.156.143 port 59000:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:35:05.759Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:35:06 honeypot-ams-1 kernel: [84345086.814908] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.53 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=63632 PROTO=TCP SPT=61002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:35:06.899Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:36:15 honeypot-fra-1 sshd[26535]: Received disconnect from 179.43.156.143 port 53788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:36:15.788Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:37:06 honeypot-ams-1 sshd[3411]: Invalid user test from 45.183.192.14 port 54598","@timestamp":"2022-09-18T02:37:06.955Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:37:25 honeypot-fra-1 sshd[26539]: Received disconnect from 179.43.156.143 port 48608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:37:25.835Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:37:55.407Z","@version":"1","message":"Sep 18 02:37:54 honeypot-sgp-1 sshd[29528]: Connection closed by authenticating user root 179.60.147.69 port 15038 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:38:10 honeypot-ams-1 sshd[3415]: Disconnected from authenticating user root 165.227.160.124 port 43698 [preauth]","@timestamp":"2022-09-18T02:38:10.986Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:38:38 honeypot-fra-1 sshd[26543]: Disconnected from invalid user git 179.43.156.143 port 43408 [preauth]","@timestamp":"2022-09-18T02:38:38.864Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:17 honeypot-ams-1 sshd[3420]: Disconnected from authenticating user root 124.221.41.109 port 34622 [preauth]","@timestamp":"2022-09-18T02:39:18.020Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:33 honeypot-fra-1 sshd[26550]: Received disconnect from 165.22.45.108 port 37832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:39:33.887Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:45 honeypot-ams-1 sshd[3426]: Received disconnect from 84.122.178.78 port 34792:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:46.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:47 honeypot-ams-1 sshd[3432]: Received disconnect from 84.122.178.78 port 34856:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:48.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:48 honeypot-ams-1 sshd[3438]: Received disconnect from 84.122.178.78 port 34960:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:49.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:49 honeypot-ams-1 sshd[3444]: Received disconnect from 84.122.178.78 port 35020:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:50.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:51 honeypot-ams-1 sshd[3450]: Received disconnect from 84.122.178.78 port 35074:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:52.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:52 honeypot-ams-1 sshd[3456]: Received disconnect from 84.122.178.78 port 35134:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:53.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:53 honeypot-ams-1 sshd[3462]: Received disconnect from 84.122.178.78 port 35180:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:54.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:55 honeypot-ams-1 sshd[3468]: Received disconnect from 84.122.178.78 port 35284:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:56.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:56 honeypot-ams-1 sshd[3474]: Received disconnect from 84.122.178.78 port 35480:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:57.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:57 honeypot-ams-1 sshd[3480]: Received disconnect from 84.122.178.78 port 35544:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:58.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:59 honeypot-ams-1 sshd[3486]: Received disconnect from 84.122.178.78 port 35654:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:59.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:00 honeypot-ams-1 sshd[3492]: Received disconnect from 84.122.178.78 port 35730:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:01.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:01 honeypot-ams-1 sshd[3496]: Received disconnect from 84.122.178.78 port 35780:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:02.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:02 honeypot-ams-1 sshd[3500]: Received disconnect from 84.122.178.78 port 35806:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:03 honeypot-ams-1 sshd[3504]: Received disconnect from 84.122.178.78 port 35852:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:03 honeypot-ams-1 sshd[3508]: Received disconnect from 84.122.178.78 port 35882:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:04.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:04 honeypot-ams-1 sshd[3512]: Received disconnect from 84.122.178.78 port 35916:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:05.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:05 honeypot-ams-1 sshd[3516]: Disconnected from authenticating user root 84.122.178.78 port 36130 [preauth]","@timestamp":"2022-09-18T02:40:06.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:06 honeypot-ams-1 sshd[3522]: Invalid user pi from 84.122.178.78 port 36238","@timestamp":"2022-09-18T02:40:07.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:07 honeypot-ams-1 sshd[3526]: Invalid user ethos from 84.122.178.78 port 36286","@timestamp":"2022-09-18T02:40:08.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:08 honeypot-ams-1 sshd[3530]: Invalid user miner from 84.122.178.78 port 36366","@timestamp":"2022-09-18T02:40:09.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:09 honeypot-ams-1 sshd[3534]: Invalid user volumio from 84.122.178.78 port 36420","@timestamp":"2022-09-18T02:40:10.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:10 honeypot-ams-1 sshd[3538]: Invalid user nagios from 84.122.178.78 port 36464","@timestamp":"2022-09-18T02:40:11.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:11 honeypot-ams-1 sshd[3542]: Invalid user vagrant from 84.122.178.78 port 36516","@timestamp":"2022-09-18T02:40:12.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:12 honeypot-ams-1 sshd[3546]: Invalid user debian from 84.122.178.78 port 36552","@timestamp":"2022-09-18T02:40:13.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:13 honeypot-ams-1 sshd[3550]: Invalid user debian from 84.122.178.78 port 36606","@timestamp":"2022-09-18T02:40:14.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:14 honeypot-ams-1 sshd[3554]: Invalid user alarm from 84.122.178.78 port 36638","@timestamp":"2022-09-18T02:40:15.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3558]: Invalid user test from 84.122.178.78 port 36722","@timestamp":"2022-09-18T02:40:15.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3562]: Invalid user cirros from 84.122.178.78 port 36872","@timestamp":"2022-09-18T02:40:16.059Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:40:26 honeypot-fra-1 sshd[26554]: Invalid user hadoop from 179.43.156.143 port 35574","@timestamp":"2022-09-18T02:40:26.911Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:41 honeypot-ams-1 sshd[3566]: Received disconnect from 188.166.153.99 port 51362:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:41.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:41:14 honeypot-ams-1 sshd[3568]: Connection closed by authenticating user root 179.60.147.69 port 53252 [preauth]","@timestamp":"2022-09-18T02:41:15.091Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:41:41 honeypot-fra-1 sshd[26559]: Invalid user drcomadmin from 179.43.156.143 port 58618","@timestamp":"2022-09-18T02:41:41.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:42:20 honeypot-fra-1 sshd[26563]: Received disconnect from 179.43.156.143 port 56034:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:42:20.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:23 honeypot-ams-1 sshd[3577]: Received disconnect from 18.179.32.110 port 24437:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:24.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:27 honeypot-ams-1 sshd[3581]: Disconnected from authenticating user root 18.179.32.110 port 1657 [preauth]","@timestamp":"2022-09-18T02:42:28.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:32 honeypot-ams-1 sshd[3589]: Disconnected from authenticating user root 18.179.32.110 port 32557 [preauth]","@timestamp":"2022-09-18T02:42:33.130Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:36 honeypot-ams-1 sshd[3593]: Disconnected from authenticating user root 18.179.32.110 port 2745 [preauth]","@timestamp":"2022-09-18T02:42:37.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:42 honeypot-ams-1 sshd[3599]: Disconnected from authenticating user root 18.179.32.110 port 25581 [preauth]","@timestamp":"2022-09-18T02:42:43.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:48 honeypot-ams-1 sshd[3605]: Disconnected from authenticating user root 18.179.32.110 port 10389 [preauth]","@timestamp":"2022-09-18T02:42:48.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:53 honeypot-ams-1 sshd[3611]: Disconnected from authenticating user root 18.179.32.110 port 20273 [preauth]","@timestamp":"2022-09-18T02:42:54.144Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:59 honeypot-ams-1 sshd[3617]: Disconnected from authenticating user root 18.179.32.110 port 31567 [preauth]","@timestamp":"2022-09-18T02:43:00.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:04 honeypot-ams-1 sshd[3623]: Disconnected from authenticating user root 18.179.32.110 port 25121 [preauth]","@timestamp":"2022-09-18T02:43:05.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:10 honeypot-ams-1 sshd[3629]: Disconnected from authenticating user root 18.179.32.110 port 26593 [preauth]","@timestamp":"2022-09-18T02:43:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:16 honeypot-ams-1 sshd[3635]: Disconnected from authenticating user root 18.179.32.110 port 32173 [preauth]","@timestamp":"2022-09-18T02:43:17.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:21 honeypot-ams-1 sshd[3641]: Disconnected from authenticating user root 18.179.32.110 port 17717 [preauth]","@timestamp":"2022-09-18T02:43:22.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:27 honeypot-ams-1 sshd[3647]: Disconnected from authenticating user root 18.179.32.110 port 27925 [preauth]","@timestamp":"2022-09-18T02:43:28.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:31 honeypot-ams-1 sshd[3651]: Disconnected from invalid user admin 18.179.32.110 port 16547 [preauth]","@timestamp":"2022-09-18T02:43:32.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:35 honeypot-ams-1 sshd[3655]: Disconnected from invalid user admin 18.179.32.110 port 15969 [preauth]","@timestamp":"2022-09-18T02:43:36.171Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:43:37 honeypot-fra-1 sshd[26567]: Invalid user oracle from 179.43.156.143 port 50812","@timestamp":"2022-09-18T02:43:37.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:39 honeypot-ams-1 sshd[3661]: Disconnected from invalid user admin 18.179.32.110 port 24905 [preauth]","@timestamp":"2022-09-18T02:43:40.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:42 honeypot-ams-1 sshd[3665]: Invalid user admin from 18.179.32.110 port 8049","@timestamp":"2022-09-18T02:43:43.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:46 honeypot-ams-1 sshd[3669]: Invalid user admin from 18.179.32.110 port 20515","@timestamp":"2022-09-18T02:43:47.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:50 honeypot-ams-1 sshd[3673]: Received disconnect from 18.179.32.110 port 13719:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:51.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:54 honeypot-ams-1 sshd[3677]: Disconnected from invalid user pi 18.179.32.110 port 32547 [preauth]","@timestamp":"2022-09-18T02:43:55.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:58 honeypot-ams-1 sshd[3681]: Disconnected from invalid user user 18.179.32.110 port 13065 [preauth]","@timestamp":"2022-09-18T02:43:59.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:01 honeypot-ams-1 sshd[3685]: Disconnected from invalid user mine 18.179.32.110 port 20229 [preauth]","@timestamp":"2022-09-18T02:44:02.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:05 honeypot-ams-1 sshd[3689]: Disconnected from invalid user xbmc 18.179.32.110 port 13279 [preauth]","@timestamp":"2022-09-18T02:44:06.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:09 honeypot-ams-1 sshd[3693]: Disconnected from invalid user oracle 18.179.32.110 port 22985 [preauth]","@timestamp":"2022-09-18T02:44:10.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:13 honeypot-ams-1 sshd[3697]: Disconnected from invalid user postgres 18.179.32.110 port 11019 [preauth]","@timestamp":"2022-09-18T02:44:14.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:17 honeypot-ams-1 sshd[3701]: Disconnected from invalid user support 18.179.32.110 port 23899 [preauth]","@timestamp":"2022-09-18T02:44:18.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:21 honeypot-ams-1 sshd[3705]: Disconnected from invalid user ubuntu 18.179.32.110 port 16681 [preauth]","@timestamp":"2022-09-18T02:44:21.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:24 honeypot-ams-1 sshd[3709]: Disconnected from invalid user ubuntu 18.179.32.110 port 5185 [preauth]","@timestamp":"2022-09-18T02:44:25.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:28 honeypot-ams-1 sshd[3713]: Disconnected from invalid user guest 18.179.32.110 port 13529 [preauth]","@timestamp":"2022-09-18T02:44:29.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:32 honeypot-ams-1 sshd[3717]: Disconnected from invalid user cirros 18.179.32.110 port 23235 [preauth]","@timestamp":"2022-09-18T02:44:33.214Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:44:54 honeypot-fra-1 sshd[26571]: Disconnected from authenticating user root 179.43.156.143 port 45604 [preauth]","@timestamp":"2022-09-18T02:44:55.025Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:45:37 honeypot-fra-1 sshd[26577]: Received disconnect from 164.92.172.247 port 58074:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:45:38.045Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:45:47 honeypot-ams-1 sshd[3723]: Received disconnect from 124.221.41.109 port 42366:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:45:47.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:15 honeypot-fra-1 sshd[26582]: Disconnected from authenticating user root 179.43.156.143 port 40408 [preauth]","@timestamp":"2022-09-18T02:46:16.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:47:40 honeypot-fra-1 sshd[26588]: Received disconnect from 179.43.156.143 port 35202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:47:41.096Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:47:54 honeypot-ams-1 sshd[3728]: Disconnected from authenticating user root 124.221.41.109 port 54294 [preauth]","@timestamp":"2022-09-18T02:47:55.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:48:22 honeypot-fra-1 sshd[26592]: Disconnected from authenticating user root 179.43.156.143 port 60828 [preauth]","@timestamp":"2022-09-18T02:48:23.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:49:45 honeypot-fra-1 sshd[26598]: Received disconnect from 179.43.156.143 port 55636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:49:46.151Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:50:24 honeypot-ams-1 sshd[3735]: Did not receive identification string from 156.251.172.207 port 53628","@timestamp":"2022-09-18T02:50:25.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:50:50 honeypot-fra-1 kernel: [84343858.913845] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.170.201.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=6331 PROTO=TCP SPT=55130 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:50:51.179Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:33 honeypot-fra-1 sshd[26607]: Disconnected from invalid user cpu 118.70.170.120 port 58466 [preauth]","@timestamp":"2022-09-18T02:51:34.199Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:52:06.741Z","@version":"1","message":"Sep 18 02:52:06 honeypot-sgp-1 kernel: [84345629.955866] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=27899 PROTO=TCP SPT=49494 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:52:11 honeypot-ams-1 sshd[4182]: Disconnected from authenticating user root 124.221.41.109 port 49836 [preauth]","@timestamp":"2022-09-18T02:52:11.425Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:52:31 honeypot-fra-1 sshd[26611]: Disconnected from invalid user jenkins 179.43.156.143 port 45222 [preauth]","@timestamp":"2022-09-18T02:52:32.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:53:49 honeypot-fra-1 sshd[26617]: Received disconnect from 179.43.156.143 port 40014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:53:49.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:55:08 honeypot-fra-1 sshd[26621]: Disconnected from authenticating user root 179.43.156.143 port 34838 [preauth]","@timestamp":"2022-09-18T02:55:09.291Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:55:23 honeypot-ams-1 sshd[4189]: Disconnected from authenticating user root 124.221.41.109 port 39350 [preauth]","@timestamp":"2022-09-18T02:55:24.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:57:06 honeypot-fra-1 sshd[26628]: Received disconnect from 179.43.156.143 port 55264:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:57:07.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:57:13 honeypot-ams-1 kernel: [84346413.682035] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=42529 DF PROTO=TCP SPT=45528 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:57:14.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:57:59 honeypot-fra-1 kernel: [84344287.808851] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=59525 PROTO=TCP SPT=40408 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:57:59.362Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:59:35 honeypot-ams-1 sshd[4198]: Received disconnect from 124.221.41.109 port 34662:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:59:36.634Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:01:39 honeypot-fra-1 kernel: [84344507.949191] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.14.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58940 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:01:39.446Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:01:42 honeypot-ams-1 sshd[4202]: Disconnected from authenticating user root 124.221.41.109 port 46388 [preauth]","@timestamp":"2022-09-18T03:01:42.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:02:40 honeypot-fra-1 kernel: [84344569.415963] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=34340 PROTO=TCP SPT=44726 DPT=443 WINDOW=49878 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:02:41.475Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:03:44 honeypot-ams-1 sshd[4209]: Received disconnect from 92.255.85.69 port 63324:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:03:44.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:04:50 honeypot-ams-1 sshd[4214]: Disconnected from authenticating user root 124.221.41.109 port 35700 [preauth]","@timestamp":"2022-09-18T03:04:51.787Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:07:24 honeypot-ams-1 kernel: [84347024.440593] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=8381 PROTO=TCP SPT=50441 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:07:24.860Z"}
{"@timestamp":"2022-09-18T03:09:22.156Z","@version":"1","message":"Sep 18 03:09:21 honeypot-sgp-1 kernel: [84346664.936344] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.137.220 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=52426 PROTO=TCP SPT=50538 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:10:04 honeypot-ams-1 sshd[4225]: Disconnected from authenticating user root 124.221.41.109 port 36556 [preauth]","@timestamp":"2022-09-18T03:10:04.947Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:12:17 honeypot-ams-1 sshd[4231]: Received disconnect from 167.71.233.59 port 47412:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:12:18.008Z"}
{"@timestamp":"2022-09-18T03:12:35.238Z","@version":"1","message":"Sep 18 03:12:34 honeypot-sgp-1 kernel: [84346858.399785] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.72.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=41253 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:13:55 honeypot-ams-1 sshd[4235]: Disconnected from invalid user adrc 43.129.216.151 port 58786 [preauth]","@timestamp":"2022-09-18T03:13:56.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:15:12 honeypot-fra-1 sshd[26645]: Connection closed by authenticating user nobody 179.60.147.69 port 63556 [preauth]","@timestamp":"2022-09-18T03:15:12.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:16:16 honeypot-ams-1 sshd[4242]: Disconnected from authenticating user root 124.221.41.109 port 42998 [preauth]","@timestamp":"2022-09-18T03:16:17.116Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:17:39 honeypot-ams-1 kernel: [84347639.447038] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=33618 PROTO=TCP SPT=15330 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:17:40.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:20:27 honeypot-ams-1 sshd[4256]: Received disconnect from 124.221.41.109 port 37734:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:20:28.234Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:20:44 honeypot-fra-1 sshd[26651]: Received disconnect from 31.3.91.99 port 49110:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:20:45.893Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:22:29 honeypot-ams-1 sshd[4262]: Disconnected from authenticating user root 124.221.41.109 port 49184 [preauth]","@timestamp":"2022-09-18T03:22:30.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:25:34 honeypot-ams-1 sshd[4269]: Received disconnect from 124.221.41.109 port 38080:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:25:34.373Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:25:56 honeypot-fra-1 kernel: [84345964.669988] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=52876 PROTO=TCP SPT=44074 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:25:57.011Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T03:26:18.568Z","@version":"1","message":"Sep 18 03:26:18 honeypot-sgp-1 sshd[29567]: Received disconnect from 162.241.222.29 port 58404:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:27:36 honeypot-ams-1 sshd[4273]: Received disconnect from 124.221.41.109 port 49458:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:27:37.444Z"}
{"@timestamp":"2022-09-18T03:29:24.644Z","@version":"1","message":"Sep 18 03:29:24 honeypot-sgp-1 sshd[29572]: Disconnected from authenticating user root 46.105.29.159 port 60290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:30:37 honeypot-fra-1 sshd[26659]: Received disconnect from 92.255.85.70 port 57960:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:30:38.118Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:30:39 honeypot-ams-1 sshd[4280]: Received disconnect from 124.221.41.109 port 38228:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:30:40.526Z"}
{"@timestamp":"2022-09-18T03:31:11.688Z","@version":"1","message":"Sep 18 03:31:11 honeypot-sgp-1 sshd[29576]: Disconnected from invalid user avoska68 124.156.216.31 port 37110 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:33:10.739Z","@version":"1","message":"Sep 18 03:33:10 honeypot-sgp-1 sshd[29584]: Invalid user steam from 159.223.41.136 port 49432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:33:14 honeypot-ams-1 kernel: [84348574.204514] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.25.54.5 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=48292 PROTO=TCP SPT=38989 DPT=80 WINDOW=12710 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:33:14.595Z"}
{"@timestamp":"2022-09-18T03:34:06.762Z","@version":"1","message":"Sep 18 03:34:06 honeypot-sgp-1 sshd[29588]: Disconnected from authenticating user root 103.163.21.24 port 35608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:08.765Z","@version":"1","message":"Sep 18 03:34:08 honeypot-sgp-1 sshd[29594]: Received disconnect from 103.163.21.24 port 35672:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:10.766Z","@version":"1","message":"Sep 18 03:34:10 honeypot-sgp-1 sshd[29600]: Received disconnect from 103.163.21.24 port 35735:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:12.767Z","@version":"1","message":"Sep 18 03:34:12 honeypot-sgp-1 sshd[29606]: Received disconnect from 103.163.21.24 port 35795:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:14.769Z","@version":"1","message":"Sep 18 03:34:14 honeypot-sgp-1 sshd[29612]: Received disconnect from 103.163.21.24 port 35858:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:16.770Z","@version":"1","message":"Sep 18 03:34:15 honeypot-sgp-1 sshd[29618]: Received disconnect from 103.163.21.24 port 35919:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:18.771Z","@version":"1","message":"Sep 18 03:34:17 honeypot-sgp-1 sshd[29624]: Received disconnect from 103.163.21.24 port 35983:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:19.772Z","@version":"1","message":"Sep 18 03:34:19 honeypot-sgp-1 sshd[29626]: Received disconnect from 157.230.178.127 port 59262:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:21.773Z","@version":"1","message":"Sep 18 03:34:21 honeypot-sgp-1 sshd[29636]: Received disconnect from 103.163.21.24 port 36086:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:23.775Z","@version":"1","message":"Sep 18 03:34:22 honeypot-sgp-1 sshd[29642]: Received disconnect from 103.163.21.24 port 36146:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:25.777Z","@version":"1","message":"Sep 18 03:34:24 honeypot-sgp-1 sshd[29648]: Received disconnect from 103.163.21.24 port 36209:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:26.777Z","@version":"1","message":"Sep 18 03:34:26 honeypot-sgp-1 sshd[29654]: Received disconnect from 103.163.21.24 port 36277:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:28.779Z","@version":"1","message":"Sep 18 03:34:28 honeypot-sgp-1 sshd[29660]: Received disconnect from 103.163.21.24 port 36340:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:30.780Z","@version":"1","message":"Sep 18 03:34:29 honeypot-sgp-1 sshd[29664]: Received disconnect from 103.163.21.24 port 36382:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:31.781Z","@version":"1","message":"Sep 18 03:34:31 honeypot-sgp-1 sshd[29668]: Received disconnect from 103.163.21.24 port 36422:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:32.781Z","@version":"1","message":"Sep 18 03:34:32 honeypot-sgp-1 sshd[29672]: Received disconnect from 103.163.21.24 port 36467:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:33.782Z","@version":"1","message":"Sep 18 03:34:33 honeypot-sgp-1 sshd[29676]: Received disconnect from 103.163.21.24 port 36507:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:35.783Z","@version":"1","message":"Sep 18 03:34:35 honeypot-sgp-1 sshd[29680]: Received disconnect from 103.163.21.24 port 36549:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:36.784Z","@version":"1","message":"Sep 18 03:34:36 honeypot-sgp-1 sshd[29684]: Disconnected from authenticating user root 103.163.21.24 port 36588 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:38.787Z","@version":"1","message":"Sep 18 03:34:38 honeypot-sgp-1 sshd[29690]: Invalid user pi from 103.163.21.24 port 36652","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:39.788Z","@version":"1","message":"Sep 18 03:34:39 honeypot-sgp-1 sshd[29694]: Invalid user ethos from 103.163.21.24 port 36694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:40.788Z","@version":"1","message":"Sep 18 03:34:40 honeypot-sgp-1 sshd[29698]: Invalid user miner from 103.163.21.24 port 36738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:42.789Z","@version":"1","message":"Sep 18 03:34:41 honeypot-sgp-1 sshd[29702]: Invalid user volumio from 103.163.21.24 port 36778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:43.790Z","@version":"1","message":"Sep 18 03:34:43 honeypot-sgp-1 sshd[29706]: Invalid user nagios from 103.163.21.24 port 36822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:44.791Z","@version":"1","message":"Sep 18 03:34:44 honeypot-sgp-1 sshd[29710]: Invalid user vagrant from 103.163.21.24 port 36865","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:45.792Z","@version":"1","message":"Sep 18 03:34:45 honeypot-sgp-1 sshd[29714]: Invalid user debian from 103.163.21.24 port 36905","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:34:46 honeypot-fra-1 sshd[26663]: Received disconnect from 52.149.180.228 port 37170:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:34:47.213Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:34:47.793Z","@version":"1","message":"Sep 18 03:34:47 honeypot-sgp-1 sshd[29718]: Invalid user debian from 103.163.21.24 port 36942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:48.793Z","@version":"1","message":"Sep 18 03:34:48 honeypot-sgp-1 sshd[29722]: Invalid user alarm from 103.163.21.24 port 36981","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:49.794Z","@version":"1","message":"Sep 18 03:34:49 honeypot-sgp-1 sshd[29726]: Invalid user test from 103.163.21.24 port 37021","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:51.795Z","@version":"1","message":"Sep 18 03:34:50 honeypot-sgp-1 sshd[29730]: Invalid user cirros from 103.163.21.24 port 37062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:35:04.801Z","@version":"1","message":"Sep 18 03:35:04 honeypot-sgp-1 kernel: [84348207.899449] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=10554 PROTO=TCP SPT=44074 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:35:43 honeypot-ams-1 sshd[4291]: Disconnected from authenticating user root 124.221.41.109 port 38202 [preauth]","@timestamp":"2022-09-18T03:35:43.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:38:45 honeypot-ams-1 sshd[4297]: Disconnected from authenticating user root 124.221.41.109 port 55076 [preauth]","@timestamp":"2022-09-18T03:38:46.744Z"}
{"@timestamp":"2022-09-18T03:39:02.897Z","@version":"1","message":"Sep 18 03:39:02 honeypot-sgp-1 kernel: [84348445.508792] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42882 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:40:48 honeypot-ams-1 sshd[4304]: Received disconnect from 124.221.41.109 port 38074:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:40:48.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:42:48 honeypot-ams-1 sshd[4308]: Disconnected from authenticating user root 124.221.41.109 port 49292 [preauth]","@timestamp":"2022-09-18T03:42:49.858Z"}
{"@timestamp":"2022-09-18T03:43:06.996Z","@version":"1","message":"Sep 18 03:43:06 honeypot-sgp-1 sshd[29744]: Invalid user devuser from 139.59.102.10 port 55306","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:44:32 honeypot-fra-1 sshd[26667]: Received disconnect from 103.226.248.146 port 44460:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:44:33.432Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:45:48 honeypot-ams-1 sshd[4315]: Received disconnect from 124.221.41.109 port 37846:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:45:48.937Z"}
{"@timestamp":"2022-09-18T03:47:36.106Z","@version":"1","message":"Sep 18 03:47:35 honeypot-sgp-1 kernel: [84348959.040325] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15981 PROTO=TCP SPT=58763 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:48:50 honeypot-ams-1 kernel: [84349510.740316] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38916 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:48:51.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:50:50 honeypot-ams-1 sshd[4326]: Disconnected from authenticating user root 124.221.41.109 port 37512 [preauth]","@timestamp":"2022-09-18T03:50:51.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:53:36 honeypot-ams-1 sshd[4332]: Connection closed by invalid user default 179.60.147.69 port 49100 [preauth]","@timestamp":"2022-09-18T03:53:36.146Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:55:06 honeypot-fra-1 sshd[26673]: Invalid user admin from 119.240.188.148 port 62200","@timestamp":"2022-09-18T03:55:06.673Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:55:48 honeypot-ams-1 sshd[4339]: Received disconnect from 124.221.41.109 port 37034:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:55:49.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:57:47 honeypot-ams-1 sshd[4343]: Disconnected from authenticating user root 124.221.41.109 port 48106 [preauth]","@timestamp":"2022-09-18T03:57:48.261Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:00:43 honeypot-fra-1 sshd[26676]: Disconnected from authenticating user root 92.255.85.70 port 40708 [preauth]","@timestamp":"2022-09-18T04:00:44.817Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:00:47 honeypot-ams-1 sshd[4350]: Received disconnect from 124.221.41.109 port 36442:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:00:47.343Z"}
{"@timestamp":"2022-09-18T04:01:19.432Z","@version":"1","message":"Sep 18 04:01:18 honeypot-sgp-1 sshd[29753]: Invalid user hack from 103.225.124.210 port 47754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T04:02:38.466Z","@version":"1","message":"Sep 18 04:02:38 honeypot-sgp-1 sshd[29757]: Disconnected from authenticating user root 162.215.1.51 port 46510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:03:44 honeypot-ams-1 sshd[4356]: Received disconnect from 124.221.41.109 port 52962:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:03:45.422Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:05:35 honeypot-fra-1 sshd[26681]: Disconnected from invalid user temp 135.125.233.142 port 39374 [preauth]","@timestamp":"2022-09-18T04:05:35.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:06:42 honeypot-ams-1 sshd[4363]: Received disconnect from 124.221.41.109 port 41172:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:06:42.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:09:37 honeypot-ams-1 sshd[4369]: Received disconnect from 124.221.41.109 port 57526:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:09:37.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:10:24 honeypot-ams-1 sshd[4373]: Disconnected from authenticating user root 92.255.85.70 port 29904 [preauth]","@timestamp":"2022-09-18T04:10:25.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:12:32 honeypot-ams-1 sshd[4382]: Disconnected from authenticating user root 61.177.173.50 port 46126 [preauth]","@timestamp":"2022-09-18T04:12:32.657Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:14:21 honeypot-ams-1 sshd[4386]: Disconnected from authenticating user root 61.177.173.36 port 13213 [preauth]","@timestamp":"2022-09-18T04:14:21.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:16:28 honeypot-ams-1 sshd[4392]: Disconnected from authenticating user root 124.221.41.109 port 39032 [preauth]","@timestamp":"2022-09-18T04:16:28.764Z"}
{"@timestamp":"2022-09-18T04:17:02.805Z","@version":"1","message":"Sep 18 04:17:01 honeypot-sgp-1 CRON[29763]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:18:24 honeypot-ams-1 sshd[4402]: Received disconnect from 124.221.41.109 port 49808:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:18:24.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:20:19 honeypot-ams-1 sshd[4406]: Disconnected from authenticating user root 124.221.41.109 port 60562 [preauth]","@timestamp":"2022-09-18T04:20:19.872Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:22:35 honeypot-fra-1 sshd[26705]: Received disconnect from 91.164.189.52 port 11152:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:22:36.323Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:23:13 honeypot-ams-1 sshd[4415]: Disconnected from authenticating user root 124.221.41.109 port 48428 [preauth]","@timestamp":"2022-09-18T04:23:13.950Z"}
{"@timestamp":"2022-09-18T04:24:16.979Z","@version":"1","message":"Sep 18 04:24:16 honeypot-sgp-1 kernel: [84351159.939970] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.180.224.103 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40845 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:25:07 honeypot-ams-1 sshd[4421]: Disconnected from authenticating user root 124.221.41.109 port 59122 [preauth]","@timestamp":"2022-09-18T04:25:08.002Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:27:54 honeypot-fra-1 sshd[26710]: Invalid user ubnt from 179.60.147.69 port 61164","@timestamp":"2022-09-18T04:27:54.446Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:27:59 honeypot-ams-1 sshd[4428]: Disconnected from authenticating user root 124.221.41.109 port 46872 [preauth]","@timestamp":"2022-09-18T04:28:00.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:29:10 honeypot-ams-1 sshd[4435]: Received disconnect from 222.252.243.104 port 62892:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:29:11.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:29:53 honeypot-ams-1 sshd[4441]: Disconnected from authenticating user root 124.221.41.109 port 57506 [preauth]","@timestamp":"2022-09-18T04:29:54.135Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:30:58 honeypot-ams-1 kernel: [84352038.545553] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.4.80.223 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=57110 DF PROTO=TCP SPT=43318 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:30:59.166Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:32:16 honeypot-ams-1 kernel: [84352116.269952] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=3423 DF PROTO=TCP SPT=64939 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T04:32:17.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:32:45 honeypot-ams-1 sshd[4451]: Disconnected from authenticating user root 124.221.41.109 port 45190 [preauth]","@timestamp":"2022-09-18T04:32:46.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:34:54 honeypot-ams-1 sshd[4458]: Received disconnect from 43.154.4.192 port 41826:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:34:55.276Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:35:21 honeypot-fra-1 sshd[26716]: Connection closed by invalid user admin 193.106.191.157 port 57894 [preauth]","@timestamp":"2022-09-18T04:35:21.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:36:15 honeypot-ams-1 sshd[4462]: Disconnected from invalid user taf 109.234.36.47 port 44444 [preauth]","@timestamp":"2022-09-18T04:36:16.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:37:29 honeypot-ams-1 sshd[4476]: Disconnected from authenticating user root 124.221.41.109 port 43336 [preauth]","@timestamp":"2022-09-18T04:37:30.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:11 honeypot-fra-1 sshd[26721]: Invalid user user from 45.61.186.169 port 56296","@timestamp":"2022-09-18T04:39:12.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:39:13 honeypot-ams-1 kernel: [84352533.299561] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.4.80.223 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=30890 PROTO=TCP SPT=55705 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:39:13.395Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:29 honeypot-fra-1 sshd[26725]: Invalid user user from 45.61.186.169 port 51154","@timestamp":"2022-09-18T04:39:29.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:45 honeypot-fra-1 sshd[26729]: Invalid user user from 45.61.186.169 port 46002","@timestamp":"2022-09-18T04:39:45.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:39:50 honeypot-ams-1 sshd[4489]: Received disconnect from 61.177.173.36 port 31419:11:  [preauth]","@timestamp":"2022-09-18T04:39:51.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:40:51 honeypot-ams-1 sshd[4493]: Invalid user squid from 185.149.120.61 port 51412","@timestamp":"2022-09-18T04:40:51.445Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:41:56 honeypot-ams-1 sshd[4497]: Received disconnect from 207.154.205.115 port 53364:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:41:57.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:42:17 honeypot-ams-1 sshd[4503]: Received disconnect from 27.118.22.221 port 47858:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:42:17.489Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:42:46 honeypot-fra-1 sshd[26734]: Invalid user eden from 34.102.23.246 port 59996","@timestamp":"2022-09-18T04:42:46.797Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:44:04 honeypot-ams-1 sshd[4507]: Disconnected from authenticating user root 124.221.41.109 port 51720 [preauth]","@timestamp":"2022-09-18T04:44:05.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:45:57 honeypot-ams-1 sshd[4517]: Received disconnect from 124.221.41.109 port 33874:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:45:58.586Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:47:35 honeypot-ams-1 kernel: [84353035.423483] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=3584 DF PROTO=TCP SPT=50645 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T04:47:35.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:49:40 honeypot-ams-1 sshd[4525]: Received disconnect from 124.221.41.109 port 54534:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:49:41.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:51:10 honeypot-ams-1 sshd[4532]: Received disconnect from 61.177.173.36 port 58070:11:  [preauth]","@timestamp":"2022-09-18T04:51:10.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:52:27 honeypot-ams-1 sshd[4536]: Disconnected from authenticating user root 124.221.41.109 port 41750 [preauth]","@timestamp":"2022-09-18T04:52:27.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:54:18 honeypot-ams-1 sshd[4542]: Disconnected from authenticating user root 124.221.41.109 port 52026 [preauth]","@timestamp":"2022-09-18T04:54:18.821Z"}
{"@timestamp":"2022-09-18T04:55:06.726Z","@version":"1","message":"Sep 18 04:55:06 honeypot-sgp-1 kernel: [84353009.658134] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=25547 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:55:23 honeypot-ams-1 kernel: [84353503.749009] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.4.80.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=29033 PROTO=TCP SPT=55705 DPT=3389 WINDOW=0 RES=0x00 ACK RST URGP=0 ","@timestamp":"2022-09-18T04:55:23.855Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:56:32 honeypot-fra-1 kernel: [84351400.418030] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=21582 PROTO=TCP SPT=45995 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:56:32.110Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:57:04 honeypot-ams-1 sshd[4552]: Received disconnect from 124.221.41.109 port 39166:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:57:04.902Z"}
{"@timestamp":"2022-09-18T04:57:48.793Z","@version":"1","message":"Sep 18 04:57:48 honeypot-sgp-1 kernel: [84353171.993369] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=38912 PROTO=TCP SPT=54589 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:58:54 honeypot-ams-1 sshd[4558]: Disconnected from authenticating user root 124.221.41.109 port 49380 [preauth]","@timestamp":"2022-09-18T04:58:54.954Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:00:37 honeypot-ams-1 sshd[4565]: Received disconnect from 61.177.173.49 port 42792:11:  [preauth]","@timestamp":"2022-09-18T05:00:38.003Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:01:38 honeypot-fra-1 kernel: [84351706.343749] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.184 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5194 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:01:38.229Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:01:50 honeypot-ams-1 kernel: [84353890.774189] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.27 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34851 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:01:51.038Z"}
{"@timestamp":"2022-09-18T05:02:53.920Z","@version":"1","message":"Sep 18 05:02:53 honeypot-sgp-1 sshd[29784]: Connection closed by invalid user ubnt 179.60.147.69 port 3304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:03:56 honeypot-ams-1 sshd[4579]: Disconnected from authenticating user root 61.177.173.37 port 38621 [preauth]","@timestamp":"2022-09-18T05:03:57.095Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:05:20 honeypot-fra-1 sshd[26749]: Received disconnect from 34.80.217.216 port 60314:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:05:21.315Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:06:10 honeypot-ams-1 sshd[4585]: Disconnected from authenticating user root 124.221.41.109 port 33518 [preauth]","@timestamp":"2022-09-18T05:06:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:07:59 honeypot-ams-1 sshd[4592]: Disconnected from authenticating user root 124.221.41.109 port 43604 [preauth]","@timestamp":"2022-09-18T05:08:00.203Z"}
{"@timestamp":"2022-09-18T05:08:21.056Z","@version":"1","message":"Sep 18 05:08:20 honeypot-sgp-1 sshd[29789]: Disconnected from invalid user mayrene 210.22.111.77 port 44886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:08:53 honeypot-ams-1 sshd[4598]: Received disconnect from 124.221.41.109 port 48638:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:08:54.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:10:43 honeypot-ams-1 sshd[4606]: Disconnected from authenticating user root 183.192.0.18 port 43718 [preauth]","@timestamp":"2022-09-18T05:10:43.282Z"}
{"@timestamp":"2022-09-18T05:11:14.128Z","@version":"1","message":"Sep 18 05:11:13 honeypot-sgp-1 sshd[29793]: Disconnected from authenticating user root 178.27.237.198 port 46408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:11:57 honeypot-ams-1 kernel: [84354497.874782] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.95.39.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=37350 PROTO=TCP SPT=44962 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:11:58.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:14:07 honeypot-ams-1 sshd[4615]: Disconnected from authenticating user root 61.177.173.35 port 34334 [preauth]","@timestamp":"2022-09-18T05:14:07.378Z"}
{"@timestamp":"2022-09-18T05:14:50.217Z","@version":"1","message":"Sep 18 05:14:49 honeypot-sgp-1 sshd[29798]: Received disconnect from 20.225.61.197 port 55590:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:15:12 honeypot-fra-1 sshd[26753]: Received disconnect from 181.30.39.106 port 55802:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:15:13.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:15:52 honeypot-ams-1 sshd[4623]: Received disconnect from 64.227.183.182 port 41410:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:15:53.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:01 honeypot-ams-1 CRON[4633]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T05:17:01.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:58 honeypot-ams-1 sshd[4641]: Invalid user tushar from 196.223.151.194 port 49886","@timestamp":"2022-09-18T05:17:58.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:19:40 honeypot-ams-1 sshd[4645]: Disconnected from authenticating user root 124.221.41.109 port 52186 [preauth]","@timestamp":"2022-09-18T05:19:41.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:20:42 honeypot-fra-1 sshd[26759]: Invalid user admin from 193.106.191.157 port 60088","@timestamp":"2022-09-18T05:20:42.691Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:21:33 honeypot-ams-1 kernel: [84355073.777017] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=32759 DF PROTO=TCP SPT=63649 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T05:21:34.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:23:16 honeypot-ams-1 sshd[4654]: Disconnected from authenticating user root 124.221.41.109 port 43818 [preauth]","@timestamp":"2022-09-18T05:23:16.633Z"}
{"@timestamp":"2022-09-18T05:23:32.425Z","@version":"1","message":"Sep 18 05:23:31 honeypot-sgp-1 sshd[29807]: Invalid user daniel from 181.48.60.50 port 45576","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T05:24:45.476Z","@version":"1","message":"Sep 18 05:24:44 honeypot-sgp-1 sshd[29811]: Received disconnect from 102.219.33.70 port 34644:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:25:02 honeypot-ams-1 sshd[4662]: Received disconnect from 124.221.41.109 port 53724:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:25:02.682Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:26:01 honeypot-fra-1 sshd[26765]: Invalid user bash from 45.249.247.148 port 34720","@timestamp":"2022-09-18T05:26:01.815Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:26:47 honeypot-ams-1 sshd[4668]: Received disconnect from 124.221.41.109 port 35378:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:26:47.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:27:41 honeypot-ams-1 sshd[4672]: Disconnected from authenticating user root 124.221.41.109 port 40314 [preauth]","@timestamp":"2022-09-18T05:27:41.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:29:27 honeypot-ams-1 sshd[4677]: Disconnected from authenticating user root 124.221.41.109 port 50172 [preauth]","@timestamp":"2022-09-18T05:29:27.808Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:30:52 honeypot-ams-1 kernel: [84355632.318485] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=41658 PROTO=TCP SPT=51636 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:30:52.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:33:44 honeypot-ams-1 sshd[4692]: Received disconnect from 60.210.40.210 port 2457:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:33:44.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:37:22 honeypot-ams-1 sshd[4696]: Disconnected from authenticating user root 61.177.173.47 port 16612 [preauth]","@timestamp":"2022-09-18T05:37:23.031Z"}
{"@timestamp":"2022-09-18T05:38:59.816Z","@version":"1","message":"Sep 18 05:38:59 honeypot-sgp-1 sshd[29815]: Invalid user test from 179.60.147.69 port 23052","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:39:16 honeypot-fra-1 sshd[26768]: Received disconnect from 92.255.85.70 port 33210:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:39:16.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:40:06 honeypot-fra-1 sshd[26772]: Connection closed by invalid user test 179.60.147.69 port 1424 [preauth]","@timestamp":"2022-09-18T05:40:07.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:45:40 honeypot-ams-1 sshd[4701]: Received disconnect from 92.255.85.70 port 51592:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:45:41.248Z"}
{"@timestamp":"2022-09-18T05:49:06.063Z","@version":"1","message":"Sep 18 05:49:05 honeypot-sgp-1 kernel: [84356249.250180] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.133 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36635 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T05:53:56.179Z","@version":"1","message":"Sep 18 05:53:55 honeypot-sgp-1 kernel: [84356538.821722] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.194.196 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56653 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:56:57 honeypot-ams-1 sshd[4715]: Received disconnect from 61.177.173.50 port 58592:11:  [preauth]","@timestamp":"2022-09-18T05:56:57.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:57:40 honeypot-ams-1 sshd[4719]: Received disconnect from 176.122.138.198 port 48190:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:57:40.567Z"}
{"@timestamp":"2022-09-18T06:03:07.423Z","@version":"1","message":"Sep 18 06:03:07 honeypot-sgp-1 kernel: [84357090.754380] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.53 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=38126 PROTO=TCP SPT=61002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:05:53 honeypot-ams-1 kernel: [84357733.065455] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.89.30.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=4133 PROTO=TCP SPT=8637 DPT=443 WINDOW=57760 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:05:53.784Z"}
{"@timestamp":"2022-09-18T06:07:52.538Z","@version":"1","message":"Sep 18 06:07:52 honeypot-sgp-1 sshd[29827]: Disconnected from invalid user trac 109.195.242.57 port 36352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:08:17 honeypot-fra-1 kernel: [84355705.251983] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1380 PROTO=TCP SPT=40751 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:08:17.771Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T06:14:12.694Z","@version":"1","message":"Sep 18 06:14:12 honeypot-sgp-1 kernel: [84357755.425893] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=49149 DF PROTO=TCP SPT=50187 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:15:00 honeypot-ams-1 kernel: [84358280.225507] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54076 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:15:01.025Z"}
{"@timestamp":"2022-09-18T06:17:01.765Z","@version":"1","message":"Sep 18 06:17:01 honeypot-sgp-1 CRON[29833]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:18:28 honeypot-ams-1 sshd[4828]: Invalid user guest from 179.60.147.69 port 3294","@timestamp":"2022-09-18T06:18:29.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:19:04 honeypot-fra-1 kernel: [84356352.961014] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=74.82.47.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=45918 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:19:05.015Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:22:31 honeypot-fra-1 kernel: [84356559.344217] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=34805 PROTO=TCP SPT=41372 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:22:32.095Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T06:25:04.971Z","@version":"1","message":"Sep 18 06:25:04 honeypot-sgp-1 CRON[29839]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:25:06 honeypot-ams-1 CRON[4837]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T06:25:06.410Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:27:14 honeypot-fra-1 kernel: [84356842.736063] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24411 PROTO=TCP SPT=42069 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:27:15.208Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:25 honeypot-ams-1 sshd[5019]: Disconnected from authenticating user root 46.19.141.122 port 51256 [preauth]","@timestamp":"2022-09-18T06:31:26.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:58 honeypot-ams-1 sshd[5025]: Invalid user admin from 46.19.141.122 port 47688","@timestamp":"2022-09-18T06:31:58.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:24 honeypot-ams-1 sshd[5029]: Invalid user user from 46.19.141.122 port 41652","@timestamp":"2022-09-18T06:32:24.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:16 honeypot-ams-1 sshd[5033]: Invalid user pi from 46.19.141.122 port 40520","@timestamp":"2022-09-18T06:33:16.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:42 honeypot-ams-1 sshd[5037]: Invalid user ubnt from 46.19.141.122 port 48362","@timestamp":"2022-09-18T06:33:43.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:11 honeypot-ams-1 sshd[5041]: Invalid user support from 46.19.141.122 port 41872","@timestamp":"2022-09-18T06:34:11.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:34:34 honeypot-fra-1 kernel: [84357282.874817] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.145.84 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=41620 PROTO=TCP SPT=49356 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:34:35.375Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:34:40 honeypot-ams-1 kernel: [84359460.230062] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=10152 PROTO=TCP SPT=41964 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:34:40.676Z"}
{"@timestamp":"2022-09-18T06:34:51.210Z","@version":"1","message":"Sep 18 06:34:50 honeypot-sgp-1 sshd[29984]: Invalid user user from 45.61.186.249 port 59658","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:09.219Z","@version":"1","message":"Sep 18 06:35:09 honeypot-sgp-1 sshd[29988]: Invalid user user from 45.61.186.249 port 55016","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:11 honeypot-ams-1 sshd[5052]: Received disconnect from 46.19.141.122 port 56566:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:35:11.692Z"}
{"@timestamp":"2022-09-18T06:35:27.227Z","@version":"1","message":"Sep 18 06:35:26 honeypot-sgp-1 sshd[29992]: Invalid user user from 45.61.186.249 port 50314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:43.236Z","@version":"1","message":"Sep 18 06:35:42 honeypot-sgp-1 sshd[29996]: Invalid user user from 45.61.186.249 port 45650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:45 honeypot-ams-1 sshd[5058]: Received disconnect from 46.19.141.122 port 59724:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:35:45.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:36:22 honeypot-ams-1 sshd[5066]: Invalid user admin from 46.19.141.122 port 37144","@timestamp":"2022-09-18T06:36:22.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:37:22 honeypot-ams-1 sshd[5070]: Received disconnect from 61.177.172.98 port 10435:11:  [preauth]","@timestamp":"2022-09-18T06:37:22.759Z"}
{"@timestamp":"2022-09-18T06:37:32.281Z","@version":"1","message":"Sep 18 06:37:31 honeypot-sgp-1 kernel: [84359154.986220] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=28270 DF PROTO=TCP SPT=50422 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:39:06.323Z","@version":"1","message":"Sep 18 06:39:05 honeypot-sgp-1 kernel: [84359248.857055] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.38.12.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=33799 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:42:03.399Z","@version":"1","message":"Sep 18 06:42:03 honeypot-sgp-1 kernel: [84359426.549662] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=65216 PROTO=TCP SPT=51636 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:42:13.405Z","@version":"1","message":"Sep 18 06:42:13 honeypot-sgp-1 sshd[30007]: Disconnected from invalid user admin 87.219.167.59 port 47718 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:43:45 honeypot-fra-1 sshd[27026]: Invalid user wpyan from 58.246.187.126 port 28627","@timestamp":"2022-09-18T06:43:46.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:15 honeypot-fra-1 sshd[27029]: Disconnected from invalid user user 45.61.187.160 port 51764 [preauth]","@timestamp":"2022-09-18T06:44:15.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:24 honeypot-fra-1 sshd[27033]: Disconnected from invalid user user 45.61.187.160 port 35332 [preauth]","@timestamp":"2022-09-18T06:44:24.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:42 honeypot-fra-1 sshd[27037]: Disconnected from invalid user user 45.61.187.160 port 58906 [preauth]","@timestamp":"2022-09-18T06:44:42.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:59 honeypot-fra-1 sshd[27041]: Disconnected from invalid user user 45.61.187.160 port 54248 [preauth]","@timestamp":"2022-09-18T06:45:00.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:45:22 honeypot-fra-1 sshd[27046]: Received disconnect from 94.253.14.90 port 38232:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:45:22.632Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:46:57 honeypot-fra-1 sshd[27050]: Received disconnect from 165.22.45.108 port 54354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:46:58.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:47:01 honeypot-ams-1 CRON[5077]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T06:47:02.009Z"}
{"@timestamp":"2022-09-18T06:47:36.537Z","@version":"1","message":"Sep 18 06:47:35 honeypot-sgp-1 sshd[30032]: Disconnected from authenticating user root 97.74.83.174 port 51740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:48:44 honeypot-fra-1 sshd[27078]: Invalid user admin from 107.173.156.165 port 57136","@timestamp":"2022-09-18T06:48:44.715Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:52:15 honeypot-fra-1 sshd[27083]: Received disconnect from 92.255.85.70 port 29060:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:52:15.795Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:54:19 honeypot-ams-1 kernel: [84360639.801806] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.58.118.141 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=35941 PROTO=TCP SPT=61445 DPT=80 WINDOW=13277 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:54:20.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:08 honeypot-ams-1 sshd[5181]: Received disconnect from 45.61.184.204 port 45010:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:56:09.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:26 honeypot-ams-1 sshd[5185]: Invalid user user from 45.61.184.204 port 40398","@timestamp":"2022-09-18T06:56:27.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:40 honeypot-ams-1 sshd[5189]: Received disconnect from 61.177.173.36 port 57559:11:  [preauth]","@timestamp":"2022-09-18T06:56:41.275Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:54 honeypot-ams-1 sshd[5201]: Received disconnect from 45.61.184.204 port 47582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:56:55.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:57:42 honeypot-fra-1 sshd[27089]: Connection closed by invalid user user1 103.188.176.251 port 49836 [preauth]","@timestamp":"2022-09-18T06:57:42.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:59:38.826Z","@version":"1","message":"Sep 18 06:59:37 honeypot-sgp-1 sshd[30039]: Connection closed by 221.185.76.103 port 33444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:00:05 honeypot-ams-1 sshd[5205]: Disconnected from authenticating user root 61.177.173.49 port 59305 [preauth]","@timestamp":"2022-09-18T07:00:05.366Z"}
{"@timestamp":"2022-09-18T07:03:49.932Z","@version":"1","message":"Sep 18 07:03:49 honeypot-sgp-1 kernel: [84360733.064707] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59911 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:06:04 honeypot-ams-1 kernel: [84361343.961291] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.156.73.58 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=34333 PROTO=TCP SPT=51774 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:06:04.524Z"}
{"@timestamp":"2022-09-18T07:08:06.038Z","@version":"1","message":"Sep 18 07:08:05 honeypot-sgp-1 kernel: [84360988.978913] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=43009 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:08:21 honeypot-fra-1 kernel: [84359309.785444] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.241 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40234 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:08:22.160Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T07:11:45.130Z","@version":"1","message":"Sep 18 07:11:44 honeypot-sgp-1 kernel: [84361207.932531] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30195 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:15:57 honeypot-fra-1 sshd[27099]: Disconnected from invalid user user 45.61.187.160 port 57026 [preauth]","@timestamp":"2022-09-18T07:15:58.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:15 honeypot-fra-1 sshd[27104]: Disconnected from invalid user user 45.61.187.160 port 52748 [preauth]","@timestamp":"2022-09-18T07:16:16.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:32 honeypot-fra-1 sshd[27108]: Disconnected from invalid user user 45.61.187.160 port 48422 [preauth]","@timestamp":"2022-09-18T07:16:33.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:48 honeypot-fra-1 sshd[27112]: Disconnected from invalid user user 45.61.187.160 port 44114 [preauth]","@timestamp":"2022-09-18T07:16:49.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:17:01.260Z","@version":"1","message":"Sep 18 07:17:01 honeypot-sgp-1 CRON[30152]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:17:01 honeypot-ams-1 CRON[5228]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T07:17:01.938Z"}
{"@timestamp":"2022-09-18T07:20:18.342Z","@version":"1","message":"Sep 18 07:20:18 honeypot-sgp-1 sshd[30159]: Invalid user test2 from 103.188.176.251 port 34134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:21:32 honeypot-ams-1 kernel: [84362272.653868] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.196.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46328 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:21:33.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:23:00 honeypot-fra-1 sshd[27120]: error: maximum authentication attempts exceeded for invalid user admin from 135.129.133.147 port 38385 ssh2 [preauth]","@timestamp":"2022-09-18T07:23:00.496Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:26:52 honeypot-ams-1 sshd[5241]: Received disconnect from 45.61.184.204 port 36816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:26:53.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:10 honeypot-ams-1 sshd[5246]: Invalid user user from 45.61.184.204 port 60554","@timestamp":"2022-09-18T07:27:11.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:27:11 honeypot-fra-1 sshd[27126]: Disconnected from authenticating user root 165.227.232.25 port 56862 [preauth]","@timestamp":"2022-09-18T07:27:11.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:25 honeypot-ams-1 sshd[5250]: Received disconnect from 61.177.173.37 port 43220:11:  [preauth]","@timestamp":"2022-09-18T07:27:26.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:37 honeypot-ams-1 sshd[5254]: Received disconnect from 45.61.184.204 port 39684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:27:38.226Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:30:53 honeypot-ams-1 sshd[5262]: Invalid user centos from 179.60.147.69 port 60012","@timestamp":"2022-09-18T07:30:53.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:35:55 honeypot-ams-1 sshd[5268]: Received disconnect from 61.177.172.108 port 63669:11:  [preauth]","@timestamp":"2022-09-18T07:35:56.453Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:37:45 honeypot-fra-1 sshd[27132]: Connection closed by invalid user mysql 193.106.191.157 port 34396 [preauth]","@timestamp":"2022-09-18T07:37:46.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:39:31 honeypot-ams-1 sshd[5274]: Disconnected from authenticating user root 134.122.123.117 port 55164 [preauth]","@timestamp":"2022-09-18T07:39:32.546Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:48:36 honeypot-ams-1 kernel: [84363896.716850] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43552 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:48:37.783Z"}
{"@timestamp":"2022-09-18T07:48:57.020Z","@version":"1","message":"Sep 18 07:48:56 honeypot-sgp-1 sshd[30166]: Received disconnect from 45.61.186.249 port 59224:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:18.030Z","@version":"1","message":"Sep 18 07:49:17 honeypot-sgp-1 sshd[30170]: Received disconnect from 45.61.186.249 port 54820:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:36.038Z","@version":"1","message":"Sep 18 07:49:35 honeypot-sgp-1 sshd[30174]: Received disconnect from 45.61.186.249 port 50422:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:55.049Z","@version":"1","message":"Sep 18 07:49:54 honeypot-sgp-1 sshd[30178]: Received disconnect from 45.61.186.249 port 46020:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:54:38 honeypot-fra-1 sshd[27138]: Connection reset by 92.255.85.70 port 31318 [preauth]","@timestamp":"2022-09-18T07:54:39.211Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:58:14.247Z","@version":"1","message":"Sep 18 07:58:14 honeypot-sgp-1 sshd[30182]: Received disconnect from 165.227.160.124 port 49184:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:59:21 honeypot-ams-1 kernel: [84364541.457909] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=16094 PROTO=TCP SPT=45694 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:59:22.067Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:03:28 honeypot-fra-1 sshd[27145]: Received disconnect from 164.90.194.36 port 47030:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:03:29.412Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:03:42.379Z","@version":"1","message":"Sep 18 08:03:42 honeypot-sgp-1 kernel: [84364325.325948] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=51725 PROTO=TCP SPT=45694 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:05:08 honeypot-ams-1 kernel: [84364887.922391] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.203.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50250 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:05:08.223Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:11:31 honeypot-fra-1 sshd[27150]: Invalid user linlzx from 165.22.45.108 port 59898","@timestamp":"2022-09-18T08:11:31.597Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:17:01 honeypot-ams-1 CRON[5309]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T08:17:02.569Z"}
{"@timestamp":"2022-09-18T08:17:01.696Z","@version":"1","message":"Sep 18 08:17:01 honeypot-sgp-1 CRON[30196]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:18:01 honeypot-fra-1 sshd[27174]: Received disconnect from 142.93.58.181 port 47274:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:18:02.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:27:22 honeypot-fra-1 sshd[27179]: Invalid user xq from 137.116.144.39 port 59604","@timestamp":"2022-09-18T08:27:22.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:27:56 honeypot-ams-1 sshd[5322]: Invalid user admin from 64.225.65.224 port 55150","@timestamp":"2022-09-18T08:27:56.859Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:28:47 honeypot-ams-1 kernel: [84366307.331265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.37.217.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=47967 PROTO=TCP SPT=45691 DPT=443 WINDOW=57889 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:28:47.885Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:29:01 honeypot-fra-1 sshd[27183]: Disconnected from invalid user tjn 176.102.38.41 port 58464 [preauth]","@timestamp":"2022-09-18T08:29:01.996Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:29:45.999Z","@version":"1","message":"Sep 18 08:29:45 honeypot-sgp-1 sshd[30220]: Received disconnect from 163.177.9.151 port 46274:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:33:03.079Z","@version":"1","message":"Sep 18 08:33:02 honeypot-sgp-1 sshd[30223]: Disconnected from invalid user apache 180.228.243.235 port 27683 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:38:47 honeypot-ams-1 kernel: [84366906.907668] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.155.216.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=39130 PROTO=TCP SPT=9084 DPT=80 WINDOW=26464 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:38:47.165Z"}
{"@timestamp":"2022-09-18T08:41:53.291Z","@version":"1","message":"Sep 18 08:41:53 honeypot-sgp-1 sshd[30229]: Disconnected from invalid user user 45.61.186.249 port 45528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:13.301Z","@version":"1","message":"Sep 18 08:42:12 honeypot-sgp-1 sshd[30233]: Disconnected from invalid user user 45.61.186.249 port 41056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:31.310Z","@version":"1","message":"Sep 18 08:42:31 honeypot-sgp-1 sshd[30237]: Disconnected from invalid user user 45.61.186.249 port 36590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:50.319Z","@version":"1","message":"Sep 18 08:42:49 honeypot-sgp-1 sshd[30241]: Disconnected from invalid user user 45.61.186.249 port 60360 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:42:58 honeypot-fra-1 sshd[27636]: Invalid user admin from 92.255.85.70 port 27136","@timestamp":"2022-09-18T08:42:58.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:46:19.403Z","@version":"1","message":"Sep 18 08:46:18 honeypot-sgp-1 sshd[30244]: Invalid user admin from 92.255.85.70 port 42356","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:49:10 honeypot-ams-1 sshd[5363]: Received disconnect from 157.230.6.213 port 35998:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:49:11.437Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:53:32 honeypot-ams-1 sshd[5370]: Disconnected from authenticating user root 61.177.172.90 port 38819 [preauth]","@timestamp":"2022-09-18T08:53:32.552Z"}
{"@timestamp":"2022-09-18T08:55:21.621Z","@version":"1","message":"Sep 18 08:55:20 honeypot-sgp-1 kernel: [84367423.830732] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=5131 PROTO=TCP SPT=43247 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:55:44 honeypot-ams-1 sshd[5376]: Received disconnect from 115.88.38.58 port 48024:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:55:44.611Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:58:34 honeypot-ams-1 kernel: [84368094.270308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.237.30.168 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=49973 PROTO=TCP SPT=19369 DPT=80 WINDOW=41336 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:58:34.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:00:51 honeypot-fra-1 kernel: [84366059.482695] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17067 PROTO=TCP SPT=51603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:00:51.712Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:13 honeypot-fra-1 sshd[27646]: Received disconnect from 45.61.186.249 port 54380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:01:14.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:32 honeypot-fra-1 sshd[27650]: Invalid user user from 45.61.186.249 port 49372","@timestamp":"2022-09-18T09:01:33.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:43 honeypot-fra-1 sshd[27652]: Disconnected from invalid user user 45.61.186.249 port 60986 [preauth]","@timestamp":"2022-09-18T09:01:43.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:02:01 honeypot-fra-1 sshd[27656]: Disconnected from invalid user user 45.61.186.249 port 55972 [preauth]","@timestamp":"2022-09-18T09:02:02.775Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:03:07.806Z","@version":"1","message":"Sep 18 09:03:07 honeypot-sgp-1 sshd[30251]: Received disconnect from 80.229.18.62 port 56694:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:16 honeypot-ams-1 sshd[5387]: Disconnected from authenticating user root 149.74.230.97 port 52509 [preauth]","@timestamp":"2022-09-18T09:03:16.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:18 honeypot-ams-1 sshd[5393]: Received disconnect from 149.74.230.97 port 52565:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:18.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:19 honeypot-ams-1 sshd[5399]: Received disconnect from 149.74.230.97 port 52627:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:19.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:20 honeypot-ams-1 sshd[5405]: Received disconnect from 149.74.230.97 port 52675:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:20.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:22 honeypot-ams-1 sshd[5411]: Received disconnect from 149.74.230.97 port 52730:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:22.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:23 honeypot-ams-1 sshd[5417]: Received disconnect from 149.74.230.97 port 52775:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:24.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:25 honeypot-ams-1 sshd[5423]: Received disconnect from 149.74.230.97 port 52823:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:25.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:26 honeypot-ams-1 sshd[5429]: Received disconnect from 149.74.230.97 port 52873:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:26.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:28 honeypot-ams-1 sshd[5435]: Received disconnect from 149.74.230.97 port 52928:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:28.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:29 honeypot-ams-1 sshd[5441]: Received disconnect from 149.74.230.97 port 52986:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:29.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:30 honeypot-ams-1 sshd[5447]: Received disconnect from 149.74.230.97 port 53037:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:31.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:32 honeypot-ams-1 sshd[5453]: Received disconnect from 149.74.230.97 port 53085:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:32.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:33 honeypot-ams-1 sshd[5457]: Disconnected from invalid user admin 149.74.230.97 port 53111 [preauth]","@timestamp":"2022-09-18T09:03:33.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:34 honeypot-ams-1 sshd[5461]: Disconnected from invalid user admin 149.74.230.97 port 53148 [preauth]","@timestamp":"2022-09-18T09:03:34.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:35 honeypot-ams-1 sshd[5466]: Disconnected from invalid user admin 149.74.230.97 port 53182 [preauth]","@timestamp":"2022-09-18T09:03:35.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:36 honeypot-ams-1 sshd[5470]: Disconnected from invalid user admin 149.74.230.97 port 53217 [preauth]","@timestamp":"2022-09-18T09:03:36.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:36 honeypot-ams-1 sshd[5474]: Disconnected from invalid user admin 149.74.230.97 port 53238 [preauth]","@timestamp":"2022-09-18T09:03:37.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:37 honeypot-ams-1 sshd[5478]: Disconnected from invalid user user 149.74.230.97 port 53275 [preauth]","@timestamp":"2022-09-18T09:03:37.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:39 honeypot-ams-1 sshd[5484]: Received disconnect from 149.74.230.97 port 53328:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:39.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:40 honeypot-ams-1 sshd[5488]: Received disconnect from 149.74.230.97 port 53357:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:40.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:41 honeypot-ams-1 sshd[5492]: Received disconnect from 149.74.230.97 port 53403:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:41.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:42 honeypot-ams-1 sshd[5496]: Received disconnect from 149.74.230.97 port 53454:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:42.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:43 honeypot-ams-1 sshd[5500]: Received disconnect from 149.74.230.97 port 53478:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:43.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:44 honeypot-ams-1 sshd[5504]: Received disconnect from 149.74.230.97 port 53508:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:44.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5508]: Received disconnect from 149.74.230.97 port 53552:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:45.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:46 honeypot-ams-1 sshd[5512]: Received disconnect from 149.74.230.97 port 53583:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:46.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:47 honeypot-ams-1 sshd[5516]: Received disconnect from 149.74.230.97 port 53610:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:47.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:48 honeypot-ams-1 sshd[5520]: Received disconnect from 149.74.230.97 port 53646:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:48.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:49 honeypot-ams-1 sshd[5524]: Received disconnect from 149.74.230.97 port 53675:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:49.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:04:36 honeypot-fra-1 sshd[27660]: Disconnected from invalid user weicheng 178.128.61.21 port 38728 [preauth]","@timestamp":"2022-09-18T09:04:37.838Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:07:59.936Z","@version":"1","message":"Sep 18 09:07:59 honeypot-sgp-1 sshd[30256]: Received disconnect from 88.147.254.66 port 53974:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:40 honeypot-fra-1 sshd[27670]: Received disconnect from 45.61.187.160 port 34274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:11:41.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:57 honeypot-fra-1 sshd[27674]: Received disconnect from 45.61.187.160 port 57240:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:11:58.007Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:12 honeypot-fra-1 sshd[27678]: Received disconnect from 45.61.187.160 port 51966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:12:13.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:27 honeypot-fra-1 sshd[27682]: Received disconnect from 45.61.187.160 port 46686:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:12:28.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:13:18.068Z","@version":"1","message":"Sep 18 09:13:17 honeypot-sgp-1 kernel: [84368500.819825] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.68.252.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=52982 PROTO=TCP SPT=52396 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:13:31 honeypot-ams-1 sshd[5535]: Invalid user mysql from 193.106.191.157 port 34894","@timestamp":"2022-09-18T09:13:32.102Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:15:49 honeypot-fra-1 sshd[27686]: Disconnected from invalid user user 45.61.184.204 port 47072 [preauth]","@timestamp":"2022-09-18T09:15:50.100Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:09 honeypot-fra-1 sshd[27698]: Received disconnect from 45.61.184.204 port 42556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:16:10.110Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:16:13.137Z","@version":"1","message":"Sep 18 09:16:12 honeypot-sgp-1 sshd[30262]: Invalid user test from 179.60.147.69 port 31446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:30 honeypot-fra-1 sshd[27702]: Received disconnect from 45.61.184.204 port 37960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:16:30.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:49 honeypot-fra-1 sshd[27706]: Received disconnect from 45.61.184.204 port 33398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:16:50.140Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:17:01 honeypot-ams-1 CRON[5540]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T09:17:02.199Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:18:24 honeypot-fra-1 kernel: [84367112.113604] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=36974 PROTO=TCP SPT=26518 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:18:25.181Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:19:52 honeypot-ams-1 kernel: [84369372.125665] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=35749 PROTO=TCP SPT=58438 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:19:52.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:21:14 honeypot-ams-1 sshd[5548]: Connection closed by invalid user test2 103.188.176.251 port 43876 [preauth]","@timestamp":"2022-09-18T09:21:14.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:00 honeypot-ams-1 sshd[5557]: Received disconnect from 190.226.244.9 port 35746:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:25:01.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:15 honeypot-fra-1 sshd[27720]: Invalid user test2 from 103.188.176.251 port 54688","@timestamp":"2022-09-18T09:25:16.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:36 honeypot-ams-1 sshd[5562]: Invalid user user from 45.61.187.160 port 43798","@timestamp":"2022-09-18T09:25:36.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:46 honeypot-fra-1 sshd[27725]: Received disconnect from 45.61.187.160 port 37592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:25:47.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:53 honeypot-ams-1 sshd[5566]: Invalid user user from 45.61.187.160 port 38476","@timestamp":"2022-09-18T09:25:54.451Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:02 honeypot-fra-1 sshd[27729]: Received disconnect from 45.61.187.160 port 60510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:26:03.361Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:26:03.372Z","@version":"1","message":"Sep 18 09:26:03 honeypot-sgp-1 sshd[30700]: Disconnected from invalid user operator 175.170.149.29 port 27881 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:10 honeypot-ams-1 sshd[5570]: Invalid user user from 45.61.187.160 port 33132","@timestamp":"2022-09-18T09:26:10.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:19 honeypot-fra-1 sshd[27733]: Received disconnect from 45.61.187.160 port 55170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:26:20.369Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:25 honeypot-ams-1 sshd[5574]: Invalid user user from 45.61.187.160 port 56040","@timestamp":"2022-09-18T09:26:26.469Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:28:24 honeypot-ams-1 sshd[5578]: Invalid user mattl from 206.217.131.233 port 42204","@timestamp":"2022-09-18T09:28:25.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:28:56 honeypot-ams-1 sshd[5582]: Disconnected from invalid user guest 165.22.62.203 port 54180 [preauth]","@timestamp":"2022-09-18T09:28:56.538Z"}
{"@timestamp":"2022-09-18T09:29:59.468Z","@version":"1","message":"Sep 18 09:29:59 honeypot-sgp-1 kernel: [84369502.584302] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=74.82.47.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46386 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:31:05 honeypot-ams-1 sshd[5587]: Disconnected from authenticating user root 61.177.173.51 port 21010 [preauth]","@timestamp":"2022-09-18T09:31:06.599Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:31:19 honeypot-fra-1 kernel: [84367887.590140] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.175.130.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55199 PROTO=TCP SPT=52924 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:31:20.482Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T09:33:14.548Z","@version":"1","message":"Sep 18 09:33:14 honeypot-sgp-1 sshd[30709]: Disconnected from invalid user test 5.196.68.38 port 55152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:27 honeypot-fra-1 sshd[27741]: Received disconnect from 45.61.186.249 port 57908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:33:28.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:49 honeypot-fra-1 sshd[27748]: Received disconnect from 45.61.186.249 port 53084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:33:49.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:58 honeypot-fra-1 sshd[27750]: Disconnected from invalid user user 45.61.186.249 port 36550 [preauth]","@timestamp":"2022-09-18T09:33:59.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:13 honeypot-fra-1 sshd[27754]: Disconnected from invalid user linuxacademy 165.22.45.108 port 37178 [preauth]","@timestamp":"2022-09-18T09:34:14.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:24 honeypot-fra-1 sshd[27760]: Disconnected from invalid user user 45.61.186.249 port 43426 [preauth]","@timestamp":"2022-09-18T09:34:25.560Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:38:14 honeypot-fra-1 sshd[27764]: Connection closed by 167.248.133.61 port 45700 [preauth]","@timestamp":"2022-09-18T09:38:14.648Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:40:58 honeypot-ams-1 sshd[5597]: Disconnected from authenticating user root 218.92.0.221 port 54094 [preauth]","@timestamp":"2022-09-18T09:40:58.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:42:41 honeypot-fra-1 sshd[27769]: Connection closed by invalid user admin 141.98.10.158 port 46208 [preauth]","@timestamp":"2022-09-18T09:42:41.748Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:45:49 honeypot-ams-1 sshd[5604]: Disconnected from authenticating user root 61.177.172.98 port 47857 [preauth]","@timestamp":"2022-09-18T09:45:50.007Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:47:43 honeypot-fra-1 sshd[27776]: Disconnected from authenticating user root 43.242.247.141 port 49912 [preauth]","@timestamp":"2022-09-18T09:47:43.862Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:49:47.941Z","@version":"1","message":"Sep 18 09:49:47 honeypot-sgp-1 sshd[30720]: Invalid user ubnt from 189.213.210.132 port 36309","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:18 honeypot-fra-1 sshd[27781]: Received disconnect from 45.61.184.204 port 36432:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:50:18.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:39 honeypot-fra-1 sshd[27785]: Received disconnect from 45.61.184.204 port 59988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:50:39.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:59 honeypot-fra-1 sshd[27789]: Received disconnect from 45.61.184.204 port 55326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:50:59.942Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:51:08.975Z","@version":"1","message":"Sep 18 09:51:08 honeypot-sgp-1 sshd[30725]: Received disconnect from 46.101.29.76 port 48318:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:51:15 honeypot-fra-1 sshd[27793]: Received disconnect from 45.61.184.204 port 50658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:51:15.950Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:54:14 honeypot-ams-1 sshd[5611]: Received disconnect from 161.35.113.79 port 33976:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:54:14.232Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:55:35 honeypot-ams-1 sshd[5615]: Connection closed by invalid user admin 179.60.147.69 port 10690 [preauth]","@timestamp":"2022-09-18T09:55:35.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27800]: Invalid user ubuntu from 140.246.118.203 port 41922","@timestamp":"2022-09-18T09:55:51.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27800]: Connection closed by invalid user ubuntu 140.246.118.203 port 41922 [preauth]","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:55 honeypot-fra-1 sshd[27815]: Invalid user pi from 140.246.118.203 port 41924","@timestamp":"2022-09-18T09:55:56.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:59:14.169Z","@version":"1","message":"Sep 18 09:59:13 honeypot-sgp-1 kernel: [84371256.351855] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37049 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:01:07 honeypot-fra-1 kernel: [84369674.849973] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=48744 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:01:08.177Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:03:29.273Z","@version":"1","message":"Sep 18 10:03:28 honeypot-sgp-1 sshd[30733]: Disconnected from invalid user online-shopping 143.198.8.62 port 43352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:04:12 honeypot-ams-1 sshd[5624]: Invalid user  from 64.62.197.152 port 6506","@timestamp":"2022-09-18T10:04:13.496Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:11:48 honeypot-fra-1 sshd[27822]: Received disconnect from 92.255.85.69 port 33722:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:11:49.419Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:14:57 honeypot-fra-1 sshd[27828]: Invalid user hadoop from 154.61.75.68 port 37090","@timestamp":"2022-09-18T10:14:58.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:17:01 honeypot-ams-1 CRON[5630]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T10:17:01.830Z"}
{"@timestamp":"2022-09-18T10:19:10.643Z","@version":"1","message":"Sep 18 10:19:10 honeypot-sgp-1 sshd[30740]: Disconnected from invalid user fz 147.182.170.143 port 55804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:20:13 honeypot-fra-1 kernel: [84370821.361603] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.105 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51902 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-18T10:20:14.611Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:21:50.708Z","@version":"1","message":"Sep 18 10:21:50 honeypot-sgp-1 sshd[30744]: Disconnected from invalid user redis 104.225.146.77 port 53276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:24:40.783Z","@version":"1","message":"Sep 18 10:24:39 honeypot-sgp-1 sshd[30749]: Connection closed by invalid user admin 221.158.195.111 port 42797 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:37 honeypot-fra-1 sshd[27837]: Disconnected from authenticating user root 179.86.94.249 port 5851 [preauth]","@timestamp":"2022-09-18T10:25:37.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:42 honeypot-fra-1 sshd[27843]: Received disconnect from 179.86.94.249 port 5854:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:43.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:48 honeypot-fra-1 sshd[27849]: Received disconnect from 179.86.94.249 port 5857:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:48.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:54 honeypot-fra-1 sshd[27855]: Received disconnect from 179.86.94.249 port 5860:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:54.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:59 honeypot-fra-1 sshd[27861]: Received disconnect from 179.86.94.249 port 5863:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:00.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:05 honeypot-fra-1 sshd[27867]: Received disconnect from 179.86.94.249 port 5866:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:05.747Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:11 honeypot-fra-1 sshd[27873]: Received disconnect from 179.86.94.249 port 5869:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:11.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:14 honeypot-fra-1 sshd[27877]: Disconnected from authenticating user root 179.86.94.249 port 5871 [preauth]","@timestamp":"2022-09-18T10:26:15.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:20 honeypot-fra-1 sshd[27883]: Disconnected from authenticating user root 179.86.94.249 port 5874 [preauth]","@timestamp":"2022-09-18T10:26:20.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:26 honeypot-fra-1 sshd[27889]: Disconnected from authenticating user root 179.86.94.249 port 5877 [preauth]","@timestamp":"2022-09-18T10:26:26.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:31 honeypot-fra-1 sshd[27895]: Disconnected from authenticating user root 179.86.94.249 port 5880 [preauth]","@timestamp":"2022-09-18T10:26:31.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:37 honeypot-fra-1 sshd[27901]: Disconnected from authenticating user root 179.86.94.249 port 5883 [preauth]","@timestamp":"2022-09-18T10:26:37.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:42 honeypot-fra-1 sshd[27907]: Received disconnect from 179.86.94.249 port 5886:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:43.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:46 honeypot-fra-1 sshd[27911]: Received disconnect from 179.86.94.249 port 5888:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:46.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:50 honeypot-fra-1 sshd[27915]: Received disconnect from 179.86.94.249 port 5890:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:50.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:54 honeypot-fra-1 sshd[27919]: Received disconnect from 179.86.94.249 port 5892:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:54.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:58 honeypot-fra-1 sshd[27923]: Received disconnect from 179.86.94.249 port 5894:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:58.777Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:01 honeypot-fra-1 sshd[27927]: Received disconnect from 179.86.94.249 port 5896:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:01.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:07 honeypot-fra-1 sshd[27933]: Invalid user pi from 179.86.94.249 port 5899","@timestamp":"2022-09-18T10:27:07.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:10 honeypot-fra-1 kernel: [84371237.812945] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.106.11.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=22669 DF PROTO=TCP SPT=49586 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:27:10.785Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:13 honeypot-fra-1 sshd[27939]: Disconnected from invalid user ethos 179.86.94.249 port 5902 [preauth]","@timestamp":"2022-09-18T10:27:13.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:16 honeypot-fra-1 sshd[27943]: Disconnected from invalid user miner 179.86.94.249 port 5904 [preauth]","@timestamp":"2022-09-18T10:27:16.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:20 honeypot-fra-1 sshd[27947]: Disconnected from invalid user volumio 179.86.94.249 port 5906 [preauth]","@timestamp":"2022-09-18T10:27:20.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:24 honeypot-fra-1 sshd[27951]: Disconnected from invalid user nagios 179.86.94.249 port 5908 [preauth]","@timestamp":"2022-09-18T10:27:24.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:27 honeypot-fra-1 sshd[27955]: Disconnected from invalid user vagrant 179.86.94.249 port 5910 [preauth]","@timestamp":"2022-09-18T10:27:28.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:31 honeypot-fra-1 sshd[27959]: Disconnected from invalid user debian 179.86.94.249 port 5912 [preauth]","@timestamp":"2022-09-18T10:27:31.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:35 honeypot-fra-1 sshd[27963]: Disconnected from invalid user debian 179.86.94.249 port 5914 [preauth]","@timestamp":"2022-09-18T10:27:35.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:39 honeypot-fra-1 sshd[27967]: Disconnected from invalid user alarm 179.86.94.249 port 5850 [preauth]","@timestamp":"2022-09-18T10:27:39.805Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:42 honeypot-fra-1 sshd[27971]: Disconnected from invalid user test 179.86.94.249 port 5852 [preauth]","@timestamp":"2022-09-18T10:27:43.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:46 honeypot-fra-1 sshd[27975]: Disconnected from invalid user cirros 179.86.94.249 port 5854 [preauth]","@timestamp":"2022-09-18T10:27:46.809Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:28:45.884Z","@version":"1","message":"Sep 18 10:28:45 honeypot-sgp-1 sshd[30756]: Invalid user centos from 179.60.147.69 port 1322","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:32:05 honeypot-ams-1 sshd[5637]: Invalid user centos from 179.60.147.69 port 64106","@timestamp":"2022-09-18T10:32:06.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:34:29 honeypot-ams-1 sshd[5639]: Invalid user sftp from 115.178.76.24 port 34984","@timestamp":"2022-09-18T10:34:29.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:35:19 honeypot-ams-1 sshd[5643]: Received disconnect from 128.199.103.79 port 33520:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:35:19.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:37:41 honeypot-fra-1 kernel: [84371869.489670] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=46621 PROTO=TCP SPT=52659 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:37:42.054Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:42:39.222Z","@version":"1","message":"Sep 18 10:42:38 honeypot-sgp-1 sshd[30759]: Invalid user admin from 178.128.125.205 port 51578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:42:39.222Z","@version":"1","message":"Sep 18 10:42:38 honeypot-sgp-1 sshd[30765]: Invalid user admin from 178.128.125.205 port 51602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:08 honeypot-ams-1 sshd[5648]: Invalid user monitor from 179.218.198.83 port 43191","@timestamp":"2022-09-18T10:43:09.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:46:06 honeypot-ams-1 sshd[5652]: Received disconnect from 2.36.249.18 port 45284:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:46:06.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:56:53 honeypot-fra-1 sshd[27982]: Disconnected from invalid user linux 165.22.45.108 port 42700 [preauth]","@timestamp":"2022-09-18T10:56:53.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:59:24 honeypot-fra-1 sshd[27986]: Did not receive identification string from 45.61.184.204 port 34926","@timestamp":"2022-09-18T10:59:24.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:03 honeypot-fra-1 sshd[27991]: Received disconnect from 45.61.184.204 port 54482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:00:04.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:22 honeypot-fra-1 sshd[27996]: Invalid user user from 45.61.184.204 port 49510","@timestamp":"2022-09-18T11:00:22.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:39 honeypot-fra-1 sshd[28000]: Invalid user user from 45.61.184.204 port 44532","@timestamp":"2022-09-18T11:00:39.574Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:01:56 honeypot-ams-1 kernel: [84375496.226538] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.155 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=52921 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:01:57.043Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:02:33 honeypot-fra-1 kernel: [84373360.748194] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=50259 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:02:33.619Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T11:04:47.755Z","@version":"1","message":"Sep 18 11:04:47 honeypot-sgp-1 sshd[30769]: Invalid user user from 179.60.147.69 port 54336","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:09:27 honeypot-ams-1 sshd[5666]: Did not receive identification string from 104.152.52.233 port 59346","@timestamp":"2022-09-18T11:09:28.246Z"}
{"@timestamp":"2022-09-18T11:11:16.930Z","@version":"1","message":"Sep 18 11:11:16 honeypot-sgp-1 kernel: [84375579.219665] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30195 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:12:31 honeypot-ams-1 sshd[5667]: Invalid user mysql from 193.106.191.157 port 55984","@timestamp":"2022-09-18T11:12:31.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:17:01 honeypot-fra-1 CRON[28008]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T11:17:01.947Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:20:12 honeypot-ams-1 sshd[5673]: Connection reset by 179.92.216.168 port 60744 [preauth]","@timestamp":"2022-09-18T11:20:13.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:23:27 honeypot-ams-1 sshd[5678]: Invalid user ftpuser from 189.7.129.60 port 33318","@timestamp":"2022-09-18T11:23:27.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:25:19 honeypot-fra-1 sshd[28014]: Received disconnect from 188.166.70.184 port 43464:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:25:20.138Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:29:49 honeypot-ams-1 kernel: [84377168.905714] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.15.253.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=39864 DF PROTO=TCP SPT=1462 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:29:49.157Z"}
{"@timestamp":"2022-09-18T11:30:09.401Z","@version":"1","message":"Sep 18 11:30:08 honeypot-sgp-1 sshd[30779]: Received disconnect from 73.203.127.7 port 51952:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T11:35:18.528Z","@version":"1","message":"Sep 18 11:35:17 honeypot-sgp-1 sshd[30783]: Disconnected from invalid user phuket 122.55.75.198 port 27533 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:35:33 honeypot-fra-1 sshd[28020]: Invalid user mysql from 193.106.191.157 port 44118","@timestamp":"2022-09-18T11:35:33.364Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:37:14 honeypot-ams-1 kernel: [84377614.467662] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.156.91.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=57090 PROTO=TCP SPT=40673 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:37:15.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:41:54 honeypot-ams-1 sshd[5689]: Invalid user user from 45.61.186.249 port 52672","@timestamp":"2022-09-18T11:41:55.482Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:42:09 honeypot-ams-1 kernel: [84377909.503215] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=3659 PROTO=TCP SPT=53330 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:42:10.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:22 honeypot-ams-1 sshd[5696]: Disconnected from invalid user admin 87.245.184.58 port 53430 [preauth]","@timestamp":"2022-09-18T11:42:23.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:25 honeypot-ams-1 sshd[5700]: Disconnected from invalid user cs 190.202.124.93 port 44416 [preauth]","@timestamp":"2022-09-18T11:42:25.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:43 honeypot-ams-1 sshd[5704]: Disconnected from invalid user user 45.61.186.249 port 54520 [preauth]","@timestamp":"2022-09-18T11:42:43.509Z"}
{"@timestamp":"2022-09-18T11:42:57.713Z","@version":"1","message":"Sep 18 11:42:57 honeypot-sgp-1 sshd[30791]: Disconnected from authenticating user root 187.35.147.87 port 51730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:43:12 honeypot-fra-1 sshd[28028]: Disconnected from authenticating user root 129.146.242.59 port 38892 [preauth]","@timestamp":"2022-09-18T11:43:13.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:44:32 honeypot-ams-1 kernel: [84378052.297198] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=33197 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:44:32.561Z"}
{"@timestamp":"2022-09-18T11:47:57.838Z","@version":"1","message":"Sep 18 11:47:57 honeypot-sgp-1 kernel: [84377780.554281] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=56273 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:47:59 honeypot-fra-1 sshd[28035]: Received disconnect from 138.68.58.138 port 56134:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:47:59.648Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:48:34 honeypot-ams-1 sshd[5713]: Disconnected from invalid user mc 34.75.26.147 port 38640 [preauth]","@timestamp":"2022-09-18T11:48:34.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:50:55 honeypot-ams-1 sshd[5719]: Did not receive identification string from 134.209.155.186 port 61000","@timestamp":"2022-09-18T11:50:56.739Z"}
{"@timestamp":"2022-09-18T11:52:22.947Z","@version":"1","message":"Sep 18 11:52:22 honeypot-sgp-1 kernel: [84378045.835923] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=39.105.193.109 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=57044 PROTO=TCP SPT=47771 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:52:55 honeypot-fra-1 sshd[28042]: Connection closed by invalid user user1 103.188.176.251 port 51830 [preauth]","@timestamp":"2022-09-18T11:52:55.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:44 honeypot-fra-1 sshd[28047]: Received disconnect from 45.61.186.169 port 60684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:53:44.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:01 honeypot-fra-1 sshd[28051]: Received disconnect from 45.61.186.169 port 55342:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:54:01.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:17 honeypot-fra-1 sshd[28055]: Received disconnect from 45.61.186.169 port 49988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:54:17.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:58:44 honeypot-fra-1 kernel: [84376732.216481] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=32887 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:58:44.902Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:01:06 honeypot-ams-1 sshd[5721]: Disconnected from invalid user prueba 92.255.85.70 port 49272 [preauth]","@timestamp":"2022-09-18T12:01:07.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:04 honeypot-ams-1 sshd[5727]: Received disconnect from 45.61.187.160 port 53964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:06:04.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:21 honeypot-ams-1 sshd[5731]: Received disconnect from 45.61.187.160 port 48654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:06:21.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:37 honeypot-ams-1 sshd[5735]: Received disconnect from 45.61.187.160 port 43352:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:06:38.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:47 honeypot-ams-1 sshd[5739]: Received disconnect from 67.205.165.12 port 57282:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:06:48.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:10:33 honeypot-ams-1 sshd[5744]: Invalid user jkg from 59.98.83.57 port 58586","@timestamp":"2022-09-18T12:10:33.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:11:27 honeypot-fra-1 kernel: [84377494.890708] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=53910 PROTO=TCP SPT=42404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:11:28.194Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T12:11:59.425Z","@version":"1","message":"Sep 18 12:11:58 honeypot-sgp-1 sshd[30801]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 39061","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:14:14 honeypot-ams-1 kernel: [84379834.222689] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45399 PROTO=TCP SPT=42404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:14:15.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:17:20 honeypot-ams-1 sshd[5754]: Did not receive identification string from 45.61.186.249 port 56868","@timestamp":"2022-09-18T12:17:21.449Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:12 honeypot-ams-1 sshd[5757]: Disconnected from invalid user user 45.61.186.249 port 35388 [preauth]","@timestamp":"2022-09-18T12:18:13.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:30 honeypot-ams-1 sshd[5761]: Disconnected from invalid user user 45.61.186.249 port 58714 [preauth]","@timestamp":"2022-09-18T12:18:30.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:18:34 honeypot-fra-1 sshd[28066]: Received disconnect from 165.22.45.108 port 48190:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:18:35.357Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:48 honeypot-ams-1 sshd[5765]: Disconnected from invalid user user 45.61.186.249 port 53806 [preauth]","@timestamp":"2022-09-18T12:18:49.493Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:05 honeypot-ams-1 sshd[5783]: Invalid user admin from 130.193.40.11 port 52586","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5793]: Invalid user chia from 130.193.40.11 port 52704","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5777]: Connection closed by invalid user es 130.193.40.11 port 52644 [preauth]","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5774]: Invalid user www from 130.193.40.11 port 52676","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5782]: Invalid user test from 130.193.40.11 port 52678","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5772]: Invalid user es from 130.193.40.11 port 52594","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5774]: Connection closed by invalid user www 130.193.40.11 port 52676 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5794]: Connection closed by invalid user mysql 130.193.40.11 port 52684 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5831]: Connection closed by authenticating user root 130.193.40.11 port 52702 [preauth]","@timestamp":"2022-09-18T12:20:08.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:09 honeypot-ams-1 sshd[5821]: Connection closed by authenticating user root 130.193.40.11 port 52672 [preauth]","@timestamp":"2022-09-18T12:20:09.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:21:38 honeypot-ams-1 sshd[5842]: Invalid user marvel from 213.27.189.252 port 53302","@timestamp":"2022-09-18T12:21:38.570Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:25:39 honeypot-fra-1 sshd[28069]: Disconnected from authenticating user root 143.244.158.100 port 42330 [preauth]","@timestamp":"2022-09-18T12:25:39.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:27:28.803Z","@version":"1","message":"Sep 18 12:27:28 honeypot-sgp-1 kernel: [84380151.217458] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.213 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56016 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:28:17 honeypot-fra-1 sshd[28076]: Disconnected from authenticating user root 143.244.158.100 port 47682 [preauth]","@timestamp":"2022-09-18T12:28:17.581Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:29:30 honeypot-ams-1 kernel: [84380749.965737] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=50369 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:29:30.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:29:58 honeypot-fra-1 sshd[28082]: Disconnected from authenticating user root 143.244.158.100 port 49976 [preauth]","@timestamp":"2022-09-18T12:29:58.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:32:33 honeypot-fra-1 sshd[28089]: Disconnected from authenticating user root 143.244.158.100 port 41852 [preauth]","@timestamp":"2022-09-18T12:32:33.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:34:12 honeypot-fra-1 sshd[28093]: Disconnected from authenticating user root 143.244.158.100 port 45918 [preauth]","@timestamp":"2022-09-18T12:34:12.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:36:42 honeypot-fra-1 sshd[28100]: Disconnected from authenticating user root 143.244.158.100 port 55860 [preauth]","@timestamp":"2022-09-18T12:36:43.784Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:38:09 honeypot-ams-1 sshd[5850]: Received disconnect from 104.248.153.95 port 46226:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:38:10.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:19 honeypot-fra-1 sshd[28108]: Received disconnect from 143.244.158.100 port 54498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:39:19.847Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:31 honeypot-fra-1 sshd[28114]: Invalid user admin from 137.184.48.78 port 34032","@timestamp":"2022-09-18T12:39:31.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:40:10 honeypot-fra-1 sshd[28118]: Disconnected from authenticating user root 143.244.158.100 port 42932 [preauth]","@timestamp":"2022-09-18T12:40:11.870Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:41:24.142Z","@version":"1","message":"Sep 18 12:41:23 honeypot-sgp-1 sshd[30814]: Received disconnect from 51.83.45.72 port 54968:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:42:33 honeypot-fra-1 sshd[28125]: Received disconnect from 92.255.85.70 port 47874:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:42:33.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:42:49.178Z","@version":"1","message":"Sep 18 12:42:48 honeypot-sgp-1 sshd[30820]: Disconnected from invalid user 12345 92.255.85.69 port 56914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:42:57 honeypot-ams-1 sshd[5857]: Received disconnect from 80.68.7.179 port 53526:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:42:58.143Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:44:25 honeypot-fra-1 sshd[28131]: Received disconnect from 143.244.158.100 port 48130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:44:25.981Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:44:31.222Z","@version":"1","message":"Sep 18 12:44:30 honeypot-sgp-1 sshd[30824]: Received disconnect from 52.140.206.1 port 1024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:46:55 honeypot-fra-1 sshd[28139]: Received disconnect from 143.244.158.100 port 48048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:46:56.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:49:38 honeypot-fra-1 sshd[28145]: Received disconnect from 143.244.158.100 port 35840:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:49:39.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:51:24 honeypot-fra-1 sshd[28149]: Received disconnect from 143.244.158.100 port 42986:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:51:25.148Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:51:43.399Z","@version":"1","message":"Sep 18 12:51:43 honeypot-sgp-1 sshd[30830]: Disconnected from authenticating user root 69.49.244.103 port 56424 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:53:57 honeypot-fra-1 sshd[28156]: Received disconnect from 143.244.158.100 port 43838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:53:58.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:55:44 honeypot-fra-1 sshd[28162]: Did not receive identification string from 202.143.111.26 port 49923","@timestamp":"2022-09-18T12:55:44.259Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:57:11.535Z","@version":"1","message":"Sep 18 12:57:11 honeypot-sgp-1 kernel: [84381933.948461] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.151.215 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=46115 DF PROTO=TCP SPT=43476 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:14 honeypot-fra-1 sshd[28168]: Disconnected from authenticating user root 143.244.158.100 port 42934 [preauth]","@timestamp":"2022-09-18T12:58:15.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:56 honeypot-fra-1 sshd[28173]: Invalid user user from 45.61.184.204 port 44754","@timestamp":"2022-09-18T12:58:57.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:06 honeypot-fra-1 sshd[28177]: Received disconnect from 45.61.184.204 port 56314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:59:07.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:25 honeypot-fra-1 sshd[28181]: Received disconnect from 45.61.184.204 port 51236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:59:25.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:42 honeypot-fra-1 sshd[28187]: Invalid user user from 45.61.184.204 port 46144","@timestamp":"2022-09-18T12:59:43.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:49 honeypot-fra-1 sshd[28189]: Disconnected from invalid user ubuntu 164.92.183.3 port 55012 [preauth]","@timestamp":"2022-09-18T12:59:50.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:01:18 honeypot-fra-1 sshd[28195]: Received disconnect from 143.198.60.41 port 57712:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:01:19.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:02:29 honeypot-fra-1 sshd[28200]: Disconnected from authenticating user root 143.244.158.100 port 32858 [preauth]","@timestamp":"2022-09-18T13:02:30.460Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:04:17 honeypot-fra-1 sshd[28206]: Disconnected from authenticating user root 143.244.158.100 port 57502 [preauth]","@timestamp":"2022-09-18T13:04:17.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:05:16 honeypot-fra-1 sshd[28210]: Disconnected from invalid user suporte 185.243.218.76 port 49798 [preauth]","@timestamp":"2022-09-18T13:05:17.535Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:06:07 honeypot-ams-1 kernel: [84382947.695695] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=9769 PROTO=TCP SPT=44863 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:06:08.758Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:07:40 honeypot-fra-1 sshd[28218]: Received disconnect from 143.244.158.100 port 34754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:07:40.593Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T13:08:16.823Z","@version":"1","message":"Sep 18 13:08:16 honeypot-sgp-1 kernel: [84382599.288658] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=120.48.123.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=10967 PROTO=TCP SPT=56808 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:08:56 honeypot-fra-1 sshd[28224]: Received disconnect from 159.89.197.1 port 51896:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:08:57.626Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:10:17 honeypot-fra-1 sshd[28230]: Received disconnect from 143.244.158.100 port 53802:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:10:17.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:12:35 honeypot-fra-1 kernel: [84381162.631391] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=43700 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:12:35.735Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:16:59 honeypot-fra-1 sshd[28241]: Received disconnect from 159.223.22.132 port 56428:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:16:59.838Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:20:19 honeypot-ams-1 kernel: [84383798.981241] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.228.44.86 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=62539 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:20:20.135Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:25:32 honeypot-fra-1 sshd[28247]: Received disconnect from 92.255.85.70 port 49920:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:25:33.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T13:28:08.299Z","@version":"1","message":"Sep 18 13:28:07 honeypot-sgp-1 sshd[30846]: Invalid user guest from 92.255.85.70 port 16756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:29:16 honeypot-ams-1 kernel: [84384336.560813] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.48.122.52 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=44 ID=10988 PROTO=TCP SPT=64947 DPT=80 WINDOW=49803 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:29:17.376Z"}
{"@timestamp":"2022-09-18T13:29:43.339Z","@version":"1","message":"Sep 18 13:29:43 honeypot-sgp-1 sshd[30850]: Received disconnect from 20.54.73.159 port 47200:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:35:34.483Z","@version":"1","message":"Sep 18 13:35:34 honeypot-sgp-1 kernel: [84384237.251004] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51653 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:35:40 honeypot-ams-1 sshd[5883]: Received disconnect from 92.255.85.69 port 60770:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:35:41.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:41:42 honeypot-fra-1 sshd[28253]: Invalid user lirm from 165.22.45.108 port 53712","@timestamp":"2022-09-18T13:41:42.400Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:46:22 honeypot-ams-1 kernel: [84385361.881552] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=219.245.135.166 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=819 DF PROTO=TCP SPT=52124 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:46:22.832Z"}
{"@timestamp":"2022-09-18T13:48:08.787Z","@version":"1","message":"Sep 18 13:48:08 honeypot-sgp-1 sshd[30860]: Bad protocol version identification 'GET / HTTP/1.1' from 143.198.136.88 port 54732","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:21.794Z","@version":"1","message":"Sep 18 13:48:21 honeypot-sgp-1 sshd[30866]: Connection closed by invalid user admin 210.146.173.28 port 60964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:42.804Z","@version":"1","message":"Sep 18 13:48:42 honeypot-sgp-1 sshd[30870]: Disconnected from invalid user user 45.61.186.249 port 60650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:01.814Z","@version":"1","message":"Sep 18 13:49:01 honeypot-sgp-1 sshd[30874]: Disconnected from invalid user user 45.61.186.249 port 55810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:19.822Z","@version":"1","message":"Sep 18 13:49:19 honeypot-sgp-1 sshd[30878]: Disconnected from invalid user user 45.61.186.249 port 50966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:03.870Z","@version":"1","message":"Sep 18 13:51:02 honeypot-sgp-1 sshd[30882]: Did not receive identification string from 45.61.186.249 port 37420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:24.882Z","@version":"1","message":"Sep 18 13:51:24 honeypot-sgp-1 sshd[30885]: Disconnected from invalid user user 45.61.186.249 port 58158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:51:29 honeypot-ams-1 kernel: [84385669.040887] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.99.137.144 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=23735 DF PROTO=TCP SPT=2120 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:51:29.969Z"}
{"@timestamp":"2022-09-18T13:51:42.890Z","@version":"1","message":"Sep 18 13:51:42 honeypot-sgp-1 sshd[30890]: Disconnected from invalid user user 45.61.186.249 port 52798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:52:00.900Z","@version":"1","message":"Sep 18 13:52:00 honeypot-sgp-1 sshd[30894]: Received disconnect from 45.61.186.249 port 47438:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:53:18 honeypot-ams-1 sshd[5898]: Received disconnect from 188.166.53.188 port 41970:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:53:19.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:54:30 honeypot-ams-1 sshd[5902]: Received disconnect from 189.29.171.10 port 55288:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:54:31.057Z"}
{"@timestamp":"2022-09-18T13:55:26.984Z","@version":"1","message":"Sep 18 13:55:26 honeypot-sgp-1 sshd[30899]: Received disconnect from 203.125.29.136 port 49976:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:01:06 honeypot-ams-1 sshd[5907]: Disconnected from invalid user uxt 190.104.146.136 port 60163 [preauth]","@timestamp":"2022-09-18T14:01:07.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:04:11 honeypot-fra-1 sshd[28257]: Invalid user admin from 220.111.163.229 port 51805","@timestamp":"2022-09-18T14:04:11.906Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:04:26.202Z","@version":"1","message":"Sep 18 14:04:26 honeypot-sgp-1 sshd[30903]: Disconnecting invalid user  31.184.198.71 port 5732: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:01.221Z","@version":"1","message":"Sep 18 14:05:00 honeypot-sgp-1 sshd[30909]: Disconnecting invalid user  31.184.198.71 port 44768: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:30.235Z","@version":"1","message":"Sep 18 14:05:29 honeypot-sgp-1 sshd[30915]: Disconnecting invalid user admin 31.184.198.71 port 27060: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:01.252Z","@version":"1","message":"Sep 18 14:06:00 honeypot-sgp-1 sshd[30922]: Invalid user manager from 31.184.198.71 port 53359","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:33.269Z","@version":"1","message":"Sep 18 14:06:32 honeypot-sgp-1 sshd[30928]: Disconnecting invalid user 1234 31.184.198.71 port 15763: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:54.281Z","@version":"1","message":"Sep 18 14:06:54 honeypot-sgp-1 sshd[30934]: Disconnecting invalid user  31.184.198.71 port 50818: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:32.300Z","@version":"1","message":"Sep 18 14:07:32 honeypot-sgp-1 sshd[30942]: Invalid user blank from 31.184.198.71 port 34307","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:58.313Z","@version":"1","message":"Sep 18 14:07:57 honeypot-sgp-1 sshd[30948]: Invalid user 1234 from 31.184.198.71 port 39972","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:22.326Z","@version":"1","message":"Sep 18 14:08:21 honeypot-sgp-1 sshd[30954]: Invalid user Cisco from 31.184.198.71 port 9117","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:55.343Z","@version":"1","message":"Sep 18 14:08:55 honeypot-sgp-1 sshd[30960]: Invalid user 1234 from 31.184.198.71 port 30799","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:25.358Z","@version":"1","message":"Sep 18 14:09:24 honeypot-sgp-1 sshd[30967]: Disconnecting invalid user  31.184.198.71 port 26559: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:50.372Z","@version":"1","message":"Sep 18 14:09:50 honeypot-sgp-1 sshd[30973]: Disconnecting invalid user admin 31.184.198.71 port 15058: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:18.387Z","@version":"1","message":"Sep 18 14:10:17 honeypot-sgp-1 sshd[30979]: Disconnecting invalid user  31.184.198.71 port 4474: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:36.397Z","@version":"1","message":"Sep 18 14:10:35 honeypot-sgp-1 sshd[30985]: Disconnecting invalid user default 31.184.198.71 port 57709: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:00.409Z","@version":"1","message":"Sep 18 14:11:00 honeypot-sgp-1 sshd[30991]: Disconnecting invalid user Administrator 31.184.198.71 port 44631: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:27.424Z","@version":"1","message":"Sep 18 14:11:26 honeypot-sgp-1 sshd[30997]: Disconnecting invalid user admin 31.184.198.71 port 47397: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:06.444Z","@version":"1","message":"Sep 18 14:12:05 honeypot-sgp-1 sshd[31003]: Disconnecting invalid user comcast 31.184.198.71 port 49734: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:12:16 honeypot-fra-1 sshd[28262]: Received disconnect from 92.255.85.69 port 48812:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:12:17.090Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:12:30.456Z","@version":"1","message":"Sep 18 14:12:30 honeypot-sgp-1 sshd[31009]: Disconnecting invalid user admin1234 31.184.198.71 port 5771: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:00.471Z","@version":"1","message":"Sep 18 14:13:00 honeypot-sgp-1 sshd[31015]: Disconnecting invalid user admin 31.184.198.71 port 28720: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:28.485Z","@version":"1","message":"Sep 18 14:13:27 honeypot-sgp-1 sshd[31021]: Disconnecting invalid user blank 31.184.198.71 port 6865: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:03.505Z","@version":"1","message":"Sep 18 14:14:03 honeypot-sgp-1 sshd[31029]: Invalid user 0 from 31.184.198.71 port 6922","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:29.518Z","@version":"1","message":"Sep 18 14:14:29 honeypot-sgp-1 sshd[31036]: Invalid user roqos from 31.184.198.71 port 55616","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:14:53 honeypot-ams-1 kernel: [84387072.904004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.187.205.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=5147 PROTO=TCP SPT=55603 DPT=80 WINDOW=52003 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:14:53.606Z"}
{"@timestamp":"2022-09-18T14:14:56.532Z","@version":"1","message":"Sep 18 14:14:55 honeypot-sgp-1 sshd[31042]: Invalid user sitecom from 31.184.198.71 port 6644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:26.547Z","@version":"1","message":"Sep 18 14:15:26 honeypot-sgp-1 sshd[31048]: Invalid user admin from 31.184.198.71 port 42029","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:45.557Z","@version":"1","message":"Sep 18 14:15:44 honeypot-sgp-1 sshd[31054]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 48987","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:04.569Z","@version":"1","message":"Sep 18 14:16:04 honeypot-sgp-1 sshd[31059]: Disconnecting invalid user  31.184.198.71 port 31534: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:29.606Z","@version":"1","message":"Sep 18 14:16:29 honeypot-sgp-1 sshd[31065]: Disconnecting invalid user public 31.184.198.71 port 10699: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:01.623Z","@version":"1","message":"Sep 18 14:17:01 honeypot-sgp-1 CRON[31073]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:29.636Z","@version":"1","message":"Sep 18 14:17:28 honeypot-sgp-1 sshd[31080]: Invalid user amdin from 31.184.198.71 port 35669","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:17:43 honeypot-fra-1 kernel: [84385070.661292] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=5873 PROTO=TCP SPT=21345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:17:44.214Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:17:57.651Z","@version":"1","message":"Sep 18 14:17:57 honeypot-sgp-1 sshd[31087]: Invalid user admin from 31.184.198.71 port 32779","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:29.667Z","@version":"1","message":"Sep 18 14:18:29 honeypot-sgp-1 sshd[31093]: Invalid user admin from 31.184.198.71 port 29414","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:19:00.683Z","@version":"1","message":"Sep 18 14:19:00 honeypot-sgp-1 sshd[31099]: Invalid user 1admin0 from 31.184.198.71 port 14124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:20:04.711Z","@version":"1","message":"Sep 18 14:20:04 honeypot-sgp-1 sshd[31104]: Disconnected from invalid user silvano 116.92.213.114 port 34314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:22:05 honeypot-fra-1 sshd[28275]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:22:05.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:23:14 honeypot-ams-1 sshd[5919]: Received disconnect from 92.255.85.69 port 50980:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:23:14.830Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:23:44 honeypot-fra-1 kernel: [84385431.426702] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:23:45.356Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:26:25 honeypot-fra-1 kernel: [84385592.769464] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:26:26.422Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:31:32 honeypot-fra-1 sshd[28285]: Invalid user ovo from 103.141.149.29 port 37286","@timestamp":"2022-09-18T14:31:33.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:32:43 honeypot-fra-1 kernel: [84385970.471476] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=59085 PROTO=TCP SPT=48441 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:32:43.570Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:33:12 honeypot-ams-1 kernel: [84388171.978396] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.77.96.135 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=29895 DF PROTO=TCP SPT=56673 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:13.094Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:35:49 honeypot-fra-1 kernel: [84386156.599621] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:35:49.644Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:38:47 honeypot-fra-1 kernel: [84386334.639239] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.33 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30820 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:38:47.715Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:41:10 honeypot-fra-1 sshd[28297]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:41:11.774Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:41:37.238Z","@version":"1","message":"Sep 18 14:41:36 honeypot-sgp-1 sshd[31112]: Invalid user test from 103.188.176.251 port 50478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:42:12 honeypot-fra-1 sshd[28301]: Disconnected from invalid user admin 45.191.91.45 port 40394 [preauth]","@timestamp":"2022-09-18T14:42:12.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:43:00 honeypot-fra-1 kernel: [84386587.646344] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:43:00.823Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:43:23 honeypot-ams-1 sshd[5926]: Received disconnect from 97.74.82.38 port 44212:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:43:24.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:44:54 honeypot-fra-1 sshd[28307]: Disconnected from invalid user test 192.227.174.167 port 38494 [preauth]","@timestamp":"2022-09-18T14:44:54.866Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:45:26 honeypot-ams-1 sshd[5931]: Received disconnect from 123.30.249.49 port 37202:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:45:27.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:45:57 honeypot-fra-1 kernel: [84386764.503457] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.227.134.67 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=42679 PROTO=TCP SPT=49709 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:45:57.894Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:46:35 honeypot-ams-1 sshd[5934]: Disconnected from authenticating user root 79.62.236.130 port 58176 [preauth]","@timestamp":"2022-09-18T14:46:35.453Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:10 honeypot-fra-1 sshd[28313]: Invalid user user from 45.61.187.160 port 37896","@timestamp":"2022-09-18T14:48:10.947Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:24 honeypot-fra-1 kernel: [84386911.596326] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61368 PROTO=TCP SPT=52381 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:48:24.953Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:40 honeypot-fra-1 sshd[28319]: Disconnected from invalid user user 45.61.187.160 port 44058 [preauth]","@timestamp":"2022-09-18T14:48:40.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:58 honeypot-fra-1 sshd[28323]: Disconnected from invalid user user 45.61.187.160 port 38694 [preauth]","@timestamp":"2022-09-18T14:48:58.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:49:11 honeypot-fra-1 sshd[28327]: Disconnected from invalid user gmod 190.104.25.215 port 56756 [preauth]","@timestamp":"2022-09-18T14:49:11.997Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:49:12 honeypot-ams-1 sshd[5940]: Invalid user www from 161.35.127.34 port 51208","@timestamp":"2022-09-18T14:49:13.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:51:28 honeypot-ams-1 sshd[5945]: Invalid user anushach from 177.12.2.53 port 33572","@timestamp":"2022-09-18T14:51:29.587Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:52:19 honeypot-fra-1 kernel: [84387146.138676] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:52:20.072Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:55:06 honeypot-fra-1 kernel: [84387313.377236] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:55:07.139Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:55:36 honeypot-ams-1 sshd[5947]: Disconnected from invalid user ines 103.248.25.99 port 48568 [preauth]","@timestamp":"2022-09-18T14:55:36.696Z"}
{"@timestamp":"2022-09-18T14:55:41.581Z","@version":"1","message":"Sep 18 14:55:40 honeypot-sgp-1 sshd[31118]: Received disconnect from 123.30.187.208 port 55794:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:57:56.636Z","@version":"1","message":"Sep 18 14:57:56 honeypot-sgp-1 sshd[31122]: Disconnected from invalid user mdpi 211.252.84.224 port 46850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:58:55 honeypot-fra-1 sshd[28336]: Connection closed by invalid user mysql 193.106.191.157 port 58058 [preauth]","@timestamp":"2022-09-18T14:58:56.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:00:18 honeypot-fra-1 sshd[28341]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T15:00:19.282Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:01:16.718Z","@version":"1","message":"Sep 18 15:01:16 honeypot-sgp-1 sshd[31127]: Disconnected from invalid user ei 60.10.160.73 port 39887 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:01:59 honeypot-fra-1 kernel: [84387726.432529] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:02:00.326Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:03:41 honeypot-fra-1 sshd[28346]: Disconnected from invalid user lishunyao 165.22.45.108 port 59204 [preauth]","@timestamp":"2022-09-18T15:03:42.366Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:04:38 honeypot-ams-1 sshd[5953]: Received disconnect from 185.127.16.234 port 51080:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:04:38.942Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:04:56 honeypot-fra-1 kernel: [84387902.990465] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:04:56.400Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T15:08:14.885Z","@version":"1","message":"Sep 18 15:08:14 honeypot-sgp-1 kernel: [84389797.484177] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=20038 DF PROTO=TCP SPT=37344 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:09:39 honeypot-ams-1 sshd[5958]: Invalid user ubnt from 92.255.85.70 port 37076","@timestamp":"2022-09-18T15:09:40.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:47 honeypot-fra-1 sshd[28352]: Received disconnect from 45.61.186.169 port 34642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:09:48.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:06 honeypot-fra-1 sshd[28357]: Received disconnect from 45.61.186.169 port 57722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:10:07.521Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:23 honeypot-fra-1 sshd[28361]: Received disconnect from 45.61.186.169 port 52576:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:10:24.530Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:11:33 honeypot-ams-1 sshd[5962]: Received disconnect from 67.207.94.180 port 46294:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:11:34.135Z"}
{"@timestamp":"2022-09-18T15:17:02.101Z","@version":"1","message":"Sep 18 15:17:01 honeypot-sgp-1 CRON[31133]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:17:01 honeypot-ams-1 CRON[5968]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T15:17:02.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:17:01 honeypot-fra-1 CRON[28366]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T15:17:02.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28373]: Invalid user es from 103.90.177.102 port 40964","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28374]: Connection closed by invalid user hadoop 103.90.177.102 port 40970 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28381]: Connection closed by invalid user www 103.90.177.102 port 40974 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:21:06 honeypot-ams-1 sshd[5974]: Disconnected from authenticating user root 125.209.85.186 port 42972 [preauth]","@timestamp":"2022-09-18T15:21:07.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:23:49 honeypot-ams-1 sshd[5978]: Received disconnect from 139.59.233.124 port 51736:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:23:49.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:32 honeypot-ams-1 sshd[5983]: Invalid user user from 45.61.186.49 port 53262","@timestamp":"2022-09-18T15:24:32.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:45 honeypot-ams-1 sshd[5987]: Invalid user user from 45.61.186.49 port 37226","@timestamp":"2022-09-18T15:24:45.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:24:52 honeypot-fra-1 sshd[28396]: Invalid user admin from 185.149.120.23 port 33640","@timestamp":"2022-09-18T15:24:52.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:26:23 honeypot-ams-1 sshd[5992]: Invalid user mysql from 193.106.191.157 port 52166","@timestamp":"2022-09-18T15:26:23.533Z"}
{"@timestamp":"2022-09-18T15:27:12.346Z","@version":"1","message":"Sep 18 15:27:11 honeypot-sgp-1 sshd[31139]: Disconnected from authenticating user root 167.99.243.12 port 36104 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:27:30 honeypot-fra-1 sshd[28401]: Received disconnect from 128.199.42.242 port 58164:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:27:30.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:28:37.383Z","@version":"1","message":"Sep 18 15:28:36 honeypot-sgp-1 sshd[31145]: Received disconnect from 135.125.107.159 port 49154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:30:33 honeypot-fra-1 sshd[28405]: Disconnected from authenticating user root 13.72.86.172 port 35680 [preauth]","@timestamp":"2022-09-18T15:30:33.985Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:31:30 honeypot-fra-1 sshd[28409]: Disconnected from invalid user lapin 221.140.2.233 port 43784 [preauth]","@timestamp":"2022-09-18T15:31:31.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:32:50 honeypot-ams-1 kernel: [84391750.493398] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.23 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=52163 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:32:51.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:36:14 honeypot-fra-1 kernel: [84389781.462678] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.172.166.5 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=44545 DF PROTO=TCP SPT=36868 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:36:15.117Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:39:31 honeypot-fra-1 sshd[28420]: Invalid user admin from 167.172.58.10 port 44752","@timestamp":"2022-09-18T15:39:32.208Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:39:50 honeypot-ams-1 sshd[6001]: Invalid user user from 45.61.187.160 port 51172","@timestamp":"2022-09-18T15:39:50.891Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:00 honeypot-ams-1 sshd[6003]: Disconnected from invalid user user 45.61.187.160 port 34618 [preauth]","@timestamp":"2022-09-18T15:40:00.897Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:18 honeypot-ams-1 sshd[6007]: Disconnected from invalid user user 45.61.187.160 port 58010 [preauth]","@timestamp":"2022-09-18T15:40:18.905Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:35 honeypot-ams-1 sshd[6011]: Disconnected from invalid user user 45.61.187.160 port 53132 [preauth]","@timestamp":"2022-09-18T15:40:35.913Z"}
{"@timestamp":"2022-09-18T15:43:16.730Z","@version":"1","message":"Sep 18 15:43:16 honeypot-sgp-1 kernel: [84391899.107624] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.172.166.5 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=32619 DF PROTO=TCP SPT=55268 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:45:42.792Z","@version":"1","message":"Sep 18 15:45:42 honeypot-sgp-1 sshd[31154]: Received disconnect from 45.61.186.169 port 46338:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:00.800Z","@version":"1","message":"Sep 18 15:46:00 honeypot-sgp-1 sshd[31158]: Received disconnect from 45.61.186.169 port 41366:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:17.810Z","@version":"1","message":"Sep 18 15:46:17 honeypot-sgp-1 sshd[31162]: Received disconnect from 45.61.186.169 port 36342:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:33.817Z","@version":"1","message":"Sep 18 15:46:33 honeypot-sgp-1 sshd[31166]: Received disconnect from 45.61.186.169 port 59580:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:49:52 honeypot-fra-1 kernel: [84390599.395043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18477 PROTO=TCP SPT=52057 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:49:53.436Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:51:04 honeypot-ams-1 kernel: [84392843.717281] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=51774 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:51:04.185Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28438]: Invalid user devops from 45.127.108.132 port 45326","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28455]: Invalid user zabbix from 45.127.108.132 port 61893","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28445]: Invalid user steam from 45.127.108.132 port 3555","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28441]: Invalid user mysql from 45.127.108.132 port 23512","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28434]: Connection closed by invalid user admin 45.127.108.132 port 34742 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28431]: Connection closed by invalid user mysql 45.127.108.132 port 49839 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28448]: Connection closed by invalid user postgres 45.127.108.132 port 56057 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28452]: Connection closed by authenticating user root 45.127.108.132 port 19470 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:41 honeypot-fra-1 kernel: [84391008.327675] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=222.80.76.212 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=37678 PROTO=TCP SPT=56560 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:56:41.591Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T15:57:35.077Z","@version":"1","message":"Sep 18 15:57:35 honeypot-sgp-1 sshd[31172]: Received disconnect from 5.191.253.21 port 52712:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:58:54 honeypot-ams-1 sshd[6019]: Disconnected from authenticating user root 13.70.39.68 port 55736 [preauth]","@timestamp":"2022-09-18T15:58:54.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:01:54 honeypot-ams-1 sshd[6024]: Disconnected from invalid user johnny 190.64.68.178 port 4704 [preauth]","@timestamp":"2022-09-18T16:01:54.476Z"}
{"@timestamp":"2022-09-18T16:08:36.339Z","@version":"1","message":"Sep 18 16:08:36 honeypot-sgp-1 sshd[31179]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:26.361Z","@version":"1","message":"Sep 18 16:09:25 honeypot-sgp-1 sshd[31183]: Disconnected from invalid user user 45.61.187.160 port 44972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:45.370Z","@version":"1","message":"Sep 18 16:09:44 honeypot-sgp-1 sshd[31187]: Disconnected from invalid user user 45.61.187.160 port 40428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:10:05.380Z","@version":"1","message":"Sep 18 16:10:04 honeypot-sgp-1 sshd[31191]: Disconnected from invalid user user 45.61.187.160 port 35886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:12 honeypot-ams-1 sshd[6032]: Disconnected from authenticating user root 182.117.131.146 port 33412 [preauth]","@timestamp":"2022-09-18T16:10:13.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:20 honeypot-ams-1 sshd[6038]: Received disconnect from 182.117.131.146 port 33924:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:21.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:23 honeypot-ams-1 sshd[6042]: Disconnected from authenticating user root 182.117.131.146 port 34000 [preauth]","@timestamp":"2022-09-18T16:10:23.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:32 honeypot-ams-1 sshd[6048]: Disconnected from authenticating user root 182.117.131.146 port 34586 [preauth]","@timestamp":"2022-09-18T16:10:32.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:40 honeypot-ams-1 sshd[6054]: Disconnected from authenticating user root 182.117.131.146 port 35094 [preauth]","@timestamp":"2022-09-18T16:10:40.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:49 honeypot-ams-1 sshd[6060]: Disconnected from authenticating user root 182.117.131.146 port 35630 [preauth]","@timestamp":"2022-09-18T16:10:49.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:56 honeypot-ams-1 sshd[6066]: Disconnected from authenticating user root 182.117.131.146 port 36106 [preauth]","@timestamp":"2022-09-18T16:10:57.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:05 honeypot-ams-1 sshd[6072]: Disconnected from authenticating user root 182.117.131.146 port 36638 [preauth]","@timestamp":"2022-09-18T16:11:06.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:14 honeypot-ams-1 sshd[6078]: Disconnected from authenticating user root 182.117.131.146 port 37002 [preauth]","@timestamp":"2022-09-18T16:11:15.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:24 honeypot-ams-1 sshd[6084]: Disconnected from authenticating user root 182.117.131.146 port 37600 [preauth]","@timestamp":"2022-09-18T16:11:24.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:31 honeypot-ams-1 sshd[6090]: Disconnected from authenticating user root 182.117.131.146 port 38124 [preauth]","@timestamp":"2022-09-18T16:11:32.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:40 honeypot-ams-1 sshd[6096]: Disconnected from authenticating user root 182.117.131.146 port 38630 [preauth]","@timestamp":"2022-09-18T16:11:40.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:48 honeypot-ams-1 sshd[6102]: Disconnected from authenticating user root 182.117.131.146 port 39184 [preauth]","@timestamp":"2022-09-18T16:11:49.748Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:54 honeypot-ams-1 sshd[6106]: Disconnected from invalid user admin 182.117.131.146 port 39476 [preauth]","@timestamp":"2022-09-18T16:11:54.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:59 honeypot-ams-1 sshd[6110]: Disconnected from invalid user admin 182.117.131.146 port 39844 [preauth]","@timestamp":"2022-09-18T16:12:00.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:07 honeypot-ams-1 sshd[6114]: Disconnected from invalid user admin 182.117.131.146 port 40262 [preauth]","@timestamp":"2022-09-18T16:12:08.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:13 honeypot-ams-1 sshd[6118]: Disconnected from invalid user admin 182.117.131.146 port 40604 [preauth]","@timestamp":"2022-09-18T16:12:13.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:20 honeypot-ams-1 sshd[6122]: Disconnected from invalid user admin 182.117.131.146 port 41048 [preauth]","@timestamp":"2022-09-18T16:12:20.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:32 honeypot-ams-1 sshd[6128]: Received disconnect from 182.117.131.146 port 41708:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:32.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:37 honeypot-ams-1 sshd[6132]: Received disconnect from 182.117.131.146 port 42122:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:37.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:42 honeypot-ams-1 sshd[6136]: Received disconnect from 182.117.131.146 port 42418:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:43.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:49 honeypot-ams-1 sshd[6140]: Received disconnect from 182.117.131.146 port 42864:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:49.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:56 honeypot-ams-1 sshd[6144]: Received disconnect from 182.117.131.146 port 43128:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:56.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:02 honeypot-ams-1 sshd[6148]: Received disconnect from 182.117.131.146 port 43612:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:02.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:08 honeypot-ams-1 sshd[6152]: Received disconnect from 182.117.131.146 port 43964:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:08.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:13 honeypot-ams-1 sshd[6156]: Received disconnect from 182.117.131.146 port 44212:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:13.799Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:13:15 honeypot-fra-1 sshd[28497]: Disconnected from authenticating user root 61.177.172.104 port 40129 [preauth]","@timestamp":"2022-09-18T16:13:15.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:19 honeypot-ams-1 sshd[6160]: Received disconnect from 182.117.131.146 port 44608:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:19.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:26 honeypot-ams-1 sshd[6164]: Received disconnect from 182.117.131.146 port 44906:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:27.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:32 honeypot-ams-1 sshd[6168]: Received disconnect from 182.117.131.146 port 45350:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:32.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:38 honeypot-ams-1 sshd[6172]: Received disconnect from 182.117.131.146 port 45696:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:38.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:14:56 honeypot-ams-1 sshd[6178]: Received disconnect from 203.147.62.94 port 50532:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:14:56.850Z"}
{"@timestamp":"2022-09-18T16:17:01.550Z","@version":"1","message":"Sep 18 16:17:01 honeypot-sgp-1 CRON[31200]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:17:35 honeypot-ams-1 kernel: [84394434.672755] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58640 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:17:35.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:22:53 honeypot-fra-1 sshd[28505]: Connection closed by invalid user steam 141.98.10.158 port 39682 [preauth]","@timestamp":"2022-09-18T16:22:54.205Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T16:24:33.735Z","@version":"1","message":"Sep 18 16:24:32 honeypot-sgp-1 sshd[31207]: Received disconnect from 61.177.173.51 port 14544:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:25:06 honeypot-fra-1 sshd[28513]: Invalid user admin from 58.182.93.100 port 35593","@timestamp":"2022-09-18T16:25:07.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:26:55 honeypot-fra-1 sshd[28521]: Received disconnect from 61.177.172.114 port 40172:11:  [preauth]","@timestamp":"2022-09-18T16:26:56.299Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:28:04 honeypot-ams-1 sshd[6190]: Received disconnect from 143.244.158.100 port 53416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:28:05.212Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:29:53 honeypot-ams-1 sshd[6194]: Disconnected from authenticating user root 143.244.158.100 port 53480 [preauth]","@timestamp":"2022-09-18T16:29:54.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:31:52 honeypot-fra-1 kernel: [84393118.818565] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=113.131.200.10 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=27954 PROTO=TCP SPT=48011 DPT=80 WINDOW=7439 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:31:52.410Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:32:25 honeypot-ams-1 sshd[6200]: Disconnected from authenticating user root 143.244.158.100 port 51250 [preauth]","@timestamp":"2022-09-18T16:32:26.331Z"}
{"@timestamp":"2022-09-18T16:33:53.960Z","@version":"1","message":"Sep 18 16:33:53 honeypot-sgp-1 sshd[31212]: Disconnected from invalid user admin 92.255.85.69 port 31786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:35:02 honeypot-ams-1 sshd[6209]: Received disconnect from 143.244.158.100 port 35330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:35:02.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:37:35 honeypot-ams-1 sshd[6215]: Received disconnect from 143.244.158.100 port 47194:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:37:35.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:38:17 honeypot-fra-1 sshd[28531]: Received disconnect from 45.120.216.114 port 57090:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:38:17.556Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:39:16 honeypot-ams-1 sshd[6220]: Disconnected from authenticating user root 143.244.158.100 port 33600 [preauth]","@timestamp":"2022-09-18T16:39:16.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:41:01 honeypot-ams-1 sshd[6226]: Received disconnect from 92.255.85.70 port 52112:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:41:02.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:41:11 honeypot-fra-1 kernel: [84393677.880578] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=44467 PROTO=TCP SPT=59185 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:41:11.624Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:41:56 honeypot-ams-1 sshd[6230]: Disconnected from authenticating user root 143.244.158.100 port 45994 [preauth]","@timestamp":"2022-09-18T16:41:57.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:43:40 honeypot-ams-1 sshd[6237]: Disconnected from authenticating user root 143.244.158.100 port 57330 [preauth]","@timestamp":"2022-09-18T16:43:40.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:26 honeypot-ams-1 sshd[6244]: Received disconnect from 143.244.158.100 port 45692:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:46:27.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:38 honeypot-ams-1 sshd[6248]: Received disconnect from 45.61.184.204 port 39248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:46:39.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:58 honeypot-ams-1 sshd[6252]: Received disconnect from 45.61.184.204 port 34450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:46:58.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:16 honeypot-ams-1 sshd[6256]: Received disconnect from 45.61.184.204 port 57880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:47:16.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:27 honeypot-ams-1 sshd[6260]: Disconnected from authenticating user root 143.244.158.100 port 51498 [preauth]","@timestamp":"2022-09-18T16:47:27.730Z"}
{"@timestamp":"2022-09-18T16:48:58.324Z","@version":"1","message":"Sep 18 16:48:57 honeypot-sgp-1 kernel: [84395840.528618] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=24882 PROTO=TCP SPT=59605 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28544]: Did not receive identification string from 139.59.152.202 port 39792","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28565]: Invalid user guest from 139.59.152.202 port 44032","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28559]: Invalid user pi from 139.59.152.202 port 44016","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28563]: Invalid user spark from 139.59.152.202 port 44026","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28557]: Connection closed by authenticating user root 139.59.152.202 port 44010 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28561]: Connection closed by invalid user testuser 139.59.152.202 port 44022 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28548]: Connection closed by invalid user guest 139.59.152.202 port 43994 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:50:06 honeypot-ams-1 sshd[6267]: Disconnected from authenticating user root 143.244.158.100 port 58836 [preauth]","@timestamp":"2022-09-18T16:50:06.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:50 honeypot-ams-1 sshd[6272]: Disconnected from invalid user user 45.61.186.249 port 43048 [preauth]","@timestamp":"2022-09-18T16:51:50.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:08 honeypot-ams-1 sshd[6278]: Invalid user user from 45.61.186.249 port 38274","@timestamp":"2022-09-18T16:52:08.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:26 honeypot-ams-1 sshd[6282]: Invalid user user from 45.61.186.249 port 33482","@timestamp":"2022-09-18T16:52:26.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:43 honeypot-ams-1 sshd[6286]: Invalid user user from 45.61.186.249 port 56912","@timestamp":"2022-09-18T16:52:43.880Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:53:42 honeypot-ams-1 sshd[6290]: Disconnected from authenticating user root 143.244.158.100 port 44022 [preauth]","@timestamp":"2022-09-18T16:53:42.908Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:55:26 honeypot-fra-1 sshd[28594]: Received disconnect from 61.177.173.46 port 12818:11:  [preauth]","@timestamp":"2022-09-18T16:55:26.964Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:55:29 honeypot-ams-1 sshd[6297]: Received disconnect from 143.244.158.100 port 44392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:55:29.958Z"}
{"@timestamp":"2022-09-18T16:56:48.512Z","@version":"1","message":"Sep 18 16:56:47 honeypot-sgp-1 sshd[31234]: Received disconnect from 61.177.173.36 port 17100:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:57:50.540Z","@version":"1","message":"Sep 18 16:57:49 honeypot-sgp-1 sshd[31238]: Received disconnect from 61.177.173.50 port 33410:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:58:17 honeypot-ams-1 kernel: [84396876.834998] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.98 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38348 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:58:18.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:00:15 honeypot-ams-1 sshd[6308]: Disconnected from authenticating user root 143.244.158.100 port 59754 [preauth]","@timestamp":"2022-09-18T17:00:16.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:02:58 honeypot-fra-1 sshd[28601]: Connection reset by 61.177.172.19 port 34902 [preauth]","@timestamp":"2022-09-18T17:02:59.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:02:58 honeypot-ams-1 sshd[6314]: Disconnected from authenticating user root 143.244.158.100 port 44634 [preauth]","@timestamp":"2022-09-18T17:02:59.165Z"}
{"@timestamp":"2022-09-18T17:05:42.731Z","@version":"1","message":"Sep 18 17:05:41 honeypot-sgp-1 sshd[31246]: Received disconnect from 61.177.173.51 port 40859:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:05:44 honeypot-ams-1 sshd[6321]: Received disconnect from 143.244.158.100 port 45086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:05:45.243Z"}
{"@timestamp":"2022-09-18T17:06:20.747Z","@version":"1","message":"Sep 18 17:06:19 honeypot-sgp-1 sshd[31250]: Invalid user dev from 103.188.176.251 port 56404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:06:53 honeypot-fra-1 sshd[28607]: Received disconnect from 20.87.45.109 port 56450:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:06:54.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:08:03 honeypot-fra-1 sshd[28614]: Invalid user kx from 45.183.192.14 port 54074","@timestamp":"2022-09-18T17:08:03.252Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:08:23 honeypot-ams-1 sshd[6327]: Received disconnect from 143.244.158.100 port 54374:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:08:23.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:10:09 honeypot-ams-1 sshd[6334]: Received disconnect from 143.244.158.100 port 54640:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:10:10.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:11:18 honeypot-ams-1 sshd[6341]: Invalid user postgres from 193.106.191.157 port 34694","@timestamp":"2022-09-18T17:11:19.400Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:13:02 honeypot-fra-1 kernel: [84395588.701043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=41149 PROTO=TCP SPT=48045 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:13:02.365Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T17:13:04.908Z","@version":"1","message":"Sep 18 17:13:04 honeypot-sgp-1 sshd[31257]: Disconnected from 61.177.173.35 port 34849 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:13:40 honeypot-ams-1 sshd[6347]: Received disconnect from 143.244.158.100 port 49866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:13:41.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28644]: Invalid user michael from 24.213.148.68 port 37974","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28647]: Invalid user chia from 24.213.148.68 port 38002","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28627]: Invalid user testuser from 24.213.148.68 port 37970","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28656]: Invalid user testuser from 24.213.148.68 port 38024","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28639]: Connection closed by authenticating user root 24.213.148.68 port 37986 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28644]: Connection closed by invalid user michael 24.213.148.68 port 37974 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28640]: Connection closed by invalid user deploy 24.213.148.68 port 37998 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28659]: Connection closed by invalid user steam 24.213.148.68 port 38008 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28653]: Invalid user steam from 24.213.148.68 port 38010","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28654]: Connection closed by invalid user test 24.213.148.68 port 37964 [preauth]","@timestamp":"2022-09-18T17:16:15.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:17:02.004Z","@version":"1","message":"Sep 18 17:17:01 honeypot-sgp-1 CRON[31262]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:17:01 honeypot-ams-1 CRON[6354]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T17:17:02.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:17:23 honeypot-fra-1 sshd[28692]: Disconnected from invalid user prueba 92.255.85.70 port 23236 [preauth]","@timestamp":"2022-09-18T17:17:24.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:20:33 honeypot-ams-1 sshd[6360]: Invalid user admin from 23.225.191.123 port 51538","@timestamp":"2022-09-18T17:20:33.648Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:22:57 honeypot-fra-1 kernel: [84396183.915461] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42667 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:22:57.597Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T17:27:18.252Z","@version":"1","message":"Sep 18 17:27:17 honeypot-sgp-1 sshd[31270]: error: maximum authentication attempts exceeded for invalid user admin from 118.70.81.109 port 5706 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:28:43 honeypot-ams-1 kernel: [84398703.583772] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.66.73.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=2396 PROTO=TCP SPT=47434 DPT=80 WINDOW=61678 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:28:44.863Z"}
{"@timestamp":"2022-09-18T17:30:27.330Z","@version":"1","message":"Sep 18 17:30:27 honeypot-sgp-1 sshd[31277]: Disconnected from invalid user prueba 92.255.85.70 port 26244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:35:01 honeypot-fra-1 sshd[28711]: Invalid user postgres from 193.106.191.157 port 44628","@timestamp":"2022-09-18T17:35:01.864Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:35:14 honeypot-ams-1 sshd[6368]: Received disconnect from 92.255.85.69 port 48814:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:35:15.035Z"}
{"@timestamp":"2022-09-18T17:42:42.620Z","@version":"1","message":"Sep 18 17:42:42 honeypot-sgp-1 kernel: [84399064.788847] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=59022 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:48:57.799Z","@version":"1","message":"Sep 18 17:48:57 honeypot-sgp-1 sshd[31291]: Connection closed by authenticating user root 179.43.145.98 port 54564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:51:26 honeypot-fra-1 sshd[28720]: Received disconnect from 165.22.45.108 port 42034:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:51:26.229Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:53:03.899Z","@version":"1","message":"Sep 18 17:53:03 honeypot-sgp-1 sshd[31299]: Received disconnect from 61.177.173.35 port 51534:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:58:39.034Z","@version":"1","message":"Sep 18 17:58:38 honeypot-sgp-1 kernel: [84400020.749102] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59511 PROTO=TCP SPT=24674 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:01:27 honeypot-ams-1 kernel: [84400667.312973] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=41612 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:01:28.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:06:13 honeypot-fra-1 kernel: [84398779.567723] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54291 PROTO=TCP SPT=43923 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:06:13.579Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:07:31 honeypot-ams-1 sshd[6374]: Disconnected from invalid user emanuela 20.195.224.231 port 52974 [preauth]","@timestamp":"2022-09-18T18:07:31.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:10:20 honeypot-ams-1 sshd[6378]: Received disconnect from 51.83.131.123 port 45296:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:10:20.945Z"}
{"@timestamp":"2022-09-18T18:13:17.387Z","@version":"1","message":"Sep 18 18:13:17 honeypot-sgp-1 sshd[31310]: Connection reset by 92.255.85.70 port 33728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:13:36 honeypot-fra-1 sshd[28738]: Received disconnect from 91.240.118.222 port 36099:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-18T18:13:37.748Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:14:05.410Z","@version":"1","message":"Sep 18 18:14:04 honeypot-sgp-1 sshd[31317]: Connection closed by invalid user admin 165.232.158.22 port 36578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:14:38.425Z","@version":"1","message":"Sep 18 18:14:37 honeypot-sgp-1 sshd[31323]: Disconnected from authenticating user root 66.70.208.241 port 34810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:15:36 honeypot-fra-1 kernel: [84399342.812632] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=65038 PROTO=TCP SPT=43305 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:15:36.799Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:17:01 honeypot-ams-1 CRON[6383]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T18:17:02.121Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:17:59 honeypot-fra-1 sshd[28744]: Disconnected from invalid user kai 134.17.16.92 port 35477 [preauth]","@timestamp":"2022-09-18T18:17:59.856Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:18:19.514Z","@version":"1","message":"Sep 18 18:18:18 honeypot-sgp-1 sshd[31328]: Disconnected from invalid user newadmin 182.23.67.49 port 47348 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:20:22 honeypot-fra-1 sshd[28748]: Disconnected from invalid user user1!2@3#4$ 62.204.41.222 port 23535 [preauth]","@timestamp":"2022-09-18T18:20:22.913Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:23:57 honeypot-ams-1 kernel: [84402017.457496] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=144.126.130.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=19805 PROTO=TCP SPT=45285 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:23:58.304Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:32 honeypot-fra-1 sshd[28761]: Did not receive identification string from 183.146.30.163 port 36881","@timestamp":"2022-09-18T18:24:33.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:34 honeypot-fra-1 sshd[28783]: Invalid user www from 183.146.30.163 port 33481","@timestamp":"2022-09-18T18:24:35.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28776]: Connection closed by invalid user test 183.146.30.163 port 33544 [preauth]","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28782]: Connection closed by invalid user test 183.146.30.163 port 33526 [preauth]","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28772]: Invalid user mysql from 183.146.30.163 port 33505","@timestamp":"2022-09-18T18:24:37.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:37 honeypot-fra-1 sshd[28769]: Connection closed by authenticating user root 183.146.30.163 port 33546 [preauth]","@timestamp":"2022-09-18T18:24:38.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:13 honeypot-fra-1 sshd[28808]: Did not receive identification string from 130.193.40.11 port 50006","@timestamp":"2022-09-18T18:25:14.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28815]: Invalid user pi from 130.193.40.11 port 32964","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28820]: Invalid user postgres from 130.193.40.11 port 32966","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28815]: Connection closed by invalid user pi 130.193.40.11 port 32964 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28816]: Connection closed by authenticating user root 130.193.40.11 port 33050 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28822]: Connection closed by invalid user oracle 130.193.40.11 port 32974 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28820]: Connection closed by invalid user postgres 130.193.40.11 port 32966 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28864]: Disconnected from authenticating user root 61.177.172.19 port 36402 [preauth]","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28857]: Connection closed by invalid user postgres 130.193.40.11 port 33094 [preauth]","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:26:09 honeypot-fra-1 sshd[28869]: Connection closed by invalid user ansible 183.146.30.163 port 33518 [preauth]","@timestamp":"2022-09-18T18:26:10.059Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:30:19.817Z","@version":"1","message":"Sep 18 18:30:19 honeypot-sgp-1 sshd[31346]: Received disconnect from 61.177.172.114 port 26263:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:33:37 honeypot-fra-1 sshd[28879]: Disconnected from authenticating user root 61.177.172.114 port 58169 [preauth]","@timestamp":"2022-09-18T18:33:38.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:34:42 honeypot-ams-1 sshd[6394]: Disconnected from authenticating user root 159.65.98.176 port 42784 [preauth]","@timestamp":"2022-09-18T18:34:42.610Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:40:56 honeypot-fra-1 sshd[28884]: Received disconnect from 61.177.172.104 port 52277:11:  [preauth]","@timestamp":"2022-09-18T18:40:56.401Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:42:41.126Z","@version":"1","message":"Sep 18 18:42:41 honeypot-sgp-1 kernel: [84402663.608952] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=53626 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:46:45.225Z","@version":"1","message":"Sep 18 18:46:44 honeypot-sgp-1 sshd[31364]: Received disconnect from 61.177.173.47 port 64670:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:49:27.290Z","@version":"1","message":"Sep 18 18:49:26 honeypot-sgp-1 sshd[31369]: Received disconnect from 124.160.96.249 port 24237:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:50:33 honeypot-fra-1 kernel: [84401439.590983] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.189.153.232 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=9696 DF PROTO=TCP SPT=38368 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:50:33.639Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:53:09.403Z","@version":"1","message":"Sep 18 18:53:08 honeypot-sgp-1 sshd[31374]: Received disconnect from 178.18.206.83 port 57874:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:54:32.439Z","@version":"1","message":"Sep 18 18:54:31 honeypot-sgp-1 sshd[31380]: Invalid user administrator from 180.218.224.139 port 55764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:21 honeypot-fra-1 sshd[28896]: Invalid user user from 45.61.184.204 port 45252","@timestamp":"2022-09-18T18:56:21.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:31 honeypot-fra-1 sshd[28898]: Invalid user user from 45.61.184.204 port 57128","@timestamp":"2022-09-18T18:56:31.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:56:43 honeypot-ams-1 kernel: [84403983.126346] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52861 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:56:44.188Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:51 honeypot-fra-1 sshd[28902]: Invalid user user from 45.61.184.204 port 52652","@timestamp":"2022-09-18T18:56:51.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:11 honeypot-fra-1 sshd[28906]: Invalid user user from 45.61.184.204 port 48170","@timestamp":"2022-09-18T18:57:11.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:57:14.504Z","@version":"1","message":"Sep 18 18:57:14 honeypot-sgp-1 sshd[31385]: Received disconnect from 161.35.113.79 port 47912:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:58:03 honeypot-fra-1 kernel: [84401889.588966] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=108.61.87.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18634 PROTO=TCP SPT=47405 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:58:03.818Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:01:18 honeypot-ams-1 sshd[6401]: Invalid user yhr from 80.253.31.232 port 41978","@timestamp":"2022-09-18T19:01:19.316Z"}
{"@timestamp":"2022-09-13T00:06:09.338Z","@version":"1","message":"Sep 13 00:06:09 honeypot-sgp-1 sshd[9257]: Connection closed by invalid user user 179.60.147.69 port 64302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:06:10 honeypot-ams-1 sshd[13994]: Disconnected from authenticating user root 61.177.173.52 port 22674 [preauth]","@timestamp":"2022-09-13T00:06:10.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:08:07 honeypot-ams-1 sshd[14000]: Disconnected from authenticating user root 92.255.85.69 port 56074 [preauth]","@timestamp":"2022-09-13T00:08:08.831Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:09:00 honeypot-fra-1 sshd[4645]: Connection closed by invalid user loan 137.116.144.39 port 50976 [preauth]","@timestamp":"2022-09-13T00:09:00.421Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:09:16 honeypot-ams-1 sshd[14004]: Disconnected from invalid user postgres 139.59.112.202 port 58912 [preauth]","@timestamp":"2022-09-13T00:09:16.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:10:09 honeypot-ams-1 sshd[14010]: Invalid user ig from 20.198.109.140 port 55742","@timestamp":"2022-09-13T00:10:10.890Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:10:55 honeypot-ams-1 kernel: [83904440.244105] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=42686 PROTO=TCP SPT=48778 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:10:56.912Z"}
{"@timestamp":"2022-09-13T00:12:04.478Z","@version":"1","message":"Sep 13 00:12:04 honeypot-sgp-1 sshd[9261]: Disconnected from invalid user user 45.61.184.204 port 52410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:26.489Z","@version":"1","message":"Sep 13 00:12:26 honeypot-sgp-1 sshd[9265]: Disconnected from invalid user user 45.61.184.204 port 50194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:47.498Z","@version":"1","message":"Sep 13 00:12:47 honeypot-sgp-1 sshd[9269]: Disconnected from invalid user user 45.61.184.204 port 47972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:13:06.508Z","@version":"1","message":"Sep 13 00:13:06 honeypot-sgp-1 sshd[9274]: Disconnected from invalid user user 45.61.184.204 port 45758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:15:21 honeypot-ams-1 sshd[14021]: Disconnected from authenticating user root 61.177.173.47 port 53438 [preauth]","@timestamp":"2022-09-13T00:15:22.030Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:11 honeypot-fra-1 sshd[4651]: Disconnected from invalid user user 45.61.187.160 port 49084 [preauth]","@timestamp":"2022-09-13T00:16:11.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:34 honeypot-fra-1 sshd[4655]: Disconnected from invalid user user 45.61.187.160 port 43944 [preauth]","@timestamp":"2022-09-13T00:16:34.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:53 honeypot-fra-1 sshd[4659]: Disconnected from invalid user user 45.61.187.160 port 38798 [preauth]","@timestamp":"2022-09-13T00:16:54.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:10 honeypot-fra-1 sshd[4666]: Invalid user user from 45.61.187.160 port 33654","@timestamp":"2022-09-13T00:17:11.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:18:18 honeypot-fra-1 sshd[4668]: Connection closed by invalid user ps 103.188.176.251 port 57822 [preauth]","@timestamp":"2022-09-13T00:18:18.649Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:25:55 honeypot-ams-1 kernel: [83905339.780455] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46807 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:25:56.308Z"}
{"@timestamp":"2022-09-13T00:26:11.815Z","@version":"1","message":"Sep 13 00:26:11 honeypot-sgp-1 sshd[9280]: Received disconnect from 92.255.85.69 port 31992:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:29:10 honeypot-fra-1 sshd[4676]: Connection closed by invalid user user 65.34.131.66 port 57140 [preauth]","@timestamp":"2022-09-13T00:29:10.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:02 honeypot-fra-1 sshd[4683]: Invalid user user from 45.61.186.249 port 34438","@timestamp":"2022-09-13T00:31:02.954Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:31:14 honeypot-ams-1 sshd[14036]: Disconnected from authenticating user root 92.255.85.70 port 31258 [preauth]","@timestamp":"2022-09-13T00:31:14.449Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:18 honeypot-fra-1 sshd[4687]: Invalid user user from 45.61.186.249 port 57102","@timestamp":"2022-09-13T00:31:18.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:34 honeypot-fra-1 sshd[4691]: Invalid user user from 45.61.186.249 port 51544","@timestamp":"2022-09-13T00:31:34.969Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:33:39.990Z","@version":"1","message":"Sep 13 00:33:39 honeypot-sgp-1 sshd[9285]: Received disconnect from 103.38.4.238 port 39288:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:34:46.019Z","@version":"1","message":"Sep 13 00:34:45 honeypot-sgp-1 sshd[9289]: Disconnected from authenticating user root 142.93.8.99 port 47722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:34:50 honeypot-fra-1 sshd[4696]: Invalid user osmc from 103.144.82.250 port 42084","@timestamp":"2022-09-13T00:34:51.046Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:41:21 honeypot-ams-1 sshd[14056]: Received disconnect from 61.177.173.47 port 39784:11:  [preauth]","@timestamp":"2022-09-13T00:41:21.717Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:41:35 honeypot-fra-1 sshd[4699]: Disconnected from invalid user kltiff 165.22.45.108 port 48716 [preauth]","@timestamp":"2022-09-13T00:41:36.202Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:41:37.202Z","@version":"1","message":"Sep 13 00:41:36 honeypot-sgp-1 sshd[9294]: Connection closed by authenticating user root 103.188.176.251 port 57372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:49:34.393Z","@version":"1","message":"Sep 13 00:49:33 honeypot-sgp-1 sshd[9300]: Disconnected from authenticating user root 92.255.85.69 port 30442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:50:18 honeypot-fra-1 kernel: [83904643.462237] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=113.255.223.58 DST=165.22.82.222 LEN=40 TOS=0x18 PREC=0xA0 TTL=55 ID=22138 PROTO=TCP SPT=64531 DPT=80 WINDOW=36979 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:50:18.408Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:50:58 honeypot-ams-1 sshd[14064]: Disconnected from authenticating user root 61.177.173.50 port 62131 [preauth]","@timestamp":"2022-09-13T00:50:58.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:05 honeypot-ams-1 sshd[14075]: Invalid user user from 141.255.162.226 port 38742","@timestamp":"2022-09-13T00:56:06.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:10 honeypot-ams-1 sshd[14079]: Invalid user user from 141.255.162.226 port 36488","@timestamp":"2022-09-13T00:56:10.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:11 honeypot-ams-1 sshd[14083]: Invalid user user from 141.255.162.226 port 42982","@timestamp":"2022-09-13T00:56:12.109Z"}
{"@timestamp":"2022-09-13T00:59:37.633Z","@version":"1","message":"Sep 13 00:59:37 honeypot-sgp-1 kernel: [83906888.109866] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=118 ID=4511 PROTO=TCP SPT=51423 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:03:59 honeypot-fra-1 sshd[4710]: Invalid user user from 45.61.187.160 port 55238","@timestamp":"2022-09-13T01:03:59.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:20 honeypot-fra-1 sshd[4714]: Invalid user user from 45.61.187.160 port 49968","@timestamp":"2022-09-13T01:04:20.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:37 honeypot-fra-1 sshd[4718]: Invalid user user from 45.61.187.160 port 44746","@timestamp":"2022-09-13T01:04:38.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:51 honeypot-fra-1 sshd[4722]: Invalid user admin from 201.28.105.119 port 48736","@timestamp":"2022-09-13T01:04:51.747Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:05:22 honeypot-ams-1 sshd[14090]: Invalid user test from 79.245.170.228 port 59398","@timestamp":"2022-09-13T01:05:23.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:09:00 honeypot-ams-1 sshd[14096]: Invalid user mongouser from 64.119.29.152 port 39590","@timestamp":"2022-09-13T01:09:00.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:10:16 honeypot-ams-1 sshd[14100]: Invalid user duan from 107.173.159.85 port 60184","@timestamp":"2022-09-13T01:10:17.493Z"}
{"@timestamp":"2022-09-13T01:10:46.897Z","@version":"1","message":"Sep 13 01:10:46 honeypot-sgp-1 sshd[9314]: Disconnected from authenticating user root 182.50.65.146 port 50576 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:13:03 honeypot-ams-1 sshd[14105]: Received disconnect from 46.101.248.68 port 36898:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:13:04.574Z"}
{"@timestamp":"2022-09-13T01:13:05.954Z","@version":"1","message":"Sep 13 01:13:05 honeypot-sgp-1 kernel: [83907695.912533] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.244 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=56986 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:13:39 honeypot-fra-1 kernel: [83906044.447061] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14803 PROTO=TCP SPT=51517 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:13:39.946Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:14:24 honeypot-ams-1 sshd[14111]: Invalid user zyw from 159.223.51.245 port 59382","@timestamp":"2022-09-13T01:14:25.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:17:01 honeypot-ams-1 CRON[14116]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T01:17:02.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:18:08 honeypot-ams-1 sshd[14121]: Disconnected from authenticating user root 92.255.85.70 port 39616 [preauth]","@timestamp":"2022-09-13T01:18:09.711Z"}
{"@timestamp":"2022-09-13T01:21:22.172Z","@version":"1","message":"Sep 13 01:21:21 honeypot-sgp-1 sshd[9326]: Disconnected from invalid user dm 95.161.97.113 port 50594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:21:59 honeypot-fra-1 sshd[4733]: Received disconnect from 165.22.45.108 port 53682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T01:22:00.133Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:24:20.246Z","@version":"1","message":"Sep 13 01:24:19 honeypot-sgp-1 kernel: [83908370.201124] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.32.219.9 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=239 ID=44593 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:28:29 honeypot-ams-1 sshd[14130]: Disconnected from authenticating user root 61.177.173.51 port 37694 [preauth]","@timestamp":"2022-09-13T01:28:30.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:31:47 honeypot-ams-1 sshd[14137]: Disconnected from authenticating user root 61.177.172.108 port 20222 [preauth]","@timestamp":"2022-09-13T01:31:47.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:34:27 honeypot-ams-1 sshd[14144]: Invalid user monitor from 20.57.113.125 port 35060","@timestamp":"2022-09-13T01:34:28.798Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:35:16 honeypot-fra-1 sshd[4741]: Disconnected from authenticating user root 178.128.5.231 port 38726 [preauth]","@timestamp":"2022-09-13T01:35:17.429Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:36:11.528Z","@version":"1","message":"Sep 13 01:36:11 honeypot-sgp-1 sshd[9339]: Received disconnect from 92.255.85.70 port 17250:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:39:52 honeypot-fra-1 sshd[4747]: Invalid user test4 from 74.204.129.194 port 37882","@timestamp":"2022-09-13T01:39:52.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:44:38 honeypot-ams-1 kernel: [83910063.178330] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=40370 PROTO=TCP SPT=41908 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:44:39.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:46:06 honeypot-ams-1 sshd[14158]: Disconnected from authenticating user root 207.154.244.110 port 51656 [preauth]","@timestamp":"2022-09-13T01:46:07.115Z"}
{"@timestamp":"2022-09-13T01:46:55.784Z","@version":"1","message":"Sep 13 01:46:55 honeypot-sgp-1 sshd[9343]: Disconnected from authenticating user root 187.59.198.249 port 36199 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:48:53 honeypot-fra-1 kernel: [83908158.354345] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.96.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40962 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:48:53.731Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:50:40 honeypot-ams-1 sshd[14165]: Received disconnect from 61.177.173.47 port 26298:11:  [preauth]","@timestamp":"2022-09-13T01:50:41.239Z"}
{"@timestamp":"2022-09-13T01:59:26.092Z","@version":"1","message":"Sep 13 01:59:25 honeypot-sgp-1 sshd[9356]: Did not receive identification string from 45.61.184.204 port 44446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:13.114Z","@version":"1","message":"Sep 13 02:00:12 honeypot-sgp-1 sshd[9359]: Disconnected from invalid user user 45.61.184.204 port 43000 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:32.123Z","@version":"1","message":"Sep 13 02:00:31 honeypot-sgp-1 sshd[9363]: Disconnected from invalid user user 45.61.184.204 port 37324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:49.132Z","@version":"1","message":"Sep 13 02:00:48 honeypot-sgp-1 sshd[9367]: Disconnected from invalid user user 45.61.184.204 port 59898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:01:33 honeypot-ams-1 sshd[14173]: Disconnected from authenticating user root 61.177.173.35 port 43601 [preauth]","@timestamp":"2022-09-13T02:01:34.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:01:42 honeypot-fra-1 sshd[4756]: Received disconnect from 92.255.85.70 port 36048:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:01:43.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:02:00 honeypot-fra-1 sshd[4760]: Disconnected from invalid user knapton 165.22.45.108 port 58604 [preauth]","@timestamp":"2022-09-13T02:02:01.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:04:50 honeypot-ams-1 sshd[14179]: Received disconnect from 92.255.85.69 port 20818:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:04:50.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:09:27 honeypot-fra-1 sshd[4768]: Disconnected from authenticating user root 187.109.253.246 port 52262 [preauth]","@timestamp":"2022-09-13T02:09:28.194Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:11:32 honeypot-ams-1 kernel: [83911676.616466] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59409 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:11:32.799Z"}
{"@timestamp":"2022-09-13T02:14:03.481Z","@version":"1","message":"Sep 13 02:14:03 honeypot-sgp-1 kernel: [83911354.193998] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=44009 PROTO=TCP SPT=55206 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:17:01 honeypot-fra-1 CRON[4773]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T02:17:02.362Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:23:00 honeypot-ams-1 sshd[14195]: Received disconnect from 61.177.172.124 port 12032:11:  [preauth]","@timestamp":"2022-09-13T02:23:01.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:24:19 honeypot-ams-1 sshd[14203]: Did not receive identification string from 45.61.187.160 port 47940","@timestamp":"2022-09-13T02:24:19.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:11 honeypot-ams-1 sshd[14206]: Received disconnect from 45.61.187.160 port 36566:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:25:11.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:29 honeypot-ams-1 sshd[14210]: Received disconnect from 45.61.187.160 port 59388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:25:30.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:51 honeypot-ams-1 sshd[14214]: Received disconnect from 45.61.187.160 port 53972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:25:52.190Z"}
{"@timestamp":"2022-09-13T02:27:32.809Z","@version":"1","message":"Sep 13 02:27:31 honeypot-sgp-1 kernel: [83912162.576346] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.91.204 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=40342 PROTO=TCP SPT=30088 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:27:48 honeypot-ams-1 sshd[14218]: Received disconnect from 92.255.85.69 port 49648:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:27:48.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:28:04 honeypot-fra-1 kernel: [83910509.307642] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.171.1.102 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=30102 DF PROTO=TCP SPT=59641 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T02:28:04.629Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:29:15 honeypot-ams-1 sshd[14223]: Disconnected from authenticating user root 139.59.186.183 port 39318 [preauth]","@timestamp":"2022-09-13T02:29:15.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:32:05 honeypot-ams-1 sshd[14229]: Received disconnect from 164.92.129.174 port 35714:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:32:06.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:32:34 honeypot-ams-1 sshd[14235]: Disconnected from invalid user chrony 160.251.19.178 port 49080 [preauth]","@timestamp":"2022-09-13T02:32:34.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:37:44 honeypot-fra-1 kernel: [83911089.981573] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=21045 PROTO=TCP SPT=15750 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:37:45.845Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:38:16 honeypot-ams-1 sshd[14242]: Invalid user centos from 179.60.147.69 port 64224","@timestamp":"2022-09-13T02:38:17.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:39:46 honeypot-ams-1 sshd[14247]: Disconnected from authenticating user root 80.76.51.46 port 36602 [preauth]","@timestamp":"2022-09-13T02:39:46.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:30 honeypot-ams-1 sshd[14253]: Disconnected from authenticating user root 80.76.51.46 port 54870 [preauth]","@timestamp":"2022-09-13T02:40:30.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:12 honeypot-ams-1 sshd[14260]: Disconnected from authenticating user root 80.76.51.46 port 44738 [preauth]","@timestamp":"2022-09-13T02:41:12.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:40 honeypot-ams-1 sshd[14266]: Disconnected from authenticating user root 80.76.51.46 port 38096 [preauth]","@timestamp":"2022-09-13T02:41:40.653Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:42:17 honeypot-fra-1 sshd[4793]: Received disconnect from 165.22.45.108 port 35282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:42:18.950Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T02:42:18.199Z","@version":"1","message":"Sep 13 02:42:17 honeypot-sgp-1 sshd[9383]: Received disconnect from 178.62.200.235 port 38702:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:21 honeypot-ams-1 sshd[14272]: Invalid user admin from 80.76.51.46 port 56574","@timestamp":"2022-09-13T02:42:22.676Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:49 honeypot-ams-1 sshd[14276]: Invalid user ansible from 80.76.51.46 port 49652","@timestamp":"2022-09-13T02:42:50.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:17 honeypot-ams-1 sshd[14280]: Invalid user ansible from 80.76.51.46 port 43002","@timestamp":"2022-09-13T02:43:18.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:45 honeypot-ams-1 sshd[14284]: Received disconnect from 80.76.51.46 port 36322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:43:45.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:13 honeypot-ams-1 sshd[14288]: Disconnected from invalid user oracle 80.76.51.46 port 57870 [preauth]","@timestamp":"2022-09-13T02:44:13.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:54 honeypot-ams-1 sshd[14294]: Received disconnect from 80.76.51.46 port 47886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:44:54.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:22 honeypot-ams-1 sshd[14298]: Disconnected from authenticating user root 80.76.51.46 port 41360 [preauth]","@timestamp":"2022-09-13T02:45:22.774Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:46:30 honeypot-ams-1 kernel: [83913774.898043] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60087 PROTO=TCP SPT=56669 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:46:30.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:46:53 honeypot-fra-1 kernel: [83911638.516876] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=55003 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:46:54.056Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T02:51:47.438Z","@version":"1","message":"Sep 13 02:51:46 honeypot-sgp-1 sshd[9390]: Received disconnect from 45.61.186.169 port 55256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:05.448Z","@version":"1","message":"Sep 13 02:52:05 honeypot-sgp-1 sshd[9394]: Received disconnect from 45.61.186.169 port 49982:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:21.457Z","@version":"1","message":"Sep 13 02:52:21 honeypot-sgp-1 sshd[9398]: Received disconnect from 45.61.186.169 port 44720:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:37.465Z","@version":"1","message":"Sep 13 02:52:36 honeypot-sgp-1 sshd[9402]: Received disconnect from 45.61.186.169 port 39426:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:53:34 honeypot-fra-1 sshd[4803]: Did not receive identification string from 117.186.96.54 port 59270","@timestamp":"2022-09-13T02:53:35.205Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:54:41 honeypot-ams-1 sshd[14312]: Disconnected from authenticating user root 61.177.172.104 port 20156 [preauth]","@timestamp":"2022-09-13T02:54:42.023Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:23 honeypot-fra-1 sshd[4808]: Received disconnect from 45.61.186.49 port 45636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:55:24.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:32 honeypot-fra-1 sshd[4812]: Received disconnect from 45.61.186.49 port 57194:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:55:33.253Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:58:26 honeypot-ams-1 kernel: [83914491.098703] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=52868 PROTO=TCP SPT=10645 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:58:27.124Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:00:47 honeypot-fra-1 sshd[4817]: Received disconnect from 117.186.96.54 port 44882:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:00:48.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:02:03.709Z","@version":"1","message":"Sep 13 03:02:03 honeypot-sgp-1 kernel: [83914234.196165] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=19876 PROTO=TCP SPT=58003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:03:39 honeypot-ams-1 sshd[14322]: Disconnected from authenticating user root 189.46.157.37 port 49886 [preauth]","@timestamp":"2022-09-13T03:03:39.260Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:06:08 honeypot-ams-1 kernel: [83914952.174363] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=31480 PROTO=TCP SPT=58003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:06:08.326Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:08:04 honeypot-ams-1 kernel: [83915068.814504] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=38505 PROTO=TCP SPT=58447 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:08:05.379Z"}
{"@timestamp":"2022-09-13T03:11:52.956Z","@version":"1","message":"Sep 13 03:11:52 honeypot-sgp-1 sshd[9408]: Connection closed by invalid user debian 179.60.147.69 port 14818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:26 honeypot-fra-1 sshd[4823]: Invalid user user from 198.98.61.9 port 47354","@timestamp":"2022-09-13T03:12:27.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:35 honeypot-fra-1 sshd[4825]: Received disconnect from 198.98.61.9 port 58942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:12:35.640Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:12:42 honeypot-ams-1 sshd[14340]: Disconnected from authenticating user root 103.2.135.19 port 46464 [preauth]","@timestamp":"2022-09-13T03:12:43.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:56 honeypot-fra-1 sshd[4831]: Received disconnect from 198.98.61.9 port 53850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:12:56.650Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:04 honeypot-fra-1 sshd[4835]: Disconnected from invalid user user 198.98.61.9 port 37186 [preauth]","@timestamp":"2022-09-13T03:13:04.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:19 honeypot-fra-1 sshd[4839]: Disconnected from invalid user user 198.98.61.9 port 60348 [preauth]","@timestamp":"2022-09-13T03:13:19.662Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:15:16 honeypot-ams-1 sshd[14346]: Connection closed by invalid user debian 179.60.147.69 port 55270 [preauth]","@timestamp":"2022-09-13T03:15:17.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:21:13 honeypot-fra-1 sshd[4846]: Did not receive identification string from 219.157.79.154 port 59720","@timestamp":"2022-09-13T03:21:13.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:25:46 honeypot-ams-1 sshd[14356]: Did not receive identification string from 108.41.8.142 port 63675","@timestamp":"2022-09-13T03:25:46.835Z"}
{"@timestamp":"2022-09-13T03:26:47.345Z","@version":"1","message":"Sep 13 03:26:46 honeypot-sgp-1 sshd[9417]: Did not receive identification string from 141.105.66.148 port 6495","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:26:49.347Z","@version":"1","message":"Sep 13 03:26:49 honeypot-sgp-1 sshd[9422]: Invalid user dhghb from 141.105.66.148 port 2040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:26:55.350Z","@version":"1","message":"Sep 13 03:26:55 honeypot-sgp-1 sshd[9434]: Unable to negotiate with 141.105.66.148 port 19241: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:27:47 honeypot-ams-1 sshd[14363]: Received disconnect from 5.183.9.248 port 53100:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:27:47.890Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:27:54 honeypot-fra-1 sshd[4876]: Invalid user guest from 111.220.139.23 port 53308","@timestamp":"2022-09-13T03:27:54.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:28:36 honeypot-fra-1 kernel: [83914141.583444] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.50 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=49067 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:28:37.010Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:30:21 honeypot-ams-1 sshd[14369]: Did not receive identification string from 89.248.173.131 port 58798","@timestamp":"2022-09-13T03:30:21.957Z"}
{"@timestamp":"2022-09-13T03:32:33.489Z","@version":"1","message":"Sep 13 03:32:33 honeypot-sgp-1 sshd[9443]: Received disconnect from 92.255.85.70 port 61496:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:33:22 honeypot-fra-1 sshd[4883]: Disconnected from authenticating user root 134.0.193.138 port 51944 [preauth]","@timestamp":"2022-09-13T03:33:22.117Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:35:25.560Z","@version":"1","message":"Sep 13 03:35:25 honeypot-sgp-1 sshd[9447]: Received disconnect from 60.196.69.234 port 34435:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:34 honeypot-fra-1 sshd[4902]: Connection closed by invalid user devops 120.199.82.50 port 31834 [preauth]","@timestamp":"2022-09-13T03:35:35.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:40 honeypot-fra-1 sshd[4907]: Invalid user ec2-user from 120.199.82.50 port 58191","@timestamp":"2022-09-13T03:35:41.171Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:46 honeypot-fra-1 sshd[4915]: Connection closed by invalid user es 120.199.82.50 port 1922 [preauth]","@timestamp":"2022-09-13T03:35:47.175Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:01 honeypot-fra-1 sshd[4921]: Connection closed by invalid user elastic 120.199.82.50 port 33862 [preauth]","@timestamp":"2022-09-13T03:36:01.182Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:07 honeypot-fra-1 sshd[4925]: Invalid user guest from 120.199.82.50 port 14377","@timestamp":"2022-09-13T03:36:07.186Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:36:17.583Z","@version":"1","message":"Sep 13 03:36:17 honeypot-sgp-1 sshd[9451]: Disconnected from authenticating user root 41.60.236.6 port 41972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:29 honeypot-fra-1 sshd[4931]: Connection closed by invalid user ec2user 120.199.82.50 port 14022 [preauth]","@timestamp":"2022-09-13T03:36:29.196Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:36:30 honeypot-ams-1 kernel: [83916774.657986] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47998 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:36:31.114Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:59 honeypot-fra-1 sshd[4942]: Connection closed by invalid user ftpuser 120.199.82.50 port 40211 [preauth]","@timestamp":"2022-09-13T03:37:00.210Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:38:48 honeypot-ams-1 kernel: [83916912.956936] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.190.64.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=27635 PROTO=TCP SPT=20283 DPT=80 WINDOW=5001 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:38:49.176Z"}
{"@timestamp":"2022-09-13T03:42:35.758Z","@version":"1","message":"Sep 13 03:42:35 honeypot-sgp-1 sshd[9456]: Disconnected from authenticating user root 31.186.48.216 port 41728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:39.787Z","@version":"1","message":"Sep 13 03:43:39 honeypot-sgp-1 sshd[9462]: Connection closed by invalid user user 116.98.167.15 port 54044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:52.793Z","@version":"1","message":"Sep 13 03:43:52 honeypot-sgp-1 sshd[9470]: Connection closed by authenticating user root 116.98.167.15 port 46498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:00.798Z","@version":"1","message":"Sep 13 03:44:00 honeypot-sgp-1 sshd[9478]: Connection closed by invalid user admin 116.98.167.15 port 40644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:18.806Z","@version":"1","message":"Sep 13 03:44:18 honeypot-sgp-1 sshd[9484]: Connection closed by invalid user ftpuser 116.98.167.15 port 58620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:44.820Z","@version":"1","message":"Sep 13 03:44:44 honeypot-sgp-1 sshd[9490]: Connection closed by invalid user admin 116.98.167.15 port 43140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:08.832Z","@version":"1","message":"Sep 13 03:45:08 honeypot-sgp-1 sshd[9496]: Connection closed by invalid user admin 116.98.167.15 port 55352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:46:10.883Z","@version":"1","message":"Sep 13 03:46:09 honeypot-sgp-1 sshd[9504]: Invalid user belkinstyle from 116.98.167.15 port 41114","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:46:59.906Z","@version":"1","message":"Sep 13 03:46:59 honeypot-sgp-1 sshd[9508]: Disconnected from invalid user ftk 223.197.188.206 port 54832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:47:44 honeypot-ams-1 kernel: [83917448.599665] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.181.53 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23392 PROTO=TCP SPT=40305 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:47:45.407Z"}
{"@timestamp":"2022-09-13T03:48:15.941Z","@version":"1","message":"Sep 13 03:48:15 honeypot-sgp-1 sshd[9515]: Invalid user factorio from 116.98.167.15 port 34016","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:48:37.953Z","@version":"1","message":"Sep 13 03:48:37 honeypot-sgp-1 sshd[9521]: Connection closed by authenticating user root 116.98.167.15 port 38480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:49:40 honeypot-fra-1 sshd[4951]: Connection closed by invalid user debian 179.60.147.69 port 32798 [preauth]","@timestamp":"2022-09-13T03:49:41.491Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:50:42.007Z","@version":"1","message":"Sep 13 03:50:41 honeypot-sgp-1 sshd[9527]: Connection closed by invalid user upport 116.98.167.15 port 39274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:42 honeypot-ams-1 sshd[14395]: Invalid user sr from 43.154.143.45 port 59790","@timestamp":"2022-09-13T03:51:43.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:52:13 honeypot-ams-1 sshd[14399]: Disconnected from authenticating user root 46.19.141.122 port 47310 [preauth]","@timestamp":"2022-09-13T03:52:13.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:03 honeypot-ams-1 sshd[14403]: Disconnected from invalid user admin 46.19.141.122 port 57916 [preauth]","@timestamp":"2022-09-13T03:53:04.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:47 honeypot-ams-1 sshd[14409]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 38133","@timestamp":"2022-09-13T03:53:48.571Z"}
{"@timestamp":"2022-09-13T03:54:40.109Z","@version":"1","message":"Sep 13 03:54:39 honeypot-sgp-1 sshd[9536]: Did not receive identification string from 45.61.186.49 port 59734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:54:46 honeypot-ams-1 sshd[14414]: Invalid user ubnt from 46.19.141.122 port 50852","@timestamp":"2022-09-13T03:54:47.601Z"}
{"@timestamp":"2022-09-13T03:54:58.119Z","@version":"1","message":"Sep 13 03:54:57 honeypot-sgp-1 sshd[9539]: Disconnected from invalid user user 45.61.186.49 port 37266 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:55:06 honeypot-ams-1 sshd[14416]: Disconnected from invalid user support 46.19.141.122 port 56132 [preauth]","@timestamp":"2022-09-13T03:55:06.612Z"}
{"@timestamp":"2022-09-13T03:55:07.123Z","@version":"1","message":"Sep 13 03:55:07 honeypot-sgp-1 sshd[9543]: Disconnected from invalid user user 45.61.186.49 port 48950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:55:43 honeypot-ams-1 kernel: [83917928.059907] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=38133 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:55:44.631Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:03:06 honeypot-fra-1 sshd[4956]: Invalid user kolesnik from 165.22.45.108 port 45124","@timestamp":"2022-09-13T04:03:06.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:05:45 honeypot-fra-1 sshd[4961]: Did not receive identification string from 141.255.162.226 port 59904","@timestamp":"2022-09-13T04:05:45.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:10 honeypot-fra-1 sshd[4964]: Disconnected from invalid user user 141.255.162.226 port 41594 [preauth]","@timestamp":"2022-09-13T04:06:10.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:13 honeypot-fra-1 sshd[4968]: Disconnected from invalid user user 141.255.162.226 port 54912 [preauth]","@timestamp":"2022-09-13T04:06:13.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:18 honeypot-fra-1 sshd[4972]: Disconnected from invalid user user 141.255.162.226 port 33336 [preauth]","@timestamp":"2022-09-13T04:06:18.869Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:11:21 honeypot-ams-1 kernel: [83918865.547150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.49.20.67 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44541 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:11:22.037Z"}
{"@timestamp":"2022-09-13T04:17:01.685Z","@version":"1","message":"Sep 13 04:17:01 honeypot-sgp-1 CRON[9549]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:17:01 honeypot-fra-1 CRON[4978]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T04:17:02.108Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:18:42 honeypot-fra-1 sshd[4985]: Received disconnect from 92.106.169.34 port 42618:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:18:42.148Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:21:41 honeypot-ams-1 kernel: [83919485.948746] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40650 PROTO=TCP SPT=58781 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:21:42.302Z"}
{"@timestamp":"2022-09-13T04:25:22.895Z","@version":"1","message":"Sep 13 04:25:22 honeypot-sgp-1 sshd[9555]: Connection closed by invalid user unknown 179.60.147.69 port 59716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:25:52 honeypot-fra-1 kernel: [83917576.882390] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.158 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=41257 PROTO=TCP SPT=43122 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:25:52.309Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:27:28 honeypot-fra-1 sshd[4995]: Connection closed by invalid user admin 14.50.131.36 port 54809 [preauth]","@timestamp":"2022-09-13T04:27:29.351Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:28:42.977Z","@version":"1","message":"Sep 13 04:28:42 honeypot-sgp-1 sshd[9561]: Disconnected from authenticating user root 143.244.158.100 port 49016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:28:48 honeypot-ams-1 kernel: [83919912.811951] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.117.152.98 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=33727 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:28:49.522Z"}
{"@timestamp":"2022-09-13T04:29:36.002Z","@version":"1","message":"Sep 13 04:29:35 honeypot-sgp-1 sshd[9566]: Disconnected from invalid user monitor 185.62.193.24 port 36412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:31:10.046Z","@version":"1","message":"Sep 13 04:31:09 honeypot-sgp-1 sshd[9572]: Received disconnect from 143.244.158.100 port 39240:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:33:35.107Z","@version":"1","message":"Sep 13 04:33:34 honeypot-sgp-1 sshd[9578]: Received disconnect from 143.244.158.100 port 43654:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:35:59.192Z","@version":"1","message":"Sep 13 04:35:59 honeypot-sgp-1 sshd[9585]: Received disconnect from 143.244.158.100 port 48796:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:37:19.230Z","@version":"1","message":"Sep 13 04:37:19 honeypot-sgp-1 sshd[9589]: Disconnected from authenticating user root 188.166.91.139 port 57390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:37:23 honeypot-ams-1 kernel: [83920427.554839] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.4.101 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24179 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:37:23.742Z"}
{"@timestamp":"2022-09-13T04:39:12.278Z","@version":"1","message":"Sep 13 04:39:11 honeypot-sgp-1 sshd[9595]: Disconnected from authenticating user root 143.244.158.100 port 52896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:40:00 honeypot-ams-1 sshd[14448]: Disconnected from invalid user deffer 187.189.221.198 port 33208 [preauth]","@timestamp":"2022-09-13T04:40:00.812Z"}
{"@timestamp":"2022-09-13T04:41:41.343Z","@version":"1","message":"Sep 13 04:41:40 honeypot-sgp-1 sshd[9602]: Disconnected from authenticating user root 143.244.158.100 port 39704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:43:17.386Z","@version":"1","message":"Sep 13 04:43:16 honeypot-sgp-1 sshd[9608]: Disconnected from authenticating user root 143.244.158.100 port 47590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:43:47 honeypot-fra-1 sshd[5000]: Invalid user 1234 from 124.221.61.174 port 36036","@timestamp":"2022-09-13T04:43:47.715Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:45:07 honeypot-fra-1 sshd[5005]: Disconnected from authenticating user root 92.255.85.69 port 26212 [preauth]","@timestamp":"2022-09-13T04:45:07.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:45:56.454Z","@version":"1","message":"Sep 13 04:45:55 honeypot-sgp-1 sshd[9615]: Disconnected from authenticating user root 143.244.158.100 port 42872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:47:36 honeypot-ams-1 sshd[14453]: Disconnected from authenticating user root 92.255.85.69 port 48972 [preauth]","@timestamp":"2022-09-13T04:47:37.009Z"}
{"@timestamp":"2022-09-13T04:48:24.516Z","@version":"1","message":"Sep 13 04:48:24 honeypot-sgp-1 sshd[9621]: Disconnected from authenticating user root 143.244.158.100 port 37072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:50:54.579Z","@version":"1","message":"Sep 13 04:50:53 honeypot-sgp-1 sshd[9628]: Disconnected from authenticating user root 143.244.158.100 port 43426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:53:23.643Z","@version":"1","message":"Sep 13 04:53:23 honeypot-sgp-1 sshd[9634]: Disconnected from authenticating user root 143.244.158.100 port 42124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:55:00.687Z","@version":"1","message":"Sep 13 04:55:00 honeypot-sgp-1 sshd[9638]: Disconnected from authenticating user root 143.244.158.100 port 48124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:57:31.751Z","@version":"1","message":"Sep 13 04:57:30 honeypot-sgp-1 sshd[9645]: Disconnected from authenticating user root 143.244.158.100 port 55466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:00:00.814Z","@version":"1","message":"Sep 13 04:59:59 honeypot-sgp-1 sshd[9651]: Disconnected from authenticating user root 143.244.158.100 port 43374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:00:43 honeypot-ams-1 sshd[14458]: Disconnected from invalid user user 45.61.187.160 port 46614 [preauth]","@timestamp":"2022-09-13T05:00:44.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:03 honeypot-ams-1 sshd[14462]: Disconnected from invalid user user 45.61.187.160 port 41618 [preauth]","@timestamp":"2022-09-13T05:01:04.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:08 honeypot-fra-1 sshd[5011]: Invalid user user from 45.61.186.49 port 49464","@timestamp":"2022-09-13T05:01:09.108Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:17 honeypot-fra-1 sshd[5015]: Invalid user user from 45.61.186.49 port 32946","@timestamp":"2022-09-13T05:01:18.113Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:22 honeypot-ams-1 sshd[14466]: Disconnected from invalid user user 45.61.187.160 port 36634 [preauth]","@timestamp":"2022-09-13T05:01:23.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:39 honeypot-ams-1 sshd[14470]: Disconnected from invalid user user 45.61.187.160 port 59886 [preauth]","@timestamp":"2022-09-13T05:01:40.367Z"}
{"@timestamp":"2022-09-13T05:02:05.869Z","@version":"1","message":"Sep 13 05:02:05 honeypot-sgp-1 sshd[9659]: Connection closed by invalid user centos 179.60.147.69 port 27682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:02:22 honeypot-fra-1 sshd[5020]: Received disconnect from 152.228.217.107 port 54360:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:02:23.137Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:03:44 honeypot-fra-1 sshd[5026]: Invalid user admin from 107.204.192.210 port 51662","@timestamp":"2022-09-13T05:03:45.171Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:04:27.929Z","@version":"1","message":"Sep 13 05:04:27 honeypot-sgp-1 sshd[9665]: Disconnected from authenticating user root 143.244.158.100 port 42800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:06:20.978Z","@version":"1","message":"Sep 13 05:06:20 honeypot-sgp-1 sshd[9671]: Disconnected from authenticating user root 143.244.158.100 port 33782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:06:29 honeypot-fra-1 sshd[5030]: Received disconnect from 52.160.46.145 port 40206:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:06:29.249Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:08:51.042Z","@version":"1","message":"Sep 13 05:08:50 honeypot-sgp-1 sshd[9678]: Disconnected from authenticating user root 143.244.158.100 port 54368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:10:51 honeypot-fra-1 sshd[5035]: Invalid user wyo from 178.46.163.191 port 37240","@timestamp":"2022-09-13T05:10:52.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:11:21 honeypot-ams-1 sshd[14476]: Disconnected from authenticating user root 92.255.85.70 port 38526 [preauth]","@timestamp":"2022-09-13T05:11:21.615Z"}
{"@timestamp":"2022-09-13T05:11:28.108Z","@version":"1","message":"Sep 13 05:11:28 honeypot-sgp-1 sshd[9684]: Disconnected from authenticating user root 143.244.158.100 port 34952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:54 honeypot-ams-1 sshd[14481]: Received disconnect from 141.255.162.226 port 51348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:13:54.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:59 honeypot-ams-1 sshd[14485]: Received disconnect from 141.255.162.226 port 36738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:13:59.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:01 honeypot-ams-1 sshd[14489]: Received disconnect from 141.255.162.226 port 44544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:14:01.684Z"}
{"@timestamp":"2022-09-13T05:15:19.203Z","@version":"1","message":"Sep 13 05:15:18 honeypot-sgp-1 kernel: [83922229.075841] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=13987 PROTO=TCP SPT=46053 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:16:46 honeypot-ams-1 kernel: [83922790.209849] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11646 PROTO=TCP SPT=39075 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:16:46.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:17:30 honeypot-fra-1 kernel: [83920674.921043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4133 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:17:30.502Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:20:34 honeypot-ams-1 kernel: [83923018.759056] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.203.57.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=34890 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:20:34.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:23:04 honeypot-ams-1 sshd[14504]: Disconnected from 112.5.88.63 port 36381 [preauth]","@timestamp":"2022-09-13T05:23:04.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:24:06 honeypot-fra-1 sshd[5046]: Invalid user konghao from 165.22.45.108 port 54972","@timestamp":"2022-09-13T05:24:06.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:25:59.461Z","@version":"1","message":"Sep 13 05:25:59 honeypot-sgp-1 kernel: [83922869.587858] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=38731 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:29:52.557Z","@version":"1","message":"Sep 13 05:29:52 honeypot-sgp-1 sshd[9701]: Disconnected from invalid user user 45.61.186.49 port 59536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:30:02.562Z","@version":"1","message":"Sep 13 05:30:02 honeypot-sgp-1 sshd[9705]: Disconnected from invalid user user 45.61.186.49 port 43118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:32:19 honeypot-fra-1 sshd[5049]: Received disconnect from 92.255.85.70 port 52302:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:32:20.842Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:33:37.650Z","@version":"1","message":"Sep 13 05:33:37 honeypot-sgp-1 sshd[9710]: Invalid user null from 187.216.254.180 port 58546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:45.681Z","@version":"1","message":"Sep 13 05:34:45 honeypot-sgp-1 sshd[9714]: Received disconnect from 185.180.29.203 port 13404:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:50.685Z","@version":"1","message":"Sep 13 05:34:50 honeypot-sgp-1 sshd[9718]: Disconnected from invalid user ubnt 185.180.29.203 port 13418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:56.688Z","@version":"1","message":"Sep 13 05:34:56 honeypot-sgp-1 sshd[9724]: Disconnected from authenticating user root 185.180.29.203 port 13452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:03.692Z","@version":"1","message":"Sep 13 05:35:02 honeypot-sgp-1 sshd[9730]: Disconnected from authenticating user root 185.180.29.203 port 13482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:35:03 honeypot-ams-1 sshd[14510]: Received disconnect from 14.225.17.9 port 49498:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:35:04.226Z"}
{"@timestamp":"2022-09-13T05:35:09.696Z","@version":"1","message":"Sep 13 05:35:09 honeypot-sgp-1 sshd[9736]: Disconnected from authenticating user root 185.180.29.203 port 13516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:16.700Z","@version":"1","message":"Sep 13 05:35:15 honeypot-sgp-1 sshd[9742]: Disconnected from authenticating user root 185.180.29.203 port 13573 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:22.703Z","@version":"1","message":"Sep 13 05:35:22 honeypot-sgp-1 sshd[9748]: Disconnected from authenticating user root 185.180.29.203 port 13594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:28.706Z","@version":"1","message":"Sep 13 05:35:28 honeypot-sgp-1 sshd[9754]: Disconnected from authenticating user root 185.180.29.203 port 13616 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:35.711Z","@version":"1","message":"Sep 13 05:35:35 honeypot-sgp-1 sshd[9760]: Disconnected from authenticating user root 185.180.29.203 port 13641 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:41.714Z","@version":"1","message":"Sep 13 05:35:41 honeypot-sgp-1 sshd[9766]: Received disconnect from 70.35.202.246 port 34254:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:46.717Z","@version":"1","message":"Sep 13 05:35:45 honeypot-sgp-1 sshd[9772]: Received disconnect from 185.180.29.203 port 13696:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:35:49 honeypot-ams-1 sshd[14514]: Received disconnect from 118.27.35.131 port 39954:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:35:50.249Z"}
{"@timestamp":"2022-09-13T05:35:52.720Z","@version":"1","message":"Sep 13 05:35:52 honeypot-sgp-1 sshd[9778]: Received disconnect from 185.180.29.203 port 13741:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:58.723Z","@version":"1","message":"Sep 13 05:35:58 honeypot-sgp-1 sshd[9784]: Received disconnect from 185.180.29.203 port 13785:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:03.727Z","@version":"1","message":"Sep 13 05:36:02 honeypot-sgp-1 sshd[9788]: Disconnected from invalid user admin 185.180.29.203 port 13813 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:07.729Z","@version":"1","message":"Sep 13 05:36:07 honeypot-sgp-1 sshd[9792]: Disconnected from invalid user admin 185.180.29.203 port 13828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:11.731Z","@version":"1","message":"Sep 13 05:36:11 honeypot-sgp-1 sshd[9796]: Disconnected from invalid user admin 185.180.29.203 port 13860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:15.733Z","@version":"1","message":"Sep 13 05:36:15 honeypot-sgp-1 sshd[9800]: Disconnected from invalid user admin 185.180.29.203 port 13895 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:20.737Z","@version":"1","message":"Sep 13 05:36:19 honeypot-sgp-1 sshd[9804]: Disconnected from invalid user admin 185.180.29.203 port 13923 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:24.739Z","@version":"1","message":"Sep 13 05:36:24 honeypot-sgp-1 sshd[9808]: Disconnected from invalid user user 185.180.29.203 port 13980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:30.742Z","@version":"1","message":"Sep 13 05:36:30 honeypot-sgp-1 sshd[9814]: Received disconnect from 185.180.29.203 port 14011:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:35.746Z","@version":"1","message":"Sep 13 05:36:34 honeypot-sgp-1 sshd[9818]: Received disconnect from 185.180.29.203 port 14039:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:39.748Z","@version":"1","message":"Sep 13 05:36:39 honeypot-sgp-1 sshd[9822]: Received disconnect from 185.180.29.203 port 14055:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:43.750Z","@version":"1","message":"Sep 13 05:36:43 honeypot-sgp-1 sshd[9826]: Received disconnect from 185.180.29.203 port 14093:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:47.753Z","@version":"1","message":"Sep 13 05:36:47 honeypot-sgp-1 sshd[9830]: Received disconnect from 185.180.29.203 port 14122:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:52.756Z","@version":"1","message":"Sep 13 05:36:51 honeypot-sgp-1 sshd[9834]: Received disconnect from 185.180.29.203 port 14139:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:56.758Z","@version":"1","message":"Sep 13 05:36:56 honeypot-sgp-1 sshd[9838]: Received disconnect from 185.180.29.203 port 14164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:00.760Z","@version":"1","message":"Sep 13 05:37:00 honeypot-sgp-1 sshd[9842]: Received disconnect from 185.180.29.203 port 14193:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:05.764Z","@version":"1","message":"Sep 13 05:37:04 honeypot-sgp-1 sshd[9847]: Received disconnect from 185.180.29.203 port 14223:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:08.766Z","@version":"1","message":"Sep 13 05:37:08 honeypot-sgp-1 sshd[9851]: Disconnected from authenticating user root 211.45.162.52 port 45506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:11.768Z","@version":"1","message":"Sep 13 05:37:11 honeypot-sgp-1 sshd[9855]: Disconnected from invalid user test 185.180.29.203 port 14263 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:16.772Z","@version":"1","message":"Sep 13 05:37:15 honeypot-sgp-1 sshd[9859]: Disconnected from invalid user cirros 185.180.29.203 port 14283 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:38:59 honeypot-ams-1 sshd[14518]: Received disconnect from 210.196.250.246 port 36692:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:38:59.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:41:58 honeypot-ams-1 sshd[14523]: Received disconnect from 106.245.234.10 port 39602:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:41:59.409Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:43:22 honeypot-fra-1 sshd[5055]: Invalid user admin from 200.223.219.62 port 49350","@timestamp":"2022-09-13T05:43:22.092Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:31 honeypot-ams-1 sshd[14528]: Received disconnect from 141.255.162.226 port 35454:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:45:31.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:36 honeypot-ams-1 sshd[14532]: Received disconnect from 141.255.162.226 port 55058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:45:36.506Z"}
{"@timestamp":"2022-09-13T05:45:36.974Z","@version":"1","message":"Sep 13 05:45:36 honeypot-sgp-1 sshd[9866]: Invalid user litao from 103.188.176.251 port 54996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:38 honeypot-ams-1 sshd[14536]: Received disconnect from 141.255.162.226 port 50614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:45:38.507Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:46:00 honeypot-ams-1 kernel: [83924544.598552] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.163.104.128 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=37033 DF PROTO=TCP SPT=61803 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T05:46:01.520Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:02:08 honeypot-fra-1 kernel: [83923353.409345] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.161.131.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=54321 PROTO=TCP SPT=58300 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:02:09.509Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T06:05:23.449Z","@version":"1","message":"Sep 13 06:05:23 honeypot-sgp-1 kernel: [83925233.786725] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40457 PROTO=TCP SPT=39024 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:05:46 honeypot-ams-1 sshd[14544]: Disconnected from authenticating user root 51.79.64.173 port 47868 [preauth]","@timestamp":"2022-09-13T06:05:47.100Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:13:02 honeypot-fra-1 kernel: [83924007.048144] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42884 PROTO=TCP SPT=48803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:13:02.754Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5172]: Invalid user ubuntu from 20.13.161.157 port 53556","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5166]: Connection closed by authenticating user root 20.13.161.157 port 53562 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5174]: Connection closed by authenticating user root 20.13.161.157 port 53526 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5170]: Connection closed by authenticating user root 20.13.161.157 port 53588 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5178]: Connection closed by invalid user test 20.13.161.157 port 53530 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:16:12.717Z","@version":"1","message":"Sep 13 06:16:12 honeypot-sgp-1 sshd[9877]: Disconnected from authenticating user root 92.255.85.69 port 19958 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:16:45 honeypot-fra-1 kernel: [83924230.180398] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=52669 PROTO=TCP SPT=49373 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:16:45.864Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:17:01 honeypot-ams-1 CRON[14550]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T06:17:02.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:19:44 honeypot-fra-1 kernel: [83924408.918719] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.56.96.88 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=7648 PROTO=TCP SPT=49977 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:19:44.934Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:23:58 honeypot-ams-1 kernel: [83926822.653884] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=37124 PROTO=TCP SPT=10319 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:23:59.568Z"}
{"@timestamp":"2022-09-13T06:25:01.942Z","@version":"1","message":"Sep 13 06:25:01 honeypot-sgp-1 CRON[9888]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:25:01 honeypot-fra-1 CRON[5221]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T06:25:02.078Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:27:59.021Z","@version":"1","message":"Sep 13 06:27:58 honeypot-sgp-1 sshd[10140]: Invalid user user from 45.61.186.249 port 44792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:28:09 honeypot-ams-1 kernel: [83927073.086448] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.93.103.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=2220 PROTO=TCP SPT=57544 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:28:09.687Z"}
{"@timestamp":"2022-09-13T06:28:18.031Z","@version":"1","message":"Sep 13 06:28:17 honeypot-sgp-1 sshd[10144]: Invalid user user from 45.61.186.249 port 39614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:28:23 honeypot-fra-1 sshd[5356]: Disconnected from invalid user staffc 179.67.89.142 port 51884 [preauth]","@timestamp":"2022-09-13T06:28:24.159Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:28:35.040Z","@version":"1","message":"Sep 13 06:28:34 honeypot-sgp-1 sshd[10148]: Invalid user user from 45.61.186.249 port 34498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:51.048Z","@version":"1","message":"Sep 13 06:28:50 honeypot-sgp-1 sshd[10153]: Invalid user user from 45.61.186.249 port 57534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:30:03 honeypot-fra-1 sshd[5363]: Received disconnect from 210.245.34.243 port 55109:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:30:03.201Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:31:16 honeypot-fra-1 sshd[5369]: Connection closed by invalid user scottdaugherty 141.98.10.158 port 34256 [preauth]","@timestamp":"2022-09-13T06:31:17.233Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:32:58.150Z","@version":"1","message":"Sep 13 06:32:58 honeypot-sgp-1 sshd[10157]: Did not receive identification string from 189.8.29.5 port 58812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10176]: Invalid user mysql from 189.8.29.5 port 60602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10160]: Invalid user admin from 189.8.29.5 port 60616","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10168]: Invalid user mc from 189.8.29.5 port 60612","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10161]: Invalid user hadoop from 189.8.29.5 port 60622","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10158]: Connection closed by invalid user lighthouse 189.8.29.5 port 60600 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10163]: Connection closed by invalid user mysql 189.8.29.5 port 60592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10190]: Connection closed by authenticating user root 189.8.29.5 port 60664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10189]: Connection closed by invalid user admin 189.8.29.5 port 60636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10177]: Connection closed by invalid user ts3 189.8.29.5 port 60638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10166]: Connection closed by invalid user hadoop 189.8.29.5 port 60590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:34:12 honeypot-ams-1 sshd[14729]: Did not receive identification string from 73.209.58.108 port 51452","@timestamp":"2022-09-13T06:34:12.847Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:35:51 honeypot-fra-1 sshd[5376]: Disconnected from authenticating user root 182.23.23.42 port 42970 [preauth]","@timestamp":"2022-09-13T06:35:51.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:41:47 honeypot-ams-1 sshd[14838]: Received disconnect from 80.76.51.43 port 39406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T06:41:48.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:17 honeypot-ams-1 sshd[14842]: Received disconnect from 80.76.51.43 port 40536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T06:42:18.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:43:23 honeypot-fra-1 sshd[5384]: Connection closed by authenticating user root 218.103.120.150 port 57381 [preauth]","@timestamp":"2022-09-13T06:43:24.510Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:44:57 honeypot-ams-1 sshd[14849]: Received disconnect from 92.255.85.70 port 60672:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:44:58.132Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:47:47 honeypot-fra-1 sshd[5388]: Received disconnect from 144.126.215.161 port 58282:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:47:47.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5400]: Invalid user oracle from 20.254.57.199 port 53964","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5401]: Connection closed by authenticating user root 20.254.57.199 port 53972 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5409]: Invalid user admin from 20.254.57.199 port 53988","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5397]: Connection closed by invalid user user 20.254.57.199 port 53986 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5407]: Connection closed by invalid user oracle 20.254.57.199 port 53978 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5411]: Connection closed by invalid user mysql 20.254.57.199 port 53956 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5438]: Invalid user devops from 20.254.57.199 port 53960","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5436]: Invalid user admin from 20.254.57.199 port 53984","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5436]: Connection closed by invalid user admin 20.254.57.199 port 53984 [preauth]","@timestamp":"2022-09-13T06:51:13.691Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:52:07.632Z","@version":"1","message":"Sep 13 06:52:07 honeypot-sgp-1 kernel: [83928037.718812] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=112.117.152.56 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=17086 PROTO=TCP SPT=34426 DPT=443 WINDOW=33182 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:53:41 honeypot-fra-1 sshd[5459]: Connection closed by invalid user debian 179.60.147.69 port 16460 [preauth]","@timestamp":"2022-09-13T06:53:41.747Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:53:49 honeypot-ams-1 sshd[14852]: Received disconnect from 24.166.23.99 port 35618:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:53:49.361Z"}
{"@timestamp":"2022-09-13T06:54:47.702Z","@version":"1","message":"Sep 13 06:54:47 honeypot-sgp-1 sshd[10232]: Invalid user user from 141.255.162.226 port 37846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:51.706Z","@version":"1","message":"Sep 13 06:54:50 honeypot-sgp-1 sshd[10236]: Invalid user user from 141.255.162.226 port 51526","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:53.707Z","@version":"1","message":"Sep 13 06:54:52 honeypot-sgp-1 sshd[10240]: Invalid user user from 141.255.162.226 port 58374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:00:19 honeypot-ams-1 sshd[15290]: Disconnected from invalid user admin 207.154.244.110 port 45302 [preauth]","@timestamp":"2022-09-13T07:00:20.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:15 honeypot-ams-1 sshd[15297]: Did not receive identification string from 45.61.184.204 port 51088","@timestamp":"2022-09-13T07:02:15.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:41 honeypot-ams-1 sshd[15300]: Disconnected from invalid user user 45.61.184.204 port 48098 [preauth]","@timestamp":"2022-09-13T07:02:42.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:00 honeypot-ams-1 sshd[15304]: Received disconnect from 45.61.184.204 port 42958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:03:00.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:17 honeypot-ams-1 sshd[15308]: Received disconnect from 45.61.184.204 port 37816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:03:17.614Z"}
{"@timestamp":"2022-09-13T07:03:52.931Z","@version":"1","message":"Sep 13 07:03:52 honeypot-sgp-1 sshd[10245]: Received disconnect from 92.255.85.70 port 25726:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:06:01.987Z","@version":"1","message":"Sep 13 07:06:01 honeypot-sgp-1 kernel: [83928872.359712] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=14771 PROTO=TCP SPT=52278 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:06:27 honeypot-fra-1 sshd[5467]: Disconnected from authenticating user root 92.255.85.69 port 28482 [preauth]","@timestamp":"2022-09-13T07:06:28.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:06:43 honeypot-ams-1 sshd[15314]: Invalid user user from 45.61.186.249 port 33486","@timestamp":"2022-09-13T07:06:43.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:03 honeypot-ams-1 sshd[15318]: Invalid user user from 45.61.186.249 port 56468","@timestamp":"2022-09-13T07:07:03.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:20 honeypot-ams-1 sshd[15322]: Invalid user user from 45.61.186.249 port 51208","@timestamp":"2022-09-13T07:07:20.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:36 honeypot-ams-1 sshd[15326]: Invalid user user from 45.61.186.249 port 45958","@timestamp":"2022-09-13T07:07:36.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:17:01 honeypot-ams-1 CRON[15331]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T07:17:01.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:17:57 honeypot-fra-1 sshd[5475]: Invalid user user from 45.61.187.160 port 55646","@timestamp":"2022-09-13T07:17:57.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:15 honeypot-fra-1 sshd[5479]: Invalid user user from 45.61.187.160 port 50716","@timestamp":"2022-09-13T07:18:15.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:24 honeypot-fra-1 sshd[5481]: Disconnected from invalid user user 45.61.187.160 port 34134 [preauth]","@timestamp":"2022-09-13T07:18:25.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:42 honeypot-fra-1 sshd[5485]: Disconnected from invalid user user 45.61.187.160 port 57434 [preauth]","@timestamp":"2022-09-13T07:18:43.323Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:23:20.419Z","@version":"1","message":"Sep 13 07:23:20 honeypot-sgp-1 sshd[10256]: Invalid user firebird from 189.45.78.175 port 14760","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:23:40 honeypot-fra-1 sshd[5490]: Connection closed by invalid user admin 111.70.17.151 port 59814 [preauth]","@timestamp":"2022-09-13T07:23:41.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:27:53 honeypot-ams-1 sshd[15338]: Received disconnect from 134.122.8.241 port 53424:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:27:53.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:29:34 honeypot-fra-1 sshd[5497]: Invalid user admin from 119.28.215.47 port 45804","@timestamp":"2022-09-13T07:29:35.573Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:29:41.576Z","@version":"1","message":"Sep 13 07:29:41 honeypot-sgp-1 sshd[10261]: Connection closed by invalid user test 179.60.147.69 port 49344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:32:41 honeypot-fra-1 kernel: [83928785.640002] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.95.52.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=33823 PROTO=TCP SPT=58693 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:32:41.646Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:36:53 honeypot-ams-1 sshd[15345]: Received disconnect from 161.132.180.117 port 2188:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:36:53.521Z"}
{"@timestamp":"2022-09-13T07:41:09.898Z","@version":"1","message":"Sep 13 07:41:09 honeypot-sgp-1 sshd[10266]: Did not receive identification string from 45.61.186.49 port 42458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:30.910Z","@version":"1","message":"Sep 13 07:41:29 honeypot-sgp-1 sshd[10269]: Disconnected from invalid user user 45.61.186.49 port 48390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:38.914Z","@version":"1","message":"Sep 13 07:41:38 honeypot-sgp-1 sshd[10273]: Disconnected from invalid user user 45.61.186.49 port 60186 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:47:42.075Z","@version":"1","message":"Sep 13 07:47:41 honeypot-sgp-1 kernel: [83931371.996510] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35092 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:52:17 honeypot-fra-1 sshd[5507]: Received disconnect from 92.255.85.69 port 56938:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:52:17.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:55:49 honeypot-ams-1 sshd[15351]: Disconnected from authenticating user root 92.255.85.70 port 21586 [preauth]","@timestamp":"2022-09-13T07:55:50.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:01:25 honeypot-fra-1 kernel: [83930509.382763] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=117.199.123.168 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=25405 DF PROTO=TCP SPT=45043 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:01:25.343Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:02:34 honeypot-ams-1 sshd[15356]: Received disconnect from 207.180.211.196 port 35094:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:02:35.189Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:04:42 honeypot-ams-1 kernel: [83932866.084736] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.97.135.204 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=10466 PROTO=TCP SPT=35862 DPT=443 WINDOW=62054 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:04:42.245Z"}
{"@timestamp":"2022-09-13T08:06:22.578Z","@version":"1","message":"Sep 13 08:06:21 honeypot-sgp-1 sshd[10282]: Invalid user user from 179.60.147.69 port 60070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:07:29 honeypot-fra-1 kernel: [83930874.246930] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56630 PROTO=TCP SPT=39909 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:07:30.484Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:51 honeypot-ams-1 sshd[15366]: Invalid user ubnt from 83.228.83.95 port 10564","@timestamp":"2022-09-13T08:07:52.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:52 honeypot-ams-1 sshd[15370]: Disconnected from authenticating user root 83.228.83.95 port 10078 [preauth]","@timestamp":"2022-09-13T08:07:53.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:53 honeypot-ams-1 sshd[15376]: Disconnected from authenticating user root 83.228.83.95 port 10344 [preauth]","@timestamp":"2022-09-13T08:07:54.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:54 honeypot-ams-1 sshd[15382]: Disconnected from authenticating user root 83.228.83.95 port 10716 [preauth]","@timestamp":"2022-09-13T08:07:55.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:56 honeypot-ams-1 sshd[15388]: Disconnected from authenticating user root 83.228.83.95 port 10806 [preauth]","@timestamp":"2022-09-13T08:07:56.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:57 honeypot-ams-1 sshd[15394]: Disconnected from authenticating user root 83.228.83.95 port 10390 [preauth]","@timestamp":"2022-09-13T08:07:57.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:58 honeypot-ams-1 sshd[15400]: Disconnected from authenticating user root 83.228.83.95 port 10258 [preauth]","@timestamp":"2022-09-13T08:07:59.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:59 honeypot-ams-1 sshd[15406]: Disconnected from authenticating user root 83.228.83.95 port 10946 [preauth]","@timestamp":"2022-09-13T08:08:00.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:00 honeypot-ams-1 sshd[15412]: Disconnected from authenticating user root 83.228.83.95 port 10274 [preauth]","@timestamp":"2022-09-13T08:08:01.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:01 honeypot-ams-1 sshd[15418]: Disconnected from authenticating user root 83.228.83.95 port 10840 [preauth]","@timestamp":"2022-09-13T08:08:02.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:03 honeypot-ams-1 sshd[15424]: Disconnected from authenticating user root 83.228.83.95 port 10822 [preauth]","@timestamp":"2022-09-13T08:08:03.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:04 honeypot-ams-1 sshd[15430]: Disconnected from authenticating user root 83.228.83.95 port 10056 [preauth]","@timestamp":"2022-09-13T08:08:04.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:05 honeypot-ams-1 sshd[15436]: Invalid user admin from 83.228.83.95 port 10856","@timestamp":"2022-09-13T08:08:05.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:05 honeypot-ams-1 sshd[15440]: Invalid user admin from 83.228.83.95 port 10614","@timestamp":"2022-09-13T08:08:06.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:06 honeypot-ams-1 sshd[15444]: Invalid user admin from 83.228.83.95 port 10960","@timestamp":"2022-09-13T08:08:07.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15448]: Invalid user admin from 83.228.83.95 port 10892","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:08 honeypot-ams-1 sshd[15452]: Invalid user admin from 83.228.83.95 port 10432","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:09 honeypot-ams-1 sshd[15456]: Received disconnect from 83.228.83.95 port 10084:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:09.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:09 honeypot-ams-1 sshd[15460]: Disconnected from invalid user pi 83.228.83.95 port 10412 [preauth]","@timestamp":"2022-09-13T08:08:10.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15464]: Disconnected from invalid user user 83.228.83.95 port 11020 [preauth]","@timestamp":"2022-09-13T08:08:11.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:11 honeypot-ams-1 sshd[15468]: Disconnected from invalid user mine 83.228.83.95 port 10920 [preauth]","@timestamp":"2022-09-13T08:08:12.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15472]: Disconnected from invalid user xbmc 83.228.83.95 port 10464 [preauth]","@timestamp":"2022-09-13T08:08:12.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15476]: Disconnected from invalid user oracle 83.228.83.95 port 10068 [preauth]","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:13 honeypot-ams-1 sshd[15480]: Disconnected from invalid user postgres 83.228.83.95 port 11012 [preauth]","@timestamp":"2022-09-13T08:08:14.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:14 honeypot-ams-1 sshd[15484]: Disconnected from invalid user support 83.228.83.95 port 10084 [preauth]","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15488]: Disconnected from invalid user ubuntu 83.228.83.95 port 10724 [preauth]","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15492]: Disconnected from invalid user ubuntu 83.228.83.95 port 10810 [preauth]","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:16 honeypot-ams-1 sshd[15496]: Disconnected from invalid user guest 83.228.83.95 port 10220 [preauth]","@timestamp":"2022-09-13T08:08:17.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15500]: Disconnected from invalid user cirros 83.228.83.95 port 10166 [preauth]","@timestamp":"2022-09-13T08:08:18.350Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:10:23 honeypot-ams-1 sshd[15506]: Invalid user bu from 107.175.33.240 port 48914","@timestamp":"2022-09-13T08:10:24.408Z"}
{"@timestamp":"2022-09-13T08:11:43.716Z","@version":"1","message":"Sep 13 08:11:43 honeypot-sgp-1 kernel: [83932813.508858] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.182.103.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13170 PROTO=TCP SPT=55764 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:14:23 honeypot-ams-1 sshd[15510]: Connection closed by invalid user pi 82.66.77.8 port 49024 [preauth]","@timestamp":"2022-09-13T08:14:24.510Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:15:41 honeypot-ams-1 sshd[15517]: Disconnected from authenticating user root 120.48.37.84 port 50196 [preauth]","@timestamp":"2022-09-13T08:15:41.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:10 honeypot-fra-1 sshd[5544]: Did not receive identification string from 45.61.186.169 port 33192","@timestamp":"2022-09-13T08:16:10.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:38 honeypot-fra-1 sshd[5547]: Disconnected from invalid user user 45.61.186.169 port 38548 [preauth]","@timestamp":"2022-09-13T08:16:38.699Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:54 honeypot-fra-1 sshd[5551]: Disconnected from invalid user user 45.61.186.169 port 33504 [preauth]","@timestamp":"2022-09-13T08:16:55.707Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:17:01.854Z","@version":"1","message":"Sep 13 08:17:01 honeypot-sgp-1 CRON[10292]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:11 honeypot-fra-1 sshd[5559]: Invalid user user from 45.61.186.169 port 56698","@timestamp":"2022-09-13T08:17:11.715Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:30 honeypot-fra-1 kernel: [83931474.237901] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44242 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:17:30.725Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:21:38 honeypot-fra-1 sshd[5567]: Invalid user cyr from 167.99.236.74 port 37080","@timestamp":"2022-09-13T08:21:38.824Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:24:49 honeypot-ams-1 kernel: [83934073.431908] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=24754 PROTO=TCP SPT=26614 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:24:49.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:25:12 honeypot-fra-1 sshd[5572]: Received disconnect from 122.179.17.65 port 57648:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:25:12.907Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:30:36.224Z","@version":"1","message":"Sep 13 08:30:35 honeypot-sgp-1 kernel: [83933946.237739] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=37340 PROTO=TCP SPT=57802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:37:52 honeypot-fra-1 sshd[5578]: Disconnected from authenticating user root 217.182.253.249 port 50274 [preauth]","@timestamp":"2022-09-13T08:37:53.214Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:39:00.441Z","@version":"1","message":"Sep 13 08:38:59 honeypot-sgp-1 sshd[10325]: Connection closed by invalid user admin 121.151.75.159 port 56908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:39:27 honeypot-ams-1 sshd[15549]: Disconnected from authenticating user root 221.150.94.24 port 41180 [preauth]","@timestamp":"2022-09-13T08:39:28.156Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:13 honeypot-fra-1 sshd[5585]: Invalid user test from 179.60.147.69 port 14988","@timestamp":"2022-09-13T08:44:13.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:33 honeypot-fra-1 sshd[5591]: Invalid user ubuntu from 182.253.81.212 port 33686","@timestamp":"2022-09-13T08:44:33.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:45:13.603Z","@version":"1","message":"Sep 13 08:45:12 honeypot-sgp-1 sshd[10330]: Received disconnect from 86.102.122.148 port 41782:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:46:33 honeypot-fra-1 sshd[5596]: Invalid user kotak from 165.22.45.108 port 54130","@timestamp":"2022-09-13T08:46:33.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:47:10.657Z","@version":"1","message":"Sep 13 08:47:10 honeypot-sgp-1 sshd[10335]: Received disconnect from 45.115.99.42 port 57706:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T08:47:32.667Z","@version":"1","message":"Sep 13 08:47:32 honeypot-sgp-1 sshd[10337]: Received disconnect from 103.147.4.202 port 44702:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:48:48 honeypot-ams-1 sshd[15557]: Did not receive identification string from 198.98.61.9 port 54402","@timestamp":"2022-09-13T08:48:49.400Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:48:49 honeypot-fra-1 sshd[5599]: Disconnected from invalid user user 45.61.187.160 port 53244 [preauth]","@timestamp":"2022-09-13T08:48:50.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:06 honeypot-fra-1 sshd[5603]: Disconnected from invalid user user 45.61.187.160 port 47834 [preauth]","@timestamp":"2022-09-13T08:49:07.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:22 honeypot-fra-1 sshd[5608]: Disconnected from invalid user user 45.61.187.160 port 42420 [preauth]","@timestamp":"2022-09-13T08:49:23.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:38 honeypot-fra-1 sshd[5612]: Disconnected from invalid user user 45.61.187.160 port 37022 [preauth]","@timestamp":"2022-09-13T08:49:39.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:49:56 honeypot-ams-1 sshd[15558]: Received disconnect from 198.98.61.9 port 56778:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:49:57.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:22 honeypot-ams-1 sshd[15564]: Received disconnect from 198.98.61.9 port 35148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:50:23.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:45 honeypot-ams-1 sshd[15568]: Received disconnect from 198.98.61.9 port 58366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:50:45.457Z"}
{"@timestamp":"2022-09-13T08:50:48.753Z","@version":"1","message":"Sep 13 08:50:47 honeypot-sgp-1 sshd[10345]: Invalid user yjv from 103.41.65.10 port 33298","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:55:48 honeypot-ams-1 sshd[15573]: Received disconnect from 82.6.16.46 port 48250:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:55:48.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:59:05 honeypot-ams-1 sshd[15577]: Received disconnect from 185.13.235.204 port 58574:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:59:06.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:21 honeypot-ams-1 sshd[15582]: Invalid user user from 141.255.162.226 port 37350","@timestamp":"2022-09-13T09:00:21.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:23 honeypot-ams-1 sshd[15586]: Invalid user user from 141.255.162.226 port 43962","@timestamp":"2022-09-13T09:00:23.710Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:00:39 honeypot-fra-1 sshd[5618]: Invalid user mcr from 198.12.114.231 port 36956","@timestamp":"2022-09-13T09:00:40.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:00:40 honeypot-ams-1 kernel: [83936224.941070] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.32.15.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=60756 PROTO=TCP SPT=64420 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:00:41.719Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:02:58 honeypot-fra-1 sshd[5623]: Received disconnect from 68.183.87.50 port 54704:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:02:59.815Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:06:45.156Z","@version":"1","message":"Sep 13 09:06:44 honeypot-sgp-1 kernel: [83936115.098900] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=53020 PROTO=TCP SPT=59603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:07:26 honeypot-fra-1 sshd[5632]: Connection closed by 82.157.251.34 port 55372 [preauth]","@timestamp":"2022-09-13T09:07:26.919Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:07:30 honeypot-ams-1 sshd[15596]: Did not receive identification string from 58.72.18.130 port 10687","@timestamp":"2022-09-13T09:07:30.895Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:13:27 honeypot-fra-1 sshd[5645]: Invalid user admin from 148.153.82.133 port 57516","@timestamp":"2022-09-13T09:13:28.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:17:01 honeypot-ams-1 CRON[15602]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T09:17:02.155Z"}
{"@timestamp":"2022-09-13T09:19:55.485Z","@version":"1","message":"Sep 13 09:19:55 honeypot-sgp-1 sshd[10355]: Connection closed by invalid user config 179.60.147.69 port 28812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:02 honeypot-fra-1 sshd[5653]: Invalid user config from 179.60.147.69 port 33376","@timestamp":"2022-09-13T09:21:03.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5658]: Invalid user deploy from 92.205.165.95 port 40782","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5657]: Invalid user jenkins from 92.205.165.95 port 40786","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5678]: Invalid user ubuntu from 92.205.165.95 port 40844","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5667]: Connection closed by authenticating user root 92.205.165.95 port 40804 [preauth]","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5658]: Connection closed by invalid user deploy 92.205.165.95 port 40782 [preauth]","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5660]: Connection closed by invalid user oracle 92.205.165.95 port 40796 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5665]: Connection closed by invalid user oracle 92.205.165.95 port 40790 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5685]: Invalid user teamspeak from 92.205.165.95 port 40854","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5685]: Connection closed by invalid user teamspeak 92.205.165.95 port 40854 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:21:52 honeypot-ams-1 kernel: [83937496.055830] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=69.164.209.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=28568 PROTO=TCP SPT=44939 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:21:52.287Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:23:37 honeypot-fra-1 kernel: [83935441.562480] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=41858 PROTO=TCP SPT=47004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:23:38.288Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:26:20 honeypot-fra-1 sshd[5723]: Invalid user ubnt from 117.221.23.67 port 49470","@timestamp":"2022-09-13T09:26:20.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:26:21.649Z","@version":"1","message":"Sep 13 09:26:21 honeypot-sgp-1 sshd[10362]: Did not receive identification string from 80.87.206.236 port 40170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:28:14 honeypot-fra-1 sshd[5727]: Disconnected from authenticating user root 20.198.109.140 port 38434 [preauth]","@timestamp":"2022-09-13T09:28:15.399Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:28:40 honeypot-ams-1 sshd[15613]: Invalid user pgsql from 85.29.135.21 port 60516","@timestamp":"2022-09-13T09:28:41.469Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:31:42 honeypot-ams-1 sshd[15617]: Invalid user ol from 24.194.231.208 port 51534","@timestamp":"2022-09-13T09:31:42.551Z"}
{"@timestamp":"2022-09-13T09:32:46.807Z","@version":"1","message":"Sep 13 09:32:46 honeypot-sgp-1 sshd[10368]: Received disconnect from 167.172.159.73 port 58918:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:25 honeypot-fra-1 sshd[5733]: Invalid user admin from 178.61.160.28 port 38152","@timestamp":"2022-09-13T09:46:25.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5738]: Invalid user user from 141.255.162.226 port 57990","@timestamp":"2022-09-13T09:46:41.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:42 honeypot-fra-1 sshd[5742]: Invalid user user from 141.255.162.226 port 42884","@timestamp":"2022-09-13T09:46:42.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:46 honeypot-fra-1 sshd[5746]: Invalid user user from 141.255.162.226 port 56006","@timestamp":"2022-09-13T09:46:46.818Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:47:17.162Z","@version":"1","message":"Sep 13 09:47:16 honeypot-sgp-1 sshd[10374]: Received disconnect from 60.50.99.134 port 60404:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:47:42 honeypot-ams-1 kernel: [83939046.837015] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=4031 PROTO=TCP SPT=17901 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:47:42.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:47:56 honeypot-fra-1 kernel: [83936900.119359] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.183 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=23887 PROTO=TCP SPT=56524 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:47:56.846Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:28 honeypot-fra-1 sshd[5753]: Invalid user user from 45.61.186.169 port 41360","@timestamp":"2022-09-13T09:49:28.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:43 honeypot-fra-1 sshd[5757]: Invalid user cube from 141.98.10.158 port 45286","@timestamp":"2022-09-13T09:49:43.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:52 honeypot-fra-1 sshd[5761]: Received disconnect from 45.61.186.169 port 47500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:49:52.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:50:07 honeypot-fra-1 sshd[5765]: Received disconnect from 45.61.186.169 port 42176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:50:08.906Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:56:28.387Z","@version":"1","message":"Sep 13 09:56:27 honeypot-sgp-1 sshd[10380]: Connection closed by invalid user support 179.60.147.69 port 26880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:56:42 honeypot-ams-1 sshd[15625]: Did not receive identification string from 198.98.61.9 port 52732","@timestamp":"2022-09-13T09:56:43.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:01 honeypot-ams-1 sshd[15628]: Disconnected from invalid user user 198.98.61.9 port 48246 [preauth]","@timestamp":"2022-09-13T09:57:02.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:28 honeypot-ams-1 sshd[15632]: Disconnected from invalid user user 198.98.61.9 port 43324 [preauth]","@timestamp":"2022-09-13T09:57:29.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:57:36 honeypot-fra-1 sshd[5770]: Connection closed by invalid user support 179.60.147.69 port 27122 [preauth]","@timestamp":"2022-09-13T09:57:37.074Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:57 honeypot-ams-1 sshd[15636]: Disconnected from invalid user user 198.98.61.9 port 38402 [preauth]","@timestamp":"2022-09-13T09:57:57.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:04:11 honeypot-ams-1 sshd[15643]: Bad protocol version identification '\\003' from 80.66.76.138 port 64371","@timestamp":"2022-09-13T10:04:11.416Z"}
{"@timestamp":"2022-09-13T10:04:32.581Z","@version":"1","message":"Sep 13 10:04:31 honeypot-sgp-1 sshd[10385]: Disconnected from authenticating user root 139.59.140.207 port 50710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:08:47.686Z","@version":"1","message":"Sep 13 10:08:47 honeypot-sgp-1 sshd[10393]: Did not receive identification string from 45.61.184.204 port 50650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:00.693Z","@version":"1","message":"Sep 13 10:09:00 honeypot-sgp-1 sshd[10396]: Disconnected from invalid user user 45.61.184.204 port 41766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:19.704Z","@version":"1","message":"Sep 13 10:09:19 honeypot-sgp-1 sshd[10400]: Disconnected from invalid user user 45.61.184.204 port 36362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:36.713Z","@version":"1","message":"Sep 13 10:09:36 honeypot-sgp-1 sshd[10404]: Disconnected from invalid user user 45.61.184.204 port 59204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:54.722Z","@version":"1","message":"Sep 13 10:09:53 honeypot-sgp-1 sshd[10408]: Disconnected from invalid user user 45.61.184.204 port 53806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:10:04 honeypot-fra-1 sshd[5777]: Did not receive identification string from 117.86.103.243 port 47480","@timestamp":"2022-09-13T10:10:04.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:10:06 honeypot-fra-1 sshd[5781]: Invalid user devops from 117.86.103.243 port 48220","@timestamp":"2022-09-13T10:10:06.358Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:13:51 honeypot-ams-1 kernel: [83940615.845717] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=40824 PROTO=TCP SPT=38265 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:13:52.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:17:01 honeypot-fra-1 CRON[5791]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T10:17:01.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:17:01.897Z","@version":"1","message":"Sep 13 10:17:01 honeypot-sgp-1 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:17:01 honeypot-ams-1 CRON[15652]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T10:17:02.753Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:22:06 honeypot-fra-1 sshd[5799]: Invalid user  from 65.49.20.69 port 7654","@timestamp":"2022-09-13T10:22:06.633Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:22:36.036Z","@version":"1","message":"Sep 13 10:22:35 honeypot-sgp-1 kernel: [83940666.009670] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.43 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45240 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:23:17 honeypot-ams-1 kernel: [83941181.883591] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60982 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:23:18.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:24:12 honeypot-fra-1 sshd[5805]: Connection closed by authenticating user root 103.188.176.251 port 35720 [preauth]","@timestamp":"2022-09-13T10:24:13.683Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:33:01.292Z","@version":"1","message":"Sep 13 10:33:00 honeypot-sgp-1 sshd[10439]: Connection closed by invalid user support 179.60.147.69 port 26098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:35:42 honeypot-ams-1 sshd[15663]: Invalid user sa from 195.222.163.54 port 44922","@timestamp":"2022-09-13T10:35:43.243Z"}
{"@timestamp":"2022-09-13T10:36:15.374Z","@version":"1","message":"Sep 13 10:36:14 honeypot-sgp-1 sshd[10445]: Received disconnect from 181.49.50.202 port 32908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:36:17 honeypot-fra-1 sshd[6253]: Received disconnect from 92.255.85.70 port 45528:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:36:17.956Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:23 honeypot-ams-1 sshd[15667]: Received disconnect from 112.166.144.105 port 35660:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:36:24.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:48 honeypot-ams-1 sshd[15671]: Received disconnect from 222.128.10.105 port 44361:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:36:48.275Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:37:19 honeypot-ams-1 sshd[15675]: Disconnected from authenticating user root 147.182.179.237 port 45662 [preauth]","@timestamp":"2022-09-13T10:37:19.292Z"}
{"@timestamp":"2022-09-13T10:38:11.423Z","@version":"1","message":"Sep 13 10:38:11 honeypot-sgp-1 sshd[10449]: Disconnected from authenticating user root 139.198.120.226 port 42160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:39:32 honeypot-ams-1 sshd[15682]: Received disconnect from 189.213.210.132 port 35079:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:39:33.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:48:07 honeypot-fra-1 sshd[6258]: Received disconnect from 165.22.45.108 port 40924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T10:48:07.221Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:50:59.760Z","@version":"1","message":"Sep 13 10:50:59 honeypot-sgp-1 kernel: [83942369.570450] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=41966 PROTO=TCP SPT=45730 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:48 honeypot-fra-1 sshd[6263]: Did not receive identification string from 137.184.227.149 port 55026","@timestamp":"2022-09-13T10:55:49.396Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6287]: Invalid user mysql from 137.184.227.149 port 55130","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6279]: Invalid user guest from 137.184.227.149 port 55092","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6298]: Invalid user hadoop from 137.184.227.149 port 55134","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6264]: Connection closed by authenticating user root 137.184.227.149 port 55060 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6279]: Connection closed by invalid user guest 137.184.227.149 port 55092 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6276]: Connection closed by invalid user centos 137.184.227.149 port 55132 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6278]: Connection closed by invalid user ubuntu 137.184.227.149 port 55086 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:57:58 honeypot-fra-1 sshd[6317]: Disconnected from invalid user appuser 43.154.50.12 port 59932 [preauth]","@timestamp":"2022-09-13T10:57:59.448Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:00:37.000Z","@version":"1","message":"Sep 13 11:00:36 honeypot-sgp-1 kernel: [83942946.806139] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.110.249 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9530 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:01:05 honeypot-ams-1 kernel: [83943449.038892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.46.249 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=48686 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:01:05.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:06:51 honeypot-fra-1 sshd[6322]: Connection closed by invalid user admin 201.251.127.123 port 51952 [preauth]","@timestamp":"2022-09-13T11:06:51.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:08:48 honeypot-ams-1 sshd[15691]: Connection reset by invalid user bzrx1098ui 92.255.85.113 port 6040 [preauth]","@timestamp":"2022-09-13T11:08:49.108Z"}
{"@timestamp":"2022-09-13T11:11:49.280Z","@version":"1","message":"Sep 13 11:11:48 honeypot-sgp-1 kernel: [83943619.033149] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=58260 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:16:43.403Z","@version":"1","message":"Sep 13 11:16:42 honeypot-sgp-1 sshd[10908]: Received disconnect from 138.68.91.192 port 38716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:17:01 honeypot-fra-1 CRON[6328]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T11:17:01.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:17:11 honeypot-ams-1 kernel: [83944415.665150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.92.32.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=23166 PROTO=TCP SPT=47831 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:17:12.325Z"}
{"@timestamp":"2022-09-13T11:17:26.425Z","@version":"1","message":"Sep 13 11:17:26 honeypot-sgp-1 sshd[10915]: Invalid user ilario from 20.94.74.40 port 37984","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:47 honeypot-fra-1 sshd[6344]: Invalid user docker from 36.99.192.209 port 60748","@timestamp":"2022-09-13T11:18:47.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:52 honeypot-fra-1 sshd[6352]: Connection closed by invalid user ansible 36.99.192.209 port 60754 [preauth]","@timestamp":"2022-09-13T11:18:52.943Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:19:05.468Z","@version":"1","message":"Sep 13 11:19:04 honeypot-sgp-1 sshd[10919]: Disconnected from invalid user user 45.61.184.204 port 44716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:16.473Z","@version":"1","message":"Sep 13 11:19:16 honeypot-sgp-1 sshd[10923]: Disconnected from authenticating user root 92.255.85.69 port 55854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:32.482Z","@version":"1","message":"Sep 13 11:19:32 honeypot-sgp-1 sshd[10929]: Received disconnect from 45.61.184.204 port 51460:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:42.487Z","@version":"1","message":"Sep 13 11:19:41 honeypot-sgp-1 sshd[10933]: Disconnected from invalid user user 45.61.184.204 port 34886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:20:00.496Z","@version":"1","message":"Sep 13 11:20:00 honeypot-sgp-1 sshd[10937]: Disconnected from invalid user user 45.61.184.204 port 58258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:22:03 honeypot-fra-1 kernel: [83942547.346483] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.12.127.234 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60499 PROTO=TCP SPT=53809 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:22:04.017Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:25:01 honeypot-ams-1 sshd[15702]: Received disconnect from 92.255.85.70 port 48300:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:25:02.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:07 honeypot-ams-1 sshd[15707]: Invalid user user from 45.61.186.169 port 36686","@timestamp":"2022-09-13T11:26:07.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:16 honeypot-ams-1 sshd[15709]: Disconnected from invalid user user 45.61.186.169 port 48408 [preauth]","@timestamp":"2022-09-13T11:26:16.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:33 honeypot-ams-1 sshd[15713]: Disconnected from invalid user user 45.61.186.169 port 43518 [preauth]","@timestamp":"2022-09-13T11:26:33.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:49 honeypot-ams-1 sshd[15717]: Disconnected from invalid user user 45.61.186.169 port 38652 [preauth]","@timestamp":"2022-09-13T11:26:49.590Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:28:23 honeypot-fra-1 sshd[6366]: Disconnected from invalid user kregc 165.22.45.108 port 45818 [preauth]","@timestamp":"2022-09-13T11:28:24.157Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:29:14 honeypot-ams-1 sshd[15721]: Bad protocol version identification '\\003' from 92.255.85.183 port 60243","@timestamp":"2022-09-13T11:29:15.654Z"}
{"@timestamp":"2022-09-13T11:31:47.784Z","@version":"1","message":"Sep 13 11:31:47 honeypot-sgp-1 sshd[10941]: Invalid user user from 45.61.187.160 port 38774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:07.795Z","@version":"1","message":"Sep 13 11:32:07 honeypot-sgp-1 sshd[10945]: Invalid user user from 45.61.187.160 port 33688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:26.804Z","@version":"1","message":"Sep 13 11:32:26 honeypot-sgp-1 sshd[10949]: Invalid user user from 45.61.187.160 port 56840","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:46.814Z","@version":"1","message":"Sep 13 11:32:46 honeypot-sgp-1 sshd[10954]: Invalid user user from 45.61.187.160 port 51764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:34:19 honeypot-ams-1 kernel: [83945443.389274] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.252 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=31522 DF PROTO=TCP SPT=20046 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:34:19.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:22 honeypot-fra-1 sshd[6370]: Disconnected from invalid user user 45.61.184.204 port 33836 [preauth]","@timestamp":"2022-09-13T11:35:23.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:40 honeypot-fra-1 sshd[6374]: Disconnected from invalid user user 45.61.184.204 port 56444 [preauth]","@timestamp":"2022-09-13T11:35:41.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:57 honeypot-fra-1 sshd[6378]: Disconnected from invalid user user 45.61.184.204 port 50860 [preauth]","@timestamp":"2022-09-13T11:35:58.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:36:13 honeypot-fra-1 sshd[6382]: Disconnected from invalid user user 45.61.184.204 port 45276 [preauth]","@timestamp":"2022-09-13T11:36:14.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:37:10 honeypot-ams-1 kernel: [83945614.723766] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.113 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42164 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:37:10.867Z"}
{"@timestamp":"2022-09-13T11:41:03.018Z","@version":"1","message":"Sep 13 11:41:02 honeypot-sgp-1 kernel: [83945372.273699] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=16510 DF PROTO=TCP SPT=60162 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:42:27.055Z","@version":"1","message":"Sep 13 11:42:26 honeypot-sgp-1 sshd[10957]: Disconnected from authenticating user root 92.255.85.69 port 21750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:44:15 honeypot-fra-1 kernel: [83943878.785024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=48877 DF PROTO=TCP SPT=33834 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:44:15.540Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:44:31 honeypot-ams-1 sshd[15730]: Received disconnect from 20.36.182.53 port 56566:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:44:32.063Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:47:45 honeypot-ams-1 sshd[15733]: Disconnected from authenticating user root 92.255.85.70 port 45220 [preauth]","@timestamp":"2022-09-13T11:47:46.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:48:25 honeypot-fra-1 sshd[6392]: Connection closed by invalid user admin 209.14.71.239 port 49306 [preauth]","@timestamp":"2022-09-13T11:48:25.637Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:35 honeypot-ams-1 sshd[15738]: Corrupted MAC on input. [preauth]","@timestamp":"2022-09-13T11:49:36.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:54 honeypot-ams-1 sshd[15744]: Received disconnect from 80.76.51.45 port 52962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:49:55.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:25 honeypot-ams-1 sshd[15748]: Disconnected from authenticating user root 80.76.51.45 port 47780 [preauth]","@timestamp":"2022-09-13T11:50:26.228Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:50:35 honeypot-fra-1 sshd[6399]: Unable to negotiate with 211.24.73.92 port 54494: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-13T11:50:35.690Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:55 honeypot-ams-1 sshd[15752]: Received disconnect from 80.76.51.45 port 42758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:50:56.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:51:40 honeypot-ams-1 sshd[15758]: Received disconnect from 80.76.51.45 port 49296:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:51:41.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:52:10 honeypot-ams-1 sshd[15762]: Disconnected from authenticating user root 80.76.51.45 port 44308 [preauth]","@timestamp":"2022-09-13T11:52:10.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:52:39 honeypot-ams-1 sshd[15767]: Disconnected from invalid user git 80.76.51.45 port 39164 [preauth]","@timestamp":"2022-09-13T11:52:40.300Z"}
{"@timestamp":"2022-09-13T11:55:01.382Z","@version":"1","message":"Sep 13 11:55:00 honeypot-sgp-1 kernel: [83946210.981721] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.146.248.210 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=6846 PROTO=TCP SPT=55155 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:01:31 honeypot-fra-1 sshd[6404]: Did not receive identification string from 45.61.186.249 port 52876","@timestamp":"2022-09-13T12:01:31.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:01:59 honeypot-fra-1 sshd[6407]: Disconnected from invalid user user 45.61.186.249 port 44038 [preauth]","@timestamp":"2022-09-13T12:01:59.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:16 honeypot-fra-1 sshd[6411]: Disconnected from invalid user user 45.61.186.249 port 38668 [preauth]","@timestamp":"2022-09-13T12:02:16.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:34 honeypot-fra-1 sshd[6415]: Disconnected from invalid user user 45.61.186.249 port 33272 [preauth]","@timestamp":"2022-09-13T12:02:34.965Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:05:01.625Z","@version":"1","message":"Sep 13 12:05:01 honeypot-sgp-1 sshd[10970]: Received disconnect from 45.61.186.49 port 41230:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:05:11.631Z","@version":"1","message":"Sep 13 12:05:10 honeypot-sgp-1 sshd[10974]: Received disconnect from 45.61.186.49 port 52860:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:08:33 honeypot-fra-1 sshd[6422]: Invalid user kremzer from 165.22.45.108 port 50720","@timestamp":"2022-09-13T12:08:34.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:08:53 honeypot-fra-1 sshd[6427]: Connection closed by invalid user admin 85.132.106.113 port 40928 [preauth]","@timestamp":"2022-09-13T12:08:54.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:10:55 honeypot-ams-1 sshd[15775]: Invalid user admin from 220.90.156.4 port 57574","@timestamp":"2022-09-13T12:10:56.765Z"}
{"@timestamp":"2022-09-13T12:15:38.886Z","@version":"1","message":"Sep 13 12:15:38 honeypot-sgp-1 kernel: [83947448.829096] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.92.32.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=1223 PROTO=TCP SPT=51337 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:17:01 honeypot-ams-1 CRON[15781]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T12:17:01.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:17:56 honeypot-ams-1 sshd[15786]: Disconnected from invalid user zhui 112.65.128.90 port 38760 [preauth]","@timestamp":"2022-09-13T12:17:56.950Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:17:57 honeypot-fra-1 sshd[6434]: Disconnected from 134.122.30.242 port 52170 [preauth]","@timestamp":"2022-09-13T12:17:58.321Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:21:15 honeypot-ams-1 kernel: [83948258.933029] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.42.230.189 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=62990 PROTO=TCP SPT=38104 DPT=443 WINDOW=48373 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:21:16.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:28:14 honeypot-ams-1 sshd[15796]: Disconnected from 161.35.131.133 port 38964 [preauth]","@timestamp":"2022-09-13T12:28:15.217Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:29:03 honeypot-fra-1 kernel: [83946567.170381] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.216 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=38302 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:29:03.573Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T12:29:21.228Z","@version":"1","message":"Sep 13 12:29:21 honeypot-sgp-1 sshd[10987]: Disconnected from authenticating user root 92.255.85.69 port 21124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:34:53 honeypot-ams-1 sshd[15799]: Received disconnect from 92.255.85.69 port 39648:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:34:53.392Z"}
{"@timestamp":"2022-09-13T12:35:18.381Z","@version":"1","message":"Sep 13 12:35:17 honeypot-sgp-1 kernel: [83948627.716970] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=40044 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:36:25 honeypot-fra-1 kernel: [83947008.855399] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=25198 PROTO=TCP SPT=51860 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:36:25.741Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:43:23 honeypot-ams-1 sshd[15802]: Disconnected from invalid user bnn 161.230.125.183 port 40612 [preauth]","@timestamp":"2022-09-13T12:43:23.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:45:30 honeypot-fra-1 sshd[6457]: Connection closed by invalid user test 193.106.191.157 port 58694 [preauth]","@timestamp":"2022-09-13T12:45:30.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6474]: Invalid user elastic from 94.156.175.57 port 60750","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6468]: Invalid user oracle from 94.156.175.57 port 60733","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6464]: Invalid user ansible from 94.156.175.57 port 60693","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6472]: Connection closed by invalid user esuser 94.156.175.57 port 60747 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6465]: Connection closed by invalid user jenkins 94.156.175.57 port 60689 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6462]: Connection closed by invalid user postgres 94.156.175.57 port 60688 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6484]: Invalid user elasticsearch from 94.156.175.57 port 60773","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6481]: Connection closed by invalid user oracle 94.156.175.57 port 60767 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6493]: Connection closed by invalid user elastic 94.156.175.57 port 60798 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:47:03 honeypot-fra-1 kernel: [83947646.855470] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.137 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=56550 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:47:03.989Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:50:14 honeypot-fra-1 sshd[6521]: Invalid user ftpuser from 195.242.235.46 port 55324","@timestamp":"2022-09-13T12:50:15.064Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:52:49.813Z","@version":"1","message":"Sep 13 12:52:49 honeypot-sgp-1 sshd[10998]: Received disconnect from 92.255.85.69 port 54826:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:53:00 honeypot-ams-1 sshd[15807]: Invalid user user1 from 103.188.176.251 port 60660","@timestamp":"2022-09-13T12:53:00.858Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:57:03 honeypot-fra-1 sshd[6529]: Invalid user user1 from 103.188.176.251 port 36108","@timestamp":"2022-09-13T12:57:04.217Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:57:52 honeypot-ams-1 sshd[15816]: Received disconnect from 92.255.85.70 port 50264:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:57:52.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:00:29 honeypot-fra-1 sshd[6533]: Invalid user admin from 179.60.147.69 port 48564","@timestamp":"2022-09-13T13:00:30.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:02:04 honeypot-fra-1 sshd[6538]: Invalid user deploy from 221.157.75.252 port 50532","@timestamp":"2022-09-13T13:02:05.336Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:02:40.056Z","@version":"1","message":"Sep 13 13:02:39 honeypot-sgp-1 kernel: [83950269.353807] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.191 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59894 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:03:42 honeypot-ams-1 kernel: [83950806.095588] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=180.149.126.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=33188 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:03:43.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:04:15 honeypot-fra-1 sshd[6542]: Invalid user install from 159.65.240.232 port 57116","@timestamp":"2022-09-13T13:04:16.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:05:18 honeypot-fra-1 sshd[6546]: Disconnected from authenticating user root 179.43.156.143 port 37934 [preauth]","@timestamp":"2022-09-13T13:05:19.413Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:07:16 honeypot-fra-1 sshd[6553]: Disconnected from authenticating user root 179.43.156.143 port 52538 [preauth]","@timestamp":"2022-09-13T13:07:16.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:08:31 honeypot-fra-1 sshd[6559]: Received disconnect from 179.43.156.143 port 43414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:08:31.488Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:09:46 honeypot-fra-1 sshd[6564]: Invalid user nfsnobod from 179.43.156.143 port 34326","@timestamp":"2022-09-13T13:09:47.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:10:09 honeypot-ams-1 sshd[15832]: Invalid user monitor from 148.66.129.194 port 49284","@timestamp":"2022-09-13T13:10:10.308Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:17 honeypot-fra-1 sshd[6566]: Disconnected from invalid user user 45.61.186.169 port 54516 [preauth]","@timestamp":"2022-09-13T13:10:18.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:36 honeypot-fra-1 sshd[6572]: Invalid user user from 45.61.186.169 port 49886","@timestamp":"2022-09-13T13:10:37.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:54 honeypot-fra-1 sshd[6576]: Invalid user user from 45.61.186.169 port 45282","@timestamp":"2022-09-13T13:10:55.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:04 honeypot-fra-1 sshd[6580]: Received disconnect from 179.43.156.143 port 53522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:11:04.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:42 honeypot-fra-1 sshd[6586]: Received disconnect from 179.43.156.143 port 48972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:11:42.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:13:35 honeypot-fra-1 sshd[6593]: Received disconnect from 179.43.156.143 port 35340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:13:36.609Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:16:25.412Z","@version":"1","message":"Sep 13 13:16:25 honeypot-sgp-1 kernel: [83951095.354054] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58017 PROTO=TCP SPT=54972 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:17:01 honeypot-ams-1 CRON[15838]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T13:17:02.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:17:42 honeypot-fra-1 kernel: [83949486.510058] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.144.135.17 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39157 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:17:43.707Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:17:56 honeypot-ams-1 sshd[15844]: Received disconnect from 24.188.213.50 port 59132:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:17:56.508Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:19:04 honeypot-ams-1 sshd[15849]: Invalid user postgres from 165.22.1.73 port 48920","@timestamp":"2022-09-13T13:19:04.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:20:04 honeypot-ams-1 sshd[15851]: Received disconnect from 37.24.207.203 port 44548:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:20:04.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:21:21 honeypot-ams-1 sshd[15856]: Disconnected from authenticating user root 92.255.85.69 port 15386 [preauth]","@timestamp":"2022-09-13T13:21:22.608Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:28:03 honeypot-fra-1 sshd[6602]: Connection closed by invalid user admin 220.74.55.232 port 58859 [preauth]","@timestamp":"2022-09-13T13:28:04.942Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:29:58 honeypot-fra-1 sshd[6607]: Received disconnect from 45.61.186.169 port 39690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:29:58.987Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:17 honeypot-fra-1 sshd[6611]: Received disconnect from 45.61.186.169 port 34678:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:30:17.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:34 honeypot-fra-1 sshd[6615]: Received disconnect from 45.61.186.169 port 57920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:30:35.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:50 honeypot-fra-1 sshd[6619]: Received disconnect from 45.61.186.169 port 52908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:30:51.009Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:32:33 honeypot-fra-1 sshd[6624]: Connection closed by invalid user test 193.106.191.157 port 33158 [preauth]","@timestamp":"2022-09-13T13:32:34.136Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:33:00.811Z","@version":"1","message":"Sep 13 13:33:00 honeypot-sgp-1 kernel: [83952090.414404] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=43518 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:36:30 honeypot-ams-1 kernel: [83952774.572665] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.97.191 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60558 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:36:31.002Z"}
{"@timestamp":"2022-09-13T13:40:19.991Z","@version":"1","message":"Sep 13 13:40:19 honeypot-sgp-1 sshd[11018]: Received disconnect from 79.225.76.143 port 37348:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:40:58.010Z","@version":"1","message":"Sep 13 13:40:57 honeypot-sgp-1 sshd[11024]: Received disconnect from 45.141.151.196 port 41060:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:42:03 honeypot-fra-1 sshd[6635]: Disconnected from authenticating user root 92.255.85.69 port 43310 [preauth]","@timestamp":"2022-09-13T13:42:03.350Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:43:15.070Z","@version":"1","message":"Sep 13 13:43:14 honeypot-sgp-1 sshd[11028]: Invalid user oracle from 68.183.78.141 port 40686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:44:13 honeypot-fra-1 sshd[6640]: Received disconnect from 134.209.102.211 port 42716:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:44:14.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:45:47 honeypot-ams-1 sshd[15870]: Disconnected from authenticating user root 92.255.85.69 port 36174 [preauth]","@timestamp":"2022-09-13T13:45:48.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:47:02 honeypot-fra-1 sshd[6642]: Disconnected from invalid user alpine 177.33.46.250 port 57570 [preauth]","@timestamp":"2022-09-13T13:47:02.466Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:54:20.342Z","@version":"1","message":"Sep 13 13:54:20 honeypot-sgp-1 sshd[11034]: Received disconnect from 103.90.220.156 port 43292:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:55.384Z","@version":"1","message":"Sep 13 13:55:55 honeypot-sgp-1 sshd[11039]: Invalid user user from 141.255.162.226 port 39666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:58.386Z","@version":"1","message":"Sep 13 13:55:58 honeypot-sgp-1 sshd[11045]: Invalid user user from 141.255.162.226 port 48370","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:58:20 honeypot-ams-1 sshd[15874]: Received disconnect from 178.128.159.1 port 46388:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:58:20.565Z"}
{"@timestamp":"2022-09-13T13:58:56.459Z","@version":"1","message":"Sep 13 13:58:55 honeypot-sgp-1 kernel: [83953645.510996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.203.59.0 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34917 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:03:37 honeypot-fra-1 kernel: [83952241.264924] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48959 PROTO=TCP SPT=54243 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:03:37.848Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:09:39 honeypot-fra-1 sshd[6659]: Received disconnect from 165.22.45.108 port 37266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:09:40.986Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:12:57.804Z","@version":"1","message":"Sep 13 14:12:57 honeypot-sgp-1 sshd[11055]: Invalid user unknown from 179.60.147.69 port 57814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:15:36.872Z","@version":"1","message":"Sep 13 14:15:36 honeypot-sgp-1 sshd[11061]: Invalid user user from 45.61.187.160 port 34762","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:15:55.881Z","@version":"1","message":"Sep 13 14:15:55 honeypot-sgp-1 sshd[11065]: Invalid user user from 45.61.187.160 port 57700","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:13.892Z","@version":"1","message":"Sep 13 14:16:13 honeypot-sgp-1 sshd[11069]: Invalid user user from 45.61.187.160 port 52440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:16:20 honeypot-ams-1 sshd[15880]: Invalid user unknown from 179.60.147.69 port 19752","@timestamp":"2022-09-13T14:16:21.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:16:42 honeypot-fra-1 kernel: [83953025.442353] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=17338 PROTO=TCP SPT=58321 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:16:42.143Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T14:17:01.915Z","@version":"1","message":"Sep 13 14:17:01 honeypot-sgp-1 CRON[11073]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:20:13.997Z","@version":"1","message":"Sep 13 14:20:13 honeypot-sgp-1 kernel: [83954923.127978] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.143.37 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=15951 PROTO=TCP SPT=44945 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:21:54 honeypot-ams-1 kernel: [83955497.963711] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=51728 PROTO=TCP SPT=59802 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:21:54.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:21 honeypot-fra-1 sshd[6671]: Received disconnect from 187.75.209.161 port 54272:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:24:22.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:37 honeypot-fra-1 kernel: [83953501.316737] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47494 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:24:38.324Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:25:59 honeypot-fra-1 sshd[6679]: Received disconnect from 198.98.61.9 port 42376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:26:00.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:18 honeypot-fra-1 sshd[6683]: Received disconnect from 198.98.61.9 port 37010:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:26:18.366Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:26:28.156Z","@version":"1","message":"Sep 13 14:26:27 honeypot-sgp-1 sshd[11084]: Received disconnect from 139.59.76.127 port 58184:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:34 honeypot-fra-1 sshd[6687]: Invalid user user from 198.98.61.9 port 59900","@timestamp":"2022-09-13T14:26:35.375Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:51 honeypot-fra-1 sshd[6691]: Invalid user user from 198.98.61.9 port 54518","@timestamp":"2022-09-13T14:26:52.383Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:28:45 honeypot-fra-1 sshd[6693]: Disconnected from authenticating user root 92.255.85.70 port 41924 [preauth]","@timestamp":"2022-09-13T14:28:45.426Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:30:54 honeypot-ams-1 sshd[15887]: Disconnected from authenticating user root 92.255.85.70 port 28916 [preauth]","@timestamp":"2022-09-13T14:30:54.473Z"}
{"@timestamp":"2022-09-13T14:36:10.402Z","@version":"1","message":"Sep 13 14:36:10 honeypot-sgp-1 sshd[11088]: Received disconnect from 172.79.124.130 port 11849:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:39:41 honeypot-fra-1 sshd[6699]: Disconnected from invalid user student 139.59.27.36 port 60586 [preauth]","@timestamp":"2022-09-13T14:39:41.693Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:44:59 honeypot-ams-1 sshd[15895]: Invalid user oz from 187.157.23.243 port 52442","@timestamp":"2022-09-13T14:44:59.839Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:48:50 honeypot-fra-1 kernel: [83954953.402168] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.123.184.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=9281 PROTO=TCP SPT=59204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:48:50.904Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T14:49:23.731Z","@version":"1","message":"Sep 13 14:49:23 honeypot-sgp-1 sshd[11094]: Received disconnect from 92.255.85.69 port 54502:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:50:57 honeypot-fra-1 sshd[6711]: Disconnected from authenticating user root 187.210.226.222 port 52662 [preauth]","@timestamp":"2022-09-13T14:50:57.979Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:52:19 honeypot-fra-1 sshd[6718]: Disconnected from authenticating user root 92.255.85.70 port 59196 [preauth]","@timestamp":"2022-09-13T14:52:20.014Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:54:20 honeypot-ams-1 sshd[15901]: Disconnected from authenticating user root 92.255.85.70 port 46166 [preauth]","@timestamp":"2022-09-13T14:54:21.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:55:26 honeypot-fra-1 sshd[6724]: Invalid user capanni from 68.237.78.73 port 34934","@timestamp":"2022-09-13T14:55:27.087Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:00:07.995Z","@version":"1","message":"Sep 13 15:00:07 honeypot-sgp-1 kernel: [83957317.876234] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.245.21.133 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=11030 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:05:22 honeypot-fra-1 kernel: [83955946.028493] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.156.155.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57984 PROTO=TCP SPT=53102 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:05:23.304Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:06:50 honeypot-ams-1 kernel: [83958194.422045] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=32495 PROTO=TCP SPT=41203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:06:51.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:11:34 honeypot-fra-1 sshd[6731]: Connection closed by invalid user <empty> 178.219.115.231 port 32806 [preauth]","@timestamp":"2022-09-13T15:11:35.447Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:12:59.311Z","@version":"1","message":"Sep 13 15:12:58 honeypot-sgp-1 sshd[11107]: Disconnected from authenticating user root 92.255.85.70 port 30360 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:15:41 honeypot-fra-1 kernel: [83956564.649906] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=19492 PROTO=TCP SPT=41203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:15:41.544Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:16:24 honeypot-fra-1 sshd[6739]: Disconnected from authenticating user root 134.209.175.24 port 50492 [preauth]","@timestamp":"2022-09-13T15:16:25.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:19:43 honeypot-fra-1 sshd[6745]: Disconnected from invalid user sysbackup 192.116.113.246 port 33760 [preauth]","@timestamp":"2022-09-13T15:19:43.640Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:21:15.514Z","@version":"1","message":"Sep 13 15:21:14 honeypot-sgp-1 sshd[11115]: Received disconnect from 162.19.64.34 port 50574:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:23:16 honeypot-ams-1 kernel: [83959179.815912] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.11.28.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=572 DF PROTO=TCP SPT=10470 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:23:16.841Z"}
{"@timestamp":"2022-09-13T15:24:24.592Z","@version":"1","message":"Sep 13 15:24:24 honeypot-sgp-1 sshd[11121]: Disconnected from authenticating user root 40.118.226.96 port 33120 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:25:45.629Z","@version":"1","message":"Sep 13 15:25:45 honeypot-sgp-1 sshd[11128]: Invalid user ubuntu from 85.237.57.253 port 52516","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:27:34 honeypot-fra-1 sshd[6750]: Connection closed by invalid user default 179.60.147.69 port 61588 [preauth]","@timestamp":"2022-09-13T15:27:34.821Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:32:09 honeypot-fra-1 sshd[6759]: Invalid user rq from 180.179.114.44 port 36232","@timestamp":"2022-09-13T15:32:09.945Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:36:31.894Z","@version":"1","message":"Sep 13 15:36:31 honeypot-sgp-1 sshd[11133]: Received disconnect from 92.255.85.69 port 58882:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:36:51 honeypot-fra-1 sshd[6762]: Disconnected from invalid user ksb 165.22.45.108 port 48616 [preauth]","@timestamp":"2022-09-13T15:36:52.046Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:36:56 honeypot-ams-1 kernel: [83960000.055303] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.195 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=23184 PROTO=TCP SPT=31426 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:36:57.212Z"}
{"@timestamp":"2022-09-13T15:41:31.015Z","@version":"1","message":"Sep 13 15:41:30 honeypot-sgp-1 sshd[11138]: Disconnected from authenticating user root 102.132.237.232 port 44076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:06 honeypot-fra-1 sshd[6768]: Received disconnect from 45.61.186.169 port 45456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:43:07.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:24 honeypot-fra-1 sshd[6772]: Received disconnect from 45.61.186.169 port 40324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:43:25.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:40 honeypot-fra-1 sshd[6776]: Received disconnect from 45.61.186.169 port 35186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:43:41.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:56 honeypot-fra-1 sshd[6780]: Received disconnect from 45.61.186.169 port 58280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:43:57.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:45:56 honeypot-fra-1 sshd[6784]: Disconnected from invalid user mila 133.130.101.23 port 47668 [preauth]","@timestamp":"2022-09-13T15:45:57.264Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:46:01.126Z","@version":"1","message":"Sep 13 15:46:00 honeypot-sgp-1 sshd[11144]: Invalid user user from 137.184.123.69 port 58780","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:47:31 honeypot-ams-1 sshd[15934]: Connection closed by invalid user test 193.106.191.157 port 35538 [preauth]","@timestamp":"2022-09-13T15:47:31.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:49:42 honeypot-ams-1 sshd[15941]: Received disconnect from 80.76.51.189 port 42118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:49:42.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:50:43 honeypot-ams-1 sshd[15945]: Disconnected from authenticating user root 80.76.51.189 port 52562 [preauth]","@timestamp":"2022-09-13T15:50:44.574Z"}
{"@timestamp":"2022-09-13T15:52:11.278Z","@version":"1","message":"Sep 13 15:52:11 honeypot-sgp-1 sshd[11149]: Disconnected from invalid user nata 157.230.155.135 port 58501 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:52:18 honeypot-ams-1 sshd[15952]: Disconnected from authenticating user root 80.76.51.189 port 54126 [preauth]","@timestamp":"2022-09-13T15:52:18.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:52:20 honeypot-fra-1 sshd[6790]: Connection closed by invalid user Sujan 189.56.184.189 port 49363 [preauth]","@timestamp":"2022-09-13T15:52:21.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:53:52 honeypot-ams-1 sshd[15958]: Disconnected from authenticating user root 80.76.51.189 port 55684 [preauth]","@timestamp":"2022-09-13T15:53:52.660Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:53:54 honeypot-fra-1 sshd[6795]: Disconnected from invalid user tftpboot 178.154.201.126 port 56490 [preauth]","@timestamp":"2022-09-13T15:53:54.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:54:55 honeypot-ams-1 sshd[15962]: Disconnected from invalid user admin 80.76.51.189 port 37930 [preauth]","@timestamp":"2022-09-13T15:54:55.689Z"}
{"@timestamp":"2022-09-13T15:55:24.384Z","@version":"1","message":"Sep 13 15:55:23 honeypot-sgp-1 sshd[11153]: Disconnected from invalid user openfiler 91.240.118.222 port 37741 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:56:02 honeypot-ams-1 sshd[15967]: Disconnected from invalid user ansible 80.76.51.189 port 48372 [preauth]","@timestamp":"2022-09-13T15:56:02.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:57:12 honeypot-ams-1 sshd[15971]: Disconnected from invalid user ansible 80.76.51.189 port 58826 [preauth]","@timestamp":"2022-09-13T15:57:13.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:58:59 honeypot-ams-1 sshd[15978]: Received disconnect from 80.76.51.189 port 60396:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:58:59.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:00:10 honeypot-ams-1 sshd[15982]: Received disconnect from 80.76.51.189 port 42636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T16:00:10.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:01:59 honeypot-ams-1 sshd[15988]: Invalid user odoo from 80.76.51.189 port 44192","@timestamp":"2022-09-13T16:01:59.947Z"}
{"@timestamp":"2022-09-13T16:02:57.569Z","@version":"1","message":"Sep 13 16:02:57 honeypot-sgp-1 sshd[11158]: Connection closed by invalid user ubnt 179.60.147.69 port 41668 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:13.577Z","@version":"1","message":"Sep 13 16:03:13 honeypot-sgp-1 sshd[11165]: Received disconnect from 141.255.162.226 port 32778:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:15.578Z","@version":"1","message":"Sep 13 16:03:15 honeypot-sgp-1 sshd[11169]: Received disconnect from 141.255.162.226 port 40116:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:03:15 honeypot-ams-1 sshd[15993]: Disconnected from authenticating user root 80.76.51.189 port 54628 [preauth]","@timestamp":"2022-09-13T16:03:15.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:04:04 honeypot-fra-1 sshd[6801]: Connection closed by invalid user ubnt 179.60.147.69 port 63488 [preauth]","@timestamp":"2022-09-13T16:04:04.683Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:06:56 honeypot-ams-1 sshd[15999]: Invalid user test from 193.106.191.157 port 49132","@timestamp":"2022-09-13T16:06:57.082Z"}
{"@timestamp":"2022-09-13T16:09:18.724Z","@version":"1","message":"Sep 13 16:09:18 honeypot-sgp-1 kernel: [83961468.110502] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.212.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34325 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:12:26 honeypot-fra-1 sshd[6804]: Connection closed by invalid user ubnt 116.232.145.34 port 57373 [preauth]","@timestamp":"2022-09-13T16:12:26.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:17:01 honeypot-fra-1 CRON[6810]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T16:17:02.012Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:17:01 honeypot-ams-1 CRON[16003]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T16:17:02.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:18:02 honeypot-fra-1 sshd[6816]: Invalid user finance from 128.199.187.30 port 57390","@timestamp":"2022-09-13T16:18:03.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:20:34 honeypot-fra-1 sshd[6818]: Disconnected from invalid user ksb 165.22.45.108 port 53672 [preauth]","@timestamp":"2022-09-13T16:20:35.096Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:23:48.071Z","@version":"1","message":"Sep 13 16:23:47 honeypot-sgp-1 kernel: [83962337.386152] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=111 ID=33786 PROTO=TCP SPT=34810 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:26:34 honeypot-fra-1 sshd[6825]: Invalid user engineer from 141.98.10.158 port 39138","@timestamp":"2022-09-13T16:26:34.231Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:28:13 honeypot-ams-1 kernel: [83963077.521725] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.133 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=47980 PROTO=TCP SPT=49250 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:28:14.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:31:12 honeypot-fra-1 sshd[6830]: Disconnected from authenticating user root 164.177.31.66 port 39700 [preauth]","@timestamp":"2022-09-13T16:31:13.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:32:48.286Z","@version":"1","message":"Sep 13 16:32:47 honeypot-sgp-1 sshd[11184]: Disconnected from invalid user user 45.61.186.169 port 50566 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:07.296Z","@version":"1","message":"Sep 13 16:33:06 honeypot-sgp-1 sshd[11188]: Received disconnect from 45.61.186.169 port 45304:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:25.304Z","@version":"1","message":"Sep 13 16:33:25 honeypot-sgp-1 sshd[11192]: Received disconnect from 45.61.186.169 port 39996:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:42.314Z","@version":"1","message":"Sep 13 16:33:41 honeypot-sgp-1 sshd[11196]: Received disconnect from 45.61.186.169 port 34748:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:36:03 honeypot-fra-1 sshd[6836]: Received disconnect from 175.97.136.186 port 60460:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:36:03.437Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:40:11 honeypot-ams-1 sshd[16015]: Invalid user delissium from 103.75.148.11 port 52310","@timestamp":"2022-09-13T16:40:11.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:42:42 honeypot-ams-1 sshd[16019]: Invalid user test from 179.60.147.69 port 64850","@timestamp":"2022-09-13T16:42:43.065Z"}
{"@timestamp":"2022-09-13T16:45:35.601Z","@version":"1","message":"Sep 13 16:45:34 honeypot-sgp-1 kernel: [83963644.780666] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:48:24 honeypot-ams-1 kernel: [83964288.352095] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.201.9.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42235 PROTO=TCP SPT=58123 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:48:25.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:48:59 honeypot-fra-1 sshd[6842]: Received disconnect from 92.255.85.69 port 58002:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:48:59.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:49:49 honeypot-fra-1 sshd[6846]: Disconnected from invalid user lt 192.241.243.84 port 57160 [preauth]","@timestamp":"2022-09-13T16:49:49.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:50:24 honeypot-fra-1 sshd[6850]: Disconnected from invalid user proshin 103.176.21.200 port 48288 [preauth]","@timestamp":"2022-09-13T16:50:24.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:51:17.742Z","@version":"1","message":"Sep 13 16:51:17 honeypot-sgp-1 sshd[11207]: Disconnected from authenticating user root 93.108.242.140 port 20318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:52:48 honeypot-ams-1 sshd[16030]: Disconnected from authenticating user root 92.255.85.69 port 25412 [preauth]","@timestamp":"2022-09-13T16:52:49.350Z"}
{"@timestamp":"2022-09-13T16:52:55.784Z","@version":"1","message":"Sep 13 16:52:55 honeypot-sgp-1 sshd[11213]: Connection closed by invalid user admin 59.127.48.5 port 34207 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:53:35 honeypot-fra-1 sshd[6856]: Received disconnect from 193.194.87.117 port 35266:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:53:35.848Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:21 honeypot-ams-1 sshd[16035]: Did not receive identification string from 141.255.162.226 port 45286","@timestamp":"2022-09-13T17:00:21.548Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:46 honeypot-ams-1 sshd[16038]: Disconnected from invalid user user 141.255.162.226 port 51212 [preauth]","@timestamp":"2022-09-13T17:00:46.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:52 honeypot-ams-1 sshd[16042]: Disconnected from invalid user user 141.255.162.226 port 45618 [preauth]","@timestamp":"2022-09-13T17:00:53.565Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:04:16 honeypot-fra-1 sshd[6859]: Disconnected from invalid user ksb 165.22.45.108 port 58718 [preauth]","@timestamp":"2022-09-13T17:04:17.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:08:47 honeypot-fra-1 sshd[6862]: Received disconnect from 190.11.80.188 port 57556:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:08:48.212Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:09:01 honeypot-ams-1 CRON[16047]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T17:09:02.776Z"}
{"@timestamp":"2022-09-13T17:09:02.177Z","@version":"1","message":"Sep 13 17:09:01 honeypot-sgp-1 CRON[11233]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:11:23 honeypot-fra-1 kernel: [83963506.247486] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=62407 PROTO=TCP SPT=42183 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:11:23.272Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:15:30.335Z","@version":"1","message":"Sep 13 17:15:30 honeypot-sgp-1 sshd[11239]: Disconnected from invalid user jmotezuma 175.126.146.170 port 35580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:16:57 honeypot-fra-1 sshd[6872]: Connection closed by invalid user admin 179.60.147.69 port 21458 [preauth]","@timestamp":"2022-09-13T17:16:57.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:01 honeypot-ams-1 sshd[16055]: Received disconnect from 68.183.77.204 port 36558:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:17:01.987Z"}
{"@timestamp":"2022-09-13T17:17:02.376Z","@version":"1","message":"Sep 13 17:17:01 honeypot-sgp-1 CRON[11246]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:38 honeypot-ams-1 sshd[16061]: Invalid user user from 141.255.162.226 port 37968","@timestamp":"2022-09-13T17:17:39.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:40 honeypot-ams-1 sshd[16065]: Invalid user user from 141.255.162.226 port 59048","@timestamp":"2022-09-13T17:17:41.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:44 honeypot-ams-1 sshd[16069]: Invalid user user from 141.255.162.226 port 44880","@timestamp":"2022-09-13T17:17:45.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:18:20 honeypot-ams-1 sshd[16073]: Did not receive identification string from 179.43.145.74 port 50602","@timestamp":"2022-09-13T17:18:21.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:19:23 honeypot-ams-1 sshd[16078]: Received disconnect from 46.101.29.76 port 38840:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:19:24.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:21:08 honeypot-ams-1 sshd[16085]: Received disconnect from 179.43.145.74 port 36084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:21:09.109Z"}
{"@timestamp":"2022-09-13T17:21:39.492Z","@version":"1","message":"Sep 13 17:21:38 honeypot-sgp-1 kernel: [83965808.476564] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.187.110 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=46686 PROTO=TCP SPT=44940 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:22:16 honeypot-ams-1 kernel: [83966320.570252] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=7960 PROTO=TCP SPT=47297 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:22:17.142Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:24:17 honeypot-ams-1 sshd[16096]: Invalid user test from 179.43.145.74 port 47104","@timestamp":"2022-09-13T17:24:17.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:25:22 honeypot-ams-1 sshd[16100]: Invalid user ansible from 179.43.145.74 port 52616","@timestamp":"2022-09-13T17:25:23.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:26:50 honeypot-ams-1 sshd[16104]: Invalid user ubuntu from 179.43.145.74 port 58122","@timestamp":"2022-09-13T17:26:51.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:28:23 honeypot-ams-1 sshd[16109]: Received disconnect from 179.43.145.74 port 35404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:28:24.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:29:12 honeypot-ams-1 sshd[16113]: Received disconnect from 179.43.145.74 port 39080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:29:12.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:30:43 honeypot-ams-1 sshd[16117]: Received disconnect from 179.43.145.74 port 44590:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:30:43.378Z"}
{"@timestamp":"2022-09-13T17:31:00.723Z","@version":"1","message":"Sep 13 17:31:00 honeypot-sgp-1 kernel: [83966369.960691] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=45779 PROTO=TCP SPT=50203 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:31:54 honeypot-fra-1 kernel: [83964737.215539] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.169.162 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=42851 DF PROTO=TCP SPT=58814 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T17:31:54.740Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:33:16 honeypot-fra-1 sshd[6881]: Connection closed by invalid user admin 138.19.49.207 port 52066 [preauth]","@timestamp":"2022-09-13T17:33:17.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:18 honeypot-ams-1 sshd[16123]: Invalid user user from 45.61.184.204 port 40998","@timestamp":"2022-09-13T17:34:19.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:37 honeypot-ams-1 sshd[16127]: Invalid user user from 45.61.184.204 port 35690","@timestamp":"2022-09-13T17:34:37.480Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:55 honeypot-ams-1 sshd[16131]: Invalid user user from 45.61.184.204 port 58604","@timestamp":"2022-09-13T17:34:56.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:35:41 honeypot-ams-1 sshd[16135]: Received disconnect from 92.255.85.70 port 20730:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:35:42.512Z"}
{"@timestamp":"2022-09-13T17:40:00.943Z","@version":"1","message":"Sep 13 17:40:00 honeypot-sgp-1 sshd[11258]: Disconnected from invalid user test 141.94.203.31 port 39184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:40:27 honeypot-fra-1 sshd[6889]: Invalid user petern from 92.9.123.122 port 46514","@timestamp":"2022-09-13T17:40:27.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:42:34 honeypot-fra-1 sshd[6891]: Disconnected from invalid user admin 177.3.130.63 port 48042 [preauth]","@timestamp":"2022-09-13T17:42:34.985Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:50:01 honeypot-ams-1 kernel: [83967984.705156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.131 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36857 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:50:01.898Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:50:25 honeypot-fra-1 kernel: [83965848.717127] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.163.103.207 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=20018 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:50:26.161Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:42 honeypot-ams-1 sshd[16145]: Did not receive identification string from 104.156.155.31 port 38443","@timestamp":"2022-09-13T17:50:42.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:45 honeypot-ams-1 sshd[16154]: Connection closed by 104.156.155.31 port 26857 [preauth]","@timestamp":"2022-09-13T17:50:45.920Z"}
{"@timestamp":"2022-09-13T17:51:11.215Z","@version":"1","message":"Sep 13 17:51:10 honeypot-sgp-1 kernel: [83967580.533133] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.201.9.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3899 PROTO=TCP SPT=58123 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6907]: Connection closed by invalid user guest 94.156.175.57 port 42648 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6909]: Invalid user test from 94.156.175.57 port 42654","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6900]: Invalid user hadoop from 94.156.175.57 port 42634","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6916]: Invalid user oracle from 94.156.175.57 port 42683","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6914]: Invalid user esuser from 94.156.175.57 port 42660","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6902]: Connection closed by invalid user postgres 94.156.175.57 port 42631 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6924]: Connection closed by invalid user ts3srv 94.156.175.57 port 42685 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6919]: Connection closed by invalid user user 94.156.175.57 port 42688 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6934]: Invalid user deploy from 94.156.175.57 port 42698","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:48 honeypot-fra-1 sshd[6955]: Received disconnect from 45.61.184.204 port 54294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:52:49.217Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:07 honeypot-fra-1 sshd[6960]: Received disconnect from 45.61.184.204 port 48454:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:53:08.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:15 honeypot-fra-1 sshd[6962]: Disconnected from invalid user user 45.61.184.204 port 59650 [preauth]","@timestamp":"2022-09-13T17:53:16.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:31 honeypot-fra-1 sshd[6968]: Invalid user user from 45.61.184.204 port 53808","@timestamp":"2022-09-13T17:53:31.238Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:46 honeypot-fra-1 sshd[6972]: Invalid user default from 179.60.147.69 port 39000","@timestamp":"2022-09-13T17:53:47.245Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:54:10.290Z","@version":"1","message":"Sep 13 17:54:10 honeypot-sgp-1 kernel: [83967759.882789] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=50198 PROTO=TCP SPT=42063 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:55:59 honeypot-ams-1 sshd[16165]: Connection closed by invalid user default 179.60.147.69 port 63736 [preauth]","@timestamp":"2022-09-13T17:56:00.057Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:38 honeypot-fra-1 sshd[6978]: Invalid user user from 141.255.162.226 port 60884","@timestamp":"2022-09-13T17:57:39.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:40 honeypot-fra-1 sshd[6982]: Invalid user user from 141.255.162.226 port 53630","@timestamp":"2022-09-13T17:57:41.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:42 honeypot-fra-1 sshd[6986]: Invalid user user from 141.255.162.226 port 39906","@timestamp":"2022-09-13T17:57:43.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:31 honeypot-ams-1 sshd[16170]: Received disconnect from 45.61.186.249 port 35896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:58:32.127Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:58:45 honeypot-fra-1 sshd[6990]: Connection closed by authenticating user root 103.188.176.251 port 39192 [preauth]","@timestamp":"2022-09-13T17:58:46.363Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:55 honeypot-ams-1 sshd[16174]: Received disconnect from 45.61.186.249 port 33752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:58:56.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:16 honeypot-ams-1 sshd[16178]: Received disconnect from 45.61.186.249 port 59834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:59:17.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:31 honeypot-ams-1 sshd[16182]: Did not receive identification string from 121.178.19.28 port 26270","@timestamp":"2022-09-13T17:59:31.160Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:01:31 honeypot-fra-1 sshd[6994]: Disconnected from invalid user admin 178.128.43.209 port 50592 [preauth]","@timestamp":"2022-09-13T18:01:32.426Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:06:31 honeypot-ams-1 kernel: [83968974.917386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39135 PROTO=TCP SPT=50676 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:06:31.365Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:08:25 honeypot-ams-1 kernel: [83969088.866938] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=45063 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:08:25.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:08:33 honeypot-fra-1 sshd[7000]: Received disconnect from 171.244.139.236 port 35928:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:08:33.579Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:09:27 honeypot-ams-1 sshd[16193]: Disconnected from invalid user sale 197.5.145.87 port 46792 [preauth]","@timestamp":"2022-09-13T18:09:28.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:12:37 honeypot-fra-1 kernel: [83967180.520292] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45849 PROTO=TCP SPT=52004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:12:37.673Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T18:13:20.747Z","@version":"1","message":"Sep 13 18:13:20 honeypot-sgp-1 kernel: [83968910.242180] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=64716 PROTO=TCP SPT=52004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:17:49 honeypot-fra-1 sshd[7008]: Disconnected from authenticating user root 92.255.85.69 port 35354 [preauth]","@timestamp":"2022-09-13T18:17:49.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:20:40 honeypot-ams-1 sshd[16199]: Received disconnect from 92.255.85.70 port 37056:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:20:41.734Z"}
{"@timestamp":"2022-09-13T18:22:13.962Z","@version":"1","message":"Sep 13 18:22:13 honeypot-sgp-1 sshd[11277]: Connection closed by authenticating user root 103.188.176.251 port 58342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:31:39 honeypot-fra-1 sshd[7014]: Received disconnect from 165.22.45.108 port 40476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:31:39.114Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:32:26 honeypot-ams-1 sshd[16205]: Invalid user admin from 179.60.147.69 port 15342","@timestamp":"2022-09-13T18:32:27.039Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:33:34 honeypot-fra-1 sshd[7018]: Connection closed by invalid user admin 221.120.207.107 port 41142 [preauth]","@timestamp":"2022-09-13T18:33:34.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:22 honeypot-ams-1 sshd[16208]: Received disconnect from 45.61.186.169 port 50418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:36:23.158Z"}
{"@timestamp":"2022-09-13T18:36:29.309Z","@version":"1","message":"Sep 13 18:36:28 honeypot-sgp-1 sshd[11284]: Disconnected from authenticating user root 92.255.85.69 port 16164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:40 honeypot-ams-1 sshd[16212]: Received disconnect from 45.61.186.169 port 47388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:36:40.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:57 honeypot-ams-1 sshd[16216]: Received disconnect from 45.61.186.169 port 44368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:36:58.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:37:14 honeypot-ams-1 sshd[16221]: Invalid user user from 45.61.186.169 port 41340","@timestamp":"2022-09-13T18:37:14.185Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:38:10 honeypot-fra-1 sshd[7023]: Disconnected from invalid user ksh 202.29.236.130 port 58488 [preauth]","@timestamp":"2022-09-13T18:38:11.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:38 honeypot-fra-1 sshd[7029]: Received disconnect from 157.245.122.58 port 46402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:39:39.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:41 honeypot-fra-1 sshd[7033]: Disconnected from authenticating user root 92.255.85.70 port 19550 [preauth]","@timestamp":"2022-09-13T18:39:42.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:40:42 honeypot-fra-1 sshd[7040]: Received disconnect from 157.245.122.58 port 59922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:40:43.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:42:51 honeypot-fra-1 sshd[7044]: Invalid user tenancy from 157.245.122.58 port 58756","@timestamp":"2022-09-13T18:42:51.395Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:44:38 honeypot-ams-1 sshd[16227]: Invalid user test from 193.106.191.157 port 37004","@timestamp":"2022-09-13T18:44:39.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:44:42 honeypot-fra-1 sshd[7048]: Invalid user jonitwiso from 157.245.122.58 port 57592","@timestamp":"2022-09-13T18:44:43.461Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:45:50 honeypot-ams-1 sshd[16234]: Received disconnect from 80.76.51.189 port 47216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:45:50.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:46:32 honeypot-fra-1 sshd[7053]: Invalid user cypress from 157.245.122.58 port 56418","@timestamp":"2022-09-13T18:46:33.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:47:20 honeypot-ams-1 sshd[16240]: Received disconnect from 80.76.51.189 port 50250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:47:20.454Z"}
{"@timestamp":"2022-09-13T18:47:43.582Z","@version":"1","message":"Sep 13 18:47:43 honeypot-sgp-1 kernel: [83970973.143978] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.128 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41343 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:48:55 honeypot-ams-1 sshd[16247]: Received disconnect from 80.76.51.189 port 53322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:48:56.497Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:50:01 honeypot-ams-1 sshd[16251]: Disconnected from authenticating user root 80.76.51.189 port 36552 [preauth]","@timestamp":"2022-09-13T18:50:02.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:51:06 honeypot-ams-1 sshd[16257]: Invalid user admin from 80.76.51.189 port 48004","@timestamp":"2022-09-13T18:51:07.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:52:13 honeypot-ams-1 sshd[16261]: Invalid user ansible from 80.76.51.189 port 59454","@timestamp":"2022-09-13T18:52:13.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:52:45 honeypot-ams-1 sshd[16265]: Received disconnect from 80.76.51.189 port 51068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:52:46.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:53:53 honeypot-ams-1 sshd[16270]: Received disconnect from 80.76.51.189 port 34300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:53:53.640Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:54:42 honeypot-fra-1 sshd[7058]: Invalid user test from 193.106.191.157 port 60258","@timestamp":"2022-09-13T18:54:42.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:55:38 honeypot-ams-1 sshd[16276]: Invalid user oracle from 80.76.51.189 port 37394","@timestamp":"2022-09-13T18:55:39.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:56:16 honeypot-ams-1 sshd[16278]: Disconnected from invalid user postgres 80.76.51.189 port 57216 [preauth]","@timestamp":"2022-09-13T18:56:16.707Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:57:27 honeypot-fra-1 sshd[7062]: Received disconnect from 202.70.87.193 port 55706:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:57:27.754Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:58:05 honeypot-ams-1 sshd[16284]: Received disconnect from 80.76.51.189 port 60286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:58:05.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:58:53 honeypot-ams-1 sshd[16288]: Disconnected from invalid user astr 202.53.1.114 port 38954 [preauth]","@timestamp":"2022-09-13T18:58:53.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:01:12 honeypot-fra-1 kernel: [83970095.742602] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.132.43.69 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=9596 DF PROTO=TCP SPT=31436 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:01:13.840Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:03:51 honeypot-ams-1 kernel: [83972414.900371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:03:51.910Z"}
{"@timestamp":"2022-09-13T19:05:55.010Z","@version":"1","message":"Sep 13 19:05:54 honeypot-sgp-1 sshd[11293]: Connection closed by invalid user blank 179.60.147.69 port 61896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:07:03 honeypot-fra-1 sshd[7074]: Connection closed by invalid user blank 179.60.147.69 port 41938 [preauth]","@timestamp":"2022-09-13T19:07:03.974Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:09:16.092Z","@version":"1","message":"Sep 13 19:09:15 honeypot-sgp-1 sshd[11297]: Disconnected from authenticating user root 20.25.38.254 port 41276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:09:42 honeypot-ams-1 sshd[16298]: Disconnected from authenticating user root 64.64.226.195 port 47504 [preauth]","@timestamp":"2022-09-13T19:09:43.065Z"}
{"@timestamp":"2022-09-13T19:14:56.227Z","@version":"1","message":"Sep 13 19:14:55 honeypot-sgp-1 sshd[11302]: Received disconnect from 137.184.25.247 port 36382:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:15:06 honeypot-fra-1 sshd[7079]: Disconnected from invalid user ksb 165.22.45.108 port 45446 [preauth]","@timestamp":"2022-09-13T19:15:07.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:17:01 honeypot-ams-1 CRON[16304]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T19:17:02.272Z"}
{"@timestamp":"2022-09-13T19:18:01.301Z","@version":"1","message":"Sep 13 19:18:01 honeypot-sgp-1 kernel: [83972790.730080] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.192.196 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49122 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:20:23 honeypot-fra-1 sshd[7086]: Disconnected from invalid user horia 180.167.207.234 port 49497 [preauth]","@timestamp":"2022-09-13T19:20:24.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:20:27 honeypot-ams-1 sshd[16310]: Disconnected from authenticating user root 37.152.177.179 port 38198 [preauth]","@timestamp":"2022-09-13T19:20:28.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:22:21 honeypot-ams-1 sshd[16316]: Invalid user odoo from 157.245.122.58 port 44720","@timestamp":"2022-09-13T19:22:21.415Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:22:54 honeypot-ams-1 kernel: [83973557.852936] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.168.28.81 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=26846 DF PROTO=TCP SPT=59194 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:22:54.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:17 honeypot-ams-1 sshd[16321]: Received disconnect from 157.245.122.58 port 43558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:24:17.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:43 honeypot-ams-1 sshd[16325]: Received disconnect from 45.61.186.169 port 50582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:24:44.487Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:00 honeypot-ams-1 sshd[16329]: Received disconnect from 45.61.186.169 port 44696:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:25:00.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:13 honeypot-ams-1 sshd[16333]: Received disconnect from 157.245.122.58 port 57086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:25:14.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:23 honeypot-ams-1 sshd[16338]: Invalid user user from 45.61.186.169 port 49974","@timestamp":"2022-09-13T19:25:24.509Z"}
{"@timestamp":"2022-09-13T19:25:33.481Z","@version":"1","message":"Sep 13 19:25:33 honeypot-sgp-1 kernel: [83973242.958637] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40788 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:26:08 honeypot-ams-1 sshd[16342]: Invalid user jonitiso from 157.245.122.58 port 42388","@timestamp":"2022-09-13T19:26:09.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:26:34 honeypot-fra-1 sshd[7092]: Received disconnect from 162.243.172.239 port 40034:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:26:35.409Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:26:35.507Z","@version":"1","message":"Sep 13 19:26:35 honeypot-sgp-1 sshd[11315]: Disconnected from invalid user admin 167.99.68.65 port 52034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:27:00 honeypot-ams-1 sshd[16344]: Disconnected from invalid user cypress 157.245.122.58 port 55930 [preauth]","@timestamp":"2022-09-13T19:27:00.558Z"}
{"@timestamp":"2022-09-13T19:28:20.551Z","@version":"1","message":"Sep 13 19:28:20 honeypot-sgp-1 sshd[11321]: Disconnected from authenticating user root 179.60.150.118 port 50200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:37:16 honeypot-fra-1 kernel: [83972259.308718] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:37:16.648Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T19:40:03.844Z","@version":"1","message":"Sep 13 19:40:03 honeypot-sgp-1 sshd[11326]: Received disconnect from 45.61.186.49 port 39432:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:40:13.850Z","@version":"1","message":"Sep 13 19:40:12 honeypot-sgp-1 sshd[11330]: Received disconnect from 45.61.186.49 port 51080:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:42:39 honeypot-fra-1 sshd[7104]: Invalid user cn from 161.18.254.73 port 57154","@timestamp":"2022-09-13T19:42:39.770Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:42:47.910Z","@version":"1","message":"Sep 13 19:42:47 honeypot-sgp-1 sshd[11336]: Invalid user guest from 179.60.147.69 port 8030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:45:25.974Z","@version":"1","message":"Sep 13 19:45:25 honeypot-sgp-1 kernel: [83974435.620567] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=57657 DF PROTO=TCP SPT=58968 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:45:44 honeypot-fra-1 sshd[7109]: Invalid user sysgames from 209.141.52.250 port 59740","@timestamp":"2022-09-13T19:45:44.843Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:46:10 honeypot-ams-1 sshd[16348]: Connection closed by invalid user guest 179.60.147.69 port 16196 [preauth]","@timestamp":"2022-09-13T19:46:10.059Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:48:12 honeypot-fra-1 kernel: [83972915.353589] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=51471 DF PROTO=TCP SPT=44282 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:48:12.902Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:52:16 honeypot-ams-1 sshd[16353]: Invalid user monitor from 159.89.163.217 port 50312","@timestamp":"2022-09-13T19:52:16.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:53:47 honeypot-fra-1 sshd[7114]: Connection closed by invalid user admin 81.174.23.66 port 36752 [preauth]","@timestamp":"2022-09-13T19:53:48.029Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:55:20 honeypot-ams-1 kernel: [83975504.341525] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8211 PROTO=TCP SPT=58685 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:55:21.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:58:33 honeypot-fra-1 sshd[7118]: Invalid user ksb from 165.22.45.108 port 50416","@timestamp":"2022-09-13T19:58:33.142Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:58:45.288Z","@version":"1","message":"Sep 13 19:58:44 honeypot-sgp-1 sshd[11343]: Disconnected from authenticating user root 123.100.226.242 port 42362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:03:31 honeypot-ams-1 sshd[16360]: Received disconnect from 85.31.46.45 port 36852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:03:32.520Z"}
{"@timestamp":"2022-09-13T20:03:53.415Z","@version":"1","message":"Sep 13 20:03:53 honeypot-sgp-1 sshd[11349]: Invalid user user from 45.61.186.169 port 54482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:02 honeypot-ams-1 sshd[16364]: Received disconnect from 85.31.46.45 port 56516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:04:03.536Z"}
{"@timestamp":"2022-09-13T20:04:05.421Z","@version":"1","message":"Sep 13 20:04:05 honeypot-sgp-1 sshd[11353]: Received disconnect from 101.100.186.174 port 48680:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:20.429Z","@version":"1","message":"Sep 13 20:04:19 honeypot-sgp-1 sshd[11357]: Received disconnect from 45.61.186.169 port 60910:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:36.436Z","@version":"1","message":"Sep 13 20:04:35 honeypot-sgp-1 sshd[11361]: Received disconnect from 45.61.186.169 port 55788:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:48 honeypot-ams-1 sshd[16371]: Received disconnect from 85.31.46.45 port 57742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:04:48.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:05:31 honeypot-ams-1 sshd[16377]: Received disconnect from 85.31.46.45 port 59204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:05:32.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:10 honeypot-ams-1 sshd[16383]: Did not receive identification string from 167.99.220.160 port 35834","@timestamp":"2022-09-13T20:06:11.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:30 honeypot-ams-1 sshd[16386]: Disconnected from invalid user git 85.31.46.45 port 41764 [preauth]","@timestamp":"2022-09-13T20:06:30.612Z"}
{"@timestamp":"2022-09-13T20:06:51.492Z","@version":"1","message":"Sep 13 20:06:50 honeypot-sgp-1 sshd[11366]: Disconnected from authenticating user root 92.255.85.70 port 31974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:10:23 honeypot-fra-1 sshd[7123]: Disconnected from authenticating user root 92.255.85.69 port 23436 [preauth]","@timestamp":"2022-09-13T20:10:24.409Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:10:48.586Z","@version":"1","message":"Sep 13 20:10:47 honeypot-sgp-1 sshd[11370]: Disconnected from 143.110.236.239 port 34346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:12:44 honeypot-ams-1 sshd[16391]: Disconnected from authenticating user root 92.255.85.70 port 57566 [preauth]","@timestamp":"2022-09-13T20:12:44.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:13:57 honeypot-fra-1 sshd[7127]: Connection closed by invalid user user 165.90.109.198 port 52700 [preauth]","@timestamp":"2022-09-13T20:13:57.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:17:01 honeypot-fra-1 CRON[7134]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T20:17:02.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:20:26 honeypot-fra-1 sshd[7139]: Connection closed by invalid user guest 179.60.147.69 port 63604 [preauth]","@timestamp":"2022-09-13T20:20:26.642Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:20:35.819Z","@version":"1","message":"Sep 13 20:20:35 honeypot-sgp-1 kernel: [83976545.165263] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.6.130.144 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=60929 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:22:38 honeypot-ams-1 sshd[16398]: Invalid user guest from 179.60.147.69 port 21150","@timestamp":"2022-09-13T20:22:39.033Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:26:26 honeypot-ams-1 kernel: [83977370.081435] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.103.181.180 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=42791 PROTO=TCP SPT=7669 DPT=80 WINDOW=4069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:26:27.134Z"}
{"@timestamp":"2022-09-13T20:31:14.074Z","@version":"1","message":"Sep 13 20:31:13 honeypot-sgp-1 kernel: [83977182.719600] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=495 PROTO=TCP SPT=22452 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:32:49 honeypot-ams-1 sshd[16405]: Received disconnect from 185.172.3.226 port 54794:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:32:49.304Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:33:16 honeypot-fra-1 sshd[7144]: Received disconnect from 92.255.85.70 port 27606:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:33:16.936Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:36:26 honeypot-ams-1 sshd[16410]: Disconnected from invalid user samp 104.131.39.193 port 55950 [preauth]","@timestamp":"2022-09-13T20:36:26.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:37:50 honeypot-fra-1 sshd[7150]: Received disconnect from 198.98.61.9 port 36920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:37:51.040Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:07 honeypot-fra-1 sshd[7154]: Received disconnect from 198.98.61.9 port 59994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:38:08.048Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:30 honeypot-fra-1 sshd[7159]: Received disconnect from 198.98.61.9 port 54838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:38:30.059Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:38:36.273Z","@version":"1","message":"Sep 13 20:38:35 honeypot-sgp-1 kernel: [83977625.264483] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.207.167 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47567 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:46 honeypot-fra-1 sshd[7163]: Received disconnect from 198.98.61.9 port 49680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:38:46.066Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:41:32 honeypot-ams-1 sshd[16415]: Received disconnect from 138.68.91.192 port 43788:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:41:33.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:41:52 honeypot-fra-1 sshd[7169]: Invalid user user from 45.61.187.160 port 38850","@timestamp":"2022-09-13T20:41:52.140Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:07 honeypot-fra-1 sshd[7173]: Invalid user ksb from 165.22.45.108 port 55350","@timestamp":"2022-09-13T20:42:07.148Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:25 honeypot-fra-1 sshd[7177]: Invalid user user from 45.61.187.160 port 44982","@timestamp":"2022-09-13T20:42:26.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:44 honeypot-fra-1 sshd[7181]: Invalid user user from 45.61.187.160 port 39648","@timestamp":"2022-09-13T20:42:45.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:54 honeypot-fra-1 sshd[7183]: Invalid user bong from 3.38.231.14 port 42514","@timestamp":"2022-09-13T20:42:55.171Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:45:56.454Z","@version":"1","message":"Sep 13 20:45:55 honeypot-sgp-1 sshd[11394]: Received disconnect from 185.53.229.86 port 59164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:50:19 honeypot-ams-1 kernel: [83978803.404206] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=101.43.242.16 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=39196 DF PROTO=TCP SPT=45801 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:50:20.756Z"}
{"@timestamp":"2022-09-13T20:53:51.648Z","@version":"1","message":"Sep 13 20:53:51 honeypot-sgp-1 sshd[11400]: Disconnected from authenticating user root 179.43.156.143 port 41686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:55:06.681Z","@version":"1","message":"Sep 13 20:55:06 honeypot-sgp-1 sshd[11406]: Disconnected from authenticating user root 179.43.156.143 port 32936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:55:38 honeypot-fra-1 sshd[7194]: Invalid user pi from 80.117.229.198 port 55896","@timestamp":"2022-09-13T20:55:39.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:56:19.714Z","@version":"1","message":"Sep 13 20:56:19 honeypot-sgp-1 sshd[11412]: Disconnected from authenticating user root 179.43.156.143 port 52354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:56:23 honeypot-fra-1 sshd[7200]: Received disconnect from 92.255.85.69 port 17860:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:56:23.471Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:58:06.760Z","@version":"1","message":"Sep 13 20:58:06 honeypot-sgp-1 sshd[11419]: Invalid user ossuser from 179.43.156.143 port 39172","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:47 honeypot-fra-1 sshd[7206]: Invalid user user from 45.61.186.49 port 57176","@timestamp":"2022-09-13T20:58:48.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:56 honeypot-fra-1 sshd[7210]: Received disconnect from 210.187.80.132 port 33034:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:58:56.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:59:04 honeypot-fra-1 sshd[7214]: Received disconnect from 45.61.186.49 port 48478:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:59:05.538Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:59:07 honeypot-ams-1 sshd[16423]: Received disconnect from 92.255.85.70 port 33736:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:59:08.002Z"}
{"@timestamp":"2022-09-13T20:59:27.793Z","@version":"1","message":"Sep 13 20:59:26 honeypot-sgp-1 kernel: [83978876.447700] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=33129 DF PROTO=TCP SPT=50784 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:00:55.832Z","@version":"1","message":"Sep 13 21:00:55 honeypot-sgp-1 sshd[11427]: Disconnected from authenticating user root 179.43.156.143 port 49830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:43 honeypot-fra-1 sshd[7221]: Invalid user user from 45.61.186.169 port 57600","@timestamp":"2022-09-13T21:02:43.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:02 honeypot-fra-1 sshd[7225]: Invalid user user from 45.61.186.169 port 53506","@timestamp":"2022-09-13T21:03:02.627Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:03:04.885Z","@version":"1","message":"Sep 13 21:03:04 honeypot-sgp-1 sshd[11433]: Disconnected from authenticating user root 179.43.156.143 port 36668 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:19 honeypot-fra-1 sshd[7229]: Invalid user user from 45.61.186.169 port 49404","@timestamp":"2022-09-13T21:03:19.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:50 honeypot-fra-1 kernel: [83977452.818580] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.130.174.37 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=45320 DF PROTO=TCP SPT=44602 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:03:50.649Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:08:23 honeypot-ams-1 kernel: [83979886.932676] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=22975 PROTO=TCP SPT=50301 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:08:24.240Z"}
{"@timestamp":"2022-09-13T21:08:36.017Z","@version":"1","message":"Sep 13 21:08:35 honeypot-sgp-1 kernel: [83979425.358328] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.46.215.90 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=36877 DF PROTO=TCP SPT=41446 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:10:51.072Z","@version":"1","message":"Sep 13 21:10:50 honeypot-sgp-1 sshd[11439]: Disconnected from authenticating user root 89.189.188.33 port 40842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:37.119Z","@version":"1","message":"Sep 13 21:12:36 honeypot-sgp-1 sshd[11444]: Received disconnect from 141.255.162.226 port 57120:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:39.120Z","@version":"1","message":"Sep 13 21:12:38 honeypot-sgp-1 sshd[11448]: Received disconnect from 141.255.162.226 port 41724:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:43.122Z","@version":"1","message":"Sep 13 21:12:42 honeypot-sgp-1 sshd[11452]: Received disconnect from 141.255.162.226 port 48148:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:13:28 honeypot-ams-1 sshd[16429]: Disconnected from invalid user sysgames 209.141.52.250 port 56956 [preauth]","@timestamp":"2022-09-13T21:13:29.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:15:57 honeypot-fra-1 sshd[7236]: Disconnected from invalid user jjf 210.105.193.6 port 37176 [preauth]","@timestamp":"2022-09-13T21:15:57.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:17:01 honeypot-fra-1 CRON[7240]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T21:17:01.952Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:17:02.226Z","@version":"1","message":"Sep 13 21:17:01 honeypot-sgp-1 CRON[11457]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:18:36.265Z","@version":"1","message":"Sep 13 21:18:36 honeypot-sgp-1 kernel: [83980025.649712] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.141.36 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54569 PROTO=TCP SPT=38092 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:18:42 honeypot-ams-1 sshd[16435]: Disconnected from authenticating user root 90.176.158.210 port 58541 [preauth]","@timestamp":"2022-09-13T21:18:43.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:21:20 honeypot-ams-1 sshd[16439]: Disconnected from authenticating user root 92.255.85.69 port 31832 [preauth]","@timestamp":"2022-09-13T21:21:21.582Z"}
{"@timestamp":"2022-09-13T21:24:09.399Z","@version":"1","message":"Sep 13 21:24:09 honeypot-sgp-1 sshd[11463]: Disconnected from invalid user admin 85.237.57.253 port 45498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:25:58 honeypot-fra-1 sshd[7251]: Invalid user ksb from 165.22.45.108 port 60266","@timestamp":"2022-09-13T21:25:59.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:28:01.493Z","@version":"1","message":"Sep 13 21:28:00 honeypot-sgp-1 sshd[11466]: Received disconnect from 201.21.236.19 port 41554:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:28:22 honeypot-ams-1 sshd[16445]: Received disconnect from 143.198.165.162 port 58732:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:28:23.770Z"}
{"@timestamp":"2022-09-13T21:28:38.509Z","@version":"1","message":"Sep 13 21:28:38 honeypot-sgp-1 sshd[11470]: Received disconnect from 198.98.61.9 port 41094:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:28:55.516Z","@version":"1","message":"Sep 13 21:28:54 honeypot-sgp-1 sshd[11474]: Received disconnect from 198.98.61.9 port 36672:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:08.522Z","@version":"1","message":"Sep 13 21:29:08 honeypot-sgp-1 sshd[11478]: Received disconnect from 177.33.46.250 port 39732:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:18.527Z","@version":"1","message":"Sep 13 21:29:17 honeypot-sgp-1 sshd[11483]: Received disconnect from 198.98.61.9 port 44148:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:32:48.610Z","@version":"1","message":"Sep 13 21:32:47 honeypot-sgp-1 sshd[11488]: Received disconnect from 52.172.168.56 port 42196:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:33:31 honeypot-fra-1 sshd[7257]: Invalid user ubnt from 179.60.147.69 port 63550","@timestamp":"2022-09-13T21:33:32.324Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:34:29 honeypot-ams-1 sshd[16454]: Invalid user crchen from 137.116.144.39 port 50724","@timestamp":"2022-09-13T21:34:29.927Z"}
{"@timestamp":"2022-09-13T21:37:23.720Z","@version":"1","message":"Sep 13 21:37:22 honeypot-sgp-1 sshd[11492]: Disconnected from authenticating user root 92.255.85.70 port 57474 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:39:49 honeypot-fra-1 sshd[7262]: Received disconnect from 92.255.85.70 port 21448:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:39:49.472Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:40:59.811Z","@version":"1","message":"Sep 13 21:40:59 honeypot-sgp-1 sshd[11499]: Invalid user cameras from 185.246.130.20 port 45609","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:14.819Z","@version":"1","message":"Sep 13 21:41:14 honeypot-sgp-1 sshd[11503]: Invalid user admin from 185.246.130.20 port 57778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:41:25 honeypot-ams-1 sshd[16459]: Disconnected from authenticating user root 92.255.85.69 port 36592 [preauth]","@timestamp":"2022-09-13T21:41:26.109Z"}
{"@timestamp":"2022-09-13T21:41:54.837Z","@version":"1","message":"Sep 13 21:41:54 honeypot-sgp-1 sshd[11509]: Invalid user aerohive from 185.246.130.20 port 16634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:22.851Z","@version":"1","message":"Sep 13 21:42:21 honeypot-sgp-1 sshd[11515]: Invalid user private from 185.246.130.20 port 1721","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:46.864Z","@version":"1","message":"Sep 13 21:42:46 honeypot-sgp-1 sshd[11521]: Disconnecting invalid user Admin 185.246.130.20 port 30792: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:43:03.872Z","@version":"1","message":"Sep 13 21:43:03 honeypot-sgp-1 sshd[11527]: Disconnecting invalid user user 185.246.130.20 port 9556: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:10.903Z","@version":"1","message":"Sep 13 21:44:09 honeypot-sgp-1 sshd[11535]: Invalid user admin from 185.246.130.20 port 51853","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:38.916Z","@version":"1","message":"Sep 13 21:44:37 honeypot-sgp-1 sshd[11541]: Disconnecting authenticating user root 185.246.130.20 port 29206: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:00.927Z","@version":"1","message":"Sep 13 21:45:00 honeypot-sgp-1 sshd[11547]: Disconnecting invalid user cisco 185.246.130.20 port 33486: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:28.953Z","@version":"1","message":"Sep 13 21:45:28 honeypot-sgp-1 sshd[11555]: Invalid user Administrator from 185.246.130.20 port 46424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:59.968Z","@version":"1","message":"Sep 13 21:45:59 honeypot-sgp-1 sshd[11562]: Invalid user sti.admin5 from 185.246.130.20 port 8633","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:26.980Z","@version":"1","message":"Sep 13 21:46:26 honeypot-sgp-1 sshd[11567]: Disconnecting invalid user blank 185.246.130.20 port 11080: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:59.997Z","@version":"1","message":"Sep 13 21:46:59 honeypot-sgp-1 sshd[11576]: Invalid user default from 185.246.130.20 port 52806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:24.009Z","@version":"1","message":"Sep 13 21:47:23 honeypot-sgp-1 sshd[11582]: Invalid user Administrator from 185.246.130.20 port 53705","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:50.021Z","@version":"1","message":"Sep 13 21:47:49 honeypot-sgp-1 sshd[11588]: Invalid user admin from 185.246.130.20 port 42598","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:47:58 honeypot-ams-1 sshd[16465]: Invalid user odoo from 190.13.81.218 port 41320","@timestamp":"2022-09-13T21:47:59.277Z"}
{"@timestamp":"2022-09-13T21:48:03.027Z","@version":"1","message":"Sep 13 21:48:02 honeypot-sgp-1 sshd[11590]: Invalid user lgnortel from 185.246.130.20 port 41770","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:34.041Z","@version":"1","message":"Sep 13 21:48:33 honeypot-sgp-1 sshd[11600]: Invalid user admin from 185.246.130.20 port 28911","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:46.047Z","@version":"1","message":"Sep 13 21:48:45 honeypot-sgp-1 sshd[11602]: Disconnecting invalid user  185.246.130.20 port 7811: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:18.062Z","@version":"1","message":"Sep 13 21:49:17 honeypot-sgp-1 sshd[11611]: Invalid user  from 185.246.130.20 port 28475","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:46.075Z","@version":"1","message":"Sep 13 21:49:45 honeypot-sgp-1 sshd[11617]: Invalid user admin from 185.246.130.20 port 45539","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:50:09 honeypot-fra-1 sshd[7265]: Received disconnect from 103.248.60.70 port 55747:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:50:09.706Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:50:19.091Z","@version":"1","message":"Sep 13 21:50:19 honeypot-sgp-1 sshd[11623]: Disconnecting invalid user admin 185.246.130.20 port 50364: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:50:49.105Z","@version":"1","message":"Sep 13 21:50:48 honeypot-sgp-1 sshd[11630]: Invalid user admin from 185.246.130.20 port 21120","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:22.120Z","@version":"1","message":"Sep 13 21:51:22 honeypot-sgp-1 sshd[11637]: Invalid user Shiko from 185.246.130.20 port 35778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:51:33 honeypot-ams-1 kernel: [83982476.732500] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.187.205.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=6685 PROTO=TCP SPT=55603 DPT=80 WINDOW=52003 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:51:33.366Z"}
{"@timestamp":"2022-09-13T21:51:51.134Z","@version":"1","message":"Sep 13 21:51:50 honeypot-sgp-1 sshd[11643]: Invalid user smcadmin from 185.246.130.20 port 48776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:19.148Z","@version":"1","message":"Sep 13 21:52:18 honeypot-sgp-1 sshd[11647]: Disconnecting invalid user cusadmin 185.246.130.20 port 40280: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:47.161Z","@version":"1","message":"Sep 13 21:52:46 honeypot-sgp-1 sshd[11653]: Disconnecting invalid user sweex 185.246.130.20 port 15529: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:53:24.178Z","@version":"1","message":"Sep 13 21:53:23 honeypot-sgp-1 sshd[11659]: Disconnecting invalid user  185.246.130.20 port 36380: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:53:56.193Z","@version":"1","message":"Sep 13 21:53:55 honeypot-sgp-1 sshd[11665]: Disconnecting invalid user ubnt 185.246.130.20 port 23869: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:54:38.214Z","@version":"1","message":"Sep 13 21:54:37 honeypot-sgp-1 sshd[11674]: Invalid user amdin from 185.246.130.20 port 12896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:55:27.237Z","@version":"1","message":"Sep 13 21:55:26 honeypot-sgp-1 sshd[11680]: Invalid user admin from 185.246.130.20 port 20764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:56:14.258Z","@version":"1","message":"Sep 13 21:56:13 honeypot-sgp-1 sshd[11687]: Invalid user admin from 185.246.130.20 port 19501","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:56:37 honeypot-fra-1 kernel: [83980620.125848] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=182.61.58.87 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=105 ID=5481 DF PROTO=TCP SPT=60437 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T21:56:37.851Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T21:56:52.277Z","@version":"1","message":"Sep 13 21:56:52 honeypot-sgp-1 sshd[11693]: Invalid user 1admin0 from 185.246.130.20 port 63494","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:59:34 honeypot-ams-1 kernel: [83982957.535620] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.149.137.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=21352 PROTO=TCP SPT=33853 DPT=443 WINDOW=17348 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:59:34.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:03:27 honeypot-ams-1 sshd[16477]: Disconnected from authenticating user root 92.255.85.70 port 42968 [preauth]","@timestamp":"2022-09-13T22:03:27.683Z"}
{"@timestamp":"2022-09-13T22:06:47.502Z","@version":"1","message":"Sep 13 22:06:46 honeypot-sgp-1 kernel: [83982916.042025] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54876 PROTO=TCP SPT=27637 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:07:56 honeypot-fra-1 sshd[7277]: Invalid user admin from 128.53.5.55 port 62677","@timestamp":"2022-09-13T22:07:57.106Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:09:34 honeypot-fra-1 sshd[7281]: Invalid user ksoh from 165.22.45.108 port 38344","@timestamp":"2022-09-13T22:09:35.147Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:10:57 honeypot-ams-1 kernel: [83983641.116519] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.236.109 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55750 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:10:57.903Z"}
{"@timestamp":"2022-09-13T22:12:20.637Z","@version":"1","message":"Sep 13 22:12:20 honeypot-sgp-1 sshd[11704]: Connection reset by 61.177.173.51 port 13138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:13:06 honeypot-fra-1 sshd[7286]: Connection closed by invalid user ubnt 189.56.217.183 port 60665 [preauth]","@timestamp":"2022-09-13T22:13:07.230Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:13:19 honeypot-ams-1 sshd[16485]: Received disconnect from 62.231.21.18 port 45106:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:13:19.965Z"}
{"@timestamp":"2022-09-13T22:14:17.687Z","@version":"1","message":"Sep 13 22:14:16 honeypot-sgp-1 sshd[11713]: Disconnected from authenticating user root 61.177.172.124 port 18043 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:15:57.729Z","@version":"1","message":"Sep 13 22:15:57 honeypot-sgp-1 sshd[11719]: Invalid user tenancy from 157.245.122.58 port 35246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:16:57.755Z","@version":"1","message":"Sep 13 22:16:56 honeypot-sgp-1 sshd[11723]: Received disconnect from 157.245.122.58 port 48782:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:17:01 honeypot-ams-1 CRON[16489]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T22:17:01.059Z"}
{"@timestamp":"2022-09-13T22:17:41.775Z","@version":"1","message":"Sep 13 22:17:40 honeypot-sgp-1 kernel: [83983570.478433] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.211.60.49 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=62656 DF PROTO=TCP SPT=57474 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:18:51.804Z","@version":"1","message":"Sep 13 22:18:50 honeypot-sgp-1 sshd[11731]: Disconnected from invalid user jonitiso 157.245.122.58 port 47654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:19:45.828Z","@version":"1","message":"Sep 13 22:19:45 honeypot-sgp-1 sshd[11735]: Disconnected from invalid user cypress 157.245.122.58 port 32954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:21:52 honeypot-fra-1 sshd[7365]: Received disconnect from 92.255.85.69 port 47882:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:21:52.427Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:24:28 honeypot-ams-1 sshd[16504]: Received disconnect from 69.49.245.238 port 53468:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:24:28.252Z"}
{"@timestamp":"2022-09-13T22:24:34.945Z","@version":"1","message":"Sep 13 22:24:33 honeypot-sgp-1 kernel: [83983983.469862] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=49349 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:26:02 honeypot-fra-1 sshd[7368]: Received disconnect from 128.199.167.161 port 42322:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:26:03.524Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:29:16 honeypot-ams-1 sshd[16510]: Invalid user lucky from 59.26.216.102 port 49098","@timestamp":"2022-09-13T22:29:16.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:29:41 honeypot-ams-1 sshd[16513]: Received disconnect from 61.177.173.53 port 27319:11:  [preauth]","@timestamp":"2022-09-13T22:29:41.393Z"}
{"@timestamp":"2022-09-13T22:30:47.090Z","@version":"1","message":"Sep 13 22:30:46 honeypot-sgp-1 sshd[11820]: Disconnected from invalid user xi 103.20.188.28 port 43028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:34:48 honeypot-fra-1 kernel: [83982910.942832] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=TCP SPT=26431 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:34:48.720Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7385]: Invalid user postgres from 52.183.129.64 port 49426","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7391]: Invalid user ftpuser from 52.183.129.64 port 49462","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7381]: Connection closed by invalid user centos 52.183.129.64 port 49422 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7387]: Connection closed by invalid user elastic 52.183.129.64 port 49440 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7377]: Connection closed by invalid user ansible 52.183.129.64 port 49390 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7413]: Invalid user mysql from 52.183.129.64 port 49388","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7411]: Connection closed by invalid user chia 52.183.129.64 port 49454 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:36:46.233Z","@version":"1","message":"Sep 13 22:36:45 honeypot-sgp-1 sshd[11826]: Disconnected from authenticating user root 61.177.173.47 port 53721 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7424]: Invalid user centos from 52.183.129.64 port 49466","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7428]: Invalid user centos from 52.183.129.64 port 49436","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7424]: Connection closed by invalid user centos 52.183.129.64 port 49466 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:49 honeypot-fra-1 sshd[7441]: Connection closed by invalid user ubuntu 52.183.129.64 port 49414 [preauth]","@timestamp":"2022-09-13T22:36:49.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:37:53.261Z","@version":"1","message":"Sep 13 22:37:53 honeypot-sgp-1 sshd[11832]: Invalid user kafka from 91.144.20.198 port 40922","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:38:38 honeypot-ams-1 sshd[16520]: Received disconnect from 61.177.173.36 port 59774:11:  [preauth]","@timestamp":"2022-09-13T22:38:38.628Z"}
{"@timestamp":"2022-09-13T22:42:19.369Z","@version":"1","message":"Sep 13 22:42:19 honeypot-sgp-1 sshd[11835]: Received disconnect from 92.255.85.70 port 22154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:44:35 honeypot-ams-1 sshd[16528]: Did not receive identification string from 80.76.51.46 port 37012","@timestamp":"2022-09-13T22:44:35.804Z"}
{"@timestamp":"2022-09-13T22:45:04.437Z","@version":"1","message":"Sep 13 22:45:03 honeypot-sgp-1 sshd[11839]: Invalid user config from 179.60.147.69 port 14860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:45:24 honeypot-ams-1 sshd[16533]: Disconnected from authenticating user root 80.76.51.46 port 37278 [preauth]","@timestamp":"2022-09-13T22:45:24.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:05 honeypot-ams-1 sshd[16539]: Disconnected from authenticating user root 80.76.51.46 port 51056 [preauth]","@timestamp":"2022-09-13T22:46:06.847Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:46:13 honeypot-fra-1 sshd[7446]: Connection closed by invalid user config 179.60.147.69 port 6216 [preauth]","@timestamp":"2022-09-13T22:46:13.981Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:46 honeypot-ams-1 sshd[16545]: Disconnected from authenticating user root 80.76.51.46 port 36542 [preauth]","@timestamp":"2022-09-13T22:46:46.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:26 honeypot-ams-1 sshd[16552]: Received disconnect from 80.76.51.46 port 50242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:47:26.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:39 honeypot-ams-1 sshd[16554]: Disconnected from invalid user admin 80.76.51.46 port 45332 [preauth]","@timestamp":"2022-09-13T22:47:39.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:06 honeypot-ams-1 sshd[16559]: Disconnected from invalid user ansible 80.76.51.46 port 35770 [preauth]","@timestamp":"2022-09-13T22:48:06.907Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:33 honeypot-ams-1 sshd[16565]: Invalid user ansible from 80.76.51.46 port 54174","@timestamp":"2022-09-13T22:48:33.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:47 honeypot-ams-1 sshd[16569]: Received disconnect from 80.76.51.46 port 49422:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:48:47.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:28 honeypot-ams-1 sshd[16575]: Invalid user oracle from 80.76.51.46 port 34774","@timestamp":"2022-09-13T22:49:28.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:55 honeypot-ams-1 sshd[16579]: Received disconnect from 80.76.51.46 port 53302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:49:55.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:23 honeypot-ams-1 sshd[16583]: Disconnected from invalid user odoo 80.76.51.46 port 43728 [preauth]","@timestamp":"2022-09-13T22:50:23.978Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:52:17 honeypot-fra-1 kernel: [83983959.433288] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.221.192.28 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=47910 PROTO=TCP SPT=21131 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:52:18.120Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:53:19 honeypot-fra-1 sshd[7453]: Disconnected from invalid user kstrioich 165.22.45.108 port 43328 [preauth]","@timestamp":"2022-09-13T22:53:20.145Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:54:51.670Z","@version":"1","message":"Sep 13 22:54:51 honeypot-sgp-1 sshd[11847]: Disconnected from authenticating user root 61.177.172.98 port 35669 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:55:16 honeypot-ams-1 sshd[16592]: Invalid user admin from 125.139.58.175 port 46067","@timestamp":"2022-09-13T22:55:17.103Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:55:53 honeypot-fra-1 sshd[7460]: Received disconnect from 54.36.19.17 port 53990:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:55:53.207Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:02:57 honeypot-ams-1 sshd[16601]: Disconnected from authenticating user root 61.177.173.36 port 29615 [preauth]","@timestamp":"2022-09-13T23:02:58.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:27 honeypot-fra-1 sshd[7470]: Received disconnect from 198.98.61.9 port 48634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:03:28.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:46 honeypot-fra-1 sshd[7474]: Received disconnect from 198.98.61.9 port 45368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:03:47.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:05 honeypot-fra-1 sshd[7478]: Received disconnect from 198.98.61.9 port 42160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:04:06.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:22 honeypot-fra-1 sshd[7482]: Received disconnect from 198.98.61.9 port 38848:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:04:23.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:08:23 honeypot-fra-1 sshd[7487]: Received disconnect from 209.14.68.151 port 39034:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:08:24.500Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:09:18.012Z","@version":"1","message":"Sep 13 23:09:17 honeypot-sgp-1 sshd[11859]: Invalid user joreji from 199.115.228.186 port 35872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:03 honeypot-fra-1 sshd[7492]: Received disconnect from 45.61.186.249 port 38524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:10:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:22 honeypot-fra-1 sshd[7496]: Received disconnect from 45.61.186.249 port 33570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:10:22.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:41 honeypot-fra-1 sshd[7500]: Invalid user user from 45.61.186.249 port 56816","@timestamp":"2022-09-13T23:10:41.559Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:57 honeypot-fra-1 sshd[7504]: Invalid user user from 45.61.186.249 port 51846","@timestamp":"2022-09-13T23:10:58.566Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:12:24 honeypot-ams-1 sshd[16613]: Received disconnect from 61.177.173.49 port 36766:11:  [preauth]","@timestamp":"2022-09-13T23:12:24.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:57 honeypot-fra-1 kernel: [83985379.775214] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61927 PROTO=TCP SPT=45521 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:15:57.682Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:58 honeypot-fra-1 sshd[7512]: Disconnected from invalid user user 141.255.162.226 port 40494 [preauth]","@timestamp":"2022-09-13T23:15:59.683Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:01 honeypot-fra-1 sshd[7516]: Disconnected from invalid user user 141.255.162.226 port 54838 [preauth]","@timestamp":"2022-09-13T23:16:02.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:17:01 honeypot-fra-1 CRON[7520]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T23:17:01.709Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:17:02.196Z","@version":"1","message":"Sep 13 23:17:01 honeypot-sgp-1 CRON[11864]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:19:26 honeypot-ams-1 sshd[16621]: Received disconnect from 61.177.172.124 port 29699:11:  [preauth]","@timestamp":"2022-09-13T23:19:27.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:21:01 honeypot-ams-1 sshd[16626]: Received disconnect from 61.177.173.51 port 57575:11:  [preauth]","@timestamp":"2022-09-13T23:21:01.777Z"}
{"@timestamp":"2022-09-13T23:23:21.350Z","@version":"1","message":"Sep 13 23:23:20 honeypot-sgp-1 sshd[11874]: Connection closed by authenticating user root 103.188.176.251 port 46106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:25:42 honeypot-ams-1 sshd[16629]: Connection closed by invalid user default 179.60.147.69 port 24030 [preauth]","@timestamp":"2022-09-13T23:25:42.905Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:27:11 honeypot-fra-1 sshd[7527]: Did not receive identification string from 103.90.177.102 port 54460","@timestamp":"2022-09-13T23:27:11.937Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:29:33.499Z","@version":"1","message":"Sep 13 23:29:32 honeypot-sgp-1 sshd[11883]: Disconnected from authenticating user root 92.255.85.69 port 15828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:30:41 honeypot-ams-1 kernel: [83988424.798488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=1969 PROTO=TCP SPT=51802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:30:42.037Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:31:38 honeypot-fra-1 sshd[7532]: Received disconnect from 92.255.85.70 port 30866:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:31:39.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:24 honeypot-fra-1 sshd[7536]: Received disconnect from 198.98.61.9 port 38902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:32:25.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:43 honeypot-fra-1 sshd[7540]: Received disconnect from 198.98.61.9 port 33668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:32:44.072Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:00 honeypot-fra-1 sshd[7544]: Received disconnect from 198.98.61.9 port 56704:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:33:01.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:08 honeypot-fra-1 sshd[7548]: Disconnected from invalid user user 198.98.61.9 port 39990 [preauth]","@timestamp":"2022-09-13T23:33:09.085Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:33:11 honeypot-ams-1 kernel: [83988574.600938] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=40015 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:33:12.105Z"}
{"@timestamp":"2022-09-13T23:36:44.671Z","@version":"1","message":"Sep 13 23:36:43 honeypot-sgp-1 sshd[11891]: Disconnected from 61.177.173.47 port 44165 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:38:16 honeypot-ams-1 sshd[16647]: Disconnected from authenticating user root 61.177.173.51 port 21438 [preauth]","@timestamp":"2022-09-13T23:38:17.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:40:21 honeypot-fra-1 sshd[7554]: Disconnected from invalid user kuangwh 165.22.45.108 port 48354 [preauth]","@timestamp":"2022-09-13T23:40:22.247Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:45:07 honeypot-ams-1 sshd[16654]: Invalid user test from 193.106.191.157 port 55256","@timestamp":"2022-09-13T23:45:07.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:48:44 honeypot-ams-1 sshd[16664]: Received disconnect from 69.250.26.126 port 53120:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:48:44.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:50:48 honeypot-ams-1 sshd[16669]: Received disconnect from 61.177.173.36 port 55336:11:  [preauth]","@timestamp":"2022-09-13T23:50:49.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:51:28 honeypot-fra-1 sshd[7561]: Invalid user salvatore from 187.141.135.181 port 60750","@timestamp":"2022-09-13T23:51:28.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:52:00.025Z","@version":"1","message":"Sep 13 23:51:59 honeypot-sgp-1 kernel: [83989228.667695] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.36 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59643 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:52:38 honeypot-fra-1 sshd[7565]: Connection closed by invalid user admin 193.248.170.133 port 53430 [preauth]","@timestamp":"2022-09-13T23:52:38.542Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:57:45 honeypot-ams-1 sshd[16676]: Received disconnect from 92.255.85.70 port 47672:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:57:45.759Z"}
{"@timestamp":"2022-09-13T23:58:21.176Z","@version":"1","message":"Sep 13 23:58:20 honeypot-sgp-1 sshd[11908]: Disconnecting invalid user  81.17.25.50 port 33914: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:32.206Z","@version":"1","message":"Sep 13 23:59:31 honeypot-sgp-1 sshd[11914]: Disconnecting invalid user  81.17.25.50 port 31340: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:58.219Z","@version":"1","message":"Sep 13 23:59:57 honeypot-sgp-1 sshd[11922]: Disconnected from authenticating user root 61.177.173.35 port 56639 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:00:43.241Z","@version":"1","message":"Sep 14 00:00:42 honeypot-sgp-1 sshd[11927]: Disconnected from authenticating user root 61.177.173.50 port 53136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:03:01.301Z","@version":"1","message":"Sep 14 00:03:00 honeypot-sgp-1 sshd[11933]: Disconnecting invalid user manager 81.17.25.50 port 16339: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:03:41 honeypot-ams-1 sshd[16681]: Invalid user centos from 179.60.147.69 port 45074","@timestamp":"2022-09-14T00:03:41.925Z"}
{"@timestamp":"2022-09-14T00:05:43.368Z","@version":"1","message":"Sep 14 00:05:42 honeypot-sgp-1 sshd[11942]: Did not receive identification string from 128.199.96.88 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:07:25.414Z","@version":"1","message":"Sep 14 00:07:25 honeypot-sgp-1 sshd[11947]: Disconnecting invalid user  81.17.25.50 port 22541: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:07:25 honeypot-fra-1 sshd[7573]: Connection closed by 192.241.216.15 port 44498 [preauth]","@timestamp":"2022-09-14T00:07:25.889Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:09:20.464Z","@version":"1","message":"Sep 14 00:09:20 honeypot-sgp-1 sshd[11958]: Received disconnect from 61.177.172.90 port 12068:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:09:59 honeypot-ams-1 kernel: [83990782.769771] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.248.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=9635 PROTO=TCP SPT=32529 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:10:00.099Z"}
{"@timestamp":"2022-09-14T00:11:12.514Z","@version":"1","message":"Sep 14 00:11:12 honeypot-sgp-1 sshd[11964]: Invalid user blank from 81.17.25.50 port 5157","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:13:06.564Z","@version":"1","message":"Sep 14 00:13:06 honeypot-sgp-1 sshd[11971]: Invalid user guest from 81.17.25.50 port 37237","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:14:25 honeypot-ams-1 kernel: [83991049.429265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=8517 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:14:26.221Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:14:46 honeypot-fra-1 sshd[7580]: Invalid user test from 193.106.191.157 port 58564","@timestamp":"2022-09-14T00:14:47.058Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:14:56.612Z","@version":"1","message":"Sep 14 00:14:56 honeypot-sgp-1 sshd[11977]: Invalid user  from 81.17.25.50 port 47786","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:15:03.615Z","@version":"1","message":"Sep 14 00:15:03 honeypot-sgp-1 sshd[11980]: Invalid user Cisco from 81.17.25.50 port 11878","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:16:41.659Z","@version":"1","message":"Sep 14 00:16:41 honeypot-sgp-1 sshd[11987]: Invalid user admin from 81.17.25.50 port 21642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:17:54.692Z","@version":"1","message":"Sep 14 00:17:54 honeypot-sgp-1 sshd[11991]: Disconnecting invalid user 1234 81.17.25.50 port 36117: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:18:37.713Z","@version":"1","message":"Sep 14 00:18:37 honeypot-sgp-1 sshd[12007]: Invalid user adslroot from 81.17.25.50 port 8498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:18:57.723Z","@version":"1","message":"Sep 14 00:18:56 honeypot-sgp-1 sshd[12012]: Connection closed by 167.94.138.118 port 54762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:11.729Z","@version":"1","message":"Sep 14 00:19:11 honeypot-sgp-1 sshd[12017]: Disconnected from invalid user bpq 143.198.11.227 port 45374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:37.743Z","@version":"1","message":"Sep 14 00:19:36 honeypot-sgp-1 sshd[12021]: Disconnecting invalid user zhone 81.17.25.50 port 30952: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:19:46 honeypot-ams-1 sshd[16703]: Received disconnect from 92.255.85.70 port 18044:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:19:47.363Z"}
{"@timestamp":"2022-09-14T00:20:40.772Z","@version":"1","message":"Sep 14 00:20:40 honeypot-sgp-1 sshd[12031]: Invalid user admin from 81.17.25.50 port 44036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:21:47 honeypot-fra-1 sshd[7589]: Invalid user open from 211.125.67.35 port 35492","@timestamp":"2022-09-14T00:21:48.215Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:21:48.803Z","@version":"1","message":"Sep 14 00:21:48 honeypot-sgp-1 sshd[12037]: Invalid user cusadmin from 81.17.25.50 port 15522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:22:11 honeypot-fra-1 sshd[7592]: Connection closed by invalid user pi 143.92.181.171 port 37350 [preauth]","@timestamp":"2022-09-14T00:22:12.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:22:33 honeypot-ams-1 sshd[16707]: Disconnected from authenticating user root 103.25.209.110 port 37176 [preauth]","@timestamp":"2022-09-14T00:22:34.439Z"}
{"@timestamp":"2022-09-14T00:22:40.827Z","@version":"1","message":"Sep 14 00:22:40 honeypot-sgp-1 sshd[12041]: Disconnecting invalid user admin 81.17.25.50 port 21169: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:23:34.852Z","@version":"1","message":"Sep 14 00:23:34 honeypot-sgp-1 sshd[12048]: Disconnecting invalid user comcast 81.17.25.50 port 20218: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:24:35.881Z","@version":"1","message":"Sep 14 00:24:35 honeypot-sgp-1 sshd[12054]: Disconnecting invalid user admin1234 81.17.25.50 port 43904: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:25:54.916Z","@version":"1","message":"Sep 14 00:25:54 honeypot-sgp-1 sshd[12061]: Disconnecting invalid user admin 81.17.25.50 port 47978: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:26:00.920Z","@version":"1","message":"Sep 14 00:26:00 honeypot-sgp-1 sshd[12067]: Disconnecting invalid user blank 81.17.25.50 port 2264: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:03.949Z","@version":"1","message":"Sep 14 00:27:03 honeypot-sgp-1 sshd[12075]: Invalid user 0 from 81.17.25.50 port 42811","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:16.957Z","@version":"1","message":"Sep 14 00:27:16 honeypot-sgp-1 sshd[12081]: Invalid user admin from 81.17.25.50 port 10035","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:22.961Z","@version":"1","message":"Sep 14 00:27:22 honeypot-sgp-1 sshd[12087]: Invalid user Broadcom from 81.17.25.50 port 50565","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:35.968Z","@version":"1","message":"Sep 14 00:27:35 honeypot-sgp-1 sshd[12093]: Invalid user cusadmin from 81.17.25.50 port 5730","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:27:37 honeypot-ams-1 sshd[16716]: Received disconnect from 61.177.173.36 port 51800:11:  [preauth]","@timestamp":"2022-09-14T00:27:38.586Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:27:57 honeypot-fra-1 sshd[7598]: Disconnected from invalid user kuantic 165.22.45.108 port 53378 [preauth]","@timestamp":"2022-09-14T00:27:57.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:28:03.981Z","@version":"1","message":"Sep 14 00:28:03 honeypot-sgp-1 sshd[12100]: Invalid user drupal from 159.223.95.166 port 45762","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:28:44.001Z","@version":"1","message":"Sep 14 00:28:43 honeypot-sgp-1 sshd[12104]: Invalid user sweex from 81.17.25.50 port 14898","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:29:17.016Z","@version":"1","message":"Sep 14 00:29:16 honeypot-sgp-1 sshd[12110]: Invalid user  from 81.17.25.50 port 53601","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:34 honeypot-ams-1 sshd[16720]: Disconnected from authenticating user root 177.24.46.4 port 35260 [preauth]","@timestamp":"2022-09-14T00:29:35.639Z"}
{"@timestamp":"2022-09-14T00:29:36.025Z","@version":"1","message":"Sep 14 00:29:35 honeypot-sgp-1 sshd[12116]: Invalid user ubnt from 81.17.25.50 port 32247","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:40 honeypot-ams-1 sshd[16726]: Received disconnect from 177.24.46.4 port 35441:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:40.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:46 honeypot-ams-1 sshd[16732]: Received disconnect from 177.24.46.4 port 35614:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:47.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:52 honeypot-ams-1 sshd[16738]: Received disconnect from 177.24.46.4 port 35737:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:53.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:00 honeypot-ams-1 sshd[16744]: Received disconnect from 177.24.46.4 port 35938:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:00.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:06 honeypot-ams-1 sshd[16750]: Received disconnect from 177.24.46.4 port 36094:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:06.660Z"}
{"@timestamp":"2022-09-14T00:30:07.040Z","@version":"1","message":"Sep 14 00:30:06 honeypot-sgp-1 sshd[12122]: Disconnecting invalid user user 81.17.25.50 port 31205: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:11 honeypot-ams-1 sshd[16756]: Received disconnect from 177.24.46.4 port 36228:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:11.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:17 honeypot-ams-1 sshd[16762]: Received disconnect from 177.24.46.4 port 36393:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:17.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:23 honeypot-ams-1 sshd[16768]: Received disconnect from 177.24.46.4 port 36520:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:23.671Z"}
{"@timestamp":"2022-09-14T00:30:29.050Z","@version":"1","message":"Sep 14 00:30:28 honeypot-sgp-1 sshd[12128]: Disconnecting invalid user Admin 81.17.25.50 port 56291: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:37 honeypot-ams-1 sshd[16775]: Received disconnect from 177.24.46.4 port 36767:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:37.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:48 honeypot-ams-1 sshd[16779]: Disconnected from authenticating user root 177.24.46.4 port 36966 [preauth]","@timestamp":"2022-09-14T00:30:49.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:56 honeypot-ams-1 sshd[16785]: Disconnected from authenticating user root 177.24.46.4 port 37318 [preauth]","@timestamp":"2022-09-14T00:30:57.693Z"}
{"@timestamp":"2022-09-14T00:31:02.066Z","@version":"1","message":"Sep 14 00:31:01 honeypot-sgp-1 sshd[12134]: Disconnecting invalid user 0 81.17.25.50 port 1433: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:06 honeypot-ams-1 sshd[16791]: Disconnected from authenticating user root 177.24.46.4 port 37454 [preauth]","@timestamp":"2022-09-14T00:31:06.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:10 honeypot-ams-1 sshd[16795]: Disconnected from invalid user admin 177.24.46.4 port 37615 [preauth]","@timestamp":"2022-09-14T00:31:10.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:13 honeypot-ams-1 sshd[16799]: Disconnected from invalid user admin 177.24.46.4 port 37682 [preauth]","@timestamp":"2022-09-14T00:31:14.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:17 honeypot-ams-1 sshd[16803]: Disconnected from invalid user admin 177.24.46.4 port 37797 [preauth]","@timestamp":"2022-09-14T00:31:17.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:21 honeypot-ams-1 sshd[16807]: Disconnected from invalid user admin 177.24.46.4 port 37876 [preauth]","@timestamp":"2022-09-14T00:31:21.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:25 honeypot-ams-1 sshd[16811]: Disconnected from invalid user admin 177.24.46.4 port 37964 [preauth]","@timestamp":"2022-09-14T00:31:25.712Z"}
{"@timestamp":"2022-09-14T00:31:29.079Z","@version":"1","message":"Sep 14 00:31:28 honeypot-sgp-1 sshd[12140]: Disconnecting invalid user admin 81.17.25.50 port 34407: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:29 honeypot-ams-1 sshd[16815]: Disconnected from authenticating user root 177.24.46.4 port 38082 [preauth]","@timestamp":"2022-09-14T00:31:29.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:34 honeypot-ams-1 sshd[16821]: Invalid user pi from 177.24.46.4 port 38202","@timestamp":"2022-09-14T00:31:35.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:38 honeypot-ams-1 sshd[16825]: Invalid user ethos from 177.24.46.4 port 38302","@timestamp":"2022-09-14T00:31:38.721Z"}
{"@timestamp":"2022-09-14T00:31:39.084Z","@version":"1","message":"Sep 14 00:31:38 honeypot-sgp-1 sshd[12146]: Connection closed by invalid user ltecl4r0 81.17.25.50 port 8955 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:43 honeypot-ams-1 sshd[16829]: Invalid user miner from 177.24.46.4 port 38384","@timestamp":"2022-09-14T00:31:43.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:45 honeypot-ams-1 sshd[16831]: Disconnected from invalid user xbmc 177.24.46.4 port 38447 [preauth]","@timestamp":"2022-09-14T00:31:45.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:49 honeypot-ams-1 sshd[16835]: Received disconnect from 177.24.46.4 port 38555:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:49.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:52 honeypot-ams-1 sshd[16839]: Received disconnect from 177.24.46.4 port 38635:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:53.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:56 honeypot-ams-1 sshd[16843]: Received disconnect from 177.24.46.4 port 38735:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:56.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:00 honeypot-ams-1 sshd[16847]: Received disconnect from 177.24.46.4 port 38836:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:32:00.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:03 honeypot-ams-1 sshd[16851]: Received disconnect from 177.24.46.4 port 38911:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:32:04.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:07 honeypot-ams-1 sshd[16855]: Received disconnect from 177.24.46.4 port 39013:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:32:08.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:11 honeypot-ams-1 sshd[16859]: Received disconnect from 177.24.46.4 port 39097:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:32:11.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:32:38 honeypot-fra-1 kernel: [83989980.682440] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.106.220 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=3838 DF PROTO=TCP SPT=25493 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:32:39.463Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:33:49 honeypot-ams-1 sshd[16863]: Disconnected from authenticating user root 178.128.34.59 port 48892 [preauth]","@timestamp":"2022-09-14T00:33:49.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:34:58 honeypot-fra-1 sshd[7609]: Disconnected from invalid user uwsgi 157.230.254.228 port 53544 [preauth]","@timestamp":"2022-09-14T00:34:58.519Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:09 honeypot-fra-1 sshd[7614]: Received disconnect from 141.255.162.226 port 42968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T00:36:09.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:13 honeypot-fra-1 sshd[7618]: Received disconnect from 141.255.162.226 port 41378:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T00:36:13.549Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:36:38.201Z","@version":"1","message":"Sep 14 00:36:37 honeypot-sgp-1 kernel: [83991907.141002] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.255.242.167 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=228 ID=30271 DF PROTO=TCP SPT=43211 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:41 honeypot-fra-1 sshd[7624]: Received disconnect from 178.172.173.123 port 36868:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:36:42.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:38:50 honeypot-fra-1 sshd[7629]: Connection closed by invalid user guest 179.60.147.69 port 62820 [preauth]","@timestamp":"2022-09-14T00:38:50.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:38:59.260Z","@version":"1","message":"Sep 14 00:38:58 honeypot-sgp-1 sshd[12164]: Received disconnect from 41.169.26.228 port 60282:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:40:50 honeypot-ams-1 sshd[16872]: Connection closed by invalid user  64.62.197.62 port 29778 [preauth]","@timestamp":"2022-09-14T00:40:50.985Z"}
{"@timestamp":"2022-09-14T00:42:14.338Z","@version":"1","message":"Sep 14 00:42:13 honeypot-sgp-1 sshd[12170]: Disconnected from authenticating user root 61.177.173.52 port 25795 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16884]: Did not receive identification string from 193.176.239.126 port 48248","@timestamp":"2022-09-14T00:44:56.094Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16898]: Invalid user momo from 193.176.239.126 port 48348","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16900]: Invalid user demo from 193.176.239.126 port 48304","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16890]: Connection closed by invalid user nagios 193.176.239.126 port 48284 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16916]: Invalid user centos from 193.176.239.126 port 48310","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16896]: Connection closed by invalid user nagios 193.176.239.126 port 48322 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16898]: Connection closed by invalid user momo 193.176.239.126 port 48348 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16918]: Invalid user user from 193.176.239.126 port 48312","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16914]: Connection closed by invalid user oracle 193.176.239.126 port 48346 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16918]: Connection closed by invalid user user 193.176.239.126 port 48312 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:47:26 honeypot-fra-1 kernel: [83990868.973681] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3444 PROTO=TCP SPT=55877 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:47:27.809Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:49:00 honeypot-ams-1 sshd[16958]: Invalid user marius from 147.182.170.143 port 56232","@timestamp":"2022-09-14T00:49:00.201Z"}
{"@timestamp":"2022-09-14T00:50:02.521Z","@version":"1","message":"Sep 14 00:50:02 honeypot-sgp-1 kernel: [83992711.828978] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.119 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=30663 PROTO=TCP SPT=45983 DPT=5432 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:53:17.599Z","@version":"1","message":"Sep 14 00:53:16 honeypot-sgp-1 kernel: [83992906.259458] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=58241 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:57:17.692Z","@version":"1","message":"Sep 14 00:57:17 honeypot-sgp-1 sshd[12196]: Disconnected from invalid user lines 159.223.65.243 port 34994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:00:00 honeypot-ams-1 kernel: [83993783.468585] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=46800 DF PROTO=TCP SPT=47824 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:00:00.489Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:00:08 honeypot-fra-1 sshd[7641]: Invalid user  from 64.62.197.92 port 61226","@timestamp":"2022-09-14T01:00:08.094Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:43 honeypot-ams-1 sshd[16971]: Invalid user user from 45.61.186.249 port 54812","@timestamp":"2022-09-14T01:02:43.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:02 honeypot-ams-1 sshd[16975]: Invalid user user from 45.61.186.249 port 49194","@timestamp":"2022-09-14T01:03:02.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:21 honeypot-ams-1 sshd[16979]: Invalid user user from 45.61.186.249 port 43582","@timestamp":"2022-09-14T01:03:21.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:40 honeypot-ams-1 sshd[16983]: Invalid user user from 45.61.186.249 port 37960","@timestamp":"2022-09-14T01:03:41.596Z"}
{"@timestamp":"2022-09-14T01:04:36.864Z","@version":"1","message":"Sep 14 01:04:36 honeypot-sgp-1 sshd[12205]: Received disconnect from 185.231.245.49 port 49496:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:05:19.884Z","@version":"1","message":"Sep 14 01:05:19 honeypot-sgp-1 sshd[12211]: Invalid user maxim from 41.59.100.34 port 33610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:06:35 honeypot-ams-1 sshd[16986]: Received disconnect from 61.177.173.53 port 63653:11:  [preauth]","@timestamp":"2022-09-14T01:06:35.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:09:10 honeypot-fra-1 sshd[7649]: Did not receive identification string from 128.199.96.88 port 61000","@timestamp":"2022-09-14T01:09:11.293Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:54 honeypot-ams-1 sshd[16994]: Received disconnect from 175.4.209.29 port 32081:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:09:55.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:58 honeypot-ams-1 sshd[16998]: Disconnected from authenticating user root 175.4.209.29 port 32195 [preauth]","@timestamp":"2022-09-14T01:09:58.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:04 honeypot-ams-1 sshd[17004]: Disconnected from authenticating user root 175.4.209.29 port 32374 [preauth]","@timestamp":"2022-09-14T01:10:04.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:10 honeypot-ams-1 sshd[17011]: Disconnected from authenticating user root 175.4.209.29 port 32547 [preauth]","@timestamp":"2022-09-14T01:10:10.778Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:16 honeypot-ams-1 sshd[17017]: Disconnected from authenticating user root 175.4.209.29 port 32770 [preauth]","@timestamp":"2022-09-14T01:10:16.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:22 honeypot-ams-1 sshd[17023]: Disconnected from authenticating user root 175.4.209.29 port 32931 [preauth]","@timestamp":"2022-09-14T01:10:23.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:29 honeypot-ams-1 sshd[17029]: Disconnected from authenticating user root 175.4.209.29 port 33141 [preauth]","@timestamp":"2022-09-14T01:10:29.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:35 honeypot-ams-1 sshd[17035]: Disconnected from authenticating user root 175.4.209.29 port 33331 [preauth]","@timestamp":"2022-09-14T01:10:35.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:41 honeypot-ams-1 sshd[17041]: Disconnected from authenticating user root 175.4.209.29 port 33503 [preauth]","@timestamp":"2022-09-14T01:10:41.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:47 honeypot-ams-1 sshd[17047]: Disconnected from authenticating user root 175.4.209.29 port 33714 [preauth]","@timestamp":"2022-09-14T01:10:47.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:20 honeypot-ams-1 sshd[17059]: Disconnected from authenticating user root 175.4.209.29 port 30504 [preauth]","@timestamp":"2022-09-14T01:11:20.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:24 honeypot-ams-1 sshd[17065]: Disconnected from authenticating user root 175.4.209.29 port 30752 [preauth]","@timestamp":"2022-09-14T01:11:24.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:28 honeypot-ams-1 sshd[17069]: Disconnected from invalid user admin 175.4.209.29 port 30891 [preauth]","@timestamp":"2022-09-14T01:11:28.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:32 honeypot-ams-1 sshd[17073]: Disconnected from invalid user admin 175.4.209.29 port 31003 [preauth]","@timestamp":"2022-09-14T01:11:32.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:36 honeypot-ams-1 sshd[17077]: Disconnected from invalid user admin 175.4.209.29 port 31142 [preauth]","@timestamp":"2022-09-14T01:11:36.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:40 honeypot-ams-1 sshd[17081]: Disconnected from invalid user admin 175.4.209.29 port 31258 [preauth]","@timestamp":"2022-09-14T01:11:40.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:44 honeypot-ams-1 sshd[17085]: Disconnected from invalid user admin 175.4.209.29 port 31383 [preauth]","@timestamp":"2022-09-14T01:11:44.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:50 honeypot-ams-1 sshd[17091]: Received disconnect from 175.4.209.29 port 31556:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:50.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:54 honeypot-ams-1 sshd[17095]: Received disconnect from 175.4.209.29 port 31719:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:54.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:59 honeypot-ams-1 sshd[17099]: Received disconnect from 175.4.209.29 port 31848:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:59.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:03 honeypot-ams-1 sshd[17103]: Received disconnect from 175.4.209.29 port 32035:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:03.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:07 honeypot-ams-1 sshd[17107]: Received disconnect from 175.4.209.29 port 32180:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:08.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:14 honeypot-ams-1 sshd[17111]: Received disconnect from 175.4.209.29 port 32292:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:14.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:18 honeypot-ams-1 sshd[17115]: Received disconnect from 175.4.209.29 port 32526:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:18.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:22 honeypot-ams-1 sshd[17119]: Received disconnect from 175.4.209.29 port 32640:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:22.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:26 honeypot-ams-1 sshd[17123]: Received disconnect from 175.4.209.29 port 32801:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:26.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:30 honeypot-ams-1 sshd[17127]: Received disconnect from 175.4.209.29 port 32923:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:30.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:34 honeypot-ams-1 sshd[17131]: Received disconnect from 175.4.209.29 port 33078:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:34.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:38 honeypot-ams-1 sshd[17135]: Received disconnect from 175.4.209.29 port 33202:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:38.875Z"}
{"@timestamp":"2022-09-14T01:12:44.064Z","@version":"1","message":"Sep 14 01:12:43 honeypot-sgp-1 kernel: [83994072.923900] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=22108 DF PROTO=TCP SPT=56044 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:14:37 honeypot-fra-1 sshd[7651]: Disconnected from invalid user kubeadmin 165.22.45.108 port 58358 [preauth]","@timestamp":"2022-09-14T01:14:37.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:17:02.176Z","@version":"1","message":"Sep 14 01:17:01 honeypot-sgp-1 CRON[12223]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:17:19 honeypot-ams-1 sshd[17143]: Invalid user default from 179.60.147.69 port 61858","@timestamp":"2022-09-14T01:17:19.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:17:48 honeypot-fra-1 sshd[7660]: Received disconnect from 31.47.192.98 port 56506:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:17:49.495Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:17:49 honeypot-ams-1 sshd[17145]: Disconnected from authenticating user root 61.177.172.104 port 39680 [preauth]","@timestamp":"2022-09-14T01:17:50.015Z"}
{"@timestamp":"2022-09-14T01:18:55.224Z","@version":"1","message":"Sep 14 01:18:54 honeypot-sgp-1 sshd[12229]: Disconnected from authenticating user root 61.177.173.48 port 22467 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:20:20 honeypot-ams-1 kernel: [83995004.044771] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.142.236.40 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=40067 PROTO=TCP SPT=20012 DPT=443 WINDOW=20860 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:20:21.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:00 honeypot-fra-1 sshd[7663]: Received disconnect from 80.91.223.118 port 33486:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:21:00.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:12 honeypot-fra-1 sshd[7669]: Invalid user admin from 128.199.160.207 port 58614","@timestamp":"2022-09-14T01:21:13.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:27:57 honeypot-fra-1 sshd[7674]: Disconnected from authenticating user root 92.255.85.69 port 48052 [preauth]","@timestamp":"2022-09-14T01:27:58.729Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:28:21.466Z","@version":"1","message":"Sep 14 01:28:21 honeypot-sgp-1 kernel: [83995010.338097] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.96.13.144 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=14431 DF PROTO=TCP SPT=55315 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:29:17.491Z","@version":"1","message":"Sep 14 01:29:17 honeypot-sgp-1 sshd[12238]: Disconnected from 61.177.173.51 port 64332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:30:24 honeypot-ams-1 sshd[17164]: Received disconnect from 92.255.85.70 port 49930:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:30:25.346Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:35:59 honeypot-ams-1 kernel: [83995943.101624] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.120 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47335 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:36:00.495Z"}
{"@timestamp":"2022-09-14T01:37:16.682Z","@version":"1","message":"Sep 14 01:37:16 honeypot-sgp-1 sshd[12245]: Connection closed by invalid user admin 178.128.125.205 port 43560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:37:16.682Z","@version":"1","message":"Sep 14 01:37:16 honeypot-sgp-1 sshd[12251]: Connection closed by invalid user admin 178.128.125.205 port 43586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:39:50 honeypot-fra-1 kernel: [83994011.937841] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.124 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=55480 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:39:51.009Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:40:41 honeypot-ams-1 kernel: [83996224.715800] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.166.223.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=35688 PROTO=TCP SPT=56226 DPT=443 WINDOW=61813 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:40:41.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:00 honeypot-ams-1 sshd[17183]: Received disconnect from 80.76.51.45 port 37760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:42:00.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:30 honeypot-ams-1 sshd[17187]: Disconnected from authenticating user root 80.76.51.45 port 60724 [preauth]","@timestamp":"2022-09-14T01:42:30.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:43:14 honeypot-ams-1 sshd[17193]: Disconnected from authenticating user root 80.76.51.45 port 38556 [preauth]","@timestamp":"2022-09-14T01:43:15.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:43:59 honeypot-ams-1 sshd[17199]: Disconnected from authenticating user root 80.76.51.45 port 44626 [preauth]","@timestamp":"2022-09-14T01:43:59.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:44:43 honeypot-ams-1 sshd[17205]: Invalid user git from 80.76.51.45 port 50836","@timestamp":"2022-09-14T01:44:44.779Z"}
{"@timestamp":"2022-09-14T01:47:31.928Z","@version":"1","message":"Sep 14 01:47:30 honeypot-sgp-1 sshd[12259]: Received disconnect from 61.177.173.37 port 17697:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:51:48 honeypot-fra-1 sshd[7685]: Received disconnect from 92.255.85.69 port 27572:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:51:48.285Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:52:19.046Z","@version":"1","message":"Sep 14 01:52:18 honeypot-sgp-1 sshd[12268]: Connection closed by invalid user user 103.188.176.251 port 48104 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:53:26 honeypot-ams-1 sshd[17214]: Received disconnect from 92.255.85.70 port 20568:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:53:27.005Z"}
{"@timestamp":"2022-09-14T01:53:34.078Z","@version":"1","message":"Sep 14 01:53:33 honeypot-sgp-1 sshd[12275]: Received disconnect from 45.61.186.49 port 52670:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:53:45.085Z","@version":"1","message":"Sep 14 01:53:44 honeypot-sgp-1 sshd[12279]: Received disconnect from 45.61.186.49 port 36084:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:56:25 honeypot-ams-1 sshd[17220]: Received disconnect from 89.22.165.187 port 26752:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:56:26.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:01:25 honeypot-ams-1 sshd[17224]: Disconnected from invalid user admin 114.7.195.180 port 35598 [preauth]","@timestamp":"2022-09-14T02:01:25.219Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:01:59 honeypot-fra-1 sshd[7688]: Disconnected from invalid user kuglerjh 165.22.45.108 port 35078 [preauth]","@timestamp":"2022-09-14T02:02:00.518Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:24 honeypot-fra-1 sshd[7696]: Received disconnect from 179.43.145.74 port 56220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:04:24.578Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:04:30.362Z","@version":"1","message":"Sep 14 02:04:30 honeypot-sgp-1 kernel: [83997179.565993] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.8 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35222 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:50 honeypot-fra-1 sshd[7702]: Received disconnect from 179.43.145.74 port 37114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:04:50.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:05:44 honeypot-fra-1 sshd[7706]: Disconnected from authenticating user root 186.84.174.241 port 44036 [preauth]","@timestamp":"2022-09-14T02:05:45.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:06:40 honeypot-fra-1 kernel: [83995622.058437] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.106.220 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=44382 DF PROTO=TCP SPT=23143 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:06:40.638Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:09:18 honeypot-fra-1 sshd[7717]: Disconnected from authenticating user root 143.244.158.100 port 57194 [preauth]","@timestamp":"2022-09-14T02:09:18.701Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:09:49.495Z","@version":"1","message":"Sep 14 02:09:48 honeypot-sgp-1 sshd[12296]: Disconnected from authenticating user root 61.177.173.51 port 36254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:10:17 honeypot-fra-1 sshd[7721]: Disconnected from authenticating user root 143.244.158.100 port 44188 [preauth]","@timestamp":"2022-09-14T02:10:17.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:11:18 honeypot-ams-1 sshd[17236]: Received disconnect from 61.177.173.51 port 20483:11:  [preauth]","@timestamp":"2022-09-14T02:11:19.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:41 honeypot-fra-1 sshd[7727]: Received disconnect from 135.125.10.56 port 35552:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:11:42.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:35 honeypot-fra-1 sshd[7733]: Did not receive identification string from 45.61.184.204 port 43970","@timestamp":"2022-09-14T02:12:36.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:56 honeypot-fra-1 sshd[7738]: Invalid user user from 45.61.184.204 port 50844","@timestamp":"2022-09-14T02:12:56.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:14 honeypot-fra-1 sshd[7742]: Invalid user user from 45.61.184.204 port 45708","@timestamp":"2022-09-14T02:13:14.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:32 honeypot-fra-1 sshd[7747]: Invalid user user from 45.61.184.204 port 40578","@timestamp":"2022-09-14T02:13:32.814Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:41 honeypot-fra-1 sshd[7751]: Received disconnect from 45.61.184.204 port 52170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:13:41.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:15:15 honeypot-fra-1 sshd[7757]: Received disconnect from 143.244.158.100 port 50948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:15:15.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:16:58 honeypot-fra-1 sshd[7763]: Received disconnect from 143.244.158.100 port 48698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:16:58.895Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:17:02.669Z","@version":"1","message":"Sep 14 02:17:01 honeypot-sgp-1 CRON[12303]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:17:27 honeypot-ams-1 sshd[17673]: Received disconnect from 92.255.85.70 port 25968:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:17:27.638Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:18:37 honeypot-fra-1 sshd[7771]: Received disconnect from 143.244.158.100 port 46886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:18:37.936Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:18:54 honeypot-ams-1 sshd[17675]: Disconnecting invalid user admin 58.77.199.182 port 51584: Too many authentication failures [preauth]","@timestamp":"2022-09-14T02:18:55.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:29 honeypot-fra-1 sshd[7776]: Received disconnect from 141.255.162.226 port 55004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:19:29.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:31 honeypot-fra-1 sshd[7780]: Received disconnect from 141.255.162.226 port 39800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:19:31.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:33 honeypot-fra-1 sshd[7784]: Received disconnect from 141.255.162.226 port 46318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:19:33.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:37 honeypot-fra-1 sshd[7788]: Received disconnect from 141.255.162.226 port 33286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:19:37.964Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:03 honeypot-ams-1 sshd[17683]: Disconnected from authenticating user root 109.205.213.23 port 60496 [preauth]","@timestamp":"2022-09-14T02:20:03.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:26 honeypot-ams-1 sshd[17689]: Disconnected from authenticating user root 109.205.213.23 port 47334 [preauth]","@timestamp":"2022-09-14T02:20:26.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:51 honeypot-ams-1 sshd[17695]: Disconnected from authenticating user root 109.205.213.23 port 34170 [preauth]","@timestamp":"2022-09-14T02:20:51.740Z"}
{"@timestamp":"2022-09-14T02:20:56.764Z","@version":"1","message":"Sep 14 02:20:56 honeypot-sgp-1 kernel: [83998165.377869] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.170.119.250 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=62861 PROTO=TCP SPT=55062 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:21:10 honeypot-fra-1 sshd[7792]: Received disconnect from 143.244.158.100 port 40528:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:21:11.005Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:21:49 honeypot-ams-1 sshd[17699]: Disconnected from authenticating user root 109.205.213.23 port 49240 [preauth]","@timestamp":"2022-09-14T02:21:49.768Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:22:01 honeypot-fra-1 sshd[7796]: Disconnected from authenticating user root 143.244.158.100 port 44462 [preauth]","@timestamp":"2022-09-14T02:22:02.027Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:22:17 honeypot-ams-1 sshd[17706]: Invalid user admin from 109.205.213.23 port 36078","@timestamp":"2022-09-14T02:22:17.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:23:46 honeypot-fra-1 sshd[7803]: Received disconnect from 143.244.158.100 port 59166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:23:47.070Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:26:04.892Z","@version":"1","message":"Sep 14 02:26:04 honeypot-sgp-1 sshd[12316]: Disconnected from authenticating user root 61.177.173.53 port 25712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:26:19 honeypot-fra-1 sshd[7809]: Received disconnect from 143.244.158.100 port 60472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:26:20.132Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:28:06 honeypot-fra-1 sshd[7815]: Invalid user debian from 179.60.147.69 port 9544","@timestamp":"2022-09-14T02:28:07.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:28:08 honeypot-ams-1 sshd[17713]: Invalid user test from 193.106.191.157 port 42944","@timestamp":"2022-09-14T02:28:08.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:05 honeypot-ams-1 sshd[17718]: Received disconnect from 45.61.186.169 port 60972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:29:05.966Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:22 honeypot-ams-1 sshd[17722]: Received disconnect from 45.61.186.169 port 55812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:29:22.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:30 honeypot-ams-1 sshd[17724]: Disconnected from invalid user user 45.61.186.169 port 39128 [preauth]","@timestamp":"2022-09-14T02:29:31.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:47 honeypot-ams-1 sshd[17728]: Disconnected from invalid user user 45.61.186.169 port 33988 [preauth]","@timestamp":"2022-09-14T02:29:47.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:30:06 honeypot-fra-1 kernel: [83997028.328835] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.195.180.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31400 PROTO=TCP SPT=49072 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:30:07.225Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:32:18 honeypot-fra-1 sshd[7827]: Received disconnect from 143.244.158.100 port 48182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:32:19.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:33:42 honeypot-ams-1 sshd[17735]: Invalid user developer from 164.177.31.66 port 48690","@timestamp":"2022-09-14T02:33:43.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:34:01 honeypot-fra-1 sshd[7832]: Disconnected from authenticating user root 143.244.158.100 port 44080 [preauth]","@timestamp":"2022-09-14T02:34:02.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:35:30 honeypot-fra-1 kernel: [83997352.707706] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.200.118.79 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43532 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:35:31.360Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T02:35:43.126Z","@version":"1","message":"Sep 14 02:35:42 honeypot-sgp-1 sshd[12323]: Received disconnect from 92.255.85.70 port 21472:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:37:29 honeypot-fra-1 sshd[7843]: Received disconnect from 143.244.158.100 port 45758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:37:29.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:38:39 honeypot-fra-1 kernel: [83997541.454080] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.179 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26375 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:38:40.438Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:39:41 honeypot-ams-1 sshd[17740]: Disconnected from 157.245.9.6 port 60570 [preauth]","@timestamp":"2022-09-14T02:39:42.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:40:41 honeypot-ams-1 sshd[17746]: Invalid user monitor from 74.208.121.225 port 54148","@timestamp":"2022-09-14T02:40:41.279Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:40:49 honeypot-fra-1 sshd[7854]: Disconnected from authenticating user root 143.244.158.100 port 33534 [preauth]","@timestamp":"2022-09-14T02:40:50.489Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:40:53.254Z","@version":"1","message":"Sep 14 02:40:53 honeypot-sgp-1 sshd[12330]: Received disconnect from 200.7.168.217 port 35224:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:12 honeypot-ams-1 sshd[17751]: Received disconnect from 109.205.213.23 port 56646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:41:13.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:27 honeypot-ams-1 sshd[17757]: Received disconnect from 109.205.213.23 port 56158:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:41:28.308Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:52 honeypot-ams-1 sshd[17763]: Received disconnect from 109.205.213.23 port 41308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:41:52.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:42:29 honeypot-ams-1 sshd[17769]: Received disconnect from 109.205.213.23 port 54690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:42:29.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:43:07 honeypot-ams-1 sshd[17773]: Disconnected from invalid user test 109.205.213.23 port 54202 [preauth]","@timestamp":"2022-09-14T02:43:08.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:43:18 honeypot-fra-1 sshd[7860]: Disconnected from authenticating user root 143.244.158.100 port 57362 [preauth]","@timestamp":"2022-09-14T02:43:18.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:45:09 honeypot-fra-1 kernel: [83997930.995308] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=112.230.100.1 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=65530 DF PROTO=TCP SPT=34222 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:45:09.592Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T02:46:19.388Z","@version":"1","message":"Sep 14 02:46:19 honeypot-sgp-1 sshd[12337]: Disconnected from authenticating user root 61.177.173.36 port 17652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:47:29 honeypot-ams-1 kernel: [84000233.061235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.141.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=43751 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:47:30.506Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:47:38 honeypot-fra-1 sshd[7871]: Disconnected from authenticating user root 143.244.158.100 port 39412 [preauth]","@timestamp":"2022-09-14T02:47:38.652Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:49:39 honeypot-fra-1 sshd[7878]: Received disconnect from 165.22.45.108 port 40058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:49:39.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:51:01 honeypot-fra-1 kernel: [83998282.893050] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.106.220 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=33568 DF PROTO=TCP SPT=42356 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:51:01.735Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:51:44 honeypot-ams-1 sshd[17789]: Received disconnect from 61.177.173.50 port 20052:11:  [preauth]","@timestamp":"2022-09-14T02:51:44.628Z"}
{"@timestamp":"2022-09-14T02:53:10.558Z","@version":"1","message":"Sep 14 02:53:10 honeypot-sgp-1 sshd[12344]: Received disconnect from 159.223.225.146 port 34666:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:01:40.610Z","@version":"1","message":"Sep 18 19:01:39 honeypot-sgp-1 sshd[31392]: Received disconnect from 61.177.172.98 port 27862:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:04:13 honeypot-fra-1 sshd[28920]: Connection reset by 61.177.173.53 port 19739 [preauth]","@timestamp":"2022-09-18T19:04:13.959Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:05:49.708Z","@version":"1","message":"Sep 18 19:05:48 honeypot-sgp-1 sshd[31399]: Connection reset by 61.177.172.90 port 40446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:05:52 honeypot-ams-1 sshd[6406]: Connection closed by invalid user dev 103.188.176.251 port 40102 [preauth]","@timestamp":"2022-09-18T19:05:53.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:10:47 honeypot-ams-1 sshd[6410]: Invalid user admin from 92.255.85.69 port 32402","@timestamp":"2022-09-18T19:10:47.572Z"}
{"@timestamp":"2022-09-18T19:14:06.917Z","@version":"1","message":"Sep 18 19:14:06 honeypot-sgp-1 sshd[31404]: Disconnected from authenticating user root 61.177.173.36 port 44173 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:17:01 honeypot-ams-1 CRON[6416]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T19:17:02.739Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:17:01 honeypot-fra-1 CRON[28932]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T19:17:02.253Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:17:52 honeypot-ams-1 sshd[6421]: Disconnected from invalid user wp-user 119.5.157.124 port 13633 [preauth]","@timestamp":"2022-09-18T19:17:52.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:18:54 honeypot-ams-1 sshd[6428]: Invalid user yuanwd from 20.57.113.125 port 60308","@timestamp":"2022-09-18T19:18:54.792Z"}
{"@timestamp":"2022-09-18T19:22:08.104Z","@version":"1","message":"Sep 18 19:22:07 honeypot-sgp-1 kernel: [84405030.497503] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.246.81.142 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=7711 PROTO=TCP SPT=47484 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:23:57 honeypot-ams-1 kernel: [84405617.106472] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52832 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:23:57.928Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:26:24 honeypot-fra-1 sshd[28942]: Disconnected from invalid user litvinenko 165.22.45.108 port 47724 [preauth]","@timestamp":"2022-09-18T19:26:25.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:25 honeypot-fra-1 sshd[28956]: Connection closed by authenticating user root 13.126.217.41 port 34860 [preauth]","@timestamp":"2022-09-18T19:27:26.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:31 honeypot-fra-1 sshd[28968]: Connection closed by authenticating user root 13.126.217.41 port 41184 [preauth]","@timestamp":"2022-09-18T19:27:31.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:37 honeypot-fra-1 sshd[28980]: Connection closed by authenticating user root 13.126.217.41 port 47294 [preauth]","@timestamp":"2022-09-18T19:27:37.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:42 honeypot-fra-1 sshd[28992]: Connection closed by authenticating user root 13.126.217.41 port 54430 [preauth]","@timestamp":"2022-09-18T19:27:43.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:48 honeypot-fra-1 sshd[29004]: Connection closed by authenticating user root 13.126.217.41 port 60718 [preauth]","@timestamp":"2022-09-18T19:27:48.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:54 honeypot-fra-1 sshd[29016]: Connection closed by authenticating user root 13.126.217.41 port 39086 [preauth]","@timestamp":"2022-09-18T19:27:54.512Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:27:55.239Z","@version":"1","message":"Sep 18 19:27:54 honeypot-sgp-1 sshd[31418]: Invalid user iug from 109.115.187.31 port 50578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:59 honeypot-fra-1 sshd[29028]: Connection closed by authenticating user root 13.126.217.41 port 45438 [preauth]","@timestamp":"2022-09-18T19:28:00.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:05 honeypot-fra-1 sshd[29040]: Connection closed by authenticating user root 13.126.217.41 port 51692 [preauth]","@timestamp":"2022-09-18T19:28:06.519Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:11 honeypot-fra-1 sshd[29052]: Connection closed by authenticating user root 13.126.217.41 port 57800 [preauth]","@timestamp":"2022-09-18T19:28:11.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:16 honeypot-fra-1 sshd[29064]: Connection closed by authenticating user root 13.126.217.41 port 35832 [preauth]","@timestamp":"2022-09-18T19:28:17.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:22 honeypot-fra-1 sshd[29076]: Connection closed by authenticating user root 13.126.217.41 port 42206 [preauth]","@timestamp":"2022-09-18T19:28:22.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:27 honeypot-fra-1 sshd[28944]: Connection reset by 61.177.173.39 port 31191 [preauth]","@timestamp":"2022-09-18T19:28:27.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:32 honeypot-fra-1 sshd[29098]: Connection closed by authenticating user root 13.126.217.41 port 54162 [preauth]","@timestamp":"2022-09-18T19:28:33.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:38 honeypot-fra-1 sshd[29110]: Invalid user user from 13.126.217.41 port 60394","@timestamp":"2022-09-18T19:28:38.541Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:28:39 honeypot-ams-1 sshd[6436]: Received disconnect from 52.151.24.212 port 38920:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:28:39.398Z"}
{"@timestamp":"2022-09-18T19:28:40.258Z","@version":"1","message":"Sep 18 19:28:39 honeypot-sgp-1 kernel: [84405422.147484] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=39580 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:40 honeypot-fra-1 sshd[29116]: Invalid user user from 13.126.217.41 port 35164","@timestamp":"2022-09-18T19:28:41.543Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:43 honeypot-fra-1 sshd[29122]: Invalid user user from 13.126.217.41 port 38346","@timestamp":"2022-09-18T19:28:44.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:46 honeypot-fra-1 sshd[29128]: Invalid user user from 13.126.217.41 port 41306","@timestamp":"2022-09-18T19:28:46.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:49 honeypot-fra-1 sshd[29134]: Invalid user user from 13.126.217.41 port 44444","@timestamp":"2022-09-18T19:28:49.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:52 honeypot-fra-1 sshd[29140]: Invalid user user from 13.126.217.41 port 47666","@timestamp":"2022-09-18T19:28:52.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:54 honeypot-fra-1 sshd[29146]: Invalid user user from 13.126.217.41 port 50728","@timestamp":"2022-09-18T19:28:55.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:57 honeypot-fra-1 sshd[29152]: Invalid user user from 13.126.217.41 port 53636","@timestamp":"2022-09-18T19:28:58.554Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:00 honeypot-fra-1 sshd[29158]: Invalid user user from 13.126.217.41 port 56796","@timestamp":"2022-09-18T19:29:00.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:03 honeypot-fra-1 sshd[29164]: Invalid user user from 13.126.217.41 port 59854","@timestamp":"2022-09-18T19:29:03.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:06 honeypot-fra-1 sshd[29170]: Invalid user user from 13.126.217.41 port 34674","@timestamp":"2022-09-18T19:29:06.559Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:08 honeypot-fra-1 sshd[29176]: Invalid user user from 13.126.217.41 port 37608","@timestamp":"2022-09-18T19:29:09.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:11 honeypot-fra-1 sshd[29182]: Invalid user user from 13.126.217.41 port 40714","@timestamp":"2022-09-18T19:29:12.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:14 honeypot-fra-1 sshd[29188]: Invalid user user from 13.126.217.41 port 44030","@timestamp":"2022-09-18T19:29:14.565Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:17 honeypot-fra-1 sshd[29194]: Invalid user user from 13.126.217.41 port 46994","@timestamp":"2022-09-18T19:29:17.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:19 honeypot-fra-1 sshd[29200]: Invalid user user from 13.126.217.41 port 50064","@timestamp":"2022-09-18T19:29:20.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:22 honeypot-fra-1 sshd[29206]: Invalid user user from 13.126.217.41 port 53098","@timestamp":"2022-09-18T19:29:23.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:25 honeypot-fra-1 sshd[29212]: Invalid user user from 13.126.217.41 port 56262","@timestamp":"2022-09-18T19:29:25.572Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:28 honeypot-fra-1 sshd[29218]: Invalid user user from 13.126.217.41 port 59034","@timestamp":"2022-09-18T19:29:28.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:30 honeypot-fra-1 sshd[29224]: Invalid user user from 13.126.217.41 port 34072","@timestamp":"2022-09-18T19:29:31.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:33 honeypot-fra-1 sshd[29230]: Invalid user user from 13.126.217.41 port 37072","@timestamp":"2022-09-18T19:29:34.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:36 honeypot-fra-1 sshd[29236]: Invalid user user from 13.126.217.41 port 40066","@timestamp":"2022-09-18T19:29:36.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:39 honeypot-fra-1 sshd[29242]: Invalid user user from 13.126.217.41 port 42996","@timestamp":"2022-09-18T19:29:39.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:41 honeypot-fra-1 sshd[29248]: Invalid user user from 13.126.217.41 port 45992","@timestamp":"2022-09-18T19:29:42.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:44 honeypot-fra-1 sshd[29254]: Invalid user user from 13.126.217.41 port 48890","@timestamp":"2022-09-18T19:29:45.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:47 honeypot-fra-1 sshd[29260]: Invalid user user from 13.126.217.41 port 52078","@timestamp":"2022-09-18T19:29:47.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:50 honeypot-fra-1 sshd[29266]: Invalid user user from 13.126.217.41 port 54948","@timestamp":"2022-09-18T19:29:50.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:52 honeypot-fra-1 sshd[29272]: Invalid user user from 13.126.217.41 port 57896","@timestamp":"2022-09-18T19:29:53.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:55 honeypot-fra-1 sshd[29278]: Invalid user ubuntu from 13.126.217.41 port 60904","@timestamp":"2022-09-18T19:29:56.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:58 honeypot-fra-1 sshd[29284]: Invalid user ubuntu from 13.126.217.41 port 35634","@timestamp":"2022-09-18T19:29:58.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:01 honeypot-fra-1 sshd[29290]: Invalid user ubuntu from 13.126.217.41 port 38560","@timestamp":"2022-09-18T19:30:01.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:03 honeypot-fra-1 sshd[29296]: Invalid user ubuntu from 13.126.217.41 port 41448","@timestamp":"2022-09-18T19:30:04.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:06 honeypot-fra-1 sshd[29302]: Invalid user ubuntu from 13.126.217.41 port 44408","@timestamp":"2022-09-18T19:30:07.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:09 honeypot-fra-1 sshd[29308]: Invalid user ubuntu from 13.126.217.41 port 47508","@timestamp":"2022-09-18T19:30:09.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:12 honeypot-fra-1 sshd[29314]: Invalid user ubuntu from 13.126.217.41 port 50508","@timestamp":"2022-09-18T19:30:12.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:14 honeypot-fra-1 sshd[29320]: Invalid user ubuntu from 13.126.217.41 port 53272","@timestamp":"2022-09-18T19:30:15.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:17 honeypot-fra-1 sshd[29326]: Invalid user ubuntu from 13.126.217.41 port 56174","@timestamp":"2022-09-18T19:30:17.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:20 honeypot-fra-1 sshd[29332]: Invalid user ubuntu from 13.126.217.41 port 59114","@timestamp":"2022-09-18T19:30:20.607Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:23 honeypot-fra-1 sshd[29338]: Invalid user ubuntu from 13.126.217.41 port 33812","@timestamp":"2022-09-18T19:30:23.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:25 honeypot-fra-1 sshd[29344]: Invalid user ubuntu from 13.126.217.41 port 36656","@timestamp":"2022-09-18T19:30:25.650Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:28 honeypot-fra-1 sshd[29350]: Invalid user ubuntu from 13.126.217.41 port 39450","@timestamp":"2022-09-18T19:30:28.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:31 honeypot-fra-1 sshd[29356]: Invalid user ubuntu from 13.126.217.41 port 42482","@timestamp":"2022-09-18T19:30:31.653Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:33 honeypot-fra-1 sshd[29363]: Invalid user ubuntu from 13.126.217.41 port 45146","@timestamp":"2022-09-18T19:30:34.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:36 honeypot-fra-1 sshd[29369]: Invalid user ubuntu from 13.126.217.41 port 48228","@timestamp":"2022-09-18T19:30:36.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:39 honeypot-fra-1 sshd[29375]: Invalid user ubuntu from 13.126.217.41 port 51108","@timestamp":"2022-09-18T19:30:39.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:41 honeypot-fra-1 sshd[29381]: Invalid user ubuntu from 13.126.217.41 port 54034","@timestamp":"2022-09-18T19:30:42.661Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:44 honeypot-fra-1 sshd[29387]: Invalid user ubuntu from 13.126.217.41 port 56778","@timestamp":"2022-09-18T19:30:44.662Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:47 honeypot-fra-1 sshd[29393]: Invalid user ubuntu from 13.126.217.41 port 59632","@timestamp":"2022-09-18T19:30:47.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:49 honeypot-fra-1 sshd[29399]: Invalid user ubuntu from 13.126.217.41 port 34402","@timestamp":"2022-09-18T19:30:50.666Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:52 honeypot-fra-1 sshd[29405]: Invalid user ubuntu from 13.126.217.41 port 37272","@timestamp":"2022-09-18T19:30:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:55 honeypot-fra-1 sshd[29411]: Invalid user ubuntu from 13.126.217.41 port 40306","@timestamp":"2022-09-18T19:30:55.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:58 honeypot-fra-1 sshd[29417]: Invalid user ubuntu from 13.126.217.41 port 43094","@timestamp":"2022-09-18T19:30:58.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:00 honeypot-fra-1 sshd[29423]: Invalid user ubuntu from 13.126.217.41 port 45904","@timestamp":"2022-09-18T19:31:01.674Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:03 honeypot-fra-1 sshd[29429]: Invalid user ubuntu from 13.126.217.41 port 48930","@timestamp":"2022-09-18T19:31:03.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:05 honeypot-fra-1 sshd[29435]: Invalid user ubuntu from 13.126.217.41 port 51800","@timestamp":"2022-09-18T19:31:06.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:08 honeypot-fra-1 sshd[29441]: Invalid user debian from 13.126.217.41 port 54614","@timestamp":"2022-09-18T19:31:08.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:11 honeypot-fra-1 sshd[29447]: Invalid user debian from 13.126.217.41 port 57264","@timestamp":"2022-09-18T19:31:11.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:13 honeypot-fra-1 sshd[29453]: Invalid user debian from 13.126.217.41 port 60120","@timestamp":"2022-09-18T19:31:14.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:16 honeypot-fra-1 sshd[29459]: Invalid user debian from 13.126.217.41 port 35024","@timestamp":"2022-09-18T19:31:16.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:19 honeypot-fra-1 sshd[29465]: Invalid user debian from 13.126.217.41 port 38110","@timestamp":"2022-09-18T19:31:19.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:21 honeypot-fra-1 sshd[29471]: Invalid user debian from 13.126.217.41 port 41384","@timestamp":"2022-09-18T19:31:22.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:24 honeypot-fra-1 sshd[29477]: Invalid user debian from 13.126.217.41 port 44626","@timestamp":"2022-09-18T19:31:24.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:27 honeypot-fra-1 sshd[29484]: Invalid user debian from 13.126.217.41 port 47868","@timestamp":"2022-09-18T19:31:27.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:30 honeypot-fra-1 sshd[29490]: Invalid user debian from 13.126.217.41 port 51150","@timestamp":"2022-09-18T19:31:30.693Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:32 honeypot-fra-1 sshd[29496]: Invalid user debian from 13.126.217.41 port 54112","@timestamp":"2022-09-18T19:31:33.694Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:35 honeypot-fra-1 sshd[29502]: Invalid user debian from 13.126.217.41 port 57126","@timestamp":"2022-09-18T19:31:35.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:38 honeypot-fra-1 sshd[29508]: Invalid user debian from 13.126.217.41 port 59804","@timestamp":"2022-09-18T19:31:38.698Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:40 honeypot-fra-1 sshd[29514]: Invalid user debian from 13.126.217.41 port 34800","@timestamp":"2022-09-18T19:31:41.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:43 honeypot-fra-1 sshd[29520]: Invalid user debian from 13.126.217.41 port 37656","@timestamp":"2022-09-18T19:31:43.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:46 honeypot-fra-1 sshd[29526]: Invalid user debian from 13.126.217.41 port 40618","@timestamp":"2022-09-18T19:31:46.703Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:49 honeypot-fra-1 sshd[29532]: Invalid user debian from 13.126.217.41 port 43658","@timestamp":"2022-09-18T19:31:49.705Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:51 honeypot-fra-1 sshd[29538]: Invalid user debian from 13.126.217.41 port 46656","@timestamp":"2022-09-18T19:31:52.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:54 honeypot-fra-1 sshd[29544]: Invalid user debian from 13.126.217.41 port 49526","@timestamp":"2022-09-18T19:31:54.709Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:57 honeypot-fra-1 sshd[29550]: Invalid user debian from 13.126.217.41 port 52494","@timestamp":"2022-09-18T19:31:57.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:59 honeypot-fra-1 sshd[29556]: Invalid user debian from 13.126.217.41 port 55526","@timestamp":"2022-09-18T19:32:00.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:02 honeypot-fra-1 sshd[29563]: Invalid user debian from 13.126.217.41 port 58750","@timestamp":"2022-09-18T19:32:03.714Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:05 honeypot-fra-1 sshd[29570]: Invalid user debian from 13.126.217.41 port 33652","@timestamp":"2022-09-18T19:32:05.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:32:06.341Z","@version":"1","message":"Sep 18 19:32:06 honeypot-sgp-1 sshd[31428]: Received disconnect from 128.199.250.238 port 51632:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:08 honeypot-fra-1 sshd[29576]: Invalid user debian from 13.126.217.41 port 36826","@timestamp":"2022-09-18T19:32:08.718Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:10 honeypot-fra-1 sshd[29582]: Invalid user debian from 13.126.217.41 port 39776","@timestamp":"2022-09-18T19:32:11.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:13 honeypot-fra-1 sshd[29588]: Invalid user debian from 13.126.217.41 port 42872","@timestamp":"2022-09-18T19:32:13.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:16 honeypot-fra-1 sshd[29594]: Invalid user debian from 13.126.217.41 port 45916","@timestamp":"2022-09-18T19:32:16.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:19 honeypot-fra-1 sshd[29600]: Invalid user debian from 13.126.217.41 port 48960","@timestamp":"2022-09-18T19:32:19.724Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:21 honeypot-fra-1 sshd[29606]: Invalid user admin from 13.126.217.41 port 51876","@timestamp":"2022-09-18T19:32:22.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:24 honeypot-fra-1 sshd[29612]: Invalid user admin from 13.126.217.41 port 54872","@timestamp":"2022-09-18T19:32:24.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:27 honeypot-fra-1 sshd[29618]: Invalid user admin from 13.126.217.41 port 57970","@timestamp":"2022-09-18T19:32:27.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:30 honeypot-fra-1 sshd[29624]: Invalid user admin from 13.126.217.41 port 32830","@timestamp":"2022-09-18T19:32:30.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:32 honeypot-fra-1 sshd[29630]: Invalid user admin from 13.126.217.41 port 35844","@timestamp":"2022-09-18T19:32:33.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:35 honeypot-fra-1 sshd[29636]: Invalid user admin from 13.126.217.41 port 38882","@timestamp":"2022-09-18T19:32:36.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:38 honeypot-fra-1 sshd[29642]: Invalid user admin from 13.126.217.41 port 41804","@timestamp":"2022-09-18T19:32:38.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:41 honeypot-fra-1 sshd[29648]: Invalid user admin from 13.126.217.41 port 44622","@timestamp":"2022-09-18T19:32:41.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:43 honeypot-fra-1 sshd[29654]: Invalid user admin from 13.126.217.41 port 47336","@timestamp":"2022-09-18T19:32:44.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:46 honeypot-fra-1 sshd[29660]: Invalid user admin from 13.126.217.41 port 50336","@timestamp":"2022-09-18T19:32:46.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:49 honeypot-fra-1 sshd[29666]: Invalid user admin from 13.126.217.41 port 53500","@timestamp":"2022-09-18T19:32:49.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:52 honeypot-fra-1 sshd[29672]: Invalid user admin from 13.126.217.41 port 56442","@timestamp":"2022-09-18T19:32:52.747Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:54 honeypot-fra-1 sshd[29678]: Invalid user admin from 13.126.217.41 port 59292","@timestamp":"2022-09-18T19:32:54.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:57 honeypot-fra-1 sshd[29684]: Invalid user admin from 13.126.217.41 port 34046","@timestamp":"2022-09-18T19:32:57.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:00 honeypot-fra-1 sshd[29690]: Invalid user admin from 13.126.217.41 port 36966","@timestamp":"2022-09-18T19:33:00.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:02 honeypot-fra-1 sshd[29696]: Invalid user admin from 13.126.217.41 port 39916","@timestamp":"2022-09-18T19:33:03.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:05 honeypot-fra-1 sshd[29702]: Invalid user admin from 13.126.217.41 port 42746","@timestamp":"2022-09-18T19:33:05.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:08 honeypot-fra-1 sshd[29708]: Invalid user admin from 13.126.217.41 port 45624","@timestamp":"2022-09-18T19:33:08.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:10 honeypot-fra-1 sshd[29714]: Invalid user admin from 13.126.217.41 port 48784","@timestamp":"2022-09-18T19:33:10.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:13 honeypot-fra-1 sshd[29720]: Invalid user admin from 13.126.217.41 port 51780","@timestamp":"2022-09-18T19:33:13.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:16 honeypot-fra-1 sshd[29726]: Invalid user admin from 13.126.217.41 port 54836","@timestamp":"2022-09-18T19:33:16.763Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:18 honeypot-fra-1 sshd[29732]: Invalid user admin from 13.126.217.41 port 57972","@timestamp":"2022-09-18T19:33:19.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:21 honeypot-fra-1 sshd[29739]: Invalid user admin from 13.126.217.41 port 32982","@timestamp":"2022-09-18T19:33:21.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:24 honeypot-fra-1 sshd[29746]: Invalid user admin from 13.126.217.41 port 36238","@timestamp":"2022-09-18T19:33:24.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:26 honeypot-fra-1 sshd[29752]: Invalid user admin from 13.126.217.41 port 39166","@timestamp":"2022-09-18T19:33:27.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:29 honeypot-fra-1 sshd[29758]: Invalid user admin from 13.126.217.41 port 42288","@timestamp":"2022-09-18T19:33:29.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:32 honeypot-fra-1 sshd[29764]: Invalid user admin from 13.126.217.41 port 45308","@timestamp":"2022-09-18T19:33:32.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:35 honeypot-fra-1 sshd[29770]: Invalid user admin from 13.126.217.41 port 48606","@timestamp":"2022-09-18T19:33:35.776Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:34:01.388Z","@version":"1","message":"Sep 18 19:34:00 honeypot-sgp-1 sshd[31433]: Disconnected from authenticating user root 61.177.172.124 port 18822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:34:29 honeypot-fra-1 kernel: [84404075.774324] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=52853 PROTO=TCP SPT=37156 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:34:29.797Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:35:31 honeypot-ams-1 sshd[6442]: Received disconnect from 206.81.15.128 port 41204:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:35:31.584Z"}
{"@timestamp":"2022-09-18T19:38:56.506Z","@version":"1","message":"Sep 18 19:38:55 honeypot-sgp-1 sshd[31440]: Invalid user apache from 167.99.147.105 port 59268","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:40:19 honeypot-fra-1 kernel: [84404425.800485] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51200 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:40:19.931Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T19:40:43.550Z","@version":"1","message":"Sep 18 19:40:43 honeypot-sgp-1 sshd[31446]: Received disconnect from 164.92.167.86 port 56642:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:10.586Z","@version":"1","message":"Sep 18 19:42:09 honeypot-sgp-1 sshd[31453]: Received disconnect from 45.61.186.49 port 57382:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:19.590Z","@version":"1","message":"Sep 18 19:42:19 honeypot-sgp-1 sshd[31457]: Received disconnect from 45.61.186.49 port 40490:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:43:43.625Z","@version":"1","message":"Sep 18 19:43:42 honeypot-sgp-1 sshd[31462]: Disconnected from authenticating user root 58.17.200.197 port 54574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:44:32 honeypot-fra-1 kernel: [84404678.443720] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=43095 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:44:33.027Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:45:50 honeypot-ams-1 sshd[6447]: error: maximum authentication attempts exceeded for invalid user admin from 31.52.230.39 port 49192 ssh2 [preauth]","@timestamp":"2022-09-18T19:45:50.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:47:51 honeypot-ams-1 sshd[6452]: Received disconnect from 45.61.184.204 port 44324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:47:51.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:10 honeypot-ams-1 sshd[6456]: Received disconnect from 45.61.184.204 port 38934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:48:10.929Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:27 honeypot-ams-1 sshd[6460]: Received disconnect from 45.61.184.204 port 33568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:48:27.938Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:43 honeypot-ams-1 sshd[6464]: Received disconnect from 45.61.184.204 port 56424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:48:43.947Z"}
{"@timestamp":"2022-09-18T19:49:03.751Z","@version":"1","message":"Sep 18 19:49:03 honeypot-sgp-1 sshd[31467]: Disconnected from invalid user admin 167.99.66.74 port 42973 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:50:32 honeypot-fra-1 sshd[29796]: Disconnected from authenticating user root 159.223.70.83 port 43537 [preauth]","@timestamp":"2022-09-18T19:50:33.163Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:52:45 honeypot-fra-1 sshd[29803]: Invalid user ftpuser from 178.128.72.150 port 51404","@timestamp":"2022-09-18T19:52:46.218Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:53:06.848Z","@version":"1","message":"Sep 18 19:53:06 honeypot-sgp-1 sshd[31475]: Disconnected from authenticating user root 138.197.138.123 port 33098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:53:36 honeypot-fra-1 sshd[29807]: Invalid user oracle from 178.128.72.150 port 50752","@timestamp":"2022-09-18T19:53:36.238Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:25 honeypot-fra-1 sshd[29812]: Invalid user postgres from 178.128.72.150 port 50096","@timestamp":"2022-09-18T19:54:25.260Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:55:13 honeypot-fra-1 sshd[29816]: Invalid user mysql from 178.128.72.150 port 49438","@timestamp":"2022-09-18T19:55:13.300Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:00 honeypot-fra-1 sshd[29820]: Invalid user teamspeak from 178.128.72.150 port 48770","@timestamp":"2022-09-18T19:56:01.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:48 honeypot-fra-1 sshd[29824]: Invalid user ftpuser from 178.128.72.150 port 48118","@timestamp":"2022-09-18T19:56:49.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:56:57 honeypot-ams-1 sshd[6467]: Received disconnect from 92.255.85.70 port 57846:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:56:58.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:57:13 honeypot-fra-1 sshd[29828]: Received disconnect from 178.128.72.150 port 33670:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:57:13.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:58:00 honeypot-fra-1 sshd[29832]: Received disconnect from 178.128.72.150 port 33008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:58:01.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:59:38.000Z","@version":"1","message":"Sep 18 19:59:37 honeypot-sgp-1 sshd[31482]: Received disconnect from 139.59.9.50 port 38408:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:01:12 honeypot-fra-1 kernel: [84405678.564623] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.104.20.135 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=42101 DF PROTO=TCP SPT=50336 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:01:12.450Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:02:27 honeypot-ams-1 kernel: [84407926.751822] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=17896 PROTO=TCP SPT=48252 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:02:27.313Z"}
{"@timestamp":"2022-09-18T20:03:02.084Z","@version":"1","message":"Sep 18 20:03:01 honeypot-sgp-1 kernel: [84407483.999646] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.241 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=1455 PROTO=TCP SPT=50600 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:06:18 honeypot-ams-1 sshd[6476]: Invalid user nvivek from 43.154.13.15 port 39468","@timestamp":"2022-09-18T20:06:18.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:08:20 honeypot-ams-1 sshd[6480]: Invalid user monitor from 188.166.176.236 port 38332","@timestamp":"2022-09-18T20:08:21.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:10:36 honeypot-ams-1 sshd[6484]: Disconnected from invalid user pcserver 206.189.151.245 port 36444 [preauth]","@timestamp":"2022-09-18T20:10:36.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:11:11 honeypot-fra-1 sshd[29844]: Disconnected from 20.171.106.5 port 41438 [preauth]","@timestamp":"2022-09-18T20:11:11.673Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:17:02.414Z","@version":"1","message":"Sep 18 20:17:01 honeypot-sgp-1 CRON[31494]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:39 honeypot-fra-1 sshd[29859]: Invalid user jolly from 40.89.190.3 port 1024","@timestamp":"2022-09-18T20:19:39.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:20:58 honeypot-fra-1 sshd[29865]: Invalid user admin from 103.25.208.148 port 44214","@timestamp":"2022-09-18T20:20:58.908Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:21:04 honeypot-ams-1 sshd[6492]: Received disconnect from 209.141.37.157 port 35692:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:21:04.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:22:48 honeypot-fra-1 sshd[29869]: Disconnected from invalid user ftp 58.8.213.27 port 33102 [preauth]","@timestamp":"2022-09-18T20:22:48.949Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:23:27.564Z","@version":"1","message":"Sep 18 20:23:27 honeypot-sgp-1 sshd[31507]: Invalid user bobinas from 23.247.33.61 port 33524","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:24:02 honeypot-fra-1 sshd[29873]: Received disconnect from 165.227.123.61 port 47622:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:24:02.980Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:28:34 honeypot-fra-1 sshd[29880]: Received disconnect from 195.78.54.251 port 6397:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-18T20:28:35.106Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:35:15.835Z","@version":"1","message":"Sep 18 20:35:15 honeypot-sgp-1 kernel: [84409417.493607] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.211.173.164 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=45826 PROTO=TCP SPT=42065 DPT=80 WINDOW=52276 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:39:08 honeypot-fra-1 sshd[29889]: Invalid user admin from 92.255.85.69 port 41434","@timestamp":"2022-09-18T20:39:09.336Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:41:36.982Z","@version":"1","message":"Sep 18 20:41:36 honeypot-sgp-1 sshd[31535]: Received disconnect from 92.255.85.70 port 33306:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:41:38 honeypot-ams-1 sshd[6498]: Invalid user oracle from 121.126.7.30 port 62865","@timestamp":"2022-09-18T20:41:39.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:42:07 honeypot-fra-1 sshd[29892]: Disconnected from authenticating user root 61.177.173.47 port 27615 [preauth]","@timestamp":"2022-09-18T20:42:08.406Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:47:34 honeypot-ams-1 sshd[6501]: Received disconnect from 37.193.112.180 port 56272:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:47:35.511Z"}
{"@timestamp":"2022-09-18T20:51:30.207Z","@version":"1","message":"Sep 18 20:51:29 honeypot-sgp-1 sshd[31540]: Disconnected from authenticating user root 61.177.173.52 port 36469 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:51:54 honeypot-ams-1 sshd[6506]: Received disconnect from 178.128.72.150 port 54974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:51:55.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:52:48 honeypot-ams-1 sshd[6511]: Invalid user oracle from 178.128.72.150 port 57158","@timestamp":"2022-09-18T20:52:49.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:53:42 honeypot-ams-1 sshd[6515]: Invalid user postgres from 178.128.72.150 port 59346","@timestamp":"2022-09-18T20:53:42.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:54:34 honeypot-ams-1 sshd[6519]: Invalid user mysql from 178.128.72.150 port 33314","@timestamp":"2022-09-18T20:54:35.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:27 honeypot-ams-1 sshd[6523]: Invalid user teamspeak from 178.128.72.150 port 35506","@timestamp":"2022-09-18T20:55:27.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:56:19 honeypot-ams-1 sshd[6527]: Invalid user ftpuser from 178.128.72.150 port 37682","@timestamp":"2022-09-18T20:56:19.759Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:56:50 honeypot-ams-1 kernel: [84411190.185502] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=52861 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:56:50.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:57:37 honeypot-ams-1 sshd[6533]: Disconnected from invalid user postgres 178.128.72.150 port 55062 [preauth]","@timestamp":"2022-09-18T20:57:38.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:03:01 honeypot-fra-1 sshd[29923]: Invalid user liufangchen from 165.22.45.108 port 53444","@timestamp":"2022-09-18T21:03:01.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:04:09 honeypot-fra-1 sshd[29927]: Received disconnect from 159.203.85.196 port 46373:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:04:09.899Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:04:42.508Z","@version":"1","message":"Sep 18 21:04:41 honeypot-sgp-1 sshd[31551]: Disconnected from invalid user user1 210.195.11.120 port 40048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:06:57 honeypot-fra-1 sshd[29934]: Received disconnect from 61.177.173.35 port 62979:11:  [preauth]","@timestamp":"2022-09-18T21:06:57.965Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:07:04.566Z","@version":"1","message":"Sep 18 21:07:04 honeypot-sgp-1 sshd[31558]: Disconnected from authenticating user root 61.177.173.51 port 63202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:09:19 honeypot-ams-1 sshd[6539]: Received disconnect from 116.206.152.242 port 37980:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:09:20.116Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:12:36 honeypot-fra-1 sshd[29945]: Invalid user ccx from 112.28.209.251 port 44098","@timestamp":"2022-09-18T21:12:37.091Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:12:54.704Z","@version":"1","message":"Sep 18 21:12:54 honeypot-sgp-1 sshd[31566]: Invalid user ljh from 176.102.38.42 port 60338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:17:01.803Z","@version":"1","message":"Sep 18 21:17:01 honeypot-sgp-1 CRON[31572]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:17:01 honeypot-fra-1 CRON[29949]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T21:17:02.191Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:17:01 honeypot-ams-1 CRON[6544]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T21:17:02.325Z"}
{"@timestamp":"2022-09-18T21:19:54.896Z","@version":"1","message":"Sep 18 21:19:54 honeypot-sgp-1 sshd[31584]: Disconnected from invalid user admin 92.255.85.70 port 49940 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:26:12 honeypot-fra-1 sshd[29958]: Disconnected from invalid user airflow 138.68.110.55 port 37696 [preauth]","@timestamp":"2022-09-18T21:26:13.394Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:26:43 honeypot-ams-1 sshd[6548]: Received disconnect from 92.255.85.70 port 23276:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:26:43.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:29:06 honeypot-ams-1 sshd[6552]: Disconnected from invalid user zy 133.130.101.23 port 36994 [preauth]","@timestamp":"2022-09-18T21:29:07.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:30:00 honeypot-fra-1 sshd[29968]: Received disconnect from 195.158.21.214 port 41140:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:30:00.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:31:08 honeypot-fra-1 sshd[29972]: Disconnected from invalid user dochom 43.134.162.83 port 35174 [preauth]","@timestamp":"2022-09-18T21:31:08.507Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:31:56 honeypot-ams-1 sshd[6557]: Invalid user postgres from 193.106.191.157 port 33010","@timestamp":"2022-09-18T21:31:56.725Z"}
{"@timestamp":"2022-09-18T21:32:17.178Z","@version":"1","message":"Sep 18 21:32:16 honeypot-sgp-1 sshd[31593]: Received disconnect from 61.177.173.36 port 34898:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:36:58 honeypot-fra-1 kernel: [84411424.558107] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=61176 PROTO=TCP SPT=57160 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:36:58.637Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T21:40:28.368Z","@version":"1","message":"Sep 18 21:40:27 honeypot-sgp-1 kernel: [84413330.140440] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=56857 DPT=389 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:42:13.412Z","@version":"1","message":"Sep 18 21:42:12 honeypot-sgp-1 sshd[31605]: Received disconnect from 179.43.156.143 port 59110:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:43:05 honeypot-fra-1 sshd[29985]: Disconnected from invalid user RPM 92.255.85.70 port 52002 [preauth]","@timestamp":"2022-09-18T21:43:05.774Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:43:44.451Z","@version":"1","message":"Sep 18 21:43:44 honeypot-sgp-1 kernel: [84413526.492570] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=33648 PROTO=TCP SPT=56476 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:45:22.490Z","@version":"1","message":"Sep 18 21:45:22 honeypot-sgp-1 sshd[31618]: Invalid user ossuser from 179.43.156.143 port 46738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:46:00.507Z","@version":"1","message":"Sep 18 21:46:00 honeypot-sgp-1 sshd[31622]: Invalid user nfsnobod from 179.43.156.143 port 44272","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:47:16.539Z","@version":"1","message":"Sep 18 21:47:16 honeypot-sgp-1 sshd[31629]: Received disconnect from 179.43.156.143 port 39306:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:48:35.577Z","@version":"1","message":"Sep 18 21:48:34 honeypot-sgp-1 sshd[31635]: Received disconnect from 179.43.156.143 port 34348:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:38.601Z","@version":"1","message":"Sep 18 21:49:37 honeypot-sgp-1 sshd[31642]: Received disconnect from 159.65.11.5 port 47908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:50:33.625Z","@version":"1","message":"Sep 18 21:50:32 honeypot-sgp-1 sshd[31646]: Received disconnect from 179.43.156.143 port 55162:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:50:33 honeypot-fra-1 sshd[29991]: Received disconnect from 61.177.173.47 port 34803:11:  [preauth]","@timestamp":"2022-09-18T21:50:33.935Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:50:37 honeypot-ams-1 kernel: [84414416.733117] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=63632 PROTO=TCP SPT=47187 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:50:38.213Z"}
{"@timestamp":"2022-09-18T21:51:07.641Z","@version":"1","message":"Sep 18 21:51:06 honeypot-sgp-1 sshd[31650]: Disconnected from authenticating user root 159.65.1.92 port 37016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:51:53.661Z","@version":"1","message":"Sep 18 21:51:52 honeypot-sgp-1 sshd[31654]: Disconnected from invalid user drcomadmin 179.43.156.143 port 50224 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:53:16.696Z","@version":"1","message":"Sep 18 21:53:16 honeypot-sgp-1 sshd[31660]: Invalid user oracle from 179.43.156.143 port 45282","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:53:29 honeypot-ams-1 sshd[6569]: Disconnected from invalid user jihye 68.168.142.91 port 48652 [preauth]","@timestamp":"2022-09-18T21:53:30.289Z"}
{"@timestamp":"2022-09-18T21:53:59.715Z","@version":"1","message":"Sep 18 21:53:59 honeypot-sgp-1 sshd[31664]: Received disconnect from 179.43.156.143 port 42798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:55:28.753Z","@version":"1","message":"Sep 18 21:55:28 honeypot-sgp-1 sshd[31671]: Received disconnect from 179.43.156.143 port 37848:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:56:19 honeypot-fra-1 sshd[29998]: Disconnected from authenticating user root 61.177.172.19 port 23680 [preauth]","@timestamp":"2022-09-18T21:56:20.067Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:57:00.793Z","@version":"1","message":"Sep 18 21:57:00 honeypot-sgp-1 sshd[31676]: Disconnected from authenticating user root 179.43.156.143 port 32912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:58:29.854Z","@version":"1","message":"Sep 18 21:58:28 honeypot-sgp-1 sshd[31683]: Received disconnect from 179.43.156.143 port 56202:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:00:40 honeypot-fra-1 sshd[30002]: Disconnected from authenticating user root 61.177.173.52 port 55944 [preauth]","@timestamp":"2022-09-18T22:00:41.168Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:00:46.910Z","@version":"1","message":"Sep 18 22:00:46 honeypot-sgp-1 sshd[31690]: Received disconnect from 179.43.156.143 port 48786:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:02:14.945Z","@version":"1","message":"Sep 18 22:02:14 honeypot-sgp-1 sshd[31694]: Disconnected from invalid user ansible 179.43.156.143 port 43850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:11 honeypot-ams-1 sshd[6575]: Invalid user user from 45.61.186.169 port 51498","@timestamp":"2022-09-18T22:04:12.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:31 honeypot-ams-1 sshd[6579]: Invalid user user from 45.61.186.169 port 46714","@timestamp":"2022-09-18T22:04:31.583Z"}
{"@timestamp":"2022-09-18T22:04:33.002Z","@version":"1","message":"Sep 18 22:04:32 honeypot-sgp-1 sshd[31700]: Received disconnect from 179.43.156.143 port 36432:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:47 honeypot-ams-1 sshd[6583]: Invalid user user from 45.61.186.169 port 41922","@timestamp":"2022-09-18T22:04:48.591Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:05:00 honeypot-ams-1 kernel: [84415279.754364] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.77.96.135 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=44249 DF PROTO=TCP SPT=60443 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:05:00.598Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:05:21 honeypot-ams-1 kernel: [84415300.662114] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.159.94.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=1629 DF PROTO=TCP SPT=22645 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:05:21.609Z"}
{"@timestamp":"2022-09-18T22:06:48.058Z","@version":"1","message":"Sep 18 22:06:47 honeypot-sgp-1 sshd[31707]: Received disconnect from 179.43.156.143 port 57294:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:08:15.094Z","@version":"1","message":"Sep 18 22:08:14 honeypot-sgp-1 sshd[31711]: Received disconnect from 179.43.156.143 port 52284:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:08:56 honeypot-fra-1 sshd[30010]: Received disconnect from 92.255.85.70 port 60384:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:08:57.370Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:09:42.138Z","@version":"1","message":"Sep 18 22:09:41 honeypot-sgp-1 sshd[31715]: Received disconnect from 179.43.156.143 port 47386:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:12:09 honeypot-fra-1 sshd[30014]: Disconnected from authenticating user root 220.203.8.38 port 43838 [preauth]","@timestamp":"2022-09-18T22:12:09.445Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:15:16.269Z","@version":"1","message":"Sep 18 22:15:15 honeypot-sgp-1 sshd[31720]: Unable to negotiate with 190.124.32.18 port 63383: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:17:19 honeypot-ams-1 sshd[6598]: Disconnected from invalid user support 92.255.85.70 port 39810 [preauth]","@timestamp":"2022-09-18T22:17:19.921Z"}
{"@timestamp":"2022-09-18T22:18:58.357Z","@version":"1","message":"Sep 18 22:18:58 honeypot-sgp-1 kernel: [84415640.541809] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.97.234.8 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=29160 DF PROTO=TCP SPT=52181 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:21:41 honeypot-fra-1 kernel: [84414107.287971] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.163.175.129 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=47198 PROTO=TCP SPT=54041 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:21:41.668Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:25:30.511Z","@version":"1","message":"Sep 18 22:25:30 honeypot-sgp-1 kernel: [84416032.540518] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.183 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=49616 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:27:34 honeypot-fra-1 sshd[30028]: Invalid user pro3 from 157.230.9.57 port 47768","@timestamp":"2022-09-18T22:27:35.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:30:48 honeypot-ams-1 sshd[6604]: Received disconnect from 186.15.164.139 port 46866:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:30:49.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:31:20 honeypot-ams-1 sshd[6608]: Disconnected from authenticating user root 128.199.227.242 port 54440 [preauth]","@timestamp":"2022-09-18T22:31:21.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:35:01 honeypot-ams-1 sshd[6616]: Invalid user admin from 14.63.59.146 port 39842","@timestamp":"2022-09-18T22:35:01.392Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30037]: Invalid user es from 185.209.179.41 port 57088","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30045]: Invalid user mysql from 185.209.179.41 port 57118","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30037]: Connection closed by invalid user es 185.209.179.41 port 57088 [preauth]","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30046]: Connection closed by authenticating user root 185.209.179.41 port 57060 [preauth]","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30042]: Connection closed by invalid user ansible 185.209.179.41 port 57102 [preauth]","@timestamp":"2022-09-18T22:36:14.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30064]: Invalid user mcserv from 185.209.179.41 port 57114","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30062]: Connection closed by invalid user admin 185.209.179.41 port 57090 [preauth]","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30070]: Connection closed by invalid user oracle 185.209.179.41 port 57046 [preauth]","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30085]: Invalid user mcsv from 185.209.179.41 port 57048","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30081]: Connection closed by invalid user test 185.209.179.41 port 57122 [preauth]","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:39:24 honeypot-fra-1 sshd[30094]: Received disconnect from 195.19.4.22 port 61718:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:39:25.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:42:22 honeypot-fra-1 kernel: [84415348.889374] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:42:23.147Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:46:50.016Z","@version":"1","message":"Sep 18 22:46:49 honeypot-sgp-1 kernel: [84417311.564122] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=10628 DF PROTO=TCP SPT=43738 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:46:53 honeypot-ams-1 sshd[6636]: Disconnected from authenticating user sshd 92.255.85.70 port 19096 [preauth]","@timestamp":"2022-09-18T22:46:53.701Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:49:01 honeypot-fra-1 kernel: [84415746.942356] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45420 DF PROTO=TCP SPT=44818 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:49:01.295Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:51:16.126Z","@version":"1","message":"Sep 18 22:51:15 honeypot-sgp-1 kernel: [84417578.028203] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.88.48 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=1023 DF PROTO=TCP SPT=59398 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:52:41 honeypot-ams-1 kernel: [84418141.096901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=40398 DF PROTO=TCP SPT=57506 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:52:41.851Z"}
{"@timestamp":"2022-09-18T22:58:28.295Z","@version":"1","message":"Sep 18 22:58:28 honeypot-sgp-1 sshd[31742]: Invalid user user from 45.61.186.49 port 39804","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:58:38.300Z","@version":"1","message":"Sep 18 22:58:37 honeypot-sgp-1 sshd[31746]: Invalid user user from 45.61.186.49 port 51490","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:58:44 honeypot-ams-1 kernel: [84418503.556574] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40157 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:58:45.013Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:58:59 honeypot-fra-1 sshd[30108]: Invalid user a from 187.102.40.150 port 53352","@timestamp":"2022-09-18T22:59:00.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:02:15 honeypot-fra-1 kernel: [84416541.008642] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.56.109.249 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52123 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:02:15.596Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:03:46 honeypot-ams-1 kernel: [84418805.807272] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41225 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:03:47.148Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:05:49 honeypot-fra-1 sshd[30118]: Connection closed by invalid user postgres 193.106.191.157 port 51556 [preauth]","@timestamp":"2022-09-18T23:05:49.683Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:08:36 honeypot-ams-1 sshd[6648]: Disconnected from authenticating user root 117.254.93.186 port 40305 [preauth]","@timestamp":"2022-09-18T23:08:37.275Z"}
{"@timestamp":"2022-09-18T23:09:14.569Z","@version":"1","message":"Sep 18 23:09:14 honeypot-sgp-1 kernel: [84418656.433080] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.35 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30660 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:11:05 honeypot-fra-1 kernel: [84417070.859751] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28937 PROTO=TCP SPT=42663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:11:05.805Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T23:14:07.689Z","@version":"1","message":"Sep 18 23:14:06 honeypot-sgp-1 sshd[31754]: Received disconnect from 142.93.116.249 port 39366:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:15:01.712Z","@version":"1","message":"Sep 18 23:15:01 honeypot-sgp-1 sshd[31759]: Received disconnect from 43.154.7.110 port 55834:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:17:40.777Z","@version":"1","message":"Sep 18 23:17:39 honeypot-sgp-1 sshd[31766]: Invalid user frankr from 201.14.44.230 port 57442","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:18:41 honeypot-ams-1 sshd[6654]: Connection closed by invalid user postgres 193.106.191.157 port 44398 [preauth]","@timestamp":"2022-09-18T23:18:41.533Z"}
{"@timestamp":"2022-09-18T23:21:13.864Z","@version":"1","message":"Sep 18 23:21:13 honeypot-sgp-1 sshd[31771]: Connection reset by authenticating user root 134.122.112.12 port 50112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:15 honeypot-ams-1 sshd[6661]: Invalid user user from 45.61.184.204 port 51876","@timestamp":"2022-09-18T23:28:15.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:24 honeypot-ams-1 sshd[6663]: Disconnected from invalid user user 45.61.184.204 port 34908 [preauth]","@timestamp":"2022-09-18T23:28:24.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:28:31 honeypot-fra-1 sshd[30132]: Received disconnect from 218.56.165.214 port 44604:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:28:32.191Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:42 honeypot-ams-1 sshd[6667]: Disconnected from invalid user user 45.61.184.204 port 57466 [preauth]","@timestamp":"2022-09-18T23:28:43.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:59 honeypot-ams-1 sshd[6671]: Disconnected from invalid user user 45.61.184.204 port 51726 [preauth]","@timestamp":"2022-09-18T23:28:59.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:30:29 honeypot-fra-1 kernel: [84418234.930567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=47311 PROTO=TCP SPT=43804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:30:29.237Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:34:18 honeypot-ams-1 sshd[6676]: Connection closed by invalid user postgres 193.106.191.157 port 55148 [preauth]","@timestamp":"2022-09-18T23:34:18.950Z"}
{"@timestamp":"2022-09-18T23:36:30.222Z","@version":"1","message":"Sep 18 23:36:29 honeypot-sgp-1 sshd[31782]: Connection closed by invalid user  43.153.10.221 port 51098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:40:55 honeypot-fra-1 kernel: [84418861.759257] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.56 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=8184 PROTO=TCP SPT=41195 DPT=389 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:40:56.471Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T23:41:30.336Z","@version":"1","message":"Sep 18 23:41:29 honeypot-sgp-1 sshd[31786]: Received disconnect from 92.255.85.70 port 44692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:42:53 honeypot-fra-1 kernel: [84418978.776890] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40516 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:42:53.518Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:43:41 honeypot-ams-1 sshd[6683]: Received disconnect from 165.227.236.118 port 36654:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:43:42.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:46:36 honeypot-ams-1 sshd[6690]: Invalid user extension from 83.41.7.44 port 56910","@timestamp":"2022-09-18T23:46:37.293Z"}
{"@timestamp":"2022-09-18T23:46:56.463Z","@version":"1","message":"Sep 18 23:46:55 honeypot-sgp-1 sshd[31793]: Disconnected from authenticating user root 128.199.71.153 port 54420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:47:57 honeypot-fra-1 sshd[30149]: Bad protocol version identification '\\026\\003\\001' from 161.35.86.181 port 49206","@timestamp":"2022-09-18T23:47:58.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:49:38 honeypot-ams-1 sshd[6694]: Did not receive identification string from 45.61.184.204 port 59104","@timestamp":"2022-09-18T23:49:38.375Z"}
{"@timestamp":"2022-09-18T23:49:38.528Z","@version":"1","message":"Sep 18 23:49:37 honeypot-sgp-1 sshd[31797]: Disconnected from invalid user projects 88.215.1.25 port 62293 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:00 honeypot-ams-1 sshd[6697]: Disconnected from invalid user user 45.61.184.204 port 50014 [preauth]","@timestamp":"2022-09-18T23:50:01.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:20 honeypot-ams-1 sshd[6701]: Disconnected from invalid user user 45.61.184.204 port 44562 [preauth]","@timestamp":"2022-09-18T23:50:20.398Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:37 honeypot-ams-1 sshd[6705]: Disconnected from invalid user user 45.61.184.204 port 39094 [preauth]","@timestamp":"2022-09-18T23:50:37.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:51:50 honeypot-ams-1 sshd[6710]: Disconnected from invalid user monitor 187.189.51.115 port 16517 [preauth]","@timestamp":"2022-09-18T23:51:50.441Z"}
{"@timestamp":"2022-09-18T23:58:33.757Z","@version":"1","message":"Sep 18 23:58:33 honeypot-sgp-1 sshd[31803]: Received disconnect from 202.165.17.131 port 56874:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:00:35 honeypot-fra-1 sshd[30177]: Connection closed by 71.6.199.23 port 59210 [preauth]","@timestamp":"2022-09-19T00:00:35.916Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:02:34.852Z","@version":"1","message":"Sep 19 00:02:34 honeypot-sgp-1 sshd[31823]: Received disconnect from 139.59.251.146 port 38704:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:01.864Z","@version":"1","message":"Sep 19 00:03:01 honeypot-sgp-1 sshd[31827]: Disconnected from invalid user test 20.40.73.192 port 41698 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:55.888Z","@version":"1","message":"Sep 19 00:03:55 honeypot-sgp-1 sshd[31834]: Received disconnect from 207.154.223.103 port 44258:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:04:45.912Z","@version":"1","message":"Sep 19 00:04:45 honeypot-sgp-1 sshd[31840]: Received disconnect from 178.128.35.197 port 56554:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:04:46 honeypot-fra-1 sshd[30183]: Connection closed by invalid user  43.153.10.221 port 45104 [preauth]","@timestamp":"2022-09-19T00:04:47.012Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:05:06.922Z","@version":"1","message":"Sep 19 00:05:06 honeypot-sgp-1 sshd[31844]: Received disconnect from 157.230.47.241 port 57938:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:39.957Z","@version":"1","message":"Sep 19 00:05:38 honeypot-sgp-1 sshd[31848]: Disconnected from authenticating user root 46.101.29.76 port 38326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:06.993Z","@version":"1","message":"Sep 19 00:07:06 honeypot-sgp-1 kernel: [84422129.035944] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55255 PROTO=TCP SPT=27106 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:32.006Z","@version":"1","message":"Sep 19 00:07:31 honeypot-sgp-1 sshd[31858]: Invalid user admin from 35.209.160.244 port 56408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:59.019Z","@version":"1","message":"Sep 19 00:07:58 honeypot-sgp-1 kernel: [84422181.033781] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.232 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48002 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:08:02 honeypot-ams-1 sshd[6733]: Invalid user arcs from 177.22.35.126 port 49924","@timestamp":"2022-09-19T00:08:02.878Z"}
{"@timestamp":"2022-09-19T00:08:07.023Z","@version":"1","message":"Sep 19 00:08:06 honeypot-sgp-1 sshd[31864]: Disconnected from invalid user nasa 51.75.170.189 port 37792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:09:27.057Z","@version":"1","message":"Sep 19 00:09:26 honeypot-sgp-1 sshd[31871]: Invalid user joomla from 143.110.177.216 port 55822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:10:23.081Z","@version":"1","message":"Sep 19 00:10:22 honeypot-sgp-1 sshd[31875]: Disconnected from authenticating user root 80.87.83.58 port 55604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:14:50.185Z","@version":"1","message":"Sep 19 00:14:49 honeypot-sgp-1 sshd[31882]: Connection closed by invalid user admin 165.232.158.22 port 43622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:15:06 honeypot-fra-1 sshd[30186]: Disconnected from invalid user Administrator 92.255.85.70 port 59368 [preauth]","@timestamp":"2022-09-19T00:15:07.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:17:58 honeypot-fra-1 kernel: [84421084.134867] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=33041 PROTO=TCP SPT=59797 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:17:59.313Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T00:19:14.290Z","@version":"1","message":"Sep 19 00:19:13 honeypot-sgp-1 kernel: [84422855.744157] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=56949 DF PROTO=TCP SPT=57973 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:19:16 honeypot-ams-1 sshd[6739]: Invalid user Administrator from 92.255.85.70 port 50558","@timestamp":"2022-09-19T00:19:17.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:24:28 honeypot-ams-1 sshd[6742]: Received disconnect from 188.117.226.212 port 60884:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:24:29.338Z"}
{"@timestamp":"2022-09-19T00:29:47.533Z","@version":"1","message":"Sep 19 00:29:46 honeypot-sgp-1 sshd[31895]: Received disconnect from 97.74.83.174 port 46938:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:34:57.655Z","@version":"1","message":"Sep 19 00:34:57 honeypot-sgp-1 sshd[31903]: Connection closed by invalid user pi 79.84.154.45 port 53842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:36:21 honeypot-fra-1 sshd[30197]: Invalid user pou from 143.198.154.97 port 39868","@timestamp":"2022-09-19T00:36:22.729Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:39:41 honeypot-ams-1 sshd[6748]: Received disconnect from 139.59.224.111 port 50178:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:39:41.738Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:42:36 honeypot-fra-1 sshd[30202]: Disconnected from authenticating user root 92.255.85.69 port 45948 [preauth]","@timestamp":"2022-09-19T00:42:36.867Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:48:05 honeypot-ams-1 sshd[6753]: Invalid user rpm from 139.59.122.125 port 34802","@timestamp":"2022-09-19T00:48:05.965Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:54:17 honeypot-ams-1 kernel: [84425436.765778] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26424 PROTO=TCP SPT=44337 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:54:18.131Z"}
{"@timestamp":"2022-09-19T00:56:14.151Z","@version":"1","message":"Sep 19 00:56:14 honeypot-sgp-1 kernel: [84425076.318656] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=256 PROTO=TCP SPT=17269 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:56:29 honeypot-ams-1 sshd[6761]: Received disconnect from 188.157.24.174 port 60910:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:56:30.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6769]: Invalid user web from 195.19.96.168 port 59080","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6774]: Connection closed by authenticating user root 195.19.96.168 port 59132 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6769]: Connection closed by invalid user web 195.19.96.168 port 59080 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6783]: Invalid user mysql from 195.19.96.168 port 59052","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6782]: Invalid user oracle from 195.19.96.168 port 59034","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6795]: Connection closed by authenticating user root 195.19.96.168 port 59060 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6791]: Connection closed by invalid user testuser 195.19.96.168 port 59126 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6818]: Invalid user testuser from 195.19.96.168 port 59088","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:25 honeypot-ams-1 sshd[6819]: Connection closed by invalid user testuser 195.19.96.168 port 59038 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:03:43 honeypot-fra-1 kernel: [84423829.407094] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.231.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57239 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:03:44.338Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:07:47.419Z","@version":"1","message":"Sep 19 01:07:46 honeypot-sgp-1 sshd[31915]: Received disconnect from 165.232.172.31 port 56996:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:11:53 honeypot-ams-1 kernel: [84426493.177737] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.228.9.145 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=19782 PROTO=TCP SPT=48021 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:11:54.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:12:18 honeypot-fra-1 kernel: [84424344.432311] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34458 PROTO=TCP SPT=49503 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:12:19.529Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:14:43.579Z","@version":"1","message":"Sep 19 01:14:42 honeypot-sgp-1 sshd[31920]: Disconnected from authenticating user root 122.165.132.5 port 55234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:17:10 honeypot-fra-1 sshd[30218]: Received disconnect from 92.255.85.70 port 30960:11: Bye Bye [preauth]","@timestamp":"2022-09-19T01:17:10.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:18:09 honeypot-ams-1 sshd[6835]: Invalid user gry from 178.154.205.230 port 48932","@timestamp":"2022-09-19T01:18:09.766Z"}
{"@timestamp":"2022-09-19T01:18:36.672Z","@version":"1","message":"Sep 19 01:18:36 honeypot-sgp-1 sshd[31925]: Received disconnect from 92.255.85.69 port 52042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:23:00 honeypot-ams-1 kernel: [84427159.398991] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=50115 PROTO=TCP SPT=43245 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:23:00.915Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:28:08 honeypot-fra-1 sshd[30222]: Received disconnect from 112.186.86.93 port 57800:11: Bye Bye [preauth]","@timestamp":"2022-09-19T01:28:08.924Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:35:34 honeypot-ams-1 sshd[6844]: Invalid user ftp from 193.106.191.157 port 48620","@timestamp":"2022-09-19T01:35:34.246Z"}
{"@timestamp":"2022-09-19T01:36:40.125Z","@version":"1","message":"Sep 19 01:36:39 honeypot-sgp-1 kernel: [84427501.701365] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5004 PROTO=TCP SPT=49503 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:45:25 honeypot-fra-1 kernel: [84426330.510809] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=175.107.203.41 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=2545 DF PROTO=TCP SPT=59936 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T01:45:25.310Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:49:14.417Z","@version":"1","message":"Sep 19 01:49:14 honeypot-sgp-1 sshd[32373]: Disconnected from invalid user vmail 190.144.139.235 port 60674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:51:38 honeypot-fra-1 kernel: [84426704.372619] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34899 PROTO=TCP SPT=51737 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:51:39.452Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:52:50 honeypot-ams-1 kernel: [84428949.420003] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1538 PROTO=TCP SPT=41500 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:52:50.698Z"}
{"@timestamp":"2022-09-19T01:56:30.591Z","@version":"1","message":"Sep 19 01:56:29 honeypot-sgp-1 sshd[32378]: Received disconnect from 64.225.100.84 port 35346:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:45 honeypot-fra-1 sshd[30677]: Connection closed by authenticating user root 103.241.181.174 port 46260 [preauth]","@timestamp":"2022-09-19T02:03:46.724Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:52 honeypot-fra-1 sshd[30689]: Connection closed by authenticating user root 103.241.181.174 port 47360 [preauth]","@timestamp":"2022-09-19T02:03:52.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:58 honeypot-fra-1 sshd[30701]: Connection closed by authenticating user root 103.241.181.174 port 48354 [preauth]","@timestamp":"2022-09-19T02:03:58.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:04 honeypot-fra-1 sshd[30713]: Connection closed by authenticating user root 103.241.181.174 port 49462 [preauth]","@timestamp":"2022-09-19T02:04:04.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:10 honeypot-fra-1 sshd[30725]: Connection closed by authenticating user root 103.241.181.174 port 50496 [preauth]","@timestamp":"2022-09-19T02:04:10.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:16 honeypot-fra-1 sshd[30737]: Connection closed by authenticating user root 103.241.181.174 port 51598 [preauth]","@timestamp":"2022-09-19T02:04:17.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:23 honeypot-fra-1 sshd[30749]: Connection closed by authenticating user root 103.241.181.174 port 52632 [preauth]","@timestamp":"2022-09-19T02:04:23.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:28 honeypot-fra-1 sshd[30757]: Did not receive identification string from 133.218.60.237 port 50583","@timestamp":"2022-09-19T02:04:28.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:33 honeypot-fra-1 sshd[30774]: Connection closed by authenticating user root 103.241.181.174 port 54484 [preauth]","@timestamp":"2022-09-19T02:04:34.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:39 honeypot-fra-1 sshd[30786]: Connection closed by authenticating user root 103.241.181.174 port 55484 [preauth]","@timestamp":"2022-09-19T02:04:40.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:45 honeypot-fra-1 sshd[30798]: Connection closed by authenticating user root 103.241.181.174 port 56562 [preauth]","@timestamp":"2022-09-19T02:04:46.763Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:51 honeypot-fra-1 sshd[30810]: Connection closed by authenticating user root 103.241.181.174 port 57610 [preauth]","@timestamp":"2022-09-19T02:04:52.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:57 honeypot-fra-1 sshd[30822]: Connection closed by authenticating user root 103.241.181.174 port 58620 [preauth]","@timestamp":"2022-09-19T02:04:58.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:04 honeypot-fra-1 sshd[30835]: Connection closed by authenticating user root 103.241.181.174 port 59714 [preauth]","@timestamp":"2022-09-19T02:05:04.776Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:09 honeypot-fra-1 sshd[30845]: Connection closed by invalid user user 103.241.181.174 port 60658 [preauth]","@timestamp":"2022-09-19T02:05:09.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:12 honeypot-fra-1 sshd[30851]: Connection closed by invalid user user 103.241.181.174 port 32944 [preauth]","@timestamp":"2022-09-19T02:05:12.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:15 honeypot-fra-1 sshd[30857]: Connection closed by invalid user user 103.241.181.174 port 33530 [preauth]","@timestamp":"2022-09-19T02:05:15.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:19 honeypot-fra-1 sshd[30863]: Connection closed by invalid user user 103.241.181.174 port 34030 [preauth]","@timestamp":"2022-09-19T02:05:19.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:21 honeypot-fra-1 sshd[30869]: Connection closed by invalid user user 103.241.181.174 port 34560 [preauth]","@timestamp":"2022-09-19T02:05:22.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:24 honeypot-fra-1 sshd[30875]: Connection closed by invalid user user 103.241.181.174 port 35084 [preauth]","@timestamp":"2022-09-19T02:05:25.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:27 honeypot-fra-1 sshd[30881]: Connection closed by invalid user user 103.241.181.174 port 35562 [preauth]","@timestamp":"2022-09-19T02:05:27.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:30 honeypot-fra-1 sshd[30887]: Connection closed by invalid user user 103.241.181.174 port 36032 [preauth]","@timestamp":"2022-09-19T02:05:30.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:33 honeypot-fra-1 sshd[30893]: Connection closed by invalid user user 103.241.181.174 port 36634 [preauth]","@timestamp":"2022-09-19T02:05:33.796Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:36 honeypot-fra-1 sshd[30899]: Connection closed by invalid user user 103.241.181.174 port 37122 [preauth]","@timestamp":"2022-09-19T02:05:37.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:39 honeypot-fra-1 sshd[30905]: Connection closed by invalid user user 103.241.181.174 port 37678 [preauth]","@timestamp":"2022-09-19T02:05:40.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:42 honeypot-fra-1 sshd[30911]: Connection closed by invalid user user 103.241.181.174 port 38218 [preauth]","@timestamp":"2022-09-19T02:05:43.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:45 honeypot-fra-1 sshd[30917]: Connection closed by invalid user user 103.241.181.174 port 38730 [preauth]","@timestamp":"2022-09-19T02:05:45.803Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:48 honeypot-fra-1 sshd[30923]: Connection closed by invalid user user 103.241.181.174 port 39198 [preauth]","@timestamp":"2022-09-19T02:05:49.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:51 honeypot-fra-1 sshd[30929]: Connection closed by invalid user user 103.241.181.174 port 39774 [preauth]","@timestamp":"2022-09-19T02:05:52.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:54 honeypot-fra-1 sshd[30935]: Connection closed by invalid user user 103.241.181.174 port 40266 [preauth]","@timestamp":"2022-09-19T02:05:55.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:57 honeypot-fra-1 sshd[30941]: Connection closed by invalid user user 103.241.181.174 port 40768 [preauth]","@timestamp":"2022-09-19T02:05:58.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:00 honeypot-fra-1 sshd[30947]: Connection closed by invalid user user 103.241.181.174 port 41268 [preauth]","@timestamp":"2022-09-19T02:06:00.813Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:04 honeypot-fra-1 sshd[30953]: Connection closed by invalid user user 103.241.181.174 port 41882 [preauth]","@timestamp":"2022-09-19T02:06:04.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:07 honeypot-fra-1 sshd[30959]: Connection closed by invalid user user 103.241.181.174 port 42432 [preauth]","@timestamp":"2022-09-19T02:06:07.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:10 honeypot-fra-1 sshd[30965]: Connection closed by invalid user user 103.241.181.174 port 43016 [preauth]","@timestamp":"2022-09-19T02:06:10.820Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:13 honeypot-fra-1 sshd[30971]: Connection closed by invalid user user 103.241.181.174 port 43570 [preauth]","@timestamp":"2022-09-19T02:06:13.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:17 honeypot-fra-1 sshd[30977]: Connection closed by invalid user user 103.241.181.174 port 44086 [preauth]","@timestamp":"2022-09-19T02:06:17.825Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:20 honeypot-fra-1 sshd[30983]: Connection closed by invalid user user 103.241.181.174 port 44620 [preauth]","@timestamp":"2022-09-19T02:06:20.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:23 honeypot-fra-1 sshd[30989]: Connection closed by invalid user user 103.241.181.174 port 45176 [preauth]","@timestamp":"2022-09-19T02:06:23.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:26 honeypot-fra-1 sshd[30995]: Connection closed by invalid user user 103.241.181.174 port 45672 [preauth]","@timestamp":"2022-09-19T02:06:26.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:29 honeypot-fra-1 sshd[31001]: Connection closed by invalid user user 103.241.181.174 port 46230 [preauth]","@timestamp":"2022-09-19T02:06:29.833Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:32 honeypot-fra-1 sshd[31007]: Connection closed by invalid user user 103.241.181.174 port 46758 [preauth]","@timestamp":"2022-09-19T02:06:32.836Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:35 honeypot-fra-1 sshd[31013]: Connection closed by invalid user ubuntu 103.241.181.174 port 47330 [preauth]","@timestamp":"2022-09-19T02:06:35.838Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:38 honeypot-fra-1 sshd[31019]: Connection closed by invalid user ubuntu 103.241.181.174 port 47802 [preauth]","@timestamp":"2022-09-19T02:06:38.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:41 honeypot-fra-1 sshd[31025]: Connection closed by invalid user ubuntu 103.241.181.174 port 48308 [preauth]","@timestamp":"2022-09-19T02:06:41.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:44 honeypot-fra-1 sshd[31031]: Connection closed by invalid user ubuntu 103.241.181.174 port 48884 [preauth]","@timestamp":"2022-09-19T02:06:44.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:47 honeypot-fra-1 sshd[31037]: Connection closed by invalid user ubuntu 103.241.181.174 port 49402 [preauth]","@timestamp":"2022-09-19T02:06:47.846Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:06:48.838Z","@version":"1","message":"Sep 19 02:06:48 honeypot-sgp-1 kernel: [84429310.187156] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35655 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:50 honeypot-fra-1 sshd[31043]: Connection closed by invalid user ubuntu 103.241.181.174 port 49884 [preauth]","@timestamp":"2022-09-19T02:06:50.848Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:53 honeypot-fra-1 sshd[31049]: Connection closed by invalid user ubuntu 103.241.181.174 port 50436 [preauth]","@timestamp":"2022-09-19T02:06:53.850Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:56 honeypot-fra-1 sshd[31055]: Connection closed by invalid user ubuntu 103.241.181.174 port 50980 [preauth]","@timestamp":"2022-09-19T02:06:56.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:59 honeypot-fra-1 sshd[31061]: Connection closed by invalid user ubuntu 103.241.181.174 port 51466 [preauth]","@timestamp":"2022-09-19T02:06:59.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:03 honeypot-fra-1 sshd[31067]: Connection closed by invalid user ubuntu 103.241.181.174 port 52030 [preauth]","@timestamp":"2022-09-19T02:07:03.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:06 honeypot-fra-1 sshd[31073]: Connection closed by invalid user ubuntu 103.241.181.174 port 52538 [preauth]","@timestamp":"2022-09-19T02:07:06.859Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:09 honeypot-fra-1 sshd[31079]: Connection closed by invalid user ubuntu 103.241.181.174 port 53134 [preauth]","@timestamp":"2022-09-19T02:07:09.860Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:12 honeypot-fra-1 sshd[31085]: Connection closed by invalid user ubuntu 103.241.181.174 port 53624 [preauth]","@timestamp":"2022-09-19T02:07:12.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:15 honeypot-fra-1 sshd[31091]: Connection closed by invalid user ubuntu 103.241.181.174 port 54220 [preauth]","@timestamp":"2022-09-19T02:07:15.864Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:18 honeypot-fra-1 sshd[31099]: Connection closed by invalid user ubuntu 103.241.181.174 port 54926 [preauth]","@timestamp":"2022-09-19T02:07:18.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:21 honeypot-fra-1 sshd[31105]: Connection closed by invalid user ubuntu 103.241.181.174 port 55556 [preauth]","@timestamp":"2022-09-19T02:07:21.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:24 honeypot-fra-1 sshd[31111]: Connection closed by invalid user ubuntu 103.241.181.174 port 56222 [preauth]","@timestamp":"2022-09-19T02:07:24.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:27 honeypot-fra-1 sshd[31117]: Invalid user ubuntu from 103.241.181.174 port 56970","@timestamp":"2022-09-19T02:07:27.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:30 honeypot-fra-1 sshd[31123]: Invalid user ubuntu from 103.241.181.174 port 57600","@timestamp":"2022-09-19T02:07:30.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:33 honeypot-fra-1 sshd[31129]: Invalid user ubuntu from 103.241.181.174 port 58300","@timestamp":"2022-09-19T02:07:33.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:36 honeypot-fra-1 sshd[31135]: Invalid user ubuntu from 103.241.181.174 port 59038","@timestamp":"2022-09-19T02:07:37.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:40 honeypot-fra-1 sshd[31141]: Invalid user ubuntu from 103.241.181.174 port 59586","@timestamp":"2022-09-19T02:07:40.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:43 honeypot-fra-1 sshd[31147]: Invalid user ubuntu from 103.241.181.174 port 60176","@timestamp":"2022-09-19T02:07:43.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:46 honeypot-fra-1 sshd[31153]: Invalid user ubuntu from 103.241.181.174 port 60704","@timestamp":"2022-09-19T02:07:46.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:49 honeypot-fra-1 sshd[31159]: Invalid user ubuntu from 103.241.181.174 port 32990","@timestamp":"2022-09-19T02:07:49.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:52 honeypot-fra-1 sshd[31165]: Invalid user ubuntu from 103.241.181.174 port 33570","@timestamp":"2022-09-19T02:07:52.890Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:55 honeypot-fra-1 sshd[31171]: Invalid user ubuntu from 103.241.181.174 port 34122","@timestamp":"2022-09-19T02:07:55.892Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:58 honeypot-fra-1 sshd[31177]: Invalid user debian from 103.241.181.174 port 34722","@timestamp":"2022-09-19T02:07:58.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:01 honeypot-fra-1 sshd[31183]: Invalid user debian from 103.241.181.174 port 35248","@timestamp":"2022-09-19T02:08:01.896Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:04 honeypot-fra-1 sshd[31189]: Invalid user debian from 103.241.181.174 port 35846","@timestamp":"2022-09-19T02:08:05.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:08 honeypot-fra-1 sshd[31195]: Invalid user debian from 103.241.181.174 port 36450","@timestamp":"2022-09-19T02:08:08.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:11 honeypot-fra-1 sshd[31201]: Invalid user debian from 103.241.181.174 port 36988","@timestamp":"2022-09-19T02:08:11.903Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:14 honeypot-fra-1 sshd[31207]: Invalid user debian from 103.241.181.174 port 37602","@timestamp":"2022-09-19T02:08:14.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:17 honeypot-fra-1 sshd[31213]: Invalid user debian from 103.241.181.174 port 38240","@timestamp":"2022-09-19T02:08:18.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:20 honeypot-fra-1 sshd[31219]: Invalid user debian from 103.241.181.174 port 38712","@timestamp":"2022-09-19T02:08:20.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:23 honeypot-fra-1 sshd[31225]: Invalid user debian from 103.241.181.174 port 39286","@timestamp":"2022-09-19T02:08:23.911Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:08:26 honeypot-ams-1 sshd[6854]: Invalid user  from 118.193.59.59 port 59968","@timestamp":"2022-09-19T02:08:27.111Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:27 honeypot-fra-1 sshd[31231]: Invalid user debian from 103.241.181.174 port 39918","@timestamp":"2022-09-19T02:08:27.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:30 honeypot-fra-1 sshd[31237]: Invalid user debian from 103.241.181.174 port 40484","@timestamp":"2022-09-19T02:08:30.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:33 honeypot-fra-1 sshd[31244]: Invalid user debian from 103.241.181.174 port 41110","@timestamp":"2022-09-19T02:08:33.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:37 honeypot-fra-1 sshd[31250]: Invalid user debian from 103.241.181.174 port 41684","@timestamp":"2022-09-19T02:08:37.920Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:40 honeypot-fra-1 sshd[31256]: Invalid user debian from 103.241.181.174 port 42260","@timestamp":"2022-09-19T02:08:40.922Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:43 honeypot-fra-1 sshd[31262]: Invalid user debian from 103.241.181.174 port 42810","@timestamp":"2022-09-19T02:08:43.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:46 honeypot-fra-1 sshd[31268]: Invalid user debian from 103.241.181.174 port 43354","@timestamp":"2022-09-19T02:08:46.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:49 honeypot-fra-1 sshd[31274]: Invalid user debian from 103.241.181.174 port 43928","@timestamp":"2022-09-19T02:08:49.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:52 honeypot-fra-1 sshd[31280]: Invalid user debian from 103.241.181.174 port 44530","@timestamp":"2022-09-19T02:08:52.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:55 honeypot-fra-1 sshd[31286]: Invalid user debian from 103.241.181.174 port 45066","@timestamp":"2022-09-19T02:08:55.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:58 honeypot-fra-1 sshd[31292]: Invalid user debian from 103.241.181.174 port 45594","@timestamp":"2022-09-19T02:08:58.934Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:01 honeypot-fra-1 sshd[31298]: Invalid user debian from 103.241.181.174 port 46206","@timestamp":"2022-09-19T02:09:01.936Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:05 honeypot-fra-1 sshd[31304]: Invalid user debian from 103.241.181.174 port 46820","@timestamp":"2022-09-19T02:09:05.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:08 honeypot-fra-1 sshd[31310]: Invalid user debian from 103.241.181.174 port 47358","@timestamp":"2022-09-19T02:09:08.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:11 honeypot-fra-1 sshd[31316]: Invalid user debian from 103.241.181.174 port 48002","@timestamp":"2022-09-19T02:09:11.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:15 honeypot-fra-1 sshd[31322]: Invalid user debian from 103.241.181.174 port 48530","@timestamp":"2022-09-19T02:09:15.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:18 honeypot-fra-1 sshd[31328]: Invalid user debian from 103.241.181.174 port 49102","@timestamp":"2022-09-19T02:09:18.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:21 honeypot-fra-1 sshd[31334]: Invalid user debian from 103.241.181.174 port 49742","@timestamp":"2022-09-19T02:09:21.950Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:23 honeypot-fra-1 sshd[31513]: Accepted password for debian from 103.241.181.174 port 49102 ssh2","@timestamp":"2022-09-19T02:09:23.011Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:24 honeypot-fra-1 sshd[31340]: Invalid user admin from 103.241.181.174 port 50264","@timestamp":"2022-09-19T02:09:24.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:27 honeypot-fra-1 sshd[31346]: Invalid user admin from 103.241.181.174 port 50866","@timestamp":"2022-09-19T02:09:28.954Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:30 honeypot-fra-1 sshd[31352]: Received disconnect from 178.128.238.19 port 55916:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:09:30.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:32 honeypot-fra-1 sshd[31358]: Invalid user admin from 103.241.181.174 port 51768","@timestamp":"2022-09-19T02:09:32.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:35 honeypot-fra-1 sshd[31364]: Invalid user admin from 103.241.181.174 port 52266","@timestamp":"2022-09-19T02:09:35.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:39 honeypot-fra-1 sshd[31370]: Invalid user admin from 103.241.181.174 port 52846","@timestamp":"2022-09-19T02:09:39.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:42 honeypot-fra-1 sshd[31376]: Invalid user admin from 103.241.181.174 port 53424","@timestamp":"2022-09-19T02:09:42.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:45 honeypot-fra-1 sshd[31382]: Invalid user admin from 103.241.181.174 port 53932","@timestamp":"2022-09-19T02:09:45.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:48 honeypot-fra-1 sshd[31388]: Invalid user admin from 103.241.181.174 port 54466","@timestamp":"2022-09-19T02:09:48.969Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:51 honeypot-fra-1 sshd[31396]: Invalid user postgres from 92.255.85.69 port 33964","@timestamp":"2022-09-19T02:09:51.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:53 honeypot-fra-1 sshd[31398]: Connection closed by invalid user admin 103.241.181.174 port 55214 [preauth]","@timestamp":"2022-09-19T02:09:53.972Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:56 honeypot-fra-1 sshd[31404]: Connection closed by invalid user admin 103.241.181.174 port 55758 [preauth]","@timestamp":"2022-09-19T02:09:56.973Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:59 honeypot-fra-1 sshd[31410]: Connection closed by invalid user admin 103.241.181.174 port 56392 [preauth]","@timestamp":"2022-09-19T02:09:59.975Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:02 honeypot-fra-1 sshd[31417]: Connection closed by invalid user admin 103.241.181.174 port 57034 [preauth]","@timestamp":"2022-09-19T02:10:02.978Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:05 honeypot-fra-1 sshd[31423]: Connection closed by invalid user admin 103.241.181.174 port 57654 [preauth]","@timestamp":"2022-09-19T02:10:05.980Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:08 honeypot-fra-1 sshd[31429]: Connection closed by invalid user admin 103.241.181.174 port 58308 [preauth]","@timestamp":"2022-09-19T02:10:08.982Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:11 honeypot-fra-1 sshd[31435]: Connection closed by invalid user admin 103.241.181.174 port 59034 [preauth]","@timestamp":"2022-09-19T02:10:11.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:14 honeypot-fra-1 sshd[31439]: Received disconnect from 202.51.74.123 port 36664:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:10:14.985Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:17 honeypot-fra-1 sshd[31447]: Invalid user admin from 103.241.181.174 port 60178","@timestamp":"2022-09-19T02:10:17.988Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:20 honeypot-fra-1 sshd[31453]: Invalid user admin from 103.241.181.174 port 60844","@timestamp":"2022-09-19T02:10:20.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:23 honeypot-fra-1 sshd[31459]: Invalid user admin from 103.241.181.174 port 33190","@timestamp":"2022-09-19T02:10:23.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:26 honeypot-fra-1 sshd[31465]: Invalid user admin from 103.241.181.174 port 33766","@timestamp":"2022-09-19T02:10:26.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:30 honeypot-fra-1 sshd[31471]: Invalid user admin from 103.241.181.174 port 34350","@timestamp":"2022-09-19T02:10:30.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:33 honeypot-fra-1 sshd[31477]: Invalid user admin from 103.241.181.174 port 34904","@timestamp":"2022-09-19T02:10:33.999Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:36 honeypot-fra-1 sshd[31483]: Invalid user admin from 103.241.181.174 port 35416","@timestamp":"2022-09-19T02:10:37.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:39 honeypot-fra-1 sshd[31489]: Invalid user admin from 103.241.181.174 port 35986","@timestamp":"2022-09-19T02:10:40.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:42 honeypot-fra-1 sshd[31495]: Invalid user admin from 103.241.181.174 port 36494","@timestamp":"2022-09-19T02:10:43.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:45 honeypot-fra-1 sshd[31501]: Invalid user admin from 103.241.181.174 port 36984","@timestamp":"2022-09-19T02:10:46.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:48 honeypot-fra-1 sshd[31507]: Invalid user admin from 103.241.181.174 port 37532","@timestamp":"2022-09-19T02:10:49.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:51 honeypot-fra-1 sshd[31513]: Invalid user ftp from 103.241.181.174 port 38066","@timestamp":"2022-09-19T02:10:52.011Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:15:38.057Z","@version":"1","message":"Sep 19 02:15:37 honeypot-sgp-1 kernel: [84429839.651507] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=36667 DF PROTO=TCP SPT=2491 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:17:01 honeypot-fra-1 CRON[31518]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T02:17:02.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:17:02.097Z","@version":"1","message":"Sep 19 02:17:01 honeypot-sgp-1 CRON[32393]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:21 honeypot-ams-1 sshd[6860]: Did not receive identification string from 45.61.184.204 port 58228","@timestamp":"2022-09-19T02:17:21.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:55 honeypot-ams-1 sshd[6863]: Disconnected from invalid user user 45.61.184.204 port 37156 [preauth]","@timestamp":"2022-09-19T02:17:55.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:12 honeypot-ams-1 sshd[6867]: Disconnected from invalid user user 45.61.184.204 port 59650 [preauth]","@timestamp":"2022-09-19T02:18:13.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:30 honeypot-ams-1 sshd[6871]: Disconnected from invalid user user 45.61.184.204 port 53898 [preauth]","@timestamp":"2022-09-19T02:18:30.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:41 honeypot-ams-1 sshd[6875]: Disconnected from invalid user postgres 92.255.85.69 port 45568 [preauth]","@timestamp":"2022-09-19T02:18:41.391Z"}
{"@timestamp":"2022-09-19T02:20:28.183Z","@version":"1","message":"Sep 19 02:20:27 honeypot-sgp-1 sshd[32398]: Disconnected from invalid user user 45.61.184.204 port 59820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:20:49.194Z","@version":"1","message":"Sep 19 02:20:48 honeypot-sgp-1 sshd[32402]: Disconnected from invalid user user 45.61.184.204 port 54984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:07.203Z","@version":"1","message":"Sep 19 02:21:06 honeypot-sgp-1 sshd[32406]: Disconnected from invalid user user 45.61.184.204 port 50122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:25.212Z","@version":"1","message":"Sep 19 02:21:24 honeypot-sgp-1 sshd[32410]: Disconnected from invalid user user 45.61.184.204 port 45274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:20 honeypot-fra-1 sshd[31525]: Received disconnect from 45.61.184.204 port 59896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:23:21.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:40 honeypot-fra-1 sshd[31529]: Received disconnect from 45.61.184.204 port 55082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:23:41.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:00 honeypot-fra-1 sshd[31533]: Received disconnect from 45.61.184.204 port 50274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:24:01.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:18 honeypot-fra-1 sshd[31537]: Received disconnect from 45.61.184.204 port 45466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:24:19.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:26:28 honeypot-fra-1 sshd[31542]: Invalid user hunter from 179.60.147.69 port 44520","@timestamp":"2022-09-19T02:26:29.376Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:29:44 honeypot-ams-1 sshd[6880]: Disconnected from invalid user terri 187.51.55.82 port 53892 [preauth]","@timestamp":"2022-09-19T02:29:44.674Z"}
{"@timestamp":"2022-09-19T02:30:42.443Z","@version":"1","message":"Sep 19 02:30:42 honeypot-sgp-1 kernel: [84430744.530360] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=34039 PROTO=TCP SPT=54606 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:35:16.562Z","@version":"1","message":"Sep 19 02:35:15 honeypot-sgp-1 sshd[32422]: Invalid user  from 185.246.130.20 port 9858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:35:43.577Z","@version":"1","message":"Sep 19 02:35:42 honeypot-sgp-1 sshd[32428]: Invalid user  from 185.246.130.20 port 40616","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:03.588Z","@version":"1","message":"Sep 19 02:36:03 honeypot-sgp-1 sshd[32434]: Invalid user admin from 185.246.130.20 port 34229","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:39.606Z","@version":"1","message":"Sep 19 02:36:39 honeypot-sgp-1 sshd[32440]: Invalid user manager from 185.246.130.20 port 41068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:06.621Z","@version":"1","message":"Sep 19 02:37:06 honeypot-sgp-1 sshd[32446]: Disconnecting invalid user 1234 185.246.130.20 port 52375: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:31.633Z","@version":"1","message":"Sep 19 02:37:30 honeypot-sgp-1 sshd[32452]: Disconnecting invalid user  185.246.130.20 port 47133: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:00.649Z","@version":"1","message":"Sep 19 02:37:59 honeypot-sgp-1 sshd[32460]: Invalid user blank from 185.246.130.20 port 52387","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:20.660Z","@version":"1","message":"Sep 19 02:38:20 honeypot-sgp-1 sshd[32466]: Invalid user 1234 from 185.246.130.20 port 30983","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:50.676Z","@version":"1","message":"Sep 19 02:38:49 honeypot-sgp-1 sshd[32472]: error: maximum authentication attempts exceeded for invalid user admin from 176.15.138.108 port 2710 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:38:53 honeypot-fra-1 sshd[31549]: Received disconnect from 92.255.85.69 port 54048:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:38:54.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:39:11.687Z","@version":"1","message":"Sep 19 02:39:10 honeypot-sgp-1 sshd[32478]: Invalid user admin from 185.246.130.20 port 22133","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:31.697Z","@version":"1","message":"Sep 19 02:39:31 honeypot-sgp-1 sshd[32484]: Disconnecting invalid user Administrator 185.246.130.20 port 41876: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:53.710Z","@version":"1","message":"Sep 19 02:39:53 honeypot-sgp-1 sshd[32490]: Disconnecting invalid user sti.admin5 185.246.130.20 port 17193: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:15.722Z","@version":"1","message":"Sep 19 02:40:14 honeypot-sgp-1 sshd[32496]: Disconnecting invalid user zhone 185.246.130.20 port 3360: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:43.737Z","@version":"1","message":"Sep 19 02:40:42 honeypot-sgp-1 sshd[32504]: Disconnecting invalid user default 185.246.130.20 port 29862: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:09.752Z","@version":"1","message":"Sep 19 02:41:09 honeypot-sgp-1 sshd[32510]: Disconnecting invalid user Administrator 185.246.130.20 port 62007: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:41:17 honeypot-ams-1 kernel: [84431857.221478] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3214 PROTO=TCP SPT=55248 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:41:17.986Z"}
{"@timestamp":"2022-09-19T02:41:33.765Z","@version":"1","message":"Sep 19 02:41:33 honeypot-sgp-1 sshd[32516]: Disconnecting invalid user admin 185.246.130.20 port 9317: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:54.776Z","@version":"1","message":"Sep 19 02:41:53 honeypot-sgp-1 sshd[32522]: Disconnecting invalid user comcast 185.246.130.20 port 4670: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:10.784Z","@version":"1","message":"Sep 19 02:42:10 honeypot-sgp-1 sshd[32528]: Disconnecting invalid user admin1234 185.246.130.20 port 12374: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:28.793Z","@version":"1","message":"Sep 19 02:42:28 honeypot-sgp-1 sshd[32536]: Received disconnect from 92.255.85.70 port 53794:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:46.803Z","@version":"1","message":"Sep 19 02:42:46 honeypot-sgp-1 sshd[32540]: Disconnecting invalid user admin 185.246.130.20 port 53574: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:15.818Z","@version":"1","message":"Sep 19 02:43:15 honeypot-sgp-1 sshd[32548]: Invalid user airlive from 185.246.130.20 port 20481","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:35.829Z","@version":"1","message":"Sep 19 02:43:35 honeypot-sgp-1 sshd[32554]: Invalid user roqos from 185.246.130.20 port 43968","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:00.841Z","@version":"1","message":"Sep 19 02:43:59 honeypot-sgp-1 sshd[32560]: Invalid user sitecom from 185.246.130.20 port 28558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:44:09 honeypot-ams-1 sshd[6890]: Received disconnect from 197.45.35.19 port 60410:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:44:10.066Z"}
{"@timestamp":"2022-09-19T02:44:15.850Z","@version":"1","message":"Sep 19 02:44:14 honeypot-sgp-1 sshd[32566]: Invalid user admin from 185.246.130.20 port 34816","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:30.858Z","@version":"1","message":"Sep 19 02:44:30 honeypot-sgp-1 sshd[32572]: Invalid user smcadmin from 185.246.130.20 port 15320","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:47.868Z","@version":"1","message":"Sep 19 02:44:47 honeypot-sgp-1 sshd[32578]: Invalid user admin from 185.246.130.20 port 33346","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:05.878Z","@version":"1","message":"Sep 19 02:45:05 honeypot-sgp-1 sshd[32584]: Invalid user user from 185.246.130.20 port 30547","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:30.890Z","@version":"1","message":"Sep 19 02:45:30 honeypot-sgp-1 sshd[32591]: Disconnecting invalid user 123456 185.246.130.20 port 14366: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:51.903Z","@version":"1","message":"Sep 19 02:45:51 honeypot-sgp-1 sshd[32598]: Invalid user readwrite from 185.246.130.20 port 49672","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:09.913Z","@version":"1","message":"Sep 19 02:46:09 honeypot-sgp-1 sshd[32604]: Invalid user DZY-W2914NSV2 from 185.246.130.20 port 53233","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:24.921Z","@version":"1","message":"Sep 19 02:46:24 honeypot-sgp-1 sshd[32610]: Invalid user zoomadsl from 185.246.130.20 port 37439","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:37.929Z","@version":"1","message":"Sep 19 02:46:37 honeypot-sgp-1 sshd[32616]: Invalid user ltecl4r0 from 185.246.130.20 port 45063","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:52:34.080Z","@version":"1","message":"Sep 19 02:52:33 honeypot-sgp-1 sshd[32620]: Invalid user admin from 64.119.29.152 port 33290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:55:22 honeypot-ams-1 kernel: [84432701.549437] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=90 TOS=0x00 PREC=0x00 TTL=252 ID=826 PROTO=TCP SPT=13331 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:55:22.361Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:57:25 honeypot-ams-1 sshd[6900]: Received disconnect from 45.240.88.36 port 60048:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:57:25.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:59:54 honeypot-fra-1 kernel: [84430800.064733] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=25712 PROTO=TCP SPT=56281 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:59:55.125Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:02:48 honeypot-ams-1 sshd[6905]: Invalid user admin from 164.90.191.216 port 33124","@timestamp":"2022-09-19T03:02:49.557Z"}
{"@timestamp":"2022-09-19T03:03:02.348Z","@version":"1","message":"Sep 19 03:03:01 honeypot-sgp-1 kernel: [84432683.494242] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=141.237.48.9 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=50432 DF PROTO=TCP SPT=54379 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:05:46 honeypot-ams-1 sshd[6908]: Invalid user angus from 182.50.252.90 port 41494","@timestamp":"2022-09-19T03:05:46.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:05:53 honeypot-fra-1 sshd[31559]: Invalid user ftp from 179.60.147.69 port 17096","@timestamp":"2022-09-19T03:05:54.261Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:06:38.442Z","@version":"1","message":"Sep 19 03:06:37 honeypot-sgp-1 sshd[32630]: Invalid user ll from 185.191.205.93 port 48612","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:07:12 honeypot-ams-1 kernel: [84433411.416756] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.208.107.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=12392 PROTO=TCP SPT=60043 DPT=443 WINDOW=53940 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:07:12.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:08:04 honeypot-fra-1 sshd[31563]: Connection closed by invalid user ftp 193.106.191.157 port 33436 [preauth]","@timestamp":"2022-09-19T03:08:05.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:09:24 honeypot-ams-1 kernel: [84433543.672737] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59994 PROTO=TCP SPT=56403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:09:24.747Z"}
{"@timestamp":"2022-09-19T03:09:59.528Z","@version":"1","message":"Sep 19 03:09:58 honeypot-sgp-1 sshd[32633]: Invalid user ubnt from 92.255.85.69 port 16830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:14:41.646Z","@version":"1","message":"Sep 19 03:14:40 honeypot-sgp-1 sshd[32636]: Received disconnect from 78.198.111.128 port 41212:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:15:20.665Z","@version":"1","message":"Sep 19 03:15:20 honeypot-sgp-1 sshd[32640]: Disconnected from authenticating user root 160.251.7.97 port 37404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:17:01 honeypot-fra-1 CRON[31568]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T03:17:02.515Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:19:22.768Z","@version":"1","message":"Sep 19 03:19:21 honeypot-sgp-1 kernel: [84433663.973063] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=208.115.115.104 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=239 ID=60167 PROTO=TCP SPT=47360 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:19:53 honeypot-ams-1 kernel: [84434172.862384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12185 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:19:54.025Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:21:12 honeypot-fra-1 sshd[31574]: Disconnected from invalid user admin 159.203.85.196 port 50845 [preauth]","@timestamp":"2022-09-19T03:21:12.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:23:43 honeypot-ams-1 sshd[6926]: Received disconnect from 128.116.154.5 port 58736:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:23:44.129Z"}
{"@timestamp":"2022-09-19T03:28:52.007Z","@version":"1","message":"Sep 19 03:28:51 honeypot-sgp-1 sshd[32651]: Received disconnect from 119.252.143.6 port 39809:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:30:02 honeypot-fra-1 kernel: [84432607.708289] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=56857 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:30:02.804Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:32:47 honeypot-fra-1 sshd[31581]: Disconnected from invalid user admin 92.255.85.70 port 34204 [preauth]","@timestamp":"2022-09-19T03:32:47.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:35:52 honeypot-ams-1 sshd[6930]: Invalid user ftp from 193.106.191.157 port 41626","@timestamp":"2022-09-19T03:35:52.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:38:55 honeypot-fra-1 sshd[31588]: Disconnected from authenticating user root 179.43.156.143 port 42924 [preauth]","@timestamp":"2022-09-19T03:38:56.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:40:44 honeypot-fra-1 sshd[31594]: Disconnected from authenticating user root 179.43.156.143 port 37128 [preauth]","@timestamp":"2022-09-19T03:40:45.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:41:54 honeypot-fra-1 sshd[31598]: Disconnected from invalid user nutanix 179.43.156.143 port 33106 [preauth]","@timestamp":"2022-09-19T03:41:55.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:43:06 honeypot-fra-1 sshd[31603]: Disconnected from invalid user nfsnobod 179.43.156.143 port 57406 [preauth]","@timestamp":"2022-09-19T03:43:07.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:44:20 honeypot-fra-1 sshd[31609]: Received disconnect from 179.43.156.143 port 53474:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:44:21.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:44:22.393Z","@version":"1","message":"Sep 19 03:44:21 honeypot-sgp-1 sshd[32657]: Did not receive identification string from 45.61.186.169 port 58924","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:44:24 honeypot-ams-1 sshd[6933]: Received disconnect from 92.255.85.70 port 63804:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:44:25.660Z"}
{"@timestamp":"2022-09-19T03:45:03.413Z","@version":"1","message":"Sep 19 03:45:02 honeypot-sgp-1 sshd[32660]: Disconnected from invalid user user 45.61.186.169 port 39066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:21.422Z","@version":"1","message":"Sep 19 03:45:20 honeypot-sgp-1 sshd[32664]: Disconnected from invalid user user 45.61.186.169 port 33770 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:45:34 honeypot-fra-1 sshd[31613]: Received disconnect from 179.43.156.143 port 49556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:45:35.192Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:45:37.431Z","@version":"1","message":"Sep 19 03:45:37 honeypot-sgp-1 sshd[32669]: Disconnected from invalid user user 45.61.186.169 port 56620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:46:50 honeypot-fra-1 sshd[31617]: Received disconnect from 179.43.156.143 port 45616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:46:51.222Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:47:34.483Z","@version":"1","message":"Sep 19 03:47:34 honeypot-sgp-1 kernel: [84435356.360872] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.135 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=62311 PROTO=TCP SPT=13184 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:48:07 honeypot-fra-1 sshd[31624]: Invalid user drcomadmin from 179.43.156.143 port 41672","@timestamp":"2022-09-19T03:48:07.253Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:49:04 honeypot-fra-1 sshd[31628]: Invalid user db from 189.90.255.173 port 53004","@timestamp":"2022-09-19T03:49:04.277Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:49:12 honeypot-ams-1 sshd[6936]: Disconnected from invalid user barison 34.93.204.90 port 39572 [preauth]","@timestamp":"2022-09-19T03:49:12.782Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:50:03 honeypot-fra-1 sshd[31632]: Invalid user oracle from 179.43.156.143 port 35798","@timestamp":"2022-09-19T03:50:03.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:51:26 honeypot-fra-1 sshd[31636]: Received disconnect from 179.43.156.143 port 60088:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:51:26.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:52:06 honeypot-fra-1 sshd[31640]: Disconnected from authenticating user root 179.43.156.143 port 58122 [preauth]","@timestamp":"2022-09-19T03:52:07.357Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:52:10 honeypot-ams-1 sshd[6942]: Invalid user file from 94.127.213.154 port 1144","@timestamp":"2022-09-19T03:52:10.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:54:11 honeypot-fra-1 sshd[31647]: Received disconnect from 179.43.156.143 port 52212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:54:12.407Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:55:06 honeypot-ams-1 sshd[6947]: Received disconnect from 191.92.120.156 port 38410:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:55:06.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:56:18 honeypot-fra-1 sshd[31653]: Received disconnect from 179.43.156.143 port 46328:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:56:18.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:58:26 honeypot-fra-1 sshd[31660]: Invalid user ansible from 179.43.156.143 port 40414","@timestamp":"2022-09-19T03:58:27.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:59:51 honeypot-fra-1 sshd[31664]: Received disconnect from 179.43.156.143 port 36478:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:59:51.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:00:13 honeypot-ams-1 sshd[6952]: Invalid user que from 137.116.144.39 port 60568","@timestamp":"2022-09-19T04:00:13.070Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:00:34 honeypot-fra-1 sshd[31669]: Disconnected from authenticating user root 179.43.156.143 port 34514 [preauth]","@timestamp":"2022-09-19T04:00:34.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:01:02 honeypot-ams-1 sshd[6957]: Disconnected from authenticating user root 58.230.203.182 port 53744 [preauth]","@timestamp":"2022-09-19T04:01:03.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:02:41 honeypot-fra-1 sshd[31675]: Received disconnect from 179.43.156.143 port 56848:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T04:02:42.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:04:08 honeypot-fra-1 sshd[31680]: Invalid user sysgames from 179.43.156.143 port 52904","@timestamp":"2022-09-19T04:04:08.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:05:37 honeypot-fra-1 sshd[31684]: Invalid user init from 179.43.156.143 port 48972","@timestamp":"2022-09-19T04:05:37.680Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:05:40.955Z","@version":"1","message":"Sep 19 04:05:40 honeypot-sgp-1 sshd[32677]: Received disconnect from 92.255.85.70 port 45860:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:09:45 honeypot-ams-1 kernel: [84437164.631022] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=27548 PROTO=TCP SPT=49803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:09:46.326Z"}
{"@timestamp":"2022-09-19T04:10:29.226Z","@version":"1","message":"Sep 19 04:10:28 honeypot-sgp-1 sshd[32688]: Disconnected from authenticating user root 61.177.173.52 port 20158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:12:00 honeypot-fra-1 sshd[31689]: ssh_dispatch_run_fatal: Connection from 207.229.167.36 port 52018: Connection corrupted [preauth]","@timestamp":"2022-09-19T04:12:01.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:16:29 honeypot-fra-1 sshd[31695]: Received disconnect from 110.93.245.190 port 64740:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:16:29.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:16:51.392Z","@version":"1","message":"Sep 19 04:16:50 honeypot-sgp-1 sshd[32697]: Invalid user darek from 138.68.72.245 port 44244","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:19:11 honeypot-fra-1 sshd[31701]: Disconnected from authenticating user root 137.184.5.49 port 56358 [preauth]","@timestamp":"2022-09-19T04:19:11.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:19:23.459Z","@version":"1","message":"Sep 19 04:19:23 honeypot-sgp-1 sshd[32702]: Received disconnect from 206.189.219.241 port 34692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:20:12.483Z","@version":"1","message":"Sep 19 04:20:12 honeypot-sgp-1 sshd[32707]: Disconnected from authenticating user root 162.218.78.179 port 55026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:21:52 honeypot-ams-1 kernel: [84437891.822034] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=37653 PROTO=TCP SPT=41300 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:21:52.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:25:24 honeypot-ams-1 sshd[6971]: Invalid user 1 from 92.255.85.69 port 36306","@timestamp":"2022-09-19T04:25:24.745Z"}
{"@timestamp":"2022-09-19T04:26:52.658Z","@version":"1","message":"Sep 19 04:26:51 honeypot-sgp-1 kernel: [84437713.833314] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.220.205.106 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39011 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:29:48.739Z","@version":"1","message":"Sep 19 04:29:48 honeypot-sgp-1 kernel: [84437890.595431] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.111 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=63071 PROTO=TCP SPT=54043 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:32:59 honeypot-fra-1 kernel: [84436385.111313] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5050 PROTO=TCP SPT=41776 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:33:00.287Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31726]: Invalid user hadoop from 34.71.244.4 port 36222","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31720]: Invalid user test from 34.71.244.4 port 36130","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31725]: Connection closed by authenticating user root 34.71.244.4 port 36392 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31710]: Connection closed by invalid user user 34.71.244.4 port 36090 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31717]: Connection closed by invalid user web 34.71.244.4 port 36118 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31721]: Connection closed by invalid user nexus 34.71.244.4 port 36070 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:36:00.903Z","@version":"1","message":"Sep 19 04:36:00 honeypot-sgp-1 kernel: [84438262.586017] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=7174 PROTO=TCP SPT=49406 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:39:29 honeypot-fra-1 kernel: [84436774.913148] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=87 TOS=0x00 PREC=0x00 TTL=250 ID=47131 PROTO=TCP SPT=9305 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:39:30.431Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T04:41:19.059Z","@version":"1","message":"Sep 19 04:41:19 honeypot-sgp-1 sshd[32725]: Disconnected from authenticating user root 61.177.173.53 port 45193 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:47:10 honeypot-ams-1 kernel: [84439409.507621] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=15915 PROTO=TCP SPT=6431 DPT=80 WINDOW=20831 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:47:11.295Z"}
{"@timestamp":"2022-09-19T04:54:21.382Z","@version":"1","message":"Sep 19 04:54:20 honeypot-sgp-1 sshd[32736]: Disconnected from invalid user user 45.61.186.249 port 55074 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:54:40.393Z","@version":"1","message":"Sep 19 04:54:40 honeypot-sgp-1 sshd[32740]: Disconnected from invalid user user 45.61.186.249 port 49562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:54:53 honeypot-ams-1 sshd[6984]: Disconnected from invalid user system 92.255.85.70 port 49398 [preauth]","@timestamp":"2022-09-19T04:54:54.493Z"}
{"@timestamp":"2022-09-19T04:54:58.401Z","@version":"1","message":"Sep 19 04:54:58 honeypot-sgp-1 sshd[32744]: Disconnected from invalid user user 45.61.186.249 port 44046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:55:15.409Z","@version":"1","message":"Sep 19 04:55:14 honeypot-sgp-1 sshd[32748]: Disconnected from invalid user user 45.61.186.249 port 38532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:59:13 honeypot-fra-1 kernel: [84437958.177820] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=22080 DF PROTO=TCP SPT=57117 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:59:13.864Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T04:59:45.524Z","@version":"1","message":"Sep 19 04:59:44 honeypot-sgp-1 kernel: [84439686.653845] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55792 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:00:32 honeypot-fra-1 sshd[31767]: Invalid user  from 64.62.197.2 port 44538","@timestamp":"2022-09-19T05:00:32.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:01:05 honeypot-ams-1 kernel: [84440244.316972] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.145.119.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=24391 PROTO=TCP SPT=50713 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:01:05.650Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:05:23 honeypot-ams-1 kernel: [84440502.972825] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=87 TOS=0x00 PREC=0x00 TTL=252 ID=64893 PROTO=TCP SPT=4103 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:05:24.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:08:23 honeypot-fra-1 sshd[31773]: Invalid user ftp from 193.106.191.157 port 52518","@timestamp":"2022-09-19T05:08:24.073Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:09:44.777Z","@version":"1","message":"Sep 19 05:09:44 honeypot-sgp-1 kernel: [84440285.983644] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.255.236.35 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=32155 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:10:56.810Z","@version":"1","message":"Sep 19 05:10:56 honeypot-sgp-1 sshd[32765]: Received disconnect from 45.61.186.249 port 53352:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:15.820Z","@version":"1","message":"Sep 19 05:11:15 honeypot-sgp-1 sshd[303]: Received disconnect from 45.61.186.249 port 48366:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:33.830Z","@version":"1","message":"Sep 19 05:11:33 honeypot-sgp-1 sshd[309]: Invalid user user from 45.61.186.249 port 43392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:41.834Z","@version":"1","message":"Sep 19 05:11:41 honeypot-sgp-1 sshd[311]: Received disconnect from 45.61.186.249 port 55026:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:12:00 honeypot-ams-1 kernel: [84440899.478168] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=53420 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:12:00.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:13:25 honeypot-fra-1 sshd[31777]: Disconnected from invalid user liushu 165.22.45.108 port 53886 [preauth]","@timestamp":"2022-09-19T05:13:26.186Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:13:45.888Z","@version":"1","message":"Sep 19 05:13:45 honeypot-sgp-1 sshd[314]: Disconnected from authenticating user root 61.177.172.114 port 35531 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:19:32 honeypot-fra-1 kernel: [84439177.602466] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=14409 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:19:33.321Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T05:20:44.065Z","@version":"1","message":"Sep 19 05:20:43 honeypot-sgp-1 sshd[324]: Disconnected from authenticating user root 61.177.173.51 port 24231 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:21:18 honeypot-ams-1 sshd[7447]: Connection closed by invalid user ftp 193.106.191.157 port 52148 [preauth]","@timestamp":"2022-09-19T05:21:19.175Z"}
{"@timestamp":"2022-09-19T05:22:03.101Z","@version":"1","message":"Sep 19 05:22:02 honeypot-sgp-1 sshd[331]: Disconnected from 61.177.172.98 port 38081 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:25:08 honeypot-ams-1 sshd[7452]: Received disconnect from 92.255.85.69 port 18786:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:25:09.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:25:21 honeypot-ams-1 sshd[7456]: Disconnected from authenticating user root 128.199.142.208 port 57646 [preauth]","@timestamp":"2022-09-19T05:25:22.284Z"}
{"@timestamp":"2022-09-19T05:26:31.217Z","@version":"1","message":"Sep 19 05:26:30 honeypot-sgp-1 sshd[336]: Received disconnect from 20.101.129.212 port 1024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:28:52 honeypot-fra-1 sshd[31788]: Disconnected from invalid user user 45.61.186.169 port 45328 [preauth]","@timestamp":"2022-09-19T05:28:52.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:10 honeypot-fra-1 sshd[31792]: Disconnected from invalid user user 45.61.186.169 port 40434 [preauth]","@timestamp":"2022-09-19T05:29:11.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:28 honeypot-fra-1 sshd[31796]: Disconnected from invalid user user 45.61.186.169 port 35536 [preauth]","@timestamp":"2022-09-19T05:29:28.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:44 honeypot-fra-1 sshd[31800]: Disconnected from invalid user user 45.61.186.169 port 58872 [preauth]","@timestamp":"2022-09-19T05:29:44.556Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:33:08.385Z","@version":"1","message":"Sep 19 05:33:08 honeypot-sgp-1 kernel: [84441690.225653] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=87 TOS=0x00 PREC=0x00 TTL=245 ID=50814 PROTO=TCP SPT=4403 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:36:47.479Z","@version":"1","message":"Sep 19 05:36:47 honeypot-sgp-1 sshd[343]: Disconnected from invalid user trisha 49.247.34.252 port 44395 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:37:19 honeypot-ams-1 sshd[7464]: Invalid user monitor from 103.242.199.118 port 57192","@timestamp":"2022-09-19T05:37:20.589Z"}
{"@timestamp":"2022-09-19T05:42:01.613Z","@version":"1","message":"Sep 19 05:42:00 honeypot-sgp-1 sshd[352]: Received disconnect from 189.254.172.114 port 14658:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:42:10 honeypot-fra-1 sshd[31805]: Received disconnect from 46.41.142.93 port 53916:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:42:11.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:43:01 honeypot-ams-1 sshd[7469]: Invalid user pyimagesearch from 179.60.147.69 port 24894","@timestamp":"2022-09-19T05:43:01.734Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:44:13 honeypot-fra-1 kernel: [84440658.593583] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=56127 PROTO=TCP SPT=56113 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:44:13.883Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:51:53 honeypot-fra-1 sshd[31814]: Received disconnect from 92.255.85.70 port 22206:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:51:54.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:52:52 honeypot-ams-1 kernel: [84443351.277006] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.227.28.112 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=26996 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:52:52.989Z"}
{"@timestamp":"2022-09-19T05:52:53.888Z","@version":"1","message":"Sep 19 05:52:52 honeypot-sgp-1 sshd[360]: Received disconnect from 89.22.165.187 port 43042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:55:14.948Z","@version":"1","message":"Sep 19 05:55:14 honeypot-sgp-1 sshd[364]: Disconnected from authenticating user root 61.177.172.108 port 17203 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:56:04 honeypot-fra-1 sshd[31818]: Connection closed by invalid user admin 121.154.34.24 port 38911 [preauth]","@timestamp":"2022-09-19T05:56:04.151Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:01:10 honeypot-ams-1 sshd[7475]: Invalid user user from 92.255.85.69 port 25522","@timestamp":"2022-09-19T06:01:11.204Z"}
{"@timestamp":"2022-09-19T06:01:49.114Z","@version":"1","message":"Sep 19 06:01:49 honeypot-sgp-1 sshd[374]: Received disconnect from 45.61.186.249 port 49336:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:08.125Z","@version":"1","message":"Sep 19 06:02:07 honeypot-sgp-1 sshd[378]: Received disconnect from 45.61.186.249 port 44058:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:26.134Z","@version":"1","message":"Sep 19 06:02:25 honeypot-sgp-1 sshd[382]: Received disconnect from 45.61.186.249 port 38768:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:42.141Z","@version":"1","message":"Sep 19 06:02:41 honeypot-sgp-1 sshd[386]: Invalid user user from 45.61.186.249 port 33512","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:06:25.237Z","@version":"1","message":"Sep 19 06:06:24 honeypot-sgp-1 sshd[391]: Invalid user postgres from 34.78.205.135 port 33893","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:08:09 honeypot-fra-1 sshd[31898]: Invalid user akim from 186.121.204.10 port 42964","@timestamp":"2022-09-19T06:08:10.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:11:01.353Z","@version":"1","message":"Sep 19 06:11:00 honeypot-sgp-1 sshd[396]: Received disconnect from 143.198.155.98 port 58836:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:13:54 honeypot-ams-1 kernel: [84444613.497375] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=46588 DF PROTO=TCP SPT=62882 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:13:54.524Z"}
{"@timestamp":"2022-09-19T06:14:17.435Z","@version":"1","message":"Sep 19 06:14:17 honeypot-sgp-1 sshd[401]: Disconnected from 61.177.172.114 port 50292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:15 honeypot-fra-1 sshd[31902]: Disconnected from invalid user user 45.61.187.160 port 36718 [preauth]","@timestamp":"2022-09-19T06:15:16.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:33 honeypot-fra-1 sshd[31906]: Disconnected from invalid user user 45.61.187.160 port 60180 [preauth]","@timestamp":"2022-09-19T06:15:34.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:50 honeypot-fra-1 sshd[31910]: Disconnected from invalid user user 45.61.187.160 port 55380 [preauth]","@timestamp":"2022-09-19T06:15:50.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:16:06 honeypot-fra-1 sshd[31914]: Disconnected from invalid user user 45.61.187.160 port 50580 [preauth]","@timestamp":"2022-09-19T06:16:07.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:18:00 honeypot-fra-1 sshd[31921]: Invalid user device from 179.60.147.69 port 13758","@timestamp":"2022-09-19T06:18:00.661Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:18:55.551Z","@version":"1","message":"Sep 19 06:18:55 honeypot-sgp-1 sshd[497]: Disconnected from 61.177.173.46 port 32831 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:20:25 honeypot-ams-1 sshd[7575]: Invalid user device from 179.60.147.69 port 8292","@timestamp":"2022-09-19T06:20:25.691Z"}
{"@timestamp":"2022-09-19T06:25:08.741Z","@version":"1","message":"Sep 19 06:25:07 honeypot-sgp-1 CRON[504]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:26:20 honeypot-ams-1 sshd[7746]: Disconnected from authenticating user root 92.255.85.69 port 62770 [preauth]","@timestamp":"2022-09-19T06:26:20.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:27 honeypot-ams-1 sshd[7752]: Received disconnect from 45.61.186.169 port 39364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:34:28.077Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:34:45 honeypot-ams-1 kernel: [84445864.747145] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.198.211.133 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=33144 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:34:46.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:01 honeypot-ams-1 sshd[7760]: Invalid user user from 45.61.186.169 port 58012","@timestamp":"2022-09-19T06:35:02.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:17 honeypot-ams-1 sshd[7764]: Invalid user user from 45.61.186.169 port 53216","@timestamp":"2022-09-19T06:35:18.121Z"}
{"@timestamp":"2022-09-19T06:36:17.018Z","@version":"1","message":"Sep 19 06:36:16 honeypot-sgp-1 kernel: [84445478.394852] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=47755 PROTO=TCP SPT=52655 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:38:21 honeypot-fra-1 kernel: [84443906.140431] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=28628 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:38:22.120Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:39:41 honeypot-ams-1 sshd[7767]: Disconnected from invalid user logger 35.236.14.147 port 49962 [preauth]","@timestamp":"2022-09-19T06:39:42.233Z"}
{"@timestamp":"2022-09-19T06:41:57.162Z","@version":"1","message":"Sep 19 06:41:57 honeypot-sgp-1 kernel: [84445818.996843] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=41.112.169.248 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=40972 PROTO=TCP SPT=3488 DPT=443 WINDOW=55555 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:43:31 honeypot-fra-1 sshd[32167]: Invalid user vpn from 92.255.85.69 port 28604","@timestamp":"2022-09-19T06:43:32.238Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:45:17 honeypot-ams-1 sshd[7774]: Received disconnect from 209.97.183.120 port 52276:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:45:18.380Z"}
{"@timestamp":"2022-09-19T06:46:21.271Z","@version":"1","message":"Sep 19 06:46:20 honeypot-sgp-1 sshd[757]: Received disconnect from 92.255.85.70 port 46798:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:50:37 honeypot-fra-1 sshd[32173]: Invalid user yn from 128.199.74.173 port 37418","@timestamp":"2022-09-19T06:50:37.393Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:50:41 honeypot-ams-1 sshd[7777]: Received disconnect from 2.238.74.118 port 56098:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:50:42.520Z"}
{"@timestamp":"2022-09-19T06:53:55.461Z","@version":"1","message":"Sep 19 06:53:55 honeypot-sgp-1 sshd[762]: Received disconnect from 61.177.172.90 port 33226:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:56:31 honeypot-ams-1 sshd[7782]: Invalid user vpn from 92.255.85.70 port 58586","@timestamp":"2022-09-19T06:56:32.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:57:56 honeypot-fra-1 sshd[32177]: Invalid user demo from 179.60.147.69 port 55700","@timestamp":"2022-09-19T06:57:57.557Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:02:06 honeypot-ams-1 kernel: [84447505.196323] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=84 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=2032 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:02:06.817Z"}
{"@timestamp":"2022-09-19T07:02:41.679Z","@version":"1","message":"Sep 19 07:02:41 honeypot-sgp-1 kernel: [84447063.220085] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=84 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=10226 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:04:50 honeypot-fra-1 sshd[32180]: Disconnected from authenticating user root 49.146.247.32 port 39778 [preauth]","@timestamp":"2022-09-19T07:04:50.727Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:06:30.793Z","@version":"1","message":"Sep 19 07:06:29 honeypot-sgp-1 sshd[776]: Disconnected from invalid user robin123 139.59.102.170 port 38176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:08:40 honeypot-fra-1 sshd[32186]: Invalid user ftp from 193.106.191.157 port 43306","@timestamp":"2022-09-19T07:08:41.815Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:11:21 honeypot-fra-1 sshd[32191]: Received disconnect from 164.92.172.247 port 46520:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:11:21.878Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:12:47.953Z","@version":"1","message":"Sep 19 07:12:47 honeypot-sgp-1 kernel: [84447669.360728] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=83 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=8190 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:17:01 honeypot-fra-1 CRON[32197]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T07:17:02.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:17:01 honeypot-ams-1 CRON[7791]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T07:17:02.205Z"}
{"@timestamp":"2022-09-19T07:22:13.186Z","@version":"1","message":"Sep 19 07:22:12 honeypot-sgp-1 sshd[796]: Invalid user finexa from 104.248.181.156 port 35452","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:22:14 honeypot-ams-1 sshd[7799]: Invalid user www from 103.188.176.251 port 46408","@timestamp":"2022-09-19T07:22:15.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:22:26 honeypot-ams-1 sshd[7803]: Disconnected from invalid user postgres 175.193.13.3 port 44076 [preauth]","@timestamp":"2022-09-19T07:22:27.349Z"}
{"@timestamp":"2022-09-19T07:24:22.241Z","@version":"1","message":"Sep 19 07:24:21 honeypot-sgp-1 sshd[800]: Disconnected from authenticating user root 61.177.173.46 port 18415 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:29:53 honeypot-fra-1 kernel: [84446997.734856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=18392 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:29:53.291Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:30:45 honeypot-ams-1 kernel: [84449224.271614] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=32764 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:30:45.566Z"}
{"@timestamp":"2022-09-19T07:35:04.533Z","@version":"1","message":"Sep 19 07:35:03 honeypot-sgp-1 sshd[810]: Invalid user admin from 179.60.147.69 port 3206","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:36:00 honeypot-fra-1 sshd[32213]: Disconnected from invalid user pvn 159.65.1.92 port 34316 [preauth]","@timestamp":"2022-09-19T07:36:01.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:39:24 honeypot-fra-1 kernel: [84447569.453366] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=86 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=20442 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:39:25.501Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:40:52.676Z","@version":"1","message":"Sep 19 07:40:51 honeypot-sgp-1 kernel: [84449353.618125] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=30716 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:44:56 honeypot-fra-1 kernel: [84447901.144525] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=21446 DF PROTO=TCP SPT=39830 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:44:56.625Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:45:45.798Z","@version":"1","message":"Sep 19 07:45:45 honeypot-sgp-1 kernel: [84449647.114076] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=88 TOS=0x00 PREC=0x00 TTL=245 ID=12596 PROTO=TCP SPT=16571 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:45:47 honeypot-ams-1 sshd[7816]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-19T07:45:47.946Z"}
{"@timestamp":"2022-09-19T07:48:27.867Z","@version":"1","message":"Sep 19 07:48:27 honeypot-sgp-1 sshd[832]: Connection closed by invalid user oot 103.188.176.251 port 57544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:50:01 honeypot-fra-1 sshd[32228]: Received disconnect from 61.177.172.13 port 14280:11:  [preauth]","@timestamp":"2022-09-19T07:50:01.741Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:50:24 honeypot-ams-1 kernel: [84450403.405602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44536 DF PROTO=TCP SPT=41522 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:50:25.073Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:57:38 honeypot-fra-1 kernel: [84448663.013268] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=43343 PROTO=TCP SPT=2651 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:57:38.912Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:59:11 honeypot-ams-1 kernel: [84450931.028812] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.199.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=43752 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:59:12.307Z"}
{"@timestamp":"2022-09-19T08:00:06.154Z","@version":"1","message":"Sep 19 08:00:05 honeypot-sgp-1 kernel: [84450507.400243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54144 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:04:26 honeypot-fra-1 kernel: [84449070.916691] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47402 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:04:27.067Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:11:15.452Z","@version":"1","message":"Sep 19 08:11:14 honeypot-sgp-1 sshd[851]: Connection closed by invalid user plexuser 179.60.147.69 port 28338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:12:20 honeypot-fra-1 sshd[32239]: Invalid user plexuser from 179.60.147.69 port 7112","@timestamp":"2022-09-19T08:12:21.246Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:14:32 honeypot-ams-1 sshd[7832]: Connection closed by invalid user plexuser 179.60.147.69 port 49036 [preauth]","@timestamp":"2022-09-19T08:14:32.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:17:13 honeypot-fra-1 sshd[32264]: Disconnected from authenticating user root 92.255.85.69 port 47900 [preauth]","@timestamp":"2022-09-19T08:17:13.359Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:17:41 honeypot-ams-1 sshd[7839]: Disconnected from invalid user kk 174.138.24.231 port 60694 [preauth]","@timestamp":"2022-09-19T08:17:41.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:18:58 honeypot-fra-1 sshd[32269]: Received disconnect from 45.61.186.249 port 36548:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:18:59.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:18 honeypot-fra-1 sshd[32273]: Received disconnect from 45.61.186.249 port 59810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:19:19.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:37 honeypot-fra-1 sshd[32277]: Received disconnect from 45.61.186.249 port 54852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:19:38.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:50 honeypot-fra-1 sshd[32281]: Received disconnect from 86.107.199.172 port 44206:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:19:50.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:20:52 honeypot-fra-1 sshd[32285]: Received disconnect from 86.107.199.172 port 47508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:20:53.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:20:54.688Z","@version":"1","message":"Sep 19 08:20:53 honeypot-sgp-1 sshd[862]: Disconnected from authenticating user root 92.255.85.70 port 55382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:22:03 honeypot-fra-1 kernel: [84450127.752095] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=78 TOS=0x00 PREC=0x00 TTL=238 ID=22780 DF PROTO=TCP SPT=32754 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:22:03.481Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:23:56 honeypot-fra-1 sshd[32292]: Disconnected from invalid user 165.22.25.203 86.107.199.172 port 57432 [preauth]","@timestamp":"2022-09-19T08:23:56.526Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:24:25 honeypot-ams-1 kernel: [84452444.290655] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=82.59.232.75 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21238 PROTO=TCP SPT=30187 DPT=80 WINDOW=12219 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:24:25.971Z"}
{"@timestamp":"2022-09-19T08:24:49.789Z","@version":"1","message":"Sep 19 08:24:49 honeypot-sgp-1 sshd[887]: Received disconnect from 165.22.217.96 port 47990:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T08:25:03.797Z","@version":"1","message":"Sep 19 08:25:03 honeypot-sgp-1 sshd[894]: Invalid user admin from 128.199.66.208 port 45470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:25:57 honeypot-fra-1 sshd[32296]: Received disconnect from 86.107.199.172 port 35818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:25:58.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:28:02 honeypot-fra-1 sshd[32302]: Invalid user 165.227.195.88 from 86.107.199.172 port 42442","@timestamp":"2022-09-19T08:28:03.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:29:29.907Z","@version":"1","message":"Sep 19 08:29:29 honeypot-sgp-1 kernel: [84452270.814021] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.100 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56998 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:30:11 honeypot-fra-1 sshd[32306]: Invalid user 165.227.172.187 from 86.107.199.172 port 49050","@timestamp":"2022-09-19T08:30:11.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:31:17 honeypot-fra-1 sshd[32309]: Disconnected from invalid user 165.227.23.132 86.107.199.172 port 52372 [preauth]","@timestamp":"2022-09-19T08:31:17.699Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:32:01 honeypot-ams-1 kernel: [84452900.718246] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=209.141.40.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33506 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:32:02.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:32:31 honeypot-fra-1 sshd[32315]: Invalid user monitor from 193.8.210.136 port 34642","@timestamp":"2022-09-19T08:32:31.730Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:33:09.002Z","@version":"1","message":"Sep 19 08:33:08 honeypot-sgp-1 kernel: [84452490.085811] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.197.13 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50724 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:33:27 honeypot-fra-1 sshd[32318]: Received disconnect from 86.107.199.172 port 58998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:33:27.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:34:53 honeypot-fra-1 kernel: [84450897.880379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.244 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=16151 PROTO=TCP SPT=56454 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:34:53.789Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:36:44 honeypot-fra-1 sshd[32324]: Received disconnect from 86.107.199.172 port 40704:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:36:44.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:37:27.112Z","@version":"1","message":"Sep 19 08:37:26 honeypot-sgp-1 sshd[902]: Disconnected from 61.177.173.48 port 39910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:38:16 honeypot-fra-1 sshd[32328]: Disconnected from authenticating user root 159.65.41.104 port 58278 [preauth]","@timestamp":"2022-09-19T08:38:16.870Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:39:42 honeypot-ams-1 sshd[7867]: Invalid user musikbot from 189.182.176.231 port 54922","@timestamp":"2022-09-19T08:39:43.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:39:57 honeypot-fra-1 sshd[32333]: Invalid user 165.227.199.226 from 86.107.199.172 port 50634","@timestamp":"2022-09-19T08:39:57.912Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:40:26 honeypot-ams-1 kernel: [84453405.272802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=18418 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:40:26.400Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:42:09 honeypot-fra-1 sshd[32337]: Invalid user 165.227.138.98 from 86.107.199.172 port 57248","@timestamp":"2022-09-19T08:42:09.964Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:43:17 honeypot-fra-1 sshd[32340]: Disconnected from invalid user 165.22.108.176 86.107.199.172 port 60558 [preauth]","@timestamp":"2022-09-19T08:43:17.991Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:44:04.278Z","@version":"1","message":"Sep 19 08:44:03 honeypot-sgp-1 sshd[909]: Disconnected from 61.177.173.52 port 64152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:44:21 honeypot-fra-1 sshd[32345]: Received disconnect from 86.107.199.172 port 35638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:44:22.021Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:44:25 honeypot-ams-1 sshd[7873]: Received disconnect from 178.128.51.153 port 37624:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:44:25.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:45:27 honeypot-fra-1 sshd[32349]: Disconnected from invalid user 165.227.174.233 86.107.199.172 port 38950 [preauth]","@timestamp":"2022-09-19T08:45:28.048Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:46:37 honeypot-fra-1 sshd[32351]: Disconnected from invalid user 165.227.107.158 86.107.199.172 port 42254 [preauth]","@timestamp":"2022-09-19T08:46:38.079Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:48:30 honeypot-ams-1 sshd[7876]: Disconnected from invalid user user 103.228.112.138 port 60962 [preauth]","@timestamp":"2022-09-19T08:48:30.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:48:51 honeypot-fra-1 sshd[32357]: Received disconnect from 86.107.199.172 port 48890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:48:52.133Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:49:47.423Z","@version":"1","message":"Sep 19 08:49:46 honeypot-sgp-1 sshd[918]: Received disconnect from 92.255.85.69 port 36030:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:51:05 honeypot-fra-1 sshd[32363]: Invalid user 165.22.96.179 from 86.107.199.172 port 55502","@timestamp":"2022-09-19T08:51:06.186Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:52:32 honeypot-fra-1 sshd[32365]: Disconnected from invalid user 165.227.73.148 86.107.199.172 port 58884 [preauth]","@timestamp":"2022-09-19T08:52:33.221Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:52:34 honeypot-ams-1 sshd[7883]: Received disconnect from 92.255.85.70 port 54248:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:52:35.724Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:55:01 honeypot-fra-1 sshd[32370]: Disconnected from invalid user 165.227.145.198 86.107.199.172 port 37216 [preauth]","@timestamp":"2022-09-19T08:55:02.277Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:57:36.615Z","@version":"1","message":"Sep 19 08:57:36 honeypot-sgp-1 kernel: [84453957.939836] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=22492 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:58:35 honeypot-fra-1 sshd[32374]: Received disconnect from 86.107.199.172 port 43832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:58:35.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:13 honeypot-fra-1 sshd[32379]: Invalid user user from 45.61.186.49 port 46124","@timestamp":"2022-09-19T08:59:13.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:21 honeypot-fra-1 sshd[32383]: Invalid user user from 45.61.186.49 port 57554","@timestamp":"2022-09-19T08:59:21.382Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:59:30 honeypot-ams-1 kernel: [84454550.021232] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.105.53.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=31514 PROTO=TCP SPT=1984 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:59:31.910Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:01:51 honeypot-fra-1 sshd[32388]: Invalid user 165.22.107.5 from 86.107.199.172 port 50450","@timestamp":"2022-09-19T09:01:51.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:01:54.722Z","@version":"1","message":"Sep 19 09:01:53 honeypot-sgp-1 sshd[928]: Disconnected from 61.177.173.47 port 49328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:03:25 honeypot-fra-1 kernel: [84452610.366239] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2469 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:03:26.479Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:04:16.785Z","@version":"1","message":"Sep 19 09:04:15 honeypot-sgp-1 sshd[936]: Received disconnect from 45.61.187.160 port 46086:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:33.793Z","@version":"1","message":"Sep 19 09:04:33 honeypot-sgp-1 sshd[940]: Received disconnect from 45.61.187.160 port 41346:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:50.802Z","@version":"1","message":"Sep 19 09:04:50 honeypot-sgp-1 sshd[944]: Received disconnect from 45.61.187.160 port 36556:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:05:06.811Z","@version":"1","message":"Sep 19 09:05:06 honeypot-sgp-1 sshd[948]: Received disconnect from 45.61.187.160 port 60044:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:05:46 honeypot-ams-1 sshd[7962]: Invalid user admin from 192.3.134.187 port 39622","@timestamp":"2022-09-19T09:05:47.076Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:06:28 honeypot-fra-1 sshd[32395]: Received disconnect from 86.107.199.172 port 57078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:06:29.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:09:38 honeypot-fra-1 sshd[32399]: Connection closed by invalid user tuxedo 193.106.191.157 port 34264 [preauth]","@timestamp":"2022-09-19T09:09:38.626Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:11:22 honeypot-fra-1 sshd[32403]: Received disconnect from 165.22.45.108 port 37542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:11:22.668Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:13:53.027Z","@version":"1","message":"Sep 19 09:13:52 honeypot-sgp-1 sshd[955]: Received disconnect from 61.177.173.36 port 28384:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:14:33 honeypot-fra-1 kernel: [84453277.621350] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.194.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46575 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:14:33.741Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:16:28.094Z","@version":"1","message":"Sep 19 09:16:27 honeypot-sgp-1 sshd[963]: Invalid user pi from 46.160.140.238 port 50794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:16:34 honeypot-fra-1 sshd[32410]: Disconnected from authenticating user root 92.255.85.69 port 54782 [preauth]","@timestamp":"2022-09-19T09:16:34.789Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:17:01 honeypot-ams-1 CRON[7966]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T09:17:02.365Z"}
{"@timestamp":"2022-09-19T09:17:06.112Z","@version":"1","message":"Sep 19 09:17:06 honeypot-sgp-1 sshd[970]: Received disconnect from 45.89.26.197 port 44826:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:17:42 honeypot-fra-1 sshd[32415]: Received disconnect from 95.91.233.236 port 19190:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:17:42.817Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:17:59.135Z","@version":"1","message":"Sep 19 09:17:59 honeypot-sgp-1 sshd[976]: Received disconnect from 111.95.141.34 port 57408:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:19:24.172Z","@version":"1","message":"Sep 19 09:19:23 honeypot-sgp-1 sshd[980]: Invalid user angel from 114.7.200.107 port 59496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:20:30 honeypot-ams-1 kernel: [84455809.748061] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46021 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:20:31.459Z"}
{"@timestamp":"2022-09-19T09:20:35.202Z","@version":"1","message":"Sep 19 09:20:34 honeypot-sgp-1 sshd[984]: Disconnected from authenticating user root 92.255.85.70 port 33628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:22:33 honeypot-ams-1 sshd[7974]: Connection closed by invalid user tuxedo 193.106.191.157 port 38354 [preauth]","@timestamp":"2022-09-19T09:22:33.518Z"}
{"@timestamp":"2022-09-19T09:22:34.252Z","@version":"1","message":"Sep 19 09:22:33 honeypot-sgp-1 sshd[991]: Received disconnect from 218.92.0.221 port 64553:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:24:40 honeypot-fra-1 sshd[32420]: Connection closed by authenticating user root 179.60.147.69 port 20622 [preauth]","@timestamp":"2022-09-19T09:24:40.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:26:22.346Z","@version":"1","message":"Sep 19 09:26:21 honeypot-sgp-1 sshd[996]: Disconnected from invalid user ervin 159.65.224.135 port 44238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:30:06 honeypot-ams-1 kernel: [84456385.228985] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=87 TOS=0x00 PREC=0x00 TTL=252 ID=55845 PROTO=TCP SPT=25873 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:30:06.717Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:32:37 honeypot-fra-1 kernel: [84454361.587317] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=79 TOS=0x00 PREC=0x00 TTL=238 ID=22780 DF PROTO=TCP SPT=30712 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:32:37.154Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:33:50 honeypot-ams-1 kernel: [84456609.439922] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40059 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:33:50.818Z"}
{"@timestamp":"2022-09-19T09:34:17.540Z","@version":"1","message":"Sep 19 09:34:16 honeypot-sgp-1 sshd[1004]: Received disconnect from 164.163.96.253 port 49456:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:35:43 honeypot-fra-1 sshd[32426]: Disconnected from invalid user service 41.93.31.73 port 43232 [preauth]","@timestamp":"2022-09-19T09:35:44.223Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:38:08.635Z","@version":"1","message":"Sep 19 09:38:07 honeypot-sgp-1 sshd[1011]: Received disconnect from 61.177.173.36 port 35491:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:40:45 honeypot-ams-1 kernel: [84457024.697885] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=77 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=18386 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:40:46.002Z"}
{"@timestamp":"2022-09-19T09:41:02.709Z","@version":"1","message":"Sep 19 09:41:01 honeypot-sgp-1 sshd[1017]: Received disconnect from 61.177.173.37 port 40002:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:44:11 honeypot-fra-1 sshd[32430]: Received disconnect from 92.255.85.69 port 19938:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:44:11.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:46:18 honeypot-fra-1 sshd[32434]: Connection closed by invalid user tuxedo 193.106.191.157 port 58394 [preauth]","@timestamp":"2022-09-19T09:46:18.476Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:46:44.847Z","@version":"1","message":"Sep 19 09:46:44 honeypot-sgp-1 sshd[1026]: Received disconnect from 92.255.85.69 port 29530:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:46:46 honeypot-ams-1 kernel: [84457386.008815] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=78 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=26610 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:46:47.159Z"}
{"@timestamp":"2022-09-19T09:49:53.929Z","@version":"1","message":"Sep 19 09:49:53 honeypot-sgp-1 sshd[1030]: Did not receive identification string from 201.219.232.9 port 54422","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:24 honeypot-ams-1 sshd[7993]: Disconnected from invalid user user 45.61.186.249 port 42838 [preauth]","@timestamp":"2022-09-19T09:50:25.255Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:50:36 honeypot-fra-1 sshd[32441]: Connection closed by 2.182.71.61 port 50508 [preauth]","@timestamp":"2022-09-19T09:50:36.574Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:46 honeypot-ams-1 sshd[7997]: Disconnected from invalid user user 45.61.186.249 port 37470 [preauth]","@timestamp":"2022-09-19T09:50:47.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:04 honeypot-ams-1 sshd[8001]: Disconnected from invalid user user 45.61.186.249 port 60322 [preauth]","@timestamp":"2022-09-19T09:51:04.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:20 honeypot-ams-1 sshd[8006]: Disconnected from invalid user user 45.61.186.249 port 54948 [preauth]","@timestamp":"2022-09-19T09:51:21.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:51 honeypot-ams-1 sshd[8010]: Disconnected from invalid user cyt 201.17.133.138 port 53534 [preauth]","@timestamp":"2022-09-19T09:51:52.301Z"}
{"@timestamp":"2022-09-19T09:55:54.079Z","@version":"1","message":"Sep 19 09:55:53 honeypot-sgp-1 kernel: [84457455.334550] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=78 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=2008 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:00:04.185Z","@version":"1","message":"Sep 19 10:00:03 honeypot-sgp-1 sshd[1049]: Received disconnect from 61.177.172.104 port 15994:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:00:44 honeypot-fra-1 sshd[32447]: Invalid user hxeadm from 179.60.147.69 port 19248","@timestamp":"2022-09-19T10:00:44.801Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:01:57 honeypot-ams-1 sshd[8016]: Disconnected from authenticating user root 175.29.122.43 port 33880 [preauth]","@timestamp":"2022-09-19T10:01:57.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:05 honeypot-ams-1 sshd[8022]: Received disconnect from 175.29.122.43 port 34402:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:05.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:10 honeypot-ams-1 sshd[8028]: Received disconnect from 175.29.122.43 port 34472:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:10.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:14 honeypot-ams-1 sshd[8035]: Received disconnect from 175.29.122.43 port 34876:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:15.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:20 honeypot-ams-1 sshd[8041]: Received disconnect from 175.29.122.43 port 34960:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:20.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:24 honeypot-ams-1 sshd[8047]: Received disconnect from 175.29.122.43 port 35370:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:25.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:29 honeypot-ams-1 sshd[8053]: Received disconnect from 175.29.122.43 port 35440:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:30.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:34 honeypot-ams-1 sshd[8059]: Received disconnect from 175.29.122.43 port 35814:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:34.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:39 honeypot-ams-1 sshd[8065]: Received disconnect from 175.29.122.43 port 35926:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:40.591Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:44 honeypot-ams-1 sshd[8071]: Received disconnect from 175.29.122.43 port 36298:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:45.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:49 honeypot-ams-1 sshd[8077]: Received disconnect from 175.29.122.43 port 36418:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:49.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:54 honeypot-ams-1 sshd[8083]: Received disconnect from 175.29.122.43 port 36742:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:54.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:57 honeypot-ams-1 sshd[8089]: Disconnected from authenticating user root 175.29.122.43 port 36872 [preauth]","@timestamp":"2022-09-19T10:02:57.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:00 honeypot-ams-1 sshd[8093]: Received disconnect from 175.29.122.43 port 36918:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:00.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:03 honeypot-ams-1 sshd[8097]: Received disconnect from 175.29.122.43 port 36970:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:03.608Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:06 honeypot-ams-1 sshd[8102]: Received disconnect from 175.29.122.43 port 37412:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:06.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:09 honeypot-ams-1 sshd[8106]: Invalid user admin from 175.29.122.43 port 37478","@timestamp":"2022-09-19T10:03:09.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:12 honeypot-ams-1 sshd[8110]: Invalid user admin from 175.29.122.43 port 37542","@timestamp":"2022-09-19T10:03:13.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:16 honeypot-ams-1 sshd[8114]: Received disconnect from 175.29.122.43 port 37972:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:16.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:20 honeypot-ams-1 sshd[8118]: Disconnected from invalid user pi 175.29.122.43 port 38052 [preauth]","@timestamp":"2022-09-19T10:03:21.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:24 honeypot-ams-1 sshd[8122]: Disconnected from invalid user user 175.29.122.43 port 38382 [preauth]","@timestamp":"2022-09-19T10:03:24.623Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:27 honeypot-ams-1 sshd[8126]: Disconnected from invalid user mine 175.29.122.43 port 38548 [preauth]","@timestamp":"2022-09-19T10:03:27.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:30 honeypot-ams-1 sshd[8130]: Disconnected from invalid user xbmc 175.29.122.43 port 38618 [preauth]","@timestamp":"2022-09-19T10:03:30.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:34 honeypot-ams-1 sshd[8134]: Disconnected from invalid user oracle 175.29.122.43 port 38758 [preauth]","@timestamp":"2022-09-19T10:03:34.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:36 honeypot-ams-1 sshd[8138]: Disconnected from invalid user postgres 175.29.122.43 port 39120 [preauth]","@timestamp":"2022-09-19T10:03:37.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:41 honeypot-ams-1 sshd[8142]: Disconnected from invalid user support 175.29.122.43 port 39226 [preauth]","@timestamp":"2022-09-19T10:03:41.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:44 honeypot-ams-1 sshd[8146]: Disconnected from invalid user ubuntu 175.29.122.43 port 39542 [preauth]","@timestamp":"2022-09-19T10:03:44.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:47 honeypot-ams-1 sshd[8150]: Disconnected from invalid user ubuntu 175.29.122.43 port 39726 [preauth]","@timestamp":"2022-09-19T10:03:47.639Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:50 honeypot-ams-1 sshd[8154]: Received disconnect from 175.29.122.43 port 39790:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:51.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:53 honeypot-ams-1 sshd[8158]: Received disconnect from 175.29.122.43 port 39920:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:54.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:06:46 honeypot-fra-1 kernel: [84456410.954053] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=32498 PROTO=TCP SPT=48701 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:06:46.941Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:09:45 honeypot-fra-1 sshd[32457]: Disconnected from invalid user ubuntu 92.255.85.69 port 51554 [preauth]","@timestamp":"2022-09-19T10:09:46.011Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:10:59.450Z","@version":"1","message":"Sep 19 10:10:58 honeypot-sgp-1 sshd[1055]: Disconnected from authenticating user root 186.215.100.34 port 62213 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:13:28.517Z","@version":"1","message":"Sep 19 10:13:28 honeypot-sgp-1 sshd[1059]: Disconnected from invalid user ubuntu 92.255.85.70 port 21094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:15:22 honeypot-fra-1 kernel: [84456926.987465] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50566 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:15:23.139Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:16:12 honeypot-ams-1 kernel: [84459151.815662] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.152 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47221 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:16:12.963Z"}
{"@timestamp":"2022-09-19T10:17:48.624Z","@version":"1","message":"Sep 19 10:17:48 honeypot-sgp-1 sshd[1067]: Received disconnect from 61.177.173.47 port 27117:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:18:53 honeypot-ams-1 kernel: [84459312.718294] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=25372 PROTO=TCP SPT=18695 DPT=80 WINDOW=59071 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:18:54.032Z"}
{"@timestamp":"2022-09-19T10:20:10.683Z","@version":"1","message":"Sep 19 10:20:09 honeypot-sgp-1 kernel: [84458911.587086] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35739 PROTO=TCP SPT=19927 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:21:34.722Z","@version":"1","message":"Sep 19 10:21:34 honeypot-sgp-1 sshd[1079]: Received disconnect from 143.244.158.100 port 55708:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:23:11.763Z","@version":"1","message":"Sep 19 10:23:11 honeypot-sgp-1 sshd[1086]: Received disconnect from 143.244.158.100 port 36172:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:23:55.784Z","@version":"1","message":"Sep 19 10:23:55 honeypot-sgp-1 sshd[1089]: Received disconnect from 45.61.187.160 port 50894:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:03.789Z","@version":"1","message":"Sep 19 10:24:03 honeypot-sgp-1 sshd[1093]: Disconnected from invalid user user 45.61.187.160 port 34182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:21.798Z","@version":"1","message":"Sep 19 10:24:21 honeypot-sgp-1 sshd[1097]: Disconnected from invalid user user 45.61.187.160 port 57198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:37.805Z","@version":"1","message":"Sep 19 10:24:37 honeypot-sgp-1 sshd[1101]: Disconnected from invalid user user 45.61.187.160 port 51984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:52.813Z","@version":"1","message":"Sep 19 10:24:52 honeypot-sgp-1 sshd[1107]: Invalid user ruut from 159.203.108.158 port 34692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:25:40.835Z","@version":"1","message":"Sep 19 10:25:40 honeypot-sgp-1 sshd[1111]: Disconnected from authenticating user root 111.202.249.76 port 2620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:28:01.893Z","@version":"1","message":"Sep 19 10:28:01 honeypot-sgp-1 sshd[1118]: Disconnected from authenticating user root 143.244.158.100 port 33234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:29:39.937Z","@version":"1","message":"Sep 19 10:29:39 honeypot-sgp-1 sshd[1127]: Received disconnect from 143.244.158.100 port 40658:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:31:17 honeypot-fra-1 kernel: [84457882.214298] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=22938 PROTO=TCP SPT=52004 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:31:18.509Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:31:19.001Z","@version":"1","message":"Sep 19 10:31:18 honeypot-sgp-1 sshd[1131]: Disconnected from authenticating user root 143.244.158.100 port 36192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:33:51.067Z","@version":"1","message":"Sep 19 10:33:50 honeypot-sgp-1 sshd[1138]: Received disconnect from 143.244.158.100 port 56154:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:36:19.129Z","@version":"1","message":"Sep 19 10:36:18 honeypot-sgp-1 sshd[1147]: Received disconnect from 143.244.158.100 port 59878:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:36:29 honeypot-fra-1 sshd[32472]: Disconnected from invalid user admin 92.255.85.70 port 16084 [preauth]","@timestamp":"2022-09-19T10:36:29.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:37:56.171Z","@version":"1","message":"Sep 19 10:37:55 honeypot-sgp-1 sshd[1151]: Disconnected from authenticating user root 143.244.158.100 port 49310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:38:44 honeypot-ams-1 kernel: [84460503.678389] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.220.205.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49343 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:38:45.545Z"}
{"@timestamp":"2022-09-19T10:39:18.209Z","@version":"1","message":"Sep 19 10:39:17 honeypot-sgp-1 sshd[1158]: Received disconnect from 61.177.173.35 port 17413:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:40:35.243Z","@version":"1","message":"Sep 19 10:40:34 honeypot-sgp-1 sshd[1164]: Bad protocol version identification '\\003' from 185.122.204.54 port 65162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:42:23.289Z","@version":"1","message":"Sep 19 10:42:22 honeypot-sgp-1 sshd[1169]: Received disconnect from 92.255.85.69 port 42856:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:42:57.305Z","@version":"1","message":"Sep 19 10:42:56 honeypot-sgp-1 sshd[1173]: Disconnected from authenticating user root 143.244.158.100 port 56020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:44:03 honeypot-ams-1 sshd[8177]: Received disconnect from 92.255.85.69 port 60222:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:44:03.682Z"}
{"@timestamp":"2022-09-19T10:44:39.348Z","@version":"1","message":"Sep 19 10:44:38 honeypot-sgp-1 sshd[1178]: Disconnected from authenticating user root 143.244.158.100 port 49810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32496]: Invalid user devops from 20.16.187.32 port 35818","@timestamp":"2022-09-19T10:46:02.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32495]: Connection closed by invalid user centos 20.16.187.32 port 35820 [preauth]","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32500]: Connection closed by authenticating user root 20.16.187.32 port 35842 [preauth]","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32513]: Invalid user devops from 20.16.187.32 port 35854","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32515]: Invalid user postgres from 20.16.187.32 port 35840","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32515]: Connection closed by invalid user postgres 20.16.187.32 port 35840 [preauth]","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:47:09.411Z","@version":"1","message":"Sep 19 10:47:08 honeypot-sgp-1 sshd[1185]: Received disconnect from 143.244.158.100 port 56510:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:48:54.456Z","@version":"1","message":"Sep 19 10:48:53 honeypot-sgp-1 sshd[1192]: Invalid user tomcat8 from 114.205.54.184 port 44324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:49:38 honeypot-fra-1 sshd[32531]: Disconnected from authenticating user root 172.79.124.130 port 11483 [preauth]","@timestamp":"2022-09-19T10:49:38.935Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:50:05.485Z","@version":"1","message":"Sep 19 10:50:05 honeypot-sgp-1 sshd[1209]: Disconnected from authenticating user root 61.177.173.46 port 13986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:52:04.536Z","@version":"1","message":"Sep 19 10:52:03 honeypot-sgp-1 sshd[1218]: Disconnected from authenticating user root 143.244.158.100 port 53022 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:53:14 honeypot-ams-1 kernel: [84461373.320689] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.205.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42017 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:53:14.935Z"}
{"@timestamp":"2022-09-19T10:54:34.599Z","@version":"1","message":"Sep 19 10:54:34 honeypot-sgp-1 sshd[1226]: Received disconnect from 143.244.158.100 port 34462:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:55:55 honeypot-fra-1 kernel: [84459359.274020] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.192.200 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50152 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:55:55.074Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:56:17.697Z","@version":"1","message":"Sep 19 10:56:16 honeypot-sgp-1 sshd[1231]: Disconnected from authenticating user root 143.244.158.100 port 33106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:57:59.742Z","@version":"1","message":"Sep 19 10:57:58 honeypot-sgp-1 sshd[1235]: Disconnected from authenticating user root 143.244.158.100 port 42392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32560]: Invalid user steam from 121.4.171.124 port 54126","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32546]: Invalid user esuser from 121.4.171.124 port 54152","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:37 honeypot-fra-1 sshd[32546]: Connection closed by invalid user esuser 121.4.171.124 port 54152 [preauth]","@timestamp":"2022-09-19T10:59:38.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:00:28.808Z","@version":"1","message":"Sep 19 11:00:28 honeypot-sgp-1 sshd[1243]: Disconnected from authenticating user root 143.244.158.100 port 45242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:01:09 honeypot-fra-1 kernel: [84459673.814512] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.2 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49240 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:01:10.196Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:02:57 honeypot-ams-1 kernel: [84461956.673833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.189.31.234 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34772 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:02:58.188Z"}
{"@timestamp":"2022-09-19T11:03:00.872Z","@version":"1","message":"Sep 19 11:03:00 honeypot-sgp-1 sshd[1250]: Received disconnect from 143.244.158.100 port 59410:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:08:33.006Z","@version":"1","message":"Sep 19 11:08:32 honeypot-sgp-1 kernel: [84461814.060323] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.68.187 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=36759 PROTO=TCP SPT=59672 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:08:40 honeypot-fra-1 sshd[32575]: Invalid user liuyufan from 165.22.45.108 port 43460","@timestamp":"2022-09-19T11:08:41.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:09:33.034Z","@version":"1","message":"Sep 19 11:09:32 honeypot-sgp-1 kernel: [84461874.393882] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=31523 DF PROTO=TCP SPT=8334 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:10:04 honeypot-ams-1 kernel: [84462383.071733] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.154.90.12 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=58438 PROTO=TCP SPT=43246 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:10:04.380Z"}
{"@timestamp":"2022-09-19T11:13:14.126Z","@version":"1","message":"Sep 19 11:13:13 honeypot-sgp-1 kernel: [84462095.485677] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=48948 PROTO=TCP SPT=45887 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:14:50 honeypot-ams-1 kernel: [84462669.182285] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=217.77.61.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=48946 PROTO=TCP SPT=13355 DPT=80 WINDOW=539 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:14:50.506Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:16:19 honeypot-fra-1 kernel: [84460583.811874] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=53103 PROTO=TCP SPT=26785 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:16:20.535Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:17:02.219Z","@version":"1","message":"Sep 19 11:17:01 honeypot-sgp-1 CRON[1265]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:17:01 honeypot-ams-1 CRON[8192]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T11:17:02.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:18:01 honeypot-fra-1 sshd[32584]: Received disconnect from 206.81.15.128 port 33050:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:18:01.575Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:21:42 honeypot-ams-1 sshd[8196]: Invalid user eurek from 179.60.147.69 port 60242","@timestamp":"2022-09-19T11:21:42.693Z"}
{"@timestamp":"2022-09-19T11:23:56.386Z","@version":"1","message":"Sep 19 11:23:55 honeypot-sgp-1 sshd[1276]: ssh_dispatch_run_fatal: Connection from 136.52.13.251 port 36629: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:00 honeypot-ams-1 sshd[8200]: Disconnected from authenticating user root 179.86.56.96 port 48123 [preauth]","@timestamp":"2022-09-19T11:25:00.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:05 honeypot-ams-1 sshd[8207]: Received disconnect from 179.86.56.96 port 48279:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:05.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:10 honeypot-ams-1 sshd[8213]: Received disconnect from 179.86.56.96 port 48433:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:11.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:15 honeypot-ams-1 sshd[8219]: Invalid user tuxedo from 193.106.191.157 port 60508","@timestamp":"2022-09-19T11:25:15.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:19 honeypot-ams-1 sshd[8225]: Disconnected from authenticating user root 179.86.56.96 port 48679 [preauth]","@timestamp":"2022-09-19T11:25:20.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:25 honeypot-ams-1 sshd[8231]: Disconnected from authenticating user root 179.86.56.96 port 48822 [preauth]","@timestamp":"2022-09-19T11:25:25.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:30 honeypot-ams-1 sshd[8237]: Received disconnect from 179.86.56.96 port 48958:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:30.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:35 honeypot-ams-1 sshd[8243]: Received disconnect from 179.86.56.96 port 49109:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:36.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:41 honeypot-ams-1 sshd[8249]: Received disconnect from 179.86.56.96 port 49256:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:41.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:46 honeypot-ams-1 sshd[8255]: Received disconnect from 179.86.56.96 port 49399:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:46.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:51 honeypot-ams-1 sshd[8261]: Received disconnect from 179.86.56.96 port 49545:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:51.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:57 honeypot-ams-1 sshd[8267]: Received disconnect from 179.86.56.96 port 49714:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:57.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:02 honeypot-ams-1 sshd[8273]: Invalid user admin from 179.86.56.96 port 49852","@timestamp":"2022-09-19T11:26:02.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:05 honeypot-ams-1 sshd[8277]: Invalid user admin from 179.86.56.96 port 49963","@timestamp":"2022-09-19T11:26:05.827Z"}
{"@timestamp":"2022-09-19T11:26:09.440Z","@version":"1","message":"Sep 19 11:26:08 honeypot-sgp-1 sshd[1282]: Disconnected from 206.189.197.134 port 59444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:09 honeypot-ams-1 sshd[8281]: Invalid user admin from 179.86.56.96 port 50070","@timestamp":"2022-09-19T11:26:09.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:12 honeypot-ams-1 sshd[8285]: Invalid user admin from 179.86.56.96 port 50165","@timestamp":"2022-09-19T11:26:13.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:16 honeypot-ams-1 sshd[8289]: Invalid user admin from 179.86.56.96 port 50277","@timestamp":"2022-09-19T11:26:16.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:20 honeypot-ams-1 sshd[8293]: Invalid user user from 179.86.56.96 port 50380","@timestamp":"2022-09-19T11:26:20.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:23 honeypot-ams-1 sshd[8297]: Disconnected from authenticating user root 179.86.56.96 port 50478 [preauth]","@timestamp":"2022-09-19T11:26:23.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:27 honeypot-ams-1 sshd[8301]: Disconnected from invalid user pi 179.86.56.96 port 50595 [preauth]","@timestamp":"2022-09-19T11:26:27.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:31 honeypot-ams-1 sshd[8305]: Disconnected from invalid user ethos 179.86.56.96 port 50698 [preauth]","@timestamp":"2022-09-19T11:26:31.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:34 honeypot-ams-1 sshd[8309]: Disconnected from invalid user miner 179.86.56.96 port 50802 [preauth]","@timestamp":"2022-09-19T11:26:34.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:38 honeypot-ams-1 sshd[8313]: Disconnected from invalid user volumio 179.86.56.96 port 50910 [preauth]","@timestamp":"2022-09-19T11:26:38.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:41 honeypot-ams-1 sshd[8317]: Disconnected from invalid user nagios 179.86.56.96 port 51007 [preauth]","@timestamp":"2022-09-19T11:26:42.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:45 honeypot-ams-1 sshd[8321]: Disconnected from invalid user vagrant 179.86.56.96 port 51111 [preauth]","@timestamp":"2022-09-19T11:26:45.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:49 honeypot-ams-1 sshd[8325]: Disconnected from invalid user debian 179.86.56.96 port 51226 [preauth]","@timestamp":"2022-09-19T11:26:49.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:52 honeypot-ams-1 sshd[8329]: Disconnected from invalid user debian 179.86.56.96 port 51321 [preauth]","@timestamp":"2022-09-19T11:26:52.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:56 honeypot-ams-1 sshd[8333]: Disconnected from invalid user alarm 179.86.56.96 port 51428 [preauth]","@timestamp":"2022-09-19T11:26:56.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:59 honeypot-ams-1 sshd[8337]: Received disconnect from 179.86.56.96 port 51515:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:59.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:27:03 honeypot-ams-1 sshd[8341]: Received disconnect from 179.86.56.96 port 51612:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:27:03.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:31:01 honeypot-fra-1 kernel: [84461465.611076] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=16605 PROTO=TCP SPT=47003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:31:01.856Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:36:44 honeypot-fra-1 sshd[32593]: Disconnected from authenticating user proxy 171.244.139.236 port 28365 [preauth]","@timestamp":"2022-09-19T11:36:44.984Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:36:55 honeypot-ams-1 sshd[8346]: Disconnected from authenticating user root 103.92.26.252 port 34450 [preauth]","@timestamp":"2022-09-19T11:36:56.137Z"}
{"@timestamp":"2022-09-19T11:38:29.735Z","@version":"1","message":"Sep 19 11:38:29 honeypot-sgp-1 sshd[1294]: Invalid user lancelot from 119.159.226.140 port 39610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:41:14 honeypot-ams-1 sshd[8352]: Connection closed by invalid user tuxedo 193.106.191.157 port 43074 [preauth]","@timestamp":"2022-09-19T11:41:15.261Z"}
{"@timestamp":"2022-09-19T11:41:44.815Z","@version":"1","message":"Sep 19 11:41:44 honeypot-sgp-1 sshd[1299]: Invalid user support from 92.255.85.70 port 60856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:42:59 honeypot-fra-1 sshd[32598]: Disconnected from authenticating user root 167.172.246.83 port 55554 [preauth]","@timestamp":"2022-09-19T11:43:00.123Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:44:25 honeypot-ams-1 sshd[8357]: Invalid user continuum from 207.254.224.220 port 45660","@timestamp":"2022-09-19T11:44:26.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:46:43 honeypot-fra-1 kernel: [84462407.592590] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=3751 PROTO=TCP SPT=41436 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:46:44.210Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:46:49 honeypot-ams-1 sshd[8359]: Disconnected from invalid user support 92.255.85.70 port 63810 [preauth]","@timestamp":"2022-09-19T11:46:49.414Z"}
{"@timestamp":"2022-09-19T11:48:17.972Z","@version":"1","message":"Sep 19 11:48:17 honeypot-sgp-1 sshd[1308]: Disconnected from authenticating user root 218.92.0.221 port 12456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:52:35 honeypot-ams-1 kernel: [84464934.787506] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=13.250.8.70 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=6883 DF PROTO=TCP SPT=34852 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:52:36.568Z"}
{"@timestamp":"2022-09-19T11:55:23.145Z","@version":"1","message":"Sep 19 11:55:22 honeypot-sgp-1 sshd[1319]: Invalid user teamspeak from 107.173.156.9 port 46126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:55:36 honeypot-fra-1 sshd[32608]: Connection closed by invalid user apc 179.60.147.69 port 13266 [preauth]","@timestamp":"2022-09-19T11:55:37.422Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:56:04.163Z","@version":"1","message":"Sep 19 11:56:04 honeypot-sgp-1 sshd[1323]: Connection closed by invalid user pi 88.162.54.93 port 14776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:57:29.199Z","@version":"1","message":"Sep 19 11:57:28 honeypot-sgp-1 sshd[1327]: Disconnected from invalid user zacc123 165.154.233.87 port 35498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:57:47 honeypot-ams-1 sshd[8369]: Invalid user apc from 179.60.147.69 port 33652","@timestamp":"2022-09-19T11:57:48.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:00:51 honeypot-ams-1 sshd[8374]: Received disconnect from 104.236.237.117 port 35171:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:00:51.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:04:03 honeypot-fra-1 sshd[32614]: Disconnected from invalid user tiago 137.184.225.163 port 44716 [preauth]","@timestamp":"2022-09-19T12:04:03.604Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:05:56.405Z","@version":"1","message":"Sep 19 12:05:55 honeypot-sgp-1 kernel: [84465257.085925] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.235.248.220 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=9469 DF PROTO=TCP SPT=49909 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:09:20.489Z","@version":"1","message":"Sep 19 12:09:19 honeypot-sgp-1 sshd[1337]: Received disconnect from 103.221.223.252 port 48288:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:10:39.525Z","@version":"1","message":"Sep 19 12:10:38 honeypot-sgp-1 kernel: [84465540.177416] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=245 ID=62817 PROTO=TCP SPT=6785 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:12:25 honeypot-fra-1 sshd[32618]: Disconnected from invalid user array 92.255.85.70 port 44518 [preauth]","@timestamp":"2022-09-19T12:12:25.794Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:12:49 honeypot-ams-1 kernel: [84466148.919442] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=16435 PROTO=TCP SPT=47965 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:12:50.104Z"}
{"@timestamp":"2022-09-19T12:16:56.678Z","@version":"1","message":"Sep 19 12:16:56 honeypot-sgp-1 sshd[1349]: Invalid user array from 92.255.85.70 port 28352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:17:01 honeypot-ams-1 CRON[8384]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T12:17:02.217Z"}
{"@timestamp":"2022-09-19T12:17:39.698Z","@version":"1","message":"Sep 19 12:17:39 honeypot-sgp-1 sshd[1354]: Disconnected from authenticating user root 61.177.172.104 port 17800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:22:23 honeypot-fra-1 kernel: [84464547.317411] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=90 TOS=0x00 PREC=0x00 TTL=250 ID=35971 PROTO=TCP SPT=24255 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:22:24.017Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:22:52 honeypot-ams-1 sshd[8390]: Received disconnect from 167.99.241.178 port 42088:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:22:53.392Z"}
{"@timestamp":"2022-09-19T12:23:02.828Z","@version":"1","message":"Sep 19 12:23:02 honeypot-sgp-1 sshd[1361]: Received disconnect from 61.177.173.53 port 54444:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:31:22 honeypot-fra-1 sshd[32631]: Invalid user virl from 188.166.153.99 port 34858","@timestamp":"2022-09-19T12:31:23.220Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:31:33 honeypot-ams-1 kernel: [84467272.706723] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=55643 PROTO=TCP SPT=53829 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:31:34.618Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:34:27 honeypot-ams-1 kernel: [84467446.800191] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=29556 PROTO=TCP SPT=52378 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:34:28.698Z"}
{"@timestamp":"2022-09-19T12:35:55.138Z","@version":"1","message":"Sep 19 12:35:54 honeypot-sgp-1 sshd[1372]: Received disconnect from 61.177.173.36 port 52756:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:40:49 honeypot-fra-1 sshd[32636]: Received disconnect from 92.255.85.69 port 26164:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:40:50.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:46:27.395Z","@version":"1","message":"Sep 19 12:46:27 honeypot-sgp-1 sshd[1383]: Disconnected from authenticating user root 218.92.0.221 port 23179 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:38 honeypot-fra-1 sshd[32642]: Invalid user user from 45.61.184.204 port 47066","@timestamp":"2022-09-19T12:46:38.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:57 honeypot-fra-1 sshd[32646]: Invalid user user from 45.61.184.204 port 42112","@timestamp":"2022-09-19T12:46:58.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:16 honeypot-fra-1 sshd[32650]: Invalid user user from 45.61.184.204 port 37210","@timestamp":"2022-09-19T12:47:17.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:36 honeypot-fra-1 sshd[32654]: Invalid user user from 45.61.184.204 port 60568","@timestamp":"2022-09-19T12:47:36.609Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:54:20 honeypot-ams-1 sshd[8419]: Invalid user chiaping from 128.199.71.153 port 43782","@timestamp":"2022-09-19T12:54:21.214Z"}
{"@timestamp":"2022-09-19T12:55:30.616Z","@version":"1","message":"Sep 19 12:55:30 honeypot-sgp-1 sshd[1393]: Received disconnect from 61.177.172.108 port 59509:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:57:15.662Z","@version":"1","message":"Sep 19 12:57:15 honeypot-sgp-1 sshd[1395]: Disconnected from authenticating user root 61.177.173.47 port 24088 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:00:25 honeypot-ams-1 kernel: [84469004.437237] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=63872 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:00:26.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:01:23 honeypot-fra-1 kernel: [84466887.241672] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.27.127 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=32209 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:01:23.911Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:03:49 honeypot-ams-1 kernel: [84469207.968235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.214.176.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=10359 PROTO=TCP SPT=23213 DPT=443 WINDOW=35655 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:03:49.470Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:04:18 honeypot-fra-1 sshd[32661]: Received disconnect from 165.22.45.108 port 49356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:04:18.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:07:54 honeypot-fra-1 sshd[32665]: Connection closed by authenticating user root 179.60.147.69 port 37800 [preauth]","@timestamp":"2022-09-19T13:07:55.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:09:38.957Z","@version":"1","message":"Sep 19 13:09:38 honeypot-sgp-1 kernel: [84469080.396009] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=1689 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:12:24 honeypot-fra-1 sshd[32670]: Disconnected from authenticating user root 92.255.85.69 port 39772 [preauth]","@timestamp":"2022-09-19T13:12:25.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:14:08 honeypot-ams-1 sshd[8430]: Invalid user admin from 115.142.244.230 port 59648","@timestamp":"2022-09-19T13:14:09.744Z"}
{"@timestamp":"2022-09-19T13:17:02.134Z","@version":"1","message":"Sep 19 13:17:01 honeypot-sgp-1 CRON[1412]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:17:22 honeypot-ams-1 sshd[8436]: Received disconnect from 92.255.85.69 port 52236:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:17:22.855Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:19:26 honeypot-ams-1 kernel: [84470144.999660] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.27.192 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12401 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:19:26.912Z"}
{"@timestamp":"2022-09-19T13:20:50.248Z","@version":"1","message":"Sep 19 13:20:49 honeypot-sgp-1 sshd[1421]: Disconnected from authenticating user root 104.131.45.150 port 53352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:42 honeypot-fra-1 sshd[32677]: Connection closed by invalid user admin 128.199.160.207 port 54692 [preauth]","@timestamp":"2022-09-19T13:26:42.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:45 honeypot-fra-1 sshd[32683]: Connection closed by invalid user admin 128.199.160.207 port 54704 [preauth]","@timestamp":"2022-09-19T13:26:45.499Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:29:34.466Z","@version":"1","message":"Sep 19 13:29:33 honeypot-sgp-1 kernel: [84470275.129854] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46596 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:30:58 honeypot-ams-1 sshd[8448]: Invalid user doydoy from 200.42.176.235 port 43642","@timestamp":"2022-09-19T13:30:59.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:02 honeypot-ams-1 sshd[8453]: Disconnected from authenticating user root 95.251.178.212 port 60416 [preauth]","@timestamp":"2022-09-19T13:32:03.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:04 honeypot-ams-1 sshd[8459]: Received disconnect from 95.251.178.212 port 60480:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:04.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:05 honeypot-ams-1 sshd[8465]: Received disconnect from 95.251.178.212 port 60518:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:05.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:06 honeypot-ams-1 sshd[8471]: Received disconnect from 95.251.178.212 port 60596:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:06.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:07 honeypot-ams-1 sshd[8477]: Received disconnect from 95.251.178.212 port 60634:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:08.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:08 honeypot-ams-1 sshd[8483]: Received disconnect from 95.251.178.212 port 60670:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:09.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:09 honeypot-ams-1 sshd[8489]: Received disconnect from 95.251.178.212 port 60712:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:10.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:10 honeypot-ams-1 sshd[8495]: Received disconnect from 95.251.178.212 port 60740:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:11.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:11 honeypot-ams-1 sshd[8501]: Received disconnect from 95.251.178.212 port 60768:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:12.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:12 honeypot-ams-1 sshd[8507]: Received disconnect from 95.251.178.212 port 32828:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:13.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:13 honeypot-ams-1 sshd[8513]: Received disconnect from 95.251.178.212 port 32900:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:14.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:14 honeypot-ams-1 sshd[8519]: Received disconnect from 95.251.178.212 port 32944:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:15.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:15 honeypot-ams-1 sshd[8523]: Disconnected from invalid user admin 95.251.178.212 port 32972 [preauth]","@timestamp":"2022-09-19T13:32:16.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:16 honeypot-ams-1 sshd[8527]: Disconnected from invalid user admin 95.251.178.212 port 33030 [preauth]","@timestamp":"2022-09-19T13:32:17.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8531]: Disconnected from invalid user admin 95.251.178.212 port 33046 [preauth]","@timestamp":"2022-09-19T13:32:17.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8535]: Disconnected from invalid user admin 95.251.178.212 port 33068 [preauth]","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8539]: Disconnected from invalid user admin 95.251.178.212 port 33090 [preauth]","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:19 honeypot-ams-1 sshd[8543]: Disconnected from invalid user user 95.251.178.212 port 33126 [preauth]","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:20 honeypot-ams-1 sshd[8549]: Received disconnect from 95.251.178.212 port 33154:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:21.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8554]: Received disconnect from 95.251.178.212 port 33170:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:21.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8559]: Invalid user mine from 95.251.178.212 port 33194","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8561]: Received disconnect from 95.251.178.212 port 33208:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8565]: Received disconnect from 95.251.178.212 port 33482:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:23.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:23 honeypot-ams-1 sshd[8569]: Received disconnect from 95.251.178.212 port 33518:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:24.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:24 honeypot-ams-1 sshd[8573]: Received disconnect from 95.251.178.212 port 33554:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8577]: Received disconnect from 95.251.178.212 port 33572:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8581]: Received disconnect from 95.251.178.212 port 33636:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8585]: Received disconnect from 95.251.178.212 port 33660:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:27.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:27 honeypot-ams-1 sshd[8589]: Received disconnect from 95.251.178.212 port 33674:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:28.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:28 honeypot-ams-1 sshd[8593]: Received disconnect from 95.251.178.212 port 33688:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:28.263Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:35:52 honeypot-fra-1 kernel: [84468956.546006] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=10313 PROTO=TCP SPT=22556 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:35:52.701Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T13:36:11.635Z","@version":"1","message":"Sep 19 13:36:10 honeypot-sgp-1 sshd[1437]: Received disconnect from 61.177.173.39 port 18696:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:36:53 honeypot-fra-1 sshd[32691]: Received disconnect from 45.61.187.160 port 60146:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:36:53.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:15 honeypot-fra-1 sshd[32695]: Received disconnect from 45.61.187.160 port 55316:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:16.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:31 honeypot-fra-1 sshd[32700]: Invalid user user from 45.61.186.49 port 57570","@timestamp":"2022-09-19T13:37:31.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:37 honeypot-fra-1 sshd[32704]: Invalid user user from 45.61.187.160 port 50506","@timestamp":"2022-09-19T13:37:37.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:46 honeypot-fra-1 sshd[32708]: Invalid user user from 45.61.186.49 port 46282","@timestamp":"2022-09-19T13:37:46.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:40:08 honeypot-fra-1 kernel: [84469212.765614] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=60716 PROTO=TCP SPT=51970 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:40:09.810Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T13:43:06.807Z","@version":"1","message":"Sep 19 13:43:05 honeypot-sgp-1 kernel: [84471087.403439] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.88.48 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=21293 PROTO=TCP SPT=49161 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:47:17 honeypot-ams-1 kernel: [84471816.503870] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.112.169.248 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=23239 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:47:17.671Z"}
{"@timestamp":"2022-09-19T13:49:36.968Z","@version":"1","message":"Sep 19 13:49:36 honeypot-sgp-1 sshd[1450]: Disconnected from authenticating user root 61.177.173.53 port 57015 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:50:13 honeypot-fra-1 sshd[32719]: Invalid user 67890 from 128.199.184.157 port 33956","@timestamp":"2022-09-19T13:50:13.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:55:36 honeypot-ams-1 kernel: [84472315.694075] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33641 PROTO=TCP SPT=48787 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:55:36.890Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:03:49 honeypot-fra-1 kernel: [84470633.099319] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58680 PROTO=TCP SPT=55956 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:03:49.376Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:07:52 honeypot-ams-1 kernel: [84473051.671910] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.53.6.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=55036 PROTO=TCP SPT=19398 DPT=443 WINDOW=60494 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:07:53.230Z"}
{"@timestamp":"2022-09-19T14:08:21.477Z","@version":"1","message":"Sep 19 14:08:20 honeypot-sgp-1 kernel: [84472602.318868] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=53761 PROTO=TCP SPT=56216 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:10:35.535Z","@version":"1","message":"Sep 19 14:10:35 honeypot-sgp-1 sshd[1464]: Disconnected from 161.35.131.133 port 43410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:11:57.573Z","@version":"1","message":"Sep 19 14:11:56 honeypot-sgp-1 sshd[1468]: Disconnected from invalid user whater 83.56.9.96 port 59164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:44 honeypot-fra-1 sshd[32730]: error: maximum authentication attempts exceeded for root from 89.109.32.143 port 5471 ssh2 [preauth]","@timestamp":"2022-09-19T14:12:44.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:47 honeypot-fra-1 sshd[32734]: Disconnecting invalid user admin 89.109.32.143 port 6018: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:12:47.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:50 honeypot-fra-1 sshd[32738]: Disconnected from invalid user admin 89.109.32.143 port 6779 [preauth]","@timestamp":"2022-09-19T14:12:51.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:53 honeypot-fra-1 sshd[32742]: Disconnecting invalid user oracle 89.109.32.143 port 7470: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:12:54.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:56 honeypot-fra-1 sshd[32746]: Disconnecting invalid user usuario 89.109.32.143 port 8190: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:12:57.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:59 honeypot-fra-1 sshd[32750]: Disconnected from invalid user usuario 89.109.32.143 port 8966 [preauth]","@timestamp":"2022-09-19T14:13:00.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:02 honeypot-fra-1 sshd[32754]: Disconnecting invalid user test 89.109.32.143 port 9620: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:03.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:05 honeypot-fra-1 sshd[32758]: Disconnecting invalid user user 89.109.32.143 port 10233: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:06.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:09 honeypot-fra-1 sshd[32762]: Disconnected from invalid user user 89.109.32.143 port 11029 [preauth]","@timestamp":"2022-09-19T14:13:09.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:12 honeypot-fra-1 sshd[32766]: Disconnecting invalid user ftpuser 89.109.32.143 port 11809: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:12.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:15 honeypot-fra-1 sshd[302]: Disconnecting invalid user test1 89.109.32.143 port 12485: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:15.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:16 honeypot-fra-1 sshd[304]: Disconnecting invalid user test1 89.109.32.143 port 12825: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:16.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:19 honeypot-fra-1 sshd[310]: Disconnecting invalid user test2 89.109.32.143 port 13372: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:19.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:22 honeypot-fra-1 sshd[314]: Disconnected from invalid user test2 89.109.32.143 port 14181 [preauth]","@timestamp":"2022-09-19T14:13:22.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:25 honeypot-fra-1 sshd[318]: Disconnecting invalid user ubuntu 89.109.32.143 port 14811: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:25.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:28 honeypot-fra-1 sshd[322]: Received disconnect from 89.109.32.143 port 15471:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:28.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:29 honeypot-fra-1 sshd[326]: Invalid user pi from 89.109.32.143 port 16082","@timestamp":"2022-09-19T14:13:30.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:15:08 honeypot-fra-1 kernel: [84471312.432103] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51157 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:15:08.643Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T14:17:02.699Z","@version":"1","message":"Sep 19 14:17:01 honeypot-sgp-1 CRON[1477]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:17:29 honeypot-ams-1 sshd[8611]: Received disconnect from 164.92.85.159 port 32978:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:17:30.481Z"}
{"@timestamp":"2022-09-19T14:19:15.757Z","@version":"1","message":"Sep 19 14:19:15 honeypot-sgp-1 sshd[1485]: Received disconnect from 61.177.173.51 port 38836:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:20:50 honeypot-fra-1 sshd[339]: Received disconnect from 36.68.78.46 port 14734:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:20:51.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:21:56 honeypot-ams-1 sshd[8616]: Received disconnect from 92.255.85.69 port 35506:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:21:56.595Z"}
{"@timestamp":"2022-09-19T14:23:12.858Z","@version":"1","message":"Sep 19 14:23:12 honeypot-sgp-1 sshd[1490]: Invalid user user from 45.61.186.49 port 48914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:23:23.864Z","@version":"1","message":"Sep 19 14:23:23 honeypot-sgp-1 sshd[1494]: Invalid user user from 45.61.186.49 port 60398","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:24:06.884Z","@version":"1","message":"Sep 19 14:24:06 honeypot-sgp-1 kernel: [84473547.957933] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=24751 PROTO=TCP SPT=29001 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:27:14.964Z","@version":"1","message":"Sep 19 14:27:14 honeypot-sgp-1 sshd[1503]: Disconnected from authenticating user root 61.177.173.50 port 62014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:28:52 honeypot-fra-1 kernel: [84472136.179473] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=21639 DF PROTO=TCP SPT=34042 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:28:52.949Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:31:54 honeypot-ams-1 sshd[8622]: Received disconnect from 46.19.141.122 port 50742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:31:55.886Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:32:20 honeypot-ams-1 sshd[8626]: Received disconnect from 46.19.141.122 port 46204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:32:20.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:33:13 honeypot-ams-1 sshd[8630]: Disconnected from invalid user admin 46.19.141.122 port 40030 [preauth]","@timestamp":"2022-09-19T14:33:13.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:01 honeypot-ams-1 sshd[8634]: Disconnected from invalid user user 46.19.141.122 port 56692 [preauth]","@timestamp":"2022-09-19T14:34:01.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:50 honeypot-ams-1 sshd[8638]: Disconnected from invalid user pi 46.19.141.122 port 47008 [preauth]","@timestamp":"2022-09-19T14:34:50.972Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:35:45 honeypot-ams-1 sshd[8645]: Received disconnect from 46.19.141.122 port 39076:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:35:45.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:35:50 honeypot-fra-1 kernel: [84472554.182499] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=248 ID=6496 PROTO=TCP SPT=18485 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:35:51.240Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:36:43 honeypot-ams-1 sshd[8649]: Invalid user support from 46.19.141.122 port 32892","@timestamp":"2022-09-19T14:36:44.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:37:45 honeypot-ams-1 sshd[8653]: Received disconnect from 46.19.141.122 port 57650:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:37:46.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:38:51 honeypot-ams-1 sshd[8657]: Received disconnect from 46.19.141.122 port 51498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:38:52.094Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:40:36 honeypot-ams-1 sshd[8663]: Received disconnect from 46.19.141.122 port 41460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:40:37.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:41:55 honeypot-ams-1 sshd[8670]: Disconnected from authenticating user root 119.159.226.149 port 51892 [preauth]","@timestamp":"2022-09-19T14:41:56.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:42:36 honeypot-fra-1 sshd[353]: Disconnected from authenticating user root 92.255.85.69 port 35888 [preauth]","@timestamp":"2022-09-19T14:42:37.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:43:56 honeypot-ams-1 kernel: [84475215.404412] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=23801 PROTO=TCP SPT=48701 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:43:57.236Z"}
{"@timestamp":"2022-09-19T14:45:03.399Z","@version":"1","message":"Sep 19 14:45:03 honeypot-sgp-1 kernel: [84474804.478823] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=46105 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[363]: Invalid user user from 101.100.242.83 port 53580","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[368]: Invalid user admin from 101.100.242.83 port 53510","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[374]: Invalid user ftpuser from 101.100.242.83 port 53544","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[384]: Invalid user ubuntu from 101.100.242.83 port 53530","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[362]: Connection closed by invalid user vagrant 101.100.242.83 port 53568 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[366]: Connection closed by invalid user ftpadmin 101.100.242.83 port 53522 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[357]: Connection closed by invalid user admin 101.100.242.83 port 53524 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[382]: Connection closed by invalid user deploy 101.100.242.83 port 53526 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:39 honeypot-fra-1 sshd[375]: Connection closed by invalid user mc 101.100.242.83 port 53564 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:51:26 honeypot-ams-1 sshd[8680]: Disconnected from authenticating user root 92.255.85.70 port 59416 [preauth]","@timestamp":"2022-09-19T14:51:26.433Z"}
{"@timestamp":"2022-09-19T14:52:06.574Z","@version":"1","message":"Sep 19 14:52:06 honeypot-sgp-1 kernel: [84475227.934630] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=19051 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:54:01 honeypot-fra-1 sshd[422]: Connection closed by invalid user pi 91.160.19.34 port 5864 [preauth]","@timestamp":"2022-09-19T14:54:01.673Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:57:04.716Z","@version":"1","message":"Sep 19 14:57:03 honeypot-sgp-1 kernel: [84475525.259581] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44881 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:58:43 honeypot-ams-1 kernel: [84476102.759283] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=57981 PROTO=TCP SPT=59350 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:58:44.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:59:07 honeypot-ams-1 sshd[8687]: Disconnected from invalid user semira 46.101.207.32 port 33670 [preauth]","@timestamp":"2022-09-19T14:59:08.631Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:59:12 honeypot-fra-1 sshd[427]: Disconnected from invalid user liverpool 165.22.45.108 port 55242 [preauth]","@timestamp":"2022-09-19T14:59:13.797Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:00:59.815Z","@version":"1","message":"Sep 19 15:00:58 honeypot-sgp-1 sshd[1530]: Disconnected from authenticating user root 61.177.173.47 port 38349 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:09:33.024Z","@version":"1","message":"Sep 19 15:09:32 honeypot-sgp-1 sshd[1539]: Received disconnect from 61.177.173.35 port 47030:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:12:54.111Z","@version":"1","message":"Sep 19 15:12:53 honeypot-sgp-1 kernel: [84476475.060051] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.90 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5149 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:15:21 honeypot-fra-1 sshd[436]: Invalid user squid from 92.255.85.70 port 35072","@timestamp":"2022-09-19T15:15:22.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:17:01 honeypot-ams-1 CRON[8692]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T15:17:02.095Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:17:01 honeypot-fra-1 CRON[441]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T15:17:02.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:17:02.216Z","@version":"1","message":"Sep 19 15:17:01 honeypot-sgp-1 CRON[1548]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:18:55.264Z","@version":"1","message":"Sep 19 15:18:54 honeypot-sgp-1 sshd[1557]: Received disconnect from 118.27.25.96 port 56210:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:24:33.401Z","@version":"1","message":"Sep 19 15:24:32 honeypot-sgp-1 sshd[1562]: Disconnected from authenticating user root 61.177.173.53 port 44479 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:30:56.560Z","@version":"1","message":"Sep 19 15:30:56 honeypot-sgp-1 kernel: [84477557.419374] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=5629 PROTO=TCP SPT=29565 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:32:25.599Z","@version":"1","message":"Sep 19 15:32:24 honeypot-sgp-1 sshd[1573]: Disconnected from invalid user citasa 112.65.128.90 port 42562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:33:29 honeypot-ams-1 sshd[8698]: Received disconnect from 189.178.6.78 port 33692:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:33:29.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:33:59 honeypot-fra-1 kernel: [84476042.628480] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43979 PROTO=TCP SPT=47894 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:33:59.607Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:34:51.679Z","@version":"1","message":"Sep 19 15:34:51 honeypot-sgp-1 sshd[1577]: Disconnected from invalid user xnq 41.85.251.8 port 52152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:42:21 honeypot-ams-1 kernel: [84478719.975763] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.164.20.156 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=38343 PROTO=TCP SPT=43976 DPT=80 WINDOW=40440 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:42:21.766Z"}
{"@timestamp":"2022-09-19T15:43:26.884Z","@version":"1","message":"Sep 19 15:43:26 honeypot-sgp-1 sshd[1585]: Received disconnect from 61.177.173.35 port 48408:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:44:14 honeypot-fra-1 sshd[450]: Connection closed by invalid user admin 141.98.10.158 port 58836 [preauth]","@timestamp":"2022-09-19T15:44:14.840Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:45:20.931Z","@version":"1","message":"Sep 19 15:45:19 honeypot-sgp-1 sshd[1589]: Disconnected from invalid user monitor 128.199.82.76 port 60784 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:47:46 honeypot-ams-1 kernel: [84479045.827702] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=54953 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:47:47.915Z"}
{"@timestamp":"2022-09-19T15:48:11.002Z","@version":"1","message":"Sep 19 15:48:10 honeypot-sgp-1 sshd[1596]: Received disconnect from 45.61.186.249 port 52260:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:30.012Z","@version":"1","message":"Sep 19 15:48:29 honeypot-sgp-1 sshd[1601]: Received disconnect from 45.61.186.249 port 46560:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:49.022Z","@version":"1","message":"Sep 19 15:48:48 honeypot-sgp-1 sshd[1605]: Received disconnect from 45.61.186.249 port 40944:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:58.026Z","@version":"1","message":"Sep 19 15:48:57 honeypot-sgp-1 sshd[1609]: Disconnected from invalid user user 45.61.186.249 port 52232 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:49:32.043Z","@version":"1","message":"Sep 19 15:49:31 honeypot-sgp-1 kernel: [84478673.322433] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.236.147.154 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=109 ID=61355 PROTO=TCP SPT=17340 DPT=80 WINDOW=15778 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:52:07.108Z","@version":"1","message":"Sep 19 15:52:06 honeypot-sgp-1 sshd[1620]: Received disconnect from 139.59.248.243 port 56828:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:52:57.130Z","@version":"1","message":"Sep 19 15:52:56 honeypot-sgp-1 sshd[1624]: Disconnected from 61.177.173.51 port 50701 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:53:02 honeypot-fra-1 sshd[456]: Disconnected from invalid user medias 13.76.166.169 port 35824 [preauth]","@timestamp":"2022-09-19T15:53:02.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:53:21 honeypot-ams-1 kernel: [84479380.451374] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=110.93.226.143 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=15075 PROTO=TCP SPT=23888 DPT=80 WINDOW=27488 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:53:22.065Z"}
{"@timestamp":"2022-09-19T15:55:47.219Z","@version":"1","message":"Sep 19 15:55:46 honeypot-sgp-1 sshd[1630]: Disconnected from invalid user watchthestate 118.101.192.62 port 60656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:56:21 honeypot-fra-1 sshd[460]: Disconnected from authenticating user root 154.92.18.35 port 55323 [preauth]","@timestamp":"2022-09-19T15:56:22.110Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:01:03 honeypot-ams-1 sshd[8711]: Received disconnect from 191.242.105.133 port 39854:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:01:03.276Z"}
{"@timestamp":"2022-09-19T16:01:39.361Z","@version":"1","message":"Sep 19 16:01:38 honeypot-sgp-1 sshd[1641]: Received disconnect from 188.157.24.174 port 42290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:07:43.507Z","@version":"1","message":"Sep 19 16:07:43 honeypot-sgp-1 sshd[1646]: Invalid user amx from 179.60.147.69 port 37678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:07:47 honeypot-ams-1 kernel: [84480246.217428] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=85 TOS=0x00 PREC=0x00 TTL=252 ID=12283 PROTO=TCP SPT=32679 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:07:47.453Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:08:49 honeypot-fra-1 sshd[467]: Invalid user amx from 179.60.147.69 port 29708","@timestamp":"2022-09-19T16:08:50.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:12:13 honeypot-ams-1 sshd[8722]: Disconnected from authenticating user root 61.177.173.52 port 23030 [preauth]","@timestamp":"2022-09-19T16:12:13.572Z"}
{"@timestamp":"2022-09-19T16:17:02.732Z","@version":"1","message":"Sep 19 16:17:01 honeypot-sgp-1 CRON[1652]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:21.742Z","@version":"1","message":"Sep 19 16:17:21 honeypot-sgp-1 sshd[1657]: Received disconnect from 45.61.187.160 port 44828:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:40.751Z","@version":"1","message":"Sep 19 16:17:40 honeypot-sgp-1 sshd[1661]: Received disconnect from 45.61.187.160 port 39328:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:59.761Z","@version":"1","message":"Sep 19 16:17:59 honeypot-sgp-1 sshd[1665]: Received disconnect from 45.61.187.160 port 33820:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:18:31 honeypot-fra-1 sshd[476]: Did not receive identification string from 221.2.93.118 port 39828","@timestamp":"2022-09-19T16:18:31.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:19:51 honeypot-ams-1 sshd[8730]: Received disconnect from 92.255.85.70 port 29072:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:19:52.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:21:05 honeypot-fra-1 kernel: [84478869.417809] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=58650 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:21:06.682Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:25:13 honeypot-fra-1 kernel: [84479117.127189] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51639 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:25:13.774Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T16:25:51.948Z","@version":"1","message":"Sep 19 16:25:50 honeypot-sgp-1 sshd[1670]: Received disconnect from 37.194.206.12 port 38192:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:27:56.000Z","@version":"1","message":"Sep 19 16:27:55 honeypot-sgp-1 sshd[1674]: Disconnected from invalid user ubnt 222.117.98.91 port 46954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:28:23 honeypot-ams-1 kernel: [84481482.519310] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55643 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:28:24.000Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:50 honeypot-ams-1 sshd[8745]: Invalid user ubnt from 98.40.14.28 port 37134","@timestamp":"2022-09-19T16:29:51.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:53 honeypot-ams-1 sshd[8749]: Disconnected from authenticating user root 98.40.14.28 port 37260 [preauth]","@timestamp":"2022-09-19T16:29:54.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:56 honeypot-ams-1 sshd[8755]: Disconnected from authenticating user root 98.40.14.28 port 37480 [preauth]","@timestamp":"2022-09-19T16:29:57.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:59 honeypot-ams-1 sshd[8761]: Disconnected from authenticating user root 98.40.14.28 port 37692 [preauth]","@timestamp":"2022-09-19T16:30:00.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:02 honeypot-ams-1 sshd[8767]: Disconnected from authenticating user root 98.40.14.28 port 37874 [preauth]","@timestamp":"2022-09-19T16:30:03.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:05 honeypot-ams-1 sshd[8773]: Disconnected from authenticating user root 98.40.14.28 port 38124 [preauth]","@timestamp":"2022-09-19T16:30:06.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:08 honeypot-ams-1 sshd[8779]: Disconnected from authenticating user root 98.40.14.28 port 38372 [preauth]","@timestamp":"2022-09-19T16:30:09.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:11 honeypot-ams-1 sshd[8785]: Disconnected from authenticating user root 98.40.14.28 port 38542 [preauth]","@timestamp":"2022-09-19T16:30:12.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:14 honeypot-ams-1 sshd[8791]: Disconnected from authenticating user root 98.40.14.28 port 38710 [preauth]","@timestamp":"2022-09-19T16:30:15.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:18 honeypot-ams-1 sshd[8797]: Disconnected from authenticating user root 98.40.14.28 port 38896 [preauth]","@timestamp":"2022-09-19T16:30:19.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:21 honeypot-ams-1 sshd[8803]: Received disconnect from 98.40.14.28 port 39132:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:22.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:23 honeypot-ams-1 sshd[8807]: Received disconnect from 98.40.14.28 port 39240:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:24.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:25 honeypot-ams-1 sshd[8811]: Received disconnect from 98.40.14.28 port 39376:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:26.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:27 honeypot-ams-1 sshd[8815]: Received disconnect from 98.40.14.28 port 39458:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:27.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:29 honeypot-ams-1 sshd[8819]: Received disconnect from 98.40.14.28 port 39626:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:29.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:31 honeypot-ams-1 sshd[8823]: Received disconnect from 98.40.14.28 port 39786:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:32.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:33 honeypot-ams-1 sshd[8829]: Invalid user pi from 98.40.14.28 port 40044","@timestamp":"2022-09-19T16:30:34.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:35 honeypot-ams-1 sshd[8833]: Invalid user baikal from 98.40.14.28 port 40160","@timestamp":"2022-09-19T16:30:36.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:37 honeypot-ams-1 sshd[8837]: Invalid user xbmc from 98.40.14.28 port 40270","@timestamp":"2022-09-19T16:30:38.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:39 honeypot-ams-1 sshd[8841]: Invalid user oracle from 98.40.14.28 port 40386","@timestamp":"2022-09-19T16:30:40.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:41 honeypot-ams-1 sshd[8845]: Invalid user postgres from 98.40.14.28 port 40502","@timestamp":"2022-09-19T16:30:42.081Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:44 honeypot-ams-1 sshd[8850]: Invalid user support from 98.40.14.28 port 40604","@timestamp":"2022-09-19T16:30:45.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:46 honeypot-ams-1 sshd[8854]: Invalid user ubuntu from 98.40.14.28 port 40788","@timestamp":"2022-09-19T16:30:47.085Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:48 honeypot-ams-1 sshd[8858]: Invalid user ubuntu from 98.40.14.28 port 40914","@timestamp":"2022-09-19T16:30:49.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:50 honeypot-ams-1 sshd[8862]: Invalid user guest from 98.40.14.28 port 41018","@timestamp":"2022-09-19T16:30:51.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:52 honeypot-ams-1 sshd[8866]: Invalid user cirros from 98.40.14.28 port 41150","@timestamp":"2022-09-19T16:30:53.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:34:43 honeypot-ams-1 sshd[8870]: Received disconnect from 61.177.173.35 port 53165:11:  [preauth]","@timestamp":"2022-09-19T16:34:44.186Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:36:23 honeypot-fra-1 kernel: [84479787.370641] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=41.79.234.173 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=63948 PROTO=TCP SPT=32768 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:36:24.035Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:38:45 honeypot-ams-1 kernel: [84482104.066003] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=36027 PROTO=TCP SPT=37039 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:38:45.294Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:38:59 honeypot-fra-1 kernel: [84479942.541480] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5914 PROTO=TCP SPT=43995 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:38:59.096Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T16:43:07.361Z","@version":"1","message":"Sep 19 16:43:06 honeypot-sgp-1 sshd[1678]: Invalid user hacluster from 92.255.85.70 port 39678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:45:04 honeypot-fra-1 sshd[518]: Received disconnect from 186.109.86.184 port 41722:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:45:05.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:45:29 honeypot-ams-1 sshd[8884]: Received disconnect from 61.177.173.51 port 16753:11:  [preauth]","@timestamp":"2022-09-19T16:45:29.473Z"}
{"@timestamp":"2022-09-19T16:47:05.459Z","@version":"1","message":"Sep 19 16:47:05 honeypot-sgp-1 sshd[1683]: Received disconnect from 47.181.159.172 port 40294:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:51:47 honeypot-ams-1 kernel: [84482886.122103] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52321 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:51:47.643Z"}
{"@timestamp":"2022-09-19T16:51:51.575Z","@version":"1","message":"Sep 19 16:51:51 honeypot-sgp-1 kernel: [84482412.771296] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=115.84.178.83 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45470 PROTO=TCP SPT=43482 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:52:42.598Z","@version":"1","message":"Sep 19 16:52:41 honeypot-sgp-1 sshd[1690]: Received disconnect from 162.19.64.25 port 43564:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:54:30 honeypot-fra-1 sshd[521]: Invalid user liwei from 165.22.45.108 port 32898","@timestamp":"2022-09-19T16:54:30.441Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:54:44.648Z","@version":"1","message":"Sep 19 16:54:43 honeypot-sgp-1 sshd[1694]: Received disconnect from 89.250.148.154 port 56232:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:56:48 honeypot-ams-1 kernel: [84483186.832990] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52861 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:56:48.779Z"}
{"@timestamp":"2022-09-19T16:58:25.734Z","@version":"1","message":"Sep 19 16:58:25 honeypot-sgp-1 kernel: [84482806.877078] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=194.169.217.240 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=2422 DF PROTO=TCP SPT=29867 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:01:31 honeypot-ams-1 sshd[8906]: Connection closed by invalid user pradeep 103.188.176.251 port 34220 [preauth]","@timestamp":"2022-09-19T17:01:31.907Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:04:09 honeypot-ams-1 kernel: [84483628.555850] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.159.103.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=58851 PROTO=TCP SPT=16568 DPT=80 WINDOW=37232 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:04:09.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:05:40 honeypot-fra-1 sshd[524]: Invalid user pradeep from 103.188.176.251 port 40482","@timestamp":"2022-09-19T17:05:41.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:08:30 honeypot-fra-1 kernel: [84481713.546500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.83.129.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41872 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:08:30.754Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T17:09:33.021Z","@version":"1","message":"Sep 19 17:09:32 honeypot-sgp-1 sshd[1703]: Invalid user admin from 92.255.85.70 port 15732","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:10:28 honeypot-ams-1 sshd[8919]: Disconnected from authenticating user root 61.177.173.49 port 24195 [preauth]","@timestamp":"2022-09-19T17:10:29.168Z"}
{"@timestamp":"2022-09-19T17:12:19.090Z","@version":"1","message":"Sep 19 17:12:18 honeypot-sgp-1 sshd[1708]: Invalid user admin from 137.184.48.78 port 42054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:12:54.106Z","@version":"1","message":"Sep 19 17:12:53 honeypot-sgp-1 kernel: [84483674.759183] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.89 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=52264 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:15:58 honeypot-ams-1 sshd[8926]: Disconnected from authenticating user root 61.177.173.37 port 45462 [preauth]","@timestamp":"2022-09-19T17:15:59.311Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:17:01 honeypot-fra-1 CRON[533]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T17:17:01.942Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:18:39 honeypot-ams-1 sshd[8933]: Received disconnect from 61.177.173.51 port 38048:11:  [preauth]","@timestamp":"2022-09-19T17:18:40.384Z"}
{"@timestamp":"2022-09-19T17:19:26.262Z","@version":"1","message":"Sep 19 17:19:25 honeypot-sgp-1 sshd[1718]: Disconnected from invalid user postgres 5.195.211.234 port 53438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:24:29 honeypot-ams-1 sshd[8940]: Connection closed by 193.169.255.16 port 52040 [preauth]","@timestamp":"2022-09-19T17:24:29.536Z"}
{"@timestamp":"2022-09-19T17:30:20.521Z","@version":"1","message":"Sep 19 17:30:20 honeypot-sgp-1 kernel: [84484721.743991] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=54522 PROTO=TCP SPT=48605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:33:02 honeypot-ams-1 sshd[8947]: Received disconnect from 61.177.172.90 port 31260:11:  [preauth]","@timestamp":"2022-09-19T17:33:02.757Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:33:21 honeypot-fra-1 kernel: [84483204.674357] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.16 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=16086 PROTO=TCP SPT=54356 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:33:22.301Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:37:51 honeypot-fra-1 kernel: [84483474.622482] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54572 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:37:51.401Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T17:37:57.720Z","@version":"1","message":"Sep 19 17:37:56 honeypot-sgp-1 sshd[1730]: Received disconnect from 45.61.184.204 port 53684:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:16.729Z","@version":"1","message":"Sep 19 17:38:16 honeypot-sgp-1 sshd[1734]: Received disconnect from 45.61.184.204 port 48944:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:33.736Z","@version":"1","message":"Sep 19 17:38:33 honeypot-sgp-1 sshd[1738]: Received disconnect from 45.61.184.204 port 44202:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:39:01 honeypot-ams-1 sshd[8952]: Disconnected from authenticating user root 61.177.173.36 port 25536 [preauth]","@timestamp":"2022-09-19T17:39:01.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:40:41 honeypot-ams-1 sshd[8957]: Disconnected from authenticating user root 41.85.251.8 port 59898 [preauth]","@timestamp":"2022-09-19T17:40:41.960Z"}
{"@timestamp":"2022-09-19T17:42:13.823Z","@version":"1","message":"Sep 19 17:42:12 honeypot-sgp-1 kernel: [84485434.166394] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=245 ID=24475 PROTO=TCP SPT=20559 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:45:22 honeypot-fra-1 sshd[551]: Received disconnect from 36.91.119.221 port 52488:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:45:22.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:46:43 honeypot-fra-1 kernel: [84484006.408673] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=24023 PROTO=TCP SPT=35303 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:46:43.595Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:47:06 honeypot-ams-1 kernel: [84486205.437527] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=2612 PROTO=TCP SPT=40430 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:47:07.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:48:15 honeypot-fra-1 sshd[558]: Disconnected from invalid user games1 129.205.124.253 port 40168 [preauth]","@timestamp":"2022-09-19T17:48:15.631Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[565]: Invalid user ubuntu from 57.128.11.39 port 33714","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[580]: Invalid user ubuntu from 57.128.11.39 port 33698","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[568]: Connection closed by authenticating user root 57.128.11.39 port 33766 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[562]: Invalid user oracle from 57.128.11.39 port 33704","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[572]: Connection closed by invalid user admin 57.128.11.39 port 33738 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[585]: Connection closed by invalid user ubuntu 57.128.11.39 port 33770 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[566]: Connection closed by invalid user git 57.128.11.39 port 33720 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[616]: Connection closed by authenticating user root 57.128.11.39 port 33656 [preauth]","@timestamp":"2022-09-19T17:49:52.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:50:08 honeypot-ams-1 sshd[8971]: Disconnected from authenticating user root 134.122.123.117 port 52868 [preauth]","@timestamp":"2022-09-19T17:50:09.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:51:23 honeypot-ams-1 sshd[8978]: Received disconnect from 134.122.123.117 port 35574:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:51:24.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:51:47 honeypot-ams-1 sshd[8984]: Received disconnect from 134.122.123.117 port 38732:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:51:47.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:52:34 honeypot-ams-1 sshd[8990]: Received disconnect from 134.122.123.117 port 45432:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:52:34.285Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:53:20 honeypot-ams-1 sshd[8994]: Disconnected from authenticating user root 134.122.123.117 port 52082 [preauth]","@timestamp":"2022-09-19T17:53:21.308Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:07 honeypot-ams-1 sshd[8998]: Disconnected from invalid user git 134.122.123.117 port 58818 [preauth]","@timestamp":"2022-09-19T17:54:07.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:53 honeypot-ams-1 sshd[9002]: Disconnected from invalid user oracle 134.122.123.117 port 37330 [preauth]","@timestamp":"2022-09-19T17:54:54.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:55:40 honeypot-ams-1 sshd[9006]: Disconnected from invalid user odoo 134.122.123.117 port 43918 [preauth]","@timestamp":"2022-09-19T17:55:40.374Z"}
{"@timestamp":"2022-09-19T17:55:59.140Z","@version":"1","message":"Sep 19 17:55:58 honeypot-sgp-1 sshd[1751]: Invalid user USERID from 179.60.147.69 port 38916","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:26 honeypot-ams-1 sshd[9011]: Disconnected from invalid user ec2-user 134.122.123.117 port 50564 [preauth]","@timestamp":"2022-09-19T17:56:26.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:11 honeypot-ams-1 sshd[9015]: Disconnected from invalid user ubuntu 134.122.123.117 port 57332 [preauth]","@timestamp":"2022-09-19T17:57:12.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:57 honeypot-ams-1 sshd[9021]: Invalid user spark from 134.122.123.117 port 35672","@timestamp":"2022-09-19T17:57:58.441Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:58:20 honeypot-ams-1 sshd[9024]: Disconnected from invalid user jenkins 134.122.123.117 port 38984 [preauth]","@timestamp":"2022-09-19T17:58:20.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:06 honeypot-ams-1 sshd[9028]: Received disconnect from 134.122.123.117 port 45762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:59:07.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:16 honeypot-ams-1 sshd[9032]: Connection closed by invalid user USERID 179.60.147.69 port 52962 [preauth]","@timestamp":"2022-09-19T17:59:16.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:59:33 honeypot-fra-1 sshd[624]: Received disconnect from 92.255.85.70 port 41824:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:59:33.883Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:52 honeypot-ams-1 sshd[9038]: Disconnected from invalid user svn 134.122.123.117 port 52312 [preauth]","@timestamp":"2022-09-19T17:59:53.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:20 honeypot-ams-1 sshd[9042]: Disconnected from invalid user ges 43.133.6.150 port 49718 [preauth]","@timestamp":"2022-09-19T18:00:20.515Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:01:02 honeypot-ams-1 sshd[9046]: Received disconnect from 134.122.123.117 port 34098:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:01:03.537Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:04:34 honeypot-ams-1 kernel: [84487253.159990] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.142.27.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36397 PROTO=TCP SPT=44202 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:04:34.629Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:06:30 honeypot-fra-1 kernel: [84485193.709430] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57023 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:06:31.036Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:06:53 honeypot-ams-1 sshd[9063]: Received disconnect from 61.177.173.37 port 38329:11:  [preauth]","@timestamp":"2022-09-19T18:06:53.693Z"}
{"@timestamp":"2022-09-19T18:08:11.425Z","@version":"1","message":"Sep 19 18:08:10 honeypot-sgp-1 sshd[1825]: Received disconnect from 92.255.85.69 port 42144:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:08:43 honeypot-ams-1 sshd[9069]: Disconnected from 143.110.236.239 port 47914 [preauth]","@timestamp":"2022-09-19T18:08:43.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:14:18 honeypot-fra-1 kernel: [84485661.289299] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.132 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=16525 PROTO=TCP SPT=56279 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:14:18.203Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:16:20 honeypot-ams-1 kernel: [84487959.418235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=217.77.61.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=40784 PROTO=TCP SPT=13355 DPT=80 WINDOW=539 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:16:20.945Z"}
{"@timestamp":"2022-09-19T18:17:02.633Z","@version":"1","message":"Sep 19 18:17:01 honeypot-sgp-1 CRON[1830]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:12.685Z","@version":"1","message":"Sep 19 18:19:12 honeypot-sgp-1 sshd[1835]: Disconnected from invalid user user 45.61.184.204 port 40560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:31.695Z","@version":"1","message":"Sep 19 18:19:31 honeypot-sgp-1 sshd[1839]: Disconnected from invalid user user 45.61.184.204 port 35390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:50.704Z","@version":"1","message":"Sep 19 18:19:50 honeypot-sgp-1 sshd[1843]: Disconnected from invalid user user 45.61.184.204 port 58512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:20:07.712Z","@version":"1","message":"Sep 19 18:20:07 honeypot-sgp-1 sshd[1847]: Disconnected from invalid user user 45.61.184.204 port 53332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:20:43 honeypot-ams-1 kernel: [84488222.012498] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=43837 PROTO=TCP SPT=11723 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:20:44.080Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:22:27 honeypot-fra-1 sshd[637]: Received disconnect from 177.93.51.98 port 33188:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:22:27.380Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:25:18 honeypot-ams-1 kernel: [84488497.528257] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54112 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:25:19.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:27:16 honeypot-fra-1 sshd[643]: Invalid user pot1 from 144.64.1.83 port 55446","@timestamp":"2022-09-19T18:27:16.487Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:29:36.936Z","@version":"1","message":"Sep 19 18:29:36 honeypot-sgp-1 kernel: [84488277.408296] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=47223 PROTO=TCP SPT=52114 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:31:18 honeypot-fra-1 kernel: [84486681.667230] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=84 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=16374 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-19T18:31:18.575Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:35:30 honeypot-fra-1 sshd[675]: Invalid user esuser from 101.33.218.153 port 10538","@timestamp":"2022-09-19T18:35:30.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:36:36 honeypot-ams-1 kernel: [84489175.400866] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=35351 PROTO=TCP SPT=50067 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:36:37.518Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:39:35 honeypot-fra-1 sshd[684]: Received disconnect from 51.91.35.137 port 41198:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:39:35.759Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:39:40 honeypot-ams-1 kernel: [84489359.133931] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.47.118.126 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=10745 PROTO=TCP SPT=1625 DPT=443 WINDOW=49786 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:39:40.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:39:53 honeypot-ams-1 sshd[9103]: Disconnected from invalid user user 45.61.186.249 port 44034 [preauth]","@timestamp":"2022-09-19T18:39:53.608Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:12 honeypot-ams-1 sshd[9109]: Disconnected from invalid user user 45.61.186.249 port 39012 [preauth]","@timestamp":"2022-09-19T18:40:12.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:29 honeypot-ams-1 sshd[9114]: Received disconnect from 45.61.186.249 port 34004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:40:30.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:38 honeypot-ams-1 sshd[9118]: Disconnected from invalid user user 45.61.186.249 port 45614 [preauth]","@timestamp":"2022-09-19T18:40:39.633Z"}
{"@timestamp":"2022-09-19T18:40:52.197Z","@version":"1","message":"Sep 19 18:40:51 honeypot-sgp-1 sshd[1858]: Received disconnect from 82.196.113.78 port 26016:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:42:27 honeypot-fra-1 kernel: [84487351.123910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=60767 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:42:28.825Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T18:45:17.301Z","@version":"1","message":"Sep 19 18:45:17 honeypot-sgp-1 sshd[1861]: Received disconnect from 161.35.112.155 port 49344:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:49:11 honeypot-ams-1 sshd[9126]: Disconnected from invalid user dingdong 180.250.248.169 port 49266 [preauth]","@timestamp":"2022-09-19T18:49:11.859Z"}
{"@timestamp":"2022-09-19T18:50:24.418Z","@version":"1","message":"Sep 19 18:50:23 honeypot-sgp-1 sshd[1865]: Disconnected from invalid user backups 92.255.85.70 port 44790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:50:45 honeypot-ams-1 sshd[9135]: Received disconnect from 92.255.85.70 port 41690:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:50:45.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:51:24 honeypot-fra-1 sshd[691]: Invalid user lixiaona from 165.22.45.108 port 38812","@timestamp":"2022-09-19T18:51:25.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:52:41.496Z","@version":"1","message":"Sep 19 18:52:41 honeypot-sgp-1 kernel: [84489662.192347] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64427 PROTO=TCP SPT=53455 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:54:16 honeypot-ams-1 sshd[9138]: Received disconnect from 61.177.173.47 port 63500:11:  [preauth]","@timestamp":"2022-09-19T18:54:16.996Z"}
{"@timestamp":"2022-09-19T18:55:54.572Z","@version":"1","message":"Sep 19 18:55:54 honeypot-sgp-1 sshd[1878]: Received disconnect from 191.239.116.211 port 60858:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:57:15 honeypot-ams-1 kernel: [84490414.141235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.98 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38348 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:57:16.076Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:58:14 honeypot-fra-1 kernel: [84488297.642836] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.211 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=43019 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:58:15.184Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:03:31 honeypot-fra-1 sshd[698]: Invalid user ubuntu from 46.101.123.135 port 45542","@timestamp":"2022-09-19T19:03:32.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:04:20.763Z","@version":"1","message":"Sep 19 19:04:20 honeypot-sgp-1 sshd[1881]: Disconnected from invalid user doru 102.219.33.70 port 33382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:05:18 honeypot-ams-1 sshd[9149]: Received disconnect from 61.177.172.108 port 22551:11:  [preauth]","@timestamp":"2022-09-19T19:05:18.288Z"}
{"@timestamp":"2022-09-19T19:09:14.878Z","@version":"1","message":"Sep 19 19:09:14 honeypot-sgp-1 sshd[1887]: Received disconnect from 45.61.184.204 port 42256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:09:25 honeypot-fra-1 sshd[706]: Connection closed by authenticating user root 179.60.147.69 port 15834 [preauth]","@timestamp":"2022-09-19T19:09:26.431Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:09:33.888Z","@version":"1","message":"Sep 19 19:09:32 honeypot-sgp-1 kernel: [84490674.075645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=79 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=18430 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:43.892Z","@version":"1","message":"Sep 19 19:09:43 honeypot-sgp-1 sshd[1893]: Disconnected from invalid user user 45.61.184.204 port 48794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:10:01.901Z","@version":"1","message":"Sep 19 19:10:01 honeypot-sgp-1 sshd[1897]: Disconnected from invalid user user 45.61.184.204 port 43748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:11:54 honeypot-ams-1 kernel: [84491293.108673] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.128 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=31136 PROTO=TCP SPT=39909 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:11:54.455Z"}
{"@timestamp":"2022-09-19T19:15:20.023Z","@version":"1","message":"Sep 19 19:15:19 honeypot-sgp-1 kernel: [84491020.351748] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=3980 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:17:01 honeypot-fra-1 CRON[712]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T19:17:02.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:19:12 honeypot-ams-1 sshd[9167]: Invalid user ppp from 92.255.85.70 port 16056","@timestamp":"2022-09-19T19:19:12.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:21:12 honeypot-fra-1 sshd[731]: Disconnected from invalid user mw 179.218.198.83 port 11498 [preauth]","@timestamp":"2022-09-19T19:21:12.702Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:22:20 honeypot-ams-1 sshd[9174]: Invalid user tlh from 167.99.66.74 port 59301","@timestamp":"2022-09-19T19:22:20.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:24:26 honeypot-ams-1 sshd[9176]: Disconnected from invalid user south 46.101.47.30 port 60854 [preauth]","@timestamp":"2022-09-19T19:24:26.805Z"}
{"@timestamp":"2022-09-19T19:25:14.248Z","@version":"1","message":"Sep 19 19:25:14 honeypot-sgp-1 kernel: [84491615.244295] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=81.236.158.135 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=24612 PROTO=TCP SPT=62696 DPT=80 WINDOW=60659 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:25:28 honeypot-fra-1 sshd[738]: Invalid user pi from 212.5.153.79 port 34132","@timestamp":"2022-09-19T19:25:29.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:29:24 honeypot-ams-1 kernel: [84492343.653442] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.191.50.31 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=51754 DF PROTO=TCP SPT=38648 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:29:24.941Z"}
{"@timestamp":"2022-09-19T19:36:39.508Z","@version":"1","message":"Sep 19 19:36:39 honeypot-sgp-1 sshd[1918]: Received disconnect from 167.71.48.136 port 36958:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:37:09 honeypot-fra-1 sshd[746]: Received disconnect from 162.19.74.93 port 46880:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:37:10.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:37:46 honeypot-fra-1 sshd[750]: Disconnected from authenticating user root 107.172.219.107 port 42906 [preauth]","@timestamp":"2022-09-19T19:37:47.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:39:22 honeypot-fra-1 sshd[754]: Disconnected from invalid user tamara 167.71.136.141 port 34282 [preauth]","@timestamp":"2022-09-19T19:39:23.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:41:30 honeypot-fra-1 sshd[758]: Disconnected from invalid user hr 196.223.153.253 port 45064 [preauth]","@timestamp":"2022-09-19T19:41:31.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:42:05 honeypot-ams-1 sshd[9197]: Received disconnect from 61.177.173.36 port 16950:11:  [preauth]","@timestamp":"2022-09-19T19:42:06.270Z"}
{"@timestamp":"2022-09-19T19:47:08.747Z","@version":"1","message":"Sep 19 19:47:08 honeypot-sgp-1 sshd[1927]: Invalid user default from 92.255.85.70 port 42550","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:12 honeypot-fra-1 kernel: [84491355.654140] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=6104 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:49:13.332Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[775]: Invalid user testuser from 103.164.34.122 port 56648","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[792]: Invalid user admin from 103.164.34.122 port 56714","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[769]: Connection closed by invalid user admin 103.164.34.122 port 56706 [preauth]","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[770]: Invalid user es from 103.164.34.122 port 56652","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[771]: Connection closed by invalid user admin 103.164.34.122 port 56638 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[792]: Connection closed by invalid user admin 103.164.34.122 port 56714 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[796]: Connection closed by authenticating user root 103.164.34.122 port 56668 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[790]: Connection closed by authenticating user root 103.164.34.122 port 56710 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:51:31 honeypot-ams-1 sshd[9208]: Disconnected from authenticating user root 61.177.173.50 port 48889 [preauth]","@timestamp":"2022-09-19T19:51:32.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:53:42 honeypot-ams-1 sshd[9213]: Received disconnect from 61.177.173.36 port 28312:11:  [preauth]","@timestamp":"2022-09-19T19:53:42.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:54:29 honeypot-fra-1 sshd[830]: Did not receive identification string from 185.220.103.9 port 41234","@timestamp":"2022-09-19T19:54:30.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T20:00:45.059Z","@version":"1","message":"Sep 19 20:00:44 honeypot-sgp-1 kernel: [84493745.414067] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=22516 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:05:28 honeypot-ams-1 sshd[9222]: Received disconnect from 61.177.173.47 port 42151:11:  [preauth]","@timestamp":"2022-09-19T20:05:28.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:05:52 honeypot-fra-1 sshd[836]: Disconnected from invalid user user 45.61.186.49 port 56302 [preauth]","@timestamp":"2022-09-19T20:05:52.714Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:06:02 honeypot-fra-1 sshd[840]: Disconnected from invalid user user 45.61.186.49 port 39622 [preauth]","@timestamp":"2022-09-19T20:06:03.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:08:13 honeypot-fra-1 kernel: [84492496.572469] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=86 TOS=0x00 PREC=0x00 TTL=250 ID=48890 PROTO=TCP SPT=3867 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:08:13.767Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T20:17:01.442Z","@version":"1","message":"Sep 19 20:17:01 honeypot-sgp-1 CRON[1937]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:17:01 honeypot-ams-1 CRON[9231]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T20:17:02.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:18:18 honeypot-ams-1 sshd[9236]: Received disconnect from 92.255.85.70 port 19044:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:18:19.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:21:27 honeypot-fra-1 sshd[852]: Invalid user admin from 179.60.147.69 port 24510","@timestamp":"2022-09-19T20:21:28.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[862]: Invalid user admin from 178.89.108.11 port 60154","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[875]: Invalid user admin from 178.89.108.11 port 60130","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[868]: Connection closed by invalid user test 178.89.108.11 port 60198 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[889]: Invalid user ubuntu from 178.89.108.11 port 60208","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[887]: Invalid user admin from 178.89.108.11 port 60204","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[863]: Connection closed by authenticating user root 178.89.108.11 port 60156 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[878]: Connection closed by invalid user admin 178.89.108.11 port 60144 [preauth]","@timestamp":"2022-09-19T20:26:02.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[883]: Connection closed by invalid user mysql 178.89.108.11 port 60148 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:26:31 honeypot-ams-1 kernel: [84495770.206611] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=1566 PROTO=TCP SPT=56882 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:26:32.434Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:30:24 honeypot-fra-1 kernel: [84493827.327865] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=52235 PROTO=TCP SPT=59407 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:30:25.275Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:31:03 honeypot-fra-1 sshd[923]: Disconnected from invalid user banking 45.55.44.110 port 54514 [preauth]","@timestamp":"2022-09-19T20:31:04.294Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:32:14 honeypot-ams-1 sshd[9251]: Invalid user ky from 185.17.229.65 port 36922","@timestamp":"2022-09-19T20:32:14.584Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:39:46 honeypot-ams-1 sshd[9258]: Disconnected from authenticating user root 61.177.173.47 port 17117 [preauth]","@timestamp":"2022-09-19T20:39:46.778Z"}
{"@timestamp":"2022-09-19T20:41:42.015Z","@version":"1","message":"Sep 19 20:41:41 honeypot-sgp-1 sshd[1945]: Invalid user admin from 92.255.85.70 port 17634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:45:06 honeypot-ams-1 sshd[9265]: Received disconnect from 92.255.85.70 port 62670:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:45:07.924Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:46:07 honeypot-fra-1 sshd[929]: Invalid user lixy from 165.22.45.108 port 44694","@timestamp":"2022-09-19T20:46:07.614Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:53:02 honeypot-ams-1 sshd[9276]: Received disconnect from 202.83.17.205 port 58478:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:53:02.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:54:17 honeypot-ams-1 sshd[9280]: Disconnected from invalid user planeacion 37.139.15.214 port 46374 [preauth]","@timestamp":"2022-09-19T20:54:18.163Z"}
{"@timestamp":"2022-09-19T20:55:31.330Z","@version":"1","message":"Sep 19 20:55:30 honeypot-sgp-1 sshd[1950]: Received disconnect from 161.35.112.155 port 60436:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:59:56 honeypot-ams-1 sshd[9287]: Invalid user sans from 179.60.147.69 port 25876","@timestamp":"2022-09-19T20:59:57.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:05:00 honeypot-ams-1 sshd[9297]: Disconnected from invalid user mailman 110.164.133.148 port 47160 [preauth]","@timestamp":"2022-09-19T21:05:00.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:05:03 honeypot-fra-1 sshd[935]: Invalid user 1111 from 92.255.85.69 port 39050","@timestamp":"2022-09-19T21:05:04.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T21:06:54.592Z","@version":"1","message":"Sep 19 21:06:54 honeypot-sgp-1 kernel: [84497715.106555] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=49565 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:18 honeypot-fra-1 sshd[938]: Received disconnect from 95.217.159.3 port 40042:11: Bye Bye [preauth]","@timestamp":"2022-09-19T21:07:19.090Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 02:55:38 honeypot-ams-1 sshd[29295]: Connection closed by 180.76.173.237 port 54078 [preauth]","@timestamp":"2022-09-07T02:55:39.023Z"}
{"@timestamp":"2022-09-07T02:58:11.950Z","@version":"1","message":"Sep  7 02:58:11 honeypot-sgp-1 kernel: [83395610.985996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=40012 DF PROTO=TCP SPT=65227 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:18 honeypot-fra-1 sshd[19259]: Did not receive identification string from 2.57.122.190 port 65416","@timestamp":"2022-09-07T02:58:19.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:24 honeypot-fra-1 sshd[19262]: Disconnected from invalid user pi 2.57.122.190 port 49932 [preauth]","@timestamp":"2022-09-07T02:58:25.199Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:28 honeypot-fra-1 sshd[19266]: Disconnected from invalid user ftpuser 2.57.122.190 port 50467 [preauth]","@timestamp":"2022-09-07T02:58:29.201Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:34 honeypot-fra-1 sshd[19270]: Disconnected from invalid user ftpuser 2.57.122.190 port 51301 [preauth]","@timestamp":"2022-09-07T02:58:35.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:38 honeypot-fra-1 sshd[19272]: Received disconnect from 181.48.60.50 port 35708:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:58:39.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:46 honeypot-fra-1 sshd[19278]: Received disconnect from 2.57.122.190 port 52859:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:58:47.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:58:58 honeypot-fra-1 sshd[19284]: Invalid user oracle from 2.57.122.190 port 54489","@timestamp":"2022-09-07T02:58:59.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:08 honeypot-fra-1 sshd[19288]: Received disconnect from 2.57.122.190 port 55791:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:59:09.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:16 honeypot-fra-1 sshd[19292]: Received disconnect from 2.57.122.190 port 56863:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:59:17.225Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:24 honeypot-fra-1 sshd[19296]: Received disconnect from 2.57.122.190 port 57849:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:59:24.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:31 honeypot-fra-1 sshd[19300]: Received disconnect from 92.255.85.70 port 28060:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:59:32.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 02:59:35 honeypot-fra-1 sshd[19304]: Received disconnect from 2.57.122.190 port 59392:11: Bye Bye [preauth]","@timestamp":"2022-09-07T02:59:36.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:27 honeypot-ams-1 sshd[29302]: Invalid user user from 141.255.162.226 port 51630","@timestamp":"2022-09-07T03:00:28.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:29 honeypot-ams-1 sshd[29306]: Invalid user user from 141.255.162.226 port 41674","@timestamp":"2022-09-07T03:00:30.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:32 honeypot-ams-1 sshd[29310]: Invalid user user from 141.255.162.226 port 50816","@timestamp":"2022-09-07T03:00:33.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:00:35 honeypot-ams-1 sshd[29314]: Invalid user user from 141.255.162.226 port 40870","@timestamp":"2022-09-07T03:00:36.164Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:02:20 honeypot-fra-1 sshd[19308]: Invalid user rv from 193.106.191.157 port 54306","@timestamp":"2022-09-07T03:02:21.297Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:03:03.067Z","@version":"1","message":"Sep  7 03:03:03 honeypot-sgp-1 sshd[27374]: Invalid user aerohive from 92.255.85.69 port 22710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:04:40 honeypot-ams-1 sshd[29321]: Connection closed by 180.76.173.237 port 54322 [preauth]","@timestamp":"2022-09-07T03:04:40.280Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:07:07 honeypot-fra-1 sshd[19313]: Invalid user pi from 98.128.250.169 port 35402","@timestamp":"2022-09-07T03:07:07.402Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:08:00.185Z","@version":"1","message":"Sep  7 03:07:59 honeypot-sgp-1 kernel: [83396199.082831] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34273 PROTO=TCP SPT=40048 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:10:38 honeypot-ams-1 sshd[29326]: Received disconnect from 61.177.173.52 port 55392:11:  [preauth]","@timestamp":"2022-09-07T03:10:38.441Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:13:27 honeypot-fra-1 kernel: [83394851.918904] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59229 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:13:27.541Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T03:14:54.348Z","@version":"1","message":"Sep  7 03:14:53 honeypot-sgp-1 sshd[27388]: Invalid user admin from 178.128.125.205 port 25400","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:14:54.348Z","@version":"1","message":"Sep  7 03:14:53 honeypot-sgp-1 sshd[27394]: Invalid user admin from 178.128.125.205 port 25420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:15:41 honeypot-ams-1 sshd[29335]: Invalid user private from 92.255.85.70 port 61898","@timestamp":"2022-09-07T03:15:41.577Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 03:16:35 honeypot-ams-1 kernel: [83397184.260393] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.22.101.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=15257 PROTO=TCP SPT=45496 DPT=80 WINDOW=61936 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:16:35.605Z"}
{"@timestamp":"2022-09-07T03:17:02.400Z","@version":"1","message":"Sep  7 03:17:01 honeypot-sgp-1 CRON[27397]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:17:06 honeypot-ams-1 sshd[29345]: Connection closed by invalid user  118.193.59.59 port 28830 [preauth]","@timestamp":"2022-09-07T03:17:06.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:17:25 honeypot-fra-1 sshd[19324]: Invalid user admin from 159.203.178.0 port 56380","@timestamp":"2022-09-07T03:17:25.631Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:17:27 honeypot-fra-1 sshd[19330]: Invalid user admin from 159.203.178.0 port 54666","@timestamp":"2022-09-07T03:17:27.632Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19335]: Invalid user ansible from 31.184.215.236 port 36336","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19343]: Connection closed by invalid user esuser 31.184.215.236 port 36414 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19348]: Invalid user test from 31.184.215.236 port 36372","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19336]: Connection closed by invalid user steam 31.184.215.236 port 36340 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19348]: Connection closed by invalid user test 31.184.215.236 port 36372 [preauth]","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19353]: Invalid user ec2-user from 31.184.215.236 port 36400","@timestamp":"2022-09-07T03:19:21.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19357]: Connection closed by authenticating user root 31.184.215.236 port 36370 [preauth]","@timestamp":"2022-09-07T03:19:21.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:21 honeypot-fra-1 sshd[19355]: Connection closed by invalid user ftpuser 31.184.215.236 port 36332 [preauth]","@timestamp":"2022-09-07T03:19:21.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:19:22 honeypot-fra-1 sshd[19390]: Connection closed by invalid user web 31.184.215.236 port 36380 [preauth]","@timestamp":"2022-09-07T03:19:22.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:21:35 honeypot-fra-1 sshd[19396]: Disconnected from invalid user jean 165.22.45.108 port 54734 [preauth]","@timestamp":"2022-09-07T03:21:35.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:24:29 honeypot-fra-1 sshd[19400]: Disconnected from invalid user guest1 119.167.219.132 port 48440 [preauth]","@timestamp":"2022-09-07T03:24:29.790Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:25:06.592Z","@version":"1","message":"Sep  7 03:25:06 honeypot-sgp-1 sshd[27407]: Received disconnect from 61.177.173.51 port 21608:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:29:37 honeypot-ams-1 sshd[29354]: Connection reset by 61.177.173.53 port 20381 [preauth]","@timestamp":"2022-09-07T03:29:37.940Z"}
{"@timestamp":"2022-09-07T03:36:06.870Z","@version":"1","message":"Sep  7 03:36:06 honeypot-sgp-1 sshd[27413]: Connection reset by 61.177.173.46 port 31920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:37:12 honeypot-ams-1 sshd[29368]: Invalid user Admin from 92.255.85.69 port 49862","@timestamp":"2022-09-07T03:37:13.140Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 03:39:05 honeypot-ams-1 kernel: [83398534.843377] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57329 PROTO=TCP SPT=41859 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:39:06.191Z"}
{"@timestamp":"2022-09-07T03:42:02.013Z","@version":"1","message":"Sep  7 03:42:01 honeypot-sgp-1 kernel: [83398240.668417] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=49791 PROTO=TCP SPT=41859 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:44:28 honeypot-fra-1 kernel: [83396713.461629] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45968 PROTO=TCP SPT=41859 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T03:44:29.217Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:45:33 honeypot-fra-1 sshd[19410]: Invalid user jean from 165.22.45.108 port 35620","@timestamp":"2022-09-07T03:45:33.243Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:46:31.119Z","@version":"1","message":"Sep  7 03:46:31 honeypot-sgp-1 sshd[27427]: Invalid user user from 45.61.186.249 port 44830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:46:41.125Z","@version":"1","message":"Sep  7 03:46:40 honeypot-sgp-1 sshd[27429]: Disconnected from invalid user user 45.61.186.249 port 56484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:47:01.132Z","@version":"1","message":"Sep  7 03:47:00 honeypot-sgp-1 sshd[27433]: Disconnected from invalid user user 45.61.186.249 port 51554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:47:19.140Z","@version":"1","message":"Sep  7 03:47:18 honeypot-sgp-1 sshd[27437]: Disconnected from invalid user user 45.61.186.249 port 46632 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:47:41.149Z","@version":"1","message":"Sep  7 03:47:40 honeypot-sgp-1 sshd[27444]: Disconnected from authenticating user root 12.191.116.182 port 56306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:02.157Z","@version":"1","message":"Sep  7 03:48:02 honeypot-sgp-1 sshd[27448]: Invalid user Admin from 92.255.85.69 port 41724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:24.167Z","@version":"1","message":"Sep  7 03:48:23 honeypot-sgp-1 sshd[27454]: Invalid user user from 45.61.184.204 port 52058","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:48:42.173Z","@version":"1","message":"Sep  7 03:48:41 honeypot-sgp-1 sshd[27458]: Invalid user user from 45.61.184.204 port 47442","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:49:00.181Z","@version":"1","message":"Sep  7 03:48:59 honeypot-sgp-1 sshd[27463]: Invalid user user from 45.61.184.204 port 42834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:49:47 honeypot-ams-1 sshd[29386]: Connection closed by 180.76.173.237 port 41458 [preauth]","@timestamp":"2022-09-07T03:49:47.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:49:54 honeypot-fra-1 sshd[19413]: Invalid user britney from 151.106.112.77 port 41516","@timestamp":"2022-09-07T03:49:55.341Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:51:08.229Z","@version":"1","message":"Sep  7 03:51:07 honeypot-sgp-1 sshd[27467]: Did not receive identification string from 167.99.220.160 port 36222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 03:51:37 honeypot-fra-1 sshd[19417]: Invalid user rw from 193.106.191.157 port 55976","@timestamp":"2022-09-07T03:51:38.381Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T03:52:25.262Z","@version":"1","message":"Sep  7 03:52:25 honeypot-sgp-1 sshd[27473]: Did not receive identification string from 141.255.162.226 port 52126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:52:53.275Z","@version":"1","message":"Sep  7 03:52:52 honeypot-sgp-1 sshd[27476]: Disconnected from invalid user user 141.255.162.226 port 43036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:52:56.277Z","@version":"1","message":"Sep  7 03:52:55 honeypot-sgp-1 sshd[27480]: Disconnected from invalid user user 141.255.162.226 port 34302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T03:53:31.292Z","@version":"1","message":"Sep  7 03:53:30 honeypot-sgp-1 sshd[27486]: Invalid user user from 167.99.220.160 port 56562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 03:57:48 honeypot-ams-1 sshd[29396]: Received disconnect from 61.177.173.46 port 48404:11:  [preauth]","@timestamp":"2022-09-07T03:57:48.691Z"}
{"@timestamp":"2022-09-07T04:00:34.455Z","@version":"1","message":"Sep  7 04:00:34 honeypot-sgp-1 sshd[27492]: Disconnected from authenticating user root 61.177.173.36 port 46389 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:00:39 honeypot-ams-1 sshd[29402]: Invalid user araknis from 92.255.85.69 port 37842","@timestamp":"2022-09-07T04:00:40.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:01:47 honeypot-ams-1 sshd[29404]: Received disconnect from 189.195.123.28 port 48128:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:01:47.801Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:02:12 honeypot-fra-1 sshd[19422]: Invalid user youkhanna from 178.128.104.101 port 46214","@timestamp":"2022-09-07T04:02:13.613Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:04:47 honeypot-ams-1 sshd[29408]: Received disconnect from 200.2.120.83 port 53242:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:04:47.884Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:08:13 honeypot-fra-1 sshd[19425]: Received disconnect from 92.255.85.70 port 26160:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:08:13.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:00 honeypot-fra-1 sshd[19430]: Received disconnect from 165.22.45.108 port 44712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:09:00.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:16 honeypot-fra-1 sshd[19434]: Received disconnect from 45.61.187.160 port 54878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:09:16.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:36 honeypot-fra-1 sshd[19438]: Received disconnect from 45.61.187.160 port 50108:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:09:36.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:09:57 honeypot-fra-1 sshd[19443]: Received disconnect from 45.61.187.160 port 45344:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:09:57.790Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:11:28.712Z","@version":"1","message":"Sep  7 04:11:28 honeypot-sgp-1 sshd[27502]: Invalid user araknis from 92.255.85.69 port 33422","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:14:13 honeypot-ams-1 kernel: [83400643.017161] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=102.165.48.100 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=24814 DF PROTO=TCP SPT=54258 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:14:14.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:17:01 honeypot-fra-1 CRON[19448]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T04:17:01.943Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:17:22.853Z","@version":"1","message":"Sep  7 04:17:22 honeypot-sgp-1 kernel: [83400361.460642] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.139 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=22994 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:20:59 honeypot-fra-1 sshd[19453]: Invalid user jenifer from 165.22.45.108 port 49266","@timestamp":"2022-09-07T04:21:00.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:22:11 honeypot-ams-1 kernel: [83401120.659905] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.39.220.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=35234 PROTO=TCP SPT=44465 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:22:12.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:25:20 honeypot-fra-1 sshd[19458]: Received disconnect from 31.187.76.21 port 49112:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:25:20.129Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:25:37.054Z","@version":"1","message":"Sep  7 04:25:36 honeypot-sgp-1 kernel: [83400856.150363] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=29055 DF PROTO=TCP SPT=62972 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:28:32 honeypot-ams-1 kernel: [83401501.409648] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=32154 PROTO=TCP SPT=18934 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:28:32.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:31:11 honeypot-fra-1 sshd[19463]: Received disconnect from 157.230.155.135 port 46239:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:31:12.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:33:10 honeypot-fra-1 sshd[19467]: Received disconnect from 165.22.45.108 port 53824:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:33:11.298Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:33:31.245Z","@version":"1","message":"Sep  7 04:33:31 honeypot-sgp-1 sshd[27511]: Disconnected from invalid user yokoyama 112.146.205.124 port 40984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:33:36 honeypot-ams-1 sshd[29443]: Invalid user kawasima from 213.55.79.194 port 34220","@timestamp":"2022-09-07T04:33:36.631Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:37:02 honeypot-ams-1 kernel: [83402011.731910] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65513 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:37:02.721Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:37:51 honeypot-fra-1 sshd[19470]: Connection closed by invalid user admin 103.188.176.251 port 36002 [preauth]","@timestamp":"2022-09-07T04:37:52.403Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:37:58.351Z","@version":"1","message":"Sep  7 04:37:58 honeypot-sgp-1 sshd[27518]: Received disconnect from 144.24.72.43 port 52482:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:40:04 honeypot-ams-1 sshd[29450]: Invalid user admin from 211.107.213.219 port 60372","@timestamp":"2022-09-07T04:40:04.804Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:42:04 honeypot-fra-1 sshd[19474]: Disconnected from authenticating user root 43.154.201.130 port 52428 [preauth]","@timestamp":"2022-09-07T04:42:05.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:44:50 honeypot-fra-1 sshd[19481]: Received disconnect from 196.223.151.194 port 59408:11: Bye Bye [preauth]","@timestamp":"2022-09-07T04:44:51.576Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:45:07 honeypot-ams-1 sshd[29458]: Connection closed by 180.76.173.237 port 57096 [preauth]","@timestamp":"2022-09-07T04:45:07.938Z"}
{"@timestamp":"2022-09-07T04:45:40.532Z","@version":"1","message":"Sep  7 04:45:40 honeypot-sgp-1 kernel: [83402059.216312] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=10821 DF PROTO=TCP SPT=49599 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:50:25 honeypot-fra-1 sshd[19486]: Connection closed by authenticating user root 104.255.75.199 port 60940 [preauth]","@timestamp":"2022-09-07T04:50:25.698Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 04:50:41 honeypot-ams-1 sshd[29465]: Disconnected from authenticating user root 68.183.132.72 port 49050 [preauth]","@timestamp":"2022-09-07T04:50:42.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:51:32 honeypot-fra-1 sshd[19491]: Invalid user user from 141.255.162.226 port 56590","@timestamp":"2022-09-07T04:51:32.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:51:33 honeypot-fra-1 sshd[19495]: Invalid user user from 141.255.162.226 port 55006","@timestamp":"2022-09-07T04:51:33.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T04:54:40.745Z","@version":"1","message":"Sep  7 04:54:40 honeypot-sgp-1 sshd[27524]: Received disconnect from 79.110.62.213 port 32896:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:55:00 honeypot-fra-1 kernel: [83400945.297483] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.212.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60129 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:55:01.801Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 04:57:31 honeypot-fra-1 sshd[19502]: Received disconnect from 165.22.45.108 port 34704:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T04:57:31.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 04:59:11 honeypot-ams-1 kernel: [83403340.613436] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.141.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52557 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T04:59:12.306Z"}
{"@timestamp":"2022-09-07T04:59:33.859Z","@version":"1","message":"Sep  7 04:59:33 honeypot-sgp-1 sshd[27529]: Invalid user takeda-pal from 111.67.203.234 port 36234","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T05:02:28.929Z","@version":"1","message":"Sep  7 05:02:28 honeypot-sgp-1 sshd[27534]: Connection closed by authenticating user root 103.188.176.251 port 49268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:05:25 honeypot-ams-1 sshd[29476]: Received disconnect from 45.61.187.160 port 54278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:05:25.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:05:45 honeypot-ams-1 sshd[29480]: Received disconnect from 45.61.187.160 port 49500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:05:46.484Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:04 honeypot-ams-1 sshd[29485]: Invalid user user from 45.61.187.160 port 44722","@timestamp":"2022-09-07T05:06:05.494Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:07 honeypot-ams-1 sshd[29490]: Invalid user user from 141.255.162.226 port 40222","@timestamp":"2022-09-07T05:06:08.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:10 honeypot-ams-1 sshd[29493]: Disconnected from invalid user user 141.255.162.226 port 49064 [preauth]","@timestamp":"2022-09-07T05:06:10.497Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:13 honeypot-ams-1 sshd[29499]: Disconnected from invalid user user 141.255.162.226 port 38508 [preauth]","@timestamp":"2022-09-07T05:06:14.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:06:15 honeypot-ams-1 sshd[29501]: Disconnected from invalid user user 141.255.162.226 port 47348 [preauth]","@timestamp":"2022-09-07T05:06:15.500Z"}
{"@timestamp":"2022-09-07T05:06:16.034Z","@version":"1","message":"Sep  7 05:06:15 honeypot-sgp-1 sshd[27538]: Disconnecting invalid user admin 128.53.5.55 port 61507: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:20 honeypot-fra-1 sshd[19508]: Invalid user user from 45.61.187.160 port 55302","@timestamp":"2022-09-07T05:08:21.092Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:39 honeypot-fra-1 sshd[19512]: Invalid user user from 45.61.187.160 port 51154","@timestamp":"2022-09-07T05:08:40.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:08:56 honeypot-fra-1 sshd[19516]: Invalid user user from 45.61.187.160 port 47064","@timestamp":"2022-09-07T05:08:57.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:09:34 honeypot-fra-1 sshd[19520]: Invalid user jenkins from 165.22.45.108 port 39258","@timestamp":"2022-09-07T05:09:35.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:10:57 honeypot-ams-1 sshd[29507]: Received disconnect from 45.61.186.249 port 45112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:10:57.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:13 honeypot-ams-1 sshd[29511]: Received disconnect from 92.255.85.69 port 55892:11: Bye Bye [preauth]","@timestamp":"2022-09-07T05:11:13.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:23 honeypot-ams-1 sshd[29515]: Received disconnect from 45.61.186.249 port 49892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:11:23.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:11:40 honeypot-ams-1 sshd[29519]: Received disconnect from 45.61.186.249 port 43664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T05:11:40.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:13:21 honeypot-ams-1 sshd[29523]: Disconnected from 79.110.62.213 port 36988 [preauth]","@timestamp":"2022-09-07T05:13:21.691Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:13:44 honeypot-fra-1 sshd[19525]: Connection closed by invalid user yuting 141.98.10.158 port 54498 [preauth]","@timestamp":"2022-09-07T05:13:44.219Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:14:26.251Z","@version":"1","message":"Sep  7 05:14:26 honeypot-sgp-1 kernel: [83403785.315741] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.133 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=42446 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:17:01 honeypot-ams-1 CRON[29530]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T05:17:02.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:18:57 honeypot-fra-1 sshd[19531]: Disconnected from invalid user admin 92.255.85.69 port 26778 [preauth]","@timestamp":"2022-09-07T05:18:58.335Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:23:22.460Z","@version":"1","message":"Sep  7 05:23:21 honeypot-sgp-1 kernel: [83404320.690778] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.72.29 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=32929 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:27:12 honeypot-ams-1 sshd[29538]: Disconnected from invalid user richard 137.59.92.122 port 51560 [preauth]","@timestamp":"2022-09-07T05:27:13.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:27:59 honeypot-fra-1 kernel: [83402923.381605] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=87.90.125.183 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=15533 PROTO=TCP SPT=40227 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:27:59.532Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:33:32 honeypot-fra-1 sshd[19539]: Disconnected from authenticating user root 167.99.221.81 port 44916 [preauth]","@timestamp":"2022-09-07T05:33:33.655Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:35:12 honeypot-ams-1 sshd[29543]: Disconnected from invalid user adslroot 92.255.85.69 port 59310 [preauth]","@timestamp":"2022-09-07T05:35:13.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:38:37 honeypot-fra-1 sshd[19544]: Disconnected from invalid user cristi 211.253.133.48 port 44431 [preauth]","@timestamp":"2022-09-07T05:38:37.766Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:39:36.832Z","@version":"1","message":"Sep  7 05:39:36 honeypot-sgp-1 sshd[27553]: Received disconnect from 178.128.159.1 port 34842:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:42:44 honeypot-fra-1 sshd[19547]: Disconnected from invalid user adslroot 92.255.85.69 port 29640 [preauth]","@timestamp":"2022-09-07T05:42:45.858Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T05:45:31.971Z","@version":"1","message":"Sep  7 05:45:31 honeypot-sgp-1 sshd[27558]: Received disconnect from 92.255.85.70 port 23240:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:48:28 honeypot-fra-1 kernel: [83404153.179439] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.10.150.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15533 PROTO=TCP SPT=52014 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:48:29.980Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20005]: Invalid user postgres from 36.41.175.109 port 34388","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20014]: Invalid user es from 36.41.175.109 port 34372","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20002]: Connection closed by invalid user test 36.41.175.109 port 34430 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20011]: Connection closed by invalid user ansible 36.41.175.109 port 34452 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:03 honeypot-fra-1 sshd[20023]: Connection closed by invalid user guest 36.41.175.109 port 34416 [preauth]","@timestamp":"2022-09-07T05:53:04.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20040]: Invalid user elasticsearch from 36.41.175.109 port 34484","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20046]: Invalid user wordpress from 36.41.175.109 port 34436","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20037]: Connection closed by invalid user minecraft 36.41.175.109 port 34396 [preauth]","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:09 honeypot-fra-1 sshd[20046]: Connection closed by invalid user wordpress 36.41.175.109 port 34436 [preauth]","@timestamp":"2022-09-07T05:53:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20066]: Invalid user mcsrv from 36.41.175.109 port 34506","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20076]: Invalid user hduser from 36.41.175.109 port 34514","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:53:33 honeypot-fra-1 sshd[20067]: Connection closed by invalid user ansible 36.41.175.109 port 34510 [preauth]","@timestamp":"2022-09-07T05:53:34.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:55:16 honeypot-fra-1 kernel: [83404560.375827] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45960 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T05:55:17.125Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 05:58:05 honeypot-ams-1 sshd[29557]: Invalid user adslroot from 92.255.85.69 port 27294","@timestamp":"2022-09-07T05:58:05.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 05:58:45 honeypot-fra-1 sshd[20081]: Disconnected from invalid user jenkins 165.22.45.108 port 57480 [preauth]","@timestamp":"2022-09-07T05:58:46.203Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:00:47 honeypot-ams-1 kernel: [83407036.122136] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=37166 PROTO=TCP SPT=30594 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:00:47.936Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:01:11 honeypot-fra-1 kernel: [83404916.130883] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.12 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50872 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:01:12.267Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T06:02:13.354Z","@version":"1","message":"Sep  7 06:02:13 honeypot-sgp-1 sshd[27561]: Connection closed by invalid user zhaowen 137.116.144.39 port 42254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:03:45 honeypot-ams-1 kernel: [83407214.234808] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.40.45.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=29768 PROTO=TCP SPT=34389 DPT=80 WINDOW=23350 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:03:46.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:05:23 honeypot-fra-1 sshd[20089]: Received disconnect from 92.255.85.70 port 51340:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:05:23.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:11:08 honeypot-fra-1 sshd[20094]: Disconnected from invalid user jenkins 165.22.45.108 port 33804 [preauth]","@timestamp":"2022-09-07T06:11:08.495Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:11:39 honeypot-ams-1 sshd[29573]: Connection closed by 180.76.173.237 port 59454 [preauth]","@timestamp":"2022-09-07T06:11:40.222Z"}
{"@timestamp":"2022-09-07T06:11:57.580Z","@version":"1","message":"Sep  7 06:11:57 honeypot-sgp-1 sshd[27569]: ssh_dispatch_run_fatal: Connection from 88.88.97.30 port 42678: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:17:01 honeypot-ams-1 CRON[29580]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T06:17:02.383Z"}
{"@timestamp":"2022-09-07T06:17:02.699Z","@version":"1","message":"Sep  7 06:17:01 honeypot-sgp-1 CRON[27575]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:19:44 honeypot-ams-1 sshd[29585]: Connection closed by invalid user admin 216.52.136.77 port 21606 [preauth]","@timestamp":"2022-09-07T06:19:45.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:19:47 honeypot-ams-1 sshd[29591]: Connection closed by invalid user admin 216.52.136.77 port 21632 [preauth]","@timestamp":"2022-09-07T06:19:47.458Z"}
{"@timestamp":"2022-09-07T06:20:59.795Z","@version":"1","message":"Sep  7 06:20:59 honeypot-sgp-1 sshd[27581]: Received disconnect from 181.176.145.43 port 49144:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:21:20 honeypot-fra-1 kernel: [83406125.089690] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.102.56.125 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15533 PROTO=TCP SPT=49518 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:21:21.726Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:24:57 honeypot-ams-1 sshd[29600]: Disconnected from authenticating user root 113.161.230.215 port 60386 [preauth]","@timestamp":"2022-09-07T06:24:58.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:01 honeypot-ams-1 CRON[29608]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T06:25:02.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:06 honeypot-ams-1 sshd[29775]: Received disconnect from 113.161.230.215 port 60609:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:06.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:10 honeypot-ams-1 sshd[29781]: Received disconnect from 113.161.230.215 port 60764:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:11.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:15 honeypot-ams-1 sshd[29787]: Received disconnect from 113.161.230.215 port 60896:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:16.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:20 honeypot-ams-1 sshd[29793]: Received disconnect from 113.161.230.215 port 32800:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:20.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:25 honeypot-ams-1 sshd[29799]: Received disconnect from 113.161.230.215 port 32940:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:25.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:30 honeypot-ams-1 sshd[29805]: Received disconnect from 113.161.230.215 port 33087:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:30.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:35 honeypot-ams-1 sshd[29811]: Received disconnect from 113.161.230.215 port 33228:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:35.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:40 honeypot-ams-1 sshd[29817]: Received disconnect from 113.161.230.215 port 33369:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:40.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:44 honeypot-ams-1 sshd[29823]: Received disconnect from 113.161.230.215 port 33511:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:45.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:49 honeypot-ams-1 sshd[29829]: Received disconnect from 113.161.230.215 port 33650:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:25:50.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:54 honeypot-ams-1 sshd[29835]: Invalid user admin from 113.161.230.215 port 33790","@timestamp":"2022-09-07T06:25:54.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:25:57 honeypot-ams-1 sshd[29839]: Invalid user admin from 113.161.230.215 port 33882","@timestamp":"2022-09-07T06:25:58.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:00 honeypot-ams-1 sshd[29843]: Invalid user admin from 113.161.230.215 port 33973","@timestamp":"2022-09-07T06:26:01.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:04 honeypot-ams-1 sshd[29847]: Invalid user admin from 113.161.230.215 port 34068","@timestamp":"2022-09-07T06:26:04.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:07 honeypot-ams-1 sshd[29851]: Invalid user admin from 113.161.230.215 port 34150","@timestamp":"2022-09-07T06:26:07.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:10 honeypot-ams-1 sshd[29855]: Invalid user user from 113.161.230.215 port 34241","@timestamp":"2022-09-07T06:26:10.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:13 honeypot-ams-1 sshd[29859]: Disconnected from authenticating user root 113.161.230.215 port 34343 [preauth]","@timestamp":"2022-09-07T06:26:14.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:17 honeypot-ams-1 sshd[29863]: Disconnected from invalid user pi 113.161.230.215 port 34431 [preauth]","@timestamp":"2022-09-07T06:26:17.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:20 honeypot-ams-1 sshd[29867]: Disconnected from invalid user ethos 113.161.230.215 port 34523 [preauth]","@timestamp":"2022-09-07T06:26:20.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:23 honeypot-ams-1 sshd[29871]: Disconnected from invalid user miner 113.161.230.215 port 34634 [preauth]","@timestamp":"2022-09-07T06:26:24.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:27 honeypot-ams-1 sshd[29875]: Disconnected from invalid user volumio 113.161.230.215 port 34719 [preauth]","@timestamp":"2022-09-07T06:26:27.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:30 honeypot-ams-1 sshd[29879]: Disconnected from invalid user nagios 113.161.230.215 port 34811 [preauth]","@timestamp":"2022-09-07T06:26:30.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:33 honeypot-ams-1 sshd[29883]: Disconnected from invalid user vagrant 113.161.230.215 port 34920 [preauth]","@timestamp":"2022-09-07T06:26:33.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:36 honeypot-ams-1 sshd[29887]: Disconnected from invalid user debian 113.161.230.215 port 35000 [preauth]","@timestamp":"2022-09-07T06:26:37.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:40 honeypot-ams-1 sshd[29891]: Disconnected from invalid user debian 113.161.230.215 port 35099 [preauth]","@timestamp":"2022-09-07T06:26:40.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:43 honeypot-ams-1 sshd[29895]: Disconnected from invalid user alarm 113.161.230.215 port 35199 [preauth]","@timestamp":"2022-09-07T06:26:43.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:46 honeypot-ams-1 sshd[29899]: Disconnected from invalid user test 113.161.230.215 port 35278 [preauth]","@timestamp":"2022-09-07T06:26:46.672Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:26:49 honeypot-ams-1 sshd[29903]: Disconnected from invalid user cirros 113.161.230.215 port 35382 [preauth]","@timestamp":"2022-09-07T06:26:50.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:27:23 honeypot-fra-1 kernel: [83406487.983278] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=117.255.65.213 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=33997 DF PROTO=TCP SPT=59524 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:27:24.860Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T06:28:15.993Z","@version":"1","message":"Sep  7 06:28:15 honeypot-sgp-1 kernel: [83408214.461300] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=15113 DF PROTO=TCP SPT=62466 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:31:03 honeypot-fra-1 sshd[20250]: Disconnected from authenticating user root 134.17.16.196 port 14720 [preauth]","@timestamp":"2022-09-07T06:31:03.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:35:11 honeypot-fra-1 sshd[20255]: Disconnected from 79.110.62.213 port 52278 [preauth]","@timestamp":"2022-09-07T06:35:12.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:36:04 honeypot-fra-1 sshd[20259]: Disconnected from invalid user jenkins 165.22.45.108 port 42928 [preauth]","@timestamp":"2022-09-07T06:36:05.059Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:37:02.197Z","@version":"1","message":"Sep  7 06:37:01 honeypot-sgp-1 sshd[27930]: Received disconnect from 46.101.135.232 port 59190:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:42:46 honeypot-ams-1 sshd[29911]: Disconnected from invalid user admin 92.255.85.70 port 55754 [preauth]","@timestamp":"2022-09-07T06:42:47.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:43:21 honeypot-fra-1 sshd[20264]: Received disconnect from 189.8.68.56 port 53730:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:43:22.218Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T06:43:59.364Z","@version":"1","message":"Sep  7 06:43:58 honeypot-sgp-1 kernel: [83409157.439482] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.152.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=17378 PROTO=TCP SPT=20142 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:49:06 honeypot-fra-1 sshd[20267]: Received disconnect from 165.22.45.108 port 47522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T06:49:07.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 06:52:02 honeypot-ams-1 kernel: [83410111.660906] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=20439 PROTO=TCP SPT=57211 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:52:03.317Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 06:52:26 honeypot-fra-1 kernel: [83407990.888038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.166 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=32466 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T06:52:27.420Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T06:53:27.585Z","@version":"1","message":"Sep  7 06:53:27 honeypot-sgp-1 sshd[28011]: Disconnected from invalid user admin 92.255.85.70 port 23488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 06:59:01 honeypot-ams-1 sshd[29939]: Received disconnect from 147.182.211.89 port 46026:11: Bye Bye [preauth]","@timestamp":"2022-09-07T06:59:01.530Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:03:31 honeypot-ams-1 kernel: [83410800.479443] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.153.77.105 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=26767 DF PROTO=TCP SPT=62810 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T07:03:31.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:05:19 honeypot-fra-1 kernel: [83408763.088195] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55761 PROTO=TCP SPT=44528 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:05:19.708Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:06:19 honeypot-ams-1 sshd[30043]: Disconnected from invalid user zhone 92.255.85.70 port 52692 [preauth]","@timestamp":"2022-09-07T07:06:19.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:06:49 honeypot-fra-1 sshd[20480]: Received disconnect from 47.176.104.76 port 4790:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:06:50.746Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T07:06:58.896Z","@version":"1","message":"Sep  7 07:06:58 honeypot-sgp-1 kernel: [83410537.831011] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.215.188 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50364 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T07:08:47.942Z","@version":"1","message":"Sep  7 07:08:47 honeypot-sgp-1 sshd[28021]: Received disconnect from 159.89.205.198 port 51778:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:09:04 honeypot-ams-1 sshd[30050]: Received disconnect from 117.205.83.28 port 57852:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:09:04.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:02 honeypot-ams-1 sshd[30053]: Received disconnect from 198.98.61.9 port 47820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T07:12:02.898Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:18 honeypot-ams-1 sshd[30057]: Received disconnect from 198.98.61.9 port 42220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T07:12:18.906Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:32 honeypot-ams-1 sshd[30061]: Received disconnect from 198.98.61.9 port 36664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T07:12:32.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:12:47 honeypot-ams-1 sshd[30065]: Received disconnect from 198.98.61.9 port 59340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T07:12:47.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:13:35 honeypot-fra-1 sshd[20486]: Invalid user zhone from 92.255.85.69 port 31240","@timestamp":"2022-09-07T07:13:36.895Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:14:33 honeypot-ams-1 sshd[30072]: Connection closed by authenticating user root 103.188.176.251 port 47670 [preauth]","@timestamp":"2022-09-07T07:14:33.997Z"}
{"@timestamp":"2022-09-07T07:16:40.128Z","@version":"1","message":"Sep  7 07:16:39 honeypot-sgp-1 kernel: [83411118.661857] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.97.171.253 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=53813 PROTO=TCP SPT=43190 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:17:01 honeypot-fra-1 CRON[20488]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T07:17:01.971Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T07:18:13.166Z","@version":"1","message":"Sep  7 07:18:12 honeypot-sgp-1 kernel: [83411211.960510] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.201.91 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37371 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T07:23:32.291Z","@version":"1","message":"Sep  7 07:23:32 honeypot-sgp-1 sshd[28030]: Disconnected from invalid user asterisk 190.181.25.210 port 36353 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:23:46 honeypot-ams-1 kernel: [83412015.426970] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=129.232.191.10 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7416 PROTO=TCP SPT=61001 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:23:47.252Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:24:09 honeypot-fra-1 sshd[20495]: Invalid user jenny from 165.22.45.108 port 56902","@timestamp":"2022-09-07T07:24:09.132Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:25:19 honeypot-ams-1 kernel: [83412108.182630] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25680 DF PROTO=TCP SPT=39888 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:25:19.295Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:28:45 honeypot-ams-1 kernel: [83412314.075017] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.196 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34897 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:28:45.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:33:15 honeypot-fra-1 sshd[20498]: Received disconnect from 203.130.255.2 port 42634:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:33:15.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:35:41 honeypot-fra-1 sshd[20504]: Received disconnect from 160.251.7.202 port 45490:11: Bye Bye [preauth]","@timestamp":"2022-09-07T07:35:42.375Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:36:58 honeypot-fra-1 sshd[20509]: Disconnected from invalid user jeremy 165.22.45.108 port 33250 [preauth]","@timestamp":"2022-09-07T07:36:59.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:37:08 honeypot-fra-1 sshd[20513]: Disconnected from invalid user admin 92.255.85.69 port 41622 [preauth]","@timestamp":"2022-09-07T07:37:09.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 07:39:08 honeypot-ams-1 kernel: [83412937.643891] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.142.146.50 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=44872 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:39:09.650Z"}
{"@timestamp":"2022-09-07T07:40:24.685Z","@version":"1","message":"Sep  7 07:40:24 honeypot-sgp-1 sshd[28034]: Received disconnect from 92.255.85.70 port 46912:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:45:48 honeypot-fra-1 kernel: [83411191.966551] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 PROTO=TCP SPT=9322 DPT=443 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T07:45:48.598Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:50:36 honeypot-fra-1 sshd[20525]: Invalid user admin from 118.47.198.199 port 35048","@timestamp":"2022-09-07T07:50:36.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 07:52:51 honeypot-ams-1 sshd[30102]: Connection closed by 162.142.125.212 port 48004 [preauth]","@timestamp":"2022-09-07T07:52:52.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 07:56:05 honeypot-fra-1 sshd[20530]: Invalid user sa from 193.106.191.157 port 35742","@timestamp":"2022-09-07T07:56:05.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:00:28 honeypot-fra-1 sshd[20532]: Disconnected from invalid user c1@r0 92.255.85.70 port 44692 [preauth]","@timestamp":"2022-09-07T08:00:28.930Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:01:02 honeypot-ams-1 sshd[30107]: Connection closed by 180.76.173.237 port 34006 [preauth]","@timestamp":"2022-09-07T08:01:03.216Z"}
{"@timestamp":"2022-09-07T08:03:43.248Z","@version":"1","message":"Sep  7 08:03:42 honeypot-sgp-1 sshd[28040]: Received disconnect from 45.61.186.249 port 38966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:02.257Z","@version":"1","message":"Sep  7 08:04:02 honeypot-sgp-1 sshd[28044]: Received disconnect from 45.61.186.249 port 34066:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:21.266Z","@version":"1","message":"Sep  7 08:04:20 honeypot-sgp-1 sshd[28048]: Received disconnect from 45.61.186.249 port 57428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:04:33.272Z","@version":"1","message":"Sep  7 08:04:32 honeypot-sgp-1 sshd[28052]: Received disconnect from 92.255.85.70 port 37206:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:09:15.383Z","@version":"1","message":"Sep  7 08:09:15 honeypot-sgp-1 sshd[28057]: Received disconnect from 211.40.129.246 port 59766:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:13:09 honeypot-fra-1 kernel: [83412833.127818] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.98.76 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57828 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:13:10.207Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T08:15:01.521Z","@version":"1","message":"Sep  7 08:15:01 honeypot-sgp-1 sshd[28062]: Disconnected from invalid user test 20.2.89.114 port 53118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:17:01 honeypot-ams-1 CRON[30113]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T08:17:01.625Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:17:08 honeypot-fra-1 kernel: [83413072.342134] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=58866 PROTO=TCP SPT=58589 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:17:09.294Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:19:18 honeypot-ams-1 sshd[30120]: Invalid user fwupgrade from 79.136.67.196 port 60085","@timestamp":"2022-09-07T08:19:19.685Z"}
{"@timestamp":"2022-09-07T08:20:09.644Z","@version":"1","message":"Sep  7 08:20:09 honeypot-sgp-1 sshd[28087]: Connection closed by 116.90.238.192 port 44639 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:25:12.766Z","@version":"1","message":"Sep  7 08:25:12 honeypot-sgp-1 sshd[28094]: Received disconnect from 59.103.236.85 port 16782:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 08:26:19 honeypot-ams-1 kernel: [83415768.503804] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=118.126.82.157 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=42914 DF PROTO=TCP SPT=48592 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:26:19.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:28:46 honeypot-fra-1 sshd[20567]: Invalid user jessica from 165.22.45.108 port 51564","@timestamp":"2022-09-07T08:28:47.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:30:29 honeypot-fra-1 kernel: [83413873.802769] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37916 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T08:30:30.589Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T08:31:10.908Z","@version":"1","message":"Sep  7 08:31:10 honeypot-sgp-1 sshd[28099]: Received disconnect from 189.68.157.223 port 54573:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 08:39:51 honeypot-ams-1 sshd[30151]: Received disconnect from 92.255.85.70 port 38684:11: Bye Bye [preauth]","@timestamp":"2022-09-07T08:39:52.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:39:51 honeypot-fra-1 sshd[20649]: Disconnected from 218.92.0.208 port 54611 [preauth]","@timestamp":"2022-09-07T08:39:52.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T08:43:39.218Z","@version":"1","message":"Sep  7 08:43:38 honeypot-sgp-1 sshd[28108]: Disconnected from 218.92.0.207 port 55253 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T08:45:40.267Z","@version":"1","message":"Sep  7 08:45:39 honeypot-sgp-1 kernel: [83416458.808894] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=46991 PROTO=TCP SPT=51902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:45:54 honeypot-fra-1 sshd[20660]: Connection closed by invalid user sb 193.106.191.157 port 37252 [preauth]","@timestamp":"2022-09-07T08:45:54.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:18 honeypot-fra-1 sshd[20670]: Invalid user user from 45.61.187.160 port 49484","@timestamp":"2022-09-07T08:51:19.049Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:37 honeypot-fra-1 sshd[20674]: Invalid user user from 45.61.187.160 port 44994","@timestamp":"2022-09-07T08:51:38.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:51:54 honeypot-fra-1 sshd[20678]: Invalid user user from 45.61.187.160 port 40496","@timestamp":"2022-09-07T08:51:55.072Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:52:09 honeypot-fra-1 sshd[20682]: Invalid user user from 45.61.187.160 port 35984","@timestamp":"2022-09-07T08:52:10.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 08:55:45 honeypot-fra-1 sshd[20685]: Invalid user jessica from 165.22.45.108 port 60760","@timestamp":"2022-09-07T08:55:46.160Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T08:58:56.581Z","@version":"1","message":"Sep  7 08:58:56 honeypot-sgp-1 sshd[28120]: Invalid user or from 102.223.92.101 port 5327","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:00:08.611Z","@version":"1","message":"Sep  7 09:00:08 honeypot-sgp-1 sshd[28124]: Received disconnect from 89.251.102.54 port 57030:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:01:55.658Z","@version":"1","message":"Sep  7 09:01:55 honeypot-sgp-1 sshd[28126]: Invalid user noc from 186.206.144.34 port 41200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:02:38 honeypot-ams-1 sshd[30161]: Invalid user admin from 92.255.85.69 port 42168","@timestamp":"2022-09-07T09:02:38.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:04:06 honeypot-fra-1 kernel: [83415890.531867] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59832 PROTO=TCP SPT=41203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:04:07.342Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:10:52 honeypot-fra-1 sshd[20696]: Invalid user admin from 92.255.85.69 port 36480","@timestamp":"2022-09-07T09:10:53.487Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:13:52.938Z","@version":"1","message":"Sep  7 09:13:52 honeypot-sgp-1 sshd[28132]: Received disconnect from 92.255.85.70 port 54888:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 09:14:42 honeypot-ams-1 kernel: [83418671.061821] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=144 PROTO=TCP SPT=41573 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:14:43.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:04 honeypot-fra-1 sshd[20700]: Invalid user user from 141.255.162.226 port 52752","@timestamp":"2022-09-07T09:15:04.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:07 honeypot-fra-1 sshd[20704]: Invalid user user from 141.255.162.226 port 43724","@timestamp":"2022-09-07T09:15:07.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:11 honeypot-fra-1 sshd[20708]: Invalid user user from 141.255.162.226 port 51612","@timestamp":"2022-09-07T09:15:12.601Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:15:12.971Z","@version":"1","message":"Sep  7 09:15:12 honeypot-sgp-1 sshd[28138]: Disconnected from invalid user ubnt 92.95.84.184 port 38262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:15:14 honeypot-fra-1 sshd[20712]: Invalid user user from 141.255.162.226 port 41456","@timestamp":"2022-09-07T09:15:14.602Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:15:35.981Z","@version":"1","message":"Sep  7 09:15:35 honeypot-sgp-1 sshd[28152]: Received disconnect from 92.95.84.184 port 39378:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:15:51.989Z","@version":"1","message":"Sep  7 09:15:51 honeypot-sgp-1 sshd[28160]: Received disconnect from 92.95.84.184 port 40070:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:16:04.995Z","@version":"1","message":"Sep  7 09:16:04 honeypot-sgp-1 sshd[28168]: Received disconnect from 92.95.84.184 port 40678:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T09:16:10.999Z","@version":"1","message":"Sep  7 09:16:10 honeypot-sgp-1 sshd[28172]: Disconnected from authenticating user root 92.95.84.184 port 40934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:17:58 honeypot-fra-1 sshd[20717]: Received disconnect from 91.183.81.82 port 56134:11: Bye Bye [preauth]","@timestamp":"2022-09-07T09:17:59.664Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:23:07.158Z","@version":"1","message":"Sep  7 09:23:06 honeypot-sgp-1 sshd[28180]: Disconnected from 147.182.211.89 port 44936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:24:40 honeypot-ams-1 sshd[30174]: Received disconnect from 49.88.112.65 port 18476:11:  [preauth]","@timestamp":"2022-09-07T09:24:41.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:27:06 honeypot-ams-1 sshd[30178]: Disconnected from authenticating user root 49.88.112.65 port 13174 [preauth]","@timestamp":"2022-09-07T09:27:06.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:27:45 honeypot-fra-1 sshd[20725]: Received disconnect from 218.92.0.208 port 44612:11:  [preauth]","@timestamp":"2022-09-07T09:27:45.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:33:30 honeypot-fra-1 sshd[20729]: Received disconnect from 92.255.85.70 port 62028:11: Bye Bye [preauth]","@timestamp":"2022-09-07T09:33:31.000Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:36:05.464Z","@version":"1","message":"Sep  7 09:36:04 honeypot-sgp-1 kernel: [83419483.568063] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38677 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:36:11 honeypot-fra-1 sshd[20733]: Received disconnect from 165.22.45.108 port 46268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T09:36:12.076Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:47:46 honeypot-ams-1 sshd[30185]: Received disconnect from 92.255.85.69 port 62012:11: Bye Bye [preauth]","@timestamp":"2022-09-07T09:47:47.017Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:49:47 honeypot-fra-1 sshd[20740]: Invalid user jessica from 165.22.45.108 port 50864","@timestamp":"2022-09-07T09:49:47.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 09:52:01 honeypot-ams-1 sshd[30188]: Received disconnect from 142.93.212.10 port 50958:11: Bye Bye [preauth]","@timestamp":"2022-09-07T09:52:02.128Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 09:53:56 honeypot-ams-1 kernel: [83421024.993033] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.44.108.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=11600 PROTO=TCP SPT=36872 DPT=80 WINDOW=59248 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T09:53:56.180Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:54:50 honeypot-fra-1 sshd[20743]: Disconnected from invalid user Admin 92.255.85.70 port 47540 [preauth]","@timestamp":"2022-09-07T09:54:51.474Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T09:57:32.977Z","@version":"1","message":"Sep  7 09:57:32 honeypot-sgp-1 kernel: [83420771.377532] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.68.211.91 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=20612 DF PROTO=TCP SPT=55550 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 09:58:36 honeypot-fra-1 sshd[20749]: Connection closed by invalid user admin 119.201.180.229 port 44441 [preauth]","@timestamp":"2022-09-07T09:58:36.557Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 10:04:14 honeypot-ams-1 kernel: [83421642.858120] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=37876 DF PROTO=TCP SPT=64886 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:04:14.450Z"}
{"@timestamp":"2022-09-07T10:05:11.160Z","@version":"1","message":"Sep  7 10:05:10 honeypot-sgp-1 kernel: [83421229.562892] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=95.161.131.237 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47111 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:06:03 honeypot-fra-1 kernel: [83419607.122484] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.68.211.91 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=59278 DF PROTO=TCP SPT=64077 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:06:03.721Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:07:45 honeypot-fra-1 sshd[20756]: Disconnected from invalid user kainosho 51.83.44.100 port 47488 [preauth]","@timestamp":"2022-09-07T10:07:45.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:12:36 honeypot-fra-1 sshd[20761]: Disconnected from invalid user vin 223.197.151.55 port 59025 [preauth]","@timestamp":"2022-09-07T10:12:36.864Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 10:12:46 honeypot-ams-1 kernel: [83422155.827601] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.233.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=389 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:12:47.669Z"}
{"@timestamp":"2022-09-07T10:15:30.414Z","@version":"1","message":"Sep  7 10:15:30 honeypot-sgp-1 kernel: [83421848.939227] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30816 PROTO=TCP SPT=45720 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:16:41 honeypot-fra-1 sshd[20764]: Disconnected from invalid user jessica 165.22.45.108 port 33168 [preauth]","@timestamp":"2022-09-07T10:16:41.952Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:18:45 honeypot-fra-1 kernel: [83420369.292340] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=11570 PROTO=TCP SPT=45902 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:18:45.999Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T10:18:46.497Z","@version":"1","message":"Sep  7 10:18:46 honeypot-sgp-1 sshd[28207]: Received disconnect from 171.22.30.173 port 34908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:19:30 honeypot-fra-1 sshd[20774]: Disconnected from invalid user user 198.98.61.9 port 43908 [preauth]","@timestamp":"2022-09-07T10:19:31.018Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:19:35 honeypot-ams-1 sshd[30210]: Received disconnect from 61.177.173.39 port 58578:11:  [preauth]","@timestamp":"2022-09-07T10:19:35.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:19:46 honeypot-fra-1 sshd[20778]: Disconnected from invalid user user 198.98.61.9 port 37246 [preauth]","@timestamp":"2022-09-07T10:19:47.026Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:20:01 honeypot-fra-1 sshd[20782]: Disconnected from invalid user user 198.98.61.9 port 58786 [preauth]","@timestamp":"2022-09-07T10:20:02.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:20:15 honeypot-fra-1 sshd[20786]: Disconnected from invalid user user 198.98.61.9 port 52104 [preauth]","@timestamp":"2022-09-07T10:20:16.039Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:23:18 honeypot-ams-1 sshd[30213]: Disconnected from authenticating user root 61.177.173.36 port 44022 [preauth]","@timestamp":"2022-09-07T10:23:18.947Z"}
{"@timestamp":"2022-09-07T10:23:24.611Z","@version":"1","message":"Sep  7 10:23:23 honeypot-sgp-1 sshd[28212]: Connection closed by authenticating user root 103.188.176.251 port 33694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:23:56 honeypot-fra-1 sshd[20793]: Invalid user admins from 165.227.68.95 port 49932","@timestamp":"2022-09-07T10:23:57.118Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:25:23 honeypot-fra-1 sshd[20798]: Connection closed by invalid user sd 193.106.191.157 port 40242 [preauth]","@timestamp":"2022-09-07T10:25:24.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:30:12 honeypot-fra-1 sshd[20803]: Disconnected from invalid user jesus1 165.22.45.108 port 37756 [preauth]","@timestamp":"2022-09-07T10:30:12.254Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T10:31:02.798Z","@version":"1","message":"Sep  7 10:31:02 honeypot-sgp-1 kernel: [83422781.047395] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=57355 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:34:03 honeypot-ams-1 sshd[30227]: Received disconnect from 103.161.207.2 port 36602:11: Bye Bye [preauth]","@timestamp":"2022-09-07T10:34:03.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:35:30 honeypot-ams-1 sshd[30232]: Connection closed by authenticating user root 59.144.165.184 port 34751 [preauth]","@timestamp":"2022-09-07T10:35:31.286Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:37:17 honeypot-fra-1 sshd[20810]: Connection reset by 61.177.173.47 port 19630 [preauth]","@timestamp":"2022-09-07T10:37:17.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:42:06 honeypot-fra-1 kernel: [83421770.101297] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.180 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37672 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:42:07.514Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T10:44:01.107Z","@version":"1","message":"Sep  7 10:44:00 honeypot-sgp-1 sshd[28224]: Received disconnect from 92.255.85.70 port 54468:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:44:50 honeypot-ams-1 sshd[30245]: Connection closed by 180.76.173.237 port 51924 [preauth]","@timestamp":"2022-09-07T10:44:51.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:45:58 honeypot-fra-1 sshd[20824]: Did not receive identification string from 141.255.162.226 port 33872","@timestamp":"2022-09-07T10:45:58.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:05 honeypot-fra-1 sshd[20827]: Disconnected from invalid user user 141.255.162.226 port 39470 [preauth]","@timestamp":"2022-09-07T10:46:05.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:07 honeypot-fra-1 sshd[20831]: Disconnected from invalid user user 141.255.162.226 port 47934 [preauth]","@timestamp":"2022-09-07T10:46:08.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:46:11 honeypot-fra-1 sshd[20835]: Disconnected from invalid user user 141.255.162.226 port 57816 [preauth]","@timestamp":"2022-09-07T10:46:11.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:52:06 honeypot-fra-1 kernel: [83422369.596075] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=33241 PROTO=TCP SPT=41039 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:52:06.734Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 10:55:31 honeypot-ams-1 sshd[30257]: Invalid user motorola from 92.255.85.70 port 47606","@timestamp":"2022-09-07T10:55:31.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 10:58:47 honeypot-fra-1 kernel: [83422770.509394] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54603 PROTO=TCP SPT=47906 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T10:58:47.879Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:35 honeypot-ams-1 sshd[30261]: Received disconnect from 141.255.162.226 port 44774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:00:35.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:39 honeypot-ams-1 sshd[30265]: Received disconnect from 141.255.162.226 port 53698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:00:39.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:41 honeypot-ams-1 sshd[30269]: Received disconnect from 141.255.162.226 port 43308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:00:41.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:00:45 honeypot-ams-1 sshd[30273]: Received disconnect from 141.255.162.226 port 41846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:00:45.939Z"}
{"@timestamp":"2022-09-07T11:00:47.504Z","@version":"1","message":"Sep  7 11:00:47 honeypot-sgp-1 sshd[28228]: Received disconnect from 167.71.131.111 port 36964:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:03:03 honeypot-fra-1 sshd[20870]: Received disconnect from 61.177.173.51 port 51342:11:  [preauth]","@timestamp":"2022-09-07T11:03:03.972Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:05:13.610Z","@version":"1","message":"Sep  7 11:05:12 honeypot-sgp-1 kernel: [83424831.634999] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.88 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=40636 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:08:36 honeypot-fra-1 sshd[20875]: Disconnected from authenticating user root 61.177.172.114 port 13221 [preauth]","@timestamp":"2022-09-07T11:08:37.094Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:10:46.743Z","@version":"1","message":"Sep  7 11:10:46 honeypot-sgp-1 sshd[28236]: Connection closed by invalid user admin 178.128.125.205 port 42058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T11:10:46.743Z","@version":"1","message":"Sep  7 11:10:46 honeypot-sgp-1 sshd[28242]: Connection closed by invalid user admin 178.128.125.205 port 42098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:10:47 honeypot-fra-1 sshd[20882]: Invalid user jetty from 165.22.45.108 port 51506","@timestamp":"2022-09-07T11:10:48.144Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:11:42 honeypot-ams-1 kernel: [83425691.236897] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.156.90.160 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=40691 PROTO=TCP SPT=43747 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:11:43.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:11:49 honeypot-fra-1 sshd[20886]: Connection closed by invalid user admin 159.203.178.0 port 63476 [preauth]","@timestamp":"2022-09-07T11:11:50.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:14:12 honeypot-fra-1 sshd[20895]: Received disconnect from 61.177.172.19 port 15813:11:  [preauth]","@timestamp":"2022-09-07T11:14:13.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:14:56 honeypot-fra-1 sshd[20900]: Received disconnect from 181.129.166.202 port 36860:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:14:57.242Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:17:01 honeypot-ams-1 CRON[30285]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T11:17:02.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:19:13 honeypot-fra-1 kernel: [83423996.825270] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=29282 PROTO=TCP SPT=48573 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:19:14.337Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:19:39 honeypot-ams-1 kernel: [83426168.351951] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.202.231.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=4401 PROTO=TCP SPT=5676 DPT=80 WINDOW=25740 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:19:40.430Z"}
{"@timestamp":"2022-09-07T11:19:49.957Z","@version":"1","message":"Sep  7 11:19:49 honeypot-sgp-1 kernel: [83425707.922963] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=33879 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:25:54 honeypot-fra-1 sshd[20917]: Invalid user airlive from 92.255.85.70 port 22988","@timestamp":"2022-09-07T11:25:54.483Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:10 honeypot-ams-1 sshd[30297]: Received disconnect from 45.61.184.204 port 50558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:29:10.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:29 honeypot-ams-1 sshd[30301]: Received disconnect from 45.61.184.204 port 45628:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:29:29.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:29:48 honeypot-ams-1 sshd[30305]: Received disconnect from 45.61.184.204 port 40694:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:29:48.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:30:05 honeypot-ams-1 sshd[30309]: Received disconnect from 45.61.184.204 port 35762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:30:05.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:30:47 honeypot-fra-1 kernel: [83424690.924034] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.156.90.160 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=38434 PROTO=TCP SPT=43747 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:30:47.592Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:31:30 honeypot-ams-1 sshd[30313]: Disconnected from authenticating user root 61.177.173.51 port 32377 [preauth]","@timestamp":"2022-09-07T11:31:30.782Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:36:39 honeypot-fra-1 sshd[20925]: Disconnected from invalid user yuan 138.197.66.68 port 49076 [preauth]","@timestamp":"2022-09-07T11:36:39.722Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:37:01 honeypot-ams-1 kernel: [83427209.945808] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=38019 PROTO=TCP SPT=50558 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:37:01.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:39:41 honeypot-fra-1 sshd[20937]: Received disconnect from 165.22.45.108 port 60738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T11:39:42.788Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:41:28.451Z","@version":"1","message":"Sep  7 11:41:27 honeypot-sgp-1 kernel: [83427006.724005] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27133 PROTO=TCP SPT=27684 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:41:58 honeypot-fra-1 sshd[20941]: Disconnected from authenticating user root 61.177.173.36 port 18136 [preauth]","@timestamp":"2022-09-07T11:41:59.839Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 11:44:01 honeypot-ams-1 sshd[30332]: Received disconnect from 46.101.187.234 port 34654:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:44:02.131Z"}
{"@timestamp":"2022-09-07T11:48:48.618Z","@version":"1","message":"Sep  7 11:48:48 honeypot-sgp-1 sshd[28263]: Disconnected from authenticating user root 23.224.97.145 port 40304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:48:57 honeypot-fra-1 sshd[20948]: Received disconnect from 92.255.85.70 port 19028:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:48:57.991Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:51:28.698Z","@version":"1","message":"Sep  7 11:51:28 honeypot-sgp-1 sshd[28269]: Invalid user yoshichika from 157.245.81.154 port 11288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 11:51:36 honeypot-ams-1 kernel: [83428085.766634] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.95.17.133 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=123 ID=62745 PROTO=TCP SPT=37067 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T11:51:37.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:55:35 honeypot-fra-1 sshd[20954]: Received disconnect from 188.233.97.32 port 44152:11: Bye Bye [preauth]","@timestamp":"2022-09-07T11:55:36.147Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T11:58:26.859Z","@version":"1","message":"Sep  7 11:58:26 honeypot-sgp-1 sshd[28275]: Received disconnect from 68.183.141.33 port 52304:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 11:59:33 honeypot-fra-1 sshd[20965]: Received disconnect from 61.177.173.46 port 17222:11:  [preauth]","@timestamp":"2022-09-07T11:59:34.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:03:30 honeypot-ams-1 sshd[30350]: Disconnected from authenticating user root 157.230.185.9 port 35620 [preauth]","@timestamp":"2022-09-07T12:03:30.621Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:05:59 honeypot-ams-1 sshd[30354]: Invalid user admin from 92.255.85.70 port 33026","@timestamp":"2022-09-07T12:06:00.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:09:11 honeypot-fra-1 sshd[20972]: Received disconnect from 165.22.45.108 port 41732:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T12:09:12.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:10:26 honeypot-fra-1 sshd[20970]: Connection reset by 61.177.173.50 port 19057 [preauth]","@timestamp":"2022-09-07T12:10:26.488Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:13:32 honeypot-ams-1 kernel: [83429401.761634] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.17.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=24127 PROTO=TCP SPT=61423 DPT=80 WINDOW=9535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:13:33.896Z"}
{"@timestamp":"2022-09-07T12:15:14.261Z","@version":"1","message":"Sep  7 12:15:14 honeypot-sgp-1 sshd[28279]: Received disconnect from 92.255.85.70 port 23270:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:19:28 honeypot-fra-1 sshd[20987]: Received disconnect from 61.177.172.90 port 43646:11:  [preauth]","@timestamp":"2022-09-07T12:19:28.684Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T12:19:29.362Z","@version":"1","message":"Sep  7 12:19:28 honeypot-sgp-1 sshd[28285]: Invalid user  from 64.62.197.122 port 51598","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:20:24 honeypot-ams-1 sshd[30369]: Received disconnect from 61.177.172.104 port 34166:11:  [preauth]","@timestamp":"2022-09-07T12:20:25.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:24:37 honeypot-fra-1 sshd[20991]: Received disconnect from 165.22.45.108 port 46366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T12:24:37.798Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:26:19 honeypot-ams-1 sshd[30372]: Connection reset by 61.177.173.35 port 27238 [preauth]","@timestamp":"2022-09-07T12:26:20.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:28:36 honeypot-ams-1 sshd[30377]: Disconnected from authenticating user root 61.177.173.51 port 14644 [preauth]","@timestamp":"2022-09-07T12:28:37.294Z"}
{"@timestamp":"2022-09-07T12:34:03.696Z","@version":"1","message":"Sep  7 12:34:03 honeypot-sgp-1 sshd[28291]: Disconnected from invalid user user 45.61.186.169 port 37454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:34:21.706Z","@version":"1","message":"Sep  7 12:34:21 honeypot-sgp-1 sshd[28295]: Disconnected from invalid user user 45.61.186.169 port 60764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:34:39.714Z","@version":"1","message":"Sep  7 12:34:38 honeypot-sgp-1 sshd[28299]: Disconnected from invalid user user 45.61.186.169 port 55816 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:34:49 honeypot-ams-1 kernel: [83430678.240938] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.222.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=58294 PROTO=TCP SPT=47931 DPT=80 WINDOW=54110 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:34:50.458Z"}
{"@timestamp":"2022-09-07T12:34:54.721Z","@version":"1","message":"Sep  7 12:34:54 honeypot-sgp-1 sshd[28303]: Disconnected from invalid user user 45.61.186.169 port 50892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:35:05 honeypot-fra-1 sshd[21000]: Invalid user roqos from 92.255.85.70 port 15372","@timestamp":"2022-09-07T12:35:06.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 12:37:34 honeypot-ams-1 kernel: [83430843.706693] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=16627 PROTO=TCP SPT=53616 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:37:35.531Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:38:46 honeypot-fra-1 kernel: [83428769.620500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.88.58.163 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=124 ID=26108 PROTO=TCP SPT=38615 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:38:47.104Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T12:38:55.817Z","@version":"1","message":"Sep  7 12:38:55 honeypot-sgp-1 sshd[28314]: Invalid user user from 141.255.162.226 port 43842","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:38:56.818Z","@version":"1","message":"Sep  7 12:38:56 honeypot-sgp-1 sshd[28312]: Received disconnect from 141.255.162.226 port 40730:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T12:40:18.850Z","@version":"1","message":"Sep  7 12:40:18 honeypot-sgp-1 kernel: [83430537.188314] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.36 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=53749 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:41:28 honeypot-fra-1 kernel: [83428931.346462] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.176 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=8948 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T12:41:28.182Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:43:52 honeypot-ams-1 sshd[30840]: Invalid user armani from 20.101.101.40 port 57666","@timestamp":"2022-09-07T12:43:53.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:47:10 honeypot-ams-1 sshd[30846]: Disconnected from authenticating user root 61.177.172.124 port 43736 [preauth]","@timestamp":"2022-09-07T12:47:10.779Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:49:28 honeypot-fra-1 sshd[21024]: Disconnected from authenticating user root 61.177.173.35 port 37080 [preauth]","@timestamp":"2022-09-07T12:49:29.363Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:51:09 honeypot-ams-1 sshd[30851]: Received disconnect from 92.255.85.70 port 59390:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:51:09.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:53:09 honeypot-fra-1 kernel: [83429632.825031] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.142.235.26 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=56135 DF PROTO=TCP SPT=58771 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T12:53:10.446Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:56:04 honeypot-fra-1 sshd[21035]: Received disconnect from 61.177.173.50 port 61307:11:  [preauth]","@timestamp":"2022-09-07T12:56:04.514Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:56:42 honeypot-ams-1 sshd[30858]: Invalid user don from 200.89.174.178 port 56326","@timestamp":"2022-09-07T12:56:43.034Z"}
{"@timestamp":"2022-09-07T12:58:10.261Z","@version":"1","message":"Sep  7 12:58:10 honeypot-sgp-1 kernel: [83431608.719846] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58360 PROTO=TCP SPT=46201 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:58:40 honeypot-ams-1 sshd[30866]: Received disconnect from 206.189.226.38 port 48262:11: Bye Bye [preauth]","@timestamp":"2022-09-07T12:58:41.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:59:16 honeypot-ams-1 sshd[30869]: Disconnected from invalid user elke 165.22.59.229 port 43788 [preauth]","@timestamp":"2022-09-07T12:59:17.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:59:34 honeypot-ams-1 sshd[30873]: Received disconnect from 45.61.184.204 port 54680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T12:59:34.114Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 12:59:39 honeypot-fra-1 sshd[21040]: Disconnected from invalid user Shiko 92.255.85.70 port 29462 [preauth]","@timestamp":"2022-09-07T12:59:39.595Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 12:59:53 honeypot-ams-1 sshd[30877]: Received disconnect from 45.61.184.204 port 49570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T12:59:54.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:00:10 honeypot-ams-1 sshd[30881]: Received disconnect from 45.61.184.204 port 44476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:00:11.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:01:14 honeypot-ams-1 sshd[30885]: Received disconnect from 184.92.112.149 port 49714:11: Bye Bye [preauth]","@timestamp":"2022-09-07T13:01:14.163Z"}
{"@timestamp":"2022-09-07T13:01:24.354Z","@version":"1","message":"Sep  7 13:01:24 honeypot-sgp-1 sshd[28327]: Received disconnect from 92.255.85.70 port 36008:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:05:17.448Z","@version":"1","message":"Sep  7 13:05:16 honeypot-sgp-1 sshd[28332]: Received disconnect from 103.44.27.38 port 34732:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:08:27.524Z","@version":"1","message":"Sep  7 13:08:26 honeypot-sgp-1 sshd[28336]: Received disconnect from 118.212.146.43 port 47530:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:09:04.540Z","@version":"1","message":"Sep  7 13:09:03 honeypot-sgp-1 sshd[28340]: Disconnected from authenticating user root 203.172.41.149 port 39586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:09:31.553Z","@version":"1","message":"Sep  7 13:09:31 honeypot-sgp-1 sshd[28344]: Disconnected from invalid user tomato 85.53.145.61 port 42830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:09:32 honeypot-ams-1 sshd[30897]: Connection closed by 180.76.173.237 port 55308 [preauth]","@timestamp":"2022-09-07T13:09:33.380Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:10:58 honeypot-fra-1 sshd[21049]: Disconnected from invalid user jetty 165.22.45.108 port 60278 [preauth]","@timestamp":"2022-09-07T13:10:59.849Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:12:20.622Z","@version":"1","message":"Sep  7 13:12:19 honeypot-sgp-1 sshd[28351]: Invalid user niko from 43.154.214.20 port 53566","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:13:42.655Z","@version":"1","message":"Sep  7 13:13:42 honeypot-sgp-1 sshd[28355]: Disconnected from authenticating user root 134.122.23.33 port 51412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:16:59 honeypot-fra-1 kernel: [83431063.112409] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=45284 PROTO=TCP SPT=55721 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:16:59.984Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T13:17:01.733Z","@version":"1","message":"Sep  7 13:17:01 honeypot-sgp-1 CRON[28360]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:17:01 honeypot-ams-1 CRON[30909]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T13:17:02.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:19:24 honeypot-fra-1 kernel: [83431207.496698] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.202.193 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40333 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T13:19:25.042Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T13:23:25.883Z","@version":"1","message":"Sep  7 13:23:25 honeypot-sgp-1 sshd[28365]: Disconnected from invalid user user 198.98.61.9 port 38150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:23:40.891Z","@version":"1","message":"Sep  7 13:23:40 honeypot-sgp-1 sshd[28369]: Disconnected from invalid user user 198.98.61.9 port 60910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:23:46 honeypot-fra-1 sshd[21072]: Disconnected from authenticating user root 61.177.173.53 port 10052 [preauth]","@timestamp":"2022-09-07T13:23:47.142Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T13:23:57.898Z","@version":"1","message":"Sep  7 13:23:57 honeypot-sgp-1 sshd[28373]: Disconnected from invalid user user 198.98.61.9 port 55434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:24:33.914Z","@version":"1","message":"Sep  7 13:24:33 honeypot-sgp-1 sshd[28379]: Received disconnect from 92.255.85.69 port 46394:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:26:18 honeypot-ams-1 sshd[30918]: Disconnected from invalid user user 45.61.186.249 port 55254 [preauth]","@timestamp":"2022-09-07T13:26:18.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:26:36 honeypot-ams-1 sshd[30922]: Disconnected from invalid user user 45.61.186.249 port 49980 [preauth]","@timestamp":"2022-09-07T13:26:36.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:26:39 honeypot-fra-1 sshd[21079]: Invalid user jevitube from 165.22.45.108 port 36684","@timestamp":"2022-09-07T13:26:40.210Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:26:54 honeypot-ams-1 sshd[30928]: Disconnected from invalid user user 45.61.186.249 port 44712 [preauth]","@timestamp":"2022-09-07T13:26:54.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:27:11 honeypot-ams-1 sshd[30932]: Received disconnect from 45.61.186.249 port 39444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T13:27:11.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:32:35 honeypot-fra-1 sshd[21087]: Disconnected from 161.35.113.79 port 34916 [preauth]","@timestamp":"2022-09-07T13:32:36.342Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:34:17 honeypot-ams-1 sshd[30938]: Invalid user beavis from 213.215.163.233 port 35226","@timestamp":"2022-09-07T13:34:18.024Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:38:06 honeypot-ams-1 sshd[30945]: Received disconnect from 61.177.173.39 port 18174:11:  [preauth]","@timestamp":"2022-09-07T13:38:07.122Z"}
{"@timestamp":"2022-09-07T13:38:33.237Z","@version":"1","message":"Sep  7 13:38:32 honeypot-sgp-1 kernel: [83434031.224675] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.233.239 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=25 ID=51101 PROTO=TCP SPT=36272 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:13 honeypot-fra-1 sshd[21096]: Invalid user user from 45.61.186.249 port 37984","@timestamp":"2022-09-07T13:40:13.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:31 honeypot-fra-1 sshd[21100]: Invalid user user from 45.61.186.249 port 60676","@timestamp":"2022-09-07T13:40:31.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:40:48 honeypot-fra-1 sshd[21104]: Invalid user user from 45.61.186.249 port 55160","@timestamp":"2022-09-07T13:40:49.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:41:04 honeypot-fra-1 sshd[21108]: Invalid user user from 45.61.186.249 port 49602","@timestamp":"2022-09-07T13:41:04.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:42:12 honeypot-fra-1 sshd[21114]: Invalid user sh from 193.106.191.157 port 46450","@timestamp":"2022-09-07T13:42:12.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:44:16 honeypot-fra-1 sshd[21120]: Invalid user Broadcom from 92.255.85.69 port 34500","@timestamp":"2022-09-07T13:44:17.613Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:47:12 honeypot-ams-1 sshd[30954]: Received disconnect from 181.191.206.234 port 43798:11: Bye Bye [preauth]","@timestamp":"2022-09-07T13:47:13.354Z"}
{"@timestamp":"2022-09-07T13:48:20.465Z","@version":"1","message":"Sep  7 13:48:19 honeypot-sgp-1 sshd[28386]: Received disconnect from 173.201.188.226 port 50328:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:48:26 honeypot-fra-1 sshd[21126]: Received disconnect from 61.177.173.48 port 59038:11:  [preauth]","@timestamp":"2022-09-07T13:48:26.725Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:50:42 honeypot-ams-1 sshd[30959]: Disconnected from authenticating user root 164.90.149.69 port 55294 [preauth]","@timestamp":"2022-09-07T13:50:43.445Z"}
{"@timestamp":"2022-09-07T13:50:52.526Z","@version":"1","message":"Sep  7 13:50:52 honeypot-sgp-1 sshd[28390]: Disconnected from authenticating user root 178.128.83.25 port 34706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T13:58:29.703Z","@version":"1","message":"Sep  7 13:58:28 honeypot-sgp-1 sshd[28397]: Invalid user admin from 121.151.75.159 port 37159","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 13:58:36 honeypot-ams-1 sshd[30969]: Invalid user smcadmin from 92.255.85.70 port 45296","@timestamp":"2022-09-07T13:58:36.649Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:58:48 honeypot-fra-1 sshd[21135]: Invalid user jfpena from 165.22.45.108 port 45980","@timestamp":"2022-09-07T13:58:48.946Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 13:59:32 honeypot-fra-1 sshd[21139]: Disconnected from authenticating user root 61.177.173.36 port 20559 [preauth]","@timestamp":"2022-09-07T13:59:33.967Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:03:00 honeypot-ams-1 sshd[30976]: Received disconnect from 61.177.173.46 port 29733:11:  [preauth]","@timestamp":"2022-09-07T14:03:00.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:03:56 honeypot-fra-1 sshd[21147]: Received disconnect from 141.255.162.226 port 52732:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:03:57.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:04:01 honeypot-fra-1 sshd[21151]: Received disconnect from 141.255.162.226 port 50430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:04:02.067Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:04:03 honeypot-fra-1 sshd[21155]: Received disconnect from 141.255.162.226 port 33156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:04:03.067Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:06:11 honeypot-fra-1 sshd[21159]: Received disconnect from 92.255.85.70 port 52546:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:06:12.114Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:08:51.945Z","@version":"1","message":"Sep  7 14:08:51 honeypot-sgp-1 sshd[28403]: Received disconnect from 92.255.85.70 port 15942:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:09:18 honeypot-ams-1 sshd[30979]: Connection closed by invalid user zhaowen 137.116.144.39 port 46224 [preauth]","@timestamp":"2022-09-07T14:09:18.931Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:12:54 honeypot-ams-1 sshd[30985]: Disconnecting invalid user admin 222.228.6.98 port 57387: Too many authentication failures [preauth]","@timestamp":"2022-09-07T14:12:55.028Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:13:06 honeypot-fra-1 sshd[21164]: Received disconnect from 5.195.235.226 port 58608:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:13:06.268Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:14:36 honeypot-ams-1 sshd[30992]: Invalid user newsmagazine from 43.154.178.13 port 34540","@timestamp":"2022-09-07T14:14:37.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:15:55 honeypot-fra-1 sshd[21172]: Invalid user poornendu from 185.149.120.23 port 59160","@timestamp":"2022-09-07T14:15:55.329Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28410]: Did not receive identification string from 203.23.199.236 port 43272","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28427]: Invalid user test from 203.23.199.236 port 43338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28423]: Invalid user steam from 203.23.199.236 port 43302","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28448]: Invalid user devops from 203.23.199.236 port 43290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28422]: Connection closed by authenticating user root 203.23.199.236 port 43360 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28436]: Connection closed by invalid user steam 203.23.199.236 port 43342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28420]: Connection closed by invalid user www 203.23.199.236 port 43324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28417]: Connection closed by authenticating user root 203.23.199.236 port 43344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:17:21.144Z","@version":"1","message":"Sep  7 14:17:20 honeypot-sgp-1 sshd[28448]: Connection closed by invalid user devops 203.23.199.236 port 43290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:18:15 honeypot-ams-1 sshd[30997]: Invalid user test2 from 187.94.111.151 port 36374","@timestamp":"2022-09-07T14:18:16.193Z"}
{"@timestamp":"2022-09-07T14:18:50.179Z","@version":"1","message":"Sep  7 14:18:49 honeypot-sgp-1 kernel: [83436448.125801] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.116.50.139 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=17832 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:13 honeypot-fra-1 sshd[21179]: Did not receive identification string from 141.255.162.226 port 34140","@timestamp":"2022-09-07T14:19:13.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:30 honeypot-fra-1 sshd[21182]: Disconnected from invalid user user 141.255.162.226 port 36928 [preauth]","@timestamp":"2022-09-07T14:19:30.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:34 honeypot-fra-1 sshd[21186]: Disconnected from invalid user user 141.255.162.226 port 54226 [preauth]","@timestamp":"2022-09-07T14:19:35.418Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:19:36 honeypot-fra-1 sshd[21190]: Disconnected from invalid user user 141.255.162.226 port 34646 [preauth]","@timestamp":"2022-09-07T14:19:37.419Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:20:26 honeypot-ams-1 sshd[31002]: Received disconnect from 122.181.16.134 port 59918:11: Bye Bye [preauth]","@timestamp":"2022-09-07T14:20:27.250Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:20:40 honeypot-fra-1 sshd[21194]: Disconnected from invalid user elli 219.240.99.77 port 44628 [preauth]","@timestamp":"2022-09-07T14:20:41.443Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 14:25:03 honeypot-ams-1 kernel: [83437291.953546] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.163.18.46 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=8505 DF PROTO=TCP SPT=63407 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T14:25:03.371Z"}
{"@timestamp":"2022-09-07T14:26:55.374Z","@version":"1","message":"Sep  7 14:26:54 honeypot-sgp-1 kernel: [83436933.090084] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.251.102.77 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56379 PROTO=TCP SPT=34607 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:27:38 honeypot-fra-1 sshd[21205]: Invalid user highspeed from 92.255.85.69 port 31350","@timestamp":"2022-09-07T14:27:38.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:28:04 honeypot-fra-1 sshd[21209]: Invalid user test from 176.111.173.140 port 59424","@timestamp":"2022-09-07T14:28:05.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:31:34 honeypot-fra-1 sshd[21215]: Invalid user si from 193.106.191.157 port 47964","@timestamp":"2022-09-07T14:31:35.688Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:36:31.624Z","@version":"1","message":"Sep  7 14:36:30 honeypot-sgp-1 kernel: [83437509.196695] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=182.132.151.46 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=43350 DF PROTO=TCP SPT=1110 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:36:33 honeypot-ams-1 sshd[31019]: Connection closed by 180.76.173.237 port 57312 [preauth]","@timestamp":"2022-09-07T14:36:33.670Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:37:13 honeypot-fra-1 kernel: [83435876.530739] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.175.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=58403 PROTO=TCP SPT=40102 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T14:37:13.812Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:40:23 honeypot-ams-1 sshd[31027]: Connection closed by invalid user admin 175.193.249.203 port 46270 [preauth]","@timestamp":"2022-09-07T14:40:23.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:43:50 honeypot-ams-1 sshd[31032]: Disconnected from invalid user smcadmin 92.255.85.70 port 26028 [preauth]","@timestamp":"2022-09-07T14:43:50.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:45:57 honeypot-fra-1 sshd[21233]: Received disconnect from 165.22.45.108 port 59914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:45:58.004Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:48:40.904Z","@version":"1","message":"Sep  7 14:48:40 honeypot-sgp-1 sshd[28485]: Invalid user apple from 201.52.64.100 port 41928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:50:28 honeypot-ams-1 sshd[31039]: Received disconnect from 61.177.172.114 port 59196:11:  [preauth]","@timestamp":"2022-09-07T14:50:29.139Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:51:03 honeypot-fra-1 sshd[21258]: Disconnected from invalid user smcadmin 92.255.85.70 port 29328 [preauth]","@timestamp":"2022-09-07T14:51:04.119Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:53:21.016Z","@version":"1","message":"Sep  7 14:53:20 honeypot-sgp-1 kernel: [83438519.210495] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.115 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57745 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:54:21 honeypot-fra-1 sshd[21264]: Received disconnect from 45.61.186.169 port 37260:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:54:22.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:54:41 honeypot-fra-1 sshd[21268]: Received disconnect from 45.61.186.169 port 60794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:54:42.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:54:59 honeypot-fra-1 sshd[21272]: Received disconnect from 45.61.186.169 port 56086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:55:00.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 14:55:17 honeypot-fra-1 sshd[21276]: Received disconnect from 45.61.186.169 port 51392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T14:55:18.218Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T14:55:52.077Z","@version":"1","message":"Sep  7 14:55:51 honeypot-sgp-1 sshd[28491]: Received disconnect from 45.61.187.160 port 54564:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:56:13.087Z","@version":"1","message":"Sep  7 14:56:12 honeypot-sgp-1 sshd[28495]: Received disconnect from 45.61.187.160 port 49850:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:56:33.097Z","@version":"1","message":"Sep  7 14:56:32 honeypot-sgp-1 sshd[28499]: Received disconnect from 45.61.187.160 port 45086:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T14:56:51.106Z","@version":"1","message":"Sep  7 14:56:50 honeypot-sgp-1 sshd[28503]: Received disconnect from 45.61.187.160 port 40332:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 14:59:51 honeypot-ams-1 sshd[31045]: Disconnected from authenticating user root 61.177.173.36 port 52585 [preauth]","@timestamp":"2022-09-07T14:59:52.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:01:22 honeypot-fra-1 sshd[21280]: Disconnected from invalid user jhmoon 165.22.45.108 port 36320 [preauth]","@timestamp":"2022-09-07T15:01:22.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:04:03 honeypot-ams-1 sshd[31049]: Disconnected from authenticating user root 61.177.173.53 port 43016 [preauth]","@timestamp":"2022-09-07T15:04:04.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:05:00 honeypot-fra-1 sshd[21289]: Disconnected from invalid user andrea 152.32.214.226 port 21540 [preauth]","@timestamp":"2022-09-07T15:05:01.432Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:08:30 honeypot-ams-1 kernel: [83439899.329797] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=3365 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:08:31.633Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:08:56 honeypot-ams-1 kernel: [83439924.761552] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=21758 DF PROTO=TCP SPT=62260 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:08:56.647Z"}
{"@timestamp":"2022-09-07T15:09:23.408Z","@version":"1","message":"Sep  7 15:09:23 honeypot-sgp-1 sshd[28506]: Connection closed by invalid user admin 155.12.63.125 port 58814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:10:01 honeypot-fra-1 sshd[21294]: Disconnected from authenticating user root 61.177.173.36 port 57604 [preauth]","@timestamp":"2022-09-07T15:10:01.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:13:00 honeypot-fra-1 sshd[21296]: Received disconnect from 92.255.85.69 port 54526:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:13:00.611Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:14:12 honeypot-ams-1 sshd[31064]: Received disconnect from 61.177.173.53 port 58109:11:  [preauth]","@timestamp":"2022-09-07T15:14:12.785Z"}
{"@timestamp":"2022-09-07T15:16:44.584Z","@version":"1","message":"Sep  7 15:16:44 honeypot-sgp-1 sshd[28518]: Disconnected from invalid user sweex 92.255.85.69 port 61408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:16:47 honeypot-fra-1 sshd[21303]: Disconnected from invalid user jhpay 165.22.45.108 port 40980 [preauth]","@timestamp":"2022-09-07T15:16:47.694Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:17:01 honeypot-ams-1 CRON[31069]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T15:17:01.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:20:38 honeypot-fra-1 kernel: [83438481.874076] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1208 PROTO=TCP SPT=59704 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:20:39.782Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:20:58 honeypot-ams-1 sshd[31077]: Received disconnect from 20.197.3.90 port 39886:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:20:58.968Z"}
{"@timestamp":"2022-09-07T15:21:08.689Z","@version":"1","message":"Sep  7 15:21:08 honeypot-sgp-1 sshd[28526]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:22:50 honeypot-fra-1 sshd[21318]: Connection closed by invalid user sj 193.106.191.157 port 49542 [preauth]","@timestamp":"2022-09-07T15:22:50.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:24:10 honeypot-fra-1 sshd[21316]: Connection reset by 61.177.173.39 port 17864 [preauth]","@timestamp":"2022-09-07T15:24:10.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:25:31 honeypot-fra-1 sshd[21329]: Invalid user hy from 138.197.178.155 port 51944","@timestamp":"2022-09-07T15:25:31.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:27:07 honeypot-fra-1 sshd[21335]: Received disconnect from 61.177.172.108 port 47445:11:  [preauth]","@timestamp":"2022-09-07T15:27:07.937Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:28:25 honeypot-ams-1 kernel: [83441094.159618] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.139.129.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=42043 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:28:26.158Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:31:55 honeypot-fra-1 sshd[21340]: Disconnected from authenticating user root 218.92.0.221 port 41650 [preauth]","@timestamp":"2022-09-07T15:31:56.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:33:00 honeypot-fra-1 sshd[21345]: Disconnected from invalid user paintball1 46.101.195.126 port 57846 [preauth]","@timestamp":"2022-09-07T15:33:01.070Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:33:14 honeypot-ams-1 kernel: [83441383.181849] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.46 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=56116 PROTO=TCP SPT=52989 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:33:15.284Z"}
{"@timestamp":"2022-09-07T15:35:38.058Z","@version":"1","message":"Sep  7 15:35:37 honeypot-sgp-1 sshd[28530]: Disconnected from invalid user user 45.61.186.249 port 39738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T15:35:58.066Z","@version":"1","message":"Sep  7 15:35:57 honeypot-sgp-1 sshd[28534]: Disconnected from invalid user user 45.61.186.249 port 34730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:36:06 honeypot-ams-1 sshd[31098]: Received disconnect from 221.216.95.120 port 42546:11: Bye Bye [preauth]","@timestamp":"2022-09-07T15:36:07.362Z"}
{"@timestamp":"2022-09-07T15:36:17.076Z","@version":"1","message":"Sep  7 15:36:16 honeypot-sgp-1 sshd[28538]: Disconnected from invalid user user 45.61.186.249 port 57938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T15:36:35.084Z","@version":"1","message":"Sep  7 15:36:34 honeypot-sgp-1 sshd[28542]: Disconnected from invalid user user 45.61.186.249 port 52942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:38:07 honeypot-fra-1 sshd[21354]: Connection closed by 184.167.125.122 port 52964 [preauth]","@timestamp":"2022-09-07T15:38:08.186Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T15:40:15.170Z","@version":"1","message":"Sep  7 15:40:14 honeypot-sgp-1 sshd[28546]: Disconnected from invalid user otilia 119.202.72.87 port 18586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:41:25 honeypot-fra-1 sshd[21360]: Received disconnect from 61.177.172.19 port 57503:11:  [preauth]","@timestamp":"2022-09-07T15:41:26.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:42:08 honeypot-ams-1 sshd[31104]: Did not receive identification string from 45.61.186.49 port 57280","@timestamp":"2022-09-07T15:42:09.519Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:42:29 honeypot-ams-1 sshd[31107]: Disconnected from invalid user user 45.61.186.49 port 56074 [preauth]","@timestamp":"2022-09-07T15:42:30.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:42:38 honeypot-ams-1 sshd[31111]: Disconnected from invalid user user 45.61.186.49 port 39624 [preauth]","@timestamp":"2022-09-07T15:42:39.535Z"}
{"@timestamp":"2022-09-07T15:45:31.292Z","@version":"1","message":"Sep  7 15:45:30 honeypot-sgp-1 sshd[28551]: Connection closed by invalid user user 103.188.176.251 port 38396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:47:49 honeypot-fra-1 sshd[21369]: Disconnected from invalid user ji 165.22.45.108 port 50252 [preauth]","@timestamp":"2022-09-07T15:47:49.403Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 15:53:06 honeypot-ams-1 sshd[31125]: Invalid user amdin from 92.255.85.69 port 58336","@timestamp":"2022-09-07T15:53:06.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:54:25 honeypot-fra-1 sshd[21376]: Received disconnect from 61.177.173.49 port 44988:11:  [preauth]","@timestamp":"2022-09-07T15:54:25.550Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 15:58:00 honeypot-ams-1 kernel: [83442869.029008] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.203.57.14 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=48389 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T15:58:00.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 15:59:56 honeypot-fra-1 sshd[21383]: Disconnected from 61.177.172.124 port 41160 [preauth]","@timestamp":"2022-09-07T15:59:56.673Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T16:02:54.682Z","@version":"1","message":"Sep  7 16:02:54 honeypot-sgp-1 kernel: [83442693.123940] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.132 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=48052 PROTO=TCP SPT=34250 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:03:07 honeypot-fra-1 sshd[21387]: Received disconnect from 165.22.45.108 port 54866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T16:03:07.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:07:14 honeypot-ams-1 kernel: [83443423.020797] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=14924 PROTO=TCP SPT=58198 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:07:15.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:09:03 honeypot-fra-1 sshd[21390]: Disconnected from invalid user emma 68.224.161.96 port 34374 [preauth]","@timestamp":"2022-09-07T16:09:03.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:12:05 honeypot-fra-1 sshd[21396]: Received disconnect from 167.71.219.49 port 48236:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:12:05.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:12:12 honeypot-ams-1 sshd[31140]: Disconnected from invalid user user 45.61.186.49 port 36088 [preauth]","@timestamp":"2022-09-07T16:12:13.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:12:22 honeypot-ams-1 sshd[31144]: Disconnected from invalid user user 45.61.186.49 port 47792 [preauth]","@timestamp":"2022-09-07T16:12:23.304Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:12:48 honeypot-fra-1 sshd[21401]: Disconnected from invalid user sapsi4 164.90.149.69 port 53014 [preauth]","@timestamp":"2022-09-07T16:12:48.967Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T16:15:34.980Z","@version":"1","message":"Sep  7 16:15:34 honeypot-sgp-1 kernel: [83443452.464774] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53899 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:15:54 honeypot-ams-1 sshd[31151]: Received disconnect from 92.255.85.69 port 53176:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:15:55.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:17:01 honeypot-fra-1 CRON[21407]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T16:17:02.078Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:17:01 honeypot-ams-1 CRON[31156]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T16:17:02.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:19:11 honeypot-fra-1 kernel: [83441994.582894] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.203.15 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=28506 PROTO=TCP SPT=46001 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:19:12.128Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T16:21:55.131Z","@version":"1","message":"Sep  7 16:21:54 honeypot-sgp-1 sshd[28569]: Received disconnect from 91.240.118.222 port 10049:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:23:21 honeypot-fra-1 sshd[21416]: Disconnected from invalid user marlis 198.12.114.231 port 54766 [preauth]","@timestamp":"2022-09-07T16:23:22.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:24:38 honeypot-ams-1 kernel: [83444467.582549] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.114.212.33 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=112 ID=24999 DF PROTO=TCP SPT=44427 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:24:39.646Z"}
{"@timestamp":"2022-09-07T16:25:56.226Z","@version":"1","message":"Sep  7 16:25:56 honeypot-sgp-1 sshd[28576]: Invalid user debian from 62.204.41.222 port 36545","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:29:17.303Z","@version":"1","message":"Sep  7 16:29:16 honeypot-sgp-1 sshd[28580]: Did not receive identification string from 45.61.186.49 port 36550","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:29:34.312Z","@version":"1","message":"Sep  7 16:29:33 honeypot-sgp-1 sshd[28583]: Disconnected from invalid user user 45.61.186.49 port 47392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T16:31:08.349Z","@version":"1","message":"Sep  7 16:31:07 honeypot-sgp-1 sshd[28590]: Received disconnect from 122.248.37.50 port 55162:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:33:34 honeypot-fra-1 sshd[21421]: Received disconnect from 165.22.45.108 port 35894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T16:33:35.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:36:55 honeypot-ams-1 sshd[31171]: Received disconnect from 61.177.173.47 port 10899:11:  [preauth]","@timestamp":"2022-09-07T16:36:55.966Z"}
{"@timestamp":"2022-09-07T16:37:56.506Z","@version":"1","message":"Sep  7 16:37:56 honeypot-sgp-1 sshd[28597]: Disconnected from authenticating user root 192.241.152.15 port 34524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:39:09 honeypot-ams-1 sshd[31176]: Invalid user admin from 92.255.85.69 port 45476","@timestamp":"2022-09-07T16:39:10.025Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:41:59 honeypot-ams-1 sshd[31183]: Disconnected from 68.183.25.156 port 47868 [preauth]","@timestamp":"2022-09-07T16:42:00.099Z"}
{"@timestamp":"2022-09-07T16:44:59.665Z","@version":"1","message":"Sep  7 16:44:59 honeypot-sgp-1 sshd[28603]: Disconnected from invalid user marcus 61.2.241.214 port 34825 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:47:17 honeypot-fra-1 sshd[21425]: Received disconnect from 92.255.85.70 port 52028:11: Bye Bye [preauth]","@timestamp":"2022-09-07T16:47:18.750Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:48:34 honeypot-ams-1 sshd[31188]: Disconnected from authenticating user root 61.177.173.51 port 50760 [preauth]","@timestamp":"2022-09-07T16:48:35.271Z"}
{"@timestamp":"2022-09-07T16:50:00.784Z","@version":"1","message":"Sep  7 16:50:00 honeypot-sgp-1 sshd[28613]: Received disconnect from 61.177.172.98 port 46543:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 16:52:58 honeypot-fra-1 kernel: [83444020.732118] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=97.107.141.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=55772 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:52:58.875Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 16:53:40 honeypot-ams-1 kernel: [83446209.424202] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=2826 DF PROTO=TCP SPT=63693 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T16:53:41.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:57:41 honeypot-ams-1 sshd[31197]: Received disconnect from 61.177.173.47 port 48950:11:  [preauth]","@timestamp":"2022-09-07T16:57:41.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 16:58:58 honeypot-ams-1 sshd[31203]: Disconnected from invalid user wu 80.28.245.5 port 48988 [preauth]","@timestamp":"2022-09-07T16:58:59.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:01:05 honeypot-fra-1 sshd[21434]: Connection closed by invalid user sl 193.106.191.157 port 52598 [preauth]","@timestamp":"2022-09-07T17:01:06.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:01:12.037Z","@version":"1","message":"Sep  7 17:01:11 honeypot-sgp-1 sshd[28622]: Received disconnect from 159.65.204.223 port 37072:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:02:12 honeypot-ams-1 sshd[31207]: Disconnected from invalid user DZY-W2914NSV2 92.255.85.70 port 37476 [preauth]","@timestamp":"2022-09-07T17:02:13.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:18 honeypot-ams-1 sshd[31211]: Invalid user user from 45.61.187.160 port 38680","@timestamp":"2022-09-07T17:06:18.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:38 honeypot-ams-1 sshd[31215]: Invalid user user from 45.61.187.160 port 33450","@timestamp":"2022-09-07T17:06:38.754Z"}
{"@timestamp":"2022-09-07T17:06:50.167Z","@version":"1","message":"Sep  7 17:06:50 honeypot-sgp-1 kernel: [83446528.541124] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.139 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=40555 PROTO=TCP SPT=61591 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:06:57 honeypot-ams-1 sshd[31219]: Invalid user user from 45.61.187.160 port 56440","@timestamp":"2022-09-07T17:06:57.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:07:06 honeypot-ams-1 sshd[31221]: Disconnected from invalid user user 45.61.187.160 port 39694 [preauth]","@timestamp":"2022-09-07T17:07:06.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:08:08 honeypot-ams-1 sshd[31227]: Received disconnect from 61.177.173.36 port 25051:11:  [preauth]","@timestamp":"2022-09-07T17:08:08.801Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:08:40 honeypot-fra-1 sshd[21442]: Received disconnect from 94.180.57.15 port 46656:11: Bye Bye [preauth]","@timestamp":"2022-09-07T17:08:40.225Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:09:08 honeypot-fra-1 sshd[21447]: Received disconnect from 206.189.90.250 port 36254:11: Bye Bye [preauth]","@timestamp":"2022-09-07T17:09:09.239Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:10:02 honeypot-ams-1 sshd[31234]: Connection closed by 180.76.173.237 port 60914 [preauth]","@timestamp":"2022-09-07T17:10:02.854Z"}
{"@timestamp":"2022-09-07T17:11:34.275Z","@version":"1","message":"Sep  7 17:11:34 honeypot-sgp-1 sshd[28635]: Disconnected from authenticating user root 112.137.140.40 port 32964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:14:08.336Z","@version":"1","message":"Sep  7 17:14:07 honeypot-sgp-1 sshd[28640]: Disconnected from invalid user postgres 68.183.145.59 port 57960 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:17:00.428Z","@version":"1","message":"Sep  7 17:16:59 honeypot-sgp-1 sshd[28644]: Received disconnect from 180.179.114.44 port 43292:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:17:01 honeypot-fra-1 CRON[21453]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T17:17:02.414Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:17:42 honeypot-ams-1 sshd[31245]: Received disconnect from 61.177.173.53 port 27952:11:  [preauth]","@timestamp":"2022-09-07T17:17:43.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:20:06 honeypot-fra-1 sshd[21456]: Disconnected from invalid user jiangys 165.22.45.108 port 49802 [preauth]","@timestamp":"2022-09-07T17:20:06.485Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:20:54.523Z","@version":"1","message":"Sep  7 17:20:53 honeypot-sgp-1 kernel: [83447372.130678] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=29044 PROTO=TCP SPT=50565 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:25:42 honeypot-ams-1 sshd[31252]: Invalid user 0 from 92.255.85.70 port 62018","@timestamp":"2022-09-07T17:25:43.257Z"}
{"@timestamp":"2022-09-07T17:27:05.669Z","@version":"1","message":"Sep  7 17:27:05 honeypot-sgp-1 sshd[28655]: Connection reset by 61.177.173.51 port 45204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:29:10 honeypot-ams-1 sshd[31257]: Received disconnect from 167.172.141.86 port 41612:11: Bye Bye [preauth]","@timestamp":"2022-09-07T17:29:11.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:33:03 honeypot-fra-1 sshd[21461]: Received disconnect from 92.255.85.70 port 36492:11: Bye Bye [preauth]","@timestamp":"2022-09-07T17:33:03.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:35:06 honeypot-ams-1 sshd[31263]: Received disconnect from 211.44.198.209 port 24170:11: Bye Bye [preauth]","@timestamp":"2022-09-07T17:35:06.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:35:53 honeypot-fra-1 sshd[21463]: Received disconnect from 165.22.45.108 port 54436:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T17:35:53.839Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:36:15.887Z","@version":"1","message":"Sep  7 17:36:15 honeypot-sgp-1 sshd[28663]: Received disconnect from 92.255.85.70 port 61784:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:37:12 honeypot-fra-1 sshd[21466]: Disconnected from invalid user prueba 91.240.118.222 port 54206 [preauth]","@timestamp":"2022-09-07T17:37:12.871Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:37:19 honeypot-ams-1 sshd[31267]: Disconnected from invalid user anamika 218.56.160.82 port 34261 [preauth]","@timestamp":"2022-09-07T17:37:20.558Z"}
{"@timestamp":"2022-09-07T17:39:58.978Z","@version":"1","message":"Sep  7 17:39:58 honeypot-sgp-1 kernel: [83448516.921747] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.25.85.8 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=21682 DF PROTO=TCP SPT=59331 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:42:34.044Z","@version":"1","message":"Sep  7 17:42:33 honeypot-sgp-1 sshd[28675]: Invalid user user from 45.61.187.160 port 33738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:42:54.053Z","@version":"1","message":"Sep  7 17:42:53 honeypot-sgp-1 sshd[28679]: Invalid user user from 45.61.187.160 port 56814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:43:13.063Z","@version":"1","message":"Sep  7 17:43:12 honeypot-sgp-1 sshd[28683]: Invalid user user from 45.61.187.160 port 51648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:43:42.075Z","@version":"1","message":"Sep  7 17:43:41 honeypot-sgp-1 kernel: [83448740.314359] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.191 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=44441 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:46:33 honeypot-fra-1 sshd[21471]: Disconnected from authenticating user root 140.86.12.31 port 46883 [preauth]","@timestamp":"2022-09-07T17:46:34.079Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:47:04 honeypot-ams-1 kernel: [83449412.890528] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=40724 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:47:04.809Z"}
{"@timestamp":"2022-09-07T17:47:06.157Z","@version":"1","message":"Sep  7 17:47:05 honeypot-sgp-1 sshd[28693]: Disconnected from authenticating user root 61.177.173.51 port 22937 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:48:21.189Z","@version":"1","message":"Sep  7 17:48:20 honeypot-sgp-1 sshd[28698]: Received disconnect from 198.98.61.9 port 40904:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:48:38.198Z","@version":"1","message":"Sep  7 17:48:37 honeypot-sgp-1 sshd[28702]: Invalid user user from 198.98.61.9 port 34654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:48:52.205Z","@version":"1","message":"Sep  7 17:48:51 honeypot-sgp-1 sshd[28707]: Invalid user user from 198.98.61.9 port 56634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:49:00.209Z","@version":"1","message":"Sep  7 17:48:59 honeypot-sgp-1 sshd[28710]: Received disconnect from 198.98.61.9 port 39388:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T17:49:15.216Z","@version":"1","message":"Sep  7 17:49:14 honeypot-sgp-1 sshd[28714]: Received disconnect from 46.101.157.187 port 51762:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:51:24 honeypot-fra-1 sshd[21477]: Disconnected from invalid user user 45.61.187.160 port 48172 [preauth]","@timestamp":"2022-09-07T17:51:25.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:51:40 honeypot-fra-1 sshd[21481]: Disconnected from invalid user jiayuanyang 165.22.45.108 port 59092 [preauth]","@timestamp":"2022-09-07T17:51:40.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:51:53 honeypot-fra-1 sshd[21485]: Disconnected from invalid user user 45.61.187.160 port 54040 [preauth]","@timestamp":"2022-09-07T17:51:54.199Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:52:10 honeypot-fra-1 sshd[21489]: Disconnected from invalid user user 45.61.187.160 port 48536 [preauth]","@timestamp":"2022-09-07T17:52:11.207Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 17:53:46 honeypot-ams-1 sshd[31281]: Received disconnect from 61.177.173.35 port 11352:11:  [preauth]","@timestamp":"2022-09-07T17:53:46.985Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 17:56:15 honeypot-fra-1 sshd[21494]: Disconnected from invalid user zoomadsl 92.255.85.69 port 45632 [preauth]","@timestamp":"2022-09-07T17:56:16.297Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T17:58:06.421Z","@version":"1","message":"Sep  7 17:58:05 honeypot-sgp-1 kernel: [83449604.248495] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=60779 DF PROTO=TCP SPT=48390 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 17:58:58 honeypot-ams-1 kernel: [83450126.930749] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=15212 PROTO=TCP SPT=49075 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T17:58:59.121Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:02:03 honeypot-fra-1 kernel: [83448165.646806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.248 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=52965 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:02:03.427Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T18:05:16.589Z","@version":"1","message":"Sep  7 18:05:16 honeypot-sgp-1 kernel: [83450034.657152] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=60435 PROTO=TCP SPT=53638 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:07:09 honeypot-fra-1 sshd[21504]: Invalid user jifei from 165.22.45.108 port 35496","@timestamp":"2022-09-07T18:07:10.547Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:08:27.667Z","@version":"1","message":"Sep  7 18:08:26 honeypot-sgp-1 kernel: [83450225.131371] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57782 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:08:51.678Z","@version":"1","message":"Sep  7 18:08:51 honeypot-sgp-1 sshd[28734]: Disconnected from invalid user user 45.61.186.169 port 46814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:09:08.687Z","@version":"1","message":"Sep  7 18:09:08 honeypot-sgp-1 sshd[28738]: Disconnected from invalid user user 45.61.186.169 port 40936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:09:24.694Z","@version":"1","message":"Sep  7 18:09:24 honeypot-sgp-1 sshd[28742]: Disconnected from invalid user user 45.61.186.169 port 35064 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:11:19 honeypot-ams-1 kernel: [83450868.005471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51017 PROTO=TCP SPT=53603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:11:20.438Z"}
{"@timestamp":"2022-09-07T18:11:26.744Z","@version":"1","message":"Sep  7 18:11:26 honeypot-sgp-1 sshd[28746]: Disconnected from invalid user sviatopolk 190.128.169.130 port 49712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:41 honeypot-ams-1 sshd[31293]: Disconnected from invalid user user 141.255.162.226 port 60114 [preauth]","@timestamp":"2022-09-07T18:11:42.449Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:44 honeypot-ams-1 sshd[31297]: Disconnected from invalid user user 141.255.162.226 port 48508 [preauth]","@timestamp":"2022-09-07T18:11:45.451Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:11:48 honeypot-ams-1 sshd[31301]: Disconnected from invalid user user 141.255.162.226 port 45222 [preauth]","@timestamp":"2022-09-07T18:11:49.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:12:20 honeypot-ams-1 sshd[31305]: Disconnected from invalid user admin 92.255.85.69 port 21336 [preauth]","@timestamp":"2022-09-07T18:12:21.470Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:13:24 honeypot-fra-1 sshd[21507]: Received disconnect from 61.19.127.228 port 51810:11: Bye Bye [preauth]","@timestamp":"2022-09-07T18:13:25.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:17:01 honeypot-fra-1 CRON[21511]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T18:17:01.770Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T18:18:12.907Z","@version":"1","message":"Sep  7 18:18:11 honeypot-sgp-1 sshd[28754]: Invalid user choi from 137.184.216.108 port 39332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:19:18 honeypot-ams-1 sshd[31314]: Received disconnect from 61.177.173.51 port 19717:11:  [preauth]","@timestamp":"2022-09-07T18:19:18.647Z"}
{"@timestamp":"2022-09-07T18:20:30.962Z","@version":"1","message":"Sep  7 18:20:30 honeypot-sgp-1 kernel: [83450949.116358] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=57344 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:20:54 honeypot-fra-1 sshd[21517]: Invalid user ibm from 141.98.10.158 port 42578","@timestamp":"2022-09-07T18:20:54.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:26:07 honeypot-fra-1 sshd[21522]: Invalid user teodosia from 182.75.139.26 port 63898","@timestamp":"2022-09-07T18:26:07.970Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:26:14 honeypot-ams-1 sshd[31319]: Received disconnect from 159.223.58.16 port 44306:11: Bye Bye [preauth]","@timestamp":"2022-09-07T18:26:14.828Z"}
{"@timestamp":"2022-09-07T18:26:50.113Z","@version":"1","message":"Sep  7 18:26:49 honeypot-sgp-1 sshd[28765]: Received disconnect from 61.177.172.90 port 44609:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:29:28 honeypot-ams-1 sshd[31324]: Disconnected from authenticating user root 61.177.173.53 port 42706 [preauth]","@timestamp":"2022-09-07T18:29:28.914Z"}
{"@timestamp":"2022-09-07T18:30:23.199Z","@version":"1","message":"Sep  7 18:30:22 honeypot-sgp-1 kernel: [83451540.858562] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=42157 PROTO=TCP SPT=55092 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:36:59 honeypot-fra-1 kernel: [83450261.734425] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=112.46.68.251 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=4098 PROTO=TCP SPT=60793 DPT=80 WINDOW=54883 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:37:00.205Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:37:42 honeypot-ams-1 kernel: [83452451.302719] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.180 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39794 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:37:43.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:39:29 honeypot-ams-1 sshd[31335]: Disconnected from authenticating user root 61.177.173.52 port 11299 [preauth]","@timestamp":"2022-09-07T18:39:30.194Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:40:30 honeypot-fra-1 sshd[21532]: Invalid user sn from 193.106.191.157 port 55488","@timestamp":"2022-09-07T18:40:31.282Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:43:31 honeypot-fra-1 sshd[21536]: Invalid user 1admin0 from 92.255.85.69 port 37964","@timestamp":"2022-09-07T18:43:32.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:44:29 honeypot-fra-1 kernel: [83450711.584946] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=35851 PROTO=TCP SPT=59707 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:44:29.387Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T18:45:29.569Z","@version":"1","message":"Sep  7 18:45:28 honeypot-sgp-1 kernel: [83452447.084834] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=57875 PROTO=TCP SPT=19929 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T18:47:30.618Z","@version":"1","message":"Sep  7 18:47:29 honeypot-sgp-1 sshd[28854]: Received disconnect from 61.177.173.53 port 17951:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 18:49:02 honeypot-ams-1 sshd[31341]: Disconnected from authenticating user root 61.177.173.46 port 39697 [preauth]","@timestamp":"2022-09-07T18:49:03.439Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:50:46 honeypot-ams-1 kernel: [83453234.873270] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=48183 PROTO=TCP SPT=50293 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:50:46.487Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 18:54:53 honeypot-fra-1 sshd[21542]: Received disconnect from 165.22.45.108 port 50862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T18:54:53.613Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:56:20 honeypot-ams-1 kernel: [83453568.757644] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=93.126.35.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16305 DF PROTO=TCP SPT=1617 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:56:20.631Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 18:59:01 honeypot-ams-1 kernel: [83453729.784392] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.62.111.9 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=62351 DF PROTO=TCP SPT=38602 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T18:59:01.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:00:54 honeypot-ams-1 sshd[31358]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-07T19:00:54.757Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:02:05 honeypot-fra-1 sshd[21545]: Disconnected from 79.110.62.213 port 35426 [preauth]","@timestamp":"2022-09-07T19:02:05.765Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T19:04:36.012Z","@version":"1","message":"Sep  7 19:04:35 honeypot-sgp-1 sshd[28860]: Disconnected from authenticating user root 61.177.173.35 port 55002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:06:59 honeypot-ams-1 sshd[31362]: Disconnected from authenticating user root 61.177.173.35 port 61215 [preauth]","@timestamp":"2022-09-07T19:06:59.915Z"}
{"@timestamp":"2022-09-07T19:10:01.141Z","@version":"1","message":"Sep  7 19:10:00 honeypot-sgp-1 sshd[28867]: Received disconnect from 92.255.85.69 port 42522:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:11:10 honeypot-fra-1 sshd[21551]: Received disconnect from 165.22.45.108 port 55596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T19:11:10.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:14:19 honeypot-ams-1 kernel: [83454647.608544] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=22304 DF PROTO=TCP SPT=59048 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:14:19.118Z"}
{"@timestamp":"2022-09-07T19:17:01.308Z","@version":"1","message":"Sep  7 19:17:01 honeypot-sgp-1 CRON[28871]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:17:01 honeypot-ams-1 CRON[31370]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T19:17:02.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:19:38 honeypot-ams-1 sshd[31378]: Invalid user vm from 34.136.59.157 port 48704","@timestamp":"2022-09-07T19:19:38.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:20:02 honeypot-ams-1 sshd[31382]: Invalid user prueba from 91.240.118.222 port 27178","@timestamp":"2022-09-07T19:20:03.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:20:42 honeypot-fra-1 sshd[21628]: Did not receive identification string from 141.255.162.226 port 39456","@timestamp":"2022-09-07T19:20:43.164Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:05 honeypot-fra-1 sshd[21631]: Disconnected from invalid user user 141.255.162.226 port 59508 [preauth]","@timestamp":"2022-09-07T19:21:06.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:11 honeypot-fra-1 sshd[21635]: Disconnected from invalid user user 141.255.162.226 port 46264 [preauth]","@timestamp":"2022-09-07T19:21:12.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:21:13 honeypot-fra-1 sshd[21639]: Disconnected from invalid user user 141.255.162.226 port 54914 [preauth]","@timestamp":"2022-09-07T19:21:14.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:21:39 honeypot-ams-1 kernel: [83455087.830597] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=53724 DF PROTO=TCP SPT=49516 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:21:39.322Z"}
{"@timestamp":"2022-09-07T19:27:26.555Z","@version":"1","message":"Sep  7 19:27:25 honeypot-sgp-1 sshd[28881]: Received disconnect from 61.177.173.46 port 48522:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:27:30 honeypot-fra-1 sshd[21644]: Disconnected from invalid user jimmy 165.22.45.108 port 60338 [preauth]","@timestamp":"2022-09-07T19:27:31.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:28:03 honeypot-ams-1 sshd[31389]: Disconnected from invalid user debian 62.204.41.222 port 29644 [preauth]","@timestamp":"2022-09-07T19:28:03.489Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 19:34:42 honeypot-ams-1 kernel: [83455870.985820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.2.142.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=50032 PROTO=TCP SPT=22061 DPT=443 WINDOW=10333 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:34:42.674Z"}
{"@timestamp":"2022-09-07T19:36:04.760Z","@version":"1","message":"Sep  7 19:36:04 honeypot-sgp-1 sshd[28892]: Received disconnect from 128.199.16.60 port 53666:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:39:23 honeypot-fra-1 kernel: [83454005.575746] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=188.190.42.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=123 PROTO=TCP SPT=65534 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:39:23.566Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:44:51 honeypot-fra-1 kernel: [83454333.777939] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=22600 PROTO=TCP SPT=51902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T19:44:51.683Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:44:53 honeypot-ams-1 sshd[31406]: Received disconnect from 92.255.85.69 port 56490:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:44:53.935Z"}
{"@timestamp":"2022-09-07T19:44:55.969Z","@version":"1","message":"Sep  7 19:44:55 honeypot-sgp-1 sshd[28897]: Connection closed by authenticating user root 193.8.211.110 port 43010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:52:24 honeypot-fra-1 sshd[21666]: Received disconnect from 121.179.208.82 port 39440:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:52:24.847Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:53:17 honeypot-ams-1 sshd[31415]: Received disconnect from 82.196.113.78 port 61959:11: Bye Bye [preauth]","@timestamp":"2022-09-07T19:53:18.149Z"}
{"@timestamp":"2022-09-07T19:53:53.180Z","@version":"1","message":"Sep  7 19:53:52 honeypot-sgp-1 sshd[28904]: Connection closed by invalid user admin 178.128.125.205 port 52208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T19:53:53.180Z","@version":"1","message":"Sep  7 19:53:52 honeypot-sgp-1 sshd[28910]: Connection closed by invalid user admin 178.128.125.205 port 52244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:54:41 honeypot-fra-1 sshd[21670]: Connection closed by invalid user admin 159.203.178.0 port 21592 [preauth]","@timestamp":"2022-09-07T19:54:41.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 19:54:43 honeypot-fra-1 sshd[21676]: Connection closed by invalid user admin 159.203.178.0 port 21616 [preauth]","@timestamp":"2022-09-07T19:54:43.899Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 19:59:06 honeypot-ams-1 sshd[31421]: Invalid user mirc from 144.217.13.134 port 34434","@timestamp":"2022-09-07T19:59:06.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:00:54 honeypot-fra-1 sshd[21683]: Invalid user jin from 165.22.45.108 port 41608","@timestamp":"2022-09-07T20:00:55.055Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:01:11 honeypot-ams-1 sshd[31427]: Invalid user tu from 104.131.45.150 port 59764","@timestamp":"2022-09-07T20:01:12.356Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:02:48 honeypot-fra-1 kernel: [83455410.887562] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=9326 PROTO=TCP SPT=50293 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:02:49.097Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:07:21 honeypot-ams-1 sshd[31436]: Received disconnect from 92.255.85.70 port 31592:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:07:21.516Z"}
{"@timestamp":"2022-09-07T20:08:54.535Z","@version":"1","message":"Sep  7 20:08:53 honeypot-sgp-1 kernel: [83457451.777101] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=43781 PROTO=TCP SPT=41092 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:13:21 honeypot-ams-1 kernel: [83458189.931677] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=64483 DF PROTO=TCP SPT=60273 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:13:21.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:13:30 honeypot-fra-1 kernel: [83456053.091465] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=14452 PROTO=TCP SPT=52158 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:13:31.330Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T20:15:42.697Z","@version":"1","message":"Sep  7 20:15:42 honeypot-sgp-1 sshd[28927]: Disconnected from invalid user user 198.98.61.9 port 35982 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:15:57.705Z","@version":"1","message":"Sep  7 20:15:57 honeypot-sgp-1 sshd[28931]: Disconnected from invalid user user 198.98.61.9 port 57634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:16:12.712Z","@version":"1","message":"Sep  7 20:16:11 honeypot-sgp-1 sshd[28935]: Disconnected from invalid user user 198.98.61.9 port 51130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T20:16:25.719Z","@version":"1","message":"Sep  7 20:16:25 honeypot-sgp-1 sshd[28939]: Disconnected from invalid user user 198.98.61.9 port 44624 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:17:01 honeypot-ams-1 CRON[31447]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T20:17:02.786Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:17:24 honeypot-fra-1 sshd[21698]: Invalid user jin from 165.22.45.108 port 46356","@timestamp":"2022-09-07T20:17:24.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T20:18:29.773Z","@version":"1","message":"Sep  7 20:18:29 honeypot-sgp-1 sshd[28949]: Disconnected from authenticating user root 221.148.45.168 port 54620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:19:51 honeypot-fra-1 kernel: [83456433.940415] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=62764 PROTO=TCP SPT=41932 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:19:52.468Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:24:35 honeypot-ams-1 sshd[31455]: Disconnected from invalid user zachary 164.90.224.134 port 57472 [preauth]","@timestamp":"2022-09-07T20:24:35.980Z"}
{"@timestamp":"2022-09-07T20:26:26.962Z","@version":"1","message":"Sep  7 20:26:26 honeypot-sgp-1 sshd[28956]: Received disconnect from 68.183.25.187 port 49828:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:00 honeypot-ams-1 sshd[31465]: Invalid user user from 45.61.186.249 port 60548","@timestamp":"2022-09-07T20:29:01.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:19 honeypot-ams-1 sshd[31469]: Invalid user user from 45.61.186.249 port 54966","@timestamp":"2022-09-07T20:29:20.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:29:38 honeypot-ams-1 sshd[31473]: Invalid user user from 45.61.186.249 port 49372","@timestamp":"2022-09-07T20:29:39.116Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:29:57 honeypot-ams-1 kernel: [83459186.448170] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42185 PROTO=TCP SPT=40147 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:29:58.126Z"}
{"@timestamp":"2022-09-07T20:30:43.066Z","@version":"1","message":"Sep  7 20:30:42 honeypot-sgp-1 kernel: [83458760.758461] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.114.28 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=31729 PROTO=TCP SPT=42080 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:30:53 honeypot-fra-1 kernel: [83457096.044042] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=37766 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:30:54.720Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:34:31 honeypot-ams-1 kernel: [83459460.047595] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5631 PROTO=TCP SPT=42531 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:34:32.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:34:58 honeypot-fra-1 sshd[21708]: Did not receive identification string from 198.98.61.9 port 49476","@timestamp":"2022-09-07T20:34:58.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:17 honeypot-fra-1 sshd[21711]: Disconnected from invalid user user 198.98.61.9 port 53844 [preauth]","@timestamp":"2022-09-07T20:35:17.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:32 honeypot-fra-1 sshd[21715]: Disconnected from invalid user user 198.98.61.9 port 47706 [preauth]","@timestamp":"2022-09-07T20:35:33.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:35:47 honeypot-fra-1 sshd[21719]: Disconnected from invalid user user 198.98.61.9 port 41656 [preauth]","@timestamp":"2022-09-07T20:35:47.833Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:38:37 honeypot-ams-1 kernel: [83459705.962908] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=49427 PROTO=TCP SPT=42531 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:38:38.355Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:40:15 honeypot-fra-1 sshd[21726]: Invalid user hollowaye from 43.132.229.233 port 44434","@timestamp":"2022-09-07T20:40:15.931Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:40:31 honeypot-ams-1 sshd[31491]: Disconnected from invalid user mailman 31.194.129.34 port 27882 [preauth]","@timestamp":"2022-09-07T20:40:31.405Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 20:40:55 honeypot-ams-1 kernel: [83459844.360876] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=50336 DF PROTO=TCP SPT=62629 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:40:56.418Z"}
{"@timestamp":"2022-09-07T20:41:00.313Z","@version":"1","message":"Sep  7 20:41:00 honeypot-sgp-1 sshd[28972]: Disconnected from authenticating user root 61.177.173.36 port 55526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:42:46 honeypot-fra-1 sshd[21728]: Connection closed by invalid user user 103.188.176.251 port 42562 [preauth]","@timestamp":"2022-09-07T20:42:46.991Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T20:42:49.361Z","@version":"1","message":"Sep  7 20:42:48 honeypot-sgp-1 kernel: [83459486.599607] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.152 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=247 ID=36412 PROTO=TCP SPT=53692 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:43:21 honeypot-ams-1 sshd[31499]: Received disconnect from 61.177.173.36 port 12201:11:  [preauth]","@timestamp":"2022-09-07T20:43:22.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:44:36 honeypot-ams-1 sshd[31505]: Invalid user billy from 134.122.23.33 port 51878","@timestamp":"2022-09-07T20:44:36.514Z"}
{"@timestamp":"2022-09-07T20:46:23.452Z","@version":"1","message":"Sep  7 20:46:23 honeypot-sgp-1 kernel: [83459701.366056] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.238.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=35751 PROTO=TCP SPT=1037 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:48:30 honeypot-ams-1 sshd[31510]: Invalid user bks from 202.69.36.45 port 38246","@timestamp":"2022-09-07T20:48:30.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:50:53 honeypot-fra-1 sshd[21734]: Received disconnect from 165.22.45.108 port 55850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:50:53.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 20:51:59 honeypot-fra-1 kernel: [83458361.628597] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.255.100.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=10752 PROTO=TCP SPT=60999 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T20:52:00.194Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:54:12 honeypot-ams-1 sshd[31517]: Received disconnect from 92.255.85.69 port 46220:11: Bye Bye [preauth]","@timestamp":"2022-09-07T20:54:12.766Z"}
{"@timestamp":"2022-09-07T20:55:54.677Z","@version":"1","message":"Sep  7 20:55:54 honeypot-sgp-1 sshd[28987]: Disconnected from invalid user mirc 124.40.252.101 port 40503 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:59:02 honeypot-ams-1 sshd[31523]: Invalid user noc from 123.108.102.2 port 47282","@timestamp":"2022-09-07T20:59:02.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:59:36 honeypot-ams-1 sshd[31527]: Disconnected from invalid user user 45.61.186.169 port 38146 [preauth]","@timestamp":"2022-09-07T20:59:36.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 20:59:55 honeypot-ams-1 sshd[31531]: Received disconnect from 45.61.186.169 port 33090:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T20:59:55.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:00:13 honeypot-ams-1 sshd[31535]: Received disconnect from 45.61.186.169 port 56280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:00:13.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:00:29 honeypot-ams-1 sshd[31539]: Received disconnect from 45.61.186.169 port 51226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:00:29.943Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:01:16 honeypot-fra-1 kernel: [83458918.606209] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=31431 DF PROTO=TCP SPT=32455 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:01:17.396Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T21:04:07.873Z","@version":"1","message":"Sep  7 21:04:07 honeypot-sgp-1 kernel: [83460765.433499] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.80 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=8368 PROTO=TCP SPT=31424 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:04:55 honeypot-ams-1 sshd[31545]: Did not receive identification string from 198.98.61.9 port 35170","@timestamp":"2022-09-07T21:04:56.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:15 honeypot-ams-1 sshd[31548]: Disconnected from invalid user user 198.98.61.9 port 56558 [preauth]","@timestamp":"2022-09-07T21:05:16.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:26 honeypot-ams-1 sshd[31552]: Disconnected from invalid user rigamonti 187.33.56.200 port 43330 [preauth]","@timestamp":"2022-09-07T21:05:27.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:42 honeypot-ams-1 sshd[31556]: Disconnected from invalid user user 198.98.61.9 port 38794 [preauth]","@timestamp":"2022-09-07T21:05:43.084Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:05:59 honeypot-ams-1 sshd[31560]: Disconnected from invalid user user 198.98.61.9 port 36360 [preauth]","@timestamp":"2022-09-07T21:06:00.093Z"}
{"@timestamp":"2022-09-07T21:06:31.934Z","@version":"1","message":"Sep  7 21:06:31 honeypot-sgp-1 sshd[28998]: Received disconnect from 43.154.4.192 port 52128:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:07:48.967Z","@version":"1","message":"Sep  7 21:07:48 honeypot-sgp-1 sshd[29005]: Received disconnect from 61.177.173.52 port 27844:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:08:23.983Z","@version":"1","message":"Sep  7 21:08:23 honeypot-sgp-1 sshd[29009]: Disconnected from invalid user britta 81.16.11.250 port 50440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:09:18 honeypot-ams-1 sshd[31564]: Received disconnect from 61.177.172.108 port 53139:11:  [preauth]","@timestamp":"2022-09-07T21:09:18.182Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:10:23 honeypot-fra-1 sshd[21747]: Invalid user sq from 193.106.191.157 port 59846","@timestamp":"2022-09-07T21:10:23.606Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T21:10:35.039Z","@version":"1","message":"Sep  7 21:10:34 honeypot-sgp-1 kernel: [83461152.207653] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=36227 DF PROTO=TCP SPT=58938 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 21:12:46 honeypot-ams-1 kernel: [83461755.121665] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.246.253.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=44185 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:12:47.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21755]: Invalid user vagrant from 101.43.252.152 port 46286","@timestamp":"2022-09-07T21:13:18.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21759]: Connection closed by authenticating user root 101.43.252.152 port 46282 [preauth]","@timestamp":"2022-09-07T21:13:18.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:18 honeypot-fra-1 sshd[21773]: Invalid user support from 101.43.252.152 port 46290","@timestamp":"2022-09-07T21:13:19.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:19 honeypot-fra-1 sshd[21789]: Connection closed by authenticating user root 101.43.252.152 port 46308 [preauth]","@timestamp":"2022-09-07T21:13:19.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:20 honeypot-fra-1 sshd[21792]: Invalid user www from 101.43.252.152 port 46298","@timestamp":"2022-09-07T21:13:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:20 honeypot-fra-1 sshd[21780]: Connection closed by invalid user ansible 101.43.252.152 port 46242 [preauth]","@timestamp":"2022-09-07T21:13:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:21 honeypot-fra-1 sshd[21801]: Invalid user admin from 101.43.252.152 port 46238","@timestamp":"2022-09-07T21:13:21.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:13:21 honeypot-fra-1 sshd[21786]: Connection closed by invalid user ftp 101.43.252.152 port 46304 [preauth]","@timestamp":"2022-09-07T21:13:22.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:17:01 honeypot-ams-1 CRON[31578]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T21:17:02.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:17:40 honeypot-fra-1 kernel: [83459902.410024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=1.202.249.73 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=56503 DF PROTO=TCP SPT=49464 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:17:40.773Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T21:21:53.302Z","@version":"1","message":"Sep  7 21:21:52 honeypot-sgp-1 sshd[29019]: Received disconnect from 61.177.173.36 port 59495:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:24:47 honeypot-fra-1 sshd[21814]: Disconnected from invalid user jin 165.22.45.108 port 37150 [preauth]","@timestamp":"2022-09-07T21:24:47.926Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T21:26:26.409Z","@version":"1","message":"Sep  7 21:26:26 honeypot-sgp-1 sshd[29024]: Disconnected from authenticating user root 61.177.173.46 port 45148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:28:04 honeypot-ams-1 sshd[31588]: Received disconnect from 61.177.173.46 port 14720:11:  [preauth]","@timestamp":"2022-09-07T21:28:05.665Z"}
{"@timestamp":"2022-09-07T21:34:58.606Z","@version":"1","message":"Sep  7 21:34:58 honeypot-sgp-1 sshd[29034]: Received disconnect from 61.177.173.39 port 28755:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:35:00 honeypot-fra-1 sshd[21819]: Connection closed by invalid user bitrix 141.98.10.158 port 53726 [preauth]","@timestamp":"2022-09-07T21:35:01.146Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:36:32 honeypot-fra-1 sshd[21823]: Disconnected from invalid user alex 52.178.155.67 port 1024 [preauth]","@timestamp":"2022-09-07T21:36:33.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:38:27 honeypot-ams-1 sshd[31598]: Received disconnect from 61.177.173.49 port 18506:11:  [preauth]","@timestamp":"2022-09-07T21:38:27.939Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:41:59 honeypot-fra-1 sshd[21829]: Received disconnect from 165.22.45.108 port 41912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:41:59.328Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 21:42:54 honeypot-ams-1 kernel: [83463563.267048] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=55240 PROTO=TCP SPT=16184 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T21:42:55.057Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:35 honeypot-fra-1 sshd[21833]: Disconnected from invalid user user 141.255.162.226 port 32866 [preauth]","@timestamp":"2022-09-07T21:43:35.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:39 honeypot-fra-1 sshd[21837]: Disconnected from invalid user user 141.255.162.226 port 36706 [preauth]","@timestamp":"2022-09-07T21:43:40.367Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:41 honeypot-fra-1 sshd[21841]: Disconnected from invalid user user 141.255.162.226 port 44722 [preauth]","@timestamp":"2022-09-07T21:43:41.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:43:43 honeypot-fra-1 sshd[21845]: Disconnected from invalid user user 141.255.162.226 port 52736 [preauth]","@timestamp":"2022-09-07T21:43:43.369Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T21:48:53.932Z","@version":"1","message":"Sep  7 21:48:53 honeypot-sgp-1 sshd[29043]: Received disconnect from 92.255.85.70 port 56316:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:36.972Z","@version":"1","message":"Sep  7 21:50:36 honeypot-sgp-1 sshd[29049]: Received disconnect from 120.48.37.84 port 52994:11: disconnected by user [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:42.976Z","@version":"1","message":"Sep  7 21:50:42 honeypot-sgp-1 sshd[29053]: error: maximum authentication attempts exceeded for invalid user admin from 120.48.37.84 port 56166 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:47.979Z","@version":"1","message":"Sep  7 21:50:47 honeypot-sgp-1 sshd[29057]: error: maximum authentication attempts exceeded for invalid user oracle from 120.48.37.84 port 60136 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T21:50:53.983Z","@version":"1","message":"Sep  7 21:50:53 honeypot-sgp-1 sshd[29061]: Received disconnect from 120.48.37.84 port 36568:11: disconnected by user [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:53:56 honeypot-fra-1 sshd[21853]: Invalid user chandru from 111.202.249.76 port 2667","@timestamp":"2022-09-07T21:53:56.590Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:54:04 honeypot-ams-1 sshd[31611]: Invalid user admin from 128.199.10.193 port 57054","@timestamp":"2022-09-07T21:54:05.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 21:54:07 honeypot-ams-1 sshd[31617]: Invalid user admin from 128.199.10.193 port 57074","@timestamp":"2022-09-07T21:54:08.347Z"}
{"@timestamp":"2022-09-07T21:56:02.103Z","@version":"1","message":"Sep  7 21:56:01 honeypot-sgp-1 sshd[29067]: Connection closed by invalid user cer-admin 137.116.144.39 port 33836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 21:57:41 honeypot-ams-1 kernel: [83464449.512495] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.175.136.175 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=19105 DF PROTO=TCP SPT=55479 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T21:57:41.440Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 21:59:14 honeypot-fra-1 sshd[21857]: Received disconnect from 165.22.45.108 port 46670:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T21:59:15.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:02:15 honeypot-ams-1 sshd[31628]: Did not receive identification string from 189.113.186.167 port 33311","@timestamp":"2022-09-07T22:02:15.557Z"}
{"@timestamp":"2022-09-07T22:02:44.260Z","@version":"1","message":"Sep  7 22:02:43 honeypot-sgp-1 sshd[29074]: Invalid user Admin from 122.169.112.228 port 41326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:06:15 honeypot-fra-1 kernel: [83462817.719576] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.86.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=0 PROTO=TCP SPT=14361 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T22:06:15.861Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:06:42 honeypot-ams-1 sshd[31632]: Disconnected from 150.136.104.130 port 34278 [preauth]","@timestamp":"2022-09-07T22:06:43.671Z"}
{"@timestamp":"2022-09-07T22:10:02.434Z","@version":"1","message":"Sep  7 22:10:01 honeypot-sgp-1 sshd[29079]: Disconnected from invalid user lb 51.250.89.215 port 33706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T22:15:22.560Z","@version":"1","message":"Sep  7 22:15:22 honeypot-sgp-1 kernel: [83465040.257038] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=124 ID=38711 DF PROTO=TCP SPT=60532 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:16:06 honeypot-fra-1 sshd[21868]: Invalid user jin from 165.22.45.108 port 51434","@timestamp":"2022-09-07T22:16:07.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:17:01 honeypot-ams-1 CRON[31642]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T22:17:01.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:17:01 honeypot-fra-1 CRON[21873]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-07T22:17:02.099Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:24:56 honeypot-fra-1 sshd[21879]: Disconnected from invalid user nmsuser 178.46.163.191 port 54820 [preauth]","@timestamp":"2022-09-07T22:24:57.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:25:20 honeypot-ams-1 sshd[31650]: Connection closed by 202.154.180.51 port 53344 [preauth]","@timestamp":"2022-09-07T22:25:21.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:28:59 honeypot-fra-1 sshd[21883]: Disconnected from invalid user shivani 178.128.41.141 port 54954 [preauth]","@timestamp":"2022-09-07T22:28:59.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T22:31:25.933Z","@version":"1","message":"Sep  7 22:31:25 honeypot-sgp-1 sshd[29091]: Invalid user pi from 98.128.250.169 port 53282","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:33:16 honeypot-fra-1 sshd[21888]: Disconnected from invalid user jin 165.22.45.108 port 56214 [preauth]","@timestamp":"2022-09-07T22:33:17.466Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T22:38:56.107Z","@version":"1","message":"Sep  7 22:38:56 honeypot-sgp-1 sshd[29101]: Received disconnect from 89.22.185.199 port 36696:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 22:39:52 honeypot-ams-1 kernel: [83466980.862682] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55244 PROTO=TCP SPT=59666 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T22:39:52.511Z"}
{"@timestamp":"2022-09-07T22:44:16.234Z","@version":"1","message":"Sep  7 22:44:16 honeypot-sgp-1 sshd[29104]: Received disconnect from 196.27.128.53 port 44308:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:49:45 honeypot-fra-1 sshd[21892]: Connection closed by invalid user ss 193.106.191.157 port 34428 [preauth]","@timestamp":"2022-09-07T22:49:45.824Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T22:49:49.366Z","@version":"1","message":"Sep  7 22:49:49 honeypot-sgp-1 sshd[29108]: Received disconnect from 77.237.224.62 port 42028:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:49:59 honeypot-ams-1 sshd[31660]: Disconnected from authenticating user root 128.199.252.121 port 50438 [preauth]","@timestamp":"2022-09-07T22:50:00.754Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:54:07 honeypot-fra-1 sshd[21897]: Disconnected from authenticating user root 135.125.233.142 port 49216 [preauth]","@timestamp":"2022-09-07T22:54:07.917Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 22:54:11 honeypot-ams-1 sshd[31665]: Disconnected from invalid user christel 43.154.227.169 port 44136 [preauth]","@timestamp":"2022-09-07T22:54:11.865Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 22:56:48 honeypot-fra-1 kernel: [83465850.626142] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=31716 DF PROTO=TCP SPT=50449 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-07T22:56:48.993Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-07T23:00:26.612Z","@version":"1","message":"Sep  7 23:00:26 honeypot-sgp-1 sshd[29114]: Invalid user press from 175.97.136.186 port 33808","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:02:55 honeypot-ams-1 sshd[31672]: Connection closed by 180.76.173.237 port 55044 [preauth]","@timestamp":"2022-09-07T23:02:56.093Z"}
{"@timestamp":"2022-09-07T23:04:10.702Z","@version":"1","message":"Sep  7 23:04:10 honeypot-sgp-1 sshd[29117]: Invalid user csilla from 125.212.225.165 port 15351","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:04:46 honeypot-fra-1 sshd[21903]: Invalid user elfi from 181.49.254.238 port 54460","@timestamp":"2022-09-07T23:04:47.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:07:18 honeypot-fra-1 sshd[21905]: Disconnected from invalid user ji 165.22.45.108 port 37356 [preauth]","@timestamp":"2022-09-07T23:07:19.278Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:11:27.871Z","@version":"1","message":"Sep  7 23:11:27 honeypot-sgp-1 kernel: [83468405.259757] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.217.153 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58883 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:14:46 honeypot-ams-1 kernel: [83469075.291620] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=39543 PROTO=TCP SPT=15938 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:14:47.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:14:49 honeypot-fra-1 sshd[21910]: Received disconnect from 181.28.101.14 port 49724:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:14:49.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:17:01 honeypot-fra-1 CRON[21917]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-07T23:17:02.490Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:19:09.051Z","@version":"1","message":"Sep  7 23:19:08 honeypot-sgp-1 sshd[29124]: Received disconnect from 92.255.85.69 port 61676:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:19:09 honeypot-fra-1 sshd[21920]: Connection closed by invalid user cer-admin 137.116.144.39 port 34142 [preauth]","@timestamp":"2022-09-07T23:19:09.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:19:45 honeypot-ams-1 sshd[31684]: Invalid user hyh from 103.188.176.251 port 34508","@timestamp":"2022-09-07T23:19:45.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:23:03 honeypot-ams-1 sshd[31689]: Received disconnect from 221.133.1.50 port 57380:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:23:03.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:24:30 honeypot-fra-1 sshd[21928]: Disconnected from invalid user ji 165.22.45.108 port 42050 [preauth]","@timestamp":"2022-09-07T23:24:30.658Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:30:07 honeypot-ams-1 kernel: [83469995.543085] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.192.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57651 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:30:07.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:33:08 honeypot-ams-1 sshd[31697]: Connection closed by 180.76.173.237 port 41632 [preauth]","@timestamp":"2022-09-07T23:33:08.891Z"}
{"@timestamp":"2022-09-07T23:37:08.462Z","@version":"1","message":"Sep  7 23:37:07 honeypot-sgp-1 sshd[29131]: Invalid user admin from 2.24.76.90 port 51293","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:38:20 honeypot-fra-1 sshd[21932]: Invalid user st from 193.106.191.157 port 35768","@timestamp":"2022-09-07T23:38:20.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:39:38.521Z","@version":"1","message":"Sep  7 23:39:38 honeypot-sgp-1 sshd[29136]: Received disconnect from 157.245.154.129 port 57662:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:42:15 honeypot-fra-1 sshd[21937]: Received disconnect from 165.22.45.108 port 46750:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-07T23:42:16.062Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-07T23:43:02.600Z","@version":"1","message":"Sep  7 23:43:02 honeypot-sgp-1 kernel: [83470300.063708] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.61.185.76 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48827 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:43:22 honeypot-ams-1 sshd[31702]: Received disconnect from 223.255.187.154 port 56950:11: Bye Bye [preauth]","@timestamp":"2022-09-07T23:43:23.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:45:19 honeypot-fra-1 sshd[21942]: Invalid user schiek from 103.219.207.118 port 35212","@timestamp":"2022-09-07T23:45:20.130Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  7 23:49:37 honeypot-ams-1 kernel: [83471166.113649] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=60491 PROTO=TCP SPT=52158 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:49:38.341Z"}
{"@timestamp":"2022-09-07T23:51:35.794Z","@version":"1","message":"Sep  7 23:51:35 honeypot-sgp-1 sshd[29148]: Disconnected from authenticating user root 157.230.218.88 port 52830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  7 23:54:56 honeypot-fra-1 kernel: [83469337.821799] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45063 PROTO=TCP SPT=44194 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-07T23:54:56.339Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  7 23:58:06 honeypot-ams-1 sshd[31708]: Disconnected from invalid user mikrotik 190.128.171.250 port 58458 [preauth]","@timestamp":"2022-09-07T23:58:06.564Z"}
{"@timestamp":"2022-09-07T23:58:22.956Z","@version":"1","message":"Sep  7 23:58:22 honeypot-sgp-1 sshd[29155]: Received disconnect from 45.61.187.160 port 42664:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:58:42.966Z","@version":"1","message":"Sep  7 23:58:42 honeypot-sgp-1 sshd[29159]: Invalid user user from 45.61.187.160 port 37386","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:58:57.972Z","@version":"1","message":"Sep  7 23:58:57 honeypot-sgp-1 kernel: [83471255.553819] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.221.192.27 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=19268 PROTO=TCP SPT=40035 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-07T23:59:13.980Z","@version":"1","message":"Sep  7 23:59:13 honeypot-sgp-1 sshd[29165]: Disconnected from invalid user user 45.61.187.160 port 43574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:00:23 honeypot-fra-1 sshd[21949]: Disconnected from invalid user jiqun 165.22.45.108 port 51456 [preauth]","@timestamp":"2022-09-08T00:00:24.457Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21955]: Invalid user steam from 64.225.98.47 port 43884","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21959]: Connection closed by invalid user postgres 64.225.98.47 port 43978 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21962]: Connection closed by invalid user guest 64.225.98.47 port 43986 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21963]: Connection closed by invalid user ftpuser 64.225.98.47 port 43988 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21970]: Invalid user steam from 64.225.98.47 port 43996","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21973]: Invalid user esuser from 64.225.98.47 port 44004","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:29 honeypot-fra-1 sshd[21980]: Invalid user es from 64.225.98.47 port 44024","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:30 honeypot-fra-1 sshd[21976]: Invalid user testuser from 64.225.98.47 port 44010","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:30 honeypot-fra-1 sshd[21972]: Connection closed by invalid user ubuntu 64.225.98.47 port 43998 [preauth]","@timestamp":"2022-09-08T00:03:30.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:03:40 honeypot-fra-1 kernel: [83469862.597697] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=45868 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:03:41.532Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 00:03:43 honeypot-ams-1 kernel: [83472011.445570] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=3520 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:03:43.723Z"}
{"@timestamp":"2022-09-08T00:07:01.169Z","@version":"1","message":"Sep  8 00:07:00 honeypot-sgp-1 sshd[29170]: Disconnected from authenticating user root 146.185.159.124 port 46536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T00:09:23.226Z","@version":"1","message":"Sep  8 00:09:23 honeypot-sgp-1 sshd[29175]: Received disconnect from 128.199.57.142 port 42204:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:11:48 honeypot-ams-1 sshd[31719]: Received disconnect from 82.64.32.76 port 48848:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:11:48.971Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:13:31 honeypot-fra-1 sshd[22018]: Connection closed by 192.241.220.84 port 60314 [preauth]","@timestamp":"2022-09-08T00:13:31.748Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 00:13:41 honeypot-ams-1 kernel: [83472609.404307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=140.250.219.168 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=63536 PROTO=TCP SPT=61294 DPT=443 WINDOW=49734 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:13:42.025Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:16:55 honeypot-fra-1 kernel: [83470656.780400] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=27.147.225.2 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=5264 DF PROTO=TCP SPT=43844 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:16:55.825Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T00:17:06.406Z","@version":"1","message":"Sep  8 00:17:06 honeypot-sgp-1 sshd[29183]: Disconnected from authenticating user root 43.154.33.235 port 57344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:18:43 honeypot-fra-1 kernel: [83470764.887895] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=147.182.128.227 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=59184 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:18:43.867Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T00:19:43.470Z","@version":"1","message":"Sep  8 00:19:42 honeypot-sgp-1 sshd[29189]: Disconnected from authenticating user root 34.78.205.135 port 60869 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T00:21:58.524Z","@version":"1","message":"Sep  8 00:21:58 honeypot-sgp-1 sshd[29196]: Received disconnect from 160.251.73.32 port 35168:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:12 honeypot-fra-1 sshd[22035]: Received disconnect from 122.175.197.244 port 38636:11: Bye Bye [preauth]","@timestamp":"2022-09-08T00:22:12.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:22 honeypot-fra-1 sshd[22039]: Received disconnect from 141.255.162.226 port 53614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T00:22:22.950Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:24 honeypot-fra-1 sshd[22043]: Received disconnect from 141.255.162.226 port 51202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T00:22:24.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:22:27 honeypot-fra-1 sshd[22047]: Received disconnect from 141.255.162.226 port 33990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T00:22:27.953Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 00:23:19 honeypot-ams-1 kernel: [83473187.366170] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.230.183 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=20002 DF PROTO=TCP SPT=58038 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:23:19.281Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:24:14 honeypot-fra-1 kernel: [83471095.979051] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=44361 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:24:14.993Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T00:25:28.606Z","@version":"1","message":"Sep  8 00:25:27 honeypot-sgp-1 sshd[29201]: Disconnected from invalid user clark 218.146.103.48 port 35176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:12 honeypot-ams-1 sshd[31734]: Invalid user user from 45.61.187.160 port 45498","@timestamp":"2022-09-08T00:27:12.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:31 honeypot-ams-1 sshd[31738]: Invalid user user from 45.61.187.160 port 40908","@timestamp":"2022-09-08T00:27:32.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:27:50 honeypot-ams-1 sshd[31742]: Invalid user user from 45.61.187.160 port 36336","@timestamp":"2022-09-08T00:27:51.405Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:32:57 honeypot-ams-1 sshd[31747]: Did not receive identification string from 60.212.42.55 port 52441","@timestamp":"2022-09-08T00:32:58.539Z"}
{"@timestamp":"2022-09-08T00:33:34.814Z","@version":"1","message":"Sep  8 00:33:34 honeypot-sgp-1 sshd[29209]: Connection closed by invalid user Admin 191.102.120.116 port 3333 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:36:20 honeypot-fra-1 sshd[22057]: Received disconnect from 165.22.45.108 port 60858:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T00:36:20.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 00:48:51 honeypot-ams-1 kernel: [83474720.217755] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.55 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=56830 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:48:51.956Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:50:54 honeypot-fra-1 kernel: [83472696.080337] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.41 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=50694 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T00:50:54.560Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T00:52:32.256Z","@version":"1","message":"Sep  8 00:52:31 honeypot-sgp-1 sshd[29214]: Disconnected from authenticating user root 92.255.85.69 port 17748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 00:54:28 honeypot-fra-1 sshd[22066]: Disconnected from invalid user jira 165.22.45.108 port 37328 [preauth]","@timestamp":"2022-09-08T00:54:28.639Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 00:56:41 honeypot-ams-1 sshd[31759]: Disconnected from authenticating user root 184.168.122.62 port 60018 [preauth]","@timestamp":"2022-09-08T00:56:42.162Z"}
{"@timestamp":"2022-09-08T01:04:37.536Z","@version":"1","message":"Sep  8 01:04:37 honeypot-sgp-1 sshd[29222]: Invalid user oracle from 143.244.144.227 port 48030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:12:36 honeypot-fra-1 sshd[22095]: Invalid user jira from 165.22.45.108 port 42024","@timestamp":"2022-09-08T01:12:37.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:15:24.784Z","@version":"1","message":"Sep  8 01:15:24 honeypot-sgp-1 sshd[29229]: Invalid user admin from 36.91.166.34 port 51240","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:16:24 honeypot-ams-1 sshd[31771]: Invalid user user from 107.172.63.33 port 51958","@timestamp":"2022-09-08T01:16:24.700Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:19:04 honeypot-fra-1 sshd[22102]: Received disconnect from 157.245.243.224 port 53292:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:19:05.176Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T01:19:27.881Z","@version":"1","message":"Sep  8 01:19:27 honeypot-sgp-1 sshd[29234]: Received disconnect from 107.172.63.33 port 43080:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:24:01.988Z","@version":"1","message":"Sep  8 01:24:01 honeypot-sgp-1 sshd[29239]: Received disconnect from 51.12.92.23 port 40200:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:24:58 honeypot-fra-1 kernel: [83474740.285749] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.166 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43086 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T01:24:59.304Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 01:25:52 honeypot-ams-1 kernel: [83476940.694386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=5628 PROTO=TCP SPT=58355 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T01:25:52.946Z"}
{"@timestamp":"2022-09-08T01:31:54.171Z","@version":"1","message":"Sep  8 01:31:53 honeypot-sgp-1 kernel: [83476831.369592] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.88 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=238 ID=52768 PROTO=TCP SPT=43121 DPT=389 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:34:09 honeypot-fra-1 sshd[22110]: Disconnected from authenticating user root 92.255.85.70 port 32752 [preauth]","@timestamp":"2022-09-08T01:34:10.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 01:34:36 honeypot-ams-1 kernel: [83477465.283658] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=14460 PROTO=TCP SPT=43668 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T01:34:37.175Z"}
{"@timestamp":"2022-09-08T01:42:04.411Z","@version":"1","message":"Sep  8 01:42:03 honeypot-sgp-1 kernel: [83477441.828524] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=52370 PROTO=TCP SPT=40879 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:45:07 honeypot-fra-1 kernel: [83475949.388433] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18813 PROTO=TCP SPT=40879 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T01:45:08.744Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:48:35 honeypot-ams-1 sshd[31790]: Received disconnect from 143.244.137.54 port 53112:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:48:36.537Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:49:38 honeypot-fra-1 kernel: [83476219.583777] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.198 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=8893 PROTO=TCP SPT=30127 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T01:49:38.841Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:49:55 honeypot-fra-1 sshd[22124]: Disconnected from invalid user jira 165.22.45.108 port 51454 [preauth]","@timestamp":"2022-09-08T01:49:55.850Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:50:44 honeypot-ams-1 sshd[31794]: Received disconnect from 111.220.139.23 port 42862:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:50:44.596Z"}
{"@timestamp":"2022-09-08T01:50:49.616Z","@version":"1","message":"Sep  8 01:50:49 honeypot-sgp-1 kernel: [83477967.143794] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55185 PROTO=TCP SPT=58355 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:53:49 honeypot-ams-1 sshd[31801]: Received disconnect from 198.199.109.204 port 35064:11: Bye Bye [preauth]","@timestamp":"2022-09-08T01:53:49.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:54:22 honeypot-ams-1 sshd[31805]: Disconnected from authenticating user root 104.248.251.225 port 56960 [preauth]","@timestamp":"2022-09-08T01:54:22.696Z"}
{"@timestamp":"2022-09-08T01:56:03.759Z","@version":"1","message":"Sep  8 01:56:03 honeypot-sgp-1 sshd[29258]: Disconnected from invalid user user 45.61.187.160 port 50730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:56:23.769Z","@version":"1","message":"Sep  8 01:56:23 honeypot-sgp-1 sshd[29262]: Disconnected from invalid user user 45.61.187.160 port 45370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:56:42.778Z","@version":"1","message":"Sep  8 01:56:42 honeypot-sgp-1 sshd[29266]: Disconnected from invalid user user 45.61.187.160 port 40036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T01:57:01.787Z","@version":"1","message":"Sep  8 01:57:01 honeypot-sgp-1 sshd[29270]: Disconnected from invalid user user 45.61.187.160 port 34676 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 01:57:06 honeypot-fra-1 sshd[22157]: Unable to negotiate with 118.68.171.196 port 52356: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-08T01:57:07.005Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 01:57:37 honeypot-ams-1 sshd[31811]: Invalid user oracle from 103.188.176.251 port 34424","@timestamp":"2022-09-08T01:57:37.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:02:10 honeypot-fra-1 sshd[22162]: Invalid user oracle from 103.188.176.251 port 38000","@timestamp":"2022-09-08T02:02:11.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:08:18 honeypot-fra-1 sshd[22167]: Disconnected from invalid user jira 165.22.45.108 port 56158 [preauth]","@timestamp":"2022-09-08T02:08:19.249Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:11:05 honeypot-ams-1 sshd[31819]: Received disconnect from 92.255.85.69 port 50800:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:11:06.138Z"}
{"@timestamp":"2022-09-08T02:17:02.302Z","@version":"1","message":"Sep  8 02:17:01 honeypot-sgp-1 CRON[29279]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:18:11 honeypot-fra-1 sshd[22174]: Received disconnect from 92.255.85.70 port 18698:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:18:12.468Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:21:58 honeypot-ams-1 kernel: [83480306.834567] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=33434 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:21:59.417Z"}
{"@timestamp":"2022-09-08T02:23:19.457Z","@version":"1","message":"Sep  8 02:23:18 honeypot-sgp-1 sshd[29285]: Disconnecting invalid user  185.246.130.20 port 40787: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:23:37.466Z","@version":"1","message":"Sep  8 02:23:37 honeypot-sgp-1 sshd[29290]: Disconnecting invalid user cameras 185.246.130.20 port 18779: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:24:05.481Z","@version":"1","message":"Sep  8 02:24:04 honeypot-sgp-1 sshd[29296]: Disconnecting invalid user  185.246.130.20 port 3390: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:24:30.493Z","@version":"1","message":"Sep  8 02:24:30 honeypot-sgp-1 sshd[29302]: Disconnecting invalid user admin 185.246.130.20 port 19517: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:00.509Z","@version":"1","message":"Sep  8 02:24:59 honeypot-sgp-1 sshd[29310]: Invalid user 1234 from 185.246.130.20 port 6587","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:24.522Z","@version":"1","message":"Sep  8 02:25:23 honeypot-sgp-1 sshd[29317]: Invalid user  from 185.246.130.20 port 13462","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:25:43.532Z","@version":"1","message":"Sep  8 02:25:42 honeypot-sgp-1 sshd[29323]: Disconnecting invalid user Admin 185.246.130.20 port 4061: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:26:16.548Z","@version":"1","message":"Sep  8 02:26:15 honeypot-sgp-1 sshd[29329]: Disconnecting invalid user guest 185.246.130.20 port 15225: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:26:23 honeypot-fra-1 sshd[22178]: Disconnected from invalid user user 167.99.220.160 port 32908 [preauth]","@timestamp":"2022-09-08T02:26:24.653Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T02:26:46.564Z","@version":"1","message":"Sep  8 02:26:45 honeypot-sgp-1 sshd[29335]: Disconnecting invalid user  185.246.130.20 port 43327: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:27:10.580Z","@version":"1","message":"Sep  8 02:27:10 honeypot-sgp-1 sshd[29343]: Disconnecting invalid user admin 185.246.130.20 port 52905: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22189]: Connection closed by invalid user ubuntu 193.176.239.126 port 54334 [preauth]","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22192]: Invalid user devops from 193.176.239.126 port 54312","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22181]: Invalid user steam from 193.176.239.126 port 54290","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22198]: Invalid user elasticsearch from 193.176.239.126 port 54318","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:27 honeypot-fra-1 sshd[22213]: Invalid user guest from 193.176.239.126 port 54286","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22192]: Connection closed by invalid user devops 193.176.239.126 port 54312 [preauth]","@timestamp":"2022-09-08T02:27:28.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22181]: Connection closed by invalid user steam 193.176.239.126 port 54290 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22186]: Connection closed by invalid user hadoop 193.176.239.126 port 54314 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:28 honeypot-fra-1 sshd[22202]: Connection closed by invalid user steam 193.176.239.126 port 54268 [preauth]","@timestamp":"2022-09-08T02:27:28.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:27:32 honeypot-fra-1 sshd[22242]: Received disconnect from 165.22.45.108 port 60886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T02:27:32.682Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T02:27:35.593Z","@version":"1","message":"Sep  8 02:27:34 honeypot-sgp-1 kernel: [83480172.524775] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.139 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=38733 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:27:52.602Z","@version":"1","message":"Sep  8 02:27:52 honeypot-sgp-1 sshd[29355]: Disconnecting invalid user sti.admin5 185.246.130.20 port 32430: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:27:59 honeypot-ams-1 sshd[32262]: Disconnected from invalid user git 60.10.72.195 port 60692 [preauth]","@timestamp":"2022-09-08T02:28:00.570Z"}
{"@timestamp":"2022-09-08T02:28:21.617Z","@version":"1","message":"Sep  8 02:28:20 honeypot-sgp-1 sshd[29362]: Disconnecting invalid user zhone 185.246.130.20 port 3788: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:28:57.636Z","@version":"1","message":"Sep  8 02:28:57 honeypot-sgp-1 sshd[29371]: Invalid user admin from 185.246.130.20 port 6417","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:29:26.652Z","@version":"1","message":"Sep  8 02:29:26 honeypot-sgp-1 sshd[29377]: Invalid user cusadmin from 185.246.130.20 port 54312","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:29:56.667Z","@version":"1","message":"Sep  8 02:29:55 honeypot-sgp-1 sshd[29383]: Invalid user lgnortel from 185.246.130.20 port 50724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:30:19.679Z","@version":"1","message":"Sep  8 02:30:18 honeypot-sgp-1 sshd[29389]: Invalid user admin from 185.246.130.20 port 50432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:30:30.685Z","@version":"1","message":"Sep  8 02:30:30 honeypot-sgp-1 sshd[29393]: Disconnecting invalid user  185.246.130.20 port 3803: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:30:38 honeypot-ams-1 kernel: [83480826.756265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=5265 PROTO=TCP SPT=44204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:30:38.643Z"}
{"@timestamp":"2022-09-08T02:30:59.700Z","@version":"1","message":"Sep  8 02:30:59 honeypot-sgp-1 sshd[29399]: Invalid user  from 185.246.130.20 port 62788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:31:20.712Z","@version":"1","message":"Sep  8 02:31:19 honeypot-sgp-1 sshd[29405]: Invalid user motorola from 185.246.130.20 port 22609","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:31:40.722Z","@version":"1","message":"Sep  8 02:31:39 honeypot-sgp-1 sshd[29409]: Invalid user blank from 185.246.130.20 port 44710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:31:59 honeypot-fra-1 kernel: [83478760.406468] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.152.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=48435 PROTO=TCP SPT=35414 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:31:59.783Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T02:32:12.738Z","@version":"1","message":"Sep  8 02:32:12 honeypot-sgp-1 sshd[29417]: Disconnecting invalid user airlive 185.246.130.20 port 45488: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:32:34.750Z","@version":"1","message":"Sep  8 02:32:33 honeypot-sgp-1 sshd[29423]: Disconnected from invalid user olga 204.48.30.137 port 60872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:32:56.762Z","@version":"1","message":"Sep  8 02:32:56 honeypot-sgp-1 sshd[29429]: Invalid user Shiko from 185.246.130.20 port 26149","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:33:17.772Z","@version":"1","message":"Sep  8 02:33:17 honeypot-sgp-1 sshd[29435]: Invalid user smcadmin from 185.246.130.20 port 60274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:33:42.786Z","@version":"1","message":"Sep  8 02:33:42 honeypot-sgp-1 sshd[29441]: Invalid user cusadmin from 185.246.130.20 port 34456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:34:10.800Z","@version":"1","message":"Sep  8 02:34:10 honeypot-sgp-1 sshd[29448]: Invalid user sweex from 185.246.130.20 port 16972","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:34:35.813Z","@version":"1","message":"Sep  8 02:34:35 honeypot-sgp-1 sshd[29454]: Invalid user  from 185.246.130.20 port 34875","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:34:43 honeypot-ams-1 sshd[32269]: Received disconnect from 92.255.85.69 port 46800:11: Bye Bye [preauth]","@timestamp":"2022-09-08T02:34:43.752Z"}
{"@timestamp":"2022-09-08T02:35:03.828Z","@version":"1","message":"Sep  8 02:35:03 honeypot-sgp-1 sshd[29460]: Invalid user ubnt from 185.246.130.20 port 7933","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:35:39.846Z","@version":"1","message":"Sep  8 02:35:39 honeypot-sgp-1 sshd[29466]: Disconnecting invalid user user 185.246.130.20 port 24758: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:36:07.860Z","@version":"1","message":"Sep  8 02:36:07 honeypot-sgp-1 sshd[29472]: Disconnecting invalid user Admin 185.246.130.20 port 42473: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:36:36.878Z","@version":"1","message":"Sep  8 02:36:36 honeypot-sgp-1 sshd[29478]: Disconnecting invalid user 0 185.246.130.20 port 30415: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:37:18.900Z","@version":"1","message":"Sep  8 02:37:17 honeypot-sgp-1 sshd[29484]: Disconnecting invalid user admin 185.246.130.20 port 8157: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T02:44:45.097Z","@version":"1","message":"Sep  8 02:44:44 honeypot-sgp-1 sshd[29491]: Disconnected from authenticating user root 92.255.85.70 port 17758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:45:03 honeypot-ams-1 kernel: [83481691.645000] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.90.169.173 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=61645 DF PROTO=TCP SPT=39210 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:45:04.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:46:54 honeypot-fra-1 sshd[22249]: Did not receive identification string from 60.10.72.197 port 44610","@timestamp":"2022-09-08T02:46:55.106Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:48:07 honeypot-ams-1 kernel: [83481875.591012] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.58.89.59 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=37 DF PROTO=TCP SPT=34953 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:48:08.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:50:48 honeypot-fra-1 sshd[22253]: Disconnected from invalid user sarah 60.10.72.203 port 34873 [preauth]","@timestamp":"2022-09-08T02:50:49.190Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 02:51:03 honeypot-ams-1 kernel: [83482051.974326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=22972 PROTO=TCP SPT=45020 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T02:51:04.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:51:54 honeypot-ams-1 sshd[32282]: Received disconnect from 45.61.186.249 port 35104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T02:51:55.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:52:15 honeypot-ams-1 sshd[32286]: Received disconnect from 45.61.186.249 port 57832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T02:52:15.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:52:34 honeypot-ams-1 sshd[32290]: Received disconnect from 45.61.186.249 port 52328:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T02:52:35.251Z"}
{"@timestamp":"2022-09-08T02:54:27.332Z","@version":"1","message":"Sep  8 02:54:26 honeypot-sgp-1 kernel: [83481784.431578] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=91.240.118.77 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4897 PROTO=TCP SPT=56816 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 02:56:02 honeypot-fra-1 sshd[22259]: Disconnected from invalid user 51nGleD 37.139.129.83 port 49598 [preauth]","@timestamp":"2022-09-08T02:56:03.304Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 02:57:12 honeypot-ams-1 sshd[32295]: Connection closed by invalid user Admin 217.215.239.76 port 54855 [preauth]","@timestamp":"2022-09-08T02:57:12.373Z"}
{"@timestamp":"2022-09-08T03:03:12.548Z","@version":"1","message":"Sep  8 03:03:12 honeypot-sgp-1 kernel: [83482310.278930] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38456 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:04:08 honeypot-fra-1 sshd[22264]: Received disconnect from 92.255.85.70 port 23346:11: Bye Bye [preauth]","@timestamp":"2022-09-08T03:04:09.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:07:06 honeypot-fra-1 sshd[22268]: Disconnected from invalid user debianuser 208.67.106.145 port 60166 [preauth]","@timestamp":"2022-09-08T03:07:07.551Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:07:31.653Z","@version":"1","message":"Sep  8 03:07:30 honeypot-sgp-1 kernel: [83482568.498369] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.95.76 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45553 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:07:35 honeypot-ams-1 kernel: [83483043.784533] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=48357 PROTO=TCP SPT=46432 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:07:35.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:09:48 honeypot-fra-1 sshd[22275]: Invalid user ts3 from 208.67.106.145 port 52688","@timestamp":"2022-09-08T03:09:48.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:11:19 honeypot-fra-1 sshd[22279]: Connection closed by invalid user pi 91.115.179.129 port 52034 [preauth]","@timestamp":"2022-09-08T03:11:19.648Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:12:01.765Z","@version":"1","message":"Sep  8 03:12:01 honeypot-sgp-1 sshd[29529]: Invalid user hrykymmt from 189.5.124.232 port 39188","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:12:40 honeypot-fra-1 sshd[22283]: Disconnected from authenticating user root 208.67.106.145 port 45184 [preauth]","@timestamp":"2022-09-08T03:12:41.682Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:13:10 honeypot-ams-1 sshd[32306]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-08T03:13:10.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:15:03 honeypot-fra-1 kernel: [83481344.376974] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.38.93.168 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=15351 PROTO=TCP SPT=52849 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:15:03.737Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T03:16:32.876Z","@version":"1","message":"Sep  8 03:16:32 honeypot-sgp-1 sshd[29534]: Received disconnect from 159.65.2.58 port 52556:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:17:02 honeypot-fra-1 sshd[22296]: Disconnected from authenticating user root 208.67.106.145 port 48012 [preauth]","@timestamp":"2022-09-08T03:17:03.785Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:17:04.890Z","@version":"1","message":"Sep  8 03:17:04 honeypot-sgp-1 sshd[29539]: Disconnected from invalid user april 148.63.215.173 port 39076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:33 honeypot-fra-1 sshd[22300]: Disconnected from authenticating user root 208.67.106.145 port 58392 [preauth]","@timestamp":"2022-09-08T03:18:33.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22310]: Connection closed by invalid user vagrant 178.62.238.239 port 56318 [preauth]","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22309]: Connection closed by invalid user ansible 178.62.238.239 port 56315 [preauth]","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22307]: Invalid user ubuntu from 178.62.238.239 port 56307","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22307]: Connection closed by invalid user ubuntu 178.62.238.239 port 56307 [preauth]","@timestamp":"2022-09-08T03:18:59.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:58 honeypot-fra-1 sshd[22323]: Invalid user ts3server from 178.62.238.239 port 56317","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22323]: Connection closed by invalid user ts3server 178.62.238.239 port 56317 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22319]: Connection closed by invalid user esuser 178.62.238.239 port 56306 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22318]: Connection closed by invalid user oracle 178.62.238.239 port 56302 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:18:59 honeypot-fra-1 sshd[22329]: Connection closed by invalid user esuser 178.62.238.239 port 56320 [preauth]","@timestamp":"2022-09-08T03:18:59.831Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:19:09 honeypot-ams-1 sshd[32313]: Disconnected from authenticating user root 92.255.85.69 port 35186 [preauth]","@timestamp":"2022-09-08T03:19:09.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:19:51 honeypot-fra-1 sshd[22360]: Received disconnect from 167.172.90.213 port 38190:11: Bye Bye [preauth]","@timestamp":"2022-09-08T03:19:51.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:20:57 honeypot-fra-1 sshd[22364]: Disconnected from authenticating user root 139.59.81.55 port 53454 [preauth]","@timestamp":"2022-09-08T03:20:57.879Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:21:37 honeypot-ams-1 sshd[32316]: Disconnected from invalid user user 198.98.61.9 port 57966 [preauth]","@timestamp":"2022-09-08T03:21:38.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:21:52 honeypot-ams-1 sshd[32320]: Disconnected from invalid user user 198.98.61.9 port 52136 [preauth]","@timestamp":"2022-09-08T03:21:53.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:22:07 honeypot-ams-1 sshd[32324]: Disconnected from invalid user user 198.98.61.9 port 46308 [preauth]","@timestamp":"2022-09-08T03:22:08.029Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:22:20 honeypot-ams-1 sshd[32328]: Disconnected from invalid user user 198.98.61.9 port 40480 [preauth]","@timestamp":"2022-09-08T03:22:21.036Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:23:09 honeypot-fra-1 sshd[22370]: Received disconnect from 208.67.106.145 port 33014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:23:09.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:26:16 honeypot-fra-1 sshd[22375]: Received disconnect from 208.67.106.145 port 53746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:26:17.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:27:47 honeypot-fra-1 sshd[22379]: Disconnected from invalid user jenkins 208.67.106.145 port 35852 [preauth]","@timestamp":"2022-09-08T03:27:48.040Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 03:27:56 honeypot-ams-1 kernel: [83484265.236645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.189.99.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=15864 PROTO=TCP SPT=45787 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T03:27:57.184Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:29:21 honeypot-fra-1 sshd[22385]: Invalid user ansible from 208.67.106.145 port 46246","@timestamp":"2022-09-08T03:29:22.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:30:18 honeypot-fra-1 sshd[22390]: Received disconnect from 157.245.122.58 port 58286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:30:19.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:31:19 honeypot-fra-1 sshd[22394]: Received disconnect from 157.245.122.58 port 43614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T03:31:20.127Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:32:30 honeypot-fra-1 sshd[22398]: Disconnected from authenticating user root 208.67.106.145 port 38722 [preauth]","@timestamp":"2022-09-08T03:32:30.153Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:32:45.270Z","@version":"1","message":"Sep  8 03:32:44 honeypot-sgp-1 sshd[29546]: Did not receive identification string from 45.61.186.169 port 42170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:33:09.282Z","@version":"1","message":"Sep  8 03:33:08 honeypot-sgp-1 sshd[29549]: Disconnected from invalid user user 45.61.186.169 port 60484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:33:28.290Z","@version":"1","message":"Sep  8 03:33:27 honeypot-sgp-1 sshd[29553]: Disconnected from invalid user user 45.61.186.169 port 55650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:33:45.299Z","@version":"1","message":"Sep  8 03:33:45 honeypot-sgp-1 sshd[29557]: Disconnected from invalid user user 45.61.186.169 port 50820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:34:01 honeypot-fra-1 sshd[22402]: Disconnected from authenticating user root 208.67.106.145 port 49086 [preauth]","@timestamp":"2022-09-08T03:34:02.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:34:58 honeypot-fra-1 sshd[22406]: Disconnected from invalid user jonitiso 157.245.122.58 port 41264 [preauth]","@timestamp":"2022-09-08T03:34:59.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:35:53 honeypot-fra-1 sshd[22411]: Disconnected from invalid user cypress 157.245.122.58 port 54782 [preauth]","@timestamp":"2022-09-08T03:35:54.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:36:56 honeypot-ams-1 sshd[32334]: Disconnected from invalid user arbaiah 189.30.156.174 port 56754 [preauth]","@timestamp":"2022-09-08T03:36:56.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:39:54 honeypot-fra-1 sshd[22417]: Disconnected from authenticating user root 208.67.106.145 port 34080 [preauth]","@timestamp":"2022-09-08T03:39:55.339Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:40:55.475Z","@version":"1","message":"Sep  8 03:40:54 honeypot-sgp-1 sshd[29563]: Invalid user user from 45.61.186.169 port 57006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:41:14.485Z","@version":"1","message":"Sep  8 03:41:13 honeypot-sgp-1 sshd[29567]: Invalid user user from 45.61.186.169 port 51370","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:41:31.494Z","@version":"1","message":"Sep  8 03:41:30 honeypot-sgp-1 sshd[29571]: Invalid user user from 45.61.186.169 port 45754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T03:41:47.502Z","@version":"1","message":"Sep  8 03:41:46 honeypot-sgp-1 sshd[29575]: Invalid user user from 45.61.186.169 port 40138","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:44:37 honeypot-fra-1 sshd[22424]: Invalid user ubuntu from 208.67.106.145 port 36924","@timestamp":"2022-09-08T03:44:37.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:45:23 honeypot-ams-1 sshd[32339]: Connection closed by 180.76.173.237 port 47498 [preauth]","@timestamp":"2022-09-08T03:45:23.626Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:47:43 honeypot-fra-1 sshd[22429]: Invalid user mos from 208.67.106.145 port 57660","@timestamp":"2022-09-08T03:47:44.506Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 03:47:51 honeypot-ams-1 sshd[32344]: Disconnected from invalid user web 138.68.10.182 port 35268 [preauth]","@timestamp":"2022-09-08T03:47:51.688Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 03:50:03 honeypot-fra-1 sshd[22434]: Received disconnect from 92.255.85.70 port 50946:11: Bye Bye [preauth]","@timestamp":"2022-09-08T03:50:04.559Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T03:52:30.779Z","@version":"1","message":"Sep  8 03:52:30 honeypot-sgp-1 sshd[29579]: Disconnected from authenticating user root 92.255.85.69 port 52712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:08 honeypot-fra-1 sshd[22440]: Received disconnect from 178.12.151.228 port 49682:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:08.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:08 honeypot-fra-1 sshd[22444]: Disconnected from invalid user ubnt 178.12.151.228 port 49780 [preauth]","@timestamp":"2022-09-08T04:04:09.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:09 honeypot-fra-1 sshd[22450]: Disconnected from authenticating user root 178.12.151.228 port 49826 [preauth]","@timestamp":"2022-09-08T04:04:09.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:10 honeypot-fra-1 sshd[22456]: Disconnected from authenticating user root 178.12.151.228 port 49860 [preauth]","@timestamp":"2022-09-08T04:04:10.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:11 honeypot-fra-1 sshd[22462]: Disconnected from authenticating user root 178.12.151.228 port 49934 [preauth]","@timestamp":"2022-09-08T04:04:11.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:12 honeypot-fra-1 sshd[22468]: Disconnected from authenticating user root 178.12.151.228 port 49974 [preauth]","@timestamp":"2022-09-08T04:04:12.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:13 honeypot-fra-1 sshd[22474]: Disconnected from authenticating user root 178.12.151.228 port 50008 [preauth]","@timestamp":"2022-09-08T04:04:13.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:14 honeypot-fra-1 sshd[22480]: Disconnected from authenticating user root 178.12.151.228 port 50032 [preauth]","@timestamp":"2022-09-08T04:04:14.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:15 honeypot-fra-1 sshd[22486]: Disconnected from authenticating user root 178.12.151.228 port 50076 [preauth]","@timestamp":"2022-09-08T04:04:15.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:16 honeypot-fra-1 sshd[22492]: Disconnected from authenticating user root 178.12.151.228 port 50122 [preauth]","@timestamp":"2022-09-08T04:04:16.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:16 honeypot-fra-1 sshd[22498]: Disconnected from authenticating user root 178.12.151.228 port 50158 [preauth]","@timestamp":"2022-09-08T04:04:17.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:17 honeypot-fra-1 sshd[22504]: Disconnected from authenticating user root 178.12.151.228 port 50198 [preauth]","@timestamp":"2022-09-08T04:04:17.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:18 honeypot-fra-1 sshd[22510]: Disconnected from authenticating user root 178.12.151.228 port 50334 [preauth]","@timestamp":"2022-09-08T04:04:18.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:19 honeypot-fra-1 sshd[22514]: Disconnected from invalid user admin 178.12.151.228 port 50368 [preauth]","@timestamp":"2022-09-08T04:04:19.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:19 honeypot-fra-1 sshd[22518]: Disconnected from invalid user admin 178.12.151.228 port 50418 [preauth]","@timestamp":"2022-09-08T04:04:20.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:20 honeypot-fra-1 sshd[22522]: Disconnected from invalid user admin 178.12.151.228 port 50436 [preauth]","@timestamp":"2022-09-08T04:04:20.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:21 honeypot-fra-1 sshd[22526]: Disconnected from invalid user admin 178.12.151.228 port 50470 [preauth]","@timestamp":"2022-09-08T04:04:21.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:21 honeypot-fra-1 sshd[22530]: Disconnected from invalid user admin 178.12.151.228 port 50546 [preauth]","@timestamp":"2022-09-08T04:04:21.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:22 honeypot-fra-1 sshd[22536]: Received disconnect from 178.12.151.228 port 50586:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:22.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:23 honeypot-fra-1 sshd[22540]: Received disconnect from 178.12.151.228 port 50608:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:23.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:23 honeypot-fra-1 sshd[22544]: Received disconnect from 178.12.151.228 port 50632:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:23.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:24 honeypot-fra-1 sshd[22548]: Received disconnect from 178.12.151.228 port 50654:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:24.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:25 honeypot-fra-1 sshd[22552]: Received disconnect from 178.12.151.228 port 50690:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:25.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:25 honeypot-fra-1 sshd[22556]: Received disconnect from 178.12.151.228 port 50724:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:25.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:26 honeypot-fra-1 sshd[22560]: Received disconnect from 178.12.151.228 port 50762:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:26.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:26 honeypot-fra-1 sshd[22564]: Received disconnect from 178.12.151.228 port 50788:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:27.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:27 honeypot-fra-1 sshd[22568]: Received disconnect from 178.12.151.228 port 50826:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:27.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:28 honeypot-fra-1 sshd[22572]: Received disconnect from 178.12.151.228 port 50854:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:28.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:28 honeypot-fra-1 sshd[22576]: Received disconnect from 178.12.151.228 port 50980:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:28.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:04:29 honeypot-fra-1 sshd[22580]: Received disconnect from 178.12.151.228 port 51020:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:04:29.882Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:08:33 honeypot-ams-1 sshd[32349]: Received disconnect from 42.200.247.63 port 46684:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:08:34.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:09:23 honeypot-ams-1 sshd[32354]: Disconnected from invalid user Angelika 129.146.241.147 port 47936 [preauth]","@timestamp":"2022-09-08T04:09:24.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:10:22 honeypot-fra-1 kernel: [83484664.014257] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.213.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47275 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:10:23.013Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T04:10:31.217Z","@version":"1","message":"Sep  8 04:10:30 honeypot-sgp-1 kernel: [83486348.253330] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.109 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57059 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:11:23 honeypot-ams-1 sshd[32358]: Disconnected from invalid user odoo 157.245.122.58 port 43080 [preauth]","@timestamp":"2022-09-08T04:11:24.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:12:25 honeypot-ams-1 sshd[32362]: Disconnected from invalid user tenancy 157.245.122.58 port 56620 [preauth]","@timestamp":"2022-09-08T04:12:26.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:14:19 honeypot-ams-1 sshd[32367]: Invalid user jonitwiso from 157.245.122.58 port 55446","@timestamp":"2022-09-08T04:14:19.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:15:16 honeypot-fra-1 sshd[22591]: Invalid user alfred from 200.70.56.202 port 40792","@timestamp":"2022-09-08T04:15:17.124Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:16:05 honeypot-ams-1 sshd[32373]: Invalid user ftp_user from 177.1.213.19 port 29269","@timestamp":"2022-09-08T04:16:06.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:17:01 honeypot-ams-1 CRON[32377]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T04:17:01.447Z"}
{"@timestamp":"2022-09-08T04:17:02.376Z","@version":"1","message":"Sep  8 04:17:01 honeypot-sgp-1 CRON[29590]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:20:52 honeypot-ams-1 sshd[32383]: Received disconnect from 218.92.0.221 port 63888:11:  [preauth]","@timestamp":"2022-09-08T04:20:53.549Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:25:02 honeypot-ams-1 kernel: [83487690.302378] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=22951 PROTO=TCP SPT=61002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:25:02.658Z"}
{"@timestamp":"2022-09-08T04:25:45.590Z","@version":"1","message":"Sep  8 04:25:44 honeypot-sgp-1 sshd[29601]: Received disconnect from 157.245.243.224 port 56254:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:27:09.627Z","@version":"1","message":"Sep  8 04:27:08 honeypot-sgp-1 kernel: [83487346.643476] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.83 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=43699 PROTO=TCP SPT=18192 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:30:38 honeypot-ams-1 kernel: [83488026.649415] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=40224 PROTO=TCP SPT=51377 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:30:38.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:31:33 honeypot-fra-1 kernel: [83485934.094940] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=19832 PROTO=TCP SPT=50049 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:31:33.473Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:34:12 honeypot-fra-1 sshd[22601]: Disconnected from invalid user marinela 204.48.30.77 port 55632 [preauth]","@timestamp":"2022-09-08T04:34:12.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T04:34:24.807Z","@version":"1","message":"Sep  8 04:34:24 honeypot-sgp-1 kernel: [83487781.752272] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=116.62.111.9 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=17114 DF PROTO=TCP SPT=60490 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:37:25.885Z","@version":"1","message":"Sep  8 04:37:25 honeypot-sgp-1 sshd[29613]: Invalid user user from 45.61.187.160 port 45756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:37:49.897Z","@version":"1","message":"Sep  8 04:37:49 honeypot-sgp-1 sshd[29618]: Invalid user user from 45.61.187.160 port 41170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:38:07.906Z","@version":"1","message":"Sep  8 04:38:07 honeypot-sgp-1 sshd[29622]: Invalid user user from 45.61.187.160 port 36564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T04:38:16.911Z","@version":"1","message":"Sep  8 04:38:16 honeypot-sgp-1 sshd[29626]: Received disconnect from 45.61.187.160 port 48390:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:39:18 honeypot-ams-1 kernel: [83488546.671623] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.209.77.14 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=19287 DF PROTO=TCP SPT=63888 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:39:19.029Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:41:35 honeypot-fra-1 sshd[22609]: Received disconnect from 45.61.186.169 port 32918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:41:36.693Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:41:53 honeypot-fra-1 sshd[22613]: Received disconnect from 45.61.186.169 port 56262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:41:54.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:42:11 honeypot-fra-1 sshd[22617]: Received disconnect from 45.61.186.169 port 51376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:42:11.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:42:27 honeypot-fra-1 sshd[22621]: Received disconnect from 45.61.186.169 port 46474:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T04:42:27.717Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 04:49:16 honeypot-ams-1 kernel: [83489144.206768] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.187.205.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=27852 PROTO=TCP SPT=55603 DPT=80 WINDOW=52003 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T04:49:16.286Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:52:11 honeypot-fra-1 sshd[22627]: Unable to negotiate with 113.5.234.18 port 39740: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-08T04:52:11.929Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 04:56:07 honeypot-ams-1 sshd[32434]: Received disconnect from 43.225.158.223 port 41547:11: Bye Bye [preauth]","@timestamp":"2022-09-08T04:56:07.462Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 04:58:21 honeypot-fra-1 sshd[22633]: Disconnected from authenticating user root 92.255.85.70 port 25774 [preauth]","@timestamp":"2022-09-08T04:58:21.065Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:02:28.489Z","@version":"1","message":"Sep  8 05:02:28 honeypot-sgp-1 sshd[29637]: Received disconnect from 61.177.173.35 port 10154:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:09:40 honeypot-fra-1 sshd[22639]: Invalid user ftpuser from 67.222.147.161 port 37820","@timestamp":"2022-09-08T05:09:41.311Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 05:10:00 honeypot-ams-1 kernel: [83490388.438989] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.152.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8122 PROTO=TCP SPT=23517 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:10:00.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:12:32 honeypot-fra-1 sshd[22643]: Disconnected from invalid user user 198.98.61.9 port 47108 [preauth]","@timestamp":"2022-09-08T05:12:32.370Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:12:33.728Z","@version":"1","message":"Sep  8 05:12:33 honeypot-sgp-1 kernel: [83490071.198020] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=131.159.24.205 DST=159.89.202.188 LEN=72 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=54098 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:12:48 honeypot-fra-1 sshd[22648]: Disconnected from invalid user user 198.98.61.9 port 41978 [preauth]","@timestamp":"2022-09-08T05:12:49.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:13:04 honeypot-fra-1 sshd[22652]: Disconnected from invalid user user 198.98.61.9 port 36828 [preauth]","@timestamp":"2022-09-08T05:13:04.385Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:13:18 honeypot-fra-1 sshd[22656]: Disconnected from invalid user user 198.98.61.9 port 59918 [preauth]","@timestamp":"2022-09-08T05:13:19.392Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 05:13:47 honeypot-ams-1 kernel: [83490615.361432] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29884 DF PROTO=TCP SPT=38205 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:13:47.921Z"}
{"@timestamp":"2022-09-08T05:16:54.835Z","@version":"1","message":"Sep  8 05:16:54 honeypot-sgp-1 sshd[29651]: Received disconnect from 45.61.186.49 port 41408:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:17:01.838Z","@version":"1","message":"Sep  8 05:17:01 honeypot-sgp-1 CRON[29655]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:17:01 honeypot-fra-1 CRON[22662]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T05:17:02.487Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:17:09.843Z","@version":"1","message":"Sep  8 05:17:09 honeypot-sgp-1 sshd[29660]: Disconnected from invalid user user 45.61.186.49 port 59414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:18:33 honeypot-ams-1 sshd[32453]: Did not receive identification string from 45.61.188.177 port 57528","@timestamp":"2022-09-08T05:18:33.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:19:17 honeypot-ams-1 sshd[32456]: Disconnected from invalid user user 45.61.188.177 port 36318 [preauth]","@timestamp":"2022-09-08T05:19:18.065Z"}
{"@timestamp":"2022-09-08T05:19:33.903Z","@version":"1","message":"Sep  8 05:19:33 honeypot-sgp-1 kernel: [83490490.734294] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=3181 PROTO=TCP SPT=52135 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:19:39 honeypot-ams-1 sshd[32460]: Disconnected from invalid user user 45.61.188.177 port 32948 [preauth]","@timestamp":"2022-09-08T05:19:39.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:20:00 honeypot-ams-1 sshd[32466]: Invalid user user from 45.61.188.177 port 57820","@timestamp":"2022-09-08T05:20:01.088Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:21:29 honeypot-fra-1 kernel: [83488930.171267] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.176.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33938 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:21:29.585Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:22:26 honeypot-ams-1 sshd[32471]: Received disconnect from 61.177.173.36 port 44260:11:  [preauth]","@timestamp":"2022-09-08T05:22:27.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:24:33 honeypot-fra-1 sshd[22673]: Connection closed by invalid user admin 193.106.191.157 port 57932 [preauth]","@timestamp":"2022-09-08T05:24:33.654Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:29:51.175Z","@version":"1","message":"Sep  8 05:29:50 honeypot-sgp-1 kernel: [83491107.835664] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=113.196.124.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=47641 PROTO=TCP SPT=14145 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:31:27 honeypot-ams-1 sshd[32476]: Invalid user cer-admin from 137.116.144.39 port 60428","@timestamp":"2022-09-08T05:31:27.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:32:40 honeypot-ams-1 sshd[32483]: Received disconnect from 45.61.187.160 port 54008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T05:32:41.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:32:59 honeypot-ams-1 sshd[32489]: Invalid user user from 45.61.187.160 port 49196","@timestamp":"2022-09-08T05:32:59.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:33:17 honeypot-ams-1 sshd[32494]: Invalid user user from 45.61.187.160 port 44384","@timestamp":"2022-09-08T05:33:18.440Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 05:33:33 honeypot-ams-1 kernel: [83491802.001641] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=43765 PROTO=TCP SPT=54777 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:33:34.449Z"}
{"@timestamp":"2022-09-08T05:37:38.367Z","@version":"1","message":"Sep  8 05:37:38 honeypot-sgp-1 sshd[29674]: Disconnected from 61.177.173.37 port 21912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 05:37:53 honeypot-ams-1 sshd[32504]: Disconnected from authenticating user root 92.255.85.69 port 58168 [preauth]","@timestamp":"2022-09-08T05:37:54.560Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:38:56 honeypot-fra-1 kernel: [83489977.330808] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.80.204.251 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=41381 PROTO=TCP SPT=41261 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T05:38:56.962Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 05:41:27 honeypot-fra-1 sshd[22680]: Bad protocol version identification 'ABCDEFGHIJKLMNOPQRSTUVWXYZ9999' from 172.104.131.24 port 36832","@timestamp":"2022-09-08T05:41:28.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T05:41:48.493Z","@version":"1","message":"Sep  8 05:41:48 honeypot-sgp-1 sshd[29682]: Received disconnect from 141.255.162.226 port 59050:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:49.494Z","@version":"1","message":"Sep  8 05:41:49 honeypot-sgp-1 sshd[29686]: Received disconnect from 141.255.162.226 port 38154:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:52.496Z","@version":"1","message":"Sep  8 05:41:51 honeypot-sgp-1 sshd[29690]: Received disconnect from 141.255.162.226 port 37044:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:41:53.496Z","@version":"1","message":"Sep  8 05:41:53 honeypot-sgp-1 sshd[29694]: Received disconnect from 141.255.162.226 port 52834:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:43:23.535Z","@version":"1","message":"Sep  8 05:43:22 honeypot-sgp-1 sshd[29698]: Received disconnect from 159.65.115.222 port 55656:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:47:23.632Z","@version":"1","message":"Sep  8 05:47:23 honeypot-sgp-1 sshd[29705]: Received disconnect from 92.255.85.69 port 18948:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:48:56.671Z","@version":"1","message":"Sep  8 05:48:56 honeypot-sgp-1 kernel: [83492254.148694] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.96.31 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=6844 PROTO=TCP SPT=56125 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T05:55:29.829Z","@version":"1","message":"Sep  8 05:55:29 honeypot-sgp-1 sshd[29718]: Invalid user admin from 220.135.177.191 port 54020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:00:06 honeypot-ams-1 sshd[32519]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 57005","@timestamp":"2022-09-08T06:00:07.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:00:23 honeypot-fra-1 sshd[22685]: Invalid user admin from 121.159.171.57 port 41835","@timestamp":"2022-09-08T06:00:24.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:00:36.955Z","@version":"1","message":"Sep  8 06:00:36 honeypot-sgp-1 kernel: [83492953.850915] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40227 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:03:04 honeypot-fra-1 sshd[22687]: Disconnected from invalid user jira 165.22.45.108 port 52318 [preauth]","@timestamp":"2022-09-08T06:03:04.483Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:03:04 honeypot-ams-1 sshd[32527]: Connection closed by invalid user pi 158.248.51.169 port 38980 [preauth]","@timestamp":"2022-09-08T06:03:05.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:04:05 honeypot-ams-1 sshd[32535]: Received disconnect from 61.177.172.114 port 17709:11:  [preauth]","@timestamp":"2022-09-08T06:04:05.231Z"}
{"@timestamp":"2022-09-08T06:05:41.082Z","@version":"1","message":"Sep  8 06:05:40 honeypot-sgp-1 sshd[29733]: Received disconnect from 14.224.169.32 port 59578:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:41 honeypot-ams-1 sshd[32540]: Received disconnect from 141.255.162.226 port 54650:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T06:06:42.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:44 honeypot-ams-1 sshd[32544]: Received disconnect from 141.255.162.226 port 47912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T06:06:44.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:06:47 honeypot-ams-1 sshd[32548]: Received disconnect from 141.255.162.226 port 34016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T06:06:48.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:07:29 honeypot-fra-1 sshd[22692]: Received disconnect from 92.255.85.69 port 22008:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:07:29.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:30 honeypot-ams-1 sshd[32553]: Invalid user user from 141.255.162.226 port 48544","@timestamp":"2022-09-08T06:07:30.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:32 honeypot-ams-1 sshd[32557]: Invalid user user from 141.255.162.226 port 35244","@timestamp":"2022-09-08T06:07:32.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:34 honeypot-ams-1 sshd[32561]: Invalid user user from 141.255.162.226 port 50184","@timestamp":"2022-09-08T06:07:34.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:07:37 honeypot-ams-1 sshd[32563]: Disconnected from invalid user user 141.255.162.226 port 57668 [preauth]","@timestamp":"2022-09-08T06:07:38.333Z"}
{"@timestamp":"2022-09-08T06:11:27.225Z","@version":"1","message":"Sep  8 06:11:26 honeypot-sgp-1 sshd[29739]: Received disconnect from 61.177.173.50 port 19150:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:13:57 honeypot-ams-1 kernel: [83494225.948261] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.116 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58932 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:13:58.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:31 honeypot-fra-1 sshd[23130]: Invalid user mcserver from 129.226.39.43 port 55723","@timestamp":"2022-09-08T06:15:31.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:31 honeypot-fra-1 sshd[23132]: Connection closed by invalid user teamspeak 129.226.39.43 port 55631 [preauth]","@timestamp":"2022-09-08T06:15:31.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:32 honeypot-fra-1 sshd[23141]: Invalid user es from 129.226.39.43 port 55675","@timestamp":"2022-09-08T06:15:33.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:32 honeypot-fra-1 sshd[23141]: Connection closed by invalid user es 129.226.39.43 port 55675 [preauth]","@timestamp":"2022-09-08T06:15:33.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:34 honeypot-fra-1 sshd[23157]: Invalid user oracle from 129.226.39.43 port 55733","@timestamp":"2022-09-08T06:15:34.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:15:35 honeypot-fra-1 sshd[23159]: Connection closed by invalid user user 129.226.39.43 port 55757 [preauth]","@timestamp":"2022-09-08T06:15:35.761Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:17:02.366Z","@version":"1","message":"Sep  8 06:17:01 honeypot-sgp-1 CRON[29747]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:15.373Z","@version":"1","message":"Sep  8 06:17:15 honeypot-sgp-1 sshd[29752]: Disconnected from invalid user user 45.61.186.169 port 35048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:33.382Z","@version":"1","message":"Sep  8 06:17:32 honeypot-sgp-1 sshd[29756]: Disconnected from invalid user user 45.61.186.169 port 58806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:17:50.391Z","@version":"1","message":"Sep  8 06:17:49 honeypot-sgp-1 sshd[29760]: Invalid user user from 45.61.186.169 port 54314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:19:07.425Z","@version":"1","message":"Sep  8 06:19:07 honeypot-sgp-1 sshd[29766]: Received disconnect from 178.62.127.39 port 46776:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:21:14 honeypot-fra-1 sshd[23168]: Invalid user corinna from 118.34.14.126 port 40086","@timestamp":"2022-09-08T06:21:14.886Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:21:47.492Z","@version":"1","message":"Sep  8 06:21:46 honeypot-sgp-1 sshd[29770]: Disconnected from authenticating user root 61.177.173.49 port 48495 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:23:55 honeypot-ams-1 sshd[315]: Received disconnect from 92.255.85.70 port 20764:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:23:55.782Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:25:06 honeypot-fra-1 sshd[23307]: Invalid user jira from 165.22.45.108 port 57116","@timestamp":"2022-09-08T06:25:06.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:26:00.601Z","@version":"1","message":"Sep  8 06:26:00 honeypot-sgp-1 sshd[29913]: Bad protocol version identification 'ABCDEFGHIJKLMNOPQRSTUVWXYZ9999' from 172.104.131.24 port 32896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:28:46 honeypot-ams-1 kernel: [83495114.470605] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.176.48 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64740 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:28:46.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:28:55 honeypot-fra-1 sshd[23313]: Connection closed by 185.100.87.133 port 40927 [preauth]","@timestamp":"2022-09-08T06:28:56.058Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:34:36 honeypot-ams-1 sshd[501]: Disconnected from invalid user homero 103.86.49.28 port 42470 [preauth]","@timestamp":"2022-09-08T06:34:37.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 06:38:41 honeypot-ams-1 sshd[508]: Connection closed by 180.76.173.237 port 37410 [preauth]","@timestamp":"2022-09-08T06:38:42.165Z"}
{"@timestamp":"2022-09-08T06:39:03.954Z","@version":"1","message":"Sep  8 06:39:03 honeypot-sgp-1 sshd[29922]: Disconnected from authenticating user root 61.177.172.108 port 63875 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:44:42.094Z","@version":"1","message":"Sep  8 06:44:41 honeypot-sgp-1 sshd[29929]: Did not receive identification string from 45.61.187.160 port 47532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:15.110Z","@version":"1","message":"Sep  8 06:45:15 honeypot-sgp-1 sshd[29932]: Disconnected from invalid user user 45.61.187.160 port 33538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:33.118Z","@version":"1","message":"Sep  8 06:45:32 honeypot-sgp-1 sshd[29936]: Received disconnect from 45.61.187.160 port 56822:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:45:49.126Z","@version":"1","message":"Sep  8 06:45:48 honeypot-sgp-1 sshd[29941]: Received disconnect from 45.61.187.160 port 51870:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:47:20 honeypot-fra-1 sshd[23418]: Invalid user jira from 165.22.45.108 port 33690","@timestamp":"2022-09-08T06:47:20.453Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:47:31 honeypot-ams-1 kernel: [83496240.000874] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=27003 PROTO=TCP SPT=44648 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:47:32.392Z"}
{"@timestamp":"2022-09-08T06:50:54.249Z","@version":"1","message":"Sep  8 06:50:53 honeypot-sgp-1 sshd[29946]: Received disconnect from 61.177.173.39 port 30684:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 06:54:34 honeypot-fra-1 sshd[23425]: Received disconnect from 92.255.85.70 port 52512:11: Bye Bye [preauth]","@timestamp":"2022-09-08T06:54:34.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T06:55:07.353Z","@version":"1","message":"Sep  8 06:55:06 honeypot-sgp-1 sshd[30049]: Received disconnect from 61.177.173.51 port 38452:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 06:55:08 honeypot-ams-1 kernel: [83496696.713162] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=153.134.157.66 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=18537 PROTO=TCP SPT=56941 DPT=80 WINDOW=6699 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T06:55:08.586Z"}
{"@timestamp":"2022-09-08T06:56:42.394Z","@version":"1","message":"Sep  8 06:56:41 honeypot-sgp-1 sshd[30054]: Disconnected from invalid user odoo 157.245.122.58 port 47836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:57:19.411Z","@version":"1","message":"Sep  8 06:57:18 honeypot-sgp-1 sshd[30060]: Received disconnect from 61.177.172.98 port 15907:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:57:55.428Z","@version":"1","message":"Sep  8 06:57:55 honeypot-sgp-1 sshd[30064]: Disconnected from authenticating user root 92.255.85.70 port 32498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:58:29.443Z","@version":"1","message":"Sep  8 06:58:28 honeypot-sgp-1 sshd[30068]: Disconnected from invalid user data.user 157.245.122.58 port 46676 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T06:59:19.468Z","@version":"1","message":"Sep  8 06:59:18 honeypot-sgp-1 sshd[30072]: Disconnected from authenticating user root 23.94.194.115 port 46182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T07:00:59.512Z","@version":"1","message":"Sep  8 07:00:58 honeypot-sgp-1 sshd[30079]: Disconnected from invalid user cypress 157.245.122.58 port 59052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:04:31 honeypot-fra-1 kernel: [83495112.002535] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=45011 PROTO=TCP SPT=39946 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:04:31.828Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T07:05:07.615Z","@version":"1","message":"Sep  8 07:05:06 honeypot-sgp-1 sshd[30084]: Invalid user pi from 158.248.51.169 port 40448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:08:36 honeypot-ams-1 sshd[526]: Received disconnect from 61.177.173.46 port 35262:11:  [preauth]","@timestamp":"2022-09-08T07:08:36.931Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:09:10 honeypot-fra-1 sshd[23433]: Invalid user jira from 165.22.45.108 port 38472","@timestamp":"2022-09-08T07:09:10.931Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T07:09:36.724Z","@version":"1","message":"Sep  8 07:09:36 honeypot-sgp-1 kernel: [83497093.700107] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.103 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52585 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:10:09 honeypot-ams-1 sshd[531]: Disconnected from authenticating user root 92.255.85.69 port 15824 [preauth]","@timestamp":"2022-09-08T07:10:09.974Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:21 honeypot-ams-1 sshd[539]: Received disconnect from 45.61.186.169 port 48096:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T07:13:22.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:38 honeypot-ams-1 sshd[545]: Invalid user user from 45.61.186.169 port 42626","@timestamp":"2022-09-08T07:13:39.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:13:54 honeypot-ams-1 sshd[549]: Invalid user user from 45.61.186.169 port 37188","@timestamp":"2022-09-08T07:13:55.075Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 07:14:58 honeypot-ams-1 kernel: [83497886.696030] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.219.169.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=250 ID=34502 DF PROTO=TCP SPT=17433 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:14:59.103Z"}
{"@timestamp":"2022-09-08T07:16:00.878Z","@version":"1","message":"Sep  8 07:16:00 honeypot-sgp-1 kernel: [83497477.964791] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=46933 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T07:17:41.941Z","@version":"1","message":"Sep  8 07:17:41 honeypot-sgp-1 sshd[30106]: Invalid user milan from 43.154.66.195 port 53254","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:17:59 honeypot-fra-1 sshd[23439]: Received disconnect from 92.255.85.70 port 44104:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:18:00.119Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 07:18:34 honeypot-ams-1 kernel: [83498102.864385] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.142 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41302 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:18:35.195Z"}
{"@timestamp":"2022-09-08T07:20:58.026Z","@version":"1","message":"Sep  8 07:20:57 honeypot-sgp-1 sshd[30111]: Received disconnect from 92.255.85.70 port 63600:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:22:21 honeypot-fra-1 sshd[23444]: Received disconnect from 177.73.136.175 port 39820:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:22:21.216Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T07:23:49.096Z","@version":"1","message":"Sep  8 07:23:48 honeypot-sgp-1 sshd[30115]: Disconnected from authenticating user root 162.241.114.75 port 58172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:25:36 honeypot-fra-1 sshd[23448]: Connection closed by invalid user admin 141.98.10.158 port 58874 [preauth]","@timestamp":"2022-09-08T07:25:37.288Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 07:31:01 honeypot-ams-1 kernel: [83498849.927937] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.142.236.36 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=32117 PROTO=TCP SPT=17340 DPT=80 WINDOW=46272 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:31:02.515Z"}
{"@timestamp":"2022-09-08T07:31:04.269Z","@version":"1","message":"Sep  8 07:31:04 honeypot-sgp-1 sshd[30122]: Disconnected from authenticating user root 61.177.172.108 port 45217 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:34:27 honeypot-fra-1 kernel: [83496908.133317] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=57005 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:34:27.480Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:34:56 honeypot-ams-1 sshd[579]: Received disconnect from 211.200.178.178 port 38824:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:34:57.623Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 07:37:29 honeypot-ams-1 kernel: [83499237.589467] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.223.217.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=62 ID=55785 PROTO=TCP SPT=47068 DPT=80 WINDOW=39668 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:37:29.691Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:41:02 honeypot-fra-1 sshd[23459]: Received disconnect from 92.255.85.70 port 61352:11: Bye Bye [preauth]","@timestamp":"2022-09-08T07:41:02.624Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 07:44:35 honeypot-ams-1 sshd[592]: Received disconnect from 61.177.173.36 port 49454:11:  [preauth]","@timestamp":"2022-09-08T07:44:35.885Z"}
{"@timestamp":"2022-09-08T07:48:27.680Z","@version":"1","message":"Sep  8 07:48:26 honeypot-sgp-1 sshd[30133]: Disconnected from authenticating user root 61.177.173.46 port 19003 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:52:00 honeypot-fra-1 sshd[23467]: Invalid user connor from 163.53.91.102 port 37462","@timestamp":"2022-09-08T07:52:00.863Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 07:53:07 honeypot-ams-1 kernel: [83500175.628957] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.169.89 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=32646 PROTO=TCP SPT=20000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:53:08.114Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 07:56:39 honeypot-fra-1 kernel: [83498240.563858] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=56163 PROTO=TCP SPT=43414 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T07:56:39.965Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T07:56:57.884Z","@version":"1","message":"Sep  8 07:56:57 honeypot-sgp-1 sshd[30138]: Disconnected from authenticating user root 61.177.173.36 port 13750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 08:03:26 honeypot-ams-1 kernel: [83500794.251825] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=53445 PROTO=TCP SPT=57211 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:03:26.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:04:16 honeypot-fra-1 sshd[23476]: Disconnected from authenticating user root 92.255.85.69 port 35904 [preauth]","@timestamp":"2022-09-08T08:04:17.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:05:52.129Z","@version":"1","message":"Sep  8 08:05:51 honeypot-sgp-1 kernel: [83500469.059281] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.161.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54289 PROTO=TCP SPT=44100 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T08:08:44.203Z","@version":"1","message":"Sep  8 08:08:43 honeypot-sgp-1 sshd[30150]: Connection closed by 167.99.119.168 port 58654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:10:37 honeypot-fra-1 sshd[23502]: Connection closed by invalid user ubuntu 20.127.48.140 port 52038 [preauth]","@timestamp":"2022-09-08T08:10:38.295Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:13:06 honeypot-ams-1 sshd[618]: Connection reset by 61.177.173.50 port 15632 [preauth]","@timestamp":"2022-09-08T08:13:06.640Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:15:47 honeypot-fra-1 sshd[23507]: Disconnected from invalid user jira 165.22.45.108 port 52846 [preauth]","@timestamp":"2022-09-08T08:15:48.410Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:17:01 honeypot-ams-1 CRON[627]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T08:17:02.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:18:39 honeypot-ams-1 sshd[633]: Invalid user user from 45.61.187.160 port 50042","@timestamp":"2022-09-08T08:18:39.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:18:56 honeypot-ams-1 sshd[637]: Invalid user user from 45.61.187.160 port 44938","@timestamp":"2022-09-08T08:18:56.808Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:02 honeypot-fra-1 sshd[23513]: Did not receive identification string from 198.98.61.9 port 55732","@timestamp":"2022-09-08T08:19:03.485Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:19:12 honeypot-ams-1 sshd[641]: Invalid user user from 45.61.187.160 port 39830","@timestamp":"2022-09-08T08:19:12.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:17 honeypot-fra-1 sshd[23516]: Disconnected from invalid user criag 104.248.181.156 port 41476 [preauth]","@timestamp":"2022-09-08T08:19:18.493Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:19:20 honeypot-ams-1 sshd[645]: Received disconnect from 45.61.187.160 port 51394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T08:19:20.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:28 honeypot-fra-1 sshd[23520]: Disconnected from invalid user user 198.98.61.9 port 35616 [preauth]","@timestamp":"2022-09-08T08:19:28.498Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:19:28 honeypot-ams-1 sshd[650]: Disconnected from invalid user user 45.61.187.160 port 34722 [preauth]","@timestamp":"2022-09-08T08:19:28.826Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:43 honeypot-fra-1 sshd[23524]: Disconnected from invalid user user 198.98.61.9 port 58060 [preauth]","@timestamp":"2022-09-08T08:19:43.505Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:19:56.475Z","@version":"1","message":"Sep  8 08:19:55 honeypot-sgp-1 sshd[30181]: Received disconnect from 61.177.173.46 port 42970:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:19:57 honeypot-fra-1 sshd[23528]: Disconnected from invalid user user 198.98.61.9 port 52288 [preauth]","@timestamp":"2022-09-08T08:19:57.512Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:24:20.583Z","@version":"1","message":"Sep  8 08:24:20 honeypot-sgp-1 sshd[30186]: Disconnected from authenticating user root 61.177.172.124 port 61073 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:27:35 honeypot-ams-1 sshd[676]: Connection closed by 180.76.173.237 port 39938 [preauth]","@timestamp":"2022-09-08T08:27:36.046Z"}
{"@timestamp":"2022-09-08T08:30:34.736Z","@version":"1","message":"Sep  8 08:30:34 honeypot-sgp-1 kernel: [83501951.865464] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=26378 PROTO=TCP SPT=45804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:30:48 honeypot-fra-1 kernel: [83500289.283678] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=56071 PROTO=TCP SPT=45804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:30:48.753Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:34:48 honeypot-ams-1 sshd[682]: Invalid user user from 198.98.61.9 port 38448","@timestamp":"2022-09-08T08:34:49.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:05 honeypot-ams-1 sshd[686]: Invalid user user from 198.98.61.9 port 60818","@timestamp":"2022-09-08T08:35:05.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:21 honeypot-ams-1 sshd[690]: Invalid user user from 198.98.61.9 port 54850","@timestamp":"2022-09-08T08:35:21.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:35:36 honeypot-ams-1 sshd[694]: Invalid user user from 198.98.61.9 port 48910","@timestamp":"2022-09-08T08:35:36.261Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:38:02 honeypot-fra-1 sshd[23541]: Disconnected from invalid user jirimachaj 165.22.45.108 port 58336 [preauth]","@timestamp":"2022-09-08T08:38:02.915Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:40:48.984Z","@version":"1","message":"Sep  8 08:40:48 honeypot-sgp-1 sshd[30201]: Disconnected from 61.177.173.46 port 46607 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:41:02 honeypot-fra-1 sshd[23545]: Disconnected from invalid user zaqueo 27.254.137.144 port 41604 [preauth]","@timestamp":"2022-09-08T08:41:02.983Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T08:42:04.018Z","@version":"1","message":"Sep  8 08:42:03 honeypot-sgp-1 sshd[30208]: Received disconnect from 103.111.23.22 port 48518:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:42:29 honeypot-ams-1 sshd[702]: Disconnected from authenticating user root 61.177.173.52 port 10313 [preauth]","@timestamp":"2022-09-08T08:42:29.436Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 08:45:23 honeypot-ams-1 kernel: [83503311.531621] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.180 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39794 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:45:23.518Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:54:05 honeypot-fra-1 kernel: [83501685.744650] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.192.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33541 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T08:54:05.267Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T08:55:11.334Z","@version":"1","message":"Sep  8 08:55:10 honeypot-sgp-1 sshd[30217]: Received disconnect from 218.92.0.221 port 39565:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:33 honeypot-fra-1 sshd[23571]: Invalid user user from 198.98.61.9 port 50374","@timestamp":"2022-09-08T08:57:34.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 08:57:44 honeypot-ams-1 sshd[710]: Connection closed by 180.76.173.237 port 54764 [preauth]","@timestamp":"2022-09-08T08:57:44.859Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:47 honeypot-fra-1 sshd[23576]: Invalid user user from 198.98.61.9 port 44400","@timestamp":"2022-09-08T08:57:47.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:57:55 honeypot-fra-1 sshd[23580]: Invalid user user from 198.98.61.9 port 55536","@timestamp":"2022-09-08T08:57:55.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:00 honeypot-fra-1 sshd[23584]: Invalid user user from 141.255.162.226 port 37160","@timestamp":"2022-09-08T08:58:01.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:02 honeypot-fra-1 sshd[23588]: Invalid user user from 141.255.162.226 port 50732","@timestamp":"2022-09-08T08:58:02.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 08:58:04 honeypot-fra-1 sshd[23592]: Connection closed by 141.255.162.226 port 59160 [preauth]","@timestamp":"2022-09-08T08:58:05.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:00:02 honeypot-fra-1 sshd[23599]: Received disconnect from 45.61.186.49 port 42446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T09:00:02.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:00:11 honeypot-fra-1 sshd[23603]: Received disconnect from 45.61.186.49 port 54526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T09:00:11.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:00:20 honeypot-fra-1 sshd[23607]: Received disconnect from 165.22.45.108 port 34902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T09:00:21.417Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 09:06:27 honeypot-ams-1 kernel: [83504575.657119] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.98.9.237 DST=178.62.254.91 LEN=52 TOS=0x10 PREC=0x60 TTL=114 ID=8527 DF PROTO=TCP SPT=1548 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:06:28.092Z"}
{"@timestamp":"2022-09-08T09:07:02.639Z","@version":"1","message":"Sep  8 09:07:01 honeypot-sgp-1 sshd[30222]: Disconnected from authenticating user root 51.143.96.123 port 38508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:08:02 honeypot-fra-1 sshd[23614]: Disconnected from invalid user admin 167.71.160.75 port 44282 [preauth]","@timestamp":"2022-09-08T09:08:03.586Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:10:00 honeypot-ams-1 sshd[720]: Received disconnect from 61.177.173.47 port 13029:11:  [preauth]","@timestamp":"2022-09-08T09:10:00.183Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:10:29 honeypot-fra-1 sshd[23618]: Received disconnect from 104.248.141.166 port 55678:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:10:29.642Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:10:38.727Z","@version":"1","message":"Sep  8 09:10:37 honeypot-sgp-1 kernel: [83504355.200027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=139 PROTO=TCP SPT=47603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T09:13:35.798Z","@version":"1","message":"Sep  8 09:13:35 honeypot-sgp-1 sshd[30235]: Received disconnect from 202.83.17.205 port 60576:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:16:19 honeypot-fra-1 kernel: [83503019.670902] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4327 PROTO=TCP SPT=47603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:16:19.770Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T09:17:01.882Z","@version":"1","message":"Sep  8 09:17:00 honeypot-sgp-1 sshd[30245]: Received disconnect from 190.128.118.185 port 54443:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:17:01 honeypot-ams-1 CRON[725]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T09:17:02.367Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 09:21:18 honeypot-ams-1 kernel: [83505466.657609] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=6976 PROTO=TCP SPT=55467 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T09:21:19.478Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:21:33 honeypot-fra-1 sshd[23628]: Received disconnect from 159.89.230.196 port 45854:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:21:33.891Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:22:10.005Z","@version":"1","message":"Sep  8 09:22:09 honeypot-sgp-1 kernel: [83505047.077436] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.196.48 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39061 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:24:22 honeypot-fra-1 sshd[23632]: Received disconnect from 43.156.241.174 port 60646:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:24:22.953Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:25:55 honeypot-ams-1 sshd[739]: Disconnected from authenticating user root 61.177.173.50 port 16756 [preauth]","@timestamp":"2022-09-08T09:25:56.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:34:01 honeypot-ams-1 sshd[747]: Received disconnect from 61.177.173.49 port 16230:11:  [preauth]","@timestamp":"2022-09-08T09:34:01.828Z"}
{"@timestamp":"2022-09-08T09:35:03.313Z","@version":"1","message":"Sep  8 09:35:02 honeypot-sgp-1 sshd[30261]: Disconnected from authenticating user root 61.177.173.37 port 36711 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23653]: Invalid user guest from 20.111.24.241 port 39908","@timestamp":"2022-09-08T09:37:56.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23655]: Invalid user web from 20.111.24.241 port 39884","@timestamp":"2022-09-08T09:37:56.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23642]: Connection closed by invalid user www 20.111.24.241 port 39900 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23668]: Invalid user guest from 20.111.24.241 port 40046","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23667]: Connection closed by invalid user user 20.111.24.241 port 40060 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23648]: Invalid user git from 20.111.24.241 port 39876","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23637]: Invalid user ec2-user from 20.111.24.241 port 39880","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23654]: Connection closed by invalid user user 20.111.24.241 port 39926 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:37:55 honeypot-fra-1 sshd[23646]: Connection closed by invalid user oracle 20.111.24.241 port 39940 [preauth]","@timestamp":"2022-09-08T09:37:56.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:38:02 honeypot-fra-1 sshd[23693]: Received disconnect from 92.255.85.70 port 32480:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:38:02.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:42:13 honeypot-fra-1 sshd[23697]: Received disconnect from 51.250.79.55 port 48582:11: Bye Bye [preauth]","@timestamp":"2022-09-08T09:42:14.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T09:42:43.495Z","@version":"1","message":"Sep  8 09:42:42 honeypot-sgp-1 sshd[30269]: Disconnected from authenticating user root 61.177.173.51 port 20851 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 09:44:34 honeypot-fra-1 sshd[23702]: Disconnected from invalid user jkcoregs 165.22.45.108 port 44508 [preauth]","@timestamp":"2022-09-08T09:44:35.400Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:46:28 honeypot-ams-1 sshd[834]: Did not receive identification string from 111.8.89.49 port 55729","@timestamp":"2022-09-08T09:46:29.153Z"}
{"@timestamp":"2022-09-08T09:50:18.678Z","@version":"1","message":"Sep  8 09:50:18 honeypot-sgp-1 sshd[30274]: Received disconnect from 61.177.173.36 port 12499:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:51:10 honeypot-ams-1 sshd[837]: Connection closed by invalid user user1 103.188.176.251 port 40534 [preauth]","@timestamp":"2022-09-08T09:51:10.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 09:54:47 honeypot-ams-1 sshd[844]: Received disconnect from 61.177.172.98 port 46340:11:  [preauth]","@timestamp":"2022-09-08T09:54:48.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:00:03 honeypot-fra-1 kernel: [83505643.462220] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.125.189.49 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=51849 PROTO=TCP SPT=48605 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:00:03.736Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:01:00 honeypot-fra-1 sshd[23714]: Invalid user allan from 104.236.91.72 port 46942","@timestamp":"2022-09-08T10:01:00.760Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:03:54.026Z","@version":"1","message":"Sep  8 10:03:54 honeypot-sgp-1 sshd[30282]: Disconnected from authenticating user root 92.255.85.69 port 34098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:04:23 honeypot-fra-1 sshd[23718]: Invalid user river from 139.59.70.64 port 38440","@timestamp":"2022-09-08T10:04:23.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:06:34 honeypot-fra-1 sshd[23721]: Disconnected from invalid user jkdevlin 165.22.45.108 port 49308 [preauth]","@timestamp":"2022-09-08T10:06:34.881Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:08:07.147Z","@version":"1","message":"Sep  8 10:08:06 honeypot-sgp-1 sshd[30287]: Received disconnect from 141.255.162.226 port 55270:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:08:12.149Z","@version":"1","message":"Sep  8 10:08:11 honeypot-sgp-1 sshd[30291]: Received disconnect from 141.255.162.226 port 41358:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:09:14.176Z","@version":"1","message":"Sep  8 10:09:14 honeypot-sgp-1 kernel: [83507871.480836] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54371 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:09:53 honeypot-ams-1 sshd[861]: Invalid user nadezhda from 185.149.120.61 port 36652","@timestamp":"2022-09-08T10:09:53.791Z"}
{"@timestamp":"2022-09-08T10:12:49.264Z","@version":"1","message":"Sep  8 10:12:48 honeypot-sgp-1 sshd[30302]: Received disconnect from 45.61.186.249 port 59840:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:13:09.274Z","@version":"1","message":"Sep  8 10:13:08 honeypot-sgp-1 sshd[30306]: Received disconnect from 45.61.186.249 port 55068:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:13:29.283Z","@version":"1","message":"Sep  8 10:13:29 honeypot-sgp-1 sshd[30310]: Received disconnect from 45.61.186.249 port 50276:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:13:38.287Z","@version":"1","message":"Sep  8 10:13:38 honeypot-sgp-1 sshd[30314]: Disconnected from invalid user user 45.61.186.249 port 33780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:17:01 honeypot-ams-1 CRON[866]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T10:17:01.981Z"}
{"@timestamp":"2022-09-08T10:17:02.371Z","@version":"1","message":"Sep  8 10:17:01 honeypot-sgp-1 CRON[30321]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:17:16 honeypot-fra-1 sshd[23730]: Received disconnect from 200.42.176.235 port 51518:11: Bye Bye [preauth]","@timestamp":"2022-09-08T10:17:17.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:21:03.470Z","@version":"1","message":"Sep  8 10:21:03 honeypot-sgp-1 kernel: [83508580.474422] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.133 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=47907 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:11 honeypot-ams-1 sshd[871]: Disconnected from invalid user user 198.98.61.9 port 47564 [preauth]","@timestamp":"2022-09-08T10:21:12.093Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:28 honeypot-ams-1 sshd[875]: Disconnected from invalid user user 198.98.61.9 port 42040 [preauth]","@timestamp":"2022-09-08T10:21:29.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:43 honeypot-ams-1 sshd[880]: Disconnected from invalid user user 198.98.61.9 port 36456 [preauth]","@timestamp":"2022-09-08T10:21:44.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:21:58 honeypot-ams-1 sshd[884]: Disconnected from invalid user user 198.98.61.9 port 59168 [preauth]","@timestamp":"2022-09-08T10:21:59.120Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:23:56 honeypot-fra-1 sshd[23736]: Received disconnect from 92.255.85.69 port 41442:11: Bye Bye [preauth]","@timestamp":"2022-09-08T10:23:57.259Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:28:56 honeypot-fra-1 sshd[23740]: Disconnected from invalid user jkl123 165.22.45.108 port 54112 [preauth]","@timestamp":"2022-09-08T10:28:56.368Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 10:29:07 honeypot-ams-1 kernel: [83509535.571378] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=54.251.46.24 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:29:08.308Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 10:33:13 honeypot-ams-1 kernel: [83509781.310352] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.11.95.13 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=35683 DF PROTO=TCP SPT=55788 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T10:33:13.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:36:58 honeypot-fra-1 sshd[23748]: Disconnected from authenticating user root 143.244.158.100 port 44172 [preauth]","@timestamp":"2022-09-08T10:36:59.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:38:50 honeypot-ams-1 sshd[896]: Disconnected from invalid user user 45.61.184.204 port 59270 [preauth]","@timestamp":"2022-09-08T10:38:50.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:09 honeypot-ams-1 sshd[900]: Disconnected from invalid user user 45.61.184.204 port 53242 [preauth]","@timestamp":"2022-09-08T10:39:10.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:27 honeypot-ams-1 sshd[904]: Disconnected from invalid user user 45.61.184.204 port 47212 [preauth]","@timestamp":"2022-09-08T10:39:27.583Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:39:34 honeypot-fra-1 sshd[23755]: Disconnected from authenticating user root 143.244.158.100 port 52534 [preauth]","@timestamp":"2022-09-08T10:39:34.601Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:39:37 honeypot-ams-1 sshd[908]: Disconnected from invalid user user 45.61.184.204 port 58316 [preauth]","@timestamp":"2022-09-08T10:39:38.590Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:41:12 honeypot-fra-1 sshd[23760]: Disconnected from authenticating user root 143.244.158.100 port 38370 [preauth]","@timestamp":"2022-09-08T10:41:12.694Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:42:33.979Z","@version":"1","message":"Sep  8 10:42:33 honeypot-sgp-1 sshd[30768]: Invalid user admin from 128.199.160.207 port 33518","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:42:33.979Z","@version":"1","message":"Sep  8 10:42:33 honeypot-sgp-1 sshd[30774]: Invalid user admin from 128.199.160.207 port 33546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:43:31 honeypot-fra-1 sshd[23766]: Connection closed by invalid user admin 141.98.10.158 port 41786 [preauth]","@timestamp":"2022-09-08T10:43:32.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:45:31 honeypot-fra-1 sshd[23772]: Disconnected from authenticating user root 143.244.158.100 port 45230 [preauth]","@timestamp":"2022-09-08T10:45:31.789Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:45:44 honeypot-ams-1 sshd[913]: Did not receive identification string from 45.61.186.49 port 35484","@timestamp":"2022-09-08T10:45:45.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:46:01 honeypot-ams-1 sshd[916]: Received disconnect from 45.61.186.49 port 48170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:46:01.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 10:46:11 honeypot-ams-1 sshd[920]: Received disconnect from 45.61.186.49 port 59904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:46:11.762Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:47:09 honeypot-fra-1 sshd[23779]: Disconnected from authenticating user root 143.244.158.100 port 43792 [preauth]","@timestamp":"2022-09-08T10:47:09.827Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:48:52.129Z","@version":"1","message":"Sep  8 10:48:51 honeypot-sgp-1 sshd[30780]: Invalid user user from 141.255.162.226 port 58248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T10:48:56.132Z","@version":"1","message":"Sep  8 10:48:55 honeypot-sgp-1 sshd[30782]: Disconnected from invalid user user 141.255.162.226 port 43860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:49:39 honeypot-fra-1 sshd[23785]: Disconnected from authenticating user root 143.244.158.100 port 50224 [preauth]","@timestamp":"2022-09-08T10:49:39.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:50:30 honeypot-fra-1 sshd[23789]: Disconnected from authenticating user root 143.244.158.100 port 33388 [preauth]","@timestamp":"2022-09-08T10:50:30.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:13 honeypot-fra-1 sshd[23794]: Received disconnect from 141.255.162.226 port 60570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:51:13.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:15 honeypot-fra-1 sshd[23798]: Received disconnect from 141.255.162.226 port 53458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:51:15.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:17 honeypot-fra-1 sshd[23802]: Received disconnect from 141.255.162.226 port 39456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:51:17.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:51:20 honeypot-fra-1 sshd[23808]: Received disconnect from 141.255.162.226 port 60818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:51:20.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:52:11 honeypot-fra-1 sshd[23811]: Disconnected from authenticating user root 143.244.158.100 port 51130 [preauth]","@timestamp":"2022-09-08T10:52:11.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:54:43 honeypot-fra-1 sshd[23817]: Disconnected from authenticating user root 143.244.158.100 port 56458 [preauth]","@timestamp":"2022-09-08T10:54:44.005Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T10:55:48.295Z","@version":"1","message":"Sep  8 10:55:47 honeypot-sgp-1 kernel: [83510664.963202] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.216.71.18 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=52071 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:57:12 honeypot-fra-1 sshd[23824]: Received disconnect from 143.244.158.100 port 46944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T10:57:13.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 10:58:54 honeypot-fra-1 sshd[23828]: Disconnected from authenticating user root 143.244.158.100 port 33254 [preauth]","@timestamp":"2022-09-08T10:58:55.104Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 11:01:18 honeypot-ams-1 kernel: [83511466.612424] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42370 PROTO=TCP SPT=45926 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:01:19.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:01:34 honeypot-fra-1 sshd[23834]: Disconnected from authenticating user root 143.244.158.100 port 41542 [preauth]","@timestamp":"2022-09-08T11:01:35.165Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:04:18 honeypot-fra-1 sshd[23841]: Disconnected from authenticating user root 143.244.158.100 port 59640 [preauth]","@timestamp":"2022-09-08T11:04:19.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:06:11 honeypot-fra-1 sshd[23847]: Received disconnect from 143.244.158.100 port 43098:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:06:12.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:08:29 honeypot-ams-1 sshd[931]: Disconnected from authenticating user root 109.205.213.20 port 46530 [preauth]","@timestamp":"2022-09-08T11:08:30.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:08:54 honeypot-fra-1 sshd[23854]: Received disconnect from 143.244.158.100 port 36418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:08:55.345Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:54 honeypot-ams-1 sshd[937]: Disconnected from authenticating user root 2.205.79.92 port 63920 [preauth]","@timestamp":"2022-09-08T11:09:55.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:55 honeypot-ams-1 sshd[943]: Received disconnect from 2.205.79.92 port 52400:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:56.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:56 honeypot-ams-1 sshd[949]: Received disconnect from 2.205.79.92 port 52430:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:57.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:57 honeypot-ams-1 sshd[955]: Received disconnect from 2.205.79.92 port 52454:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:58.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:58 honeypot-ams-1 sshd[961]: Received disconnect from 2.205.79.92 port 52475:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:59.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:09:59 honeypot-ams-1 sshd[967]: Received disconnect from 2.205.79.92 port 52507:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:09:59.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:00 honeypot-ams-1 sshd[973]: Received disconnect from 2.205.79.92 port 52543:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:00.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:00 honeypot-ams-1 sshd[979]: Received disconnect from 2.205.79.92 port 52568:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:01.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:01 honeypot-ams-1 sshd[985]: Received disconnect from 2.205.79.92 port 52586:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:02.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:02 honeypot-ams-1 sshd[991]: Received disconnect from 2.205.79.92 port 52617:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:03.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:03 honeypot-ams-1 sshd[997]: Received disconnect from 2.205.79.92 port 52641:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:04.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:04 honeypot-ams-1 sshd[1001]: Received disconnect from 2.205.79.92 port 63995:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:04.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:04 honeypot-ams-1 sshd[1005]: Received disconnect from 2.205.79.92 port 52687:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:05.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:05 honeypot-ams-1 sshd[1009]: Received disconnect from 2.205.79.92 port 52708:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:05.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:05 honeypot-ams-1 sshd[1013]: Received disconnect from 2.205.79.92 port 52728:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:06.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:06 honeypot-ams-1 sshd[1017]: Received disconnect from 2.205.79.92 port 52748:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:06.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:06 honeypot-ams-1 sshd[1019]: Disconnected from authenticating user root 109.205.213.20 port 33124 [preauth]","@timestamp":"2022-09-08T11:10:07.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:07 honeypot-ams-1 sshd[1027]: Received disconnect from 2.205.79.92 port 52783:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:08.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:08 honeypot-ams-1 sshd[1031]: Received disconnect from 2.205.79.92 port 52797:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:08.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:08 honeypot-ams-1 sshd[1035]: Received disconnect from 2.205.79.92 port 52810:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:09.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:09 honeypot-ams-1 sshd[1039]: Received disconnect from 2.205.79.92 port 52829:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:09.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:09 honeypot-ams-1 sshd[1043]: Received disconnect from 2.205.79.92 port 52854:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:10.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:10 honeypot-ams-1 sshd[1047]: Received disconnect from 2.205.79.92 port 52872:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:10.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:10 honeypot-ams-1 sshd[1051]: Received disconnect from 2.205.79.92 port 52889:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:11.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:11 honeypot-ams-1 sshd[1055]: Received disconnect from 2.205.79.92 port 52905:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:12.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:12 honeypot-ams-1 sshd[1059]: Received disconnect from 2.205.79.92 port 52921:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:12.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:12 honeypot-ams-1 sshd[1063]: Received disconnect from 2.205.79.92 port 52943:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:10:13.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:10:19 honeypot-ams-1 sshd[1067]: Disconnected from authenticating user root 109.205.213.20 port 56900 [preauth]","@timestamp":"2022-09-08T11:10:20.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:10:39 honeypot-fra-1 sshd[23860]: Received disconnect from 143.244.158.100 port 38646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:10:39.385Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:12:29 honeypot-ams-1 sshd[1073]: Received disconnect from 109.205.213.20 port 34596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:12:29.445Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:12:31 honeypot-fra-1 sshd[23866]: Did not receive identification string from 106.12.107.221 port 51676","@timestamp":"2022-09-08T11:12:32.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:14:10 honeypot-fra-1 sshd[23872]: Received disconnect from 106.12.107.221 port 38028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:14:11.466Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:15:02.754Z","@version":"1","message":"Sep  8 11:15:01 honeypot-sgp-1 sshd[30795]: Invalid user pi from 79.163.138.216 port 56530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:16:00 honeypot-fra-1 sshd[23878]: Received disconnect from 143.244.158.100 port 54156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:16:00.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:17:01 honeypot-fra-1 CRON[23882]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T11:17:01.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:17:01 honeypot-ams-1 CRON[1078]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T11:17:02.565Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:19:25 honeypot-fra-1 sshd[23890]: Received disconnect from 143.244.158.100 port 41066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:19:26.606Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:20:23.886Z","@version":"1","message":"Sep  8 11:20:23 honeypot-sgp-1 kernel: [83512140.439524] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=56741 PROTO=TCP SPT=55505 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:20:30 honeypot-ams-1 sshd[1085]: Invalid user user from 198.98.61.9 port 53322","@timestamp":"2022-09-08T11:20:30.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:20:46 honeypot-ams-1 sshd[1089]: Invalid user user from 198.98.61.9 port 47868","@timestamp":"2022-09-08T11:20:46.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:21:01 honeypot-ams-1 sshd[1093]: Invalid user user from 198.98.61.9 port 42424","@timestamp":"2022-09-08T11:21:01.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:21:14 honeypot-fra-1 sshd[23894]: Disconnected from authenticating user root 143.244.158.100 port 53400 [preauth]","@timestamp":"2022-09-08T11:21:14.648Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 11:21:45 honeypot-ams-1 kernel: [83512693.545111] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=53133 PROTO=TCP SPT=54970 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:21:45.696Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:26:07 honeypot-ams-1 sshd[1103]: Connection closed by 180.76.173.237 port 58166 [preauth]","@timestamp":"2022-09-08T11:26:07.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:30:45 honeypot-fra-1 kernel: [83511086.093751] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=18620 PROTO=TCP SPT=56607 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:30:46.856Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:31:09 honeypot-fra-1 sshd[23905]: Connection closed by invalid user admin 159.203.178.0 port 43198 [preauth]","@timestamp":"2022-09-08T11:31:09.866Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:32:06.167Z","@version":"1","message":"Sep  8 11:32:05 honeypot-sgp-1 kernel: [83512842.995950] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=57005 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:35:07.242Z","@version":"1","message":"Sep  8 11:35:06 honeypot-sgp-1 sshd[30808]: Invalid user  from 64.62.197.92 port 47860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:35:20 honeypot-fra-1 sshd[23912]: Received disconnect from 165.22.45.108 port 40284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T11:35:20.958Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:37:54.313Z","@version":"1","message":"Sep  8 11:37:53 honeypot-sgp-1 kernel: [83513190.888843] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=57005 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:39:08 honeypot-ams-1 sshd[1106]: Received disconnect from 122.181.16.134 port 44389:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:39:09.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:43:05 honeypot-ams-1 sshd[1111]: Received disconnect from 41.60.236.6 port 47868:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:43:06.264Z"}
{"@timestamp":"2022-09-08T11:45:39.503Z","@version":"1","message":"Sep  8 11:45:39 honeypot-sgp-1 sshd[30817]: Disconnected from authenticating user root 179.224.196.91 port 10154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:45:42 honeypot-fra-1 sshd[23918]: Did not receive identification string from 58.72.18.130 port 33655","@timestamp":"2022-09-08T11:45:42.181Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:45:49.508Z","@version":"1","message":"Sep  8 11:45:48 honeypot-sgp-1 sshd[30823]: Received disconnect from 179.224.196.91 port 10157:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:45:58.514Z","@version":"1","message":"Sep  8 11:45:58 honeypot-sgp-1 sshd[30829]: Received disconnect from 179.224.196.91 port 10160:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:07.518Z","@version":"1","message":"Sep  8 11:46:07 honeypot-sgp-1 sshd[30835]: Received disconnect from 179.224.196.91 port 10163:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:17.523Z","@version":"1","message":"Sep  8 11:46:16 honeypot-sgp-1 sshd[30841]: Received disconnect from 179.224.196.91 port 10166:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:26.529Z","@version":"1","message":"Sep  8 11:46:26 honeypot-sgp-1 sshd[30847]: Received disconnect from 179.224.196.91 port 10169:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:36.534Z","@version":"1","message":"Sep  8 11:46:35 honeypot-sgp-1 sshd[30853]: Received disconnect from 179.224.196.91 port 10172:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:45.539Z","@version":"1","message":"Sep  8 11:46:44 honeypot-sgp-1 sshd[30859]: Received disconnect from 179.224.196.91 port 10175:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:46:54.545Z","@version":"1","message":"Sep  8 11:46:54 honeypot-sgp-1 sshd[30865]: Received disconnect from 179.224.196.91 port 10178:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:03.551Z","@version":"1","message":"Sep  8 11:47:03 honeypot-sgp-1 sshd[30871]: Received disconnect from 179.224.196.91 port 10181:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:13.556Z","@version":"1","message":"Sep  8 11:47:12 honeypot-sgp-1 sshd[30878]: Received disconnect from 179.224.196.91 port 10184:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:22.560Z","@version":"1","message":"Sep  8 11:47:21 honeypot-sgp-1 sshd[30884]: Received disconnect from 179.224.196.91 port 10187:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:31.566Z","@version":"1","message":"Sep  8 11:47:30 honeypot-sgp-1 sshd[30890]: Invalid user admin from 179.224.196.91 port 10190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:37.569Z","@version":"1","message":"Sep  8 11:47:36 honeypot-sgp-1 sshd[30894]: Invalid user admin from 179.224.196.91 port 10192","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:43.572Z","@version":"1","message":"Sep  8 11:47:42 honeypot-sgp-1 sshd[30898]: Invalid user admin from 179.224.196.91 port 10154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:49.575Z","@version":"1","message":"Sep  8 11:47:49 honeypot-sgp-1 sshd[30902]: Invalid user admin from 179.224.196.91 port 10156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:47:56.580Z","@version":"1","message":"Sep  8 11:47:55 honeypot-sgp-1 sshd[30906]: Invalid user admin from 179.224.196.91 port 10158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:02.584Z","@version":"1","message":"Sep  8 11:48:01 honeypot-sgp-1 sshd[30910]: Invalid user user from 179.224.196.91 port 10160","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:09.587Z","@version":"1","message":"Sep  8 11:48:08 honeypot-sgp-1 sshd[30914]: Disconnected from authenticating user root 179.224.196.91 port 10162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:15.591Z","@version":"1","message":"Sep  8 11:48:14 honeypot-sgp-1 sshd[30918]: Disconnected from invalid user pi 179.224.196.91 port 10164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:21.594Z","@version":"1","message":"Sep  8 11:48:21 honeypot-sgp-1 sshd[30922]: Disconnected from invalid user ethos 179.224.196.91 port 10166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:27.598Z","@version":"1","message":"Sep  8 11:48:27 honeypot-sgp-1 sshd[30926]: Disconnected from invalid user miner 179.224.196.91 port 10168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:34.602Z","@version":"1","message":"Sep  8 11:48:33 honeypot-sgp-1 sshd[30930]: Disconnected from invalid user volumio 179.224.196.91 port 10170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:40.606Z","@version":"1","message":"Sep  8 11:48:39 honeypot-sgp-1 sshd[30934]: Disconnected from invalid user nagios 179.224.196.91 port 10172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:46.609Z","@version":"1","message":"Sep  8 11:48:45 honeypot-sgp-1 sshd[30938]: Disconnected from invalid user vagrant 179.224.196.91 port 10174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:52.612Z","@version":"1","message":"Sep  8 11:48:52 honeypot-sgp-1 sshd[30942]: Disconnected from invalid user debian 179.224.196.91 port 10176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:48:58.616Z","@version":"1","message":"Sep  8 11:48:58 honeypot-sgp-1 sshd[30946]: Disconnected from invalid user debian 179.224.196.91 port 10178 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:04.619Z","@version":"1","message":"Sep  8 11:49:04 honeypot-sgp-1 sshd[30950]: Disconnected from invalid user alarm 179.224.196.91 port 10180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:11.626Z","@version":"1","message":"Sep  8 11:49:10 honeypot-sgp-1 sshd[30954]: Disconnected from invalid user test 179.224.196.91 port 10182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:49:17.629Z","@version":"1","message":"Sep  8 11:49:16 honeypot-sgp-1 sshd[30958]: Disconnected from invalid user cirros 179.224.196.91 port 10184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 11:49:27 honeypot-ams-1 sshd[1116]: Disconnected from authenticating user root 92.255.85.69 port 52242 [preauth]","@timestamp":"2022-09-08T11:49:28.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:51:07 honeypot-fra-1 sshd[23922]: Received disconnect from 157.230.47.60 port 50806:11: Bye Bye [preauth]","@timestamp":"2022-09-08T11:51:08.300Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T11:51:27.682Z","@version":"1","message":"Sep  8 11:51:27 honeypot-sgp-1 sshd[30961]: Disconnected from invalid user user 45.61.186.49 port 60680 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T11:51:39.688Z","@version":"1","message":"Sep  8 11:51:39 honeypot-sgp-1 sshd[30965]: Disconnected from invalid user user 45.61.186.49 port 45790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 11:55:55 honeypot-fra-1 kernel: [83512595.238968] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=51705 PROTO=TCP SPT=54970 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T11:55:55.407Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T11:58:55.877Z","@version":"1","message":"Sep  8 11:58:55 honeypot-sgp-1 sshd[30972]: Disconnected from authenticating user root 92.255.85.69 port 62436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:01:36 honeypot-ams-1 sshd[1124]: Connection closed by 180.76.173.237 port 59000 [preauth]","@timestamp":"2022-09-08T12:01:37.767Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:58 honeypot-fra-1 sshd[23933]: Did not receive identification string from 43.138.54.131 port 48930","@timestamp":"2022-09-08T12:01:59.543Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23937]: Invalid user esuser from 43.138.54.131 port 53218","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23948]: Invalid user esuser from 43.138.54.131 port 53224","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:01:59 honeypot-fra-1 sshd[23941]: Connection closed by authenticating user root 43.138.54.131 port 53210 [preauth]","@timestamp":"2022-09-08T12:02:00.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23956]: Invalid user testuser from 43.138.54.131 port 53234","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23964]: Invalid user ftpuser from 43.138.54.131 port 53238","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:02 honeypot-fra-1 sshd[23963]: Connection closed by invalid user ec2-user 43.138.54.131 port 53226 [preauth]","@timestamp":"2022-09-08T12:02:03.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:05 honeypot-fra-1 sshd[23974]: Invalid user vagrant from 43.138.54.131 port 53254","@timestamp":"2022-09-08T12:02:06.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23980]: Invalid user teamspeak3 from 43.138.54.131 port 53264","@timestamp":"2022-09-08T12:02:15.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23989]: Invalid user ansible from 43.138.54.131 port 53280","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:14 honeypot-fra-1 sshd[23979]: Connection closed by invalid user es 43.138.54.131 port 53268 [preauth]","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:02:15 honeypot-fra-1 sshd[23984]: Connection closed by invalid user steam 43.138.54.131 port 53286 [preauth]","@timestamp":"2022-09-08T12:02:15.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:03:55 honeypot-fra-1 sshd[24005]: Invalid user physics from 165.227.160.124 port 37128","@timestamp":"2022-09-08T12:03:56.589Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T12:04:13.004Z","@version":"1","message":"Sep  8 12:04:12 honeypot-sgp-1 kernel: [83514769.856259] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.125.189.49 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=16113 PROTO=TCP SPT=48605 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:05:19 honeypot-fra-1 sshd[24009]: Received disconnect from 177.3.130.63 port 39496:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:05:19.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:06:48 honeypot-fra-1 sshd[24011]: Disconnected from invalid user ella 51.250.82.130 port 48532 [preauth]","@timestamp":"2022-09-08T12:06:48.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:09:48 honeypot-fra-1 sshd[24018]: Received disconnect from 178.128.22.123 port 45988:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:09:48.724Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 12:10:28 honeypot-ams-1 kernel: [83515616.082092] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=113 ID=18392 PROTO=TCP SPT=8837 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:10:28.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:13:06 honeypot-fra-1 sshd[24022]: Disconnected from authenticating user root 167.172.142.20 port 60388 [preauth]","@timestamp":"2022-09-08T12:13:06.796Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T12:15:50.291Z","@version":"1","message":"Sep  8 12:15:50 honeypot-sgp-1 kernel: [83515467.378852] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=56694 PROTO=TCP SPT=58403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:15:59 honeypot-ams-1 sshd[1134]: Disconnected from authenticating user root 134.122.123.117 port 52070 [preauth]","@timestamp":"2022-09-08T12:16:00.154Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:16:53 honeypot-fra-1 sshd[24028]: Received disconnect from 159.89.40.119 port 60034:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:16:53.880Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:17:01 honeypot-ams-1 CRON[1140]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T12:17:02.183Z"}
{"@timestamp":"2022-09-08T12:17:02.323Z","@version":"1","message":"Sep  8 12:17:01 honeypot-sgp-1 CRON[30984]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:17:49 honeypot-ams-1 sshd[1147]: Disconnected from authenticating user root 134.122.123.117 port 37672 [preauth]","@timestamp":"2022-09-08T12:17:50.207Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:10 honeypot-ams-1 sshd[1152]: Disconnected from authenticating user root 134.122.123.117 port 34706 [preauth]","@timestamp":"2022-09-08T12:18:11.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:25 honeypot-ams-1 sshd[1156]: Disconnected from invalid user user 198.98.61.9 port 51312 [preauth]","@timestamp":"2022-09-08T12:18:26.227Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:40 honeypot-ams-1 sshd[1162]: Invalid user user from 198.98.61.9 port 45094","@timestamp":"2022-09-08T12:18:41.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:18:41 honeypot-fra-1 sshd[24033]: Disconnected from authenticating user root 92.255.85.69 port 31072 [preauth]","@timestamp":"2022-09-08T12:18:41.922Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:18:52 honeypot-ams-1 sshd[1166]: Received disconnect from 134.122.123.117 port 57258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:18:53.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:19:13 honeypot-ams-1 sshd[1170]: Received disconnect from 134.122.123.117 port 54310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:19:14.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:19:56 honeypot-ams-1 sshd[1174]: Received disconnect from 134.122.123.117 port 48534:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:19:57.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:20:38 honeypot-ams-1 sshd[1179]: Received disconnect from 134.122.123.117 port 42794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:20:39.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:21:20 honeypot-ams-1 sshd[1183]: Received disconnect from 134.122.123.117 port 37006:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:21:21.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:22:02 honeypot-ams-1 sshd[1187]: Received disconnect from 134.122.123.117 port 59458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:22:02.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:22:44 honeypot-ams-1 sshd[1191]: Received disconnect from 134.122.123.117 port 53714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:22:44.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:23:26 honeypot-ams-1 sshd[1195]: Received disconnect from 134.122.123.117 port 47908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:23:26.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:24:07 honeypot-fra-1 sshd[24039]: Disconnected from authenticating user root 186.235.51.157 port 53832 [preauth]","@timestamp":"2022-09-08T12:24:08.045Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:24:11 honeypot-ams-1 sshd[1199]: Received disconnect from 134.122.123.117 port 42186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T12:24:12.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:24:40 honeypot-ams-1 sshd[1204]: Connection closed by 180.76.173.237 port 59558 [preauth]","@timestamp":"2022-09-08T12:24:40.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:25:17 honeypot-ams-1 sshd[1210]: Invalid user student from 134.122.123.117 port 33490","@timestamp":"2022-09-08T12:25:17.436Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:25:59 honeypot-ams-1 sshd[1215]: Invalid user weblogic from 134.122.123.117 port 55922","@timestamp":"2022-09-08T12:26:00.456Z"}
{"@timestamp":"2022-09-08T12:26:03.542Z","@version":"1","message":"Sep  8 12:26:02 honeypot-sgp-1 sshd[30990]: Disconnected from invalid user katie 98.252.188.193 port 38718 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 12:27:38 honeypot-ams-1 kernel: [83516646.476298] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=7673 PROTO=TCP SPT=40020 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:27:39.499Z"}
{"@timestamp":"2022-09-08T12:32:20.695Z","@version":"1","message":"Sep  8 12:32:20 honeypot-sgp-1 sshd[30995]: Received disconnect from 103.226.249.51 port 38246:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 12:33:14 honeypot-ams-1 kernel: [83516982.826412] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.215.189 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60478 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:33:15.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:34:02 honeypot-fra-1 kernel: [83514882.530507] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.161.131.237 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=54321 PROTO=TCP SPT=59920 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:34:03.263Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T12:35:44.781Z","@version":"1","message":"Sep  8 12:35:44 honeypot-sgp-1 sshd[30998]: Disconnected from invalid user wu 203.194.103.202 port 25362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:38:46 honeypot-ams-1 sshd[1225]: Invalid user ro from 49.206.244.232 port 40062","@timestamp":"2022-09-08T12:38:46.792Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 12:41:59 honeypot-ams-1 kernel: [83517507.535829] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=65062 DF PROTO=TCP SPT=35963 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:41:59.881Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:42:07 honeypot-fra-1 sshd[24047]: Received disconnect from 92.255.85.69 port 41384:11: Bye Bye [preauth]","@timestamp":"2022-09-08T12:42:07.474Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:43:31 honeypot-ams-1 sshd[1232]: Connection closed by invalid user admin 159.203.178.0 port 55652 [preauth]","@timestamp":"2022-09-08T12:43:31.922Z"}
{"@timestamp":"2022-09-08T12:47:14.076Z","@version":"1","message":"Sep  8 12:47:13 honeypot-sgp-1 sshd[31003]: Invalid user bart from 158.101.97.210 port 44806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:48:04 honeypot-ams-1 sshd[1239]: Disconnected from authenticating user root 128.199.171.119 port 47838 [preauth]","@timestamp":"2022-09-08T12:48:05.045Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:50:18 honeypot-fra-1 kernel: [83515858.630424] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.107.180.142 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=117 ID=48455 DF PROTO=TCP SPT=25849 DPT=80 WINDOW=42340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:50:19.654Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 12:51:06 honeypot-fra-1 kernel: [83515906.904489] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=3931 PROTO=TCP SPT=57834 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T12:51:07.674Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:54:00 honeypot-ams-1 sshd[1244]: Disconnected from invalid user vern 181.53.251.199 port 33310 [preauth]","@timestamp":"2022-09-08T12:54:00.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 12:57:34 honeypot-ams-1 sshd[1250]: Connection closed by invalid user pi 98.220.218.194 port 58796 [preauth]","@timestamp":"2022-09-08T12:57:35.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:00:41 honeypot-ams-1 sshd[1256]: Received disconnect from 45.61.187.160 port 56188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:00:41.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:00:51 honeypot-ams-1 sshd[1260]: Disconnected from invalid user user 45.61.187.160 port 39496 [preauth]","@timestamp":"2022-09-08T13:00:51.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:01:09 honeypot-ams-1 sshd[1264]: Received disconnect from 45.61.187.160 port 34338:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:01:09.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:01:28 honeypot-ams-1 sshd[1268]: Received disconnect from 45.61.187.160 port 57410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:01:29.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:03:51 honeypot-fra-1 sshd[24073]: Disconnected from authenticating user root 92.255.85.70 port 63720 [preauth]","@timestamp":"2022-09-08T13:03:52.970Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:04:21 honeypot-ams-1 kernel: [83518848.964137] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.39.220.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=23759 PROTO=TCP SPT=42032 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:04:21.481Z"}
{"@timestamp":"2022-09-08T13:05:49.534Z","@version":"1","message":"Sep  8 13:05:48 honeypot-sgp-1 sshd[31010]: Received disconnect from 138.68.50.30 port 40322:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:05:58 honeypot-ams-1 sshd[1276]: Received disconnect from 45.61.186.249 port 50352:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:05:58.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:06:18 honeypot-ams-1 sshd[1280]: Received disconnect from 45.61.186.249 port 45364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:06:19.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:06:38 honeypot-ams-1 sshd[1284]: Received disconnect from 45.61.186.249 port 40378:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:06:38.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:07:06 honeypot-ams-1 sshd[1286]: Received disconnect from 167.99.220.160 port 45180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:07:06.565Z"}
{"@timestamp":"2022-09-08T13:07:23.575Z","@version":"1","message":"Sep  8 13:07:22 honeypot-sgp-1 sshd[31014]: Disconnected from invalid user heiko 222.252.243.104 port 21927 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:08:32 honeypot-fra-1 kernel: [83516952.069760] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.197 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=56932 PROTO=TCP SPT=35191 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:08:33.081Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:38 honeypot-fra-1 sshd[24082]: Disconnected from authenticating user root 115.73.213.109 port 58458 [preauth]","@timestamp":"2022-09-08T13:11:39.151Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:42 honeypot-fra-1 sshd[24088]: Received disconnect from 115.73.213.109 port 58632:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:43.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:46 honeypot-fra-1 sshd[24094]: Received disconnect from 115.73.213.109 port 58766:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:47.155Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:51 honeypot-fra-1 sshd[24100]: Received disconnect from 115.73.213.109 port 59122:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:52.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:11:55 honeypot-fra-1 sshd[24106]: Received disconnect from 115.73.213.109 port 59266:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:11:56.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:00 honeypot-fra-1 sshd[24112]: Received disconnect from 115.73.213.109 port 59592:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:01.162Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:04 honeypot-fra-1 sshd[24118]: Received disconnect from 115.73.213.109 port 59760:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:05.165Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:08 honeypot-fra-1 sshd[24124]: Received disconnect from 115.73.213.109 port 60066:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:09.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:12 honeypot-fra-1 sshd[24130]: Received disconnect from 115.73.213.109 port 60242:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:13.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:17 honeypot-fra-1 sshd[24136]: Received disconnect from 115.73.213.109 port 60528:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:18.172Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:22 honeypot-fra-1 sshd[24142]: Received disconnect from 115.73.213.109 port 60746:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:23.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:26 honeypot-fra-1 sshd[24148]: Received disconnect from 115.73.213.109 port 60892:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:27.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:29 honeypot-fra-1 sshd[24152]: Disconnected from invalid user admin 115.73.213.109 port 32914 [preauth]","@timestamp":"2022-09-08T13:12:30.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:32 honeypot-fra-1 sshd[24156]: Disconnected from invalid user admin 115.73.213.109 port 33034 [preauth]","@timestamp":"2022-09-08T13:12:33.180Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:35 honeypot-fra-1 sshd[24160]: Disconnected from invalid user admin 115.73.213.109 port 33118 [preauth]","@timestamp":"2022-09-08T13:12:35.182Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:37 honeypot-fra-1 sshd[24164]: Disconnected from invalid user admin 115.73.213.109 port 33276 [preauth]","@timestamp":"2022-09-08T13:12:38.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:40 honeypot-fra-1 sshd[24168]: Disconnected from invalid user admin 115.73.213.109 port 33474 [preauth]","@timestamp":"2022-09-08T13:12:41.186Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:43 honeypot-fra-1 sshd[24172]: Disconnected from invalid user user 115.73.213.109 port 33580 [preauth]","@timestamp":"2022-09-08T13:12:44.188Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:47 honeypot-fra-1 sshd[24178]: Received disconnect from 115.73.213.109 port 33754:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:48.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:51 honeypot-fra-1 sshd[24182]: Received disconnect from 115.73.213.109 port 33968:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:51.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:53 honeypot-fra-1 sshd[24186]: Received disconnect from 115.73.213.109 port 34098:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:54.194Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:56 honeypot-fra-1 sshd[24190]: Received disconnect from 115.73.213.109 port 34178:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:12:57.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:12:59 honeypot-fra-1 sshd[24194]: Received disconnect from 115.73.213.109 port 34430:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:13:00.197Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:02 honeypot-fra-1 sshd[24198]: Received disconnect from 115.73.213.109 port 34562:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:13:03.199Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:05 honeypot-fra-1 sshd[24202]: Received disconnect from 115.73.213.109 port 34650:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:13:06.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:08 honeypot-fra-1 sshd[24206]: Received disconnect from 115.73.213.109 port 34892:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:13:09.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:11 honeypot-fra-1 sshd[24210]: Received disconnect from 115.73.213.109 port 35052:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:13:12.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:14 honeypot-fra-1 sshd[24214]: Received disconnect from 115.73.213.109 port 35144:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:13:14.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:13:16 honeypot-fra-1 sshd[24218]: Received disconnect from 115.73.213.109 port 35244:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:13:17.207Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:14:52.756Z","@version":"1","message":"Sep  8 13:14:52 honeypot-sgp-1 sshd[31019]: Disconnected from invalid user ikeda 154.221.26.62 port 53398 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:16:59.811Z","@version":"1","message":"Sep  8 13:16:58 honeypot-sgp-1 sshd[31024]: Disconnected from invalid user user 141.255.162.226 port 37254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:17:00.812Z","@version":"1","message":"Sep  8 13:17:00 honeypot-sgp-1 sshd[31028]: Invalid user user from 141.255.162.226 port 51766","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:17:01 honeypot-fra-1 CRON[24223]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T13:17:01.300Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:17:02.813Z","@version":"1","message":"Sep  8 13:17:02 honeypot-sgp-1 sshd[31030]: Received disconnect from 141.255.162.226 port 38034:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:17:50 honeypot-fra-1 sshd[24228]: Disconnected from invalid user test 62.204.41.222 port 22176 [preauth]","@timestamp":"2022-09-08T13:17:51.321Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:18:50 honeypot-ams-1 sshd[1295]: Disconnected from authenticating user root 92.255.85.69 port 24984 [preauth]","@timestamp":"2022-09-08T13:18:51.864Z"}
{"@timestamp":"2022-09-08T13:22:05.935Z","@version":"1","message":"Sep  8 13:22:05 honeypot-sgp-1 sshd[31038]: Disconnected from authenticating user root 27.1.253.142 port 45590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:22:29 honeypot-fra-1 sshd[24234]: Received disconnect from 198.98.61.9 port 48918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:22:30.426Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:22:45 honeypot-fra-1 sshd[24238]: Received disconnect from 198.98.61.9 port 42356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:22:45.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:22:59 honeypot-fra-1 sshd[24242]: Received disconnect from 198.98.61.9 port 35802:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:23:00.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:23:13 honeypot-fra-1 sshd[24246]: Received disconnect from 198.98.61.9 port 57464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T13:23:14.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:26:39 honeypot-fra-1 sshd[24250]: Received disconnect from 92.255.85.69 port 56950:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:26:39.536Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:29:39.118Z","@version":"1","message":"Sep  8 13:29:38 honeypot-sgp-1 sshd[31045]: Disconnected from authenticating user root 92.255.85.69 port 39486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:10 honeypot-ams-1 sshd[1303]: Invalid user ubnt from 78.180.95.103 port 59732","@timestamp":"2022-09-08T13:30:11.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:11 honeypot-ams-1 sshd[1307]: Disconnected from authenticating user root 78.180.95.103 port 59784 [preauth]","@timestamp":"2022-09-08T13:30:12.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:13 honeypot-ams-1 sshd[1313]: Disconnected from authenticating user root 78.180.95.103 port 59888 [preauth]","@timestamp":"2022-09-08T13:30:14.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:14 honeypot-ams-1 sshd[1319]: Disconnected from authenticating user root 78.180.95.103 port 60006 [preauth]","@timestamp":"2022-09-08T13:30:15.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:16 honeypot-ams-1 sshd[1325]: Disconnected from authenticating user root 78.180.95.103 port 60092 [preauth]","@timestamp":"2022-09-08T13:30:17.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:17 honeypot-ams-1 sshd[1331]: Disconnected from authenticating user root 78.180.95.103 port 60180 [preauth]","@timestamp":"2022-09-08T13:30:18.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:19 honeypot-ams-1 sshd[1337]: Disconnected from authenticating user root 78.180.95.103 port 60278 [preauth]","@timestamp":"2022-09-08T13:30:20.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:20 honeypot-ams-1 sshd[1343]: Disconnected from authenticating user root 78.180.95.103 port 60374 [preauth]","@timestamp":"2022-09-08T13:30:21.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:22 honeypot-ams-1 sshd[1349]: Disconnected from authenticating user root 78.180.95.103 port 60470 [preauth]","@timestamp":"2022-09-08T13:30:23.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:24 honeypot-ams-1 sshd[1355]: Disconnected from authenticating user root 78.180.95.103 port 60566 [preauth]","@timestamp":"2022-09-08T13:30:24.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:25 honeypot-ams-1 sshd[1361]: Disconnected from authenticating user root 78.180.95.103 port 60668 [preauth]","@timestamp":"2022-09-08T13:30:26.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:27 honeypot-ams-1 sshd[1367]: Disconnected from authenticating user root 78.180.95.103 port 60738 [preauth]","@timestamp":"2022-09-08T13:30:28.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:28 honeypot-ams-1 sshd[1373]: Invalid user admin from 78.180.95.103 port 60822","@timestamp":"2022-09-08T13:30:29.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:29 honeypot-ams-1 sshd[1377]: Invalid user admin from 78.180.95.103 port 60894","@timestamp":"2022-09-08T13:30:30.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:30 honeypot-ams-1 sshd[1383]: Invalid user admin from 78.180.95.103 port 60954","@timestamp":"2022-09-08T13:30:31.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:31 honeypot-ams-1 sshd[1387]: Invalid user admin from 78.180.95.103 port 32776","@timestamp":"2022-09-08T13:30:32.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:32 honeypot-ams-1 sshd[1389]: Invalid user admin from 78.180.95.103 port 32802","@timestamp":"2022-09-08T13:30:33.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:33 honeypot-ams-1 sshd[1393]: Invalid user user from 78.180.95.103 port 32888","@timestamp":"2022-09-08T13:30:34.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:34 honeypot-ams-1 sshd[1397]: Disconnected from authenticating user root 78.180.95.103 port 32948 [preauth]","@timestamp":"2022-09-08T13:30:35.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:35 honeypot-ams-1 sshd[1401]: Disconnected from invalid user pi 78.180.95.103 port 33000 [preauth]","@timestamp":"2022-09-08T13:30:36.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:36 honeypot-ams-1 sshd[1405]: Disconnected from invalid user ethos 78.180.95.103 port 33056 [preauth]","@timestamp":"2022-09-08T13:30:37.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:37 honeypot-ams-1 sshd[1409]: Disconnected from invalid user miner 78.180.95.103 port 33100 [preauth]","@timestamp":"2022-09-08T13:30:38.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:38 honeypot-ams-1 sshd[1413]: Disconnected from invalid user volumio 78.180.95.103 port 33152 [preauth]","@timestamp":"2022-09-08T13:30:39.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:39 honeypot-ams-1 sshd[1417]: Disconnected from invalid user nagios 78.180.95.103 port 33226 [preauth]","@timestamp":"2022-09-08T13:30:40.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:40 honeypot-ams-1 sshd[1421]: Disconnected from invalid user vagrant 78.180.95.103 port 33302 [preauth]","@timestamp":"2022-09-08T13:30:41.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:41 honeypot-ams-1 sshd[1425]: Disconnected from invalid user debian 78.180.95.103 port 33350 [preauth]","@timestamp":"2022-09-08T13:30:42.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:42 honeypot-ams-1 sshd[1429]: Disconnected from invalid user debian 78.180.95.103 port 33422 [preauth]","@timestamp":"2022-09-08T13:30:43.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:43 honeypot-ams-1 sshd[1433]: Disconnected from invalid user alarm 78.180.95.103 port 33484 [preauth]","@timestamp":"2022-09-08T13:30:44.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:45 honeypot-ams-1 sshd[1437]: Disconnected from invalid user test 78.180.95.103 port 33560 [preauth]","@timestamp":"2022-09-08T13:30:45.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:30:46 honeypot-ams-1 sshd[1441]: Disconnected from invalid user cirros 78.180.95.103 port 33622 [preauth]","@timestamp":"2022-09-08T13:30:46.181Z"}
{"@timestamp":"2022-09-08T13:33:15.228Z","@version":"1","message":"Sep  8 13:33:14 honeypot-sgp-1 sshd[31047]: Invalid user anne from 187.216.254.180 port 35828","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:34:23 honeypot-fra-1 sshd[24256]: Received disconnect from 91.240.118.222 port 41778:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-08T13:34:23.703Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:36:04 honeypot-ams-1 sshd[1447]: Disconnected from invalid user test123 218.55.101.162 port 33164 [preauth]","@timestamp":"2022-09-08T13:36:05.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:36:32 honeypot-ams-1 sshd[1453]: Disconnected from invalid user user 45.61.186.249 port 56760 [preauth]","@timestamp":"2022-09-08T13:36:33.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:36:51 honeypot-ams-1 sshd[1457]: Invalid user user from 45.61.186.249 port 51756","@timestamp":"2022-09-08T13:36:52.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:37:00 honeypot-ams-1 sshd[1461]: Invalid user user from 45.61.186.249 port 35118","@timestamp":"2022-09-08T13:37:00.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:37:16 honeypot-ams-1 sshd[1465]: Invalid user user from 45.61.186.249 port 58376","@timestamp":"2022-09-08T13:37:17.361Z"}
{"@timestamp":"2022-09-08T13:38:56.373Z","@version":"1","message":"Sep  8 13:38:56 honeypot-sgp-1 sshd[31050]: Received disconnect from 192.241.236.30 port 37508:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 13:39:11 honeypot-ams-1 sshd[1469]: Received disconnect from 115.249.50.242 port 52358:11: Bye Bye [preauth]","@timestamp":"2022-09-08T13:39:11.410Z"}
{"@timestamp":"2022-09-08T13:41:54.447Z","@version":"1","message":"Sep  8 13:41:53 honeypot-sgp-1 sshd[31055]: Disconnected from invalid user apples 118.70.175.209 port 58380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:42:09 honeypot-fra-1 sshd[24259]: Disconnected from invalid user jan 189.213.210.132 port 36559 [preauth]","@timestamp":"2022-09-08T13:42:09.873Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:42:45.470Z","@version":"1","message":"Sep  8 13:42:45 honeypot-sgp-1 sshd[31059]: Disconnected from invalid user michaell 80.107.88.203 port 42318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 13:42:59 honeypot-ams-1 kernel: [83521167.818560] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.108.187.129 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=52875 DF PROTO=TCP SPT=57403 DPT=80 WINDOW=13140 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T13:43:00.507Z"}
{"@timestamp":"2022-09-08T13:45:39.541Z","@version":"1","message":"Sep  8 13:45:39 honeypot-sgp-1 sshd[31063]: Disconnected from invalid user mbe 165.227.175.44 port 43080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 13:49:00 honeypot-fra-1 sshd[24264]: Disconnected from authenticating user root 92.255.85.70 port 23568 [preauth]","@timestamp":"2022-09-08T13:49:01.023Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T13:52:11.697Z","@version":"1","message":"Sep  8 13:52:11 honeypot-sgp-1 sshd[31070]: Received disconnect from 35.216.73.53 port 45390:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T13:57:49.833Z","@version":"1","message":"Sep  8 13:57:48 honeypot-sgp-1 sshd[31075]: Received disconnect from 111.93.191.170 port 22098:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:01:29 honeypot-fra-1 sshd[24270]: Connection closed by invalid user albareedtravel 141.98.10.158 port 52912 [preauth]","@timestamp":"2022-09-08T14:01:29.294Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:04:22 honeypot-ams-1 sshd[1479]: Received disconnect from 92.255.85.70 port 27716:11: Bye Bye [preauth]","@timestamp":"2022-09-08T14:04:23.050Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:11:16 honeypot-fra-1 sshd[24275]: Disconnected from invalid user jm 165.22.45.108 port 45974 [preauth]","@timestamp":"2022-09-08T14:11:17.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T14:14:13.246Z","@version":"1","message":"Sep  8 14:14:12 honeypot-sgp-1 sshd[31080]: Disconnected from authenticating user root 92.255.85.69 port 60988 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:17:01 honeypot-fra-1 CRON[24282]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T14:17:01.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:17:01 honeypot-ams-1 CRON[1488]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-08T14:17:02.393Z"}
{"@timestamp":"2022-09-08T14:17:02.318Z","@version":"1","message":"Sep  8 14:17:01 honeypot-sgp-1 CRON[31085]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:23:17 honeypot-ams-1 kernel: [83523585.677722] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.143.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=4612 PROTO=TCP SPT=16050 DPT=443 WINDOW=394 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:23:18.551Z"}
{"@timestamp":"2022-09-08T14:24:54.515Z","@version":"1","message":"Sep  8 14:24:53 honeypot-sgp-1 kernel: [83523210.955953] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.227.97.195 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=4711 DF PROTO=TCP SPT=56226 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:25:44 honeypot-fra-1 kernel: [83521584.568984] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64520 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:25:44.857Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:28:16 honeypot-ams-1 kernel: [83523884.479737] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.141.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43042 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:28:16.675Z"}
{"@timestamp":"2022-09-08T14:33:05.713Z","@version":"1","message":"Sep  8 14:33:05 honeypot-sgp-1 sshd[31095]: Disconnected from invalid user user 141.255.162.226 port 45910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T14:33:11.717Z","@version":"1","message":"Sep  8 14:33:11 honeypot-sgp-1 sshd[31099]: Disconnected from invalid user user 141.255.162.226 port 60470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:34:24 honeypot-fra-1 sshd[24291]: Disconnected from invalid user jmduan 165.22.45.108 port 53198 [preauth]","@timestamp":"2022-09-08T14:34:25.048Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:41:59 honeypot-ams-1 kernel: [83524707.700675] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=23462 DF PROTO=TCP SPT=59943 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:42:00.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:43:31 honeypot-ams-1 sshd[1508]: Disconnected from authenticating user root 143.244.158.100 port 38444 [preauth]","@timestamp":"2022-09-08T14:43:32.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:46:05 honeypot-ams-1 sshd[1514]: Received disconnect from 143.244.158.100 port 36622:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:46:06.145Z"}
{"@timestamp":"2022-09-08T14:48:20.100Z","@version":"1","message":"Sep  8 14:48:20 honeypot-sgp-1 kernel: [83524617.157826] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.38.13.185 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=10243 DF PROTO=TCP SPT=1792 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:48:47 honeypot-ams-1 sshd[1521]: Received disconnect from 143.244.158.100 port 33136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:48:48.217Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:50:50 honeypot-ams-1 sshd[1527]: Received disconnect from 92.255.85.69 port 24520:11: Bye Bye [preauth]","@timestamp":"2022-09-08T14:50:50.273Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 14:51:25 honeypot-ams-1 kernel: [83525273.036220] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:51:25.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:52:57 honeypot-fra-1 sshd[24297]: Connection closed by invalid user lgy 137.116.144.39 port 51154 [preauth]","@timestamp":"2022-09-08T14:52:58.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:53:56 honeypot-ams-1 sshd[1537]: Received disconnect from 143.244.158.100 port 58912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:53:56.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:55:45 honeypot-ams-1 sshd[1544]: Disconnected from authenticating user root 143.244.158.100 port 59234 [preauth]","@timestamp":"2022-09-08T14:55:46.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 14:57:09 honeypot-fra-1 kernel: [83523469.595637] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.98.59.132 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55782 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T14:57:10.543Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 14:58:25 honeypot-ams-1 sshd[1552]: Received disconnect from 143.244.158.100 port 56642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T14:58:26.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:00:30 honeypot-fra-1 kernel: [83523670.469154] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.92.32.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=40804 PROTO=TCP SPT=49229 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:00:31.619Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:01:08 honeypot-ams-1 sshd[1559]: Received disconnect from 143.244.158.100 port 51018:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:01:08.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:04:00 honeypot-ams-1 sshd[1567]: Received disconnect from 143.244.158.100 port 35570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:04:00.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:05:56 honeypot-ams-1 sshd[1573]: Connection closed by authenticating user root 103.188.176.251 port 36384 [preauth]","@timestamp":"2022-09-08T15:05:57.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:07:08 honeypot-fra-1 kernel: [83524067.901905] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=132 ID=32720 PROTO=TCP SPT=31696 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:07:08.756Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:07:59 honeypot-ams-1 sshd[1580]: Disconnected from authenticating user root 143.244.158.100 port 44694 [preauth]","@timestamp":"2022-09-08T15:07:59.732Z"}
{"@timestamp":"2022-09-08T15:08:24.582Z","@version":"1","message":"Sep  8 15:08:24 honeypot-sgp-1 kernel: [83525821.219360] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=60899 PROTO=TCP SPT=49204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:08:24 honeypot-ams-1 sshd[1583]: Disconnected from invalid user test 62.204.41.222 port 8658 [preauth]","@timestamp":"2022-09-08T15:08:24.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:09:58 honeypot-ams-1 sshd[1588]: Received disconnect from 143.244.158.100 port 43994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:09:59.790Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:12:14 honeypot-fra-1 kernel: [83524373.983943] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=61030 PROTO=TCP SPT=49204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:12:14.865Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:12:28 honeypot-ams-1 kernel: [83526536.512760] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x60 TTL=55 ID=15201 DF PROTO=TCP SPT=16225 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:12:28.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:13:18 honeypot-ams-1 sshd[1598]: Disconnected from authenticating user root 143.244.158.100 port 52782 [preauth]","@timestamp":"2022-09-08T15:13:18.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:15:56 honeypot-ams-1 sshd[1607]: Received disconnect from 143.244.158.100 port 54882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:15:56.952Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:17:40 honeypot-ams-1 sshd[1615]: Received disconnect from 143.244.158.100 port 43856:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:17:41.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:19:29 honeypot-ams-1 sshd[1620]: Received disconnect from 143.244.158.100 port 58122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:19:30.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:20:54 honeypot-fra-1 sshd[24318]: Invalid user jm from 165.22.45.108 port 34818","@timestamp":"2022-09-08T15:20:55.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:21:19 honeypot-ams-1 kernel: [83527066.864228] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=44576 PROTO=TCP SPT=47845 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:21:19.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:23:46 honeypot-ams-1 sshd[1631]: Received disconnect from 91.240.118.222 port 56540:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-08T15:23:47.170Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:23:56 honeypot-fra-1 kernel: [83525076.214957] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=8821 PROTO=TCP SPT=42746 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:23:57.119Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:25:33 honeypot-ams-1 sshd[1637]: Received disconnect from 143.244.158.100 port 52516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:25:34.218Z"}
{"@timestamp":"2022-09-08T15:26:06.002Z","@version":"1","message":"Sep  8 15:26:05 honeypot-sgp-1 sshd[31139]: Invalid user admin from 148.153.82.141 port 53362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T15:26:09.005Z","@version":"1","message":"Sep  8 15:26:08 honeypot-sgp-1 sshd[31145]: Invalid user admin from 148.153.82.141 port 53396","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:27:45 honeypot-ams-1 sshd[1643]: Invalid user admin from 193.106.191.157 port 46098","@timestamp":"2022-09-08T15:27:46.279Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:29:53 honeypot-ams-1 sshd[1650]: Received disconnect from 143.244.158.100 port 60092:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:29:54.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:05 honeypot-ams-1 sshd[1655]: Did not receive identification string from 141.255.162.226 port 42094","@timestamp":"2022-09-08T15:34:06.450Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:12 honeypot-ams-1 sshd[1656]: Disconnected from invalid user user 141.255.162.226 port 42028 [preauth]","@timestamp":"2022-09-08T15:34:13.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:17 honeypot-ams-1 sshd[1660]: Received disconnect from 141.255.162.226 port 37276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T15:34:18.456Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:34:18 honeypot-fra-1 sshd[24325]: Received disconnect from 163.177.9.152 port 49460:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:34:19.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:20 honeypot-ams-1 sshd[1664]: Disconnected from invalid user user 141.255.162.226 port 49854 [preauth]","@timestamp":"2022-09-08T15:34:20.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:34:21 honeypot-ams-1 sshd[1668]: Disconnected from invalid user user 141.255.162.226 port 52938 [preauth]","@timestamp":"2022-09-08T15:34:22.459Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:35:31 honeypot-ams-1 sshd[1672]: Received disconnect from 92.255.85.69 port 38452:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:35:31.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:36:14 honeypot-fra-1 kernel: [83525813.739092] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.28.241.178 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=21105 DF PROTO=TCP SPT=61153 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:36:14.384Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:38:16 honeypot-ams-1 sshd[1676]: Disconnected from invalid user jeremy 181.28.152.134 port 55958 [preauth]","@timestamp":"2022-09-08T15:38:16.560Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:39:52 honeypot-ams-1 kernel: [83528180.123321] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:39:52.607Z"}
{"@timestamp":"2022-09-08T15:41:04.361Z","@version":"1","message":"Sep  8 15:41:03 honeypot-sgp-1 kernel: [83527781.023449] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=82.157.154.77 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=12133 DF PROTO=TCP SPT=42112 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:44:11 honeypot-fra-1 sshd[24332]: Invalid user jm from 165.22.45.108 port 39760","@timestamp":"2022-09-08T15:44:12.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:44:31 honeypot-ams-1 kernel: [83528459.297255] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:44:31.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:47:08 honeypot-fra-1 sshd[24336]: Disconnected from authenticating user root 52.170.31.174 port 45848 [preauth]","@timestamp":"2022-09-08T15:47:08.639Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T15:47:24.510Z","@version":"1","message":"Sep  8 15:47:23 honeypot-sgp-1 sshd[31154]: Disconnected from authenticating user root 92.255.85.70 port 46392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:49:37 honeypot-ams-1 kernel: [83528765.464823] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:49:37.861Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:50:28 honeypot-fra-1 kernel: [83526667.643352] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=132 ID=32720 PROTO=TCP SPT=31696 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:50:28.713Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 15:52:56 honeypot-ams-1 kernel: [83528964.257876] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T15:52:56.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24345]: Invalid user jenkins from 20.85.224.226 port 38764","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24348]: Invalid user git from 20.85.224.226 port 38762","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24346]: Connection closed by invalid user ec2-user 20.85.224.226 port 38768 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24356]: Invalid user upload from 20.85.224.226 port 38784","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24352]: Connection closed by invalid user es 20.85.224.226 port 38758 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24358]: Connection closed by invalid user centos 20.85.224.226 port 38776 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24353]: Connection closed by invalid user devops 20.85.224.226 port 38756 [preauth]","@timestamp":"2022-09-08T15:56:04.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24384]: Invalid user es from 20.85.224.226 port 38904","@timestamp":"2022-09-08T15:56:05.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:04 honeypot-fra-1 sshd[24389]: Invalid user web from 20.85.224.226 port 38902","@timestamp":"2022-09-08T15:56:05.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 15:56:05 honeypot-fra-1 sshd[24386]: Connection closed by invalid user hadoop 20.85.224.226 port 38908 [preauth]","@timestamp":"2022-09-08T15:56:05.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:58:28 honeypot-ams-1 sshd[1690]: Received disconnect from 92.255.85.69 port 62084:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:58:29.092Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 15:59:06 honeypot-ams-1 sshd[1692]: Received disconnect from 190.128.118.185 port 53068:11: Bye Bye [preauth]","@timestamp":"2022-09-08T15:59:06.110Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:01:39 honeypot-ams-1 kernel: [83529486.829352] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.63 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44465 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-08T16:01:39.176Z"}
{"@timestamp":"2022-09-08T16:02:07.855Z","@version":"1","message":"Sep  8 16:02:07 honeypot-sgp-1 kernel: [83529044.704065] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.174.70.181 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=20842 DF PROTO=TCP SPT=58818 DPT=80 WINDOW=65320 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:03:17 honeypot-fra-1 kernel: [83527436.661929] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:03:18.002Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T16:03:18.886Z","@version":"1","message":"Sep  8 16:03:18 honeypot-sgp-1 sshd[31161]: Disconnected from invalid user user 45.61.186.249 port 44792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:03:38.897Z","@version":"1","message":"Sep  8 16:03:38 honeypot-sgp-1 sshd[31165]: Disconnected from invalid user user 45.61.186.249 port 40578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:03:59.906Z","@version":"1","message":"Sep  8 16:03:59 honeypot-sgp-1 sshd[31169]: Disconnected from invalid user user 45.61.186.249 port 36414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T16:04:20.922Z","@version":"1","message":"Sep  8 16:04:20 honeypot-sgp-1 sshd[31173]: Disconnected from invalid user user 45.61.186.249 port 60404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:06:50 honeypot-fra-1 kernel: [83527649.685420] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.119 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=42247 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:06:51.082Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T16:10:35.074Z","@version":"1","message":"Sep  8 16:10:34 honeypot-sgp-1 kernel: [83529551.841560] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=216.218.206.101 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41930 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:16:02 honeypot-fra-1 sshd[24409]: Received disconnect from 161.35.138.131 port 37790:11: Bye Bye [preauth]","@timestamp":"2022-09-08T16:16:03.282Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:16:46 honeypot-ams-1 kernel: [83530394.125004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=2471 DF PROTO=TCP SPT=34040 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:16:46.563Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 16:20:41 honeypot-ams-1 sshd[1704]: Received disconnect from 92.255.85.70 port 50384:11: Bye Bye [preauth]","@timestamp":"2022-09-08T16:20:41.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:21:05 honeypot-fra-1 kernel: [83528504.832413] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.246.125.17 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=28856 PROTO=TCP SPT=17017 DPT=80 WINDOW=27440 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:21:05.391Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T16:25:56.437Z","@version":"1","message":"Sep  8 16:25:56 honeypot-sgp-1 kernel: [83530473.066444] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=20650 PROTO=TCP SPT=52020 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:28:00 honeypot-fra-1 sshd[24416]: Disconnected from authenticating user root 92.255.85.70 port 18754 [preauth]","@timestamp":"2022-09-08T16:28:01.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24426]: Invalid user ec2-user from 20.254.57.199 port 59036","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24429]: Invalid user user from 20.254.57.199 port 59010","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24430]: Invalid user vagrant from 20.254.57.199 port 59028","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24427]: Connection closed by invalid user ec2-user 20.254.57.199 port 58992 [preauth]","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:52 honeypot-fra-1 sshd[24421]: Connection closed by invalid user vagrant 20.254.57.199 port 58988 [preauth]","@timestamp":"2022-09-08T16:30:52.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:53 honeypot-fra-1 sshd[24448]: Connection closed by invalid user ubuntu 20.254.57.199 port 58986 [preauth]","@timestamp":"2022-09-08T16:30:53.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:30:55 honeypot-fra-1 sshd[24454]: Invalid user oracle from 20.254.57.199 port 59048","@timestamp":"2022-09-08T16:30:55.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:31:09 honeypot-fra-1 sshd[24461]: Disconnected from invalid user jm 165.22.45.108 port 49656 [preauth]","@timestamp":"2022-09-08T16:31:09.610Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:36:06 honeypot-ams-1 kernel: [83531554.422889] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.55.251.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15533 PROTO=TCP SPT=55950 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:36:07.064Z"}
{"@timestamp":"2022-09-08T16:37:00.698Z","@version":"1","message":"Sep  8 16:37:00 honeypot-sgp-1 sshd[31190]: Invalid user Admin from 113.176.46.2 port 9664","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 16:43:27 honeypot-ams-1 sshd[1713]: Received disconnect from 92.255.85.70 port 53838:11: Bye Bye [preauth]","@timestamp":"2022-09-08T16:43:28.260Z"}
{"@timestamp":"2022-09-08T16:43:58.866Z","@version":"1","message":"Sep  8 16:43:58 honeypot-sgp-1 sshd[31194]: Disconnected from invalid user ashish 45.135.165.165 port 45158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:54:30 honeypot-fra-1 sshd[24467]: Received disconnect from 165.22.45.108 port 54600:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T16:54:31.116Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 16:55:40 honeypot-fra-1 sshd[24472]: Received disconnect from 188.166.233.207 port 43882:11: Bye Bye [preauth]","@timestamp":"2022-09-08T16:55:41.145Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 16:59:07 honeypot-ams-1 kernel: [83532935.583435] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=31886 DF PROTO=TCP SPT=63039 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T16:59:08.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:02:57 honeypot-ams-1 sshd[1721]: Received disconnect from 141.255.162.226 port 48152:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:02:57.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:02:59 honeypot-ams-1 sshd[1725]: Received disconnect from 141.255.162.226 port 36220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:02:59.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:03:01 honeypot-ams-1 sshd[1729]: Received disconnect from 141.255.162.226 port 52520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:03:01.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:03:05 honeypot-ams-1 sshd[1733]: Received disconnect from 141.255.162.226 port 40588:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:03:05.771Z"}
{"@timestamp":"2022-09-08T17:05:09.382Z","@version":"1","message":"Sep  8 17:05:08 honeypot-sgp-1 sshd[31201]: Invalid user sysman from 186.145.109.9 port 52820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:05:51 honeypot-ams-1 sshd[1738]: Connection closed by 180.76.173.237 port 51990 [preauth]","@timestamp":"2022-09-08T17:05:52.847Z"}
{"@timestamp":"2022-09-08T17:06:25.416Z","@version":"1","message":"Sep  8 17:06:24 honeypot-sgp-1 sshd[31204]: Disconnected from invalid user user 198.98.61.9 port 49126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:06:41.423Z","@version":"1","message":"Sep  8 17:06:40 honeypot-sgp-1 sshd[31208]: Disconnected from invalid user user 198.98.61.9 port 43342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:06:56.431Z","@version":"1","message":"Sep  8 17:06:55 honeypot-sgp-1 sshd[31212]: Disconnected from invalid user user 198.98.61.9 port 37580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:09:01 honeypot-fra-1 CRON[24479]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T17:09:01.441Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T17:09:02.481Z","@version":"1","message":"Sep  8 17:09:01 honeypot-sgp-1 CRON[31218]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:12:24 honeypot-fra-1 sshd[24485]: Disconnected from invalid user Orban 164.90.224.134 port 60664 [preauth]","@timestamp":"2022-09-08T17:12:25.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 17:14:51 honeypot-ams-1 kernel: [83533879.265809] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:14:52.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:15:36 honeypot-fra-1 sshd[24492]: Connection closed by invalid user bitnami 141.98.10.158 port 35842 [preauth]","@timestamp":"2022-09-08T17:15:36.593Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:17:01 honeypot-ams-1 CRON[1746]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T17:17:01.153Z"}
{"@timestamp":"2022-09-08T17:17:01.668Z","@version":"1","message":"Sep  8 17:17:01 honeypot-sgp-1 CRON[31224]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:20:13 honeypot-fra-1 kernel: [83532052.668951] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.144.135.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18635 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:20:13.696Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:20:43 honeypot-ams-1 sshd[1752]: Received disconnect from 128.199.233.192 port 54464:11: Bye Bye [preauth]","@timestamp":"2022-09-08T17:20:44.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:26:02 honeypot-ams-1 sshd[1757]: Disconnected from invalid user pool 181.204.160.82 port 6707 [preauth]","@timestamp":"2022-09-08T17:26:03.392Z"}
{"@timestamp":"2022-09-08T17:26:05.882Z","@version":"1","message":"Sep  8 17:26:05 honeypot-sgp-1 sshd[31234]: Invalid user 69 from 13.67.221.136 port 1024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:30:06.978Z","@version":"1","message":"Sep  8 17:30:06 honeypot-sgp-1 sshd[31238]: Disconnected from authenticating user sshd 59.98.83.57 port 59198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:35:37 honeypot-fra-1 sshd[24502]: Disconnected from authenticating user root 92.255.85.69 port 50770 [preauth]","@timestamp":"2022-09-08T17:35:38.041Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T17:39:07.191Z","@version":"1","message":"Sep  8 17:39:07 honeypot-sgp-1 sshd[31241]: Disconnected from authenticating user root 92.255.85.70 port 63130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:40:49 honeypot-fra-1 sshd[24507]: Disconnected from invalid user jnnixter 165.22.45.108 port 36228 [preauth]","@timestamp":"2022-09-08T17:40:50.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:40:51 honeypot-ams-1 sshd[1764]: Did not receive identification string from 45.61.184.204 port 50108","@timestamp":"2022-09-08T17:40:51.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:41:30 honeypot-ams-1 sshd[1767]: Disconnected from invalid user user 45.61.184.204 port 59568 [preauth]","@timestamp":"2022-09-08T17:41:30.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:41:48 honeypot-ams-1 sshd[1771]: Disconnected from invalid user user 45.61.184.204 port 54040 [preauth]","@timestamp":"2022-09-08T17:41:48.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:42:05 honeypot-ams-1 sshd[1775]: Disconnected from invalid user user 45.61.184.204 port 48500 [preauth]","@timestamp":"2022-09-08T17:42:05.812Z"}
{"@timestamp":"2022-09-08T17:45:05.331Z","@version":"1","message":"Sep  8 17:45:04 honeypot-sgp-1 sshd[31249]: error: maximum authentication attempts exceeded for invalid user admin from 180.49.192.10 port 61763 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:45:24.340Z","@version":"1","message":"Sep  8 17:45:24 honeypot-sgp-1 sshd[31253]: Disconnected from invalid user user 45.61.186.249 port 44534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:45:44.349Z","@version":"1","message":"Sep  8 17:45:44 honeypot-sgp-1 sshd[31258]: Disconnected from invalid user user 45.61.186.249 port 39118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:46:02.359Z","@version":"1","message":"Sep  8 17:46:01 honeypot-sgp-1 sshd[31262]: Disconnected from invalid user user 45.61.186.249 port 33680 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T17:46:19.367Z","@version":"1","message":"Sep  8 17:46:19 honeypot-sgp-1 sshd[31266]: Disconnected from invalid user user 45.61.186.249 port 56472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:47:21 honeypot-fra-1 sshd[24512]: Connection closed by invalid user redis 103.188.176.251 port 50850 [preauth]","@timestamp":"2022-09-08T17:47:22.309Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:47:32 honeypot-ams-1 sshd[1783]: Did not receive identification string from 45.61.186.49 port 54350","@timestamp":"2022-09-08T17:47:32.954Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:47:58 honeypot-ams-1 sshd[1786]: Disconnected from invalid user user 45.61.186.49 port 44038 [preauth]","@timestamp":"2022-09-08T17:47:58.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:48:09 honeypot-ams-1 sshd[1790]: Disconnected from invalid user user 45.61.186.49 port 55540 [preauth]","@timestamp":"2022-09-08T17:48:09.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 17:52:39 honeypot-ams-1 sshd[1795]: Disconnected from authenticating user root 92.255.85.70 port 52770 [preauth]","@timestamp":"2022-09-08T17:52:40.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:58:01 honeypot-fra-1 sshd[24519]: Disconnected from authenticating user root 64.225.43.245 port 41630 [preauth]","@timestamp":"2022-09-08T17:58:02.552Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 17:58:22 honeypot-ams-1 kernel: [83536490.154861] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=165.227.85.96 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=59504 PROTO=TCP SPT=59882 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T17:58:23.262Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:32 honeypot-fra-1 sshd[24525]: Received disconnect from 64.225.43.245 port 40458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T17:59:33.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24530]: Invalid user www from 109.224.31.68 port 52077","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24540]: Invalid user es from 109.224.31.68 port 52114","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24543]: Invalid user ubuntu from 109.224.31.68 port 52101","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24546]: Invalid user ftpuser from 109.224.31.68 port 52059","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24539]: Connection closed by invalid user web 109.224.31.68 port 52091 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24542]: Connection closed by invalid user steam 109.224.31.68 port 52054 [preauth]","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24554]: Invalid user hadoop from 109.224.31.68 port 52075","@timestamp":"2022-09-08T17:59:42.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24561]: Invalid user chia from 109.224.31.68 port 52085","@timestamp":"2022-09-08T17:59:42.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24551]: Connection closed by invalid user ubuntu 109.224.31.68 port 52072 [preauth]","@timestamp":"2022-09-08T17:59:42.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:42 honeypot-fra-1 sshd[24561]: Connection closed by invalid user chia 109.224.31.68 port 52085 [preauth]","@timestamp":"2022-09-08T17:59:42.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 17:59:44 honeypot-fra-1 sshd[24592]: Invalid user devops from 109.224.31.68 port 52104","@timestamp":"2022-09-08T17:59:45.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:01:06 honeypot-fra-1 sshd[24596]: Disconnected from authenticating user root 64.225.43.245 port 39292 [preauth]","@timestamp":"2022-09-08T18:01:06.630Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:03:25 honeypot-fra-1 sshd[24604]: Disconnected from authenticating user root 64.225.43.245 port 51724 [preauth]","@timestamp":"2022-09-08T18:03:25.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:04:57 honeypot-fra-1 sshd[24610]: Received disconnect from 64.225.43.245 port 50560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:04:58.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:21 honeypot-fra-1 sshd[24615]: Invalid user user from 45.61.186.249 port 45100","@timestamp":"2022-09-08T18:05:22.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:41 honeypot-fra-1 sshd[24619]: Invalid user user from 45.61.186.249 port 39936","@timestamp":"2022-09-08T18:05:42.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:05:51 honeypot-fra-1 sshd[24623]: Received disconnect from 45.61.186.249 port 51468:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:05:51.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:06:08 honeypot-fra-1 sshd[24627]: Received disconnect from 45.61.186.249 port 46324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:06:09.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:07:19 honeypot-fra-1 sshd[24632]: Received disconnect from 64.225.43.245 port 34690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:07:19.823Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 18:08:23 honeypot-ams-1 kernel: [83537091.235299] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35405 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:08:23.523Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24645]: Invalid user esuser from 122.128.79.246 port 53058","@timestamp":"2022-09-08T18:08:36.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24639]: Invalid user esuser from 122.128.79.246 port 53136","@timestamp":"2022-09-08T18:08:36.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24648]: Invalid user ec2-user from 122.128.79.246 port 53144","@timestamp":"2022-09-08T18:08:36.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24657]: Invalid user mysql from 122.128.79.246 port 53104","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24664]: Invalid user chia from 122.128.79.246 port 53140","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:36 honeypot-fra-1 sshd[24665]: Invalid user esuser from 122.128.79.246 port 53090","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24639]: Connection closed by invalid user esuser 122.128.79.246 port 53136 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24649]: Connection closed by invalid user es 122.128.79.246 port 53066 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24658]: Connection closed by invalid user ec2-user 122.128.79.246 port 53072 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24669]: Connection closed by invalid user test 122.128.79.246 port 53082 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:08:37 honeypot-fra-1 sshd[24665]: Connection closed by invalid user esuser 122.128.79.246 port 53090 [preauth]","@timestamp":"2022-09-08T18:08:37.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:09:45 honeypot-fra-1 sshd[24701]: Received disconnect from 64.225.43.245 port 47048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:09:45.886Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:09:43.940Z","@version":"1","message":"Sep  8 18:09:43 honeypot-sgp-1 sshd[31273]: Connection closed by invalid user admin 175.203.68.228 port 38456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:11:19 honeypot-fra-1 sshd[24706]: Received disconnect from 64.225.43.245 port 45876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:11:19.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:12:54 honeypot-fra-1 sshd[24711]: Received disconnect from 64.225.43.245 port 44710:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:12:54.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:14:30 honeypot-fra-1 sshd[24715]: Disconnected from invalid user plandevac 64.225.43.245 port 43540 [preauth]","@timestamp":"2022-09-08T18:14:31.001Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:14:58 honeypot-ams-1 sshd[1810]: Received disconnect from 92.255.85.69 port 57938:11: Bye Bye [preauth]","@timestamp":"2022-09-08T18:14:58.692Z"}
{"@timestamp":"2022-09-08T18:15:38.086Z","@version":"1","message":"Sep  8 18:15:37 honeypot-sgp-1 sshd[31281]: Invalid user mark from 128.199.32.98 port 44486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:16:50 honeypot-fra-1 sshd[24722]: Invalid user gbadebo from 64.225.43.245 port 55904","@timestamp":"2022-09-08T18:16:51.055Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:17:01 honeypot-ams-1 CRON[1814]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T18:17:01.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:17:37 honeypot-fra-1 sshd[24727]: Received disconnect from 64.225.43.245 port 41200:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T18:17:38.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:19:13 honeypot-fra-1 sshd[24735]: Invalid user sandbox from 64.225.43.245 port 40032","@timestamp":"2022-09-08T18:19:14.116Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:20:55 honeypot-fra-1 sshd[24739]: Invalid user dev from 64.225.43.245 port 38862","@timestamp":"2022-09-08T18:20:55.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:22:00.626Z","@version":"1","message":"Sep  8 18:22:00 honeypot-sgp-1 kernel: [83537437.458991] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.146.12 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63019 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:22:32 honeypot-fra-1 sshd[24745]: Received disconnect from 92.255.85.69 port 59266:11: Bye Bye [preauth]","@timestamp":"2022-09-08T18:22:33.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:25:52 honeypot-fra-1 kernel: [83535991.543324] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.56.108.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=62733 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:25:53.270Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:31:13 honeypot-ams-1 sshd[1821]: Connection closed by 180.76.173.237 port 53962 [preauth]","@timestamp":"2022-09-08T18:31:14.114Z"}
{"@timestamp":"2022-09-08T18:31:53.856Z","@version":"1","message":"Sep  8 18:31:53 honeypot-sgp-1 sshd[31293]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:33:01 honeypot-fra-1 sshd[24754]: Disconnected from authenticating user root 37.191.93.1 port 42882 [preauth]","@timestamp":"2022-09-08T18:33:01.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:34:53 honeypot-ams-1 sshd[1828]: Disconnected from invalid user user 45.61.184.204 port 33674 [preauth]","@timestamp":"2022-09-08T18:34:54.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:14 honeypot-ams-1 sshd[1832]: Disconnected from invalid user user 45.61.184.204 port 56908 [preauth]","@timestamp":"2022-09-08T18:35:15.226Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:33 honeypot-ams-1 sshd[1836]: Disconnected from invalid user user 45.61.184.204 port 51904 [preauth]","@timestamp":"2022-09-08T18:35:34.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:35:52 honeypot-ams-1 sshd[1840]: Disconnected from invalid user user 45.61.184.204 port 46894 [preauth]","@timestamp":"2022-09-08T18:35:53.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:37:59 honeypot-fra-1 sshd[24758]: Received disconnect from 115.134.130.53 port 56138:11: Bye Bye [preauth]","@timestamp":"2022-09-08T18:37:59.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:39:09 honeypot-ams-1 sshd[1846]: Invalid user webdev from 221.212.204.26 port 42704","@timestamp":"2022-09-08T18:39:10.332Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:01 honeypot-fra-1 sshd[24762]: Disconnected from invalid user admin 92.255.85.70 port 58840 [preauth]","@timestamp":"2022-09-08T18:46:02.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24775]: Invalid user postgres from 20.243.201.105 port 59718","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24774]: Invalid user devops from 20.243.201.105 port 59772","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24791]: Invalid user ftpuser from 20.243.201.105 port 59776","@timestamp":"2022-09-08T18:46:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24771]: Invalid user web from 20.243.201.105 port 59722","@timestamp":"2022-09-08T18:46:22.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24777]: Connection closed by invalid user www 20.243.201.105 port 59784 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24767]: Connection closed by invalid user steam 20.243.201.105 port 59720 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24788]: Connection closed by invalid user ftpuser 20.243.201.105 port 59792 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:46:22 honeypot-fra-1 sshd[24773]: Connection closed by invalid user esuser 20.243.201.105 port 59730 [preauth]","@timestamp":"2022-09-08T18:46:23.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:13 honeypot-fra-1 kernel: [83537272.156567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=9343 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:47:13.753Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24833]: Invalid user hadoop from 20.247.118.146 port 42828","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24835]: Invalid user centos from 20.247.118.146 port 42846","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24840]: Invalid user chia from 20.247.118.146 port 43132","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24838]: Invalid user user from 20.247.118.146 port 42912","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24853]: Invalid user user from 20.247.118.146 port 42918","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24839]: Connection closed by invalid user testuser 20.247.118.146 port 43106 [preauth]","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24842]: Connection closed by invalid user esuser 20.247.118.146 port 43182 [preauth]","@timestamp":"2022-09-08T18:47:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24843]: Connection closed by invalid user azure 20.247.118.146 port 43170 [preauth]","@timestamp":"2022-09-08T18:47:24.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:47:24 honeypot-fra-1 sshd[24828]: Connection closed by invalid user es 20.247.118.146 port 42844 [preauth]","@timestamp":"2022-09-08T18:47:24.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:47:57.229Z","@version":"1","message":"Sep  8 18:47:56 honeypot-sgp-1 sshd[31298]: Invalid user admin from 92.255.85.69 port 50800","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 18:49:04 honeypot-ams-1 kernel: [83539532.530126] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.141.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47358 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:49:05.609Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:50:18 honeypot-fra-1 sshd[24876]: Disconnected from invalid user jocelyn 165.22.45.108 port 50904 [preauth]","@timestamp":"2022-09-08T18:50:18.823Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T18:55:03.395Z","@version":"1","message":"Sep  8 18:55:02 honeypot-sgp-1 sshd[31301]: Connection closed by invalid user Admin 113.26.202.46 port 25822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 18:57:46 honeypot-ams-1 sshd[1858]: Disconnected from 147.182.219.221 port 57978 [preauth]","@timestamp":"2022-09-08T18:57:46.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 18:59:29 honeypot-fra-1 kernel: [83538008.755883] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49467 PROTO=TCP SPT=42727 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T18:59:30.031Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:12 honeypot-ams-1 sshd[1864]: Received disconnect from 45.61.184.204 port 43402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T19:00:12.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:31 honeypot-ams-1 sshd[1870]: Invalid user user from 45.61.184.204 port 37912","@timestamp":"2022-09-08T19:00:31.911Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:00:37 honeypot-fra-1 kernel: [83538076.224871] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=25401 PROTO=TCP SPT=55055 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:00:38.062Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:47 honeypot-ams-1 sshd[1874]: Received disconnect from 92.255.85.70 port 50858:11: Bye Bye [preauth]","@timestamp":"2022-09-08T19:00:47.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:00:59 honeypot-ams-1 sshd[1878]: Received disconnect from 45.61.184.204 port 43790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T19:00:59.927Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 19:07:07 honeypot-ams-1 kernel: [83540615.556084] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.135 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=47575 PROTO=TCP SPT=1072 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:07:08.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:07:11 honeypot-fra-1 sshd[24889]: Received disconnect from 92.255.85.70 port 16240:11: Bye Bye [preauth]","@timestamp":"2022-09-08T19:07:12.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:08:38 honeypot-fra-1 sshd[24894]: Invalid user user from 45.61.184.204 port 52696","@timestamp":"2022-09-08T19:08:39.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:08:58 honeypot-fra-1 sshd[24898]: Invalid user user from 45.61.184.204 port 48980","@timestamp":"2022-09-08T19:08:59.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:09:17 honeypot-fra-1 sshd[24902]: Invalid user user from 45.61.184.204 port 45164","@timestamp":"2022-09-08T19:09:18.273Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:09:21 honeypot-ams-1 sshd[1885]: Disconnected from authenticating user root 34.94.63.92 port 55520 [preauth]","@timestamp":"2022-09-08T19:09:22.145Z"}
{"@timestamp":"2022-09-08T19:10:05.773Z","@version":"1","message":"Sep  8 19:10:05 honeypot-sgp-1 sshd[31306]: Disconnected from authenticating user root 92.255.85.70 port 32716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:10:08 honeypot-fra-1 kernel: [83538647.469598] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.175.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=34237 PROTO=TCP SPT=59386 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:10:09.292Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:15:04 honeypot-fra-1 kernel: [83538943.965806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61837 PROTO=TCP SPT=42729 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:15:05.404Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T19:16:02.913Z","@version":"1","message":"Sep  8 19:16:01 honeypot-sgp-1 sshd[31313]: Received disconnect from 198.98.61.9 port 58508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:11.917Z","@version":"1","message":"Sep  8 19:16:11 honeypot-sgp-1 sshd[31317]: Received disconnect from 198.98.61.9 port 41534:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:17.921Z","@version":"1","message":"Sep  8 19:16:16 honeypot-sgp-1 sshd[31321]: Received disconnect from 45.61.186.49 port 57812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:23.924Z","@version":"1","message":"Sep  8 19:16:23 honeypot-sgp-1 sshd[31325]: Received disconnect from 198.98.61.9 port 52798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:39.932Z","@version":"1","message":"Sep  8 19:16:39 honeypot-sgp-1 sshd[31329]: Received disconnect from 198.98.61.9 port 47082:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T19:16:54.939Z","@version":"1","message":"Sep  8 19:16:54 honeypot-sgp-1 sshd[31333]: Received disconnect from 198.98.61.9 port 41370:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 19:17:01 honeypot-ams-1 CRON[1959]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-08T19:17:01.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:27:47 honeypot-fra-1 sshd[24918]: Received disconnect from 81.192.87.130 port 29576:11: Bye Bye [preauth]","@timestamp":"2022-09-08T19:27:48.688Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T19:35:30.368Z","@version":"1","message":"Sep  8 19:35:29 honeypot-sgp-1 kernel: [83541846.230243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.175.140 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51159 PROTO=TCP SPT=59386 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:36:18 honeypot-fra-1 sshd[24923]: Invalid user joe from 165.22.45.108 port 60520","@timestamp":"2022-09-08T19:36:18.876Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 19:41:18 honeypot-ams-1 kernel: [83542666.658307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.48.14.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=55230 PROTO=TCP SPT=65350 DPT=443 WINDOW=51065 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:41:19.960Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:50:29 honeypot-fra-1 kernel: [83541068.080193] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=123.27.92.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=26010 PROTO=TCP SPT=51274 DPT=80 WINDOW=13482 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T19:50:29.190Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T19:56:56.858Z","@version":"1","message":"Sep  8 19:56:56 honeypot-sgp-1 kernel: [83543133.073442] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=37826 PROTO=TCP SPT=42125 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 19:59:16 honeypot-fra-1 sshd[24932]: Invalid user joe from 165.22.45.108 port 37118","@timestamp":"2022-09-08T19:59:16.386Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:03:24 honeypot-ams-1 sshd[1991]: Did not receive identification string from 45.61.184.204 port 42224","@timestamp":"2022-09-08T20:03:24.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:03:55 honeypot-ams-1 sshd[1994]: Disconnected from invalid user user 45.61.184.204 port 50502 [preauth]","@timestamp":"2022-09-08T20:03:55.537Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:04:06 honeypot-fra-1 sshd[24937]: Invalid user admin from 193.106.191.157 port 41686","@timestamp":"2022-09-08T20:04:07.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:04:13 honeypot-ams-1 sshd[1998]: Disconnected from invalid user user 45.61.184.204 port 45354 [preauth]","@timestamp":"2022-09-08T20:04:13.547Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:04:30 honeypot-ams-1 sshd[2002]: Disconnected from invalid user user 45.61.184.204 port 40202 [preauth]","@timestamp":"2022-09-08T20:04:31.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:06:06 honeypot-ams-1 sshd[2008]: Disconnected from authenticating user root 92.255.85.70 port 37878 [preauth]","@timestamp":"2022-09-08T20:06:06.601Z"}
{"@timestamp":"2022-09-08T20:12:13.211Z","@version":"1","message":"Sep  8 20:12:12 honeypot-sgp-1 sshd[31350]: Disconnected from authenticating user root 139.59.188.13 port 51828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:12:35 honeypot-ams-1 sshd[2012]: Invalid user user from 45.61.186.49 port 57516","@timestamp":"2022-09-08T20:12:35.770Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:12:38 honeypot-fra-1 sshd[24942]: Disconnected from invalid user aleksandra 75.30.64.54 port 47130 [preauth]","@timestamp":"2022-09-08T20:12:38.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:12:45 honeypot-ams-1 sshd[2016]: Invalid user user from 45.61.186.49 port 40318","@timestamp":"2022-09-08T20:12:45.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:15:42 honeypot-ams-1 sshd[2021]: Received disconnect from 64.225.43.245 port 55408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:15:42.857Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:15:53 honeypot-fra-1 kernel: [83542592.521065] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2113 PROTO=TCP SPT=48032 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:15:53.776Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T20:17:02.327Z","@version":"1","message":"Sep  8 20:17:01 honeypot-sgp-1 CRON[31354]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:17:13 honeypot-ams-1 sshd[2028]: Received disconnect from 64.225.43.245 port 54240:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:17:14.901Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:18:38 honeypot-ams-1 sshd[2032]: Connection closed by invalid user gpadmin 103.188.176.251 port 46216 [preauth]","@timestamp":"2022-09-08T20:18:38.942Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:20:18 honeypot-ams-1 sshd[2038]: Disconnected from authenticating user root 64.225.43.245 port 51910 [preauth]","@timestamp":"2022-09-08T20:20:18.988Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:20:29 honeypot-fra-1 sshd[24950]: Disconnected from invalid user luc 159.65.111.89 port 58250 [preauth]","@timestamp":"2022-09-08T20:20:30.883Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:22:39 honeypot-ams-1 sshd[2045]: Disconnected from authenticating user root 64.225.43.245 port 36042 [preauth]","@timestamp":"2022-09-08T20:22:40.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:22:53 honeypot-fra-1 sshd[24955]: Invalid user gpadmin from 103.188.176.251 port 57000","@timestamp":"2022-09-08T20:22:53.939Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:24:57 honeypot-ams-1 sshd[2051]: Disconnected from authenticating user root 64.225.43.245 port 48410 [preauth]","@timestamp":"2022-09-08T20:24:58.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:26:30 honeypot-ams-1 sshd[2056]: Received disconnect from 64.225.43.245 port 47242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:26:31.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:26:48 honeypot-fra-1 kernel: [83543247.858380] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.175.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=56060 PROTO=TCP SPT=59386 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:26:49.030Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:28:07 honeypot-ams-1 sshd[2060]: Received disconnect from 64.225.43.245 port 46082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:28:08.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:29:07 honeypot-ams-1 sshd[2064]: Received disconnect from 92.255.85.69 port 28724:11: Bye Bye [preauth]","@timestamp":"2022-09-08T20:29:08.225Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:30:30 honeypot-ams-1 sshd[2068]: Disconnected from invalid user dev 64.225.43.245 port 58446 [preauth]","@timestamp":"2022-09-08T20:30:30.263Z"}
{"@timestamp":"2022-09-08T20:30:30.644Z","@version":"1","message":"Sep  8 20:30:29 honeypot-sgp-1 kernel: [83545146.600632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=32939 PROTO=TCP SPT=49006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:32:03 honeypot-ams-1 sshd[2073]: Received disconnect from 64.225.43.245 port 57282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:32:03.306Z"}
{"@timestamp":"2022-09-08T20:32:33.695Z","@version":"1","message":"Sep  8 20:32:33 honeypot-sgp-1 sshd[31363]: Invalid user cz from 178.128.114.244 port 60654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:33:37 honeypot-ams-1 sshd[2077]: Received disconnect from 64.225.43.245 port 56116:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:33:38.350Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:35:12 honeypot-ams-1 sshd[2081]: Received disconnect from 64.225.43.245 port 54950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:35:13.395Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:36:14 honeypot-ams-1 kernel: [83545962.328858] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:36:15.425Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:36:40 honeypot-fra-1 sshd[25037]: Received disconnect from 92.255.85.69 port 24700:11: Bye Bye [preauth]","@timestamp":"2022-09-08T20:36:41.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:37:33 honeypot-ams-1 sshd[2090]: Received disconnect from 64.225.43.245 port 39084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:37:33.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:39:10 honeypot-ams-1 sshd[2094]: Received disconnect from 64.225.43.245 port 37916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:39:10.502Z"}
{"@timestamp":"2022-09-08T20:39:31.857Z","@version":"1","message":"Sep  8 20:39:31 honeypot-sgp-1 sshd[31368]: Received disconnect from 92.255.85.69 port 39130:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:39:34 honeypot-fra-1 sshd[25042]: Disconnected from authenticating user root 106.251.237.178 port 58452 [preauth]","@timestamp":"2022-09-08T20:39:35.317Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 20:40:49 honeypot-ams-1 sshd[2098]: Received disconnect from 64.225.43.245 port 36746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T20:40:50.545Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:46:01 honeypot-ams-1 kernel: [83546549.349193] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.153 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=25820 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:46:02.678Z"}
{"@timestamp":"2022-09-08T20:49:46.097Z","@version":"1","message":"Sep  8 20:49:45 honeypot-sgp-1 kernel: [83546301.900912] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=10919 DF PROTO=TCP SPT=59824 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 20:55:22 honeypot-ams-1 kernel: [83547110.076272] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.152.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26027 PROTO=TCP SPT=30203 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:55:22.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 20:57:21 honeypot-fra-1 kernel: [83545080.447793] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1892 PROTO=TCP SPT=46776 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T20:57:21.729Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:00 honeypot-ams-1 sshd[2112]: Received disconnect from 198.98.61.9 port 57864:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T21:00:01.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:20 honeypot-ams-1 sshd[2116]: Received disconnect from 198.98.61.9 port 55316:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T21:00:21.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:00:42 honeypot-ams-1 sshd[2120]: Received disconnect from 198.98.61.9 port 52708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T21:00:43.070Z"}
{"@timestamp":"2022-09-08T21:02:14.381Z","@version":"1","message":"Sep  8 21:02:13 honeypot-sgp-1 sshd[31375]: Invalid user admin from 92.255.85.69 port 37158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:02:15 honeypot-fra-1 sshd[25051]: Disconnected from invalid user karina 190.145.192.106 port 43234 [preauth]","@timestamp":"2022-09-08T21:02:16.844Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 21:08:01 honeypot-ams-1 kernel: [83547868.853171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.231.198.105 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24791 DF PROTO=TCP SPT=56147 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:08:01.261Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:13:23 honeypot-fra-1 kernel: [83546042.435614] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=44733 PROTO=TCP SPT=51055 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:13:24.096Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:13:46 honeypot-ams-1 sshd[2132]: Received disconnect from 92.255.85.70 port 62720:11: Bye Bye [preauth]","@timestamp":"2022-09-08T21:13:46.412Z"}
{"@timestamp":"2022-09-08T21:16:21.722Z","@version":"1","message":"Sep  8 21:16:21 honeypot-sgp-1 kernel: [83547898.328233] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63067 PROTO=TCP SPT=51504 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:17:18 honeypot-ams-1 sshd[2139]: Connection closed by invalid user pi 70.44.38.158 port 57426 [preauth]","@timestamp":"2022-09-08T21:17:19.503Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 21:17:45 honeypot-ams-1 kernel: [83548453.530357] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.4.57.139 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=11934 PROTO=TCP SPT=16007 DPT=80 WINDOW=23535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:17:46.518Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:18:41 honeypot-ams-1 sshd[2150]: Disconnected from authenticating user root 43.156.36.16 port 54674 [preauth]","@timestamp":"2022-09-08T21:18:41.544Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:19:36 honeypot-ams-1 sshd[2157]: Invalid user sumainet from 162.19.25.127 port 51284","@timestamp":"2022-09-08T21:19:36.569Z"}
{"@timestamp":"2022-09-08T21:20:36.820Z","@version":"1","message":"Sep  8 21:20:35 honeypot-sgp-1 sshd[31385]: Disconnected from invalid user user 141.255.162.226 port 53114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:20:37.820Z","@version":"1","message":"Sep  8 21:20:37 honeypot-sgp-1 sshd[31389]: Disconnected from invalid user user 141.255.162.226 port 38828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:20:41.822Z","@version":"1","message":"Sep  8 21:20:40 honeypot-sgp-1 sshd[31393]: Disconnected from invalid user user 141.255.162.226 port 45810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 21:21:22 honeypot-ams-1 kernel: [83548669.743200] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17383 PROTO=TCP SPT=51504 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:21:22.616Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:21:43 honeypot-fra-1 sshd[25062]: Disconnected from authenticating user root 92.255.85.70 port 50134 [preauth]","@timestamp":"2022-09-08T21:21:44.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T21:21:54.851Z","@version":"1","message":"Sep  8 21:21:54 honeypot-sgp-1 sshd[31399]: Disconnected from authenticating user root 62.204.41.222 port 42787 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:23:19 honeypot-ams-1 sshd[2163]: Disconnected from invalid user garry 159.223.68.133 port 38960 [preauth]","@timestamp":"2022-09-08T21:23:20.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:30:58 honeypot-fra-1 sshd[25065]: Disconnected from authenticating user root 198.100.155.121 port 53754 [preauth]","@timestamp":"2022-09-08T21:30:58.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:36:56 honeypot-ams-1 sshd[2173]: Disconnected from authenticating user root 92.255.85.69 port 55176 [preauth]","@timestamp":"2022-09-08T21:36:57.019Z"}
{"@timestamp":"2022-09-08T21:37:35.200Z","@version":"1","message":"Sep  8 21:37:34 honeypot-sgp-1 sshd[31408]: Did not receive identification string from 198.98.61.9 port 34176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:09.216Z","@version":"1","message":"Sep  8 21:38:09 honeypot-sgp-1 sshd[31411]: Received disconnect from 198.98.61.9 port 50698:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:25.224Z","@version":"1","message":"Sep  8 21:38:24 honeypot-sgp-1 sshd[31415]: Received disconnect from 198.98.61.9 port 43720:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T21:38:38.230Z","@version":"1","message":"Sep  8 21:38:37 honeypot-sgp-1 sshd[31419]: Invalid user user from 198.98.61.9 port 36736","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:42:54 honeypot-fra-1 sshd[25070]: Disconnected from authenticating user root 92.255.85.70 port 56148 [preauth]","@timestamp":"2022-09-08T21:42:54.773Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T21:45:32.384Z","@version":"1","message":"Sep  8 21:45:32 honeypot-sgp-1 kernel: [83549648.887774] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=24614 PROTO=TCP SPT=54201 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:09 honeypot-fra-1 sshd[25076]: Invalid user user from 141.255.162.226 port 33116","@timestamp":"2022-09-08T21:48:09.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:12 honeypot-fra-1 sshd[25080]: Invalid user user from 141.255.162.226 port 40292","@timestamp":"2022-09-08T21:48:12.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:13 honeypot-fra-1 sshd[25084]: Invalid user user from 141.255.162.226 port 33612","@timestamp":"2022-09-08T21:48:14.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:48:18 honeypot-fra-1 sshd[25088]: Invalid user user from 141.255.162.226 port 40790","@timestamp":"2022-09-08T21:48:18.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25106]: Invalid user elasticsearch from 51.79.254.140 port 37434","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25104]: Invalid user devops from 51.79.254.140 port 37664","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25098]: Invalid user user from 51.79.254.140 port 37498","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25093]: Connection closed by invalid user vagrant 51.79.254.140 port 37380 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25111]: Invalid user testuser from 51.79.254.140 port 37550","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25101]: Connection closed by invalid user hadoop 51.79.254.140 port 37644 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25110]: Connection closed by authenticating user root 51.79.254.140 port 37538 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25098]: Connection closed by invalid user user 51.79.254.140 port 37498 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25114]: Connection closed by invalid user vagrant 51.79.254.140 port 37648 [preauth]","@timestamp":"2022-09-08T21:49:07.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:49:07 honeypot-fra-1 sshd[25119]: Connection closed by invalid user ubuntu 51.79.254.140 port 37670 [preauth]","@timestamp":"2022-09-08T21:49:07.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:51:25 honeypot-fra-1 kernel: [83548324.132589] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59077 PROTO=TCP SPT=32688 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:51:25.969Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 21:53:18 honeypot-ams-1 sshd[2180]: Received disconnect from 180.64.115.229 port 60848:11: Bye Bye [preauth]","@timestamp":"2022-09-08T21:53:19.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 21:55:39 honeypot-fra-1 sshd[25156]: Disconnected from invalid user joel 165.22.45.108 port 33010 [preauth]","@timestamp":"2022-09-08T21:55:40.066Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 21:57:38 honeypot-ams-1 kernel: [83550846.377189] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.121.3.83 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=16441 PROTO=TCP SPT=10725 DPT=443 WINDOW=5853 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T21:57:39.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:05:05 honeypot-fra-1 sshd[25162]: Disconnected from authenticating user root 92.255.85.69 port 20970 [preauth]","@timestamp":"2022-09-08T22:05:06.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:08:20 honeypot-ams-1 sshd[2189]: Received disconnect from 198.98.61.9 port 33368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:08:20.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:08:37 honeypot-ams-1 sshd[2193]: Received disconnect from 198.98.61.9 port 55040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:08:37.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:08:51 honeypot-ams-1 sshd[2197]: Invalid user user from 198.98.61.9 port 48430","@timestamp":"2022-09-08T22:08:51.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:09:10 honeypot-ams-1 sshd[2201]: Invalid user user from 198.98.61.9 port 41870","@timestamp":"2022-09-08T22:09:10.844Z"}
{"@timestamp":"2022-09-08T22:17:02.102Z","@version":"1","message":"Sep  8 22:17:01 honeypot-sgp-1 CRON[31430]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:20:05 honeypot-fra-1 sshd[25171]: Invalid user joe from 165.22.45.108 port 37862","@timestamp":"2022-09-08T22:20:06.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:21:37 honeypot-ams-1 sshd[2207]: Received disconnect from 92.255.85.70 port 61084:11: Bye Bye [preauth]","@timestamp":"2022-09-08T22:21:38.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:24:12 honeypot-ams-1 sshd[2212]: Disconnected from invalid user schirmi 66.29.131.100 port 53232 [preauth]","@timestamp":"2022-09-08T22:24:12.227Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 22:29:23 honeypot-ams-1 kernel: [83552750.641687] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=36996 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T22:29:23.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:29:40 honeypot-fra-1 sshd[25176]: Received disconnect from 92.255.85.69 port 34764:11: Bye Bye [preauth]","@timestamp":"2022-09-08T22:29:40.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:35:44 honeypot-fra-1 sshd[25180]: Connection closed by invalid user  152.32.143.202 port 25694 [preauth]","@timestamp":"2022-09-08T22:35:45.965Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 22:35:58 honeypot-ams-1 kernel: [83553145.684978] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=29122 DF PROTO=TCP SPT=56549 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T22:35:58.534Z"}
{"@timestamp":"2022-09-08T22:35:59.546Z","@version":"1","message":"Sep  8 22:35:59 honeypot-sgp-1 sshd[31436]: Invalid user clint from 103.91.123.150 port 47636","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:38:43 honeypot-fra-1 sshd[25185]: Received disconnect from 45.61.184.204 port 48302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:38:44.034Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T22:38:55.612Z","@version":"1","message":"Sep  8 22:38:55 honeypot-sgp-1 sshd[31439]: Disconnected from invalid user hasama 143.198.33.238 port 54610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:39:02 honeypot-fra-1 sshd[25189]: Received disconnect from 45.61.184.204 port 43460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:39:02.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:39:18 honeypot-fra-1 sshd[25193]: Received disconnect from 45.61.184.204 port 38586:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:39:19.052Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:44 honeypot-ams-1 sshd[2227]: Invalid user user from 141.255.162.226 port 33842","@timestamp":"2022-09-08T22:39:44.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:46 honeypot-ams-1 sshd[2231]: Invalid user user from 141.255.162.226 port 54690","@timestamp":"2022-09-08T22:39:47.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:50 honeypot-ams-1 sshd[2235]: Invalid user user from 141.255.162.226 port 56016","@timestamp":"2022-09-08T22:39:50.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:39:51 honeypot-ams-1 sshd[2239]: Invalid user user from 141.255.162.226 port 41232","@timestamp":"2022-09-08T22:39:52.640Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 22:42:54 honeypot-ams-1 kernel: [83553562.259477] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.92.32.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=14239 PROTO=TCP SPT=56973 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T22:42:54.719Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:46:03 honeypot-fra-1 sshd[25198]: Received disconnect from 165.22.45.108 port 42748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T22:46:03.199Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T22:55:38.993Z","@version":"1","message":"Sep  8 22:55:38 honeypot-sgp-1 sshd[31443]: Received disconnect from 92.255.85.70 port 31374:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 22:58:24 honeypot-fra-1 sshd[25204]: Connection closed by invalid user sysman 103.188.176.251 port 37276 [preauth]","@timestamp":"2022-09-08T22:58:25.471Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T22:58:50.070Z","@version":"1","message":"Sep  8 22:58:49 honeypot-sgp-1 kernel: [83554046.276548] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=140.240.170.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=34062 PROTO=TCP SPT=29290 DPT=80 WINDOW=5890 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 22:59:41 honeypot-ams-1 sshd[2252]: Connection closed by 180.76.173.237 port 46100 [preauth]","@timestamp":"2022-09-08T22:59:42.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:07:53 honeypot-ams-1 sshd[2257]: Received disconnect from 92.255.85.70 port 58134:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:07:54.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:14 honeypot-ams-1 sshd[2261]: Received disconnect from 45.61.184.204 port 49610:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T23:08:14.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:34 honeypot-ams-1 sshd[2265]: Invalid user user from 45.61.184.204 port 44206","@timestamp":"2022-09-08T23:08:35.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:08:52 honeypot-ams-1 sshd[2269]: Invalid user user from 45.61.184.204 port 38798","@timestamp":"2022-09-08T23:08:53.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:12:11 honeypot-fra-1 sshd[25209]: Disconnected from invalid user joe 165.22.45.108 port 47624 [preauth]","@timestamp":"2022-09-08T23:12:11.778Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  8 23:14:28 honeypot-ams-1 kernel: [83555455.628507] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.103.212.207 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=45419 PROTO=TCP SPT=39921 DPT=443 WINDOW=22569 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:14:28.535Z"}
{"@timestamp":"2022-09-08T23:17:56.499Z","@version":"1","message":"Sep  8 23:17:55 honeypot-sgp-1 sshd[31454]: Invalid user  from 31.184.198.71 port 18117","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:18:20 honeypot-ams-1 sshd[2277]: Disconnected from invalid user sunuser 221.156.126.1 port 38974 [preauth]","@timestamp":"2022-09-08T23:18:20.635Z"}
{"@timestamp":"2022-09-08T23:18:23.512Z","@version":"1","message":"Sep  8 23:18:22 honeypot-sgp-1 sshd[31460]: Invalid user  from 31.184.198.71 port 48816","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:18:48.525Z","@version":"1","message":"Sep  8 23:18:48 honeypot-sgp-1 sshd[31467]: Received disconnect from 92.255.85.69 port 22912:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:19:04.533Z","@version":"1","message":"Sep  8 23:19:04 honeypot-sgp-1 sshd[31472]: Invalid user admin from 31.184.198.71 port 20014","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:19:32.547Z","@version":"1","message":"Sep  8 23:19:31 honeypot-sgp-1 sshd[31478]: Disconnecting authenticating user root 31.184.198.71 port 35162: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:19:57.559Z","@version":"1","message":"Sep  8 23:19:57 honeypot-sgp-1 sshd[31484]: Disconnecting invalid user araknis 31.184.198.71 port 21764: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:20:09 honeypot-fra-1 kernel: [83553647.876453] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=16693 DF PROTO=TCP SPT=17717 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:20:09.956Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-08T23:20:26.572Z","@version":"1","message":"Sep  8 23:20:26 honeypot-sgp-1 sshd[31492]: Invalid user Admin from 31.184.198.71 port 12763","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:20:51.585Z","@version":"1","message":"Sep  8 23:20:50 honeypot-sgp-1 sshd[31499]: Invalid user guest from 31.184.198.71 port 20677","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:21:20.598Z","@version":"1","message":"Sep  8 23:21:19 honeypot-sgp-1 sshd[31505]: Disconnecting invalid user  31.184.198.71 port 14362: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:21:40.608Z","@version":"1","message":"Sep  8 23:21:40 honeypot-sgp-1 sshd[31511]: Invalid user admin from 31.184.198.71 port 59490","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:22:02.619Z","@version":"1","message":"Sep  8 23:22:02 honeypot-sgp-1 sshd[31519]: Invalid user Administrator from 31.184.198.71 port 24692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:22:21 honeypot-ams-1 sshd[2282]: Connection closed by 180.76.173.237 port 46640 [preauth]","@timestamp":"2022-09-08T23:22:21.742Z"}
{"@timestamp":"2022-09-08T23:22:31.632Z","@version":"1","message":"Sep  8 23:22:30 honeypot-sgp-1 sshd[31525]: Invalid user sti.admin5 from 31.184.198.71 port 6313","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:22:54.643Z","@version":"1","message":"Sep  8 23:22:54 honeypot-sgp-1 sshd[31531]: Invalid user zhone from 31.184.198.71 port 14288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:23:22.657Z","@version":"1","message":"Sep  8 23:23:22 honeypot-sgp-1 sshd[31537]: Disconnecting invalid user default 31.184.198.71 port 42693: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:23:49.670Z","@version":"1","message":"Sep  8 23:23:48 honeypot-sgp-1 sshd[31543]: Disconnecting invalid user Administrator 31.184.198.71 port 6402: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:24:11.681Z","@version":"1","message":"Sep  8 23:24:11 honeypot-sgp-1 sshd[31549]: Disconnecting invalid user admin 31.184.198.71 port 8575: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:24:18 honeypot-ams-1 sshd[2286]: Received disconnect from 202.88.244.36 port 2440:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:24:18.794Z"}
{"@timestamp":"2022-09-08T23:24:25.688Z","@version":"1","message":"Sep  8 23:24:24 honeypot-sgp-1 sshd[31555]: Disconnecting invalid user Admin 31.184.198.71 port 28873: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:24:53.701Z","@version":"1","message":"Sep  8 23:24:52 honeypot-sgp-1 sshd[31561]: Disconnecting invalid user  31.184.198.71 port 39223: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:25:16.712Z","@version":"1","message":"Sep  8 23:25:16 honeypot-sgp-1 sshd[31568]: Disconnecting invalid user  31.184.198.71 port 51388: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:25:40.724Z","@version":"1","message":"Sep  8 23:25:39 honeypot-sgp-1 sshd[31575]: Disconnecting invalid user admin 31.184.198.71 port 32112: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:26:12.740Z","@version":"1","message":"Sep  8 23:26:12 honeypot-sgp-1 sshd[31582]: Disconnecting invalid user admin 31.184.198.71 port 27847: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:26:37.752Z","@version":"1","message":"Sep  8 23:26:37 honeypot-sgp-1 sshd[31589]: Disconnecting invalid user admin 31.184.198.71 port 51240: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:26:42 honeypot-ams-1 sshd[2293]: Invalid user web from 62.84.125.211 port 45088","@timestamp":"2022-09-08T23:26:42.859Z"}
{"@timestamp":"2022-09-08T23:26:58.763Z","@version":"1","message":"Sep  8 23:26:58 honeypot-sgp-1 sshd[31595]: Invalid user Admin from 112.16.125.165 port 33625","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:27:19.773Z","@version":"1","message":"Sep  8 23:27:19 honeypot-sgp-1 sshd[31601]: Disconnecting invalid user Broadcom 31.184.198.71 port 12926: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:27:50.787Z","@version":"1","message":"Sep  8 23:27:49 honeypot-sgp-1 sshd[31608]: Disconnecting invalid user cusadmin 31.184.198.71 port 12673: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:28:13.799Z","@version":"1","message":"Sep  8 23:28:13 honeypot-sgp-1 sshd[31614]: Disconnecting invalid user sweex 31.184.198.71 port 56289: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:28:46.814Z","@version":"1","message":"Sep  8 23:28:45 honeypot-sgp-1 sshd[31620]: Disconnecting invalid user  31.184.198.71 port 33179: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:29:25.832Z","@version":"1","message":"Sep  8 23:29:25 honeypot-sgp-1 sshd[31626]: Disconnecting invalid user ubnt 31.184.198.71 port 55470: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:29:57.848Z","@version":"1","message":"Sep  8 23:29:57 honeypot-sgp-1 sshd[31632]: Disconnecting invalid user user 31.184.198.71 port 59038: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:30:33.865Z","@version":"1","message":"Sep  8 23:30:33 honeypot-sgp-1 sshd[31639]: Disconnecting invalid user Admin 31.184.198.71 port 59192: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:31:02.879Z","@version":"1","message":"Sep  8 23:31:02 honeypot-sgp-1 sshd[31646]: Invalid user 0 from 31.184.198.71 port 23265","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:31:03 honeypot-ams-1 sshd[2297]: Invalid user claudia from 180.168.95.234 port 46780","@timestamp":"2022-09-08T23:31:03.971Z"}
{"@timestamp":"2022-09-08T23:31:26.890Z","@version":"1","message":"Sep  8 23:31:26 honeypot-sgp-1 sshd[31652]: Invalid user admin from 31.184.198.71 port 42599","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:32:15 honeypot-fra-1 kernel: [83554374.223632] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.102.95 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=32252 DF PROTO=TCP SPT=51182 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-08T23:32:16.243Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:34:08 honeypot-ams-1 sshd[2300]: Disconnected from invalid user yuuichi 142.93.102.173 port 40718 [preauth]","@timestamp":"2022-09-08T23:34:09.050Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:38:32 honeypot-fra-1 sshd[25222]: Received disconnect from 165.22.45.108 port 52514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-08T23:38:32.403Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T23:41:59.133Z","@version":"1","message":"Sep  8 23:41:58 honeypot-sgp-1 sshd[31660]: Received disconnect from 92.255.85.69 port 53050:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:43:23 honeypot-ams-1 sshd[2303]: Invalid user sh from 91.201.240.153 port 47708","@timestamp":"2022-09-08T23:43:23.287Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:44:46 honeypot-fra-1 sshd[25229]: Invalid user 01porn from 141.98.10.158 port 58118","@timestamp":"2022-09-08T23:44:46.542Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-08T23:46:17.232Z","@version":"1","message":"Sep  8 23:46:17 honeypot-sgp-1 sshd[31665]: Invalid user user from 45.61.186.169 port 48128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:46:35.240Z","@version":"1","message":"Sep  8 23:46:35 honeypot-sgp-1 sshd[31669]: Invalid user user from 45.61.186.169 port 42728","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-08T23:46:52.248Z","@version":"1","message":"Sep  8 23:46:51 honeypot-sgp-1 sshd[31673]: Invalid user user from 45.61.186.169 port 37352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  8 23:48:40 honeypot-fra-1 sshd[25233]: Invalid user casillas from 162.215.1.59 port 53666","@timestamp":"2022-09-08T23:48:41.632Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  8 23:52:06 honeypot-ams-1 sshd[2308]: Received disconnect from 134.122.30.242 port 49764:11: Bye Bye [preauth]","@timestamp":"2022-09-08T23:52:07.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:01:54 honeypot-fra-1 sshd[25237]: Disconnected from authenticating user root 92.255.85.69 port 29146 [preauth]","@timestamp":"2022-09-09T00:01:54.940Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:04:06.640Z","@version":"1","message":"Sep  9 00:04:06 honeypot-sgp-1 kernel: [83557963.023936] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=202.51.92.109 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=5255 DF PROTO=TCP SPT=44418 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 00:06:07 honeypot-ams-1 kernel: [83558555.339263] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=51181 PROTO=TCP SPT=41604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:06:07.892Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:12:07 honeypot-fra-1 sshd[25242]: Did not receive identification string from 192.241.216.129 port 42450","@timestamp":"2022-09-09T00:12:08.173Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:15:12 honeypot-ams-1 sshd[2321]: Disconnected from invalid user ilya 151.106.112.77 port 45228 [preauth]","@timestamp":"2022-09-09T00:15:13.129Z"}
{"@timestamp":"2022-09-09T00:15:30.902Z","@version":"1","message":"Sep  9 00:15:30 honeypot-sgp-1 kernel: [83558647.423507] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=486 PROTO=TCP SPT=41604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:25:10 honeypot-fra-1 sshd[25254]: Received disconnect from 92.255.85.69 port 44978:11: Bye Bye [preauth]","@timestamp":"2022-09-09T00:25:11.502Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:26:15.176Z","@version":"1","message":"Sep  9 00:26:14 honeypot-sgp-1 sshd[31689]: Received disconnect from 182.253.113.138 port 34592:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:26:59 honeypot-fra-1 sshd[25261]: Received disconnect from 165.22.42.39 port 48060:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:27:00.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:27:43 honeypot-fra-1 sshd[25265]: Disconnected from invalid user Szimonetta 104.131.68.23 port 56342 [preauth]","@timestamp":"2022-09-09T00:27:44.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:27:53 honeypot-fra-1 sshd[25271]: Connection closed by invalid user admin 128.199.10.193 port 36558 [preauth]","@timestamp":"2022-09-09T00:27:53.570Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:28:33 honeypot-fra-1 sshd[25277]: Invalid user Admin from 103.89.58.230 port 40523","@timestamp":"2022-09-09T00:28:33.588Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:28:55.238Z","@version":"1","message":"Sep  9 00:28:55 honeypot-sgp-1 sshd[31693]: Disconnected from invalid user ben 14.225.17.9 port 36228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:30:34 honeypot-fra-1 sshd[25283]: Disconnected from authenticating user root 165.22.42.39 port 45734 [preauth]","@timestamp":"2022-09-09T00:30:35.637Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:31:36 honeypot-fra-1 sshd[25287]: Disconnected from authenticating user root 165.22.42.39 port 59272 [preauth]","@timestamp":"2022-09-09T00:31:36.662Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:34:22 honeypot-fra-1 sshd[25294]: Received disconnect from 165.22.42.39 port 43408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:34:23.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:35:09 honeypot-ams-1 sshd[2330]: Received disconnect from 212.33.198.55 port 50514:11: Bye Bye [preauth]","@timestamp":"2022-09-09T00:35:09.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:36:54 honeypot-ams-1 sshd[2334]: Connection closed by 162.142.125.7 port 33616 [preauth]","@timestamp":"2022-09-09T00:36:55.707Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:37:20 honeypot-fra-1 sshd[25301]: Invalid user dev from 165.22.42.39 port 55794","@timestamp":"2022-09-09T00:37:20.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:12 honeypot-fra-1 sshd[25305]: Did not receive identification string from 198.98.61.9 port 58764","@timestamp":"2022-09-09T00:39:12.839Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:21 honeypot-fra-1 sshd[25308]: Disconnected from invalid user user 198.98.61.9 port 50984 [preauth]","@timestamp":"2022-09-09T00:39:21.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:39 honeypot-fra-1 sshd[25312]: Disconnected from invalid user user 198.98.61.9 port 45366 [preauth]","@timestamp":"2022-09-09T00:39:39.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:39:56 honeypot-fra-1 sshd[25316]: Disconnected from invalid user user 198.98.61.9 port 39750 [preauth]","@timestamp":"2022-09-09T00:39:56.861Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:40:09 honeypot-fra-1 sshd[25320]: Disconnected from invalid user petrong 165.22.42.39 port 39934 [preauth]","@timestamp":"2022-09-09T00:40:09.868Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:40:17.498Z","@version":"1","message":"Sep  9 00:40:17 honeypot-sgp-1 sshd[31698]: Invalid user clock from 52.139.183.239 port 42564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:41:10 honeypot-fra-1 sshd[25324]: Disconnected from invalid user samson 165.22.42.39 port 53462 [preauth]","@timestamp":"2022-09-09T00:41:10.892Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:42:11.562Z","@version":"1","message":"Sep  9 00:42:10 honeypot-sgp-1 kernel: [83560247.347687] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53792 PROTO=TCP SPT=51105 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:43:02 honeypot-fra-1 sshd[25329]: Disconnected from invalid user dev 165.22.42.39 port 52332 [preauth]","@timestamp":"2022-09-09T00:43:02.936Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:43:13.586Z","@version":"1","message":"Sep  9 00:43:12 honeypot-sgp-1 sshd[31707]: Connection closed by invalid user admin 128.199.160.207 port 56006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:44:44 honeypot-fra-1 kernel: [83558722.755401] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=118.249.41.120 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=39083 DF PROTO=TCP SPT=24006 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T00:44:44.978Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T00:44:53.625Z","@version":"1","message":"Sep  9 00:44:52 honeypot-sgp-1 kernel: [83560409.318006] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.43.195.131 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=17366 DF PROTO=TCP SPT=52009 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:46:41 honeypot-fra-1 sshd[25337]: Invalid user plandevac from 165.22.42.39 port 50004","@timestamp":"2022-09-09T00:46:42.023Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:48:15 honeypot-fra-1 sshd[25342]: Disconnected from authenticating user root 92.255.85.70 port 15708 [preauth]","@timestamp":"2022-09-09T00:48:16.061Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:49:29 honeypot-fra-1 sshd[25346]: Disconnected from invalid user gbadebo 165.22.42.39 port 34136 [preauth]","@timestamp":"2022-09-09T00:49:30.091Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 00:49:44 honeypot-ams-1 sshd[2342]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-09T00:49:45.044Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:52:18 honeypot-fra-1 sshd[25352]: Invalid user sandbox from 165.22.42.39 port 46510","@timestamp":"2022-09-09T00:52:19.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:54:14 honeypot-fra-1 sshd[25357]: Invalid user dev from 165.22.42.39 port 45342","@timestamp":"2022-09-09T00:54:14.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:56:09 honeypot-fra-1 sshd[25361]: Received disconnect from 165.22.42.39 port 44186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T00:56:10.246Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T00:56:10.886Z","@version":"1","message":"Sep  9 00:56:10 honeypot-sgp-1 sshd[31717]: Connection closed by 95.147.209.35 port 48315 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 00:57:40 honeypot-fra-1 sshd[25365]: Disconnected from invalid user john 165.22.45.108 port 38988 [preauth]","@timestamp":"2022-09-09T00:57:41.281Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:00:31 honeypot-ams-1 sshd[2348]: Connection closed by 192.241.216.8 port 59270 [preauth]","@timestamp":"2022-09-09T01:00:32.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:07:59 honeypot-ams-1 sshd[2353]: Received disconnect from 154.120.243.194 port 58006:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:08:00.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:12:18 honeypot-fra-1 sshd[25371]: Disconnected from authenticating user root 92.255.85.69 port 18446 [preauth]","@timestamp":"2022-09-09T01:12:19.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T01:13:14.282Z","@version":"1","message":"Sep  9 01:13:13 honeypot-sgp-1 sshd[31723]: Invalid user prasad from 209.141.52.250 port 45382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:13:34 honeypot-fra-1 sshd[25373]: Disconnected from invalid user dobrynia 89.251.102.54 port 9346 [preauth]","@timestamp":"2022-09-09T01:13:34.645Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T01:15:28.338Z","@version":"1","message":"Sep  9 01:15:27 honeypot-sgp-1 sshd[31727]: Disconnected from authenticating user root 92.255.85.70 port 60082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:15:30 honeypot-ams-1 sshd[2358]: Received disconnect from 190.128.230.98 port 57740:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:15:30.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:17:01 honeypot-ams-1 CRON[2364]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T01:17:01.778Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:20:48 honeypot-fra-1 sshd[25382]: Invalid user nana from 185.74.6.58 port 55714","@timestamp":"2022-09-09T01:20:48.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25398]: Invalid user www from 193.176.239.126 port 60748","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25390]: Invalid user guest from 193.176.239.126 port 60796","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25393]: Invalid user guest from 193.176.239.126 port 60762","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25392]: Invalid user postgres from 193.176.239.126 port 60736","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25385]: Invalid user ubuntu from 193.176.239.126 port 60792","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25390]: Connection closed by invalid user guest 193.176.239.126 port 60796 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25388]: Connection closed by invalid user ftpuser 193.176.239.126 port 60804 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25392]: Connection closed by invalid user postgres 193.176.239.126 port 60736 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:21:34 honeypot-fra-1 sshd[25410]: Connection closed by invalid user git 193.176.239.126 port 60756 [preauth]","@timestamp":"2022-09-09T01:21:34.827Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:28:08 honeypot-ams-1 sshd[2371]: Received disconnect from 92.255.85.69 port 37460:11: Bye Bye [preauth]","@timestamp":"2022-09-09T01:28:09.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:32:04 honeypot-fra-1 sshd[25441]: Connection closed by invalid user jiayu 103.188.176.251 port 53240 [preauth]","@timestamp":"2022-09-09T01:32:05.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:37:42 honeypot-fra-1 sshd[25446]: Disconnected from invalid user bomb 89.251.102.54 port 57962 [preauth]","@timestamp":"2022-09-09T01:37:43.193Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T01:38:49.878Z","@version":"1","message":"Sep  9 01:38:49 honeypot-sgp-1 sshd[31738]: Received disconnect from 92.255.85.70 port 54368:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 01:40:18 honeypot-ams-1 sshd[2377]: Connection closed by invalid user Admin 1.221.23.26 port 36845 [preauth]","@timestamp":"2022-09-09T01:40:19.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:43:05 honeypot-fra-1 sshd[25452]: Disconnected from authenticating user root 138.197.142.81 port 41716 [preauth]","@timestamp":"2022-09-09T01:43:05.315Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T01:47:46.091Z","@version":"1","message":"Sep  9 01:47:45 honeypot-sgp-1 kernel: [83564181.699127] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=12115 PROTO=TCP SPT=47769 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 01:50:07 honeypot-ams-1 kernel: [83564795.225666] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=26428 PROTO=TCP SPT=58860 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:50:08.650Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:50:24 honeypot-fra-1 sshd[25457]: Received disconnect from 165.22.45.108 port 49466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T01:50:25.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 01:50:35 honeypot-fra-1 kernel: [83562673.224981] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.42.105.14 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=117 ID=38458 DF PROTO=TCP SPT=38104 DPT=80 WINDOW=42340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T01:50:35.484Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T01:52:14.201Z","@version":"1","message":"Sep  9 01:52:14 honeypot-sgp-1 sshd[31747]: Invalid user user from 45.61.186.249 port 33876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:25.207Z","@version":"1","message":"Sep  9 01:52:24 honeypot-sgp-1 sshd[31751]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:41.215Z","@version":"1","message":"Sep  9 01:52:40 honeypot-sgp-1 sshd[31754]: Disconnected from invalid user user 45.61.186.249 port 39400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T01:52:58.223Z","@version":"1","message":"Sep  9 01:52:57 honeypot-sgp-1 sshd[31758]: Disconnected from invalid user user 45.61.186.249 port 33662 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:06:10 honeypot-ams-1 sshd[2384]: Invalid user roberto from 158.69.111.17 port 47430","@timestamp":"2022-09-09T02:06:10.065Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:06:56 honeypot-fra-1 kernel: [83563654.459833] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.142.236.41 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=118 ID=14402 PROTO=TCP SPT=17340 DPT=80 WINDOW=9870 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:06:56.875Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T02:08:44.607Z","@version":"1","message":"Sep  9 02:08:44 honeypot-sgp-1 kernel: [83565440.558235] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49375 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:17 honeypot-ams-1 sshd[2391]: Invalid user user from 198.98.61.9 port 34310","@timestamp":"2022-09-09T02:12:17.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:34 honeypot-ams-1 sshd[2395]: Invalid user user from 198.98.61.9 port 57020","@timestamp":"2022-09-09T02:12:35.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:12:49 honeypot-ams-1 sshd[2399]: Invalid user user from 198.98.61.9 port 51500","@timestamp":"2022-09-09T02:12:50.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:13:08 honeypot-ams-1 sshd[2403]: Invalid user user from 198.98.61.9 port 45966","@timestamp":"2022-09-09T02:13:08.257Z"}
{"@timestamp":"2022-09-09T02:14:01.738Z","@version":"1","message":"Sep  9 02:14:01 honeypot-sgp-1 sshd[32212]: Received disconnect from 45.61.186.49 port 35668:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:14:12.744Z","@version":"1","message":"Sep  9 02:14:12 honeypot-sgp-1 sshd[32216]: Received disconnect from 45.61.186.49 port 47266:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:17:01 honeypot-ams-1 CRON[2407]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T02:17:01.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:17:01 honeypot-fra-1 CRON[25466]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T02:17:02.102Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T02:24:14.986Z","@version":"1","message":"Sep  9 02:24:14 honeypot-sgp-1 kernel: [83566370.904463] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25728 PROTO=TCP SPT=31671 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:29:54 honeypot-fra-1 kernel: [83565032.371085] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.156.105.30 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=18667 DF PROTO=TCP SPT=39629 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:29:54.391Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:33:40 honeypot-ams-1 sshd[2414]: Received disconnect from 185.100.86.74 port 38843:11: Bye Bye [preauth]","@timestamp":"2022-09-09T02:33:40.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:37:24 honeypot-fra-1 kernel: [83565482.360831] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=19514 DF PROTO=TCP SPT=59506 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-09T02:37:24.560Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T02:37:31.308Z","@version":"1","message":"Sep  9 02:37:31 honeypot-sgp-1 sshd[32229]: Invalid user sanjeev from 163.177.9.152 port 58806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 02:37:36 honeypot-ams-1 sshd[2419]: Received disconnect from 103.215.221.158 port 32860:11: Bye Bye [preauth]","@timestamp":"2022-09-09T02:37:36.916Z"}
{"@timestamp":"2022-09-09T02:38:10.326Z","@version":"1","message":"Sep  9 02:38:10 honeypot-sgp-1 sshd[32234]: Invalid user user from 198.98.61.9 port 55436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:26.334Z","@version":"1","message":"Sep  9 02:38:25 honeypot-sgp-1 sshd[32238]: Invalid user user from 198.98.61.9 port 49678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:40.340Z","@version":"1","message":"Sep  9 02:38:40 honeypot-sgp-1 sshd[32242]: Invalid user user from 198.98.61.9 port 43934","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:38:54.347Z","@version":"1","message":"Sep  9 02:38:53 honeypot-sgp-1 sshd[32246]: Invalid user user from 198.98.61.9 port 38180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:39:35.366Z","@version":"1","message":"Sep  9 02:39:35 honeypot-sgp-1 sshd[32250]: Received disconnect from 34.126.71.110 port 40378:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T02:40:10.383Z","@version":"1","message":"Sep  9 02:40:10 honeypot-sgp-1 kernel: [83567326.558313] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=19533 PROTO=TCP SPT=45488 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 02:43:04 honeypot-ams-1 kernel: [83567972.165720] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.132.109.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33074 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:43:05.062Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:44:19 honeypot-fra-1 sshd[25484]: Disconnected from invalid user johnhauser 165.22.45.108 port 59306 [preauth]","@timestamp":"2022-09-09T02:44:19.718Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 02:51:07 honeypot-ams-1 kernel: [83568454.455518] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.69.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35290 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:51:07.276Z"}
{"@timestamp":"2022-09-09T02:54:58.737Z","@version":"1","message":"Sep  9 02:54:58 honeypot-sgp-1 kernel: [83568214.444588] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=38.132.109.186 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50512 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 02:57:44 honeypot-fra-1 kernel: [83566702.770279] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51258 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T02:57:45.018Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:00:17 honeypot-ams-1 sshd[2435]: Disconnected from authenticating user root 92.255.85.70 port 57494 [preauth]","@timestamp":"2022-09-09T03:00:18.529Z"}
{"@timestamp":"2022-09-09T03:01:02.885Z","@version":"1","message":"Sep  9 03:01:02 honeypot-sgp-1 sshd[32262]: Received disconnect from 96.56.221.138 port 24863:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:02:19 honeypot-fra-1 sshd[25497]: Connection closed by invalid user pi 178.203.150.241 port 51051 [preauth]","@timestamp":"2022-09-09T03:02:20.123Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:02:45 honeypot-ams-1 sshd[2442]: Received disconnect from 45.61.186.49 port 59226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:02:46.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:02:59 honeypot-ams-1 sshd[2446]: Received disconnect from 45.61.186.49 port 42116:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:02:59.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:05:34 honeypot-ams-1 sshd[2451]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-09T03:05:34.675Z"}
{"@timestamp":"2022-09-09T03:09:16.086Z","@version":"1","message":"Sep  9 03:09:15 honeypot-sgp-1 sshd[32265]: Disconnected from authenticating user root 43.153.25.94 port 47930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:10:31 honeypot-fra-1 kernel: [83567469.213612] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.32.220.209 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=6524 DF PROTO=TCP SPT=41169 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:10:31.308Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:11:33 honeypot-fra-1 sshd[25506]: Disconnected from invalid user john 165.22.45.108 port 35976 [preauth]","@timestamp":"2022-09-09T03:11:33.333Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:11:36 honeypot-ams-1 sshd[2454]: Disconnected from authenticating user root 165.22.42.39 port 42572 [preauth]","@timestamp":"2022-09-09T03:11:36.833Z"}
{"@timestamp":"2022-09-09T03:12:19.161Z","@version":"1","message":"Sep  9 03:12:18 honeypot-sgp-1 sshd[32269]: Disconnected from invalid user bob 212.33.250.241 port 59706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:14:23 honeypot-ams-1 sshd[2463]: Received disconnect from 165.22.42.39 port 54938:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:14:24.909Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:16:20 honeypot-ams-1 sshd[2467]: Disconnected from authenticating user root 165.22.42.39 port 53786 [preauth]","@timestamp":"2022-09-09T03:16:20.961Z"}
{"@timestamp":"2022-09-09T03:17:39.291Z","@version":"1","message":"Sep  9 03:17:38 honeypot-sgp-1 sshd[32277]: Received disconnect from 128.199.247.226 port 59388:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:18:16 honeypot-ams-1 sshd[2474]: Disconnected from authenticating user root 165.22.42.39 port 52622 [preauth]","@timestamp":"2022-09-09T03:18:17.013Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:20:58 honeypot-ams-1 kernel: [83570246.006771] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=155.4.218.221 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=7552 DF PROTO=TCP SPT=14973 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:20:59.086Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:22:58 honeypot-ams-1 sshd[2485]: Disconnected from authenticating user root 92.255.85.70 port 26612 [preauth]","@timestamp":"2022-09-09T03:22:59.141Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:24:17 honeypot-fra-1 kernel: [83568295.669500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.101.90 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36931 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:24:18.618Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:24:44 honeypot-ams-1 kernel: [83570471.667646] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.27 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=49582 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:24:45.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:25:55 honeypot-ams-1 sshd[2496]: Received disconnect from 165.22.42.39 port 48136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:25:56.223Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 03:27:37 honeypot-ams-1 kernel: [83570645.326895] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.175.142.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=54455 PROTO=TCP SPT=8160 DPT=443 WINDOW=61712 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:27:38.269Z"}
{"@timestamp":"2022-09-09T03:28:44.556Z","@version":"1","message":"Sep  9 03:28:43 honeypot-sgp-1 kernel: [83570240.254069] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=59607 PROTO=TCP SPT=52628 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:29:41 honeypot-ams-1 sshd[2504]: Invalid user dev from 165.22.42.39 port 45826","@timestamp":"2022-09-09T03:29:42.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:30:39 honeypot-ams-1 sshd[2509]: Invalid user laura from 159.65.181.179 port 58994","@timestamp":"2022-09-09T03:30:39.353Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:32:25 honeypot-ams-1 sshd[2513]: Received disconnect from 165.22.42.39 port 58224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:32:25.397Z"}
{"@timestamp":"2022-09-09T03:34:08.687Z","@version":"1","message":"Sep  9 03:34:07 honeypot-sgp-1 sshd[32285]: Invalid user abby from 52.151.24.212 port 37790","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:34:15 honeypot-ams-1 sshd[2517]: Disconnected from authenticating user root 165.22.42.39 port 57060 [preauth]","@timestamp":"2022-09-09T03:34:15.459Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:36:08 honeypot-ams-1 sshd[2523]: Invalid user gbadebo from 165.22.42.39 port 55906","@timestamp":"2022-09-09T03:36:09.510Z"}
{"@timestamp":"2022-09-09T03:37:18.765Z","@version":"1","message":"Sep  9 03:37:18 honeypot-sgp-1 kernel: [83570754.743645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.198.141.31 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34696 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:37:35 honeypot-fra-1 kernel: [83569093.446024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=16875 DF PROTO=TCP SPT=53295 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T03:37:35.913Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:37:56 honeypot-ams-1 sshd[2527]: Received disconnect from 165.22.42.39 port 54742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:37:57.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:39:41 honeypot-fra-1 sshd[25523]: Received disconnect from 158.69.111.17 port 45908:11: Bye Bye [preauth]","@timestamp":"2022-09-09T03:39:41.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:39:50 honeypot-ams-1 sshd[2531]: Received disconnect from 165.22.42.39 port 53578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:39:51.606Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:41:43 honeypot-fra-1 kernel: [83569341.339071] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=13555 DF PROTO=TCP SPT=49460 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-09T03:41:44.010Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:41:45 honeypot-ams-1 sshd[2536]: Received disconnect from 165.22.42.39 port 52424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T03:41:45.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:43:44 honeypot-ams-1 sshd[2540]: Disconnected from authenticating user root 165.22.42.39 port 51264 [preauth]","@timestamp":"2022-09-09T03:43:45.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25537]: Invalid user postgres from 194.247.12.102 port 46442","@timestamp":"2022-09-09T03:43:57.065Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25540]: Invalid user ec2-user from 194.247.12.102 port 46406","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25537]: Connection closed by invalid user postgres 194.247.12.102 port 46442 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25542]: Connection closed by invalid user esuser 194.247.12.102 port 46454 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25530]: Connection closed by invalid user es 194.247.12.102 port 46420 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25529]: Invalid user oracle from 194.247.12.102 port 46380","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25551]: Invalid user ubuntu from 194.247.12.102 port 46450","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25553]: Connection closed by invalid user test 194.247.12.102 port 46424 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:43:56 honeypot-fra-1 sshd[25556]: Connection closed by invalid user vagrant 194.247.12.102 port 46448 [preauth]","@timestamp":"2022-09-09T03:43:57.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:46:10 honeypot-fra-1 sshd[25585]: Disconnected from invalid user xg 128.199.145.5 port 49845 [preauth]","@timestamp":"2022-09-09T03:46:10.117Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:49:37 honeypot-ams-1 sshd[2558]: Invalid user takechi from 134.209.212.125 port 59794","@timestamp":"2022-09-09T03:49:37.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:49:59 honeypot-fra-1 sshd[25590]: Invalid user nagios from 220.134.113.188 port 54944","@timestamp":"2022-09-09T03:50:00.206Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T03:53:07.144Z","@version":"1","message":"Sep  9 03:53:06 honeypot-sgp-1 sshd[32294]: Received disconnect from 103.70.144.140 port 45710:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:53:31 honeypot-ams-1 sshd[2562]: Did not receive identification string from 31.52.230.39 port 41378","@timestamp":"2022-09-09T03:53:32.962Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:54:39 honeypot-fra-1 sshd[25594]: Did not receive identification string from 45.61.187.160 port 52356","@timestamp":"2022-09-09T03:54:40.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:03 honeypot-fra-1 sshd[25598]: Disconnected from invalid user user 45.61.187.160 port 41824 [preauth]","@timestamp":"2022-09-09T03:55:03.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:24 honeypot-fra-1 sshd[25602]: Disconnected from invalid user user 45.61.187.160 port 36840 [preauth]","@timestamp":"2022-09-09T03:55:24.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 03:55:43 honeypot-fra-1 sshd[25606]: Disconnected from invalid user user 45.61.187.160 port 60098 [preauth]","@timestamp":"2022-09-09T03:55:44.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 03:56:03 honeypot-ams-1 sshd[2567]: Disconnected from invalid user javier 159.223.195.196 port 42394 [preauth]","@timestamp":"2022-09-09T03:56:04.030Z"}
{"@timestamp":"2022-09-09T03:57:17.249Z","@version":"1","message":"Sep  9 03:57:16 honeypot-sgp-1 sshd[32300]: Received disconnect from 92.255.85.70 port 19072:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:03:57 honeypot-ams-1 sshd[2571]: Connection closed by authenticating user root 103.188.176.251 port 55184 [preauth]","@timestamp":"2022-09-09T04:03:58.236Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:03 honeypot-fra-1 sshd[25623]: Invalid user user from 141.255.162.226 port 52596","@timestamp":"2022-09-09T04:05:04.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:05 honeypot-fra-1 sshd[25627]: Invalid user user from 141.255.162.226 port 41096","@timestamp":"2022-09-09T04:05:06.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:09 honeypot-fra-1 sshd[25631]: Invalid user user from 141.255.162.226 port 57856","@timestamp":"2022-09-09T04:05:09.554Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:05:12 honeypot-fra-1 sshd[25635]: Invalid user user from 141.255.162.226 port 46384","@timestamp":"2022-09-09T04:05:13.556Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T04:05:23.440Z","@version":"1","message":"Sep  9 04:05:23 honeypot-sgp-1 kernel: [83572439.369864] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.142 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50276 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:06:44 honeypot-fra-1 sshd[25637]: Disconnected from invalid user john 165.22.45.108 port 45858 [preauth]","@timestamp":"2022-09-09T04:06:44.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:09:51 honeypot-fra-1 sshd[25645]: Disconnected from invalid user madalin 137.184.136.17 port 43074 [preauth]","@timestamp":"2022-09-09T04:09:51.665Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:14:04 honeypot-ams-1 sshd[2579]: Disconnected from authenticating user root 61.177.173.36 port 59114 [preauth]","@timestamp":"2022-09-09T04:14:04.492Z"}
{"@timestamp":"2022-09-09T04:14:25.659Z","@version":"1","message":"Sep  9 04:14:25 honeypot-sgp-1 sshd[32312]: Invalid user  from 152.32.142.133 port 21868","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:15:59 honeypot-fra-1 sshd[25651]: Received disconnect from 45.61.184.204 port 38536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T04:15:59.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:16:18 honeypot-fra-1 sshd[25655]: Received disconnect from 45.61.184.204 port 33582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T04:16:18.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:16:37 honeypot-fra-1 sshd[25659]: Received disconnect from 45.61.184.204 port 56872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T04:16:37.837Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:17:01 honeypot-fra-1 CRON[25663]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T04:17:01.847Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T04:17:02.725Z","@version":"1","message":"Sep  9 04:17:01 honeypot-sgp-1 CRON[32317]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 04:17:21 honeypot-ams-1 kernel: [83573628.499422] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.82.47.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40596 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:17:21.575Z"}
{"@timestamp":"2022-09-09T04:18:27.762Z","@version":"1","message":"Sep  9 04:18:26 honeypot-sgp-1 sshd[32324]: Received disconnect from 161.132.209.246 port 35800:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:20:55 honeypot-fra-1 sshd[25669]: Disconnected from invalid user hotline 167.86.98.235 port 56302 [preauth]","@timestamp":"2022-09-09T04:20:55.934Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T04:26:32.956Z","@version":"1","message":"Sep  9 04:26:32 honeypot-sgp-1 sshd[32332]: Received disconnect from 178.176.225.151 port 60984:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T04:28:07.997Z","@version":"1","message":"Sep  9 04:28:07 honeypot-sgp-1 sshd[32336]: Invalid user kuwahara from 170.210.203.212 port 50737","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:29:04 honeypot-fra-1 kernel: [83572182.615548] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.17 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61343 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:29:05.115Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:29:22 honeypot-ams-1 sshd[2596]: Connection closed by 180.76.173.237 port 53846 [preauth]","@timestamp":"2022-09-09T04:29:22.901Z"}
{"@timestamp":"2022-09-09T04:32:32.101Z","@version":"1","message":"Sep  9 04:32:31 honeypot-sgp-1 sshd[32341]: Connection closed by invalid user user1 103.188.176.251 port 57282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T04:39:24.267Z","@version":"1","message":"Sep  9 04:39:23 honeypot-sgp-1 kernel: [83574480.221994] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=53393 PROTO=TCP SPT=56258 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:40:44 honeypot-ams-1 sshd[2604]: Disconnected from authenticating user root 61.177.173.36 port 61908 [preauth]","@timestamp":"2022-09-09T04:40:44.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:41:53 honeypot-fra-1 sshd[25676]: Invalid user james from 91.138.228.31 port 49384","@timestamp":"2022-09-09T04:41:54.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:47:25 honeypot-ams-1 sshd[2609]: Disconnected from 61.177.173.49 port 56341 [preauth]","@timestamp":"2022-09-09T04:47:26.395Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:48:33 honeypot-fra-1 kernel: [83573350.805227] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.174.99.62 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=10814 DF PROTO=TCP SPT=12209 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:48:33.561Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:49:05 honeypot-ams-1 sshd[2615]: Disconnected from invalid user okachi 167.86.95.16 port 55904 [preauth]","@timestamp":"2022-09-09T04:49:06.443Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 04:51:54 honeypot-ams-1 sshd[2620]: Disconnected from invalid user demo 188.234.247.110 port 50608 [preauth]","@timestamp":"2022-09-09T04:51:55.518Z"}
{"@timestamp":"2022-09-09T04:53:14.615Z","@version":"1","message":"Sep  9 04:53:14 honeypot-sgp-1 kernel: [83575310.644674] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.41 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35842 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 04:57:16 honeypot-fra-1 sshd[25685]: Did not receive identification string from 115.182.232.8 port 38676","@timestamp":"2022-09-09T04:57:16.761Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 04:58:06 honeypot-ams-1 kernel: [83576073.380716] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=84.38.185.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56030 PROTO=TCP SPT=12138 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T04:58:06.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:01:51 honeypot-fra-1 sshd[25689]: Invalid user john from 165.22.45.108 port 55730","@timestamp":"2022-09-09T05:01:51.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:12:09 honeypot-ams-1 sshd[2635]: Connection closed by 180.76.173.237 port 40716 [preauth]","@timestamp":"2022-09-09T05:12:10.079Z"}
{"@timestamp":"2022-09-09T05:17:02.189Z","@version":"1","message":"Sep  9 05:17:01 honeypot-sgp-1 CRON[32354]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 05:17:57 honeypot-ams-1 kernel: [83577264.674160] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=52.228.157.3 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=22907 PROTO=TCP SPT=8132 DPT=80 WINDOW=15332 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:17:58.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:23 honeypot-fra-1 kernel: [83575440.796927] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.212.53.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=12823 DF PROTO=TCP SPT=36362 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:23:23.367Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25699]: Invalid user www from 194.247.12.102 port 56422","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25702]: Invalid user postgres from 194.247.12.102 port 56490","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25707]: Invalid user esuser from 194.247.12.102 port 56514","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25716]: Invalid user devops from 194.247.12.102 port 56430","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25698]: Connection closed by invalid user test 194.247.12.102 port 56516 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25710]: Connection closed by authenticating user root 194.247.12.102 port 56438 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25721]: Connection closed by invalid user devops 194.247.12.102 port 56494 [preauth]","@timestamp":"2022-09-09T05:23:50.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25716]: Connection closed by invalid user devops 194.247.12.102 port 56430 [preauth]","@timestamp":"2022-09-09T05:23:50.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25717]: Connection closed by invalid user ftpuser 194.247.12.102 port 56454 [preauth]","@timestamp":"2022-09-09T05:23:50.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:23:50 honeypot-fra-1 sshd[25724]: Connection closed by invalid user oracle 194.247.12.102 port 56522 [preauth]","@timestamp":"2022-09-09T05:23:50.379Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:23:51 honeypot-ams-1 sshd[2648]: Connection reset by 61.177.173.51 port 17011 [preauth]","@timestamp":"2022-09-09T05:23:52.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:32:06 honeypot-fra-1 sshd[25760]: Received disconnect from 191.185.66.134 port 35134:11: Bye Bye [preauth]","@timestamp":"2022-09-09T05:32:07.572Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T05:32:35.556Z","@version":"1","message":"Sep  9 05:32:34 honeypot-sgp-1 sshd[32361]: Received disconnect from 121.7.31.13 port 8889:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:37:38 honeypot-ams-1 sshd[2658]: Did not receive identification string from 45.61.187.160 port 55624","@timestamp":"2022-09-09T05:37:38.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:02 honeypot-ams-1 sshd[2661]: Disconnected from invalid user user 45.61.187.160 port 43850 [preauth]","@timestamp":"2022-09-09T05:38:02.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:21 honeypot-ams-1 sshd[2665]: Disconnected from invalid user user 45.61.187.160 port 38966 [preauth]","@timestamp":"2022-09-09T05:38:21.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:38:39 honeypot-ams-1 sshd[2669]: Disconnected from invalid user user 45.61.187.160 port 34068 [preauth]","@timestamp":"2022-09-09T05:38:39.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:40:11 honeypot-ams-1 sshd[2674]: Received disconnect from 61.177.173.49 port 47428:11:  [preauth]","@timestamp":"2022-09-09T05:40:11.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:41:28 honeypot-ams-1 sshd[2679]: Received disconnect from 80.76.51.43 port 35314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:41:28.852Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:41:45 honeypot-fra-1 sshd[25763]: Disconnecting invalid user admin 119.240.188.148 port 60409: Too many authentication failures [preauth]","@timestamp":"2022-09-09T05:41:46.791Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T05:41:52.777Z","@version":"1","message":"Sep  9 05:41:51 honeypot-sgp-1 kernel: [83578228.043115] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.92.22.93 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=42001 PROTO=TCP SPT=42109 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:41:57 honeypot-ams-1 sshd[2685]: Disconnected from authenticating user root 80.76.51.43 port 35814 [preauth]","@timestamp":"2022-09-09T05:41:57.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:42:39 honeypot-ams-1 sshd[2693]: Disconnected from authenticating user root 80.76.51.43 port 50832 [preauth]","@timestamp":"2022-09-09T05:42:39.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:43:21 honeypot-ams-1 sshd[2699]: Disconnected from authenticating user root 80.76.51.43 port 37722 [preauth]","@timestamp":"2022-09-09T05:43:21.910Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:44:03 honeypot-ams-1 sshd[2705]: Invalid user git from 80.76.51.43 port 52684","@timestamp":"2022-09-09T05:44:03.932Z"}
{"@timestamp":"2022-09-09T05:47:32.913Z","@version":"1","message":"Sep  9 05:47:32 honeypot-sgp-1 sshd[32370]: Invalid user user from 45.61.184.204 port 53802","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:47:51.922Z","@version":"1","message":"Sep  9 05:47:51 honeypot-sgp-1 sshd[32374]: Invalid user user from 45.61.184.204 port 48798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:48:10.932Z","@version":"1","message":"Sep  9 05:48:09 honeypot-sgp-1 sshd[32378]: Invalid user user from 45.61.184.204 port 43796","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:48:15 honeypot-ams-1 sshd[2711]: Received disconnect from 45.61.187.160 port 44752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:48:16.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:48:35 honeypot-ams-1 sshd[2715]: Received disconnect from 45.61.187.160 port 39690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:48:36.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:48:53 honeypot-ams-1 sshd[2721]: Received disconnect from 45.61.187.160 port 34660:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:48:54.062Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:48:55 honeypot-fra-1 sshd[25769]: Connection closed by 152.32.253.11 port 43176 [preauth]","@timestamp":"2022-09-09T05:48:55.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 05:49:11 honeypot-ams-1 sshd[2725]: Received disconnect from 45.61.187.160 port 57850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T05:49:12.073Z"}
{"@timestamp":"2022-09-09T05:55:33.106Z","@version":"1","message":"Sep  9 05:55:32 honeypot-sgp-1 kernel: [83579048.542757] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.79.136.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58326 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:10.148Z","@version":"1","message":"Sep  9 05:57:10 honeypot-sgp-1 sshd[32386]: Received disconnect from 141.255.162.226 port 53112:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:12.149Z","@version":"1","message":"Sep  9 05:57:11 honeypot-sgp-1 sshd[32390]: Received disconnect from 141.255.162.226 port 39878:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:15.152Z","@version":"1","message":"Sep  9 05:57:14 honeypot-sgp-1 sshd[32394]: Received disconnect from 141.255.162.226 port 47386:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:57:19.154Z","@version":"1","message":"Sep  9 05:57:18 honeypot-sgp-1 sshd[32398]: Received disconnect from 141.255.162.226 port 41678:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T05:58:30.185Z","@version":"1","message":"Sep  9 05:58:29 honeypot-sgp-1 sshd[32402]: Disconnected from authenticating user root 64.225.43.245 port 36838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 05:58:49 honeypot-fra-1 kernel: [83577567.023074] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.237.145.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38241 PROTO=TCP SPT=43126 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T05:58:50.183Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 06:00:00 honeypot-ams-1 kernel: [83579788.046959] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.79.136.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=34214 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:00:01.352Z"}
{"@timestamp":"2022-09-09T06:00:49.242Z","@version":"1","message":"Sep  9 06:00:49 honeypot-sgp-1 sshd[32409]: Disconnected from authenticating user root 64.225.43.245 port 49212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:03:09.301Z","@version":"1","message":"Sep  9 06:03:08 honeypot-sgp-1 sshd[32415]: Disconnected from authenticating user root 64.225.43.245 port 33430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:03:37.315Z","@version":"1","message":"Sep  9 06:03:36 honeypot-sgp-1 sshd[32420]: Received disconnect from 45.61.186.49 port 33862:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:03:46.321Z","@version":"1","message":"Sep  9 06:03:46 honeypot-sgp-1 sshd[32424]: Received disconnect from 45.61.186.49 port 45508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:04:52 honeypot-fra-1 sshd[25777]: Disconnected from invalid user aecpro 195.158.18.237 port 54006 [preauth]","@timestamp":"2022-09-09T06:04:53.317Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:05:22.363Z","@version":"1","message":"Sep  9 06:05:21 honeypot-sgp-1 kernel: [83579638.103850] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.218.142 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46832 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:06:30 honeypot-ams-1 sshd[2739]: Did not receive identification string from 152.32.154.27 port 41098","@timestamp":"2022-09-09T06:06:30.523Z"}
{"@timestamp":"2022-09-09T06:07:02.408Z","@version":"1","message":"Sep  9 06:07:02 honeypot-sgp-1 sshd[32435]: Invalid user dev from 64.225.43.245 port 44640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 06:08:21 honeypot-ams-1 kernel: [83580288.394162] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11632 PROTO=TCP SPT=40397 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:08:21.573Z"}
{"@timestamp":"2022-09-09T06:08:37.448Z","@version":"1","message":"Sep  9 06:08:36 honeypot-sgp-1 sshd[32439]: Invalid user schoosoft from 64.225.43.245 port 43482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:10:12.489Z","@version":"1","message":"Sep  9 06:10:11 honeypot-sgp-1 sshd[32443]: Invalid user samson from 64.225.43.245 port 42320","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:11:45.529Z","@version":"1","message":"Sep  9 06:11:45 honeypot-sgp-1 sshd[32448]: Received disconnect from 64.225.43.245 port 41160:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:12:33.552Z","@version":"1","message":"Sep  9 06:12:32 honeypot-sgp-1 sshd[32450]: Disconnected from invalid user samson 64.225.43.245 port 54694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:13:05 honeypot-fra-1 kernel: [83578423.153244] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42796 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:13:06.504Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T06:14:06.592Z","@version":"1","message":"Sep  9 06:14:06 honeypot-sgp-1 sshd[32454]: Disconnected from authenticating user root 64.225.43.245 port 53532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:15:39.632Z","@version":"1","message":"Sep  9 06:15:39 honeypot-sgp-1 sshd[32458]: Disconnected from authenticating user root 64.225.43.245 port 52372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:17:12.675Z","@version":"1","message":"Sep  9 06:17:12 honeypot-sgp-1 sshd[32466]: Invalid user gbadebo from 64.225.43.245 port 51212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:18:07 honeypot-ams-1 sshd[2759]: Received disconnect from 58.27.95.2 port 48220:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:18:07.822Z"}
{"@timestamp":"2022-09-09T06:18:47.715Z","@version":"1","message":"Sep  9 06:18:47 honeypot-sgp-1 sshd[32470]: Received disconnect from 64.225.43.245 port 50052:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:20:25.757Z","@version":"1","message":"Sep  9 06:20:25 honeypot-sgp-1 sshd[32474]: Received disconnect from 64.225.43.245 port 48890:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:20:30 honeypot-fra-1 sshd[25788]: Invalid user tester from 141.98.10.158 port 52060","@timestamp":"2022-09-09T06:20:31.674Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:20:59 honeypot-ams-1 sshd[2764]: Received disconnect from 104.131.33.117 port 56706:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:20:59.903Z"}
{"@timestamp":"2022-09-09T06:21:13.781Z","@version":"1","message":"Sep  9 06:21:13 honeypot-sgp-1 sshd[32479]: Disconnected from invalid user dev 64.225.43.245 port 34198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T06:23:34.841Z","@version":"1","message":"Sep  9 06:23:34 honeypot-sgp-1 sshd[32486]: Received disconnect from 64.225.43.245 port 46572:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:23:51 honeypot-ams-1 sshd[2771]: Received disconnect from 186.233.210.86 port 37156:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:23:51.978Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:24:42 honeypot-fra-1 kernel: [83579120.229910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56634 PROTO=TCP SPT=34485 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:24:42.769Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:28:23 honeypot-ams-1 sshd[2944]: Disconnected from authenticating user root 61.177.172.114 port 36972 [preauth]","@timestamp":"2022-09-09T06:28:24.099Z"}
{"@timestamp":"2022-09-09T06:31:06.029Z","@version":"1","message":"Sep  9 06:31:05 honeypot-sgp-1 kernel: [83581181.983552] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=16658 DF PROTO=TCP SPT=63413 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:31:17 honeypot-fra-1 kernel: [83579515.066791] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.33.247.52 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=11931 DF PROTO=TCP SPT=43434 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:31:17.919Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:40:05 honeypot-ams-1 sshd[2952]: Invalid user user1 from 103.188.176.251 port 51194","@timestamp":"2022-09-09T06:40:06.400Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:18 honeypot-fra-1 sshd[26028]: Did not receive identification string from 43.138.54.131 port 34426","@timestamp":"2022-09-09T06:40:19.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:20 honeypot-fra-1 sshd[26031]: Connection closed by invalid user ts3 43.138.54.131 port 38820 [preauth]","@timestamp":"2022-09-09T06:40:21.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:23 honeypot-fra-1 sshd[26039]: Connection closed by invalid user mcserv 43.138.54.131 port 38822 [preauth]","@timestamp":"2022-09-09T06:40:24.123Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:27 honeypot-fra-1 sshd[26045]: Connection closed by invalid user ec2-user 43.138.54.131 port 38838 [preauth]","@timestamp":"2022-09-09T06:40:28.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:35 honeypot-fra-1 sshd[26055]: Invalid user ts3server from 43.138.54.131 port 38828","@timestamp":"2022-09-09T06:40:35.130Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:35 honeypot-fra-1 sshd[26056]: Connection closed by invalid user devops 43.138.54.131 port 38890 [preauth]","@timestamp":"2022-09-09T06:40:36.130Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:40:51 honeypot-fra-1 sshd[26063]: Connection closed by invalid user vagrant 43.138.54.131 port 38874 [preauth]","@timestamp":"2022-09-09T06:40:52.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:40:59.275Z","@version":"1","message":"Sep  9 06:40:59 honeypot-sgp-1 sshd[32639]: Received disconnect from 133.130.103.212 port 37746:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:14 honeypot-ams-1 sshd[2959]: Invalid user user from 45.61.186.169 port 50616","@timestamp":"2022-09-09T06:41:15.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:32 honeypot-ams-1 sshd[2963]: Invalid user user from 45.61.186.169 port 46088","@timestamp":"2022-09-09T06:41:32.443Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:40 honeypot-ams-1 sshd[2967]: Received disconnect from 45.61.186.169 port 57942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:41:41.448Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:41:45 honeypot-fra-1 sshd[26071]: Invalid user courtney from 46.101.31.237 port 58700","@timestamp":"2022-09-09T06:41:46.160Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:41:56 honeypot-ams-1 sshd[2971]: Received disconnect from 45.61.186.169 port 53414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T06:41:57.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:42:40 honeypot-ams-1 sshd[2975]: Received disconnect from 139.59.14.1 port 53580:11: Bye Bye [preauth]","@timestamp":"2022-09-09T06:42:40.477Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 06:44:11 honeypot-ams-1 sshd[2982]: Invalid user courtney from 178.128.184.213 port 45836","@timestamp":"2022-09-09T06:44:11.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26090]: Invalid user centos from 20.115.2.51 port 48068","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26082]: Invalid user ftpuser from 20.115.2.51 port 48064","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26099]: Invalid user oracle from 20.115.2.51 port 48026","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26088]: Invalid user testuser from 20.115.2.51 port 48080","@timestamp":"2022-09-09T06:46:01.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26086]: Invalid user git from 20.115.2.51 port 48022","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26089]: Connection closed by authenticating user root 20.115.2.51 port 48086 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26082]: Connection closed by invalid user ftpuser 20.115.2.51 port 48064 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26086]: Connection closed by invalid user git 20.115.2.51 port 48022 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26080]: Connection closed by invalid user guest 20.115.2.51 port 48032 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:46:01 honeypot-fra-1 sshd[26097]: Connection closed by invalid user upload 20.115.2.51 port 48042 [preauth]","@timestamp":"2022-09-09T06:46:02.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:49:42 honeypot-fra-1 sshd[26139]: Invalid user user from 45.61.187.160 port 54608","@timestamp":"2022-09-09T06:49:43.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T06:49:44.493Z","@version":"1","message":"Sep  9 06:49:44 honeypot-sgp-1 sshd[32742]: Invalid user dennis from 144.126.215.161 port 52796","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 06:49:45 honeypot-ams-1 kernel: [83582772.717553] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.118 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46782 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:49:45.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:49:57 honeypot-fra-1 sshd[26143]: Did not receive identification string from 141.255.162.226 port 36120","@timestamp":"2022-09-09T06:49:58.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:09 honeypot-fra-1 sshd[26146]: Disconnected from invalid user user 45.61.187.160 port 33636 [preauth]","@timestamp":"2022-09-09T06:50:10.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:16 honeypot-fra-1 sshd[26150]: Disconnected from invalid user user 141.255.162.226 port 37060 [preauth]","@timestamp":"2022-09-09T06:50:17.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:19 honeypot-fra-1 sshd[26154]: Disconnected from invalid user user 141.255.162.226 port 51844 [preauth]","@timestamp":"2022-09-09T06:50:19.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:22 honeypot-fra-1 sshd[26158]: Disconnected from invalid user user 141.255.162.226 port 38388 [preauth]","@timestamp":"2022-09-09T06:50:23.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:50:26 honeypot-fra-1 sshd[26162]: Disconnected from invalid user user 45.61.187.160 port 57274 [preauth]","@timestamp":"2022-09-09T06:50:27.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 06:57:28 honeypot-fra-1 kernel: [83581086.038294] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.254 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=2465 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T06:57:29.526Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T06:58:16.708Z","@version":"1","message":"Sep  9 06:58:16 honeypot-sgp-1 sshd[32748]: Connection closed by 110.186.40.217 port 56824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:00:42.770Z","@version":"1","message":"Sep  9 07:00:42 honeypot-sgp-1 sshd[32754]: Received disconnect from 141.255.162.226 port 45648:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:00:46.772Z","@version":"1","message":"Sep  9 07:00:45 honeypot-sgp-1 sshd[32758]: Received disconnect from 141.255.162.226 port 60550:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:01:30.791Z","@version":"1","message":"Sep  9 07:01:29 honeypot-sgp-1 kernel: [83583006.123705] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.153 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42636 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:02:59 honeypot-ams-1 sshd[3102]: Received disconnect from 61.177.172.124 port 49147:11:  [preauth]","@timestamp":"2022-09-09T07:03:00.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:07:08 honeypot-fra-1 sshd[26172]: Did not receive identification string from 188.38.244.110 port 48134","@timestamp":"2022-09-09T07:07:08.741Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T07:10:04.008Z","@version":"1","message":"Sep  9 07:10:03 honeypot-sgp-1 sshd[302]: Invalid user miguel from 46.101.220.193 port 44406","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:10:25.019Z","@version":"1","message":"Sep  9 07:10:24 honeypot-sgp-1 sshd[306]: Received disconnect from 221.193.248.166 port 46896:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:14:37 honeypot-ams-1 sshd[3111]: Invalid user user from 45.61.186.169 port 54540","@timestamp":"2022-09-09T07:14:37.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:14:55 honeypot-ams-1 sshd[3116]: Invalid user user from 45.61.186.169 port 49916","@timestamp":"2022-09-09T07:14:56.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:15:12 honeypot-ams-1 sshd[3120]: Invalid user user from 45.61.186.169 port 45284","@timestamp":"2022-09-09T07:15:13.322Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:15:28 honeypot-ams-1 sshd[3125]: Invalid user user from 45.61.186.169 port 40718","@timestamp":"2022-09-09T07:15:29.331Z"}
{"@timestamp":"2022-09-09T07:17:02.183Z","@version":"1","message":"Sep  9 07:17:01 honeypot-sgp-1 CRON[313]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:34.198Z","@version":"1","message":"Sep  9 07:17:33 honeypot-sgp-1 sshd[319]: Invalid user user from 141.255.162.226 port 34256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:40.202Z","@version":"1","message":"Sep  9 07:17:39 honeypot-sgp-1 sshd[325]: Invalid user user from 141.255.162.226 port 35864","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:17:42.203Z","@version":"1","message":"Sep  9 07:17:42 honeypot-sgp-1 sshd[331]: Connection closed by 141.255.162.226 port 43326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:19:35 honeypot-fra-1 sshd[26181]: Disconnected from invalid user jonathan1 165.22.45.108 port 52174 [preauth]","@timestamp":"2022-09-09T07:19:36.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:19:41 honeypot-ams-1 sshd[3131]: Disconnected from authenticating user root 61.177.173.39 port 31271 [preauth]","@timestamp":"2022-09-09T07:19:42.443Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:23:59 honeypot-ams-1 sshd[3140]: Invalid user user from 45.61.187.160 port 44594","@timestamp":"2022-09-09T07:24:00.556Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:08 honeypot-ams-1 sshd[3144]: Invalid user user from 45.61.187.160 port 55820","@timestamp":"2022-09-09T07:24:09.562Z"}
{"@timestamp":"2022-09-09T07:24:11.363Z","@version":"1","message":"Sep  9 07:24:10 honeypot-sgp-1 sshd[336]: Did not receive identification string from 45.61.186.169 port 37684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:25 honeypot-ams-1 sshd[3148]: Invalid user user from 45.61.187.160 port 50070","@timestamp":"2022-09-09T07:24:25.570Z"}
{"@timestamp":"2022-09-09T07:24:36.398Z","@version":"1","message":"Sep  9 07:24:35 honeypot-sgp-1 sshd[339]: Disconnected from invalid user user 45.61.186.169 port 35072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:24:41 honeypot-ams-1 sshd[3153]: Invalid user user from 45.61.187.160 port 44292","@timestamp":"2022-09-09T07:24:42.579Z"}
{"@timestamp":"2022-09-09T07:24:54.407Z","@version":"1","message":"Sep  9 07:24:53 honeypot-sgp-1 sshd[343]: Disconnected from invalid user user 45.61.186.169 port 58530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T07:25:11.415Z","@version":"1","message":"Sep  9 07:25:11 honeypot-sgp-1 sshd[347]: Disconnected from invalid user user 45.61.186.169 port 53748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:26:10 honeypot-ams-1 kernel: [83584957.530988] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57527 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:26:10.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:31:26 honeypot-ams-1 sshd[3168]: Disconnected from authenticating user root 61.177.173.48 port 15697 [preauth]","@timestamp":"2022-09-09T07:31:27.755Z"}
{"@timestamp":"2022-09-09T07:31:38.573Z","@version":"1","message":"Sep  9 07:31:37 honeypot-sgp-1 sshd[352]: Received disconnect from 20.163.60.255 port 48930:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:32:16 honeypot-fra-1 sshd[26187]: Disconnected from invalid user sounds 189.57.151.124 port 56119 [preauth]","@timestamp":"2022-09-09T07:32:17.296Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:33:41 honeypot-fra-1 sshd[26191]: Disconnected from invalid user isabelle 190.119.187.173 port 54265 [preauth]","@timestamp":"2022-09-09T07:33:42.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:35:05 honeypot-ams-1 kernel: [83585493.277374] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58702 PROTO=TCP SPT=48469 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:35:06.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:40:41 honeypot-ams-1 sshd[3187]: Disconnected from authenticating user root 61.177.173.51 port 61740 [preauth]","@timestamp":"2022-09-09T07:40:42.019Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:44:25 honeypot-ams-1 sshd[3195]: Received disconnect from 105.28.108.165 port 60700:11: Bye Bye [preauth]","@timestamp":"2022-09-09T07:44:26.119Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:44:31 honeypot-fra-1 sshd[26199]: Disconnected from authenticating user root 179.43.156.143 port 44650 [preauth]","@timestamp":"2022-09-09T07:44:31.570Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:46:22 honeypot-fra-1 sshd[26205]: Received disconnect from 179.43.156.143 port 32928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:46:22.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:47:13 honeypot-fra-1 sshd[26209]: Disconnected from invalid user jonathan 165.22.45.108 port 57120 [preauth]","@timestamp":"2022-09-09T07:47:14.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:48:15 honeypot-fra-1 sshd[26213]: Disconnected from invalid user ossuser 179.43.156.143 port 49458 [preauth]","@timestamp":"2022-09-09T07:48:15.660Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:48:57 honeypot-ams-1 sshd[3198]: Disconnected from authenticating user root 61.177.173.46 port 30297 [preauth]","@timestamp":"2022-09-09T07:48:58.240Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:50:09 honeypot-fra-1 sshd[26220]: Received disconnect from 179.43.156.143 port 37628:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:50:10.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:51:12 honeypot-ams-1 kernel: [83586460.224521] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=15936 PROTO=TCP SPT=49837 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:51:13.304Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:52:05 honeypot-fra-1 sshd[26226]: Received disconnect from 179.43.156.143 port 54114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T07:52:06.752Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T07:52:51.096Z","@version":"1","message":"Sep  9 07:52:50 honeypot-sgp-1 sshd[360]: Invalid user michael from 103.42.57.139 port 45702","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 07:54:03 honeypot-ams-1 sshd[3207]: Disconnected from authenticating user root 61.177.173.36 port 19733 [preauth]","@timestamp":"2022-09-09T07:54:04.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 07:56:58 honeypot-fra-1 kernel: [83584655.765248] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.203.225.67 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:56:58.864Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T07:57:15.203Z","@version":"1","message":"Sep  9 07:57:15 honeypot-sgp-1 sshd[364]: Invalid user silas from 89.163.178.15 port 48658","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 07:57:40 honeypot-ams-1 kernel: [83586848.156288] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=25435 DF PROTO=TCP SPT=50061 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T07:57:41.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:02:50 honeypot-fra-1 sshd[26236]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 50472: Connection corrupted [preauth]","@timestamp":"2022-09-09T08:02:50.999Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 08:02:51 honeypot-ams-1 kernel: [83587158.501595] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.92.32.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=56975 PROTO=TCP SPT=50570 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:02:51.621Z"}
{"@timestamp":"2022-09-09T08:10:05.511Z","@version":"1","message":"Sep  9 08:10:04 honeypot-sgp-1 kernel: [83587120.893884] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=32028 DF PROTO=TCP SPT=59357 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 08:13:42 honeypot-ams-1 kernel: [83587810.212504] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=40211 DF PROTO=TCP SPT=50955 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:13:43.904Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:15:59 honeypot-fra-1 sshd[26264]: Invalid user joomla from 165.22.45.108 port 33852","@timestamp":"2022-09-09T08:15:59.296Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:17:18 honeypot-fra-1 kernel: [83585875.913763] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.144 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50513 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:17:19.330Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 08:21:16 honeypot-ams-1 kernel: [83588263.363421] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4422 PROTO=TCP SPT=51164 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:21:17.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:26:10 honeypot-ams-1 sshd[3257]: Invalid user admin from 164.155.120.94 port 38844","@timestamp":"2022-09-09T08:26:11.229Z"}
{"@timestamp":"2022-09-09T08:26:17.905Z","@version":"1","message":"Sep  9 08:26:16 honeypot-sgp-1 sshd[393]: Connection closed by 45.155.126.4 port 60674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:32:33 honeypot-fra-1 sshd[26272]: Disconnected from invalid user pauli 141.94.223.98 port 48868 [preauth]","@timestamp":"2022-09-09T08:32:33.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T08:33:40.085Z","@version":"1","message":"Sep  9 08:33:39 honeypot-sgp-1 sshd[400]: Received disconnect from 143.244.158.100 port 60618:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:35:34.136Z","@version":"1","message":"Sep  9 08:35:34 honeypot-sgp-1 sshd[406]: Received disconnect from 143.244.158.100 port 44022:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:38:21.206Z","@version":"1","message":"Sep  9 08:38:20 honeypot-sgp-1 sshd[413]: Received disconnect from 143.244.158.100 port 60542:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:39:03 honeypot-ams-1 sshd[3268]: Received disconnect from 61.177.173.46 port 41895:11:  [preauth]","@timestamp":"2022-09-09T08:39:03.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:40:23 honeypot-fra-1 kernel: [83587260.555337] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.85.8 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=63271 DF PROTO=TCP SPT=60204 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:40:23.852Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T08:41:05.276Z","@version":"1","message":"Sep  9 08:41:04 honeypot-sgp-1 sshd[421]: Received disconnect from 143.244.158.100 port 43426:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:06 honeypot-ams-1 sshd[3273]: Invalid user user from 198.98.61.9 port 33332","@timestamp":"2022-09-09T08:43:06.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:21 honeypot-ams-1 sshd[3277]: Invalid user user from 198.98.61.9 port 55274","@timestamp":"2022-09-09T08:43:21.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 08:43:39 honeypot-ams-1 sshd[3281]: Invalid user user from 198.98.61.9 port 48984","@timestamp":"2022-09-09T08:43:40.684Z"}
{"@timestamp":"2022-09-09T08:43:49.345Z","@version":"1","message":"Sep  9 08:43:48 honeypot-sgp-1 sshd[429]: Received disconnect from 143.244.158.100 port 45606:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 08:44:50 honeypot-fra-1 sshd[26281]: Invalid user joomla from 165.22.45.108 port 38828","@timestamp":"2022-09-09T08:44:51.955Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 08:46:22 honeypot-ams-1 kernel: [83589769.274630] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=39534 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:46:22.752Z"}
{"@timestamp":"2022-09-09T08:46:32.414Z","@version":"1","message":"Sep  9 08:46:31 honeypot-sgp-1 sshd[437]: Received disconnect from 143.244.158.100 port 37900:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:48:21.460Z","@version":"1","message":"Sep  9 08:48:20 honeypot-sgp-1 sshd[443]: Disconnected from authenticating user root 143.244.158.100 port 40390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:50:11.510Z","@version":"1","message":"Sep  9 08:50:11 honeypot-sgp-1 sshd[447]: Received disconnect from 143.244.158.100 port 41768:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:52:37.572Z","@version":"1","message":"Sep  9 08:52:37 honeypot-sgp-1 sshd[454]: Invalid user network from 45.134.173.95 port 54378","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:52:57.583Z","@version":"1","message":"Sep  9 08:52:57 honeypot-sgp-1 sshd[458]: Disconnected from authenticating user root 174.138.24.231 port 53912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 08:54:29 honeypot-ams-1 kernel: [83590256.282856] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.58.107.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=38934 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T08:54:29.959Z"}
{"@timestamp":"2022-09-09T08:55:36.650Z","@version":"1","message":"Sep  9 08:55:35 honeypot-sgp-1 sshd[465]: Received disconnect from 143.244.158.100 port 56374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T08:58:27.722Z","@version":"1","message":"Sep  9 08:58:27 honeypot-sgp-1 sshd[471]: Received disconnect from 143.244.158.100 port 48464:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:00:04 honeypot-ams-1 sshd[3296]: Disconnected from invalid user prueba 150.136.65.184 port 59954 [preauth]","@timestamp":"2022-09-09T09:00:05.103Z"}
{"@timestamp":"2022-09-09T09:01:15.792Z","@version":"1","message":"Sep  9 09:01:15 honeypot-sgp-1 sshd[478]: Received disconnect from 143.244.158.100 port 47170:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:03:16.843Z","@version":"1","message":"Sep  9 09:03:16 honeypot-sgp-1 kernel: [83590312.450481] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=10702 PROTO=TCP SPT=54003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 09:03:18 honeypot-ams-1 kernel: [83590785.883263] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.8.136.104 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=28215 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:03:19.194Z"}
{"@timestamp":"2022-09-09T09:05:50.907Z","@version":"1","message":"Sep  9 09:05:50 honeypot-sgp-1 sshd[490]: Disconnected from authenticating user root 143.244.158.100 port 48614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:07:51 honeypot-fra-1 sshd[26287]: Did not receive identification string from 1.12.56.127 port 23256","@timestamp":"2022-09-09T09:07:52.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T09:08:34.975Z","@version":"1","message":"Sep  9 09:08:34 honeypot-sgp-1 sshd[498]: Received disconnect from 143.244.158.100 port 44170:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:09:35 honeypot-fra-1 sshd[26303]: Received disconnect from 45.61.186.169 port 46482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:09:36.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:09:52 honeypot-fra-1 sshd[26307]: Received disconnect from 45.61.186.169 port 41402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:09:53.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:10:08 honeypot-fra-1 sshd[26312]: Received disconnect from 45.61.186.169 port 36318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:10:09.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T09:11:24.042Z","@version":"1","message":"Sep  9 09:11:23 honeypot-sgp-1 sshd[505]: Received disconnect from 143.244.158.100 port 49222:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:13:35 honeypot-fra-1 sshd[26318]: Received disconnect from 165.22.45.108 port 43784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:13:35.603Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:13:43 honeypot-ams-1 sshd[3311]: Received disconnect from 61.177.173.39 port 32246:11:  [preauth]","@timestamp":"2022-09-09T09:13:44.464Z"}
{"@timestamp":"2022-09-09T09:14:12.110Z","@version":"1","message":"Sep  9 09:14:11 honeypot-sgp-1 sshd[511]: Received disconnect from 143.244.158.100 port 44450:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:16:55.175Z","@version":"1","message":"Sep  9 09:16:54 honeypot-sgp-1 sshd[518]: Received disconnect from 143.244.158.100 port 35940:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:17:01 honeypot-ams-1 CRON[3316]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T09:17:01.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:17:22 honeypot-ams-1 sshd[3321]: Disconnected from invalid user admin 80.76.51.43 port 54924 [preauth]","@timestamp":"2022-09-09T09:17:23.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:18:06 honeypot-ams-1 sshd[3328]: Received disconnect from 80.76.51.43 port 45810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T09:18:07.592Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 09:18:36 honeypot-ams-1 kernel: [83591704.003291] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.113.152.46 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=57960 PROTO=TCP SPT=44223 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:18:37.608Z"}
{"@timestamp":"2022-09-09T09:18:46.222Z","@version":"1","message":"Sep  9 09:18:45 honeypot-sgp-1 sshd[525]: Received disconnect from 143.244.158.100 port 35158:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:19:16 honeypot-ams-1 sshd[3338]: Disconnected from authenticating user root 80.76.51.43 port 39782 [preauth]","@timestamp":"2022-09-09T09:19:16.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:19:58 honeypot-ams-1 sshd[3344]: Invalid user git from 80.76.51.43 port 58776","@timestamp":"2022-09-09T09:19:58.651Z"}
{"@timestamp":"2022-09-09T09:21:32.289Z","@version":"1","message":"Sep  9 09:21:31 honeypot-sgp-1 kernel: [83591407.783123] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=39088 DF PROTO=TCP SPT=60434 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:22:25 honeypot-fra-1 kernel: [83589783.017274] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.108 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=48633 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:22:26.806Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:24:59 honeypot-ams-1 sshd[3349]: Disconnected from authenticating user root 61.177.173.47 port 42774 [preauth]","@timestamp":"2022-09-09T09:25:00.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:24 honeypot-ams-1 sshd[3355]: Received disconnect from 88.149.195.109 port 45360:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:24.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:25 honeypot-ams-1 sshd[3361]: Received disconnect from 88.149.195.109 port 45446:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:25.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:26 honeypot-ams-1 sshd[3367]: Received disconnect from 88.149.195.109 port 45538:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:26.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:27 honeypot-ams-1 sshd[3373]: Received disconnect from 88.149.195.109 port 45610:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:27.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:28 honeypot-ams-1 sshd[3379]: Received disconnect from 88.149.195.109 port 45686:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:29.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:30 honeypot-ams-1 sshd[3385]: Received disconnect from 88.149.195.109 port 45752:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:30.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:31 honeypot-ams-1 sshd[3391]: Received disconnect from 88.149.195.109 port 45844:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:31.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:32 honeypot-ams-1 sshd[3397]: Received disconnect from 88.149.195.109 port 45926:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:32.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:33 honeypot-ams-1 sshd[3403]: Received disconnect from 88.149.195.109 port 46002:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:33.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:34 honeypot-ams-1 sshd[3409]: Received disconnect from 88.149.195.109 port 46048:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:34.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:35 honeypot-ams-1 sshd[3415]: Received disconnect from 88.149.195.109 port 46126:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:35.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:36 honeypot-ams-1 sshd[3421]: Received disconnect from 88.149.195.109 port 46206:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:36.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:37 honeypot-ams-1 sshd[3425]: Received disconnect from 88.149.195.109 port 46250:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:37.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:38 honeypot-ams-1 sshd[3429]: Received disconnect from 88.149.195.109 port 46310:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:38.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:38 honeypot-ams-1 sshd[3433]: Received disconnect from 88.149.195.109 port 46370:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:39.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:39 honeypot-ams-1 sshd[3437]: Received disconnect from 88.149.195.109 port 46410:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:39.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:40 honeypot-ams-1 sshd[3441]: Received disconnect from 88.149.195.109 port 46440:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:25:40.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:41 honeypot-ams-1 sshd[3445]: Disconnected from authenticating user root 88.149.195.109 port 46510 [preauth]","@timestamp":"2022-09-09T09:25:41.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:43 honeypot-ams-1 sshd[3451]: Invalid user pi from 88.149.195.109 port 46636","@timestamp":"2022-09-09T09:25:43.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:44 honeypot-ams-1 sshd[3455]: Invalid user ethos from 88.149.195.109 port 46676","@timestamp":"2022-09-09T09:25:44.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:45 honeypot-ams-1 sshd[3459]: Invalid user miner from 88.149.195.109 port 46748","@timestamp":"2022-09-09T09:25:45.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:46 honeypot-ams-1 sshd[3463]: Invalid user volumio from 88.149.195.109 port 46810","@timestamp":"2022-09-09T09:25:46.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:46 honeypot-ams-1 sshd[3467]: Invalid user nagios from 88.149.195.109 port 46856","@timestamp":"2022-09-09T09:25:47.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:47 honeypot-ams-1 sshd[3471]: Invalid user vagrant from 88.149.195.109 port 46912","@timestamp":"2022-09-09T09:25:47.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:48 honeypot-ams-1 sshd[3475]: Invalid user debian from 88.149.195.109 port 46960","@timestamp":"2022-09-09T09:25:48.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:49 honeypot-ams-1 sshd[3479]: Invalid user debian from 88.149.195.109 port 47016","@timestamp":"2022-09-09T09:25:49.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:50 honeypot-ams-1 sshd[3483]: Invalid user alarm from 88.149.195.109 port 47062","@timestamp":"2022-09-09T09:25:50.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:50 honeypot-ams-1 sshd[3487]: Invalid user test from 88.149.195.109 port 47108","@timestamp":"2022-09-09T09:25:50.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:25:51 honeypot-ams-1 sshd[3491]: Invalid user cirros from 88.149.195.109 port 47158","@timestamp":"2022-09-09T09:25:51.815Z"}
{"@timestamp":"2022-09-09T09:26:32.411Z","@version":"1","message":"Sep  9 09:26:32 honeypot-sgp-1 sshd[534]: Invalid user nieto from 59.3.76.218 port 54694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:27:57.447Z","@version":"1","message":"Sep  9 09:27:57 honeypot-sgp-1 sshd[539]: Received disconnect from 82.200.65.218 port 36516:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:31:22.528Z","@version":"1","message":"Sep  9 09:31:21 honeypot-sgp-1 sshd[543]: Disconnected from authenticating user root 167.172.253.42 port 60928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:12 honeypot-fra-1 sshd[26330]: Disconnected from invalid user user 141.255.162.226 port 34830 [preauth]","@timestamp":"2022-09-09T09:33:13.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:16 honeypot-fra-1 sshd[26334]: Disconnected from invalid user user 141.255.162.226 port 60260 [preauth]","@timestamp":"2022-09-09T09:33:17.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:20 honeypot-fra-1 sshd[26338]: Disconnected from invalid user user 141.255.162.226 port 40504 [preauth]","@timestamp":"2022-09-09T09:33:21.061Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:33:21 honeypot-fra-1 sshd[26342]: Disconnected from invalid user user 141.255.162.226 port 57456 [preauth]","@timestamp":"2022-09-09T09:33:22.061Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:33:33 honeypot-ams-1 sshd[3503]: Disconnected from invalid user admin 210.12.42.18 port 7166 [preauth]","@timestamp":"2022-09-09T09:33:34.013Z"}
{"@timestamp":"2022-09-09T09:41:59.781Z","@version":"1","message":"Sep  9 09:41:59 honeypot-sgp-1 kernel: [83592635.481557] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.176 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=53616 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:42:10 honeypot-fra-1 sshd[26347]: Disconnected from invalid user jordan23 165.22.45.108 port 50102 [preauth]","@timestamp":"2022-09-09T09:42:11.271Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 09:43:07 honeypot-ams-1 kernel: [83593174.875765] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=27274 DF PROTO=TCP SPT=55665 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:43:08.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:46:11 honeypot-ams-1 sshd[3518]: Received disconnect from 161.35.131.133 port 48518:11: Bye Bye [preauth]","@timestamp":"2022-09-09T09:46:12.352Z"}
{"@timestamp":"2022-09-09T09:47:18.911Z","@version":"1","message":"Sep  9 09:47:18 honeypot-sgp-1 sshd[561]: Connection closed by 81.170.114.23 port 53211 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T09:51:33.015Z","@version":"1","message":"Sep  9 09:51:32 honeypot-sgp-1 kernel: [83593208.151611] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.8 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48907 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 09:58:02 honeypot-ams-1 sshd[3527]: Invalid user  from 64.62.197.137 port 20630","@timestamp":"2022-09-09T09:58:03.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 09:59:05 honeypot-fra-1 kernel: [83591982.838861] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.204 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=16954 PROTO=TCP SPT=47648 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:59:06.719Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T09:59:44.218Z","@version":"1","message":"Sep  9 09:59:43 honeypot-sgp-1 kernel: [83593699.818799] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.196.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37629 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 09:59:47 honeypot-ams-1 kernel: [83594174.357156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=63828 DF PROTO=TCP SPT=56578 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T09:59:47.711Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:03:53 honeypot-ams-1 kernel: [83594420.565376] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=50923 PROTO=TCP SPT=48227 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:03:53.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:10:45 honeypot-fra-1 sshd[26358]: Disconnected from invalid user Jordan 165.22.45.108 port 55052 [preauth]","@timestamp":"2022-09-09T10:10:45.982Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:16:42.625Z","@version":"1","message":"Sep  9 10:16:42 honeypot-sgp-1 sshd[572]: Received disconnect from 1.224.37.98 port 48396:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:17:01 honeypot-ams-1 CRON[3540]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T10:17:02.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:19:33 honeypot-fra-1 sshd[26365]: Invalid user user from 45.61.186.49 port 60682","@timestamp":"2022-09-09T10:19:34.182Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:19:41 honeypot-fra-1 sshd[26369]: Invalid user user from 45.61.186.49 port 43668","@timestamp":"2022-09-09T10:19:42.187Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:20:10.713Z","@version":"1","message":"Sep  9 10:20:09 honeypot-sgp-1 sshd[578]: Received disconnect from 45.61.186.169 port 34510:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:20:29.723Z","@version":"1","message":"Sep  9 10:20:29 honeypot-sgp-1 sshd[582]: Received disconnect from 45.61.186.169 port 58004:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:20:46.732Z","@version":"1","message":"Sep  9 10:20:45 honeypot-sgp-1 sshd[586]: Received disconnect from 45.61.186.169 port 53300:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:21:02.740Z","@version":"1","message":"Sep  9 10:21:01 honeypot-sgp-1 sshd[590]: Received disconnect from 45.61.186.169 port 48606:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:22:07.770Z","@version":"1","message":"Sep  9 10:22:07 honeypot-sgp-1 sshd[596]: Invalid user user from 45.61.187.160 port 38202","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:22:25.779Z","@version":"1","message":"Sep  9 10:22:24 honeypot-sgp-1 sshd[600]: Invalid user user from 45.61.187.160 port 33196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:22:29 honeypot-fra-1 sshd[26374]: Connection closed by 43.129.219.189 port 50262 [preauth]","@timestamp":"2022-09-09T10:22:29.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:22:41.787Z","@version":"1","message":"Sep  9 10:22:41 honeypot-sgp-1 sshd[604]: Invalid user user from 45.61.187.160 port 56430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:22:58 honeypot-fra-1 sshd[26379]: Received disconnect from 45.61.186.249 port 53876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T10:22:58.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:23:17 honeypot-fra-1 sshd[26383]: Received disconnect from 45.61.186.249 port 48472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T10:23:18.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:23:36 honeypot-fra-1 sshd[26387]: Received disconnect from 45.61.186.249 port 43068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T10:23:37.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:25:06.847Z","@version":"1","message":"Sep  9 10:25:06 honeypot-sgp-1 kernel: [83595222.662128] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.255.98.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12581 PROTO=TCP SPT=52627 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:26:53 honeypot-fra-1 sshd[26391]: Disconnected from authenticating user root 129.146.57.206 port 12431 [preauth]","@timestamp":"2022-09-09T10:26:54.357Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:36:14.115Z","@version":"1","message":"Sep  9 10:36:13 honeypot-sgp-1 kernel: [83595889.466276] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.176.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=12515 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:36:44 honeypot-ams-1 kernel: [83596391.390156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=20931 PROTO=TCP SPT=18549 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:36:44.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:39:34 honeypot-fra-1 sshd[26397]: Disconnected from invalid user jorim 165.22.45.108 port 59992 [preauth]","@timestamp":"2022-09-09T10:39:34.664Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:29 honeypot-ams-1 sshd[3554]: Invalid user user from 198.98.61.9 port 42944","@timestamp":"2022-09-09T10:43:29.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:45 honeypot-ams-1 sshd[3558]: Invalid user user from 198.98.61.9 port 37498","@timestamp":"2022-09-09T10:43:45.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 10:43:59 honeypot-ams-1 sshd[3562]: Invalid user user from 198.98.61.9 port 60292","@timestamp":"2022-09-09T10:43:59.875Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 10:45:41 honeypot-ams-1 kernel: [83596928.665662] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38278 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T10:45:41.919Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 10:47:28 honeypot-fra-1 sshd[26402]: Invalid user admin from 193.106.191.157 port 52790","@timestamp":"2022-09-09T10:47:28.843Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T10:49:40.441Z","@version":"1","message":"Sep  9 10:49:40 honeypot-sgp-1 sshd[615]: Disconnected from authenticating user root 140.238.122.212 port 16426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:56:42.641Z","@version":"1","message":"Sep  9 10:56:41 honeypot-sgp-1 sshd[629]: Received disconnect from 62.84.124.238 port 34446:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T10:57:51.671Z","@version":"1","message":"Sep  9 10:57:51 honeypot-sgp-1 kernel: [83597187.479423] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=30966 DF PROTO=TCP SPT=31990 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:02:40 honeypot-ams-1 kernel: [83597948.063133] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34382 PROTO=TCP SPT=53110 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:02:41.351Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:09:32 honeypot-fra-1 sshd[26407]: Received disconnect from 165.22.45.108 port 36748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T11:09:33.321Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:09:37.960Z","@version":"1","message":"Sep  9 11:09:36 honeypot-sgp-1 sshd[641]: Received disconnect from 142.93.65.9 port 47546:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:14:56.090Z","@version":"1","message":"Sep  9 11:14:55 honeypot-sgp-1 sshd[647]: Disconnected from authenticating user root 103.9.36.251 port 33255 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:17:00 honeypot-ams-1 kernel: [83598807.366909] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.17 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=51970 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:17:00.722Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:17:01 honeypot-fra-1 CRON[26412]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T11:17:02.481Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:17:34.159Z","@version":"1","message":"Sep  9 11:17:33 honeypot-sgp-1 sshd[655]: Received disconnect from 43.225.53.39 port 38870:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:18:03 honeypot-ams-1 kernel: [83598870.939939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.171 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=64784 DF PROTO=TCP SPT=60607 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:18:04.754Z"}
{"@timestamp":"2022-09-09T11:18:25.182Z","@version":"1","message":"Sep  9 11:18:24 honeypot-sgp-1 sshd[659]: Disconnected from invalid user jill 201.17.133.138 port 57252 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:21:38.263Z","@version":"1","message":"Sep  9 11:21:37 honeypot-sgp-1 sshd[665]: Disconnected from authenticating user root 103.9.36.251 port 58722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:24:37.340Z","@version":"1","message":"Sep  9 11:24:36 honeypot-sgp-1 sshd[670]: Disconnected from authenticating user root 103.9.36.251 port 23707 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:29:53.487Z","@version":"1","message":"Sep  9 11:29:53 honeypot-sgp-1 sshd[677]: Disconnected from authenticating user root 103.9.36.251 port 27693 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:30:26 honeypot-fra-1 kernel: [83597462.877955] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=59522 PROTO=TCP SPT=43003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:30:26.765Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:30:27 honeypot-ams-1 kernel: [83599614.504908] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=19388 PROTO=TCP SPT=43003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:30:28.082Z"}
{"@timestamp":"2022-09-09T11:35:54.633Z","@version":"1","message":"Sep  9 11:35:53 honeypot-sgp-1 kernel: [83599469.711938] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.246.105.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=11903 DF PROTO=TCP SPT=54137 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 11:35:56 honeypot-ams-1 kernel: [83599943.791519] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.50 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39564 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:35:57.230Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:40:44 honeypot-fra-1 sshd[26428]: Connection closed by invalid user pi 46.198.170.74 port 47958 [preauth]","@timestamp":"2022-09-09T11:40:45.016Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T11:40:59.759Z","@version":"1","message":"Sep  9 11:40:59 honeypot-sgp-1 sshd[687]: Disconnected from authenticating user root 103.9.36.251 port 14187 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:44:35.848Z","@version":"1","message":"Sep  9 11:44:35 honeypot-sgp-1 sshd[691]: Disconnected from authenticating user root 103.9.36.251 port 53190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T11:46:56.908Z","@version":"1","message":"Sep  9 11:46:56 honeypot-sgp-1 sshd[696]: Received disconnect from 20.212.61.4 port 54212:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:48:48 honeypot-fra-1 kernel: [83598565.638188] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.175.130.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60872 PROTO=TCP SPT=43636 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:48:49.203Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:48:48 honeypot-ams-1 sshd[3591]: Received disconnect from 81.182.254.124 port 54872:11: Bye Bye [preauth]","@timestamp":"2022-09-09T11:48:49.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 11:52:01 honeypot-ams-1 sshd[3595]: Disconnected from invalid user manesar 35.224.2.98 port 60242 [preauth]","@timestamp":"2022-09-09T11:52:02.647Z"}
{"@timestamp":"2022-09-09T11:56:02.133Z","@version":"1","message":"Sep  9 11:56:02 honeypot-sgp-1 sshd[703]: Received disconnect from 103.9.36.251 port 57201:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 11:57:50 honeypot-fra-1 kernel: [83599106.998565] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.155.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57954 PROTO=TCP SPT=40494 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T11:57:50.413Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T11:59:58.231Z","@version":"1","message":"Sep  9 11:59:57 honeypot-sgp-1 sshd[707]: Disconnected from authenticating user root 103.9.36.251 port 39706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:04:46 honeypot-ams-1 sshd[3601]: Received disconnect from 134.209.102.211 port 55770:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:04:46.989Z"}
{"@timestamp":"2022-09-09T12:07:29.419Z","@version":"1","message":"Sep  9 12:07:29 honeypot-sgp-1 sshd[712]: Received disconnect from 220.130.164.120 port 46796:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:08:33 honeypot-fra-1 kernel: [83599749.922926] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=32678 PROTO=TCP SPT=44803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:08:33.664Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T12:09:22.469Z","@version":"1","message":"Sep  9 12:09:21 honeypot-sgp-1 sshd[719]: Did not receive identification string from 20.127.147.232 port 50446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T12:13:51.578Z","@version":"1","message":"Sep  9 12:13:51 honeypot-sgp-1 sshd[722]: Disconnected from invalid user oi 139.59.176.155 port 59972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:17:01 honeypot-ams-1 CRON[3605]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T12:17:01.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:17:01 honeypot-fra-1 CRON[26445]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T12:17:02.865Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:18:05.685Z","@version":"1","message":"Sep  9 12:18:05 honeypot-sgp-1 sshd[730]: Disconnected from authenticating user root 103.9.36.251 port 26227 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T12:23:40.825Z","@version":"1","message":"Sep  9 12:23:40 honeypot-sgp-1 sshd[735]: Disconnected from authenticating user root 103.9.36.251 port 65236 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:26:51 honeypot-ams-1 kernel: [83602998.961457] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=190.225.26.208 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15533 PROTO=TCP SPT=3394 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:26:52.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:29:54 honeypot-ams-1 sshd[3617]: Invalid user antivirus from 187.230.177.3 port 38234","@timestamp":"2022-09-09T12:29:54.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:31:08 honeypot-fra-1 kernel: [83601104.761540] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.107 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=47883 PROTO=TCP SPT=15849 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:31:08.201Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:32:50 honeypot-ams-1 kernel: [83603357.912838] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.215.79.30 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=13558 DF PROTO=TCP SPT=42067 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:32:51.743Z"}
{"@timestamp":"2022-09-09T12:36:17.135Z","@version":"1","message":"Sep  9 12:36:16 honeypot-sgp-1 kernel: [83603092.100803] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=260 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 12:36:18 honeypot-ams-1 sshd[3621]: Connection closed by 45.155.126.4 port 54298 [preauth]","@timestamp":"2022-09-09T12:36:18.837Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:37:05 honeypot-fra-1 sshd[26455]: Disconnected from invalid user elizabeth 114.7.195.180 port 34234 [preauth]","@timestamp":"2022-09-09T12:37:05.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:00 honeypot-fra-1 sshd[26460]: Invalid user user from 141.255.162.226 port 48908","@timestamp":"2022-09-09T12:38:01.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:02 honeypot-fra-1 sshd[26464]: Invalid user user from 141.255.162.226 port 35036","@timestamp":"2022-09-09T12:38:03.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:38:06 honeypot-fra-1 sshd[26468]: Invalid user user from 141.255.162.226 port 49398","@timestamp":"2022-09-09T12:38:07.410Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:39:12.207Z","@version":"1","message":"Sep  9 12:39:12 honeypot-sgp-1 sshd[746]: Disconnected from invalid user yongil 131.0.247.13 port 50482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:41:58 honeypot-fra-1 sshd[26473]: Invalid user br from 20.232.175.215 port 45236","@timestamp":"2022-09-09T12:41:59.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 12:43:23 honeypot-ams-1 kernel: [83603990.740277] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=46960 PROTO=TCP SPT=47275 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T12:43:24.019Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:44:09 honeypot-fra-1 sshd[26477]: Did not receive identification string from 45.61.186.249 port 33668","@timestamp":"2022-09-09T12:44:09.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:44:53 honeypot-fra-1 sshd[26482]: Disconnected from invalid user user 45.61.186.249 port 46164 [preauth]","@timestamp":"2022-09-09T12:44:53.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:11 honeypot-fra-1 sshd[26488]: Invalid user user from 45.61.186.249 port 40928","@timestamp":"2022-09-09T12:45:11.593Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:45:24.362Z","@version":"1","message":"Sep  9 12:45:23 honeypot-sgp-1 kernel: [83603639.751866] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.248.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13101 PROTO=TCP SPT=35732 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:28 honeypot-fra-1 sshd[26492]: Invalid user user from 45.61.186.249 port 35742","@timestamp":"2022-09-09T12:45:28.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:45:51 honeypot-fra-1 sshd[26496]: Invalid user 3.141.127.192 from 115.236.8.253 port 35960","@timestamp":"2022-09-09T12:45:52.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:46:45 honeypot-fra-1 sshd[26500]: Invalid user shearer from 187.106.203.217 port 48642","@timestamp":"2022-09-09T12:46:45.634Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:50:31 honeypot-fra-1 sshd[26505]: Received disconnect from 51.250.5.16 port 36026:11: Bye Bye [preauth]","@timestamp":"2022-09-09T12:50:32.723Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T12:51:06.503Z","@version":"1","message":"Sep  9 12:51:05 honeypot-sgp-1 kernel: [83603981.754212] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59038 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 12:55:09 honeypot-fra-1 sshd[26512]: Invalid user sobalanka from 141.98.10.158 port 46004","@timestamp":"2022-09-09T12:55:09.828Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:01:36.757Z","@version":"1","message":"Sep  9 13:01:36 honeypot-sgp-1 sshd[764]: Received disconnect from 159.223.65.243 port 44232:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T13:05:24.851Z","@version":"1","message":"Sep  9 13:05:24 honeypot-sgp-1 sshd[768]: Disconnected from authenticating user root 103.9.36.251 port 16835 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:05:40 honeypot-ams-1 sshd[3631]: Did not receive identification string from 80.76.51.43 port 56174","@timestamp":"2022-09-09T13:05:40.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:06:26 honeypot-ams-1 sshd[3636]: Invalid user test from 80.76.51.43 port 46360","@timestamp":"2022-09-09T13:06:27.626Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:06:55 honeypot-ams-1 sshd[3640]: Disconnected from authenticating user root 80.76.51.43 port 50894 [preauth]","@timestamp":"2022-09-09T13:06:56.641Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:07:04 honeypot-fra-1 sshd[26517]: Invalid user phpbb2 from 124.109.61.121 port 50752","@timestamp":"2022-09-09T13:07:05.096Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:07:38 honeypot-ams-1 sshd[3646]: Disconnected from authenticating user root 80.76.51.43 port 43786 [preauth]","@timestamp":"2022-09-09T13:07:38.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:07:52 honeypot-ams-1 sshd[3650]: Disconnected from authenticating user root 80.76.51.43 port 60352 [preauth]","@timestamp":"2022-09-09T13:07:52.672Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:08:35 honeypot-ams-1 sshd[3657]: Received disconnect from 80.76.51.43 port 53180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:08:35.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:09:41 honeypot-fra-1 sshd[26522]: Disconnected from 161.35.113.79 port 59900 [preauth]","@timestamp":"2022-09-09T13:09:42.156Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:10:12 honeypot-ams-1 sshd[3663]: Invalid user jose from 51.250.90.116 port 57658","@timestamp":"2022-09-09T13:10:13.743Z"}
{"@timestamp":"2022-09-09T13:12:23.022Z","@version":"1","message":"Sep  9 13:12:22 honeypot-sgp-1 sshd[774]: Disconnected from authenticating user root 211.253.24.250 port 36349 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:14:32 honeypot-ams-1 sshd[3667]: Received disconnect from 45.61.186.169 port 43646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T13:14:32.860Z"}
{"@timestamp":"2022-09-09T13:14:41.079Z","@version":"1","message":"Sep  9 13:14:41 honeypot-sgp-1 sshd[779]: Disconnected from authenticating user root 103.9.36.251 port 55862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:14:49 honeypot-ams-1 sshd[3671]: Invalid user user from 45.61.186.169 port 38628","@timestamp":"2022-09-09T13:14:49.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:15:06 honeypot-ams-1 sshd[3675]: Invalid user user from 45.61.186.169 port 33604","@timestamp":"2022-09-09T13:15:06.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:15:22 honeypot-ams-1 sshd[3679]: Invalid user user from 45.61.186.169 port 56810","@timestamp":"2022-09-09T13:15:22.888Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:15:24 honeypot-fra-1 kernel: [83603761.417179] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.203.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60008 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:15:25.284Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T13:16:33.127Z","@version":"1","message":"Sep  9 13:16:33 honeypot-sgp-1 sshd[783]: Received disconnect from 139.59.231.14 port 48900:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:20:43 honeypot-ams-1 sshd[3685]: Invalid user metser from 79.60.237.168 port 49688","@timestamp":"2022-09-09T13:20:44.031Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 13:23:13 honeypot-ams-1 kernel: [83606380.123419] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39683 PROTO=TCP SPT=49439 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:23:13.097Z"}
{"@timestamp":"2022-09-09T13:23:28.297Z","@version":"1","message":"Sep  9 13:23:27 honeypot-sgp-1 kernel: [83605923.567154] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=47.243.233.244 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=44523 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:23:43 honeypot-ams-1 sshd[3691]: Received disconnect from 118.26.110.160 port 43784:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:23:44.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:24:46 honeypot-fra-1 kernel: [83604322.657281] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.246 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=9520 PROTO=TCP SPT=37121 DPT=3389 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:24:46.498Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:24:50 honeypot-ams-1 sshd[3695]: Connection closed by invalid user admin 193.106.191.157 port 37842 [preauth]","@timestamp":"2022-09-09T13:24:50.149Z"}
{"@timestamp":"2022-09-09T13:32:13.504Z","@version":"1","message":"Sep  9 13:32:12 honeypot-sgp-1 kernel: [83606448.385566] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.104 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54480 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:38:10 honeypot-fra-1 kernel: [83605126.906164] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=189.172.193.244 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=42766 DF PROTO=TCP SPT=54150 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T13:38:10.796Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T13:43:03.773Z","@version":"1","message":"Sep  9 13:43:03 honeypot-sgp-1 sshd[802]: Connection closed by invalid user caobin 167.71.231.98 port 37322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T13:50:28.986Z","@version":"1","message":"Sep  9 13:50:28 honeypot-sgp-1 kernel: [83607544.082653] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.32.219.9 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=53344 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:54:31 honeypot-ams-1 sshd[3702]: Received disconnect from 182.23.63.23 port 40682:11: Bye Bye [preauth]","@timestamp":"2022-09-09T13:54:31.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26541]: Did not receive identification string from 212.87.251.118 port 58070","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26553]: Invalid user esuser from 212.87.251.118 port 59066","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26548]: Invalid user www from 212.87.251.118 port 59048","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26543]: Invalid user web from 212.87.251.118 port 59034","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26558]: Connection closed by invalid user git 212.87.251.118 port 59092 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26542]: Connection closed by invalid user steam 212.87.251.118 port 59020 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26543]: Connection closed by invalid user web 212.87.251.118 port 59034 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26568]: Connection closed by invalid user hadoop 212.87.251.118 port 59130 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:19 honeypot-fra-1 sshd[26567]: Invalid user admin from 212.87.251.118 port 59120","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:56:20 honeypot-fra-1 sshd[26567]: Connection closed by invalid user admin 212.87.251.118 port 59120 [preauth]","@timestamp":"2022-09-09T13:56:20.196Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T13:56:47.141Z","@version":"1","message":"Sep  9 13:56:46 honeypot-sgp-1 sshd[816]: Disconnected from authenticating user root 130.162.135.31 port 56414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:58:35 honeypot-ams-1 sshd[3708]: Disconnected from authenticating user root 223.197.151.55 port 36309 [preauth]","@timestamp":"2022-09-09T13:58:35.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 13:58:55 honeypot-fra-1 sshd[26600]: Disconnected from invalid user okachi 137.184.40.32 port 36136 [preauth]","@timestamp":"2022-09-09T13:58:56.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 13:59:53 honeypot-ams-1 sshd[3712]: Disconnected from invalid user savannah 148.153.110.76 port 51234 [preauth]","@timestamp":"2022-09-09T13:59:54.069Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 14:12:47 honeypot-ams-1 kernel: [83609354.209521] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.85.113.214 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=30831 DF PROTO=TCP SPT=38187 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:12:47.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:17:37 honeypot-ams-1 sshd[3727]: Received disconnect from 147.182.211.89 port 54910:11: Bye Bye [preauth]","@timestamp":"2022-09-09T14:17:37.542Z"}
{"@timestamp":"2022-09-09T14:18:31.687Z","@version":"1","message":"Sep  9 14:18:31 honeypot-sgp-1 sshd[822]: Received disconnect from 92.255.85.70 port 56974:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:19:25 honeypot-fra-1 sshd[26608]: Received disconnect from 165.22.45.108 port 40054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T14:19:25.697Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:28:44 honeypot-fra-1 sshd[26614]: Did not receive identification string from 198.98.61.9 port 49606","@timestamp":"2022-09-09T14:28:44.902Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:28:50 honeypot-ams-1 sshd[3735]: Received disconnect from 190.192.207.223 port 34356:11: Bye Bye [preauth]","@timestamp":"2022-09-09T14:28:50.835Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:08 honeypot-fra-1 sshd[26619]: Received disconnect from 198.98.61.9 port 39948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T14:29:08.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:26 honeypot-fra-1 sshd[26623]: Invalid user user from 198.98.61.9 port 34522","@timestamp":"2022-09-09T14:29:26.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:42 honeypot-fra-1 sshd[26627]: Invalid user user from 198.98.61.9 port 57310","@timestamp":"2022-09-09T14:29:42.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:29:53 honeypot-fra-1 sshd[26629]: Disconnected from invalid user user 198.98.61.9 port 40476 [preauth]","@timestamp":"2022-09-09T14:29:53.934Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 14:32:35 honeypot-ams-1 sshd[3740]: Received disconnect from 83.229.115.152 port 52076:11: Bye Bye [preauth]","@timestamp":"2022-09-09T14:32:35.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:35:12 honeypot-fra-1 sshd[26636]: Disconnected from 194.26.228.174 port 48628 [preauth]","@timestamp":"2022-09-09T14:35:13.046Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T14:35:23.119Z","@version":"1","message":"Sep  9 14:35:22 honeypot-sgp-1 kernel: [83610238.390182] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=26141 DF PROTO=TCP SPT=27165 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 14:36:21 honeypot-ams-1 kernel: [83610768.299079] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=37706 PROTO=TCP SPT=53782 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:36:22.040Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:44:21 honeypot-fra-1 sshd[26650]: Connection closed by invalid user ZXDSL 101.33.218.153 port 55456 [preauth]","@timestamp":"2022-09-09T14:44:22.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:20 honeypot-fra-1 sshd[26677]: Invalid user ubuntu from 20.243.201.105 port 50278","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26696]: Invalid user vagrant from 20.243.201.105 port 50308","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26681]: Invalid user opc from 20.243.201.105 port 50284","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26695]: Invalid user testuser from 20.243.201.105 port 50336","@timestamp":"2022-09-09T14:46:21.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26688]: Invalid user ftpuser from 20.243.201.105 port 50296","@timestamp":"2022-09-09T14:46:22.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26686]: Connection closed by invalid user elasticsearch 20.243.201.105 port 50300 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26682]: Connection closed by invalid user mysql 20.243.201.105 port 50288 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26672]: Connection closed by invalid user web 20.243.201.105 port 50258 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:46:21 honeypot-fra-1 sshd[26689]: Connection closed by invalid user mysql 20.243.201.105 port 50282 [preauth]","@timestamp":"2022-09-09T14:46:22.281Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 14:47:24 honeypot-ams-1 kernel: [83611431.079261] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.215.168.206 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=53247 PROTO=TCP SPT=51590 DPT=80 WINDOW=1024 RES=0x00 RST URGP=0 ","@timestamp":"2022-09-09T14:47:24.320Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:47:52 honeypot-fra-1 sshd[26728]: Disconnected from authenticating user root 92.255.85.70 port 59116 [preauth]","@timestamp":"2022-09-09T14:47:53.315Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T14:51:11.521Z","@version":"1","message":"Sep  9 14:51:11 honeypot-sgp-1 sshd[835]: Received disconnect from 165.22.42.39 port 42444:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:54:17.599Z","@version":"1","message":"Sep  9 14:54:17 honeypot-sgp-1 sshd[841]: Received disconnect from 165.22.42.39 port 54818:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:55:23.628Z","@version":"1","message":"Sep  9 14:55:22 honeypot-sgp-1 kernel: [83611438.671874] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.82 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=57594 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T14:58:06.695Z","@version":"1","message":"Sep  9 14:58:05 honeypot-sgp-1 sshd[852]: Disconnected from authenticating user root 165.22.42.39 port 52504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 14:58:54 honeypot-fra-1 kernel: [83609970.717604] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=111.251.218.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=64399 DF PROTO=TCP SPT=39002 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T14:58:54.571Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T14:59:58.743Z","@version":"1","message":"Sep  9 14:59:58 honeypot-sgp-1 sshd[858]: Received disconnect from 165.22.42.39 port 51344:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:22 honeypot-ams-1 sshd[3749]: Disconnected from invalid user user 141.255.162.226 port 42610 [preauth]","@timestamp":"2022-09-09T15:00:23.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:24 honeypot-ams-1 sshd[3753]: Disconnected from invalid user user 141.255.162.226 port 35436 [preauth]","@timestamp":"2022-09-09T15:00:24.657Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:27 honeypot-ams-1 sshd[3757]: Disconnected from invalid user user 141.255.162.226 port 49310 [preauth]","@timestamp":"2022-09-09T15:00:27.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:00:29 honeypot-ams-1 sshd[3761]: Disconnected from invalid user user 141.255.162.226 port 56980 [preauth]","@timestamp":"2022-09-09T15:00:30.661Z"}
{"@timestamp":"2022-09-09T15:01:48.790Z","@version":"1","message":"Sep  9 15:01:48 honeypot-sgp-1 sshd[864]: Disconnected from authenticating user root 165.22.42.39 port 50198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:03:39.840Z","@version":"1","message":"Sep  9 15:03:38 honeypot-sgp-1 sshd[869]: Received disconnect from 165.22.42.39 port 49034:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:05:34.891Z","@version":"1","message":"Sep  9 15:05:34 honeypot-sgp-1 sshd[873]: Invalid user petrong from 165.22.42.39 port 47890","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:06:45 honeypot-fra-1 sshd[26738]: Disconnected from invalid user user 45.61.184.204 port 41684 [preauth]","@timestamp":"2022-09-09T15:06:45.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:07:06 honeypot-fra-1 sshd[26742]: Disconnected from invalid user user 45.61.184.204 port 36532 [preauth]","@timestamp":"2022-09-09T15:07:06.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:07:24 honeypot-fra-1 sshd[26746]: Received disconnect from 45.61.184.204 port 59624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:07:24.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:07:29.938Z","@version":"1","message":"Sep  9 15:07:29 honeypot-sgp-1 sshd[878]: Received disconnect from 165.22.42.39 port 46728:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:07:43 honeypot-fra-1 sshd[26750]: Received disconnect from 45.61.184.204 port 54460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:07:43.779Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:08:28.964Z","@version":"1","message":"Sep  9 15:08:28 honeypot-sgp-1 sshd[882]: Received disconnect from 165.22.42.39 port 60264:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:09:12 honeypot-ams-1 sshd[3767]: Received disconnect from 204.48.30.72 port 40216:11: Bye Bye [preauth]","@timestamp":"2022-09-09T15:09:12.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:10:05 honeypot-fra-1 sshd[26755]: Invalid user 0 from 92.255.85.69 port 28842","@timestamp":"2022-09-09T15:10:05.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:10:19.011Z","@version":"1","message":"Sep  9 15:10:18 honeypot-sgp-1 sshd[886]: Received disconnect from 165.22.42.39 port 59116:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:11:29 honeypot-ams-1 sshd[3771]: Received disconnect from 92.255.85.69 port 29616:11: Bye Bye [preauth]","@timestamp":"2022-09-09T15:11:29.947Z"}
{"@timestamp":"2022-09-09T15:12:10.056Z","@version":"1","message":"Sep  9 15:12:09 honeypot-sgp-1 sshd[892]: Disconnected from invalid user plandevac 165.22.42.39 port 57948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:08 honeypot-ams-1 sshd[3774]: Disconnected from invalid user user 141.255.162.226 port 46304 [preauth]","@timestamp":"2022-09-09T15:13:08.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:10 honeypot-ams-1 sshd[3778]: Disconnected from invalid user user 141.255.162.226 port 60326 [preauth]","@timestamp":"2022-09-09T15:13:10.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:14 honeypot-ams-1 sshd[3782]: Disconnected from invalid user user 141.255.162.226 port 53152 [preauth]","@timestamp":"2022-09-09T15:13:14.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:13:16 honeypot-ams-1 sshd[3786]: Disconnected from invalid user user 141.255.162.226 port 60176 [preauth]","@timestamp":"2022-09-09T15:13:16.997Z"}
{"@timestamp":"2022-09-09T15:14:00.105Z","@version":"1","message":"Sep  9 15:13:59 honeypot-sgp-1 sshd[897]: Disconnected from invalid user schoosoft_dev 165.22.42.39 port 56794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:15:50.153Z","@version":"1","message":"Sep  9 15:15:49 honeypot-sgp-1 sshd[901]: Disconnected from invalid user startupclerk_dev 165.22.42.39 port 55650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:17:01 honeypot-ams-1 CRON[3791]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T15:17:02.098Z"}
{"@timestamp":"2022-09-09T15:17:42.201Z","@version":"1","message":"Sep  9 15:17:41 honeypot-sgp-1 sshd[910]: Received disconnect from 165.22.42.39 port 54490:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:17:53 honeypot-fra-1 sshd[26762]: Invalid user klara from 148.72.209.121 port 35984","@timestamp":"2022-09-09T15:17:54.004Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:19:39.254Z","@version":"1","message":"Sep  9 15:19:38 honeypot-sgp-1 sshd[915]: Invalid user dev from 165.22.42.39 port 53326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:20:30 honeypot-ams-1 sshd[3797]: Disconnected from authenticating user root 102.128.78.42 port 56128 [preauth]","@timestamp":"2022-09-09T15:20:31.189Z"}
{"@timestamp":"2022-09-09T15:21:30.301Z","@version":"1","message":"Sep  9 15:21:29 honeypot-sgp-1 sshd[920]: Received disconnect from 165.22.42.39 port 52176:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:04 honeypot-fra-1 sshd[26766]: Received disconnect from 141.255.162.226 port 45134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:22:05.099Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:07 honeypot-fra-1 sshd[26770]: Received disconnect from 141.255.162.226 port 37558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:22:08.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:22:10 honeypot-fra-1 sshd[26774]: Received disconnect from 141.255.162.226 port 51338:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:22:11.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:23:45 honeypot-fra-1 sshd[26778]: Received disconnect from 165.22.45.108 port 50138:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T15:23:46.136Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:25:40.406Z","@version":"1","message":"Sep  9 15:25:39 honeypot-sgp-1 sshd[925]: Received disconnect from 142.93.187.197 port 55184:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:28:39 honeypot-fra-1 sshd[26784]: Invalid user user from 45.61.186.49 port 53878","@timestamp":"2022-09-09T15:28:39.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:28:49 honeypot-fra-1 sshd[26788]: Invalid user user from 45.61.186.49 port 37350","@timestamp":"2022-09-09T15:28:49.253Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T15:29:23.499Z","@version":"1","message":"Sep  9 15:29:23 honeypot-sgp-1 sshd[929]: Disconnected from invalid user admin 92.255.85.70 port 58054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:32:59 honeypot-ams-1 sshd[3801]: Invalid user admin from 92.255.85.70 port 62456","@timestamp":"2022-09-09T15:32:59.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:35:05 honeypot-fra-1 sshd[26794]: Invalid user admin from 220.121.250.154 port 41357","@timestamp":"2022-09-09T15:35:06.392Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:48:28 honeypot-ams-1 sshd[3805]: Invalid user Admin from 80.65.90.155 port 45770","@timestamp":"2022-09-09T15:48:28.929Z"}
{"@timestamp":"2022-09-09T15:49:17.980Z","@version":"1","message":"Sep  9 15:49:17 honeypot-sgp-1 sshd[937]: Invalid user Admin from 72.138.167.50 port 39712","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:50:33 honeypot-fra-1 sshd[27235]: Received disconnect from 92.255.85.69 port 52594:11: Bye Bye [preauth]","@timestamp":"2022-09-09T15:50:34.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:07 honeypot-fra-1 sshd[27241]: Invalid user user from 198.98.61.9 port 36168","@timestamp":"2022-09-09T15:56:07.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:24 honeypot-fra-1 sshd[27245]: Invalid user user from 198.98.61.9 port 59250","@timestamp":"2022-09-09T15:56:24.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:40 honeypot-fra-1 sshd[27249]: Invalid user user from 198.98.61.9 port 54084","@timestamp":"2022-09-09T15:56:40.890Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 15:56:49 honeypot-fra-1 kernel: [83613445.916770] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=37612 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T15:56:49.895Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:57:16 honeypot-ams-1 sshd[3808]: Invalid user pi from 92.152.11.18 port 59856","@timestamp":"2022-09-09T15:57:17.159Z"}
{"@timestamp":"2022-09-09T15:57:36.181Z","@version":"1","message":"Sep  9 15:57:35 honeypot-sgp-1 sshd[942]: Invalid user admin from 128.199.160.207 port 54392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T15:57:36.182Z","@version":"1","message":"Sep  9 15:57:35 honeypot-sgp-1 sshd[948]: Invalid user admin from 128.199.160.207 port 54404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 15:58:00 honeypot-ams-1 sshd[3812]: Disconnected from authenticating user root 92.255.85.70 port 28990 [preauth]","@timestamp":"2022-09-09T15:58:01.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:01:46 honeypot-ams-1 sshd[3815]: Disconnected from invalid user ftp_user 68.183.142.49 port 39258 [preauth]","@timestamp":"2022-09-09T16:01:47.279Z"}
{"@timestamp":"2022-09-09T16:11:14.505Z","@version":"1","message":"Sep  9 16:11:13 honeypot-sgp-1 sshd[953]: Received disconnect from 92.255.85.70 port 61234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:12:02 honeypot-ams-1 sshd[3820]: Received disconnect from 61.177.173.51 port 17364:11:  [preauth]","@timestamp":"2022-09-09T16:12:03.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:12:23 honeypot-fra-1 kernel: [83614379.490861] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=8.38.172.78 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=63213 PROTO=TCP SPT=57347 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:12:24.226Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:17:01 honeypot-ams-1 CRON[3826]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T16:17:01.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:17:01 honeypot-fra-1 CRON[27265]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T16:17:02.348Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T16:18:48.685Z","@version":"1","message":"Sep  9 16:18:48 honeypot-sgp-1 sshd[959]: Disconnected from invalid user cym 159.203.117.191 port 58234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:20:23 honeypot-ams-1 sshd[4280]: Disconnected from authenticating user root 92.255.85.70 port 55168 [preauth]","@timestamp":"2022-09-09T16:20:23.779Z"}
{"@timestamp":"2022-09-09T16:21:53.761Z","@version":"1","message":"Sep  9 16:21:53 honeypot-sgp-1 sshd[966]: Invalid user user from 45.61.186.49 port 45106","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:22:04.767Z","@version":"1","message":"Sep  9 16:22:04 honeypot-sgp-1 sshd[971]: Invalid user user from 45.61.186.49 port 56686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:24:10.818Z","@version":"1","message":"Sep  9 16:24:10 honeypot-sgp-1 sshd[975]: Invalid user scott from 159.65.188.65 port 45868","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:27:26 honeypot-fra-1 sshd[27271]: Received disconnect from 165.22.45.108 port 60204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T16:27:26.578Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:31:48 honeypot-ams-1 sshd[4287]: Received disconnect from 61.177.172.114 port 47726:11:  [preauth]","@timestamp":"2022-09-09T16:31:49.071Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 16:35:07 honeypot-ams-1 kernel: [83617894.106879] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=42916 PROTO=TCP SPT=44667 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:35:07.159Z"}
{"@timestamp":"2022-09-09T16:35:23.089Z","@version":"1","message":"Sep  9 16:35:22 honeypot-sgp-1 sshd[979]: Received disconnect from 92.255.85.70 port 49750:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:39:43 honeypot-fra-1 sshd[27275]: Invalid user admin from 92.255.85.69 port 47596","@timestamp":"2022-09-09T16:39:43.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:39:50 honeypot-ams-1 sshd[4295]: Invalid user admin from 92.255.85.70 port 60758","@timestamp":"2022-09-09T16:39:51.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:41:02 honeypot-ams-1 sshd[4299]: error: maximum authentication attempts exceeded for invalid user admin from 100.12.133.226 port 60782 ssh2 [preauth]","@timestamp":"2022-09-09T16:41:03.318Z"}
{"@timestamp":"2022-09-09T16:43:30.286Z","@version":"1","message":"Sep  9 16:43:29 honeypot-sgp-1 kernel: [83617925.020749] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=50287 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:45:13 honeypot-ams-1 sshd[4304]: Invalid user skkb from 42.200.212.120 port 35870","@timestamp":"2022-09-09T16:45:14.426Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:46:25 honeypot-fra-1 kernel: [83616421.970557] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=58526 PROTO=TCP SPT=43757 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:46:26.001Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:50:28 honeypot-ams-1 sshd[4307]: Received disconnect from 162.243.172.239 port 46382:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:50:29.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:52:19 honeypot-fra-1 sshd[27283]: Invalid user cz from 132.145.168.70 port 59732","@timestamp":"2022-09-09T16:52:20.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:53:56 honeypot-ams-1 sshd[4313]: Received disconnect from 126.77.170.137 port 45218:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:53:57.648Z"}
{"@timestamp":"2022-09-09T16:54:16.548Z","@version":"1","message":"Sep  9 16:54:16 honeypot-sgp-1 sshd[988]: Invalid user whipple from 170.210.71.10 port 41200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T16:55:44.586Z","@version":"1","message":"Sep  9 16:55:43 honeypot-sgp-1 sshd[990]: Received disconnect from 188.254.0.110 port 60464:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:57:25 honeypot-fra-1 kernel: [83617081.477816] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.170 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=25178 PROTO=TCP SPT=56661 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T16:57:26.246Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 16:58:52 honeypot-ams-1 sshd[4322]: Received disconnect from 61.177.173.53 port 10061:11:  [preauth]","@timestamp":"2022-09-09T16:58:52.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 16:59:42 honeypot-fra-1 sshd[27292]: Received disconnect from 68.183.56.198 port 50166:11: Bye Bye [preauth]","@timestamp":"2022-09-09T16:59:43.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T17:00:30.702Z","@version":"1","message":"Sep  9 17:00:30 honeypot-sgp-1 sshd[997]: Received disconnect from 92.255.85.69 port 19752:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:02:54 honeypot-fra-1 sshd[27297]: Received disconnect from 92.255.85.69 port 58888:11: Bye Bye [preauth]","@timestamp":"2022-09-09T17:02:55.371Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:04:01 honeypot-ams-1 sshd[4329]: Invalid user oracle from 92.255.85.69 port 35488","@timestamp":"2022-09-09T17:04:01.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:05:53 honeypot-ams-1 sshd[4333]: Connection closed by invalid user admin 193.106.191.157 port 41082 [preauth]","@timestamp":"2022-09-09T17:05:53.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27302]: Invalid user test from 34.92.211.177 port 34888","@timestamp":"2022-09-09T17:06:00.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27308]: Invalid user ec2 from 34.92.211.177 port 34924","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27307]: Invalid user ubuntu from 34.92.211.177 port 34916","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27303]: Connection closed by invalid user devops 34.92.211.177 port 34890 [preauth]","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27317]: Connection closed by authenticating user root 34.92.211.177 port 34908 [preauth]","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27322]: Connection closed by invalid user user 34.92.211.177 port 34900 [preauth]","@timestamp":"2022-09-09T17:06:01.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:00 honeypot-fra-1 sshd[27311]: Connection closed by invalid user test 34.92.211.177 port 34950 [preauth]","@timestamp":"2022-09-09T17:06:01.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:06:03 honeypot-fra-1 sshd[27345]: Connection closed by invalid user postgres 34.92.211.177 port 34932 [preauth]","@timestamp":"2022-09-09T17:06:04.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:09:01 honeypot-fra-1 CRON[27353]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T17:09:02.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:10:35 honeypot-ams-1 sshd[4343]: Disconnected from authenticating user root 179.43.156.143 port 34984 [preauth]","@timestamp":"2022-09-09T17:10:36.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:11:55 honeypot-ams-1 sshd[4349]: Disconnected from authenticating user root 179.43.156.143 port 55058 [preauth]","@timestamp":"2022-09-09T17:11:56.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:12:34 honeypot-ams-1 sshd[4355]: Disconnected from authenticating user root 179.43.156.143 port 50946 [preauth]","@timestamp":"2022-09-09T17:12:35.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:13:54 honeypot-ams-1 sshd[4362]: Received disconnect from 179.43.156.143 port 42820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:13:55.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:14:34 honeypot-ams-1 sshd[4366]: Received disconnect from 179.43.156.143 port 38686:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:14:35.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:15:45 honeypot-fra-1 sshd[27359]: Did not receive identification string from 198.98.61.9 port 47082","@timestamp":"2022-09-09T17:15:45.659Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:15:59 honeypot-ams-1 sshd[4371]: Received disconnect from 179.43.156.143 port 58762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:16:00.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:18 honeypot-fra-1 sshd[27362]: Disconnected from invalid user user 198.98.61.9 port 43218 [preauth]","@timestamp":"2022-09-09T17:16:18.674Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:34 honeypot-fra-1 sshd[27366]: Disconnected from invalid user user 198.98.61.9 port 38206 [preauth]","@timestamp":"2022-09-09T17:16:34.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:16:52 honeypot-fra-1 sshd[27370]: Disconnected from invalid user user 198.98.61.9 port 33186 [preauth]","@timestamp":"2022-09-09T17:16:52.689Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T17:17:02.096Z","@version":"1","message":"Sep  9 17:17:01 honeypot-sgp-1 CRON[1077]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:17:01 honeypot-ams-1 CRON[4378]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T17:17:02.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:18:01 honeypot-ams-1 sshd[4383]: Disconnected from authenticating user root 179.43.156.143 port 46478 [preauth]","@timestamp":"2022-09-09T17:18:02.300Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:19:34 honeypot-ams-1 sshd[4389]: Received disconnect from 223.171.32.55 port 4446:11: Bye Bye [preauth]","@timestamp":"2022-09-09T17:19:35.343Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:21:31 honeypot-fra-1 sshd[27378]: Did not receive identification string from 125.91.17.179 port 55806","@timestamp":"2022-09-09T17:21:31.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:25:39 honeypot-ams-1 sshd[4397]: Received disconnect from 50.192.223.205 port 37278:11: Bye Bye [preauth]","@timestamp":"2022-09-09T17:25:39.501Z"}
{"@timestamp":"2022-09-09T17:26:19.315Z","@version":"1","message":"Sep  9 17:26:18 honeypot-sgp-1 sshd[1084]: Received disconnect from 45.61.184.204 port 42798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:26:39.330Z","@version":"1","message":"Sep  9 17:26:38 honeypot-sgp-1 sshd[1088]: Received disconnect from 45.61.184.204 port 37982:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:26:57.339Z","@version":"1","message":"Sep  9 17:26:57 honeypot-sgp-1 sshd[1092]: Received disconnect from 45.61.184.204 port 33166:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T17:27:15.351Z","@version":"1","message":"Sep  9 17:27:14 honeypot-sgp-1 sshd[1096]: Received disconnect from 45.61.184.204 port 56586:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:29:08 honeypot-ams-1 sshd[4403]: Received disconnect from 92.255.85.70 port 43294:11: Bye Bye [preauth]","@timestamp":"2022-09-09T17:29:09.594Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:31:15 honeypot-fra-1 sshd[27409]: Invalid user jumanji from 165.22.45.108 port 42060","@timestamp":"2022-09-09T17:31:16.007Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T17:32:37.482Z","@version":"1","message":"Sep  9 17:32:36 honeypot-sgp-1 sshd[1101]: Received disconnect from 138.68.166.2 port 36114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:32:47 honeypot-ams-1 sshd[4410]: Did not receive identification string from 167.172.152.18 port 56008","@timestamp":"2022-09-09T17:32:48.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:33:48 honeypot-ams-1 sshd[4415]: Disconnected from authenticating user root 167.172.152.18 port 36836 [preauth]","@timestamp":"2022-09-09T17:33:49.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:35:00 honeypot-ams-1 sshd[4437]: Received disconnect from 167.172.152.18 port 46116:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:35:01.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:36:10 honeypot-ams-1 sshd[4445]: Received disconnect from 167.172.152.18 port 55246:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:36:10.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:36:57 honeypot-ams-1 sshd[4450]: Received disconnect from 167.172.152.18 port 51886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:36:57.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:37:44 honeypot-ams-1 sshd[4454]: Received disconnect from 167.172.152.18 port 48698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:37:44.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:38:31 honeypot-ams-1 sshd[4458]: Invalid user odoo from 167.172.152.18 port 45596","@timestamp":"2022-09-09T17:38:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:39:16 honeypot-ams-1 sshd[4462]: Invalid user ec2-user from 167.172.152.18 port 42130","@timestamp":"2022-09-09T17:39:17.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:40:03 honeypot-ams-1 sshd[4466]: Invalid user ubuntu from 167.172.152.18 port 38834","@timestamp":"2022-09-09T17:40:03.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:40:49 honeypot-ams-1 sshd[4474]: Invalid user spark from 167.172.152.18 port 35664","@timestamp":"2022-09-09T17:40:49.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:41:36 honeypot-ams-1 sshd[4479]: Invalid user debian from 167.172.152.18 port 60488","@timestamp":"2022-09-09T17:41:36.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:42:00 honeypot-ams-1 sshd[4483]: Received disconnect from 167.172.152.18 port 44968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T17:42:00.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:42:23 honeypot-ams-1 sshd[4487]: Disconnected from invalid user webadmin 167.172.152.18 port 57202 [preauth]","@timestamp":"2022-09-09T17:42:23.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:43:10 honeypot-ams-1 sshd[4491]: Disconnected from invalid user student 167.172.152.18 port 53960 [preauth]","@timestamp":"2022-09-09T17:43:10.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:43:57 honeypot-ams-1 sshd[4495]: Disconnected from invalid user weblogic 167.172.152.18 port 50638 [preauth]","@timestamp":"2022-09-09T17:43:58.014Z"}
{"@timestamp":"2022-09-09T17:44:45.777Z","@version":"1","message":"Sep  9 17:44:45 honeypot-sgp-1 sshd[1107]: Received disconnect from 213.108.241.222 port 43948:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 17:44:49 honeypot-ams-1 sshd[4499]: Disconnected from authenticating user root 61.177.172.114 port 22743 [preauth]","@timestamp":"2022-09-09T17:44:50.040Z"}
{"@timestamp":"2022-09-09T17:48:06.864Z","@version":"1","message":"Sep  9 17:48:05 honeypot-sgp-1 sshd[1110]: Disconnected from invalid user user 92.255.85.70 port 63898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:29 honeypot-fra-1 sshd[27414]: Invalid user user from 141.255.162.226 port 34500","@timestamp":"2022-09-09T17:49:30.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:30 honeypot-fra-1 sshd[27418]: Invalid user user from 141.255.162.226 port 50568","@timestamp":"2022-09-09T17:49:31.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:35 honeypot-fra-1 sshd[27422]: Invalid user user from 141.255.162.226 port 58608","@timestamp":"2022-09-09T17:49:36.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:49:38 honeypot-fra-1 sshd[27426]: Invalid user user from 141.255.162.226 port 54498","@timestamp":"2022-09-09T17:49:39.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:52:14 honeypot-fra-1 kernel: [83620370.373379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.9.71.118 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=49232 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:52:14.464Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 17:55:24 honeypot-ams-1 kernel: [83622711.628642] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.200 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49461 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:55:25.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 17:58:14 honeypot-fra-1 kernel: [83620730.595957] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=145.40.113.15 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=33524 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T17:58:15.598Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:02:12 honeypot-ams-1 sshd[4510]: Received disconnect from 61.177.172.124 port 11944:11:  [preauth]","@timestamp":"2022-09-09T18:02:12.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:04:17 honeypot-ams-1 sshd[4518]: Received disconnect from 20.198.178.75 port 33768:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:04:17.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:04:53 honeypot-fra-1 kernel: [83621129.187404] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.92.21.96 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37527 PROTO=TCP SPT=46688 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:04:53.760Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:05:25 honeypot-fra-1 sshd[27438]: Disconnected from invalid user user 45.61.184.204 port 54940 [preauth]","@timestamp":"2022-09-09T18:05:25.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:05:45 honeypot-fra-1 sshd[27442]: Disconnected from invalid user user 45.61.184.204 port 49822 [preauth]","@timestamp":"2022-09-09T18:05:46.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:06:04 honeypot-fra-1 sshd[27446]: Disconnected from invalid user user 45.61.184.204 port 44690 [preauth]","@timestamp":"2022-09-09T18:06:04.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:06:20 honeypot-fra-1 sshd[27450]: Disconnected from invalid user user 45.61.184.204 port 39580 [preauth]","@timestamp":"2022-09-09T18:06:20.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:06:55 honeypot-ams-1 sshd[4523]: Connection closed by invalid user Admin 220.171.158.86 port 1826 [preauth]","@timestamp":"2022-09-09T18:06:55.617Z"}
{"@timestamp":"2022-09-09T18:07:33.330Z","@version":"1","message":"Sep  9 18:07:32 honeypot-sgp-1 sshd[1114]: Connection closed by invalid user Admin 46.242.7.162 port 15300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:09:36 honeypot-fra-1 sshd[27455]: Invalid user admin from 193.106.191.157 port 58128","@timestamp":"2022-09-09T18:09:36.876Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T18:12:14.443Z","@version":"1","message":"Sep  9 18:12:13 honeypot-sgp-1 kernel: [83623249.452301] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.153.33.197 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=57719 DF PROTO=TCP SPT=26875 DPT=80 WINDOW=32120 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:13:12 honeypot-ams-1 sshd[4527]: Received disconnect from 80.76.51.44 port 49752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:13:12.783Z"}
{"@timestamp":"2022-09-09T18:13:39.480Z","@version":"1","message":"Sep  9 18:13:39 honeypot-sgp-1 sshd[1121]: Received disconnect from 221.193.248.166 port 53092:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:13:45 honeypot-ams-1 sshd[4531]: Received disconnect from 80.76.51.44 port 46330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:13:45.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:14:16 honeypot-ams-1 sshd[4537]: Received disconnect from 80.76.51.44 port 42688:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:14:16.816Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:14:36 honeypot-ams-1 kernel: [83623863.825514] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.182 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=29001 PROTO=TCP SPT=53115 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:14:37.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:15:15 honeypot-ams-1 sshd[4547]: Disconnected from authenticating user root 80.76.51.44 port 35716 [preauth]","@timestamp":"2022-09-09T18:15:15.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:16:01 honeypot-ams-1 sshd[4553]: Received disconnect from 80.76.51.44 port 44370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T18:16:01.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:16:28 honeypot-ams-1 sshd[4557]: Disconnected from authenticating user root 92.255.85.69 port 48546 [preauth]","@timestamp":"2022-09-09T18:16:28.886Z"}
{"@timestamp":"2022-09-09T18:17:02.560Z","@version":"1","message":"Sep  9 18:17:01 honeypot-sgp-1 CRON[1126]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:18:44 honeypot-ams-1 sshd[4563]: Disconnected from invalid user admin 222.127.147.227 port 35828 [preauth]","@timestamp":"2022-09-09T18:18:44.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:22:07 honeypot-fra-1 sshd[27465]: Invalid user yoon from 164.90.149.69 port 46696","@timestamp":"2022-09-09T18:22:08.152Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:25:53 honeypot-fra-1 sshd[27469]: Connection closed by 45.155.126.4 port 35922 [preauth]","@timestamp":"2022-09-09T18:25:53.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:27:29 honeypot-ams-1 kernel: [83624636.659487] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.92.32.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=17861 PROTO=TCP SPT=48048 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:27:30.171Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:29:52 honeypot-fra-1 kernel: [83622628.856724] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17131 PROTO=TCP SPT=48006 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:29:53.323Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:33:44 honeypot-fra-1 kernel: [83622860.434205] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.215.148.107 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62477 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:33:45.412Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T18:34:08.965Z","@version":"1","message":"Sep  9 18:34:08 honeypot-sgp-1 kernel: [83624564.354636] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.230.103.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=52380 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:34:48 honeypot-fra-1 sshd[27481]: Disconnected from invalid user junit 165.22.45.108 port 52132 [preauth]","@timestamp":"2022-09-09T18:34:48.438Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:35:21 honeypot-ams-1 sshd[4577]: Disconnected from authenticating user root 109.206.241.219 port 50844 [preauth]","@timestamp":"2022-09-09T18:35:22.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:35:55 honeypot-ams-1 sshd[4583]: Disconnected from authenticating user root 109.206.241.219 port 46564 [preauth]","@timestamp":"2022-09-09T18:35:56.391Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:36:10 honeypot-fra-1 sshd[27485]: Disconnected from invalid user kumemura 103.149.196.186 port 55460 [preauth]","@timestamp":"2022-09-09T18:36:11.472Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:36:36 honeypot-ams-1 sshd[4589]: Disconnected from authenticating user root 61.177.172.124 port 35523 [preauth]","@timestamp":"2022-09-09T18:36:37.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 18:37:16 honeypot-ams-1 sshd[4595]: Disconnected from authenticating user root 109.206.241.219 port 50188 [preauth]","@timestamp":"2022-09-09T18:37:17.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:38:15 honeypot-fra-1 sshd[27491]: Received disconnect from 178.128.41.141 port 60406:11: Bye Bye [preauth]","@timestamp":"2022-09-09T18:38:15.520Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T18:48:22.306Z","@version":"1","message":"Sep  9 18:48:21 honeypot-sgp-1 kernel: [83625417.223201] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=238 ID=24758 PROTO=TCP SPT=1859 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 18:50:53 honeypot-ams-1 kernel: [83626040.214544] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=13328 PROTO=TCP SPT=19319 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T18:50:53.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:52:13 honeypot-fra-1 sshd[27508]: Did not receive identification string from 128.199.96.88 port 61000","@timestamp":"2022-09-09T18:52:13.843Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T18:55:34.480Z","@version":"1","message":"Sep  9 18:55:33 honeypot-sgp-1 kernel: [83625849.435767] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=194.163.148.53 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=19044 PROTO=TCP SPT=49730 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:12 honeypot-fra-1 sshd[27512]: Invalid user josh from 43.154.123.160 port 33524","@timestamp":"2022-09-09T18:59:12.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:34 honeypot-fra-1 sshd[27517]: Protocol major versions differ for 104.156.155.28 port 47008: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Nmap-SSH1-Hostkey","@timestamp":"2022-09-09T18:59:35.008Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:36 honeypot-fra-1 sshd[27527]: Connection closed by 104.156.155.28 port 24567 [preauth]","@timestamp":"2022-09-09T18:59:37.009Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 18:59:39 honeypot-fra-1 sshd[27535]: Connection closed by 104.156.155.28 port 52537 [preauth]","@timestamp":"2022-09-09T18:59:40.011Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:03:28 honeypot-fra-1 sshd[27541]: Invalid user admin from 114.35.42.13 port 47178","@timestamp":"2022-09-09T19:03:29.095Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:03:37 honeypot-ams-1 sshd[4620]: Received disconnect from 92.255.85.69 port 53720:11: Bye Bye [preauth]","@timestamp":"2022-09-09T19:03:38.136Z"}
{"@timestamp":"2022-09-09T19:05:09.706Z","@version":"1","message":"Sep  9 19:05:08 honeypot-sgp-1 sshd[1147]: Did not receive identification string from 220.69.209.84 port 54476","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:06:23 honeypot-ams-1 sshd[4626]: error: maximum authentication attempts exceeded for invalid user admin from 114.35.235.34 port 39805 ssh2 [preauth]","@timestamp":"2022-09-09T19:06:23.211Z"}
{"@timestamp":"2022-09-09T19:09:54.818Z","@version":"1","message":"Sep  9 19:09:54 honeypot-sgp-1 sshd[1153]: Invalid user user from 8.38.172.89 port 37018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:12:46 honeypot-fra-1 kernel: [83625202.281963] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.115.49.158 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37135 PROTO=TCP SPT=50658 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:12:47.308Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:12:54 honeypot-ams-1 sshd[4632]: Received disconnect from 80.76.51.44 port 45628:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T19:12:54.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:13:18 honeypot-ams-1 sshd[4636]: Disconnected from authenticating user root 61.177.172.108 port 15179 [preauth]","@timestamp":"2022-09-09T19:13:19.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:13:46 honeypot-ams-1 sshd[4640]: Disconnected from authenticating user root 80.76.51.44 port 56368 [preauth]","@timestamp":"2022-09-09T19:13:46.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:14:33 honeypot-ams-1 sshd[4646]: Disconnected from authenticating user root 80.76.51.44 port 38938 [preauth]","@timestamp":"2022-09-09T19:14:33.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:19 honeypot-ams-1 sshd[4652]: Disconnected from authenticating user root 80.76.51.44 port 49958 [preauth]","@timestamp":"2022-09-09T19:15:20.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:50 honeypot-ams-1 sshd[4657]: Disconnected from invalid user user 80.76.51.44 port 47506 [preauth]","@timestamp":"2022-09-09T19:15:51.470Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:55 honeypot-ams-1 sshd[4661]: Disconnected from invalid user user 141.255.162.226 port 36442 [preauth]","@timestamp":"2022-09-09T19:15:55.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:57 honeypot-ams-1 sshd[4665]: Disconnected from invalid user user 141.255.162.226 port 38846 [preauth]","@timestamp":"2022-09-09T19:15:57.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:15:59 honeypot-ams-1 sshd[4669]: Disconnected from invalid user user 141.255.162.226 port 44090 [preauth]","@timestamp":"2022-09-09T19:16:00.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:16:06 honeypot-ams-1 sshd[4673]: Disconnected from invalid user git 80.76.51.44 port 60538 [preauth]","@timestamp":"2022-09-09T19:16:06.479Z"}
{"@timestamp":"2022-09-09T19:18:22.032Z","@version":"1","message":"Sep  9 19:18:21 honeypot-sgp-1 sshd[1159]: Received disconnect from 92.255.85.69 port 52716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:21 honeypot-ams-1 sshd[4684]: Did not receive identification string from 141.255.162.226 port 55884","@timestamp":"2022-09-09T19:24:21.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:41 honeypot-ams-1 sshd[4687]: Disconnected from invalid user user 141.255.162.226 port 45032 [preauth]","@timestamp":"2022-09-09T19:24:41.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:41 honeypot-ams-1 sshd[4691]: Disconnected from invalid user user 141.255.162.226 port 60072 [preauth]","@timestamp":"2022-09-09T19:24:42.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:45 honeypot-ams-1 sshd[4695]: Disconnected from invalid user user 141.255.162.226 port 39362 [preauth]","@timestamp":"2022-09-09T19:24:46.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:24:48 honeypot-ams-1 sshd[4699]: Disconnected from invalid user user 141.255.162.226 port 33690 [preauth]","@timestamp":"2022-09-09T19:24:48.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:30:12 honeypot-fra-1 sshd[27555]: Invalid user pat from 141.98.10.158 port 39938","@timestamp":"2022-09-09T19:30:13.709Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 19:34:50 honeypot-ams-1 sshd[4708]: Received disconnect from 61.177.173.36 port 23465:11:  [preauth]","@timestamp":"2022-09-09T19:34:50.966Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 19:38:31 honeypot-ams-1 kernel: [83628898.671588] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=35463 PROTO=TCP SPT=53080 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:38:32.064Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:38:39 honeypot-fra-1 kernel: [83626755.066993] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=114.132.186.122 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=56169 PROTO=TCP SPT=44109 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:38:39.915Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T19:41:59.588Z","@version":"1","message":"Sep  9 19:41:59 honeypot-sgp-1 sshd[1165]: Received disconnect from 92.255.85.70 port 23920:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:43:02 honeypot-fra-1 sshd[27562]: Disconnected from invalid user viorel 190.12.120.250 port 46812 [preauth]","@timestamp":"2022-09-09T19:43:03.012Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T19:43:19.622Z","@version":"1","message":"Sep  9 19:43:19 honeypot-sgp-1 sshd[1169]: Disconnected from authenticating user root 83.1.7.226 port 43350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:45:24 honeypot-fra-1 sshd[27569]: Received disconnect from 92.255.85.70 port 20258:11: Bye Bye [preauth]","@timestamp":"2022-09-09T19:45:25.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 19:50:36 honeypot-fra-1 sshd[27575]: Received disconnect from 159.89.205.198 port 53556:11: Bye Bye [preauth]","@timestamp":"2022-09-09T19:50:37.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 19:52:04 honeypot-ams-1 kernel: [83629711.162351] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.47.127.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=40018 PROTO=TCP SPT=31815 DPT=443 WINDOW=19063 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T19:52:04.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:03:56 honeypot-ams-1 sshd[4732]: Disconnected from authenticating user root 61.177.173.47 port 64943 [preauth]","@timestamp":"2022-09-09T20:03:56.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:07:56 honeypot-fra-1 sshd[27584]: Disconnected from authenticating user root 92.255.85.69 port 50516 [preauth]","@timestamp":"2022-09-09T20:07:57.541Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:09:40 honeypot-ams-1 sshd[4743]: Received disconnect from 92.255.85.70 port 51836:11: Bye Bye [preauth]","@timestamp":"2022-09-09T20:09:40.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:12:13 honeypot-ams-1 sshd[4747]: Received disconnect from 178.62.81.147 port 34811:11: Bye Bye [preauth]","@timestamp":"2022-09-09T20:12:14.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:14:00 honeypot-ams-1 sshd[4751]: Invalid user ftpuser from 137.184.225.163 port 39216","@timestamp":"2022-09-09T20:14:00.973Z"}
{"@timestamp":"2022-09-09T20:14:36.348Z","@version":"1","message":"Sep  9 20:14:35 honeypot-sgp-1 kernel: [83630591.380890] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28166 PROTO=TCP SPT=54465 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:15:13 honeypot-fra-1 sshd[27589]: Disconnected from authenticating user root 216.137.185.113 port 49494 [preauth]","@timestamp":"2022-09-09T20:15:13.734Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:17:11 honeypot-ams-1 sshd[4760]: Received disconnect from 193.142.146.50 port 55346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:17:12.059Z"}
{"@timestamp":"2022-09-09T20:17:39.423Z","@version":"1","message":"Sep  9 20:17:38 honeypot-sgp-1 kernel: [83630773.852275] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.129 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=49873 PROTO=TCP SPT=51359 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:17:53 honeypot-ams-1 sshd[4766]: Received disconnect from 193.142.146.50 port 54976:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:17:54.082Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:19:17 honeypot-ams-1 sshd[4772]: Received disconnect from 193.142.146.50 port 45064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:19:18.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:19:43 honeypot-ams-1 sshd[4776]: Received disconnect from 193.142.146.50 port 54228:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:19:44.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:22:11 honeypot-ams-1 sshd[4782]: Disconnected from authenticating user root 61.177.172.98 port 56701 [preauth]","@timestamp":"2022-09-09T20:22:12.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:23:15 honeypot-ams-1 sshd[4786]: Disconnected from invalid user test 80.76.51.189 port 49394 [preauth]","@timestamp":"2022-09-09T20:23:16.227Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:25:13 honeypot-ams-1 sshd[4792]: Received disconnect from 80.76.51.189 port 54020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:25:13.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:26:15 honeypot-ams-1 sshd[4798]: Disconnected from authenticating user root 80.76.51.189 port 56330 [preauth]","@timestamp":"2022-09-09T20:26:16.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:27:15 honeypot-ams-1 sshd[4803]: Received disconnect from 80.76.51.189 port 58648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:27:16.340Z"}
{"@timestamp":"2022-09-09T20:27:48.658Z","@version":"1","message":"Sep  9 20:27:47 honeypot-sgp-1 sshd[1205]: Disconnected from 206.81.15.128 port 40674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:29:46 honeypot-ams-1 sshd[4809]: Received disconnect from 80.76.51.189 port 37358:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:29:47.406Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:31:10 honeypot-fra-1 sshd[27595]: Disconnected from authenticating user root 92.255.85.69 port 47212 [preauth]","@timestamp":"2022-09-09T20:31:11.078Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:31:36 honeypot-ams-1 sshd[4813]: Invalid user user from 80.76.51.189 port 41990","@timestamp":"2022-09-09T20:31:37.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:32:28 honeypot-ams-1 sshd[4818]: Disconnected from authenticating user root 61.177.173.35 port 60644 [preauth]","@timestamp":"2022-09-09T20:32:28.481Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:33:34 honeypot-ams-1 kernel: [83632201.567051] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16253 PROTO=TCP SPT=47275 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:33:35.513Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:36:38 honeypot-ams-1 kernel: [83632384.878023] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45995 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:36:38.593Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:37:48 honeypot-fra-1 sshd[27601]: Received disconnect from 45.61.187.160 port 39182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:37:49.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:38:08 honeypot-fra-1 sshd[27605]: Received disconnect from 45.61.187.160 port 34536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:38:09.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:38:29 honeypot-fra-1 sshd[27609]: Received disconnect from 45.61.187.160 port 58140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:38:30.258Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T20:39:17.927Z","@version":"1","message":"Sep  9 20:39:17 honeypot-sgp-1 kernel: [83632072.813074] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=63358 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:41:18 honeypot-fra-1 sshd[27613]: Received disconnect from 165.22.45.108 port 44018:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T20:41:19.323Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:45:39 honeypot-ams-1 sshd[4832]: Disconnected from authenticating user root 61.177.173.51 port 30192 [preauth]","@timestamp":"2022-09-09T20:45:39.831Z"}
{"@timestamp":"2022-09-09T20:49:53.170Z","@version":"1","message":"Sep  9 20:49:52 honeypot-sgp-1 sshd[1213]: Disconnected from invalid user timothy 139.59.26.69 port 58100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 20:50:22 honeypot-ams-1 kernel: [83633209.313532] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=1169 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T20:50:22.956Z"}
{"@timestamp":"2022-09-09T20:50:47.211Z","@version":"1","message":"Sep  9 20:50:46 honeypot-sgp-1 sshd[1216]: Connection closed by invalid user pi 183.133.33.111 port 51998 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:55:49 honeypot-ams-1 sshd[4842]: Disconnected from 61.177.173.46 port 22192 [preauth]","@timestamp":"2022-09-09T20:55:50.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:58:41 honeypot-ams-1 sshd[4847]: Invalid user user from 198.98.61.9 port 33864","@timestamp":"2022-09-09T20:58:41.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:58:59 honeypot-ams-1 sshd[4851]: Invalid user user from 198.98.61.9 port 56776","@timestamp":"2022-09-09T20:59:00.182Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:14 honeypot-fra-1 sshd[27621]: Invalid user user from 45.61.186.169 port 50594","@timestamp":"2022-09-09T20:59:15.718Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 20:59:15 honeypot-ams-1 sshd[4855]: Invalid user user from 198.98.61.9 port 51474","@timestamp":"2022-09-09T20:59:16.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:32 honeypot-fra-1 sshd[27625]: Invalid user user from 45.61.186.169 port 45318","@timestamp":"2022-09-09T20:59:33.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:41 honeypot-fra-1 sshd[27627]: Disconnected from invalid user user 45.61.186.169 port 56820 [preauth]","@timestamp":"2022-09-09T20:59:41.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 20:59:57 honeypot-fra-1 sshd[27631]: Disconnected from invalid user user 45.61.186.169 port 51528 [preauth]","@timestamp":"2022-09-09T20:59:58.738Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:04:07 honeypot-ams-1 sshd[4862]: Received disconnect from 61.177.172.114 port 37804:11:  [preauth]","@timestamp":"2022-09-09T21:04:08.316Z"}
{"@timestamp":"2022-09-09T21:04:57.538Z","@version":"1","message":"Sep  9 21:04:57 honeypot-sgp-1 kernel: [83633612.584775] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.166.147 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=45324 DF PROTO=TCP SPT=58334 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:05:19 honeypot-fra-1 sshd[27638]: Did not receive identification string from 27.150.190.96 port 60472","@timestamp":"2022-09-09T21:05:19.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:09:02 honeypot-fra-1 kernel: [83632178.405339] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=113.196.124.11 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=3138 PROTO=TCP SPT=51916 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:09:02.941Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T21:09:44.647Z","@version":"1","message":"Sep  9 21:09:44 honeypot-sgp-1 sshd[1226]: Received disconnect from 137.184.96.200 port 43104:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T21:13:09.728Z","@version":"1","message":"Sep  9 21:13:09 honeypot-sgp-1 sshd[1228]: Disconnected from invalid user admin 92.255.85.70 port 49678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:13:40 honeypot-ams-1 sshd[4869]: Disconnected from authenticating user root 61.177.173.36 port 26382 [preauth]","@timestamp":"2022-09-09T21:13:41.560Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:14:24 honeypot-fra-1 kernel: [83632499.957951] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=65504 PROTO=TCP SPT=57580 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:14:25.061Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:15:30 honeypot-fra-1 sshd[27656]: Disconnected from invalid user admin 92.255.85.69 port 38014 [preauth]","@timestamp":"2022-09-09T21:15:31.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:16:42 honeypot-fra-1 sshd[27660]: Invalid user tenancy from 157.245.122.58 port 36384","@timestamp":"2022-09-09T21:16:43.119Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:17:21 honeypot-ams-1 sshd[4876]: Connection closed by invalid user pi 77.185.148.98 port 45830 [preauth]","@timestamp":"2022-09-09T21:17:21.656Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:17:42 honeypot-fra-1 sshd[27665]: Received disconnect from 157.245.122.58 port 49922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:17:43.142Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:18:21 honeypot-ams-1 sshd[4883]: Disconnected from invalid user admin 92.255.85.70 port 61488 [preauth]","@timestamp":"2022-09-09T21:18:22.685Z"}
{"@timestamp":"2022-09-09T21:19:38.878Z","@version":"1","message":"Sep  9 21:19:38 honeypot-sgp-1 sshd[1237]: Invalid user willie from 200.85.60.130 port 34326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:19:39 honeypot-fra-1 sshd[27670]: Received disconnect from 157.245.122.58 port 48746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T21:19:40.185Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T21:20:43.904Z","@version":"1","message":"Sep  9 21:20:42 honeypot-sgp-1 kernel: [83634558.269479] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=123.57.27.117 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=47868 DF PROTO=TCP SPT=13108 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T21:25:35.017Z","@version":"1","message":"Sep  9 21:25:34 honeypot-sgp-1 kernel: [83634850.131444] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.184.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=42625 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:28:27 honeypot-fra-1 kernel: [83633343.125335] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.17.105.85 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=12610 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:28:28.377Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:33:24 honeypot-ams-1 kernel: [83635791.478600] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.69.228.40 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x20 TTL=58 ID=17258 PROTO=TCP SPT=39299 DPT=80 WINDOW=61622 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:33:25.067Z"}
{"@timestamp":"2022-09-09T21:38:00.302Z","@version":"1","message":"Sep  9 21:38:00 honeypot-sgp-1 sshd[1249]: Disconnected from authenticating user root 140.238.167.51 port 49082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:38:08 honeypot-fra-1 kernel: [83633924.387930] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.255.230.165 DST=165.22.82.222 LEN=40 TOS=0x18 PREC=0x00 TTL=246 ID=56893 PROTO=TCP SPT=49930 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:38:09.590Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:40:04 honeypot-ams-1 kernel: [83636191.430224] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=86 TOS=0x00 PREC=0x00 TTL=252 ID=1281 PROTO=TCP SPT=32737 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:40:05.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:41:25 honeypot-ams-1 sshd[4896]: Received disconnect from 61.177.173.36 port 55291:11:  [preauth]","@timestamp":"2022-09-09T21:41:26.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:45:40 honeypot-ams-1 sshd[4901]: Disconnected from authenticating user root 61.177.172.114 port 36286 [preauth]","@timestamp":"2022-09-09T21:45:41.401Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:47:05 honeypot-fra-1 sshd[27681]: Invalid user maowei from 137.116.144.39 port 54150","@timestamp":"2022-09-09T21:47:05.803Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:48:36 honeypot-fra-1 sshd[27685]: Disconnected from invalid user hugh 222.105.103.72 port 54816 [preauth]","@timestamp":"2022-09-09T21:48:36.840Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:49:43 honeypot-ams-1 sshd[4906]: Disconnected from authenticating user root 61.177.173.39 port 40951 [preauth]","@timestamp":"2022-09-09T21:49:44.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:50:25 honeypot-ams-1 sshd[4912]: Disconnected from invalid user test 80.76.51.189 port 56976 [preauth]","@timestamp":"2022-09-09T21:50:26.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:52:07 honeypot-ams-1 sshd[4919]: Disconnected from authenticating user root 80.76.51.189 port 49042 [preauth]","@timestamp":"2022-09-09T21:52:07.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:53:56 honeypot-ams-1 sshd[4925]: Disconnected from authenticating user root 80.76.51.189 port 41096 [preauth]","@timestamp":"2022-09-09T21:53:56.618Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:55:18 honeypot-ams-1 sshd[4933]: Disconnected from authenticating user root 157.245.122.58 port 51740 [preauth]","@timestamp":"2022-09-09T21:55:18.656Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 21:56:00 honeypot-ams-1 kernel: [83637146.988735] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=180.101.56.56 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=53020 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T21:56:00.676Z"}
{"@timestamp":"2022-09-09T21:57:22.739Z","@version":"1","message":"Sep  9 21:57:21 honeypot-sgp-1 sshd[1254]: Disconnected from invalid user oracle 92.255.85.69 port 52258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:57:25 honeypot-ams-1 sshd[4944]: Invalid user odoo from 157.245.122.58 port 50578","@timestamp":"2022-09-09T21:57:25.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:58:26 honeypot-ams-1 sshd[4946]: Disconnected from invalid user tenancy 157.245.122.58 port 35880 [preauth]","@timestamp":"2022-09-09T21:58:26.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 21:59:06 honeypot-fra-1 sshd[27691]: Received disconnect from 92.255.85.70 port 42432:11: Bye Bye [preauth]","@timestamp":"2022-09-09T21:59:07.092Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 21:59:31 honeypot-ams-1 sshd[4951]: Disconnected from authenticating user root 61.177.172.98 port 52433 [preauth]","@timestamp":"2022-09-09T21:59:31.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:01:27 honeypot-ams-1 sshd[4956]: Disconnected from invalid user jonitiso 157.245.122.58 port 48250 [preauth]","@timestamp":"2022-09-09T22:01:27.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:02:32 honeypot-ams-1 sshd[4960]: Disconnected from invalid user oracle 92.255.85.69 port 32852 [preauth]","@timestamp":"2022-09-09T22:02:32.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:09:29 honeypot-ams-1 sshd[4965]: Disconnected from invalid user wilson 159.89.170.8 port 52534 [preauth]","@timestamp":"2022-09-09T22:09:30.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:10:46 honeypot-ams-1 sshd[4970]: Received disconnect from 80.76.51.189 port 50156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T22:10:47.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:11:55 honeypot-ams-1 sshd[4974]: Disconnected from authenticating user root 80.76.51.189 port 54570 [preauth]","@timestamp":"2022-09-09T22:11:55.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:13:08 honeypot-ams-1 sshd[4980]: Disconnected from authenticating user root 80.76.51.189 port 58990 [preauth]","@timestamp":"2022-09-09T22:13:09.138Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:14:25 honeypot-ams-1 sshd[4987]: Received disconnect from 80.76.51.189 port 35178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T22:14:26.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:16:20 honeypot-ams-1 sshd[4994]: Received disconnect from 80.76.51.189 port 55924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T22:16:21.225Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:16:24 honeypot-fra-1 sshd[27699]: Invalid user justin from 165.22.45.108 port 59160","@timestamp":"2022-09-09T22:16:25.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:16:48 honeypot-fra-1 sshd[27703]: Received disconnect from 164.92.87.79 port 43178:11: Bye Bye [preauth]","@timestamp":"2022-09-09T22:16:48.477Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:17:01 honeypot-ams-1 CRON[4998]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T22:17:02.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:17:38 honeypot-ams-1 sshd[5001]: Disconnected from authenticating user root 61.177.173.47 port 21814 [preauth]","@timestamp":"2022-09-09T22:17:38.263Z"}
{"@timestamp":"2022-09-09T22:18:39.235Z","@version":"1","message":"Sep  9 22:18:38 honeypot-sgp-1 sshd[1261]: Received disconnect from 92.255.85.70 port 48010:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27718]: Invalid user ansible from 162.19.25.213 port 41968","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27714]: Connection closed by authenticating user root 162.19.25.213 port 41918 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27723]: Connection closed by invalid user guest 162.19.25.213 port 41986 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27718]: Connection closed by invalid user ansible 162.19.25.213 port 41968 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27715]: Invalid user es from 162.19.25.213 port 41930","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27715]: Connection closed by invalid user es 162.19.25.213 port 41930 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27732]: Invalid user ftpuser from 162.19.25.213 port 41962","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27734]: Invalid user admin from 162.19.25.213 port 41992","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:33 honeypot-fra-1 sshd[27735]: Connection closed by invalid user user 162.19.25.213 port 41994 [preauth]","@timestamp":"2022-09-09T22:19:33.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:19:35 honeypot-fra-1 sshd[27769]: Invalid user web from 162.19.25.213 port 41952","@timestamp":"2022-09-09T22:19:36.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:22:58 honeypot-fra-1 kernel: [83636613.638202] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=19518 PROTO=TCP SPT=41928 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T22:22:58.635Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:25:13 honeypot-ams-1 sshd[5011]: Received disconnect from 61.177.173.53 port 32942:11:  [preauth]","@timestamp":"2022-09-09T22:25:13.457Z"}
{"@timestamp":"2022-09-09T22:36:47.657Z","@version":"1","message":"Sep  9 22:36:47 honeypot-sgp-1 sshd[1266]: Received disconnect from 51.250.82.130 port 47526:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:38:58 honeypot-ams-1 sshd[5022]: Invalid user penelope from 47.45.227.119 port 45884","@timestamp":"2022-09-09T22:38:58.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:40:33 honeypot-ams-1 sshd[5026]: Received disconnect from 34.93.196.224 port 55096:11: Bye Bye [preauth]","@timestamp":"2022-09-09T22:40:33.850Z"}
{"@timestamp":"2022-09-09T22:40:53.757Z","@version":"1","message":"Sep  9 22:40:53 honeypot-sgp-1 sshd[1272]: Disconnected from invalid user julien 43.152.204.232 port 45128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:42:42 honeypot-ams-1 sshd[5031]: Disconnected from authenticating user root 159.65.204.223 port 49508 [preauth]","@timestamp":"2022-09-09T22:42:42.908Z"}
{"@timestamp":"2022-09-09T22:43:01.811Z","@version":"1","message":"Sep  9 22:43:01 honeypot-sgp-1 sshd[1279]: Did not receive identification string from 45.61.186.49 port 38436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T22:43:25.823Z","@version":"1","message":"Sep  9 22:43:25 honeypot-sgp-1 sshd[1282]: Received disconnect from 45.61.186.49 port 35532:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T22:43:36.829Z","@version":"1","message":"Sep  9 22:43:35 honeypot-sgp-1 sshd[1286]: Received disconnect from 45.61.186.49 port 47274:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:44:35 honeypot-fra-1 sshd[27777]: Disconnected from authenticating user root 92.255.85.69 port 19554 [preauth]","@timestamp":"2022-09-09T22:44:36.092Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:45:34 honeypot-ams-1 sshd[5037]: Received disconnect from 61.177.173.47 port 48553:11:  [preauth]","@timestamp":"2022-09-09T22:45:34.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:46:01 honeypot-ams-1 sshd[5041]: Disconnected from invalid user lene 144.24.214.117 port 60098 [preauth]","@timestamp":"2022-09-09T22:46:02.000Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 22:51:14 honeypot-ams-1 sshd[5048]: Received disconnect from 61.177.173.37 port 47455:11:  [preauth]","@timestamp":"2022-09-09T22:51:15.138Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 22:54:21 honeypot-fra-1 sshd[27784]: Received disconnect from 143.198.165.162 port 60548:11: Bye Bye [preauth]","@timestamp":"2022-09-09T22:54:22.297Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T22:59:41.211Z","@version":"1","message":"Sep  9 22:59:40 honeypot-sgp-1 kernel: [83640495.437617] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.198.144.118 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=4394 DF PROTO=TCP SPT=51387 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:00:31 honeypot-fra-1 sshd[27789]: Invalid user applvis from 23.224.121.241 port 36150","@timestamp":"2022-09-09T23:00:32.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:01:46 honeypot-ams-1 sshd[5055]: Received disconnect from 61.177.173.52 port 49620:11:  [preauth]","@timestamp":"2022-09-09T23:01:47.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:01 honeypot-ams-1 sshd[5061]: Invalid user ubnt from 92.4.128.152 port 46798","@timestamp":"2022-09-09T23:02:01.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:01 honeypot-ams-1 sshd[5065]: Disconnected from authenticating user root 92.4.128.152 port 46812 [preauth]","@timestamp":"2022-09-09T23:02:02.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:02 honeypot-ams-1 sshd[5071]: Disconnected from authenticating user root 92.4.128.152 port 46848 [preauth]","@timestamp":"2022-09-09T23:02:03.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:03 honeypot-ams-1 sshd[5077]: Disconnected from authenticating user root 92.4.128.152 port 46876 [preauth]","@timestamp":"2022-09-09T23:02:03.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:03 honeypot-ams-1 sshd[5083]: Disconnected from authenticating user root 92.4.128.152 port 46934 [preauth]","@timestamp":"2022-09-09T23:02:04.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:04 honeypot-ams-1 sshd[5089]: Disconnected from authenticating user root 92.4.128.152 port 46980 [preauth]","@timestamp":"2022-09-09T23:02:05.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:05 honeypot-ams-1 sshd[5095]: Disconnected from authenticating user root 92.4.128.152 port 47006 [preauth]","@timestamp":"2022-09-09T23:02:05.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:05 honeypot-ams-1 sshd[5101]: Disconnected from authenticating user root 92.4.128.152 port 47028 [preauth]","@timestamp":"2022-09-09T23:02:06.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:06 honeypot-ams-1 sshd[5107]: Disconnected from authenticating user root 92.4.128.152 port 47046 [preauth]","@timestamp":"2022-09-09T23:02:07.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:07 honeypot-ams-1 sshd[5113]: Disconnected from authenticating user root 92.4.128.152 port 47066 [preauth]","@timestamp":"2022-09-09T23:02:07.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:07 honeypot-ams-1 sshd[5119]: Disconnected from authenticating user root 92.4.128.152 port 47082 [preauth]","@timestamp":"2022-09-09T23:02:08.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:08 honeypot-ams-1 sshd[5125]: Disconnected from authenticating user root 92.4.128.152 port 47102 [preauth]","@timestamp":"2022-09-09T23:02:09.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:09 honeypot-ams-1 sshd[5131]: Invalid user admin from 92.4.128.152 port 47118","@timestamp":"2022-09-09T23:02:09.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:09 honeypot-ams-1 sshd[5135]: Invalid user admin from 92.4.128.152 port 47130","@timestamp":"2022-09-09T23:02:10.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:10 honeypot-ams-1 sshd[5139]: Invalid user admin from 92.4.128.152 port 47140","@timestamp":"2022-09-09T23:02:10.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:10 honeypot-ams-1 sshd[5143]: Invalid user admin from 92.4.128.152 port 47144","@timestamp":"2022-09-09T23:02:11.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:10 honeypot-ams-1 sshd[5147]: Invalid user admin from 92.4.128.152 port 47330","@timestamp":"2022-09-09T23:02:11.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:11 honeypot-ams-1 sshd[5151]: Received disconnect from 92.4.128.152 port 47476:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:02:11.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:11 honeypot-ams-1 sshd[5156]: Disconnected from invalid user pi 92.4.128.152 port 47494 [preauth]","@timestamp":"2022-09-09T23:02:12.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:12 honeypot-ams-1 sshd[5160]: Disconnected from invalid user user 92.4.128.152 port 47510 [preauth]","@timestamp":"2022-09-09T23:02:12.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:12 honeypot-ams-1 sshd[5164]: Disconnected from invalid user mine 92.4.128.152 port 47532 [preauth]","@timestamp":"2022-09-09T23:02:13.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:13 honeypot-ams-1 sshd[5168]: Disconnected from invalid user xbmc 92.4.128.152 port 47548 [preauth]","@timestamp":"2022-09-09T23:02:13.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:13 honeypot-ams-1 sshd[5172]: Disconnected from invalid user oracle 92.4.128.152 port 47562 [preauth]","@timestamp":"2022-09-09T23:02:14.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:14 honeypot-ams-1 sshd[5176]: Disconnected from invalid user postgres 92.4.128.152 port 47592 [preauth]","@timestamp":"2022-09-09T23:02:14.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:15 honeypot-ams-1 sshd[5180]: Disconnected from invalid user support 92.4.128.152 port 47616 [preauth]","@timestamp":"2022-09-09T23:02:15.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:15 honeypot-ams-1 sshd[5184]: Disconnected from invalid user ubuntu 92.4.128.152 port 47648 [preauth]","@timestamp":"2022-09-09T23:02:16.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:16 honeypot-ams-1 sshd[5188]: Disconnected from invalid user ubuntu 92.4.128.152 port 47656 [preauth]","@timestamp":"2022-09-09T23:02:17.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:16 honeypot-ams-1 sshd[5192]: Disconnected from invalid user guest 92.4.128.152 port 47672 [preauth]","@timestamp":"2022-09-09T23:02:17.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:02:17 honeypot-ams-1 sshd[5196]: Disconnected from invalid user cirros 92.4.128.152 port 47682 [preauth]","@timestamp":"2022-09-09T23:02:17.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:06:55 honeypot-fra-1 kernel: [83639250.696577] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.203.57.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37338 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:06:55.597Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:08:12 honeypot-ams-1 sshd[5202]: Disconnected from authenticating user root 193.142.146.50 port 50464 [preauth]","@timestamp":"2022-09-09T23:08:13.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:08:53 honeypot-ams-1 sshd[5210]: Disconnected from authenticating user root 193.142.146.50 port 32852 [preauth]","@timestamp":"2022-09-09T23:08:54.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:09:57 honeypot-ams-1 sshd[5218]: Received disconnect from 193.142.146.50 port 56100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:09:57.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:10:20 honeypot-ams-1 sshd[5222]: Received disconnect from 193.142.146.50 port 56568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:10:21.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:10:44 honeypot-ams-1 sshd[5226]: Disconnected from invalid user user 193.142.146.50 port 56244 [preauth]","@timestamp":"2022-09-09T23:10:45.657Z"}
{"@timestamp":"2022-09-09T23:13:23.534Z","@version":"1","message":"Sep  9 23:13:22 honeypot-sgp-1 kernel: [83641317.769355] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=238 ID=12210 PROTO=TCP SPT=25903 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:17:01 honeypot-ams-1 CRON[5231]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-09T23:17:01.822Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:01 honeypot-fra-1 CRON[27799]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-09T23:17:01.835Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27815]: Connection closed by invalid user ts3 43.140.196.227 port 48252 [preauth]","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27821]: Invalid user admin from 43.140.196.227 port 48274","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27818]: Connection closed by invalid user test 43.140.196.227 port 48276 [preauth]","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:40 honeypot-fra-1 sshd[27809]: Invalid user admin from 43.140.196.227 port 48264","@timestamp":"2022-09-09T23:17:40.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:41 honeypot-fra-1 sshd[27805]: Connection closed by authenticating user root 43.140.196.227 port 48260 [preauth]","@timestamp":"2022-09-09T23:17:41.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:41 honeypot-fra-1 sshd[27808]: Connection closed by invalid user nagios 43.140.196.227 port 48266 [preauth]","@timestamp":"2022-09-09T23:17:41.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27855]: Invalid user cloud from 43.140.196.227 port 48286","@timestamp":"2022-09-09T23:17:43.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27851]: Connection closed by invalid user test 43.140.196.227 port 48314 [preauth]","@timestamp":"2022-09-09T23:17:43.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:43 honeypot-fra-1 sshd[27853]: Invalid user esuser from 43.140.196.227 port 48304","@timestamp":"2022-09-09T23:17:44.855Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:44 honeypot-fra-1 sshd[27848]: Connection closed by invalid user test 43.140.196.227 port 48298 [preauth]","@timestamp":"2022-09-09T23:17:44.855Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:17:46 honeypot-fra-1 sshd[27872]: Connection closed by invalid user momo 43.140.196.227 port 48310 [preauth]","@timestamp":"2022-09-09T23:17:46.856Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:21:11.718Z","@version":"1","message":"Sep  9 23:21:11 honeypot-sgp-1 sshd[1301]: error: maximum authentication attempts exceeded for invalid user admin from 220.150.186.57 port 56845 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:50.736Z","@version":"1","message":"Sep  9 23:21:50 honeypot-sgp-1 sshd[1306]: Disconnected from invalid user user 141.255.162.226 port 55456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:54.738Z","@version":"1","message":"Sep  9 23:21:54 honeypot-sgp-1 sshd[1310]: Disconnected from invalid user user 141.255.162.226 port 52026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:21:57.740Z","@version":"1","message":"Sep  9 23:21:57 honeypot-sgp-1 sshd[1314]: Disconnected from invalid user user 141.255.162.226 port 40334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:22:21 honeypot-fra-1 sshd[27880]: Invalid user ronald from 8.38.172.89 port 49586","@timestamp":"2022-09-09T23:22:21.976Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:25:05 honeypot-fra-1 kernel: [83640340.974815] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=88 TOS=0x00 PREC=0x00 TTL=250 ID=7505 PROTO=TCP SPT=23 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:25:06.039Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-09T23:25:24.821Z","@version":"1","message":"Sep  9 23:25:24 honeypot-sgp-1 sshd[1320]: Received disconnect from 45.61.186.169 port 41156:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:25:41.830Z","@version":"1","message":"Sep  9 23:25:41 honeypot-sgp-1 sshd[1324]: Received disconnect from 45.61.186.169 port 35670:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:25:58.838Z","@version":"1","message":"Sep  9 23:25:58 honeypot-sgp-1 sshd[1328]: Received disconnect from 45.61.186.169 port 58426:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:26:11.844Z","@version":"1","message":"Sep  9 23:26:11 honeypot-sgp-1 sshd[1332]: Disconnecting authenticating user root 114.92.195.10 port 65376: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:26:39.856Z","@version":"1","message":"Sep  9 23:26:39 honeypot-sgp-1 sshd[1339]: Disconnected from invalid user agota 197.255.225.96 port 50812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:28:28 honeypot-ams-1 sshd[5241]: Received disconnect from 61.177.173.51 port 35395:11:  [preauth]","@timestamp":"2022-09-09T23:28:29.119Z"}
{"@timestamp":"2022-09-09T23:28:53.911Z","@version":"1","message":"Sep  9 23:28:53 honeypot-sgp-1 sshd[1345]: Disconnected from authenticating user root 20.122.67.76 port 47452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:32:40 honeypot-ams-1 sshd[5244]: Disconnected from authenticating user root 92.255.85.69 port 41132 [preauth]","@timestamp":"2022-09-09T23:32:40.229Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:32:42 honeypot-fra-1 sshd[27889]: Received disconnect from 159.65.64.70 port 36412:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:32:43.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:35:12.061Z","@version":"1","message":"Sep  9 23:35:12 honeypot-sgp-1 kernel: [83642627.188763] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=37021 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:35:41 honeypot-fra-1 sshd[27894]: Received disconnect from 182.253.79.194 port 33452:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:35:41.280Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:39:27 honeypot-ams-1 sshd[5249]: Received disconnect from 61.177.173.39 port 10216:11:  [preauth]","@timestamp":"2022-09-09T23:39:28.406Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:40:01 honeypot-ams-1 sshd[5254]: Received disconnect from 80.76.51.46 port 48366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:40:02.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:40:17 honeypot-ams-1 sshd[5260]: Invalid user test from 80.76.51.46 port 49302","@timestamp":"2022-09-09T23:40:17.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:40:46 honeypot-fra-1 sshd[27899]: Connection closed by invalid user admin 128.199.168.83 port 58910 [preauth]","@timestamp":"2022-09-09T23:40:47.396Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:40:46 honeypot-ams-1 sshd[5264]: Disconnected from authenticating user root 80.76.51.46 port 51130 [preauth]","@timestamp":"2022-09-09T23:40:47.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:41:31 honeypot-ams-1 sshd[5270]: Received disconnect from 80.76.51.46 port 53700:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:41:31.470Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:42:15 honeypot-ams-1 sshd[5276]: Received disconnect from 80.76.51.46 port 56230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:42:15.493Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:41 honeypot-fra-1 sshd[27906]: Invalid user user from 141.255.162.226 port 45882","@timestamp":"2022-09-09T23:42:41.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:43 honeypot-fra-1 sshd[27910]: Invalid user user from 141.255.162.226 port 54526","@timestamp":"2022-09-09T23:42:44.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:42:44 honeypot-ams-1 sshd[5281]: Invalid user git from 80.76.51.46 port 57992","@timestamp":"2022-09-09T23:42:45.509Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:45 honeypot-fra-1 sshd[27914]: Invalid user user from 141.255.162.226 port 52232","@timestamp":"2022-09-09T23:42:46.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:42:49 honeypot-fra-1 sshd[27918]: Invalid user user from 141.255.162.226 port 41292","@timestamp":"2022-09-09T23:42:49.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:32 honeypot-fra-1 sshd[27922]: Received disconnect from 141.255.162.226 port 48506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:46:33.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:34 honeypot-fra-1 sshd[27926]: Received disconnect from 141.255.162.226 port 56118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:46:34.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:37 honeypot-fra-1 sshd[27930]: Received disconnect from 141.255.162.226 port 50708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:46:38.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:46:40 honeypot-fra-1 sshd[27934]: Received disconnect from 141.255.162.226 port 37684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-09T23:46:40.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep  9 23:51:14 honeypot-ams-1 kernel: [83644061.049576] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=88 TOS=0x00 PREC=0x00 TTL=252 ID=16893 PROTO=TCP SPT=19867 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-09T23:51:14.730Z"}
{"@timestamp":"2022-09-09T23:51:35.451Z","@version":"1","message":"Sep  9 23:51:34 honeypot-sgp-1 sshd[1355]: Disconnected from authenticating user root 92.255.85.69 port 44160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:52:31.476Z","@version":"1","message":"Sep  9 23:52:30 honeypot-sgp-1 sshd[1358]: Disconnected from invalid user user 45.61.187.160 port 35850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:52:52.487Z","@version":"1","message":"Sep  9 23:52:51 honeypot-sgp-1 sshd[1362]: Disconnected from invalid user user 45.61.187.160 port 58852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:53:06 honeypot-ams-1 sshd[5292]: Invalid user user from 188.170.13.225 port 52504","@timestamp":"2022-09-09T23:53:06.782Z"}
{"@timestamp":"2022-09-09T23:53:11.495Z","@version":"1","message":"Sep  9 23:53:10 honeypot-sgp-1 sshd[1366]: Disconnected from invalid user user 45.61.187.160 port 53634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-09T23:53:30.504Z","@version":"1","message":"Sep  9 23:53:30 honeypot-sgp-1 sshd[1370]: Disconnected from invalid user user 45.61.187.160 port 48414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep  9 23:53:33 honeypot-fra-1 sshd[27939]: Received disconnect from 92.255.85.69 port 31172:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:53:33.685Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-09T23:54:52.537Z","@version":"1","message":"Sep  9 23:54:51 honeypot-sgp-1 sshd[1376]: Invalid user admin from 128.199.160.207 port 24446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:55:14 honeypot-ams-1 sshd[5298]: Received disconnect from 177.93.51.98 port 42172:11: Bye Bye [preauth]","@timestamp":"2022-09-09T23:55:14.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep  9 23:57:07 honeypot-ams-1 sshd[5305]: Disconnected from invalid user kochiev 143.244.161.152 port 47480 [preauth]","@timestamp":"2022-09-09T23:57:07.891Z"}
{"@timestamp":"2022-09-09T23:58:01.609Z","@version":"1","message":"Sep  9 23:58:01 honeypot-sgp-1 sshd[1383]: Invalid user chuma from 165.227.87.78 port 40504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:01:21.688Z","@version":"1","message":"Sep 10 00:01:20 honeypot-sgp-1 sshd[1385]: Disconnected from authenticating user root 187.190.40.6 port 55682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:29 honeypot-ams-1 sshd[5310]: Received disconnect from 149.90.249.162 port 44566:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:30.016Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:29 honeypot-ams-1 sshd[5314]: Disconnected from invalid user ubnt 149.90.249.162 port 44588 [preauth]","@timestamp":"2022-09-10T00:01:30.016Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:31 honeypot-ams-1 sshd[5320]: Disconnected from authenticating user root 149.90.249.162 port 19016 [preauth]","@timestamp":"2022-09-10T00:01:32.019Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:32 honeypot-ams-1 sshd[5326]: Disconnected from authenticating user root 149.90.249.162 port 44650 [preauth]","@timestamp":"2022-09-10T00:01:33.020Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:33 honeypot-ams-1 sshd[5332]: Disconnected from authenticating user root 149.90.249.162 port 45030 [preauth]","@timestamp":"2022-09-10T00:01:34.020Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:34 honeypot-ams-1 sshd[5338]: Disconnected from authenticating user root 149.90.249.162 port 45074 [preauth]","@timestamp":"2022-09-10T00:01:35.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:35 honeypot-ams-1 sshd[5344]: Disconnected from authenticating user root 149.90.249.162 port 45118 [preauth]","@timestamp":"2022-09-10T00:01:36.022Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:36 honeypot-ams-1 sshd[5350]: Disconnected from authenticating user root 149.90.249.162 port 45182 [preauth]","@timestamp":"2022-09-10T00:01:37.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:38 honeypot-ams-1 sshd[5356]: Disconnected from authenticating user root 149.90.249.162 port 45208 [preauth]","@timestamp":"2022-09-10T00:01:39.024Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:39 honeypot-ams-1 sshd[5362]: Disconnected from authenticating user root 149.90.249.162 port 45246 [preauth]","@timestamp":"2022-09-10T00:01:40.025Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:40 honeypot-ams-1 sshd[5368]: Disconnected from authenticating user root 149.90.249.162 port 45278 [preauth]","@timestamp":"2022-09-10T00:01:41.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:41 honeypot-ams-1 sshd[5374]: Disconnected from authenticating user root 149.90.249.162 port 45312 [preauth]","@timestamp":"2022-09-10T00:01:42.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:42 honeypot-ams-1 sshd[5380]: Disconnected from authenticating user root 149.90.249.162 port 45340 [preauth]","@timestamp":"2022-09-10T00:01:43.027Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:43 honeypot-ams-1 sshd[5384]: Disconnected from invalid user admin 149.90.249.162 port 45716 [preauth]","@timestamp":"2022-09-10T00:01:44.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:44 honeypot-ams-1 sshd[5388]: Disconnected from invalid user admin 149.90.249.162 port 45738 [preauth]","@timestamp":"2022-09-10T00:01:45.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:45 honeypot-ams-1 sshd[5392]: Disconnected from invalid user admin 149.90.249.162 port 45762 [preauth]","@timestamp":"2022-09-10T00:01:46.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:46 honeypot-ams-1 sshd[5396]: Disconnected from invalid user admin 149.90.249.162 port 45786 [preauth]","@timestamp":"2022-09-10T00:01:47.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:46 honeypot-ams-1 sshd[5400]: Disconnected from invalid user admin 149.90.249.162 port 45844 [preauth]","@timestamp":"2022-09-10T00:01:47.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:48 honeypot-ams-1 sshd[5406]: Received disconnect from 149.90.249.162 port 45874:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:49.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:48 honeypot-ams-1 sshd[5410]: Received disconnect from 149.90.249.162 port 45902:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:49.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:49 honeypot-ams-1 sshd[5414]: Received disconnect from 149.90.249.162 port 45920:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:50.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:50 honeypot-ams-1 sshd[5418]: Received disconnect from 149.90.249.162 port 45946:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:51.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:51 honeypot-ams-1 sshd[5422]: Received disconnect from 149.90.249.162 port 45972:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:52.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:52 honeypot-ams-1 sshd[5426]: Received disconnect from 149.90.249.162 port 45990:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:52.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:52 honeypot-ams-1 sshd[5430]: Received disconnect from 149.90.249.162 port 46004:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:53.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:53 honeypot-ams-1 sshd[5434]: Received disconnect from 149.90.249.162 port 46336:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:01:54.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:54 honeypot-ams-1 sshd[5438]: Invalid user debian from 149.90.249.162 port 46374","@timestamp":"2022-09-10T00:01:55.039Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:01:55 honeypot-ams-1 kernel: [83644701.763298] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.168.35.131 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=33491 DF PROTO=TCP SPT=57561 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-10T00:01:56.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:55 honeypot-ams-1 sshd[5444]: Disconnected from invalid user guest 149.90.249.162 port 46422 [preauth]","@timestamp":"2022-09-10T00:01:56.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:01:56 honeypot-ams-1 sshd[5448]: Disconnected from invalid user cirros 149.90.249.162 port 46490 [preauth]","@timestamp":"2022-09-10T00:01:57.041Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:04:48 honeypot-fra-1 kernel: [83642723.893690] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.59 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54241 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:04:48.935Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:06:00 honeypot-ams-1 sshd[5456]: Received disconnect from 61.177.172.108 port 11942:11:  [preauth]","@timestamp":"2022-09-10T00:06:00.154Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:19 honeypot-fra-1 sshd[27949]: Received disconnect from 198.98.61.9 port 58166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:13:19.145Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:35 honeypot-fra-1 sshd[27953]: Received disconnect from 198.98.61.9 port 52970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:13:36.154Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:13:51 honeypot-fra-1 sshd[27957]: Received disconnect from 198.98.61.9 port 47800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:13:52.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:14:06 honeypot-fra-1 sshd[27961]: Received disconnect from 198.98.61.9 port 42612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:14:07.173Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:16:14.034Z","@version":"1","message":"Sep 10 00:16:13 honeypot-sgp-1 kernel: [83645088.743830] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=18782 PROTO=TCP SPT=42315 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:17:33 honeypot-fra-1 kernel: [83643488.634056] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=33769 PROTO=TCP SPT=17806 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:17:34.254Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:18:13 honeypot-ams-1 kernel: [83645679.893619] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.150.37.58 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=48211 PROTO=TCP SPT=46919 DPT=80 WINDOW=37063 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:18:13.497Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:23:28 honeypot-fra-1 sshd[27970]: Received disconnect from 165.22.45.108 port 51062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:23:29.391Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:24:15 honeypot-ams-1 sshd[5478]: Connection closed by invalid user admin 193.106.191.157 port 47886 [preauth]","@timestamp":"2022-09-10T00:24:16.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:25:46 honeypot-fra-1 sshd[27974]: Received disconnect from 103.174.114.55 port 44532:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:25:46.445Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:33:25.437Z","@version":"1","message":"Sep 10 00:33:24 honeypot-sgp-1 sshd[1402]: Bad protocol version identification 'GET / HTTP/1.1' from 143.198.136.88 port 39416","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:34:29 honeypot-fra-1 sshd[27978]: Received disconnect from 59.148.18.136 port 47280:11: Bye Bye [preauth]","@timestamp":"2022-09-10T00:34:30.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:36:52 honeypot-ams-1 sshd[5486]: Disconnected from authenticating user root 61.177.172.104 port 57834 [preauth]","@timestamp":"2022-09-10T00:36:52.996Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:41:32 honeypot-fra-1 sshd[27983]: Invalid user josh from 70.37.75.157 port 35048","@timestamp":"2022-09-10T00:41:33.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 00:46:31 honeypot-ams-1 kernel: [83647378.415294] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.163.98.246 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=15686 PROTO=TCP SPT=3559 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:46:32.252Z"}
{"@timestamp":"2022-09-10T00:46:33.764Z","@version":"1","message":"Sep 10 00:46:32 honeypot-sgp-1 sshd[1409]: Invalid user  from 185.246.130.20 port 15217","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:47:03.779Z","@version":"1","message":"Sep 10 00:47:03 honeypot-sgp-1 sshd[1415]: Invalid user  from 185.246.130.20 port 31033","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:47:43.798Z","@version":"1","message":"Sep 10 00:47:43 honeypot-sgp-1 sshd[1422]: Invalid user admin from 185.246.130.20 port 36300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:05 honeypot-fra-1 sshd[27989]: Did not receive identification string from 141.255.162.226 port 40810","@timestamp":"2022-09-10T00:48:05.949Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:48:23.817Z","@version":"1","message":"Sep 10 00:48:23 honeypot-sgp-1 sshd[1428]: Invalid user manager from 185.246.130.20 port 29309","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:24 honeypot-fra-1 sshd[27992]: Disconnected from invalid user user 141.255.162.226 port 48638 [preauth]","@timestamp":"2022-09-10T00:48:24.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:28 honeypot-fra-1 sshd[27996]: Disconnected from invalid user user 141.255.162.226 port 37642 [preauth]","@timestamp":"2022-09-10T00:48:28.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:48:30 honeypot-fra-1 sshd[28000]: Disconnected from invalid user user 141.255.162.226 port 46260 [preauth]","@timestamp":"2022-09-10T00:48:30.961Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:48:51.831Z","@version":"1","message":"Sep 10 00:48:51 honeypot-sgp-1 sshd[1435]: Invalid user 1234 from 185.246.130.20 port 7380","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:49:22.846Z","@version":"1","message":"Sep 10 00:49:22 honeypot-sgp-1 sshd[1441]: Invalid user  from 185.246.130.20 port 13554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:50:00.863Z","@version":"1","message":"Sep 10 00:49:59 honeypot-sgp-1 sshd[1450]: Disconnected from authenticating user root 157.245.122.58 port 56496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:50:09 honeypot-fra-1 kernel: [83645444.503510] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.59 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=55844 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T00:50:10.001Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T00:50:21.874Z","@version":"1","message":"Sep 10 00:50:21 honeypot-sgp-1 sshd[1454]: Disconnecting invalid user admin 185.246.130.20 port 3482: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 00:50:23 honeypot-ams-1 sshd[5499]: Received disconnect from 61.177.173.53 port 39296:11:  [preauth]","@timestamp":"2022-09-10T00:50:23.357Z"}
{"@timestamp":"2022-09-10T00:50:44.885Z","@version":"1","message":"Sep 10 00:50:44 honeypot-sgp-1 sshd[1460]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 12471","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:50:59.893Z","@version":"1","message":"Sep 10 00:50:59 honeypot-sgp-1 sshd[1464]: Disconnecting invalid user  185.246.130.20 port 53445: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:05.896Z","@version":"1","message":"Sep 10 00:51:05 honeypot-sgp-1 sshd[1472]: Disconnected from invalid user user 45.61.184.204 port 34292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:21.904Z","@version":"1","message":"Sep 10 00:51:21 honeypot-sgp-1 sshd[1474]: Disconnecting invalid user cisco 185.246.130.20 port 43047: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:33.909Z","@version":"1","message":"Sep 10 00:51:33 honeypot-sgp-1 sshd[1484]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 15415","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:42.914Z","@version":"1","message":"Sep 10 00:51:42 honeypot-sgp-1 sshd[1487]: Received disconnect from 45.61.184.204 port 51606:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:51:51.919Z","@version":"1","message":"Sep 10 00:51:51 honeypot-sgp-1 sshd[1491]: Disconnected from invalid user user 45.61.184.204 port 34766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:52:06.926Z","@version":"1","message":"Sep 10 00:52:06 honeypot-sgp-1 sshd[1493]: Disconnecting invalid user Administrator 185.246.130.20 port 2838: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:52:35.941Z","@version":"1","message":"Sep 10 00:52:35 honeypot-sgp-1 sshd[1502]: Disconnecting invalid user sti.admin5 185.246.130.20 port 6270: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:02.953Z","@version":"1","message":"Sep 10 00:53:02 honeypot-sgp-1 sshd[1508]: Disconnecting invalid user zhone 185.246.130.20 port 50652: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:20.963Z","@version":"1","message":"Sep 10 00:53:20 honeypot-sgp-1 sshd[1514]: Disconnecting authenticating user root 185.246.130.20 port 57372: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:53:39.973Z","@version":"1","message":"Sep 10 00:53:39 honeypot-sgp-1 sshd[1518]: Disconnecting invalid user admin 185.246.130.20 port 23995: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:54:03.985Z","@version":"1","message":"Sep 10 00:54:03 honeypot-sgp-1 sshd[1522]: Invalid user Administrator from 185.246.130.20 port 19306","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:54:42.004Z","@version":"1","message":"Sep 10 00:54:41 honeypot-sgp-1 sshd[1530]: Invalid user admin from 185.246.130.20 port 35128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:54:58.012Z","@version":"1","message":"Sep 10 00:54:57 honeypot-sgp-1 sshd[1532]: Disconnecting invalid user lgnortel 185.246.130.20 port 31763: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 00:55:14 honeypot-fra-1 sshd[28010]: Received disconnect from 165.22.45.108 port 56112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T00:55:14.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T00:55:38.031Z","@version":"1","message":"Sep 10 00:55:37 honeypot-sgp-1 sshd[1540]: Disconnecting invalid user admin 185.246.130.20 port 10106: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:55:58.041Z","@version":"1","message":"Sep 10 00:55:57 honeypot-sgp-1 sshd[1544]: Invalid user admin1234 from 185.246.130.20 port 3635","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:56:28.056Z","@version":"1","message":"Sep 10 00:56:28 honeypot-sgp-1 sshd[1552]: Invalid user admin from 185.246.130.20 port 53257","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:56:47.065Z","@version":"1","message":"Sep 10 00:56:46 honeypot-sgp-1 sshd[1558]: Received disconnect from 157.245.122.58 port 38318:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:57:15.080Z","@version":"1","message":"Sep 10 00:57:14 honeypot-sgp-1 sshd[1562]: Disconnecting authenticating user root 185.246.130.20 port 31105: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:57:49.096Z","@version":"1","message":"Sep 10 00:57:48 honeypot-sgp-1 sshd[1569]: Disconnecting invalid user 0 185.246.130.20 port 5647: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:58:22.114Z","@version":"1","message":"Sep 10 00:58:21 honeypot-sgp-1 sshd[1575]: Disconnecting invalid user admin 185.246.130.20 port 13515: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:58:50.128Z","@version":"1","message":"Sep 10 00:58:49 honeypot-sgp-1 sshd[1582]: Invalid user Broadcom from 185.246.130.20 port 20303","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:59:03.133Z","@version":"1","message":"Sep 10 00:59:02 honeypot-sgp-1 sshd[1584]: Disconnecting invalid user smcadmin 185.246.130.20 port 28140: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T00:59:33.148Z","@version":"1","message":"Sep 10 00:59:32 honeypot-sgp-1 sshd[1592]: Invalid user highspeed from 185.246.130.20 port 44487","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:00:03 honeypot-ams-1 sshd[5505]: Received disconnect from 61.177.173.35 port 16309:11:  [preauth]","@timestamp":"2022-09-10T01:00:03.624Z"}
{"@timestamp":"2022-09-10T01:00:10.166Z","@version":"1","message":"Sep 10 01:00:09 honeypot-sgp-1 sshd[1598]: Invalid user  from 185.246.130.20 port 38311","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:01:03.191Z","@version":"1","message":"Sep 10 01:01:03 honeypot-sgp-1 sshd[1604]: Invalid user public from 185.246.130.20 port 17223","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:01:48 honeypot-fra-1 sshd[28013]: Disconnected from invalid user blank 92.255.85.69 port 55530 [preauth]","@timestamp":"2022-09-10T01:01:49.263Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T01:01:55.216Z","@version":"1","message":"Sep 10 01:01:54 honeypot-sgp-1 sshd[1610]: Disconnecting authenticating user root 185.246.130.20 port 18747: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:02:29.232Z","@version":"1","message":"Sep 10 01:02:28 honeypot-sgp-1 sshd[1616]: Invalid user user from 185.246.130.20 port 58285","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:03:04.248Z","@version":"1","message":"Sep 10 01:03:03 honeypot-sgp-1 sshd[1623]: Invalid user Admin from 185.246.130.20 port 9472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:03:42.267Z","@version":"1","message":"Sep 10 01:03:42 honeypot-sgp-1 sshd[1631]: Did not receive identification string from 141.255.162.226 port 48006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:03:57.275Z","@version":"1","message":"Sep 10 01:03:56 honeypot-sgp-1 sshd[1636]: Invalid user user from 141.255.162.226 port 57582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:00.276Z","@version":"1","message":"Sep 10 01:03:59 honeypot-sgp-1 sshd[1640]: Invalid user user from 141.255.162.226 port 46426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:04.278Z","@version":"1","message":"Sep 10 01:04:04 honeypot-sgp-1 sshd[1632]: Invalid user admin from 185.246.130.20 port 49594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:08.282Z","@version":"1","message":"Sep 10 01:04:07 honeypot-sgp-1 sshd[1632]: Disconnecting invalid user admin 185.246.130.20 port 49594: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:04:43.299Z","@version":"1","message":"Sep 10 01:04:42 honeypot-sgp-1 sshd[1652]: Disconnecting invalid user 1admin0 185.246.130.20 port 25110: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:08:07 honeypot-ams-1 sshd[5510]: Connection closed by 202.154.180.51 port 49697 [preauth]","@timestamp":"2022-09-10T01:08:07.842Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:13:09 honeypot-fra-1 kernel: [83646824.050256] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.96.150 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58578 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:13:09.514Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T01:13:19.499Z","@version":"1","message":"Sep 10 01:13:18 honeypot-sgp-1 sshd[1659]: Invalid user user from 103.188.176.251 port 34790","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:14:10 honeypot-ams-1 sshd[5513]: Disconnected from authenticating user root 61.177.173.36 port 33956 [preauth]","@timestamp":"2022-09-10T01:14:11.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:17:01 honeypot-ams-1 CRON[5519]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T01:17:02.112Z"}
{"@timestamp":"2022-09-10T01:17:07.609Z","@version":"1","message":"Sep 10 01:17:06 honeypot-sgp-1 sshd[1664]: Disconnected from invalid user admin 134.209.99.121 port 54416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:22:16.731Z","@version":"1","message":"Sep 10 01:22:16 honeypot-sgp-1 sshd[1671]: Received disconnect from 92.255.85.69 port 20504:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:23:02 honeypot-fra-1 sshd[28025]: Invalid user admin from 31.52.230.39 port 60647","@timestamp":"2022-09-10T01:23:03.736Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:23:59 honeypot-ams-1 sshd[5530]: Received disconnect from 45.61.186.169 port 33412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:24:00.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:17 honeypot-ams-1 sshd[5534]: Received disconnect from 45.61.186.169 port 56250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:24:18.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:34 honeypot-ams-1 sshd[5538]: Received disconnect from 45.61.186.169 port 50848:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:24:34.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:24:50 honeypot-ams-1 sshd[5542]: Received disconnect from 45.61.186.169 port 45450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:24:50.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:26:48 honeypot-fra-1 sshd[28029]: Invalid user justin from 165.22.45.108 port 32912","@timestamp":"2022-09-10T01:26:48.849Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:27:54 honeypot-ams-1 kernel: [83649861.284280] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.127.205.85 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=17932 DF PROTO=TCP SPT=58583 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-10T01:27:55.467Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28040]: Invalid user oracle from 82.165.53.144 port 39062","@timestamp":"2022-09-10T01:31:38.956Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28045]: Connection closed by invalid user ubuntu 82.165.53.144 port 39116 [preauth]","@timestamp":"2022-09-10T01:31:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28041]: Connection closed by authenticating user root 82.165.53.144 port 39070 [preauth]","@timestamp":"2022-09-10T01:31:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28048]: Invalid user ftpuser from 82.165.53.144 port 39192","@timestamp":"2022-09-10T01:31:39.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:38 honeypot-fra-1 sshd[28036]: Connection closed by authenticating user root 82.165.53.144 port 39086 [preauth]","@timestamp":"2022-09-10T01:31:39.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28055]: Invalid user mysql from 82.165.53.144 port 39178","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28058]: Invalid user demo from 82.165.53.144 port 39258","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:39 honeypot-fra-1 sshd[28060]: Invalid user user from 82.165.53.144 port 39354","@timestamp":"2022-09-10T01:31:39.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:31:41 honeypot-fra-1 kernel: [83647936.939259] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.151 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=54415 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:31:42.960Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T01:31:45.953Z","@version":"1","message":"Sep 10 01:31:45 honeypot-sgp-1 sshd[1675]: Disconnected from authenticating user root 92.27.157.252 port 60157 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:36:16.060Z","@version":"1","message":"Sep 10 01:36:15 honeypot-sgp-1 kernel: [83649890.493392] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.68.252.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=20698 PROTO=TCP SPT=53773 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:36:52 honeypot-ams-1 sshd[5552]: Connection closed by 192.241.208.131 port 36138 [preauth]","@timestamp":"2022-09-10T01:36:52.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:37:55 honeypot-fra-1 kernel: [83648310.772873] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=93 TOS=0x00 PREC=0x00 TTL=250 ID=43554 PROTO=TCP SPT=31893 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:37:56.120Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:53:36 honeypot-fra-1 sshd[7888]: Received disconnect from 143.244.158.100 port 43582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:53:36.799Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:57:50 honeypot-ams-1 sshd[17794]: Disconnected from authenticating user root 61.177.173.39 port 53247 [preauth]","@timestamp":"2022-09-14T02:57:50.801Z"}
{"@timestamp":"2022-09-14T02:58:46.722Z","@version":"1","message":"Sep 14 02:58:46 honeypot-sgp-1 kernel: [84000435.444355] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.104.20.135 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=57088 DF PROTO=TCP SPT=58772 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:59:31 honeypot-fra-1 sshd[7893]: Connection closed by 121.157.23.122 port 33382 [preauth]","@timestamp":"2022-09-14T02:59:31.938Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:00:14.762Z","@version":"1","message":"Sep 14 03:00:14 honeypot-sgp-1 kernel: [84000523.256546] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=228 ID=43499 PROTO=TCP SPT=44403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:04:26 honeypot-fra-1 sshd[7898]: Invalid user admin from 179.60.147.69 port 64640","@timestamp":"2022-09-14T03:04:27.055Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:05:39.897Z","@version":"1","message":"Sep 14 03:05:39 honeypot-sgp-1 sshd[12359]: Disconnected from authenticating user root 61.177.173.39 port 63311 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:06:39 honeypot-ams-1 sshd[17802]: Invalid user admin from 179.60.147.69 port 38620","@timestamp":"2022-09-14T03:06:40.048Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:09:52 honeypot-fra-1 kernel: [83999413.667448] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=55550 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:09:52.178Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:12:25 honeypot-ams-1 kernel: [84001729.080105] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58366 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:12:26.207Z"}
{"@timestamp":"2022-09-14T03:13:41.093Z","@version":"1","message":"Sep 14 03:13:40 honeypot-sgp-1 sshd[12368]: Invalid user user from 45.61.186.49 port 53688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:13:52.098Z","@version":"1","message":"Sep 14 03:13:51 honeypot-sgp-1 sshd[12372]: Invalid user user from 45.61.186.49 port 37054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:30 honeypot-fra-1 sshd[7907]: Invalid user user from 45.61.184.204 port 40684","@timestamp":"2022-09-14T03:14:31.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:39 honeypot-fra-1 sshd[7910]: Disconnected from invalid user user 45.61.184.204 port 52364 [preauth]","@timestamp":"2022-09-14T03:14:40.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:56 honeypot-fra-1 sshd[7914]: Disconnected from invalid user user 45.61.184.204 port 47482 [preauth]","@timestamp":"2022-09-14T03:14:57.300Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:13 honeypot-fra-1 sshd[7918]: Invalid user user from 45.61.184.204 port 42604","@timestamp":"2022-09-14T03:15:13.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:15:38.145Z","@version":"1","message":"Sep 14 03:15:37 honeypot-sgp-1 sshd[12376]: Disconnected from 61.177.173.48 port 25403 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:42 honeypot-fra-1 kernel: [83999764.129812] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=9422 DF PROTO=TCP SPT=17900 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:15:43.323Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:17:01 honeypot-fra-1 CRON[7928]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T03:17:02.355Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:17:16 honeypot-ams-1 sshd[17824]: Received disconnect from 61.177.173.36 port 28326:11:  [preauth]","@timestamp":"2022-09-14T03:17:17.338Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:18:37 honeypot-fra-1 sshd[7935]: Disconnected from authenticating user root 179.43.156.143 port 47284 [preauth]","@timestamp":"2022-09-14T03:18:38.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:19:59 honeypot-fra-1 sshd[7940]: Received disconnect from 179.43.156.143 port 39412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:20:00.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:21:21 honeypot-fra-1 sshd[7944]: Disconnected from authenticating user root 179.43.156.143 port 59940 [preauth]","@timestamp":"2022-09-14T03:21:22.475Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:21:37.293Z","@version":"1","message":"Sep 14 03:21:36 honeypot-sgp-1 sshd[12384]: Received disconnect from 193.8.210.136 port 45544:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:23:22 honeypot-fra-1 sshd[7950]: Received disconnect from 179.43.156.143 port 48104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:23:22.522Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:23:30.342Z","@version":"1","message":"Sep 14 03:23:29 honeypot-sgp-1 sshd[12390]: Invalid user admin from 42.200.66.164 port 45194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:23:48 honeypot-ams-1 kernel: [84002412.230234] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37186 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:23:49.509Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:25:05 honeypot-fra-1 sshd[7958]: Received disconnect from 92.255.85.70 port 46848:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:25:06.563Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:28:34.469Z","@version":"1","message":"Sep 14 03:28:33 honeypot-sgp-1 sshd[12395]: Invalid user ninja from 89.163.178.15 port 36214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:31:56.553Z","@version":"1","message":"Sep 14 03:31:55 honeypot-sgp-1 sshd[12401]: Received disconnect from 14.97.69.254 port 23210:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:32:08 honeypot-fra-1 sshd[7963]: Received disconnect from 80.87.83.58 port 46384:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:32:08.711Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:32:38 honeypot-ams-1 sshd[17839]: Did not receive identification string from 134.209.50.147 port 53424","@timestamp":"2022-09-14T03:32:38.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:33:46 honeypot-ams-1 sshd[17844]: Did not receive identification string from 128.199.96.88 port 61000","@timestamp":"2022-09-14T03:33:46.770Z"}
{"@timestamp":"2022-09-14T03:35:13.635Z","@version":"1","message":"Sep 14 03:35:13 honeypot-sgp-1 sshd[12405]: Disconnected from authenticating user root 61.177.173.36 port 35433 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:36:56 honeypot-fra-1 sshd[7965]: Disconnected from invalid user kundert 165.22.45.108 port 45028 [preauth]","@timestamp":"2022-09-14T03:36:56.823Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:38:00 honeypot-fra-1 kernel: [84001101.704283] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=175.24.180.25 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=14324 DF PROTO=TCP SPT=49856 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T03:38:00.852Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:38:47 honeypot-ams-1 kernel: [84003310.380454] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=46374 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:38:47.904Z"}
{"@timestamp":"2022-09-14T03:40:12.759Z","@version":"1","message":"Sep 14 03:40:12 honeypot-sgp-1 sshd[12412]: Disconnected from authenticating user root 61.177.172.108 port 54845 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:22 honeypot-fra-1 sshd[7973]: Invalid user user from 198.98.61.9 port 56806","@timestamp":"2022-09-14T03:40:22.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:40 honeypot-fra-1 sshd[7977]: Invalid user user from 198.98.61.9 port 51276","@timestamp":"2022-09-14T03:40:40.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:41:01 honeypot-fra-1 sshd[7981]: Invalid user user from 198.98.61.9 port 45796","@timestamp":"2022-09-14T03:41:01.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:41:42 honeypot-fra-1 sshd[7985]: Invalid user centos from 179.60.147.69 port 16158","@timestamp":"2022-09-14T03:41:42.943Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:46:28.919Z","@version":"1","message":"Sep 14 03:46:28 honeypot-sgp-1 kernel: [84003297.841987] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=59384 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:48:04 honeypot-ams-1 kernel: [84003867.944368] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.37.185.75 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=28327 DF PROTO=TCP SPT=42572 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:48:05.143Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:07 honeypot-fra-1 sshd[8012]: Invalid user jf from 115.92.154.46 port 65422","@timestamp":"2022-09-14T03:51:08.172Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:25 honeypot-fra-1 sshd[8016]: Invalid user escort from 60.199.224.55 port 56942","@timestamp":"2022-09-14T03:51:26.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:54:32 honeypot-ams-1 sshd[17861]: Invalid user user from 103.188.176.251 port 34688","@timestamp":"2022-09-14T03:54:33.314Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:58:47 honeypot-fra-1 sshd[8023]: Invalid user user from 103.188.176.251 port 35872","@timestamp":"2022-09-14T03:58:48.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:02:48.319Z","@version":"1","message":"Sep 14 04:02:47 honeypot-sgp-1 sshd[12432]: Connection closed by 79.79.21.253 port 38351 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:04:27 honeypot-ams-1 kernel: [84004850.889781] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=55357 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:04:28.570Z"}
{"@timestamp":"2022-09-14T04:05:34.389Z","@version":"1","message":"Sep 14 04:05:34 honeypot-sgp-1 sshd[12436]: Disconnected from invalid user gaurav 46.151.137.136 port 41524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:08:31 honeypot-fra-1 sshd[8029]: Received disconnect from 43.245.185.66 port 57416:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:08:32.576Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:08:56.475Z","@version":"1","message":"Sep 14 04:08:56 honeypot-sgp-1 sshd[12441]: Received disconnect from 92.255.85.70 port 58684:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:12:26 honeypot-fra-1 sshd[8034]: Received disconnect from 167.99.55.86 port 60482:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:12:27.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:13:56 honeypot-fra-1 sshd[8038]: Invalid user rekha from 178.128.165.94 port 59342","@timestamp":"2022-09-14T04:13:56.703Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:14:35 honeypot-ams-1 sshd[17873]: Disconnected from authenticating user root 92.255.85.69 port 59838 [preauth]","@timestamp":"2022-09-14T04:14:35.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:17:01 honeypot-fra-1 CRON[8043]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T04:17:01.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:21:52 honeypot-fra-1 sshd[8050]: Received disconnect from 40.75.92.48 port 36078:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:21:52.883Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:22:13.799Z","@version":"1","message":"Sep 14 04:22:13 honeypot-sgp-1 sshd[12449]: Connection closed by invalid user user1 103.188.176.251 port 39048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T04:25:30.881Z","@version":"1","message":"Sep 14 04:25:30 honeypot-sgp-1 sshd[12453]: Disconnected from invalid user temp 139.59.26.97 port 33914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:34 honeypot-ams-1 sshd[17881]: Disconnected from authenticating user root 121.25.250.163 port 46056 [preauth]","@timestamp":"2022-09-14T04:25:34.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:39 honeypot-ams-1 sshd[17887]: Received disconnect from 121.25.250.163 port 36620:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:40.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:45 honeypot-ams-1 sshd[17893]: Received disconnect from 121.25.250.163 port 58134:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:46.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:50 honeypot-ams-1 sshd[17899]: Received disconnect from 121.25.250.163 port 49036:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:51.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:58 honeypot-ams-1 sshd[17905]: Received disconnect from 121.25.250.163 port 44356:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:59.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:10 honeypot-ams-1 sshd[17911]: Received disconnect from 121.25.250.163 port 50506:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:10.136Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:19 honeypot-ams-1 sshd[17917]: Received disconnect from 121.25.250.163 port 39970:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:20.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:25 honeypot-ams-1 sshd[17923]: Received disconnect from 121.25.250.163 port 41622:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:26.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:32 honeypot-ams-1 sshd[17929]: Received disconnect from 121.25.250.163 port 50128:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:33.150Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:40 honeypot-ams-1 sshd[17935]: Received disconnect from 121.25.250.163 port 47620:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:41.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:48 honeypot-ams-1 sshd[17941]: Received disconnect from 121.25.250.163 port 56658:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:49.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:56 honeypot-ams-1 sshd[17947]: Received disconnect from 121.25.250.163 port 43944:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:57.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:01 honeypot-ams-1 sshd[17953]: Invalid user admin from 121.25.250.163 port 46386","@timestamp":"2022-09-14T04:27:02.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:05 honeypot-ams-1 sshd[17957]: Invalid user admin from 121.25.250.163 port 46808","@timestamp":"2022-09-14T04:27:06.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:10 honeypot-ams-1 sshd[17961]: Invalid user admin from 121.25.250.163 port 34120","@timestamp":"2022-09-14T04:27:11.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:15 honeypot-ams-1 sshd[17965]: Invalid user admin from 121.25.250.163 port 56008","@timestamp":"2022-09-14T04:27:16.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:20 honeypot-ams-1 sshd[17969]: Invalid user admin from 121.25.250.163 port 33462","@timestamp":"2022-09-14T04:27:21.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:26 honeypot-ams-1 sshd[17973]: Invalid user user from 121.25.250.163 port 57004","@timestamp":"2022-09-14T04:27:27.184Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:34 honeypot-ams-1 sshd[17977]: Disconnected from authenticating user root 121.25.250.163 port 57424 [preauth]","@timestamp":"2022-09-14T04:27:34.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:37 honeypot-ams-1 sshd[17981]: Disconnected from invalid user pi 121.25.250.163 port 41460 [preauth]","@timestamp":"2022-09-14T04:27:38.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:41 honeypot-ams-1 sshd[17985]: Disconnected from invalid user ethos 121.25.250.163 port 41732 [preauth]","@timestamp":"2022-09-14T04:27:41.194Z"}
{"@timestamp":"2022-09-14T04:27:44.938Z","@version":"1","message":"Sep 14 04:27:44 honeypot-sgp-1 sshd[12458]: Disconnected from invalid user cisco2 143.198.75.234 port 40950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:45 honeypot-ams-1 sshd[17989]: Disconnected from invalid user miner 121.25.250.163 port 42432 [preauth]","@timestamp":"2022-09-14T04:27:46.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:51 honeypot-ams-1 sshd[17993]: Disconnected from invalid user volumio 121.25.250.163 port 39002 [preauth]","@timestamp":"2022-09-14T04:27:52.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:58 honeypot-ams-1 sshd[17997]: Disconnected from invalid user nagios 121.25.250.163 port 41100 [preauth]","@timestamp":"2022-09-14T04:27:59.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:05 honeypot-ams-1 sshd[18001]: Disconnected from invalid user vagrant 121.25.250.163 port 36614 [preauth]","@timestamp":"2022-09-14T04:28:06.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:12 honeypot-ams-1 sshd[18005]: Disconnected from invalid user debian 121.25.250.163 port 43634 [preauth]","@timestamp":"2022-09-14T04:28:13.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:16 honeypot-ams-1 sshd[18009]: Disconnected from invalid user debian 121.25.250.163 port 48934 [preauth]","@timestamp":"2022-09-14T04:28:17.217Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:21 honeypot-ams-1 sshd[18013]: Disconnected from invalid user alarm 121.25.250.163 port 37580 [preauth]","@timestamp":"2022-09-14T04:28:21.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:26 honeypot-ams-1 sshd[18017]: Disconnected from invalid user test 121.25.250.163 port 59870 [preauth]","@timestamp":"2022-09-14T04:28:27.225Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:31 honeypot-ams-1 sshd[18021]: Disconnected from invalid user cirros 121.25.250.163 port 50926 [preauth]","@timestamp":"2022-09-14T04:28:32.228Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:35:40 honeypot-fra-1 sshd[8056]: Received disconnect from 92.255.85.70 port 20898:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:35:41.191Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:37:39.185Z","@version":"1","message":"Sep 14 04:37:38 honeypot-sgp-1 kernel: [84006368.042998] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.103 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=236 ID=33115 PROTO=TCP SPT=58444 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:37:50 honeypot-ams-1 sshd[18026]: Received disconnect from 92.255.85.69 port 63544:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:37:51.466Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:44:40 honeypot-ams-1 sshd[18029]: Invalid user admin from 148.153.82.141 port 35586","@timestamp":"2022-09-14T04:44:40.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:44:40 honeypot-ams-1 sshd[18035]: Invalid user admin from 148.153.82.141 port 35610","@timestamp":"2022-09-14T04:44:41.645Z"}
{"@timestamp":"2022-09-14T04:45:39.380Z","@version":"1","message":"Sep 14 04:45:39 honeypot-sgp-1 sshd[12468]: Connection closed by invalid user zhangguoqiang 137.116.144.39 port 49694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T04:46:47.409Z","@version":"1","message":"Sep 14 04:46:47 honeypot-sgp-1 sshd[12472]: Disconnected from invalid user admin 210.245.26.43 port 54194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:47:42 honeypot-fra-1 sshd[8064]: Disconnected from invalid user user 45.61.186.249 port 44448 [preauth]","@timestamp":"2022-09-14T04:47:43.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:01 honeypot-fra-1 sshd[8068]: Disconnected from invalid user user 45.61.186.249 port 39098 [preauth]","@timestamp":"2022-09-14T04:48:02.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:20 honeypot-fra-1 sshd[8072]: Disconnected from invalid user user 45.61.186.249 port 33764 [preauth]","@timestamp":"2022-09-14T04:48:21.478Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:37 honeypot-fra-1 sshd[8077]: Received disconnect from 45.61.186.249 port 56666:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T04:48:37.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:59:28 honeypot-fra-1 sshd[8087]: Received disconnect from 92.255.85.69 port 39528:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:59:28.730Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:06:47 honeypot-ams-1 kernel: [84008590.316849] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.119.242.142 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=24929 PROTO=TCP SPT=65264 DPT=443 WINDOW=51392 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:06:47.200Z"}
{"@timestamp":"2022-09-14T05:07:32.910Z","@version":"1","message":"Sep 14 05:07:32 honeypot-sgp-1 kernel: [84008161.466159] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=1603 DF PROTO=TCP SPT=49671 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:12:21 honeypot-fra-1 sshd[8091]: Invalid user kundert from 165.22.45.108 port 55008","@timestamp":"2022-09-14T05:12:22.019Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:17:01 honeypot-fra-1 CRON[8094]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T05:17:02.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:18:14 honeypot-ams-1 kernel: [84009277.892362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=47754 DF PROTO=TCP SPT=51937 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T05:18:15.496Z"}
{"@timestamp":"2022-09-14T05:20:16.214Z","@version":"1","message":"Sep 14 05:20:15 honeypot-sgp-1 sshd[12483]: Disconnected from authenticating user root 92.255.85.69 port 31448 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:24:44 honeypot-ams-1 sshd[18051]: Connection closed by invalid user pi 164.177.68.149 port 52686 [preauth]","@timestamp":"2022-09-14T05:24:45.664Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:26:40 honeypot-ams-1 kernel: [84009783.345467] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.125.34.196 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=113 ID=17849 DF PROTO=TCP SPT=51901 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:26:40.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:27:42 honeypot-fra-1 sshd[8101]: Received disconnect from 167.172.58.10 port 57206:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:27:43.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T05:30:55.469Z","@version":"1","message":"Sep 14 05:30:55 honeypot-sgp-1 sshd[12487]: Received disconnect from 45.61.184.204 port 50248:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:15.480Z","@version":"1","message":"Sep 14 05:31:15 honeypot-sgp-1 sshd[12491]: Received disconnect from 45.61.184.204 port 45318:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:33.488Z","@version":"1","message":"Sep 14 05:31:32 honeypot-sgp-1 sshd[12495]: Received disconnect from 45.61.184.204 port 40392:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:49.496Z","@version":"1","message":"Sep 14 05:31:49 honeypot-sgp-1 sshd[12499]: Received disconnect from 45.61.184.204 port 35466:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:35:20 honeypot-fra-1 sshd[8104]: Connection closed by invalid user matex 141.98.10.158 port 55038 [preauth]","@timestamp":"2022-09-14T05:35:20.536Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T05:36:26.626Z","@version":"1","message":"Sep 14 05:36:26 honeypot-sgp-1 sshd[12504]: Disconnected from authenticating user root 204.48.30.77 port 58150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:41:19 honeypot-ams-1 sshd[18060]: Received disconnect from 157.52.184.32 port 35910:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:41:20.089Z"}
{"@timestamp":"2022-09-14T05:43:12.791Z","@version":"1","message":"Sep 14 05:43:12 honeypot-sgp-1 sshd[12510]: Invalid user user from 45.61.187.160 port 58814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:29.799Z","@version":"1","message":"Sep 14 05:43:28 honeypot-sgp-1 sshd[12514]: Received disconnect from 92.255.85.69 port 20754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:40.805Z","@version":"1","message":"Sep 14 05:43:40 honeypot-sgp-1 sshd[12518]: Received disconnect from 45.61.187.160 port 36700:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:56.813Z","@version":"1","message":"Sep 14 05:43:56 honeypot-sgp-1 sshd[12522]: Received disconnect from 45.61.187.160 port 59596:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:49:09 honeypot-ams-1 sshd[18063]: Received disconnect from 92.255.85.70 port 57210:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:49:10.305Z"}
{"@timestamp":"2022-09-14T05:51:22.996Z","@version":"1","message":"Sep 14 05:51:22 honeypot-sgp-1 kernel: [84010791.661936] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.92.21.96 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=19585 PROTO=TCP SPT=54678 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:53:30 honeypot-ams-1 sshd[18068]: Disconnected from authenticating user root 104.248.153.95 port 36808 [preauth]","@timestamp":"2022-09-14T05:53:30.417Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:55:26 honeypot-fra-1 sshd[8116]: Received disconnect from 64.227.103.202 port 41840:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:55:27.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:58:47 honeypot-fra-1 sshd[8120]: Disconnected from invalid user student1 94.153.212.78 port 53606 [preauth]","@timestamp":"2022-09-14T05:58:48.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:03:32 honeypot-ams-1 sshd[18074]: Disconnected from authenticating user root 143.244.158.100 port 53054 [preauth]","@timestamp":"2022-09-14T06:03:33.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:04:08 honeypot-fra-1 sshd[8126]: Received disconnect from 148.66.132.190 port 45638:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:04:09.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:06:11 honeypot-ams-1 sshd[18082]: Received disconnect from 143.244.158.100 port 35000:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:06:11.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:06:45 honeypot-fra-1 sshd[8131]: Received disconnect from 45.61.186.249 port 51086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:06:46.264Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:06:59.413Z","@version":"1","message":"Sep 14 06:06:58 honeypot-sgp-1 sshd[12529]: Disconnected from authenticating user root 92.255.85.70 port 56082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:04 honeypot-fra-1 sshd[8233]: Received disconnect from 45.61.186.249 port 45804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:07:05.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:21 honeypot-fra-1 sshd[8237]: Received disconnect from 45.61.186.249 port 40512:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:07:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:39 honeypot-fra-1 sshd[8241]: Received disconnect from 45.61.186.249 port 35224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:07:39.289Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:07:50 honeypot-ams-1 sshd[18089]: Received disconnect from 143.244.158.100 port 41040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:07:50.792Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:10:12 honeypot-ams-1 kernel: [84012396.223533] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.95.144.113 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=63484 PROTO=TCP SPT=42868 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:10:13.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:11:05 honeypot-ams-1 sshd[18153]: Disconnected from 161.35.131.133 port 34144 [preauth]","@timestamp":"2022-09-14T06:11:05.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:12:04 honeypot-fra-1 sshd[8246]: Connection closed by invalid user zhangguoqiang 137.116.144.39 port 50308 [preauth]","@timestamp":"2022-09-14T06:12:05.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:12:43 honeypot-ams-1 sshd[23801]: Disconnected from authenticating user root 143.244.158.100 port 46224 [preauth]","@timestamp":"2022-09-14T06:12:43.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:14:16 honeypot-ams-1 sshd[23808]: Received disconnect from 143.244.158.100 port 45436:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:14:16.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:15:56 honeypot-ams-1 sshd[23812]: Received disconnect from 143.244.158.100 port 38364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:15:57.019Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:16:14 honeypot-fra-1 sshd[8248]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 37096: Connection corrupted [preauth]","@timestamp":"2022-09-14T06:16:15.512Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:17:01.659Z","@version":"1","message":"Sep 14 06:17:01 honeypot-sgp-1 CRON[12533]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:17:40 honeypot-ams-1 sshd[23821]: Received disconnect from 143.244.158.100 port 60894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:17:40.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:20:07 honeypot-ams-1 sshd[23827]: Received disconnect from 143.244.158.100 port 60760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:20:08.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:21:38 honeypot-ams-1 sshd[23831]: Invalid user admin from 2.204.77.74 port 42016","@timestamp":"2022-09-14T06:21:39.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:22:34 honeypot-ams-1 sshd[23836]: Disconnected from authenticating user root 143.244.158.100 port 42274 [preauth]","@timestamp":"2022-09-14T06:22:35.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:25:03 honeypot-fra-1 CRON[8255]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T06:25:03.711Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:25:03 honeypot-ams-1 sshd[23938]: Received disconnect from 143.244.158.100 port 35242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:25:04.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:26:01 honeypot-ams-1 sshd[24019]: Invalid user user1 from 103.188.176.251 port 38382","@timestamp":"2022-09-14T06:26:01.299Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:27:52 honeypot-ams-1 kernel: [84013455.363395] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.214.12.216 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=48 ID=54050 PROTO=TCP SPT=50921 DPT=80 WINDOW=43657 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:27:52.350Z"}
{"@timestamp":"2022-09-14T06:28:50.959Z","@version":"1","message":"Sep 14 06:28:50 honeypot-sgp-1 kernel: [84013040.113789] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.79.108 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=59975 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:29:19 honeypot-ams-1 kernel: [84013543.173285] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=27089 DF PROTO=TCP SPT=56925 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T06:29:20.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:31:02 honeypot-ams-1 sshd[24034]: Received disconnect from 143.244.158.100 port 37262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:31:03.440Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:32:36 honeypot-fra-1 kernel: [84011577.241182] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=50002 PROTO=TCP SPT=54166 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:32:36.884Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:33:33 honeypot-ams-1 sshd[24041]: Received disconnect from 143.244.158.100 port 46862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:33:33.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:35:12 honeypot-ams-1 sshd[24045]: Disconnected from authenticating user root 143.244.158.100 port 39942 [preauth]","@timestamp":"2022-09-14T06:35:12.551Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:36:39 honeypot-ams-1 kernel: [84013982.533021] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=44.208.26.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=13758 PROTO=TCP SPT=6054 DPT=80 WINDOW=22254 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:36:39.593Z"}
{"@timestamp":"2022-09-14T06:37:33.179Z","@version":"1","message":"Sep 14 06:37:32 honeypot-sgp-1 sshd[12690]: Did not receive identification string from 45.61.186.49 port 58288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:37:58.191Z","@version":"1","message":"Sep 14 06:37:57 honeypot-sgp-1 sshd[12693]: Disconnected from invalid user user 45.61.186.49 port 46866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:38:01 honeypot-fra-1 sshd[8396]: Received disconnect from 202.29.13.51 port 44614:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:38:02.007Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:38:27 honeypot-ams-1 sshd[24057]: Disconnected from authenticating user root 143.244.158.100 port 50040 [preauth]","@timestamp":"2022-09-14T06:38:27.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:39:45 honeypot-fra-1 sshd[8398]: Disconnected from invalid user jy 178.62.29.96 port 47832 [preauth]","@timestamp":"2022-09-14T06:39:46.048Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:40:06 honeypot-ams-1 sshd[24064]: Received disconnect from 143.244.158.100 port 35188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:40:06.690Z"}
{"@timestamp":"2022-09-14T06:41:07.270Z","@version":"1","message":"Sep 14 06:41:07 honeypot-sgp-1 sshd[12700]: Invalid user user from 45.61.186.49 port 40120","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:41:17.276Z","@version":"1","message":"Sep 14 06:41:16 honeypot-sgp-1 sshd[12704]: Invalid user user from 45.61.186.49 port 51698","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:41:24.279Z","@version":"1","message":"Sep 14 06:41:24 honeypot-sgp-1 kernel: [84013793.434841] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.106.74 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30812 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:42:37 honeypot-ams-1 sshd[24070]: Received disconnect from 143.244.158.100 port 36056:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:42:37.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:45:03 honeypot-ams-1 sshd[24077]: Received disconnect from 143.244.158.100 port 58336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:45:03.823Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:47:19 honeypot-ams-1 kernel: [84014622.617202] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.79.19 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24119 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:47:19.886Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:50:45 honeypot-ams-1 kernel: [84014829.069517] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.186 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=51224 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:50:45.976Z"}
{"@timestamp":"2022-09-14T06:54:11.600Z","@version":"1","message":"Sep 14 06:54:11 honeypot-sgp-1 sshd[12719]: Disconnected from authenticating user root 134.19.150.174 port 55442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:56:43 honeypot-fra-1 sshd[8406]: Received disconnect from 92.255.85.69 port 31836:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:56:43.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:59:05.723Z","@version":"1","message":"Sep 14 06:59:05 honeypot-sgp-1 kernel: [84014854.883879] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=32383 DF PROTO=TCP SPT=59225 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:59:17.729Z","@version":"1","message":"Sep 14 06:59:17 honeypot-sgp-1 sshd[12823]: Disconnected from invalid user admin 51.83.44.100 port 39440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:59:51 honeypot-fra-1 sshd[8410]: Disconnected from authenticating user root 89.190.84.6 port 40810 [preauth]","@timestamp":"2022-09-14T06:59:52.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:07:46 honeypot-fra-1 sshd[8416]: Disconnected from authenticating user root 203.193.135.44 port 57486 [preauth]","@timestamp":"2022-09-14T07:07:47.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:09:49 honeypot-ams-1 kernel: [84015972.916112] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.61.191.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=58792 PROTO=TCP SPT=22453 DPT=80 WINDOW=44606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:09:50.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:12 honeypot-fra-1 sshd[8421]: Received disconnect from 141.255.162.226 port 41606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:12:12.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:16 honeypot-fra-1 sshd[8426]: Invalid user user from 141.255.162.226 port 54250","@timestamp":"2022-09-14T07:12:16.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:18 honeypot-fra-1 sshd[8429]: Received disconnect from 141.255.162.226 port 44990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:12:18.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:53 honeypot-fra-1 sshd[8434]: Received disconnect from 87.245.17.229 port 45558:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:12:53.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:16:43.157Z","@version":"1","message":"Sep 14 07:16:42 honeypot-sgp-1 sshd[12830]: Did not receive identification string from 45.61.186.49 port 56096","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:17:01 honeypot-fra-1 CRON[8438]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T07:17:01.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:17:07.169Z","@version":"1","message":"Sep 14 07:17:06 honeypot-sgp-1 sshd[12836]: Invalid user user from 45.61.186.49 port 47900","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:15.173Z","@version":"1","message":"Sep 14 07:17:14 honeypot-sgp-1 sshd[12840]: Invalid user user from 45.61.186.49 port 59096","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:18:34 honeypot-fra-1 sshd[8443]: Did not receive identification string from 152.32.249.159 port 40840","@timestamp":"2022-09-14T07:18:34.935Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:19:30 honeypot-ams-1 sshd[24096]: Did not receive identification string from 46.19.141.122 port 59660","@timestamp":"2022-09-14T07:19:30.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:32 honeypot-ams-1 sshd[24102]: Invalid user admin from 46.19.141.122 port 47892","@timestamp":"2022-09-14T07:21:32.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:47 honeypot-ams-1 sshd[24106]: Invalid user user from 198.98.61.9 port 51476","@timestamp":"2022-09-14T07:21:47.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:05 honeypot-ams-1 sshd[24111]: Invalid user user from 198.98.61.9 port 46744","@timestamp":"2022-09-14T07:22:05.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:13 honeypot-ams-1 sshd[24115]: Invalid user user from 198.98.61.9 port 58462","@timestamp":"2022-09-14T07:22:13.789Z"}
{"@timestamp":"2022-09-14T07:22:24.299Z","@version":"1","message":"Sep 14 07:22:23 honeypot-sgp-1 kernel: [84016252.446212] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.138 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=42346 PROTO=TCP SPT=54704 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:30 honeypot-ams-1 sshd[24119]: Invalid user user from 198.98.61.9 port 53738","@timestamp":"2022-09-14T07:22:30.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:38 honeypot-ams-1 sshd[24121]: Disconnected from invalid user user 198.98.61.9 port 37262 [preauth]","@timestamp":"2022-09-14T07:22:38.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:30 honeypot-ams-1 sshd[24127]: Received disconnect from 46.19.141.122 port 34230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:23:30.830Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:23:32 honeypot-fra-1 kernel: [84014633.934335] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.180 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46244 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:23:33.048Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:49 honeypot-ams-1 sshd[24131]: Disconnected from authenticating user root 46.101.47.30 port 48282 [preauth]","@timestamp":"2022-09-14T07:23:49.841Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:27:41 honeypot-ams-1 kernel: [84017044.951646] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46364 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:27:41.940Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:35:35 honeypot-fra-1 sshd[8453]: Invalid user kundert from 165.22.45.108 port 41684","@timestamp":"2022-09-14T07:35:36.313Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:38:25.690Z","@version":"1","message":"Sep 14 07:38:25 honeypot-sgp-1 sshd[12848]: Did not receive identification string from 141.255.162.226 port 59458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:41.697Z","@version":"1","message":"Sep 14 07:38:40 honeypot-sgp-1 sshd[12851]: Disconnected from invalid user user 141.255.162.226 port 52838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:48.702Z","@version":"1","message":"Sep 14 07:38:48 honeypot-sgp-1 sshd[12855]: Disconnected from invalid user user 141.255.162.226 port 56048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:41:39 honeypot-fra-1 sshd[8460]: Invalid user grid from 202.53.1.114 port 45072","@timestamp":"2022-09-14T07:41:40.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:42:43 honeypot-ams-1 kernel: [84017946.262801] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.132.7.111 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=54793 PROTO=TCP SPT=55711 DPT=80 WINDOW=17788 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:42:43.326Z"}
{"@timestamp":"2022-09-14T07:45:04.853Z","@version":"1","message":"Sep 14 07:45:04 honeypot-sgp-1 kernel: [84017613.502084] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=45293 PROTO=TCP SPT=44893 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:47:36 honeypot-ams-1 kernel: [84018239.638296] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34508 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:47:36.453Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:47:42 honeypot-fra-1 sshd[8465]: Received disconnect from 206.189.189.7 port 36378:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:47:42.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:50:07 honeypot-fra-1 sshd[8470]: Invalid user skynet from 144.217.13.134 port 58260","@timestamp":"2022-09-14T07:50:08.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:10 honeypot-ams-1 sshd[24221]: Disconnected from invalid user user 45.61.184.204 port 52324 [preauth]","@timestamp":"2022-09-14T07:53:10.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:31 honeypot-ams-1 sshd[24226]: Disconnected from invalid user user 45.61.184.204 port 48304 [preauth]","@timestamp":"2022-09-14T07:53:31.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:51 honeypot-ams-1 sshd[24230]: Disconnected from invalid user user 45.61.184.204 port 44156 [preauth]","@timestamp":"2022-09-14T07:53:51.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:54:09 honeypot-ams-1 sshd[24234]: Disconnected from invalid user user 45.61.184.204 port 40104 [preauth]","@timestamp":"2022-09-14T07:54:09.628Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:58:11 honeypot-ams-1 kernel: [84018875.155657] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=58763 PROTO=TCP SPT=1952 DPT=80 WINDOW=65377 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:58:12.739Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:03:26 honeypot-fra-1 sshd[8473]: Received disconnect from 103.105.130.83 port 38946:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:03:26.951Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:05:19.343Z","@version":"1","message":"Sep 14 08:05:19 honeypot-sgp-1 sshd[12868]: Received disconnect from 92.255.85.69 port 55036:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:07:36 honeypot-fra-1 sshd[8478]: Received disconnect from 92.255.85.69 port 50998:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:07:37.049Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:09:10 honeypot-ams-1 kernel: [84019533.702684] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.129.97.125 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48955 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:09:11.025Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:14:51 honeypot-ams-1 sshd[24249]: Invalid user user from 45.61.186.49 port 33042","@timestamp":"2022-09-14T08:14:52.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:14:59 honeypot-ams-1 sshd[24253]: Invalid user user from 45.61.186.49 port 44298","@timestamp":"2022-09-14T08:15:00.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:16:47 honeypot-ams-1 sshd[24257]: Invalid user test from 193.106.191.157 port 59730","@timestamp":"2022-09-14T08:16:48.228Z"}
{"@timestamp":"2022-09-14T08:17:01.629Z","@version":"1","message":"Sep 14 08:17:01 honeypot-sgp-1 CRON[12893]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:53 honeypot-ams-1 sshd[24264]: Invalid user user from 141.255.162.226 port 38202","@timestamp":"2022-09-14T08:18:54.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:55 honeypot-ams-1 sshd[24268]: Invalid user user from 141.255.162.226 port 53914","@timestamp":"2022-09-14T08:18:56.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:19:00 honeypot-ams-1 sshd[24272]: Invalid user user from 141.255.162.226 port 41436","@timestamp":"2022-09-14T08:19:00.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:20:35 honeypot-ams-1 sshd[24277]: Did not receive identification string from 45.61.186.169 port 51178","@timestamp":"2022-09-14T08:20:36.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:06 honeypot-ams-1 sshd[24280]: Disconnected from invalid user user 45.61.186.169 port 56258 [preauth]","@timestamp":"2022-09-14T08:21:06.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:22 honeypot-ams-1 sshd[24284]: Disconnected from invalid user user 45.61.186.169 port 50974 [preauth]","@timestamp":"2022-09-14T08:21:23.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:38 honeypot-ams-1 sshd[24288]: Disconnected from invalid user user 45.61.186.169 port 45696 [preauth]","@timestamp":"2022-09-14T08:21:39.369Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:23:19 honeypot-fra-1 sshd[8502]: Disconnected from invalid user kundert 165.22.45.108 port 46616 [preauth]","@timestamp":"2022-09-14T08:23:19.400Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:24:45.818Z","@version":"1","message":"Sep 14 08:24:45 honeypot-sgp-1 sshd[12918]: Received disconnect from 138.68.9.83 port 48554:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:27:44.893Z","@version":"1","message":"Sep 14 08:27:44 honeypot-sgp-1 sshd[12923]: Received disconnect from 125.235.240.165 port 45928:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:28:28.914Z","@version":"1","message":"Sep 14 08:28:28 honeypot-sgp-1 sshd[12927]: Disconnected from invalid user standard 155.0.68.5 port 41466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:31:12 honeypot-fra-1 sshd[8507]: Received disconnect from 92.255.85.69 port 25402:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:31:12.585Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:33:07 honeypot-ams-1 kernel: [84020970.900187] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52684 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:33:08.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:36:16 honeypot-ams-1 sshd[24318]: Received disconnect from 23.95.164.237 port 46978:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:36:16.746Z"}
{"@timestamp":"2022-09-14T08:37:40.146Z","@version":"1","message":"Sep 14 08:37:39 honeypot-sgp-1 kernel: [84020768.212259] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=48150 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:36 honeypot-ams-1 sshd[24323]: Invalid user user from 141.255.162.226 port 53966","@timestamp":"2022-09-14T08:38:36.809Z"}
{"@timestamp":"2022-09-14T08:38:37.173Z","@version":"1","message":"Sep 14 08:38:36 honeypot-sgp-1 sshd[12933]: Received disconnect from 141.255.162.226 port 47534:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:37 honeypot-ams-1 sshd[24327]: Invalid user user from 141.255.162.226 port 49126","@timestamp":"2022-09-14T08:38:38.810Z"}
{"@timestamp":"2022-09-14T08:38:40.175Z","@version":"1","message":"Sep 14 08:38:40 honeypot-sgp-1 sshd[12939]: Received disconnect from 141.255.162.226 port 42676:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:38:42.176Z","@version":"1","message":"Sep 14 08:38:42 honeypot-sgp-1 sshd[12943]: Received disconnect from 141.255.162.226 port 55314:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:41 honeypot-ams-1 sshd[24331]: Invalid user user from 141.255.162.226 port 36494","@timestamp":"2022-09-14T08:38:42.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:41:22 honeypot-fra-1 kernel: [84019303.073671] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=53295 PROTO=TCP SPT=11738 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:41:22.837Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:47:20 honeypot-ams-1 sshd[24336]: Bad protocol version identification '\\003' from 92.255.85.183 port 63982","@timestamp":"2022-09-14T08:47:21.035Z"}
{"@timestamp":"2022-09-14T08:49:13.441Z","@version":"1","message":"Sep 14 08:49:13 honeypot-sgp-1 kernel: [84021462.227288] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60624 PROTO=TCP SPT=39260 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:52:13.519Z","@version":"1","message":"Sep 14 08:52:12 honeypot-sgp-1 sshd[12954]: Disconnected from authenticating user root 92.255.85.70 port 40246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:55:18 honeypot-fra-1 kernel: [84020139.416210] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=14276 PROTO=TCP SPT=43020 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:55:19.150Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:57:04 honeypot-ams-1 sshd[24341]: Disconnected from authenticating user root 92.255.85.70 port 27286 [preauth]","@timestamp":"2022-09-14T08:57:05.287Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:10:36 honeypot-fra-1 kernel: [84021057.737507] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40770 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:10:37.496Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T09:11:01.992Z","@version":"1","message":"Sep 14 09:11:01 honeypot-sgp-1 sshd[12959]: Disconnected from invalid user admin 222.122.82.135 port 37561 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:13:19 honeypot-ams-1 kernel: [84023382.330796] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.63 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55260 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:13:19.698Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:17:01 honeypot-fra-1 CRON[8527]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T09:17:01.642Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:17:02.144Z","@version":"1","message":"Sep 14 09:17:01 honeypot-sgp-1 CRON[12966]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:22:33 honeypot-ams-1 kernel: [84023936.161901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.49.20.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40400 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:22:33.939Z"}
{"@timestamp":"2022-09-14T09:23:32.309Z","@version":"1","message":"Sep 14 09:23:32 honeypot-sgp-1 sshd[12970]: Invalid user user1 from 103.188.176.251 port 50638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:25:57 honeypot-ams-1 sshd[24356]: Received disconnect from 159.65.65.135 port 35078:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:25:58.029Z"}
{"@timestamp":"2022-09-14T09:27:00.402Z","@version":"1","message":"Sep 14 09:27:00 honeypot-sgp-1 kernel: [84023729.189422] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.67.229.64 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55321 DF PROTO=TCP SPT=50274 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:27:28 honeypot-fra-1 kernel: [84022069.579782] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.162.207.84 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=18441 PROTO=TCP SPT=30542 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:27:28.881Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T09:29:23.461Z","@version":"1","message":"Sep 14 09:29:22 honeypot-sgp-1 sshd[12979]: Connection closed by invalid user admin 178.128.125.205 port 46948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:29:58 honeypot-ams-1 kernel: [84024382.077899] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=54170 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:29:59.136Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:30:53 honeypot-ams-1 sshd[24366]: Disconnected from authenticating user root 80.76.51.189 port 39192 [preauth]","@timestamp":"2022-09-14T09:30:54.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:32:10 honeypot-ams-1 sshd[24372]: Received disconnect from 80.76.51.189 port 48908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:32:11.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:33:33 honeypot-ams-1 sshd[24378]: Received disconnect from 80.76.51.189 port 58638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:33:33.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:34:29 honeypot-ams-1 sshd[24383]: Received disconnect from 80.76.51.189 port 36894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:34:30.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:35:25 honeypot-ams-1 sshd[24387]: Received disconnect from 80.76.51.189 port 43380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:35:25.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:36:20 honeypot-ams-1 sshd[24391]: Received disconnect from 80.76.51.189 port 49870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:36:21.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:37:16 honeypot-ams-1 sshd[24395]: Received disconnect from 80.76.51.189 port 56360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:37:17.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:38:42 honeypot-ams-1 sshd[24401]: Invalid user oracle from 80.76.51.189 port 37866","@timestamp":"2022-09-14T09:38:43.384Z"}
{"@timestamp":"2022-09-14T09:39:17.707Z","@version":"1","message":"Sep 14 09:39:16 honeypot-sgp-1 sshd[12986]: Disconnected from authenticating user root 92.255.85.69 port 45798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:39:41 honeypot-ams-1 sshd[24406]: Received disconnect from 80.76.51.189 port 44348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:39:42.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:40:43 honeypot-ams-1 sshd[24410]: Disconnected from invalid user odoo 80.76.51.189 port 50836 [preauth]","@timestamp":"2022-09-14T09:40:43.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:41:55 honeypot-fra-1 sshd[8540]: Received disconnect from 92.255.85.70 port 28760:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:41:56.203Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:41:59 honeypot-ams-1 kernel: [84025102.922532] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.59 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=54248 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:42:00.477Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:43:58 honeypot-fra-1 sshd[8544]: Received disconnect from 211.200.178.178 port 54248:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:43:59.253Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:44:54.850Z","@version":"1","message":"Sep 14 09:44:54 honeypot-sgp-1 sshd[12991]: Disconnected from invalid user osm 159.89.29.240 port 39126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:47:24 honeypot-ams-1 kernel: [84025427.837335] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:47:25.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:51:00 honeypot-fra-1 sshd[8551]: Received disconnect from 218.92.0.208 port 58090:11:  [preauth]","@timestamp":"2022-09-14T09:51:00.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:53:57 honeypot-fra-1 sshd[8555]: Disconnected from invalid user damien 161.35.102.143 port 53314 [preauth]","@timestamp":"2022-09-14T09:53:58.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:54:01 honeypot-ams-1 sshd[24423]: Received disconnect from 49.88.112.65 port 60751:11:  [preauth]","@timestamp":"2022-09-14T09:54:01.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:01:08 honeypot-fra-1 sshd[8564]: error: maximum authentication attempts exceeded for root from 124.79.243.92 port 50317 ssh2 [preauth]","@timestamp":"2022-09-14T10:01:08.695Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:01:23 honeypot-fra-1 sshd[8569]: Disconnected from authenticating user root 179.43.145.74 port 57826 [preauth]","@timestamp":"2022-09-14T10:01:24.704Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:02:07.279Z","@version":"1","message":"Sep 14 10:02:07 honeypot-sgp-1 sshd[12997]: Received disconnect from 198.12.85.199 port 53004:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:02:57.302Z","@version":"1","message":"Sep 14 10:02:57 honeypot-sgp-1 sshd[13001]: Disconnected from invalid user prueba 189.50.97.12 port 20374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:03:21 honeypot-fra-1 sshd[8575]: Disconnected from authenticating user root 179.43.145.74 port 36310 [preauth]","@timestamp":"2022-09-14T10:03:22.749Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:08:02 honeypot-ams-1 sshd[24430]: Received disconnect from 92.255.85.70 port 24652:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:08:02.154Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:10:30 honeypot-fra-1 sshd[8580]: Disconnected from invalid user gogs 24.194.231.208 port 38776 [preauth]","@timestamp":"2022-09-14T10:10:30.910Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:12:11.540Z","@version":"1","message":"Sep 14 10:12:10 honeypot-sgp-1 sshd[13004]: Received disconnect from 61.177.173.50 port 23256:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:13:58 honeypot-ams-1 kernel: [84027021.128518] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.4.121 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=35404 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:13:58.310Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:16:38 honeypot-fra-1 sshd[8587]: Received disconnect from 61.177.172.104 port 62278:11:  [preauth]","@timestamp":"2022-09-14T10:16:39.054Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:16:50.659Z","@version":"1","message":"Sep 14 10:16:50 honeypot-sgp-1 sshd[13013]: Received disconnect from 61.177.172.108 port 39998:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:18:45.713Z","@version":"1","message":"Sep 14 10:18:45 honeypot-sgp-1 kernel: [84026833.998311] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=39524 DF PROTO=TCP SPT=53699 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:23:38 honeypot-fra-1 sshd[8597]: Invalid user user from 134.209.233.126 port 49634","@timestamp":"2022-09-14T10:23:39.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:24:52 honeypot-fra-1 sshd[8601]: Disconnected from authenticating user root 61.177.173.36 port 62588 [preauth]","@timestamp":"2022-09-14T10:24:53.246Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:25:49.896Z","@version":"1","message":"Sep 14 10:25:49 honeypot-sgp-1 sshd[13025]: Disconnected from authenticating user root 92.255.85.70 port 41020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:26:45 honeypot-ams-1 kernel: [84027788.417001] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=10228 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:26:45.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:28:50 honeypot-fra-1 sshd[8610]: Received disconnect from 92.255.85.69 port 46140:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:28:51.341Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:30:34.025Z","@version":"1","message":"Sep 14 10:30:33 honeypot-sgp-1 kernel: [84027542.366176] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=11017 PROTO=TCP SPT=51420 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:32:43 honeypot-ams-1 kernel: [84028146.507767] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34089 PROTO=TCP SPT=24224 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:32:43.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:35:49 honeypot-fra-1 sshd[8613]: Received disconnect from 61.177.173.51 port 49064:11:  [preauth]","@timestamp":"2022-09-14T10:35:50.497Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:39:42 honeypot-ams-1 sshd[24444]: Disconnected from invalid user vu 206.189.233.82 port 57092 [preauth]","@timestamp":"2022-09-14T10:39:42.997Z"}
{"@timestamp":"2022-09-14T10:39:46.281Z","@version":"1","message":"Sep 14 10:39:45 honeypot-sgp-1 sshd[13039]: Received disconnect from 148.153.110.76 port 38896:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:47:19 honeypot-ams-1 kernel: [84029022.458510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.4.89 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54168 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:47:20.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:47:50 honeypot-fra-1 sshd[8619]: Invalid user kvm from 165.22.45.108 port 33216","@timestamp":"2022-09-14T10:47:50.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:07 honeypot-ams-1 sshd[24453]: Invalid user ubnt from 171.110.164.56 port 50048","@timestamp":"2022-09-14T10:49:08.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:12 honeypot-ams-1 sshd[24457]: Disconnected from authenticating user root 171.110.164.56 port 50078 [preauth]","@timestamp":"2022-09-14T10:49:12.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:17 honeypot-ams-1 sshd[24463]: Disconnected from authenticating user root 171.110.164.56 port 52116 [preauth]","@timestamp":"2022-09-14T10:49:18.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:23 honeypot-ams-1 sshd[24469]: Disconnected from authenticating user root 171.110.164.56 port 52148 [preauth]","@timestamp":"2022-09-14T10:49:24.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:29 honeypot-ams-1 sshd[24475]: Disconnected from authenticating user root 171.110.164.56 port 56160 [preauth]","@timestamp":"2022-09-14T10:49:30.263Z"}
{"@timestamp":"2022-09-14T10:49:30.530Z","@version":"1","message":"Sep 14 10:49:30 honeypot-sgp-1 sshd[13047]: Disconnected from authenticating user root 92.255.85.69 port 34902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:35 honeypot-ams-1 sshd[24481]: Disconnected from authenticating user root 171.110.164.56 port 56172 [preauth]","@timestamp":"2022-09-14T10:49:36.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:41 honeypot-ams-1 sshd[24487]: Disconnected from authenticating user root 171.110.164.56 port 59726 [preauth]","@timestamp":"2022-09-14T10:49:42.270Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:47 honeypot-ams-1 sshd[24493]: Disconnected from authenticating user root 171.110.164.56 port 57770 [preauth]","@timestamp":"2022-09-14T10:49:48.274Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:53 honeypot-ams-1 sshd[24499]: Disconnected from authenticating user root 171.110.164.56 port 57802 [preauth]","@timestamp":"2022-09-14T10:49:54.278Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:00 honeypot-ams-1 sshd[24505]: Disconnected from authenticating user root 171.110.164.56 port 43866 [preauth]","@timestamp":"2022-09-14T10:50:01.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:06 honeypot-ams-1 sshd[24511]: Disconnected from authenticating user root 171.110.164.56 port 43886 [preauth]","@timestamp":"2022-09-14T10:50:07.287Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:12 honeypot-ams-1 sshd[24517]: Disconnected from authenticating user root 171.110.164.56 port 34196 [preauth]","@timestamp":"2022-09-14T10:50:13.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:18 honeypot-ams-1 sshd[24523]: Invalid user admin from 171.110.164.56 port 39450","@timestamp":"2022-09-14T10:50:19.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:22 honeypot-ams-1 sshd[24527]: Invalid user admin from 171.110.164.56 port 39476","@timestamp":"2022-09-14T10:50:23.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:26 honeypot-ams-1 sshd[24531]: Invalid user admin from 171.110.164.56 port 39492","@timestamp":"2022-09-14T10:50:27.300Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:30 honeypot-ams-1 sshd[24535]: Invalid user admin from 171.110.164.56 port 37644","@timestamp":"2022-09-14T10:50:31.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:34 honeypot-ams-1 sshd[24539]: Invalid user admin from 171.110.164.56 port 37654","@timestamp":"2022-09-14T10:50:35.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:38 honeypot-ams-1 sshd[24543]: Received disconnect from 171.110.164.56 port 60834:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:39.307Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:42 honeypot-ams-1 sshd[24547]: Disconnected from invalid user pi 171.110.164.56 port 60848 [preauth]","@timestamp":"2022-09-14T10:50:43.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:46 honeypot-ams-1 sshd[24551]: Disconnected from invalid user user 171.110.164.56 port 60880 [preauth]","@timestamp":"2022-09-14T10:50:47.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:51 honeypot-ams-1 sshd[24555]: Disconnected from invalid user mine 171.110.164.56 port 49906 [preauth]","@timestamp":"2022-09-14T10:50:52.315Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:55 honeypot-ams-1 sshd[24559]: Disconnected from invalid user xbmc 171.110.164.56 port 49926 [preauth]","@timestamp":"2022-09-14T10:50:55.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:59 honeypot-ams-1 sshd[24563]: Disconnected from invalid user oracle 171.110.164.56 port 58928 [preauth]","@timestamp":"2022-09-14T10:50:59.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:03 honeypot-ams-1 sshd[24567]: Disconnected from invalid user postgres 171.110.164.56 port 58944 [preauth]","@timestamp":"2022-09-14T10:51:03.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:07 honeypot-ams-1 sshd[24571]: Disconnected from invalid user support 171.110.164.56 port 58958 [preauth]","@timestamp":"2022-09-14T10:51:07.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:11 honeypot-ams-1 sshd[24575]: Disconnected from invalid user ubuntu 171.110.164.56 port 51524 [preauth]","@timestamp":"2022-09-14T10:51:11.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:15 honeypot-ams-1 sshd[24579]: Disconnected from invalid user ubuntu 171.110.164.56 port 51536 [preauth]","@timestamp":"2022-09-14T10:51:15.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:19 honeypot-ams-1 sshd[24583]: Received disconnect from 171.110.164.56 port 53692:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:19.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:23 honeypot-ams-1 sshd[24587]: Received disconnect from 171.110.164.56 port 53710:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:23.334Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:52:08 honeypot-fra-1 kernel: [84027149.220387] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.92.9.58 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57239 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:52:08.892Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:54:41 honeypot-ams-1 sshd[24592]: Received disconnect from 92.255.85.70 port 60656:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:54:41.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:57:59 honeypot-ams-1 sshd[24596]: Received disconnect from 183.144.121.209 port 48488:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:00.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:03 honeypot-ams-1 sshd[24600]: Disconnected from authenticating user root 183.144.121.209 port 48724 [preauth]","@timestamp":"2022-09-14T10:58:04.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:09 honeypot-ams-1 sshd[24606]: Disconnected from authenticating user root 183.144.121.209 port 49062 [preauth]","@timestamp":"2022-09-14T10:58:10.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:15 honeypot-ams-1 sshd[24612]: Disconnected from authenticating user root 183.144.121.209 port 49396 [preauth]","@timestamp":"2022-09-14T10:58:15.515Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:21 honeypot-ams-1 sshd[24618]: Disconnected from authenticating user root 183.144.121.209 port 49752 [preauth]","@timestamp":"2022-09-14T10:58:21.519Z"}
{"@timestamp":"2022-09-14T10:58:24.773Z","@version":"1","message":"Sep 14 10:58:24 honeypot-sgp-1 sshd[13053]: Invalid user user from 45.61.184.204 port 36774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:26 honeypot-ams-1 sshd[24624]: Disconnected from authenticating user root 183.144.121.209 port 50054 [preauth]","@timestamp":"2022-09-14T10:58:27.522Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:32 honeypot-ams-1 sshd[24630]: Disconnected from authenticating user root 183.144.121.209 port 50376 [preauth]","@timestamp":"2022-09-14T10:58:33.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:38 honeypot-ams-1 sshd[24636]: Disconnected from authenticating user root 183.144.121.209 port 50674 [preauth]","@timestamp":"2022-09-14T10:58:38.529Z"}
{"@timestamp":"2022-09-14T10:58:43.783Z","@version":"1","message":"Sep 14 10:58:43 honeypot-sgp-1 sshd[13057]: Invalid user user from 45.61.184.204 port 59998","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:44 honeypot-ams-1 sshd[24643]: Received disconnect from 183.144.121.209 port 51008:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:44.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:48 honeypot-ams-1 sshd[24649]: Disconnected from authenticating user root 183.144.121.209 port 51218 [preauth]","@timestamp":"2022-09-14T10:58:48.534Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:53 honeypot-ams-1 sshd[24655]: Disconnected from authenticating user root 183.144.121.209 port 51546 [preauth]","@timestamp":"2022-09-14T10:58:54.538Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:59 honeypot-ams-1 sshd[24661]: Disconnected from authenticating user root 183.144.121.209 port 51852 [preauth]","@timestamp":"2022-09-14T10:58:59.541Z"}
{"@timestamp":"2022-09-14T10:59:03.793Z","@version":"1","message":"Sep 14 10:59:03 honeypot-sgp-1 sshd[13061]: Invalid user user from 45.61.184.204 port 54994","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:05 honeypot-ams-1 sshd[24667]: Disconnected from authenticating user root 183.144.121.209 port 52180 [preauth]","@timestamp":"2022-09-14T10:59:05.546Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:06 honeypot-fra-1 sshd[8629]: Invalid user user from 141.255.162.226 port 53946","@timestamp":"2022-09-14T10:59:07.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:08 honeypot-fra-1 sshd[8633]: Invalid user user from 141.255.162.226 port 39138","@timestamp":"2022-09-14T10:59:09.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:08 honeypot-ams-1 sshd[24671]: Disconnected from invalid user admin 183.144.121.209 port 52390 [preauth]","@timestamp":"2022-09-14T10:59:09.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:12 honeypot-fra-1 sshd[8637]: Invalid user user from 141.255.162.226 port 45844","@timestamp":"2022-09-14T10:59:13.058Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:12 honeypot-ams-1 sshd[24675]: Disconnected from invalid user admin 183.144.121.209 port 52604 [preauth]","@timestamp":"2022-09-14T10:59:13.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:15 honeypot-fra-1 sshd[8641]: Invalid user user from 141.255.162.226 port 37746","@timestamp":"2022-09-14T10:59:16.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:16 honeypot-ams-1 sshd[24679]: Disconnected from invalid user admin 183.144.121.209 port 52812 [preauth]","@timestamp":"2022-09-14T10:59:17.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:20 honeypot-ams-1 sshd[24683]: Disconnected from invalid user admin 183.144.121.209 port 53022 [preauth]","@timestamp":"2022-09-14T10:59:20.556Z"}
{"@timestamp":"2022-09-14T10:59:20.801Z","@version":"1","message":"Sep 14 10:59:20 honeypot-sgp-1 sshd[13065]: Invalid user user from 45.61.184.204 port 49990","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:24 honeypot-ams-1 sshd[24687]: Disconnected from invalid user admin 183.144.121.209 port 53226 [preauth]","@timestamp":"2022-09-14T10:59:24.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:30 honeypot-ams-1 sshd[24693]: Received disconnect from 183.144.121.209 port 53536:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:30.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:34 honeypot-ams-1 sshd[24697]: Received disconnect from 183.144.121.209 port 53746:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:34.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:37 honeypot-ams-1 sshd[24701]: Received disconnect from 183.144.121.209 port 53936:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:38.567Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:41 honeypot-ams-1 sshd[24705]: Received disconnect from 183.144.121.209 port 54152:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:42.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:45 honeypot-ams-1 sshd[24710]: Received disconnect from 183.144.121.209 port 54332:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:46.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:49 honeypot-ams-1 sshd[24714]: Received disconnect from 183.144.121.209 port 54532:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:49.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:53 honeypot-ams-1 sshd[24718]: Received disconnect from 183.144.121.209 port 54752:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:53.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:56 honeypot-ams-1 sshd[24722]: Received disconnect from 183.144.121.209 port 54948:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:57.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:00 honeypot-ams-1 sshd[24726]: Received disconnect from 183.144.121.209 port 55166:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:00:01.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:04 honeypot-ams-1 sshd[24730]: Received disconnect from 183.144.121.209 port 55356:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:00:05.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:08 honeypot-ams-1 sshd[24734]: Received disconnect from 183.144.121.209 port 55550:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:00:08.588Z"}
{"@timestamp":"2022-09-14T11:00:08.824Z","@version":"1","message":"Sep 14 11:00:07 honeypot-sgp-1 sshd[13073]: Invalid user user from 45.61.186.249 port 53484","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:12 honeypot-ams-1 sshd[24738]: Received disconnect from 183.144.121.209 port 55750:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:00:12.590Z"}
{"@timestamp":"2022-09-14T11:00:26.833Z","@version":"1","message":"Sep 14 11:00:26 honeypot-sgp-1 sshd[13077]: Invalid user user from 45.61.186.249 port 48418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:45.842Z","@version":"1","message":"Sep 14 11:00:45 honeypot-sgp-1 sshd[13081]: Invalid user user from 45.61.186.249 port 43368","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:01:02.851Z","@version":"1","message":"Sep 14 11:01:02 honeypot-sgp-1 sshd[13085]: Invalid user user from 45.61.186.249 port 38318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:01:34 honeypot-fra-1 sshd[8650]: Disconnected from authenticating user root 188.166.23.215 port 46494 [preauth]","@timestamp":"2022-09-14T11:01:35.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:04:41.943Z","@version":"1","message":"Sep 14 11:04:41 honeypot-sgp-1 kernel: [84029590.554524] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=49962 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8658]: Invalid user odoo from 34.71.244.4 port 41198","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8670]: Connection closed by invalid user www 34.71.244.4 port 41372 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8686]: Invalid user devops from 34.71.244.4 port 41430","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8663]: Invalid user oracle from 34.71.244.4 port 41180","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8660]: Connection closed by invalid user steam 34.71.244.4 port 41284 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8688]: Connection closed by invalid user oracle 34.71.244.4 port 41486 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8675]: Connection closed by invalid user elasticsearch 34.71.244.4 port 41374 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8684]: Connection closed by invalid user user 34.71.244.4 port 41426 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8657]: Connection closed by invalid user www 34.71.244.4 port 41168 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8735]: Invalid user test from 197.5.145.54 port 55373","@timestamp":"2022-09-14T11:11:10.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8729]: Connection closed by authenticating user root 197.5.145.54 port 55380 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8739]: Connection closed by invalid user ftpuser 197.5.145.54 port 55382 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:50 honeypot-fra-1 kernel: [84028330.742856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=15244 DF PROTO=TCP SPT=48462 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:11:50.359Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T11:13:02.146Z","@version":"1","message":"Sep 14 11:13:01 honeypot-sgp-1 sshd[13097]: Disconnected from invalid user user 45.61.186.249 port 42734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:21.155Z","@version":"1","message":"Sep 14 11:13:20 honeypot-sgp-1 sshd[13101]: Disconnected from invalid user user 45.61.186.249 port 37942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:38.164Z","@version":"1","message":"Sep 14 11:13:37 honeypot-sgp-1 sshd[13105]: Disconnected from invalid user user 45.61.186.249 port 33140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:55.179Z","@version":"1","message":"Sep 14 11:13:54 honeypot-sgp-1 sshd[13109]: Received disconnect from 45.61.186.249 port 56586:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:15:33 honeypot-fra-1 sshd[8757]: Received disconnect from 61.177.172.19 port 50995:11:  [preauth]","@timestamp":"2022-09-14T11:15:33.453Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:16:55 honeypot-ams-1 sshd[24744]: Received disconnect from 114.247.103.218 port 15405:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:16:56.015Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:27 honeypot-ams-1 sshd[24750]: Disconnected from authenticating user root 74.94.234.151 port 47908 [preauth]","@timestamp":"2022-09-14T11:17:28.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:46 honeypot-ams-1 sshd[24754]: Disconnected from invalid user user 141.255.162.226 port 44496 [preauth]","@timestamp":"2022-09-14T11:17:47.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:48 honeypot-ams-1 sshd[24758]: Disconnected from invalid user user 141.255.162.226 port 58960 [preauth]","@timestamp":"2022-09-14T11:17:49.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:50 honeypot-ams-1 sshd[24762]: Received disconnect from 141.255.162.226 port 37954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T11:17:51.043Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:02 honeypot-fra-1 sshd[8767]: Did not receive identification string from 175.24.188.217 port 33110","@timestamp":"2022-09-14T11:19:02.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8775]: Invalid user appuser from 175.24.188.217 port 34458","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8787]: Invalid user postgres from 175.24.188.217 port 34486","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8791]: Invalid user steam from 175.24.188.217 port 34468","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8773]: Connection closed by authenticating user root 175.24.188.217 port 34440 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8768]: Connection closed by invalid user guest 175.24.188.217 port 34436 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8781]: Connection closed by invalid user ubuntu 175.24.188.217 port 34438 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8788]: Connection closed by invalid user admin 175.24.188.217 port 34462 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:35 honeypot-fra-1 kernel: [84028795.978887] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.178.86.77 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=12045 PROTO=TCP SPT=54257 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:19:35.554Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:22:49 honeypot-ams-1 kernel: [84031152.690525] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.181 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54633 PROTO=TCP SPT=50096 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:22:50.172Z"}
{"@timestamp":"2022-09-14T11:23:51.421Z","@version":"1","message":"Sep 14 11:23:51 honeypot-sgp-1 kernel: [84030739.886277] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=47175 DF PROTO=TCP SPT=54534 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:26:32 honeypot-fra-1 sshd[8829]: Disconnected from authenticating user root 104.225.250.174 port 43986 [preauth]","@timestamp":"2022-09-14T11:26:32.716Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:30:40.588Z","@version":"1","message":"Sep 14 11:30:39 honeypot-sgp-1 kernel: [84031148.354077] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=11124 PROTO=TCP SPT=55002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:30:54 honeypot-fra-1 sshd[8834]: Invalid user user1 from 103.188.176.251 port 36820","@timestamp":"2022-09-14T11:30:54.821Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:33:31 honeypot-ams-1 kernel: [84031794.658503] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=18.189.61.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=5271 PROTO=TCP SPT=5075 DPT=80 WINDOW=41810 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:33:32.448Z"}
{"@timestamp":"2022-09-14T11:36:58.745Z","@version":"1","message":"Sep 14 11:36:58 honeypot-sgp-1 kernel: [84031526.774667] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.201.9.214 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43385 PROTO=TCP SPT=40676 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:39:24 honeypot-fra-1 sshd[8841]: Received disconnect from 92.255.85.70 port 15944:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:39:25.026Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:40:00 honeypot-ams-1 kernel: [84032183.486718] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.67.66.107 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=17468 DF PROTO=TCP SPT=18430 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:40:00.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:44:04 honeypot-ams-1 sshd[24775]: Disconnected from invalid user kutimukha 195.36.209.129 port 42414 [preauth]","@timestamp":"2022-09-14T11:44:05.724Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:44:38 honeypot-fra-1 kernel: [84030298.666850] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.67.202 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=59585 DF PROTO=TCP SPT=34055 DPT=443 WINDOW=42340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:44:39.148Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T11:47:03.999Z","@version":"1","message":"Sep 14 11:47:03 honeypot-sgp-1 sshd[13135]: Received disconnect from 61.177.173.46 port 24947:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8867]: Invalid user admin from 52.237.82.21 port 37912","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8853]: Invalid user ubuntu from 52.237.82.21 port 37826","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8872]: Invalid user chia from 52.237.82.21 port 37846","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8858]: Connection closed by invalid user steam 52.237.82.21 port 37818 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8870]: Invalid user testuser from 52.237.82.21 port 37904","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8875]: Connection closed by invalid user testuser 52.237.82.21 port 37928 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8859]: Connection closed by authenticating user root 52.237.82.21 port 37868 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8863]: Connection closed by invalid user momo 52.237.82.21 port 37854 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8871]: Connection closed by invalid user steam 52.237.82.21 port 37880 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:50:19.079Z","@version":"1","message":"Sep 14 11:50:18 honeypot-sgp-1 sshd[13141]: Received disconnect from 61.177.173.53 port 44447:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:51:06 honeypot-fra-1 sshd[8913]: Disconnecting invalid user admin 81.17.25.50 port 45173: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:51:07.324Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:51:46.116Z","@version":"1","message":"Sep 14 11:51:45 honeypot-sgp-1 sshd[13145]: Received disconnect from 164.92.142.65 port 35102:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:52:38 honeypot-fra-1 sshd[8919]: Disconnecting invalid user admin 81.17.25.50 port 8555: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:52:39.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:07 honeypot-fra-1 sshd[8925]: Disconnecting invalid user aerohive 81.17.25.50 port 22411: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:53:08.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:26 honeypot-fra-1 sshd[8931]: Disconnecting invalid user private 81.17.25.50 port 24702: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:53:26.388Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:53:34 honeypot-ams-1 sshd[24778]: Disconnected from invalid user pentaho 164.92.212.181 port 57576 [preauth]","@timestamp":"2022-09-14T11:53:34.970Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:54:36 honeypot-fra-1 sshd[8939]: Invalid user araknis from 81.17.25.50 port 64835","@timestamp":"2022-09-14T11:54:37.418Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:05 honeypot-fra-1 sshd[8945]: Disconnecting authenticating user root 81.17.25.50 port 55340: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:06.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:48 honeypot-fra-1 sshd[8952]: Disconnecting invalid user admin 81.17.25.50 port 33979: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:48.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:59 honeypot-fra-1 sshd[8960]: Invalid user  from 81.17.25.50 port 5587","@timestamp":"2022-09-14T11:55:59.457Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:22 honeypot-fra-1 sshd[8966]: Invalid user admin from 81.17.25.50 port 26188","@timestamp":"2022-09-14T11:56:23.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:38 honeypot-fra-1 sshd[8974]: Disconnecting invalid user Administrator 81.17.25.50 port 59282: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:56:39.478Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:15 honeypot-fra-1 sshd[8981]: Disconnecting invalid user sti.admin5 81.17.25.50 port 2271: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:57:16.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:18 honeypot-fra-1 sshd[8987]: Disconnecting invalid user zhone 81.17.25.50 port 11576: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:57:18.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:58:21 honeypot-fra-1 sshd[8995]: Invalid user admin from 81.17.25.50 port 14733","@timestamp":"2022-09-14T11:58:21.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:15 honeypot-fra-1 sshd[9004]: Invalid user cusadmin from 81.17.25.50 port 7945","@timestamp":"2022-09-14T11:59:16.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:48 honeypot-fra-1 sshd[9008]: Disconnecting invalid user admin 81.17.25.50 port 5098: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:59:48.564Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:00:08.318Z","@version":"1","message":"Sep 14 12:00:07 honeypot-sgp-1 sshd[13605]: Disconnected from authenticating user root 92.255.85.70 port 52540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:18 honeypot-fra-1 sshd[9014]: Disconnecting invalid user comcast 81.17.25.50 port 28749: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:00:18.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:57 honeypot-fra-1 sshd[9018]: Disconnecting invalid user  81.17.25.50 port 32333: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:00:58.597Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:01:00 honeypot-ams-1 kernel: [84033443.214651] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=55209 PROTO=TCP SPT=56108 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:01:00.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:51 honeypot-fra-1 sshd[9027]: Invalid user  from 81.17.25.50 port 40741","@timestamp":"2022-09-14T12:01:51.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:11 honeypot-fra-1 sshd[9033]: Invalid user admin from 81.17.25.50 port 35743","@timestamp":"2022-09-14T12:02:12.633Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:53 honeypot-fra-1 sshd[9035]: Disconnecting invalid user blank 81.17.25.50 port 50143: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:02:53.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:03:45 honeypot-fra-1 sshd[9043]: Invalid user airlive from 81.17.25.50 port 29616","@timestamp":"2022-09-14T12:03:46.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:05:05 honeypot-fra-1 sshd[9049]: Invalid user roqos from 81.17.25.50 port 44793","@timestamp":"2022-09-14T12:05:06.713Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:05:33.453Z","@version":"1","message":"Sep 14 12:05:33 honeypot-sgp-1 sshd[13612]: Invalid user admin from 201.249.89.102 port 46136","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:05:45 honeypot-fra-1 sshd[9054]: Disconnecting invalid user Shiko 81.17.25.50 port 7102: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:05:45.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:06:46.486Z","@version":"1","message":"Sep 14 12:06:45 honeypot-sgp-1 sshd[13614]: Disconnected from invalid user mongodb2 148.240.122.192 port 33168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:06:47 honeypot-fra-1 sshd[9063]: Invalid user smcadmin from 81.17.25.50 port 3366","@timestamp":"2022-09-14T12:06:47.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:07:51 honeypot-fra-1 sshd[9071]: Invalid user highspeed from 81.17.25.50 port 15125","@timestamp":"2022-09-14T12:07:51.787Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:24 honeypot-ams-1 sshd[24792]: Invalid user user from 141.255.162.226 port 41886","@timestamp":"2022-09-14T12:08:25.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:08:25 honeypot-fra-1 sshd[9077]: Invalid user sweex from 81.17.25.50 port 45873","@timestamp":"2022-09-14T12:08:25.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:28 honeypot-ams-1 sshd[24796]: Invalid user user from 141.255.162.226 port 57130","@timestamp":"2022-09-14T12:08:29.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:30 honeypot-ams-1 sshd[24800]: Invalid user user from 141.255.162.226 port 36524","@timestamp":"2022-09-14T12:08:31.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:23 honeypot-fra-1 sshd[9083]: Invalid user  from 81.17.25.50 port 33001","@timestamp":"2022-09-14T12:09:23.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:43 honeypot-fra-1 sshd[9089]: Invalid user ubnt from 81.17.25.50 port 29963","@timestamp":"2022-09-14T12:09:43.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:46 honeypot-fra-1 sshd[9095]: Disconnecting invalid user user 81.17.25.50 port 26606: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:46.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:47 honeypot-fra-1 sshd[9101]: Disconnecting invalid user Admin 81.17.25.50 port 38346: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:47.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:49 honeypot-fra-1 sshd[9107]: Disconnecting invalid user 0 81.17.25.50 port 19849: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:49.844Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:10:13.572Z","@version":"1","message":"Sep 14 12:10:13 honeypot-sgp-1 sshd[13622]: Invalid user admin from 142.93.145.85 port 39220","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:10:24 honeypot-fra-1 sshd[9113]: Invalid user admin from 81.17.25.50 port 11643","@timestamp":"2022-09-14T12:10:24.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:10:27 honeypot-fra-1 sshd[9118]: Connection closed by invalid user ltecl4r0 81.17.25.50 port 9289 [preauth]","@timestamp":"2022-09-14T12:10:27.871Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:12:33.633Z","@version":"1","message":"Sep 14 12:12:33 honeypot-sgp-1 sshd[13627]: Invalid user recruitment from 207.154.231.64 port 45002","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:13:40 honeypot-ams-1 kernel: [84034203.250878] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=1364 DF PROTO=TCP SPT=49960 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T12:13:40.517Z"}
{"@timestamp":"2022-09-14T12:17:01.742Z","@version":"1","message":"Sep 14 12:17:01 honeypot-sgp-1 CRON[13632]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:19:58 honeypot-ams-1 sshd[24809]: Received disconnect from 179.103.152.130 port 57278:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:19:59.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:03 honeypot-ams-1 sshd[24813]: Disconnected from invalid user ubnt 179.103.152.130 port 57452 [preauth]","@timestamp":"2022-09-14T12:20:03.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:10 honeypot-ams-1 sshd[24819]: Disconnected from authenticating user root 179.103.152.130 port 57856 [preauth]","@timestamp":"2022-09-14T12:20:10.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:16 honeypot-ams-1 sshd[24825]: Disconnected from authenticating user root 179.103.152.130 port 58176 [preauth]","@timestamp":"2022-09-14T12:20:17.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:23 honeypot-ams-1 sshd[24831]: Disconnected from authenticating user root 179.103.152.130 port 58532 [preauth]","@timestamp":"2022-09-14T12:20:23.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:29 honeypot-ams-1 sshd[24837]: Disconnected from authenticating user root 179.103.152.130 port 58898 [preauth]","@timestamp":"2022-09-14T12:20:30.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:37 honeypot-ams-1 sshd[24843]: Disconnected from authenticating user root 179.103.152.130 port 59254 [preauth]","@timestamp":"2022-09-14T12:20:37.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:44 honeypot-ams-1 sshd[24849]: Disconnected from authenticating user root 179.103.152.130 port 59648 [preauth]","@timestamp":"2022-09-14T12:20:44.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:51 honeypot-ams-1 sshd[24855]: Disconnected from authenticating user root 179.103.152.130 port 59986 [preauth]","@timestamp":"2022-09-14T12:20:51.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:57 honeypot-ams-1 sshd[24861]: Disconnected from authenticating user root 179.103.152.130 port 60330 [preauth]","@timestamp":"2022-09-14T12:20:57.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:04 honeypot-ams-1 sshd[24867]: Disconnected from authenticating user root 179.103.152.130 port 60710 [preauth]","@timestamp":"2022-09-14T12:21:05.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:11 honeypot-ams-1 sshd[24873]: Disconnected from authenticating user root 179.103.152.130 port 32822 [preauth]","@timestamp":"2022-09-14T12:21:12.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:19 honeypot-ams-1 sshd[24879]: Disconnected from authenticating user root 179.103.152.130 port 33210 [preauth]","@timestamp":"2022-09-14T12:21:19.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:24 honeypot-ams-1 sshd[24883]: Disconnected from invalid user admin 179.103.152.130 port 33482 [preauth]","@timestamp":"2022-09-14T12:21:24.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:29 honeypot-ams-1 sshd[24887]: Disconnected from invalid user admin 179.103.152.130 port 33744 [preauth]","@timestamp":"2022-09-14T12:21:29.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:34 honeypot-ams-1 sshd[24891]: Disconnected from invalid user admin 179.103.152.130 port 34010 [preauth]","@timestamp":"2022-09-14T12:21:34.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:39 honeypot-ams-1 sshd[24895]: Disconnected from invalid user admin 179.103.152.130 port 34254 [preauth]","@timestamp":"2022-09-14T12:21:39.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:43 honeypot-ams-1 sshd[24899]: Disconnected from invalid user admin 179.103.152.130 port 34542 [preauth]","@timestamp":"2022-09-14T12:21:43.748Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:51 honeypot-ams-1 sshd[24905]: Received disconnect from 179.103.152.130 port 34952:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:51.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:56 honeypot-ams-1 sshd[24909]: Received disconnect from 179.103.152.130 port 35200:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:56.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:01 honeypot-ams-1 sshd[24913]: Received disconnect from 179.103.152.130 port 35466:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:01.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:06 honeypot-ams-1 sshd[24917]: Received disconnect from 179.103.152.130 port 35736:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:06.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:11 honeypot-ams-1 sshd[24921]: Received disconnect from 179.103.152.130 port 35954:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:11.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:16 honeypot-ams-1 sshd[24925]: Received disconnect from 179.103.152.130 port 36204:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:16.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:20 honeypot-ams-1 sshd[24929]: Received disconnect from 179.103.152.130 port 36446:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:20.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:26 honeypot-ams-1 sshd[24933]: Received disconnect from 179.103.152.130 port 36720:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:26.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:22:25 honeypot-fra-1 kernel: [84032565.662846] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=9285 PROTO=TCP SPT=14940 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:22:26.145Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:31 honeypot-ams-1 sshd[24937]: Received disconnect from 179.103.152.130 port 37026:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:31.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:36 honeypot-ams-1 sshd[24941]: Received disconnect from 179.103.152.130 port 37260:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:36.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:38 honeypot-ams-1 sshd[24945]: Received disconnect from 190.110.214.198 port 36670:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:38.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:44 honeypot-ams-1 sshd[24949]: Received disconnect from 179.103.152.130 port 37632:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:44.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:23:03 honeypot-ams-1 sshd[24953]: Disconnected from authenticating user root 122.248.43.71 port 48304 [preauth]","@timestamp":"2022-09-14T12:23:03.800Z"}
{"@timestamp":"2022-09-14T12:23:24.898Z","@version":"1","message":"Sep 14 12:23:24 honeypot-sgp-1 sshd[13640]: Received disconnect from 92.255.85.70 port 18350:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:23:51 honeypot-fra-1 sshd[9140]: Received disconnect from 45.61.186.169 port 51748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:23:52.181Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:08 honeypot-fra-1 sshd[9146]: Received disconnect from 45.61.186.169 port 46566:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:24:09.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:18 honeypot-fra-1 sshd[9150]: Invalid user kyle from 165.22.45.108 port 43092","@timestamp":"2022-09-14T12:24:18.194Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:33 honeypot-fra-1 sshd[9154]: Invalid user user from 45.61.186.169 port 52922","@timestamp":"2022-09-14T12:24:34.202Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:25:38 honeypot-ams-1 sshd[24958]: Disconnected from authenticating user root 186.121.202.130 port 51272 [preauth]","@timestamp":"2022-09-14T12:25:38.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:03 honeypot-ams-1 sshd[24964]: Received disconnect from 179.151.180.133 port 52184:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:03.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:07 honeypot-ams-1 sshd[24968]: Disconnected from authenticating user root 179.151.180.133 port 52458 [preauth]","@timestamp":"2022-09-14T12:27:07.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:15 honeypot-ams-1 sshd[24974]: Disconnected from authenticating user root 179.151.180.133 port 52838 [preauth]","@timestamp":"2022-09-14T12:27:15.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:21 honeypot-ams-1 sshd[24980]: Disconnected from authenticating user root 179.151.180.133 port 53202 [preauth]","@timestamp":"2022-09-14T12:27:22.924Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:29 honeypot-ams-1 sshd[24986]: Disconnected from authenticating user root 179.151.180.133 port 53576 [preauth]","@timestamp":"2022-09-14T12:27:29.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:36 honeypot-ams-1 sshd[24992]: Disconnected from authenticating user root 179.151.180.133 port 53980 [preauth]","@timestamp":"2022-09-14T12:27:36.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:43 honeypot-ams-1 sshd[24998]: Disconnected from authenticating user root 179.151.180.133 port 54364 [preauth]","@timestamp":"2022-09-14T12:27:43.936Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:27:45 honeypot-fra-1 kernel: [84032885.529346] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 PROTO=TCP SPT=16903 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:27:45.275Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:50 honeypot-ams-1 sshd[25004]: Disconnected from authenticating user root 179.151.180.133 port 54734 [preauth]","@timestamp":"2022-09-14T12:27:50.941Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:58 honeypot-ams-1 sshd[25010]: Disconnected from authenticating user root 179.151.180.133 port 55124 [preauth]","@timestamp":"2022-09-14T12:27:58.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:05 honeypot-ams-1 sshd[25016]: Disconnected from authenticating user root 179.151.180.133 port 55516 [preauth]","@timestamp":"2022-09-14T12:28:05.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:12 honeypot-ams-1 sshd[25022]: Disconnected from authenticating user root 179.151.180.133 port 55902 [preauth]","@timestamp":"2022-09-14T12:28:12.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:20 honeypot-ams-1 sshd[25028]: Disconnected from authenticating user root 179.151.180.133 port 56326 [preauth]","@timestamp":"2022-09-14T12:28:20.959Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:27 honeypot-ams-1 sshd[25034]: Received disconnect from 179.151.180.133 port 56704:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:27.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:32 honeypot-ams-1 sshd[25038]: Received disconnect from 179.151.180.133 port 56974:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:32.967Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:37 honeypot-ams-1 sshd[25042]: Received disconnect from 179.151.180.133 port 57220:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:37.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:42 honeypot-ams-1 sshd[25046]: Received disconnect from 179.151.180.133 port 57492:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:42.972Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:47 honeypot-ams-1 sshd[25050]: Received disconnect from 179.151.180.133 port 57756:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:47.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:52 honeypot-ams-1 sshd[25054]: Received disconnect from 179.151.180.133 port 58030:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:52.979Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:56 honeypot-ams-1 sshd[25060]: Received disconnect from 179.151.180.133 port 58302:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:56.981Z"}
{"@timestamp":"2022-09-14T12:29:00.052Z","@version":"1","message":"Sep 14 12:28:59 honeypot-sgp-1 sshd[13647]: Did not receive identification string from 35.90.115.181 port 51688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13651]: Invalid user esuser from 35.90.115.181 port 54514","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13666]: Invalid user user from 35.90.115.181 port 54444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13667]: Invalid user test from 35.90.115.181 port 54442","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13650]: Connection closed by invalid user zabbix 35.90.115.181 port 54472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13659]: Connection closed by invalid user testuser 35.90.115.181 port 54498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13657]: Connection closed by invalid user chia 35.90.115.181 port 54440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13670]: Connection closed by invalid user test 35.90.115.181 port 54496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13676]: Connection closed by invalid user devops 35.90.115.181 port 54512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:01 honeypot-ams-1 sshd[25064]: Received disconnect from 179.151.180.133 port 58530:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:01.985Z"}
{"@timestamp":"2022-09-14T12:29:02.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13706]: Connection closed by invalid user testuser 35.90.115.181 port 54476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:06 honeypot-ams-1 sshd[25068]: Received disconnect from 179.151.180.133 port 58816:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:06.988Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:10 honeypot-ams-1 sshd[25072]: Received disconnect from 179.151.180.133 port 59062:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:10.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:15 honeypot-ams-1 sshd[25076]: Received disconnect from 179.151.180.133 port 59302:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:15.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:20 honeypot-ams-1 sshd[25080]: Received disconnect from 179.151.180.133 port 59596:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:20.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:24 honeypot-ams-1 sshd[25084]: Received disconnect from 179.151.180.133 port 59802:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:24.999Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:28 honeypot-ams-1 sshd[25088]: Received disconnect from 179.151.180.133 port 60070:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:29.001Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:33 honeypot-ams-1 sshd[25092]: Received disconnect from 179.151.180.133 port 60298:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:34.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:38 honeypot-ams-1 sshd[25096]: Received disconnect from 179.151.180.133 port 60546:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:39.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:43 honeypot-ams-1 sshd[25100]: Received disconnect from 179.151.180.133 port 60812:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:44.011Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:49 honeypot-ams-1 sshd[25104]: Received disconnect from 179.151.180.133 port 32842:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:50.016Z"}
{"@timestamp":"2022-09-14T12:31:06.109Z","@version":"1","message":"Sep 14 12:31:05 honeypot-sgp-1 sshd[13710]: Received disconnect from 61.177.173.36 port 44582:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:34:07 honeypot-fra-1 sshd[9162]: Received disconnect from 61.177.172.114 port 16912:11:  [preauth]","@timestamp":"2022-09-14T12:34:08.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:36:25.244Z","@version":"1","message":"Sep 14 12:36:24 honeypot-sgp-1 sshd[13719]: Received disconnect from 61.177.173.36 port 62443:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:39:35 honeypot-fra-1 kernel: [84033595.857830] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.79.139 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3646 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:39:35.549Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:41:42.381Z","@version":"1","message":"Sep 14 12:41:41 honeypot-sgp-1 kernel: [84035410.258060] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.195.7.48 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=48412 PROTO=TCP SPT=57141 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:47:18 honeypot-ams-1 kernel: [84036221.574589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.157.141 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28156 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:47:19.463Z"}
{"@timestamp":"2022-09-14T12:48:31.558Z","@version":"1","message":"Sep 14 12:48:30 honeypot-sgp-1 sshd[13733]: Received disconnect from 61.177.173.36 port 18115:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:48:51 honeypot-fra-1 kernel: [84034152.220363] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.9.56.254 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1175 PROTO=TCP SPT=52953 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:48:52.762Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:51:44.640Z","@version":"1","message":"Sep 14 12:51:43 honeypot-sgp-1 sshd[13739]: Received disconnect from 62.204.41.222 port 35607:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:53:03 honeypot-fra-1 sshd[9178]: Received disconnect from 61.177.173.37 port 25310:11:  [preauth]","@timestamp":"2022-09-14T12:53:03.859Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:53:20 honeypot-ams-1 sshd[25113]: Disconnected from 159.223.172.195 port 45496 [preauth]","@timestamp":"2022-09-14T12:53:20.619Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:54:43 honeypot-fra-1 sshd[9183]: Disconnected from authenticating user root 61.177.173.50 port 38742 [preauth]","@timestamp":"2022-09-14T12:54:43.900Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:56:40.766Z","@version":"1","message":"Sep 14 12:56:40 honeypot-sgp-1 sshd[13748]: Invalid user  from 118.193.59.5 port 46892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:03.803Z","@version":"1","message":"Sep 14 12:58:03 honeypot-sgp-1 sshd[13753]: Did not receive identification string from 45.61.186.249 port 57304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:41.820Z","@version":"1","message":"Sep 14 12:58:41 honeypot-sgp-1 sshd[13756]: Disconnected from invalid user user 45.61.186.249 port 36950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:01.829Z","@version":"1","message":"Sep 14 12:59:01 honeypot-sgp-1 sshd[13762]: Invalid user user from 45.61.186.249 port 60242","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:19.839Z","@version":"1","message":"Sep 14 12:59:19 honeypot-sgp-1 kernel: [84036468.259656] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15943 PROTO=TCP SPT=41443 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:31.844Z","@version":"1","message":"Sep 14 12:59:30 honeypot-sgp-1 sshd[13768]: Disconnected from invalid user user 45.61.186.249 port 38720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:38 honeypot-ams-1 sshd[25116]: Received disconnect from 61.245.162.61 port 56750:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:39.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:42 honeypot-ams-1 sshd[25120]: Disconnected from invalid user ubnt 61.245.162.61 port 56932 [preauth]","@timestamp":"2022-09-14T12:59:42.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:46 honeypot-ams-1 sshd[25126]: Disconnected from authenticating user root 61.245.162.61 port 57110 [preauth]","@timestamp":"2022-09-14T12:59:46.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:51 honeypot-ams-1 sshd[25132]: Disconnected from authenticating user root 61.245.162.61 port 57424 [preauth]","@timestamp":"2022-09-14T12:59:51.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:55 honeypot-ams-1 sshd[25138]: Disconnected from authenticating user root 61.245.162.61 port 57602 [preauth]","@timestamp":"2022-09-14T12:59:55.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:00 honeypot-ams-1 sshd[25144]: Disconnected from authenticating user root 61.245.162.61 port 57922 [preauth]","@timestamp":"2022-09-14T13:00:00.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:04 honeypot-ams-1 sshd[25150]: Disconnected from authenticating user root 61.245.162.61 port 58152 [preauth]","@timestamp":"2022-09-14T13:00:05.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:09 honeypot-ams-1 sshd[25156]: Disconnected from authenticating user root 61.245.162.61 port 58426 [preauth]","@timestamp":"2022-09-14T13:00:09.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:14 honeypot-ams-1 sshd[25162]: Disconnected from authenticating user root 61.245.162.61 port 58650 [preauth]","@timestamp":"2022-09-14T13:00:14.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:18 honeypot-ams-1 sshd[25168]: Disconnected from authenticating user root 61.245.162.61 port 58898 [preauth]","@timestamp":"2022-09-14T13:00:18.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:23 honeypot-ams-1 sshd[25174]: Disconnected from authenticating user root 61.245.162.61 port 59178 [preauth]","@timestamp":"2022-09-14T13:00:23.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:27 honeypot-ams-1 sshd[25180]: Disconnected from authenticating user root 61.245.162.61 port 59376 [preauth]","@timestamp":"2022-09-14T13:00:28.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:32 honeypot-ams-1 sshd[25186]: Disconnected from authenticating user root 61.245.162.61 port 59738 [preauth]","@timestamp":"2022-09-14T13:00:32.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:35 honeypot-ams-1 sshd[25190]: Disconnected from invalid user admin 61.245.162.61 port 59852 [preauth]","@timestamp":"2022-09-14T13:00:35.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:38 honeypot-ams-1 sshd[25194]: Disconnected from invalid user admin 61.245.162.61 port 60036 [preauth]","@timestamp":"2022-09-14T13:00:38.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:41 honeypot-ams-1 sshd[25198]: Disconnected from invalid user admin 61.245.162.61 port 60250 [preauth]","@timestamp":"2022-09-14T13:00:42.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:45 honeypot-ams-1 sshd[25202]: Disconnected from invalid user admin 61.245.162.61 port 60392 [preauth]","@timestamp":"2022-09-14T13:00:45.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:48 honeypot-ams-1 sshd[25206]: Disconnected from invalid user admin 61.245.162.61 port 60544 [preauth]","@timestamp":"2022-09-14T13:00:48.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:52 honeypot-ams-1 sshd[25212]: Received disconnect from 61.245.162.61 port 60860:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:53.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:56 honeypot-ams-1 sshd[25216]: Received disconnect from 61.245.162.61 port 60988:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:56.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:59 honeypot-ams-1 sshd[25220]: Received disconnect from 61.245.162.61 port 32926:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:59.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:02 honeypot-ams-1 sshd[25224]: Received disconnect from 61.245.162.61 port 33150:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:02.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:05 honeypot-ams-1 sshd[25228]: Received disconnect from 61.245.162.61 port 33294:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:05.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:08 honeypot-ams-1 sshd[25232]: Received disconnect from 61.245.162.61 port 33472:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:09.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:12 honeypot-ams-1 sshd[25236]: Received disconnect from 61.245.162.61 port 33682:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:12.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:15 honeypot-ams-1 sshd[25240]: Received disconnect from 61.245.162.61 port 33846:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:15.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:18 honeypot-ams-1 sshd[25244]: Received disconnect from 61.245.162.61 port 33980:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:18.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:21 honeypot-ams-1 sshd[25248]: Received disconnect from 61.245.162.61 port 34210:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:21.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:24 honeypot-ams-1 sshd[25252]: Received disconnect from 61.245.162.61 port 34380:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:24.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:27 honeypot-ams-1 sshd[25256]: Received disconnect from 61.245.162.61 port 34514:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:27.861Z"}
{"@timestamp":"2022-09-14T13:05:07.982Z","@version":"1","message":"Sep 14 13:05:07 honeypot-sgp-1 sshd[13778]: Invalid user ubnt from 105.28.108.165 port 56222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:05:27.992Z","@version":"1","message":"Sep 14 13:05:27 honeypot-sgp-1 sshd[13782]: Invalid user naigos from 13.67.221.136 port 1024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:10:04.107Z","@version":"1","message":"Sep 14 13:10:03 honeypot-sgp-1 sshd[13786]: Disconnected from authenticating user root 92.255.85.70 port 21372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:10:04 honeypot-ams-1 kernel: [84037587.984023] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.25.54.5 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=11673 PROTO=TCP SPT=38989 DPT=80 WINDOW=12710 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:10:05.086Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:12:12 honeypot-fra-1 sshd[9197]: Received disconnect from 165.22.45.108 port 48030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:12:12.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:14:09 honeypot-fra-1 sshd[9202]: Disconnected from authenticating user root 137.184.150.119 port 48698 [preauth]","@timestamp":"2022-09-14T13:14:10.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:14:27.220Z","@version":"1","message":"Sep 14 13:14:26 honeypot-sgp-1 kernel: [84037374.876626] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=53683 DF PROTO=TCP SPT=59894 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:18:24 honeypot-ams-1 kernel: [84038087.062892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.86 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45776 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:18:24.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:20:12 honeypot-fra-1 sshd[9210]: Disconnected from authenticating user root 61.177.172.124 port 11951 [preauth]","@timestamp":"2022-09-14T13:20:12.468Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:22:00.411Z","@version":"1","message":"Sep 14 13:21:59 honeypot-sgp-1 kernel: [84037828.345256] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.162 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=35251 PROTO=TCP SPT=30211 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:23:29 honeypot-ams-1 sshd[25269]: Received disconnect from 188.166.114.8 port 33350:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:23:29.441Z"}
{"@timestamp":"2022-09-14T13:26:54.533Z","@version":"1","message":"Sep 14 13:26:54 honeypot-sgp-1 sshd[13803]: Disconnected from authenticating user root 61.177.173.46 port 29782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:27:28 honeypot-ams-1 sshd[25273]: Disconnected from invalid user team 182.16.245.85 port 40944 [preauth]","@timestamp":"2022-09-14T13:27:28.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:28:15 honeypot-fra-1 kernel: [84036515.434087] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.9.150.141 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=59960 PROTO=TCP SPT=44606 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:28:15.651Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:30:58 honeypot-fra-1 sshd[9659]: Did not receive identification string from 198.98.61.9 port 47678","@timestamp":"2022-09-14T13:30:59.749Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:31:17 honeypot-ams-1 sshd[25277]: Invalid user git from 103.137.75.79 port 44180","@timestamp":"2022-09-14T13:31:17.647Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:18 honeypot-fra-1 sshd[9662]: Disconnected from invalid user user 198.98.61.9 port 45354 [preauth]","@timestamp":"2022-09-14T13:31:18.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:41 honeypot-fra-1 sshd[9666]: Disconnected from invalid user user 198.98.61.9 port 40274 [preauth]","@timestamp":"2022-09-14T13:31:41.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:59 honeypot-fra-1 sshd[9670]: Disconnected from invalid user user 198.98.61.9 port 35178 [preauth]","@timestamp":"2022-09-14T13:31:59.777Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:17 honeypot-fra-1 sshd[9676]: Disconnected from invalid user user 198.98.61.9 port 58330 [preauth]","@timestamp":"2022-09-14T13:32:17.787Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:33:25.698Z","@version":"1","message":"Sep 14 13:33:25 honeypot-sgp-1 sshd[13811]: Received disconnect from 92.255.85.69 port 31762:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:34:17 honeypot-fra-1 kernel: [84036877.989346] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=33338 PROTO=TCP SPT=40327 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:34:17.834Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:35:57 honeypot-ams-1 sshd[25282]: Invalid user instrume from 117.161.75.116 port 59262","@timestamp":"2022-09-14T13:35:58.768Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:40:26 honeypot-ams-1 kernel: [84039409.176223] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.159.233.1 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=61645 PROTO=TCP SPT=45169 DPT=443 WINDOW=50953 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:40:26.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:43:15 honeypot-fra-1 sshd[9688]: Did not receive identification string from 179.43.156.143 port 43568","@timestamp":"2022-09-14T13:43:16.038Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:43:22.950Z","@version":"1","message":"Sep 14 13:43:21 honeypot-sgp-1 kernel: [84039110.604203] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=47481 DPT=389 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:44 honeypot-fra-1 sshd[9693]: Did not receive identification string from 45.61.186.49 port 36306","@timestamp":"2022-09-14T13:44:45.075Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:58 honeypot-fra-1 sshd[9696]: Disconnected from invalid user user 45.61.186.49 port 48926 [preauth]","@timestamp":"2022-09-14T13:44:59.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:08 honeypot-fra-1 sshd[9700]: Disconnected from invalid user user 45.61.186.49 port 60494 [preauth]","@timestamp":"2022-09-14T13:45:09.087Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:46:31 honeypot-fra-1 sshd[9708]: Received disconnect from 179.43.156.143 port 36078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:46:32.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:47:49 honeypot-fra-1 sshd[9712]: Disconnected from invalid user nutanix 179.43.156.143 port 57434 [preauth]","@timestamp":"2022-09-14T13:47:50.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:49:09 honeypot-fra-1 sshd[9719]: Disconnected from invalid user nfsnobod 179.43.156.143 port 50636 [preauth]","@timestamp":"2022-09-14T13:49:10.186Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:49:43.129Z","@version":"1","message":"Sep 14 13:49:42 honeypot-sgp-1 kernel: [84039491.444281] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.191 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35253 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:51:18 honeypot-fra-1 sshd[9727]: Received disconnect from 179.43.156.143 port 40342:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:51:18.254Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:51:21.172Z","@version":"1","message":"Sep 14 13:51:21 honeypot-sgp-1 sshd[13833]: Invalid user admin from 178.128.125.205 port 63134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:51:38 honeypot-ams-1 sshd[25288]: Disconnected from invalid user roosevelt 51.250.89.156 port 49962 [preauth]","@timestamp":"2022-09-14T13:51:39.175Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:53:18 honeypot-fra-1 kernel: [84038018.634061] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.220.205.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=40879 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:53:19.302Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T13:54:40.258Z","@version":"1","message":"Sep 14 13:54:39 honeypot-sgp-1 sshd[13838]: Received disconnect from 195.36.209.129 port 60788:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:58:50.366Z","@version":"1","message":"Sep 14 13:58:50 honeypot-sgp-1 sshd[13844]: Received disconnect from 138.197.97.211 port 55990:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:59:28 honeypot-fra-1 sshd[9742]: Disconnected from authenticating user root 61.177.173.49 port 61922 [preauth]","@timestamp":"2022-09-14T13:59:29.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:00:51 honeypot-ams-1 kernel: [84040634.969053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=7908 PROTO=TCP SPT=45145 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:00:52.420Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:02:41 honeypot-fra-1 sshd[9752]: Received disconnect from 61.177.172.90 port 62732:11:  [preauth]","@timestamp":"2022-09-14T14:02:42.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:05 honeypot-ams-1 sshd[25299]: Disconnected from invalid user user 45.61.186.49 port 50238 [preauth]","@timestamp":"2022-09-14T14:04:05.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:21 honeypot-ams-1 sshd[25303]: Disconnected from invalid user user 45.61.186.49 port 33784 [preauth]","@timestamp":"2022-09-14T14:04:21.515Z"}
{"@timestamp":"2022-09-14T14:07:30.583Z","@version":"1","message":"Sep 14 14:07:29 honeypot-sgp-1 sshd[13852]: Received disconnect from 61.177.173.53 port 12276:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:09:26 honeypot-fra-1 sshd[9757]: Received disconnect from 91.240.118.222 port 7735:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-14T14:09:26.674Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:11:07 honeypot-ams-1 sshd[25308]: Disconnected from authenticating user root 188.226.207.26 port 44384 [preauth]","@timestamp":"2022-09-14T14:11:08.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:15:06 honeypot-fra-1 kernel: [84039326.360883] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=41308 DF PROTO=TCP SPT=44968 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:15:06.804Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:16:43 honeypot-ams-1 sshd[25316]: Did not receive identification string from 198.235.24.33 port 53083","@timestamp":"2022-09-14T14:16:43.845Z"}
{"@timestamp":"2022-09-14T14:17:09.817Z","@version":"1","message":"Sep 14 14:17:08 honeypot-sgp-1 sshd[13857]: Received disconnect from 61.177.172.19 port 24373:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:20:23.893Z","@version":"1","message":"Sep 14 14:20:22 honeypot-sgp-1 sshd[13867]: Disconnected from authenticating user root 180.179.114.44 port 60030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:20:56 honeypot-fra-1 sshd[9772]: Received disconnect from 61.177.173.36 port 14753:11:  [preauth]","@timestamp":"2022-09-14T14:20:56.936Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:23:00 honeypot-fra-1 sshd[9776]: Did not receive identification string from 58.72.18.130 port 43438","@timestamp":"2022-09-14T14:23:00.989Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:24:23.014Z","@version":"1","message":"Sep 14 14:24:22 honeypot-sgp-1 kernel: [84041571.135350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.86 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=41895 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:25:30.043Z","@version":"1","message":"Sep 14 14:25:29 honeypot-sgp-1 sshd[13879]: Disconnected from invalid user sa 96.78.175.36 port 55398 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:26:08 honeypot-ams-1 sshd[25326]: Disconnected from authenticating user root 92.255.85.70 port 49220 [preauth]","@timestamp":"2022-09-14T14:26:09.089Z"}
{"@timestamp":"2022-09-14T14:26:19.065Z","@version":"1","message":"Sep 14 14:26:18 honeypot-sgp-1 sshd[13884]: Received disconnect from 45.61.184.204 port 48344:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:39.075Z","@version":"1","message":"Sep 14 14:26:38 honeypot-sgp-1 sshd[13888]: Received disconnect from 45.61.184.204 port 43480:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:57.084Z","@version":"1","message":"Sep 14 14:26:56 honeypot-sgp-1 sshd[13892]: Received disconnect from 45.61.184.204 port 38614:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:28:12 honeypot-ams-1 sshd[25334]: Received disconnect from 80.76.51.189 port 47080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:28:13.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:29:05 honeypot-ams-1 sshd[25338]: Disconnected from authenticating user root 80.76.51.189 port 52744 [preauth]","@timestamp":"2022-09-14T14:29:06.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:30:24 honeypot-ams-1 sshd[25345]: Received disconnect from 80.76.51.189 port 60990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:30:25.211Z"}
{"@timestamp":"2022-09-14T14:30:35.177Z","@version":"1","message":"Sep 14 14:30:34 honeypot-sgp-1 kernel: [84041943.504389] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=13922 PROTO=TCP SPT=45802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:30:39 honeypot-fra-1 sshd[9782]: Received disconnect from 61.177.173.36 port 41730:11:  [preauth]","@timestamp":"2022-09-14T14:30:40.161Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:31:46 honeypot-ams-1 sshd[25352]: Received disconnect from 80.76.51.189 port 41114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:31:47.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:32:42 honeypot-ams-1 sshd[25356]: Received disconnect from 80.76.51.189 port 46686:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:32:43.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:33:25 honeypot-fra-1 sshd[9788]: Received disconnect from 14.102.154.66 port 43128:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:33:25.228Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:33:40 honeypot-ams-1 sshd[25361]: Received disconnect from 80.76.51.189 port 52258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:33:41.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:34:38 honeypot-ams-1 sshd[25365]: Received disconnect from 80.76.51.189 port 57818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:34:38.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:35:35 honeypot-ams-1 sshd[25369]: Disconnected from authenticating user root 80.76.51.189 port 35168 [preauth]","@timestamp":"2022-09-14T14:35:35.356Z"}
{"@timestamp":"2022-09-14T14:36:11.322Z","@version":"1","message":"Sep 14 14:36:10 honeypot-sgp-1 kernel: [84042279.082831] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=54698 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:37:02 honeypot-ams-1 sshd[25376]: Invalid user postgres from 80.76.51.189 port 43512","@timestamp":"2022-09-14T14:37:03.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9795]: Invalid user es from 185.209.179.41 port 58174","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9805]: Invalid user mcserv from 185.209.179.41 port 58242","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9809]: Invalid user deploy from 185.209.179.41 port 58224","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9794]: Invalid user esuser from 185.209.179.41 port 58180","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9813]: Connection closed by invalid user postgres 185.209.179.41 port 58178 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9809]: Connection closed by invalid user deploy 185.209.179.41 port 58224 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9808]: Connection closed by invalid user ts3srv 185.209.179.41 port 58228 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9839]: Invalid user nguser from 185.209.179.41 port 58222","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9838]: Connection closed by invalid user wordpress 185.209.179.41 port 58248 [preauth]","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:06 honeypot-fra-1 sshd[9850]: Invalid user ansible from 185.209.179.41 port 58218","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9853]: Connection closed by authenticating user root 185.209.179.41 port 58162 [preauth]","@timestamp":"2022-09-14T14:37:08.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:38:02 honeypot-ams-1 sshd[25380]: Disconnected from authenticating user root 80.76.51.189 port 49082 [preauth]","@timestamp":"2022-09-14T14:38:02.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:39:35 honeypot-ams-1 sshd[25386]: Received disconnect from 80.76.51.189 port 57416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:39:36.467Z"}
{"@timestamp":"2022-09-14T14:44:40.534Z","@version":"1","message":"Sep 14 14:44:40 honeypot-sgp-1 sshd[13910]: Received disconnect from 92.255.85.70 port 34148:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:45:12 honeypot-fra-1 sshd[9867]: Received disconnect from 61.177.172.108 port 43369:11:  [preauth]","@timestamp":"2022-09-14T14:45:12.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:47:19 honeypot-fra-1 sshd[9871]: Received disconnect from 92.255.85.69 port 62378:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:47:20.576Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:47:58 honeypot-ams-1 sshd[25390]: Did not receive identification string from 152.32.142.133 port 31784","@timestamp":"2022-09-14T14:47:59.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:48:02 honeypot-fra-1 sshd[9877]: Received disconnect from 165.22.45.108 port 57906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:48:02.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:50:46 honeypot-fra-1 sshd[9886]: Received disconnect from 14.140.95.157 port 58012:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:50:47.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:23 honeypot-ams-1 sshd[25398]: Received disconnect from 109.205.213.23 port 55164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:52:23.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:52:45 honeypot-fra-1 sshd[9892]: Received disconnect from 66.154.107.48 port 51050:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:52:45.726Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:46 honeypot-ams-1 sshd[25404]: Received disconnect from 109.205.213.23 port 42386:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:52:46.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:53:10 honeypot-ams-1 sshd[25410]: Received disconnect from 109.205.213.23 port 57840:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:53:11.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:25 honeypot-ams-1 sshd[25416]: Received disconnect from 109.205.213.23 port 59624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:54:25.898Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:42 honeypot-ams-1 sshd[25420]: Received disconnect from 109.205.213.23 port 60516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:54:42.906Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:00:01 honeypot-fra-1 sshd[9897]: Disconnected from authenticating user root 61.177.173.35 port 14576 [preauth]","@timestamp":"2022-09-14T15:00:02.890Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:03:50.998Z","@version":"1","message":"Sep 14 15:03:50 honeypot-sgp-1 sshd[13928]: Invalid user brother from 170.106.167.158 port 59984","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:06:03 honeypot-ams-1 kernel: [84044546.415185] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.93.194.120 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=37714 PROTO=TCP SPT=47511 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:06:04.200Z"}
{"@timestamp":"2022-09-14T15:06:15.060Z","@version":"1","message":"Sep 14 15:06:14 honeypot-sgp-1 sshd[13932]: Received disconnect from 61.177.173.53 port 60113:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:07:01 honeypot-ams-1 sshd[25428]: Disconnected from invalid user oyn 103.180.120.160 port 51606 [preauth]","@timestamp":"2022-09-14T15:07:02.228Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:09:27 honeypot-fra-1 sshd[9905]: Disconnected from authenticating user root 61.177.172.90 port 52733 [preauth]","@timestamp":"2022-09-14T15:09:28.103Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:15:22.302Z","@version":"1","message":"Sep 14 15:15:21 honeypot-sgp-1 kernel: [84044630.465683] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=17478 PROTO=TCP SPT=47603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:15:49 honeypot-ams-1 kernel: [84045131.993767] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=45291 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:15:49.471Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:17:01 honeypot-fra-1 CRON[9914]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T15:17:02.276Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:20:50 honeypot-ams-1 sshd[25437]: Did not receive identification string from 45.61.186.49 port 50030","@timestamp":"2022-09-14T15:20:50.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:11 honeypot-ams-1 sshd[25440]: Disconnected from invalid user user 45.61.186.49 port 37552 [preauth]","@timestamp":"2022-09-14T15:21:11.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:20 honeypot-ams-1 sshd[25444]: Disconnected from invalid user user 45.61.186.49 port 49156 [preauth]","@timestamp":"2022-09-14T15:21:20.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:22:37 honeypot-fra-1 sshd[9923]: Invalid user fa from 45.33.107.51 port 42158","@timestamp":"2022-09-14T15:22:37.408Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:23:29.501Z","@version":"1","message":"Sep 14 15:23:29 honeypot-sgp-1 sshd[13952]: Did not receive identification string from 45.61.186.49 port 60444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:23:53.514Z","@version":"1","message":"Sep 14 15:23:52 honeypot-sgp-1 sshd[13957]: Disconnected from invalid user user 45.61.186.49 port 35024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:24:03.519Z","@version":"1","message":"Sep 14 15:24:02 honeypot-sgp-1 sshd[13961]: Disconnected from invalid user user 45.61.186.49 port 46878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:25:49 honeypot-ams-1 kernel: [84045732.036543] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.220.205.196 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53056 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:25:49.754Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:13 honeypot-fra-1 sshd[9931]: Invalid user ubuntu from 92.106.169.34 port 56852","@timestamp":"2022-09-14T15:26:13.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:47 honeypot-fra-1 sshd[9936]: Received disconnect from 193.142.146.50 port 57844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:26:47.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:27:53 honeypot-fra-1 sshd[9943]: Received disconnect from 193.142.146.50 port 55404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:27:53.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:28:48 honeypot-fra-1 sshd[9949]: Received disconnect from 193.142.146.50 port 52962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:28:48.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:29:49 honeypot-fra-1 sshd[9957]: Received disconnect from 61.177.173.50 port 22502:11:  [preauth]","@timestamp":"2022-09-14T15:29:49.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:30:33 honeypot-fra-1 sshd[9961]: Received disconnect from 193.142.146.50 port 58306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:30:33.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:30:57.695Z","@version":"1","message":"Sep 14 15:30:56 honeypot-sgp-1 sshd[13974]: Invalid user mmmm from 139.59.248.243 port 49466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:31:27 honeypot-ams-1 sshd[25452]: Received disconnect from 175.170.149.29 port 31440:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:31:27.901Z"}
{"@timestamp":"2022-09-14T15:33:35.758Z","@version":"1","message":"Sep 14 15:33:35 honeypot-sgp-1 sshd[13978]: Received disconnect from 189.174.32.32 port 48600:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:34:05 honeypot-fra-1 sshd[9967]: Connection closed by authenticating user root 141.98.10.158 port 59872 [preauth]","@timestamp":"2022-09-14T15:34:06.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:36:55 honeypot-ams-1 sshd[25457]: Disconnected from authenticating user root 92.255.85.70 port 63336 [preauth]","@timestamp":"2022-09-14T15:36:56.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:41 honeypot-ams-1 sshd[25462]: Received disconnect from 141.255.162.226 port 52024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:37:42.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:43 honeypot-ams-1 sshd[25466]: Received disconnect from 141.255.162.226 port 37952:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:37:44.069Z"}
{"@timestamp":"2022-09-14T15:37:51.863Z","@version":"1","message":"Sep 14 15:37:50 honeypot-sgp-1 sshd[13983]: Disconnected from authenticating user root 61.177.173.53 port 15867 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:38:11 honeypot-fra-1 sshd[9975]: Received disconnect from 61.177.172.108 port 37655:11:  [preauth]","@timestamp":"2022-09-14T15:38:11.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:42:02 honeypot-ams-1 kernel: [84046705.907927] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18925 PROTO=TCP SPT=47086 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:42:03.180Z"}
{"@timestamp":"2022-09-14T15:43:19.014Z","@version":"1","message":"Sep 14 15:43:18 honeypot-sgp-1 sshd[13988]: Disconnected from invalid user admin 196.30.23.194 port 55341 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:47:04 honeypot-fra-1 kernel: [84044844.415074] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=113.31.162.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=47910 DF PROTO=TCP SPT=17001 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:47:04.978Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T15:47:15.108Z","@version":"1","message":"Sep 14 15:47:14 honeypot-sgp-1 sshd[13996]: Disconnected from invalid user rlombardo 114.205.54.184 port 55214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:54:53.312Z","@version":"1","message":"Sep 14 15:54:52 honeypot-sgp-1 sshd[14005]: Received disconnect from 92.255.85.69 port 31234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:56:35 honeypot-ams-1 kernel: [84047578.395602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.42.220.156 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=62420 PROTO=TCP SPT=41820 DPT=443 WINDOW=54308 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:56:35.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:57:42 honeypot-fra-1 sshd[9988]: Received disconnect from 92.255.85.70 port 50664:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:57:43.230Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:01:14 honeypot-ams-1 sshd[25494]: Received disconnect from 91.240.118.222 port 51422:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-14T16:01:14.679Z"}
{"@timestamp":"2022-09-14T16:01:46.478Z","@version":"1","message":"Sep 14 16:01:46 honeypot-sgp-1 sshd[14012]: Disconnected from authenticating user root 61.177.173.39 port 35116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:04:31 honeypot-fra-1 kernel: [84045891.570135] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.168.16.46 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=7243 DF PROTO=TCP SPT=52727 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T16:04:32.377Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:05:17 honeypot-ams-1 sshd[25499]: Received disconnect from 196.30.23.194 port 50680:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:05:17.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:06:31 honeypot-ams-1 sshd[25503]: Invalid user admin from 187.200.175.193 port 56417","@timestamp":"2022-09-14T16:06:31.818Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:08:55 honeypot-ams-1 kernel: [84048318.239389] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.63.108.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=1138 PROTO=TCP SPT=37675 DPT=443 WINDOW=43796 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:08:55.882Z"}
{"@timestamp":"2022-09-14T16:09:57.674Z","@version":"1","message":"Sep 14 16:09:57 honeypot-sgp-1 sshd[14019]: Invalid user cameras from 31.184.198.71 port 2054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:23.686Z","@version":"1","message":"Sep 14 16:10:23 honeypot-sgp-1 sshd[14025]: Invalid user  from 31.184.198.71 port 18898","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:43.698Z","@version":"1","message":"Sep 14 16:10:43 honeypot-sgp-1 sshd[14031]: Invalid user admin from 31.184.198.71 port 56080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:15.713Z","@version":"1","message":"Sep 14 16:11:14 honeypot-sgp-1 sshd[14037]: Disconnecting authenticating user root 31.184.198.71 port 6130: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:43.728Z","@version":"1","message":"Sep 14 16:11:42 honeypot-sgp-1 sshd[14043]: Invalid user araknis from 31.184.198.71 port 4941","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:10.742Z","@version":"1","message":"Sep 14 16:12:10 honeypot-sgp-1 sshd[14050]: Disconnecting authenticating user root 31.184.198.71 port 60949: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:25.750Z","@version":"1","message":"Sep 14 16:12:24 honeypot-sgp-1 sshd[14054]: Invalid user blank from 31.184.198.71 port 32087","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:36.755Z","@version":"1","message":"Sep 14 16:12:35 honeypot-sgp-1 sshd[14060]: Disconnecting invalid user admin 31.184.198.71 port 64633: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:50.763Z","@version":"1","message":"Sep 14 16:12:50 honeypot-sgp-1 sshd[14066]: Invalid user user from 45.61.184.204 port 51152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:59.768Z","@version":"1","message":"Sep 14 16:12:59 honeypot-sgp-1 sshd[14070]: Received disconnect from 45.61.184.204 port 34582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:13.776Z","@version":"1","message":"Sep 14 16:13:13 honeypot-sgp-1 sshd[14076]: Invalid user  from 31.184.198.71 port 28390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:21.780Z","@version":"1","message":"Sep 14 16:13:21 honeypot-sgp-1 sshd[14080]: Disconnecting invalid user Cisco 31.184.198.71 port 14983: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:46.793Z","@version":"1","message":"Sep 14 16:13:45 honeypot-sgp-1 sshd[14086]: Disconnecting invalid user 1234 31.184.198.71 port 25458: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:14.808Z","@version":"1","message":"Sep 14 16:14:14 honeypot-sgp-1 sshd[14094]: Invalid user adslroot from 31.184.198.71 port 35342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:44.824Z","@version":"1","message":"Sep 14 16:14:44 honeypot-sgp-1 sshd[14101]: Invalid user blank from 31.184.198.71 port 37032","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:13.839Z","@version":"1","message":"Sep 14 16:15:12 honeypot-sgp-1 sshd[14107]: Disconnecting authenticating user root 31.184.198.71 port 5949: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:44.854Z","@version":"1","message":"Sep 14 16:15:44 honeypot-sgp-1 sshd[14114]: Invalid user c1@r0 from 31.184.198.71 port 21115","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:48 honeypot-ams-1 sshd[25512]: Disconnected from authenticating user root 191.49.65.97 port 42792 [preauth]","@timestamp":"2022-09-14T16:15:49.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:59 honeypot-ams-1 sshd[25518]: Received disconnect from 191.49.65.97 port 43140:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:00.064Z"}
{"@timestamp":"2022-09-14T16:16:05.865Z","@version":"1","message":"Sep 14 16:16:05 honeypot-sgp-1 sshd[14120]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 3741","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:07 honeypot-ams-1 sshd[25524]: Received disconnect from 191.49.65.97 port 43339:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:08.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:17 honeypot-ams-1 sshd[25528]: Disconnected from authenticating user root 191.49.65.97 port 43471 [preauth]","@timestamp":"2022-09-14T16:16:18.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:26 honeypot-ams-1 sshd[25534]: Disconnected from authenticating user root 191.49.65.97 port 43751 [preauth]","@timestamp":"2022-09-14T16:16:27.079Z"}
{"@timestamp":"2022-09-14T16:16:35.881Z","@version":"1","message":"Sep 14 16:16:35 honeypot-sgp-1 sshd[14125]: Disconnecting invalid user lgnortel 31.184.198.71 port 37179: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:39 honeypot-ams-1 sshd[25540]: Disconnected from authenticating user root 191.49.65.97 port 44045 [preauth]","@timestamp":"2022-09-14T16:16:40.087Z"}
{"@timestamp":"2022-09-14T16:17:01.895Z","@version":"1","message":"Sep 14 16:17:01 honeypot-sgp-1 CRON[14133]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:17:01 honeypot-ams-1 CRON[25546]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T16:17:02.099Z"}
{"@timestamp":"2022-09-14T16:17:22.905Z","@version":"1","message":"Sep 14 16:17:22 honeypot-sgp-1 sshd[14138]: Disconnecting invalid user admin1234 31.184.198.71 port 64451: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:17:52.920Z","@version":"1","message":"Sep 14 16:17:51 honeypot-sgp-1 sshd[14144]: Disconnecting invalid user admin 31.184.198.71 port 7063: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:19.934Z","@version":"1","message":"Sep 14 16:18:19 honeypot-sgp-1 sshd[14152]: Disconnected from authenticating user root 92.255.85.69 port 39702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:39.945Z","@version":"1","message":"Sep 14 16:18:39 honeypot-sgp-1 sshd[14157]: Disconnecting invalid user admin 31.184.198.71 port 8477: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:10.961Z","@version":"1","message":"Sep 14 16:19:10 honeypot-sgp-1 sshd[14163]: Disconnecting invalid user admin 31.184.198.71 port 42055: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:31.971Z","@version":"1","message":"Sep 14 16:19:31 honeypot-sgp-1 sshd[14169]: Disconnecting invalid user Shiko 31.184.198.71 port 3295: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:54.984Z","@version":"1","message":"Sep 14 16:19:54 honeypot-sgp-1 sshd[14176]: Disconnecting invalid user smcadmin 31.184.198.71 port 9853: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:22.997Z","@version":"1","message":"Sep 14 16:20:22 honeypot-sgp-1 sshd[14182]: Invalid user highspeed from 31.184.198.71 port 14427","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:40.007Z","@version":"1","message":"Sep 14 16:20:39 honeypot-sgp-1 sshd[14188]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 37946","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:20:42 honeypot-fra-1 sshd[10001]: Received disconnect from 92.255.85.70 port 61344:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:20:42.738Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:20:58 honeypot-ams-1 sshd[25552]: Disconnected from invalid user pxe 68.183.145.59 port 34564 [preauth]","@timestamp":"2022-09-14T16:20:59.201Z"}
{"@timestamp":"2022-09-14T16:21:06.019Z","@version":"1","message":"Sep 14 16:21:05 honeypot-sgp-1 sshd[14193]: Disconnecting invalid user  31.184.198.71 port 47696: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:31.032Z","@version":"1","message":"Sep 14 16:21:30 honeypot-sgp-1 sshd[14199]: Disconnecting invalid user ubnt 31.184.198.71 port 53602: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:05.049Z","@version":"1","message":"Sep 14 16:22:04 honeypot-sgp-1 sshd[14206]: Disconnecting invalid user user 31.184.198.71 port 51005: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:40.068Z","@version":"1","message":"Sep 14 16:22:39 honeypot-sgp-1 sshd[14212]: Disconnecting invalid user Admin 31.184.198.71 port 24559: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:23:07.080Z","@version":"1","message":"Sep 14 16:23:06 honeypot-sgp-1 sshd[14218]: Disconnecting invalid user 0 31.184.198.71 port 62820: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:23:49.101Z","@version":"1","message":"Sep 14 16:23:48 honeypot-sgp-1 sshd[14225]: Disconnecting invalid user admin 31.184.198.71 port 20538: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:27:32 honeypot-fra-1 kernel: [84047271.990065] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=36.26.49.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=59494 PROTO=TCP SPT=5416 DPT=80 WINDOW=12552 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:27:32.893Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:28:18 honeypot-ams-1 sshd[25559]: Received disconnect from 161.35.127.34 port 48130:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:28:19.388Z"}
{"@timestamp":"2022-09-14T16:28:30.216Z","@version":"1","message":"Sep 14 16:28:29 honeypot-sgp-1 sshd[14232]: Disconnected from authenticating user root 103.153.141.55 port 50216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:33:43 honeypot-ams-1 sshd[25564]: Received disconnect from 14.225.198.182 port 36892:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:33:43.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:35:24 honeypot-ams-1 sshd[25568]: Disconnected from authenticating user root 103.164.221.210 port 33286 [preauth]","@timestamp":"2022-09-14T16:35:24.571Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:35:50 honeypot-fra-1 sshd[10010]: Disconnecting invalid user admin 114.35.235.34 port 33395: Too many authentication failures [preauth]","@timestamp":"2022-09-14T16:35:51.084Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:41:20.537Z","@version":"1","message":"Sep 14 16:41:20 honeypot-sgp-1 sshd[14237]: Received disconnect from 92.255.85.69 port 55582:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:50:02 honeypot-ams-1 kernel: [84050784.988486] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30696 PROTO=TCP SPT=53938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:50:02.944Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:50:12 honeypot-fra-1 kernel: [84048631.941977] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27546 PROTO=TCP SPT=53938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:50:12.407Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:52:10.801Z","@version":"1","message":"Sep 14 16:52:10 honeypot-sgp-1 sshd[14241]: Did not receive identification string from 193.142.146.50 port 54770","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:52:53.822Z","@version":"1","message":"Sep 14 16:52:52 honeypot-sgp-1 sshd[14246]: Disconnected from authenticating user root 193.142.146.50 port 34790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:54:15.859Z","@version":"1","message":"Sep 14 16:54:15 honeypot-sgp-1 sshd[14252]: Disconnected from authenticating user root 193.142.146.50 port 59050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:54:55.879Z","@version":"1","message":"Sep 14 16:54:55 honeypot-sgp-1 sshd[14259]: Disconnected from authenticating user root 193.142.146.50 port 55078 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:15 honeypot-fra-1 sshd[10020]: Invalid user user from 45.61.186.49 port 55076","@timestamp":"2022-09-14T16:55:16.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:25 honeypot-fra-1 sshd[10024]: Invalid user user from 45.61.186.49 port 38134","@timestamp":"2022-09-14T16:55:25.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:55:27.895Z","@version":"1","message":"Sep 14 16:55:27 honeypot-sgp-1 sshd[14265]: Disconnected from authenticating user root 193.142.146.50 port 33610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:56:27.921Z","@version":"1","message":"Sep 14 16:56:27 honeypot-sgp-1 sshd[14269]: Disconnected from invalid user admin 193.142.146.50 port 40374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:57:19 honeypot-fra-1 kernel: [84049059.772186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.152.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=12168 PROTO=TCP SPT=21396 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:57:20.593Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:19 honeypot-fra-1 sshd[10030]: Disconnected from invalid user user 45.61.187.160 port 40734 [preauth]","@timestamp":"2022-09-14T17:05:20.776Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:39 honeypot-fra-1 sshd[10034]: Disconnected from invalid user user 45.61.187.160 port 35270 [preauth]","@timestamp":"2022-09-14T17:05:40.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:58 honeypot-fra-1 sshd[10039]: Disconnected from invalid user user 45.61.187.160 port 58048 [preauth]","@timestamp":"2022-09-14T17:05:58.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:06:15 honeypot-fra-1 sshd[10043]: Disconnected from invalid user user 45.61.187.160 port 52556 [preauth]","@timestamp":"2022-09-14T17:06:15.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:08:14 honeypot-ams-1 kernel: [84051877.238552] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.23.148.223 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:08:14.411Z"}
{"@timestamp":"2022-09-14T17:08:49.213Z","@version":"1","message":"Sep 14 17:08:48 honeypot-sgp-1 sshd[14276]: Disconnected from authenticating user root 109.205.213.23 port 36294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:04.221Z","@version":"1","message":"Sep 14 17:09:03 honeypot-sgp-1 sshd[14283]: Disconnected from authenticating user root 109.205.213.23 port 37610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:27.233Z","@version":"1","message":"Sep 14 17:09:27 honeypot-sgp-1 sshd[14289]: Received disconnect from 109.205.213.23 port 53700:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:09:55 honeypot-ams-1 sshd[25580]: Disconnected from authenticating user root 92.255.85.70 port 43678 [preauth]","@timestamp":"2022-09-14T17:09:56.456Z"}
{"@timestamp":"2022-09-14T17:10:45.267Z","@version":"1","message":"Sep 14 17:10:44 honeypot-sgp-1 sshd[14296]: Received disconnect from 109.205.213.23 port 56332:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:11:03.276Z","@version":"1","message":"Sep 14 17:11:02 honeypot-sgp-1 sshd[14300]: Disconnected from invalid user test 109.205.213.23 port 57648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:11:38 honeypot-fra-1 sshd[10051]: Bad protocol version identification '' from 103.107.8.55 port 41218","@timestamp":"2022-09-14T17:11:39.925Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:12:19 honeypot-ams-1 sshd[25584]: Disconnected from invalid user server-pilotuser 187.32.8.50 port 51168 [preauth]","@timestamp":"2022-09-14T17:12:19.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:13:44 honeypot-ams-1 sshd[25589]: Disconnected from invalid user liam 203.151.83.7 port 32848 [preauth]","@timestamp":"2022-09-14T17:13:45.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:15:51 honeypot-fra-1 kernel: [84050171.653148] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=49451 PROTO=TCP SPT=54393 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:15:52.023Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T17:16:54.419Z","@version":"1","message":"Sep 14 17:16:54 honeypot-sgp-1 kernel: [84051922.723570] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.134.114.97 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=64341 DF PROTO=TCP SPT=28631 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:19:08 honeypot-ams-1 kernel: [84052530.884634] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.23.148.223 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=131 ID=45093 PROTO=TCP SPT=46117 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:19:08.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:30 honeypot-ams-1 sshd[25599]: Received disconnect from 198.98.61.9 port 33496:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:22:30.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:48 honeypot-ams-1 sshd[25603]: Received disconnect from 198.98.61.9 port 56010:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:22:48.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:06 honeypot-ams-1 sshd[25607]: Received disconnect from 198.98.61.9 port 50276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:23:06.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:23 honeypot-ams-1 sshd[25611]: Received disconnect from 198.98.61.9 port 44546:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:23:23.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:24:36 honeypot-fra-1 kernel: [84050695.848989] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=27490 PROTO=TCP SPT=56072 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:24:36.223Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T17:25:43.628Z","@version":"1","message":"Sep 14 17:25:42 honeypot-sgp-1 kernel: [84052451.150188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.33 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56252 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:27:10 honeypot-fra-1 sshd[10063]: Received disconnect from 206.81.9.31 port 22220:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:27:11.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:28:46 honeypot-fra-1 sshd[10068]: Disconnected from invalid user user 45.61.184.204 port 36266 [preauth]","@timestamp":"2022-09-14T17:28:47.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:04 honeypot-fra-1 sshd[10072]: Disconnected from invalid user user 45.61.184.204 port 59078 [preauth]","@timestamp":"2022-09-14T17:29:05.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:23 honeypot-fra-1 sshd[10076]: Disconnected from invalid user user 45.61.184.204 port 53654 [preauth]","@timestamp":"2022-09-14T17:29:24.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:40 honeypot-fra-1 sshd[10082]: Invalid user user from 45.61.184.204 port 48238","@timestamp":"2022-09-14T17:29:40.350Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:30:15 honeypot-ams-1 sshd[25619]: Invalid user monitor from 159.65.91.105 port 41716","@timestamp":"2022-09-14T17:30:15.984Z"}
{"@timestamp":"2022-09-14T17:34:45.843Z","@version":"1","message":"Sep 14 17:34:45 honeypot-sgp-1 sshd[14316]: Invalid user set from 190.64.136.124 port 42451","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:34:52 honeypot-fra-1 kernel: [84051312.340045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=33365 PROTO=TCP SPT=56830 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:34:53.468Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:34:55 honeypot-ams-1 sshd[25624]: Received disconnect from 152.32.229.160 port 64096:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:34:56.102Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:41:55 honeypot-fra-1 sshd[10092]: Invalid user zxx from 122.53.86.126 port 52206","@timestamp":"2022-09-14T17:41:55.633Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:42:25 honeypot-fra-1 sshd[10097]: Disconnected from authenticating user root 212.112.98.98 port 41522 [preauth]","@timestamp":"2022-09-14T17:42:25.646Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:43:21 honeypot-ams-1 kernel: [84053984.771540] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=39012 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:43:22.320Z"}
{"@timestamp":"2022-09-14T17:44:21.066Z","@version":"1","message":"Sep 14 17:44:20 honeypot-sgp-1 kernel: [84053568.501762] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.237.145.157 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=38826 PROTO=TCP SPT=57457 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:48:36 honeypot-fra-1 sshd[10100]: Disconnected from authenticating user root 178.128.243.6 port 38876 [preauth]","@timestamp":"2022-09-14T17:48:36.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:50:36 honeypot-fra-1 sshd[10104]: Disconnected from invalid user admin 162.215.1.193 port 52342 [preauth]","@timestamp":"2022-09-14T17:50:36.836Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:55:57 honeypot-fra-1 sshd[10109]: Disconnected from authenticating user root 36.66.151.17 port 49291 [preauth]","@timestamp":"2022-09-14T17:55:57.959Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:56:35 honeypot-ams-1 sshd[25633]: Disconnected from authenticating user root 92.255.85.69 port 55298 [preauth]","@timestamp":"2022-09-14T17:56:35.659Z"}
{"@timestamp":"2022-09-14T18:00:59.455Z","@version":"1","message":"Sep 14 18:00:59 honeypot-sgp-1 kernel: [84054567.448236] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46354 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:02:40 honeypot-fra-1 kernel: [84052979.769712] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=34793 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:02:41.112Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:05:36 honeypot-fra-1 sshd[10118]: Invalid user pi from 78.43.206.165 port 48734","@timestamp":"2022-09-14T18:05:37.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:06:17 honeypot-ams-1 kernel: [84055359.965847] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=10238 PROTO=TCP SPT=24863 DPT=80 WINDOW=37276 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:06:17.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:08:01 honeypot-fra-1 sshd[10124]: Received disconnect from 181.115.156.59 port 48796:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:08:02.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:09:12 honeypot-fra-1 kernel: [84053371.672382] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=47481 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:09:12.267Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T18:11:02.122Z","@version":"1","message":"Sep 14 18:11:01 honeypot-sgp-1 kernel: [84055170.140771] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.154.242.150 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=6582 PROTO=TCP SPT=55509 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:11:36 honeypot-fra-1 sshd[10131]: Unable to negotiate with 41.86.17.229 port 57711: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-14T18:11:37.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:12:04 honeypot-ams-1 kernel: [84055706.944040] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39826 PROTO=TCP SPT=54265 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:12:05.064Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:17:01 honeypot-fra-1 CRON[10139]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T18:17:02.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:20:44 honeypot-fra-1 sshd[10147]: Invalid user aleksandar from 165.22.3.63 port 56592","@timestamp":"2022-09-14T18:20:44.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:22:36 honeypot-ams-1 kernel: [84056339.810824] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=81.45.139.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=37016 PROTO=TCP SPT=56529 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:22:37.334Z"}
{"@timestamp":"2022-09-14T18:25:48.470Z","@version":"1","message":"Sep 14 18:25:47 honeypot-sgp-1 kernel: [84056055.917746] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.151.182.105 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=43432 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:26:49 honeypot-fra-1 sshd[10152]: Did not receive identification string from 200.54.189.102 port 36452","@timestamp":"2022-09-14T18:26:50.675Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T18:30:32.583Z","@version":"1","message":"Sep 14 18:30:32 honeypot-sgp-1 kernel: [84056340.512752] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.154 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46582 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:36:50 honeypot-ams-1 kernel: [84057193.003190] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=31809 PROTO=TCP SPT=44726 DPT=443 WINDOW=49878 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:36:50.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:16 honeypot-ams-1 sshd[25654]: Disconnected from invalid user admin 80.76.51.45 port 45866 [preauth]","@timestamp":"2022-09-14T18:40:16.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:00 honeypot-ams-1 sshd[25660]: Received disconnect from 80.76.51.45 port 58064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:41:00.839Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:41:13 honeypot-fra-1 sshd[10155]: Disconnected from authenticating user root 92.255.85.70 port 41236 [preauth]","@timestamp":"2022-09-14T18:41:13.999Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:43 honeypot-ams-1 sshd[25666]: Received disconnect from 80.76.51.45 port 41832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:41:43.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:26 honeypot-ams-1 sshd[25672]: Received disconnect from 80.76.51.45 port 53826:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:42:26.883Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:55 honeypot-ams-1 sshd[25676]: Received disconnect from 80.76.51.45 port 52664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:42:55.897Z"}
{"@timestamp":"2022-09-14T18:43:33.891Z","@version":"1","message":"Sep 14 18:43:33 honeypot-sgp-1 kernel: [84057122.157310] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.133.230 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=1827 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:45:41 honeypot-ams-1 kernel: [84057724.064684] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=22393 PROTO=TCP SPT=10209 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:45:41.972Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:47:45 honeypot-ams-1 kernel: [84057848.265601] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.179.184.132 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=14264 DF PROTO=TCP SPT=59056 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:47:46.031Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:48:04 honeypot-fra-1 sshd[10160]: Received disconnect from 154.92.23.239 port 42000:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:48:05.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:52:18 honeypot-fra-1 kernel: [84055957.739843] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=48074 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:52:18.255Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:42 honeypot-ams-1 sshd[25689]: Received disconnect from 80.76.51.46 port 41830:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:53:43.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:02 honeypot-ams-1 sshd[25694]: Disconnected from authenticating user root 80.76.51.46 port 48978 [preauth]","@timestamp":"2022-09-14T18:54:02.228Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:15 honeypot-ams-1 sshd[25700]: Invalid user user from 141.255.162.226 port 46228","@timestamp":"2022-09-14T18:54:16.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:21 honeypot-ams-1 sshd[25704]: Invalid user user from 141.255.162.226 port 54572","@timestamp":"2022-09-14T18:54:22.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:22 honeypot-ams-1 sshd[25708]: Invalid user user from 141.255.162.226 port 43022","@timestamp":"2022-09-14T18:54:23.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:24 honeypot-ams-1 sshd[25712]: Received disconnect from 141.255.162.226 port 51358:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:24.241Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:54 honeypot-ams-1 sshd[25718]: Received disconnect from 80.76.51.46 port 38538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:54.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:54:55 honeypot-fra-1 sshd[10169]: Invalid user wmm from 73.52.12.202 port 46530","@timestamp":"2022-09-14T18:54:56.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:15 honeypot-ams-1 sshd[25722]: Disconnected from invalid user test 80.76.51.46 port 45654 [preauth]","@timestamp":"2022-09-14T18:55:16.270Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:56:07 honeypot-fra-1 sshd[10173]: Connection closed by invalid user pi 194.44.139.244 port 49542 [preauth]","@timestamp":"2022-09-14T18:56:08.370Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:57:36 honeypot-ams-1 sshd[25728]: Invalid user user1 from 103.188.176.251 port 53660","@timestamp":"2022-09-14T18:57:37.332Z"}
{"@timestamp":"2022-09-14T19:01:50.312Z","@version":"1","message":"Sep 14 19:01:50 honeypot-sgp-1 sshd[14361]: Received disconnect from 112.137.140.40 port 46294:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:03:38 honeypot-fra-1 kernel: [84056637.754458] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.227.41.73 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=3086 PROTO=TCP SPT=42203 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:03:38.544Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:07:15 honeypot-ams-1 sshd[25732]: Received disconnect from 92.255.85.69 port 57728:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:07:15.581Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10188]: Invalid user mcserv from 43.138.12.15 port 44072","@timestamp":"2022-09-14T19:07:59.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10213]: Invalid user elastic from 43.138.12.15 port 44096","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10201]: Connection closed by invalid user elastic 43.138.12.15 port 44068 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10184]: Invalid user steam from 43.138.12.15 port 44050","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10195]: Invalid user user from 43.138.12.15 port 44100","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10198]: Invalid user hduser from 43.138.12.15 port 44080","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10202]: Invalid user ansible from 43.138.12.15 port 44066","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10189]: Connection closed by invalid user vagrant 43.138.12.15 port 44040 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10205]: Connection closed by invalid user admin 43.138.12.15 port 44090 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10200]: Connection closed by invalid user admin 43.138.12.15 port 44032 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:14 honeypot-fra-1 kernel: [84056913.522983] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.190.29.253 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=63060 PROTO=TCP SPT=42491 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:08:14.653Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T19:09:12.491Z","@version":"1","message":"Sep 14 19:09:12 honeypot-sgp-1 sshd[14366]: Received disconnect from 139.99.88.110 port 55962:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:10:09 honeypot-ams-1 kernel: [84059191.878741] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.220.172.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=53082 PROTO=TCP SPT=4957 DPT=443 WINDOW=27949 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:10:09.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:17:01 honeypot-ams-1 CRON[25739]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T19:17:01.841Z"}
{"@timestamp":"2022-09-14T19:21:30.787Z","@version":"1","message":"Sep 14 19:21:29 honeypot-sgp-1 kernel: [84059398.211568] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=1920 DF PROTO=TCP SPT=31581 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:25:08.877Z","@version":"1","message":"Sep 14 19:25:08 honeypot-sgp-1 sshd[14377]: Disconnected from authenticating user root 92.255.85.69 port 40848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:27:59 honeypot-fra-1 sshd[10350]: Received disconnect from 92.255.85.69 port 41508:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:27:59.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:28:41.980Z","@version":"1","message":"Sep 14 19:28:41 honeypot-sgp-1 sshd[14382]: Disconnected from invalid user tex 186.233.210.86 port 56888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:30:22 honeypot-ams-1 sshd[25746]: Received disconnect from 92.255.85.69 port 54462:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:30:23.206Z"}
{"@timestamp":"2022-09-14T19:32:15.069Z","@version":"1","message":"Sep 14 19:32:14 honeypot-sgp-1 kernel: [84060042.549266] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.222.18.77 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=48406 DF PROTO=TCP SPT=44381 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:33:48 honeypot-fra-1 sshd[10353]: Invalid user tomcat from 193.106.191.157 port 53058","@timestamp":"2022-09-14T19:33:49.234Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:39:44 honeypot-ams-1 kernel: [84060966.812845] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=404 DF PROTO=TCP SPT=48952 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T19:39:44.442Z"}
{"@timestamp":"2022-09-14T19:42:53.324Z","@version":"1","message":"Sep 14 19:42:52 honeypot-sgp-1 kernel: [84060680.813494] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.119.187 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=911 PROTO=TCP SPT=51183 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:46:15.407Z","@version":"1","message":"Sep 14 19:46:14 honeypot-sgp-1 sshd[14399]: Received disconnect from 162.19.26.39 port 59568:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:49:46 honeypot-fra-1 sshd[10360]: Disconnected from authenticating user root 60.249.82.125 port 34598 [preauth]","@timestamp":"2022-09-14T19:49:46.589Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:50:27 honeypot-ams-1 sshd[25752]: Connection closed by invalid user tomcat 193.106.191.157 port 33872 [preauth]","@timestamp":"2022-09-14T19:50:27.726Z"}
{"@timestamp":"2022-09-14T19:51:13.527Z","@version":"1","message":"Sep 14 19:51:13 honeypot-sgp-1 sshd[14404]: Disconnected from invalid user si 13.76.164.123 port 34374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:09 honeypot-fra-1 sshd[10366]: Received disconnect from 135.125.107.159 port 46938:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:53:10.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10375]: Invalid user hadoop from 45.127.108.174 port 54188","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10393]: Invalid user admin from 45.127.108.174 port 54196","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10370]: Invalid user oracle from 45.127.108.174 port 54226","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10371]: Connection closed by invalid user appuser 45.127.108.174 port 54246 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10376]: Connection closed by authenticating user root 45.127.108.174 port 54194 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10380]: Connection closed by authenticating user root 45.127.108.174 port 54244 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10395]: Connection closed by authenticating user root 45.127.108.174 port 54256 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:54 honeypot-fra-1 sshd[10399]: Connection closed by invalid user es 45.127.108.174 port 54202 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:07:09.910Z","@version":"1","message":"Sep 14 20:07:09 honeypot-sgp-1 kernel: [84062137.722177] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59988 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:08:12 honeypot-ams-1 kernel: [84062675.538272] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=55866 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:08:13.193Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:10:26 honeypot-fra-1 sshd[10434]: Received disconnect from 143.198.168.31 port 50280:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:10:26.059Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:13:30.063Z","@version":"1","message":"Sep 14 20:13:29 honeypot-sgp-1 sshd[14414]: Received disconnect from 141.255.162.226 port 33494:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:31.065Z","@version":"1","message":"Sep 14 20:13:30 honeypot-sgp-1 sshd[14418]: Received disconnect from 141.255.162.226 port 49670:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:35.066Z","@version":"1","message":"Sep 14 20:13:34 honeypot-sgp-1 sshd[14420]: Disconnected from invalid user user 141.255.162.226 port 37630 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:38.068Z","@version":"1","message":"Sep 14 20:13:37 honeypot-sgp-1 sshd[14427]: Invalid user user from 141.255.162.226 port 53820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:52.075Z","@version":"1","message":"Sep 14 20:13:51 honeypot-sgp-1 sshd[14431]: Invalid user admin from 220.135.177.191 port 47347","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:58.078Z","@version":"1","message":"Sep 14 20:13:57 honeypot-sgp-1 sshd[14435]: Received disconnect from 45.61.186.49 port 42876:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:14:44 honeypot-fra-1 sshd[10440]: Received disconnect from 103.2.135.19 port 39428:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:14:45.157Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:16:50.148Z","@version":"1","message":"Sep 14 20:16:49 honeypot-sgp-1 sshd[14439]: Disconnected from authenticating user root 110.141.33.146 port 51796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:17:01 honeypot-ams-1 CRON[25765]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T20:17:01.434Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:17:01 honeypot-fra-1 CRON[10445]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T20:17:02.212Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:20:00 honeypot-ams-1 kernel: [84063383.328347] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=35638 PROTO=TCP SPT=39458 DPT=80 WINDOW=17122 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:20:01.514Z"}
{"@timestamp":"2022-09-14T20:21:45.268Z","@version":"1","message":"Sep 14 20:21:44 honeypot-sgp-1 sshd[14445]: Disconnected from authenticating user root 43.154.18.2 port 41061 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:26:37 honeypot-fra-1 sshd[10451]: Disconnected from invalid user la 165.22.45.108 port 36298 [preauth]","@timestamp":"2022-09-14T20:26:38.430Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:27:12.403Z","@version":"1","message":"Sep 14 20:27:11 honeypot-sgp-1 sshd[14450]: Disconnected from authenticating user root 103.225.124.210 port 51480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:29:40 honeypot-ams-1 sshd[25775]: Disconnected from invalid user loyal 164.163.96.253 port 44304 [preauth]","@timestamp":"2022-09-14T20:29:40.767Z"}
{"@timestamp":"2022-09-14T20:34:57.595Z","@version":"1","message":"Sep 14 20:34:57 honeypot-sgp-1 sshd[14453]: Received disconnect from 92.255.85.69 port 34312:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:42.820Z","@version":"1","message":"Sep 14 20:36:42 honeypot-sgp-1 sshd[14459]: Invalid user user from 141.255.162.226 port 33322","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:44.821Z","@version":"1","message":"Sep 14 20:36:44 honeypot-sgp-1 sshd[14463]: Invalid user user from 141.255.162.226 port 41750","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:48.824Z","@version":"1","message":"Sep 14 20:36:48 honeypot-sgp-1 sshd[14467]: Invalid user user from 141.255.162.226 port 58616","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:37:44 honeypot-fra-1 sshd[10454]: Received disconnect from 92.255.85.70 port 33976:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:37:44.680Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:38:01 honeypot-ams-1 kernel: [84064464.559128] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=202.164.131.68 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=33136 DF PROTO=TCP SPT=39059 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:38:01.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:44:04 honeypot-fra-1 kernel: [84062664.074788] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.23.222.167 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=22374 PROTO=TCP SPT=48018 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:44:04.824Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:45:04 honeypot-ams-1 kernel: [84064887.383111] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.57.122.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=47984 PROTO=TCP SPT=43098 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:45:05.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:48:34 honeypot-ams-1 sshd[25785]: Disconnected from invalid user admin 202.88.244.36 port 38098 [preauth]","@timestamp":"2022-09-14T20:48:34.270Z"}
{"@timestamp":"2022-09-14T20:54:46.236Z","@version":"1","message":"Sep 14 20:54:45 honeypot-sgp-1 sshd[14472]: Invalid user admin from 107.173.209.238 port 59402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:59:46.353Z","@version":"1","message":"Sep 14 20:59:45 honeypot-sgp-1 sshd[14479]: Invalid user cms from 206.189.136.28 port 40144","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T21:00:29.373Z","@version":"1","message":"Sep 14 21:00:28 honeypot-sgp-1 kernel: [84065336.951235] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=48418 DF PROTO=TCP SPT=49442 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:01:41 honeypot-fra-1 sshd[10460]: Disconnected from authenticating user root 92.255.85.70 port 29190 [preauth]","@timestamp":"2022-09-14T21:01:42.219Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:02:21 honeypot-ams-1 sshd[25789]: Disconnected from invalid user beltrami 45.175.18.29 port 44634 [preauth]","@timestamp":"2022-09-14T21:02:21.632Z"}
{"@timestamp":"2022-09-14T21:08:02.545Z","@version":"1","message":"Sep 14 21:08:02 honeypot-sgp-1 kernel: [84065790.665998] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=14457 PROTO=TCP SPT=49203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:02 honeypot-fra-1 sshd[10463]: Connection closed by invalid user devops 43.138.12.15 port 55980 [preauth]","@timestamp":"2022-09-14T21:08:03.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10478]: Invalid user admin from 43.138.12.15 port 55976","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10479]: Invalid user teamspeak from 43.138.12.15 port 55948","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10488]: Invalid user ubuntu from 43.138.12.15 port 55938","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10501]: Invalid user es from 43.138.12.15 port 55966","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10479]: Connection closed by invalid user teamspeak 43.138.12.15 port 55948 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10489]: Invalid user ubuntu from 43.138.12.15 port 55928","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10489]: Connection closed by invalid user ubuntu 43.138.12.15 port 55928 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10472]: Invalid user ansible from 43.138.12.15 port 55964","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10497]: Connection closed by invalid user vagrant 43.138.12.15 port 55960 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10498]: Invalid user steam from 43.138.12.15 port 55918","@timestamp":"2022-09-14T21:08:07.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T21:10:18.600Z","@version":"1","message":"Sep 14 21:10:18 honeypot-sgp-1 kernel: [84065926.401135] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.71.254.43 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=31760 DF PROTO=TCP SPT=54185 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T21:13:53.684Z","@version":"1","message":"Sep 14 21:13:53 honeypot-sgp-1 kernel: [84066141.421801] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.172.249.199 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=21241 DF PROTO=TCP SPT=64931 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:14:36 honeypot-fra-1 sshd[10531]: Disconnected from invalid user lambda 165.22.45.108 port 41286 [preauth]","@timestamp":"2022-09-14T21:14:37.510Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:14:47 honeypot-ams-1 kernel: [84066669.932371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=21292 PROTO=TCP SPT=49203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:14:47.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:25:05 honeypot-ams-1 sshd[25799]: Disconnected from authenticating user root 138.68.162.6 port 36450 [preauth]","@timestamp":"2022-09-14T21:25:06.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:25:08 honeypot-fra-1 sshd[10537]: Disconnected from authenticating user root 92.255.85.69 port 53434 [preauth]","@timestamp":"2022-09-14T21:25:08.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:26:14 honeypot-fra-1 sshd[10539]: Did not receive identification string from 104.152.52.125 port 50773","@timestamp":"2022-09-14T21:26:14.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:36 honeypot-ams-1 sshd[25807]: Invalid user user from 198.98.61.9 port 59768","@timestamp":"2022-09-14T21:31:37.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:57 honeypot-ams-1 sshd[25811]: Invalid user user from 198.98.61.9 port 54646","@timestamp":"2022-09-14T21:31:58.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:15 honeypot-ams-1 sshd[25815]: Invalid user user from 198.98.61.9 port 49524","@timestamp":"2022-09-14T21:32:16.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:34 honeypot-ams-1 sshd[25819]: Invalid user user from 198.98.61.9 port 44392","@timestamp":"2022-09-14T21:32:34.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:37:36 honeypot-ams-1 sshd[25822]: Received disconnect from 3.110.215.200 port 59348:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:37:36.595Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:38:58 honeypot-fra-1 kernel: [84065957.673290] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=27678 PROTO=TCP SPT=50589 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:38:59.055Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T21:44:21.388Z","@version":"1","message":"Sep 14 21:44:21 honeypot-sgp-1 kernel: [84067969.426775] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.93.157 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35645 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:46:49 honeypot-ams-1 kernel: [84068592.149132] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.254.43 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=3114 DF PROTO=TCP SPT=52352 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T21:46:49.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:14 honeypot-ams-1 sshd[25831]: Invalid user user from 45.61.186.249 port 46190","@timestamp":"2022-09-14T21:51:14.955Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:34 honeypot-ams-1 sshd[25835]: Invalid user user from 45.61.186.249 port 40254","@timestamp":"2022-09-14T21:51:34.965Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:53 honeypot-ams-1 sshd[25839]: Invalid user user from 45.61.186.249 port 34312","@timestamp":"2022-09-14T21:51:53.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:52:08 honeypot-ams-1 sshd[25843]: Invalid user user from 45.61.186.249 port 56626","@timestamp":"2022-09-14T21:52:08.982Z"}
{"@timestamp":"2022-09-14T21:52:55.584Z","@version":"1","message":"Sep 14 21:52:55 honeypot-sgp-1 sshd[14581]: Connection closed by invalid user user 103.188.176.251 port 52078 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:53:42 honeypot-fra-1 kernel: [84066841.816122] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.91.221.105 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:53:43.395Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:00:09.752Z","@version":"1","message":"Sep 14 22:00:09 honeypot-sgp-1 kernel: [84068917.777891] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=177.92.129.1 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=1367 DF PROTO=TCP SPT=47912 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:26.877Z","@version":"1","message":"Sep 14 22:05:26 honeypot-sgp-1 sshd[14591]: Invalid user user from 141.255.162.226 port 40056","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:32.879Z","@version":"1","message":"Sep 14 22:05:32 honeypot-sgp-1 sshd[14595]: Invalid user user from 141.255.162.226 port 49330","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:57.890Z","@version":"1","message":"Sep 14 22:05:57 honeypot-sgp-1 kernel: [84069265.156393] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:05:58 honeypot-fra-1 sshd[10553]: Invalid user star from 188.166.127.59 port 45086","@timestamp":"2022-09-14T22:05:59.691Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:07:42 honeypot-ams-1 kernel: [84069845.502463] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.153.85.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=27044 PROTO=TCP SPT=15378 DPT=80 WINDOW=26178 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:07:43.381Z"}
{"@timestamp":"2022-09-14T22:09:12.965Z","@version":"1","message":"Sep 14 22:09:12 honeypot-sgp-1 sshd[14601]: Received disconnect from 92.255.85.69 port 55438:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:27 honeypot-ams-1 sshd[25849]: Disconnected from invalid user sld 46.101.135.232 port 55410 [preauth]","@timestamp":"2022-09-14T22:09:28.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:10:18 honeypot-ams-1 sshd[25855]: Received disconnect from 41.82.208.182 port 39816:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:10:19.451Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:11:10 honeypot-ams-1 sshd[25857]: Received disconnect from 162.19.26.39 port 44774:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:11:11.476Z"}
{"@timestamp":"2022-09-14T22:11:44.026Z","@version":"1","message":"Sep 14 22:11:43 honeypot-sgp-1 sshd[14606]: Disconnected from authenticating user root 61.177.172.124 port 23580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:11:44 honeypot-fra-1 sshd[10556]: Disconnected from authenticating user root 92.255.85.69 port 18328 [preauth]","@timestamp":"2022-09-14T22:11:44.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:14:30 honeypot-ams-1 sshd[25862]: Disconnected from authenticating user root 92.255.85.69 port 44384 [preauth]","@timestamp":"2022-09-14T22:14:30.562Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:16:58 honeypot-ams-1 kernel: [84070401.150041] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=59465 PROTO=TCP SPT=45754 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:16:58.633Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:17:01 honeypot-fra-1 CRON[10562]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T22:17:01.956Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:17:02.150Z","@version":"1","message":"Sep 14 22:17:01 honeypot-sgp-1 CRON[14612]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:18:00 honeypot-ams-1 sshd[25872]: Received disconnect from 61.177.172.108 port 14554:11:  [preauth]","@timestamp":"2022-09-14T22:18:00.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:22:10 honeypot-ams-1 sshd[25875]: Disconnected from authenticating user root 134.122.8.241 port 51768 [preauth]","@timestamp":"2022-09-14T22:22:10.774Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:24:26 honeypot-fra-1 kernel: [84068685.979194] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48823 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:24:27.148Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:24:55.351Z","@version":"1","message":"Sep 14 22:24:54 honeypot-sgp-1 sshd[14618]: Connection closed by 67.207.95.230 port 42936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:09.383Z","@version":"1","message":"Sep 14 22:26:09 honeypot-sgp-1 sshd[14622]: Received disconnect from 46.101.2.4 port 57634:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:45.400Z","@version":"1","message":"Sep 14 22:26:44 honeypot-sgp-1 sshd[14626]: Disconnected from authenticating user root 61.177.173.35 port 47662 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:26:53 honeypot-ams-1 kernel: [84070996.377227] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=56391 PROTO=TCP SPT=2982 DPT=80 WINDOW=62311 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:26:53.899Z"}
{"@timestamp":"2022-09-14T22:27:43.423Z","@version":"1","message":"Sep 14 22:27:42 honeypot-sgp-1 sshd[14632]: Received disconnect from 62.84.124.238 port 40526:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:29:04.458Z","@version":"1","message":"Sep 14 22:29:03 honeypot-sgp-1 sshd[14636]: Received disconnect from 180.130.116.221 port 58042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:30:27.493Z","@version":"1","message":"Sep 14 22:30:27 honeypot-sgp-1 sshd[14643]: Received disconnect from 167.71.233.59 port 42016:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:31:43.527Z","@version":"1","message":"Sep 14 22:31:43 honeypot-sgp-1 sshd[14647]: Invalid user postgres from 202.61.105.17 port 43350","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:32:12.540Z","@version":"1","message":"Sep 14 22:32:11 honeypot-sgp-1 sshd[14649]: Disconnected from invalid user postgres 43.132.253.90 port 53590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:33:48.581Z","@version":"1","message":"Sep 14 22:33:48 honeypot-sgp-1 sshd[14655]: Received disconnect from 217.13.211.152 port 41522:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:34:13 honeypot-ams-1 sshd[25889]: Connection closed by invalid user tomcat 193.106.191.157 port 49694 [preauth]","@timestamp":"2022-09-14T22:34:14.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:35:36 honeypot-fra-1 sshd[10569]: Disconnected from authenticating user root 92.255.85.70 port 28052 [preauth]","@timestamp":"2022-09-14T22:35:36.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:37:26.668Z","@version":"1","message":"Sep 14 22:37:25 honeypot-sgp-1 sshd[14662]: Invalid user user from 141.255.162.226 port 45180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:28.669Z","@version":"1","message":"Sep 14 22:37:28 honeypot-sgp-1 sshd[14666]: Invalid user user from 141.255.162.226 port 40284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:34.672Z","@version":"1","message":"Sep 14 22:37:34 honeypot-sgp-1 sshd[14670]: Invalid user user from 141.255.162.226 port 35394","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:37:48 honeypot-ams-1 sshd[25893]: Disconnected from authenticating user root 92.255.85.70 port 34596 [preauth]","@timestamp":"2022-09-14T22:37:49.187Z"}
{"@timestamp":"2022-09-14T22:37:51.680Z","@version":"1","message":"Sep 14 22:37:51 honeypot-sgp-1 sshd[14674]: Disconnected from invalid user admin 117.202.18.5 port 44372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:39:57 honeypot-fra-1 sshd[10574]: Received disconnect from 164.92.210.129 port 45878:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:39:57.530Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:41:51 honeypot-ams-1 sshd[25902]: Disconnected from authenticating user root 61.177.172.104 port 36948 [preauth]","@timestamp":"2022-09-14T22:41:52.294Z"}
{"@timestamp":"2022-09-14T22:43:00.805Z","@version":"1","message":"Sep 14 22:42:59 honeypot-sgp-1 kernel: [84071487.905550] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.71.254.63 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=13498 PROTO=TCP SPT=54815 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:44:33 honeypot-fra-1 sshd[10579]: Invalid user admin from 186.206.151.246 port 41950","@timestamp":"2022-09-14T22:44:33.636Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:47:30.915Z","@version":"1","message":"Sep 14 22:47:30 honeypot-sgp-1 sshd[14683]: Disconnected from authenticating user root 61.177.172.114 port 36643 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:49:47 honeypot-ams-1 sshd[25910]: Received disconnect from 179.43.156.143 port 53806:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:49:47.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:50:33 honeypot-fra-1 sshd[10584]: Received disconnect from 165.22.45.108 port 51262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:50:34.771Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:51:06 honeypot-ams-1 sshd[25920]: Received disconnect from 179.43.156.143 port 46730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:51:06.535Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:52:57 honeypot-ams-1 kernel: [84072560.008766] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.143.203.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54647 PROTO=TCP SPT=49190 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:52:57.584Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:53:39 honeypot-ams-1 sshd[25931]: Invalid user nutanix from 179.43.156.143 port 60950","@timestamp":"2022-09-14T22:53:40.606Z"}
{"@timestamp":"2022-09-14T22:54:00.074Z","@version":"1","message":"Sep 14 22:53:59 honeypot-sgp-1 sshd[14690]: Received disconnect from 182.160.96.46 port 54808:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:54:18 honeypot-ams-1 sshd[25933]: Disconnected from invalid user ossuser 179.43.156.143 port 57452 [preauth]","@timestamp":"2022-09-14T22:54:18.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:19 honeypot-fra-1 sshd[10589]: Invalid user user from 198.98.61.9 port 34836","@timestamp":"2022-09-14T22:54:19.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:39 honeypot-fra-1 sshd[10593]: Invalid user user from 198.98.61.9 port 56978","@timestamp":"2022-09-14T22:54:39.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:56 honeypot-fra-1 sshd[10597]: Invalid user user from 198.98.61.9 port 50884","@timestamp":"2022-09-14T22:54:56.874Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:55:11 honeypot-ams-1 sshd[25937]: Disconnected from authenticating user root 61.177.173.47 port 41086 [preauth]","@timestamp":"2022-09-14T22:55:12.648Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:55:12 honeypot-fra-1 sshd[10601]: Invalid user user from 198.98.61.9 port 44792","@timestamp":"2022-09-14T22:55:12.882Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:55:26.109Z","@version":"1","message":"Sep 14 22:55:25 honeypot-sgp-1 sshd[14695]: Received disconnect from 123.120.1.239 port 57338:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:56:56 honeypot-ams-1 sshd[25944]: Received disconnect from 179.43.156.143 port 43416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:56:56.696Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:58:58 honeypot-ams-1 sshd[25950]: Received disconnect from 179.43.156.143 port 32910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:58:59.751Z"}
{"@timestamp":"2022-09-14T22:59:25.204Z","@version":"1","message":"Sep 14 22:59:24 honeypot-sgp-1 sshd[14701]: Received disconnect from 61.177.173.46 port 49785:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:59:39 honeypot-fra-1 kernel: [84070798.941920] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.152 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=62756 PROTO=TCP SPT=56349 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:59:39.998Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T23:00:54.242Z","@version":"1","message":"Sep 14 23:00:54 honeypot-sgp-1 sshd[14704]: Connection closed by invalid user centos 179.60.147.69 port 10522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:01:05 honeypot-ams-1 sshd[25955]: Disconnected from authenticating user root 92.255.85.69 port 38424 [preauth]","@timestamp":"2022-09-14T23:01:05.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:03:27 honeypot-fra-1 sshd[10611]: Invalid user tomcat from 193.106.191.157 port 40374","@timestamp":"2022-09-14T23:03:28.085Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:08:51 honeypot-ams-1 sshd[25964]: Received disconnect from 103.29.85.13 port 60286:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:08:52.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:10:10 honeypot-ams-1 sshd[25969]: Disconnected from authenticating user root 46.19.141.122 port 60418 [preauth]","@timestamp":"2022-09-14T23:10:11.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:12:11 honeypot-ams-1 sshd[25973]: Received disconnect from 46.19.141.122 port 34228:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:12:12.104Z"}
{"@timestamp":"2022-09-14T23:13:50.547Z","@version":"1","message":"Sep 14 23:13:49 honeypot-sgp-1 kernel: [84073338.034552] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.60 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=56350 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:00 honeypot-ams-1 sshd[25978]: Disconnected from invalid user user 46.19.141.122 port 35734 [preauth]","@timestamp":"2022-09-14T23:14:01.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:49 honeypot-ams-1 sshd[25982]: Disconnected from invalid user support 46.19.141.122 port 36716 [preauth]","@timestamp":"2022-09-14T23:14:50.174Z"}
{"@timestamp":"2022-09-14T23:16:39.617Z","@version":"1","message":"Sep 14 23:16:38 honeypot-sgp-1 sshd[14716]: Disconnected from authenticating user root 178.128.28.51 port 32850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:17:09 honeypot-fra-1 kernel: [84071848.371084] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.81.55 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x20 TTL=118 ID=20277 DF PROTO=TCP SPT=56035 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T23:17:10.385Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T23:18:13.658Z","@version":"1","message":"Sep 14 23:18:13 honeypot-sgp-1 kernel: [84073601.514163] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=21210 PROTO=TCP SPT=56701 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:42 honeypot-fra-1 sshd[10623]: Disconnected from invalid user user 45.61.186.169 port 55076 [preauth]","@timestamp":"2022-09-14T23:18:43.423Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:59 honeypot-fra-1 sshd[10627]: Disconnected from invalid user user 45.61.186.169 port 49758 [preauth]","@timestamp":"2022-09-14T23:19:00.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:15 honeypot-fra-1 sshd[10631]: Disconnected from invalid user user 45.61.186.169 port 44412 [preauth]","@timestamp":"2022-09-14T23:19:16.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:31 honeypot-fra-1 sshd[10635]: Disconnected from invalid user user 45.61.186.169 port 39086 [preauth]","@timestamp":"2022-09-14T23:19:31.447Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:20:24.711Z","@version":"1","message":"Sep 14 23:20:24 honeypot-sgp-1 sshd[14729]: Received disconnect from 51.15.225.183 port 37808:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:07.730Z","@version":"1","message":"Sep 14 23:21:07 honeypot-sgp-1 sshd[14734]: Invalid user user from 45.61.186.169 port 59064","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:25.738Z","@version":"1","message":"Sep 14 23:21:25 honeypot-sgp-1 sshd[14738]: Invalid user user from 45.61.186.169 port 53614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:33.743Z","@version":"1","message":"Sep 14 23:21:33 honeypot-sgp-1 sshd[14743]: Received disconnect from 45.61.186.169 port 36770:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:21:38 honeypot-ams-1 sshd[25990]: Received disconnect from 61.177.172.108 port 30119:11:  [preauth]","@timestamp":"2022-09-14T23:21:38.349Z"}
{"@timestamp":"2022-09-14T23:21:41.746Z","@version":"1","message":"Sep 14 23:21:41 honeypot-sgp-1 sshd[14746]: Disconnected from invalid user user 45.61.186.169 port 48144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:23:35.793Z","@version":"1","message":"Sep 14 23:23:35 honeypot-sgp-1 sshd[14753]: Received disconnect from 143.244.158.100 port 35184:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:25:02 honeypot-ams-1 sshd[25996]: Received disconnect from 92.255.85.70 port 24274:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:25:02.439Z"}
{"@timestamp":"2022-09-14T23:26:23.862Z","@version":"1","message":"Sep 14 23:26:23 honeypot-sgp-1 sshd[14760]: Received disconnect from 143.244.158.100 port 48804:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:28:08.906Z","@version":"1","message":"Sep 14 23:28:08 honeypot-sgp-1 kernel: [84074196.085998] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.23.144.23 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=7425 DF PROTO=TCP SPT=64781 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:29:33.942Z","@version":"1","message":"Sep 14 23:29:33 honeypot-sgp-1 sshd[14770]: Received disconnect from 161.35.98.96 port 59668:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:29:36 honeypot-ams-1 sshd[26001]: Disconnected from authenticating user root 20.187.88.167 port 40236 [preauth]","@timestamp":"2022-09-14T23:29:37.558Z"}
{"@timestamp":"2022-09-14T23:30:50.975Z","@version":"1","message":"Sep 14 23:30:50 honeypot-sgp-1 kernel: [84074358.208223] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=56941 PROTO=TCP SPT=58202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:32:13.011Z","@version":"1","message":"Sep 14 23:32:12 honeypot-sgp-1 sshd[14781]: Received disconnect from 143.244.158.100 port 50682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:35:15.085Z","@version":"1","message":"Sep 14 23:35:14 honeypot-sgp-1 sshd[14787]: Received disconnect from 143.244.158.100 port 44890:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:36:39 honeypot-ams-1 sshd[26008]: Received disconnect from 94.159.31.10 port 54265:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:36:39.740Z"}
{"@timestamp":"2022-09-14T23:37:06.258Z","@version":"1","message":"Sep 14 23:37:05 honeypot-sgp-1 sshd[14794]: Received disconnect from 143.244.158.100 port 48174:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:39:13.308Z","@version":"1","message":"Sep 14 23:39:13 honeypot-sgp-1 sshd[14800]: Connection closed by authenticating user root 179.60.147.69 port 13862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:40:30 honeypot-ams-1 sshd[26013]: Received disconnect from 68.183.92.26 port 38504:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:40:30.842Z"}
{"@timestamp":"2022-09-14T23:42:07.377Z","@version":"1","message":"Sep 14 23:42:06 honeypot-sgp-1 sshd[14808]: Disconnected from authenticating user root 143.244.158.100 port 53776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:43:09 honeypot-fra-1 sshd[10643]: Disconnected from authenticating user landscape 165.22.45.108 port 56322 [preauth]","@timestamp":"2022-09-14T23:43:09.966Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:43:57.423Z","@version":"1","message":"Sep 14 23:43:57 honeypot-sgp-1 sshd[14814]: Received disconnect from 143.244.158.100 port 47152:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:45:34.463Z","@version":"1","message":"Sep 14 23:45:34 honeypot-sgp-1 sshd[14820]: Invalid user ds from 43.155.80.159 port 41500","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:45:40 honeypot-ams-1 kernel: [84075723.301058] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.93.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48889 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:45:40.980Z"}
{"@timestamp":"2022-09-14T23:46:47.493Z","@version":"1","message":"Sep 14 23:46:46 honeypot-sgp-1 sshd[14824]: Disconnected from authenticating user root 143.244.158.100 port 37456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:48:08 honeypot-ams-1 sshd[26027]: Received disconnect from 92.255.85.70 port 54660:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:48:09.053Z"}
{"@timestamp":"2022-09-14T23:48:47.542Z","@version":"1","message":"Sep 14 23:48:47 honeypot-sgp-1 sshd[14831]: Received disconnect from 138.2.245.103 port 41972:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:51:10 honeypot-ams-1 sshd[26033]: Received disconnect from 149.56.102.60 port 50172:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:51:10.134Z"}
{"@timestamp":"2022-09-14T23:51:26.605Z","@version":"1","message":"Sep 14 23:51:25 honeypot-sgp-1 sshd[14841]: Received disconnect from 143.244.158.100 port 42466:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:52:08 honeypot-ams-1 sshd[26037]: Disconnected from invalid user kise 222.253.43.62 port 63195 [preauth]","@timestamp":"2022-09-14T23:52:09.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:53:54 honeypot-ams-1 sshd[26046]: Invalid user user from 45.61.186.249 port 41476","@timestamp":"2022-09-14T23:53:55.215Z"}
{"@timestamp":"2022-09-14T23:54:00.667Z","@version":"1","message":"Sep 14 23:53:59 honeypot-sgp-1 sshd[14848]: Received disconnect from 61.177.173.39 port 17442:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:04 honeypot-ams-1 sshd[26050]: Received disconnect from 45.61.186.249 port 53144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:54:05.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:22 honeypot-ams-1 sshd[26054]: Received disconnect from 45.61.186.249 port 48282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:54:22.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:39 honeypot-ams-1 sshd[26058]: Received disconnect from 45.61.186.249 port 43366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:54:40.239Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:55:43 honeypot-ams-1 kernel: [84076326.521587] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=46617 PROTO=TCP SPT=62725 DPT=80 WINDOW=40602 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:55:44.271Z"}
{"@timestamp":"2022-09-14T23:56:01.717Z","@version":"1","message":"Sep 14 23:56:01 honeypot-sgp-1 sshd[14854]: Received disconnect from 143.244.158.100 port 38966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:57:17 honeypot-fra-1 sshd[10650]: Connection closed by invalid user user 103.188.176.251 port 50724 [preauth]","@timestamp":"2022-09-14T23:57:17.286Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:58:45.783Z","@version":"1","message":"Sep 14 23:58:45 honeypot-sgp-1 sshd[14862]: Received disconnect from 143.244.158.100 port 48638:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:05 honeypot-fra-1 sshd[10653]: Disconnected from invalid user user 45.61.186.169 port 37192 [preauth]","@timestamp":"2022-09-14T23:59:06.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:24 honeypot-fra-1 sshd[10657]: Disconnected from invalid user user 45.61.186.169 port 60226 [preauth]","@timestamp":"2022-09-14T23:59:24.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:40 honeypot-fra-1 sshd[10661]: Disconnected from invalid user user 45.61.186.169 port 55040 [preauth]","@timestamp":"2022-09-14T23:59:40.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:56 honeypot-fra-1 sshd[10665]: Disconnected from invalid user user 45.61.186.169 port 49842 [preauth]","@timestamp":"2022-09-14T23:59:57.355Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:00:59.837Z","@version":"1","message":"Sep 15 00:00:59 honeypot-sgp-1 sshd[14868]: Received disconnect from 143.244.158.100 port 40572:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:02:52.884Z","@version":"1","message":"Sep 15 00:02:52 honeypot-sgp-1 sshd[14872]: Disconnected from authenticating user root 143.244.158.100 port 57260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:04:43.930Z","@version":"1","message":"Sep 15 00:04:43 honeypot-sgp-1 sshd[14879]: Disconnected from authenticating user root 143.244.158.100 port 33590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:05:00 honeypot-ams-1 sshd[26067]: Received disconnect from 61.177.173.35 port 58535:11:  [preauth]","@timestamp":"2022-09-15T00:05:00.515Z"}
{"@timestamp":"2022-09-15T00:06:52.985Z","@version":"1","message":"Sep 15 00:06:52 honeypot-sgp-1 sshd[14885]: Received disconnect from 143.244.158.100 port 59726:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:09:44.052Z","@version":"1","message":"Sep 15 00:09:43 honeypot-sgp-1 sshd[14894]: Received disconnect from 143.244.158.100 port 47146:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:11:32 honeypot-ams-1 sshd[26073]: Disconnected from authenticating user root 92.255.85.70 port 51132 [preauth]","@timestamp":"2022-09-15T00:11:32.686Z"}
{"@timestamp":"2022-09-15T00:11:48.100Z","@version":"1","message":"Sep 15 00:11:48 honeypot-sgp-1 sshd[14898]: Received disconnect from 143.244.158.100 port 60296:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:12:28 honeypot-fra-1 sshd[10670]: Disconnected from authenticating user root 137.184.100.90 port 40288 [preauth]","@timestamp":"2022-09-15T00:12:29.639Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:12:32.120Z","@version":"1","message":"Sep 15 00:12:32 honeypot-sgp-1 sshd[14902]: Received disconnect from 104.131.190.193 port 35209:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:15:05.181Z","@version":"1","message":"Sep 15 00:15:04 honeypot-sgp-1 kernel: [84077012.516486] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=58743 PROTO=TCP SPT=40003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:15 honeypot-ams-1 sshd[26079]: Invalid user user from 45.61.186.49 port 46216","@timestamp":"2022-09-15T00:16:16.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:25 honeypot-ams-1 sshd[26083]: Invalid user user from 45.61.186.49 port 57820","@timestamp":"2022-09-15T00:16:25.818Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:17:01 honeypot-fra-1 CRON[10676]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T00:17:01.776Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:19:02 honeypot-ams-1 sshd[26088]: Received disconnect from 61.177.173.35 port 26671:11:  [preauth]","@timestamp":"2022-09-15T00:19:03.891Z"}
{"@timestamp":"2022-09-15T00:19:53.295Z","@version":"1","message":"Sep 15 00:19:53 honeypot-sgp-1 sshd[14918]: Connection closed by invalid user samba 103.188.176.251 port 56644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:22:31.359Z","@version":"1","message":"Sep 15 00:22:31 honeypot-sgp-1 kernel: [84077459.148612] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.248.46 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45533 PROTO=TCP SPT=37775 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:34 honeypot-ams-1 sshd[26096]: Invalid user user from 141.255.162.226 port 34448","@timestamp":"2022-09-15T00:22:34.985Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:38 honeypot-ams-1 sshd[26100]: Invalid user user from 141.255.162.226 port 39932","@timestamp":"2022-09-15T00:22:38.988Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:39 honeypot-ams-1 sshd[26104]: Invalid user user from 141.255.162.226 port 48370","@timestamp":"2022-09-15T00:22:39.989Z"}
{"@timestamp":"2022-09-15T00:25:01.419Z","@version":"1","message":"Sep 15 00:25:00 honeypot-sgp-1 sshd[14931]: Invalid user ha from 20.87.8.78 port 38884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:26:29 honeypot-fra-1 sshd[10685]: Disconnected from authenticating user root 222.113.84.214 port 45126 [preauth]","@timestamp":"2022-09-15T00:26:29.985Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:27:21 honeypot-ams-1 sshd[26108]: Disconnected from authenticating user root 61.177.173.37 port 49950 [preauth]","@timestamp":"2022-09-15T00:27:22.114Z"}
{"@timestamp":"2022-09-15T00:28:59.516Z","@version":"1","message":"Sep 15 00:28:58 honeypot-sgp-1 sshd[14934]: Received disconnect from 61.177.173.51 port 22652:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:31:00.566Z","@version":"1","message":"Sep 15 00:30:59 honeypot-sgp-1 kernel: [84077967.799901] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41394 PROTO=TCP SPT=50424 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:34:26 honeypot-ams-1 sshd[26115]: Received disconnect from 61.177.172.19 port 63247:11:  [preauth]","@timestamp":"2022-09-15T00:34:26.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:34:55 honeypot-fra-1 sshd[10692]: Invalid user ubnt from 179.60.147.69 port 58220","@timestamp":"2022-09-15T00:34:55.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:36:29 honeypot-ams-1 sshd[26120]: Disconnected from authenticating user root 159.65.129.227 port 32918 [preauth]","@timestamp":"2022-09-15T00:36:30.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:39:43 honeypot-ams-1 sshd[26126]: Received disconnect from 13.83.41.0 port 35150:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:39:43.444Z"}
{"@timestamp":"2022-09-15T00:40:24.790Z","@version":"1","message":"Sep 15 00:40:24 honeypot-sgp-1 sshd[14948]: Invalid user applmgr from 20.55.113.203 port 1024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:43:12.857Z","@version":"1","message":"Sep 15 00:43:11 honeypot-sgp-1 sshd[14952]: Invalid user admin from 128.199.168.83 port 48554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:44:22.886Z","@version":"1","message":"Sep 15 00:44:22 honeypot-sgp-1 sshd[14958]: Received disconnect from 103.68.183.202 port 47940:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:46:21.935Z","@version":"1","message":"Sep 15 00:46:21 honeypot-sgp-1 kernel: [84078889.503427] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=61782 DF PROTO=TCP SPT=59722 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:46:50 honeypot-ams-1 sshd[26131]: Disconnected from authenticating user root 61.177.173.36 port 44229 [preauth]","@timestamp":"2022-09-15T00:46:50.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:48:47 honeypot-fra-1 sshd[10697]: Did not receive identification string from 190.153.222.250 port 47594","@timestamp":"2022-09-15T00:48:48.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:56:19 honeypot-fra-1 kernel: [84077797.948338] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.195.7.48 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53152 PROTO=TCP SPT=57141 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:56:19.682Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:57:24 honeypot-ams-1 sshd[26138]: Received disconnect from 61.177.172.114 port 37625:11:  [preauth]","@timestamp":"2022-09-15T00:57:24.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:00:32 honeypot-fra-1 sshd[10707]: Connection closed by invalid user tomcat 193.106.191.157 port 51104 [preauth]","@timestamp":"2022-09-15T01:00:32.784Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:00:48 honeypot-ams-1 kernel: [84080230.848190] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=7378 PROTO=TCP SPT=52613 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:00:49.013Z"}
{"@timestamp":"2022-09-15T01:03:41.377Z","@version":"1","message":"Sep 15 01:03:40 honeypot-sgp-1 kernel: [84079928.495947] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=47120 DF PROTO=TCP SPT=61151 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:08:20 honeypot-ams-1 sshd[26149]: Disconnected from 143.110.236.239 port 60374 [preauth]","@timestamp":"2022-09-15T01:08:21.213Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:24 honeypot-fra-1 sshd[10712]: Disconnected from invalid user user 45.61.186.169 port 57588 [preauth]","@timestamp":"2022-09-15T01:10:25.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:41 honeypot-fra-1 sshd[10716]: Received disconnect from 45.61.186.169 port 52232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:10:42.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:57 honeypot-fra-1 sshd[10721]: Received disconnect from 45.61.186.169 port 46870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:10:58.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:11:13 honeypot-fra-1 sshd[10725]: Received disconnect from 45.61.186.169 port 41520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:11:14.125Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:12:27.601Z","@version":"1","message":"Sep 15 01:12:27 honeypot-sgp-1 kernel: [84080455.539031] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.237.243.100 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=38 ID=31711 PROTO=TCP SPT=60885 DPT=80 WINDOW=52721 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:13:49 honeypot-ams-1 sshd[26156]: Invalid user guest from 179.60.147.69 port 43788","@timestamp":"2022-09-15T01:13:50.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:17:01 honeypot-ams-1 CRON[26166]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T01:17:02.443Z"}
{"@timestamp":"2022-09-15T01:17:02.710Z","@version":"1","message":"Sep 15 01:17:01 honeypot-sgp-1 CRON[14991]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:19:17 honeypot-fra-1 sshd[10736]: Received disconnect from 92.255.85.69 port 60454:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:19:17.307Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:19:55.780Z","@version":"1","message":"Sep 15 01:19:55 honeypot-sgp-1 sshd[14998]: Received disconnect from 113.203.237.139 port 54270:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:27:19.959Z","@version":"1","message":"Sep 15 01:27:19 honeypot-sgp-1 sshd[15022]: Received disconnect from 61.177.173.49 port 11053:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:30:57 honeypot-fra-1 sshd[10743]: Invalid user user from 45.61.184.204 port 39318","@timestamp":"2022-09-15T01:30:57.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:16 honeypot-fra-1 sshd[10759]: Invalid user user from 45.61.184.204 port 34862","@timestamp":"2022-09-15T01:31:16.585Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:31:28 honeypot-ams-1 sshd[26183]: Disconnected from invalid user anna 152.67.45.125 port 44544 [preauth]","@timestamp":"2022-09-15T01:31:28.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:33 honeypot-fra-1 sshd[10763]: Invalid user user from 45.61.184.204 port 58624","@timestamp":"2022-09-15T01:31:34.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:52 honeypot-fra-1 sshd[10771]: Invalid user user from 45.61.184.204 port 54168","@timestamp":"2022-09-15T01:31:52.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:35:29 honeypot-ams-1 sshd[26187]: Disconnected from authenticating user root 43.134.40.253 port 46796 [preauth]","@timestamp":"2022-09-15T01:35:29.926Z"}
{"@timestamp":"2022-09-15T01:35:57.163Z","@version":"1","message":"Sep 15 01:35:57 honeypot-sgp-1 sshd[15028]: Connection closed by invalid user admin 183.107.195.8 port 56588 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:36:50 honeypot-fra-1 sshd[10778]: Disconnected from authenticating user root 188.254.0.2 port 43718 [preauth]","@timestamp":"2022-09-15T01:36:50.716Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:37:50 honeypot-ams-1 sshd[26194]: Disconnected from 161.35.113.79 port 41762 [preauth]","@timestamp":"2022-09-15T01:37:50.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:39:24 honeypot-fra-1 sshd[10793]: Connection closed by invalid user  152.32.154.27 port 56846 [preauth]","@timestamp":"2022-09-15T01:39:25.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:42:59 honeypot-fra-1 sshd[10800]: Disconnected from authenticating user root 92.255.85.69 port 61648 [preauth]","@timestamp":"2022-09-15T01:42:59.862Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:45:41.396Z","@version":"1","message":"Sep 15 01:45:41 honeypot-sgp-1 sshd[15034]: Received disconnect from 61.177.173.36 port 24729:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:47:05 honeypot-ams-1 kernel: [84083008.510201] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35128 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:47:06.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:48:02 honeypot-fra-1 sshd[10804]: Connection closed by invalid user support 179.60.147.69 port 5046 [preauth]","@timestamp":"2022-09-15T01:48:02.983Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:21 honeypot-ams-1 sshd[26209]: Disconnected from invalid user user 141.255.162.226 port 56178 [preauth]","@timestamp":"2022-09-15T01:50:21.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:23 honeypot-ams-1 sshd[26213]: Disconnected from invalid user user 141.255.162.226 port 53084 [preauth]","@timestamp":"2022-09-15T01:50:24.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:25 honeypot-ams-1 sshd[26217]: Disconnected from invalid user user 141.255.162.226 port 33234 [preauth]","@timestamp":"2022-09-15T01:50:26.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:30 honeypot-ams-1 sshd[26221]: Disconnected from invalid user user 141.255.162.226 port 41608 [preauth]","@timestamp":"2022-09-15T01:50:31.325Z"}
{"@timestamp":"2022-09-15T01:52:57.569Z","@version":"1","message":"Sep 15 01:52:56 honeypot-sgp-1 sshd[15041]: Invalid user wp-user from 36.156.145.28 port 37738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:56:31.656Z","@version":"1","message":"Sep 15 01:56:31 honeypot-sgp-1 sshd[15045]: Received disconnect from 61.177.173.49 port 20739:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:57:48 honeypot-ams-1 kernel: [84083651.345058] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=52686 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:57:49.519Z"}
{"@timestamp":"2022-09-15T01:59:43.735Z","@version":"1","message":"Sep 15 01:59:43 honeypot-sgp-1 sshd[15052]: Disconnected from invalid user logger 118.70.180.174 port 35353 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:03:39.833Z","@version":"1","message":"Sep 15 02:03:38 honeypot-sgp-1 sshd[15056]: Disconnected from authenticating user root 92.255.85.69 port 18476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:03:44 honeypot-fra-1 sshd[10810]: Received disconnect from 190.128.230.98 port 35494:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:03:45.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:06:01 honeypot-fra-1 sshd[10816]: Received disconnect from 192.3.253.15 port 33442:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:06:01.409Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T02:08:42.976Z","@version":"1","message":"Sep 15 02:08:42 honeypot-sgp-1 sshd[15066]: Received disconnect from 61.177.173.48 port 35695:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:10:48 honeypot-ams-1 kernel: [84084431.347369] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34337 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:10:48.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26245]: Disconnected from authenticating user root 89.163.142.195 port 53622 [preauth]","@timestamp":"2022-09-15T02:11:14.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26249]: Disconnecting invalid user admin 89.163.142.195 port 53628: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26253]: Disconnecting invalid user oracle 89.163.142.195 port 53632: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26257]: Disconnected from invalid user oracle 89.163.142.195 port 53638 [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26261]: Disconnecting invalid user usuario 89.163.142.195 port 53642: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26265]: Disconnecting invalid user test 89.163.142.195 port 53646: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26269]: Disconnected from invalid user test 89.163.142.195 port 53656 [preauth]","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26273]: Disconnecting invalid user user 89.163.142.195 port 53660: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26277]: Disconnecting invalid user ftpuser 89.163.142.195 port 53666: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26281]: Disconnected from invalid user ftpuser 89.163.142.195 port 53670 [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26285]: Disconnecting invalid user test1 89.163.142.195 port 53676: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26289]: Disconnecting invalid user test2 89.163.142.195 port 53680: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26293]: Disconnected from invalid user test2 89.163.142.195 port 53688 [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26297]: Disconnecting invalid user ubuntu 89.163.142.195 port 53692: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26301]: Disconnected from invalid user ubuntu 89.163.142.195 port 53698 [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:21 honeypot-ams-1 sshd[26305]: Disconnected from invalid user pi 89.163.142.195 port 53702 [preauth]","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:50 honeypot-ams-1 sshd[26310]: Disconnected from authenticating user root 193.142.146.50 port 40548 [preauth]","@timestamp":"2022-09-15T02:11:50.893Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:12:54 honeypot-ams-1 kernel: [84084557.267457] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=1714 PROTO=TCP SPT=36337 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:12:54.923Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:13:54 honeypot-ams-1 sshd[26321]: Disconnected from authenticating user root 193.142.146.50 port 32908 [preauth]","@timestamp":"2022-09-15T02:13:54.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:15:30 honeypot-ams-1 sshd[26327]: Disconnected from authenticating user root 193.142.146.50 port 46634 [preauth]","@timestamp":"2022-09-15T02:15:30.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:15:57 honeypot-ams-1 sshd[26331]: Disconnected from invalid user admin 193.142.146.50 port 53498 [preauth]","@timestamp":"2022-09-15T02:15:58.010Z"}
{"@timestamp":"2022-09-15T02:17:02.180Z","@version":"1","message":"Sep 15 02:17:01 honeypot-sgp-1 CRON[15071]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:17:01 honeypot-fra-1 CRON[10838]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T02:17:02.662Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:15 honeypot-ams-1 sshd[26343]: Invalid user user from 141.255.162.226 port 46692","@timestamp":"2022-09-15T02:18:16.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:18 honeypot-ams-1 sshd[26347]: Invalid user user from 141.255.162.226 port 34984","@timestamp":"2022-09-15T02:18:18.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:21 honeypot-ams-1 sshd[26351]: Invalid user user from 141.255.162.226 port 51524","@timestamp":"2022-09-15T02:18:22.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:25 honeypot-ams-1 sshd[26355]: Invalid user user from 141.255.162.226 port 39836","@timestamp":"2022-09-15T02:18:26.080Z"}
{"@timestamp":"2022-09-15T02:20:28.267Z","@version":"1","message":"Sep 15 02:20:27 honeypot-sgp-1 kernel: [84084535.701177] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15212 PROTO=TCP SPT=34654 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:21:52 honeypot-fra-1 kernel: [84082930.797775] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=38003 PROTO=TCP SPT=42184 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:21:52.771Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:26:10 honeypot-fra-1 kernel: [84083188.767597] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.111.173.99 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=23762 DF PROTO=TCP SPT=2333 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T02:26:10.872Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T02:26:33.418Z","@version":"1","message":"Sep 15 02:26:32 honeypot-sgp-1 sshd[15083]: Disconnected from authenticating user root 92.255.85.70 port 30272 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:26:40 honeypot-ams-1 sshd[26364]: Connection closed by invalid user support 179.60.147.69 port 63392 [preauth]","@timestamp":"2022-09-15T02:26:41.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:27:58 honeypot-ams-1 sshd[26370]: Disconnected from invalid user pz 43.129.237.211 port 39546 [preauth]","@timestamp":"2022-09-15T02:27:59.333Z"}
{"@timestamp":"2022-09-15T02:31:56.552Z","@version":"1","message":"Sep 15 02:31:55 honeypot-sgp-1 sshd[15088]: Invalid user mo from 192.241.174.44 port 60850","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:32:18 honeypot-ams-1 sshd[26378]: Received disconnect from 92.255.85.70 port 30394:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:32:18.450Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:32:52 honeypot-fra-1 kernel: [84083590.475277] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=20489 PROTO=TCP SPT=7459 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:32:52.026Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:33:12 honeypot-ams-1 sshd[26382]: Disconnected from authenticating user root 61.177.173.39 port 63089 [preauth]","@timestamp":"2022-09-15T02:33:12.477Z"}
{"@timestamp":"2022-09-15T02:34:38.618Z","@version":"1","message":"Sep 15 02:34:38 honeypot-sgp-1 sshd[15092]: Received disconnect from 103.99.203.103 port 33116:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:41:17.782Z","@version":"1","message":"Sep 15 02:41:17 honeypot-sgp-1 kernel: [84085785.025770] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38497 PROTO=TCP SPT=32129 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:46:07 honeypot-ams-1 sshd[26394]: Received disconnect from 61.177.173.53 port 19398:11:  [preauth]","@timestamp":"2022-09-15T02:46:08.810Z"}
{"@timestamp":"2022-09-15T02:49:24.980Z","@version":"1","message":"Sep 15 02:49:24 honeypot-sgp-1 sshd[15105]: Disconnected from authenticating user root 61.177.172.104 port 63805 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:12 honeypot-ams-1 sshd[26405]: Received disconnect from 45.61.184.204 port 46464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:52:12.971Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:52:29 honeypot-fra-1 sshd[10858]: Received disconnect from 92.255.85.69 port 35684:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:52:30.467Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:32 honeypot-ams-1 sshd[26409]: Received disconnect from 45.61.184.204 port 40894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:52:32.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:51 honeypot-ams-1 sshd[26413]: Received disconnect from 45.61.184.204 port 35318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:52:51.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:53:07 honeypot-ams-1 sshd[26417]: Received disconnect from 45.61.184.204 port 57974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:53:08.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:56:29 honeypot-fra-1 sshd[10862]: Invalid user info from 51.83.131.123 port 36612","@timestamp":"2022-09-15T02:56:29.559Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:57:27 honeypot-ams-1 kernel: [84087229.624291] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=4697 PROTO=TCP SPT=5736 DPT=80 WINDOW=24104 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:57:27.115Z"}
{"@timestamp":"2022-09-15T02:59:37.232Z","@version":"1","message":"Sep 15 02:59:36 honeypot-sgp-1 sshd[15116]: Connection closed by authenticating user root 179.60.147.69 port 22540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:04:37.359Z","@version":"1","message":"Sep 15 03:04:36 honeypot-sgp-1 kernel: [84087184.688412] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=30473 PROTO=TCP SPT=50803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:05:14 honeypot-ams-1 kernel: [84087697.519167] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.128.176 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=46217 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:05:15.318Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:08:00 honeypot-ams-1 kernel: [84087862.622844] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=53098 PROTO=TCP SPT=51238 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:08:00.391Z"}
{"@timestamp":"2022-09-15T03:11:58.544Z","@version":"1","message":"Sep 15 03:11:57 honeypot-sgp-1 sshd[15126]: Disconnected from 61.177.172.90 port 10081 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:12:26 honeypot-ams-1 sshd[26442]: Disconnected from authenticating user root 177.93.51.98 port 54120 [preauth]","@timestamp":"2022-09-15T03:12:26.506Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:12:32 honeypot-fra-1 sshd[10868]: Disconnected from invalid user la 165.22.45.108 port 48284 [preauth]","@timestamp":"2022-09-15T03:12:32.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10874]: Invalid user www from 160.86.90.2 port 46336","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10876]: Connection closed by authenticating user root 160.86.90.2 port 46400 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10874]: Connection closed by invalid user www 160.86.90.2 port 46336 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:44 honeypot-fra-1 sshd[10892]: Connection closed by invalid user testuser 160.86.90.2 port 46376 [preauth]","@timestamp":"2022-09-15T03:15:44.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10898]: Invalid user mysql from 160.86.90.2 port 46244","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10898]: Connection closed by invalid user mysql 160.86.90.2 port 46244 [preauth]","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:16:19 honeypot-fra-1 sshd[10911]: Disconnected from authenticating user root 92.255.85.69 port 24154 [preauth]","@timestamp":"2022-09-15T03:16:20.009Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:17:02.672Z","@version":"1","message":"Sep 15 03:17:01 honeypot-sgp-1 CRON[15134]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:18:11 honeypot-ams-1 sshd[26452]: Received disconnect from 92.255.85.69 port 48072:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:18:11.650Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:19:37 honeypot-ams-1 sshd[26456]: Disconnected from invalid user zabbix 41.169.26.228 port 36656 [preauth]","@timestamp":"2022-09-15T03:19:38.704Z"}
{"@timestamp":"2022-09-15T03:20:17.757Z","@version":"1","message":"Sep 15 03:20:17 honeypot-sgp-1 kernel: [84088124.868630] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45181 PROTO=TCP SPT=55466 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:21:52 honeypot-fra-1 sshd[10919]: Did not receive identification string from 45.61.186.169 port 58334","@timestamp":"2022-09-15T03:21:52.137Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:32 honeypot-fra-1 sshd[10922]: Disconnected from invalid user user 45.61.186.169 port 35210 [preauth]","@timestamp":"2022-09-15T03:22:33.155Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:50 honeypot-fra-1 sshd[10928]: Invalid user user from 45.61.186.169 port 58450","@timestamp":"2022-09-15T03:22:51.163Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:00 honeypot-fra-1 sshd[10930]: Disconnected from invalid user user 45.61.186.169 port 41852 [preauth]","@timestamp":"2022-09-15T03:23:00.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:18 honeypot-fra-1 sshd[10934]: Disconnected from invalid user user 45.61.186.169 port 36862 [preauth]","@timestamp":"2022-09-15T03:23:19.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:24 honeypot-fra-1 sshd[10939]: Received disconnect from 141.255.162.226 port 59508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:24.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:29 honeypot-fra-1 sshd[10943]: Received disconnect from 141.255.162.226 port 55296:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:30.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:31 honeypot-fra-1 sshd[10947]: Invalid user user from 141.255.162.226 port 35070","@timestamp":"2022-09-15T03:23:32.184Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:39 honeypot-fra-1 sshd[10951]: Invalid user odoo from 157.245.122.58 port 39606","@timestamp":"2022-09-15T03:23:40.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:45 honeypot-fra-1 sshd[10955]: Received disconnect from 165.227.110.188 port 60622:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:23:46.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:24:39 honeypot-fra-1 sshd[10960]: Received disconnect from 157.245.122.58 port 53166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:24:40.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:25:39 honeypot-fra-1 sshd[10964]: Disconnected from invalid user data.user 157.245.122.58 port 38484 [preauth]","@timestamp":"2022-09-15T03:25:40.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:27:28 honeypot-fra-1 sshd[10970]: Invalid user jonitiso from 157.245.122.58 port 37306","@timestamp":"2022-09-15T03:27:28.282Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:29:09.978Z","@version":"1","message":"Sep 15 03:29:09 honeypot-sgp-1 sshd[15146]: Received disconnect from 61.177.173.39 port 38536:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:30:49 honeypot-ams-1 sshd[26460]: Connection closed by 167.94.138.46 port 45166 [preauth]","@timestamp":"2022-09-15T03:30:49.993Z"}
{"@timestamp":"2022-09-15T03:31:20.034Z","@version":"1","message":"Sep 15 03:31:19 honeypot-sgp-1 sshd[15150]: Disconnected from authenticating user root 61.177.172.114 port 62408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:33:32 honeypot-fra-1 kernel: [84087230.792524] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=187.110.208.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=14284 DF PROTO=TCP SPT=17423 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:33:33.419Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T03:34:31.114Z","@version":"1","message":"Sep 15 03:34:30 honeypot-sgp-1 sshd[15155]: Disconnected from 61.177.173.53 port 54814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:38:58.226Z","@version":"1","message":"Sep 15 03:38:57 honeypot-sgp-1 sshd[15159]: Received disconnect from 61.177.173.36 port 55825:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:40:41 honeypot-fra-1 sshd[10979]: Invalid user user from 179.60.147.69 port 36972","@timestamp":"2022-09-15T03:40:42.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:41:54 honeypot-ams-1 sshd[26471]: Disconnected from authenticating user root 92.255.85.69 port 28790 [preauth]","@timestamp":"2022-09-15T03:41:55.268Z"}
{"@timestamp":"2022-09-15T03:43:03.330Z","@version":"1","message":"Sep 15 03:43:03 honeypot-sgp-1 sshd[15168]: Received disconnect from 204.15.74.100 port 51058:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:44:29 honeypot-fra-1 kernel: [84087887.714448] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.120.122.29 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=232 DF PROTO=TCP SPT=61885 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T03:44:29.674Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T03:49:20.484Z","@version":"1","message":"Sep 15 03:49:19 honeypot-sgp-1 sshd[15175]: Disconnected from invalid user ubuntu 20.126.126.43 port 53180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:51:59 honeypot-ams-1 sshd[26485]: Invalid user user from 198.98.61.9 port 40044","@timestamp":"2022-09-15T03:52:00.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:20 honeypot-ams-1 sshd[26489]: Invalid user user from 198.98.61.9 port 35354","@timestamp":"2022-09-15T03:52:20.538Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:40 honeypot-ams-1 sshd[26493]: Invalid user user from 198.98.61.9 port 58916","@timestamp":"2022-09-15T03:52:41.549Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:53:00 honeypot-ams-1 sshd[26497]: Invalid user user from 198.98.61.9 port 54242","@timestamp":"2022-09-15T03:53:00.558Z"}
{"@timestamp":"2022-09-15T03:54:41.619Z","@version":"1","message":"Sep 15 03:54:41 honeypot-sgp-1 kernel: [84090188.847037] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=61343 PROTO=TCP SPT=42184 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:58:56 honeypot-ams-1 sshd[26504]: Connection closed by invalid user tomcat 193.106.191.157 port 52626 [preauth]","@timestamp":"2022-09-15T03:58:56.712Z"}
{"@timestamp":"2022-09-15T04:00:47.771Z","@version":"1","message":"Sep 15 04:00:47 honeypot-sgp-1 sshd[15187]: Received disconnect from 92.255.85.69 port 58764:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:02:34 honeypot-ams-1 sshd[26508]: Disconnected from authenticating user root 157.245.122.58 port 40534 [preauth]","@timestamp":"2022-09-15T04:02:34.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:05:44 honeypot-ams-1 sshd[26515]: Invalid user tenancy from 157.245.122.58 port 52920","@timestamp":"2022-09-15T04:05:44.892Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:05:46 honeypot-fra-1 sshd[10990]: Invalid user la from 165.22.45.108 port 53350","@timestamp":"2022-09-15T04:05:47.154Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:06:40 honeypot-ams-1 sshd[26521]: Invalid user data.user from 157.245.122.58 port 38238","@timestamp":"2022-09-15T04:06:40.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:08:07 honeypot-ams-1 sshd[26525]: Invalid user git from 189.112.0.11 port 50124","@timestamp":"2022-09-15T04:08:07.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:09:30 honeypot-ams-1 sshd[26529]: Invalid user cypress from 157.245.122.58 port 50620","@timestamp":"2022-09-15T04:09:30.994Z"}
{"@timestamp":"2022-09-15T04:10:24.010Z","@version":"1","message":"Sep 15 04:10:23 honeypot-sgp-1 sshd[15192]: Received disconnect from 23.95.90.184 port 46258:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:12:07.056Z","@version":"1","message":"Sep 15 04:12:06 honeypot-sgp-1 sshd[15197]: Disconnected from authenticating user root 193.142.146.50 port 57396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:13:12.086Z","@version":"1","message":"Sep 15 04:13:11 honeypot-sgp-1 sshd[15204]: Invalid user superadmin from 46.101.31.237 port 37678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:14:01.108Z","@version":"1","message":"Sep 15 04:14:00 honeypot-sgp-1 sshd[15208]: Disconnected from authenticating user root 193.142.146.50 port 60500 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:15:50.155Z","@version":"1","message":"Sep 15 04:15:49 honeypot-sgp-1 sshd[15214]: Received disconnect from 193.142.146.50 port 35368:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:17:02.186Z","@version":"1","message":"Sep 15 04:17:01 honeypot-sgp-1 CRON[15218]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:17:01 honeypot-fra-1 CRON[10994]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T04:17:02.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:18:14 honeypot-ams-1 sshd[26535]: Invalid user tomcat from 193.106.191.157 port 37916","@timestamp":"2022-09-15T04:18:14.236Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:32 honeypot-fra-1 sshd[11000]: Disconnected from invalid user user 141.255.162.226 port 54470 [preauth]","@timestamp":"2022-09-15T04:21:33.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:38 honeypot-fra-1 sshd[11004]: Disconnected from invalid user user 141.255.162.226 port 33706 [preauth]","@timestamp":"2022-09-15T04:21:39.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:39 honeypot-fra-1 sshd[11008]: Disconnected from invalid user user 141.255.162.226 port 54790 [preauth]","@timestamp":"2022-09-15T04:21:40.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T04:24:14.371Z","@version":"1","message":"Sep 15 04:24:13 honeypot-sgp-1 sshd[15224]: Disconnected from authenticating user root 92.255.85.70 port 60760 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:24:25 honeypot-ams-1 kernel: [84092447.935834] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.143.49.112 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=194 DF PROTO=TCP SPT=34056 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:24:26.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:26:46 honeypot-fra-1 sshd[11013]: Received disconnect from 92.255.85.70 port 15904:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:26:46.635Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:29:32 honeypot-ams-1 sshd[26541]: Received disconnect from 92.255.85.69 port 58430:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:29:33.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:35:00 honeypot-fra-1 kernel: [84090918.391366] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63010 PROTO=TCP SPT=46481 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:35:00.828Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T04:47:42.963Z","@version":"1","message":"Sep 15 04:47:42 honeypot-sgp-1 sshd[15230]: Received disconnect from 92.255.85.69 port 26048:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:48:35 honeypot-ams-1 sshd[26545]: Connection closed by authenticating user root 103.188.176.251 port 60876 [preauth]","@timestamp":"2022-09-15T04:48:36.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11025]: Invalid user hadoop from 45.127.108.174 port 42360","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11039]: Invalid user mysql from 45.127.108.174 port 42424","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11044]: Invalid user vnc from 45.127.108.174 port 42410","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11025]: Connection closed by invalid user hadoop 45.127.108.174 port 42360 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11043]: Invalid user mysql from 45.127.108.174 port 42372","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11033]: Connection closed by authenticating user root 45.127.108.174 port 42382 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11037]: Connection closed by invalid user admin 45.127.108.174 port 42368 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11047]: Connection closed by invalid user appuser 45.127.108.174 port 42418 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11043]: Connection closed by invalid user mysql 45.127.108.174 port 42372 [preauth]","@timestamp":"2022-09-15T04:50:13.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:51:00 honeypot-fra-1 kernel: [84091879.009970] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.210 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42114 PROTO=TCP SPT=57392 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:51:01.211Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:58:51 honeypot-fra-1 sshd[11097]: Invalid user la from 165.22.45.108 port 58410","@timestamp":"2022-09-15T04:58:51.386Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:01:30.300Z","@version":"1","message":"Sep 15 05:01:30 honeypot-sgp-1 kernel: [84094197.751597] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.88.62 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=23366 PROTO=TCP SPT=58059 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:27 honeypot-fra-1 sshd[11102]: Disconnected from invalid user user 45.61.186.249 port 48244 [preauth]","@timestamp":"2022-09-15T05:02:28.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:47 honeypot-fra-1 sshd[11106]: Disconnected from invalid user user 45.61.186.249 port 42852 [preauth]","@timestamp":"2022-09-15T05:02:48.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:04 honeypot-fra-1 sshd[11110]: Disconnected from invalid user user 45.61.186.249 port 37452 [preauth]","@timestamp":"2022-09-15T05:03:05.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:21 honeypot-fra-1 sshd[11114]: Disconnected from invalid user user 45.61.186.249 port 60300 [preauth]","@timestamp":"2022-09-15T05:03:21.515Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:04:24.375Z","@version":"1","message":"Sep 15 05:04:23 honeypot-sgp-1 sshd[15238]: Did not receive identification string from 45.61.186.169 port 44214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:04:47.386Z","@version":"1","message":"Sep 15 05:04:47 honeypot-sgp-1 sshd[15241]: Disconnected from invalid user user 45.61.186.169 port 48914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:05.396Z","@version":"1","message":"Sep 15 05:05:04 honeypot-sgp-1 sshd[15245]: Disconnected from invalid user user 45.61.186.169 port 43970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:21.404Z","@version":"1","message":"Sep 15 05:05:20 honeypot-sgp-1 sshd[15249]: Received disconnect from 45.61.186.169 port 39028:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:11:18.547Z","@version":"1","message":"Sep 15 05:11:18 honeypot-sgp-1 sshd[15254]: Received disconnect from 92.255.85.69 port 57050:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:13:20 honeypot-ams-1 kernel: [84095382.852939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=35172 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:13:20.657Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:13:29 honeypot-fra-1 sshd[11121]: Disconnected from authenticating user root 92.255.85.69 port 46122 [preauth]","@timestamp":"2022-09-15T05:13:29.743Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:14 honeypot-ams-1 sshd[26995]: Received disconnect from 45.61.186.169 port 54336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:14:14.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:30 honeypot-ams-1 sshd[26999]: Received disconnect from 45.61.186.169 port 49398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:14:31.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:46 honeypot-ams-1 sshd[27004]: Received disconnect from 45.61.186.169 port 44402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:14:46.701Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:15:29 honeypot-ams-1 kernel: [84095512.379368] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.125.205.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=19640 PROTO=TCP SPT=38085 DPT=80 WINDOW=19461 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:15:30.723Z"}
{"@timestamp":"2022-09-15T05:17:41.700Z","@version":"1","message":"Sep 15 05:17:41 honeypot-sgp-1 kernel: [84095168.904732] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.59.74.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=41281 PROTO=TCP SPT=45904 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:25:57 honeypot-ams-1 sshd[27016]: Disconnected from authenticating user root 142.93.8.99 port 49960 [preauth]","@timestamp":"2022-09-15T05:25:57.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:30:47 honeypot-fra-1 kernel: [84094265.917268] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25567 PROTO=TCP SPT=59802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:30:48.152Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:32:41 honeypot-ams-1 kernel: [84096544.241326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.243.172.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=37354 PROTO=TCP SPT=32927 DPT=80 WINDOW=49623 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:32:42.153Z"}
{"@timestamp":"2022-09-15T05:34:16.138Z","@version":"1","message":"Sep 15 05:34:15 honeypot-sgp-1 sshd[15266]: Received disconnect from 92.255.85.69 port 54846:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:37:10 honeypot-fra-1 sshd[11132]: Disconnected from authenticating user root 92.255.85.70 port 19976 [preauth]","@timestamp":"2022-09-15T05:37:11.300Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:40:03 honeypot-ams-1 sshd[27029]: Received disconnect from 92.255.85.70 port 51636:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:40:04.342Z"}
{"@timestamp":"2022-09-15T05:50:48.536Z","@version":"1","message":"Sep 15 05:50:47 honeypot-sgp-1 sshd[15271]: Did not receive identification string from 45.61.186.49 port 41868","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:04.545Z","@version":"1","message":"Sep 15 05:51:03 honeypot-sgp-1 sshd[15274]: Disconnected from invalid user user 45.61.186.49 port 36050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:14.550Z","@version":"1","message":"Sep 15 05:51:13 honeypot-sgp-1 sshd[15278]: Disconnected from invalid user user 45.61.186.49 port 47654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:51:25 honeypot-fra-1 sshd[11138]: Disconnected from invalid user lara 165.22.45.108 port 35226 [preauth]","@timestamp":"2022-09-15T05:51:25.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:56:37 honeypot-ams-1 sshd[27034]: Invalid user monitor from 45.128.209.111 port 51376","@timestamp":"2022-09-15T05:56:38.756Z"}
{"@timestamp":"2022-09-15T05:57:36.706Z","@version":"1","message":"Sep 15 05:57:36 honeypot-sgp-1 sshd[15284]: Disconnected from invalid user nexus 134.0.193.138 port 52870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:58:36 honeypot-ams-1 sshd[27039]: Disconnected from authenticating user root 186.96.22.59 port 54384 [preauth]","@timestamp":"2022-09-15T05:58:36.812Z"}
{"@timestamp":"2022-09-15T06:03:13.850Z","@version":"1","message":"Sep 15 06:03:13 honeypot-sgp-1 kernel: [84097901.456866] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=63111 PROTO=TCP SPT=41603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:05:21 honeypot-fra-1 sshd[11143]: Did not receive identification string from 45.61.184.204 port 49600","@timestamp":"2022-09-15T06:05:21.937Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:08 honeypot-fra-1 sshd[11147]: Disconnected from invalid user user 45.61.184.204 port 50628 [preauth]","@timestamp":"2022-09-15T06:06:08.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:28 honeypot-fra-1 sshd[11151]: Received disconnect from 45.61.184.204 port 46272:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:06:28.967Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:47 honeypot-fra-1 sshd[11155]: Received disconnect from 45.61.184.204 port 41848:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:06:47.976Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:57 honeypot-ams-1 sshd[27045]: Did not receive identification string from 52.237.82.21 port 43474","@timestamp":"2022-09-15T06:09:57.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27057]: Invalid user user from 52.237.82.21 port 48752","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27062]: Invalid user momo from 52.237.82.21 port 48792","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27058]: Invalid user ubuntu from 52.237.82.21 port 48768","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27048]: Connection closed by authenticating user root 52.237.82.21 port 48838 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27055]: Connection closed by invalid user steam 52.237.82.21 port 48760 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27073]: Connection closed by invalid user admin 52.237.82.21 port 48846 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27061]: Connection closed by invalid user test 52.237.82.21 port 48772 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:10:29 honeypot-fra-1 sshd[11159]: Invalid user admin from 179.60.147.69 port 50926","@timestamp":"2022-09-15T06:10:30.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:12:42 honeypot-ams-1 sshd[27098]: Connection closed by invalid user admin 179.60.147.69 port 21066 [preauth]","@timestamp":"2022-09-15T06:12:43.177Z"}
{"@timestamp":"2022-09-15T06:17:02.191Z","@version":"1","message":"Sep 15 06:17:01 honeypot-sgp-1 CRON[21003]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:18:08 honeypot-fra-1 sshd[11165]: Received disconnect from 189.141.65.234 port 41580:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:18:08.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:20:12 honeypot-fra-1 sshd[11168]: Disconnected from authenticating user root 193.142.146.50 port 33606 [preauth]","@timestamp":"2022-09-15T06:20:13.304Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:21:53 honeypot-fra-1 sshd[11175]: Received disconnect from 193.142.146.50 port 52316:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:21:54.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:33 honeypot-fra-1 sshd[11181]: Received disconnect from 193.142.146.50 port 52234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:22:33.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:23:50 honeypot-fra-1 sshd[11185]: Disconnected from authenticating user root 158.69.111.17 port 34370 [preauth]","@timestamp":"2022-09-15T06:23:51.397Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:24:26 honeypot-fra-1 sshd[11191]: Invalid user admin from 193.142.146.50 port 33276","@timestamp":"2022-09-15T06:24:26.414Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:25:01 honeypot-ams-1 CRON[27105]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T06:25:02.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:25:31 honeypot-fra-1 sshd[11329]: Invalid user tomcat from 193.106.191.157 port 49036","@timestamp":"2022-09-15T06:25:31.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:01 honeypot-ams-1 sshd[27272]: Disconnected from invalid user user 45.61.187.160 port 52680 [preauth]","@timestamp":"2022-09-15T06:26:02.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:20 honeypot-ams-1 sshd[27276]: Disconnected from invalid user user 45.61.187.160 port 47612 [preauth]","@timestamp":"2022-09-15T06:26:21.551Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:26:34 honeypot-fra-1 sshd[11334]: Disconnected from authenticating user root 137.184.225.163 port 37638 [preauth]","@timestamp":"2022-09-15T06:26:34.472Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:38 honeypot-ams-1 sshd[27280]: Disconnected from invalid user user 45.61.187.160 port 42590 [preauth]","@timestamp":"2022-09-15T06:26:39.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:55 honeypot-ams-1 sshd[27284]: Disconnected from invalid user user 45.61.187.160 port 37546 [preauth]","@timestamp":"2022-09-15T06:26:56.569Z"}
{"@timestamp":"2022-09-15T06:27:22.449Z","@version":"1","message":"Sep 15 06:27:21 honeypot-sgp-1 kernel: [84099349.067333] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=2651 PROTO=TCP SPT=42897 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:29:09 honeypot-ams-1 sshd[27289]: Disconnected from authenticating user root 162.19.64.34 port 56898 [preauth]","@timestamp":"2022-09-15T06:29:10.631Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:35:29 honeypot-ams-1 kernel: [84100312.270192] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38387 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:35:30.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:41:42 honeypot-ams-1 sshd[27297]: Invalid user tomcat from 193.106.191.157 port 39818","@timestamp":"2022-09-15T06:41:42.959Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:41:59 honeypot-fra-1 sshd[17470]: Did not receive identification string from 202.152.59.227 port 54784","@timestamp":"2022-09-15T06:41:59.833Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:45:50.908Z","@version":"1","message":"Sep 15 06:45:50 honeypot-sgp-1 sshd[21159]: Invalid user centos from 179.60.147.69 port 51530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:46:22 honeypot-fra-1 sshd[17477]: Invalid user o from 161.82.233.183 port 41264","@timestamp":"2022-09-15T06:46:22.936Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:49:20 honeypot-fra-1 sshd[17482]: Disconnected from authenticating user root 92.255.85.69 port 29780 [preauth]","@timestamp":"2022-09-15T06:49:21.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:51:32 honeypot-ams-1 sshd[27303]: Disconnected from authenticating user root 92.255.85.70 port 57836 [preauth]","@timestamp":"2022-09-15T06:51:33.209Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:54:16 honeypot-fra-1 kernel: [84099274.020618] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.209.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55263 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:54:17.124Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T06:56:21.178Z","@version":"1","message":"Sep 15 06:56:20 honeypot-sgp-1 sshd[21164]: Received disconnect from 157.245.122.58 port 46476:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T06:58:20.231Z","@version":"1","message":"Sep 15 06:58:20 honeypot-sgp-1 sshd[21169]: Received disconnect from 157.245.122.58 port 45322:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:00:15.283Z","@version":"1","message":"Sep 15 07:00:14 honeypot-sgp-1 sshd[21173]: Received disconnect from 157.245.122.58 port 44184:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:01:17 honeypot-ams-1 sshd[27406]: Invalid user tomcat from 193.106.191.157 port 53332","@timestamp":"2022-09-15T07:01:18.465Z"}
{"@timestamp":"2022-09-15T07:02:09.336Z","@version":"1","message":"Sep 15 07:02:08 honeypot-sgp-1 sshd[21178]: Invalid user jonitiso from 157.245.122.58 port 43048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:03:04.363Z","@version":"1","message":"Sep 15 07:03:03 honeypot-sgp-1 sshd[21181]: Received disconnect from 157.245.122.58 port 56582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:40 honeypot-fra-1 sshd[17493]: error: Received disconnect from 103.125.189.140 port 61371:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:04:41.358Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:50 honeypot-fra-1 sshd[17497]: error: Received disconnect from 103.125.189.140 port 62548:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:04:50.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:57 honeypot-fra-1 sshd[17501]: error: Received disconnect from 103.125.189.140 port 64270:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:04:58.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:04 honeypot-fra-1 sshd[17505]: error: Received disconnect from 103.125.189.140 port 64912:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:04.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:10 honeypot-fra-1 sshd[17509]: error: Received disconnect from 103.125.189.140 port 49768:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:11.375Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:16 honeypot-fra-1 sshd[17513]: error: Received disconnect from 103.125.189.140 port 50803:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:16.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:22 honeypot-fra-1 sshd[17517]: error: Received disconnect from 103.125.189.140 port 51594:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:23.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:05:45 honeypot-ams-1 kernel: [84102127.746282] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=6756 PROTO=TCP SPT=58791 DPT=80 WINDOW=10346 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:05:45.586Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:07:42 honeypot-fra-1 sshd[17521]: Disconnected from invalid user nginx 102.223.173.17 port 45738 [preauth]","@timestamp":"2022-09-15T07:07:42.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:13:12 honeypot-fra-1 kernel: [84100410.083045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.123.104.179 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=45247 PROTO=TCP SPT=50311 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:13:12.562Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:13:31 honeypot-ams-1 sshd[27413]: Received disconnect from 152.32.145.211 port 58854:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:13:31.792Z"}
{"@timestamp":"2022-09-15T07:17:01.734Z","@version":"1","message":"Sep 15 07:17:01 honeypot-sgp-1 CRON[21191]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:17:01 honeypot-ams-1 CRON[27418]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T07:17:01.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:17:01 honeypot-fra-1 CRON[17530]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T07:17:02.654Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:19:14 honeypot-ams-1 sshd[27425]: Disconnected from invalid user filer 73.203.127.7 port 41284 [preauth]","@timestamp":"2022-09-15T07:19:14.947Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:24:21 honeypot-ams-1 sshd[27431]: Received disconnect from 112.23.2.254 port 40475:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:24:22.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:25:16 honeypot-fra-1 sshd[17537]: Invalid user blank from 179.60.147.69 port 17824","@timestamp":"2022-09-15T07:25:16.840Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:26:24.970Z","@version":"1","message":"Sep 15 07:26:24 honeypot-sgp-1 kernel: [84102892.475456] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41527 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:27:41 honeypot-ams-1 sshd[27435]: Invalid user blank from 179.60.147.69 port 54736","@timestamp":"2022-09-15T07:27:42.169Z"}
{"@timestamp":"2022-09-15T07:31:30.101Z","@version":"1","message":"Sep 15 07:31:30 honeypot-sgp-1 sshd[21203]: Received disconnect from 68.183.78.141 port 48018:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:33:40.158Z","@version":"1","message":"Sep 15 07:33:39 honeypot-sgp-1 sshd[21207]: Disconnected from authenticating user root 92.255.85.70 port 59676 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:36:36.235Z","@version":"1","message":"Sep 15 07:36:35 honeypot-sgp-1 sshd[21212]: Disconnected from authenticating user root 128.199.71.153 port 54986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:39 honeypot-fra-1 sshd[17544]: Did not receive identification string from 101.43.159.25 port 60064","@timestamp":"2022-09-15T07:36:40.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17556]: Invalid user ubuntu from 101.43.159.25 port 41564","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17553]: Connection closed by invalid user docker 101.43.159.25 port 41550 [preauth]","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17545]: Connection closed by authenticating user root 101.43.159.25 port 41204 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17559]: Invalid user admin from 101.43.159.25 port 41520","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17551]: Connection closed by invalid user kafka 101.43.159.25 port 41528 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17560]: Connection closed by authenticating user root 101.43.159.25 port 41536 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17592]: Invalid user user from 101.43.159.25 port 41580","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:42 honeypot-fra-1 sshd[17566]: Connection closed by invalid user admin 101.43.159.25 port 41544 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:44 honeypot-fra-1 sshd[17603]: Connection closed by invalid user oracle 101.43.159.25 port 41568 [preauth]","@timestamp":"2022-09-15T07:36:45.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:39:03 honeypot-ams-1 sshd[27438]: Disconnected from authenticating user root 92.255.85.70 port 54622 [preauth]","@timestamp":"2022-09-15T07:39:04.487Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:41:07 honeypot-fra-1 kernel: [84102085.048206] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=54.241.71.147 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=47970 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:41:08.217Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:45:07.451Z","@version":"1","message":"Sep 15 07:45:06 honeypot-sgp-1 sshd[21217]: Did not receive identification string from 179.43.156.143 port 43980","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:45:58.476Z","@version":"1","message":"Sep 15 07:45:58 honeypot-sgp-1 sshd[21222]: Disconnected from authenticating user root 179.43.156.143 port 46356 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:46:08 honeypot-fra-1 kernel: [84102386.752402] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60306 PROTO=TCP SPT=41005 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:46:09.334Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:47:13.511Z","@version":"1","message":"Sep 15 07:47:13 honeypot-sgp-1 sshd[21229]: Disconnected from authenticating user root 179.43.156.143 port 40208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:48:16 honeypot-ams-1 sshd[27441]: Received disconnect from 36.95.55.131 port 57620:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:48:16.725Z"}
{"@timestamp":"2022-09-15T07:48:25.544Z","@version":"1","message":"Sep 15 07:48:24 honeypot-sgp-1 sshd[21235]: Received disconnect from 179.43.156.143 port 34026:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:49:35.577Z","@version":"1","message":"Sep 15 07:49:35 honeypot-sgp-1 sshd[21239]: Received disconnect from 179.43.156.143 port 56144:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:50:18 honeypot-ams-1 sshd[27446]: Disconnected from authenticating user root 144.24.74.213 port 48394 [preauth]","@timestamp":"2022-09-15T07:50:18.779Z"}
{"@timestamp":"2022-09-15T07:50:50.611Z","@version":"1","message":"Sep 15 07:50:49 honeypot-sgp-1 sshd[21243]: Disconnected from authenticating user root 179.43.156.143 port 49960 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:52:39 honeypot-ams-1 sshd[27450]: Received disconnect from 37.32.29.44 port 46564:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:52:39.844Z"}
{"@timestamp":"2022-09-15T07:52:42.661Z","@version":"1","message":"Sep 15 07:52:41 honeypot-sgp-1 sshd[21250]: Disconnected from authenticating user root 179.43.156.143 port 40742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:54:51 honeypot-ams-1 sshd[27454]: Invalid user admin from 112.186.242.154 port 50912","@timestamp":"2022-09-15T07:54:51.905Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:56:47 honeypot-fra-1 sshd[17614]: Disconnected from authenticating user root 178.128.103.172 port 45872 [preauth]","@timestamp":"2022-09-15T07:56:47.579Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:57:01.770Z","@version":"1","message":"Sep 15 07:57:01 honeypot-sgp-1 sshd[21257]: Received disconnect from 92.255.85.70 port 43370:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:02:35 honeypot-ams-1 sshd[27462]: Received disconnect from 92.255.85.69 port 24072:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:02:36.107Z"}
{"@timestamp":"2022-09-15T08:05:33.985Z","@version":"1","message":"Sep 15 08:05:33 honeypot-sgp-1 kernel: [84105241.393132] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41250 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:07:36 honeypot-ams-1 sshd[27465]: Connection closed by invalid user support 179.60.147.69 port 40612 [preauth]","@timestamp":"2022-09-15T08:07:37.241Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:15 honeypot-ams-1 sshd[27470]: Disconnected from invalid user user 45.61.186.169 port 43658 [preauth]","@timestamp":"2022-09-15T08:08:16.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:32 honeypot-ams-1 sshd[27474]: Disconnected from invalid user user 45.61.186.169 port 38540 [preauth]","@timestamp":"2022-09-15T08:08:32.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:48 honeypot-ams-1 sshd[27478]: Disconnected from invalid user user 45.61.186.169 port 33438 [preauth]","@timestamp":"2022-09-15T08:08:48.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:08:49 honeypot-fra-1 kernel: [84103747.540452] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=19533 PROTO=TCP SPT=42376 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:08:49.873Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:17:01 honeypot-ams-1 CRON[27483]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T08:17:02.511Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:17:37 honeypot-fra-1 sshd[17652]: Invalid user admin from 141.98.10.158 port 58432","@timestamp":"2022-09-15T08:17:37.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:20:01.342Z","@version":"1","message":"Sep 15 08:20:01 honeypot-sgp-1 sshd[21267]: Disconnected from authenticating user root 92.255.85.69 port 21850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:21:18 honeypot-fra-1 sshd[17658]: Disconnected from invalid user jenkins 179.60.150.118 port 36674 [preauth]","@timestamp":"2022-09-15T08:21:19.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:21:48 honeypot-ams-1 kernel: [84106691.330868] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=129.153.212.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=418 PROTO=TCP SPT=8069 DPT=80 WINDOW=44238 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:21:49.636Z"}
{"@timestamp":"2022-09-15T08:23:05.422Z","@version":"1","message":"Sep 15 08:23:05 honeypot-sgp-1 sshd[21290]: Disconnected from 49.88.112.60 port 47687 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:23:31 honeypot-fra-1 sshd[17662]: Disconnected from invalid user vy 62.197.194.60 port 60782 [preauth]","@timestamp":"2022-09-15T08:23:32.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:27:33 honeypot-fra-1 sshd[17669]: Invalid user pz from 162.241.114.75 port 36774","@timestamp":"2022-09-15T08:27:33.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:28:35 honeypot-ams-1 kernel: [84107098.343185] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=13003 PROTO=TCP SPT=50432 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:28:36.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:28:38 honeypot-fra-1 sshd[17673]: Invalid user sebastian from 221.0.94.20 port 35610","@timestamp":"2022-09-15T08:28:39.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:30:43 honeypot-fra-1 kernel: [84105061.090461] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=62133 PROTO=TCP SPT=50602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:30:44.388Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T08:32:08.645Z","@version":"1","message":"Sep 15 08:32:08 honeypot-sgp-1 sshd[21301]: Invalid user esteban from 51.250.5.16 port 35208","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:36:43 honeypot-ams-1 sshd[27523]: Disconnected from 61.177.173.33 port 64844 [preauth]","@timestamp":"2022-09-15T08:36:44.030Z"}
{"@timestamp":"2022-09-15T08:36:48.763Z","@version":"1","message":"Sep 15 08:36:47 honeypot-sgp-1 sshd[21308]: Received disconnect from 49.88.112.60 port 17164:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:38:35 honeypot-fra-1 kernel: [84105533.335539] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=55832 PROTO=TCP SPT=41983 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:38:36.571Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T08:41:45.887Z","@version":"1","message":"Sep 15 08:41:45 honeypot-sgp-1 sshd[21315]: Connection closed by invalid user admin 179.60.147.69 port 34142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T08:43:29.933Z","@version":"1","message":"Sep 15 08:43:29 honeypot-sgp-1 kernel: [84107516.549442] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=131.159.24.205 DST=159.89.202.188 LEN=64 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=35598 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:05 honeypot-ams-1 sshd[27530]: Connection closed by invalid user admin 179.60.147.69 port 45230 [preauth]","@timestamp":"2022-09-15T08:45:06.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:58 honeypot-ams-1 sshd[27535]: Invalid user user from 141.255.162.226 port 60868","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:59 honeypot-ams-1 sshd[27539]: Invalid user user from 141.255.162.226 port 47722","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:02 honeypot-ams-1 sshd[27543]: Invalid user user from 141.255.162.226 port 34606","@timestamp":"2022-09-15T08:46:03.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:46:17 honeypot-fra-1 sshd[17686]: Received disconnect from 92.255.85.70 port 45378:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:46:17.748Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:46:23 honeypot-ams-1 kernel: [84108165.902999] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.120.122.29 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=50773 DF PROTO=TCP SPT=58608 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T08:46:24.302Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17708]: Invalid user mysql from 172.104.240.40 port 43932","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17692]: Connection closed by invalid user steam 172.104.240.40 port 43710 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17701]: Connection closed by authenticating user root 172.104.240.40 port 43828 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17694]: Connection closed by invalid user user 172.104.240.40 port 43732 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17704]: Invalid user ansible from 172.104.240.40 port 43852","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17703]: Connection closed by invalid user postgres 172.104.240.40 port 43780 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17698]: Connection closed by invalid user oracle 172.104.240.40 port 43746 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17714]: Invalid user esuser from 172.104.240.40 port 44002","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17722]: Connection closed by invalid user chia 172.104.240.40 port 44028 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:48:53 honeypot-ams-1 sshd[27551]: Disconnected from authenticating user root 92.255.85.70 port 59964 [preauth]","@timestamp":"2022-09-15T08:48:54.369Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:52:20 honeypot-fra-1 kernel: [84106357.759102] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=62.108.40.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=31481 PROTO=TCP SPT=12178 DPT=443 WINDOW=39730 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:52:20.889Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T08:56:51.264Z","@version":"1","message":"Sep 15 08:56:51 honeypot-sgp-1 kernel: [84108318.677715] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.137 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=21433 PROTO=TCP SPT=26226 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:58:40 honeypot-ams-1 kernel: [84108903.084877] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51360 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:58:41.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:03:15 honeypot-fra-1 kernel: [84107013.048512] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.220.30.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=4977 DF PROTO=TCP SPT=61140 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:03:16.141Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:03:17 honeypot-ams-1 sshd[27568]: Received disconnect from 61.177.173.33 port 17428:11:  [preauth]","@timestamp":"2022-09-15T09:03:17.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:21 honeypot-fra-1 sshd[17762]: Received disconnect from 141.255.162.226 port 47740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:04:22.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:26 honeypot-fra-1 sshd[17766]: Received disconnect from 141.255.162.226 port 42466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:04:27.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:28 honeypot-fra-1 sshd[17770]: Received disconnect from 141.255.162.226 port 50122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:04:29.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:04:47 honeypot-ams-1 kernel: [84109269.521948] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.239.12.193 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=38916 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:04:47.787Z"}
{"@timestamp":"2022-09-15T09:07:01.516Z","@version":"1","message":"Sep 15 09:07:01 honeypot-sgp-1 sshd[21328]: Received disconnect from 92.255.85.70 port 42934:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:20.526Z","@version":"1","message":"Sep 15 09:07:19 honeypot-sgp-1 sshd[21332]: Received disconnect from 45.61.184.204 port 44010:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:40.536Z","@version":"1","message":"Sep 15 09:07:39 honeypot-sgp-1 sshd[21336]: Received disconnect from 45.61.184.204 port 39840:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:08:00.546Z","@version":"1","message":"Sep 15 09:08:00 honeypot-sgp-1 sshd[21341]: Received disconnect from 45.61.184.204 port 35658:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:08:53 honeypot-ams-1 sshd[27578]: Invalid user  from 104.218.164.12 port 16394","@timestamp":"2022-09-15T09:08:53.898Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:10:13 honeypot-ams-1 kernel: [84109595.446990] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24653 PROTO=TCP SPT=52404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:10:13.936Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:10:22 honeypot-fra-1 sshd[17775]: Received disconnect from 92.255.85.69 port 35296:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:10:23.313Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T09:13:29.682Z","@version":"1","message":"Sep 15 09:13:28 honeypot-sgp-1 sshd[21346]: Connection closed by 192.241.220.18 port 52374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:13:49 honeypot-ams-1 sshd[27591]: Connection closed by invalid user tomcat 193.106.191.157 port 55482 [preauth]","@timestamp":"2022-09-15T09:13:50.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:19:30 honeypot-fra-1 sshd[17784]: Invalid user ubnt from 179.60.147.69 port 54988","@timestamp":"2022-09-15T09:19:30.521Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:36 honeypot-ams-1 sshd[27600]: Disconnected from invalid user user 141.255.162.226 port 55776 [preauth]","@timestamp":"2022-09-15T09:19:36.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:38 honeypot-ams-1 sshd[27604]: Disconnected from invalid user user 141.255.162.226 port 41118 [preauth]","@timestamp":"2022-09-15T09:19:39.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:41 honeypot-ams-1 sshd[27608]: Disconnected from invalid user user 141.255.162.226 port 34872 [preauth]","@timestamp":"2022-09-15T09:19:42.189Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:20:38 honeypot-ams-1 kernel: [84110220.951786] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.108.124.79 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=54754 PROTO=TCP SPT=30725 DPT=80 WINDOW=8070 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:20:39.216Z"}
{"@timestamp":"2022-09-15T09:30:03.084Z","@version":"1","message":"Sep 15 09:30:02 honeypot-sgp-1 sshd[21355]: Invalid user dzhu from 111.202.249.76 port 2613","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:31:17 honeypot-ams-1 sshd[27621]: Did not receive identification string from 61.177.173.33 port 45779","@timestamp":"2022-09-15T09:31:18.510Z"}
{"@timestamp":"2022-09-15T09:31:36.124Z","@version":"1","message":"Sep 15 09:31:35 honeypot-sgp-1 sshd[21359]: Received disconnect from 190.12.102.58 port 47372:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:33:22.170Z","@version":"1","message":"Sep 15 09:33:21 honeypot-sgp-1 sshd[21363]: Disconnected from authenticating user root 103.161.236.5 port 33148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:33:58 honeypot-ams-1 kernel: [84111020.644794] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.245.23.132 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=63428 DF PROTO=TCP SPT=17373 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:33:58.586Z"}
{"@timestamp":"2022-09-15T09:34:03.190Z","@version":"1","message":"Sep 15 09:34:02 honeypot-sgp-1 kernel: [84110549.824379] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.175.70.147 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=62221 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:38:06 honeypot-fra-1 kernel: [84109104.439578] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=1634 PROTO=TCP SPT=54655 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:38:07.931Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T09:38:39.303Z","@version":"1","message":"Sep 15 09:38:39 honeypot-sgp-1 kernel: [84110826.669710] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.103 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58445 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:41:59 honeypot-ams-1 sshd[27631]: Received disconnect from 61.177.173.33 port 16695:11:  [preauth]","@timestamp":"2022-09-15T09:41:59.792Z"}
{"@timestamp":"2022-09-15T09:42:30.399Z","@version":"1","message":"Sep 15 09:42:30 honeypot-sgp-1 sshd[21378]: Disconnected from authenticating user root 179.43.156.143 port 33260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:43:17 honeypot-ams-1 sshd[27636]: Received disconnect from 86.110.184.234 port 53788:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:43:17.828Z"}
{"@timestamp":"2022-09-15T09:43:58.437Z","@version":"1","message":"Sep 15 09:43:58 honeypot-sgp-1 sshd[21384]: Received disconnect from 20.214.244.148 port 35154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:45:01 honeypot-fra-1 kernel: [84109518.524533] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.117.17.214 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=19327 DF PROTO=TCP SPT=54383 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:45:01.108Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T09:45:24.475Z","@version":"1","message":"Sep 15 09:45:24 honeypot-sgp-1 sshd[21390]: Invalid user nutanix from 179.43.156.143 port 42402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:46:00.492Z","@version":"1","message":"Sep 15 09:45:59 honeypot-sgp-1 kernel: [84111267.368014] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=11333 PROTO=TCP SPT=54655 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:47:07.521Z","@version":"1","message":"Sep 15 09:47:07 honeypot-sgp-1 sshd[21399]: Received disconnect from 179.43.156.143 port 59156:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:47:29 honeypot-ams-1 sshd[27643]: Received disconnect from 185.230.138.117 port 43166:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:47:30.939Z"}
{"@timestamp":"2022-09-15T09:48:23.555Z","@version":"1","message":"Sep 15 09:48:23 honeypot-sgp-1 sshd[21405]: Received disconnect from 179.43.156.143 port 51508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:50:15.602Z","@version":"1","message":"Sep 15 09:50:14 honeypot-sgp-1 sshd[21411]: Received disconnect from 179.43.156.143 port 40054:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:52:12 honeypot-fra-1 sshd[17802]: Connection closed by invalid user nvidia 103.188.176.251 port 45100 [preauth]","@timestamp":"2022-09-15T09:52:13.277Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T09:52:36.660Z","@version":"1","message":"Sep 15 09:52:36 honeypot-sgp-1 sshd[21416]: Disconnected from invalid user xij 104.248.251.225 port 50152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:57:55 honeypot-ams-1 sshd[27663]: Invalid user support from 179.60.147.69 port 58480","@timestamp":"2022-09-15T09:57:56.208Z"}
{"@timestamp":"2022-09-15T09:58:55.814Z","@version":"1","message":"Sep 15 09:58:55 honeypot-sgp-1 sshd[21424]: Connection closed by authenticating user root 137.116.144.39 port 59978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:03:34 honeypot-ams-1 kernel: [84112797.197146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.143 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=61919 PROTO=TCP SPT=26032 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:03:35.355Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:03:42 honeypot-fra-1 kernel: [84110639.700982] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=51607 PROTO=TCP SPT=53217 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:03:42.538Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:07:31 honeypot-fra-1 kernel: [84110869.136116] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.149.192.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=52472 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:07:32.631Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:09:20 honeypot-ams-1 sshd[27679]: Disconnected from authenticating user root 61.177.173.36 port 21114 [preauth]","@timestamp":"2022-09-15T10:09:20.502Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:13:09 honeypot-ams-1 sshd[27686]: Disconnected from authenticating user root 179.43.156.143 port 58554 [preauth]","@timestamp":"2022-09-15T10:13:10.602Z"}
{"@timestamp":"2022-09-15T10:13:27.169Z","@version":"1","message":"Sep 15 10:13:26 honeypot-sgp-1 kernel: [84112914.262866] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.97 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40911 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:14:24 honeypot-fra-1 sshd[17813]: Invalid user ecomode from 202.170.60.201 port 52718","@timestamp":"2022-09-15T10:14:25.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:14:57 honeypot-ams-1 sshd[27696]: Received disconnect from 179.43.156.143 port 49088:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:14:57.650Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:16:03 honeypot-fra-1 sshd[17816]: Disconnected from invalid user laurent 165.22.45.108 port 60524 [preauth]","@timestamp":"2022-09-15T10:16:03.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:16:08 honeypot-ams-1 sshd[27700]: Received disconnect from 179.43.156.143 port 42780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:16:08.684Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:16:48 honeypot-ams-1 kernel: [84113591.022942] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=57481 PROTO=TCP SPT=33740 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:16:49.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:13 honeypot-ams-1 sshd[27711]: Received disconnect from 45.228.19.1 port 57674:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:17:14.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:50 honeypot-ams-1 sshd[27715]: Received disconnect from 179.43.156.143 port 33322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:17:51.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:19:35 honeypot-ams-1 sshd[27724]: Received disconnect from 179.43.156.143 port 52102:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:19:35.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:21:24 honeypot-ams-1 sshd[27730]: Received disconnect from 179.43.156.143 port 42614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:21:25.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:23:05 honeypot-ams-1 sshd[27737]: Disconnected from invalid user testuser 203.240.232.56 port 39328 [preauth]","@timestamp":"2022-09-15T10:23:05.883Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:25:22 honeypot-ams-1 sshd[27746]: Invalid user majordomo from 124.160.96.249 port 63612","@timestamp":"2022-09-15T10:25:22.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:25:55 honeypot-fra-1 kernel: [84111973.159705] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=7191 DF PROTO=TCP SPT=58328 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:25:56.054Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:29:34 honeypot-ams-1 kernel: [84114356.323638] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.137.53 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5760 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:29:34.058Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:29:40 honeypot-fra-1 kernel: [84112197.602049] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.135.220.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24185 PROTO=TCP SPT=54708 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:29:41.144Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:30:42.581Z","@version":"1","message":"Sep 15 10:30:42 honeypot-sgp-1 kernel: [84113949.480788] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=9236 PROTO=TCP SPT=57298 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:32:05 honeypot-ams-1 sshd[27758]: Received disconnect from 61.177.173.33 port 52654:11:  [preauth]","@timestamp":"2022-09-15T10:32:05.125Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:35:05 honeypot-fra-1 kernel: [84112523.192159] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=13299 DF PROTO=TCP SPT=53093 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:35:06.268Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:37:05 honeypot-ams-1 sshd[27766]: Received disconnect from 61.177.173.47 port 35260:11:  [preauth]","@timestamp":"2022-09-15T10:37:05.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:39:44 honeypot-ams-1 sshd[27772]: Received disconnect from 103.176.179.185 port 45482:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:39:44.327Z"}
{"@timestamp":"2022-09-15T10:41:32.842Z","@version":"1","message":"Sep 15 10:41:32 honeypot-sgp-1 sshd[21440]: Received disconnect from 138.197.195.123 port 46068:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:42:32 honeypot-ams-1 sshd[27777]: Disconnected from authenticating user root 61.177.172.108 port 29870 [preauth]","@timestamp":"2022-09-15T10:42:33.398Z"}
{"@timestamp":"2022-09-15T10:44:22.914Z","@version":"1","message":"Sep 15 10:44:22 honeypot-sgp-1 sshd[21444]: Disconnected from invalid user user 198.98.61.9 port 52168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:40.923Z","@version":"1","message":"Sep 15 10:44:40 honeypot-sgp-1 sshd[21448]: Disconnected from invalid user user 198.98.61.9 port 47250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:57.931Z","@version":"1","message":"Sep 15 10:44:57 honeypot-sgp-1 sshd[21452]: Disconnected from invalid user user 198.98.61.9 port 42342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:44:59 honeypot-fra-1 kernel: [84113117.139655] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.134.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51038 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:45:00.496Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:45:13.939Z","@version":"1","message":"Sep 15 10:45:13 honeypot-sgp-1 sshd[21456]: Disconnected from invalid user user 198.98.61.9 port 37436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:19 honeypot-ams-1 sshd[27785]: Disconnected from invalid user user 141.255.162.226 port 58608 [preauth]","@timestamp":"2022-09-15T10:52:20.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:22 honeypot-ams-1 sshd[27789]: Disconnected from invalid user user 141.255.162.226 port 52270 [preauth]","@timestamp":"2022-09-15T10:52:22.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:25 honeypot-ams-1 sshd[27793]: Disconnected from invalid user user 141.255.162.226 port 38648 [preauth]","@timestamp":"2022-09-15T10:52:25.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:28 honeypot-ams-1 sshd[27797]: Disconnected from invalid user user 141.255.162.226 port 45946 [preauth]","@timestamp":"2022-09-15T10:52:28.655Z"}
{"@timestamp":"2022-09-15T10:56:09.201Z","@version":"1","message":"Sep 15 10:56:09 honeypot-sgp-1 kernel: [84115476.480824] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=14590 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:01:24 honeypot-ams-1 sshd[27806]: Disconnected from authenticating user root 49.70.82.59 port 60782 [preauth]","@timestamp":"2022-09-15T11:01:24.893Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:08:25 honeypot-fra-1 sshd[17835]: Connection closed by invalid user test 179.60.147.69 port 48074 [preauth]","@timestamp":"2022-09-15T11:08:25.020Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:09:02 honeypot-ams-1 kernel: [84116725.120592] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=41981 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:09:03.095Z"}
{"@timestamp":"2022-09-15T11:10:44.551Z","@version":"1","message":"Sep 15 11:10:43 honeypot-sgp-1 sshd[21465]: Disconnected from authenticating user root 190.12.102.58 port 37057 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:15:01 honeypot-ams-1 sshd[27824]: Received disconnect from 61.177.173.50 port 33262:11:  [preauth]","@timestamp":"2022-09-15T11:15:01.253Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:17:14 honeypot-fra-1 kernel: [84115051.864031] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34836 PROTO=TCP SPT=58138 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:17:15.221Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:20:24 honeypot-ams-1 kernel: [84117406.572006] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.150.94.243 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=59 ID=19739 PROTO=TCP SPT=5973 DPT=80 WINDOW=3149 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:20:24.394Z"}
{"@timestamp":"2022-09-15T11:25:02.898Z","@version":"1","message":"Sep 15 11:25:02 honeypot-sgp-1 kernel: [84117209.776994] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=6935 PROTO=TCP SPT=42359 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:28:58 honeypot-fra-1 sshd[17846]: Connection closed by authenticating user root 137.116.144.39 port 60588 [preauth]","@timestamp":"2022-09-15T11:28:58.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:31:13 honeypot-fra-1 kernel: [84115890.423894] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=19677 PROTO=TCP SPT=58070 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:31:13.575Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T11:32:54.090Z","@version":"1","message":"Sep 15 11:32:53 honeypot-sgp-1 sshd[21477]: Disconnected from authenticating user root 209.141.52.250 port 32920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:34:01 honeypot-ams-1 sshd[27841]: Received disconnect from 61.177.173.51 port 63243:11:  [preauth]","@timestamp":"2022-09-15T11:34:01.742Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:35:14 honeypot-ams-1 kernel: [84118296.397560] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.115 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37176 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:35:14.777Z"}
{"@timestamp":"2022-09-15T11:35:26.159Z","@version":"1","message":"Sep 15 11:35:25 honeypot-sgp-1 sshd[21483]: Received disconnect from 159.89.40.119 port 54338:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:37:01.200Z","@version":"1","message":"Sep 15 11:37:00 honeypot-sgp-1 sshd[21487]: Disconnected from invalid user er 103.161.236.11 port 58896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:39:26 honeypot-fra-1 kernel: [84116383.295691] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.74 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=49338 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:39:26.754Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:40:51 honeypot-fra-1 sshd[17860]: Disconnected from authenticating user root 137.184.73.220 port 44202 [preauth]","@timestamp":"2022-09-15T11:40:51.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:41:10.304Z","@version":"1","message":"Sep 15 11:41:10 honeypot-sgp-1 kernel: [84118177.553113] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.100.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=55584 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:42:57 honeypot-ams-1 sshd[27851]: Disconnected from authenticating user root 80.76.51.45 port 40252 [preauth]","@timestamp":"2022-09-15T11:42:57.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:32 honeypot-ams-1 sshd[27857]: Invalid user test from 80.76.51.45 port 47346","@timestamp":"2022-09-15T11:43:33.014Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:44:07 honeypot-ams-1 sshd[27861]: Disconnected from authenticating user root 80.76.51.45 port 54418 [preauth]","@timestamp":"2022-09-15T11:44:08.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:44:57 honeypot-ams-1 sshd[27868]: Disconnected from authenticating user root 80.76.51.45 port 50926 [preauth]","@timestamp":"2022-09-15T11:44:58.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:45:47 honeypot-ams-1 sshd[27876]: Received disconnect from 80.76.51.45 port 47604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:45:48.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:46:03 honeypot-ams-1 sshd[27880]: Disconnected from invalid user user 80.76.51.45 port 37030 [preauth]","@timestamp":"2022-09-15T11:46:04.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:46:10 honeypot-fra-1 sshd[17865]: Received disconnect from 118.70.169.150 port 52472:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:46:10.911Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:47:23.459Z","@version":"1","message":"Sep 15 11:47:22 honeypot-sgp-1 sshd[21495]: Connection closed by invalid user guest 179.60.147.69 port 31608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:52:05 honeypot-fra-1 sshd[17870]: Received disconnect from 178.62.233.100 port 47698:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:52:06.047Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:54:59 honeypot-ams-1 sshd[27890]: Received disconnect from 61.177.172.104 port 46788:11:  [preauth]","@timestamp":"2022-09-15T11:55:00.322Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:56:49 honeypot-fra-1 kernel: [84117426.779903] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=50615 PROTO=TCP SPT=42933 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:56:50.155Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:00:27.777Z","@version":"1","message":"Sep 15 12:00:27 honeypot-sgp-1 sshd[21501]: Received disconnect from 193.142.146.50 port 53516:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:01:44 honeypot-ams-1 sshd[27901]: Disconnected from authenticating user root 61.177.173.53 port 60796 [preauth]","@timestamp":"2022-09-15T12:01:45.497Z"}
{"@timestamp":"2022-09-15T12:02:11.821Z","@version":"1","message":"Sep 15 12:02:11 honeypot-sgp-1 sshd[21507]: Received disconnect from 193.142.146.50 port 43378:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:35.834Z","@version":"1","message":"Sep 15 12:02:35 honeypot-sgp-1 sshd[21513]: Received disconnect from 45.61.186.49 port 49218:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:41.837Z","@version":"1","message":"Sep 15 12:02:41 honeypot-sgp-1 sshd[21517]: Disconnected from invalid user user 45.61.186.49 port 54966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:52.843Z","@version":"1","message":"Sep 15 12:02:52 honeypot-sgp-1 sshd[21521]: Disconnected from invalid user user 45.61.186.49 port 38234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:05.876Z","@version":"1","message":"Sep 15 12:04:05 honeypot-sgp-1 sshd[21527]: Disconnected from authenticating user root 193.142.146.50 port 51880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:34.890Z","@version":"1","message":"Sep 15 12:04:34 honeypot-sgp-1 sshd[21531]: Received disconnect from 193.142.146.50 port 60928:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:04:35 honeypot-fra-1 sshd[17878]: Disconnected from authenticating user root 122.176.52.13 port 14367 [preauth]","@timestamp":"2022-09-15T12:04:36.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:05:38 honeypot-fra-1 sshd[17882]: Disconnected from invalid user lavinia 165.22.45.108 port 42464 [preauth]","@timestamp":"2022-09-15T12:05:39.362Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:08:43.993Z","@version":"1","message":"Sep 15 12:08:43 honeypot-sgp-1 sshd[21537]: Disconnected from invalid user nagios 128.199.19.74 port 51748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:08.054Z","@version":"1","message":"Sep 15 12:11:07 honeypot-sgp-1 sshd[21542]: Received disconnect from 45.61.184.204 port 39190:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:27.064Z","@version":"1","message":"Sep 15 12:11:26 honeypot-sgp-1 sshd[21547]: Received disconnect from 45.61.184.204 port 33990:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:46.074Z","@version":"1","message":"Sep 15 12:11:45 honeypot-sgp-1 sshd[21551]: Received disconnect from 45.61.184.204 port 57022:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:12:47 honeypot-fra-1 sshd[17889]: Invalid user admin from 128.199.160.207 port 54934","@timestamp":"2022-09-15T12:12:48.544Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:14:54.152Z","@version":"1","message":"Sep 15 12:14:53 honeypot-sgp-1 sshd[21556]: Received disconnect from 92.255.85.70 port 60058:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:01 honeypot-fra-1 sshd[17894]: Invalid user user from 45.61.187.160 port 59388","@timestamp":"2022-09-15T12:15:02.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:21 honeypot-fra-1 sshd[17898]: Invalid user user from 45.61.187.160 port 53846","@timestamp":"2022-09-15T12:15:22.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:40 honeypot-fra-1 sshd[17902]: Invalid user user from 45.61.187.160 port 48302","@timestamp":"2022-09-15T12:15:40.619Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:15:46 honeypot-ams-1 sshd[27909]: Connection closed by invalid user tomcat 193.106.191.157 port 56144 [preauth]","@timestamp":"2022-09-15T12:15:46.865Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:51 honeypot-fra-1 sshd[17906]: Received disconnect from 164.90.149.69 port 34376:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:15:51.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:16:59 honeypot-fra-1 sshd[17911]: Received disconnect from 139.59.78.156 port 40958:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:16:59.652Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:30 honeypot-ams-1 sshd[27918]: Invalid user user from 45.61.186.249 port 55184","@timestamp":"2022-09-15T12:18:30.938Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:50 honeypot-ams-1 sshd[27922]: Invalid user user from 45.61.186.249 port 49518","@timestamp":"2022-09-15T12:18:50.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:08 honeypot-ams-1 sshd[27926]: Invalid user user from 45.61.186.249 port 43854","@timestamp":"2022-09-15T12:19:08.977Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:25 honeypot-ams-1 sshd[27930]: Invalid user user from 45.61.186.249 port 38192","@timestamp":"2022-09-15T12:19:25.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:20:24 honeypot-ams-1 sshd[27934]: Received disconnect from 92.255.85.70 port 49170:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:20:25.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:21:22 honeypot-fra-1 sshd[17916]: Connection closed by invalid user pengfan 103.188.176.251 port 44456 [preauth]","@timestamp":"2022-09-15T12:21:22.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:21:23 honeypot-ams-1 sshd[27940]: Received disconnect from 61.177.172.98 port 47126:11:  [preauth]","@timestamp":"2022-09-15T12:21:24.044Z"}
{"@timestamp":"2022-09-15T12:25:29.408Z","@version":"1","message":"Sep 15 12:25:29 honeypot-sgp-1 sshd[21563]: Connection closed by invalid user admin 178.128.125.205 port 48424 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:25:29.408Z","@version":"1","message":"Sep 15 12:25:29 honeypot-sgp-1 sshd[21569]: Connection closed by invalid user admin 178.128.125.205 port 48464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:25:29 honeypot-fra-1 sshd[17921]: Received disconnect from 92.255.85.70 port 22518:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:25:29.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:27:02 honeypot-fra-1 sshd[17925]: Received disconnect from 89.28.92.118 port 49518:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:27:02.910Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:28:29.484Z","@version":"1","message":"Sep 15 12:28:28 honeypot-sgp-1 sshd[21576]: Received disconnect from 109.42.178.255 port 5636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:32.487Z","@version":"1","message":"Sep 15 12:28:31 honeypot-sgp-1 sshd[21580]: Disconnected from invalid user ubnt 109.42.178.255 port 29744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:36.489Z","@version":"1","message":"Sep 15 12:28:36 honeypot-sgp-1 sshd[21586]: Disconnected from authenticating user root 109.42.178.255 port 1685 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:41.491Z","@version":"1","message":"Sep 15 12:28:40 honeypot-sgp-1 sshd[21592]: Disconnected from authenticating user root 109.42.178.255 port 12291 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:45.495Z","@version":"1","message":"Sep 15 12:28:44 honeypot-sgp-1 sshd[21598]: Disconnected from authenticating user root 109.42.178.255 port 15149 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:49.497Z","@version":"1","message":"Sep 15 12:28:49 honeypot-sgp-1 sshd[21604]: Disconnected from authenticating user root 109.42.178.255 port 6315 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:54.499Z","@version":"1","message":"Sep 15 12:28:53 honeypot-sgp-1 sshd[21610]: Disconnected from authenticating user root 109.42.178.255 port 20293 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:58.502Z","@version":"1","message":"Sep 15 12:28:58 honeypot-sgp-1 sshd[21616]: Disconnected from authenticating user root 109.42.178.255 port 4203 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:02.505Z","@version":"1","message":"Sep 15 12:29:02 honeypot-sgp-1 sshd[21622]: Disconnected from authenticating user root 109.42.178.255 port 3565 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:07.508Z","@version":"1","message":"Sep 15 12:29:06 honeypot-sgp-1 sshd[21628]: Disconnected from authenticating user root 109.42.178.255 port 2800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:11.510Z","@version":"1","message":"Sep 15 12:29:11 honeypot-sgp-1 sshd[21634]: Disconnected from authenticating user root 109.42.178.255 port 30509 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:16.514Z","@version":"1","message":"Sep 15 12:29:15 honeypot-sgp-1 sshd[21640]: Disconnected from authenticating user root 109.42.178.255 port 27501 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:20.517Z","@version":"1","message":"Sep 15 12:29:19 honeypot-sgp-1 sshd[21646]: Disconnected from authenticating user root 109.42.178.255 port 5144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:23.518Z","@version":"1","message":"Sep 15 12:29:22 honeypot-sgp-1 sshd[21650]: Disconnected from invalid user admin 109.42.178.255 port 13735 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:26.520Z","@version":"1","message":"Sep 15 12:29:25 honeypot-sgp-1 sshd[21654]: Disconnected from invalid user admin 109.42.178.255 port 5371 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:28.522Z","@version":"1","message":"Sep 15 12:29:28 honeypot-sgp-1 sshd[21658]: Disconnected from invalid user admin 109.42.178.255 port 29674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:31.524Z","@version":"1","message":"Sep 15 12:29:31 honeypot-sgp-1 sshd[21662]: Disconnected from invalid user admin 109.42.178.255 port 14227 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:34.526Z","@version":"1","message":"Sep 15 12:29:34 honeypot-sgp-1 sshd[21666]: Disconnected from invalid user admin 109.42.178.255 port 13033 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:39.529Z","@version":"1","message":"Sep 15 12:29:38 honeypot-sgp-1 sshd[21672]: Received disconnect from 109.42.178.255 port 30164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:42.531Z","@version":"1","message":"Sep 15 12:29:41 honeypot-sgp-1 sshd[21676]: Received disconnect from 109.42.178.255 port 23053:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:44.532Z","@version":"1","message":"Sep 15 12:29:44 honeypot-sgp-1 sshd[21680]: Received disconnect from 109.42.178.255 port 9105:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:47.535Z","@version":"1","message":"Sep 15 12:29:47 honeypot-sgp-1 sshd[21684]: Received disconnect from 109.42.178.255 port 17539:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:50.536Z","@version":"1","message":"Sep 15 12:29:50 honeypot-sgp-1 sshd[21688]: Received disconnect from 109.42.178.255 port 19400:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:53.538Z","@version":"1","message":"Sep 15 12:29:53 honeypot-sgp-1 sshd[21692]: Received disconnect from 109.42.178.255 port 4853:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:56.540Z","@version":"1","message":"Sep 15 12:29:56 honeypot-sgp-1 sshd[21696]: Received disconnect from 109.42.178.255 port 13877:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:59.542Z","@version":"1","message":"Sep 15 12:29:58 honeypot-sgp-1 sshd[21700]: Received disconnect from 109.42.178.255 port 31205:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:02.545Z","@version":"1","message":"Sep 15 12:30:01 honeypot-sgp-1 sshd[21704]: Received disconnect from 109.42.178.255 port 5852:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:05.546Z","@version":"1","message":"Sep 15 12:30:04 honeypot-sgp-1 sshd[21708]: Received disconnect from 109.42.178.255 port 25641:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:08.548Z","@version":"1","message":"Sep 15 12:30:07 honeypot-sgp-1 sshd[21712]: Received disconnect from 109.42.178.255 port 4351:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:10.550Z","@version":"1","message":"Sep 15 12:30:10 honeypot-sgp-1 sshd[21716]: Received disconnect from 109.42.178.255 port 25475:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:31:17 honeypot-ams-1 sshd[28023]: Disconnected from authenticating user root 185.149.120.47 port 44286 [preauth]","@timestamp":"2022-09-15T12:31:18.300Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:34:07 honeypot-ams-1 sshd[28026]: Disconnecting invalid user  81.17.25.50 port 2567: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:34:07.377Z"}
{"@timestamp":"2022-09-15T12:34:42.664Z","@version":"1","message":"Sep 15 12:34:42 honeypot-sgp-1 sshd[21722]: Invalid user user from 141.255.162.226 port 57876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:34:43 honeypot-fra-1 sshd[17931]: Received disconnect from 189.33.0.103 port 52308:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:34:44.090Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:34:44.667Z","@version":"1","message":"Sep 15 12:34:44 honeypot-sgp-1 sshd[21726]: Invalid user user from 141.255.162.226 port 51414","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:34:48.669Z","@version":"1","message":"Sep 15 12:34:48 honeypot-sgp-1 sshd[21730]: Invalid user user from 141.255.162.226 port 37704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:35:33 honeypot-ams-1 sshd[28034]: Disconnecting invalid user cameras 81.17.25.50 port 13128: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:35:34.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:37:26 honeypot-ams-1 sshd[28040]: Disconnecting invalid user  81.17.25.50 port 64481: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:37:26.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:39:45 honeypot-ams-1 sshd[28049]: Disconnecting invalid user admin 81.17.25.50 port 9724: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:39:46.538Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:41:22 honeypot-ams-1 sshd[28057]: Disconnecting authenticating user root 81.17.25.50 port 41990: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:41:22.587Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:43:00 honeypot-ams-1 sshd[28063]: Invalid user Admin from 81.17.25.50 port 31497","@timestamp":"2022-09-15T12:43:00.633Z"}
{"@timestamp":"2022-09-15T12:44:14.897Z","@version":"1","message":"Sep 15 12:44:14 honeypot-sgp-1 kernel: [84121961.797789] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.248.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=51043 PROTO=TCP SPT=42361 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:44:43 honeypot-ams-1 sshd[28072]: Invalid user user from 81.17.25.50 port 55870","@timestamp":"2022-09-15T12:44:43.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:46:14 honeypot-ams-1 sshd[28078]: Disconnecting invalid user blank 81.17.25.50 port 26404: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:46:14.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:47:20 honeypot-ams-1 sshd[28088]: Disconnecting invalid user 1234 81.17.25.50 port 23413: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:47:21.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:07 honeypot-ams-1 sshd[28096]: Disconnected from authenticating user root 61.177.173.50 port 64914 [preauth]","@timestamp":"2022-09-15T12:48:07.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:56 honeypot-ams-1 sshd[28103]: Invalid user 1234 from 81.17.25.50 port 23563","@timestamp":"2022-09-15T12:48:57.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:49:05 honeypot-fra-1 sshd[17934]: Received disconnect from 190.153.249.99 port 35721:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:49:05.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:22 honeypot-ams-1 sshd[28109]: Disconnecting invalid user  81.17.25.50 port 7922: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:49:22.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:50:02 honeypot-ams-1 sshd[28117]: Received disconnect from 150.136.132.142 port 26095:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:50:02.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:50:24 honeypot-fra-1 sshd[17939]: Received disconnect from 92.255.85.70 port 17804:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:50:25.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:50:59.066Z","@version":"1","message":"Sep 15 12:50:58 honeypot-sgp-1 sshd[21738]: Received disconnect from 143.198.140.38 port 51366:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:51:07 honeypot-ams-1 sshd[28121]: Invalid user zhone from 81.17.25.50 port 44046","@timestamp":"2022-09-15T12:51:07.887Z"}
{"@timestamp":"2022-09-15T12:52:19.102Z","@version":"1","message":"Sep 15 12:52:18 honeypot-sgp-1 sshd[21742]: Connection closed by invalid user pi 79.232.100.20 port 38132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:52:39 honeypot-ams-1 sshd[28125]: Disconnecting authenticating user root 81.17.25.50 port 8571: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:52:39.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:53:17 honeypot-ams-1 sshd[28129]: Disconnecting invalid user admin 81.17.25.50 port 28449: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:53:17.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:54:14 honeypot-ams-1 sshd[28138]: Invalid user cusadmin from 81.17.25.50 port 29373","@timestamp":"2022-09-15T12:54:14.982Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:56:56 honeypot-ams-1 sshd[28144]: Invalid user lgnortel from 81.17.25.50 port 53433","@timestamp":"2022-09-15T12:56:57.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:57:48 honeypot-ams-1 sshd[28150]: Invalid user admin from 81.17.25.50 port 19004","@timestamp":"2022-09-15T12:57:49.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:58:00 honeypot-fra-1 sshd[17944]: Received disconnect from 165.22.45.108 port 47516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:58:00.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:59:02 honeypot-ams-1 sshd[28156]: Invalid user admin1234 from 81.17.25.50 port 5643","@timestamp":"2022-09-15T12:59:03.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:59:57 honeypot-ams-1 sshd[28164]: Invalid user admin from 81.17.25.50 port 5000","@timestamp":"2022-09-15T12:59:58.149Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:42 honeypot-ams-1 sshd[28170]: Invalid user blank from 81.17.25.50 port 60264","@timestamp":"2022-09-15T13:00:43.173Z"}
{"@timestamp":"2022-09-15T13:00:44.314Z","@version":"1","message":"Sep 15 13:00:43 honeypot-sgp-1 kernel: [84122950.898040] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=49323 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:01:03 honeypot-fra-1 sshd[17948]: Disconnected from invalid user gh 67.207.94.180 port 35348 [preauth]","@timestamp":"2022-09-15T13:01:03.691Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:01:30 honeypot-ams-1 sshd[28176]: Disconnecting invalid user airlive 81.17.25.50 port 22914: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:01:31.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:02:31 honeypot-ams-1 sshd[28182]: Disconnecting invalid user roqos 81.17.25.50 port 29712: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:02:31.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:03:33 honeypot-ams-1 sshd[28188]: Invalid user sitecom from 81.17.25.50 port 39006","@timestamp":"2022-09-15T13:03:34.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:04:03 honeypot-ams-1 sshd[28192]: Disconnecting invalid user smcadmin 81.17.25.50 port 5389: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:04:04.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:05:09 honeypot-ams-1 sshd[28200]: Disconnecting invalid user highspeed 81.17.25.50 port 16982: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:05:09.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:11 honeypot-ams-1 sshd[28206]: Disconnecting invalid user  81.17.25.50 port 21522: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:06:11.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:23 honeypot-ams-1 sshd[28213]: Connection closed by invalid user debian 179.60.147.69 port 12438 [preauth]","@timestamp":"2022-09-15T13:06:24.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:06:40 honeypot-fra-1 sshd[17955]: Received disconnect from 157.245.46.21 port 39774:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:06:40.820Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:57 honeypot-ams-1 sshd[28219]: Invalid user public from 81.17.25.50 port 61297","@timestamp":"2022-09-15T13:06:57.454Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:07:22 honeypot-ams-1 kernel: [84123824.683317] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=101.33.247.52 DST=178.62.254.91 LEN=60 TOS=0x08 PREC=0x00 TTL=45 ID=5804 DF PROTO=TCP SPT=34518 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:07:23.468Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:06 honeypot-ams-1 sshd[28235]: Invalid user 123456 from 81.17.25.50 port 59075","@timestamp":"2022-09-15T13:08:06.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:09 honeypot-ams-1 sshd[28239]: Disconnected from authenticating user root 80.76.51.189 port 37078 [preauth]","@timestamp":"2022-09-15T13:08:10.493Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:40 honeypot-ams-1 sshd[28247]: Disconnected from authenticating user root 80.76.51.189 port 57350 [preauth]","@timestamp":"2022-09-15T13:08:41.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:01 honeypot-ams-1 sshd[28251]: Disconnecting invalid user admin 81.17.25.50 port 43811: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:09:01.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:23 honeypot-ams-1 sshd[28258]: Disconnecting invalid user 0 81.17.25.50 port 55628: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:09:23.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:37 honeypot-ams-1 sshd[28264]: Disconnecting invalid user admin 81.17.25.50 port 17114: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:09:38.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:53 honeypot-ams-1 sshd[28270]: Invalid user ltecl4r0 from 81.17.25.50 port 27324","@timestamp":"2022-09-15T13:09:53.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:11:18 honeypot-ams-1 sshd[28279]: Received disconnect from 80.76.51.189 port 46324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:11:18.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:12:22 honeypot-ams-1 sshd[28283]: Received disconnect from 80.76.51.189 port 58872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:12:22.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:13:28 honeypot-ams-1 sshd[28287]: Received disconnect from 80.76.51.189 port 43176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:13:28.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:14:36 honeypot-ams-1 sshd[28292]: Received disconnect from 80.76.51.189 port 55712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:14:36.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:15:43 honeypot-fra-1 sshd[17960]: Disconnected from invalid user Administrator 92.255.85.69 port 51366 [preauth]","@timestamp":"2022-09-15T13:15:44.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:15:45 honeypot-ams-1 sshd[28296]: Received disconnect from 80.76.51.189 port 40018:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:15:45.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:01 honeypot-ams-1 CRON[28304]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T13:17:02.749Z"}
{"@timestamp":"2022-09-15T13:17:01.723Z","@version":"1","message":"Sep 15 13:17:01 honeypot-sgp-1 CRON[21757]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:27 honeypot-ams-1 sshd[28309]: Received disconnect from 80.76.51.189 port 44676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:17:27.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:55 honeypot-ams-1 sshd[28313]: Received disconnect from 198.98.61.9 port 47278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:17:55.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:03 honeypot-ams-1 sshd[28317]: Received disconnect from 198.98.61.9 port 59008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:18:04.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:20 honeypot-ams-1 sshd[28321]: Received disconnect from 198.98.61.9 port 54230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:18:20.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:28 honeypot-ams-1 sshd[28325]: Disconnected from invalid user user 198.98.61.9 port 37728 [preauth]","@timestamp":"2022-09-15T13:18:29.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:41 honeypot-ams-1 sshd[28331]: Received disconnect from 61.177.173.35 port 59222:11:  [preauth]","@timestamp":"2022-09-15T13:18:41.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:19:47 honeypot-ams-1 sshd[28336]: Disconnected from invalid user odoo 80.76.51.189 port 41530 [preauth]","@timestamp":"2022-09-15T13:19:47.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:28 honeypot-fra-1 sshd[17967]: Invalid user admin from 192.174.125.154 port 63105","@timestamp":"2022-09-15T13:23:28.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:30 honeypot-fra-1 sshd[17972]: Received disconnect from 192.174.125.154 port 11937:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:30.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:32 honeypot-fra-1 sshd[17976]: Received disconnect from 192.174.125.154 port 24193:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:32.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:33 honeypot-fra-1 sshd[17980]: Disconnected from invalid user admin 192.174.125.154 port 36577 [preauth]","@timestamp":"2022-09-15T13:23:34.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:36 honeypot-fra-1 sshd[17984]: Disconnected from invalid user user2 192.174.125.154 port 48641 [preauth]","@timestamp":"2022-09-15T13:23:36.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:38 honeypot-fra-1 sshd[17990]: Invalid user user from 192.174.125.154 port 3201","@timestamp":"2022-09-15T13:23:39.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:40 honeypot-fra-1 sshd[17994]: Received disconnect from 192.174.125.154 port 14497:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:41.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:42 honeypot-fra-1 sshd[17998]: Received disconnect from 192.174.125.154 port 25537:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:43.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:44 honeypot-fra-1 sshd[18002]: Disconnected from authenticating user root 192.174.125.154 port 37377 [preauth]","@timestamp":"2022-09-15T13:23:45.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:46 honeypot-fra-1 sshd[18006]: Disconnected from invalid user user 192.174.125.154 port 49377 [preauth]","@timestamp":"2022-09-15T13:23:47.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:49 honeypot-fra-1 sshd[18012]: Invalid user admin from 192.174.125.154 port 3938","@timestamp":"2022-09-15T13:23:50.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:51 honeypot-fra-1 sshd[18016]: Invalid user user2 from 192.174.125.154 port 15681","@timestamp":"2022-09-15T13:23:52.217Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:53 honeypot-fra-1 sshd[18020]: Received disconnect from 192.174.125.154 port 27745:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:54.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:55 honeypot-fra-1 sshd[18024]: Received disconnect from 192.174.125.154 port 39329:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:56.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:57 honeypot-fra-1 sshd[18028]: Disconnected from invalid user admin 192.174.125.154 port 51425 [preauth]","@timestamp":"2022-09-15T13:23:58.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:59 honeypot-fra-1 sshd[18032]: Disconnected from invalid user user2 192.174.125.154 port 62913 [preauth]","@timestamp":"2022-09-15T13:24:00.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:02 honeypot-fra-1 sshd[18038]: Invalid user user from 192.174.125.154 port 19010","@timestamp":"2022-09-15T13:24:03.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:24:05 honeypot-ams-1 sshd[28342]: Invalid user steam from 92.255.85.70 port 16392","@timestamp":"2022-09-15T13:24:05.948Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:10 honeypot-fra-1 sshd[18040]: Disconnected from invalid user user2 192.174.125.154 port 4961 [preauth]","@timestamp":"2022-09-15T13:24:11.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:13 honeypot-fra-1 sshd[18046]: Invalid user user from 192.174.125.154 port 22145","@timestamp":"2022-09-15T13:24:14.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:15 honeypot-fra-1 sshd[18050]: Received disconnect from 192.174.125.154 port 33441:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:16.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:17 honeypot-fra-1 sshd[18054]: Received disconnect from 192.174.125.154 port 45474:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:18.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:19 honeypot-fra-1 sshd[18058]: Disconnected from authenticating user root 192.174.125.154 port 57313 [preauth]","@timestamp":"2022-09-15T13:24:20.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:22 honeypot-fra-1 sshd[18062]: Disconnected from invalid user user 192.174.125.154 port 7233 [preauth]","@timestamp":"2022-09-15T13:24:22.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:24 honeypot-fra-1 sshd[18068]: Invalid user admin from 192.174.125.154 port 24737","@timestamp":"2022-09-15T13:24:25.238Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:26 honeypot-fra-1 sshd[18072]: Invalid user user2 from 192.174.125.154 port 37217","@timestamp":"2022-09-15T13:24:27.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:29 honeypot-fra-1 sshd[18076]: Received disconnect from 192.174.125.154 port 49089:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:29.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:31 honeypot-fra-1 sshd[18080]: Received disconnect from 192.174.125.154 port 61186:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:31.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:33 honeypot-fra-1 sshd[18084]: Disconnected from invalid user admin 192.174.125.154 port 10177 [preauth]","@timestamp":"2022-09-15T13:24:33.244Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:35 honeypot-fra-1 sshd[18088]: Disconnected from invalid user user2 192.174.125.154 port 22113 [preauth]","@timestamp":"2022-09-15T13:24:35.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:37 honeypot-fra-1 sshd[18094]: Invalid user user from 192.174.125.154 port 40257","@timestamp":"2022-09-15T13:24:38.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:40 honeypot-fra-1 sshd[18098]: Received disconnect from 192.174.125.154 port 52289:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:40.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:42 honeypot-fra-1 sshd[18102]: Received disconnect from 192.174.125.154 port 64354:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:42.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:44 honeypot-fra-1 sshd[18106]: Disconnected from authenticating user root 192.174.125.154 port 13634 [preauth]","@timestamp":"2022-09-15T13:24:44.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:46 honeypot-fra-1 sshd[18110]: Disconnected from invalid user user 192.174.125.154 port 25633 [preauth]","@timestamp":"2022-09-15T13:24:46.253Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:48 honeypot-fra-1 sshd[18116]: Invalid user admin from 192.174.125.154 port 44865","@timestamp":"2022-09-15T13:24:49.255Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:50 honeypot-fra-1 sshd[18120]: Invalid user user2 from 192.174.125.154 port 57537","@timestamp":"2022-09-15T13:24:51.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:53 honeypot-fra-1 sshd[18124]: Received disconnect from 192.174.125.154 port 6402:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:53.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:55 honeypot-fra-1 sshd[18128]: Received disconnect from 192.174.125.154 port 18913:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:55.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:57 honeypot-fra-1 sshd[18132]: Disconnected from invalid user admin 192.174.125.154 port 30977 [preauth]","@timestamp":"2022-09-15T13:24:57.260Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:59 honeypot-fra-1 sshd[18136]: Disconnected from invalid user user2 192.174.125.154 port 43265 [preauth]","@timestamp":"2022-09-15T13:24:59.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:02 honeypot-fra-1 sshd[18142]: Invalid user user from 192.174.125.154 port 61761","@timestamp":"2022-09-15T13:25:02.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:03 honeypot-fra-1 kernel: [84122720.389480] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=16182 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:25:04.265Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:06 honeypot-fra-1 sshd[18150]: Invalid user user from 192.174.125.154 port 22209","@timestamp":"2022-09-15T13:25:06.267Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:08 honeypot-fra-1 sshd[18154]: Received disconnect from 192.174.125.154 port 34081:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:08.268Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:10 honeypot-fra-1 sshd[18158]: Received disconnect from 192.174.125.154 port 45409:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:10.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:12 honeypot-fra-1 sshd[18162]: Disconnected from authenticating user root 192.174.125.154 port 57441 [preauth]","@timestamp":"2022-09-15T13:25:12.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:14 honeypot-fra-1 sshd[18166]: Disconnected from invalid user user 192.174.125.154 port 6785 [preauth]","@timestamp":"2022-09-15T13:25:14.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:17 honeypot-fra-1 sshd[18172]: Invalid user admin from 192.174.125.154 port 24929","@timestamp":"2022-09-15T13:25:17.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:19 honeypot-fra-1 sshd[18176]: Invalid user user2 from 192.174.125.154 port 36161","@timestamp":"2022-09-15T13:25:19.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:21 honeypot-fra-1 sshd[18180]: Received disconnect from 192.174.125.154 port 48033:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:21.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:23 honeypot-fra-1 sshd[18184]: Received disconnect from 192.174.125.154 port 60321:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:23.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:25 honeypot-fra-1 sshd[18188]: Disconnected from invalid user admin 192.174.125.154 port 9249 [preauth]","@timestamp":"2022-09-15T13:25:25.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:27 honeypot-fra-1 sshd[18192]: Disconnected from invalid user user2 192.174.125.154 port 21281 [preauth]","@timestamp":"2022-09-15T13:25:27.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:30 honeypot-fra-1 sshd[18198]: Invalid user user from 192.174.125.154 port 39009","@timestamp":"2022-09-15T13:25:30.284Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:32 honeypot-fra-1 sshd[18202]: Received disconnect from 192.174.125.154 port 50657:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:32.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:34 honeypot-fra-1 sshd[18206]: Received disconnect from 192.174.125.154 port 62337:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:35.287Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:36 honeypot-fra-1 sshd[18210]: Disconnected from authenticating user root 192.174.125.154 port 11426 [preauth]","@timestamp":"2022-09-15T13:25:36.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:38 honeypot-fra-1 sshd[18214]: Disconnected from invalid user user 192.174.125.154 port 23009 [preauth]","@timestamp":"2022-09-15T13:25:39.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:41 honeypot-fra-1 sshd[18220]: Invalid user admin from 192.174.125.154 port 40097","@timestamp":"2022-09-15T13:25:41.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:43 honeypot-fra-1 sshd[18224]: Invalid user user2 from 192.174.125.154 port 51041","@timestamp":"2022-09-15T13:25:43.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:45 honeypot-fra-1 sshd[18228]: Received disconnect from 192.174.125.154 port 62657:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:45.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:47 honeypot-fra-1 sshd[18232]: Received disconnect from 192.174.125.154 port 10945:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:47.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:49 honeypot-fra-1 sshd[18236]: Disconnected from invalid user admin 192.174.125.154 port 22273 [preauth]","@timestamp":"2022-09-15T13:25:50.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:51 honeypot-fra-1 sshd[18240]: Disconnected from invalid user user2 192.174.125.154 port 33921 [preauth]","@timestamp":"2022-09-15T13:25:52.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:54 honeypot-fra-1 sshd[18246]: Invalid user user from 192.174.125.154 port 49633","@timestamp":"2022-09-15T13:25:54.300Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:56 honeypot-fra-1 sshd[18250]: Received disconnect from 192.174.125.154 port 61729:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:57.302Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:58 honeypot-fra-1 sshd[18254]: Received disconnect from 192.174.125.154 port 9697:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:58.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:00 honeypot-fra-1 sshd[18258]: Disconnected from authenticating user root 192.174.125.154 port 20737 [preauth]","@timestamp":"2022-09-15T13:26:00.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:02 honeypot-fra-1 sshd[18262]: Disconnected from invalid user user 192.174.125.154 port 32097 [preauth]","@timestamp":"2022-09-15T13:26:02.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:05 honeypot-fra-1 sshd[18268]: Invalid user admin from 192.174.125.154 port 47969","@timestamp":"2022-09-15T13:26:05.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:07 honeypot-fra-1 sshd[18273]: Invalid user user2 from 192.174.125.154 port 58945","@timestamp":"2022-09-15T13:26:07.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:09 honeypot-fra-1 sshd[18277]: Received disconnect from 192.174.125.154 port 6689:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:10.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:11 honeypot-fra-1 sshd[18281]: Received disconnect from 192.174.125.154 port 17121:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:11.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:13 honeypot-fra-1 sshd[18285]: Disconnected from invalid user admin 192.174.125.154 port 27777 [preauth]","@timestamp":"2022-09-15T13:26:13.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:15 honeypot-fra-1 sshd[18289]: Disconnected from invalid user user2 192.174.125.154 port 38498 [preauth]","@timestamp":"2022-09-15T13:26:15.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:18 honeypot-fra-1 sshd[18295]: Invalid user user from 192.174.125.154 port 54625","@timestamp":"2022-09-15T13:26:18.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:20 honeypot-fra-1 sshd[18299]: Received disconnect from 192.174.125.154 port 2305:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:20.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:22 honeypot-fra-1 sshd[18303]: Received disconnect from 192.174.125.154 port 12963:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:22.319Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:24 honeypot-fra-1 sshd[18307]: Disconnected from authenticating user root 192.174.125.154 port 23393 [preauth]","@timestamp":"2022-09-15T13:26:24.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:26 honeypot-fra-1 sshd[18311]: Disconnected from invalid user user 192.174.125.154 port 34241 [preauth]","@timestamp":"2022-09-15T13:26:26.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:29 honeypot-fra-1 sshd[18317]: Invalid user admin from 192.174.125.154 port 50465","@timestamp":"2022-09-15T13:26:29.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:31 honeypot-fra-1 sshd[18321]: Invalid user user2 from 192.174.125.154 port 61601","@timestamp":"2022-09-15T13:26:31.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:33 honeypot-fra-1 sshd[18325]: Received disconnect from 192.174.125.154 port 9185:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:33.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:35 honeypot-fra-1 sshd[18329]: Received disconnect from 192.174.125.154 port 19649:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:35.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:37 honeypot-fra-1 sshd[18333]: Disconnected from invalid user admin 192.174.125.154 port 29377 [preauth]","@timestamp":"2022-09-15T13:26:37.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:39 honeypot-fra-1 sshd[18337]: Disconnected from invalid user user2 192.174.125.154 port 39489 [preauth]","@timestamp":"2022-09-15T13:26:39.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:41 honeypot-fra-1 sshd[18343]: Invalid user user from 192.174.125.154 port 54689","@timestamp":"2022-09-15T13:26:42.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:43 honeypot-fra-1 sshd[18347]: Received disconnect from 192.174.125.154 port 64481:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:44.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:45 honeypot-fra-1 sshd[18351]: Received disconnect from 192.174.125.154 port 10914:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:46.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:47 honeypot-fra-1 sshd[18355]: Disconnected from authenticating user root 192.174.125.154 port 21089 [preauth]","@timestamp":"2022-09-15T13:26:48.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:49 honeypot-fra-1 sshd[18359]: Disconnected from invalid user user 192.174.125.154 port 31425 [preauth]","@timestamp":"2022-09-15T13:26:50.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:52 honeypot-fra-1 sshd[18365]: Invalid user admin from 192.174.125.154 port 46465","@timestamp":"2022-09-15T13:26:53.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:54 honeypot-fra-1 sshd[18369]: Invalid user user2 from 192.174.125.154 port 56545","@timestamp":"2022-09-15T13:26:55.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:56 honeypot-fra-1 sshd[18373]: Received disconnect from 192.174.125.154 port 3201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:57.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:58 honeypot-fra-1 sshd[18377]: Received disconnect from 192.174.125.154 port 13665:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:59.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:00 honeypot-fra-1 sshd[18381]: Disconnected from invalid user admin 192.174.125.154 port 23425 [preauth]","@timestamp":"2022-09-15T13:27:01.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:02 honeypot-fra-1 sshd[18385]: Disconnected from invalid user user2 192.174.125.154 port 32994 [preauth]","@timestamp":"2022-09-15T13:27:03.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:05 honeypot-fra-1 sshd[18391]: Invalid user user from 192.174.125.154 port 47905","@timestamp":"2022-09-15T13:27:05.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:07 honeypot-fra-1 sshd[18395]: Received disconnect from 192.174.125.154 port 57473:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:08.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:09 honeypot-fra-1 sshd[18399]: Received disconnect from 192.174.125.154 port 4641:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:10.353Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:11 honeypot-fra-1 sshd[18403]: Disconnected from authenticating user root 192.174.125.154 port 14465 [preauth]","@timestamp":"2022-09-15T13:27:12.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:13 honeypot-fra-1 sshd[18407]: Disconnected from invalid user user 192.174.125.154 port 24417 [preauth]","@timestamp":"2022-09-15T13:27:14.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:16 honeypot-fra-1 sshd[18413]: Invalid user admin from 192.174.125.154 port 39553","@timestamp":"2022-09-15T13:27:16.358Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:18 honeypot-fra-1 sshd[18417]: Invalid user user2 from 192.174.125.154 port 49345","@timestamp":"2022-09-15T13:27:18.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:20 honeypot-fra-1 sshd[18421]: Received disconnect from 192.174.125.154 port 59041:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:20.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:22 honeypot-fra-1 sshd[18425]: Received disconnect from 192.174.125.154 port 5697:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:23.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:24 honeypot-fra-1 sshd[18429]: Disconnected from invalid user admin 192.174.125.154 port 15457 [preauth]","@timestamp":"2022-09-15T13:27:25.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:26 honeypot-fra-1 sshd[18433]: Disconnected from invalid user user2 192.174.125.154 port 25314 [preauth]","@timestamp":"2022-09-15T13:27:26.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:28 honeypot-fra-1 kernel: [84122865.709439] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=137.184.54.242 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46864 PROTO=TCP SPT=48354 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:27:29.367Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:30 honeypot-fra-1 sshd[18441]: Disconnected from invalid user user2 192.174.125.154 port 45249 [preauth]","@timestamp":"2022-09-15T13:27:30.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:40 honeypot-fra-1 sshd[18447]: Invalid user user from 192.174.125.154 port 30945","@timestamp":"2022-09-15T13:27:40.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:42 honeypot-fra-1 sshd[18451]: Received disconnect from 192.174.125.154 port 40513:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:42.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:44 honeypot-fra-1 sshd[18455]: Received disconnect from 192.174.125.154 port 51009:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:44.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:46 honeypot-fra-1 sshd[18459]: Disconnected from authenticating user root 192.174.125.154 port 61345 [preauth]","@timestamp":"2022-09-15T13:27:46.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:48 honeypot-fra-1 sshd[18463]: Disconnected from invalid user user 192.174.125.154 port 7873 [preauth]","@timestamp":"2022-09-15T13:27:48.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:50 honeypot-fra-1 sshd[18469]: Invalid user admin from 192.174.125.154 port 22401","@timestamp":"2022-09-15T13:27:51.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:52 honeypot-fra-1 sshd[18473]: Invalid user user2 from 192.174.125.154 port 32641","@timestamp":"2022-09-15T13:27:53.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:54 honeypot-fra-1 sshd[18477]: Received disconnect from 192.174.125.154 port 42593:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:55.383Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:56 honeypot-fra-1 sshd[18481]: Received disconnect from 192.174.125.154 port 52737:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:57.385Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:58 honeypot-fra-1 sshd[18485]: Disconnected from invalid user admin 192.174.125.154 port 63201 [preauth]","@timestamp":"2022-09-15T13:27:59.387Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:00 honeypot-fra-1 sshd[18489]: Disconnected from invalid user user2 192.174.125.154 port 11009 [preauth]","@timestamp":"2022-09-15T13:28:01.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:03 honeypot-fra-1 sshd[18495]: Invalid user user from 192.174.125.154 port 26433","@timestamp":"2022-09-15T13:28:04.390Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:05 honeypot-fra-1 sshd[18499]: Received disconnect from 192.174.125.154 port 36705:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:06.391Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:07 honeypot-fra-1 sshd[18503]: Received disconnect from 192.174.125.154 port 47457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:08.392Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:09 honeypot-fra-1 sshd[18507]: Disconnected from authenticating user root 192.174.125.154 port 57793 [preauth]","@timestamp":"2022-09-15T13:28:10.394Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:11 honeypot-fra-1 sshd[18511]: Disconnected from invalid user user 192.174.125.154 port 5825 [preauth]","@timestamp":"2022-09-15T13:28:12.396Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:14 honeypot-fra-1 sshd[18517]: Invalid user admin from 192.174.125.154 port 21889","@timestamp":"2022-09-15T13:28:14.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:16 honeypot-fra-1 sshd[18521]: Invalid user user2 from 192.174.125.154 port 32481","@timestamp":"2022-09-15T13:28:17.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:18 honeypot-fra-1 sshd[18525]: Received disconnect from 192.174.125.154 port 43201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:19.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:20 honeypot-fra-1 sshd[18529]: Received disconnect from 192.174.125.154 port 54305:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:21.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:22 honeypot-fra-1 sshd[18533]: Disconnected from invalid user admin 192.174.125.154 port 64961 [preauth]","@timestamp":"2022-09-15T13:28:23.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:24 honeypot-fra-1 sshd[18537]: Disconnected from invalid user user2 192.174.125.154 port 12545 [preauth]","@timestamp":"2022-09-15T13:28:25.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:27 honeypot-fra-1 sshd[18543]: Invalid user user from 192.174.125.154 port 28545","@timestamp":"2022-09-15T13:28:27.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:29 honeypot-fra-1 sshd[18547]: Received disconnect from 192.174.125.154 port 39009:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:29.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:31 honeypot-fra-1 sshd[18551]: Received disconnect from 192.174.125.154 port 50209:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:31.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:33 honeypot-fra-1 sshd[18555]: Disconnected from authenticating user root 192.174.125.154 port 60833 [preauth]","@timestamp":"2022-09-15T13:28:33.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:35 honeypot-fra-1 sshd[18559]: Disconnected from invalid user user 192.174.125.154 port 9633 [preauth]","@timestamp":"2022-09-15T13:28:35.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:37 honeypot-fra-1 sshd[18565]: Invalid user admin from 192.174.125.154 port 25921","@timestamp":"2022-09-15T13:28:38.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:39 honeypot-fra-1 sshd[18569]: Invalid user user2 from 192.174.125.154 port 36930","@timestamp":"2022-09-15T13:28:40.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:41 honeypot-fra-1 sshd[18573]: Received disconnect from 192.174.125.154 port 48545:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:42.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:50 honeypot-fra-1 sshd[18577]: Received disconnect from 192.174.125.154 port 36769:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:51.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:52 honeypot-fra-1 sshd[18581]: Disconnected from invalid user admin 192.174.125.154 port 47713 [preauth]","@timestamp":"2022-09-15T13:28:53.422Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:54 honeypot-fra-1 sshd[18585]: Disconnected from invalid user user2 192.174.125.154 port 59617 [preauth]","@timestamp":"2022-09-15T13:28:55.424Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:57 honeypot-fra-1 sshd[18591]: Invalid user user from 192.174.125.154 port 13057","@timestamp":"2022-09-15T13:28:58.426Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:59 honeypot-fra-1 sshd[18595]: Received disconnect from 192.174.125.154 port 24385:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:00.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:01 honeypot-fra-1 sshd[18599]: Received disconnect from 192.174.125.154 port 35617:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:02.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:03 honeypot-fra-1 sshd[18603]: Disconnected from authenticating user root 192.174.125.154 port 46785 [preauth]","@timestamp":"2022-09-15T13:29:04.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:05 honeypot-fra-1 sshd[18607]: Disconnected from invalid user user 192.174.125.154 port 58209 [preauth]","@timestamp":"2022-09-15T13:29:06.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:08 honeypot-fra-1 sshd[18613]: Invalid user admin from 192.174.125.154 port 12769","@timestamp":"2022-09-15T13:29:09.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:10 honeypot-fra-1 sshd[18617]: Invalid user user2 from 192.174.125.154 port 23905","@timestamp":"2022-09-15T13:29:11.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:12 honeypot-fra-1 sshd[18621]: Received disconnect from 192.174.125.154 port 35201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:13.437Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:14 honeypot-fra-1 sshd[18625]: Received disconnect from 192.174.125.154 port 46529:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:15.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:16 honeypot-fra-1 sshd[18629]: Disconnected from invalid user admin 192.174.125.154 port 57889 [preauth]","@timestamp":"2022-09-15T13:29:17.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:18 honeypot-fra-1 sshd[18633]: Received disconnect from 192.174.125.154 port 5921:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:19.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:20 honeypot-fra-1 sshd[18637]: Disconnected from invalid user admin 192.174.125.154 port 17634 [preauth]","@timestamp":"2022-09-15T13:29:21.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:22 honeypot-fra-1 sshd[18641]: Disconnected from invalid user user2 192.174.125.154 port 28545 [preauth]","@timestamp":"2022-09-15T13:29:22.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:25 honeypot-fra-1 sshd[18647]: Invalid user user from 192.174.125.154 port 44577","@timestamp":"2022-09-15T13:29:25.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:27 honeypot-fra-1 sshd[18651]: Received disconnect from 192.174.125.154 port 56161:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:27.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:29 honeypot-fra-1 sshd[18655]: Received disconnect from 192.174.125.154 port 5377:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:29.448Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:31 honeypot-fra-1 sshd[18659]: Disconnected from authenticating user root 192.174.125.154 port 18306 [preauth]","@timestamp":"2022-09-15T13:29:31.449Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:32 honeypot-fra-1 sshd[18663]: Disconnected from invalid user user 192.174.125.154 port 29058 [preauth]","@timestamp":"2022-09-15T13:29:33.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:35 honeypot-fra-1 sshd[18669]: Invalid user admin from 192.174.125.154 port 45409","@timestamp":"2022-09-15T13:29:36.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:37 honeypot-fra-1 sshd[18673]: Invalid user user2 from 192.174.125.154 port 56993","@timestamp":"2022-09-15T13:29:38.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:39 honeypot-fra-1 sshd[18677]: Received disconnect from 192.174.125.154 port 5857:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:40.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:41 honeypot-fra-1 sshd[18681]: Received disconnect from 192.174.125.154 port 17506:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:42.456Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:43 honeypot-fra-1 sshd[18685]: Disconnected from invalid user admin 192.174.125.154 port 28769 [preauth]","@timestamp":"2022-09-15T13:29:44.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:45 honeypot-fra-1 sshd[18689]: Disconnected from invalid user user2 192.174.125.154 port 39713 [preauth]","@timestamp":"2022-09-15T13:29:46.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:48 honeypot-fra-1 sshd[18695]: Invalid user user from 192.174.125.154 port 56545","@timestamp":"2022-09-15T13:29:49.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:50 honeypot-fra-1 sshd[18699]: Received disconnect from 192.174.125.154 port 4929:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:51.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:52 honeypot-fra-1 sshd[18703]: Received disconnect from 192.174.125.154 port 16033:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:53.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:54 honeypot-fra-1 sshd[18707]: Disconnected from authenticating user root 192.174.125.154 port 27201 [preauth]","@timestamp":"2022-09-15T13:29:55.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:56 honeypot-fra-1 sshd[18711]: Disconnected from invalid user user 192.174.125.154 port 38498 [preauth]","@timestamp":"2022-09-15T13:29:57.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:59 honeypot-fra-1 sshd[18717]: Invalid user admin from 192.174.125.154 port 55457","@timestamp":"2022-09-15T13:30:00.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:01 honeypot-fra-1 sshd[18721]: Invalid user user2 from 192.174.125.154 port 3457","@timestamp":"2022-09-15T13:30:01.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:03 honeypot-fra-1 sshd[18725]: Received disconnect from 192.174.125.154 port 14754:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:04.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:05 honeypot-fra-1 sshd[18729]: Received disconnect from 192.174.125.154 port 26049:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:06.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:07 honeypot-fra-1 sshd[18733]: Disconnected from invalid user admin 192.174.125.154 port 37569 [preauth]","@timestamp":"2022-09-15T13:30:08.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:09 honeypot-fra-1 sshd[18737]: Disconnected from invalid user user2 192.174.125.154 port 48801 [preauth]","@timestamp":"2022-09-15T13:30:10.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:12 honeypot-fra-1 sshd[18743]: Invalid user user from 192.174.125.154 port 2273","@timestamp":"2022-09-15T13:30:12.477Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:14 honeypot-fra-1 sshd[18747]: Received disconnect from 192.174.125.154 port 12993:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:14.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:16 honeypot-fra-1 sshd[18751]: Received disconnect from 192.174.125.154 port 23297:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:16.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:18 honeypot-fra-1 sshd[18755]: Disconnected from authenticating user root 192.174.125.154 port 34497 [preauth]","@timestamp":"2022-09-15T13:30:18.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:20 honeypot-fra-1 sshd[18759]: Disconnected from invalid user user 192.174.125.154 port 45857 [preauth]","@timestamp":"2022-09-15T13:30:20.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:23 honeypot-fra-1 sshd[18765]: Invalid user admin from 192.174.125.154 port 63169","@timestamp":"2022-09-15T13:30:23.485Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:25 honeypot-fra-1 sshd[18769]: Invalid user user2 from 192.174.125.154 port 11745","@timestamp":"2022-09-15T13:30:25.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:27 honeypot-fra-1 sshd[18773]: Received disconnect from 192.174.125.154 port 22049:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:27.488Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:29 honeypot-fra-1 sshd[18777]: Received disconnect from 192.174.125.154 port 33249:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:29.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:31 honeypot-fra-1 sshd[18781]: Disconnected from invalid user admin 192.174.125.154 port 44417 [preauth]","@timestamp":"2022-09-15T13:30:31.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:33 honeypot-fra-1 sshd[18785]: Disconnected from invalid user user2 192.174.125.154 port 55265 [preauth]","@timestamp":"2022-09-15T13:30:33.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:35 honeypot-fra-1 sshd[18791]: Invalid user user from 192.174.125.154 port 8705","@timestamp":"2022-09-15T13:30:36.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:38 honeypot-fra-1 sshd[18795]: Received disconnect from 192.174.125.154 port 20161:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:38.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:40 honeypot-fra-1 sshd[18799]: Received disconnect from 192.174.125.154 port 31329:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:40.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:42 honeypot-fra-1 sshd[18803]: Disconnected from authenticating user root 192.174.125.154 port 43425 [preauth]","@timestamp":"2022-09-15T13:30:42.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:44 honeypot-fra-1 sshd[18807]: Disconnected from invalid user user 192.174.125.154 port 55425 [preauth]","@timestamp":"2022-09-15T13:30:44.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:46 honeypot-fra-1 sshd[18813]: Invalid user admin from 192.174.125.154 port 9441","@timestamp":"2022-09-15T13:30:47.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:48 honeypot-fra-1 sshd[18817]: Invalid user user2 from 192.174.125.154 port 20897","@timestamp":"2022-09-15T13:30:49.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:51 honeypot-fra-1 sshd[18821]: Received disconnect from 192.174.125.154 port 31905:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:51.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:52 honeypot-fra-1 sshd[18825]: Received disconnect from 192.174.125.154 port 43009:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:53.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:54 honeypot-fra-1 sshd[18829]: Disconnected from invalid user admin 192.174.125.154 port 53665 [preauth]","@timestamp":"2022-09-15T13:30:55.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:56 honeypot-fra-1 sshd[18833]: Disconnected from invalid user user2 192.174.125.154 port 64481 [preauth]","@timestamp":"2022-09-15T13:30:57.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:59 honeypot-fra-1 sshd[18839]: Invalid user user from 192.174.125.154 port 18369","@timestamp":"2022-09-15T13:31:00.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:01 honeypot-fra-1 sshd[18843]: Received disconnect from 192.174.125.154 port 28705:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:02.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:03 honeypot-fra-1 sshd[18847]: Received disconnect from 192.174.125.154 port 39585:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:04.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:05 honeypot-fra-1 sshd[18851]: Disconnected from authenticating user root 192.174.125.154 port 50913 [preauth]","@timestamp":"2022-09-15T13:31:06.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:07 honeypot-fra-1 sshd[18856]: Disconnected from invalid user user 192.174.125.154 port 62018 [preauth]","@timestamp":"2022-09-15T13:31:08.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:09 honeypot-fra-1 sshd[18860]: Disconnected from invalid user admin 192.174.125.154 port 10081 [preauth]","@timestamp":"2022-09-15T13:31:09.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:31:52.096Z","@version":"1","message":"Sep 15 13:31:51 honeypot-sgp-1 sshd[21764]: Received disconnect from 62.204.41.222 port 47131:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T13:32:39.119Z","@version":"1","message":"Sep 15 13:32:38 honeypot-sgp-1 sshd[21766]: Disconnected from invalid user admin 91.240.118.222 port 25023 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:35:22 honeypot-ams-1 sshd[28354]: Received disconnect from 61.177.173.53 port 26777:11:  [preauth]","@timestamp":"2022-09-15T13:35:23.238Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:36:24 honeypot-fra-1 sshd[18866]: Received disconnect from 188.166.247.82 port 44214:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:36:24.640Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:37:35 honeypot-fra-1 sshd[18870]: Disconnected from invalid user white 189.126.202.121 port 42050 [preauth]","@timestamp":"2022-09-15T13:37:36.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:16 honeypot-fra-1 sshd[18875]: Disconnected from authenticating user root 112.219.161.51 port 42286 [preauth]","@timestamp":"2022-09-15T13:40:16.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:34 honeypot-fra-1 sshd[18879]: Disconnected from invalid user user 45.61.184.204 port 54098 [preauth]","@timestamp":"2022-09-15T13:40:34.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:53 honeypot-fra-1 sshd[18885]: Received disconnect from 45.61.184.204 port 48868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:40:53.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:11 honeypot-fra-1 sshd[18889]: Received disconnect from 45.61.184.204 port 43636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:41:11.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:42:42.370Z","@version":"1","message":"Sep 15 13:42:42 honeypot-sgp-1 sshd[22216]: Invalid user user1 from 92.255.85.69 port 45324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:49:33 honeypot-ams-1 sshd[28366]: Received disconnect from 92.255.85.70 port 49804:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:49:34.624Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:50:49 honeypot-fra-1 sshd[18894]: Invalid user lawyer from 165.22.45.108 port 52582","@timestamp":"2022-09-15T13:50:49.981Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:54:42 honeypot-fra-1 kernel: [84124499.147230] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=41450 PROTO=TCP SPT=58271 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:54:43.072Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:57:35 honeypot-fra-1 sshd[18901]: Disconnected from invalid user admin 117.103.2.146 port 59534 [preauth]","@timestamp":"2022-09-15T13:57:36.139Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:35 honeypot-ams-1 sshd[28377]: Invalid user user from 198.98.61.9 port 46044","@timestamp":"2022-09-15T14:00:35.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:53 honeypot-ams-1 sshd[28381]: Invalid user user from 198.98.61.9 port 40798","@timestamp":"2022-09-15T14:00:53.922Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:09 honeypot-ams-1 sshd[28385]: Invalid user user from 198.98.61.9 port 35656","@timestamp":"2022-09-15T14:01:09.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:24 honeypot-ams-1 sshd[28389]: Invalid user user from 198.98.61.9 port 58532","@timestamp":"2022-09-15T14:01:24.944Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:05:43 honeypot-ams-1 kernel: [84127325.425135] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=1168 PROTO=TCP SPT=62789 DPT=443 WINDOW=39205 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:05:44.060Z"}
{"@timestamp":"2022-09-15T14:07:46.992Z","@version":"1","message":"Sep 15 14:07:46 honeypot-sgp-1 sshd[22220]: Received disconnect from 92.255.85.69 port 15380:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:26 honeypot-ams-1 sshd[28399]: Disconnected from invalid user user 198.98.61.9 port 45180 [preauth]","@timestamp":"2022-09-15T14:10:27.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:45 honeypot-ams-1 sshd[28404]: Disconnected from invalid user user 198.98.61.9 port 40300 [preauth]","@timestamp":"2022-09-15T14:10:45.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:02 honeypot-ams-1 sshd[28408]: Disconnected from invalid user user 198.98.61.9 port 35406 [preauth]","@timestamp":"2022-09-15T14:11:02.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:18 honeypot-ams-1 sshd[28412]: Disconnected from invalid user user 198.98.61.9 port 58772 [preauth]","@timestamp":"2022-09-15T14:11:19.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:33 honeypot-ams-1 sshd[28420]: Received disconnect from 92.255.85.69 port 33568:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:14:34.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:47 honeypot-ams-1 sshd[28426]: Invalid user admin from 216.52.136.77 port 26762","@timestamp":"2022-09-15T14:14:48.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:16:50 honeypot-fra-1 kernel: [84125827.203467] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=48494 PROTO=TCP SPT=50906 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:16:50.589Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T14:17:02.226Z","@version":"1","message":"Sep 15 14:17:01 honeypot-sgp-1 CRON[22225]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:18:09 honeypot-ams-1 kernel: [84128071.707426] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=1868 PROTO=TCP SPT=16647 DPT=80 WINDOW=42751 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:18:10.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:20:33 honeypot-fra-1 sshd[18914]: Invalid user admin from 92.255.85.69 port 58456","@timestamp":"2022-09-15T14:20:33.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:22:02 honeypot-ams-1 sshd[28439]: Disconnected from invalid user admin 118.70.170.120 port 36674 [preauth]","@timestamp":"2022-09-15T14:22:03.502Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:25:25 honeypot-fra-1 kernel: [84126342.523337] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.29 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37925 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:25:25.793Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:30:18 honeypot-ams-1 sshd[28447]: Disconnected from authenticating user root 61.177.173.50 port 41618 [preauth]","@timestamp":"2022-09-15T14:30:18.714Z"}
{"@timestamp":"2022-09-15T14:31:10.575Z","@version":"1","message":"Sep 15 14:31:10 honeypot-sgp-1 sshd[22231]: Invalid user user from 45.61.186.249 port 46062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:30.584Z","@version":"1","message":"Sep 15 14:31:29 honeypot-sgp-1 sshd[22235]: Invalid user user from 45.61.186.249 port 40570","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:49.595Z","@version":"1","message":"Sep 15 14:31:49 honeypot-sgp-1 sshd[22239]: Invalid user user from 45.61.186.249 port 35074","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:59.600Z","@version":"1","message":"Sep 15 14:31:58 honeypot-sgp-1 sshd[22241]: Disconnected from invalid user user 45.61.186.249 port 46450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:32:07.604Z","@version":"1","message":"Sep 15 14:32:06 honeypot-sgp-1 sshd[22245]: Disconnected from invalid user user 45.61.186.249 port 57812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:39:25 honeypot-ams-1 sshd[28456]: Disconnected from invalid user admin 92.255.85.70 port 45660 [preauth]","@timestamp":"2022-09-15T14:39:25.963Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:41:04 honeypot-fra-1 sshd[18921]: Received disconnect from 206.189.138.174 port 44220:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:41:04.144Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:43:33 honeypot-fra-1 sshd[18925]: Received disconnect from 92.255.85.69 port 47182:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:43:34.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:44:56 honeypot-ams-1 sshd[28467]: Invalid user testid from 138.68.230.183 port 41814","@timestamp":"2022-09-15T14:44:57.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:48:25 honeypot-ams-1 sshd[28473]: Disconnected from authenticating user root 164.160.40.186 port 54110 [preauth]","@timestamp":"2022-09-15T14:48:26.197Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:48:49 honeypot-fra-1 sshd[18930]: Received disconnect from 190.12.102.58 port 53038:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:48:50.320Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:50:13.048Z","@version":"1","message":"Sep 15 14:50:12 honeypot-sgp-1 sshd[22252]: Did not receive identification string from 58.72.18.130 port 37895","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:51:48 honeypot-fra-1 sshd[18937]: Invalid user yanhao from 103.188.176.251 port 56152","@timestamp":"2022-09-15T14:51:49.390Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:51:55 honeypot-fra-1 kernel: [84127932.654850] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.248.4.11 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10431 PROTO=TCP SPT=50649 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:51:56.394Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:52:05 honeypot-ams-1 kernel: [84130107.194861] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.248.6.65 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=74 ID=59279 PROTO=TCP SPT=50191 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:52:05.293Z"}
{"@timestamp":"2022-09-15T14:54:12.150Z","@version":"1","message":"Sep 15 14:54:11 honeypot-sgp-1 sshd[22259]: Received disconnect from 190.104.245.41 port 62078:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:55:40 honeypot-ams-1 sshd[28484]: Connection closed by invalid user test 179.60.147.69 port 21982 [preauth]","@timestamp":"2022-09-15T14:55:41.391Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:56:16 honeypot-fra-1 kernel: [84128192.816043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54044 PROTO=TCP SPT=54675 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:56:16.502Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18973]: Invalid user test from 137.184.77.246 port 54590","@timestamp":"2022-09-15T15:01:22.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18952]: Connection closed by invalid user testuser 137.184.77.246 port 54518 [preauth]","@timestamp":"2022-09-15T15:01:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18964]: Invalid user elasticsearch from 137.184.77.246 port 54572","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18965]: Invalid user esuser from 137.184.77.246 port 54580","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18954]: Connection closed by invalid user steam 137.184.77.246 port 54588 [preauth]","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18972]: Connection closed by authenticating user root 137.184.77.246 port 54584 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18964]: Connection closed by invalid user elasticsearch 137.184.77.246 port 54572 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18959]: Connection closed by invalid user ts3 137.184.77.246 port 54556 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18991]: Connection closed by invalid user deployer 137.184.77.246 port 54586 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:01:38.332Z","@version":"1","message":"Sep 15 15:01:37 honeypot-sgp-1 kernel: [84130205.047948] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20469 PROTO=TCP SPT=47472 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:03:45 honeypot-ams-1 sshd[28496]: Invalid user carlos from 92.255.85.70 port 35726","@timestamp":"2022-09-15T15:03:45.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:06:09 honeypot-fra-1 sshd[19010]: Received disconnect from 182.72.142.62 port 38832:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:06:09.729Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:07:30 honeypot-ams-1 sshd[28503]: Did not receive identification string from 106.53.153.69 port 50812","@timestamp":"2022-09-15T15:07:31.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:10:09 honeypot-fra-1 sshd[19015]: Disconnected from invalid user carlos 92.255.85.70 port 61458 [preauth]","@timestamp":"2022-09-15T15:10:10.821Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:15:24 honeypot-ams-1 kernel: [84131506.910103] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.17.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=2560 PROTO=TCP SPT=20980 DPT=80 WINDOW=55109 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:15:24.914Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:17:01 honeypot-fra-1 CRON[19018]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T15:17:01.974Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:18:41.741Z","@version":"1","message":"Sep 15 15:18:41 honeypot-sgp-1 kernel: [84131228.748918] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.236.28.251 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=29424 DF PROTO=TCP SPT=36168 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:20:13 honeypot-ams-1 kernel: [84131795.961553] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=9245 PROTO=TCP SPT=7302 DPT=80 WINDOW=20446 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:20:14.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:28:23 honeypot-ams-1 sshd[28523]: Invalid user admin from 92.255.85.69 port 48916","@timestamp":"2022-09-15T15:28:24.249Z"}
{"@timestamp":"2022-09-15T15:29:39.005Z","@version":"1","message":"Sep 15 15:29:38 honeypot-sgp-1 sshd[22279]: Did not receive identification string from 179.43.156.143 port 58004","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:31:11.048Z","@version":"1","message":"Sep 15 15:31:10 honeypot-sgp-1 sshd[22285]: Connection closed by authenticating user nobody 179.60.147.69 port 12264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:32:23.081Z","@version":"1","message":"Sep 15 15:32:22 honeypot-sgp-1 sshd[22292]: Disconnected from authenticating user root 179.43.156.143 port 36910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:34:00.123Z","@version":"1","message":"Sep 15 15:33:59 honeypot-sgp-1 sshd[22299]: Invalid user ossuser from 179.43.156.143 port 54970","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:01 honeypot-fra-1 sshd[19026]: Received disconnect from 45.61.186.169 port 57164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:34:02.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:19 honeypot-fra-1 sshd[19030]: Received disconnect from 45.61.186.169 port 51396:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:34:20.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:33 honeypot-fra-1 sshd[19034]: Received disconnect from 92.255.85.70 port 28008:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:34:33.371Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:34:40 honeypot-ams-1 sshd[28528]: Received disconnect from 115.66.54.52 port 51126:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:34:40.411Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:43 honeypot-fra-1 sshd[19038]: Received disconnect from 45.61.186.169 port 56870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:34:44.376Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:35:03.152Z","@version":"1","message":"Sep 15 15:35:03 honeypot-sgp-1 sshd[22303]: Received disconnect from 179.43.156.143 port 48180:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:35:33 honeypot-fra-1 sshd[19042]: Received disconnect from 165.22.45.108 port 34428:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:35:34.397Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:36:34 honeypot-ams-1 kernel: [84132776.617527] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=131 ID=45093 PROTO=TCP SPT=46117 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:36:35.465Z"}
{"@timestamp":"2022-09-15T15:36:42.196Z","@version":"1","message":"Sep 15 15:36:41 honeypot-sgp-1 sshd[22309]: Received disconnect from 179.43.156.143 port 38004:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:37:53.228Z","@version":"1","message":"Sep 15 15:37:52 honeypot-sgp-1 sshd[22316]: Received disconnect from 179.43.156.143 port 59472:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:40:08 honeypot-fra-1 sshd[19047]: Received disconnect from 191.7.28.155 port 37750:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:40:08.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:40:48 honeypot-ams-1 kernel: [84133030.345421] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:40:48.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:45:45 honeypot-fra-1 sshd[19056]: Invalid user suva from 178.128.22.123 port 42064","@timestamp":"2022-09-15T15:45:45.629Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:49:55 honeypot-ams-1 sshd[28546]: Received disconnect from 211.253.9.49 port 56969:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:49:56.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:52:22 honeypot-ams-1 sshd[28552]: Disconnected from authenticating user root 92.255.85.69 port 63544 [preauth]","@timestamp":"2022-09-15T15:52:22.869Z"}
{"@timestamp":"2022-09-15T15:52:21.584Z","@version":"1","message":"Sep 15 15:52:21 honeypot-sgp-1 sshd[22320]: Invalid user wcsadmin from 117.131.215.49 port 55374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:55:14 honeypot-fra-1 kernel: [84131731.360198] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=64671 PROTO=TCP SPT=13707 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:55:14.845Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:01:48 honeypot-ams-1 sshd[28568]: Invalid user test from 128.199.87.28 port 45686","@timestamp":"2022-09-15T16:01:49.109Z"}
{"@timestamp":"2022-09-15T16:02:53.839Z","@version":"1","message":"Sep 15 16:02:53 honeypot-sgp-1 sshd[22325]: Invalid user 02 from 92.255.85.69 port 62674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:05:15 honeypot-fra-1 sshd[19083]: Invalid user 3comcso from 152.89.198.129 port 25225","@timestamp":"2022-09-15T16:05:16.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:06:51.939Z","@version":"1","message":"Sep 15 16:06:51 honeypot-sgp-1 kernel: [84134118.874064] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.133 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=50595 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:10:32 honeypot-fra-1 kernel: [84132649.033697] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.57.122.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=4195 PROTO=TCP SPT=55997 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:10:33.197Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:11:01.044Z","@version":"1","message":"Sep 15 16:11:00 honeypot-sgp-1 sshd[22335]: Invalid user user from 179.60.147.69 port 7050","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:11:43 honeypot-ams-1 sshd[28571]: Disconnected from authenticating user root 31.27.35.138 port 47332 [preauth]","@timestamp":"2022-09-15T16:11:44.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:15:44 honeypot-ams-1 sshd[28576]: Disconnected from invalid user 02 92.255.85.69 port 48588 [preauth]","@timestamp":"2022-09-15T16:15:44.506Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:17:01 honeypot-fra-1 CRON[19091]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T16:17:01.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:19:17 honeypot-fra-1 sshd[19094]: Received disconnect from 144.34.164.27 port 48506:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:19:18.399Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:21:25.322Z","@version":"1","message":"Sep 15 16:21:25 honeypot-sgp-1 sshd[22343]: Received disconnect from 103.253.175.10 port 35270:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:22:51 honeypot-fra-1 sshd[19099]: Disconnected from authenticating user root 3.219.88.227 port 16486 [preauth]","@timestamp":"2022-09-15T16:22:51.502Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:23:17.368Z","@version":"1","message":"Sep 15 16:23:17 honeypot-sgp-1 sshd[22348]: Received disconnect from 125.212.237.41 port 45544:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:23:20 honeypot-fra-1 sshd[19105]: Received disconnect from 92.255.85.70 port 40946:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:23:21.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:24:35 honeypot-fra-1 sshd[19109]: Disconnected from authenticating user root 103.176.21.101 port 34406 [preauth]","@timestamp":"2022-09-15T16:24:35.545Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:28:45 honeypot-ams-1 kernel: [84135907.412078] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.117.17.214 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55843 DF PROTO=TCP SPT=50762 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:28:45.848Z"}
{"@timestamp":"2022-09-15T16:30:00.531Z","@version":"1","message":"Sep 15 16:29:59 honeypot-sgp-1 sshd[22353]: Received disconnect from 61.177.172.90 port 44051:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:31:08 honeypot-fra-1 sshd[19116]: Disconnected from authenticating user root 61.177.173.50 port 45159 [preauth]","@timestamp":"2022-09-15T16:31:09.710Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:34:45 honeypot-ams-1 sshd[28585]: Received disconnect from 92.255.85.70 port 17288:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:34:46.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:39:59 honeypot-ams-1 sshd[28590]: Disconnected from authenticating user root 79.59.251.230 port 48418 [preauth]","@timestamp":"2022-09-15T16:40:00.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:40:49 honeypot-fra-1 kernel: [84134465.985788] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=19114 PROTO=TCP SPT=40151 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:40:49.928Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:44:02.868Z","@version":"1","message":"Sep 15 16:44:02 honeypot-sgp-1 sshd[22363]: Received disconnect from 61.177.173.47 port 20223:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:44:45 honeypot-ams-1 kernel: [84136867.815560] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=21937 PROTO=TCP SPT=6542 DPT=80 WINDOW=9910 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:44:46.285Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:39 honeypot-fra-1 sshd[19135]: Invalid user user from 45.61.186.169 port 43888","@timestamp":"2022-09-15T16:46:40.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:47 honeypot-fra-1 sshd[19139]: Received disconnect from 61.177.173.50 port 45465:11:  [preauth]","@timestamp":"2022-09-15T16:46:48.068Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:59 honeypot-fra-1 sshd[19143]: Received disconnect from 45.61.186.169 port 38484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:47:00.074Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:17 honeypot-fra-1 sshd[19148]: Invalid user user from 45.61.186.169 port 33094","@timestamp":"2022-09-15T16:47:17.083Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:34 honeypot-fra-1 sshd[19152]: Invalid user user from 45.61.186.169 port 55932","@timestamp":"2022-09-15T16:47:35.092Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:49:20 honeypot-fra-1 sshd[19159]: Connection closed by invalid user user 179.60.147.69 port 59574 [preauth]","@timestamp":"2022-09-15T16:49:21.134Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:51:40.057Z","@version":"1","message":"Sep 15 16:51:40 honeypot-sgp-1 sshd[22372]: Invalid user git from 92.255.85.69 port 57406","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T16:54:10.119Z","@version":"1","message":"Sep 15 16:54:09 honeypot-sgp-1 sshd[22378]: Disconnected from authenticating user root 61.177.173.51 port 23712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:29 honeypot-ams-1 sshd[28601]: Invalid user user from 45.61.186.169 port 43786","@timestamp":"2022-09-15T16:54:29.531Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:54:32 honeypot-fra-1 sshd[19166]: Disconnected from authenticating user root 61.177.173.46 port 20809 [preauth]","@timestamp":"2022-09-15T16:54:33.252Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:47 honeypot-ams-1 sshd[28605]: Invalid user user from 45.61.186.169 port 38744","@timestamp":"2022-09-15T16:54:48.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:04 honeypot-ams-1 sshd[28609]: Invalid user admin from 106.51.37.85 port 52892","@timestamp":"2022-09-15T16:55:05.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:14 honeypot-ams-1 sshd[28613]: Invalid user user from 45.61.186.169 port 45302","@timestamp":"2022-09-15T16:55:15.556Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:56:53 honeypot-ams-1 kernel: [84137595.920404] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.75.93.241 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=21309 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:56:54.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:45 honeypot-ams-1 sshd[28620]: Received disconnect from 123.142.3.137 port 34976:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:59:45.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:59:58 honeypot-fra-1 sshd[19172]: Disconnected from authenticating user root 179.43.156.143 port 40818 [preauth]","@timestamp":"2022-09-15T16:59:59.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:01:38 honeypot-fra-1 sshd[19178]: Disconnected from authenticating user root 179.43.156.143 port 58150 [preauth]","@timestamp":"2022-09-15T17:01:39.417Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:02:33 honeypot-ams-1 sshd[28625]: Disconnected from authenticating user root 204.152.210.184 port 47076 [preauth]","@timestamp":"2022-09-15T17:02:33.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:02:43 honeypot-fra-1 sshd[19184]: Invalid user nutanix from 179.43.156.143 port 50894","@timestamp":"2022-09-15T17:02:44.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:03:17 honeypot-fra-1 sshd[19186]: Disconnected from invalid user ossuser 179.43.156.143 port 47256 [preauth]","@timestamp":"2022-09-15T17:03:18.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:05:00 honeypot-fra-1 sshd[19193]: Received disconnect from 179.43.156.143 port 36340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:05:00.504Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:05:14.388Z","@version":"1","message":"Sep 15 17:05:14 honeypot-sgp-1 kernel: [84137621.236403] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=47.90.203.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=28117 PROTO=TCP SPT=41456 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:05:44 honeypot-fra-1 sshd[19197]: Disconnected from authenticating user root 61.177.173.36 port 48703 [preauth]","@timestamp":"2022-09-15T17:05:45.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:06:49 honeypot-fra-1 sshd[19203]: Disconnected from authenticating user root 179.43.156.143 port 53698 [preauth]","@timestamp":"2022-09-15T17:06:49.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:07:49 honeypot-fra-1 sshd[19209]: Invalid user gfj from 117.2.161.45 port 49242","@timestamp":"2022-09-15T17:07:49.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:09:01 honeypot-fra-1 CRON[19214]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T17:09:01.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:09:01 honeypot-ams-1 CRON[28630]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T17:09:01.914Z"}
{"@timestamp":"2022-09-15T17:10:37.520Z","@version":"1","message":"Sep 15 17:10:36 honeypot-sgp-1 sshd[22393]: Invalid user temp from 40.114.69.14 port 43952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:12:50 honeypot-fra-1 kernel: [84136387.275808] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=61.81.70.227 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=7049 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:12:51.713Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:14:23 honeypot-fra-1 sshd[19223]: Disconnected from invalid user user1 103.211.217.103 port 40004 [preauth]","@timestamp":"2022-09-15T17:14:23.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:14:42.620Z","@version":"1","message":"Sep 15 17:14:41 honeypot-sgp-1 sshd[22395]: Disconnected from invalid user apache 143.110.179.172 port 60556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:17:01 honeypot-ams-1 CRON[28636]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T17:17:02.121Z"}
{"@timestamp":"2022-09-15T17:19:16.732Z","@version":"1","message":"Sep 15 17:19:15 honeypot-sgp-1 sshd[22403]: Did not receive identification string from 162.211.87.155 port 57724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:27.765Z","@version":"1","message":"Sep 15 17:20:27 honeypot-sgp-1 sshd[22408]: Received disconnect from 45.61.186.169 port 52876:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:37.771Z","@version":"1","message":"Sep 15 17:20:36 honeypot-sgp-1 sshd[22411]: Disconnected from invalid user user 45.61.186.169 port 36112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:20:50 honeypot-fra-1 sshd[19231]: Disconnected from invalid user lc 165.22.45.108 port 44538 [preauth]","@timestamp":"2022-09-15T17:20:50.890Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:20:53.779Z","@version":"1","message":"Sep 15 17:20:53 honeypot-sgp-1 sshd[22415]: Disconnected from invalid user user 45.61.186.169 port 59024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:21:09.787Z","@version":"1","message":"Sep 15 17:21:09 honeypot-sgp-1 sshd[22419]: Disconnected from invalid user user 45.61.186.169 port 53716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:21:52 honeypot-ams-1 sshd[28643]: Invalid user tomcat from 193.106.191.157 port 45442","@timestamp":"2022-09-15T17:21:53.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:23:21 honeypot-ams-1 sshd[28651]: Invalid user kevin from 92.255.85.69 port 61148","@timestamp":"2022-09-15T17:23:21.291Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:24:44 honeypot-ams-1 kernel: [84139266.783837] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:24:45.328Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:25:50 honeypot-fra-1 sshd[19240]: Received disconnect from 61.177.173.46 port 24636:11:  [preauth]","@timestamp":"2022-09-15T17:25:51.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:25:53 honeypot-ams-1 sshd[28657]: Received disconnect from 192.3.253.15 port 58120:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:25:54.360Z"}
{"@timestamp":"2022-09-15T17:26:45.924Z","@version":"1","message":"Sep 15 17:26:45 honeypot-sgp-1 sshd[22427]: Disconnected from authenticating user root 20.126.126.43 port 53740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:26:58 honeypot-fra-1 sshd[19245]: Disconnected from invalid user charlott 197.45.35.19 port 55350 [preauth]","@timestamp":"2022-09-15T17:26:59.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:28:06 honeypot-ams-1 sshd[28662]: Disconnected from invalid user postgres 154.211.12.170 port 56708 [preauth]","@timestamp":"2022-09-15T17:28:07.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:30:47 honeypot-fra-1 sshd[19249]: Disconnected from invalid user kevin 92.255.85.69 port 32004 [preauth]","@timestamp":"2022-09-15T17:30:48.125Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:33:17.083Z","@version":"1","message":"Sep 15 17:33:16 honeypot-sgp-1 sshd[22436]: Disconnected from authenticating user root 61.177.173.46 port 50547 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:33:51 honeypot-ams-1 sshd[28668]: Invalid user sysop from 49.146.253.11 port 25595","@timestamp":"2022-09-15T17:33:52.568Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:34:03 honeypot-fra-1 sshd[19256]: Connection closed by invalid user  2.57.122.233 port 59248 [preauth]","@timestamp":"2022-09-15T17:34:04.199Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:40:29.258Z","@version":"1","message":"Sep 15 17:40:28 honeypot-sgp-1 sshd[22441]: Invalid user admin from 92.255.85.70 port 23010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:40:43 honeypot-fra-1 sshd[19277]: Connection closed by invalid user teamspeak 222.87.110.49 port 21351 [preauth]","@timestamp":"2022-09-15T17:40:43.370Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:41:41 honeypot-ams-1 sshd[28671]: Connection closed by invalid user tomcat 193.106.191.157 port 58962 [preauth]","@timestamp":"2022-09-15T17:41:41.767Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:46:19 honeypot-ams-1 kernel: [84140561.796728] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=45123 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:46:19.889Z"}
{"@timestamp":"2022-09-15T17:47:42.431Z","@version":"1","message":"Sep 15 17:47:41 honeypot-sgp-1 sshd[22448]: Disconnected from authenticating user root 61.177.172.114 port 48480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:49:28 honeypot-fra-1 sshd[19287]: Received disconnect from 61.177.173.51 port 25514:11:  [preauth]","@timestamp":"2022-09-15T17:49:28.572Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:51:09 honeypot-ams-1 sshd[28684]: Invalid user jnode1 from 155.0.2.218 port 28368","@timestamp":"2022-09-15T17:51:10.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:52:29 honeypot-fra-1 sshd[19292]: Disconnected from invalid user fg 123.30.212.86 port 48426 [preauth]","@timestamp":"2022-09-15T17:52:29.641Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:56:33.640Z","@version":"1","message":"Sep 15 17:56:32 honeypot-sgp-1 sshd[22457]: Disconnected from authenticating user root 61.177.173.50 port 35843 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:16 honeypot-ams-1 sshd[28688]: Received disconnect from 198.98.61.9 port 46066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:58:17.194Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:58:34 honeypot-fra-1 kernel: [84139130.770624] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.3.136.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24236 PROTO=TCP SPT=43370 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:58:34.780Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:37 honeypot-ams-1 sshd[28692]: Received disconnect from 198.98.61.9 port 40860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:58:38.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:55 honeypot-ams-1 sshd[28696]: Received disconnect from 198.98.61.9 port 35672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:58:56.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:59:11 honeypot-ams-1 sshd[28700]: Received disconnect from 198.98.61.9 port 58716:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:59:12.223Z"}
{"@timestamp":"2022-09-15T17:59:54.723Z","@version":"1","message":"Sep 15 17:59:53 honeypot-sgp-1 sshd[22463]: Invalid user user from 45.61.186.49 port 36070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:00:03.728Z","@version":"1","message":"Sep 15 18:00:03 honeypot-sgp-1 sshd[22467]: Invalid user user from 45.61.186.49 port 47560","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:00:56.751Z","@version":"1","message":"Sep 15 18:00:56 honeypot-sgp-1 sshd[22469]: Invalid user centos from 179.60.147.69 port 23638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:02:06 honeypot-fra-1 sshd[19304]: Received disconnect from 197.155.234.157 port 39342:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:02:06.863Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:03:25.816Z","@version":"1","message":"Sep 15 18:03:24 honeypot-sgp-1 sshd[22473]: Received disconnect from 61.177.173.36 port 48258:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:04:13 honeypot-fra-1 sshd[19309]: Disconnected from authenticating user root 61.177.173.36 port 48459 [preauth]","@timestamp":"2022-09-15T18:04:14.915Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:04:17 honeypot-ams-1 sshd[28704]: Connection closed by invalid user centos 179.60.147.69 port 13078 [preauth]","@timestamp":"2022-09-15T18:04:18.357Z"}
{"@timestamp":"2022-09-15T18:04:32.844Z","@version":"1","message":"Sep 15 18:04:32 honeypot-sgp-1 sshd[22477]: Disconnected from authenticating user root 61.177.173.53 port 41082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:12:21.030Z","@version":"1","message":"Sep 15 18:12:21 honeypot-sgp-1 sshd[22483]: Disconnected from authenticating user root 61.177.173.50 port 37096 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:13:53 honeypot-fra-1 sshd[19315]: Disconnected from invalid user lchen 165.22.45.108 port 49598 [preauth]","@timestamp":"2022-09-15T18:13:54.136Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:17:01 honeypot-fra-1 CRON[19325]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T18:17:01.209Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:17:02.145Z","@version":"1","message":"Sep 15 18:17:01 honeypot-sgp-1 CRON[22491]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:17:01 honeypot-ams-1 CRON[28710]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T18:17:02.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:19:00 honeypot-fra-1 sshd[19328]: Invalid user operator from 92.255.85.69 port 31914","@timestamp":"2022-09-15T18:19:01.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:22:41.282Z","@version":"1","message":"Sep 15 18:22:40 honeypot-sgp-1 sshd[22496]: Received disconnect from 134.17.16.196 port 45551:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:23:59 honeypot-fra-1 sshd[19336]: Disconnected from authenticating user root 197.5.145.93 port 60307 [preauth]","@timestamp":"2022-09-15T18:23:59.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:27:33.401Z","@version":"1","message":"Sep 15 18:27:32 honeypot-sgp-1 sshd[22500]: Received disconnect from 61.177.173.49 port 56608:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:28:09 honeypot-fra-1 sshd[19340]: Disconnected from authenticating user root 61.177.173.50 port 62431 [preauth]","@timestamp":"2022-09-15T18:28:10.471Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:30:31 honeypot-ams-1 kernel: [84143213.304491] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.81.230 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39580 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:30:32.025Z"}
{"@timestamp":"2022-09-15T18:31:02.504Z","@version":"1","message":"Sep 15 18:31:01 honeypot-sgp-1 sshd[22509]: Did not receive identification string from 198.98.61.9 port 58256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:31:39.521Z","@version":"1","message":"Sep 15 18:31:38 honeypot-sgp-1 sshd[22512]: Disconnected from invalid user user 198.98.61.9 port 33248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:03.534Z","@version":"1","message":"Sep 15 18:32:02 honeypot-sgp-1 sshd[22516]: Disconnected from invalid user user 198.98.61.9 port 56374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:24.543Z","@version":"1","message":"Sep 15 18:32:23 honeypot-sgp-1 sshd[22520]: Disconnected from invalid user user 198.98.61.9 port 51228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:33:23 honeypot-ams-1 sshd[28719]: Connection closed by 120.202.180.65 port 45446 [preauth]","@timestamp":"2022-09-15T18:33:24.100Z"}
{"@timestamp":"2022-09-15T18:35:15.613Z","@version":"1","message":"Sep 15 18:35:15 honeypot-sgp-1 sshd[22525]: Disconnected from authenticating user root 61.177.173.51 port 23639 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:38:40 honeypot-fra-1 sshd[19350]: Received disconnect from 61.177.173.37 port 50663:11:  [preauth]","@timestamp":"2022-09-15T18:38:40.708Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:40:27 honeypot-ams-1 sshd[28725]: Invalid user default from 179.60.147.69 port 43354","@timestamp":"2022-09-15T18:40:27.285Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:24 honeypot-fra-1 sshd[19356]: Disconnected from invalid user user 198.98.61.9 port 41290 [preauth]","@timestamp":"2022-09-15T18:42:24.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:33 honeypot-fra-1 sshd[19360]: Disconnected from invalid user user 198.98.61.9 port 52808 [preauth]","@timestamp":"2022-09-15T18:42:33.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:49 honeypot-fra-1 sshd[19364]: Disconnected from invalid user admin 92.255.85.69 port 27498 [preauth]","@timestamp":"2022-09-15T18:42:49.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:58 honeypot-fra-1 sshd[19368]: Disconnected from invalid user user 198.98.61.9 port 59128 [preauth]","@timestamp":"2022-09-15T18:42:58.813Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:18 honeypot-fra-1 sshd[19376]: Invalid user user from 198.98.61.9 port 53934","@timestamp":"2022-09-15T18:43:18.822Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:44:29.837Z","@version":"1","message":"Sep 15 18:44:29 honeypot-sgp-1 kernel: [84143576.655776] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.178.37.233 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=61372 PROTO=TCP SPT=46795 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:44:49 honeypot-fra-1 sshd[19379]: Disconnected from invalid user deploy 165.22.3.41 port 55120 [preauth]","@timestamp":"2022-09-15T18:44:49.875Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:46:45 honeypot-ams-1 kernel: [84144187.602641] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=6815 PROTO=TCP SPT=49686 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:46:46.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:47:41 honeypot-fra-1 sshd[19385]: Received disconnect from 202.165.17.131 port 39420:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:47:41.942Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:50:11.975Z","@version":"1","message":"Sep 15 18:50:10 honeypot-sgp-1 sshd[22536]: Disconnected from authenticating user root 61.177.173.46 port 47976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:50:30 honeypot-ams-1 kernel: [84144412.953295] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.12.89.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=15278 PROTO=TCP SPT=47433 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:50:31.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:57:30 honeypot-fra-1 sshd[19395]: Invalid user terror from 190.181.25.210 port 52081","@timestamp":"2022-09-15T18:57:30.164Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:58:42.177Z","@version":"1","message":"Sep 15 18:58:41 honeypot-sgp-1 sshd[22541]: Disconnected from authenticating user root 61.177.173.50 port 35386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:00:08 honeypot-fra-1 sshd[19401]: Disconnected from authenticating user root 61.177.173.52 port 18411 [preauth]","@timestamp":"2022-09-15T19:00:09.226Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:00:53.264Z","@version":"1","message":"Sep 15 19:00:53 honeypot-sgp-1 sshd[22548]: Invalid user irfan from 45.90.218.197 port 48396","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:02:25 honeypot-fra-1 sshd[19406]: Disconnected from authenticating user root 61.177.173.39 port 17112 [preauth]","@timestamp":"2022-09-15T19:02:25.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:04:31 honeypot-ams-1 sshd[28756]: Invalid user postmaster from 119.159.226.30 port 37834","@timestamp":"2022-09-15T19:04:31.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:07:05 honeypot-fra-1 sshd[19425]: Invalid user lc from 165.22.45.108 port 54668","@timestamp":"2022-09-15T19:07:05.385Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:08:43 honeypot-fra-1 sshd[19429]: Received disconnect from 195.158.18.237 port 49914:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:08:43.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:09:29.466Z","@version":"1","message":"Sep 15 19:09:29 honeypot-sgp-1 sshd[22556]: Disconnected from authenticating user root 61.177.172.124 port 46582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:09:36 honeypot-ams-1 sshd[28761]: Connection closed by invalid user admin 222.114.154.132 port 59166 [preauth]","@timestamp":"2022-09-15T19:09:37.056Z"}
{"@timestamp":"2022-09-15T19:11:43.523Z","@version":"1","message":"Sep 15 19:11:42 honeypot-sgp-1 sshd[22564]: Received disconnect from 193.142.146.50 port 38858:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:13:30.568Z","@version":"1","message":"Sep 15 19:13:30 honeypot-sgp-1 kernel: [84145317.054111] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=208.67.104.120 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=9901 DF PROTO=TCP SPT=55729 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:14:01.584Z","@version":"1","message":"Sep 15 19:14:01 honeypot-sgp-1 sshd[22574]: Invalid user ubnt from 179.60.147.69 port 63068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:14:34.599Z","@version":"1","message":"Sep 15 19:14:34 honeypot-sgp-1 sshd[22579]: Disconnected from authenticating user root 193.142.146.50 port 40542 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:15 honeypot-fra-1 sshd[19439]: Connection closed by invalid user ubnt 179.60.147.69 port 9430 [preauth]","@timestamp":"2022-09-15T19:15:16.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:51 honeypot-fra-1 sshd[19444]: Disconnected from invalid user user 198.98.61.9 port 34860 [preauth]","@timestamp":"2022-09-15T19:15:52.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:18 honeypot-fra-1 sshd[19448]: Disconnected from invalid user user 198.98.61.9 port 58680 [preauth]","@timestamp":"2022-09-15T19:16:19.607Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:16:27.646Z","@version":"1","message":"Sep 15 19:16:26 honeypot-sgp-1 sshd[22586]: Received disconnect from 193.142.146.50 port 55502:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:36 honeypot-fra-1 sshd[19452]: Disconnected from invalid user user 198.98.61.9 port 54276 [preauth]","@timestamp":"2022-09-15T19:16:36.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:17:41 honeypot-ams-1 sshd[28767]: Invalid user ubnt from 179.60.147.69 port 60128","@timestamp":"2022-09-15T19:17:41.291Z"}
{"@timestamp":"2022-09-15T19:18:04.686Z","@version":"1","message":"Sep 15 19:18:03 honeypot-sgp-1 kernel: [84145590.738582] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.140.230 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=32 DF PROTO=TCP SPT=52691 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:19:32 honeypot-fra-1 kernel: [84143988.542527] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45485 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:19:32.686Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T19:23:31.831Z","@version":"1","message":"Sep 15 19:23:30 honeypot-sgp-1 sshd[22598]: Disconnected from authenticating user root 61.177.172.108 port 50284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:27:23 honeypot-fra-1 sshd[19469]: Disconnected from authenticating user root 61.177.173.48 port 34147 [preauth]","@timestamp":"2022-09-15T19:27:23.880Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:29:17.985Z","@version":"1","message":"Sep 15 19:29:17 honeypot-sgp-1 sshd[22605]: Disconnected from authenticating user root 61.177.173.51 port 35973 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:30:43 honeypot-ams-1 kernel: [84146825.409920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32931 PROTO=TCP SPT=40383 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:30:43.621Z"}
{"@timestamp":"2022-09-15T19:36:01.142Z","@version":"1","message":"Sep 15 19:36:00 honeypot-sgp-1 sshd[22612]: Received disconnect from 92.255.85.70 port 29078:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:37:36 honeypot-fra-1 sshd[19475]: Disconnected from authenticating user root 61.177.173.51 port 62697 [preauth]","@timestamp":"2022-09-15T19:37:37.112Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:42:03.280Z","@version":"1","message":"Sep 15 19:42:02 honeypot-sgp-1 sshd[22621]: Received disconnect from 35.246.83.56 port 54146:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:43:36 honeypot-fra-1 sshd[19485]: Invalid user tomcat from 193.106.191.157 port 57222","@timestamp":"2022-09-15T19:43:37.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:47:03 honeypot-ams-1 sshd[28778]: Connection closed by invalid user user 103.188.176.251 port 39174 [preauth]","@timestamp":"2022-09-15T19:47:04.038Z"}
{"@timestamp":"2022-09-15T19:48:22.426Z","@version":"1","message":"Sep 15 19:48:22 honeypot-sgp-1 sshd[22628]: Disconnected from authenticating user root 61.177.173.36 port 51394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:50:51.487Z","@version":"1","message":"Sep 15 19:50:50 honeypot-sgp-1 sshd[22632]: Disconnected from invalid user igor 89.109.36.61 port 36558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:51:18 honeypot-fra-1 sshd[19493]: Invalid user user from 103.188.176.251 port 33838","@timestamp":"2022-09-15T19:51:19.421Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:54:46.579Z","@version":"1","message":"Sep 15 19:54:46 honeypot-sgp-1 sshd[22641]: Invalid user xkc from 189.112.196.1 port 29255","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:55:15 honeypot-fra-1 sshd[19502]: Connection closed by invalid user test 179.60.147.69 port 54562 [preauth]","@timestamp":"2022-09-15T19:55:16.511Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:56:44 honeypot-ams-1 sshd[28784]: Invalid user share from 103.133.57.242 port 45350","@timestamp":"2022-09-15T19:56:45.289Z"}
{"@timestamp":"2022-09-15T19:56:48.628Z","@version":"1","message":"Sep 15 19:56:48 honeypot-sgp-1 sshd[22643]: Disconnected from invalid user minecraft 2.139.220.58 port 32926 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:57:13 honeypot-ams-1 sshd[28788]: Invalid user wwwroot from 142.93.50.201 port 35610","@timestamp":"2022-09-15T19:57:13.303Z"}
{"@timestamp":"2022-09-15T20:00:00.722Z","@version":"1","message":"Sep 15 19:59:59 honeypot-sgp-1 sshd[22648]: Disconnected from invalid user master 92.255.85.69 port 45884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:00:02 honeypot-ams-1 sshd[28793]: Connection closed by invalid user tomcat 193.106.191.157 port 60966 [preauth]","@timestamp":"2022-09-15T20:00:02.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:00:23 honeypot-fra-1 sshd[19507]: Disconnected from authenticating user root 61.177.173.39 port 61325 [preauth]","@timestamp":"2022-09-15T20:00:24.625Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:02:37.788Z","@version":"1","message":"Sep 15 20:02:36 honeypot-sgp-1 sshd[22655]: Invalid user cameras from 185.246.130.20 port 20761","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:05.801Z","@version":"1","message":"Sep 15 20:03:05 honeypot-sgp-1 sshd[22661]: Invalid user  from 185.246.130.20 port 61285","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:26.813Z","@version":"1","message":"Sep 15 20:03:26 honeypot-sgp-1 sshd[22666]: Disconnecting invalid user aerohive 185.246.130.20 port 9241: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:56.828Z","@version":"1","message":"Sep 15 20:03:56 honeypot-sgp-1 sshd[22672]: Disconnecting invalid user private 185.246.130.20 port 16442: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:33.845Z","@version":"1","message":"Sep 15 20:04:33 honeypot-sgp-1 sshd[22680]: Invalid user araknis from 185.246.130.20 port 57697","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:06.860Z","@version":"1","message":"Sep 15 20:05:06 honeypot-sgp-1 sshd[22687]: Disconnecting authenticating user root 185.246.130.20 port 46254: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:36.875Z","@version":"1","message":"Sep 15 20:05:36 honeypot-sgp-1 sshd[22695]: Disconnecting invalid user admin 185.246.130.20 port 1372: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:06:04 honeypot-fra-1 sshd[19512]: Received disconnect from 61.177.172.108 port 50190:11:  [preauth]","@timestamp":"2022-09-15T20:06:05.760Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:06:09.891Z","@version":"1","message":"Sep 15 20:06:09 honeypot-sgp-1 sshd[22702]: Disconnecting authenticating user root 185.246.130.20 port 36421: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:34.904Z","@version":"1","message":"Sep 15 20:06:34 honeypot-sgp-1 sshd[22708]: Disconnecting invalid user cisco 185.246.130.20 port 20391: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:04.918Z","@version":"1","message":"Sep 15 20:07:04 honeypot-sgp-1 sshd[22716]: Invalid user Administrator from 185.246.130.20 port 8765","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:29.931Z","@version":"1","message":"Sep 15 20:07:29 honeypot-sgp-1 sshd[22722]: Invalid user sti.admin5 from 185.246.130.20 port 8258","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:53.943Z","@version":"1","message":"Sep 15 20:07:53 honeypot-sgp-1 sshd[22728]: Disconnected from authenticating user root 115.113.80.162 port 55058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:09.951Z","@version":"1","message":"Sep 15 20:08:09 honeypot-sgp-1 sshd[22734]: Invalid user  from 185.246.130.20 port 2988","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:08:27 honeypot-ams-1 sshd[28798]: Disconnected from invalid user master 92.255.85.69 port 52358 [preauth]","@timestamp":"2022-09-15T20:08:28.594Z"}
{"@timestamp":"2022-09-15T20:08:35.968Z","@version":"1","message":"Sep 15 20:08:35 honeypot-sgp-1 sshd[22740]: Disconnecting invalid user admin 185.246.130.20 port 3982: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:53.977Z","@version":"1","message":"Sep 15 20:08:53 honeypot-sgp-1 sshd[22746]: Disconnecting invalid user cusadmin 185.246.130.20 port 21424: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:21.990Z","@version":"1","message":"Sep 15 20:09:21 honeypot-sgp-1 sshd[22752]: Disconnecting invalid user lgnortel 185.246.130.20 port 19800: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:56.007Z","@version":"1","message":"Sep 15 20:09:55 honeypot-sgp-1 sshd[22759]: Disconnecting invalid user admin 185.246.130.20 port 34709: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:23.021Z","@version":"1","message":"Sep 15 20:10:22 honeypot-sgp-1 sshd[22765]: Disconnecting invalid user matrix 185.246.130.20 port 6033: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:51.033Z","@version":"1","message":"Sep 15 20:10:50 honeypot-sgp-1 sshd[22771]: Disconnecting invalid user motorola 185.246.130.20 port 7988: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:30.052Z","@version":"1","message":"Sep 15 20:11:29 honeypot-sgp-1 sshd[22781]: Invalid user admin from 185.246.130.20 port 49850","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:55.064Z","@version":"1","message":"Sep 15 20:11:54 honeypot-sgp-1 sshd[22787]: Invalid user admin from 185.246.130.20 port 6875","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:18.075Z","@version":"1","message":"Sep 15 20:12:18 honeypot-sgp-1 sshd[22793]: Invalid user Shiko from 185.246.130.20 port 49913","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:44.088Z","@version":"1","message":"Sep 15 20:12:44 honeypot-sgp-1 sshd[22799]: Invalid user smcadmin from 185.246.130.20 port 59667","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:10.101Z","@version":"1","message":"Sep 15 20:13:09 honeypot-sgp-1 sshd[22805]: Invalid user highspeed from 185.246.130.20 port 42734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:38.115Z","@version":"1","message":"Sep 15 20:13:37 honeypot-sgp-1 sshd[22811]: Invalid user  from 185.246.130.20 port 9600","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:59.125Z","@version":"1","message":"Sep 15 20:13:58 honeypot-sgp-1 sshd[22817]: Invalid user user1 from 103.188.176.251 port 56256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:18.135Z","@version":"1","message":"Sep 15 20:14:17 honeypot-sgp-1 sshd[22823]: Invalid user ubnt from 185.246.130.20 port 47987","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:44.148Z","@version":"1","message":"Sep 15 20:14:43 honeypot-sgp-1 sshd[22829]: Disconnecting invalid user user 185.246.130.20 port 57629: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:14.163Z","@version":"1","message":"Sep 15 20:15:13 honeypot-sgp-1 sshd[22836]: Disconnecting invalid user Admin 185.246.130.20 port 1840: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:39.175Z","@version":"1","message":"Sep 15 20:15:39 honeypot-sgp-1 sshd[22844]: Disconnected from authenticating user root 61.177.173.50 port 13986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:16:00.186Z","@version":"1","message":"Sep 15 20:15:59 honeypot-sgp-1 sshd[22848]: Invalid user zoomadsl from 185.246.130.20 port 33969","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:00 honeypot-fra-1 sshd[19521]: Invalid user master from 92.255.85.70 port 42154","@timestamp":"2022-09-15T20:16:00.989Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:20 honeypot-fra-1 sshd[19524]: Connection closed by invalid user chia 54.163.60.60 port 60608 [preauth]","@timestamp":"2022-09-15T20:16:20.999Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:16:24.198Z","@version":"1","message":"Sep 15 20:16:24 honeypot-sgp-1 sshd[22852]: Invalid user 1admin0 from 185.246.130.20 port 51198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:17:15 honeypot-fra-1 sshd[19531]: Disconnected from authenticating user root 61.177.172.108 port 41287 [preauth]","@timestamp":"2022-09-15T20:17:16.023Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:24:35.392Z","@version":"1","message":"Sep 15 20:24:35 honeypot-sgp-1 sshd[22864]: Invalid user oracle from 92.255.85.70 port 23582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:24:56 honeypot-ams-1 kernel: [84150078.722256] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.150.212.14 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=55354 PROTO=TCP SPT=51829 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:24:57.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:28:13 honeypot-fra-1 kernel: [84148109.434375] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=49201 PROTO=TCP SPT=53129 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:28:14.272Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T20:30:40.533Z","@version":"1","message":"Sep 15 20:30:39 honeypot-sgp-1 kernel: [84149946.518729] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=35938 PROTO=TCP SPT=53802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:32:59 honeypot-ams-1 sshd[28812]: Invalid user oracle from 92.255.85.70 port 19014","@timestamp":"2022-09-15T20:33:00.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:33:44 honeypot-fra-1 sshd[19550]: Invalid user ubnt from 179.60.147.69 port 24772","@timestamp":"2022-09-15T20:33:44.397Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:35:38.651Z","@version":"1","message":"Sep 15 20:35:38 honeypot-sgp-1 sshd[22875]: Received disconnect from 61.177.172.114 port 14391:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:39:03.733Z","@version":"1","message":"Sep 15 20:39:03 honeypot-sgp-1 sshd[22880]: Disconnected from invalid user jp 216.137.185.113 port 41922 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:39:55 honeypot-fra-1 sshd[19555]: Disconnected from authenticating user root 61.177.173.53 port 57229 [preauth]","@timestamp":"2022-09-15T20:39:56.537Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:41:02.781Z","@version":"1","message":"Sep 15 20:41:01 honeypot-sgp-1 kernel: [84150568.751019] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.29.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=36870 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:46:40.916Z","@version":"1","message":"Sep 15 20:46:40 honeypot-sgp-1 sshd[22888]: Received disconnect from 143.198.123.124 port 37556:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:46:41 honeypot-ams-1 kernel: [84151383.769159] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16116 PROTO=TCP SPT=40149 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:46:42.568Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:46:55 honeypot-fra-1 sshd[19562]: Received disconnect from 61.177.173.53 port 38551:11:  [preauth]","@timestamp":"2022-09-15T20:46:55.697Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:47:48.945Z","@version":"1","message":"Sep 15 20:47:48 honeypot-sgp-1 sshd[22895]: Disconnected from invalid user anonymous 92.255.85.69 port 48464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:49:04 honeypot-fra-1 sshd[19568]: Received disconnect from 207.154.205.115 port 52966:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:49:04.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:52:20 honeypot-fra-1 sshd[19575]: Received disconnect from 165.22.45.108 port 36544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T20:52:20.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:53:54.089Z","@version":"1","message":"Sep 15 20:53:53 honeypot-sgp-1 sshd[22901]: Disconnected from invalid user user 45.61.186.249 port 38930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:11.097Z","@version":"1","message":"Sep 15 20:54:11 honeypot-sgp-1 sshd[22921]: Invalid user user from 45.61.186.249 port 33148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:29.106Z","@version":"1","message":"Sep 15 20:54:28 honeypot-sgp-1 sshd[22925]: Invalid user user from 45.61.186.249 port 55596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:48.114Z","@version":"1","message":"Sep 15 20:54:47 honeypot-sgp-1 sshd[22929]: Invalid user user from 45.61.186.249 port 49812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:55:49 honeypot-ams-1 sshd[28819]: Disconnected from invalid user anonymous 92.255.85.70 port 57318 [preauth]","@timestamp":"2022-09-15T20:55:49.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:56:59 honeypot-fra-1 sshd[19580]: Received disconnect from 198.98.61.9 port 52130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T20:56:59.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:16 honeypot-fra-1 sshd[19584]: Invalid user user from 198.98.61.9 port 46530","@timestamp":"2022-09-15T20:57:16.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:36 honeypot-fra-1 sshd[19589]: Invalid user user from 198.98.61.9 port 40930","@timestamp":"2022-09-15T20:57:36.943Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:57:47.184Z","@version":"1","message":"Sep 15 20:57:46 honeypot-sgp-1 sshd[22933]: Received disconnect from 61.177.172.114 port 33174:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:55 honeypot-fra-1 sshd[19593]: Invalid user user from 198.98.61.9 port 35334","@timestamp":"2022-09-15T20:57:55.952Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:59:49 honeypot-ams-1 sshd[28823]: Received disconnect from 52.178.155.67 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:59:49.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:01:36 honeypot-ams-1 sshd[28828]: Disconnected from invalid user mnj 138.197.195.123 port 36260 [preauth]","@timestamp":"2022-09-15T21:01:36.966Z"}
{"@timestamp":"2022-09-15T21:02:08.287Z","@version":"1","message":"Sep 15 21:02:08 honeypot-sgp-1 sshd[22940]: Disconnected from authenticating user root 139.59.82.2 port 42400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:02:23 honeypot-fra-1 sshd[19595]: Received disconnect from 92.255.85.70 port 36752:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:02:24.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:07:18 honeypot-fra-1 sshd[19602]: Received disconnect from 200.10.192.5 port 39833:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:07:18.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:08:28 honeypot-fra-1 sshd[19606]: Received disconnect from 185.149.120.61 port 48958:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:08:29.195Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:09:29.477Z","@version":"1","message":"Sep 15 21:09:28 honeypot-sgp-1 sshd[22947]: Disconnected from invalid user admin 92.255.85.70 port 31196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:09:51 honeypot-fra-1 sshd[19610]: Connection closed by invalid user default 179.60.147.69 port 16772 [preauth]","@timestamp":"2022-09-15T21:09:52.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:10:29 honeypot-fra-1 sshd[19615]: Disconnected from authenticating user root 61.177.173.49 port 29602 [preauth]","@timestamp":"2022-09-15T21:10:30.247Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:11:35 honeypot-ams-1 kernel: [84152877.760930] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57142 PROTO=TCP SPT=56078 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:11:36.229Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:12:38 honeypot-ams-1 kernel: [84152940.357680] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.246.171.196 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=37311 PROTO=TCP SPT=46685 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:12:39.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:14:28 honeypot-ams-1 sshd[28846]: Received disconnect from 124.137.205.59 port 62867:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:14:29.311Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:15:04 honeypot-fra-1 kernel: [84150920.730172] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22059 PROTO=TCP SPT=56078 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:15:05.351Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:26 honeypot-ams-1 sshd[28853]: Invalid user user from 198.98.61.9 port 40040","@timestamp":"2022-09-15T21:15:26.338Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:15:36 honeypot-ams-1 kernel: [84153118.794330] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47411 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:15:37.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:47 honeypot-ams-1 sshd[28857]: Disconnected from invalid user user 198.98.61.9 port 34976 [preauth]","@timestamp":"2022-09-15T21:15:47.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:08 honeypot-ams-1 sshd[28861]: Disconnected from invalid user user 198.98.61.9 port 58140 [preauth]","@timestamp":"2022-09-15T21:16:08.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:34 honeypot-ams-1 sshd[28867]: Invalid user intaller from 128.199.137.41 port 54932","@timestamp":"2022-09-15T21:16:35.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:17:01 honeypot-fra-1 CRON[19627]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T21:17:01.398Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:17:01.673Z","@version":"1","message":"Sep 15 21:17:01 honeypot-sgp-1 CRON[22958]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:18:24 honeypot-ams-1 kernel: [84153286.760564] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=28436 PROTO=TCP SPT=56663 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:18:25.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:20:32 honeypot-fra-1 kernel: [84151248.115196] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.4 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53640 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:20:32.480Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T21:20:45.763Z","@version":"1","message":"Sep 15 21:20:45 honeypot-sgp-1 sshd[22963]: Disconnected from invalid user kulok 194.113.237.49 port 49432 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:21:30 honeypot-ams-1 sshd[28875]: Received disconnect from 185.211.4.43 port 46298:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:21:30.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:25:58 honeypot-fra-1 sshd[19637]: Disconnected from authenticating user root 61.177.173.53 port 39193 [preauth]","@timestamp":"2022-09-15T21:25:58.602Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:28:21 honeypot-ams-1 kernel: [84153883.888989] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.73 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52535 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:28:22.680Z"}
{"@timestamp":"2022-09-15T21:31:02.023Z","@version":"1","message":"Sep 15 21:31:01 honeypot-sgp-1 sshd[22972]: Received disconnect from 92.255.85.69 port 29002:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T21:34:12.099Z","@version":"1","message":"Sep 15 21:34:11 honeypot-sgp-1 sshd[22978]: Received disconnect from 157.230.245.64 port 50672:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:40:30 honeypot-ams-1 kernel: [84154612.650192] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=41782 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:40:30.993Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:41:22 honeypot-fra-1 sshd[19649]: Received disconnect from 61.177.173.51 port 46255:11:  [preauth]","@timestamp":"2022-09-15T21:41:22.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:44:43 honeypot-fra-1 sshd[19655]: Disconnected from invalid user ldapsun 165.22.45.108 port 41600 [preauth]","@timestamp":"2022-09-15T21:44:44.020Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:45:09.353Z","@version":"1","message":"Sep 15 21:45:08 honeypot-sgp-1 sshd[22985]: Connection closed by authenticating user nobody 179.60.147.69 port 14090 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T21:49:09.447Z","@version":"1","message":"Sep 15 21:49:08 honeypot-sgp-1 kernel: [84154655.273257] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=51555 PROTO=TCP SPT=52938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:49:21 honeypot-fra-1 sshd[19662]: Disconnected from authenticating user root 92.255.85.70 port 24548 [preauth]","@timestamp":"2022-09-15T21:49:22.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:49:30 honeypot-ams-1 sshd[28896]: Disconnected from invalid user mdpi 92.205.19.152 port 59946 [preauth]","@timestamp":"2022-09-15T21:49:30.216Z"}
{"@timestamp":"2022-09-15T21:56:15.611Z","@version":"1","message":"Sep 15 21:56:15 honeypot-sgp-1 sshd[23065]: Received disconnect from 61.177.173.50 port 12656:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:57:31 honeypot-fra-1 sshd[19672]: Disconnected from authenticating user root 61.177.173.50 port 47106 [preauth]","@timestamp":"2022-09-15T21:57:31.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:00:56 honeypot-ams-1 sshd[28902]: Invalid user server from 209.73.215.135 port 34736","@timestamp":"2022-09-15T22:00:56.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:20 honeypot-fra-1 sshd[19682]: Invalid user user from 162.241.189.135 port 47922","@timestamp":"2022-09-15T22:02:20.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:27 honeypot-fra-1 sshd[19686]: Invalid user user from 162.241.189.135 port 33108","@timestamp":"2022-09-15T22:02:28.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:35 honeypot-fra-1 sshd[19690]: Invalid user user from 162.241.189.135 port 38496","@timestamp":"2022-09-15T22:02:35.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:44 honeypot-fra-1 sshd[19694]: Invalid user user from 162.241.189.135 port 51100","@timestamp":"2022-09-15T22:02:44.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:52 honeypot-fra-1 sshd[19698]: Invalid user user from 162.241.189.135 port 34848","@timestamp":"2022-09-15T22:02:52.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:00 honeypot-fra-1 sshd[19702]: Invalid user user from 162.241.189.135 port 47892","@timestamp":"2022-09-15T22:03:00.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:07 honeypot-fra-1 sshd[19706]: Invalid user user from 162.241.189.135 port 60136","@timestamp":"2022-09-15T22:03:08.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:13 honeypot-fra-1 kernel: [84153809.392357] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.204.142 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46355 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:03:14.466Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:19 honeypot-fra-1 sshd[19712]: Disconnected from invalid user user 162.241.189.135 port 36212 [preauth]","@timestamp":"2022-09-15T22:03:20.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:28 honeypot-fra-1 sshd[19716]: Disconnected from invalid user user 162.241.189.135 port 51148 [preauth]","@timestamp":"2022-09-15T22:03:29.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:35 honeypot-fra-1 sshd[19720]: Disconnected from invalid user user 162.241.189.135 port 35792 [preauth]","@timestamp":"2022-09-15T22:03:36.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:43 honeypot-fra-1 sshd[19724]: Disconnected from invalid user user 162.241.189.135 port 50672 [preauth]","@timestamp":"2022-09-15T22:03:43.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:51 honeypot-fra-1 sshd[19728]: Received disconnect from 162.241.189.135 port 34902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:51.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:59 honeypot-fra-1 sshd[19732]: Received disconnect from 162.241.189.135 port 50776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:59.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:07 honeypot-fra-1 sshd[19736]: Received disconnect from 162.241.189.135 port 35196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:07.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:21 honeypot-fra-1 sshd[19740]: Received disconnect from 162.241.189.135 port 41910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:22.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:29 honeypot-fra-1 sshd[19744]: Received disconnect from 162.241.189.135 port 53744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:29.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:36 honeypot-fra-1 sshd[19748]: Received disconnect from 162.241.189.135 port 42038:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:37.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:44 honeypot-fra-1 sshd[19752]: Received disconnect from 162.241.189.135 port 56920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:45.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:52 honeypot-fra-1 sshd[19756]: Received disconnect from 162.241.189.135 port 42184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:53.519Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:00 honeypot-fra-1 sshd[19760]: Received disconnect from 162.241.189.135 port 55434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:01.522Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:08 honeypot-fra-1 sshd[19764]: Received disconnect from 162.241.189.135 port 40642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:09.527Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:05:15.820Z","@version":"1","message":"Sep 15 22:05:15 honeypot-sgp-1 kernel: [84155622.372519] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46817 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:16 honeypot-fra-1 sshd[19768]: Received disconnect from 162.241.189.135 port 55010:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:17.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:24 honeypot-fra-1 sshd[19772]: Received disconnect from 162.241.189.135 port 42606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:24.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:32 honeypot-fra-1 sshd[19776]: Received disconnect from 162.241.189.135 port 57354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:32.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:39 honeypot-fra-1 sshd[19780]: Received disconnect from 162.241.189.135 port 45014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:40.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:50 honeypot-fra-1 sshd[19784]: Received disconnect from 162.241.189.135 port 37334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:51.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:59 honeypot-fra-1 sshd[19788]: Received disconnect from 162.241.189.135 port 35270:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:59.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:02 honeypot-fra-1 sshd[19792]: Received disconnect from 162.241.189.135 port 55928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:03.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:10 honeypot-fra-1 sshd[19796]: Received disconnect from 162.241.189.135 port 40900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:11.559Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:20 honeypot-fra-1 sshd[19800]: Received disconnect from 162.241.189.135 port 53238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:20.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:28 honeypot-fra-1 sshd[19804]: Received disconnect from 162.241.189.135 port 37944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:29.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:35 honeypot-fra-1 sshd[19808]: Received disconnect from 162.241.189.135 port 50566:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:35.572Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:43 honeypot-fra-1 sshd[19812]: Received disconnect from 162.241.189.135 port 36624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:43.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:51 honeypot-fra-1 sshd[19816]: Received disconnect from 162.241.189.135 port 49264:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:51.580Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:06:53 honeypot-ams-1 sshd[28905]: Received disconnect from 92.255.85.70 port 54174:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:06:53.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:59 honeypot-fra-1 sshd[19820]: Invalid user user from 162.241.189.135 port 33790","@timestamp":"2022-09-15T22:06:59.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:06 honeypot-fra-1 sshd[19824]: Invalid user user from 162.241.189.135 port 45890","@timestamp":"2022-09-15T22:07:07.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:14 honeypot-fra-1 sshd[19828]: Invalid user user from 162.241.189.135 port 33068","@timestamp":"2022-09-15T22:07:15.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:22 honeypot-fra-1 sshd[19833]: Invalid user user from 162.241.189.135 port 46540","@timestamp":"2022-09-15T22:07:23.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:30 honeypot-fra-1 sshd[19837]: Invalid user user from 162.241.189.135 port 58990","@timestamp":"2022-09-15T22:07:31.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:38 honeypot-fra-1 sshd[19841]: Invalid user user from 162.241.189.135 port 45108","@timestamp":"2022-09-15T22:07:38.603Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:11:26 honeypot-ams-1 sshd[28907]: Disconnected from invalid user ffw 188.165.78.53 port 34448 [preauth]","@timestamp":"2022-09-15T22:11:26.796Z"}
{"@timestamp":"2022-09-15T22:12:33.996Z","@version":"1","message":"Sep 15 22:12:33 honeypot-sgp-1 kernel: [84156060.158742] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.63.151.124 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=3389 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:13:33 honeypot-fra-1 kernel: [84154429.120576] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=39733 PROTO=TCP SPT=59927 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:13:33.752Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:14:57 honeypot-ams-1 sshd[28914]: Received disconnect from 103.68.183.202 port 53274:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:14:57.893Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:17:01 honeypot-fra-1 CRON[19846]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T22:17:01.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:19:01.157Z","@version":"1","message":"Sep 15 22:19:00 honeypot-sgp-1 sshd[23080]: Received disconnect from 138.68.230.183 port 33680:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:20:08 honeypot-fra-1 kernel: [84154824.546454] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.123.198.153 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60935 PROTO=TCP SPT=56148 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:20:08.904Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T22:20:31.193Z","@version":"1","message":"Sep 15 22:20:30 honeypot-sgp-1 sshd[23084]: Disconnected from authenticating user root 189.8.68.56 port 34558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:23:46 honeypot-fra-1 kernel: [84155042.318447] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=16988 PROTO=TCP SPT=19870 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:23:46.990Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:24:36 honeypot-ams-1 sshd[28921]: Connection closed by invalid user default 179.60.147.69 port 17448 [preauth]","@timestamp":"2022-09-15T22:24:37.146Z"}
{"@timestamp":"2022-09-15T22:25:58.325Z","@version":"1","message":"Sep 15 22:25:57 honeypot-sgp-1 kernel: [84156864.000043] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.141.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52682 PROTO=TCP SPT=11822 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:32:01 honeypot-ams-1 kernel: [84157703.841176] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.145.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38141 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:32:02.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:35:16 honeypot-fra-1 kernel: [84155732.732866] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.241 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=32881 PROTO=TCP SPT=46381 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:35:17.249Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:37:49 honeypot-fra-1 sshd[19870]: Received disconnect from 92.255.85.70 port 59582:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:37:50.326Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:41:16.683Z","@version":"1","message":"Sep 15 22:41:15 honeypot-sgp-1 sshd[23095]: Connection closed by invalid user sftpuser 103.188.176.251 port 52976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:42:44 honeypot-ams-1 kernel: [84158346.472659] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=27.43.180.228 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=16266 DF PROTO=TCP SPT=3211 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:42:44.624Z"}
{"@timestamp":"2022-09-15T22:47:09.828Z","@version":"1","message":"Sep 15 22:47:09 honeypot-sgp-1 kernel: [84158135.816289] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34425 PROTO=TCP SPT=56911 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:52:22 honeypot-ams-1 sshd[28933]: Received disconnect from 92.255.85.69 port 53894:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:52:22.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19886]: Invalid user test from 20.13.161.157 port 57022","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19887]: Invalid user test from 20.13.161.157 port 56996","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19883]: Connection closed by invalid user note 20.13.161.157 port 57032 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19877]: Invalid user hadoop from 20.13.161.157 port 57024","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19907]: Invalid user user from 20.13.161.157 port 56978","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19910]: Invalid user es from 20.13.161.157 port 56974","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19910]: Connection closed by invalid user es 20.13.161.157 port 56974 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19909]: Connection closed by invalid user es 20.13.161.157 port 56992 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:59:07 honeypot-fra-1 sshd[19926]: Received disconnect from 92.255.85.70 port 63480:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:59:08.807Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:59:26.119Z","@version":"1","message":"Sep 15 22:59:25 honeypot-sgp-1 kernel: [84158871.812824] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19302 PROTO=TCP SPT=33271 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:02:34 honeypot-ams-1 sshd[28938]: Invalid user tomcat from 193.106.191.157 port 33500","@timestamp":"2022-09-15T23:02:35.151Z"}
{"@timestamp":"2022-09-15T23:03:31.219Z","@version":"1","message":"Sep 15 23:03:30 honeypot-sgp-1 sshd[23113]: Received disconnect from 165.232.141.0 port 56150:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:09:07.355Z","@version":"1","message":"Sep 15 23:09:06 honeypot-sgp-1 kernel: [84159453.037127] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10064 PROTO=TCP SPT=19131 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:10:21 honeypot-fra-1 sshd[19931]: Invalid user admin from 60.251.146.248 port 56842","@timestamp":"2022-09-15T23:10:22.063Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:11:53 honeypot-ams-1 kernel: [84160094.864838] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38025 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:11:53.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:13:59 honeypot-fra-1 kernel: [84158055.115180] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42947 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:14:00.151Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T23:16:22.555Z","@version":"1","message":"Sep 15 23:16:22 honeypot-sgp-1 kernel: [84159888.947196] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=59171 PROTO=TCP SPT=46346 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:17:01 honeypot-ams-1 CRON[28945]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T23:17:01.534Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:46 honeypot-ams-1 sshd[28951]: Received disconnect from 80.76.51.46 port 38594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:21:47.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:55 honeypot-ams-1 sshd[28955]: Disconnected from authenticating user root 80.76.51.46 port 42078 [preauth]","@timestamp":"2022-09-15T23:21:55.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:22 honeypot-ams-1 sshd[28962]: Disconnected from authenticating user root 80.76.51.46 port 52832 [preauth]","@timestamp":"2022-09-15T23:22:22.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:51 honeypot-ams-1 sshd[28968]: Disconnected from authenticating user root 80.76.51.46 port 35338 [preauth]","@timestamp":"2022-09-15T23:22:51.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:23:05 honeypot-fra-1 sshd[19940]: Disconnected from invalid user adm 92.255.85.70 port 59458 [preauth]","@timestamp":"2022-09-15T23:23:06.354Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:21 honeypot-ams-1 sshd[28974]: Received disconnect from 80.76.51.46 port 46040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:23:22.709Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:24:50 honeypot-ams-1 kernel: [84160872.490519] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=84.54.134.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=38791 PROTO=TCP SPT=46899 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:24:50.749Z"}
{"@timestamp":"2022-09-15T23:24:55.757Z","@version":"1","message":"Sep 15 23:24:55 honeypot-sgp-1 sshd[23129]: Received disconnect from 190.11.80.188 port 43750:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:33:24 honeypot-ams-1 sshd[28983]: Received disconnect from 159.223.95.166 port 35628:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:33:24.974Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:34:39 honeypot-fra-1 sshd[19946]: Received disconnect from 64.225.65.224 port 60310:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:34:40.636Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:36:29.038Z","@version":"1","message":"Sep 15 23:36:29 honeypot-sgp-1 sshd[23135]: Invalid user admin from 179.60.147.69 port 48226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:38:35 honeypot-fra-1 sshd[19955]: Unable to negotiate with 100.20.101.213 port 50518: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]","@timestamp":"2022-09-15T23:38:35.747Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:42:54 honeypot-ams-1 kernel: [84161955.830626] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=202.95.12.18 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=39005 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:42:54.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:49:44 honeypot-ams-1 sshd[28996]: Received disconnect from 45.61.186.249 port 33076:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:49:45.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:04 honeypot-ams-1 sshd[29000]: Received disconnect from 45.61.186.249 port 55728:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:50:05.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:23 honeypot-ams-1 sshd[29004]: Received disconnect from 45.61.186.249 port 50196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:50:24.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:35 honeypot-fra-1 sshd[19966]: Did not receive identification string from 31.192.105.81 port 3886","@timestamp":"2022-09-15T23:50:36.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:36 honeypot-fra-1 sshd[19976]: Unable to negotiate with 31.192.105.81 port 27329: no matching host key type found. Their offer: ssh-dss [preauth]","@timestamp":"2022-09-15T23:50:37.032Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:37 honeypot-fra-1 sshd[19984]: Unable to negotiate with 31.192.105.81 port 27994: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]","@timestamp":"2022-09-15T23:50:38.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:40 honeypot-ams-1 sshd[29008]: Received disconnect from 45.61.186.249 port 44650:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:50:41.435Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:52:47 honeypot-ams-1 sshd[29014]: Received disconnect from 80.76.51.45 port 46174:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:52:47.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:21 honeypot-ams-1 sshd[29018]: Disconnected from authenticating user root 80.76.51.45 port 54112 [preauth]","@timestamp":"2022-09-15T23:53:22.509Z"}
{"@timestamp":"2022-09-15T23:53:53.449Z","@version":"1","message":"Sep 15 23:53:52 honeypot-sgp-1 sshd[23141]: Disconnected from authenticating user root 206.189.153.63 port 59844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:54:10 honeypot-ams-1 sshd[29024]: Disconnected from authenticating user root 80.76.51.45 port 52078 [preauth]","@timestamp":"2022-09-15T23:54:11.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:54:59 honeypot-ams-1 sshd[29030]: Disconnected from authenticating user root 80.76.51.45 port 50074 [preauth]","@timestamp":"2022-09-15T23:54:59.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:55:48 honeypot-ams-1 sshd[29036]: Invalid user git from 80.76.51.45 port 48076","@timestamp":"2022-09-15T23:55:49.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19994]: Invalid user oracle from 182.253.81.212 port 33832","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19994]: Connection closed by invalid user oracle 182.253.81.212 port 33832 [preauth]","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:28 honeypot-fra-1 sshd[20009]: Invalid user kafka from 182.253.81.212 port 33823","@timestamp":"2022-09-15T23:56:29.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:56:41.518Z","@version":"1","message":"Sep 15 23:56:41 honeypot-sgp-1 sshd[23147]: Invalid user monitor from 14.52.249.27 port 38760","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:38.542Z","@version":"1","message":"Sep 15 23:57:38 honeypot-sgp-1 sshd[23150]: Disconnected from invalid user user 45.61.186.49 port 48736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:45.545Z","@version":"1","message":"Sep 15 23:57:45 honeypot-sgp-1 sshd[23154]: Disconnected from invalid user user 45.61.186.49 port 54564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:55.550Z","@version":"1","message":"Sep 15 23:57:55 honeypot-sgp-1 sshd[23158]: Disconnected from invalid user user 45.61.186.49 port 37962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:58:58.577Z","@version":"1","message":"Sep 15 23:58:57 honeypot-sgp-1 sshd[23164]: Received disconnect from 45.61.186.169 port 45648:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:15.585Z","@version":"1","message":"Sep 15 23:59:14 honeypot-sgp-1 sshd[23168]: Received disconnect from 45.61.186.169 port 40304:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:30.592Z","@version":"1","message":"Sep 15 23:59:30 honeypot-sgp-1 sshd[23172]: Received disconnect from 45.61.186.169 port 34978:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:03:16 honeypot-ams-1 sshd[29040]: Received disconnect from 92.255.85.70 port 58208:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:03:16.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:04:00 honeypot-fra-1 kernel: [84161055.809900] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.162.222.36 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=47626 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:04:00.339Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:04:18.725Z","@version":"1","message":"Sep 16 00:04:18 honeypot-sgp-1 kernel: [84162764.776586] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15212 PROTO=TCP SPT=35576 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:13.890Z","@version":"1","message":"Sep 16 00:11:13 honeypot-sgp-1 sshd[23181]: Invalid user user from 45.61.186.249 port 47544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:31.898Z","@version":"1","message":"Sep 16 00:11:31 honeypot-sgp-1 sshd[23185]: Invalid user user from 45.61.186.249 port 41832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:48.936Z","@version":"1","message":"Sep 16 00:11:48 honeypot-sgp-1 sshd[23189]: Invalid user user from 45.61.186.249 port 36122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:12:04.943Z","@version":"1","message":"Sep 16 00:12:04 honeypot-sgp-1 sshd[23193]: Invalid user user from 45.61.186.249 port 58678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:16:33.051Z","@version":"1","message":"Sep 16 00:16:32 honeypot-sgp-1 sshd[23198]: Disconnected from authenticating user root 92.255.85.69 port 28848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:17:01 honeypot-ams-1 CRON[29043]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T00:17:01.178Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:17:01 honeypot-fra-1 CRON[20018]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T00:17:01.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:19:16 honeypot-fra-1 kernel: [84161971.765596] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36801 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:19:16.694Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:20:08.141Z","@version":"1","message":"Sep 16 00:20:07 honeypot-sgp-1 sshd[23204]: Invalid user user from 45.61.184.204 port 49656","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:27.149Z","@version":"1","message":"Sep 16 00:20:26 honeypot-sgp-1 sshd[23208]: Invalid user user from 45.61.184.204 port 43892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:45.159Z","@version":"1","message":"Sep 16 00:20:44 honeypot-sgp-1 sshd[23212]: Invalid user user from 45.61.184.204 port 38148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:21:01.166Z","@version":"1","message":"Sep 16 00:21:00 honeypot-sgp-1 sshd[23216]: Invalid user user from 45.61.184.204 port 60618","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:22:39 honeypot-ams-1 kernel: [84164341.721685] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.71.232.148 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=49971 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:22:40.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:23:08 honeypot-fra-1 sshd[20024]: Disconnected from invalid user LEECHENG 165.22.45.108 port 57084 [preauth]","@timestamp":"2022-09-16T00:23:08.786Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:26:40 honeypot-ams-1 kernel: [84164581.836637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=14492 PROTO=TCP SPT=47202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:26:40.444Z"}
{"@timestamp":"2022-09-16T00:34:59.492Z","@version":"1","message":"Sep 16 00:34:58 honeypot-sgp-1 sshd[23220]: Received disconnect from 180.250.115.121 port 42856:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:35:57.519Z","@version":"1","message":"Sep 16 00:35:56 honeypot-sgp-1 sshd[23224]: Disconnected from authenticating user root 51.250.90.116 port 51426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:39:56 honeypot-ams-1 sshd[29058]: Invalid user sftpuser from 103.188.176.251 port 57584","@timestamp":"2022-09-16T00:39:56.832Z"}
{"@timestamp":"2022-09-16T00:40:05.618Z","@version":"1","message":"Sep 16 00:40:04 honeypot-sgp-1 sshd[23229]: Disconnected from invalid user Guest 92.255.85.69 port 25036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:40:31 honeypot-fra-1 kernel: [84163246.909090] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.42.199.109 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=60572 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:40:32.227Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:42:34 honeypot-ams-1 sshd[29063]: Disconnected from authenticating user root 103.146.202.151 port 58470 [preauth]","@timestamp":"2022-09-16T00:42:34.906Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:46:10 honeypot-ams-1 kernel: [84165752.098590] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=55366 PROTO=TCP SPT=44156 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:46:11.004Z"}
{"@timestamp":"2022-09-16T00:46:35.773Z","@version":"1","message":"Sep 16 00:46:34 honeypot-sgp-1 kernel: [84165301.397863] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40291 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:52:01.902Z","@version":"1","message":"Sep 16 00:52:01 honeypot-sgp-1 sshd[23240]: Invalid user admin from 178.128.125.205 port 63264","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:53:28.938Z","@version":"1","message":"Sep 16 00:53:28 honeypot-sgp-1 kernel: [84165714.794189] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.4 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=59137 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:54:07 honeypot-fra-1 sshd[20034]: Invalid user debian from 179.60.147.69 port 38520","@timestamp":"2022-09-16T00:54:07.539Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:54:58 honeypot-ams-1 kernel: [84166279.870917] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57828 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:54:58.240Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:59:13 honeypot-fra-1 sshd[20039]: Invalid user test2 from 141.98.10.158 port 56990","@timestamp":"2022-09-16T00:59:13.658Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:08:23 honeypot-fra-1 sshd[20042]: Disconnected from authenticating user root 90.176.240.32 port 33616 [preauth]","@timestamp":"2022-09-16T01:08:23.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:09:04 honeypot-ams-1 kernel: [84167125.852948] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=180.149.126.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=35840 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:09:04.610Z"}
{"@timestamp":"2022-09-16T01:09:17.306Z","@version":"1","message":"Sep 16 01:09:16 honeypot-sgp-1 kernel: [84166663.108228] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=218.29.55.169 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=30065 DF PROTO=TCP SPT=2284 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:10:57 honeypot-ams-1 sshd[29080]: Received disconnect from 164.92.212.181 port 42164:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:10:57.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:10:58 honeypot-fra-1 sshd[20048]: Disconnected from invalid user vu 121.126.224.151 port 53210 [preauth]","@timestamp":"2022-09-16T01:10:58.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:13:55 honeypot-fra-1 kernel: [84165251.213037] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.220.205.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59311 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:13:56.003Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:17:02.492Z","@version":"1","message":"Sep 16 01:17:01 honeypot-sgp-1 CRON[23256]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:06 honeypot-fra-1 sshd[20060]: Did not receive identification string from 45.61.186.49 port 42584","@timestamp":"2022-09-16T01:17:07.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:21 honeypot-fra-1 sshd[20063]: Disconnected from invalid user user 45.61.186.49 port 45532 [preauth]","@timestamp":"2022-09-16T01:17:22.086Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:31 honeypot-fra-1 sshd[20067]: Disconnected from invalid user user 45.61.186.49 port 57494 [preauth]","@timestamp":"2022-09-16T01:17:32.090Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:21:52.608Z","@version":"1","message":"Sep 16 01:21:52 honeypot-sgp-1 sshd[23264]: Received disconnect from 20.228.209.161 port 38358:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:22:22 honeypot-ams-1 kernel: [84167924.664304] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=7498 PROTO=TCP SPT=51095 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:22:22.971Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:23:43 honeypot-fra-1 kernel: [84165839.099562] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=53175 PROTO=TCP SPT=18396 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:23:44.236Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:25:03.685Z","@version":"1","message":"Sep 16 01:25:03 honeypot-sgp-1 sshd[23268]: Disconnected from authenticating user root 145.239.90.216 port 44992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:26:10 honeypot-ams-1 kernel: [84168152.381623] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37965 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:26:11.075Z"}
{"@timestamp":"2022-09-16T01:28:20.764Z","@version":"1","message":"Sep 16 01:28:20 honeypot-sgp-1 sshd[23275]: Connection closed by 192.241.220.82 port 47740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:29:43.803Z","@version":"1","message":"Sep 16 01:29:43 honeypot-sgp-1 sshd[23298]: Invalid user admin from 14.63.59.146 port 52043","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:30:38 honeypot-fra-1 sshd[20091]: Invalid user guest from 179.60.147.69 port 10740","@timestamp":"2022-09-16T01:30:38.396Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:53 honeypot-fra-1 sshd[20116]: Connection closed by authenticating user root 121.4.171.88 port 45686 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20105]: Invalid user postgres from 121.4.171.88 port 45636","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20101]: Connection closed by invalid user www 121.4.171.88 port 45634 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20117]: Connection closed by invalid user es 121.4.171.88 port 45626 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:35:49 honeypot-ams-1 sshd[29100]: Disconnected from authenticating user root 92.255.85.69 port 52954 [preauth]","@timestamp":"2022-09-16T01:35:49.326Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:13 honeypot-fra-1 sshd[20143]: Received disconnect from 45.61.186.49 port 48798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:37:14.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:23 honeypot-fra-1 sshd[20148]: Received disconnect from 45.61.186.49 port 60350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:37:24.559Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:38:07 honeypot-ams-1 sshd[29105]: Received disconnect from 180.69.254.177 port 50870:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:38:08.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:38:53 honeypot-ams-1 sshd[29110]: Received disconnect from 80.76.51.46 port 34334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:38:53.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:12 honeypot-ams-1 sshd[29114]: Disconnected from authenticating user root 80.76.51.46 port 41348 [preauth]","@timestamp":"2022-09-16T01:39:12.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:41 honeypot-ams-1 sshd[29120]: Disconnected from authenticating user root 80.76.51.46 port 51892 [preauth]","@timestamp":"2022-09-16T01:39:41.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:11 honeypot-ams-1 sshd[29126]: Disconnected from authenticating user root 80.76.51.46 port 34178 [preauth]","@timestamp":"2022-09-16T01:40:12.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:32 honeypot-ams-1 sshd[29132]: Received disconnect from 80.76.51.46 port 41190:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:40:33.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:42:21 honeypot-fra-1 sshd[20153]: Disconnected from authenticating user root 92.255.85.70 port 48444 [preauth]","@timestamp":"2022-09-16T01:42:22.672Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:45:25 honeypot-ams-1 sshd[29137]: Connection closed by invalid user tomcat 193.106.191.157 port 49000 [preauth]","@timestamp":"2022-09-16T01:45:25.596Z"}
{"@timestamp":"2022-09-16T01:49:15.285Z","@version":"1","message":"Sep 16 01:49:14 honeypot-sgp-1 sshd[23302]: Received disconnect from 92.255.85.69 port 22762:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:42 honeypot-ams-1 sshd[29142]: Disconnected from authenticating user root 111.226.108.58 port 43282 [preauth]","@timestamp":"2022-09-16T01:50:42.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:47 honeypot-ams-1 sshd[29148]: Received disconnect from 111.226.108.58 port 43510:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:47.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:51 honeypot-ams-1 sshd[29154]: Received disconnect from 111.226.108.58 port 43752:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:52.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:56 honeypot-ams-1 sshd[29160]: Received disconnect from 111.226.108.58 port 43995:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:56.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:01 honeypot-ams-1 sshd[29166]: Received disconnect from 111.226.108.58 port 44236:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:01.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:05 honeypot-ams-1 sshd[29172]: Received disconnect from 111.226.108.58 port 44477:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:06.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:10 honeypot-ams-1 sshd[29178]: Received disconnect from 111.226.108.58 port 44718:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:10.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:15 honeypot-ams-1 sshd[29184]: Received disconnect from 111.226.108.58 port 44945:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:15.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:19 honeypot-ams-1 sshd[29190]: Received disconnect from 111.226.108.58 port 45184:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:20.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:24 honeypot-ams-1 sshd[29196]: Received disconnect from 111.226.108.58 port 45451:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:24.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:29 honeypot-ams-1 sshd[29202]: Received disconnect from 111.226.108.58 port 45716:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:29.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:34 honeypot-ams-1 sshd[29208]: Received disconnect from 111.226.108.58 port 45962:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:34.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:37 honeypot-ams-1 sshd[29212]: Disconnected from invalid user admin 111.226.108.58 port 46146 [preauth]","@timestamp":"2022-09-16T01:51:37.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:40 honeypot-ams-1 sshd[29216]: Disconnected from invalid user admin 111.226.108.58 port 46307 [preauth]","@timestamp":"2022-09-16T01:51:40.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:43 honeypot-ams-1 sshd[29220]: Disconnected from invalid user admin 111.226.108.58 port 46477 [preauth]","@timestamp":"2022-09-16T01:51:43.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:46 honeypot-ams-1 sshd[29224]: Disconnected from invalid user admin 111.226.108.58 port 46639 [preauth]","@timestamp":"2022-09-16T01:51:46.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:49 honeypot-ams-1 sshd[29228]: Disconnected from invalid user admin 111.226.108.58 port 46804 [preauth]","@timestamp":"2022-09-16T01:51:50.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:53 honeypot-ams-1 sshd[29232]: Disconnected from invalid user user 111.226.108.58 port 46974 [preauth]","@timestamp":"2022-09-16T01:51:53.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:57 honeypot-ams-1 sshd[29238]: Received disconnect from 111.226.108.58 port 47218:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:58.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:00 honeypot-ams-1 sshd[29242]: Received disconnect from 111.226.108.58 port 47374:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:01.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:04 honeypot-ams-1 sshd[29246]: Received disconnect from 111.226.108.58 port 47552:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:04.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:07 honeypot-ams-1 sshd[29250]: Received disconnect from 111.226.108.58 port 47717:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:07.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:10 honeypot-ams-1 sshd[29254]: Received disconnect from 111.226.108.58 port 47872:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:10.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:13 honeypot-ams-1 sshd[29258]: Received disconnect from 111.226.108.58 port 48030:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:13.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:16 honeypot-ams-1 sshd[29262]: Received disconnect from 111.226.108.58 port 48195:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:16.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:19 honeypot-ams-1 sshd[29266]: Received disconnect from 111.226.108.58 port 48366:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:20.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:22 honeypot-ams-1 sshd[29270]: Received disconnect from 111.226.108.58 port 48516:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:23.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:26 honeypot-ams-1 sshd[29274]: Received disconnect from 111.226.108.58 port 48676:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:26.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:29 honeypot-ams-1 sshd[29278]: Received disconnect from 111.226.108.58 port 48843:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:29.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:54:55 honeypot-fra-1 sshd[20158]: error: maximum authentication attempts exceeded for invalid user admin from 217.42.70.30 port 55320 ssh2 [preauth]","@timestamp":"2022-09-16T01:54:55.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:54:57.424Z","@version":"1","message":"Sep 16 01:54:56 honeypot-sgp-1 sshd[23305]: Received disconnect from 211.193.31.52 port 57800:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:56:09 honeypot-fra-1 sshd[20164]: Received disconnect from 139.59.176.155 port 47850:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:56:10.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:59:46 honeypot-ams-1 sshd[29283]: Received disconnect from 46.101.169.25 port 54468:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:59:47.003Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:04:13 honeypot-ams-1 kernel: [84170435.366293] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=180.149.126.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=57118 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:04:14.127Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:20 honeypot-fra-1 sshd[20170]: Invalid user user from 45.61.186.169 port 41326","@timestamp":"2022-09-16T02:05:21.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:37 honeypot-fra-1 sshd[20174]: Invalid user user from 45.61.186.169 port 36228","@timestamp":"2022-09-16T02:05:38.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:55 honeypot-fra-1 sshd[20178]: Invalid user user from 45.61.186.169 port 59360","@timestamp":"2022-09-16T02:05:56.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:11 honeypot-fra-1 sshd[20182]: Invalid user user from 45.61.186.169 port 54252","@timestamp":"2022-09-16T02:06:12.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:56 honeypot-fra-1 sshd[20186]: Connection closed by invalid user admin 179.60.147.69 port 20170 [preauth]","@timestamp":"2022-09-16T02:06:56.345Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:08:28.752Z","@version":"1","message":"Sep 16 02:08:28 honeypot-sgp-1 kernel: [84170214.624834] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26539 PROTO=TCP SPT=55953 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:09:01 honeypot-ams-1 sshd[29290]: Disconnected from authenticating user root 178.62.34.139 port 50318 [preauth]","@timestamp":"2022-09-16T02:09:02.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:10:43 honeypot-ams-1 sshd[29296]: Invalid user orangedev from 196.203.105.41 port 51352","@timestamp":"2022-09-16T02:10:44.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:30 honeypot-fra-1 sshd[20192]: Received disconnect from 45.61.186.249 port 43132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:11:30.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:50 honeypot-fra-1 sshd[20196]: Received disconnect from 45.61.186.249 port 37718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:11:51.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:07 honeypot-fra-1 sshd[20200]: Received disconnect from 45.61.186.249 port 60542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:12:07.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:24 honeypot-fra-1 sshd[20204]: Invalid user user from 45.61.186.249 port 55124","@timestamp":"2022-09-16T02:12:24.478Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:13:37.882Z","@version":"1","message":"Sep 16 02:13:37 honeypot-sgp-1 kernel: [84170523.491826] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=33919 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:13:48 honeypot-ams-1 sshd[29301]: Invalid user mikyla from 187.190.252.164 port 45481","@timestamp":"2022-09-16T02:13:48.389Z"}
{"@timestamp":"2022-09-16T02:17:01.967Z","@version":"1","message":"Sep 16 02:17:01 honeypot-sgp-1 CRON[23320]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:18:15 honeypot-ams-1 sshd[29306]: Received disconnect from 190.18.110.53 port 38874:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:18:16.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:20:09 honeypot-ams-1 sshd[29311]: Disconnected from authenticating user root 193.123.118.70 port 58422 [preauth]","@timestamp":"2022-09-16T02:20:09.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:21:08 honeypot-fra-1 kernel: [84169283.761752] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15583 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:21:08.707Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T02:24:55.159Z","@version":"1","message":"Sep 16 02:24:55 honeypot-sgp-1 sshd[23326]: Invalid user admin from 185.149.120.23 port 39018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:26:41 honeypot-ams-1 sshd[29316]: Received disconnect from 209.97.162.46 port 42330:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:26:42.728Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:30:38 honeypot-fra-1 sshd[20212]: Invalid user ansible from 92.255.85.70 port 22776","@timestamp":"2022-09-16T02:30:38.978Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:31:59 honeypot-ams-1 kernel: [84172100.900303] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.166.87.67 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=254 ID=15212 PROTO=TCP SPT=50503 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:31:59.867Z"}
{"@timestamp":"2022-09-16T02:32:45.353Z","@version":"1","message":"Sep 16 02:32:44 honeypot-sgp-1 sshd[23329]: Did not receive identification string from 45.61.186.249 port 59862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:01.361Z","@version":"1","message":"Sep 16 02:33:01 honeypot-sgp-1 sshd[23332]: Disconnected from invalid user user 45.61.186.249 port 56552 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:20.371Z","@version":"1","message":"Sep 16 02:33:19 honeypot-sgp-1 sshd[23336]: Disconnected from invalid user user 45.61.186.249 port 51304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:38.379Z","@version":"1","message":"Sep 16 02:33:38 honeypot-sgp-1 sshd[23340]: Disconnected from invalid user user 45.61.186.249 port 46108 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:37:23.471Z","@version":"1","message":"Sep 16 02:37:22 honeypot-sgp-1 sshd[23345]: Disconnected from invalid user admin 92.255.85.70 port 35130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:43:17 honeypot-fra-1 sshd[20215]: Connection closed by authenticating user nobody 179.60.147.69 port 35474 [preauth]","@timestamp":"2022-09-16T02:43:18.262Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:44:41 honeypot-ams-1 kernel: [84172863.110813] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.196.214 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57067 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:44:42.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:47:31 honeypot-ams-1 sshd[29327]: Received disconnect from 52.140.103.80 port 49960:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:47:32.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:51:13 honeypot-ams-1 sshd[29333]: Invalid user vp from 52.172.208.61 port 51400","@timestamp":"2022-09-16T02:51:14.374Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:53:50 honeypot-ams-1 kernel: [84173412.198932] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=32374 PROTO=TCP SPT=32150 DPT=80 WINDOW=50517 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:53:51.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:53:53 honeypot-fra-1 sshd[20222]: Received disconnect from 92.255.85.70 port 20726:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:53:53.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:59:10 honeypot-fra-1 kernel: [84171565.662173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=54220 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:59:10.625Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T02:59:32.012Z","@version":"1","message":"Sep 16 02:59:31 honeypot-sgp-1 sshd[23350]: Disconnected from authenticating user root 92.255.85.70 port 52522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:00:59 honeypot-ams-1 kernel: [84173841.683438] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.133 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57663 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:01:00.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:06:58 honeypot-ams-1 sshd[29344]: Received disconnect from 178.134.60.186 port 45584:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:06:59.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:07:13 honeypot-fra-1 kernel: [84172048.374557] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.248.6.65 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x20 TTL=74 ID=44404 PROTO=TCP SPT=50191 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:07:13.810Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T03:08:45.240Z","@version":"1","message":"Sep 16 03:08:45 honeypot-sgp-1 kernel: [84173831.407143] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.65.232.229 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=49803 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:09:38 honeypot-ams-1 kernel: [84174360.049876] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=2424 PROTO=TCP SPT=57204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:09:38.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:11:36 honeypot-fra-1 kernel: [84172311.492631] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34088 PROTO=TCP SPT=41456 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:11:36.911Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:16:55 honeypot-ams-1 sshd[29353]: Received disconnect from 80.76.51.46 port 60970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:16:56.056Z"}
{"@timestamp":"2022-09-16T03:17:02.448Z","@version":"1","message":"Sep 16 03:17:01 honeypot-sgp-1 CRON[23360]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:14 honeypot-ams-1 sshd[29360]: Received disconnect from 80.76.51.46 port 40946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:17:15.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:32 honeypot-ams-1 sshd[29365]: Disconnected from authenticating user root 80.76.51.46 port 49150 [preauth]","@timestamp":"2022-09-16T03:17:33.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:51 honeypot-ams-1 sshd[29371]: Received disconnect from 80.76.51.46 port 57366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:17:51.084Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:00 honeypot-ams-1 sshd[29375]: Disconnected from authenticating user root 80.76.51.46 port 33234 [preauth]","@timestamp":"2022-09-16T03:18:01.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:14 honeypot-ams-1 sshd[29381]: Invalid user user from 45.61.186.169 port 48874","@timestamp":"2022-09-16T03:18:15.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:23 honeypot-ams-1 sshd[29385]: Received disconnect from 45.61.186.169 port 60560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:23.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:31 honeypot-ams-1 sshd[29389]: Disconnected from invalid user user 45.61.186.169 port 43996 [preauth]","@timestamp":"2022-09-16T03:18:31.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:38 honeypot-ams-1 sshd[29393]: Disconnected from invalid user user 45.61.186.169 port 55664 [preauth]","@timestamp":"2022-09-16T03:18:39.111Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:20:56 honeypot-fra-1 sshd[20242]: Invalid user debian from 179.60.147.69 port 36768","@timestamp":"2022-09-16T03:20:57.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:23:14 honeypot-ams-1 sshd[29398]: Invalid user debian from 179.60.147.69 port 34456","@timestamp":"2022-09-16T03:23:15.230Z"}
{"@timestamp":"2022-09-16T03:23:52.619Z","@version":"1","message":"Sep 16 03:23:51 honeypot-sgp-1 sshd[23370]: Disconnected from authenticating user root 211.115.68.105 port 42739 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:25:06.651Z","@version":"1","message":"Sep 16 03:25:06 honeypot-sgp-1 sshd[23374]: Disconnected from invalid user auxiliar 139.198.14.22 port 33926 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:29:08 honeypot-ams-1 sshd[29404]: Received disconnect from 209.97.146.150 port 33637:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:29:08.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:31:43 honeypot-fra-1 kernel: [84173518.291156] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=88.249.80.139 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15686 PROTO=TCP SPT=42621 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:31:43.513Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:33:54 honeypot-ams-1 kernel: [84175815.714690] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.26.49.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=52727 PROTO=TCP SPT=5928 DPT=443 WINDOW=8472 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:33:54.517Z"}
{"@timestamp":"2022-09-16T03:35:16.905Z","@version":"1","message":"Sep 16 03:35:16 honeypot-sgp-1 sshd[23382]: Connection closed by invalid user zabbix 103.188.176.251 port 42248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:00 honeypot-fra-1 sshd[20254]: Did not receive identification string from 45.61.186.169 port 44600","@timestamp":"2022-09-16T03:42:00.761Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:42:31.086Z","@version":"1","message":"Sep 16 03:42:30 honeypot-sgp-1 sshd[23388]: Disconnected from authenticating user root 206.189.219.241 port 58382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:40 honeypot-fra-1 sshd[20257]: Disconnected from invalid user user 45.61.186.169 port 34580 [preauth]","@timestamp":"2022-09-16T03:42:40.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:56 honeypot-fra-1 sshd[20261]: Disconnected from invalid user user 45.61.186.169 port 57620 [preauth]","@timestamp":"2022-09-16T03:42:57.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:12 honeypot-fra-1 sshd[20266]: Disconnected from invalid user user 45.61.186.169 port 52424 [preauth]","@timestamp":"2022-09-16T03:43:13.794Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:44:02 honeypot-ams-1 kernel: [84176424.523918] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.94.6.47 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=2796 PROTO=TCP SPT=55488 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:44:03.779Z"}
{"@timestamp":"2022-09-16T03:45:58.177Z","@version":"1","message":"Sep 16 03:45:57 honeypot-sgp-1 sshd[23395]: Invalid user distccd from 84.54.74.130 port 49866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:45:59 honeypot-ams-1 sshd[29418]: Received disconnect from 80.76.51.46 port 52804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:45:59.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:29 honeypot-ams-1 sshd[29424]: Received disconnect from 80.76.51.46 port 37870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:46:29.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:00 honeypot-ams-1 sshd[29430]: Received disconnect from 80.76.51.46 port 51238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:47:00.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:33 honeypot-ams-1 sshd[29436]: Invalid user test from 80.76.51.46 port 36388","@timestamp":"2022-09-16T03:47:33.883Z"}
{"@timestamp":"2022-09-16T03:48:15.238Z","@version":"1","message":"Sep 16 03:48:14 honeypot-sgp-1 sshd[23399]: Invalid user admin from 138.2.245.103 port 34732","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:49:08 honeypot-fra-1 kernel: [84174563.539711] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=85.105.238.8 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=55763 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:49:08.927Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T03:51:14.313Z","@version":"1","message":"Sep 16 03:51:13 honeypot-sgp-1 sshd[23404]: Invalid user merje from 13.233.208.64 port 47182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:57:02 honeypot-ams-1 sshd[29441]: Received disconnect from 92.255.85.70 port 18576:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:57:03.122Z"}
{"@timestamp":"2022-09-16T03:57:06.461Z","@version":"1","message":"Sep 16 03:57:05 honeypot-sgp-1 sshd[23409]: Invalid user support from 179.60.147.69 port 37084","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:58:20 honeypot-fra-1 sshd[20277]: Invalid user support from 179.60.147.69 port 59556","@timestamp":"2022-09-16T03:58:21.135Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:02:48 honeypot-ams-1 kernel: [84177550.257403] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.230.225.49 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=23684 DF PROTO=TCP SPT=55529 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:02:49.274Z"}
{"@timestamp":"2022-09-16T04:03:26.624Z","@version":"1","message":"Sep 16 04:03:25 honeypot-sgp-1 sshd[23414]: Received disconnect from 159.89.173.162 port 33304:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:04:32 honeypot-fra-1 sshd[20282]: Disconnected from authenticating user root 92.255.85.69 port 57468 [preauth]","@timestamp":"2022-09-16T04:04:33.277Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:08:40 honeypot-ams-1 sshd[29451]: Invalid user tomcat from 193.106.191.157 port 50944","@timestamp":"2022-09-16T04:08:40.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:09:55 honeypot-fra-1 sshd[20288]: Invalid user user from 45.61.186.249 port 45834","@timestamp":"2022-09-16T04:09:56.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:14 honeypot-fra-1 sshd[20292]: Invalid user user from 45.61.186.249 port 40450","@timestamp":"2022-09-16T04:10:14.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:32 honeypot-fra-1 sshd[20296]: Invalid user user from 45.61.186.249 port 35064","@timestamp":"2022-09-16T04:10:32.420Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:11:16.824Z","@version":"1","message":"Sep 16 04:11:16 honeypot-sgp-1 sshd[23418]: Disconnected from invalid user admin 92.255.85.69 port 44712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:11:22 honeypot-ams-1 kernel: [84178063.949681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.57.35.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=51093 PROTO=TCP SPT=29672 DPT=443 WINDOW=24256 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:11:22.501Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:11:27 honeypot-fra-1 kernel: [84175902.443486] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=188.166.87.67 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=15212 PROTO=TCP SPT=40116 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:11:28.443Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:16:29.963Z","@version":"1","message":"Sep 16 04:16:29 honeypot-sgp-1 sshd[23424]: Disconnected from invalid user user 45.61.184.204 port 33754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:49.974Z","@version":"1","message":"Sep 16 04:16:49 honeypot-sgp-1 sshd[23428]: Disconnected from invalid user user 45.61.184.204 port 57516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:08.984Z","@version":"1","message":"Sep 16 04:17:08 honeypot-sgp-1 sshd[23435]: Invalid user user from 45.61.184.204 port 53080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:25.992Z","@version":"1","message":"Sep 16 04:17:25 honeypot-sgp-1 sshd[23440]: Invalid user user from 45.61.184.204 port 48574","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:18:51 honeypot-ams-1 kernel: [84178512.922177] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56629 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:18:51.696Z"}
{"@timestamp":"2022-09-16T04:19:20.044Z","@version":"1","message":"Sep 16 04:19:19 honeypot-sgp-1 sshd[23444]: Received disconnect from 61.177.172.124 port 48048:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:26 honeypot-ams-1 sshd[29464]: Received disconnect from 45.61.184.204 port 39576:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:19:26.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:44 honeypot-ams-1 sshd[29468]: Received disconnect from 45.61.184.204 port 34522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:19:44.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:20:01 honeypot-ams-1 sshd[29472]: Received disconnect from 45.61.184.204 port 57750:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:20:01.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:20:09 honeypot-ams-1 sshd[29476]: Disconnected from invalid user user 45.61.184.204 port 41068 [preauth]","@timestamp":"2022-09-16T04:20:09.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:20:18 honeypot-fra-1 kernel: [84176433.314529] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15583 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:20:18.644Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:20:52 honeypot-fra-1 sshd[20310]: Disconnected from invalid user hadoop 188.170.13.225 port 41866 [preauth]","@timestamp":"2022-09-16T04:20:53.661Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:22:19 honeypot-ams-1 kernel: [84178721.509194] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=19793 PROTO=TCP SPT=51623 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:22:20.802Z"}
{"@timestamp":"2022-09-16T04:25:19.198Z","@version":"1","message":"Sep 16 04:25:18 honeypot-sgp-1 sshd[23449]: Disconnecting invalid user admin 61.115.72.251 port 59554: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:28:18 honeypot-fra-1 kernel: [84176913.175512] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54439 PROTO=TCP SPT=41768 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:28:18.829Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:32:08.371Z","@version":"1","message":"Sep 16 04:32:08 honeypot-sgp-1 sshd[23456]: Disconnected from authenticating user root 61.177.173.36 port 12624 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:34:14 honeypot-ams-1 sshd[29489]: Received disconnect from 61.177.173.36 port 28981:11:  [preauth]","@timestamp":"2022-09-16T04:34:15.111Z"}
{"@timestamp":"2022-09-16T04:35:27.459Z","@version":"1","message":"Sep 16 04:35:27 honeypot-sgp-1 sshd[23462]: Invalid user blank from 179.60.147.69 port 17222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:38:49 honeypot-ams-1 sshd[29927]: Invalid user blank from 179.60.147.69 port 32012","@timestamp":"2022-09-16T04:38:50.230Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:39:26 honeypot-fra-1 kernel: [84177581.634052] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.202.61 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48993 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:39:27.102Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:44:15 honeypot-ams-1 sshd[29932]: Disconnected from authenticating user root 61.177.173.51 port 41530 [preauth]","@timestamp":"2022-09-16T04:44:16.375Z"}
{"@timestamp":"2022-09-16T04:45:16.710Z","@version":"1","message":"Sep 16 04:45:16 honeypot-sgp-1 sshd[23468]: Invalid user bots from 23.83.239.130 port 48040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:45:58 honeypot-fra-1 sshd[20764]: Disconnected from invalid user leo 165.22.45.108 port 54328 [preauth]","@timestamp":"2022-09-16T04:45:59.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:46:22.740Z","@version":"1","message":"Sep 16 04:46:22 honeypot-sgp-1 sshd[23472]: Disconnected from authenticating user root 61.177.173.47 port 10013 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:47:26.770Z","@version":"1","message":"Sep 16 04:47:26 honeypot-sgp-1 sshd[23478]: Received disconnect from 46.101.169.25 port 43248:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:51:19.869Z","@version":"1","message":"Sep 16 04:51:19 honeypot-sgp-1 sshd[23483]: Disconnected from invalid user bouncer 167.71.233.59 port 48030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:51:50 honeypot-fra-1 sshd[20767]: Received disconnect from 92.255.85.70 port 51068:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:51:51.384Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:52:21.898Z","@version":"1","message":"Sep 16 04:52:20 honeypot-sgp-1 sshd[23487]: Disconnected from invalid user vanesa 138.197.152.128 port 60132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:53:39 honeypot-fra-1 sshd[20769]: Disconnected from invalid user abc 162.19.26.39 port 33934 [preauth]","@timestamp":"2022-09-16T04:53:39.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:55:29 honeypot-fra-1 sshd[20773]: Disconnected from invalid user ozzy 52.183.159.83 port 53522 [preauth]","@timestamp":"2022-09-16T04:55:30.472Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:56:19 honeypot-ams-1 kernel: [84180761.250740] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=53049 PROTO=TCP SPT=46443 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:56:19.682Z"}
{"@timestamp":"2022-09-16T04:56:36.008Z","@version":"1","message":"Sep 16 04:56:35 honeypot-sgp-1 sshd[23500]: Invalid user volumio from 218.10.34.1 port 35746","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:57:17 honeypot-fra-1 sshd[20780]: Received disconnect from 85.237.57.193 port 35110:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:57:17.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:58:28 honeypot-fra-1 sshd[20784]: Disconnected from authenticating user root 139.59.102.10 port 50754 [preauth]","@timestamp":"2022-09-16T04:58:28.545Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:00:56.120Z","@version":"1","message":"Sep 16 05:00:55 honeypot-sgp-1 sshd[23504]: Received disconnect from 61.177.173.36 port 23956:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:02:27 honeypot-fra-1 sshd[20791]: Received disconnect from 206.189.213.126 port 48392:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:02:27.639Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:03:17 honeypot-ams-1 sshd[29950]: Disconnected from authenticating user root 61.177.173.49 port 26360 [preauth]","@timestamp":"2022-09-16T05:03:17.867Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:05:36 honeypot-fra-1 sshd[20794]: Disconnected from invalid user webalizer 115.247.30.162 port 49814 [preauth]","@timestamp":"2022-09-16T05:05:36.713Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:06:35.262Z","@version":"1","message":"Sep 16 05:06:34 honeypot-sgp-1 sshd[23511]: Received disconnect from 208.109.32.171 port 43466:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:12:26 honeypot-ams-1 kernel: [84181728.343975] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.201 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64073 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:12:27.102Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:14:07 honeypot-fra-1 sshd[20802]: Received disconnect from 201.63.97.218 port 38054:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:14:07.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:16:13 honeypot-fra-1 sshd[20807]: Disconnected from invalid user admin 41.77.186.96 port 58802 [preauth]","@timestamp":"2022-09-16T05:16:13.960Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:17:02.524Z","@version":"1","message":"Sep 16 05:17:01 honeypot-sgp-1 CRON[23522]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:19:43.594Z","@version":"1","message":"Sep 16 05:19:43 honeypot-sgp-1 sshd[23527]: Disconnected from 159.223.164.107 port 52326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:22:11 honeypot-ams-1 kernel: [84182313.270059] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.237.175.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=33171 PROTO=TCP SPT=21848 DPT=443 WINDOW=25448 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:22:12.351Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:22:52 honeypot-fra-1 sshd[20815]: Invalid user www from 134.17.95.120 port 57082","@timestamp":"2022-09-16T05:22:53.113Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:27:28.789Z","@version":"1","message":"Sep 16 05:27:28 honeypot-sgp-1 kernel: [84182154.354819] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57624 PROTO=TCP SPT=46006 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:27:49 honeypot-ams-1 sshd[29978]: Disconnected from authenticating user root 61.177.172.114 port 50421 [preauth]","@timestamp":"2022-09-16T05:27:49.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:29:57 honeypot-fra-1 sshd[20820]: Invalid user admin from 222.117.123.95 port 51696","@timestamp":"2022-09-16T05:29:58.274Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:32:18 honeypot-ams-1 sshd[29982]: Received disconnect from 61.177.173.47 port 32489:11:  [preauth]","@timestamp":"2022-09-16T05:32:19.615Z"}
{"@timestamp":"2022-09-16T05:33:06.931Z","@version":"1","message":"Sep 16 05:33:06 honeypot-sgp-1 sshd[23539]: Connection reset by 61.177.173.51 port 37485 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:33:28.943Z","@version":"1","message":"Sep 16 05:33:28 honeypot-sgp-1 sshd[23547]: Disconnected from authenticating user root 43.154.227.169 port 54480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:35:21.994Z","@version":"1","message":"Sep 16 05:35:21 honeypot-sgp-1 sshd[23553]: Received disconnect from 193.142.146.50 port 48816:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:37:37.053Z","@version":"1","message":"Sep 16 05:37:37 honeypot-sgp-1 sshd[23560]: Received disconnect from 193.142.146.50 port 60880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:38:44 honeypot-fra-1 sshd[20825]: Invalid user leo from 165.22.45.108 port 59388","@timestamp":"2022-09-16T05:38:44.474Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:38:59.090Z","@version":"1","message":"Sep 16 05:38:58 honeypot-sgp-1 sshd[23564]: Received disconnect from 193.142.146.50 port 52796:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:39:04 honeypot-fra-1 sshd[20827]: Disconnected from invalid user ubuntu 92.255.85.70 port 53114 [preauth]","@timestamp":"2022-09-16T05:39:04.484Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:40:59 honeypot-ams-1 kernel: [84183441.482156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.204 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37067 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:41:00.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:44:08 honeypot-ams-1 sshd[29992]: Disconnected from invalid user men 186.226.37.45 port 52863 [preauth]","@timestamp":"2022-09-16T05:44:08.923Z"}
{"@timestamp":"2022-09-16T05:44:10.221Z","@version":"1","message":"Sep 16 05:44:10 honeypot-sgp-1 sshd[23572]: Received disconnect from 61.177.172.104 port 28961:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:46:46 honeypot-fra-1 sshd[20834]: Received disconnect from 221.195.80.203 port 42966:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:46:47.664Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:46:55 honeypot-ams-1 sshd[29999]: Invalid user user from 45.61.187.160 port 44640","@timestamp":"2022-09-16T05:46:55.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:14 honeypot-ams-1 sshd[30005]: Invalid user user from 45.61.187.160 port 39080","@timestamp":"2022-09-16T05:47:15.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:32 honeypot-ams-1 sshd[30009]: Invalid user user from 45.61.187.160 port 33514","@timestamp":"2022-09-16T05:47:33.017Z"}
{"@timestamp":"2022-09-16T05:48:30.327Z","@version":"1","message":"Sep 16 05:48:29 honeypot-sgp-1 sshd[23579]: Connection closed by invalid user ubnt 179.60.147.69 port 5964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:49:36 honeypot-fra-1 sshd[20839]: Connection closed by invalid user ubnt 179.60.147.69 port 13874 [preauth]","@timestamp":"2022-09-16T05:49:36.730Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:51:46 honeypot-ams-1 sshd[30017]: Invalid user ubnt from 179.60.147.69 port 5518","@timestamp":"2022-09-16T05:51:47.124Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:02:15 honeypot-ams-1 kernel: [84184717.398471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11707 PROTO=TCP SPT=48003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:02:16.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:03:50 honeypot-fra-1 sshd[20846]: Received disconnect from 189.195.123.28 port 47139:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:03:51.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:08:50 honeypot-fra-1 sshd[20851]: Disconnected from authenticating user root 81.16.11.250 port 42468 [preauth]","@timestamp":"2022-09-16T06:08:51.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:08:53.828Z","@version":"1","message":"Sep 16 06:08:52 honeypot-sgp-1 sshd[23588]: Invalid user ftpuser from 92.255.85.69 port 39260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:13:14 honeypot-fra-1 sshd[20855]: Received disconnect from 147.182.235.17 port 38194:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:13:15.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:15:37 honeypot-ams-1 sshd[30034]: Received disconnect from 61.177.173.36 port 39017:11:  [preauth]","@timestamp":"2022-09-16T06:15:37.752Z"}
{"@timestamp":"2022-09-16T06:17:02.032Z","@version":"1","message":"Sep 16 06:17:01 honeypot-sgp-1 CRON[23595]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:18:31 honeypot-ams-1 sshd[30039]: Disconnected from invalid user ftpuser 92.255.85.69 port 38474 [preauth]","@timestamp":"2022-09-16T06:18:31.828Z"}
{"@timestamp":"2022-09-16T06:24:47.226Z","@version":"1","message":"Sep 16 06:24:46 honeypot-sgp-1 sshd[23602]: Invalid user test from 179.60.147.69 port 12478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:01 honeypot-fra-1 CRON[20862]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T06:25:01.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:54 honeypot-fra-1 sshd[20998]: Disconnected from invalid user ftpuser 92.255.85.69 port 40268 [preauth]","@timestamp":"2022-09-16T06:25:55.558Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:28:09 honeypot-ams-1 sshd[30835]: Invalid user test from 179.60.147.69 port 63146","@timestamp":"2022-09-16T06:28:10.103Z"}
{"@timestamp":"2022-09-16T06:28:41.349Z","@version":"1","message":"Sep 16 06:28:40 honeypot-sgp-1 sshd[23758]: Received disconnect from 38.143.137.90 port 49268:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:29:39.375Z","@version":"1","message":"Sep 16 06:29:39 honeypot-sgp-1 sshd[23762]: Received disconnect from 38.143.137.90 port 19628:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:30:38.403Z","@version":"1","message":"Sep 16 06:30:37 honeypot-sgp-1 sshd[23766]: Invalid user user from 38.143.137.90 port 35944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:31:09 honeypot-fra-1 sshd[21617]: Disconnected from invalid user leona 165.22.45.108 port 36204 [preauth]","@timestamp":"2022-09-16T06:31:09.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:09 honeypot-ams-1 sshd[30841]: Received disconnect from 80.76.51.46 port 46900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:31:10.184Z"}
{"@timestamp":"2022-09-16T06:31:37.429Z","@version":"1","message":"Sep 16 06:31:36 honeypot-sgp-1 sshd[24306]: Invalid user user from 38.143.137.90 port 8620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:38 honeypot-ams-1 sshd[30847]: Received disconnect from 80.76.51.46 port 58678:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:31:39.199Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:57 honeypot-ams-1 sshd[30853]: Received disconnect from 80.76.51.46 port 38360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:31:58.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:17 honeypot-ams-1 sshd[30857]: Disconnected from authenticating user root 80.76.51.46 port 46276 [preauth]","@timestamp":"2022-09-16T06:32:18.222Z"}
{"@timestamp":"2022-09-16T06:32:29.452Z","@version":"1","message":"Sep 16 06:32:28 honeypot-sgp-1 sshd[24313]: Received disconnect from 92.255.85.70 port 20148:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:49 honeypot-ams-1 sshd[30863]: Received disconnect from 80.76.51.46 port 58162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:32:50.238Z"}
{"@timestamp":"2022-09-16T06:33:07.470Z","@version":"1","message":"Sep 16 06:33:07 honeypot-sgp-1 sshd[24317]: Received disconnect from 38.143.137.90 port 44844:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:33:10 honeypot-ams-1 sshd[30868]: Received disconnect from 80.76.51.46 port 37842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:33:10.248Z"}
{"@timestamp":"2022-09-16T06:34:07.496Z","@version":"1","message":"Sep 16 06:34:07 honeypot-sgp-1 sshd[24322]: Received disconnect from 38.143.137.90 port 64484:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:35:07.526Z","@version":"1","message":"Sep 16 06:35:07 honeypot-sgp-1 sshd[24327]: Received disconnect from 38.143.137.90 port 23374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:36:08.554Z","@version":"1","message":"Sep 16 06:36:08 honeypot-sgp-1 sshd[24331]: Received disconnect from 38.143.137.90 port 21214:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:37:09.582Z","@version":"1","message":"Sep 16 06:37:09 honeypot-sgp-1 sshd[24335]: Received disconnect from 38.143.137.90 port 30118:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:38:11.612Z","@version":"1","message":"Sep 16 06:38:10 honeypot-sgp-1 sshd[24339]: Received disconnect from 38.143.137.90 port 32730:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:39:13.641Z","@version":"1","message":"Sep 16 06:39:13 honeypot-sgp-1 sshd[24344]: Received disconnect from 38.143.137.90 port 31496:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:39:27 honeypot-ams-1 sshd[30875]: Invalid user debian from 34.70.38.122 port 39654","@timestamp":"2022-09-16T06:39:27.410Z"}
{"@timestamp":"2022-09-16T06:40:17.670Z","@version":"1","message":"Sep 16 06:40:17 honeypot-sgp-1 sshd[24350]: Received disconnect from 38.143.137.90 port 63008:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:41:20.697Z","@version":"1","message":"Sep 16 06:41:20 honeypot-sgp-1 sshd[24354]: Disconnected from authenticating user root 38.143.137.90 port 50028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:42:11 honeypot-ams-1 sshd[30882]: Received disconnect from 92.255.85.70 port 58784:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:42:11.481Z"}
{"@timestamp":"2022-09-16T06:42:24.727Z","@version":"1","message":"Sep 16 06:42:24 honeypot-sgp-1 sshd[24360]: Received disconnect from 38.143.137.90 port 16682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:43:29.755Z","@version":"1","message":"Sep 16 06:43:29 honeypot-sgp-1 sshd[24364]: Disconnected from invalid user zkti 38.143.137.90 port 63586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:45:07.798Z","@version":"1","message":"Sep 16 06:45:07 honeypot-sgp-1 sshd[24371]: Received disconnect from 38.143.137.90 port 49922:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:45:58.822Z","@version":"1","message":"Sep 16 06:45:58 honeypot-sgp-1 sshd[24375]: Received disconnect from 43.155.83.218 port 44052:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:47:15.858Z","@version":"1","message":"Sep 16 06:47:15 honeypot-sgp-1 sshd[24381]: Received disconnect from 38.143.137.90 port 49124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:48:20.890Z","@version":"1","message":"Sep 16 06:48:20 honeypot-sgp-1 sshd[24385]: Disconnected from authenticating user root 38.143.137.90 port 5488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:49:25 honeypot-fra-1 sshd[21623]: Disconnected from authenticating user root 92.255.85.69 port 49158 [preauth]","@timestamp":"2022-09-16T06:49:26.103Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:49:29.921Z","@version":"1","message":"Sep 16 06:49:29 honeypot-sgp-1 sshd[24392]: Received disconnect from 190.115.208.250 port 38474:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:50:09.941Z","@version":"1","message":"Sep 16 06:50:09 honeypot-sgp-1 sshd[24397]: Disconnected from authenticating user root 61.177.173.50 port 30596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:51:42.983Z","@version":"1","message":"Sep 16 06:51:42 honeypot-sgp-1 sshd[24403]: Invalid user amax from 38.143.137.90 port 7764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:52:20 honeypot-ams-1 kernel: [84187722.218378] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18932 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:52:20.739Z"}
{"@timestamp":"2022-09-16T06:52:50.014Z","@version":"1","message":"Sep 16 06:52:49 honeypot-sgp-1 sshd[24407]: Disconnected from authenticating user root 38.143.137.90 port 12068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21636]: Connection closed by invalid user deployer 101.33.218.153 port 36331 [preauth]","@timestamp":"2022-09-16T06:53:54.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21637]: Connection closed by invalid user esuser 101.33.218.153 port 36291 [preauth]","@timestamp":"2022-09-16T06:53:54.208Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:54:29.076Z","@version":"1","message":"Sep 16 06:54:28 honeypot-sgp-1 sshd[24413]: Invalid user weblogic from 38.143.137.90 port 8006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:55:36.105Z","@version":"1","message":"Sep 16 06:55:35 honeypot-sgp-1 sshd[24418]: Disconnected from authenticating user root 38.143.137.90 port 21658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:19.126Z","@version":"1","message":"Sep 16 06:56:18 honeypot-sgp-1 sshd[24422]: Disconnected from invalid user tomcat 92.255.85.70 port 44692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:57:00.146Z","@version":"1","message":"Sep 16 06:56:59 honeypot-sgp-1 sshd[24428]: Received disconnect from 210.16.201.131 port 42210:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:57:17 honeypot-ams-1 kernel: [84188018.745279] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.25.54.5 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=4008 PROTO=TCP SPT=38989 DPT=80 WINDOW=12710 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:57:17.868Z"}
{"@timestamp":"2022-09-16T06:57:51.170Z","@version":"1","message":"Sep 16 06:57:50 honeypot-sgp-1 sshd[24432]: Received disconnect from 38.143.137.90 port 59306:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:58:58.202Z","@version":"1","message":"Sep 16 06:58:58 honeypot-sgp-1 sshd[24439]: Received disconnect from 38.143.137.90 port 47060:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:00:07.235Z","@version":"1","message":"Sep 16 07:00:06 honeypot-sgp-1 sshd[24445]: Received disconnect from 38.143.137.90 port 22708:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:01:03.262Z","@version":"1","message":"Sep 16 07:01:02 honeypot-sgp-1 sshd[24451]: Invalid user admin from 179.60.147.69 port 28170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:01:19 honeypot-ams-1 sshd[30902]: Disconnected from authenticating user root 61.177.173.51 port 31807 [preauth]","@timestamp":"2022-09-16T07:01:19.973Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:02:12 honeypot-fra-1 sshd[21667]: Connection closed by invalid user admin 179.60.147.69 port 57636 [preauth]","@timestamp":"2022-09-16T07:02:12.395Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:02:21.297Z","@version":"1","message":"Sep 16 07:02:20 honeypot-sgp-1 sshd[24457]: Received disconnect from 38.143.137.90 port 39884:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:03:30.329Z","@version":"1","message":"Sep 16 07:03:29 honeypot-sgp-1 sshd[24462]: Disconnected from invalid user jenkins 38.143.137.90 port 18376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:05:10.372Z","@version":"1","message":"Sep 16 07:05:09 honeypot-sgp-1 sshd[24470]: Received disconnect from 38.143.137.90 port 17746:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:05:34 honeypot-ams-1 sshd[30912]: Invalid user tomcat from 92.255.85.69 port 26420","@timestamp":"2022-09-16T07:05:35.083Z"}
{"@timestamp":"2022-09-16T07:06:18.403Z","@version":"1","message":"Sep 16 07:06:17 honeypot-sgp-1 sshd[24474]: Disconnected from invalid user smartmore 38.143.137.90 port 53212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:07:57.447Z","@version":"1","message":"Sep 16 07:07:56 honeypot-sgp-1 sshd[24480]: Received disconnect from 38.143.137.90 port 19738:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:09:04.478Z","@version":"1","message":"Sep 16 07:09:03 honeypot-sgp-1 sshd[24485]: Received disconnect from 38.143.137.90 port 20740:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:10:41.519Z","@version":"1","message":"Sep 16 07:10:40 honeypot-sgp-1 sshd[24494]: Received disconnect from 61.177.173.48 port 53144:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:11:16.537Z","@version":"1","message":"Sep 16 07:11:15 honeypot-sgp-1 sshd[24498]: Disconnected from invalid user hczh 38.143.137.90 port 17710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:11:42 honeypot-ams-1 sshd[30917]: Invalid user guest from 193.106.191.157 port 51662","@timestamp":"2022-09-16T07:11:43.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:12:30 honeypot-ams-1 sshd[30921]: Received disconnect from 61.177.173.36 port 59178:11:  [preauth]","@timestamp":"2022-09-16T07:12:31.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:12:36 honeypot-fra-1 sshd[21674]: Received disconnect from 84.2.226.70 port 34592:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:12:36.657Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:12:55.579Z","@version":"1","message":"Sep 16 07:12:55 honeypot-sgp-1 sshd[24505]: Received disconnect from 38.143.137.90 port 32852:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:14:01.609Z","@version":"1","message":"Sep 16 07:14:01 honeypot-sgp-1 sshd[24509]: Received disconnect from 38.143.137.90 port 15056:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:15:07.639Z","@version":"1","message":"Sep 16 07:15:07 honeypot-sgp-1 sshd[24513]: Disconnected from authenticating user root 38.143.137.90 port 61438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:16:11 honeypot-ams-1 kernel: [84189153.556927] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49090 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:16:12.374Z"}
{"@timestamp":"2022-09-16T07:16:46.682Z","@version":"1","message":"Sep 16 07:16:46 honeypot-sgp-1 sshd[24523]: Disconnected from authenticating user root 38.143.137.90 port 36214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:17:01 honeypot-fra-1 CRON[21679]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T07:17:02.758Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:17:53.712Z","@version":"1","message":"Sep 16 07:17:53 honeypot-sgp-1 sshd[24533]: Connection closed by invalid user admin 119.203.63.201 port 39670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:18:29.729Z","@version":"1","message":"Sep 16 07:18:29 honeypot-sgp-1 kernel: [84188815.548073] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.172.44.162 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=18198 DF PROTO=TCP SPT=53555 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:19:32.756Z","@version":"1","message":"Sep 16 07:19:32 honeypot-sgp-1 sshd[24539]: Disconnected from invalid user dami_ftp 38.143.137.90 port 51208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:20:15.776Z","@version":"1","message":"Sep 16 07:20:15 honeypot-sgp-1 sshd[24545]: Received disconnect from 92.255.85.69 port 39778:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:21:10.801Z","@version":"1","message":"Sep 16 07:21:10 honeypot-sgp-1 sshd[24550]: Disconnected from invalid user ystxiaojia 38.143.137.90 port 4416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:22:11 honeypot-ams-1 kernel: [84189513.049737] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.217.123.251 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=34834 DF PROTO=TCP SPT=18292 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:22:11.531Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:22:17 honeypot-fra-1 kernel: [84187351.984279] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=188.166.255.48 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18292 PROTO=TCP SPT=51684 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:22:17.881Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T07:22:50.844Z","@version":"1","message":"Sep 16 07:22:50 honeypot-sgp-1 sshd[24556]: Received disconnect from 38.143.137.90 port 8512:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:23:59.876Z","@version":"1","message":"Sep 16 07:23:58 honeypot-sgp-1 sshd[24562]: Received disconnect from 38.143.137.90 port 21746:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:24:54.902Z","@version":"1","message":"Sep 16 07:24:54 honeypot-sgp-1 sshd[24568]: Received disconnect from 61.177.172.124 port 18150:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:28:05 honeypot-ams-1 sshd[30959]: Received disconnect from 195.29.51.137 port 37114:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:28:05.684Z"}
{"@timestamp":"2022-09-16T07:29:24.014Z","@version":"1","message":"Sep 16 07:29:23 honeypot-sgp-1 kernel: [84189469.679348] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.166.255.48 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=30526 PROTO=TCP SPT=51684 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:34:33 honeypot-fra-1 sshd[21689]: Disconnected from authenticating user root 201.14.44.230 port 57800 [preauth]","@timestamp":"2022-09-16T07:34:34.221Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:37:51.221Z","@version":"1","message":"Sep 16 07:37:50 honeypot-sgp-1 sshd[24578]: Connection closed by invalid user debian 179.60.147.69 port 26948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:38:58 honeypot-fra-1 sshd[21693]: Connection closed by invalid user debian 179.60.147.69 port 4054 [preauth]","@timestamp":"2022-09-16T07:38:59.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:40:14 honeypot-fra-1 sshd[21700]: Invalid user david from 141.98.10.158 port 50738","@timestamp":"2022-09-16T07:40:15.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:41:10 honeypot-ams-1 sshd[30972]: Connection closed by invalid user debian 179.60.147.69 port 18126 [preauth]","@timestamp":"2022-09-16T07:41:11.020Z"}
{"@timestamp":"2022-09-16T07:43:35.361Z","@version":"1","message":"Sep 16 07:43:34 honeypot-sgp-1 sshd[24586]: Received disconnect from 92.255.85.69 port 53646:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:45:04 honeypot-fra-1 sshd[21705]: Disconnected from authenticating user root 94.23.27.28 port 51822 [preauth]","@timestamp":"2022-09-16T07:45:04.481Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:46:55 honeypot-ams-1 kernel: [84190997.324835] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.252.191.102 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=13672 PROTO=TCP SPT=26106 DPT=443 WINDOW=9394 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:46:56.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:52:48 honeypot-ams-1 sshd[30982]: Received disconnect from 92.255.85.69 port 48858:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:52:49.322Z"}
{"@timestamp":"2022-09-16T07:54:24.622Z","@version":"1","message":"Sep 16 07:54:24 honeypot-sgp-1 kernel: [84190970.552682] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.231.86 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57239 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:55:38 honeypot-fra-1 kernel: [84189352.694589] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49399 PROTO=TCP SPT=41629 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:55:38.726Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:55:41 honeypot-ams-1 kernel: [84191523.344926] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.69 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=40343 PROTO=TCP SPT=49547 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:55:42.399Z"}
{"@timestamp":"2022-09-16T07:56:51.685Z","@version":"1","message":"Sep 16 07:56:50 honeypot-sgp-1 sshd[24598]: Received disconnect from 45.61.184.204 port 41322:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:09.694Z","@version":"1","message":"Sep 16 07:57:09 honeypot-sgp-1 sshd[24602]: Received disconnect from 45.61.184.204 port 36188:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:27.702Z","@version":"1","message":"Sep 16 07:57:27 honeypot-sgp-1 sshd[24607]: Received disconnect from 45.61.184.204 port 59272:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:58:51.740Z","@version":"1","message":"Sep 16 07:58:50 honeypot-sgp-1 kernel: [84191236.943706] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=49118 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:02:23 honeypot-fra-1 kernel: [84189757.550880] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=110.138.22.17 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=7346 DF PROTO=TCP SPT=57012 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:02:23.878Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:06:02 honeypot-ams-1 sshd[30993]: Connection reset by 61.177.172.124 port 17919 [preauth]","@timestamp":"2022-09-16T08:06:03.666Z"}
{"@timestamp":"2022-09-16T08:07:13.966Z","@version":"1","message":"Sep 16 08:07:13 honeypot-sgp-1 sshd[24617]: Received disconnect from 92.255.85.69 port 25754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:07:55 honeypot-ams-1 kernel: [84192256.840128] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=55401 PROTO=TCP SPT=55085 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:07:55.721Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:10:31 honeypot-fra-1 sshd[21715]: Connection closed by invalid user dell 103.188.176.251 port 44414 [preauth]","@timestamp":"2022-09-16T08:10:32.062Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:12:35 honeypot-ams-1 kernel: [84192536.675366] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=18168 PROTO=TCP SPT=39449 DPT=80 WINDOW=5536 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:12:35.846Z"}
{"@timestamp":"2022-09-16T08:13:06.113Z","@version":"1","message":"Sep 16 08:13:05 honeypot-sgp-1 sshd[24620]: Received disconnect from 43.154.50.195 port 37226:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:16:01.187Z","@version":"1","message":"Sep 16 08:16:00 honeypot-sgp-1 sshd[24626]: Invalid user telsoft from 40.85.90.154 port 51546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:17:01 honeypot-ams-1 CRON[31009]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T08:17:01.977Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:17:01 honeypot-fra-1 CRON[21741]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T08:17:02.217Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T08:18:54.259Z","@version":"1","message":"Sep 16 08:18:54 honeypot-sgp-1 sshd[24633]: Received disconnect from 218.60.104.104 port 56108:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:19:50 honeypot-ams-1 sshd[31018]: Received disconnect from 61.177.173.36 port 28851:11:  [preauth]","@timestamp":"2022-09-16T08:19:51.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:20:15 honeypot-fra-1 kernel: [84190829.415911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39202 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:20:15.294Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T08:20:56.313Z","@version":"1","message":"Sep 16 08:20:55 honeypot-sgp-1 kernel: [84192561.898134] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=57495 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:22:50 honeypot-ams-1 kernel: [84193152.422905] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.108.64.122 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=6271 PROTO=TCP SPT=22050 DPT=443 WINDOW=38394 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:22:51.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:26:42 honeypot-ams-1 sshd[31025]: Received disconnect from 209.141.35.242 port 59486:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:26:43.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:29:18 honeypot-ams-1 sshd[31028]: Disconnected from invalid user roseline 45.135.165.165 port 44878 [preauth]","@timestamp":"2022-09-16T08:29:19.307Z"}
{"@timestamp":"2022-09-16T08:30:46.558Z","@version":"1","message":"Sep 16 08:30:46 honeypot-sgp-1 sshd[24663]: Received disconnect from 92.255.85.69 port 39422:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:31:29 honeypot-ams-1 kernel: [84193671.247828] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45582 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:31:30.370Z"}
{"@timestamp":"2022-09-16T08:33:18.622Z","@version":"1","message":"Sep 16 08:33:18 honeypot-sgp-1 sshd[24667]: Received disconnect from 59.162.182.20 port 42332:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:34:33.656Z","@version":"1","message":"Sep 16 08:34:33 honeypot-sgp-1 sshd[24673]: Invalid user zhouh from 52.163.248.162 port 43310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:34:35 honeypot-fra-1 kernel: [84191689.707184] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=40429 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:34:35.627Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:35:01 honeypot-ams-1 kernel: [84193883.104834] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.54 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=9220 PROTO=TCP SPT=49643 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:35:02.464Z"}
{"@timestamp":"2022-09-16T08:37:18.726Z","@version":"1","message":"Sep 16 08:37:17 honeypot-sgp-1 sshd[24678]: Disconnected from authenticating user root 61.177.173.49 port 39122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:44:38 honeypot-ams-1 kernel: [84194460.253890] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.238.17.14 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=13631 PROTO=TCP SPT=20201 DPT=80 WINDOW=26308 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:44:39.708Z"}
{"@timestamp":"2022-09-16T08:44:40.931Z","@version":"1","message":"Sep 16 08:44:40 honeypot-sgp-1 sshd[24685]: Disconnected from authenticating user root 61.177.172.114 port 32376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:50:19 honeypot-fra-1 kernel: [84192633.977602] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=3630 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:50:19.990Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:53:47 honeypot-ams-1 sshd[31074]: Invalid user blank from 179.60.147.69 port 13912","@timestamp":"2022-09-16T08:53:47.950Z"}
{"@timestamp":"2022-09-16T08:57:00.237Z","@version":"1","message":"Sep 16 08:56:59 honeypot-sgp-1 sshd[24696]: Disconnected from 61.177.173.48 port 38855 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:59:02 honeypot-ams-1 kernel: [84195324.106807] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14731 PROTO=TCP SPT=58560 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:59:03.093Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:59:55 honeypot-fra-1 sshd[21757]: Received disconnect from 157.245.98.161 port 47342:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:59:56.211Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:00:10.324Z","@version":"1","message":"Sep 16 09:00:10 honeypot-sgp-1 kernel: [84194916.213545] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17629 PROTO=TCP SPT=58560 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:02:55 honeypot-ams-1 sshd[31086]: Received disconnect from 124.82.111.218 port 59334:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:02:56.199Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:03:54 honeypot-ams-1 sshd[31091]: Invalid user user from 45.61.184.204 port 51900","@timestamp":"2022-09-16T09:03:55.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:04 honeypot-ams-1 sshd[31095]: Received disconnect from 92.255.85.69 port 44608:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:04:05.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:22 honeypot-ams-1 sshd[31099]: Received disconnect from 45.61.184.204 port 59344:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T09:04:23.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:40 honeypot-ams-1 sshd[31103]: Received disconnect from 45.61.184.204 port 54892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T09:04:41.254Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:10:14 honeypot-fra-1 sshd[21761]: Disconnected from invalid user leslie 165.22.45.108 port 51380 [preauth]","@timestamp":"2022-09-16T09:10:14.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:13:02 honeypot-ams-1 kernel: [84196164.232673] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.114.74.211 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=15533 PROTO=TCP SPT=43775 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:13:03.473Z"}
{"@timestamp":"2022-09-16T09:15:36.709Z","@version":"1","message":"Sep 16 09:15:36 honeypot-sgp-1 sshd[24707]: Received disconnect from 61.177.173.49 port 51826:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:17:01.747Z","@version":"1","message":"Sep 16 09:17:01 honeypot-sgp-1 CRON[24713]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:19:08 honeypot-fra-1 sshd[21769]: Invalid user guest from 193.106.191.157 port 37232","@timestamp":"2022-09-16T09:19:08.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:22:48 honeypot-fra-1 sshd[21774]: Received disconnect from 85.154.238.58 port 42342:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:22:49.731Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:22:51 honeypot-ams-1 sshd[31123]: Received disconnect from 49.88.112.114 port 37582:11:  [preauth]","@timestamp":"2022-09-16T09:22:51.724Z"}
{"@timestamp":"2022-09-16T09:26:45.986Z","@version":"1","message":"Sep 16 09:26:45 honeypot-sgp-1 sshd[24722]: Connection closed by invalid user blank 179.60.147.69 port 44120 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:27:14 honeypot-ams-1 sshd[31130]: Invalid user odoo from 92.255.85.69 port 31386","@timestamp":"2022-09-16T09:27:14.841Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:27:52 honeypot-fra-1 sshd[21779]: Connection closed by invalid user blank 179.60.147.69 port 58524 [preauth]","@timestamp":"2022-09-16T09:27:53.851Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:30:07.070Z","@version":"1","message":"Sep 16 09:30:07 honeypot-sgp-1 sshd[24728]: Received disconnect from 143.244.137.54 port 39336:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:31:25 honeypot-ams-1 kernel: [84197266.937637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=15.237.102.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=25506 PROTO=TCP SPT=28632 DPT=80 WINDOW=58432 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:31:25.949Z"}
{"@timestamp":"2022-09-16T09:31:32.109Z","@version":"1","message":"Sep 16 09:31:31 honeypot-sgp-1 kernel: [84196797.430494] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.124.168.230 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=43054 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:31:59.123Z","@version":"1","message":"Sep 16 09:31:58 honeypot-sgp-1 sshd[24738]: Invalid user user from 45.61.186.169 port 37666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:15.131Z","@version":"1","message":"Sep 16 09:32:14 honeypot-sgp-1 sshd[24742]: Invalid user user from 45.61.186.169 port 60324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:30.138Z","@version":"1","message":"Sep 16 09:32:30 honeypot-sgp-1 sshd[24746]: Invalid user user from 45.61.186.169 port 54758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:34:12 honeypot-fra-1 sshd[21786]: Disconnected from 218.92.0.200 port 10692 [preauth]","@timestamp":"2022-09-16T09:34:12.998Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:34:23.185Z","@version":"1","message":"Sep 16 09:34:22 honeypot-sgp-1 kernel: [84196968.477895] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57638 PROTO=TCP SPT=40841 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:36:39 honeypot-ams-1 sshd[31139]: Received disconnect from 61.177.173.39 port 58587:11:  [preauth]","@timestamp":"2022-09-16T09:36:40.087Z"}
{"@timestamp":"2022-09-16T09:40:04.330Z","@version":"1","message":"Sep 16 09:40:03 honeypot-sgp-1 sshd[24757]: Invalid user user from 45.61.186.49 port 53540","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:40:13.335Z","@version":"1","message":"Sep 16 09:40:12 honeypot-sgp-1 sshd[24761]: Invalid user user from 45.61.186.49 port 36704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:40:27.342Z","@version":"1","message":"Sep 16 09:40:27 honeypot-sgp-1 sshd[24765]: Disconnected from invalid user testuser 92.255.85.69 port 18858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:40:53 honeypot-fra-1 kernel: [84195667.339092] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.116.105.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=6919 PROTO=TCP SPT=44345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:40:53.153Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:42:40 honeypot-ams-1 sshd[31148]: Disconnected from authenticating user root 61.177.172.124 port 61005 [preauth]","@timestamp":"2022-09-16T09:42:41.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:49:42 honeypot-ams-1 sshd[31155]: Received disconnect from 61.177.173.35 port 16888:11:  [preauth]","@timestamp":"2022-09-16T09:49:43.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:53:50 honeypot-ams-1 sshd[31159]: Received disconnect from 61.177.172.19 port 31568:11:  [preauth]","@timestamp":"2022-09-16T09:53:51.541Z"}
{"@timestamp":"2022-09-16T09:54:51.695Z","@version":"1","message":"Sep 16 09:54:51 honeypot-sgp-1 sshd[24776]: Bad protocol version identification '' from 103.107.8.55 port 57426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:56:08 honeypot-ams-1 sshd[31166]: Received disconnect from 180.250.115.121 port 35171:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:56:09.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:57:56 honeypot-fra-1 sshd[21795]: Disconnected from invalid user testuser 92.255.85.70 port 46580 [preauth]","@timestamp":"2022-09-16T09:57:56.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:01:14.877Z","@version":"1","message":"Sep 16 10:01:14 honeypot-sgp-1 sshd[24780]: Received disconnect from 61.177.173.39 port 34519:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:01:44 honeypot-ams-1 sshd[31173]: Invalid user admin from 13.67.201.190 port 56392","@timestamp":"2022-09-16T10:01:45.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:03:16 honeypot-fra-1 sshd[21798]: Invalid user lesya from 165.22.45.108 port 56442","@timestamp":"2022-09-16T10:03:16.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:03:25 honeypot-ams-1 sshd[31177]: Received disconnect from 96.78.175.36 port 56018:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:03:25.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:04:25 honeypot-fra-1 kernel: [84197079.597505] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=11651 PROTO=TCP SPT=57740 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:04:25.708Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T10:04:26.957Z","@version":"1","message":"Sep 16 10:04:26 honeypot-sgp-1 sshd[24784]: Disconnected from invalid user admin 92.255.85.70 port 61262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:06:26 honeypot-ams-1 sshd[31180]: Connection closed by invalid user support 179.60.147.69 port 32404 [preauth]","@timestamp":"2022-09-16T10:06:26.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:14:43 honeypot-fra-1 kernel: [84197697.416232] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=37636 PROTO=TCP SPT=57505 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:14:43.944Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21820]: Invalid user ftpuser from 137.184.77.246 port 42044","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21811]: Invalid user admin from 137.184.77.246 port 41996","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21823]: Invalid user cloud from 137.184.77.246 port 42008","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21821]: Connection closed by invalid user pi 137.184.77.246 port 42048 [preauth]","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21811]: Connection closed by invalid user admin 137.184.77.246 port 41996 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21819]: Connection closed by invalid user user 137.184.77.246 port 41992 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21833]: Connection closed by invalid user test 137.184.77.246 port 42076 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21836]: Invalid user steam from 137.184.77.246 port 42054","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21834]: Connection closed by authenticating user root 137.184.77.246 port 42036 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:17:01 honeypot-fra-1 CRON[21875]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T10:17:02.000Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:17:01 honeypot-ams-1 CRON[31185]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T10:17:02.157Z"}
{"@timestamp":"2022-09-16T10:19:02.316Z","@version":"1","message":"Sep 16 10:19:02 honeypot-sgp-1 sshd[24793]: Invalid user super from 62.204.41.222 port 54470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:21:12 honeypot-fra-1 sshd[21879]: Disconnected from invalid user admin 92.255.85.69 port 33540 [preauth]","@timestamp":"2022-09-16T10:21:13.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:23:25.425Z","@version":"1","message":"Sep 16 10:23:25 honeypot-sgp-1 kernel: [84199911.329267] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=17475 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:24:57 honeypot-ams-1 sshd[31190]: Received disconnect from 165.227.196.229 port 58826:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:24:57.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:30:13 honeypot-fra-1 sshd[21885]: Invalid user te from 187.188.206.106 port 47856","@timestamp":"2022-09-16T10:30:13.306Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:31:19 honeypot-ams-1 kernel: [84200861.409225] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=47553 PROTO=TCP SPT=63106 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:31:20.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:29 honeypot-fra-1 sshd[21887]: Did not receive identification string from 137.184.77.246 port 37824","@timestamp":"2022-09-16T10:32:30.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21910]: Invalid user www from 137.184.77.246 port 37850","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21907]: Invalid user chia from 137.184.77.246 port 37838","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21902]: Invalid user testuser from 137.184.77.246 port 37836","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21899]: Connection closed by authenticating user root 137.184.77.246 port 37862 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21920]: Connection closed by invalid user ubuntu 137.184.77.246 port 37828 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21903]: Connection closed by invalid user es 137.184.77.246 port 37864 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21902]: Connection closed by invalid user testuser 137.184.77.246 port 37836 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21900]: Connection closed by invalid user devops 137.184.77.246 port 37866 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:34:34 honeypot-ams-1 sshd[31199]: Invalid user user1 from 103.188.176.251 port 54078","@timestamp":"2022-09-16T10:34:34.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:36:15 honeypot-ams-1 sshd[31207]: Received disconnect from 134.122.123.117 port 48774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:36:15.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:37:12 honeypot-ams-1 sshd[31212]: Disconnected from authenticating user root 92.255.85.70 port 56098 [preauth]","@timestamp":"2022-09-16T10:37:12.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:38:26 honeypot-ams-1 sshd[31218]: Received disconnect from 134.122.123.117 port 41540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:38:26.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:38:37 honeypot-fra-1 sshd[21952]: Invalid user user1 from 103.188.176.251 port 45400","@timestamp":"2022-09-16T10:38:37.501Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:39:13.807Z","@version":"1","message":"Sep 16 10:39:12 honeypot-sgp-1 sshd[24805]: Invalid user test from 179.60.147.69 port 45880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:39:32 honeypot-ams-1 sshd[31222]: Received disconnect from 134.122.123.117 port 38016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:39:32.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:40:26 honeypot-fra-1 sshd[21959]: Invalid user facturacion from 51.12.81.43 port 50212","@timestamp":"2022-09-16T10:40:27.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:40:38 honeypot-ams-1 sshd[31226]: Received disconnect from 134.122.123.117 port 34250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:40:39.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:41:44 honeypot-ams-1 sshd[31230]: Invalid user odoo from 134.122.123.117 port 58856","@timestamp":"2022-09-16T10:41:45.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:42:32 honeypot-ams-1 sshd[31235]: Invalid user test from 179.60.147.69 port 38372","@timestamp":"2022-09-16T10:42:32.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:43:21 honeypot-ams-1 sshd[31239]: Received disconnect from 134.122.123.117 port 53398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:43:22.895Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:44:26 honeypot-ams-1 sshd[31243]: Received disconnect from 134.122.123.117 port 49794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:44:26.924Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:45:30 honeypot-ams-1 sshd[31247]: Received disconnect from 134.122.123.117 port 46148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:45:30.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:46:36 honeypot-ams-1 sshd[31251]: Invalid user ftpadmin from 134.122.123.117 port 42456","@timestamp":"2022-09-16T10:46:36.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:47:42 honeypot-ams-1 sshd[31256]: Invalid user svn from 134.122.123.117 port 38892","@timestamp":"2022-09-16T10:47:43.021Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:48:02 honeypot-fra-1 kernel: [84199696.268808] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=47052 PROTO=TCP SPT=42107 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:48:02.723Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:48:15 honeypot-ams-1 sshd[31258]: Disconnected from invalid user student 134.122.123.117 port 36996 [preauth]","@timestamp":"2022-09-16T10:48:16.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:49:20 honeypot-ams-1 sshd[31262]: Disconnected from invalid user weblogic 134.122.123.117 port 33406 [preauth]","@timestamp":"2022-09-16T10:49:21.068Z"}
{"@timestamp":"2022-09-16T10:51:19.103Z","@version":"1","message":"Sep 16 10:51:18 honeypot-sgp-1 kernel: [84201584.158250] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38673 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:56:06 honeypot-ams-1 kernel: [84202348.288574] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3178 PROTO=TCP SPT=45348 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:56:07.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:58:42 honeypot-fra-1 kernel: [84200336.212832] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29466 PROTO=TCP SPT=45348 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:58:42.966Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T10:59:07.297Z","@version":"1","message":"Sep 16 10:59:06 honeypot-sgp-1 kernel: [84202052.758522] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45074 PROTO=TCP SPT=45348 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:00:31 honeypot-ams-1 sshd[31270]: Disconnected from authenticating user root 92.255.85.69 port 52986 [preauth]","@timestamp":"2022-09-16T11:00:31.360Z"}
{"@timestamp":"2022-09-16T11:04:50.440Z","@version":"1","message":"Sep 16 11:04:49 honeypot-sgp-1 sshd[24818]: Received disconnect from 20.44.152.59 port 36338:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:07:54 honeypot-fra-1 sshd[21971]: Received disconnect from 92.255.85.70 port 60738:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:07:55.174Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:12:19 honeypot-ams-1 kernel: [84203320.951416] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.200 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=56317 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:12:19.659Z"}
{"@timestamp":"2022-09-16T11:14:43.677Z","@version":"1","message":"Sep 16 11:14:42 honeypot-sgp-1 sshd[24823]: Disconnected from authenticating user root 92.255.85.69 port 56418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:17:01 honeypot-fra-1 CRON[21976]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T11:17:02.383Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:18:48.778Z","@version":"1","message":"Sep 16 11:18:48 honeypot-sgp-1 kernel: [84203234.308803] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=53610 PROTO=TCP SPT=54634 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:21:55 honeypot-ams-1 kernel: [84203897.135286] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=52121 PROTO=TCP SPT=44104 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:21:55.924Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:27:23 honeypot-fra-1 sshd[21983]: Invalid user csgoserver from 190.128.230.98 port 59204","@timestamp":"2022-09-16T11:27:23.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:28:38 honeypot-ams-1 sshd[31286]: Invalid user nicolas from 161.82.233.183 port 45902","@timestamp":"2022-09-16T11:28:39.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:29:07 honeypot-fra-1 sshd[21986]: Disconnected from invalid user winmateltd 144.34.133.122 port 50626 [preauth]","@timestamp":"2022-09-16T11:29:08.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:30:15 honeypot-fra-1 kernel: [84202229.956865] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=46174 PROTO=TCP SPT=47803 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:30:16.694Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T11:30:24.059Z","@version":"1","message":"Sep 16 11:30:23 honeypot-sgp-1 kernel: [84203929.360231] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.251.137.117 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54844 PROTO=TCP SPT=52894 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:30:54 honeypot-ams-1 kernel: [84204436.224251] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=18113 PROTO=TCP SPT=47803 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:30:55.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:35:40 honeypot-fra-1 sshd[21997]: Invalid user mts from 91.240.118.222 port 59838","@timestamp":"2022-09-16T11:35:40.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:40:06.296Z","@version":"1","message":"Sep 16 11:40:05 honeypot-sgp-1 kernel: [84204511.224111] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.169.113.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=830 PROTO=TCP SPT=47916 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:41:49 honeypot-fra-1 sshd[22000]: Received disconnect from 113.200.81.41 port 2411:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:41:49.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:42:09 honeypot-ams-1 sshd[31366]: Invalid user aaag from 61.80.56.252 port 44782","@timestamp":"2022-09-16T11:42:09.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:48:08 honeypot-ams-1 sshd[31369]: Disconnected from authenticating user root 92.255.85.70 port 43376 [preauth]","@timestamp":"2022-09-16T11:48:09.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:11 honeypot-fra-1 sshd[22003]: Did not receive identification string from 45.61.186.169 port 43932","@timestamp":"2022-09-16T11:51:12.176Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:32 honeypot-fra-1 sshd[22006]: Disconnected from invalid user user 45.61.186.169 port 42694 [preauth]","@timestamp":"2022-09-16T11:51:33.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:50 honeypot-fra-1 sshd[22010]: Received disconnect from 45.61.186.169 port 37488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T11:51:50.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:52:06 honeypot-fra-1 sshd[22014]: Received disconnect from 45.61.186.169 port 60410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T11:52:07.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:52:33.596Z","@version":"1","message":"Sep 16 11:52:32 honeypot-sgp-1 sshd[24844]: Connection closed by invalid user user 179.60.147.69 port 64418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:53:44 honeypot-fra-1 sshd[22019]: Connection closed by invalid user user 179.60.147.69 port 10138 [preauth]","@timestamp":"2022-09-16T11:53:44.244Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:56:02 honeypot-ams-1 sshd[31372]: Connection closed by invalid user user 179.60.147.69 port 34756 [preauth]","@timestamp":"2022-09-16T11:56:02.856Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:57:31 honeypot-fra-1 sshd[22025]: Received disconnect from 165.22.45.108 port 38462:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T11:57:32.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:01:28.814Z","@version":"1","message":"Sep 16 12:01:28 honeypot-sgp-1 sshd[24849]: Invalid user oracle from 159.65.43.192 port 54194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:03:51 honeypot-fra-1 kernel: [84204245.006827] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=45464 PROTO=TCP SPT=49730 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:03:51.482Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:04:00.875Z","@version":"1","message":"Sep 16 12:04:00 honeypot-sgp-1 sshd[24854]: Received disconnect from 20.230.177.106 port 48430:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:06:00 honeypot-fra-1 sshd[22035]: Invalid user admin from 159.203.178.0 port 48134","@timestamp":"2022-09-16T12:06:00.535Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:12 honeypot-ams-1 sshd[31376]: Invalid user user from 45.61.187.160 port 56184","@timestamp":"2022-09-16T12:06:13.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:33 honeypot-ams-1 sshd[31380]: Invalid user user from 45.61.187.160 port 50178","@timestamp":"2022-09-16T12:06:34.142Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:52 honeypot-ams-1 sshd[31384]: Invalid user user from 45.61.187.160 port 44156","@timestamp":"2022-09-16T12:06:53.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:07:09 honeypot-ams-1 sshd[31388]: Invalid user user from 45.61.187.160 port 38150","@timestamp":"2022-09-16T12:07:09.159Z"}
{"@timestamp":"2022-09-16T12:08:39.987Z","@version":"1","message":"Sep 16 12:08:39 honeypot-sgp-1 sshd[24859]: Received disconnect from 207.154.229.107 port 43372:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:10:58.048Z","@version":"1","message":"Sep 16 12:10:57 honeypot-sgp-1 sshd[24865]: Invalid user testing from 45.126.184.170 port 45806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:14:53 honeypot-fra-1 kernel: [84204907.528695] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.229.61.193 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=60287 PROTO=TCP SPT=55785 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:14:53.738Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:17:01.193Z","@version":"1","message":"Sep 16 12:17:01 honeypot-sgp-1 CRON[24869]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:17:01 honeypot-ams-1 CRON[31394]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T12:17:02.414Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:19:07 honeypot-ams-1 kernel: [84207329.272815] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.124.168.230 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=251 ID=54321 PROTO=TCP SPT=34220 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:19:08.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:19:33 honeypot-fra-1 sshd[22046]: Disconnected from authenticating user root 190.247.112.114 port 47860 [preauth]","@timestamp":"2022-09-16T12:19:34.847Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:23:19 honeypot-ams-1 sshd[31402]: Received disconnect from 103.27.236.73 port 52216:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:23:20.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:23:33 honeypot-fra-1 sshd[22050]: Received disconnect from 165.227.166.247 port 44602:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:23:33.940Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:25:59.437Z","@version":"1","message":"Sep 16 12:25:58 honeypot-sgp-1 kernel: [84207264.296891] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=69.164.208.135 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=1916 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:29:49 honeypot-fra-1 sshd[22055]: Invalid user admin from 177.184.133.130 port 58132","@timestamp":"2022-09-16T12:29:50.081Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:31:46.580Z","@version":"1","message":"Sep 16 12:31:46 honeypot-sgp-1 sshd[24884]: Received disconnect from 187.141.135.181 port 55252:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:31:58 honeypot-ams-1 kernel: [84208100.236941] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:31:59.804Z"}
{"@timestamp":"2022-09-16T12:33:09.616Z","@version":"1","message":"Sep 16 12:33:08 honeypot-sgp-1 sshd[24888]: Connection closed by invalid user admin 128.199.160.207 port 21302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:33:09.616Z","@version":"1","message":"Sep 16 12:33:08 honeypot-sgp-1 sshd[24894]: Connection closed by invalid user admin 128.199.160.207 port 21334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:33:13 honeypot-fra-1 sshd[22060]: Invalid user ace from 104.248.251.225 port 45234","@timestamp":"2022-09-16T12:33:14.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:34:30 honeypot-fra-1 kernel: [84206084.607288] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=58308 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:34:31.192Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:37:03 honeypot-ams-1 kernel: [84208405.308666] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=145.40.96.68 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=35233 PROTO=TCP SPT=48349 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:37:03.939Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:38:25 honeypot-fra-1 sshd[22067]: Disconnected from invalid user trajano 103.133.36.6 port 54000 [preauth]","@timestamp":"2022-09-16T12:38:26.282Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:44:53 honeypot-fra-1 kernel: [84206707.722131] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=45726 PROTO=TCP SPT=56732 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:44:54.431Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:47:03.958Z","@version":"1","message":"Sep 16 12:47:02 honeypot-sgp-1 sshd[24902]: Received disconnect from 45.61.186.249 port 45176:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:22.967Z","@version":"1","message":"Sep 16 12:47:22 honeypot-sgp-1 sshd[24906]: Received disconnect from 45.61.186.249 port 39304:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:40.975Z","@version":"1","message":"Sep 16 12:47:40 honeypot-sgp-1 sshd[24910]: Received disconnect from 45.61.186.249 port 33442:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:57.984Z","@version":"1","message":"Sep 16 12:47:57 honeypot-sgp-1 sshd[24914]: Invalid user user from 45.61.186.249 port 55802","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:52:16 honeypot-ams-1 kernel: [84209318.206837] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=21606 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:52:17.343Z"}
{"@timestamp":"2022-09-16T12:52:56.107Z","@version":"1","message":"Sep 16 12:52:55 honeypot-sgp-1 kernel: [84208881.454846] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.166 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=25655 PROTO=TCP SPT=41914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:53:03 honeypot-fra-1 kernel: [84207197.698262] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=14853 PROTO=TCP SPT=52745 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:53:04.620Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:02:26 honeypot-fra-1 sshd[22082]: Received disconnect from 197.5.145.87 port 52633:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:02:26.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:04:43 honeypot-ams-1 kernel: [84210064.799378] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=187.181.192.231 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=55887 PROTO=TCP SPT=16833 DPT=443 WINDOW=35601 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:04:43.655Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22091]: Invalid user admin from 57.128.11.39 port 57406","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22091]: Connection closed by invalid user admin 57.128.11.39 port 57406 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22097]: Invalid user admin from 57.128.11.39 port 57450","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22098]: Connection closed by authenticating user root 57.128.11.39 port 57474 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22100]: Connection closed by invalid user admin 57.128.11.39 port 57478 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22106]: Connection closed by authenticating user root 57.128.11.39 port 57404 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22112]: Invalid user kafka from 57.128.11.39 port 57420","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22119]: Invalid user oracle from 57.128.11.39 port 57482","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22119]: Connection closed by invalid user oracle 57.128.11.39 port 57482 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:03 honeypot-fra-1 sshd[22149]: Connection closed by invalid user centos 57.128.11.39 port 57434 [preauth]","@timestamp":"2022-09-16T13:05:03.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:06:04.435Z","@version":"1","message":"Sep 16 13:06:04 honeypot-sgp-1 kernel: [84209670.204802] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.14.114.187 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=53549 DF PROTO=TCP SPT=45266 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:11:10.565Z","@version":"1","message":"Sep 16 13:11:10 honeypot-sgp-1 kernel: [84209975.936427] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=142.147.97.169 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=55501 PROTO=TCP SPT=48905 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:14:46 honeypot-fra-1 kernel: [84208500.282186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=5555 PROTO=TCP SPT=48891 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:14:47.135Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T13:15:04.664Z","@version":"1","message":"Sep 16 13:15:04 honeypot-sgp-1 kernel: [84210209.872603] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=35685 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:18:56 honeypot-ams-1 kernel: [84210918.153243] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.19 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47926 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:18:57.016Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:20:58 honeypot-ams-1 sshd[31429]: Received disconnect from 91.240.118.222 port 27492:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-16T13:20:59.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:21:54 honeypot-fra-1 sshd[22163]: Received disconnect from 185.126.8.102 port 51344:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:21:55.298Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:25:39 honeypot-ams-1 kernel: [84211321.047092] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.66.209.55 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=12007 PROTO=TCP SPT=35389 DPT=443 WINDOW=41201 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:25:40.193Z"}
{"@timestamp":"2022-09-16T13:26:30.948Z","@version":"1","message":"Sep 16 13:26:30 honeypot-sgp-1 sshd[24936]: Received disconnect from 75.188.17.172 port 39704:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:30:11.041Z","@version":"1","message":"Sep 16 13:30:10 honeypot-sgp-1 sshd[24942]: Disconnected from authenticating user root 193.142.146.50 port 34842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:30:44 honeypot-ams-1 sshd[31437]: Received disconnect from 203.218.247.74 port 52102:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:30:45.326Z"}
{"@timestamp":"2022-09-16T13:31:31.079Z","@version":"1","message":"Sep 16 13:31:30 honeypot-sgp-1 kernel: [84211196.528327] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59924 PROTO=TCP SPT=49868 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:31:50 honeypot-ams-1 sshd[31441]: Disconnected from authenticating user root 202.88.244.36 port 45496 [preauth]","@timestamp":"2022-09-16T13:31:50.356Z"}
{"@timestamp":"2022-09-16T13:34:00.145Z","@version":"1","message":"Sep 16 13:34:00 honeypot-sgp-1 sshd[24952]: Disconnected from authenticating user root 193.142.146.50 port 33166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:35:48.208Z","@version":"1","message":"Sep 16 13:35:47 honeypot-sgp-1 sshd[24959]: Received disconnect from 92.255.85.70 port 45166:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:43:54 honeypot-ams-1 kernel: [84212415.452900] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=14.21.203.146 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24826 DF PROTO=TCP SPT=54304 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:43:54.664Z"}
{"@timestamp":"2022-09-16T13:44:10.444Z","@version":"1","message":"Sep 16 13:44:09 honeypot-sgp-1 sshd[24964]: Invalid user guest from 179.60.147.69 port 21242","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:45:19 honeypot-fra-1 sshd[22171]: Invalid user guest from 179.60.147.69 port 55092","@timestamp":"2022-09-16T13:45:19.825Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:45:29 honeypot-ams-1 sshd[31449]: Received disconnect from 208.109.34.15 port 43624:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:45:29.708Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:49:06 honeypot-ams-1 kernel: [84212727.507628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=19479 DF PROTO=TCP SPT=45940 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:49:06.804Z"}
{"@timestamp":"2022-09-16T13:50:29.612Z","@version":"1","message":"Sep 16 13:50:28 honeypot-sgp-1 kernel: [84212334.632662] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=62307 PROTO=TCP SPT=46763 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:52:09 honeypot-fra-1 sshd[22174]: Invalid user remote from 92.255.85.70 port 55650","@timestamp":"2022-09-16T13:52:09.984Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:53:18 honeypot-ams-1 kernel: [84212979.748044] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=35551 PROTO=TCP SPT=55923 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:53:18.914Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:54:12 honeypot-fra-1 kernel: [84210865.722856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.156.91.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=29120 PROTO=TCP SPT=52545 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:54:13.032Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:55:34 honeypot-ams-1 sshd[31462]: Connection closed by invalid user pi 73.173.30.173 port 58072 [preauth]","@timestamp":"2022-09-16T13:55:34.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:57:19 honeypot-fra-1 sshd[22181]: Disconnected from invalid user adeline 137.184.1.35 port 33682 [preauth]","@timestamp":"2022-09-16T13:57:20.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:57:49 honeypot-ams-1 kernel: [84213250.622006] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=36880 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:57:50.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:58:23 honeypot-ams-1 sshd[31471]: Disconnected from invalid user tomaso 49.2.90.24 port 41408 [preauth]","@timestamp":"2022-09-16T13:58:24.063Z"}
{"@timestamp":"2022-09-16T13:59:09.826Z","@version":"1","message":"Sep 16 13:59:08 honeypot-sgp-1 sshd[24969]: Disconnected from authenticating user root 92.255.85.69 port 27804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:01:28 honeypot-ams-1 sshd[31475]: Disconnected from invalid user shandi 45.7.119.3 port 11234 [preauth]","@timestamp":"2022-09-16T14:01:29.146Z"}
{"@timestamp":"2022-09-16T14:02:09.905Z","@version":"1","message":"Sep 16 14:02:09 honeypot-sgp-1 sshd[24974]: Disconnected from invalid user user 45.61.184.204 port 40652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:28.916Z","@version":"1","message":"Sep 16 14:02:28 honeypot-sgp-1 sshd[24980]: Received disconnect from 45.61.184.204 port 35476:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:47.926Z","@version":"1","message":"Sep 16 14:02:47 honeypot-sgp-1 sshd[24984]: Received disconnect from 45.61.184.204 port 58538:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:03:04.935Z","@version":"1","message":"Sep 16 14:03:04 honeypot-sgp-1 sshd[24988]: Received disconnect from 45.61.184.204 port 53404:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:04:47 honeypot-fra-1 sshd[22253]: Disconnected from invalid user wangjianxiong 31.186.48.216 port 39480 [preauth]","@timestamp":"2022-09-16T14:04:48.272Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:04:56 honeypot-ams-1 sshd[31480]: Connection closed by invalid user admin 59.27.98.103 port 41118 [preauth]","@timestamp":"2022-09-16T14:04:57.238Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:07:23 honeypot-fra-1 sshd[22257]: Disconnected from invalid user stefan 203.190.55.203 port 56852 [preauth]","@timestamp":"2022-09-16T14:07:24.334Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:08:14 honeypot-ams-1 sshd[31484]: Disconnected from authenticating user root 92.255.85.69 port 17820 [preauth]","@timestamp":"2022-09-16T14:08:15.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:12:32 honeypot-ams-1 sshd[31489]: Disconnected from invalid user wss 70.35.202.246 port 37958 [preauth]","@timestamp":"2022-09-16T14:12:33.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:17:01 honeypot-fra-1 CRON[22265]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T14:17:02.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:17:40.316Z","@version":"1","message":"Sep 16 14:17:39 honeypot-sgp-1 kernel: [84213965.168988] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54587 PROTO=TCP SPT=49605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:22:34 honeypot-ams-1 kernel: [84214735.896875] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=18715 PROTO=TCP SPT=41144 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:22:34.689Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:24:35 honeypot-fra-1 sshd[22274]: Invalid user database from 103.45.69.246 port 55712","@timestamp":"2022-09-16T14:24:35.743Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:30:29 honeypot-ams-1 kernel: [84215210.786542] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=12707 PROTO=TCP SPT=58608 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:30:29.905Z"}
{"@timestamp":"2022-09-16T14:30:37.644Z","@version":"1","message":"Sep 16 14:30:37 honeypot-sgp-1 kernel: [84214743.267350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=42390 PROTO=TCP SPT=58608 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:34:00 honeypot-fra-1 kernel: [84213253.840784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=4876 PROTO=TCP SPT=53580 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:34:00.957Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:43:34 honeypot-ams-1 kernel: [84215995.914427] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.0.216.6 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=14985 PROTO=TCP SPT=12827 DPT=80 WINDOW=30703 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:43:35.250Z"}
{"@timestamp":"2022-09-16T14:45:42.019Z","@version":"1","message":"Sep 16 14:45:41 honeypot-sgp-1 sshd[25440]: Received disconnect from 92.255.85.70 port 18668:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:47:06 honeypot-fra-1 kernel: [84214039.831115] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35161 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:47:07.269Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:48:55 honeypot-ams-1 sshd[31514]: Invalid user guest from 193.106.191.157 port 56240","@timestamp":"2022-09-16T14:48:55.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:51:52 honeypot-fra-1 sshd[22289]: Did not receive identification string from 134.209.155.186 port 61000","@timestamp":"2022-09-16T14:51:52.392Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:57:50 honeypot-fra-1 sshd[22293]: Connection closed by authenticating user root 179.60.147.69 port 12358 [preauth]","@timestamp":"2022-09-16T14:57:51.529Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:59:09.364Z","@version":"1","message":"Sep 16 14:59:08 honeypot-sgp-1 sshd[25447]: Invalid user admin from 157.230.47.155 port 57096","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:59:09.364Z","@version":"1","message":"Sep 16 14:59:08 honeypot-sgp-1 sshd[25453]: Invalid user admin from 157.230.47.155 port 57118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:00:01 honeypot-ams-1 sshd[31520]: Connection closed by authenticating user root 179.60.147.69 port 45774 [preauth]","@timestamp":"2022-09-16T15:00:02.677Z"}
{"@timestamp":"2022-09-16T15:04:41.503Z","@version":"1","message":"Sep 16 15:04:40 honeypot-sgp-1 sshd[25458]: Invalid user zk from 111.67.197.134 port 43248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:09:12 honeypot-fra-1 kernel: [84215366.424046] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=59956 PROTO=TCP SPT=40403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:09:13.785Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:09:17.617Z","@version":"1","message":"Sep 16 15:09:16 honeypot-sgp-1 kernel: [84217062.517672] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.172.23.207 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=12899 PROTO=TCP SPT=9255 DPT=80 WINDOW=51666 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:11:53.685Z","@version":"1","message":"Sep 16 15:11:53 honeypot-sgp-1 sshd[25467]: Invalid user admin from 31.184.198.71 port 33091","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:20.700Z","@version":"1","message":"Sep 16 15:12:20 honeypot-sgp-1 sshd[25473]: Invalid user admin from 31.184.198.71 port 9705","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:45.711Z","@version":"1","message":"Sep 16 15:12:45 honeypot-sgp-1 sshd[25479]: Invalid user aerohive from 31.184.198.71 port 41408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:13.726Z","@version":"1","message":"Sep 16 15:13:13 honeypot-sgp-1 sshd[25485]: Invalid user private from 31.184.198.71 port 19229","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:13:32 honeypot-ams-1 kernel: [84217794.246002] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51876 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:13:33.029Z"}
{"@timestamp":"2022-09-16T15:13:38.739Z","@version":"1","message":"Sep 16 15:13:38 honeypot-sgp-1 sshd[25491]: Disconnecting invalid user Admin 31.184.198.71 port 42448: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:02.751Z","@version":"1","message":"Sep 16 15:14:02 honeypot-sgp-1 sshd[25497]: Disconnecting invalid user user 31.184.198.71 port 5639: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:14:34 honeypot-fra-1 sshd[22300]: Received disconnect from 159.223.172.195 port 36076:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:14:34.905Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:14:37.770Z","@version":"1","message":"Sep 16 15:14:37 honeypot-sgp-1 sshd[25506]: Invalid user admin from 31.184.198.71 port 41919","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:05.784Z","@version":"1","message":"Sep 16 15:15:05 honeypot-sgp-1 sshd[25512]: Disconnecting authenticating user root 31.184.198.71 port 26253: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:38.801Z","@version":"1","message":"Sep 16 15:15:38 honeypot-sgp-1 sshd[25518]: Disconnecting invalid user cisco 31.184.198.71 port 8156: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:13.821Z","@version":"1","message":"Sep 16 15:16:13 honeypot-sgp-1 sshd[25526]: Invalid user Administrator from 31.184.198.71 port 53026","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:46.837Z","@version":"1","message":"Sep 16 15:16:46 honeypot-sgp-1 sshd[25532]: Invalid user sti.admin5 from 31.184.198.71 port 48724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:59.844Z","@version":"1","message":"Sep 16 15:16:59 honeypot-sgp-1 sshd[25534]: Disconnected from invalid user glavbuh 20.27.34.22 port 56260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:12.851Z","@version":"1","message":"Sep 16 15:17:12 honeypot-sgp-1 sshd[25543]: Disconnecting invalid user zhone 31.184.198.71 port 63545: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:46.868Z","@version":"1","message":"Sep 16 15:17:46 honeypot-sgp-1 sshd[25551]: Invalid user admin from 31.184.198.71 port 60244","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:18:15.883Z","@version":"1","message":"Sep 16 15:18:15 honeypot-sgp-1 sshd[25557]: Invalid user cusadmin from 31.184.198.71 port 20260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:18:45 honeypot-ams-1 sshd[31532]: Received disconnect from 147.182.180.116 port 49536:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:18:46.164Z"}
{"@timestamp":"2022-09-16T15:18:48.899Z","@version":"1","message":"Sep 16 15:18:48 honeypot-sgp-1 sshd[25563]: Invalid user lgnortel from 31.184.198.71 port 28215","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:18:48 honeypot-fra-1 sshd[22308]: Connection closed by invalid user guest 193.106.191.157 port 37168 [preauth]","@timestamp":"2022-09-16T15:18:49.004Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:19:17.914Z","@version":"1","message":"Sep 16 15:19:17 honeypot-sgp-1 sshd[25569]: Invalid user admin from 31.184.198.71 port 1192","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:39.926Z","@version":"1","message":"Sep 16 15:19:39 honeypot-sgp-1 sshd[25575]: Invalid user matrix from 31.184.198.71 port 43996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:09.941Z","@version":"1","message":"Sep 16 15:20:09 honeypot-sgp-1 sshd[25582]: Invalid user motorola from 31.184.198.71 port 7091","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:32.952Z","@version":"1","message":"Sep 16 15:20:32 honeypot-sgp-1 sshd[25588]: Disconnecting authenticating user root 31.184.198.71 port 51694: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:56.965Z","@version":"1","message":"Sep 16 15:20:56 honeypot-sgp-1 sshd[25594]: Disconnecting invalid user 0 31.184.198.71 port 5702: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:17.976Z","@version":"1","message":"Sep 16 15:21:17 honeypot-sgp-1 sshd[25600]: Disconnecting invalid user admin 31.184.198.71 port 45156: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:45.990Z","@version":"1","message":"Sep 16 15:21:45 honeypot-sgp-1 sshd[25606]: Disconnecting invalid user Broadcom 31.184.198.71 port 51744: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:18.007Z","@version":"1","message":"Sep 16 15:22:17 honeypot-sgp-1 sshd[25612]: Disconnecting invalid user cusadmin 31.184.198.71 port 37828: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:43.019Z","@version":"1","message":"Sep 16 15:22:42 honeypot-sgp-1 sshd[25618]: Disconnecting invalid user sweex 31.184.198.71 port 54125: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:12.035Z","@version":"1","message":"Sep 16 15:23:11 honeypot-sgp-1 sshd[25624]: Disconnecting invalid user  31.184.198.71 port 17575: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:33.045Z","@version":"1","message":"Sep 16 15:23:33 honeypot-sgp-1 sshd[25630]: Disconnecting invalid user ubnt 31.184.198.71 port 5270: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:12.065Z","@version":"1","message":"Sep 16 15:24:11 honeypot-sgp-1 sshd[25638]: Invalid user amdin from 31.184.198.71 port 7021","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:42.080Z","@version":"1","message":"Sep 16 15:24:41 honeypot-sgp-1 sshd[25644]: Invalid user admin from 31.184.198.71 port 25610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:10.095Z","@version":"1","message":"Sep 16 15:25:09 honeypot-sgp-1 sshd[25651]: Invalid user admin from 31.184.198.71 port 32895","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:42.112Z","@version":"1","message":"Sep 16 15:25:41 honeypot-sgp-1 sshd[25657]: Invalid user 1admin0 from 31.184.198.71 port 58997","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:26:47 honeypot-fra-1 sshd[22316]: Disconnected from authenticating user root 92.255.85.70 port 26148 [preauth]","@timestamp":"2022-09-16T15:26:48.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:27:55 honeypot-fra-1 sshd[22322]: Received disconnect from 45.61.187.160 port 54348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T15:27:56.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:19 honeypot-fra-1 sshd[22326]: Received disconnect from 45.61.187.160 port 48712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T15:28:20.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:36 honeypot-fra-1 sshd[22330]: Invalid user user from 45.61.187.160 port 43080","@timestamp":"2022-09-16T15:28:37.227Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:31:31 honeypot-ams-1 kernel: [84218873.026191] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=22056 PROTO=TCP SPT=53309 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:31:32.485Z"}
{"@timestamp":"2022-09-16T15:33:01.291Z","@version":"1","message":"Sep 16 15:33:00 honeypot-sgp-1 sshd[25664]: Invalid user debian from 179.60.147.69 port 41776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:33:10 honeypot-fra-1 sshd[22335]: Connection closed by authenticating user root 137.116.144.39 port 40808 [preauth]","@timestamp":"2022-09-16T15:33:11.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22344]: Connection closed by authenticating user root 139.59.152.202 port 36120 [preauth]","@timestamp":"2022-09-16T15:38:54.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22351]: Invalid user centos from 139.59.152.202 port 36128","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22361]: Invalid user deploy from 139.59.152.202 port 36164","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22358]: Invalid user oracle from 139.59.152.202 port 36148","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22347]: Connection closed by invalid user ubuntu 139.59.152.202 port 36126 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22345]: Connection closed by authenticating user root 139.59.152.202 port 36122 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22368]: Connection closed by authenticating user root 139.59.152.202 port 36184 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22371]: Invalid user testuser from 139.59.152.202 port 36196","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22369]: Invalid user www from 139.59.152.202 port 36188","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:39:21 honeypot-ams-1 kernel: [84219342.426144] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.176.40.25 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=58799 PROTO=TCP SPT=42406 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:39:21.686Z"}
{"@timestamp":"2022-09-16T15:39:56.460Z","@version":"1","message":"Sep 16 15:39:56 honeypot-sgp-1 kernel: [84218902.049488] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.241 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=57796 PROTO=TCP SPT=49548 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:13 honeypot-ams-1 sshd[31545]: Disconnected from authenticating user root 60.181.19.237 port 25575 [preauth]","@timestamp":"2022-09-16T15:42:14.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:20 honeypot-ams-1 sshd[31551]: Received disconnect from 60.181.19.237 port 21685:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:20.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:28 honeypot-ams-1 sshd[31557]: Received disconnect from 60.181.19.237 port 21868:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:28.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:32 honeypot-ams-1 sshd[31563]: Received disconnect from 60.181.19.237 port 22007:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:32.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:42:37 honeypot-fra-1 kernel: [84217370.940383] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.176.40.25 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=65186 PROTO=TCP SPT=42406 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:42:37.552Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:39 honeypot-ams-1 sshd[31569]: Received disconnect from 60.181.19.237 port 22198:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:39.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:44 honeypot-ams-1 sshd[31573]: Disconnected from authenticating user root 60.181.19.237 port 22322 [preauth]","@timestamp":"2022-09-16T15:42:44.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:51 honeypot-ams-1 sshd[31579]: Disconnected from authenticating user root 60.181.19.237 port 22508 [preauth]","@timestamp":"2022-09-16T15:42:51.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:57 honeypot-ams-1 sshd[31585]: Disconnected from authenticating user root 60.181.19.237 port 22686 [preauth]","@timestamp":"2022-09-16T15:42:57.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:04 honeypot-ams-1 sshd[31591]: Disconnected from authenticating user root 60.181.19.237 port 22863 [preauth]","@timestamp":"2022-09-16T15:43:04.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:11 honeypot-ams-1 sshd[31597]: Disconnected from authenticating user root 60.181.19.237 port 23067 [preauth]","@timestamp":"2022-09-16T15:43:11.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:18 honeypot-ams-1 sshd[31603]: Disconnected from authenticating user root 60.181.19.237 port 23266 [preauth]","@timestamp":"2022-09-16T15:43:19.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:26 honeypot-ams-1 sshd[31609]: Disconnected from authenticating user root 60.181.19.237 port 23478 [preauth]","@timestamp":"2022-09-16T15:43:26.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:33 honeypot-ams-1 sshd[31615]: Disconnected from authenticating user root 60.181.19.237 port 23660 [preauth]","@timestamp":"2022-09-16T15:43:33.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:37 honeypot-ams-1 sshd[31619]: Disconnected from invalid user admin 60.181.19.237 port 23774 [preauth]","@timestamp":"2022-09-16T15:43:37.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:42 honeypot-ams-1 sshd[31623]: Disconnected from invalid user admin 60.181.19.237 port 23913 [preauth]","@timestamp":"2022-09-16T15:43:42.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:47 honeypot-ams-1 sshd[31627]: Disconnected from invalid user admin 60.181.19.237 port 24041 [preauth]","@timestamp":"2022-09-16T15:43:47.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:51 honeypot-ams-1 sshd[31631]: Disconnected from invalid user admin 60.181.19.237 port 24683 [preauth]","@timestamp":"2022-09-16T15:43:51.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:56 honeypot-ams-1 sshd[31635]: Disconnected from invalid user admin 60.181.19.237 port 24884 [preauth]","@timestamp":"2022-09-16T15:43:56.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:02 honeypot-ams-1 sshd[31641]: Received disconnect from 60.181.19.237 port 25064:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:02.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:07 honeypot-ams-1 sshd[31645]: Received disconnect from 60.181.19.237 port 25589:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:07.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:12 honeypot-ams-1 sshd[31649]: Received disconnect from 60.181.19.237 port 21634:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:13.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:18 honeypot-ams-1 sshd[31653]: Received disconnect from 60.181.19.237 port 21852:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:18.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:22 honeypot-ams-1 sshd[31657]: Received disconnect from 60.181.19.237 port 21995:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:22.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:27 honeypot-ams-1 sshd[31662]: Received disconnect from 60.181.19.237 port 22112:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:27.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:33 honeypot-ams-1 sshd[31666]: Received disconnect from 60.181.19.237 port 22404:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:33.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:38 honeypot-ams-1 sshd[31670]: Received disconnect from 60.181.19.237 port 22696:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:38.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:44 honeypot-ams-1 sshd[31674]: Received disconnect from 60.181.19.237 port 22834:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:44.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:49 honeypot-ams-1 sshd[31678]: Received disconnect from 60.181.19.237 port 23028:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:49.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:53 honeypot-ams-1 sshd[31682]: Received disconnect from 60.181.19.237 port 23175:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:53.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:58 honeypot-ams-1 sshd[31686]: Received disconnect from 60.181.19.237 port 23314:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:58.893Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:51:44 honeypot-ams-1 kernel: [84220085.456475] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=TCP SPT=48368 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:51:45.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:52:33 honeypot-fra-1 sshd[22406]: Disconnected from invalid user lgsm 165.22.45.108 port 59046 [preauth]","@timestamp":"2022-09-16T15:52:34.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:52:38.786Z","@version":"1","message":"Sep 16 15:52:38 honeypot-sgp-1 sshd[25673]: Disconnected from authenticating user root 138.68.10.182 port 50522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:56:38 honeypot-ams-1 kernel: [84220379.818047] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=220.167.179.17 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=42674 PROTO=TCP SPT=64286 DPT=443 WINDOW=12750 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:56:39.197Z"}
{"@timestamp":"2022-09-16T15:57:54.918Z","@version":"1","message":"Sep 16 15:57:54 honeypot-sgp-1 kernel: [84219980.405972] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=47.90.203.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=32956 PROTO=TCP SPT=43664 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:36.081Z","@version":"1","message":"Sep 16 16:04:35 honeypot-sgp-1 sshd[25684]: Disconnected from invalid user user 45.61.186.49 port 38622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:46.087Z","@version":"1","message":"Sep 16 16:04:45 honeypot-sgp-1 sshd[25688]: Disconnected from invalid user user 45.61.186.49 port 49956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:09:12.197Z","@version":"1","message":"Sep 16 16:09:11 honeypot-sgp-1 kernel: [84220656.894868] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=45082 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:10:36 honeypot-fra-1 sshd[22410]: Connection closed by invalid user user 179.60.147.69 port 12264 [preauth]","@timestamp":"2022-09-16T16:10:37.174Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:12:49 honeypot-ams-1 sshd[31701]: Invalid user user from 179.60.147.69 port 15646","@timestamp":"2022-09-16T16:12:50.609Z"}
{"@timestamp":"2022-09-16T16:15:13.383Z","@version":"1","message":"Sep 16 16:15:12 honeypot-sgp-1 sshd[25698]: Received disconnect from 123.21.36.204 port 35168:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:17:15.434Z","@version":"1","message":"Sep 16 16:17:15 honeypot-sgp-1 sshd[25703]: Disconnected from invalid user ekp 196.0.120.211 port 49580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:17:31 honeypot-fra-1 kernel: [84219465.196181] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=197.63.35.35 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=49455 PROTO=TCP SPT=47513 DPT=80 WINDOW=41346 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:17:32.331Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T16:18:28.465Z","@version":"1","message":"Sep 16 16:18:28 honeypot-sgp-1 sshd[25707]: Disconnected from invalid user lorena 198.23.148.137 port 33060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:20:52 honeypot-fra-1 kernel: [84219666.054938] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.237.151.83 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39598 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:20:53.410Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:32 honeypot-fra-1 sshd[22425]: Disconnected from authenticating user root 187.116.49.64 port 47062 [preauth]","@timestamp":"2022-09-16T16:24:33.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:39 honeypot-fra-1 sshd[22432]: Received disconnect from 187.116.49.64 port 47065:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:39.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:45 honeypot-fra-1 sshd[22438]: Received disconnect from 187.116.49.64 port 47068:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:46.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:52 honeypot-fra-1 sshd[22444]: Received disconnect from 187.116.49.64 port 47071:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:52.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:58 honeypot-fra-1 sshd[22450]: Received disconnect from 187.116.49.64 port 47074:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:59.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:04 honeypot-fra-1 sshd[22456]: Received disconnect from 187.116.49.64 port 47077:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:05.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:11 honeypot-fra-1 sshd[22462]: Received disconnect from 187.116.49.64 port 47080:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:12.518Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:17 honeypot-fra-1 sshd[22468]: Received disconnect from 187.116.49.64 port 47083:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:18.522Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:24 honeypot-fra-1 sshd[22474]: Received disconnect from 187.116.49.64 port 47086:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:24.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:31 honeypot-fra-1 sshd[22480]: Received disconnect from 187.116.49.64 port 47089:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:31.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:37 honeypot-fra-1 sshd[22486]: Received disconnect from 187.116.49.64 port 47092:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:38.584Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:25:39 honeypot-ams-1 kernel: [84222120.349153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=39151 PROTO=TCP SPT=47116 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:25:39.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:44 honeypot-fra-1 sshd[22492]: Received disconnect from 187.116.49.64 port 47095:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:44.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:48 honeypot-fra-1 sshd[22496]: Disconnected from invalid user admin 187.116.49.64 port 47097 [preauth]","@timestamp":"2022-09-16T16:25:49.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:53 honeypot-fra-1 sshd[22500]: Disconnected from invalid user admin 187.116.49.64 port 47099 [preauth]","@timestamp":"2022-09-16T16:25:53.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:57 honeypot-fra-1 sshd[22504]: Disconnected from invalid user admin 187.116.49.64 port 47101 [preauth]","@timestamp":"2022-09-16T16:25:57.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:01 honeypot-fra-1 sshd[22508]: Disconnected from invalid user admin 187.116.49.64 port 47103 [preauth]","@timestamp":"2022-09-16T16:26:01.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:05 honeypot-fra-1 sshd[22512]: Disconnected from invalid user admin 187.116.49.64 port 47105 [preauth]","@timestamp":"2022-09-16T16:26:06.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:10 honeypot-fra-1 sshd[22516]: Disconnected from invalid user user 187.116.49.64 port 47107 [preauth]","@timestamp":"2022-09-16T16:26:10.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:16 honeypot-fra-1 sshd[22522]: Received disconnect from 187.116.49.64 port 47110:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:16.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:20 honeypot-fra-1 sshd[22526]: Received disconnect from 187.116.49.64 port 47112:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:20.609Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:25 honeypot-fra-1 sshd[22530]: Received disconnect from 187.116.49.64 port 47114:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:25.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:29 honeypot-fra-1 sshd[22534]: Received disconnect from 187.116.49.64 port 47116:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:29.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:33 honeypot-fra-1 sshd[22538]: Received disconnect from 187.116.49.64 port 47061:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:34.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:38 honeypot-fra-1 sshd[22542]: Received disconnect from 187.116.49.64 port 47063:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:38.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:42 honeypot-fra-1 sshd[22546]: Received disconnect from 187.116.49.64 port 47065:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:42.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:46 honeypot-fra-1 sshd[22550]: Received disconnect from 187.116.49.64 port 47067:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:47.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:51 honeypot-fra-1 sshd[22554]: Received disconnect from 187.116.49.64 port 47069:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:51.626Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:55 honeypot-fra-1 sshd[22558]: Received disconnect from 187.116.49.64 port 47071:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:55.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:59 honeypot-fra-1 sshd[22562]: Received disconnect from 187.116.49.64 port 47073:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:59.630Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T16:33:17.844Z","@version":"1","message":"Sep 16 16:33:17 honeypot-sgp-1 kernel: [84222103.238955] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.89.48.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=61463 PROTO=TCP SPT=43909 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:34:21 honeypot-fra-1 sshd[22567]: Invalid user adrian from 92.255.85.69 port 17470","@timestamp":"2022-09-16T16:34:21.794Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:37:28 honeypot-ams-1 kernel: [84222830.094868] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.36.19.166 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=33298 DF PROTO=TCP SPT=12829 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:37:29.245Z"}
{"@timestamp":"2022-09-16T16:40:25.018Z","@version":"1","message":"Sep 16 16:40:24 honeypot-sgp-1 sshd[25717]: Received disconnect from 165.22.101.75 port 55068:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:42:16.066Z","@version":"1","message":"Sep 16 16:42:15 honeypot-sgp-1 sshd[25721]: Disconnected from authenticating user root 43.155.100.37 port 35956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:42:55 honeypot-ams-1 sshd[31715]: Invalid user user from 209.14.136.27 port 40338","@timestamp":"2022-09-16T16:42:55.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:45:44 honeypot-ams-1 sshd[31719]: Received disconnect from 34.126.71.110 port 56796:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:45:44.463Z"}
{"@timestamp":"2022-09-16T16:45:49.155Z","@version":"1","message":"Sep 16 16:45:48 honeypot-sgp-1 sshd[25728]: Received disconnect from 43.154.142.229 port 38574:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:47:41 honeypot-ams-1 sshd[31723]: Disconnected from invalid user ttf 209.65.66.239 port 47000 [preauth]","@timestamp":"2022-09-16T16:47:42.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:47:47 honeypot-fra-1 kernel: [84221280.775293] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=97.107.134.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22863 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:47:48.094Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T16:49:03.236Z","@version":"1","message":"Sep 16 16:49:02 honeypot-sgp-1 kernel: [84223047.881921] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3031 PROTO=TCP SPT=49547 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:50:57 honeypot-ams-1 kernel: [84223638.272860] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.139.156 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=38560 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:50:57.603Z"}
{"@timestamp":"2022-09-16T16:52:25.320Z","@version":"1","message":"Sep 16 16:52:24 honeypot-sgp-1 kernel: [84223250.071088] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=19584 PROTO=TCP SPT=46428 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:52:38 honeypot-fra-1 sshd[22593]: Connection closed by 126.113.24.98 port 5603 [preauth]","@timestamp":"2022-09-16T16:52:38.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:56:58 honeypot-fra-1 sshd[22598]: Invalid user user from 45.61.184.204 port 56680","@timestamp":"2022-09-16T16:56:59.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:18 honeypot-fra-1 sshd[22602]: Invalid user user from 45.61.184.204 port 51368","@timestamp":"2022-09-16T16:57:18.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:36 honeypot-fra-1 sshd[22606]: Invalid user user from 45.61.184.204 port 46052","@timestamp":"2022-09-16T16:57:37.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:47 honeypot-fra-1 sshd[22612]: Received disconnect from 92.255.85.70 port 48470:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:57:47.363Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:13 honeypot-ams-1 sshd[31736]: Invalid user user from 45.61.187.160 port 55178","@timestamp":"2022-09-16T17:01:13.894Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:32 honeypot-ams-1 sshd[31740]: Invalid user user from 45.61.187.160 port 49482","@timestamp":"2022-09-16T17:01:32.905Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:51 honeypot-ams-1 sshd[31744]: Invalid user user from 45.61.187.160 port 43796","@timestamp":"2022-09-16T17:01:51.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:02:08 honeypot-ams-1 sshd[31748]: Invalid user user from 45.61.187.160 port 38090","@timestamp":"2022-09-16T17:02:08.923Z"}
{"@timestamp":"2022-09-16T17:04:23.609Z","@version":"1","message":"Sep 16 17:04:23 honeypot-sgp-1 sshd[25744]: Received disconnect from 92.255.85.70 port 31544:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:06:21 honeypot-fra-1 sshd[22618]: Disconnected from authenticating user root 23.224.98.194 port 45194 [preauth]","@timestamp":"2022-09-16T17:06:22.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:08:36 honeypot-fra-1 sshd[22624]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-16T17:08:37.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:09:01 honeypot-ams-1 CRON[31751]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T17:09:02.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:17:01 honeypot-ams-1 CRON[31758]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T17:17:02.308Z"}
{"@timestamp":"2022-09-16T17:17:01.912Z","@version":"1","message":"Sep 16 17:17:01 honeypot-sgp-1 CRON[25751]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:17:46 honeypot-fra-1 sshd[22632]: Disconnected from authenticating user root 103.147.35.60 port 49570 [preauth]","@timestamp":"2022-09-16T17:17:47.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:21:21 honeypot-fra-1 sshd[22636]: Disconnected from authenticating user root 92.255.85.69 port 48674 [preauth]","@timestamp":"2022-09-16T17:21:22.217Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:21:55.034Z","@version":"1","message":"Sep 16 17:21:54 honeypot-sgp-1 sshd[25754]: Connection closed by invalid user user 179.60.147.69 port 45432 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:24:09 honeypot-ams-1 kernel: [84225630.391082] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=24956 PROTO=TCP SPT=49868 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:24:09.492Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:09 honeypot-fra-1 sshd[22641]: Received disconnect from 165.227.85.21 port 59464:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:27:09.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:59 honeypot-fra-1 sshd[22645]: Received disconnect from 179.99.246.60 port 49468:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:27:59.373Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:28:05.186Z","@version":"1","message":"Sep 16 17:28:04 honeypot-sgp-1 sshd[25760]: Invalid user service from 92.255.85.69 port 39674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:29:19 honeypot-ams-1 kernel: [84225941.143094] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52430 PROTO=TCP SPT=49024 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:29:20.626Z"}
{"@timestamp":"2022-09-16T17:32:59.304Z","@version":"1","message":"Sep 16 17:32:58 honeypot-sgp-1 sshd[25763]: Disconnected from invalid user dbuser 203.151.83.7 port 37486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:33:27 honeypot-fra-1 sshd[22648]: Disconnected from invalid user skynet 64.227.39.120 port 57724 [preauth]","@timestamp":"2022-09-16T17:33:28.517Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:34:39 honeypot-ams-1 sshd[31770]: Received disconnect from 195.19.105.13 port 17911:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:34:39.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:40:27 honeypot-ams-1 sshd[31775]: Invalid user guest from 193.106.191.157 port 56980","@timestamp":"2022-09-16T17:40:27.918Z"}
{"@timestamp":"2022-09-16T17:43:50.562Z","@version":"1","message":"Sep 16 17:43:49 honeypot-sgp-1 kernel: [84226335.232346] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.68 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=35774 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:44:30 honeypot-fra-1 sshd[22654]: Disconnected from invalid user service 92.255.85.70 port 41442 [preauth]","@timestamp":"2022-09-16T17:44:31.758Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:46:49.635Z","@version":"1","message":"Sep 16 17:46:49 honeypot-sgp-1 sshd[25770]: Received disconnect from 161.82.233.183 port 41080:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T17:48:48.685Z","@version":"1","message":"Sep 16 17:48:48 honeypot-sgp-1 sshd[25776]: Invalid user admin from 64.227.185.119 port 43148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:50:25 honeypot-fra-1 sshd[22659]: Invalid user guest from 193.106.191.157 port 50092","@timestamp":"2022-09-16T17:50:25.895Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:50:50 honeypot-ams-1 sshd[31779]: Disconnected from authenticating user root 147.182.205.245 port 52594 [preauth]","@timestamp":"2022-09-16T17:50:51.184Z"}
{"@timestamp":"2022-09-16T17:52:48.781Z","@version":"1","message":"Sep 16 17:52:48 honeypot-sgp-1 sshd[25781]: Received disconnect from 182.23.23.42 port 49744:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:01:12 honeypot-ams-1 sshd[31785]: Disconnected from authenticating user nobody 92.255.85.70 port 52302 [preauth]","@timestamp":"2022-09-16T18:01:12.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:33 honeypot-fra-1 sshd[22665]: Received disconnect from 45.61.186.249 port 47754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:02:34.171Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:51 honeypot-fra-1 sshd[22669]: Received disconnect from 45.61.186.249 port 42178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:02:52.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:11 honeypot-fra-1 sshd[22673]: Received disconnect from 45.61.186.249 port 36598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:03:12.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:28 honeypot-fra-1 sshd[22677]: Received disconnect from 45.61.186.249 port 59278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:03:29.213Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T18:05:02.094Z","@version":"1","message":"Sep 16 18:05:01 honeypot-sgp-1 kernel: [84227606.930782] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=43007 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:05:10 honeypot-ams-1 kernel: [84228091.327196] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48905 PROTO=TCP SPT=51203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:05:10.547Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:06:03 honeypot-ams-1 sshd[31797]: Connection closed by invalid user admin 165.232.158.22 port 37846 [preauth]","@timestamp":"2022-09-16T18:06:03.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:08:36 honeypot-ams-1 sshd[31802]: Disconnected from invalid user precisiongluser 14.225.204.210 port 39390 [preauth]","@timestamp":"2022-09-16T18:08:36.638Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:09:06 honeypot-fra-1 sshd[22682]: Received disconnect from 92.255.85.69 port 42060:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:09:07.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:16:22 honeypot-fra-1 kernel: [84226595.550918] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.230.103.242 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=43399 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:16:22.509Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T18:17:01.378Z","@version":"1","message":"Sep 16 18:17:01 honeypot-sgp-1 CRON[25791]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:17:01 honeypot-ams-1 CRON[31806]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T18:17:02.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:24:54 honeypot-ams-1 sshd[31812]: Invalid user test from 92.255.85.69 port 61302","@timestamp":"2022-09-16T18:24:55.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:26:04 honeypot-ams-1 sshd[31816]: Invalid user admin from 20.25.38.254 port 34024","@timestamp":"2022-09-16T18:26:04.089Z"}
{"@timestamp":"2022-09-16T18:29:30.678Z","@version":"1","message":"Sep 16 18:29:29 honeypot-sgp-1 kernel: [84229075.436559] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=6764 PROTO=TCP SPT=55015 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:31:46 honeypot-fra-1 sshd[22690]: Invalid user test from 92.255.85.69 port 34080","@timestamp":"2022-09-16T18:31:46.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:33:22 honeypot-ams-1 kernel: [84229783.287358] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.20.104.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=42006 PROTO=TCP SPT=2852 DPT=80 WINDOW=18854 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:33:22.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:36:35 honeypot-ams-1 sshd[31826]: Received disconnect from 46.19.141.122 port 57416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:36:35.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:37:41 honeypot-ams-1 sshd[31830]: Disconnected from invalid user admin 46.19.141.122 port 39764 [preauth]","@timestamp":"2022-09-16T18:37:41.412Z"}
{"@timestamp":"2022-09-16T18:38:04.886Z","@version":"1","message":"Sep 16 18:38:04 honeypot-sgp-1 sshd[25801]: Received disconnect from 92.255.85.69 port 32202:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:38:18 honeypot-ams-1 sshd[31836]: Received disconnect from 46.19.141.122 port 50340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:38:19.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:39:16 honeypot-ams-1 sshd[31840]: Received disconnect from 46.19.141.122 port 60914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:39:17.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:40:04 honeypot-ams-1 sshd[31844]: Invalid user support from 46.19.141.122 port 43250","@timestamp":"2022-09-16T18:40:05.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:42:05 honeypot-fra-1 kernel: [84228138.767190] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.151.215 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=50248 DF PROTO=TCP SPT=36816 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:42:06.086Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:45:03 honeypot-ams-1 kernel: [84230484.929469] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=45496 PROTO=TCP SPT=53827 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:45:04.612Z"}
{"@timestamp":"2022-09-16T18:47:39.114Z","@version":"1","message":"Sep 16 18:47:38 honeypot-sgp-1 kernel: [84230164.068158] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.97.141.112 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=47279 DF PROTO=TCP SPT=35502 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T18:50:53.191Z","@version":"1","message":"Sep 16 18:50:52 honeypot-sgp-1 kernel: [84230357.750939] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.240 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33340 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:51:25 honeypot-fra-1 kernel: [84228698.922803] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38068 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:51:26.326Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:51:27 honeypot-ams-1 kernel: [84230869.117879] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4271 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:51:28.782Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:58:47 honeypot-fra-1 sshd[22703]: Connection reset by 84.87.42.233 port 55703 [preauth]","@timestamp":"2022-09-16T18:58:47.511Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:01:31.441Z","@version":"1","message":"Sep 16 19:01:31 honeypot-sgp-1 sshd[25809]: Disconnected from invalid user vagrant 92.255.85.69 port 60528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:04:26 honeypot-ams-1 sshd[31927]: Disconnected from authenticating user root 46.101.169.25 port 46268 [preauth]","@timestamp":"2022-09-16T19:04:27.116Z"}
{"@timestamp":"2022-09-16T19:05:17.531Z","@version":"1","message":"Sep 16 19:05:17 honeypot-sgp-1 sshd[25815]: Received disconnect from 45.61.186.249 port 38324:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:05:22 honeypot-fra-1 kernel: [84229535.096058] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.178.37.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=62159 PROTO=TCP SPT=54680 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:05:22.660Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T19:05:36.541Z","@version":"1","message":"Sep 16 19:05:35 honeypot-sgp-1 sshd[25819]: Received disconnect from 45.61.186.249 port 60892:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:56.550Z","@version":"1","message":"Sep 16 19:05:56 honeypot-sgp-1 sshd[25823]: Received disconnect from 45.61.186.249 port 55238:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:06:14.558Z","@version":"1","message":"Sep 16 19:06:13 honeypot-sgp-1 sshd[25827]: Received disconnect from 45.61.186.249 port 49590:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:44 honeypot-ams-1 sshd[31933]: Received disconnect from 45.61.184.204 port 45506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:06:45.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:02 honeypot-ams-1 sshd[31937]: Received disconnect from 45.61.184.204 port 39756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:07:03.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:20 honeypot-ams-1 sshd[31941]: Received disconnect from 45.61.184.204 port 34010:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:07:21.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:29 honeypot-ams-1 sshd[31945]: Received disconnect from 45.61.184.204 port 45256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:07:30.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:46 honeypot-fra-1 sshd[22713]: Invalid user debian from 179.60.147.69 port 52906","@timestamp":"2022-09-16T19:11:47.808Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:11:54 honeypot-ams-1 sshd[31950]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 34102: Connection corrupted [preauth]","@timestamp":"2022-09-16T19:11:55.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:14:30 honeypot-fra-1 sshd[22719]: Did not receive identification string from 194.163.190.53 port 41106","@timestamp":"2022-09-16T19:14:30.873Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:17:01 honeypot-ams-1 CRON[31955]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T19:17:02.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:18:23 honeypot-fra-1 sshd[22724]: Disconnected from invalid user vagrant 92.255.85.70 port 37350 [preauth]","@timestamp":"2022-09-16T19:18:23.960Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:20:38.892Z","@version":"1","message":"Sep 16 19:20:38 honeypot-sgp-1 sshd[25836]: Received disconnect from 58.32.17.88 port 50318:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:27:28 honeypot-ams-1 kernel: [84233029.786912] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.217.153 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46718 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:27:28.737Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:33:26 honeypot-fra-1 kernel: [84231219.785972] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=27565 PROTO=TCP SPT=49255 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:33:27.300Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T19:34:46.221Z","@version":"1","message":"Sep 16 19:34:45 honeypot-sgp-1 sshd[25842]: Invalid user ygy from 20.228.209.161 port 33908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:35:41 honeypot-ams-1 kernel: [84233522.614796] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.91.206 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29710 PROTO=TCP SPT=22831 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:35:41.953Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:38:04 honeypot-fra-1 sshd[22736]: Connection closed by authenticating user root 194.163.190.53 port 48620 [preauth]","@timestamp":"2022-09-16T19:38:05.410Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:39:28.334Z","@version":"1","message":"Sep 16 19:39:27 honeypot-sgp-1 kernel: [84233273.400586] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=48315 PROTO=TCP SPT=56921 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:44:52 honeypot-fra-1 sshd[22741]: Disconnected from invalid user liang 165.22.45.108 port 51366 [preauth]","@timestamp":"2022-09-16T19:44:53.560Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:49:04.557Z","@version":"1","message":"Sep 16 19:49:04 honeypot-sgp-1 sshd[25849]: Disconnected from authenticating user root 92.255.85.69 port 55434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:49:08 honeypot-ams-1 sshd[31968]: Received disconnect from 46.19.141.122 port 52838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:49:09.300Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:50:24 honeypot-ams-1 sshd[31975]: Invalid user test from 179.60.147.69 port 60352","@timestamp":"2022-09-16T19:50:25.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:50:54 honeypot-fra-1 sshd[22748]: Disconnected from authenticating user root 212.179.12.206 port 54402 [preauth]","@timestamp":"2022-09-16T19:50:54.698Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:01 honeypot-ams-1 sshd[31979]: Received disconnect from 46.19.141.122 port 52952:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:51:02.354Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:38 honeypot-ams-1 sshd[31983]: Disconnected from authenticating user root 46.19.141.122 port 38878 [preauth]","@timestamp":"2022-09-16T19:51:39.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31987]: Invalid user ansible from 176.31.240.226 port 44120","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31987]: Connection closed by invalid user ansible 176.31.240.226 port 44120 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31994]: Connection closed by authenticating user root 176.31.240.226 port 44148 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31986]: Invalid user devops from 176.31.240.226 port 44114","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32025]: Invalid user hadoop from 176.31.240.226 port 44154","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32023]: Connection closed by authenticating user root 176.31.240.226 port 44184 [preauth]","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32027]: Connection closed by invalid user ubuntu 176.31.240.226 port 44136 [preauth]","@timestamp":"2022-09-16T19:51:45.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32039]: Invalid user www from 176.31.240.226 port 44124","@timestamp":"2022-09-16T19:51:47.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32039]: Connection closed by invalid user www 176.31.240.226 port 44124 [preauth]","@timestamp":"2022-09-16T19:51:47.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:51:53 honeypot-fra-1 sshd[22752]: Disconnected from invalid user admin 159.223.70.83 port 38953 [preauth]","@timestamp":"2022-09-16T19:51:53.724Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:52:16 honeypot-ams-1 sshd[32052]: Received disconnect from 46.19.141.122 port 45972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:52:17.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:53:04 honeypot-ams-1 sshd[32056]: Received disconnect from 46.19.141.122 port 60142:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:53:05.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:56:58 honeypot-ams-1 sshd[32063]: Invalid user cacheusr from 138.68.166.112 port 43636","@timestamp":"2022-09-16T19:56:59.519Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:59:12 honeypot-ams-1 kernel: [84234933.898744] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57351 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:59:13.580Z"}
{"@timestamp":"2022-09-16T19:59:51.805Z","@version":"1","message":"Sep 16 19:59:51 honeypot-sgp-1 sshd[25853]: Received disconnect from 196.191.116.209 port 2130:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:01:23.844Z","@version":"1","message":"Sep 16 20:01:23 honeypot-sgp-1 sshd[25858]: Received disconnect from 178.128.114.244 port 39660:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:01:59 honeypot-fra-1 sshd[22760]: Connection closed by authenticating user root 194.163.190.53 port 50288 [preauth]","@timestamp":"2022-09-16T20:01:59.948Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:05:15.936Z","@version":"1","message":"Sep 16 20:05:15 honeypot-sgp-1 sshd[25862]: Received disconnect from 43.154.5.246 port 33708:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:09:59 honeypot-fra-1 sshd[22768]: Received disconnect from 178.128.30.95 port 56990:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:10:00.126Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:12:12.101Z","@version":"1","message":"Sep 16 20:12:11 honeypot-sgp-1 sshd[25867]: Invalid user mysql from 92.255.85.70 port 51310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:15:33 honeypot-fra-1 sshd[22773]: Disconnected from invalid user tasha 40.118.190.19 port 52532 [preauth]","@timestamp":"2022-09-16T20:15:34.248Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:15:54 honeypot-ams-1 kernel: [84235935.354729] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.232.45.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=46473 PROTO=TCP SPT=57057 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:15:55.019Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:18 honeypot-ams-1 sshd[32078]: Invalid user user from 45.61.186.169 port 45668","@timestamp":"2022-09-16T20:19:19.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:34 honeypot-ams-1 sshd[32082]: Invalid user user from 45.61.186.169 port 40102","@timestamp":"2022-09-16T20:19:35.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:49 honeypot-ams-1 sshd[32086]: Invalid user user from 45.61.186.169 port 34536","@timestamp":"2022-09-16T20:19:50.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:20:04 honeypot-ams-1 sshd[32090]: Invalid user user from 45.61.186.169 port 57212","@timestamp":"2022-09-16T20:20:05.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:21:35 honeypot-ams-1 sshd[32092]: Disconnected from invalid user mysql 92.255.85.70 port 54294 [preauth]","@timestamp":"2022-09-16T20:21:36.179Z"}
{"@timestamp":"2022-09-16T20:21:57.329Z","@version":"1","message":"Sep 16 20:21:56 honeypot-sgp-1 kernel: [84235822.134204] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.39.19.17 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=237 ID=60206 PROTO=TCP SPT=59704 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:23:37 honeypot-fra-1 sshd[22781]: Connection closed by invalid user guest 193.106.191.157 port 34592 [preauth]","@timestamp":"2022-09-16T20:23:37.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:28:29 honeypot-fra-1 sshd[22788]: Received disconnect from 92.255.85.70 port 31496:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:28:29.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:30:44 honeypot-ams-1 sshd[32098]: Did not receive identification string from 109.248.6.112 port 57768","@timestamp":"2022-09-16T20:30:44.415Z"}
{"@timestamp":"2022-09-16T20:32:54.587Z","@version":"1","message":"Sep 16 20:32:53 honeypot-sgp-1 kernel: [84236479.130910] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=43641 DF PROTO=TCP SPT=59400 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:33:57 honeypot-fra-1 sshd[22793]: Disconnected from 161.35.131.133 port 57498 [preauth]","@timestamp":"2022-09-16T20:33:57.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:34:13 honeypot-ams-1 sshd[32103]: Disconnected from authenticating user root 181.191.9.163 port 27844 [preauth]","@timestamp":"2022-09-16T20:34:14.508Z"}
{"@timestamp":"2022-09-16T20:40:19.763Z","@version":"1","message":"Sep 16 20:40:19 honeypot-sgp-1 sshd[25882]: Invalid user support from 116.98.174.154 port 52592","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:40:35.771Z","@version":"1","message":"Sep 16 20:40:35 honeypot-sgp-1 sshd[25888]: Connection closed by invalid user tomcat 116.98.174.154 port 60870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:02.784Z","@version":"1","message":"Sep 16 20:41:02 honeypot-sgp-1 sshd[25894]: Connection closed by invalid user test 116.98.174.154 port 43346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:07.786Z","@version":"1","message":"Sep 16 20:41:07 honeypot-sgp-1 sshd[25900]: Connection closed by invalid user test 116.98.174.154 port 34576 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:21.794Z","@version":"1","message":"Sep 16 20:41:21 honeypot-sgp-1 sshd[25908]: Invalid user ubnt from 116.98.174.154 port 42532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:29.799Z","@version":"1","message":"Sep 16 20:41:29 honeypot-sgp-1 sshd[25914]: Invalid user admin from 116.98.174.154 port 45382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:36.802Z","@version":"1","message":"Sep 16 20:41:36 honeypot-sgp-1 sshd[25918]: Invalid user support1 from 116.98.174.154 port 41430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:46.808Z","@version":"1","message":"Sep 16 20:41:45 honeypot-sgp-1 sshd[25924]: Connection closed by invalid user lily 116.98.174.154 port 53862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:06.817Z","@version":"1","message":"Sep 16 20:42:06 honeypot-sgp-1 sshd[25930]: Connection closed by invalid user admin 116.98.174.154 port 39862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:11.820Z","@version":"1","message":"Sep 16 20:42:11 honeypot-sgp-1 sshd[25938]: Invalid user monitor from 116.98.174.154 port 47744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:17.824Z","@version":"1","message":"Sep 16 20:42:17 honeypot-sgp-1 sshd[25944]: Invalid user admin from 116.98.174.154 port 60444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:35.832Z","@version":"1","message":"Sep 16 20:42:35 honeypot-sgp-1 sshd[25950]: Invalid user tomcat7 from 116.98.174.154 port 48002","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:44.838Z","@version":"1","message":"Sep 16 20:42:43 honeypot-sgp-1 sshd[25956]: Invalid user barbara from 116.98.174.154 port 52484","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:48.840Z","@version":"1","message":"Sep 16 20:42:47 honeypot-sgp-1 sshd[25960]: Invalid user sysadmin from 116.98.174.154 port 40286","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:52.842Z","@version":"1","message":"Sep 16 20:42:52 honeypot-sgp-1 sshd[25968]: Connection closed by invalid user miner 116.98.174.154 port 38504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:58.845Z","@version":"1","message":"Sep 16 20:42:58 honeypot-sgp-1 sshd[25976]: Invalid user danielle from 116.98.174.154 port 45100","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:43:05 honeypot-fra-1 sshd[22801]: Received disconnect from 165.22.45.108 port 56498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:43:05.875Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:43:10.851Z","@version":"1","message":"Sep 16 20:43:10 honeypot-sgp-1 sshd[25982]: Invalid user data from 116.98.174.154 port 57198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:14.854Z","@version":"1","message":"Sep 16 20:43:13 honeypot-sgp-1 sshd[25988]: Connection closed by invalid user phil 116.98.174.154 port 36962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:19.857Z","@version":"1","message":"Sep 16 20:43:19 honeypot-sgp-1 sshd[25994]: Connection closed by invalid user support 116.98.174.154 port 49200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:29.862Z","@version":"1","message":"Sep 16 20:43:28 honeypot-sgp-1 sshd[26003]: Connection closed by invalid user ssh 116.98.174.154 port 37936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:31.863Z","@version":"1","message":"Sep 16 20:43:31 honeypot-sgp-1 sshd[26008]: Connection closed by invalid user ftpuser 116.98.174.154 port 59344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:40.867Z","@version":"1","message":"Sep 16 20:43:40 honeypot-sgp-1 sshd[26014]: Connection closed by invalid user joro 116.98.174.154 port 54148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:54.874Z","@version":"1","message":"Sep 16 20:43:54 honeypot-sgp-1 sshd[26022]: Invalid user monitor from 116.98.174.154 port 38338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:03.880Z","@version":"1","message":"Sep 16 20:44:02 honeypot-sgp-1 sshd[26026]: Connection closed by invalid user sales1 116.98.174.154 port 40936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:07.882Z","@version":"1","message":"Sep 16 20:44:07 honeypot-sgp-1 sshd[26030]: Connection closed by invalid user admin 116.98.174.154 port 56278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:10.883Z","@version":"1","message":"Sep 16 20:44:10 honeypot-sgp-1 sshd[26040]: Connection closed by invalid user sales 116.98.174.154 port 36000 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:18.888Z","@version":"1","message":"Sep 16 20:44:18 honeypot-sgp-1 sshd[26046]: Invalid user fttrans from 116.98.174.154 port 59204","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:24.891Z","@version":"1","message":"Sep 16 20:44:24 honeypot-sgp-1 sshd[26052]: Invalid user test from 116.98.174.154 port 42026","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:41.899Z","@version":"1","message":"Sep 16 20:44:41 honeypot-sgp-1 sshd[26057]: Connection closed by invalid user testuser 116.98.174.154 port 35180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:58.907Z","@version":"1","message":"Sep 16 20:44:58 honeypot-sgp-1 sshd[26063]: Connection closed by invalid user internet 116.98.174.154 port 46496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:03.910Z","@version":"1","message":"Sep 16 20:45:03 honeypot-sgp-1 sshd[26069]: Connection closed by invalid user teste 116.98.174.154 port 56492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:10.913Z","@version":"1","message":"Sep 16 20:45:10 honeypot-sgp-1 sshd[26075]: Invalid user miner from 116.98.174.154 port 36062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:15.917Z","@version":"1","message":"Sep 16 20:45:15 honeypot-sgp-1 sshd[26082]: Invalid user user from 45.61.186.169 port 46126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:19.919Z","@version":"1","message":"Sep 16 20:45:19 honeypot-sgp-1 sshd[26088]: Invalid user aidvolunteers from 116.98.174.154 port 43770","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:20.920Z","@version":"1","message":"Sep 16 20:45:20 honeypot-sgp-1 sshd[26094]: Connection closed by invalid user user 116.98.174.154 port 54792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:26.923Z","@version":"1","message":"Sep 16 20:45:26 honeypot-sgp-1 sshd[26100]: Invalid user git from 116.98.174.154 port 56856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:31.926Z","@version":"1","message":"Sep 16 20:45:31 honeypot-sgp-1 sshd[26108]: Invalid user testuser from 116.98.174.154 port 42728","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:33.927Z","@version":"1","message":"Sep 16 20:45:33 honeypot-sgp-1 sshd[26110]: Connection closed by invalid user kiccuser 116.98.174.154 port 42852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:39.930Z","@version":"1","message":"Sep 16 20:45:39 honeypot-sgp-1 sshd[26118]: Invalid user user from 45.61.186.169 port 51824","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:44.934Z","@version":"1","message":"Sep 16 20:45:44 honeypot-sgp-1 sshd[26124]: Connection closed by authenticating user root 116.98.174.154 port 47136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:47.935Z","@version":"1","message":"Sep 16 20:45:47 honeypot-sgp-1 sshd[26128]: Received disconnect from 45.61.186.169 port 34892:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:52.937Z","@version":"1","message":"Sep 16 20:45:52 honeypot-sgp-1 sshd[26136]: Invalid user test from 116.98.174.154 port 59194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:55.939Z","@version":"1","message":"Sep 16 20:45:54 honeypot-sgp-1 sshd[26140]: Invalid user keith from 116.98.174.154 port 42604","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:01.943Z","@version":"1","message":"Sep 16 20:46:01 honeypot-sgp-1 sshd[26146]: Invalid user shutdown from 116.98.174.154 port 51372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:09.947Z","@version":"1","message":"Sep 16 20:46:09 honeypot-sgp-1 sshd[26154]: Invalid user jack from 116.98.174.154 port 55156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:13.949Z","@version":"1","message":"Sep 16 20:46:13 honeypot-sgp-1 sshd[26158]: Invalid user sftpuser from 116.98.174.154 port 53480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:19.953Z","@version":"1","message":"Sep 16 20:46:18 honeypot-sgp-1 sshd[26164]: Invalid user administrator from 116.98.174.154 port 59806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:30.958Z","@version":"1","message":"Sep 16 20:46:30 honeypot-sgp-1 sshd[26170]: Invalid user cyrus from 116.98.174.154 port 40492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:33.960Z","@version":"1","message":"Sep 16 20:46:33 honeypot-sgp-1 sshd[26176]: Connection closed by invalid user upport 116.98.174.154 port 53478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:48.968Z","@version":"1","message":"Sep 16 20:46:48 honeypot-sgp-1 sshd[26184]: Invalid user nagios from 116.98.174.154 port 59250","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:08.977Z","@version":"1","message":"Sep 16 20:47:08 honeypot-sgp-1 sshd[26192]: Invalid user coach from 116.98.174.154 port 33768","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:20.983Z","@version":"1","message":"Sep 16 20:47:20 honeypot-sgp-1 sshd[26198]: Invalid user adm from 116.98.174.154 port 34952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:34.991Z","@version":"1","message":"Sep 16 20:47:34 honeypot-sgp-1 sshd[26204]: Invalid user admin from 116.98.174.154 port 40450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:38.992Z","@version":"1","message":"Sep 16 20:47:38 honeypot-sgp-1 sshd[26210]: Invalid user adminpldt from 116.98.174.154 port 56476","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:44.996Z","@version":"1","message":"Sep 16 20:47:44 honeypot-sgp-1 sshd[26216]: Invalid user ax from 116.98.174.154 port 40426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:49.999Z","@version":"1","message":"Sep 16 20:47:49 honeypot-sgp-1 sshd[26222]: Connection closed by invalid user account 116.98.174.154 port 43288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:53.000Z","@version":"1","message":"Sep 16 20:47:52 honeypot-sgp-1 sshd[26228]: Connection closed by invalid user user7 116.98.174.154 port 50648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:01.005Z","@version":"1","message":"Sep 16 20:48:00 honeypot-sgp-1 sshd[26236]: Invalid user fe5ced from 116.98.174.154 port 58144","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:06.008Z","@version":"1","message":"Sep 16 20:48:05 honeypot-sgp-1 sshd[26244]: Connection closed by authenticating user root 116.98.174.154 port 40822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:10.010Z","@version":"1","message":"Sep 16 20:48:09 honeypot-sgp-1 sshd[26250]: Connection closed by invalid user anna 116.98.174.154 port 55522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:12.011Z","@version":"1","message":"Sep 16 20:48:11 honeypot-sgp-1 sshd[26256]: Connection closed by invalid user cmsftp 116.98.174.154 port 52192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:17.015Z","@version":"1","message":"Sep 16 20:48:16 honeypot-sgp-1 sshd[26262]: Connection closed by invalid user dean 116.98.174.154 port 43768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:40.026Z","@version":"1","message":"Sep 16 20:48:39 honeypot-sgp-1 sshd[26270]: Invalid user sh from 116.98.174.154 port 57244","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:54.033Z","@version":"1","message":"Sep 16 20:48:53 honeypot-sgp-1 sshd[26274]: Connection closed by invalid user enrique 116.98.174.154 port 35772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:58.035Z","@version":"1","message":"Sep 16 20:48:57 honeypot-sgp-1 sshd[26282]: Invalid user matt from 116.98.174.154 port 52298","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:07.040Z","@version":"1","message":"Sep 16 20:49:06 honeypot-sgp-1 sshd[26288]: Invalid user recovery from 116.98.174.154 port 43882","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:15.045Z","@version":"1","message":"Sep 16 20:49:14 honeypot-sgp-1 sshd[26294]: Invalid user ftpadmin from 116.98.174.154 port 51364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:36.055Z","@version":"1","message":"Sep 16 20:49:35 honeypot-sgp-1 sshd[26300]: Invalid user admin from 116.98.174.154 port 36150","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:40.057Z","@version":"1","message":"Sep 16 20:49:39 honeypot-sgp-1 sshd[26306]: Connection closed by invalid user admin 116.98.174.154 port 44288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:42.058Z","@version":"1","message":"Sep 16 20:49:41 honeypot-sgp-1 sshd[26312]: Connection closed by invalid user php5 116.98.174.154 port 40246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:45.061Z","@version":"1","message":"Sep 16 20:49:44 honeypot-sgp-1 sshd[26318]: Connection closed by invalid user server 116.98.174.154 port 48300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:49.063Z","@version":"1","message":"Sep 16 20:49:48 honeypot-sgp-1 sshd[26324]: Connection closed by invalid user operator 116.98.174.154 port 37638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:52.064Z","@version":"1","message":"Sep 16 20:49:51 honeypot-sgp-1 sshd[26330]: Connection closed by invalid user lpa 116.98.174.154 port 50332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:09.073Z","@version":"1","message":"Sep 16 20:50:08 honeypot-sgp-1 sshd[26336]: Connection closed by invalid user judy 116.98.174.154 port 54312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:50:20 honeypot-ams-1 kernel: [84238001.454384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=61239 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:50:20.922Z"}
{"@timestamp":"2022-09-16T20:50:25.081Z","@version":"1","message":"Sep 16 20:50:24 honeypot-sgp-1 sshd[26345]: Connection closed by invalid user cisco 116.98.174.154 port 44918 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:28.082Z","@version":"1","message":"Sep 16 20:50:27 honeypot-sgp-1 sshd[26351]: Connection closed by invalid user linux 116.98.174.154 port 38942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:35.087Z","@version":"1","message":"Sep 16 20:50:34 honeypot-sgp-1 sshd[26359]: Connection closed by authenticating user root 116.98.174.154 port 34040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:44.091Z","@version":"1","message":"Sep 16 20:50:43 honeypot-sgp-1 sshd[26367]: Connection closed by authenticating user root 116.98.174.154 port 51320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:14.105Z","@version":"1","message":"Sep 16 20:51:13 honeypot-sgp-1 sshd[26375]: Invalid user ftpuser from 116.98.174.154 port 42806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:19.108Z","@version":"1","message":"Sep 16 20:51:18 honeypot-sgp-1 sshd[26381]: Invalid user daegalnet from 116.98.174.154 port 33996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:23.110Z","@version":"1","message":"Sep 16 20:51:23 honeypot-sgp-1 sshd[26387]: Connection closed by authenticating user root 116.98.174.154 port 44762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:36.116Z","@version":"1","message":"Sep 16 20:51:35 honeypot-sgp-1 sshd[26393]: Connection closed by invalid user admIndian 116.98.174.154 port 50230 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:37.117Z","@version":"1","message":"Sep 16 20:51:37 honeypot-sgp-1 sshd[26399]: Connection closed by invalid user guest 116.98.174.154 port 39554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:54.125Z","@version":"1","message":"Sep 16 20:51:53 honeypot-sgp-1 sshd[26407]: Connection closed by invalid user vpn 116.98.174.154 port 59294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:03.130Z","@version":"1","message":"Sep 16 20:52:02 honeypot-sgp-1 sshd[26415]: Connection closed by invalid user test 116.98.174.154 port 58026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:52:12 honeypot-fra-1 sshd[22806]: Disconnected from authenticating user root 92.255.85.69 port 17858 [preauth]","@timestamp":"2022-09-16T20:52:13.077Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:52:17.137Z","@version":"1","message":"Sep 16 20:52:16 honeypot-sgp-1 sshd[26421]: Connection closed by invalid user intermec 116.98.174.154 port 57118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:20.139Z","@version":"1","message":"Sep 16 20:52:19 honeypot-sgp-1 sshd[26427]: Connection closed by invalid user ftp 116.98.174.154 port 39480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:31.145Z","@version":"1","message":"Sep 16 20:52:30 honeypot-sgp-1 sshd[26435]: Invalid user ftp from 116.98.174.154 port 38526","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:40.149Z","@version":"1","message":"Sep 16 20:52:39 honeypot-sgp-1 kernel: [84237664.523452] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=44021 DF PROTO=TCP SPT=54864 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:52:42 honeypot-ams-1 sshd[32113]: Received disconnect from 190.104.25.210 port 54100:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:52:42.986Z"}
{"@timestamp":"2022-09-16T20:52:49.154Z","@version":"1","message":"Sep 16 20:52:48 honeypot-sgp-1 sshd[26445]: Connection closed by invalid user transfer 116.98.174.154 port 58640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:59.159Z","@version":"1","message":"Sep 16 20:52:58 honeypot-sgp-1 sshd[26453]: Invalid user 1e905c from 116.98.174.154 port 45856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:13.166Z","@version":"1","message":"Sep 16 20:53:12 honeypot-sgp-1 sshd[26459]: Invalid user git from 116.98.174.154 port 44048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:27.173Z","@version":"1","message":"Sep 16 20:53:26 honeypot-sgp-1 sshd[26465]: Invalid user app from 116.98.174.154 port 37726","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:28 honeypot-ams-1 sshd[32118]: Disconnected from authenticating user root 80.76.51.189 port 43526 [preauth]","@timestamp":"2022-09-16T20:53:29.010Z"}
{"@timestamp":"2022-09-16T20:53:40.179Z","@version":"1","message":"Sep 16 20:53:39 honeypot-sgp-1 sshd[26471]: Invalid user w from 116.98.174.154 port 52718","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:46.183Z","@version":"1","message":"Sep 16 20:53:45 honeypot-sgp-1 sshd[26477]: Invalid user hyperic from 116.98.174.154 port 54770","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:47 honeypot-ams-1 sshd[32122]: Disconnected from invalid user user 45.61.186.49 port 37970 [preauth]","@timestamp":"2022-09-16T20:53:48.019Z"}
{"@timestamp":"2022-09-16T20:53:52.186Z","@version":"1","message":"Sep 16 20:53:52 honeypot-sgp-1 sshd[26481]: Connection closed by invalid user admin 116.98.174.154 port 37746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:59 honeypot-ams-1 sshd[32128]: Invalid user user from 45.61.186.49 port 49186","@timestamp":"2022-09-16T20:54:00.026Z"}
{"@timestamp":"2022-09-16T20:54:01.191Z","@version":"1","message":"Sep 16 20:54:00 honeypot-sgp-1 sshd[26487]: Connection closed by invalid user 123456789 116.98.174.154 port 35146 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:12.195Z","@version":"1","message":"Sep 16 20:54:11 honeypot-sgp-1 sshd[26493]: Connection closed by invalid user nagios 116.98.174.154 port 38440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:24.202Z","@version":"1","message":"Sep 16 20:54:23 honeypot-sgp-1 sshd[26501]: Invalid user test from 116.98.174.154 port 42496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:25.202Z","@version":"1","message":"Sep 16 20:54:24 honeypot-sgp-1 sshd[26507]: Invalid user dexter from 116.98.174.154 port 39970","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:37.208Z","@version":"1","message":"Sep 16 20:54:36 honeypot-sgp-1 sshd[26515]: Invalid user tim from 116.98.174.154 port 41938","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:42.211Z","@version":"1","message":"Sep 16 20:54:41 honeypot-sgp-1 sshd[26521]: Invalid user support from 116.98.174.154 port 57648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:48.215Z","@version":"1","message":"Sep 16 20:54:47 honeypot-sgp-1 sshd[26525]: Connection closed by invalid user admin 116.98.174.154 port 47852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:54:52 honeypot-ams-1 sshd[32132]: Disconnected from authenticating user root 80.76.51.189 port 53218 [preauth]","@timestamp":"2022-09-16T20:54:53.054Z"}
{"@timestamp":"2022-09-16T20:55:00.221Z","@version":"1","message":"Sep 16 20:54:59 honeypot-sgp-1 sshd[26533]: Connection closed by invalid user public 116.98.174.154 port 45988 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:21.231Z","@version":"1","message":"Sep 16 20:55:21 honeypot-sgp-1 sshd[26542]: Invalid user john from 116.98.174.154 port 35204","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:36.238Z","@version":"1","message":"Sep 16 20:55:35 honeypot-sgp-1 sshd[26548]: Invalid user eseasonminbak from 116.98.174.154 port 34072","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:40.240Z","@version":"1","message":"Sep 16 20:55:40 honeypot-sgp-1 sshd[26554]: Connection closed by 71.206.128.118 port 47781 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:47.245Z","@version":"1","message":"Sep 16 20:55:46 honeypot-sgp-1 sshd[26562]: Connection closed by authenticating user nobody 116.98.174.154 port 46000 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:51.247Z","@version":"1","message":"Sep 16 20:55:51 honeypot-sgp-1 sshd[26568]: Connection closed by invalid user user1 116.98.174.154 port 35858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:55.249Z","@version":"1","message":"Sep 16 20:55:54 honeypot-sgp-1 sshd[26574]: Connection closed by invalid user webconfig 116.98.174.154 port 54700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:10.257Z","@version":"1","message":"Sep 16 20:56:09 honeypot-sgp-1 sshd[26582]: Invalid user operator from 116.98.174.154 port 37506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:19.262Z","@version":"1","message":"Sep 16 20:56:19 honeypot-sgp-1 sshd[26588]: Invalid user qq from 116.98.174.154 port 44546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:56:20 honeypot-ams-1 sshd[32140]: Disconnected from authenticating user root 80.76.51.189 port 34616 [preauth]","@timestamp":"2022-09-16T20:56:21.094Z"}
{"@timestamp":"2022-09-16T20:56:23.264Z","@version":"1","message":"Sep 16 20:56:22 honeypot-sgp-1 sshd[26590]: Connection closed by invalid user user100 116.98.174.154 port 40436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:39.272Z","@version":"1","message":"Sep 16 20:56:38 honeypot-sgp-1 sshd[26600]: Connection closed by invalid user test 116.98.174.154 port 44034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:43.274Z","@version":"1","message":"Sep 16 20:56:43 honeypot-sgp-1 sshd[26608]: Connection closed by 193.114.115.146 port 39182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:48.277Z","@version":"1","message":"Sep 16 20:56:48 honeypot-sgp-1 sshd[26614]: Connection closed by invalid user edwin 116.98.174.154 port 44226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:57:03.285Z","@version":"1","message":"Sep 16 20:57:02 honeypot-sgp-1 sshd[26622]: Invalid user jose from 116.98.174.154 port 59668","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:57:29.297Z","@version":"1","message":"Sep 16 20:57:29 honeypot-sgp-1 sshd[26630]: Invalid user nginx from 103.188.176.251 port 43876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:57:52 honeypot-ams-1 sshd[32146]: Invalid user test from 80.76.51.189 port 44254","@timestamp":"2022-09-16T20:57:53.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:58:55 honeypot-ams-1 sshd[32150]: Invalid user testuser from 80.76.51.189 port 41260","@timestamp":"2022-09-16T20:58:56.166Z"}
{"@timestamp":"2022-09-16T20:59:15.341Z","@version":"1","message":"Sep 16 20:59:14 honeypot-sgp-1 sshd[26634]: Connection closed by invalid user blank 179.60.147.69 port 14354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:59:58 honeypot-ams-1 sshd[32154]: Invalid user ubuntu from 80.76.51.189 port 38270","@timestamp":"2022-09-16T20:59:59.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:01 honeypot-ams-1 sshd[32159]: Invalid user ubuntu from 80.76.51.189 port 35286","@timestamp":"2022-09-16T21:01:02.225Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:01:16 honeypot-fra-1 sshd[22813]: Connection closed by invalid user henry 141.98.10.158 port 38240 [preauth]","@timestamp":"2022-09-16T21:01:16.280Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:43 honeypot-ams-1 sshd[32163]: Received disconnect from 179.171.158.147 port 59228:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:01:44.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:47 honeypot-ams-1 sshd[32167]: Disconnected from invalid user ubnt 179.171.158.147 port 59480 [preauth]","@timestamp":"2022-09-16T21:01:48.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:53 honeypot-ams-1 sshd[32173]: Disconnected from authenticating user root 179.171.158.147 port 59704 [preauth]","@timestamp":"2022-09-16T21:01:54.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:02 honeypot-ams-1 sshd[32179]: Disconnected from authenticating user root 179.171.158.147 port 60170 [preauth]","@timestamp":"2022-09-16T21:02:02.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:08 honeypot-ams-1 sshd[32183]: Disconnected from authenticating user root 179.171.158.147 port 60458 [preauth]","@timestamp":"2022-09-16T21:02:09.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:15 honeypot-ams-1 sshd[32191]: Disconnected from authenticating user root 179.171.158.147 port 60862 [preauth]","@timestamp":"2022-09-16T21:02:16.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:23 honeypot-ams-1 sshd[32197]: Disconnected from authenticating user root 179.171.158.147 port 32994 [preauth]","@timestamp":"2022-09-16T21:02:24.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:31 honeypot-ams-1 sshd[32203]: Disconnected from authenticating user root 179.171.158.147 port 33374 [preauth]","@timestamp":"2022-09-16T21:02:32.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:35 honeypot-ams-1 sshd[32209]: Disconnected from authenticating user root 179.171.158.147 port 33658 [preauth]","@timestamp":"2022-09-16T21:02:36.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:39 honeypot-ams-1 sshd[32215]: Received disconnect from 80.76.51.189 port 44924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:02:40.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:47 honeypot-ams-1 sshd[32221]: Received disconnect from 179.171.158.147 port 34244:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:48.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:54 honeypot-ams-1 sshd[32227]: Received disconnect from 179.171.158.147 port 34638:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:55.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:00 honeypot-ams-1 sshd[32233]: Received disconnect from 179.171.158.147 port 35014:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:01.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:08 honeypot-ams-1 sshd[32239]: Received disconnect from 179.171.158.147 port 35362:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:09.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:12 honeypot-ams-1 sshd[32243]: Received disconnect from 179.171.158.147 port 35668:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:13.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:15 honeypot-ams-1 sshd[32245]: Received disconnect from 179.171.158.147 port 35746:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:16.390Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:20 honeypot-ams-1 sshd[32251]: Received disconnect from 179.171.158.147 port 36008:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:20.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:25 honeypot-ams-1 sshd[32255]: Received disconnect from 179.171.158.147 port 36270:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:26.397Z"}
{"@timestamp":"2022-09-16T21:03:27.439Z","@version":"1","message":"Sep 16 21:03:27 honeypot-sgp-1 sshd[26639]: Received disconnect from 66.76.55.84 port 52210:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:30 honeypot-ams-1 sshd[32259]: Received disconnect from 179.171.158.147 port 36522:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:31.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:35 honeypot-ams-1 sshd[32263]: Received disconnect from 179.171.158.147 port 36836:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:35.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:42 honeypot-ams-1 sshd[32269]: Invalid user pi from 179.171.158.147 port 37190","@timestamp":"2022-09-16T21:03:42.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:46 honeypot-ams-1 sshd[32273]: Invalid user user from 179.171.158.147 port 37448","@timestamp":"2022-09-16T21:03:46.409Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:48 honeypot-ams-1 sshd[32275]: Disconnected from invalid user ethos 179.171.158.147 port 37548 [preauth]","@timestamp":"2022-09-16T21:03:49.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:54 honeypot-ams-1 sshd[32281]: Invalid user miner from 179.171.158.147 port 37792","@timestamp":"2022-09-16T21:03:54.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:58 honeypot-ams-1 sshd[32285]: Invalid user volumio from 179.171.158.147 port 38100","@timestamp":"2022-09-16T21:03:59.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:03 honeypot-ams-1 sshd[32289]: Invalid user nagios from 179.171.158.147 port 38304","@timestamp":"2022-09-16T21:04:03.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:05 honeypot-ams-1 sshd[32291]: Disconnected from invalid user postgres 179.171.158.147 port 38434 [preauth]","@timestamp":"2022-09-16T21:04:06.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:10 honeypot-ams-1 sshd[32295]: Disconnected from invalid user support 179.171.158.147 port 38690 [preauth]","@timestamp":"2022-09-16T21:04:11.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:15 honeypot-ams-1 sshd[32299]: Disconnected from invalid user ubuntu 179.171.158.147 port 38916 [preauth]","@timestamp":"2022-09-16T21:04:15.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:20 honeypot-ams-1 sshd[32303]: Disconnected from invalid user ubuntu 179.171.158.147 port 39144 [preauth]","@timestamp":"2022-09-16T21:04:21.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:24 honeypot-ams-1 sshd[32307]: Disconnected from invalid user guest 179.171.158.147 port 39460 [preauth]","@timestamp":"2022-09-16T21:04:25.436Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:27 honeypot-ams-1 sshd[32313]: Invalid user cirros from 179.171.158.147 port 39656","@timestamp":"2022-09-16T21:04:28.438Z"}
{"@timestamp":"2022-09-16T21:04:32.466Z","@version":"1","message":"Sep 16 21:04:32 honeypot-sgp-1 sshd[26643]: Received disconnect from 82.112.131.162 port 37597:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:00 honeypot-ams-1 sshd[32317]: Invalid user odoo from 80.76.51.189 port 38954","@timestamp":"2022-09-16T21:05:01.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:36 honeypot-ams-1 sshd[32322]: Invalid user admin from 182.52.90.164 port 34696","@timestamp":"2022-09-16T21:05:36.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:06:33 honeypot-ams-1 sshd[32328]: Disconnected from authenticating user root 92.255.85.69 port 58072 [preauth]","@timestamp":"2022-09-16T21:06:33.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:07:20 honeypot-fra-1 sshd[22820]: Connection closed by authenticating user root 194.163.190.53 port 43714 [preauth]","@timestamp":"2022-09-16T21:07:20.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:09:25 honeypot-fra-1 kernel: [84236978.389180] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=189.134.36.117 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=31382 PROTO=TCP SPT=44468 DPT=80 WINDOW=22346 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:09:26.471Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T21:11:19.622Z","@version":"1","message":"Sep 16 21:11:18 honeypot-sgp-1 sshd[26648]: Received disconnect from 46.101.132.159 port 59510:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:11:40.632Z","@version":"1","message":"Sep 16 21:11:39 honeypot-sgp-1 sshd[26652]: Disconnected from 137.184.118.54 port 52048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:12:40.656Z","@version":"1","message":"Sep 16 21:12:40 honeypot-sgp-1 sshd[26656]: Invalid user pi from 82.112.131.162 port 37896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:17:01.759Z","@version":"1","message":"Sep 16 21:17:01 honeypot-sgp-1 CRON[26661]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:17:25 honeypot-ams-1 sshd[32334]: Received disconnect from 157.230.47.123 port 33958:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:17:26.808Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:14 honeypot-fra-1 sshd[22832]: Did not receive identification string from 134.209.151.21 port 45406","@timestamp":"2022-09-16T21:18:14.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22844]: Invalid user kibana from 134.209.151.21 port 49416","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22845]: Invalid user user from 134.209.151.21 port 49410","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22858]: Invalid user ubuntu from 134.209.151.21 port 49402","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22855]: Connection closed by invalid user guest 134.209.151.21 port 49408 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22851]: Connection closed by invalid user postgres 134.209.151.21 port 49392 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22838]: Connection closed by invalid user ansible 134.209.151.21 port 49370 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22857]: Connection closed by invalid user hadoop 134.209.151.21 port 49384 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:21:36.867Z","@version":"1","message":"Sep 16 21:21:36 honeypot-sgp-1 sshd[26669]: Received disconnect from 92.255.85.69 port 35426:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:22:52 honeypot-ams-1 sshd[32337]: Disconnected from invalid user job 103.186.100.72 port 60220 [preauth]","@timestamp":"2022-09-16T21:22:52.952Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:28:19 honeypot-ams-1 sshd[32341]: Invalid user temp from 103.186.48.7 port 48810","@timestamp":"2022-09-16T21:28:20.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:31:51 honeypot-ams-1 sshd[32344]: Disconnected from invalid user user 92.255.85.69 port 32134 [preauth]","@timestamp":"2022-09-16T21:31:52.188Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:32:41 honeypot-fra-1 sshd[22892]: Connection closed by authenticating user root 194.163.190.53 port 47044 [preauth]","@timestamp":"2022-09-16T21:32:42.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:38:40 honeypot-ams-1 sshd[32351]: Invalid user ubnt from 179.60.147.69 port 30392","@timestamp":"2022-09-16T21:38:41.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:39:26 honeypot-fra-1 sshd[22897]: Disconnected from invalid user user 92.255.85.70 port 18086 [preauth]","@timestamp":"2022-09-16T21:39:26.159Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:45 honeypot-fra-1 sshd[22903]: Invalid user libevent from 165.22.45.108 port 33408","@timestamp":"2022-09-16T21:40:46.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:41:32 honeypot-fra-1 sshd[22908]: Invalid user galaxytab18 from 129.146.241.147 port 44576","@timestamp":"2022-09-16T21:41:33.213Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:44:28 honeypot-ams-1 kernel: [84241249.337103] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=64518 DF PROTO=TCP SPT=52089 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:44:28.535Z"}
{"@timestamp":"2022-09-16T21:45:24.411Z","@version":"1","message":"Sep 16 21:45:23 honeypot-sgp-1 sshd[26691]: Invalid user admin from 92.255.85.69 port 17872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:53:50 honeypot-fra-1 sshd[22913]: Invalid user remi from 188.166.176.236 port 55178","@timestamp":"2022-09-16T21:53:51.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:54:41 honeypot-fra-1 sshd[22917]: Connection closed by authenticating user root 194.163.190.53 port 42552 [preauth]","@timestamp":"2022-09-16T21:54:42.508Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:56:00 honeypot-ams-1 kernel: [84241941.110945] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=29107 PROTO=TCP SPT=4062 DPT=80 WINDOW=20118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:56:00.835Z"}
{"@timestamp":"2022-09-16T22:01:58.790Z","@version":"1","message":"Sep 16 22:01:58 honeypot-sgp-1 sshd[26695]: Received disconnect from 27.50.54.88 port 59934:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:02:04 honeypot-fra-1 sshd[22922]: Disconnected from invalid user system 142.93.163.183 port 54332 [preauth]","@timestamp":"2022-09-16T22:02:04.674Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:04:22.848Z","@version":"1","message":"Sep 16 22:04:21 honeypot-sgp-1 sshd[26699]: Disconnected from invalid user newyork 203.150.102.162 port 60378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:05:53 honeypot-fra-1 sshd[22928]: Invalid user ftpuser1 from 182.23.23.42 port 46856","@timestamp":"2022-09-16T22:05:53.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:07:58 honeypot-fra-1 sshd[22933]: Received disconnect from 104.236.237.117 port 35127:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:07:58.840Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:08:54 honeypot-ams-1 kernel: [84242715.636542] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=62312 PROTO=TCP SPT=45554 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:08:55.173Z"}
{"@timestamp":"2022-09-16T22:09:01.957Z","@version":"1","message":"Sep 16 22:09:01 honeypot-sgp-1 sshd[26702]: Received disconnect from 92.255.85.69 port 32788:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:09:34 honeypot-fra-1 sshd[22937]: Disconnected from authenticating user root 46.101.187.234 port 44162 [preauth]","@timestamp":"2022-09-16T22:09:34.877Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:10:38.997Z","@version":"1","message":"Sep 16 22:10:38 honeypot-sgp-1 sshd[26705]: Disconnected from invalid user user 45.61.184.204 port 33108 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:10:58.007Z","@version":"1","message":"Sep 16 22:10:57 honeypot-sgp-1 sshd[26709]: Disconnected from invalid user user 45.61.184.204 port 55744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:15.014Z","@version":"1","message":"Sep 16 22:11:14 honeypot-sgp-1 sshd[26713]: Disconnected from invalid user user 45.61.184.204 port 50170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:32.023Z","@version":"1","message":"Sep 16 22:11:31 honeypot-sgp-1 sshd[26717]: Disconnected from invalid user user 45.61.184.204 port 44610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:13:48 honeypot-fra-1 sshd[22944]: Connection reset by 205.210.31.169 port 43639 [preauth]","@timestamp":"2022-09-16T22:13:48.978Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:18:23 honeypot-ams-1 sshd[32382]: Received disconnect from 92.255.85.70 port 62196:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:18:24.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:21:05 honeypot-fra-1 kernel: [84241278.478527] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=10850 PROTO=TCP SPT=44127 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:21:06.145Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:22:29 honeypot-ams-1 kernel: [84243530.573470] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.131 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=55141 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:22:29.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:25:28 honeypot-fra-1 sshd[22955]: Disconnected from invalid user theforest 212.109.207.62 port 37652 [preauth]","@timestamp":"2022-09-16T22:25:29.246Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:25:54 honeypot-ams-1 sshd[32390]: Invalid user guest from 193.106.191.157 port 46078","@timestamp":"2022-09-16T22:25:55.616Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:27:17 honeypot-fra-1 sshd[22961]: Connection closed by authenticating user root 194.163.190.53 port 52420 [preauth]","@timestamp":"2022-09-16T22:27:17.290Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:27:40.397Z","@version":"1","message":"Sep 16 22:27:40 honeypot-sgp-1 kernel: [84243365.524972] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=59961 PROTO=TCP SPT=44127 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:29:10.436Z","@version":"1","message":"Sep 16 22:29:09 honeypot-sgp-1 sshd[26728]: Disconnected from invalid user dan 116.177.233.76 port 33030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:30:41.474Z","@version":"1","message":"Sep 16 22:30:41 honeypot-sgp-1 sshd[26733]: Disconnected from invalid user builduser 24.62.135.19 port 35862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:30:56 honeypot-ams-1 sshd[32395]: Disconnected from authenticating user root 165.227.83.174 port 38562 [preauth]","@timestamp":"2022-09-16T22:30:57.749Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:38:37 honeypot-fra-1 sshd[22971]: Received disconnect from 165.22.45.108 port 38542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T22:38:38.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:41:42 honeypot-ams-1 sshd[32400]: Invalid user mysql from 92.255.85.69 port 58240","@timestamp":"2022-09-16T22:41:43.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:35 honeypot-fra-1 sshd[22976]: Connection closed by invalid user admin 128.199.168.83 port 32276 [preauth]","@timestamp":"2022-09-16T22:44:35.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:16 honeypot-ams-1 sshd[32404]: Disconnected from invalid user user 45.61.184.204 port 57974 [preauth]","@timestamp":"2022-09-16T22:45:17.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:35 honeypot-ams-1 sshd[32410]: Invalid user user from 45.61.184.204 port 52162","@timestamp":"2022-09-16T22:45:36.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:45 honeypot-ams-1 sshd[32412]: Disconnected from invalid user user 45.61.184.204 port 35140 [preauth]","@timestamp":"2022-09-16T22:45:45.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:46:03 honeypot-ams-1 sshd[32416]: Disconnected from invalid user user 45.61.184.204 port 57558 [preauth]","@timestamp":"2022-09-16T22:46:04.158Z"}
{"@timestamp":"2022-09-16T22:46:56.892Z","@version":"1","message":"Sep 16 22:46:56 honeypot-sgp-1 kernel: [84244521.674019] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.65 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=1936 PROTO=TCP SPT=59780 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:47:40 honeypot-fra-1 sshd[22982]: Connection closed by authenticating user root 194.163.190.53 port 48300 [preauth]","@timestamp":"2022-09-16T22:47:40.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:50:04 honeypot-fra-1 sshd[22987]: Invalid user support from 179.60.147.69 port 11738","@timestamp":"2022-09-16T22:50:04.809Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:52:22 honeypot-ams-1 sshd[32421]: Invalid user support from 179.60.147.69 port 20572","@timestamp":"2022-09-16T22:52:22.323Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:54:14 honeypot-ams-1 kernel: [84245435.162123] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51830 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:54:14.376Z"}
{"@timestamp":"2022-09-16T22:56:22.116Z","@version":"1","message":"Sep 16 22:56:21 honeypot-sgp-1 sshd[26743]: Invalid user it.support from 92.255.85.70 port 52892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:00:13.209Z","@version":"1","message":"Sep 16 23:00:12 honeypot-sgp-1 sshd[26748]: Connection closed by 162.142.125.121 port 45458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:01:13 honeypot-fra-1 sshd[22995]: Connection closed by invalid user nginx 103.188.176.251 port 49044 [preauth]","@timestamp":"2022-09-16T23:01:14.083Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:05:18 honeypot-ams-1 sshd[32431]: Invalid user it.support from 92.255.85.69 port 52694","@timestamp":"2022-09-16T23:05:18.652Z"}
{"@timestamp":"2022-09-16T23:05:56.339Z","@version":"1","message":"Sep 16 23:05:56 honeypot-sgp-1 sshd[26755]: Connection closed by invalid user admin 128.199.160.207 port 45930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:10.416Z","@version":"1","message":"Sep 16 23:09:10 honeypot-sgp-1 sshd[26760]: Invalid user user from 45.61.184.204 port 43744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:30.426Z","@version":"1","message":"Sep 16 23:09:30 honeypot-sgp-1 sshd[26764]: Invalid user user from 45.61.184.204 port 38362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:49.435Z","@version":"1","message":"Sep 16 23:09:48 honeypot-sgp-1 sshd[26768]: Invalid user user from 45.61.184.204 port 32976","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:10:06.443Z","@version":"1","message":"Sep 16 23:10:05 honeypot-sgp-1 sshd[26772]: Invalid user user from 45.61.184.204 port 55824","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:12:28 honeypot-fra-1 sshd[23000]: Invalid user it.support from 92.255.85.69 port 26620","@timestamp":"2022-09-16T23:12:29.337Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:14:46.551Z","@version":"1","message":"Sep 16 23:14:45 honeypot-sgp-1 sshd[26776]: Disconnected from invalid user user 45.61.186.49 port 52692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:15:00.558Z","@version":"1","message":"Sep 16 23:14:59 honeypot-sgp-1 sshd[26780]: Disconnected from invalid user user 45.61.186.49 port 35704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:16:34 honeypot-ams-1 kernel: [84246775.217341] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.44 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=34839 PROTO=TCP SPT=49833 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:16:34.934Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:17:36 honeypot-fra-1 sshd[23007]: Connection closed by authenticating user root 194.163.190.53 port 56560 [preauth]","@timestamp":"2022-09-16T23:17:36.454Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:17:54.626Z","@version":"1","message":"Sep 16 23:17:54 honeypot-sgp-1 sshd[26787]: Received disconnect from 103.186.100.72 port 40258:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:23:12.774Z","@version":"1","message":"Sep 16 23:23:12 honeypot-sgp-1 sshd[26792]: Connection closed by authenticating user root 103.188.176.251 port 45130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:24:56 honeypot-fra-1 kernel: [84245108.521179] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.203.57.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49941 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:24:56.620Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:08 honeypot-ams-1 sshd[32441]: Received disconnect from 185.172.77.242 port 59734:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:09.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32445]: Disconnected from invalid user ubnt 185.172.77.242 port 59758 [preauth]","@timestamp":"2022-09-16T23:25:09.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32451]: Disconnected from authenticating user root 185.172.77.242 port 59786 [preauth]","@timestamp":"2022-09-16T23:25:10.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:10 honeypot-ams-1 sshd[32457]: Disconnected from authenticating user root 185.172.77.242 port 59822 [preauth]","@timestamp":"2022-09-16T23:25:11.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:11 honeypot-ams-1 sshd[32463]: Disconnected from authenticating user root 185.172.77.242 port 59858 [preauth]","@timestamp":"2022-09-16T23:25:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:12 honeypot-ams-1 sshd[32469]: Disconnected from authenticating user root 185.172.77.242 port 59892 [preauth]","@timestamp":"2022-09-16T23:25:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:13 honeypot-ams-1 sshd[32475]: Disconnected from authenticating user root 185.172.77.242 port 60018 [preauth]","@timestamp":"2022-09-16T23:25:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:13 honeypot-ams-1 sshd[32481]: Disconnected from authenticating user root 185.172.77.242 port 60080 [preauth]","@timestamp":"2022-09-16T23:25:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:14 honeypot-ams-1 sshd[32487]: Disconnected from authenticating user root 185.172.77.242 port 60142 [preauth]","@timestamp":"2022-09-16T23:25:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:15 honeypot-ams-1 sshd[32493]: Disconnected from authenticating user root 185.172.77.242 port 60182 [preauth]","@timestamp":"2022-09-16T23:25:16.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:16 honeypot-ams-1 sshd[32499]: Disconnected from authenticating user root 185.172.77.242 port 60248 [preauth]","@timestamp":"2022-09-16T23:25:17.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:16 honeypot-ams-1 sshd[32505]: Disconnected from authenticating user root 185.172.77.242 port 60300 [preauth]","@timestamp":"2022-09-16T23:25:17.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:17 honeypot-ams-1 sshd[32511]: Disconnected from authenticating user root 185.172.77.242 port 60334 [preauth]","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32515]: Disconnected from invalid user admin 185.172.77.242 port 60364 [preauth]","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32519]: Disconnected from invalid user admin 185.172.77.242 port 60380 [preauth]","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32523]: Disconnected from invalid user admin 185.172.77.242 port 60426 [preauth]","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32527]: Disconnected from invalid user admin 185.172.77.242 port 60442 [preauth]","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32531]: Disconnected from invalid user admin 185.172.77.242 port 60462 [preauth]","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32537]: Received disconnect from 185.172.77.242 port 60508:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32541]: Received disconnect from 185.172.77.242 port 60536:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:22.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32545]: Received disconnect from 185.172.77.242 port 60560:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32549]: Received disconnect from 185.172.77.242 port 60600:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32553]: Received disconnect from 185.172.77.242 port 60710:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32557]: Received disconnect from 185.172.77.242 port 60746:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32561]: Received disconnect from 185.172.77.242 port 60790:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32565]: Received disconnect from 185.172.77.242 port 60826:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32569]: Received disconnect from 185.172.77.242 port 60854:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32573]: Received disconnect from 185.172.77.242 port 60888:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32577]: Received disconnect from 185.172.77.242 port 60938:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:27.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32581]: Received disconnect from 185.172.77.242 port 60976:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:27.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:29:06 honeypot-ams-1 sshd[32585]: Received disconnect from 92.255.85.69 port 15274:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:29:07.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:32 honeypot-fra-1 sshd[23034]: Invalid user chia from 125.88.226.4 port 41698","@timestamp":"2022-09-16T23:29:32.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:35 honeypot-fra-1 sshd[23045]: Invalid user vagrant from 125.88.226.4 port 41670","@timestamp":"2022-09-16T23:29:35.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:36 honeypot-fra-1 sshd[23037]: Invalid user web from 125.88.226.4 port 41690","@timestamp":"2022-09-16T23:29:36.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:37 honeypot-fra-1 sshd[23051]: Invalid user ftpuser from 125.88.226.4 port 41660","@timestamp":"2022-09-16T23:29:37.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:39 honeypot-fra-1 sshd[23044]: Connection closed by authenticating user root 125.88.226.4 port 41696 [preauth]","@timestamp":"2022-09-16T23:29:39.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:48 honeypot-fra-1 sshd[23032]: Connection closed by invalid user oracle 125.88.226.4 port 41678 [preauth]","@timestamp":"2022-09-16T23:29:48.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:07 honeypot-fra-1 sshd[23046]: Invalid user ec2-user from 125.88.226.4 port 41680","@timestamp":"2022-09-16T23:30:07.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:11 honeypot-fra-1 sshd[23036]: Connection closed by invalid user hadoop 125.88.226.4 port 41672 [preauth]","@timestamp":"2022-09-16T23:30:11.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:22 honeypot-fra-1 sshd[23043]: Invalid user devops from 125.88.226.4 port 41704","@timestamp":"2022-09-16T23:30:22.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:32 honeypot-fra-1 kernel: [84245445.237479] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31790 PROTO=TCP SPT=51006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:30:33.758Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:34:12 honeypot-ams-1 sshd[32590]: Received disconnect from 161.97.104.148 port 45922:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:34:12.448Z"}
{"@timestamp":"2022-09-16T23:36:02.070Z","@version":"1","message":"Sep 16 23:36:01 honeypot-sgp-1 sshd[26799]: error: maximum authentication attempts exceeded for invalid user admin from 207.65.145.87 port 45072 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:36:29 honeypot-fra-1 sshd[23079]: Disconnected from invalid user libsys 165.22.45.108 port 43676 [preauth]","@timestamp":"2022-09-16T23:36:29.891Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:43:09.235Z","@version":"1","message":"Sep 16 23:43:08 honeypot-sgp-1 sshd[26803]: Disconnected from invalid user init 92.255.85.70 port 58598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:45:48 honeypot-ams-1 sshd[32595]: Did not receive identification string from 154.89.5.117 port 57220","@timestamp":"2022-09-16T23:45:48.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:53:52 honeypot-fra-1 kernel: [84246845.204716] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42062 PROTO=TCP SPT=59801 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:53:53.283Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:59:31 honeypot-ams-1 kernel: [84249352.961017] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=29662 DF PROTO=TCP SPT=59588 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T23:59:32.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:59:47 honeypot-fra-1 sshd[23096]: Received disconnect from 92.255.85.70 port 40854:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:59:48.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:01:31 honeypot-fra-1 sshd[23100]: Disconnected from authenticating user root 190.103.202.12 port 43750 [preauth]","@timestamp":"2022-09-17T00:01:31.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:01:41.666Z","@version":"1","message":"Sep 17 00:01:40 honeypot-sgp-1 kernel: [84249005.838993] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.211 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33296 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:04:28 honeypot-fra-1 sshd[23106]: Received disconnect from 107.173.25.166 port 57784:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:04:28.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:06:12.792Z","@version":"1","message":"Sep 17 00:06:12 honeypot-sgp-1 sshd[26811]: Disconnected from authenticating user root 92.255.85.69 port 21010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:08:46 honeypot-fra-1 kernel: [84247738.386310] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=36106 PROTO=TCP SPT=52804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:08:46.634Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:10:48 honeypot-ams-1 kernel: [84250029.462056] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=93.75.7.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=48738 PROTO=TCP SPT=50105 DPT=443 WINDOW=39401 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:10:49.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:14:40 honeypot-fra-1 sshd[23117]: Received disconnect from 179.43.156.143 port 56286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:14:41.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:16:01 honeypot-fra-1 kernel: [84248173.829404] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41854 PROTO=TCP SPT=53544 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:16:01.822Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:01 honeypot-ams-1 CRON[32609]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T00:17:01.585Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:01 honeypot-fra-1 sshd[23128]: Received disconnect from 179.43.156.143 port 42462:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:17:01.848Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:36 honeypot-fra-1 sshd[23134]: Disconnected from authenticating user root 27.77.249.10 port 48516 [preauth]","@timestamp":"2022-09-17T00:17:36.864Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:37 honeypot-fra-1 sshd[23136]: Disconnected from invalid user ubnt 27.77.249.10 port 48558 [preauth]","@timestamp":"2022-09-17T00:17:37.865Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:38 honeypot-ams-1 sshd[32615]: Received disconnect from 101.231.146.34 port 38290:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:39.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:41 honeypot-fra-1 sshd[23144]: Disconnected from authenticating user root 27.77.249.10 port 48860 [preauth]","@timestamp":"2022-09-17T00:17:41.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:45 honeypot-fra-1 sshd[23150]: Disconnected from authenticating user root 27.77.249.10 port 49056 [preauth]","@timestamp":"2022-09-17T00:17:46.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:50 honeypot-fra-1 sshd[23156]: Disconnected from authenticating user root 27.77.249.10 port 49356 [preauth]","@timestamp":"2022-09-17T00:17:50.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:54 honeypot-fra-1 sshd[23162]: Disconnected from authenticating user root 27.77.249.10 port 49538 [preauth]","@timestamp":"2022-09-17T00:17:54.875Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:55 honeypot-ams-1 sshd[32619]: Received disconnect from 45.61.186.249 port 50758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:17:55.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:58 honeypot-fra-1 sshd[23168]: Disconnected from authenticating user root 27.77.249.10 port 49652 [preauth]","@timestamp":"2022-09-17T00:17:58.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:02 honeypot-fra-1 sshd[23175]: Disconnected from authenticating user root 27.77.249.10 port 49970 [preauth]","@timestamp":"2022-09-17T00:18:02.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:06 honeypot-fra-1 sshd[23181]: Disconnected from authenticating user root 27.77.249.10 port 50080 [preauth]","@timestamp":"2022-09-17T00:18:06.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:10 honeypot-fra-1 sshd[23187]: Disconnected from authenticating user root 27.77.249.10 port 50356 [preauth]","@timestamp":"2022-09-17T00:18:11.885Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:13 honeypot-fra-1 sshd[23191]: Received disconnect from 27.77.249.10 port 50478:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:13.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:14 honeypot-ams-1 sshd[32623]: Received disconnect from 45.61.186.249 port 44958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:18:14.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:17 honeypot-fra-1 sshd[23199]: Received disconnect from 27.77.249.10 port 50590:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:17.888Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:22 honeypot-fra-1 sshd[23205]: Received disconnect from 27.77.249.10 port 50858:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:22.892Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:24 honeypot-fra-1 sshd[23209]: Disconnected from invalid user admin 27.77.249.10 port 50978 [preauth]","@timestamp":"2022-09-17T00:18:25.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:27 honeypot-fra-1 sshd[23213]: Disconnected from invalid user admin 27.77.249.10 port 51052 [preauth]","@timestamp":"2022-09-17T00:18:27.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:30 honeypot-fra-1 sshd[23217]: Disconnected from invalid user admin 27.77.249.10 port 51278 [preauth]","@timestamp":"2022-09-17T00:18:30.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:31 honeypot-ams-1 sshd[32627]: Received disconnect from 45.61.186.249 port 39158:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:18:31.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:33 honeypot-fra-1 sshd[23221]: Disconnected from invalid user admin 27.77.249.10 port 51422 [preauth]","@timestamp":"2022-09-17T00:18:33.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:36 honeypot-fra-1 sshd[23225]: Disconnected from invalid user admin 27.77.249.10 port 51482 [preauth]","@timestamp":"2022-09-17T00:18:36.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:38 honeypot-fra-1 sshd[23229]: Disconnected from invalid user user 27.77.249.10 port 51550 [preauth]","@timestamp":"2022-09-17T00:18:38.902Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:43 honeypot-fra-1 sshd[23235]: Received disconnect from 27.77.249.10 port 51878:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:43.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:45 honeypot-fra-1 sshd[23239]: Received disconnect from 27.77.249.10 port 51940:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:46.906Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:48 honeypot-fra-1 sshd[23243]: Received disconnect from 27.77.249.10 port 52010:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:48.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:51 honeypot-fra-1 sshd[23249]: Disconnected from authenticating user root 179.43.156.143 port 60284 [preauth]","@timestamp":"2022-09-17T00:18:51.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:52 honeypot-fra-1 sshd[23251]: Disconnected from invalid user volumio 27.77.249.10 port 52338 [preauth]","@timestamp":"2022-09-17T00:18:52.911Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:55 honeypot-fra-1 sshd[23255]: Disconnected from invalid user nagios 27.77.249.10 port 52412 [preauth]","@timestamp":"2022-09-17T00:18:55.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:58 honeypot-fra-1 sshd[23259]: Disconnected from invalid user vagrant 27.77.249.10 port 52494 [preauth]","@timestamp":"2022-09-17T00:18:58.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:01 honeypot-fra-1 sshd[23263]: Disconnected from invalid user debian 27.77.249.10 port 52718 [preauth]","@timestamp":"2022-09-17T00:19:01.916Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:03 honeypot-fra-1 sshd[23267]: Disconnected from invalid user debian 27.77.249.10 port 52860 [preauth]","@timestamp":"2022-09-17T00:19:04.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:06 honeypot-fra-1 sshd[23271]: Disconnected from invalid user alarm 27.77.249.10 port 52946 [preauth]","@timestamp":"2022-09-17T00:19:06.920Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:09 honeypot-fra-1 sshd[23275]: Disconnected from invalid user test 27.77.249.10 port 53110 [preauth]","@timestamp":"2022-09-17T00:19:09.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:12 honeypot-fra-1 sshd[23279]: Disconnected from invalid user cirros 27.77.249.10 port 53266 [preauth]","@timestamp":"2022-09-17T00:19:12.923Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:20:07 honeypot-ams-1 sshd[32633]: Invalid user pi from 95.91.249.69 port 41101","@timestamp":"2022-09-17T00:20:08.677Z"}
{"@timestamp":"2022-09-17T00:20:23.122Z","@version":"1","message":"Sep 17 00:20:22 honeypot-sgp-1 kernel: [84250127.861383] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=147.182.199.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=2710 PROTO=TCP SPT=53929 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:20:47 honeypot-fra-1 sshd[23285]: Disconnected from authenticating user root 179.43.156.143 port 49958 [preauth]","@timestamp":"2022-09-17T00:20:47.961Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:20:52 honeypot-ams-1 sshd[32635]: Disconnected from invalid user ullar 43.128.228.34 port 57522 [preauth]","@timestamp":"2022-09-17T00:20:52.698Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:21:26 honeypot-fra-1 sshd[23291]: Disconnected from authenticating user root 206.81.18.182 port 41790 [preauth]","@timestamp":"2022-09-17T00:21:26.980Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:24:17 honeypot-fra-1 kernel: [84248669.638483] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=2686 PROTO=TCP SPT=17203 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:24:18.049Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:24:47 honeypot-ams-1 sshd[32640]: Invalid user cui from 187.190.40.6 port 10304","@timestamp":"2022-09-17T00:24:47.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32645]: Invalid user admin from 36.93.83.5 port 43174","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32652]: Invalid user admin from 36.93.83.5 port 43178","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32661]: Invalid user michael from 36.93.83.5 port 43248","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32647]: Connection closed by authenticating user root 36.93.83.5 port 43480 [preauth]","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32657]: Invalid user oracle from 36.93.83.5 port 43286","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32692]: Invalid user esuser from 36.93.83.5 port 43338","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32666]: Invalid user testuser from 36.93.83.5 port 43318","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:32 honeypot-ams-1 sshd[32693]: Invalid user steam from 36.93.83.5 port 43200","@timestamp":"2022-09-17T00:26:32.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:33 honeypot-ams-1 sshd[32695]: Connection closed by invalid user testuser 36.93.83.5 port 43350 [preauth]","@timestamp":"2022-09-17T00:26:34.858Z"}
{"@timestamp":"2022-09-17T00:27:56.300Z","@version":"1","message":"Sep 17 00:27:55 honeypot-sgp-1 kernel: [84250580.728529] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=12403 DF PROTO=TCP SPT=57944 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:34:17 honeypot-fra-1 sshd[23307]: Received disconnect from 165.22.45.108 port 48816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:34:18.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:34:33 honeypot-ams-1 sshd[32705]: Disconnected from invalid user weng 96.252.118.195 port 51026 [preauth]","@timestamp":"2022-09-17T00:34:34.071Z"}
{"@timestamp":"2022-09-17T00:38:05.540Z","@version":"1","message":"Sep 17 00:38:05 honeypot-sgp-1 sshd[26826]: Connection closed by invalid user guest 179.60.147.69 port 28544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:38:15 honeypot-ams-1 sshd[32709]: Received disconnect from 202.77.105.98 port 40330:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:38:16.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:39:12 honeypot-fra-1 sshd[23312]: Connection closed by invalid user guest 179.60.147.69 port 24822 [preauth]","@timestamp":"2022-09-17T00:39:13.396Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:40:51 honeypot-ams-1 sshd[32716]: Received disconnect from 51.15.221.3 port 59436:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:40:52.240Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:45:09 honeypot-ams-1 kernel: [84252090.360664] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.136 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49196 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:45:10.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:47:21 honeypot-fra-1 sshd[23321]: Received disconnect from 92.255.85.69 port 55038:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:47:21.583Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:53:33.905Z","@version":"1","message":"Sep 17 00:53:33 honeypot-sgp-1 sshd[26832]: Disconnected from authenticating user root 92.255.85.69 port 63544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:54:52 honeypot-ams-1 kernel: [84252673.805799] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=15229 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:54:53.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:56:03 honeypot-fra-1 sshd[23324]: Connection closed by authenticating user root 194.163.190.53 port 37162 [preauth]","@timestamp":"2022-09-17T00:56:03.781Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:58:49 honeypot-ams-1 kernel: [84252910.445274] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=29330 DF PROTO=TCP SPT=57016 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T00:58:49.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:36 honeypot-ams-1 sshd[32728]: Received disconnect from 45.61.187.160 port 53908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:59:37.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:55 honeypot-ams-1 sshd[32732]: Received disconnect from 45.61.187.160 port 48484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:59:55.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:14 honeypot-ams-1 sshd[32736]: Received disconnect from 45.61.187.160 port 42926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T01:00:14.782Z"}
{"@timestamp":"2022-09-17T01:00:32.073Z","@version":"1","message":"Sep 17 01:00:31 honeypot-sgp-1 sshd[26837]: Disconnected from authenticating user root 23.101.72.99 port 52418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:48 honeypot-ams-1 sshd[32740]: Disconnected from authenticating user root 92.255.85.69 port 31864 [preauth]","@timestamp":"2022-09-17T01:00:48.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:16 honeypot-ams-1 sshd[32745]: Disconnected from authenticating user root 116.70.238.244 port 58318 [preauth]","@timestamp":"2022-09-17T01:06:16.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:22 honeypot-ams-1 sshd[32751]: Received disconnect from 116.70.238.244 port 58518:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:22.953Z"}
{"@timestamp":"2022-09-17T01:06:27.212Z","@version":"1","message":"Sep 17 01:06:27 honeypot-sgp-1 sshd[26844]: Invalid user zimbra from 223.70.243.190 port 54596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:29 honeypot-ams-1 sshd[32757]: Received disconnect from 116.70.238.244 port 58715:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:29.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:36 honeypot-ams-1 sshd[32763]: Received disconnect from 116.70.238.244 port 58858:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:36.962Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:43 honeypot-ams-1 sshd[301]: Received disconnect from 116.70.238.244 port 59058:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:43.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:08:59 honeypot-fra-1 sshd[23332]: Received disconnect from 51.38.49.17 port 40448:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:09:00.075Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:09:59.297Z","@version":"1","message":"Sep 17 01:09:59 honeypot-sgp-1 kernel: [84253104.259850] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.186 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=52988 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:10:30 honeypot-fra-1 sshd[23336]: Disconnected from authenticating user root 92.255.85.70 port 48920 [preauth]","@timestamp":"2022-09-17T01:10:31.111Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:13:55.390Z","@version":"1","message":"Sep 17 01:13:54 honeypot-sgp-1 kernel: [84253339.630506] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=24802 DF PROTO=TCP SPT=55010 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:15:19 honeypot-fra-1 sshd[23343]: Connection closed by invalid user user 179.60.147.69 port 48690 [preauth]","@timestamp":"2022-09-17T01:15:20.221Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:16:41.459Z","@version":"1","message":"Sep 17 01:16:41 honeypot-sgp-1 sshd[26856]: Disconnected from authenticating user root 92.255.85.69 port 35992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:17:01 honeypot-ams-1 CRON[307]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T01:17:01.233Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:23:40 honeypot-fra-1 sshd[23349]: Connection closed by authenticating user root 194.163.190.53 port 44864 [preauth]","@timestamp":"2022-09-17T01:23:41.414Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:26:15 honeypot-ams-1 sshd[330]: Received disconnect from 92.255.85.69 port 46736:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:26:16.482Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:28:31 honeypot-fra-1 sshd[23358]: Received disconnect from 165.227.196.229 port 58084:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:28:31.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:32:59 honeypot-fra-1 sshd[23363]: Connection closed by authenticating user root 194.163.190.53 port 56790 [preauth]","@timestamp":"2022-09-17T01:32:59.637Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:33:17.847Z","@version":"1","message":"Sep 17 01:33:17 honeypot-sgp-1 sshd[26863]: Received disconnect from 91.240.118.222 port 38896:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:34:13 honeypot-fra-1 sshd[23369]: Received disconnect from 128.199.73.168 port 45418:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:34:13.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:35:11 honeypot-ams-1 sshd[335]: Disconnected from authenticating user root 198.199.93.112 port 53966 [preauth]","@timestamp":"2022-09-17T01:35:11.726Z"}
{"@timestamp":"2022-09-17T01:38:17.967Z","@version":"1","message":"Sep 17 01:38:17 honeypot-sgp-1 sshd[26870]: Invalid user admin from 121.130.13.166 port 54019","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:41:04 honeypot-ams-1 kernel: [84255445.448032] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=56698 PROTO=TCP SPT=18695 DPT=80 WINDOW=59071 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:41:04.890Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:42:27 honeypot-fra-1 sshd[23374]: Connection closed by authenticating user root 194.163.190.53 port 41022 [preauth]","@timestamp":"2022-09-17T01:42:27.853Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:44:43.119Z","@version":"1","message":"Sep 17 01:44:42 honeypot-sgp-1 sshd[26877]: Invalid user marcel from 199.192.24.154 port 49290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:44:56 honeypot-ams-1 sshd[344]: Disconnected from invalid user nagios 209.212.45.102 port 47984 [preauth]","@timestamp":"2022-09-17T01:44:56.996Z"}
{"@timestamp":"2022-09-17T01:47:31.185Z","@version":"1","message":"Sep 17 01:47:30 honeypot-sgp-1 sshd[26882]: Connection closed by authenticating user root 103.188.176.251 port 38288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:49:40 honeypot-ams-1 sshd[349]: Received disconnect from 92.255.85.70 port 44530:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:49:41.125Z"}
{"@timestamp":"2022-09-17T01:51:56.300Z","@version":"1","message":"Sep 17 01:51:55 honeypot-sgp-1 sshd[26889]: Disconnected from authenticating user root 45.170.82.93 port 52852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:53:57 honeypot-ams-1 sshd[354]: Invalid user test from 179.60.147.69 port 55370","@timestamp":"2022-09-17T01:53:58.241Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:56:53 honeypot-fra-1 sshd[23382]: Disconnected from authenticating user root 92.255.85.70 port 22624 [preauth]","@timestamp":"2022-09-17T01:56:54.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:59:06 honeypot-ams-1 sshd[357]: Disconnected from authenticating user root 177.73.2.57 port 35562 [preauth]","@timestamp":"2022-09-17T01:59:06.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23396]: Invalid user oracle from 168.167.72.179 port 3152","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23398]: Invalid user testuser from 168.167.72.179 port 3138","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23403]: Invalid user es from 168.167.72.179 port 3141","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23395]: Connection closed by invalid user ubuntu 168.167.72.179 port 3139 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23390]: Connection closed by invalid user oracle 168.167.72.179 port 3145 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23402]: Connection closed by invalid user ubuntu 168.167.72.179 port 3155 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23404]: Connection closed by authenticating user root 168.167.72.179 port 3150 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:04:14.608Z","@version":"1","message":"Sep 17 02:04:14 honeypot-sgp-1 sshd[26892]: Received disconnect from 92.255.85.69 port 25212:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:04:55 honeypot-ams-1 kernel: [84256876.044032] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=59465 DF PROTO=TCP SPT=56712 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T02:04:55.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:06:28 honeypot-fra-1 kernel: [84254800.855853] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.199.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55454 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:06:29.399Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:08:41 honeypot-ams-1 kernel: [84257102.162657] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=177.221.74.140 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=11852 PROTO=TCP SPT=40132 DPT=80 WINDOW=10340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:08:41.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:13:28 honeypot-ams-1 sshd[367]: Disconnected from authenticating user root 92.255.85.70 port 50042 [preauth]","@timestamp":"2022-09-17T02:13:28.785Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:16:16 honeypot-fra-1 sshd[23444]: Received disconnect from 128.199.171.119 port 54172:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:16:16.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:17:01 honeypot-ams-1 CRON[373]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T02:17:01.884Z"}
{"@timestamp":"2022-09-17T02:17:01.944Z","@version":"1","message":"Sep 17 02:17:01 honeypot-sgp-1 CRON[26901]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:19:44 honeypot-ams-1 sshd[379]: Disconnected from authenticating user root 188.166.247.82 port 55656 [preauth]","@timestamp":"2022-09-17T02:19:44.983Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:20:13 honeypot-fra-1 sshd[23451]: Disconnected from authenticating user root 92.255.85.70 port 35530 [preauth]","@timestamp":"2022-09-17T02:20:13.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:21:21 honeypot-ams-1 sshd[383]: Disconnected from invalid user asj 183.82.96.133 port 42476 [preauth]","@timestamp":"2022-09-17T02:21:22.031Z"}
{"@timestamp":"2022-09-17T02:26:42.186Z","@version":"1","message":"Sep 17 02:26:41 honeypot-sgp-1 sshd[26905]: Invalid user debian from 179.60.147.69 port 51172","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:26:58.195Z","@version":"1","message":"Sep 17 02:26:57 honeypot-sgp-1 sshd[26910]: Invalid user user from 45.61.186.49 port 53194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:07.199Z","@version":"1","message":"Sep 17 02:27:07 honeypot-sgp-1 sshd[26914]: Invalid user user from 45.61.186.49 port 35952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:29:38 honeypot-fra-1 sshd[23459]: Disconnected from invalid user licongcong 165.22.45.108 port 59072 [preauth]","@timestamp":"2022-09-17T02:29:38.925Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:30:01 honeypot-ams-1 sshd[389]: Invalid user debian from 179.60.147.69 port 2324","@timestamp":"2022-09-17T02:30:02.267Z"}
{"@timestamp":"2022-09-17T02:30:52.294Z","@version":"1","message":"Sep 17 02:30:51 honeypot-sgp-1 kernel: [84257956.315813] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=44768 PROTO=TCP SPT=41804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:32:42 honeypot-ams-1 sshd[393]: Disconnected from authenticating user root 85.31.46.45 port 33804 [preauth]","@timestamp":"2022-09-17T02:32:42.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:11 honeypot-ams-1 sshd[397]: Disconnected from invalid user test 85.31.46.45 port 42480 [preauth]","@timestamp":"2022-09-17T02:33:12.357Z"}
{"@timestamp":"2022-09-17T02:33:45.368Z","@version":"1","message":"Sep 17 02:33:45 honeypot-sgp-1 sshd[26923]: Received disconnect from 170.210.46.4 port 50302:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:53 honeypot-ams-1 sshd[404]: Disconnected from authenticating user root 85.31.46.45 port 41274 [preauth]","@timestamp":"2022-09-17T02:33:53.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:34:35 honeypot-ams-1 sshd[411]: Received disconnect from 85.31.46.45 port 40164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:34:36.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:34:45 honeypot-fra-1 sshd[23464]: Disconnected from authenticating user root 209.97.183.120 port 56636 [preauth]","@timestamp":"2022-09-17T02:34:46.040Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:35:18 honeypot-ams-1 sshd[417]: Invalid user user from 85.31.46.45 port 38844","@timestamp":"2022-09-17T02:35:18.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:36:53 honeypot-ams-1 sshd[425]: Invalid user operator from 92.255.85.69 port 26596","@timestamp":"2022-09-17T02:36:54.464Z"}
{"@timestamp":"2022-09-17T02:40:54.544Z","@version":"1","message":"Sep 17 02:40:53 honeypot-sgp-1 sshd[26930]: Invalid user pisica from 27.118.22.221 port 39540","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:22 honeypot-fra-1 kernel: [84256894.165237] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=9258 PROTO=TCP SPT=43117 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:41:23.191Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:34 honeypot-fra-1 sshd[23472]: Disconnected from invalid user user 45.61.186.169 port 49348 [preauth]","@timestamp":"2022-09-17T02:41:35.196Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:41:35 honeypot-ams-1 kernel: [84259076.025087] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.100.58 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=45323 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:41:35.593Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:51 honeypot-fra-1 sshd[23476]: Disconnected from invalid user user 45.61.186.169 port 43870 [preauth]","@timestamp":"2022-09-17T02:41:52.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:42:07 honeypot-fra-1 sshd[23480]: Disconnected from invalid user user 45.61.186.169 port 38408 [preauth]","@timestamp":"2022-09-17T02:42:08.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:44:02 honeypot-fra-1 sshd[23484]: Disconnected from invalid user operator 92.255.85.69 port 52258 [preauth]","@timestamp":"2022-09-17T02:44:03.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:11 honeypot-ams-1 sshd[433]: Received disconnect from 60.179.177.78 port 54232:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:12.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:17 honeypot-ams-1 sshd[439]: Received disconnect from 60.179.177.78 port 54546:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:17.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:23 honeypot-ams-1 sshd[445]: Received disconnect from 60.179.177.78 port 54884:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:23.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:28 honeypot-ams-1 sshd[451]: Received disconnect from 60.179.177.78 port 55188:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:29.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:34 honeypot-ams-1 sshd[457]: Received disconnect from 60.179.177.78 port 55518:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:34.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:40 honeypot-ams-1 sshd[463]: Received disconnect from 60.179.177.78 port 55848:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:40.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:45 honeypot-ams-1 sshd[469]: Received disconnect from 60.179.177.78 port 56174:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:46.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:51 honeypot-ams-1 sshd[475]: Received disconnect from 60.179.177.78 port 56490:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:51.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:57 honeypot-ams-1 sshd[481]: Received disconnect from 60.179.177.78 port 56820:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:57.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:02 honeypot-ams-1 sshd[487]: Received disconnect from 60.179.177.78 port 57138:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:03.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:08 honeypot-ams-1 sshd[493]: Received disconnect from 60.179.177.78 port 57466:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:08.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:14 honeypot-ams-1 sshd[499]: Received disconnect from 60.179.177.78 port 57818:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:14.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:18 honeypot-ams-1 sshd[503]: Received disconnect from 60.179.177.78 port 58044:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:18.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:22 honeypot-ams-1 sshd[507]: Received disconnect from 60.179.177.78 port 58312:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:22.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:26 honeypot-ams-1 sshd[511]: Received disconnect from 60.179.177.78 port 58532:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:26.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:30 honeypot-ams-1 sshd[515]: Received disconnect from 60.179.177.78 port 58750:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:30.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:33 honeypot-ams-1 sshd[519]: Received disconnect from 60.179.177.78 port 58976:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:34.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:37 honeypot-ams-1 sshd[523]: Disconnected from authenticating user root 60.179.177.78 port 59188 [preauth]","@timestamp":"2022-09-17T02:45:38.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:43 honeypot-ams-1 sshd[529]: Invalid user pi from 60.179.177.78 port 59528","@timestamp":"2022-09-17T02:45:43.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:46 honeypot-ams-1 sshd[533]: Invalid user ethos from 60.179.177.78 port 59746","@timestamp":"2022-09-17T02:45:47.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:50 honeypot-ams-1 sshd[537]: Invalid user miner from 60.179.177.78 port 59966","@timestamp":"2022-09-17T02:45:51.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:54 honeypot-ams-1 sshd[541]: Invalid user volumio from 60.179.177.78 port 60184","@timestamp":"2022-09-17T02:45:54.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:58 honeypot-ams-1 sshd[545]: Invalid user nagios from 60.179.177.78 port 60422","@timestamp":"2022-09-17T02:45:58.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:02 honeypot-ams-1 sshd[549]: Invalid user vagrant from 60.179.177.78 port 60656","@timestamp":"2022-09-17T02:46:02.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:05 honeypot-ams-1 sshd[553]: Invalid user debian from 60.179.177.78 port 60864","@timestamp":"2022-09-17T02:46:06.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:09 honeypot-ams-1 sshd[557]: Invalid user debian from 60.179.177.78 port 32852","@timestamp":"2022-09-17T02:46:10.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:13 honeypot-ams-1 sshd[561]: Invalid user alarm from 60.179.177.78 port 33120","@timestamp":"2022-09-17T02:46:14.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:17 honeypot-ams-1 sshd[565]: Invalid user test from 60.179.177.78 port 33332","@timestamp":"2022-09-17T02:46:17.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:21 honeypot-ams-1 sshd[569]: Invalid user cirros from 60.179.177.78 port 33570","@timestamp":"2022-09-17T02:46:21.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:48:18 honeypot-fra-1 sshd[23491]: Received disconnect from 91.240.118.222 port 49834:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-17T02:48:19.351Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:51:04.797Z","@version":"1","message":"Sep 17 02:51:03 honeypot-sgp-1 kernel: [84259168.887315] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.46.254.155 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=51582 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:55:03 honeypot-fra-1 kernel: [84257715.215962] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.68.37 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=44565 DF PROTO=TCP SPT=50006 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:55:03.504Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:58:19 honeypot-ams-1 kernel: [84260080.276239] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51306 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:58:20.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:00:19 honeypot-fra-1 sshd[23506]: Invalid user admin from 122.117.240.70 port 54068","@timestamp":"2022-09-17T03:00:19.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:02:51.090Z","@version":"1","message":"Sep 17 03:02:51 honeypot-sgp-1 kernel: [84259875.977933] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=28956 DF PROTO=TCP SPT=58607 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:04:06 honeypot-fra-1 sshd[23510]: Disconnected from invalid user thanks 104.131.186.38 port 41498 [preauth]","@timestamp":"2022-09-17T03:04:06.716Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:06:04 honeypot-ams-1 sshd[576]: Connection closed by invalid user support 179.60.147.69 port 32504 [preauth]","@timestamp":"2022-09-17T03:06:04.267Z"}
{"@timestamp":"2022-09-17T03:12:09.327Z","@version":"1","message":"Sep 17 03:12:08 honeypot-sgp-1 kernel: [84260433.659342] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=228 ID=6484 PROTO=TCP SPT=43604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:13:10 honeypot-fra-1 sshd[23518]: Invalid user user from 193.106.191.157 port 42984","@timestamp":"2022-09-17T03:13:10.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:16:16 honeypot-fra-1 sshd[23522]: Received disconnect from 186.209.111.2 port 57104:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:16:16.994Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:17:10 honeypot-ams-1 sshd[582]: Received disconnect from 160.251.83.115 port 60856:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:17:10.561Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:21:21 honeypot-fra-1 sshd[23530]: Connection closed by authenticating user root 194.163.190.53 port 58672 [preauth]","@timestamp":"2022-09-17T03:21:22.109Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:21:24 honeypot-ams-1 sshd[586]: Received disconnect from 46.101.82.89 port 59630:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:21:25.672Z"}
{"@timestamp":"2022-09-17T03:26:04.675Z","@version":"1","message":"Sep 17 03:26:03 honeypot-sgp-1 kernel: [84261268.877865] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.175 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45719 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:26:55 honeypot-fra-1 sshd[23536]: Invalid user user from 45.61.186.49 port 59920","@timestamp":"2022-09-17T03:26:56.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:06 honeypot-fra-1 sshd[23540]: Invalid user user from 45.61.186.49 port 43286","@timestamp":"2022-09-17T03:27:07.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:53 honeypot-fra-1 sshd[23544]: Invalid user licongcong from 165.22.45.108 port 35984","@timestamp":"2022-09-17T03:27:54.255Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:31:24.808Z","@version":"1","message":"Sep 17 03:31:24 honeypot-sgp-1 kernel: [84261589.310601] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=36551 PROTO=TCP SPT=31767 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:33:57 honeypot-fra-1 sshd[23547]: Connection closed by authenticating user root 194.163.190.53 port 42474 [preauth]","@timestamp":"2022-09-17T03:33:58.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:35:56 honeypot-ams-1 sshd[593]: Did not receive identification string from 45.61.186.49 port 56750","@timestamp":"2022-09-17T03:35:57.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:11 honeypot-ams-1 sshd[596]: Disconnected from invalid user user 45.61.186.49 port 58168 [preauth]","@timestamp":"2022-09-17T03:36:12.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:21 honeypot-ams-1 sshd[600]: Disconnected from invalid user user 45.61.186.49 port 41604 [preauth]","@timestamp":"2022-09-17T03:36:22.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:38:38 honeypot-ams-1 sshd[604]: Disconnected from invalid user lucy1 176.102.38.42 port 56024 [preauth]","@timestamp":"2022-09-17T03:38:39.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:40:43 honeypot-fra-1 sshd[23554]: Connection closed by invalid user admin 141.98.10.158 port 60164 [preauth]","@timestamp":"2022-09-17T03:40:43.551Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:42:58.086Z","@version":"1","message":"Sep 17 03:42:57 honeypot-sgp-1 sshd[26961]: Invalid user rdp from 187.102.174.154 port 53854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T03:45:02.139Z","@version":"1","message":"Sep 17 03:45:01 honeypot-sgp-1 sshd[26964]: Disconnected from invalid user hj 138.68.79.195 port 57356 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:48:45 honeypot-ams-1 sshd[612]: Invalid user user from 193.106.191.157 port 34130","@timestamp":"2022-09-17T03:48:45.383Z"}
{"@timestamp":"2022-09-17T03:50:36.274Z","@version":"1","message":"Sep 17 03:50:36 honeypot-sgp-1 kernel: [84262741.024005] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=60042 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:52:07 honeypot-fra-1 sshd[23564]: Invalid user admin from 182.70.115.11 port 46606","@timestamp":"2022-09-17T03:52:07.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:55:34 honeypot-fra-1 sshd[23568]: Received disconnect from 104.248.123.197 port 41624:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:55:34.899Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:57:33 honeypot-ams-1 sshd[615]: Received disconnect from 43.155.83.218 port 35724:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:57:33.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:58:52 honeypot-fra-1 sshd[23575]: Invalid user user from 193.106.191.157 port 45162","@timestamp":"2022-09-17T03:58:53.013Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:04:10 honeypot-ams-1 kernel: [84264031.022595] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.191.212 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=8128 PROTO=TCP SPT=20000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:04:10.795Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:09:16 honeypot-fra-1 kernel: [84262167.731923] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.192.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37046 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:09:16.254Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:11:54.787Z","@version":"1","message":"Sep 17 04:11:54 honeypot-sgp-1 sshd[26987]: Received disconnect from 61.177.173.53 port 28024:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:13:41 honeypot-ams-1 kernel: [84264602.606761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=82 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=28666 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:13:42.050Z"}
{"@timestamp":"2022-09-17T04:15:20.874Z","@version":"1","message":"Sep 17 04:15:20 honeypot-sgp-1 sshd[26993]: Connection closed by invalid user default 179.60.147.69 port 5706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:16:29 honeypot-fra-1 sshd[23589]: Invalid user default from 179.60.147.69 port 36942","@timestamp":"2022-09-17T04:16:29.426Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:17:56 honeypot-fra-1 kernel: [84262688.014280] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=2927 PROTO=TCP SPT=40221 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:17:56.463Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:19:04 honeypot-ams-1 kernel: [84264925.374318] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.150 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=52985 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:19:05.197Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:21:11 honeypot-fra-1 sshd[23602]: Disconnected from authenticating user root 61.177.172.108 port 38405 [preauth]","@timestamp":"2022-09-17T04:21:11.539Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:21:24.024Z","@version":"1","message":"Sep 17 04:21:23 honeypot-sgp-1 sshd[27003]: Invalid user taev from 221.148.45.168 port 43496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:05 honeypot-ams-1 sshd[632]: Invalid user user from 45.61.186.49 port 51058","@timestamp":"2022-09-17T04:27:06.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:15 honeypot-ams-1 sshd[636]: Invalid user user from 45.61.186.49 port 34540","@timestamp":"2022-09-17T04:27:16.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:29:25 honeypot-fra-1 sshd[23613]: Received disconnect from 103.140.181.14 port 36662:11: Bye Bye [preauth]","@timestamp":"2022-09-17T04:29:26.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:04 honeypot-fra-1 sshd[23621]: Disconnected from invalid user user 45.61.186.169 port 39748 [preauth]","@timestamp":"2022-09-17T04:32:04.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:23 honeypot-fra-1 sshd[23627]: Disconnected from invalid user user 45.61.186.169 port 34702 [preauth]","@timestamp":"2022-09-17T04:32:23.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:40 honeypot-fra-1 sshd[23631]: Disconnected from invalid user user 45.61.186.169 port 57872 [preauth]","@timestamp":"2022-09-17T04:32:40.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:57 honeypot-fra-1 sshd[23635]: Disconnected from invalid user user 45.61.186.169 port 52838 [preauth]","@timestamp":"2022-09-17T04:32:57.816Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:34:29 honeypot-ams-1 kernel: [84265850.708197] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=20440 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:34:30.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:35:33 honeypot-ams-1 sshd[641]: Disconnected from invalid user superadmin 91.240.118.222 port 7112 [preauth]","@timestamp":"2022-09-17T04:35:33.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:38:46 honeypot-fra-1 sshd[23640]: Disconnected from authenticating user root 61.177.172.124 port 17461 [preauth]","@timestamp":"2022-09-17T04:38:46.950Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:39:03.450Z","@version":"1","message":"Sep 17 04:39:02 honeypot-sgp-1 sshd[27010]: Received disconnect from 61.177.173.53 port 15181:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T04:41:33.514Z","@version":"1","message":"Sep 17 04:41:32 honeypot-sgp-1 kernel: [84265797.598696] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.251 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57744 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:44:40 honeypot-ams-1 kernel: [84266461.571571] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=41313 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:44:40.873Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:45:02 honeypot-fra-1 sshd[23651]: Received disconnect from 202.4.119.45 port 33681:11: Bye Bye [preauth]","@timestamp":"2022-09-17T04:45:03.095Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:48:30 honeypot-fra-1 sshd[23655]: Received disconnect from 61.177.173.51 port 43112:11:  [preauth]","@timestamp":"2022-09-17T04:48:30.176Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:50:05.725Z","@version":"1","message":"Sep 17 04:50:05 honeypot-sgp-1 kernel: [84266309.902402] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.155.90.68 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=43256 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:50:19 honeypot-fra-1 kernel: [84264630.637403] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=2507 DF PROTO=TCP SPT=61052 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T04:50:19.221Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:17 honeypot-fra-1 sshd[23668]: Did not receive identification string from 185.209.179.41 port 37182","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23674]: Invalid user test from 185.209.179.41 port 40924","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23687]: Invalid user admin from 185.209.179.41 port 40914","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23675]: Invalid user postgres from 185.209.179.41 port 40876","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23671]: Connection closed by invalid user linkxess 185.209.179.41 port 40866 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23689]: Connection closed by invalid user devops 185.209.179.41 port 40898 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23674]: Connection closed by invalid user test 185.209.179.41 port 40924 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23670]: Connection closed by invalid user ansible 185.209.179.41 port 40912 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23717]: Invalid user ftpuser from 185.209.179.41 port 40878","@timestamp":"2022-09-17T04:52:19.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23729]: Invalid user oracle from 185.209.179.41 port 40874","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23724]: Invalid user ts3srv from 185.209.179.41 port 40900","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23729]: Connection closed by invalid user oracle 185.209.179.41 port 40874 [preauth]","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:53:03.802Z","@version":"1","message":"Sep 17 04:53:03 honeypot-sgp-1 sshd[27025]: Invalid user ulka from 104.131.190.193 port 50722","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:54:51 honeypot-ams-1 sshd[650]: Invalid user user from 179.60.147.69 port 2162","@timestamp":"2022-09-17T04:54:52.162Z"}
{"@timestamp":"2022-09-17T04:55:04.853Z","@version":"1","message":"Sep 17 04:55:04 honeypot-sgp-1 sshd[27030]: Disconnected from authenticating user root 217.79.42.236 port 53824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:57:36 honeypot-fra-1 sshd[23744]: Disconnected from authenticating user root 61.177.173.51 port 55659 [preauth]","@timestamp":"2022-09-17T04:57:36.392Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:58:54.949Z","@version":"1","message":"Sep 17 04:58:54 honeypot-sgp-1 sshd[27036]: Disconnected from authenticating user root 61.177.172.124 port 26485 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:01:15 honeypot-ams-1 sshd[653]: Connection closed by 71.88.217.203 port 54046 [preauth]","@timestamp":"2022-09-17T05:01:16.332Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:02:29 honeypot-fra-1 sshd[23749]: Connection closed by authenticating user root 194.163.190.53 port 57350 [preauth]","@timestamp":"2022-09-17T05:02:29.507Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:03:37.066Z","@version":"1","message":"Sep 17 05:03:36 honeypot-sgp-1 sshd[27043]: Did not receive identification string from 45.61.186.49 port 51086","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:49.072Z","@version":"1","message":"Sep 17 05:03:48 honeypot-sgp-1 sshd[27046]: Disconnected from invalid user user 45.61.186.49 port 53506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:58.077Z","@version":"1","message":"Sep 17 05:03:57 honeypot-sgp-1 sshd[27050]: Disconnected from invalid user user 45.61.186.49 port 36900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:07:33.164Z","@version":"1","message":"Sep 17 05:07:32 honeypot-sgp-1 kernel: [84267357.422432] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.144.193 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28925 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:09:58.223Z","@version":"1","message":"Sep 17 05:09:57 honeypot-sgp-1 sshd[27061]: Disconnected from authenticating user root 181.235.99.59 port 44726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:17:01 honeypot-ams-1 CRON[659]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T05:17:01.735Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:17:01 honeypot-fra-1 CRON[23768]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T05:17:01.830Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:20:13.471Z","@version":"1","message":"Sep 17 05:20:12 honeypot-sgp-1 sshd[27070]: Received disconnect from 61.177.172.19 port 37650:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:21:03 honeypot-fra-1 sshd[23773]: Disconnected from authenticating user root 61.177.172.108 port 15777 [preauth]","@timestamp":"2022-09-17T05:21:03.923Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:23:25.549Z","@version":"1","message":"Sep 17 05:23:25 honeypot-sgp-1 sshd[27511]: Received disconnect from 61.177.173.50 port 37126:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:23:53 honeypot-fra-1 sshd[23780]: Received disconnect from 165.22.45.108 port 46256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T05:23:53.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:24:52 honeypot-fra-1 kernel: [84266703.936707] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=45819 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:24:53.018Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:25:21 honeypot-ams-1 kernel: [84268901.935555] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.93.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51349 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:25:21.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:14 honeypot-ams-1 sshd[667]: Invalid user user from 45.61.187.160 port 33266","@timestamp":"2022-09-17T05:26:14.980Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:32 honeypot-ams-1 sshd[671]: Invalid user user from 45.61.187.160 port 55840","@timestamp":"2022-09-17T05:26:32.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:49 honeypot-ams-1 sshd[675]: Invalid user user from 45.61.187.160 port 50170","@timestamp":"2022-09-17T05:26:49.998Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:27:14 honeypot-ams-1 kernel: [84269015.408259] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.233.126.255 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=36829 PROTO=TCP SPT=59487 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:27:15.011Z"}
{"@timestamp":"2022-09-17T05:27:33.650Z","@version":"1","message":"Sep 17 05:27:32 honeypot-sgp-1 kernel: [84268557.599880] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=26212 DF PROTO=TCP SPT=64763 DPT=3389 WINDOW=200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:29:34 honeypot-fra-1 kernel: [84266986.384522] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=10930 PROTO=TCP SPT=41312 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:29:35.125Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T05:33:42.801Z","@version":"1","message":"Sep 17 05:33:42 honeypot-sgp-1 sshd[27522]: Invalid user user from 45.61.184.204 port 58048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:33:55 honeypot-fra-1 sshd[24233]: Disconnected from authenticating user root 189.203.101.105 port 23715 [preauth]","@timestamp":"2022-09-17T05:33:56.226Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:34:01.811Z","@version":"1","message":"Sep 17 05:34:01 honeypot-sgp-1 sshd[27526]: Invalid user user from 45.61.184.204 port 52514","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:13.818Z","@version":"1","message":"Sep 17 05:34:13 honeypot-sgp-1 kernel: [84268957.890647] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=51762 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:30.826Z","@version":"1","message":"Sep 17 05:34:30 honeypot-sgp-1 sshd[27532]: Disconnected from invalid user user 45.61.184.204 port 58336 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:37:08.891Z","@version":"1","message":"Sep 17 05:37:08 honeypot-sgp-1 sshd[27539]: Connection closed by 162.142.125.210 port 33374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:38:38 honeypot-fra-1 sshd[24241]: Disconnected from invalid user user4 64.225.22.216 port 52502 [preauth]","@timestamp":"2022-09-17T05:38:39.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:38:49 honeypot-ams-1 sshd[683]: Invalid user admin from 61.190.73.102 port 42046","@timestamp":"2022-09-17T05:38:50.312Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:45:12 honeypot-fra-1 sshd[24250]: Invalid user user from 193.106.191.157 port 55706","@timestamp":"2022-09-17T05:45:12.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:45:59.107Z","@version":"1","message":"Sep 17 05:45:58 honeypot-sgp-1 kernel: [84269662.915423] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=49487 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:51:12 honeypot-fra-1 sshd[24256]: Disconnected from authenticating user root 61.177.173.36 port 23162 [preauth]","@timestamp":"2022-09-17T05:51:13.623Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:51:12 honeypot-ams-1 sshd[690]: Received disconnect from 143.110.236.239 port 48778:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:51:13.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:53:44 honeypot-ams-1 sshd[694]: Disconnected from invalid user austin 134.209.127.189 port 53014 [preauth]","@timestamp":"2022-09-17T05:53:45.694Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:55:02 honeypot-fra-1 sshd[24262]: Received disconnect from 87.148.116.106 port 42300:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:55:02.715Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:59:04 honeypot-fra-1 sshd[24264]: Received disconnect from 40.68.90.206 port 44426:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:59:04.810Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:01:17 honeypot-ams-1 sshd[698]: Invalid user user from 193.106.191.157 port 35968","@timestamp":"2022-09-17T06:01:17.893Z"}
{"@timestamp":"2022-09-17T06:03:23.524Z","@version":"1","message":"Sep 17 06:03:23 honeypot-sgp-1 kernel: [84270708.259344] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51564 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:04:08 honeypot-fra-1 sshd[24271]: Disconnected from authenticating user root 61.177.172.90 port 41755 [preauth]","@timestamp":"2022-09-17T06:04:08.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:06:22.601Z","@version":"1","message":"Sep 17 06:06:21 honeypot-sgp-1 sshd[27560]: Disconnected from invalid user cron 61.76.169.138 port 21474 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:07:36.633Z","@version":"1","message":"Sep 17 06:07:35 honeypot-sgp-1 sshd[27562]: Received disconnect from 162.243.237.90 port 40847:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:08:12 honeypot-ams-1 sshd[704]: Received disconnect from 178.128.217.58 port 37536:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:08:13.079Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:10:41 honeypot-ams-1 kernel: [84271621.974287] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.9.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63873 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:10:42.146Z"}
{"@timestamp":"2022-09-17T06:10:50.832Z","@version":"1","message":"Sep 17 06:10:50 honeypot-sgp-1 sshd[27571]: Unable to negotiate with 190.124.32.18 port 61030: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:14:06 honeypot-fra-1 sshd[24285]: Connection closed by authenticating user root 194.163.190.53 port 58522 [preauth]","@timestamp":"2022-09-17T06:14:07.154Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:15:36 honeypot-ams-1 sshd[713]: Invalid user songjiazhi from 103.188.176.251 port 50200","@timestamp":"2022-09-17T06:15:37.317Z"}
{"@timestamp":"2022-09-17T06:16:22.973Z","@version":"1","message":"Sep 17 06:16:22 honeypot-sgp-1 sshd[27574]: Disconnected from authenticating user root 61.177.173.36 port 58244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:19:51 honeypot-fra-1 sshd[24293]: Invalid user songjiazhi from 103.188.176.251 port 36128","@timestamp":"2022-09-17T06:19:51.287Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:21:50 honeypot-fra-1 sshd[24297]: Received disconnect from 165.22.45.108 port 51390:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T06:21:50.334Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:21:58 honeypot-ams-1 kernel: [84272298.874094] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39068 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:21:58.482Z"}
{"@timestamp":"2022-09-17T06:24:04.164Z","@version":"1","message":"Sep 17 06:24:03 honeypot-sgp-1 sshd[27587]: Received disconnect from 64.69.36.42 port 33436:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:24:22 honeypot-ams-1 sshd[724]: Disconnected from authenticating user root 105.159.249.53 port 52070 [preauth]","@timestamp":"2022-09-17T06:24:23.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:24:42 honeypot-fra-1 kernel: [84270293.736293] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=58699 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:24:42.403Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T06:29:27.304Z","@version":"1","message":"Sep 17 06:29:26 honeypot-sgp-1 sshd[27743]: Disconnected from authenticating user root 61.177.173.36 port 33012 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:30:04 honeypot-fra-1 sshd[24466]: Received disconnect from 61.177.173.36 port 43309:11:  [preauth]","@timestamp":"2022-09-17T06:30:04.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:34:12 honeypot-fra-1 sshd[24563]: Connection closed by authenticating user root 194.163.190.53 port 56132 [preauth]","@timestamp":"2022-09-17T06:34:12.651Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:36:09.468Z","@version":"1","message":"Sep 17 06:36:09 honeypot-sgp-1 sshd[27748]: Disconnected from invalid user images 64.135.113.136 port 60744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:37:49 honeypot-fra-1 kernel: [84271080.767332] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=168.227.109.255 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=46839 DF PROTO=TCP SPT=40660 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:37:49.736Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:39:26 honeypot-ams-1 kernel: [84273347.226702] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.177.238.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=8774 PROTO=TCP SPT=28076 DPT=80 WINDOW=19848 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:39:26.938Z"}
{"@timestamp":"2022-09-17T06:40:22.574Z","@version":"1","message":"Sep 17 06:40:22 honeypot-sgp-1 sshd[27752]: Disconnected from authenticating user root 91.185.86.229 port 25641 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:41:34 honeypot-fra-1 sshd[24575]: Invalid user support from 179.60.147.69 port 27088","@timestamp":"2022-09-17T06:41:35.823Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:41:56.615Z","@version":"1","message":"Sep 17 06:41:55 honeypot-sgp-1 sshd[27757]: Disconnected from invalid user kf 81.183.222.181 port 49558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:44:29.679Z","@version":"1","message":"Sep 17 06:44:29 honeypot-sgp-1 sshd[27763]: Disconnected from authenticating user root 61.177.173.49 port 36145 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:49:36 honeypot-fra-1 kernel: [84271787.937205] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.231.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57239 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:49:37.006Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T06:50:53.840Z","@version":"1","message":"Sep 17 06:50:53 honeypot-sgp-1 kernel: [84273557.952877] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=53387 PROTO=TCP SPT=7145 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:54:48 honeypot-ams-1 kernel: [84274269.108647] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43102 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:54:49.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:55:31 honeypot-fra-1 sshd[24591]: Received disconnect from 61.177.173.36 port 38618:11:  [preauth]","@timestamp":"2022-09-17T06:55:32.142Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:01:56 honeypot-fra-1 sshd[24600]: Connection closed by authenticating user root 194.163.190.53 port 34532 [preauth]","@timestamp":"2022-09-17T07:01:56.288Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:02:46.129Z","@version":"1","message":"Sep 17 07:02:45 honeypot-sgp-1 sshd[27960]: Received disconnect from 61.177.173.46 port 41141:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:08:41 honeypot-fra-1 sshd[24607]: Disconnected from authenticating user root 61.177.173.47 port 20891 [preauth]","@timestamp":"2022-09-17T07:08:42.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:13:36.395Z","@version":"1","message":"Sep 17 07:13:35 honeypot-sgp-1 sshd[27970]: Received disconnect from 164.92.91.240 port 43852:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:17:01 honeypot-ams-1 CRON[997]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T07:17:01.902Z"}
{"@timestamp":"2022-09-17T07:17:02.482Z","@version":"1","message":"Sep 17 07:17:01 honeypot-sgp-1 CRON[27976]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:46 honeypot-fra-1 sshd[24620]: Invalid user user from 45.61.186.169 port 46172","@timestamp":"2022-09-17T07:17:46.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:54 honeypot-fra-1 sshd[24624]: Received disconnect from 45.61.186.169 port 57776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:17:55.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:11 honeypot-fra-1 sshd[24628]: Received disconnect from 45.61.186.169 port 52774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:18:12.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:27 honeypot-fra-1 sshd[24632]: Received disconnect from 45.61.186.169 port 47764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:18:28.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:20:58 honeypot-fra-1 sshd[24638]: Invalid user liferay from 165.22.45.108 port 56546","@timestamp":"2022-09-17T07:20:58.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:23:03 honeypot-fra-1 sshd[24645]: Connection closed by invalid user  203.186.184.138 port 42752 [preauth]","@timestamp":"2022-09-17T07:23:03.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:27:46 honeypot-ams-1 sshd[1005]: Did not receive identification string from 193.142.146.50 port 37794","@timestamp":"2022-09-17T07:27:47.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:12 honeypot-ams-1 sshd[1009]: Received disconnect from 193.142.146.50 port 44720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:28:13.199Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:29:50 honeypot-ams-1 sshd[1013]: Invalid user ftpuser from 193.142.146.50 port 43022","@timestamp":"2022-09-17T07:29:50.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:13 honeypot-ams-1 sshd[1017]: Received disconnect from 193.142.146.50 port 41886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:30:14.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:39 honeypot-ams-1 sshd[1021]: Received disconnect from 193.142.146.50 port 40754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:30:39.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:31:54 honeypot-ams-1 sshd[1463]: Received disconnect from 193.142.146.50 port 39622:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:31:55.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:21 honeypot-ams-1 sshd[1467]: Invalid user admin from 193.142.146.50 port 38488","@timestamp":"2022-09-17T07:32:22.320Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:32:37 honeypot-fra-1 sshd[24656]: Disconnected from authenticating user root 119.82.135.226 port 43470 [preauth]","@timestamp":"2022-09-17T07:32:37.997Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:53 honeypot-ams-1 sshd[1471]: Invalid user hadoop from 193.142.146.50 port 37356","@timestamp":"2022-09-17T07:32:53.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:34:02 honeypot-ams-1 sshd[1477]: Received disconnect from 193.142.146.50 port 36224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:34:03.368Z"}
{"@timestamp":"2022-09-17T07:39:41.035Z","@version":"1","message":"Sep 17 07:39:40 honeypot-sgp-1 sshd[27996]: Invalid user sao from 1.235.192.218 port 47784","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:39:50 honeypot-fra-1 sshd[24668]: Received disconnect from 61.177.173.46 port 56229:11:  [preauth]","@timestamp":"2022-09-17T07:39:51.166Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:41:58.093Z","@version":"1","message":"Sep 17 07:41:57 honeypot-sgp-1 kernel: [84276622.421712] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=81.215.212.168 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=0 PROTO=TCP SPT=42258 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T07:43:19.127Z","@version":"1","message":"Sep 17 07:43:18 honeypot-sgp-1 sshd[28006]: Invalid user minerva from 210.187.80.132 port 37694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:44 honeypot-ams-1 sshd[1481]: Disconnected from authenticating user root 39.90.161.165 port 38218 [preauth]","@timestamp":"2022-09-17T07:43:45.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:50 honeypot-ams-1 sshd[1487]: Received disconnect from 39.90.161.165 port 38390:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:43:50.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:55 honeypot-ams-1 sshd[1493]: Received disconnect from 39.90.161.165 port 38818:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:43:56.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:01 honeypot-ams-1 sshd[1499]: Received disconnect from 39.90.161.165 port 38970:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:02.627Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:07 honeypot-ams-1 sshd[1505]: Received disconnect from 39.90.161.165 port 39410:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:07.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:12 honeypot-ams-1 sshd[1511]: Received disconnect from 39.90.161.165 port 39544:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:13.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:19 honeypot-ams-1 sshd[1517]: Received disconnect from 39.90.161.165 port 40002:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:19.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:24 honeypot-ams-1 sshd[1523]: Received disconnect from 39.90.161.165 port 40306:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:24.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:30 honeypot-ams-1 sshd[1529]: Received disconnect from 39.90.161.165 port 40588:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:30.644Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:35 honeypot-ams-1 sshd[1535]: Received disconnect from 39.90.161.165 port 40986:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:36.648Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:41 honeypot-ams-1 sshd[1541]: Received disconnect from 39.90.161.165 port 41190:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:41.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:47 honeypot-ams-1 sshd[1547]: Received disconnect from 39.90.161.165 port 41614:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:47.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:16 honeypot-ams-1 sshd[1554]: Invalid user user from 45.61.186.49 port 58466","@timestamp":"2022-09-17T07:45:16.671Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:24 honeypot-ams-1 sshd[1558]: Invalid user user from 45.61.186.49 port 41836","@timestamp":"2022-09-17T07:45:25.676Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:46:01 honeypot-fra-1 sshd[24676]: Received disconnect from 61.177.173.39 port 52564:11:  [preauth]","@timestamp":"2022-09-17T07:46:02.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:46:45 honeypot-ams-1 sshd[1561]: Connection closed by invalid user admin 14.63.59.146 port 52297 [preauth]","@timestamp":"2022-09-17T07:46:45.712Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:49:19 honeypot-ams-1 kernel: [84277540.642365] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43798 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:49:20.779Z"}
{"@timestamp":"2022-09-17T07:50:30.299Z","@version":"1","message":"Sep 17 07:50:30 honeypot-sgp-1 sshd[28013]: Received disconnect from 61.177.172.104 port 57236:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:52:08 honeypot-ams-1 sshd[1572]: Disconnected from authenticating user root 121.243.17.150 port 40090 [preauth]","@timestamp":"2022-09-17T07:52:08.854Z"}
{"@timestamp":"2022-09-17T07:53:17.370Z","@version":"1","message":"Sep 17 07:53:16 honeypot-sgp-1 kernel: [84277301.170617] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.15 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43662 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:53:25 honeypot-fra-1 kernel: [84275616.991377] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.132 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47291 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:53:26.477Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T07:57:45.477Z","@version":"1","message":"Sep 17 07:57:44 honeypot-sgp-1 sshd[28023]: Disconnected from authenticating user root 61.177.173.52 port 55289 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T08:04:06.628Z","@version":"1","message":"Sep 17 08:04:06 honeypot-sgp-1 sshd[28030]: Disconnected from invalid user nx 188.138.138.176 port 40496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:04:18 honeypot-fra-1 sshd[24718]: Connection closed by authenticating user root 194.163.190.53 port 54048 [preauth]","@timestamp":"2022-09-17T08:04:18.726Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:08:18 honeypot-ams-1 sshd[1579]: Disconnected from invalid user master 51.178.56.85 port 50772 [preauth]","@timestamp":"2022-09-17T08:08:19.271Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:09:52 honeypot-fra-1 sshd[24723]: Disconnected from invalid user redhat 137.184.135.135 port 59442 [preauth]","@timestamp":"2022-09-17T08:09:52.852Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:11:12 honeypot-ams-1 kernel: [84278853.631879] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.138.10 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=53727 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:11:13.349Z"}
{"@timestamp":"2022-09-17T08:12:29.830Z","@version":"1","message":"Sep 17 08:12:29 honeypot-sgp-1 sshd[28037]: Disconnected from authenticating user root 61.177.173.35 port 18377 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:15:41 honeypot-fra-1 sshd[24735]: Received disconnect from 61.177.172.104 port 50999:11:  [preauth]","@timestamp":"2022-09-17T08:15:41.989Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:25 honeypot-fra-1 sshd[24764]: Connection closed by invalid user user 193.106.191.157 port 40250 [preauth]","@timestamp":"2022-09-17T08:17:26.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:56 honeypot-fra-1 sshd[24768]: Disconnected from invalid user oracle 178.128.72.150 port 51108 [preauth]","@timestamp":"2022-09-17T08:17:56.047Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:18:45 honeypot-fra-1 sshd[24773]: Received disconnect from 178.128.72.150 port 50024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:18:46.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:33 honeypot-fra-1 sshd[24777]: Received disconnect from 178.128.72.150 port 48968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:19:34.090Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:20 honeypot-fra-1 sshd[24781]: Received disconnect from 178.128.72.150 port 47886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:20:21.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:44 honeypot-fra-1 sshd[24785]: Received disconnect from 178.128.72.150 port 33232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:20:45.123Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:31 honeypot-fra-1 sshd[24789]: Received disconnect from 178.128.72.150 port 60376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:21:32.143Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:22:18 honeypot-fra-1 sshd[24795]: Invalid user postgres from 178.128.72.150 port 59310","@timestamp":"2022-09-17T08:22:19.164Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:22:36.074Z","@version":"1","message":"Sep 17 08:22:35 honeypot-sgp-1 sshd[28064]: Disconnected from authenticating user root 61.177.173.48 port 58975 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:22:42 honeypot-fra-1 sshd[24799]: Received disconnect from 178.128.72.150 port 44646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:22:43.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:28:43 honeypot-ams-1 kernel: [84279904.419705] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5580 PROTO=TCP SPT=59801 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:28:43.804Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:30:31 honeypot-fra-1 sshd[24807]: Invalid user guest from 179.60.147.69 port 54522","@timestamp":"2022-09-17T08:30:31.354Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:31:04.281Z","@version":"1","message":"Sep 17 08:31:03 honeypot-sgp-1 kernel: [84279568.361885] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=14906 PROTO=TCP SPT=43411 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24812]: Invalid user bilbomeakine from 43.138.78.204 port 49826","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24825]: Invalid user odoo from 43.138.78.204 port 49814","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24814]: Connection closed by invalid user grid 43.138.78.204 port 49866 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24822]: Connection closed by invalid user momo 43.138.78.204 port 49928 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:22 honeypot-fra-1 sshd[24836]: Invalid user elastic from 43.138.78.204 port 49820","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24843]: Invalid user dominion from 43.138.78.204 port 49824","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24850]: Invalid user systemd from 43.138.78.204 port 49880","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24859]: Invalid user pvm from 43.138.78.204 port 49908","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24851]: Connection closed by invalid user systemx 43.138.78.204 port 49876 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24854]: Connection closed by invalid user blackvoid 43.138.78.204 port 49842 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:33:34 honeypot-ams-1 sshd[1613]: Connection closed by invalid user user 193.106.191.157 port 51394 [preauth]","@timestamp":"2022-09-17T08:33:34.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:39:24 honeypot-fra-1 sshd[24879]: Connection closed by authenticating user root 194.163.190.53 port 39706 [preauth]","@timestamp":"2022-09-17T08:39:24.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:40:59 honeypot-ams-1 kernel: [84280640.121330] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.206 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58852 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-17T08:41:00.135Z"}
{"@timestamp":"2022-09-17T08:41:03.524Z","@version":"1","message":"Sep 17 08:41:03 honeypot-sgp-1 kernel: [84280168.076724] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.125 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34780 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:12 honeypot-fra-1 sshd[24889]: Did not receive identification string from 45.61.186.49 port 58832","@timestamp":"2022-09-17T08:46:12.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:25 honeypot-fra-1 sshd[24892]: Received disconnect from 61.177.173.48 port 39941:11:  [preauth]","@timestamp":"2022-09-17T08:46:26.719Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:32 honeypot-fra-1 sshd[24898]: Received disconnect from 45.61.186.49 port 44708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:46:33.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:47:57 honeypot-fra-1 sshd[24902]: Connection closed by invalid user nodeproxy 103.188.176.251 port 34150 [preauth]","@timestamp":"2022-09-17T08:47:57.756Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:49:11 honeypot-ams-1 sshd[1624]: Received disconnect from 114.7.162.198 port 35578:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:49:12.354Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:51:20 honeypot-ams-1 kernel: [84281260.935034] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.169.38.57 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=60438 DF PROTO=TCP SPT=58155 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T08:51:20.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:53:09 honeypot-ams-1 sshd[1634]: Connection closed by invalid user user 193.106.191.157 port 36620 [preauth]","@timestamp":"2022-09-17T08:53:09.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:55:38 honeypot-fra-1 kernel: [84279349.085175] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.83.130 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=51615 DF PROTO=TCP SPT=45774 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:55:38.939Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:58:16 honeypot-fra-1 sshd[24915]: Received disconnect from 61.177.173.36 port 61778:11:  [preauth]","@timestamp":"2022-09-17T08:58:17.002Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:00:25.994Z","@version":"1","message":"Sep 17 09:00:25 honeypot-sgp-1 kernel: [84281330.380446] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=42607 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:01:11 honeypot-ams-1 kernel: [84281852.143745] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.207.248.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=10946 PROTO=TCP SPT=40755 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:01:11.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:01:14 honeypot-fra-1 sshd[24920]: Disconnected from authenticating user root 61.177.173.50 port 22986 [preauth]","@timestamp":"2022-09-17T09:01:14.095Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:05:34.124Z","@version":"1","message":"Sep 17 09:05:33 honeypot-sgp-1 sshd[28097]: Invalid user admin from 179.60.147.69 port 56346","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:06:42 honeypot-fra-1 sshd[24929]: Invalid user admin from 179.60.147.69 port 49518","@timestamp":"2022-09-17T09:06:42.224Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:07:20.165Z","@version":"1","message":"Sep 17 09:07:19 honeypot-sgp-1 sshd[28102]: Invalid user  from 64.62.197.107 port 39000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:10:16 honeypot-fra-1 sshd[24934]: Received disconnect from 61.177.173.39 port 12026:11:  [preauth]","@timestamp":"2022-09-17T09:10:16.307Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:10:16 honeypot-ams-1 kernel: [84282396.780317] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56896 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:10:16.914Z"}
{"@timestamp":"2022-09-17T09:10:48.256Z","@version":"1","message":"Sep 17 09:10:47 honeypot-sgp-1 sshd[28109]: Invalid user user1 from 103.188.176.251 port 58006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:15:15 honeypot-fra-1 sshd[24941]: Connection closed by authenticating user root 194.163.190.53 port 51744 [preauth]","@timestamp":"2022-09-17T09:15:16.420Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:16:02 honeypot-ams-1 kernel: [84282743.422345] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.67.214.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=4477 PROTO=TCP SPT=41769 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:16:03.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:16:57 honeypot-ams-1 sshd[1653]: Disconnected from invalid user oracle 178.128.72.150 port 43170 [preauth]","@timestamp":"2022-09-17T09:16:58.092Z"}
{"@timestamp":"2022-09-17T09:17:02.413Z","@version":"1","message":"Sep 17 09:17:01 honeypot-sgp-1 CRON[28112]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:17:50 honeypot-ams-1 sshd[1660]: Invalid user postgres from 178.128.72.150 port 45278","@timestamp":"2022-09-17T09:17:51.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:18:26 honeypot-fra-1 sshd[24946]: Invalid user lifferay from 165.22.45.108 port 38618","@timestamp":"2022-09-17T09:18:26.495Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:18:43 honeypot-ams-1 sshd[1665]: Invalid user mysql from 178.128.72.150 port 47360","@timestamp":"2022-09-17T09:18:44.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:19:35 honeypot-ams-1 sshd[1669]: Invalid user teamspeak from 178.128.72.150 port 49446","@timestamp":"2022-09-17T09:19:36.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:19:59 honeypot-fra-1 sshd[24951]: Invalid user user from 45.61.186.169 port 44180","@timestamp":"2022-09-17T09:19:59.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:17 honeypot-fra-1 sshd[24956]: Invalid user user from 45.61.186.169 port 39378","@timestamp":"2022-09-17T09:20:17.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:27 honeypot-ams-1 sshd[1673]: Invalid user ftpuser from 178.128.72.150 port 51550","@timestamp":"2022-09-17T09:20:28.194Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:32 honeypot-fra-1 kernel: [84280843.591186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=39998 PROTO=TCP SPT=44499 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:20:33.553Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:41 honeypot-fra-1 sshd[24962]: Received disconnect from 45.61.186.169 port 46292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:42.557Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:21:20 honeypot-ams-1 sshd[1677]: Invalid user ts3 from 178.128.72.150 port 53658","@timestamp":"2022-09-17T09:21:21.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:22:13 honeypot-ams-1 sshd[1681]: Invalid user postgres from 178.128.72.150 port 55774","@timestamp":"2022-09-17T09:22:14.245Z"}
{"@timestamp":"2022-09-17T09:25:43.623Z","@version":"1","message":"Sep 17 09:25:43 honeypot-sgp-1 sshd[28121]: Received disconnect from 61.177.173.37 port 11479:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:29:42 honeypot-fra-1 kernel: [84281393.838821] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=50631 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:29:43.761Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T09:36:21.882Z","@version":"1","message":"Sep 17 09:36:21 honeypot-sgp-1 kernel: [84283486.193594] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=36127 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:37:30 honeypot-ams-1 sshd[1685]: Received disconnect from 133.130.89.4 port 40080:11: Bye Bye [preauth]","@timestamp":"2022-09-17T09:37:31.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:38:46 honeypot-ams-1 sshd[1689]: Received disconnect from 186.206.144.34 port 36673:11: Bye Bye [preauth]","@timestamp":"2022-09-17T09:38:47.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:22 honeypot-fra-1 sshd[24986]: Disconnected from invalid user ftpuser 193.142.146.50 port 40318 [preauth]","@timestamp":"2022-09-17T09:40:23.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:44 honeypot-fra-1 sshd[24990]: Received disconnect from 193.142.146.50 port 38800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:40:45.028Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:41:55 honeypot-fra-1 sshd[24995]: Connection closed by invalid user cdiptv 194.163.190.53 port 55840 [preauth]","@timestamp":"2022-09-17T09:41:56.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:41:59.042Z","@version":"1","message":"Sep 17 09:41:58 honeypot-sgp-1 sshd[28132]: Connection closed by invalid user centos 179.60.147.69 port 55058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:46 honeypot-fra-1 sshd[25001]: Invalid user test from 193.142.146.50 port 35008","@timestamp":"2022-09-17T09:42:47.079Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:42:47 honeypot-ams-1 kernel: [84284348.564473] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.204.3.17 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=43115 PROTO=TCP SPT=8720 DPT=443 WINDOW=30784 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:42:48.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:43:05 honeypot-fra-1 sshd[25005]: Invalid user centos from 179.60.147.69 port 5086","@timestamp":"2022-09-17T09:43:06.087Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:43:47 honeypot-fra-1 sshd[25009]: Disconnected from authenticating user root 61.177.172.98 port 57733 [preauth]","@timestamp":"2022-09-17T09:43:48.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:27 honeypot-fra-1 sshd[25013]: Received disconnect from 193.142.146.50 port 60204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:44:28.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:55 honeypot-fra-1 sshd[25017]: Received disconnect from 193.142.146.50 port 58688:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:44:56.136Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:45:09 honeypot-fra-1 sshd[25021]: Disconnected from invalid user hadoop 193.142.146.50 port 57930 [preauth]","@timestamp":"2022-09-17T09:45:10.142Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:45:48.137Z","@version":"1","message":"Sep 17 09:45:47 honeypot-sgp-1 sshd[28140]: Disconnected from authenticating user root 61.177.173.49 port 18471 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:40 honeypot-ams-1 sshd[1696]: Disconnected from invalid user user 45.61.186.249 port 35288 [preauth]","@timestamp":"2022-09-17T09:50:40.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:58 honeypot-ams-1 sshd[1700]: Received disconnect from 45.61.186.249 port 59022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:50:58.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:18 honeypot-ams-1 sshd[1704]: Received disconnect from 45.61.186.249 port 54524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:51:19.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:35 honeypot-ams-1 sshd[1708]: Received disconnect from 45.61.186.249 port 50014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:51:36.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:51:37 honeypot-fra-1 sshd[25034]: Received disconnect from 61.177.173.37 port 57396:11:  [preauth]","@timestamp":"2022-09-17T09:51:38.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:54:10 honeypot-fra-1 sshd[25039]: Disconnected from invalid user osmc 167.71.74.3 port 46598 [preauth]","@timestamp":"2022-09-17T09:54:11.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:56:14.395Z","@version":"1","message":"Sep 17 09:56:14 honeypot-sgp-1 sshd[28151]: Disconnected from 61.177.173.48 port 64648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:56:28 honeypot-ams-1 sshd[1716]: Invalid user admin from 46.19.141.122 port 57120","@timestamp":"2022-09-17T09:56:29.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:57:06 honeypot-ams-1 sshd[1720]: Received disconnect from 46.19.141.122 port 47300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:57:07.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:09 honeypot-ams-1 sshd[1724]: Received disconnect from 46.19.141.122 port 37504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:58:10.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:50 honeypot-ams-1 sshd[1729]: Received disconnect from 46.19.141.122 port 55860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:58:50.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:59:08 honeypot-fra-1 sshd[25050]: Invalid user cms from 103.55.38.26 port 33694","@timestamp":"2022-09-17T09:59:08.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:31 honeypot-ams-1 sshd[1733]: Received disconnect from 46.19.141.122 port 45994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:59:32.227Z"}
{"@timestamp":"2022-09-17T09:59:50.486Z","@version":"1","message":"Sep 17 09:59:50 honeypot-sgp-1 sshd[28155]: Invalid user bsamexico from 211.224.131.58 port 20059","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:00:18 honeypot-ams-1 sshd[1737]: Received disconnect from 46.19.141.122 port 36144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:00:19.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:01:01 honeypot-fra-1 sshd[25054]: Invalid user jonny from 51.222.13.62 port 40594","@timestamp":"2022-09-17T10:01:02.508Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:01:04 honeypot-ams-1 sshd[1742]: Disconnected from authenticating user root 46.19.141.122 port 54492 [preauth]","@timestamp":"2022-09-17T10:01:05.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:02:19 honeypot-ams-1 sshd[1748]: Received disconnect from 46.19.141.122 port 39716:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:02:19.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:03:11 honeypot-ams-1 sshd[1752]: Disconnected from authenticating user root 46.19.141.122 port 58100 [preauth]","@timestamp":"2022-09-17T10:03:12.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:04:36 honeypot-ams-1 sshd[1758]: Received disconnect from 46.19.141.122 port 43310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:04:36.371Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:08:14 honeypot-fra-1 sshd[25059]: Connection closed by invalid user juzici 194.163.190.53 port 60542 [preauth]","@timestamp":"2022-09-17T10:08:14.671Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:08:46.708Z","@version":"1","message":"Sep 17 10:08:46 honeypot-sgp-1 kernel: [84285431.078239] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=33398 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:16:14 honeypot-ams-1 kernel: [84286355.270181] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=42094 PROTO=TCP SPT=58791 DPT=80 WINDOW=10346 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:16:14.666Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:17:01 honeypot-fra-1 CRON[25064]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T10:17:01.871Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:18:21.946Z","@version":"1","message":"Sep 17 10:18:21 honeypot-sgp-1 sshd[28234]: Connection closed by invalid user blank 179.60.147.69 port 38162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:20:56 honeypot-fra-1 sshd[25072]: Invalid user ftp from 141.98.10.158 port 53876","@timestamp":"2022-09-17T10:20:56.965Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:20:59 honeypot-ams-1 sshd[1776]: Received disconnect from 134.122.17.178 port 59472:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:21:00.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25080]: Invalid user admin from 196.216.253.24 port 38538","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25080]: Connection closed by invalid user admin 196.216.253.24 port 38538 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25076]: Connection closed by invalid user ubuntu 196.216.253.24 port 38532 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:24:20 honeypot-ams-1 sshd[1781]: Received disconnect from 43.156.32.144 port 58692:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:24:20.881Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:26:23 honeypot-fra-1 sshd[25098]: Invalid user juzici from 194.163.190.53 port 55990","@timestamp":"2022-09-17T10:26:24.095Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:29:04 honeypot-ams-1 kernel: [84287125.334806] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=53040 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:29:05.003Z"}
{"@timestamp":"2022-09-17T10:31:09.259Z","@version":"1","message":"Sep 17 10:31:09 honeypot-sgp-1 sshd[28239]: Disconnected from invalid user desenv 190.153.249.99 port 50469 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:33:08 honeypot-fra-1 sshd[25103]: Invalid user yong from 123.122.160.39 port 35639","@timestamp":"2022-09-17T10:33:09.248Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:34:23.344Z","@version":"1","message":"Sep 17 10:34:22 honeypot-sgp-1 sshd[28244]: Received disconnect from 187.189.108.99 port 42406:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:34:35 honeypot-ams-1 kernel: [84287456.341032] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=43675 PROTO=TCP SPT=50783 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:34:36.146Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:35:07 honeypot-ams-1 kernel: [84287488.299955] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=44577 PROTO=TCP SPT=47431 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:35:08.162Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:35:40 honeypot-fra-1 sshd[25107]: Disconnected from authenticating user root 104.177.34.102 port 37160 [preauth]","@timestamp":"2022-09-17T10:35:41.309Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:35:54.384Z","@version":"1","message":"Sep 17 10:35:53 honeypot-sgp-1 sshd[28248]: Received disconnect from 89.190.84.6 port 35952:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T10:38:23.448Z","@version":"1","message":"Sep 17 10:38:22 honeypot-sgp-1 sshd[28253]: Received disconnect from 187.109.253.246 port 39778:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:41:14 honeypot-fra-1 sshd[25111]: Connection closed by authenticating user root 42.245.192.12 port 16552 [preauth]","@timestamp":"2022-09-17T10:41:15.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:42:26 honeypot-ams-1 kernel: [84287927.448229] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.101.236.38 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=37595 PROTO=TCP SPT=46846 DPT=80 WINDOW=18721 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:42:27.367Z"}
{"@timestamp":"2022-09-17T10:46:09.637Z","@version":"1","message":"Sep 17 10:46:08 honeypot-sgp-1 sshd[28258]: Invalid user ubuntu from 81.183.222.181 port 48444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:46:44 honeypot-ams-1 sshd[1803]: Disconnected from invalid user user 45.61.184.204 port 46614 [preauth]","@timestamp":"2022-09-17T10:46:45.480Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:05 honeypot-ams-1 sshd[1807]: Disconnected from invalid user user 45.61.184.204 port 41896 [preauth]","@timestamp":"2022-09-17T10:47:05.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:24 honeypot-ams-1 sshd[1811]: Disconnected from invalid user user 45.61.184.204 port 37176 [preauth]","@timestamp":"2022-09-17T10:47:24.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:41 honeypot-ams-1 sshd[1815]: Disconnected from invalid user user 45.61.184.204 port 60686 [preauth]","@timestamp":"2022-09-17T10:47:42.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:49:15 honeypot-fra-1 sshd[25117]: Invalid user user from 193.106.191.157 port 53132","@timestamp":"2022-09-17T10:49:16.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:53:58 honeypot-fra-1 sshd[25123]: Invalid user jasmine from 182.23.63.23 port 56108","@timestamp":"2022-09-17T10:53:59.731Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:56:15.885Z","@version":"1","message":"Sep 17 10:56:15 honeypot-sgp-1 kernel: [84288280.359758] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.142.189.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=25601 DF PROTO=TCP SPT=49615 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:59:38 honeypot-ams-1 kernel: [84288959.219452] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=34526 PROTO=TCP SPT=41154 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:59:38.817Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:59:48 honeypot-fra-1 kernel: [84286799.561810] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=10140 DF PROTO=TCP SPT=53961 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:59:48.866Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T11:04:43.115Z","@version":"1","message":"Sep 17 11:04:42 honeypot-sgp-1 kernel: [84288786.668037] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=31116 DF PROTO=TCP SPT=21156 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:10:24 honeypot-fra-1 sshd[25134]: Invalid user cdh from 194.163.190.53 port 53704","@timestamp":"2022-09-17T11:10:25.107Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:12:33 honeypot-ams-1 kernel: [84289733.830995] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.225.111.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=4013 PROTO=TCP SPT=5812 DPT=80 WINDOW=31956 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:12:34.151Z"}
{"@timestamp":"2022-09-17T11:13:36.339Z","@version":"1","message":"Sep 17 11:13:35 honeypot-sgp-1 sshd[28268]: Invalid user beau from 187.235.106.121 port 38450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:13:46.344Z","@version":"1","message":"Sep 17 11:13:45 honeypot-sgp-1 sshd[28272]: Invalid user ben from 27.254.159.123 port 40699","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:15:54 honeypot-fra-1 sshd[25139]: Received disconnect from 165.227.160.124 port 40362:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:15:55.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:16:03.401Z","@version":"1","message":"Sep 17 11:16:03 honeypot-sgp-1 sshd[28275]: Disconnected from invalid user gitlab-runner 20.91.212.97 port 45598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:16:50 honeypot-fra-1 sshd[25143]: Connection closed by invalid user user1 103.188.176.251 port 53328 [preauth]","@timestamp":"2022-09-17T11:16:50.254Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:19:38.493Z","@version":"1","message":"Sep 17 11:19:38 honeypot-sgp-1 kernel: [84289682.479034] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.248.252.6 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=44573 DF PROTO=TCP SPT=31026 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:23:32 honeypot-fra-1 kernel: [84288223.155863] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.12.89.184 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=42123 PROTO=TCP SPT=53571 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:23:33.410Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:25:07 honeypot-ams-1 sshd[1834]: Invalid user user from 193.106.191.157 port 52066","@timestamp":"2022-09-17T11:25:08.486Z"}
{"@timestamp":"2022-09-17T11:27:43.693Z","@version":"1","message":"Sep 17 11:27:43 honeypot-sgp-1 kernel: [84290167.533150] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.19 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59702 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:28:17 honeypot-fra-1 sshd[25154]: Invalid user meta from 194.163.190.53 port 47660","@timestamp":"2022-09-17T11:28:17.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:30:44 honeypot-ams-1 sshd[1839]: Received disconnect from 20.40.73.192 port 60068:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:30:44.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:32:06 honeypot-fra-1 sshd[25161]: Invalid user dude from 193.227.16.23 port 46610","@timestamp":"2022-09-17T11:32:06.607Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:32:44 honeypot-fra-1 kernel: [84288775.662659] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=4673 PROTO=TCP SPT=41154 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:32:45.624Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:33:08 honeypot-ams-1 sshd[1841]: Disconnected from invalid user heyang 199.188.203.210 port 41534 [preauth]","@timestamp":"2022-09-17T11:33:08.695Z"}
{"@timestamp":"2022-09-17T11:33:21.837Z","@version":"1","message":"Sep 17 11:33:21 honeypot-sgp-1 kernel: [84290505.985505] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=16443 DF PROTO=TCP SPT=57524 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:37:08 honeypot-fra-1 kernel: [84289039.191914] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31834 PROTO=TCP SPT=49353 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:37:08.720Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T11:40:28.014Z","@version":"1","message":"Sep 17 11:40:27 honeypot-sgp-1 sshd[28291]: Received disconnect from 64.225.111.207 port 53226:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:41:15 honeypot-ams-1 kernel: [84291455.661010] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.244.213.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=34530 PROTO=TCP SPT=50903 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:41:15.902Z"}
{"@timestamp":"2022-09-17T11:43:48.105Z","@version":"1","message":"Sep 17 11:43:47 honeypot-sgp-1 sshd[28296]: Received disconnect from 89.177.128.164 port 37310:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:44:01 honeypot-fra-1 sshd[25177]: Received disconnect from 139.59.247.236 port 50292:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:44:01.882Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:44:58.136Z","@version":"1","message":"Sep 17 11:44:58 honeypot-sgp-1 sshd[28300]: Received disconnect from 104.248.181.156 port 47514:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:54:58 honeypot-fra-1 kernel: [84290108.773599] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.217 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47283 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:54:58.147Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:55:27 honeypot-ams-1 kernel: [84292308.288378] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41041 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:55:28.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:57:27 honeypot-fra-1 sshd[25186]: Received disconnect from 46.101.248.68 port 43778:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:57:28.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:03:07 honeypot-fra-1 sshd[25190]: Disconnected from invalid user user 162.215.1.203 port 52058 [preauth]","@timestamp":"2022-09-17T12:03:07.339Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:03:55 honeypot-ams-1 sshd[1849]: Disconnected from invalid user firebird 181.49.53.26 port 43538 [preauth]","@timestamp":"2022-09-17T12:03:55.518Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:04:10 honeypot-fra-1 sshd[25198]: Disconnected from authenticating user root 178.176.225.151 port 53528 [preauth]","@timestamp":"2022-09-17T12:04:10.366Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:04:34.611Z","@version":"1","message":"Sep 17 12:04:33 honeypot-sgp-1 kernel: [84292378.109719] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.145.182.58 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=41217 PROTO=TCP SPT=54754 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:08:16 honeypot-fra-1 sshd[25202]: Connection closed by invalid user admin 179.60.147.69 port 10300 [preauth]","@timestamp":"2022-09-17T12:08:17.465Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:08:37.716Z","@version":"1","message":"Sep 17 12:08:37 honeypot-sgp-1 sshd[28311]: Connection closed by authenticating user root 117.36.196.122 port 40788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:10:20 honeypot-ams-1 kernel: [84293201.405139] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.7.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=38371 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:10:21.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:13:58 honeypot-fra-1 sshd[25207]: Received disconnect from 165.22.45.108 port 54048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T12:13:58.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:17:01 honeypot-fra-1 CRON[25209]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T12:17:01.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:22:35 honeypot-ams-1 kernel: [84293936.267171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.3.97.25 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=41894 DF PROTO=TCP SPT=39756 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:22:36.034Z"}
{"@timestamp":"2022-09-17T12:23:47.089Z","@version":"1","message":"Sep 17 12:23:46 honeypot-sgp-1 kernel: [84293530.599165] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=245 ID=42095 PROTO=TCP SPT=9701 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:30:11 honeypot-fra-1 sshd[25216]: Connection closed by invalid user sunp 194.163.190.53 port 42960 [preauth]","@timestamp":"2022-09-17T12:30:11.975Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:31:37 honeypot-ams-1 sshd[1868]: Received disconnect from 46.101.254.194 port 60050:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:31:38.268Z"}
{"@timestamp":"2022-09-17T12:33:48.338Z","@version":"1","message":"Sep 17 12:33:47 honeypot-sgp-1 kernel: [84294131.786453] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.18.104.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=19788 DF PROTO=TCP SPT=44530 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:36:35 honeypot-ams-1 sshd[1873]: Invalid user israel from 188.68.220.190 port 50916","@timestamp":"2022-09-17T12:36:35.401Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:37:30 honeypot-fra-1 kernel: [84292660.864702] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=17463 PROTO=TCP SPT=54411 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:37:31.150Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:41:02.519Z","@version":"1","message":"Sep 17 12:41:02 honeypot-sgp-1 sshd[28330]: Connection closed by 182.61.138.213 port 58198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:44:53 honeypot-ams-1 sshd[1876]: Received disconnect from 187.157.153.167 port 38280:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:44:53.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:45:06 honeypot-fra-1 sshd[25226]: Received disconnect from 200.49.105.91 port 58318:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:45:07.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:48:08 honeypot-fra-1 sshd[25231]: Connection closed by invalid user sunp 194.163.190.53 port 37146 [preauth]","@timestamp":"2022-09-17T12:48:09.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:52:57 honeypot-fra-1 sshd[25235]: Disconnected from invalid user nologin 52.231.92.23 port 58808 [preauth]","@timestamp":"2022-09-17T12:52:57.512Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:55:58.891Z","@version":"1","message":"Sep 17 12:55:58 honeypot-sgp-1 sshd[28340]: Received disconnect from 159.65.41.104 port 49758:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T12:56:14.899Z","@version":"1","message":"Sep 17 12:56:14 honeypot-sgp-1 sshd[28346]: Invalid user admin from 128.199.168.83 port 35046","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:56:25 honeypot-fra-1 sshd[25241]: Disconnected from authenticating user root 202.4.119.45 port 44990 [preauth]","@timestamp":"2022-09-17T12:56:26.594Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:02:28 honeypot-ams-1 kernel: [84296328.998916] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.225.111.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=34336 PROTO=TCP SPT=5812 DPT=80 WINDOW=31956 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:02:29.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:05:00 honeypot-fra-1 sshd[25247]: Disconnected from authenticating user root 1.63.226.147 port 36428 [preauth]","@timestamp":"2022-09-17T13:05:00.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:05:12.120Z","@version":"1","message":"Sep 17 13:05:11 honeypot-sgp-1 sshd[28354]: Did not receive identification string from 45.61.187.160 port 35944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:05:36.132Z","@version":"1","message":"Sep 17 13:05:35 honeypot-sgp-1 sshd[28357]: Received disconnect from 45.61.187.160 port 49192:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:05:56.142Z","@version":"1","message":"Sep 17 13:05:55 honeypot-sgp-1 sshd[28362]: Received disconnect from 45.61.187.160 port 44200:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:13.152Z","@version":"1","message":"Sep 17 13:06:12 honeypot-sgp-1 sshd[28366]: Invalid user user from 45.61.187.160 port 39246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:08:36.211Z","@version":"1","message":"Sep 17 13:08:36 honeypot-sgp-1 kernel: [84296220.429804] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.81.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=21314 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:09:20 honeypot-fra-1 kernel: [84294571.204668] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8654 PROTO=TCP SPT=40083 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:09:20.890Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:09:25.343Z","@version":"1","message":"Sep 17 13:09:24 honeypot-sgp-1 sshd[28375]: Received disconnect from 45.61.186.169 port 49606:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:42.352Z","@version":"1","message":"Sep 17 13:09:42 honeypot-sgp-1 sshd[28379]: Received disconnect from 45.61.186.169 port 44536:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:58.359Z","@version":"1","message":"Sep 17 13:09:58 honeypot-sgp-1 sshd[28383]: Received disconnect from 45.61.186.169 port 39458:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:10:58.386Z","@version":"1","message":"Sep 17 13:10:57 honeypot-sgp-1 sshd[28387]: Disconnected from authenticating user root 198.211.109.66 port 47910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:12:10 honeypot-fra-1 sshd[25257]: Disconnected from authenticating user root 168.167.72.96 port 3435 [preauth]","@timestamp":"2022-09-17T13:12:10.957Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:12:24 honeypot-ams-1 kernel: [84296925.201142] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53141 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:12:25.361Z"}
{"@timestamp":"2022-09-17T13:13:13.446Z","@version":"1","message":"Sep 17 13:13:12 honeypot-sgp-1 sshd[28392]: Invalid user user from 45.61.186.249 port 33058","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:13:30.455Z","@version":"1","message":"Sep 17 13:13:30 honeypot-sgp-1 sshd[28396]: Invalid user user from 45.61.186.249 port 55942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:40 honeypot-ams-1 sshd[1888]: Received disconnect from 45.61.184.204 port 36510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T13:13:40.400Z"}
{"@timestamp":"2022-09-17T13:13:47.463Z","@version":"1","message":"Sep 17 13:13:46 honeypot-sgp-1 sshd[28401]: Invalid user user from 45.61.186.249 port 50582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:58 honeypot-ams-1 sshd[1892]: Invalid user user from 45.61.184.204 port 59352","@timestamp":"2022-09-17T13:13:59.409Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:14:06 honeypot-fra-1 sshd[25263]: Received disconnect from 13.80.7.122 port 43284:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:14:07.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:08 honeypot-ams-1 sshd[1894]: Received disconnect from 49.247.198.162 port 50350:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:14:08.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:23 honeypot-ams-1 sshd[1900]: Received disconnect from 45.61.184.204 port 37182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T13:14:24.424Z"}
{"@timestamp":"2022-09-17T13:15:05.498Z","@version":"1","message":"Sep 17 13:15:04 honeypot-sgp-1 sshd[28405]: Invalid user adalberto from 143.110.151.255 port 56814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:15:19 honeypot-fra-1 sshd[25267]: Disconnected from invalid user haha 213.108.241.222 port 42236 [preauth]","@timestamp":"2022-09-17T13:15:20.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:16:23.532Z","@version":"1","message":"Sep 17 13:16:22 honeypot-sgp-1 sshd[28408]: Connection closed by invalid user pi 70.175.251.169 port 36156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:17:37 honeypot-ams-1 sshd[1906]: Received disconnect from 13.67.201.190 port 33698:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:17:37.511Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:21:56 honeypot-fra-1 sshd[25275]: Connection closed by invalid user user 193.106.191.157 port 37538 [preauth]","@timestamp":"2022-09-17T13:21:57.191Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:22:06.675Z","@version":"1","message":"Sep 17 13:22:06 honeypot-sgp-1 sshd[28419]: Disconnected from authenticating user root 190.107.22.235 port 54478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:25:26 honeypot-ams-1 kernel: [84297706.843208] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.170.246.176 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=246 ID=29072 PROTO=TCP SPT=45957 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:25:26.722Z"}
{"@timestamp":"2022-09-17T13:33:36.958Z","@version":"1","message":"Sep 17 13:33:36 honeypot-sgp-1 sshd[28426]: Received disconnect from 45.61.186.169 port 41970:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:33:55.968Z","@version":"1","message":"Sep 17 13:33:55 honeypot-sgp-1 sshd[28430]: Received disconnect from 45.61.186.169 port 36502:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:12.977Z","@version":"1","message":"Sep 17 13:34:12 honeypot-sgp-1 sshd[28434]: Received disconnect from 45.61.186.169 port 59326:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:28.985Z","@version":"1","message":"Sep 17 13:34:28 honeypot-sgp-1 sshd[28438]: Invalid user user from 45.61.186.169 port 53810","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:39:47 honeypot-fra-1 kernel: [84296397.929537] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=39035 PROTO=TCP SPT=25451 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:39:47.606Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:40:34 honeypot-ams-1 sshd[1920]: Connection closed by authenticating user root 103.188.176.251 port 48462 [preauth]","@timestamp":"2022-09-17T13:40:35.128Z"}
{"@timestamp":"2022-09-17T13:40:59.146Z","@version":"1","message":"Sep 17 13:40:58 honeypot-sgp-1 sshd[28445]: Disconnected from invalid user user 45.61.186.169 port 37544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:17.156Z","@version":"1","message":"Sep 17 13:41:16 honeypot-sgp-1 sshd[28449]: Disconnected from invalid user user 45.61.186.169 port 32836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:34.169Z","@version":"1","message":"Sep 17 13:41:33 honeypot-sgp-1 sshd[28453]: Received disconnect from 45.61.186.169 port 56456:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:50.176Z","@version":"1","message":"Sep 17 13:41:49 honeypot-sgp-1 sshd[28457]: Received disconnect from 45.61.186.169 port 51746:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:44:02 honeypot-fra-1 kernel: [84296653.170095] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.38.41.5 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=11045 DF PROTO=TCP SPT=49964 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:44:03.707Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:47:55.324Z","@version":"1","message":"Sep 17 13:47:55 honeypot-sgp-1 sshd[28463]: Disconnected from invalid user admin 62.204.41.222 port 2541 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:50:45 honeypot-fra-1 kernel: [84297055.450455] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=34545 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:50:45.862Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:57:01.545Z","@version":"1","message":"Sep 17 13:57:01 honeypot-sgp-1 kernel: [84299125.409856] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.51.254 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=21154 PROTO=TCP SPT=39281 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:57:11 honeypot-fra-1 sshd[25298]: Connection closed by invalid user admin 179.60.147.69 port 60820 [preauth]","@timestamp":"2022-09-17T13:57:12.010Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:59:23 honeypot-ams-1 sshd[1926]: Connection closed by invalid user admin 179.60.147.69 port 18302 [preauth]","@timestamp":"2022-09-17T13:59:23.640Z"}
{"@timestamp":"2022-09-17T14:05:44.775Z","@version":"1","message":"Sep 17 14:05:44 honeypot-sgp-1 sshd[28471]: Disconnecting invalid user admin 61.199.47.58 port 63480: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:06:38 honeypot-fra-1 kernel: [84298008.656688] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=165.22.82.222 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=5432 DF PROTO=TCP SPT=65388 DPT=3389 WINDOW=200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:06:39.221Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:11:29 honeypot-ams-1 kernel: [84300469.913112] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53725 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:11:29.955Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:12:22 honeypot-fra-1 sshd[25308]: Invalid user aaai2020 from 194.163.190.53 port 54912","@timestamp":"2022-09-17T14:12:23.353Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:17:01 honeypot-ams-1 CRON[1935]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T14:17:02.105Z"}
{"@timestamp":"2022-09-17T14:17:02.053Z","@version":"1","message":"Sep 17 14:17:01 honeypot-sgp-1 CRON[28477]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:20:31 honeypot-fra-1 sshd[25314]: Connection closed by invalid user aaai2020 194.163.190.53 port 33542 [preauth]","@timestamp":"2022-09-17T14:20:31.535Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:07 honeypot-ams-1 sshd[1941]: Received disconnect from 45.61.184.204 port 43382:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T14:21:08.246Z"}
{"@timestamp":"2022-09-17T14:21:18.159Z","@version":"1","message":"Sep 17 14:21:17 honeypot-sgp-1 sshd[28482]: Did not receive identification string from 128.14.232.100 port 19920","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:26 honeypot-ams-1 sshd[1945]: Received disconnect from 45.61.184.204 port 38282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T14:21:27.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:43 honeypot-ams-1 sshd[1949]: Received disconnect from 45.61.184.204 port 33118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T14:21:44.263Z"}
{"@timestamp":"2022-09-17T14:26:24.286Z","@version":"1","message":"Sep 17 14:26:23 honeypot-sgp-1 kernel: [84300888.265367] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.101.5.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41883 PROTO=TCP SPT=44404 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:29:17 honeypot-fra-1 kernel: [84299367.403851] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=26554 DF PROTO=TCP SPT=26739 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:29:17.731Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:31:53 honeypot-ams-1 kernel: [84301694.074114] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=46039 PROTO=TCP SPT=5270 DPT=80 WINDOW=9836 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:31:54.526Z"}
{"@timestamp":"2022-09-17T14:32:42.447Z","@version":"1","message":"Sep 17 14:32:41 honeypot-sgp-1 sshd[28496]: Connection closed by invalid user user 179.60.147.69 port 55150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:00 honeypot-fra-1 sshd[25323]: Did not receive identification string from 20.243.201.105 port 60764","@timestamp":"2022-09-17T14:34:00.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25353]: Invalid user kafka from 20.243.201.105 port 60848","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25329]: Invalid user admin from 20.243.201.105 port 60780","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25339]: Connection closed by authenticating user root 20.243.201.105 port 60784 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25344]: Invalid user appuser from 20.243.201.105 port 60840","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25353]: Connection closed by invalid user kafka 20.243.201.105 port 60848 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25342]: Connection closed by invalid user oracle 20.243.201.105 port 60822 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25357]: Connection closed by authenticating user root 20.243.201.105 port 60842 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25324]: Connection closed by invalid user test 20.243.201.105 port 60776 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:36:07.535Z","@version":"1","message":"Sep 17 14:36:06 honeypot-sgp-1 kernel: [84301470.932160] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=13248 DF PROTO=TCP SPT=57828 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:36:29 honeypot-fra-1 kernel: [84299799.530759] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.74.61.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7893 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:36:29.902Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:37:37 honeypot-ams-1 kernel: [84302038.252537] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=27461 PROTO=TCP SPT=46601 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:37:38.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:42:03 honeypot-fra-1 sshd[25387]: Invalid user admin from 128.199.160.207 port 60548","@timestamp":"2022-09-17T14:42:04.028Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:45:38 honeypot-fra-1 kernel: [84300349.201819] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=88 TOS=0x00 PREC=0x00 TTL=250 ID=13021 PROTO=TCP SPT=19725 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:45:39.111Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T14:46:21.791Z","@version":"1","message":"Sep 17 14:46:21 honeypot-sgp-1 kernel: [84302085.985590] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=38.54.37.140 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=50690 PROTO=TCP SPT=58166 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:46:23 honeypot-ams-1 kernel: [84302564.470637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=41988 PROTO=TCP SPT=55902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:46:24.910Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:53:25 honeypot-fra-1 kernel: [84300815.865872] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.72.105 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23486 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:53:26.302Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T14:57:34.090Z","@version":"1","message":"Sep 17 14:57:33 honeypot-sgp-1 sshd[28510]: Received disconnect from 143.110.176.216 port 40542:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:02:15 honeypot-fra-1 sshd[25404]: Invalid user admin from 62.204.41.222 port 40237","@timestamp":"2022-09-17T15:02:15.503Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:03:03 honeypot-ams-1 kernel: [84303563.743540] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.112.169.248 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=36584 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:03:03.347Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:08:11 honeypot-fra-1 sshd[25407]: Received disconnect from 165.22.45.108 port 41228:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T15:08:12.638Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:08:52.371Z","@version":"1","message":"Sep 17 15:08:51 honeypot-sgp-1 sshd[28518]: Invalid user debian from 179.60.147.69 port 38804","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:10:28 honeypot-fra-1 sshd[25414]: Invalid user  from 163.152.214.150 port 33518","@timestamp":"2022-09-17T15:10:29.694Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:11:58.452Z","@version":"1","message":"Sep 17 15:11:57 honeypot-sgp-1 sshd[28524]: Received disconnect from 167.71.38.231 port 59652:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:16:15.560Z","@version":"1","message":"Sep 17 15:16:15 honeypot-sgp-1 sshd[28528]: Received disconnect from 140.238.255.101 port 59244:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:17:00 honeypot-fra-1 sshd[25419]: Invalid user fuweijie from 194.163.190.53 port 34508","@timestamp":"2022-09-17T15:17:00.843Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:17:02.582Z","@version":"1","message":"Sep 17 15:17:01 honeypot-sgp-1 CRON[28533]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:17:01 honeypot-ams-1 CRON[1967]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T15:17:02.708Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:18:44 honeypot-fra-1 sshd[25424]: Disconnected from invalid user yd 31.187.72.39 port 56344 [preauth]","@timestamp":"2022-09-17T15:18:45.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:21:13 honeypot-fra-1 sshd[25428]: Disconnected from invalid user xbmc 207.154.208.193 port 45182 [preauth]","@timestamp":"2022-09-17T15:21:13.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:24:48 honeypot-fra-1 sshd[25433]: Connection closed by invalid user fuweijie 194.163.190.53 port 42768 [preauth]","@timestamp":"2022-09-17T15:24:49.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:25:26.820Z","@version":"1","message":"Sep 17 15:25:25 honeypot-sgp-1 sshd[28539]: Disconnected from authenticating user root 61.76.169.138 port 13278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:26:59.862Z","@version":"1","message":"Sep 17 15:26:59 honeypot-sgp-1 sshd[28545]: Received disconnect from 165.232.141.0 port 49450:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:30:39 honeypot-ams-1 sshd[1974]: Received disconnect from 137.184.216.0 port 47786:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:30:40.086Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:01 honeypot-fra-1 sshd[25438]: Disconnected from authenticating user bin 61.19.127.228 port 40608 [preauth]","@timestamp":"2022-09-17T15:32:02.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:56 honeypot-fra-1 sshd[25444]: Received disconnect from 62.74.208.58 port 39072:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:32:57.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:35:43 honeypot-fra-1 sshd[25448]: Disconnected from invalid user vui 51.250.80.38 port 42402 [preauth]","@timestamp":"2022-09-17T15:35:43.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:36:28 honeypot-fra-1 kernel: [84303398.518589] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.20.87.98 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=115 ID=10703 PROTO=TCP SPT=17340 DPT=80 WINDOW=8738 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:36:29.290Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:38:11 honeypot-ams-1 kernel: [84305671.962700] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=24447 PROTO=TCP SPT=23013 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:38:12.279Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:41:00 honeypot-fra-1 sshd[25457]: Connection closed by invalid user fuweijie 194.163.190.53 port 58252 [preauth]","@timestamp":"2022-09-17T15:41:00.393Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:42:11.235Z","@version":"1","message":"Sep 17 15:42:10 honeypot-sgp-1 kernel: [84305435.205414] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.82.65.186 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50712 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:48:14.387Z","@version":"1","message":"Sep 17 15:48:13 honeypot-sgp-1 sshd[28556]: Disconnected from invalid user user 45.61.184.204 port 49568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:48:35.398Z","@version":"1","message":"Sep 17 15:48:34 honeypot-sgp-1 sshd[28560]: Disconnected from invalid user user 45.61.184.204 port 44856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:48:44 honeypot-fra-1 sshd[25462]: Connection closed by invalid user hejun 194.163.190.53 port 37178 [preauth]","@timestamp":"2022-09-17T15:48:44.602Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:48:53.406Z","@version":"1","message":"Sep 17 15:48:53 honeypot-sgp-1 sshd[28564]: Disconnected from invalid user user 45.61.184.204 port 40138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:49:11.415Z","@version":"1","message":"Sep 17 15:49:10 honeypot-sgp-1 sshd[28568]: Disconnected from invalid user user 45.61.184.204 port 35418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:50:54 honeypot-ams-1 kernel: [84306435.101656] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.220.204.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53715 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:50:55.607Z"}
{"@timestamp":"2022-09-17T15:54:12.541Z","@version":"1","message":"Sep 17 15:54:11 honeypot-sgp-1 sshd[28578]: Invalid user pi from 79.232.97.97 port 39108","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:54:12 honeypot-fra-1 sshd[25467]: Invalid user user from 193.106.191.157 port 50482","@timestamp":"2022-09-17T15:54:12.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:56:17 honeypot-fra-1 sshd[25471]: Connection closed by invalid user hejun 194.163.190.53 port 46506 [preauth]","@timestamp":"2022-09-17T15:56:18.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:56:47.606Z","@version":"1","message":"Sep 17 15:56:47 honeypot-sgp-1 sshd[28580]: Disconnected from invalid user 115.146.93.242 36.80.48.9 port 63585 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:04:07.791Z","@version":"1","message":"Sep 17 16:04:06 honeypot-sgp-1 sshd[28587]: Received disconnect from 34.81.150.245 port 35696:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:04:35 honeypot-fra-1 kernel: [84305085.896819] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.133.81.29 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58057 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:04:35.966Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:10:22 honeypot-ams-1 sshd[1992]: Connection closed by invalid user ops 103.188.176.251 port 47000 [preauth]","@timestamp":"2022-09-17T16:10:23.111Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:13:35 honeypot-ams-1 kernel: [84307795.543271] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55392 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:13:35.196Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:14:41 honeypot-fra-1 sshd[25484]: Invalid user ops from 103.188.176.251 port 58992","@timestamp":"2022-09-17T16:14:42.195Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:17:35.119Z","@version":"1","message":"Sep 17 16:17:34 honeypot-sgp-1 sshd[28597]: Received disconnect from 61.177.172.108 port 48058:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:18:26.142Z","@version":"1","message":"Sep 17 16:18:25 honeypot-sgp-1 sshd[28601]: Disconnected from invalid user ubuntu 190.64.68.178 port 4339 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:19:53 honeypot-fra-1 kernel: [84306003.073180] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=17436 PROTO=TCP SPT=51345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:19:53.315Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T16:22:19.239Z","@version":"1","message":"Sep 17 16:22:18 honeypot-sgp-1 sshd[28608]: Invalid user training from 206.189.153.72 port 55988","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:24:58 honeypot-ams-1 sshd[2002]: Invalid user default from 179.60.147.69 port 42352","@timestamp":"2022-09-17T16:24:58.521Z"}
{"@timestamp":"2022-09-17T16:25:37.321Z","@version":"1","message":"Sep 17 16:25:36 honeypot-sgp-1 sshd[28610]: Connection reset by 61.177.173.39 port 18535 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:28:14 honeypot-fra-1 sshd[25498]: Invalid user huzhou from 194.163.190.53 port 51438","@timestamp":"2022-09-17T16:28:15.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:33:58.529Z","@version":"1","message":"Sep 17 16:33:58 honeypot-sgp-1 kernel: [84308542.576125] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=60867 PROTO=TCP SPT=52430 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:36:30 honeypot-fra-1 kernel: [84307000.463577] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=25934 PROTO=TCP SPT=43353 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:36:30.697Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T16:37:27.618Z","@version":"1","message":"Sep 17 16:37:26 honeypot-sgp-1 sshd[28624]: Connection closed by invalid user user 103.188.176.251 port 49882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:40:25 honeypot-fra-1 sshd[25506]: Connection closed by invalid user user 193.106.191.157 port 52804 [preauth]","@timestamp":"2022-09-17T16:40:25.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:41:22 honeypot-fra-1 sshd[25512]: Disconnected from authenticating user root 128.199.62.182 port 51826 [preauth]","@timestamp":"2022-09-17T16:41:22.814Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:42:35 honeypot-ams-1 kernel: [84309535.937171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=32867 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:42:35.974Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:48:29 honeypot-ams-1 sshd[2009]: Received disconnect from 62.204.41.222 port 24938:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-17T16:48:30.129Z"}
{"@timestamp":"2022-09-17T16:49:56.927Z","@version":"1","message":"Sep 17 16:49:56 honeypot-sgp-1 sshd[28633]: Invalid user cv from 113.21.232.39 port 42986","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:52:34 honeypot-fra-1 sshd[25519]: Connection closed by invalid user luosuchang 194.163.190.53 port 54270 [preauth]","@timestamp":"2022-09-17T16:52:34.066Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:56:57 honeypot-ams-1 sshd[2014]: Received disconnect from 186.147.129.110 port 48236:11: Bye Bye [preauth]","@timestamp":"2022-09-17T16:56:58.354Z"}
{"@timestamp":"2022-09-17T16:57:27.111Z","@version":"1","message":"Sep 17 16:57:26 honeypot-sgp-1 kernel: [84309950.631046] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=50205 PROTO=TCP SPT=52241 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:58:54 honeypot-fra-1 sshd[25525]: Connection closed by invalid user centos 179.60.147.69 port 58112 [preauth]","@timestamp":"2022-09-17T16:58:55.211Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:59:10 honeypot-ams-1 sshd[2018]: Disconnected from authenticating user root 91.240.118.222 port 58445 [preauth]","@timestamp":"2022-09-17T16:59:11.415Z"}
{"@timestamp":"2022-09-17T17:01:04.203Z","@version":"1","message":"Sep 17 17:01:04 honeypot-sgp-1 sshd[28645]: Invalid user pi from 95.131.147.215 port 40760","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:02:32 honeypot-fra-1 kernel: [84308562.596109] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.126.12.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1524 PROTO=TCP SPT=54078 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:02:33.294Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:10 honeypot-fra-1 sshd[25534]: Disconnected from invalid user charlie 111.67.193.58 port 47486 [preauth]","@timestamp":"2022-09-17T17:05:11.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:34 honeypot-fra-1 sshd[25539]: Received disconnect from 45.61.186.169 port 45924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T17:05:35.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:53 honeypot-fra-1 sshd[25544]: Received disconnect from 45.61.186.169 port 41230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T17:05:53.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:10 honeypot-fra-1 sshd[25548]: Received disconnect from 45.61.186.169 port 36560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T17:06:11.385Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:06:11.330Z","@version":"1","message":"Sep 17 17:06:10 honeypot-sgp-1 kernel: [84310474.653699] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=35136 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:27 honeypot-fra-1 sshd[25552]: Received disconnect from 45.61.186.169 port 60114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T17:06:28.403Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:07:57.376Z","@version":"1","message":"Sep 17 17:07:57 honeypot-sgp-1 sshd[28654]: Disconnected from invalid user dan 1.217.139.30 port 60888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:08:55 honeypot-ams-1 kernel: [84311116.275555] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=144.126.130.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=39937 PROTO=TCP SPT=54530 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:08:56.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:09:01 honeypot-fra-1 CRON[25556]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T17:09:01.545Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:11:07.455Z","@version":"1","message":"Sep 17 17:11:07 honeypot-sgp-1 sshd[28661]: Invalid user vic from 68.183.92.26 port 49944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:12:31 honeypot-fra-1 sshd[25563]: Disconnected from 206.189.197.134 port 46942 [preauth]","@timestamp":"2022-09-17T17:12:31.628Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:14:04.528Z","@version":"1","message":"Sep 17 17:14:04 honeypot-sgp-1 sshd[28668]: Connection reset by 61.177.173.39 port 54283 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:17:02.603Z","@version":"1","message":"Sep 17 17:17:01 honeypot-sgp-1 CRON[28677]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:17:01 honeypot-ams-1 CRON[2029]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T17:17:02.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:18:32 honeypot-fra-1 kernel: [84309522.084837] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.97.18.168 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=50210 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:18:32.766Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:24:20 honeypot-fra-1 sshd[25574]: Connection closed by invalid user qianbiao 194.163.190.53 port 59988 [preauth]","@timestamp":"2022-09-17T17:24:21.901Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:24:32.785Z","@version":"1","message":"Sep 17 17:24:32 honeypot-sgp-1 sshd[28683]: Received disconnect from 61.177.172.114 port 19243:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:22.928Z","@version":"1","message":"Sep 17 17:30:22 honeypot-sgp-1 sshd[28688]: Invalid user onapp from 190.210.182.179 port 39114","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:29.933Z","@version":"1","message":"Sep 17 17:30:29 honeypot-sgp-1 sshd[28692]: Invalid user admin from 202.88.241.158 port 3496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:57.947Z","@version":"1","message":"Sep 17 17:30:57 honeypot-sgp-1 sshd[28696]: Received disconnect from 160.251.47.176 port 41066:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:31:31.963Z","@version":"1","message":"Sep 17 17:31:31 honeypot-sgp-1 sshd[28700]: Received disconnect from 104.131.186.38 port 50674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:31:57 honeypot-fra-1 sshd[25580]: Connection closed by invalid user qianbiao 194.163.190.53 port 38950 [preauth]","@timestamp":"2022-09-17T17:31:58.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:32:43 honeypot-fra-1 sshd[25586]: Invalid user usher from 79.129.29.237 port 54606","@timestamp":"2022-09-17T17:32:44.097Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:34:46 honeypot-fra-1 sshd[25591]: Received disconnect from 167.71.77.9 port 60104:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:34:47.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:35:48.069Z","@version":"1","message":"Sep 17 17:35:47 honeypot-sgp-1 sshd[28705]: Disconnected from invalid user fjx 84.139.96.147 port 55918 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:36:40 honeypot-ams-1 kernel: [84312780.496599] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43093 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:36:40.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:41:23 honeypot-fra-1 kernel: [84310893.358716] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=42.81.157.50 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=16989 PROTO=TCP SPT=51760 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:41:24.295Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:41:34.209Z","@version":"1","message":"Sep 17 17:41:33 honeypot-sgp-1 kernel: [84312597.578532] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.133.81.29 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=34871 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:52:26 honeypot-ams-1 kernel: [84313726.949573] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47434 PROTO=TCP SPT=51442 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:52:26.793Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:53:01 honeypot-fra-1 kernel: [84311590.970198] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=665 PROTO=TCP SPT=48658 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:53:01.583Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:53:09.833Z","@version":"1","message":"Sep 17 17:53:09 honeypot-sgp-1 kernel: [84313293.742221] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=38.54.37.140 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=56157 PROTO=TCP SPT=56972 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:58:04.956Z","@version":"1","message":"Sep 17 17:58:04 honeypot-sgp-1 sshd[28726]: Received disconnect from 61.177.172.108 port 10386:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:01:39 honeypot-fra-1 kernel: [84312109.210186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47530 PROTO=TCP SPT=57509 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:01:39.781Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T18:02:57.080Z","@version":"1","message":"Sep 17 18:02:56 honeypot-sgp-1 kernel: [84313880.399827] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48057 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:03:11 honeypot-fra-1 sshd[25679]: Disconnected from invalid user light 165.22.45.108 port 56644 [preauth]","@timestamp":"2022-09-17T18:03:12.820Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:06:21 honeypot-ams-1 kernel: [84314561.696120] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.203.52.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=59599 PROTO=TCP SPT=51515 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:06:22.156Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:11:22 honeypot-fra-1 sshd[25685]: Invalid user shaopengyang from 194.163.190.53 port 53974","@timestamp":"2022-09-17T18:11:23.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:17:01 honeypot-fra-1 CRON[25690]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T18:17:02.140Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:18:31.463Z","@version":"1","message":"Sep 17 18:18:31 honeypot-sgp-1 kernel: [84314815.314889] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.241.92.31 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=18767 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:22:52 honeypot-ams-1 kernel: [84315553.355458] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=38553 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:22:53.581Z"}
{"@timestamp":"2022-09-17T18:25:37.637Z","@version":"1","message":"Sep 17 18:25:36 honeypot-sgp-1 sshd[28756]: Disconnected from authenticating user root 61.177.173.36 port 55922 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:26:00 honeypot-fra-1 sshd[25698]: Received disconnect from 213.215.140.6 port 51408:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:26:00.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:27:43.693Z","@version":"1","message":"Sep 17 18:27:43 honeypot-sgp-1 sshd[28762]: Invalid user cameras from 185.246.130.20 port 24513","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:08.705Z","@version":"1","message":"Sep 17 18:28:07 honeypot-sgp-1 sshd[28768]: Received disconnect from 118.172.198.216 port 47142:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:27.714Z","@version":"1","message":"Sep 17 18:28:26 honeypot-sgp-1 sshd[28772]: Invalid user admin from 185.246.130.20 port 57274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:00.732Z","@version":"1","message":"Sep 17 18:28:59 honeypot-sgp-1 sshd[28778]: Invalid user manager from 185.246.130.20 port 30893","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:29:09 honeypot-ams-1 sshd[2071]: Received disconnect from 109.62.195.23 port 58866:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:29:09.771Z"}
{"@timestamp":"2022-09-17T18:29:29.748Z","@version":"1","message":"Sep 17 18:29:28 honeypot-sgp-1 sshd[28784]: Disconnecting invalid user 1234 185.246.130.20 port 60820: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:48.758Z","@version":"1","message":"Sep 17 18:29:48 honeypot-sgp-1 sshd[28791]: Disconnecting invalid user  185.246.130.20 port 36202: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:30:32 honeypot-fra-1 sshd[25777]: Invalid user  from 152.32.157.116 port 43472","@timestamp":"2022-09-17T18:30:32.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:30:33.781Z","@version":"1","message":"Sep 17 18:30:32 honeypot-sgp-1 sshd[28799]: Invalid user blank from 185.246.130.20 port 6680","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:49.788Z","@version":"1","message":"Sep 17 18:30:49 honeypot-sgp-1 sshd[28806]: Received disconnect from 45.61.184.204 port 53674:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:58.792Z","@version":"1","message":"Sep 17 18:30:58 honeypot-sgp-1 sshd[28810]: Disconnected from invalid user user 45.61.184.204 port 36800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:11.798Z","@version":"1","message":"Sep 17 18:31:11 honeypot-sgp-1 sshd[28812]: Disconnecting authenticating user root 185.246.130.20 port 21154: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:24.805Z","@version":"1","message":"Sep 17 18:31:24 honeypot-sgp-1 sshd[28820]: Invalid user user from 45.61.184.204 port 42608","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:33.810Z","@version":"1","message":"Sep 17 18:31:33 honeypot-sgp-1 sshd[28824]: Received disconnect from 45.61.184.204 port 53966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:42.814Z","@version":"1","message":"Sep 17 18:31:41 honeypot-sgp-1 sshd[28829]: Disconnected from invalid user user 45.61.184.204 port 37086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:32:05.826Z","@version":"1","message":"Sep 17 18:32:05 honeypot-sgp-1 sshd[28836]: Invalid user Administrator from 185.246.130.20 port 57264","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:12 honeypot-fra-1 sshd[25780]: Disconnected from invalid user user 45.61.187.160 port 58558 [preauth]","@timestamp":"2022-09-17T18:32:12.488Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:32:32.840Z","@version":"1","message":"Sep 17 18:32:32 honeypot-sgp-1 sshd[28842]: Invalid user adslroot from 185.246.130.20 port 8050","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:36 honeypot-fra-1 sshd[25784]: Disconnected from invalid user user 45.61.187.160 port 53564 [preauth]","@timestamp":"2022-09-17T18:32:36.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:55 honeypot-fra-1 sshd[25788]: Disconnected from invalid user user 45.61.187.160 port 48558 [preauth]","@timestamp":"2022-09-17T18:32:55.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:33:01.855Z","@version":"1","message":"Sep 17 18:33:01 honeypot-sgp-1 sshd[28848]: Invalid user blank from 185.246.130.20 port 31751","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:33:13 honeypot-fra-1 sshd[25792]: Disconnected from invalid user user 45.61.187.160 port 43584 [preauth]","@timestamp":"2022-09-17T18:33:13.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:33:27.867Z","@version":"1","message":"Sep 17 18:33:26 honeypot-sgp-1 sshd[28854]: Disconnecting authenticating user root 185.246.130.20 port 45684: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:45.878Z","@version":"1","message":"Sep 17 18:33:45 honeypot-sgp-1 sshd[28859]: Disconnecting invalid user admin 185.246.130.20 port 28464: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:34:04.888Z","@version":"1","message":"Sep 17 18:34:04 honeypot-sgp-1 sshd[28866]: Disconnecting invalid user cusadmin 185.246.130.20 port 41606: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:34:33.902Z","@version":"1","message":"Sep 17 18:34:32 honeypot-sgp-1 sshd[28872]: Disconnecting invalid user lgnortel 185.246.130.20 port 36779: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:34:45 honeypot-ams-1 sshd[2074]: Invalid user wp-user from 190.226.244.9 port 41058","@timestamp":"2022-09-17T18:34:46.923Z"}
{"@timestamp":"2022-09-17T18:35:03.917Z","@version":"1","message":"Sep 17 18:35:03 honeypot-sgp-1 sshd[28879]: Disconnecting invalid user admin 185.246.130.20 port 2794: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:35:38.934Z","@version":"1","message":"Sep 17 18:35:38 honeypot-sgp-1 sshd[28885]: Disconnecting invalid user matrix 185.246.130.20 port 23311: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:35:57 honeypot-fra-1 sshd[25799]: Received disconnect from 200.91.219.250 port 57290:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:35:57.585Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:36:11.950Z","@version":"1","message":"Sep 17 18:36:11 honeypot-sgp-1 sshd[28891]: Disconnecting invalid user motorola 185.246.130.20 port 21652: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:36:52.975Z","@version":"1","message":"Sep 17 18:36:52 honeypot-sgp-1 sshd[28899]: Invalid user admin from 185.246.130.20 port 11584","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:12.984Z","@version":"1","message":"Sep 17 18:37:12 honeypot-sgp-1 sshd[28905]: Invalid user 0 from 185.246.130.20 port 10432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:44.000Z","@version":"1","message":"Sep 17 18:37:43 honeypot-sgp-1 sshd[28911]: Invalid user admin from 185.246.130.20 port 2339","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:14.016Z","@version":"1","message":"Sep 17 18:38:13 honeypot-sgp-1 sshd[28917]: Invalid user Broadcom from 185.246.130.20 port 61396","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:41.029Z","@version":"1","message":"Sep 17 18:38:40 honeypot-sgp-1 sshd[28923]: Invalid user cusadmin from 185.246.130.20 port 42903","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:11.043Z","@version":"1","message":"Sep 17 18:39:10 honeypot-sgp-1 sshd[28929]: Invalid user sweex from 185.246.130.20 port 25319","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:44.061Z","@version":"1","message":"Sep 17 18:39:43 honeypot-sgp-1 sshd[28935]: Invalid user  from 185.246.130.20 port 54711","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:05.072Z","@version":"1","message":"Sep 17 18:40:04 honeypot-sgp-1 sshd[28942]: Invalid user ubnt from 185.246.130.20 port 38533","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:33.086Z","@version":"1","message":"Sep 17 18:40:32 honeypot-sgp-1 sshd[28948]: Disconnecting invalid user user 185.246.130.20 port 24035: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:40:44 honeypot-ams-1 sshd[2079]: Did not receive identification string from 167.172.152.18 port 58328","@timestamp":"2022-09-17T18:40:45.089Z"}
{"@timestamp":"2022-09-17T18:41:04.102Z","@version":"1","message":"Sep 17 18:41:03 honeypot-sgp-1 sshd[28954]: Disconnecting invalid user Admin 185.246.130.20 port 38735: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:40.119Z","@version":"1","message":"Sep 17 18:41:39 honeypot-sgp-1 sshd[28963]: Received disconnect from 61.177.172.19 port 38558:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:59.130Z","@version":"1","message":"Sep 17 18:41:58 honeypot-sgp-1 sshd[28967]: Disconnecting invalid user zoomadsl 185.246.130.20 port 17221: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:42:29 honeypot-fra-1 sshd[25804]: Connection closed by invalid user user 103.188.176.251 port 49910 [preauth]","@timestamp":"2022-09-17T18:42:29.733Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:42:29 honeypot-ams-1 sshd[2084]: Received disconnect from 167.172.152.18 port 37552:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:42:30.140Z"}
{"@timestamp":"2022-09-17T18:42:38.148Z","@version":"1","message":"Sep 17 18:42:38 honeypot-sgp-1 sshd[28973]: Connection closed by invalid user ltecl4r0 185.246.130.20 port 25685 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:43:26 honeypot-ams-1 sshd[2090]: Received disconnect from 167.172.152.18 port 34730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:43:27.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:44:50 honeypot-ams-1 sshd[2096]: Received disconnect from 167.172.152.18 port 58706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:44:51.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:45:46 honeypot-ams-1 sshd[2101]: Disconnected from invalid user user 167.172.152.18 port 55936 [preauth]","@timestamp":"2022-09-17T18:45:47.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:46:41 honeypot-ams-1 sshd[2105]: Disconnected from invalid user postgres 167.172.152.18 port 53082 [preauth]","@timestamp":"2022-09-17T18:46:42.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:47:37 honeypot-ams-1 sshd[2109]: Disconnected from invalid user gituser 167.172.152.18 port 50350 [preauth]","@timestamp":"2022-09-17T18:47:38.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:32 honeypot-ams-1 sshd[2113]: Disconnected from invalid user ansible 167.172.152.18 port 47510 [preauth]","@timestamp":"2022-09-17T18:48:33.332Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:49:06 honeypot-fra-1 sshd[25811]: Invalid user share from 194.163.190.53 port 60874","@timestamp":"2022-09-17T18:49:06.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:49:20.310Z","@version":"1","message":"Sep 17 18:49:19 honeypot-sgp-1 sshd[28982]: Received disconnect from 61.177.173.50 port 24617:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:49:26 honeypot-ams-1 sshd[2117]: Disconnected from invalid user test 167.172.152.18 port 44706 [preauth]","@timestamp":"2022-09-17T18:49:27.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:50:21 honeypot-ams-1 sshd[2123]: Invalid user demo from 167.172.152.18 port 41888","@timestamp":"2022-09-17T18:50:22.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:51:16 honeypot-ams-1 sshd[2128]: Invalid user jenkins from 167.172.152.18 port 38770","@timestamp":"2022-09-17T18:51:16.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:52:10 honeypot-ams-1 sshd[2132]: Invalid user ftpadmin from 167.172.152.18 port 36278","@timestamp":"2022-09-17T18:52:11.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:52:38 honeypot-ams-1 sshd[2134]: Disconnected from invalid user webadmin 167.172.152.18 port 34782 [preauth]","@timestamp":"2022-09-17T18:52:39.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:53:34 honeypot-ams-1 sshd[2138]: Disconnected from invalid user student 167.172.152.18 port 60242 [preauth]","@timestamp":"2022-09-17T18:53:35.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:54:18 honeypot-fra-1 sshd[25818]: Connection closed by invalid user thumvass 137.116.144.39 port 32998 [preauth]","@timestamp":"2022-09-17T18:54:19.005Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:30 honeypot-ams-1 sshd[2142]: Disconnected from invalid user weblogic 167.172.152.18 port 57356 [preauth]","@timestamp":"2022-09-17T18:54:31.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:55:51 honeypot-ams-1 sshd[2147]: Disconnected from authenticating user root 143.198.75.234 port 44484 [preauth]","@timestamp":"2022-09-17T18:55:52.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:57:34 honeypot-ams-1 sshd[2151]: Disconnected from authenticating user root 185.149.120.47 port 49578 [preauth]","@timestamp":"2022-09-17T18:57:34.592Z"}
{"@timestamp":"2022-09-17T18:59:40.552Z","@version":"1","message":"Sep 17 18:59:40 honeypot-sgp-1 sshd[28989]: Disconnected from authenticating user root 61.177.173.39 port 14775 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:00:29.574Z","@version":"1","message":"Sep 17 19:00:28 honeypot-sgp-1 kernel: [84317332.736634] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=245 ID=53522 PROTO=TCP SPT=6075 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:02:01 honeypot-fra-1 sshd[25827]: Invalid user yamada from 181.48.99.155 port 36660","@timestamp":"2022-09-17T19:02:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:02:42 honeypot-ams-1 sshd[2158]: Connection closed by invalid user admin 193.106.191.157 port 41966 [preauth]","@timestamp":"2022-09-17T19:02:42.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:04:11 honeypot-fra-1 sshd[25832]: Did not receive identification string from 220.162.197.6 port 56158","@timestamp":"2022-09-17T19:04:12.230Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:07:09 honeypot-ams-1 kernel: [84318209.940590] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=42607 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:07:09.864Z"}
{"@timestamp":"2022-09-17T19:10:43.815Z","@version":"1","message":"Sep 17 19:10:43 honeypot-sgp-1 sshd[28997]: Disconnected from authenticating user root 61.177.173.48 port 15626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:12:30 honeypot-fra-1 sshd[25838]: Invalid user admin from 193.106.191.157 port 37342","@timestamp":"2022-09-17T19:12:31.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:13:12.878Z","@version":"1","message":"Sep 17 19:13:12 honeypot-sgp-1 sshd[29001]: Disconnected from authenticating user root 61.177.173.46 port 17692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:13:41 honeypot-fra-1 sshd[25842]: Disconnected from authenticating user root 104.236.72.182 port 38220 [preauth]","@timestamp":"2022-09-17T19:13:42.448Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:15:02 honeypot-ams-1 kernel: [84318682.806245] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.99.130.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=29659 PROTO=TCP SPT=41930 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:15:03.078Z"}
{"@timestamp":"2022-09-17T19:17:39.988Z","@version":"1","message":"Sep 17 19:17:39 honeypot-sgp-1 sshd[29011]: Received disconnect from 8.213.17.47 port 58044:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:18:45 honeypot-ams-1 sshd[2174]: Disconnected from authenticating user root 124.221.41.109 port 52150 [preauth]","@timestamp":"2022-09-17T19:18:46.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:19:31 honeypot-fra-1 sshd[25850]: Invalid user  from 151.84.56.72 port 54604","@timestamp":"2022-09-17T19:19:31.581Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:20:35.077Z","@version":"1","message":"Sep 17 19:20:34 honeypot-sgp-1 sshd[29015]: Received disconnect from 142.93.65.9 port 56924:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:21:48.109Z","@version":"1","message":"Sep 17 19:21:47 honeypot-sgp-1 sshd[29021]: Received disconnect from 61.177.173.36 port 36888:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:21:56 honeypot-ams-1 sshd[2179]: Received disconnect from 186.122.149.6 port 34858:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:21:57.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:23:00 honeypot-ams-1 sshd[2183]: Disconnected from invalid user em 115.248.153.89 port 27460 [preauth]","@timestamp":"2022-09-17T19:23:01.295Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:25:20 honeypot-fra-1 kernel: [84317130.535270] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41488 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:25:21.714Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T19:25:35.202Z","@version":"1","message":"Sep 17 19:25:35 honeypot-sgp-1 sshd[29028]: Disconnecting invalid user admin 180.189.99.199 port 63919: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:26:09 honeypot-ams-1 sshd[2190]: Connection closed by invalid user centos 179.60.147.69 port 14704 [preauth]","@timestamp":"2022-09-17T19:26:10.381Z"}
{"@timestamp":"2022-09-17T19:27:22.249Z","@version":"1","message":"Sep 17 19:27:21 honeypot-sgp-1 sshd[29030]: Disconnected from invalid user iceman 167.71.238.89 port 50102 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:30:50 honeypot-ams-1 sshd[2199]: Received disconnect from 124.221.41.109 port 36012:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:30:51.508Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:31:16 honeypot-fra-1 sshd[25862]: Disconnected from authenticating user root 104.248.143.226 port 60670 [preauth]","@timestamp":"2022-09-17T19:31:16.850Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:34:05 honeypot-ams-1 sshd[2205]: Disconnected from authenticating user root 124.221.41.109 port 54158 [preauth]","@timestamp":"2022-09-17T19:34:05.597Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:35:57 honeypot-fra-1 sshd[25868]: error: maximum authentication attempts exceeded for invalid user admin from 180.49.192.10 port 62848 ssh2 [preauth]","@timestamp":"2022-09-17T19:35:57.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:36:54 honeypot-fra-1 kernel: [84317824.119563] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=24665 PROTO=TCP SPT=43413 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:36:54.984Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:37:32 honeypot-ams-1 kernel: [84320033.093087] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=35915 PROTO=TCP SPT=37302 DPT=80 WINDOW=14895 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:37:33.692Z"}
{"@timestamp":"2022-09-17T19:41:24.577Z","@version":"1","message":"Sep 17 19:41:24 honeypot-sgp-1 kernel: [84319788.053533] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.89.243.168 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42624 PROTO=TCP SPT=43665 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:42:04 honeypot-ams-1 sshd[2218]: Received disconnect from 124.221.41.109 port 42636:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:42:04.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:45:13 honeypot-ams-1 sshd[2226]: Received disconnect from 124.221.41.109 port 60306:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:45:13.903Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:47:33 honeypot-ams-1 kernel: [84320633.570562] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.184.17.97 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=38473 DF PROTO=TCP SPT=40867 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:47:33.969Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:48:59 honeypot-fra-1 sshd[25878]: Received disconnect from 104.131.93.177 port 58393:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:48:59.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:51:29 honeypot-ams-1 sshd[2236]: Disconnected from authenticating user root 124.221.41.109 port 39000 [preauth]","@timestamp":"2022-09-17T19:51:30.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:53:24 honeypot-ams-1 sshd[2242]: Invalid user kirkwood from 188.234.247.110 port 37644","@timestamp":"2022-09-17T19:53:25.126Z"}
{"@timestamp":"2022-09-17T19:53:52.866Z","@version":"1","message":"Sep 17 19:53:52 honeypot-sgp-1 sshd[29049]: Received disconnect from 61.177.173.49 port 36795:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:55:03 honeypot-ams-1 sshd[2247]: Received disconnect from 45.95.235.42 port 57208:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:55:03.173Z"}
{"@timestamp":"2022-09-17T19:55:04.896Z","@version":"1","message":"Sep 17 19:55:04 honeypot-sgp-1 sshd[29053]: Disconnected from authenticating user root 61.177.172.19 port 22544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:55:43.913Z","@version":"1","message":"Sep 17 19:55:42 honeypot-sgp-1 sshd[29058]: Disconnected from invalid user user 45.61.186.169 port 49836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:00.921Z","@version":"1","message":"Sep 17 19:56:00 honeypot-sgp-1 sshd[29062]: Disconnected from invalid user user 45.61.186.169 port 45086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:17.929Z","@version":"1","message":"Sep 17 19:56:17 honeypot-sgp-1 sshd[29066]: Disconnected from invalid user user 45.61.186.169 port 40346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:56:29 honeypot-ams-1 sshd[2252]: Disconnected from authenticating user root 45.140.141.188 port 33616 [preauth]","@timestamp":"2022-09-17T19:56:30.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:56:40 honeypot-fra-1 sshd[25885]: Connection closed by authenticating user root 34.168.2.103 port 53360 [preauth]","@timestamp":"2022-09-17T19:56:41.429Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:57:43 honeypot-ams-1 sshd[2256]: Disconnected from authenticating user root 124.221.41.109 port 45726 [preauth]","@timestamp":"2022-09-17T19:57:44.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:58:35 honeypot-fra-1 sshd[25897]: Connection closed by authenticating user root 34.168.2.103 port 35702 [preauth]","@timestamp":"2022-09-17T19:58:35.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:58:58.994Z","@version":"1","message":"Sep 17 19:58:58 honeypot-sgp-1 sshd[29071]: Connection closed by invalid user blank 179.60.147.69 port 19508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:00:03 honeypot-fra-1 sshd[25907]: Connection closed by authenticating user root 34.168.2.103 port 48516 [preauth]","@timestamp":"2022-09-17T20:00:03.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:42 honeypot-ams-1 sshd[2263]: Did not receive identification string from 45.61.186.249 port 59858","@timestamp":"2022-09-17T20:00:42.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:04 honeypot-ams-1 sshd[2268]: Invalid user user from 45.61.186.249 port 45758","@timestamp":"2022-09-17T20:01:05.359Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:01:10 honeypot-fra-1 sshd[25915]: Connection closed by authenticating user root 34.168.2.103 port 56294 [preauth]","@timestamp":"2022-09-17T20:01:10.548Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:22 honeypot-ams-1 sshd[2272]: Invalid user user from 45.61.186.249 port 40594","@timestamp":"2022-09-17T20:01:23.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:39 honeypot-ams-1 sshd[2276]: Invalid user user from 45.61.186.249 port 35418","@timestamp":"2022-09-17T20:01:40.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:02:19 honeypot-ams-1 sshd[2280]: Invalid user blank from 179.60.147.69 port 40514","@timestamp":"2022-09-17T20:02:20.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:02:56 honeypot-fra-1 sshd[25928]: Received disconnect from 165.22.45.108 port 38746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:02:56.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:04:53 honeypot-fra-1 sshd[25936]: Connection closed by authenticating user root 34.168.2.103 port 57266 [preauth]","@timestamp":"2022-09-17T20:04:54.664Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:05:18.143Z","@version":"1","message":"Sep 17 20:05:17 honeypot-sgp-1 sshd[29079]: Disconnected from authenticating user root 61.177.173.36 port 42547 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:05:27 honeypot-ams-1 sshd[2286]: Received disconnect from 124.221.41.109 port 60888:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:05:28.482Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:07:09 honeypot-fra-1 sshd[25949]: Connection closed by authenticating user root 34.168.2.103 port 45548 [preauth]","@timestamp":"2022-09-17T20:07:10.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:08:25 honeypot-fra-1 sshd[25959]: Connection closed by authenticating user root 34.168.2.103 port 40904 [preauth]","@timestamp":"2022-09-17T20:08:26.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:08:32 honeypot-ams-1 sshd[2291]: Disconnected from authenticating user root 124.221.41.109 port 49890 [preauth]","@timestamp":"2022-09-17T20:08:32.567Z"}
{"@timestamp":"2022-09-17T20:09:24.239Z","@version":"1","message":"Sep 17 20:09:23 honeypot-sgp-1 sshd[29082]: Disconnected from invalid user plexcloud 203.130.255.2 port 55444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:10:17 honeypot-fra-1 kernel: [84319827.155455] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60750 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:10:17.804Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:11:37 honeypot-ams-1 sshd[2296]: Disconnected from authenticating user root 124.221.41.109 port 38854 [preauth]","@timestamp":"2022-09-17T20:11:37.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:12:10 honeypot-fra-1 sshd[25982]: Connection closed by authenticating user root 34.168.2.103 port 46374 [preauth]","@timestamp":"2022-09-17T20:12:10.854Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:13:00.325Z","@version":"1","message":"Sep 17 20:13:00 honeypot-sgp-1 kernel: [84321684.098179] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.93.16.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23019 PROTO=TCP SPT=43471 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:13:45 honeypot-fra-1 sshd[25996]: Received disconnect from 92.255.85.69 port 47774:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:13:45.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:15:04 honeypot-fra-1 sshd[26004]: Connection closed by invalid user wanghao 194.163.190.53 port 36592 [preauth]","@timestamp":"2022-09-17T20:15:04.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:16:10 honeypot-ams-1 sshd[2303]: Disconnected from authenticating user root 124.221.41.109 port 36334 [preauth]","@timestamp":"2022-09-17T20:16:10.798Z"}
{"@timestamp":"2022-09-17T20:16:14.403Z","@version":"1","message":"Sep 17 20:16:14 honeypot-sgp-1 sshd[29097]: Invalid user wargames from 51.250.90.116 port 50156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:16:40 honeypot-fra-1 sshd[26014]: Connection closed by authenticating user root 34.168.2.103 port 50466 [preauth]","@timestamp":"2022-09-17T20:16:40.976Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:17:06.426Z","@version":"1","message":"Sep 17 20:17:05 honeypot-sgp-1 sshd[29103]: Disconnected from authenticating user root 140.238.255.101 port 58754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:18:12.454Z","@version":"1","message":"Sep 17 20:18:12 honeypot-sgp-1 sshd[29107]: Disconnected from authenticating user root 92.255.85.70 port 19798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:18:21 honeypot-fra-1 sshd[26026]: Connection closed by authenticating user root 34.168.2.103 port 52110 [preauth]","@timestamp":"2022-09-17T20:18:22.020Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:19:14 honeypot-ams-1 sshd[2311]: Received disconnect from 124.221.41.109 port 53414:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:19:14.888Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:19:16 honeypot-fra-1 sshd[26035]: Received disconnect from 160.16.143.158 port 44544:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:19:17.045Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:22:19 honeypot-ams-1 sshd[2316]: Disconnected from authenticating user root 124.221.41.109 port 42230 [preauth]","@timestamp":"2022-09-17T20:22:19.974Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:22:27 honeypot-fra-1 sshd[26044]: Invalid user olimex from 141.98.10.158 port 58558","@timestamp":"2022-09-17T20:22:28.121Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:22:53.567Z","@version":"1","message":"Sep 17 20:22:53 honeypot-sgp-1 sshd[29115]: Received disconnect from 159.65.103.250 port 48234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:25:50 honeypot-ams-1 sshd[2323]: Disconnected from authenticating user root 92.255.85.70 port 62934 [preauth]","@timestamp":"2022-09-17T20:25:51.073Z"}
{"@timestamp":"2022-09-17T20:26:35.658Z","@version":"1","message":"Sep 17 20:26:35 honeypot-sgp-1 sshd[29124]: Disconnected from authenticating user root 61.177.173.36 port 34776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:28:34.705Z","@version":"1","message":"Sep 17 20:28:33 honeypot-sgp-1 sshd[29128]: Disconnected from invalid user ubuntu 161.82.233.179 port 43860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:28:59 honeypot-ams-1 kernel: [84323119.721286] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=61160 PROTO=TCP SPT=35434 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:29:00.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:30:16 honeypot-fra-1 kernel: [84321025.567789] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:30:16.292Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:30:30 honeypot-ams-1 kernel: [84323211.258296] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=45512 PROTO=TCP SPT=46602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:30:31.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:34:25 honeypot-ams-1 sshd[2341]: Received disconnect from 124.221.41.109 port 53524:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:34:25.573Z"}
{"@timestamp":"2022-09-17T20:35:30.882Z","@version":"1","message":"Sep 17 20:35:30 honeypot-sgp-1 sshd[29137]: Connection closed by invalid user guest 179.60.147.69 port 19724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:37:25 honeypot-ams-1 sshd[2346]: Disconnected from authenticating user root 124.221.41.109 port 42084 [preauth]","@timestamp":"2022-09-17T20:37:25.656Z"}
{"@timestamp":"2022-09-17T20:39:30.978Z","@version":"1","message":"Sep 17 20:39:30 honeypot-sgp-1 sshd[29141]: Disconnected from invalid user kae 128.199.97.155 port 56088 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:40:25 honeypot-ams-1 sshd[2352]: Disconnected from authenticating user root 124.221.41.109 port 58820 [preauth]","@timestamp":"2022-09-17T20:40:25.738Z"}
{"@timestamp":"2022-09-17T20:40:39.008Z","@version":"1","message":"Sep 17 20:40:38 honeypot-sgp-1 sshd[29147]: Invalid user user from 45.61.186.249 port 40708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:57.017Z","@version":"1","message":"Sep 17 20:40:56 honeypot-sgp-1 sshd[29151]: Invalid user user from 45.61.186.249 port 35768","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:40:58 honeypot-fra-1 kernel: [84321667.790938] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1584 PROTO=TCP SPT=44530 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:40:58.531Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26057]: Invalid user es from 212.87.251.118 port 35392","@timestamp":"2022-09-17T20:41:10.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26069]: Invalid user user from 212.87.251.118 port 35418","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26064]: Invalid user user from 212.87.251.118 port 35410","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26055]: Connection closed by invalid user vagrant 212.87.251.118 port 35388 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26057]: Connection closed by invalid user es 212.87.251.118 port 35392 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26051]: Connection closed by invalid user steam 212.87.251.118 port 35380 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26059]: Connection closed by invalid user oracle 212.87.251.118 port 35398 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26074]: Connection closed by invalid user test 212.87.251.118 port 35448 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:41:15.026Z","@version":"1","message":"Sep 17 20:41:14 honeypot-sgp-1 sshd[29155]: Invalid user user from 45.61.186.249 port 59072","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:43:24 honeypot-ams-1 sshd[2357]: Disconnected from authenticating user root 124.221.41.109 port 47296 [preauth]","@timestamp":"2022-09-17T20:43:24.822Z"}
{"@timestamp":"2022-09-17T20:44:26.100Z","@version":"1","message":"Sep 17 20:44:25 honeypot-sgp-1 sshd[29161]: Did not receive identification string from 220.162.197.6 port 57596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:47:51 honeypot-ams-1 sshd[2364]: Received disconnect from 124.221.41.109 port 44032:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:47:51.945Z"}
{"@timestamp":"2022-09-17T20:48:55.206Z","@version":"1","message":"Sep 17 20:48:54 honeypot-sgp-1 sshd[29167]: Invalid user postgres from 99.37.212.75 port 47686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:50:49 honeypot-ams-1 sshd[2368]: Disconnected from authenticating user root 124.221.41.109 port 60612 [preauth]","@timestamp":"2022-09-17T20:50:50.027Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:00 honeypot-fra-1 sshd[26103]: Disconnected from invalid user user 45.61.186.249 port 59702 [preauth]","@timestamp":"2022-09-17T20:51:01.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:20 honeypot-fra-1 sshd[26107]: Disconnected from invalid user user 45.61.186.249 port 54782 [preauth]","@timestamp":"2022-09-17T20:51:20.762Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:51:21.264Z","@version":"1","message":"Sep 17 20:51:20 honeypot-sgp-1 kernel: [84323984.337439] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.119 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=34337 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:37 honeypot-fra-1 sshd[26111]: Disconnected from invalid user user 45.61.186.249 port 49862 [preauth]","@timestamp":"2022-09-17T20:51:38.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:54 honeypot-fra-1 sshd[26115]: Disconnected from invalid user user 45.61.186.249 port 44936 [preauth]","@timestamp":"2022-09-17T20:51:55.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:54:26.336Z","@version":"1","message":"Sep 17 20:54:25 honeypot-sgp-1 sshd[29178]: Invalid user ubnt from 165.22.55.238 port 50740","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:55:14 honeypot-ams-1 sshd[2375]: Disconnected from authenticating user root 124.221.41.109 port 57182 [preauth]","@timestamp":"2022-09-17T20:55:15.144Z"}
{"@timestamp":"2022-09-17T20:56:04.375Z","@version":"1","message":"Sep 17 20:56:03 honeypot-sgp-1 sshd[29182]: Invalid user vy from 94.23.27.28 port 41218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:59:39 honeypot-ams-1 sshd[2382]: Disconnected from authenticating user root 124.221.41.109 port 53668 [preauth]","@timestamp":"2022-09-17T20:59:40.261Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:01:58 honeypot-fra-1 kernel: [84322927.667123] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.39.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=7039 PROTO=TCP SPT=47689 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:01:59.005Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T21:02:47.530Z","@version":"1","message":"Sep 17 21:02:47 honeypot-sgp-1 sshd[29190]: Received disconnect from 69.49.244.103 port 57226:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:04:04 honeypot-ams-1 sshd[2389]: Received disconnect from 124.221.41.109 port 50090:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:04:04.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:05:52 honeypot-ams-1 sshd[2394]: Disconnected from invalid user beo 43.130.3.44 port 54528 [preauth]","@timestamp":"2022-09-17T21:05:53.431Z"}
{"@timestamp":"2022-09-17T21:06:05.609Z","@version":"1","message":"Sep 17 21:06:05 honeypot-sgp-1 sshd[29193]: Received disconnect from 61.177.172.104 port 40360:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:06:24 honeypot-fra-1 sshd[26126]: Received disconnect from 81.169.137.181 port 55290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:06:25.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:07:17 honeypot-ams-1 sshd[2400]: Invalid user liu from 103.188.176.251 port 53516","@timestamp":"2022-09-17T21:07:18.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:07:54 honeypot-fra-1 sshd[26131]: Invalid user emanono from 81.169.137.181 port 54368","@timestamp":"2022-09-17T21:07:55.141Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:08:55.676Z","@version":"1","message":"Sep 17 21:08:55 honeypot-sgp-1 kernel: [84325038.922821] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.162.64 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=4777 PROTO=TCP SPT=48247 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:09:18 honeypot-fra-1 sshd[26135]: Invalid user emily from 81.169.137.181 port 53416","@timestamp":"2022-09-17T21:09:19.199Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:09:36 honeypot-ams-1 sshd[2404]: Disconnected from invalid user csgo 186.84.174.241 port 59654 [preauth]","@timestamp":"2022-09-17T21:09:37.535Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:09:58 honeypot-fra-1 sshd[26138]: Disconnected from invalid user enver 81.169.137.181 port 38828 [preauth]","@timestamp":"2022-09-17T21:09:59.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:37 honeypot-fra-1 sshd[26142]: Disconnected from invalid user enzo 81.169.137.181 port 52482 [preauth]","@timestamp":"2022-09-17T21:10:38.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:52 honeypot-fra-1 sshd[26146]: Disconnected from invalid user user 45.61.184.204 port 48086 [preauth]","@timestamp":"2022-09-17T21:10:53.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:10 honeypot-fra-1 sshd[26150]: Disconnected from invalid user user 45.61.184.204 port 42960 [preauth]","@timestamp":"2022-09-17T21:11:11.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:19 honeypot-fra-1 sshd[26155]: Disconnected from invalid user user 45.61.184.204 port 54538 [preauth]","@timestamp":"2022-09-17T21:11:20.252Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:11:22 honeypot-ams-1 sshd[2411]: Disconnected from authenticating user root 124.221.41.109 port 34488 [preauth]","@timestamp":"2022-09-17T21:11:22.583Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:43 honeypot-fra-1 sshd[26160]: Invalid user likrain from 165.22.45.108 port 44050","@timestamp":"2022-09-17T21:11:44.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:12:08 honeypot-fra-1 kernel: [84323537.917879] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=7604 DF PROTO=TCP SPT=59988 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:12:09.275Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:12:48 honeypot-fra-1 sshd[26167]: Invalid user test from 179.60.147.69 port 51722","@timestamp":"2022-09-17T21:12:49.293Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:12:53.771Z","@version":"1","message":"Sep 17 21:12:52 honeypot-sgp-1 kernel: [84325276.854183] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.162.64 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=32069 PROTO=TCP SPT=48247 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:13:51 honeypot-fra-1 sshd[26171]: Received disconnect from 81.169.137.181 port 36034:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:13:51.319Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:15:00 honeypot-ams-1 sshd[2418]: Connection closed by invalid user test 179.60.147.69 port 45260 [preauth]","@timestamp":"2022-09-17T21:15:01.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:15:09 honeypot-fra-1 sshd[26175]: Invalid user esteban from 81.169.137.181 port 35100","@timestamp":"2022-09-17T21:15:09.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:16:05 honeypot-ams-1 sshd[2424]: Received disconnect from 92.255.85.69 port 31686:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:16:05.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:16:27 honeypot-fra-1 sshd[26179]: Invalid user euis from 81.169.137.181 port 34146","@timestamp":"2022-09-17T21:16:27.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:07 honeypot-fra-1 sshd[26184]: Received disconnect from 81.169.137.181 port 47770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:17:07.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:18:12 honeypot-fra-1 sshd[26189]: Did not receive identification string from 92.255.85.113 port 53756","@timestamp":"2022-09-17T21:18:13.428Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:18:38 honeypot-ams-1 sshd[2432]: Received disconnect from 124.221.41.109 port 46976:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:18:39.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:19:08 honeypot-fra-1 sshd[26192]: Disconnected from invalid user fedora 81.169.137.181 port 60502 [preauth]","@timestamp":"2022-09-17T21:19:09.453Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:19:13.919Z","@version":"1","message":"Sep 17 21:19:13 honeypot-sgp-1 kernel: [84325657.005996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29517 PROTO=TCP SPT=47873 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:20:30 honeypot-fra-1 sshd[26196]: Disconnected from invalid user felix 81.169.137.181 port 59566 [preauth]","@timestamp":"2022-09-17T21:20:30.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:21:31 honeypot-ams-1 sshd[2436]: Disconnected from authenticating user root 124.221.41.109 port 34982 [preauth]","@timestamp":"2022-09-17T21:21:31.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:21:53 honeypot-fra-1 sshd[26200]: Disconnected from invalid user fifi 81.169.137.181 port 58720 [preauth]","@timestamp":"2022-09-17T21:21:53.519Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:22:38.999Z","@version":"1","message":"Sep 17 21:22:38 honeypot-sgp-1 sshd[29221]: Disconnected from authenticating user root 61.177.173.46 port 24743 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:25:51 honeypot-ams-1 sshd[2443]: Disconnected from authenticating user root 124.221.41.109 port 59258 [preauth]","@timestamp":"2022-09-17T21:25:52.978Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:27:18 honeypot-ams-1 sshd[2447]: Received disconnect from 124.221.41.109 port 39108:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:27:19.020Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:28:00 honeypot-fra-1 kernel: [84324490.215339] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.240.118.224 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=41394 PROTO=TCP SPT=56701 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:28:01.662Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:30:16 honeypot-ams-1 kernel: [84326796.955799] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=223.99.170.39 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=42013 PROTO=TCP SPT=6504 DPT=443 WINDOW=52353 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:30:17.099Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:32:17 honeypot-ams-1 kernel: [84326918.225668] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54579 PROTO=TCP SPT=47565 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:32:18.153Z"}
{"@timestamp":"2022-09-17T21:33:46.282Z","@version":"1","message":"Sep 17 21:33:45 honeypot-sgp-1 sshd[29304]: Connection closed by invalid user guest 103.188.176.251 port 53438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:34:51 honeypot-ams-1 sshd[2464]: Invalid user admin from 193.106.191.157 port 57048","@timestamp":"2022-09-17T21:34:51.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:37:21 honeypot-ams-1 sshd[2468]: Disconnected from authenticating user root 124.221.41.109 port 38986 [preauth]","@timestamp":"2022-09-17T21:37:22.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:38:55 honeypot-ams-1 sshd[2474]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-17T21:38:55.334Z"}
{"@timestamp":"2022-09-17T21:39:03.406Z","@version":"1","message":"Sep 17 21:39:03 honeypot-sgp-1 sshd[29312]: Disconnected from authenticating user root 159.65.65.135 port 43000 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:41:39 honeypot-ams-1 sshd[2480]: Disconnected from authenticating user root 124.221.41.109 port 34786 [preauth]","@timestamp":"2022-09-17T21:41:39.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:43:28 honeypot-fra-1 kernel: [84325418.011753] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.141.38.7 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=55153 PROTO=TCP SPT=50918 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:43:29.007Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:44:16 honeypot-fra-1 sshd[26211]: Received disconnect from 159.65.249.79 port 52106:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:44:17.028Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:44:29 honeypot-ams-1 sshd[2486]: Received disconnect from 124.221.41.109 port 50764:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:44:29.490Z"}
{"@timestamp":"2022-09-17T21:46:20.575Z","@version":"1","message":"Sep 17 21:46:20 honeypot-sgp-1 sshd[29319]: Disconnected from authenticating user root 61.177.173.51 port 28407 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:47:20 honeypot-ams-1 sshd[2491]: Received disconnect from 124.221.41.109 port 38464:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:47:20.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:48:46 honeypot-ams-1 sshd[2495]: Disconnected from authenticating user root 124.221.41.109 port 46416 [preauth]","@timestamp":"2022-09-17T21:48:46.606Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:48:59 honeypot-fra-1 sshd[26216]: Connection closed by invalid user admin 179.60.147.69 port 16460 [preauth]","@timestamp":"2022-09-17T21:49:00.138Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:50:20.673Z","@version":"1","message":"Sep 17 21:50:19 honeypot-sgp-1 sshd[29324]: Disconnected from authenticating user root 61.177.173.48 port 57967 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:50:50 honeypot-ams-1 kernel: [84328031.042386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=64475 PROTO=TCP SPT=29811 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:50:51.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:51:01 honeypot-fra-1 sshd[26222]: Invalid user admin from 157.230.10.173 port 41570","@timestamp":"2022-09-17T21:51:01.185Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:52:00 honeypot-ams-1 sshd[2506]: Disconnected from authenticating user root 217.10.103.163 port 49854 [preauth]","@timestamp":"2022-09-17T21:52:01.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:54:25 honeypot-ams-1 sshd[2510]: Disconnected from authenticating user root 124.221.41.109 port 49884 [preauth]","@timestamp":"2022-09-17T21:54:25.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:57:15 honeypot-ams-1 sshd[2518]: Disconnected from authenticating user root 124.221.41.109 port 37428 [preauth]","@timestamp":"2022-09-17T21:57:15.847Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:00:07 honeypot-fra-1 sshd[26227]: Received disconnect from 20.108.156.65 port 37322:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:00:08.384Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T22:00:15.903Z","@version":"1","message":"Sep 17 22:00:15 honeypot-sgp-1 kernel: [84328119.242248] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.105 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=43689 PROTO=TCP SPT=6238 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:00:22 honeypot-ams-1 kernel: [84328602.872762] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=17190 PROTO=TCP SPT=54588 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:00:22.930Z"}
{"@timestamp":"2022-09-17T22:01:48.942Z","@version":"1","message":"Sep 17 22:01:48 honeypot-sgp-1 sshd[29336]: Disconnected from authenticating user root 206.189.31.90 port 55048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:01:59 honeypot-fra-1 sshd[26231]: Invalid user alarm from 190.85.108.186 port 35304","@timestamp":"2022-09-17T22:01:59.430Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T22:03:52.993Z","@version":"1","message":"Sep 17 22:03:52 honeypot-sgp-1 sshd[29342]: Invalid user admin from 159.203.178.0 port 54556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:04:15 honeypot-ams-1 sshd[2529]: Received disconnect from 124.221.41.109 port 48476:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:04:16.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:05:39 honeypot-ams-1 sshd[2533]: Disconnected from authenticating user root 124.221.41.109 port 56310 [preauth]","@timestamp":"2022-09-17T22:05:40.089Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:05:46 honeypot-fra-1 sshd[26236]: Invalid user yw from 206.189.65.29 port 48606","@timestamp":"2022-09-17T22:05:47.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:08:56 honeypot-ams-1 sshd[2541]: Invalid user admin from 121.171.55.115 port 43403","@timestamp":"2022-09-17T22:08:57.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:14 honeypot-ams-1 sshd[2545]: Received disconnect from 124.221.41.109 port 59352:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:11:15.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:57 honeypot-ams-1 sshd[2550]: Invalid user user from 45.61.186.249 port 34454","@timestamp":"2022-09-17T22:11:58.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:07 honeypot-ams-1 sshd[2552]: Disconnected from invalid user user 45.61.186.249 port 45860 [preauth]","@timestamp":"2022-09-17T22:12:08.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:24 honeypot-ams-1 sshd[2556]: Disconnected from invalid user user 45.61.186.249 port 40430 [preauth]","@timestamp":"2022-09-17T22:12:25.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:41 honeypot-ams-1 sshd[2562]: Invalid user user from 45.61.186.249 port 35000","@timestamp":"2022-09-17T22:12:42.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:15:27 honeypot-ams-1 sshd[2567]: Received disconnect from 124.221.41.109 port 54510:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:15:27.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:17:01 honeypot-fra-1 CRON[26239]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T22:17:01.788Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:18:13 honeypot-ams-1 sshd[2574]: Received disconnect from 124.221.41.109 port 41832:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:18:14.452Z"}
{"@timestamp":"2022-09-17T22:19:39.354Z","@version":"1","message":"Sep 17 22:19:38 honeypot-sgp-1 kernel: [84329282.188318] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=245 ID=61859 PROTO=TCP SPT=5661 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:20:58 honeypot-ams-1 sshd[2579]: Received disconnect from 124.221.41.109 port 57364:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:20:59.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:24:24 honeypot-ams-1 sshd[2585]: Invalid user telecomadmin from 92.255.85.69 port 62734","@timestamp":"2022-09-17T22:24:25.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:26:28 honeypot-ams-1 sshd[2591]: Disconnected from authenticating user root 124.221.41.109 port 60100 [preauth]","@timestamp":"2022-09-17T22:26:28.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:29:13 honeypot-ams-1 sshd[2597]: Received disconnect from 124.221.41.109 port 47300:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:29:13.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:30:35 honeypot-ams-1 sshd[2602]: Disconnected from authenticating user root 124.221.41.109 port 55004 [preauth]","@timestamp":"2022-09-17T22:30:35.801Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:31:11 honeypot-fra-1 sshd[26248]: Invalid user lilmalli from 165.22.45.108 port 49522","@timestamp":"2022-09-17T22:31:12.124Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:33:06 honeypot-fra-1 sshd[26268]: Disconnected from invalid user ubnt 92.255.85.69 port 17776 [preauth]","@timestamp":"2022-09-17T22:33:07.168Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:34:40 honeypot-ams-1 sshd[2608]: Disconnected from authenticating user root 124.221.41.109 port 49814 [preauth]","@timestamp":"2022-09-17T22:34:40.911Z"}
{"@timestamp":"2022-09-17T22:37:36.763Z","@version":"1","message":"Sep 17 22:37:36 honeypot-sgp-1 kernel: [84330360.539517] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.20.227 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=34974 DF PROTO=TCP SPT=55754 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:38:46 honeypot-ams-1 sshd[2615]: Disconnected from authenticating user root 124.221.41.109 port 44534 [preauth]","@timestamp":"2022-09-17T22:38:47.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:42:01 honeypot-ams-1 sshd[2624]: Connection reset by 92.255.85.69 port 23332 [preauth]","@timestamp":"2022-09-17T22:42:02.106Z"}
{"@timestamp":"2022-09-17T22:43:06.890Z","@version":"1","message":"Sep 17 22:43:06 honeypot-sgp-1 sshd[29356]: Disconnected from invalid user ubnt 92.255.85.70 port 34936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T22:43:55.911Z","@version":"1","message":"Sep 17 22:43:55 honeypot-sgp-1 sshd[29360]: Disconnected from invalid user blank 203.66.168.81 port 51265 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:45:32 honeypot-ams-1 sshd[2630]: Received disconnect from 124.221.41.109 port 54332:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:45:33.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:49:36 honeypot-ams-1 sshd[2637]: Received disconnect from 124.221.41.109 port 48822:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:49:36.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:52:17 honeypot-ams-1 sshd[2642]: Disconnected from authenticating user root 124.221.41.109 port 35710 [preauth]","@timestamp":"2022-09-17T22:52:17.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:53:37 honeypot-ams-1 sshd[2647]: Received disconnect from 124.221.41.109 port 43268:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:53:38.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:55:51 honeypot-ams-1 sshd[2651]: Disconnected from authenticating user root 43.154.228.228 port 41930 [preauth]","@timestamp":"2022-09-17T22:55:51.473Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:58:31 honeypot-ams-1 kernel: [84332092.113092] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.159.103.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=55460 PROTO=TCP SPT=19896 DPT=443 WINDOW=63768 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:58:32.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:00:19 honeypot-ams-1 sshd[2661]: Received disconnect from 124.221.41.109 port 52684:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:00:20.596Z"}
{"@timestamp":"2022-09-17T23:00:26.289Z","@version":"1","message":"Sep 17 23:00:25 honeypot-sgp-1 sshd[29366]: Invalid user debian from 179.60.147.69 port 19644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:01:18 honeypot-fra-1 kernel: [84330087.939212] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.170.246.176 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=246 ID=9293 PROTO=TCP SPT=45957 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:01:18.798Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:03:46 honeypot-ams-1 sshd[2668]: Invalid user debian from 179.60.147.69 port 63338","@timestamp":"2022-09-17T23:03:47.687Z"}
{"@timestamp":"2022-09-17T23:04:41.389Z","@version":"1","message":"Sep 17 23:04:41 honeypot-sgp-1 sshd[29371]: Invalid user user from 45.61.184.204 port 48736","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:01.399Z","@version":"1","message":"Sep 17 23:05:00 honeypot-sgp-1 sshd[29375]: Invalid user user from 45.61.184.204 port 44152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:18.408Z","@version":"1","message":"Sep 17 23:05:18 honeypot-sgp-1 sshd[29379]: Invalid user user from 45.61.184.204 port 39594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:07:02 honeypot-ams-1 sshd[2674]: Received disconnect from 124.221.41.109 port 33610:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:07:02.775Z"}
{"@timestamp":"2022-09-17T23:07:42.464Z","@version":"1","message":"Sep 17 23:07:42 honeypot-sgp-1 kernel: [84332166.149055] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.116.59.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=41025 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:11:01 honeypot-ams-1 sshd[2683]: Received disconnect from 124.221.41.109 port 55856:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:11:01.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:13:37 honeypot-ams-1 sshd[2688]: Disconnected from authenticating user root 124.221.41.109 port 42402 [preauth]","@timestamp":"2022-09-17T23:13:37.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:17:01 honeypot-ams-1 CRON[2694]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T23:17:02.044Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:17:01 honeypot-fra-1 CRON[26277]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T23:17:02.151Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T23:17:02.676Z","@version":"1","message":"Sep 17 23:17:01 honeypot-sgp-1 CRON[29388]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:18:50 honeypot-ams-1 sshd[2702]: Received disconnect from 124.221.41.109 port 43604:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:18:51.092Z"}
{"@timestamp":"2022-09-17T23:20:29.757Z","@version":"1","message":"Sep 17 23:20:29 honeypot-sgp-1 sshd[29394]: Disconnected from invalid user fix 152.179.67.70 port 3490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:21:28 honeypot-ams-1 sshd[2706]: Disconnected from authenticating user root 124.221.41.109 port 58274 [preauth]","@timestamp":"2022-09-17T23:21:29.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:25:14 honeypot-fra-1 kernel: [84331523.411680] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=23102 PROTO=TCP SPT=59780 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:25:14.337Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:25:24 honeypot-ams-1 sshd[2714]: Received disconnect from 124.221.41.109 port 51988:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:25:25.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:26:05 honeypot-ams-1 sshd[2718]: Disconnected from authenticating user sshd 92.255.85.69 port 37090 [preauth]","@timestamp":"2022-09-17T23:26:05.289Z"}
{"@timestamp":"2022-09-17T23:26:14.891Z","@version":"1","message":"Sep 17 23:26:14 honeypot-sgp-1 sshd[29413]: Received disconnect from 195.206.60.116 port 36382:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:27:19 honeypot-ams-1 sshd[2724]: Invalid user emanono from 81.169.137.181 port 34812","@timestamp":"2022-09-17T23:27:20.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:28:03 honeypot-ams-1 sshd[2728]: Received disconnect from 81.169.137.181 port 49970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:28:04.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:29:17 honeypot-ams-1 sshd[2733]: Disconnected from authenticating user root 124.221.41.109 port 45658 [preauth]","@timestamp":"2022-09-17T23:29:18.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:30:03 honeypot-ams-1 sshd[2737]: Disconnected from invalid user enzo 81.169.137.181 port 38916 [preauth]","@timestamp":"2022-09-17T23:30:03.402Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:30:41 honeypot-ams-1 sshd[2741]: Disconnected from invalid user equistat 81.169.137.181 port 54058 [preauth]","@timestamp":"2022-09-17T23:30:42.423Z"}
{"@timestamp":"2022-09-17T23:30:44.994Z","@version":"1","message":"Sep 17 23:30:44 honeypot-sgp-1 kernel: [84333547.809209] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39130 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:31:20 honeypot-ams-1 sshd[2744]: Invalid user eric from 81.169.137.181 port 41022","@timestamp":"2022-09-17T23:31:20.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:43 honeypot-fra-1 sshd[26290]: Invalid user user from 45.61.186.49 port 35184","@timestamp":"2022-09-17T23:31:43.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:53 honeypot-fra-1 sshd[26294]: Invalid user user from 45.61.186.49 port 46904","@timestamp":"2022-09-17T23:31:54.492Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:31:58 honeypot-ams-1 sshd[2748]: Received disconnect from 81.169.137.181 port 56104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:31:58.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:32:09 honeypot-fra-1 kernel: [84331938.712567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=34364 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:32:10.500Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:33:10 honeypot-ams-1 sshd[2752]: Disconnected from authenticating user root 124.221.41.109 port 39256 [preauth]","@timestamp":"2022-09-17T23:33:11.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:33:54 honeypot-ams-1 sshd[2756]: Received disconnect from 81.169.137.181 port 45070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:33:54.520Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:34:31 honeypot-ams-1 kernel: [84334251.394151] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.115 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=17386 PROTO=TCP SPT=46202 DPT=3389 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:34:31.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:35:11 honeypot-ams-1 sshd[2765]: Disconnected from invalid user estee 81.169.137.181 port 47122 [preauth]","@timestamp":"2022-09-17T23:35:11.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:36:28 honeypot-ams-1 sshd[2771]: Invalid user exit from 81.169.137.181 port 49192","@timestamp":"2022-09-17T23:36:29.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:37:02 honeypot-ams-1 sshd[2773]: Disconnected from authenticating user root 124.221.41.109 port 32778 [preauth]","@timestamp":"2022-09-17T23:37:03.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:37:49 honeypot-ams-1 sshd[2777]: Received disconnect from 81.169.137.181 port 51210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:37:49.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:28 honeypot-ams-1 sshd[2781]: Received disconnect from 81.169.137.181 port 38130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:38:29.673Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:37 honeypot-ams-1 sshd[2787]: Invalid user ubnt from 39.71.48.53 port 31704","@timestamp":"2022-09-17T23:38:38.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:41 honeypot-ams-1 sshd[2791]: Disconnected from authenticating user root 39.71.48.53 port 29699 [preauth]","@timestamp":"2022-09-17T23:38:41.681Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:46 honeypot-ams-1 sshd[2797]: Disconnected from authenticating user root 39.71.48.53 port 29921 [preauth]","@timestamp":"2022-09-17T23:38:47.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:52 honeypot-ams-1 sshd[2803]: Disconnected from authenticating user root 39.71.48.53 port 29989 [preauth]","@timestamp":"2022-09-17T23:38:52.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:57 honeypot-ams-1 sshd[2809]: Disconnected from authenticating user root 39.71.48.53 port 30200 [preauth]","@timestamp":"2022-09-17T23:38:57.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:02 honeypot-ams-1 sshd[2815]: Disconnected from authenticating user root 39.71.48.53 port 30270 [preauth]","@timestamp":"2022-09-17T23:39:02.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:07 honeypot-ams-1 sshd[2821]: Disconnected from authenticating user root 39.71.48.53 port 30487 [preauth]","@timestamp":"2022-09-17T23:39:08.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:11 honeypot-ams-1 sshd[2825]: Received disconnect from 39.71.48.53 port 30534:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:11.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:16 honeypot-ams-1 sshd[2833]: Received disconnect from 39.71.48.53 port 30744:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:16.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:21 honeypot-ams-1 sshd[2839]: Received disconnect from 39.71.48.53 port 30838:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:22.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:24 honeypot-ams-1 sshd[2845]: Disconnected from invalid user rt 159.89.163.158 port 59814 [preauth]","@timestamp":"2022-09-17T23:39:25.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:28 honeypot-ams-1 sshd[2850]: Disconnected from authenticating user root 39.71.48.53 port 31124 [preauth]","@timestamp":"2022-09-17T23:39:28.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:33 honeypot-ams-1 sshd[2858]: Disconnected from authenticating user root 39.71.48.53 port 31298 [preauth]","@timestamp":"2022-09-17T23:39:33.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:37 honeypot-ams-1 sshd[2862]: Received disconnect from 39.71.48.53 port 31394:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:37.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:40 honeypot-ams-1 sshd[2866]: Received disconnect from 39.71.48.53 port 31447:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:40.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:44 honeypot-ams-1 sshd[2870]: Received disconnect from 39.71.48.53 port 31601:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:44.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:47 honeypot-ams-1 sshd[2874]: Received disconnect from 39.71.48.53 port 31671:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:47.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:50 honeypot-ams-1 sshd[2880]: Invalid user admin from 39.71.48.53 port 31729","@timestamp":"2022-09-17T23:39:51.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:52 honeypot-ams-1 sshd[2884]: Disconnected from invalid user felix 81.169.137.181 port 40204 [preauth]","@timestamp":"2022-09-17T23:39:52.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:56 honeypot-ams-1 sshd[2888]: Received disconnect from 39.71.48.53 port 29852:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:56.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:59 honeypot-ams-1 sshd[2892]: Disconnected from invalid user pi 39.71.48.53 port 29928 [preauth]","@timestamp":"2022-09-17T23:39:59.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:03 honeypot-ams-1 sshd[2896]: Disconnected from invalid user user 39.71.48.53 port 29990 [preauth]","@timestamp":"2022-09-17T23:40:03.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:06 honeypot-ams-1 sshd[2900]: Disconnected from invalid user mine 39.71.48.53 port 30157 [preauth]","@timestamp":"2022-09-17T23:40:06.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:09 honeypot-ams-1 sshd[2904]: Disconnected from invalid user xbmc 39.71.48.53 port 30230 [preauth]","@timestamp":"2022-09-17T23:40:10.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:13 honeypot-ams-1 sshd[2908]: Disconnected from invalid user oracle 39.71.48.53 port 30323 [preauth]","@timestamp":"2022-09-17T23:40:13.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:15 honeypot-ams-1 sshd[2912]: Disconnected from invalid user nagios 39.71.48.53 port 30407 [preauth]","@timestamp":"2022-09-17T23:40:15.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:18 honeypot-ams-1 sshd[2916]: Disconnected from invalid user vagrant 39.71.48.53 port 30486 [preauth]","@timestamp":"2022-09-17T23:40:18.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:21 honeypot-ams-1 sshd[2920]: Disconnected from invalid user debian 39.71.48.53 port 30539 [preauth]","@timestamp":"2022-09-17T23:40:22.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:25 honeypot-ams-1 sshd[2924]: Disconnected from invalid user debian 39.71.48.53 port 30703 [preauth]","@timestamp":"2022-09-17T23:40:25.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:28 honeypot-ams-1 sshd[2928]: Disconnected from invalid user alarm 39.71.48.53 port 30814 [preauth]","@timestamp":"2022-09-17T23:40:29.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:32 honeypot-ams-1 sshd[2932]: Disconnected from invalid user test 39.71.48.53 port 30870 [preauth]","@timestamp":"2022-09-17T23:40:32.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:34 honeypot-ams-1 sshd[2936]: Disconnected from invalid user ferlin 81.169.137.181 port 55340 [preauth]","@timestamp":"2022-09-17T23:40:34.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:41:16 honeypot-ams-1 sshd[2942]: Invalid user fifi from 81.169.137.181 port 42250","@timestamp":"2022-09-17T23:41:16.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:42:09 honeypot-ams-1 sshd[2946]: Received disconnect from 124.221.41.109 port 33444:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:42:09.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:42:12 honeypot-fra-1 sshd[26304]: Invalid user g from 141.98.10.158 port 41290","@timestamp":"2022-09-17T23:42:12.731Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:43:26 honeypot-ams-1 sshd[2950]: Received disconnect from 124.221.41.109 port 40654:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:43:26.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:45:07 honeypot-ams-1 sshd[2955]: Disconnected from authenticating user root 188.128.39.113 port 51410 [preauth]","@timestamp":"2022-09-17T23:45:07.891Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:46:00 honeypot-ams-1 sshd[2959]: Disconnected from authenticating user root 124.221.41.109 port 55048 [preauth]","@timestamp":"2022-09-17T23:46:00.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:31 honeypot-ams-1 sshd[2970]: Did not receive identification string from 212.192.246.174 port 60992","@timestamp":"2022-09-17T23:48:31.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:33 honeypot-ams-1 sshd[2974]: Did not receive identification string from 212.192.246.174 port 35490","@timestamp":"2022-09-17T23:48:33.991Z"}
{"@timestamp":"2022-09-17T23:50:09.435Z","@version":"1","message":"Sep 17 23:50:09 honeypot-sgp-1 sshd[29424]: Invalid user slb from 167.172.112.115 port 55554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:51:06 honeypot-ams-1 sshd[2978]: Received disconnect from 124.221.41.109 port 55476:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:51:07.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:53:21 honeypot-fra-1 sshd[26309]: Invalid user limuyu from 165.22.45.108 port 55030","@timestamp":"2022-09-17T23:53:21.984Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T23:54:28.534Z","@version":"1","message":"Sep 17 23:54:28 honeypot-sgp-1 sshd[29428]: Received disconnect from 185.143.45.73 port 44428:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:54:54 honeypot-ams-1 sshd[2985]: Received disconnect from 124.221.41.109 port 48632:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:54:55.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:56:45 honeypot-ams-1 sshd[2989]: Disconnected from invalid user subrat 199.255.98.39 port 51710 [preauth]","@timestamp":"2022-09-17T23:56:45.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:57:22 honeypot-fra-1 sshd[26313]: Received disconnect from 112.28.209.251 port 52788:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:57:23.077Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T23:57:36.608Z","@version":"1","message":"Sep 17 23:57:36 honeypot-sgp-1 sshd[29431]: Disconnected from invalid user majordom 27.118.22.221 port 35472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:59:57 honeypot-ams-1 sshd[2995]: Received disconnect from 124.221.41.109 port 48818:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:59:57.311Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:01:58 honeypot-fra-1 sshd[26320]: Invalid user userftp from 157.230.81.123 port 46058","@timestamp":"2022-09-18T00:01:59.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:03:17 honeypot-fra-1 kernel: [84333806.842910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9264 PROTO=TCP SPT=59309 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:03:18.212Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:03:29 honeypot-ams-1 kernel: [84335989.414510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=21900 PROTO=TCP SPT=23761 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:03:29.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:06:16 honeypot-ams-1 sshd[3007]: Received disconnect from 124.221.41.109 port 55940:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:06:16.490Z"}
{"@timestamp":"2022-09-18T00:07:27.838Z","@version":"1","message":"Sep 18 00:07:27 honeypot-sgp-1 sshd[29436]: Disconnected from invalid user rx 103.145.106.247 port 56338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:08:05 honeypot-fra-1 kernel: [84334094.004678] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.6.2.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=15533 PROTO=TCP SPT=50539 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:08:05.348Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:08:44 honeypot-ams-1 sshd[3013]: Received disconnect from 124.221.41.109 port 41782:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:08:44.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:11:13 honeypot-ams-1 sshd[3020]: Received disconnect from 124.221.41.109 port 55770:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:11:14.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:12:27 honeypot-ams-1 sshd[3024]: Disconnected from authenticating user root 124.221.41.109 port 34520 [preauth]","@timestamp":"2022-09-18T00:12:27.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:12:27 honeypot-fra-1 sshd[26334]: Invalid user admin from 111.95.141.34 port 56344","@timestamp":"2022-09-18T00:12:28.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:12:48.964Z","@version":"1","message":"Sep 18 00:12:48 honeypot-sgp-1 sshd[29441]: Connection closed by invalid user default 179.60.147.69 port 58122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:13:57 honeypot-fra-1 sshd[26338]: Invalid user default from 179.60.147.69 port 51208","@timestamp":"2022-09-18T00:13:57.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26345]: Invalid user centos from 139.59.152.202 port 34748","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26344]: Invalid user steam from 139.59.152.202 port 34744","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26345]: Connection closed by invalid user centos 139.59.152.202 port 34748 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26355]: Connection closed by authenticating user root 139.59.152.202 port 34770 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26356]: Invalid user admin from 139.59.152.202 port 34774","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26353]: Connection closed by invalid user test 139.59.152.202 port 34766 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26361]: Connection closed by authenticating user root 139.59.152.202 port 34790 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26362]: Connection closed by invalid user steam 139.59.152.202 port 34792 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:30 honeypot-fra-1 sshd[26401]: Invalid user webmin from 113.193.191.132 port 43159","@timestamp":"2022-09-18T00:14:30.503Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:14:54 honeypot-ams-1 sshd[3028]: Disconnected from authenticating user root 124.221.41.109 port 48324 [preauth]","@timestamp":"2022-09-18T00:14:54.736Z"}
{"@timestamp":"2022-09-18T00:15:14.024Z","@version":"1","message":"Sep 18 00:15:13 honeypot-sgp-1 sshd[29443]: Received disconnect from 92.255.85.70 port 49390:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:16:19 honeypot-ams-1 sshd[3033]: Connection closed by invalid user default 179.60.147.69 port 12996 [preauth]","@timestamp":"2022-09-18T00:16:19.779Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:17:01 honeypot-fra-1 CRON[26406]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T00:17:01.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:17:23 honeypot-ams-1 sshd[3039]: Disconnected from authenticating user root 124.221.41.109 port 33824 [preauth]","@timestamp":"2022-09-18T00:17:23.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:21:04 honeypot-ams-1 sshd[3045]: Received disconnect from 124.221.41.109 port 54348:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:21:04.918Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:23:36 honeypot-ams-1 kernel: [84337196.387545] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=118.126.82.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=20370 PROTO=TCP SPT=44592 DPT=80 WINDOW=25824 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:23:36.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:25:49 honeypot-fra-1 kernel: [84335158.647020] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:25:49.764Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:27:08 honeypot-ams-1 sshd[3056]: Received disconnect from 124.221.41.109 port 60196:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:27:09.092Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:29:37 honeypot-ams-1 sshd[3061]: Disconnected from authenticating user root 124.221.41.109 port 45534 [preauth]","@timestamp":"2022-09-18T00:29:38.162Z"}
{"@timestamp":"2022-09-18T00:31:39.420Z","@version":"1","message":"Sep 18 00:31:38 honeypot-sgp-1 kernel: [84337202.311474] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=245 ID=18035 PROTO=TCP SPT=1417 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:32:01 honeypot-ams-1 sshd[3067]: Disconnected from authenticating user root 124.221.41.109 port 59084 [preauth]","@timestamp":"2022-09-18T00:32:02.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:35:41 honeypot-ams-1 sshd[3074]: Disconnected from authenticating user root 124.221.41.109 port 51124 [preauth]","@timestamp":"2022-09-18T00:35:41.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:36:53 honeypot-ams-1 sshd[3080]: Disconnected from authenticating user root 124.221.41.109 port 57870 [preauth]","@timestamp":"2022-09-18T00:36:53.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:40:29 honeypot-ams-1 sshd[3087]: Received disconnect from 124.221.41.109 port 49816:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:40:29.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:43:17 honeypot-fra-1 kernel: [84336205.960900] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=86 TOS=0x00 PREC=0x00 TTL=250 ID=26282 PROTO=TCP SPT=3397 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:43:17.159Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:44:06 honeypot-ams-1 sshd[3093]: Received disconnect from 124.221.41.109 port 41706:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:44:06.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:47:13 honeypot-ams-1 sshd[3100]: Received disconnect from 201.48.4.15 port 59934:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:47:14.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:47:55 honeypot-ams-1 sshd[3104]: Disconnected from invalid user pcmc 198.12.255.244 port 56974 [preauth]","@timestamp":"2022-09-18T00:47:55.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:49:20 honeypot-ams-1 sshd[3108]: Invalid user denise from 113.161.79.231 port 40510","@timestamp":"2022-09-18T00:49:20.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:51:18 honeypot-ams-1 sshd[3113]: Disconnected from authenticating user root 124.221.41.109 port 53574 [preauth]","@timestamp":"2022-09-18T00:51:18.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:53:43 honeypot-ams-1 sshd[3119]: Received disconnect from 124.221.41.109 port 38682:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:53:43.843Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:54:31 honeypot-fra-1 sshd[26421]: Invalid user mysql from 92.255.85.70 port 38328","@timestamp":"2022-09-18T00:54:32.413Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:54:51 honeypot-ams-1 sshd[3123]: Disconnected from authenticating user root 124.221.41.109 port 45340 [preauth]","@timestamp":"2022-09-18T00:54:52.881Z"}
{"@timestamp":"2022-09-18T00:55:22.975Z","@version":"1","message":"Sep 18 00:55:22 honeypot-sgp-1 sshd[29455]: Received disconnect from 92.255.85.69 port 51946:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:56:17 honeypot-fra-1 sshd[26425]: Disconnected from authenticating user root 170.210.71.10 port 51411 [preauth]","@timestamp":"2022-09-18T00:56:18.456Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:57:14 honeypot-ams-1 sshd[3131]: Received disconnect from 124.221.41.109 port 58626:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:57:14.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:00:50 honeypot-ams-1 sshd[3138]: Received disconnect from 124.221.41.109 port 50234:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:00:51.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:02:52 honeypot-ams-1 sshd[3145]: Invalid user lizal123 from 210.4.123.219 port 58353","@timestamp":"2022-09-18T01:02:53.110Z"}
{"@timestamp":"2022-09-18T01:03:10.157Z","@version":"1","message":"Sep 18 01:03:09 honeypot-sgp-1 kernel: [84339093.049304] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.226.17.248 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=33682 DF PROTO=TCP SPT=59526 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:04:09 honeypot-ams-1 sshd[3149]: Received disconnect from 92.255.85.69 port 41486:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:04:10.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:05:26 honeypot-ams-1 sshd[3153]: Disconnected from authenticating user root 124.152.76.180 port 49840 [preauth]","@timestamp":"2022-09-18T01:05:27.186Z"}
{"@timestamp":"2022-09-18T01:07:06.251Z","@version":"1","message":"Sep 18 01:07:05 honeypot-sgp-1 sshd[29463]: Invalid user mcserver from 205.185.123.128 port 59884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:07:54 honeypot-ams-1 sshd[3160]: Received disconnect from 124.221.41.109 port 33206:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:07:54.256Z"}
{"@timestamp":"2022-09-18T01:08:21.281Z","@version":"1","message":"Sep 18 01:08:20 honeypot-sgp-1 sshd[29468]: Received disconnect from 113.200.60.74 port 60115:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:08:50 honeypot-ams-1 kernel: [84339911.135122] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=86 TOS=0x00 PREC=0x00 TTL=252 ID=57909 PROTO=TCP SPT=29027 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:08:51.286Z"}
{"@timestamp":"2022-09-18T01:09:18.305Z","@version":"1","message":"Sep 18 01:09:18 honeypot-sgp-1 sshd[29472]: Received disconnect from 139.59.189.130 port 47648:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:10:38.339Z","@version":"1","message":"Sep 18 01:10:37 honeypot-sgp-1 sshd[29477]: Invalid user  from 152.32.142.133 port 45250","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:10:58 honeypot-fra-1 sshd[26432]: Bad protocol version identification '\\026\\003\\001' from 137.220.228.81 port 49892","@timestamp":"2022-09-18T01:10:58.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T01:11:25.359Z","@version":"1","message":"Sep 18 01:11:24 honeypot-sgp-1 sshd[29481]: Disconnected from authenticating user root 137.184.1.35 port 39066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:11:25 honeypot-ams-1 sshd[3168]: Received disconnect from 124.221.41.109 port 52798:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:11:26.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:26 honeypot-ams-1 sshd[3175]: Did not receive identification string from 45.61.186.49 port 33682","@timestamp":"2022-09-18T01:14:26.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:42 honeypot-ams-1 sshd[3178]: Received disconnect from 45.61.186.49 port 43424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T01:14:43.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:54 honeypot-ams-1 sshd[3184]: Received disconnect from 45.61.186.49 port 55218:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T01:14:55.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:15:00 honeypot-fra-1 sshd[26440]: Received disconnect from 34.229.206.8 port 60030:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:15:00.883Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T01:15:03.445Z","@version":"1","message":"Sep 18 01:15:02 honeypot-sgp-1 sshd[29488]: Disconnected from invalid user iyz 143.244.137.54 port 41600 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:17:01 honeypot-ams-1 CRON[3189]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T01:17:01.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:17:01 honeypot-fra-1 CRON[26444]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T01:17:01.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:18:25 honeypot-ams-1 sshd[3196]: Disconnected from authenticating user root 124.221.41.109 port 35364 [preauth]","@timestamp":"2022-09-18T01:18:26.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:20:45 honeypot-ams-1 sshd[3201]: Disconnected from authenticating user root 124.221.41.109 port 48342 [preauth]","@timestamp":"2022-09-18T01:20:45.642Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:21:12 honeypot-fra-1 kernel: [84338480.978911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.183.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=36422 PROTO=TCP SPT=26354 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 ","@timestamp":"2022-09-18T01:21:13.031Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:24:15 honeypot-ams-1 sshd[3207]: Disconnected from authenticating user root 124.221.41.109 port 39508 [preauth]","@timestamp":"2022-09-18T01:24:16.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:26:32 honeypot-ams-1 sshd[3212]: Disconnected from authenticating user root 124.221.41.109 port 52402 [preauth]","@timestamp":"2022-09-18T01:26:32.802Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:28:47 honeypot-ams-1 kernel: [84341108.067175] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.169.168.147 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=34796 PROTO=TCP SPT=40335 DPT=3389 WINDOW=4096 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:28:48.867Z"}
{"@timestamp":"2022-09-18T01:30:02.791Z","@version":"1","message":"Sep 18 01:30:02 honeypot-sgp-1 sshd[29496]: Disconnected from authenticating user root 145.239.90.141 port 44234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:30:18 honeypot-ams-1 kernel: [84341198.441088] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=59306 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:30:18.909Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:33:26 honeypot-ams-1 sshd[3227]: Disconnected from authenticating user root 124.221.41.109 port 34488 [preauth]","@timestamp":"2022-09-18T01:33:26.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:40 honeypot-ams-1 sshd[3233]: Connection closed by invalid user admin 143.198.135.228 port 45648 [preauth]","@timestamp":"2022-09-18T01:35:41.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:44 honeypot-ams-1 sshd[3235]: Disconnected from authenticating user root 124.221.41.109 port 47300 [preauth]","@timestamp":"2022-09-18T01:35:45.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:38:02 honeypot-ams-1 sshd[3248]: Received disconnect from 137.184.50.19 port 39486:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:38:03.122Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:38:08 honeypot-fra-1 sshd[26456]: Invalid user admin from 92.255.85.70 port 58062","@timestamp":"2022-09-18T01:38:08.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:39:11 honeypot-ams-1 sshd[3252]: Received disconnect from 124.221.41.109 port 38254:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:39:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:41:29 honeypot-ams-1 sshd[3256]: Received disconnect from 124.221.41.109 port 51018:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:41:30.223Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:44:21 honeypot-ams-1 kernel: [84342041.686385] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.236.36.152 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=54632 DF PROTO=TCP SPT=33438 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:44:22.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:47:10 honeypot-ams-1 sshd[3267]: Received disconnect from 124.221.41.109 port 54546:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:47:10.383Z"}
{"@timestamp":"2022-09-18T01:48:39.241Z","@version":"1","message":"Sep 18 01:48:38 honeypot-sgp-1 sshd[29503]: Received disconnect from 92.255.85.70 port 36190:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:50:34 honeypot-ams-1 sshd[3274]: Received disconnect from 124.221.41.109 port 45274:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:50:35.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:52:50 honeypot-ams-1 sshd[3278]: Received disconnect from 124.221.41.109 port 57874:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:52:50.544Z"}
{"@timestamp":"2022-09-18T01:54:25.376Z","@version":"1","message":"Sep 18 01:54:25 honeypot-sgp-1 sshd[29506]: Disconnected from invalid user admin 85.51.33.209 port 64951 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:55:05 honeypot-ams-1 sshd[3283]: Disconnected from authenticating user root 124.221.41.109 port 42212 [preauth]","@timestamp":"2022-09-18T01:55:06.609Z"}
{"@timestamp":"2022-09-18T01:57:14.445Z","@version":"1","message":"Sep 18 01:57:14 honeypot-sgp-1 sshd[29508]: Disconnected from invalid user monitor 51.222.116.82 port 46014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:57:50 honeypot-ams-1 sshd[3289]: Connection closed by authenticating user root 103.188.176.251 port 59282 [preauth]","@timestamp":"2022-09-18T01:57:50.687Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:59:54 honeypot-fra-1 sshd[26462]: Did not receive identification string from 45.61.186.49 port 43158","@timestamp":"2022-09-18T01:59:54.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:13 honeypot-fra-1 sshd[26466]: Received disconnect from 45.61.186.49 port 52372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:00:14.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:23 honeypot-fra-1 sshd[26470]: Received disconnect from 45.61.186.49 port 35500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:00:23.916Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:00:44 honeypot-ams-1 sshd[3296]: Received disconnect from 124.221.41.109 port 45314:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:00:44.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:02:49 honeypot-fra-1 sshd[26477]: Bad protocol version identification 'ABCDEFGHIJKLMNOPQRSTUVWXYZ9999' from 172.104.131.24 port 34672","@timestamp":"2022-09-18T02:02:50.978Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:02:58 honeypot-ams-1 sshd[3301]: Disconnected from authenticating user root 124.221.41.109 port 57806 [preauth]","@timestamp":"2022-09-18T02:02:59.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:05:12 honeypot-ams-1 sshd[3308]: Disconnected from authenticating user root 124.221.41.109 port 42038 [preauth]","@timestamp":"2022-09-18T02:05:12.901Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:08:03 honeypot-fra-1 sshd[26482]: Disconnected from authenticating user root 193.95.228.126 port 9654 [preauth]","@timestamp":"2022-09-18T02:08:04.099Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:08:34 honeypot-ams-1 sshd[3314]: Received disconnect from 124.221.41.109 port 60694:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:08:34.998Z"}
{"@timestamp":"2022-09-18T02:08:52.722Z","@version":"1","message":"Sep 18 02:08:52 honeypot-sgp-1 kernel: [84343036.165515] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.179.187.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10238 PROTO=TCP SPT=51972 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:10:47 honeypot-ams-1 sshd[3319]: Disconnected from authenticating user root 124.221.41.109 port 44868 [preauth]","@timestamp":"2022-09-18T02:10:48.062Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:12:27 honeypot-ams-1 kernel: [84343728.089244] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.218.139 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47369 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:12:28.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:12:33 honeypot-fra-1 sshd[26491]: Received disconnect from 24.135.138.224 port 59550:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:12:33.204Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:14:10 honeypot-ams-1 sshd[3329]: Disconnected from authenticating user root 123.41.0.20 port 46440 [preauth]","@timestamp":"2022-09-18T02:14:11.159Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:15:16 honeypot-ams-1 kernel: [84343896.308287] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=90 TOS=0x00 PREC=0x00 TTL=252 ID=41172 PROTO=TCP SPT=11131 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:15:16.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:15:25 honeypot-fra-1 sshd[26495]: Received disconnect from 157.230.218.88 port 41306:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:15:26.275Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:17:01 honeypot-ams-1 CRON[3340]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T02:17:01.240Z"}
{"@timestamp":"2022-09-18T02:17:02.916Z","@version":"1","message":"Sep 18 02:17:01 honeypot-sgp-1 CRON[29515]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:28 honeypot-ams-1 sshd[3347]: error: maximum authentication attempts exceeded for root from 124.79.243.92 port 19367 ssh2 [preauth]","@timestamp":"2022-09-18T02:18:28.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:33 honeypot-ams-1 sshd[3349]: Disconnected from authenticating user root 124.221.41.109 port 59884 [preauth]","@timestamp":"2022-09-18T02:18:34.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:39 honeypot-ams-1 sshd[3357]: Invalid user admin from 124.79.243.92 port 23290","@timestamp":"2022-09-18T02:18:40.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:45 honeypot-ams-1 sshd[3361]: Invalid user oracle from 124.79.243.92 port 24564","@timestamp":"2022-09-18T02:18:46.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:19:38 honeypot-ams-1 sshd[3365]: Connection closed by invalid user admin 193.106.191.157 port 46000 [preauth]","@timestamp":"2022-09-18T02:19:38.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:20:50 honeypot-ams-1 sshd[3372]: Received disconnect from 139.59.248.243 port 55366:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:20:51.371Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:21:41 honeypot-fra-1 sshd[26501]: Did not receive identification string from 45.61.186.249 port 38686","@timestamp":"2022-09-18T02:21:41.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:04 honeypot-fra-1 sshd[26504]: Disconnected from invalid user user 45.61.186.249 port 42032 [preauth]","@timestamp":"2022-09-18T02:22:04.437Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:22 honeypot-fra-1 sshd[26508]: Disconnected from invalid user user 45.61.186.249 port 36780 [preauth]","@timestamp":"2022-09-18T02:22:23.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:41 honeypot-fra-1 sshd[26512]: Disconnected from invalid user user 45.61.186.249 port 59800 [preauth]","@timestamp":"2022-09-18T02:22:42.455Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:22:56 honeypot-ams-1 sshd[3376]: Disconnected from authenticating user root 124.221.41.109 port 56276 [preauth]","@timestamp":"2022-09-18T02:22:57.428Z"}
{"@timestamp":"2022-09-18T02:24:53.101Z","@version":"1","message":"Sep 18 02:24:52 honeypot-sgp-1 sshd[29522]: Received disconnect from 206.81.0.243 port 38438:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:25:17 honeypot-ams-1 kernel: [84344497.137956] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.104.179.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64472 PROTO=TCP SPT=56203 DPT=80 WINDOW=10818 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:25:17.492Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:27:02 honeypot-ams-1 kernel: [84344603.066831] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.99.9.236 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=8720 DF PROTO=TCP SPT=59280 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:27:03.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:29:32 honeypot-ams-1 sshd[3391]: Disconnected from authenticating user root 124.221.41.109 port 36560 [preauth]","@timestamp":"2022-09-18T02:29:33.739Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:31:22 honeypot-fra-1 sshd[26517]: Did not receive identification string from 179.43.156.143 port 34876","@timestamp":"2022-09-18T02:31:23.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:31:44 honeypot-ams-1 sshd[3396]: Disconnected from authenticating user root 124.221.41.109 port 48738 [preauth]","@timestamp":"2022-09-18T02:31:44.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:33:21 honeypot-fra-1 sshd[26522]: Disconnected from authenticating user root 179.43.156.143 port 38526 [preauth]","@timestamp":"2022-09-18T02:33:21.715Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:34:30 honeypot-fra-1 sshd[26528]: Received disconnect from 179.43.156.143 port 33362:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:34:31.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:34:58 honeypot-ams-1 sshd[3402]: Received disconnect from 124.221.41.109 port 38706:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:34:59.895Z"}
{"@timestamp":"2022-09-18T02:35:00.340Z","@version":"1","message":"Sep 18 02:35:00 honeypot-sgp-1 sshd[29525]: Received disconnect from 104.248.155.120 port 51620:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:35:40 honeypot-fra-1 sshd[26533]: Disconnected from invalid user nutanix 179.43.156.143 port 56414 [preauth]","@timestamp":"2022-09-18T02:35:40.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:36:05 honeypot-ams-1 sshd[3406]: Received disconnect from 124.221.41.109 port 44754:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:36:05.928Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:36:49 honeypot-fra-1 sshd[26537]: Disconnected from invalid user nfsnobod 179.43.156.143 port 51176 [preauth]","@timestamp":"2022-09-18T02:36:49.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:37:08 honeypot-ams-1 sshd[3409]: Disconnected from authenticating user root 124.221.41.109 port 50798 [preauth]","@timestamp":"2022-09-18T02:37:08.957Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:38:38 honeypot-fra-1 sshd[26543]: Invalid user git from 179.43.156.143 port 43408","@timestamp":"2022-09-18T02:38:38.864Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:13 honeypot-ams-1 sshd[3418]: Connection closed by invalid user admin 193.106.191.157 port 59368 [preauth]","@timestamp":"2022-09-18T02:39:14.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:14 honeypot-fra-1 sshd[26548]: Disconnected from invalid user git 179.43.156.143 port 40810 [preauth]","@timestamp":"2022-09-18T02:39:15.879Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:45 honeypot-ams-1 sshd[3424]: Disconnected from authenticating user root 84.122.178.78 port 34756 [preauth]","@timestamp":"2022-09-18T02:39:46.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:46 honeypot-ams-1 sshd[3430]: Received disconnect from 84.122.178.78 port 34850:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:47.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:48 honeypot-ams-1 sshd[3436]: Received disconnect from 84.122.178.78 port 34916:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:49.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:49 honeypot-ams-1 sshd[3442]: Received disconnect from 84.122.178.78 port 35002:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:50.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:50 honeypot-ams-1 sshd[3448]: Received disconnect from 84.122.178.78 port 35058:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:51.038Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:50 honeypot-fra-1 sshd[26552]: Disconnected from invalid user testuser 179.43.156.143 port 38198 [preauth]","@timestamp":"2022-09-18T02:39:51.895Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:52 honeypot-ams-1 sshd[3454]: Received disconnect from 84.122.178.78 port 35110:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:53.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:53 honeypot-ams-1 sshd[3460]: Received disconnect from 84.122.178.78 port 35166:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:54.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:54 honeypot-ams-1 sshd[3466]: Received disconnect from 84.122.178.78 port 35206:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:55.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:55 honeypot-ams-1 sshd[3472]: Received disconnect from 84.122.178.78 port 35438:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:56.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:57 honeypot-ams-1 sshd[3478]: Received disconnect from 84.122.178.78 port 35522:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:58.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:58 honeypot-ams-1 sshd[3484]: Received disconnect from 84.122.178.78 port 35622:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:59.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:59 honeypot-ams-1 sshd[3490]: Received disconnect from 84.122.178.78 port 35700:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:00.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:00 honeypot-ams-1 sshd[3494]: Disconnected from invalid user admin 84.122.178.78 port 35750 [preauth]","@timestamp":"2022-09-18T02:40:01.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:01 honeypot-ams-1 sshd[3498]: Disconnected from invalid user admin 84.122.178.78 port 35798 [preauth]","@timestamp":"2022-09-18T02:40:02.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:02 honeypot-ams-1 sshd[3502]: Disconnected from invalid user admin 84.122.178.78 port 35834 [preauth]","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:03 honeypot-ams-1 sshd[3506]: Disconnected from invalid user admin 84.122.178.78 port 35862 [preauth]","@timestamp":"2022-09-18T02:40:04.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:04 honeypot-ams-1 sshd[3510]: Disconnected from invalid user admin 84.122.178.78 port 35904 [preauth]","@timestamp":"2022-09-18T02:40:05.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:05 honeypot-ams-1 sshd[3514]: Disconnected from invalid user user 84.122.178.78 port 36016 [preauth]","@timestamp":"2022-09-18T02:40:06.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:06 honeypot-ams-1 sshd[3520]: Received disconnect from 84.122.178.78 port 36214:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:07.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:07 honeypot-ams-1 sshd[3524]: Received disconnect from 84.122.178.78 port 36250:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:08.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:08 honeypot-ams-1 sshd[3528]: Received disconnect from 84.122.178.78 port 36326:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:09.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:09 honeypot-ams-1 sshd[3532]: Received disconnect from 84.122.178.78 port 36400:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:10.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:10 honeypot-ams-1 sshd[3536]: Received disconnect from 84.122.178.78 port 36446:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:10.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:10 honeypot-ams-1 sshd[3540]: Received disconnect from 84.122.178.78 port 36482:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:11.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:11 honeypot-ams-1 sshd[3544]: Received disconnect from 84.122.178.78 port 36536:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:12.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:12 honeypot-ams-1 sshd[3548]: Received disconnect from 84.122.178.78 port 36580:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:13.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:13 honeypot-ams-1 sshd[3552]: Received disconnect from 84.122.178.78 port 36624:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:14.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:14 honeypot-ams-1 sshd[3556]: Received disconnect from 84.122.178.78 port 36652:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:15.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3560]: Received disconnect from 84.122.178.78 port 36834:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:16.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:23 honeypot-ams-1 sshd[3564]: Disconnected from authenticating user root 124.221.41.109 port 40638 [preauth]","@timestamp":"2022-09-18T02:40:24.064Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:41:03 honeypot-fra-1 sshd[26557]: Received disconnect from 179.43.156.143 port 33042:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:41:03.925Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:41:12 honeypot-ams-1 sshd[3569]: Received disconnect from 222.252.243.104 port 58541:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:41:13.089Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:42:05 honeypot-fra-1 sshd[26561]: Disconnected from authenticating user root 92.255.85.69 port 18778 [preauth]","@timestamp":"2022-09-18T02:42:05.952Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:21 honeypot-ams-1 sshd[3575]: Received disconnect from 18.179.32.110 port 7789:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:22.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:25 honeypot-ams-1 sshd[3579]: Disconnected from invalid user ubnt 18.179.32.110 port 2993 [preauth]","@timestamp":"2022-09-18T02:42:26.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:30 honeypot-ams-1 sshd[3585]: Disconnected from authenticating user root 18.179.32.110 port 27909 [preauth]","@timestamp":"2022-09-18T02:42:31.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:34 honeypot-ams-1 sshd[3591]: Disconnected from authenticating user root 18.179.32.110 port 23149 [preauth]","@timestamp":"2022-09-18T02:42:35.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:40 honeypot-ams-1 sshd[3597]: Disconnected from authenticating user root 18.179.32.110 port 7491 [preauth]","@timestamp":"2022-09-18T02:42:41.136Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:46 honeypot-ams-1 sshd[3603]: Disconnected from authenticating user root 18.179.32.110 port 23671 [preauth]","@timestamp":"2022-09-18T02:42:47.139Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:51 honeypot-ams-1 sshd[3609]: Disconnected from authenticating user root 18.179.32.110 port 7119 [preauth]","@timestamp":"2022-09-18T02:42:52.142Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:57 honeypot-ams-1 sshd[3615]: Disconnected from authenticating user root 18.179.32.110 port 1663 [preauth]","@timestamp":"2022-09-18T02:42:58.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:42:59 honeypot-fra-1 sshd[26565]: Disconnected from invalid user vyos 179.43.156.143 port 53432 [preauth]","@timestamp":"2022-09-18T02:42:59.976Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:03 honeypot-ams-1 sshd[3621]: Disconnected from authenticating user root 18.179.32.110 port 23945 [preauth]","@timestamp":"2022-09-18T02:43:03.150Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:08 honeypot-ams-1 sshd[3627]: Disconnected from authenticating user root 18.179.32.110 port 16675 [preauth]","@timestamp":"2022-09-18T02:43:09.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:14 honeypot-ams-1 sshd[3633]: Disconnected from authenticating user root 18.179.32.110 port 11711 [preauth]","@timestamp":"2022-09-18T02:43:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:20 honeypot-ams-1 sshd[3639]: Disconnected from authenticating user root 18.179.32.110 port 20395 [preauth]","@timestamp":"2022-09-18T02:43:20.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:25 honeypot-ams-1 sshd[3645]: Disconnected from authenticating user root 18.179.32.110 port 30249 [preauth]","@timestamp":"2022-09-18T02:43:26.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:31 honeypot-ams-1 sshd[3651]: Invalid user admin from 18.179.32.110 port 16547","@timestamp":"2022-09-18T02:43:31.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:35 honeypot-ams-1 sshd[3655]: Invalid user admin from 18.179.32.110 port 15969","@timestamp":"2022-09-18T02:43:35.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:38 honeypot-ams-1 sshd[3661]: Invalid user admin from 18.179.32.110 port 24905","@timestamp":"2022-09-18T02:43:39.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:41 honeypot-ams-1 sshd[3663]: Received disconnect from 18.179.32.110 port 24233:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:41.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:45 honeypot-ams-1 sshd[3667]: Received disconnect from 18.179.32.110 port 3053:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:45.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:48 honeypot-ams-1 sshd[3671]: Received disconnect from 18.179.32.110 port 25889:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:49.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:53 honeypot-ams-1 sshd[3677]: Invalid user pi from 18.179.32.110 port 32547","@timestamp":"2022-09-18T02:43:54.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:57 honeypot-ams-1 sshd[3681]: Invalid user user from 18.179.32.110 port 13065","@timestamp":"2022-09-18T02:43:58.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:01 honeypot-ams-1 sshd[3685]: Invalid user mine from 18.179.32.110 port 20229","@timestamp":"2022-09-18T02:44:02.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:05 honeypot-ams-1 sshd[3689]: Invalid user xbmc from 18.179.32.110 port 13279","@timestamp":"2022-09-18T02:44:06.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:09 honeypot-ams-1 sshd[3693]: Invalid user oracle from 18.179.32.110 port 22985","@timestamp":"2022-09-18T02:44:09.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:12 honeypot-ams-1 sshd[3697]: Invalid user postgres from 18.179.32.110 port 11019","@timestamp":"2022-09-18T02:44:13.199Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:44:15 honeypot-fra-1 sshd[26569]: Disconnected from authenticating user root 179.43.156.143 port 48204 [preauth]","@timestamp":"2022-09-18T02:44:16.009Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:16 honeypot-ams-1 sshd[3701]: Invalid user support from 18.179.32.110 port 23899","@timestamp":"2022-09-18T02:44:17.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:20 honeypot-ams-1 sshd[3705]: Invalid user ubuntu from 18.179.32.110 port 16681","@timestamp":"2022-09-18T02:44:21.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:24 honeypot-ams-1 sshd[3709]: Invalid user ubuntu from 18.179.32.110 port 5185","@timestamp":"2022-09-18T02:44:25.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:28 honeypot-ams-1 sshd[3713]: Invalid user guest from 18.179.32.110 port 13529","@timestamp":"2022-09-18T02:44:29.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:32 honeypot-ams-1 sshd[3717]: Invalid user cirros from 18.179.32.110 port 23235","@timestamp":"2022-09-18T02:44:33.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:43 honeypot-ams-1 sshd[3721]: Received disconnect from 124.221.41.109 port 36398:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:44.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:45:33 honeypot-fra-1 sshd[26575]: Received disconnect from 179.43.156.143 port 43016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:45:34.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:03 honeypot-fra-1 sshd[26579]: Disconnected from invalid user nagios 134.209.240.217 port 35928 [preauth]","@timestamp":"2022-09-18T02:46:04.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:58 honeypot-fra-1 sshd[26586]: Disconnected from authenticating user root 179.43.156.143 port 37794 [preauth]","@timestamp":"2022-09-18T02:46:59.080Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:47:31 honeypot-ams-1 kernel: [84345831.666889] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.171.225.138 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=56824 DF PROTO=TCP SPT=60266 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:47:32.295Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:47:42 honeypot-fra-1 sshd[26590]: Disconnected from invalid user admin 78.198.111.128 port 54026 [preauth]","@timestamp":"2022-09-18T02:47:43.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:48:23.654Z","@version":"1","message":"Sep 18 02:48:22 honeypot-sgp-1 sshd[29551]: Received disconnect from 92.255.85.69 port 43756:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:49:03 honeypot-fra-1 sshd[26596]: Disconnected from authenticating user root 179.43.156.143 port 58236 [preauth]","@timestamp":"2022-09-18T02:49:04.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:50:04 honeypot-ams-1 sshd[3732]: Disconnected from authenticating user root 124.221.41.109 port 37958 [preauth]","@timestamp":"2022-09-18T02:50:04.364Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:50:43 honeypot-fra-1 sshd[26602]: Received disconnect from 121.136.39.210 port 50960:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:50:44.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:51:07 honeypot-ams-1 sshd[3739]: Disconnected from authenticating user root 124.221.41.109 port 43898 [preauth]","@timestamp":"2022-09-18T02:51:08.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:21 honeypot-fra-1 sshd[26607]: Invalid user cpu from 118.70.170.120 port 58466","@timestamp":"2022-09-18T02:51:22.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:52:31 honeypot-fra-1 sshd[26611]: Invalid user jenkins from 179.43.156.143 port 45222","@timestamp":"2022-09-18T02:52:32.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:53:11 honeypot-fra-1 sshd[26615]: Received disconnect from 179.43.156.143 port 42650:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:53:11.240Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:54:17 honeypot-ams-1 sshd[4187]: Disconnected from authenticating user root 124.221.41.109 port 33446 [preauth]","@timestamp":"2022-09-18T02:54:18.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:54:27 honeypot-fra-1 sshd[26619]: Disconnected from authenticating user root 179.43.156.143 port 37420 [preauth]","@timestamp":"2022-09-18T02:54:28.274Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:56:28 honeypot-fra-1 sshd[26626]: Disconnected from authenticating user root 179.43.156.143 port 57866 [preauth]","@timestamp":"2022-09-18T02:56:29.323Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:56:35 honeypot-ams-1 kernel: [84346375.614628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=32781 DF PROTO=TCP SPT=57521 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T02:56:35.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:57:45 honeypot-fra-1 sshd[26630]: Received disconnect from 179.43.156.143 port 52672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:57:45.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:58:23 honeypot-fra-1 sshd[26634]: Received disconnect from 179.43.156.143 port 50074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:58:24.373Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:58:33 honeypot-ams-1 sshd[4196]: Disconnected from authenticating user root 124.221.41.109 port 57020 [preauth]","@timestamp":"2022-09-18T02:58:33.604Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:01:03 honeypot-ams-1 kernel: [84346643.242737] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=30185 PROTO=TCP SPT=58090 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:01:03.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:02:25 honeypot-fra-1 sshd[26640]: Received disconnect from 181.65.186.50 port 56267:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:02:25.468Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:02:45 honeypot-ams-1 sshd[4207]: Received disconnect from 124.221.41.109 port 52240:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:02:45.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:04:31 honeypot-fra-1 sshd[26642]: Disconnected from invalid user sampless 92.9.123.122 port 59978 [preauth]","@timestamp":"2022-09-18T03:04:32.517Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:04:39 honeypot-ams-1 kernel: [84346859.256366] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22306 PROTO=TCP SPT=50003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:04:39.779Z"}
{"@timestamp":"2022-09-18T03:04:49.046Z","@version":"1","message":"Sep 18 03:04:48 honeypot-sgp-1 kernel: [84346392.051887] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=64756 PROTO=TCP SPT=47825 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:06:57 honeypot-ams-1 sshd[4218]: Received disconnect from 124.221.41.109 port 47358:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:06:57.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:09:01 honeypot-ams-1 sshd[4223]: Disconnected from authenticating user root 124.221.41.109 port 58986 [preauth]","@timestamp":"2022-09-18T03:09:02.920Z"}
{"@timestamp":"2022-09-18T03:10:15.181Z","@version":"1","message":"Sep 18 03:10:14 honeypot-sgp-1 kernel: [84346718.158186] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=25195 DF PROTO=TCP SPT=61420 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:12:10 honeypot-ams-1 sshd[4229]: Disconnected from authenticating user root 124.221.41.109 port 48142 [preauth]","@timestamp":"2022-09-18T03:12:11.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:13:55 honeypot-ams-1 sshd[4235]: Invalid user adrc from 43.129.216.151 port 58786","@timestamp":"2022-09-18T03:13:56.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:15:16 honeypot-ams-1 sshd[4240]: Disconnected from authenticating user root 124.221.41.109 port 37236 [preauth]","@timestamp":"2022-09-18T03:15:17.090Z"}
{"@timestamp":"2022-09-18T03:17:02.348Z","@version":"1","message":"Sep 18 03:17:01 honeypot-sgp-1 CRON[29563]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:17:20 honeypot-ams-1 sshd[4247]: Disconnected from authenticating user root 124.221.41.109 port 48752 [preauth]","@timestamp":"2022-09-18T03:17:21.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:17:51 honeypot-fra-1 kernel: [84345480.135897] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=39956 PROTO=TCP SPT=51058 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:17:51.813Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:19:25 honeypot-ams-1 sshd[4254]: Disconnected from authenticating user root 124.221.41.109 port 60234 [preauth]","@timestamp":"2022-09-18T03:19:26.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:21:27 honeypot-ams-1 sshd[4260]: Disconnected from authenticating user root 124.221.41.109 port 43460 [preauth]","@timestamp":"2022-09-18T03:21:28.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:24:33 honeypot-ams-1 sshd[4267]: Received disconnect from 124.221.41.109 port 60612:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:24:33.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:25:55 honeypot-fra-1 sshd[26656]: Received disconnect from 27.115.50.114 port 58981:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:25:56.009Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:26:36 honeypot-ams-1 sshd[4271]: Disconnected from authenticating user root 124.221.41.109 port 43768 [preauth]","@timestamp":"2022-09-18T03:26:36.401Z"}
{"@timestamp":"2022-09-18T03:27:08.589Z","@version":"1","message":"Sep 18 03:27:07 honeypot-sgp-1 sshd[29570]: Disconnected from invalid user office 86.101.142.1 port 43412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:28:40 honeypot-fra-1 kernel: [84346129.484467] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=197.63.10.197 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=25687 PROTO=TCP SPT=50838 DPT=80 WINDOW=56973 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:28:41.074Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:29:37 honeypot-ams-1 sshd[4278]: Received disconnect from 124.221.41.109 port 60804:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:29:38.498Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:30:52 honeypot-fra-1 sshd[26661]: Disconnected from invalid user monitor 177.73.2.57 port 58829 [preauth]","@timestamp":"2022-09-18T03:30:53.125Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:31:11.688Z","@version":"1","message":"Sep 18 03:31:11 honeypot-sgp-1 sshd[29576]: Invalid user avoska68 from 124.156.216.31 port 37110","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:32:41 honeypot-ams-1 sshd[4284]: Received disconnect from 124.221.41.109 port 49528:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:32:41.580Z"}
{"@timestamp":"2022-09-18T03:32:54.731Z","@version":"1","message":"Sep 18 03:32:53 honeypot-sgp-1 sshd[29581]: Received disconnect from 124.152.118.194 port 10323:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:33:35.749Z","@version":"1","message":"Sep 18 03:33:35 honeypot-sgp-1 sshd[29586]: Disconnected from authenticating user root 66.98.127.52 port 52290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:07.764Z","@version":"1","message":"Sep 18 03:34:07 honeypot-sgp-1 sshd[29592]: Received disconnect from 103.163.21.24 port 35650:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:09.765Z","@version":"1","message":"Sep 18 03:34:09 honeypot-sgp-1 sshd[29598]: Received disconnect from 103.163.21.24 port 35714:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:11.767Z","@version":"1","message":"Sep 18 03:34:11 honeypot-sgp-1 sshd[29604]: Received disconnect from 103.163.21.24 port 35776:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:13.768Z","@version":"1","message":"Sep 18 03:34:13 honeypot-sgp-1 sshd[29610]: Received disconnect from 103.163.21.24 port 35834:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:15.769Z","@version":"1","message":"Sep 18 03:34:15 honeypot-sgp-1 sshd[29616]: Received disconnect from 103.163.21.24 port 35899:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:17.770Z","@version":"1","message":"Sep 18 03:34:17 honeypot-sgp-1 sshd[29622]: Received disconnect from 103.163.21.24 port 35964:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:19.772Z","@version":"1","message":"Sep 18 03:34:19 honeypot-sgp-1 sshd[29630]: Received disconnect from 103.163.21.24 port 36024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:20.772Z","@version":"1","message":"Sep 18 03:34:20 honeypot-sgp-1 sshd[29634]: Received disconnect from 103.163.21.24 port 36066:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:22.775Z","@version":"1","message":"Sep 18 03:34:22 honeypot-sgp-1 sshd[29640]: Received disconnect from 103.163.21.24 port 36128:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:24.776Z","@version":"1","message":"Sep 18 03:34:24 honeypot-sgp-1 sshd[29646]: Received disconnect from 103.163.21.24 port 36190:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:26.777Z","@version":"1","message":"Sep 18 03:34:26 honeypot-sgp-1 sshd[29652]: Received disconnect from 103.163.21.24 port 36255:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:28.779Z","@version":"1","message":"Sep 18 03:34:28 honeypot-sgp-1 sshd[29658]: Received disconnect from 103.163.21.24 port 36320:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:29.779Z","@version":"1","message":"Sep 18 03:34:29 honeypot-sgp-1 sshd[29662]: Disconnected from invalid user admin 103.163.21.24 port 36360 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:30.780Z","@version":"1","message":"Sep 18 03:34:30 honeypot-sgp-1 sshd[29666]: Disconnected from invalid user admin 103.163.21.24 port 36403 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:32.781Z","@version":"1","message":"Sep 18 03:34:31 honeypot-sgp-1 sshd[29670]: Disconnected from invalid user admin 103.163.21.24 port 36443 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:33.782Z","@version":"1","message":"Sep 18 03:34:33 honeypot-sgp-1 sshd[29674]: Disconnected from invalid user admin 103.163.21.24 port 36486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:34.782Z","@version":"1","message":"Sep 18 03:34:34 honeypot-sgp-1 sshd[29678]: Disconnected from invalid user admin 103.163.21.24 port 36528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:35.783Z","@version":"1","message":"Sep 18 03:34:35 honeypot-sgp-1 sshd[29682]: Disconnected from invalid user user 103.163.21.24 port 36569 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:37.786Z","@version":"1","message":"Sep 18 03:34:37 honeypot-sgp-1 sshd[29688]: Received disconnect from 103.163.21.24 port 36627:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:39.787Z","@version":"1","message":"Sep 18 03:34:38 honeypot-sgp-1 sshd[29692]: Received disconnect from 103.163.21.24 port 36674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:40.788Z","@version":"1","message":"Sep 18 03:34:40 honeypot-sgp-1 sshd[29696]: Received disconnect from 103.163.21.24 port 36716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:41.789Z","@version":"1","message":"Sep 18 03:34:41 honeypot-sgp-1 sshd[29700]: Received disconnect from 103.163.21.24 port 36756:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:34:42 honeypot-ams-1 sshd[4289]: Disconnected from authenticating user root 124.221.41.109 port 60802 [preauth]","@timestamp":"2022-09-18T03:34:42.634Z"}
{"@timestamp":"2022-09-18T03:34:42.790Z","@version":"1","message":"Sep 18 03:34:42 honeypot-sgp-1 sshd[29704]: Received disconnect from 103.163.21.24 port 36797:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:44.791Z","@version":"1","message":"Sep 18 03:34:43 honeypot-sgp-1 sshd[29708]: Received disconnect from 103.163.21.24 port 36844:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:45.791Z","@version":"1","message":"Sep 18 03:34:45 honeypot-sgp-1 sshd[29712]: Received disconnect from 103.163.21.24 port 36887:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:46.792Z","@version":"1","message":"Sep 18 03:34:46 honeypot-sgp-1 sshd[29716]: Received disconnect from 103.163.21.24 port 36920:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:47.793Z","@version":"1","message":"Sep 18 03:34:47 honeypot-sgp-1 sshd[29720]: Received disconnect from 103.163.21.24 port 36964:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:49.794Z","@version":"1","message":"Sep 18 03:34:49 honeypot-sgp-1 sshd[29724]: Received disconnect from 103.163.21.24 port 37003:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:50.795Z","@version":"1","message":"Sep 18 03:34:50 honeypot-sgp-1 sshd[29728]: Received disconnect from 103.163.21.24 port 37042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:51.795Z","@version":"1","message":"Sep 18 03:34:51 honeypot-sgp-1 sshd[29732]: Received disconnect from 43.156.32.144 port 60798:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:37:46 honeypot-ams-1 sshd[4295]: Disconnected from authenticating user root 124.221.41.109 port 49454 [preauth]","@timestamp":"2022-09-18T03:37:46.717Z"}
{"@timestamp":"2022-09-18T03:38:05.874Z","@version":"1","message":"Sep 18 03:38:05 honeypot-sgp-1 sshd[29737]: Received disconnect from 52.172.225.142 port 47354:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:39:33.912Z","@version":"1","message":"Sep 18 03:39:33 honeypot-sgp-1 sshd[29741]: Received disconnect from 92.255.85.70 port 31480:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:40:22 honeypot-ams-1 sshd[4302]: Received disconnect from 92.255.85.69 port 44312:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:40:22.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:41:36 honeypot-fra-1 sshd[26666]: Did not receive identification string from 103.226.248.146 port 43708","@timestamp":"2022-09-18T03:41:37.366Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:41:47 honeypot-ams-1 sshd[4306]: Disconnected from authenticating user root 124.221.41.109 port 43684 [preauth]","@timestamp":"2022-09-18T03:41:47.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:44:49 honeypot-ams-1 sshd[4312]: Received disconnect from 124.221.41.109 port 60488:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:44:49.911Z"}
{"@timestamp":"2022-09-18T03:45:09.046Z","@version":"1","message":"Sep 18 03:45:08 honeypot-sgp-1 sshd[29746]: Connection closed by invalid user admin 220.74.55.232 port 45502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:47:50 honeypot-ams-1 sshd[4319]: Received disconnect from 124.221.41.109 port 49024:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:47:50.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:49:50 honeypot-ams-1 sshd[4323]: Disconnected from authenticating user root 124.221.41.109 port 60180 [preauth]","@timestamp":"2022-09-18T03:49:51.046Z"}
{"@timestamp":"2022-09-18T03:50:42.181Z","@version":"1","message":"Sep 18 03:50:41 honeypot-sgp-1 kernel: [84349144.694738] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=42065 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:51:25 honeypot-fra-1 sshd[26670]: Connection closed by invalid user default 179.60.147.69 port 13324 [preauth]","@timestamp":"2022-09-18T03:51:25.588Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:52:51 honeypot-ams-1 sshd[4330]: Disconnected from authenticating user root 124.221.41.109 port 48632 [preauth]","@timestamp":"2022-09-18T03:52:52.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:54:47 honeypot-ams-1 sshd[4336]: Disconnected from authenticating user root 124.221.41.109 port 59726 [preauth]","@timestamp":"2022-09-18T03:54:48.178Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:57:39 honeypot-ams-1 kernel: [84350039.333164] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=34859 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:57:40.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:59:47 honeypot-ams-1 sshd[4347]: Received disconnect from 124.221.41.109 port 59156:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:59:48.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:00:06 honeypot-fra-1 kernel: [84348015.273521] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=44149 PROTO=TCP SPT=51636 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:00:07.801Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T04:02:15.455Z","@version":"1","message":"Sep 18 04:02:14 honeypot-sgp-1 sshd[29755]: Disconnected from authenticating user root 51.38.237.164 port 57622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:02:46 honeypot-ams-1 sshd[4354]: Received disconnect from 124.221.41.109 port 47460:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:02:46.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:05:35 honeypot-fra-1 sshd[26681]: Invalid user temp from 135.125.233.142 port 39374","@timestamp":"2022-09-18T04:05:35.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:05:42 honeypot-ams-1 sshd[4360]: Received disconnect from 124.221.41.109 port 35698:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:05:42.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:08:40 honeypot-ams-1 sshd[4367]: Received disconnect from 124.221.41.109 port 52078:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:08:40.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:09:42 honeypot-ams-1 sshd[4371]: Disconnected from invalid user distccd 81.200.212.13 port 60840 [preauth]","@timestamp":"2022-09-18T04:09:42.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:11:35 honeypot-ams-1 sshd[4377]: Disconnected from authenticating user root 124.221.41.109 port 40176 [preauth]","@timestamp":"2022-09-18T04:11:36.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:13:32 honeypot-ams-1 sshd[4384]: Disconnected from authenticating user root 124.221.41.109 port 51034 [preauth]","@timestamp":"2022-09-18T04:13:33.684Z"}
{"@timestamp":"2022-09-18T04:13:54.730Z","@version":"1","message":"Sep 18 04:13:53 honeypot-sgp-1 kernel: [84350537.447493] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=44532 PROTO=TCP SPT=52450 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:15:28 honeypot-ams-1 sshd[4390]: Disconnected from authenticating user root 124.221.41.109 port 33632 [preauth]","@timestamp":"2022-09-18T04:15:29.737Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:17:01 honeypot-fra-1 CRON[26701]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T04:17:02.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:17:24 honeypot-ams-1 sshd[4397]: Disconnected from authenticating user root 124.221.41.109 port 44424 [preauth]","@timestamp":"2022-09-18T04:17:24.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:19:21 honeypot-ams-1 sshd[4404]: Disconnected from authenticating user root 124.221.41.109 port 55188 [preauth]","@timestamp":"2022-09-18T04:19:22.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:22:16 honeypot-ams-1 sshd[4412]: Disconnected from authenticating user root 124.221.41.109 port 43066 [preauth]","@timestamp":"2022-09-18T04:22:16.925Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:22:58 honeypot-fra-1 sshd[26707]: Disconnected from invalid user admin 74.204.129.194 port 53264 [preauth]","@timestamp":"2022-09-18T04:22:59.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T04:23:51.968Z","@version":"1","message":"Sep 18 04:23:51 honeypot-sgp-1 sshd[29769]: Received disconnect from 159.65.224.135 port 59384:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:24:38 honeypot-ams-1 sshd[4419]: Connection closed by invalid user elk 103.188.176.251 port 52788 [preauth]","@timestamp":"2022-09-18T04:24:38.988Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:27:02 honeypot-ams-1 sshd[4426]: Disconnected from authenticating user root 124.221.41.109 port 41548 [preauth]","@timestamp":"2022-09-18T04:27:03.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:28:58 honeypot-ams-1 sshd[4433]: Disconnected from authenticating user root 124.221.41.109 port 52190 [preauth]","@timestamp":"2022-09-18T04:28:58.106Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:29:52 honeypot-ams-1 kernel: [84351972.635220] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.102 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=49691 PROTO=TCP SPT=56575 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:29:53.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:30:52 honeypot-ams-1 sshd[4445]: Received disconnect from 124.221.41.109 port 34586:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:30:53.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:31:36 honeypot-fra-1 sshd[26714]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-18T04:31:36.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:31:47 honeypot-ams-1 sshd[4447]: Disconnected from authenticating user root 124.221.41.109 port 39890 [preauth]","@timestamp":"2022-09-18T04:31:48.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:32:36 honeypot-ams-1 sshd[4449]: Disconnected from invalid user laboratory 123.41.0.20 port 27553 [preauth]","@timestamp":"2022-09-18T04:32:37.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:34:41 honeypot-ams-1 sshd[4456]: Disconnected from authenticating user root 124.221.41.109 port 55766 [preauth]","@timestamp":"2022-09-18T04:34:41.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:36:15 honeypot-ams-1 sshd[4462]: Invalid user taf from 109.234.36.47 port 44444","@timestamp":"2022-09-18T04:36:16.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:36:34 honeypot-ams-1 sshd[4466]: Disconnected from authenticating user root 124.221.41.109 port 38072 [preauth]","@timestamp":"2022-09-18T04:36:34.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:38:27 honeypot-ams-1 sshd[4482]: Received disconnect from 124.221.41.109 port 48598:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:38:27.375Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:02 honeypot-fra-1 sshd[26719]: Disconnected from invalid user user 45.61.186.169 port 44758 [preauth]","@timestamp":"2022-09-18T04:39:02.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:21 honeypot-fra-1 sshd[26723]: Received disconnect from 45.61.186.169 port 39612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T04:39:21.716Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:39:33 honeypot-ams-1 sshd[4486]: Received disconnect from 24.188.213.50 port 60094:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:39:34.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:37 honeypot-fra-1 sshd[26727]: Received disconnect from 45.61.186.169 port 34464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T04:39:38.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:53 honeypot-fra-1 sshd[26731]: Received disconnect from 45.61.186.169 port 57536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T04:39:53.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:40:19 honeypot-ams-1 sshd[4491]: Received disconnect from 124.221.41.109 port 59078:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:40:20.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:41:15 honeypot-ams-1 sshd[4495]: Received disconnect from 124.221.41.109 port 36070:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:41:15.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:42:11 honeypot-ams-1 sshd[4501]: Received disconnect from 124.221.41.109 port 41294:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:42:11.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:43:09 honeypot-fra-1 sshd[26736]: Received disconnect from 45.119.215.150 port 33624:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:43:09.809Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:44:04 honeypot-ams-1 sshd[4509]: Invalid user fz from 45.119.215.150 port 43710","@timestamp":"2022-09-18T04:44:05.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:45:01 honeypot-ams-1 sshd[4513]: Received disconnect from 124.221.41.109 port 56916:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:45:02.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:46:53 honeypot-ams-1 sshd[4519]: Disconnected from authenticating user root 124.221.41.109 port 39052 [preauth]","@timestamp":"2022-09-18T04:46:54.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:48:45 honeypot-ams-1 sshd[4523]: Disconnected from authenticating user root 124.221.41.109 port 49380 [preauth]","@timestamp":"2022-09-18T04:48:45.665Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:50:38 honeypot-ams-1 kernel: [84353218.349024] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=16844 PROTO=TCP SPT=44074 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:50:38.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:51:31 honeypot-ams-1 sshd[4534]: Disconnected from authenticating user root 124.221.41.109 port 36604 [preauth]","@timestamp":"2022-09-18T04:51:31.745Z"}
{"@timestamp":"2022-09-18T04:51:37.624Z","@version":"1","message":"Sep 18 04:51:37 honeypot-sgp-1 sshd[29774]: Invalid user user1 from 103.188.176.251 port 50528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:54:12 honeypot-ams-1 kernel: [84353432.539251] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.134.144.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=49334 PROTO=TCP SPT=52937 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:54:12.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:55:14 honeypot-ams-1 sshd[4547]: Disconnected from authenticating user root 124.221.41.109 port 57156 [preauth]","@timestamp":"2022-09-18T04:55:14.850Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:56:18 honeypot-ams-1 kernel: [84353558.181175] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=62259 PROTO=TCP SPT=52450 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:56:18.881Z"}
{"@timestamp":"2022-09-18T04:56:57.772Z","@version":"1","message":"Sep 18 04:56:57 honeypot-sgp-1 sshd[29779]: Received disconnect from 93.49.97.102 port 50500:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:58:48 honeypot-ams-1 sshd[4557]: Bad protocol version identification 'ABCDEFGHIJKLMNOPQRSTUVWXYZ9999' from 172.104.131.24 port 46618","@timestamp":"2022-09-18T04:58:48.951Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:59:23 honeypot-fra-1 sshd[26744]: Received disconnect from 167.71.233.59 port 48342:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:59:23.177Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:59:48 honeypot-ams-1 sshd[4562]: Received disconnect from 124.221.41.109 port 54478:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:59:48.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:01:40 honeypot-ams-1 sshd[4570]: Received disconnect from 124.221.41.109 port 36428:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:01:40.033Z"}
{"@timestamp":"2022-09-18T05:02:21.905Z","@version":"1","message":"Sep 18 05:02:21 honeypot-sgp-1 sshd[29782]: Disconnected from invalid user wen 45.181.32.41 port 40204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:03:29 honeypot-ams-1 sshd[4577]: Disconnected from authenticating user root 124.221.41.109 port 46574 [preauth]","@timestamp":"2022-09-18T05:03:30.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:03:58 honeypot-fra-1 sshd[26747]: Connection closed by invalid user ubnt 179.60.147.69 port 11504 [preauth]","@timestamp":"2022-09-18T05:03:58.283Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:05:18 honeypot-ams-1 sshd[4583]: Disconnected from authenticating user root 124.221.41.109 port 56696 [preauth]","@timestamp":"2022-09-18T05:05:18.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:07:05 honeypot-ams-1 sshd[4590]: Disconnected from authenticating user root 124.221.41.109 port 38564 [preauth]","@timestamp":"2022-09-18T05:07:06.179Z"}
{"@timestamp":"2022-09-18T05:08:21.055Z","@version":"1","message":"Sep 18 05:08:20 honeypot-sgp-1 sshd[29789]: Invalid user mayrene from 210.22.111.77 port 44886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:08:27 honeypot-ams-1 sshd[4596]: Received disconnect from 92.255.85.70 port 17840:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:08:28.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:10:39 honeypot-ams-1 sshd[4602]: Invalid user admin from 193.106.191.157 port 46296","@timestamp":"2022-09-18T05:10:39.280Z"}
{"@timestamp":"2022-09-18T05:10:41.114Z","@version":"1","message":"Sep 18 05:10:40 honeypot-sgp-1 sshd[29791]: Disconnected from invalid user fzc 41.209.43.93 port 34670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:11:36 honeypot-ams-1 sshd[4608]: Received disconnect from 124.221.41.109 port 35484:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:11:36.308Z"}
{"@timestamp":"2022-09-18T05:12:02.150Z","@version":"1","message":"Sep 18 05:12:01 honeypot-sgp-1 sshd[29795]: Received disconnect from 49.247.24.207 port 58996:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:13:14 honeypot-fra-1 kernel: [84352402.907818] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=45665 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:13:15.494Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:13:25 honeypot-ams-1 sshd[4613]: Disconnected from authenticating user root 124.221.41.109 port 45514 [preauth]","@timestamp":"2022-09-18T05:13:26.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:15:13 honeypot-ams-1 sshd[4621]: Disconnected from authenticating user root 124.221.41.109 port 55506 [preauth]","@timestamp":"2022-09-18T05:15:14.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:01 honeypot-ams-1 sshd[4631]: Received disconnect from 124.221.41.109 port 37254:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:17:01.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:17:01 honeypot-fra-1 CRON[26755]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T05:17:01.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:55 honeypot-ams-1 sshd[4639]: Received disconnect from 124.221.41.109 port 42234:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:17:55.483Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:18:48 honeypot-ams-1 sshd[4643]: Disconnected from authenticating user root 124.221.41.109 port 47212 [preauth]","@timestamp":"2022-09-18T05:18:49.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:21:27 honeypot-ams-1 sshd[4649]: Received disconnect from 124.221.41.109 port 33888:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:21:28.582Z"}
{"@timestamp":"2022-09-18T05:21:35.377Z","@version":"1","message":"Sep 18 05:21:34 honeypot-sgp-1 sshd[29804]: Received disconnect from 213.32.22.97 port 54983:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:23:10 honeypot-ams-1 kernel: [84355170.207723] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=203.122.46.42 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=30973 PROTO=TCP SPT=43109 DPT=80 WINDOW=59347 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:23:10.629Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:24:16 honeypot-fra-1 sshd[26761]: Disconnected from invalid user lindsey 165.22.45.108 port 48844 [preauth]","@timestamp":"2022-09-18T05:24:16.772Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:24:16 honeypot-ams-1 sshd[4660]: Received disconnect from 159.65.235.114 port 53584:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:24:17.662Z"}
{"@timestamp":"2022-09-18T05:24:22.466Z","@version":"1","message":"Sep 18 05:24:21 honeypot-sgp-1 sshd[29809]: Received disconnect from 210.4.123.219 port 15855:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:25:56 honeypot-ams-1 sshd[4666]: Received disconnect from 124.221.41.109 port 58672:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:25:57.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:27:32 honeypot-ams-1 sshd[4670]: Disconnected from invalid user nexus 159.89.236.71 port 36696 [preauth]","@timestamp":"2022-09-18T05:27:33.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:29:27 honeypot-ams-1 sshd[4679]: Connection closed by 193.169.255.16 port 54878 [preauth]","@timestamp":"2022-09-18T05:29:27.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:30:21 honeypot-ams-1 sshd[4683]: Disconnected from authenticating user root 124.221.41.109 port 55098 [preauth]","@timestamp":"2022-09-18T05:30:21.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:32:06 honeypot-ams-1 sshd[4687]: Disconnected from authenticating user root 124.221.41.109 port 36712 [preauth]","@timestamp":"2022-09-18T05:32:07.892Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:35:24 honeypot-fra-1 kernel: [84353732.336427] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37877 PROTO=TCP SPT=59254 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:35:25.026Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:35:55 honeypot-ams-1 kernel: [84355935.178983] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33394 PROTO=TCP SPT=59254 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:35:55.992Z"}
{"@timestamp":"2022-09-18T05:36:48.762Z","@version":"1","message":"Sep 18 05:36:47 honeypot-sgp-1 kernel: [84355511.322956] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.97.234.8 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=30425 DF PROTO=TCP SPT=57919 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T05:39:53.841Z","@version":"1","message":"Sep 18 05:39:53 honeypot-sgp-1 sshd[29817]: Disconnected from invalid user admin 92.255.85.69 port 45818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:40:03 honeypot-fra-1 kernel: [84354011.771908] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=202.95.12.103 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=46457 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:40:04.133Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:42:46 honeypot-ams-1 kernel: [84356346.389171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.137.89.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=50265 DF PROTO=TCP SPT=25177 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:42:47.173Z"}
{"@timestamp":"2022-09-18T05:53:02.157Z","@version":"1","message":"Sep 18 05:53:01 honeypot-sgp-1 kernel: [84356484.842823] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57652 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:56:37 honeypot-ams-1 sshd[4713]: Received disconnect from 61.177.172.124 port 60337:11:  [preauth]","@timestamp":"2022-09-18T05:56:38.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:57:38 honeypot-ams-1 sshd[4717]: Disconnected from invalid user luuk 89.22.67.66 port 34606 [preauth]","@timestamp":"2022-09-18T05:57:38.565Z"}
{"@timestamp":"2022-09-18T05:58:17.306Z","@version":"1","message":"Sep 18 05:58:16 honeypot-sgp-1 kernel: [84356799.963671] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=114.254.21.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32403 DF PROTO=TCP SPT=35474 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:01:19 honeypot-fra-1 kernel: [84355287.561965] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.12.127.234 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=2658 PROTO=TCP SPT=59942 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:01:19.599Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:02:20 honeypot-ams-1 sshd[4723]: Received disconnect from 61.177.173.36 port 10465:11:  [preauth]","@timestamp":"2022-09-18T06:02:20.690Z"}
{"@timestamp":"2022-09-18T06:07:52.538Z","@version":"1","message":"Sep 18 06:07:52 honeypot-sgp-1 sshd[29827]: Invalid user trac from 109.195.242.57 port 36352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:10:30 honeypot-ams-1 kernel: [84358010.049326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=34870 PROTO=TCP SPT=61002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:10:30.908Z"}
{"@timestamp":"2022-09-18T06:13:09.667Z","@version":"1","message":"Sep 18 06:13:08 honeypot-sgp-1 sshd[29830]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:16:44.757Z","@version":"1","message":"Sep 18 06:16:44 honeypot-sgp-1 kernel: [84357907.445263] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=12065 PROTO=TCP SPT=40843 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:17:01 honeypot-ams-1 CRON[4825]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T06:17:02.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:17:01 honeypot-fra-1 CRON[26876]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T06:17:01.969Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:22:24 honeypot-fra-1 sshd[26882]: Invalid user test1 from 141.98.10.158 port 34974","@timestamp":"2022-09-18T06:22:25.091Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:23:36 honeypot-ams-1 sshd[4833]: Disconnected from invalid user test 92.255.85.69 port 29374 [preauth]","@timestamp":"2022-09-18T06:23:37.256Z"}
{"@timestamp":"2022-09-18T06:24:06.938Z","@version":"1","message":"Sep 18 06:24:06 honeypot-sgp-1 kernel: [84358350.111031] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=269 PROTO=TCP SPT=42069 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:25:02 honeypot-fra-1 CRON[26884]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T06:25:03.156Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:28:26.054Z","@version":"1","message":"Sep 18 06:28:25 honeypot-sgp-1 sshd[29980]: Disconnected from invalid user test 92.255.85.69 port 23858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:14 honeypot-ams-1 sshd[5018]: Did not receive identification string from 46.19.141.122 port 58296","@timestamp":"2022-09-18T06:31:14.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:46 honeypot-ams-1 sshd[5023]: Received disconnect from 46.19.141.122 port 40594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:31:46.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:32:02 honeypot-fra-1 kernel: [84357130.368865] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49420 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:32:02.316Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:10 honeypot-ams-1 sshd[5027]: Received disconnect from 46.19.141.122 port 53278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:32:10.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:54 honeypot-ams-1 sshd[5031]: Received disconnect from 46.19.141.122 port 48808:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:32:55.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:29 honeypot-ams-1 sshd[5035]: Received disconnect from 46.19.141.122 port 58748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:33:29.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:57 honeypot-ams-1 sshd[5039]: Received disconnect from 46.19.141.122 port 33210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:33:57.654Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:25 honeypot-ams-1 sshd[5043]: Received disconnect from 46.19.141.122 port 48990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:34:25.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:55 honeypot-ams-1 sshd[5049]: Disconnected from authenticating user root 46.19.141.122 port 57532 [preauth]","@timestamp":"2022-09-18T06:34:55.683Z"}
{"@timestamp":"2022-09-18T06:35:00.215Z","@version":"1","message":"Sep 18 06:35:00 honeypot-sgp-1 sshd[29986]: Received disconnect from 45.61.186.249 port 43262:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:18.224Z","@version":"1","message":"Sep 18 06:35:17 honeypot-sgp-1 sshd[29990]: Received disconnect from 45.61.186.249 port 38530:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:34 honeypot-ams-1 sshd[5056]: Received disconnect from 46.19.141.122 port 58990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:35:34.704Z"}
{"@timestamp":"2022-09-18T06:35:36.233Z","@version":"1","message":"Sep 18 06:35:35 honeypot-sgp-1 sshd[29994]: Received disconnect from 45.61.186.249 port 33848:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:36:09 honeypot-ams-1 sshd[5064]: Received disconnect from 46.19.141.122 port 35122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:36:09.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:36:27 honeypot-ams-1 sshd[5068]: Disconnected from authenticating user root 61.177.173.36 port 45968 [preauth]","@timestamp":"2022-09-18T06:36:27.732Z"}
{"@timestamp":"2022-09-18T06:37:26.277Z","@version":"1","message":"Sep 18 06:37:26 honeypot-sgp-1 sshd[29998]: Received disconnect from 76.95.32.130 port 57480:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:38:15.300Z","@version":"1","message":"Sep 18 06:38:14 honeypot-sgp-1 sshd[30000]: Disconnected from invalid user hatton 104.131.249.57 port 40286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:40:25.357Z","@version":"1","message":"Sep 18 06:40:25 honeypot-sgp-1 kernel: [84359328.441638] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=26169 DF PROTO=TCP SPT=50232 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:42:13.404Z","@version":"1","message":"Sep 18 06:42:13 honeypot-sgp-1 sshd[30007]: Invalid user admin from 87.219.167.59 port 47718","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:43:16 honeypot-ams-1 kernel: [84359976.754244] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.137 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=5593 PROTO=TCP SPT=46423 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:43:16.912Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:43:35 honeypot-fra-1 sshd[27024]: Received disconnect from 221.213.129.46 port 45272:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:43:36.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:14 honeypot-fra-1 sshd[27029]: Invalid user user from 45.61.187.160 port 51764","@timestamp":"2022-09-18T06:44:15.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:24 honeypot-fra-1 sshd[27033]: Invalid user user from 45.61.187.160 port 35332","@timestamp":"2022-09-18T06:44:24.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:42 honeypot-fra-1 sshd[27037]: Invalid user user from 45.61.187.160 port 58906","@timestamp":"2022-09-18T06:44:42.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:59 honeypot-fra-1 sshd[27041]: Invalid user user from 45.61.187.160 port 54248","@timestamp":"2022-09-18T06:45:00.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:45:21 honeypot-fra-1 kernel: [84357929.663960] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.219.142.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=15698 PROTO=TCP SPT=20645 DPT=80 WINDOW=30856 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:45:21.631Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:46:19 honeypot-fra-1 sshd[27048]: Disconnected from authenticating user root 218.49.184.67 port 37820 [preauth]","@timestamp":"2022-09-18T06:46:20.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:47:02.522Z","@version":"1","message":"Sep 18 06:47:02 honeypot-sgp-1 CRON[30012]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:48:23 honeypot-fra-1 kernel: [84358111.947813] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=39744 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:48:24.704Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:52:05 honeypot-fra-1 sshd[27081]: Received disconnect from 43.154.211.62 port 42978:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:52:05.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:53:29 honeypot-ams-1 sshd[5175]: Invalid user user1 from 103.188.176.251 port 39346","@timestamp":"2022-09-18T06:53:30.179Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:54:10 honeypot-fra-1 kernel: [84358458.506379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=33460 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:54:10.838Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:55:33 honeypot-ams-1 sshd[5179]: Did not receive identification string from 45.61.184.204 port 48946","@timestamp":"2022-09-18T06:55:34.239Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:17 honeypot-ams-1 sshd[5183]: Disconnected from invalid user user 45.61.184.204 port 56822 [preauth]","@timestamp":"2022-09-18T06:56:18.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:36 honeypot-ams-1 sshd[5187]: Received disconnect from 45.61.184.204 port 52204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:56:36.272Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:45 honeypot-ams-1 sshd[5191]: Disconnected from invalid user user 45.61.184.204 port 35768 [preauth]","@timestamp":"2022-09-18T06:56:46.278Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:57:03 honeypot-ams-1 sshd[5203]: Disconnected from invalid user user 45.61.184.204 port 59408 [preauth]","@timestamp":"2022-09-18T06:57:04.287Z"}
{"@timestamp":"2022-09-18T06:59:37.825Z","@version":"1","message":"Sep 18 06:59:37 honeypot-sgp-1 sshd[30037]: error: maximum authentication attempts exceeded for invalid user admin from 221.185.76.103 port 33435 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:02:05 honeypot-fra-1 kernel: [84358933.325074] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.61 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61553 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:02:06.021Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T07:03:01.912Z","@version":"1","message":"Sep 18 07:03:01 honeypot-sgp-1 sshd[30137]: Received disconnect from 88.142.46.185 port 55472:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:04:19.947Z","@version":"1","message":"Sep 18 07:04:19 honeypot-sgp-1 sshd[30141]: Received disconnect from 92.255.85.69 port 51118:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:05:07 honeypot-ams-1 sshd[5209]: Received disconnect from 61.177.172.124 port 42334:11:  [preauth]","@timestamp":"2022-09-18T07:05:08.499Z"}
{"@timestamp":"2022-09-18T07:10:01.087Z","@version":"1","message":"Sep 18 07:10:00 honeypot-sgp-1 sshd[30144]: Connection closed by invalid user xq 137.116.144.39 port 54774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:14:30 honeypot-ams-1 sshd[5223]: Invalid user mysql from 193.106.191.157 port 42004","@timestamp":"2022-09-18T07:14:30.871Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:15:57 honeypot-fra-1 sshd[27099]: Invalid user user from 45.61.187.160 port 57026","@timestamp":"2022-09-18T07:15:58.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:15 honeypot-fra-1 sshd[27104]: Invalid user user from 45.61.187.160 port 52748","@timestamp":"2022-09-18T07:16:16.341Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:16:28.244Z","@version":"1","message":"Sep 18 07:16:27 honeypot-sgp-1 sshd[30150]: Bad protocol version identification '\\026\\003\\001' from 27.124.5.116 port 50292","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:32 honeypot-fra-1 sshd[27108]: Invalid user user from 45.61.187.160 port 48422","@timestamp":"2022-09-18T07:16:33.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:48 honeypot-fra-1 sshd[27112]: Invalid user user from 45.61.187.160 port 44114","@timestamp":"2022-09-18T07:16:49.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:18:11.290Z","@version":"1","message":"Sep 18 07:18:10 honeypot-sgp-1 kernel: [84361593.891377] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=245 ID=6914 PROTO=TCP SPT=14999 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:18:32 honeypot-fra-1 kernel: [84359920.765459] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.204.198 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33402 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:18:33.397Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:20:13 honeypot-ams-1 kernel: [84362193.667883] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=15025 PROTO=TCP SPT=43247 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:20:14.023Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:23:02 honeypot-fra-1 sshd[27124]: Connection closed by 135.129.133.147 port 38431 [preauth]","@timestamp":"2022-09-18T07:23:02.498Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:26:42 honeypot-ams-1 sshd[5239]: Disconnected from invalid user user 45.61.184.204 port 53178 [preauth]","@timestamp":"2022-09-18T07:26:43.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:01 honeypot-ams-1 sshd[5244]: Received disconnect from 45.61.184.204 port 48678:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:27:02.207Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:20 honeypot-ams-1 sshd[5248]: Received disconnect from 45.61.184.204 port 44172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:27:21.217Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:28 honeypot-ams-1 sshd[5252]: Disconnected from invalid user user 45.61.184.204 port 56118 [preauth]","@timestamp":"2022-09-18T07:27:29.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:30:36 honeypot-ams-1 sshd[5260]: Received disconnect from 61.177.173.52 port 12263:11:  [preauth]","@timestamp":"2022-09-18T07:30:37.306Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:31:35 honeypot-ams-1 kernel: [84362875.260883] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.214.43.215 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50653 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:31:35.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:37:22 honeypot-fra-1 kernel: [84361050.463296] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=34443 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:37:22.823Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:38:55 honeypot-ams-1 sshd[5272]: Disconnected from authenticating user root 134.122.123.117 port 53508 [preauth]","@timestamp":"2022-09-18T07:38:55.529Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:40:42 honeypot-ams-1 sshd[5282]: Disconnected from authenticating user root 134.122.123.117 port 56450 [preauth]","@timestamp":"2022-09-18T07:40:43.579Z"}
{"@timestamp":"2022-09-18T07:48:51.016Z","@version":"1","message":"Sep 18 07:48:50 honeypot-sgp-1 sshd[30165]: Did not receive identification string from 45.61.186.249 port 43584","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:07.025Z","@version":"1","message":"Sep 18 07:49:06 honeypot-sgp-1 sshd[30168]: Disconnected from invalid user user 45.61.186.249 port 42908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:27.035Z","@version":"1","message":"Sep 18 07:49:26 honeypot-sgp-1 sshd[30172]: Disconnected from invalid user user 45.61.186.249 port 38518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:45.043Z","@version":"1","message":"Sep 18 07:49:45 honeypot-sgp-1 sshd[30176]: Disconnected from invalid user user 45.61.186.249 port 34096 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:49:56 honeypot-fra-1 sshd[27136]: Disconnected from invalid user zlq 206.189.151.245 port 52366 [preauth]","@timestamp":"2022-09-18T07:49:57.104Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:57:02 honeypot-ams-1 kernel: [84364401.996168] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.101.90 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45437 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:57:03.005Z"}
{"@timestamp":"2022-09-18T07:57:25.227Z","@version":"1","message":"Sep 18 07:57:24 honeypot-sgp-1 kernel: [84363947.675146] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.215.27 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53580 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:00:34.303Z","@version":"1","message":"Sep 18 08:00:33 honeypot-sgp-1 sshd[30186]: Disconnected from authenticating user root 92.255.85.70 port 29376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:01:28 honeypot-fra-1 sshd[27142]: Disconnected from authenticating user root 52.151.65.193 port 44184 [preauth]","@timestamp":"2022-09-18T08:01:29.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:01:56 honeypot-ams-1 sshd[5294]: Disconnected from authenticating user root 65.182.3.163 port 43636 [preauth]","@timestamp":"2022-09-18T08:01:57.139Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:05:13 honeypot-fra-1 kernel: [84362721.592692] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.95.91 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39574 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:05:14.453Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:07:45 honeypot-ams-1 sshd[5302]: Disconnected from authenticating user root 92.255.85.69 port 48384 [preauth]","@timestamp":"2022-09-18T08:07:46.324Z"}
{"@timestamp":"2022-09-18T08:12:09.582Z","@version":"1","message":"Sep 18 08:12:09 honeypot-sgp-1 sshd[30195]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:17:01 honeypot-fra-1 CRON[27171]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T08:17:01.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:18:39 honeypot-fra-1 sshd[27176]: Disconnected from authenticating user root 148.66.132.190 port 36396 [preauth]","@timestamp":"2022-09-18T08:18:39.762Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:24:58.887Z","@version":"1","message":"Sep 18 08:24:58 honeypot-sgp-1 kernel: [84365601.528201] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33732 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:27:39 honeypot-ams-1 sshd[5320]: Received disconnect from 61.177.173.52 port 57347:11:  [preauth]","@timestamp":"2022-09-18T08:27:39.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:28:34 honeypot-ams-1 sshd[5324]: Received disconnect from 49.247.31.104 port 15843:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:28:35.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:29:01 honeypot-fra-1 sshd[27183]: Invalid user tjn from 176.102.38.41 port 58464","@timestamp":"2022-09-18T08:29:01.996Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:30:42 honeypot-ams-1 sshd[5326]: Disconnected from invalid user ubnt 134.209.175.24 port 47800 [preauth]","@timestamp":"2022-09-18T08:30:42.937Z"}
{"@timestamp":"2022-09-18T08:33:03.079Z","@version":"1","message":"Sep 18 08:33:02 honeypot-sgp-1 sshd[30223]: Invalid user apache from 180.228.243.235 port 27683","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:41:16 honeypot-fra-1 sshd[27634]: Invalid user blank from 179.60.147.69 port 52450","@timestamp":"2022-09-18T08:41:16.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:41:53.291Z","@version":"1","message":"Sep 18 08:41:52 honeypot-sgp-1 sshd[30229]: Invalid user user from 45.61.186.249 port 45528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:13.301Z","@version":"1","message":"Sep 18 08:42:12 honeypot-sgp-1 sshd[30233]: Invalid user user from 45.61.186.249 port 41056","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:31.310Z","@version":"1","message":"Sep 18 08:42:30 honeypot-sgp-1 sshd[30237]: Invalid user user from 45.61.186.249 port 36590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:49.318Z","@version":"1","message":"Sep 18 08:42:49 honeypot-sgp-1 sshd[30241]: Invalid user user from 45.61.186.249 port 60360","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:45:21.379Z","@version":"1","message":"Sep 18 08:45:21 honeypot-sgp-1 kernel: [84366824.452136] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:48:26 honeypot-ams-1 kernel: [84367486.373292] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.33.27.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=36915 PROTO=TCP SPT=29165 DPT=443 WINDOW=16859 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:48:27.418Z"}
{"@timestamp":"2022-09-18T08:48:46.463Z","@version":"1","message":"Sep 18 08:48:45 honeypot-sgp-1 kernel: [84367028.925309] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=62517 PROTO=TCP SPT=43262 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:52:45 honeypot-ams-1 sshd[5367]: Disconnected from authenticating user root 61.177.173.47 port 36315 [preauth]","@timestamp":"2022-09-18T08:52:45.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:54:54 honeypot-ams-1 sshd[5374]: Received disconnect from 92.255.85.69 port 36230:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:54:54.589Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:57:32 honeypot-ams-1 kernel: [84368032.859541] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.95 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23257 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:57:33.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:57:34 honeypot-fra-1 kernel: [84365861.823422] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42678 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:57:34.636Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:04 honeypot-fra-1 sshd[27644]: Disconnected from invalid user user 45.61.186.249 port 42764 [preauth]","@timestamp":"2022-09-18T09:01:04.718Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:01:11.760Z","@version":"1","message":"Sep 18 09:01:11 honeypot-sgp-1 sshd[30249]: Disconnected from invalid user jm 201.186.40.35 port 34286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:23 honeypot-fra-1 sshd[27648]: Received disconnect from 45.61.186.249 port 37756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:01:24.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:43 honeypot-fra-1 sshd[27652]: Invalid user user from 45.61.186.249 port 60986","@timestamp":"2022-09-18T09:01:43.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:02:01 honeypot-fra-1 sshd[27656]: Invalid user user from 45.61.186.249 port 55972","@timestamp":"2022-09-18T09:02:01.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:15 honeypot-ams-1 sshd[5385]: Disconnected from authenticating user root 149.74.230.97 port 52493 [preauth]","@timestamp":"2022-09-18T09:03:16.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:17 honeypot-ams-1 sshd[5391]: Received disconnect from 149.74.230.97 port 52553:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:17.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:18 honeypot-ams-1 sshd[5397]: Received disconnect from 149.74.230.97 port 52611:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:19.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:20 honeypot-ams-1 sshd[5403]: Received disconnect from 149.74.230.97 port 52659:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:20.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:21 honeypot-ams-1 sshd[5409]: Received disconnect from 149.74.230.97 port 52709:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:22.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:23 honeypot-ams-1 sshd[5415]: Received disconnect from 149.74.230.97 port 52751:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:23.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:24 honeypot-ams-1 sshd[5421]: Received disconnect from 149.74.230.97 port 52809:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:24.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:26 honeypot-ams-1 sshd[5427]: Received disconnect from 149.74.230.97 port 52864:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:26.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:27 honeypot-ams-1 sshd[5433]: Received disconnect from 149.74.230.97 port 52908:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:27.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:29 honeypot-ams-1 sshd[5439]: Received disconnect from 149.74.230.97 port 52967:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:29.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:30 honeypot-ams-1 sshd[5445]: Received disconnect from 149.74.230.97 port 53021:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:30.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:31 honeypot-ams-1 sshd[5451]: Received disconnect from 149.74.230.97 port 53069:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:31.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:33 honeypot-ams-1 sshd[5457]: Invalid user admin from 149.74.230.97 port 53111","@timestamp":"2022-09-18T09:03:33.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:34 honeypot-ams-1 sshd[5461]: Invalid user admin from 149.74.230.97 port 53148","@timestamp":"2022-09-18T09:03:34.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:35 honeypot-ams-1 sshd[5466]: Invalid user admin from 149.74.230.97 port 53182","@timestamp":"2022-09-18T09:03:35.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:35 honeypot-ams-1 sshd[5470]: Invalid user admin from 149.74.230.97 port 53217","@timestamp":"2022-09-18T09:03:36.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:36 honeypot-ams-1 sshd[5474]: Invalid user admin from 149.74.230.97 port 53238","@timestamp":"2022-09-18T09:03:36.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:37 honeypot-ams-1 sshd[5478]: Invalid user user from 149.74.230.97 port 53275","@timestamp":"2022-09-18T09:03:37.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:38 honeypot-ams-1 sshd[5482]: Disconnected from authenticating user root 149.74.230.97 port 53309 [preauth]","@timestamp":"2022-09-18T09:03:38.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:39 honeypot-ams-1 sshd[5486]: Disconnected from invalid user pi 149.74.230.97 port 53338 [preauth]","@timestamp":"2022-09-18T09:03:39.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:40 honeypot-ams-1 sshd[5490]: Disconnected from invalid user ethos 149.74.230.97 port 53387 [preauth]","@timestamp":"2022-09-18T09:03:41.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:42 honeypot-ams-1 sshd[5494]: Disconnected from invalid user miner 149.74.230.97 port 53431 [preauth]","@timestamp":"2022-09-18T09:03:42.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:43 honeypot-ams-1 sshd[5498]: Disconnected from invalid user volumio 149.74.230.97 port 53460 [preauth]","@timestamp":"2022-09-18T09:03:43.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:44 honeypot-ams-1 sshd[5502]: Disconnected from invalid user nagios 149.74.230.97 port 53497 [preauth]","@timestamp":"2022-09-18T09:03:44.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5506]: Disconnected from invalid user vagrant 149.74.230.97 port 53531 [preauth]","@timestamp":"2022-09-18T09:03:45.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5510]: Disconnected from invalid user debian 149.74.230.97 port 53574 [preauth]","@timestamp":"2022-09-18T09:03:46.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:46 honeypot-ams-1 sshd[5514]: Disconnected from invalid user debian 149.74.230.97 port 53593 [preauth]","@timestamp":"2022-09-18T09:03:47.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:47 honeypot-ams-1 sshd[5518]: Disconnected from invalid user alarm 149.74.230.97 port 53635 [preauth]","@timestamp":"2022-09-18T09:03:47.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:48 honeypot-ams-1 sshd[5522]: Disconnected from invalid user test 149.74.230.97 port 53657 [preauth]","@timestamp":"2022-09-18T09:03:48.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:49 honeypot-ams-1 sshd[5526]: Disconnected from invalid user cirros 149.74.230.97 port 53704 [preauth]","@timestamp":"2022-09-18T09:03:49.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:04:36 honeypot-fra-1 sshd[27660]: Invalid user weicheng from 178.128.61.21 port 38728","@timestamp":"2022-09-18T09:04:36.836Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:05:44.870Z","@version":"1","message":"Sep 18 09:05:44 honeypot-sgp-1 sshd[30254]: Disconnected from authenticating user root 193.43.134.46 port 46912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T09:09:00.962Z","@version":"1","message":"Sep 18 09:09:00 honeypot-sgp-1 kernel: [84368243.397188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.15.150 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=15971 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:29 honeypot-fra-1 sshd[27669]: Did not receive identification string from 45.61.187.160 port 53154","@timestamp":"2022-09-18T09:11:29.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:49 honeypot-fra-1 sshd[27672]: Disconnected from invalid user user 45.61.187.160 port 45758 [preauth]","@timestamp":"2022-09-18T09:11:50.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:05 honeypot-fra-1 sshd[27676]: Disconnected from invalid user user 45.61.187.160 port 40484 [preauth]","@timestamp":"2022-09-18T09:12:06.011Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:20 honeypot-fra-1 sshd[27680]: Disconnected from invalid user user 45.61.187.160 port 35216 [preauth]","@timestamp":"2022-09-18T09:12:21.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:13:18.068Z","@version":"1","message":"Sep 18 09:13:18 honeypot-sgp-1 kernel: [84368501.222872] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.68.252.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=52982 PROTO=TCP SPT=52396 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:15:03 honeypot-ams-1 sshd[5537]: Disconnected from authenticating user root 61.177.173.36 port 43453 [preauth]","@timestamp":"2022-09-18T09:15:04.146Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:15:49 honeypot-fra-1 sshd[27686]: Invalid user user from 45.61.184.204 port 47072","@timestamp":"2022-09-18T09:15:50.100Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:04 honeypot-fra-1 sshd[27690]: Did not receive identification string from 42.193.130.165 port 49866","@timestamp":"2022-09-18T09:16:05.107Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:19 honeypot-fra-1 sshd[27700]: Disconnected from invalid user user 45.61.184.204 port 54348 [preauth]","@timestamp":"2022-09-18T09:16:20.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:39 honeypot-fra-1 sshd[27704]: Disconnected from invalid user user 45.61.184.204 port 49798 [preauth]","@timestamp":"2022-09-18T09:16:40.136Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:17:20 honeypot-fra-1 sshd[27714]: Invalid user test from 179.60.147.69 port 47922","@timestamp":"2022-09-18T09:17:20.154Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:19:31 honeypot-ams-1 sshd[5544]: Invalid user test from 179.60.147.69 port 58630","@timestamp":"2022-09-18T09:19:31.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:21:12 honeypot-ams-1 sshd[5546]: Disconnected from invalid user apache 223.255.187.154 port 47197 [preauth]","@timestamp":"2022-09-18T09:21:12.317Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:24:26 honeypot-fra-1 sshd[27717]: Disconnected from invalid user admin 92.255.85.69 port 19244 [preauth]","@timestamp":"2022-09-18T09:24:27.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:24:58 honeypot-ams-1 sshd[5555]: Disconnected from authenticating user root 115.68.220.85 port 47518 [preauth]","@timestamp":"2022-09-18T09:24:59.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:15 honeypot-ams-1 sshd[5560]: Disconnected from authenticating user root 61.177.173.37 port 19843 [preauth]","@timestamp":"2022-09-18T09:25:16.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:37 honeypot-fra-1 sshd[27722]: Disconnected from invalid user user 45.61.187.160 port 54378 [preauth]","@timestamp":"2022-09-18T09:25:38.347Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:45 honeypot-ams-1 sshd[5564]: Received disconnect from 45.61.187.160 port 55250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:25:45.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:54 honeypot-fra-1 sshd[27727]: Disconnected from invalid user user 45.61.187.160 port 49048 [preauth]","@timestamp":"2022-09-18T09:25:55.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:01 honeypot-ams-1 sshd[5568]: Received disconnect from 45.61.187.160 port 49916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:26:02.457Z"}
{"@timestamp":"2022-09-18T09:26:03.372Z","@version":"1","message":"Sep 18 09:26:03 honeypot-sgp-1 sshd[30700]: Invalid user operator from 175.170.149.29 port 27881","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:11 honeypot-fra-1 sshd[27731]: Disconnected from invalid user user 45.61.187.160 port 43746 [preauth]","@timestamp":"2022-09-18T09:26:12.365Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:18 honeypot-ams-1 sshd[5572]: Received disconnect from 45.61.187.160 port 44592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:26:18.465Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:27 honeypot-fra-1 sshd[27735]: Disconnected from invalid user user 45.61.187.160 port 38406 [preauth]","@timestamp":"2022-09-18T09:26:28.373Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:27:19 honeypot-ams-1 sshd[5576]: Received disconnect from 192.227.166.144 port 41028:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:27:20.495Z"}
{"@timestamp":"2022-09-18T09:28:21.429Z","@version":"1","message":"Sep 18 09:28:20 honeypot-sgp-1 sshd[30704]: Received disconnect from 92.255.85.70 port 51940:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:28:56 honeypot-ams-1 sshd[5582]: Invalid user guest from 165.22.62.203 port 54180","@timestamp":"2022-09-18T09:28:56.538Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:29:32 honeypot-ams-1 sshd[5584]: Disconnected from invalid user r 103.253.175.10 port 42506 [preauth]","@timestamp":"2022-09-18T09:29:32.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:13 honeypot-fra-1 sshd[27740]: Did not receive identification string from 45.61.186.249 port 57056","@timestamp":"2022-09-18T09:33:13.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:33:14.548Z","@version":"1","message":"Sep 18 09:33:14 honeypot-sgp-1 sshd[30709]: Invalid user test from 5.196.68.38 port 55152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:38 honeypot-fra-1 sshd[27743]: Disconnected from invalid user user 45.61.186.249 port 41374 [preauth]","@timestamp":"2022-09-18T09:33:39.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:58 honeypot-fra-1 sshd[27750]: Invalid user user from 45.61.186.249 port 36550","@timestamp":"2022-09-18T09:33:58.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:13 honeypot-fra-1 sshd[27754]: Invalid user linuxacademy from 165.22.45.108 port 37178","@timestamp":"2022-09-18T09:34:13.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:24 honeypot-fra-1 sshd[27760]: Invalid user user from 45.61.186.249 port 43426","@timestamp":"2022-09-18T09:34:25.560Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:36:31 honeypot-fra-1 sshd[27762]: Invalid user mysql from 193.106.191.157 port 53416","@timestamp":"2022-09-18T09:36:32.609Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:39:07 honeypot-ams-1 kernel: [84370527.257913] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.99.130.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=53161 PROTO=TCP SPT=47952 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:39:07.830Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:42:11 honeypot-fra-1 sshd[27767]: Disconnected from invalid user at4400 143.244.189.18 port 37126 [preauth]","@timestamp":"2022-09-18T09:42:12.736Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:43:46 honeypot-ams-1 sshd[5602]: Disconnected from authenticating user root 61.177.173.36 port 62266 [preauth]","@timestamp":"2022-09-18T09:43:46.954Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:44:57 honeypot-fra-1 sshd[27773]: Disconnected from invalid user gpadmin 202.29.13.51 port 51730 [preauth]","@timestamp":"2022-09-18T09:44:57.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:47:32 honeypot-ams-1 sshd[5608]: Received disconnect from 92.255.85.69 port 48066:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:47:33.059Z"}
{"@timestamp":"2022-09-18T09:47:37.889Z","@version":"1","message":"Sep 18 09:47:37 honeypot-sgp-1 sshd[30717]: Invalid user user1 from 103.188.176.251 port 38530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:09 honeypot-fra-1 sshd[27780]: Did not receive identification string from 45.61.184.204 port 53638","@timestamp":"2022-09-18T09:50:09.918Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:50:09.950Z","@version":"1","message":"Sep 18 09:50:09 honeypot-sgp-1 sshd[30722]: Disconnected from authenticating user root 124.194.123.242 port 55580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:28 honeypot-fra-1 sshd[27783]: Disconnected from invalid user user 45.61.184.204 port 48204 [preauth]","@timestamp":"2022-09-18T09:50:28.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:49 honeypot-fra-1 sshd[27787]: Disconnected from invalid user user 45.61.184.204 port 43538 [preauth]","@timestamp":"2022-09-18T09:50:49.937Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:51:07 honeypot-fra-1 sshd[27791]: Disconnected from invalid user user 45.61.184.204 port 38876 [preauth]","@timestamp":"2022-09-18T09:51:07.945Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:55:25 honeypot-ams-1 sshd[5613]: Disconnected from authenticating user root 61.177.173.36 port 55072 [preauth]","@timestamp":"2022-09-18T09:55:26.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:49 honeypot-fra-1 sshd[27798]: Did not receive identification string from 140.246.118.203 port 40804","@timestamp":"2022-09-18T09:55:50.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27808]: Invalid user admin from 140.246.118.203 port 41916","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27808]: Connection closed by invalid user admin 140.246.118.203 port 41916 [preauth]","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:56:05 honeypot-fra-1 sshd[27807]: Connection closed by invalid user odoo 140.246.118.203 port 41930 [preauth]","@timestamp":"2022-09-18T09:56:06.062Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:56:46.110Z","@version":"1","message":"Sep 18 09:56:45 honeypot-sgp-1 kernel: [84371108.251683] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.198.158.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=224 ID=47473 DF PROTO=TCP SPT=32038 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:58:06 honeypot-ams-1 kernel: [84371666.773903] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=47703 PROTO=TCP SPT=53533 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:58:07.336Z"}
{"@timestamp":"2022-09-18T10:03:29.273Z","@version":"1","message":"Sep 18 10:03:28 honeypot-sgp-1 sshd[30733]: Invalid user online-shopping from 143.198.8.62 port 43352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:07:14 honeypot-fra-1 sshd[27820]: Connection closed by invalid user  64.62.197.77 port 46618 [preauth]","@timestamp":"2022-09-18T10:07:14.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:13:15 honeypot-fra-1 sshd[27825]: Disconnected from invalid user lichengzhang 51.250.65.57 port 40634 [preauth]","@timestamp":"2022-09-18T10:13:15.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:16:15 honeypot-ams-1 kernel: [84372755.527013] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=40385 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:16:15.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:18:08 honeypot-fra-1 kernel: [84370696.277517] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.237 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51560 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:18:09.563Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:19:10.643Z","@version":"1","message":"Sep 18 10:19:10 honeypot-sgp-1 sshd[30740]: Invalid user fz from 147.182.170.143 port 55804","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:21:50.708Z","@version":"1","message":"Sep 18 10:21:49 honeypot-sgp-1 sshd[30744]: Invalid user redis from 104.225.146.77 port 53276","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:22:47.734Z","@version":"1","message":"Sep 18 10:22:46 honeypot-sgp-1 sshd[30747]: Disconnected from invalid user huanglu 111.22.49.59 port 60036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:35 honeypot-fra-1 sshd[27835]: Disconnected from authenticating user root 179.86.94.249 port 5850 [preauth]","@timestamp":"2022-09-18T10:25:35.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:40 honeypot-fra-1 sshd[27841]: Received disconnect from 179.86.94.249 port 5853:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:41.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:46 honeypot-fra-1 sshd[27847]: Received disconnect from 179.86.94.249 port 5856:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:46.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:52 honeypot-fra-1 sshd[27853]: Received disconnect from 179.86.94.249 port 5859:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:52.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:58 honeypot-fra-1 sshd[27859]: Received disconnect from 179.86.94.249 port 5862:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:58.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:03 honeypot-fra-1 sshd[27865]: Received disconnect from 179.86.94.249 port 5865:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:03.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:09 honeypot-fra-1 sshd[27871]: Received disconnect from 179.86.94.249 port 5868:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:09.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:15 honeypot-fra-1 kernel: [84371182.846067] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=118.126.82.157 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=13030 DF PROTO=TCP SPT=57056 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:26:15.753Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:18 honeypot-fra-1 sshd[27881]: Disconnected from authenticating user root 179.86.94.249 port 5873 [preauth]","@timestamp":"2022-09-18T10:26:18.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:24 honeypot-fra-1 sshd[27887]: Disconnected from authenticating user root 179.86.94.249 port 5876 [preauth]","@timestamp":"2022-09-18T10:26:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:29 honeypot-fra-1 sshd[27893]: Disconnected from authenticating user root 179.86.94.249 port 5879 [preauth]","@timestamp":"2022-09-18T10:26:30.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:35 honeypot-fra-1 sshd[27899]: Disconnected from authenticating user root 179.86.94.249 port 5882 [preauth]","@timestamp":"2022-09-18T10:26:35.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:41 honeypot-fra-1 sshd[27905]: Disconnected from authenticating user root 179.86.94.249 port 5885 [preauth]","@timestamp":"2022-09-18T10:26:41.768Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:26:43.834Z","@version":"1","message":"Sep 18 10:26:43 honeypot-sgp-1 sshd[30753]: Received disconnect from 121.165.140.242 port 42072:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:44 honeypot-fra-1 sshd[27909]: Disconnected from invalid user admin 179.86.94.249 port 5887 [preauth]","@timestamp":"2022-09-18T10:26:45.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:48 honeypot-fra-1 sshd[27913]: Disconnected from invalid user admin 179.86.94.249 port 5889 [preauth]","@timestamp":"2022-09-18T10:26:48.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:52 honeypot-fra-1 sshd[27917]: Disconnected from invalid user admin 179.86.94.249 port 5891 [preauth]","@timestamp":"2022-09-18T10:26:52.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:56 honeypot-fra-1 sshd[27921]: Disconnected from invalid user admin 179.86.94.249 port 5893 [preauth]","@timestamp":"2022-09-18T10:26:56.776Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:59 honeypot-fra-1 sshd[27925]: Disconnected from invalid user admin 179.86.94.249 port 5895 [preauth]","@timestamp":"2022-09-18T10:27:00.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:05 honeypot-fra-1 sshd[27931]: Received disconnect from 179.86.94.249 port 5898:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:05.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:09 honeypot-fra-1 sshd[27935]: Received disconnect from 179.86.94.249 port 5900:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:09.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:12 honeypot-fra-1 sshd[27939]: Invalid user ethos from 179.86.94.249 port 5902","@timestamp":"2022-09-18T10:27:13.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:16 honeypot-fra-1 sshd[27943]: Invalid user miner from 179.86.94.249 port 5904","@timestamp":"2022-09-18T10:27:16.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:20 honeypot-fra-1 sshd[27947]: Invalid user volumio from 179.86.94.249 port 5906","@timestamp":"2022-09-18T10:27:20.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:24 honeypot-fra-1 sshd[27951]: Invalid user nagios from 179.86.94.249 port 5908","@timestamp":"2022-09-18T10:27:24.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:27 honeypot-fra-1 sshd[27955]: Invalid user vagrant from 179.86.94.249 port 5910","@timestamp":"2022-09-18T10:27:27.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:31 honeypot-fra-1 sshd[27959]: Invalid user debian from 179.86.94.249 port 5912","@timestamp":"2022-09-18T10:27:31.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:35 honeypot-fra-1 sshd[27963]: Invalid user debian from 179.86.94.249 port 5914","@timestamp":"2022-09-18T10:27:35.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:38 honeypot-fra-1 sshd[27967]: Invalid user alarm from 179.86.94.249 port 5850","@timestamp":"2022-09-18T10:27:39.805Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:42 honeypot-fra-1 sshd[27971]: Invalid user test from 179.86.94.249 port 5852","@timestamp":"2022-09-18T10:27:42.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:46 honeypot-fra-1 sshd[27975]: Invalid user cirros from 179.86.94.249 port 5854","@timestamp":"2022-09-18T10:27:46.809Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:27:45 honeypot-ams-1 kernel: [84373445.561774] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=210.245.120.108 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=3888 PROTO=TCP SPT=55580 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:27:46.126Z"}
{"@timestamp":"2022-09-18T10:31:46.959Z","@version":"1","message":"Sep 18 10:31:46 honeypot-sgp-1 kernel: [84373210.020814] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.108 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37967 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:32:28 honeypot-ams-1 kernel: [84373728.397661] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.193.104 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52914 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:32:29.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:34:55 honeypot-ams-1 sshd[5641]: Disconnected from authenticating user root 45.119.215.150 port 45250 [preauth]","@timestamp":"2022-09-18T10:34:55.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:35:33 honeypot-fra-1 kernel: [84371741.170957] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=202.107.151.160 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=28272 DF PROTO=TCP SPT=20368 DPT=80 WINDOW=5440 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:35:33.986Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:42:39.222Z","@version":"1","message":"Sep 18 10:42:38 honeypot-sgp-1 sshd[30763]: Invalid user admin from 178.128.125.205 port 51596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:06 honeypot-ams-1 sshd[5646]: Disconnected from invalid user ubuntu 110.235.243.121 port 41568 [preauth]","@timestamp":"2022-09-18T10:43:07.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:57 honeypot-ams-1 sshd[5650]: Received disconnect from 143.244.178.40 port 34376:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:43:57.575Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:56:05 honeypot-ams-1 kernel: [84375145.744881] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40157 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:56:06.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:56:53 honeypot-fra-1 sshd[27982]: Invalid user linux from 165.22.45.108 port 42700","@timestamp":"2022-09-18T10:56:53.482Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:58:14.600Z","@version":"1","message":"Sep 18 10:58:14 honeypot-sgp-1 kernel: [84374797.281723] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30814 PROTO=TCP SPT=58468 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:59:11 honeypot-fra-1 kernel: [84373158.581311] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13001 PROTO=TCP SPT=58468 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:59:11.534Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:01 honeypot-fra-1 sshd[27989]: Invalid user mysql from 193.106.191.157 port 48500","@timestamp":"2022-09-18T11:00:02.556Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:13 honeypot-fra-1 sshd[27994]: Disconnected from invalid user user 45.61.184.204 port 37880 [preauth]","@timestamp":"2022-09-18T11:00:13.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:30 honeypot-fra-1 sshd[27998]: Received disconnect from 45.61.184.204 port 32958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:00:31.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:47 honeypot-fra-1 sshd[28002]: Received disconnect from 45.61.184.204 port 56162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:00:47.579Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:08:06 honeypot-ams-1 sshd[5664]: Connection closed by invalid user user 179.60.147.69 port 39342 [preauth]","@timestamp":"2022-09-18T11:08:07.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:09:35 honeypot-fra-1 kernel: [84373783.273493] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.190.29.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=39631 PROTO=TCP SPT=45865 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:09:36.781Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:09:44 honeypot-ams-1 kernel: [84375964.474189] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.233 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30881 PROTO=TCP SPT=59346 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:09:46.622Z"}
{"@timestamp":"2022-09-18T11:11:13.928Z","@version":"1","message":"Sep 18 11:11:13 honeypot-sgp-1 sshd[30772]: Received disconnect from 92.255.85.69 port 21312:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:17:01 honeypot-ams-1 CRON[5670]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T11:17:01.814Z"}
{"@timestamp":"2022-09-18T11:21:03.183Z","@version":"1","message":"Sep 18 11:21:02 honeypot-sgp-1 kernel: [84376165.765841] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.226 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48522 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:21:06 honeypot-ams-1 sshd[5675]: Disconnected from invalid user teste 92.255.85.70 port 18394 [preauth]","@timestamp":"2022-09-18T11:21:06.924Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:25:01 honeypot-fra-1 sshd[28012]: Received disconnect from 190.128.230.98 port 42478:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:25:02.130Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:27:46 honeypot-ams-1 kernel: [84377046.121833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39215 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:27:47.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:34:05 honeypot-fra-1 sshd[28018]: Received disconnect from 171.244.140.174 port 21317:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:34:06.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:34:18 honeypot-ams-1 sshd[5683]: Received disconnect from 103.226.248.61 port 50582:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:34:19.278Z"}
{"@timestamp":"2022-09-18T11:35:18.528Z","@version":"1","message":"Sep 18 11:35:17 honeypot-sgp-1 sshd[30783]: Invalid user phuket from 122.55.75.198 port 27533","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:40:31 honeypot-ams-1 kernel: [84377811.302261] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=51409 PROTO=TCP SPT=47722 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:40:32.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:42:01 honeypot-fra-1 sshd[28025]: Connection closed by authenticating user nobody 179.60.147.69 port 61304 [preauth]","@timestamp":"2022-09-18T11:42:02.513Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:04 honeypot-ams-1 sshd[5691]: Received disconnect from 45.61.186.249 port 36110:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:42:05.488Z"}
{"@timestamp":"2022-09-18T11:42:18.697Z","@version":"1","message":"Sep 18 11:42:17 honeypot-sgp-1 sshd[30789]: Disconnected from invalid user osmc 202.163.109.35 port 35376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:22 honeypot-ams-1 sshd[5696]: Invalid user admin from 87.245.184.58 port 53430","@timestamp":"2022-09-18T11:42:22.497Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:24 honeypot-ams-1 sshd[5700]: Invalid user cs from 190.202.124.93 port 44416","@timestamp":"2022-09-18T11:42:25.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:43 honeypot-ams-1 sshd[5704]: Invalid user user from 45.61.186.249 port 54520","@timestamp":"2022-09-18T11:42:43.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:44:12 honeypot-ams-1 sshd[5708]: Connection closed by authenticating user nobody 179.60.147.69 port 36260 [preauth]","@timestamp":"2022-09-18T11:44:12.549Z"}
{"@timestamp":"2022-09-18T11:46:06.793Z","@version":"1","message":"Sep 18 11:46:05 honeypot-sgp-1 kernel: [84377668.920677] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:47:22 honeypot-fra-1 sshd[28033]: Received disconnect from 201.48.4.15 port 43072:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:47:22.634Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:48:34 honeypot-ams-1 sshd[5713]: Invalid user mc from 34.75.26.147 port 38640","@timestamp":"2022-09-18T11:48:34.670Z"}
{"@timestamp":"2022-09-18T11:48:38.857Z","@version":"1","message":"Sep 18 11:48:38 honeypot-sgp-1 sshd[30796]: Disconnected from invalid user prueba 92.255.85.70 port 57840 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:49:07 honeypot-ams-1 sshd[5717]: Received disconnect from 43.155.100.37 port 34076:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:49:08.689Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:51:01 honeypot-fra-1 kernel: [84376268.709092] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39086 PROTO=TCP SPT=41222 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:51:01.718Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:35 honeypot-fra-1 sshd[28045]: Disconnected from invalid user user 45.61.186.169 port 49246 [preauth]","@timestamp":"2022-09-18T11:53:35.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:52 honeypot-fra-1 sshd[28049]: Disconnected from invalid user user 45.61.186.169 port 43896 [preauth]","@timestamp":"2022-09-18T11:53:53.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:09 honeypot-fra-1 sshd[28053]: Disconnected from invalid user user 45.61.186.169 port 38544 [preauth]","@timestamp":"2022-09-18T11:54:09.796Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:25 honeypot-fra-1 sshd[28057]: Disconnected from invalid user user 45.61.186.169 port 33192 [preauth]","@timestamp":"2022-09-18T11:54:25.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:01:06 honeypot-ams-1 sshd[5721]: Invalid user prueba from 92.255.85.70 port 49272","@timestamp":"2022-09-18T12:01:07.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:05:54 honeypot-ams-1 sshd[5725]: Disconnected from invalid user user 45.61.187.160 port 42484 [preauth]","@timestamp":"2022-09-18T12:05:55.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:12 honeypot-ams-1 sshd[5729]: Disconnected from invalid user user 45.61.187.160 port 37204 [preauth]","@timestamp":"2022-09-18T12:06:13.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:29 honeypot-ams-1 sshd[5733]: Disconnected from invalid user user 45.61.187.160 port 60122 [preauth]","@timestamp":"2022-09-18T12:06:30.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:45 honeypot-ams-1 sshd[5737]: Disconnected from invalid user user 45.61.187.160 port 54826 [preauth]","@timestamp":"2022-09-18T12:06:46.167Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:09:03 honeypot-ams-1 kernel: [84379523.421741] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61194 PROTO=TCP SPT=42431 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:09:04.223Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:09:06 honeypot-fra-1 kernel: [84377353.772646] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=43606 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:09:07.139Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T12:10:16.380Z","@version":"1","message":"Sep 18 12:10:15 honeypot-sgp-1 kernel: [84379118.501136] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=39061 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:13:14 honeypot-ams-1 sshd[5746]: Received disconnect from 154.61.72.164 port 53106:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:13:14.338Z"}
{"@timestamp":"2022-09-18T12:17:01.551Z","@version":"1","message":"Sep 18 12:17:01 honeypot-sgp-1 CRON[30806]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:17:01 honeypot-fra-1 CRON[28063]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T12:17:02.320Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:17:01 honeypot-ams-1 CRON[5751]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T12:17:02.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:12 honeypot-ams-1 sshd[5757]: Invalid user user from 45.61.186.249 port 35388","@timestamp":"2022-09-18T12:18:13.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:30 honeypot-ams-1 sshd[5761]: Invalid user user from 45.61.186.249 port 58714","@timestamp":"2022-09-18T12:18:30.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:48 honeypot-ams-1 sshd[5765]: Invalid user user from 45.61.186.249 port 53806","@timestamp":"2022-09-18T12:18:49.493Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:04 honeypot-ams-1 sshd[5770]: Did not receive identification string from 130.193.40.11 port 51444","@timestamp":"2022-09-18T12:20:05.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:05 honeypot-ams-1 sshd[5777]: Invalid user es from 130.193.40.11 port 52644","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5788]: Connection closed by authenticating user root 130.193.40.11 port 52588 [preauth]","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5773]: Invalid user ubuntu from 130.193.40.11 port 52650","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5785]: Invalid user rustserver from 130.193.40.11 port 52602","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5786]: Connection closed by invalid user testuser 130.193.40.11 port 52592 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5776]: Connection closed by invalid user oracle 130.193.40.11 port 52660 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5787]: Connection closed by invalid user admin 130.193.40.11 port 52658 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5832]: Invalid user testuser from 130.193.40.11 port 52686","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:08 honeypot-ams-1 sshd[5825]: Connection closed by invalid user oracle 130.193.40.11 port 52694 [preauth]","@timestamp":"2022-09-18T12:20:09.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:21 honeypot-ams-1 sshd[5839]: Received disconnect from 45.20.209.253 port 57784:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:20:21.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:23:09 honeypot-fra-1 kernel: [84378196.518617] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=55972 PROTO=TCP SPT=43591 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:23:09.461Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:27:23 honeypot-fra-1 sshd[28074]: Disconnected from authenticating user root 143.244.158.100 port 42608 [preauth]","@timestamp":"2022-09-18T12:27:24.560Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:29:08 honeypot-fra-1 sshd[28080]: Disconnected from authenticating user root 143.244.158.100 port 59774 [preauth]","@timestamp":"2022-09-18T12:29:08.602Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:29:24 honeypot-ams-1 sshd[5846]: error: maximum authentication attempts exceeded for root from 37.116.206.113 port 34913 ssh2 [preauth]","@timestamp":"2022-09-18T12:29:24.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:31:41 honeypot-fra-1 sshd[28087]: Disconnected from authenticating user root 143.244.158.100 port 40014 [preauth]","@timestamp":"2022-09-18T12:31:42.663Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:33:22 honeypot-fra-1 sshd[28091]: Disconnected from authenticating user root 143.244.158.100 port 55040 [preauth]","@timestamp":"2022-09-18T12:33:23.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:35:52 honeypot-fra-1 sshd[28097]: Disconnected from authenticating user root 143.244.158.100 port 36928 [preauth]","@timestamp":"2022-09-18T12:35:53.765Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:37:10 honeypot-ams-1 kernel: [84381210.718767] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.108 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44028 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:37:10.985Z"}
{"@timestamp":"2022-09-18T12:37:22.043Z","@version":"1","message":"Sep 18 12:37:21 honeypot-sgp-1 sshd[30812]: Disconnected from invalid user rodica 51.255.204.101 port 41314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:38:11 honeypot-ams-1 sshd[5852]: Disconnected from invalid user 12345 92.255.85.69 port 44224 [preauth]","@timestamp":"2022-09-18T12:38:12.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:38:25 honeypot-fra-1 sshd[28106]: Received disconnect from 143.244.158.100 port 37044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:38:26.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:30 honeypot-fra-1 sshd[28112]: Invalid user admin from 137.184.48.78 port 34010","@timestamp":"2022-09-18T12:39:30.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:55 honeypot-fra-1 kernel: [84379203.140738] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=97.107.131.195 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1484 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:39:55.863Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:41:50 honeypot-fra-1 sshd[28123]: Disconnected from authenticating user root 143.244.158.100 port 53054 [preauth]","@timestamp":"2022-09-18T12:41:50.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:42:49.178Z","@version":"1","message":"Sep 18 12:42:48 honeypot-sgp-1 sshd[30820]: Invalid user 12345 from 92.255.85.69 port 56914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:43:34 honeypot-fra-1 sshd[28129]: Received disconnect from 143.244.158.100 port 42452:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:43:34.961Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:44:05.210Z","@version":"1","message":"Sep 18 12:44:04 honeypot-sgp-1 sshd[30822]: Disconnected from invalid user xnm 59.103.236.85 port 9024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:46:06 honeypot-fra-1 sshd[28136]: Received disconnect from 143.244.158.100 port 55088:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:46:07.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:48:38.323Z","@version":"1","message":"Sep 18 12:48:37 honeypot-sgp-1 sshd[30827]: Disconnected from invalid user mc2 165.22.111.185 port 44060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:48:40 honeypot-fra-1 sshd[28143]: Received disconnect from 143.244.158.100 port 42332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:48:41.082Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:50:32 honeypot-fra-1 sshd[28147]: Received disconnect from 143.244.158.100 port 57104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:50:32.127Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:53:07 honeypot-fra-1 sshd[28154]: Received disconnect from 143.244.158.100 port 47960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:53:07.196Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:54:08.461Z","@version":"1","message":"Sep 18 12:54:07 honeypot-sgp-1 sshd[30835]: Received disconnect from 52.151.24.212 port 52884:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:55:39 honeypot-fra-1 sshd[28160]: Received disconnect from 143.244.158.100 port 37238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:55:40.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:57:24 honeypot-fra-1 sshd[28166]: Disconnected from authenticating user root 143.244.158.100 port 51900 [preauth]","@timestamp":"2022-09-18T12:57:25.299Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:58:41.573Z","@version":"1","message":"Sep 18 12:58:41 honeypot-sgp-1 sshd[30837]: Disconnected from invalid user ftpuser 77.82.90.234 port 43886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:46 honeypot-fra-1 sshd[28171]: Received disconnect from 45.61.184.204 port 33192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:58:47.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:04 honeypot-fra-1 sshd[28175]: Disconnected from authenticating user root 143.244.158.100 port 45740 [preauth]","@timestamp":"2022-09-18T12:59:05.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:15 honeypot-fra-1 sshd[28179]: Disconnected from invalid user user 45.61.184.204 port 39666 [preauth]","@timestamp":"2022-09-18T12:59:16.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:34 honeypot-fra-1 sshd[28185]: Received disconnect from 45.61.184.204 port 34578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:59:35.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:49 honeypot-fra-1 sshd[28189]: Invalid user ubuntu from 164.92.183.3 port 55012","@timestamp":"2022-09-18T12:59:50.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:00:46 honeypot-fra-1 sshd[28193]: Received disconnect from 143.244.158.100 port 48284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:00:46.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:02:21 honeypot-fra-1 kernel: [84380548.502844] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.116.58.40 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20567 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:02:21.455Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:03:23 honeypot-fra-1 sshd[28204]: Disconnected from authenticating user root 143.244.158.100 port 34144 [preauth]","@timestamp":"2022-09-18T13:03:24.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:04:23 honeypot-ams-1 kernel: [84382842.956337] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=165.227.115.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17739 PROTO=TCP SPT=46233 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:04:23.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:05:16 honeypot-fra-1 sshd[28210]: Invalid user suporte from 185.243.218.76 port 49798","@timestamp":"2022-09-18T13:05:17.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:06:49 honeypot-fra-1 sshd[28215]: Received disconnect from 143.244.158.100 port 38544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:06:49.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:08:32 honeypot-fra-1 sshd[28222]: Received disconnect from 143.244.158.100 port 40320:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:08:32.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:10:14 honeypot-fra-1 sshd[28228]: Received disconnect from 206.81.15.128 port 43714:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:10:14.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:11:59 honeypot-fra-1 sshd[28234]: Received disconnect from 143.244.158.100 port 50928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:11:59.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:14:20 honeypot-fra-1 sshd[28239]: Received disconnect from 128.199.32.98 port 51190:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:14:20.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:17:01 honeypot-ams-1 CRON[5868]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T13:17:02.046Z"}
{"@timestamp":"2022-09-18T13:17:02.036Z","@version":"1","message":"Sep 18 13:17:01 honeypot-sgp-1 CRON[30841]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:18:22 honeypot-fra-1 kernel: [84381510.106261] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34968 PROTO=TCP SPT=15326 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:18:23.872Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:27:13 honeypot-ams-1 sshd[5876]: Invalid user mysql from 193.106.191.157 port 59410","@timestamp":"2022-09-18T13:27:14.320Z"}
{"@timestamp":"2022-09-18T13:29:17.327Z","@version":"1","message":"Sep 18 13:29:17 honeypot-sgp-1 sshd[30848]: Received disconnect from 178.128.123.42 port 39114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:33:43.436Z","@version":"1","message":"Sep 18 13:33:43 honeypot-sgp-1 kernel: [84384126.289851] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=131.159.24.205 DST=159.89.202.188 LEN=64 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=57304 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:35:17 honeypot-fra-1 sshd[28250]: Connection closed by invalid user mysql 193.106.191.157 port 34778 [preauth]","@timestamp":"2022-09-18T13:35:18.257Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:35:25 honeypot-ams-1 kernel: [84384705.356428] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.96 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45625 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:35:26.537Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:36:25 honeypot-ams-1 kernel: [84384765.197790] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.154 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56731 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:36:25.566Z"}
{"@timestamp":"2022-09-18T13:47:55.780Z","@version":"1","message":"Sep 18 13:47:55 honeypot-sgp-1 sshd[30858]: Did not receive identification string from 45.61.186.249 port 34128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:12.790Z","@version":"1","message":"Sep 18 13:48:12 honeypot-sgp-1 sshd[30863]: Did not receive identification string from 43.153.10.221 port 31782","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:42.804Z","@version":"1","message":"Sep 18 13:48:41 honeypot-sgp-1 sshd[30870]: Invalid user user from 45.61.186.249 port 60650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:01.814Z","@version":"1","message":"Sep 18 13:49:01 honeypot-sgp-1 sshd[30874]: Invalid user user from 45.61.186.249 port 55810","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:19.822Z","@version":"1","message":"Sep 18 13:49:19 honeypot-sgp-1 sshd[30878]: Invalid user user from 45.61.186.249 port 50966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:50:15.847Z","@version":"1","message":"Sep 18 13:50:15 honeypot-sgp-1 kernel: [84385118.707853] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.37.140.92 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=20692 DF PROTO=TCP SPT=46883 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:50:45 honeypot-ams-1 sshd[5894]: Received disconnect from 165.232.138.25 port 56304:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:50:45.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:51:11 honeypot-fra-1 kernel: [84383478.140556] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2050 PROTO=TCP SPT=48719 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:51:11.615Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T13:51:24.882Z","@version":"1","message":"Sep 18 13:51:24 honeypot-sgp-1 sshd[30885]: Invalid user user from 45.61.186.249 port 58158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:42.890Z","@version":"1","message":"Sep 18 13:51:42 honeypot-sgp-1 sshd[30890]: Invalid user user from 45.61.186.249 port 52798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:53.896Z","@version":"1","message":"Sep 18 13:51:53 honeypot-sgp-1 kernel: [84385216.638210] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26115 PROTO=TCP SPT=48719 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:51:53 honeypot-ams-1 kernel: [84385693.091724] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.99.137.144 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24758 DF PROTO=TCP SPT=2012 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:51:53.982Z"}
{"@timestamp":"2022-09-18T13:52:08.904Z","@version":"1","message":"Sep 18 13:52:08 honeypot-sgp-1 sshd[30896]: Disconnected from invalid user user 45.61.186.249 port 58886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:53:59 honeypot-ams-1 sshd[5900]: Disconnected from authenticating user root 178.176.224.148 port 49668 [preauth]","@timestamp":"2022-09-18T13:54:00.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:01:06 honeypot-ams-1 sshd[5907]: Invalid user uxt from 190.104.146.136 port 60163","@timestamp":"2022-09-18T14:01:06.230Z"}
{"@timestamp":"2022-09-18T14:04:15.196Z","@version":"1","message":"Sep 18 14:04:14 honeypot-sgp-1 sshd[30902]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 57732","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:04:48.214Z","@version":"1","message":"Sep 18 14:04:47 honeypot-sgp-1 sshd[30907]: Disconnecting invalid user cameras 31.184.198.71 port 18451: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:19.230Z","@version":"1","message":"Sep 18 14:05:19 honeypot-sgp-1 sshd[30913]: Disconnecting invalid user  31.184.198.71 port 54417: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:48.246Z","@version":"1","message":"Sep 18 14:05:47 honeypot-sgp-1 sshd[30920]: Invalid user admin from 31.184.198.71 port 21694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:22.263Z","@version":"1","message":"Sep 18 14:06:22 honeypot-sgp-1 sshd[30926]: Disconnecting authenticating user root 31.184.198.71 port 1479: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:48.276Z","@version":"1","message":"Sep 18 14:06:48 honeypot-sgp-1 sshd[30932]: Disconnecting invalid user araknis 31.184.198.71 port 33914: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:22.294Z","@version":"1","message":"Sep 18 14:07:21 honeypot-sgp-1 sshd[30940]: Invalid user Admin from 31.184.198.71 port 37773","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:07:37 honeypot-ams-1 sshd[5910]: Connection closed by invalid user xq 137.116.144.39 port 56016 [preauth]","@timestamp":"2022-09-18T14:07:37.405Z"}
{"@timestamp":"2022-09-18T14:07:50.310Z","@version":"1","message":"Sep 18 14:07:50 honeypot-sgp-1 sshd[30946]: Invalid user guest from 31.184.198.71 port 25514","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:07:53 honeypot-fra-1 kernel: [84384480.757435] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x18 PREC=0x00 TTL=237 ID=22693 PROTO=TCP SPT=40060 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:07:53.990Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:08:18.324Z","@version":"1","message":"Sep 18 14:08:17 honeypot-sgp-1 sshd[30952]: Invalid user  from 31.184.198.71 port 29030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:42.336Z","@version":"1","message":"Sep 18 14:08:42 honeypot-sgp-1 sshd[30958]: Invalid user admin from 31.184.198.71 port 37458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:16.354Z","@version":"1","message":"Sep 18 14:09:16 honeypot-sgp-1 sshd[30964]: Disconnecting invalid user Administrator 31.184.198.71 port 3020: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:43.368Z","@version":"1","message":"Sep 18 14:09:42 honeypot-sgp-1 sshd[30971]: Disconnecting invalid user sti.admin5 31.184.198.71 port 52956: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:08.381Z","@version":"1","message":"Sep 18 14:10:07 honeypot-sgp-1 sshd[30977]: Disconnecting invalid user zhone 31.184.198.71 port 50803: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:26.391Z","@version":"1","message":"Sep 18 14:10:25 honeypot-sgp-1 sshd[30983]: Disconnecting authenticating user root 31.184.198.71 port 58430: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:50.404Z","@version":"1","message":"Sep 18 14:10:49 honeypot-sgp-1 sshd[30989]: Disconnecting invalid user c1@r0 31.184.198.71 port 41533: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:14.417Z","@version":"1","message":"Sep 18 14:11:14 honeypot-sgp-1 sshd[30995]: Disconnecting invalid user superonline 31.184.198.71 port 45798: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:54.438Z","@version":"1","message":"Sep 18 14:11:54 honeypot-sgp-1 sshd[31001]: Disconnecting invalid user Admin 31.184.198.71 port 1742: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:24.453Z","@version":"1","message":"Sep 18 14:12:24 honeypot-sgp-1 sshd[31007]: Disconnecting invalid user  31.184.198.71 port 13914: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:51.467Z","@version":"1","message":"Sep 18 14:12:51 honeypot-sgp-1 sshd[31013]: Disconnecting invalid user  31.184.198.71 port 35550: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:19.482Z","@version":"1","message":"Sep 18 14:13:19 honeypot-sgp-1 sshd[31019]: Disconnecting invalid user admin 31.184.198.71 port 2777: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:53.500Z","@version":"1","message":"Sep 18 14:13:53 honeypot-sgp-1 sshd[31027]: Invalid user airlive from 31.184.198.71 port 53336","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:23.515Z","@version":"1","message":"Sep 18 14:14:23 honeypot-sgp-1 sshd[31032]: Disconnecting invalid user admin 31.184.198.71 port 18633: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:47.528Z","@version":"1","message":"Sep 18 14:14:46 honeypot-sgp-1 sshd[31040]: Invalid user Shiko from 31.184.198.71 port 21213","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:15.542Z","@version":"1","message":"Sep 18 14:15:15 honeypot-sgp-1 sshd[31046]: Invalid user smcadmin from 31.184.198.71 port 28559","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:42.556Z","@version":"1","message":"Sep 18 14:15:42 honeypot-sgp-1 sshd[31052]: Invalid user highspeed from 31.184.198.71 port 62260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:58.565Z","@version":"1","message":"Sep 18 14:15:58 honeypot-sgp-1 sshd[31057]: Disconnecting invalid user sweex 31.184.198.71 port 55441: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:25.604Z","@version":"1","message":"Sep 18 14:16:24 honeypot-sgp-1 sshd[31063]: Disconnecting invalid user  31.184.198.71 port 28438: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:53.618Z","@version":"1","message":"Sep 18 14:16:53 honeypot-sgp-1 sshd[31069]: Disconnecting invalid user ubnt 31.184.198.71 port 45688: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:17.631Z","@version":"1","message":"Sep 18 14:17:16 honeypot-sgp-1 sshd[31078]: Invalid user user from 31.184.198.71 port 18741","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:17:33 honeypot-fra-1 kernel: [84385060.445650] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=5873 PROTO=TCP SPT=21345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:17:34.208Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:17:45.644Z","@version":"1","message":"Sep 18 14:17:45 honeypot-sgp-1 sshd[31085]: Invalid user Admin from 31.184.198.71 port 31352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:20.663Z","@version":"1","message":"Sep 18 14:18:20 honeypot-sgp-1 sshd[31091]: Invalid user 0 from 31.184.198.71 port 25421","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:48.678Z","@version":"1","message":"Sep 18 14:18:48 honeypot-sgp-1 sshd[31097]: Invalid user admin from 31.184.198.71 port 34360","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:19:40 honeypot-ams-1 kernel: [84387359.785880] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.25.116.30 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=124 ID=9496 DF PROTO=TCP SPT=4935 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:19:40.734Z"}
{"@timestamp":"2022-09-18T14:20:04.711Z","@version":"1","message":"Sep 18 14:20:04 honeypot-sgp-1 sshd[31104]: Invalid user silvano from 116.92.213.114 port 34314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:20:59 honeypot-fra-1 kernel: [84385266.168839] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=46970 PROTO=TCP SPT=48567 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:20:59.288Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:23:34 honeypot-fra-1 kernel: [84385421.317250] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:23:34.350Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:26:14 honeypot-fra-1 kernel: [84385581.985443] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:26:15.416Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:31:25 honeypot-fra-1 sshd[28283]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:31:26.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:31:41 honeypot-fra-1 sshd[28288]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:31:41.545Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:33:09 honeypot-ams-1 kernel: [84388168.900797] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.77.96.135 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=29893 DF PROTO=TCP SPT=56673 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:10.091Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:33:22 honeypot-fra-1 kernel: [84386009.590310] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:22.589Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:36:10 honeypot-fra-1 kernel: [84386177.684422] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:36:11.655Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:36:31.111Z","@version":"1","message":"Sep 18 14:36:30 honeypot-sgp-1 sshd[31110]: Did not receive identification string from 202.143.111.26 port 54430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:40:53 honeypot-fra-1 sshd[28294]: Disconnected from authenticating user root 167.99.241.178 port 58466 [preauth]","@timestamp":"2022-09-18T14:40:53.765Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:41:53 honeypot-ams-1 sshd[5924]: Received disconnect from 128.199.105.99 port 57786:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:41:54.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:42:12 honeypot-fra-1 sshd[28301]: Invalid user admin from 45.191.91.45 port 40394","@timestamp":"2022-09-18T14:42:12.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:42:50 honeypot-fra-1 kernel: [84386577.152165] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:42:50.817Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:44:53 honeypot-fra-1 sshd[28307]: Invalid user test from 192.227.174.167 port 38494","@timestamp":"2022-09-18T14:44:54.866Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:45:02 honeypot-ams-1 sshd[5929]: Disconnected from invalid user admin 54.65.189.147 port 57886 [preauth]","@timestamp":"2022-09-18T14:45:03.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:45:41 honeypot-fra-1 kernel: [84386748.578068] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:45:41.887Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:46:27 honeypot-ams-1 kernel: [84388967.385611] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3864 PROTO=TCP SPT=52381 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:46:28.450Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:47:00 honeypot-ams-1 sshd[5938]: Received disconnect from 43.154.7.110 port 42572:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:47:00.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:06 honeypot-fra-1 sshd[28311]: Received disconnect from 143.198.200.168 port 51892:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:48:06.944Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:20 honeypot-fra-1 sshd[28315]: Received disconnect from 45.61.187.160 port 49326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T14:48:20.952Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:40 honeypot-fra-1 sshd[28319]: Invalid user user from 45.61.187.160 port 44058","@timestamp":"2022-09-18T14:48:40.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:58 honeypot-fra-1 sshd[28323]: Invalid user user from 45.61.187.160 port 38694","@timestamp":"2022-09-18T14:48:58.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:49:10 honeypot-fra-1 sshd[28327]: Invalid user gmod from 190.104.25.215 port 56756","@timestamp":"2022-09-18T14:49:10.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:50:57 honeypot-fra-1 sshd[28332]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:50:58.040Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:51:24 honeypot-ams-1 sshd[5943]: Received disconnect from 89.22.180.184 port 18051:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:51:24.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:52:40 honeypot-fra-1 kernel: [84387167.252426] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:52:41.083Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:55:35 honeypot-fra-1 kernel: [84387342.346311] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=5873 PROTO=TCP SPT=21345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:55:36.154Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:55:35 honeypot-ams-1 sshd[5947]: Invalid user ines from 103.248.25.99 port 48568","@timestamp":"2022-09-18T14:55:36.695Z"}
{"@timestamp":"2022-09-18T14:55:38.578Z","@version":"1","message":"Sep 18 14:55:38 honeypot-sgp-1 sshd[31116]: Received disconnect from 60.10.160.77 port 40902:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:57:00 honeypot-ams-1 sshd[5950]: Received disconnect from 200.195.162.66 port 56736:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:57:01.739Z"}
{"@timestamp":"2022-09-18T14:57:56.636Z","@version":"1","message":"Sep 18 14:57:56 honeypot-sgp-1 sshd[31122]: Invalid user mdpi from 211.252.84.224 port 46850","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:00:15 honeypot-fra-1 sshd[28339]: Received disconnect from 92.255.85.70 port 44610:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:00:16.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:01:01 honeypot-fra-1 kernel: [84387668.402264] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.189.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51572 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:01:02.302Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T15:01:16.717Z","@version":"1","message":"Sep 18 15:01:16 honeypot-sgp-1 sshd[31127]: Invalid user ei from 60.10.160.73 port 39887","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:03:41 honeypot-fra-1 sshd[28346]: Invalid user lishunyao from 165.22.45.108 port 59204","@timestamp":"2022-09-18T15:03:42.366Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:04:02.786Z","@version":"1","message":"Sep 18 15:04:02 honeypot-sgp-1 kernel: [84389545.447657] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.170.233 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=46037 PROTO=TCP SPT=53439 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:04:45 honeypot-fra-1 kernel: [84387892.500783] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:04:46.395Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:07:17 honeypot-ams-1 sshd[5955]: error: maximum authentication attempts exceeded for invalid user admin from 75.72.187.36 port 59313 ssh2 [preauth]","@timestamp":"2022-09-18T15:07:18.017Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:38 honeypot-fra-1 sshd[28350]: Disconnected from invalid user user 45.61.186.169 port 51334 [preauth]","@timestamp":"2022-09-18T15:09:39.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:57 honeypot-fra-1 sshd[28355]: Disconnected from invalid user user 45.61.186.169 port 46188 [preauth]","@timestamp":"2022-09-18T15:09:58.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:15 honeypot-fra-1 sshd[28359]: Disconnected from invalid user user 45.61.186.169 port 41040 [preauth]","@timestamp":"2022-09-18T15:10:16.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:31 honeypot-fra-1 sshd[28363]: Disconnected from invalid user user 45.61.186.169 port 35882 [preauth]","@timestamp":"2022-09-18T15:10:32.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:11:26 honeypot-ams-1 sshd[5960]: Connection closed by invalid user mysql 193.106.191.157 port 41568 [preauth]","@timestamp":"2022-09-18T15:11:27.131Z"}
{"@timestamp":"2022-09-18T15:14:26.039Z","@version":"1","message":"Sep 18 15:14:25 honeypot-sgp-1 kernel: [84390168.551605] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.89 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=52264 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:15:39 honeypot-ams-1 sshd[5966]: Received disconnect from 43.254.240.201 port 50473:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:15:39.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28374]: Invalid user hadoop from 103.90.177.102 port 40970","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28371]: Connection closed by invalid user admin 103.90.177.102 port 40978 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28376]: Connection closed by invalid user a 103.90.177.102 port 40980 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:20:05 honeypot-fra-1 kernel: [84388812.279467] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.59 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=2893 PROTO=TCP SPT=56828 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:20:05.749Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:20:46 honeypot-ams-1 sshd[5972]: Disconnected from authenticating user root 73.203.127.7 port 42332 [preauth]","@timestamp":"2022-09-18T15:20:47.381Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:23:18 honeypot-ams-1 kernel: [84391177.841977] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.90.148.15 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=2392 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:23:18.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:26 honeypot-ams-1 sshd[5981]: Received disconnect from 45.61.186.49 port 47162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:24:26.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:39 honeypot-ams-1 sshd[5985]: Received disconnect from 45.61.186.49 port 59370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:24:39.488Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:25:13 honeypot-fra-1 sshd[28398]: Received disconnect from 145.239.90.216 port 49608:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:25:13.866Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:26:14 honeypot-ams-1 sshd[5990]: Received disconnect from 79.188.52.121 port 53730:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:26:15.529Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:26:59 honeypot-ams-1 sshd[5994]: Disconnected from invalid user teamspeak2 213.215.140.6 port 60506 [preauth]","@timestamp":"2022-09-18T15:26:59.550Z"}
{"@timestamp":"2022-09-18T15:27:01.340Z","@version":"1","message":"Sep 18 15:27:01 honeypot-sgp-1 sshd[31137]: Disconnected from invalid user toto 110.141.212.12 port 46928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:27:47.362Z","@version":"1","message":"Sep 18 15:27:46 honeypot-sgp-1 sshd[31141]: Received disconnect from 41.72.219.102 port 56154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:27:54 honeypot-fra-1 sshd[28403]: Disconnected from invalid user dayday 51.142.141.199 port 55554 [preauth]","@timestamp":"2022-09-18T15:27:54.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:29:32.407Z","@version":"1","message":"Sep 18 15:29:32 honeypot-sgp-1 sshd[31147]: Disconnected from invalid user lin 104.248.153.95 port 52754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:31:30 honeypot-fra-1 sshd[28409]: Invalid user lapin from 221.140.2.233 port 43784","@timestamp":"2022-09-18T15:31:31.008Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:35:10 honeypot-fra-1 sshd[28414]: Received disconnect from 200.29.109.224 port 51724:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:35:11.093Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:38:39 honeypot-fra-1 sshd[28416]: Disconnected from invalid user sham 187.190.40.6 port 53829 [preauth]","@timestamp":"2022-09-18T15:38:40.187Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:39:40 honeypot-ams-1 sshd[5999]: Received disconnect from 45.61.187.160 port 39486:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:39:40.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:39:59 honeypot-ams-1 sshd[6003]: Invalid user user from 45.61.187.160 port 34618","@timestamp":"2022-09-18T15:40:00.897Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:18 honeypot-ams-1 sshd[6007]: Invalid user user from 45.61.187.160 port 58010","@timestamp":"2022-09-18T15:40:18.905Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:34 honeypot-ams-1 sshd[6011]: Invalid user user from 45.61.187.160 port 53132","@timestamp":"2022-09-18T15:40:35.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:44:30 honeypot-fra-1 sshd[28423]: Received disconnect from 103.149.158.241 port 3277:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:44:31.320Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:45:28.785Z","@version":"1","message":"Sep 18 15:45:28 honeypot-sgp-1 sshd[31153]: Did not receive identification string from 45.61.186.169 port 58128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:45:52.797Z","@version":"1","message":"Sep 18 15:45:51 honeypot-sgp-1 sshd[31156]: Disconnected from invalid user user 45.61.186.169 port 57960 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:46:08 honeypot-ams-1 sshd[6014]: Disconnected from invalid user admin 92.255.85.69 port 17320 [preauth]","@timestamp":"2022-09-18T15:46:09.057Z"}
{"@timestamp":"2022-09-18T15:46:09.805Z","@version":"1","message":"Sep 18 15:46:09 honeypot-sgp-1 sshd[31160]: Disconnected from invalid user user 45.61.186.169 port 52966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:25.813Z","@version":"1","message":"Sep 18 15:46:25 honeypot-sgp-1 sshd[31164]: Disconnected from invalid user user 45.61.186.169 port 47966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:50:29.911Z","@version":"1","message":"Sep 18 15:50:29 honeypot-sgp-1 sshd[31169]: Disconnected from invalid user casaaroma 212.29.234.241 port 37514 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28440]: Invalid user chia from 45.127.108.132 port 1765","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28429]: Invalid user test from 45.127.108.132 port 26344","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28448]: Invalid user postgres from 45.127.108.132 port 56057","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28446]: Invalid user ubuntu from 45.127.108.132 port 40002","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28440]: Connection closed by invalid user chia 45.127.108.132 port 1765 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28428]: Connection closed by invalid user admin 45.127.108.132 port 29179 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28439]: Connection closed by invalid user appuser 45.127.108.132 port 19366 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28459]: Connection closed by invalid user lighthouse 45.127.108.132 port 37262 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28457]: Connection closed by authenticating user root 45.127.108.132 port 28206 [preauth]","@timestamp":"2022-09-18T15:56:15.581Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:58:46 honeypot-ams-1 kernel: [84393305.847310] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=46118 PROTO=TCP SPT=58364 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:58:46.390Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:01:53 honeypot-ams-1 sshd[6024]: Invalid user johnny from 190.64.68.178 port 4704","@timestamp":"2022-09-18T16:01:54.476Z"}
{"@timestamp":"2022-09-18T16:03:26.215Z","@version":"1","message":"Sep 18 16:03:25 honeypot-sgp-1 kernel: [84393108.120068] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=213.190.29.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36616 PROTO=TCP SPT=45865 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:25.360Z","@version":"1","message":"Sep 18 16:09:25 honeypot-sgp-1 sshd[31183]: Invalid user user from 45.61.187.160 port 44972","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:45.370Z","@version":"1","message":"Sep 18 16:09:44 honeypot-sgp-1 sshd[31187]: Invalid user user from 45.61.187.160 port 40428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:10:04.380Z","@version":"1","message":"Sep 18 16:10:04 honeypot-sgp-1 sshd[31191]: Invalid user user from 45.61.187.160 port 35886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:10 honeypot-ams-1 sshd[6030]: Disconnected from authenticating user root 182.117.131.146 port 33324 [preauth]","@timestamp":"2022-09-18T16:10:10.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:18 honeypot-ams-1 sshd[6036]: Received disconnect from 182.117.131.146 port 33814:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:18.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:22 honeypot-ams-1 sshd[6040]: Disconnected from invalid user divya 104.248.155.136 port 52332 [preauth]","@timestamp":"2022-09-18T16:10:22.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:29 honeypot-ams-1 sshd[6046]: Disconnected from authenticating user root 182.117.131.146 port 34444 [preauth]","@timestamp":"2022-09-18T16:10:30.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:37 honeypot-ams-1 sshd[6052]: Disconnected from authenticating user root 182.117.131.146 port 34958 [preauth]","@timestamp":"2022-09-18T16:10:37.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:46 honeypot-ams-1 sshd[6058]: Disconnected from authenticating user root 182.117.131.146 port 35496 [preauth]","@timestamp":"2022-09-18T16:10:46.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:54 honeypot-ams-1 sshd[6064]: Disconnected from authenticating user root 182.117.131.146 port 35866 [preauth]","@timestamp":"2022-09-18T16:10:54.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:03 honeypot-ams-1 sshd[6070]: Disconnected from authenticating user root 182.117.131.146 port 36344 [preauth]","@timestamp":"2022-09-18T16:11:03.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:11 honeypot-ams-1 sshd[6076]: Disconnected from authenticating user root 182.117.131.146 port 36906 [preauth]","@timestamp":"2022-09-18T16:11:11.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:21 honeypot-ams-1 sshd[6082]: Disconnected from authenticating user root 182.117.131.146 port 37464 [preauth]","@timestamp":"2022-09-18T16:11:21.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:29 honeypot-ams-1 sshd[6088]: Disconnected from authenticating user root 182.117.131.146 port 38006 [preauth]","@timestamp":"2022-09-18T16:11:29.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:37 honeypot-ams-1 sshd[6094]: Disconnected from authenticating user root 182.117.131.146 port 38476 [preauth]","@timestamp":"2022-09-18T16:11:37.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:46 honeypot-ams-1 sshd[6100]: Disconnected from authenticating user root 182.117.131.146 port 39024 [preauth]","@timestamp":"2022-09-18T16:11:46.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:54 honeypot-ams-1 sshd[6106]: Invalid user admin from 182.117.131.146 port 39476","@timestamp":"2022-09-18T16:11:54.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:59 honeypot-ams-1 sshd[6110]: Invalid user admin from 182.117.131.146 port 39844","@timestamp":"2022-09-18T16:11:59.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:07 honeypot-ams-1 sshd[6114]: Invalid user admin from 182.117.131.146 port 40262","@timestamp":"2022-09-18T16:12:07.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:12 honeypot-ams-1 sshd[6118]: Invalid user admin from 182.117.131.146 port 40604","@timestamp":"2022-09-18T16:12:13.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:19 honeypot-ams-1 sshd[6122]: Invalid user admin from 182.117.131.146 port 41048","@timestamp":"2022-09-18T16:12:19.766Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:12:21 honeypot-fra-1 sshd[28494]: Disconnected from authenticating user root 61.177.173.36 port 33181 [preauth]","@timestamp":"2022-09-18T16:12:21.971Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:28 honeypot-ams-1 sshd[6126]: Received disconnect from 182.117.131.146 port 41366:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:28.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:34 honeypot-ams-1 sshd[6130]: Disconnected from invalid user pi 182.117.131.146 port 41928 [preauth]","@timestamp":"2022-09-18T16:12:34.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:40 honeypot-ams-1 sshd[6134]: Disconnected from invalid user user 182.117.131.146 port 42274 [preauth]","@timestamp":"2022-09-18T16:12:40.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:46 honeypot-ams-1 sshd[6138]: Disconnected from invalid user mine 182.117.131.146 port 42628 [preauth]","@timestamp":"2022-09-18T16:12:46.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:52 honeypot-ams-1 sshd[6142]: Disconnected from invalid user xbmc 182.117.131.146 port 42992 [preauth]","@timestamp":"2022-09-18T16:12:52.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:59 honeypot-ams-1 sshd[6146]: Disconnected from invalid user oracle 182.117.131.146 port 43446 [preauth]","@timestamp":"2022-09-18T16:13:00.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:05 honeypot-ams-1 sshd[6150]: Disconnected from invalid user postgres 182.117.131.146 port 43774 [preauth]","@timestamp":"2022-09-18T16:13:05.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:10 honeypot-ams-1 sshd[6154]: Disconnected from invalid user support 182.117.131.146 port 44088 [preauth]","@timestamp":"2022-09-18T16:13:10.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:16 honeypot-ams-1 sshd[6158]: Disconnected from invalid user ubuntu 182.117.131.146 port 44404 [preauth]","@timestamp":"2022-09-18T16:13:17.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:22 honeypot-ams-1 sshd[6162]: Disconnected from invalid user ubuntu 182.117.131.146 port 44754 [preauth]","@timestamp":"2022-09-18T16:13:22.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:30 honeypot-ams-1 sshd[6166]: Disconnected from invalid user guest 182.117.131.146 port 45190 [preauth]","@timestamp":"2022-09-18T16:13:30.810Z"}
{"@timestamp":"2022-09-18T16:13:34.465Z","@version":"1","message":"Sep 18 16:13:34 honeypot-sgp-1 kernel: [84393716.803741] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34813 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:35 honeypot-ams-1 sshd[6170]: Disconnected from invalid user cirros 182.117.131.146 port 45504 [preauth]","@timestamp":"2022-09-18T16:13:35.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:14:41 honeypot-ams-1 sshd[6176]: Invalid user pi from 76.28.20.79 port 50138","@timestamp":"2022-09-18T16:14:41.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:17:01 honeypot-ams-1 CRON[6181]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T16:17:01.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:17:01 honeypot-fra-1 CRON[28501]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T16:17:02.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T16:22:52.694Z","@version":"1","message":"Sep 18 16:22:52 honeypot-sgp-1 sshd[31205]: Received disconnect from 61.177.172.108 port 33779:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:24:47 honeypot-fra-1 sshd[28509]: Received disconnect from 92.255.85.70 port 58960:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:24:47.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:25:36 honeypot-fra-1 sshd[28517]: Received disconnect from 61.177.172.108 port 27260:11:  [preauth]","@timestamp":"2022-09-18T16:25:37.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:26:58 honeypot-ams-1 sshd[6187]: Received disconnect from 143.244.158.100 port 34226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:26:59.184Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:27:50 honeypot-fra-1 sshd[28523]: Disconnected from invalid user litecoin 165.22.45.108 port 36506 [preauth]","@timestamp":"2022-09-18T16:27:51.320Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:29:19 honeypot-ams-1 kernel: [84395138.984811] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55987 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:29:20.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:31:35 honeypot-ams-1 sshd[6198]: Disconnected from authenticating user root 143.244.158.100 port 43410 [preauth]","@timestamp":"2022-09-18T16:31:36.309Z"}
{"@timestamp":"2022-09-18T16:33:53.960Z","@version":"1","message":"Sep 18 16:33:53 honeypot-sgp-1 sshd[31212]: Invalid user admin from 92.255.85.69 port 31786","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:34:11 honeypot-ams-1 sshd[6206]: Disconnected from authenticating user root 143.244.158.100 port 57858 [preauth]","@timestamp":"2022-09-18T16:34:12.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:36:16 honeypot-fra-1 sshd[28530]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-18T16:36:17.510Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:36:45 honeypot-ams-1 sshd[6213]: Received disconnect from 143.244.158.100 port 45286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:36:46.446Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:38:24 honeypot-ams-1 sshd[6218]: Disconnected from authenticating user root 143.244.158.100 port 34326 [preauth]","@timestamp":"2022-09-18T16:38:25.489Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:40:16 honeypot-ams-1 sshd[6224]: Connection closed by invalid user test 103.188.176.251 port 37266 [preauth]","@timestamp":"2022-09-18T16:40:16.538Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:40:58 honeypot-fra-1 sshd[28533]: Received disconnect from 147.182.169.107 port 34514:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:40:58.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:41:32 honeypot-ams-1 kernel: [84395871.990073] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=56827 PROTO=TCP SPT=57265 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:41:32.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:42:47 honeypot-ams-1 sshd[6234]: Disconnected from authenticating user root 143.244.158.100 port 50660 [preauth]","@timestamp":"2022-09-18T16:42:48.608Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:44:11 honeypot-fra-1 sshd[28540]: Invalid user test from 103.188.176.251 port 46814","@timestamp":"2022-09-18T16:44:11.698Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:45:24 honeypot-ams-1 sshd[6241]: Disconnected from authenticating user root 143.244.158.100 port 59424 [preauth]","@timestamp":"2022-09-18T16:45:24.674Z"}
{"@timestamp":"2022-09-18T16:45:55.248Z","@version":"1","message":"Sep 18 16:45:54 honeypot-sgp-1 kernel: [84395657.239398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.158.217.180 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x60 TTL=245 ID=54321 PROTO=TCP SPT=54092 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:29 honeypot-ams-1 sshd[6246]: Disconnected from invalid user user 45.61.184.204 port 55760 [preauth]","@timestamp":"2022-09-18T16:46:29.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:49 honeypot-ams-1 sshd[6250]: Disconnected from invalid user user 45.61.184.204 port 51018 [preauth]","@timestamp":"2022-09-18T16:46:49.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:07 honeypot-ams-1 sshd[6254]: Disconnected from invalid user user 45.61.184.204 port 46156 [preauth]","@timestamp":"2022-09-18T16:47:07.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:24 honeypot-ams-1 sshd[6258]: Disconnected from invalid user user 45.61.184.204 port 41370 [preauth]","@timestamp":"2022-09-18T16:47:24.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:49:11 honeypot-ams-1 sshd[6265]: Disconnected from authenticating user root 143.244.158.100 port 57872 [preauth]","@timestamp":"2022-09-18T16:49:11.774Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28555]: Connection closed by invalid user www 139.59.152.202 port 44006 [preauth]","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28558]: Invalid user steam from 139.59.152.202 port 44014","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28552]: Invalid user postgres from 139.59.152.202 port 44000","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28565]: Connection closed by invalid user guest 139.59.152.202 port 44032 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28564]: Connection closed by authenticating user root 139.59.152.202 port 44028 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28552]: Connection closed by invalid user postgres 139.59.152.202 port 44000 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28551]: Invalid user test from 139.59.152.202 port 43996","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:50 honeypot-ams-1 sshd[6272]: Invalid user user from 45.61.186.249 port 43048","@timestamp":"2022-09-18T16:51:50.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:59 honeypot-ams-1 sshd[6276]: Received disconnect from 45.61.186.249 port 54786:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:51:59.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:17 honeypot-ams-1 sshd[6280]: Received disconnect from 45.61.186.249 port 49990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:52:17.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:35 honeypot-ams-1 sshd[6284]: Received disconnect from 45.61.186.249 port 45190:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:52:35.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:48 honeypot-ams-1 sshd[6288]: Disconnected from authenticating user root 143.244.158.100 port 37886 [preauth]","@timestamp":"2022-09-18T16:52:48.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:54:45 honeypot-ams-1 sshd[6295]: Received disconnect from 200.166.96.4 port 41496:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:54:45.938Z"}
{"@timestamp":"2022-09-18T16:56:07.495Z","@version":"1","message":"Sep 18 16:56:06 honeypot-sgp-1 sshd[31229]: Received disconnect from 202.58.205.75 port 47408:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:56:54.516Z","@version":"1","message":"Sep 18 16:56:54 honeypot-sgp-1 sshd[31236]: Disconnected from invalid user d6nw5v1x2pc7st9m 91.240.118.222 port 32317 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:57:28 honeypot-ams-1 sshd[6301]: Received disconnect from 143.244.158.100 port 58856:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:57:29.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:58:39 honeypot-fra-1 sshd[28598]: Connection closed by invalid user postgres 193.106.191.157 port 48784 [preauth]","@timestamp":"2022-09-18T16:58:40.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:59:20 honeypot-ams-1 sshd[6305]: Disconnected from authenticating user root 143.244.158.100 port 46622 [preauth]","@timestamp":"2022-09-18T16:59:21.065Z"}
{"@timestamp":"2022-09-18T17:01:56.641Z","@version":"1","message":"Sep 18 17:01:56 honeypot-sgp-1 sshd[31241]: Received disconnect from 146.190.31.94 port 34406:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:02:06 honeypot-ams-1 sshd[6312]: Disconnected from authenticating user root 143.244.158.100 port 47244 [preauth]","@timestamp":"2022-09-18T17:02:07.141Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:04:12 honeypot-fra-1 sshd[28603]: Disconnected from invalid user kt 164.90.203.79 port 55456 [preauth]","@timestamp":"2022-09-18T17:04:13.163Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:04:51 honeypot-ams-1 sshd[6318]: Received disconnect from 143.244.158.100 port 48722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:04:52.219Z"}
{"@timestamp":"2022-09-18T17:05:42.731Z","@version":"1","message":"Sep 18 17:05:42 honeypot-sgp-1 sshd[31248]: Disconnected from invalid user user1!2@3#4$ 62.204.41.222 port 8951 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:07:33 honeypot-ams-1 sshd[6325]: Received disconnect from 143.244.158.100 port 37682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:07:33.294Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:07:49 honeypot-fra-1 sshd[28611]: Received disconnect from 125.164.62.7 port 49958:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:07:50.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:09:01 honeypot-fra-1 CRON[28618]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T17:09:02.274Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:09:16 honeypot-ams-1 sshd[6332]: Received disconnect from 143.244.158.100 port 40648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:09:17.344Z"}
{"@timestamp":"2022-09-18T17:09:24.821Z","@version":"1","message":"Sep 18 17:09:23 honeypot-sgp-1 kernel: [84397066.605790] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.28.17 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=38297 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:11:09 honeypot-ams-1 sshd[6339]: Received disconnect from 159.223.164.107 port 48952:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:11:10.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:12:49 honeypot-ams-1 sshd[6345]: Received disconnect from 143.244.158.100 port 57620:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:12:49.443Z"}
{"@timestamp":"2022-09-18T17:14:38.947Z","@version":"1","message":"Sep 18 17:14:38 honeypot-sgp-1 sshd[31260]: Received disconnect from 61.177.173.51 port 32304:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:15:24 honeypot-ams-1 sshd[6351]: Received disconnect from 143.244.158.100 port 59492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:15:25.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28645]: Invalid user es from 24.213.148.68 port 37984","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28629]: Invalid user ubuntu from 24.213.148.68 port 37972","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28628]: Invalid user ubuntu from 24.213.148.68 port 37988","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28635]: Invalid user chia from 24.213.148.68 port 37992","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28636]: Connection closed by invalid user kibana 24.213.148.68 port 37990 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28645]: Connection closed by invalid user es 24.213.148.68 port 37984 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28637]: Connection closed by invalid user user 24.213.148.68 port 38036 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28641]: Connection closed by authenticating user root 24.213.148.68 port 38040 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28630]: Connection closed by invalid user admin 24.213.148.68 port 37966 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28653]: Connection closed by invalid user steam 24.213.148.68 port 38010 [preauth]","@timestamp":"2022-09-18T17:16:15.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:17:23 honeypot-fra-1 sshd[28692]: Invalid user prueba from 92.255.85.70 port 23236","@timestamp":"2022-09-18T17:17:24.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:18:18 honeypot-ams-1 sshd[6357]: Disconnected from invalid user haldaemon 61.2.243.254 port 45912 [preauth]","@timestamp":"2022-09-18T17:18:18.589Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:21:20 honeypot-fra-1 sshd[28697]: Disconnected from authenticating user root 61.177.173.39 port 64252 [preauth]","@timestamp":"2022-09-18T17:21:20.559Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:25:18.202Z","@version":"1","message":"Sep 18 17:25:18 honeypot-sgp-1 kernel: [84398020.788364] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48984 PROTO=TCP SPT=29657 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:26:57 honeypot-ams-1 sshd[6363]: Invalid user postgres from 193.106.191.157 port 45500","@timestamp":"2022-09-18T17:26:57.814Z"}
{"@timestamp":"2022-09-18T17:30:22.326Z","@version":"1","message":"Sep 18 17:30:21 honeypot-sgp-1 sshd[31277]: Invalid user prueba from 92.255.85.70 port 26244","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:33:29 honeypot-ams-1 kernel: [84398989.477605] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=13219 PROTO=TCP SPT=42072 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:33:29.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:34:19 honeypot-fra-1 sshd[28709]: Received disconnect from 61.177.173.51 port 21165:11:  [preauth]","@timestamp":"2022-09-18T17:34:20.848Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:41:23.589Z","@version":"1","message":"Sep 18 17:41:22 honeypot-sgp-1 sshd[31284]: Received disconnect from 61.177.173.36 port 42728:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:48:57.799Z","@version":"1","message":"Sep 18 17:48:57 honeypot-sgp-1 sshd[31289]: Invalid user cisco from 179.43.145.98 port 54560","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:48:57.799Z","@version":"1","message":"Sep 18 17:48:57 honeypot-sgp-1 sshd[31296]: Connection closed by invalid user user 179.43.145.98 port 54562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:50:41 honeypot-fra-1 kernel: [84397848.336907] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.139 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41304 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:50:42.211Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:55:08 honeypot-fra-1 sshd[28724]: Connection reset by 61.177.173.48 port 49858 [preauth]","@timestamp":"2022-09-18T17:55:08.311Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:57:09 honeypot-ams-1 kernel: [84400409.573381] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.103.181.180 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=30672 PROTO=TCP SPT=7669 DPT=80 WINDOW=4069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:57:10.596Z"}
{"@timestamp":"2022-09-18T17:57:57.017Z","@version":"1","message":"Sep 18 17:57:56 honeypot-sgp-1 kernel: [84399979.607029] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.227.134.67 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=19873 PROTO=TCP SPT=49709 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:07:30 honeypot-ams-1 sshd[6374]: Invalid user emanuela from 20.195.224.231 port 52974","@timestamp":"2022-09-18T18:07:30.867Z"}
{"@timestamp":"2022-09-18T18:08:49.277Z","@version":"1","message":"Sep 18 18:08:48 honeypot-sgp-1 sshd[31306]: Connection reset by 61.177.173.48 port 50882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:10:04 honeypot-ams-1 sshd[6376]: Disconnected from invalid user admin 209.97.146.150 port 36376 [preauth]","@timestamp":"2022-09-18T18:10:04.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:10:47 honeypot-fra-1 kernel: [84399054.302571] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=65007 PROTO=TCP SPT=24674 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:10:48.683Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:14:04.408Z","@version":"1","message":"Sep 18 18:14:03 honeypot-sgp-1 sshd[31315]: Connection closed by invalid user admin 165.232.158.22 port 36572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:14:07.411Z","@version":"1","message":"Sep 18 18:14:07 honeypot-sgp-1 sshd[31321]: Connection closed by invalid user admin 165.232.158.22 port 36610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:14:10 honeypot-ams-1 sshd[6381]: Disconnected from invalid user gf 47.180.212.134 port 54091 [preauth]","@timestamp":"2022-09-18T18:14:11.045Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:14:39 honeypot-fra-1 sshd[28736]: Connection reset by 61.177.173.49 port 17050 [preauth]","@timestamp":"2022-09-18T18:14:39.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:17:58 honeypot-fra-1 sshd[28744]: Invalid user kai from 134.17.16.92 port 35477","@timestamp":"2022-09-18T18:17:59.856Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:18:12 honeypot-ams-1 sshd[6386]: Received disconnect from 92.255.85.69 port 44198:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:18:13.156Z"}
{"@timestamp":"2022-09-18T18:18:19.513Z","@version":"1","message":"Sep 18 18:18:18 honeypot-sgp-1 sshd[31328]: Invalid user newadmin from 182.23.67.49 port 47348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:20:22 honeypot-fra-1 sshd[28748]: Invalid user user1!2@3#4$ from 62.204.41.222 port 23535","@timestamp":"2022-09-18T18:20:22.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:21:12.583Z","@version":"1","message":"Sep 18 18:21:12 honeypot-sgp-1 sshd[31335]: Disconnected from authenticating user root 67.216.221.59 port 57886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:23:19 honeypot-fra-1 sshd[28759]: Received disconnect from 204.48.30.72 port 43652:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:23:19.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:34 honeypot-fra-1 sshd[28773]: Invalid user elastic from 183.146.30.163 port 33528","@timestamp":"2022-09-18T18:24:35.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28787]: Invalid user user from 183.146.30.163 port 33522","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28782]: Invalid user test from 183.146.30.163 port 33526","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28775]: Invalid user mysql from 183.146.30.163 port 33552","@timestamp":"2022-09-18T18:24:37.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28780]: Connection closed by invalid user demo 183.146.30.163 port 33516 [preauth]","@timestamp":"2022-09-18T18:24:37.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:49 honeypot-fra-1 sshd[28806]: Connection closed by invalid user appuser 183.146.30.163 port 33542 [preauth]","@timestamp":"2022-09-18T18:24:50.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28819]: Invalid user admin from 130.193.40.11 port 32938","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28825]: Connection closed by invalid user zabbix 130.193.40.11 port 33004 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28812]: Connection closed by authenticating user root 130.193.40.11 port 32946 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28830]: Invalid user hadoop from 130.193.40.11 port 33012","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28830]: Connection closed by invalid user hadoop 130.193.40.11 port 33012 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28821]: Connection closed by authenticating user root 130.193.40.11 port 33074 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:15 honeypot-fra-1 sshd[28833]: Connection closed by authenticating user root 130.193.40.11 port 33086 [preauth]","@timestamp":"2022-09-18T18:25:16.035Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28860]: Invalid user es from 130.193.40.11 port 32958","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:38 honeypot-fra-1 sshd[28867]: Connection closed by invalid user oracle 183.146.30.163 port 33530 [preauth]","@timestamp":"2022-09-18T18:25:39.046Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:32:23 honeypot-ams-1 kernel: [84402522.922762] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15192 PROTO=TCP SPT=47370 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:32:23.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:32:53 honeypot-fra-1 sshd[28874]: Connection reset by 61.177.173.39 port 50179 [preauth]","@timestamp":"2022-09-18T18:32:54.215Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:35:27.940Z","@version":"1","message":"Sep 18 18:35:27 honeypot-sgp-1 sshd[31351]: Received disconnect from 61.177.173.47 port 56736:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:37:29 honeypot-fra-1 kernel: [84400655.646308] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.154.17.58 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=16053 PROTO=TCP SPT=47946 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:37:29.323Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:44:52 honeypot-ams-1 kernel: [84403271.958534] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46486 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:44:52.879Z"}
{"@timestamp":"2022-09-18T18:46:31.218Z","@version":"1","message":"Sep 18 18:46:30 honeypot-sgp-1 sshd[31362]: Received disconnect from 160.251.55.50 port 60596:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:48:03.257Z","@version":"1","message":"Sep 18 18:48:02 honeypot-sgp-1 kernel: [84402985.108017] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=41418 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:48:26 honeypot-fra-1 kernel: [84401313.300579] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=59471 PROTO=TCP SPT=49406 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:48:27.590Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:51:39.343Z","@version":"1","message":"Sep 18 18:51:38 honeypot-sgp-1 kernel: [84403201.548622] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26538 PROTO=TCP SPT=47040 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:53:34.414Z","@version":"1","message":"Sep 18 18:53:34 honeypot-sgp-1 sshd[31378]: Received disconnect from 204.48.30.72 port 33278:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:54:39 honeypot-fra-1 kernel: [84401685.493495] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5695 PROTO=TCP SPT=47370 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:54:39.733Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:25 honeypot-fra-1 sshd[28894]: Received disconnect from 92.255.85.69 port 63608:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:56:25.776Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:56:33.487Z","@version":"1","message":"Sep 18 18:56:33 honeypot-sgp-1 sshd[31383]: Received disconnect from 59.19.54.171 port 51118:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:41 honeypot-fra-1 sshd[28900]: Received disconnect from 45.61.184.204 port 40770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T18:56:41.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:01 honeypot-fra-1 sshd[28904]: Received disconnect from 45.61.184.204 port 36294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T18:57:01.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:57:20.507Z","@version":"1","message":"Sep 18 18:57:20 honeypot-sgp-1 sshd[31387]: Disconnected from invalid user admin 92.255.85.70 port 20388 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:20 honeypot-fra-1 sshd[28908]: Received disconnect from 45.61.184.204 port 60056:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T18:57:20.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:59:03 honeypot-ams-1 kernel: [84404123.427440] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=52.90.252.74 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=24805 DF PROTO=TCP SPT=34886 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:59:04.252Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:01:18 honeypot-fra-1 sshd[28917]: Connection closed by invalid user postgres 193.106.191.157 port 40268 [preauth]","@timestamp":"2022-09-18T19:01:18.894Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:01:30 honeypot-ams-1 sshd[6403]: Disconnected from authenticating user root 197.159.66.211 port 36642 [preauth]","@timestamp":"2022-09-18T19:01:31.322Z"}
{"@timestamp":"2022-09-18T19:03:41.658Z","@version":"1","message":"Sep 18 19:03:41 honeypot-sgp-1 sshd[31394]: Received disconnect from 118.34.14.126 port 50636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:07:09 honeypot-ams-1 kernel: [84404609.013806] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.141.110.139 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=64835 PROTO=TCP SPT=47343 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:07:09.474Z"}
{"@timestamp":"2022-09-18T19:12:48.887Z","@version":"1","message":"Sep 18 19:12:48 honeypot-sgp-1 kernel: [84404471.410147] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.35 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30660 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:13:58 honeypot-ams-1 sshd[6414]: Invalid user postgres from 193.106.191.157 port 56684","@timestamp":"2022-09-18T19:13:58.656Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:15:20 honeypot-fra-1 sshd[28928]: Connection reset by 61.177.173.47 port 49212 [preauth]","@timestamp":"2022-09-18T19:15:21.213Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:17:01.985Z","@version":"1","message":"Sep 18 19:17:01 honeypot-sgp-1 CRON[31409]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:17:52 honeypot-ams-1 sshd[6421]: Invalid user wp-user from 119.5.157.124 port 13633","@timestamp":"2022-09-18T19:17:52.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:18:30 honeypot-ams-1 sshd[6425]: Received disconnect from 34.64.215.4 port 43162:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:18:30.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:23:41 honeypot-ams-1 sshd[6431]: Received disconnect from 138.197.19.166 port 54466:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:23:41.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:26:24 honeypot-fra-1 sshd[28942]: Invalid user litvinenko from 165.22.45.108 port 47724","@timestamp":"2022-09-18T19:26:25.467Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:26:42.209Z","@version":"1","message":"Sep 18 19:26:42 honeypot-sgp-1 sshd[31415]: Disconnected from authenticating user root 61.177.173.35 port 25199 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:24 honeypot-fra-1 sshd[28952]: Connection closed by authenticating user root 13.126.217.41 port 32890 [preauth]","@timestamp":"2022-09-18T19:27:24.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:29 honeypot-fra-1 sshd[28964]: Connection closed by authenticating user root 13.126.217.41 port 38980 [preauth]","@timestamp":"2022-09-18T19:27:30.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:35 honeypot-fra-1 sshd[28976]: Connection closed by authenticating user root 13.126.217.41 port 45400 [preauth]","@timestamp":"2022-09-18T19:27:35.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:41 honeypot-fra-1 sshd[28988]: Connection closed by authenticating user root 13.126.217.41 port 52012 [preauth]","@timestamp":"2022-09-18T19:27:41.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:46 honeypot-fra-1 sshd[29000]: Connection closed by authenticating user root 13.126.217.41 port 58698 [preauth]","@timestamp":"2022-09-18T19:27:47.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:52 honeypot-fra-1 sshd[29012]: Connection closed by authenticating user root 13.126.217.41 port 36738 [preauth]","@timestamp":"2022-09-18T19:27:52.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:58 honeypot-fra-1 sshd[29024]: Connection closed by authenticating user root 13.126.217.41 port 43314 [preauth]","@timestamp":"2022-09-18T19:27:58.514Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:28:00 honeypot-ams-1 sshd[6434]: Received disconnect from 89.22.67.66 port 56476:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:28:00.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:03 honeypot-fra-1 sshd[29036]: Connection closed by authenticating user root 13.126.217.41 port 49360 [preauth]","@timestamp":"2022-09-18T19:28:04.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:28:06.245Z","@version":"1","message":"Sep 18 19:28:05 honeypot-sgp-1 sshd[31420]: Received disconnect from 43.130.40.251 port 54698:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:09 honeypot-fra-1 sshd[29048]: Connection closed by authenticating user root 13.126.217.41 port 55792 [preauth]","@timestamp":"2022-09-18T19:28:09.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:14 honeypot-fra-1 sshd[29060]: Connection closed by authenticating user root 13.126.217.41 port 33872 [preauth]","@timestamp":"2022-09-18T19:28:15.526Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:20 honeypot-fra-1 sshd[29072]: Connection closed by authenticating user root 13.126.217.41 port 40268 [preauth]","@timestamp":"2022-09-18T19:28:21.529Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:26 honeypot-fra-1 sshd[29084]: Connection closed by authenticating user root 13.126.217.41 port 46444 [preauth]","@timestamp":"2022-09-18T19:28:26.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:31 honeypot-fra-1 sshd[29094]: Connection closed by authenticating user root 13.126.217.41 port 52008 [preauth]","@timestamp":"2022-09-18T19:28:31.536Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:36 honeypot-fra-1 sshd[29106]: Connection closed by authenticating user root 13.126.217.41 port 58290 [preauth]","@timestamp":"2022-09-18T19:28:36.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:39 honeypot-fra-1 sshd[29114]: Invalid user user from 13.126.217.41 port 34228","@timestamp":"2022-09-18T19:28:40.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:42 honeypot-fra-1 sshd[29120]: Invalid user user from 13.126.217.41 port 37346","@timestamp":"2022-09-18T19:28:43.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:45 honeypot-fra-1 sshd[29126]: Invalid user user from 13.126.217.41 port 40332","@timestamp":"2022-09-18T19:28:46.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:48 honeypot-fra-1 sshd[29132]: Invalid user user from 13.126.217.41 port 43484","@timestamp":"2022-09-18T19:28:48.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:51 honeypot-fra-1 sshd[29138]: Invalid user user from 13.126.217.41 port 46576","@timestamp":"2022-09-18T19:28:51.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:53 honeypot-fra-1 sshd[29144]: Invalid user user from 13.126.217.41 port 49660","@timestamp":"2022-09-18T19:28:54.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:56 honeypot-fra-1 sshd[29150]: Invalid user user from 13.126.217.41 port 52622","@timestamp":"2022-09-18T19:28:57.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:59 honeypot-fra-1 sshd[29156]: Invalid user user from 13.126.217.41 port 55694","@timestamp":"2022-09-18T19:28:59.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:02 honeypot-fra-1 sshd[29162]: Invalid user user from 13.126.217.41 port 58862","@timestamp":"2022-09-18T19:29:02.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:05 honeypot-fra-1 sshd[29168]: Invalid user user from 13.126.217.41 port 33508","@timestamp":"2022-09-18T19:29:05.558Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:07 honeypot-fra-1 sshd[29174]: Invalid user user from 13.126.217.41 port 36730","@timestamp":"2022-09-18T19:29:08.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:10 honeypot-fra-1 sshd[29180]: Invalid user user from 13.126.217.41 port 39736","@timestamp":"2022-09-18T19:29:11.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:13 honeypot-fra-1 sshd[29186]: Invalid user user from 13.126.217.41 port 42970","@timestamp":"2022-09-18T19:29:13.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:16 honeypot-fra-1 sshd[29192]: Invalid user user from 13.126.217.41 port 46030","@timestamp":"2022-09-18T19:29:16.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:18 honeypot-fra-1 sshd[29198]: Invalid user user from 13.126.217.41 port 49076","@timestamp":"2022-09-18T19:29:19.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:21 honeypot-fra-1 sshd[29204]: Invalid user user from 13.126.217.41 port 52182","@timestamp":"2022-09-18T19:29:22.570Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:24 honeypot-fra-1 sshd[29210]: Invalid user user from 13.126.217.41 port 55132","@timestamp":"2022-09-18T19:29:24.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:27 honeypot-fra-1 sshd[29216]: Invalid user user from 13.126.217.41 port 58076","@timestamp":"2022-09-18T19:29:27.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:29 honeypot-fra-1 sshd[29222]: Invalid user user from 13.126.217.41 port 32898","@timestamp":"2022-09-18T19:29:30.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:32 honeypot-fra-1 sshd[29228]: Invalid user user from 13.126.217.41 port 35980","@timestamp":"2022-09-18T19:29:33.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:35 honeypot-fra-1 sshd[29234]: Invalid user user from 13.126.217.41 port 39034","@timestamp":"2022-09-18T19:29:35.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:38 honeypot-fra-1 sshd[29240]: Invalid user user from 13.126.217.41 port 42056","@timestamp":"2022-09-18T19:29:38.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:40 honeypot-fra-1 sshd[29246]: Invalid user user from 13.126.217.41 port 44904","@timestamp":"2022-09-18T19:29:41.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:43 honeypot-fra-1 sshd[29252]: Invalid user user from 13.126.217.41 port 47976","@timestamp":"2022-09-18T19:29:44.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:46 honeypot-fra-1 sshd[29258]: Invalid user user from 13.126.217.41 port 51016","@timestamp":"2022-09-18T19:29:46.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:49 honeypot-fra-1 sshd[29264]: Invalid user user from 13.126.217.41 port 54072","@timestamp":"2022-09-18T19:29:49.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:52 honeypot-fra-1 sshd[29270]: Invalid user user from 13.126.217.41 port 57078","@timestamp":"2022-09-18T19:29:52.590Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:29:53 honeypot-ams-1 sshd[6439]: Connection closed by invalid user postgres 193.106.191.157 port 39280 [preauth]","@timestamp":"2022-09-18T19:29:54.435Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:54 honeypot-fra-1 sshd[29276]: Invalid user ubuntu from 13.126.217.41 port 59924","@timestamp":"2022-09-18T19:29:55.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:57 honeypot-fra-1 sshd[29282]: Invalid user ubuntu from 13.126.217.41 port 34664","@timestamp":"2022-09-18T19:29:57.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:00 honeypot-fra-1 sshd[29288]: Invalid user ubuntu from 13.126.217.41 port 37590","@timestamp":"2022-09-18T19:30:00.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:02 honeypot-fra-1 sshd[29294]: Invalid user ubuntu from 13.126.217.41 port 40432","@timestamp":"2022-09-18T19:30:03.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:05 honeypot-fra-1 sshd[29300]: Invalid user ubuntu from 13.126.217.41 port 43428","@timestamp":"2022-09-18T19:30:06.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:08 honeypot-fra-1 sshd[29306]: Invalid user ubuntu from 13.126.217.41 port 46612","@timestamp":"2022-09-18T19:30:08.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:11 honeypot-fra-1 sshd[29312]: Invalid user ubuntu from 13.126.217.41 port 49420","@timestamp":"2022-09-18T19:30:11.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:13 honeypot-fra-1 sshd[29318]: Invalid user ubuntu from 13.126.217.41 port 52294","@timestamp":"2022-09-18T19:30:14.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:16 honeypot-fra-1 sshd[29324]: Invalid user ubuntu from 13.126.217.41 port 55088","@timestamp":"2022-09-18T19:30:17.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:19 honeypot-fra-1 sshd[29330]: Invalid user ubuntu from 13.126.217.41 port 58066","@timestamp":"2022-09-18T19:30:19.607Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:22 honeypot-fra-1 sshd[29336]: Invalid user ubuntu from 13.126.217.41 port 32820","@timestamp":"2022-09-18T19:30:22.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:24 honeypot-fra-1 sshd[29342]: Invalid user ubuntu from 13.126.217.41 port 35756","@timestamp":"2022-09-18T19:30:25.649Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:27 honeypot-fra-1 sshd[29348]: Invalid user ubuntu from 13.126.217.41 port 38568","@timestamp":"2022-09-18T19:30:27.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:30 honeypot-fra-1 sshd[29354]: Invalid user ubuntu from 13.126.217.41 port 41524","@timestamp":"2022-09-18T19:30:30.653Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:32 honeypot-fra-1 sshd[29361]: Invalid user ubuntu from 13.126.217.41 port 44402","@timestamp":"2022-09-18T19:30:33.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:35 honeypot-fra-1 sshd[29367]: Invalid user ubuntu from 13.126.217.41 port 47220","@timestamp":"2022-09-18T19:30:35.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:38 honeypot-fra-1 sshd[29373]: Invalid user ubuntu from 13.126.217.41 port 50126","@timestamp":"2022-09-18T19:30:38.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:40 honeypot-fra-1 sshd[29379]: Invalid user ubuntu from 13.126.217.41 port 52972","@timestamp":"2022-09-18T19:30:41.661Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:43 honeypot-fra-1 sshd[29385]: Invalid user ubuntu from 13.126.217.41 port 55966","@timestamp":"2022-09-18T19:30:43.662Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:46 honeypot-fra-1 sshd[29391]: Invalid user ubuntu from 13.126.217.41 port 58638","@timestamp":"2022-09-18T19:30:46.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:48 honeypot-fra-1 sshd[29397]: Invalid user ubuntu from 13.126.217.41 port 33524","@timestamp":"2022-09-18T19:30:49.666Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:51 honeypot-fra-1 sshd[29403]: Invalid user ubuntu from 13.126.217.41 port 36308","@timestamp":"2022-09-18T19:30:52.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:54 honeypot-fra-1 sshd[29409]: Invalid user ubuntu from 13.126.217.41 port 39300","@timestamp":"2022-09-18T19:30:54.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:57 honeypot-fra-1 sshd[29415]: Invalid user ubuntu from 13.126.217.41 port 42140","@timestamp":"2022-09-18T19:30:57.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:59 honeypot-fra-1 sshd[29421]: Invalid user ubuntu from 13.126.217.41 port 45006","@timestamp":"2022-09-18T19:31:00.673Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:02 honeypot-fra-1 sshd[29427]: Invalid user ubuntu from 13.126.217.41 port 47928","@timestamp":"2022-09-18T19:31:02.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:05 honeypot-fra-1 sshd[29433]: Invalid user ubuntu from 13.126.217.41 port 50812","@timestamp":"2022-09-18T19:31:05.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:07 honeypot-fra-1 sshd[29439]: Invalid user debian from 13.126.217.41 port 53646","@timestamp":"2022-09-18T19:31:08.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:10 honeypot-fra-1 sshd[29445]: Invalid user debian from 13.126.217.41 port 56340","@timestamp":"2022-09-18T19:31:10.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:12 honeypot-fra-1 sshd[29451]: Invalid user debian from 13.126.217.41 port 59252","@timestamp":"2022-09-18T19:31:13.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:15 honeypot-fra-1 sshd[29457]: Invalid user debian from 13.126.217.41 port 33916","@timestamp":"2022-09-18T19:31:15.683Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:18 honeypot-fra-1 sshd[29463]: Invalid user debian from 13.126.217.41 port 37160","@timestamp":"2022-09-18T19:31:18.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:20 honeypot-fra-1 sshd[29469]: Invalid user debian from 13.126.217.41 port 40324","@timestamp":"2022-09-18T19:31:21.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:23 honeypot-fra-1 sshd[29475]: Invalid user debian from 13.126.217.41 port 43632","@timestamp":"2022-09-18T19:31:24.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:26 honeypot-fra-1 sshd[29482]: Invalid user debian from 13.126.217.41 port 46790","@timestamp":"2022-09-18T19:31:26.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:29 honeypot-fra-1 sshd[29488]: Invalid user debian from 13.126.217.41 port 50196","@timestamp":"2022-09-18T19:31:29.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:31 honeypot-fra-1 sshd[29494]: Invalid user debian from 13.126.217.41 port 53000","@timestamp":"2022-09-18T19:31:32.694Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:34 honeypot-fra-1 sshd[29500]: Invalid user debian from 13.126.217.41 port 56074","@timestamp":"2022-09-18T19:31:34.695Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:37 honeypot-fra-1 sshd[29506]: Invalid user debian from 13.126.217.41 port 58922","@timestamp":"2022-09-18T19:31:37.698Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:40 honeypot-fra-1 sshd[29512]: Invalid user debian from 13.126.217.41 port 33824","@timestamp":"2022-09-18T19:31:40.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:42 honeypot-fra-1 sshd[29518]: Invalid user debian from 13.126.217.41 port 36644","@timestamp":"2022-09-18T19:31:42.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:45 honeypot-fra-1 sshd[29524]: Invalid user debian from 13.126.217.41 port 39730","@timestamp":"2022-09-18T19:31:45.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:48 honeypot-fra-1 sshd[29530]: Invalid user debian from 13.126.217.41 port 42618","@timestamp":"2022-09-18T19:31:48.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:50 honeypot-fra-1 sshd[29536]: Invalid user debian from 13.126.217.41 port 45710","@timestamp":"2022-09-18T19:31:51.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:53 honeypot-fra-1 sshd[29542]: Invalid user debian from 13.126.217.41 port 48600","@timestamp":"2022-09-18T19:31:53.708Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:56 honeypot-fra-1 sshd[29548]: Invalid user debian from 13.126.217.41 port 51348","@timestamp":"2022-09-18T19:31:56.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:59 honeypot-fra-1 sshd[29554]: Invalid user debian from 13.126.217.41 port 54468","@timestamp":"2022-09-18T19:31:59.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:01 honeypot-fra-1 sshd[29561]: Invalid user debian from 13.126.217.41 port 57636","@timestamp":"2022-09-18T19:32:02.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:04 honeypot-fra-1 sshd[29568]: Invalid user debian from 13.126.217.41 port 60916","@timestamp":"2022-09-18T19:32:04.714Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:32:05.340Z","@version":"1","message":"Sep 18 19:32:05 honeypot-sgp-1 sshd[31426]: Connection closed by invalid user system 103.188.176.251 port 56050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:07 honeypot-fra-1 sshd[29574]: Invalid user debian from 13.126.217.41 port 35684","@timestamp":"2022-09-18T19:32:07.717Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:10 honeypot-fra-1 sshd[29580]: Invalid user debian from 13.126.217.41 port 38778","@timestamp":"2022-09-18T19:32:10.719Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:12 honeypot-fra-1 sshd[29586]: Invalid user debian from 13.126.217.41 port 41844","@timestamp":"2022-09-18T19:32:12.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:15 honeypot-fra-1 sshd[29592]: Invalid user debian from 13.126.217.41 port 45078","@timestamp":"2022-09-18T19:32:15.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:18 honeypot-fra-1 sshd[29598]: Invalid user debian from 13.126.217.41 port 47918","@timestamp":"2022-09-18T19:32:18.724Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:20 honeypot-fra-1 sshd[29604]: Invalid user debian from 13.126.217.41 port 50868","@timestamp":"2022-09-18T19:32:21.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:23 honeypot-fra-1 sshd[29610]: Invalid user admin from 13.126.217.41 port 53820","@timestamp":"2022-09-18T19:32:23.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:26 honeypot-fra-1 sshd[29616]: Invalid user admin from 13.126.217.41 port 56894","@timestamp":"2022-09-18T19:32:26.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:29 honeypot-fra-1 sshd[29622]: Invalid user admin from 13.126.217.41 port 59960","@timestamp":"2022-09-18T19:32:29.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:32 honeypot-fra-1 sshd[29628]: Invalid user admin from 13.126.217.41 port 34820","@timestamp":"2022-09-18T19:32:32.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:34 honeypot-fra-1 sshd[29634]: Invalid user admin from 13.126.217.41 port 37768","@timestamp":"2022-09-18T19:32:35.735Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:32:37.354Z","@version":"1","message":"Sep 18 19:32:36 honeypot-sgp-1 sshd[31422]: Connection reset by 61.177.173.46 port 59350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:37 honeypot-fra-1 sshd[29640]: Invalid user admin from 13.126.217.41 port 40876","@timestamp":"2022-09-18T19:32:37.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:40 honeypot-fra-1 sshd[29646]: Invalid user admin from 13.126.217.41 port 43670","@timestamp":"2022-09-18T19:32:40.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:42 honeypot-fra-1 sshd[29652]: Invalid user admin from 13.126.217.41 port 46474","@timestamp":"2022-09-18T19:32:43.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:45 honeypot-fra-1 sshd[29658]: Invalid user admin from 13.126.217.41 port 49376","@timestamp":"2022-09-18T19:32:45.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:48 honeypot-fra-1 sshd[29664]: Invalid user admin from 13.126.217.41 port 52520","@timestamp":"2022-09-18T19:32:48.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:51 honeypot-fra-1 sshd[29670]: Invalid user admin from 13.126.217.41 port 55434","@timestamp":"2022-09-18T19:32:51.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:53 honeypot-fra-1 sshd[29676]: Invalid user admin from 13.126.217.41 port 58348","@timestamp":"2022-09-18T19:32:54.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:56 honeypot-fra-1 sshd[29682]: Invalid user admin from 13.126.217.41 port 32912","@timestamp":"2022-09-18T19:32:56.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:59 honeypot-fra-1 sshd[29688]: Invalid user admin from 13.126.217.41 port 35928","@timestamp":"2022-09-18T19:32:59.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:01 honeypot-fra-1 sshd[29694]: Invalid user admin from 13.126.217.41 port 38982","@timestamp":"2022-09-18T19:33:02.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:04 honeypot-fra-1 sshd[29700]: Invalid user admin from 13.126.217.41 port 41678","@timestamp":"2022-09-18T19:33:04.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:07 honeypot-fra-1 sshd[29706]: Invalid user admin from 13.126.217.41 port 44748","@timestamp":"2022-09-18T19:33:07.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:09 honeypot-fra-1 sshd[29712]: Invalid user admin from 13.126.217.41 port 47680","@timestamp":"2022-09-18T19:33:10.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:12 honeypot-fra-1 sshd[29718]: Invalid user admin from 13.126.217.41 port 50942","@timestamp":"2022-09-18T19:33:12.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:15 honeypot-fra-1 sshd[29724]: Invalid user admin from 13.126.217.41 port 53864","@timestamp":"2022-09-18T19:33:15.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:17 honeypot-fra-1 sshd[29730]: Invalid user admin from 13.126.217.41 port 56926","@timestamp":"2022-09-18T19:33:18.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:20 honeypot-fra-1 sshd[29736]: Invalid user admin from 13.126.217.41 port 60082","@timestamp":"2022-09-18T19:33:20.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:23 honeypot-fra-1 sshd[29744]: Invalid user admin from 13.126.217.41 port 35146","@timestamp":"2022-09-18T19:33:23.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:25 honeypot-fra-1 sshd[29750]: Invalid user admin from 13.126.217.41 port 38168","@timestamp":"2022-09-18T19:33:26.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:28 honeypot-fra-1 sshd[29756]: Invalid user admin from 13.126.217.41 port 41042","@timestamp":"2022-09-18T19:33:28.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:31 honeypot-fra-1 sshd[29762]: Invalid user admin from 13.126.217.41 port 44302","@timestamp":"2022-09-18T19:33:31.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:34 honeypot-fra-1 sshd[29768]: Invalid user admin from 13.126.217.41 port 47406","@timestamp":"2022-09-18T19:33:34.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:37 honeypot-fra-1 sshd[29774]: Invalid user ftp from 13.126.217.41 port 50702","@timestamp":"2022-09-18T19:33:37.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:37:57 honeypot-fra-1 sshd[29777]: Connection closed by invalid user postgres 193.106.191.157 port 36132 [preauth]","@timestamp":"2022-09-18T19:37:57.876Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:38:02.484Z","@version":"1","message":"Sep 18 19:38:02 honeypot-sgp-1 sshd[31438]: Received disconnect from 154.61.72.164 port 53614:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:39:00.509Z","@version":"1","message":"Sep 18 19:39:00 honeypot-sgp-1 sshd[31442]: Disconnected from authenticating user root 140.238.255.101 port 38012 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:41:57.580Z","@version":"1","message":"Sep 18 19:41:57 honeypot-sgp-1 sshd[31452]: Did not receive identification string from 45.61.186.49 port 36036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:15.589Z","@version":"1","message":"Sep 18 19:42:14 honeypot-sgp-1 sshd[31455]: Disconnected from invalid user user 45.61.186.49 port 34816 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:24.593Z","@version":"1","message":"Sep 18 19:42:23 honeypot-sgp-1 sshd[31459]: Disconnected from invalid user user 45.61.186.49 port 46168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:43:12 honeypot-fra-1 sshd[29789]: Invalid user daniel from 141.98.10.158 port 50484","@timestamp":"2022-09-18T19:43:12.997Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:43:46 honeypot-ams-1 kernel: [84406806.217444] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.68.249.116 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=45620 DF PROTO=TCP SPT=34332 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:43:46.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:47:19 honeypot-ams-1 sshd[6451]: Did not receive identification string from 45.61.184.204 port 54736","@timestamp":"2022-09-18T19:47:19.903Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:01 honeypot-ams-1 sshd[6454]: Disconnected from invalid user user 45.61.184.204 port 55762 [preauth]","@timestamp":"2022-09-18T19:48:01.923Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:19 honeypot-ams-1 sshd[6458]: Disconnected from invalid user user 45.61.184.204 port 50366 [preauth]","@timestamp":"2022-09-18T19:48:19.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:35 honeypot-ams-1 sshd[6462]: Disconnected from invalid user user 45.61.184.204 port 44988 [preauth]","@timestamp":"2022-09-18T19:48:35.942Z"}
{"@timestamp":"2022-09-18T19:49:03.751Z","@version":"1","message":"Sep 18 19:49:03 honeypot-sgp-1 sshd[31467]: Invalid user admin from 167.99.66.74 port 42973","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:49:08 honeypot-fra-1 sshd[29794]: Disconnected from authenticating user root 92.81.222.217 port 49968 [preauth]","@timestamp":"2022-09-18T19:49:09.130Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:49:56.775Z","@version":"1","message":"Sep 18 19:49:56 honeypot-sgp-1 sshd[31469]: Disconnected from invalid user admin 143.198.75.234 port 46792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:52:31 honeypot-fra-1 sshd[29801]: Received disconnect from 61.177.173.47 port 45099:11:  [preauth]","@timestamp":"2022-09-18T19:52:31.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:53:10 honeypot-fra-1 sshd[29805]: Received disconnect from 178.128.72.150 port 36972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:53:11.228Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:53:57 honeypot-ams-1 kernel: [84407417.100964] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=32476 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:53:58.088Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:00 honeypot-fra-1 sshd[29809]: Received disconnect from 178.128.72.150 port 36308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:54:01.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:49 honeypot-fra-1 sshd[29814]: Received disconnect from 178.128.72.150 port 35654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:54:50.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:55:37 honeypot-fra-1 sshd[29818]: Received disconnect from 178.128.72.150 port 34992:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:55:37.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:24 honeypot-fra-1 sshd[29822]: Received disconnect from 178.128.72.150 port 34334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:56:25.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:57:07 honeypot-fra-1 sshd[29826]: Disconnected from authenticating user root 103.86.180.10 port 42947 [preauth]","@timestamp":"2022-09-18T19:57:08.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:57:37 honeypot-fra-1 sshd[29830]: Disconnected from invalid user postgres 178.128.72.150 port 47460 [preauth]","@timestamp":"2022-09-18T19:57:37.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:58:03 honeypot-fra-1 sshd[29834]: Disconnected from invalid user weiwei 186.195.230.242 port 40297 [preauth]","@timestamp":"2022-09-18T19:58:04.375Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:58:42 honeypot-ams-1 sshd[6470]: Disconnected from invalid user atlas 152.32.214.226 port 39866 [preauth]","@timestamp":"2022-09-18T19:58:43.214Z"}
{"@timestamp":"2022-09-18T19:58:48.981Z","@version":"1","message":"Sep 18 19:58:48 honeypot-sgp-1 sshd[31480]: Received disconnect from 85.208.252.181 port 52832:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T20:02:36.073Z","@version":"1","message":"Sep 18 20:02:35 honeypot-sgp-1 sshd[31486]: Received disconnect from 202.29.4.190 port 54420:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:04:55 honeypot-ams-1 sshd[6473]: Received disconnect from 91.240.118.222 port 27689:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-18T20:04:56.380Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:05:04 honeypot-fra-1 sshd[29839]: Disconnected from authenticating user root 61.177.173.39 port 54363 [preauth]","@timestamp":"2022-09-18T20:05:04.539Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:07:47 honeypot-ams-1 sshd[6478]: Received disconnect from 62.204.41.222 port 14849:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-18T20:07:47.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:10:35 honeypot-ams-1 sshd[6484]: Invalid user pcserver from 206.189.151.245 port 36444","@timestamp":"2022-09-18T20:10:36.532Z"}
{"@timestamp":"2022-09-18T20:14:20.350Z","@version":"1","message":"Sep 18 20:14:20 honeypot-sgp-1 sshd[31492]: Received disconnect from 61.177.173.51 port 59997:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:18 honeypot-fra-1 sshd[29854]: Received disconnect from 178.62.81.147 port 52484:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:19:18.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:47 honeypot-fra-1 sshd[29862]: Received disconnect from 220.225.126.55 port 42356:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:19:47.882Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:20:23 honeypot-ams-1 sshd[6490]: Received disconnect from 128.199.225.7 port 35070:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:20:23.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:22:48 honeypot-fra-1 sshd[29869]: Invalid user ftp from 58.8.213.27 port 33102","@timestamp":"2022-09-18T20:22:48.949Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:23:26.562Z","@version":"1","message":"Sep 18 20:23:25 honeypot-sgp-1 sshd[31505]: Received disconnect from 61.177.172.19 port 15838:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:23:59 honeypot-fra-1 kernel: [84407045.846024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.36 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=13254 PROTO=TCP SPT=50624 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:23:59.977Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:28:32 honeypot-fra-1 sshd[29878]: Disconnected from invalid user xl 185.74.4.20 port 58104 [preauth]","@timestamp":"2022-09-18T20:28:33.104Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:29:30.702Z","@version":"1","message":"Sep 18 20:29:30 honeypot-sgp-1 sshd[31523]: Disconnected from authenticating user root 61.177.173.53 port 20774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:30:36 honeypot-fra-1 kernel: [84407443.071620] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=50548 PROTO=TCP SPT=53008 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:30:37.152Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:35:46 honeypot-ams-1 kernel: [84409925.918763] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.180.149.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=21071 PROTO=TCP SPT=56397 DPT=80 WINDOW=37901 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:35:47.192Z"}
{"@timestamp":"2022-09-18T20:38:25.911Z","@version":"1","message":"Sep 18 20:38:25 honeypot-sgp-1 sshd[31532]: Disconnected from authenticating user root 61.177.173.46 port 63615 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:39:50 honeypot-fra-1 kernel: [84407996.279409] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.215.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49643 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:39:50.354Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:42:57 honeypot-ams-1 kernel: [84410357.098272] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.240.118.224 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=17036 PROTO=TCP SPT=56701 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:42:58.386Z"}
{"@timestamp":"2022-09-18T20:45:31.071Z","@version":"1","message":"Sep 18 20:45:30 honeypot-sgp-1 kernel: [84410033.380907] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52300 PROTO=TCP SPT=53690 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:51:22 honeypot-ams-1 sshd[6505]: Did not receive identification string from 178.128.72.150 port 39464","@timestamp":"2022-09-18T20:51:23.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:52:22 honeypot-ams-1 sshd[6508]: Disconnected from invalid user test 178.128.72.150 port 41944 [preauth]","@timestamp":"2022-09-18T20:52:22.641Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:53:08 honeypot-fra-1 sshd[29914]: Disconnected from authenticating user root 61.177.173.37 port 38469 [preauth]","@timestamp":"2022-09-18T20:53:08.651Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:53:15 honeypot-ams-1 sshd[6513]: Received disconnect from 178.128.72.150 port 44136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:53:15.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:54:08 honeypot-ams-1 sshd[6517]: Received disconnect from 178.128.72.150 port 46366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:54:09.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:01 honeypot-ams-1 sshd[6521]: Received disconnect from 178.128.72.150 port 48532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:55:01.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:53 honeypot-ams-1 sshd[6525]: Received disconnect from 178.128.72.150 port 50710:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:55:53.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:56:45 honeypot-ams-1 sshd[6529]: Received disconnect from 178.128.72.150 port 52904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:56:45.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:57:37 honeypot-ams-1 sshd[6533]: Invalid user postgres from 178.128.72.150 port 55062","@timestamp":"2022-09-18T20:57:37.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:00:43 honeypot-ams-1 sshd[6536]: Received disconnect from 92.255.85.70 port 54698:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:00:43.888Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:03:43 honeypot-fra-1 sshd[29925]: Connection closed by invalid user postgres 193.106.191.157 port 59958 [preauth]","@timestamp":"2022-09-18T21:03:43.888Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:04:42.508Z","@version":"1","message":"Sep 18 21:04:41 honeypot-sgp-1 sshd[31551]: Invalid user user1 from 210.195.11.120 port 40048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:06:32.552Z","@version":"1","message":"Sep 18 21:06:31 honeypot-sgp-1 sshd[31556]: Disconnected from authenticating user root 61.177.173.48 port 43345 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:06:44 honeypot-fra-1 sshd[29932]: Received disconnect from 92.36.144.96 port 47016:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:06:44.959Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:09:13.617Z","@version":"1","message":"Sep 18 21:09:12 honeypot-sgp-1 kernel: [84411455.381914] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.215.25 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=23610 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:09:50 honeypot-fra-1 sshd[29938]: Disconnected from invalid user admin 2.42.138.122 port 52339 [preauth]","@timestamp":"2022-09-18T21:09:51.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:12:48 honeypot-fra-1 sshd[29941]: Connection reset by 61.177.172.19 port 11432 [preauth]","@timestamp":"2022-09-18T21:12:48.097Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:13:21.716Z","@version":"1","message":"Sep 18 21:13:21 honeypot-sgp-1 sshd[31568]: Disconnected from authenticating user root 61.177.173.46 port 63245 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:16:19 honeypot-ams-1 sshd[6542]: Invalid user postgres from 193.106.191.157 port 50452","@timestamp":"2022-09-18T21:16:19.305Z"}
{"@timestamp":"2022-09-18T21:19:54.896Z","@version":"1","message":"Sep 18 21:19:54 honeypot-sgp-1 sshd[31584]: Invalid user admin from 92.255.85.70 port 49940","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:26:12 honeypot-fra-1 sshd[29958]: Invalid user airflow from 138.68.110.55 port 37696","@timestamp":"2022-09-18T21:26:13.394Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:26:19 honeypot-ams-1 kernel: [84412959.142512] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=56857 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:26:20.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:27:16 honeypot-fra-1 sshd[29964]: Disconnected from 61.177.172.124 port 45086 [preauth]","@timestamp":"2022-09-18T21:27:17.421Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:29:06 honeypot-ams-1 sshd[6552]: Invalid user zy from 133.130.101.23 port 36994","@timestamp":"2022-09-18T21:29:06.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:31:07 honeypot-fra-1 sshd[29972]: Invalid user dochom from 43.134.162.83 port 35174","@timestamp":"2022-09-18T21:31:08.507Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:31:37 honeypot-ams-1 sshd[6555]: Invalid user system from 103.188.176.251 port 59898","@timestamp":"2022-09-18T21:31:37.716Z"}
{"@timestamp":"2022-09-18T21:31:59.170Z","@version":"1","message":"Sep 18 21:31:59 honeypot-sgp-1 sshd[31591]: Received disconnect from 218.92.0.221 port 16377:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:35:48 honeypot-fra-1 sshd[29978]: Disconnected from authenticating user root 61.177.173.50 port 51941 [preauth]","@timestamp":"2022-09-18T21:35:49.611Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:39:21.340Z","@version":"1","message":"Sep 18 21:39:20 honeypot-sgp-1 sshd[31598]: Disconnected from authenticating user root 61.177.172.19 port 21304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:40:30 honeypot-ams-1 kernel: [84413809.509214] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=20607 PROTO=TCP SPT=57160 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:40:30.951Z"}
{"@timestamp":"2022-09-18T21:41:35.397Z","@version":"1","message":"Sep 18 21:41:34 honeypot-sgp-1 sshd[31603]: Received disconnect from 179.43.156.143 port 33334:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:43:05 honeypot-fra-1 sshd[29985]: Invalid user RPM from 92.255.85.70 port 52002","@timestamp":"2022-09-18T21:43:05.774Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:43:30.444Z","@version":"1","message":"Sep 18 21:43:30 honeypot-sgp-1 sshd[31611]: Received disconnect from 179.43.156.143 port 54162:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:44:45.475Z","@version":"1","message":"Sep 18 21:44:44 honeypot-sgp-1 sshd[31616]: Received disconnect from 179.43.156.143 port 49218:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:45:47 honeypot-fra-1 kernel: [84411953.640430] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54496 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:45:47.836Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T21:46:00.507Z","@version":"1","message":"Sep 18 21:45:59 honeypot-sgp-1 sshd[31620]: Received disconnect from 92.255.85.69 port 26198:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:46:38.523Z","@version":"1","message":"Sep 18 21:46:37 honeypot-sgp-1 sshd[31626]: Received disconnect from 179.43.156.143 port 41814:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:47:55.555Z","@version":"1","message":"Sep 18 21:47:54 honeypot-sgp-1 sshd[31631]: Disconnected from invalid user git 179.43.156.143 port 36836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:15.591Z","@version":"1","message":"Sep 18 21:49:14 honeypot-sgp-1 sshd[31638]: Disconnected from invalid user testuser 179.43.156.143 port 60118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:54.609Z","@version":"1","message":"Sep 18 21:49:53 honeypot-sgp-1 sshd[31644]: Disconnected from invalid user hadoop 179.43.156.143 port 57666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:50:57.636Z","@version":"1","message":"Sep 18 21:50:56 honeypot-sgp-1 sshd[31648]: Disconnected from invalid user gitlab_ci 188.166.208.174 port 47942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:51:53.661Z","@version":"1","message":"Sep 18 21:51:52 honeypot-sgp-1 sshd[31654]: Invalid user drcomadmin from 179.43.156.143 port 50224","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:53:07.691Z","@version":"1","message":"Sep 18 21:53:07 honeypot-sgp-1 sshd[31658]: Received disconnect from 61.148.90.118 port 44274:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:53:29 honeypot-ams-1 sshd[6569]: Invalid user jihye from 68.168.142.91 port 48652","@timestamp":"2022-09-18T21:53:30.289Z"}
{"@timestamp":"2022-09-18T21:53:58.714Z","@version":"1","message":"Sep 18 21:53:58 honeypot-sgp-1 sshd[31662]: Received disconnect from 112.28.209.66 port 47504:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:54:43.734Z","@version":"1","message":"Sep 18 21:54:42 honeypot-sgp-1 sshd[31669]: Received disconnect from 179.43.156.143 port 40308:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:54:53 honeypot-fra-1 sshd[29993]: Disconnected from authenticating user root 61.177.173.36 port 35168 [preauth]","@timestamp":"2022-09-18T21:54:54.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:56:40.783Z","@version":"1","message":"Sep 18 21:56:39 honeypot-sgp-1 kernel: [84414302.241211] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23371 PROTO=TCP SPT=54345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:58:12.843Z","@version":"1","message":"Sep 18 21:58:12 honeypot-sgp-1 sshd[31681]: Invalid user zxd from 103.188.176.251 port 49054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:00:00.891Z","@version":"1","message":"Sep 18 22:00:00 honeypot-sgp-1 sshd[31688]: Received disconnect from 179.43.156.143 port 51248:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:00:17 honeypot-fra-1 kernel: [84412823.162017] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.97.234.8 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=7343 DF PROTO=TCP SPT=52088 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T22:00:17.159Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:01:21 honeypot-ams-1 kernel: [84415060.522219] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=27072 PROTO=TCP SPT=62725 DPT=80 WINDOW=40602 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:01:21.497Z"}
{"@timestamp":"2022-09-18T22:02:14.945Z","@version":"1","message":"Sep 18 22:02:14 honeypot-sgp-1 sshd[31694]: Invalid user ansible from 179.43.156.143 port 43850","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:03:46.983Z","@version":"1","message":"Sep 18 22:03:46 honeypot-sgp-1 sshd[31698]: Received disconnect from 179.43.156.143 port 38898:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:21 honeypot-ams-1 sshd[6577]: Received disconnect from 45.61.186.169 port 34988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T22:04:22.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:39 honeypot-ams-1 sshd[6581]: Received disconnect from 45.61.186.169 port 58440:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T22:04:39.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:56 honeypot-ams-1 sshd[6585]: Received disconnect from 45.61.186.169 port 53676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T22:04:56.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:05:05 honeypot-ams-1 sshd[6587]: Received disconnect from 45.61.186.169 port 37212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T22:05:05.601Z"}
{"@timestamp":"2022-09-18T22:06:04.040Z","@version":"1","message":"Sep 18 22:06:03 honeypot-sgp-1 sshd[31705]: Received disconnect from 179.43.156.143 port 59732:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:06:46 honeypot-fra-1 kernel: [84413212.899262] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.241 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=20128 PROTO=TCP SPT=50600 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:06:47.321Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:07:32.076Z","@version":"1","message":"Sep 18 22:07:31 honeypot-sgp-1 sshd[31709]: Disconnected from invalid user dmdba 179.43.156.143 port 54778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:08:59.119Z","@version":"1","message":"Sep 18 22:08:58 honeypot-sgp-1 sshd[31713]: Disconnected from invalid user vagrant 179.43.156.143 port 49834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:09:52 honeypot-fra-1 sshd[30012]: Disconnected from invalid user amssys 107.172.219.107 port 58382 [preauth]","@timestamp":"2022-09-18T22:09:52.392Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:10:08.150Z","@version":"1","message":"Sep 18 22:10:07 honeypot-sgp-1 sshd[31717]: Disconnected from invalid user ceo 179.218.198.83 port 47359 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:17:02.313Z","@version":"1","message":"Sep 18 22:17:01 honeypot-sgp-1 CRON[31725]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:17:01 honeypot-fra-1 CRON[30019]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T22:17:02.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:17:19 honeypot-ams-1 sshd[6598]: Invalid user support from 92.255.85.70 port 39810","@timestamp":"2022-09-18T22:17:19.921Z"}
{"@timestamp":"2022-09-18T22:21:27.415Z","@version":"1","message":"Sep 18 22:21:26 honeypot-sgp-1 kernel: [84415788.902248] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=41330 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:27:30 honeypot-fra-1 sshd[30026]: Received disconnect from 62.84.124.148 port 55938:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:27:31.801Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:29:44 honeypot-ams-1 sshd[6602]: Received disconnect from 148.72.244.44 port 52270:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:29:45.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:31:19 honeypot-ams-1 sshd[6606]: Disconnected from invalid user tw 114.108.150.156 port 37758 [preauth]","@timestamp":"2022-09-18T22:31:20.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:32:52 honeypot-ams-1 sshd[6613]: Received disconnect from 137.184.28.240 port 33144:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:32:53.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:35:01 honeypot-fra-1 sshd[30031]: Connection closed by 67.205.138.198 port 57284 [preauth]","@timestamp":"2022-09-18T22:35:01.974Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30047]: Invalid user mcserv from 185.209.179.41 port 57092","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30041]: Invalid user deploy from 185.209.179.41 port 57128","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30047]: Connection closed by invalid user mcserv 185.209.179.41 port 57092 [preauth]","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30036]: Connection closed by invalid user es 185.209.179.41 port 57106 [preauth]","@timestamp":"2022-09-18T22:36:14.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30066]: Invalid user ts3srv from 185.209.179.41 port 57104","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30067]: Invalid user es from 185.209.179.41 port 57098","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30069]: Connection closed by invalid user cloud 185.209.179.41 port 57072 [preauth]","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30081]: Invalid user test from 185.209.179.41 port 57122","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30083]: Connection closed by invalid user bitwarden 185.209.179.41 port 57070 [preauth]","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:38:25 honeypot-fra-1 kernel: [84415110.965219] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.36 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43068 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:38:25.053Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:40:07 honeypot-fra-1 sshd[30097]: Disconnected from invalid user liuhuijie 165.22.45.108 port 59186 [preauth]","@timestamp":"2022-09-18T22:40:08.094Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:46:16 honeypot-ams-1 kernel: [84417756.245075] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=57988 PROTO=TCP SPT=54345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:46:17.683Z"}
{"@timestamp":"2022-09-18T22:46:48.015Z","@version":"1","message":"Sep 18 22:46:47 honeypot-sgp-1 kernel: [84417310.253128] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=44874 DF PROTO=TCP SPT=57964 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:49:00 honeypot-fra-1 kernel: [84415745.925253] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45419 DF PROTO=TCP SPT=44818 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:49:00.293Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:49:10.075Z","@version":"1","message":"Sep 18 22:49:09 honeypot-sgp-1 sshd[31737]: Received disconnect from 92.255.85.69 port 46118:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:51:19.129Z","@version":"1","message":"Sep 18 22:51:18 honeypot-sgp-1 kernel: [84417580.738767] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.88.48 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=52271 DF PROTO=TCP SPT=38108 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:52:24 honeypot-fra-1 sshd[30105]: Disconnected from authenticating user root 107.174.244.122 port 51992 [preauth]","@timestamp":"2022-09-18T22:52:25.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:52:41 honeypot-ams-1 kernel: [84418140.587930] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=5609 DF PROTO=TCP SPT=44568 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:52:41.851Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:56:17 honeypot-ams-1 kernel: [84418356.962638] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.34.92.104 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=49116 PROTO=TCP SPT=19635 DPT=80 WINDOW=13508 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:56:17.949Z"}
{"@timestamp":"2022-09-18T22:58:33.298Z","@version":"1","message":"Sep 18 22:58:32 honeypot-sgp-1 sshd[31744]: Received disconnect from 45.61.186.49 port 45650:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:58:42.301Z","@version":"1","message":"Sep 18 22:58:42 honeypot-sgp-1 sshd[31748]: Connection closed by invalid user user 45.61.186.49 port 57336 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:00:51 honeypot-fra-1 sshd[30110]: Received disconnect from 64.135.113.136 port 46228:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:00:51.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:01:20 honeypot-ams-1 kernel: [84418659.599665] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30538 PROTO=TCP SPT=42077 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:01:21.085Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:02:57 honeypot-fra-1 sshd[30115]: Connection closed by invalid user cyrus 141.98.10.158 port 33066 [preauth]","@timestamp":"2022-09-18T23:02:58.616Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:06:07 honeypot-ams-1 kernel: [84418946.825184] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=11819 PROTO=TCP SPT=41835 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:06:08.210Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:11:04 honeypot-fra-1 kernel: [84417070.636313] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28937 PROTO=TCP SPT=42663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:11:04.803Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T23:13:58.685Z","@version":"1","message":"Sep 18 23:13:58 honeypot-sgp-1 sshd[31752]: Connection closed by invalid user admin 112.167.228.121 port 40434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:14:15.693Z","@version":"1","message":"Sep 18 23:14:15 honeypot-sgp-1 sshd[31757]: Disconnected from invalid user ppacoc 27.118.22.221 port 44902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:17:01.761Z","@version":"1","message":"Sep 18 23:17:01 honeypot-sgp-1 CRON[31763]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:17:01 honeypot-fra-1 CRON[30125]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T23:17:01.938Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:18:03 honeypot-ams-1 kernel: [84419663.207408] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37763 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:18:04.515Z"}
{"@timestamp":"2022-09-18T23:20:10.838Z","@version":"1","message":"Sep 18 23:20:10 honeypot-sgp-1 sshd[31769]: Bad protocol version identification '\\026\\003\\001' from 134.122.112.12 port 60206","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:23:00 honeypot-ams-1 kernel: [84419960.103394] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28719 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:23:01.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:24 honeypot-ams-1 sshd[6663]: Invalid user user from 45.61.184.204 port 34908","@timestamp":"2022-09-18T23:28:24.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:42 honeypot-ams-1 sshd[6667]: Invalid user user from 45.61.184.204 port 57466","@timestamp":"2022-09-18T23:28:42.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:59 honeypot-ams-1 sshd[6671]: Invalid user user from 45.61.184.204 port 51726","@timestamp":"2022-09-18T23:28:59.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:29:45 honeypot-fra-1 sshd[30136]: Received disconnect from 60.248.95.231 port 42753:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:29:45.220Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:30:51 honeypot-ams-1 kernel: [84420431.033664] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=25961 PROTO=TCP SPT=43804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:30:51.858Z"}
{"@timestamp":"2022-09-18T23:33:58.163Z","@version":"1","message":"Sep 18 23:33:57 honeypot-sgp-1 sshd[31778]: Disconnected from authenticating user root 165.22.14.77 port 48674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:38:49 honeypot-fra-1 kernel: [84418734.830513] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=20056 PROTO=TCP SPT=42203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:38:49.422Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T23:39:18.285Z","@version":"1","message":"Sep 18 23:39:18 honeypot-sgp-1 sshd[31784]: Disconnected from invalid user akasaka 20.187.88.167 port 59800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:40:28 honeypot-ams-1 sshd[6681]: Received disconnect from 43.245.185.66 port 53292:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:40:29.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:42:28 honeypot-fra-1 sshd[30143]: Received disconnect from 42.119.111.155 port 47046:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:42:28.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:43:06.373Z","@version":"1","message":"Sep 18 23:43:05 honeypot-sgp-1 sshd[31789]: Disconnected from invalid user configure 144.48.240.59 port 54692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:44:41 honeypot-ams-1 sshd[6687]: Received disconnect from 199.115.228.186 port 57828:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:44:42.241Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:46:16 honeypot-fra-1 sshd[30146]: Received disconnect from 85.165.43.80 port 45800:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:46:16.597Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:47:50 honeypot-ams-1 sshd[6692]: Received disconnect from 92.255.85.69 port 20408:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:47:51.326Z"}
{"@timestamp":"2022-09-18T23:49:37.526Z","@version":"1","message":"Sep 18 23:49:37 honeypot-sgp-1 sshd[31797]: Invalid user projects from 88.215.1.25 port 62293","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:00 honeypot-ams-1 sshd[6697]: Invalid user user from 45.61.184.204 port 50014","@timestamp":"2022-09-18T23:50:01.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:20 honeypot-ams-1 sshd[6701]: Invalid user user from 45.61.184.204 port 44562","@timestamp":"2022-09-18T23:50:20.398Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:36 honeypot-ams-1 sshd[6705]: Invalid user user from 45.61.184.204 port 39094","@timestamp":"2022-09-18T23:50:37.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:51:49 honeypot-ams-1 sshd[6710]: Invalid user monitor from 187.189.51.115 port 16517","@timestamp":"2022-09-18T23:51:50.441Z"}
{"@timestamp":"2022-09-18T23:58:07.746Z","@version":"1","message":"Sep 18 23:58:07 honeypot-sgp-1 sshd[31801]: Disconnected from invalid user zs 203.106.164.74 port 47486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:58:26 honeypot-fra-1 sshd[30159]: Connection closed by 121.157.23.122 port 53912 [preauth]","@timestamp":"2022-09-18T23:58:26.866Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:58:58.768Z","@version":"1","message":"Sep 18 23:58:57 honeypot-sgp-1 sshd[31805]: Disconnected from invalid user monitor 68.183.92.26 port 40588 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:01.864Z","@version":"1","message":"Sep 19 00:03:01 honeypot-sgp-1 sshd[31827]: Invalid user test from 20.40.73.192 port 41698","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:27.876Z","@version":"1","message":"Sep 19 00:03:27 honeypot-sgp-1 sshd[31832]: Received disconnect from 128.199.225.7 port 50888:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:03:31 honeypot-ams-1 kernel: [84422390.485510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.49.20.73 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48905 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:03:31.752Z"}
{"@timestamp":"2022-09-19T00:04:33.906Z","@version":"1","message":"Sep 19 00:04:33 honeypot-sgp-1 sshd[31838]: Received disconnect from 144.24.178.128 port 48540:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:04:46 honeypot-fra-1 sshd[30183]: Invalid user  from 43.153.10.221 port 45104","@timestamp":"2022-09-19T00:04:47.012Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:04:57.918Z","@version":"1","message":"Sep 19 00:04:56 honeypot-sgp-1 sshd[31842]: Disconnected from invalid user tekbaseftp 164.92.159.65 port 46156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:34.955Z","@version":"1","message":"Sep 19 00:05:33 honeypot-sgp-1 sshd[31846]: Disconnected from invalid user bridget 209.97.149.37 port 38140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:06:12.971Z","@version":"1","message":"Sep 19 00:06:11 honeypot-sgp-1 sshd[31852]: Received disconnect from 143.244.134.191 port 45628:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:29.004Z","@version":"1","message":"Sep 19 00:07:28 honeypot-sgp-1 sshd[31856]: Received disconnect from 54.173.202.75 port 50786:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:38.009Z","@version":"1","message":"Sep 19 00:07:37 honeypot-sgp-1 sshd[31860]: Received disconnect from 20.197.3.90 port 55028:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:08:06.022Z","@version":"1","message":"Sep 19 00:08:06 honeypot-sgp-1 sshd[31864]: Invalid user nasa from 51.75.170.189 port 37792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:09:15.051Z","@version":"1","message":"Sep 19 00:09:14 honeypot-sgp-1 sshd[31869]: Received disconnect from 23.96.83.144 port 57274:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:09:46.065Z","@version":"1","message":"Sep 19 00:09:45 honeypot-sgp-1 sshd[31873]: Disconnected from authenticating user root 178.128.108.91 port 45322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:14:49.184Z","@version":"1","message":"Sep 19 00:14:48 honeypot-sgp-1 sshd[31880]: Connection closed by invalid user admin 165.232.158.22 port 43610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:15:06 honeypot-fra-1 sshd[30186]: Invalid user Administrator from 92.255.85.70 port 59368","@timestamp":"2022-09-19T00:15:07.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:17:01 honeypot-fra-1 CRON[30191]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T00:17:02.291Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:17:02.238Z","@version":"1","message":"Sep 19 00:17:01 honeypot-sgp-1 CRON[31886]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:17:01 honeypot-ams-1 CRON[6736]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T00:17:02.136Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:21:41 honeypot-ams-1 kernel: [84423480.931865] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57799 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:21:42.264Z"}
{"@timestamp":"2022-09-19T00:22:52.375Z","@version":"1","message":"Sep 19 00:22:52 honeypot-sgp-1 sshd[31892]: Connection closed by authenticating user root 103.188.176.251 port 60594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:27:54 honeypot-ams-1 sshd[6745]: Disconnecting invalid user admin 180.33.111.29 port 60861: Too many authentication failures [preauth]","@timestamp":"2022-09-19T00:27:55.430Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:33:28 honeypot-fra-1 kernel: [84422013.735794] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=32805 PROTO=TCP SPT=40147 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:33:28.661Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T00:34:57.655Z","@version":"1","message":"Sep 19 00:34:57 honeypot-sgp-1 sshd[31903]: Invalid user pi from 79.84.154.45 port 53842","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:36:31 honeypot-fra-1 sshd[30199]: Disconnected from authenticating user root 117.28.245.18 port 54612 [preauth]","@timestamp":"2022-09-19T00:36:31.733Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:45:49.909Z","@version":"1","message":"Sep 19 00:45:48 honeypot-sgp-1 sshd[31909]: Disconnected from authenticating user root 92.255.85.70 port 28490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:47:17 honeypot-ams-1 sshd[6751]: Received disconnect from 104.131.181.4 port 38826:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:47:17.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:53:36 honeypot-ams-1 sshd[6756]: Disconnected from authenticating user root 92.255.85.69 port 48620 [preauth]","@timestamp":"2022-09-19T00:53:37.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:55:44 honeypot-ams-1 sshd[6759]: Disconnected from invalid user demos 45.126.184.170 port 39901 [preauth]","@timestamp":"2022-09-19T00:55:45.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6766]: Invalid user admin from 195.19.96.168 port 59146","@timestamp":"2022-09-19T01:00:24.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6779]: Invalid user user from 195.19.96.168 port 59104","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6778]: Connection closed by invalid user ubuntu 195.19.96.168 port 59120 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6768]: Invalid user ubuntu from 195.19.96.168 port 59062","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6777]: Invalid user nexus from 195.19.96.168 port 59076","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6776]: Connection closed by invalid user mc 195.19.96.168 port 59098 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6794]: Connection closed by invalid user ubuntu 195.19.96.168 port 59092 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6783]: Connection closed by invalid user mysql 195.19.96.168 port 59052 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:25 honeypot-ams-1 sshd[6817]: Connection closed by invalid user admin 195.19.96.168 port 59042 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:00:58 honeypot-fra-1 sshd[30209]: Invalid user admin from 59.27.20.202 port 33521","@timestamp":"2022-09-19T01:00:59.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:04:14 honeypot-ams-1 kernel: [84426033.446965] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.205.81.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=48134 PROTO=TCP SPT=37432 DPT=443 WINDOW=41486 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:04:14.401Z"}
{"@timestamp":"2022-09-19T01:07:37.414Z","@version":"1","message":"Sep 19 01:07:37 honeypot-sgp-1 sshd[31913]: Disconnected from invalid user hadoop 144.24.72.43 port 43150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:07:45 honeypot-fra-1 sshd[30212]: Connection closed by invalid user ftp 193.106.191.157 port 42792 [preauth]","@timestamp":"2022-09-19T01:07:46.431Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T01:13:52.558Z","@version":"1","message":"Sep 19 01:13:52 honeypot-sgp-1 sshd[31918]: Disconnected from invalid user postgres 96.84.149.98 port 45440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:17:01 honeypot-fra-1 CRON[30215]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T01:17:02.637Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:17:28 honeypot-ams-1 sshd[6833]: Received disconnect from 128.199.57.142 port 53750:11: Bye Bye [preauth]","@timestamp":"2022-09-19T01:17:28.748Z"}
{"@timestamp":"2022-09-19T01:17:41.650Z","@version":"1","message":"Sep 19 01:17:41 honeypot-sgp-1 kernel: [84426363.317544] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.221.102.66 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=44034 PROTO=TCP SPT=5680 DPT=80 WINDOW=13844 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:20:24 honeypot-ams-1 sshd[6837]: Connection closed by invalid user ftp 193.106.191.157 port 37960 [preauth]","@timestamp":"2022-09-19T01:20:24.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:24:23 honeypot-fra-1 kernel: [84425069.334924] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.220.205.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38891 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:24:23.840Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:26:55.894Z","@version":"1","message":"Sep 19 01:26:55 honeypot-sgp-1 kernel: [84426917.241947] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.202.190.150 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=443 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:27:05 honeypot-ams-1 kernel: [84427405.197086] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=12209 PROTO=TCP SPT=49503 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:27:06.024Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:41:14 honeypot-ams-1 kernel: [84428253.617013] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=9606 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:41:14.395Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:43:27 honeypot-fra-1 sshd[30667]: Invalid user ftp from 193.106.191.157 port 38398","@timestamp":"2022-09-19T01:43:27.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:46:00 honeypot-fra-1 sshd[30670]: Disconnected from invalid user Administrator 92.255.85.70 port 29930 [preauth]","@timestamp":"2022-09-19T01:46:00.325Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T01:49:14.417Z","@version":"1","message":"Sep 19 01:49:14 honeypot-sgp-1 sshd[32373]: Invalid user vmail from 190.144.139.235 port 60674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:53:16.513Z","@version":"1","message":"Sep 19 01:53:16 honeypot-sgp-1 sshd[32376]: Received disconnect from 92.255.85.70 port 63298:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:54:40 honeypot-ams-1 kernel: [84429059.728946] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.233.69 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=80 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:54:40.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:55:37 honeypot-fra-1 sshd[30673]: Disconnected from invalid user liuqi 165.22.45.108 port 42432 [preauth]","@timestamp":"2022-09-19T01:55:37.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T01:59:40.667Z","@version":"1","message":"Sep 19 01:59:40 honeypot-sgp-1 sshd[32383]: Received disconnect from 157.230.234.93 port 39446:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:50 honeypot-fra-1 sshd[30685]: Connection closed by authenticating user root 103.241.181.174 port 46944 [preauth]","@timestamp":"2022-09-19T02:03:50.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:56 honeypot-fra-1 sshd[30697]: Connection closed by authenticating user root 103.241.181.174 port 48030 [preauth]","@timestamp":"2022-09-19T02:03:56.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:02 honeypot-fra-1 sshd[30709]: Connection closed by authenticating user root 103.241.181.174 port 49098 [preauth]","@timestamp":"2022-09-19T02:04:02.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:08 honeypot-fra-1 sshd[30721]: Connection closed by authenticating user root 103.241.181.174 port 50086 [preauth]","@timestamp":"2022-09-19T02:04:08.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:14 honeypot-fra-1 sshd[30733]: Connection closed by authenticating user root 103.241.181.174 port 51202 [preauth]","@timestamp":"2022-09-19T02:04:15.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:20 honeypot-fra-1 sshd[30745]: Connection closed by authenticating user root 103.241.181.174 port 52264 [preauth]","@timestamp":"2022-09-19T02:04:20.747Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:27 honeypot-fra-1 sshd[30760]: Connection closed by authenticating user root 103.241.181.174 port 53308 [preauth]","@timestamp":"2022-09-19T02:04:27.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:31 honeypot-fra-1 sshd[30770]: Connection closed by authenticating user root 103.241.181.174 port 54146 [preauth]","@timestamp":"2022-09-19T02:04:32.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:37 honeypot-fra-1 sshd[30782]: Connection closed by authenticating user root 103.241.181.174 port 55144 [preauth]","@timestamp":"2022-09-19T02:04:38.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:43 honeypot-fra-1 sshd[30794]: Connection closed by authenticating user root 103.241.181.174 port 56232 [preauth]","@timestamp":"2022-09-19T02:04:44.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:49 honeypot-fra-1 sshd[30806]: Connection closed by authenticating user root 103.241.181.174 port 57246 [preauth]","@timestamp":"2022-09-19T02:04:50.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:55 honeypot-fra-1 sshd[30818]: Connection closed by authenticating user root 103.241.181.174 port 58250 [preauth]","@timestamp":"2022-09-19T02:04:55.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:02 honeypot-fra-1 sshd[30831]: Connection closed by authenticating user root 103.241.181.174 port 59338 [preauth]","@timestamp":"2022-09-19T02:05:02.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:08 honeypot-fra-1 sshd[30843]: Connection closed by authenticating user root 103.241.181.174 port 60376 [preauth]","@timestamp":"2022-09-19T02:05:08.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:11 honeypot-fra-1 sshd[30849]: Connection closed by invalid user user 103.241.181.174 port 32776 [preauth]","@timestamp":"2022-09-19T02:05:11.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:14 honeypot-fra-1 sshd[30855]: Connection closed by invalid user user 103.241.181.174 port 33316 [preauth]","@timestamp":"2022-09-19T02:05:15.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:17 honeypot-fra-1 sshd[30861]: Connection closed by invalid user user 103.241.181.174 port 33846 [preauth]","@timestamp":"2022-09-19T02:05:18.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:20 honeypot-fra-1 sshd[30867]: Connection closed by invalid user user 103.241.181.174 port 34356 [preauth]","@timestamp":"2022-09-19T02:05:21.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:24 honeypot-fra-1 sshd[30873]: Connection closed by invalid user user 103.241.181.174 port 34910 [preauth]","@timestamp":"2022-09-19T02:05:24.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:26 honeypot-fra-1 sshd[30879]: Connection closed by invalid user user 103.241.181.174 port 35386 [preauth]","@timestamp":"2022-09-19T02:05:26.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:29 honeypot-fra-1 sshd[30885]: Connection closed by invalid user user 103.241.181.174 port 35886 [preauth]","@timestamp":"2022-09-19T02:05:29.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:32 honeypot-fra-1 sshd[30891]: Connection closed by invalid user user 103.241.181.174 port 36450 [preauth]","@timestamp":"2022-09-19T02:05:32.796Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:35 honeypot-fra-1 sshd[30897]: Connection closed by invalid user user 103.241.181.174 port 36982 [preauth]","@timestamp":"2022-09-19T02:05:35.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:38 honeypot-fra-1 sshd[30903]: Connection closed by invalid user user 103.241.181.174 port 37480 [preauth]","@timestamp":"2022-09-19T02:05:38.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:41 honeypot-fra-1 sshd[30909]: Connection closed by invalid user user 103.241.181.174 port 38026 [preauth]","@timestamp":"2022-09-19T02:05:42.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:44 honeypot-fra-1 sshd[30915]: Connection closed by invalid user user 103.241.181.174 port 38544 [preauth]","@timestamp":"2022-09-19T02:05:45.803Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:47 honeypot-fra-1 sshd[30921]: Connection closed by invalid user user 103.241.181.174 port 39048 [preauth]","@timestamp":"2022-09-19T02:05:47.805Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:50 honeypot-fra-1 sshd[30927]: Connection closed by invalid user user 103.241.181.174 port 39540 [preauth]","@timestamp":"2022-09-19T02:05:51.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:53 honeypot-fra-1 sshd[30933]: Connection closed by invalid user user 103.241.181.174 port 40092 [preauth]","@timestamp":"2022-09-19T02:05:54.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:56 honeypot-fra-1 sshd[30939]: Connection closed by invalid user user 103.241.181.174 port 40594 [preauth]","@timestamp":"2022-09-19T02:05:56.811Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:59 honeypot-fra-1 sshd[30945]: Connection closed by invalid user user 103.241.181.174 port 41102 [preauth]","@timestamp":"2022-09-19T02:05:59.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:02 honeypot-fra-1 sshd[30951]: Connection closed by invalid user user 103.241.181.174 port 41686 [preauth]","@timestamp":"2022-09-19T02:06:03.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:06 honeypot-fra-1 sshd[30957]: Connection closed by invalid user user 103.241.181.174 port 42268 [preauth]","@timestamp":"2022-09-19T02:06:06.817Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:09 honeypot-fra-1 sshd[30963]: Connection closed by invalid user user 103.241.181.174 port 42826 [preauth]","@timestamp":"2022-09-19T02:06:09.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:12 honeypot-fra-1 sshd[30969]: Connection closed by invalid user user 103.241.181.174 port 43392 [preauth]","@timestamp":"2022-09-19T02:06:13.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:15 honeypot-fra-1 sshd[30975]: Connection closed by invalid user user 103.241.181.174 port 43910 [preauth]","@timestamp":"2022-09-19T02:06:16.823Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:19 honeypot-fra-1 sshd[30981]: Connection closed by invalid user user 103.241.181.174 port 44464 [preauth]","@timestamp":"2022-09-19T02:06:19.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:22 honeypot-fra-1 sshd[30987]: Connection closed by invalid user user 103.241.181.174 port 45006 [preauth]","@timestamp":"2022-09-19T02:06:22.828Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:25 honeypot-fra-1 sshd[30993]: Connection closed by invalid user user 103.241.181.174 port 45484 [preauth]","@timestamp":"2022-09-19T02:06:25.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:28 honeypot-fra-1 sshd[30999]: Connection closed by invalid user user 103.241.181.174 port 46050 [preauth]","@timestamp":"2022-09-19T02:06:28.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:31 honeypot-fra-1 sshd[31005]: Connection closed by invalid user user 103.241.181.174 port 46560 [preauth]","@timestamp":"2022-09-19T02:06:31.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:34 honeypot-fra-1 sshd[31011]: Connection closed by invalid user ubuntu 103.241.181.174 port 47202 [preauth]","@timestamp":"2022-09-19T02:06:34.837Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:37 honeypot-fra-1 sshd[31017]: Connection closed by invalid user ubuntu 103.241.181.174 port 47634 [preauth]","@timestamp":"2022-09-19T02:06:37.839Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:40 honeypot-fra-1 sshd[31023]: Connection closed by invalid user ubuntu 103.241.181.174 port 48152 [preauth]","@timestamp":"2022-09-19T02:06:40.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:43 honeypot-fra-1 sshd[31029]: Connection closed by invalid user ubuntu 103.241.181.174 port 48684 [preauth]","@timestamp":"2022-09-19T02:06:43.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:46 honeypot-fra-1 sshd[31035]: Connection closed by invalid user ubuntu 103.241.181.174 port 49258 [preauth]","@timestamp":"2022-09-19T02:06:46.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:49 honeypot-fra-1 sshd[31041]: Connection closed by invalid user ubuntu 103.241.181.174 port 49692 [preauth]","@timestamp":"2022-09-19T02:06:49.847Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:52 honeypot-fra-1 sshd[31047]: Connection closed by invalid user ubuntu 103.241.181.174 port 50264 [preauth]","@timestamp":"2022-09-19T02:06:52.849Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:55 honeypot-fra-1 sshd[31053]: Connection closed by invalid user ubuntu 103.241.181.174 port 50762 [preauth]","@timestamp":"2022-09-19T02:06:55.851Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:58 honeypot-fra-1 sshd[31059]: Connection closed by invalid user ubuntu 103.241.181.174 port 51300 [preauth]","@timestamp":"2022-09-19T02:06:58.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:01 honeypot-fra-1 sshd[31065]: Connection closed by invalid user ubuntu 103.241.181.174 port 51798 [preauth]","@timestamp":"2022-09-19T02:07:02.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:04 honeypot-fra-1 sshd[31071]: Connection closed by invalid user ubuntu 103.241.181.174 port 52390 [preauth]","@timestamp":"2022-09-19T02:07:05.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:08 honeypot-fra-1 sshd[31077]: Connection closed by invalid user ubuntu 103.241.181.174 port 52974 [preauth]","@timestamp":"2022-09-19T02:07:08.860Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:11 honeypot-fra-1 sshd[31083]: Connection closed by invalid user ubuntu 103.241.181.174 port 53458 [preauth]","@timestamp":"2022-09-19T02:07:11.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:14 honeypot-fra-1 sshd[31089]: Connection closed by invalid user ubuntu 103.241.181.174 port 54016 [preauth]","@timestamp":"2022-09-19T02:07:14.864Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:17 honeypot-fra-1 sshd[31095]: Connection closed by invalid user ubuntu 103.241.181.174 port 54700 [preauth]","@timestamp":"2022-09-19T02:07:17.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:20 honeypot-fra-1 sshd[31103]: Connection closed by invalid user ubuntu 103.241.181.174 port 55354 [preauth]","@timestamp":"2022-09-19T02:07:20.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:23 honeypot-fra-1 sshd[31109]: Connection closed by invalid user ubuntu 103.241.181.174 port 55994 [preauth]","@timestamp":"2022-09-19T02:07:23.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:26 honeypot-fra-1 sshd[31115]: Connection closed by invalid user ubuntu 103.241.181.174 port 56690 [preauth]","@timestamp":"2022-09-19T02:07:26.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:29 honeypot-fra-1 sshd[31121]: Invalid user ubuntu from 103.241.181.174 port 57382","@timestamp":"2022-09-19T02:07:29.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:32 honeypot-fra-1 sshd[31127]: Invalid user ubuntu from 103.241.181.174 port 58066","@timestamp":"2022-09-19T02:07:32.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:35 honeypot-fra-1 sshd[31133]: Invalid user ubuntu from 103.241.181.174 port 58762","@timestamp":"2022-09-19T02:07:36.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:39 honeypot-fra-1 sshd[31139]: Invalid user ubuntu from 103.241.181.174 port 59432","@timestamp":"2022-09-19T02:07:39.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:42 honeypot-fra-1 sshd[31145]: Invalid user ubuntu from 103.241.181.174 port 59978","@timestamp":"2022-09-19T02:07:42.883Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:45 honeypot-fra-1 sshd[31151]: Invalid user ubuntu from 103.241.181.174 port 60510","@timestamp":"2022-09-19T02:07:45.885Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:48 honeypot-fra-1 sshd[31157]: Invalid user ubuntu from 103.241.181.174 port 32804","@timestamp":"2022-09-19T02:07:48.888Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:51 honeypot-fra-1 sshd[31163]: Invalid user ubuntu from 103.241.181.174 port 33394","@timestamp":"2022-09-19T02:07:51.890Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:54 honeypot-fra-1 sshd[31169]: Invalid user ubuntu from 103.241.181.174 port 33950","@timestamp":"2022-09-19T02:07:54.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:57 honeypot-fra-1 sshd[31175]: Invalid user debian from 103.241.181.174 port 34556","@timestamp":"2022-09-19T02:07:57.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:00 honeypot-fra-1 sshd[31181]: Invalid user debian from 103.241.181.174 port 35050","@timestamp":"2022-09-19T02:08:00.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:04 honeypot-fra-1 sshd[31187]: Invalid user debian from 103.241.181.174 port 35646","@timestamp":"2022-09-19T02:08:04.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:07 honeypot-fra-1 sshd[31193]: Invalid user debian from 103.241.181.174 port 36212","@timestamp":"2022-09-19T02:08:07.900Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:10 honeypot-fra-1 sshd[31199]: Invalid user debian from 103.241.181.174 port 36816","@timestamp":"2022-09-19T02:08:10.902Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:13 honeypot-fra-1 sshd[31205]: Invalid user debian from 103.241.181.174 port 37382","@timestamp":"2022-09-19T02:08:13.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:16 honeypot-fra-1 sshd[31211]: Invalid user debian from 103.241.181.174 port 38028","@timestamp":"2022-09-19T02:08:17.907Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:19 honeypot-fra-1 sshd[31217]: Invalid user debian from 103.241.181.174 port 38548","@timestamp":"2022-09-19T02:08:19.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:22 honeypot-fra-1 sshd[31223]: Invalid user debian from 103.241.181.174 port 39100","@timestamp":"2022-09-19T02:08:23.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:26 honeypot-fra-1 sshd[31229]: Invalid user debian from 103.241.181.174 port 39720","@timestamp":"2022-09-19T02:08:26.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:29 honeypot-fra-1 sshd[31235]: Invalid user debian from 103.241.181.174 port 40298","@timestamp":"2022-09-19T02:08:29.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:32 honeypot-fra-1 sshd[31242]: Invalid user debian from 103.241.181.174 port 40928","@timestamp":"2022-09-19T02:08:32.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:35 honeypot-fra-1 sshd[31248]: Invalid user debian from 103.241.181.174 port 41490","@timestamp":"2022-09-19T02:08:35.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:39 honeypot-fra-1 sshd[31254]: Invalid user debian from 103.241.181.174 port 42070","@timestamp":"2022-09-19T02:08:39.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:42 honeypot-fra-1 sshd[31260]: Invalid user debian from 103.241.181.174 port 42616","@timestamp":"2022-09-19T02:08:42.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:45 honeypot-fra-1 sshd[31266]: Invalid user debian from 103.241.181.174 port 43194","@timestamp":"2022-09-19T02:08:45.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:48 honeypot-fra-1 sshd[31272]: Invalid user debian from 103.241.181.174 port 43734","@timestamp":"2022-09-19T02:08:48.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:51 honeypot-fra-1 sshd[31278]: Invalid user debian from 103.241.181.174 port 44322","@timestamp":"2022-09-19T02:08:51.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:54 honeypot-fra-1 sshd[31284]: Invalid user debian from 103.241.181.174 port 44894","@timestamp":"2022-09-19T02:08:54.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:57 honeypot-fra-1 sshd[31290]: Invalid user debian from 103.241.181.174 port 45418","@timestamp":"2022-09-19T02:08:57.933Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:00 honeypot-fra-1 sshd[31296]: Invalid user debian from 103.241.181.174 port 45976","@timestamp":"2022-09-19T02:09:00.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:04 honeypot-fra-1 sshd[31302]: Invalid user debian from 103.241.181.174 port 46620","@timestamp":"2022-09-19T02:09:04.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:07 honeypot-fra-1 sshd[31308]: Invalid user debian from 103.241.181.174 port 47178","@timestamp":"2022-09-19T02:09:07.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:10 honeypot-fra-1 sshd[31314]: Invalid user debian from 103.241.181.174 port 47802","@timestamp":"2022-09-19T02:09:10.942Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:13 honeypot-fra-1 sshd[31320]: Invalid user debian from 103.241.181.174 port 48312","@timestamp":"2022-09-19T02:09:13.944Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:17 honeypot-fra-1 sshd[31326]: Invalid user debian from 103.241.181.174 port 48928","@timestamp":"2022-09-19T02:09:17.947Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:20 honeypot-fra-1 sshd[31332]: Invalid user debian from 103.241.181.174 port 49536","@timestamp":"2022-09-19T02:09:20.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:23 honeypot-fra-1 sshd[31338]: Invalid user debian from 103.241.181.174 port 50100","@timestamp":"2022-09-19T02:09:23.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:26 honeypot-fra-1 sshd[31344]: Invalid user admin from 103.241.181.174 port 50702","@timestamp":"2022-09-19T02:09:26.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:30 honeypot-fra-1 sshd[31350]: Invalid user admin from 103.241.181.174 port 51228","@timestamp":"2022-09-19T02:09:30.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:31 honeypot-fra-1 sshd[31356]: Invalid user admin from 103.241.181.174 port 51598","@timestamp":"2022-09-19T02:09:32.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:34 honeypot-fra-1 sshd[31362]: Invalid user admin from 103.241.181.174 port 52080","@timestamp":"2022-09-19T02:09:34.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:37 honeypot-fra-1 sshd[31368]: Invalid user admin from 103.241.181.174 port 52666","@timestamp":"2022-09-19T02:09:37.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:41 honeypot-fra-1 sshd[31374]: Invalid user admin from 103.241.181.174 port 53200","@timestamp":"2022-09-19T02:09:41.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:44 honeypot-fra-1 sshd[31380]: Invalid user admin from 103.241.181.174 port 53736","@timestamp":"2022-09-19T02:09:44.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:47 honeypot-fra-1 sshd[31386]: Invalid user admin from 103.241.181.174 port 54320","@timestamp":"2022-09-19T02:09:47.968Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:50 honeypot-fra-1 sshd[31392]: Invalid user admin from 103.241.181.174 port 54846","@timestamp":"2022-09-19T02:09:50.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:51 honeypot-fra-1 sshd[31394]: Connection closed by invalid user admin 103.241.181.174 port 55032 [preauth]","@timestamp":"2022-09-19T02:09:51.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:55 honeypot-fra-1 sshd[31402]: Connection closed by invalid user admin 103.241.181.174 port 55586 [preauth]","@timestamp":"2022-09-19T02:09:55.973Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:58 honeypot-fra-1 sshd[31408]: Connection closed by invalid user admin 103.241.181.174 port 56166 [preauth]","@timestamp":"2022-09-19T02:09:58.975Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:01 honeypot-fra-1 sshd[31415]: Connection closed by invalid user admin 103.241.181.174 port 56814 [preauth]","@timestamp":"2022-09-19T02:10:01.976Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:04 honeypot-fra-1 sshd[31421]: Connection closed by invalid user admin 103.241.181.174 port 57408 [preauth]","@timestamp":"2022-09-19T02:10:04.979Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:07 honeypot-fra-1 sshd[31427]: Connection closed by invalid user admin 103.241.181.174 port 58084 [preauth]","@timestamp":"2022-09-19T02:10:07.981Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:10 honeypot-fra-1 sshd[31433]: Connection closed by invalid user admin 103.241.181.174 port 58764 [preauth]","@timestamp":"2022-09-19T02:10:10.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:13 honeypot-fra-1 sshd[31441]: Connection closed by invalid user admin 103.241.181.174 port 59428 [preauth]","@timestamp":"2022-09-19T02:10:13.984Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:16 honeypot-fra-1 sshd[31445]: Invalid user admin from 103.241.181.174 port 59902","@timestamp":"2022-09-19T02:10:16.986Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:19 honeypot-fra-1 sshd[31451]: Invalid user admin from 103.241.181.174 port 60620","@timestamp":"2022-09-19T02:10:19.989Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:22 honeypot-fra-1 sshd[31457]: Invalid user admin from 103.241.181.174 port 33044","@timestamp":"2022-09-19T02:10:22.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:25 honeypot-fra-1 sshd[31463]: Invalid user admin from 103.241.181.174 port 33550","@timestamp":"2022-09-19T02:10:25.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:29 honeypot-fra-1 sshd[31469]: Invalid user admin from 103.241.181.174 port 34140","@timestamp":"2022-09-19T02:10:29.995Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:32 honeypot-fra-1 sshd[31475]: Invalid user admin from 103.241.181.174 port 34724","@timestamp":"2022-09-19T02:10:32.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:35 honeypot-fra-1 sshd[31481]: Invalid user admin from 103.241.181.174 port 35198","@timestamp":"2022-09-19T02:10:36.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:38 honeypot-fra-1 sshd[31487]: Invalid user admin from 103.241.181.174 port 35776","@timestamp":"2022-09-19T02:10:39.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:41 honeypot-fra-1 sshd[31493]: Invalid user admin from 103.241.181.174 port 36336","@timestamp":"2022-09-19T02:10:42.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:44 honeypot-fra-1 sshd[31499]: Invalid user admin from 103.241.181.174 port 36824","@timestamp":"2022-09-19T02:10:45.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:47 honeypot-fra-1 sshd[31505]: Invalid user admin from 103.241.181.174 port 37360","@timestamp":"2022-09-19T02:10:48.009Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:50 honeypot-fra-1 sshd[31511]: Invalid user pi from 103.241.181.174 port 37900","@timestamp":"2022-09-19T02:10:51.011Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:15:26.052Z","@version":"1","message":"Sep 19 02:15:25 honeypot-sgp-1 kernel: [84429827.556841] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=36665 DF PROTO=TCP SPT=2491 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:16:26 honeypot-fra-1 kernel: [84428191.889890] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.97 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=11793 PROTO=TCP SPT=14874 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:16:27.137Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T02:16:56.093Z","@version":"1","message":"Sep 19 02:16:55 honeypot-sgp-1 sshd[32391]: Received disconnect from 92.255.85.69 port 46116:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:01 honeypot-ams-1 CRON[6857]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T02:17:02.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:55 honeypot-ams-1 sshd[6863]: Invalid user user from 45.61.184.204 port 37156","@timestamp":"2022-09-19T02:17:55.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:12 honeypot-ams-1 sshd[6867]: Invalid user user from 45.61.184.204 port 59650","@timestamp":"2022-09-19T02:18:13.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:30 honeypot-ams-1 sshd[6871]: Invalid user user from 45.61.184.204 port 53898","@timestamp":"2022-09-19T02:18:30.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:41 honeypot-ams-1 sshd[6875]: Invalid user postgres from 92.255.85.69 port 45568","@timestamp":"2022-09-19T02:18:41.391Z"}
{"@timestamp":"2022-09-19T02:20:28.183Z","@version":"1","message":"Sep 19 02:20:27 honeypot-sgp-1 sshd[32398]: Invalid user user from 45.61.184.204 port 59820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:20:48.194Z","@version":"1","message":"Sep 19 02:20:48 honeypot-sgp-1 sshd[32402]: Invalid user user from 45.61.184.204 port 54984","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:07.203Z","@version":"1","message":"Sep 19 02:21:06 honeypot-sgp-1 sshd[32406]: Invalid user user from 45.61.184.204 port 50122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:25.211Z","@version":"1","message":"Sep 19 02:21:24 honeypot-sgp-1 sshd[32410]: Invalid user user from 45.61.184.204 port 45274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:08 honeypot-fra-1 sshd[31523]: Connection closed by invalid user sd 141.98.10.158 port 43872 [preauth]","@timestamp":"2022-09-19T02:23:09.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:31 honeypot-fra-1 sshd[31527]: Disconnected from invalid user user 45.61.184.204 port 43372 [preauth]","@timestamp":"2022-09-19T02:23:31.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:50 honeypot-fra-1 sshd[31531]: Disconnected from invalid user user 45.61.184.204 port 38560 [preauth]","@timestamp":"2022-09-19T02:23:51.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:09 honeypot-fra-1 sshd[31535]: Disconnected from invalid user user 45.61.184.204 port 33756 [preauth]","@timestamp":"2022-09-19T02:24:10.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:26 honeypot-fra-1 sshd[31539]: Received disconnect from 104.248.1.96 port 55698:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:24:27.330Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:27:41.369Z","@version":"1","message":"Sep 19 02:27:40 honeypot-sgp-1 sshd[32415]: Received disconnect from 187.86.132.252 port 48750:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:29:44 honeypot-ams-1 sshd[6880]: Invalid user terri from 187.51.55.82 port 53892","@timestamp":"2022-09-19T02:29:44.674Z"}
{"@timestamp":"2022-09-19T02:31:18.461Z","@version":"1","message":"Sep 19 02:31:17 honeypot-sgp-1 sshd[32419]: Received disconnect from 52.151.65.193 port 44986:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:34:43 honeypot-ams-1 sshd[6885]: Received disconnect from 203.223.191.206 port 53436:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:34:43.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:34:45 honeypot-fra-1 sshd[31547]: Connection closed by authenticating user root 103.188.176.251 port 36670 [preauth]","@timestamp":"2022-09-19T02:34:45.562Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:35:33.572Z","@version":"1","message":"Sep 19 02:35:33 honeypot-sgp-1 sshd[32426]: Invalid user cameras from 185.246.130.20 port 8518","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:35:57.584Z","@version":"1","message":"Sep 19 02:35:57 honeypot-sgp-1 sshd[32432]: Invalid user  from 185.246.130.20 port 16249","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:24.599Z","@version":"1","message":"Sep 19 02:36:24 honeypot-sgp-1 sshd[32438]: Invalid user admin from 185.246.130.20 port 60364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:56.615Z","@version":"1","message":"Sep 19 02:36:56 honeypot-sgp-1 sshd[32444]: Disconnecting authenticating user root 185.246.130.20 port 28459: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:25.630Z","@version":"1","message":"Sep 19 02:37:24 honeypot-sgp-1 sshd[32450]: Disconnecting invalid user araknis 185.246.130.20 port 44793: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:50.644Z","@version":"1","message":"Sep 19 02:37:49 honeypot-sgp-1 sshd[32458]: Invalid user Admin from 185.246.130.20 port 4691","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:15.657Z","@version":"1","message":"Sep 19 02:38:14 honeypot-sgp-1 sshd[32464]: Invalid user guest from 185.246.130.20 port 33288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:42.671Z","@version":"1","message":"Sep 19 02:38:41 honeypot-sgp-1 sshd[32470]: Disconnecting invalid user  185.246.130.20 port 61031: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:01.681Z","@version":"1","message":"Sep 19 02:39:00 honeypot-sgp-1 sshd[32476]: Invalid user cisco from 185.246.130.20 port 59682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:23.694Z","@version":"1","message":"Sep 19 02:39:23 honeypot-sgp-1 sshd[32482]: Disconnecting authenticating user root 185.246.130.20 port 13713: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:46.705Z","@version":"1","message":"Sep 19 02:39:46 honeypot-sgp-1 sshd[32488]: Disconnecting invalid user adslroot 185.246.130.20 port 50063: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:06.718Z","@version":"1","message":"Sep 19 02:40:06 honeypot-sgp-1 sshd[32494]: Disconnecting invalid user blank 185.246.130.20 port 27597: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:31.730Z","@version":"1","message":"Sep 19 02:40:31 honeypot-sgp-1 sshd[32502]: Disconnecting authenticating user root 185.246.130.20 port 53196: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:00.746Z","@version":"1","message":"Sep 19 02:41:00 honeypot-sgp-1 sshd[32508]: Disconnecting invalid user c1@r0 185.246.130.20 port 19621: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:25.760Z","@version":"1","message":"Sep 19 02:41:25 honeypot-sgp-1 sshd[32514]: Disconnecting invalid user superonline 185.246.130.20 port 64015: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:45.770Z","@version":"1","message":"Sep 19 02:41:45 honeypot-sgp-1 sshd[32520]: Disconnecting invalid user Admin 185.246.130.20 port 28968: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:05.782Z","@version":"1","message":"Sep 19 02:42:04 honeypot-sgp-1 sshd[32526]: Disconnecting invalid user  185.246.130.20 port 34018: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:23.791Z","@version":"1","message":"Sep 19 02:42:23 honeypot-sgp-1 sshd[32532]: Disconnecting invalid user  185.246.130.20 port 12161: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:35.798Z","@version":"1","message":"Sep 19 02:42:35 honeypot-sgp-1 sshd[32538]: Disconnecting invalid user motorola 185.246.130.20 port 29345: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:07.814Z","@version":"1","message":"Sep 19 02:43:07 honeypot-sgp-1 sshd[32546]: Invalid user admin from 185.246.130.20 port 17557","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:29.825Z","@version":"1","message":"Sep 19 02:43:29 honeypot-sgp-1 sshd[32552]: Invalid user admin from 185.246.130.20 port 42643","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:43:49 honeypot-ams-1 kernel: [84432009.097462] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=190.60.73.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=53487 PROTO=TCP SPT=12016 DPT=80 WINDOW=28600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:43:50.055Z"}
{"@timestamp":"2022-09-19T02:43:50.837Z","@version":"1","message":"Sep 19 02:43:50 honeypot-sgp-1 sshd[32558]: Invalid user Shiko from 185.246.130.20 port 32845","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:43:54 honeypot-fra-1 kernel: [84429839.988034] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35417 PROTO=TCP SPT=55248 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:43:54.770Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T02:44:10.847Z","@version":"1","message":"Sep 19 02:44:10 honeypot-sgp-1 sshd[32564]: Invalid user smcadmin from 185.246.130.20 port 25432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:26.856Z","@version":"1","message":"Sep 19 02:44:26 honeypot-sgp-1 sshd[32570]: Invalid user highspeed from 185.246.130.20 port 36555","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:40.864Z","@version":"1","message":"Sep 19 02:44:40 honeypot-sgp-1 sshd[32576]: Invalid user  from 185.246.130.20 port 14839","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:01.875Z","@version":"1","message":"Sep 19 02:45:01 honeypot-sgp-1 sshd[32582]: Invalid user public from 185.246.130.20 port 56923","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:20.886Z","@version":"1","message":"Sep 19 02:45:20 honeypot-sgp-1 sshd[32588]: Disconnecting authenticating user root 185.246.130.20 port 59080: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:45.899Z","@version":"1","message":"Sep 19 02:45:45 honeypot-sgp-1 sshd[32596]: Invalid user amdin from 185.246.130.20 port 10104","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:02.909Z","@version":"1","message":"Sep 19 02:46:02 honeypot-sgp-1 sshd[32602]: Invalid user admin from 185.246.130.20 port 52051","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:19.919Z","@version":"1","message":"Sep 19 02:46:19 honeypot-sgp-1 sshd[32608]: Invalid user admin from 185.246.130.20 port 50032","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:33.927Z","@version":"1","message":"Sep 19 02:46:33 honeypot-sgp-1 sshd[32614]: Invalid user 1admin0 from 185.246.130.20 port 15348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:46:40 honeypot-ams-1 sshd[6895]: Invalid user admin from 125.229.136.143 port 56638","@timestamp":"2022-09-19T02:46:40.134Z"}
{"@timestamp":"2022-09-19T02:49:49.011Z","@version":"1","message":"Sep 19 02:49:48 honeypot-sgp-1 kernel: [84431891.042797] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58748 PROTO=TCP SPT=55248 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:57:06.196Z","@version":"1","message":"Sep 19 02:57:05 honeypot-sgp-1 sshd[32623]: Invalid user xhl from 103.188.176.251 port 42172","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:57:21 honeypot-ams-1 sshd[6898]: Disconnected from authenticating user root 128.199.208.187 port 42002 [preauth]","@timestamp":"2022-09-19T02:57:21.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:02:13 honeypot-ams-1 sshd[6903]: Received disconnect from 128.199.162.67 port 40596:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:02:13.540Z"}
{"@timestamp":"2022-09-19T03:04:43.393Z","@version":"1","message":"Sep 19 03:04:42 honeypot-sgp-1 sshd[32628]: Invalid user ftp from 179.60.147.69 port 42950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:05:11 honeypot-ams-1 sshd[6907]: Did not receive identification string from 218.152.190.56 port 6978","@timestamp":"2022-09-19T03:05:11.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:05:27 honeypot-fra-1 sshd[31557]: Received disconnect from 92.255.85.70 port 58846:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:05:28.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:06:46 honeypot-ams-1 sshd[6910]: Received disconnect from 103.136.40.93 port 53614:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:06:46.666Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:06:53 honeypot-fra-1 sshd[31561]: Disconnected from invalid user teamspeak 159.89.40.119 port 36328 [preauth]","@timestamp":"2022-09-19T03:06:54.287Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:08:25 honeypot-ams-1 sshd[6913]: Invalid user ftp from 179.60.147.69 port 15018","@timestamp":"2022-09-19T03:08:25.718Z"}
{"@timestamp":"2022-09-19T03:08:32.490Z","@version":"1","message":"Sep 19 03:08:32 honeypot-sgp-1 kernel: [84433014.515350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.105 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35553 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:10:20.539Z","@version":"1","message":"Sep 19 03:10:19 honeypot-sgp-1 kernel: [84433121.789749] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=40903 PROTO=TCP SPT=56403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:14:53 honeypot-fra-1 kernel: [84431698.312123] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36933 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:14:53.466Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T03:15:06.658Z","@version":"1","message":"Sep 19 03:15:06 honeypot-sgp-1 sshd[32638]: Disconnected from invalid user teamspeak 128.199.147.56 port 41704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:17:01.708Z","@version":"1","message":"Sep 19 03:17:01 honeypot-sgp-1 CRON[32644]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:17:01 honeypot-ams-1 CRON[6918]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T03:17:01.951Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:21:11 honeypot-fra-1 sshd[31574]: Invalid user admin from 159.203.85.196 port 50845","@timestamp":"2022-09-19T03:21:12.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:22:10 honeypot-ams-1 sshd[6924]: Received disconnect from 175.118.152.100 port 54027:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:22:11.088Z"}
{"@timestamp":"2022-09-19T03:23:34.875Z","@version":"1","message":"Sep 19 03:23:34 honeypot-sgp-1 kernel: [84433916.891950] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=90 TOS=0x00 PREC=0x00 TTL=245 ID=40919 PROTO=TCP SPT=24363 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:25:08 honeypot-fra-1 sshd[31576]: Disconnected from invalid user test 93.113.61.126 port 33272 [preauth]","@timestamp":"2022-09-19T03:25:08.696Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:31:56 honeypot-ams-1 kernel: [84434895.518995] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.89.83.156 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=25046 DF PROTO=TCP SPT=54994 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:31:56.339Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:32:47 honeypot-fra-1 sshd[31581]: Invalid user admin from 92.255.85.70 port 34204","@timestamp":"2022-09-19T03:32:47.868Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:38:16 honeypot-fra-1 sshd[31586]: Disconnected from authenticating user root 179.43.156.143 port 44922 [preauth]","@timestamp":"2022-09-19T03:38:16.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:40:08 honeypot-fra-1 sshd[31592]: Disconnected from authenticating user root 179.43.156.143 port 38998 [preauth]","@timestamp":"2022-09-19T03:40:09.039Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:41:54 honeypot-fra-1 sshd[31598]: Invalid user nutanix from 179.43.156.143 port 33106","@timestamp":"2022-09-19T03:41:55.081Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:41:54.331Z","@version":"1","message":"Sep 19 03:41:53 honeypot-sgp-1 sshd[32655]: Received disconnect from 92.255.85.69 port 29754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:42:24 honeypot-ams-1 kernel: [84435524.131853] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.217.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51850 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:42:25.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:43:06 honeypot-fra-1 sshd[31603]: Invalid user nfsnobod from 179.43.156.143 port 57406","@timestamp":"2022-09-19T03:43:07.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:43:45 honeypot-fra-1 sshd[31607]: Invalid user ftp from 193.106.191.157 port 57260","@timestamp":"2022-09-19T03:43:46.129Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:44:57 honeypot-fra-1 sshd[31611]: Disconnected from invalid user git 179.43.156.143 port 51516 [preauth]","@timestamp":"2022-09-19T03:44:58.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:45:03.412Z","@version":"1","message":"Sep 19 03:45:02 honeypot-sgp-1 sshd[32660]: Invalid user user from 45.61.186.169 port 39066","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:21.422Z","@version":"1","message":"Sep 19 03:45:20 honeypot-sgp-1 sshd[32664]: Invalid user user from 45.61.186.169 port 33770","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:37.431Z","@version":"1","message":"Sep 19 03:45:37 honeypot-sgp-1 sshd[32669]: Invalid user user from 45.61.186.169 port 56620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:46:13 honeypot-fra-1 sshd[31615]: Disconnected from invalid user testuser 179.43.156.143 port 47588 [preauth]","@timestamp":"2022-09-19T03:46:13.208Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:46:20.451Z","@version":"1","message":"Sep 19 03:46:20 honeypot-sgp-1 sshd[32673]: Connection closed by authenticating user root 179.60.147.69 port 9926 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:47:28 honeypot-fra-1 sshd[31619]: Disconnected from invalid user vagrant 179.43.156.143 port 43652 [preauth]","@timestamp":"2022-09-19T03:47:28.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:48:45 honeypot-fra-1 sshd[31626]: Received disconnect from 179.43.156.143 port 39720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:48:45.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:49:11 honeypot-ams-1 sshd[6936]: Invalid user barison from 34.93.204.90 port 39572","@timestamp":"2022-09-19T03:49:12.781Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:49:24 honeypot-fra-1 sshd[31630]: Received disconnect from 179.43.156.143 port 37750:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:49:25.288Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:50:13 honeypot-ams-1 sshd[6940]: Connection closed by authenticating user root 179.60.147.69 port 11366 [preauth]","@timestamp":"2022-09-19T03:50:13.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:50:44 honeypot-fra-1 sshd[31634]: Received disconnect from 179.43.156.143 port 33810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:50:44.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:51:45 honeypot-fra-1 sshd[31638]: Disconnected from invalid user debian 115.88.38.58 port 57894 [preauth]","@timestamp":"2022-09-19T03:51:45.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:53:29 honeypot-fra-1 sshd[31645]: Disconnected from authenticating user root 179.43.156.143 port 54180 [preauth]","@timestamp":"2022-09-19T03:53:30.390Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:53:57 honeypot-ams-1 sshd[6945]: Received disconnect from 115.94.79.59 port 43166:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:53:57.908Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:55:34 honeypot-fra-1 sshd[31651]: Received disconnect from 179.43.156.143 port 48284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:55:35.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:57:08 honeypot-ams-1 sshd[6949]: Received disconnect from 103.72.4.8 port 50008:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:57:08.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:57:44 honeypot-fra-1 sshd[31657]: Received disconnect from 179.43.156.143 port 42386:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:57:44.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:59:08 honeypot-fra-1 sshd[31662]: Received disconnect from 179.43.156.143 port 38448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:59:09.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:59:26.801Z","@version":"1","message":"Sep 19 03:59:26 honeypot-sgp-1 kernel: [84436068.556847] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.82.65.186 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=34265 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:00:24 honeypot-fra-1 kernel: [84434429.841941] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.82.65.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=47458 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:00:25.555Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:00:44 honeypot-ams-1 kernel: [84436624.024232] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=86 TOS=0x00 PREC=0x00 TTL=252 ID=36942 PROTO=TCP SPT=10111 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:00:45.087Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:01:58 honeypot-fra-1 sshd[31673]: Received disconnect from 179.43.156.143 port 58824:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T04:01:59.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:03:25 honeypot-fra-1 sshd[31677]: Disconnected from invalid user dmdba 179.43.156.143 port 54876 [preauth]","@timestamp":"2022-09-19T04:03:25.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:04:52 honeypot-fra-1 sshd[31682]: Received disconnect from 179.43.156.143 port 50932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T04:04:52.663Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:08:10 honeypot-ams-1 sshd[6960]: Disconnected from invalid user karasawa 143.198.123.124 port 57190 [preauth]","@timestamp":"2022-09-19T04:08:11.285Z"}
{"@timestamp":"2022-09-19T04:09:22.049Z","@version":"1","message":"Sep 19 04:09:21 honeypot-sgp-1 sshd[32681]: Disconnected from authenticating user root 61.177.173.39 port 60667 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:10:54.238Z","@version":"1","message":"Sep 19 04:10:53 honeypot-sgp-1 sshd[32691]: Disconnected from authenticating user root 61.177.173.36 port 11235 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:11:46 honeypot-fra-1 sshd[31687]: Received disconnect from 43.154.50.12 port 33272:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:11:46.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:14:09 honeypot-fra-1 sshd[31693]: Received disconnect from 64.225.58.159 port 54368:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:14:09.867Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:17:01 honeypot-ams-1 CRON[6963]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T04:17:01.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:17:01 honeypot-fra-1 CRON[31698]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T04:17:01.933Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:17:02.398Z","@version":"1","message":"Sep 19 04:17:01 honeypot-sgp-1 CRON[32699]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:20:03.479Z","@version":"1","message":"Sep 19 04:20:02 honeypot-sgp-1 sshd[32705]: Disconnected from invalid user cy 41.93.33.2 port 43602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:23:06 honeypot-ams-1 sshd[6969]: Received disconnect from 210.211.108.149 port 48364:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:23:06.684Z"}
{"@timestamp":"2022-09-19T04:25:47.629Z","@version":"1","message":"Sep 19 04:25:47 honeypot-sgp-1 kernel: [84437649.391350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=52497 DF PROTO=TCP SPT=63883 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:28:07 honeypot-fra-1 sshd[31706]: Connection closed by authenticating user root 179.60.147.69 port 12198 [preauth]","@timestamp":"2022-09-19T04:28:08.181Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:28:22.700Z","@version":"1","message":"Sep 19 04:28:21 honeypot-sgp-1 sshd[32718]: Disconnected from 206.81.0.243 port 46554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:32:55.823Z","@version":"1","message":"Sep 19 04:32:54 honeypot-sgp-1 kernel: [84438076.958474] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.76.113.158 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=64995 DF PROTO=TCP SPT=58100 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31722]: Invalid user chia from 34.71.244.4 port 36290","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31718]: Invalid user oracle from 34.71.244.4 port 36246","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31730]: Invalid user ftptest from 34.71.244.4 port 36068","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31723]: Connection closed by authenticating user root 34.71.244.4 port 36396 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31719]: Connection closed by invalid user admin 34.71.244.4 port 36176 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31720]: Connection closed by invalid user test 34.71.244.4 port 36130 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31728]: Connection closed by invalid user devops 34.71.244.4 port 36410 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:35:47 honeypot-ams-1 kernel: [84438726.940850] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.82.65.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51894 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:35:48.010Z"}
{"@timestamp":"2022-09-19T04:39:12.986Z","@version":"1","message":"Sep 19 04:39:12 honeypot-sgp-1 kernel: [84438454.283014] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=30481 PROTO=TCP SPT=42162 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:53:48 honeypot-fra-1 kernel: [84437633.899385] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=53270 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:53:49.744Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T04:54:21.382Z","@version":"1","message":"Sep 19 04:54:20 honeypot-sgp-1 sshd[32736]: Invalid user user from 45.61.186.249 port 55074","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:54:40.393Z","@version":"1","message":"Sep 19 04:54:40 honeypot-sgp-1 sshd[32740]: Invalid user user from 45.61.186.249 port 49562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:54:53 honeypot-ams-1 sshd[6984]: Invalid user system from 92.255.85.70 port 49398","@timestamp":"2022-09-19T04:54:54.493Z"}
{"@timestamp":"2022-09-19T04:54:58.401Z","@version":"1","message":"Sep 19 04:54:58 honeypot-sgp-1 sshd[32744]: Invalid user user from 45.61.186.249 port 44046","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:55:15.409Z","@version":"1","message":"Sep 19 04:55:14 honeypot-sgp-1 sshd[32748]: Invalid user user from 45.61.186.249 port 38532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:56:58 honeypot-ams-1 kernel: [84439997.207808] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58201 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:56:58.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:59:18 honeypot-fra-1 sshd[31764]: Connection closed by invalid user xhl 103.188.176.251 port 36030 [preauth]","@timestamp":"2022-09-19T04:59:18.867Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:59:34.518Z","@version":"1","message":"Sep 19 04:59:34 honeypot-sgp-1 sshd[32753]: Received disconnect from 61.177.172.19 port 56048:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:04:41 honeypot-fra-1 sshd[31770]: Connection closed by invalid user myshake 179.60.147.69 port 1610 [preauth]","@timestamp":"2022-09-19T05:04:41.989Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:05:03 honeypot-ams-1 kernel: [84440483.151783] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.80.164.21 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=1475 DF PROTO=TCP SPT=53083 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:05:04.754Z"}
{"@timestamp":"2022-09-19T05:07:04.710Z","@version":"1","message":"Sep 19 05:07:04 honeypot-sgp-1 sshd[32760]: Received disconnect from 61.177.173.36 port 50141:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:08:27 honeypot-ams-1 kernel: [84440686.943028] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=85.105.100.160 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=4437 PROTO=TCP SPT=1566 DPT=80 WINDOW=8766 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:08:27.845Z"}
{"@timestamp":"2022-09-19T05:10:46.805Z","@version":"1","message":"Sep 19 05:10:46 honeypot-sgp-1 sshd[32763]: Disconnected from invalid user user 45.61.186.249 port 41726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:05.815Z","@version":"1","message":"Sep 19 05:11:05 honeypot-sgp-1 sshd[301]: Disconnected from invalid user user 45.61.186.249 port 36746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:24.825Z","@version":"1","message":"Sep 19 05:11:24 honeypot-sgp-1 sshd[305]: Disconnected from invalid user user 45.61.186.249 port 60010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:33.830Z","@version":"1","message":"Sep 19 05:11:33 honeypot-sgp-1 sshd[309]: Disconnected from invalid user user 45.61.186.249 port 43392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:13:25.878Z","@version":"1","message":"Sep 19 05:13:25 honeypot-sgp-1 kernel: [84440507.329163] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=24952 PROTO=TCP SPT=52057 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:13:25 honeypot-fra-1 sshd[31777]: Invalid user liushu from 165.22.45.108 port 53886","@timestamp":"2022-09-19T05:13:26.186Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:17:08.974Z","@version":"1","message":"Sep 19 05:17:08 honeypot-sgp-1 sshd[319]: Disconnected from authenticating user root 61.177.173.52 port 23692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:19:12 honeypot-fra-1 sshd[31784]: Received disconnect from 92.255.85.70 port 63130:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:19:12.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:19:55 honeypot-ams-1 kernel: [84441374.853508] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.191.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=1864 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:19:56.138Z"}
{"@timestamp":"2022-09-19T05:21:25.084Z","@version":"1","message":"Sep 19 05:21:24 honeypot-sgp-1 sshd[328]: Disconnected from authenticating user root 61.177.173.36 port 40553 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:24:03.154Z","@version":"1","message":"Sep 19 05:24:02 honeypot-sgp-1 kernel: [84441144.810720] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19856 PROTO=TCP SPT=25471 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:24:38 honeypot-ams-1 kernel: [84441657.688489] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=9577 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:24:39.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:25:20 honeypot-ams-1 sshd[7454]: Disconnected from invalid user reggie 43.133.196.188 port 53452 [preauth]","@timestamp":"2022-09-19T05:25:20.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:28:51 honeypot-fra-1 sshd[31788]: Invalid user user from 45.61.186.169 port 45328","@timestamp":"2022-09-19T05:28:52.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:10 honeypot-fra-1 sshd[31792]: Invalid user user from 45.61.186.169 port 40434","@timestamp":"2022-09-19T05:29:10.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:28 honeypot-fra-1 sshd[31796]: Invalid user user from 45.61.186.169 port 35536","@timestamp":"2022-09-19T05:29:28.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:44 honeypot-fra-1 sshd[31800]: Invalid user user from 45.61.186.169 port 58872","@timestamp":"2022-09-19T05:29:44.556Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:30:28.318Z","@version":"1","message":"Sep 19 05:30:27 honeypot-sgp-1 sshd[338]: Received disconnect from 61.177.173.50 port 26496:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:36:26 honeypot-ams-1 sshd[7462]: Invalid user ftp from 193.106.191.157 port 34544","@timestamp":"2022-09-19T05:36:27.565Z"}
{"@timestamp":"2022-09-19T05:36:47.479Z","@version":"1","message":"Sep 19 05:36:47 honeypot-sgp-1 sshd[343]: Invalid user trisha from 49.247.34.252 port 44395","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:40:13.566Z","@version":"1","message":"Sep 19 05:40:13 honeypot-sgp-1 sshd[349]: Disconnected from 61.177.173.46 port 39996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:40:25 honeypot-ams-1 sshd[7466]: Received disconnect from 196.216.73.90 port 21193:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:40:25.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:41:38 honeypot-fra-1 kernel: [84440503.294923] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=61197 PROTO=TCP SPT=25471 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:41:38.821Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:43:33 honeypot-fra-1 sshd[31809]: Received disconnect from 104.131.129.113 port 35368:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:43:33.867Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:46:11 honeypot-ams-1 kernel: [84442950.917459] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.68.192.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=5107 PROTO=TCP SPT=45247 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:46:11.819Z"}
{"@timestamp":"2022-09-19T05:49:50.809Z","@version":"1","message":"Sep 19 05:49:50 honeypot-sgp-1 sshd[355]: Disconnected from authenticating user root 61.177.173.46 port 63586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:51:04 honeypot-fra-1 kernel: [84441069.679545] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=9451 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:51:05.035Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T05:54:36.931Z","@version":"1","message":"Sep 19 05:54:35 honeypot-sgp-1 sshd[362]: Disconnected from invalid user user 92.255.85.70 port 16274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:55:02 honeypot-fra-1 sshd[31816]: Disconnected from authenticating user root 186.103.169.12 port 55064 [preauth]","@timestamp":"2022-09-19T05:55:03.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:59:13 honeypot-ams-1 sshd[7473]: Connection closed by 167.94.138.60 port 34756 [preauth]","@timestamp":"2022-09-19T05:59:14.152Z"}
{"@timestamp":"2022-09-19T06:01:19.100Z","@version":"1","message":"Sep 19 06:01:18 honeypot-sgp-1 sshd[373]: Did not receive identification string from 45.61.186.249 port 43502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:01:59.120Z","@version":"1","message":"Sep 19 06:01:58 honeypot-sgp-1 sshd[376]: Disconnected from invalid user user 45.61.186.249 port 60812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:16.128Z","@version":"1","message":"Sep 19 06:02:16 honeypot-sgp-1 sshd[380]: Disconnected from invalid user user 45.61.186.249 port 55538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:34.137Z","@version":"1","message":"Sep 19 06:02:33 honeypot-sgp-1 sshd[384]: Disconnected from invalid user user 45.61.186.249 port 50252 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:03:53.173Z","@version":"1","message":"Sep 19 06:03:52 honeypot-sgp-1 sshd[388]: Received disconnect from 61.177.173.47 port 64549:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:05:03 honeypot-fra-1 sshd[31822]: Received disconnect from 20.126.126.43 port 60318:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:05:04.353Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:08:56.300Z","@version":"1","message":"Sep 19 06:08:56 honeypot-sgp-1 kernel: [84443837.929459] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=3.86.247.167 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=22262 DF PROTO=TCP SPT=49662 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:11:42 honeypot-ams-1 kernel: [84444482.072621] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=49661 PROTO=TCP SPT=827 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:11:43.467Z"}
{"@timestamp":"2022-09-19T06:12:28.390Z","@version":"1","message":"Sep 19 06:12:27 honeypot-sgp-1 sshd[399]: Disconnected from 61.177.172.108 port 51782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:15 honeypot-fra-1 sshd[31902]: Invalid user user from 45.61.187.160 port 36718","@timestamp":"2022-09-19T06:15:15.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:33 honeypot-fra-1 sshd[31906]: Invalid user user from 45.61.187.160 port 60180","@timestamp":"2022-09-19T06:15:34.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:50 honeypot-fra-1 sshd[31910]: Invalid user user from 45.61.187.160 port 55380","@timestamp":"2022-09-19T06:15:50.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:16:06 honeypot-fra-1 sshd[31914]: Invalid user user from 45.61.187.160 port 50580","@timestamp":"2022-09-19T06:16:06.613Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:17:01 honeypot-ams-1 CRON[7572]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T06:17:01.604Z"}
{"@timestamp":"2022-09-19T06:17:02.503Z","@version":"1","message":"Sep 19 06:17:01 honeypot-sgp-1 CRON[491]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:17:55 honeypot-fra-1 sshd[31919]: Received disconnect from 92.255.85.69 port 32862:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:17:55.657Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:21:33.619Z","@version":"1","message":"Sep 19 06:21:32 honeypot-sgp-1 sshd[501]: Disconnected from authenticating user root 61.177.173.52 port 53772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:25:19 honeypot-ams-1 kernel: [84445298.708359] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30751 PROTO=TCP SPT=48367 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:25:19.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:33:48 honeypot-ams-1 sshd[7751]: Did not receive identification string from 45.61.186.169 port 36990","@timestamp":"2022-09-19T06:33:49.060Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:33:58 honeypot-fra-1 kernel: [84443643.239691] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.207.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52652 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:33:59.027Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:36 honeypot-ams-1 sshd[7754]: Disconnected from invalid user user 45.61.186.169 port 51080 [preauth]","@timestamp":"2022-09-19T06:34:37.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:53 honeypot-ams-1 sshd[7758]: Received disconnect from 45.61.186.169 port 46286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:34:54.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:10 honeypot-ams-1 sshd[7762]: Received disconnect from 45.61.186.169 port 41490:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:35:11.116Z"}
{"@timestamp":"2022-09-19T06:35:40.001Z","@version":"1","message":"Sep 19 06:35:39 honeypot-sgp-1 sshd[744]: Received disconnect from 61.177.173.37 port 16937:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:38:02.063Z","@version":"1","message":"Sep 19 06:38:01 honeypot-sgp-1 kernel: [84445583.492186] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=14320 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:39:41 honeypot-ams-1 sshd[7767]: Invalid user logger from 35.236.14.147 port 49962","@timestamp":"2022-09-19T06:39:42.233Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:43:19 honeypot-fra-1 sshd[32165]: Received disconnect from 167.172.58.10 port 46536:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:43:20.232Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:43:39 honeypot-ams-1 sshd[7771]: Connection closed by 43.128.232.139 port 40872 [preauth]","@timestamp":"2022-09-19T06:43:40.337Z"}
{"@timestamp":"2022-09-19T06:45:24.247Z","@version":"1","message":"Sep 19 06:45:24 honeypot-sgp-1 sshd[755]: Disconnected from authenticating user root 61.177.172.124 port 47200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:45:34 honeypot-fra-1 sshd[32170]: Disconnected from authenticating user root 117.158.87.112 port 3117 [preauth]","@timestamp":"2022-09-19T06:45:35.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:50:15.370Z","@version":"1","message":"Sep 19 06:50:15 honeypot-sgp-1 kernel: [84446317.212893] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.91 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37548 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:50:15 honeypot-ams-1 kernel: [84446794.629213] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34983 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:50:15.508Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:52:00 honeypot-fra-1 kernel: [84444725.091850] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=88 TOS=0x00 PREC=0x00 TTL=250 ID=3964 PROTO=TCP SPT=13633 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:52:00.428Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:55:22 honeypot-ams-1 sshd[7779]: Received disconnect from 58.27.134.52 port 47002:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:55:22.641Z"}
{"@timestamp":"2022-09-19T06:56:41.531Z","@version":"1","message":"Sep 19 06:56:41 honeypot-sgp-1 sshd[766]: Invalid user demo from 179.60.147.69 port 24154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:00:21 honeypot-ams-1 sshd[7784]: Invalid user demo from 179.60.147.69 port 13250","@timestamp":"2022-09-19T07:00:21.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:02:22 honeypot-fra-1 kernel: [84445347.174922] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=72.68.192.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8909 PROTO=TCP SPT=45247 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:02:22.673Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:06:30.793Z","@version":"1","message":"Sep 19 07:06:29 honeypot-sgp-1 sshd[776]: Invalid user robin123 from 139.59.102.170 port 38176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:07:48 honeypot-fra-1 sshd[32184]: Received disconnect from 177.144.160.220 port 21281:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:07:48.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:09:37 honeypot-fra-1 sshd[32188]: Disconnected from invalid user liuwei 165.22.45.108 port 59790 [preauth]","@timestamp":"2022-09-19T07:09:37.838Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:09:48.877Z","@version":"1","message":"Sep 19 07:09:48 honeypot-sgp-1 sshd[781]: Disconnected from authenticating user root 61.177.173.36 port 19771 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:12:15 honeypot-ams-1 kernel: [84448114.484981] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=83 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=8190 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:12:16.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:13:26 honeypot-fra-1 sshd[32194]: Disconnected from authenticating user root 92.255.85.70 port 25472 [preauth]","@timestamp":"2022-09-19T07:13:26.926Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:17:02.058Z","@version":"1","message":"Sep 19 07:17:01 honeypot-sgp-1 CRON[788]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:21:29 honeypot-ams-1 kernel: [84448668.988704] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=8182 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:21:30.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:22:26 honeypot-ams-1 sshd[7803]: Invalid user postgres from 175.193.13.3 port 44076","@timestamp":"2022-09-19T07:22:26.348Z"}
{"@timestamp":"2022-09-19T07:22:28.194Z","@version":"1","message":"Sep 19 07:22:27 honeypot-sgp-1 sshd[798]: Disconnected from authenticating user root 61.177.173.47 port 53276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:25:40 honeypot-ams-1 sshd[7806]: Disconnected from invalid user ob 51.75.143.42 port 34766 [preauth]","@timestamp":"2022-09-19T07:25:40.433Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:26:27 honeypot-fra-1 sshd[32205]: Connection closed by invalid user www 103.188.176.251 port 55274 [preauth]","@timestamp":"2022-09-19T07:26:28.216Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:34:34.520Z","@version":"1","message":"Sep 19 07:34:34 honeypot-sgp-1 sshd[806]: Received disconnect from 61.177.172.108 port 44279:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:36:00 honeypot-fra-1 sshd[32213]: Invalid user pvn from 159.65.1.92 port 34316","@timestamp":"2022-09-19T07:36:01.425Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:36:20.565Z","@version":"1","message":"Sep 19 07:36:20 honeypot-sgp-1 sshd[815]: Received disconnect from 61.177.173.39 port 61603:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:38:26 honeypot-ams-1 sshd[7813]: Connection closed by invalid user admin 179.60.147.69 port 56590 [preauth]","@timestamp":"2022-09-19T07:38:26.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:39:12 honeypot-fra-1 sshd[32217]: Disconnected from authenticating user root 92.255.85.69 port 16724 [preauth]","@timestamp":"2022-09-19T07:39:13.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:41:46.700Z","@version":"1","message":"Sep 19 07:41:46 honeypot-sgp-1 kernel: [84449408.212235] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=51873 DF PROTO=TCP SPT=39002 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:44:53 honeypot-fra-1 sshd[32220]: Connection closed by invalid user ftp 193.106.191.157 port 38874 [preauth]","@timestamp":"2022-09-19T07:44:53.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:46:02 honeypot-fra-1 kernel: [84447966.889142] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=35662 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:46:02.652Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:47:33.844Z","@version":"1","message":"Sep 19 07:47:33 honeypot-sgp-1 sshd[829]: Disconnected from authenticating user root 92.255.85.70 port 18806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:48:47 honeypot-ams-1 sshd[7821]: Disconnected from authenticating user root 61.177.173.4 port 10569 [preauth]","@timestamp":"2022-09-19T07:48:48.026Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:52:29 honeypot-ams-1 kernel: [84450528.601778] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43003 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:52:30.129Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:52:50 honeypot-fra-1 kernel: [84448375.565569] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=39430 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:52:51.805Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:55:27.041Z","@version":"1","message":"Sep 19 07:55:26 honeypot-sgp-1 kernel: [84450228.407119] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1516 PROTO=TCP SPT=53701 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:03:18 honeypot-fra-1 sshd[32234]: Received disconnect from 191.34.74.55 port 37727:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:03:19.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:05:51 honeypot-fra-1 kernel: [84449155.727075] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.169.217.248 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=6330 DF PROTO=TCP SPT=13891 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:05:51.099Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:07:41.362Z","@version":"1","message":"Sep 19 08:07:40 honeypot-sgp-1 sshd[848]: Disconnected from 61.177.172.108 port 49150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:11:54 honeypot-ams-1 kernel: [84451693.647327] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=2004 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:11:54.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:17:01 honeypot-fra-1 CRON[32243]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T08:17:02.353Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:17:22.602Z","@version":"1","message":"Sep 19 08:17:21 honeypot-sgp-1 kernel: [84451543.652373] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=54279 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:17:41 honeypot-ams-1 sshd[7839]: Invalid user kk from 174.138.24.231 port 60694","@timestamp":"2022-09-19T08:17:41.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:18:48 honeypot-fra-1 sshd[32267]: Disconnected from invalid user 165.227.153.84 86.107.199.172 port 40900 [preauth]","@timestamp":"2022-09-19T08:18:48.395Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:09 honeypot-fra-1 sshd[32271]: Disconnected from invalid user user 45.61.186.249 port 48180 [preauth]","@timestamp":"2022-09-19T08:19:09.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:28 honeypot-fra-1 sshd[32275]: Disconnected from invalid user user 45.61.186.249 port 43208 [preauth]","@timestamp":"2022-09-19T08:19:28.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:46 honeypot-fra-1 sshd[32279]: Disconnected from invalid user user 45.61.186.249 port 38250 [preauth]","@timestamp":"2022-09-19T08:19:47.424Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:54 honeypot-fra-1 sshd[32283]: Disconnected from invalid user user 45.61.186.249 port 49890 [preauth]","@timestamp":"2022-09-19T08:19:55.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:21:54 honeypot-fra-1 sshd[32287]: Received disconnect from 86.107.199.172 port 50814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:21:54.477Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:22:48 honeypot-ams-1 kernel: [84452347.157045] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=78 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=12276 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:22:48.927Z"}
{"@timestamp":"2022-09-19T08:23:13.748Z","@version":"1","message":"Sep 19 08:23:13 honeypot-sgp-1 sshd[885]: Disconnected from authenticating user root 61.177.172.98 port 56643 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:23:55 honeypot-fra-1 sshd[32292]: Invalid user 165.22.25.203 from 86.107.199.172 port 57432","@timestamp":"2022-09-19T08:23:56.526Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:24:58.794Z","@version":"1","message":"Sep 19 08:24:58 honeypot-sgp-1 sshd[892]: Received disconnect from 61.177.173.47 port 24411:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T08:25:26.807Z","@version":"1","message":"Sep 19 08:25:25 honeypot-sgp-1 sshd[896]: Disconnected from authenticating user root 61.177.173.37 port 14268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:25:54 honeypot-fra-1 kernel: [84450358.724113] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.107 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44057 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:25:54.572Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:26:59 honeypot-fra-1 sshd[32299]: Disconnected from invalid user 165.22.235.61 86.107.199.172 port 39126 [preauth]","@timestamp":"2022-09-19T08:27:00.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:29:05 honeypot-fra-1 sshd[32304]: Received disconnect from 86.107.199.172 port 45752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:29:05.648Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:30:58 honeypot-ams-1 kernel: [84452837.267901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39551 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:30:59.146Z"}
{"@timestamp":"2022-09-19T08:31:12.953Z","@version":"1","message":"Sep 19 08:31:12 honeypot-sgp-1 sshd[899]: Disconnected from 61.177.173.53 port 63661 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:31:17 honeypot-fra-1 sshd[32309]: Invalid user 165.227.23.132 from 86.107.199.172 port 52372","@timestamp":"2022-09-19T08:31:17.699Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:32:21 honeypot-fra-1 sshd[32313]: Received disconnect from 86.107.199.172 port 55682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:32:21.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:33:20 honeypot-fra-1 kernel: [84450804.624655] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=8188 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:33:20.750Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:34:33 honeypot-fra-1 sshd[32320]: Disconnected from invalid user 165.22.197.199 86.107.199.172 port 34078 [preauth]","@timestamp":"2022-09-19T08:34:33.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:35:39 honeypot-fra-1 sshd[32322]: Disconnected from invalid user 165.227.125.46 86.107.199.172 port 37402 [preauth]","@timestamp":"2022-09-19T08:35:39.808Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:36:32 honeypot-ams-1 sshd[7862]: Disconnected from invalid user intrastack 42.119.111.155 port 55478 [preauth]","@timestamp":"2022-09-19T08:36:32.294Z"}
{"@timestamp":"2022-09-19T08:37:21.109Z","@version":"1","message":"Sep 19 08:37:20 honeypot-sgp-1 kernel: [84452742.091448] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.194.198 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42950 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:37:48 honeypot-fra-1 sshd[32326]: Disconnected from invalid user 165.232.81.205 86.107.199.172 port 44014 [preauth]","@timestamp":"2022-09-19T08:37:48.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:38:52 honeypot-fra-1 sshd[32331]: Disconnected from invalid user 165.84.180.62 86.107.199.172 port 47324 [preauth]","@timestamp":"2022-09-19T08:38:53.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:40:05 honeypot-ams-1 sshd[7869]: Received disconnect from 210.245.34.243 port 52093:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:40:06.389Z"}
{"@timestamp":"2022-09-19T08:40:43.195Z","@version":"1","message":"Sep 19 08:40:42 honeypot-sgp-1 sshd[907]: Disconnected from authenticating user root 61.177.173.46 port 30520 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:41:02 honeypot-fra-1 sshd[32335]: Received disconnect from 86.107.199.172 port 53942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:41:02.938Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:43:10 honeypot-ams-1 kernel: [84453569.573517] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.117.169.54 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=111 ID=2718 DF PROTO=TCP SPT=64391 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:43:11.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:43:16 honeypot-fra-1 sshd[32340]: Invalid user 165.22.108.176 from 86.107.199.172 port 60558","@timestamp":"2022-09-19T08:43:17.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:44:21 honeypot-fra-1 kernel: [84451465.996937] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.93.122.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=41472 PROTO=TCP SPT=54022 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:44:22.019Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:45:27 honeypot-fra-1 sshd[32349]: Invalid user 165.227.174.233 from 86.107.199.172 port 38950","@timestamp":"2022-09-19T08:45:28.048Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:46:37 honeypot-fra-1 sshd[32351]: Invalid user 165.227.107.158 from 86.107.199.172 port 42254","@timestamp":"2022-09-19T08:46:38.079Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:48:30 honeypot-ams-1 sshd[7876]: Invalid user user from 103.228.112.138 port 60962","@timestamp":"2022-09-19T08:48:30.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:48:35 honeypot-fra-1 sshd[32355]: Connection closed by authenticating user root 179.60.147.69 port 25620 [preauth]","@timestamp":"2022-09-19T08:48:36.126Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:49:42.420Z","@version":"1","message":"Sep 19 08:49:42 honeypot-sgp-1 sshd[914]: Received disconnect from 61.177.173.47 port 55304:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:49:58 honeypot-fra-1 sshd[32361]: Received disconnect from 86.107.199.172 port 52206:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:49:59.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:51:56 honeypot-ams-1 sshd[7881]: Received disconnect from 101.231.146.36 port 36862:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:51:56.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:52:32 honeypot-fra-1 sshd[32365]: Invalid user 165.227.73.148 from 86.107.199.172 port 58884","@timestamp":"2022-09-19T08:52:33.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:55:01 honeypot-fra-1 sshd[32370]: Invalid user 165.227.145.198 from 86.107.199.172 port 37216","@timestamp":"2022-09-19T08:55:02.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:56:22 honeypot-fra-1 sshd[32372]: Disconnected from invalid user 165.22.221.25 86.107.199.172 port 40520 [preauth]","@timestamp":"2022-09-19T08:56:23.309Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:56:58.598Z","@version":"1","message":"Sep 19 08:56:58 honeypot-sgp-1 sshd[923]: Received disconnect from 159.223.223.94 port 33140:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:57:19 honeypot-ams-1 kernel: [84454418.088863] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=14334 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:57:19.852Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:09 honeypot-fra-1 sshd[32377]: Received disconnect from 45.61.186.49 port 40402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:59:10.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:17 honeypot-fra-1 sshd[32381]: Received disconnect from 45.61.186.49 port 51836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:59:18.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:00:15 honeypot-fra-1 sshd[32386]: Received disconnect from 86.107.199.172 port 47140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:00:16.404Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:00:22.684Z","@version":"1","message":"Sep 19 09:00:21 honeypot-sgp-1 kernel: [84454123.520052] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=46762 PROTO=TCP SPT=58004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:03:16 honeypot-fra-1 sshd[32390]: Invalid user marcel from 141.98.10.158 port 37242","@timestamp":"2022-09-19T09:03:17.475Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:03:37 honeypot-ams-1 sshd[7960]: Disconnected from authenticating user root 103.174.114.55 port 43382 [preauth]","@timestamp":"2022-09-19T09:03:38.019Z"}
{"@timestamp":"2022-09-19T09:04:03.778Z","@version":"1","message":"Sep 19 09:04:03 honeypot-sgp-1 kernel: [84454344.843467] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=6132 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:04:24 honeypot-fra-1 sshd[32392]: Disconnected from invalid user 165.22.43.217 86.107.199.172 port 53764 [preauth]","@timestamp":"2022-09-19T09:04:24.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:04:24.789Z","@version":"1","message":"Sep 19 09:04:24 honeypot-sgp-1 sshd[938]: Disconnected from invalid user user 45.61.187.160 port 57822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:41.797Z","@version":"1","message":"Sep 19 09:04:41 honeypot-sgp-1 sshd[942]: Disconnected from invalid user user 45.61.187.160 port 53060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:59.806Z","@version":"1","message":"Sep 19 09:04:58 honeypot-sgp-1 sshd[946]: Disconnected from invalid user user 45.61.187.160 port 48304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:08:50 honeypot-fra-1 sshd[32397]: Disconnected from invalid user 165.22.54.186 86.107.199.172 port 60392 [preauth]","@timestamp":"2022-09-19T09:08:50.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:10:37.947Z","@version":"1","message":"Sep 19 09:10:37 honeypot-sgp-1 kernel: [84454739.630342] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.14 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=23689 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:10:53 honeypot-fra-1 sshd[32401]: Disconnected from invalid user 165.227.129.128 86.107.199.172 port 35470 [preauth]","@timestamp":"2022-09-19T09:10:53.656Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:11:01 honeypot-ams-1 kernel: [84455240.558664] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=16338 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:11:02.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:12:58 honeypot-fra-1 sshd[32406]: Received disconnect from 86.107.199.172 port 38784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:12:59.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:15:00 honeypot-fra-1 sshd[32408]: Disconnected from invalid user 165.22.19.188 86.107.199.172 port 42094 [preauth]","@timestamp":"2022-09-19T09:15:00.754Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:16:20.089Z","@version":"1","message":"Sep 19 09:16:19 honeypot-sgp-1 sshd[961]: Received disconnect from 147.182.179.237 port 37608:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:17:02.109Z","@version":"1","message":"Sep 19 09:17:01 honeypot-sgp-1 CRON[967]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:17:15 honeypot-fra-1 kernel: [84453440.260410] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.196.156 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36862 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:17:15.806Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:17:40.127Z","@version":"1","message":"Sep 19 09:17:39 honeypot-sgp-1 sshd[972]: Disconnected from invalid user webapp 168.61.44.109 port 1024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:18:15.144Z","@version":"1","message":"Sep 19 09:18:14 honeypot-sgp-1 kernel: [84455195.894981] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=77 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=4094 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:19:49 honeypot-ams-1 sshd[7970]: Invalid user admin from 112.160.69.124 port 36139","@timestamp":"2022-09-19T09:19:50.439Z"}
{"@timestamp":"2022-09-19T09:20:09.190Z","@version":"1","message":"Sep 19 09:20:08 honeypot-sgp-1 sshd[982]: Disconnected from authenticating user root 182.253.117.100 port 48760 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:21:43 honeypot-ams-1 sshd[7972]: Disconnected from authenticating user root 92.255.85.70 port 61034 [preauth]","@timestamp":"2022-09-19T09:21:43.494Z"}
{"@timestamp":"2022-09-19T09:22:05.240Z","@version":"1","message":"Sep 19 09:22:05 honeypot-sgp-1 sshd[989]: Received disconnect from 117.52.173.97 port 47438:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:23:44 honeypot-fra-1 sshd[32418]: Received disconnect from 20.239.69.124 port 41414:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:23:44.952Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:26:22.346Z","@version":"1","message":"Sep 19 09:26:21 honeypot-sgp-1 sshd[996]: Invalid user ervin from 159.65.224.135 port 44238","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:26:53 honeypot-ams-1 sshd[7977]: Connection closed by authenticating user root 179.60.147.69 port 36028 [preauth]","@timestamp":"2022-09-19T09:26:53.633Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:28:22 honeypot-fra-1 kernel: [84454106.576868] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.204.64.44 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=59726 DF PROTO=TCP SPT=63175 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:28:23.058Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:33:07 honeypot-ams-1 sshd[7980]: Disconnected from invalid user hayden 207.154.220.75 port 60448 [preauth]","@timestamp":"2022-09-19T09:33:07.796Z"}
{"@timestamp":"2022-09-19T09:33:56.531Z","@version":"1","message":"Sep 19 09:33:56 honeypot-sgp-1 sshd[1003]: Did not receive identification string from 201.219.232.9 port 35926","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:35:27.570Z","@version":"1","message":"Sep 19 09:35:26 honeypot-sgp-1 sshd[1006]: Disconnected from invalid user admin 201.47.5.123 port 44988 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:35:43 honeypot-fra-1 sshd[32426]: Invalid user service from 41.93.31.73 port 43232","@timestamp":"2022-09-19T09:35:44.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:37:59 honeypot-ams-1 sshd[7984]: Invalid user tuxedo from 193.106.191.157 port 49154","@timestamp":"2022-09-19T09:37:59.929Z"}
{"@timestamp":"2022-09-19T09:39:43.675Z","@version":"1","message":"Sep 19 09:39:42 honeypot-sgp-1 sshd[1015]: Did not receive identification string from 201.219.232.9 port 45522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:43:09 honeypot-fra-1 kernel: [84454993.889876] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=34649 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:43:10.387Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:45:49 honeypot-fra-1 sshd[32432]: Disconnected from invalid user volkmar 159.223.134.241 port 41822 [preauth]","@timestamp":"2022-09-19T09:45:49.463Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:46:10 honeypot-ams-1 sshd[7988]: Invalid user oot from 103.188.176.251 port 55986","@timestamp":"2022-09-19T09:46:11.143Z"}
{"@timestamp":"2022-09-19T09:46:24.838Z","@version":"1","message":"Sep 19 09:46:23 honeypot-sgp-1 kernel: [84456885.659805] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=78 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=2044 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:47:48.877Z","@version":"1","message":"Sep 19 09:47:48 honeypot-sgp-1 sshd[1028]: Did not receive identification string from 201.219.232.9 port 60866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:50:23 honeypot-fra-1 sshd[32439]: error: maximum authentication attempts exceeded for root from 2.182.71.61 port 50495 ssh2 [preauth]","@timestamp":"2022-09-19T09:50:23.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:24 honeypot-ams-1 sshd[7993]: Invalid user user from 45.61.186.249 port 42838","@timestamp":"2022-09-19T09:50:25.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:46 honeypot-ams-1 sshd[7997]: Invalid user user from 45.61.186.249 port 37470","@timestamp":"2022-09-19T09:50:46.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:04 honeypot-ams-1 sshd[8001]: Invalid user user from 45.61.186.249 port 60322","@timestamp":"2022-09-19T09:51:04.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:20 honeypot-ams-1 sshd[8006]: Invalid user user from 45.61.186.249 port 54948","@timestamp":"2022-09-19T09:51:21.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:51 honeypot-ams-1 sshd[8010]: Invalid user cyt from 201.17.133.138 port 53534","@timestamp":"2022-09-19T09:51:52.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:53:23 honeypot-fra-1 kernel: [84455607.458340] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=78 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=22486 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:53:23.637Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:54:18.040Z","@version":"1","message":"Sep 19 09:54:17 honeypot-sgp-1 sshd[1035]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.202.193 port 44584","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:57:09 honeypot-ams-1 sshd[8015]: Bad protocol version identification 'MGLNDD_178.62.254.91_22' from 192.241.206.58 port 45462","@timestamp":"2022-09-19T09:57:10.441Z"}
{"@timestamp":"2022-09-19T09:59:38.171Z","@version":"1","message":"Sep 19 09:59:37 honeypot-sgp-1 sshd[1047]: Invalid user hxeadm from 179.60.147.69 port 5134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:03 honeypot-ams-1 sshd[8020]: Received disconnect from 175.29.122.43 port 34006:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:03.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:08 honeypot-ams-1 sshd[8026]: Received disconnect from 175.29.122.43 port 34458:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:08.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:13 honeypot-ams-1 sshd[8033]: Received disconnect from 175.29.122.43 port 34504:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:13.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:18 honeypot-ams-1 sshd[8039]: Received disconnect from 175.29.122.43 port 34946:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:19.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:23 honeypot-ams-1 sshd[8045]: Received disconnect from 175.29.122.43 port 34994:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:23.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:27 honeypot-ams-1 sshd[8051]: Received disconnect from 175.29.122.43 port 35428:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:28.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:32 honeypot-ams-1 sshd[8057]: Received disconnect from 175.29.122.43 port 35476:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:33.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:38 honeypot-ams-1 sshd[8063]: Received disconnect from 175.29.122.43 port 35908:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:38.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:42 honeypot-ams-1 sshd[8069]: Received disconnect from 175.29.122.43 port 35964:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:43.594Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:47 honeypot-ams-1 sshd[8075]: Received disconnect from 175.29.122.43 port 36396:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:48.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:52 honeypot-ams-1 sshd[8081]: Received disconnect from 175.29.122.43 port 36452:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:52.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:57 honeypot-ams-1 sshd[8085]: Invalid user hxeadm from 179.60.147.69 port 16468","@timestamp":"2022-09-19T10:02:57.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:58 honeypot-ams-1 sshd[8091]: Disconnected from invalid user admin 175.29.122.43 port 36894 [preauth]","@timestamp":"2022-09-19T10:02:59.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:01 honeypot-ams-1 sshd[8095]: Disconnected from invalid user admin 175.29.122.43 port 36948 [preauth]","@timestamp":"2022-09-19T10:03:02.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:04 honeypot-ams-1 sshd[8100]: Disconnected from invalid user admin 175.29.122.43 port 37336 [preauth]","@timestamp":"2022-09-19T10:03:05.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:08 honeypot-ams-1 sshd[8104]: Received disconnect from 175.29.122.43 port 37448:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:08.611Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:11 honeypot-ams-1 sshd[8108]: Received disconnect from 175.29.122.43 port 37510:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:11.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:14 honeypot-ams-1 sshd[8112]: Received disconnect from 175.29.122.43 port 37884:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:15.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:20 honeypot-ams-1 sshd[8118]: Invalid user pi from 175.29.122.43 port 38052","@timestamp":"2022-09-19T10:03:20.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:23 honeypot-ams-1 sshd[8122]: Invalid user user from 175.29.122.43 port 38382","@timestamp":"2022-09-19T10:03:24.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:03:24 honeypot-fra-1 sshd[32452]: Connection closed by 71.6.135.131 port 49790 [preauth]","@timestamp":"2022-09-19T10:03:24.864Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:26 honeypot-ams-1 sshd[8126]: Invalid user mine from 175.29.122.43 port 38548","@timestamp":"2022-09-19T10:03:27.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:30 honeypot-ams-1 sshd[8130]: Invalid user xbmc from 175.29.122.43 port 38618","@timestamp":"2022-09-19T10:03:30.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:33 honeypot-ams-1 sshd[8134]: Invalid user oracle from 175.29.122.43 port 38758","@timestamp":"2022-09-19T10:03:34.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:36 honeypot-ams-1 sshd[8138]: Invalid user postgres from 175.29.122.43 port 39120","@timestamp":"2022-09-19T10:03:37.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:40 honeypot-ams-1 sshd[8142]: Invalid user support from 175.29.122.43 port 39226","@timestamp":"2022-09-19T10:03:41.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:44 honeypot-ams-1 sshd[8146]: Invalid user ubuntu from 175.29.122.43 port 39542","@timestamp":"2022-09-19T10:03:44.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:47 honeypot-ams-1 sshd[8150]: Invalid user ubuntu from 175.29.122.43 port 39726","@timestamp":"2022-09-19T10:03:47.638Z"}
{"@timestamp":"2022-09-19T10:03:49.277Z","@version":"1","message":"Sep 19 10:03:48 honeypot-sgp-1 kernel: [84457930.142384] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=79 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=16346 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:50 honeypot-ams-1 sshd[8154]: Invalid user guest from 175.29.122.43 port 39790","@timestamp":"2022-09-19T10:03:50.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:52 honeypot-ams-1 sshd[8156]: Disconnected from invalid user test 175.29.122.43 port 39816 [preauth]","@timestamp":"2022-09-19T10:03:52.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:55 honeypot-ams-1 sshd[8160]: Disconnected from invalid user cirros 175.29.122.43 port 40190 [preauth]","@timestamp":"2022-09-19T10:03:55.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:09:45 honeypot-fra-1 sshd[32457]: Invalid user ubuntu from 92.255.85.69 port 51554","@timestamp":"2022-09-19T10:09:46.011Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:13:28.517Z","@version":"1","message":"Sep 19 10:13:28 honeypot-sgp-1 sshd[1059]: Invalid user ubuntu from 92.255.85.70 port 21094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:14:29 honeypot-fra-1 sshd[32462]: Received disconnect from 143.110.179.172 port 42498:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:14:30.118Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:17:02.605Z","@version":"1","message":"Sep 19 10:17:01 honeypot-sgp-1 CRON[1064]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:18:10 honeypot-ams-1 sshd[8167]: Received disconnect from 92.255.85.70 port 15738:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:18:11.013Z"}
{"@timestamp":"2022-09-19T10:19:52.675Z","@version":"1","message":"Sep 19 10:19:52 honeypot-sgp-1 sshd[1071]: Received disconnect from 143.244.158.100 port 46786:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:20:44.699Z","@version":"1","message":"Sep 19 10:20:44 honeypot-sgp-1 sshd[1075]: Disconnected from authenticating user root 143.244.158.100 port 34352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:22:23.743Z","@version":"1","message":"Sep 19 10:22:22 honeypot-sgp-1 sshd[1082]: Received disconnect from 143.244.158.100 port 57232:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:22:24 honeypot-fra-1 kernel: [84457348.867494] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=30459 PROTO=TCP SPT=43128 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:22:25.297Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:23:43.778Z","@version":"1","message":"Sep 19 10:23:43 honeypot-sgp-1 sshd[1088]: Did not receive identification string from 45.61.187.160 port 44148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:03.789Z","@version":"1","message":"Sep 19 10:24:03 honeypot-sgp-1 sshd[1093]: Invalid user user from 45.61.187.160 port 34182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:20.797Z","@version":"1","message":"Sep 19 10:24:20 honeypot-sgp-1 sshd[1097]: Invalid user user from 45.61.187.160 port 57198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:37.805Z","@version":"1","message":"Sep 19 10:24:37 honeypot-sgp-1 sshd[1101]: Invalid user user from 45.61.187.160 port 51984","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:48.811Z","@version":"1","message":"Sep 19 10:24:48 honeypot-sgp-1 sshd[1105]: Received disconnect from 143.244.158.100 port 59324:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:25:36.832Z","@version":"1","message":"Sep 19 10:25:36 honeypot-sgp-1 sshd[1109]: Disconnected from authenticating user root 143.244.158.100 port 49016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:27:12.873Z","@version":"1","message":"Sep 19 10:27:12 honeypot-sgp-1 sshd[1115]: Disconnected from authenticating user root 143.244.158.100 port 39742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:28:51.915Z","@version":"1","message":"Sep 19 10:28:50 honeypot-sgp-1 sshd[1124]: Disconnected from authenticating user root 143.244.158.100 port 44894 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:30:29.960Z","@version":"1","message":"Sep 19 10:30:29 honeypot-sgp-1 sshd[1129]: Disconnected from authenticating user root 143.244.158.100 port 34622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:33:01.045Z","@version":"1","message":"Sep 19 10:33:00 honeypot-sgp-1 sshd[1135]: Disconnected from authenticating user root 143.244.158.100 port 33374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:35:30.109Z","@version":"1","message":"Sep 19 10:35:29 honeypot-sgp-1 sshd[1145]: Received disconnect from 143.244.158.100 port 52160:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:36:23 honeypot-ams-1 kernel: [84460362.908193] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.133 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44974 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:36:24.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:36:29 honeypot-fra-1 sshd[32472]: Invalid user admin from 92.255.85.70 port 16084","@timestamp":"2022-09-19T10:36:29.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:37:08.151Z","@version":"1","message":"Sep 19 10:37:07 honeypot-sgp-1 sshd[1149]: Disconnected from authenticating user root 143.244.158.100 port 60538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:38:45.193Z","@version":"1","message":"Sep 19 10:38:44 honeypot-sgp-1 sshd[1156]: Disconnected from authenticating user root 143.244.158.100 port 38912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:39:54 honeypot-fra-1 sshd[32474]: Connection closed by invalid user enisa 179.60.147.69 port 39858 [preauth]","@timestamp":"2022-09-19T10:39:54.705Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:40:25.238Z","@version":"1","message":"Sep 19 10:40:24 honeypot-sgp-1 sshd[1162]: Received disconnect from 143.244.158.100 port 38310:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:42:08.282Z","@version":"1","message":"Sep 19 10:42:07 honeypot-sgp-1 sshd[1167]: Disconnected from authenticating user root 143.244.158.100 port 45650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:42:19 honeypot-ams-1 sshd[8175]: Connection closed by invalid user enisa 179.60.147.69 port 45112 [preauth]","@timestamp":"2022-09-19T10:42:19.639Z"}
{"@timestamp":"2022-09-19T10:42:57.305Z","@version":"1","message":"Sep 19 10:42:56 honeypot-sgp-1 kernel: [84460278.474469] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.64.89 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=25046 DF PROTO=TCP SPT=61489 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:43:47.326Z","@version":"1","message":"Sep 19 10:43:46 honeypot-sgp-1 sshd[1176]: Disconnected from authenticating user root 143.244.158.100 port 52882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32496]: Connection closed by invalid user devops 20.16.187.32 port 35818 [preauth]","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32499]: Connection closed by invalid user ts3server 20.16.187.32 port 35858 [preauth]","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32510]: Connection closed by invalid user elastic 20.16.187.32 port 35838 [preauth]","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32514]: Invalid user guest from 20.16.187.32 port 35846","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32519]: Invalid user oracle from 20.16.187.32 port 35872","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32517]: Connection closed by invalid user esuser 20.16.187.32 port 35856 [preauth]","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:46:19.390Z","@version":"1","message":"Sep 19 10:46:19 honeypot-sgp-1 sshd[1183]: Received disconnect from 143.244.158.100 port 50710:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:47:17 honeypot-ams-1 kernel: [84461016.642217] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.105 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=11641 PROTO=TCP SPT=20610 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:47:17.766Z"}
{"@timestamp":"2022-09-19T10:48:48.453Z","@version":"1","message":"Sep 19 10:48:47 honeypot-sgp-1 sshd[1189]: Received disconnect from 143.244.158.100 port 41758:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:49:37.474Z","@version":"1","message":"Sep 19 10:49:36 honeypot-sgp-1 sshd[1207]: Disconnected from authenticating user root 143.244.158.100 port 41772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:51:15.515Z","@version":"1","message":"Sep 19 10:51:14 honeypot-sgp-1 sshd[1216]: Disconnected from authenticating user root 143.244.158.100 port 46808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:51:50 honeypot-fra-1 kernel: [84459114.619409] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.105.53.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41231 PROTO=TCP SPT=1984 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:51:50.984Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:53:44.578Z","@version":"1","message":"Sep 19 10:53:44 honeypot-sgp-1 sshd[1223]: Received disconnect from 143.244.158.100 port 54702:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:55:26.621Z","@version":"1","message":"Sep 19 10:55:25 honeypot-sgp-1 sshd[1229]: Disconnected from authenticating user root 143.244.158.100 port 50896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:57:08.720Z","@version":"1","message":"Sep 19 10:57:07 honeypot-sgp-1 sshd[1233]: Disconnected from authenticating user root 143.244.158.100 port 54762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32545]: Connection closed by invalid user grid 121.4.171.124 port 54080 [preauth]","@timestamp":"2022-09-19T10:59:36.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32544]: Invalid user testuser from 121.4.171.124 port 54082","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:37 honeypot-fra-1 sshd[32542]: Connection closed by invalid user admin 121.4.171.124 port 54124 [preauth]","@timestamp":"2022-09-19T10:59:38.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:59:39.787Z","@version":"1","message":"Sep 19 10:59:38 honeypot-sgp-1 sshd[1241]: Disconnected from authenticating user root 143.244.158.100 port 50238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:00:10 honeypot-ams-1 kernel: [84461789.420679] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.196.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38342 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:00:11.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:00:31 honeypot-fra-1 kernel: [84459635.467916] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.64.89 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=20623 DF PROTO=TCP SPT=61270 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T11:00:32.181Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:02:11.852Z","@version":"1","message":"Sep 19 11:02:11 honeypot-sgp-1 sshd[1248]: Received disconnect from 143.244.158.100 port 49034:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:04:37.912Z","@version":"1","message":"Sep 19 11:04:37 honeypot-sgp-1 kernel: [84461578.861492] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=16725 PROTO=TCP SPT=1551 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:08:07 honeypot-fra-1 sshd[32573]: Received disconnect from 92.255.85.70 port 58102:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:08:07.350Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:08:43.012Z","@version":"1","message":"Sep 19 11:08:42 honeypot-sgp-1 kernel: [84461823.711677] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=31502 DF PROTO=TCP SPT=7031 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:09:32 honeypot-ams-1 kernel: [84462351.199672] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40952 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:09:32.365Z"}
{"@timestamp":"2022-09-19T11:11:59.094Z","@version":"1","message":"Sep 19 11:11:58 honeypot-sgp-1 sshd[1260]: Disconnected from authenticating user root 61.177.173.50 port 30279 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:12:18 honeypot-fra-1 sshd[32578]: Invalid user tuxedo from 193.106.191.157 port 54188","@timestamp":"2022-09-19T11:12:19.445Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:13:58 honeypot-ams-1 kernel: [84462617.201328] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.64.89 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=27122 DF PROTO=TCP SPT=50725 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T11:13:58.481Z"}
{"@timestamp":"2022-09-19T11:14:40.163Z","@version":"1","message":"Sep 19 11:14:39 honeypot-sgp-1 sshd[1262]: Disconnected from invalid user ubnt 92.255.85.69 port 21122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:15:21 honeypot-ams-1 sshd[8190]: Disconnected from invalid user ubnt 92.255.85.70 port 31694 [preauth]","@timestamp":"2022-09-19T11:15:21.522Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:17:35 honeypot-fra-1 kernel: [84460660.169487] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.96 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57812 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:17:36.565Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:19:19 honeypot-fra-1 sshd[32586]: Connection closed by invalid user eurek 179.60.147.69 port 25470 [preauth]","@timestamp":"2022-09-19T11:19:19.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:19:23.278Z","@version":"1","message":"Sep 19 11:19:22 honeypot-sgp-1 sshd[1271]: Received disconnect from 61.177.173.37 port 45159:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:20:36 honeypot-ams-1 kernel: [84463015.547250] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=37640 DF PROTO=TCP SPT=55237 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:20:36.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:24:58 honeypot-ams-1 sshd[8198]: Disconnected from authenticating user root 179.86.56.96 port 48080 [preauth]","@timestamp":"2022-09-19T11:24:58.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:03 honeypot-ams-1 sshd[8204]: Received disconnect from 179.86.56.96 port 48222:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:03.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:09 honeypot-ams-1 sshd[8211]: Received disconnect from 179.86.56.96 port 48385:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:09.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:14 honeypot-ams-1 sshd[8217]: Received disconnect from 179.86.56.96 port 48534:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:14.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:18 honeypot-ams-1 sshd[8223]: Disconnected from authenticating user root 179.86.56.96 port 48635 [preauth]","@timestamp":"2022-09-19T11:25:18.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:23 honeypot-ams-1 sshd[8229]: Disconnected from authenticating user root 179.86.56.96 port 48765 [preauth]","@timestamp":"2022-09-19T11:25:23.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:28 honeypot-ams-1 sshd[8235]: Disconnected from authenticating user root 179.86.56.96 port 48915 [preauth]","@timestamp":"2022-09-19T11:25:28.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:34 honeypot-ams-1 sshd[8241]: Received disconnect from 179.86.56.96 port 49058:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:34.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:39 honeypot-ams-1 sshd[8247]: Received disconnect from 179.86.56.96 port 49210:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:39.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:44 honeypot-ams-1 sshd[8253]: Received disconnect from 179.86.56.96 port 49359:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:44.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:50 honeypot-ams-1 sshd[8259]: Received disconnect from 179.86.56.96 port 49507:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:50.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:55 honeypot-ams-1 sshd[8265]: Received disconnect from 179.86.56.96 port 49650:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:55.819Z"}
{"@timestamp":"2022-09-19T11:25:59.435Z","@version":"1","message":"Sep 19 11:25:59 honeypot-sgp-1 sshd[1280]: Disconnected from authenticating user root 61.177.173.51 port 57853 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:00 honeypot-ams-1 sshd[8271]: Received disconnect from 179.86.56.96 port 49807:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:00.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:04 honeypot-ams-1 sshd[8275]: Received disconnect from 179.86.56.96 port 49912:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:04.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:07 honeypot-ams-1 sshd[8279]: Received disconnect from 179.86.56.96 port 50024:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:08.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:11 honeypot-ams-1 sshd[8283]: Received disconnect from 179.86.56.96 port 50116:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:11.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:14 honeypot-ams-1 sshd[8287]: Received disconnect from 179.86.56.96 port 50228:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:15.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:18 honeypot-ams-1 sshd[8291]: Received disconnect from 179.86.56.96 port 50326:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:18.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:22 honeypot-ams-1 sshd[8295]: Disconnected from authenticating user root 179.86.56.96 port 50428 [preauth]","@timestamp":"2022-09-19T11:26:22.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:27 honeypot-ams-1 sshd[8301]: Invalid user pi from 179.86.56.96 port 50595","@timestamp":"2022-09-19T11:26:27.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:30 honeypot-ams-1 sshd[8305]: Invalid user ethos from 179.86.56.96 port 50698","@timestamp":"2022-09-19T11:26:30.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:34 honeypot-ams-1 sshd[8309]: Invalid user miner from 179.86.56.96 port 50802","@timestamp":"2022-09-19T11:26:34.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:37 honeypot-ams-1 sshd[8313]: Invalid user volumio from 179.86.56.96 port 50910","@timestamp":"2022-09-19T11:26:38.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:41 honeypot-ams-1 sshd[8317]: Invalid user nagios from 179.86.56.96 port 51007","@timestamp":"2022-09-19T11:26:41.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:45 honeypot-ams-1 sshd[8321]: Invalid user vagrant from 179.86.56.96 port 51111","@timestamp":"2022-09-19T11:26:45.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:48 honeypot-ams-1 sshd[8325]: Invalid user debian from 179.86.56.96 port 51226","@timestamp":"2022-09-19T11:26:48.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:52 honeypot-ams-1 sshd[8329]: Invalid user debian from 179.86.56.96 port 51321","@timestamp":"2022-09-19T11:26:52.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:55 honeypot-ams-1 sshd[8333]: Invalid user alarm from 179.86.56.96 port 51428","@timestamp":"2022-09-19T11:26:56.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:57 honeypot-ams-1 sshd[8335]: Disconnected from invalid user guest 179.86.56.96 port 51482 [preauth]","@timestamp":"2022-09-19T11:26:58.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:27:01 honeypot-ams-1 sshd[8339]: Disconnected from invalid user cirros 179.86.56.96 port 51575 [preauth]","@timestamp":"2022-09-19T11:27:01.865Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:31:30 honeypot-ams-1 kernel: [84463669.806652] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=46218 PROTO=TCP SPT=4000 DPT=80 WINDOW=48929 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:31:30.998Z"}
{"@timestamp":"2022-09-19T11:36:00.675Z","@version":"1","message":"Sep 19 11:36:00 honeypot-sgp-1 sshd[1292]: Disconnected from invalid user carter 45.64.134.14 port 16747 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:36:02 honeypot-fra-1 sshd[32590]: Disconnected from invalid user agg 188.166.231.119 port 58889 [preauth]","@timestamp":"2022-09-19T11:36:02.967Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:38:52 honeypot-fra-1 sshd[32595]: Disconnected from invalid user support 92.255.85.69 port 49944 [preauth]","@timestamp":"2022-09-19T11:38:53.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:40:04 honeypot-ams-1 sshd[8350]: Disconnected from authenticating user root 35.247.184.181 port 40858 [preauth]","@timestamp":"2022-09-19T11:40:05.220Z"}
{"@timestamp":"2022-09-19T11:40:10.776Z","@version":"1","message":"Sep 19 11:40:09 honeypot-sgp-1 sshd[1296]: Disconnected from authenticating user root 61.177.173.49 port 40363 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:42:31 honeypot-ams-1 kernel: [84464330.943244] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=21559 PROTO=TCP SPT=23177 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:42:32.298Z"}
{"@timestamp":"2022-09-19T11:44:02.871Z","@version":"1","message":"Sep 19 11:44:02 honeypot-sgp-1 kernel: [84463943.987591] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.142.236.34 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=111 ID=13448 PROTO=TCP SPT=17340 DPT=80 WINDOW=37996 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:45:49 honeypot-fra-1 sshd[32600]: Disconnected from invalid user qhsupport 51.250.12.51 port 59954 [preauth]","@timestamp":"2022-09-19T11:45:50.188Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:46:49 honeypot-ams-1 sshd[8359]: Invalid user support from 92.255.85.70 port 63810","@timestamp":"2022-09-19T11:46:49.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:49:18 honeypot-fra-1 sshd[32605]: Connection closed by invalid user tuxedo 193.106.191.157 port 50056 [preauth]","@timestamp":"2022-09-19T11:49:19.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:49:42 honeypot-ams-1 sshd[8364]: Received disconnect from 196.219.43.242 port 33990:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:49:43.492Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:53:22 honeypot-ams-1 kernel: [84464981.639485] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59598 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:53:23.590Z"}
{"@timestamp":"2022-09-19T11:54:31.122Z","@version":"1","message":"Sep 19 11:54:30 honeypot-sgp-1 sshd[1315]: Invalid user apc from 179.60.147.69 port 38614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:56:04.163Z","@version":"1","message":"Sep 19 11:56:03 honeypot-sgp-1 sshd[1321]: Connection closed by invalid user pi 88.162.54.93 port 2384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:57:29.199Z","@version":"1","message":"Sep 19 11:57:28 honeypot-sgp-1 sshd[1327]: Invalid user zacc123 from 165.154.233.87 port 35498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:00:16 honeypot-ams-1 kernel: [84465395.406937] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9713 PROTO=TCP SPT=48804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:00:16.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:04:03 honeypot-fra-1 sshd[32614]: Invalid user tiago from 137.184.225.163 port 44716","@timestamp":"2022-09-19T12:04:03.604Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:04:17.363Z","@version":"1","message":"Sep 19 12:04:16 honeypot-sgp-1 kernel: [84465158.117095] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=48 ID=2201 PROTO=TCP SPT=29406 DPT=443 WINDOW=42621 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:08:32.468Z","@version":"1","message":"Sep 19 12:08:32 honeypot-sgp-1 sshd[1334]: Disconnected from authenticating user root 61.177.173.50 port 35052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:10:18.515Z","@version":"1","message":"Sep 19 12:10:17 honeypot-sgp-1 sshd[1339]: Received disconnect from 165.227.101.226 port 51002:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:10:58 honeypot-ams-1 sshd[8377]: Invalid user zxc from 103.188.176.251 port 51912","@timestamp":"2022-09-19T12:10:58.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:12:25 honeypot-fra-1 sshd[32618]: Invalid user array from 92.255.85.70 port 44518","@timestamp":"2022-09-19T12:12:25.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:15:10.635Z","@version":"1","message":"Sep 19 12:15:09 honeypot-sgp-1 sshd[1346]: Received disconnect from 61.177.173.47 port 27199:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:16:24 honeypot-ams-1 sshd[8382]: Disconnected from authenticating user root 192.241.157.126 port 36060 [preauth]","@timestamp":"2022-09-19T12:16:24.199Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:17:01 honeypot-fra-1 CRON[32622]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T12:17:01.897Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:17:02.682Z","@version":"1","message":"Sep 19 12:17:01 honeypot-sgp-1 CRON[1351]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:18:42.725Z","@version":"1","message":"Sep 19 12:18:42 honeypot-sgp-1 sshd[1358]: Received disconnect from 161.82.233.179 port 52170:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:21:10 honeypot-ams-1 sshd[8388]: Disconnected from invalid user array 92.255.85.70 port 29134 [preauth]","@timestamp":"2022-09-19T12:21:11.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:23:52 honeypot-fra-1 sshd[32628]: Received disconnect from 159.223.92.205 port 36548:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:23:53.054Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:26:29.912Z","@version":"1","message":"Sep 19 12:26:29 honeypot-sgp-1 kernel: [84466491.274961] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.170.96.105 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=44635 DF PROTO=TCP SPT=58788 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:28:50 honeypot-ams-1 kernel: [84467109.705275] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.44.108.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=27886 PROTO=TCP SPT=18890 DPT=80 WINDOW=31111 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:28:51.547Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:32:23 honeypot-ams-1 sshd[8398]: Disconnected from invalid user oracle 159.89.8.45 port 51962 [preauth]","@timestamp":"2022-09-19T12:32:23.640Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:38:42 honeypot-fra-1 kernel: [84465526.490173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20874 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:38:43.400Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:41:44 honeypot-fra-1 kernel: [84465708.186816] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=39528 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:41:44.472Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T12:41:50.283Z","@version":"1","message":"Sep 19 12:41:49 honeypot-sgp-1 kernel: [84467411.400871] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=37032 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:48 honeypot-fra-1 sshd[32644]: Received disconnect from 45.61.184.204 port 58670:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T12:46:48.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:07 honeypot-fra-1 sshd[32648]: Received disconnect from 45.61.184.204 port 53772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T12:47:08.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:26 honeypot-fra-1 sshd[32652]: Received disconnect from 45.61.184.204 port 48918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T12:47:26.606Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:47:49.431Z","@version":"1","message":"Sep 19 12:47:48 honeypot-sgp-1 sshd[1389]: Received disconnect from 92.255.85.70 port 60062:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:48:47 honeypot-ams-1 kernel: [84468306.742009] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=90 TOS=0x00 PREC=0x00 TTL=252 ID=391 PROTO=TCP SPT=22921 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:48:48.069Z"}
{"@timestamp":"2022-09-19T12:57:08.657Z","@version":"1","message":"Sep 19 12:57:08 honeypot-sgp-1 kernel: [84468330.108030] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.107 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38266 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:58:40 honeypot-ams-1 kernel: [84468899.000023] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35770 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:58:40.325Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:58:44 honeypot-fra-1 kernel: [84466728.477782] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=33639 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:58:44.854Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:01:46 honeypot-ams-1 sshd[8422]: Connection closed by invalid user admin 221.161.74.247 port 55160 [preauth]","@timestamp":"2022-09-19T13:01:47.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:03:30 honeypot-fra-1 kernel: [84467014.777755] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=11368 PROTO=TCP SPT=51977 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:03:30.978Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T13:04:00.824Z","@version":"1","message":"Sep 19 13:04:00 honeypot-sgp-1 sshd[1401]: Disconnected from authenticating user root 61.177.172.19 port 31176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:05:17 honeypot-fra-1 sshd[32663]: Disconnected from invalid user sftp 118.27.26.17 port 58702 [preauth]","@timestamp":"2022-09-19T13:05:18.019Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:10:05 honeypot-ams-1 sshd[8427]: Disconnected from invalid user test 187.190.252.164 port 54616 [preauth]","@timestamp":"2022-09-19T13:10:06.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:11:59 honeypot-fra-1 kernel: [84467523.058145] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.134 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=59078 PROTO=TCP SPT=37745 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:11:59.164Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T13:14:36.075Z","@version":"1","message":"Sep 19 13:14:35 honeypot-sgp-1 sshd[1407]: Disconnected from authenticating user root 92.255.85.69 port 32252 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:17:01 honeypot-ams-1 CRON[8433]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T13:17:01.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:18:30 honeypot-ams-1 sshd[8439]: Received disconnect from 137.184.113.110 port 60088:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:18:30.887Z"}
{"@timestamp":"2022-09-19T13:20:46.245Z","@version":"1","message":"Sep 19 13:20:45 honeypot-sgp-1 kernel: [84469746.994755] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32437 PROTO=TCP SPT=53163 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:21:31 honeypot-fra-1 kernel: [84468095.273457] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48603 PROTO=TCP SPT=53163 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:21:31.378Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T13:21:54.277Z","@version":"1","message":"Sep 19 13:21:53 honeypot-sgp-1 sshd[1425]: Disconnected from invalid user teamspeakserver 66.29.130.103 port 59674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:44 honeypot-fra-1 sshd[32681]: Connection closed by invalid user admin 128.199.160.207 port 54696 [preauth]","@timestamp":"2022-09-19T13:26:44.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:28:40 honeypot-fra-1 kernel: [84468524.560824] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=40724 PROTO=TCP SPT=51977 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:28:41.544Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:30:07 honeypot-ams-1 sshd[8446]: Invalid user admin from 112.186.242.154 port 40164","@timestamp":"2022-09-19T13:30:08.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:02 honeypot-ams-1 sshd[8451]: Disconnected from authenticating user root 95.251.178.212 port 60344 [preauth]","@timestamp":"2022-09-19T13:32:03.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:03 honeypot-ams-1 sshd[8457]: Received disconnect from 95.251.178.212 port 60460:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:04.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:04 honeypot-ams-1 sshd[8463]: Received disconnect from 95.251.178.212 port 60508:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:05.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:05 honeypot-ams-1 sshd[8469]: Received disconnect from 95.251.178.212 port 60578:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:06.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:06 honeypot-ams-1 sshd[8475]: Received disconnect from 95.251.178.212 port 60624:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:07.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:08 honeypot-ams-1 sshd[8481]: Received disconnect from 95.251.178.212 port 60658:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:08.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:09 honeypot-ams-1 sshd[8487]: Received disconnect from 95.251.178.212 port 60698:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:09.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:10 honeypot-ams-1 sshd[8493]: Received disconnect from 95.251.178.212 port 60734:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:10.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:11 honeypot-ams-1 sshd[8499]: Received disconnect from 95.251.178.212 port 60760:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:12.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:12 honeypot-ams-1 sshd[8505]: Received disconnect from 95.251.178.212 port 60794:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:13.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:13 honeypot-ams-1 sshd[8511]: Received disconnect from 95.251.178.212 port 32872:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:14.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:14 honeypot-ams-1 sshd[8517]: Received disconnect from 95.251.178.212 port 32930:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:15.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:15 honeypot-ams-1 sshd[8523]: Invalid user admin from 95.251.178.212 port 32972","@timestamp":"2022-09-19T13:32:16.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:16 honeypot-ams-1 sshd[8527]: Invalid user admin from 95.251.178.212 port 33030","@timestamp":"2022-09-19T13:32:17.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8531]: Invalid user admin from 95.251.178.212 port 33046","@timestamp":"2022-09-19T13:32:17.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8535]: Invalid user admin from 95.251.178.212 port 33068","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8539]: Invalid user admin from 95.251.178.212 port 33090","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:19 honeypot-ams-1 sshd[8543]: Invalid user user from 95.251.178.212 port 33126","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:19 honeypot-ams-1 sshd[8547]: Disconnected from authenticating user root 95.251.178.212 port 33142 [preauth]","@timestamp":"2022-09-19T13:32:20.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:20 honeypot-ams-1 sshd[8551]: Disconnected from invalid user pi 95.251.178.212 port 33162 [preauth]","@timestamp":"2022-09-19T13:32:21.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8557]: Disconnected from invalid user ethos 95.251.178.212 port 33182 [preauth]","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8553]: Disconnected from invalid user leila 178.128.217.58 port 58946 [preauth]","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8563]: Disconnected from invalid user xbmc 95.251.178.212 port 33356 [preauth]","@timestamp":"2022-09-19T13:32:23.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:23 honeypot-ams-1 sshd[8567]: Disconnected from invalid user oracle 95.251.178.212 port 33496 [preauth]","@timestamp":"2022-09-19T13:32:24.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:24 honeypot-ams-1 sshd[8571]: Disconnected from invalid user postgres 95.251.178.212 port 33534 [preauth]","@timestamp":"2022-09-19T13:32:24.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:24 honeypot-ams-1 sshd[8575]: Disconnected from invalid user support 95.251.178.212 port 33564 [preauth]","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8579]: Disconnected from invalid user ubuntu 95.251.178.212 port 33584 [preauth]","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8583]: Disconnected from invalid user ubuntu 95.251.178.212 port 33650 [preauth]","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8587]: Disconnected from invalid user guest 95.251.178.212 port 33666 [preauth]","@timestamp":"2022-09-19T13:32:27.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:27 honeypot-ams-1 sshd[8591]: Disconnected from invalid user cirros 95.251.178.212 port 33682 [preauth]","@timestamp":"2022-09-19T13:32:28.263Z"}
{"@timestamp":"2022-09-19T13:35:23.613Z","@version":"1","message":"Sep 19 13:35:23 honeypot-sgp-1 sshd[1434]: Disconnected from authenticating user root 61.177.173.46 port 28587 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:36:29 honeypot-ams-1 sshd[8595]: Disconnected from authenticating user root 137.184.59.232 port 40738 [preauth]","@timestamp":"2022-09-19T13:36:30.369Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:36:41 honeypot-fra-1 sshd[32689]: Disconnected from invalid user user 45.61.187.160 port 48438 [preauth]","@timestamp":"2022-09-19T13:36:41.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:04 honeypot-fra-1 sshd[32693]: Disconnected from invalid user user 45.61.187.160 port 43618 [preauth]","@timestamp":"2022-09-19T13:37:05.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:26 honeypot-fra-1 sshd[32698]: Received disconnect from 45.61.187.160 port 38800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:26.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:37 honeypot-fra-1 sshd[32702]: Received disconnect from 45.61.186.49 port 34992:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:37.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:41 honeypot-fra-1 sshd[32706]: Received disconnect from 45.61.186.49 port 40632:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:42.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:47 honeypot-fra-1 sshd[32710]: Received disconnect from 45.61.187.160 port 33974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:47.757Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:42:31.790Z","@version":"1","message":"Sep 19 13:42:31 honeypot-sgp-1 sshd[1441]: Disconnected from authenticating user root 61.177.173.50 port 47052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:43:56 honeypot-fra-1 sshd[32716]: Connection closed by authenticating user root 179.60.147.69 port 48568 [preauth]","@timestamp":"2022-09-19T13:43:56.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:46:32.893Z","@version":"1","message":"Sep 19 13:46:32 honeypot-sgp-1 sshd[1448]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:52:17 honeypot-ams-1 kernel: [84472116.491045] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=23385 PROTO=TCP SPT=53829 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:52:17.802Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:58:16 honeypot-fra-1 kernel: [84470299.889107] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48713 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:58:16.217Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T14:04:47.390Z","@version":"1","message":"Sep 19 14:04:46 honeypot-sgp-1 kernel: [84472388.294974] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.8.68.70 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=30811 DF PROTO=TCP SPT=51131 DPT=3389 WINDOW=65500 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:06:49 honeypot-ams-1 kernel: [84472988.859712] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41591 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:06:50.200Z"}
{"@timestamp":"2022-09-19T14:09:53.518Z","@version":"1","message":"Sep 19 14:09:53 honeypot-sgp-1 kernel: [84472694.585191] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=63608 PROTO=TCP SPT=53829 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:11:56.572Z","@version":"1","message":"Sep 19 14:11:56 honeypot-sgp-1 sshd[1468]: Invalid user whater from 83.56.9.96 port 59164","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:43 honeypot-fra-1 sshd[32728]: error: maximum authentication attempts exceeded for root from 89.109.32.143 port 5182 ssh2 [preauth]","@timestamp":"2022-09-19T14:12:43.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:46 honeypot-fra-1 sshd[32734]: Invalid user admin from 89.109.32.143 port 6018","@timestamp":"2022-09-19T14:12:46.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:49 honeypot-fra-1 sshd[32738]: Invalid user admin from 89.109.32.143 port 6779","@timestamp":"2022-09-19T14:12:49.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:52 honeypot-fra-1 sshd[32742]: Invalid user oracle from 89.109.32.143 port 7470","@timestamp":"2022-09-19T14:12:52.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:55 honeypot-fra-1 sshd[32746]: Invalid user usuario from 89.109.32.143 port 8190","@timestamp":"2022-09-19T14:12:55.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:59 honeypot-fra-1 sshd[32750]: Invalid user usuario from 89.109.32.143 port 8966","@timestamp":"2022-09-19T14:12:59.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:01 honeypot-fra-1 sshd[32754]: Invalid user test from 89.109.32.143 port 9620","@timestamp":"2022-09-19T14:13:02.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:04 honeypot-fra-1 sshd[32758]: Invalid user user from 89.109.32.143 port 10233","@timestamp":"2022-09-19T14:13:04.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:07 honeypot-fra-1 sshd[32762]: Invalid user user from 89.109.32.143 port 11029","@timestamp":"2022-09-19T14:13:08.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:11 honeypot-fra-1 sshd[32766]: Invalid user ftpuser from 89.109.32.143 port 11809","@timestamp":"2022-09-19T14:13:11.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:14 honeypot-fra-1 sshd[302]: Invalid user test1 from 89.109.32.143 port 12485","@timestamp":"2022-09-19T14:13:14.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:16 honeypot-fra-1 sshd[306]: Disconnected from invalid user ftpuser 92.255.85.69 port 55138 [preauth]","@timestamp":"2022-09-19T14:13:16.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:18 honeypot-fra-1 sshd[310]: Invalid user test2 from 89.109.32.143 port 13372","@timestamp":"2022-09-19T14:13:18.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:21 honeypot-fra-1 sshd[314]: Invalid user test2 from 89.109.32.143 port 14181","@timestamp":"2022-09-19T14:13:22.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:24 honeypot-fra-1 sshd[318]: Invalid user ubuntu from 89.109.32.143 port 14811","@timestamp":"2022-09-19T14:13:24.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:27 honeypot-fra-1 sshd[322]: Invalid user ubuntu from 89.109.32.143 port 15471","@timestamp":"2022-09-19T14:13:27.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:29 honeypot-fra-1 sshd[324]: Received disconnect from 89.109.32.143 port 15729:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:29.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:32 honeypot-fra-1 sshd[328]: Received disconnect from 89.109.32.143 port 16370:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:32.607Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:15:58.672Z","@version":"1","message":"Sep 19 14:15:58 honeypot-sgp-1 sshd[1475]: Received disconnect from 144.24.116.174 port 33768:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:17:01 honeypot-ams-1 CRON[8608]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T14:17:02.468Z"}
{"@timestamp":"2022-09-19T14:17:33.713Z","@version":"1","message":"Sep 19 14:17:32 honeypot-sgp-1 sshd[1480]: Disconnected from invalid user ftpuser 92.255.85.69 port 24622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:19:09 honeypot-ams-1 sshd[8613]: Disconnected from invalid user n 103.140.181.14 port 48284 [preauth]","@timestamp":"2022-09-19T14:19:09.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:20:07 honeypot-fra-1 kernel: [84471610.855247] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=12433 PROTO=TCP SPT=48090 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:20:07.752Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T14:20:15.784Z","@version":"1","message":"Sep 19 14:20:15 honeypot-sgp-1 sshd[1487]: Disconnected from authenticating user root 61.177.173.48 port 13025 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:23:18.862Z","@version":"1","message":"Sep 19 14:23:18 honeypot-sgp-1 sshd[1492]: Received disconnect from 45.61.186.49 port 54652:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:23:30.869Z","@version":"1","message":"Sep 19 14:23:29 honeypot-sgp-1 sshd[1496]: Received disconnect from 45.61.186.49 port 37912:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:25:33.922Z","@version":"1","message":"Sep 19 14:25:33 honeypot-sgp-1 sshd[1500]: Disconnected from authenticating user root 61.177.172.104 port 26341 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:28:47 honeypot-fra-1 sshd[342]: Received disconnect from 202.73.11.37 port 58332:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:28:47.946Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:30:35 honeypot-ams-1 kernel: [84474414.148177] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=39325 PROTO=TCP SPT=57806 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:30:35.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:31:12 honeypot-fra-1 sshd[345]: Disconnected from 161.35.131.133 port 40974 [preauth]","@timestamp":"2022-09-19T14:31:13.133Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:32:16 honeypot-ams-1 sshd[8624]: Disconnected from invalid user lionel 129.150.50.94 port 38336 [preauth]","@timestamp":"2022-09-19T14:32:16.897Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:33:13 honeypot-ams-1 sshd[8630]: Invalid user admin from 46.19.141.122 port 40030","@timestamp":"2022-09-19T14:33:13.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:01 honeypot-ams-1 sshd[8634]: Invalid user user from 46.19.141.122 port 56692","@timestamp":"2022-09-19T14:34:01.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:50 honeypot-ams-1 sshd[8638]: Invalid user pi from 46.19.141.122 port 47008","@timestamp":"2022-09-19T14:34:50.972Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:35:20 honeypot-ams-1 sshd[8642]: Connection closed by authenticating user root 103.188.176.251 port 37640 [preauth]","@timestamp":"2022-09-19T14:35:20.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:36:14 honeypot-ams-1 sshd[8647]: Received disconnect from 46.19.141.122 port 36302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:36:15.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:37:14 honeypot-ams-1 sshd[8651]: Received disconnect from 46.19.141.122 port 58884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:37:15.047Z"}
{"@timestamp":"2022-09-19T14:37:31.215Z","@version":"1","message":"Sep 19 14:37:30 honeypot-sgp-1 kernel: [84474352.127831] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60742 PROTO=TCP SPT=59047 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:38:18 honeypot-ams-1 sshd[8655]: Disconnected from authenticating user root 46.19.141.122 port 55780 [preauth]","@timestamp":"2022-09-19T14:38:19.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:39:59 honeypot-ams-1 sshd[8661]: Received disconnect from 46.19.141.122 port 44922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:40:00.125Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:40:23 honeypot-fra-1 kernel: [84472827.229147] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59077 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:40:24.369Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:41:18 honeypot-ams-1 sshd[8668]: Connection closed by 220.246.166.71 port 45625 [preauth]","@timestamp":"2022-09-19T14:41:18.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:42:39 honeypot-ams-1 sshd[8674]: Received disconnect from 46.19.141.122 port 35444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:42:40.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[360]: Invalid user testuser from 101.100.242.83 port 53558","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[366]: Invalid user ftpadmin from 101.100.242.83 port 53522","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[372]: Invalid user testuser from 101.100.242.83 port 53548","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[379]: Invalid user es from 101.100.242.83 port 53574","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[363]: Connection closed by invalid user user 101.100.242.83 port 53580 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[361]: Connection closed by invalid user es 101.100.242.83 port 53550 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[369]: Connection closed by invalid user admin 101.100.242.83 port 53508 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[373]: Connection closed by authenticating user root 101.100.242.83 port 53538 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:39 honeypot-fra-1 sshd[379]: Connection closed by invalid user es 101.100.242.83 port 53574 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:48:45.491Z","@version":"1","message":"Sep 19 14:48:45 honeypot-sgp-1 sshd[1516]: Disconnected from 61.177.173.52 port 34067 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:49:37 honeypot-ams-1 kernel: [84475556.063484] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.66.73.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=33498 PROTO=TCP SPT=47435 DPT=80 WINDOW=54217 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:49:37.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:54:00 honeypot-fra-1 sshd[420]: Connection closed by invalid user pi 91.160.19.34 port 7512 [preauth]","@timestamp":"2022-09-19T14:54:00.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:55:47 honeypot-ams-1 kernel: [84475926.111288] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.138 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=35850 PROTO=TCP SPT=44433 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:55:47.542Z"}
{"@timestamp":"2022-09-19T14:56:47.708Z","@version":"1","message":"Sep 19 14:56:47 honeypot-sgp-1 sshd[1523]: Received disconnect from 61.177.173.46 port 10786:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:59:07 honeypot-ams-1 sshd[8687]: Invalid user semira from 46.101.207.32 port 33670","@timestamp":"2022-09-19T14:59:08.631Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:59:12 honeypot-fra-1 sshd[427]: Invalid user liverpool from 165.22.45.108 port 55242","@timestamp":"2022-09-19T14:59:12.795Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:00:05.792Z","@version":"1","message":"Sep 19 15:00:04 honeypot-sgp-1 sshd[1528]: Disconnected from authenticating user root 218.92.0.221 port 28799 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:04:04.892Z","@version":"1","message":"Sep 19 15:04:04 honeypot-sgp-1 sshd[1536]: Disconnected from authenticating user root 61.177.172.98 port 32234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:05:07 honeypot-fra-1 sshd[432]: Received disconnect from 105.174.16.46 port 39269:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:05:07.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:09:56 honeypot-ams-1 kernel: [84476775.747323] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64158 PROTO=TCP SPT=59603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:09:56.915Z"}
{"@timestamp":"2022-09-19T15:12:06.089Z","@version":"1","message":"Sep 19 15:12:05 honeypot-sgp-1 sshd[1543]: Received disconnect from 218.92.0.221 port 21087:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:15:41 honeypot-fra-1 sshd[438]: Received disconnect from 159.203.113.193 port 40932:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:15:41.184Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:16:25.200Z","@version":"1","message":"Sep 19 15:16:24 honeypot-sgp-1 kernel: [84476685.818968] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.92.22.102 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=53795 PROTO=TCP SPT=40581 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:17:46.236Z","@version":"1","message":"Sep 19 15:17:45 honeypot-sgp-1 sshd[1553]: Disconnected from authenticating user root 61.177.173.36 port 19956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:19:03.269Z","@version":"1","message":"Sep 19 15:19:02 honeypot-sgp-1 sshd[1559]: Disconnected from invalid user squid 92.255.85.70 port 34546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:20:43 honeypot-ams-1 sshd[8695]: Received disconnect from 92.255.85.70 port 61684:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:20:43.189Z"}
{"@timestamp":"2022-09-19T15:30:21.543Z","@version":"1","message":"Sep 19 15:30:21 honeypot-sgp-1 kernel: [84477522.760885] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.86.202.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=37816 DF PROTO=TCP SPT=26811 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:32:24.598Z","@version":"1","message":"Sep 19 15:32:24 honeypot-sgp-1 sshd[1573]: Invalid user citasa from 112.65.128.90 port 42562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:32:48 honeypot-fra-1 sshd[447]: Invalid user cloudera from 179.60.147.69 port 4186","@timestamp":"2022-09-19T15:32:48.579Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:34:51.679Z","@version":"1","message":"Sep 19 15:34:50 honeypot-sgp-1 sshd[1577]: Invalid user xnq from 41.85.251.8 port 52152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:41:27 honeypot-ams-1 kernel: [84478666.552070] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34504 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:41:27.738Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:42:22 honeypot-fra-1 kernel: [84476545.700262] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=85 TOS=0x00 PREC=0x00 TTL=248 ID=58852 PROTO=TCP SPT=23733 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:42:22.798Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:43:10.876Z","@version":"1","message":"Sep 19 15:43:10 honeypot-sgp-1 sshd[1583]: Disconnected from authenticating user root 61.177.172.114 port 59028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:45:20.931Z","@version":"1","message":"Sep 19 15:45:19 honeypot-sgp-1 sshd[1589]: Invalid user monitor from 128.199.82.76 port 60784","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:47:46 honeypot-ams-1 kernel: [84479045.826144] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=54953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:47:47.915Z"}
{"@timestamp":"2022-09-19T15:48:00.997Z","@version":"1","message":"Sep 19 15:48:00 honeypot-sgp-1 sshd[1594]: Disconnected from invalid user user 45.61.186.249 port 40904 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:20.007Z","@version":"1","message":"Sep 19 15:48:19 honeypot-sgp-1 sshd[1599]: Disconnected from invalid user user 45.61.186.249 port 35274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:40.017Z","@version":"1","message":"Sep 19 15:48:39 honeypot-sgp-1 sshd[1603]: Disconnected from invalid user user 45.61.186.249 port 57880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:58.026Z","@version":"1","message":"Sep 19 15:48:57 honeypot-sgp-1 sshd[1609]: Invalid user user from 45.61.186.249 port 52232","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:49:30.041Z","@version":"1","message":"Sep 19 15:49:29 honeypot-sgp-1 sshd[1615]: Received disconnect from 203.172.41.149 port 6170:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:50:50.077Z","@version":"1","message":"Sep 19 15:50:49 honeypot-sgp-1 sshd[1617]: Disconnected from invalid user ds 104.131.12.184 port 45072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:52:08 honeypot-ams-1 sshd[8706]: Received disconnect from 92.255.85.70 port 15484:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:52:09.032Z"}
{"@timestamp":"2022-09-19T15:52:35.120Z","@version":"1","message":"Sep 19 15:52:34 honeypot-sgp-1 sshd[1622]: Disconnected from invalid user influxdb 165.232.176.114 port 45402 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:53:01 honeypot-fra-1 sshd[456]: Invalid user medias from 13.76.166.169 port 35824","@timestamp":"2022-09-19T15:53:02.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:53:11 honeypot-fra-1 kernel: [84477195.077254] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=19002 PROTO=TCP SPT=47432 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:53:12.041Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:55:47.219Z","@version":"1","message":"Sep 19 15:55:46 honeypot-sgp-1 sshd[1630]: Invalid user watchthestate from 118.101.192.62 port 60656","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:59:38 honeypot-ams-1 sshd[8709]: Received disconnect from 103.139.186.58 port 47366:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:59:39.237Z"}
{"@timestamp":"2022-09-19T15:59:42.314Z","@version":"1","message":"Sep 19 15:59:42 honeypot-sgp-1 sshd[1637]: Disconnected from authenticating user root 61.177.173.50 port 50962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:02:05 honeypot-ams-1 sshd[8714]: Disconnected from invalid user administrator 80.99.176.199 port 41734 [preauth]","@timestamp":"2022-09-19T16:02:06.302Z"}
{"@timestamp":"2022-09-19T16:04:16.424Z","@version":"1","message":"Sep 19 16:04:16 honeypot-sgp-1 sshd[1643]: Disconnected from invalid user oracle 39.109.127.242 port 45684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:05:57 honeypot-fra-1 kernel: [84477960.594218] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=108.137.10.152 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=65173 DF PROTO=TCP SPT=60734 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T16:05:57.324Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:11:00 honeypot-ams-1 sshd[8719]: Connection closed by invalid user amx 179.60.147.69 port 44074 [preauth]","@timestamp":"2022-09-19T16:11:01.540Z"}
{"@timestamp":"2022-09-19T16:16:34.718Z","@version":"1","message":"Sep 19 16:16:33 honeypot-sgp-1 sshd[1649]: Disconnected from authenticating user root 92.255.85.69 port 49494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:17:01 honeypot-fra-1 CRON[473]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T16:17:01.572Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:17:10.736Z","@version":"1","message":"Sep 19 16:17:10 honeypot-sgp-1 sshd[1655]: Disconnected from invalid user user 45.61.187.160 port 33466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:31.746Z","@version":"1","message":"Sep 19 16:17:30 honeypot-sgp-1 sshd[1659]: Disconnected from invalid user user 45.61.187.160 port 56188 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:50.757Z","@version":"1","message":"Sep 19 16:17:49 honeypot-sgp-1 sshd[1663]: Disconnected from invalid user user 45.61.187.160 port 50692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:18:08.765Z","@version":"1","message":"Sep 19 16:18:08 honeypot-sgp-1 sshd[1667]: Disconnected from invalid user user 45.61.187.160 port 45186 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:18:34 honeypot-fra-1 sshd[496]: Connection closed by authenticating user root 221.2.93.118 port 42013 [preauth]","@timestamp":"2022-09-19T16:18:34.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:19:09 honeypot-ams-1 sshd[8728]: Received disconnect from 61.177.173.51 port 64051:11:  [preauth]","@timestamp":"2022-09-19T16:19:10.754Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:22:29 honeypot-ams-1 kernel: [84481128.596594] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.205.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34548 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:22:29.845Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:24:54 honeypot-fra-1 sshd[507]: Received disconnect from 121.136.39.210 port 58754:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:24:54.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:27:56.000Z","@version":"1","message":"Sep 19 16:27:55 honeypot-sgp-1 sshd[1674]: Invalid user ubnt from 222.117.98.91 port 46954","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:29:27 honeypot-fra-1 kernel: [84479371.478847] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=15.197.142.173 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:29:28.883Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:49 honeypot-ams-1 sshd[8743]: Received disconnect from 98.40.14.28 port 37080:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:50.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:51 honeypot-ams-1 sshd[8747]: Disconnected from authenticating user root 98.40.14.28 port 37204 [preauth]","@timestamp":"2022-09-19T16:29:52.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:55 honeypot-ams-1 sshd[8753]: Disconnected from authenticating user root 98.40.14.28 port 37434 [preauth]","@timestamp":"2022-09-19T16:29:56.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:58 honeypot-ams-1 sshd[8759]: Disconnected from authenticating user root 98.40.14.28 port 37624 [preauth]","@timestamp":"2022-09-19T16:29:59.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:01 honeypot-ams-1 sshd[8765]: Disconnected from authenticating user root 98.40.14.28 port 37816 [preauth]","@timestamp":"2022-09-19T16:30:02.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:04 honeypot-ams-1 sshd[8771]: Disconnected from authenticating user root 98.40.14.28 port 38038 [preauth]","@timestamp":"2022-09-19T16:30:05.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:07 honeypot-ams-1 sshd[8777]: Disconnected from authenticating user root 98.40.14.28 port 38302 [preauth]","@timestamp":"2022-09-19T16:30:08.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:10 honeypot-ams-1 sshd[8783]: Disconnected from authenticating user root 98.40.14.28 port 38480 [preauth]","@timestamp":"2022-09-19T16:30:11.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:13 honeypot-ams-1 sshd[8789]: Disconnected from authenticating user root 98.40.14.28 port 38654 [preauth]","@timestamp":"2022-09-19T16:30:14.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:16 honeypot-ams-1 sshd[8795]: Disconnected from authenticating user root 98.40.14.28 port 38848 [preauth]","@timestamp":"2022-09-19T16:30:17.062Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:20 honeypot-ams-1 sshd[8801]: Disconnected from authenticating user root 98.40.14.28 port 39068 [preauth]","@timestamp":"2022-09-19T16:30:21.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:22 honeypot-ams-1 sshd[8805]: Disconnected from invalid user admin 98.40.14.28 port 39192 [preauth]","@timestamp":"2022-09-19T16:30:23.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:24 honeypot-ams-1 sshd[8809]: Disconnected from invalid user admin 98.40.14.28 port 39292 [preauth]","@timestamp":"2022-09-19T16:30:25.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:26 honeypot-ams-1 sshd[8813]: Disconnected from invalid user admin 98.40.14.28 port 39418 [preauth]","@timestamp":"2022-09-19T16:30:26.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:28 honeypot-ams-1 sshd[8817]: Disconnected from invalid user admin 98.40.14.28 port 39538 [preauth]","@timestamp":"2022-09-19T16:30:28.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:30 honeypot-ams-1 sshd[8821]: Disconnected from invalid user admin 98.40.14.28 port 39714 [preauth]","@timestamp":"2022-09-19T16:30:30.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:33 honeypot-ams-1 sshd[8827]: Received disconnect from 98.40.14.28 port 39958:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:34.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:35 honeypot-ams-1 sshd[8831]: Received disconnect from 98.40.14.28 port 40106:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:35.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:36 honeypot-ams-1 sshd[8835]: Received disconnect from 98.40.14.28 port 40206:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:37.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:38 honeypot-ams-1 sshd[8839]: Received disconnect from 98.40.14.28 port 40332:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:39.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:40 honeypot-ams-1 sshd[8843]: Received disconnect from 98.40.14.28 port 40430:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:41.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:44 honeypot-ams-1 sshd[8847]: Received disconnect from 98.40.14.28 port 40558:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:44.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:45 honeypot-ams-1 sshd[8852]: Received disconnect from 98.40.14.28 port 40742:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:46.084Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:47 honeypot-ams-1 sshd[8856]: Received disconnect from 98.40.14.28 port 40844:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:48.086Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:49 honeypot-ams-1 sshd[8860]: Received disconnect from 98.40.14.28 port 40972:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:50.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:51 honeypot-ams-1 sshd[8864]: Received disconnect from 98.40.14.28 port 41096:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:52.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:53 honeypot-ams-1 sshd[8868]: Received disconnect from 98.40.14.28 port 41198:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:54.090Z"}
{"@timestamp":"2022-09-19T16:34:59.169Z","@version":"1","message":"Sep 19 16:34:58 honeypot-sgp-1 kernel: [84481400.236571] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=85 TOS=0x00 PREC=0x00 TTL=245 ID=35916 PROTO=TCP SPT=16827 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:37:52 honeypot-fra-1 kernel: [84479876.092098] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=54154 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:37:53.070Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:38:05 honeypot-ams-1 kernel: [84482064.446167] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=58440 PROTO=TCP SPT=46239 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:38:06.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:39:29 honeypot-fra-1 sshd[511]: Connection closed by 5.228.238.226 port 38391 [preauth]","@timestamp":"2022-09-19T16:39:29.110Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:44:18.391Z","@version":"1","message":"Sep 19 16:44:18 honeypot-sgp-1 kernel: [84481959.642282] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=38396 PROTO=TCP SPT=45504 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:45:08 honeypot-ams-1 sshd[8882]: Received disconnect from 61.177.172.114 port 15467:11:  [preauth]","@timestamp":"2022-09-19T16:45:09.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:45:55 honeypot-ams-1 sshd[8886]: Disconnected from invalid user hacluster 92.255.85.70 port 51788 [preauth]","@timestamp":"2022-09-19T16:45:56.486Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:48:12 honeypot-fra-1 kernel: [84480495.712437] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.7 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48269 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:48:12.303Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T16:50:46.549Z","@version":"1","message":"Sep 19 16:50:45 honeypot-sgp-1 sshd[1686]: Received disconnect from 129.146.247.68 port 53528:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:52:23.589Z","@version":"1","message":"Sep 19 16:52:23 honeypot-sgp-1 sshd[1688]: Disconnected from invalid user alexandre 182.253.113.140 port 52364 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:53:41 honeypot-ams-1 sshd[8895]: Received disconnect from 177.91.250.132 port 35496:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:53:41.695Z"}
{"@timestamp":"2022-09-19T16:54:29.641Z","@version":"1","message":"Sep 19 16:54:29 honeypot-sgp-1 sshd[1692]: Disconnected from invalid user admin 20.244.1.170 port 42526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:56:44.695Z","@version":"1","message":"Sep 19 16:56:44 honeypot-sgp-1 sshd[1697]: Disconnected from invalid user adva 207.154.205.34 port 55526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:00:32 honeypot-ams-1 sshd[8902]: Disconnected from invalid user newadmin 159.65.163.176 port 40102 [preauth]","@timestamp":"2022-09-19T17:00:32.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:00:52 honeypot-fra-1 kernel: [84481255.818708] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.89.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52780 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:00:52.584Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:02:14 honeypot-ams-1 sshd[8911]: Received disconnect from 61.177.173.50 port 39894:11:  [preauth]","@timestamp":"2022-09-19T17:02:14.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:05:53 honeypot-fra-1 sshd[527]: Disconnected from invalid user admin 92.255.85.69 port 56724 [preauth]","@timestamp":"2022-09-19T17:05:54.696Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:09:02.009Z","@version":"1","message":"Sep 19 17:09:01 honeypot-sgp-1 CRON[1700]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:09:54 honeypot-ams-1 kernel: [84483973.452817] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=60556 PROTO=TCP SPT=59758 DPT=80 WINDOW=47670 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:09:55.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:10:05 honeypot-fra-1 kernel: [84481809.145784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61823 PROTO=TCP SPT=43309 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:10:05.790Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T17:12:17.088Z","@version":"1","message":"Sep 19 17:12:17 honeypot-sgp-1 sshd[1706]: Invalid user admin from 137.184.48.78 port 42044","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:12:21.092Z","@version":"1","message":"Sep 19 17:12:21 honeypot-sgp-1 sshd[1712]: Invalid user admin from 137.184.48.78 port 57124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:13:35 honeypot-ams-1 kernel: [84484194.227692] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=54570 PROTO=TCP SPT=14887 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:13:36.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:17:16 honeypot-ams-1 sshd[8931]: Received disconnect from 110.49.17.95 port 35294:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:17:17.348Z"}
{"@timestamp":"2022-09-19T17:19:25.261Z","@version":"1","message":"Sep 19 17:19:25 honeypot-sgp-1 sshd[1718]: Invalid user postgres from 5.195.211.234 port 53438","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:21:16 honeypot-ams-1 kernel: [84484655.157976] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57860 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:21:16.453Z"}
{"@timestamp":"2022-09-19T17:24:41.388Z","@version":"1","message":"Sep 19 17:24:40 honeypot-sgp-1 kernel: [84484381.949001] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=231 ID=2235 PROTO=TCP SPT=61003 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:29:25 honeypot-ams-1 kernel: [84485144.289635] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.42.15.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=64228 PROTO=TCP SPT=34774 DPT=443 WINDOW=53143 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:29:25.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:30:33 honeypot-fra-1 kernel: [84483037.216369] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=27482 PROTO=TCP SPT=48605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:30:34.237Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:36:08 honeypot-fra-1 sshd[546]: Received disconnect from 103.63.212.91 port 41284:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:36:09.364Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:36:30 honeypot-ams-1 kernel: [84485569.344060] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.44.108.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=47150 PROTO=TCP SPT=36872 DPT=80 WINDOW=59248 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:36:30.849Z"}
{"@timestamp":"2022-09-19T17:37:33.709Z","@version":"1","message":"Sep 19 17:37:33 honeypot-sgp-1 sshd[1729]: Did not receive identification string from 45.61.184.204 port 56182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:07.724Z","@version":"1","message":"Sep 19 17:38:06 honeypot-sgp-1 sshd[1732]: Disconnected from invalid user user 45.61.184.204 port 37200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:24.732Z","@version":"1","message":"Sep 19 17:38:24 honeypot-sgp-1 sshd[1736]: Disconnected from invalid user user 45.61.184.204 port 60692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:41.740Z","@version":"1","message":"Sep 19 17:38:41 honeypot-sgp-1 sshd[1740]: Disconnected from invalid user user 45.61.184.204 port 55952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:40:29 honeypot-ams-1 kernel: [84485808.467479] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.236.249.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=12664 PROTO=TCP SPT=48384 DPT=443 WINDOW=28330 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:40:29.954Z"}
{"@timestamp":"2022-09-19T17:42:28.830Z","@version":"1","message":"Sep 19 17:42:28 honeypot-sgp-1 kernel: [84485449.701924] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=53832 PROTO=TCP SPT=49272 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:43:12 honeypot-fra-1 kernel: [84483795.445707] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.67.180 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=61354 PROTO=TCP SPT=49390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:43:12.517Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:45:51 honeypot-ams-1 sshd[8964]: Received disconnect from 192.18.136.28 port 45042:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:45:52.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:46:40 honeypot-fra-1 sshd[553]: Received disconnect from 167.172.159.73 port 46100:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:46:40.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:48:15 honeypot-fra-1 sshd[558]: Invalid user games1 from 129.205.124.253 port 40168","@timestamp":"2022-09-19T17:48:15.631Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:49:46 honeypot-ams-1 sshd[8968]: Did not receive identification string from 134.122.123.117 port 52996","@timestamp":"2022-09-19T17:49:47.200Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[571]: Connection closed by authenticating user root 57.128.11.39 port 33718 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[581]: Invalid user hadoop from 57.128.11.39 port 33732","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[583]: Invalid user admin from 57.128.11.39 port 33748","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[570]: Connection closed by authenticating user root 57.128.11.39 port 33724 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[576]: Connection closed by invalid user admin 57.128.11.39 port 33688 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[567]: Connection closed by authenticating user root 57.128.11.39 port 33740 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[562]: Connection closed by invalid user oracle 57.128.11.39 port 33704 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[615]: Invalid user elastic from 57.128.11.39 port 33678","@timestamp":"2022-09-19T17:49:52.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:50:58 honeypot-ams-1 sshd[8976]: Received disconnect from 134.122.123.117 port 60244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:50:59.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:51:46 honeypot-ams-1 sshd[8982]: Received disconnect from 61.177.173.36 port 24007:11:  [preauth]","@timestamp":"2022-09-19T17:51:47.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:52:26 honeypot-ams-1 sshd[8988]: Received disconnect from 61.177.172.108 port 38741:11:  [preauth]","@timestamp":"2022-09-19T17:52:27.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:52:57 honeypot-ams-1 sshd[8992]: Disconnected from authenticating user root 134.122.123.117 port 48722 [preauth]","@timestamp":"2022-09-19T17:52:58.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:07 honeypot-ams-1 sshd[8998]: Invalid user git from 134.122.123.117 port 58818","@timestamp":"2022-09-19T17:54:07.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:53 honeypot-ams-1 sshd[9002]: Invalid user oracle from 134.122.123.117 port 37330","@timestamp":"2022-09-19T17:54:54.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:55:40 honeypot-ams-1 sshd[9006]: Invalid user odoo from 134.122.123.117 port 43918","@timestamp":"2022-09-19T17:55:40.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:25 honeypot-ams-1 sshd[9011]: Invalid user ec2-user from 134.122.123.117 port 50564","@timestamp":"2022-09-19T17:56:26.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:57:06 honeypot-fra-1 sshd[621]: Connection closed by invalid user USERID 179.60.147.69 port 19400 [preauth]","@timestamp":"2022-09-19T17:57:06.828Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:11 honeypot-ams-1 sshd[9015]: Invalid user ubuntu from 134.122.123.117 port 57332","@timestamp":"2022-09-19T17:57:12.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:57 honeypot-ams-1 sshd[9019]: Received disconnect from 217.237.114.97 port 17947:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:57:57.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:58:20 honeypot-ams-1 sshd[9024]: Invalid user jenkins from 134.122.123.117 port 38984","@timestamp":"2022-09-19T17:58:20.452Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:59:03 honeypot-ams-1 kernel: [84486922.524819] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.89.149.84 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=57159 PROTO=TCP SPT=9746 DPT=80 WINDOW=562 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:59:04.475Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:13 honeypot-ams-1 sshd[9030]: Disconnected from invalid user color 104.209.150.176 port 1664 [preauth]","@timestamp":"2022-09-19T17:59:14.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:52 honeypot-ams-1 sshd[9038]: Invalid user svn from 134.122.123.117 port 52312","@timestamp":"2022-09-19T17:59:53.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:20 honeypot-ams-1 sshd[9042]: Invalid user ges from 43.133.6.150 port 49718","@timestamp":"2022-09-19T18:00:20.515Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:00:43 honeypot-ams-1 kernel: [84487022.204292] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=26416 PROTO=TCP SPT=50403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:00:43.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:01:26 honeypot-ams-1 sshd[9049]: Disconnected from invalid user db2inst1 134.122.123.117 port 37448 [preauth]","@timestamp":"2022-09-19T18:01:27.548Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:05:35 honeypot-ams-1 sshd[9055]: Invalid user newftpuser from 137.116.144.39 port 42886","@timestamp":"2022-09-19T18:05:35.657Z"}
{"@timestamp":"2022-09-19T18:05:50.369Z","@version":"1","message":"Sep 19 18:05:50 honeypot-sgp-1 kernel: [84486851.510548] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.25.67.180 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=7144 PROTO=TCP SPT=49390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:06:22 honeypot-fra-1 sshd[627]: Received disconnect from 161.35.138.131 port 37200:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:06:23.032Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:07:17 honeypot-fra-1 sshd[629]: Disconnected from invalid user admin 185.18.214.162 port 58258 [preauth]","@timestamp":"2022-09-19T18:07:18.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:08:10 honeypot-ams-1 sshd[9067]: Disconnected from authenticating user root 61.177.173.50 port 31622 [preauth]","@timestamp":"2022-09-19T18:08:11.728Z"}
{"@timestamp":"2022-09-19T18:13:34.552Z","@version":"1","message":"Sep 19 18:13:33 honeypot-sgp-1 kernel: [84487314.963880] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=33001 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:16:01 honeypot-ams-1 sshd[9074]: Received disconnect from 61.177.173.46 port 27768:11:  [preauth]","@timestamp":"2022-09-19T18:16:01.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:17:22 honeypot-ams-1 sshd[9079]: Received disconnect from 61.177.173.35 port 29729:11:  [preauth]","@timestamp":"2022-09-19T18:17:22.975Z"}
{"@timestamp":"2022-09-19T18:19:12.685Z","@version":"1","message":"Sep 19 18:19:11 honeypot-sgp-1 sshd[1835]: Invalid user user from 45.61.184.204 port 40560","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:31.695Z","@version":"1","message":"Sep 19 18:19:31 honeypot-sgp-1 sshd[1839]: Invalid user user from 45.61.184.204 port 35390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:50.704Z","@version":"1","message":"Sep 19 18:19:49 honeypot-sgp-1 sshd[1843]: Invalid user user from 45.61.184.204 port 58512","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:20:07.712Z","@version":"1","message":"Sep 19 18:20:07 honeypot-sgp-1 sshd[1847]: Invalid user user from 45.61.184.204 port 53332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:21:33 honeypot-fra-1 kernel: [84486097.144347] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=14.45.86.179 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=36460 DF PROTO=TCP SPT=6862 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:21:34.359Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:23:38 honeypot-ams-1 sshd[9084]: Received disconnect from 218.92.0.221 port 63424:11:  [preauth]","@timestamp":"2022-09-19T18:23:39.157Z"}
{"@timestamp":"2022-09-19T18:25:09.831Z","@version":"1","message":"Sep 19 18:25:09 honeypot-sgp-1 kernel: [84488010.664015] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=137.184.10.96 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=40429 PROTO=TCP SPT=61953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:26:13 honeypot-fra-1 sshd[640]: Disconnected from authenticating user root 68.183.232.27 port 55334 [preauth]","@timestamp":"2022-09-19T18:26:14.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:30:08 honeypot-ams-1 kernel: [84488787.054404] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.82.70.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=21822 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:30:08.351Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:30:55 honeypot-fra-1 kernel: [84486658.708405] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41097 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:30:55.566Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:35:30 honeypot-fra-1 sshd[653]: Invalid user dev from 101.33.218.153 port 10502","@timestamp":"2022-09-19T18:35:30.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:38:30 honeypot-ams-1 kernel: [84489288.790959] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=2757 PROTO=TCP SPT=31900 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:38:30.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:39:05 honeypot-fra-1 kernel: [84487148.567286] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.187.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44538 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:39:05.747Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:39:53 honeypot-ams-1 sshd[9103]: Invalid user user from 45.61.186.249 port 44034","@timestamp":"2022-09-19T18:39:53.608Z"}
{"@timestamp":"2022-09-19T18:40:09.179Z","@version":"1","message":"Sep 19 18:40:09 honeypot-sgp-1 sshd[1856]: Disconnected from invalid user test 202.61.105.17 port 46248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:12 honeypot-ams-1 sshd[9109]: Invalid user user from 45.61.186.249 port 39012","@timestamp":"2022-09-19T18:40:12.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:21 honeypot-ams-1 sshd[9112]: Disconnected from invalid user user 45.61.186.249 port 50658 [preauth]","@timestamp":"2022-09-19T18:40:21.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:40:27 honeypot-fra-1 sshd[686]: Disconnected from invalid user backups 92.255.85.70 port 51094 [preauth]","@timestamp":"2022-09-19T18:40:27.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:38 honeypot-ams-1 sshd[9118]: Invalid user user from 45.61.186.249 port 45614","@timestamp":"2022-09-19T18:40:39.633Z"}
{"@timestamp":"2022-09-19T18:44:07.274Z","@version":"1","message":"Sep 19 18:44:06 honeypot-sgp-1 kernel: [84489147.634420] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=84 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=24534 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:49:11 honeypot-ams-1 sshd[9126]: Invalid user dingdong from 180.250.248.169 port 49266","@timestamp":"2022-09-19T18:49:11.859Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:49:50 honeypot-fra-1 sshd[689]: Disconnected from authenticating user root 43.134.179.51 port 37302 [preauth]","@timestamp":"2022-09-19T18:49:50.988Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:50:24.418Z","@version":"1","message":"Sep 19 18:50:23 honeypot-sgp-1 sshd[1865]: Invalid user backups from 92.255.85.70 port 44790","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:50:28 honeypot-ams-1 sshd[9131]: Disconnected from authenticating user root 152.32.214.226 port 62242 [preauth]","@timestamp":"2022-09-19T18:50:28.894Z"}
{"@timestamp":"2022-09-19T18:51:52.477Z","@version":"1","message":"Sep 19 18:51:52 honeypot-sgp-1 sshd[1869]: Received disconnect from 206.42.39.53 port 40692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:52:44 honeypot-ams-1 kernel: [84490142.923460] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=61534 PROTO=TCP SPT=53455 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:52:44.954Z"}
{"@timestamp":"2022-09-19T18:55:34.562Z","@version":"1","message":"Sep 19 18:55:34 honeypot-sgp-1 sshd[1876]: Disconnected from authenticating user root 115.249.50.242 port 41302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:56:36 honeypot-fra-1 kernel: [84488200.154029] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55492 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:56:37.146Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:57:12 honeypot-ams-1 sshd[9142]: Received disconnect from 61.177.173.37 port 64926:11:  [preauth]","@timestamp":"2022-09-19T18:57:13.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:01:35 honeypot-fra-1 kernel: [84488498.390483] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=79 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=2010 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-19T19:01:35.259Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T19:04:20.763Z","@version":"1","message":"Sep 19 19:04:20 honeypot-sgp-1 sshd[1881]: Invalid user doru from 102.219.33.70 port 33382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:04:29 honeypot-ams-1 sshd[9147]: Received disconnect from 154.72.194.207 port 51508:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:04:30.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:04:53 honeypot-fra-1 sshd[701]: Connection closed by authenticating user root 141.98.10.158 port 41430 [preauth]","@timestamp":"2022-09-19T19:04:54.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:08:54.869Z","@version":"1","message":"Sep 19 19:08:54 honeypot-sgp-1 sshd[1886]: Did not receive identification string from 45.61.184.204 port 38118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:23.883Z","@version":"1","message":"Sep 19 19:09:23 honeypot-sgp-1 sshd[1889]: Disconnected from invalid user user 45.61.184.204 port 53866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:43.892Z","@version":"1","message":"Sep 19 19:09:43 honeypot-sgp-1 sshd[1893]: Invalid user user from 45.61.184.204 port 48794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:10:01.901Z","@version":"1","message":"Sep 19 19:10:01 honeypot-sgp-1 sshd[1897]: Invalid user user from 45.61.184.204 port 43748","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:10:34.915Z","@version":"1","message":"Sep 19 19:10:34 honeypot-sgp-1 kernel: [84490735.450615] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.187.167 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=53765 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:11:32 honeypot-ams-1 sshd[9154]: Disconnected from authenticating user root 61.177.173.51 port 46713 [preauth]","@timestamp":"2022-09-19T19:11:32.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:13:28 honeypot-fra-1 kernel: [84489211.459480] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=4253 PROTO=TCP SPT=54785 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:13:28.524Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:17:01 honeypot-ams-1 CRON[9162]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T19:17:02.587Z"}
{"@timestamp":"2022-09-19T19:18:54.107Z","@version":"1","message":"Sep 19 19:18:53 honeypot-sgp-1 sshd[1908]: Received disconnect from 92.255.85.69 port 49358:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:19:50 honeypot-ams-1 sshd[9171]: Disconnected from authenticating user root 61.177.172.19 port 43128 [preauth]","@timestamp":"2022-09-19T19:19:50.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:21:12 honeypot-fra-1 sshd[731]: Invalid user mw from 179.218.198.83 port 11498","@timestamp":"2022-09-19T19:21:12.702Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:24:26 honeypot-ams-1 sshd[9176]: Invalid user south from 46.101.47.30 port 60854","@timestamp":"2022-09-19T19:24:26.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:25:28 honeypot-fra-1 sshd[736]: Invalid user pi from 212.5.153.79 port 34124","@timestamp":"2022-09-19T19:25:29.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:27:33.302Z","@version":"1","message":"Sep 19 19:27:33 honeypot-sgp-1 sshd[1912]: Disconnected from invalid user teamspeak 80.28.245.5 port 42704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:28:36 honeypot-ams-1 kernel: [84492295.028380] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.213.50.39 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=43809 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:28:36.919Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:34:37 honeypot-fra-1 sshd[743]: Received disconnect from 223.197.125.110 port 40642:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:34:38.004Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:36:26 honeypot-ams-1 kernel: [84492765.140105] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=36341 PROTO=TCP SPT=55957 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:36:27.125Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:37:23 honeypot-fra-1 sshd[748]: Disconnected from invalid user fe 178.128.43.209 port 57636 [preauth]","@timestamp":"2022-09-19T19:37:24.071Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:39:22 honeypot-fra-1 sshd[754]: Invalid user tamara from 167.71.136.141 port 34282","@timestamp":"2022-09-19T19:39:23.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:41:30 honeypot-fra-1 sshd[758]: Invalid user hr from 196.223.153.253 port 45064","@timestamp":"2022-09-19T19:41:31.162Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:42:23 honeypot-fra-1 sshd[761]: Disconnected from invalid user default 92.255.85.70 port 20758 [preauth]","@timestamp":"2022-09-19T19:42:24.183Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:44:19.682Z","@version":"1","message":"Sep 19 19:44:19 honeypot-sgp-1 sshd[1922]: Connection closed by authenticating user root 179.60.147.69 port 42740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:47:35 honeypot-ams-1 sshd[9204]: Connection closed by authenticating user root 179.60.147.69 port 61864 [preauth]","@timestamp":"2022-09-19T19:47:36.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[769]: Invalid user admin from 103.164.34.122 port 56706","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[780]: Invalid user admin from 103.164.34.122 port 56660","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[785]: Invalid user ftptest from 103.164.34.122 port 56636","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[773]: Connection closed by authenticating user root 103.164.34.122 port 56654 [preauth]","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[768]: Connection closed by authenticating user root 103.164.34.122 port 56690 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[774]: Connection closed by invalid user ubuntu 103.164.34.122 port 56662 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[783]: Connection closed by invalid user testuser 103.164.34.122 port 56686 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[789]: Connection closed by authenticating user root 103.164.34.122 port 56676 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:50:52 honeypot-fra-1 kernel: [84491455.427632] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.57.121.141 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=14167 PROTO=TCP SPT=55892 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:50:53.372Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:52:04 honeypot-ams-1 sshd[9210]: Disconnected from invalid user default 92.255.85.70 port 36822 [preauth]","@timestamp":"2022-09-19T19:52:04.529Z"}
{"@timestamp":"2022-09-19T19:53:35.892Z","@version":"1","message":"Sep 19 19:53:35 honeypot-sgp-1 kernel: [84493316.762632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=33950 PROTO=TCP SPT=56997 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:04:10 honeypot-ams-1 sshd[9220]: Received disconnect from 61.177.172.104 port 19427:11:  [preauth]","@timestamp":"2022-09-19T20:04:10.845Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:05:52 honeypot-fra-1 sshd[836]: Invalid user user from 45.61.186.49 port 56302","@timestamp":"2022-09-19T20:05:52.714Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:06:02 honeypot-fra-1 sshd[840]: Invalid user user from 45.61.186.49 port 39622","@timestamp":"2022-09-19T20:06:02.719Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:06:29 honeypot-fra-1 kernel: [84492392.945429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=108.61.87.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=43581 PROTO=TCP SPT=57872 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:06:30.730Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:07:59 honeypot-ams-1 kernel: [84494658.213628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=79 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=16348 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-19T20:07:59.946Z"}
{"@timestamp":"2022-09-19T20:14:41.386Z","@version":"1","message":"Sep 19 20:14:41 honeypot-sgp-1 sshd[1935]: Received disconnect from 92.255.85.70 port 35372:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:17:01 honeypot-fra-1 CRON[849]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T20:17:01.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:18:13 honeypot-ams-1 kernel: [84495271.919710] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57639 PROTO=TCP SPT=45516 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:18:14.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:23:37 honeypot-ams-1 sshd[9242]: Invalid user admin from 179.60.147.69 port 39338","@timestamp":"2022-09-19T20:23:38.359Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[867]: Invalid user admin from 178.89.108.11 port 60142","@timestamp":"2022-09-19T20:26:01.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[864]: Invalid user devops from 178.89.108.11 port 60182","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[862]: Connection closed by invalid user admin 178.89.108.11 port 60154 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[859]: Connection closed by authenticating user root 178.89.108.11 port 60120 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[865]: Connection closed by authenticating user root 178.89.108.11 port 60146 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[872]: Connection closed by authenticating user root 178.89.108.11 port 60176 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[857]: Connection closed by invalid user user 178.89.108.11 port 60116 [preauth]","@timestamp":"2022-09-19T20:26:02.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[890]: Connection closed by invalid user admin 178.89.108.11 port 60190 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[882]: Connection closed by invalid user ubuntu 178.89.108.11 port 60178 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T20:30:28.758Z","@version":"1","message":"Sep 19 20:30:28 honeypot-sgp-1 kernel: [84495529.621385] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=36270 PROTO=TCP SPT=59407 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:31:03 honeypot-fra-1 sshd[923]: Invalid user banking from 45.55.44.110 port 54514","@timestamp":"2022-09-19T20:31:03.292Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:31:32 honeypot-ams-1 sshd[9248]: Received disconnect from 61.177.173.50 port 19929:11:  [preauth]","@timestamp":"2022-09-19T20:31:32.564Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:33:49 honeypot-ams-1 kernel: [84496208.253738] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=86 TOS=0x00 PREC=0x00 TTL=252 ID=12138 PROTO=TCP SPT=1785 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:33:49.627Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:37:23 honeypot-fra-1 sshd[926]: Disconnected from invalid user admin 92.255.85.70 port 52780 [preauth]","@timestamp":"2022-09-19T20:37:24.430Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T20:43:42.061Z","@version":"1","message":"Sep 19 20:43:41 honeypot-sgp-1 sshd[1947]: Connection closed by invalid user admin 175.193.249.203 port 57590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:43:45 honeypot-ams-1 kernel: [84496804.092795] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=12401 PROTO=TCP SPT=23766 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:43:45.886Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:52:30 honeypot-ams-1 kernel: [84497329.044345] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.172.184.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=20304 PROTO=TCP SPT=40614 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:52:31.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:54:17 honeypot-ams-1 sshd[9280]: Invalid user planeacion from 37.139.15.214 port 46374","@timestamp":"2022-09-19T20:54:18.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:57:44 honeypot-fra-1 sshd[932]: Connection closed by invalid user sans 179.60.147.69 port 14034 [preauth]","@timestamp":"2022-09-19T20:57:44.869Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:58:57 honeypot-ams-1 sshd[9285]: Received disconnect from 128.199.52.45 port 36256:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:58:58.284Z"}
{"@timestamp":"2022-09-19T21:01:23.466Z","@version":"1","message":"Sep 19 21:01:22 honeypot-sgp-1 kernel: [84497383.549161] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=245 ID=37406 PROTO=TCP SPT=463 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:04:59 honeypot-ams-1 sshd[9297]: Invalid user mailman from 110.164.133.148 port 47160","@timestamp":"2022-09-19T21:05:00.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:06 honeypot-fra-1 sshd[937]: Did not receive identification string from 45.61.187.160 port 60548","@timestamp":"2022-09-19T21:07:07.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:42:37 honeypot-fra-1 kernel: [83713390.056106] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=85.104.112.231 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=45557 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:42:38.186Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T19:44:26.914Z","@version":"1","message":"Sep 10 19:44:26 honeypot-sgp-1 sshd[3868]: Received disconnect from 20.91.221.85 port 47522:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:45:39 honeypot-fra-1 sshd[30641]: Disconnected from invalid user usuario 92.255.85.69 port 55380 [preauth]","@timestamp":"2022-09-10T19:45:39.257Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:48:09 honeypot-ams-1 sshd[7941]: Received disconnect from 92.255.85.70 port 45164:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:48:10.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:54:34 honeypot-fra-1 sshd[30649]: Received disconnect from 35.230.36.24 port 48422:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:54:35.454Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:56:24 honeypot-ams-1 sshd[7947]: Received disconnect from 200.52.65.31 port 7959:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:56:24.942Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:06 honeypot-fra-1 sshd[30659]: Disconnected from invalid user user 45.61.187.160 port 34782 [preauth]","@timestamp":"2022-09-10T20:05:06.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:27 honeypot-fra-1 sshd[30663]: Disconnected from invalid user user 45.61.187.160 port 57734 [preauth]","@timestamp":"2022-09-10T20:05:27.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:47 honeypot-fra-1 sshd[30667]: Disconnected from invalid user user 45.61.187.160 port 52460 [preauth]","@timestamp":"2022-09-10T20:05:47.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:06:04 honeypot-fra-1 sshd[30671]: Disconnected from invalid user user 45.61.187.160 port 47170 [preauth]","@timestamp":"2022-09-10T20:06:04.718Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:06:13.437Z","@version":"1","message":"Sep 10 20:06:13 honeypot-sgp-1 sshd[3877]: Invalid user usuario from 92.255.85.70 port 43424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:11:22 honeypot-ams-1 sshd[7955]: Invalid user usuario from 92.255.85.70 port 33578","@timestamp":"2022-09-10T20:11:22.326Z"}
{"@timestamp":"2022-09-10T20:13:40.614Z","@version":"1","message":"Sep 10 20:13:40 honeypot-sgp-1 sshd[3883]: Received disconnect from 179.157.22.88 port 25479:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:14:48 honeypot-ams-1 sshd[7958]: Disconnected from invalid user elasticsearch 93.43.240.145 port 34416 [preauth]","@timestamp":"2022-09-10T20:14:48.437Z"}
{"@timestamp":"2022-09-10T20:15:55.671Z","@version":"1","message":"Sep 10 20:15:55 honeypot-sgp-1 sshd[3887]: Received disconnect from 204.48.30.72 port 53912:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:17:01 honeypot-fra-1 CRON[30676]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T20:17:01.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:17:01 honeypot-ams-1 CRON[7964]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T20:17:02.500Z"}
{"@timestamp":"2022-09-10T20:17:31.710Z","@version":"1","message":"Sep 10 20:17:30 honeypot-sgp-1 kernel: [83717164.797295] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.124.145 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=44126 PROTO=TCP SPT=28553 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:23:32 honeypot-fra-1 sshd[30682]: Invalid user kanwarpreet from 165.22.45.108 port 42314","@timestamp":"2022-09-10T20:23:33.103Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:27:37 honeypot-ams-1 sshd[7972]: Invalid user test from 193.106.191.157 port 51250","@timestamp":"2022-09-10T20:27:37.773Z"}
{"@timestamp":"2022-09-10T20:28:41.002Z","@version":"1","message":"Sep 10 20:28:40 honeypot-sgp-1 sshd[3897]: Received disconnect from 117.220.15.119 port 41440:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:29:04 honeypot-fra-1 kernel: [83716176.870021] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=82.48.254.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15533 PROTO=TCP SPT=55116 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:29:05.242Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:29:29.022Z","@version":"1","message":"Sep 10 20:29:29 honeypot-sgp-1 sshd[3901]: Received disconnect from 92.255.85.69 port 62202:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:33:10.110Z","@version":"1","message":"Sep 10 20:33:09 honeypot-sgp-1 kernel: [83718103.046124] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10579 PROTO=TCP SPT=28127 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:34:50 honeypot-ams-1 sshd[7977]: Disconnected from invalid user usuario 92.255.85.70 port 21608 [preauth]","@timestamp":"2022-09-10T20:34:50.958Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:36:11 honeypot-fra-1 kernel: [83716604.064568] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.83 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52666 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:36:12.395Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:41:30.316Z","@version":"1","message":"Sep 10 20:41:29 honeypot-sgp-1 sshd[3908]: Disconnected from authenticating user root 159.89.82.7 port 37944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:42:00 honeypot-ams-1 sshd[7982]: Received disconnect from 95.85.27.201 port 54086:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:42:01.143Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:42:56 honeypot-fra-1 sshd[30700]: Received disconnect from 5.101.1.20 port 58756:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:42:56.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:44:08 honeypot-fra-1 sshd[30705]: Disconnected from invalid user manager 211.44.212.27 port 50842 [preauth]","@timestamp":"2022-09-10T20:44:09.579Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:44:48.399Z","@version":"1","message":"Sep 10 20:44:47 honeypot-sgp-1 sshd[3913]: Received disconnect from 137.184.105.25 port 33538:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:03.406Z","@version":"1","message":"Sep 10 20:45:03 honeypot-sgp-1 sshd[3917]: Received disconnect from 45.61.186.249 port 43982:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:22.414Z","@version":"1","message":"Sep 10 20:45:21 honeypot-sgp-1 sshd[3921]: Received disconnect from 45.61.186.249 port 39150:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:41.423Z","@version":"1","message":"Sep 10 20:45:40 honeypot-sgp-1 sshd[3925]: Received disconnect from 45.61.186.249 port 34316:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:46:23 honeypot-ams-1 sshd[7987]: Disconnected from authenticating user root 92.220.162.17 port 39093 [preauth]","@timestamp":"2022-09-10T20:46:24.256Z"}
{"@timestamp":"2022-09-10T20:48:51.495Z","@version":"1","message":"Sep 10 20:48:51 honeypot-sgp-1 kernel: [83719045.042844] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=55367 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:49:11 honeypot-fra-1 sshd[30711]: Invalid user test from 193.106.191.157 port 50080","@timestamp":"2022-09-10T20:49:11.713Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:54:56.645Z","@version":"1","message":"Sep 10 20:54:56 honeypot-sgp-1 kernel: [83719409.950468] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=3041 DF PROTO=TCP SPT=59982 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:56:08 honeypot-fra-1 sshd[30716]: Invalid user usuario from 92.255.85.70 port 60034","@timestamp":"2022-09-10T20:56:08.868Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:56:46.716Z","@version":"1","message":"Sep 10 20:56:45 honeypot-sgp-1 kernel: [83719519.614023] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33902 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:58:11 honeypot-ams-1 sshd[7991]: Invalid user usuario from 92.255.85.70 port 31346","@timestamp":"2022-09-10T20:58:11.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:59:02 honeypot-ams-1 sshd[7993]: Disconnected from invalid user melody 171.244.139.236 port 51626 [preauth]","@timestamp":"2022-09-10T20:59:02.582Z"}
{"@timestamp":"2022-09-10T20:59:47.785Z","@version":"1","message":"Sep 10 20:59:47 honeypot-sgp-1 sshd[3935]: Disconnected from invalid user sa 134.17.17.32 port 16449 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:03:16 honeypot-fra-1 kernel: [83718228.774628] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=38133 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:03:17.059Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:06:33 honeypot-ams-1 kernel: [83720579.242991] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48931 PROTO=TCP SPT=43603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:06:33.780Z"}
{"@timestamp":"2022-09-10T21:08:33.002Z","@version":"1","message":"Sep 10 21:08:32 honeypot-sgp-1 sshd[3941]: Received disconnect from 216.137.185.227 port 59378:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:08:38 honeypot-fra-1 sshd[30725]: Invalid user User from 183.242.64.111 port 41128","@timestamp":"2022-09-10T21:08:39.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:09:01 honeypot-fra-1 sshd[30731]: Received disconnect from 45.61.186.49 port 49128:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:09:02.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:09:11 honeypot-fra-1 sshd[30735]: Received disconnect from 45.61.186.49 port 60940:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:09:12.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:13:28 honeypot-ams-1 sshd[8002]: Invalid user raymond from 139.59.26.69 port 43144","@timestamp":"2022-09-10T21:13:28.961Z"}
{"@timestamp":"2022-09-10T21:13:50.124Z","@version":"1","message":"Sep 10 21:13:49 honeypot-sgp-1 sshd[3946]: Did not receive identification string from 45.61.186.49 port 58504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T21:14:12.135Z","@version":"1","message":"Sep 10 21:14:11 honeypot-sgp-1 sshd[3949]: Disconnected from invalid user user 45.61.186.49 port 50664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:30 honeypot-fra-1 sshd[30741]: Received disconnect from 45.61.184.204 port 55248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:14:30.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:14:48 honeypot-ams-1 sshd[8004]: Connection closed by invalid user zhaoting 103.188.176.251 port 50744 [preauth]","@timestamp":"2022-09-10T21:14:48.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:51 honeypot-fra-1 sshd[30745]: Received disconnect from 45.61.184.204 port 50040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:14:51.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:15:08 honeypot-fra-1 sshd[30749]: Received disconnect from 45.61.184.204 port 44830:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:15:09.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:15:25 honeypot-fra-1 sshd[30753]: Received disconnect from 45.61.184.204 port 39638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T21:15:26.350Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:16:50.196Z","@version":"1","message":"Sep 10 21:16:49 honeypot-sgp-1 sshd[3957]: Invalid user test from 92.255.85.70 port 63586","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:17:38 honeypot-ams-1 sshd[8010]: Disconnected from invalid user moise 111.93.4.46 port 37578 [preauth]","@timestamp":"2022-09-10T21:17:39.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:20:14 honeypot-fra-1 sshd[30761]: Invalid user test from 92.255.85.69 port 45166","@timestamp":"2022-09-10T21:20:15.457Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:21:32 honeypot-ams-1 sshd[8017]: Invalid user test from 92.255.85.70 port 52496","@timestamp":"2022-09-10T21:21:33.172Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:23:29 honeypot-fra-1 sshd[30765]: Received disconnect from 190.52.39.248 port 45830:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:23:30.531Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:27:57 honeypot-ams-1 sshd[8021]: Unable to negotiate with 178.79.177.104 port 41522: no matching host key type found. Their offer: ssh-dss [preauth]","@timestamp":"2022-09-10T21:27:57.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:28:38 honeypot-ams-1 sshd[8033]: Invalid user admin from 59.27.98.103 port 58792","@timestamp":"2022-09-10T21:28:38.358Z"}
{"@timestamp":"2022-09-10T21:33:00.581Z","@version":"1","message":"Sep 10 21:33:00 honeypot-sgp-1 sshd[3964]: Invalid user db from 118.200.42.47 port 55710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:35:24 honeypot-fra-1 sshd[30773]: Received disconnect from 139.59.255.59 port 45306:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:35:25.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:35:55.649Z","@version":"1","message":"Sep 10 21:35:55 honeypot-sgp-1 sshd[3969]: Received disconnect from 94.30.68.41 port 46518:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:36:19 honeypot-ams-1 kernel: [83722365.066183] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.186.138.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=49340 PROTO=TCP SPT=44201 DPT=80 WINDOW=60897 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:36:19.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:37:15 honeypot-ams-1 sshd[8042]: Connection closed by 192.241.221.104 port 47850 [preauth]","@timestamp":"2022-09-10T21:37:15.606Z"}
{"@timestamp":"2022-09-10T21:40:54.761Z","@version":"1","message":"Sep 10 21:40:54 honeypot-sgp-1 kernel: [83722168.264590] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=60507 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:41:39 honeypot-fra-1 sshd[30779]: Received disconnect from 159.223.51.140 port 55566:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:41:39.935Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:50:03.978Z","@version":"1","message":"Sep 10 21:50:03 honeypot-sgp-1 sshd[3982]: Disconnected from authenticating user root 206.189.219.241 port 47242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:50:38 honeypot-fra-1 sshd[30785]: Invalid user ventamaxx from 141.98.10.158 port 43816","@timestamp":"2022-09-10T21:50:38.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:51:41 honeypot-ams-1 kernel: [83723287.950551] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=44385 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:51:41.976Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:53:59 honeypot-ams-1 kernel: [83723425.038591] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=25150 PROTO=TCP SPT=46728 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:54:00.036Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:55:00 honeypot-fra-1 sshd[30861]: Invalid user test from 193.106.191.157 port 33594","@timestamp":"2022-09-10T21:55:00.237Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:58:11.173Z","@version":"1","message":"Sep 10 21:58:10 honeypot-sgp-1 sshd[3988]: Did not receive identification string from 128.14.232.100 port 43298","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:58:47 honeypot-ams-1 sshd[8053]: Disconnected from invalid user test9 81.1.219.10 port 34852 [preauth]","@timestamp":"2022-09-10T21:58:48.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:01:05 honeypot-ams-1 sshd[8058]: Disconnected from authenticating user root 109.205.213.23 port 36192 [preauth]","@timestamp":"2022-09-10T22:01:06.226Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:03:05 honeypot-ams-1 sshd[8065]: Received disconnect from 109.205.213.23 port 48866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:03:06.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:04:28 honeypot-ams-1 sshd[8071]: Received disconnect from 109.205.213.23 port 37196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:04:28.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:05:20 honeypot-ams-1 sshd[8076]: Received disconnect from 109.205.213.23 port 57648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:05:21.343Z"}
{"@timestamp":"2022-09-10T22:05:51.363Z","@version":"1","message":"Sep 10 22:05:51 honeypot-sgp-1 kernel: [83723665.014495] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.195.23.68 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=35858 DF PROTO=TCP SPT=29979 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:06:16 honeypot-fra-1 sshd[30867]: Received disconnect from 92.255.85.70 port 30838:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:06:16.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:09:28 honeypot-ams-1 sshd[8083]: Received disconnect from 92.255.85.70 port 35360:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:09:29.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:14:05 honeypot-ams-1 sshd[8089]: Invalid user admin from 79.127.36.98 port 51134","@timestamp":"2022-09-10T22:14:06.562Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:18:28 honeypot-ams-1 kernel: [83724893.974786] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.207.183.11 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=54 ID=6289 PROTO=TCP SPT=2047 DPT=80 WINDOW=18103 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:18:28.672Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:22:20 honeypot-ams-1 kernel: [83725126.671317] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.175.211.121 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51269 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:22:20.777Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:22:29 honeypot-fra-1 sshd[30876]: Invalid user db from 165.232.172.31 port 47416","@timestamp":"2022-09-10T22:22:29.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T22:22:50.784Z","@version":"1","message":"Sep 10 22:22:49 honeypot-sgp-1 sshd[4000]: Connection closed by invalid user User 59.144.165.184 port 58723 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:08.049Z","@version":"1","message":"Sep 10 22:24:07 honeypot-sgp-1 sshd[4006]: Disconnecting invalid user  31.184.198.71 port 49721: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:17.053Z","@version":"1","message":"Sep 10 22:24:16 honeypot-sgp-1 sshd[4011]: Disconnecting invalid user admin 31.184.198.71 port 18834: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:30.059Z","@version":"1","message":"Sep 10 22:24:29 honeypot-sgp-1 sshd[4017]: Invalid user  from 31.184.198.71 port 53017","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:30 honeypot-ams-1 sshd[8108]: Disconnected from invalid user user 45.61.186.169 port 42168 [preauth]","@timestamp":"2022-09-10T22:24:30.837Z"}
{"@timestamp":"2022-09-10T22:24:38.064Z","@version":"1","message":"Sep 10 22:24:37 honeypot-sgp-1 sshd[4023]: Invalid user lisi from 51.77.185.70 port 54402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:42.066Z","@version":"1","message":"Sep 10 22:24:41 honeypot-sgp-1 sshd[4027]: Disconnected from invalid user user 45.61.187.160 port 53148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:48 honeypot-ams-1 sshd[8112]: Disconnected from invalid user user 45.61.186.169 port 37234 [preauth]","@timestamp":"2022-09-10T22:24:48.847Z"}
{"@timestamp":"2022-09-10T22:24:51.070Z","@version":"1","message":"Sep 10 22:24:50 honeypot-sgp-1 sshd[4031]: Received disconnect from 45.61.187.160 port 36374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:59.074Z","@version":"1","message":"Sep 10 22:24:58 honeypot-sgp-1 sshd[4035]: Disconnected from invalid user user 45.61.187.160 port 47834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:25:05 honeypot-ams-1 sshd[8116]: Disconnected from invalid user user 45.61.186.169 port 60562 [preauth]","@timestamp":"2022-09-10T22:25:05.856Z"}
{"@timestamp":"2022-09-10T22:25:18.082Z","@version":"1","message":"Sep 10 22:25:17 honeypot-sgp-1 sshd[4041]: Disconnecting invalid user private 31.184.198.71 port 55513: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:25:22 honeypot-ams-1 sshd[8120]: Disconnected from invalid user user 45.61.186.169 port 55580 [preauth]","@timestamp":"2022-09-10T22:25:22.864Z"}
{"@timestamp":"2022-09-10T22:25:40.093Z","@version":"1","message":"Sep 10 22:25:39 honeypot-sgp-1 sshd[4049]: Invalid user araknis from 31.184.198.71 port 32764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:25:58.102Z","@version":"1","message":"Sep 10 22:25:58 honeypot-sgp-1 sshd[4055]: Disconnecting authenticating user root 31.184.198.71 port 60070: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:20.113Z","@version":"1","message":"Sep 10 22:26:19 honeypot-sgp-1 sshd[4061]: Disconnecting invalid user admin 31.184.198.71 port 19638: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:40.122Z","@version":"1","message":"Sep 10 22:26:39 honeypot-sgp-1 sshd[4067]: Disconnecting authenticating user root 31.184.198.71 port 8661: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:54.129Z","@version":"1","message":"Sep 10 22:26:53 honeypot-sgp-1 sshd[4071]: Disconnecting invalid user Cisco 31.184.198.71 port 8626: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:14.139Z","@version":"1","message":"Sep 10 22:27:13 honeypot-sgp-1 sshd[4079]: Disconnecting invalid user 1234 31.184.198.71 port 7319: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:41.151Z","@version":"1","message":"Sep 10 22:27:40 honeypot-sgp-1 sshd[4087]: Invalid user adslroot from 31.184.198.71 port 58226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:58.160Z","@version":"1","message":"Sep 10 22:27:58 honeypot-sgp-1 sshd[4092]: Disconnecting invalid user admin 31.184.198.71 port 37874: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:13.167Z","@version":"1","message":"Sep 10 22:28:12 honeypot-sgp-1 sshd[4098]: Disconnecting invalid user zhone 31.184.198.71 port 33627: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:40.180Z","@version":"1","message":"Sep 10 22:28:39 honeypot-sgp-1 sshd[4106]: Invalid user admin from 31.184.198.71 port 53645","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:03.191Z","@version":"1","message":"Sep 10 22:29:02 honeypot-sgp-1 sshd[4112]: Invalid user cusadmin from 31.184.198.71 port 56292","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:27.203Z","@version":"1","message":"Sep 10 22:29:26 honeypot-sgp-1 sshd[4118]: Invalid user lgnortel from 31.184.198.71 port 15236","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:29:43 honeypot-fra-1 sshd[30881]: Invalid user ka from 165.22.45.108 port 33946","@timestamp":"2022-09-10T22:29:44.018Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T22:29:46.212Z","@version":"1","message":"Sep 10 22:29:45 honeypot-sgp-1 sshd[4124]: Invalid user admin from 31.184.198.71 port 14160","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:04.221Z","@version":"1","message":"Sep 10 22:30:03 honeypot-sgp-1 sshd[4130]: Invalid user matrix from 31.184.198.71 port 61362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:30:08 honeypot-ams-1 sshd[8125]: Received disconnect from 61.177.173.50 port 57777:11:  [preauth]","@timestamp":"2022-09-10T22:30:08.990Z"}
{"@timestamp":"2022-09-10T22:30:19.229Z","@version":"1","message":"Sep 10 22:30:18 honeypot-sgp-1 sshd[4136]: Invalid user motorola from 31.184.198.71 port 26455","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:35.237Z","@version":"1","message":"Sep 10 22:30:35 honeypot-sgp-1 sshd[4142]: Disconnecting authenticating user root 31.184.198.71 port 31442: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:30:50 honeypot-fra-1 sshd[30883]: Invalid user minthu from 187.218.23.85 port 54726","@timestamp":"2022-09-10T22:30:51.047Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T22:30:52.246Z","@version":"1","message":"Sep 10 22:30:51 honeypot-sgp-1 sshd[4148]: Disconnecting invalid user 0 31.184.198.71 port 37445: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:20.259Z","@version":"1","message":"Sep 10 22:31:19 honeypot-sgp-1 sshd[4154]: Disconnecting invalid user admin 31.184.198.71 port 56441: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:40.269Z","@version":"1","message":"Sep 10 22:31:39 honeypot-sgp-1 sshd[4160]: Disconnecting invalid user Broadcom 31.184.198.71 port 48159: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:55.277Z","@version":"1","message":"Sep 10 22:31:54 honeypot-sgp-1 kernel: [83725228.431398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.145.63.181 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=109 ID=9331 DF PROTO=TCP SPT=38216 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:09.284Z","@version":"1","message":"Sep 10 22:32:09 honeypot-sgp-1 sshd[4170]: Disconnecting invalid user smcadmin 31.184.198.71 port 27024: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:27.293Z","@version":"1","message":"Sep 10 22:32:26 honeypot-sgp-1 sshd[4176]: Disconnecting invalid user admin 31.184.198.71 port 13925: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:44.302Z","@version":"1","message":"Sep 10 22:32:43 honeypot-sgp-1 sshd[4182]: Disconnecting invalid user user 31.184.198.71 port 3269: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:08.314Z","@version":"1","message":"Sep 10 22:33:07 honeypot-sgp-1 sshd[4191]: Invalid user user from 31.184.198.71 port 12620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:30.324Z","@version":"1","message":"Sep 10 22:33:29 honeypot-sgp-1 sshd[4197]: Invalid user Admin from 31.184.198.71 port 9219","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:53.336Z","@version":"1","message":"Sep 10 22:33:52 honeypot-sgp-1 sshd[4203]: Invalid user 0 from 31.184.198.71 port 50752","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:10.344Z","@version":"1","message":"Sep 10 22:34:10 honeypot-sgp-1 sshd[4209]: Invalid user admin from 31.184.198.71 port 50438","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:22.350Z","@version":"1","message":"Sep 10 22:34:22 honeypot-sgp-1 sshd[4214]: Connection closed by invalid user ltecl4r0 31.184.198.71 port 14981 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:39:22 honeypot-ams-1 sshd[8134]: Connection closed by invalid user test 193.106.191.157 port 46738 [preauth]","@timestamp":"2022-09-10T22:39:23.227Z"}
{"@timestamp":"2022-09-10T22:45:12.597Z","@version":"1","message":"Sep 10 22:45:12 honeypot-sgp-1 kernel: [83726025.873216] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.57 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=55652 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:46:10.622Z","@version":"1","message":"Sep 10 22:46:09 honeypot-sgp-1 kernel: [83726083.631009] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=52108 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:48:49 honeypot-fra-1 kernel: [83724561.246482] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.121 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9322 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:48:49.445Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T22:50:33.724Z","@version":"1","message":"Sep 10 22:50:33 honeypot-sgp-1 sshd[4221]: Disconnected from authenticating user root 92.255.85.70 port 62366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:52:06 honeypot-ams-1 sshd[8150]: Did not receive identification string from 80.76.51.41 port 55094","@timestamp":"2022-09-10T22:52:06.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:52:55 honeypot-ams-1 sshd[8155]: Invalid user test from 80.76.51.41 port 45472","@timestamp":"2022-09-10T22:52:55.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:53:09 honeypot-ams-1 sshd[8159]: Disconnected from authenticating user root 80.76.51.41 port 52856 [preauth]","@timestamp":"2022-09-10T22:53:09.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:53:23 honeypot-fra-1 sshd[30891]: Disconnected from authenticating user root 92.255.85.69 port 50260 [preauth]","@timestamp":"2022-09-10T22:53:24.550Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:53:50 honeypot-ams-1 sshd[8165]: Disconnected from authenticating user root 80.76.51.41 port 46464 [preauth]","@timestamp":"2022-09-10T22:53:50.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:31 honeypot-ams-1 sshd[8171]: Disconnected from authenticating user root 80.76.51.41 port 40292 [preauth]","@timestamp":"2022-09-10T22:54:32.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:55:12 honeypot-ams-1 sshd[8177]: Invalid user git from 80.76.51.41 port 33954","@timestamp":"2022-09-10T22:55:13.651Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:58:26 honeypot-fra-1 sshd[30894]: Received disconnect from 159.223.164.107 port 33200:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:58:27.665Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:59:29 honeypot-ams-1 kernel: [83727355.499609] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=33716 PROTO=TCP SPT=44059 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:59:29.761Z"}
{"@timestamp":"2022-09-10T23:00:50.965Z","@version":"1","message":"Sep 10 23:00:50 honeypot-sgp-1 sshd[4226]: Disconnected from invalid user user 45.61.186.249 port 42168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:09.994Z","@version":"1","message":"Sep 10 23:01:09 honeypot-sgp-1 sshd[4230]: Disconnected from invalid user user 45.61.186.249 port 37230 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:01:19 honeypot-fra-1 sshd[30899]: Received disconnect from 165.22.45.108 port 38926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:01:19.733Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T23:01:30.003Z","@version":"1","message":"Sep 10 23:01:29 honeypot-sgp-1 sshd[4234]: Disconnected from invalid user user 45.61.186.249 port 60484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:48.010Z","@version":"1","message":"Sep 10 23:01:47 honeypot-sgp-1 sshd[4238]: Disconnected from invalid user user 45.61.186.249 port 55510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:05:49 honeypot-ams-1 sshd[8187]: Received disconnect from 61.177.173.49 port 14423:11:  [preauth]","@timestamp":"2022-09-10T23:05:49.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:08:13 honeypot-fra-1 kernel: [83725725.465067] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.156.111 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56681 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:08:13.952Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T23:08:28.163Z","@version":"1","message":"Sep 10 23:08:27 honeypot-sgp-1 sshd[4243]: Disconnected from invalid user admin 182.160.154.181 port 45796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:09:51 honeypot-ams-1 kernel: [83727977.451868] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46441 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:09:52.037Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:17:01 honeypot-fra-1 CRON[30907]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T23:17:02.169Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:17:01 honeypot-ams-1 CRON[8197]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T23:17:02.224Z"}
{"@timestamp":"2022-09-10T23:17:51.399Z","@version":"1","message":"Sep 10 23:17:50 honeypot-sgp-1 sshd[4251]: Invalid user admin from 105.159.249.53 port 17137","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:08 honeypot-ams-1 sshd[8203]: Received disconnect from 80.76.51.46 port 51408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:19:09.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:39 honeypot-ams-1 sshd[8210]: Received disconnect from 80.76.51.46 port 47788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:19:40.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:20:21 honeypot-ams-1 sshd[8216]: Received disconnect from 80.76.51.46 port 42284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:20:22.337Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:20:46 honeypot-ams-1 kernel: [83728632.442589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53061 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:20:47.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:21:17 honeypot-ams-1 sshd[8226]: Disconnected from authenticating user root 80.76.51.46 port 34994 [preauth]","@timestamp":"2022-09-10T23:21:18.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:22:00 honeypot-ams-1 sshd[8232]: Disconnected from authenticating user root 80.76.51.46 port 57756 [preauth]","@timestamp":"2022-09-10T23:22:01.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:32:47 honeypot-fra-1 sshd[30914]: Disconnected from invalid user ka 165.22.45.108 port 43890 [preauth]","@timestamp":"2022-09-10T23:32:48.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:32:50 honeypot-ams-1 sshd[8244]: Received disconnect from 61.177.173.37 port 22282:11:  [preauth]","@timestamp":"2022-09-10T23:32:50.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:33:19 honeypot-ams-1 sshd[8248]: Disconnected from invalid user admin 80.76.51.189 port 42758 [preauth]","@timestamp":"2022-09-10T23:33:19.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:34:26 honeypot-ams-1 sshd[8252]: Disconnected from invalid user admin 80.76.51.189 port 45524 [preauth]","@timestamp":"2022-09-10T23:34:27.710Z"}
{"@timestamp":"2022-09-10T23:37:29.856Z","@version":"1","message":"Sep 10 23:37:29 honeypot-sgp-1 sshd[4257]: Invalid user test from 92.255.85.70 port 25936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:05 honeypot-ams-1 sshd[8261]: error: maximum authentication attempts exceeded for root from 18.140.57.224 port 42788 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:05.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:10 honeypot-ams-1 sshd[8265]: Disconnecting invalid user admin 18.140.57.224 port 42814: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:10.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:16 honeypot-ams-1 sshd[8269]: Disconnected from invalid user admin 18.140.57.224 port 42830 [preauth]","@timestamp":"2022-09-10T23:39:16.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:22 honeypot-ams-1 sshd[8273]: Disconnecting invalid user oracle 18.140.57.224 port 42858: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:22.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:27 honeypot-ams-1 sshd[8277]: Disconnecting invalid user usuario 18.140.57.224 port 42870: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:27.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:33 honeypot-ams-1 sshd[8281]: Disconnected from invalid user usuario 18.140.57.224 port 42894 [preauth]","@timestamp":"2022-09-10T23:39:33.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:38 honeypot-ams-1 sshd[8285]: Disconnecting invalid user test 18.140.57.224 port 42916: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:38.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:43 honeypot-ams-1 sshd[8289]: Disconnecting invalid user user 18.140.57.224 port 42938: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:43.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:49 honeypot-ams-1 sshd[8293]: Disconnected from invalid user user 18.140.57.224 port 42954 [preauth]","@timestamp":"2022-09-10T23:39:49.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:55 honeypot-ams-1 sshd[8297]: Disconnecting invalid user ftpuser 18.140.57.224 port 42964: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:55.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:00 honeypot-ams-1 sshd[8301]: Disconnecting invalid user test1 18.140.57.224 port 42986: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:40:00.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:05 honeypot-ams-1 sshd[8305]: Disconnected from invalid user test1 18.140.57.224 port 42998 [preauth]","@timestamp":"2022-09-10T23:40:06.873Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:40:06 honeypot-fra-1 sshd[30920]: Received disconnect from 92.255.85.69 port 28102:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:40:07.681Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:11 honeypot-ams-1 sshd[8309]: Disconnecting invalid user test2 18.140.57.224 port 43016: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:40:11.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:16 honeypot-ams-1 sshd[8313]: Disconnected from invalid user contador 18.140.57.224 port 43028 [preauth]","@timestamp":"2022-09-10T23:40:16.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:22 honeypot-ams-1 sshd[8317]: Disconnecting invalid user ubuntu 18.140.57.224 port 43040: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:40:22.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:26 honeypot-ams-1 sshd[8321]: Disconnected from invalid user duni 18.140.57.224 port 43064 [preauth]","@timestamp":"2022-09-10T23:40:26.886Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:31 honeypot-ams-1 sshd[8325]: Disconnected from invalid user baikal 18.140.57.224 port 43072 [preauth]","@timestamp":"2022-09-10T23:40:31.889Z"}
{"@timestamp":"2022-09-10T23:42:23.974Z","@version":"1","message":"Sep 10 23:42:23 honeypot-sgp-1 kernel: [83729457.316760] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=48436 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:43:13 honeypot-ams-1 sshd[8333]: Received disconnect from 61.177.173.36 port 16530:11:  [preauth]","@timestamp":"2022-09-10T23:43:13.962Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:46:26 honeypot-ams-1 sshd[8339]: Invalid user oliver from 35.216.73.53 port 52660","@timestamp":"2022-09-10T23:46:27.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:49:10 honeypot-ams-1 sshd[8345]: Received disconnect from 61.177.173.46 port 12103:11:  [preauth]","@timestamp":"2022-09-10T23:49:11.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:52:33 honeypot-ams-1 sshd[8351]: Connection reset by 222.120.180.206 port 42136 [preauth]","@timestamp":"2022-09-10T23:52:34.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:52:38 honeypot-fra-1 sshd[30925]: Connection closed by invalid user nvidia 103.188.176.251 port 47920 [preauth]","@timestamp":"2022-09-10T23:52:38.957Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:53:23 honeypot-ams-1 sshd[8359]: Received disconnect from 195.158.21.214 port 45182:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:53:24.246Z"}
{"@timestamp":"2022-09-10T23:58:57.369Z","@version":"1","message":"Sep 10 23:58:56 honeypot-sgp-1 sshd[4265]: Invalid user user from 92.255.85.69 port 28750","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:59:35 honeypot-ams-1 sshd[8364]: Received disconnect from 61.177.173.49 port 54788:11:  [preauth]","@timestamp":"2022-09-10T23:59:35.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:00:32 honeypot-fra-1 sshd[30928]: Invalid user user from 92.255.85.70 port 39982","@timestamp":"2022-09-11T00:00:33.137Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:03:51 honeypot-ams-1 kernel: [83731217.193417] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.211.241.141 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=49 ID=51956 DF PROTO=TCP SPT=32775 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:03:51.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:04:19 honeypot-fra-1 sshd[30931]: Received disconnect from 165.22.45.108 port 49092:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:04:20.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:02 honeypot-ams-1 sshd[8371]: Did not receive identification string from 141.255.162.226 port 51138","@timestamp":"2022-09-11T00:06:02.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:05 honeypot-ams-1 sshd[8374]: Disconnected from invalid user user 141.255.162.226 port 51414 [preauth]","@timestamp":"2022-09-11T00:06:06.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:09 honeypot-ams-1 sshd[8378]: Disconnected from invalid user user 141.255.162.226 port 37780 [preauth]","@timestamp":"2022-09-11T00:06:09.599Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:10:29 honeypot-ams-1 kernel: [83731615.688866] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3342 PROTO=TCP SPT=54403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:10:30.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:12:23 honeypot-fra-1 kernel: [83729575.654928] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.112.190 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39198 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:12:24.404Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T00:16:11.769Z","@version":"1","message":"Sep 11 00:16:10 honeypot-sgp-1 sshd[4271]: Invalid user ubuntu from 103.188.176.251 port 51010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:18:57 honeypot-ams-1 kernel: [83732123.755439] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=17974 PROTO=TCP SPT=55525 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:18:57.942Z"}
{"@timestamp":"2022-09-11T00:19:10.840Z","@version":"1","message":"Sep 11 00:19:09 honeypot-sgp-1 sshd[4276]: Disconnected from authenticating user root 143.244.158.100 port 33330 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:21:13.891Z","@version":"1","message":"Sep 11 00:21:13 honeypot-sgp-1 sshd[4283]: Disconnected from authenticating user root 92.255.85.69 port 62824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:22:33.925Z","@version":"1","message":"Sep 11 00:22:33 honeypot-sgp-1 sshd[4289]: Received disconnect from 143.244.158.100 port 39276:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:22:44 honeypot-ams-1 sshd[8394]: Received disconnect from 61.177.172.19 port 62299:11:  [preauth]","@timestamp":"2022-09-11T00:22:45.050Z"}
{"@timestamp":"2022-09-11T00:24:51.981Z","@version":"1","message":"Sep 11 00:24:51 honeypot-sgp-1 sshd[4726]: Invalid user boot from 94.75.123.43 port 38642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:25:50.006Z","@version":"1","message":"Sep 11 00:25:49 honeypot-sgp-1 sshd[4730]: Disconnected from authenticating user root 143.244.158.100 port 46736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:26:09 honeypot-ams-1 kernel: [83732555.167434] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11508 PROTO=TCP SPT=55827 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:26:10.143Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:26:51 honeypot-fra-1 kernel: [83730443.159009] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.110 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=17022 PROTO=TCP SPT=45380 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:26:51.721Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T00:28:11.063Z","@version":"1","message":"Sep 11 00:28:10 honeypot-sgp-1 sshd[4738]: Disconnected from authenticating user root 143.244.158.100 port 51774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:29:37 honeypot-ams-1 sshd[8401]: Disconnected from invalid user pian 111.202.249.76 port 2610 [preauth]","@timestamp":"2022-09-11T00:29:38.237Z"}
{"@timestamp":"2022-09-11T00:30:32.120Z","@version":"1","message":"Sep 11 00:30:31 honeypot-sgp-1 sshd[4744]: Disconnected from authenticating user root 143.244.158.100 port 37890 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:33:05.183Z","@version":"1","message":"Sep 11 00:33:04 honeypot-sgp-1 sshd[4751]: Received disconnect from 143.244.158.100 port 38298:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:34:39.222Z","@version":"1","message":"Sep 11 00:34:38 honeypot-sgp-1 sshd[4755]: Disconnected from authenticating user root 143.244.158.100 port 41934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:37:03.281Z","@version":"1","message":"Sep 11 00:37:03 honeypot-sgp-1 sshd[4761]: Disconnected from authenticating user root 143.244.158.100 port 37972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:37:20 honeypot-ams-1 sshd[8409]: Invalid user User from 124.65.142.62 port 34512","@timestamp":"2022-09-11T00:37:20.440Z"}
{"@timestamp":"2022-09-11T00:38:36.320Z","@version":"1","message":"Sep 11 00:38:35 honeypot-sgp-1 sshd[4768]: Disconnected from authenticating user root 143.244.158.100 port 51284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:40:58.397Z","@version":"1","message":"Sep 11 00:40:57 honeypot-sgp-1 sshd[4774]: Received disconnect from 143.244.158.100 port 50862:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:43:19.455Z","@version":"1","message":"Sep 11 00:43:19 honeypot-sgp-1 sshd[4781]: Received disconnect from 143.244.158.100 port 54554:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:44:52 honeypot-ams-1 sshd[8419]: Received disconnect from 61.177.172.90 port 12176:11:  [preauth]","@timestamp":"2022-09-11T00:44:52.637Z"}
{"@timestamp":"2022-09-11T00:45:47.516Z","@version":"1","message":"Sep 11 00:45:46 honeypot-sgp-1 sshd[4788]: Received disconnect from 143.244.158.100 port 58308:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:46:38 honeypot-fra-1 sshd[30965]: Received disconnect from 14.32.0.111 port 42826:11: Bye Bye [preauth]","@timestamp":"2022-09-11T00:46:39.164Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:46:57.547Z","@version":"1","message":"Sep 11 00:46:57 honeypot-sgp-1 sshd[4794]: Received disconnect from 167.71.131.111 port 52146:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:48:55.595Z","@version":"1","message":"Sep 11 00:48:54 honeypot-sgp-1 sshd[4801]: Received disconnect from 143.244.158.100 port 37152:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:50:20 honeypot-ams-1 sshd[8428]: Invalid user test from 193.106.191.157 port 42310","@timestamp":"2022-09-11T00:50:20.783Z"}
{"@timestamp":"2022-09-11T00:50:29.635Z","@version":"1","message":"Sep 11 00:50:29 honeypot-sgp-1 sshd[4805]: Received disconnect from 143.244.158.100 port 47690:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:52:07.675Z","@version":"1","message":"Sep 11 00:52:07 honeypot-sgp-1 sshd[4809]: Disconnected from authenticating user root 143.244.158.100 port 37784 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:53:12 honeypot-fra-1 kernel: [83732024.170681] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40761 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:53:13.312Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:53:48 honeypot-ams-1 sshd[8434]: Received disconnect from 45.61.186.169 port 51500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:53:48.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:06 honeypot-ams-1 sshd[8438]: Received disconnect from 45.61.186.169 port 46502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:54:06.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:23 honeypot-ams-1 sshd[8442]: Invalid user user from 45.61.186.169 port 41504","@timestamp":"2022-09-11T00:54:23.899Z"}
{"@timestamp":"2022-09-11T00:54:36.736Z","@version":"1","message":"Sep 11 00:54:36 honeypot-sgp-1 sshd[4816]: Disconnected from authenticating user root 143.244.158.100 port 50340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:54:38 honeypot-ams-1 kernel: [83734264.731758] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=35092 PROTO=TCP SPT=25974 DPT=80 WINDOW=11574 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:54:38.907Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:56:34 honeypot-ams-1 sshd[8449]: Received disconnect from 61.177.173.47 port 10793:11:  [preauth]","@timestamp":"2022-09-11T00:56:34.960Z"}
{"@timestamp":"2022-09-11T00:57:01.795Z","@version":"1","message":"Sep 11 00:57:01 honeypot-sgp-1 CRON[4822]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:58:44.837Z","@version":"1","message":"Sep 11 00:58:44 honeypot-sgp-1 sshd[4829]: Disconnected from authenticating user root 143.244.158.100 port 58308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:59:57 honeypot-ams-1 sshd[8454]: Connection closed by invalid user  64.62.197.17 port 11128 [preauth]","@timestamp":"2022-09-11T00:59:58.052Z"}
{"@timestamp":"2022-09-11T01:01:16.898Z","@version":"1","message":"Sep 11 01:01:16 honeypot-sgp-1 sshd[4836]: Disconnected from authenticating user root 143.244.158.100 port 41800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:02:54.939Z","@version":"1","message":"Sep 11 01:02:54 honeypot-sgp-1 sshd[4842]: Received disconnect from 143.244.158.100 port 55556:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:07:27 honeypot-fra-1 sshd[30976]: Invalid user karl from 165.22.45.108 port 60002","@timestamp":"2022-09-11T01:07:27.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:09:01 honeypot-ams-1 sshd[8467]: Received disconnect from 61.177.173.46 port 38911:11:  [preauth]","@timestamp":"2022-09-11T01:09:02.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:04 honeypot-ams-1 sshd[8472]: Invalid user admin from 80.76.51.41 port 38698","@timestamp":"2022-09-11T01:12:04.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:12:24 honeypot-fra-1 sshd[30981]: Disconnected from authenticating user root 92.255.85.69 port 38850 [preauth]","@timestamp":"2022-09-11T01:12:25.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:31 honeypot-ams-1 sshd[8476]: Received disconnect from 80.76.51.41 port 48544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:12:32.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:13:07 honeypot-ams-1 sshd[8483]: Received disconnect from 80.76.51.41 port 35042:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:13:07.409Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:13:45 honeypot-ams-1 sshd[8489]: Received disconnect from 80.76.51.41 port 49890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:13:46.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:14:10 honeypot-ams-1 sshd[8493]: Received disconnect from 80.76.51.41 port 59730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:14:11.442Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:14:50 honeypot-ams-1 sshd[8497]: Received disconnect from 92.255.85.70 port 15900:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:14:51.461Z"}
{"@timestamp":"2022-09-11T01:16:57.264Z","@version":"1","message":"Sep 11 01:16:56 honeypot-sgp-1 sshd[4852]: Did not receive identification string from 45.61.186.249 port 45230","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:19.275Z","@version":"1","message":"Sep 11 01:17:19 honeypot-sgp-1 sshd[4858]: Invalid user user from 45.61.186.249 port 32926","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:29.280Z","@version":"1","message":"Sep 11 01:17:28 honeypot-sgp-1 sshd[4860]: Disconnected from invalid user user 45.61.186.249 port 44612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:48.289Z","@version":"1","message":"Sep 11 01:17:47 honeypot-sgp-1 sshd[4864]: Disconnected from invalid user user 45.61.186.249 port 39746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:18:04 honeypot-fra-1 kernel: [83733516.494919] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=49508 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:18:04.870Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T01:18:05.297Z","@version":"1","message":"Sep 11 01:18:05 honeypot-sgp-1 sshd[4868]: Disconnected from invalid user user 45.61.186.249 port 34890 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:20:54 honeypot-ams-1 kernel: [83735840.199996] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=202.107.88.145 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=32775 PROTO=TCP SPT=44416 DPT=80 WINDOW=32936 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:20:54.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:28:11 honeypot-ams-1 sshd[8516]: Received disconnect from 61.177.173.39 port 52576:11:  [preauth]","@timestamp":"2022-09-11T01:28:11.813Z"}
{"@timestamp":"2022-09-11T01:29:21.556Z","@version":"1","message":"Sep 11 01:29:20 honeypot-sgp-1 sshd[4877]: Disconnected from 137.184.105.25 port 49538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:36:07 honeypot-fra-1 sshd[30997]: Received disconnect from 92.255.85.70 port 43112:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:36:08.271Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:38:25 honeypot-ams-1 sshd[8524]: Received disconnect from 61.177.173.36 port 64795:11:  [preauth]","@timestamp":"2022-09-11T01:38:26.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:40:17 honeypot-fra-1 sshd[31003]: Invalid user User from 189.216.254.136 port 41866","@timestamp":"2022-09-11T01:40:18.368Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:42:48.867Z","@version":"1","message":"Sep 11 01:42:48 honeypot-sgp-1 kernel: [83736682.034106] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.215.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48989 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:44:34 honeypot-ams-1 sshd[8529]: Disconnected from authenticating user root 61.177.173.37 port 52255 [preauth]","@timestamp":"2022-09-11T01:44:35.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:46:37 honeypot-fra-1 kernel: [83735228.841817] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25125 PROTO=TCP SPT=51102 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:46:37.514Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:48:57 honeypot-ams-1 sshd[8535]: Disconnected from authenticating user root 61.177.173.35 port 51272 [preauth]","@timestamp":"2022-09-11T01:48:58.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:53:26 honeypot-ams-1 sshd[8540]: Disconnected from authenticating user root 61.177.173.46 port 48707 [preauth]","@timestamp":"2022-09-11T01:53:26.492Z"}
{"@timestamp":"2022-09-11T01:53:39.123Z","@version":"1","message":"Sep 11 01:53:38 honeypot-sgp-1 sshd[4884]: Disconnected from authenticating user root 200.72.227.91 port 37014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:54:48 honeypot-fra-1 kernel: [83735720.000895] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 PROTO=TCP SPT=29004 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:54:48.700Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:57:52 honeypot-fra-1 sshd[31016]: Received disconnect from 101.231.146.34 port 57850:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:57:52.772Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:59:07.277Z","@version":"1","message":"Sep 11 01:59:07 honeypot-sgp-1 kernel: [83737660.616261] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=34102 DF PROTO=TCP SPT=14299 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:59:08 honeypot-ams-1 sshd[8547]: Received disconnect from 61.177.173.39 port 12446:11:  [preauth]","@timestamp":"2022-09-11T01:59:09.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:01:51 honeypot-ams-1 sshd[8553]: Received disconnect from 92.255.85.70 port 26184:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:01:51.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:04:30 honeypot-ams-1 sshd[8560]: Disconnected from invalid user admin 139.59.80.61 port 46864 [preauth]","@timestamp":"2022-09-11T02:04:30.796Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:08:04 honeypot-fra-1 kernel: [83736515.812015] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=27220 PROTO=TCP SPT=44069 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:08:05.003Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T02:10:47.573Z","@version":"1","message":"Sep 11 02:10:47 honeypot-sgp-1 sshd[4894]: Disconnected from 68.183.25.156 port 41360 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:11:37 honeypot-ams-1 sshd[8569]: Invalid user admin from 189.5.124.232 port 48950","@timestamp":"2022-09-11T02:11:37.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:11:56 honeypot-fra-1 sshd[31025]: Disconnected from 68.183.141.36 port 52296 [preauth]","@timestamp":"2022-09-11T02:11:57.095Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:17:56.745Z","@version":"1","message":"Sep 11 02:17:56 honeypot-sgp-1 sshd[4901]: Invalid user user from 45.61.186.249 port 33928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:14.754Z","@version":"1","message":"Sep 11 02:18:14 honeypot-sgp-1 sshd[4905]: Invalid user user from 45.61.186.249 port 56774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:31.764Z","@version":"1","message":"Sep 11 02:18:31 honeypot-sgp-1 sshd[4910]: Invalid user user from 45.61.186.249 port 51456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:49.773Z","@version":"1","message":"Sep 11 02:18:49 honeypot-sgp-1 sshd[4914]: Invalid user user from 45.61.186.249 port 46096","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:18:55 honeypot-ams-1 sshd[8575]: Disconnected from authenticating user root 190.210.182.179 port 39985 [preauth]","@timestamp":"2022-09-11T02:18:55.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:22:04 honeypot-fra-1 sshd[31034]: Received disconnect from 92.255.85.70 port 38440:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:22:04.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:23:37 honeypot-ams-1 sshd[8584]: Disconnected from authenticating user root 61.177.172.124 port 35445 [preauth]","@timestamp":"2022-09-11T02:23:38.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:27:59 honeypot-ams-1 sshd[8590]: Connection closed by 104.46.236.139 port 45514 [preauth]","@timestamp":"2022-09-11T02:27:59.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:29:45 honeypot-ams-1 sshd[8595]: Disconnected from authenticating user root 61.177.173.36 port 37859 [preauth]","@timestamp":"2022-09-11T02:29:45.509Z"}
{"@timestamp":"2022-09-11T02:33:06.110Z","@version":"1","message":"Sep 11 02:33:05 honeypot-sgp-1 kernel: [83739699.331742] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35652 PROTO=TCP SPT=25897 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:34:12 honeypot-fra-1 sshd[31042]: Received disconnect from 178.128.91.244 port 40820:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:34:13.600Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:37:06 honeypot-ams-1 sshd[8602]: Received disconnect from 61.177.173.50 port 19215:11:  [preauth]","@timestamp":"2022-09-11T02:37:06.714Z"}
{"@timestamp":"2022-09-11T02:40:10.281Z","@version":"1","message":"Sep 11 02:40:09 honeypot-sgp-1 sshd[4926]: Disconnected from invalid user user 45.61.186.49 port 53504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:40:23.287Z","@version":"1","message":"Sep 11 02:40:22 honeypot-sgp-1 sshd[4930]: Disconnected from invalid user user 45.61.186.49 port 36770 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:42:50.345Z","@version":"1","message":"Sep 11 02:42:49 honeypot-sgp-1 sshd[4935]: Disconnected from authenticating user root 92.255.85.70 port 55900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:44:02 honeypot-fra-1 sshd[31047]: Connection closed by invalid user pi 79.248.107.21 port 59510 [preauth]","@timestamp":"2022-09-11T02:44:03.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:44:41 honeypot-fra-1 sshd[31053]: Received disconnect from 92.255.85.70 port 18502:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:44:41.847Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:48:20 honeypot-ams-1 sshd[8611]: Received disconnect from 92.255.85.69 port 18480:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:48:21.017Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:52:38 honeypot-fra-1 sshd[31059]: Invalid user jordan from 201.71.186.82 port 40224","@timestamp":"2022-09-11T02:52:39.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:52:58 honeypot-ams-1 sshd[8614]: Connection closed by invalid user User 122.160.4.245 port 42342 [preauth]","@timestamp":"2022-09-11T02:52:59.149Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:54:01 honeypot-ams-1 sshd[8618]: Disconnected from authenticating user root 134.19.146.45 port 51854 [preauth]","@timestamp":"2022-09-11T02:54:02.179Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:56:42 honeypot-ams-1 kernel: [83741588.070838] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=39613 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:56:43.256Z"}
{"@timestamp":"2022-09-11T02:57:17.711Z","@version":"1","message":"Sep 11 02:57:17 honeypot-sgp-1 sshd[4943]: Invalid user yujun from 137.116.144.39 port 59996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:57:25 honeypot-fra-1 kernel: [83739477.288073] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=45647 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:57:26.131Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:21 honeypot-ams-1 sshd[8628]: Disconnected from invalid user user 141.255.162.226 port 39980 [preauth]","@timestamp":"2022-09-11T02:59:22.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:24 honeypot-ams-1 sshd[8632]: Disconnected from invalid user user 141.255.162.226 port 32950 [preauth]","@timestamp":"2022-09-11T02:59:24.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:28 honeypot-ams-1 sshd[8636]: Disconnected from invalid user user 141.255.162.226 port 47106 [preauth]","@timestamp":"2022-09-11T02:59:29.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:01:13 honeypot-ams-1 sshd[8640]: Disconnected from authenticating user root 61.177.173.47 port 22376 [preauth]","@timestamp":"2022-09-11T03:01:14.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:04:33 honeypot-ams-1 sshd[8647]: Did not receive identification string from 45.61.187.160 port 38982","@timestamp":"2022-09-11T03:04:34.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:28 honeypot-ams-1 sshd[8650]: Disconnected from invalid user user 45.61.187.160 port 52878 [preauth]","@timestamp":"2022-09-11T03:05:28.502Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:47 honeypot-ams-1 sshd[8654]: Disconnected from invalid user user 45.61.187.160 port 47604 [preauth]","@timestamp":"2022-09-11T03:05:47.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:06:06 honeypot-ams-1 sshd[8658]: Disconnected from invalid user user 45.61.187.160 port 42340 [preauth]","@timestamp":"2022-09-11T03:06:06.540Z"}
{"@timestamp":"2022-09-11T03:08:06.965Z","@version":"1","message":"Sep 11 03:08:06 honeypot-sgp-1 kernel: [83741800.194541] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65029 PROTO=TCP SPT=45637 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:10:57 honeypot-ams-1 sshd[8663]: Disconnected from authenticating user root 61.177.172.114 port 17039 [preauth]","@timestamp":"2022-09-11T03:10:57.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:11:37 honeypot-ams-1 sshd[8669]: Disconnected from authenticating user root 61.177.173.51 port 40495 [preauth]","@timestamp":"2022-09-11T03:11:37.686Z"}
{"@timestamp":"2022-09-11T03:13:55.101Z","@version":"1","message":"Sep 11 03:13:54 honeypot-sgp-1 sshd[4953]: Disconnected from invalid user ph 203.190.55.203 port 38246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:14:27 honeypot-fra-1 kernel: [83740498.570637] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=26266 PROTO=TCP SPT=46638 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:14:27.502Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:17:29 honeypot-fra-1 sshd[31071]: Disconnected from invalid user kathleen 165.22.45.108 port 51430 [preauth]","@timestamp":"2022-09-11T03:17:30.572Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:20:14.252Z","@version":"1","message":"Sep 11 03:20:14 honeypot-sgp-1 sshd[4961]: Received disconnect from 198.98.61.9 port 44492:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:20:36.263Z","@version":"1","message":"Sep 11 03:20:36 honeypot-sgp-1 sshd[4965]: Received disconnect from 198.98.61.9 port 38658:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:20:57.273Z","@version":"1","message":"Sep 11 03:20:56 honeypot-sgp-1 sshd[4969]: Received disconnect from 198.98.61.9 port 32812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:21:13.280Z","@version":"1","message":"Sep 11 03:21:12 honeypot-sgp-1 sshd[4973]: Received disconnect from 198.98.61.9 port 55216:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:22:16 honeypot-ams-1 kernel: [83743122.681020] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55005 PROTO=TCP SPT=48143 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:22:16.963Z"}
{"@timestamp":"2022-09-11T03:25:34.385Z","@version":"1","message":"Sep 11 03:25:33 honeypot-sgp-1 sshd[4979]: Invalid user user from 45.61.186.49 port 50342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:25:44.390Z","@version":"1","message":"Sep 11 03:25:43 honeypot-sgp-1 sshd[4983]: Invalid user user from 45.61.186.49 port 33780","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:30:19 honeypot-ams-1 sshd[8687]: Received disconnect from 61.177.172.108 port 64043:11:  [preauth]","@timestamp":"2022-09-11T03:30:20.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:31:03 honeypot-fra-1 sshd[31079]: Disconnected from authenticating user root 182.253.184.20 port 50914 [preauth]","@timestamp":"2022-09-11T03:31:04.872Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:32:46.557Z","@version":"1","message":"Sep 11 03:32:45 honeypot-sgp-1 kernel: [83743279.120744] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21658 PROTO=TCP SPT=46642 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:34:00 honeypot-ams-1 sshd[8690]: Disconnected from authenticating user root 92.255.85.70 port 56894 [preauth]","@timestamp":"2022-09-11T03:34:01.278Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:38:52 honeypot-ams-1 sshd[8693]: Connection closed by invalid user admin 221.158.195.111 port 51412 [preauth]","@timestamp":"2022-09-11T03:38:53.411Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:43:58 honeypot-fra-1 kernel: [83742270.210856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=49729 DF PROTO=TCP SPT=40641 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:43:59.149Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T03:46:19.882Z","@version":"1","message":"Sep 11 03:46:19 honeypot-sgp-1 kernel: [83744093.166236] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.236.73.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=16814 PROTO=TCP SPT=43204 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:48:36.940Z","@version":"1","message":"Sep 11 03:48:36 honeypot-sgp-1 sshd[4993]: Disconnected from invalid user castis 73.13.104.201 port 64004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:51:05 honeypot-fra-1 sshd[31117]: Received disconnect from 165.22.45.108 port 56230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:51:06.306Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:53:12.051Z","@version":"1","message":"Sep 11 03:53:11 honeypot-sgp-1 sshd[4997]: Disconnected from invalid user upload2 164.92.151.127 port 54112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:55:10 honeypot-ams-1 sshd[8706]: Disconnected from authenticating user root 61.177.173.50 port 34608 [preauth]","@timestamp":"2022-09-11T03:55:11.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:58:57 honeypot-fra-1 sshd[31124]: Invalid user admin from 51.79.224.191 port 57224","@timestamp":"2022-09-11T03:58:57.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:59:00 honeypot-fra-1 sshd[31130]: Invalid user admin from 51.79.224.191 port 57254","@timestamp":"2022-09-11T03:59:01.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:01:34.266Z","@version":"1","message":"Sep 11 04:01:33 honeypot-sgp-1 sshd[5003]: Received disconnect from 45.61.184.204 port 35868:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:01:54.277Z","@version":"1","message":"Sep 11 04:01:53 honeypot-sgp-1 sshd[5007]: Received disconnect from 45.61.184.204 port 60018:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:02:12.285Z","@version":"1","message":"Sep 11 04:02:11 honeypot-sgp-1 sshd[5011]: Received disconnect from 45.61.184.204 port 55928:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:03:58 honeypot-fra-1 sshd[31134]: Connection closed by invalid user oracle 121.5.54.92 port 43256 [preauth]","@timestamp":"2022-09-11T04:03:58.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:04:20 honeypot-ams-1 sshd[8714]: Received disconnect from 201.163.1.66 port 47554:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:04:21.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:06:38 honeypot-ams-1 sshd[8721]: Invalid user saturne from 43.134.197.174 port 43436","@timestamp":"2022-09-11T04:06:38.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:06:52 honeypot-fra-1 sshd[31140]: Disconnected from authenticating user root 192.3.134.187 port 50094 [preauth]","@timestamp":"2022-09-11T04:06:52.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:09:15 honeypot-ams-1 sshd[8726]: Received disconnect from 143.110.236.239 port 36080:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:09:16.237Z"}
{"@timestamp":"2022-09-11T04:10:16.483Z","@version":"1","message":"Sep 11 04:10:15 honeypot-sgp-1 sshd[5016]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:11:22 honeypot-ams-1 sshd[8730]: Disconnected from invalid user ming 61.93.240.18 port 40967 [preauth]","@timestamp":"2022-09-11T04:11:23.296Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:16:46 honeypot-fra-1 kernel: [83744237.641890] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.103 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36471 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:16:46.890Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T04:17:17.676Z","@version":"1","message":"Sep 11 04:17:17 honeypot-sgp-1 kernel: [83745950.679064] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.240 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58821 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:18:29 honeypot-ams-1 kernel: [83746494.914506] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36036 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:18:29.494Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:19:57 honeypot-fra-1 sshd[31155]: Received disconnect from 92.255.85.69 port 15996:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:19:57.962Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:21:57.785Z","@version":"1","message":"Sep 11 04:21:57 honeypot-sgp-1 sshd[5028]: Connection closed by invalid user admin 128.199.160.207 port 20450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:24:02 honeypot-fra-1 sshd[31159]: Invalid user katrin from 165.22.45.108 port 32786","@timestamp":"2022-09-11T04:24:03.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:24:14 honeypot-ams-1 kernel: [83746840.189284] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=55200 DF PROTO=TCP SPT=56890 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T04:24:14.647Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:26:58 honeypot-fra-1 sshd[31164]: Invalid user devmgr from 141.98.10.158 port 37744","@timestamp":"2022-09-11T04:26:59.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:28:21 honeypot-fra-1 kernel: [83744932.772892] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.41.174.227 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=44862 PROTO=TCP SPT=1542 DPT=443 WINDOW=62446 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:28:22.155Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:33:52 honeypot-ams-1 sshd[8743]: Disconnected from invalid user jun2x123 128.199.157.190 port 52532 [preauth]","@timestamp":"2022-09-11T04:33:52.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:34:40 honeypot-ams-1 sshd[8747]: Disconnected from invalid user temp 206.217.131.233 port 43268 [preauth]","@timestamp":"2022-09-11T04:34:40.940Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:34:52 honeypot-fra-1 kernel: [83745323.897518] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=38887 PROTO=TCP SPT=57944 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:34:53.302Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:38 honeypot-ams-1 sshd[8752]: Received disconnect from 45.61.184.204 port 50340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:35:38.974Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:58 honeypot-ams-1 sshd[8756]: Received disconnect from 45.61.184.204 port 45302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:35:58.984Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:16 honeypot-ams-1 sshd[8760]: Received disconnect from 45.61.184.204 port 40278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:36:16.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:24 honeypot-ams-1 sshd[8764]: Disconnected from invalid user user 45.61.184.204 port 51890 [preauth]","@timestamp":"2022-09-11T04:36:24.998Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:39:40 honeypot-ams-1 sshd[8769]: Disconnected from invalid user ritwika 142.44.240.83 port 47662 [preauth]","@timestamp":"2022-09-11T04:39:41.085Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:40:08 honeypot-fra-1 sshd[31177]: Disconnecting invalid user admin 114.33.94.230 port 38552: Too many authentication failures [preauth]","@timestamp":"2022-09-11T04:40:08.418Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:40:44.239Z","@version":"1","message":"Sep 11 04:40:43 honeypot-sgp-1 sshd[5034]: Received disconnect from 92.255.85.69 port 60242:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:43:19 honeypot-fra-1 sshd[31183]: Received disconnect from 92.255.85.70 port 56312:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:43:19.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:44:48 honeypot-ams-1 kernel: [83748074.390218] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54080 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:44:49.224Z"}
{"@timestamp":"2022-09-11T04:46:40.384Z","@version":"1","message":"Sep 11 04:46:40 honeypot-sgp-1 kernel: [83747713.558919] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54733 PROTO=TCP SPT=51390 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:47:02 honeypot-fra-1 sshd[31189]: Received disconnect from 119.159.226.213 port 46524:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:47:03.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:50:59 honeypot-fra-1 kernel: [83746290.643322] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.141.145.216 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=1140 PROTO=TCP SPT=57522 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:50:59.684Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:55:20 honeypot-ams-1 sshd[8776]: Invalid user test123 from 103.188.176.251 port 60078","@timestamp":"2022-09-11T04:55:21.500Z"}
{"@timestamp":"2022-09-11T04:59:30.691Z","@version":"1","message":"Sep 11 04:59:30 honeypot-sgp-1 sshd[5051]: Did not receive identification string from 128.199.96.88 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:59:51 honeypot-fra-1 sshd[31197]: Connection closed by invalid user test123 103.188.176.251 port 43190 [preauth]","@timestamp":"2022-09-11T04:59:52.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:00 honeypot-fra-1 sshd[31204]: Received disconnect from 45.61.187.160 port 52188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:01:00.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:18 honeypot-fra-1 sshd[31208]: Received disconnect from 45.61.187.160 port 47380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:01:19.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:37 honeypot-fra-1 sshd[31212]: Received disconnect from 45.61.187.160 port 42580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:01:37.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:04:53 honeypot-fra-1 sshd[31217]: Received disconnect from 20.87.8.78 port 60924:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:04:53.999Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:05:09.828Z","@version":"1","message":"Sep 11 05:05:09 honeypot-sgp-1 sshd[5072]: Disconnected from authenticating user root 112.217.207.26 port 38948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:06:48 honeypot-fra-1 sshd[31222]: Disconnected from authenticating user root 92.255.85.69 port 30330 [preauth]","@timestamp":"2022-09-11T05:06:49.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:08:01 honeypot-fra-1 sshd[31226]: Disconnected from invalid user admin 164.92.87.79 port 51138 [preauth]","@timestamp":"2022-09-11T05:08:02.072Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:11:02 honeypot-ams-1 kernel: [83749647.826026] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=16854 PROTO=TCP SPT=54612 DPT=80 WINDOW=40212 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:11:02.915Z"}
{"@timestamp":"2022-09-11T05:13:29.031Z","@version":"1","message":"Sep 11 05:13:28 honeypot-sgp-1 kernel: [83749321.647396] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.92.32.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=25471 PROTO=TCP SPT=53207 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:17:01 honeypot-ams-1 CRON[9223]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T05:17:02.076Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:19:54 honeypot-fra-1 kernel: [83748025.219462] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42248 PROTO=TCP SPT=32699 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:19:54.330Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:23:38.271Z","@version":"1","message":"Sep 11 05:23:37 honeypot-sgp-1 sshd[5084]: Did not receive identification string from 198.98.61.9 port 34620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:23:52.278Z","@version":"1","message":"Sep 11 05:23:51 honeypot-sgp-1 sshd[5089]: Invalid user user from 103.188.176.251 port 48350","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:14.289Z","@version":"1","message":"Sep 11 05:24:13 honeypot-sgp-1 sshd[5094]: Received disconnect from 198.98.61.9 port 43238:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:32.298Z","@version":"1","message":"Sep 11 05:24:31 honeypot-sgp-1 sshd[5098]: Received disconnect from 198.98.61.9 port 38962:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:40.302Z","@version":"1","message":"Sep 11 05:24:39 honeypot-sgp-1 sshd[5102]: Disconnected from invalid user user 198.98.61.9 port 50930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:25:24.322Z","@version":"1","message":"Sep 11 05:25:23 honeypot-sgp-1 sshd[5108]: Received disconnect from 64.225.43.245 port 58182:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:27:32.374Z","@version":"1","message":"Sep 11 05:27:31 honeypot-sgp-1 sshd[5114]: Invalid user ftpuser from 92.255.85.70 port 28708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:28:09 honeypot-ams-1 sshd[9227]: Disconnected from authenticating user root 185.149.120.61 port 38842 [preauth]","@timestamp":"2022-09-11T05:28:10.370Z"}
{"@timestamp":"2022-09-11T05:28:31.399Z","@version":"1","message":"Sep 11 05:28:31 honeypot-sgp-1 sshd[5118]: Disconnected from authenticating user root 64.225.43.245 port 55890 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:30:53 honeypot-fra-1 sshd[31242]: Received disconnect from 165.22.45.108 port 42332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:30:53.569Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:30:54.458Z","@version":"1","message":"Sep 11 05:30:54 honeypot-sgp-1 sshd[5125]: Disconnected from authenticating user root 64.225.43.245 port 40034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:30:57 honeypot-ams-1 sshd[9232]: Invalid user kafka from 157.230.32.105 port 56104","@timestamp":"2022-09-11T05:30:58.447Z"}
{"@timestamp":"2022-09-11T05:32:45.504Z","@version":"1","message":"Sep 11 05:32:45 honeypot-sgp-1 kernel: [83750478.524506] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.88.125.200 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=3309 DF PROTO=TCP SPT=50834 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:33:40 honeypot-ams-1 kernel: [83751006.200214] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.22.53.207 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=1829 PROTO=TCP SPT=39598 DPT=80 WINDOW=56294 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:33:40.516Z"}
{"@timestamp":"2022-09-11T05:34:05.541Z","@version":"1","message":"Sep 11 05:34:04 honeypot-sgp-1 sshd[5136]: Received disconnect from 64.225.43.245 port 37710:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:34:53.585Z","@version":"1","message":"Sep 11 05:34:53 honeypot-sgp-1 sshd[5141]: Received disconnect from 64.225.43.245 port 51246:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:36:04.616Z","@version":"1","message":"Sep 11 05:36:03 honeypot-sgp-1 sshd[5147]: Received disconnect from 179.43.156.143 port 60350:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:37:21.650Z","@version":"1","message":"Sep 11 05:37:20 honeypot-sgp-1 sshd[5153]: Received disconnect from 179.43.156.143 port 55188:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:37:59.665Z","@version":"1","message":"Sep 11 05:37:59 honeypot-sgp-1 sshd[5157]: Disconnected from invalid user nutanix 179.43.156.143 port 52604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:38:57.693Z","@version":"1","message":"Sep 11 05:38:57 honeypot-sgp-1 sshd[5163]: Received disconnect from 64.225.43.245 port 34236:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:39:45.715Z","@version":"1","message":"Sep 11 05:39:45 honeypot-sgp-1 sshd[5168]: Received disconnect from 64.225.43.245 port 47768:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:20 honeypot-fra-1 sshd[31249]: Invalid user monitor from 141.94.76.58 port 54200","@timestamp":"2022-09-11T05:40:20.770Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:40:35.736Z","@version":"1","message":"Sep 11 05:40:35 honeypot-sgp-1 sshd[5174]: Received disconnect from 179.43.156.143 port 42312:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:42 honeypot-fra-1 sshd[31252]: Disconnected from invalid user user 141.255.162.226 port 49946 [preauth]","@timestamp":"2022-09-11T05:40:42.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:44 honeypot-fra-1 sshd[31256]: Disconnected from invalid user user 141.255.162.226 port 57140 [preauth]","@timestamp":"2022-09-11T05:40:45.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:47 honeypot-fra-1 sshd[31260]: Disconnected from invalid user user 141.255.162.226 port 43294 [preauth]","@timestamp":"2022-09-11T05:40:47.783Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:41:15 honeypot-ams-1 kernel: [83751460.765352] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.163.104.128 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=52481 DF PROTO=TCP SPT=50637 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T05:41:15.712Z"}
{"@timestamp":"2022-09-11T05:41:57.772Z","@version":"1","message":"Sep 11 05:41:56 honeypot-sgp-1 sshd[5180]: Received disconnect from 179.43.156.143 port 37158:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:42:57.799Z","@version":"1","message":"Sep 11 05:42:56 honeypot-sgp-1 sshd[5186]: Received disconnect from 64.225.43.245 port 45478:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:44:34.841Z","@version":"1","message":"Sep 11 05:44:34 honeypot-sgp-1 sshd[5192]: Received disconnect from 64.225.43.245 port 44318:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:44:42 honeypot-fra-1 kernel: [83749514.053816] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.220.205.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45354 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:44:43.874Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:46:10.883Z","@version":"1","message":"Sep 11 05:46:10 honeypot-sgp-1 sshd[5197]: Disconnected from authenticating user root 64.225.43.245 port 43158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:48:10.933Z","@version":"1","message":"Sep 11 05:48:10 honeypot-sgp-1 sshd[5203]: Disconnected from authenticating user root 8.213.17.47 port 59992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:50:14.986Z","@version":"1","message":"Sep 11 05:50:14 honeypot-sgp-1 sshd[5210]: Received disconnect from 64.225.43.245 port 54376:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:50:31 honeypot-fra-1 sshd[31268]: Invalid user testuser from 34.78.205.135 port 50229","@timestamp":"2022-09-11T05:50:32.003Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:50:41.999Z","@version":"1","message":"Sep 11 05:50:41 honeypot-sgp-1 sshd[5214]: Received disconnect from 92.255.85.70 port 47332:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:52:40.048Z","@version":"1","message":"Sep 11 05:52:39 honeypot-sgp-1 sshd[5220]: Received disconnect from 64.225.43.245 port 38524:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:52:56 honeypot-fra-1 sshd[31272]: Invalid user annie-zhang from 187.230.139.33 port 54497","@timestamp":"2022-09-11T05:52:57.060Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:54:58.105Z","@version":"1","message":"Sep 11 05:54:57 honeypot-sgp-1 kernel: [83751810.569223] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=61.140.176.26 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29934 DF PROTO=TCP SPT=34722 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:55:42 honeypot-ams-1 sshd[9243]: Disconnected from authenticating user root 147.182.251.31 port 56244 [preauth]","@timestamp":"2022-09-11T05:55:43.084Z"}
{"@timestamp":"2022-09-11T05:55:53.129Z","@version":"1","message":"Sep 11 05:55:52 honeypot-sgp-1 sshd[5229]: Received disconnect from 64.225.43.245 port 36202:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:56:09 honeypot-fra-1 kernel: [83750200.836784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.83.67.225 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=59 ID=53208 DF PROTO=TCP SPT=14880 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:56:10.132Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:58:19.188Z","@version":"1","message":"Sep 11 05:58:18 honeypot-sgp-1 sshd[5235]: Received disconnect from 64.225.43.245 port 48578:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:59:08.209Z","@version":"1","message":"Sep 11 05:59:07 honeypot-sgp-1 sshd[5239]: Disconnected from authenticating user root 64.225.43.245 port 33882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:01:20 honeypot-ams-1 sshd[9249]: Invalid user wup from 107.189.10.112 port 56394","@timestamp":"2022-09-11T06:01:20.230Z"}
{"@timestamp":"2022-09-11T06:01:35.273Z","@version":"1","message":"Sep 11 06:01:34 honeypot-sgp-1 sshd[5246]: Received disconnect from 64.225.43.245 port 46260:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:03:23 honeypot-ams-1 sshd[9253]: Disconnected from invalid user admin 159.65.31.128 port 43092 [preauth]","@timestamp":"2022-09-11T06:03:24.285Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:28 honeypot-fra-1 sshd[31281]: Invalid user user from 45.61.187.160 port 43080","@timestamp":"2022-09-11T06:03:29.294Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:03:38.323Z","@version":"1","message":"Sep 11 06:03:38 honeypot-sgp-1 kernel: [83752331.614765] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.198.79.96 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39308 PROTO=TCP SPT=54944 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:45 honeypot-fra-1 sshd[31285]: Invalid user user from 45.61.187.160 port 37596","@timestamp":"2022-09-11T06:03:46.302Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:04:02 honeypot-fra-1 sshd[31289]: Invalid user user from 45.61.187.160 port 60354","@timestamp":"2022-09-11T06:04:03.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:04:10 honeypot-fra-1 sshd[31293]: Invalid user user from 45.61.187.160 port 43482","@timestamp":"2022-09-11T06:04:11.314Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:05:38.376Z","@version":"1","message":"Sep 11 06:05:38 honeypot-sgp-1 sshd[5257]: Received disconnect from 64.225.43.245 port 57544:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:05:45 honeypot-fra-1 sshd[31296]: Disconnected from invalid user user 198.98.61.9 port 38242 [preauth]","@timestamp":"2022-09-11T06:05:46.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:08 honeypot-fra-1 sshd[31300]: Disconnected from invalid user user 198.98.61.9 port 33140 [preauth]","@timestamp":"2022-09-11T06:06:09.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:26 honeypot-fra-1 sshd[31304]: Disconnected from invalid user user 198.98.61.9 port 56288 [preauth]","@timestamp":"2022-09-11T06:06:27.369Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:06:27.398Z","@version":"1","message":"Sep 11 06:06:26 honeypot-sgp-1 sshd[5261]: Disconnected from authenticating user root 64.225.43.245 port 42846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:46 honeypot-fra-1 sshd[31308]: Disconnected from invalid user user 198.98.61.9 port 51200 [preauth]","@timestamp":"2022-09-11T06:06:47.378Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:08:20.447Z","@version":"1","message":"Sep 11 06:08:20 honeypot-sgp-1 sshd[5268]: Received disconnect from 128.199.133.168 port 53096:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:09:51.486Z","@version":"1","message":"Sep 11 06:09:51 honeypot-sgp-1 kernel: [83752704.520307] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=4245 PROTO=TCP SPT=56053 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:11:22.527Z","@version":"1","message":"Sep 11 06:11:22 honeypot-sgp-1 sshd[5278]: Received disconnect from 64.225.43.245 port 39364:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:12:12.549Z","@version":"1","message":"Sep 11 06:12:11 honeypot-sgp-1 sshd[5282]: Disconnected from authenticating user root 64.225.43.245 port 52900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:12:54 honeypot-fra-1 kernel: [83751205.606764] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=39489 DF PROTO=TCP SPT=62369 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:12:55.514Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T06:13:50.591Z","@version":"1","message":"Sep 11 06:13:50 honeypot-sgp-1 sshd[5289]: Received disconnect from 64.225.43.245 port 51742:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:15:22 honeypot-ams-1 kernel: [83753508.542365] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.197.180.28 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=23218 PROTO=TCP SPT=43983 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:15:23.593Z"}
{"@timestamp":"2022-09-11T06:16:15.653Z","@version":"1","message":"Sep 11 06:16:15 honeypot-sgp-1 sshd[5295]: Received disconnect from 64.225.43.245 port 35884:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:16:26 honeypot-fra-1 sshd[31409]: Disconnected from invalid user ftpuser 92.255.85.70 port 49186 [preauth]","@timestamp":"2022-09-11T06:16:27.597Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:18:02.700Z","@version":"1","message":"Sep 11 06:18:02 honeypot-sgp-1 sshd[5303]: Did not receive identification string from 45.61.187.160 port 51468","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:18:33.715Z","@version":"1","message":"Sep 11 06:18:33 honeypot-sgp-1 sshd[5306]: Disconnected from invalid user user 45.61.187.160 port 37386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:18:51.724Z","@version":"1","message":"Sep 11 06:18:51 honeypot-sgp-1 sshd[5310]: Disconnected from invalid user user 45.61.187.160 port 60730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:19:08.732Z","@version":"1","message":"Sep 11 06:19:08 honeypot-sgp-1 sshd[5314]: Disconnected from invalid user user 45.61.187.160 port 55832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:19:32 honeypot-ams-1 sshd[9260]: Received disconnect from 92.255.85.69 port 53382:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:19:32.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:22:43 honeypot-ams-1 sshd[9265]: Connection closed by invalid user test 193.106.191.157 port 45166 [preauth]","@timestamp":"2022-09-11T06:22:43.786Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:23:33 honeypot-fra-1 sshd[31417]: Invalid user rp1999a from 8.213.17.47 port 36474","@timestamp":"2022-09-11T06:23:33.755Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:25:04.884Z","@version":"1","message":"Sep 11 06:25:04 honeypot-sgp-1 CRON[5319]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:30:31 honeypot-fra-1 sshd[31560]: Received disconnect from 202.170.60.201 port 45732:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:30:31.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:19 honeypot-ams-1 sshd[9436]: Invalid user user from 141.255.162.226 port 59514","@timestamp":"2022-09-11T06:31:20.010Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:22 honeypot-ams-1 sshd[9440]: Invalid user user from 141.255.162.226 port 38556","@timestamp":"2022-09-11T06:31:23.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:24 honeypot-ams-1 sshd[9444]: Invalid user user from 141.255.162.226 port 60356","@timestamp":"2022-09-11T06:31:25.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:31:56 honeypot-fra-1 sshd[31565]: Invalid user user from 198.98.61.9 port 51178","@timestamp":"2022-09-11T06:31:56.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:15 honeypot-fra-1 sshd[31569]: Invalid user user from 198.98.61.9 port 46360","@timestamp":"2022-09-11T06:32:16.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:33 honeypot-fra-1 sshd[31573]: Invalid user user from 198.98.61.9 port 41546","@timestamp":"2022-09-11T06:32:34.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:52 honeypot-fra-1 sshd[31577]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-11T06:32:53.024Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:34:27 honeypot-ams-1 kernel: [83754652.916721] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.160.167.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=27631 PROTO=TCP SPT=24479 DPT=80 WINDOW=26435 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:34:28.093Z"}
{"@timestamp":"2022-09-11T06:37:13.178Z","@version":"1","message":"Sep 11 06:37:12 honeypot-sgp-1 sshd[5469]: Disconnected from invalid user test1 92.255.85.69 port 30344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:40:42 honeypot-fra-1 sshd[31581]: Received disconnect from 92.255.85.70 port 15618:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:40:43.194Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:42:33 honeypot-ams-1 sshd[9453]: Invalid user test1 from 92.255.85.69 port 44122","@timestamp":"2022-09-11T06:42:34.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:44:22 honeypot-fra-1 sshd[31586]: Connection closed by invalid user test 193.106.191.157 port 42540 [preauth]","@timestamp":"2022-09-11T06:44:23.275Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:47:01 honeypot-ams-1 CRON[9456]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T06:47:02.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:49:27 honeypot-fra-1 sshd[31609]: Disconnected from invalid user admin 103.47.184.2 port 45686 [preauth]","@timestamp":"2022-09-11T06:49:28.387Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:50:34.516Z","@version":"1","message":"Sep 11 06:50:34 honeypot-sgp-1 sshd[5592]: Did not receive identification string from 45.61.187.160 port 46804","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:50:49.524Z","@version":"1","message":"Sep 11 06:50:49 honeypot-sgp-1 sshd[5595]: Disconnected from invalid user user 45.61.187.160 port 45720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:07.533Z","@version":"1","message":"Sep 11 06:51:06 honeypot-sgp-1 sshd[5599]: Disconnected from invalid user user 45.61.187.160 port 40054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:23.542Z","@version":"1","message":"Sep 11 06:51:23 honeypot-sgp-1 sshd[5603]: Disconnected from invalid user user 45.61.187.160 port 34396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:55:09 honeypot-ams-1 sshd[9571]: Invalid user admin from 183.107.50.18 port 55060","@timestamp":"2022-09-11T06:55:10.639Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:56:08 honeypot-ams-1 kernel: [83755954.192865] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.146.63.210 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=1280 DF PROTO=TCP SPT=25776 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:56:08.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:57:58 honeypot-fra-1 sshd[31612]: Disconnected from invalid user minerva 162.243.73.244 port 32887 [preauth]","@timestamp":"2022-09-11T06:57:59.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:00:26 honeypot-fra-1 sshd[31618]: Did not receive identification string from 81.169.244.70 port 50776","@timestamp":"2022-09-11T07:00:26.628Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:01:30.799Z","@version":"1","message":"Sep 11 07:01:30 honeypot-sgp-1 sshd[5608]: Disconnected from invalid user test1 92.255.85.70 port 29712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:04:16 honeypot-fra-1 sshd[31622]: Invalid user test1 from 92.255.85.70 port 22410","@timestamp":"2022-09-11T07:04:17.711Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:10:14.006Z","@version":"1","message":"Sep 11 07:10:13 honeypot-sgp-1 sshd[5614]: Invalid user user from 45.61.187.160 port 37328","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:31.014Z","@version":"1","message":"Sep 11 07:10:30 honeypot-sgp-1 sshd[5618]: Invalid user user from 45.61.187.160 port 32962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:48.021Z","@version":"1","message":"Sep 11 07:10:47 honeypot-sgp-1 sshd[5622]: Invalid user user from 45.61.187.160 port 56828","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 07:11:17 honeypot-ams-1 kernel: [83756863.487247] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=59731 DF PROTO=TCP SPT=41414 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:11:18.059Z"}
{"@timestamp":"2022-09-11T07:12:02.051Z","@version":"1","message":"Sep 11 07:12:01 honeypot-sgp-1 kernel: [83756434.521994] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=8930 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:15 honeypot-fra-1 sshd[31627]: Did not receive identification string from 45.61.186.169 port 47532","@timestamp":"2022-09-11T07:12:15.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:46 honeypot-fra-1 sshd[31630]: Disconnected from invalid user user 45.61.186.169 port 51612 [preauth]","@timestamp":"2022-09-11T07:12:46.900Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:02 honeypot-fra-1 sshd[31634]: Disconnected from invalid user user 45.61.186.169 port 46642 [preauth]","@timestamp":"2022-09-11T07:13:03.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:19 honeypot-fra-1 sshd[31638]: Disconnected from invalid user user 45.61.186.169 port 41656 [preauth]","@timestamp":"2022-09-11T07:13:19.915Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:16:27.158Z","@version":"1","message":"Sep 11 07:16:26 honeypot-sgp-1 sshd[5633]: Invalid user teste from 104.248.181.156 port 48674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:16:44.168Z","@version":"1","message":"Sep 11 07:16:43 honeypot-sgp-1 sshd[5637]: Received disconnect from 59.19.54.171 port 50894:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:16:49 honeypot-fra-1 sshd[31643]: Disconnected from invalid user soh 43.156.241.174 port 55986 [preauth]","@timestamp":"2022-09-11T07:16:49.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:43 honeypot-fra-1 sshd[31651]: Invalid user minecraft from 43.138.12.15 port 37106","@timestamp":"2022-09-11T07:18:44.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31651]: Connection closed by invalid user minecraft 43.138.12.15 port 37106 [preauth]","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31662]: Invalid user ts3server from 43.138.12.15 port 37090","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:45 honeypot-fra-1 sshd[31655]: Connection closed by invalid user ftpuser 43.138.12.15 port 37102 [preauth]","@timestamp":"2022-09-11T07:18:46.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:46 honeypot-fra-1 sshd[31690]: Invalid user postgres from 43.138.12.15 port 37152","@timestamp":"2022-09-11T07:18:47.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31687]: Connection closed by invalid user ubuntu 43.138.12.15 port 37104 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31679]: Invalid user vagrant from 43.138.12.15 port 37148","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31683]: Invalid user mcserv from 43.138.12.15 port 37088","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31719]: Invalid user admin from 43.138.12.15 port 37116","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31686]: Connection closed by invalid user elastic 43.138.12.15 port 37130 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31682]: Connection closed by invalid user ansible 43.138.12.15 port 37118 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31699]: Invalid user guest from 43.138.12.15 port 37138","@timestamp":"2022-09-11T07:18:49.044Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:20:05.248Z","@version":"1","message":"Sep 11 07:20:04 honeypot-sgp-1 sshd[5645]: Received disconnect from 203.172.41.149 port 39982:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 07:22:40 honeypot-ams-1 kernel: [83757545.921945] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=25156 PROTO=TCP SPT=59399 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:22:40.353Z"}
{"@timestamp":"2022-09-11T07:25:02.367Z","@version":"1","message":"Sep 11 07:25:01 honeypot-sgp-1 sshd[5650]: Received disconnect from 92.255.85.70 port 52426:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:27:38.433Z","@version":"1","message":"Sep 11 07:27:38 honeypot-sgp-1 sshd[5656]: Invalid user user from 45.61.184.204 port 58406","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:00.443Z","@version":"1","message":"Sep 11 07:27:59 honeypot-sgp-1 sshd[5660]: Invalid user user from 45.61.184.204 port 53916","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:18.452Z","@version":"1","message":"Sep 11 07:28:17 honeypot-sgp-1 sshd[5664]: Invalid user user from 45.61.184.204 port 49462","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:28:24 honeypot-fra-1 sshd[31722]: Invalid user test1 from 92.255.85.69 port 58188","@timestamp":"2022-09-11T07:28:25.268Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:30:12 honeypot-ams-1 sshd[9589]: Received disconnect from 92.255.85.69 port 41024:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:30:13.549Z"}
{"@timestamp":"2022-09-11T07:30:24.505Z","@version":"1","message":"Sep 11 07:30:23 honeypot-sgp-1 sshd[5668]: Invalid user User from 202.53.71.24 port 47080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:39:08 honeypot-fra-1 kernel: [83756379.778533] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.28.57.98 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=33916 DF PROTO=TCP SPT=57818 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:39:09.507Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:45:24 honeypot-fra-1 sshd[31730]: Connection closed by authenticating user root 141.98.10.158 port 48834 [preauth]","@timestamp":"2022-09-11T07:45:25.650Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:47:23 honeypot-ams-1 sshd[9596]: Did not receive identification string from 45.61.186.249 port 52296","@timestamp":"2022-09-11T07:47:23.996Z"}
{"@timestamp":"2022-09-11T07:47:23.916Z","@version":"1","message":"Sep 11 07:47:23 honeypot-sgp-1 kernel: [83758556.607996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.88.125.200 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=15921 DF PROTO=TCP SPT=64206 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:06 honeypot-ams-1 sshd[9599]: Disconnected from invalid user user 45.61.186.249 port 40340 [preauth]","@timestamp":"2022-09-11T07:48:07.017Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:23 honeypot-ams-1 sshd[9603]: Disconnected from invalid user user 45.61.186.249 port 35016 [preauth]","@timestamp":"2022-09-11T07:48:24.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:40 honeypot-ams-1 sshd[9607]: Disconnected from invalid user user 45.61.186.249 port 57944 [preauth]","@timestamp":"2022-09-11T07:48:41.035Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:51:59 honeypot-fra-1 sshd[31737]: Received disconnect from 92.255.85.69 port 24708:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:51:59.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:53:53 honeypot-ams-1 sshd[9614]: Invalid user test1 from 92.255.85.70 port 62808","@timestamp":"2022-09-11T07:53:54.172Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:55:07 honeypot-fra-1 sshd[31740]: Received disconnect from 200.16.132.42 port 46729:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:55:07.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:58:21 honeypot-fra-1 sshd[31745]: Received disconnect from 51.250.85.165 port 38676:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:58:21.950Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:59:24.200Z","@version":"1","message":"Sep 11 07:59:23 honeypot-sgp-1 sshd[5677]: Invalid user prueba from 103.188.176.251 port 42716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:00:05 honeypot-fra-1 sshd[31749]: Disconnected from invalid user phoenix 129.205.124.253 port 49780 [preauth]","@timestamp":"2022-09-11T08:00:05.991Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:03:38.304Z","@version":"1","message":"Sep 11 08:03:37 honeypot-sgp-1 sshd[5681]: Received disconnect from 103.77.252.60 port 44566:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:04:28 honeypot-ams-1 sshd[9618]: Did not receive identification string from 167.172.152.18 port 52078","@timestamp":"2022-09-11T08:04:28.450Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:05:31 honeypot-ams-1 sshd[9623]: Disconnected from authenticating user root 167.172.152.18 port 54720 [preauth]","@timestamp":"2022-09-11T08:05:31.480Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:06:49 honeypot-ams-1 sshd[9629]: Disconnected from authenticating user root 167.172.152.18 port 55594 [preauth]","@timestamp":"2022-09-11T08:06:50.518Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:08:05 honeypot-ams-1 sshd[9635]: Disconnected from authenticating user root 167.172.152.18 port 56062 [preauth]","@timestamp":"2022-09-11T08:08:05.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:08:55 honeypot-ams-1 sshd[9640]: Received disconnect from 167.172.152.18 port 37556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:08:56.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:09:45 honeypot-ams-1 sshd[9645]: Received disconnect from 167.172.152.18 port 47568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:09:46.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:10:36 honeypot-ams-1 sshd[9649]: Received disconnect from 167.172.152.18 port 57180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:10:36.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:11:25 honeypot-ams-1 sshd[9653]: Received disconnect from 167.172.152.18 port 38882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:11:26.653Z"}
{"@timestamp":"2022-09-11T08:11:58.509Z","@version":"1","message":"Sep 11 08:11:58 honeypot-sgp-1 sshd[5684]: Did not receive identification string from 45.61.184.204 port 40006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:12:15 honeypot-ams-1 sshd[9657]: Received disconnect from 167.172.152.18 port 48484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:12:15.678Z"}
{"@timestamp":"2022-09-11T08:12:25.526Z","@version":"1","message":"Sep 11 08:12:25 honeypot-sgp-1 sshd[5687]: Disconnected from invalid user user 45.61.184.204 port 53774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:12:43.533Z","@version":"1","message":"Sep 11 08:12:42 honeypot-sgp-1 sshd[5691]: Disconnected from invalid user user 45.61.184.204 port 49338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:12:52.538Z","@version":"1","message":"Sep 11 08:12:52 honeypot-sgp-1 sshd[5695]: Disconnected from invalid user user 45.61.184.204 port 33002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:13:05 honeypot-ams-1 sshd[9661]: Received disconnect from 167.172.152.18 port 58300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:13:05.704Z"}
{"@timestamp":"2022-09-11T08:13:11.546Z","@version":"1","message":"Sep 11 08:13:10 honeypot-sgp-1 sshd[5699]: Disconnected from invalid user user 45.61.184.204 port 56804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:13:55 honeypot-ams-1 sshd[9665]: Received disconnect from 167.172.152.18 port 40008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:13:55.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:14:45 honeypot-ams-1 sshd[9669]: Received disconnect from 167.172.152.18 port 49706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:14:45.753Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:14:59 honeypot-fra-1 sshd[31777]: Disconnected from invalid user test1 92.255.85.69 port 40346 [preauth]","@timestamp":"2022-09-11T08:14:59.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:15:35 honeypot-ams-1 sshd[9674]: Received disconnect from 167.172.152.18 port 59524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:15:36.778Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:16:27 honeypot-ams-1 sshd[9678]: Received disconnect from 167.172.152.18 port 40946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:16:27.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:17:01 honeypot-ams-1 CRON[9682]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T08:17:01.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:17:38 honeypot-fra-1 sshd[31782]: Disconnected from invalid user katrin 165.22.45.108 port 39398 [preauth]","@timestamp":"2022-09-11T08:17:38.395Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:23:03 honeypot-ams-1 sshd[9688]: Invalid user arma3server from 203.128.242.166 port 58612","@timestamp":"2022-09-11T08:23:03.971Z"}
{"@timestamp":"2022-09-11T08:25:59.857Z","@version":"1","message":"Sep 11 08:25:59 honeypot-sgp-1 kernel: [83760873.012115] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=10039 DF PROTO=TCP SPT=15265 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:33:12 honeypot-ams-1 kernel: [83761777.936214] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.222 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=43930 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:33:13.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:34:22 honeypot-fra-1 kernel: [83759692.784849] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=1214 DF PROTO=TCP SPT=53465 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T08:34:22.788Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T08:35:43.092Z","@version":"1","message":"Sep 11 08:35:42 honeypot-sgp-1 sshd[5729]: Received disconnect from 92.255.85.70 port 15716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:37:49 honeypot-ams-1 sshd[9711]: Invalid user rstudio-server from 143.198.45.196 port 53044","@timestamp":"2022-09-11T08:37:49.352Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:40:06 honeypot-fra-1 kernel: [83760037.327719] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=45536 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:40:06.918Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:40:58 honeypot-ams-1 sshd[9715]: Invalid user test from 193.106.191.157 port 40814","@timestamp":"2022-09-11T08:40:59.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:42:57 honeypot-ams-1 sshd[9720]: Did not receive identification string from 45.61.186.169 port 44906","@timestamp":"2022-09-11T08:42:57.491Z"}
{"@timestamp":"2022-09-11T08:43:22.272Z","@version":"1","message":"Sep 11 08:43:21 honeypot-sgp-1 sshd[5734]: Received disconnect from 36.170.39.170 port 16034:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:40 honeypot-ams-1 sshd[9723]: Disconnected from invalid user user 45.61.186.169 port 34954 [preauth]","@timestamp":"2022-09-11T08:43:41.515Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:56 honeypot-ams-1 sshd[9727]: Disconnected from invalid user user 45.61.186.169 port 58342 [preauth]","@timestamp":"2022-09-11T08:43:56.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:44:13 honeypot-ams-1 sshd[9731]: Received disconnect from 45.61.186.169 port 53484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:44:13.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:45:23 honeypot-fra-1 sshd[31794]: Received disconnect from 197.159.66.222 port 36072:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:45:24.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:48:30 honeypot-fra-1 sshd[31796]: Disconnected from invalid user yasser 202.139.196.201 port 31940 [preauth]","@timestamp":"2022-09-11T08:48:31.107Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:49:17 honeypot-ams-1 kernel: [83762743.205263] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.191.209.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=12691 PROTO=TCP SPT=50995 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:49:17.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:50:40 honeypot-fra-1 sshd[31803]: Invalid user iv from 189.29.171.10 port 60024","@timestamp":"2022-09-11T08:50:41.155Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:59:04 honeypot-fra-1 kernel: [83761174.914152] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=55872 PROTO=TCP SPT=50720 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:59:04.352Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T08:59:11.640Z","@version":"1","message":"Sep 11 08:59:10 honeypot-sgp-1 sshd[5739]: Received disconnect from 92.255.85.70 port 46822:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:04:26 honeypot-ams-1 sshd[9741]: Invalid user test1 from 92.255.85.69 port 45298","@timestamp":"2022-09-11T09:04:26.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:04:27 honeypot-fra-1 kernel: [83761497.801236] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.91.202 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=19510 PROTO=TCP SPT=35123 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:04:27.475Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:17 honeypot-fra-1 sshd[31816]: Received disconnect from 45.61.186.49 port 46220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:05:17.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:25 honeypot-fra-1 sshd[31820]: Received disconnect from 45.61.186.49 port 57964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:05:25.501Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:05:47.799Z","@version":"1","message":"Sep 11 09:05:47 honeypot-sgp-1 kernel: [83763260.805991] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=38253 DPT=389 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:06:36 honeypot-ams-1 sshd[9747]: Received disconnect from 167.172.152.18 port 43586:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:06:37.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:07:29 honeypot-ams-1 sshd[9751]: Disconnected from authenticating user root 167.172.152.18 port 51698 [preauth]","@timestamp":"2022-09-11T09:07:30.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:08:45 honeypot-ams-1 sshd[9757]: Disconnected from authenticating user root 167.172.152.18 port 50350 [preauth]","@timestamp":"2022-09-11T09:08:46.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:10:01 honeypot-ams-1 sshd[9763]: Invalid user user from 167.172.152.18 port 49120","@timestamp":"2022-09-11T09:10:02.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:10:51 honeypot-ams-1 sshd[9768]: Invalid user postgres from 167.172.152.18 port 57422","@timestamp":"2022-09-11T09:10:52.248Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:11:23 honeypot-ams-1 kernel: [83764068.758566] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=9521 PROTO=TCP SPT=46803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:11:23.264Z"}
{"@timestamp":"2022-09-11T09:11:59.951Z","@version":"1","message":"Sep 11 09:11:59 honeypot-sgp-1 kernel: [83763632.267402] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=16463 PROTO=TCP SPT=46803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:01 honeypot-ams-1 sshd[9784]: Received disconnect from 45.61.187.160 port 39910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:02.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:10 honeypot-ams-1 sshd[9788]: Received disconnect from 45.61.187.160 port 51406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:11.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:26 honeypot-ams-1 sshd[9792]: Received disconnect from 45.61.187.160 port 46172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:27.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:35 honeypot-ams-1 sshd[9796]: Received disconnect from 45.61.187.160 port 57648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:35.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:51 honeypot-ams-1 sshd[9800]: Received disconnect from 45.61.187.160 port 52418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:12:51.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:13:22 honeypot-ams-1 sshd[9804]: Received disconnect from 167.172.152.18 port 53434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:13:23.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:13:47 honeypot-ams-1 sshd[9808]: Received disconnect from 167.172.152.18 port 44822:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:13:48.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:14:37 honeypot-ams-1 sshd[9812]: Received disconnect from 167.172.152.18 port 53366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:14:38.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:15:27 honeypot-ams-1 sshd[9816]: Received disconnect from 167.172.152.18 port 33518:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:15:28.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:16:17 honeypot-ams-1 sshd[9821]: Received disconnect from 167.172.152.18 port 41946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:16:18.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:17:01 honeypot-ams-1 CRON[9826]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T09:17:02.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:17:34 honeypot-ams-1 sshd[9831]: Received disconnect from 167.172.152.18 port 40730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:17:35.450Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:17:56 honeypot-fra-1 sshd[31826]: Received disconnect from 39.109.114.28 port 39698:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:17:57.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:18:03 honeypot-ams-1 sshd[9835]: Received disconnect from 200.66.77.178 port 44398:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:18:03.464Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:28 honeypot-fra-1 sshd[31831]: Invalid user user from 141.255.162.226 port 50126","@timestamp":"2022-09-11T09:18:28.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:31 honeypot-fra-1 sshd[31835]: Invalid user user from 141.255.162.226 port 43088","@timestamp":"2022-09-11T09:18:32.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:36 honeypot-fra-1 sshd[31839]: Invalid user user from 141.255.162.226 port 50164","@timestamp":"2022-09-11T09:18:36.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:22:43 honeypot-fra-1 sshd[31844]: Disconnected from invalid user beta 178.128.72.150 port 43956 [preauth]","@timestamp":"2022-09-11T09:22:43.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:23:34 honeypot-fra-1 sshd[31848]: Disconnected from invalid user birthday 178.128.72.150 port 42584 [preauth]","@timestamp":"2022-09-11T09:23:34.903Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:24:10 honeypot-fra-1 sshd[31852]: Disconnected from invalid user katsarov 165.22.45.108 port 48972 [preauth]","@timestamp":"2022-09-11T09:24:10.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:24:46 honeypot-fra-1 sshd[31856]: Disconnected from invalid user blowjob 178.128.72.150 port 54602 [preauth]","@timestamp":"2022-09-11T09:24:46.935Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:25:01 honeypot-ams-1 kernel: [83764887.556253] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.128.119.179 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=25720 DF PROTO=TCP SPT=55678 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T09:25:02.665Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:34 honeypot-fra-1 sshd[31860]: Disconnected from invalid user brain 178.128.72.150 port 53224 [preauth]","@timestamp":"2022-09-11T09:25:34.954Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:58 honeypot-fra-1 sshd[31864]: Disconnected from invalid user camel 178.128.72.150 port 38410 [preauth]","@timestamp":"2022-09-11T09:25:58.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:26:46 honeypot-fra-1 sshd[31868]: Received disconnect from 178.128.72.150 port 37026:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:26:46.987Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:27:33 honeypot-fra-1 sshd[31872]: Received disconnect from 178.128.72.150 port 35632:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:27:34.007Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:28:10 honeypot-fra-1 sshd[31877]: Received disconnect from 159.65.194.58 port 37310:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:28:11.023Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:28:45 honeypot-fra-1 sshd[31881]: Received disconnect from 178.128.72.150 port 47664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:28:46.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:29:33 honeypot-fra-1 sshd[31885]: Received disconnect from 178.128.72.150 port 46278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:29:34.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:30:21 honeypot-fra-1 sshd[31889]: Invalid user rap from 178.128.72.150 port 44882","@timestamp":"2022-09-11T09:30:22.082Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:36:17 honeypot-ams-1 kernel: [83765562.752765] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=113 ID=34006 PROTO=TCP SPT=17692 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:36:17.954Z"}
{"@timestamp":"2022-09-11T09:36:50.548Z","@version":"1","message":"Sep 11 09:36:50 honeypot-sgp-1 sshd[5753]: Invalid user sio from 159.223.217.44 port 45246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T09:39:28.611Z","@version":"1","message":"Sep 11 09:39:27 honeypot-sgp-1 sshd[5758]: Received disconnect from 43.154.77.244 port 33230:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:44:03 honeypot-fra-1 sshd[31896]: Received disconnect from 203.130.255.2 port 60952:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:44:04.386Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:46:31.779Z","@version":"1","message":"Sep 11 09:46:31 honeypot-sgp-1 sshd[5763]: Disconnected from authenticating user root 92.255.85.69 port 36998 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:46:59 honeypot-ams-1 sshd[9845]: Invalid user test from 193.106.191.157 port 52734","@timestamp":"2022-09-11T09:47:00.233Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:48:56 honeypot-fra-1 sshd[31901]: Received disconnect from 92.255.85.69 port 62416:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:48:57.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:52:16 honeypot-fra-1 sshd[31905]: Disconnected from invalid user minecraft 163.172.251.68 port 45680 [preauth]","@timestamp":"2022-09-11T09:52:16.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:52:52 honeypot-fra-1 sshd[31909]: Disconnected from invalid user ftpuser 163.172.251.68 port 15484 [preauth]","@timestamp":"2022-09-11T09:52:52.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:53:28 honeypot-fra-1 sshd[31913]: Disconnected from invalid user test 163.172.251.68 port 41792 [preauth]","@timestamp":"2022-09-11T09:53:28.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:04 honeypot-fra-1 sshd[31917]: Disconnected from invalid user elastic 163.172.251.68 port 11596 [preauth]","@timestamp":"2022-09-11T09:54:04.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:54:12 honeypot-ams-1 kernel: [83766638.112458] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.119.139.16 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=36497 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:54:13.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:39 honeypot-fra-1 sshd[31921]: Disconnected from invalid user test 163.172.251.68 port 37900 [preauth]","@timestamp":"2022-09-11T09:54:39.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:55:15 honeypot-fra-1 sshd[31925]: Disconnected from invalid user teamspeak 163.172.251.68 port 64204 [preauth]","@timestamp":"2022-09-11T09:55:15.652Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:55:47 honeypot-ams-1 sshd[9854]: Disconnected from authenticating user root 139.59.25.164 port 36286 [preauth]","@timestamp":"2022-09-11T09:55:48.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:56:10 honeypot-fra-1 sshd[31932]: Invalid user user from 163.172.251.68 port 47160","@timestamp":"2022-09-11T09:56:10.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:56:35 honeypot-fra-1 kernel: [83764626.265518] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.223.115.11 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61836 PROTO=TCP SPT=49093 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:56:36.686Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:01:13 honeypot-fra-1 sshd[31939]: Disconnected from invalid user centos 139.59.230.111 port 42132 [preauth]","@timestamp":"2022-09-11T10:01:14.815Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:05:08.231Z","@version":"1","message":"Sep 11 10:05:08 honeypot-sgp-1 sshd[5842]: Connection reset by authenticating user root 161.35.86.181 port 35688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:06:58 honeypot-fra-1 sshd[31944]: Received disconnect from 188.226.207.26 port 49122:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:06:59.947Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:07:01 honeypot-ams-1 kernel: [83767407.496286] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.146.75 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=2251 PROTO=TCP SPT=8071 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:07:02.754Z"}
{"@timestamp":"2022-09-11T10:11:07.375Z","@version":"1","message":"Sep 11 10:11:07 honeypot-sgp-1 sshd[5847]: Connection closed by invalid user admin 220.132.210.118 port 36973 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:11:47 honeypot-fra-1 sshd[31950]: Connection closed by invalid user prueba 103.188.176.251 port 58020 [preauth]","@timestamp":"2022-09-11T10:11:48.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:13:15.430Z","@version":"1","message":"Sep 11 10:13:14 honeypot-sgp-1 sshd[5854]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:15:12 honeypot-ams-1 sshd[9863]: Disconnected from authenticating user root 92.255.85.69 port 23230 [preauth]","@timestamp":"2022-09-11T10:15:12.966Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:16:31 honeypot-fra-1 sshd[31960]: Did not receive identification string from 81.169.137.181 port 54424","@timestamp":"2022-09-11T10:16:32.163Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:17:18.532Z","@version":"1","message":"Sep 11 10:17:17 honeypot-sgp-1 sshd[5861]: Received disconnect from 45.61.186.249 port 51184:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:17:39.544Z","@version":"1","message":"Sep 11 10:17:38 honeypot-sgp-1 sshd[5865]: Received disconnect from 45.61.186.249 port 46062:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:17:58.553Z","@version":"1","message":"Sep 11 10:17:57 honeypot-sgp-1 sshd[5870]: Received disconnect from 45.61.186.249 port 40956:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:18:15.561Z","@version":"1","message":"Sep 11 10:18:14 honeypot-sgp-1 sshd[5874]: Received disconnect from 45.61.186.249 port 35844:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:18:15 honeypot-fra-1 sshd[31967]: Invalid user deploy from 81.169.137.181 port 55140","@timestamp":"2022-09-11T10:18:16.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:18:53 honeypot-fra-1 sshd[31971]: Disconnected from authenticating user root 209.141.60.201 port 41680 [preauth]","@timestamp":"2022-09-11T10:18:53.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:19:44 honeypot-fra-1 sshd[31975]: Disconnected from invalid user will 81.169.137.181 port 53676 [preauth]","@timestamp":"2022-09-11T10:19:45.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:21:06 honeypot-fra-1 sshd[31979]: Disconnected from invalid user win 81.169.137.181 port 52236 [preauth]","@timestamp":"2022-09-11T10:21:07.274Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:21:48 honeypot-fra-1 sshd[31984]: Received disconnect from 209.141.60.201 port 55400:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:21:49.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:03 honeypot-fra-1 sshd[31989]: Received disconnect from 81.169.137.181 port 35888:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:23:04.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31995]: Invalid user oracle from 185.209.179.41 port 45176","@timestamp":"2022-09-11T10:23:16.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[32001]: Invalid user esuser from 185.209.179.41 port 45166","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31992]: Connection closed by invalid user ts3srv 185.209.179.41 port 45178 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[32001]: Connection closed by invalid user esuser 185.209.179.41 port 45166 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32020]: Invalid user mysql from 185.209.179.41 port 45202","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32021]: Connection closed by authenticating user root 185.209.179.41 port 45116 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32027]: Connection closed by authenticating user root 185.209.179.41 port 45208 [preauth]","@timestamp":"2022-09-11T10:23:18.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:19 honeypot-fra-1 sshd[32043]: Invalid user ansible from 185.209.179.41 port 45130","@timestamp":"2022-09-11T10:23:20.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:34 honeypot-fra-1 kernel: [83766245.276300] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=17694 PROTO=TCP SPT=57501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:23:35.338Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:24:58 honeypot-fra-1 sshd[32050]: Invalid user view from 81.169.137.181 port 47780","@timestamp":"2022-09-11T10:24:59.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:26:17 honeypot-fra-1 sshd[32056]: Invalid user vftpuser from 81.169.137.181 port 46308","@timestamp":"2022-09-11T10:26:18.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:26:56 honeypot-fra-1 sshd[32058]: Disconnected from authenticating user uucp 81.169.137.181 port 59680 [preauth]","@timestamp":"2022-09-11T10:26:56.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:27:38 honeypot-ams-1 kernel: [83768644.210413] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=16244 PROTO=TCP SPT=12320 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:27:39.294Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:28:13 honeypot-fra-1 sshd[32064]: Disconnected from invalid user vanesa 81.169.137.181 port 58212 [preauth]","@timestamp":"2022-09-11T10:28:14.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:28:52 honeypot-fra-1 sshd[32068]: Disconnected from invalid user vanessa 81.169.137.181 port 43412 [preauth]","@timestamp":"2022-09-11T10:28:52.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:30:11 honeypot-fra-1 sshd[32072]: Disconnected from invalid user usr 81.169.137.181 port 41854 [preauth]","@timestamp":"2022-09-11T10:30:12.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:30:51 honeypot-fra-1 sshd[32076]: Disconnected from invalid user update 81.169.137.181 port 55254 [preauth]","@timestamp":"2022-09-11T10:30:52.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:32:12 honeypot-fra-1 sshd[32080]: Disconnected from invalid user tony 81.169.137.181 port 53786 [preauth]","@timestamp":"2022-09-11T10:32:13.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:34:18 honeypot-fra-1 sshd[32087]: Received disconnect from 206.189.14.223 port 36520:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:34:18.594Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:35:00.955Z","@version":"1","message":"Sep 11 10:35:00 honeypot-sgp-1 sshd[5891]: Invalid user inspur from 103.188.176.251 port 55388","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:36:58 honeypot-fra-1 sshd[32093]: Invalid user paintball from 203.223.191.206 port 46274","@timestamp":"2022-09-11T10:36:59.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:37:57 honeypot-fra-1 sshd[32097]: Disconnected from authenticating user root 61.177.173.47 port 42390 [preauth]","@timestamp":"2022-09-11T10:37:57.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:39:11 honeypot-ams-1 sshd[9886]: Disconnected from invalid user beta 178.128.72.150 port 40808 [preauth]","@timestamp":"2022-09-11T10:39:12.591Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:40:06 honeypot-ams-1 sshd[9890]: Disconnected from invalid user birthday 178.128.72.150 port 44530 [preauth]","@timestamp":"2022-09-11T10:40:07.618Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:41:00 honeypot-ams-1 sshd[9898]: Received disconnect from 178.128.72.150 port 48224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:41:00.644Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:41:27 honeypot-ams-1 sshd[9900]: Disconnected from invalid user blowjob 178.128.72.150 port 35952 [preauth]","@timestamp":"2022-09-11T10:41:27.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:38 honeypot-fra-1 sshd[32105]: Invalid user user from 45.61.186.249 port 42254","@timestamp":"2022-09-11T10:41:38.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:57 honeypot-fra-1 sshd[32110]: Invalid user user from 45.61.186.249 port 37284","@timestamp":"2022-09-11T10:41:58.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:42:14 honeypot-ams-1 sshd[9913]: Disconnected from invalid user gm 178.128.184.213 port 46578 [preauth]","@timestamp":"2022-09-11T10:42:14.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:16 honeypot-fra-1 sshd[32114]: Invalid user user from 45.61.186.249 port 60550","@timestamp":"2022-09-11T10:42:16.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:32 honeypot-fra-1 sshd[32118]: Invalid user user from 45.61.186.249 port 55578","@timestamp":"2022-09-11T10:42:32.790Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:42:47 honeypot-ams-1 sshd[9918]: Disconnected from invalid user camel 178.128.72.150 port 55624 [preauth]","@timestamp":"2022-09-11T10:42:48.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:15 honeypot-ams-1 sshd[9923]: Received disconnect from 163.172.251.68 port 34292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:43:15.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:41 honeypot-ams-1 sshd[9928]: Received disconnect from 178.128.72.150 port 59326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:43:41.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:43:52 honeypot-fra-1 kernel: [83767463.086422] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=58.37.245.113 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=943 DF PROTO=TCP SPT=43619 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:43:52.822Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:02 honeypot-ams-1 sshd[9932]: Received disconnect from 163.172.251.68 port 24882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:44:03.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:19 honeypot-ams-1 sshd[9936]: Received disconnect from 163.172.251.68 port 40578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:44:19.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:36 honeypot-ams-1 sshd[9940]: Received disconnect from 163.172.251.68 port 56284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:44:37.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:02 honeypot-ams-1 sshd[9944]: Received disconnect from 178.128.72.150 port 50730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:45:02.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:29 honeypot-ams-1 sshd[9948]: Received disconnect from 178.128.72.150 port 38508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:45:29.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:46 honeypot-ams-1 sshd[9952]: Invalid user mosquitto from 163.172.251.68 port 62572","@timestamp":"2022-09-11T10:45:46.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:03 honeypot-ams-1 sshd[9956]: Invalid user teamspeak from 163.172.251.68 port 21772","@timestamp":"2022-09-11T10:46:03.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:22 honeypot-ams-1 sshd[9960]: Received disconnect from 178.128.72.150 port 42214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:46:22.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:49 honeypot-ams-1 sshd[9964]: Received disconnect from 178.128.72.150 port 58176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:46:49.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:47:13 honeypot-ams-1 sshd[9968]: Received disconnect from 163.172.251.68 port 28062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:47:14.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:47:43 honeypot-ams-1 sshd[9972]: Received disconnect from 178.128.72.150 port 33642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:47:43.852Z"}
{"@timestamp":"2022-09-11T10:49:38.297Z","@version":"1","message":"Sep 11 10:49:38 honeypot-sgp-1 sshd[5902]: Invalid user fy from 61.82.54.57 port 48032","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:51:55.353Z","@version":"1","message":"Sep 11 10:51:55 honeypot-sgp-1 sshd[5906]: Received disconnect from 178.128.30.95 port 44248:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:53:22 honeypot-ams-1 sshd[9977]: Connection closed by invalid user test 193.106.191.157 port 36396 [preauth]","@timestamp":"2022-09-11T10:53:22.996Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:54:27 honeypot-fra-1 sshd[32128]: Received disconnect from 61.177.173.50 port 24085:11:  [preauth]","@timestamp":"2022-09-11T10:54:28.063Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:33 honeypot-ams-1 sshd[9983]: Invalid user user from 141.255.162.226 port 36828","@timestamp":"2022-09-11T10:54:34.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:35 honeypot-ams-1 sshd[9987]: Invalid user user from 141.255.162.226 port 57812","@timestamp":"2022-09-11T10:54:36.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:40 honeypot-ams-1 sshd[9991]: Invalid user user from 141.255.162.226 port 44848","@timestamp":"2022-09-11T10:54:41.035Z"}
{"@timestamp":"2022-09-11T10:57:23.483Z","@version":"1","message":"Sep 11 10:57:22 honeypot-sgp-1 sshd[5912]: Received disconnect from 92.255.85.70 port 34034:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:00:17 honeypot-ams-1 kernel: [83770602.948542] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=53575 PROTO=TCP SPT=52982 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:00:18.176Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:02:35 honeypot-fra-1 sshd[32133]: Disconnected from authenticating user root 200.111.119.58 port 59582 [preauth]","@timestamp":"2022-09-11T11:02:36.241Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:03:38.649Z","@version":"1","message":"Sep 11 11:03:37 honeypot-sgp-1 sshd[5920]: Disconnected from invalid user user 45.61.187.160 port 50386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:03:55.659Z","@version":"1","message":"Sep 11 11:03:54 honeypot-sgp-1 sshd[5924]: Disconnected from invalid user user 45.61.187.160 port 45180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:04:11.666Z","@version":"1","message":"Sep 11 11:04:11 honeypot-sgp-1 sshd[5928]: Disconnected from invalid user user 45.61.187.160 port 39922 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:04:30 honeypot-fra-1 sshd[32139]: Disconnected from invalid user gregory 20.84.90.26 port 43560 [preauth]","@timestamp":"2022-09-11T11:04:31.285Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:08:44.774Z","@version":"1","message":"Sep 11 11:08:43 honeypot-sgp-1 kernel: [83770637.021713] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.236.73.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24966 PROTO=TCP SPT=43204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:14:35 honeypot-fra-1 sshd[32149]: Received disconnect from 61.177.172.98 port 57188:11:  [preauth]","@timestamp":"2022-09-11T11:14:36.505Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:15:05.923Z","@version":"1","message":"Sep 11 11:15:05 honeypot-sgp-1 sshd[5942]: Disconnected from invalid user gateway 62.204.41.222 port 48222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:15:29 honeypot-fra-1 sshd[32155]: Received disconnect from 61.177.173.47 port 39656:11:  [preauth]","@timestamp":"2022-09-11T11:15:30.530Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:17:01 honeypot-ams-1 CRON[10003]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T11:17:01.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:18:37 honeypot-ams-1 sshd[10008]: Disconnected from authenticating user root 35.246.83.56 port 56664 [preauth]","@timestamp":"2022-09-11T11:18:38.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:09 honeypot-ams-1 sshd[10013]: Received disconnect from 45.61.187.160 port 60728:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:20:09.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:26 honeypot-ams-1 sshd[10017]: Received disconnect from 45.61.187.160 port 55298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:20:26.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:42 honeypot-ams-1 sshd[10021]: Received disconnect from 45.61.187.160 port 49876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:20:42.702Z"}
{"@timestamp":"2022-09-11T11:20:49.061Z","@version":"1","message":"Sep 11 11:20:48 honeypot-sgp-1 sshd[5950]: Received disconnect from 92.255.85.70 port 46438:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:23:21 honeypot-fra-1 sshd[32163]: Received disconnect from 92.255.85.69 port 31298:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:23:21.705Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:24:27 honeypot-ams-1 sshd[10026]: Received disconnect from 107.173.111.206 port 37860:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:24:27.801Z"}
{"@timestamp":"2022-09-11T11:27:02.207Z","@version":"1","message":"Sep 11 11:27:01 honeypot-sgp-1 sshd[5957]: Received disconnect from 61.177.173.47 port 60919:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:27:34 honeypot-fra-1 sshd[32170]: Disconnected from invalid user lyaturinskaya 182.72.16.162 port 42646 [preauth]","@timestamp":"2022-09-11T11:27:34.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:32:42 honeypot-fra-1 sshd[32181]: Received disconnect from 103.66.218.65 port 42918:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:32:42.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:33:52.403Z","@version":"1","message":"Sep 11 11:33:52 honeypot-sgp-1 sshd[5962]: Received disconnect from 61.177.172.19 port 33756:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:36:23 honeypot-ams-1 kernel: [83772768.863071] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.223.59.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55550 PROTO=TCP SPT=56058 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:36:24.109Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:37:39 honeypot-fra-1 sshd[32188]: Invalid user kaystrenko from 165.22.45.108 port 41258","@timestamp":"2022-09-11T11:37:40.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:38:49 honeypot-fra-1 kernel: [83770759.933503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.223.59.166 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=57459 PROTO=TCP SPT=56058 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:38:50.049Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T11:39:35.539Z","@version":"1","message":"Sep 11 11:39:34 honeypot-sgp-1 sshd[5967]: Disconnected from authenticating user root 61.177.173.36 port 36083 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:41:11 honeypot-fra-1 sshd[32199]: Received disconnect from 102.223.92.101 port 34547:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:41:12.104Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:44:11.648Z","@version":"1","message":"Sep 11 11:44:11 honeypot-sgp-1 sshd[5972]: Disconnected from invalid user test2 92.255.85.69 port 38536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:46:35 honeypot-fra-1 sshd[32204]: Received disconnect from 92.255.85.69 port 58866:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:46:36.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:47:54 honeypot-ams-1 kernel: [83773459.921541] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=20375 PROTO=TCP SPT=5270 DPT=80 WINDOW=9836 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:47:55.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:49:43 honeypot-ams-1 sshd[10037]: Disconnected from invalid user test2 92.255.85.70 port 48756 [preauth]","@timestamp":"2022-09-11T11:49:43.461Z"}
{"@timestamp":"2022-09-11T11:52:56.854Z","@version":"1","message":"Sep 11 11:52:56 honeypot-sgp-1 sshd[5979]: Disconnected from invalid user master 60.9.236.192 port 31297 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:54:35.897Z","@version":"1","message":"Sep 11 11:54:35 honeypot-sgp-1 sshd[5984]: Disconnected from 61.177.173.46 port 42218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:55:09 honeypot-fra-1 sshd[32215]: Received disconnect from 61.177.172.124 port 29559:11:  [preauth]","@timestamp":"2022-09-11T11:55:10.413Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:01:00 honeypot-fra-1 kernel: [83772090.663786] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36090 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:01:00.544Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:01:52 honeypot-ams-1 kernel: [83774297.524146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=256 PROTO=TCP SPT=26267 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:01:52.774Z"}
{"@timestamp":"2022-09-11T12:04:19.131Z","@version":"1","message":"Sep 11 12:04:18 honeypot-sgp-1 sshd[5990]: Received disconnect from 61.177.173.36 port 63693:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:04:46.144Z","@version":"1","message":"Sep 11 12:04:45 honeypot-sgp-1 sshd[5995]: Invalid user user from 45.61.186.249 port 42988","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:05.154Z","@version":"1","message":"Sep 11 12:05:04 honeypot-sgp-1 sshd[5999]: Invalid user user from 45.61.186.249 port 37676","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:22.162Z","@version":"1","message":"Sep 11 12:05:22 honeypot-sgp-1 sshd[6003]: Invalid user user from 45.61.186.249 port 60424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:43 honeypot-fra-1 sshd[32225]: Disconnected from invalid user user 141.255.162.226 port 54100 [preauth]","@timestamp":"2022-09-11T12:05:44.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:48 honeypot-fra-1 sshd[32229]: Disconnected from invalid user user 141.255.162.226 port 54148 [preauth]","@timestamp":"2022-09-11T12:05:48.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:50 honeypot-fra-1 sshd[32233]: Disconnected from invalid user user 141.255.162.226 port 32988 [preauth]","@timestamp":"2022-09-11T12:05:50.656Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:07:21.211Z","@version":"1","message":"Sep 11 12:07:21 honeypot-sgp-1 kernel: [83774154.148454] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=91.221.200.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=43241 DF PROTO=TCP SPT=3005 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:10:28 honeypot-fra-1 sshd[32237]: Received disconnect from 165.22.45.108 port 46048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:10:28.761Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:12:37.339Z","@version":"1","message":"Sep 11 12:12:37 honeypot-sgp-1 sshd[6015]: Invalid user admin from 220.134.113.188 port 40308","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:12:56 honeypot-ams-1 sshd[10044]: Disconnected from invalid user test2 92.255.85.69 port 17756 [preauth]","@timestamp":"2022-09-11T12:12:57.066Z"}
{"@timestamp":"2022-09-11T12:14:22.382Z","@version":"1","message":"Sep 11 12:14:21 honeypot-sgp-1 sshd[6019]: Received disconnect from 61.177.172.124 port 50670:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:16:24 honeypot-fra-1 sshd[32244]: Disconnected from authenticating user root 61.177.173.47 port 57145 [preauth]","@timestamp":"2022-09-11T12:16:24.892Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:21:11 honeypot-fra-1 sshd[32252]: Connection closed by invalid user test 193.106.191.157 port 44748 [preauth]","@timestamp":"2022-09-11T12:21:12.000Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:23:23 honeypot-ams-1 sshd[10052]: Received disconnect from 81.169.137.181 port 44814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:23:24.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:24:12 honeypot-ams-1 sshd[10054]: Received disconnect from 81.169.137.181 port 60790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:24:12.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:25:39 honeypot-ams-1 sshd[10058]: Received disconnect from 81.169.137.181 port 36174:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:25:39.402Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:27:01 honeypot-ams-1 sshd[10062]: Received disconnect from 81.169.137.181 port 39812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:27:01.438Z"}
{"@timestamp":"2022-09-11T12:27:55.701Z","@version":"1","message":"Sep 11 12:27:55 honeypot-sgp-1 sshd[6029]: Received disconnect from 61.177.173.47 port 32505:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:19 honeypot-ams-1 sshd[10068]: Invalid user webmaster from 81.169.137.181 port 43464","@timestamp":"2022-09-11T12:28:20.476Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:28:30 honeypot-ams-1 kernel: [83775896.423813] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.117.198.12 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x20 TTL=119 ID=13357 DF PROTO=TCP SPT=57417 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:28:31.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:58 honeypot-ams-1 sshd[10075]: Received disconnect from 81.169.137.181 port 59416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:28:58.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:27 honeypot-ams-1 sshd[10081]: Invalid user admin from 80.76.51.45 port 56080","@timestamp":"2022-09-11T12:29:28.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:44 honeypot-ams-1 sshd[10085]: Invalid user test from 80.76.51.45 port 38794","@timestamp":"2022-09-11T12:29:44.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:59 honeypot-ams-1 sshd[10089]: Disconnected from authenticating user root 80.76.51.45 port 49824 [preauth]","@timestamp":"2022-09-11T12:30:00.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:16 honeypot-ams-1 sshd[10095]: Received disconnect from 81.169.137.181 port 34790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:30:16.542Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:35 honeypot-fra-1 sshd[32261]: Invalid user gateway from 62.204.41.222 port 39441","@timestamp":"2022-09-11T12:30:36.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:45 honeypot-fra-1 sshd[32265]: Disconnected from authenticating user root 62.218.227.178 port 40374 [preauth]","@timestamp":"2022-09-11T12:30:46.218Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:46 honeypot-ams-1 sshd[10101]: Received disconnect from 80.76.51.45 port 54624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:30:46.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:46 honeypot-fra-1 sshd[32271]: Received disconnect from 62.218.227.178 port 40474:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:47.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:47 honeypot-fra-1 sshd[32277]: Received disconnect from 62.218.227.178 port 40538:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:48.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:48 honeypot-fra-1 sshd[32283]: Received disconnect from 62.218.227.178 port 40570:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:49.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:49 honeypot-fra-1 sshd[32289]: Received disconnect from 62.218.227.178 port 40632:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:50.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:50 honeypot-fra-1 sshd[32295]: Received disconnect from 62.218.227.178 port 40668:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:50.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:50 honeypot-fra-1 sshd[32301]: Received disconnect from 62.218.227.178 port 40706:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:51.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:51 honeypot-fra-1 sshd[32307]: Received disconnect from 62.218.227.178 port 40740:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:52.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:52 honeypot-fra-1 sshd[32313]: Received disconnect from 62.218.227.178 port 40770:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:53.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:53 honeypot-fra-1 sshd[32319]: Received disconnect from 62.218.227.178 port 40816:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:54.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:54 honeypot-fra-1 sshd[32325]: Received disconnect from 62.218.227.178 port 40870:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:55.225Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:55 honeypot-fra-1 sshd[32331]: Received disconnect from 62.218.227.178 port 40912:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:56.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:55 honeypot-fra-1 sshd[32335]: Disconnected from invalid user admin 62.218.227.178 port 40986 [preauth]","@timestamp":"2022-09-11T12:30:56.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:56 honeypot-fra-1 sshd[32339]: Disconnected from invalid user admin 62.218.227.178 port 41070 [preauth]","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:57 honeypot-fra-1 sshd[32343]: Disconnected from invalid user admin 62.218.227.178 port 41118 [preauth]","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:57 honeypot-fra-1 sshd[32347]: Disconnected from invalid user admin 62.218.227.178 port 41144 [preauth]","@timestamp":"2022-09-11T12:30:58.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32351]: Disconnected from invalid user admin 62.218.227.178 port 41166 [preauth]","@timestamp":"2022-09-11T12:30:59.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32355]: Disconnected from invalid user user 62.218.227.178 port 41192 [preauth]","@timestamp":"2022-09-11T12:30:59.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:59 honeypot-fra-1 sshd[32361]: Received disconnect from 62.218.227.178 port 41238:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:00.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:00 honeypot-fra-1 sshd[32365]: Received disconnect from 62.218.227.178 port 41264:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:01.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32369]: Received disconnect from 62.218.227.178 port 41286:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:01.229Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:01 honeypot-ams-1 sshd[10105]: Disconnected from authenticating user root 80.76.51.45 port 37320 [preauth]","@timestamp":"2022-09-11T12:31:01.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32373]: Received disconnect from 62.218.227.178 port 41302:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:02 honeypot-fra-1 sshd[32377]: Received disconnect from 62.218.227.178 port 41322:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:02 honeypot-fra-1 sshd[32381]: Received disconnect from 62.218.227.178 port 41340:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:03.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32385]: Received disconnect from 62.218.227.178 port 41360:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32389]: Received disconnect from 62.218.227.178 port 41390:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:04 honeypot-fra-1 sshd[32393]: Received disconnect from 62.218.227.178 port 41416:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:05.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32397]: Received disconnect from 62.218.227.178 port 41436:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:05.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32401]: Received disconnect from 62.218.227.178 port 41502:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:06.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:31 honeypot-ams-1 sshd[10113]: Disconnected from authenticating user root 80.76.51.45 port 59438 [preauth]","@timestamp":"2022-09-11T12:31:32.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:46 honeypot-ams-1 sshd[10117]: Received disconnect from 80.76.51.45 port 42166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:31:47.590Z"}
{"@timestamp":"2022-09-11T12:31:58.799Z","@version":"1","message":"Sep 11 12:31:58 honeypot-sgp-1 sshd[6036]: Received disconnect from 61.177.173.52 port 34324:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:02 honeypot-ams-1 sshd[10121]: Disconnected from invalid user user 80.76.51.45 port 53234 [preauth]","@timestamp":"2022-09-11T12:32:02.597Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:32:22 honeypot-ams-1 kernel: [83776128.365069] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=48948 PROTO=TCP SPT=42094 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:32:23.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:49 honeypot-ams-1 sshd[10130]: Invalid user git from 167.172.152.18 port 37020","@timestamp":"2022-09-11T12:32:49.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:33:15 honeypot-ams-1 sshd[10134]: Invalid user postgres from 167.172.152.18 port 55958","@timestamp":"2022-09-11T12:33:15.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:33:28 honeypot-fra-1 sshd[32405]: Received disconnect from 91.240.118.222 port 24282:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-11T12:33:28.286Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:33:41 honeypot-ams-1 sshd[10138]: Invalid user oracle from 167.172.152.18 port 46612","@timestamp":"2022-09-11T12:33:41.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:07 honeypot-ams-1 sshd[10140]: Disconnected from invalid user gituser 167.172.152.18 port 37342 [preauth]","@timestamp":"2022-09-11T12:34:07.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:32 honeypot-ams-1 sshd[10144]: Disconnected from invalid user odoo 167.172.152.18 port 56258 [preauth]","@timestamp":"2022-09-11T12:34:33.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:58 honeypot-ams-1 sshd[10148]: Disconnected from invalid user ansible 167.172.152.18 port 46942 [preauth]","@timestamp":"2022-09-11T12:34:59.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:35:31 honeypot-ams-1 sshd[10152]: Disconnected from invalid user usr 81.169.137.181 port 49380 [preauth]","@timestamp":"2022-09-11T12:35:32.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:09 honeypot-ams-1 sshd[10156]: Disconnected from authenticating user root 92.255.85.70 port 15984 [preauth]","@timestamp":"2022-09-11T12:36:09.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:14 honeypot-ams-1 sshd[10160]: Disconnected from invalid user ubuntu 167.172.152.18 port 47306 [preauth]","@timestamp":"2022-09-11T12:36:14.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:53 honeypot-ams-1 sshd[10164]: Disconnected from invalid user ubnt 81.169.137.181 port 53082 [preauth]","@timestamp":"2022-09-11T12:36:53.748Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:30 honeypot-ams-1 sshd[10168]: Disconnected from invalid user jenkins 167.172.152.18 port 48020 [preauth]","@timestamp":"2022-09-11T12:37:30.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:55 honeypot-ams-1 sshd[10173]: Disconnected from invalid user debian 167.172.152.18 port 38306 [preauth]","@timestamp":"2022-09-11T12:37:55.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:38:20 honeypot-fra-1 sshd[32416]: Received disconnect from 61.177.172.114 port 33937:11:  [preauth]","@timestamp":"2022-09-11T12:38:21.398Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:38:45 honeypot-ams-1 sshd[10177]: Disconnected from invalid user webadmin 167.172.152.18 port 47788 [preauth]","@timestamp":"2022-09-11T12:38:46.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:39:37 honeypot-ams-1 sshd[10181]: Received disconnect from 167.172.152.18 port 57542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:39:37.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:40:29 honeypot-ams-1 sshd[10185]: Received disconnect from 167.172.152.18 port 38942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:40:29.856Z"}
{"@timestamp":"2022-09-11T12:40:39.005Z","@version":"1","message":"Sep 11 12:40:38 honeypot-sgp-1 sshd[6046]: Disconnected from invalid user stephan 191.34.74.55 port 42230 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:41:02 honeypot-ams-1 sshd[10189]: Received disconnect from 187.230.139.33 port 42607:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:41:02.873Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:43:37 honeypot-fra-1 sshd[32421]: Disconnected from invalid user kbng 165.22.45.108 port 50836 [preauth]","@timestamp":"2022-09-11T12:43:37.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:44:10.093Z","@version":"1","message":"Sep 11 12:44:09 honeypot-sgp-1 sshd[6051]: Disconnected from invalid user postgres 179.189.19.64 port 36631 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:49:46 honeypot-ams-1 sshd[10195]: Invalid user support from 219.92.230.70 port 48618","@timestamp":"2022-09-11T12:49:47.104Z"}
{"@timestamp":"2022-09-11T12:54:26.344Z","@version":"1","message":"Sep 11 12:54:25 honeypot-sgp-1 sshd[6063]: Received disconnect from 92.255.85.69 port 28910:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:57:21 honeypot-fra-1 sshd[32435]: Received disconnect from 61.177.173.37 port 23368:11:  [preauth]","@timestamp":"2022-09-11T12:57:21.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:57:39 honeypot-fra-1 kernel: [83775489.314429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=61104 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:57:39.852Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:59:41 honeypot-ams-1 kernel: [83777766.976820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=82.102.173.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=247 ID=29772 PROTO=TCP SPT=53683 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:59:42.365Z"}
{"@timestamp":"2022-09-11T13:03:06.551Z","@version":"1","message":"Sep 11 13:03:05 honeypot-sgp-1 kernel: [83777498.680433] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=39874 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:09:17.699Z","@version":"1","message":"Sep 11 13:09:16 honeypot-sgp-1 sshd[6076]: Connection closed by invalid user user1 103.188.176.251 port 56842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:12:42 honeypot-ams-1 sshd[10225]: Invalid user facai from 221.195.49.78 port 24498","@timestamp":"2022-09-11T13:12:42.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:13:00 honeypot-fra-1 sshd[32445]: Received disconnect from 61.177.173.46 port 27712:11:  [preauth]","@timestamp":"2022-09-11T13:13:01.194Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:16:37 honeypot-fra-1 sshd[32451]: Invalid user kbuye from 165.22.45.108 port 57694","@timestamp":"2022-09-11T13:16:37.276Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:17:03 honeypot-ams-1 sshd[10231]: Bad protocol version identification 'MGLNDD_178.62.254.91_22' from 192.241.212.100 port 42306","@timestamp":"2022-09-11T13:17:03.863Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:18:26 honeypot-fra-1 sshd[32457]: Received disconnect from 61.177.173.36 port 14268:11:  [preauth]","@timestamp":"2022-09-11T13:18:27.321Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:18:47.926Z","@version":"1","message":"Sep 11 13:18:47 honeypot-sgp-1 sshd[6086]: Disconnected from authenticating user root 92.255.85.70 port 59344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:19:01 honeypot-fra-1 sshd[32462]: Disconnected from authenticating user root 89.97.218.142 port 46048 [preauth]","@timestamp":"2022-09-11T13:19:02.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:21:04 honeypot-fra-1 sshd[32468]: Received disconnect from 92.255.85.69 port 61590:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:21:05.385Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:22:44.021Z","@version":"1","message":"Sep 11 13:22:43 honeypot-sgp-1 sshd[6099]: Received disconnect from 141.255.162.226 port 45546:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:22:46.022Z","@version":"1","message":"Sep 11 13:22:45 honeypot-sgp-1 sshd[6102]: Disconnected from invalid user user 141.255.162.226 port 52400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:32 honeypot-ams-1 sshd[10237]: Disconnected from invalid user user 45.61.186.169 port 36640 [preauth]","@timestamp":"2022-09-11T13:23:33.029Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:52 honeypot-ams-1 sshd[10241]: Disconnected from invalid user user 45.61.186.169 port 59674 [preauth]","@timestamp":"2022-09-11T13:23:53.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:12 honeypot-ams-1 sshd[10246]: Disconnected from invalid user user 45.61.186.169 port 54470 [preauth]","@timestamp":"2022-09-11T13:24:13.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:29 honeypot-ams-1 sshd[10250]: Disconnected from invalid user user 45.61.186.169 port 49270 [preauth]","@timestamp":"2022-09-11T13:24:30.062Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:27:14 honeypot-fra-1 sshd[32475]: Connection closed by invalid user test 193.106.191.157 port 56516 [preauth]","@timestamp":"2022-09-11T13:27:14.550Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:29:17.178Z","@version":"1","message":"Sep 11 13:29:16 honeypot-sgp-1 kernel: [83779069.739310] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.162.167.216 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=21277 PROTO=TCP SPT=38829 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:30.212Z","@version":"1","message":"Sep 11 13:30:29 honeypot-sgp-1 sshd[6116]: Invalid user user from 45.61.184.204 port 40436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:50.221Z","@version":"1","message":"Sep 11 13:30:49 honeypot-sgp-1 sshd[6120]: Invalid user user from 45.61.184.204 port 35444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:31:07.229Z","@version":"1","message":"Sep 11 13:31:06 honeypot-sgp-1 sshd[6124]: Invalid user user from 45.61.184.204 port 58690","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:34:59.322Z","@version":"1","message":"Sep 11 13:34:58 honeypot-sgp-1 kernel: [83779411.649411] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.95.15 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47733 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:35:21 honeypot-fra-1 sshd[32487]: Invalid user mpiuser from 104.248.159.207 port 19096","@timestamp":"2022-09-11T13:35:21.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:13 honeypot-ams-1 sshd[10257]: Invalid user user from 45.61.184.204 port 56488","@timestamp":"2022-09-11T13:36:14.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:31 honeypot-ams-1 sshd[10261]: Invalid user user from 45.61.184.204 port 51870","@timestamp":"2022-09-11T13:36:32.370Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:36:43 honeypot-ams-1 kernel: [83779989.184415] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.118.88 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34887 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:36:44.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:36:52 honeypot-fra-1 kernel: [83777842.589342] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.213.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40217 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:36:52.763Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:59 honeypot-ams-1 sshd[10267]: Disconnected from invalid user user 45.61.184.204 port 59058 [preauth]","@timestamp":"2022-09-11T13:36:59.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:40:26 honeypot-ams-1 sshd[10272]: Received disconnect from 137.184.90.200 port 34684:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:40:27.478Z"}
{"@timestamp":"2022-09-11T13:43:29.527Z","@version":"1","message":"Sep 11 13:43:28 honeypot-sgp-1 sshd[6140]: Invalid user wj from 180.168.192.126 port 59533","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:45:20 honeypot-fra-1 sshd[32500]: Received disconnect from 92.255.85.69 port 57736:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:45:20.952Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:47:00.612Z","@version":"1","message":"Sep 11 13:46:59 honeypot-sgp-1 sshd[6145]: Disconnected from invalid user test 179.107.34.178 port 21134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:49:58 honeypot-fra-1 sshd[32507]: Invalid user kdkim from 165.22.45.108 port 34460","@timestamp":"2022-09-11T13:49:59.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:51:49.730Z","@version":"1","message":"Sep 11 13:51:49 honeypot-sgp-1 sshd[6152]: Received disconnect from 14.63.162.98 port 51671:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:54:05 honeypot-ams-1 kernel: [83781031.284463] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.180.105.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=34046 PROTO=TCP SPT=15289 DPT=80 WINDOW=53282 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:54:06.838Z"}
{"@timestamp":"2022-09-11T13:54:49.807Z","@version":"1","message":"Sep 11 13:54:48 honeypot-sgp-1 kernel: [83780601.763542] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=14169 PROTO=TCP SPT=42993 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:58:44 honeypot-ams-1 sshd[10279]: Disconnected from authenticating user root 43.155.104.6 port 47880 [preauth]","@timestamp":"2022-09-11T13:58:44.959Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:01:09 honeypot-ams-1 kernel: [83781454.672512] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.187.167.133 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=3072 DF PROTO=TCP SPT=46199 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:01:10.027Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:02:03 honeypot-fra-1 kernel: [83779353.805175] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=134.209.233.125 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=64651 DF PROTO=TCP SPT=60546 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:02:04.323Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:17 honeypot-fra-1 sshd[32524]: Received disconnect from 45.61.184.204 port 45054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:06:18.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:36 honeypot-fra-1 sshd[32528]: Received disconnect from 45.61.184.204 port 40058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:06:37.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:56 honeypot-fra-1 sshd[32533]: Received disconnect from 45.61.184.204 port 35058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:06:56.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:07:14 honeypot-fra-1 sshd[32537]: Received disconnect from 45.61.184.204 port 58290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:07:15.448Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:08:44 honeypot-fra-1 sshd[32541]: Received disconnect from 92.255.85.70 port 30900:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:08:44.483Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:08:55.148Z","@version":"1","message":"Sep 11 14:08:54 honeypot-sgp-1 sshd[6171]: Received disconnect from 61.177.173.53 port 11013:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:09:14 honeypot-ams-1 kernel: [83781940.095744] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.200.118.49 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=42367 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:09:15.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:10:17 honeypot-fra-1 sshd[32547]: Received disconnect from 122.176.119.202 port 53280:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:10:17.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:11:29 honeypot-ams-1 sshd[10292]: Disconnected from invalid user flt 104.248.116.140 port 39350 [preauth]","@timestamp":"2022-09-11T14:11:29.317Z"}
{"@timestamp":"2022-09-11T14:15:01.294Z","@version":"1","message":"Sep 11 14:15:01 honeypot-sgp-1 sshd[6178]: Received disconnect from 61.177.173.46 port 59434:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:15:26 honeypot-fra-1 kernel: [83780156.230300] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.212.183 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35835 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:15:26.637Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:17:56 honeypot-ams-1 kernel: [83782461.588100] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=30588 PROTO=TCP SPT=45326 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:17:56.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:19:37 honeypot-ams-1 sshd[10302]: Disconnected from invalid user tomcat7 91.240.118.222 port 57546 [preauth]","@timestamp":"2022-09-11T14:19:38.536Z"}
{"@timestamp":"2022-09-11T14:20:18.423Z","@version":"1","message":"Sep 11 14:20:18 honeypot-sgp-1 kernel: [83782131.176231] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.204.217.228 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=64108 DF PROTO=TCP SPT=37311 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:20:35 honeypot-fra-1 kernel: [83780464.984745] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.156.209 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=26641 DF PROTO=TCP SPT=52642 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T14:20:35.754Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:24:24 honeypot-fra-1 sshd[32567]: Received disconnect from 61.177.173.46 port 47126:11:  [preauth]","@timestamp":"2022-09-11T14:24:24.839Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:31:10 honeypot-fra-1 kernel: [83781100.840230] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48753 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:31:10.991Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T14:32:56.728Z","@version":"1","message":"Sep 11 14:32:56 honeypot-sgp-1 sshd[6195]: Received disconnect from 61.177.172.19 port 12292:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:32:57 honeypot-fra-1 sshd[32578]: Invalid user test from 193.106.191.157 port 40022","@timestamp":"2022-09-11T14:32:58.035Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:51 honeypot-ams-1 sshd[10308]: Disconnected from authenticating user root 182.105.189.1 port 39918 [preauth]","@timestamp":"2022-09-11T14:33:51.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:59 honeypot-ams-1 sshd[10314]: Received disconnect from 182.105.189.1 port 40110:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:33:59.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:07 honeypot-ams-1 sshd[10320]: Received disconnect from 182.105.189.1 port 40297:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:07.924Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:15 honeypot-ams-1 sshd[10326]: Received disconnect from 182.105.189.1 port 40516:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:15.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:21 honeypot-ams-1 sshd[10332]: Received disconnect from 182.105.189.1 port 40684:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:21.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:28 honeypot-ams-1 sshd[10338]: Received disconnect from 182.105.189.1 port 40839:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:28.987Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:28 honeypot-fra-1 sshd[32584]: Disconnected from invalid user user 45.61.184.204 port 45846 [preauth]","@timestamp":"2022-09-11T14:34:29.072Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:34 honeypot-ams-1 sshd[10344]: Received disconnect from 182.105.189.1 port 41019:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:34.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:43 honeypot-ams-1 sshd[10350]: Received disconnect from 182.105.189.1 port 41206:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:43.997Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:49 honeypot-fra-1 sshd[32588]: Disconnected from invalid user user 45.61.184.204 port 41446 [preauth]","@timestamp":"2022-09-11T14:34:50.082Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:51 honeypot-ams-1 sshd[10356]: Received disconnect from 182.105.189.1 port 41397:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:52.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:57 honeypot-ams-1 sshd[10362]: Received disconnect from 182.105.189.1 port 41584:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:34:58.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:02 honeypot-ams-1 sshd[10368]: Received disconnect from 182.105.189.1 port 41690:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:03.009Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:35:08 honeypot-fra-1 sshd[32592]: Disconnected from invalid user user 45.61.184.204 port 37044 [preauth]","@timestamp":"2022-09-11T14:35:09.090Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:10 honeypot-ams-1 sshd[10374]: Received disconnect from 182.105.189.1 port 41900:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:11.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:17 honeypot-ams-1 sshd[10380]: Invalid user admin from 182.105.189.1 port 42082","@timestamp":"2022-09-11T14:35:18.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:23 honeypot-ams-1 sshd[10384]: Invalid user admin from 182.105.189.1 port 42256","@timestamp":"2022-09-11T14:35:24.039Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:35:27 honeypot-fra-1 sshd[32596]: Disconnected from invalid user user 45.61.184.204 port 60878 [preauth]","@timestamp":"2022-09-11T14:35:27.099Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:29 honeypot-ams-1 sshd[10388]: Invalid user admin from 182.105.189.1 port 42406","@timestamp":"2022-09-11T14:35:30.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:33 honeypot-ams-1 sshd[10392]: Invalid user admin from 182.105.189.1 port 42507","@timestamp":"2022-09-11T14:35:34.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:37 honeypot-ams-1 sshd[10396]: Invalid user admin from 182.105.189.1 port 42602","@timestamp":"2022-09-11T14:35:38.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:41 honeypot-ams-1 sshd[10400]: Invalid user user from 182.105.189.1 port 42705","@timestamp":"2022-09-11T14:35:42.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:46 honeypot-ams-1 sshd[10404]: Disconnected from authenticating user root 182.105.189.1 port 42812 [preauth]","@timestamp":"2022-09-11T14:35:47.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:51 honeypot-ams-1 sshd[10408]: Disconnected from invalid user pi 182.105.189.1 port 42919 [preauth]","@timestamp":"2022-09-11T14:35:52.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:56 honeypot-ams-1 sshd[10412]: Disconnected from invalid user ethos 182.105.189.1 port 43049 [preauth]","@timestamp":"2022-09-11T14:35:57.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:04 honeypot-ams-1 sshd[10416]: Disconnected from invalid user miner 182.105.189.1 port 43180 [preauth]","@timestamp":"2022-09-11T14:36:05.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:08 honeypot-ams-1 sshd[10420]: Disconnected from invalid user volumio 182.105.189.1 port 43372 [preauth]","@timestamp":"2022-09-11T14:36:09.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:17 honeypot-ams-1 sshd[10424]: Disconnected from invalid user nagios 182.105.189.1 port 43549 [preauth]","@timestamp":"2022-09-11T14:36:18.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:21 honeypot-ams-1 sshd[10428]: Disconnected from invalid user vagrant 182.105.189.1 port 43682 [preauth]","@timestamp":"2022-09-11T14:36:22.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:25 honeypot-ams-1 sshd[10432]: Disconnected from invalid user debian 182.105.189.1 port 43784 [preauth]","@timestamp":"2022-09-11T14:36:26.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:32 honeypot-ams-1 sshd[10436]: Disconnected from invalid user debian 182.105.189.1 port 43951 [preauth]","@timestamp":"2022-09-11T14:36:33.082Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:38 honeypot-ams-1 sshd[10440]: Disconnected from invalid user alarm 182.105.189.1 port 44060 [preauth]","@timestamp":"2022-09-11T14:36:39.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:44 honeypot-ams-1 sshd[10444]: Disconnected from invalid user test 182.105.189.1 port 44216 [preauth]","@timestamp":"2022-09-11T14:36:44.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:49 honeypot-ams-1 sshd[10448]: Disconnected from invalid user cirros 182.105.189.1 port 44366 [preauth]","@timestamp":"2022-09-11T14:36:50.095Z"}
{"@timestamp":"2022-09-11T14:38:40.870Z","@version":"1","message":"Sep 11 14:38:40 honeypot-sgp-1 sshd[6200]: Did not receive identification string from 134.209.44.233 port 34881","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:18 honeypot-ams-1 sshd[10454]: Received disconnect from 45.61.186.49 port 47604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:44:19.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:27 honeypot-ams-1 sshd[10458]: Received disconnect from 45.61.186.49 port 59112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:44:28.289Z"}
{"@timestamp":"2022-09-11T14:45:19.046Z","@version":"1","message":"Sep 11 14:45:18 honeypot-sgp-1 sshd[6208]: Received disconnect from 49.247.22.240 port 43610:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T14:49:12.141Z","@version":"1","message":"Sep 11 14:49:12 honeypot-sgp-1 kernel: [83783864.839392] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=41397 PROTO=TCP SPT=47532 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:51:05 honeypot-fra-1 sshd[32604]: Received disconnect from 61.177.172.124 port 62864:11:  [preauth]","@timestamp":"2022-09-11T14:51:06.444Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:53:22.243Z","@version":"1","message":"Sep 11 14:53:22 honeypot-sgp-1 kernel: [83784114.928971] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=51601 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:54:13 honeypot-fra-1 sshd[32611]: Disconnected from authenticating user root 61.177.173.36 port 23179 [preauth]","@timestamp":"2022-09-11T14:54:13.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:56:36 honeypot-fra-1 kernel: [83782625.908066] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.176 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=29135 PROTO=TCP SPT=52893 DPT=636 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:56:36.573Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:58:14 honeypot-ams-1 sshd[10462]: Received disconnect from 92.255.85.69 port 28162:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:58:15.646Z"}
{"@timestamp":"2022-09-11T15:01:25.436Z","@version":"1","message":"Sep 11 15:01:25 honeypot-sgp-1 sshd[6225]: Received disconnect from 45.61.186.249 port 37472:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:01:45.447Z","@version":"1","message":"Sep 11 15:01:44 honeypot-sgp-1 sshd[6231]: Received disconnect from 45.61.186.249 port 60436:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:02:03.456Z","@version":"1","message":"Sep 11 15:02:02 honeypot-sgp-1 sshd[6235]: Received disconnect from 45.61.186.249 port 55124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:02:20.465Z","@version":"1","message":"Sep 11 15:02:20 honeypot-sgp-1 sshd[6239]: Received disconnect from 45.61.186.249 port 49836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:03:19 honeypot-fra-1 kernel: [83783029.176412] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=223.88.126.89 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=32160 DF PROTO=TCP SPT=26497 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:03:19.726Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:04:27 honeypot-ams-1 sshd[10467]: Disconnected from invalid user ri 154.92.19.8 port 34942 [preauth]","@timestamp":"2022-09-11T15:04:27.806Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:05:47 honeypot-fra-1 sshd[32628]: Received disconnect from 61.177.172.19 port 10103:11:  [preauth]","@timestamp":"2022-09-11T15:05:47.783Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:07:43.613Z","@version":"1","message":"Sep 11 15:07:42 honeypot-sgp-1 sshd[6246]: Disconnected from invalid user ubnt 152.179.67.70 port 3463 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:08:39 honeypot-ams-1 sshd[10471]: Invalid user guest from 67.204.24.218 port 35108","@timestamp":"2022-09-11T15:08:39.921Z"}
{"@timestamp":"2022-09-11T15:10:37.684Z","@version":"1","message":"Sep 11 15:10:36 honeypot-sgp-1 sshd[6253]: Disconnected from authenticating user root 61.177.173.49 port 24609 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:14:41 honeypot-fra-1 sshd[32636]: Did not receive identification string from 218.28.90.142 port 58056","@timestamp":"2022-09-11T15:14:41.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:15:51.809Z","@version":"1","message":"Sep 11 15:15:50 honeypot-sgp-1 sshd[6259]: Disconnected from authenticating user root 92.255.85.70 port 47476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:17:01 honeypot-fra-1 CRON[32642]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T15:17:02.034Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:17:01 honeypot-ams-1 CRON[10477]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T15:17:02.135Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:21:16 honeypot-ams-1 kernel: [83786262.316438] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.180.105.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=28742 PROTO=TCP SPT=15289 DPT=80 WINDOW=53282 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:21:17.249Z"}
{"@timestamp":"2022-09-11T15:24:01.006Z","@version":"1","message":"Sep 11 15:24:00 honeypot-sgp-1 kernel: [83785953.254418] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=1503 PROTO=TCP SPT=49732 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:24:25 honeypot-fra-1 sshd[32652]: Bad protocol version identification '\\026\\003\\001' from 106.75.227.154 port 39216","@timestamp":"2022-09-11T15:24:26.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:25:05 honeypot-ams-1 sshd[10485]: Disconnected from authenticating user root 157.230.37.156 port 43480 [preauth]","@timestamp":"2022-09-11T15:25:05.349Z"}
{"@timestamp":"2022-09-11T15:27:17.088Z","@version":"1","message":"Sep 11 15:27:16 honeypot-sgp-1 sshd[6269]: Disconnected from authenticating user root 61.177.173.39 port 32118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:29:02 honeypot-fra-1 kernel: [83784571.914207] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=59870 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:29:02.306Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:31:03 honeypot-fra-1 kernel: [83784693.387158] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=44297 PROTO=TCP SPT=49732 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:31:04.370Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T15:35:41.291Z","@version":"1","message":"Sep 11 15:35:41 honeypot-sgp-1 kernel: [83786653.812572] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.118.53.211 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=23570 PROTO=TCP SPT=41475 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:36:17 honeypot-ams-1 sshd[10561]: Received disconnect from 84.52.103.234 port 41848:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:36:17.635Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:38:34 honeypot-fra-1 sshd[32667]: Disconnected from authenticating user root 61.177.172.19 port 55778 [preauth]","@timestamp":"2022-09-11T15:38:34.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:39:15 honeypot-fra-1 sshd[32673]: Disconnected from authenticating user root 46.101.38.229 port 38802 [preauth]","@timestamp":"2022-09-11T15:39:15.558Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:42:10.444Z","@version":"1","message":"Sep 11 15:42:09 honeypot-sgp-1 kernel: [83787042.746006] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.141.36 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64621 PROTO=TCP SPT=17823 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:42:16 honeypot-fra-1 sshd[32678]: Disconnected from authenticating user root 92.255.85.69 port 47070 [preauth]","@timestamp":"2022-09-11T15:42:16.626Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:44:05 honeypot-ams-1 sshd[10566]: Connection closed by 167.248.133.117 port 39502 [preauth]","@timestamp":"2022-09-11T15:44:05.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:46:28 honeypot-fra-1 sshd[32685]: Received disconnect from 119.73.179.114 port 24133:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:46:29.722Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:48:05.588Z","@version":"1","message":"Sep 11 15:48:05 honeypot-sgp-1 kernel: [83787397.968489] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=40339 PROTO=TCP SPT=51266 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:48:33 honeypot-fra-1 sshd[32689]: Disconnected from authenticating user root 61.177.173.36 port 58985 [preauth]","@timestamp":"2022-09-11T15:48:34.770Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:49:05.614Z","@version":"1","message":"Sep 11 15:49:05 honeypot-sgp-1 kernel: [83787457.820981] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=12324 PROTO=TCP SPT=51266 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:50:07 honeypot-ams-1 kernel: [83787992.422244] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.219.36.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=50996 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:50:07.992Z"}
{"@timestamp":"2022-09-11T15:57:04.802Z","@version":"1","message":"Sep 11 15:57:04 honeypot-sgp-1 sshd[6303]: Received disconnect from 61.177.173.49 port 56762:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:57:45 honeypot-ams-1 kernel: [83788451.247738] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=14733 PROTO=TCP SPT=41106 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:57:46.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:57:54 honeypot-fra-1 sshd[32695]: Disconnected from authenticating user root 61.177.173.35 port 50797 [preauth]","@timestamp":"2022-09-11T15:57:54.991Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T16:02:06.922Z","@version":"1","message":"Sep 11 16:02:06 honeypot-sgp-1 sshd[6311]: Disconnected from invalid user tomcat 143.110.179.172 port 39070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:05:38 honeypot-ams-1 kernel: [83788923.625833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=31.220.1.83 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=49912 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:05:38.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:06:22 honeypot-fra-1 sshd[32700]: Received disconnect from 92.255.85.70 port 35080:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:06:23.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:08:31 honeypot-ams-1 sshd[10582]: Disconnected from authenticating user root 92.255.85.69 port 26594 [preauth]","@timestamp":"2022-09-11T16:08:31.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:15:04 honeypot-ams-1 sshd[10587]: Disconnected from authenticating user root 87.255.193.50 port 42478 [preauth]","@timestamp":"2022-09-11T16:15:04.646Z"}
{"@timestamp":"2022-09-11T16:17:02.295Z","@version":"1","message":"Sep 11 16:17:01 honeypot-sgp-1 CRON[6319]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:17:01 honeypot-fra-1 CRON[32705]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T16:17:02.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:24:49 honeypot-ams-1 kernel: [83790074.799289] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52788 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:24:49.906Z"}
{"@timestamp":"2022-09-11T16:27:10.540Z","@version":"1","message":"Sep 11 16:27:10 honeypot-sgp-1 sshd[6329]: Received disconnect from 92.255.85.70 port 37136:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:29:25 honeypot-fra-1 sshd[32713]: Received disconnect from 92.255.85.70 port 60092:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:29:26.727Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T16:34:42.718Z","@version":"1","message":"Sep 11 16:34:42 honeypot-sgp-1 sshd[6334]: Invalid user ubnt from 187.216.90.114 port 56534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:36:36 honeypot-fra-1 sshd[32716]: Invalid user kelly from 165.22.45.108 port 59448","@timestamp":"2022-09-11T16:36:36.888Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T16:41:42.885Z","@version":"1","message":"Sep 11 16:41:42 honeypot-sgp-1 sshd[6337]: Disconnected from invalid user ubuntu 204.131.249.226 port 60104 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T16:43:09.922Z","@version":"1","message":"Sep 11 16:43:09 honeypot-sgp-1 sshd[6341]: Disconnected from invalid user sinusbot 182.253.141.117 port 51358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:45:36 honeypot-ams-1 kernel: [83791321.387611] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.25.105.56 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=30446 PROTO=TCP SPT=8005 DPT=443 WINDOW=33516 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:45:36.475Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:50:16 honeypot-ams-1 sshd[10601]: Disconnected from invalid user admin 178.128.16.206 port 56076 [preauth]","@timestamp":"2022-09-11T16:50:16.602Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:53:30 honeypot-fra-1 sshd[32722]: Received disconnect from 92.255.85.70 port 63612:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:53:31.259Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:56:51 honeypot-ams-1 sshd[10606]: Received disconnect from 92.46.126.30 port 41694:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:56:51.778Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:57:10 honeypot-ams-1 kernel: [83792015.405837] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.62.170.160 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=64469 DF PROTO=TCP SPT=2135 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:57:10.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:01:04 honeypot-fra-1 sshd[32725]: Bad protocol version identification 'GET / HTTP/1.1' from 139.59.234.70 port 42042","@timestamp":"2022-09-11T17:01:05.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:38 honeypot-fra-1 sshd[32730]: Disconnected from invalid user user 141.255.162.226 port 46320 [preauth]","@timestamp":"2022-09-11T17:02:38.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:44 honeypot-fra-1 sshd[32734]: Disconnected from invalid user user 141.255.162.226 port 46234 [preauth]","@timestamp":"2022-09-11T17:02:44.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:03:07 honeypot-fra-1 kernel: [83790216.902989] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=38747 PROTO=TCP SPT=55329 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:03:07.480Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:03:57.411Z","@version":"1","message":"Sep 11 17:03:57 honeypot-sgp-1 sshd[6352]: Received disconnect from 200.68.60.130 port 45348:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:04:09 honeypot-ams-1 sshd[10611]: Received disconnect from 159.223.164.107 port 37390:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:04:09.977Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:06:44 honeypot-fra-1 sshd[32744]: Received disconnect from 45.61.186.169 port 40906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:06:45.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:02 honeypot-fra-1 sshd[32748]: Received disconnect from 45.61.186.169 port 35920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:07:02.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:17 honeypot-fra-1 sshd[32752]: Received disconnect from 45.61.186.169 port 59180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:07:18.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:09:01 honeypot-fra-1 CRON[32756]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T17:09:01.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:10:14 honeypot-fra-1 kernel: [83790643.722283] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=1520 PROTO=TCP SPT=55891 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:10:14.652Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:12:28.613Z","@version":"1","message":"Sep 11 17:12:27 honeypot-sgp-1 sshd[6359]: Received disconnect from 200.68.60.130 port 45647:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:25.639Z","@version":"1","message":"Sep 11 17:13:25 honeypot-sgp-1 sshd[6364]: Invalid user user from 45.61.187.160 port 37572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:44.648Z","@version":"1","message":"Sep 11 17:13:44 honeypot-sgp-1 sshd[6368]: Invalid user user from 45.61.187.160 port 60534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:14:02.658Z","@version":"1","message":"Sep 11 17:14:01 honeypot-sgp-1 sshd[6372]: Invalid user user from 45.61.187.160 port 55256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:14:10.662Z","@version":"1","message":"Sep 11 17:14:10 honeypot-sgp-1 sshd[6377]: Invalid user test2 from 92.255.85.69 port 15680","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:14:34 honeypot-ams-1 kernel: [83793059.512171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=54837 PROTO=TCP SPT=39458 DPT=80 WINDOW=17122 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:14:34.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:42 honeypot-ams-1 sshd[10621]: Disconnected from invalid user user 45.61.186.49 port 50534 [preauth]","@timestamp":"2022-09-11T17:14:43.251Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:14:54 honeypot-fra-1 sshd[747]: Invalid user ftpuser from 35.219.62.194 port 44798","@timestamp":"2022-09-11T17:14:55.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:15:19 honeypot-ams-1 kernel: [83793105.182539] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=45830 PROTO=TCP SPT=53947 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:15:20.269Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:17:01 honeypot-fra-1 CRON[752]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T17:17:01.803Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:19:00 honeypot-ams-1 sshd[10630]: Disconnected from invalid user test2 92.255.85.69 port 32550 [preauth]","@timestamp":"2022-09-11T17:19:00.366Z"}
{"@timestamp":"2022-09-11T17:19:22.785Z","@version":"1","message":"Sep 11 17:19:22 honeypot-sgp-1 sshd[6383]: Received disconnect from 165.227.84.172 port 47210:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:27:55.986Z","@version":"1","message":"Sep 11 17:27:55 honeypot-sgp-1 sshd[6388]: Invalid user wry from 137.116.144.39 port 57786","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:30:23 honeypot-ams-1 sshd[10637]: Did not receive identification string from 45.61.187.160 port 47914","@timestamp":"2022-09-11T17:30:24.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:30:56 honeypot-fra-1 sshd[756]: Invalid user admin from 128.199.160.207 port 57010","@timestamp":"2022-09-11T17:30:57.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:30:59 honeypot-fra-1 sshd[762]: Invalid user admin from 128.199.160.207 port 57032","@timestamp":"2022-09-11T17:30:59.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:30:58 honeypot-ams-1 sshd[10641]: Disconnected from invalid user user 45.61.187.160 port 47514 [preauth]","@timestamp":"2022-09-11T17:30:59.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:20 honeypot-ams-1 sshd[10645]: Disconnected from invalid user user 45.61.187.160 port 42672 [preauth]","@timestamp":"2022-09-11T17:31:20.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:38 honeypot-ams-1 sshd[10649]: Disconnected from invalid user user 45.61.187.160 port 37834 [preauth]","@timestamp":"2022-09-11T17:31:38.701Z"}
{"@timestamp":"2022-09-11T17:35:59.176Z","@version":"1","message":"Sep 11 17:35:59 honeypot-sgp-1 sshd[6395]: Unable to negotiate with 41.86.17.229 port 57423: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:38:21 honeypot-fra-1 sshd[765]: Received disconnect from 51.83.71.70 port 60804:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:38:22.277Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:40:28 honeypot-ams-1 sshd[10654]: Received disconnect from 177.68.156.24 port 19581:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:40:28.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:41:23 honeypot-fra-1 sshd[770]: Disconnected from authenticating user root 103.3.247.120 port 48006 [preauth]","@timestamp":"2022-09-11T17:41:23.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:42:26 honeypot-ams-1 sshd[10658]: Disconnected from authenticating user root 75.30.64.54 port 55812 [preauth]","@timestamp":"2022-09-11T17:42:26.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:45:56 honeypot-ams-1 sshd[10663]: Received disconnect from 147.182.247.29 port 41136:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:45:57.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:47:14 honeypot-fra-1 sshd[775]: Disconnected from invalid user admin 101.36.108.12 port 59054 [preauth]","@timestamp":"2022-09-11T17:47:15.476Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:50:23.527Z","@version":"1","message":"Sep 11 17:50:22 honeypot-sgp-1 sshd[6400]: Connection closed by invalid user admin 178.128.125.205 port 31284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:50:23.527Z","@version":"1","message":"Sep 11 17:50:22 honeypot-sgp-1 sshd[6406]: Connection closed by invalid user admin 178.128.125.205 port 31310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:51:06 honeypot-ams-1 kernel: [83795251.587729] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.251.9.244 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=50 ID=31189 DF PROTO=TCP SPT=60215 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:51:07.207Z"}
{"@timestamp":"2022-09-11T17:53:28.604Z","@version":"1","message":"Sep 11 17:53:28 honeypot-sgp-1 sshd[6412]: Received disconnect from 147.182.188.81 port 58288:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:07 honeypot-fra-1 sshd[784]: Did not receive identification string from 141.255.162.226 port 37706","@timestamp":"2022-09-11T17:55:07.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:33 honeypot-fra-1 sshd[787]: Disconnected from invalid user user 141.255.162.226 port 39334 [preauth]","@timestamp":"2022-09-11T17:55:33.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:35 honeypot-fra-1 sshd[791]: Disconnected from invalid user user 141.255.162.226 port 44196 [preauth]","@timestamp":"2022-09-11T17:55:36.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:57:11 honeypot-ams-1 kernel: [83795616.560618] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.21.179.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=10591 PROTO=TCP SPT=19280 DPT=80 WINDOW=20337 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:57:11.367Z"}
{"@timestamp":"2022-09-11T17:57:48.710Z","@version":"1","message":"Sep 11 17:57:48 honeypot-sgp-1 sshd[6417]: Received disconnect from 132.148.75.125 port 33370:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:59:42.760Z","@version":"1","message":"Sep 11 17:59:42 honeypot-sgp-1 sshd[6424]: Received disconnect from 132.148.75.125 port 45834:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:00:24.779Z","@version":"1","message":"Sep 11 18:00:24 honeypot-sgp-1 sshd[6428]: Disconnected from invalid user test2 92.255.85.69 port 22150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:01:41.816Z","@version":"1","message":"Sep 11 18:01:41 honeypot-sgp-1 sshd[6432]: Disconnected from authenticating user root 132.148.75.125 port 35082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:02:24 honeypot-ams-1 sshd[10674]: Received disconnect from 104.28.206.119 port 32121:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:02:25.503Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:02:58 honeypot-fra-1 sshd[796]: Invalid user test2 from 92.255.85.69 port 39944","@timestamp":"2022-09-11T18:02:58.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:03:02.881Z","@version":"1","message":"Sep 11 18:03:02 honeypot-sgp-1 sshd[6436]: Disconnected from authenticating user root 132.148.75.125 port 42882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:05:01.933Z","@version":"1","message":"Sep 11 18:05:01 honeypot-sgp-1 sshd[6443]: Disconnected from authenticating user root 132.148.75.125 port 37812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:06:37 honeypot-ams-1 sshd[10678]: Received disconnect from 92.255.85.69 port 26888:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:06:38.612Z"}
{"@timestamp":"2022-09-11T18:07:00.985Z","@version":"1","message":"Sep 11 18:07:00 honeypot-sgp-1 sshd[6449]: Disconnected from authenticating user root 132.148.75.125 port 58498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:08:51 honeypot-fra-1 kernel: [83794160.436925] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=219.135.176.158 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=58558 DF PROTO=TCP SPT=57127 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:08:51.968Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:09:06.041Z","@version":"1","message":"Sep 11 18:09:05 honeypot-sgp-1 sshd[6456]: Disconnected from authenticating user root 132.148.75.125 port 58416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:11:10.094Z","@version":"1","message":"Sep 11 18:11:09 honeypot-sgp-1 sshd[6462]: Disconnected from authenticating user root 132.148.75.125 port 57682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:11:13 honeypot-ams-1 kernel: [83796458.751104] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.251.9.244 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=40281 DF PROTO=TCP SPT=60363 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:11:13.731Z"}
{"@timestamp":"2022-09-11T18:13:09.165Z","@version":"1","message":"Sep 11 18:13:08 honeypot-sgp-1 sshd[6468]: Received disconnect from 132.148.75.125 port 48568:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:13:38 honeypot-fra-1 sshd[801]: Invalid user tolee from 103.9.36.69 port 57676","@timestamp":"2022-09-11T18:13:39.079Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:15:10.217Z","@version":"1","message":"Sep 11 18:15:09 honeypot-sgp-1 sshd[6475]: Received disconnect from 132.148.75.125 port 42266:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:05.243Z","@version":"1","message":"Sep 11 18:16:04 honeypot-sgp-1 sshd[6480]: Invalid user user from 141.255.162.226 port 46648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:10.246Z","@version":"1","message":"Sep 11 18:16:09 honeypot-sgp-1 sshd[6485]: Invalid user user from 141.255.162.226 port 38046","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:12.248Z","@version":"1","message":"Sep 11 18:16:11 honeypot-sgp-1 sshd[6488]: Connection closed by invalid user user 141.255.162.226 port 51128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:16:22 honeypot-fra-1 sshd[804]: Disconnected from invalid user kenmuir 165.22.45.108 port 45818 [preauth]","@timestamp":"2022-09-11T18:16:23.141Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:17:11.272Z","@version":"1","message":"Sep 11 18:17:10 honeypot-sgp-1 sshd[6497]: Received disconnect from 132.148.75.125 port 36448:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:17:31 honeypot-ams-1 sshd[10685]: Received disconnect from 62.64.86.44 port 63536:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:17:31.898Z"}
{"@timestamp":"2022-09-11T18:19:13.325Z","@version":"1","message":"Sep 11 18:19:12 honeypot-sgp-1 sshd[6503]: Received disconnect from 132.148.75.125 port 58582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:20:31 honeypot-ams-1 kernel: [83797017.201967] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.34.56.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56116 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:20:31.979Z"}
{"@timestamp":"2022-09-11T18:20:38.362Z","@version":"1","message":"Sep 11 18:20:38 honeypot-sgp-1 sshd[6508]: Disconnected from authenticating user root 132.148.75.125 port 41786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:21:05 honeypot-ams-1 sshd[10692]: Disconnected from invalid user bj 92.63.206.81 port 51188 [preauth]","@timestamp":"2022-09-11T18:21:05.995Z"}
{"@timestamp":"2022-09-11T18:22:47.418Z","@version":"1","message":"Sep 11 18:22:46 honeypot-sgp-1 sshd[6514]: Disconnected from authenticating user root 132.148.75.125 port 45246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:24:08.454Z","@version":"1","message":"Sep 11 18:24:08 honeypot-sgp-1 sshd[6520]: Received disconnect from 132.148.75.125 port 50514:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:25:30.491Z","@version":"1","message":"Sep 11 18:25:29 honeypot-sgp-1 sshd[6526]: Disconnected from authenticating user root 132.148.75.125 port 56250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:27:23 honeypot-fra-1 kernel: [83795273.101568] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33255 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:27:24.382Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:27:35.546Z","@version":"1","message":"Sep 11 18:27:34 honeypot-sgp-1 sshd[6532]: Disconnected from authenticating user root 132.148.75.125 port 57260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:29:04 honeypot-ams-1 sshd[10697]: Disconnected from invalid user contador 92.255.85.70 port 45776 [preauth]","@timestamp":"2022-09-11T18:29:05.201Z"}
{"@timestamp":"2022-09-11T18:29:39.599Z","@version":"1","message":"Sep 11 18:29:39 honeypot-sgp-1 sshd[6538]: Disconnected from authenticating user root 132.148.75.125 port 55804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:31:41.651Z","@version":"1","message":"Sep 11 18:31:41 honeypot-sgp-1 sshd[6545]: Disconnected from authenticating user root 132.148.75.125 port 52574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:33:53.707Z","@version":"1","message":"Sep 11 18:33:52 honeypot-sgp-1 sshd[6551]: Disconnected from authenticating user root 132.148.75.125 port 59508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:34:04 honeypot-fra-1 kernel: [83795674.354185] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=188.68.46.35 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=62425 DF PROTO=TCP SPT=38290 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:34:05.535Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:35:29.751Z","@version":"1","message":"Sep 11 18:35:28 honeypot-sgp-1 kernel: [83797441.511167] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.178.103.163 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33103 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:37:19.798Z","@version":"1","message":"Sep 11 18:37:19 honeypot-sgp-1 sshd[6562]: Disconnected from authenticating user root 132.148.75.125 port 32822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:39:02 honeypot-fra-1 kernel: [83795971.661481] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=49.233.122.59 DST=165.22.82.222 LEN=60 TOS=0x08 PREC=0x00 TTL=45 ID=37707 DF PROTO=TCP SPT=55736 DPT=5432 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:39:02.652Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:39:24.852Z","@version":"1","message":"Sep 11 18:39:24 honeypot-sgp-1 sshd[6568]: Disconnected from authenticating user root 132.148.75.125 port 57806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:39:46 honeypot-ams-1 sshd[10704]: Invalid user geq from 79.7.186.65 port 49008","@timestamp":"2022-09-11T18:39:47.476Z"}
{"@timestamp":"2022-09-11T18:41:29.904Z","@version":"1","message":"Sep 11 18:41:29 honeypot-sgp-1 sshd[6574]: Disconnected from authenticating user root 132.148.75.125 port 57824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:42:50.938Z","@version":"1","message":"Sep 11 18:42:50 honeypot-sgp-1 sshd[6581]: Did not receive identification string from 154.89.5.123 port 33456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:43:34 honeypot-ams-1 kernel: [83798400.083789] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.113.41.14 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=112 ID=21713 DF PROTO=TCP SPT=50174 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:43:35.573Z"}
{"@timestamp":"2022-09-11T18:44:16.975Z","@version":"1","message":"Sep 11 18:44:16 honeypot-sgp-1 sshd[6588]: Received disconnect from 132.148.75.125 port 48354:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:45:41 honeypot-ams-1 sshd[10712]: Received disconnect from 143.110.177.216 port 47664:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:45:42.630Z"}
{"@timestamp":"2022-09-11T18:46:26.030Z","@version":"1","message":"Sep 11 18:46:25 honeypot-sgp-1 sshd[6594]: Received disconnect from 132.148.75.125 port 51692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:47:49.065Z","@version":"1","message":"Sep 11 18:47:48 honeypot-sgp-1 sshd[6601]: Received disconnect from 132.148.75.125 port 59376:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:48:24 honeypot-fra-1 sshd[835]: Disconnected from invalid user adam 182.253.113.138 port 42704 [preauth]","@timestamp":"2022-09-11T18:48:24.856Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:48:50 honeypot-ams-1 sshd[10717]: Received disconnect from 94.153.212.68 port 45224:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:48:50.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:26 honeypot-ams-1 sshd[10720]: Invalid user user from 45.61.184.204 port 57132","@timestamp":"2022-09-11T18:51:26.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:48 honeypot-ams-1 sshd[10724]: Invalid user user from 45.61.184.204 port 52682","@timestamp":"2022-09-11T18:51:48.799Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:52:01 honeypot-fra-1 kernel: [83796751.239721] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.109 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=14157 PROTO=TCP SPT=44874 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:52:01.936Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:07 honeypot-ams-1 sshd[10728]: Invalid user user from 45.61.184.204 port 48260","@timestamp":"2022-09-11T18:52:07.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:25 honeypot-ams-1 sshd[10733]: Invalid user user from 45.61.184.204 port 43800","@timestamp":"2022-09-11T18:52:26.819Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:56:13 honeypot-ams-1 kernel: [83799159.045454] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x18 PREC=0x00 TTL=239 ID=46638 PROTO=TCP SPT=54390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:56:13.919Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:57:27 honeypot-fra-1 sshd[846]: Connection closed by invalid user test 193.106.191.157 port 58752 [preauth]","@timestamp":"2022-09-11T18:57:28.061Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:36 honeypot-fra-1 sshd[851]: Received disconnect from 45.61.184.204 port 58002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:00:37.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:57 honeypot-fra-1 sshd[855]: Received disconnect from 45.61.184.204 port 54354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:00:58.143Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:01:18 honeypot-fra-1 sshd[861]: Received disconnect from 45.61.184.204 port 50700:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:01:19.153Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:03:11 honeypot-ams-1 sshd[10743]: Received disconnect from 204.48.30.72 port 57556:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:03:12.097Z"}
{"@timestamp":"2022-09-11T19:03:39.440Z","@version":"1","message":"Sep 11 19:03:38 honeypot-sgp-1 sshd[6605]: Disconnected from invalid user taza 103.226.250.228 port 41844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:39.515Z","@version":"1","message":"Sep 11 19:06:39 honeypot-sgp-1 sshd[6609]: Disconnected from invalid user user 141.255.162.226 port 60054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:41.517Z","@version":"1","message":"Sep 11 19:06:40 honeypot-sgp-1 sshd[6611]: Disconnected from invalid user user 141.255.162.226 port 38200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:43.518Z","@version":"1","message":"Sep 11 19:06:42 honeypot-sgp-1 sshd[6615]: Disconnected from invalid user user 141.255.162.226 port 53676 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:08:27 honeypot-fra-1 kernel: [83797736.540057] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=47300 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:08:27.307Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T19:08:44.568Z","@version":"1","message":"Sep 11 19:08:44 honeypot-sgp-1 sshd[6622]: Received disconnect from 188.166.19.128 port 39004:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:45 honeypot-ams-1 sshd[10749]: Invalid user user from 45.61.186.249 port 40144","@timestamp":"2022-09-11T19:08:46.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:58 honeypot-ams-1 sshd[10754]: Invalid user admin from 222.228.6.98 port 34666","@timestamp":"2022-09-11T19:08:59.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:03 honeypot-ams-1 sshd[10757]: Disconnected from invalid user user 45.61.186.249 port 34888 [preauth]","@timestamp":"2022-09-11T19:09:04.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:20 honeypot-ams-1 sshd[10761]: Disconnected from invalid user user 45.61.186.249 port 57722 [preauth]","@timestamp":"2022-09-11T19:09:21.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:12:40 honeypot-ams-1 sshd[10767]: Received disconnect from 164.92.179.150 port 51470:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:12:40.350Z"}
{"@timestamp":"2022-09-11T19:13:20.678Z","@version":"1","message":"Sep 11 19:13:20 honeypot-sgp-1 kernel: [83799712.636719] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=47095 PROTO=TCP SPT=43369 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:16:20 honeypot-fra-1 sshd[869]: Received disconnect from 221.156.126.1 port 51114:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:16:20.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:18:26 honeypot-fra-1 kernel: [83798336.221061] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15666 PROTO=TCP SPT=43369 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:18:27.546Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:18:28 honeypot-ams-1 kernel: [83800493.295520] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=60970 PROTO=TCP SPT=43369 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:18:28.500Z"}
{"@timestamp":"2022-09-11T19:19:31.834Z","@version":"1","message":"Sep 11 19:19:31 honeypot-sgp-1 sshd[6631]: Disconnected from invalid user user 198.98.61.9 port 35878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:19:45.841Z","@version":"1","message":"Sep 11 19:19:44 honeypot-sgp-1 sshd[6635]: Disconnected from invalid user user 198.98.61.9 port 47508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:03.849Z","@version":"1","message":"Sep 11 19:20:03 honeypot-sgp-1 sshd[6639]: Disconnected from invalid user user 198.98.61.9 port 42318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:20.857Z","@version":"1","message":"Sep 11 19:20:20 honeypot-sgp-1 sshd[6643]: Disconnected from invalid user user 198.98.61.9 port 37208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:19 honeypot-fra-1 sshd[883]: Did not receive identification string from 198.98.61.9 port 54666","@timestamp":"2022-09-11T19:24:19.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:49 honeypot-fra-1 sshd[886]: Disconnected from invalid user user 198.98.61.9 port 50696 [preauth]","@timestamp":"2022-09-11T19:24:49.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:06 honeypot-fra-1 sshd[890]: Received disconnect from 198.98.61.9 port 45800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:25:06.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:21 honeypot-fra-1 sshd[894]: Received disconnect from 198.98.61.9 port 40900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:25:21.708Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:26:57.014Z","@version":"1","message":"Sep 11 19:26:56 honeypot-sgp-1 kernel: [83800529.529783] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=49913 PROTO=TCP SPT=40276 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:26:57 honeypot-ams-1 kernel: [83801003.165676] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=34511 PROTO=TCP SPT=63536 DPT=80 WINDOW=8136 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:26:58.722Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:33:01 honeypot-ams-1 kernel: [83801366.456204] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=63853 DF PROTO=TCP SPT=64483 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T19:33:01.887Z"}
{"@timestamp":"2022-09-11T19:37:09.255Z","@version":"1","message":"Sep 11 19:37:08 honeypot-sgp-1 sshd[6654]: Disconnected from invalid user user 198.98.61.9 port 52286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:37:23 honeypot-fra-1 sshd[899]: Received disconnect from 92.255.85.70 port 63182:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:37:23.978Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:37:27.266Z","@version":"1","message":"Sep 11 19:37:26 honeypot-sgp-1 sshd[6658]: Disconnected from invalid user user 198.98.61.9 port 47666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:47.275Z","@version":"1","message":"Sep 11 19:37:46 honeypot-sgp-1 sshd[6662]: Disconnected from invalid user user 198.98.61.9 port 43042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:38:04.283Z","@version":"1","message":"Sep 11 19:38:03 honeypot-sgp-1 sshd[6666]: Disconnected from invalid user user 198.98.61.9 port 38420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:41:47 honeypot-ams-1 sshd[10790]: Invalid user test from 193.106.191.157 port 46882","@timestamp":"2022-09-11T19:41:48.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:44:09 honeypot-fra-1 sshd[902]: Connection closed by 162.142.125.219 port 51994 [preauth]","@timestamp":"2022-09-11T19:44:10.130Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:48:26 honeypot-ams-1 sshd[10795]: Did not receive identification string from 45.61.187.160 port 59076","@timestamp":"2022-09-11T19:48:26.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:08 honeypot-ams-1 sshd[10798]: Received disconnect from 45.61.187.160 port 59282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:49:09.315Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:25 honeypot-ams-1 sshd[10802]: Received disconnect from 45.61.187.160 port 53744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:49:26.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:43 honeypot-ams-1 sshd[10806]: Received disconnect from 45.61.187.160 port 48214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:49:44.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:50:20 honeypot-ams-1 sshd[10810]: Disconnected from 159.223.172.195 port 33698 [preauth]","@timestamp":"2022-09-11T19:50:20.352Z"}
{"@timestamp":"2022-09-11T19:54:46.665Z","@version":"1","message":"Sep 11 19:54:46 honeypot-sgp-1 sshd[6673]: Received disconnect from 188.173.136.132 port 58909:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:56:00.697Z","@version":"1","message":"Sep 11 19:55:59 honeypot-sgp-1 kernel: [83802272.279133] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.140 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=2108 PROTO=TCP SPT=2203 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:26 honeypot-fra-1 sshd[908]: Did not receive identification string from 34.71.244.4 port 56112","@timestamp":"2022-09-11T19:56:27.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[932]: Invalid user oracle from 34.71.244.4 port 56428","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[917]: Invalid user oracle from 34.71.244.4 port 56282","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[931]: Invalid user ansible from 34.71.244.4 port 56280","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[929]: Connection closed by authenticating user root 34.71.244.4 port 56442 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[910]: Connection closed by invalid user devops 34.71.244.4 port 56206 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[914]: Connection closed by invalid user testuser 34.71.244.4 port 56352 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[937]: Connection closed by invalid user chia 34.71.244.4 port 56362 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:57:51 honeypot-fra-1 sshd[966]: Connection closed by 141.126.201.217 port 58111 [preauth]","@timestamp":"2022-09-11T19:57:52.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:03:33 honeypot-ams-1 sshd[10815]: Disconnected from authenticating user root 92.255.85.70 port 41844 [preauth]","@timestamp":"2022-09-11T20:03:33.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:08:18 honeypot-ams-1 sshd[10822]: Invalid user admin from 148.153.82.133 port 53438","@timestamp":"2022-09-11T20:08:18.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:10:08 honeypot-fra-1 kernel: [83801437.866555] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=43815 PROTO=TCP SPT=10821 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:10:09.709Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:14:23 honeypot-ams-1 kernel: [83803848.739068] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44349 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:14:23.970Z"}
{"@timestamp":"2022-09-11T20:17:02.189Z","@version":"1","message":"Sep 11 20:17:01 honeypot-sgp-1 CRON[6683]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:20:27 honeypot-ams-1 kernel: [83804212.737544] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=59493 PROTO=TCP SPT=53375 DPT=5432 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:20:28.133Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:22:13 honeypot-fra-1 kernel: [83802162.832561] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36275 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:22:13.974Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T20:26:47.420Z","@version":"1","message":"Sep 11 20:26:46 honeypot-sgp-1 kernel: [83804119.028762] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=45603 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:28:07 honeypot-fra-1 kernel: [83802516.315331] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57003 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:28:08.127Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:30:25 honeypot-ams-1 sshd[10842]: Received disconnect from 107.173.209.238 port 54652:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:30:26.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:36:44 honeypot-fra-1 kernel: [83803033.740586] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.61 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=6828 PROTO=TCP SPT=48467 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:36:45.317Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T20:40:10.728Z","@version":"1","message":"Sep 11 20:40:10 honeypot-sgp-1 sshd[6696]: Received disconnect from 178.128.83.25 port 45098:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:43:13 honeypot-ams-1 kernel: [83805578.612869] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.27.54.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=55300 PROTO=TCP SPT=30725 DPT=80 WINDOW=8070 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:43:13.733Z"}
{"@timestamp":"2022-09-11T20:44:40.833Z","@version":"1","message":"Sep 11 20:44:40 honeypot-sgp-1 sshd[6701]: Received disconnect from 92.255.85.70 port 39514:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:47:33 honeypot-fra-1 sshd[1005]: Received disconnect from 92.255.85.69 port 29350:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:47:33.558Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:53:44 honeypot-fra-1 sshd[1011]: Received disconnect from 45.61.184.204 port 48126:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T20:53:45.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:06 honeypot-fra-1 sshd[1015]: Received disconnect from 45.61.184.204 port 43756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T20:54:06.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:27 honeypot-fra-1 sshd[1019]: Received disconnect from 45.61.184.204 port 39406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T20:54:27.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:46 honeypot-fra-1 sshd[1023]: Received disconnect from 45.61.184.204 port 35030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T20:54:46.726Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:56:43 honeypot-ams-1 kernel: [83806388.995650] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=27232 PROTO=TCP SPT=37401 DPT=80 WINDOW=21984 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:56:44.081Z"}
{"@timestamp":"2022-09-11T20:59:49.183Z","@version":"1","message":"Sep 11 20:59:48 honeypot-sgp-1 kernel: [83806101.136587] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=18933 DF PROTO=TCP SPT=53522 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:04:45 honeypot-ams-1 kernel: [83806870.872072] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=87.237.233.39 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=37835 PROTO=TCP SPT=3488 DPT=443 WINDOW=11894 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:04:46.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:07:00 honeypot-fra-1 sshd[1027]: Received disconnect from 165.22.45.108 port 41676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T21:07:00.997Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:08:13.376Z","@version":"1","message":"Sep 11 21:08:12 honeypot-sgp-1 sshd[6712]: Received disconnect from 92.255.85.69 port 55140:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:13:43.506Z","@version":"1","message":"Sep 11 21:13:42 honeypot-sgp-1 kernel: [83806935.117901] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.146.42.199 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=8249 DF PROTO=TCP SPT=8553 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:14:54 honeypot-ams-1 sshd[10861]: Invalid user pi from 189.180.95.203 port 38792","@timestamp":"2022-09-11T21:14:54.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:16:11 honeypot-fra-1 sshd[1032]: Received disconnect from 111.95.141.34 port 41184:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:16:12.203Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:19:48 honeypot-ams-1 sshd[10869]: Connection closed by invalid user admin 121.179.150.231 port 50593 [preauth]","@timestamp":"2022-09-11T21:19:48.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:24:11 honeypot-fra-1 kernel: [83805880.126510] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.42.201 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=1155 DF PROTO=TCP SPT=3759 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:24:11.379Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T21:25:59.785Z","@version":"1","message":"Sep 11 21:25:59 honeypot-sgp-1 sshd[6722]: Invalid user user from 45.61.186.49 port 43318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:26:09.790Z","@version":"1","message":"Sep 11 21:26:09 honeypot-sgp-1 sshd[6726]: Invalid user user from 45.61.186.49 port 55208","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:28:34.845Z","@version":"1","message":"Sep 11 21:28:34 honeypot-sgp-1 sshd[6730]: Did not receive identification string from 45.61.186.249 port 50384","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:07.860Z","@version":"1","message":"Sep 11 21:29:07 honeypot-sgp-1 sshd[6733]: Disconnected from invalid user user 45.61.186.249 port 46290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:26.868Z","@version":"1","message":"Sep 11 21:29:26 honeypot-sgp-1 sshd[6738]: Received disconnect from 45.61.186.249 port 40602:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:43.876Z","@version":"1","message":"Sep 11 21:29:43 honeypot-sgp-1 sshd[6742]: Received disconnect from 45.61.186.49 port 49692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:49.879Z","@version":"1","message":"Sep 11 21:29:49 honeypot-sgp-1 sshd[6746]: Received disconnect from 45.61.186.49 port 55530:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:55.882Z","@version":"1","message":"Sep 11 21:29:55 honeypot-sgp-1 sshd[6750]: Received disconnect from 45.61.186.49 port 33126:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:31:05 honeypot-ams-1 kernel: [83808450.858837] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=11607 DF PROTO=TCP SPT=52897 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T21:31:05.976Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:15 honeypot-fra-1 sshd[1050]: Did not receive identification string from 13.229.182.132 port 24018","@timestamp":"2022-09-11T21:31:15.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1064]: Invalid user admin from 13.229.182.132 port 24366","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1071]: Invalid user chia from 13.229.182.132 port 24206","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1052]: Connection closed by invalid user mysql 13.229.182.132 port 24228 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1051]: Connection closed by invalid user testuser 13.229.182.132 port 24100 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1070]: Connection closed by invalid user devops 13.229.182.132 port 24194 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1072]: Connection closed by invalid user cloud 13.229.182.132 port 24266 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1074]: Invalid user oracle from 13.229.182.132 port 24084","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1077]: Connection closed by invalid user ubuntu 13.229.182.132 port 24218 [preauth]","@timestamp":"2022-09-11T21:31:17.540Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:35:03.999Z","@version":"1","message":"Sep 11 21:35:03 honeypot-sgp-1 kernel: [83808216.248814] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=48272 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:42:16 honeypot-fra-1 sshd[1109]: Disconnected from invalid user kernel 165.22.45.108 port 46520 [preauth]","@timestamp":"2022-09-11T21:42:17.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:47:17 honeypot-fra-1 kernel: [83807266.511358] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=115.231.235.56 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=39916 PROTO=TCP SPT=48100 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:47:17.911Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:54:46 honeypot-ams-1 sshd[10881]: Did not receive identification string from 141.255.162.226 port 34814","@timestamp":"2022-09-11T21:54:46.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:05 honeypot-ams-1 sshd[10884]: Disconnected from invalid user user 141.255.162.226 port 48884 [preauth]","@timestamp":"2022-09-11T21:55:05.609Z"}
{"@timestamp":"2022-09-11T21:55:06.455Z","@version":"1","message":"Sep 11 21:55:05 honeypot-sgp-1 sshd[6761]: Disconnected from authenticating user root 92.255.85.70 port 55112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:09 honeypot-ams-1 sshd[10888]: Disconnected from invalid user user 141.255.162.226 port 55216 [preauth]","@timestamp":"2022-09-11T21:55:10.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:11 honeypot-ams-1 sshd[10892]: Disconnected from invalid user user 141.255.162.226 port 42558 [preauth]","@timestamp":"2022-09-11T21:55:11.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:55:52 honeypot-fra-1 sshd[1117]: Disconnected from invalid user teste 157.245.204.50 port 32796 [preauth]","@timestamp":"2022-09-11T21:55:53.101Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:00:45 honeypot-ams-1 sshd[10899]: Received disconnect from 92.255.85.69 port 60710:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:00:46.760Z"}
{"@timestamp":"2022-09-11T22:06:38.720Z","@version":"1","message":"Sep 11 22:06:38 honeypot-sgp-1 kernel: [83810110.783204] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=54480 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:01 honeypot-fra-1 sshd[1128]: Disconnected from invalid user user 45.61.186.49 port 42370 [preauth]","@timestamp":"2022-09-11T22:08:02.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:13 honeypot-fra-1 sshd[1132]: Disconnected from invalid user user 45.61.186.49 port 54292 [preauth]","@timestamp":"2022-09-11T22:08:13.376Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:10:51 honeypot-ams-1 sshd[10904]: Disconnected from authenticating user root 206.189.14.223 port 32800 [preauth]","@timestamp":"2022-09-11T22:10:52.043Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:16:19 honeypot-fra-1 kernel: [83809008.823544] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=43581 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:16:20.555Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:16:27 honeypot-ams-1 sshd[10909]: Invalid user wksys from 178.176.224.148 port 59510","@timestamp":"2022-09-11T22:16:28.190Z"}
{"@timestamp":"2022-09-11T22:17:01.955Z","@version":"1","message":"Sep 11 22:17:01 honeypot-sgp-1 CRON[6771]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:18:59 honeypot-ams-1 sshd[10914]: Invalid user chinchilla from 128.199.177.224 port 52872","@timestamp":"2022-09-11T22:19:00.260Z"}
{"@timestamp":"2022-09-11T22:19:52.023Z","@version":"1","message":"Sep 11 22:19:51 honeypot-sgp-1 sshd[6778]: Invalid user admin from 183.107.114.23 port 35831","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:21:18 honeypot-fra-1 sshd[1144]: Received disconnect from 92.255.85.69 port 40452:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:21:18.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:23:45 honeypot-ams-1 sshd[10917]: Disconnected from authenticating user root 92.255.85.70 port 15448 [preauth]","@timestamp":"2022-09-11T22:23:46.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:32:19 honeypot-ams-1 sshd[10925]: Received disconnect from 80.76.51.46 port 53230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:32:20.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:33:04 honeypot-ams-1 sshd[10931]: Received disconnect from 80.76.51.46 port 47206:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:33:04.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:33:32 honeypot-ams-1 sshd[10935]: Received disconnect from 80.76.51.46 port 43272:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:33:33.640Z"}
{"@timestamp":"2022-09-11T22:33:38.340Z","@version":"1","message":"Sep 11 22:33:37 honeypot-sgp-1 sshd[6784]: Received disconnect from 206.189.145.18 port 51176:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:33:54.348Z","@version":"1","message":"Sep 11 22:33:53 honeypot-sgp-1 sshd[6788]: Received disconnect from 198.98.61.9 port 37638:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:34:10.355Z","@version":"1","message":"Sep 11 22:34:10 honeypot-sgp-1 sshd[6792]: Received disconnect from 198.98.61.9 port 60422:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:34:11 honeypot-ams-1 kernel: [83812236.365942] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.49.255 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=59772 PROTO=TCP SPT=27860 DPT=80 WINDOW=62812 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:34:11.659Z"}
{"@timestamp":"2022-09-11T22:34:30.365Z","@version":"1","message":"Sep 11 22:34:29 honeypot-sgp-1 sshd[6797]: Received disconnect from 198.98.61.9 port 55002:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:43 honeypot-fra-1 sshd[1153]: Received disconnect from 141.255.162.226 port 34412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:43.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:44 honeypot-ams-1 sshd[10946]: Received disconnect from 80.76.51.46 port 33210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:44.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:47 honeypot-fra-1 sshd[1157]: Received disconnect from 141.255.162.226 port 47634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:47.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:50 honeypot-fra-1 sshd[1161]: Received disconnect from 141.255.162.226 port 60860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:50.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:51 honeypot-fra-1 sshd[1165]: Received disconnect from 141.255.162.226 port 39238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:51.967Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:13 honeypot-ams-1 sshd[10950]: Received disconnect from 80.76.51.46 port 57406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:35:13.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:41 honeypot-ams-1 sshd[10954]: Received disconnect from 80.76.51.46 port 53408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:35:42.707Z"}
{"@timestamp":"2022-09-11T22:35:55.400Z","@version":"1","message":"Sep 11 22:35:54 honeypot-sgp-1 sshd[6802]: Disconnected from authenticating user root 59.19.54.171 port 56788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:10 honeypot-ams-1 sshd[10958]: Received disconnect from 80.76.51.46 port 49448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:36:11.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:40 honeypot-ams-1 sshd[10962]: Disconnected from authenticating user root 80.76.51.46 port 45388 [preauth]","@timestamp":"2022-09-11T22:36:40.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:09 honeypot-ams-1 sshd[10966]: Disconnected from invalid user postgres 80.76.51.46 port 41408 [preauth]","@timestamp":"2022-09-11T22:37:09.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:52 honeypot-ams-1 sshd[10972]: Received disconnect from 80.76.51.46 port 35372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:37:52.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:44:52 honeypot-fra-1 sshd[1171]: Received disconnect from 92.255.85.69 port 21700:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:44:53.191Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:45:13 honeypot-ams-1 kernel: [83812898.301876] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=51403 PROTO=TCP SPT=27372 DPT=80 WINDOW=55917 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:45:13.968Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1179]: Invalid user guest from 147.135.252.17 port 49740","@timestamp":"2022-09-11T22:46:45.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1184]: Connection closed by invalid user test 147.135.252.17 port 49692 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1188]: Invalid user mysql from 147.135.252.17 port 49756","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1175]: Connection closed by invalid user vnc 147.135.252.17 port 49696 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1174]: Connection closed by authenticating user root 147.135.252.17 port 49682 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1196]: Invalid user admin from 147.135.252.17 port 49724","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1198]: Invalid user oracle from 147.135.252.17 port 49720","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1195]: Connection closed by invalid user www 147.135.252.17 port 49716 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:54 honeypot-fra-1 sshd[1230]: Received disconnect from 103.9.159.153 port 38926:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:46:55.238Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:47:06.660Z","@version":"1","message":"Sep 11 22:47:05 honeypot-sgp-1 sshd[6883]: Invalid user support from 197.211.115.66 port 49067","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:47:14 honeypot-ams-1 kernel: [83813019.972933] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=52093 DF PROTO=TCP SPT=64840 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T22:47:15.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:52:52 honeypot-fra-1 sshd[1235]: Received disconnect from 165.22.45.108 port 57062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:52:53.370Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:53:53.819Z","@version":"1","message":"Sep 11 22:53:53 honeypot-sgp-1 sshd[6888]: Disconnected from authenticating user root 183.88.244.176 port 53898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:58:03 honeypot-ams-1 kernel: [83813668.886105] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43751 PROTO=TCP SPT=56896 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:58:04.306Z"}
{"@timestamp":"2022-09-11T22:59:16.946Z","@version":"1","message":"Sep 11 22:59:16 honeypot-sgp-1 sshd[6894]: Disconnected from invalid user ovhuser 103.149.74.237 port 20216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:03:05 honeypot-fra-1 sshd[1240]: Invalid user kelimoff from 181.49.254.238 port 42686","@timestamp":"2022-09-11T23:03:06.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:03:17.043Z","@version":"1","message":"Sep 11 23:03:16 honeypot-sgp-1 sshd[6898]: Received disconnect from 36.93.142.202 port 40380:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:05:24.095Z","@version":"1","message":"Sep 11 23:05:23 honeypot-sgp-1 sshd[6915]: Disconnected from authenticating user root 92.255.85.70 port 21138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:08:49 honeypot-fra-1 kernel: [83812157.919816] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.50 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=54176 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:08:49.727Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:10:15 honeypot-ams-1 kernel: [83814400.990273] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.33.220.45 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=47157 PROTO=TCP SPT=7433 DPT=80 WINDOW=46736 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:10:16.703Z"}
{"@timestamp":"2022-09-11T23:17:02.388Z","@version":"1","message":"Sep 11 23:17:01 honeypot-sgp-1 CRON[6927]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:17:30.402Z","@version":"1","message":"Sep 11 23:17:29 honeypot-sgp-1 sshd[6942]: Invalid user cameras from 185.246.130.20 port 34849","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:18:07.420Z","@version":"1","message":"Sep 11 23:18:06 honeypot-sgp-1 sshd[6949]: Invalid user  from 185.246.130.20 port 9617","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:18:26 honeypot-fra-1 sshd[1254]: Received disconnect from 157.230.38.31 port 49906:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:18:26.936Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:18:40.434Z","@version":"1","message":"Sep 11 23:18:40 honeypot-sgp-1 sshd[6955]: Invalid user admin from 185.246.130.20 port 12105","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:10.447Z","@version":"1","message":"Sep 11 23:19:09 honeypot-sgp-1 sshd[6962]: Disconnecting authenticating user root 185.246.130.20 port 64621: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:30.456Z","@version":"1","message":"Sep 11 23:19:30 honeypot-sgp-1 sshd[6969]: Disconnecting invalid user araknis 185.246.130.20 port 7680: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:11.475Z","@version":"1","message":"Sep 11 23:20:11 honeypot-sgp-1 sshd[6977]: Invalid user Admin from 185.246.130.20 port 57686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:43.490Z","@version":"1","message":"Sep 11 23:20:42 honeypot-sgp-1 sshd[6983]: Invalid user guest from 185.246.130.20 port 50092","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:08.502Z","@version":"1","message":"Sep 11 23:21:07 honeypot-sgp-1 sshd[6989]: Disconnecting invalid user  185.246.130.20 port 7776: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:27.511Z","@version":"1","message":"Sep 11 23:21:27 honeypot-sgp-1 sshd[6995]: Disconnecting invalid user admin 185.246.130.20 port 53659: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:58.524Z","@version":"1","message":"Sep 11 23:21:58 honeypot-sgp-1 sshd[7003]: Invalid user  from 185.246.130.20 port 32464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:22:08 honeypot-ams-1 kernel: [83815114.045331] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.75.21.236 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=38041 PROTO=TCP SPT=49180 DPT=443 WINDOW=47211 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:22:09.036Z"}
{"@timestamp":"2022-09-11T23:22:19.535Z","@version":"1","message":"Sep 11 23:22:19 honeypot-sgp-1 sshd[7009]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 45567","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:44.546Z","@version":"1","message":"Sep 11 23:22:44 honeypot-sgp-1 sshd[7014]: Disconnecting invalid user blank 185.246.130.20 port 5115: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:19.563Z","@version":"1","message":"Sep 11 23:23:19 honeypot-sgp-1 sshd[7022]: Invalid user default from 185.246.130.20 port 58805","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:36 honeypot-ams-1 sshd[10999]: Disconnected from invalid user admin 85.31.46.45 port 51568 [preauth]","@timestamp":"2022-09-11T23:23:37.080Z"}
{"@timestamp":"2022-09-11T23:23:40.574Z","@version":"1","message":"Sep 11 23:23:40 honeypot-sgp-1 sshd[7028]: Invalid user Administrator from 185.246.130.20 port 7388","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:24:03.585Z","@version":"1","message":"Sep 11 23:24:03 honeypot-sgp-1 sshd[7035]: Invalid user admin from 185.246.130.20 port 7452","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:24:33.599Z","@version":"1","message":"Sep 11 23:24:32 honeypot-sgp-1 sshd[7042]: Invalid user comcast from 185.246.130.20 port 30098","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:11.617Z","@version":"1","message":"Sep 11 23:25:11 honeypot-sgp-1 sshd[7048]: Invalid user admin1234 from 185.246.130.20 port 51520","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:49.635Z","@version":"1","message":"Sep 11 23:25:49 honeypot-sgp-1 sshd[7054]: Invalid user admin from 185.246.130.20 port 48322","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:15.647Z","@version":"1","message":"Sep 11 23:26:15 honeypot-sgp-1 sshd[7060]: Invalid user blank from 185.246.130.20 port 42539","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:43.661Z","@version":"1","message":"Sep 11 23:26:42 honeypot-sgp-1 sshd[7066]: Disconnecting invalid user airlive 185.246.130.20 port 5967: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:17.677Z","@version":"1","message":"Sep 11 23:27:17 honeypot-sgp-1 sshd[7072]: Disconnecting invalid user roqos 185.246.130.20 port 37140: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:43.690Z","@version":"1","message":"Sep 11 23:27:43 honeypot-sgp-1 sshd[7078]: Disconnecting invalid user sitecom 185.246.130.20 port 28492: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:27:51 honeypot-fra-1 sshd[1257]: Received disconnect from 165.22.45.108 port 34148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:27:51.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:28:17.705Z","@version":"1","message":"Sep 11 23:28:17 honeypot-sgp-1 sshd[7093]: Disconnecting invalid user admin 185.246.130.20 port 43556: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:33.714Z","@version":"1","message":"Sep 11 23:28:33 honeypot-sgp-1 sshd[7099]: Invalid user highspeed from 185.246.130.20 port 56740","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:01.727Z","@version":"1","message":"Sep 11 23:29:00 honeypot-sgp-1 sshd[7105]: Invalid user  from 185.246.130.20 port 64011","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:27.740Z","@version":"1","message":"Sep 11 23:29:27 honeypot-sgp-1 sshd[7111]: Invalid user public from 185.246.130.20 port 46901","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:00.755Z","@version":"1","message":"Sep 11 23:30:00 honeypot-sgp-1 sshd[7118]: Disconnecting authenticating user root 185.246.130.20 port 24397: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:31.771Z","@version":"1","message":"Sep 11 23:30:30 honeypot-sgp-1 sshd[7124]: Disconnecting invalid user amdin 185.246.130.20 port 48482: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:50.781Z","@version":"1","message":"Sep 11 23:30:50 honeypot-sgp-1 sshd[7128]: Disconnecting invalid user Admin 185.246.130.20 port 13634: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:31:14 honeypot-fra-1 sshd[1259]: Disconnected from invalid user test2 92.255.85.69 port 43722 [preauth]","@timestamp":"2022-09-11T23:31:15.235Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:31:29.799Z","@version":"1","message":"Sep 11 23:31:28 honeypot-sgp-1 sshd[7134]: Invalid user 0 from 185.246.130.20 port 46315","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:31:49.809Z","@version":"1","message":"Sep 11 23:31:49 honeypot-sgp-1 sshd[7138]: Disconnecting invalid user admin 185.246.130.20 port 39257: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:32:26.826Z","@version":"1","message":"Sep 11 23:32:26 honeypot-sgp-1 sshd[7144]: Disconnecting invalid user 1admin0 185.246.130.20 port 5024: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:00 honeypot-fra-1 sshd[1265]: Received disconnect from 45.61.184.204 port 44668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:33:01.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:18 honeypot-fra-1 sshd[1269]: Received disconnect from 45.61.184.204 port 39820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:33:19.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:35 honeypot-fra-1 sshd[1273]: Received disconnect from 45.61.184.204 port 34974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:33:36.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:34:03 honeypot-ams-1 sshd[11004]: Received disconnect from 92.255.85.70 port 56782:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:34:03.355Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:34:28 honeypot-fra-1 kernel: [83813697.391899] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=23019 DF PROTO=TCP SPT=53514 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T23:34:29.336Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:36:05.913Z","@version":"1","message":"Sep 11 23:36:05 honeypot-sgp-1 sshd[7151]: Received disconnect from 71.67.66.226 port 54810:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:37:45 honeypot-ams-1 kernel: [83816050.400946] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.194.118 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=8768 PROTO=TCP SPT=2585 DPT=80 WINDOW=53690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:37:45.452Z"}
{"@timestamp":"2022-09-11T23:39:18.989Z","@version":"1","message":"Sep 11 23:39:18 honeypot-sgp-1 sshd[7157]: Disconnected from invalid user wyt 157.245.55.236 port 57482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:07 honeypot-ams-1 sshd[11011]: Disconnected from invalid user user 45.61.187.160 port 57482 [preauth]","@timestamp":"2022-09-11T23:43:07.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:29 honeypot-ams-1 sshd[11015]: Disconnected from invalid user user 45.61.187.160 port 52318 [preauth]","@timestamp":"2022-09-11T23:43:29.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:50 honeypot-ams-1 sshd[11019]: Disconnected from invalid user user 45.61.187.160 port 47178 [preauth]","@timestamp":"2022-09-11T23:43:51.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:44:10 honeypot-ams-1 sshd[11023]: Disconnected from invalid user user 45.61.187.160 port 42026 [preauth]","@timestamp":"2022-09-11T23:44:10.627Z"}
{"@timestamp":"2022-09-11T23:52:00.283Z","@version":"1","message":"Sep 11 23:52:00 honeypot-sgp-1 sshd[7163]: Disconnected from invalid user contador 92.255.85.70 port 25280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:54:54 honeypot-fra-1 kernel: [83814923.517589] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.112 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38913 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:54:55.804Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:57:11 honeypot-ams-1 sshd[11027]: Disconnected from invalid user contador 92.255.85.69 port 47078 [preauth]","@timestamp":"2022-09-11T23:57:11.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:03:13 honeypot-fra-1 sshd[1372]: Received disconnect from 165.22.45.108 port 38972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:03:13.989Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:07:33 honeypot-ams-1 kernel: [83817838.488940] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=61904 PROTO=TCP SPT=40803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:07:34.253Z"}
{"@timestamp":"2022-09-12T00:11:10.730Z","@version":"1","message":"Sep 12 00:11:10 honeypot-sgp-1 kernel: [83817582.973122] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=15770 PROTO=TCP SPT=41053 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:11:13 honeypot-ams-1 kernel: [83818058.901367] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40691 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:11:14.353Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:14:19 honeypot-fra-1 kernel: [83816088.350664] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.39 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=36192 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:14:20.237Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:17:07 honeypot-ams-1 kernel: [83818412.844774] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19129 PROTO=TCP SPT=51407 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:17:08.509Z"}
{"@timestamp":"2022-09-12T00:18:27.908Z","@version":"1","message":"Sep 12 00:18:27 honeypot-sgp-1 kernel: [83818019.449472] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64292 PROTO=TCP SPT=13484 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:22:20 honeypot-fra-1 kernel: [83816569.207501] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=47.116.138.219 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=54258 DF PROTO=TCP SPT=32812 DPT=5432 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:22:21.418Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T00:25:08.071Z","@version":"1","message":"Sep 12 00:25:07 honeypot-sgp-1 sshd[7191]: Invalid user usuario from 85.237.57.193 port 34762","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:26:08.099Z","@version":"1","message":"Sep 12 00:26:08 honeypot-sgp-1 kernel: [83818480.322118] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40539 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:27:50.144Z","@version":"1","message":"Sep 12 00:27:49 honeypot-sgp-1 sshd[7198]: Disconnected from authenticating user root 128.199.107.58 port 47442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:24.160Z","@version":"1","message":"Sep 12 00:28:23 honeypot-sgp-1 sshd[7202]: Disconnected from invalid user user 45.61.187.160 port 45866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:46.170Z","@version":"1","message":"Sep 12 00:28:45 honeypot-sgp-1 sshd[7206]: Disconnected from invalid user user 45.61.187.160 port 41162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:05.178Z","@version":"1","message":"Sep 12 00:29:05 honeypot-sgp-1 sshd[7211]: Disconnected from invalid user user 45.61.187.160 port 36452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:52.197Z","@version":"1","message":"Sep 12 00:29:51 honeypot-sgp-1 sshd[7217]: Received disconnect from 143.244.161.152 port 51756:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:33:42 honeypot-ams-1 kernel: [83819407.758385] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=49922 PROTO=TCP SPT=60000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:33:42.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:33:58 honeypot-fra-1 sshd[1388]: Did not receive identification string from 192.241.206.20 port 44136","@timestamp":"2022-09-12T00:33:58.699Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:35:44.337Z","@version":"1","message":"Sep 12 00:35:43 honeypot-sgp-1 kernel: [83819056.062054] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=33833 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:41:47 honeypot-fra-1 sshd[1393]: Received disconnect from 92.255.85.69 port 39858:11: Bye Bye [preauth]","@timestamp":"2022-09-12T00:41:47.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:43:34 honeypot-fra-1 sshd[1399]: Disconnected from authenticating user root 157.245.122.58 port 45064 [preauth]","@timestamp":"2022-09-12T00:43:34.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:45:35 honeypot-fra-1 sshd[1403]: Received disconnect from 157.245.122.58 port 43896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:45:35.973Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:46:59 honeypot-fra-1 sshd[1407]: Connection closed by invalid user alex 141.98.10.158 port 47686 [preauth]","@timestamp":"2022-09-12T00:47:00.007Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:48:08.637Z","@version":"1","message":"Sep 12 00:48:08 honeypot-sgp-1 kernel: [83819800.350231] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=13841 DF PROTO=TCP SPT=53947 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:48:10 honeypot-fra-1 sshd[1412]: Disconnected from invalid user jonitiso 157.245.122.58 port 56268 [preauth]","@timestamp":"2022-09-12T00:48:11.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:48:14 honeypot-ams-1 sshd[11061]: Invalid user wry from 137.116.144.39 port 49730","@timestamp":"2022-09-12T00:48:15.348Z"}
{"@timestamp":"2022-09-12T00:54:42.797Z","@version":"1","message":"Sep 12 00:54:42 honeypot-sgp-1 kernel: [83820194.558477] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.163.23.25 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=30351 DF PROTO=TCP SPT=61571 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:02:15 honeypot-ams-1 sshd[11068]: Connection closed by invalid user support 122.165.220.183 port 48683 [preauth]","@timestamp":"2022-09-12T01:02:16.727Z"}
{"@timestamp":"2022-09-12T01:02:32.986Z","@version":"1","message":"Sep 12 01:02:32 honeypot-sgp-1 sshd[7234]: Received disconnect from 92.255.85.69 port 26252:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:05:49 honeypot-fra-1 sshd[1418]: Received disconnect from 92.255.85.70 port 20286:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:05:50.456Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:10:38 honeypot-ams-1 sshd[11073]: Invalid user admin from 99.97.212.80 port 43148","@timestamp":"2022-09-12T01:10:38.952Z"}
{"@timestamp":"2022-09-12T01:13:43.258Z","@version":"1","message":"Sep 12 01:13:42 honeypot-sgp-1 sshd[7241]: Invalid user monitor from 27.74.254.115 port 52690","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:14:15 honeypot-fra-1 sshd[1423]: Did not receive identification string from 118.193.59.5 port 38966","@timestamp":"2022-09-12T01:14:15.649Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:09 honeypot-ams-1 sshd[11078]: Disconnected from invalid user user 45.61.186.249 port 52600 [preauth]","@timestamp":"2022-09-12T01:15:10.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:28 honeypot-ams-1 sshd[11083]: Received disconnect from 45.61.186.249 port 47054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:15:29.086Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:48 honeypot-ams-1 sshd[11087]: Received disconnect from 45.61.186.249 port 41512:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:15:49.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:57 honeypot-ams-1 sshd[11091]: Received disconnect from 45.61.186.249 port 52908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:15:58.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:06 honeypot-ams-1 sshd[11095]: Received disconnect from 45.61.186.249 port 35964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:16:07.107Z"}
{"@timestamp":"2022-09-12T01:16:19.322Z","@version":"1","message":"Sep 12 01:16:19 honeypot-sgp-1 sshd[7245]: Invalid user hvq from 103.174.114.55 port 45010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:20 honeypot-ams-1 sshd[11099]: Received disconnect from 198.98.61.9 port 45968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:16:21.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:40 honeypot-ams-1 sshd[11103]: Received disconnect from 198.98.61.9 port 40752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:16:41.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:17:01 honeypot-ams-1 CRON[11108]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T01:17:02.138Z"}
{"@timestamp":"2022-09-12T01:17:02.342Z","@version":"1","message":"Sep 12 01:17:01 honeypot-sgp-1 CRON[7247]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:17:04 honeypot-fra-1 sshd[1431]: Received disconnect from 60.10.160.76 port 49648:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:17:04.717Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:22:27 honeypot-ams-1 sshd[11117]: Received disconnect from 2.44.166.148 port 40982:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:22:28.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:23:37 honeypot-ams-1 sshd[11122]: Received disconnect from 157.245.122.58 port 43386:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:23:38.322Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:25:12 honeypot-ams-1 kernel: [83822497.851633] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.169.67.183 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=46748 DF PROTO=TCP SPT=52741 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:25:13.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:26:13 honeypot-ams-1 sshd[11129]: Disconnected from invalid user jonitiso 157.245.122.58 port 55762 [preauth]","@timestamp":"2022-09-12T01:26:13.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:04 honeypot-ams-1 sshd[11134]: Received disconnect from 157.245.122.58 port 41062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:27:05.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:35 honeypot-ams-1 sshd[11138]: Received disconnect from 45.61.186.169 port 42426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:27:35.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:52 honeypot-ams-1 sshd[11142]: Received disconnect from 45.61.186.169 port 37698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:27:53.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:08 honeypot-ams-1 sshd[11146]: Received disconnect from 45.61.186.169 port 32992:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:28:08.458Z"}
{"@timestamp":"2022-09-12T01:28:16.616Z","@version":"1","message":"Sep 12 01:28:15 honeypot-sgp-1 kernel: [83822207.977913] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65267 PROTO=TCP SPT=38978 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:29:05 honeypot-fra-1 sshd[1438]: Disconnected from authenticating user root 92.255.85.70 port 19684 [preauth]","@timestamp":"2022-09-12T01:29:05.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:31:06 honeypot-ams-1 sshd[11150]: Received disconnect from 92.255.85.69 port 35392:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:31:07.542Z"}
{"@timestamp":"2022-09-12T01:31:57.726Z","@version":"1","message":"Sep 12 01:31:57 honeypot-sgp-1 kernel: [83822429.526048] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=52639 PROTO=TCP SPT=44300 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:30 honeypot-fra-1 sshd[1448]: Did not receive identification string from 49.234.154.127 port 52412","@timestamp":"2022-09-12T01:37:31.188Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1466]: Invalid user user from 49.234.154.127 port 33902","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1464]: Invalid user oracle from 49.234.154.127 port 33852","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1456]: Connection closed by invalid user spark 49.234.154.127 port 33916 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1460]: Connection closed by invalid user git 49.234.154.127 port 33876 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:33 honeypot-fra-1 sshd[1462]: Invalid user weblogic from 49.234.154.127 port 33882","@timestamp":"2022-09-12T01:37:34.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:34 honeypot-fra-1 sshd[1497]: Invalid user oracle from 49.234.154.127 port 33844","@timestamp":"2022-09-12T01:37:35.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:37 honeypot-fra-1 sshd[1465]: Invalid user test from 49.234.154.127 port 33922","@timestamp":"2022-09-12T01:37:37.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:40 honeypot-fra-1 sshd[1499]: Invalid user www from 49.234.154.127 port 33860","@timestamp":"2022-09-12T01:37:41.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:38:03 honeypot-ams-1 sshd[11154]: Connection closed by 192.241.219.71 port 51572 [preauth]","@timestamp":"2022-09-12T01:38:04.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:42:58 honeypot-ams-1 sshd[11157]: Disconnected from authenticating user root 80.76.51.45 port 43600 [preauth]","@timestamp":"2022-09-12T01:42:58.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:43:30 honeypot-ams-1 sshd[11162]: Disconnected from invalid user test 80.76.51.45 port 38404 [preauth]","@timestamp":"2022-09-12T01:43:30.892Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:15 honeypot-ams-1 sshd[11168]: Received disconnect from 80.76.51.45 port 44914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:44:15.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:59 honeypot-ams-1 sshd[11174]: Received disconnect from 80.76.51.45 port 51424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:45:00.941Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:44 honeypot-ams-1 sshd[11180]: Invalid user user from 80.76.51.45 port 57874","@timestamp":"2022-09-12T01:45:44.965Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:58 honeypot-ams-1 sshd[11182]: Disconnected from invalid user git 80.76.51.45 port 41106 [preauth]","@timestamp":"2022-09-12T01:45:58.973Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:48:27 honeypot-fra-1 sshd[1508]: Disconnected from invalid user kevin 165.22.45.108 port 54458 [preauth]","@timestamp":"2022-09-12T01:48:27.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T01:50:19.177Z","@version":"1","message":"Sep 12 01:50:18 honeypot-sgp-1 sshd[7264]: Invalid user banner from 202.29.13.51 port 58580","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:55:16 honeypot-ams-1 sshd[11187]: Received disconnect from 92.255.85.69 port 26326:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:55:17.225Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:56:12 honeypot-fra-1 sshd[1513]: Disconnected from invalid user akiko 179.27.60.34 port 61201 [preauth]","@timestamp":"2022-09-12T01:56:13.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:01:17.447Z","@version":"1","message":"Sep 12 02:01:17 honeypot-sgp-1 kernel: [83824189.537607] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=61894 DF PROTO=TCP SPT=62785 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:02:14 honeypot-ams-1 sshd[11192]: Received disconnect from 123.157.77.200 port 45570:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:02:15.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:37 honeypot-fra-1 sshd[1520]: Invalid user admin from 62.204.41.222 port 56546","@timestamp":"2022-09-12T02:06:37.849Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:53 honeypot-fra-1 sshd[1524]: Invalid user user from 45.61.186.169 port 40654","@timestamp":"2022-09-12T02:06:53.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:11 honeypot-fra-1 sshd[1528]: Invalid user user from 45.61.186.169 port 35504","@timestamp":"2022-09-12T02:07:11.885Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:27 honeypot-fra-1 sshd[1532]: Invalid user user from 45.61.186.169 port 58594","@timestamp":"2022-09-12T02:07:27.892Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:09:12 honeypot-ams-1 kernel: [83825137.147289] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.188 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35532 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:09:12.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:10:44 honeypot-fra-1 kernel: [83823072.907312] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=764 PROTO=TCP SPT=57371 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:10:44.967Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T02:13:42.754Z","@version":"1","message":"Sep 12 02:13:42 honeypot-sgp-1 sshd[7274]: Invalid user operator from 212.33.250.241 port 36870","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:15:24 honeypot-fra-1 sshd[1539]: Received disconnect from 92.255.85.70 port 50854:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:15:24.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:18:28 honeypot-ams-1 sshd[11213]: Disconnected from authenticating user root 92.255.85.70 port 44208 [preauth]","@timestamp":"2022-09-12T02:18:28.852Z"}
{"@timestamp":"2022-09-12T02:18:40.879Z","@version":"1","message":"Sep 12 02:18:40 honeypot-sgp-1 kernel: [83825232.726300] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.23.212.173 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=106 ID=10522 DF PROTO=TCP SPT=59204 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:23:40 honeypot-fra-1 sshd[1546]: Received disconnect from 165.22.45.108 port 59870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:23:40.265Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:28:43 honeypot-ams-1 sshd[11216]: Disconnected from invalid user odoo 95.85.27.201 port 33646 [preauth]","@timestamp":"2022-09-12T02:28:44.127Z"}
{"@timestamp":"2022-09-12T02:31:00.188Z","@version":"1","message":"Sep 12 02:30:59 honeypot-sgp-1 sshd[7283]: Received disconnect from 178.154.203.18 port 50780:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T02:32:02.216Z","@version":"1","message":"Sep 12 02:32:01 honeypot-sgp-1 sshd[7285]: Disconnected from invalid user friends 139.59.127.73 port 38986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T02:37:12.343Z","@version":"1","message":"Sep 12 02:37:11 honeypot-sgp-1 kernel: [83826343.853259] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=124 ID=15185 DF PROTO=TCP SPT=59134 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:39:16 honeypot-ams-1 kernel: [83826941.250097] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.237.46.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=49872 PROTO=TCP SPT=64984 DPT=443 WINDOW=42888 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:39:16.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:44:26 honeypot-fra-1 kernel: [83825094.900852] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.248.28 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65327 PROTO=TCP SPT=14841 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:44:26.731Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:51:35 honeypot-ams-1 kernel: [83827680.354757] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38819 PROTO=TCP SPT=50489 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:51:35.746Z"}
{"@timestamp":"2022-09-12T02:53:14.729Z","@version":"1","message":"Sep 12 02:53:14 honeypot-sgp-1 kernel: [83827306.330181] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.135.86.121 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=39771 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:56:24 honeypot-fra-1 sshd[1557]: Invalid user gzuser from 210.4.123.219 port 59553","@timestamp":"2022-09-12T02:56:24.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:58:54 honeypot-fra-1 sshd[1561]: Invalid user kevin from 165.22.45.108 port 36698","@timestamp":"2022-09-12T02:58:55.055Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:07:05.069Z","@version":"1","message":"Sep 12 03:07:04 honeypot-sgp-1 kernel: [83828136.193981] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=165.227.232.51 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48239 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:07:11 honeypot-fra-1 kernel: [83826459.675413] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.111 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=32735 PROTO=TCP SPT=17898 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:07:12.238Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:08:04 honeypot-ams-1 kernel: [83828669.110764] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=41676 PROTO=TCP SPT=52039 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:08:04.189Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:16:32 honeypot-fra-1 kernel: [83827020.891240] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=53166 PROTO=TCP SPT=51603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:16:33.447Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:19:01 honeypot-ams-1 kernel: [83829326.158108] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.141.35 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=43739 PROTO=TCP SPT=18135 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:19:01.478Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:19:25 honeypot-fra-1 sshd[1575]: Invalid user admin from 121.171.55.115 port 55119","@timestamp":"2022-09-12T03:19:25.514Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:23:42.474Z","@version":"1","message":"Sep 12 03:23:41 honeypot-sgp-1 sshd[7312]: Received disconnect from 92.255.85.70 port 25362:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:28:31 honeypot-ams-1 sshd[11240]: Disconnected from authenticating user root 92.255.85.70 port 50216 [preauth]","@timestamp":"2022-09-12T03:28:31.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:38 honeypot-ams-1 sshd[11245]: Received disconnect from 45.61.184.204 port 41044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:29:38.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:55 honeypot-ams-1 sshd[11249]: Received disconnect from 45.61.184.204 port 36350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:29:56.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:13 honeypot-ams-1 sshd[11253]: Received disconnect from 45.61.184.204 port 59774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:30:13.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:31:17 honeypot-fra-1 sshd[1582]: Invalid user cyrus from 159.65.129.227 port 52830","@timestamp":"2022-09-12T03:31:17.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:12 honeypot-fra-1 sshd[1585]: Disconnected from invalid user user 45.61.184.204 port 39130 [preauth]","@timestamp":"2022-09-12T03:32:12.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:31 honeypot-fra-1 sshd[1589]: Disconnected from invalid user user 45.61.184.204 port 33722 [preauth]","@timestamp":"2022-09-12T03:32:31.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:48 honeypot-fra-1 sshd[1593]: Disconnected from invalid user user 45.61.184.204 port 56550 [preauth]","@timestamp":"2022-09-12T03:32:48.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:33:05 honeypot-fra-1 sshd[1597]: Disconnected from invalid user user 45.61.184.204 port 51136 [preauth]","@timestamp":"2022-09-12T03:33:05.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:34:02.756Z","@version":"1","message":"Sep 12 03:34:01 honeypot-sgp-1 sshd[7318]: Received disconnect from 68.183.25.156 port 48138:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:36:02 honeypot-ams-1 kernel: [83830347.221570] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.215.252 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58000 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:36:02.943Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:45:14 honeypot-fra-1 kernel: [83828742.555989] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.236 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36154 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:45:15.101Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T03:46:47.067Z","@version":"1","message":"Sep 12 03:46:46 honeypot-sgp-1 sshd[7324]: Received disconnect from 92.255.85.70 port 17724:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:49:50 honeypot-ams-1 kernel: [83831175.930701] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=28975 DF PROTO=TCP SPT=53828 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:49:51.306Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:52:03 honeypot-ams-1 kernel: [83831308.815635] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.88.49.77 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=28394 DF PROTO=TCP SPT=61814 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:52:04.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:31 honeypot-ams-1 sshd[11269]: Disconnected from authenticating user root 46.19.141.122 port 33766 [preauth]","@timestamp":"2022-09-12T03:52:31.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:53:20 honeypot-ams-1 sshd[11275]: Disconnected from authenticating user root 46.19.141.122 port 50646 [preauth]","@timestamp":"2022-09-12T03:53:20.409Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:33 honeypot-ams-1 sshd[11279]: Disconnected from invalid user ubuntu 46.19.141.122 port 47740 [preauth]","@timestamp":"2022-09-12T03:54:34.441Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:50 honeypot-ams-1 sshd[11283]: Disconnected from authenticating user root 46.19.141.122 port 56180 [preauth]","@timestamp":"2022-09-12T03:54:51.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:55:38 honeypot-ams-1 sshd[11288]: Disconnected from invalid user ubnt 46.19.141.122 port 44828 [preauth]","@timestamp":"2022-09-12T03:55:38.475Z"}
{"@timestamp":"2022-09-12T03:57:20.324Z","@version":"1","message":"Sep 12 03:57:20 honeypot-sgp-1 sshd[7329]: Invalid user gaby from 64.227.98.3 port 52250","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:57:58 honeypot-ams-1 sshd[11294]: Invalid user admin from 62.204.41.222 port 45124","@timestamp":"2022-09-12T03:57:58.539Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:00:46 honeypot-ams-1 kernel: [83831831.594726] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=7388 DF PROTO=TCP SPT=62876 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T04:00:47.617Z"}
{"@timestamp":"2022-09-12T04:02:18.449Z","@version":"1","message":"Sep 12 04:02:17 honeypot-sgp-1 sshd[7334]: Disconnected from authenticating user root 157.245.122.58 port 35768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:04:19.504Z","@version":"1","message":"Sep 12 04:04:18 honeypot-sgp-1 sshd[7341]: Received disconnect from 157.245.122.58 port 34606:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:04:58 honeypot-ams-1 kernel: [83832083.491995] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=10904 PROTO=TCP SPT=34128 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:04:58.731Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:05:12 honeypot-fra-1 sshd[1610]: Invalid user kiss from 141.98.10.158 port 58754","@timestamp":"2022-09-12T04:05:12.580Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:06:14.554Z","@version":"1","message":"Sep 12 04:06:13 honeypot-sgp-1 sshd[7345]: Received disconnect from 157.245.122.58 port 33448:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:08:08.603Z","@version":"1","message":"Sep 12 04:08:08 honeypot-sgp-1 sshd[7349]: Received disconnect from 157.245.122.58 port 60518:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:09:01.627Z","@version":"1","message":"Sep 12 04:09:00 honeypot-sgp-1 sshd[7354]: Disconnected from invalid user cypress 157.245.122.58 port 45814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:46 honeypot-fra-1 sshd[1616]: Invalid user testuser from 204.44.66.189 port 59052","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1618]: Invalid user user from 204.44.66.189 port 59038","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1621]: Invalid user www from 204.44.66.189 port 59080","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1631]: Invalid user chia from 204.44.66.189 port 59064","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1627]: Connection closed by invalid user admin 204.44.66.189 port 59100 [preauth]","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1637]: Connection closed by invalid user testuser 204.44.66.189 port 59074 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1632]: Connection closed by invalid user chia 204.44.66.189 port 59108 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1620]: Connection closed by invalid user ubuntu 204.44.66.189 port 59060 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1643]: Connection closed by authenticating user root 204.44.66.189 port 59044 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:17:01 honeypot-ams-1 CRON[11307]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T04:17:02.053Z"}
{"@timestamp":"2022-09-12T04:17:07.827Z","@version":"1","message":"Sep 12 04:17:07 honeypot-sgp-1 kernel: [83832339.719228] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51287 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:41.843Z","@version":"1","message":"Sep 12 04:17:41 honeypot-sgp-1 sshd[7365]: Received disconnect from 45.61.186.169 port 40722:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:58.852Z","@version":"1","message":"Sep 12 04:17:58 honeypot-sgp-1 sshd[7369]: Received disconnect from 45.61.186.169 port 35748:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:18:14.860Z","@version":"1","message":"Sep 12 04:18:14 honeypot-sgp-1 sshd[7373]: Received disconnect from 45.61.186.169 port 58920:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:19:18.890Z","@version":"1","message":"Sep 12 04:19:18 honeypot-sgp-1 kernel: [83832470.693682] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=3.92.87.63 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=6231 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:19:44 honeypot-fra-1 sshd[1674]: Invalid user sinusbot from 165.22.56.109 port 54594","@timestamp":"2022-09-12T04:19:44.902Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:19:51 honeypot-ams-1 sshd[11313]: Did not receive identification string from 45.61.186.49 port 53960","@timestamp":"2022-09-12T04:19:52.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:13 honeypot-ams-1 sshd[11316]: Disconnected from invalid user user 45.61.186.49 port 44426 [preauth]","@timestamp":"2022-09-12T04:20:14.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:23 honeypot-ams-1 sshd[11320]: Disconnected from invalid user user 45.61.186.49 port 56372 [preauth]","@timestamp":"2022-09-12T04:20:24.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:23:58 honeypot-fra-1 sshd[1679]: Received disconnect from 134.209.198.12 port 59172:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:23:58.998Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:26:05.058Z","@version":"1","message":"Sep 12 04:26:04 honeypot-sgp-1 sshd[7381]: Connection closed by invalid user manager 103.188.176.251 port 35924 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:33 honeypot-ams-1 sshd[11326]: Invalid user admin from 80.76.51.43 port 56006","@timestamp":"2022-09-12T04:30:33.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:31:03 honeypot-ams-1 sshd[11330]: Invalid user admin from 80.76.51.43 port 55486","@timestamp":"2022-09-12T04:31:03.437Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:34:44 honeypot-fra-1 kernel: [83831712.475981] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=21377 PROTO=TCP SPT=55985 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:34:45.238Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:39:56 honeypot-ams-1 sshd[11337]: Did not receive identification string from 45.61.184.204 port 35596","@timestamp":"2022-09-12T04:39:56.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:12 honeypot-ams-1 sshd[11340]: Disconnected from invalid user user 45.61.184.204 port 55534 [preauth]","@timestamp":"2022-09-12T04:40:12.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:31 honeypot-ams-1 sshd[11344]: Received disconnect from 45.61.184.204 port 51466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:40:31.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:51 honeypot-ams-1 sshd[11348]: Invalid user user from 45.61.184.204 port 47470","@timestamp":"2022-09-12T04:40:51.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:42:51 honeypot-ams-1 sshd[11352]: Received disconnect from 35.204.72.77 port 56148:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:42:51.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:42:59 honeypot-fra-1 sshd[1688]: Invalid user qgq from 159.223.95.166 port 59870","@timestamp":"2022-09-12T04:42:59.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:45:22 honeypot-fra-1 sshd[1692]: Invalid user kf from 165.22.45.108 port 51854","@timestamp":"2022-09-12T04:45:23.478Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:49:56.654Z","@version":"1","message":"Sep 12 04:49:56 honeypot-sgp-1 sshd[7400]: Invalid user ah from 217.147.1.240 port 48866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:50:43 honeypot-ams-1 sshd[11356]: Disconnected from authenticating user root 14.161.50.120 port 42577 [preauth]","@timestamp":"2022-09-12T04:50:43.994Z"}
{"@timestamp":"2022-09-12T04:51:22.692Z","@version":"1","message":"Sep 12 04:51:22 honeypot-sgp-1 sshd[7404]: Disconnected from 157.245.9.6 port 49146 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1698]: Did not receive identification string from 212.87.251.118 port 45092","@timestamp":"2022-09-12T04:55:36.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1702]: Invalid user es from 212.87.251.118 port 45318","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1705]: Invalid user www from 212.87.251.118 port 45336","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1715]: Invalid user chia from 212.87.251.118 port 45364","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1724]: Invalid user postgres from 212.87.251.118 port 45394","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1707]: Connection closed by invalid user ubuntu 212.87.251.118 port 45338 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1704]: Connection closed by invalid user web 212.87.251.118 port 45320 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1717]: Connection closed by invalid user user 212.87.251.118 port 45372 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1724]: Connection closed by invalid user postgres 212.87.251.118 port 45394 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1730]: Invalid user mysql from 212.87.251.118 port 45426","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:37 honeypot-fra-1 sshd[1730]: Connection closed by invalid user mysql 212.87.251.118 port 45426 [preauth]","@timestamp":"2022-09-12T04:55:37.707Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:56:22 honeypot-ams-1 sshd[11363]: Disconnected from invalid user teamcity 210.16.201.131 port 59640 [preauth]","@timestamp":"2022-09-12T04:56:23.146Z"}
{"@timestamp":"2022-09-12T04:59:13.885Z","@version":"1","message":"Sep 12 04:59:13 honeypot-sgp-1 sshd[7410]: Disconnected from invalid user user 45.61.186.49 port 35332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:59:22.890Z","@version":"1","message":"Sep 12 04:59:22 honeypot-sgp-1 sshd[7414]: Disconnected from invalid user user 45.61.186.49 port 46746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:03:21.986Z","@version":"1","message":"Sep 12 05:03:21 honeypot-sgp-1 kernel: [83835113.823318] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47845 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:07:05 honeypot-fra-1 sshd[1766]: Invalid user user from 176.126.166.60 port 36250","@timestamp":"2022-09-12T05:07:05.959Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:12:10 honeypot-ams-1 kernel: [83836115.198836] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.156.73.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=42809 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:12:10.565Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:14:38 honeypot-fra-1 sshd[1770]: Disconnected from authenticating user root 146.59.226.228 port 56856 [preauth]","@timestamp":"2022-09-12T05:14:39.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:14:52 honeypot-ams-1 sshd[11826]: Invalid user user from 45.61.186.249 port 37598","@timestamp":"2022-09-12T05:14:52.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:10 honeypot-ams-1 sshd[11830]: Invalid user user from 45.61.186.249 port 60914","@timestamp":"2022-09-12T05:15:11.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:28 honeypot-ams-1 sshd[11834]: Invalid user user from 45.61.186.249 port 55998","@timestamp":"2022-09-12T05:15:29.660Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:15:47 honeypot-ams-1 kernel: [83836332.642044] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.123.184.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12570 PROTO=TCP SPT=59735 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:15:48.671Z"}
{"@timestamp":"2022-09-12T05:16:54.317Z","@version":"1","message":"Sep 12 05:16:53 honeypot-sgp-1 sshd[7423]: Received disconnect from 49.0.129.25 port 41846:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:19:06.374Z","@version":"1","message":"Sep 12 05:19:05 honeypot-sgp-1 sshd[7429]: Invalid user qk from 159.89.173.162 port 53332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:19:52.396Z","@version":"1","message":"Sep 12 05:19:51 honeypot-sgp-1 sshd[7433]: Disconnected from authenticating user root 43.154.183.166 port 34358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:19:52 honeypot-fra-1 sshd[1778]: Received disconnect from 114.247.103.218 port 24933:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:19:53.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:21:06 honeypot-fra-1 sshd[1782]: Disconnected from authenticating user root 195.24.207.199 port 37970 [preauth]","@timestamp":"2022-09-12T05:21:07.275Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:24:44 honeypot-ams-1 kernel: [83836869.416586] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=54984 DF PROTO=TCP SPT=55439 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T05:24:44.911Z"}
{"@timestamp":"2022-09-12T05:25:01.523Z","@version":"1","message":"Sep 12 05:25:01 honeypot-sgp-1 sshd[7440]: Received disconnect from 51.12.81.43 port 53902:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:21.698Z","@version":"1","message":"Sep 12 05:32:21 honeypot-sgp-1 sshd[7444]: Disconnected from invalid user user 45.61.187.160 port 50530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:41.710Z","@version":"1","message":"Sep 12 05:32:41 honeypot-sgp-1 sshd[7448]: Disconnected from invalid user user 45.61.187.160 port 45700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:33:00.719Z","@version":"1","message":"Sep 12 05:32:59 honeypot-sgp-1 sshd[7452]: Disconnected from invalid user user 45.61.187.160 port 40934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:33:17.727Z","@version":"1","message":"Sep 12 05:33:17 honeypot-sgp-1 sshd[7456]: Disconnected from invalid user user 45.61.187.160 port 36156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:00 honeypot-ams-1 sshd[11848]: Invalid user user from 45.61.187.160 port 48324","@timestamp":"2022-09-12T05:35:00.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:18 honeypot-ams-1 sshd[11852]: Invalid user user from 45.61.187.160 port 43020","@timestamp":"2022-09-12T05:35:19.194Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:36 honeypot-ams-1 sshd[11856]: Invalid user user from 45.61.187.160 port 37710","@timestamp":"2022-09-12T05:35:37.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:53 honeypot-ams-1 sshd[11860]: Invalid user user from 45.61.187.160 port 60636","@timestamp":"2022-09-12T05:35:54.212Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:39:49 honeypot-ams-1 sshd[11863]: Invalid user support from 107.179.222.3 port 57122","@timestamp":"2022-09-12T05:39:49.315Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:40:45 honeypot-fra-1 sshd[1788]: Connection closed by invalid user admin 52.148.87.44 port 39266 [preauth]","@timestamp":"2022-09-12T05:40:46.712Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:43:59.987Z","@version":"1","message":"Sep 12 05:43:59 honeypot-sgp-1 sshd[7463]: Disconnected from authenticating user root 92.255.85.69 port 35066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:39 honeypot-fra-1 sshd[1793]: Received disconnect from 141.255.162.226 port 33086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:44:39.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:43 honeypot-fra-1 sshd[1797]: Received disconnect from 141.255.162.226 port 54350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:44:43.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:47 honeypot-fra-1 sshd[1801]: Received disconnect from 141.255.162.226 port 40286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:44:47.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:49:27 honeypot-fra-1 kernel: [83836195.377581] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.225.195.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=38321 PROTO=TCP SPT=41760 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:49:27.910Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:49:56 honeypot-ams-1 sshd[11868]: Disconnected from invalid user user 68.183.236.92 port 52932 [preauth]","@timestamp":"2022-09-12T05:49:56.597Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:52:14 honeypot-ams-1 kernel: [83838519.348331] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.227.28.112 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=27272 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:52:14.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:54:53 honeypot-fra-1 sshd[1808]: Invalid user user from 45.61.187.160 port 41460","@timestamp":"2022-09-12T05:54:54.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:11 honeypot-fra-1 sshd[1812]: Invalid user user from 45.61.187.160 port 37436","@timestamp":"2022-09-12T05:55:12.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:28 honeypot-fra-1 sshd[1816]: Invalid user user from 45.61.187.160 port 33420","@timestamp":"2022-09-12T05:55:29.050Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:45 honeypot-fra-1 sshd[1820]: Invalid user user from 45.61.187.160 port 57630","@timestamp":"2022-09-12T05:55:46.058Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:58:18 honeypot-fra-1 sshd[1825]: Connection closed by authenticating user root 135.180.141.190 port 34128 [preauth]","@timestamp":"2022-09-12T05:58:19.116Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:00:52.394Z","@version":"1","message":"Sep 12 06:00:51 honeypot-sgp-1 sshd[7470]: Invalid user user from 141.255.162.226 port 59658","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:00:57.397Z","@version":"1","message":"Sep 12 06:00:57 honeypot-sgp-1 sshd[7474]: Invalid user user from 141.255.162.226 port 51802","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:02:18.432Z","@version":"1","message":"Sep 12 06:02:18 honeypot-sgp-1 kernel: [83838650.142815] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.223.115.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28959 PROTO=TCP SPT=41312 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:07:22.559Z","@version":"1","message":"Sep 12 06:07:22 honeypot-sgp-1 sshd[7577]: Received disconnect from 92.255.85.69 port 40154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:10:08 honeypot-fra-1 kernel: [83837436.611411] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.156.73.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=43293 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:10:09.377Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:12:45 honeypot-ams-1 sshd[11876]: Disconnected from authenticating user root 92.255.85.70 port 60026 [preauth]","@timestamp":"2022-09-12T06:12:45.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1929]: Disconnected from invalid user admin 185.196.220.81 port 52714 [preauth]","@timestamp":"2022-09-12T06:15:33.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1933]: Disconnected from invalid user ubnt 185.196.220.81 port 53856 [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1939]: Received disconnect from 185.196.220.81 port 55836:11: end [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1943]: Disconnected from authenticating user root 185.196.220.81 port 57136 [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1947]: Disconnected from invalid user admin 185.196.220.81 port 58598 [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1953]: Received disconnect from 185.196.220.81 port 60626:11: end [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1957]: Received disconnect from 185.196.220.81 port 33846:11: end [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1961]: Disconnected from authenticating user root 185.196.220.81 port 35494 [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1965]: Disconnected from invalid user user 185.196.220.81 port 37172 [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1971]: Invalid user admin from 185.196.220.81 port 39678","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1975]: Received disconnect from 185.196.220.81 port 41542:11: end [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1979]: Disconnected from invalid user Admin 185.196.220.81 port 43088 [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1983]: Disconnected from invalid user Admin 185.196.220.81 port 44628 [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1987]: Disconnected from invalid user user 185.196.220.81 port 46196 [preauth]","@timestamp":"2022-09-12T06:15:39.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:16:43 honeypot-fra-1 kernel: [83837831.287928] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=13133 PROTO=TCP SPT=25447 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:16:43.528Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T06:17:02.797Z","@version":"1","message":"Sep 12 06:17:01 honeypot-sgp-1 CRON[7580]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:20:47 honeypot-ams-1 kernel: [83840231.928601] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=33980 DF PROTO=TCP SPT=45918 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:20:47.393Z"}
{"@timestamp":"2022-09-12T06:23:26.954Z","@version":"1","message":"Sep 12 06:23:26 honeypot-sgp-1 kernel: [83839918.735464] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.120 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45862 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:25:57 honeypot-fra-1 kernel: [83838385.296335] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.134 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=27446 PROTO=TCP SPT=36887 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:25:57.738Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T06:31:31.160Z","@version":"1","message":"Sep 12 06:31:30 honeypot-sgp-1 sshd[7736]: Received disconnect from 92.255.85.70 port 35382:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:32:14 honeypot-fra-1 sshd[2135]: Received disconnect from 167.99.236.74 port 46296:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:32:14.878Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:32:15 honeypot-ams-1 sshd[12146]: Connection closed by 193.106.191.157 port 48454 [preauth]","@timestamp":"2022-09-12T06:32:15.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:35:06 honeypot-fra-1 sshd[2142]: Invalid user manager from 103.188.176.251 port 36248","@timestamp":"2022-09-12T06:35:06.946Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:39:40 honeypot-ams-1 kernel: [83841365.025426] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=33493 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:39:40.890Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:43:08 honeypot-fra-1 sshd[2146]: Connection closed by invalid user support 220.130.226.160 port 33551 [preauth]","@timestamp":"2022-09-12T06:43:08.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:43:42 honeypot-ams-1 sshd[12155]: Disconnected from invalid user user 45.61.187.160 port 50548 [preauth]","@timestamp":"2022-09-12T06:43:42.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:00 honeypot-ams-1 sshd[12159]: Received disconnect from 45.61.187.160 port 46294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T06:44:01.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:18 honeypot-ams-1 sshd[12163]: Invalid user user from 45.61.187.160 port 42082","@timestamp":"2022-09-12T06:44:18.017Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:34 honeypot-ams-1 sshd[12167]: Invalid user user from 45.61.187.160 port 37858","@timestamp":"2022-09-12T06:44:35.027Z"}
{"@timestamp":"2022-09-12T06:48:19.592Z","@version":"1","message":"Sep 12 06:48:18 honeypot-sgp-1 kernel: [83841410.868799] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.156.73.178 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39516 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:52:32 honeypot-fra-1 sshd[2155]: Received disconnect from 178.62.90.145 port 45758:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:52:32.338Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:52:50.705Z","@version":"1","message":"Sep 12 06:52:50 honeypot-sgp-1 sshd[7744]: Disconnected from 204.48.30.72 port 41388 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:54:19 honeypot-ams-1 sshd[12172]: Received disconnect from 68.183.142.49 port 39348:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:54:20.301Z"}
{"@timestamp":"2022-09-12T06:55:45.780Z","@version":"1","message":"Sep 12 06:55:45 honeypot-sgp-1 sshd[7750]: Received disconnect from 122.117.25.149 port 59757:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:57:36 honeypot-fra-1 sshd[2162]: Disconnected from authenticating user root 92.255.85.69 port 43168 [preauth]","@timestamp":"2022-09-12T06:57:37.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:57:45.833Z","@version":"1","message":"Sep 12 06:57:45 honeypot-sgp-1 sshd[7755]: Disconnected from invalid user service 165.227.83.174 port 42572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:04:16 honeypot-ams-1 sshd[12177]: Received disconnect from 64.227.134.110 port 35260:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:04:17.555Z"}
{"@timestamp":"2022-09-12T07:07:44.079Z","@version":"1","message":"Sep 12 07:07:43 honeypot-sgp-1 sshd[7763]: Invalid user User from 179.60.147.69 port 31332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:07:50 honeypot-fra-1 sshd[2167]: Connection closed by invalid user user 114.143.180.197 port 51915 [preauth]","@timestamp":"2022-09-12T07:07:50.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:24 honeypot-fra-1 sshd[2173]: Invalid user user from 45.61.184.204 port 45928","@timestamp":"2022-09-12T07:16:24.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:44 honeypot-fra-1 sshd[2177]: Invalid user user from 45.61.184.204 port 41268","@timestamp":"2022-09-12T07:16:44.884Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:17:01.311Z","@version":"1","message":"Sep 12 07:17:01 honeypot-sgp-1 CRON[7768]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:01 honeypot-fra-1 CRON[2183]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T07:17:01.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:09 honeypot-fra-1 sshd[2187]: Received disconnect from 45.61.184.204 port 48422:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:17:10.896Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:17:16 honeypot-ams-1 sshd[12186]: Received disconnect from 147.182.219.221 port 54046:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:17:16.890Z"}
{"@timestamp":"2022-09-12T07:21:29.423Z","@version":"1","message":"Sep 12 07:21:28 honeypot-sgp-1 sshd[7777]: Invalid user user from 141.255.162.226 port 52784","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:32.424Z","@version":"1","message":"Sep 12 07:21:31 honeypot-sgp-1 sshd[7779]: Received disconnect from 141.255.162.226 port 52134:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:21:32 honeypot-fra-1 sshd[2191]: Received disconnect from 92.255.85.69 port 59382:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:21:33.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:21:36.428Z","@version":"1","message":"Sep 12 07:21:36 honeypot-sgp-1 sshd[7783]: Received disconnect from 141.255.162.226 port 37698:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:23:44 honeypot-ams-1 sshd[12189]: Disconnected from authenticating user root 92.255.85.69 port 53222 [preauth]","@timestamp":"2022-09-12T07:23:44.056Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:12 honeypot-fra-1 sshd[2200]: Invalid user user from 45.61.187.160 port 57040","@timestamp":"2022-09-12T07:26:12.124Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:30 honeypot-fra-1 sshd[2204]: Invalid user user from 45.61.187.160 port 52514","@timestamp":"2022-09-12T07:26:31.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:48 honeypot-fra-1 sshd[2208]: Invalid user user from 45.61.187.160 port 47962","@timestamp":"2022-09-12T07:26:48.141Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:27:00.594Z","@version":"1","message":"Sep 12 07:27:00 honeypot-sgp-1 sshd[7788]: Disconnected from authenticating user root 67.205.138.198 port 38254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:27:03 honeypot-fra-1 sshd[2212]: Invalid user user from 45.61.187.160 port 43446","@timestamp":"2022-09-12T07:27:04.149Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:22 honeypot-ams-1 sshd[12196]: Invalid user user from 45.61.186.249 port 43986","@timestamp":"2022-09-12T07:32:23.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:43 honeypot-ams-1 sshd[12200]: Invalid user user from 45.61.186.249 port 39720","@timestamp":"2022-09-12T07:32:43.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:33:01 honeypot-ams-1 sshd[12204]: Invalid user user from 45.61.186.249 port 35416","@timestamp":"2022-09-12T07:33:01.332Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:33 honeypot-fra-1 sshd[2217]: Disconnected from invalid user user 141.255.162.226 port 49506 [preauth]","@timestamp":"2022-09-12T07:33:33.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:34 honeypot-fra-1 sshd[2221]: Disconnected from invalid user user 141.255.162.226 port 56212 [preauth]","@timestamp":"2022-09-12T07:33:35.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:39 honeypot-fra-1 sshd[2225]: Disconnected from invalid user user 141.255.162.226 port 48100 [preauth]","@timestamp":"2022-09-12T07:33:40.296Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:34:58 honeypot-ams-1 sshd[12208]: Connection closed by 181.203.24.120 port 41270 [preauth]","@timestamp":"2022-09-12T07:34:59.383Z"}
{"@timestamp":"2022-09-12T07:35:25.805Z","@version":"1","message":"Sep 12 07:35:24 honeypot-sgp-1 kernel: [83844236.811358] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.156.155.3 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37145 PROTO=TCP SPT=57875 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:41:51 honeypot-fra-1 sshd[2230]: Received disconnect from 143.244.158.100 port 38470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:41:51.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:42:07 honeypot-fra-1 sshd[2234]: Received disconnect from 165.22.45.108 port 49332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:42:08.488Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:43:37 honeypot-fra-1 sshd[2240]: Received disconnect from 143.244.158.100 port 49596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:43:37.526Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:44:28 honeypot-fra-1 sshd[2244]: Disconnected from authenticating user root 143.244.158.100 port 38568 [preauth]","@timestamp":"2022-09-12T07:44:29.548Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:44:33.031Z","@version":"1","message":"Sep 12 07:44:32 honeypot-sgp-1 kernel: [83844784.531793] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.156.155.3 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19359 PROTO=TCP SPT=57875 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:44:58 honeypot-ams-1 sshd[12212]: Connection closed by invalid user User 179.60.147.69 port 18086 [preauth]","@timestamp":"2022-09-12T07:44:58.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:46:06 honeypot-fra-1 sshd[2251]: Received disconnect from 143.244.158.100 port 46834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:46:07.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:46:53 honeypot-fra-1 sshd[2255]: Disconnected from authenticating user root 143.244.158.100 port 33064 [preauth]","@timestamp":"2022-09-12T07:46:54.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:49:09 honeypot-fra-1 kernel: [83843376.663860] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=72.68.192.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45544 PROTO=TCP SPT=57655 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:49:09.663Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:50:52 honeypot-fra-1 sshd[2266]: Disconnected from authenticating user root 143.244.158.100 port 43040 [preauth]","@timestamp":"2022-09-12T07:50:52.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:53:15 honeypot-fra-1 sshd[2272]: Received disconnect from 143.244.158.100 port 50762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:53:15.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:54:31 honeypot-fra-1 sshd[2276]: Connection closed by invalid user User 179.60.147.69 port 59016 [preauth]","@timestamp":"2022-09-12T07:54:31.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:56:34 honeypot-fra-1 sshd[2283]: Disconnected from authenticating user root 143.244.158.100 port 44682 [preauth]","@timestamp":"2022-09-12T07:56:34.840Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:56:53 honeypot-ams-1 sshd[12219]: Invalid user support from 58.248.167.244 port 36348","@timestamp":"2022-09-12T07:56:53.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:59:01 honeypot-fra-1 sshd[2290]: Received disconnect from 143.244.158.100 port 39092:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:59:01.898Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:59:19.396Z","@version":"1","message":"Sep 12 07:59:19 honeypot-sgp-1 kernel: [83845671.173422] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.142 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=50638 PROTO=TCP SPT=43231 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:59:51 honeypot-fra-1 sshd[2295]: Disconnected from authenticating user root 143.244.158.100 port 49964 [preauth]","@timestamp":"2022-09-12T07:59:51.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:01:52 honeypot-fra-1 kernel: [83844140.062715] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.75 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=40392 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-12T08:01:52.967Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:03:12 honeypot-fra-1 sshd[2306]: Disconnected from authenticating user root 143.244.158.100 port 49078 [preauth]","@timestamp":"2022-09-12T08:03:13.000Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:30 honeypot-ams-1 sshd[12225]: Invalid user user from 45.61.186.249 port 47050","@timestamp":"2022-09-12T08:04:31.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:04:46 honeypot-fra-1 sshd[2312]: Disconnected from authenticating user root 143.244.158.100 port 37890 [preauth]","@timestamp":"2022-09-12T08:04:47.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:51 honeypot-ams-1 sshd[12229]: Invalid user user from 45.61.186.249 port 42648","@timestamp":"2022-09-12T08:04:52.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:09 honeypot-ams-1 sshd[12233]: Invalid user user from 45.61.186.249 port 38268","@timestamp":"2022-09-12T08:05:09.169Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:05:28 honeypot-ams-1 kernel: [83846513.535473] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.213.214.154 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=7825 PROTO=TCP SPT=62280 DPT=443 WINDOW=38432 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:05:29.179Z"}
{"@timestamp":"2022-09-12T08:05:58.585Z","@version":"1","message":"Sep 12 08:05:58 honeypot-sgp-1 kernel: [83846070.128312] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=7154 PROTO=TCP SPT=43015 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:07:08 honeypot-fra-1 sshd[2319]: Received disconnect from 143.244.158.100 port 60916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:07:09.094Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:08:17 honeypot-fra-1 sshd[2323]: Disconnected from invalid user baikal 92.255.85.69 port 32506 [preauth]","@timestamp":"2022-09-12T08:08:18.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:10:23 honeypot-fra-1 sshd[2330]: Received disconnect from 143.244.158.100 port 49980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:10:24.172Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:11:07 honeypot-ams-1 kernel: [83846852.379016] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=13991 DF PROTO=TCP SPT=54781 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T08:11:08.328Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:11:15 honeypot-fra-1 sshd[2355]: Received disconnect from 207.154.205.34 port 40724:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:11:15.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:12:49 honeypot-fra-1 sshd[2362]: Received disconnect from 143.244.158.100 port 52260:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:12:49.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:13:41 honeypot-fra-1 sshd[2366]: Disconnected from authenticating user root 143.244.158.100 port 45578 [preauth]","@timestamp":"2022-09-12T08:13:41.255Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:15:56 honeypot-fra-1 sshd[2372]: Connection closed by invalid user admin 103.36.122.131 port 42969 [preauth]","@timestamp":"2022-09-12T08:15:57.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:16:59 honeypot-fra-1 sshd[2378]: Received disconnect from 143.244.158.100 port 50202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:16:59.336Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:17:01.864Z","@version":"1","message":"Sep 12 08:17:01 honeypot-sgp-1 CRON[7813]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:18:23 honeypot-ams-1 sshd[12246]: Received disconnect from 103.133.57.242 port 45596:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:18:23.517Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:18:35 honeypot-fra-1 sshd[2386]: Received disconnect from 143.244.158.100 port 35532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:18:35.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:20:19 honeypot-fra-1 sshd[2390]: Disconnected from authenticating user root 143.244.158.100 port 33534 [preauth]","@timestamp":"2022-09-12T08:20:19.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:20:43.959Z","@version":"1","message":"Sep 12 08:20:43 honeypot-sgp-1 sshd[7842]: Received disconnect from 181.188.180.226 port 42558:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:20:47 honeypot-ams-1 sshd[12251]: Connection closed by invalid user User 179.60.147.69 port 41588 [preauth]","@timestamp":"2022-09-12T08:20:48.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:46 honeypot-ams-1 sshd[12256]: Invalid user user from 141.255.162.226 port 41536","@timestamp":"2022-09-12T08:21:47.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:52 honeypot-ams-1 sshd[12260]: Invalid user user from 141.255.162.226 port 55302","@timestamp":"2022-09-12T08:21:52.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:54 honeypot-ams-1 sshd[12264]: Invalid user user from 141.255.162.226 port 33944","@timestamp":"2022-09-12T08:21:54.619Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:21:58 honeypot-fra-1 sshd[2396]: Received disconnect from 143.244.158.100 port 46350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:21:59.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:24:23 honeypot-fra-1 sshd[2403]: Received disconnect from 143.244.158.100 port 44394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:24:23.512Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:25:18.076Z","@version":"1","message":"Sep 12 08:25:17 honeypot-sgp-1 sshd[7846]: Received disconnect from 101.32.11.149 port 45144:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:28:12 honeypot-fra-1 kernel: [83845720.276772] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.57.122.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=51751 PROTO=TCP SPT=48187 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:28:13.600Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:28:34 honeypot-ams-1 kernel: [83847898.886307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45797 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:28:34.810Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:34:49 honeypot-fra-1 sshd[2429]: Invalid user default from 159.65.136.44 port 49936","@timestamp":"2022-09-12T08:34:49.751Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:36:17 honeypot-ams-1 sshd[12289]: Received disconnect from 157.230.233.185 port 34112:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:36:18.012Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:37:13 honeypot-ams-1 kernel: [83848417.966637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.120.202.242 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=21082 DF PROTO=TCP SPT=51092 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:37:14.041Z"}
{"@timestamp":"2022-09-12T08:40:32.454Z","@version":"1","message":"Sep 12 08:40:31 honeypot-sgp-1 kernel: [83848143.376530] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.36.168.250 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=16931 PROTO=TCP SPT=51990 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:36.485Z","@version":"1","message":"Sep 12 08:41:35 honeypot-sgp-1 sshd[7855]: Received disconnect from 45.61.186.169 port 33716:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:52.493Z","@version":"1","message":"Sep 12 08:41:52 honeypot-sgp-1 sshd[7859]: Received disconnect from 45.61.186.169 port 57756:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:09.502Z","@version":"1","message":"Sep 12 08:42:08 honeypot-sgp-1 sshd[7863]: Received disconnect from 45.61.186.169 port 53554:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:34.515Z","@version":"1","message":"Sep 12 08:42:33 honeypot-sgp-1 kernel: [83848265.688421] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=7677 DF PROTO=TCP SPT=55514 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:43:57 honeypot-fra-1 sshd[2437]: Received disconnect from 162.241.222.29 port 56130:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:43:57.955Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:49:32 honeypot-ams-1 kernel: [83849157.519654] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.161.50.188 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=5421 DF PROTO=TCP SPT=20467 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:49:33.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:50:50 honeypot-fra-1 sshd[2443]: Received disconnect from 80.87.83.58 port 43164:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:50:51.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:52:00 honeypot-fra-1 sshd[2447]: Disconnected from invalid user kfinck 165.22.45.108 port 59040 [preauth]","@timestamp":"2022-09-12T08:52:01.139Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:53:30 honeypot-fra-1 sshd[2451]: Disconnected from authenticating user root 60.10.72.200 port 39317 [preauth]","@timestamp":"2022-09-12T08:53:31.175Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:53:39.790Z","@version":"1","message":"Sep 12 08:53:39 honeypot-sgp-1 sshd[7873]: Invalid user User from 179.60.147.69 port 31000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:14 honeypot-ams-1 sshd[12297]: Invalid user user from 141.255.162.226 port 40404","@timestamp":"2022-09-12T08:54:14.486Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:19 honeypot-ams-1 sshd[12301]: Invalid user user from 141.255.162.226 port 33164","@timestamp":"2022-09-12T08:54:20.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:21 honeypot-ams-1 sshd[12305]: Invalid user user from 141.255.162.226 port 40160","@timestamp":"2022-09-12T08:54:22.492Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:55:04 honeypot-fra-1 sshd[2457]: Received disconnect from 133.130.101.23 port 37480:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:55:04.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:57:48 honeypot-ams-1 sshd[12310]: Disconnected from authenticating user root 92.255.85.69 port 33178 [preauth]","@timestamp":"2022-09-12T08:57:48.583Z"}
{"@timestamp":"2022-09-12T09:00:02.952Z","@version":"1","message":"Sep 12 09:00:02 honeypot-sgp-1 sshd[7876]: Disconnected from authenticating user root 168.138.175.40 port 60798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:05:49 honeypot-fra-1 sshd[2463]: Invalid user User from 179.60.147.69 port 63242","@timestamp":"2022-09-12T09:05:50.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:10 honeypot-fra-1 sshd[2468]: Invalid user user from 45.61.186.49 port 49184","@timestamp":"2022-09-12T09:06:10.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:18 honeypot-fra-1 sshd[2472]: Invalid user user from 45.61.186.49 port 60792","@timestamp":"2022-09-12T09:06:19.470Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:06:29.139Z","@version":"1","message":"Sep 12 09:06:28 honeypot-sgp-1 kernel: [83849699.954580] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.65.119.94 DST=159.89.202.188 LEN=225 TOS=0x00 PREC=0x00 TTL=50 ID=60855 DF PROTO=TCP SPT=48425 DPT=80 WINDOW=14600 RES=0x00 ACK PSH FIN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:09:03 honeypot-fra-1 sshd[2474]: Connection closed by invalid user zabbix 103.188.176.251 port 34698 [preauth]","@timestamp":"2022-09-12T09:09:03.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:14:35 honeypot-ams-1 kernel: [83850660.258221] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=55127 PROTO=TCP SPT=43240 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:14:36.010Z"}
{"@timestamp":"2022-09-12T09:15:40.370Z","@version":"1","message":"Sep 12 09:15:39 honeypot-sgp-1 sshd[7882]: Received disconnect from 92.255.85.69 port 58958:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:17:01 honeypot-ams-1 CRON[12319]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T09:17:02.076Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:17:54 honeypot-fra-1 sshd[2483]: Invalid user rui from 123.1.234.238 port 37588","@timestamp":"2022-09-12T09:17:54.751Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:18:06.434Z","@version":"1","message":"Sep 12 09:18:06 honeypot-sgp-1 kernel: [83850398.039545] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=57486 DF PROTO=TCP SPT=52145 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:19:32 honeypot-fra-1 sshd[2488]: Received disconnect from 43.156.237.102 port 52186:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:19:32.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:19:40 honeypot-ams-1 kernel: [83850965.605742] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=11363 PROTO=TCP SPT=53367 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:19:41.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:20:36 honeypot-ams-1 sshd[12328]: Disconnected from invalid user test 92.50.249.166 port 52808 [preauth]","@timestamp":"2022-09-12T09:20:37.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:25:06 honeypot-ams-1 sshd[12336]: Invalid user o from 68.183.56.198 port 55968","@timestamp":"2022-09-12T09:25:07.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:26:51 honeypot-fra-1 sshd[2495]: Invalid user user from 190.202.146.30 port 34786","@timestamp":"2022-09-12T09:26:51.957Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:27:58.674Z","@version":"1","message":"Sep 12 09:27:58 honeypot-sgp-1 sshd[7891]: Connection closed by invalid user User 179.60.147.69 port 19866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:28:08 honeypot-fra-1 sshd[2500]: Disconnected from 68.183.25.156 port 39060 [preauth]","@timestamp":"2022-09-12T09:28:08.992Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:30:48 honeypot-ams-1 sshd[12341]: Connection closed by invalid user User 179.60.147.69 port 1782 [preauth]","@timestamp":"2022-09-12T09:30:48.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:36:28 honeypot-fra-1 sshd[2505]: Connection closed by invalid user yueyiran 137.116.144.39 port 34558 [preauth]","@timestamp":"2022-09-12T09:36:29.184Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:39:18.954Z","@version":"1","message":"Sep 12 09:39:18 honeypot-sgp-1 sshd[7900]: Disconnected from authenticating user root 92.255.85.70 port 38322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:39:52 honeypot-fra-1 sshd[2511]: Invalid user User from 179.60.147.69 port 32986","@timestamp":"2022-09-12T09:39:52.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:44:27 honeypot-ams-1 sshd[12346]: Disconnected from authenticating user root 92.255.85.70 port 48324 [preauth]","@timestamp":"2022-09-12T09:44:28.790Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:32 honeypot-fra-1 sshd[2519]: Invalid user admin from 178.219.115.231 port 35165","@timestamp":"2022-09-12T09:44:33.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:42 honeypot-fra-1 sshd[2523]: Received disconnect from 45.61.186.49 port 57458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:44:42.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:50 honeypot-fra-1 sshd[2527]: Received disconnect from 45.61.186.49 port 41148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:44:51.379Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:48:26.181Z","@version":"1","message":"Sep 12 09:48:25 honeypot-sgp-1 kernel: [83852216.982207] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=4946 DF PROTO=TCP SPT=51474 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:50:04 honeypot-fra-1 sshd[2533]: Disconnected from invalid user frederica 147.182.171.152 port 49236 [preauth]","@timestamp":"2022-09-12T09:50:04.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:54:10 honeypot-ams-1 sshd[12351]: Received disconnect from 43.135.8.135 port 59364:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:54:11.037Z"}
{"@timestamp":"2022-09-12T09:55:05.369Z","@version":"1","message":"Sep 12 09:55:05 honeypot-sgp-1 sshd[7905]: Received disconnect from 5.195.211.234 port 33464:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T09:55:55.394Z","@version":"1","message":"Sep 12 09:55:55 honeypot-sgp-1 kernel: [83852666.899971] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.227.254.28 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26948 PROTO=TCP SPT=42320 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2559]: Invalid user es from 51.79.254.140 port 52150","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2557]: Invalid user user from 51.79.254.140 port 52144","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2542]: Invalid user oracle from 51.79.254.140 port 52278","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2551]: Connection closed by invalid user nexus 51.79.254.140 port 52186 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2559]: Connection closed by invalid user es 51.79.254.140 port 52150 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2560]: Connection closed by authenticating user root 51.79.254.140 port 52166 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2553]: Connection closed by invalid user user 51.79.254.140 port 52050 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2545]: Connection closed by invalid user test 51.79.254.140 port 52236 [preauth]","@timestamp":"2022-09-12T10:01:37.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2587]: Connection closed by invalid user cloud 51.79.254.140 port 52256 [preauth]","@timestamp":"2022-09-12T10:01:37.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:02:34 honeypot-fra-1 sshd[2619]: Disconnected from invalid user kf 165.22.45.108 port 40548 [preauth]","@timestamp":"2022-09-12T10:02:34.779Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:02:39.562Z","@version":"1","message":"Sep 12 10:02:39 honeypot-sgp-1 sshd[7915]: Received disconnect from 92.255.85.69 port 58286:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:04:59 honeypot-ams-1 sshd[12362]: Received disconnect from 46.19.141.122 port 41438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:05:00.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:06:21 honeypot-ams-1 sshd[12366]: Disconnected from invalid user admin 46.19.141.122 port 35708 [preauth]","@timestamp":"2022-09-12T10:06:22.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:07:04 honeypot-ams-1 sshd[12371]: Disconnected from invalid user ubuntu 46.19.141.122 port 50712 [preauth]","@timestamp":"2022-09-12T10:07:04.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:08:05 honeypot-ams-1 sshd[12377]: Received disconnect from 92.255.85.70 port 26698:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:08:06.404Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:08:34 honeypot-ams-1 kernel: [83853898.772031] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.209.78.189 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=16890 PROTO=TCP SPT=56646 DPT=80 WINDOW=25989 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:08:34.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:10:12 honeypot-fra-1 sshd[2624]: Disconnected from authenticating user root 157.245.122.58 port 38926 [preauth]","@timestamp":"2022-09-12T10:10:12.957Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:10:58 honeypot-ams-1 sshd[12385]: Received disconnect from 176.215.237.117 port 54290:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:10:59.483Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:18 honeypot-ams-1 sshd[12393]: Invalid user user from 45.61.186.49 port 36242","@timestamp":"2022-09-12T10:12:19.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:23 honeypot-ams-1 sshd[12395]: Received disconnect from 45.61.186.49 port 42256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:12:24.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:12:54 honeypot-fra-1 kernel: [83852001.935129] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=22594 DF PROTO=TCP SPT=49723 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:12:55.019Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T10:12:57.813Z","@version":"1","message":"Sep 12 10:12:57 honeypot-sgp-1 sshd[7920]: Connection closed by invalid user support 195.133.157.237 port 46628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:13:09 honeypot-fra-1 kernel: [83852017.064665] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=23280 PROTO=TCP SPT=56526 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:13:10.026Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:14:44 honeypot-ams-1 sshd[12400]: Invalid user pi from 50.45.186.194 port 45244","@timestamp":"2022-09-12T10:14:44.583Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:14:49 honeypot-fra-1 sshd[2637]: Invalid user jonitwiso from 157.245.122.58 port 50120","@timestamp":"2022-09-12T10:14:50.067Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:15:28 honeypot-ams-1 sshd[12403]: Received disconnect from 58.186.85.94 port 51552:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:15:28.605Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:16:38 honeypot-fra-1 sshd[2641]: Invalid user cypress from 157.245.122.58 port 48982","@timestamp":"2022-09-12T10:16:38.110Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:17:01.912Z","@version":"1","message":"Sep 12 10:17:01 honeypot-sgp-1 CRON[7927]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2655]: Invalid user mysql from 81.69.194.231 port 57571","@timestamp":"2022-09-12T10:18:33.159Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2662]: Invalid user postgres from 81.69.194.231 port 57603","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2657]: Connection closed by invalid user postgres 81.69.194.231 port 57546 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2672]: Invalid user spark from 81.69.194.231 port 57558","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2659]: Invalid user admin from 81.69.194.231 port 57596","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2653]: Connection closed by invalid user test 81.69.194.231 port 57594 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2659]: Connection closed by invalid user admin 81.69.194.231 port 57596 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2673]: Invalid user kafka from 81.69.194.231 port 57588","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2710]: Invalid user jenkins from 217.115.58.242 port 57192","@timestamp":"2022-09-12T10:18:53.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2707]: Invalid user ts3 from 217.115.58.242 port 57136","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2701]: Connection closed by invalid user centos 217.115.58.242 port 57122 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2709]: Connection closed by invalid user user 217.115.58.242 port 57188 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2704]: Connection closed by invalid user test 217.115.58.242 port 57138 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2737]: Invalid user momo from 217.115.58.242 port 57170","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2703]: Connection closed by authenticating user root 217.115.58.242 port 57130 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2735]: Connection closed by invalid user appuser 217.115.58.242 port 57152 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2739]: Connection closed by invalid user admin 217.115.58.242 port 57160 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2759]: Connection closed by invalid user testuser 217.115.58.242 port 57208 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:20:49.008Z","@version":"1","message":"Sep 12 10:20:48 honeypot-sgp-1 sshd[7934]: Invalid user user from 45.61.186.49 port 54546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:20:58.013Z","@version":"1","message":"Sep 12 10:20:57 honeypot-sgp-1 sshd[7938]: Connection closed by 45.61.186.49 port 38130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:24:19 honeypot-ams-1 sshd[12409]: Received disconnect from 61.177.173.51 port 23580:11:  [preauth]","@timestamp":"2022-09-12T10:24:19.833Z"}
{"@timestamp":"2022-09-12T10:26:49.157Z","@version":"1","message":"Sep 12 10:26:48 honeypot-sgp-1 sshd[7943]: Disconnected from authenticating user root 92.255.85.70 port 35600 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:29:06 honeypot-fra-1 kernel: [83852973.346441] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49083 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:29:06.397Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:31:36 honeypot-ams-1 sshd[12418]: Received disconnect from 61.177.173.36 port 39558:11:  [preauth]","@timestamp":"2022-09-12T10:31:37.021Z"}
{"@timestamp":"2022-09-12T10:34:51.356Z","@version":"1","message":"Sep 12 10:34:50 honeypot-sgp-1 sshd[7948]: Received disconnect from 139.198.18.230 port 35212:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:38:21 honeypot-fra-1 sshd[2770]: Received disconnect from 165.22.45.108 port 46880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:38:21.606Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:38:52.456Z","@version":"1","message":"Sep 12 10:38:52 honeypot-sgp-1 sshd[7952]: Connection closed by invalid user User 179.60.147.69 port 28326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:43:53 honeypot-ams-1 sshd[12425]: Received disconnect from 39.91.166.193 port 54292:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:43:53.339Z"}
{"@timestamp":"2022-09-12T10:44:46.604Z","@version":"1","message":"Sep 12 10:44:45 honeypot-sgp-1 sshd[7959]: Received disconnect from 210.187.80.132 port 37762:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:48:23 honeypot-ams-1 sshd[12436]: Received disconnect from 157.245.122.58 port 38408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:48:24.455Z"}
{"@timestamp":"2022-09-12T10:50:11.735Z","@version":"1","message":"Sep 12 10:50:11 honeypot-sgp-1 sshd[7962]: Received disconnect from 92.255.85.70 port 39782:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:50:19 honeypot-ams-1 sshd[12441]: Disconnected from invalid user odoo 157.245.122.58 port 37246 [preauth]","@timestamp":"2022-09-12T10:50:19.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:52:00 honeypot-fra-1 sshd[2775]: Connection closed by invalid user User 179.60.147.69 port 15952 [preauth]","@timestamp":"2022-09-12T10:52:01.919Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:52:02 honeypot-ams-1 sshd[12445]: Received disconnect from 157.245.122.58 port 36084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:52:03.554Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:52:59 honeypot-ams-1 sshd[12449]: Disconnected from authenticating user root 61.177.173.51 port 41400 [preauth]","@timestamp":"2022-09-12T10:53:00.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:54:44 honeypot-ams-1 sshd[12455]: Received disconnect from 157.245.122.58 port 48446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:54:44.626Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:55:23 honeypot-fra-1 sshd[2779]: Disconnected from invalid user bill 43.239.121.134 port 10165 [preauth]","@timestamp":"2022-09-12T10:55:23.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:55:42 honeypot-ams-1 sshd[12461]: Received disconnect from 92.255.85.70 port 43948:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:55:42.654Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:01:52 honeypot-ams-1 sshd[12469]: Received disconnect from 167.235.132.243 port 52610:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:01:52.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:05:28 honeypot-ams-1 sshd[12474]: Received disconnect from 94.153.212.78 port 45706:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:05:28.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:09:52 honeypot-fra-1 sshd[2785]: Received disconnect from 165.227.109.79 port 53590:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:09:53.324Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T11:13:46.325Z","@version":"1","message":"Sep 12 11:13:45 honeypot-sgp-1 sshd[7966]: Received disconnect from 92.255.85.70 port 48348:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:14:23 honeypot-fra-1 sshd[2790]: Disconnected from invalid user kf 165.22.45.108 port 51942 [preauth]","@timestamp":"2022-09-12T11:14:24.429Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:14:44 honeypot-ams-1 sshd[12484]: Did not receive identification string from 45.61.186.169 port 56262","@timestamp":"2022-09-12T11:14:45.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:18 honeypot-ams-1 sshd[12487]: Disconnected from invalid user user 45.61.186.169 port 40310 [preauth]","@timestamp":"2022-09-12T11:15:19.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:36 honeypot-ams-1 sshd[12491]: Disconnected from invalid user user 45.61.186.169 port 35788 [preauth]","@timestamp":"2022-09-12T11:15:36.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:52 honeypot-ams-1 sshd[12495]: Disconnected from invalid user user 45.61.186.169 port 59500 [preauth]","@timestamp":"2022-09-12T11:15:53.186Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:16:03 honeypot-fra-1 sshd[2796]: Invalid user support from 58.52.198.77 port 33883","@timestamp":"2022-09-12T11:16:04.471Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:17:34 honeypot-ams-1 sshd[12503]: Connection closed by 176.111.173.150 port 47120 [preauth]","@timestamp":"2022-09-12T11:17:34.233Z"}
{"@timestamp":"2022-09-12T11:18:07.435Z","@version":"1","message":"Sep 12 11:18:06 honeypot-sgp-1 kernel: [83857598.490828] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56925 PROTO=TCP SPT=51810 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:19:18 honeypot-fra-1 sshd[2803]: Invalid user admin from 148.153.82.141 port 45820","@timestamp":"2022-09-12T11:19:19.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:19:19 honeypot-fra-1 sshd[2809]: Invalid user admin from 148.153.82.141 port 45858","@timestamp":"2022-09-12T11:19:19.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:34 honeypot-ams-1 sshd[12509]: Connection closed by invalid user pi 2.205.35.215 port 56990 [preauth]","@timestamp":"2022-09-12T11:19:35.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:21:14 honeypot-ams-1 sshd[12585]: Disconnected from authenticating user root 61.177.173.51 port 26575 [preauth]","@timestamp":"2022-09-12T11:21:15.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:29:03 honeypot-fra-1 sshd[2814]: Connection closed by invalid user User 179.60.147.69 port 41430 [preauth]","@timestamp":"2022-09-12T11:29:03.768Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T11:30:26.731Z","@version":"1","message":"Sep 12 11:30:26 honeypot-sgp-1 sshd[7977]: Disconnected from invalid user raianef 197.5.145.93 port 53545 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T11:30:33.735Z","@version":"1","message":"Sep 12 11:30:33 honeypot-sgp-1 sshd[7983]: Connection closed by invalid user admin 178.128.125.205 port 59476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:30:36 honeypot-ams-1 sshd[12591]: Received disconnect from 61.177.173.51 port 50807:11:  [preauth]","@timestamp":"2022-09-12T11:30:36.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:34:35 honeypot-ams-1 sshd[12597]: Received disconnect from 143.244.158.100 port 38650:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:34:36.675Z"}
{"@timestamp":"2022-09-12T11:35:04.845Z","@version":"1","message":"Sep 12 11:35:04 honeypot-sgp-1 kernel: [83858615.935702] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43203 PROTO=TCP SPT=41776 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:36:28 honeypot-ams-1 sshd[12602]: Disconnected from authenticating user root 143.244.158.100 port 49798 [preauth]","@timestamp":"2022-09-12T11:36:28.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:37:28 honeypot-fra-1 sshd[2820]: Invalid user userPgNU2xE52xM52xE5PM__wasadmin from 193.106.191.157 port 53092","@timestamp":"2022-09-12T11:37:28.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:38:13 honeypot-ams-1 sshd[12608]: Disconnected from authenticating user root 143.244.158.100 port 52062 [preauth]","@timestamp":"2022-09-12T11:38:13.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:38:40 honeypot-fra-1 sshd[2824]: Did not receive identification string from 183.146.30.163 port 13958","@timestamp":"2022-09-12T11:38:40.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:39:26 honeypot-ams-1 kernel: [83859351.187802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.82.70.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=40901 PROTO=TCP SPT=60000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:39:26.830Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:39:47 honeypot-fra-1 sshd[2829]: Received disconnect from 159.223.107.102 port 42932:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:39:48.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:40:41 honeypot-ams-1 sshd[12621]: Disconnected from authenticating user root 143.244.158.100 port 55418 [preauth]","@timestamp":"2022-09-12T11:40:41.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:42:24 honeypot-ams-1 sshd[12627]: Received disconnect from 143.244.158.100 port 45450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:42:24.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:44:02 honeypot-ams-1 sshd[12633]: Received disconnect from 143.244.158.100 port 45870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:44:02.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:45:48 honeypot-ams-1 sshd[12642]: Disconnected from authenticating user root 143.244.158.100 port 54780 [preauth]","@timestamp":"2022-09-12T11:45:49.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:47:37 honeypot-ams-1 sshd[12646]: Received disconnect from 143.244.158.100 port 55184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:47:38.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:49:28 honeypot-ams-1 sshd[12652]: Received disconnect from 61.177.173.50 port 18049:11:  [preauth]","@timestamp":"2022-09-12T11:49:29.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:49:49 honeypot-fra-1 sshd[2834]: Invalid user kfrench from 165.22.45.108 port 56988","@timestamp":"2022-09-12T11:49:50.251Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T11:50:57.226Z","@version":"1","message":"Sep 12 11:50:56 honeypot-sgp-1 sshd[7999]: Invalid user User from 179.60.147.69 port 41932","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:51:11 honeypot-ams-1 sshd[12657]: Disconnected from authenticating user root 143.244.158.100 port 50916 [preauth]","@timestamp":"2022-09-12T11:51:12.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:53:43 honeypot-ams-1 sshd[12665]: Connection closed by invalid user User 179.60.147.69 port 40070 [preauth]","@timestamp":"2022-09-12T11:53:44.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:55:29 honeypot-ams-1 sshd[12673]: Disconnected from authenticating user root 143.244.158.100 port 55332 [preauth]","@timestamp":"2022-09-12T11:55:30.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:57:09 honeypot-ams-1 sshd[12680]: Disconnected from authenticating user root 143.244.158.100 port 59012 [preauth]","@timestamp":"2022-09-12T11:57:10.314Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:57:18 honeypot-fra-1 sshd[2839]: Received disconnect from 134.209.103.181 port 51544:11: Bye Bye [preauth]","@timestamp":"2022-09-12T11:57:18.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:59:47 honeypot-ams-1 sshd[12690]: Disconnected from authenticating user root 143.244.158.100 port 34406 [preauth]","@timestamp":"2022-09-12T11:59:47.383Z"}
{"@timestamp":"2022-09-12T12:00:15.454Z","@version":"1","message":"Sep 12 12:00:14 honeypot-sgp-1 sshd[8002]: Disconnected from authenticating user root 92.255.85.69 port 45050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:00:45 honeypot-fra-1 kernel: [83858472.889551] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45615 PROTO=TCP SPT=43658 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:00:46.523Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:01:25 honeypot-ams-1 sshd[12695]: Disconnected from authenticating user root 143.244.158.100 port 41802 [preauth]","@timestamp":"2022-09-12T12:01:25.429Z"}
{"@timestamp":"2022-09-12T12:02:17.507Z","@version":"1","message":"Sep 12 12:02:16 honeypot-sgp-1 kernel: [83860248.476736] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=40973 DF PROTO=TCP SPT=58780 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:03:05 honeypot-ams-1 sshd[12699]: Disconnected from authenticating user root 143.244.158.100 port 47368 [preauth]","@timestamp":"2022-09-12T12:03:05.477Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:04:01 honeypot-fra-1 kernel: [83858668.499212] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.151.205.2 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=1039 PROTO=TCP SPT=41178 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:04:01.602Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:05:41 honeypot-ams-1 sshd[12705]: Disconnected from authenticating user root 143.244.158.100 port 35426 [preauth]","@timestamp":"2022-09-12T12:05:42.546Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:07:31 honeypot-ams-1 sshd[12714]: Disconnected from authenticating user root 143.244.158.100 port 45326 [preauth]","@timestamp":"2022-09-12T12:07:31.597Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:08:09 honeypot-ams-1 kernel: [83861073.880081] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=42371 DF PROTO=TCP SPT=46796 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:08:09.618Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:09:32 honeypot-ams-1 sshd[12722]: Received disconnect from 61.177.172.104 port 32186:11:  [preauth]","@timestamp":"2022-09-12T12:09:32.656Z"}
{"@timestamp":"2022-09-12T12:10:06.702Z","@version":"1","message":"Sep 12 12:10:06 honeypot-sgp-1 sshd[8008]: Invalid user user7 from 154.209.4.54 port 41584","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:12:00 honeypot-ams-1 sshd[12729]: Received disconnect from 143.244.158.100 port 59036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:12:00.723Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:12:19 honeypot-fra-1 kernel: [83859166.263769] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=45112 PROTO=TCP SPT=42299 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:12:19.794Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:13:42 honeypot-ams-1 sshd[12734]: Disconnected from authenticating user root 143.244.158.100 port 59702 [preauth]","@timestamp":"2022-09-12T12:13:42.769Z"}
{"@timestamp":"2022-09-12T12:15:31.837Z","@version":"1","message":"Sep 12 12:15:31 honeypot-sgp-1 sshd[8011]: Invalid user libsys from 211.245.31.15 port 45548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:15:49 honeypot-ams-1 sshd[12741]: Received disconnect from 61.177.172.98 port 32188:11:  [preauth]","@timestamp":"2022-09-12T12:15:49.829Z"}
{"@timestamp":"2022-09-12T12:16:24.860Z","@version":"1","message":"Sep 12 12:16:24 honeypot-sgp-1 sshd[8015]: Received disconnect from 188.112.63.67 port 10151:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:17:01 honeypot-ams-1 CRON[12748]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T12:17:01.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:18:40 honeypot-ams-1 sshd[12755]: Received disconnect from 143.244.158.100 port 56164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:18:40.908Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:46 honeypot-fra-1 sshd[2856]: Received disconnect from 45.61.186.49 port 40658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:18:46.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:55 honeypot-fra-1 sshd[2860]: Received disconnect from 45.61.186.49 port 52374:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:18:55.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:20:02 honeypot-fra-1 kernel: [83859629.348975] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=0 PROTO=TCP SPT=5407 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:20:02.974Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T12:24:21.056Z","@version":"1","message":"Sep 12 12:24:20 honeypot-sgp-1 sshd[8023]: Invalid user User from 179.60.147.69 port 2586","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:24:44 honeypot-ams-1 kernel: [83862069.078596] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=45811 PROTO=TCP SPT=20143 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:24:45.068Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:25:33 honeypot-ams-1 kernel: [83862118.624427] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.213.149.103 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=107 ID=5471 DF PROTO=TCP SPT=53344 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:25:34.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:25:35 honeypot-fra-1 sshd[2867]: Received disconnect from 165.22.45.108 port 33794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:25:36.102Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:29:16 honeypot-ams-1 sshd[12772]: Disconnected from authenticating user root 92.255.85.69 port 44578 [preauth]","@timestamp":"2022-09-12T12:29:17.196Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:31:33 honeypot-fra-1 kernel: [83860320.904291] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=54420 DF PROTO=TCP SPT=55444 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:31:34.241Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T12:39:52.429Z","@version":"1","message":"Sep 12 12:39:51 honeypot-sgp-1 sshd[8030]: Connection closed by invalid user admin 183.107.195.8 port 59010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:41:40 honeypot-ams-1 sshd[12784]: Invalid user user from 45.61.184.204 port 59278","@timestamp":"2022-09-12T12:41:40.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:02 honeypot-ams-1 sshd[12788]: Invalid user user from 45.61.184.204 port 55698","@timestamp":"2022-09-12T12:42:02.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:21 honeypot-ams-1 sshd[12792]: Invalid user user from 45.61.184.204 port 52058","@timestamp":"2022-09-12T12:42:22.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:38 honeypot-ams-1 sshd[12796]: Invalid user user from 45.61.184.204 port 48426","@timestamp":"2022-09-12T12:42:39.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:45:43 honeypot-fra-1 sshd[2887]: Invalid user ts3 from 43.132.183.192 port 57468","@timestamp":"2022-09-12T12:45:43.569Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:47:19.614Z","@version":"1","message":"Sep 12 12:47:19 honeypot-sgp-1 sshd[8035]: Received disconnect from 92.255.85.69 port 51674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2892]: Connection closed by authenticating user root 52.66.15.94 port 52546 [preauth]","@timestamp":"2022-09-12T12:47:42.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2897]: Connection closed by authenticating user root 52.66.15.94 port 52478 [preauth]","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:48:30 honeypot-ams-1 sshd[12803]: Disconnected from authenticating user root 185.65.245.217 port 34852 [preauth]","@timestamp":"2022-09-12T12:48:31.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:50:14 honeypot-fra-1 sshd[2904]: Disconnected from authenticating user root 92.255.85.69 port 21590 [preauth]","@timestamp":"2022-09-12T12:50:14.677Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:50:40 honeypot-ams-1 kernel: [83863625.015502] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=46091 PROTO=TCP SPT=45180 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:50:40.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:53:05 honeypot-ams-1 sshd[12810]: Received disconnect from 189.142.109.122 port 44100:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:53:05.824Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:55:56 honeypot-fra-1 sshd[2911]: Invalid user guest from 193.106.191.157 port 59836","@timestamp":"2022-09-12T12:55:56.811Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:58:01.905Z","@version":"1","message":"Sep 12 12:58:01 honeypot-sgp-1 sshd[8038]: Invalid user User from 179.60.147.69 port 9610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:58:32 honeypot-fra-1 sshd[2916]: Received disconnect from 165.22.60.176 port 57258:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:58:32.873Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:00:01 honeypot-ams-1 sshd[12819]: Received disconnect from 61.177.173.36 port 25052:11:  [preauth]","@timestamp":"2022-09-12T13:00:02.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:04:03 honeypot-ams-1 sshd[12828]: Invalid user guest from 193.106.191.157 port 33412","@timestamp":"2022-09-12T13:04:04.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:33 honeypot-fra-1 sshd[2922]: Invalid user leganger from 20.198.66.189 port 34806","@timestamp":"2022-09-12T13:05:34.035Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:47 honeypot-fra-1 sshd[2926]: Invalid user user from 45.61.186.169 port 36426","@timestamp":"2022-09-12T13:05:48.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:56 honeypot-fra-1 sshd[2930]: Received disconnect from 45.61.186.169 port 48084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:05:57.046Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:13 honeypot-fra-1 sshd[2934]: Received disconnect from 45.61.186.169 port 43166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:06:13.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:29 honeypot-fra-1 sshd[2938]: Received disconnect from 45.61.186.169 port 38248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:06:29.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:47 honeypot-fra-1 sshd[2944]: Disconnected from invalid user user 45.61.184.204 port 46884 [preauth]","@timestamp":"2022-09-12T13:09:47.142Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:05 honeypot-fra-1 sshd[2948]: Invalid user user from 45.61.184.204 port 42298","@timestamp":"2022-09-12T13:10:06.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:23 honeypot-fra-1 sshd[2953]: Invalid user user from 45.61.184.204 port 37704","@timestamp":"2022-09-12T13:10:24.161Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:10:39.215Z","@version":"1","message":"Sep 12 13:10:38 honeypot-sgp-1 sshd[8044]: Invalid user elsa from 198.100.155.70 port 54678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:41 honeypot-fra-1 sshd[2957]: Invalid user user from 45.61.184.204 port 33118","@timestamp":"2022-09-12T13:10:42.169Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:13:04 honeypot-ams-1 sshd[12835]: Received disconnect from 61.177.173.51 port 29481:11:  [preauth]","@timestamp":"2022-09-12T13:13:05.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:14:20 honeypot-fra-1 sshd[2959]: Disconnected from authenticating user root 92.255.85.70 port 27056 [preauth]","@timestamp":"2022-09-12T13:14:20.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:17:01 honeypot-fra-1 CRON[2964]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T13:17:01.316Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:17:01.372Z","@version":"1","message":"Sep 12 13:17:01 honeypot-sgp-1 CRON[8050]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:17:01 honeypot-ams-1 CRON[12843]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T13:17:02.452Z"}
{"@timestamp":"2022-09-12T13:18:03.400Z","@version":"1","message":"Sep 12 13:18:02 honeypot-sgp-1 sshd[8056]: Invalid user user from 45.61.184.204 port 59930","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:22.409Z","@version":"1","message":"Sep 12 13:18:22 honeypot-sgp-1 sshd[8060]: Invalid user user from 45.61.184.204 port 54788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:32.415Z","@version":"1","message":"Sep 12 13:18:31 honeypot-sgp-1 sshd[8062]: Disconnected from invalid user user 45.61.184.204 port 38100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:50.424Z","@version":"1","message":"Sep 12 13:18:49 honeypot-sgp-1 sshd[8066]: Invalid user user from 45.61.184.204 port 32978","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:19:09 honeypot-fra-1 sshd[2969]: Connection closed by invalid user guest 193.106.191.157 port 59940 [preauth]","@timestamp":"2022-09-12T13:19:10.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:20:54 honeypot-fra-1 sshd[2971]: Disconnected from invalid user user 167.99.220.160 port 52350 [preauth]","@timestamp":"2022-09-12T13:20:54.411Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:27:13.625Z","@version":"1","message":"Sep 12 13:27:13 honeypot-sgp-1 sshd[8071]: Received disconnect from 177.55.100.134 port 43788:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:28:52 honeypot-fra-1 sshd[2978]: Disconnected from invalid user administrator 140.86.39.162 port 11559 [preauth]","@timestamp":"2022-09-12T13:28:53.592Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:29:22.679Z","@version":"1","message":"Sep 12 13:29:21 honeypot-sgp-1 sshd[8077]: Invalid user odoo from 157.245.122.58 port 42004","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:30:38.712Z","@version":"1","message":"Sep 12 13:30:38 honeypot-sgp-1 kernel: [83865549.900340] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=36275 PROTO=TCP SPT=37170 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:31:22 honeypot-ams-1 sshd[12854]: Received disconnect from 61.177.173.51 port 10415:11:  [preauth]","@timestamp":"2022-09-12T13:31:22.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:24 honeypot-fra-1 sshd[2983]: Received disconnect from 45.61.184.204 port 56128:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:31:25.650Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:31:27.736Z","@version":"1","message":"Sep 12 13:31:27 honeypot-sgp-1 sshd[8084]: Invalid user User from 179.60.147.69 port 50148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:44 honeypot-fra-1 sshd[2987]: Received disconnect from 45.61.184.204 port 51406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:31:44.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:32:00 honeypot-fra-1 sshd[2991]: Received disconnect from 45.61.184.204 port 46674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:32:01.668Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:32:56.777Z","@version":"1","message":"Sep 12 13:32:56 honeypot-sgp-1 sshd[8088]: Received disconnect from 157.245.122.58 port 39678:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:33:28 honeypot-fra-1 sshd[2996]: Connection closed by invalid user guest 58.240.113.63 port 43918 [preauth]","@timestamp":"2022-09-12T13:33:28.704Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:33:47.800Z","@version":"1","message":"Sep 12 13:33:47 honeypot-sgp-1 sshd[8092]: Received disconnect from 157.245.122.58 port 53216:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:36:38 honeypot-ams-1 sshd[12863]: Did not receive identification string from 118.193.59.5 port 42304","@timestamp":"2022-09-12T13:36:38.952Z"}
{"@timestamp":"2022-09-12T13:37:14.887Z","@version":"1","message":"Sep 12 13:37:14 honeypot-sgp-1 kernel: [83865945.686730] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51277 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:37:50.906Z","@version":"1","message":"Sep 12 13:37:50 honeypot-sgp-1 sshd[8102]: Received disconnect from 45.61.186.249 port 52596:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:37:50 honeypot-fra-1 sshd[3000]: Disconnected from authenticating user root 92.255.85.69 port 23340 [preauth]","@timestamp":"2022-09-12T13:37:51.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:37:56 honeypot-ams-1 sshd[12869]: Connection closed by authenticating user root 197.55.135.128 port 36962 [preauth]","@timestamp":"2022-09-12T13:37:56.988Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:05 honeypot-fra-1 sshd[3005]: Received disconnect from 141.255.162.226 port 51740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:38:05.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:08 honeypot-fra-1 sshd[3009]: Received disconnect from 141.255.162.226 port 44294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:38:08.812Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:08.915Z","@version":"1","message":"Sep 12 13:38:08 honeypot-sgp-1 sshd[8106]: Received disconnect from 45.61.186.249 port 47662:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:12 honeypot-fra-1 sshd[3013]: Received disconnect from 141.255.162.226 port 58668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:38:12.814Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:25.923Z","@version":"1","message":"Sep 12 13:38:25 honeypot-sgp-1 sshd[8110]: Received disconnect from 45.61.186.249 port 42734:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:39:44 honeypot-ams-1 sshd[12874]: Received disconnect from 92.255.85.69 port 59274:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:39:45.041Z"}
{"@timestamp":"2022-09-12T13:39:53.963Z","@version":"1","message":"Sep 12 13:39:53 honeypot-sgp-1 kernel: [83866105.392756] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=109 ID=61241 DF PROTO=TCP SPT=58349 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:43:27 honeypot-fra-1 kernel: [83864634.171338] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37583 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:43:27.945Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T13:43:40.060Z","@version":"1","message":"Sep 12 13:43:39 honeypot-sgp-1 kernel: [83866331.031266] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=15484 DF PROTO=TCP SPT=63777 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:45:25 honeypot-ams-1 sshd[12881]: Received disconnect from 186.209.111.2 port 43964:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:45:26.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:15 honeypot-ams-1 sshd[12886]: Disconnected from invalid user user 141.255.162.226 port 58738 [preauth]","@timestamp":"2022-09-12T13:46:16.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:18 honeypot-ams-1 sshd[12890]: Disconnected from invalid user user 141.255.162.226 port 44746 [preauth]","@timestamp":"2022-09-12T13:46:18.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:19 honeypot-ams-1 sshd[12894]: Disconnected from invalid user user 141.255.162.226 port 58988 [preauth]","@timestamp":"2022-09-12T13:46:20.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:49:24 honeypot-fra-1 sshd[3023]: Received disconnect from 198.23.148.137 port 33870:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:49:25.081Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:50:48 honeypot-ams-1 kernel: [83867233.114993] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=3446 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:50:49.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:51:53 honeypot-fra-1 sshd[3028]: Invalid user rahul from 43.153.29.185 port 39106","@timestamp":"2022-09-12T13:51:54.141Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:57:37 honeypot-ams-1 sshd[12904]: Disconnected from authenticating user root 61.177.173.39 port 61949 [preauth]","@timestamp":"2022-09-12T13:57:37.524Z"}
{"@timestamp":"2022-09-12T13:59:32.450Z","@version":"1","message":"Sep 12 13:59:31 honeypot-sgp-1 sshd[8122]: Invalid user user4 from 122.168.194.41 port 59752","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:01:25 honeypot-fra-1 sshd[3033]: Received disconnect from 92.255.85.70 port 47986:11: Bye Bye [preauth]","@timestamp":"2022-09-12T14:01:26.351Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:04:54.584Z","@version":"1","message":"Sep 12 14:04:54 honeypot-sgp-1 sshd[8127]: Connection closed by invalid user User 179.60.147.69 port 58482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:07:52 honeypot-ams-1 sshd[12913]: Invalid user User from 179.60.147.69 port 25024","@timestamp":"2022-09-12T14:07:52.788Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:09:24 honeypot-ams-1 kernel: [83868348.993968] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.219.89.138 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=16308 DF PROTO=TCP SPT=58356 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:09:24.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:11:04 honeypot-fra-1 sshd[3039]: Invalid user kibana from 165.22.45.108 port 48810","@timestamp":"2022-09-12T14:11:04.589Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:12:03 honeypot-ams-1 kernel: [83868508.208102] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.248.46 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=13543 PROTO=TCP SPT=13027 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:12:03.907Z"}
{"@timestamp":"2022-09-12T14:14:22.817Z","@version":"1","message":"Sep 12 14:14:21 honeypot-sgp-1 kernel: [83868173.406608] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=39000 DF PROTO=TCP SPT=64738 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:17:01 honeypot-fra-1 CRON[3047]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T14:17:01.724Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:20:48 honeypot-ams-1 sshd[12936]: Invalid user admin from 193.106.191.157 port 41310","@timestamp":"2022-09-12T14:20:49.127Z"}
{"@timestamp":"2022-09-12T14:22:05.014Z","@version":"1","message":"Sep 12 14:22:04 honeypot-sgp-1 sshd[8137]: Disconnected from authenticating user root 92.255.85.69 port 27780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:24:47 honeypot-fra-1 sshd[3053]: Disconnected from authenticating user root 92.255.85.69 port 20284 [preauth]","@timestamp":"2022-09-12T14:24:47.899Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:30:54 honeypot-ams-1 sshd[12946]: Connection closed by invalid user admin 193.106.191.157 port 53734 [preauth]","@timestamp":"2022-09-12T14:30:55.413Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:32:08 honeypot-ams-1 kernel: [83869712.794617] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.134.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28608 PROTO=TCP SPT=26527 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:32:08.451Z"}
{"@timestamp":"2022-09-12T14:41:47.518Z","@version":"1","message":"Sep 12 14:41:46 honeypot-sgp-1 sshd[8147]: Invalid user User from 179.60.147.69 port 14848","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:42:39 honeypot-fra-1 sshd[3061]: Did not receive identification string from 45.61.187.160 port 52612","@timestamp":"2022-09-12T14:42:39.294Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:07.554Z","@version":"1","message":"Sep 12 14:43:06 honeypot-sgp-1 sshd[8152]: Invalid user user from 45.61.187.160 port 39474","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:15 honeypot-fra-1 sshd[3064]: Invalid user user from 45.61.187.160 port 51346","@timestamp":"2022-09-12T14:43:15.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:29.566Z","@version":"1","message":"Sep 12 14:43:29 honeypot-sgp-1 sshd[8157]: Invalid user user from 45.61.187.160 port 34520","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:37 honeypot-fra-1 sshd[3068]: Invalid user user from 45.61.187.160 port 46404","@timestamp":"2022-09-12T14:43:38.322Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:50.575Z","@version":"1","message":"Sep 12 14:43:50 honeypot-sgp-1 sshd[8161]: Invalid user user from 45.61.187.160 port 57798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:43:52 honeypot-ams-1 sshd[12955]: Received disconnect from 61.177.173.36 port 43248:11:  [preauth]","@timestamp":"2022-09-12T14:43:52.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:57 honeypot-fra-1 sshd[3072]: Invalid user user from 45.61.187.160 port 41436","@timestamp":"2022-09-12T14:43:58.332Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:45:34.620Z","@version":"1","message":"Sep 12 14:45:33 honeypot-sgp-1 sshd[8166]: Received disconnect from 92.255.85.70 port 56888:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:46:25 honeypot-fra-1 sshd[3076]: Invalid user kibana from 165.22.45.108 port 53676","@timestamp":"2022-09-12T14:46:26.390Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:47:52 honeypot-ams-1 sshd[12960]: Connection closed by invalid user guest 1.180.228.194 port 42296 [preauth]","@timestamp":"2022-09-12T14:47:52.888Z"}
{"@timestamp":"2022-09-12T14:49:06.711Z","@version":"1","message":"Sep 12 14:49:06 honeypot-sgp-1 sshd[8171]: Disconnected from authenticating user root 129.226.178.235 port 54148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:50:40.755Z","@version":"1","message":"Sep 12 14:50:40 honeypot-sgp-1 kernel: [83870351.719684] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.94.197 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=15156 PROTO=TCP SPT=61953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:54:45 honeypot-fra-1 sshd[3081]: Connection closed by invalid user User 179.60.147.69 port 57488 [preauth]","@timestamp":"2022-09-12T14:54:46.573Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:58:00.940Z","@version":"1","message":"Sep 12 14:58:00 honeypot-sgp-1 sshd[8181]: Received disconnect from 45.61.186.49 port 50306:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:11.946Z","@version":"1","message":"Sep 12 14:58:11 honeypot-sgp-1 sshd[8185]: Received disconnect from 45.61.186.49 port 33858:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:02:31 honeypot-ams-1 sshd[12973]: Received disconnect from 218.92.0.204 port 11026:11:  [preauth]","@timestamp":"2022-09-12T15:02:32.265Z"}
{"@timestamp":"2022-09-12T15:03:29.080Z","@version":"1","message":"Sep 12 15:03:28 honeypot-sgp-1 kernel: [83871119.550511] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=43358 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T15:08:11.202Z","@version":"1","message":"Sep 12 15:08:10 honeypot-sgp-1 sshd[8192]: Received disconnect from 138.201.20.212 port 16636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:09:26 honeypot-fra-1 kernel: [83869793.560744] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.234 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=48124 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:09:27.931Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T15:12:32.335Z","@version":"1","message":"Sep 12 15:12:31 honeypot-sgp-1 sshd[8198]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 38133","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:14:21 honeypot-ams-1 sshd[12979]: Received disconnect from 92.255.85.70 port 24296:11: Bye Bye [preauth]","@timestamp":"2022-09-12T15:14:22.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:33 honeypot-ams-1 sshd[12984]: Received disconnect from 45.61.187.160 port 42614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:15:33.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:55 honeypot-ams-1 sshd[12988]: Disconnected from authenticating user root 61.177.172.19 port 18413 [preauth]","@timestamp":"2022-09-12T15:15:55.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:08 honeypot-ams-1 sshd[12992]: Disconnected from invalid user user 45.61.187.160 port 48736 [preauth]","@timestamp":"2022-09-12T15:16:08.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:26 honeypot-ams-1 sshd[12996]: Disconnected from invalid user user 45.61.187.160 port 43466 [preauth]","@timestamp":"2022-09-12T15:16:27.626Z"}
{"@timestamp":"2022-09-12T15:17:01.453Z","@version":"1","message":"Sep 12 15:17:01 honeypot-sgp-1 CRON[8202]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:17:06 honeypot-ams-1 kernel: [83872410.825484] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.21.179.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=18577 PROTO=TCP SPT=40402 DPT=80 WINDOW=56474 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:17:06.646Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:20:13 honeypot-fra-1 kernel: [83870439.858201] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=20516 PROTO=TCP SPT=50429 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:20:14.169Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T15:22:36.596Z","@version":"1","message":"Sep 12 15:22:36 honeypot-sgp-1 sshd[8208]: Invalid user dev from 138.197.142.81 port 58736","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:24:55 honeypot-ams-1 kernel: [83872880.562210] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.32.143.142 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x60 TTL=51 ID=3218 DF PROTO=TCP SPT=37595 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:24:56.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:13 honeypot-fra-1 kernel: [83870859.837297] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=36734 PROTO=TCP SPT=50419 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:27:13.328Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:29 honeypot-fra-1 sshd[3102]: Disconnected from invalid user user 198.98.61.9 port 37642 [preauth]","@timestamp":"2022-09-12T15:27:30.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:46 honeypot-fra-1 sshd[3106]: Disconnected from invalid user user 198.98.61.9 port 32806 [preauth]","@timestamp":"2022-09-12T15:27:47.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:28:08 honeypot-fra-1 sshd[3110]: Received disconnect from 198.98.61.9 port 56202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:28:08.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:31:30 honeypot-fra-1 kernel: [83871117.404368] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=60977 DF PROTO=TCP SPT=51399 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:31:31.451Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T15:31:47.821Z","@version":"1","message":"Sep 12 15:31:46 honeypot-sgp-1 sshd[8649]: Disconnected from authenticating user root 92.255.85.69 port 39196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:34:56 honeypot-fra-1 sshd[3120]: Disconnected from authenticating user root 92.255.85.69 port 18618 [preauth]","@timestamp":"2022-09-12T15:34:56.534Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:36:36.939Z","@version":"1","message":"Sep 12 15:36:36 honeypot-sgp-1 sshd[8654]: Disconnected from invalid user rubby12345 92.205.18.60 port 41176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:36:41 honeypot-ams-1 sshd[13021]: Did not receive identification string from 45.61.184.204 port 60432","@timestamp":"2022-09-12T15:36:42.154Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:46 honeypot-fra-1 sshd[3126]: Received disconnect from 45.61.186.49 port 39584:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:36:46.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:56 honeypot-fra-1 sshd[3130]: Received disconnect from 45.61.186.49 port 50994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:36:56.584Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:15 honeypot-ams-1 sshd[13026]: Invalid user user from 45.61.184.204 port 33002","@timestamp":"2022-09-12T15:37:16.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:35 honeypot-ams-1 sshd[13030]: Invalid user user from 45.61.184.204 port 56952","@timestamp":"2022-09-12T15:37:36.188Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:37:52 honeypot-ams-1 kernel: [83873656.698869] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=2122 PROTO=TCP SPT=4000 DPT=80 WINDOW=48929 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:37:52.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:38:04 honeypot-ams-1 sshd[13039]: Disconnected from invalid user user 45.61.184.204 port 36412 [preauth]","@timestamp":"2022-09-12T15:38:05.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:45:51 honeypot-ams-1 sshd[13049]: Invalid user user from 45.61.187.160 port 33234","@timestamp":"2022-09-12T15:45:51.408Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:45:56 honeypot-fra-1 sshd[3133]: Disconnected from invalid user pirkka 218.146.103.48 port 52594 [preauth]","@timestamp":"2022-09-12T15:45:56.786Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:02 honeypot-ams-1 sshd[13051]: Received disconnect from 45.61.187.160 port 44644:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:46:03.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:21 honeypot-ams-1 sshd[13055]: Received disconnect from 45.61.187.160 port 39194:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:46:22.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:40 honeypot-ams-1 sshd[13059]: Received disconnect from 45.61.187.160 port 33784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:46:41.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:50:41 honeypot-ams-1 sshd[13066]: Received disconnect from 61.177.172.19 port 15213:11:  [preauth]","@timestamp":"2022-09-12T15:50:42.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:55:04 honeypot-ams-1 sshd[13070]: Disconnected from authenticating user root 61.177.173.51 port 11720 [preauth]","@timestamp":"2022-09-12T15:55:04.655Z"}
{"@timestamp":"2022-09-12T15:55:40.398Z","@version":"1","message":"Sep 12 15:55:40 honeypot-sgp-1 sshd[8661]: Disconnected from authenticating user root 92.255.85.69 port 41380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:56:36 honeypot-fra-1 sshd[3140]: Disconnected from invalid user spen 203.223.191.206 port 54350 [preauth]","@timestamp":"2022-09-12T15:56:37.027Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:00:53 honeypot-fra-1 sshd[3147]: Connection closed by 81.172.172.227 port 39071 [preauth]","@timestamp":"2022-09-12T16:00:54.126Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:01:56.553Z","@version":"1","message":"Sep 12 16:01:56 honeypot-sgp-1 sshd[8668]: Invalid user postgres from 51.38.227.101 port 43736","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:07:06.683Z","@version":"1","message":"Sep 12 16:07:06 honeypot-sgp-1 kernel: [83874937.764450] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=41600 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:02 honeypot-fra-1 sshd[3159]: Invalid user ftpuser from 122.128.79.246 port 56368","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3174]: Invalid user elastic from 122.128.79.246 port 56318","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3153]: Invalid user ubuntu from 122.128.79.246 port 56382","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3177]: Invalid user mysql from 122.128.79.246 port 56316","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3181]: Invalid user testuser from 122.128.79.246 port 56398","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3159]: Connection closed by invalid user ftpuser 122.128.79.246 port 56368 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3170]: Connection closed by invalid user es 122.128.79.246 port 56370 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3168]: Connection closed by invalid user ftpuser 122.128.79.246 port 56324 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3179]: Connection closed by invalid user ec2-user 122.128.79.246 port 56402 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3178]: Connection closed by invalid user elasticsearch 122.128.79.246 port 56352 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:59 honeypot-fra-1 sshd[3214]: Received disconnect from 45.61.186.49 port 59500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T16:09:00.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:11 honeypot-fra-1 sshd[3218]: Received disconnect from 45.61.186.49 port 42910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T16:09:12.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:09:49 honeypot-ams-1 kernel: [83875574.106392] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.21.179.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=34114 PROTO=TCP SPT=40402 DPT=80 WINDOW=56474 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:09:50.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:12:44 honeypot-ams-1 sshd[13082]: Received disconnect from 61.105.158.130 port 39440:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:12:45.113Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:17:01 honeypot-fra-1 CRON[3223]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T16:17:01.488Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:17:01 honeypot-ams-1 CRON[13087]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T16:17:02.223Z"}
{"@timestamp":"2022-09-12T16:19:30.009Z","@version":"1","message":"Sep 12 16:19:29 honeypot-sgp-1 sshd[8679]: Disconnected from authenticating user root 114.204.218.154 port 35450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:19:55 honeypot-fra-1 sshd[3228]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.214.172 port 50528","@timestamp":"2022-09-12T16:19:55.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:22:09 honeypot-fra-1 sshd[3232]: Invalid user svn from 159.65.156.159 port 33064","@timestamp":"2022-09-12T16:22:10.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3237]: Invalid user oracle from 1.13.177.251 port 47676","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3241]: Invalid user admin from 1.13.177.251 port 47638","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3249]: Invalid user testuser from 1.13.177.251 port 47618","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3252]: Invalid user test from 1.13.177.251 port 47672","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3265]: Invalid user ansible from 1.13.177.251 port 47702","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3241]: Connection closed by invalid user admin 1.13.177.251 port 47638 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3253]: Connection closed by invalid user testuser 1.13.177.251 port 47660 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3248]: Connection closed by invalid user testuser 1.13.177.251 port 47656 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3265]: Connection closed by invalid user ansible 1.13.177.251 port 47702 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:24:24.131Z","@version":"1","message":"Sep 12 16:24:23 honeypot-sgp-1 sshd[8685]: Invalid user katja from 177.37.164.118 port 42320","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:25:47 honeypot-ams-1 kernel: [83876531.677017] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=53937 PROTO=TCP SPT=43901 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:25:47.448Z"}
{"@timestamp":"2022-09-12T16:27:20.205Z","@version":"1","message":"Sep 12 16:27:19 honeypot-sgp-1 kernel: [83876151.033087] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38806 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:31:46.343Z","@version":"1","message":"Sep 12 16:31:45 honeypot-sgp-1 sshd[8693]: Invalid user User from 179.60.147.69 port 49172","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:32:12 honeypot-fra-1 sshd[3739]: Received disconnect from 165.22.45.108 port 39932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T16:32:12.853Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:34:10.403Z","@version":"1","message":"Sep 12 16:34:09 honeypot-sgp-1 sshd[8699]: Did not receive identification string from 51.83.131.123 port 34418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:36:18 honeypot-ams-1 kernel: [83877163.200683] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=49162 DF PROTO=TCP SPT=62537 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T16:36:18.717Z"}
{"@timestamp":"2022-09-12T16:36:52.472Z","@version":"1","message":"Sep 12 16:36:51 honeypot-sgp-1 sshd[8703]: Disconnected from invalid user bitnami 51.83.131.123 port 42010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:40:50.569Z","@version":"1","message":"Sep 12 16:40:50 honeypot-sgp-1 sshd[8709]: Received disconnect from 159.223.172.195 port 57960:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:42:21 honeypot-fra-1 kernel: [83875367.827636] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.223.10.114 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=2941 PROTO=TCP SPT=40247 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:42:22.075Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T16:43:03.623Z","@version":"1","message":"Sep 12 16:43:03 honeypot-sgp-1 sshd[8714]: Disconnected from authenticating user root 92.255.85.70 port 16414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:46:09 honeypot-fra-1 sshd[3752]: Invalid user devops from 103.188.176.251 port 60948","@timestamp":"2022-09-12T16:46:10.163Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:47:47 honeypot-ams-1 sshd[13104]: Received disconnect from 92.255.85.69 port 63596:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:47:48.013Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:49:13 honeypot-ams-1 kernel: [83877937.725150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36924 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:49:14.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:50:30 honeypot-ams-1 sshd[13111]: Disconnected from authenticating user root 211.253.10.96 port 42643 [preauth]","@timestamp":"2022-09-12T16:50:31.094Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:50:37 honeypot-fra-1 sshd[3761]: Received disconnect from 164.90.224.134 port 44834:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:50:37.290Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:18 honeypot-ams-1 sshd[13114]: Received disconnect from 96.1.64.194 port 53572:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:51:19.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:51:49 honeypot-fra-1 sshd[3765]: Disconnected from authenticating user root 128.199.124.131 port 60428 [preauth]","@timestamp":"2022-09-12T16:51:50.320Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:52:06 honeypot-ams-1 sshd[13121]: Disconnected from invalid user mambo 34.75.26.147 port 35158 [preauth]","@timestamp":"2022-09-12T16:52:07.140Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:53:23 honeypot-fra-1 sshd[3769]: Disconnected from authenticating user root 138.68.17.3 port 40698 [preauth]","@timestamp":"2022-09-12T16:53:24.358Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:54:47 honeypot-ams-1 sshd[13126]: Disconnected from invalid user admin 185.231.245.42 port 36674 [preauth]","@timestamp":"2022-09-12T16:54:48.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:55:07 honeypot-fra-1 sshd[3775]: Disconnected from authenticating user root 165.154.46.18 port 18670 [preauth]","@timestamp":"2022-09-12T16:55:08.400Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:56:57 honeypot-ams-1 sshd[13132]: Invalid user enr from 194.31.55.148 port 37854","@timestamp":"2022-09-12T16:56:57.272Z"}
{"@timestamp":"2022-09-12T16:57:09.979Z","@version":"1","message":"Sep 12 16:57:09 honeypot-sgp-1 kernel: [83877940.708753] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6492 PROTO=TCP SPT=12135 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:00:39 honeypot-ams-1 sshd[13137]: Invalid user  from 64.62.197.212 port 5686","@timestamp":"2022-09-12T17:00:39.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:03:57 honeypot-ams-1 sshd[13141]: Disconnected from authenticating user root 221.140.57.201 port 38969 [preauth]","@timestamp":"2022-09-12T17:03:57.454Z"}
{"@timestamp":"2022-09-12T17:06:12.199Z","@version":"1","message":"Sep 12 17:06:12 honeypot-sgp-1 sshd[8725]: Received disconnect from 92.255.85.70 port 26532:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:07:46 honeypot-ams-1 sshd[13148]: Received disconnect from 190.226.244.9 port 39294:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:07:46.556Z"}
{"@timestamp":"2022-09-12T17:07:48.240Z","@version":"1","message":"Sep 12 17:07:47 honeypot-sgp-1 sshd[8727]: Connection closed by invalid user guest 183.64.62.34 port 41605 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:08:14 honeypot-ams-1 kernel: [83879079.507061] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=11560 PROTO=TCP SPT=41820 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:08:15.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:08:47 honeypot-fra-1 sshd[3781]: Disconnected from authenticating user root 92.255.85.69 port 47060 [preauth]","@timestamp":"2022-09-12T17:08:48.703Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:08:59.271Z","@version":"1","message":"Sep 12 17:08:59 honeypot-sgp-1 sshd[8733]: Disconnected from invalid user admin 103.150.125.189 port 59034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:10:06 honeypot-fra-1 sshd[3786]: Connection closed by invalid user ftp 193.106.191.157 port 49938 [preauth]","@timestamp":"2022-09-12T17:10:06.738Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:12:39 honeypot-ams-1 sshd[13160]: Invalid user fox from 141.8.195.167 port 60018","@timestamp":"2022-09-12T17:12:39.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:16:36 honeypot-fra-1 kernel: [83877422.768112] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.200.187 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48655 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:16:36.885Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T17:17:02.465Z","@version":"1","message":"Sep 12 17:17:01 honeypot-sgp-1 kernel: [83879133.130248] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.15 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58772 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:17:05 honeypot-ams-1 kernel: [83879609.971380] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=38354 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:17:05.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:18:59 honeypot-fra-1 sshd[3802]: Connection closed by 103.231.214.252 port 21359 [preauth]","@timestamp":"2022-09-12T17:18:59.942Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:20:40 honeypot-ams-1 sshd[13168]: Disconnected from invalid user postgres 112.65.128.90 port 42568 [preauth]","@timestamp":"2022-09-12T17:20:40.909Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:22:06 honeypot-fra-1 sshd[3808]: Connection closed by 103.231.214.252 port 33285 [preauth]","@timestamp":"2022-09-12T17:22:07.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:22:19.594Z","@version":"1","message":"Sep 12 17:22:18 honeypot-sgp-1 sshd[8743]: Disconnected from invalid user nagios 20.91.221.85 port 48836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:25:12.664Z","@version":"1","message":"Sep 12 17:25:11 honeypot-sgp-1 sshd[8748]: Disconnected from invalid user apagar 172.247.104.122 port 36852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:25:50 honeypot-fra-1 sshd[3815]: Received disconnect from 125.129.140.104 port 45997:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:25:51.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:27:07 honeypot-ams-1 sshd[13173]: Did not receive identification string from 58.72.18.130 port 57870","@timestamp":"2022-09-12T17:27:08.075Z"}
{"@timestamp":"2022-09-12T17:27:55.733Z","@version":"1","message":"Sep 12 17:27:55 honeypot-sgp-1 sshd[8752]: Received disconnect from 61.138.100.126 port 59707:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:28:11 honeypot-fra-1 sshd[3820]: Disconnected from invalid user shaker 20.244.1.170 port 58752 [preauth]","@timestamp":"2022-09-12T17:28:12.159Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:29:55 honeypot-fra-1 sshd[3827]: Connection closed by 103.231.214.252 port 30216 [preauth]","@timestamp":"2022-09-12T17:29:56.204Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:30:36 honeypot-ams-1 sshd[13177]: Invalid user ts3bot3 from 188.166.95.44 port 42468","@timestamp":"2022-09-12T17:30:37.168Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:30:46 honeypot-ams-1 kernel: [83880431.018725] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.209.49.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=29353 PROTO=TCP SPT=27092 DPT=443 WINDOW=56692 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:30:47.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:31:54 honeypot-ams-1 sshd[13183]: Received disconnect from 49.205.179.22 port 44462:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:31:55.204Z"}
{"@timestamp":"2022-09-12T17:32:14.839Z","@version":"1","message":"Sep 12 17:32:14 honeypot-sgp-1 sshd[8759]: Did not receive identification string from 198.98.61.9 port 58894","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:32:47.854Z","@version":"1","message":"Sep 12 17:32:47 honeypot-sgp-1 sshd[8762]: Disconnected from invalid user user 198.98.61.9 port 55246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:33:02 honeypot-fra-1 sshd[3837]: Connection closed by 103.231.214.252 port 62965 [preauth]","@timestamp":"2022-09-12T17:33:03.275Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:33:10.866Z","@version":"1","message":"Sep 12 17:33:09 honeypot-sgp-1 sshd[8766]: Disconnected from invalid user user 198.98.61.9 port 51372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:33:13 honeypot-ams-1 sshd[13188]: Disconnected from authenticating user root 173.201.188.226 port 57080 [preauth]","@timestamp":"2022-09-12T17:33:14.240Z"}
{"@timestamp":"2022-09-12T17:33:30.876Z","@version":"1","message":"Sep 12 17:33:29 honeypot-sgp-1 sshd[8770]: Disconnected from invalid user user 198.98.61.9 port 47538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:35:20 honeypot-ams-1 sshd[13194]: Invalid user su from 129.226.167.18 port 34000","@timestamp":"2022-09-12T17:35:21.300Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:36:36 honeypot-ams-1 kernel: [83880781.229464] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=28900 DF PROTO=TCP SPT=58339 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T17:36:37.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:38:15 honeypot-ams-1 sshd[13201]: Received disconnect from 203.98.76.172 port 57012:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:38:16.380Z"}
{"@timestamp":"2022-09-12T17:38:34.001Z","@version":"1","message":"Sep 12 17:38:33 honeypot-sgp-1 sshd[8775]: Invalid user User from 179.60.147.69 port 24826","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:39:17 honeypot-fra-1 sshd[3851]: Connection closed by 103.231.214.252 port 51606 [preauth]","@timestamp":"2022-09-12T17:39:18.418Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:41:17 honeypot-ams-1 sshd[13205]: Invalid user User from 179.60.147.69 port 61506","@timestamp":"2022-09-12T17:41:18.458Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:43:59 honeypot-fra-1 sshd[3860]: Connection closed by 103.231.214.252 port 24457 [preauth]","@timestamp":"2022-09-12T17:43:59.526Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:44:05.134Z","@version":"1","message":"Sep 12 17:44:04 honeypot-sgp-1 sshd[8778]: Disconnected from invalid user sinus 103.240.110.130 port 44716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:48:05 honeypot-fra-1 sshd[3869]: Disconnected from invalid user webadmin 51.254.101.166 port 59025 [preauth]","@timestamp":"2022-09-12T17:48:05.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:50:09 honeypot-fra-1 sshd[3877]: Invalid user User from 179.60.147.69 port 14682","@timestamp":"2022-09-12T17:50:10.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:50:10 honeypot-ams-1 sshd[13211]: Disconnected from invalid user ismael 165.227.118.41 port 52498 [preauth]","@timestamp":"2022-09-12T17:50:10.681Z"}
{"@timestamp":"2022-09-12T17:50:37.289Z","@version":"1","message":"Sep 12 17:50:36 honeypot-sgp-1 sshd[8785]: Disconnected from authenticating user root 92.255.85.70 port 31532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:53:22 honeypot-fra-1 sshd[3886]: Connection closed by 103.231.214.252 port 41572 [preauth]","@timestamp":"2022-09-12T17:53:22.746Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:53:39.363Z","@version":"1","message":"Sep 12 17:53:38 honeypot-sgp-1 sshd[8791]: Received disconnect from 109.234.156.116 port 42210:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:55:12 honeypot-fra-1 sshd[3892]: Disconnected from authenticating user root 217.182.253.249 port 58362 [preauth]","@timestamp":"2022-09-12T17:55:12.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:09 honeypot-ams-1 sshd[13215]: Received disconnect from 45.61.184.204 port 48648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:56:09.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:28 honeypot-ams-1 sshd[13219]: Received disconnect from 45.61.184.204 port 43802:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:56:29.849Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:56:43 honeypot-ams-1 kernel: [83881988.430066] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=18120 DF PROTO=TCP SPT=52185 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T17:56:44.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:54 honeypot-ams-1 sshd[13227]: Invalid user user from 45.61.184.204 port 50626","@timestamp":"2022-09-12T17:56:54.862Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:59:47 honeypot-ams-1 kernel: [83882171.718031] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.211 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51788 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:59:47.952Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:01:10 honeypot-fra-1 kernel: [83880096.884000] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.121.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49009 PROTO=TCP SPT=45571 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:01:10.927Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:01:13.543Z","@version":"1","message":"Sep 12 18:01:12 honeypot-sgp-1 kernel: [83881783.819974] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.255.227.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=901 PROTO=TCP SPT=45657 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:02:08 honeypot-fra-1 sshd[3903]: Disconnected from invalid user monitor 20.206.248.106 port 33584 [preauth]","@timestamp":"2022-09-12T18:02:08.953Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:04:02 honeypot-ams-1 kernel: [83882426.751722] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=5652 DF PROTO=TCP SPT=61396 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T18:04:03.071Z"}
{"@timestamp":"2022-09-12T18:04:23.622Z","@version":"1","message":"Sep 12 18:04:23 honeypot-sgp-1 sshd[8801]: Invalid user user from 45.61.184.204 port 35938","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:04:43.633Z","@version":"1","message":"Sep 12 18:04:42 honeypot-sgp-1 sshd[8806]: Invalid user user from 45.61.184.204 port 59278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:00 honeypot-ams-1 sshd[13250]: Invalid user ubnt from 188.250.234.67 port 36175","@timestamp":"2022-09-12T18:05:01.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:01 honeypot-ams-1 sshd[13254]: Disconnected from authenticating user root 188.250.234.67 port 36216 [preauth]","@timestamp":"2022-09-12T18:05:02.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:03 honeypot-ams-1 sshd[13260]: Disconnected from authenticating user root 188.250.234.67 port 36281 [preauth]","@timestamp":"2022-09-12T18:05:03.100Z"}
{"@timestamp":"2022-09-12T18:05:03.643Z","@version":"1","message":"Sep 12 18:05:02 honeypot-sgp-1 sshd[8810]: Invalid user user from 45.61.184.204 port 54394","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:04 honeypot-ams-1 sshd[13266]: Disconnected from authenticating user root 188.250.234.67 port 36324 [preauth]","@timestamp":"2022-09-12T18:05:05.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:05 honeypot-ams-1 sshd[13272]: Disconnected from authenticating user root 188.250.234.67 port 36364 [preauth]","@timestamp":"2022-09-12T18:05:06.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:06 honeypot-ams-1 sshd[13278]: Disconnected from authenticating user root 188.250.234.67 port 36400 [preauth]","@timestamp":"2022-09-12T18:05:07.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:08 honeypot-ams-1 sshd[13284]: Disconnected from authenticating user root 188.250.234.67 port 36445 [preauth]","@timestamp":"2022-09-12T18:05:09.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:09 honeypot-ams-1 sshd[13290]: Disconnected from authenticating user root 188.250.234.67 port 36482 [preauth]","@timestamp":"2022-09-12T18:05:10.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:10 honeypot-ams-1 sshd[13296]: Disconnected from authenticating user root 188.250.234.67 port 36533 [preauth]","@timestamp":"2022-09-12T18:05:11.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:12 honeypot-ams-1 sshd[13302]: Disconnected from authenticating user root 188.250.234.67 port 36605 [preauth]","@timestamp":"2022-09-12T18:05:12.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:13 honeypot-ams-1 sshd[13308]: Disconnected from authenticating user root 188.250.234.67 port 36653 [preauth]","@timestamp":"2022-09-12T18:05:14.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:14 honeypot-ams-1 sshd[13314]: Disconnected from authenticating user root 188.250.234.67 port 36701 [preauth]","@timestamp":"2022-09-12T18:05:15.109Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:15 honeypot-ams-1 sshd[13320]: Invalid user admin from 188.250.234.67 port 36736","@timestamp":"2022-09-12T18:05:16.111Z"}
{"@timestamp":"2022-09-12T18:05:16.649Z","@version":"1","message":"Sep 12 18:05:16 honeypot-sgp-1 kernel: [83882027.256719] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.121.154 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18002 PROTO=TCP SPT=45571 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:16 honeypot-ams-1 sshd[13324]: Invalid user admin from 188.250.234.67 port 36766","@timestamp":"2022-09-12T18:05:17.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:17 honeypot-ams-1 sshd[13328]: Invalid user admin from 188.250.234.67 port 36791","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:18 honeypot-ams-1 sshd[13332]: Invalid user admin from 188.250.234.67 port 36809","@timestamp":"2022-09-12T18:05:19.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:19 honeypot-ams-1 sshd[13336]: Invalid user admin from 188.250.234.67 port 36838","@timestamp":"2022-09-12T18:05:20.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:20 honeypot-ams-1 sshd[13340]: Received disconnect from 188.250.234.67 port 36859:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:21.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:21 honeypot-ams-1 sshd[13344]: Disconnected from invalid user pi 188.250.234.67 port 36904 [preauth]","@timestamp":"2022-09-12T18:05:21.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:21 honeypot-ams-1 sshd[13348]: Disconnected from invalid user user 188.250.234.67 port 36952 [preauth]","@timestamp":"2022-09-12T18:05:22.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:22 honeypot-ams-1 sshd[13353]: Disconnected from invalid user mine 188.250.234.67 port 36990 [preauth]","@timestamp":"2022-09-12T18:05:23.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:23 honeypot-ams-1 sshd[13357]: Disconnected from invalid user xbmc 188.250.234.67 port 37016 [preauth]","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:24 honeypot-ams-1 sshd[13361]: Disconnected from invalid user oracle 188.250.234.67 port 37040 [preauth]","@timestamp":"2022-09-12T18:05:25.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:25 honeypot-ams-1 sshd[13365]: Disconnected from invalid user postgres 188.250.234.67 port 37063 [preauth]","@timestamp":"2022-09-12T18:05:26.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:26 honeypot-ams-1 sshd[13369]: Disconnected from invalid user support 188.250.234.67 port 37081 [preauth]","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:27 honeypot-ams-1 sshd[13373]: Disconnected from invalid user ubuntu 188.250.234.67 port 37098 [preauth]","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:27 honeypot-ams-1 sshd[13377]: Disconnected from invalid user ubuntu 188.250.234.67 port 37121 [preauth]","@timestamp":"2022-09-12T18:05:28.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:28 honeypot-ams-1 sshd[13381]: Disconnected from invalid user guest 188.250.234.67 port 37140 [preauth]","@timestamp":"2022-09-12T18:05:29.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:29 honeypot-ams-1 sshd[13385]: Disconnected from invalid user cirros 188.250.234.67 port 37156 [preauth]","@timestamp":"2022-09-12T18:05:30.123Z"}
{"@timestamp":"2022-09-12T18:06:11.676Z","@version":"1","message":"Sep 12 18:06:10 honeypot-sgp-1 sshd[8816]: Disconnected from authenticating user root 62.204.41.222 port 36273 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:06:33 honeypot-fra-1 kernel: [83880419.233302] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.133 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37623 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:06:34.057Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:07:25.712Z","@version":"1","message":"Sep 12 18:07:25 honeypot-sgp-1 kernel: [83882156.725967] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.102 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=50998 PROTO=TCP SPT=27246 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:08:24 honeypot-ams-1 sshd[13390]: Received disconnect from 211.125.67.35 port 43416:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:08:25.215Z"}
{"@timestamp":"2022-09-12T18:10:04.780Z","@version":"1","message":"Sep 12 18:10:04 honeypot-sgp-1 sshd[8825]: Disconnected from invalid user scan 91.240.118.222 port 38279 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:11:03 honeypot-fra-1 sshd[3921]: Connection closed by 112.16.125.165 port 35223 [preauth]","@timestamp":"2022-09-12T18:11:04.163Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:11:39.823Z","@version":"1","message":"Sep 12 18:11:39 honeypot-sgp-1 sshd[8830]: Invalid user User from 179.60.147.69 port 59824","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:11:40 honeypot-ams-1 sshd[13394]: Did not receive identification string from 45.61.186.169 port 46972","@timestamp":"2022-09-12T18:11:40.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:11:53 honeypot-ams-1 sshd[13397]: Disconnected from invalid user user 45.61.186.169 port 39514 [preauth]","@timestamp":"2022-09-12T18:11:54.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:11 honeypot-ams-1 sshd[13401]: Disconnected from invalid user user 45.61.186.169 port 34424 [preauth]","@timestamp":"2022-09-12T18:12:12.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:20 honeypot-ams-1 sshd[13403]: Disconnected from invalid user user 45.61.186.169 port 45986 [preauth]","@timestamp":"2022-09-12T18:12:21.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:37 honeypot-ams-1 sshd[13409]: Disconnected from invalid user user 45.61.186.169 port 40896 [preauth]","@timestamp":"2022-09-12T18:12:38.337Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:13:43 honeypot-fra-1 sshd[3930]: Connection closed by 103.231.214.252 port 61107 [preauth]","@timestamp":"2022-09-12T18:13:43.227Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:43 honeypot-ams-1 sshd[13415]: Received disconnect from 141.255.162.226 port 53414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:15:44.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:46 honeypot-ams-1 sshd[13419]: Received disconnect from 141.255.162.226 port 46428:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:15:46.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:49 honeypot-ams-1 sshd[13423]: Received disconnect from 141.255.162.226 port 53112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:15:50.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:51 honeypot-ams-1 sshd[13427]: Received disconnect from 141.255.162.226 port 60094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:15:52.429Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:16:50 honeypot-fra-1 sshd[3937]: Connection closed by 103.231.214.252 port 44694 [preauth]","@timestamp":"2022-09-12T18:16:51.300Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:17:01.955Z","@version":"1","message":"Sep 12 18:17:01 honeypot-sgp-1 CRON[8838]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:17:48 honeypot-fra-1 sshd[3944]: Received disconnect from 165.22.45.108 port 55042:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:17:48.325Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:20:24 honeypot-ams-1 sshd[13511]: Invalid user kundert from 200.111.119.58 port 37694","@timestamp":"2022-09-12T18:20:24.545Z"}
{"@timestamp":"2022-09-12T18:20:27.037Z","@version":"1","message":"Sep 12 18:20:26 honeypot-sgp-1 sshd[8844]: Disconnected from invalid user test 172.105.61.41 port 52936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:21:32 honeypot-fra-1 sshd[3952]: Connection closed by 103.231.214.252 port 51259 [preauth]","@timestamp":"2022-09-12T18:21:33.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:22:32 honeypot-ams-1 sshd[13513]: Disconnected from invalid user benoit 92.205.19.152 port 56818 [preauth]","@timestamp":"2022-09-12T18:22:32.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:24:08 honeypot-ams-1 sshd[13519]: Received disconnect from 159.223.164.107 port 41224:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:24:09.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:24:40 honeypot-fra-1 sshd[3961]: Connection closed by 103.231.214.252 port 63928 [preauth]","@timestamp":"2022-09-12T18:24:41.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:27:05 honeypot-fra-1 sshd[3967]: Disconnected from invalid user test 70.35.202.246 port 48998 [preauth]","@timestamp":"2022-09-12T18:27:06.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:27:38 honeypot-ams-1 kernel: [83883843.072693] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.133 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52144 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:27:38.739Z"}
{"@timestamp":"2022-09-12T18:27:54.216Z","@version":"1","message":"Sep 12 18:27:53 honeypot-sgp-1 sshd[8849]: Received disconnect from 123.30.249.49 port 36907:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:29:24 honeypot-fra-1 sshd[3974]: Received disconnect from 180.168.2.154 port 56324:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:29:24.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:30:31.281Z","@version":"1","message":"Sep 12 18:30:31 honeypot-sgp-1 sshd[8853]: Received disconnect from 103.233.0.58 port 42670:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:33:22 honeypot-fra-1 sshd[3985]: Invalid user darbee from 154.86.27.92 port 53068","@timestamp":"2022-09-12T18:33:23.689Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:33:38 honeypot-ams-1 sshd[13527]: Disconnected from authenticating user root 161.35.112.155 port 37320 [preauth]","@timestamp":"2022-09-12T18:33:38.895Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:34:57 honeypot-fra-1 sshd[3989]: Disconnected from invalid user mc 144.24.72.43 port 55230 [preauth]","@timestamp":"2022-09-12T18:34:57.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:37:52.476Z","@version":"1","message":"Sep 12 18:37:51 honeypot-sgp-1 sshd[8859]: Received disconnect from 92.255.85.70 port 42076:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:40:31 honeypot-fra-1 sshd[4000]: Disconnected from authenticating user root 92.255.85.70 port 34624 [preauth]","@timestamp":"2022-09-12T18:40:31.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:46:09 honeypot-ams-1 kernel: [83884954.446273] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.242.169.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=20187 PROTO=TCP SPT=41902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:46:10.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:48:12 honeypot-fra-1 sshd[4011]: Connection closed by 103.231.214.252 port 18081 [preauth]","@timestamp":"2022-09-12T18:48:13.030Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:51:00 honeypot-ams-1 kernel: [83885245.327375] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.189.68.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=57495 PROTO=TCP SPT=32070 DPT=80 WINDOW=48798 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:51:01.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:52:56 honeypot-fra-1 sshd[4020]: Received disconnect from 165.22.45.108 port 59838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:52:57.141Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:57:37 honeypot-fra-1 sshd[4029]: Connection closed by 103.231.214.252 port 20716 [preauth]","@timestamp":"2022-09-12T18:57:37.246Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:01:17.029Z","@version":"1","message":"Sep 12 19:01:16 honeypot-sgp-1 sshd[8866]: Received disconnect from 92.255.85.70 port 16848:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:03:07 honeypot-fra-1 sshd[4038]: Received disconnect from 88.142.46.185 port 35976:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:03:08.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:05:27 honeypot-fra-1 sshd[4044]: Connection closed by 103.231.214.252 port 54333 [preauth]","@timestamp":"2022-09-12T19:05:27.427Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:06:21.151Z","@version":"1","message":"Sep 12 19:06:20 honeypot-sgp-1 sshd[8869]: Disconnected from invalid user mbot24 154.214.4.199 port 46708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:06:31 honeypot-ams-1 sshd[13538]: Disconnected from authenticating user root 92.255.85.69 port 46546 [preauth]","@timestamp":"2022-09-12T19:06:31.740Z"}
{"@timestamp":"2022-09-12T19:07:08.172Z","@version":"1","message":"Sep 12 19:07:07 honeypot-sgp-1 sshd[8873]: Disconnected from invalid user araujo 84.201.177.10 port 37316 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:08:25.206Z","@version":"1","message":"Sep 12 19:08:24 honeypot-sgp-1 sshd[8877]: Disconnected from invalid user admin 202.164.153.78 port 37396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:09:30 honeypot-fra-1 sshd[4053]: Received disconnect from 43.128.188.237 port 41580:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:09:30.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:10:16 honeypot-ams-1 kernel: [83886400.841250] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.229.234.16 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=54807 PROTO=TCP SPT=48138 DPT=80 WINDOW=24331 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:10:16.842Z"}
{"@timestamp":"2022-09-12T19:11:17.275Z","@version":"1","message":"Sep 12 19:11:16 honeypot-sgp-1 sshd[8883]: Received disconnect from 118.70.170.120 port 52268:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:12:17 honeypot-ams-1 sshd[13548]: Disconnected from authenticating user root 119.92.159.209 port 16673 [preauth]","@timestamp":"2022-09-12T19:12:18.898Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:13:15 honeypot-fra-1 sshd[4061]: Received disconnect from 190.85.108.189 port 51072:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:13:15.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:14:52 honeypot-fra-1 sshd[4068]: Connection closed by 103.231.214.252 port 40334 [preauth]","@timestamp":"2022-09-12T19:14:52.642Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:17:02.414Z","@version":"1","message":"Sep 12 19:17:01 honeypot-sgp-1 CRON[8889]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:17:59 honeypot-fra-1 sshd[4077]: Connection closed by 103.231.214.252 port 11602 [preauth]","@timestamp":"2022-09-12T19:18:00.713Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:19:49.481Z","@version":"1","message":"Sep 12 19:19:49 honeypot-sgp-1 sshd[8897]: Connection closed by 179.60.147.69 port 14172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:20:39 honeypot-fra-1 kernel: [83884865.279789] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=42647 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:20:39.777Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T19:21:47.535Z","@version":"1","message":"Sep 12 19:21:47 honeypot-sgp-1 kernel: [83886618.529593] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.108 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=40684 PROTO=TCP SPT=34292 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:24:59 honeypot-ams-1 sshd[13557]: Invalid user guest from 27.72.41.166 port 26728","@timestamp":"2022-09-12T19:25:00.223Z"}
{"@timestamp":"2022-09-12T19:25:56.633Z","@version":"1","message":"Sep 12 19:25:55 honeypot-sgp-1 sshd[8918]: Disconnected from authenticating user root 197.248.117.226 port 39530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:26:21 honeypot-fra-1 kernel: [83885207.084208] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=88.214.26.53 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60906 PROTO=TCP SPT=42229 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:26:21.908Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:27:43 honeypot-fra-1 sshd[4099]: Received disconnect from 92.255.85.69 port 49790:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:27:43.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:30:32 honeypot-fra-1 sshd[4105]: Connection closed by 103.231.214.252 port 61365 [preauth]","@timestamp":"2022-09-12T19:30:33.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:31:07 honeypot-ams-1 kernel: [83887652.034031] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.127.251.139 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x80 TTL=111 ID=24586 DF PROTO=TCP SPT=30682 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:31:08.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:35:14 honeypot-fra-1 sshd[4114]: Connection closed by 103.231.214.252 port 25848 [preauth]","@timestamp":"2022-09-12T19:35:15.117Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:41:33 honeypot-fra-1 sshd[4123]: Connection closed by invalid user user 193.106.191.157 port 33326 [preauth]","@timestamp":"2022-09-12T19:41:34.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:43:17.032Z","@version":"1","message":"Sep 12 19:43:16 honeypot-sgp-1 kernel: [83887907.940622] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.200.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=30616 PROTO=TCP SPT=34869 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:47:37 honeypot-fra-1 sshd[4214]: Disconnected from authenticating user root 81.250.204.52 port 37416 [preauth]","@timestamp":"2022-09-12T19:47:38.399Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:47:44.140Z","@version":"1","message":"Sep 12 19:47:43 honeypot-sgp-1 sshd[8932]: Disconnected from authenticating user root 92.255.85.69 port 29786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:48:04 honeypot-ams-1 sshd[13571]: ssh_dispatch_run_fatal: Connection from 207.229.167.36 port 42812: Connection corrupted [preauth]","@timestamp":"2022-09-12T19:48:04.831Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:50:54 honeypot-fra-1 sshd[4223]: Connection closed by 103.231.214.252 port 24900 [preauth]","@timestamp":"2022-09-12T19:50:55.478Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:52:03 honeypot-ams-1 kernel: [83888908.134540] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.34.87.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=12298 PROTO=TCP SPT=39765 DPT=443 WINDOW=49013 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:52:03.936Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:53:25 honeypot-fra-1 sshd[4227]: Disconnected from invalid user admin 81.150.9.251 port 38234 [preauth]","@timestamp":"2022-09-12T19:53:25.537Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:55:10.316Z","@version":"1","message":"Sep 12 19:55:09 honeypot-sgp-1 sshd[8937]: Received disconnect from 72.167.55.58 port 35426:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:56:19 honeypot-ams-1 kernel: [83889163.604226] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=50682 PROTO=TCP SPT=48449 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:56:20.050Z"}
{"@timestamp":"2022-09-12T19:56:31.350Z","@version":"1","message":"Sep 12 19:56:30 honeypot-sgp-1 sshd[8943]: Invalid user User from 179.60.147.69 port 60266","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:13 honeypot-fra-1 sshd[4238]: Did not receive identification string from 141.255.162.226 port 43632","@timestamp":"2022-09-12T19:59:13.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:15 honeypot-fra-1 sshd[4241]: Disconnected from invalid user user 141.255.162.226 port 37092 [preauth]","@timestamp":"2022-09-12T19:59:16.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:19 honeypot-fra-1 sshd[4245]: Disconnected from invalid user user 141.255.162.226 port 50874 [preauth]","@timestamp":"2022-09-12T19:59:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:23 honeypot-fra-1 sshd[4249]: Disconnected from invalid user user 141.255.162.226 port 36426 [preauth]","@timestamp":"2022-09-12T19:59:23.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:00:13 honeypot-ams-1 kernel: [83889397.699083] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23932 PROTO=TCP SPT=44515 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:00:14.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:02:15 honeypot-ams-1 sshd[13583]: Received disconnect from 89.236.239.25 port 56748:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:02:15.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:03:26 honeypot-fra-1 sshd[4258]: Connection closed by 103.231.214.252 port 37739 [preauth]","@timestamp":"2022-09-12T20:03:26.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:03:33.517Z","@version":"1","message":"Sep 12 20:03:33 honeypot-sgp-1 sshd[8948]: Received disconnect from 207.138.39.234 port 41444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:06:57.601Z","@version":"1","message":"Sep 12 20:06:57 honeypot-sgp-1 sshd[8954]: Received disconnect from 176.215.237.117 port 49278:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:07:41 honeypot-ams-1 kernel: [83889846.264654] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=61520 PROTO=TCP SPT=43832 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:07:42.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:08:08 honeypot-fra-1 sshd[4267]: Connection closed by 103.231.214.252 port 45830 [preauth]","@timestamp":"2022-09-12T20:08:08.880Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:10:36.691Z","@version":"1","message":"Sep 12 20:10:35 honeypot-sgp-1 sshd[8961]: Received disconnect from 157.230.245.64 port 46284:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:11:16 honeypot-fra-1 sshd[4273]: Connection closed by 103.231.214.252 port 14588 [preauth]","@timestamp":"2022-09-12T20:11:16.956Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:17:01.847Z","@version":"1","message":"Sep 12 20:17:01 honeypot-sgp-1 CRON[8966]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:17:01 honeypot-fra-1 CRON[4284]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T20:17:02.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:17:01 honeypot-ams-1 CRON[13590]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T20:17:02.635Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:19:15 honeypot-fra-1 sshd[4292]: Received disconnect from 190.226.244.9 port 41548:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:19:16.140Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:19:58 honeypot-ams-1 sshd[13597]: Received disconnect from 45.249.247.148 port 53716:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:19:58.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:23:31 honeypot-fra-1 sshd[4299]: Connection closed by invalid user ftpuser 180.140.74.77 port 46948 [preauth]","@timestamp":"2022-09-12T20:23:32.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:26:56 honeypot-fra-1 sshd[4308]: Connection closed by 103.231.214.252 port 51286 [preauth]","@timestamp":"2022-09-12T20:26:57.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:28:45 honeypot-ams-1 kernel: [83891109.466052] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=46956 PROTO=TCP SPT=16647 DPT=80 WINDOW=42751 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:28:45.954Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:30:05 honeypot-fra-1 sshd[4317]: Connection closed by 103.231.214.252 port 63951 [preauth]","@timestamp":"2022-09-12T20:30:05.391Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:30:53.170Z","@version":"1","message":"Sep 12 20:30:52 honeypot-sgp-1 sshd[8972]: Received disconnect from 159.65.188.65 port 51950:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:02.200Z","@version":"1","message":"Sep 12 20:32:01 honeypot-sgp-1 sshd[8976]: Disconnected from authenticating user root 117.28.245.18 port 40016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:32.213Z","@version":"1","message":"Sep 12 20:32:31 honeypot-sgp-1 sshd[8983]: Invalid user user from 141.255.162.226 port 40804","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:34.215Z","@version":"1","message":"Sep 12 20:32:33 honeypot-sgp-1 sshd[8987]: Invalid user user from 141.255.162.226 port 34612","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:37.217Z","@version":"1","message":"Sep 12 20:32:36 honeypot-sgp-1 sshd[8991]: Invalid user user from 141.255.162.226 port 37378","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:33:07.254Z","@version":"1","message":"Sep 12 20:33:06 honeypot-sgp-1 sshd[8995]: Invalid user postgres from 139.59.233.124 port 37042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:34:39 honeypot-fra-1 sshd[4326]: Connection closed by invalid user support 193.106.191.157 port 39410 [preauth]","@timestamp":"2022-09-12T20:34:40.497Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:34:58 honeypot-ams-1 sshd[13608]: Invalid user User from 179.60.147.69 port 65434","@timestamp":"2022-09-12T20:34:59.114Z"}
{"@timestamp":"2022-09-12T20:35:25.310Z","@version":"1","message":"Sep 12 20:35:24 honeypot-sgp-1 kernel: [83891035.522204] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20317 PROTO=TCP SPT=48973 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:37:20 honeypot-fra-1 kernel: [83889466.232440] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=112.206.122.108 DST=165.22.82.222 LEN=552 TOS=0x00 PREC=0x00 TTL=247 ID=48764 PROTO=TCP SPT=29847 DPT=443 WINDOW=18701 RES=0x08 ACK PSH FIN URGP=39455 ","@timestamp":"2022-09-12T20:37:20.563Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T20:38:08.377Z","@version":"1","message":"Sep 12 20:38:08 honeypot-sgp-1 kernel: [83891199.346765] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.218.100.200 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=9702 DF PROTO=TCP SPT=57590 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:38:29 honeypot-ams-1 sshd[13612]: Received disconnect from 78.135.105.203 port 35602:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:38:30.205Z"}
{"@timestamp":"2022-09-12T20:38:56.398Z","@version":"1","message":"Sep 12 20:38:55 honeypot-sgp-1 sshd[9007]: Received disconnect from 141.255.162.226 port 36546:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:39:00.401Z","@version":"1","message":"Sep 12 20:38:59 honeypot-sgp-1 sshd[9011]: Received disconnect from 141.255.162.226 port 50036:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:39:04.403Z","@version":"1","message":"Sep 12 20:39:03 honeypot-sgp-1 sshd[9015]: Connection closed by invalid user user 141.255.162.226 port 35300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:39:54 honeypot-ams-1 sshd[13617]: Received disconnect from 200.60.92.170 port 50686:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:39:55.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:40:54 honeypot-fra-1 sshd[4341]: Invalid user kitkat from 165.22.45.108 port 46072","@timestamp":"2022-09-12T20:40:54.646Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:42:32 honeypot-ams-1 sshd[13623]: Invalid user support from 193.106.191.157 port 50752","@timestamp":"2022-09-12T20:42:33.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:43:47 honeypot-fra-1 sshd[4348]: Connection closed by invalid user User 179.60.147.69 port 36258 [preauth]","@timestamp":"2022-09-12T20:43:47.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:48:51 honeypot-fra-1 sshd[4360]: Invalid user www from 36.91.38.31 port 39694","@timestamp":"2022-09-12T20:48:51.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:52:16 honeypot-fra-1 sshd[4368]: Connection closed by 103.231.214.252 port 40345 [preauth]","@timestamp":"2022-09-12T20:52:16.907Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:52:29 honeypot-ams-1 sshd[13628]: Connection closed by invalid user support 193.106.191.157 port 34958 [preauth]","@timestamp":"2022-09-12T20:52:29.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:55:31 honeypot-fra-1 sshd[4373]: Connection closed by 103.231.214.252 port 53013 [preauth]","@timestamp":"2022-09-12T20:55:31.985Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:55:43.790Z","@version":"1","message":"Sep 12 20:55:42 honeypot-sgp-1 kernel: [83892253.922044] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=50416 DF PROTO=TCP SPT=53502 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:57:04 honeypot-ams-1 sshd[13635]: Invalid user project from 202.53.175.36 port 32964","@timestamp":"2022-09-12T20:57:04.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:57:41 honeypot-ams-1 sshd[13639]: Disconnected from authenticating user root 193.142.146.50 port 43578 [preauth]","@timestamp":"2022-09-12T20:57:42.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:27 honeypot-ams-1 sshd[13645]: Received disconnect from 193.142.146.50 port 55226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:58:27.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:58:36 honeypot-fra-1 kernel: [83890742.175323] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=65365 DF PROTO=TCP SPT=52462 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:58:37.060Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:47 honeypot-ams-1 sshd[13649]: Disconnected from authenticating user root 193.142.146.50 port 49698 [preauth]","@timestamp":"2022-09-12T20:58:47.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:59:02 honeypot-fra-1 sshd[4382]: Disconnected from authenticating user root 92.255.85.69 port 63064 [preauth]","@timestamp":"2022-09-12T20:59:03.072Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:59:10.876Z","@version":"1","message":"Sep 12 20:59:10 honeypot-sgp-1 sshd[9023]: Invalid user sshvpn from 161.35.125.167 port 39060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:06 honeypot-ams-1 sshd[13655]: Received disconnect from 193.142.146.50 port 55818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:00:07.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:53 honeypot-ams-1 sshd[13661]: Invalid user test from 193.142.146.50 port 39234","@timestamp":"2022-09-12T21:00:53.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:01:41 honeypot-ams-1 sshd[13665]: Received disconnect from 193.142.146.50 port 56404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:01:41.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:12 honeypot-ams-1 sshd[13669]: Received disconnect from 193.142.146.50 port 45348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:02:12.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:43 honeypot-ams-1 sshd[13674]: Received disconnect from 193.142.146.50 port 34292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:02:44.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:03:45 honeypot-ams-1 sshd[13680]: Invalid user oracle from 193.142.146.50 port 45940","@timestamp":"2022-09-12T21:03:45.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:18 honeypot-ams-1 sshd[13684]: Received disconnect from 193.142.146.50 port 34884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:04:18.900Z"}
{"@timestamp":"2022-09-12T21:04:23.998Z","@version":"1","message":"Sep 12 21:04:23 honeypot-sgp-1 sshd[9027]: Received disconnect from 52.172.46.214 port 39722:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:35 honeypot-ams-1 sshd[13686]: Disconnected from authenticating user root 193.142.146.50 port 57588 [preauth]","@timestamp":"2022-09-12T21:04:35.910Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:05:29 honeypot-ams-1 sshd[13690]: Received disconnect from 62.204.41.222 port 50431:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-12T21:05:29.936Z"}
{"@timestamp":"2022-09-12T21:05:37.029Z","@version":"1","message":"Sep 12 21:05:36 honeypot-sgp-1 sshd[9031]: Connection closed by invalid user User 179.60.147.69 port 37752 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:06:46 honeypot-fra-1 sshd[4393]: Connection closed by 103.231.214.252 port 43952 [preauth]","@timestamp":"2022-09-12T21:06:46.266Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:07:20.071Z","@version":"1","message":"Sep 12 21:07:19 honeypot-sgp-1 sshd[9035]: Disconnected from authenticating user nobody 156.67.208.180 port 34872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:08:21 honeypot-ams-1 sshd[13696]: Invalid user User from 179.60.147.69 port 65362","@timestamp":"2022-09-12T21:08:22.013Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:10:43 honeypot-fra-1 sshd[4402]: Received disconnect from 143.110.236.239 port 36360:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:10:44.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:16:09 honeypot-fra-1 sshd[4411]: Connection closed by 103.231.214.252 port 58266 [preauth]","@timestamp":"2022-09-12T21:16:10.484Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:17:01 honeypot-ams-1 CRON[13701]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T21:17:02.242Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:19:17 honeypot-fra-1 sshd[4420]: Connection closed by 103.231.214.252 port 15927 [preauth]","@timestamp":"2022-09-12T21:19:18.558Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:19:25.348Z","@version":"1","message":"Sep 12 21:19:25 honeypot-sgp-1 sshd[9042]: Disconnected from authenticating user root 92.255.85.69 port 33226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:21:38 honeypot-fra-1 sshd[4427]: Disconnected from authenticating user root 92.255.85.70 port 58436 [preauth]","@timestamp":"2022-09-12T21:21:38.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:28 honeypot-ams-1 sshd[13708]: Received disconnect from 45.61.186.169 port 57978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:22:29.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:46 honeypot-ams-1 sshd[13712]: Received disconnect from 45.61.186.169 port 52320:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:22:47.393Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:03 honeypot-ams-1 sshd[13716]: Received disconnect from 45.61.186.169 port 46628:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:23:04.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:17 honeypot-ams-1 sshd[13721]: Invalid user zhanghua from 202.74.243.26 port 12541","@timestamp":"2022-09-12T21:23:17.408Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:25:23 honeypot-ams-1 kernel: [83894507.916066] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=145.40.77.125 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=60760 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:25:24.462Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:28:42 honeypot-fra-1 sshd[4439]: Connection closed by 103.231.214.252 port 42839 [preauth]","@timestamp":"2022-09-12T21:28:42.775Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:37:25.760Z","@version":"1","message":"Sep 12 21:37:25 honeypot-sgp-1 kernel: [83894756.637579] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.248.46 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=19105 PROTO=TCP SPT=13214 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:38:06 honeypot-fra-1 sshd[4453]: Connection closed by 103.231.214.252 port 24947 [preauth]","@timestamp":"2022-09-12T21:38:06.987Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:40:31 honeypot-ams-1 kernel: [83895415.869456] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4932 PROTO=TCP SPT=48973 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:40:31.845Z"}
{"@timestamp":"2022-09-12T21:42:19.876Z","@version":"1","message":"Sep 12 21:42:18 honeypot-sgp-1 sshd[9050]: Received disconnect from 198.98.61.9 port 42524:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:30.881Z","@version":"1","message":"Sep 12 21:42:30 honeypot-sgp-1 sshd[9054]: Disconnected from invalid user user 198.98.61.9 port 53726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:45.888Z","@version":"1","message":"Sep 12 21:42:45 honeypot-sgp-1 sshd[9059]: Received disconnect from 198.98.61.9 port 47852:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:59.895Z","@version":"1","message":"Sep 12 21:42:59 honeypot-sgp-1 sshd[9063]: Received disconnect from 198.98.61.9 port 41982:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:43:00 honeypot-ams-1 sshd[13732]: Invalid user guest from 182.70.125.202 port 39092","@timestamp":"2022-09-12T21:43:00.911Z"}
{"@timestamp":"2022-09-12T21:43:39.914Z","@version":"1","message":"Sep 12 21:43:39 honeypot-sgp-1 sshd[9067]: Connection closed by invalid user guest 122.169.115.179 port 48218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:46:08 honeypot-ams-1 sshd[13736]: Received disconnect from 77.173.61.93 port 35726:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:46:08.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:47:24 honeypot-ams-1 sshd[13741]: Received disconnect from 212.205.99.56 port 40286:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:47:25.030Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:49:14 honeypot-ams-1 kernel: [83895938.491124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=31339 DF PROTO=TCP SPT=53203 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:49:15.081Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:50:15 honeypot-fra-1 sshd[4463]: Invalid user User from 179.60.147.69 port 37292","@timestamp":"2022-09-12T21:50:15.259Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:56:46 honeypot-ams-1 kernel: [83896390.827222] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=6528 DF PROTO=TCP SPT=50600 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:56:47.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:57:24 honeypot-fra-1 kernel: [83894270.025872] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=145.40.77.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41690 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:57:24.434Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T21:57:31.255Z","@version":"1","message":"Sep 12 21:57:30 honeypot-sgp-1 sshd[9150]: Invalid user admin from 121.154.34.24 port 33020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:58:12 honeypot-ams-1 sshd[13753]: Disconnected from invalid user ubuntu 103.135.215.66 port 55318 [preauth]","@timestamp":"2022-09-12T21:58:13.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:31 honeypot-fra-1 sshd[4472]: Invalid user user from 45.61.186.169 port 58210","@timestamp":"2022-09-12T21:59:32.485Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:49 honeypot-fra-1 sshd[4478]: Invalid user user from 45.61.186.169 port 54070","@timestamp":"2022-09-12T21:59:50.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:59 honeypot-fra-1 sshd[4480]: Disconnected from invalid user user 45.61.186.169 port 37896 [preauth]","@timestamp":"2022-09-12T21:59:59.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:16 honeypot-fra-1 sshd[4484]: Disconnected from invalid user user 45.61.186.169 port 33768 [preauth]","@timestamp":"2022-09-12T22:00:17.507Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:03:54.404Z","@version":"1","message":"Sep 12 22:03:53 honeypot-sgp-1 kernel: [83896344.667714] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46981 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:04:55 honeypot-fra-1 sshd[4489]: Disconnected from invalid user admin 139.198.27.111 port 36052 [preauth]","@timestamp":"2022-09-12T22:04:55.610Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:07:22 honeypot-ams-1 sshd[13758]: Connection closed by invalid user pi 96.3.36.65 port 53530 [preauth]","@timestamp":"2022-09-12T22:07:22.578Z"}
{"@timestamp":"2022-09-12T22:07:38.493Z","@version":"1","message":"Sep 12 22:07:37 honeypot-sgp-1 sshd[9161]: Disconnected from invalid user demo 142.93.187.197 port 44062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:08:38 honeypot-fra-1 sshd[4493]: Disconnected from authenticating user root 92.255.85.70 port 27328 [preauth]","@timestamp":"2022-09-12T22:08:39.694Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:09:33 honeypot-ams-1 sshd[13765]: Received disconnect from 167.71.216.161 port 55196:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:09:33.639Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:11:03 honeypot-ams-1 sshd[13769]: Disconnected from authenticating user root 92.255.85.69 port 25656 [preauth]","@timestamp":"2022-09-12T22:11:04.681Z"}
{"@timestamp":"2022-09-12T22:11:45.593Z","@version":"1","message":"Sep 12 22:11:45 honeypot-sgp-1 sshd[9166]: Invalid user User from 179.60.147.69 port 56446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:11:57 honeypot-fra-1 sshd[4500]: Did not receive identification string from 141.255.162.226 port 50492","@timestamp":"2022-09-12T22:11:57.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:04 honeypot-fra-1 sshd[4503]: Disconnected from invalid user user 141.255.162.226 port 57818 [preauth]","@timestamp":"2022-09-12T22:12:05.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:08 honeypot-fra-1 sshd[4507]: Disconnected from invalid user user 141.255.162.226 port 49778 [preauth]","@timestamp":"2022-09-12T22:12:09.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:12 honeypot-fra-1 sshd[4511]: Disconnected from invalid user user 141.255.162.226 port 35022 [preauth]","@timestamp":"2022-09-12T22:12:12.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:14:32 honeypot-ams-1 sshd[13772]: Connection closed by invalid user User 179.60.147.69 port 58280 [preauth]","@timestamp":"2022-09-12T22:14:33.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:17:01 honeypot-fra-1 CRON[4518]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T22:17:01.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:19:24.772Z","@version":"1","message":"Sep 12 22:19:24 honeypot-sgp-1 sshd[9173]: Did not receive identification string from 198.98.61.9 port 47060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:08.792Z","@version":"1","message":"Sep 12 22:20:07 honeypot-sgp-1 sshd[9176]: Disconnected from invalid user user 198.98.61.9 port 43878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:24.799Z","@version":"1","message":"Sep 12 22:20:24 honeypot-sgp-1 sshd[9182]: Disconnected from invalid user user 198.98.61.9 port 38066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:41.808Z","@version":"1","message":"Sep 12 22:20:41 honeypot-sgp-1 sshd[9186]: Disconnected from invalid user user 198.98.61.9 port 60410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:23:01 honeypot-ams-1 sshd[13782]: Disconnected from authenticating user root 61.177.173.46 port 47456 [preauth]","@timestamp":"2022-09-12T22:23:02.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:24:56 honeypot-fra-1 sshd[4525]: Disconnected from authenticating user root 68.183.42.17 port 42066 [preauth]","@timestamp":"2022-09-12T22:24:57.063Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:29:20.013Z","@version":"1","message":"Sep 12 22:29:19 honeypot-sgp-1 sshd[9192]: Received disconnect from 92.255.85.70 port 24304:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:32:02 honeypot-fra-1 sshd[4530]: Disconnected from authenticating user root 92.255.85.69 port 19686 [preauth]","@timestamp":"2022-09-12T22:32:03.222Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:34:43 honeypot-ams-1 sshd[13794]: Disconnected from authenticating user root 92.255.85.69 port 17524 [preauth]","@timestamp":"2022-09-12T22:34:43.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:35:59 honeypot-ams-1 sshd[13800]: Did not receive identification string from 45.61.186.249 port 52280","@timestamp":"2022-09-12T22:36:00.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:39 honeypot-ams-1 sshd[13805]: Invalid user user from 45.61.186.249 port 47132","@timestamp":"2022-09-12T22:36:40.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:59 honeypot-ams-1 sshd[13809]: Invalid user user from 45.61.186.249 port 42162","@timestamp":"2022-09-12T22:36:59.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:17 honeypot-ams-1 sshd[13813]: Invalid user user from 45.61.186.249 port 37196","@timestamp":"2022-09-12T22:37:17.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:33 honeypot-ams-1 sshd[13817]: Invalid user user from 45.61.186.249 port 60462","@timestamp":"2022-09-12T22:37:34.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:38:18 honeypot-ams-1 sshd[13821]: Did not receive identification string from 45.61.186.169 port 39726","@timestamp":"2022-09-12T22:38:19.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:03 honeypot-ams-1 sshd[13824]: Received disconnect from 45.61.186.169 port 43264:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:39:04.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:21 honeypot-ams-1 sshd[13828]: Received disconnect from 45.61.186.169 port 38212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:39:22.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:39 honeypot-ams-1 sshd[13832]: Received disconnect from 45.61.186.169 port 33176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:39:39.467Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:40:16 honeypot-ams-1 sshd[13837]: Disconnected from authenticating user root 2.42.221.248 port 49908 [preauth]","@timestamp":"2022-09-12T22:40:16.485Z"}
{"@timestamp":"2022-09-12T22:41:28.294Z","@version":"1","message":"Sep 12 22:41:27 honeypot-sgp-1 kernel: [83898598.398864] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=10263 DF PROTO=TCP SPT=61755 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:41:27 honeypot-ams-1 sshd[13841]: Disconnected from invalid user admin 167.71.235.223 port 49594 [preauth]","@timestamp":"2022-09-12T22:41:28.517Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:42:16 honeypot-fra-1 kernel: [83896962.393475] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27959 PROTO=TCP SPT=42356 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:42:17.450Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:42:50 honeypot-ams-1 sshd[13845]: Received disconnect from 189.46.157.37 port 47468:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:42:50.555Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:45:35 honeypot-ams-1 kernel: [83899319.476403] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=780 PROTO=TCP SPT=42356 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:45:35.628Z"}
{"@timestamp":"2022-09-12T22:45:58.404Z","@version":"1","message":"Sep 12 22:45:58 honeypot-sgp-1 kernel: [83898869.270058] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45060 PROTO=TCP SPT=42356 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:55:02 honeypot-fra-1 sshd[4541]: Disconnected from authenticating user root 92.255.85.69 port 61756 [preauth]","@timestamp":"2022-09-12T22:55:02.734Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:55:17.619Z","@version":"1","message":"Sep 12 22:55:17 honeypot-sgp-1 sshd[9205]: Disconnected from authenticating user root 167.71.131.111 port 44734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:58:00 honeypot-ams-1 sshd[13861]: Received disconnect from 92.255.85.70 port 46408:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:58:00.958Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:08 honeypot-ams-1 sshd[13866]: Did not receive identification string from 141.255.162.226 port 36106","@timestamp":"2022-09-12T23:04:08.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:25 honeypot-ams-1 sshd[13870]: Received disconnect from 141.255.162.226 port 57860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:04:26.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:29 honeypot-ams-1 sshd[13874]: Received disconnect from 141.255.162.226 port 56414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:04:30.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:33 honeypot-ams-1 sshd[13878]: Received disconnect from 141.255.162.226 port 41582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:04:34.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:06:18 honeypot-fra-1 sshd[4546]: Disconnected from invalid user minecraft3 134.209.244.230 port 55020 [preauth]","@timestamp":"2022-09-12T23:06:18.986Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:07:08 honeypot-ams-1 kernel: [83900613.239180] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=105.72.35.24 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=61256 DF PROTO=TCP SPT=14341 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:07:09.198Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4558]: Connection reset by 114.116.221.4 port 58530 [preauth]","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4556]: Connection closed by authenticating user root 114.116.221.4 port 58512 [preauth]","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4565]: Connection closed by invalid user admin 114.116.221.4 port 58496 [preauth]","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:13:58 honeypot-fra-1 sshd[4579]: Disconnected from authenticating user root 190.35.38.226 port 33086 [preauth]","@timestamp":"2022-09-12T23:13:59.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:14:47 honeypot-ams-1 sshd[13891]: Did not receive identification string from 45.61.184.204 port 41388","@timestamp":"2022-09-12T23:14:48.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:33 honeypot-ams-1 sshd[13897]: Invalid user user from 45.61.184.204 port 42800","@timestamp":"2022-09-12T23:15:33.417Z"}
{"@timestamp":"2022-09-12T23:15:40.103Z","@version":"1","message":"Sep 12 23:15:39 honeypot-sgp-1 sshd[9212]: Received disconnect from 92.255.85.70 port 20058:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:54 honeypot-ams-1 sshd[13901]: Invalid user user from 45.61.184.204 port 40324","@timestamp":"2022-09-12T23:15:55.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:13 honeypot-ams-1 sshd[13905]: Invalid user user from 45.61.184.204 port 37872","@timestamp":"2022-09-12T23:16:14.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:17:01 honeypot-fra-1 CRON[4584]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T23:17:02.231Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:17:01 honeypot-ams-1 CRON[13909]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T23:17:02.463Z"}
{"@timestamp":"2022-09-12T23:20:18.213Z","@version":"1","message":"Sep 12 23:20:17 honeypot-sgp-1 sshd[9219]: Invalid user pr from 139.59.28.53 port 40444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:20:54 honeypot-fra-1 sshd[4590]: Received disconnect from 165.22.45.108 port 38812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:20:55.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:22:00 honeypot-ams-1 kernel: [83901504.834301] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=1546 PROTO=TCP SPT=32067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:22:00.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:24:01 honeypot-ams-1 sshd[13923]: Invalid user Admin from 193.106.191.157 port 49850","@timestamp":"2022-09-12T23:24:02.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:24:14 honeypot-fra-1 kernel: [83899479.591764] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=44048 PROTO=TCP SPT=44956 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:24:14.401Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T23:26:16.354Z","@version":"1","message":"Sep 12 23:26:15 honeypot-sgp-1 sshd[9224]: Disconnected from authenticating user root 41.216.229.181 port 47008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:28:43 honeypot-fra-1 sshd[4597]: Invalid user Admin from 193.106.191.157 port 51386","@timestamp":"2022-09-12T23:28:43.504Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:29:27 honeypot-ams-1 sshd[13929]: Connection closed by invalid user ubnt 179.60.147.69 port 10440 [preauth]","@timestamp":"2022-09-12T23:29:27.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:30:00 honeypot-ams-1 sshd[13935]: Disconnected from authenticating user root 64.227.105.120 port 53546 [preauth]","@timestamp":"2022-09-12T23:30:00.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:31:33 honeypot-fra-1 kernel: [83899918.768838] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=54042 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:31:33.572Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:37:34 honeypot-fra-1 sshd[4604]: Disconnected from authenticating user root 178.128.108.91 port 36964 [preauth]","@timestamp":"2022-09-12T23:37:35.707Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:39:23.683Z","@version":"1","message":"Sep 12 23:39:22 honeypot-sgp-1 sshd[9230]: Disconnected from authenticating user root 92.255.85.70 port 34440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:40:29 honeypot-ams-1 sshd[13947]: Received disconnect from 61.177.172.104 port 43628:11:  [preauth]","@timestamp":"2022-09-12T23:40:30.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:41:01 honeypot-fra-1 sshd[4611]: Received disconnect from 88.142.46.185 port 34786:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:41:01.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:42:02 honeypot-fra-1 sshd[4615]: Disconnected from authenticating user root 92.255.85.69 port 28194 [preauth]","@timestamp":"2022-09-12T23:42:02.809Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:21 honeypot-ams-1 sshd[13950]: Disconnected from invalid user user 45.61.186.169 port 60862 [preauth]","@timestamp":"2022-09-12T23:43:22.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:39 honeypot-ams-1 sshd[13954]: Disconnected from invalid user user 45.61.186.169 port 55992 [preauth]","@timestamp":"2022-09-12T23:43:40.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:56 honeypot-ams-1 sshd[13958]: Disconnected from invalid user user 45.61.186.169 port 51134 [preauth]","@timestamp":"2022-09-12T23:43:57.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:13 honeypot-ams-1 sshd[13964]: Invalid user user from 45.61.186.169 port 46226","@timestamp":"2022-09-12T23:44:14.187Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:46:08 honeypot-ams-1 kernel: [83902952.492571] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.188.232.216 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=15533 PROTO=TCP SPT=45219 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:46:08.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:48:32 honeypot-ams-1 sshd[13974]: Disconnected from invalid user sammy 90.12.204.90 port 49116 [preauth]","@timestamp":"2022-09-12T23:48:32.303Z"}
{"@timestamp":"2022-09-12T23:49:02.907Z","@version":"1","message":"Sep 12 23:49:02 honeypot-sgp-1 sshd[9237]: Received disconnect from 124.152.118.194 port 10217:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:10 honeypot-fra-1 sshd[4621]: Connection closed by invalid user admin 159.203.178.0 port 50716 [preauth]","@timestamp":"2022-09-12T23:49:10.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:12 honeypot-fra-1 sshd[4627]: Connection closed by invalid user admin 159.203.178.0 port 41560 [preauth]","@timestamp":"2022-09-12T23:49:12.972Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:51:23.963Z","@version":"1","message":"Sep 12 23:51:23 honeypot-sgp-1 sshd[9242]: Disconnected from invalid user config 106.255.248.19 port 51164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:55:49 honeypot-ams-1 sshd[13982]: Received disconnect from 61.177.173.49 port 57148:11:  [preauth]","@timestamp":"2022-09-12T23:55:50.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:00:26 honeypot-ams-1 sshd[13985]: Disconnected from authenticating user root 61.177.172.108 port 35095 [preauth]","@timestamp":"2022-09-13T00:00:27.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:01:17 honeypot-fra-1 sshd[4637]: Received disconnect from 165.22.45.108 port 43766:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:01:18.242Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:05:28.319Z","@version":"1","message":"Sep 13 00:05:28 honeypot-sgp-1 sshd[9249]: Connection closed by invalid user admin 128.199.160.207 port 47562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:05:29.321Z","@version":"1","message":"Sep 13 00:05:28 honeypot-sgp-1 sshd[9255]: Connection closed by invalid user admin 128.199.160.207 port 47604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:06:08 honeypot-ams-1 sshd[13992]: Disconnected from authenticating user root 46.101.149.216 port 45736 [preauth]","@timestamp":"2022-09-13T00:06:08.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:06:34 honeypot-ams-1 sshd[13998]: Disconnected from invalid user juan 167.71.59.102 port 47136 [preauth]","@timestamp":"2022-09-13T00:06:35.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:07:51 honeypot-fra-1 kernel: [83902097.113973] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60085 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:07:52.394Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:09:16 honeypot-ams-1 sshd[14004]: Invalid user postgres from 139.59.112.202 port 58912","@timestamp":"2022-09-13T00:09:16.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:09:50 honeypot-ams-1 sshd[14008]: Invalid user user from 179.60.147.69 port 59106","@timestamp":"2022-09-13T00:09:51.881Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:10:27 honeypot-ams-1 sshd[14013]: Received disconnect from 147.182.188.81 port 42626:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:10:27.898Z"}
{"@timestamp":"2022-09-13T00:12:04.478Z","@version":"1","message":"Sep 13 00:12:04 honeypot-sgp-1 sshd[9261]: Invalid user user from 45.61.184.204 port 52410","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:26.489Z","@version":"1","message":"Sep 13 00:12:25 honeypot-sgp-1 sshd[9265]: Invalid user user from 45.61.184.204 port 50194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:47.498Z","@version":"1","message":"Sep 13 00:12:46 honeypot-sgp-1 sshd[9269]: Invalid user user from 45.61.184.204 port 47972","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:13:06.508Z","@version":"1","message":"Sep 13 00:13:06 honeypot-sgp-1 sshd[9274]: Invalid user user from 45.61.184.204 port 45758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:14:08 honeypot-ams-1 sshd[14015]: Connection closed by invalid user ps 103.188.176.251 port 52364 [preauth]","@timestamp":"2022-09-13T00:14:08.997Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:11 honeypot-fra-1 sshd[4651]: Invalid user user from 45.61.187.160 port 49084","@timestamp":"2022-09-13T00:16:11.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:33 honeypot-fra-1 sshd[4655]: Invalid user user from 45.61.187.160 port 43944","@timestamp":"2022-09-13T00:16:34.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:53 honeypot-fra-1 sshd[4659]: Invalid user user from 45.61.187.160 port 38798","@timestamp":"2022-09-13T00:16:54.611Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:17:01.602Z","@version":"1","message":"Sep 13 00:17:01 honeypot-sgp-1 CRON[9276]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:02 honeypot-fra-1 sshd[4664]: Received disconnect from 45.61.187.160 port 50346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:17:03.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:18 honeypot-fra-1 kernel: [83902663.639262] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=59372 DF PROTO=TCP SPT=50650 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T00:17:18.624Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:23:32 honeypot-ams-1 sshd[14028]: Received disconnect from 61.177.173.51 port 41623:11:  [preauth]","@timestamp":"2022-09-13T00:23:32.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:29:03 honeypot-fra-1 sshd[4674]: Disconnected from authenticating user root 92.255.85.70 port 34422 [preauth]","@timestamp":"2022-09-13T00:29:03.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:30:02.905Z","@version":"1","message":"Sep 13 00:30:01 honeypot-sgp-1 sshd[9282]: Disconnected from authenticating user root 165.22.21.143 port 45688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:30:53 honeypot-fra-1 sshd[4681]: Disconnected from invalid user user 45.61.186.249 port 51334 [preauth]","@timestamp":"2022-09-13T00:30:53.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:31:07 honeypot-ams-1 sshd[14034]: Disconnected from authenticating user root 61.177.172.108 port 61726 [preauth]","@timestamp":"2022-09-13T00:31:08.445Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:10 honeypot-fra-1 sshd[4685]: Received disconnect from 45.61.186.249 port 45784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:31:10.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:26 honeypot-fra-1 sshd[4689]: Received disconnect from 45.61.186.249 port 40212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:31:26.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:42 honeypot-fra-1 sshd[4693]: Received disconnect from 45.61.186.249 port 34668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:31:42.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:34:27.010Z","@version":"1","message":"Sep 13 00:34:26 honeypot-sgp-1 sshd[9287]: Disconnected from invalid user sterling 121.165.140.242 port 36154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:38:40 honeypot-ams-1 kernel: [83906104.622088] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=1406 PROTO=TCP SPT=25974 DPT=80 WINDOW=11574 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:38:40.641Z"}
{"@timestamp":"2022-09-13T00:39:16.147Z","@version":"1","message":"Sep 13 00:39:15 honeypot-sgp-1 kernel: [83905666.301074] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.16.149.255 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=52489 DF PROTO=TCP SPT=41012 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:41:35 honeypot-fra-1 sshd[4699]: Invalid user kltiff from 165.22.45.108 port 48716","@timestamp":"2022-09-13T00:41:36.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:47:28 honeypot-fra-1 kernel: [83904473.880565] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.96.157.114 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=40522 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:47:29.340Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:47:46 honeypot-ams-1 sshd[14061]: Connection closed by invalid user unknown 179.60.147.69 port 56074 [preauth]","@timestamp":"2022-09-13T00:47:46.883Z"}
{"@timestamp":"2022-09-13T00:49:11.383Z","@version":"1","message":"Sep 13 00:49:11 honeypot-sgp-1 kernel: [83906262.020986] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.101.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=13148 PROTO=TCP SPT=45552 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:53:35 honeypot-fra-1 kernel: [83904840.343038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=36.71.142.123 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=9252 DF PROTO=TCP SPT=30766 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:53:35.485Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:54:51 honeypot-ams-1 sshd[14070]: Disconnected from authenticating user root 92.255.85.69 port 60158 [preauth]","@timestamp":"2022-09-13T00:54:52.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:06 honeypot-ams-1 sshd[14077]: Received disconnect from 141.255.162.226 port 51726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:56:07.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:11 honeypot-ams-1 sshd[14081]: Received disconnect from 141.255.162.226 port 58224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:56:12.109Z"}
{"@timestamp":"2022-09-13T00:58:47.613Z","@version":"1","message":"Sep 13 00:58:47 honeypot-sgp-1 sshd[9307]: Received disconnect from 103.9.36.69 port 35302:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:59:15 honeypot-ams-1 sshd[14085]: Received disconnect from 61.177.172.124 port 15344:11:  [preauth]","@timestamp":"2022-09-13T00:59:16.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:10 honeypot-fra-1 sshd[4712]: Received disconnect from 45.61.187.160 port 38480:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T01:04:10.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:28 honeypot-fra-1 sshd[4716]: Received disconnect from 45.61.187.160 port 33236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T01:04:29.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:46 honeypot-fra-1 sshd[4720]: Received disconnect from 45.61.187.160 port 56222:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T01:04:46.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:54 honeypot-fra-1 sshd[4724]: Disconnected from invalid user user 45.61.187.160 port 39476 [preauth]","@timestamp":"2022-09-13T01:04:55.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:06:27.796Z","@version":"1","message":"Sep 13 01:06:27 honeypot-sgp-1 sshd[9312]: Disconnected from authenticating user root 164.163.96.253 port 58015 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:06:36 honeypot-ams-1 sshd[14092]: Received disconnect from 117.102.82.42 port 48942:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:06:36.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:09:45 honeypot-ams-1 sshd[14098]: Received disconnect from 61.177.173.49 port 17205:11:  [preauth]","@timestamp":"2022-09-13T01:09:45.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:11:35 honeypot-ams-1 sshd[14103]: Received disconnect from 95.71.91.87 port 48602:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:11:35.537Z"}
{"@timestamp":"2022-09-13T01:12:49.947Z","@version":"1","message":"Sep 13 01:12:49 honeypot-sgp-1 sshd[9319]: Received disconnect from 92.255.85.70 port 26158:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:14:20 honeypot-ams-1 sshd[14109]: Received disconnect from 134.0.193.138 port 35880:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:14:20.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:15:09 honeypot-ams-1 sshd[14113]: Received disconnect from 137.184.183.159 port 51140:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:15:09.633Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:17:01 honeypot-fra-1 CRON[4729]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T01:17:02.024Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:17:40 honeypot-ams-1 sshd[14119]: Disconnected from authenticating user root 61.177.173.36 port 41552 [preauth]","@timestamp":"2022-09-13T01:17:40.698Z"}
{"@timestamp":"2022-09-13T01:21:22.172Z","@version":"1","message":"Sep 13 01:21:21 honeypot-sgp-1 sshd[9326]: Invalid user dm from 95.161.97.113 port 50594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T01:23:32.227Z","@version":"1","message":"Sep 13 01:23:31 honeypot-sgp-1 sshd[9332]: Received disconnect from 178.128.19.209 port 60782:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:24:47 honeypot-ams-1 sshd[14128]: Connection closed by authenticating user root 179.60.147.69 port 26682 [preauth]","@timestamp":"2022-09-13T01:24:48.547Z"}
{"@timestamp":"2022-09-13T01:29:05.361Z","@version":"1","message":"Sep 13 01:29:04 honeypot-sgp-1 sshd[9335]: Received disconnect from 168.232.123.171 port 51505:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:30:01 honeypot-fra-1 sshd[4738]: Connection closed by 121.157.23.122 port 38754 [preauth]","@timestamp":"2022-09-13T01:30:01.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:30:12 honeypot-ams-1 sshd[14135]: Disconnected from authenticating user root 157.230.47.123 port 37834 [preauth]","@timestamp":"2022-09-13T01:30:12.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:32:36 honeypot-ams-1 sshd[14142]: Received disconnect from 31.27.35.138 port 42268:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:32:36.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:38:31 honeypot-fra-1 sshd[4745]: Received disconnect from 92.255.85.70 port 41684:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:38:32.502Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:41:19 honeypot-ams-1 sshd[14153]: Disconnected from authenticating user root 92.255.85.70 port 38026 [preauth]","@timestamp":"2022-09-13T01:41:19.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:44:33 honeypot-fra-1 sshd[4750]: Invalid user support from 95.173.1.112 port 41358","@timestamp":"2022-09-13T01:44:33.636Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:44:54.735Z","@version":"1","message":"Sep 13 01:44:54 honeypot-sgp-1 kernel: [83909605.016063] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33253 PROTO=TCP SPT=41897 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:46:04 honeypot-ams-1 kernel: [83910148.758359] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57551 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:46:05.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:48:57 honeypot-ams-1 sshd[14163]: Connection closed by invalid user admin 222.120.180.206 port 51369 [preauth]","@timestamp":"2022-09-13T01:48:58.191Z"}
{"@timestamp":"2022-09-13T01:59:13.085Z","@version":"1","message":"Sep 13 01:59:13 honeypot-sgp-1 sshd[9353]: Received disconnect from 92.255.85.70 port 27286:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:59:21 honeypot-fra-1 sshd[4754]: Invalid user blank from 179.60.147.69 port 65124","@timestamp":"2022-09-13T01:59:21.962Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T02:00:13.114Z","@version":"1","message":"Sep 13 02:00:12 honeypot-sgp-1 sshd[9359]: Invalid user user from 45.61.184.204 port 43000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:31.123Z","@version":"1","message":"Sep 13 02:00:30 honeypot-sgp-1 sshd[9363]: Invalid user user from 45.61.184.204 port 37324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:48.130Z","@version":"1","message":"Sep 13 02:00:48 honeypot-sgp-1 sshd[9367]: Invalid user user from 45.61.184.204 port 59898","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:01:33 honeypot-ams-1 sshd[14171]: Invalid user blank from 179.60.147.69 port 21630","@timestamp":"2022-09-13T02:01:34.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:01:59 honeypot-fra-1 sshd[4760]: Invalid user knapton from 165.22.45.108 port 58604","@timestamp":"2022-09-13T02:02:00.024Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:04:46 honeypot-ams-1 sshd[14177]: Received disconnect from 61.177.173.49 port 39770:11:  [preauth]","@timestamp":"2022-09-13T02:04:46.615Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:05:15 honeypot-fra-1 sshd[4765]: Connection closed by authenticating user root 223.221.9.36 port 43390 [preauth]","@timestamp":"2022-09-13T02:05:16.100Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:06:29 honeypot-ams-1 sshd[14181]: Disconnected from authenticating user root 61.177.172.114 port 44913 [preauth]","@timestamp":"2022-09-13T02:06:29.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:11:38 honeypot-fra-1 sshd[4770]: Disconnected from invalid user ts3server 128.1.134.248 port 35978 [preauth]","@timestamp":"2022-09-13T02:11:39.244Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T02:13:10.459Z","@version":"1","message":"Sep 13 02:13:09 honeypot-sgp-1 kernel: [83911300.304003] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=43814 DF PROTO=TCP SPT=42167 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:17:01 honeypot-ams-1 CRON[14189]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T02:17:01.945Z"}
{"@timestamp":"2022-09-13T02:22:13.676Z","@version":"1","message":"Sep 13 02:22:13 honeypot-sgp-1 sshd[9376]: Received disconnect from 92.255.85.70 port 46214:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:23:55 honeypot-ams-1 sshd[14201]: Received disconnect from 206.189.197.134 port 43332:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:23:55.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:00 honeypot-ams-1 sshd[14204]: Disconnected from invalid user user 45.61.187.160 port 53398 [preauth]","@timestamp":"2022-09-13T02:25:01.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:20 honeypot-ams-1 sshd[14208]: Disconnected from invalid user user 45.61.187.160 port 47974 [preauth]","@timestamp":"2022-09-13T02:25:20.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:25:36 honeypot-fra-1 sshd[4781]: Connection closed by authenticating user root 118.69.69.120 port 54041 [preauth]","@timestamp":"2022-09-13T02:25:36.574Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:39 honeypot-ams-1 sshd[14212]: Disconnected from invalid user user 45.61.187.160 port 42562 [preauth]","@timestamp":"2022-09-13T02:25:40.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:59 honeypot-ams-1 sshd[14216]: Disconnected from invalid user user 45.61.187.160 port 37146 [preauth]","@timestamp":"2022-09-13T02:26:00.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:28:36 honeypot-ams-1 sshd[14221]: Disconnected from invalid user qkd 143.198.50.154 port 36270 [preauth]","@timestamp":"2022-09-13T02:28:36.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:31:46 honeypot-ams-1 sshd[14227]: Disconnected from authenticating user root 142.93.212.10 port 39406 [preauth]","@timestamp":"2022-09-13T02:31:46.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:32:33 honeypot-ams-1 sshd[14235]: Invalid user chrony from 160.251.19.178 port 49080","@timestamp":"2022-09-13T02:32:34.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:36:02 honeypot-fra-1 sshd[4788]: Invalid user centos from 179.60.147.69 port 12662","@timestamp":"2022-09-13T02:36:03.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:37:53 honeypot-ams-1 sshd[14240]: Received disconnect from 203.95.222.26 port 50976:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:37:53.539Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:39:31 honeypot-ams-1 sshd[14245]: Disconnected from authenticating user root 80.76.51.46 port 39836 [preauth]","@timestamp":"2022-09-13T02:39:32.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:16 honeypot-ams-1 sshd[14251]: Disconnected from authenticating user root 80.76.51.46 port 58148 [preauth]","@timestamp":"2022-09-13T02:40:16.608Z"}
{"@timestamp":"2022-09-13T02:40:26.151Z","@version":"1","message":"Sep 13 02:40:25 honeypot-sgp-1 kernel: [83912936.355650] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=2919 PROTO=TCP SPT=56669 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:58 honeypot-ams-1 sshd[14257]: Disconnected from authenticating user root 80.76.51.46 port 48200 [preauth]","@timestamp":"2022-09-13T02:40:58.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:30 honeypot-ams-1 sshd[14264]: Disconnected from authenticating user root 61.177.173.51 port 48863 [preauth]","@timestamp":"2022-09-13T02:41:30.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:07 honeypot-ams-1 sshd[14270]: Received disconnect from 80.76.51.46 port 59660:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:42:08.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:42:15 honeypot-fra-1 kernel: [83911360.705811] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=6164 PROTO=TCP SPT=56865 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:42:15.948Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:35 honeypot-ams-1 sshd[14274]: Received disconnect from 80.76.51.46 port 53016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:42:36.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:03 honeypot-ams-1 sshd[14278]: Received disconnect from 80.76.51.46 port 46548:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:43:04.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:31 honeypot-ams-1 sshd[14282]: Received disconnect from 80.76.51.46 port 39664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:43:31.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:13 honeypot-ams-1 sshd[14288]: Invalid user oracle from 80.76.51.46 port 57870","@timestamp":"2022-09-13T02:44:13.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:40 honeypot-ams-1 sshd[14292]: Received disconnect from 80.76.51.46 port 51314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:44:40.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:08 honeypot-ams-1 sshd[14296]: Disconnected from invalid user odoo 80.76.51.46 port 44544 [preauth]","@timestamp":"2022-09-13T02:45:08.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:35 honeypot-ams-1 sshd[14304]: Received disconnect from 80.76.51.46 port 37896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:45:36.782Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:46:19 honeypot-fra-1 sshd[4796]: Invalid user user from 201.166.225.131 port 38496","@timestamp":"2022-09-13T02:46:20.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:49:38 honeypot-fra-1 sshd[4801]: Connection closed by authenticating user root 103.188.176.251 port 34854 [preauth]","@timestamp":"2022-09-13T02:49:39.118Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:50:48 honeypot-ams-1 sshd[14309]: Disconnected from authenticating user root 92.255.85.69 port 47654 [preauth]","@timestamp":"2022-09-13T02:50:48.922Z"}
{"@timestamp":"2022-09-13T02:51:20.425Z","@version":"1","message":"Sep 13 02:51:20 honeypot-sgp-1 sshd[9389]: Did not receive identification string from 45.61.186.169 port 37910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:51:57.443Z","@version":"1","message":"Sep 13 02:51:56 honeypot-sgp-1 sshd[9392]: Disconnected from invalid user user 45.61.186.169 port 38504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:13.452Z","@version":"1","message":"Sep 13 02:52:13 honeypot-sgp-1 sshd[9396]: Disconnected from invalid user user 45.61.186.169 port 33228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:29.460Z","@version":"1","message":"Sep 13 02:52:28 honeypot-sgp-1 sshd[9400]: Disconnected from invalid user user 45.61.186.169 port 56184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:16 honeypot-fra-1 sshd[4806]: Disconnected from invalid user user 45.61.186.49 port 39854 [preauth]","@timestamp":"2022-09-13T02:55:17.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:28 honeypot-fra-1 sshd[4810]: Disconnected from invalid user user 45.61.186.49 port 51414 [preauth]","@timestamp":"2022-09-13T02:55:28.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:56:11 honeypot-ams-1 sshd[14317]: Disconnected from authenticating user root 61.177.173.36 port 44875 [preauth]","@timestamp":"2022-09-13T02:56:12.063Z"}
{"@timestamp":"2022-09-13T02:59:37.645Z","@version":"1","message":"Sep 13 02:59:37 honeypot-sgp-1 kernel: [83914087.838612] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=118.193.31.186 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=38415 PROTO=TCP SPT=56786 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:00:29 honeypot-fra-1 sshd[4815]: Received disconnect from 161.35.102.143 port 53408:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:00:29.364Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:01:47 honeypot-ams-1 kernel: [83914691.578391] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.71 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52144 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:01:48.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:05:55 honeypot-ams-1 sshd[14327]: Received disconnect from 46.101.224.69 port 52000:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:05:56.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:07:14 honeypot-ams-1 sshd[14331]: Received disconnect from 61.177.173.36 port 33667:11:  [preauth]","@timestamp":"2022-09-13T03:07:15.357Z"}
{"@timestamp":"2022-09-13T03:09:09.888Z","@version":"1","message":"Sep 13 03:09:09 honeypot-sgp-1 sshd[9406]: Disconnected from authenticating user root 92.255.85.70 port 27910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:11:09 honeypot-ams-1 sshd[14338]: Disconnected from authenticating user root 61.177.172.124 port 42629 [preauth]","@timestamp":"2022-09-13T03:11:09.459Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:02 honeypot-fra-1 sshd[4820]: Disconnected from authenticating user root 92.255.85.70 port 26386 [preauth]","@timestamp":"2022-09-13T03:12:02.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:35 honeypot-fra-1 sshd[4825]: Invalid user user from 198.98.61.9 port 58942","@timestamp":"2022-09-13T03:12:35.640Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:47 honeypot-fra-1 sshd[4829]: Disconnected from invalid user user 198.98.61.9 port 42266 [preauth]","@timestamp":"2022-09-13T03:12:48.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:04 honeypot-fra-1 sshd[4835]: Invalid user user from 198.98.61.9 port 37186","@timestamp":"2022-09-13T03:13:04.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:19 honeypot-fra-1 sshd[4839]: Invalid user user from 198.98.61.9 port 60348","@timestamp":"2022-09-13T03:13:19.662Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:14:27 honeypot-ams-1 sshd[14344]: Disconnected from authenticating user root 92.255.85.69 port 50004 [preauth]","@timestamp":"2022-09-13T03:14:28.546Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:17:01 honeypot-fra-1 CRON[4842]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T03:17:01.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:17:02.083Z","@version":"1","message":"Sep 13 03:17:01 honeypot-sgp-1 CRON[9413]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:25:46 honeypot-ams-1 sshd[14354]: error: maximum authentication attempts exceeded for invalid user admin from 108.41.8.142 port 63672 ssh2 [preauth]","@timestamp":"2022-09-13T03:25:46.835Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:26:42 honeypot-fra-1 sshd[4874]: Invalid user ubnt from 185.106.45.162 port 41616","@timestamp":"2022-09-13T03:26:42.963Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:26:48.346Z","@version":"1","message":"Sep 13 03:26:47 honeypot-sgp-1 sshd[9426]: Did not receive identification string from 141.105.66.148 port 49872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:26:52.348Z","@version":"1","message":"Sep 13 03:26:51 honeypot-sgp-1 sshd[9430]: Connection closed by 141.105.66.148 port 36032 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:27:22 honeypot-ams-1 sshd[14359]: Received disconnect from 61.177.173.50 port 32103:11:  [preauth]","@timestamp":"2022-09-13T03:27:22.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:28:29 honeypot-fra-1 sshd[4878]: Received disconnect from 161.35.59.177 port 38938:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:28:30.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:28:47 honeypot-ams-1 sshd[14367]: Received disconnect from 61.177.173.35 port 29125:11:  [preauth]","@timestamp":"2022-09-13T03:28:47.917Z"}
{"@timestamp":"2022-09-13T03:31:14.458Z","@version":"1","message":"Sep 13 03:31:13 honeypot-sgp-1 sshd[9440]: Received disconnect from 164.92.186.90 port 37308:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:32:15 honeypot-fra-1 kernel: [83914360.137505] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=23575 DF PROTO=TCP SPT=55724 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:32:16.092Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T03:32:51.498Z","@version":"1","message":"Sep 13 03:32:50 honeypot-sgp-1 sshd[9445]: Disconnected from invalid user neeraj 91.93.63.187 port 52704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:35:28.562Z","@version":"1","message":"Sep 13 03:35:28 honeypot-sgp-1 sshd[9449]: Disconnected from invalid user admin 61.93.186.125 port 36692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:33 honeypot-fra-1 sshd[4902]: Invalid user devops from 120.199.82.50 port 31834","@timestamp":"2022-09-13T03:35:34.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:38 honeypot-fra-1 sshd[4917]: Invalid user elastic from 120.199.82.50 port 63070","@timestamp":"2022-09-13T03:35:39.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:44 honeypot-fra-1 sshd[4909]: Connection closed by invalid user centos 120.199.82.50 port 3396 [preauth]","@timestamp":"2022-09-13T03:35:45.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:56 honeypot-fra-1 sshd[4919]: Connection closed by invalid user ubuntu 120.199.82.50 port 29857 [preauth]","@timestamp":"2022-09-13T03:35:57.180Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:06 honeypot-fra-1 sshd[4927]: Connection closed by authenticating user root 120.199.82.50 port 52810 [preauth]","@timestamp":"2022-09-13T03:36:07.186Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:09 honeypot-fra-1 sshd[4934]: Connection closed by invalid user es 120.199.82.50 port 14364 [preauth]","@timestamp":"2022-09-13T03:36:10.187Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:36:16 honeypot-ams-1 sshd[14375]: Received disconnect from 61.177.173.46 port 42919:11:  [preauth]","@timestamp":"2022-09-13T03:36:17.108Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:39 honeypot-fra-1 sshd[4944]: Connection closed by invalid user elastic 120.199.82.50 port 40210 [preauth]","@timestamp":"2022-09-13T03:36:40.202Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:37:21.631Z","@version":"1","message":"Sep 13 03:37:21 honeypot-sgp-1 sshd[9453]: Disconnected from invalid user console 143.244.141.173 port 40126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:37:45 honeypot-ams-1 sshd[14380]: Received disconnect from 92.255.85.69 port 59108:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:37:46.149Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:42:06 honeypot-ams-1 kernel: [83917110.755054] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.17.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=34306 PROTO=TCP SPT=61423 DPT=80 WINDOW=9535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:42:07.263Z"}
{"@timestamp":"2022-09-13T03:43:39.786Z","@version":"1","message":"Sep 13 03:43:38 honeypot-sgp-1 sshd[9460]: Connection closed by invalid user installer 116.98.167.15 port 53548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:51.792Z","@version":"1","message":"Sep 13 03:43:51 honeypot-sgp-1 sshd[9468]: Invalid user test from 116.98.167.15 port 42160","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:55.795Z","@version":"1","message":"Sep 13 03:43:54 honeypot-sgp-1 sshd[9476]: Connection closed by authenticating user root 116.98.167.15 port 50646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:15.805Z","@version":"1","message":"Sep 13 03:44:15 honeypot-sgp-1 sshd[9482]: Connection closed by invalid user monitor 116.98.167.15 port 54770 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:36.815Z","@version":"1","message":"Sep 13 03:44:36 honeypot-sgp-1 sshd[9488]: Connection closed by invalid user ftpuser 116.98.167.15 port 52456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:06.830Z","@version":"1","message":"Sep 13 03:45:06 honeypot-sgp-1 sshd[9494]: Connection closed by invalid user tomcat 116.98.167.15 port 35420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:20.837Z","@version":"1","message":"Sep 13 03:45:20 honeypot-sgp-1 sshd[9500]: Connection closed by invalid user listd 116.98.167.15 port 50030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:45:57 honeypot-fra-1 sshd[4948]: Connection closed by authenticating user root 120.84.96.169 port 48207 [preauth]","@timestamp":"2022-09-13T03:45:57.406Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:46:59.906Z","@version":"1","message":"Sep 13 03:46:59 honeypot-sgp-1 sshd[9508]: Invalid user ftk from 223.197.188.206 port 54832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:47:36.924Z","@version":"1","message":"Sep 13 03:47:36 honeypot-sgp-1 sshd[9512]: Received disconnect from 52.151.65.193 port 32902:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:48:31.951Z","@version":"1","message":"Sep 13 03:48:31 honeypot-sgp-1 sshd[9519]: Invalid user debian from 179.60.147.69 port 9010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:50:24.999Z","@version":"1","message":"Sep 13 03:50:24 honeypot-sgp-1 sshd[9525]: Connection closed by invalid user temp1 116.98.167.15 port 44132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:51:36.033Z","@version":"1","message":"Sep 13 03:51:35 honeypot-sgp-1 sshd[9533]: Invalid user mailman from 116.98.167.15 port 56352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:36 honeypot-ams-1 sshd[14393]: Received disconnect from 46.19.141.122 port 42024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:51:36.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:53 honeypot-ams-1 sshd[14397]: Connection closed by invalid user debian 179.60.147.69 port 2804 [preauth]","@timestamp":"2022-09-13T03:51:54.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:03 honeypot-ams-1 sshd[14403]: Invalid user admin from 46.19.141.122 port 57916","@timestamp":"2022-09-13T03:53:04.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:40 honeypot-ams-1 sshd[14407]: Received disconnect from 46.19.141.122 port 40252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:53:41.567Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:54:26 honeypot-ams-1 sshd[14412]: Received disconnect from 61.177.173.46 port 49860:11:  [preauth]","@timestamp":"2022-09-13T03:54:27.591Z"}
{"@timestamp":"2022-09-13T03:54:58.119Z","@version":"1","message":"Sep 13 03:54:57 honeypot-sgp-1 sshd[9539]: Invalid user user from 45.61.186.49 port 37266","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:55:06 honeypot-ams-1 sshd[14416]: Invalid user support from 46.19.141.122 port 56132","@timestamp":"2022-09-13T03:55:06.611Z"}
{"@timestamp":"2022-09-13T03:55:07.123Z","@version":"1","message":"Sep 13 03:55:06 honeypot-sgp-1 sshd[9543]: Invalid user user from 45.61.186.49 port 48950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:55:29 honeypot-ams-1 kernel: [83917913.751517] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.134.144.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=62299 PROTO=TCP SPT=41221 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:55:29.624Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:58:21 honeypot-fra-1 sshd[4954]: Disconnected from authenticating user root 92.255.85.69 port 28934 [preauth]","@timestamp":"2022-09-13T03:58:22.685Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:01:11 honeypot-ams-1 sshd[14425]: Disconnected from authenticating user root 92.255.85.69 port 49334 [preauth]","@timestamp":"2022-09-13T04:01:11.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:04:14 honeypot-fra-1 sshd[4959]: Invalid user admin from 137.119.104.173 port 35976","@timestamp":"2022-09-13T04:04:14.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:10 honeypot-fra-1 sshd[4964]: Invalid user user from 141.255.162.226 port 41594","@timestamp":"2022-09-13T04:06:10.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:13 honeypot-fra-1 sshd[4968]: Invalid user user from 141.255.162.226 port 54912","@timestamp":"2022-09-13T04:06:13.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:18 honeypot-fra-1 sshd[4972]: Invalid user user from 141.255.162.226 port 33336","@timestamp":"2022-09-13T04:06:18.869Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:09:26.479Z","@version":"1","message":"Sep 13 04:09:26 honeypot-sgp-1 kernel: [83918277.068298] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.172.6.153 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6671 PROTO=TCP SPT=42068 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:15:05 honeypot-fra-1 sshd[4976]: Received disconnect from 189.112.0.11 port 54386:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:15:06.065Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:17:01 honeypot-ams-1 CRON[14434]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T04:17:02.183Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:18:17 honeypot-fra-1 sshd[4981]: Disconnected from invalid user minecraft3 89.22.165.187 port 9283 [preauth]","@timestamp":"2022-09-13T04:18:18.137Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:22:01 honeypot-fra-1 sshd[4988]: Disconnected from authenticating user root 92.255.85.70 port 41432 [preauth]","@timestamp":"2022-09-13T04:22:02.224Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:23:59.858Z","@version":"1","message":"Sep 13 04:23:59 honeypot-sgp-1 kernel: [83919150.315829] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=53083 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:26:29 honeypot-fra-1 sshd[4992]: Connection closed by invalid user unknown 179.60.147.69 port 32176 [preauth]","@timestamp":"2022-09-13T04:26:30.327Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:27:48.955Z","@version":"1","message":"Sep 13 04:27:48 honeypot-sgp-1 sshd[9559]: Disconnected from authenticating user root 143.244.158.100 port 56878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:28:42 honeypot-ams-1 sshd[14441]: Invalid user unknown from 179.60.147.69 port 10324","@timestamp":"2022-09-13T04:28:42.517Z"}
{"@timestamp":"2022-09-13T04:29:36.002Z","@version":"1","message":"Sep 13 04:29:35 honeypot-sgp-1 sshd[9566]: Invalid user monitor from 185.62.193.24 port 36412","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:30:23.025Z","@version":"1","message":"Sep 13 04:30:22 honeypot-sgp-1 sshd[9570]: Received disconnect from 143.244.158.100 port 45028:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:32:48.087Z","@version":"1","message":"Sep 13 04:32:47 honeypot-sgp-1 sshd[9576]: Received disconnect from 143.244.158.100 port 59022:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:33:47 honeypot-ams-1 kernel: [83920211.899058] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.243.19.242 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=62922 PROTO=TCP SPT=13862 DPT=80 WINDOW=12738 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:33:48.651Z"}
{"@timestamp":"2022-09-13T04:35:12.172Z","@version":"1","message":"Sep 13 04:35:11 honeypot-sgp-1 sshd[9583]: Received disconnect from 143.244.158.100 port 50558:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:36:48.215Z","@version":"1","message":"Sep 13 04:36:47 honeypot-sgp-1 sshd[9587]: Disconnected from authenticating user root 143.244.158.100 port 58068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:38:25.258Z","@version":"1","message":"Sep 13 04:38:24 honeypot-sgp-1 sshd[9593]: Disconnected from authenticating user root 143.244.158.100 port 45638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:40:00 honeypot-ams-1 sshd[14448]: Invalid user deffer from 187.189.221.198 port 33208","@timestamp":"2022-09-13T04:40:00.812Z"}
{"@timestamp":"2022-09-13T04:40:52.322Z","@version":"1","message":"Sep 13 04:40:51 honeypot-sgp-1 sshd[9600]: Disconnected from authenticating user root 143.244.158.100 port 37276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:42:47.373Z","@version":"1","message":"Sep 13 04:42:47 honeypot-sgp-1 sshd[9606]: Disconnected from authenticating user root 92.255.85.69 port 55152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:43:29 honeypot-fra-1 sshd[4998]: Received disconnect from 165.22.45.108 port 50044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T04:43:30.708Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:44:04 honeypot-fra-1 sshd[5002]: Disconnected from invalid user alar 41.63.9.36 port 43580 [preauth]","@timestamp":"2022-09-13T04:44:05.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:45:04.432Z","@version":"1","message":"Sep 13 04:45:03 honeypot-sgp-1 sshd[9613]: Disconnected from authenticating user root 143.244.158.100 port 46458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:45:06 honeypot-ams-1 kernel: [83920890.281265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.2.142.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=34103 PROTO=TCP SPT=22061 DPT=443 WINDOW=10333 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:45:06.945Z"}
{"@timestamp":"2022-09-13T04:47:32.494Z","@version":"1","message":"Sep 13 04:47:32 honeypot-sgp-1 sshd[9619]: Disconnected from authenticating user root 143.244.158.100 port 42012 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:50:04.558Z","@version":"1","message":"Sep 13 04:50:03 honeypot-sgp-1 sshd[9625]: Disconnected from authenticating user root 143.244.158.100 port 49826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:52:34.622Z","@version":"1","message":"Sep 13 04:52:34 honeypot-sgp-1 sshd[9632]: Disconnected from authenticating user root 143.244.158.100 port 42446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:54:13.667Z","@version":"1","message":"Sep 13 04:54:12 honeypot-sgp-1 sshd[9636]: Disconnected from authenticating user root 143.244.158.100 port 60818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:56:42.729Z","@version":"1","message":"Sep 13 04:56:42 honeypot-sgp-1 sshd[9643]: Disconnected from authenticating user root 143.244.158.100 port 55876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:57:18 honeypot-fra-1 sshd[5008]: Disconnected from invalid user radio 190.128.230.98 port 38944 [preauth]","@timestamp":"2022-09-13T04:57:19.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:59:08.792Z","@version":"1","message":"Sep 13 04:59:08 honeypot-sgp-1 sshd[9649]: Disconnected from authenticating user root 143.244.158.100 port 33910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:00:43 honeypot-ams-1 sshd[14458]: Invalid user user from 45.61.187.160 port 46614","@timestamp":"2022-09-13T05:00:44.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:03 honeypot-ams-1 sshd[14462]: Invalid user user from 45.61.187.160 port 41618","@timestamp":"2022-09-13T05:01:04.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:13 honeypot-fra-1 sshd[5013]: Received disconnect from 45.61.186.49 port 55306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:14.110Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:22 honeypot-ams-1 sshd[14466]: Invalid user user from 45.61.187.160 port 36634","@timestamp":"2022-09-13T05:01:22.357Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:22 honeypot-fra-1 sshd[5017]: Received disconnect from 45.61.186.49 port 38760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:23.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:01:38.855Z","@version":"1","message":"Sep 13 05:01:38 honeypot-sgp-1 sshd[9656]: Disconnected from authenticating user root 143.244.158.100 port 51978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:39 honeypot-ams-1 sshd[14470]: Invalid user user from 45.61.187.160 port 59886","@timestamp":"2022-09-13T05:01:40.367Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:03:14 honeypot-fra-1 sshd[5024]: Invalid user centos from 179.60.147.69 port 31874","@timestamp":"2022-09-13T05:03:15.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:03:31.905Z","@version":"1","message":"Sep 13 05:03:31 honeypot-sgp-1 sshd[9663]: Disconnected from authenticating user root 143.244.158.100 port 47798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:05:45.962Z","@version":"1","message":"Sep 13 05:05:45 honeypot-sgp-1 sshd[9669]: Disconnected from authenticating user root 92.255.85.70 port 52978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:06:24 honeypot-fra-1 sshd[5028]: Disconnected from invalid user sp 147.135.219.202 port 39346 [preauth]","@timestamp":"2022-09-13T05:06:25.246Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:08:02.022Z","@version":"1","message":"Sep 13 05:08:01 honeypot-sgp-1 sshd[9676]: Disconnected from authenticating user root 143.244.158.100 port 32984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:08:25 honeypot-fra-1 sshd[5033]: Disconnected from authenticating user root 92.255.85.69 port 15928 [preauth]","@timestamp":"2022-09-13T05:08:26.293Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:10:33.085Z","@version":"1","message":"Sep 13 05:10:32 honeypot-sgp-1 sshd[9682]: Disconnected from authenticating user root 143.244.158.100 port 55438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:11:14 honeypot-ams-1 kernel: [83922458.628192] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=25269 PROTO=TCP SPT=37160 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:11:14.610Z"}
{"@timestamp":"2022-09-13T05:13:04.148Z","@version":"1","message":"Sep 13 05:13:03 honeypot-sgp-1 sshd[9689]: Received disconnect from 104.236.237.117 port 34114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:53 honeypot-ams-1 sshd[14479]: Disconnected from invalid user user 141.255.162.226 port 37734 [preauth]","@timestamp":"2022-09-13T05:13:54.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:56 honeypot-ams-1 sshd[14483]: Disconnected from invalid user user 141.255.162.226 port 58160 [preauth]","@timestamp":"2022-09-13T05:13:57.681Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:00 honeypot-ams-1 sshd[14487]: Disconnected from invalid user user 141.255.162.226 port 43550 [preauth]","@timestamp":"2022-09-13T05:14:00.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:02 honeypot-ams-1 sshd[14491]: Disconnected from invalid user user 141.255.162.226 port 50360 [preauth]","@timestamp":"2022-09-13T05:14:02.685Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:17:01 honeypot-fra-1 CRON[5038]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T05:17:02.490Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:18:04 honeypot-ams-1 sshd[14497]: Connection closed by invalid user bbnc 103.188.176.251 port 53794 [preauth]","@timestamp":"2022-09-13T05:18:04.789Z"}
{"@timestamp":"2022-09-13T05:20:48.335Z","@version":"1","message":"Sep 13 05:20:47 honeypot-sgp-1 sshd[9695]: Disconnected from authenticating user root 13.82.51.214 port 49370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:22:03 honeypot-ams-1 kernel: [83923107.300510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.81.34.200 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=56 ID=0 DF PROTO=TCP SPT=54978 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:22:03.896Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:23:44 honeypot-fra-1 sshd[5044]: Invalid user user from 187.62.214.147 port 38373","@timestamp":"2022-09-13T05:23:45.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:28:20 honeypot-fra-1 kernel: [83921324.782795] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x08 PREC=0x60 TTL=53 ID=23436 DF PROTO=TCP SPT=24460 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:28:20.751Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T05:29:52.557Z","@version":"1","message":"Sep 13 05:29:52 honeypot-sgp-1 sshd[9701]: Invalid user user from 45.61.186.49 port 59536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:30:02.562Z","@version":"1","message":"Sep 13 05:30:01 honeypot-sgp-1 sshd[9705]: Invalid user user from 45.61.186.49 port 43118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:30:35.576Z","@version":"1","message":"Sep 13 05:30:34 honeypot-sgp-1 kernel: [83923145.463452] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=59629 PROTO=TCP SPT=47002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:19.670Z","@version":"1","message":"Sep 13 05:34:19 honeypot-sgp-1 sshd[9712]: Received disconnect from 190.104.2.46 port 58158:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:34:31 honeypot-ams-1 sshd[14508]: Received disconnect from 92.255.85.69 port 22324:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:34:32.212Z"}
{"@timestamp":"2022-09-13T05:34:50.685Z","@version":"1","message":"Sep 13 05:34:49 honeypot-sgp-1 sshd[9718]: Invalid user ubnt from 185.180.29.203 port 13418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:54.687Z","@version":"1","message":"Sep 13 05:34:54 honeypot-sgp-1 sshd[9722]: Disconnected from authenticating user root 185.180.29.203 port 13448 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:01.691Z","@version":"1","message":"Sep 13 05:35:00 honeypot-sgp-1 sshd[9728]: Disconnected from authenticating user root 185.180.29.203 port 13468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:07.695Z","@version":"1","message":"Sep 13 05:35:07 honeypot-sgp-1 sshd[9734]: Disconnected from authenticating user root 185.180.29.203 port 13507 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:13.698Z","@version":"1","message":"Sep 13 05:35:13 honeypot-sgp-1 sshd[9740]: Disconnected from authenticating user root 185.180.29.203 port 13533 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:35:18 honeypot-ams-1 sshd[14512]: Disconnected from authenticating user root 159.65.204.223 port 60832 [preauth]","@timestamp":"2022-09-13T05:35:18.233Z"}
{"@timestamp":"2022-09-13T05:35:20.702Z","@version":"1","message":"Sep 13 05:35:20 honeypot-sgp-1 sshd[9746]: Disconnected from authenticating user root 185.180.29.203 port 13591 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:26.705Z","@version":"1","message":"Sep 13 05:35:26 honeypot-sgp-1 sshd[9752]: Disconnected from authenticating user root 185.180.29.203 port 13610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:33.710Z","@version":"1","message":"Sep 13 05:35:32 honeypot-sgp-1 sshd[9758]: Disconnected from authenticating user root 185.180.29.203 port 13636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:39.713Z","@version":"1","message":"Sep 13 05:35:39 honeypot-sgp-1 sshd[9764]: Disconnected from authenticating user root 185.180.29.203 port 13655 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:43.714Z","@version":"1","message":"Sep 13 05:35:43 honeypot-sgp-1 sshd[9770]: Received disconnect from 185.180.29.203 port 13688:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:50.719Z","@version":"1","message":"Sep 13 05:35:49 honeypot-sgp-1 sshd[9776]: Received disconnect from 185.180.29.203 port 13730:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:56.722Z","@version":"1","message":"Sep 13 05:35:56 honeypot-sgp-1 sshd[9782]: Received disconnect from 185.180.29.203 port 13764:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:02.726Z","@version":"1","message":"Sep 13 05:36:02 honeypot-sgp-1 sshd[9788]: Invalid user admin from 185.180.29.203 port 13813","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:07.729Z","@version":"1","message":"Sep 13 05:36:06 honeypot-sgp-1 sshd[9792]: Invalid user admin from 185.180.29.203 port 13828","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:11.731Z","@version":"1","message":"Sep 13 05:36:10 honeypot-sgp-1 sshd[9796]: Invalid user admin from 185.180.29.203 port 13860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:15.733Z","@version":"1","message":"Sep 13 05:36:15 honeypot-sgp-1 sshd[9800]: Invalid user admin from 185.180.29.203 port 13895","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:19.736Z","@version":"1","message":"Sep 13 05:36:19 honeypot-sgp-1 sshd[9804]: Invalid user admin from 185.180.29.203 port 13923","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:24.739Z","@version":"1","message":"Sep 13 05:36:23 honeypot-sgp-1 sshd[9808]: Invalid user user from 185.180.29.203 port 13980","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:28.741Z","@version":"1","message":"Sep 13 05:36:28 honeypot-sgp-1 sshd[9812]: Disconnected from authenticating user root 185.180.29.203 port 14003 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:32.744Z","@version":"1","message":"Sep 13 05:36:32 honeypot-sgp-1 sshd[9816]: Disconnected from invalid user pi 185.180.29.203 port 14020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:37.747Z","@version":"1","message":"Sep 13 05:36:37 honeypot-sgp-1 sshd[9820]: Disconnected from invalid user ethos 185.180.29.203 port 14051 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:41.749Z","@version":"1","message":"Sep 13 05:36:41 honeypot-sgp-1 sshd[9824]: Disconnected from invalid user miner 185.180.29.203 port 14069 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:45.751Z","@version":"1","message":"Sep 13 05:36:45 honeypot-sgp-1 sshd[9828]: Disconnected from invalid user volumio 185.180.29.203 port 14111 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:50.754Z","@version":"1","message":"Sep 13 05:36:49 honeypot-sgp-1 sshd[9832]: Disconnected from invalid user nagios 185.180.29.203 port 14129 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:36:53 honeypot-ams-1 sshd[14516]: Disconnected from invalid user user1 134.17.94.27 port 33156 [preauth]","@timestamp":"2022-09-13T05:36:54.277Z"}
{"@timestamp":"2022-09-13T05:36:54.757Z","@version":"1","message":"Sep 13 05:36:54 honeypot-sgp-1 sshd[9836]: Disconnected from invalid user vagrant 185.180.29.203 port 14153 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:58.759Z","@version":"1","message":"Sep 13 05:36:58 honeypot-sgp-1 sshd[9840]: Disconnected from invalid user debian 185.180.29.203 port 14173 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:03.763Z","@version":"1","message":"Sep 13 05:37:02 honeypot-sgp-1 sshd[9844]: Disconnected from invalid user debian 185.180.29.203 port 14212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:07.765Z","@version":"1","message":"Sep 13 05:37:07 honeypot-sgp-1 sshd[9849]: Disconnected from invalid user alarm 185.180.29.203 port 14243 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:11.768Z","@version":"1","message":"Sep 13 05:37:11 honeypot-sgp-1 sshd[9855]: Invalid user test from 185.180.29.203 port 14263","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:15.770Z","@version":"1","message":"Sep 13 05:37:15 honeypot-sgp-1 sshd[9859]: Invalid user cirros from 185.180.29.203 port 14283","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:40:08.843Z","@version":"1","message":"Sep 13 05:40:08 honeypot-sgp-1 sshd[9863]: Disconnected from authenticating user root 20.226.1.90 port 49670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:40:16 honeypot-fra-1 sshd[5053]: Invalid user user from 179.60.147.69 port 57844","@timestamp":"2022-09-13T05:40:17.021Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:41:43 honeypot-ams-1 sshd[14521]: Disconnected from invalid user edv 119.28.215.47 port 40832 [preauth]","@timestamp":"2022-09-13T05:41:44.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:29 honeypot-ams-1 sshd[14527]: Did not receive identification string from 141.255.162.226 port 42002","@timestamp":"2022-09-13T05:45:29.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:35 honeypot-ams-1 sshd[14530]: Disconnected from invalid user user 141.255.162.226 port 41988 [preauth]","@timestamp":"2022-09-13T05:45:35.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:37 honeypot-ams-1 sshd[14534]: Disconnected from invalid user user 141.255.162.226 port 48524 [preauth]","@timestamp":"2022-09-13T05:45:37.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:38 honeypot-ams-1 sshd[14538]: Disconnected from invalid user user 141.255.162.226 port 33370 [preauth]","@timestamp":"2022-09-13T05:45:38.507Z"}
{"@timestamp":"2022-09-13T05:53:00.150Z","@version":"1","message":"Sep 13 05:52:59 honeypot-sgp-1 sshd[9869]: Disconnected from authenticating user root 92.255.85.69 port 60166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:55:32 honeypot-fra-1 sshd[5059]: Disconnected from authenticating user root 92.255.85.69 port 46778 [preauth]","@timestamp":"2022-09-13T05:55:32.361Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:01:57 honeypot-ams-1 kernel: [83925501.125386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=56342 PROTO=TCP SPT=62725 DPT=80 WINDOW=40602 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:01:58.003Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:04:40 honeypot-fra-1 sshd[5065]: Received disconnect from 165.22.45.108 port 60772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T06:04:40.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:11:37 honeypot-ams-1 kernel: [83926081.443322] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=169.38.115.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=65494 PROTO=TCP SPT=12080 DPT=80 WINDOW=30048 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:11:38.250Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5169]: Invalid user centos from 20.13.161.157 port 53542","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5179]: Invalid user testuser from 20.13.161.157 port 53594","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5171]: Connection closed by authenticating user root 20.13.161.157 port 53550 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5176]: Connection closed by invalid user teamspeak 20.13.161.157 port 53546 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5177]: Connection closed by authenticating user root 20.13.161.157 port 53584 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:31 honeypot-fra-1 sshd[5204]: Invalid user dev from 20.13.161.157 port 53524","@timestamp":"2022-09-13T06:15:31.835Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:15:50.706Z","@version":"1","message":"Sep 13 06:15:49 honeypot-sgp-1 sshd[9875]: Connection closed by authenticating user root 179.60.147.69 port 18706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:18:47 honeypot-fra-1 sshd[5214]: Received disconnect from 92.255.85.69 port 17014:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:18:47.913Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:21:41 honeypot-ams-1 sshd[14555]: Received disconnect from 92.255.85.70 port 34122:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:21:42.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:24:22 honeypot-fra-1 sshd[5219]: Received disconnect from 129.146.247.68 port 44906:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:24:23.063Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:24:53.938Z","@version":"1","message":"Sep 13 06:24:53 honeypot-sgp-1 sshd[9886]: Received disconnect from 46.101.135.232 port 48980:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:26:25 honeypot-ams-1 kernel: [83926969.959461] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=41642 PROTO=TCP SPT=47008 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:26:26.642Z"}
{"@timestamp":"2022-09-13T06:26:41.987Z","@version":"1","message":"Sep 13 06:26:41 honeypot-sgp-1 sshd[10041]: Disconnected from invalid user cmschef 51.15.83.17 port 50723 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:09.026Z","@version":"1","message":"Sep 13 06:28:08 honeypot-sgp-1 sshd[10142]: Received disconnect from 45.61.186.249 port 56310:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:28:23 honeypot-fra-1 sshd[5356]: Invalid user staffc from 179.67.89.142 port 51884","@timestamp":"2022-09-13T06:28:23.157Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:28:27.035Z","@version":"1","message":"Sep 13 06:28:26 honeypot-sgp-1 sshd[10146]: Received disconnect from 45.61.186.249 port 51152:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:43.043Z","@version":"1","message":"Sep 13 06:28:42 honeypot-sgp-1 sshd[10150]: Received disconnect from 45.61.186.249 port 45998:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:29:06 honeypot-fra-1 sshd[5360]: Disconnected from authenticating user root 76.108.109.69 port 54046 [preauth]","@timestamp":"2022-09-13T06:29:07.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:30:27 honeypot-ams-1 kernel: [83927211.907049] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=85.239.34.246 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=50392 PROTO=TCP SPT=59582 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:30:28.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:30:29 honeypot-fra-1 sshd[5366]: Disconnected from authenticating user root 222.124.214.10 port 44746 [preauth]","@timestamp":"2022-09-13T06:30:30.214Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:31:33.115Z","@version":"1","message":"Sep 13 06:31:32 honeypot-sgp-1 sshd[10155]: Received disconnect from 157.245.204.50 port 33028:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10181]: Invalid user postgres from 189.8.29.5 port 60634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10171]: Invalid user admin from 189.8.29.5 port 60586","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10178]: Invalid user es from 189.8.29.5 port 60594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10177]: Invalid user ts3 from 189.8.29.5 port 60638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10167]: Connection closed by authenticating user root 189.8.29.5 port 60596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10183]: Connection closed by authenticating user root 189.8.29.5 port 60660 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10168]: Connection closed by invalid user mc 189.8.29.5 port 60612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10184]: Connection closed by invalid user ubuntu 189.8.29.5 port 60646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10182]: Connection closed by invalid user steam 189.8.29.5 port 60644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10173]: Connection closed by invalid user admin 189.8.29.5 port 60614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:34:55 honeypot-fra-1 kernel: [83925319.726372] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50230 PROTO=TCP SPT=50391 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:34:55.316Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:39:20 honeypot-ams-1 sshd[14731]: Disconnected from 104.248.228.139 port 35444 [preauth]","@timestamp":"2022-09-13T06:39:20.982Z"}
{"@timestamp":"2022-09-13T06:39:33.318Z","@version":"1","message":"Sep 13 06:39:33 honeypot-sgp-1 sshd[10225]: Disconnected from authenticating user root 92.255.85.69 port 37162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:02 honeypot-ams-1 sshd[14840]: Disconnected from invalid user admin 80.76.51.43 port 54108 [preauth]","@timestamp":"2022-09-13T06:42:03.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:32 honeypot-ams-1 sshd[14844]: Disconnected from invalid user admin 80.76.51.43 port 55196 [preauth]","@timestamp":"2022-09-13T06:42:33.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:42:53 honeypot-fra-1 sshd[5382]: Received disconnect from 92.255.85.69 port 62034:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:42:54.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:45:12 honeypot-fra-1 sshd[5386]: Disconnected from invalid user korf 165.22.45.108 port 37932 [preauth]","@timestamp":"2022-09-13T06:45:13.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5402]: Invalid user docker from 20.254.57.199 port 53948","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5395]: Invalid user guest from 20.254.57.199 port 53950","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5394]: Connection closed by authenticating user root 20.254.57.199 port 53958 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5405]: Connection closed by invalid user ubuntu 20.254.57.199 port 53930 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5399]: Connection closed by invalid user odoo 20.254.57.199 port 53970 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5393]: Connection closed by invalid user mc 20.254.57.199 port 53936 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5412]: Connection closed by invalid user admin 20.254.57.199 port 54000 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5437]: Connection closed by authenticating user root 20.254.57.199 port 53980 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5442]: Connection closed by invalid user testuser 20.254.57.199 port 53976 [preauth]","@timestamp":"2022-09-13T06:51:13.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:15 honeypot-fra-1 sshd[5455]: Connection closed by invalid user guest 20.254.57.199 port 54006 [preauth]","@timestamp":"2022-09-13T06:51:15.692Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:52:43 honeypot-ams-1 kernel: [83928547.061383] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41882 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:52:43.332Z"}
{"@timestamp":"2022-09-13T06:54:34.695Z","@version":"1","message":"Sep 13 06:54:34 honeypot-sgp-1 kernel: [83928184.537237] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.68.117 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=58291 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:49.704Z","@version":"1","message":"Sep 13 06:54:48 honeypot-sgp-1 sshd[10234]: Received disconnect from 141.255.162.226 port 52410:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:52.707Z","@version":"1","message":"Sep 13 06:54:52 honeypot-sgp-1 sshd[10238]: Received disconnect from 141.255.162.226 port 44688:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:56:24.745Z","@version":"1","message":"Sep 13 06:56:24 honeypot-sgp-1 kernel: [83928295.081313] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=95.161.131.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=41771 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:00:19 honeypot-ams-1 sshd[15290]: Invalid user admin from 207.154.244.110 port 45302","@timestamp":"2022-09-13T07:00:20.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:01:16 honeypot-ams-1 sshd[15295]: Received disconnect from 51.79.70.102 port 54204:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:01:16.555Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:41 honeypot-ams-1 sshd[15300]: Invalid user user from 45.61.184.204 port 48098","@timestamp":"2022-09-13T07:02:42.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:51 honeypot-ams-1 sshd[15302]: Disconnected from invalid user user 45.61.184.204 port 59642 [preauth]","@timestamp":"2022-09-13T07:02:51.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:09 honeypot-ams-1 sshd[15306]: Disconnected from invalid user user 45.61.184.204 port 54504 [preauth]","@timestamp":"2022-09-13T07:03:09.610Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:03:16 honeypot-fra-1 sshd[5464]: Connection closed by invalid user ftp 178.15.138.196 port 52775 [preauth]","@timestamp":"2022-09-13T07:03:16.965Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:25 honeypot-ams-1 sshd[15310]: Disconnected from invalid user user 45.61.184.204 port 49356 [preauth]","@timestamp":"2022-09-13T07:03:26.619Z"}
{"@timestamp":"2022-09-13T07:05:21.970Z","@version":"1","message":"Sep 13 07:05:21 honeypot-sgp-1 sshd[10247]: Received disconnect from 102.219.33.70 port 60594:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:06:53 honeypot-ams-1 sshd[15316]: Received disconnect from 45.61.186.249 port 44976:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:06:54.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:12 honeypot-ams-1 sshd[15320]: Received disconnect from 45.61.186.249 port 39726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:07:12.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:28 honeypot-ams-1 sshd[15324]: Received disconnect from 45.61.186.249 port 34470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:07:28.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:08:14 honeypot-ams-1 sshd[15328]: Disconnected from authenticating user root 92.255.85.70 port 18158 [preauth]","@timestamp":"2022-09-13T07:08:14.753Z"}
{"@timestamp":"2022-09-13T07:17:02.263Z","@version":"1","message":"Sep 13 07:17:01 honeypot-sgp-1 CRON[10252]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:17:19 honeypot-fra-1 kernel: [83927864.040255] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.187.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=19756 PROTO=TCP SPT=44940 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:17:20.280Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:06 honeypot-fra-1 sshd[5477]: Received disconnect from 45.61.187.160 port 39068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:18:07.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:24 honeypot-fra-1 sshd[5481]: Invalid user user from 45.61.187.160 port 34134","@timestamp":"2022-09-13T07:18:24.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:42 honeypot-fra-1 sshd[5485]: Invalid user user from 45.61.187.160 port 57434","@timestamp":"2022-09-13T07:18:43.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:19:50 honeypot-fra-1 kernel: [83928015.078426] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.224 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41963 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:19:51.349Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 07:22:35 honeypot-ams-1 kernel: [83930339.133759] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52228 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:22:35.121Z"}
{"@timestamp":"2022-09-13T07:27:04.512Z","@version":"1","message":"Sep 13 07:27:03 honeypot-sgp-1 sshd[10258]: Disconnected from authenticating user root 92.255.85.69 port 32534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:29:19 honeypot-fra-1 sshd[5495]: Received disconnect from 92.255.85.69 port 20864:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:29:19.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:30:50 honeypot-fra-1 sshd[5499]: Connection closed by invalid user test 179.60.147.69 port 60264 [preauth]","@timestamp":"2022-09-13T07:30:50.603Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:33:03 honeypot-ams-1 sshd[15343]: Invalid user test from 179.60.147.69 port 25496","@timestamp":"2022-09-13T07:33:04.407Z"}
{"@timestamp":"2022-09-13T07:39:15.846Z","@version":"1","message":"Sep 13 07:39:15 honeypot-sgp-1 kernel: [83930865.963131] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.27.31.27 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=25055 DF PROTO=TCP SPT=16558 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:29.909Z","@version":"1","message":"Sep 13 07:41:29 honeypot-sgp-1 sshd[10269]: Invalid user user from 45.61.186.49 port 48390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:38.914Z","@version":"1","message":"Sep 13 07:41:38 honeypot-sgp-1 sshd[10273]: Invalid user user from 45.61.186.49 port 60186","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:47:26.067Z","@version":"1","message":"Sep 13 07:47:25 honeypot-sgp-1 kernel: [83931355.779713] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.67.234.39 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55194 DF PROTO=TCP SPT=60621 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:50:34 honeypot-ams-1 sshd[15348]: Connection closed by invalid user litao 103.188.176.251 port 36264 [preauth]","@timestamp":"2022-09-13T07:50:35.875Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:51:07 honeypot-fra-1 sshd[5505]: Received disconnect from 41.60.236.6 port 55540:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:51:08.061Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:54:52 honeypot-fra-1 sshd[5510]: Connection closed by invalid user litao 103.188.176.251 port 41242 [preauth]","@timestamp":"2022-09-13T07:54:53.147Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:59:26 honeypot-ams-1 sshd[15353]: Disconnected from invalid user bailey 167.172.253.42 port 58756 [preauth]","@timestamp":"2022-09-13T07:59:27.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:03:58 honeypot-ams-1 sshd[15358]: Received disconnect from 159.65.46.55 port 33268:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:03:59.226Z"}
{"@timestamp":"2022-09-13T08:04:01.515Z","@version":"1","message":"Sep 13 08:04:01 honeypot-sgp-1 sshd[10280]: Received disconnect from 185.130.54.109 port 55591:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:06:07 honeypot-fra-1 sshd[5517]: Received disconnect from 165.22.45.108 port 47782:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:06:07.451Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:51 honeypot-ams-1 sshd[15364]: Received disconnect from 83.228.83.95 port 10320:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:52.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:52 honeypot-ams-1 sshd[15368]: Disconnected from authenticating user root 83.228.83.95 port 10824 [preauth]","@timestamp":"2022-09-13T08:07:53.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:53 honeypot-ams-1 sshd[15374]: Disconnected from authenticating user root 83.228.83.95 port 10888 [preauth]","@timestamp":"2022-09-13T08:07:54.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:54 honeypot-ams-1 sshd[15380]: Disconnected from authenticating user root 83.228.83.95 port 10472 [preauth]","@timestamp":"2022-09-13T08:07:55.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:55 honeypot-ams-1 sshd[15386]: Disconnected from authenticating user root 83.228.83.95 port 10516 [preauth]","@timestamp":"2022-09-13T08:07:56.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:56 honeypot-ams-1 sshd[15392]: Disconnected from authenticating user root 83.228.83.95 port 10248 [preauth]","@timestamp":"2022-09-13T08:07:57.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:58 honeypot-ams-1 sshd[15398]: Disconnected from authenticating user root 83.228.83.95 port 10032 [preauth]","@timestamp":"2022-09-13T08:07:58.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:59 honeypot-ams-1 sshd[15404]: Disconnected from authenticating user root 83.228.83.95 port 10720 [preauth]","@timestamp":"2022-09-13T08:07:59.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:00 honeypot-ams-1 sshd[15410]: Disconnected from authenticating user root 83.228.83.95 port 10210 [preauth]","@timestamp":"2022-09-13T08:08:01.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:01 honeypot-ams-1 sshd[15416]: Disconnected from authenticating user root 83.228.83.95 port 10256 [preauth]","@timestamp":"2022-09-13T08:08:02.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:02 honeypot-ams-1 sshd[15422]: Disconnected from authenticating user root 83.228.83.95 port 10406 [preauth]","@timestamp":"2022-09-13T08:08:03.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:03 honeypot-ams-1 sshd[15428]: Disconnected from authenticating user root 83.228.83.95 port 10648 [preauth]","@timestamp":"2022-09-13T08:08:04.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:04 honeypot-ams-1 sshd[15434]: Received disconnect from 83.228.83.95 port 10832:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:05.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:05 honeypot-ams-1 sshd[15438]: Received disconnect from 83.228.83.95 port 10388:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:06.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:06 honeypot-ams-1 sshd[15442]: Received disconnect from 83.228.83.95 port 10944:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:07.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15446]: Received disconnect from 83.228.83.95 port 10300:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:07.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15450]: Received disconnect from 83.228.83.95 port 10582:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:08 honeypot-ams-1 sshd[15454]: Received disconnect from 83.228.83.95 port 10754:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:09.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:09 honeypot-ams-1 sshd[15460]: Invalid user pi from 83.228.83.95 port 10412","@timestamp":"2022-09-13T08:08:10.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15464]: Invalid user user from 83.228.83.95 port 11020","@timestamp":"2022-09-13T08:08:11.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:11 honeypot-ams-1 sshd[15468]: Invalid user mine from 83.228.83.95 port 10920","@timestamp":"2022-09-13T08:08:11.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15472]: Invalid user xbmc from 83.228.83.95 port 10464","@timestamp":"2022-09-13T08:08:12.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15476]: Invalid user oracle from 83.228.83.95 port 10068","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:13 honeypot-ams-1 sshd[15480]: Invalid user postgres from 83.228.83.95 port 11012","@timestamp":"2022-09-13T08:08:14.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:14 honeypot-ams-1 sshd[15484]: Invalid user support from 83.228.83.95 port 10084","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15488]: Invalid user ubuntu from 83.228.83.95 port 10724","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15492]: Invalid user ubuntu from 83.228.83.95 port 10810","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:16 honeypot-ams-1 sshd[15496]: Invalid user guest from 83.228.83.95 port 10220","@timestamp":"2022-09-13T08:08:17.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15500]: Invalid user cirros from 83.228.83.95 port 10166","@timestamp":"2022-09-13T08:08:18.350Z"}
{"@timestamp":"2022-09-13T08:08:45.639Z","@version":"1","message":"Sep 13 08:08:45 honeypot-sgp-1 sshd[10284]: Disconnected from invalid user ubnt 50.116.41.163 port 13864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:09:46 honeypot-ams-1 sshd[15504]: Invalid user user from 179.60.147.69 port 38292","@timestamp":"2022-09-13T08:09:47.390Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:14:23 honeypot-ams-1 sshd[15510]: Invalid user pi from 82.66.77.8 port 49024","@timestamp":"2022-09-13T08:14:24.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:15:31 honeypot-fra-1 sshd[5542]: Received disconnect from 92.255.85.69 port 16468:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:15:31.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:15:39 honeypot-ams-1 sshd[15515]: Disconnecting authenticating user root 120.48.37.84 port 47498: Too many authentication failures [preauth]","@timestamp":"2022-09-13T08:15:39.543Z"}
{"@timestamp":"2022-09-13T08:16:33.840Z","@version":"1","message":"Sep 13 08:16:33 honeypot-sgp-1 sshd[10290]: Disconnected from authenticating user root 118.70.74.172 port 59540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:38 honeypot-fra-1 sshd[5547]: Invalid user user from 45.61.186.169 port 38548","@timestamp":"2022-09-13T08:16:38.698Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:54 honeypot-fra-1 sshd[5551]: Invalid user user from 45.61.186.169 port 33504","@timestamp":"2022-09-13T08:16:55.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:02 honeypot-fra-1 sshd[5557]: Received disconnect from 45.61.186.169 port 45094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:17:03.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:19 honeypot-fra-1 sshd[5561]: Received disconnect from 45.61.186.169 port 40066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:17:19.719Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:18:42 honeypot-ams-1 sshd[15523]: Disconnected from authenticating user root 92.255.85.70 port 54972 [preauth]","@timestamp":"2022-09-13T08:18:43.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:19:46 honeypot-fra-1 sshd[5563]: Connection closed by invalid user pi 220.71.14.93 port 34088 [preauth]","@timestamp":"2022-09-13T08:19:47.780Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:21:22.993Z","@version":"1","message":"Sep 13 08:21:22 honeypot-sgp-1 sshd[10316]: Disconnected from invalid user soham 139.59.112.202 port 46060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:24:47 honeypot-fra-1 sshd[5570]: Connection closed by invalid user admin 103.106.23.221 port 43062 [preauth]","@timestamp":"2022-09-13T08:24:47.896Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:34:32 honeypot-fra-1 sshd[5575]: Disconnected from authenticating user root 188.166.58.179 port 49454 [preauth]","@timestamp":"2022-09-13T08:34:33.139Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:36:48 honeypot-ams-1 sshd[15547]: Disconnected from invalid user admin 62.64.86.44 port 51743 [preauth]","@timestamp":"2022-09-13T08:36:49.089Z"}
{"@timestamp":"2022-09-13T08:36:54.386Z","@version":"1","message":"Sep 13 08:36:53 honeypot-sgp-1 kernel: [83934323.904451] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=69.164.222.31 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=42055 PROTO=TCP SPT=44938 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:39:35 honeypot-fra-1 sshd[5582]: Received disconnect from 92.255.85.70 port 62582:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:39:36.259Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:44:05.573Z","@version":"1","message":"Sep 13 08:44:05 honeypot-sgp-1 kernel: [83934755.820278] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55622 PROTO=TCP SPT=38124 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:30 honeypot-fra-1 sshd[5588]: Connection closed by invalid user git 182.253.81.212 port 33684 [preauth]","@timestamp":"2022-09-13T08:44:31.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:45:17 honeypot-fra-1 sshd[5594]: Invalid user username from 181.209.148.169 port 47615","@timestamp":"2022-09-13T08:45:18.394Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:46:02.625Z","@version":"1","message":"Sep 13 08:46:02 honeypot-sgp-1 sshd[10332]: Disconnected from authenticating user root 46.101.149.216 port 39150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:46:27 honeypot-ams-1 sshd[15554]: Invalid user test from 179.60.147.69 port 19452","@timestamp":"2022-09-13T08:46:27.338Z"}
{"@timestamp":"2022-09-13T08:47:32.667Z","@version":"1","message":"Sep 13 08:47:31 honeypot-sgp-1 sshd[10339]: Disconnected from invalid user user 20.205.9.176 port 34860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:48:49 honeypot-fra-1 sshd[5599]: Invalid user user from 45.61.187.160 port 53244","@timestamp":"2022-09-13T08:48:50.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:06 honeypot-fra-1 sshd[5603]: Invalid user user from 45.61.187.160 port 47834","@timestamp":"2022-09-13T08:49:07.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:22 honeypot-fra-1 sshd[5608]: Invalid user user from 45.61.187.160 port 42420","@timestamp":"2022-09-13T08:49:23.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:38 honeypot-fra-1 sshd[5612]: Invalid user user from 45.61.187.160 port 37022","@timestamp":"2022-09-13T08:49:39.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:49:50 honeypot-ams-1 sshd[15559]: Disconnected from invalid user user 198.98.61.9 port 40156 [preauth]","@timestamp":"2022-09-13T08:49:51.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:12 honeypot-ams-1 sshd[15562]: Disconnected from invalid user user 198.98.61.9 port 51774 [preauth]","@timestamp":"2022-09-13T08:50:12.440Z"}
{"@timestamp":"2022-09-13T08:50:33.745Z","@version":"1","message":"Sep 13 08:50:32 honeypot-sgp-1 sshd[10343]: Received disconnect from 179.127.181.235 port 57966:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:34 honeypot-ams-1 sshd[15566]: Disconnected from invalid user user 198.98.61.9 port 46762 [preauth]","@timestamp":"2022-09-13T08:50:34.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:55 honeypot-ams-1 sshd[15570]: Disconnected from invalid user user 198.98.61.9 port 41756 [preauth]","@timestamp":"2022-09-13T08:50:56.463Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:58:34 honeypot-ams-1 kernel: [83936098.942628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=12.220.156.28 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=64072 PROTO=TCP SPT=13110 DPT=80 WINDOW=61678 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:58:35.660Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:59:40 honeypot-fra-1 sshd[5615]: Received disconnect from 157.245.195.132 port 42044:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:59:40.733Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:00:09.990Z","@version":"1","message":"Sep 13 09:00:09 honeypot-sgp-1 sshd[10348]: Disconnected from authenticating user root 92.255.85.70 port 45086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:17 honeypot-ams-1 sshd[15580]: Received disconnect from 141.255.162.226 port 52354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:00:17.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:22 honeypot-ams-1 sshd[15584]: Received disconnect from 141.255.162.226 port 50582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:00:22.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:24 honeypot-ams-1 sshd[15588]: Received disconnect from 141.255.162.226 port 57194:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:00:25.711Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:02:41 honeypot-fra-1 sshd[5621]: Disconnected from authenticating user root 92.255.85.69 port 39268 [preauth]","@timestamp":"2022-09-13T09:02:41.805Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:04:38 honeypot-ams-1 sshd[15594]: Received disconnect from 92.255.85.70 port 25474:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:04:38.818Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:07:22 honeypot-fra-1 sshd[5635]: Invalid user oracle from 82.157.251.34 port 55340","@timestamp":"2022-09-13T09:07:22.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:13:24 honeypot-fra-1 sshd[5643]: Invalid user admin from 148.153.82.133 port 59300","@timestamp":"2022-09-13T09:13:25.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:13:47 honeypot-ams-1 sshd[15600]: Received disconnect from 52.227.167.147 port 53734:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:13:48.065Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:17:01 honeypot-fra-1 CRON[5649]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T09:17:02.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:17:02.411Z","@version":"1","message":"Sep 13 09:17:01 honeypot-sgp-1 CRON[10352]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:18:46 honeypot-ams-1 sshd[15605]: Disconnected from authenticating user root 58.246.125.198 port 52114 [preauth]","@timestamp":"2022-09-13T09:18:47.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5659]: Invalid user devops from 92.205.165.95 port 40780","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5666]: Invalid user steam from 92.205.165.95 port 40810","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5660]: Invalid user oracle from 92.205.165.95 port 40796","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5656]: Invalid user chia from 92.205.165.95 port 40784","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5669]: Connection closed by invalid user steam 92.205.165.95 port 40808 [preauth]","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5673]: Connection closed by invalid user postgres 92.205.165.95 port 40830 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5671]: Connection closed by invalid user grid 92.205.165.95 port 40822 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5670]: Connection closed by invalid user deployer 92.205.165.95 port 40812 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5672]: Connection closed by authenticating user root 92.205.165.95 port 40824 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:22:41 honeypot-fra-1 sshd[5715]: Received disconnect from 194.150.69.207 port 35606:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:22:42.266Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:24:57.613Z","@version":"1","message":"Sep 13 09:24:56 honeypot-sgp-1 sshd[10360]: Connection closed by invalid user admin 211.250.4.137 port 56274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:25:58 honeypot-fra-1 sshd[5720]: Received disconnect from 92.255.85.69 port 37976:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:25:58.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:26:47 honeypot-fra-1 sshd[5725]: Disconnected from invalid user kovalenko 165.22.45.108 port 59134 [preauth]","@timestamp":"2022-09-13T09:26:47.364Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:28:37 honeypot-ams-1 sshd[15611]: Received disconnect from 92.255.85.69 port 47308:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:28:37.466Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:29:43 honeypot-ams-1 sshd[15615]: Disconnected from authenticating user root 129.146.247.68 port 45688 [preauth]","@timestamp":"2022-09-13T09:29:44.498Z"}
{"@timestamp":"2022-09-13T09:29:58.739Z","@version":"1","message":"Sep 13 09:29:57 honeypot-sgp-1 sshd[10366]: Received disconnect from 139.59.224.111 port 35108:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:37:05 honeypot-ams-1 kernel: [83938409.532555] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=177.136.215.24 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=37419 DF PROTO=TCP SPT=20482 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:37:05.693Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:38:33 honeypot-fra-1 sshd[5730]: Disconnected from authenticating user root 74.92.28.228 port 58672 [preauth]","@timestamp":"2022-09-13T09:38:33.632Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:46:39.145Z","@version":"1","message":"Sep 13 09:46:38 honeypot-sgp-1 sshd[10372]: Disconnected from authenticating user root 92.255.85.69 port 52060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5736]: Received disconnect from 141.255.162.226 port 51426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:46:41.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5740]: Received disconnect from 141.255.162.226 port 36322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:46:42.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:45 honeypot-fra-1 sshd[5744]: Received disconnect from 141.255.162.226 port 49444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:46:46.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:48 honeypot-fra-1 sshd[5748]: Received disconnect from 141.255.162.226 port 34340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:46:48.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:47:31.169Z","@version":"1","message":"Sep 13 09:47:31 honeypot-sgp-1 sshd[10377]: Disconnected from invalid user field 64.227.126.250 port 58084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:19 honeypot-fra-1 sshd[5751]: Received disconnect from 45.61.186.169 port 58138:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:49:19.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:36 honeypot-fra-1 sshd[5755]: Received disconnect from 45.61.186.169 port 52818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:49:36.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:45 honeypot-fra-1 sshd[5759]: Disconnected from invalid user user 45.61.186.169 port 36052 [preauth]","@timestamp":"2022-09-13T09:49:45.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:50:00 honeypot-fra-1 sshd[5763]: Disconnected from invalid user user 45.61.186.169 port 58952 [preauth]","@timestamp":"2022-09-13T09:50:00.901Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:52:13 honeypot-ams-1 sshd[15622]: Disconnected from authenticating user root 92.255.85.70 port 18304 [preauth]","@timestamp":"2022-09-13T09:52:13.100Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:56:58 honeypot-fra-1 kernel: [83937442.075821] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.97.31 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48559 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:56:59.058Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:01 honeypot-ams-1 sshd[15628]: Invalid user user from 198.98.61.9 port 48246","@timestamp":"2022-09-13T09:57:02.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:28 honeypot-ams-1 sshd[15632]: Invalid user user from 198.98.61.9 port 43324","@timestamp":"2022-09-13T09:57:29.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:55 honeypot-ams-1 sshd[15636]: Invalid user user from 198.98.61.9 port 38402","@timestamp":"2022-09-13T09:57:56.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:59:48 honeypot-ams-1 sshd[15640]: Invalid user support from 179.60.147.69 port 30526","@timestamp":"2022-09-13T09:59:48.301Z"}
{"@timestamp":"2022-09-13T10:03:36.559Z","@version":"1","message":"Sep 13 10:03:35 honeypot-sgp-1 kernel: [83939526.181168] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26915 PROTO=TCP SPT=10349 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:07:06.644Z","@version":"1","message":"Sep 13 10:07:06 honeypot-sgp-1 sshd[10391]: Received disconnect from 89.40.72.166 port 36706:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:07:21 honeypot-fra-1 sshd[5775]: Received disconnect from 165.22.45.108 port 35914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T10:07:21.294Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:09:00.693Z","@version":"1","message":"Sep 13 10:08:59 honeypot-sgp-1 sshd[10396]: Invalid user user from 45.61.184.204 port 41766","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:19.704Z","@version":"1","message":"Sep 13 10:09:19 honeypot-sgp-1 sshd[10400]: Invalid user user from 45.61.184.204 port 36362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:36.713Z","@version":"1","message":"Sep 13 10:09:36 honeypot-sgp-1 sshd[10404]: Invalid user user from 45.61.184.204 port 59204","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:53.721Z","@version":"1","message":"Sep 13 10:09:53 honeypot-sgp-1 sshd[10408]: Invalid user user from 45.61.184.204 port 53806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:10:05 honeypot-fra-1 sshd[5780]: Connection closed by invalid user oracle 117.86.103.243 port 48224 [preauth]","@timestamp":"2022-09-13T10:10:06.357Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:11:47.769Z","@version":"1","message":"Sep 13 10:11:47 honeypot-sgp-1 sshd[10412]: Received disconnect from 159.192.99.12 port 48756:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:12:44 honeypot-ams-1 sshd[15645]: Invalid user  from 64.62.197.107 port 17646","@timestamp":"2022-09-13T10:12:45.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:13:39 honeypot-fra-1 sshd[5789]: Disconnected from authenticating user root 92.255.85.70 port 35428 [preauth]","@timestamp":"2022-09-13T10:13:40.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:15:09 honeypot-ams-1 sshd[15650]: Received disconnect from 92.255.85.69 port 19464:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:15:09.704Z"}
{"@timestamp":"2022-09-13T10:18:23.932Z","@version":"1","message":"Sep 13 10:18:23 honeypot-sgp-1 sshd[10434]: Connection closed by invalid user  64.62.197.122 port 31380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:21:15 honeypot-fra-1 kernel: [83938899.515471] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41290 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:21:15.611Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:21:36 honeypot-ams-1 kernel: [83941080.679776] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=33547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:21:36.874Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:22:28 honeypot-fra-1 sshd[5803]: Invalid user pi from 70.175.251.169 port 53056","@timestamp":"2022-09-13T10:22:28.643Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:30:49.236Z","@version":"1","message":"Sep 13 10:30:49 honeypot-sgp-1 sshd[10438]: Did not receive identification string from 92.255.85.113 port 40961","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:34:09 honeypot-fra-1 sshd[6251]: Invalid user support from 179.60.147.69 port 5324","@timestamp":"2022-09-13T10:34:09.906Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:35:08 honeypot-ams-1 sshd[15660]: Received disconnect from 68.183.170.149 port 51034:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:35:08.226Z"}
{"@timestamp":"2022-09-13T10:35:45.361Z","@version":"1","message":"Sep 13 10:35:44 honeypot-sgp-1 sshd[10444]: Bad protocol version identification '\\003' from 80.66.76.135 port 64404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:22 honeypot-ams-1 sshd[15665]: Connection closed by invalid user support 179.60.147.69 port 45666 [preauth]","@timestamp":"2022-09-13T10:36:23.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:36 honeypot-ams-1 sshd[15669]: Disconnected from invalid user eemil 172.105.37.138 port 50062 [preauth]","@timestamp":"2022-09-13T10:36:37.270Z"}
{"@timestamp":"2022-09-13T10:37:06.396Z","@version":"1","message":"Sep 13 10:37:05 honeypot-sgp-1 kernel: [83941535.854542] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.170.119.250 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=57928 PROTO=TCP SPT=45346 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:37:15 honeypot-ams-1 sshd[15673]: Disconnected from invalid user deborah 159.65.115.222 port 42540 [preauth]","@timestamp":"2022-09-13T10:37:15.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:39:20 honeypot-ams-1 sshd[15680]: Received disconnect from 92.255.85.69 port 47612:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:39:20.347Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:46:33 honeypot-ams-1 kernel: [83942577.756884] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.239.12.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=39627 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:46:34.537Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:46:56 honeypot-fra-1 sshd[6256]: Connection closed by invalid user admin 141.95.86.99 port 36980 [preauth]","@timestamp":"2022-09-13T10:46:57.194Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:47:00.640Z","@version":"1","message":"Sep 13 10:46:59 honeypot-sgp-1 sshd[10453]: Invalid user user1 from 103.188.176.251 port 56974","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:52:57 honeypot-fra-1 sshd[6261]: Received disconnect from 137.184.150.119 port 38364:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:52:57.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6276]: Invalid user centos from 137.184.227.149 port 55132","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6281]: Invalid user es from 137.184.227.149 port 55116","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6266]: Invalid user nexus from 137.184.227.149 port 55070","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6265]: Connection closed by authenticating user root 137.184.227.149 port 55088 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6272]: Connection closed by invalid user admin 137.184.227.149 port 55074 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6266]: Connection closed by invalid user nexus 137.184.227.149 port 55070 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6287]: Connection closed by invalid user mysql 137.184.227.149 port 55130 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:57:58 honeypot-fra-1 sshd[6317]: Invalid user appuser from 43.154.50.12 port 59932","@timestamp":"2022-09-13T10:57:59.448Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:59:34.971Z","@version":"1","message":"Sep 13 10:59:34 honeypot-sgp-1 kernel: [83942885.083146] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.248.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=18153 PROTO=TCP SPT=11400 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:04:46 honeypot-fra-1 kernel: [83941510.710530] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.180.198.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=41752 PROTO=TCP SPT=47080 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:04:47.600Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:08:31 honeypot-ams-1 kernel: [83943895.077056] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.56.18.163 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9555 DF PROTO=TCP SPT=52050 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:08:32.100Z"}
{"@timestamp":"2022-09-13T11:09:27.221Z","@version":"1","message":"Sep 13 11:09:26 honeypot-sgp-1 sshd[10898]: Connection closed by invalid user config 179.60.147.69 port 30408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:13:25 honeypot-fra-1 kernel: [83942028.870856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=60.251.218.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=42607 PROTO=TCP SPT=46375 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:13:25.817Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T11:15:59.384Z","@version":"1","message":"Sep 13 11:15:58 honeypot-sgp-1 kernel: [83943868.918073] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.37 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52090 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:17:01 honeypot-ams-1 CRON[15696]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T11:17:02.319Z"}
{"@timestamp":"2022-09-13T11:17:02.414Z","@version":"1","message":"Sep 13 11:17:01 honeypot-sgp-1 CRON[10912]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:45 honeypot-fra-1 sshd[6332]: Connection closed by invalid user testuser 36.99.192.209 port 60756 [preauth]","@timestamp":"2022-09-13T11:18:45.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:48 honeypot-fra-1 sshd[6350]: Connection closed by invalid user mc 36.99.192.209 port 60776 [preauth]","@timestamp":"2022-09-13T11:18:48.941Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:19:04.467Z","@version":"1","message":"Sep 13 11:19:04 honeypot-sgp-1 sshd[10919]: Invalid user user from 45.61.184.204 port 44716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:19:13 honeypot-ams-1 sshd[15699]: Disconnected from authenticating user root 103.97.184.106 port 42612 [preauth]","@timestamp":"2022-09-13T11:19:13.380Z"}
{"@timestamp":"2022-09-13T11:19:14.472Z","@version":"1","message":"Sep 13 11:19:14 honeypot-sgp-1 sshd[10921]: Disconnected from invalid user user 45.61.184.204 port 56370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:23.478Z","@version":"1","message":"Sep 13 11:19:23 honeypot-sgp-1 sshd[10927]: Disconnected from invalid user user 45.61.184.204 port 39802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:42.487Z","@version":"1","message":"Sep 13 11:19:41 honeypot-sgp-1 sshd[10933]: Invalid user user from 45.61.184.204 port 34886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:20:00.496Z","@version":"1","message":"Sep 13 11:19:59 honeypot-sgp-1 sshd[10937]: Invalid user user from 45.61.184.204 port 58258","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:21:59 honeypot-fra-1 sshd[6358]: Received disconnect from 92.255.85.70 port 62188:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:22:00.014Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:25:40 honeypot-ams-1 kernel: [83944924.072420] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.19.118 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=29838 PROTO=TCP SPT=27860 DPT=80 WINDOW=62812 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:25:40.548Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:16 honeypot-ams-1 sshd[15709]: Invalid user user from 45.61.186.169 port 48408","@timestamp":"2022-09-13T11:26:16.567Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:33 honeypot-ams-1 sshd[15713]: Invalid user user from 45.61.186.169 port 43518","@timestamp":"2022-09-13T11:26:33.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:49 honeypot-ams-1 sshd[15717]: Invalid user user from 45.61.186.169 port 38652","@timestamp":"2022-09-13T11:26:49.590Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:27:08 honeypot-ams-1 kernel: [83945012.317805] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.71 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36728 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:27:08.600Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:28:23 honeypot-fra-1 sshd[6366]: Invalid user kregc from 165.22.45.108 port 45818","@timestamp":"2022-09-13T11:28:24.157Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:30:32.752Z","@version":"1","message":"Sep 13 11:30:31 honeypot-sgp-1 kernel: [83944742.038313] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=25470 PROTO=TCP SPT=48602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:31:57.789Z","@version":"1","message":"Sep 13 11:31:57 honeypot-sgp-1 sshd[10943]: Received disconnect from 45.61.187.160 port 50340:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:32:02 honeypot-ams-1 sshd[15725]: Received disconnect from 101.36.102.8 port 54642:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:32:02.728Z"}
{"@timestamp":"2022-09-13T11:32:16.799Z","@version":"1","message":"Sep 13 11:32:16 honeypot-sgp-1 sshd[10947]: Received disconnect from 45.61.187.160 port 45254:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:37.810Z","@version":"1","message":"Sep 13 11:32:36 honeypot-sgp-1 sshd[10951]: Received disconnect from 45.61.187.160 port 40198:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:34:38 honeypot-ams-1 kernel: [83945462.484903] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.252 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=17586 DF PROTO=TCP SPT=20125 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:34:38.799Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:22 honeypot-fra-1 sshd[6370]: Invalid user user from 45.61.184.204 port 33836","@timestamp":"2022-09-13T11:35:23.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:40 honeypot-fra-1 sshd[6374]: Invalid user user from 45.61.184.204 port 56444","@timestamp":"2022-09-13T11:35:41.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:57 honeypot-fra-1 sshd[6378]: Invalid user user from 45.61.184.204 port 50860","@timestamp":"2022-09-13T11:35:58.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:36:13 honeypot-fra-1 sshd[6382]: Invalid user user from 45.61.184.204 port 45276","@timestamp":"2022-09-13T11:36:14.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:39:23.975Z","@version":"1","message":"Sep 13 11:39:23 honeypot-sgp-1 kernel: [83945273.468417] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56733 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:41:40.036Z","@version":"1","message":"Sep 13 11:41:39 honeypot-sgp-1 kernel: [83945409.543628] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35891 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:43:40 honeypot-ams-1 sshd[15729]: Did not receive identification string from 111.67.194.88 port 53704","@timestamp":"2022-09-13T11:43:41.039Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:44:11 honeypot-fra-1 kernel: [83943875.743784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=48875 DF PROTO=TCP SPT=33834 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:44:12.537Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:47:36 honeypot-ams-1 kernel: [83946240.534800] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.243.172.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=22603 PROTO=TCP SPT=48287 DPT=80 WINDOW=8502 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:47:37.145Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:47:43 honeypot-fra-1 sshd[6391]: Did not receive identification string from 80.87.206.236 port 54332","@timestamp":"2022-09-13T11:47:43.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:49:19 honeypot-ams-1 kernel: [83946343.723586] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=54280 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:49:20.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:39 honeypot-ams-1 sshd[15740]: Connection closed by authenticating user nobody 179.60.147.69 port 50878 [preauth]","@timestamp":"2022-09-13T11:49:40.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:10 honeypot-ams-1 sshd[15746]: Disconnected from invalid user test 80.76.51.45 port 36186 [preauth]","@timestamp":"2022-09-13T11:50:10.219Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:50:34 honeypot-fra-1 sshd[6397]: Received disconnect from 167.99.147.105 port 42422:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:50:35.690Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:40 honeypot-ams-1 sshd[15750]: Received disconnect from 80.76.51.45 port 59418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:50:41.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:51:25 honeypot-ams-1 sshd[15756]: Received disconnect from 80.76.51.45 port 37768:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:51:26.261Z"}
{"@timestamp":"2022-09-13T11:51:53.305Z","@version":"1","message":"Sep 13 11:51:52 honeypot-sgp-1 sshd[10964]: Received disconnect from 68.183.142.49 port 55058:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:52:08 honeypot-ams-1 kernel: [83946512.306471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.156.75.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=45057 PROTO=TCP SPT=26397 DPT=80 WINDOW=32693 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:52:09.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:52:39 honeypot-ams-1 sshd[15767]: Invalid user git from 80.76.51.45 port 39164","@timestamp":"2022-09-13T11:52:40.299Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:54:56 honeypot-ams-1 kernel: [83946680.863163] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.2.33.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=51057 PROTO=TCP SPT=35389 DPT=443 WINDOW=17612 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:54:57.360Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:56:47 honeypot-fra-1 kernel: [83944631.534201] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.129 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=48193 PROTO=TCP SPT=23917 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:56:47.828Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:01:58 honeypot-fra-1 sshd[6407]: Invalid user user from 45.61.186.249 port 44038","@timestamp":"2022-09-13T12:01:58.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:16 honeypot-fra-1 sshd[6411]: Invalid user user from 45.61.186.249 port 38668","@timestamp":"2022-09-13T12:02:16.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:34 honeypot-fra-1 sshd[6415]: Invalid user user from 45.61.186.249 port 33272","@timestamp":"2022-09-13T12:02:34.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:43 honeypot-fra-1 sshd[6417]: Disconnected from invalid user user 45.61.186.249 port 44690 [preauth]","@timestamp":"2022-09-13T12:02:43.970Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:04:56.623Z","@version":"1","message":"Sep 13 12:04:56 honeypot-sgp-1 sshd[10968]: Disconnected from invalid user user 45.61.186.49 port 35428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:05:06.629Z","@version":"1","message":"Sep 13 12:05:06 honeypot-sgp-1 sshd[10972]: Disconnected from invalid user user 45.61.186.49 port 47048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:08:49 honeypot-fra-1 sshd[6425]: Disconnected from authenticating user root 92.255.85.70 port 56300 [preauth]","@timestamp":"2022-09-13T12:08:50.112Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:10:02.749Z","@version":"1","message":"Sep 13 12:10:02 honeypot-sgp-1 kernel: [83947112.859939] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=2457 PROTO=TCP SPT=50403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:12:02 honeypot-ams-1 kernel: [83947706.435645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=64364 PROTO=TCP SPT=50223 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:12:02.796Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:17:01 honeypot-fra-1 CRON[6431]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T12:17:02.299Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:17:56 honeypot-ams-1 sshd[15786]: Invalid user zhui from 112.65.128.90 port 38760","@timestamp":"2022-09-13T12:17:56.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:20:10 honeypot-ams-1 sshd[15790]: Received disconnect from 125.143.2.73 port 51870:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:20:11.009Z"}
{"@timestamp":"2022-09-13T12:22:51.066Z","@version":"1","message":"Sep 13 12:22:50 honeypot-sgp-1 sshd[10984]: Connection closed by invalid user blank 179.60.147.69 port 14762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:26:13 honeypot-fra-1 kernel: [83946397.614605] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=41078 PROTO=TCP SPT=51863 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:26:14.507Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:27:20 honeypot-ams-1 kernel: [83948624.757598] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=48159 PROTO=TCP SPT=37441 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:27:21.193Z"}
{"@timestamp":"2022-09-13T12:32:01.295Z","@version":"1","message":"Sep 13 12:32:00 honeypot-sgp-1 kernel: [83948430.726999] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=165.227.211.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=17367 PROTO=TCP SPT=61953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:33:55 honeypot-fra-1 kernel: [83946858.862225] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50745 PROTO=TCP SPT=52015 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:33:55.684Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:34:20 honeypot-ams-1 kernel: [83949044.214849] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21423 PROTO=TCP SPT=52015 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:34:20.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:43:23 honeypot-ams-1 sshd[15802]: Invalid user bnn from 161.230.125.183 port 40612","@timestamp":"2022-09-13T12:43:23.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:44:40 honeypot-fra-1 sshd[6446]: Disconnected from invalid user jira 117.251.18.98 port 36868 [preauth]","@timestamp":"2022-09-13T12:44:40.929Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:45:06 honeypot-ams-1 kernel: [83949690.835652] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.117.152.56 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=51979 PROTO=TCP SPT=34170 DPT=80 WINDOW=39302 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:45:07.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6471]: Invalid user teamspeak3 from 94.156.175.57 port 60745","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6465]: Invalid user jenkins from 94.156.175.57 port 60689","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6478]: Invalid user hadoop from 94.156.175.57 port 60746","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6483]: Invalid user teamspeak from 94.156.175.57 port 60761","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6469]: Invalid user elasticsearch from 94.156.175.57 port 60736","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6463]: Connection closed by invalid user user 94.156.175.57 port 60695 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6475]: Connection closed by invalid user ansible 94.156.175.57 port 60753 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6485]: Connection closed by invalid user guest 94.156.175.57 port 60762 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6482]: Connection closed by invalid user ubuntu 94.156.175.57 port 60759 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:27 honeypot-fra-1 sshd[6516]: Received disconnect from 36.66.188.183 port 36484:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:46:27.974Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:48:51 honeypot-fra-1 sshd[6518]: Disconnected from invalid user krislew 165.22.45.108 port 55622 [preauth]","@timestamp":"2022-09-13T12:48:52.031Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:48:58.717Z","@version":"1","message":"Sep 13 12:48:57 honeypot-sgp-1 kernel: [83949447.958357] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.220.204.178 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=43172 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:55:14 honeypot-ams-1 sshd[15813]: Received disconnect from 220.88.1.208 port 52898:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:55:14.918Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:56:33 honeypot-fra-1 sshd[6527]: Received disconnect from 92.255.85.69 port 47172:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:56:34.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:58:32 honeypot-fra-1 sshd[6531]: Disconnected from authenticating user root 41.82.208.182 port 25673 [preauth]","@timestamp":"2022-09-13T12:58:32.252Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:59:21.973Z","@version":"1","message":"Sep 13 12:59:21 honeypot-sgp-1 sshd[11001]: Connection closed by invalid user admin 179.60.147.69 port 8300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:01:04 honeypot-fra-1 sshd[6535]: Disconnected from invalid user juliana 159.65.133.50 port 49436 [preauth]","@timestamp":"2022-09-13T13:01:05.311Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:02:42 honeypot-ams-1 sshd[15823]: Invalid user admin from 179.60.147.69 port 38618","@timestamp":"2022-09-13T13:02:43.111Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:03:14 honeypot-fra-1 kernel: [83948617.693349] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=81.183.100.143 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15533 PROTO=TCP SPT=51388 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:03:14.364Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T13:04:04.092Z","@version":"1","message":"Sep 13 13:04:03 honeypot-sgp-1 sshd[11003]: Disconnected from invalid user markus 43.132.121.97 port 36418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:04:38 honeypot-fra-1 sshd[6544]: Disconnected from authenticating user root 179.43.156.143 port 42448 [preauth]","@timestamp":"2022-09-13T13:04:39.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:06:37 honeypot-fra-1 sshd[6550]: Disconnected from authenticating user root 179.43.156.143 port 57092 [preauth]","@timestamp":"2022-09-13T13:06:37.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:08:16 honeypot-fra-1 sshd[6557]: Connection closed by invalid user spark 141.98.10.158 port 56324 [preauth]","@timestamp":"2022-09-13T13:08:17.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:09:09 honeypot-fra-1 sshd[6561]: Disconnected from invalid user ossuser 179.43.156.143 port 38890 [preauth]","@timestamp":"2022-09-13T13:09:09.503Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:09:33 honeypot-ams-1 sshd[15830]: Received disconnect from 159.65.77.254 port 60372:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:09:33.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:17 honeypot-fra-1 sshd[6566]: Invalid user user from 45.61.186.169 port 54516","@timestamp":"2022-09-13T13:10:18.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:10:28 honeypot-ams-1 sshd[15834]: Connection closed by invalid user admin 121.151.75.159 port 52120 [preauth]","@timestamp":"2022-09-13T13:10:28.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:27 honeypot-fra-1 sshd[6570]: Received disconnect from 45.61.186.169 port 38090:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:10:28.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:46 honeypot-fra-1 sshd[6574]: Received disconnect from 45.61.186.169 port 33466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:10:46.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:03 honeypot-fra-1 sshd[6578]: Received disconnect from 45.61.186.169 port 57078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:11:03.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:11 honeypot-fra-1 sshd[6582]: Disconnected from invalid user user 45.61.186.169 port 40652 [preauth]","@timestamp":"2022-09-13T13:11:11.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:12:57 honeypot-fra-1 sshd[6591]: Received disconnect from 179.43.156.143 port 39880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:12:58.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:17:01 honeypot-fra-1 CRON[6595]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T13:17:01.690Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:17:08.432Z","@version":"1","message":"Sep 13 13:17:08 honeypot-sgp-1 sshd[11010]: Disconnected from authenticating user root 92.255.85.70 port 50430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:17:49 honeypot-ams-1 kernel: [83951653.557848] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.97.230.27 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=29107 PROTO=TCP SPT=55038 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:17:50.506Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:18:22 honeypot-ams-1 kernel: [83951686.368602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=48539 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:18:23.522Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:19:41 honeypot-ams-1 kernel: [83951765.195485] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.117.152.98 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=43635 PROTO=TCP SPT=2208 DPT=80 WINDOW=61739 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:19:41.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:20:36 honeypot-ams-1 sshd[15854]: Disconnected from invalid user mkr 143.198.179.96 port 47980 [preauth]","@timestamp":"2022-09-13T13:20:36.587Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:26:50 honeypot-fra-1 kernel: [83950033.713384] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=21489 PROTO=TCP SPT=51858 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:26:50.912Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:27:28 honeypot-ams-1 kernel: [83952232.534154] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15850 PROTO=TCP SPT=31473 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:27:28.767Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:29:49 honeypot-fra-1 sshd[6606]: Did not receive identification string from 45.61.186.169 port 55532","@timestamp":"2022-09-13T13:29:49.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:08 honeypot-fra-1 sshd[6609]: Disconnected from invalid user user 45.61.186.169 port 51306 [preauth]","@timestamp":"2022-09-13T13:30:08.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:25 honeypot-fra-1 sshd[6613]: Disconnected from invalid user user 45.61.186.169 port 46304 [preauth]","@timestamp":"2022-09-13T13:30:25.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:42 honeypot-fra-1 sshd[6617]: Disconnected from invalid user user 45.61.186.169 port 41298 [preauth]","@timestamp":"2022-09-13T13:30:43.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:32:16 honeypot-fra-1 kernel: [83950359.603195] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=24821 PROTO=TCP SPT=51863 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:32:16.127Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T13:36:40.903Z","@version":"1","message":"Sep 13 13:36:40 honeypot-sgp-1 kernel: [83952310.383634] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.46.213.187 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=27542 PROTO=TCP SPT=56730 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:37:32 honeypot-fra-1 sshd[6631]: Connection closed by authenticating user nobody 179.60.147.69 port 43376 [preauth]","@timestamp":"2022-09-13T13:37:33.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:40:31.998Z","@version":"1","message":"Sep 13 13:40:31 honeypot-sgp-1 sshd[11022]: Received disconnect from 51.124.254.31 port 44222:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:41:13.018Z","@version":"1","message":"Sep 13 13:41:12 honeypot-sgp-1 sshd[11026]: Disconnected from authenticating user root 213.108.241.222 port 51192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:44:12 honeypot-fra-1 sshd[6638]: Disconnected from invalid user taaldage 193.168.195.23 port 35024 [preauth]","@timestamp":"2022-09-13T13:44:13.399Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:44:17 honeypot-ams-1 kernel: [83953241.263194] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46833 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:44:18.199Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:47:01 honeypot-fra-1 sshd[6642]: Invalid user alpine from 177.33.46.250 port 57570","@timestamp":"2022-09-13T13:47:02.466Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:48:00.188Z","@version":"1","message":"Sep 13 13:47:59 honeypot-sgp-1 sshd[11031]: Connection closed by invalid user crchen 137.116.144.39 port 52216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:52:32 honeypot-fra-1 sshd[6647]: Connection closed by invalid user admin 174.44.75.242 port 39005 [preauth]","@timestamp":"2022-09-13T13:52:32.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:53:34 honeypot-ams-1 kernel: [83953797.964028] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.207.248.16 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=20199 DF PROTO=TCP SPT=10110 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:53:34.440Z"}
{"@timestamp":"2022-09-13T13:55:53.382Z","@version":"1","message":"Sep 13 13:55:52 honeypot-sgp-1 sshd[11037]: Received disconnect from 141.255.162.226 port 33162:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:58.386Z","@version":"1","message":"Sep 13 13:55:57 honeypot-sgp-1 sshd[11041]: Received disconnect from 141.255.162.226 port 46180:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:56:00.387Z","@version":"1","message":"Sep 13 13:55:59 honeypot-sgp-1 sshd[11043]: Connection closed by 141.255.162.226 port 54882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:02:20.544Z","@version":"1","message":"Sep 13 14:02:20 honeypot-sgp-1 sshd[11052]: Disconnected from authenticating user root 92.255.85.70 port 16936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:09:01 honeypot-fra-1 kernel: [83952565.069368] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.137 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=23193 PROTO=TCP SPT=12111 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:09:01.969Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:12:27 honeypot-ams-1 kernel: [83954931.532417] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.98 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53201 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:12:27.951Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:14:06 honeypot-fra-1 sshd[6665]: Invalid user unknown from 179.60.147.69 port 34120","@timestamp":"2022-09-13T14:14:07.084Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:15:27.867Z","@version":"1","message":"Sep 13 14:15:27 honeypot-sgp-1 sshd[11059]: Received disconnect from 45.61.187.160 port 51522:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:15:46.878Z","@version":"1","message":"Sep 13 14:15:46 honeypot-sgp-1 sshd[11063]: Received disconnect from 45.61.187.160 port 46222:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:04.887Z","@version":"1","message":"Sep 13 14:16:04 honeypot-sgp-1 sshd[11067]: Received disconnect from 45.61.187.160 port 40942:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:21.896Z","@version":"1","message":"Sep 13 14:16:21 honeypot-sgp-1 sshd[11071]: Received disconnect from 45.61.187.160 port 35642:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:17:51 honeypot-ams-1 kernel: [83955254.915370] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51055 PROTO=TCP SPT=58321 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:17:52.092Z"}
{"@timestamp":"2022-09-13T14:19:33.979Z","@version":"1","message":"Sep 13 14:19:33 honeypot-sgp-1 sshd[11076]: Disconnected from invalid user autobacs 122.170.105.253 port 33288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:20:32 honeypot-fra-1 kernel: [83953255.625185] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=180.149.126.148 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=64161 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:20:32.230Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:27 honeypot-fra-1 kernel: [83953490.461399] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=41.117.152.98 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=63476 PROTO=TCP SPT=3488 DPT=443 WINDOW=55555 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:24:27.318Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:25:31 honeypot-fra-1 sshd[6677]: Did not receive identification string from 198.98.61.9 port 52224","@timestamp":"2022-09-13T14:25:32.346Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:25:49.138Z","@version":"1","message":"Sep 13 14:25:48 honeypot-sgp-1 sshd[11082]: Received disconnect from 92.255.85.69 port 54526:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:09 honeypot-fra-1 sshd[6681]: Disconnected from invalid user user 198.98.61.9 port 53804 [preauth]","@timestamp":"2022-09-13T14:26:09.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:26 honeypot-fra-1 sshd[6685]: Disconnected from invalid user user 198.98.61.9 port 48450 [preauth]","@timestamp":"2022-09-13T14:26:27.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:43 honeypot-fra-1 sshd[6689]: Received disconnect from 198.98.61.9 port 43086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:26:44.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:28:35 honeypot-fra-1 kernel: [83953738.980950] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.76.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=61846 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:28:36.422Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:30:46 honeypot-ams-1 kernel: [83956029.925553] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=11408 PROTO=TCP SPT=59403 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:30:46.469Z"}
{"@timestamp":"2022-09-13T14:32:59.322Z","@version":"1","message":"Sep 13 14:32:59 honeypot-sgp-1 kernel: [83955689.183521] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=91.228.58.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27600 DF PROTO=TCP SPT=26810 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:39:40 honeypot-fra-1 sshd[6699]: Invalid user student from 139.59.27.36 port 60586","@timestamp":"2022-09-13T14:39:41.693Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:43:59.595Z","@version":"1","message":"Sep 13 14:43:58 honeypot-sgp-1 sshd[11091]: Disconnected from authenticating user root 103.185.185.65 port 53460 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:44:01 honeypot-ams-1 sshd[15893]: Disconnected from authenticating user root 41.185.26.240 port 46668 [preauth]","@timestamp":"2022-09-13T14:44:01.808Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:47:44 honeypot-fra-1 sshd[6704]: Disconnected from authenticating user root 128.199.192.230 port 16092 [preauth]","@timestamp":"2022-09-13T14:47:45.878Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:50:29.761Z","@version":"1","message":"Sep 13 14:50:29 honeypot-sgp-1 sshd[11098]: Disconnected from authenticating user root 182.73.147.154 port 54316 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:50:39 honeypot-fra-1 sshd[6709]: Connection closed by authenticating user root 179.60.147.69 port 19364 [preauth]","@timestamp":"2022-09-13T14:50:39.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:51:36 honeypot-fra-1 sshd[6715]: Connection closed by invalid user admin1 187.103.206.54 port 37471 [preauth]","@timestamp":"2022-09-13T14:51:36.997Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:52:52 honeypot-ams-1 sshd[15899]: Connection closed by authenticating user root 179.60.147.69 port 6996 [preauth]","@timestamp":"2022-09-13T14:52:53.044Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:53:17 honeypot-fra-1 sshd[6722]: Received disconnect from 165.22.45.108 port 42240:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:53:18.039Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:58:59 honeypot-ams-1 sshd[15904]: Did not receive identification string from 58.72.18.130 port 37271","@timestamp":"2022-09-13T14:58:59.204Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:00:52 honeypot-fra-1 kernel: [83955675.748942] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=42.243.172.119 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=41556 PROTO=TCP SPT=48543 DPT=443 WINDOW=10558 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:00:53.208Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:09:00 honeypot-fra-1 sshd[6728]: Disconnected from invalid user lin 143.244.154.61 port 59138 [preauth]","@timestamp":"2022-09-13T15:09:01.387Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:12:46.304Z","@version":"1","message":"Sep 13 15:12:45 honeypot-sgp-1 kernel: [83958075.768676] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.175.70.147 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54857 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:13:22 honeypot-fra-1 sshd[6733]: Received disconnect from 180.250.248.169 port 58850:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:13:23.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:16:08 honeypot-fra-1 sshd[6735]: Connection closed by invalid user admin 220.135.177.191 port 38177 [preauth]","@timestamp":"2022-09-13T15:16:09.557Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:18:01 honeypot-ams-1 sshd[15912]: Received disconnect from 92.255.85.70 port 29714:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:18:01.689Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:19:43 honeypot-fra-1 sshd[6745]: Invalid user sysbackup from 192.116.113.246 port 33760","@timestamp":"2022-09-13T15:19:43.640Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:20:14.488Z","@version":"1","message":"Sep 13 15:20:13 honeypot-sgp-1 sshd[11113]: Received disconnect from 165.227.202.89 port 49530:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:21:56.533Z","@version":"1","message":"Sep 13 15:21:56 honeypot-sgp-1 sshd[11119]: Did not receive identification string from 58.72.18.130 port 28609","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:24:55.607Z","@version":"1","message":"Sep 13 15:24:54 honeypot-sgp-1 sshd[11125]: Disconnected from authenticating user root 94.242.58.213 port 36612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:26:13 honeypot-fra-1 kernel: [83957197.222889] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24742 PROTO=TCP SPT=42491 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:26:14.788Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T15:26:27.648Z","@version":"1","message":"Sep 13 15:26:27 honeypot-sgp-1 sshd[11130]: Connection closed by invalid user default 179.60.147.69 port 43788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:29:45 honeypot-ams-1 sshd[15918]: Connection closed by invalid user default 179.60.147.69 port 60184 [preauth]","@timestamp":"2022-09-13T15:29:46.028Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:32:04 honeypot-fra-1 sshd[6757]: Invalid user user from 189.57.3.90 port 44468","@timestamp":"2022-09-13T15:32:04.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:36:51 honeypot-fra-1 sshd[6762]: Invalid user ksb from 165.22.45.108 port 48616","@timestamp":"2022-09-13T15:36:52.046Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:38:54.952Z","@version":"1","message":"Sep 13 15:38:54 honeypot-sgp-1 sshd[11135]: Disconnected from invalid user jo 103.242.117.234 port 59810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:42:30 honeypot-fra-1 sshd[6767]: Did not receive identification string from 45.61.186.169 port 42476","@timestamp":"2022-09-13T15:42:31.176Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:43:07.056Z","@version":"1","message":"Sep 13 15:43:07 honeypot-sgp-1 sshd[11142]: Received disconnect from 165.232.173.191 port 50148:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:15 honeypot-fra-1 sshd[6770]: Disconnected from invalid user user 45.61.186.169 port 56996 [preauth]","@timestamp":"2022-09-13T15:43:16.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:32 honeypot-fra-1 sshd[6774]: Disconnected from invalid user user 45.61.186.169 port 51870 [preauth]","@timestamp":"2022-09-13T15:43:33.203Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:43:36 honeypot-ams-1 kernel: [83960399.825948] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=41387 PROTO=TCP SPT=46141 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:43:36.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:48 honeypot-fra-1 sshd[6778]: Disconnected from invalid user user 45.61.186.169 port 46736 [preauth]","@timestamp":"2022-09-13T15:43:49.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:45:56 honeypot-fra-1 sshd[6784]: Invalid user mila from 133.130.101.23 port 47668","@timestamp":"2022-09-13T15:45:57.264Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:49:11 honeypot-ams-1 sshd[15939]: Received disconnect from 80.76.51.189 port 51000:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:49:12.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:50:12 honeypot-ams-1 sshd[15943]: Disconnected from authenticating user root 80.76.51.189 port 33220 [preauth]","@timestamp":"2022-09-13T15:50:13.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:51:47 honeypot-ams-1 sshd[15949]: Disconnected from authenticating user root 80.76.51.189 port 34788 [preauth]","@timestamp":"2022-09-13T15:51:47.603Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:51:48 honeypot-fra-1 kernel: [83958732.080023] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=32164 DF PROTO=TCP SPT=62430 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:51:49.396Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T15:52:11.277Z","@version":"1","message":"Sep 13 15:52:10 honeypot-sgp-1 sshd[11149]: Invalid user nata from 157.230.155.135 port 58501","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:53:20 honeypot-ams-1 sshd[15956]: Disconnected from authenticating user root 80.76.51.189 port 36346 [preauth]","@timestamp":"2022-09-13T15:53:21.646Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:53:54 honeypot-fra-1 sshd[6795]: Invalid user tftpboot from 178.154.201.126 port 56490","@timestamp":"2022-09-13T15:53:54.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:54:55 honeypot-ams-1 sshd[15962]: Invalid user admin from 80.76.51.189 port 37930","@timestamp":"2022-09-13T15:54:55.689Z"}
{"@timestamp":"2022-09-13T15:55:24.384Z","@version":"1","message":"Sep 13 15:55:23 honeypot-sgp-1 sshd[11151]: Disconnected from invalid user mythtv 62.204.41.222 port 57429 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:56:02 honeypot-ams-1 sshd[15967]: Invalid user ansible from 80.76.51.189 port 48372","@timestamp":"2022-09-13T15:56:02.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:57:12 honeypot-ams-1 sshd[15971]: Invalid user ansible from 80.76.51.189 port 58826","@timestamp":"2022-09-13T15:57:13.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:58:23 honeypot-ams-1 sshd[15976]: Received disconnect from 80.76.51.189 port 41048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:58:24.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:59:34 honeypot-ams-1 sshd[15980]: Disconnected from invalid user oracle 80.76.51.189 port 51508 [preauth]","@timestamp":"2022-09-13T15:59:34.882Z"}
{"@timestamp":"2022-09-13T15:59:50.492Z","@version":"1","message":"Sep 13 15:59:49 honeypot-sgp-1 sshd[11156]: Disconnected from invalid user oracle 92.255.85.69 port 53086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:01:22 honeypot-ams-1 sshd[15986]: Received disconnect from 80.76.51.189 port 53078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T16:01:22.931Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:02:37 honeypot-ams-1 sshd[15990]: Disconnected from authenticating user root 80.76.51.189 port 35306 [preauth]","@timestamp":"2022-09-13T16:02:37.965Z"}
{"@timestamp":"2022-09-13T16:03:09.574Z","@version":"1","message":"Sep 13 16:03:09 honeypot-sgp-1 sshd[11163]: Disconnected from invalid user user 141.255.162.226 port 47086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:14.578Z","@version":"1","message":"Sep 13 16:03:13 honeypot-sgp-1 sshd[11167]: Disconnected from invalid user user 141.255.162.226 port 39744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:17.580Z","@version":"1","message":"Sep 13 16:03:16 honeypot-sgp-1 sshd[11171]: Connection closed by invalid user user 141.255.162.226 port 54046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:03:32 honeypot-fra-1 sshd[6799]: Disconnected from invalid user oracle 92.255.85.70 port 22914 [preauth]","@timestamp":"2022-09-13T16:03:33.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:06:17 honeypot-ams-1 sshd[15997]: Invalid user ubnt from 179.60.147.69 port 36762","@timestamp":"2022-09-13T16:06:18.064Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:09:41 honeypot-ams-1 kernel: [83961965.629410] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.163 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52715 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:09:42.156Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:10:55 honeypot-fra-1 kernel: [83959878.653315] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=120.48.123.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=40935 PROTO=TCP SPT=49656 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:10:55.842Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:16:53 honeypot-fra-1 sshd[6807]: Disconnected from invalid user site01 68.183.236.92 port 41434 [preauth]","@timestamp":"2022-09-13T16:16:53.979Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:17:18 honeypot-fra-1 sshd[6814]: Connection closed by invalid user test 193.106.191.157 port 46836 [preauth]","@timestamp":"2022-09-13T16:17:19.020Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:19:24 honeypot-ams-1 sshd[16006]: Disconnected from invalid user super 164.70.100.221 port 34520 [preauth]","@timestamp":"2022-09-13T16:19:25.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:20:34 honeypot-fra-1 sshd[6818]: Invalid user ksb from 165.22.45.108 port 53672","@timestamp":"2022-09-13T16:20:35.096Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:23:48.071Z","@version":"1","message":"Sep 13 16:23:47 honeypot-sgp-1 kernel: [83962337.386059] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=111 ID=33786 PROTO=TCP SPT=34810 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:25:38 honeypot-fra-1 sshd[6823]: Received disconnect from 92.255.85.69 port 50612:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:25:39.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:27:53 honeypot-fra-1 sshd[6827]: Disconnected from invalid user ubnt 46.101.132.159 port 47792 [preauth]","@timestamp":"2022-09-13T16:27:54.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:32:39 honeypot-fra-1 sshd[6834]: Connection closed by authenticating user root 219.138.224.236 port 63605 [preauth]","@timestamp":"2022-09-13T16:32:40.366Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:32:47.285Z","@version":"1","message":"Sep 13 16:32:47 honeypot-sgp-1 sshd[11184]: Invalid user user from 45.61.186.169 port 50566","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:32:57.291Z","@version":"1","message":"Sep 13 16:32:56 honeypot-sgp-1 sshd[11186]: Disconnected from invalid user user 45.61.186.169 port 33808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:16.300Z","@version":"1","message":"Sep 13 16:33:15 honeypot-sgp-1 sshd[11190]: Disconnected from invalid user user 45.61.186.169 port 56742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:34.309Z","@version":"1","message":"Sep 13 16:33:33 honeypot-sgp-1 sshd[11194]: Disconnected from invalid user user 45.61.186.169 port 51464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:37:02 honeypot-ams-1 sshd[16012]: Invalid user admin from 121.154.69.21 port 52300","@timestamp":"2022-09-13T16:37:02.900Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:40:29 honeypot-fra-1 sshd[6839]: Connection closed by invalid user test 179.60.147.69 port 55484 [preauth]","@timestamp":"2022-09-13T16:40:30.542Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:40:46.484Z","@version":"1","message":"Sep 13 16:40:45 honeypot-sgp-1 kernel: [83963355.832313] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.134.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=65277 PROTO=TCP SPT=11858 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:41:18 honeypot-ams-1 sshd[16017]: Received disconnect from 202.53.175.28 port 39170:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:41:19.013Z"}
{"@timestamp":"2022-09-13T16:46:57.637Z","@version":"1","message":"Sep 13 16:46:57 honeypot-sgp-1 kernel: [83963727.321313] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.24 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=54265 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:47:25 honeypot-ams-1 sshd[16025]: Received disconnect from 51.250.85.165 port 60446:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:47:26.188Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:49:48 honeypot-fra-1 sshd[6846]: Invalid user lt from 192.241.243.84 port 57160","@timestamp":"2022-09-13T16:49:49.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:50:24 honeypot-fra-1 sshd[6850]: Invalid user proshin from 103.176.21.200 port 48288","@timestamp":"2022-09-13T16:50:24.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:51:31.749Z","@version":"1","message":"Sep 13 16:51:31 honeypot-sgp-1 sshd[11211]: Disconnected from authenticating user root 157.230.190.64 port 38460 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:51:43 honeypot-ams-1 kernel: [83964487.643892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10216 PROTO=TCP SPT=51616 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:51:44.322Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:52:30 honeypot-fra-1 sshd[6854]: Invalid user ubnt from 125.12.198.38 port 57846","@timestamp":"2022-09-13T16:52:30.820Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:59:07 honeypot-ams-1 kernel: [83964930.726145] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=37484 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:59:07.513Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:46 honeypot-ams-1 sshd[16038]: Invalid user user from 141.255.162.226 port 51212","@timestamp":"2022-09-13T17:00:46.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:52 honeypot-ams-1 sshd[16042]: Invalid user user from 141.255.162.226 port 45618","@timestamp":"2022-09-13T17:00:53.565Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:01:19 honeypot-ams-1 kernel: [83965063.358104] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.163 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=53514 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:01:20.578Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:04:16 honeypot-fra-1 sshd[6859]: Invalid user ksb from 165.22.45.108 port 58718","@timestamp":"2022-09-13T17:04:17.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:06:46 honeypot-fra-1 kernel: [83963230.026026] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.32.15.34 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=18726 PROTO=TCP SPT=61084 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:06:47.165Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:08:03.152Z","@version":"1","message":"Sep 13 17:08:02 honeypot-sgp-1 sshd[11231]: Disconnected from authenticating user root 92.255.85.70 port 56288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:10:42 honeypot-fra-1 sshd[6867]: Received disconnect from 92.255.85.69 port 19304:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:10:43.256Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:15:30.335Z","@version":"1","message":"Sep 13 17:15:29 honeypot-sgp-1 sshd[11239]: Invalid user jmotezuma from 175.126.146.170 port 35580","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T17:15:47.345Z","@version":"1","message":"Sep 13 17:15:46 honeypot-sgp-1 sshd[11243]: Connection closed by invalid user admin 179.60.147.69 port 16640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:16:46 honeypot-ams-1 sshd[16053]: Connection closed by invalid user admin 153.191.2.2 port 63078 [preauth]","@timestamp":"2022-09-13T17:16:46.979Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:16:49 honeypot-fra-1 kernel: [83963832.431743] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.31 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44913 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:16:50.397Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:17:25 honeypot-ams-1 kernel: [83966029.575244] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.116.27 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46275 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:17:25.998Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:39 honeypot-ams-1 sshd[16063]: Received disconnect from 141.255.162.226 port 52016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:17:40.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:41 honeypot-ams-1 sshd[16067]: Received disconnect from 141.255.162.226 port 44988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:17:42.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:46 honeypot-ams-1 sshd[16071]: Received disconnect from 141.255.162.226 port 51918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:17:47.011Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:19:10 honeypot-ams-1 sshd[16076]: Connection closed by invalid user admin 179.60.147.69 port 29396 [preauth]","@timestamp":"2022-09-13T17:19:11.053Z"}
{"@timestamp":"2022-09-13T17:19:26.438Z","@version":"1","message":"Sep 13 17:19:25 honeypot-sgp-1 sshd[11249]: Received disconnect from 52.184.91.79 port 50202:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:20:42 honeypot-ams-1 sshd[16083]: Received disconnect from 179.43.145.74 port 34252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:20:43.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:21:45 honeypot-ams-1 sshd[16089]: Received disconnect from 179.43.145.74 port 37918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:21:46.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:22:39 honeypot-ams-1 sshd[16094]: Disconnected from authenticating user root 179.43.145.74 port 41592 [preauth]","@timestamp":"2022-09-13T17:22:40.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:24:35 honeypot-ams-1 sshd[16098]: Received disconnect from 179.43.145.74 port 48940:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:24:36.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:26:32 honeypot-ams-1 sshd[16102]: Received disconnect from 179.43.145.74 port 56284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:26:32.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:27:15 honeypot-ams-1 sshd[16106]: Disconnected from authenticating user root 179.43.145.74 port 59960 [preauth]","@timestamp":"2022-09-13T17:27:16.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:28:37 honeypot-fra-1 kernel: [83964540.401605] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.79 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58529 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:28:37.665Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:28:46 honeypot-ams-1 sshd[16111]: Received disconnect from 179.43.145.74 port 37242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:28:47.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:30:13 honeypot-ams-1 sshd[16115]: Disconnected from invalid user odoo 179.43.145.74 port 42752 [preauth]","@timestamp":"2022-09-13T17:30:14.364Z"}
{"@timestamp":"2022-09-13T17:30:50.717Z","@version":"1","message":"Sep 13 17:30:50 honeypot-sgp-1 sshd[11252]: Received disconnect from 92.255.85.70 port 15460:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:32:58 honeypot-fra-1 sshd[6879]: Disconnected from invalid user ftpuser 20.239.69.124 port 35104 [preauth]","@timestamp":"2022-09-13T17:32:58.764Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:08 honeypot-ams-1 sshd[16121]: Received disconnect from 45.61.184.204 port 57758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:34:09.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:27 honeypot-ams-1 sshd[16125]: Received disconnect from 45.61.184.204 port 52442:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:34:28.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:46 honeypot-ams-1 sshd[16129]: Received disconnect from 45.61.184.204 port 47144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:34:47.486Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:35:04 honeypot-ams-1 sshd[16133]: Received disconnect from 45.61.184.204 port 41842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:35:04.495Z"}
{"@timestamp":"2022-09-13T17:40:00.943Z","@version":"1","message":"Sep 13 17:40:00 honeypot-sgp-1 sshd[11258]: Invalid user test from 141.94.203.31 port 39184","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:40:19 honeypot-fra-1 sshd[6887]: Received disconnect from 137.184.103.103 port 58852:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:40:19.931Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:41:26 honeypot-ams-1 kernel: [83967469.688200] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36008 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:41:26.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:42:34 honeypot-fra-1 sshd[6891]: Invalid user admin from 177.3.130.63 port 48042","@timestamp":"2022-09-13T17:42:34.985Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:46:00.089Z","@version":"1","message":"Sep 13 17:45:59 honeypot-sgp-1 kernel: [83967269.776706] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=247 ID=13689 PROTO=TCP SPT=57590 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:48:01 honeypot-fra-1 sshd[6894]: Received disconnect from 165.22.45.108 port 35502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:48:02.107Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:42 honeypot-ams-1 sshd[16140]: Unable to negotiate with 104.156.155.31 port 58118: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]","@timestamp":"2022-09-13T17:50:42.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:44 honeypot-ams-1 sshd[16152]: Connection closed by 104.156.155.31 port 1698 [preauth]","@timestamp":"2022-09-13T17:50:44.919Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6908]: Invalid user odoo from 94.156.175.57 port 42636","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6920]: Invalid user teamspeak from 94.156.175.57 port 42689","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6912]: Invalid user elastic from 94.156.175.57 port 42666","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6919]: Invalid user user from 94.156.175.57 port 42688","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6921]: Invalid user ansible from 94.156.175.57 port 42670","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6905]: Connection closed by invalid user vagrant 94.156.175.57 port 42627 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6904]: Connection closed by invalid user ansible 94.156.175.57 port 42632 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6917]: Connection closed by invalid user hadoop 94.156.175.57 port 42659 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6921]: Connection closed by invalid user ansible 94.156.175.57 port 42670 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6933]: Connection closed by invalid user carlos 94.156.175.57 port 42681 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:58 honeypot-fra-1 sshd[6958]: Disconnected from invalid user user 45.61.184.204 port 37252 [preauth]","@timestamp":"2022-09-13T17:52:59.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:15 honeypot-fra-1 sshd[6962]: Invalid user user from 45.61.184.204 port 59650","@timestamp":"2022-09-13T17:53:16.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:24 honeypot-fra-1 sshd[6966]: Invalid user admin from 112.118.128.135 port 39890","@timestamp":"2022-09-13T17:53:25.235Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:53:35.276Z","@version":"1","message":"Sep 13 17:53:34 honeypot-sgp-1 sshd[11266]: Received disconnect from 92.255.85.70 port 29856:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:38 honeypot-fra-1 sshd[6970]: Received disconnect from 45.61.184.204 port 36766:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:53:39.242Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:54:32 honeypot-ams-1 sshd[16163]: Connection closed by authenticating user root 103.188.176.251 port 36388 [preauth]","@timestamp":"2022-09-13T17:54:33.017Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:56:29 honeypot-fra-1 kernel: [83966212.091022] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=85.239.34.246 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34212 PROTO=TCP SPT=59582 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:56:29.306Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:38 honeypot-fra-1 sshd[6980]: Received disconnect from 141.255.162.226 port 46376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:57:39.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:41 honeypot-fra-1 sshd[6984]: Received disconnect from 141.255.162.226 port 47166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:57:42.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:45 honeypot-fra-1 sshd[6988]: Received disconnect from 141.255.162.226 port 33446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:57:46.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:58:24 honeypot-ams-1 kernel: [83968488.247674] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=47498 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:58:25.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:43 honeypot-ams-1 sshd[16172]: Disconnected from invalid user user 45.61.186.249 port 48946 [preauth]","@timestamp":"2022-09-13T17:58:44.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:05 honeypot-ams-1 sshd[16176]: Disconnected from invalid user user 45.61.186.249 port 46842 [preauth]","@timestamp":"2022-09-13T17:59:06.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:27 honeypot-ams-1 sshd[16180]: Disconnected from invalid user user 45.61.186.249 port 44642 [preauth]","@timestamp":"2022-09-13T17:59:27.157Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:01:18 honeypot-ams-1 kernel: [83968662.415820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.163.8.122 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=17012 PROTO=TCP SPT=25700 DPT=443 WINDOW=30793 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:01:19.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:01:31 honeypot-fra-1 sshd[6994]: Invalid user admin from 178.128.43.209 port 50592","@timestamp":"2022-09-13T18:01:32.426Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T18:02:51.498Z","@version":"1","message":"Sep 13 18:02:51 honeypot-sgp-1 kernel: [83968281.014184] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57867 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:05:58 honeypot-fra-1 sshd[6997]: Disconnected from invalid user openvpn_as 185.151.51.90 port 46346 [preauth]","@timestamp":"2022-09-13T18:05:59.522Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:08:20 honeypot-ams-1 sshd[16189]: Received disconnect from 91.240.118.222 port 6435:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-13T18:08:20.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:09:27 honeypot-ams-1 sshd[16193]: Invalid user sale from 197.5.145.87 port 46792","@timestamp":"2022-09-13T18:09:28.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:10:38 honeypot-fra-1 kernel: [83967061.821372] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.150.125.204 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=34622 PROTO=TCP SPT=51754 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:10:39.628Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:17:01 honeypot-fra-1 CRON[7005]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T18:17:01.788Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T18:17:01.836Z","@version":"1","message":"Sep 13 18:17:01 honeypot-sgp-1 CRON[11273]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:17:23 honeypot-ams-1 kernel: [83969627.445109] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=23296 PROTO=TCP SPT=16647 DPT=80 WINDOW=42751 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:17:24.648Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:27:20 honeypot-ams-1 kernel: [83970223.790923] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=31475 PROTO=TCP SPT=6431 DPT=80 WINDOW=20831 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:27:20.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:30:12 honeypot-fra-1 sshd[7012]: Connection closed by invalid user admin 179.60.147.69 port 47844 [preauth]","@timestamp":"2022-09-13T18:30:13.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:32:30 honeypot-fra-1 sshd[7016]: Disconnected from invalid user track 104.248.91.215 port 51938 [preauth]","@timestamp":"2022-09-13T18:32:30.134Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T18:35:47.291Z","@version":"1","message":"Sep 13 18:35:46 honeypot-sgp-1 kernel: [83970256.043871] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=53401 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:08 honeypot-ams-1 sshd[16207]: Did not receive identification string from 45.61.186.169 port 56358","@timestamp":"2022-09-13T18:36:09.151Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:34:12 honeypot-fra-1 sshd[30373]: Received disconnect from 159.223.164.107 port 49798:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:34:12.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:37:39 honeypot-fra-1 sshd[30377]: Invalid user admin from 14.50.131.36 port 55174","@timestamp":"2022-09-10T15:37:40.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:38:54 honeypot-fra-1 kernel: [83698767.187862] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=32828 PROTO=TCP SPT=59648 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:38:54.575Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:39:52 honeypot-ams-1 sshd[7669]: Received disconnect from 61.177.173.48 port 56448:11:  [preauth]","@timestamp":"2022-09-10T15:39:52.139Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:43:57 honeypot-fra-1 sshd[30387]: Received disconnect from 61.177.173.53 port 52126:11:  [preauth]","@timestamp":"2022-09-10T15:43:57.703Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:47:20 honeypot-fra-1 sshd[30391]: Disconnected from authenticating user root 103.86.180.10 port 36581 [preauth]","@timestamp":"2022-09-10T15:47:20.779Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:47:28.199Z","@version":"1","message":"Sep 10 15:47:27 honeypot-sgp-1 kernel: [83700962.169779] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=65488 PROTO=TCP SPT=55777 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:49:38 honeypot-ams-1 sshd[7674]: Disconnected from invalid user 73.121.11.77 200.69.141.210 port 43025 [preauth]","@timestamp":"2022-09-10T15:49:38.396Z"}
{"@timestamp":"2022-09-10T15:52:11.313Z","@version":"1","message":"Sep 10 15:52:10 honeypot-sgp-1 sshd[3621]: Did not receive identification string from 141.255.162.226 port 60978","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:34.325Z","@version":"1","message":"Sep 10 15:52:34 honeypot-sgp-1 sshd[3624]: Received disconnect from 141.255.162.226 port 40568:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:37.327Z","@version":"1","message":"Sep 10 15:52:36 honeypot-sgp-1 sshd[3628]: Disconnected from invalid user user 141.255.162.226 port 35008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:38.328Z","@version":"1","message":"Sep 10 15:52:38 honeypot-sgp-1 sshd[3632]: Disconnected from invalid user user 141.255.162.226 port 42574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:54:23 honeypot-ams-1 sshd[7685]: Disconnected from authenticating user root 61.177.173.52 port 61026 [preauth]","@timestamp":"2022-09-10T15:54:23.520Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:58:10 honeypot-fra-1 kernel: [83699923.135477] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=32930 PROTO=TCP SPT=59637 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:58:11.014Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:01:32 honeypot-ams-1 sshd[7695]: Disconnected from authenticating user root 61.177.172.108 port 35670 [preauth]","@timestamp":"2022-09-10T16:01:32.715Z"}
{"@timestamp":"2022-09-10T16:07:36.692Z","@version":"1","message":"Sep 10 16:07:36 honeypot-sgp-1 sshd[3639]: Invalid user user from 141.255.162.226 port 42424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:39.694Z","@version":"1","message":"Sep 10 16:07:39 honeypot-sgp-1 sshd[3643]: Invalid user user from 141.255.162.226 port 49904","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:41.696Z","@version":"1","message":"Sep 10 16:07:41 honeypot-sgp-1 sshd[3647]: Invalid user user from 141.255.162.226 port 44132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:45.698Z","@version":"1","message":"Sep 10 16:07:44 honeypot-sgp-1 sshd[3651]: Connection closed by 141.255.162.226 port 59114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:11:34 honeypot-ams-1 kernel: [83702880.942389] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50531 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:11:34.987Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:11:59 honeypot-fra-1 sshd[30407]: Invalid user kangchenliang from 165.22.45.108 port 59278","@timestamp":"2022-09-10T16:12:00.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:14:12 honeypot-fra-1 sshd[30411]: Received disconnect from 92.255.85.70 port 43124:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:14:12.403Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:15:16.882Z","@version":"1","message":"Sep 10 16:15:16 honeypot-sgp-1 sshd[3657]: Received disconnect from 45.61.187.160 port 47482:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:15:38.894Z","@version":"1","message":"Sep 10 16:15:38 honeypot-sgp-1 sshd[3661]: Received disconnect from 45.61.187.160 port 42358:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:16:00.904Z","@version":"1","message":"Sep 10 16:15:59 honeypot-sgp-1 sshd[3665]: Received disconnect from 45.61.187.160 port 37222:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:16:20.915Z","@version":"1","message":"Sep 10 16:16:19 honeypot-sgp-1 sshd[3669]: Invalid user user from 45.61.187.160 port 60288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:17:49 honeypot-fra-1 kernel: [83701102.287469] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.97.244 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48559 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:17:49.487Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:18:03 honeypot-ams-1 sshd[7711]: Received disconnect from 117.202.18.5 port 36348:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:18:04.160Z"}
{"@timestamp":"2022-09-10T16:21:34.043Z","@version":"1","message":"Sep 10 16:21:33 honeypot-sgp-1 kernel: [83703007.956765] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26815 PROTO=TCP SPT=46508 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30433]: Connection closed by invalid user mysql 193.187.101.187 port 57124 [preauth]","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30428]: Invalid user hadoop from 193.187.101.187 port 57148","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30429]: Connection closed by invalid user ec2-user 193.187.101.187 port 57150 [preauth]","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30454]: Connection closed by invalid user oracle 193.187.101.187 port 57134 [preauth]","@timestamp":"2022-09-10T16:22:02.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:02 honeypot-fra-1 sshd[30456]: Invalid user esuser from 193.187.101.187 port 57160","@timestamp":"2022-09-10T16:22:02.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:05 honeypot-fra-1 sshd[30420]: Connection closed by invalid user git 193.187.101.187 port 57170 [preauth]","@timestamp":"2022-09-10T16:22:05.586Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:22:59 honeypot-ams-1 sshd[7714]: Disconnected from authenticating user root 179.67.89.142 port 33442 [preauth]","@timestamp":"2022-09-10T16:22:59.292Z"}
{"@timestamp":"2022-09-10T16:23:48.099Z","@version":"1","message":"Sep 10 16:23:47 honeypot-sgp-1 sshd[3678]: Received disconnect from 134.17.16.37 port 14012:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:29:15 honeypot-fra-1 sshd[30463]: Invalid user carlo from 179.108.181.161 port 39922","@timestamp":"2022-09-10T16:29:15.748Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:31:47.292Z","@version":"1","message":"Sep 10 16:31:46 honeypot-sgp-1 sshd[3683]: Invalid user davis from 128.199.74.173 port 56746","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:32:52 honeypot-fra-1 sshd[30467]: Invalid user User from 192.24.36.89 port 42580","@timestamp":"2022-09-10T16:32:52.848Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:33:03 honeypot-ams-1 sshd[7722]: Received disconnect from 103.200.21.89 port 32902:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:33:04.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:34:35 honeypot-ams-1 sshd[7738]: Received disconnect from 92.220.162.17 port 31771:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:34:35.605Z"}
{"@timestamp":"2022-09-10T16:35:24.382Z","@version":"1","message":"Sep 10 16:35:24 honeypot-sgp-1 kernel: [83703838.181018] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=34461 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:40:33 honeypot-ams-1 sshd[7743]: Disconnected from authenticating user root 92.255.85.70 port 46826 [preauth]","@timestamp":"2022-09-10T16:40:33.762Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:43:26 honeypot-fra-1 sshd[30473]: Disconnected from invalid user alan 84.52.103.234 port 37679 [preauth]","@timestamp":"2022-09-10T16:43:27.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:46:01 honeypot-fra-1 kernel: [83702794.105353] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.116.30.224 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=39249 PROTO=TCP SPT=48199 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:46:02.149Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:50:34 honeypot-ams-1 kernel: [83705220.707405] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.79.141.227 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=35641 PROTO=TCP SPT=42461 DPT=80 WINDOW=7252 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:50:35.031Z"}
{"@timestamp":"2022-09-10T16:55:34.861Z","@version":"1","message":"Sep 10 16:55:33 honeypot-sgp-1 kernel: [83705048.073019] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.197.40.144 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=9471 DF PROTO=TCP SPT=61846 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:00:16 honeypot-fra-1 sshd[30482]: Received disconnect from 201.116.3.194 port 41874:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:00:16.467Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:01:37.005Z","@version":"1","message":"Sep 10 17:01:36 honeypot-sgp-1 kernel: [83705410.972938] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.251.102.76 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=41573 PROTO=TCP SPT=26991 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:03:31 honeypot-ams-1 sshd[7755]: Received disconnect from 92.255.85.70 port 33444:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:03:32.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:07:14 honeypot-ams-1 sshd[7758]: Disconnected from invalid user flopy 117.144.178.162 port 46760 [preauth]","@timestamp":"2022-09-10T17:07:15.497Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:09:01 honeypot-fra-1 CRON[30487]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T17:09:01.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:10:24 honeypot-ams-1 sshd[7766]: Invalid user test from 193.106.191.157 port 43710","@timestamp":"2022-09-10T17:10:25.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:11:06 honeypot-ams-1 sshd[7771]: Received disconnect from 62.204.41.222 port 2487:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-10T17:11:06.599Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:13:52 honeypot-fra-1 sshd[30494]: Disconnected from invalid user takashi 139.59.247.236 port 42844 [preauth]","@timestamp":"2022-09-10T17:13:52.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:14:41 honeypot-fra-1 sshd[30498]: Disconnected from invalid user shanthala 157.230.47.60 port 53700 [preauth]","@timestamp":"2022-09-10T17:14:41.821Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:17:01 honeypot-ams-1 CRON[7779]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T17:17:01.752Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:17:01 honeypot-fra-1 CRON[30503]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T17:17:01.874Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:17:02.390Z","@version":"1","message":"Sep 10 17:17:01 honeypot-sgp-1 CRON[3702]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:19:26.473Z","@version":"1","message":"Sep 10 17:19:25 honeypot-sgp-1 sshd[3707]: Disconnected from authenticating user root 165.227.236.118 port 59878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:25:14 honeypot-ams-1 kernel: [83707301.016961] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=220.134.72.249 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=22908 PROTO=TCP SPT=59583 DPT=80 WINDOW=52383 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:25:14.965Z"}
{"@timestamp":"2022-09-10T17:27:29.668Z","@version":"1","message":"Sep 10 17:27:28 honeypot-sgp-1 sshd[3716]: Invalid user user from 45.61.186.49 port 45614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:27:38.673Z","@version":"1","message":"Sep 10 17:27:38 honeypot-sgp-1 sshd[3720]: Invalid user user from 45.61.186.49 port 56908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:30:16 honeypot-fra-1 kernel: [83705449.538303] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53097 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:30:17.170Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T17:31:29.767Z","@version":"1","message":"Sep 10 17:31:29 honeypot-sgp-1 kernel: [83707203.664081] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.143.200.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=38474 PROTO=TCP SPT=50720 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:33:40.823Z","@version":"1","message":"Sep 10 17:33:40 honeypot-sgp-1 sshd[3728]: Invalid user user from 45.61.184.204 port 54678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:33:54.831Z","@version":"1","message":"Sep 10 17:33:54 honeypot-sgp-1 kernel: [83707348.402473] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.92.22.114 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56922 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:34:08.838Z","@version":"1","message":"Sep 10 17:34:08 honeypot-sgp-1 sshd[3734]: Disconnected from invalid user user 45.61.184.204 port 32972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:34:25.846Z","@version":"1","message":"Sep 10 17:34:25 honeypot-sgp-1 sshd[3738]: Disconnected from invalid user user 45.61.184.204 port 56148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:35:54 honeypot-ams-1 kernel: [83707940.237319] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.230.113.52 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=4984 PROTO=TCP SPT=51352 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:35:54.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:38:57 honeypot-fra-1 kernel: [83705970.280735] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=111.90.145.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=697 PROTO=TCP SPT=54747 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:38:58.368Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:39 honeypot-fra-1 sshd[30517]: Received disconnect from 141.255.162.226 port 40584:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T17:40:39.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:42 honeypot-fra-1 sshd[30521]: Received disconnect from 141.255.162.226 port 47966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T17:40:43.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:45 honeypot-fra-1 sshd[30525]: Received disconnect from 141.255.162.226 port 55350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T17:40:45.413Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:45:11.101Z","@version":"1","message":"Sep 10 17:45:10 honeypot-sgp-1 sshd[3744]: Received disconnect from 92.255.85.69 port 63804:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:46:22 honeypot-fra-1 sshd[30528]: Received disconnect from 165.22.45.108 port 45346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T17:46:22.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:49:42.210Z","@version":"1","message":"Sep 10 17:49:42 honeypot-sgp-1 kernel: [83708296.289082] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.237.145.107 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20635 PROTO=TCP SPT=52179 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:50:53 honeypot-ams-1 sshd[7799]: Received disconnect from 92.255.85.70 port 56740:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:50:53.641Z"}
{"@timestamp":"2022-09-10T17:53:33.302Z","@version":"1","message":"Sep 10 17:53:32 honeypot-sgp-1 sshd[3755]: Invalid user public from 64.227.35.112 port 34020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:55:51.356Z","@version":"1","message":"Sep 10 17:55:51 honeypot-sgp-1 sshd[3758]: Disconnected from invalid user duke 223.75.144.193 port 43251 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:34 honeypot-ams-1 sshd[7804]: Disconnected from invalid user user 141.255.162.226 port 33518 [preauth]","@timestamp":"2022-09-10T18:01:34.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:36 honeypot-ams-1 sshd[7808]: Disconnected from invalid user user 141.255.162.226 port 54054 [preauth]","@timestamp":"2022-09-10T18:01:36.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:38 honeypot-ams-1 sshd[7812]: Disconnected from invalid user user 141.255.162.226 port 48904 [preauth]","@timestamp":"2022-09-10T18:01:38.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:42 honeypot-ams-1 sshd[7816]: Disconnected from invalid user user 141.255.162.226 port 36072 [preauth]","@timestamp":"2022-09-10T18:01:42.922Z"}
{"@timestamp":"2022-09-10T18:02:35.516Z","@version":"1","message":"Sep 10 18:02:35 honeypot-sgp-1 kernel: [83709069.363537] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44547 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:04:23 honeypot-fra-1 sshd[30533]: Invalid user takemoto from 64.227.178.106 port 37674","@timestamp":"2022-09-10T18:04:23.940Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:08:56.686Z","@version":"1","message":"Sep 10 18:08:56 honeypot-sgp-1 sshd[3767]: Disconnected from authenticating user root 92.255.85.69 port 17344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:10:31 honeypot-fra-1 kernel: [83707864.577258] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=46590 PROTO=TCP SPT=52804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:10:32.079Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:13:29 honeypot-ams-1 kernel: [83710195.486015] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=60619 PROTO=TCP SPT=46197 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:13:30.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:17:01 honeypot-fra-1 CRON[30539]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T18:17:02.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:17:01 honeypot-ams-1 CRON[7827]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T18:17:02.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:07 honeypot-fra-1 sshd[30546]: Received disconnect from 141.255.162.226 port 34660:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:19:08.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:10 honeypot-fra-1 sshd[30550]: Received disconnect from 141.255.162.226 port 56048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:19:10.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:14 honeypot-fra-1 sshd[30554]: Received disconnect from 141.255.162.226 port 34956:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:19:14.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:21:29 honeypot-fra-1 sshd[30558]: Received disconnect from 171.244.139.236 port 40629:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:21:30.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:24:44 honeypot-fra-1 sshd[30564]: Received disconnect from 173.186.116.37 port 49100:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:24:45.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:04 honeypot-fra-1 sshd[30568]: Received disconnect from 45.61.186.249 port 46212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:25:05.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:17 honeypot-fra-1 sshd[30572]: Received disconnect from 61.19.125.2 port 35578:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:25:18.418Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:24 honeypot-fra-1 sshd[30576]: Received disconnect from 138.197.152.128 port 36382:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:25:25.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:41 honeypot-fra-1 sshd[30581]: Received disconnect from 45.61.186.249 port 35380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:25:41.428Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:29:02.160Z","@version":"1","message":"Sep 10 18:29:01 honeypot-sgp-1 kernel: [83710655.729525] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19038 PROTO=TCP SPT=48728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:29:16 honeypot-fra-1 sshd[30585]: Received disconnect from 43.154.230.33 port 37224:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:29:17.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:35:38 honeypot-fra-1 sshd[30592]: Invalid user Gyongyver from 60.9.237.201 port 11139","@timestamp":"2022-09-10T18:35:39.657Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:37:45 honeypot-ams-1 sshd[7838]: Received disconnect from 92.255.85.69 port 20118:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:37:45.856Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:38:03 honeypot-fra-1 sshd[30596]: Connection closed by invalid user test 193.106.191.157 port 54826 [preauth]","@timestamp":"2022-09-10T18:38:03.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:45:50.570Z","@version":"1","message":"Sep 10 18:45:50 honeypot-sgp-1 sshd[3781]: Received disconnect from 112.64.32.118 port 55514:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:49:49 honeypot-fra-1 sshd[30601]: Invalid user kanwarpreet from 165.22.45.108 port 54882","@timestamp":"2022-09-10T18:49:49.979Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:51:26 honeypot-ams-1 kernel: [83712472.329143] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29519 DF PROTO=TCP SPT=57586 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:51:27.203Z"}
{"@timestamp":"2022-09-10T18:52:17.721Z","@version":"1","message":"Sep 10 18:52:17 honeypot-sgp-1 sshd[3786]: Received disconnect from 180.179.114.44 port 56850:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:53:51 honeypot-fra-1 sshd[30606]: error: maximum authentication attempts exceeded for invalid user admin from 118.4.80.134 port 60843 ssh2 [preauth]","@timestamp":"2022-09-10T18:53:52.073Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:55:55 honeypot-ams-1 sshd[7850]: Disconnected from invalid user hudson 41.185.26.240 port 46434 [preauth]","@timestamp":"2022-09-10T18:55:55.321Z"}
{"@timestamp":"2022-09-10T18:56:31.821Z","@version":"1","message":"Sep 10 18:56:31 honeypot-sgp-1 sshd[3790]: Invalid user usuario from 92.255.85.69 port 47966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:01:48 honeypot-ams-1 sshd[7856]: Received disconnect from 92.255.85.69 port 49000:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:01:49.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:03:43 honeypot-ams-1 sshd[7861]: Disconnected from authenticating user root 135.125.10.56 port 49802 [preauth]","@timestamp":"2022-09-10T19:03:43.524Z"}
{"@timestamp":"2022-09-10T19:04:28.004Z","@version":"1","message":"Sep 10 19:04:27 honeypot-sgp-1 sshd[3795]: Received disconnect from 122.165.93.92 port 49726:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:05:52 honeypot-fra-1 kernel: [83711185.423433] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.34.56.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=52738 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:05:53.356Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:08:32 honeypot-ams-1 sshd[7864]: Did not receive identification string from 80.76.51.189 port 34410","@timestamp":"2022-09-10T19:08:33.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:10:09 honeypot-ams-1 sshd[7870]: Invalid user support from 80.76.51.189 port 44488","@timestamp":"2022-09-10T19:10:09.715Z"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3821]: Invalid user es from 94.156.175.57 port 34857","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3813]: Invalid user guest from 94.156.175.57 port 34907","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3800]: Invalid user ftpuser from 94.156.175.57 port 34842","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3823]: Invalid user ts3 from 94.156.175.57 port 34871","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3799]: Connection closed by invalid user ts3server 94.156.175.57 port 34841 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3801]: Connection closed by invalid user steam 94.156.175.57 port 34838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3805]: Connection closed by invalid user ec2-user 94.156.175.57 port 34861 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3826]: Invalid user mcsv from 94.156.175.57 port 34834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3816]: Connection closed by invalid user ec2-user 94.156.175.57 port 34900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:55.157Z","@version":"1","message":"Sep 10 19:10:54 honeypot-sgp-1 sshd[3855]: Connection closed by invalid user zhaoting 103.188.176.251 port 50802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:11:05 honeypot-ams-1 sshd[7874]: Connection closed by 80.76.51.189 port 37996 [preauth]","@timestamp":"2022-09-10T19:11:05.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:13:46 honeypot-fra-1 sshd[30613]: Disconnected from authenticating user root 203.135.20.36 port 41273 [preauth]","@timestamp":"2022-09-10T19:13:46.535Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:17:01 honeypot-ams-1 CRON[7878]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T19:17:01.899Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:19:02 honeypot-fra-1 kernel: [83711974.761173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.134.225.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=36466 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:19:02.657Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T19:21:32.400Z","@version":"1","message":"Sep 10 19:21:31 honeypot-sgp-1 kernel: [83713805.747098] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23643 PROTO=TCP SPT=19457 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:22:11 honeypot-fra-1 sshd[30623]: Received disconnect from 92.255.85.70 port 52348:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:22:11.727Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:22:15 honeypot-ams-1 sshd[7884]: Connection closed by invalid user test 193.106.191.157 port 39420 [preauth]","@timestamp":"2022-09-10T19:22:16.037Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:24:31 honeypot-fra-1 sshd[30628]: Received disconnect from 218.208.14.146 port 58232:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:24:31.781Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:26:30 honeypot-ams-1 sshd[7890]: Did not receive identification string from 45.61.184.204 port 60718","@timestamp":"2022-09-10T19:26:30.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:26:51 honeypot-ams-1 sshd[7893]: Disconnected from invalid user user 45.61.184.204 port 37684 [preauth]","@timestamp":"2022-09-10T19:26:52.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:06 honeypot-ams-1 sshd[7899]: Received disconnect from 45.61.186.169 port 44898:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:07.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:16 honeypot-ams-1 sshd[7903]: Received disconnect from 45.61.186.169 port 56486:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:16.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:24 honeypot-ams-1 sshd[7907]: Received disconnect from 45.61.186.169 port 39900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:25.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:32 honeypot-ams-1 sshd[7911]: Received disconnect from 45.61.186.169 port 51508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:33.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:41 honeypot-ams-1 sshd[7915]: Received disconnect from 45.61.186.169 port 34914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:41.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:57 honeypot-ams-1 sshd[7919]: Received disconnect from 45.61.186.169 port 58118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:27:58.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:31:56 honeypot-ams-1 sshd[7928]: Connection closed by authenticating user root 111.68.111.100 port 40868 [preauth]","@timestamp":"2022-09-10T19:31:57.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:36:21 honeypot-fra-1 sshd[30634]: Disconnected from invalid user mama 51.255.168.152 port 51024 [preauth]","@timestamp":"2022-09-10T19:36:22.046Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:42:47.877Z","@version":"1","message":"Sep 10 19:42:47 honeypot-sgp-1 sshd[3866]: Disconnected from invalid user usuario 92.255.85.70 port 63054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:45:39 honeypot-fra-1 sshd[30641]: Received disconnect from 92.255.85.69 port 55380:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:45:39.257Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:48:09 honeypot-ams-1 sshd[7941]: Invalid user usuario from 92.255.85.70 port 45164","@timestamp":"2022-09-10T19:48:10.727Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:51:49 honeypot-ams-1 kernel: [83716096.020408] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55438 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:51:50.826Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:54:05 honeypot-fra-1 sshd[30647]: Disconnected from 206.81.0.243 port 39000 [preauth]","@timestamp":"2022-09-10T19:54:05.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:06 honeypot-fra-1 sshd[30659]: Received disconnect from 45.61.187.160 port 34782:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T20:05:06.690Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:05:13.414Z","@version":"1","message":"Sep 10 20:05:12 honeypot-sgp-1 sshd[3875]: Connection closed by invalid user User 196.192.176.116 port 47099 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:27 honeypot-fra-1 sshd[30663]: Received disconnect from 45.61.187.160 port 57734:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T20:05:27.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:47 honeypot-fra-1 sshd[30667]: Received disconnect from 45.61.187.160 port 52460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T20:05:47.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:06:04 honeypot-fra-1 sshd[30671]: Received disconnect from 45.61.187.160 port 47170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T20:06:04.718Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:10:00 honeypot-ams-1 kernel: [83717186.408789] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.13.3.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=57814 PROTO=TCP SPT=4275 DPT=80 WINDOW=31955 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:10:01.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:12:42 honeypot-fra-1 kernel: [83715194.816911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48192 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:12:42.866Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:13:40.614Z","@version":"1","message":"Sep 10 20:13:39 honeypot-sgp-1 sshd[3883]: Invalid user team from 179.157.22.88 port 25479","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:14:48 honeypot-ams-1 sshd[7958]: Received disconnect from 93.43.240.145 port 34416:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:14:48.437Z"}
{"@timestamp":"2022-09-10T20:15:08.652Z","@version":"1","message":"Sep 10 20:15:08 honeypot-sgp-1 sshd[3885]: Disconnected from invalid user test3 190.52.39.248 port 41888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:17:01 honeypot-ams-1 CRON[7964]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T20:17:02.500Z"}
{"@timestamp":"2022-09-10T20:17:02.698Z","@version":"1","message":"Sep 10 20:17:01 honeypot-sgp-1 CRON[3892]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:22:55 honeypot-fra-1 sshd[30680]: Disconnected from invalid user forever-agent 212.112.98.98 port 35032 [preauth]","@timestamp":"2022-09-10T20:22:56.089Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:24:40 honeypot-ams-1 kernel: [83718066.193747] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.144.21.22 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=62968 DF PROTO=TCP SPT=51654 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:24:40.697Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:26:01 honeypot-fra-1 sshd[30684]: Disconnected from authenticating user root 157.230.236.83 port 51238 [preauth]","@timestamp":"2022-09-10T20:26:02.157Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:28:41.001Z","@version":"1","message":"Sep 10 20:28:40 honeypot-sgp-1 sshd[3897]: Invalid user porno from 117.220.15.119 port 41440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:29:29.022Z","@version":"1","message":"Sep 10 20:29:28 honeypot-sgp-1 sshd[3901]: Invalid user usuario from 92.255.85.69 port 62202","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:31:26.069Z","@version":"1","message":"Sep 10 20:31:25 honeypot-sgp-1 sshd[3903]: Disconnected from invalid user admin 213.190.4.147 port 36670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:32:14 honeypot-fra-1 sshd[30691]: Disconnected from invalid user usuario 92.255.85.70 port 55902 [preauth]","@timestamp":"2022-09-10T20:32:14.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:34:50 honeypot-ams-1 sshd[7977]: Received disconnect from 92.255.85.70 port 21608:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:34:50.958Z"}
{"@timestamp":"2022-09-10T20:41:30.316Z","@version":"1","message":"Sep 10 20:41:29 honeypot-sgp-1 sshd[3908]: Received disconnect from 159.89.82.7 port 37944:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:42:00 honeypot-ams-1 sshd[7982]: Invalid user ubuntu from 95.85.27.201 port 54086","@timestamp":"2022-09-10T20:42:01.143Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:42:56 honeypot-fra-1 sshd[30700]: Invalid user rust from 5.101.1.20 port 58756","@timestamp":"2022-09-10T20:42:56.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:44:08 honeypot-fra-1 sshd[30705]: Received disconnect from 211.44.212.27 port 50842:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:44:09.579Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:44:31.392Z","@version":"1","message":"Sep 10 20:44:31 honeypot-sgp-1 kernel: [83718785.163409] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.124.145 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=2163 PROTO=TCP SPT=28553 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:03.406Z","@version":"1","message":"Sep 10 20:45:02 honeypot-sgp-1 sshd[3917]: Invalid user user from 45.61.186.249 port 43982","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:22.414Z","@version":"1","message":"Sep 10 20:45:21 honeypot-sgp-1 sshd[3921]: Invalid user user from 45.61.186.249 port 39150","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:41.423Z","@version":"1","message":"Sep 10 20:45:40 honeypot-sgp-1 sshd[3925]: Invalid user user from 45.61.186.249 port 34316","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:46:23 honeypot-ams-1 sshd[7987]: Received disconnect from 92.220.162.17 port 39093:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:46:24.256Z"}
{"@timestamp":"2022-09-10T20:46:32.442Z","@version":"1","message":"Sep 10 20:46:31 honeypot-sgp-1 kernel: [83718905.412135] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.124.145 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=62473 PROTO=TCP SPT=28553 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:48:05 honeypot-fra-1 kernel: [83717317.543821] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.178.101 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26878 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:48:05.687Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T20:54:56.645Z","@version":"1","message":"Sep 10 20:54:55 honeypot-sgp-1 kernel: [83719409.735606] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=47079 DF PROTO=TCP SPT=42294 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:55:04 honeypot-fra-1 sshd[30714]: Disconnected from invalid user kanwarpreet 165.22.45.108 port 47282 [preauth]","@timestamp":"2022-09-10T20:55:04.844Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:56:34.710Z","@version":"1","message":"Sep 10 20:56:34 honeypot-sgp-1 kernel: [83719508.152943] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.124.145 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=36265 PROTO=TCP SPT=28553 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:56:49 honeypot-ams-1 kernel: [83719995.506339] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36058 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:56:49.522Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:59:02 honeypot-ams-1 sshd[7993]: Received disconnect from 171.244.139.236 port 51626:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:59:02.582Z"}
{"@timestamp":"2022-09-10T20:59:47.785Z","@version":"1","message":"Sep 10 20:59:47 honeypot-sgp-1 sshd[3935]: Received disconnect from 134.17.17.32 port 16449:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:02:53 honeypot-ams-1 kernel: [83720359.844145] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24186 PROTO=TCP SPT=48055 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:02:54.685Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:03:03 honeypot-fra-1 kernel: [83718216.237751] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.141.110.139 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23039 PROTO=TCP SPT=51358 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:03:04.053Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T21:07:26.977Z","@version":"1","message":"Sep 10 21:07:26 honeypot-sgp-1 sshd[3938]: Disconnected from invalid user alien 122.160.65.215 port 35450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:08:37 honeypot-fra-1 sshd[30727]: Did not receive identification string from 45.61.186.49 port 35614","@timestamp":"2022-09-10T21:08:38.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:09:01 honeypot-fra-1 sshd[30731]: Invalid user user from 45.61.186.49 port 49128","@timestamp":"2022-09-10T21:09:02.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:09:11 honeypot-fra-1 sshd[30735]: Invalid user user from 45.61.186.49 port 60940","@timestamp":"2022-09-10T21:09:12.201Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:12:58.103Z","@version":"1","message":"Sep 10 21:12:57 honeypot-sgp-1 kernel: [83720491.326268] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=58896 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:13:14 honeypot-ams-1 sshd[8000]: Disconnected from invalid user fred 89.163.178.15 port 46952 [preauth]","@timestamp":"2022-09-10T21:13:14.954Z"}
{"@timestamp":"2022-09-10T21:14:12.135Z","@version":"1","message":"Sep 10 21:14:11 honeypot-sgp-1 sshd[3949]: Received disconnect from 45.61.186.49 port 50664:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T21:14:29.143Z","@version":"1","message":"Sep 10 21:14:28 honeypot-sgp-1 sshd[3953]: Connection closed by 192.241.215.232 port 46080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:30 honeypot-fra-1 sshd[30741]: Invalid user user from 45.61.184.204 port 55248","@timestamp":"2022-09-10T21:14:30.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:14:48 honeypot-ams-1 sshd[8004]: Invalid user zhaoting from 103.188.176.251 port 50744","@timestamp":"2022-09-10T21:14:48.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:50 honeypot-fra-1 sshd[30745]: Invalid user user from 45.61.184.204 port 50040","@timestamp":"2022-09-10T21:14:51.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:15:08 honeypot-fra-1 sshd[30749]: Invalid user user from 45.61.184.204 port 44830","@timestamp":"2022-09-10T21:15:09.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:15:25 honeypot-fra-1 sshd[30753]: Invalid user user from 45.61.184.204 port 39638","@timestamp":"2022-09-10T21:15:26.350Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:17:38 honeypot-ams-1 sshd[8010]: Received disconnect from 111.93.4.46 port 37578:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:17:39.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:18:32 honeypot-ams-1 sshd[8015]: Disconnected from 161.35.131.133 port 46812 [preauth]","@timestamp":"2022-09-10T21:18:33.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:19:05 honeypot-fra-1 sshd[30759]: Connection closed by invalid user zhaoting 103.188.176.251 port 35006 [preauth]","@timestamp":"2022-09-10T21:19:05.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:23:05 honeypot-fra-1 sshd[30763]: Disconnected from invalid user uuj 201.186.40.35 port 35156 [preauth]","@timestamp":"2022-09-10T21:23:05.521Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:27:12.437Z","@version":"1","message":"Sep 10 21:27:12 honeypot-sgp-1 kernel: [83721346.272220] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.181.32 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=40326 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:27:56 honeypot-ams-1 sshd[8020]: Protocol major versions differ for 178.79.177.104 port 41460: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Nmap-SSH1-Hostkey","@timestamp":"2022-09-10T21:27:57.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:27:58 honeypot-ams-1 sshd[8031]: Connection closed by 178.79.177.104 port 41848 [preauth]","@timestamp":"2022-09-10T21:27:59.339Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:30:03 honeypot-fra-1 kernel: [83719835.774861] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.252 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50187 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:30:03.675Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T21:34:37.621Z","@version":"1","message":"Sep 10 21:34:36 honeypot-sgp-1 sshd[3966]: Disconnected from invalid user jhartley 60.220.185.22 port 42408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:35:13 honeypot-ams-1 kernel: [83722299.341302] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=7095 PROTO=TCP SPT=41901 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:35:13.551Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:37:12 honeypot-ams-1 kernel: [83722418.868402] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20749 PROTO=TCP SPT=45598 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:37:13.605Z"}
{"@timestamp":"2022-09-10T21:40:53.759Z","@version":"1","message":"Sep 10 21:40:53 honeypot-sgp-1 sshd[3974]: Disconnected from authenticating user root 92.255.85.70 port 25526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:41:39 honeypot-fra-1 sshd[30779]: Invalid user lextend from 159.223.51.140 port 55566","@timestamp":"2022-09-10T21:41:39.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:45:30 honeypot-fra-1 kernel: [83720762.305613] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.227.255.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=123 PROTO=TCP SPT=65534 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:45:31.021Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:49:37 honeypot-ams-1 kernel: [83723163.093833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=34887 PROTO=TCP SPT=44541 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:49:37.923Z"}
{"@timestamp":"2022-09-10T21:50:03.978Z","@version":"1","message":"Sep 10 21:50:03 honeypot-sgp-1 sshd[3982]: Received disconnect from 206.189.219.241 port 47242:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:53:13 honeypot-ams-1 sshd[8050]: Disconnected from authenticating user root 77.237.224.62 port 59898 [preauth]","@timestamp":"2022-09-10T21:53:14.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:54:48 honeypot-fra-1 kernel: [83721321.086738] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=40854 PROTO=TCP SPT=50542 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:54:49.232Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:58:04 honeypot-fra-1 sshd[30864]: Disconnected from invalid user ka 165.22.45.108 port 57206 [preauth]","@timestamp":"2022-09-10T21:58:05.310Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:58:11.173Z","@version":"1","message":"Sep 10 21:58:10 honeypot-sgp-1 sshd[3989]: Invalid user  from 128.14.232.100 port 43574","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:58:47 honeypot-ams-1 sshd[8053]: Received disconnect from 81.1.219.10 port 34852:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:58:48.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:01:05 honeypot-ams-1 sshd[8058]: Received disconnect from 109.205.213.23 port 36192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:01:06.225Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:03:04 honeypot-ams-1 kernel: [83723970.230580] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.180.105.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=55803 PROTO=TCP SPT=15289 DPT=80 WINDOW=53282 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:03:04.278Z"}
{"@timestamp":"2022-09-10T22:03:46.313Z","@version":"1","message":"Sep 10 22:03:45 honeypot-sgp-1 sshd[3992]: Disconnected from authenticating user root 92.255.85.69 port 18478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:03:55 honeypot-ams-1 sshd[8069]: Disconnected from authenticating user root 109.205.213.23 port 41086 [preauth]","@timestamp":"2022-09-10T22:03:56.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:04:54 honeypot-ams-1 sshd[8074]: Disconnected from authenticating user root 109.205.213.23 port 33306 [preauth]","@timestamp":"2022-09-10T22:04:54.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:06:13 honeypot-ams-1 sshd[8080]: Disconnected from authenticating user root 109.205.213.23 port 49868 [preauth]","@timestamp":"2022-09-10T22:06:14.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:12:50 honeypot-ams-1 sshd[8087]: Disconnected from authenticating user root 61.177.173.53 port 42394 [preauth]","@timestamp":"2022-09-10T22:12:51.530Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:17:01 honeypot-fra-1 CRON[30872]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T22:17:01.734Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:17:01 honeypot-ams-1 CRON[8092]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T22:17:02.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:22:14 honeypot-ams-1 sshd[8102]: Connection closed by invalid user User 122.160.95.226 port 42564 [preauth]","@timestamp":"2022-09-10T22:22:14.774Z"}
{"@timestamp":"2022-09-10T22:22:49.782Z","@version":"1","message":"Sep 10 22:22:49 honeypot-sgp-1 sshd[4000]: Invalid user User from 59.144.165.184 port 58723","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:04.046Z","@version":"1","message":"Sep 10 22:24:03 honeypot-sgp-1 sshd[4006]: Invalid user  from 31.184.198.71 port 49721","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:17.053Z","@version":"1","message":"Sep 10 22:24:16 honeypot-sgp-1 sshd[4011]: Invalid user admin from 31.184.198.71 port 18834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:23.057Z","@version":"1","message":"Sep 10 22:24:22 honeypot-sgp-1 sshd[4013]: Disconnecting invalid user cameras 31.184.198.71 port 5005: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:30 honeypot-ams-1 sshd[8108]: Received disconnect from 45.61.186.169 port 42168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:24:30.837Z"}
{"@timestamp":"2022-09-10T22:24:38.064Z","@version":"1","message":"Sep 10 22:24:37 honeypot-sgp-1 sshd[4021]: Invalid user admin from 31.184.198.71 port 2085","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:42.066Z","@version":"1","message":"Sep 10 22:24:41 honeypot-sgp-1 sshd[4027]: Received disconnect from 45.61.187.160 port 53148:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:48 honeypot-ams-1 sshd[8112]: Received disconnect from 45.61.186.169 port 37234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:24:48.847Z"}
{"@timestamp":"2022-09-10T22:24:51.070Z","@version":"1","message":"Sep 10 22:24:50 honeypot-sgp-1 sshd[4031]: Invalid user user from 45.61.187.160 port 36374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:59.074Z","@version":"1","message":"Sep 10 22:24:58 honeypot-sgp-1 sshd[4035]: Received disconnect from 45.61.187.160 port 47834:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:25:05 honeypot-ams-1 sshd[8116]: Received disconnect from 45.61.186.169 port 60562:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:25:05.856Z"}
{"@timestamp":"2022-09-10T22:25:17.082Z","@version":"1","message":"Sep 10 22:25:16 honeypot-sgp-1 sshd[4041]: Invalid user private from 31.184.198.71 port 55513","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:25:22 honeypot-ams-1 sshd[8120]: Received disconnect from 45.61.186.169 port 55580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:25:22.864Z"}
{"@timestamp":"2022-09-10T22:25:36.092Z","@version":"1","message":"Sep 10 22:25:35 honeypot-sgp-1 sshd[4047]: Disconnecting invalid user Admin 31.184.198.71 port 36435: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:25:51.099Z","@version":"1","message":"Sep 10 22:25:50 honeypot-sgp-1 sshd[4053]: Disconnecting invalid user user 31.184.198.71 port 34888: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:19.111Z","@version":"1","message":"Sep 10 22:26:18 honeypot-sgp-1 sshd[4061]: Invalid user admin from 31.184.198.71 port 19638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:34.119Z","@version":"1","message":"Sep 10 22:26:33 honeypot-sgp-1 kernel: [83724906.926794] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63162 PROTO=TCP SPT=47333 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:53.129Z","@version":"1","message":"Sep 10 22:26:52 honeypot-sgp-1 sshd[4073]: Disconnected from authenticating user root 92.255.85.69 port 38592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:13.138Z","@version":"1","message":"Sep 10 22:27:13 honeypot-sgp-1 sshd[4079]: Invalid user 1234 from 31.184.198.71 port 7319","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:35.149Z","@version":"1","message":"Sep 10 22:27:34 honeypot-sgp-1 sshd[4085]: Disconnecting invalid user  31.184.198.71 port 36314: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:55.158Z","@version":"1","message":"Sep 10 22:27:55 honeypot-sgp-1 sshd[4092]: Invalid user admin from 31.184.198.71 port 37874","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:13.167Z","@version":"1","message":"Sep 10 22:28:12 honeypot-sgp-1 sshd[4098]: Invalid user zhone from 31.184.198.71 port 33627","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:34.177Z","@version":"1","message":"Sep 10 22:28:33 honeypot-sgp-1 sshd[4104]: Disconnecting invalid user default 31.184.198.71 port 44186: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:55.188Z","@version":"1","message":"Sep 10 22:28:54 honeypot-sgp-1 sshd[4110]: Disconnecting invalid user Administrator 31.184.198.71 port 2542: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:21.201Z","@version":"1","message":"Sep 10 22:29:20 honeypot-sgp-1 sshd[4116]: Disconnecting invalid user admin 31.184.198.71 port 63359: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:29:41 honeypot-fra-1 sshd[30879]: Disconnected from authenticating user root 92.255.85.70 port 15812 [preauth]","@timestamp":"2022-09-10T22:29:42.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T22:29:42.211Z","@version":"1","message":"Sep 10 22:29:41 honeypot-sgp-1 sshd[4122]: Disconnecting invalid user comcast 31.184.198.71 port 15258: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:57.218Z","@version":"1","message":"Sep 10 22:29:56 honeypot-sgp-1 sshd[4128]: Disconnecting invalid user admin1234 31.184.198.71 port 59085: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:29:59 honeypot-ams-1 kernel: [83725585.133446] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4006 PROTO=TCP SPT=48466 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:29:59.985Z"}
{"@timestamp":"2022-09-10T22:30:13.226Z","@version":"1","message":"Sep 10 22:30:12 honeypot-sgp-1 sshd[4134]: Disconnecting invalid user admin 31.184.198.71 port 51819: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:30:15 honeypot-fra-1 kernel: [83723448.058131] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=349 PROTO=TCP SPT=45116 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:30:16.033Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T22:30:28.234Z","@version":"1","message":"Sep 10 22:30:27 honeypot-sgp-1 sshd[4140]: Disconnecting invalid user blank 31.184.198.71 port 34781: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:51.245Z","@version":"1","message":"Sep 10 22:30:50 honeypot-sgp-1 sshd[4148]: Invalid user 0 from 31.184.198.71 port 37445","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:16.257Z","@version":"1","message":"Sep 10 22:31:15 honeypot-sgp-1 sshd[4154]: Invalid user admin from 31.184.198.71 port 56441","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:39.268Z","@version":"1","message":"Sep 10 22:31:38 honeypot-sgp-1 sshd[4160]: Invalid user Broadcom from 31.184.198.71 port 48159","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:54.277Z","@version":"1","message":"Sep 10 22:31:53 honeypot-sgp-1 kernel: [83725227.428197] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.145.63.181 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=109 ID=9330 DF PROTO=TCP SPT=37453 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:09.284Z","@version":"1","message":"Sep 10 22:32:08 honeypot-sgp-1 sshd[4170]: Invalid user smcadmin from 31.184.198.71 port 27024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:25.292Z","@version":"1","message":"Sep 10 22:32:24 honeypot-sgp-1 sshd[4176]: Invalid user admin from 31.184.198.71 port 13925","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:43.301Z","@version":"1","message":"Sep 10 22:32:42 honeypot-sgp-1 sshd[4182]: Invalid user user from 31.184.198.71 port 3269","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:02.311Z","@version":"1","message":"Sep 10 22:33:02 honeypot-sgp-1 sshd[4189]: Disconnecting invalid user 123456 31.184.198.71 port 52074: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:23.321Z","@version":"1","message":"Sep 10 22:33:22 honeypot-sgp-1 sshd[4195]: Disconnecting invalid user readwrite 31.184.198.71 port 11979: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:48.333Z","@version":"1","message":"Sep 10 22:33:47 honeypot-sgp-1 sshd[4201]: Disconnecting invalid user DZY-W2914NSV2 31.184.198.71 port 2261: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:07.343Z","@version":"1","message":"Sep 10 22:34:07 honeypot-sgp-1 sshd[4207]: Disconnecting invalid user zoomadsl 31.184.198.71 port 32085: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:22.350Z","@version":"1","message":"Sep 10 22:34:21 honeypot-sgp-1 sshd[4214]: Invalid user ltecl4r0 from 31.184.198.71 port 14981","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:39:07 honeypot-ams-1 sshd[8134]: Invalid user test from 193.106.191.157 port 46738","@timestamp":"2022-09-10T22:39:08.220Z"}
{"@timestamp":"2022-09-10T22:43:09.551Z","@version":"1","message":"Sep 10 22:43:09 honeypot-sgp-1 kernel: [83725903.192369] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37402 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:45:26 honeypot-fra-1 kernel: [83724358.907961] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=49343 PROTO=TCP SPT=11270 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:45:27.370Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T22:45:34.608Z","@version":"1","message":"Sep 10 22:45:34 honeypot-sgp-1 kernel: [83726047.931539] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.152.52.104 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31014 PROTO=TCP SPT=49933 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:50:24 honeypot-ams-1 kernel: [83726810.170053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=3257 PROTO=TCP SPT=37401 DPT=80 WINDOW=21984 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:50:24.510Z"}
{"@timestamp":"2022-09-10T22:50:33.724Z","@version":"1","message":"Sep 10 22:50:33 honeypot-sgp-1 sshd[4221]: Received disconnect from 92.255.85.70 port 62366:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:52:40 honeypot-ams-1 sshd[8153]: Disconnected from invalid user admin 80.76.51.41 port 38170 [preauth]","@timestamp":"2022-09-10T22:52:41.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:53:09 honeypot-ams-1 sshd[8159]: Received disconnect from 80.76.51.41 port 52856:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:53:09.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:53:23 honeypot-fra-1 sshd[30891]: Received disconnect from 92.255.85.69 port 50260:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:53:24.550Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:53:50 honeypot-ams-1 sshd[8165]: Received disconnect from 80.76.51.41 port 46464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:53:50.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:31 honeypot-ams-1 sshd[8171]: Received disconnect from 80.76.51.41 port 40292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:54:32.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:58 honeypot-ams-1 sshd[8175]: Disconnected from invalid user user 80.76.51.41 port 54808 [preauth]","@timestamp":"2022-09-10T22:54:59.643Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:55:48 honeypot-ams-1 kernel: [83727134.666709] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=62398 DF PROTO=TCP SPT=47166 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:55:49.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:57:19 honeypot-fra-1 kernel: [83725071.211732] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=34812 PROTO=TCP SPT=47333 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:57:19.639Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T23:00:50.965Z","@version":"1","message":"Sep 10 23:00:50 honeypot-sgp-1 sshd[4226]: Received disconnect from 45.61.186.249 port 42168:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:09.994Z","@version":"1","message":"Sep 10 23:01:09 honeypot-sgp-1 sshd[4230]: Received disconnect from 45.61.186.249 port 37230:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:01:19 honeypot-fra-1 sshd[30899]: Invalid user ka from 165.22.45.108 port 38926","@timestamp":"2022-09-10T23:01:19.733Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T23:01:30.003Z","@version":"1","message":"Sep 10 23:01:29 honeypot-sgp-1 sshd[4234]: Received disconnect from 45.61.186.249 port 60484:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:48.010Z","@version":"1","message":"Sep 10 23:01:47 honeypot-sgp-1 sshd[4238]: Received disconnect from 45.61.186.249 port 55510:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:04:32 honeypot-ams-1 kernel: [83727658.863471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34324 PROTO=TCP SPT=11743 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:04:33.895Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:07:58 honeypot-fra-1 kernel: [83725710.597424] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=41578 PROTO=TCP SPT=51255 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:07:58.945Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T23:08:28.163Z","@version":"1","message":"Sep 10 23:08:27 honeypot-sgp-1 sshd[4243]: Received disconnect from 182.160.154.181 port 45796:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:09:26 honeypot-ams-1 kernel: [83727952.205453] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.139 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=13531 PROTO=TCP SPT=42340 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:09:27.025Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:16:03 honeypot-ams-1 kernel: [83728349.437870] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=47177 PROTO=TCP SPT=12974 DPT=80 WINDOW=31470 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:16:04.199Z"}
{"@timestamp":"2022-09-10T23:17:01.378Z","@version":"1","message":"Sep 10 23:17:01 honeypot-sgp-1 CRON[4248]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:17:01 honeypot-fra-1 CRON[30907]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T23:17:02.168Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:18:57 honeypot-ams-1 sshd[8202]: Did not receive identification string from 80.76.51.46 port 44274","@timestamp":"2022-09-10T23:18:58.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:34 honeypot-ams-1 sshd[8207]: Disconnected from authenticating user root 92.255.85.70 port 33810 [preauth]","@timestamp":"2022-09-10T23:19:34.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:20:07 honeypot-ams-1 sshd[8214]: Disconnected from authenticating user root 80.76.51.46 port 44294 [preauth]","@timestamp":"2022-09-10T23:20:08.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:20:35 honeypot-ams-1 sshd[8220]: Disconnected from authenticating user root 80.76.51.46 port 40510 [preauth]","@timestamp":"2022-09-10T23:20:36.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:21:17 honeypot-ams-1 sshd[8226]: Received disconnect from 80.76.51.46 port 34994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:21:18.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:22:00 honeypot-ams-1 sshd[8232]: Received disconnect from 80.76.51.46 port 57756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:22:01.388Z"}
{"@timestamp":"2022-09-10T23:27:15.618Z","@version":"1","message":"Sep 10 23:27:15 honeypot-sgp-1 kernel: [83728549.145946] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.156.111 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=59529 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:32:46 honeypot-ams-1 sshd[8242]: Disconnected from authenticating user root 80.76.51.189 port 55500 [preauth]","@timestamp":"2022-09-10T23:32:46.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:32:47 honeypot-fra-1 sshd[30914]: Received disconnect from 165.22.45.108 port 43890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:32:48.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:33:19 honeypot-ams-1 sshd[8248]: Received disconnect from 80.76.51.189 port 42758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:33:19.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:34:26 honeypot-ams-1 sshd[8252]: Received disconnect from 80.76.51.189 port 45524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:34:27.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:02 honeypot-ams-1 sshd[8259]: Disconnecting authenticating user root 18.140.57.224 port 42776: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:02.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:10 honeypot-ams-1 sshd[8265]: error: maximum authentication attempts exceeded for invalid user admin from 18.140.57.224 port 42814 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:10.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:16 honeypot-ams-1 sshd[8269]: Received disconnect from 18.140.57.224 port 42830:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:39:16.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:22 honeypot-ams-1 sshd[8273]: error: maximum authentication attempts exceeded for invalid user oracle from 18.140.57.224 port 42858 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:22.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:27 honeypot-ams-1 sshd[8277]: error: maximum authentication attempts exceeded for invalid user usuario from 18.140.57.224 port 42870 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:27.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:33 honeypot-ams-1 sshd[8281]: Received disconnect from 18.140.57.224 port 42894:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:39:33.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:38 honeypot-ams-1 sshd[8285]: error: maximum authentication attempts exceeded for invalid user test from 18.140.57.224 port 42916 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:38.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:43 honeypot-ams-1 sshd[8289]: error: maximum authentication attempts exceeded for invalid user user from 18.140.57.224 port 42938 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:43.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:49 honeypot-ams-1 sshd[8293]: Received disconnect from 18.140.57.224 port 42954:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:39:49.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:55 honeypot-ams-1 sshd[8297]: error: maximum authentication attempts exceeded for invalid user ftpuser from 18.140.57.224 port 42964 ssh2 [preauth]","@timestamp":"2022-09-10T23:39:55.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:00 honeypot-ams-1 sshd[8301]: error: maximum authentication attempts exceeded for invalid user test1 from 18.140.57.224 port 42986 ssh2 [preauth]","@timestamp":"2022-09-10T23:40:00.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:05 honeypot-ams-1 sshd[8305]: Received disconnect from 18.140.57.224 port 42998:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:40:06.873Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:40:06 honeypot-fra-1 sshd[30920]: Invalid user test from 92.255.85.69 port 28102","@timestamp":"2022-09-10T23:40:07.681Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:11 honeypot-ams-1 sshd[8309]: error: maximum authentication attempts exceeded for invalid user test2 from 18.140.57.224 port 43016 ssh2 [preauth]","@timestamp":"2022-09-10T23:40:11.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:16 honeypot-ams-1 sshd[8313]: Received disconnect from 18.140.57.224 port 43028:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:40:16.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:22 honeypot-ams-1 sshd[8317]: error: maximum authentication attempts exceeded for invalid user ubuntu from 18.140.57.224 port 43040 ssh2 [preauth]","@timestamp":"2022-09-10T23:40:22.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:26 honeypot-ams-1 sshd[8321]: Received disconnect from 18.140.57.224 port 43064:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:40:26.886Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:31 honeypot-ams-1 sshd[8325]: Received disconnect from 18.140.57.224 port 43072:11: disconnected by user [preauth]","@timestamp":"2022-09-10T23:40:31.889Z"}
{"@timestamp":"2022-09-10T23:41:26.951Z","@version":"1","message":"Sep 10 23:41:26 honeypot-sgp-1 kernel: [83729400.021412] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.168.126.42 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=14390 DF PROTO=TCP SPT=53320 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:43:04 honeypot-ams-1 sshd[8331]: Disconnected from invalid user test 92.255.85.69 port 20424 [preauth]","@timestamp":"2022-09-10T23:43:04.957Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:45:50 honeypot-ams-1 kernel: [83730136.665645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=81.170.15.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36392 DF PROTO=TCP SPT=46234 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:45:51.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:48:11 honeypot-ams-1 sshd[8343]: Connection closed by invalid user nvidia 103.188.176.251 port 35036 [preauth]","@timestamp":"2022-09-10T23:48:12.101Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:51:13 honeypot-ams-1 kernel: [83730459.044194] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=8413 PROTO=TCP SPT=44848 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:51:13.184Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:52:37 honeypot-fra-1 sshd[30925]: Invalid user nvidia from 103.188.176.251 port 47920","@timestamp":"2022-09-10T23:52:37.955Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:53:23 honeypot-ams-1 sshd[8359]: Invalid user baxi from 195.158.21.214 port 45182","@timestamp":"2022-09-10T23:53:23.244Z"}
{"@timestamp":"2022-09-10T23:54:46.278Z","@version":"1","message":"Sep 10 23:54:45 honeypot-sgp-1 sshd[4262]: Disconnected from authenticating user root 91.144.20.198 port 59002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:58:55 honeypot-ams-1 kernel: [83730921.277372] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.31.129.248 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=3483 PROTO=TCP SPT=29744 DPT=80 WINDOW=42488 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:58:55.392Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:59:06 honeypot-fra-1 kernel: [83728778.169469] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47601 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:59:07.103Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:03:51 honeypot-ams-1 kernel: [83731217.089836] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.211.241.141 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=8378 DF PROTO=TCP SPT=32774 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 ","@timestamp":"2022-09-11T00:03:51.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:04:12 honeypot-ams-1 sshd[8369]: Disconnected from invalid user user 92.255.85.70 port 26318 [preauth]","@timestamp":"2022-09-11T00:04:12.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:04:19 honeypot-fra-1 sshd[30931]: Invalid user karen1 from 165.22.45.108 port 49092","@timestamp":"2022-09-11T00:04:20.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:05 honeypot-ams-1 sshd[8374]: Received disconnect from 141.255.162.226 port 51414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:06:06.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:09 honeypot-ams-1 sshd[8378]: Received disconnect from 141.255.162.226 port 37780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:06:09.599Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:09:58 honeypot-ams-1 kernel: [83731584.877502] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.125.205.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=26330 PROTO=TCP SPT=38085 DPT=80 WINDOW=19461 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:09:59.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:11:07 honeypot-fra-1 kernel: [83729499.684068] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.32 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60669 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:11:08.375Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T00:12:23.680Z","@version":"1","message":"Sep 11 00:12:23 honeypot-sgp-1 kernel: [83731256.719788] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.206 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37471 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:18:07 honeypot-ams-1 kernel: [83732072.946506] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.119.140.140 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=36316 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:18:07.920Z"}
{"@timestamp":"2022-09-11T00:19:10.840Z","@version":"1","message":"Sep 11 00:19:09 honeypot-sgp-1 sshd[4276]: Received disconnect from 143.244.158.100 port 33330:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:21:13.891Z","@version":"1","message":"Sep 11 00:21:13 honeypot-sgp-1 sshd[4283]: Received disconnect from 92.255.85.69 port 62824:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:21:28 honeypot-ams-1 sshd[8393]: Bad protocol version identification '' from 103.107.8.171 port 51882","@timestamp":"2022-09-11T00:21:29.016Z"}
{"@timestamp":"2022-09-11T00:22:10.915Z","@version":"1","message":"Sep 11 00:22:10 honeypot-sgp-1 sshd[4287]: Disconnected from invalid user aiuap 188.166.114.8 port 43616 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:24:10.964Z","@version":"1","message":"Sep 11 00:24:10 honeypot-sgp-1 sshd[4724]: Disconnected from authenticating user root 143.244.158.100 port 50296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:25:21 honeypot-fra-1 sshd[30957]: Disconnected from authenticating user root 92.255.85.70 port 32936 [preauth]","@timestamp":"2022-09-11T00:25:21.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:25:35 honeypot-ams-1 kernel: [83732521.448534] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.21.179.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=24106 PROTO=TCP SPT=19280 DPT=80 WINDOW=20337 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:25:36.126Z"}
{"@timestamp":"2022-09-11T00:25:50.006Z","@version":"1","message":"Sep 11 00:25:49 honeypot-sgp-1 sshd[4730]: Received disconnect from 143.244.158.100 port 46736:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:28:11.063Z","@version":"1","message":"Sep 11 00:28:10 honeypot-sgp-1 sshd[4738]: Received disconnect from 143.244.158.100 port 51774:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:29:37 honeypot-ams-1 sshd[8401]: Received disconnect from 111.202.249.76 port 2610:11: Bye Bye [preauth]","@timestamp":"2022-09-11T00:29:38.237Z"}
{"@timestamp":"2022-09-11T00:30:32.120Z","@version":"1","message":"Sep 11 00:30:31 honeypot-sgp-1 sshd[4744]: Received disconnect from 143.244.158.100 port 37890:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:32:14.163Z","@version":"1","message":"Sep 11 00:32:14 honeypot-sgp-1 sshd[4749]: Disconnected from authenticating user root 143.244.158.100 port 54494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:33:43 honeypot-ams-1 sshd[8406]: Disconnected from authenticating user root 61.177.173.53 port 12379 [preauth]","@timestamp":"2022-09-11T00:33:44.347Z"}
{"@timestamp":"2022-09-11T00:34:39.222Z","@version":"1","message":"Sep 11 00:34:38 honeypot-sgp-1 sshd[4755]: Received disconnect from 143.244.158.100 port 41934:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:37:03.281Z","@version":"1","message":"Sep 11 00:37:03 honeypot-sgp-1 sshd[4761]: Received disconnect from 143.244.158.100 port 37972:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:38:36.320Z","@version":"1","message":"Sep 11 00:38:35 honeypot-sgp-1 sshd[4768]: Received disconnect from 143.244.158.100 port 51284:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:40:11.379Z","@version":"1","message":"Sep 11 00:40:11 honeypot-sgp-1 sshd[4772]: Disconnected from authenticating user root 143.244.158.100 port 54208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:42:32.436Z","@version":"1","message":"Sep 11 00:42:31 honeypot-sgp-1 sshd[4778]: Disconnected from authenticating user root 143.244.158.100 port 45604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:44:26 honeypot-ams-1 sshd[8417]: Disconnected from authenticating user root 61.177.173.36 port 14698 [preauth]","@timestamp":"2022-09-11T00:44:26.625Z"}
{"@timestamp":"2022-09-11T00:44:58.496Z","@version":"1","message":"Sep 11 00:44:57 honeypot-sgp-1 sshd[4786]: Disconnected from authenticating user root 143.244.158.100 port 35420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:46:35.537Z","@version":"1","message":"Sep 11 00:46:35 honeypot-sgp-1 sshd[4792]: Disconnected from authenticating user root 143.244.158.100 port 34156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:46:38 honeypot-fra-1 sshd[30965]: Invalid user nagios from 14.32.0.111 port 42826","@timestamp":"2022-09-11T00:46:39.163Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:48:09.577Z","@version":"1","message":"Sep 11 00:48:09 honeypot-sgp-1 sshd[4798]: Disconnected from authenticating user root 143.244.158.100 port 55862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:49:41.615Z","@version":"1","message":"Sep 11 00:49:41 honeypot-sgp-1 sshd[4803]: Disconnected from authenticating user root 143.244.158.100 port 55636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:50:08 honeypot-ams-1 sshd[8426]: Disconnected from authenticating user root 61.177.172.108 port 32921 [preauth]","@timestamp":"2022-09-11T00:50:08.776Z"}
{"@timestamp":"2022-09-11T00:52:07.675Z","@version":"1","message":"Sep 11 00:52:07 honeypot-sgp-1 sshd[4809]: Received disconnect from 143.244.158.100 port 37784:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:52:18 honeypot-fra-1 kernel: [83731970.577651] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=1018 PROTO=TCP SPT=52593 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:52:19.292Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:53:48 honeypot-ams-1 sshd[8434]: Invalid user user from 45.61.186.169 port 51500","@timestamp":"2022-09-11T00:53:48.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:06 honeypot-ams-1 sshd[8438]: Invalid user user from 45.61.186.169 port 46502","@timestamp":"2022-09-11T00:54:06.889Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:54:23 honeypot-ams-1 kernel: [83734249.573238] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34652 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:54:23.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:31 honeypot-ams-1 sshd[8444]: Disconnected from invalid user user 45.61.186.169 port 53106 [preauth]","@timestamp":"2022-09-11T00:54:31.902Z"}
{"@timestamp":"2022-09-11T00:54:36.736Z","@version":"1","message":"Sep 11 00:54:36 honeypot-sgp-1 sshd[4816]: Received disconnect from 143.244.158.100 port 50340:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:56:32 honeypot-ams-1 kernel: [83734377.900234] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.61.71.50 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=55 ID=7191 PROTO=TCP SPT=50451 DPT=80 WINDOW=30907 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:56:32.958Z"}
{"@timestamp":"2022-09-11T00:57:01.795Z","@version":"1","message":"Sep 11 00:57:01 honeypot-sgp-1 CRON[4822]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:58:44.837Z","@version":"1","message":"Sep 11 00:58:44 honeypot-sgp-1 sshd[4829]: Received disconnect from 143.244.158.100 port 58308:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:59:54 honeypot-ams-1 sshd[8454]: Invalid user  from 64.62.197.17 port 11128","@timestamp":"2022-09-11T00:59:55.050Z"}
{"@timestamp":"2022-09-11T01:01:16.898Z","@version":"1","message":"Sep 11 01:01:16 honeypot-sgp-1 sshd[4836]: Received disconnect from 143.244.158.100 port 41800:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:02:32.930Z","@version":"1","message":"Sep 11 01:02:31 honeypot-sgp-1 sshd[4840]: Disconnected from invalid user ubuntu 81.150.9.251 port 42892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:03:33 honeypot-fra-1 sshd[30974]: Disconnected from invalid user friends 186.10.245.152 port 47316 [preauth]","@timestamp":"2022-09-11T01:03:34.542Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:08:15 honeypot-ams-1 sshd[8465]: Disconnected from authenticating user root 61.177.173.52 port 38424 [preauth]","@timestamp":"2022-09-11T01:08:16.270Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:11:49 honeypot-ams-1 sshd[8470]: Disconnected from authenticating user root 80.76.51.41 port 33740 [preauth]","@timestamp":"2022-09-11T01:11:50.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:17 honeypot-ams-1 sshd[8474]: Disconnected from invalid user test 80.76.51.41 port 43536 [preauth]","@timestamp":"2022-09-11T01:12:17.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:12:24 honeypot-fra-1 sshd[30981]: Received disconnect from 92.255.85.69 port 38850:11: Bye Bye [preauth]","@timestamp":"2022-09-11T01:12:25.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:54 honeypot-ams-1 sshd[8480]: Disconnected from authenticating user root 80.76.51.41 port 58322 [preauth]","@timestamp":"2022-09-11T01:12:55.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:13:33 honeypot-ams-1 sshd[8487]: Disconnected from authenticating user root 80.76.51.41 port 44990 [preauth]","@timestamp":"2022-09-11T01:13:33.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:14:10 honeypot-ams-1 sshd[8493]: Invalid user user from 80.76.51.41 port 59730","@timestamp":"2022-09-11T01:14:11.442Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:14:23 honeypot-ams-1 sshd[8495]: Disconnected from invalid user git 80.76.51.41 port 36386 [preauth]","@timestamp":"2022-09-11T01:14:23.448Z"}
{"@timestamp":"2022-09-11T01:15:20.226Z","@version":"1","message":"Sep 11 01:15:19 honeypot-sgp-1 sshd[4849]: Connection closed by 192.241.207.161 port 38102 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:17:01 honeypot-fra-1 CRON[30988]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T01:17:01.846Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:17:11.271Z","@version":"1","message":"Sep 11 01:17:10 honeypot-sgp-1 sshd[4856]: Disconnected from invalid user user 45.61.186.249 port 49480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:29.280Z","@version":"1","message":"Sep 11 01:17:28 honeypot-sgp-1 sshd[4860]: Received disconnect from 45.61.186.249 port 44612:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:48.289Z","@version":"1","message":"Sep 11 01:17:47 honeypot-sgp-1 sshd[4864]: Received disconnect from 45.61.186.249 port 39746:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:18:04 honeypot-ams-1 sshd[8504]: Disconnected from authenticating user root 61.177.173.36 port 17511 [preauth]","@timestamp":"2022-09-11T01:18:04.546Z"}
{"@timestamp":"2022-09-11T01:18:05.297Z","@version":"1","message":"Sep 11 01:18:05 honeypot-sgp-1 sshd[4868]: Received disconnect from 45.61.186.249 port 34890:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:26:44 honeypot-ams-1 sshd[8513]: Disconnected from authenticating user root 61.177.172.98 port 20104 [preauth]","@timestamp":"2022-09-11T01:26:44.774Z"}
{"@timestamp":"2022-09-11T01:29:21.556Z","@version":"1","message":"Sep 11 01:29:20 honeypot-sgp-1 sshd[4877]: Received disconnect from 137.184.105.25 port 49538:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:31:42 honeypot-fra-1 sshd[30994]: Disconnected from invalid user mobile 187.190.252.164 port 24981 [preauth]","@timestamp":"2022-09-11T01:31:43.174Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:35:54 honeypot-ams-1 kernel: [83736740.361384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.119.140.140 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=29979 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:35:55.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:40:15 honeypot-fra-1 sshd[31001]: Connection closed by 149.12.221.169 port 48340 [preauth]","@timestamp":"2022-09-11T01:40:15.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:41:35.837Z","@version":"1","message":"Sep 11 01:41:35 honeypot-sgp-1 kernel: [83736609.417444] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=164.155.124.95 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21808 PROTO=TCP SPT=58628 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:44:34 honeypot-ams-1 sshd[8529]: Received disconnect from 61.177.173.37 port 52255:11:  [preauth]","@timestamp":"2022-09-11T01:44:35.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:45:11 honeypot-fra-1 sshd[31008]: Connection closed by 20.24.99.203 port 43808 [preauth]","@timestamp":"2022-09-11T01:45:11.480Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:48:57 honeypot-ams-1 sshd[8535]: Received disconnect from 61.177.173.35 port 51272:11:  [preauth]","@timestamp":"2022-09-11T01:48:58.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:53:26 honeypot-ams-1 sshd[8540]: Received disconnect from 61.177.173.46 port 48707:11:  [preauth]","@timestamp":"2022-09-11T01:53:26.492Z"}
{"@timestamp":"2022-09-11T01:53:39.123Z","@version":"1","message":"Sep 11 01:53:38 honeypot-sgp-1 sshd[4884]: Received disconnect from 200.72.227.91 port 37014:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:54:45 honeypot-fra-1 kernel: [83735716.847482] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=120.85.183.103 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=43802 DF PROTO=TCP SPT=2286 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:54:45.698Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T01:56:43.197Z","@version":"1","message":"Sep 11 01:56:43 honeypot-sgp-1 sshd[4888]: Disconnected from authenticating user root 92.255.85.69 port 52332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:57:51 honeypot-fra-1 sshd[31016]: Invalid user user from 101.231.146.34 port 57850","@timestamp":"2022-09-11T01:57:52.772Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:58:49 honeypot-ams-1 sshd[8545]: Disconnected from invalid user support 43.156.237.102 port 57406 [preauth]","@timestamp":"2022-09-11T01:58:50.635Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:59:56 honeypot-ams-1 kernel: [83738182.290627] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.40.45.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=36387 PROTO=TCP SPT=5955 DPT=80 WINDOW=28468 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:59:56.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:04:30 honeypot-ams-1 sshd[8560]: Received disconnect from 139.59.80.61 port 46864:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:04:30.796Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:05:00 honeypot-fra-1 kernel: [83736332.405195] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=187.32.63.252 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=15023 DF PROTO=TCP SPT=40217 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:05:00.934Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:09:25 honeypot-ams-1 sshd[8565]: Disconnected from authenticating user root 61.177.173.36 port 48995 [preauth]","@timestamp":"2022-09-11T02:09:25.928Z"}
{"@timestamp":"2022-09-11T02:10:47.573Z","@version":"1","message":"Sep 11 02:10:47 honeypot-sgp-1 sshd[4894]: Received disconnect from 68.183.25.156 port 41360:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:11:56 honeypot-fra-1 sshd[31025]: Received disconnect from 68.183.141.36 port 52296:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:11:57.095Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:17:44.739Z","@version":"1","message":"Sep 11 02:17:44 honeypot-sgp-1 sshd[4900]: Did not receive identification string from 45.61.186.249 port 48678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:05.750Z","@version":"1","message":"Sep 11 02:18:05 honeypot-sgp-1 sshd[4903]: Disconnected from invalid user user 45.61.186.249 port 45334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:23.759Z","@version":"1","message":"Sep 11 02:18:23 honeypot-sgp-1 sshd[4907]: Disconnected from invalid user user 45.61.186.249 port 39994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:18:23 honeypot-fra-1 sshd[31031]: Connection closed by invalid user test 193.106.191.157 port 52182 [preauth]","@timestamp":"2022-09-11T02:18:24.243Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:18:40.768Z","@version":"1","message":"Sep 11 02:18:40 honeypot-sgp-1 sshd[4912]: Disconnected from invalid user user 45.61.186.249 port 34640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:18:55 honeypot-ams-1 sshd[8575]: Received disconnect from 190.210.182.179 port 39985:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:18:55.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:23:37 honeypot-ams-1 sshd[8584]: Received disconnect from 61.177.172.124 port 35445:11:  [preauth]","@timestamp":"2022-09-11T02:23:38.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:25:22 honeypot-ams-1 sshd[8588]: Disconnected from authenticating user root 92.255.85.69 port 32264 [preauth]","@timestamp":"2022-09-11T02:25:22.390Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:27:38 honeypot-fra-1 kernel: [83737689.769086] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.209.163 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=5506 PROTO=TCP SPT=42471 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:27:38.453Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:29:45 honeypot-ams-1 sshd[8595]: Received disconnect from 61.177.173.36 port 37859:11:  [preauth]","@timestamp":"2022-09-11T02:29:45.509Z"}
{"@timestamp":"2022-09-11T02:31:37.075Z","@version":"1","message":"Sep 11 02:31:36 honeypot-sgp-1 sshd[4921]: ssh_dispatch_run_fatal: Connection from 66.181.215.133 port 44667: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:34:28 honeypot-ams-1 sshd[8599]: Disconnected from authenticating user root 61.177.172.108 port 61142 [preauth]","@timestamp":"2022-09-11T02:34:28.637Z"}
{"@timestamp":"2022-09-11T02:40:10.281Z","@version":"1","message":"Sep 11 02:40:09 honeypot-sgp-1 sshd[4926]: Received disconnect from 45.61.186.49 port 53504:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:40:23.287Z","@version":"1","message":"Sep 11 02:40:22 honeypot-sgp-1 sshd[4930]: Received disconnect from 45.61.186.49 port 36770:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:42:50.345Z","@version":"1","message":"Sep 11 02:42:49 honeypot-sgp-1 sshd[4935]: Received disconnect from 92.255.85.70 port 55900:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:44:02 honeypot-fra-1 sshd[31047]: Invalid user pi from 79.248.107.21 port 59510","@timestamp":"2022-09-11T02:44:03.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:44:10 honeypot-fra-1 sshd[31051]: Disconnected from invalid user katerina 165.22.45.108 port 46618 [preauth]","@timestamp":"2022-09-11T02:44:10.834Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:45:43 honeypot-ams-1 sshd[8609]: Disconnected from authenticating user root 61.177.173.50 port 26586 [preauth]","@timestamp":"2022-09-11T02:45:43.948Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:50:25 honeypot-fra-1 sshd[31056]: Disconnected from invalid user ubuntu 94.75.123.43 port 37950 [preauth]","@timestamp":"2022-09-11T02:50:25.973Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:52:56 honeypot-ams-1 sshd[8614]: Invalid user User from 122.160.4.245 port 42342","@timestamp":"2022-09-11T02:52:57.147Z"}
{"@timestamp":"2022-09-11T02:53:41.625Z","@version":"1","message":"Sep 11 02:53:40 honeypot-sgp-1 sshd[4941]: Connection closed by invalid user User 119.163.199.123 port 56601 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:53:42 honeypot-fra-1 sshd[31061]: Disconnected from invalid user ubuntu 128.199.95.60 port 34212 [preauth]","@timestamp":"2022-09-11T02:53:43.049Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:54:01 honeypot-ams-1 sshd[8618]: Received disconnect from 134.19.146.45 port 51854:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:54:02.179Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:56:32 honeypot-ams-1 kernel: [83741577.863973] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=42544 PROTO=TCP SPT=54612 DPT=80 WINDOW=40212 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:56:32.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:21 honeypot-ams-1 sshd[8628]: Received disconnect from 141.255.162.226 port 39980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T02:59:22.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:24 honeypot-ams-1 sshd[8632]: Received disconnect from 141.255.162.226 port 32950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T02:59:24.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:28 honeypot-ams-1 sshd[8636]: Received disconnect from 141.255.162.226 port 47106:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T02:59:29.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:01:13 honeypot-ams-1 sshd[8640]: Received disconnect from 61.177.173.47 port 22376:11:  [preauth]","@timestamp":"2022-09-11T03:01:14.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:04:18 honeypot-ams-1 sshd[8645]: Disconnected from authenticating user root 61.177.173.49 port 49720 [preauth]","@timestamp":"2022-09-11T03:04:19.468Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:28 honeypot-ams-1 sshd[8650]: Received disconnect from 45.61.187.160 port 52878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:05:28.502Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:47 honeypot-ams-1 sshd[8654]: Received disconnect from 45.61.187.160 port 47604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:05:47.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:06:06 honeypot-ams-1 sshd[8658]: Received disconnect from 45.61.187.160 port 42340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:06:06.540Z"}
{"@timestamp":"2022-09-11T03:07:36.952Z","@version":"1","message":"Sep 11 03:07:36 honeypot-sgp-1 kernel: [83741770.040951] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=376 PROTO=TCP SPT=45204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:08:29 honeypot-fra-1 sshd[31065]: Disconnected from authenticating user root 92.255.85.70 port 41658 [preauth]","@timestamp":"2022-09-11T03:08:29.377Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:10:57 honeypot-ams-1 sshd[8663]: Received disconnect from 61.177.172.114 port 17039:11:  [preauth]","@timestamp":"2022-09-11T03:10:57.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:11:37 honeypot-ams-1 sshd[8669]: Received disconnect from 61.177.173.51 port 40495:11:  [preauth]","@timestamp":"2022-09-11T03:11:37.686Z"}
{"@timestamp":"2022-09-11T03:13:55.101Z","@version":"1","message":"Sep 11 03:13:54 honeypot-sgp-1 sshd[4953]: Received disconnect from 203.190.55.203 port 38246:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:17:29 honeypot-fra-1 sshd[31071]: Received disconnect from 165.22.45.108 port 51430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T03:17:30.572Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:20:14.252Z","@version":"1","message":"Sep 11 03:20:13 honeypot-sgp-1 sshd[4961]: Invalid user user from 198.98.61.9 port 44492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:20:36.263Z","@version":"1","message":"Sep 11 03:20:35 honeypot-sgp-1 sshd[4965]: Invalid user user from 198.98.61.9 port 38658","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:20:57.272Z","@version":"1","message":"Sep 11 03:20:56 honeypot-sgp-1 sshd[4969]: Invalid user user from 198.98.61.9 port 32812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:21:13.280Z","@version":"1","message":"Sep 11 03:21:12 honeypot-sgp-1 sshd[4973]: Invalid user user from 198.98.61.9 port 55216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:22:03 honeypot-ams-1 sshd[8679]: Disconnected from authenticating user root 61.177.173.48 port 33896 [preauth]","@timestamp":"2022-09-11T03:22:03.956Z"}
{"@timestamp":"2022-09-11T03:25:28.382Z","@version":"1","message":"Sep 11 03:25:27 honeypot-sgp-1 sshd[4977]: Disconnected from invalid user user 45.61.186.49 port 44496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:25:39.387Z","@version":"1","message":"Sep 11 03:25:38 honeypot-sgp-1 sshd[4981]: Disconnected from invalid user user 45.61.186.49 port 56196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:30:19 honeypot-ams-1 kernel: [83743604.967668] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=147.124.217.203 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=16669 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:30:20.176Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:31:03 honeypot-fra-1 sshd[31079]: Received disconnect from 182.253.184.20 port 50914:11: Bye Bye [preauth]","@timestamp":"2022-09-11T03:31:04.871Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:31:17.521Z","@version":"1","message":"Sep 11 03:31:17 honeypot-sgp-1 kernel: [83743190.625715] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=44916 PROTO=TCP SPT=46906 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:34:00 honeypot-ams-1 sshd[8690]: Received disconnect from 92.255.85.70 port 56894:11: Bye Bye [preauth]","@timestamp":"2022-09-11T03:34:01.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:35:39 honeypot-fra-1 kernel: [83741770.612923] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45367 PROTO=TCP SPT=48545 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:35:39.975Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:38:51 honeypot-ams-1 sshd[8693]: Invalid user admin from 221.158.195.111 port 51412","@timestamp":"2022-09-11T03:38:52.409Z"}
{"@timestamp":"2022-09-11T03:44:42.842Z","@version":"1","message":"Sep 11 03:44:42 honeypot-sgp-1 kernel: [83743995.650773] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=65136 PROTO=TCP SPT=53727 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:48:36.940Z","@version":"1","message":"Sep 11 03:48:36 honeypot-sgp-1 sshd[4993]: Received disconnect from 73.13.104.201 port 64004:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:51:05 honeypot-fra-1 sshd[31117]: Invalid user Katie from 165.22.45.108 port 56230","@timestamp":"2022-09-11T03:51:06.306Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:53:12.051Z","@version":"1","message":"Sep 11 03:53:11 honeypot-sgp-1 sshd[4997]: Received disconnect from 164.92.151.127 port 54112:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:55:10 honeypot-ams-1 sshd[8706]: Received disconnect from 61.177.173.50 port 34608:11:  [preauth]","@timestamp":"2022-09-11T03:55:11.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:56:38 honeypot-fra-1 sshd[31122]: Connection closed by invalid user User 122.160.50.190 port 58555 [preauth]","@timestamp":"2022-09-11T03:56:38.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:58:59 honeypot-fra-1 sshd[31128]: Connection closed by invalid user admin 51.79.224.191 port 57242 [preauth]","@timestamp":"2022-09-11T03:59:00.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:01:34.266Z","@version":"1","message":"Sep 11 04:01:33 honeypot-sgp-1 sshd[5003]: Invalid user user from 45.61.184.204 port 35868","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:01:54.277Z","@version":"1","message":"Sep 11 04:01:53 honeypot-sgp-1 sshd[5007]: Invalid user user from 45.61.184.204 port 60018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:02:12.285Z","@version":"1","message":"Sep 11 04:02:11 honeypot-sgp-1 sshd[5011]: Invalid user user from 45.61.184.204 port 55928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:03:41 honeypot-ams-1 sshd[8712]: Connection closed by 50.31.21.11 port 59934 [preauth]","@timestamp":"2022-09-11T04:03:42.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:03:58 honeypot-fra-1 sshd[31134]: Invalid user oracle from 121.5.54.92 port 43256","@timestamp":"2022-09-11T04:03:58.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:05:59 honeypot-ams-1 sshd[8718]: Disconnected from authenticating user root 51.83.71.70 port 59062 [preauth]","@timestamp":"2022-09-11T04:06:00.146Z"}
{"@timestamp":"2022-09-11T04:06:26.384Z","@version":"1","message":"Sep 11 04:06:26 honeypot-sgp-1 kernel: [83745299.850025] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42594 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:06:52 honeypot-fra-1 sshd[31140]: Received disconnect from 192.3.134.187 port 50094:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:06:52.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:07:58 honeypot-ams-1 sshd[8723]: Disconnected from invalid user admin 200.42.176.235 port 37664 [preauth]","@timestamp":"2022-09-11T04:07:58.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:11:22 honeypot-ams-1 sshd[8730]: Received disconnect from 61.93.240.18 port 40967:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:11:23.296Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:16:18 honeypot-fra-1 kernel: [83744209.401243] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=39246 PROTO=TCP SPT=43105 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:16:18.879Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T04:17:01.668Z","@version":"1","message":"Sep 11 04:17:01 honeypot-sgp-1 CRON[5020]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:17:25 honeypot-ams-1 kernel: [83746431.521208] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.139 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=12043 PROTO=TCP SPT=18940 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:17:26.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:19:49 honeypot-fra-1 sshd[31153]: Connection closed by invalid user yujun 137.116.144.39 port 35556 [preauth]","@timestamp":"2022-09-11T04:19:49.959Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:21:57.785Z","@version":"1","message":"Sep 11 04:21:57 honeypot-sgp-1 sshd[5028]: Invalid user admin from 128.199.160.207 port 20450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:23:12 honeypot-fra-1 kernel: [83744624.073288] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.38.93.168 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=56556 PROTO=TCP SPT=50776 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:23:13.036Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:24:11 honeypot-ams-1 kernel: [83746837.186108] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=55199 DF PROTO=TCP SPT=56890 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T04:24:11.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:25:08 honeypot-fra-1 sshd[31162]: Disconnected from invalid user administrator 62.84.125.211 port 43048 [preauth]","@timestamp":"2022-09-11T04:25:09.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:28:11 honeypot-fra-1 kernel: [83744922.838188] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=39059 PROTO=TCP SPT=51700 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:28:12.150Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:32:14 honeypot-fra-1 sshd[31172]: Connection closed by invalid user test 193.106.191.157 port 47496 [preauth]","@timestamp":"2022-09-11T04:32:14.243Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:33:52 honeypot-ams-1 sshd[8743]: Received disconnect from 128.199.157.190 port 52532:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:33:52.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:34:40 honeypot-ams-1 sshd[8747]: Received disconnect from 206.217.131.233 port 43268:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:34:40.940Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:38 honeypot-ams-1 sshd[8752]: Invalid user user from 45.61.184.204 port 50340","@timestamp":"2022-09-11T04:35:38.974Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:58 honeypot-ams-1 sshd[8756]: Invalid user user from 45.61.184.204 port 45302","@timestamp":"2022-09-11T04:35:58.984Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:16 honeypot-ams-1 sshd[8760]: Invalid user user from 45.61.184.204 port 40278","@timestamp":"2022-09-11T04:36:16.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:24 honeypot-ams-1 sshd[8764]: Received disconnect from 45.61.184.204 port 51890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:36:24.998Z"}
{"@timestamp":"2022-09-11T04:38:19.182Z","@version":"1","message":"Sep 11 04:38:19 honeypot-sgp-1 kernel: [83747212.453711] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.180.224.103 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41388 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:39:40 honeypot-ams-1 sshd[8769]: Received disconnect from 142.44.240.83 port 47662:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:39:41.085Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:40:08 honeypot-fra-1 sshd[31177]: error: maximum authentication attempts exceeded for invalid user admin from 114.33.94.230 port 38552 ssh2 [preauth]","@timestamp":"2022-09-11T04:40:08.418Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:43:04 honeypot-fra-1 sshd[31181]: Disconnected from invalid user tawny 139.59.2.151 port 45812 [preauth]","@timestamp":"2022-09-11T04:43:04.485Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:44:04.321Z","@version":"1","message":"Sep 11 04:44:03 honeypot-sgp-1 kernel: [83747556.826491] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14578 PROTO=TCP SPT=30785 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:44:14 honeypot-ams-1 kernel: [83748040.226359] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16591 PROTO=TCP SPT=51390 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:44:15.209Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:47:02 honeypot-fra-1 sshd[31189]: Invalid user admin from 119.159.226.213 port 46524","@timestamp":"2022-09-11T04:47:03.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:50:49 honeypot-fra-1 kernel: [83746280.947394] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=38572 PROTO=TCP SPT=16847 DPT=443 WINDOW=26360 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:50:50.680Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:54:07 honeypot-ams-1 kernel: [83748633.293192] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=65014 PROTO=TCP SPT=51269 DPT=80 WINDOW=29132 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:54:08.467Z"}
{"@timestamp":"2022-09-11T04:56:51.627Z","@version":"1","message":"Sep 11 04:56:51 honeypot-sgp-1 kernel: [83748324.955701] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.59.115.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=43502 PROTO=TCP SPT=41270 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:59:51 honeypot-fra-1 sshd[31197]: Invalid user test123 from 103.188.176.251 port 43190","@timestamp":"2022-09-11T04:59:51.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:00 honeypot-fra-1 sshd[31204]: Invalid user user from 45.61.187.160 port 52188","@timestamp":"2022-09-11T05:01:00.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:18 honeypot-fra-1 sshd[31208]: Invalid user user from 45.61.187.160 port 47380","@timestamp":"2022-09-11T05:01:18.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:37 honeypot-fra-1 sshd[31212]: Invalid user user from 45.61.187.160 port 42580","@timestamp":"2022-09-11T05:01:37.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:04:52 honeypot-fra-1 sshd[31217]: Invalid user satu from 20.87.8.78 port 60924","@timestamp":"2022-09-11T05:04:52.997Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:05:09.827Z","@version":"1","message":"Sep 11 05:05:09 honeypot-sgp-1 sshd[5072]: Received disconnect from 112.217.207.26 port 38948:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:06:48 honeypot-fra-1 sshd[31222]: Received disconnect from 92.255.85.69 port 30330:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:06:49.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:08:01 honeypot-fra-1 sshd[31226]: Received disconnect from 164.92.87.79 port 51138:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:08:02.072Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:09:27 honeypot-ams-1 sshd[8780]: Disconnected from authenticating user root 92.255.85.69 port 21786 [preauth]","@timestamp":"2022-09-11T05:09:27.873Z"}
{"@timestamp":"2022-09-11T05:11:53.992Z","@version":"1","message":"Sep 11 05:11:53 honeypot-sgp-1 sshd[5075]: Connection closed by invalid user User 125.64.209.11 port 35474 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:16:39 honeypot-ams-1 sshd[9221]: Connection closed by invalid user test 193.106.191.157 port 33254 [preauth]","@timestamp":"2022-09-11T05:16:40.066Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:19:50 honeypot-fra-1 sshd[31234]: Disconnected from authenticating user root 107.175.33.240 port 43816 [preauth]","@timestamp":"2022-09-11T05:19:51.328Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:23:03.257Z","@version":"1","message":"Sep 11 05:23:02 honeypot-sgp-1 sshd[5082]: Disconnected from authenticating user root 64.225.43.245 port 45808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:23:51.278Z","@version":"1","message":"Sep 11 05:23:50 honeypot-sgp-1 sshd[5087]: Disconnected from invalid user user 198.98.61.9 port 47512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:14.289Z","@version":"1","message":"Sep 11 05:24:13 honeypot-sgp-1 sshd[5094]: Invalid user user from 198.98.61.9 port 43238","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:32.297Z","@version":"1","message":"Sep 11 05:24:31 honeypot-sgp-1 sshd[5098]: Invalid user user from 198.98.61.9 port 38962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:40.302Z","@version":"1","message":"Sep 11 05:24:39 honeypot-sgp-1 sshd[5102]: Received disconnect from 198.98.61.9 port 50930:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:25:17.318Z","@version":"1","message":"Sep 11 05:25:17 honeypot-sgp-1 sshd[5106]: Disconnected from 134.122.30.242 port 35646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:26:58.360Z","@version":"1","message":"Sep 11 05:26:58 honeypot-sgp-1 sshd[5112]: Disconnected from authenticating user root 64.225.43.245 port 57056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:28:09 honeypot-ams-1 sshd[9227]: Received disconnect from 185.149.120.61 port 38842:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:28:10.370Z"}
{"@timestamp":"2022-09-11T05:28:31.399Z","@version":"1","message":"Sep 11 05:28:31 honeypot-sgp-1 sshd[5118]: Received disconnect from 64.225.43.245 port 55890:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:30:44 honeypot-ams-1 sshd[9230]: Disconnected from invalid user mjuma 68.183.233.64 port 53776 [preauth]","@timestamp":"2022-09-11T05:30:45.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:30:53 honeypot-fra-1 sshd[31242]: Invalid user katrin from 165.22.45.108 port 42332","@timestamp":"2022-09-11T05:30:53.569Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:30:54.457Z","@version":"1","message":"Sep 11 05:30:54 honeypot-sgp-1 sshd[5125]: Received disconnect from 64.225.43.245 port 40034:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:32:30.497Z","@version":"1","message":"Sep 11 05:32:29 honeypot-sgp-1 sshd[5129]: Disconnected from authenticating user root 64.225.43.245 port 38870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:33:02 honeypot-ams-1 sshd[9234]: Disconnected from invalid user ftpuser 92.255.85.70 port 43228 [preauth]","@timestamp":"2022-09-11T05:33:02.501Z"}
{"@timestamp":"2022-09-11T05:33:56.536Z","@version":"1","message":"Sep 11 05:33:56 honeypot-sgp-1 sshd[5133]: Did not receive identification string from 179.43.156.143 port 47962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:34:43.580Z","@version":"1","message":"Sep 11 05:34:43 honeypot-sgp-1 sshd[5139]: Disconnected from authenticating user root 179.43.156.143 port 37262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:35:43.607Z","@version":"1","message":"Sep 11 05:35:42 honeypot-sgp-1 sshd[5145]: Disconnected from authenticating user root 64.225.43.245 port 36548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:36:43.634Z","@version":"1","message":"Sep 11 05:36:42 honeypot-sgp-1 sshd[5151]: Disconnected from authenticating user root 179.43.156.143 port 57766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:37:59.665Z","@version":"1","message":"Sep 11 05:37:59 honeypot-sgp-1 sshd[5157]: Received disconnect from 179.43.156.143 port 52604:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:38:38.684Z","@version":"1","message":"Sep 11 05:38:37 honeypot-sgp-1 sshd[5161]: Disconnected from invalid user ossuser 179.43.156.143 port 50042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:38:59 honeypot-fra-1 kernel: [83749170.899147] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=1048 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:39:00.740Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:39:42.712Z","@version":"1","message":"Sep 11 05:39:42 honeypot-sgp-1 kernel: [83750895.467663] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.126.12.14 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=34156 PROTO=TCP SPT=54758 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:40:33.734Z","@version":"1","message":"Sep 11 05:40:33 honeypot-sgp-1 sshd[5172]: Disconnected from authenticating user root 64.225.43.245 port 33106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:42 honeypot-fra-1 sshd[31252]: Received disconnect from 141.255.162.226 port 49946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:40:42.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:44 honeypot-fra-1 sshd[31256]: Received disconnect from 141.255.162.226 port 57140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:40:45.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:47 honeypot-fra-1 sshd[31260]: Received disconnect from 141.255.162.226 port 43294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T05:40:47.783Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:41:14 honeypot-ams-1 kernel: [83751459.753864] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.163.104.128 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=52480 DF PROTO=TCP SPT=50637 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T05:41:14.711Z"}
{"@timestamp":"2022-09-11T05:41:20.756Z","@version":"1","message":"Sep 11 05:41:20 honeypot-sgp-1 sshd[5178]: Disconnected from authenticating user root 64.225.43.245 port 46640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:42:38.790Z","@version":"1","message":"Sep 11 05:42:37 honeypot-sgp-1 sshd[5184]: Disconnected from authenticating user root 179.43.156.143 port 34588 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:43:39 honeypot-fra-1 kernel: [83749450.505050] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44512 PROTO=TCP SPT=54926 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:43:39.850Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:43:45.820Z","@version":"1","message":"Sep 11 05:43:45 honeypot-sgp-1 sshd[5190]: Disconnected from authenticating user root 64.225.43.245 port 59014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:46:10.883Z","@version":"1","message":"Sep 11 05:46:10 honeypot-sgp-1 sshd[5197]: Received disconnect from 64.225.43.245 port 43158:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:48:10.933Z","@version":"1","message":"Sep 11 05:48:10 honeypot-sgp-1 sshd[5203]: Received disconnect from 8.213.17.47 port 59992:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:49:19 honeypot-fra-1 kernel: [83749790.819545] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=41652 PROTO=TCP SPT=42633 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:49:19.976Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:49:28.967Z","@version":"1","message":"Sep 11 05:49:28 honeypot-sgp-1 kernel: [83751481.406524] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.11.214 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54144 PROTO=TCP SPT=55363 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:50:41.999Z","@version":"1","message":"Sep 11 05:50:41 honeypot-sgp-1 sshd[5214]: Invalid user ftpuser from 92.255.85.70 port 47332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:51:13 honeypot-fra-1 sshd[31270]: Disconnected from invalid user mysql 211.75.183.12 port 57068 [preauth]","@timestamp":"2022-09-11T05:51:14.020Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:51:52.028Z","@version":"1","message":"Sep 11 05:51:51 honeypot-sgp-1 sshd[5218]: Disconnected from authenticating user root 64.225.43.245 port 53216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:52:58 honeypot-fra-1 sshd[31274]: Disconnected from invalid user ftpuser 92.255.85.69 port 50982 [preauth]","@timestamp":"2022-09-11T05:52:59.062Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:54:16.087Z","@version":"1","message":"Sep 11 05:54:15 honeypot-sgp-1 sshd[5224]: Disconnected from authenticating user root 64.225.43.245 port 37362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:55:05.109Z","@version":"1","message":"Sep 11 05:55:04 honeypot-sgp-1 sshd[5226]: Disconnected from authenticating user root 64.225.43.245 port 50898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:55:42 honeypot-ams-1 sshd[9243]: Received disconnect from 147.182.251.31 port 56244:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:55:43.084Z"}
{"@timestamp":"2022-09-11T05:57:31.169Z","@version":"1","message":"Sep 11 05:57:30 honeypot-sgp-1 sshd[5233]: Disconnected from authenticating user root 64.225.43.245 port 35040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:59:08.209Z","@version":"1","message":"Sep 11 05:59:07 honeypot-sgp-1 sshd[5239]: Received disconnect from 64.225.43.245 port 33882:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:00:46.251Z","@version":"1","message":"Sep 11 06:00:46 honeypot-sgp-1 sshd[5243]: Disconnected from authenticating user root 64.225.43.245 port 60952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:01:12 honeypot-ams-1 kernel: [83752658.291639] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=50948 PROTO=TCP SPT=40921 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:01:13.226Z"}
{"@timestamp":"2022-09-11T06:03:12.312Z","@version":"1","message":"Sep 11 06:03:12 honeypot-sgp-1 sshd[5250]: Disconnected from authenticating user root 64.225.43.245 port 45170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:19 honeypot-fra-1 sshd[31279]: Disconnected from invalid user user 45.61.187.160 port 59934 [preauth]","@timestamp":"2022-09-11T06:03:20.289Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:03:23 honeypot-ams-1 sshd[9253]: Received disconnect from 159.65.31.128 port 43092:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:03:24.285Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:37 honeypot-fra-1 sshd[31283]: Disconnected from invalid user user 45.61.187.160 port 54440 [preauth]","@timestamp":"2022-09-11T06:03:38.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:54 honeypot-fra-1 sshd[31287]: Disconnected from invalid user user 45.61.187.160 port 48968 [preauth]","@timestamp":"2022-09-11T06:03:55.307Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:04:04 honeypot-fra-1 sshd[31291]: Disconnected from invalid user katrin 165.22.45.108 port 48474 [preauth]","@timestamp":"2022-09-11T06:04:05.311Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:05:34.373Z","@version":"1","message":"Sep 11 06:05:34 honeypot-sgp-1 kernel: [83752447.529581] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=42572 PROTO=TCP SPT=43105 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:05:45 honeypot-fra-1 sshd[31296]: Received disconnect from 198.98.61.9 port 38242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:05:46.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:08 honeypot-fra-1 sshd[31300]: Received disconnect from 198.98.61.9 port 33140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:06:09.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:26 honeypot-fra-1 sshd[31304]: Received disconnect from 198.98.61.9 port 56288:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:06:27.369Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:06:27.398Z","@version":"1","message":"Sep 11 06:06:26 honeypot-sgp-1 sshd[5261]: Received disconnect from 64.225.43.245 port 42846:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:46 honeypot-fra-1 sshd[31308]: Received disconnect from 198.98.61.9 port 51200:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:06:47.378Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:08:05.440Z","@version":"1","message":"Sep 11 06:08:04 honeypot-sgp-1 sshd[5266]: Disconnected from authenticating user root 64.225.43.245 port 41688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:09:44.482Z","@version":"1","message":"Sep 11 06:09:44 honeypot-sgp-1 sshd[5272]: Disconnected from authenticating user root 64.225.43.245 port 40524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:11:09.520Z","@version":"1","message":"Sep 11 06:11:09 honeypot-sgp-1 sshd[5276]: Disconnected from invalid user dst 67.205.167.168 port 42626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:12:07 honeypot-ams-1 kernel: [83753313.602104] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.57.122.153 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35493 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:12:08.509Z"}
{"@timestamp":"2022-09-11T06:12:12.549Z","@version":"1","message":"Sep 11 06:12:11 honeypot-sgp-1 sshd[5282]: Received disconnect from 64.225.43.245 port 52900:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:12:53 honeypot-fra-1 kernel: [83751204.608025] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=39488 DF PROTO=TCP SPT=62369 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:12:54.512Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T06:13:47.589Z","@version":"1","message":"Sep 11 06:13:47 honeypot-sgp-1 sshd[5287]: Disconnected from invalid user ftpuser 92.255.85.69 port 38834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:15:27.633Z","@version":"1","message":"Sep 11 06:15:26 honeypot-sgp-1 sshd[5293]: Disconnected from authenticating user root 64.225.43.245 port 50580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:16:26 honeypot-fra-1 sshd[31409]: Received disconnect from 92.255.85.70 port 49186:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:16:27.596Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:17:04.675Z","@version":"1","message":"Sep 11 06:17:03 honeypot-sgp-1 sshd[5300]: Disconnected from authenticating user root 64.225.43.245 port 49418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:18:33.715Z","@version":"1","message":"Sep 11 06:18:33 honeypot-sgp-1 sshd[5306]: Received disconnect from 45.61.187.160 port 37386:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:18:51.724Z","@version":"1","message":"Sep 11 06:18:51 honeypot-sgp-1 sshd[5310]: Received disconnect from 45.61.187.160 port 60730:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:19:08.732Z","@version":"1","message":"Sep 11 06:19:08 honeypot-sgp-1 sshd[5314]: Received disconnect from 45.61.187.160 port 55832:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:19:32 honeypot-ams-1 sshd[9260]: Invalid user ftpuser from 92.255.85.69 port 53382","@timestamp":"2022-09-11T06:19:32.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:22:27 honeypot-ams-1 sshd[9265]: Invalid user test from 193.106.191.157 port 45166","@timestamp":"2022-09-11T06:22:28.778Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:23:15 honeypot-fra-1 sshd[31415]: Disconnected from authenticating user root 164.92.151.187 port 33598 [preauth]","@timestamp":"2022-09-11T06:23:16.747Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:23:59.850Z","@version":"1","message":"Sep 11 06:23:59 honeypot-sgp-1 kernel: [83753552.741259] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.87 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56869 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:26:53 honeypot-fra-1 kernel: [83752044.589085] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.56 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56950 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:26:53.882Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:30:56 honeypot-ams-1 sshd[9435]: Did not receive identification string from 141.255.162.226 port 58410","@timestamp":"2022-09-11T06:30:57.000Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:22 honeypot-ams-1 sshd[9438]: Disconnected from invalid user user 141.255.162.226 port 53088 [preauth]","@timestamp":"2022-09-11T06:31:23.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:23 honeypot-ams-1 sshd[9442]: Disconnected from invalid user user 141.255.162.226 port 45818 [preauth]","@timestamp":"2022-09-11T06:31:24.014Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:28 honeypot-ams-1 sshd[9446]: Disconnected from invalid user user 141.255.162.226 port 46666 [preauth]","@timestamp":"2022-09-11T06:31:29.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:31:45 honeypot-fra-1 sshd[31563]: Disconnected from invalid user user 198.98.61.9 port 39474 [preauth]","@timestamp":"2022-09-11T06:31:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:06 honeypot-fra-1 sshd[31567]: Disconnected from invalid user user 198.98.61.9 port 34658 [preauth]","@timestamp":"2022-09-11T06:32:07.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:26 honeypot-fra-1 sshd[31571]: Disconnected from invalid user user 198.98.61.9 port 58060 [preauth]","@timestamp":"2022-09-11T06:32:27.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:41 honeypot-fra-1 sshd[31575]: Disconnected from invalid user user 198.98.61.9 port 53232 [preauth]","@timestamp":"2022-09-11T06:32:42.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:37:13.178Z","@version":"1","message":"Sep 11 06:37:12 honeypot-sgp-1 sshd[5469]: Received disconnect from 92.255.85.69 port 30344:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:40:42 honeypot-fra-1 sshd[31581]: Invalid user test1 from 92.255.85.70 port 15618","@timestamp":"2022-09-11T06:40:43.194Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:41:05 honeypot-ams-1 kernel: [83755051.318285] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=37330 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:41:06.263Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:44:07 honeypot-fra-1 sshd[31586]: Invalid user test from 193.106.191.157 port 42540","@timestamp":"2022-09-11T06:44:08.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:46:25 honeypot-ams-1 kernel: [83755370.793584] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22321 PROTO=TCP SPT=57303 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:46:25.401Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:49:27 honeypot-fra-1 sshd[31609]: Received disconnect from 103.47.184.2 port 45686:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:49:28.387Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:49:41.494Z","@version":"1","message":"Sep 11 06:49:40 honeypot-sgp-1 kernel: [83755094.205152] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=50955 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:50:49.524Z","@version":"1","message":"Sep 11 06:50:49 honeypot-sgp-1 sshd[5595]: Received disconnect from 45.61.187.160 port 45720:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:07.533Z","@version":"1","message":"Sep 11 06:51:06 honeypot-sgp-1 sshd[5599]: Received disconnect from 45.61.187.160 port 40054:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:23.542Z","@version":"1","message":"Sep 11 06:51:23 honeypot-sgp-1 sshd[5603]: Received disconnect from 45.61.187.160 port 34396:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:52:25 honeypot-ams-1 kernel: [83755730.683592] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34099 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:52:25.557Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:56:05 honeypot-ams-1 kernel: [83755951.196601] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.146.63.210 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=1089 DF PROTO=TCP SPT=25776 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:56:05.666Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:57:58 honeypot-fra-1 sshd[31612]: Received disconnect from 162.243.73.244 port 32887:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:57:59.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:59:13 honeypot-fra-1 sshd[31616]: Disconnected from invalid user chmod 45.119.85.97 port 44464 [preauth]","@timestamp":"2022-09-11T06:59:13.601Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:01:30.799Z","@version":"1","message":"Sep 11 07:01:30 honeypot-sgp-1 sshd[5608]: Received disconnect from 92.255.85.70 port 29712:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:03:53 honeypot-fra-1 kernel: [83754264.807223] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.4.69 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=8976 DF PROTO=TCP SPT=45066 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:03:54.701Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T07:10:05.001Z","@version":"1","message":"Sep 11 07:10:04 honeypot-sgp-1 sshd[5612]: Disconnected from invalid user user 45.61.187.160 port 53620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:23.011Z","@version":"1","message":"Sep 11 07:10:22 honeypot-sgp-1 sshd[5616]: Disconnected from invalid user user 45.61.187.160 port 49254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:40.019Z","@version":"1","message":"Sep 11 07:10:39 honeypot-sgp-1 sshd[5620]: Disconnected from invalid user user 45.61.187.160 port 44898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:56.026Z","@version":"1","message":"Sep 11 07:10:55 honeypot-sgp-1 sshd[5624]: Disconnected from invalid user user 45.61.187.160 port 40542 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:11:03 honeypot-fra-1 sshd[31625]: Disconnected from invalid user katrin 165.22.45.108 port 58048 [preauth]","@timestamp":"2022-09-11T07:11:03.859Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 07:11:16 honeypot-ams-1 kernel: [83756862.474814] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=59730 DF PROTO=TCP SPT=41414 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:11:17.057Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:46 honeypot-fra-1 sshd[31630]: Received disconnect from 45.61.186.169 port 51612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:12:46.900Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:02 honeypot-fra-1 sshd[31634]: Received disconnect from 45.61.186.169 port 46642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:13:03.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:19 honeypot-fra-1 sshd[31638]: Received disconnect from 45.61.186.169 port 41656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:13:19.915Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:15:10.127Z","@version":"1","message":"Sep 11 07:15:09 honeypot-sgp-1 sshd[5631]: Disconnected from authenticating user root 83.1.7.226 port 43068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:16:35.163Z","@version":"1","message":"Sep 11 07:16:34 honeypot-sgp-1 sshd[5635]: Disconnected from invalid user lf 123.142.3.137 port 37720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:16:49 honeypot-fra-1 sshd[31643]: Received disconnect from 43.156.241.174 port 55986:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:16:49.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:42 honeypot-fra-1 sshd[31650]: Did not receive identification string from 43.138.12.15 port 54410","@timestamp":"2022-09-11T07:18:43.039Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:43 honeypot-fra-1 sshd[31661]: Invalid user ts3srv from 43.138.12.15 port 37076","@timestamp":"2022-09-11T07:18:44.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31661]: Connection closed by invalid user ts3srv 43.138.12.15 port 37076 [preauth]","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31657]: Invalid user vagrant from 43.138.12.15 port 37110","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:46 honeypot-fra-1 sshd[31693]: Invalid user teamspeak from 43.138.12.15 port 37144","@timestamp":"2022-09-11T07:18:47.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31693]: Connection closed by invalid user teamspeak 43.138.12.15 port 37144 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31695]: Invalid user admin from 43.138.12.15 port 37140","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31677]: Invalid user ansible from 43.138.12.15 port 37146","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31685]: Connection closed by invalid user mcserv 43.138.12.15 port 37126 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31688]: Invalid user user from 43.138.12.15 port 37132","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31695]: Connection closed by invalid user admin 43.138.12.15 port 37140 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31684]: Invalid user ubuntu from 43.138.12.15 port 37124","@timestamp":"2022-09-11T07:18:49.044Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:20:05.248Z","@version":"1","message":"Sep 11 07:20:04 honeypot-sgp-1 sshd[5645]: Invalid user hn from 203.172.41.149 port 39982","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:21:15 honeypot-fra-1 kernel: [83755306.342606] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.91.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=27613 PROTO=TCP SPT=31143 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:21:16.097Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:21:27 honeypot-ams-1 sshd[9582]: Did not receive identification string from 81.169.244.70 port 60926","@timestamp":"2022-09-11T07:21:27.321Z"}
{"@timestamp":"2022-09-11T07:25:01.366Z","@version":"1","message":"Sep 11 07:25:01 honeypot-sgp-1 sshd[5650]: Invalid user test1 from 92.255.85.70 port 52426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:27:28.428Z","@version":"1","message":"Sep 11 07:27:27 honeypot-sgp-1 sshd[5654]: Disconnected from invalid user user 45.61.184.204 port 46532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:27:49.438Z","@version":"1","message":"Sep 11 07:27:49 honeypot-sgp-1 sshd[5658]: Disconnected from invalid user user 45.61.184.204 port 42046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:09.447Z","@version":"1","message":"Sep 11 07:28:09 honeypot-sgp-1 sshd[5662]: Disconnected from invalid user user 45.61.184.204 port 37562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:27.456Z","@version":"1","message":"Sep 11 07:28:27 honeypot-sgp-1 sshd[5666]: Disconnected from invalid user user 45.61.184.204 port 33072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:30:12 honeypot-ams-1 sshd[9589]: Invalid user test1 from 92.255.85.69 port 41024","@timestamp":"2022-09-11T07:30:13.549Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:38:01 honeypot-fra-1 kernel: [83756312.104951] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.161.131.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=54321 PROTO=TCP SPT=49568 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:38:01.481Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:44:23 honeypot-fra-1 sshd[31728]: Disconnected from invalid user katrin 165.22.45.108 port 34604 [preauth]","@timestamp":"2022-09-11T07:44:23.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 07:46:54 honeypot-ams-1 kernel: [83758999.684096] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.116 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55190 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:46:54.982Z"}
{"@timestamp":"2022-09-11T07:46:54.903Z","@version":"1","message":"Sep 11 07:46:54 honeypot-sgp-1 kernel: [83758527.654549] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50190 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:06 honeypot-ams-1 sshd[9599]: Received disconnect from 45.61.186.249 port 40340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:48:07.017Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:23 honeypot-ams-1 sshd[9603]: Received disconnect from 45.61.186.249 port 35016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:48:24.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:40 honeypot-ams-1 sshd[9607]: Received disconnect from 45.61.186.249 port 57944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T07:48:41.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:49:33 honeypot-ams-1 sshd[9611]: Disconnected from 206.81.15.128 port 38534 [preauth]","@timestamp":"2022-09-11T07:49:34.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:51:59 honeypot-fra-1 sshd[31737]: Invalid user test1 from 92.255.85.69 port 24708","@timestamp":"2022-09-11T07:51:59.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:52:11.032Z","@version":"1","message":"Sep 11 07:52:10 honeypot-sgp-1 kernel: [83758843.981120] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.254.224.114 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=40336 DF PROTO=TCP SPT=42795 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:55:06 honeypot-fra-1 kernel: [83757337.371093] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.88.125.200 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=25042 DF PROTO=TCP SPT=63017 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T07:55:06.875Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:58:20 honeypot-fra-1 sshd[31745]: Invalid user admin from 51.250.85.165 port 38676","@timestamp":"2022-09-11T07:58:21.950Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:00:05 honeypot-fra-1 sshd[31749]: Received disconnect from 129.205.124.253 port 49780:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:00:05.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:01:43 honeypot-ams-1 kernel: [83759888.673081] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=26214 DF PROTO=TCP SPT=53704 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:01:43.379Z"}
{"@timestamp":"2022-09-11T08:03:38.304Z","@version":"1","message":"Sep 11 08:03:37 honeypot-sgp-1 sshd[5681]: Invalid user lds from 103.77.252.60 port 44566","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:05:31 honeypot-ams-1 sshd[9623]: Received disconnect from 167.172.152.18 port 54720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:05:31.480Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:06:49 honeypot-ams-1 sshd[9629]: Received disconnect from 167.172.152.18 port 55594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:06:50.518Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:08:05 honeypot-ams-1 sshd[9635]: Received disconnect from 167.172.152.18 port 56062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:08:05.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:08:55 honeypot-ams-1 sshd[9640]: Invalid user git from 167.172.152.18 port 37556","@timestamp":"2022-09-11T08:08:55.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:09:45 honeypot-ams-1 sshd[9645]: Invalid user oracle from 167.172.152.18 port 47568","@timestamp":"2022-09-11T08:09:46.604Z"}
{"@timestamp":"2022-09-11T08:10:24.470Z","@version":"1","message":"Sep 11 08:10:24 honeypot-sgp-1 kernel: [83759937.291558] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.182.129.160 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=23738 DF PROTO=TCP SPT=53891 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:10:36 honeypot-ams-1 sshd[9649]: Invalid user odoo from 167.172.152.18 port 57180","@timestamp":"2022-09-11T08:10:36.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:11:25 honeypot-ams-1 sshd[9653]: Invalid user ec2-user from 167.172.152.18 port 38882","@timestamp":"2022-09-11T08:11:26.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:12:15 honeypot-ams-1 sshd[9657]: Invalid user ubuntu from 167.172.152.18 port 48484","@timestamp":"2022-09-11T08:12:15.678Z"}
{"@timestamp":"2022-09-11T08:12:25.526Z","@version":"1","message":"Sep 11 08:12:25 honeypot-sgp-1 sshd[5687]: Received disconnect from 45.61.184.204 port 53774:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:12:43.533Z","@version":"1","message":"Sep 11 08:12:42 honeypot-sgp-1 sshd[5691]: Received disconnect from 45.61.184.204 port 49338:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:12:52.538Z","@version":"1","message":"Sep 11 08:12:52 honeypot-sgp-1 sshd[5695]: Received disconnect from 45.61.184.204 port 33002:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:13:05 honeypot-ams-1 sshd[9661]: Invalid user spark from 167.172.152.18 port 58300","@timestamp":"2022-09-11T08:13:05.704Z"}
{"@timestamp":"2022-09-11T08:13:11.546Z","@version":"1","message":"Sep 11 08:13:10 honeypot-sgp-1 sshd[5699]: Received disconnect from 45.61.184.204 port 56804:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:13:55 honeypot-ams-1 sshd[9665]: Invalid user debian from 167.172.152.18 port 40008","@timestamp":"2022-09-11T08:13:55.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:14:45 honeypot-ams-1 sshd[9669]: Invalid user webadmin from 167.172.152.18 port 49706","@timestamp":"2022-09-11T08:14:45.753Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:14:59 honeypot-fra-1 sshd[31777]: Received disconnect from 92.255.85.69 port 40346:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:14:59.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:15:35 honeypot-ams-1 sshd[9674]: Invalid user student from 167.172.152.18 port 59524","@timestamp":"2022-09-11T08:15:35.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:16:27 honeypot-ams-1 sshd[9678]: Invalid user weblogic from 167.172.152.18 port 40946","@timestamp":"2022-09-11T08:16:27.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:17:01 honeypot-ams-1 CRON[9682]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T08:17:01.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:17:38 honeypot-fra-1 sshd[31782]: Received disconnect from 165.22.45.108 port 39398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:17:38.395Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:20:56 honeypot-ams-1 kernel: [83761041.912814] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.127.196.206 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=34846 PROTO=TCP SPT=45531 DPT=80 WINDOW=8539 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:20:56.919Z"}
{"@timestamp":"2022-09-11T08:21:02.736Z","@version":"1","message":"Sep 11 08:21:02 honeypot-sgp-1 sshd[5724]: Did not receive identification string from 172.105.96.215 port 56162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:32:34 honeypot-ams-1 kernel: [83761740.283289] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.105.225.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=60448 PROTO=TCP SPT=5496 DPT=443 WINDOW=64392 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:32:35.216Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:34:20 honeypot-fra-1 sshd[31786]: Disconnected from invalid user network 43.155.63.124 port 37122 [preauth]","@timestamp":"2022-09-11T08:34:20.786Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:35:43.092Z","@version":"1","message":"Sep 11 08:35:42 honeypot-sgp-1 sshd[5729]: Invalid user test1 from 92.255.85.70 port 15716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:36:33 honeypot-ams-1 kernel: [83761978.714062] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=12907 PROTO=TCP SPT=46584 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:36:33.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:38:10 honeypot-ams-1 sshd[9713]: Disconnected from invalid user emily 185.149.120.51 port 60288 [preauth]","@timestamp":"2022-09-11T08:38:11.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:38:24 honeypot-fra-1 sshd[31789]: Disconnected from invalid user test1 92.255.85.69 port 61394 [preauth]","@timestamp":"2022-09-11T08:38:24.879Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:40:35.208Z","@version":"1","message":"Sep 11 08:40:34 honeypot-sgp-1 kernel: [83761747.695214] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.130 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50041 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:42:17 honeypot-ams-1 kernel: [83762323.503654] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55601 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:42:18.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:40 honeypot-ams-1 sshd[9723]: Received disconnect from 45.61.186.169 port 34954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:43:41.515Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:56 honeypot-ams-1 sshd[9727]: Received disconnect from 45.61.186.169 port 58342:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:43:56.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:44:13 honeypot-ams-1 sshd[9731]: Invalid user user from 45.61.186.169 port 53484","@timestamp":"2022-09-11T08:44:13.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:44:20 honeypot-ams-1 sshd[9733]: Disconnected from invalid user user 45.61.186.169 port 36934 [preauth]","@timestamp":"2022-09-11T08:44:21.537Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:45:23 honeypot-fra-1 sshd[31794]: Invalid user optimax from 197.159.66.222 port 36072","@timestamp":"2022-09-11T08:45:23.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:48:30 honeypot-fra-1 sshd[31796]: Received disconnect from 202.139.196.201 port 31940:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:48:31.107Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:50:36 honeypot-fra-1 sshd[31801]: Disconnected from invalid user toby 34.69.39.31 port 49056 [preauth]","@timestamp":"2022-09-11T08:50:37.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:51:02 honeypot-fra-1 sshd[31805]: Disconnected from invalid user katrin 165.22.45.108 port 44168 [preauth]","@timestamp":"2022-09-11T08:51:03.165Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T08:59:10.638Z","@version":"1","message":"Sep 11 08:59:10 honeypot-sgp-1 sshd[5739]: Invalid user test1 from 92.255.85.70 port 46822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:00:12 honeypot-ams-1 sshd[9739]: Disconnected from authenticating user root 103.55.38.26 port 59546 [preauth]","@timestamp":"2022-09-11T09:00:12.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:02:49 honeypot-fra-1 sshd[31810]: Connection closed by invalid user test 193.106.191.157 port 37724 [preauth]","@timestamp":"2022-09-11T09:02:50.439Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:04:33.769Z","@version":"1","message":"Sep 11 09:04:33 honeypot-sgp-1 kernel: [83763186.226075] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.156.145 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=4713 PROTO=TCP SPT=45402 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:16 honeypot-fra-1 sshd[31816]: Invalid user user from 45.61.186.49 port 46220","@timestamp":"2022-09-11T09:05:17.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:25 honeypot-fra-1 sshd[31820]: Invalid user user from 45.61.186.49 port 57964","@timestamp":"2022-09-11T09:05:25.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:06:08 honeypot-ams-1 sshd[9745]: Disconnected from authenticating user root 167.172.152.18 port 53120 [preauth]","@timestamp":"2022-09-11T09:06:09.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:07:29 honeypot-ams-1 sshd[9751]: Received disconnect from 167.172.152.18 port 51698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:07:30.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:08:45 honeypot-ams-1 sshd[9757]: Received disconnect from 167.172.152.18 port 50350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:08:46.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:09:36 honeypot-ams-1 sshd[9761]: Disconnected from authenticating user root 167.172.152.18 port 58800 [preauth]","@timestamp":"2022-09-11T09:09:36.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:10:27 honeypot-ams-1 sshd[9765]: Disconnected from invalid user git 167.172.152.18 port 40538 [preauth]","@timestamp":"2022-09-11T09:10:28.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:11:17 honeypot-ams-1 sshd[9779]: Disconnected from invalid user oracle 167.172.152.18 port 47534 [preauth]","@timestamp":"2022-09-11T09:11:18.260Z"}
{"@timestamp":"2022-09-11T09:11:52.947Z","@version":"1","message":"Sep 11 09:11:52 honeypot-sgp-1 sshd[5743]: Disconnected from 68.183.141.36 port 35408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:01 honeypot-ams-1 sshd[9784]: Invalid user user from 45.61.187.160 port 39910","@timestamp":"2022-09-11T09:12:02.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:10 honeypot-ams-1 sshd[9788]: Invalid user user from 45.61.187.160 port 51406","@timestamp":"2022-09-11T09:12:11.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:26 honeypot-ams-1 sshd[9792]: Invalid user user from 45.61.187.160 port 46172","@timestamp":"2022-09-11T09:12:27.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:35 honeypot-ams-1 sshd[9796]: Invalid user user from 45.61.187.160 port 57648","@timestamp":"2022-09-11T09:12:35.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:50 honeypot-ams-1 sshd[9800]: Invalid user user from 45.61.187.160 port 52418","@timestamp":"2022-09-11T09:12:51.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:13:22 honeypot-ams-1 sshd[9804]: Invalid user test from 167.172.152.18 port 53434","@timestamp":"2022-09-11T09:13:22.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:13:47 honeypot-ams-1 sshd[9808]: Invalid user ubuntu from 167.172.152.18 port 44822","@timestamp":"2022-09-11T09:13:48.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:14:37 honeypot-ams-1 sshd[9812]: Invalid user spark from 167.172.152.18 port 53366","@timestamp":"2022-09-11T09:14:38.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:15:27 honeypot-ams-1 sshd[9816]: Invalid user debian from 167.172.152.18 port 33518","@timestamp":"2022-09-11T09:15:28.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:16:17 honeypot-ams-1 sshd[9821]: Invalid user webadmin from 167.172.152.18 port 41946","@timestamp":"2022-09-11T09:16:18.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:17:01 honeypot-ams-1 CRON[9826]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T09:17:02.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:17:34 honeypot-ams-1 sshd[9831]: Invalid user www from 167.172.152.18 port 40730","@timestamp":"2022-09-11T09:17:35.450Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:17:56 honeypot-fra-1 sshd[31826]: Invalid user pei from 39.109.114.28 port 39698","@timestamp":"2022-09-11T09:17:57.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:18:02 honeypot-ams-1 sshd[9835]: Invalid user izabele from 200.66.77.178 port 44398","@timestamp":"2022-09-11T09:18:03.464Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:28 honeypot-fra-1 sshd[31829]: Disconnected from invalid user user 141.255.162.226 port 43066 [preauth]","@timestamp":"2022-09-11T09:18:28.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:30 honeypot-fra-1 sshd[31833]: Disconnected from invalid user user 141.255.162.226 port 36004 [preauth]","@timestamp":"2022-09-11T09:18:31.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:35 honeypot-fra-1 sshd[31837]: Disconnected from invalid user user 141.255.162.226 port 57228 [preauth]","@timestamp":"2022-09-11T09:18:35.791Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:22:35.198Z","@version":"1","message":"Sep 11 09:22:34 honeypot-sgp-1 sshd[5750]: Disconnected from invalid user test2 92.255.85.70 port 29502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:22:43 honeypot-fra-1 sshd[31844]: Received disconnect from 178.128.72.150 port 43956:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:22:43.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:23:34 honeypot-fra-1 sshd[31848]: Received disconnect from 178.128.72.150 port 42584:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:23:34.903Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:24:10 honeypot-fra-1 sshd[31852]: Received disconnect from 165.22.45.108 port 48972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:24:10.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:24:46 honeypot-fra-1 sshd[31856]: Received disconnect from 178.128.72.150 port 54602:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:24:46.935Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:24:58 honeypot-ams-1 kernel: [83764884.553044] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.128.119.179 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=25714 DF PROTO=TCP SPT=55678 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T09:24:59.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:34 honeypot-fra-1 sshd[31860]: Received disconnect from 178.128.72.150 port 53224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:25:34.954Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:58 honeypot-fra-1 sshd[31864]: Received disconnect from 178.128.72.150 port 38410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:25:58.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:26:45 honeypot-fra-1 sshd[31868]: Invalid user chad from 178.128.72.150 port 37026","@timestamp":"2022-09-11T09:26:45.986Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:27:33 honeypot-fra-1 sshd[31872]: Invalid user class from 178.128.72.150 port 35632","@timestamp":"2022-09-11T09:27:34.007Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:28:10 honeypot-fra-1 sshd[31877]: Invalid user alar from 159.65.194.58 port 37310","@timestamp":"2022-09-11T09:28:11.023Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:28:45 honeypot-fra-1 sshd[31881]: Invalid user def from 178.128.72.150 port 47664","@timestamp":"2022-09-11T09:28:46.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:29:33 honeypot-fra-1 sshd[31885]: Invalid user disco from 178.128.72.150 port 46278","@timestamp":"2022-09-11T09:29:34.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:30:06 honeypot-fra-1 kernel: [83763037.012338] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=58435 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:30:07.076Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:35:12 honeypot-ams-1 kernel: [83765498.260191] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=21913 PROTO=TCP SPT=61509 DPT=80 WINDOW=45325 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:35:12.926Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:36:19 honeypot-fra-1 kernel: [83763409.626636] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=35726 PROTO=TCP SPT=50804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:36:19.215Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T09:38:10.580Z","@version":"1","message":"Sep 11 09:38:10 honeypot-sgp-1 sshd[5756]: Disconnected from invalid user admin 2.42.138.122 port 57082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:41:04 honeypot-ams-1 kernel: [83765850.183611] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30570 PROTO=TCP SPT=57502 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:41:05.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:45:58 honeypot-fra-1 kernel: [83763989.093424] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=93.174.95.106 DST=165.22.82.222 LEN=44 TOS=0x10 PREC=0x00 TTL=123 ID=26282 PROTO=TCP SPT=7349 DPT=636 WINDOW=13973 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:45:59.432Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T09:46:31.779Z","@version":"1","message":"Sep 11 09:46:31 honeypot-sgp-1 sshd[5763]: Received disconnect from 92.255.85.69 port 36998:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:52:16 honeypot-fra-1 sshd[31905]: Received disconnect from 163.172.251.68 port 45680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:52:16.574Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:52:43 honeypot-ams-1 kernel: [83766549.274721] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.237 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36360 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:52:44.382Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:52:52 honeypot-fra-1 sshd[31909]: Received disconnect from 163.172.251.68 port 15484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:52:52.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:53:28 honeypot-fra-1 sshd[31913]: Received disconnect from 163.172.251.68 port 41792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:53:28.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:04 honeypot-fra-1 sshd[31917]: Received disconnect from 163.172.251.68 port 11596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:54:04.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:39 honeypot-fra-1 sshd[31921]: Received disconnect from 163.172.251.68 port 37900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:54:39.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:55:15 honeypot-fra-1 sshd[31925]: Received disconnect from 163.172.251.68 port 64204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:55:15.652Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:55:47 honeypot-ams-1 sshd[9854]: Received disconnect from 139.59.25.164 port 36286:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:55:48.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:55:51 honeypot-fra-1 sshd[31930]: Disconnected from invalid user ubuntu 163.172.251.68 port 34008 [preauth]","@timestamp":"2022-09-11T09:55:52.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:56:28 honeypot-fra-1 sshd[31934]: Disconnected from invalid user test 163.172.251.68 port 60316 [preauth]","@timestamp":"2022-09-11T09:56:28.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:01:13 honeypot-fra-1 sshd[31939]: Received disconnect from 139.59.230.111 port 42132:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:01:14.815Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:05:07.229Z","@version":"1","message":"Sep 11 10:05:06 honeypot-sgp-1 sshd[5841]: Bad protocol version identification 'GET / HTTP/1.1' from 161.35.86.181 port 35378","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:06:54 honeypot-ams-1 kernel: [83767400.462869] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=34167 PROTO=TCP SPT=56538 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:06:55.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:06:58 honeypot-fra-1 sshd[31944]: Invalid user python from 188.226.207.26 port 49122","@timestamp":"2022-09-11T10:06:58.945Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:11:07.375Z","@version":"1","message":"Sep 11 10:11:06 honeypot-sgp-1 sshd[5847]: Invalid user admin from 220.132.210.118 port 36973","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:11:47 honeypot-fra-1 sshd[31950]: Invalid user prueba from 103.188.176.251 port 58020","@timestamp":"2022-09-11T10:11:48.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:13:10.427Z","@version":"1","message":"Sep 11 10:13:10 honeypot-sgp-1 kernel: [83767303.312135] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34102 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:15:12 honeypot-ams-1 sshd[9863]: Received disconnect from 92.255.85.69 port 23230:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:15:12.966Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:15:55 honeypot-fra-1 sshd[31958]: Disconnected from authenticating user root 209.141.60.201 port 51052 [preauth]","@timestamp":"2022-09-11T10:15:56.148Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:17:18.532Z","@version":"1","message":"Sep 11 10:17:17 honeypot-sgp-1 sshd[5861]: Invalid user user from 45.61.186.249 port 51184","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:17:38.543Z","@version":"1","message":"Sep 11 10:17:38 honeypot-sgp-1 sshd[5865]: Invalid user user from 45.61.186.249 port 46062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:17:42 honeypot-fra-1 kernel: [83765893.002238] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=7427 PROTO=TCP SPT=40943 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:17:43.193Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T10:17:57.552Z","@version":"1","message":"Sep 11 10:17:57 honeypot-sgp-1 sshd[5870]: Invalid user user from 45.61.186.249 port 40956","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:18:15.561Z","@version":"1","message":"Sep 11 10:18:14 honeypot-sgp-1 sshd[5874]: Invalid user user from 45.61.186.249 port 35844","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:18:53 honeypot-fra-1 sshd[31971]: Received disconnect from 209.141.60.201 port 41680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:18:53.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:19:44 honeypot-fra-1 sshd[31975]: Received disconnect from 81.169.137.181 port 53676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:19:45.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:21:06 honeypot-fra-1 sshd[31979]: Received disconnect from 81.169.137.181 port 52236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:21:07.274Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:21:48 honeypot-fra-1 sshd[31984]: Invalid user tmpfs from 209.141.60.201 port 55400","@timestamp":"2022-09-11T10:21:48.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:03 honeypot-fra-1 sshd[31989]: Invalid user webmaster from 81.169.137.181 port 35888","@timestamp":"2022-09-11T10:23:04.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31999]: Invalid user nguser from 185.209.179.41 port 45190","@timestamp":"2022-09-11T10:23:16.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[32002]: Invalid user es from 185.209.179.41 port 45182","@timestamp":"2022-09-11T10:23:16.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31999]: Connection closed by invalid user nguser 185.209.179.41 port 45190 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[32002]: Connection closed by invalid user es 185.209.179.41 port 45182 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32019]: Invalid user postgres from 185.209.179.41 port 45188","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32019]: Connection closed by invalid user postgres 185.209.179.41 port 45188 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32025]: Connection closed by invalid user oracle 185.209.179.41 port 45118 [preauth]","@timestamp":"2022-09-11T10:23:18.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:19 honeypot-fra-1 sshd[32037]: Invalid user test from 185.209.179.41 port 45192","@timestamp":"2022-09-11T10:23:19.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:19 honeypot-fra-1 sshd[32043]: Connection closed by invalid user ansible 185.209.179.41 port 45130 [preauth]","@timestamp":"2022-09-11T10:23:20.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:24:20 honeypot-fra-1 sshd[32048]: Disconnected from authenticating user mail 81.169.137.181 port 34444 [preauth]","@timestamp":"2022-09-11T10:24:21.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:25:37 honeypot-fra-1 sshd[32054]: Disconnected from invalid user virus 81.169.137.181 port 32924 [preauth]","@timestamp":"2022-09-11T10:25:38.385Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:26:26 honeypot-ams-1 kernel: [83768572.246490] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=13386 DF PROTO=TCP SPT=52265 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:26:27.262Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:26:56 honeypot-fra-1 sshd[32058]: Received disconnect from 81.169.137.181 port 59680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:26:56.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:28:13 honeypot-fra-1 sshd[32064]: Received disconnect from 81.169.137.181 port 58212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:28:14.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:28:52 honeypot-fra-1 sshd[32068]: Received disconnect from 81.169.137.181 port 43412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:28:52.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:30:11 honeypot-fra-1 sshd[32072]: Received disconnect from 81.169.137.181 port 41854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:30:12.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:30:51 honeypot-fra-1 sshd[32076]: Received disconnect from 81.169.137.181 port 55254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:30:52.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:32:12 honeypot-fra-1 sshd[32080]: Received disconnect from 81.169.137.181 port 53786:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:32:13.544Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:33:24.917Z","@version":"1","message":"Sep 11 10:33:24 honeypot-sgp-1 sshd[5885]: Disconnected from authenticating user root 92.255.85.70 port 24552 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:34:06 honeypot-fra-1 kernel: [83766877.404466] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=3776 PROTO=TCP SPT=52245 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:34:07.589Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:36:37 honeypot-fra-1 sshd[32091]: Disconnected from authenticating user root 92.255.85.69 port 23014 [preauth]","@timestamp":"2022-09-11T10:36:37.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:37:57 honeypot-fra-1 sshd[32097]: Received disconnect from 61.177.173.47 port 42390:11:  [preauth]","@timestamp":"2022-09-11T10:37:57.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:39:11 honeypot-ams-1 sshd[9886]: Received disconnect from 178.128.72.150 port 40808:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:39:12.591Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:40:06 honeypot-ams-1 sshd[9890]: Received disconnect from 178.128.72.150 port 44530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:40:07.618Z"}
{"@timestamp":"2022-09-11T10:40:35.088Z","@version":"1","message":"Sep 11 10:40:34 honeypot-sgp-1 kernel: [83768947.734652] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=52592 PROTO=TCP SPT=52245 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:41:00 honeypot-ams-1 sshd[9898]: Invalid user blood from 178.128.72.150 port 48224","@timestamp":"2022-09-11T10:41:00.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:23 honeypot-fra-1 sshd[32104]: Did not receive identification string from 45.61.186.249 port 37276","@timestamp":"2022-09-11T10:41:23.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:41:27 honeypot-ams-1 sshd[9900]: Received disconnect from 178.128.72.150 port 35952:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:41:27.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:48 honeypot-fra-1 sshd[32107]: Disconnected from invalid user user 45.61.186.249 port 53902 [preauth]","@timestamp":"2022-09-11T10:41:49.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:07 honeypot-fra-1 sshd[32112]: Disconnected from invalid user user 45.61.186.249 port 48920 [preauth]","@timestamp":"2022-09-11T10:42:07.778Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:42:14 honeypot-ams-1 sshd[9913]: Received disconnect from 178.128.184.213 port 46578:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:42:14.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:24 honeypot-fra-1 sshd[32116]: Disconnected from invalid user user 45.61.186.249 port 43964 [preauth]","@timestamp":"2022-09-11T10:42:24.787Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:42:47 honeypot-ams-1 sshd[9918]: Received disconnect from 178.128.72.150 port 55624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:42:48.699Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:43:10 honeypot-fra-1 sshd[32120]: Disconnected from invalid user forevermd 118.69.71.109 port 58053 [preauth]","@timestamp":"2022-09-11T10:43:10.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:15 honeypot-ams-1 sshd[9923]: Invalid user minecraft from 163.172.251.68 port 34292","@timestamp":"2022-09-11T10:43:15.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:41 honeypot-ams-1 sshd[9928]: Invalid user chad from 178.128.72.150 port 59326","@timestamp":"2022-09-11T10:43:41.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:02 honeypot-ams-1 sshd[9932]: Invalid user oracle from 163.172.251.68 port 24882","@timestamp":"2022-09-11T10:44:03.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:19 honeypot-ams-1 sshd[9936]: Invalid user test from 163.172.251.68 port 40578","@timestamp":"2022-09-11T10:44:19.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:36 honeypot-ams-1 sshd[9940]: Invalid user git from 163.172.251.68 port 56284","@timestamp":"2022-09-11T10:44:37.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:01 honeypot-ams-1 sshd[9944]: Invalid user claude from 178.128.72.150 port 50730","@timestamp":"2022-09-11T10:45:02.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:28 honeypot-ams-1 sshd[9948]: Invalid user cora from 178.128.72.150 port 38508","@timestamp":"2022-09-11T10:45:29.782Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:45:32 honeypot-ams-1 kernel: [83769718.203771] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=38253 DPT=389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:45:32.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:55 honeypot-ams-1 sshd[9954]: Disconnected from invalid user def 178.128.72.150 port 54476 [preauth]","@timestamp":"2022-09-11T10:45:55.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:22 honeypot-ams-1 sshd[9960]: Invalid user denise from 178.128.72.150 port 42214","@timestamp":"2022-09-11T10:46:22.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:49 honeypot-ams-1 sshd[9964]: Invalid user disco from 178.128.72.150 port 58176","@timestamp":"2022-09-11T10:46:49.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:47:13 honeypot-ams-1 sshd[9968]: Invalid user test from 163.172.251.68 port 28062","@timestamp":"2022-09-11T10:47:14.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:47:42 honeypot-ams-1 sshd[9972]: Invalid user rap from 178.128.72.150 port 33642","@timestamp":"2022-09-11T10:47:43.852Z"}
{"@timestamp":"2022-09-11T10:51:55.353Z","@version":"1","message":"Sep 11 10:51:55 honeypot-sgp-1 sshd[5906]: Invalid user admin1 from 178.128.30.95 port 44248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:53:07 honeypot-ams-1 sshd[9977]: Invalid user test from 193.106.191.157 port 36396","@timestamp":"2022-09-11T10:53:07.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:53:50 honeypot-fra-1 kernel: [83768060.713490] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=25679 PROTO=TCP SPT=42094 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:53:51.048Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:33 honeypot-ams-1 sshd[9981]: Disconnected from invalid user user 141.255.162.226 port 44072 [preauth]","@timestamp":"2022-09-11T10:54:34.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:35 honeypot-ams-1 sshd[9985]: Disconnected from invalid user user 141.255.162.226 port 51324 [preauth]","@timestamp":"2022-09-11T10:54:36.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:39 honeypot-ams-1 sshd[9989]: Disconnected from invalid user user 141.255.162.226 port 58574 [preauth]","@timestamp":"2022-09-11T10:54:40.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:56:27 honeypot-ams-1 sshd[9995]: Disconnected from 161.35.113.79 port 57794 [preauth]","@timestamp":"2022-09-11T10:56:28.081Z"}
{"@timestamp":"2022-09-11T10:56:58.473Z","@version":"1","message":"Sep 11 10:56:57 honeypot-sgp-1 kernel: [83769930.702632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25644 PROTO=TCP SPT=12543 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:02:35 honeypot-fra-1 sshd[32133]: Received disconnect from 200.111.119.58 port 59582:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:02:36.241Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:03:38.649Z","@version":"1","message":"Sep 11 11:03:37 honeypot-sgp-1 sshd[5920]: Received disconnect from 45.61.187.160 port 50386:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:03:55.659Z","@version":"1","message":"Sep 11 11:03:54 honeypot-sgp-1 sshd[5924]: Received disconnect from 45.61.187.160 port 45180:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:04:11.666Z","@version":"1","message":"Sep 11 11:04:11 honeypot-sgp-1 sshd[5928]: Received disconnect from 45.61.187.160 port 39922:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:04:30 honeypot-fra-1 sshd[32139]: Received disconnect from 20.84.90.26 port 43560:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:04:31.285Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:05:00.688Z","@version":"1","message":"Sep 11 11:04:59 honeypot-sgp-1 sshd[5917]: Connection reset by 61.177.173.50 port 14280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:09:30 honeypot-ams-1 kernel: [83771155.602018] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17566 PROTO=TCP SPT=54181 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:09:30.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:12:57 honeypot-fra-1 kernel: [83769208.085755] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11471 PROTO=TCP SPT=54181 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:12:58.470Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:15:03 honeypot-fra-1 sshd[32153]: Connection closed by invalid user test 193.106.191.157 port 33078 [preauth]","@timestamp":"2022-09-11T11:15:04.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:15:05.923Z","@version":"1","message":"Sep 11 11:15:05 honeypot-sgp-1 sshd[5942]: Received disconnect from 62.204.41.222 port 48222:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:17:01.970Z","@version":"1","message":"Sep 11 11:17:01 honeypot-sgp-1 CRON[5946]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:18:37 honeypot-ams-1 sshd[10008]: Received disconnect from 35.246.83.56 port 56664:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:18:38.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:08 honeypot-ams-1 sshd[10013]: Invalid user user from 45.61.187.160 port 60728","@timestamp":"2022-09-11T11:20:09.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:26 honeypot-ams-1 sshd[10017]: Invalid user user from 45.61.187.160 port 55298","@timestamp":"2022-09-11T11:20:26.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:42 honeypot-ams-1 sshd[10021]: Invalid user user from 45.61.187.160 port 49876","@timestamp":"2022-09-11T11:20:42.702Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:21:03 honeypot-ams-1 kernel: [83771848.917321] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.204.252 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33088 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:21:03.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:21:47 honeypot-fra-1 kernel: [83769737.700442] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.201.198 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51003 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:21:47.670Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:26:15 honeypot-ams-1 sshd[10030]: Disconnected from authenticating user root 92.255.85.70 port 39222 [preauth]","@timestamp":"2022-09-11T11:26:15.850Z"}
{"@timestamp":"2022-09-11T11:26:32.194Z","@version":"1","message":"Sep 11 11:26:32 honeypot-sgp-1 kernel: [83771705.129127] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=13.233.174.29 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=60286 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:27:34 honeypot-fra-1 sshd[32170]: Received disconnect from 182.72.16.162 port 42646:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:27:34.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:31:14.339Z","@version":"1","message":"Sep 11 11:31:14 honeypot-sgp-1 kernel: [83771987.263937] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11622 PROTO=TCP SPT=28980 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:32:42 honeypot-fra-1 sshd[32181]: Invalid user ubuntu from 103.66.218.65 port 42918","@timestamp":"2022-09-11T11:32:42.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:37:29 honeypot-fra-1 sshd[32186]: Connection closed by invalid user support 74.127.112.52 port 57181 [preauth]","@timestamp":"2022-09-11T11:37:30.018Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:38:35 honeypot-fra-1 sshd[32193]: Disconnected from invalid user mj 202.137.20.53 port 56951 [preauth]","@timestamp":"2022-09-11T11:38:36.043Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:39:35.539Z","@version":"1","message":"Sep 11 11:39:34 honeypot-sgp-1 sshd[5967]: Received disconnect from 61.177.173.36 port 36083:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:41:11 honeypot-fra-1 sshd[32199]: Invalid user ez from 102.223.92.101 port 34547","@timestamp":"2022-09-11T11:41:12.104Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:43:28 honeypot-ams-1 kernel: [83773194.316139] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41422 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:43:29.300Z"}
{"@timestamp":"2022-09-11T11:44:11.648Z","@version":"1","message":"Sep 11 11:44:11 honeypot-sgp-1 sshd[5972]: Received disconnect from 92.255.85.69 port 38536:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:46:35 honeypot-fra-1 sshd[32204]: Invalid user test2 from 92.255.85.69 port 58866","@timestamp":"2022-09-11T11:46:36.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:49:43 honeypot-ams-1 sshd[10037]: Received disconnect from 92.255.85.70 port 48756:11: Bye Bye [preauth]","@timestamp":"2022-09-11T11:49:43.461Z"}
{"@timestamp":"2022-09-11T11:52:56.854Z","@version":"1","message":"Sep 11 11:52:56 honeypot-sgp-1 sshd[5979]: Received disconnect from 60.9.236.192 port 31297:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:54:06 honeypot-fra-1 sshd[32211]: Disconnected from invalid user dkauffman 78.37.125.18 port 38110 [preauth]","@timestamp":"2022-09-11T11:54:07.388Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:54:35.897Z","@version":"1","message":"Sep 11 11:54:35 honeypot-sgp-1 sshd[5984]: Received disconnect from 61.177.173.46 port 42218:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:59:18 honeypot-fra-1 kernel: [83771988.693376] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20615 PROTO=TCP SPT=57063 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:59:18.504Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:00:39 honeypot-ams-1 kernel: [83774225.196288] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64067 PROTO=TCP SPT=57063 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:00:39.742Z"}
{"@timestamp":"2022-09-11T12:02:54.096Z","@version":"1","message":"Sep 11 12:02:53 honeypot-sgp-1 sshd[5988]: Disconnected from authenticating user root 61.177.173.49 port 50713 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:04:35.139Z","@version":"1","message":"Sep 11 12:04:34 honeypot-sgp-1 sshd[5993]: Disconnected from invalid user user 45.61.186.249 port 59836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:04:56.149Z","@version":"1","message":"Sep 11 12:04:55 honeypot-sgp-1 sshd[5997]: Disconnected from invalid user user 45.61.186.249 port 54412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:14.158Z","@version":"1","message":"Sep 11 12:05:13 honeypot-sgp-1 sshd[6001]: Disconnected from invalid user user 45.61.186.249 port 49012 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:31.167Z","@version":"1","message":"Sep 11 12:05:31 honeypot-sgp-1 sshd[6005]: Disconnected from invalid user user 45.61.186.249 port 43614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:43 honeypot-fra-1 sshd[32225]: Received disconnect from 141.255.162.226 port 54100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:05:44.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:48 honeypot-fra-1 sshd[32229]: Received disconnect from 141.255.162.226 port 54148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:05:48.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:50 honeypot-fra-1 sshd[32233]: Received disconnect from 141.255.162.226 port 32988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:05:50.656Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:08:35.245Z","@version":"1","message":"Sep 11 12:08:34 honeypot-sgp-1 kernel: [83774227.796529] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=34271 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:10:27 honeypot-fra-1 sshd[32237]: Invalid user k_baza from 165.22.45.108 port 46048","@timestamp":"2022-09-11T12:10:28.761Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:12:56 honeypot-ams-1 sshd[10044]: Received disconnect from 92.255.85.69 port 17756:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:12:57.066Z"}
{"@timestamp":"2022-09-11T12:14:17.379Z","@version":"1","message":"Sep 11 12:14:16 honeypot-sgp-1 sshd[6017]: Disconnected from authenticating user root 210.114.1.46 port 50692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:16:24 honeypot-fra-1 sshd[32244]: Received disconnect from 61.177.173.47 port 57145:11:  [preauth]","@timestamp":"2022-09-11T12:16:24.892Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:20:56 honeypot-fra-1 sshd[32252]: Invalid user test from 193.106.191.157 port 44748","@timestamp":"2022-09-11T12:20:56.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:23:23 honeypot-ams-1 sshd[10052]: Invalid user deploy from 81.169.137.181 port 44814","@timestamp":"2022-09-11T12:23:24.338Z"}
{"@timestamp":"2022-09-11T12:23:40.601Z","@version":"1","message":"Sep 11 12:23:40 honeypot-sgp-1 sshd[6027]: Disconnected from 68.183.141.36 port 45240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:24:12 honeypot-ams-1 sshd[10054]: Invalid user demo from 81.169.137.181 port 60790","@timestamp":"2022-09-11T12:24:12.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:25:39 honeypot-ams-1 sshd[10058]: Invalid user willie from 81.169.137.181 port 36174","@timestamp":"2022-09-11T12:25:39.402Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:27:01 honeypot-ams-1 sshd[10062]: Invalid user vic from 81.169.137.181 port 39812","@timestamp":"2022-09-11T12:27:01.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:27:55 honeypot-ams-1 sshd[10067]: Did not receive identification string from 167.172.152.18 port 33104","@timestamp":"2022-09-11T12:27:55.464Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:29 honeypot-ams-1 sshd[10070]: Disconnected from authenticating user root 167.172.152.18 port 45162 [preauth]","@timestamp":"2022-09-11T12:28:29.481Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:28:49 honeypot-fra-1 sshd[32257]: Disconnected from authenticating user root 61.177.173.51 port 28263 [preauth]","@timestamp":"2022-09-11T12:28:50.173Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:58 honeypot-ams-1 sshd[10075]: Invalid user vnc from 81.169.137.181 port 59416","@timestamp":"2022-09-11T12:28:58.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:23 honeypot-ams-1 sshd[10079]: Disconnected from authenticating user root 167.172.152.18 port 54848 [preauth]","@timestamp":"2022-09-11T12:29:23.510Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:37 honeypot-ams-1 sshd[10083]: Disconnected from authenticating user mail 81.169.137.181 port 47110 [preauth]","@timestamp":"2022-09-11T12:29:37.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:59 honeypot-ams-1 sshd[10089]: Received disconnect from 80.76.51.45 port 49824:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:30:00.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:16 honeypot-ams-1 sshd[10095]: Invalid user view from 81.169.137.181 port 34790","@timestamp":"2022-09-11T12:30:16.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:40 honeypot-ams-1 sshd[10099]: Disconnected from authenticating user root 167.172.152.18 port 55248 [preauth]","@timestamp":"2022-09-11T12:30:40.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:45 honeypot-fra-1 sshd[32265]: Received disconnect from 62.218.227.178 port 40374:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:46.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:46 honeypot-fra-1 sshd[32269]: Disconnected from authenticating user root 62.218.227.178 port 40444 [preauth]","@timestamp":"2022-09-11T12:30:47.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:47 honeypot-fra-1 sshd[32275]: Disconnected from authenticating user root 62.218.227.178 port 40520 [preauth]","@timestamp":"2022-09-11T12:30:47.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:48 honeypot-fra-1 sshd[32281]: Disconnected from authenticating user root 62.218.227.178 port 40558 [preauth]","@timestamp":"2022-09-11T12:30:48.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:48 honeypot-fra-1 sshd[32287]: Disconnected from authenticating user root 62.218.227.178 port 40596 [preauth]","@timestamp":"2022-09-11T12:30:49.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:49 honeypot-fra-1 sshd[32293]: Disconnected from authenticating user root 62.218.227.178 port 40648 [preauth]","@timestamp":"2022-09-11T12:30:50.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:50 honeypot-fra-1 sshd[32299]: Disconnected from authenticating user root 62.218.227.178 port 40696 [preauth]","@timestamp":"2022-09-11T12:30:51.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:51 honeypot-fra-1 sshd[32305]: Disconnected from authenticating user root 62.218.227.178 port 40724 [preauth]","@timestamp":"2022-09-11T12:30:52.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:52 honeypot-fra-1 sshd[32311]: Disconnected from authenticating user root 62.218.227.178 port 40758 [preauth]","@timestamp":"2022-09-11T12:30:53.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:53 honeypot-fra-1 sshd[32317]: Disconnected from authenticating user root 62.218.227.178 port 40798 [preauth]","@timestamp":"2022-09-11T12:30:54.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:54 honeypot-fra-1 sshd[32323]: Disconnected from authenticating user root 62.218.227.178 port 40858 [preauth]","@timestamp":"2022-09-11T12:30:54.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:55 honeypot-fra-1 sshd[32329]: Disconnected from authenticating user root 62.218.227.178 port 40898 [preauth]","@timestamp":"2022-09-11T12:30:55.225Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:55 honeypot-fra-1 sshd[32335]: Received disconnect from 62.218.227.178 port 40986:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:56.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:56 honeypot-fra-1 sshd[32339]: Received disconnect from 62.218.227.178 port 41070:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:57 honeypot-fra-1 sshd[32343]: Received disconnect from 62.218.227.178 port 41118:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:57 honeypot-fra-1 sshd[32347]: Received disconnect from 62.218.227.178 port 41144:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:58.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32351]: Received disconnect from 62.218.227.178 port 41166:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:59.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32355]: Received disconnect from 62.218.227.178 port 41192:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:30:59.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:59 honeypot-fra-1 sshd[32361]: Invalid user pi from 62.218.227.178 port 41238","@timestamp":"2022-09-11T12:31:00.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:00 honeypot-fra-1 sshd[32365]: Invalid user user from 62.218.227.178 port 41264","@timestamp":"2022-09-11T12:31:01.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:00 honeypot-fra-1 sshd[32369]: Invalid user mine from 62.218.227.178 port 41286","@timestamp":"2022-09-11T12:31:01.229Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:01 honeypot-ams-1 sshd[10105]: Received disconnect from 80.76.51.45 port 37320:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:31:01.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32373]: Invalid user xbmc from 62.218.227.178 port 41302","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:02 honeypot-fra-1 sshd[32377]: Invalid user oracle from 62.218.227.178 port 41322","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:31:02.777Z","@version":"1","message":"Sep 11 12:31:02 honeypot-sgp-1 sshd[6034]: Disconnected from authenticating user root 92.255.85.70 port 34610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:02 honeypot-fra-1 sshd[32381]: Invalid user postgres from 62.218.227.178 port 41340","@timestamp":"2022-09-11T12:31:03.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32385]: Invalid user support from 62.218.227.178 port 41360","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32389]: Invalid user ubuntu from 62.218.227.178 port 41390","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:04 honeypot-fra-1 sshd[32393]: Invalid user ubuntu from 62.218.227.178 port 41416","@timestamp":"2022-09-11T12:31:05.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32397]: Invalid user guest from 62.218.227.178 port 41436","@timestamp":"2022-09-11T12:31:05.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32401]: Invalid user cirros from 62.218.227.178 port 41502","@timestamp":"2022-09-11T12:31:06.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:31 honeypot-ams-1 sshd[10113]: Received disconnect from 80.76.51.45 port 59438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:31:32.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:34 honeypot-ams-1 sshd[10115]: Disconnected from invalid user vftpuser 81.169.137.181 port 38448 [preauth]","@timestamp":"2022-09-11T12:31:34.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:02 honeypot-ams-1 sshd[10121]: Received disconnect from 80.76.51.45 port 53234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:32:02.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:17 honeypot-ams-1 sshd[10125]: Disconnected from invalid user git 80.76.51.45 port 35898 [preauth]","@timestamp":"2022-09-11T12:32:17.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:23 honeypot-ams-1 sshd[10127]: Disconnected from invalid user user 167.172.152.18 port 46300 [preauth]","@timestamp":"2022-09-11T12:32:24.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:52 honeypot-ams-1 sshd[10132]: Disconnected from invalid user vagrant 81.169.137.181 port 42100 [preauth]","@timestamp":"2022-09-11T12:32:52.625Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:33:28 honeypot-fra-1 sshd[32405]: Invalid user tomcat7 from 91.240.118.222 port 24282","@timestamp":"2022-09-11T12:33:28.286Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:33:31 honeypot-ams-1 sshd[10136]: Disconnected from invalid user vanesa 81.169.137.181 port 58080 [preauth]","@timestamp":"2022-09-11T12:33:32.644Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:07 honeypot-ams-1 sshd[10140]: Received disconnect from 167.172.152.18 port 37342:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:34:07.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:32 honeypot-ams-1 sshd[10144]: Received disconnect from 167.172.152.18 port 56258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:34:33.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:58 honeypot-ams-1 sshd[10148]: Received disconnect from 167.172.152.18 port 46942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:34:59.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:35:31 honeypot-ams-1 sshd[10152]: Received disconnect from 81.169.137.181 port 49380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:35:32.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:09 honeypot-ams-1 sshd[10156]: Received disconnect from 92.255.85.70 port 15984:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:36:09.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:14 honeypot-ams-1 sshd[10160]: Received disconnect from 167.172.152.18 port 47306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:36:14.730Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:36:49 honeypot-fra-1 kernel: [83774239.875033] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19024 DF PROTO=TCP SPT=40386 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:36:50.363Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:53 honeypot-ams-1 sshd[10164]: Received disconnect from 81.169.137.181 port 53082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:36:53.748Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:30 honeypot-ams-1 sshd[10168]: Received disconnect from 167.172.152.18 port 48020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:37:30.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:55 honeypot-ams-1 sshd[10173]: Received disconnect from 167.172.152.18 port 38306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:37:55.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:38:45 honeypot-ams-1 sshd[10177]: Received disconnect from 167.172.152.18 port 47788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:38:46.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:39:37 honeypot-ams-1 sshd[10181]: Invalid user student from 167.172.152.18 port 57542","@timestamp":"2022-09-11T12:39:37.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:40:28 honeypot-ams-1 sshd[10185]: Invalid user weblogic from 167.172.152.18 port 38942","@timestamp":"2022-09-11T12:40:29.856Z"}
{"@timestamp":"2022-09-11T12:40:39.005Z","@version":"1","message":"Sep 11 12:40:38 honeypot-sgp-1 sshd[6046]: Received disconnect from 191.34.74.55 port 42230:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:41:01 honeypot-ams-1 sshd[10189]: Invalid user boon from 187.230.139.33 port 42607","@timestamp":"2022-09-11T12:41:02.873Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:43:37 honeypot-fra-1 sshd[32421]: Received disconnect from 165.22.45.108 port 50836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:43:37.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:44:10.093Z","@version":"1","message":"Sep 11 12:44:09 honeypot-sgp-1 sshd[6051]: Received disconnect from 179.189.19.64 port 36631:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:47:12 honeypot-ams-1 kernel: [83777017.728874] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=4356 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:47:13.036Z"}
{"@timestamp":"2022-09-11T12:50:59.260Z","@version":"1","message":"Sep 11 12:50:58 honeypot-sgp-1 kernel: [83776771.828910] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.8 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51517 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:52:38 honeypot-ams-1 sshd[10199]: Connection closed by 202.154.180.51 port 35889 [preauth]","@timestamp":"2022-09-11T12:52:39.180Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:52:40 honeypot-fra-1 sshd[32428]: Disconnected from authenticating user root 61.177.173.36 port 52010 [preauth]","@timestamp":"2022-09-11T12:52:41.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:57:25 honeypot-fra-1 kernel: [83775475.366057] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.141 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57367 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-11T12:57:25.845Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T12:59:29.465Z","@version":"1","message":"Sep 11 12:59:28 honeypot-sgp-1 kernel: [83777281.682069] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.49 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48186 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:05:39 honeypot-ams-1 sshd[10221]: Connection closed by invalid user test 193.106.191.157 port 60318 [preauth]","@timestamp":"2022-09-11T13:05:39.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:07:02 honeypot-fra-1 sshd[32442]: Disconnected from authenticating user root 61.177.172.108 port 52120 [preauth]","@timestamp":"2022-09-11T13:07:03.061Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:09:16.697Z","@version":"1","message":"Sep 11 13:09:16 honeypot-sgp-1 sshd[6076]: Invalid user user1 from 103.188.176.251 port 56842","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:16:31 honeypot-fra-1 sshd[32449]: Disconnected from authenticating user root 2.139.38.109 port 45926 [preauth]","@timestamp":"2022-09-11T13:16:31.273Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:17:01 honeypot-ams-1 CRON[10228]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T13:17:01.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:18:24 honeypot-fra-1 kernel: [83776735.003871] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=13.233.174.29 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=40851 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:18:25.319Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T13:18:47.926Z","@version":"1","message":"Sep 11 13:18:47 honeypot-sgp-1 sshd[6086]: Received disconnect from 92.255.85.70 port 59344:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:19:01 honeypot-fra-1 sshd[32462]: Received disconnect from 89.97.218.142 port 46048:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:19:02.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:20:41 honeypot-fra-1 sshd[32466]: Disconnected from authenticating user root 61.177.173.37 port 25018 [preauth]","@timestamp":"2022-09-11T13:20:42.376Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:22:44.021Z","@version":"1","message":"Sep 11 13:22:43 honeypot-sgp-1 sshd[6098]: Invalid user user from 141.255.162.226 port 38688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:22:46.022Z","@version":"1","message":"Sep 11 13:22:45 honeypot-sgp-1 sshd[6102]: Received disconnect from 141.255.162.226 port 52400:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:32 honeypot-ams-1 sshd[10237]: Received disconnect from 45.61.186.169 port 36640:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:23:33.029Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:52 honeypot-ams-1 sshd[10241]: Received disconnect from 45.61.186.169 port 59674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:23:53.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:12 honeypot-ams-1 sshd[10246]: Received disconnect from 45.61.186.169 port 54470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:24:13.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:29 honeypot-ams-1 sshd[10250]: Received disconnect from 45.61.186.169 port 49270:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:24:30.062Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:26:59 honeypot-fra-1 sshd[32475]: Invalid user test from 193.106.191.157 port 56516","@timestamp":"2022-09-11T13:26:59.543Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:28:10.150Z","@version":"1","message":"Sep 11 13:28:09 honeypot-sgp-1 kernel: [83779002.214356] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.91.246 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=31545 DF PROTO=TCP SPT=53264 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:20.207Z","@version":"1","message":"Sep 11 13:30:19 honeypot-sgp-1 sshd[6114]: Disconnected from invalid user user 45.61.184.204 port 57044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:40.216Z","@version":"1","message":"Sep 11 13:30:39 honeypot-sgp-1 sshd[6118]: Disconnected from invalid user user 45.61.184.204 port 52074 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:59.226Z","@version":"1","message":"Sep 11 13:30:58 honeypot-sgp-1 sshd[6122]: Disconnected from invalid user user 45.61.184.204 port 47062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:31:16.234Z","@version":"1","message":"Sep 11 13:31:15 honeypot-sgp-1 sshd[6126]: Disconnected from invalid user user 45.61.184.204 port 42070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:34:50 honeypot-fra-1 sshd[32485]: Disconnected from authenticating user root 200.143.73.106 port 42884 [preauth]","@timestamp":"2022-09-11T13:34:50.716Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:03 honeypot-ams-1 sshd[10255]: Disconnected from invalid user user 45.61.184.204 port 44684 [preauth]","@timestamp":"2022-09-11T13:36:04.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:22 honeypot-ams-1 sshd[10259]: Disconnected from invalid user user 45.61.184.204 port 40062 [preauth]","@timestamp":"2022-09-11T13:36:23.366Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:36:32 honeypot-fra-1 sshd[32491]: Disconnected from invalid user shipping 190.210.182.179 port 38153 [preauth]","@timestamp":"2022-09-11T13:36:32.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:41 honeypot-ams-1 sshd[10263]: Disconnected from invalid user user 45.61.184.204 port 35444 [preauth]","@timestamp":"2022-09-11T13:36:42.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:59 honeypot-ams-1 sshd[10267]: Received disconnect from 45.61.184.204 port 59058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:36:59.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:40:26 honeypot-ams-1 sshd[10272]: Invalid user sbear from 137.184.90.200 port 34684","@timestamp":"2022-09-11T13:40:27.478Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:42:56 honeypot-fra-1 kernel: [83778206.777998] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57077 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:42:56.899Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T13:43:13.519Z","@version":"1","message":"Sep 11 13:43:13 honeypot-sgp-1 sshd[6138]: Disconnected from authenticating user root 61.177.173.36 port 23713 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:47:00.612Z","@version":"1","message":"Sep 11 13:46:59 honeypot-sgp-1 sshd[6145]: Received disconnect from 179.107.34.178 port 21134:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:48:29 honeypot-fra-1 sshd[32503]: Disconnected from authenticating user root 61.177.173.51 port 30713 [preauth]","@timestamp":"2022-09-11T13:48:30.024Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:51:49.730Z","@version":"1","message":"Sep 11 13:51:49 honeypot-sgp-1 sshd[6152]: Invalid user david from 14.63.162.98 port 51671","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:53:00 honeypot-ams-1 kernel: [83780965.952726] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17765 PROTO=TCP SPT=57651 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:53:00.807Z"}
{"@timestamp":"2022-09-11T13:54:00.787Z","@version":"1","message":"Sep 11 13:54:00 honeypot-sgp-1 kernel: [83780553.666260] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.197.13 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55212 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:58:44 honeypot-ams-1 sshd[10279]: Received disconnect from 43.155.104.6 port 47880:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:58:44.959Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:01:05 honeypot-ams-1 kernel: [83781450.669691] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.187.167.133 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=3071 DF PROTO=TCP SPT=46199 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:01:06.023Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:01:52 honeypot-fra-1 sshd[32519]: Connection reset by 61.177.172.124 port 10510 [preauth]","@timestamp":"2022-09-11T14:01:53.318Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:06:03.076Z","@version":"1","message":"Sep 11 14:06:02 honeypot-sgp-1 sshd[6169]: Disconnected from authenticating user root 92.255.85.69 port 15488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:17 honeypot-fra-1 sshd[32524]: Invalid user user from 45.61.184.204 port 45054","@timestamp":"2022-09-11T14:06:17.420Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:06:33 honeypot-ams-1 kernel: [83781779.292440] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.137.179 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=20688 PROTO=TCP SPT=39906 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:06:34.184Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:36 honeypot-fra-1 sshd[32528]: Invalid user user from 45.61.184.204 port 40058","@timestamp":"2022-09-11T14:06:37.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:56 honeypot-fra-1 sshd[32533]: Invalid user user from 45.61.184.204 port 35058","@timestamp":"2022-09-11T14:06:56.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:07:14 honeypot-fra-1 sshd[32537]: Invalid user user from 45.61.184.204 port 58290","@timestamp":"2022-09-11T14:07:15.448Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:08:30 honeypot-fra-1 sshd[32539]: Disconnected from invalid user jrobinson 203.190.153.19 port 43600 [preauth]","@timestamp":"2022-09-11T14:08:31.477Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:10:17 honeypot-fra-1 sshd[32547]: Invalid user vt from 122.176.119.202 port 53280","@timestamp":"2022-09-11T14:10:17.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:11:29 honeypot-ams-1 sshd[10292]: Received disconnect from 104.248.116.140 port 39350:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:11:29.317Z"}
{"@timestamp":"2022-09-11T14:13:29.258Z","@version":"1","message":"Sep 11 14:13:28 honeypot-sgp-1 sshd[6176]: Disconnected from authenticating user root 61.177.172.104 port 35954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:15:24 honeypot-fra-1 kernel: [83780154.642031] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=48012 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:15:25.635Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:17:12 honeypot-ams-1 kernel: [83782418.271832] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.94.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48390 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:17:13.470Z"}
{"@timestamp":"2022-09-11T14:17:38.359Z","@version":"1","message":"Sep 11 14:17:38 honeypot-sgp-1 kernel: [83781971.186332] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.223.131.138 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5034 PROTO=TCP SPT=45544 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:18:32 honeypot-fra-1 kernel: [83780342.880670] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=5317 PROTO=TCP SPT=42993 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:18:33.708Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:19:37 honeypot-ams-1 sshd[10302]: Received disconnect from 91.240.118.222 port 57546:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-11T14:19:38.536Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:23:14 honeypot-fra-1 sshd[32564]: Disconnected from invalid user kdougherty 165.22.45.108 port 39454 [preauth]","@timestamp":"2022-09-11T14:23:14.813Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:29:27.644Z","@version":"1","message":"Sep 11 14:29:27 honeypot-sgp-1 sshd[6190]: Disconnected from authenticating user root 92.255.85.69 port 56766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:30:34 honeypot-fra-1 kernel: [83781064.611680] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.175 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51267 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:30:34.977Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:32:36 honeypot-fra-1 kernel: [83781186.517892] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.197.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46163 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:32:37.027Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:51 honeypot-ams-1 sshd[10308]: Received disconnect from 182.105.189.1 port 39918:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:33:51.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:57 honeypot-ams-1 sshd[10312]: Disconnected from authenticating user root 182.105.189.1 port 40054 [preauth]","@timestamp":"2022-09-11T14:33:57.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:04 honeypot-ams-1 sshd[10318]: Disconnected from authenticating user root 182.105.189.1 port 40245 [preauth]","@timestamp":"2022-09-11T14:34:04.922Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:13 honeypot-ams-1 sshd[10324]: Disconnected from authenticating user root 182.105.189.1 port 40440 [preauth]","@timestamp":"2022-09-11T14:34:13.927Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:19 honeypot-ams-1 sshd[10330]: Disconnected from authenticating user root 182.105.189.1 port 40633 [preauth]","@timestamp":"2022-09-11T14:34:19.930Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:25 honeypot-ams-1 sshd[10336]: Disconnected from authenticating user root 182.105.189.1 port 40793 [preauth]","@timestamp":"2022-09-11T14:34:25.934Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:28 honeypot-fra-1 sshd[32584]: Received disconnect from 45.61.184.204 port 45846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:34:29.072Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:32 honeypot-ams-1 sshd[10342]: Disconnected from authenticating user root 182.105.189.1 port 40972 [preauth]","@timestamp":"2022-09-11T14:34:32.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:40 honeypot-ams-1 sshd[10348]: Disconnected from authenticating user root 182.105.189.1 port 41156 [preauth]","@timestamp":"2022-09-11T14:34:40.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:48 honeypot-ams-1 sshd[10354]: Disconnected from authenticating user root 182.105.189.1 port 41347 [preauth]","@timestamp":"2022-09-11T14:34:48.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:49 honeypot-fra-1 sshd[32588]: Received disconnect from 45.61.184.204 port 41446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:34:50.082Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:55 honeypot-ams-1 sshd[10360]: Disconnected from authenticating user root 182.105.189.1 port 41534 [preauth]","@timestamp":"2022-09-11T14:34:56.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:59 honeypot-ams-1 sshd[10364]: Disconnected from authenticating user root 182.105.189.1 port 41635 [preauth]","@timestamp":"2022-09-11T14:35:00.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:07 honeypot-ams-1 sshd[10372]: Disconnected from authenticating user root 182.105.189.1 port 41846 [preauth]","@timestamp":"2022-09-11T14:35:08.029Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:35:08 honeypot-fra-1 sshd[32592]: Received disconnect from 45.61.184.204 port 37044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:35:09.090Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:14 honeypot-ams-1 sshd[10378]: Disconnected from authenticating user root 182.105.189.1 port 42031 [preauth]","@timestamp":"2022-09-11T14:35:15.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:21 honeypot-ams-1 sshd[10382]: Disconnected from invalid user admin 182.105.189.1 port 42148 [preauth]","@timestamp":"2022-09-11T14:35:22.038Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:35:27 honeypot-fra-1 sshd[32596]: Received disconnect from 45.61.184.204 port 60878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T14:35:27.099Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:27 honeypot-ams-1 sshd[10386]: Disconnected from invalid user admin 182.105.189.1 port 42319 [preauth]","@timestamp":"2022-09-11T14:35:28.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:31 honeypot-ams-1 sshd[10390]: Disconnected from invalid user admin 182.105.189.1 port 42453 [preauth]","@timestamp":"2022-09-11T14:35:32.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:36 honeypot-ams-1 sshd[10394]: Disconnected from invalid user admin 182.105.189.1 port 42559 [preauth]","@timestamp":"2022-09-11T14:35:36.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:40 honeypot-ams-1 sshd[10398]: Disconnected from invalid user admin 182.105.189.1 port 42655 [preauth]","@timestamp":"2022-09-11T14:35:41.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:46 honeypot-ams-1 sshd[10404]: Received disconnect from 182.105.189.1 port 42812:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:47.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:51 honeypot-ams-1 sshd[10408]: Received disconnect from 182.105.189.1 port 42919:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:52.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:56 honeypot-ams-1 sshd[10412]: Received disconnect from 182.105.189.1 port 43049:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:57.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:04 honeypot-ams-1 sshd[10416]: Received disconnect from 182.105.189.1 port 43180:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:05.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:08 honeypot-ams-1 sshd[10420]: Received disconnect from 182.105.189.1 port 43372:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:09.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:17 honeypot-ams-1 sshd[10424]: Received disconnect from 182.105.189.1 port 43549:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:18.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:21 honeypot-ams-1 sshd[10428]: Received disconnect from 182.105.189.1 port 43682:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:22.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:25 honeypot-ams-1 sshd[10432]: Received disconnect from 182.105.189.1 port 43784:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:26.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:32 honeypot-ams-1 sshd[10436]: Received disconnect from 182.105.189.1 port 43951:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:33.082Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:38 honeypot-ams-1 sshd[10440]: Received disconnect from 182.105.189.1 port 44060:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:39.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:44 honeypot-ams-1 sshd[10444]: Received disconnect from 182.105.189.1 port 44216:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:44.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:49 honeypot-ams-1 sshd[10448]: Received disconnect from 182.105.189.1 port 44366:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:36:50.095Z"}
{"@timestamp":"2022-09-11T14:37:29.839Z","@version":"1","message":"Sep 11 14:37:29 honeypot-sgp-1 kernel: [83783161.852270] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.93 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=40173 PROTO=TCP SPT=17228 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:18 honeypot-ams-1 sshd[10454]: Invalid user user from 45.61.186.49 port 47604","@timestamp":"2022-09-11T14:44:19.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:27 honeypot-ams-1 sshd[10458]: Invalid user user from 45.61.186.49 port 59112","@timestamp":"2022-09-11T14:44:28.289Z"}
{"@timestamp":"2022-09-11T14:45:19.046Z","@version":"1","message":"Sep 11 14:45:18 honeypot-sgp-1 sshd[6208]: Invalid user tester from 49.247.22.240 port 43610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T14:45:54.062Z","@version":"1","message":"Sep 11 14:45:53 honeypot-sgp-1 sshd[6210]: Disconnected from invalid user owncloud 175.118.152.100 port 45013 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:47:32 honeypot-ams-1 sshd[10460]: Did not receive identification string from 58.72.18.130 port 45711","@timestamp":"2022-09-11T14:47:33.375Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:50:42 honeypot-fra-1 sshd[32602]: Disconnected from authenticating user root 190.202.124.93 port 60090 [preauth]","@timestamp":"2022-09-11T14:50:43.435Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:52:38.225Z","@version":"1","message":"Sep 11 14:52:38 honeypot-sgp-1 sshd[6215]: Disconnected from authenticating user root 92.255.85.69 port 32354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:54:13 honeypot-fra-1 sshd[32611]: Received disconnect from 61.177.173.36 port 23179:11:  [preauth]","@timestamp":"2022-09-11T14:54:13.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:55:08 honeypot-fra-1 sshd[32615]: Disconnected from authenticating user root 92.255.85.69 port 48320 [preauth]","@timestamp":"2022-09-11T14:55:08.540Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:01:25.436Z","@version":"1","message":"Sep 11 15:01:24 honeypot-sgp-1 sshd[6225]: Invalid user user from 45.61.186.249 port 37472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:01:44.446Z","@version":"1","message":"Sep 11 15:01:44 honeypot-sgp-1 sshd[6231]: Invalid user user from 45.61.186.249 port 60436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:02:02.456Z","@version":"1","message":"Sep 11 15:02:02 honeypot-sgp-1 sshd[6235]: Invalid user user from 45.61.186.249 port 55124","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:02:20.465Z","@version":"1","message":"Sep 11 15:02:20 honeypot-sgp-1 sshd[6239]: Invalid user user from 45.61.186.249 port 49836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:02:39 honeypot-fra-1 kernel: [83782989.532043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.189.26.37 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=32255 DF PROTO=TCP SPT=61077 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:02:39.710Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:04:27 honeypot-ams-1 sshd[10467]: Received disconnect from 154.92.19.8 port 34942:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:04:27.806Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:04:55 honeypot-fra-1 sshd[32626]: Disconnected from authenticating user root 61.177.173.35 port 13317 [preauth]","@timestamp":"2022-09-11T15:04:55.763Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:07:43.613Z","@version":"1","message":"Sep 11 15:07:42 honeypot-sgp-1 sshd[6246]: Received disconnect from 152.179.67.70 port 3463:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:08:28 honeypot-ams-1 kernel: [83785493.723678] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.232.46.222 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=41380 PROTO=TCP SPT=48593 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:08:28.914Z"}
{"@timestamp":"2022-09-11T15:10:37.684Z","@version":"1","message":"Sep 11 15:10:36 honeypot-sgp-1 sshd[6253]: Received disconnect from 61.177.173.49 port 24609:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:12:40 honeypot-fra-1 kernel: [83783589.839223] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24158 PROTO=TCP SPT=48403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:12:40.934Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:15:18 honeypot-ams-1 kernel: [83785903.567982] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.148 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47704 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:15:19.090Z"}
{"@timestamp":"2022-09-11T15:15:51.809Z","@version":"1","message":"Sep 11 15:15:50 honeypot-sgp-1 sshd[6259]: Received disconnect from 92.255.85.70 port 47476:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:17:01 honeypot-fra-1 CRON[32642]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T15:17:02.034Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:19:20 honeypot-ams-1 kernel: [83786145.394821] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.210.150 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55041 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:19:20.198Z"}
{"@timestamp":"2022-09-11T15:19:42.904Z","@version":"1","message":"Sep 11 15:19:42 honeypot-sgp-1 sshd[6264]: Disconnected from authenticating user root 61.177.173.50 port 21116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:19:46 honeypot-fra-1 sshd[32647]: Connection closed by invalid user user1 103.188.176.251 port 55046 [preauth]","@timestamp":"2022-09-11T15:19:47.098Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:25:05 honeypot-ams-1 sshd[10485]: Received disconnect from 157.230.37.156 port 43480:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:25:05.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:26:41 honeypot-fra-1 sshd[32656]: Disconnected from authenticating user root 61.177.173.36 port 63317 [preauth]","@timestamp":"2022-09-11T15:26:41.253Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:27:17.087Z","@version":"1","message":"Sep 11 15:27:16 honeypot-sgp-1 sshd[6269]: Received disconnect from 61.177.173.39 port 32118:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:29:34 honeypot-ams-1 kernel: [83786760.238843] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=43993 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:29:35.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:30:08 honeypot-fra-1 sshd[32662]: Disconnected from invalid user keith1 165.22.45.108 port 49456 [preauth]","@timestamp":"2022-09-11T15:30:08.349Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:35:22.282Z","@version":"1","message":"Sep 11 15:35:22 honeypot-sgp-1 kernel: [83786634.933426] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.232.46.222 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=3725 PROTO=TCP SPT=49837 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:38:34 honeypot-fra-1 sshd[32667]: Received disconnect from 61.177.172.19 port 55778:11:  [preauth]","@timestamp":"2022-09-11T15:38:34.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:39:15 honeypot-fra-1 sshd[32673]: Received disconnect from 46.101.38.229 port 38802:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:39:15.558Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:39:40 honeypot-ams-1 sshd[10563]: Disconnected from invalid user test 202.74.243.26 port 30072 [preauth]","@timestamp":"2022-09-11T15:39:40.721Z"}
{"@timestamp":"2022-09-11T15:41:06.419Z","@version":"1","message":"Sep 11 15:41:05 honeypot-sgp-1 kernel: [83786978.565311] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=50309 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:42:16 honeypot-fra-1 sshd[32678]: Received disconnect from 92.255.85.69 port 47070:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:42:16.626Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:46:21 honeypot-fra-1 sshd[32683]: Disconnected from 61.177.173.52 port 36997 [preauth]","@timestamp":"2022-09-11T15:46:22.719Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:46:46.556Z","@version":"1","message":"Sep 11 15:46:45 honeypot-sgp-1 sshd[6288]: Did not receive identification string from 58.72.18.130 port 48218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:48:21.596Z","@version":"1","message":"Sep 11 15:48:20 honeypot-sgp-1 sshd[6293]: Disconnected from invalid user debug 51.79.164.95 port 50274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:48:33 honeypot-fra-1 sshd[32689]: Received disconnect from 61.177.173.36 port 58985:11:  [preauth]","@timestamp":"2022-09-11T15:48:34.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:49:32 honeypot-ams-1 kernel: [83787958.365058] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.41 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39648 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:49:33.978Z"}
{"@timestamp":"2022-09-11T15:55:23.763Z","@version":"1","message":"Sep 11 15:55:23 honeypot-sgp-1 kernel: [83787835.935037] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=46289 PROTO=TCP SPT=45116 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:57:07 honeypot-ams-1 kernel: [83788413.153426] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=68.183.94.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=10881 PROTO=TCP SPT=61953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:57:08.170Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:57:54 honeypot-fra-1 sshd[32695]: Received disconnect from 61.177.173.35 port 50797:11:  [preauth]","@timestamp":"2022-09-11T15:57:54.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:01:58 honeypot-ams-1 sshd[10575]: Disconnected from invalid user aker 112.217.169.138 port 11196 [preauth]","@timestamp":"2022-09-11T16:01:58.301Z"}
{"@timestamp":"2022-09-11T16:02:06.922Z","@version":"1","message":"Sep 11 16:02:06 honeypot-sgp-1 sshd[6311]: Received disconnect from 143.110.179.172 port 39070:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:05:56 honeypot-fra-1 kernel: [83786786.194170] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47204 PROTO=TCP SPT=45026 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:05:57.168Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:08:31 honeypot-ams-1 sshd[10582]: Received disconnect from 92.255.85.69 port 26594:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:08:31.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:15:04 honeypot-ams-1 sshd[10587]: Received disconnect from 87.255.193.50 port 42478:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:15:04.646Z"}
{"@timestamp":"2022-09-11T16:17:02.295Z","@version":"1","message":"Sep 11 16:17:01 honeypot-sgp-1 CRON[6319]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:17:01 honeypot-fra-1 CRON[32705]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T16:17:02.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:23:38 honeypot-ams-1 sshd[10593]: Connection closed by invalid user test 193.106.191.157 port 39534 [preauth]","@timestamp":"2022-09-11T16:23:38.875Z"}
{"@timestamp":"2022-09-11T16:26:42.528Z","@version":"1","message":"Sep 11 16:26:41 honeypot-sgp-1 kernel: [83789714.314737] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.97.230.27 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=48764 PROTO=TCP SPT=53595 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:28:50 honeypot-fra-1 kernel: [83788159.895949] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.205.213.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=53534 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:28:50.713Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T16:33:39.693Z","@version":"1","message":"Sep 11 16:33:39 honeypot-sgp-1 sshd[6332]: Disconnected from invalid user ubuntu 204.131.249.226 port 59540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:35:20 honeypot-fra-1 kernel: [83788550.491658] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=32849 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:35:20.859Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T16:41:42.885Z","@version":"1","message":"Sep 11 16:41:42 honeypot-sgp-1 sshd[6337]: Received disconnect from 204.131.249.226 port 60104:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T16:43:09.922Z","@version":"1","message":"Sep 11 16:43:09 honeypot-sgp-1 sshd[6341]: Received disconnect from 182.253.141.117 port 51358:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:44:59 honeypot-ams-1 kernel: [83791284.705315] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.23 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=50545 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:44:59.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:50:16 honeypot-ams-1 sshd[10601]: Received disconnect from 178.128.16.206 port 56076:11: Bye Bye [preauth]","@timestamp":"2022-09-11T16:50:16.602Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:51:51 honeypot-fra-1 kernel: [83789540.919606] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.196.163 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47031 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:51:52.222Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T16:56:03.226Z","@version":"1","message":"Sep 11 16:56:02 honeypot-sgp-1 sshd[6349]: Connection closed by 200.68.60.130 port 45040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:56:51 honeypot-ams-1 sshd[10606]: Invalid user ftpuser from 92.46.126.30 port 41694","@timestamp":"2022-09-11T16:56:51.778Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:57:02 honeypot-ams-1 kernel: [83792007.420674] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.62.170.160 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=64468 DF PROTO=TCP SPT=2131 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:57:02.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:00:47 honeypot-fra-1 kernel: [83790077.493405] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.128.103.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=14307 PROTO=TCP SPT=29020 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:00:48.421Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:02:10 honeypot-ams-1 sshd[10609]: Disconnected from invalid user alexia 192.241.243.84 port 52572 [preauth]","@timestamp":"2022-09-11T17:02:10.925Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:38 honeypot-fra-1 sshd[32730]: Received disconnect from 141.255.162.226 port 46320:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:02:38.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:44 honeypot-fra-1 sshd[32734]: Received disconnect from 141.255.162.226 port 46234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:02:44.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:46 honeypot-fra-1 sshd[32738]: Connection closed by invalid user user 141.255.162.226 port 53352 [preauth]","@timestamp":"2022-09-11T17:02:46.471Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:06:44 honeypot-fra-1 sshd[32744]: Invalid user user from 45.61.186.169 port 40906","@timestamp":"2022-09-11T17:06:45.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:01 honeypot-fra-1 sshd[32748]: Invalid user user from 45.61.186.169 port 35920","@timestamp":"2022-09-11T17:07:02.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:17 honeypot-fra-1 sshd[32752]: Invalid user user from 45.61.186.169 port 59180","@timestamp":"2022-09-11T17:07:18.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:09:01 honeypot-fra-1 CRON[32756]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T17:09:01.622Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:09:45.550Z","@version":"1","message":"Sep 11 17:09:44 honeypot-sgp-1 kernel: [83792297.251767] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=22638 PROTO=TCP SPT=57502 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:09:49 honeypot-fra-1 sshd[32761]: Disconnected from invalid user kelvin 165.22.45.108 port 36208 [preauth]","@timestamp":"2022-09-11T17:09:49.642Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:13:16.634Z","@version":"1","message":"Sep 11 17:13:15 honeypot-sgp-1 sshd[6362]: Disconnected from invalid user user 45.61.187.160 port 54338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:36.645Z","@version":"1","message":"Sep 11 17:13:35 honeypot-sgp-1 sshd[6366]: Disconnected from invalid user user 45.61.187.160 port 49052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:54.654Z","@version":"1","message":"Sep 11 17:13:53 honeypot-sgp-1 sshd[6370]: Disconnected from invalid user user 45.61.187.160 port 43774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:14:10.662Z","@version":"1","message":"Sep 11 17:14:10 honeypot-sgp-1 sshd[6375]: Disconnected from invalid user user 45.61.187.160 port 38504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:14:24 honeypot-fra-1 sshd[745]: Disconnected from invalid user user 167.99.220.160 port 56718 [preauth]","@timestamp":"2022-09-11T17:14:24.743Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:26 honeypot-ams-1 sshd[10618]: Did not receive identification string from 45.61.186.49 port 41648","@timestamp":"2022-09-11T17:14:27.241Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:42 honeypot-ams-1 sshd[10621]: Received disconnect from 45.61.186.49 port 50534:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:14:43.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:53 honeypot-ams-1 sshd[10625]: Connection closed by invalid user user 45.61.186.49 port 34010 [preauth]","@timestamp":"2022-09-11T17:14:53.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:16:55 honeypot-fra-1 sshd[750]: Disconnected from invalid user test2 92.255.85.70 port 63044 [preauth]","@timestamp":"2022-09-11T17:16:55.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:19:00 honeypot-ams-1 sshd[10630]: Received disconnect from 92.255.85.69 port 32550:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:19:00.366Z"}
{"@timestamp":"2022-09-11T17:19:22.784Z","@version":"1","message":"Sep 11 17:19:21 honeypot-sgp-1 sshd[6383]: Invalid user gc from 165.227.84.172 port 47210","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:27:47.981Z","@version":"1","message":"Sep 11 17:27:47 honeypot-sgp-1 sshd[6386]: Disconnected from 147.182.219.221 port 50146 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:29:43 honeypot-ams-1 sshd[10635]: Connection closed by invalid user test 193.106.191.157 port 51432 [preauth]","@timestamp":"2022-09-11T17:29:44.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:30:13 honeypot-fra-1 kernel: [83791842.781279] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=52.155.249.246 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60026 PROTO=TCP SPT=56050 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:30:14.094Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:30:58 honeypot-fra-1 sshd[760]: Connection closed by invalid user admin 128.199.160.207 port 57026 [preauth]","@timestamp":"2022-09-11T17:30:59.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:30:58 honeypot-ams-1 sshd[10641]: Received disconnect from 45.61.187.160 port 47514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:30:59.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:20 honeypot-ams-1 sshd[10645]: Received disconnect from 45.61.187.160 port 42672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:31:20.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:38 honeypot-ams-1 sshd[10649]: Received disconnect from 45.61.187.160 port 37834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:31:38.701Z"}
{"@timestamp":"2022-09-11T17:33:07.109Z","@version":"1","message":"Sep 11 17:33:06 honeypot-sgp-1 sshd[6393]: Disconnected from 161.35.113.79 port 35168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:35:19 honeypot-ams-1 kernel: [83794305.014708] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 PROTO=TCP SPT=19848 DPT=443 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:35:19.795Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:38:21 honeypot-fra-1 sshd[765]: Invalid user monitor from 51.83.71.70 port 60804","@timestamp":"2022-09-11T17:38:22.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:41:23 honeypot-fra-1 sshd[770]: Received disconnect from 103.3.247.120 port 48006:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:41:23.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:42:26 honeypot-ams-1 sshd[10658]: Received disconnect from 75.30.64.54 port 55812:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:42:26.981Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:45:29 honeypot-ams-1 kernel: [83794915.068484] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=49503 PROTO=TCP SPT=48868 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:45:30.062Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:47:14 honeypot-fra-1 sshd[775]: Received disconnect from 101.36.108.12 port 59054:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:47:15.476Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:50:23.526Z","@version":"1","message":"Sep 11 17:50:22 honeypot-sgp-1 sshd[6400]: Invalid user admin from 178.128.125.205 port 31284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:50:23.527Z","@version":"1","message":"Sep 11 17:50:22 honeypot-sgp-1 sshd[6406]: Invalid user admin from 178.128.125.205 port 31310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:51:05 honeypot-ams-1 kernel: [83795251.208853] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.251.9.244 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=50 ID=43194 DF PROTO=TCP SPT=60214 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:51:06.206Z"}
{"@timestamp":"2022-09-11T17:53:28.604Z","@version":"1","message":"Sep 11 17:53:27 honeypot-sgp-1 sshd[6412]: Invalid user oracle from 147.182.188.81 port 58288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:53:49 honeypot-fra-1 sshd[782]: Connection closed by authenticating user root 103.188.176.251 port 37802 [preauth]","@timestamp":"2022-09-11T17:53:49.626Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:33 honeypot-fra-1 sshd[787]: Received disconnect from 141.255.162.226 port 39334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:55:33.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:35 honeypot-fra-1 sshd[791]: Received disconnect from 141.255.162.226 port 44196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T17:55:36.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:56:50 honeypot-ams-1 kernel: [83795595.432637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.127.99.100 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x80 TTL=111 ID=17196 DF PROTO=TCP SPT=29407 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:56:50.357Z"}
{"@timestamp":"2022-09-11T17:57:48.710Z","@version":"1","message":"Sep 11 17:57:47 honeypot-sgp-1 sshd[6417]: Invalid user Administrator from 132.148.75.125 port 33370","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:58:35 honeypot-fra-1 kernel: [83793544.695879] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=117.30.114.191 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=41279 DF PROTO=TCP SPT=38080 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:58:35.737Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:59:04.743Z","@version":"1","message":"Sep 11 17:59:03 honeypot-sgp-1 sshd[6422]: Disconnected from authenticating user root 132.148.75.125 port 60438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:00:24.779Z","@version":"1","message":"Sep 11 18:00:24 honeypot-sgp-1 sshd[6428]: Received disconnect from 92.255.85.69 port 22150:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:01:41.816Z","@version":"1","message":"Sep 11 18:01:41 honeypot-sgp-1 sshd[6432]: Received disconnect from 132.148.75.125 port 35082:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:02:24 honeypot-ams-1 sshd[10674]: Invalid user chad from 104.28.206.119 port 32121","@timestamp":"2022-09-11T18:02:25.503Z"}
{"@timestamp":"2022-09-11T18:03:02.881Z","@version":"1","message":"Sep 11 18:03:02 honeypot-sgp-1 sshd[6436]: Received disconnect from 132.148.75.125 port 42882:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:05:01.933Z","@version":"1","message":"Sep 11 18:05:01 honeypot-sgp-1 sshd[6443]: Received disconnect from 132.148.75.125 port 37812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:06:37 honeypot-ams-1 sshd[10678]: Invalid user test2 from 92.255.85.69 port 26888","@timestamp":"2022-09-11T18:06:38.612Z"}
{"@timestamp":"2022-09-11T18:07:00.985Z","@version":"1","message":"Sep 11 18:07:00 honeypot-sgp-1 sshd[6449]: Received disconnect from 132.148.75.125 port 58498:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:07:53 honeypot-fra-1 kernel: [83794102.904459] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.255.226.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30334 PROTO=TCP SPT=59668 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:07:53.946Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:09:06.040Z","@version":"1","message":"Sep 11 18:09:05 honeypot-sgp-1 sshd[6456]: Received disconnect from 132.148.75.125 port 58416:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:11:10.094Z","@version":"1","message":"Sep 11 18:11:09 honeypot-sgp-1 sshd[6462]: Received disconnect from 132.148.75.125 port 57682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:11:12 honeypot-ams-1 kernel: [83796458.197106] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.251.9.244 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=49792 DF PROTO=TCP SPT=60362 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:11:13.731Z"}
{"@timestamp":"2022-09-11T18:12:29.147Z","@version":"1","message":"Sep 11 18:12:28 honeypot-sgp-1 sshd[6466]: Disconnected from authenticating user root 132.148.75.125 port 60372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:13:15 honeypot-fra-1 kernel: [83794424.895969] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.70.190.45 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=8336 DF PROTO=TCP SPT=41488 DPT=5432 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:13:16.069Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:14:29.199Z","@version":"1","message":"Sep 11 18:14:29 honeypot-sgp-1 sshd[6473]: Disconnected from authenticating user root 132.148.75.125 port 53996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:15:59.241Z","@version":"1","message":"Sep 11 18:15:59 honeypot-sgp-1 sshd[6479]: Did not receive identification string from 141.255.162.226 port 53546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:07.244Z","@version":"1","message":"Sep 11 18:16:06 honeypot-sgp-1 sshd[6482]: Disconnected from invalid user user 141.255.162.226 port 40108 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:12.248Z","@version":"1","message":"Sep 11 18:16:11 honeypot-sgp-1 sshd[6488]: Invalid user user from 141.255.162.226 port 51128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:16:22 honeypot-fra-1 sshd[804]: Received disconnect from 165.22.45.108 port 45818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T18:16:23.141Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:17:01 honeypot-ams-1 CRON[10682]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T18:17:01.884Z"}
{"@timestamp":"2022-09-11T18:17:02.268Z","@version":"1","message":"Sep 11 18:17:01 honeypot-sgp-1 CRON[6494]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:18:32.307Z","@version":"1","message":"Sep 11 18:18:31 honeypot-sgp-1 sshd[6501]: Disconnected from authenticating user root 132.148.75.125 port 41380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:20:27 honeypot-ams-1 kernel: [83797012.842308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=37024 PROTO=TCP SPT=64048 DPT=80 WINDOW=4056 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:20:27.975Z"}
{"@timestamp":"2022-09-11T18:20:38.362Z","@version":"1","message":"Sep 11 18:20:38 honeypot-sgp-1 sshd[6508]: Received disconnect from 132.148.75.125 port 41786:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:21:05 honeypot-ams-1 sshd[10692]: Received disconnect from 92.63.206.81 port 51188:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:21:05.995Z"}
{"@timestamp":"2022-09-11T18:22:47.418Z","@version":"1","message":"Sep 11 18:22:46 honeypot-sgp-1 sshd[6514]: Received disconnect from 132.148.75.125 port 45246:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:23:53.447Z","@version":"1","message":"Sep 11 18:23:52 honeypot-sgp-1 sshd[6518]: Disconnected from invalid user contador 92.255.85.69 port 21270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:25:30.491Z","@version":"1","message":"Sep 11 18:25:29 honeypot-sgp-1 sshd[6526]: Received disconnect from 132.148.75.125 port 56250:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:26:44 honeypot-fra-1 sshd[813]: Disconnected from invalid user contador 92.255.85.70 port 23596 [preauth]","@timestamp":"2022-09-11T18:26:45.366Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:27:35.546Z","@version":"1","message":"Sep 11 18:27:34 honeypot-sgp-1 sshd[6532]: Received disconnect from 132.148.75.125 port 57260:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:29:04 honeypot-ams-1 sshd[10697]: Received disconnect from 92.255.85.70 port 45776:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:29:05.201Z"}
{"@timestamp":"2022-09-11T18:29:39.599Z","@version":"1","message":"Sep 11 18:29:39 honeypot-sgp-1 sshd[6538]: Received disconnect from 132.148.75.125 port 55804:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:31:41.651Z","@version":"1","message":"Sep 11 18:31:41 honeypot-sgp-1 sshd[6545]: Received disconnect from 132.148.75.125 port 52574:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:33:18 honeypot-fra-1 sshd[821]: Connection closed by invalid user guest 128.199.72.244 port 48354 [preauth]","@timestamp":"2022-09-11T18:33:19.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:33:53.707Z","@version":"1","message":"Sep 11 18:33:52 honeypot-sgp-1 sshd[6551]: Received disconnect from 132.148.75.125 port 59508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:35:16.744Z","@version":"1","message":"Sep 11 18:35:16 honeypot-sgp-1 sshd[6555]: Disconnected from authenticating user root 132.148.75.125 port 37862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:37:19.798Z","@version":"1","message":"Sep 11 18:37:19 honeypot-sgp-1 sshd[6562]: Received disconnect from 132.148.75.125 port 32822:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:38:31 honeypot-ams-1 kernel: [83798097.137056] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.56.83.212 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=62904 PROTO=TCP SPT=40211 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:38:32.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:38:52 honeypot-fra-1 kernel: [83795961.822629] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42706 PROTO=TCP SPT=15274 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:38:52.647Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T18:39:24.852Z","@version":"1","message":"Sep 11 18:39:24 honeypot-sgp-1 sshd[6568]: Received disconnect from 132.148.75.125 port 57806:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:41:29.904Z","@version":"1","message":"Sep 11 18:41:29 honeypot-sgp-1 sshd[6574]: Received disconnect from 132.148.75.125 port 57824:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:42:31.930Z","@version":"1","message":"Sep 11 18:42:31 honeypot-sgp-1 kernel: [83797863.611324] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.77 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33912 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:42:42 honeypot-ams-1 sshd[10708]: Disconnected from authenticating user root 116.177.233.76 port 52654 [preauth]","@timestamp":"2022-09-11T18:42:43.551Z"}
{"@timestamp":"2022-09-11T18:43:33.958Z","@version":"1","message":"Sep 11 18:43:33 honeypot-sgp-1 sshd[6586]: Disconnected from authenticating user root 132.148.75.125 port 56696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:45:41 honeypot-ams-1 sshd[10712]: Invalid user xh from 143.110.177.216 port 47664","@timestamp":"2022-09-11T18:45:42.630Z"}
{"@timestamp":"2022-09-11T18:45:44.012Z","@version":"1","message":"Sep 11 18:45:43 honeypot-sgp-1 sshd[6592]: Disconnected from authenticating user root 132.148.75.125 port 33008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:47:24.055Z","@version":"1","message":"Sep 11 18:47:23 honeypot-sgp-1 sshd[6599]: Disconnected from authenticating user root 92.255.85.69 port 56470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:48:24 honeypot-fra-1 sshd[835]: Received disconnect from 182.253.113.138 port 42704:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:48:24.856Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:48:50 honeypot-ams-1 sshd[10717]: Invalid user student from 94.153.212.68 port 45224","@timestamp":"2022-09-11T18:48:50.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:49:57 honeypot-fra-1 sshd[839]: Disconnected from authenticating user root 92.255.85.70 port 60276 [preauth]","@timestamp":"2022-09-11T18:49:57.891Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:13 honeypot-ams-1 sshd[10719]: Did not receive identification string from 45.61.184.204 port 47786","@timestamp":"2022-09-11T18:51:13.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:37 honeypot-ams-1 sshd[10722]: Disconnected from invalid user user 45.61.184.204 port 40794 [preauth]","@timestamp":"2022-09-11T18:51:37.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:58 honeypot-ams-1 sshd[10726]: Disconnected from invalid user user 45.61.184.204 port 36346 [preauth]","@timestamp":"2022-09-11T18:51:58.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:17 honeypot-ams-1 sshd[10731]: Disconnected from invalid user user 45.61.184.204 port 60126 [preauth]","@timestamp":"2022-09-11T18:52:17.815Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:53:39 honeypot-ams-1 kernel: [83799004.323437] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.90.140.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=61 ID=8416 PROTO=TCP SPT=55950 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:53:39.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:57:12 honeypot-fra-1 sshd[846]: Invalid user test from 193.106.191.157 port 58752","@timestamp":"2022-09-11T18:57:13.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:00:08 honeypot-ams-1 sshd[10741]: Disconnected from authenticating user sys 45.237.45.144 port 59986 [preauth]","@timestamp":"2022-09-11T19:00:09.020Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:36 honeypot-fra-1 sshd[851]: Invalid user user from 45.61.184.204 port 58002","@timestamp":"2022-09-11T19:00:37.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:57 honeypot-fra-1 sshd[855]: Invalid user user from 45.61.184.204 port 54354","@timestamp":"2022-09-11T19:00:58.143Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:01:18 honeypot-fra-1 sshd[861]: Invalid user user from 45.61.184.204 port 50700","@timestamp":"2022-09-11T19:01:18.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:03:39.440Z","@version":"1","message":"Sep 11 19:03:38 honeypot-sgp-1 sshd[6605]: Received disconnect from 103.226.250.228 port 41844:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:39.515Z","@version":"1","message":"Sep 11 19:06:39 honeypot-sgp-1 sshd[6609]: Received disconnect from 141.255.162.226 port 60054:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:41.517Z","@version":"1","message":"Sep 11 19:06:40 honeypot-sgp-1 sshd[6611]: Received disconnect from 141.255.162.226 port 38200:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:43.518Z","@version":"1","message":"Sep 11 19:06:42 honeypot-sgp-1 sshd[6615]: Received disconnect from 141.255.162.226 port 53676:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:07:51 honeypot-fra-1 kernel: [83797700.327507] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61088 PROTO=TCP SPT=50557 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:07:51.294Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:35 honeypot-ams-1 sshd[10747]: Disconnected from invalid user user 45.61.186.249 port 56916 [preauth]","@timestamp":"2022-09-11T19:08:36.238Z"}
{"@timestamp":"2022-09-11T19:08:44.568Z","@version":"1","message":"Sep 11 19:08:44 honeypot-sgp-1 sshd[6622]: Invalid user download from 188.166.19.128 port 39004","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:54 honeypot-ams-1 sshd[10752]: Disconnected from invalid user user 45.61.186.249 port 51602 [preauth]","@timestamp":"2022-09-11T19:08:55.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:03 honeypot-ams-1 sshd[10757]: Received disconnect from 45.61.186.249 port 34888:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:09:04.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:20 honeypot-ams-1 sshd[10761]: Received disconnect from 45.61.186.249 port 57722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:09:21.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:10:09 honeypot-ams-1 sshd[10765]: Disconnected from authenticating user root 123.134.238.181 port 46440 [preauth]","@timestamp":"2022-09-11T19:10:09.286Z"}
{"@timestamp":"2022-09-11T19:11:28.634Z","@version":"1","message":"Sep 11 19:11:28 honeypot-sgp-1 kernel: [83799600.944319] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=58373 PROTO=TCP SPT=11318 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:16:20 honeypot-fra-1 sshd[869]: Invalid user server from 221.156.126.1 port 51114","@timestamp":"2022-09-11T19:16:20.498Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:17:01 honeypot-ams-1 CRON[10773]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T19:17:02.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:17:32 honeypot-fra-1 sshd[875]: Disconnected from 68.183.141.36 port 40890 [preauth]","@timestamp":"2022-09-11T19:17:32.525Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:19:31.834Z","@version":"1","message":"Sep 11 19:19:31 honeypot-sgp-1 sshd[6631]: Received disconnect from 198.98.61.9 port 35878:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:19:45.841Z","@version":"1","message":"Sep 11 19:19:44 honeypot-sgp-1 sshd[6635]: Received disconnect from 198.98.61.9 port 47508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:03.849Z","@version":"1","message":"Sep 11 19:20:03 honeypot-sgp-1 sshd[6639]: Received disconnect from 198.98.61.9 port 42318:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:20.857Z","@version":"1","message":"Sep 11 19:20:20 honeypot-sgp-1 sshd[6643]: Received disconnect from 198.98.61.9 port 37208:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:22:38 honeypot-fra-1 sshd[880]: Disconnected from invalid user kent 165.22.45.108 port 55436 [preauth]","@timestamp":"2022-09-11T19:22:39.640Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:24:28.955Z","@version":"1","message":"Sep 11 19:24:28 honeypot-sgp-1 sshd[6648]: Disconnected from authenticating user root 199.255.98.39 port 47918 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:49 honeypot-fra-1 sshd[886]: Received disconnect from 198.98.61.9 port 50696:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:24:49.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:06 honeypot-fra-1 sshd[890]: Invalid user user from 198.98.61.9 port 45800","@timestamp":"2022-09-11T19:25:06.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:21 honeypot-fra-1 sshd[894]: Invalid user user from 198.98.61.9 port 40900","@timestamp":"2022-09-11T19:25:21.708Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:26:35 honeypot-ams-1 sshd[10779]: Disconnected from authenticating user root 159.203.117.191 port 34370 [preauth]","@timestamp":"2022-09-11T19:26:35.711Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:26:40 honeypot-fra-1 kernel: [83798829.422740] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=10884 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:26:40.740Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:30:23 honeypot-ams-1 sshd[10784]: Disconnected from authenticating user root 159.223.60.4 port 59178 [preauth]","@timestamp":"2022-09-11T19:30:23.817Z"}
{"@timestamp":"2022-09-11T19:37:09.255Z","@version":"1","message":"Sep 11 19:37:08 honeypot-sgp-1 sshd[6654]: Received disconnect from 198.98.61.9 port 52286:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:27.265Z","@version":"1","message":"Sep 11 19:37:26 honeypot-sgp-1 sshd[6658]: Received disconnect from 198.98.61.9 port 47666:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:47.275Z","@version":"1","message":"Sep 11 19:37:46 honeypot-sgp-1 sshd[6662]: Received disconnect from 198.98.61.9 port 43042:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:38:04.283Z","@version":"1","message":"Sep 11 19:38:03 honeypot-sgp-1 sshd[6666]: Received disconnect from 198.98.61.9 port 38420:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:39:27 honeypot-ams-1 kernel: [83801752.898251] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.145.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40493 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:39:28.058Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:43:52 honeypot-fra-1 kernel: [83799861.578524] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=19163 PROTO=TCP SPT=50554 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:43:53.123Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:47:18 honeypot-ams-1 sshd[10793]: Connection closed by invalid user guest 185.148.221.11 port 56182 [preauth]","@timestamp":"2022-09-11T19:47:18.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:08 honeypot-ams-1 sshd[10798]: Invalid user user from 45.61.187.160 port 59282","@timestamp":"2022-09-11T19:49:09.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:25 honeypot-ams-1 sshd[10802]: Invalid user user from 45.61.187.160 port 53744","@timestamp":"2022-09-11T19:49:26.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:43 honeypot-ams-1 sshd[10806]: Invalid user user from 45.61.187.160 port 48214","@timestamp":"2022-09-11T19:49:44.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:50:20 honeypot-ams-1 sshd[10810]: Received disconnect from 159.223.172.195 port 33698:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:50:20.352Z"}
{"@timestamp":"2022-09-11T19:54:46.665Z","@version":"1","message":"Sep 11 19:54:45 honeypot-sgp-1 sshd[6673]: Invalid user fu from 188.173.136.132 port 58909","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:55:09.677Z","@version":"1","message":"Sep 11 19:55:09 honeypot-sgp-1 sshd[6675]: Disconnected from invalid user admin 128.199.124.231 port 51292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:55:53 honeypot-fra-1 sshd[906]: Disconnected from invalid user Kepler 165.22.45.108 port 60238 [preauth]","@timestamp":"2022-09-11T19:55:53.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[916]: Invalid user elasticsearch from 34.71.244.4 port 56140","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[920]: Invalid user ts3 from 34.71.244.4 port 56168","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[935]: Invalid user ubuntu from 34.71.244.4 port 56402","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[909]: Connection closed by authenticating user root 34.71.244.4 port 56374 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[913]: Connection closed by invalid user user 34.71.244.4 port 56310 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[935]: Connection closed by invalid user ubuntu 34.71.244.4 port 56402 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[919]: Connection closed by invalid user www 34.71.244.4 port 56126 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[936]: Connection closed by invalid user devops 34.71.244.4 port 56296 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:03:33 honeypot-ams-1 sshd[10815]: Received disconnect from 92.255.85.70 port 41844:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:03:33.688Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:06:33 honeypot-fra-1 kernel: [83801222.577209] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=2907 PROTO=TCP SPT=57968 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:06:33.629Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:08:18 honeypot-ams-1 sshd[10820]: Connection closed by invalid user admin 148.153.82.133 port 53424 [preauth]","@timestamp":"2022-09-11T20:08:18.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:08:18 honeypot-ams-1 sshd[10826]: Connection closed by invalid user admin 148.153.82.133 port 53448 [preauth]","@timestamp":"2022-09-11T20:08:18.812Z"}
{"@timestamp":"2022-09-11T20:17:02.189Z","@version":"1","message":"Sep 11 20:17:01 honeypot-sgp-1 CRON[6683]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:19:50 honeypot-ams-1 sshd[10836]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-11T20:19:51.116Z"}
{"@timestamp":"2022-09-11T20:21:26.293Z","@version":"1","message":"Sep 11 20:21:25 honeypot-sgp-1 sshd[6686]: Disconnected from authenticating user root 92.255.85.69 port 54408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:22:04 honeypot-fra-1 kernel: [83802153.938795] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=55108 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:22:04.970Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:27:47 honeypot-fra-1 sshd[990]: Connection closed by authenticating user root 103.188.176.251 port 58912 [preauth]","@timestamp":"2022-09-11T20:27:48.119Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:30:25 honeypot-ams-1 sshd[10842]: Invalid user zoq from 107.173.209.238 port 54652","@timestamp":"2022-09-11T20:30:26.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:36:24 honeypot-fra-1 sshd[996]: Connection closed by 165.154.44.158 port 35224 [preauth]","@timestamp":"2022-09-11T20:36:25.309Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T20:37:50.673Z","@version":"1","message":"Sep 11 20:37:50 honeypot-sgp-1 sshd[6694]: Bad protocol version identification '\\026\\003\\001\\002' from 223.71.167.164 port 1332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:42:16 honeypot-ams-1 sshd[10846]: Disconnected from authenticating user root 196.0.120.211 port 32986 [preauth]","@timestamp":"2022-09-11T20:42:16.707Z"}
{"@timestamp":"2022-09-11T20:42:29.783Z","@version":"1","message":"Sep 11 20:42:29 honeypot-sgp-1 sshd[6699]: Disconnected from invalid user anna 165.22.52.171 port 45738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:45:30 honeypot-fra-1 sshd[1003]: Disconnected from authenticating user root 177.93.51.98 port 45182 [preauth]","@timestamp":"2022-09-11T20:45:31.511Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:50:04 honeypot-ams-1 sshd[10851]: Disconnected from authenticating user root 92.255.85.69 port 47958 [preauth]","@timestamp":"2022-09-11T20:50:04.911Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:53:44 honeypot-fra-1 sshd[1011]: Invalid user user from 45.61.184.204 port 48126","@timestamp":"2022-09-11T20:53:45.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:06 honeypot-fra-1 sshd[1015]: Invalid user user from 45.61.184.204 port 43756","@timestamp":"2022-09-11T20:54:06.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:26 honeypot-fra-1 sshd[1019]: Invalid user user from 45.61.184.204 port 39406","@timestamp":"2022-09-11T20:54:27.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:46 honeypot-fra-1 sshd[1023]: Invalid user user from 45.61.184.204 port 35030","@timestamp":"2022-09-11T20:54:46.726Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T20:56:18.100Z","@version":"1","message":"Sep 11 20:56:18 honeypot-sgp-1 sshd[6708]: Disconnected from authenticating user root 103.180.120.160 port 49280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:04:26 honeypot-ams-1 kernel: [83806851.845604] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.132.186.122 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=1819 PROTO=TCP SPT=47268 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:04:27.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:06:59 honeypot-fra-1 sshd[1027]: Invalid user kermit from 165.22.45.108 port 41676","@timestamp":"2022-09-11T21:06:59.996Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:08:03.371Z","@version":"1","message":"Sep 11 21:08:02 honeypot-sgp-1 kernel: [83806595.004951] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56145 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:13:42.505Z","@version":"1","message":"Sep 11 21:13:41 honeypot-sgp-1 kernel: [83806934.120709] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.146.42.199 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=8248 DF PROTO=TCP SPT=8553 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:14:54 honeypot-ams-1 sshd[10860]: Invalid user pi from 189.180.95.203 port 38786","@timestamp":"2022-09-11T21:14:54.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:16:11 honeypot-fra-1 sshd[1032]: Invalid user odoo2 from 111.95.141.34 port 41184","@timestamp":"2022-09-11T21:16:12.203Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:19:48 honeypot-ams-1 sshd[10869]: Invalid user admin from 121.179.150.231 port 50593","@timestamp":"2022-09-11T21:19:48.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:24:10 honeypot-fra-1 kernel: [83805879.124494] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.42.201 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=1154 DF PROTO=TCP SPT=3759 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:24:10.378Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T21:25:44.779Z","@version":"1","message":"Sep 11 21:25:44 honeypot-sgp-1 sshd[6721]: Did not receive identification string from 45.61.186.49 port 44450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:26:04.788Z","@version":"1","message":"Sep 11 21:26:04 honeypot-sgp-1 sshd[6724]: Disconnected from invalid user user 45.61.186.49 port 49256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:26:14.792Z","@version":"1","message":"Sep 11 21:26:14 honeypot-sgp-1 sshd[6728]: Disconnected from invalid user user 45.61.186.49 port 32936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:07.860Z","@version":"1","message":"Sep 11 21:29:07 honeypot-sgp-1 sshd[6733]: Received disconnect from 45.61.186.249 port 46290:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:25.868Z","@version":"1","message":"Sep 11 21:29:25 honeypot-sgp-1 sshd[6738]: Invalid user user from 45.61.186.249 port 40602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:43.876Z","@version":"1","message":"Sep 11 21:29:43 honeypot-sgp-1 sshd[6742]: Invalid user user from 45.61.186.49 port 49692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:49.879Z","@version":"1","message":"Sep 11 21:29:49 honeypot-sgp-1 sshd[6746]: Invalid user user from 45.61.186.49 port 55530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:55.882Z","@version":"1","message":"Sep 11 21:29:55 honeypot-sgp-1 sshd[6750]: Invalid user user from 45.61.186.49 port 33126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:31:04 honeypot-ams-1 kernel: [83808449.854003] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=11606 DF PROTO=TCP SPT=58658 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T21:31:04.974Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:09 honeypot-fra-1 sshd[1048]: Disconnected from authenticating user root 218.92.0.210 port 17791 [preauth]","@timestamp":"2022-09-11T21:31:10.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1072]: Invalid user cloud from 13.229.182.132 port 24266","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1067]: Invalid user chia from 13.229.182.132 port 24166","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1057]: Connection closed by invalid user admin 13.229.182.132 port 24032 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1060]: Connection closed by authenticating user root 13.229.182.132 port 24306 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1063]: Connection closed by invalid user ftpadmin 13.229.182.132 port 24296 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1067]: Connection closed by invalid user chia 13.229.182.132 port 24166 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1076]: Invalid user test from 13.229.182.132 port 24036","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1074]: Connection closed by invalid user oracle 13.229.182.132 port 24084 [preauth]","@timestamp":"2022-09-11T21:31:17.540Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:32:06.933Z","@version":"1","message":"Sep 11 21:32:06 honeypot-sgp-1 sshd[6755]: Disconnected from authenticating user root 92.255.85.69 port 40980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:42:16 honeypot-fra-1 sshd[1109]: Received disconnect from 165.22.45.108 port 46520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T21:42:17.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:45:48 honeypot-fra-1 kernel: [83807177.527077] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=16632 DF PROTO=TCP SPT=64767 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T21:45:48.878Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:53:40 honeypot-ams-1 kernel: [83809805.707993] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.163.176.207 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=8111 PROTO=TCP SPT=42003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:53:40.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:05 honeypot-ams-1 sshd[10884]: Received disconnect from 141.255.162.226 port 48884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T21:55:05.609Z"}
{"@timestamp":"2022-09-11T21:55:06.455Z","@version":"1","message":"Sep 11 21:55:05 honeypot-sgp-1 sshd[6761]: Received disconnect from 92.255.85.70 port 55112:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:09 honeypot-ams-1 sshd[10888]: Received disconnect from 141.255.162.226 port 55216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T21:55:10.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:11 honeypot-ams-1 sshd[10892]: Received disconnect from 141.255.162.226 port 42558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T21:55:11.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:55:52 honeypot-fra-1 sshd[1117]: Received disconnect from 157.245.204.50 port 32796:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:55:53.101Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:00:42 honeypot-ams-1 kernel: [83810227.690287] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=37674 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:00:42.757Z"}
{"@timestamp":"2022-09-11T22:03:01.638Z","@version":"1","message":"Sep 11 22:03:00 honeypot-sgp-1 kernel: [83809893.034565] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=11469 DF PROTO=TCP SPT=60580 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:01 honeypot-fra-1 sshd[1128]: Received disconnect from 45.61.186.49 port 42370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:08:02.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:13 honeypot-fra-1 sshd[1132]: Received disconnect from 45.61.186.49 port 54292:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:08:13.376Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:10:51 honeypot-ams-1 sshd[10904]: Received disconnect from 206.189.14.223 port 32800:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:10:52.043Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:12:14 honeypot-fra-1 kernel: [83808763.396343] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=50533 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:12:15.464Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:14:53 honeypot-ams-1 kernel: [83811078.191054] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.210 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=12339 PROTO=TCP SPT=22434 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:14:53.150Z"}
{"@timestamp":"2022-09-11T22:17:01.955Z","@version":"1","message":"Sep 11 22:17:01 honeypot-sgp-1 CRON[6771]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:17:29 honeypot-fra-1 sshd[1140]: Disconnected from invalid user kettelson 165.22.45.108 port 51354 [preauth]","@timestamp":"2022-09-11T22:17:29.583Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:18:37 honeypot-ams-1 kernel: [83811302.423593] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=19913 PROTO=TCP SPT=6431 DPT=80 WINDOW=20831 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:18:38.249Z"}
{"@timestamp":"2022-09-11T22:18:49.998Z","@version":"1","message":"Sep 11 22:18:49 honeypot-sgp-1 sshd[6776]: Disconnecting invalid user admin 24.142.183.126 port 31530: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:23:45 honeypot-ams-1 sshd[10917]: Received disconnect from 92.255.85.70 port 15448:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:23:46.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:32:04 honeypot-ams-1 sshd[10923]: Disconnected from authenticating user root 80.76.51.46 port 55182 [preauth]","@timestamp":"2022-09-11T22:32:04.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:32:49 honeypot-ams-1 sshd[10929]: Disconnected from authenticating user root 80.76.51.46 port 49202 [preauth]","@timestamp":"2022-09-11T22:32:50.619Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:33:21 honeypot-ams-1 kernel: [83812186.374054] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=16232 DF PROTO=TCP SPT=58430 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T22:33:21.635Z"}
{"@timestamp":"2022-09-11T22:33:38.340Z","@version":"1","message":"Sep 11 22:33:37 honeypot-sgp-1 sshd[6784]: Invalid user winter from 206.189.145.18 port 51176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:33:54.348Z","@version":"1","message":"Sep 11 22:33:53 honeypot-sgp-1 sshd[6788]: Invalid user user from 198.98.61.9 port 37638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:01 honeypot-ams-1 sshd[10940]: Disconnected from authenticating user root 80.76.51.46 port 39352 [preauth]","@timestamp":"2022-09-11T22:34:01.654Z"}
{"@timestamp":"2022-09-11T22:34:10.355Z","@version":"1","message":"Sep 11 22:34:10 honeypot-sgp-1 sshd[6792]: Invalid user user from 198.98.61.9 port 60422","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:34:29.364Z","@version":"1","message":"Sep 11 22:34:29 honeypot-sgp-1 sshd[6797]: Invalid user user from 198.98.61.9 port 55002","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:43 honeypot-fra-1 sshd[1153]: Invalid user user from 141.255.162.226 port 34412","@timestamp":"2022-09-11T22:34:43.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:44 honeypot-ams-1 sshd[10946]: Invalid user test from 80.76.51.46 port 33210","@timestamp":"2022-09-11T22:34:44.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:47 honeypot-fra-1 sshd[1157]: Invalid user user from 141.255.162.226 port 47634","@timestamp":"2022-09-11T22:34:47.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:50 honeypot-fra-1 sshd[1161]: Invalid user user from 141.255.162.226 port 60860","@timestamp":"2022-09-11T22:34:50.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:51 honeypot-fra-1 sshd[1165]: Invalid user user from 141.255.162.226 port 39238","@timestamp":"2022-09-11T22:34:51.967Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:13 honeypot-ams-1 sshd[10950]: Invalid user testuser from 80.76.51.46 port 57406","@timestamp":"2022-09-11T22:35:13.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:41 honeypot-ams-1 sshd[10954]: Invalid user ubuntu from 80.76.51.46 port 53408","@timestamp":"2022-09-11T22:35:42.707Z"}
{"@timestamp":"2022-09-11T22:35:55.400Z","@version":"1","message":"Sep 11 22:35:54 honeypot-sgp-1 sshd[6802]: Received disconnect from 59.19.54.171 port 56788:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:10 honeypot-ams-1 sshd[10958]: Invalid user ubuntu from 80.76.51.46 port 49448","@timestamp":"2022-09-11T22:36:11.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:40 honeypot-ams-1 sshd[10962]: Received disconnect from 80.76.51.46 port 45388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:36:40.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:09 honeypot-ams-1 sshd[10966]: Received disconnect from 80.76.51.46 port 41408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:37:09.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:52 honeypot-ams-1 sshd[10972]: Invalid user odoo from 80.76.51.46 port 35372","@timestamp":"2022-09-11T22:37:52.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:38:21 honeypot-ams-1 sshd[10976]: Disconnected from authenticating user root 80.76.51.46 port 59730 [preauth]","@timestamp":"2022-09-11T22:38:21.792Z"}
{"@timestamp":"2022-09-11T22:41:55.540Z","@version":"1","message":"Sep 11 22:41:55 honeypot-sgp-1 sshd[6808]: Disconnected from authenticating user root 92.255.85.69 port 53092 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:43:39 honeypot-fra-1 kernel: [83810648.304130] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.206.248.250 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=15103 DF PROTO=TCP SPT=56263 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T22:43:40.163Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1183]: Invalid user steam from 147.135.252.17 port 49680","@timestamp":"2022-09-11T22:46:45.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1183]: Connection closed by invalid user steam 147.135.252.17 port 49680 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1187]: Invalid user mysql from 147.135.252.17 port 49704","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1181]: Connection closed by invalid user test 147.135.252.17 port 49710 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1190]: Connection closed by invalid user admin 147.135.252.17 port 49766 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1194]: Invalid user hadoop from 147.135.252.17 port 49674","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1194]: Connection closed by invalid user hadoop 147.135.252.17 port 49674 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1193]: Connection closed by invalid user testuser 147.135.252.17 port 49672 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1201]: Connection closed by invalid user test 147.135.252.17 port 49748 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:46:53 honeypot-ams-1 kernel: [83812998.927681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=182.239.72.24 DST=178.62.254.91 LEN=44 TOS=0x18 PREC=0x20 TTL=50 ID=50555 PROTO=TCP SPT=62014 DPT=443 WINDOW=18395 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:46:54.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:52:52 honeypot-fra-1 sshd[1235]: Invalid user kevin from 165.22.45.108 port 57062","@timestamp":"2022-09-11T22:52:53.370Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:53:53.819Z","@version":"1","message":"Sep 11 22:53:53 honeypot-sgp-1 sshd[6888]: Received disconnect from 183.88.244.176 port 53898:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:55:22 honeypot-ams-1 sshd[10984]: Connection closed by invalid user xiejz 103.188.176.251 port 39808 [preauth]","@timestamp":"2022-09-11T22:55:23.236Z"}
{"@timestamp":"2022-09-11T22:59:16.946Z","@version":"1","message":"Sep 11 22:59:16 honeypot-sgp-1 sshd[6894]: Received disconnect from 103.149.74.237 port 20216:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:59:33 honeypot-fra-1 sshd[1238]: Connection closed by invalid user xiejz 103.188.176.251 port 48894 [preauth]","@timestamp":"2022-09-11T22:59:33.522Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:00:11.970Z","@version":"1","message":"Sep 11 23:00:11 honeypot-sgp-1 sshd[6896]: Disconnected from invalid user cpanelphppgadmin 103.37.83.26 port 43018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:03:34 honeypot-ams-1 kernel: [83814000.041902] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36264 PROTO=TCP SPT=52144 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:03:35.525Z"}
{"@timestamp":"2022-09-11T23:05:24.095Z","@version":"1","message":"Sep 11 23:05:23 honeypot-sgp-1 sshd[6915]: Received disconnect from 92.255.85.70 port 21138:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:07:51 honeypot-fra-1 sshd[1243]: Disconnected from authenticating user root 92.255.85.69 port 53592 [preauth]","@timestamp":"2022-09-11T23:07:51.705Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:16:07.366Z","@version":"1","message":"Sep 11 23:16:06 honeypot-sgp-1 kernel: [83814279.191218] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.128 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=48384 PROTO=TCP SPT=45083 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:17:01 honeypot-ams-1 CRON[10992]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T23:17:01.884Z"}
{"@timestamp":"2022-09-11T23:17:25.400Z","@version":"1","message":"Sep 11 23:17:24 honeypot-sgp-1 sshd[6940]: Disconnecting invalid user admin 185.246.130.20 port 45979: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:17:50 honeypot-fra-1 sshd[1252]: Disconnected from invalid user git 164.90.201.235 port 34592 [preauth]","@timestamp":"2022-09-11T23:17:50.922Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:17:55.415Z","@version":"1","message":"Sep 11 23:17:54 honeypot-sgp-1 sshd[6947]: Disconnecting invalid user admin 185.246.130.20 port 59293: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:18:32.430Z","@version":"1","message":"Sep 11 23:18:32 honeypot-sgp-1 sshd[6953]: Disconnecting invalid user aerohive 185.246.130.20 port 51980: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:18:58.442Z","@version":"1","message":"Sep 11 23:18:58 honeypot-sgp-1 sshd[6959]: Disconnecting invalid user private 185.246.130.20 port 36524: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:29.456Z","@version":"1","message":"Sep 11 23:19:29 honeypot-sgp-1 sshd[6969]: Invalid user araknis from 185.246.130.20 port 7680","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:59.469Z","@version":"1","message":"Sep 11 23:19:58 honeypot-sgp-1 sshd[6975]: Disconnecting authenticating user root 185.246.130.20 port 21821: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:31.484Z","@version":"1","message":"Sep 11 23:20:31 honeypot-sgp-1 sshd[6981]: Disconnecting invalid user admin 185.246.130.20 port 57311: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:05.501Z","@version":"1","message":"Sep 11 23:21:04 honeypot-sgp-1 sshd[6989]: Invalid user  from 185.246.130.20 port 7776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:27.511Z","@version":"1","message":"Sep 11 23:21:26 honeypot-sgp-1 sshd[6995]: Invalid user admin from 185.246.130.20 port 53659","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:49.521Z","@version":"1","message":"Sep 11 23:21:48 honeypot-sgp-1 sshd[7001]: Disconnecting invalid user Administrator 185.246.130.20 port 3130: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:16.533Z","@version":"1","message":"Sep 11 23:22:16 honeypot-sgp-1 sshd[7007]: Disconnecting invalid user sti.admin5 185.246.130.20 port 31198: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:43.546Z","@version":"1","message":"Sep 11 23:22:43 honeypot-sgp-1 sshd[7014]: Invalid user blank from 185.246.130.20 port 5115","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:13.560Z","@version":"1","message":"Sep 11 23:23:13 honeypot-sgp-1 sshd[7020]: Disconnecting authenticating user root 185.246.130.20 port 55981: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:36.572Z","@version":"1","message":"Sep 11 23:23:35 honeypot-sgp-1 sshd[7026]: Disconnecting invalid user c1@r0 185.246.130.20 port 45895: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:36 honeypot-ams-1 sshd[10999]: Received disconnect from 85.31.46.45 port 51568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:23:37.080Z"}
{"@timestamp":"2022-09-11T23:23:58.582Z","@version":"1","message":"Sep 11 23:23:58 honeypot-sgp-1 sshd[7032]: Disconnecting invalid user superonline 185.246.130.20 port 63669: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:24:25.595Z","@version":"1","message":"Sep 11 23:24:25 honeypot-sgp-1 sshd[7039]: Disconnecting invalid user Admin 185.246.130.20 port 61971: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:02.612Z","@version":"1","message":"Sep 11 23:25:01 honeypot-sgp-1 sshd[7046]: Disconnecting invalid user  185.246.130.20 port 61298: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:39.630Z","@version":"1","message":"Sep 11 23:25:38 honeypot-sgp-1 sshd[7052]: Disconnecting invalid user  185.246.130.20 port 61637: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:07.644Z","@version":"1","message":"Sep 11 23:26:07 honeypot-sgp-1 sshd[7058]: Disconnecting invalid user admin 185.246.130.20 port 38051: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:41.660Z","@version":"1","message":"Sep 11 23:26:41 honeypot-sgp-1 sshd[7066]: Invalid user airlive from 185.246.130.20 port 5967","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:16.676Z","@version":"1","message":"Sep 11 23:27:15 honeypot-sgp-1 sshd[7072]: Invalid user roqos from 185.246.130.20 port 37140","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:40.688Z","@version":"1","message":"Sep 11 23:27:40 honeypot-sgp-1 sshd[7078]: Invalid user sitecom from 185.246.130.20 port 28492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:27:50 honeypot-fra-1 sshd[1257]: Invalid user kevin from 165.22.45.108 port 34148","@timestamp":"2022-09-11T23:27:51.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:28:13.704Z","@version":"1","message":"Sep 11 23:28:13 honeypot-sgp-1 sshd[7093]: Invalid user admin from 185.246.130.20 port 43556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:26.710Z","@version":"1","message":"Sep 11 23:28:26 honeypot-sgp-1 sshd[7095]: Disconnecting invalid user cusadmin 185.246.130.20 port 42021: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:51.723Z","@version":"1","message":"Sep 11 23:28:51 honeypot-sgp-1 sshd[7103]: Disconnecting invalid user sweex 185.246.130.20 port 61587: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:23.738Z","@version":"1","message":"Sep 11 23:29:23 honeypot-sgp-1 sshd[7109]: Disconnecting invalid user  185.246.130.20 port 40612: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:52.752Z","@version":"1","message":"Sep 11 23:29:51 honeypot-sgp-1 sshd[7116]: Disconnecting invalid user ubnt 185.246.130.20 port 59195: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:27.769Z","@version":"1","message":"Sep 11 23:30:27 honeypot-sgp-1 sshd[7124]: Invalid user amdin from 185.246.130.20 port 48482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:47.779Z","@version":"1","message":"Sep 11 23:30:47 honeypot-sgp-1 sshd[7128]: Invalid user Admin from 185.246.130.20 port 13634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:31:14 honeypot-fra-1 sshd[1259]: Received disconnect from 92.255.85.69 port 43722:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:31:15.235Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:31:16.793Z","@version":"1","message":"Sep 11 23:31:16 honeypot-sgp-1 sshd[7132]: Disconnecting invalid user DZY-W2914NSV2 185.246.130.20 port 10124: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:31:44.806Z","@version":"1","message":"Sep 11 23:31:44 honeypot-sgp-1 sshd[7138]: Invalid user admin from 185.246.130.20 port 39257","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:32:24.826Z","@version":"1","message":"Sep 11 23:32:24 honeypot-sgp-1 sshd[7144]: Invalid user 1admin0 from 185.246.130.20 port 5024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:00 honeypot-fra-1 sshd[1265]: Invalid user user from 45.61.184.204 port 44668","@timestamp":"2022-09-11T23:33:01.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:18 honeypot-fra-1 sshd[1269]: Invalid user user from 45.61.184.204 port 39820","@timestamp":"2022-09-11T23:33:19.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:35 honeypot-fra-1 sshd[1273]: Invalid user user from 45.61.184.204 port 34974","@timestamp":"2022-09-11T23:33:36.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:34:03 honeypot-ams-1 sshd[11004]: Invalid user test2 from 92.255.85.70 port 56782","@timestamp":"2022-09-11T23:34:03.355Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:34:27 honeypot-fra-1 kernel: [83813695.746209] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=118.126.82.157 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=33794 DF PROTO=TCP SPT=37984 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:34:27.334Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:36:04.911Z","@version":"1","message":"Sep 11 23:36:04 honeypot-sgp-1 sshd[7151]: Invalid user uf from 71.67.66.226 port 54810","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:37:29 honeypot-ams-1 sshd[11006]: Disconnected from invalid user admin 206.189.86.91 port 40314 [preauth]","@timestamp":"2022-09-11T23:37:30.445Z"}
{"@timestamp":"2022-09-11T23:39:18.989Z","@version":"1","message":"Sep 11 23:39:18 honeypot-sgp-1 sshd[7157]: Received disconnect from 157.245.55.236 port 57482:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:07 honeypot-ams-1 sshd[11011]: Received disconnect from 45.61.187.160 port 57482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:43:07.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:29 honeypot-ams-1 sshd[11015]: Received disconnect from 45.61.187.160 port 52318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:43:29.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:50 honeypot-ams-1 sshd[11019]: Received disconnect from 45.61.187.160 port 47178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:43:51.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:44:10 honeypot-ams-1 sshd[11023]: Received disconnect from 45.61.187.160 port 42026:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T23:44:10.627Z"}
{"@timestamp":"2022-09-11T23:52:00.283Z","@version":"1","message":"Sep 11 23:52:00 honeypot-sgp-1 sshd[7163]: Received disconnect from 92.255.85.70 port 25280:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:52:21 honeypot-fra-1 kernel: [83814770.102615] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=39518 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:52:21.746Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:57:11 honeypot-ams-1 sshd[11027]: Received disconnect from 92.255.85.69 port 47078:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:57:11.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:03:13 honeypot-fra-1 sshd[1372]: Invalid user kevin from 165.22.45.108 port 38972","@timestamp":"2022-09-12T00:03:13.989Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:04:32 honeypot-fra-1 kernel: [83815500.790763] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=77.0.165.130 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=20681 DF PROTO=TCP SPT=40832 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:04:33.021Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T00:05:46.602Z","@version":"1","message":"Sep 12 00:05:45 honeypot-sgp-1 kernel: [83817258.163883] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.38 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=51425 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:06:25 honeypot-ams-1 sshd[11040]: Disconnected from invalid user ubnt 142.93.58.181 port 48922 [preauth]","@timestamp":"2022-09-12T00:06:26.221Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:11:00 honeypot-ams-1 kernel: [83818045.832695] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.39 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=44307 PROTO=TCP SPT=43129 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:11:01.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:17:01 honeypot-ams-1 CRON[11048]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T00:17:02.506Z"}
{"@timestamp":"2022-09-12T00:17:02.873Z","@version":"1","message":"Sep 12 00:17:01 honeypot-sgp-1 CRON[7185]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:18:38 honeypot-fra-1 sshd[1381]: Disconnected from authenticating user root 92.255.85.69 port 27724 [preauth]","@timestamp":"2022-09-12T00:18:39.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:24:56.065Z","@version":"1","message":"Sep 12 00:24:55 honeypot-sgp-1 kernel: [83818407.954515] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.128.227.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34332 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:25:37.085Z","@version":"1","message":"Sep 12 00:25:36 honeypot-sgp-1 sshd[7193]: Disconnected from invalid user ekp 104.131.93.177 port 46269 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:27:50.144Z","@version":"1","message":"Sep 12 00:27:49 honeypot-sgp-1 sshd[7198]: Received disconnect from 128.199.107.58 port 47442:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:24.160Z","@version":"1","message":"Sep 12 00:28:23 honeypot-sgp-1 sshd[7202]: Received disconnect from 45.61.187.160 port 45866:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:46.170Z","@version":"1","message":"Sep 12 00:28:45 honeypot-sgp-1 sshd[7206]: Received disconnect from 45.61.187.160 port 41162:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:05.178Z","@version":"1","message":"Sep 12 00:29:05 honeypot-sgp-1 sshd[7211]: Received disconnect from 45.61.187.160 port 36452:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:14.182Z","@version":"1","message":"Sep 12 00:29:13 honeypot-sgp-1 sshd[7215]: Disconnected from invalid user user 45.61.187.160 port 48216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:32:23 honeypot-ams-1 kernel: [83819328.547363] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.158.14.109 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x20 TTL=57 ID=22624 PROTO=TCP SPT=2438 DPT=80 WINDOW=36878 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:32:23.929Z"}
{"@timestamp":"2022-09-12T00:32:43.264Z","@version":"1","message":"Sep 12 00:32:43 honeypot-sgp-1 kernel: [83818875.419433] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.218.165 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51465 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:33:08 honeypot-fra-1 sshd[1386]: Disconnected from invalid user admin 23.94.194.115 port 41330 [preauth]","@timestamp":"2022-09-12T00:33:08.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:41:13 honeypot-fra-1 kernel: [83817702.144053] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=44826 PROTO=TCP SPT=42582 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:41:13.865Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:43:34 honeypot-fra-1 sshd[1399]: Received disconnect from 157.245.122.58 port 45064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:43:34.923Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:44:26 honeypot-ams-1 sshd[11059]: Disconnected from authenticating user root 92.255.85.69 port 21202 [preauth]","@timestamp":"2022-09-12T00:44:27.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:45:35 honeypot-fra-1 sshd[1403]: Invalid user tenancy from 157.245.122.58 port 43896","@timestamp":"2022-09-12T00:45:35.973Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:46:59 honeypot-fra-1 sshd[1407]: Invalid user alex from 141.98.10.158 port 47686","@timestamp":"2022-09-12T00:47:00.007Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:48:07.635Z","@version":"1","message":"Sep 12 00:48:07 honeypot-sgp-1 kernel: [83819799.341679] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=13840 DF PROTO=TCP SPT=60309 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:48:10 honeypot-fra-1 sshd[1412]: Received disconnect from 157.245.122.58 port 56268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T00:48:11.037Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:54:42.797Z","@version":"1","message":"Sep 12 00:54:42 honeypot-sgp-1 kernel: [83820194.558064] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.163.23.25 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=30350 DF PROTO=TCP SPT=60017 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:55:47 honeypot-fra-1 kernel: [83818575.580255] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18066 PROTO=TCP SPT=43877 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:55:47.213Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:02:14 honeypot-ams-1 sshd[11068]: Invalid user support from 122.165.220.183 port 48683","@timestamp":"2022-09-12T01:02:14.724Z"}
{"@timestamp":"2022-09-12T01:02:31.984Z","@version":"1","message":"Sep 12 01:02:31 honeypot-sgp-1 kernel: [83820663.940893] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.32.219.9 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=31529 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T01:03:59.025Z","@version":"1","message":"Sep 12 01:03:58 honeypot-sgp-1 sshd[7238]: Disconnected from authenticating user root 144.24.190.159 port 52678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:10:36 honeypot-ams-1 kernel: [83821621.316920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.123.210.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=22590 PROTO=TCP SPT=56481 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:10:36.951Z"}
{"@timestamp":"2022-09-12T01:13:46.260Z","@version":"1","message":"Sep 12 01:13:45 honeypot-sgp-1 sshd[7243]: Disconnected from invalid user adonai 173.82.235.128 port 47908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:14:15 honeypot-fra-1 sshd[1424]: Invalid user  from 118.193.59.5 port 39266","@timestamp":"2022-09-12T01:14:15.649Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:09 honeypot-ams-1 sshd[11078]: Received disconnect from 45.61.186.249 port 52600:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:15:10.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:28 honeypot-ams-1 sshd[11083]: Invalid user user from 45.61.186.249 port 47054","@timestamp":"2022-09-12T01:15:29.086Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:48 honeypot-ams-1 sshd[11087]: Invalid user user from 45.61.186.249 port 41512","@timestamp":"2022-09-12T01:15:49.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:57 honeypot-ams-1 sshd[11091]: Invalid user user from 45.61.186.249 port 52908","@timestamp":"2022-09-12T01:15:58.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:06 honeypot-ams-1 sshd[11095]: Invalid user user from 45.61.186.249 port 35964","@timestamp":"2022-09-12T01:16:07.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:20 honeypot-ams-1 sshd[11099]: Invalid user user from 198.98.61.9 port 45968","@timestamp":"2022-09-12T01:16:21.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:40 honeypot-ams-1 sshd[11103]: Invalid user user from 198.98.61.9 port 40752","@timestamp":"2022-09-12T01:16:40.127Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:17:01 honeypot-fra-1 CRON[1428]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T01:17:01.714Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:17:01 honeypot-ams-1 CRON[11108]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T01:17:02.138Z"}
{"@timestamp":"2022-09-12T01:17:02.342Z","@version":"1","message":"Sep 12 01:17:01 honeypot-sgp-1 CRON[7247]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:22:27 honeypot-ams-1 sshd[11117]: Invalid user esearch from 2.44.166.148 port 40982","@timestamp":"2022-09-12T01:22:28.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:23:37 honeypot-ams-1 sshd[11122]: Invalid user tenancy from 157.245.122.58 port 43386","@timestamp":"2022-09-12T01:23:38.322Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:25:09 honeypot-ams-1 kernel: [83822494.856398] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.169.67.183 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=46747 DF PROTO=TCP SPT=52741 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:25:10.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:26:13 honeypot-ams-1 sshd[11129]: Received disconnect from 157.245.122.58 port 55762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:26:13.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:04 honeypot-ams-1 sshd[11134]: Invalid user cypress from 157.245.122.58 port 41062","@timestamp":"2022-09-12T01:27:05.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:35 honeypot-ams-1 sshd[11138]: Invalid user user from 45.61.186.169 port 42426","@timestamp":"2022-09-12T01:27:35.438Z"}
{"@timestamp":"2022-09-12T01:27:47.604Z","@version":"1","message":"Sep 12 01:27:47 honeypot-sgp-1 kernel: [83822179.726950] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.118.53.210 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=5934 PROTO=TCP SPT=33956 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:52 honeypot-ams-1 sshd[11142]: Invalid user user from 45.61.186.169 port 37698","@timestamp":"2022-09-12T01:27:53.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:08 honeypot-ams-1 sshd[11146]: Invalid user user from 45.61.186.169 port 32992","@timestamp":"2022-09-12T01:28:08.458Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:29:05 honeypot-fra-1 sshd[1438]: Received disconnect from 92.255.85.70 port 19684:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:29:05.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:30:30 honeypot-ams-1 kernel: [83822815.987389] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=101.67.181.245 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=20874 PROTO=TCP SPT=1260 DPT=443 WINDOW=10692 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:30:31.525Z"}
{"@timestamp":"2022-09-12T01:31:46.721Z","@version":"1","message":"Sep 12 01:31:46 honeypot-sgp-1 kernel: [83822418.460067] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=42385 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:36:25 honeypot-ams-1 kernel: [83823170.304011] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.162.132.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=20052 PROTO=TCP SPT=13538 DPT=443 WINDOW=6602 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:36:25.687Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:08 honeypot-fra-1 sshd[1445]: Disconnected from 206.81.0.243 port 46192 [preauth]","@timestamp":"2022-09-12T01:37:09.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1456]: Invalid user spark from 49.234.154.127 port 33916","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1467]: Invalid user www from 49.234.154.127 port 33884","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1457]: Connection closed by invalid user ubuntu 49.234.154.127 port 33870 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1468]: Connection closed by invalid user test 49.234.154.127 port 33930 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:33 honeypot-fra-1 sshd[1453]: Invalid user admin from 49.234.154.127 port 33872","@timestamp":"2022-09-12T01:37:34.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:34 honeypot-fra-1 sshd[1495]: Invalid user admin from 49.234.154.127 port 33842","@timestamp":"2022-09-12T01:37:35.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:37 honeypot-fra-1 sshd[1463]: Invalid user user from 49.234.154.127 port 33926","@timestamp":"2022-09-12T01:37:37.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:39 honeypot-fra-1 sshd[1465]: Connection closed by invalid user test 49.234.154.127 port 33922 [preauth]","@timestamp":"2022-09-12T01:37:40.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:42:58 honeypot-ams-1 sshd[11157]: Received disconnect from 80.76.51.45 port 43600:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:42:58.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:43:30 honeypot-ams-1 sshd[11162]: Received disconnect from 80.76.51.45 port 38404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:43:30.892Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:44:11 honeypot-ams-1 kernel: [83823636.475105] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.7 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58722 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:44:11.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:45 honeypot-ams-1 sshd[11172]: Disconnected from authenticating user root 80.76.51.45 port 39796 [preauth]","@timestamp":"2022-09-12T01:44:45.934Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:29 honeypot-ams-1 sshd[11178]: Disconnected from authenticating user root 80.76.51.45 port 46278 [preauth]","@timestamp":"2022-09-12T01:45:29.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:58 honeypot-ams-1 sshd[11182]: Received disconnect from 80.76.51.45 port 41106:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:45:58.973Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:48:27 honeypot-fra-1 sshd[1508]: Received disconnect from 165.22.45.108 port 54458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:48:27.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T01:49:46.162Z","@version":"1","message":"Sep 12 01:49:45 honeypot-sgp-1 sshd[7262]: Disconnected from authenticating user root 92.255.85.70 port 42122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:54:31 honeypot-ams-1 kernel: [83824256.350713] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.75.26.61 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=19001 PROTO=TCP SPT=34628 DPT=443 WINDOW=57111 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:54:32.203Z"}
{"@timestamp":"2022-09-12T01:55:42.311Z","@version":"1","message":"Sep 12 01:55:41 honeypot-sgp-1 kernel: [83823853.730569] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.156.155.3 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60071 PROTO=TCP SPT=57875 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:56:12 honeypot-fra-1 sshd[1513]: Received disconnect from 179.27.60.34 port 61201:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:56:13.612Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:02:14 honeypot-ams-1 sshd[11192]: Invalid user miner from 123.157.77.200 port 45570","@timestamp":"2022-09-12T02:02:15.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:22 honeypot-fra-1 sshd[1519]: Did not receive identification string from 45.61.186.169 port 39994","@timestamp":"2022-09-12T02:06:22.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:06:41 honeypot-ams-1 kernel: [83824986.644941] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.113.238.6 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=5534 DF PROTO=TCP SPT=60965 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:06:42.534Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:44 honeypot-fra-1 sshd[1522]: Disconnected from invalid user user 45.61.186.169 port 57330 [preauth]","@timestamp":"2022-09-12T02:06:44.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:02 honeypot-fra-1 sshd[1526]: Disconnected from invalid user user 45.61.186.169 port 52186 [preauth]","@timestamp":"2022-09-12T02:07:02.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:19 honeypot-fra-1 sshd[1530]: Disconnected from invalid user user 45.61.186.169 port 47050 [preauth]","@timestamp":"2022-09-12T02:07:19.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:35 honeypot-fra-1 sshd[1534]: Disconnected from invalid user user 45.61.186.169 port 41904 [preauth]","@timestamp":"2022-09-12T02:07:35.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:12:40.727Z","@version":"1","message":"Sep 12 02:12:39 honeypot-sgp-1 sshd[7271]: Disconnected from authenticating user root 92.255.85.70 port 22630 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:14:36 honeypot-fra-1 kernel: [83823304.431537] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=29250 DF PROTO=TCP SPT=57632 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:14:37.058Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:18:28 honeypot-ams-1 sshd[11213]: Received disconnect from 92.255.85.70 port 44208:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:18:28.852Z"}
{"@timestamp":"2022-09-12T02:18:39.878Z","@version":"1","message":"Sep 12 02:18:39 honeypot-sgp-1 kernel: [83825231.715643] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.23.212.173 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=108 ID=9909 DF PROTO=TCP SPT=62565 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:23:40 honeypot-fra-1 sshd[1546]: Invalid user kevin from 165.22.45.108 port 59870","@timestamp":"2022-09-12T02:23:40.265Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:28:43 honeypot-ams-1 sshd[11216]: Received disconnect from 95.85.27.201 port 33646:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:28:44.127Z"}
{"@timestamp":"2022-09-12T02:31:00.188Z","@version":"1","message":"Sep 12 02:30:59 honeypot-sgp-1 sshd[7283]: Invalid user kettle from 178.154.203.18 port 50780","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:32:01 honeypot-ams-1 kernel: [83826506.824390] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=3078 PROTO=TCP SPT=27021 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:32:02.217Z"}
{"@timestamp":"2022-09-12T02:32:02.216Z","@version":"1","message":"Sep 12 02:32:01 honeypot-sgp-1 sshd[7285]: Received disconnect from 139.59.127.73 port 38986:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T02:36:43.331Z","@version":"1","message":"Sep 12 02:36:43 honeypot-sgp-1 sshd[7291]: Disconnected from invalid user vm 123.142.3.137 port 34428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:39:17 honeypot-fra-1 sshd[1550]: Disconnected from authenticating user root 92.255.85.70 port 50886 [preauth]","@timestamp":"2022-09-12T02:39:18.617Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:48:52 honeypot-ams-1 kernel: [83827517.769170] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=203.206.188.109 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=5884 PROTO=TCP SPT=32808 DPT=80 WINDOW=28843 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:48:53.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:49:34 honeypot-fra-1 sshd[1554]: Disconnected from invalid user ruben 60.10.160.75 port 38221 [preauth]","@timestamp":"2022-09-12T02:49:34.846Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:51:45.693Z","@version":"1","message":"Sep 12 02:51:45 honeypot-sgp-1 kernel: [83827217.538853] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=48605 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:58:07 honeypot-fra-1 sshd[1559]: Disconnected from invalid user deploy 121.79.128.37 port 36620 [preauth]","@timestamp":"2022-09-12T02:58:07.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:03:02 honeypot-fra-1 sshd[1566]: Disconnected from authenticating user root 92.255.85.69 port 27596 [preauth]","@timestamp":"2022-09-12T03:03:03.146Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:04:46 honeypot-ams-1 sshd[11227]: Disconnected from authenticating user root 92.255.85.69 port 53090 [preauth]","@timestamp":"2022-09-12T03:04:47.104Z"}
{"@timestamp":"2022-09-12T03:04:59.017Z","@version":"1","message":"Sep 12 03:04:58 honeypot-sgp-1 kernel: [83828010.570172] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=25293 PROTO=TCP SPT=51603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:16:19 honeypot-fra-1 kernel: [83827007.676717] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=6249 PROTO=TCP SPT=44724 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:16:20.441Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:17:01 honeypot-ams-1 CRON[11233]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T03:17:02.426Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:17:01 honeypot-fra-1 CRON[1572]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T03:17:02.461Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:19:53.382Z","@version":"1","message":"Sep 12 03:19:53 honeypot-sgp-1 sshd[7309]: Connection closed by invalid user guest 14.232.210.83 port 33966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:28:31 honeypot-ams-1 sshd[11240]: Received disconnect from 92.255.85.70 port 50216:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:28:31.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:37 honeypot-ams-1 sshd[11245]: Invalid user user from 45.61.184.204 port 41044","@timestamp":"2022-09-12T03:29:38.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:55 honeypot-ams-1 sshd[11249]: Invalid user user from 45.61.184.204 port 36350","@timestamp":"2022-09-12T03:29:55.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:12 honeypot-ams-1 sshd[11253]: Invalid user user from 45.61.184.204 port 59774","@timestamp":"2022-09-12T03:30:13.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:30:20 honeypot-fra-1 kernel: [83827848.707239] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46798 PROTO=TCP SPT=41516 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:30:20.765Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T03:31:03.683Z","@version":"1","message":"Sep 12 03:31:03 honeypot-sgp-1 kernel: [83829575.321748] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=32998 PROTO=TCP SPT=54390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:12 honeypot-fra-1 sshd[1585]: Received disconnect from 45.61.184.204 port 39130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:32:12.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:31 honeypot-fra-1 sshd[1589]: Received disconnect from 45.61.184.204 port 33722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:32:31.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:48 honeypot-fra-1 sshd[1593]: Received disconnect from 45.61.184.204 port 56550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:32:48.827Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:32:55 honeypot-ams-1 kernel: [83830160.660831] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=59677 PROTO=TCP SPT=39449 DPT=80 WINDOW=5536 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:32:55.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:33:05 honeypot-fra-1 sshd[1597]: Received disconnect from 45.61.184.204 port 51136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:33:05.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:40:16 honeypot-fra-1 kernel: [83828444.768785] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.227.97.195 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=42955 DF PROTO=TCP SPT=45888 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:40:16.993Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T03:44:25.010Z","@version":"1","message":"Sep 12 03:44:24 honeypot-sgp-1 kernel: [83830376.510990] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.218.240 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59270 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:49:50 honeypot-ams-1 kernel: [83831175.883253] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=37632 DF PROTO=TCP SPT=49958 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:49:51.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:51:08 honeypot-ams-1 sshd[11264]: Disconnected from authenticating user root 192.241.174.44 port 36574 [preauth]","@timestamp":"2022-09-12T03:51:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:31 honeypot-ams-1 sshd[11269]: Received disconnect from 46.19.141.122 port 33766:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:52:31.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:53:20 honeypot-ams-1 sshd[11275]: Received disconnect from 46.19.141.122 port 50646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:53:20.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:33 honeypot-ams-1 sshd[11279]: Received disconnect from 46.19.141.122 port 47740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:54:34.441Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:50 honeypot-ams-1 sshd[11283]: Received disconnect from 46.19.141.122 port 56180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:54:51.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:55:38 honeypot-ams-1 sshd[11288]: Received disconnect from 46.19.141.122 port 44828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:55:38.475Z"}
{"@timestamp":"2022-09-12T03:56:13.296Z","@version":"1","message":"Sep 12 03:56:12 honeypot-sgp-1 kernel: [83831084.748783] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.238.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25065 PROTO=TCP SPT=1037 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:56:28 honeypot-ams-1 sshd[11292]: Disconnected from authenticating user root 46.19.141.122 port 33476 [preauth]","@timestamp":"2022-09-12T03:56:28.500Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:00:45 honeypot-ams-1 kernel: [83831830.586890] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=7387 DF PROTO=TCP SPT=62475 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T04:00:46.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:02:03 honeypot-ams-1 sshd[11299]: Disconnected from invalid user git 91.240.118.222 port 55767 [preauth]","@timestamp":"2022-09-12T04:02:03.654Z"}
{"@timestamp":"2022-09-12T04:02:18.449Z","@version":"1","message":"Sep 12 04:02:17 honeypot-sgp-1 sshd[7334]: Received disconnect from 157.245.122.58 port 35768:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:02:46 honeypot-fra-1 sshd[1608]: Connection closed by invalid user linan 103.188.176.251 port 49578 [preauth]","@timestamp":"2022-09-12T04:02:46.489Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:04:18.503Z","@version":"1","message":"Sep 12 04:04:18 honeypot-sgp-1 sshd[7341]: Invalid user odoo from 157.245.122.58 port 34606","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:06:13.553Z","@version":"1","message":"Sep 12 04:06:13 honeypot-sgp-1 sshd[7345]: Invalid user data.user from 157.245.122.58 port 33448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:08:08.603Z","@version":"1","message":"Sep 12 04:08:07 honeypot-sgp-1 sshd[7349]: Invalid user jonitiso from 157.245.122.58 port 60518","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:09:01.627Z","@version":"1","message":"Sep 12 04:09:00 honeypot-sgp-1 sshd[7354]: Received disconnect from 157.245.122.58 port 45814:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:46 honeypot-fra-1 sshd[1615]: Did not receive identification string from 204.44.66.189 port 56348","@timestamp":"2022-09-12T04:13:46.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1625]: Invalid user rustserver from 204.44.66.189 port 59076","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1634]: Invalid user user from 204.44.66.189 port 59050","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1641]: Invalid user admin from 204.44.66.189 port 59096","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1642]: Invalid user devops from 204.44.66.189 port 59078","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1623]: Connection closed by invalid user admin 204.44.66.189 port 59058 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1635]: Connection closed by invalid user es 204.44.66.189 port 59116 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1631]: Connection closed by invalid user chia 204.44.66.189 port 59064 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1642]: Connection closed by invalid user devops 204.44.66.189 port 59078 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:15:34 honeypot-ams-1 sshd[11305]: Disconnected from authenticating user root 92.255.85.69 port 46914 [preauth]","@timestamp":"2022-09-12T04:15:34.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:17:01 honeypot-fra-1 CRON[1671]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T04:17:01.842Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:17:02.824Z","@version":"1","message":"Sep 12 04:17:01 honeypot-sgp-1 CRON[7359]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:41.843Z","@version":"1","message":"Sep 12 04:17:41 honeypot-sgp-1 sshd[7365]: Invalid user user from 45.61.186.169 port 40722","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:58.852Z","@version":"1","message":"Sep 12 04:17:57 honeypot-sgp-1 sshd[7369]: Invalid user user from 45.61.186.169 port 35748","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:18:14.860Z","@version":"1","message":"Sep 12 04:18:14 honeypot-sgp-1 sshd[7373]: Invalid user user from 45.61.186.169 port 58920","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:18:19 honeypot-ams-1 sshd[11310]: Disconnected from authenticating user root 93.147.129.222 port 57142 [preauth]","@timestamp":"2022-09-12T04:18:20.091Z"}
{"@timestamp":"2022-09-12T04:18:50.878Z","@version":"1","message":"Sep 12 04:18:50 honeypot-sgp-1 kernel: [83832442.766120] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15860 PROTO=TCP SPT=34855 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:13 honeypot-ams-1 sshd[11316]: Received disconnect from 45.61.186.49 port 44426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:20:14.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:23 honeypot-ams-1 sshd[11320]: Received disconnect from 45.61.186.49 port 56372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:20:24.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:23:01 honeypot-fra-1 sshd[1677]: Connection closed by invalid user support 218.88.215.122 port 57749 [preauth]","@timestamp":"2022-09-12T04:23:01.976Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:26:05.058Z","@version":"1","message":"Sep 12 04:26:04 honeypot-sgp-1 sshd[7381]: Invalid user manager from 103.188.176.251 port 35924","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:17 honeypot-ams-1 sshd[11324]: Disconnected from authenticating user root 80.76.51.43 port 42016 [preauth]","@timestamp":"2022-09-12T04:30:18.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:48 honeypot-ams-1 sshd[11328]: Disconnected from invalid user support 80.76.51.43 port 41570 [preauth]","@timestamp":"2022-09-12T04:30:49.429Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:32:05 honeypot-fra-1 sshd[1682]: Disconnected from authenticating user root 103.133.57.242 port 51422 [preauth]","@timestamp":"2022-09-12T04:32:06.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:37:49 honeypot-fra-1 kernel: [83831897.324467] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=43793 DF PROTO=TCP SPT=52346 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T04:37:50.309Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:38:43 honeypot-ams-1 sshd[11335]: Disconnected from authenticating user root 92.255.85.70 port 43452 [preauth]","@timestamp":"2022-09-12T04:38:43.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:12 honeypot-ams-1 sshd[11340]: Received disconnect from 45.61.184.204 port 55534:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:40:12.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:31 honeypot-ams-1 sshd[11344]: Invalid user user from 45.61.184.204 port 51466","@timestamp":"2022-09-12T04:40:31.713Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:40:45 honeypot-ams-1 kernel: [83834230.512976] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=4598 PROTO=TCP SPT=56564 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:40:45.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:41:00 honeypot-ams-1 sshd[11350]: Disconnected from invalid user user 45.61.184.204 port 59480 [preauth]","@timestamp":"2022-09-12T04:41:00.730Z"}
{"@timestamp":"2022-09-12T04:44:12.499Z","@version":"1","message":"Sep 12 04:44:12 honeypot-sgp-1 kernel: [83833964.342527] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.57 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46294 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:45:09 honeypot-fra-1 sshd[1690]: Disconnected from authenticating user root 122.170.105.253 port 36458 [preauth]","@timestamp":"2022-09-12T04:45:09.471Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:50:43 honeypot-ams-1 sshd[11356]: Received disconnect from 14.161.50.120 port 42577:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:50:43.994Z"}
{"@timestamp":"2022-09-12T04:51:22.692Z","@version":"1","message":"Sep 12 04:51:22 honeypot-sgp-1 sshd[7404]: Received disconnect from 157.245.9.6 port 49146:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:52:39 honeypot-fra-1 kernel: [83832787.410591] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=42600 PROTO=TCP SPT=42193 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:52:39.639Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1700]: Invalid user dev from 212.87.251.118 port 45328","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1716]: Invalid user esuser from 212.87.251.118 port 45370","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1710]: Invalid user esuser from 212.87.251.118 port 45346","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1723]: Invalid user admin from 212.87.251.118 port 45390","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1721]: Connection closed by authenticating user root 212.87.251.118 port 45384 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1702]: Connection closed by invalid user es 212.87.251.118 port 45318 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1708]: Connection closed by invalid user oracle 212.87.251.118 port 45342 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1726]: Connection closed by invalid user www 212.87.251.118 port 45406 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1731]: Invalid user user from 212.87.251.118 port 45440","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:37 honeypot-fra-1 sshd[1731]: Connection closed by invalid user user 212.87.251.118 port 45440 [preauth]","@timestamp":"2022-09-12T04:55:37.707Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:56:22 honeypot-ams-1 sshd[11363]: Received disconnect from 210.16.201.131 port 59640:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:56:23.146Z"}
{"@timestamp":"2022-09-12T04:59:13.885Z","@version":"1","message":"Sep 12 04:59:13 honeypot-sgp-1 sshd[7410]: Received disconnect from 45.61.186.49 port 35332:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:59:22.890Z","@version":"1","message":"Sep 12 04:59:22 honeypot-sgp-1 sshd[7414]: Received disconnect from 45.61.186.49 port 46746:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:59:55 honeypot-fra-1 sshd[1763]: Disconnected from authenticating user root 92.255.85.70 port 24078 [preauth]","@timestamp":"2022-09-12T04:59:56.803Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:00:44.925Z","@version":"1","message":"Sep 12 05:00:44 honeypot-sgp-1 sshd[7418]: Disconnected from authenticating user root 200.123.21.242 port 45456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:11:19 honeypot-ams-1 kernel: [83836064.218742] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=32851 PROTO=TCP SPT=41516 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:11:19.542Z"}
{"@timestamp":"2022-09-12T05:14:03.247Z","@version":"1","message":"Sep 12 05:14:02 honeypot-sgp-1 kernel: [83835754.314159] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.156.155.3 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49812 PROTO=TCP SPT=57875 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:14:38 honeypot-fra-1 sshd[1770]: Received disconnect from 146.59.226.228 port 56856:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:14:39.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:14:42 honeypot-ams-1 sshd[11824]: Disconnected from invalid user user 45.61.186.249 port 54192 [preauth]","@timestamp":"2022-09-12T05:14:43.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:01 honeypot-ams-1 sshd[11828]: Disconnected from invalid user user 45.61.186.249 port 49252 [preauth]","@timestamp":"2022-09-12T05:15:01.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:19 honeypot-ams-1 sshd[11832]: Disconnected from invalid user user 45.61.186.249 port 44340 [preauth]","@timestamp":"2022-09-12T05:15:19.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:37 honeypot-ams-1 sshd[11836]: Disconnected from invalid user user 45.61.186.249 port 39424 [preauth]","@timestamp":"2022-09-12T05:15:38.666Z"}
{"@timestamp":"2022-09-12T05:18:55.369Z","@version":"1","message":"Sep 12 05:18:55 honeypot-sgp-1 kernel: [83836046.983321] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=12485 DF PROTO=TCP SPT=55600 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:19:52.396Z","@version":"1","message":"Sep 12 05:19:51 honeypot-sgp-1 sshd[7433]: Received disconnect from 43.154.183.166 port 34358:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:19:52 honeypot-fra-1 sshd[1778]: Invalid user robin from 114.247.103.218 port 24933","@timestamp":"2022-09-12T05:19:53.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:21:06 honeypot-fra-1 sshd[1782]: Received disconnect from 195.24.207.199 port 37970:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:21:07.275Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:22:08.454Z","@version":"1","message":"Sep 12 05:22:07 honeypot-sgp-1 sshd[7437]: Disconnected from authenticating user root 185.51.128.152 port 56678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:24:43 honeypot-ams-1 kernel: [83836868.407371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=54983 DF PROTO=TCP SPT=61252 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T05:24:43.909Z"}
{"@timestamp":"2022-09-12T05:32:21.698Z","@version":"1","message":"Sep 12 05:32:21 honeypot-sgp-1 sshd[7444]: Received disconnect from 45.61.187.160 port 50530:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:41.710Z","@version":"1","message":"Sep 12 05:32:41 honeypot-sgp-1 sshd[7448]: Received disconnect from 45.61.187.160 port 45700:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:33:00.719Z","@version":"1","message":"Sep 12 05:32:59 honeypot-sgp-1 sshd[7452]: Received disconnect from 45.61.187.160 port 40934:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:33:17.727Z","@version":"1","message":"Sep 12 05:33:17 honeypot-sgp-1 sshd[7456]: Received disconnect from 45.61.187.160 port 36156:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:34:38 honeypot-ams-1 sshd[11847]: Did not receive identification string from 45.61.187.160 port 53918","@timestamp":"2022-09-12T05:34:39.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:09 honeypot-ams-1 sshd[11850]: Disconnected from invalid user user 45.61.187.160 port 59786 [preauth]","@timestamp":"2022-09-12T05:35:10.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:28 honeypot-ams-1 sshd[11854]: Disconnected from invalid user user 45.61.187.160 port 54480 [preauth]","@timestamp":"2022-09-12T05:35:28.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:45 honeypot-ams-1 sshd[11858]: Disconnected from invalid user user 45.61.187.160 port 49170 [preauth]","@timestamp":"2022-09-12T05:35:46.208Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:39:47 honeypot-ams-1 kernel: [83837772.549516] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=40978 DF PROTO=TCP SPT=48766 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:39:48.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:40:45 honeypot-fra-1 sshd[1788]: Invalid user admin from 52.148.87.44 port 39266","@timestamp":"2022-09-12T05:40:45.710Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:43:59.987Z","@version":"1","message":"Sep 12 05:43:59 honeypot-sgp-1 sshd[7463]: Received disconnect from 92.255.85.69 port 35066:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:39 honeypot-fra-1 sshd[1793]: Invalid user user from 141.255.162.226 port 33086","@timestamp":"2022-09-12T05:44:39.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:43 honeypot-fra-1 sshd[1797]: Invalid user user from 141.255.162.226 port 54350","@timestamp":"2022-09-12T05:44:43.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:47 honeypot-fra-1 sshd[1801]: Invalid user user from 141.255.162.226 port 40286","@timestamp":"2022-09-12T05:44:47.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:49:21 honeypot-fra-1 kernel: [83836188.992994] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.225.195.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9829 PROTO=TCP SPT=41760 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:49:21.907Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:49:56 honeypot-ams-1 sshd[11868]: Received disconnect from 68.183.236.92 port 52932:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:49:56.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:51:36 honeypot-ams-1 sshd[11870]: Disconnected from invalid user beau 95.86.165.90 port 36544 [preauth]","@timestamp":"2022-09-12T05:51:36.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:54:24 honeypot-fra-1 sshd[1807]: Did not receive identification string from 45.61.187.160 port 50982","@timestamp":"2022-09-12T05:54:25.021Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:02 honeypot-fra-1 sshd[1810]: Disconnected from invalid user user 45.61.187.160 port 53566 [preauth]","@timestamp":"2022-09-12T05:55:03.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:20 honeypot-fra-1 sshd[1814]: Disconnected from invalid user user 45.61.187.160 port 49546 [preauth]","@timestamp":"2022-09-12T05:55:21.046Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:37 honeypot-fra-1 sshd[1818]: Disconnected from invalid user user 45.61.187.160 port 45524 [preauth]","@timestamp":"2022-09-12T05:55:38.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:56:10 honeypot-fra-1 sshd[1822]: Disconnected from invalid user kf 165.22.45.108 port 33418 [preauth]","@timestamp":"2022-09-12T05:56:11.068Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:00:38.387Z","@version":"1","message":"Sep 12 06:00:38 honeypot-sgp-1 sshd[7469]: Did not receive identification string from 141.255.162.226 port 40544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:00:54.396Z","@version":"1","message":"Sep 12 06:00:53 honeypot-sgp-1 sshd[7472]: Disconnected from invalid user user 141.255.162.226 port 38214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:00:58.398Z","@version":"1","message":"Sep 12 06:00:58 honeypot-sgp-1 sshd[7476]: Disconnected from invalid user user 141.255.162.226 port 45006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:05:11.505Z","@version":"1","message":"Sep 12 06:05:10 honeypot-sgp-1 sshd[7574]: Connection closed by invalid user pi 161.8.12.170 port 40764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:08:46 honeypot-fra-1 kernel: [83837354.035276] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9618 PROTO=TCP SPT=42403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:08:46.346Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:12:45 honeypot-ams-1 sshd[11876]: Received disconnect from 92.255.85.70 port 60026:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:12:45.187Z"}
{"@timestamp":"2022-09-12T06:14:27.733Z","@version":"1","message":"Sep 12 06:14:26 honeypot-sgp-1 kernel: [83839378.886851] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=223.18.204.76 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=37328 PROTO=TCP SPT=54009 DPT=80 WINDOW=63193 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1929]: Received disconnect from 185.196.220.81 port 52714:11: end [preauth]","@timestamp":"2022-09-12T06:15:33.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1933]: Received disconnect from 185.196.220.81 port 53856:11: end [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1937]: Disconnected from authenticating user root 185.196.220.81 port 55100 [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1943]: Received disconnect from 185.196.220.81 port 57136:11: end [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1947]: Received disconnect from 185.196.220.81 port 58598:11: end [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1951]: Disconnected from authenticating user root 185.196.220.81 port 60026 [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1957]: Invalid user admin from 185.196.220.81 port 33846","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1961]: Received disconnect from 185.196.220.81 port 35494:11: end [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1965]: Received disconnect from 185.196.220.81 port 37172:11: end [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1969]: Disconnected from invalid user oracle 185.196.220.81 port 38838 [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1975]: Invalid user admin from 185.196.220.81 port 41542","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1979]: Received disconnect from 185.196.220.81 port 43088:11: end [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1983]: Received disconnect from 185.196.220.81 port 44628:11: end [preauth]","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1987]: Received disconnect from 185.196.220.81 port 46196:11: end [preauth]","@timestamp":"2022-09-12T06:15:39.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:41 honeypot-fra-1 sshd[1991]: Connection closed by invalid user support 91.103.30.86 port 53556 [preauth]","@timestamp":"2022-09-12T06:15:42.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:17:01 honeypot-ams-1 CRON[11879]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T06:17:02.296Z"}
{"@timestamp":"2022-09-12T06:22:43.935Z","@version":"1","message":"Sep 12 06:22:43 honeypot-sgp-1 kernel: [83839875.551452] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.184.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=42848 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:25:04 honeypot-fra-1 CRON[1998]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T06:25:04.717Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:29:20.107Z","@version":"1","message":"Sep 12 06:29:19 honeypot-sgp-1 sshd[7734]: Disconnected from 161.35.113.79 port 54636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:30:58 honeypot-ams-1 sshd[12144]: Connection closed by invalid user manager 103.188.176.251 port 56236 [preauth]","@timestamp":"2022-09-12T06:30:58.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:32:14 honeypot-fra-1 sshd[2135]: Invalid user ubnt from 167.99.236.74 port 46296","@timestamp":"2022-09-12T06:32:14.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:34:35 honeypot-fra-1 kernel: [83838903.335826] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.41.8.254 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52718 PROTO=TCP SPT=43365 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:34:35.933Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:36:06 honeypot-ams-1 sshd[12149]: Disconnected from authenticating user root 92.255.85.69 port 20590 [preauth]","@timestamp":"2022-09-12T06:36:06.797Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:43:07 honeypot-fra-1 sshd[2146]: Invalid user support from 220.130.226.160 port 33551","@timestamp":"2022-09-12T06:43:08.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:43:42 honeypot-ams-1 sshd[12155]: Received disconnect from 45.61.187.160 port 50548:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T06:43:42.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:00 honeypot-ams-1 sshd[12159]: Invalid user user from 45.61.187.160 port 46294","@timestamp":"2022-09-12T06:44:01.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:09 honeypot-ams-1 sshd[12161]: Disconnected from invalid user user 45.61.187.160 port 58322 [preauth]","@timestamp":"2022-09-12T06:44:10.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:26 honeypot-ams-1 sshd[12165]: Disconnected from invalid user user 45.61.187.160 port 54096 [preauth]","@timestamp":"2022-09-12T06:44:27.022Z"}
{"@timestamp":"2022-09-12T06:46:35.549Z","@version":"1","message":"Sep 12 06:46:35 honeypot-sgp-1 kernel: [83841307.406330] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=40616 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:52:31 honeypot-fra-1 sshd[2155]: Invalid user lz from 178.62.90.145 port 45758","@timestamp":"2022-09-12T06:52:32.338Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:52:50.705Z","@version":"1","message":"Sep 12 06:52:50 honeypot-sgp-1 sshd[7744]: Received disconnect from 204.48.30.72 port 41388:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:54:03 honeypot-ams-1 sshd[12170]: Disconnected from authenticating user root 157.230.233.185 port 42340 [preauth]","@timestamp":"2022-09-12T06:54:04.293Z"}
{"@timestamp":"2022-09-12T06:55:00.760Z","@version":"1","message":"Sep 12 06:55:00 honeypot-sgp-1 sshd[7748]: Disconnected from authenticating user root 92.255.85.69 port 22232 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:57:36 honeypot-fra-1 sshd[2162]: Received disconnect from 92.255.85.69 port 43168:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:57:37.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:57:45.833Z","@version":"1","message":"Sep 12 06:57:45 honeypot-sgp-1 sshd[7755]: Received disconnect from 165.227.83.174 port 42572:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:00:12 honeypot-ams-1 sshd[12175]: Disconnected from authenticating user root 92.255.85.69 port 31330 [preauth]","@timestamp":"2022-09-12T07:00:13.452Z"}
{"@timestamp":"2022-09-12T07:05:55.035Z","@version":"1","message":"Sep 12 07:05:54 honeypot-sgp-1 kernel: [83842466.087564] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.152.41.83 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53878 PROTO=TCP SPT=48582 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:07:49 honeypot-fra-1 sshd[2167]: Invalid user user from 114.143.180.197 port 51915","@timestamp":"2022-09-12T07:07:50.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:14 honeypot-fra-1 sshd[2171]: Disconnected from invalid user user 45.61.184.204 port 34124 [preauth]","@timestamp":"2022-09-12T07:16:14.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:34 honeypot-fra-1 sshd[2175]: Disconnected from invalid user user 45.61.184.204 port 57714 [preauth]","@timestamp":"2022-09-12T07:16:34.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:53 honeypot-fra-1 sshd[2179]: Disconnected from invalid user user 45.61.184.204 port 53066 [preauth]","@timestamp":"2022-09-12T07:16:53.889Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:17:01.311Z","@version":"1","message":"Sep 12 07:17:01 honeypot-sgp-1 CRON[7768]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:17:01 honeypot-ams-1 CRON[12183]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T07:17:01.883Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:09 honeypot-fra-1 sshd[2187]: Invalid user user from 45.61.184.204 port 48422","@timestamp":"2022-09-12T07:17:09.896Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:20:21 honeypot-fra-1 kernel: [83841649.012072] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52612 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:20:21.974Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T07:21:29.423Z","@version":"1","message":"Sep 12 07:21:28 honeypot-sgp-1 sshd[7775]: Invalid user user from 141.255.162.226 port 45236","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:32.424Z","@version":"1","message":"Sep 12 07:21:31 honeypot-sgp-1 sshd[7779]: Invalid user user from 141.255.162.226 port 52134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:36.428Z","@version":"1","message":"Sep 12 07:21:35 honeypot-sgp-1 sshd[7783]: Invalid user user from 141.255.162.226 port 37698","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:23:44 honeypot-ams-1 sshd[12189]: Received disconnect from 92.255.85.69 port 53222:11: Bye Bye [preauth]","@timestamp":"2022-09-12T07:23:44.056Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:25:48 honeypot-fra-1 sshd[2199]: Did not receive identification string from 45.61.187.160 port 52392","@timestamp":"2022-09-12T07:25:49.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:21 honeypot-fra-1 sshd[2202]: Disconnected from invalid user user 45.61.187.160 port 40656 [preauth]","@timestamp":"2022-09-12T07:26:22.129Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:39 honeypot-fra-1 sshd[2206]: Disconnected from invalid user user 45.61.187.160 port 36120 [preauth]","@timestamp":"2022-09-12T07:26:40.137Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:56 honeypot-fra-1 sshd[2210]: Disconnected from invalid user user 45.61.187.160 port 59804 [preauth]","@timestamp":"2022-09-12T07:26:56.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:27:00.594Z","@version":"1","message":"Sep 12 07:27:00 honeypot-sgp-1 sshd[7788]: Received disconnect from 67.205.138.198 port 38254:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:28:59.646Z","@version":"1","message":"Sep 12 07:28:58 honeypot-sgp-1 sshd[7792]: Disconnected from invalid user teamspeak 77.24.124.41 port 48566 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:12 honeypot-ams-1 sshd[12193]: Disconnected from invalid user user 45.61.186.249 port 60244 [preauth]","@timestamp":"2022-09-12T07:32:13.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:33 honeypot-ams-1 sshd[12198]: Disconnected from invalid user user 45.61.186.249 port 55984 [preauth]","@timestamp":"2022-09-12T07:32:34.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:52 honeypot-ams-1 sshd[12202]: Disconnected from invalid user user 45.61.186.249 port 51666 [preauth]","@timestamp":"2022-09-12T07:32:53.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:33:09 honeypot-ams-1 sshd[12206]: Disconnected from invalid user user 45.61.186.249 port 47392 [preauth]","@timestamp":"2022-09-12T07:33:10.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:33 honeypot-fra-1 sshd[2217]: Received disconnect from 141.255.162.226 port 49506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:33:33.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:34 honeypot-fra-1 sshd[2221]: Received disconnect from 141.255.162.226 port 56212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:33:35.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:39 honeypot-fra-1 sshd[2225]: Received disconnect from 141.255.162.226 port 48100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:33:40.296Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:40:49 honeypot-fra-1 kernel: [83842876.958428] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=16285 PROTO=TCP SPT=49914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:40:49.455Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:42:07 honeypot-fra-1 sshd[2234]: Invalid user kf2 from 165.22.45.108 port 49332","@timestamp":"2022-09-12T07:42:07.488Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:42:13.972Z","@version":"1","message":"Sep 12 07:42:13 honeypot-sgp-1 sshd[7800]: Disconnected from invalid user duni 92.255.85.69 port 45470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:43:00 honeypot-fra-1 sshd[2238]: Connection closed by invalid user ubnt 122.187.155.50 port 54677 [preauth]","@timestamp":"2022-09-12T07:43:01.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:44:28 honeypot-fra-1 sshd[2244]: Received disconnect from 143.244.158.100 port 38568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:44:29.548Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:44:57 honeypot-ams-1 sshd[12212]: Invalid user User from 179.60.147.69 port 18086","@timestamp":"2022-09-12T07:44:57.642Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:45:18 honeypot-fra-1 sshd[2249]: Disconnected from authenticating user root 143.244.158.100 port 56282 [preauth]","@timestamp":"2022-09-12T07:45:19.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:46:53 honeypot-fra-1 sshd[2255]: Received disconnect from 143.244.158.100 port 33064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:46:54.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:48:31 honeypot-fra-1 sshd[2259]: Disconnected from authenticating user root 143.244.158.100 port 53578 [preauth]","@timestamp":"2022-09-12T07:48:31.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:50:52 honeypot-fra-1 sshd[2266]: Received disconnect from 143.244.158.100 port 43040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:50:52.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:52:42 honeypot-fra-1 kernel: [83843590.378427] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56083 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:52:43.747Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:54:01 honeypot-ams-1 kernel: [83845826.154398] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.117.125 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39260 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:54:01.877Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:54:30 honeypot-fra-1 sshd[2276]: Invalid user User from 179.60.147.69 port 59016","@timestamp":"2022-09-12T07:54:31.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:56:34 honeypot-fra-1 sshd[2283]: Received disconnect from 143.244.158.100 port 44682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:56:34.840Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:57:29.351Z","@version":"1","message":"Sep 12 07:57:28 honeypot-sgp-1 sshd[7804]: Connection closed by invalid user support 116.228.125.70 port 44727 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:59:01 honeypot-fra-1 sshd[2289]: Invalid user amssys from 137.184.96.200 port 50440","@timestamp":"2022-09-12T07:59:01.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:59:51 honeypot-fra-1 sshd[2295]: Received disconnect from 143.244.158.100 port 49964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:59:51.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:01:52 honeypot-fra-1 kernel: [83844140.062652] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=40392 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:01:52.967Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:03:12 honeypot-fra-1 sshd[2306]: Received disconnect from 143.244.158.100 port 49078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:03:13.000Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:21 honeypot-ams-1 sshd[12223]: Disconnected from invalid user user 45.61.186.249 port 35084 [preauth]","@timestamp":"2022-09-12T08:04:21.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:41 honeypot-ams-1 sshd[12227]: Disconnected from invalid user user 45.61.186.249 port 58950 [preauth]","@timestamp":"2022-09-12T08:04:42.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:04:46 honeypot-fra-1 sshd[2312]: Received disconnect from 143.244.158.100 port 37890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:04:47.037Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:00 honeypot-ams-1 sshd[12231]: Disconnected from invalid user user 45.61.186.249 port 54576 [preauth]","@timestamp":"2022-09-12T08:05:01.164Z"}
{"@timestamp":"2022-09-12T08:05:14.545Z","@version":"1","message":"Sep 12 08:05:14 honeypot-sgp-1 sshd[7808]: Disconnected from invalid user baikal 92.255.85.69 port 54692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:16 honeypot-ams-1 sshd[12235]: Disconnected from invalid user user 45.61.186.249 port 50194 [preauth]","@timestamp":"2022-09-12T08:05:17.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:06:41 honeypot-fra-1 kernel: [83844428.923040] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=47.108.116.232 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=43095 DF PROTO=TCP SPT=53833 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:06:42.083Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:08:17 honeypot-fra-1 sshd[2323]: Received disconnect from 92.255.85.69 port 32506:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:08:18.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:09:54 honeypot-fra-1 sshd[2329]: Did not receive identification string from 89.248.173.131 port 34604","@timestamp":"2022-09-12T08:09:55.161Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:11:06 honeypot-ams-1 kernel: [83846851.376153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=13990 DF PROTO=TCP SPT=54781 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T08:11:07.328Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:11:13 honeypot-fra-1 sshd[2334]: Disconnected from authenticating user root 143.244.158.100 port 49774 [preauth]","@timestamp":"2022-09-12T08:11:14.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:12:44 honeypot-fra-1 sshd[2360]: Disconnected from authenticating user root 162.243.28.146 port 53466 [preauth]","@timestamp":"2022-09-12T08:12:44.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:13:41 honeypot-fra-1 sshd[2366]: Received disconnect from 143.244.158.100 port 45578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:13:41.255Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:15:17.820Z","@version":"1","message":"Sep 12 08:15:17 honeypot-sgp-1 kernel: [83846629.476713] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=50233 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:15:56 honeypot-fra-1 sshd[2372]: Invalid user admin from 103.36.122.131 port 42969","@timestamp":"2022-09-12T08:15:56.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:16:53 honeypot-fra-1 sshd[2376]: Disconnected from invalid user kf2server 165.22.45.108 port 54190 [preauth]","@timestamp":"2022-09-12T08:16:54.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:17:46 honeypot-fra-1 sshd[2384]: Disconnected from authenticating user root 143.244.158.100 port 48212 [preauth]","@timestamp":"2022-09-12T08:17:46.354Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:18:23 honeypot-ams-1 sshd[12246]: Invalid user test from 103.133.57.242 port 45596","@timestamp":"2022-09-12T08:18:23.517Z"}
{"@timestamp":"2022-09-12T08:18:49.912Z","@version":"1","message":"Sep 12 08:18:49 honeypot-sgp-1 sshd[7818]: Disconnected from authenticating user root 177.229.134.50 port 12503 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:20:19 honeypot-fra-1 sshd[2390]: Received disconnect from 143.244.158.100 port 33534:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:20:19.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:20:47 honeypot-ams-1 sshd[12251]: Invalid user User from 179.60.147.69 port 41588","@timestamp":"2022-09-12T08:20:47.583Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:21:09 honeypot-fra-1 sshd[2394]: Disconnected from authenticating user root 143.244.158.100 port 36802 [preauth]","@timestamp":"2022-09-12T08:21:10.435Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:45 honeypot-ams-1 sshd[12254]: Disconnected from invalid user user 141.255.162.226 port 49112 [preauth]","@timestamp":"2022-09-12T08:21:46.614Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:47 honeypot-ams-1 sshd[12258]: Disconnected from invalid user user 141.255.162.226 port 34652 [preauth]","@timestamp":"2022-09-12T08:21:47.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:52 honeypot-ams-1 sshd[12262]: Disconnected from invalid user user 141.255.162.226 port 48416 [preauth]","@timestamp":"2022-09-12T08:21:52.617Z"}
{"@timestamp":"2022-09-12T08:22:00.993Z","@version":"1","message":"Sep 12 08:22:00 honeypot-sgp-1 kernel: [83847031.859364] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.252 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42883 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:23:35 honeypot-fra-1 sshd[2401]: Disconnected from authenticating user root 143.244.158.100 port 37174 [preauth]","@timestamp":"2022-09-12T08:23:35.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:25:58 honeypot-fra-1 sshd[2407]: Disconnected from authenticating user root 143.244.158.100 port 41366 [preauth]","@timestamp":"2022-09-12T08:25:58.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:26:51 honeypot-ams-1 kernel: [83847796.577131] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.180.105.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=19312 PROTO=TCP SPT=15289 DPT=80 WINDOW=53282 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:26:52.765Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:33:41 honeypot-fra-1 sshd[2426]: Connection closed by authenticating user root 31.190.6.228 port 46892 [preauth]","@timestamp":"2022-09-12T08:33:41.725Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:34:00 honeypot-ams-1 sshd[12287]: Disconnected from authenticating user root 92.255.85.69 port 20538 [preauth]","@timestamp":"2022-09-12T08:34:00.953Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:37:13 honeypot-ams-1 kernel: [83848417.916711] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.120.202.242 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=21081 DF PROTO=TCP SPT=51092 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:37:14.041Z"}
{"@timestamp":"2022-09-12T08:37:21.375Z","@version":"1","message":"Sep 12 08:37:20 honeypot-sgp-1 kernel: [83847952.606432] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=2.57.122.44 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=11359 PROTO=TCP SPT=48187 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:36.484Z","@version":"1","message":"Sep 12 08:41:35 honeypot-sgp-1 sshd[7855]: Invalid user user from 45.61.186.169 port 33716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:52.493Z","@version":"1","message":"Sep 12 08:41:52 honeypot-sgp-1 sshd[7859]: Invalid user user from 45.61.186.169 port 57756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:08.502Z","@version":"1","message":"Sep 12 08:42:08 honeypot-sgp-1 sshd[7863]: Invalid user user from 45.61.186.169 port 53554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:16.507Z","@version":"1","message":"Sep 12 08:42:16 honeypot-sgp-1 sshd[7866]: Disconnected from invalid user user 45.61.186.169 port 37342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:43:56 honeypot-fra-1 sshd[2437]: Invalid user admin from 162.241.222.29 port 56130","@timestamp":"2022-09-12T08:43:57.955Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:48:53 honeypot-ams-1 kernel: [83849117.835961] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.75.20.16 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=6377 PROTO=TCP SPT=43904 DPT=443 WINDOW=33709 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:48:53.344Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:50:50 honeypot-fra-1 sshd[2443]: Invalid user lqq from 80.87.83.58 port 43164","@timestamp":"2022-09-12T08:50:51.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:52:00 honeypot-fra-1 sshd[2447]: Received disconnect from 165.22.45.108 port 59040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:52:01.139Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:52:02.749Z","@version":"1","message":"Sep 12 08:52:02 honeypot-sgp-1 sshd[7871]: Disconnected from authenticating user root 92.255.85.70 port 20716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:53:30 honeypot-fra-1 sshd[2451]: Received disconnect from 60.10.72.200 port 39317:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:53:31.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:13 honeypot-ams-1 sshd[12295]: Disconnected from invalid user user 141.255.162.226 port 33410 [preauth]","@timestamp":"2022-09-12T08:54:14.486Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:18 honeypot-ams-1 sshd[12299]: Disconnected from invalid user user 141.255.162.226 port 47404 [preauth]","@timestamp":"2022-09-12T08:54:19.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:20 honeypot-ams-1 sshd[12303]: Disconnected from invalid user user 141.255.162.226 port 54402 [preauth]","@timestamp":"2022-09-12T08:54:21.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:55:03 honeypot-fra-1 sshd[2457]: Invalid user joaquim from 133.130.101.23 port 37480","@timestamp":"2022-09-12T08:55:04.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:57:48 honeypot-ams-1 sshd[12310]: Received disconnect from 92.255.85.69 port 33178:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:57:48.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:59:49 honeypot-fra-1 sshd[2460]: Connection closed by invalid user support 45.51.117.228 port 33633 [preauth]","@timestamp":"2022-09-12T08:59:50.325Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:00:02.952Z","@version":"1","message":"Sep 12 09:00:02 honeypot-sgp-1 sshd[7876]: Received disconnect from 168.138.175.40 port 60798:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T09:05:38.118Z","@version":"1","message":"Sep 12 09:05:37 honeypot-sgp-1 kernel: [83849649.473200] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.65.119.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=46087 DF PROTO=TCP SPT=48425 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:05 honeypot-fra-1 sshd[2466]: Disconnected from invalid user user 45.61.186.49 port 43380 [preauth]","@timestamp":"2022-09-12T09:06:06.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:14 honeypot-fra-1 sshd[2470]: Disconnected from invalid user user 45.61.186.49 port 54984 [preauth]","@timestamp":"2022-09-12T09:06:15.468Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:09:03 honeypot-fra-1 sshd[2476]: Invalid user admin from 211.24.100.56 port 46826","@timestamp":"2022-09-12T09:09:03.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:09:52 honeypot-ams-1 kernel: [83850377.762217] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.200.97.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=53646 PROTO=TCP SPT=41706 DPT=443 WINDOW=26682 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:09:53.893Z"}
{"@timestamp":"2022-09-12T09:13:56.321Z","@version":"1","message":"Sep 12 09:13:55 honeypot-sgp-1 kernel: [83850147.194701] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.140.141.193 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=60712 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:17:01 honeypot-fra-1 CRON[2480]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T09:17:01.731Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:17:01 honeypot-ams-1 CRON[12319]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T09:17:02.076Z"}
{"@timestamp":"2022-09-12T09:18:05.432Z","@version":"1","message":"Sep 12 09:18:05 honeypot-sgp-1 kernel: [83850397.030253] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=57485 DF PROTO=TCP SPT=52157 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:19:27 honeypot-ams-1 sshd[12324]: Disconnected from invalid user flume 190.144.139.235 port 35753 [preauth]","@timestamp":"2022-09-12T09:19:27.140Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:19:31 honeypot-fra-1 sshd[2488]: Invalid user admin from 43.156.237.102 port 52186","@timestamp":"2022-09-12T09:19:32.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:20:36 honeypot-ams-1 sshd[12328]: Received disconnect from 92.50.249.166 port 52808:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:20:37.175Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:24:20 honeypot-ams-1 kernel: [83851245.470514] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.128.127.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=28922 PROTO=TCP SPT=54573 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:24:21.273Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:25:05 honeypot-fra-1 sshd[2493]: Disconnected from authenticating user root 43.154.50.12 port 34014 [preauth]","@timestamp":"2022-09-12T09:25:05.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:27:58.674Z","@version":"1","message":"Sep 12 09:27:57 honeypot-sgp-1 sshd[7891]: Invalid user User from 179.60.147.69 port 19866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:28:08 honeypot-fra-1 sshd[2500]: Received disconnect from 68.183.25.156 port 39060:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:28:08.992Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:30:47 honeypot-ams-1 sshd[12341]: Invalid user User from 179.60.147.69 port 1782","@timestamp":"2022-09-12T09:30:48.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:36:28 honeypot-fra-1 sshd[2505]: Invalid user yueyiran from 137.116.144.39 port 34558","@timestamp":"2022-09-12T09:36:29.184Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:37:13 honeypot-fra-1 sshd[2509]: Disconnected from authenticating user root 52.231.162.138 port 55710 [preauth]","@timestamp":"2022-09-12T09:37:14.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:39:18.954Z","@version":"1","message":"Sep 12 09:39:18 honeypot-sgp-1 sshd[7900]: Received disconnect from 92.255.85.70 port 38322:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:44:27 honeypot-ams-1 sshd[12346]: Received disconnect from 92.255.85.70 port 48324:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:44:28.790Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:29 honeypot-fra-1 sshd[2518]: Did not receive identification string from 45.61.186.49 port 49678","@timestamp":"2022-09-12T09:44:30.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:42 honeypot-fra-1 sshd[2523]: Invalid user user from 45.61.186.49 port 57458","@timestamp":"2022-09-12T09:44:42.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:50 honeypot-fra-1 sshd[2527]: Invalid user user from 45.61.186.49 port 41148","@timestamp":"2022-09-12T09:44:51.379Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:48:25.179Z","@version":"1","message":"Sep 12 09:48:24 honeypot-sgp-1 kernel: [83852215.977307] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=4945 DF PROTO=TCP SPT=51474 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:50:04 honeypot-fra-1 sshd[2533]: Received disconnect from 147.182.171.152 port 49236:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:50:04.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:54:10 honeypot-ams-1 sshd[12351]: Invalid user tstanaka from 43.135.8.135 port 59364","@timestamp":"2022-09-12T09:54:11.037Z"}
{"@timestamp":"2022-09-12T09:55:05.369Z","@version":"1","message":"Sep 12 09:55:05 honeypot-sgp-1 sshd[7905]: Invalid user git from 5.195.211.234 port 33464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T09:55:33.383Z","@version":"1","message":"Sep 12 09:55:33 honeypot-sgp-1 kernel: [83852644.915901] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=4322 DF PROTO=TCP SPT=62751 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2554]: Invalid user es from 51.79.254.140 port 52158","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2562]: Invalid user michael from 51.79.254.140 port 52012","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2561]: Invalid user oracle from 51.79.254.140 port 52306","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2538]: Connection closed by invalid user elastic 51.79.254.140 port 52088 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2558]: Connection closed by authenticating user root 51.79.254.140 port 52172 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2555]: Connection closed by authenticating user root 51.79.254.140 port 52320 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2550]: Connection closed by invalid user tomcat 51.79.254.140 port 52114 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2556]: Connection closed by invalid user ansible 51.79.254.140 port 52072 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2588]: Connection closed by invalid user oracle 51.79.254.140 port 52314 [preauth]","@timestamp":"2022-09-12T10:01:37.755Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:02:09.548Z","@version":"1","message":"Sep 12 10:02:09 honeypot-sgp-1 sshd[7913]: Disconnected from invalid user guest 103.147.159.49 port 38488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:02:34 honeypot-fra-1 sshd[2619]: Received disconnect from 165.22.45.108 port 40548:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:02:34.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:04:52 honeypot-ams-1 sshd[12361]: Did not receive identification string from 46.19.141.122 port 53690","@timestamp":"2022-09-12T10:04:53.310Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:06:21 honeypot-ams-1 sshd[12366]: Received disconnect from 46.19.141.122 port 35708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:06:22.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:07:04 honeypot-ams-1 sshd[12371]: Received disconnect from 46.19.141.122 port 50712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:07:04.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:07:41 honeypot-ams-1 sshd[12375]: Disconnected from invalid user user 46.19.141.122 port 37466 [preauth]","@timestamp":"2022-09-12T10:07:42.392Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:08:19 honeypot-ams-1 kernel: [83853883.859121] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=59213 PROTO=TCP SPT=41706 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:08:19.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:09:03 honeypot-ams-1 sshd[12383]: Disconnected from authenticating user root 46.19.141.122 port 59968 [preauth]","@timestamp":"2022-09-12T10:09:04.433Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:10:12 honeypot-fra-1 sshd[2624]: Received disconnect from 157.245.122.58 port 38926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:10:12.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:12:04 honeypot-fra-1 sshd[2628]: Disconnected from invalid user odoo 157.245.122.58 port 37748 [preauth]","@timestamp":"2022-09-12T10:12:04.999Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:14 honeypot-ams-1 sshd[12389]: Disconnected from invalid user user 45.61.186.49 port 58482 [preauth]","@timestamp":"2022-09-12T10:12:15.518Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:23 honeypot-ams-1 sshd[12395]: Invalid user user from 45.61.186.49 port 42256","@timestamp":"2022-09-12T10:12:24.524Z"}
{"@timestamp":"2022-09-12T10:12:56.812Z","@version":"1","message":"Sep 12 10:12:56 honeypot-sgp-1 sshd[7920]: Invalid user support from 195.133.157.237 port 46628","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:13:01 honeypot-fra-1 sshd[2630]: Disconnected from invalid user tenancy 157.245.122.58 port 51288 [preauth]","@timestamp":"2022-09-12T10:13:02.023Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:14:34 honeypot-fra-1 sshd[2635]: Connection closed by invalid user User 179.60.147.69 port 26778 [preauth]","@timestamp":"2022-09-12T10:14:35.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:14:44 honeypot-ams-1 sshd[12399]: Invalid user pi from 50.45.186.194 port 45240","@timestamp":"2022-09-12T10:14:44.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:15:28 honeypot-ams-1 sshd[12403]: Invalid user wwwrun from 58.186.85.94 port 51552","@timestamp":"2022-09-12T10:15:28.605Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:15:44 honeypot-fra-1 sshd[2639]: Disconnected from invalid user jonitiso 157.245.122.58 port 35418 [preauth]","@timestamp":"2022-09-12T10:15:45.090Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:17:01.912Z","@version":"1","message":"Sep 12 10:17:01 honeypot-sgp-1 CRON[7927]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:31 honeypot-fra-1 sshd[2646]: Did not receive identification string from 81.69.194.231 port 52080","@timestamp":"2022-09-12T10:18:32.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2657]: Invalid user postgres from 81.69.194.231 port 57546","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2648]: Connection closed by invalid user testuser 81.69.194.231 port 57586 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2652]: Invalid user admin from 81.69.194.231 port 57536","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2669]: Invalid user lighthouse from 81.69.194.231 port 57562","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2672]: Connection closed by invalid user spark 81.69.194.231 port 57558 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2651]: Invalid user test from 81.69.194.231 port 57599","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2663]: Connection closed by invalid user deploy 81.69.194.231 port 57575 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:52 honeypot-fra-1 sshd[2697]: Did not receive identification string from 217.115.58.242 port 56472","@timestamp":"2022-09-12T10:18:53.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2698]: Invalid user mysql from 217.115.58.242 port 57128","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2709]: Invalid user user from 217.115.58.242 port 57188","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2708]: Connection closed by invalid user devops 217.115.58.242 port 57144 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2702]: Invalid user admin from 217.115.58.242 port 57124","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2740]: Invalid user kafka from 217.115.58.242 port 57180","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2741]: Connection closed by authenticating user root 217.115.58.242 port 57172 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2737]: Connection closed by invalid user momo 217.115.58.242 port 57170 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2744]: Connection closed by invalid user ansible 217.115.58.242 port 57186 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2756]: Invalid user steam from 217.115.58.242 port 57212","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:20:44.005Z","@version":"1","message":"Sep 12 10:20:43 honeypot-sgp-1 sshd[7932]: Disconnected from invalid user user 45.61.186.49 port 48638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:20:54.011Z","@version":"1","message":"Sep 12 10:20:53 honeypot-sgp-1 sshd[7936]: Disconnected from invalid user user 45.61.186.49 port 60452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:21:40 honeypot-ams-1 kernel: [83854685.384871] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.189.199.69 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=24126 PROTO=TCP SPT=64402 DPT=80 WINDOW=35820 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:21:40.764Z"}
{"@timestamp":"2022-09-12T10:26:49.157Z","@version":"1","message":"Sep 12 10:26:48 honeypot-sgp-1 sshd[7943]: Received disconnect from 92.255.85.70 port 35600:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:28:52 honeypot-fra-1 kernel: [83852959.846352] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.140.251.37 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2213 PROTO=TCP SPT=57808 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:28:53.391Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:31:15 honeypot-ams-1 sshd[12416]: Disconnected from authenticating user root 92.255.85.69 port 28782 [preauth]","@timestamp":"2022-09-12T10:31:16.011Z"}
{"@timestamp":"2022-09-12T10:34:50.354Z","@version":"1","message":"Sep 12 10:34:50 honeypot-sgp-1 sshd[7948]: Invalid user client001 from 139.198.18.230 port 35212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:38:21 honeypot-fra-1 sshd[2770]: Invalid user kf from 165.22.45.108 port 46880","@timestamp":"2022-09-12T10:38:21.606Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:38:51.454Z","@version":"1","message":"Sep 12 10:38:51 honeypot-sgp-1 sshd[7952]: Invalid user User from 179.60.147.69 port 28326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:43:53 honeypot-ams-1 sshd[12425]: Invalid user factorio from 39.91.166.193 port 54292","@timestamp":"2022-09-12T10:43:53.339Z"}
{"@timestamp":"2022-09-12T10:44:46.603Z","@version":"1","message":"Sep 12 10:44:45 honeypot-sgp-1 sshd[7959]: Invalid user knox from 210.187.80.132 port 37762","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:47:27.669Z","@version":"1","message":"Sep 12 10:47:27 honeypot-sgp-1 kernel: [83855759.066930] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.127.8 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=34430 PROTO=TCP SPT=59336 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:48:07 honeypot-ams-1 sshd[12434]: Disconnected from authenticating user www-data 201.72.190.98 port 55934 [preauth]","@timestamp":"2022-09-12T10:48:07.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:50:19 honeypot-ams-1 sshd[12441]: Received disconnect from 157.245.122.58 port 37246:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:50:19.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:52:00 honeypot-fra-1 sshd[2775]: Invalid user User from 179.60.147.69 port 15952","@timestamp":"2022-09-12T10:52:00.917Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:52:02 honeypot-ams-1 sshd[12445]: Invalid user data.user from 157.245.122.58 port 36084","@timestamp":"2022-09-12T10:52:03.554Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:52:59 honeypot-ams-1 sshd[12449]: Received disconnect from 61.177.173.51 port 41400:11:  [preauth]","@timestamp":"2022-09-12T10:53:00.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:54:44 honeypot-ams-1 sshd[12455]: Invalid user cypress from 157.245.122.58 port 48446","@timestamp":"2022-09-12T10:54:44.626Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:55:23 honeypot-fra-1 sshd[2779]: Received disconnect from 43.239.121.134 port 10165:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:55:23.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:55:36 honeypot-ams-1 sshd[12459]: Disconnected from authenticating user root 61.177.173.52 port 55830 [preauth]","@timestamp":"2022-09-12T10:55:37.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:01:52 honeypot-ams-1 sshd[12469]: Invalid user secdemo from 167.235.132.243 port 52610","@timestamp":"2022-09-12T11:01:52.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:05:28 honeypot-ams-1 sshd[12474]: Invalid user hsf from 94.153.212.78 port 45706","@timestamp":"2022-09-12T11:05:28.913Z"}
{"@timestamp":"2022-09-12T11:06:27.150Z","@version":"1","message":"Sep 12 11:06:26 honeypot-sgp-1 kernel: [83856897.997449] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.120.216.120 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=18086 PROTO=TCP SPT=40504 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:09:52 honeypot-fra-1 sshd[2785]: Invalid user admin from 165.227.109.79 port 53590","@timestamp":"2022-09-12T11:09:53.324Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:14:04 honeypot-ams-1 kernel: [83857829.656722] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.117.198.11 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=46338 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:14:05.135Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:14:23 honeypot-fra-1 sshd[2790]: Received disconnect from 165.22.45.108 port 51942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:14:24.429Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:18 honeypot-ams-1 sshd[12487]: Received disconnect from 45.61.186.169 port 40310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:15:19.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:36 honeypot-ams-1 sshd[12491]: Received disconnect from 45.61.186.169 port 35788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:15:36.178Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:15:43 honeypot-fra-1 sshd[2794]: Disconnected from authenticating user root 200.70.56.203 port 34522 [preauth]","@timestamp":"2022-09-12T11:15:43.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:52 honeypot-ams-1 sshd[12495]: Received disconnect from 45.61.186.169 port 59500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:15:53.186Z"}
{"@timestamp":"2022-09-12T11:17:01.408Z","@version":"1","message":"Sep 12 11:17:01 honeypot-sgp-1 CRON[7970]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:17:01 honeypot-fra-1 CRON[2800]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T11:17:01.496Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:17:01 honeypot-ams-1 CRON[12499]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T11:17:02.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:19:19 honeypot-fra-1 sshd[2807]: Connection closed by invalid user admin 148.153.82.141 port 45842 [preauth]","@timestamp":"2022-09-12T11:19:19.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:34 honeypot-ams-1 sshd[12509]: Invalid user pi from 2.205.35.215 port 56990","@timestamp":"2022-09-12T11:19:35.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:21:14 honeypot-ams-1 sshd[12585]: Received disconnect from 61.177.173.51 port 26575:11:  [preauth]","@timestamp":"2022-09-12T11:21:15.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:29:02 honeypot-fra-1 sshd[2814]: Invalid user User from 179.60.147.69 port 41430","@timestamp":"2022-09-12T11:29:02.766Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:29:36 honeypot-ams-1 kernel: [83858761.366892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.199.23 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=30052 PROTO=TCP SPT=17340 DPT=80 WINDOW=48349 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:29:37.548Z"}
{"@timestamp":"2022-09-12T11:30:26.731Z","@version":"1","message":"Sep 12 11:30:26 honeypot-sgp-1 sshd[7977]: Received disconnect from 197.5.145.93 port 53545:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T11:30:33.735Z","@version":"1","message":"Sep 12 11:30:33 honeypot-sgp-1 sshd[7983]: Invalid user admin from 178.128.125.205 port 59476","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:33:43 honeypot-ams-1 sshd[12595]: Disconnected from authenticating user root 143.244.158.100 port 49022 [preauth]","@timestamp":"2022-09-12T11:33:43.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:34:22 honeypot-fra-1 sshd[2819]: Bad protocol version identification '\\003' from 45.143.200.118 port 64186","@timestamp":"2022-09-12T11:34:22.891Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T11:34:26.829Z","@version":"1","message":"Sep 12 11:34:25 honeypot-sgp-1 sshd[7988]: Disconnected from authenticating user root 82.66.71.202 port 49134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:36:28 honeypot-ams-1 sshd[12602]: Received disconnect from 143.244.158.100 port 49798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:36:28.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:38:11 honeypot-fra-1 sshd[2822]: Disconnected from invalid user finexa 94.75.123.43 port 58938 [preauth]","@timestamp":"2022-09-12T11:38:11.980Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:38:13 honeypot-ams-1 sshd[12608]: Received disconnect from 143.244.158.100 port 52062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:38:13.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:39:03 honeypot-ams-1 sshd[12612]: Disconnected from authenticating user root 143.244.158.100 port 55962 [preauth]","@timestamp":"2022-09-12T11:39:04.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:39:47 honeypot-fra-1 sshd[2829]: Invalid user teamspeak3 from 159.223.107.102 port 42932","@timestamp":"2022-09-12T11:39:48.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:40:41 honeypot-ams-1 sshd[12621]: Received disconnect from 143.244.158.100 port 55418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:40:41.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:41:32 honeypot-ams-1 sshd[12625]: Disconnected from authenticating user root 143.244.158.100 port 36254 [preauth]","@timestamp":"2022-09-12T11:41:32.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:43:14 honeypot-ams-1 sshd[12631]: Disconnected from authenticating user root 143.244.158.100 port 37178 [preauth]","@timestamp":"2022-09-12T11:43:14.935Z"}
{"@timestamp":"2022-09-12T11:45:19.089Z","@version":"1","message":"Sep 12 11:45:19 honeypot-sgp-1 sshd[7995]: Connection closed by invalid user  152.32.157.116 port 39772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:45:48 honeypot-ams-1 sshd[12642]: Received disconnect from 143.244.158.100 port 54780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:45:49.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:46:45 honeypot-fra-1 kernel: [83857632.576973] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.7 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48542 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:46:46.182Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:47:35 honeypot-ams-1 kernel: [83859840.484695] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=24657 DF PROTO=TCP SPT=58581 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T11:47:36.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:49:23 honeypot-ams-1 sshd[12650]: Disconnected from authenticating user root 143.244.158.100 port 51910 [preauth]","@timestamp":"2022-09-12T11:49:24.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:51:11 honeypot-ams-1 sshd[12657]: Received disconnect from 143.244.158.100 port 50916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:51:12.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:53:43 honeypot-ams-1 sshd[12665]: Invalid user User from 179.60.147.69 port 40070","@timestamp":"2022-09-12T11:53:44.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:55:29 honeypot-ams-1 sshd[12673]: Received disconnect from 143.244.158.100 port 55332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:55:30.269Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:55:54 honeypot-fra-1 sshd[2837]: Disconnected from invalid user ys 178.62.90.145 port 55236 [preauth]","@timestamp":"2022-09-12T11:55:55.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:57:09 honeypot-ams-1 sshd[12680]: Received disconnect from 143.244.158.100 port 59012:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:57:10.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:59:47 honeypot-ams-1 sshd[12690]: Received disconnect from 143.244.158.100 port 34406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:59:47.382Z"}
{"@timestamp":"2022-09-12T12:00:15.453Z","@version":"1","message":"Sep 12 12:00:14 honeypot-sgp-1 sshd[8002]: Received disconnect from 92.255.85.69 port 45050:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:00:41 honeypot-fra-1 sshd[2843]: Invalid user userPgNU2xE52xM52xE5PM__wasadmin from 193.106.191.157 port 53478","@timestamp":"2022-09-12T12:00:42.521Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:01:25 honeypot-ams-1 sshd[12695]: Received disconnect from 143.244.158.100 port 41802:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:01:25.429Z"}
{"@timestamp":"2022-09-12T12:02:14.506Z","@version":"1","message":"Sep 12 12:02:14 honeypot-sgp-1 kernel: [83860245.896479] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=9843 DF PROTO=TCP SPT=45558 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:02:53 honeypot-fra-1 sshd[2848]: Disconnected from authenticating user root 92.255.85.70 port 22272 [preauth]","@timestamp":"2022-09-12T12:02:54.575Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:03:05 honeypot-ams-1 sshd[12699]: Received disconnect from 143.244.158.100 port 47368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:03:05.477Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:04:38 honeypot-fra-1 kernel: [83858704.987728] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=13003 DF PROTO=TCP SPT=54052 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:04:38.618Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:05:41 honeypot-ams-1 sshd[12705]: Received disconnect from 143.244.158.100 port 35426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:05:42.546Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:07:31 honeypot-ams-1 sshd[12714]: Received disconnect from 143.244.158.100 port 45326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:07:31.597Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:08:08 honeypot-ams-1 kernel: [83861073.467068] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57143 DF PROTO=TCP SPT=51402 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:08:09.618Z"}
{"@timestamp":"2022-09-12T12:08:55.672Z","@version":"1","message":"Sep 12 12:08:55 honeypot-sgp-1 kernel: [83860647.206629] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41576 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:09:10 honeypot-ams-1 sshd[12720]: Disconnected from authenticating user root 143.244.158.100 port 33944 [preauth]","@timestamp":"2022-09-12T12:09:11.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:11:05 honeypot-ams-1 sshd[12726]: Disconnected from authenticating user root 143.244.158.100 port 39996 [preauth]","@timestamp":"2022-09-12T12:11:06.699Z"}
{"@timestamp":"2022-09-12T12:13:28.787Z","@version":"1","message":"Sep 12 12:13:28 honeypot-sgp-1 kernel: [83860920.229597] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=59698 PROTO=TCP SPT=44004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:13:42 honeypot-ams-1 sshd[12734]: Received disconnect from 143.244.158.100 port 59702:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:13:42.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:15:25 honeypot-ams-1 sshd[12740]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-12T12:15:25.817Z"}
{"@timestamp":"2022-09-12T12:16:03.851Z","@version":"1","message":"Sep 12 12:16:03 honeypot-sgp-1 sshd[8013]: Disconnected from invalid user monitor 45.119.85.97 port 54308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:17:00 honeypot-ams-1 sshd[12745]: Disconnected from authenticating user root 143.244.158.100 port 39772 [preauth]","@timestamp":"2022-09-12T12:17:00.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:17:50 honeypot-ams-1 sshd[12753]: Disconnected from authenticating user root 143.244.158.100 port 51082 [preauth]","@timestamp":"2022-09-12T12:17:50.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:46 honeypot-fra-1 sshd[2856]: Invalid user user from 45.61.186.49 port 40658","@timestamp":"2022-09-12T12:18:46.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:55 honeypot-fra-1 sshd[2860]: Invalid user user from 45.61.186.49 port 52374","@timestamp":"2022-09-12T12:18:55.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:19:36 honeypot-fra-1 kernel: [83859603.825708] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.56.83.212 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=52425 PROTO=TCP SPT=40211 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:19:36.963Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:20:25 honeypot-ams-1 sshd[12759]: Disconnected from authenticating user root 143.244.158.100 port 60988 [preauth]","@timestamp":"2022-09-12T12:20:25.954Z"}
{"@timestamp":"2022-09-12T12:23:35.037Z","@version":"1","message":"Sep 12 12:23:34 honeypot-sgp-1 sshd[8021]: Disconnected from authenticating user root 92.255.85.69 port 49594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:25:21 honeypot-ams-1 kernel: [83862106.547860] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.213.149.103 DST=178.62.254.91 LEN=56 TOS=0x18 PREC=0x20 TTL=106 ID=5423 DF PROTO=TCP SPT=53322 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:25:22.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:25:35 honeypot-fra-1 sshd[2867]: Invalid user kfserver from 165.22.45.108 port 33794","@timestamp":"2022-09-12T12:25:36.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:27:37 honeypot-fra-1 sshd[2871]: Disconnected from authenticating user root 178.62.199.240 port 37448 [preauth]","@timestamp":"2022-09-12T12:27:38.150Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:29:16 honeypot-ams-1 sshd[12772]: Received disconnect from 92.255.85.69 port 44578:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:29:17.196Z"}
{"@timestamp":"2022-09-12T12:39:51.427Z","@version":"1","message":"Sep 12 12:39:51 honeypot-sgp-1 sshd[8030]: Invalid user admin from 183.107.195.8 port 59010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:41:09 honeypot-ams-1 sshd[12783]: Did not receive identification string from 45.61.184.204 port 34252","@timestamp":"2022-09-12T12:41:10.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:41:51 honeypot-ams-1 sshd[12786]: Disconnected from invalid user user 45.61.184.204 port 43372 [preauth]","@timestamp":"2022-09-12T12:41:51.519Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:12 honeypot-ams-1 sshd[12790]: Disconnected from invalid user user 45.61.184.204 port 39754 [preauth]","@timestamp":"2022-09-12T12:42:12.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:30 honeypot-ams-1 sshd[12794]: Disconnected from invalid user user 45.61.184.204 port 36130 [preauth]","@timestamp":"2022-09-12T12:42:31.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:45:19 honeypot-fra-1 kernel: [83861146.863365] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=32452 DF PROTO=TCP SPT=38537 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:45:20.559Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T12:47:18.613Z","@version":"1","message":"Sep 12 12:47:18 honeypot-sgp-1 kernel: [83862949.684287] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=43824 DF PROTO=TCP SPT=60127 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:39 honeypot-fra-1 sshd[2890]: Connection closed by invalid user admin 52.66.15.94 port 52372 [preauth]","@timestamp":"2022-09-12T12:47:39.616Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2898]: Connection closed by invalid user testuser 52.66.15.94 port 52476 [preauth]","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:48:30 honeypot-ams-1 sshd[12803]: Received disconnect from 185.65.245.217 port 34852:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:48:31.695Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:50:07 honeypot-ams-1 kernel: [83863592.523938] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=64608 DF PROTO=TCP SPT=61381 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T12:50:08.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:50:14 honeypot-fra-1 sshd[2904]: Received disconnect from 92.255.85.69 port 21590:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:50:14.677Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:51:19.716Z","@version":"1","message":"Sep 12 12:51:19 honeypot-sgp-1 kernel: [83863191.053335] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=2905 PROTO=TCP SPT=46444 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:53:05 honeypot-ams-1 sshd[12810]: Invalid user calice from 189.142.109.122 port 44100","@timestamp":"2022-09-12T12:53:05.824Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:54:07 honeypot-fra-1 kernel: [83861674.491889] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.34.56.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=54668 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:54:07.768Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:57:26 honeypot-ams-1 kernel: [83864031.240765] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=13679 DF PROTO=TCP SPT=65307 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T12:57:26.939Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:58:32 honeypot-fra-1 sshd[2916]: Invalid user ec2-user from 165.22.60.176 port 57258","@timestamp":"2022-09-12T12:58:32.873Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:03:44 honeypot-ams-1 kernel: [83864408.727003] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=56551 DF PROTO=TCP SPT=56890 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T13:03:44.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:12 honeypot-fra-1 sshd[2921]: Did not receive identification string from 45.61.186.169 port 51874","@timestamp":"2022-09-12T13:05:13.026Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:37 honeypot-fra-1 sshd[2924]: Disconnected from invalid user user 45.61.186.169 port 53004 [preauth]","@timestamp":"2022-09-12T13:05:38.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:56 honeypot-fra-1 sshd[2930]: Invalid user user from 45.61.186.169 port 48084","@timestamp":"2022-09-12T13:05:57.046Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:12 honeypot-fra-1 sshd[2934]: Invalid user user from 45.61.186.169 port 43166","@timestamp":"2022-09-12T13:06:13.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:28 honeypot-fra-1 sshd[2938]: Invalid user user from 45.61.186.169 port 38248","@timestamp":"2022-09-12T13:06:29.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:47 honeypot-fra-1 sshd[2944]: Received disconnect from 45.61.184.204 port 46884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:09:47.142Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:56 honeypot-fra-1 sshd[2946]: Disconnected from invalid user user 45.61.184.204 port 58712 [preauth]","@timestamp":"2022-09-12T13:09:57.147Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:14 honeypot-fra-1 sshd[2951]: Disconnected from invalid user user 45.61.184.204 port 54126 [preauth]","@timestamp":"2022-09-12T13:10:15.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:32 honeypot-fra-1 sshd[2955]: Disconnected from invalid user user 45.61.184.204 port 49530 [preauth]","@timestamp":"2022-09-12T13:10:33.165Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:10:38.214Z","@version":"1","message":"Sep 12 13:10:37 honeypot-sgp-1 kernel: [83864348.813078] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.195.240 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46547 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:10:44 honeypot-ams-1 kernel: [83864829.207688] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50288 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:10:45.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:14:20 honeypot-fra-1 sshd[2959]: Received disconnect from 92.255.85.70 port 27056:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:14:20.252Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:16:15 honeypot-ams-1 sshd[12841]: Disconnected from authenticating user root 92.255.85.70 port 43010 [preauth]","@timestamp":"2022-09-12T13:16:16.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:17:01 honeypot-fra-1 CRON[2964]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T13:17:01.316Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:17:01.372Z","@version":"1","message":"Sep 12 13:17:01 honeypot-sgp-1 CRON[8050]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:17:57.397Z","@version":"1","message":"Sep 12 13:17:57 honeypot-sgp-1 kernel: [83864788.662657] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=52875 PROTO=TCP SPT=42299 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:13.406Z","@version":"1","message":"Sep 12 13:18:13 honeypot-sgp-1 sshd[8058]: Disconnected from invalid user user 45.61.184.204 port 43240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:32.415Z","@version":"1","message":"Sep 12 13:18:31 honeypot-sgp-1 sshd[8062]: Received disconnect from 45.61.184.204 port 38100:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:41.420Z","@version":"1","message":"Sep 12 13:18:41 honeypot-sgp-1 sshd[8064]: Disconnected from invalid user user 45.61.184.204 port 49660 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:19:10 honeypot-fra-1 kernel: [83863177.139253] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.3.26.226 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=7694 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:19:10.369Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:20:54 honeypot-fra-1 sshd[2971]: Received disconnect from 167.99.220.160 port 52350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:20:54.411Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:27:13.625Z","@version":"1","message":"Sep 12 13:27:12 honeypot-sgp-1 sshd[8071]: Invalid user oracle from 177.55.100.134 port 43788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:28:25.656Z","@version":"1","message":"Sep 12 13:28:25 honeypot-sgp-1 sshd[8075]: Disconnected from authenticating user root 157.245.122.58 port 56698 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:28:52 honeypot-fra-1 sshd[2978]: Received disconnect from 140.86.39.162 port 11559:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:28:53.592Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:29:02 honeypot-ams-1 kernel: [83865927.334142] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.79.246.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=7066 PROTO=TCP SPT=40546 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:29:02.753Z"}
{"@timestamp":"2022-09-12T13:30:17.702Z","@version":"1","message":"Sep 12 13:30:17 honeypot-sgp-1 sshd[8079]: Disconnected from invalid user tenancy 157.245.122.58 port 55538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:31:12.728Z","@version":"1","message":"Sep 12 13:31:11 honeypot-sgp-1 sshd[8082]: Disconnected from invalid user data.user 157.245.122.58 port 40848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:24 honeypot-fra-1 sshd[2983]: Invalid user user from 45.61.184.204 port 56128","@timestamp":"2022-09-12T13:31:25.650Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:43 honeypot-fra-1 sshd[2987]: Invalid user user from 45.61.184.204 port 51406","@timestamp":"2022-09-12T13:31:44.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:32:00 honeypot-fra-1 sshd[2991]: Invalid user user from 45.61.184.204 port 46674","@timestamp":"2022-09-12T13:32:00.667Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:32:56.777Z","@version":"1","message":"Sep 12 13:32:56 honeypot-sgp-1 sshd[8088]: Invalid user jonitiso from 157.245.122.58 port 39678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:33:26 honeypot-fra-1 sshd[2996]: Invalid user guest from 58.240.113.63 port 43918","@timestamp":"2022-09-12T13:33:26.702Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:33:47.800Z","@version":"1","message":"Sep 12 13:33:47 honeypot-sgp-1 sshd[8092]: Invalid user cypress from 157.245.122.58 port 53216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:36:38 honeypot-ams-1 sshd[12864]: Invalid user  from 118.193.59.5 port 42596","@timestamp":"2022-09-12T13:36:38.952Z"}
{"@timestamp":"2022-09-12T13:36:51.877Z","@version":"1","message":"Sep 12 13:36:51 honeypot-sgp-1 sshd[8097]: Disconnected from authenticating user root 43.153.54.89 port 49590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:37:50.906Z","@version":"1","message":"Sep 12 13:37:49 honeypot-sgp-1 sshd[8102]: Invalid user user from 45.61.186.249 port 52596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:37:50 honeypot-fra-1 sshd[3000]: Received disconnect from 92.255.85.69 port 23340:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:37:51.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:37:56 honeypot-ams-1 sshd[12868]: Bad protocol version identification 'GET / HTTP/1.1' from 197.55.135.128 port 36937","@timestamp":"2022-09-12T13:37:56.988Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:05 honeypot-fra-1 sshd[3005]: Invalid user user from 141.255.162.226 port 51740","@timestamp":"2022-09-12T13:38:05.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:08 honeypot-fra-1 sshd[3009]: Invalid user user from 141.255.162.226 port 44294","@timestamp":"2022-09-12T13:38:08.812Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:08.915Z","@version":"1","message":"Sep 12 13:38:08 honeypot-sgp-1 sshd[8106]: Invalid user user from 45.61.186.249 port 47662","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:12 honeypot-fra-1 sshd[3013]: Invalid user user from 141.255.162.226 port 58668","@timestamp":"2022-09-12T13:38:12.814Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:25.923Z","@version":"1","message":"Sep 12 13:38:25 honeypot-sgp-1 sshd[8110]: Invalid user user from 45.61.186.249 port 42734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:39:37 honeypot-ams-1 kernel: [83866561.720539] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=697 DF PROTO=TCP SPT=53611 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T13:39:38.036Z"}
{"@timestamp":"2022-09-12T13:39:52.961Z","@version":"1","message":"Sep 12 13:39:52 honeypot-sgp-1 kernel: [83866104.338901] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=61240 DF PROTO=TCP SPT=58318 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:40:44 honeypot-ams-1 sshd[12878]: Disconnected from authenticating user root 188.38.99.232 port 34082 [preauth]","@timestamp":"2022-09-12T13:40:45.071Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:43:08 honeypot-fra-1 sshd[3016]: Connection closed by invalid user User 179.60.147.69 port 46772 [preauth]","@timestamp":"2022-09-12T13:43:08.937Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:43:39.058Z","@version":"1","message":"Sep 12 13:43:38 honeypot-sgp-1 kernel: [83866330.023175] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=15483 DF PROTO=TCP SPT=58628 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:15 honeypot-ams-1 sshd[12886]: Received disconnect from 141.255.162.226 port 58738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:46:16.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:18 honeypot-ams-1 sshd[12890]: Received disconnect from 141.255.162.226 port 44746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:46:18.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:19 honeypot-ams-1 sshd[12894]: Received disconnect from 141.255.162.226 port 58988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:46:20.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:49:24 honeypot-fra-1 sshd[3023]: Invalid user volmer from 198.23.148.137 port 33870","@timestamp":"2022-09-12T13:49:25.081Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:50:39 honeypot-ams-1 kernel: [83867223.746820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.40.45.248 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=47380 PROTO=TCP SPT=22502 DPT=80 WINDOW=48065 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:50:39.340Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:51:33 honeypot-fra-1 kernel: [83865120.547740] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=108.53.152.118 DST=165.22.82.222 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=40746 DF PROTO=TCP SPT=41988 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:51:34.132Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:57:37 honeypot-ams-1 sshd[12904]: Received disconnect from 61.177.173.39 port 61949:11:  [preauth]","@timestamp":"2022-09-12T13:57:37.524Z"}
{"@timestamp":"2022-09-12T13:58:36.425Z","@version":"1","message":"Sep 12 13:58:36 honeypot-sgp-1 sshd[8120]: Disconnected from authenticating user root 92.255.85.69 port 40090 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:00:36 honeypot-fra-1 sshd[3031]: Connection closed by invalid user admin 141.98.10.158 port 35492 [preauth]","@timestamp":"2022-09-12T14:00:37.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:04:00 honeypot-ams-1 sshd[12911]: Disconnected from authenticating user root 92.255.85.70 port 33658 [preauth]","@timestamp":"2022-09-12T14:04:00.687Z"}
{"@timestamp":"2022-09-12T14:04:53.582Z","@version":"1","message":"Sep 12 14:04:53 honeypot-sgp-1 sshd[8127]: Invalid user User from 179.60.147.69 port 58482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:09:22 honeypot-ams-1 kernel: [83868346.990925] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.219.89.138 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=16307 DF PROTO=TCP SPT=58356 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:09:22.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:09:56 honeypot-fra-1 kernel: [83866223.054518] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=201.190.194.66 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=15533 PROTO=TCP SPT=53667 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:09:56.546Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:11:12 honeypot-ams-1 sshd[12924]: Disconnected from authenticating user root 104.248.138.141 port 39246 [preauth]","@timestamp":"2022-09-12T14:11:12.884Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:13:53 honeypot-fra-1 sshd[3043]: Connection closed by authenticating user root 103.188.176.251 port 50684 [preauth]","@timestamp":"2022-09-12T14:13:53.654Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:14:21.815Z","@version":"1","message":"Sep 12 14:14:20 honeypot-sgp-1 kernel: [83868172.366974] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=109 ID=38999 DF PROTO=TCP SPT=50803 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:20:25 honeypot-ams-1 sshd[12934]: Disconnected from authenticating user root 61.177.173.35 port 63819 [preauth]","@timestamp":"2022-09-12T14:20:26.116Z"}
{"@timestamp":"2022-09-12T14:22:05.014Z","@version":"1","message":"Sep 12 14:22:04 honeypot-sgp-1 sshd[8137]: Received disconnect from 92.255.85.69 port 27780:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:24:47 honeypot-fra-1 sshd[3053]: Received disconnect from 92.255.85.69 port 20284:11: Bye Bye [preauth]","@timestamp":"2022-09-12T14:24:47.899Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:30:45 honeypot-ams-1 sshd[12946]: Invalid user admin from 193.106.191.157 port 53734","@timestamp":"2022-09-12T14:30:46.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:32:01 honeypot-ams-1 sshd[12948]: Disconnected from authenticating user root 61.177.173.47 port 12112 [preauth]","@timestamp":"2022-09-12T14:32:01.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:38:04 honeypot-fra-1 kernel: [83867910.872237] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=823 PROTO=TCP SPT=53157 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:38:05.195Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T14:40:16.478Z","@version":"1","message":"Sep 12 14:40:16 honeypot-sgp-1 kernel: [83869727.829563] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.7 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48386 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:41:19 honeypot-ams-1 kernel: [83870264.198344] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=36552 PROTO=TCP SPT=53457 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:41:19.709Z"}
{"@timestamp":"2022-09-12T14:42:56.549Z","@version":"1","message":"Sep 12 14:42:56 honeypot-sgp-1 sshd[8150]: Disconnected from invalid user user 45.61.187.160 port 56070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:04 honeypot-fra-1 sshd[3062]: Disconnected from invalid user user 45.61.187.160 port 39708 [preauth]","@timestamp":"2022-09-12T14:43:05.306Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:18.560Z","@version":"1","message":"Sep 12 14:43:18 honeypot-sgp-1 sshd[8154]: Disconnected from invalid user user 45.61.187.160 port 51116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:27 honeypot-fra-1 sshd[3066]: Disconnected from invalid user user 45.61.187.160 port 34752 [preauth]","@timestamp":"2022-09-12T14:43:27.318Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:40.571Z","@version":"1","message":"Sep 12 14:43:39 honeypot-sgp-1 sshd[8159]: Disconnected from invalid user user 45.61.187.160 port 46156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:48 honeypot-fra-1 sshd[3070]: Disconnected from invalid user user 45.61.187.160 port 58050 [preauth]","@timestamp":"2022-09-12T14:43:48.327Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:44:00.581Z","@version":"1","message":"Sep 12 14:44:00 honeypot-sgp-1 sshd[8164]: Disconnected from invalid user user 45.61.187.160 port 41200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:44:10 honeypot-fra-1 sshd[3074]: Disconnected from invalid user user 45.61.187.160 port 53068 [preauth]","@timestamp":"2022-09-12T14:44:10.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:47:51 honeypot-ams-1 sshd[12960]: Invalid user guest from 1.180.228.194 port 42296","@timestamp":"2022-09-12T14:47:51.888Z"}
{"@timestamp":"2022-09-12T14:49:06.711Z","@version":"1","message":"Sep 12 14:49:06 honeypot-sgp-1 sshd[8171]: Received disconnect from 129.226.178.235 port 54148:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:50:20.746Z","@version":"1","message":"Sep 12 14:50:20 honeypot-sgp-1 sshd[8175]: Disconnected from invalid user ftpuser 89.97.218.142 port 39006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:54:45 honeypot-fra-1 sshd[3081]: Invalid user User from 179.60.147.69 port 57488","@timestamp":"2022-09-12T14:54:45.571Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:57:59.940Z","@version":"1","message":"Sep 12 14:57:59 honeypot-sgp-1 sshd[8181]: Invalid user user from 45.61.186.49 port 50306","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:11.946Z","@version":"1","message":"Sep 12 14:58:11 honeypot-sgp-1 sshd[8185]: Invalid user user from 45.61.186.49 port 33858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:59:38.984Z","@version":"1","message":"Sep 12 14:59:38 honeypot-sgp-1 kernel: [83870889.728900] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.232.45.241 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26867 PROTO=TCP SPT=53299 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:00:13 honeypot-ams-1 kernel: [83871398.159609] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.146.71 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=43 ID=57479 PROTO=TCP SPT=45547 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:00:14.205Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:07:19 honeypot-fra-1 kernel: [83869665.800789] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23390 PROTO=TCP SPT=54803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:07:19.866Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T15:08:11.202Z","@version":"1","message":"Sep 12 15:08:10 honeypot-sgp-1 sshd[8192]: Invalid user admin from 138.201.20.212 port 16636","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T15:10:30.282Z","@version":"1","message":"Sep 12 15:10:29 honeypot-sgp-1 kernel: [83871540.705736] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=38133 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:13:11 honeypot-ams-1 kernel: [83872175.830102] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.125 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54997 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:13:11.533Z"}
{"@timestamp":"2022-09-12T15:13:46.369Z","@version":"1","message":"Sep 12 15:13:45 honeypot-sgp-1 sshd[8199]: Disconnected from invalid user bt 62.202.41.155 port 50118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:33 honeypot-ams-1 sshd[12984]: Invalid user user from 45.61.187.160 port 42614","@timestamp":"2022-09-12T15:15:33.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:55 honeypot-ams-1 sshd[12988]: Received disconnect from 61.177.172.19 port 18413:11:  [preauth]","@timestamp":"2022-09-12T15:15:55.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:08 honeypot-ams-1 sshd[12992]: Received disconnect from 45.61.187.160 port 48736:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:16:08.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:26 honeypot-ams-1 sshd[12996]: Received disconnect from 45.61.187.160 port 43466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:16:27.626Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:17:01 honeypot-ams-1 CRON[13000]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T15:17:01.642Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:17:01 honeypot-fra-1 CRON[3090]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T15:17:02.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:19:01.507Z","@version":"1","message":"Sep 12 15:19:01 honeypot-sgp-1 sshd[8205]: Connection closed by invalid user User 179.60.147.69 port 36446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:23:13 honeypot-ams-1 kernel: [83872778.529201] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=165.227.211.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64508 PROTO=TCP SPT=61953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:23:14.806Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:26:56 honeypot-fra-1 sshd[3099]: Did not receive identification string from 198.98.61.9 port 38770","@timestamp":"2022-09-12T15:26:56.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:29 honeypot-fra-1 sshd[3102]: Received disconnect from 198.98.61.9 port 37642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:27:30.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:46 honeypot-fra-1 sshd[3106]: Received disconnect from 198.98.61.9 port 32806:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:27:47.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:28:08 honeypot-fra-1 sshd[3110]: Invalid user user from 198.98.61.9 port 56202","@timestamp":"2022-09-12T15:28:08.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:30:03 honeypot-fra-1 sshd[3115]: Connection closed by authenticating user mail 193.106.191.157 port 43948 [preauth]","@timestamp":"2022-09-12T15:30:04.417Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:31:47.821Z","@version":"1","message":"Sep 12 15:31:46 honeypot-sgp-1 sshd[8649]: Received disconnect from 92.255.85.69 port 39196:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:34:56 honeypot-fra-1 sshd[3120]: Received disconnect from 92.255.85.69 port 18618:11: Bye Bye [preauth]","@timestamp":"2022-09-12T15:34:56.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:35:46 honeypot-ams-1 kernel: [83873530.841840] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.11 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=49616 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:35:47.130Z"}
{"@timestamp":"2022-09-12T15:36:36.939Z","@version":"1","message":"Sep 12 15:36:36 honeypot-sgp-1 sshd[8654]: Received disconnect from 92.205.18.60 port 41176:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:45 honeypot-fra-1 sshd[3126]: Invalid user user from 45.61.186.49 port 39584","@timestamp":"2022-09-12T15:36:46.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:56 honeypot-fra-1 sshd[3130]: Invalid user user from 45.61.186.49 port 50994","@timestamp":"2022-09-12T15:36:56.584Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:06 honeypot-ams-1 sshd[13024]: Disconnected from invalid user user 45.61.184.204 port 49262 [preauth]","@timestamp":"2022-09-12T15:37:06.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:26 honeypot-ams-1 sshd[13028]: Disconnected from invalid user user 45.61.184.204 port 44980 [preauth]","@timestamp":"2022-09-12T15:37:26.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:44 honeypot-ams-1 sshd[13032]: Disconnected from invalid user user 45.61.184.204 port 40700 [preauth]","@timestamp":"2022-09-12T15:37:45.194Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:38:04 honeypot-ams-1 sshd[13039]: Received disconnect from 45.61.184.204 port 36412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:38:05.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:45:20 honeypot-ams-1 sshd[13046]: Did not receive identification string from 45.61.187.160 port 53730","@timestamp":"2022-09-12T15:45:21.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:45:56 honeypot-fra-1 sshd[3133]: Received disconnect from 218.146.103.48 port 52594:11: Bye Bye [preauth]","@timestamp":"2022-09-12T15:45:56.786Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:02 honeypot-ams-1 sshd[13051]: Invalid user user from 45.61.187.160 port 44644","@timestamp":"2022-09-12T15:46:02.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:21 honeypot-ams-1 sshd[13055]: Invalid user user from 45.61.187.160 port 39194","@timestamp":"2022-09-12T15:46:22.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:40 honeypot-ams-1 sshd[13059]: Invalid user user from 45.61.187.160 port 33784","@timestamp":"2022-09-12T15:46:41.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:47:56 honeypot-ams-1 sshd[13063]: Connection closed by authenticating user mail 193.106.191.157 port 33272 [preauth]","@timestamp":"2022-09-12T15:47:57.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:55:04 honeypot-ams-1 sshd[13070]: Received disconnect from 61.177.173.51 port 11720:11:  [preauth]","@timestamp":"2022-09-12T15:55:04.655Z"}
{"@timestamp":"2022-09-12T15:55:40.398Z","@version":"1","message":"Sep 12 15:55:40 honeypot-sgp-1 sshd[8661]: Received disconnect from 92.255.85.69 port 41380:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:56:36 honeypot-fra-1 sshd[3140]: Received disconnect from 203.223.191.206 port 54350:11: Bye Bye [preauth]","@timestamp":"2022-09-12T15:56:37.027Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:58:26 honeypot-fra-1 sshd[3145]: Disconnected from authenticating user root 92.255.85.70 port 55376 [preauth]","@timestamp":"2022-09-12T15:58:27.069Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:58:54.479Z","@version":"1","message":"Sep 12 15:58:53 honeypot-sgp-1 sshd[8665]: Disconnected from authenticating user root 157.245.218.29 port 51234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:00:31 honeypot-ams-1 sshd[13075]: Disconnected from authenticating user root 92.255.85.69 port 61222 [preauth]","@timestamp":"2022-09-12T16:00:31.798Z"}
{"@timestamp":"2022-09-12T16:06:53.677Z","@version":"1","message":"Sep 12 16:06:53 honeypot-sgp-1 sshd[8670]: Disconnected from invalid user autobacs 138.68.178.64 port 41352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:02 honeypot-fra-1 sshd[3162]: Invalid user ubuntu from 122.128.79.246 port 56390","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3172]: Invalid user chia from 122.128.79.246 port 56406","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3163]: Invalid user chia from 122.128.79.246 port 56320","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3176]: Invalid user web from 122.128.79.246 port 56404","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3166]: Invalid user centos from 122.128.79.246 port 56338","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3157]: Connection closed by invalid user vagrant 122.128.79.246 port 56326 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3160]: Connection closed by invalid user vagrant 122.128.79.246 port 56360 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3154]: Connection closed by invalid user web 122.128.79.246 port 56350 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3173]: Connection closed by invalid user hadoop 122.128.79.246 port 56328 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3181]: Connection closed by invalid user testuser 122.128.79.246 port 56398 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:59 honeypot-fra-1 sshd[3214]: Invalid user user from 45.61.186.49 port 59500","@timestamp":"2022-09-12T16:09:00.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:11 honeypot-fra-1 sshd[3218]: Invalid user user from 45.61.186.49 port 42910","@timestamp":"2022-09-12T16:09:11.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:11:57 honeypot-fra-1 kernel: [83873544.294601] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.229 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=30654 PROTO=TCP SPT=46929 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:11:58.378Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:12:16 honeypot-ams-1 sshd[13080]: Disconnected from authenticating user root 146.190.227.169 port 47168 [preauth]","@timestamp":"2022-09-12T16:12:17.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:17:01 honeypot-ams-1 CRON[13087]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T16:17:02.223Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:19:21 honeypot-fra-1 kernel: [83873988.337496] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=27016 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:19:22.561Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T16:19:30.009Z","@version":"1","message":"Sep 12 16:19:29 honeypot-sgp-1 sshd[8679]: Received disconnect from 114.204.218.154 port 35450:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:21:39 honeypot-fra-1 kernel: [83874125.516146] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.153 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51970 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:21:39.615Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T16:23:01.097Z","@version":"1","message":"Sep 12 16:23:01 honeypot-sgp-1 kernel: [83875892.415497] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.61 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40989 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:50 honeypot-fra-1 sshd[3236]: Did not receive identification string from 1.13.177.251 port 35528","@timestamp":"2022-09-12T16:23:50.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3239]: Invalid user oracle from 1.13.177.251 port 47678","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3253]: Invalid user testuser from 1.13.177.251 port 47660","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3251]: Invalid user admin from 1.13.177.251 port 47646","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3264]: Invalid user hadoop from 1.13.177.251 port 47700","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3239]: Connection closed by invalid user oracle 1.13.177.251 port 47678 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3249]: Connection closed by invalid user testuser 1.13.177.251 port 47618 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3254]: Connection closed by authenticating user root 1.13.177.251 port 47664 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3264]: Connection closed by invalid user hadoop 1.13.177.251 port 47700 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:25:05 honeypot-ams-1 kernel: [83876489.667867] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42688 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:25:05.430Z"}
{"@timestamp":"2022-09-12T16:27:19.203Z","@version":"1","message":"Sep 12 16:27:19 honeypot-sgp-1 kernel: [83876150.404522] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.238.241 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=59941 DF PROTO=TCP SPT=45924 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:31:28.335Z","@version":"1","message":"Sep 12 16:31:27 honeypot-sgp-1 kernel: [83876398.747849] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.196.63 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58828 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:32:12 honeypot-fra-1 sshd[3739]: Invalid user kimberly from 165.22.45.108 port 39932","@timestamp":"2022-09-12T16:32:12.853Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:33:49.394Z","@version":"1","message":"Sep 12 16:33:49 honeypot-sgp-1 sshd[8697]: Disconnected from authenticating user root 94.153.212.78 port 34938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:34:33 honeypot-ams-1 sshd[13097]: Connection closed by invalid user User 179.60.147.69 port 46576 [preauth]","@timestamp":"2022-09-12T16:34:33.672Z"}
{"@timestamp":"2022-09-12T16:36:52.472Z","@version":"1","message":"Sep 12 16:36:51 honeypot-sgp-1 sshd[8703]: Received disconnect from 51.83.131.123 port 42010:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:38:19 honeypot-fra-1 sshd[3744]: Disconnected from authenticating user root 202.157.184.138 port 37978 [preauth]","@timestamp":"2022-09-12T16:38:19.987Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:40:39.564Z","@version":"1","message":"Sep 12 16:40:39 honeypot-sgp-1 kernel: [83876950.822443] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=16169 PROTO=TCP SPT=40543 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:43:03.623Z","@version":"1","message":"Sep 12 16:43:02 honeypot-sgp-1 sshd[8714]: Received disconnect from 92.255.85.70 port 16414:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:45:36 honeypot-fra-1 sshd[3750]: Disconnected from authenticating user root 92.255.85.69 port 48296 [preauth]","@timestamp":"2022-09-12T16:45:37.150Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:47:31 honeypot-ams-1 kernel: [83877835.711075] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.80.143.152 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=11009 PROTO=TCP SPT=11000 DPT=443 WINDOW=36544 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:47:32.005Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:48:45 honeypot-ams-1 kernel: [83877910.385611] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.112.167.89 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=3996 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:48:46.040Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:48:59 honeypot-fra-1 sshd[3759]: Connection closed by invalid user  64.62.197.197 port 52304 [preauth]","@timestamp":"2022-09-12T16:49:00.254Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:50:30 honeypot-ams-1 sshd[13111]: Received disconnect from 211.253.10.96 port 42643:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:50:31.094Z"}
{"@timestamp":"2022-09-12T16:50:45.827Z","@version":"1","message":"Sep 12 16:50:45 honeypot-sgp-1 kernel: [83877557.018540] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.111 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42192 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:18 honeypot-ams-1 sshd[13113]: Disconnected from invalid user x 96.78.175.36 port 39536 [preauth]","@timestamp":"2022-09-12T16:51:19.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:51:49 honeypot-fra-1 sshd[3765]: Received disconnect from 128.199.124.131 port 60428:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:51:50.320Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:52:06 honeypot-ams-1 sshd[13121]: Received disconnect from 34.75.26.147 port 35158:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:52:07.140Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:53:23 honeypot-fra-1 sshd[3769]: Received disconnect from 138.68.17.3 port 40698:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:53:24.358Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:54:47 honeypot-ams-1 sshd[13126]: Received disconnect from 185.231.245.42 port 36674:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:54:48.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:55:07 honeypot-fra-1 sshd[3775]: Received disconnect from 165.154.46.18 port 18670:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:55:08.400Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:56:02 honeypot-ams-1 kernel: [83878346.701176] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.96 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=21776 PROTO=TCP SPT=44915 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:56:02.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:57:47 honeypot-ams-1 sshd[13134]: Disconnected from invalid user oracle 220.117.14.191 port 64420 [preauth]","@timestamp":"2022-09-12T16:57:48.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:03:57 honeypot-ams-1 sshd[13141]: Received disconnect from 221.140.57.201 port 38969:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:03:57.454Z"}
{"@timestamp":"2022-09-12T17:05:19.178Z","@version":"1","message":"Sep 12 17:05:18 honeypot-sgp-1 sshd[8723]: Connection closed by invalid user User 179.60.147.69 port 40602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:07:45 honeypot-ams-1 sshd[13148]: Invalid user ftpuser from 190.226.244.9 port 39294","@timestamp":"2022-09-12T17:07:46.556Z"}
{"@timestamp":"2022-09-12T17:07:48.240Z","@version":"1","message":"Sep 12 17:07:47 honeypot-sgp-1 sshd[8729]: Disconnected from invalid user www 178.128.28.223 port 36554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:08:04 honeypot-ams-1 sshd[13152]: Connection closed by invalid user User 179.60.147.69 port 48816 [preauth]","@timestamp":"2022-09-12T17:08:04.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:08:47 honeypot-fra-1 sshd[3781]: Received disconnect from 92.255.85.69 port 47060:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:08:48.703Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:08:59.271Z","@version":"1","message":"Sep 12 17:08:59 honeypot-sgp-1 sshd[8733]: Received disconnect from 103.150.125.189 port 59034:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:10:01 honeypot-fra-1 kernel: [83877027.383546] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52347 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:10:01.735Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:11:45 honeypot-ams-1 sshd[13157]: Disconnected from authenticating user root 92.255.85.70 port 34346 [preauth]","@timestamp":"2022-09-12T17:11:45.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:15:51 honeypot-fra-1 sshd[3792]: Connection closed by 103.231.214.252 port 45823 [preauth]","@timestamp":"2022-09-12T17:15:51.868Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:17:01.464Z","@version":"1","message":"Sep 12 17:17:01 honeypot-sgp-1 CRON[8739]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:17:01 honeypot-ams-1 CRON[13162]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T17:17:01.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:17:25 honeypot-fra-1 sshd[3799]: Connection closed by 103.231.214.252 port 42525 [preauth]","@timestamp":"2022-09-12T17:17:25.907Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:20:40 honeypot-ams-1 sshd[13168]: Received disconnect from 112.65.128.90 port 42568:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:20:40.909Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:21:20 honeypot-fra-1 kernel: [83877706.437654] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.46 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=55857 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:21:20.998Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T17:22:19.594Z","@version":"1","message":"Sep 12 17:22:18 honeypot-sgp-1 sshd[8743]: Received disconnect from 20.91.221.85 port 48836:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:24:04 honeypot-ams-1 kernel: [83880029.171665] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.212.14 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46048 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:24:04.996Z"}
{"@timestamp":"2022-09-12T17:25:12.664Z","@version":"1","message":"Sep 12 17:25:11 honeypot-sgp-1 sshd[8748]: Received disconnect from 172.247.104.122 port 36852:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:25:50 honeypot-fra-1 sshd[3815]: Invalid user rails from 125.129.140.104 port 45997","@timestamp":"2022-09-12T17:25:50.103Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:27:07.713Z","@version":"1","message":"Sep 12 17:27:06 honeypot-sgp-1 kernel: [83879738.193653] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=169.228.66.212 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=35611 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:28:11 honeypot-fra-1 sshd[3820]: Received disconnect from 20.244.1.170 port 58752:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:28:12.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:29:00 honeypot-ams-1 sshd[13176]: Did not receive identification string from 128.199.96.88 port 61000","@timestamp":"2022-09-12T17:29:01.126Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:29:24 honeypot-fra-1 kernel: [83878191.168489] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=34851 PROTO=TCP SPT=45074 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:29:25.191Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T17:30:30.797Z","@version":"1","message":"Sep 12 17:30:29 honeypot-sgp-1 sshd[8757]: Disconnected from authenticating user root 43.134.197.174 port 33134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:30:39 honeypot-ams-1 sshd[13179]: Disconnected from invalid user ts3 202.4.119.45 port 56676 [preauth]","@timestamp":"2022-09-12T17:30:40.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:31:50 honeypot-ams-1 sshd[13181]: Disconnected from invalid user ichiuji 108.171.92.54 port 58606 [preauth]","@timestamp":"2022-09-12T17:31:50.202Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:32:11 honeypot-fra-1 sshd[3835]: Disconnected from 204.48.30.72 port 48862 [preauth]","@timestamp":"2022-09-12T17:32:12.256Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:32:47.854Z","@version":"1","message":"Sep 12 17:32:47 honeypot-sgp-1 sshd[8762]: Received disconnect from 198.98.61.9 port 55246:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:10.866Z","@version":"1","message":"Sep 12 17:33:09 honeypot-sgp-1 sshd[8766]: Received disconnect from 198.98.61.9 port 51372:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:33:13 honeypot-ams-1 sshd[13188]: Received disconnect from 173.201.188.226 port 57080:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:33:14.240Z"}
{"@timestamp":"2022-09-12T17:33:30.876Z","@version":"1","message":"Sep 12 17:33:29 honeypot-sgp-1 sshd[8770]: Received disconnect from 198.98.61.9 port 47538:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:33:55 honeypot-ams-1 kernel: [83880620.116385] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.145.86 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=1990 PROTO=TCP SPT=59053 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:33:56.262Z"}
{"@timestamp":"2022-09-12T17:35:37.930Z","@version":"1","message":"Sep 12 17:35:37 honeypot-sgp-1 kernel: [83880248.834373] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=20970 DF PROTO=TCP SPT=64518 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:36:16 honeypot-ams-1 sshd[13196]: Disconnected from invalid user admin 51.83.132.19 port 33402 [preauth]","@timestamp":"2022-09-12T17:36:16.325Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:37:47 honeypot-fra-1 sshd[3848]: Disconnected from authenticating user root 46.105.249.15 port 59526 [preauth]","@timestamp":"2022-09-12T17:37:47.384Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:38:15 honeypot-ams-1 sshd[13201]: Invalid user submartin from 203.98.76.172 port 57012","@timestamp":"2022-09-12T17:38:16.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:41:17 honeypot-ams-1 sshd[13207]: Disconnected from authenticating user root 2.36.249.18 port 36436 [preauth]","@timestamp":"2022-09-12T17:41:17.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:42:43 honeypot-fra-1 sshd[3858]: Disconnected from invalid user kimr 165.22.45.108 port 49558 [preauth]","@timestamp":"2022-09-12T17:42:43.498Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:44:05.134Z","@version":"1","message":"Sep 12 17:44:04 honeypot-sgp-1 sshd[8778]: Received disconnect from 103.240.110.130 port 44716:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:48:05 honeypot-fra-1 sshd[3869]: Received disconnect from 51.254.101.166 port 59025:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:48:05.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:49:00 honeypot-fra-1 sshd[3875]: Disconnected from authenticating user root 144.126.222.239 port 39932 [preauth]","@timestamp":"2022-09-12T17:49:00.644Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:50:10 honeypot-ams-1 sshd[13211]: Received disconnect from 165.227.118.41 port 52498:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:50:10.681Z"}
{"@timestamp":"2022-09-12T17:50:37.289Z","@version":"1","message":"Sep 12 17:50:36 honeypot-sgp-1 sshd[8785]: Received disconnect from 92.255.85.70 port 31532:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:53:00.348Z","@version":"1","message":"Sep 12 17:52:59 honeypot-sgp-1 sshd[8789]: Disconnected from authenticating user root 167.71.215.3 port 60716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:53:07 honeypot-fra-1 sshd[3884]: Disconnected from authenticating user root 139.59.255.59 port 50610 [preauth]","@timestamp":"2022-09-12T17:53:07.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:55:12 honeypot-fra-1 sshd[3892]: Received disconnect from 217.182.253.249 port 58362:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:55:12.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:09 honeypot-ams-1 sshd[13215]: Invalid user user from 45.61.184.204 port 48648","@timestamp":"2022-09-12T17:56:09.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:28 honeypot-ams-1 sshd[13219]: Invalid user user from 45.61.184.204 port 43802","@timestamp":"2022-09-12T17:56:28.849Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:56:42 honeypot-ams-1 kernel: [83881987.431478] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=18119 DF PROTO=TCP SPT=61575 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T17:56:43.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:49 honeypot-ams-1 sshd[13225]: Disconnected from authenticating user root 92.255.85.69 port 19412 [preauth]","@timestamp":"2022-09-12T17:56:49.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:57:03 honeypot-ams-1 sshd[13229]: Disconnected from invalid user user 45.61.184.204 port 34080 [preauth]","@timestamp":"2022-09-12T17:57:03.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:59:37 honeypot-fra-1 sshd[3899]: Connection closed by 103.231.214.252 port 37611 [preauth]","@timestamp":"2022-09-12T17:59:37.892Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:00:57.536Z","@version":"1","message":"Sep 12 18:00:57 honeypot-sgp-1 kernel: [83881768.457746] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59063 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:02:08 honeypot-fra-1 sshd[3903]: Received disconnect from 20.206.248.106 port 33584:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:02:08.953Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:03:52.609Z","@version":"1","message":"Sep 12 18:03:52 honeypot-sgp-1 sshd[8800]: Did not receive identification string from 45.61.184.204 port 32992","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:04:01 honeypot-ams-1 kernel: [83882425.712861] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=5651 DF PROTO=TCP SPT=49836 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T18:04:02.069Z"}
{"@timestamp":"2022-09-12T18:04:33.628Z","@version":"1","message":"Sep 12 18:04:32 honeypot-sgp-1 sshd[8804]: Disconnected from invalid user user 45.61.184.204 port 47610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:04:53.637Z","@version":"1","message":"Sep 12 18:04:52 honeypot-sgp-1 sshd[8808]: Disconnected from invalid user user 45.61.184.204 port 42720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:00 honeypot-ams-1 sshd[13248]: Disconnected from authenticating user root 188.250.234.67 port 36147 [preauth]","@timestamp":"2022-09-12T18:05:01.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:01 honeypot-ams-1 sshd[13254]: Received disconnect from 188.250.234.67 port 36216:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:02.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:03 honeypot-ams-1 sshd[13260]: Received disconnect from 188.250.234.67 port 36281:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:03.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:04 honeypot-ams-1 sshd[13266]: Received disconnect from 188.250.234.67 port 36324:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:05.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:05 honeypot-ams-1 sshd[13272]: Received disconnect from 188.250.234.67 port 36364:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:06.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:06 honeypot-ams-1 sshd[13278]: Received disconnect from 188.250.234.67 port 36400:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:07.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:08 honeypot-ams-1 sshd[13284]: Received disconnect from 188.250.234.67 port 36445:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:09.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:09 honeypot-ams-1 sshd[13290]: Received disconnect from 188.250.234.67 port 36482:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:10.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:10 honeypot-ams-1 sshd[13296]: Received disconnect from 188.250.234.67 port 36533:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:11.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:12 honeypot-ams-1 sshd[13302]: Received disconnect from 188.250.234.67 port 36605:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:12.107Z"}
{"@timestamp":"2022-09-12T18:05:12.647Z","@version":"1","message":"Sep 12 18:05:12 honeypot-sgp-1 sshd[8812]: Disconnected from invalid user user 45.61.184.204 port 37838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:13 honeypot-ams-1 sshd[13308]: Received disconnect from 188.250.234.67 port 36653:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:14.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:14 honeypot-ams-1 sshd[13314]: Received disconnect from 188.250.234.67 port 36701:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:15.109Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:15 honeypot-ams-1 sshd[13318]: Disconnected from invalid user admin 188.250.234.67 port 36727 [preauth]","@timestamp":"2022-09-12T18:05:16.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:16 honeypot-ams-1 sshd[13322]: Disconnected from invalid user admin 188.250.234.67 port 36751 [preauth]","@timestamp":"2022-09-12T18:05:17.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:17 honeypot-ams-1 sshd[13326]: Disconnected from invalid user admin 188.250.234.67 port 36780 [preauth]","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:18 honeypot-ams-1 sshd[13330]: Disconnected from invalid user admin 188.250.234.67 port 36799 [preauth]","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:18 honeypot-ams-1 sshd[13334]: Disconnected from invalid user admin 188.250.234.67 port 36818 [preauth]","@timestamp":"2022-09-12T18:05:19.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:19 honeypot-ams-1 sshd[13338]: Disconnected from invalid user user 188.250.234.67 port 36849 [preauth]","@timestamp":"2022-09-12T18:05:20.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:21 honeypot-ams-1 sshd[13344]: Received disconnect from 188.250.234.67 port 36904:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:21.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:21 honeypot-ams-1 sshd[13348]: Received disconnect from 188.250.234.67 port 36952:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:22.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:22 honeypot-ams-1 sshd[13353]: Received disconnect from 188.250.234.67 port 36990:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:23.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:23 honeypot-ams-1 sshd[13357]: Received disconnect from 188.250.234.67 port 37016:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:24 honeypot-ams-1 sshd[13361]: Received disconnect from 188.250.234.67 port 37040:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:25.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:25 honeypot-ams-1 sshd[13365]: Received disconnect from 188.250.234.67 port 37063:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:26.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:26 honeypot-ams-1 sshd[13369]: Received disconnect from 188.250.234.67 port 37081:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:27 honeypot-ams-1 sshd[13373]: Received disconnect from 188.250.234.67 port 37098:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:27 honeypot-ams-1 sshd[13377]: Received disconnect from 188.250.234.67 port 37121:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:28.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:28 honeypot-ams-1 sshd[13381]: Received disconnect from 188.250.234.67 port 37140:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:29.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:29 honeypot-ams-1 sshd[13385]: Received disconnect from 188.250.234.67 port 37156:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:30.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:05:53 honeypot-fra-1 sshd[3912]: Connection closed by 103.231.214.252 port 54611 [preauth]","@timestamp":"2022-09-12T18:05:54.041Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:06:11.676Z","@version":"1","message":"Sep 12 18:06:10 honeypot-sgp-1 sshd[8816]: Received disconnect from 62.204.41.222 port 36273:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:07:08.704Z","@version":"1","message":"Sep 12 18:07:08 honeypot-sgp-1 kernel: [83882139.472697] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.238.241 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=33599 DF PROTO=TCP SPT=48454 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:08:24 honeypot-ams-1 sshd[13390]: Invalid user oracle from 211.125.67.35 port 43416","@timestamp":"2022-09-12T18:08:24.213Z"}
{"@timestamp":"2022-09-12T18:10:04.780Z","@version":"1","message":"Sep 12 18:10:04 honeypot-sgp-1 sshd[8825]: Received disconnect from 91.240.118.222 port 38279:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:10:35 honeypot-fra-1 sshd[3919]: Connection closed by 103.231.214.252 port 48622 [preauth]","@timestamp":"2022-09-12T18:10:35.151Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:11:00.806Z","@version":"1","message":"Sep 12 18:11:00 honeypot-sgp-1 sshd[8828]: Disconnected from authenticating user root 188.233.97.32 port 44710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:11:09 honeypot-ams-1 kernel: [83882854.192084] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.156.91.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=14028 PROTO=TCP SPT=45507 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:11:10.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:11:53 honeypot-ams-1 sshd[13397]: Received disconnect from 45.61.186.169 port 39514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:11:54.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:11 honeypot-ams-1 sshd[13401]: Received disconnect from 45.61.186.169 port 34424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:12:12.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:20 honeypot-ams-1 sshd[13403]: Received disconnect from 45.61.186.169 port 45986:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:12:21.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:12:23 honeypot-fra-1 sshd[3928]: Disconnected from authenticating user root 185.231.245.49 port 52582 [preauth]","@timestamp":"2022-09-12T18:12:23.196Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:37 honeypot-ams-1 sshd[13409]: Received disconnect from 45.61.186.169 port 40896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:12:38.337Z"}
{"@timestamp":"2022-09-12T18:14:36.895Z","@version":"1","message":"Sep 12 18:14:36 honeypot-sgp-1 sshd[8836]: Disconnected from authenticating user root 92.255.85.69 port 62142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:15:29 honeypot-fra-1 sshd[3934]: Disconnected from authenticating user root 109.80.164.62 port 48509 [preauth]","@timestamp":"2022-09-12T18:15:30.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:43 honeypot-ams-1 sshd[13415]: Invalid user user from 141.255.162.226 port 53414","@timestamp":"2022-09-12T18:15:44.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:46 honeypot-ams-1 sshd[13419]: Invalid user user from 141.255.162.226 port 46428","@timestamp":"2022-09-12T18:15:46.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:49 honeypot-ams-1 sshd[13423]: Invalid user user from 141.255.162.226 port 53112","@timestamp":"2022-09-12T18:15:50.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:51 honeypot-ams-1 sshd[13427]: Invalid user user from 141.255.162.226 port 60094","@timestamp":"2022-09-12T18:15:52.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:17:48 honeypot-fra-1 sshd[3944]: Invalid user kingfish from 165.22.45.108 port 55042","@timestamp":"2022-09-12T18:17:48.325Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:19:16 honeypot-ams-1 sshd[13507]: Disconnected from authenticating user root 92.255.85.69 port 42222 [preauth]","@timestamp":"2022-09-12T18:19:16.515Z"}
{"@timestamp":"2022-09-12T18:20:27.037Z","@version":"1","message":"Sep 12 18:20:26 honeypot-sgp-1 sshd[8844]: Received disconnect from 172.105.61.41 port 52936:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:20:37 honeypot-fra-1 sshd[3950]: Disconnected from authenticating user root 187.157.153.167 port 55642 [preauth]","@timestamp":"2022-09-12T18:20:38.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:22:32 honeypot-ams-1 sshd[13513]: Received disconnect from 92.205.19.152 port 56818:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:22:32.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:23:18 honeypot-fra-1 sshd[3959]: Connection closed by invalid user User 179.60.147.69 port 12964 [preauth]","@timestamp":"2022-09-12T18:23:18.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:23:53 honeypot-ams-1 sshd[13517]: Disconnected from invalid user toto 65.52.9.242 port 34524 [preauth]","@timestamp":"2022-09-12T18:23:53.637Z"}
{"@timestamp":"2022-09-12T18:25:44.163Z","@version":"1","message":"Sep 12 18:25:43 honeypot-sgp-1 sshd[8847]: Disconnected from invalid user lfranzoi 74.92.28.228 port 54794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:27:04 honeypot-ams-1 kernel: [83883809.398366] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.197.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51101 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:27:05.724Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:27:05 honeypot-fra-1 sshd[3967]: Received disconnect from 70.35.202.246 port 48998:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:27:06.543Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:29:23 honeypot-fra-1 sshd[3974]: Invalid user admin from 180.168.2.154 port 56324","@timestamp":"2022-09-12T18:29:24.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:30:31.281Z","@version":"1","message":"Sep 12 18:30:31 honeypot-sgp-1 sshd[8853]: Invalid user iris from 103.233.0.58 port 42670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:32:31 honeypot-fra-1 sshd[3982]: Connection closed by 103.231.214.252 port 33494 [preauth]","@timestamp":"2022-09-12T18:32:31.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:33:38 honeypot-ams-1 sshd[13527]: Received disconnect from 161.35.112.155 port 37320:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:33:38.894Z"}
{"@timestamp":"2022-09-12T18:34:12.369Z","@version":"1","message":"Sep 12 18:34:11 honeypot-sgp-1 kernel: [83883762.802519] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=2357 PROTO=TCP SPT=45423 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:34:57 honeypot-fra-1 sshd[3989]: Received disconnect from 144.24.72.43 port 55230:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:34:57.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:40:31 honeypot-fra-1 sshd[4000]: Received disconnect from 92.255.85.70 port 34624:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:40:31.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:45:54 honeypot-ams-1 kernel: [83884938.917619] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.248.27 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=65002 PROTO=TCP SPT=36523 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:45:55.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:48:00 honeypot-fra-1 kernel: [83882906.219595] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.36 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40781 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:48:01.024Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:48:44 honeypot-ams-1 kernel: [83885109.219745] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=36074 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:48:45.290Z"}
{"@timestamp":"2022-09-12T18:51:48.807Z","@version":"1","message":"Sep 12 18:51:48 honeypot-sgp-1 kernel: [83884819.477505] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50599 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:52:56 honeypot-fra-1 sshd[4020]: Invalid user kira from 165.22.45.108 port 59838","@timestamp":"2022-09-12T18:52:57.141Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:56:30 honeypot-fra-1 sshd[4027]: Connection closed by invalid user User 179.60.147.69 port 3050 [preauth]","@timestamp":"2022-09-12T18:56:31.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:03:07 honeypot-fra-1 sshd[4038]: Invalid user oracle from 88.142.46.185 port 35976","@timestamp":"2022-09-12T19:03:08.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:05:22 honeypot-fra-1 kernel: [83883948.784939] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1692 PROTO=TCP SPT=48949 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:05:23.425Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T19:06:21.151Z","@version":"1","message":"Sep 12 19:06:20 honeypot-sgp-1 sshd[8869]: Received disconnect from 154.214.4.199 port 46708:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:06:31 honeypot-ams-1 sshd[13538]: Received disconnect from 92.255.85.69 port 46546:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:06:31.740Z"}
{"@timestamp":"2022-09-12T19:07:08.172Z","@version":"1","message":"Sep 12 19:07:07 honeypot-sgp-1 sshd[8873]: Received disconnect from 84.201.177.10 port 37316:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:08:25.206Z","@version":"1","message":"Sep 12 19:08:24 honeypot-sgp-1 sshd[8877]: Received disconnect from 202.164.153.78 port 37396:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:09:30 honeypot-fra-1 sshd[4053]: Invalid user ws from 43.128.188.237 port 41580","@timestamp":"2022-09-12T19:09:30.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:10:08 honeypot-ams-1 kernel: [83886393.295631] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=98.109.157.55 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=65253 PROTO=TCP SPT=2734 DPT=80 WINDOW=16886 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:10:09.838Z"}
{"@timestamp":"2022-09-12T19:11:15.274Z","@version":"1","message":"Sep 12 19:11:15 honeypot-sgp-1 sshd[8881]: Disconnected from invalid user sshservice 180.167.214.190 port 25634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:12:17 honeypot-ams-1 sshd[13548]: Received disconnect from 119.92.159.209 port 16673:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:12:18.898Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:12:25 honeypot-fra-1 sshd[4059]: Disconnected from authenticating user root 2.139.220.58 port 50408 [preauth]","@timestamp":"2022-09-12T19:12:25.584Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:13:45.337Z","@version":"1","message":"Sep 12 19:13:44 honeypot-sgp-1 sshd[8887]: Disconnected from invalid user cak 84.54.74.130 port 38636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:13:49 honeypot-fra-1 sshd[4066]: Disconnected from invalid user wp-admin 188.166.225.37 port 37654 [preauth]","@timestamp":"2022-09-12T19:13:50.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:17:01 honeypot-fra-1 CRON[4074]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T19:17:01.691Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:19:05.464Z","@version":"1","message":"Sep 12 19:19:04 honeypot-sgp-1 sshd[8895]: Disconnected from authenticating user root 139.135.229.27 port 35952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:20:32.506Z","@version":"1","message":"Sep 12 19:20:31 honeypot-sgp-1 sshd[8901]: Disconnected from invalid user mysql 123.100.226.242 port 49626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:20:34 honeypot-fra-1 sshd[4084]: Disconnected from authenticating user root 62.204.41.222 port 46980 [preauth]","@timestamp":"2022-09-12T19:20:34.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:22:53 honeypot-ams-1 sshd[13555]: Connection closed by invalid user User 179.60.147.69 port 12434 [preauth]","@timestamp":"2022-09-12T19:22:54.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:25:49 honeypot-fra-1 sshd[4093]: Connection closed by 103.231.214.252 port 54442 [preauth]","@timestamp":"2022-09-12T19:25:49.895Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:25:56.633Z","@version":"1","message":"Sep 12 19:25:55 honeypot-sgp-1 sshd[8918]: Received disconnect from 197.248.117.226 port 39530:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:27:23 honeypot-fra-1 sshd[4097]: Connection closed by 103.231.214.252 port 48699 [preauth]","@timestamp":"2022-09-12T19:27:23.934Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:28:57 honeypot-fra-1 sshd[4103]: Connection closed by 103.231.214.252 port 27530 [preauth]","@timestamp":"2022-09-12T19:28:57.973Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:29:43 honeypot-ams-1 sshd[13562]: Disconnected from authenticating user root 92.255.85.69 port 28242 [preauth]","@timestamp":"2022-09-12T19:29:43.347Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:33:39 honeypot-fra-1 sshd[4112]: Connection closed by 103.231.214.252 port 47016 [preauth]","@timestamp":"2022-09-12T19:33:40.082Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:37:56 honeypot-ams-1 kernel: [83888061.210995] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.117.152.56 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=58532 PROTO=TCP SPT=34170 DPT=80 WINDOW=39302 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:37:57.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:41:30 honeypot-fra-1 sshd[4125]: Connection closed by 103.231.214.252 port 11247 [preauth]","@timestamp":"2022-09-12T19:41:30.258Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:43:06.028Z","@version":"1","message":"Sep 12 19:43:05 honeypot-sgp-1 kernel: [83887896.776528] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.123.1.110 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=19650 PROTO=TCP SPT=32079 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:47:37 honeypot-fra-1 sshd[4214]: Received disconnect from 81.250.204.52 port 37416:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:47:38.399Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:47:44.140Z","@version":"1","message":"Sep 12 19:47:43 honeypot-sgp-1 sshd[8932]: Received disconnect from 92.255.85.69 port 29786:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:50:28 honeypot-fra-1 sshd[4221]: Disconnected from authenticating user root 92.255.85.69 port 37184 [preauth]","@timestamp":"2022-09-12T19:50:28.467Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:50:42 honeypot-ams-1 kernel: [83888827.314600] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.131 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47565 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:50:42.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:53:25 honeypot-fra-1 sshd[4227]: Received disconnect from 81.150.9.251 port 38234:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:53:25.537Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:55:10.316Z","@version":"1","message":"Sep 12 19:55:09 honeypot-sgp-1 sshd[8937]: Invalid user vf from 72.167.55.58 port 35426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:55:28 honeypot-ams-1 kernel: [83889112.954235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=55753 PROTO=TCP SPT=36066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:55:29.028Z"}
{"@timestamp":"2022-09-12T19:56:25.347Z","@version":"1","message":"Sep 12 19:56:24 honeypot-sgp-1 sshd[8941]: Disconnected from authenticating user root 157.245.245.11 port 45820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:58:44 honeypot-fra-1 sshd[4236]: Connection closed by 103.231.214.252 port 42409 [preauth]","@timestamp":"2022-09-12T19:58:44.660Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:15 honeypot-fra-1 sshd[4241]: Received disconnect from 141.255.162.226 port 37092:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T19:59:16.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:19 honeypot-fra-1 sshd[4245]: Received disconnect from 141.255.162.226 port 50874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T19:59:20.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:23 honeypot-fra-1 sshd[4249]: Received disconnect from 141.255.162.226 port 36426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T19:59:23.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:59:35 honeypot-ams-1 sshd[13579]: Connection closed by invalid user User 179.60.147.69 port 52480 [preauth]","@timestamp":"2022-09-12T19:59:36.137Z"}
{"@timestamp":"2022-09-12T20:02:08.483Z","@version":"1","message":"Sep 12 20:02:08 honeypot-sgp-1 sshd[8946]: Disconnected from invalid user vincent 203.245.29.159 port 45096 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:02:15 honeypot-ams-1 sshd[13583]: Invalid user enganga from 89.236.239.25 port 56748","@timestamp":"2022-09-12T20:02:15.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:03:05 honeypot-fra-1 sshd[4256]: Disconnected from invalid user kirkd 165.22.45.108 port 41224 [preauth]","@timestamp":"2022-09-12T20:03:05.763Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:06:46 honeypot-ams-1 kernel: [83889790.550890] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=20285 DF PROTO=TCP SPT=57044 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T20:06:46.371Z"}
{"@timestamp":"2022-09-12T20:06:47.596Z","@version":"1","message":"Sep 12 20:06:47 honeypot-sgp-1 sshd[8952]: Disconnected from authenticating user root 177.73.15.138 port 36242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:07:38 honeypot-fra-1 sshd[4265]: Disconnected from authenticating user root 181.209.159.166 port 57138 [preauth]","@timestamp":"2022-09-12T20:07:38.868Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:10:11.680Z","@version":"1","message":"Sep 12 20:10:11 honeypot-sgp-1 sshd[8959]: Disconnected from authenticating user root 92.255.85.70 port 52988 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:11:03 honeypot-fra-1 kernel: [83887888.948671] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=164.92.160.98 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=23818 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:11:03.950Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T20:13:04.751Z","@version":"1","message":"Sep 12 20:13:03 honeypot-sgp-1 kernel: [83889695.057320] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20698 PROTO=TCP SPT=41363 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:15:58 honeypot-fra-1 sshd[4282]: Connection closed by 103.231.214.252 port 61089 [preauth]","@timestamp":"2022-09-12T20:15:59.062Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:17:01 honeypot-ams-1 CRON[13590]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T20:17:02.635Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:19:15 honeypot-fra-1 sshd[4292]: Invalid user osvaldo from 190.226.244.9 port 41548","@timestamp":"2022-09-12T20:19:16.140Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:19:58 honeypot-ams-1 sshd[13597]: Invalid user kf from 45.249.247.148 port 53716","@timestamp":"2022-09-12T20:19:58.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:23:31 honeypot-fra-1 sshd[4299]: Invalid user ftpuser from 180.140.74.77 port 46948","@timestamp":"2022-09-12T20:23:32.237Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:24:12 honeypot-ams-1 kernel: [83890836.557326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=18.189.61.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=674 PROTO=TCP SPT=22065 DPT=80 WINDOW=58001 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:24:12.823Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:26:28 honeypot-fra-1 sshd[4306]: Disconnected from invalid user belea 80.91.223.98 port 55446 [preauth]","@timestamp":"2022-09-12T20:26:28.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:28:53 honeypot-fra-1 sshd[4315]: Connection closed by invalid user guest 197.211.115.66 port 45136 [preauth]","@timestamp":"2022-09-12T20:28:54.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:30:53.170Z","@version":"1","message":"Sep 12 20:30:52 honeypot-sgp-1 sshd[8972]: Invalid user test from 159.65.188.65 port 51950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:02.200Z","@version":"1","message":"Sep 12 20:32:01 honeypot-sgp-1 sshd[8976]: Received disconnect from 117.28.245.18 port 40016:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:28.212Z","@version":"1","message":"Sep 12 20:32:27 honeypot-sgp-1 sshd[8980]: Disconnected from authenticating user root 92.255.85.69 port 36592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:33.215Z","@version":"1","message":"Sep 12 20:32:32 honeypot-sgp-1 sshd[8985]: Disconnected from invalid user user 141.255.162.226 port 53202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:35.216Z","@version":"1","message":"Sep 12 20:32:34 honeypot-sgp-1 sshd[8989]: Disconnected from invalid user user 141.255.162.226 port 59404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:57.249Z","@version":"1","message":"Sep 12 20:32:56 honeypot-sgp-1 sshd[8993]: Disconnected from authenticating user root 45.179.229.32 port 45913 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:33:47.271Z","@version":"1","message":"Sep 12 20:33:46 honeypot-sgp-1 sshd[8997]: Disconnected from invalid user danuta 177.229.215.234 port 52936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:34:30 honeypot-fra-1 sshd[4326]: Invalid user support from 193.106.191.157 port 39410","@timestamp":"2022-09-12T20:34:31.493Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:34:51 honeypot-ams-1 sshd[13606]: Disconnected from authenticating user root 182.253.141.117 port 46558 [preauth]","@timestamp":"2022-09-12T20:34:52.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:36:25 honeypot-fra-1 sshd[4334]: Connection closed by authenticating user root 141.98.10.158 port 57584 [preauth]","@timestamp":"2022-09-12T20:36:25.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:38:05.375Z","@version":"1","message":"Sep 12 20:38:05 honeypot-sgp-1 kernel: [83891196.294891] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.218.100.200 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=9701 DF PROTO=TCP SPT=57590 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:38:29 honeypot-ams-1 sshd[13612]: Invalid user edsalse1 from 78.135.105.203 port 35602","@timestamp":"2022-09-12T20:38:30.205Z"}
{"@timestamp":"2022-09-12T20:38:56.398Z","@version":"1","message":"Sep 12 20:38:55 honeypot-sgp-1 sshd[9007]: Invalid user user from 141.255.162.226 port 36546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:39:00.401Z","@version":"1","message":"Sep 12 20:38:59 honeypot-sgp-1 sshd[9011]: Invalid user user from 141.255.162.226 port 50036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:39:04.403Z","@version":"1","message":"Sep 12 20:39:03 honeypot-sgp-1 sshd[9015]: Invalid user user from 141.255.162.226 port 35300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:39:29 honeypot-fra-1 sshd[4339]: Connection closed by 103.231.214.252 port 30002 [preauth]","@timestamp":"2022-09-12T20:39:29.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:39:54 honeypot-ams-1 sshd[13617]: Invalid user salomao from 200.60.92.170 port 50686","@timestamp":"2022-09-12T20:39:55.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:41:48 honeypot-ams-1 sshd[13621]: Connection reset by 147.182.160.15 port 25609 [preauth]","@timestamp":"2022-09-12T20:41:49.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:43:47 honeypot-fra-1 sshd[4348]: Invalid user User from 179.60.147.69 port 36258","@timestamp":"2022-09-12T20:43:47.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:48:24 honeypot-fra-1 sshd[4357]: Disconnected from authenticating user root 103.82.145.99 port 33692 [preauth]","@timestamp":"2022-09-12T20:48:25.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:51:52 honeypot-fra-1 sshd[4366]: Connection closed by 18.234.188.252 port 45210 [preauth]","@timestamp":"2022-09-12T20:51:52.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:52:20 honeypot-ams-1 sshd[13628]: Invalid user support from 193.106.191.157 port 34958","@timestamp":"2022-09-12T20:52:20.564Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:54:34 honeypot-fra-1 kernel: [83890500.551256] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=41602 DF PROTO=TCP SPT=58693 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:54:34.964Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T20:55:36.787Z","@version":"1","message":"Sep 12 20:55:36 honeypot-sgp-1 kernel: [83892247.345681] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=62046 DF PROTO=TCP SPT=47510 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:56:15 honeypot-ams-1 sshd[13633]: Disconnected from 159.223.172.195 port 53934 [preauth]","@timestamp":"2022-09-12T20:56:16.663Z"}
{"@timestamp":"2022-09-12T20:57:07.827Z","@version":"1","message":"Sep 12 20:57:07 honeypot-sgp-1 kernel: [83892338.098701] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=14820 DF PROTO=TCP SPT=15844 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:57:41 honeypot-ams-1 sshd[13639]: Received disconnect from 193.142.146.50 port 43578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:57:42.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:10 honeypot-ams-1 sshd[13643]: Disconnected from authenticating user root 193.142.146.50 port 60754 [preauth]","@timestamp":"2022-09-12T20:58:10.719Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:58:35 honeypot-fra-1 kernel: [83890741.166751] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=65364 DF PROTO=TCP SPT=52462 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:58:36.059Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:47 honeypot-ams-1 sshd[13649]: Received disconnect from 193.142.146.50 port 49698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:58:47.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:59:02 honeypot-fra-1 sshd[4382]: Received disconnect from 92.255.85.69 port 63064:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:59:03.072Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:59:52 honeypot-ams-1 sshd[13653]: Disconnected from authenticating user root 193.142.146.50 port 33114 [preauth]","@timestamp":"2022-09-12T20:59:52.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:36 honeypot-ams-1 sshd[13659]: Disconnected from authenticating user root 193.142.146.50 port 44762 [preauth]","@timestamp":"2022-09-12T21:00:36.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:01:41 honeypot-ams-1 sshd[13665]: Invalid user testuser from 193.142.146.50 port 56404","@timestamp":"2022-09-12T21:01:41.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:12 honeypot-ams-1 sshd[13669]: Invalid user ubuntu from 193.142.146.50 port 45348","@timestamp":"2022-09-12T21:02:12.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:43 honeypot-ams-1 sshd[13674]: Invalid user ubuntu from 193.142.146.50 port 34292","@timestamp":"2022-09-12T21:02:44.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:03:27 honeypot-ams-1 sshd[13678]: Disconnected from authenticating user root 193.142.146.50 port 51468 [preauth]","@timestamp":"2022-09-12T21:03:27.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:01 honeypot-ams-1 sshd[13682]: Disconnected from invalid user postgres 193.142.146.50 port 40412 [preauth]","@timestamp":"2022-09-12T21:04:01.891Z"}
{"@timestamp":"2022-09-12T21:04:23.998Z","@version":"1","message":"Sep 12 21:04:23 honeypot-sgp-1 sshd[9027]: Invalid user packer from 52.172.46.214 port 39722","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:35 honeypot-ams-1 sshd[13686]: Received disconnect from 193.142.146.50 port 57588:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:04:35.910Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:52 honeypot-ams-1 sshd[13688]: Disconnected from invalid user odoo 193.142.146.50 port 52060 [preauth]","@timestamp":"2022-09-12T21:04:52.919Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:05:31 honeypot-fra-1 kernel: [83891156.808668] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=31942 PROTO=TCP SPT=56403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:05:31.220Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T21:05:37.029Z","@version":"1","message":"Sep 12 21:05:36 honeypot-sgp-1 sshd[9031]: Invalid user User from 179.60.147.69 port 37752","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:07:20.071Z","@version":"1","message":"Sep 12 21:07:19 honeypot-sgp-1 sshd[9035]: Received disconnect from 156.67.208.180 port 34872:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:07:39 honeypot-ams-1 kernel: [83893443.411248] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=25672 DF PROTO=TCP SPT=54030 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T21:07:39.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:09:53 honeypot-fra-1 sshd[4399]: Connection closed by 103.231.214.252 port 56621 [preauth]","@timestamp":"2022-09-12T21:09:54.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:14:35 honeypot-fra-1 sshd[4408]: Connection closed by 103.231.214.252 port 20860 [preauth]","@timestamp":"2022-09-12T21:14:36.448Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:17:01 honeypot-ams-1 CRON[13701]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T21:17:02.242Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:17:43 honeypot-fra-1 sshd[4418]: Connection closed by 103.231.214.252 port 37099 [preauth]","@timestamp":"2022-09-12T21:17:44.523Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:19:25.348Z","@version":"1","message":"Sep 12 21:19:25 honeypot-sgp-1 sshd[9042]: Received disconnect from 92.255.85.69 port 33226:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:21:38 honeypot-fra-1 sshd[4427]: Received disconnect from 92.255.85.70 port 58436:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:21:38.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:28 honeypot-ams-1 sshd[13708]: Invalid user user from 45.61.186.169 port 57978","@timestamp":"2022-09-12T21:22:29.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:46 honeypot-ams-1 sshd[13712]: Invalid user user from 45.61.186.169 port 52320","@timestamp":"2022-09-12T21:22:47.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:03 honeypot-ams-1 sshd[13716]: Invalid user user from 45.61.186.169 port 46628","@timestamp":"2022-09-12T21:23:04.401Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:23:16 honeypot-ams-1 kernel: [83894381.191113] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=60185 DF PROTO=TCP SPT=56758 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T21:23:17.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:24:14 honeypot-ams-1 sshd[13723]: Disconnected from authenticating user root 92.255.85.69 port 39116 [preauth]","@timestamp":"2022-09-12T21:24:14.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:27:45 honeypot-fra-1 kernel: [83892491.104611] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=145.40.77.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=47438 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:27:45.753Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T21:30:34.605Z","@version":"1","message":"Sep 12 21:30:34 honeypot-sgp-1 kernel: [83894345.307647] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=145.40.77.125 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=47541 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:36:14 honeypot-ams-1 kernel: [83895158.464309] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.45.100.120 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=54310 PROTO=TCP SPT=26251 DPT=80 WINDOW=42323 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:36:14.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:36:32 honeypot-fra-1 sshd[4450]: Connection closed by 103.231.214.252 port 46114 [preauth]","@timestamp":"2022-09-12T21:36:32.953Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:42:18.874Z","@version":"1","message":"Sep 12 21:42:18 honeypot-sgp-1 sshd[9050]: Invalid user user from 198.98.61.9 port 42524","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:42:23 honeypot-ams-1 sshd[13730]: Disconnected from invalid user ruthart 188.157.24.174 port 50042 [preauth]","@timestamp":"2022-09-12T21:42:23.894Z"}
{"@timestamp":"2022-09-12T21:42:30.881Z","@version":"1","message":"Sep 12 21:42:30 honeypot-sgp-1 sshd[9054]: Received disconnect from 198.98.61.9 port 53726:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:45.888Z","@version":"1","message":"Sep 12 21:42:45 honeypot-sgp-1 sshd[9059]: Invalid user user from 198.98.61.9 port 47852","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:59.895Z","@version":"1","message":"Sep 12 21:42:59 honeypot-sgp-1 sshd[9063]: Invalid user user from 198.98.61.9 port 41982","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:43:38.912Z","@version":"1","message":"Sep 12 21:43:38 honeypot-sgp-1 sshd[9067]: Invalid user guest from 122.169.115.179 port 48218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:46:08 honeypot-ams-1 sshd[13736]: Invalid user ybb from 77.173.61.93 port 35726","@timestamp":"2022-09-12T21:46:08.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:46:27 honeypot-ams-1 sshd[13739]: Disconnected from invalid user zxiptv 132.247.181.75 port 37938 [preauth]","@timestamp":"2022-09-12T21:46:28.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:47:22 honeypot-fra-1 sshd[4461]: Connection closed by invalid user user1 103.188.176.251 port 60688 [preauth]","@timestamp":"2022-09-12T21:47:22.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:49:12 honeypot-ams-1 kernel: [83895936.483053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=31338 DF PROTO=TCP SPT=53203 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:49:13.080Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:56:14 honeypot-ams-1 kernel: [83896358.812151] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.248.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=50042 PROTO=TCP SPT=29344 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:56:15.291Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:56:33 honeypot-fra-1 kernel: [83894218.827673] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=45624 PROTO=TCP SPT=27783 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:56:33.414Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T21:57:20.251Z","@version":"1","message":"Sep 12 21:57:19 honeypot-sgp-1 kernel: [83895950.341924] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=26846 DF PROTO=TCP SPT=58771 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:58:12 honeypot-ams-1 sshd[13753]: Received disconnect from 103.135.215.66 port 55318:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:58:13.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:22 honeypot-fra-1 sshd[4470]: Disconnected from invalid user user 45.61.186.169 port 46152 [preauth]","@timestamp":"2022-09-12T21:59:23.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:40 honeypot-fra-1 sshd[4474]: Disconnected from invalid user user 45.61.186.169 port 42022 [preauth]","@timestamp":"2022-09-12T21:59:41.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:59 honeypot-fra-1 sshd[4480]: Received disconnect from 45.61.186.169 port 37896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:59:59.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:16 honeypot-fra-1 sshd[4484]: Received disconnect from 45.61.186.169 port 33768:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:00:17.507Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:03:26.392Z","@version":"1","message":"Sep 12 22:03:26 honeypot-sgp-1 sshd[9155]: Connection closed by invalid user admin 112.160.69.124 port 58715 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:04:55 honeypot-fra-1 sshd[4489]: Received disconnect from 139.198.27.111 port 36052:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:04:55.610Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:07:21 honeypot-ams-1 sshd[13760]: Invalid user pi from 96.3.36.65 port 53554","@timestamp":"2022-09-12T22:07:22.578Z"}
{"@timestamp":"2022-09-12T22:07:38.493Z","@version":"1","message":"Sep 12 22:07:37 honeypot-sgp-1 sshd[9161]: Received disconnect from 142.93.187.197 port 44062:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:08:38 honeypot-fra-1 sshd[4493]: Received disconnect from 92.255.85.70 port 27328:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:08:39.694Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:09:12 honeypot-fra-1 sshd[4497]: Disconnected from invalid user temp 77.158.71.118 port 40708 [preauth]","@timestamp":"2022-09-12T22:09:13.709Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:09:21 honeypot-ams-1 sshd[13763]: Connection closed by invalid user test 193.106.191.157 port 42456 [preauth]","@timestamp":"2022-09-12T22:09:22.633Z"}
{"@timestamp":"2022-09-12T22:10:40.567Z","@version":"1","message":"Sep 12 22:10:39 honeypot-sgp-1 sshd[9164]: Connection closed by invalid user ps 103.188.176.251 port 37528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:11:03 honeypot-ams-1 sshd[13769]: Received disconnect from 92.255.85.69 port 25656:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:11:04.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:04 honeypot-fra-1 sshd[4503]: Received disconnect from 141.255.162.226 port 57818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:12:05.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:08 honeypot-fra-1 sshd[4507]: Received disconnect from 141.255.162.226 port 49778:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:12:09.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:12 honeypot-fra-1 sshd[4511]: Received disconnect from 141.255.162.226 port 35022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:12:12.777Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:14:20 honeypot-fra-1 sshd[4515]: Connection closed by invalid user test 193.106.191.157 port 45368 [preauth]","@timestamp":"2022-09-12T22:14:20.825Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:14:32 honeypot-ams-1 sshd[13772]: Invalid user User from 179.60.147.69 port 58280","@timestamp":"2022-09-12T22:14:32.793Z"}
{"@timestamp":"2022-09-12T22:17:05.718Z","@version":"1","message":"Sep 12 22:17:05 honeypot-sgp-1 kernel: [83897136.135524] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.130 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=28210 PROTO=TCP SPT=10416 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:08.792Z","@version":"1","message":"Sep 12 22:20:07 honeypot-sgp-1 sshd[9176]: Received disconnect from 198.98.61.9 port 43878:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:24.799Z","@version":"1","message":"Sep 12 22:20:24 honeypot-sgp-1 sshd[9182]: Received disconnect from 198.98.61.9 port 38066:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:41.808Z","@version":"1","message":"Sep 12 22:20:41 honeypot-sgp-1 sshd[9186]: Received disconnect from 198.98.61.9 port 60410:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:22:58.864Z","@version":"1","message":"Sep 12 22:22:58 honeypot-sgp-1 kernel: [83897489.486542] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.137.178 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=4375 PROTO=TCP SPT=15485 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:23:01 honeypot-ams-1 sshd[13782]: Received disconnect from 61.177.173.46 port 47456:11:  [preauth]","@timestamp":"2022-09-12T22:23:02.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:24:56 honeypot-fra-1 sshd[4525]: Received disconnect from 68.183.42.17 port 42066:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:24:57.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:32:02 honeypot-fra-1 sshd[4530]: Received disconnect from 92.255.85.69 port 19686:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:32:03.222Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:34:43 honeypot-ams-1 sshd[13794]: Received disconnect from 92.255.85.69 port 17524:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:34:43.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:35:54 honeypot-ams-1 sshd[13798]: Disconnected from authenticating user root 43.130.45.216 port 60554 [preauth]","@timestamp":"2022-09-12T22:35:55.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:22 honeypot-ams-1 sshd[13801]: Disconnected from invalid user user 165.22.63.110 port 41362 [preauth]","@timestamp":"2022-09-12T22:36:22.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:50 honeypot-ams-1 sshd[13807]: Disconnected from invalid user user 45.61.186.249 port 58768 [preauth]","@timestamp":"2022-09-12T22:36:50.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:08 honeypot-ams-1 sshd[13811]: Disconnected from invalid user user 45.61.186.249 port 53804 [preauth]","@timestamp":"2022-09-12T22:37:09.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:25 honeypot-ams-1 sshd[13815]: Disconnected from invalid user user 45.61.186.249 port 48832 [preauth]","@timestamp":"2022-09-12T22:37:26.400Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:37:59 honeypot-ams-1 kernel: [83898863.685892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.208.219 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54472 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:37:59.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:03 honeypot-ams-1 sshd[13824]: Invalid user user from 45.61.186.169 port 43264","@timestamp":"2022-09-12T22:39:03.447Z"}
{"@timestamp":"2022-09-12T22:39:17.244Z","@version":"1","message":"Sep 12 22:39:16 honeypot-sgp-1 sshd[9195]: Disconnected from invalid user rachid 43.154.50.195 port 55406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:21 honeypot-ams-1 sshd[13828]: Invalid user user from 45.61.186.169 port 38212","@timestamp":"2022-09-12T22:39:22.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:39 honeypot-ams-1 sshd[13832]: Invalid user user from 45.61.186.169 port 33176","@timestamp":"2022-09-12T22:39:39.467Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:40:16 honeypot-ams-1 sshd[13837]: Received disconnect from 2.42.221.248 port 49908:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:40:16.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:40:34 honeypot-fra-1 sshd[4535]: Disconnected from invalid user kjpark 165.22.45.108 port 33902 [preauth]","@timestamp":"2022-09-12T22:40:34.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:41:27 honeypot-ams-1 sshd[13841]: Received disconnect from 167.71.235.223 port 49594:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:41:28.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:42:49 honeypot-ams-1 sshd[13845]: Invalid user fk from 189.46.157.37 port 47468","@timestamp":"2022-09-12T22:42:50.555Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:43:56 honeypot-ams-1 sshd[13849]: Disconnected from authenticating user root 61.177.173.39 port 39543 [preauth]","@timestamp":"2022-09-12T22:43:57.585Z"}
{"@timestamp":"2022-09-12T22:44:52.377Z","@version":"1","message":"Sep 12 22:44:51 honeypot-sgp-1 sshd[9200]: Connection closed by invalid user User 179.60.147.69 port 10510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:53:38 honeypot-ams-1 sshd[13859]: Disconnected from authenticating user root 61.177.173.52 port 37603 [preauth]","@timestamp":"2022-09-12T22:53:38.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:55:02 honeypot-fra-1 sshd[4541]: Received disconnect from 92.255.85.69 port 61756:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:55:02.734Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:55:17.619Z","@version":"1","message":"Sep 12 22:55:17 honeypot-sgp-1 sshd[9205]: Received disconnect from 167.71.131.111 port 44734:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:02:13 honeypot-ams-1 kernel: [83900318.028646] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.192 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56346 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:02:14.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:25 honeypot-ams-1 sshd[13870]: Invalid user user from 141.255.162.226 port 57860","@timestamp":"2022-09-12T23:04:26.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:29 honeypot-ams-1 sshd[13874]: Invalid user user from 141.255.162.226 port 56414","@timestamp":"2022-09-12T23:04:30.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:33 honeypot-ams-1 sshd[13878]: Invalid user user from 141.255.162.226 port 41582","@timestamp":"2022-09-12T23:04:34.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:06:18 honeypot-fra-1 sshd[4546]: Received disconnect from 134.209.244.230 port 55020:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:06:18.986Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:07:07 honeypot-ams-1 kernel: [83900612.149185] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=105.72.35.24 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=61255 DF PROTO=TCP SPT=14341 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:07:08.196Z"}
{"@timestamp":"2022-09-12T23:08:20.917Z","@version":"1","message":"Sep 12 23:08:20 honeypot-sgp-1 kernel: [83900211.757526] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51579 PROTO=TCP SPT=53996 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:02 honeypot-fra-1 sshd[4553]: Connection reset by 114.116.221.4 port 58528 [preauth]","@timestamp":"2022-09-12T23:09:03.051Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4565]: Invalid user admin from 114.116.221.4 port 58496","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4562]: Connection closed by authenticating user root 114.116.221.4 port 58498 [preauth]","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:13:58 honeypot-fra-1 sshd[4579]: Received disconnect from 190.35.38.226 port 33086:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:13:59.161Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:14:14 honeypot-ams-1 sshd[13889]: Connection closed by invalid user Admin 193.106.191.157 port 37378 [preauth]","@timestamp":"2022-09-12T23:14:14.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:22 honeypot-ams-1 sshd[13895]: Disconnected from invalid user user 45.61.184.204 port 58132 [preauth]","@timestamp":"2022-09-12T23:15:22.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:44 honeypot-ams-1 sshd[13899]: Disconnected from invalid user user 45.61.184.204 port 55674 [preauth]","@timestamp":"2022-09-12T23:15:45.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:04 honeypot-ams-1 sshd[13903]: Disconnected from invalid user user 45.61.184.204 port 53216 [preauth]","@timestamp":"2022-09-12T23:16:04.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:23 honeypot-ams-1 sshd[13907]: Disconnected from invalid user user 45.61.184.204 port 50758 [preauth]","@timestamp":"2022-09-12T23:16:23.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:17:01 honeypot-fra-1 CRON[4584]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T23:17:02.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:19:41.198Z","@version":"1","message":"Sep 12 23:19:40 honeypot-sgp-1 sshd[9217]: Connection closed by invalid user User 179.60.147.69 port 15472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:20:54 honeypot-fra-1 sshd[4590]: Invalid user klaudiu from 165.22.45.108 port 38812","@timestamp":"2022-09-12T23:20:55.321Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:21:13 honeypot-ams-1 sshd[13915]: Disconnected from authenticating user root 92.255.85.70 port 60746 [preauth]","@timestamp":"2022-09-12T23:21:13.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:23:10 honeypot-ams-1 sshd[13920]: Disconnected from authenticating user root 46.101.176.6 port 57872 [preauth]","@timestamp":"2022-09-12T23:23:10.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:23:21 honeypot-fra-1 kernel: [83899426.600330] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.234.44.243 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=9036 PROTO=TCP SPT=49330 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:23:21.380Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T23:26:16.354Z","@version":"1","message":"Sep 12 23:26:15 honeypot-sgp-1 sshd[9224]: Received disconnect from 41.216.229.181 port 47008:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:28:23 honeypot-fra-1 sshd[4595]: Disconnected from authenticating user root 216.80.102.155 port 50644 [preauth]","@timestamp":"2022-09-12T23:28:23.496Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:29:26 honeypot-ams-1 sshd[13929]: Invalid user ubnt from 179.60.147.69 port 10440","@timestamp":"2022-09-12T23:29:26.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:30:00 honeypot-ams-1 sshd[13935]: Received disconnect from 64.227.105.120 port 53546:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:30:00.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:30:05 honeypot-fra-1 kernel: [83899831.015621] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=58048 PROTO=TCP SPT=48778 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:30:06.539Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:36:07 honeypot-ams-1 sshd[13941]: Disconnected from authenticating user root 61.177.173.36 port 54889 [preauth]","@timestamp":"2022-09-12T23:36:07.970Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:37:34 honeypot-fra-1 sshd[4604]: Received disconnect from 178.128.108.91 port 36964:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:37:35.707Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:39:23.683Z","@version":"1","message":"Sep 12 23:39:22 honeypot-sgp-1 sshd[9230]: Received disconnect from 92.255.85.70 port 34440:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:41:01 honeypot-fra-1 sshd[4611]: Invalid user default from 88.142.46.185 port 34786","@timestamp":"2022-09-12T23:41:01.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:42:02 honeypot-fra-1 sshd[4615]: Received disconnect from 92.255.85.69 port 28194:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:42:02.809Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:21 honeypot-ams-1 sshd[13950]: Received disconnect from 45.61.186.169 port 60862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:43:22.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:39 honeypot-ams-1 sshd[13954]: Received disconnect from 45.61.186.169 port 55992:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:43:40.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:56 honeypot-ams-1 sshd[13958]: Received disconnect from 45.61.186.169 port 51134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:43:57.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:12 honeypot-ams-1 sshd[13962]: Disconnected from authenticating user root 92.255.85.70 port 51244 [preauth]","@timestamp":"2022-09-12T23:44:13.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:59 honeypot-ams-1 sshd[13966]: Disconnected from invalid user slut 159.65.91.105 port 60446 [preauth]","@timestamp":"2022-09-12T23:45:00.207Z"}
{"@timestamp":"2022-09-12T23:48:17.889Z","@version":"1","message":"Sep 12 23:48:17 honeypot-sgp-1 sshd[9235]: Disconnected from authenticating user root 185.53.229.86 port 33288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:48:32 honeypot-ams-1 sshd[13974]: Received disconnect from 90.12.204.90 port 49116:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:48:32.303Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:10 honeypot-fra-1 sshd[4621]: Invalid user admin from 159.203.178.0 port 50716","@timestamp":"2022-09-12T23:49:10.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:12 honeypot-fra-1 sshd[4627]: Invalid user admin from 159.203.178.0 port 41560","@timestamp":"2022-09-12T23:49:12.972Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T23:51:23.963Z","@version":"1","message":"Sep 12 23:51:23 honeypot-sgp-1 sshd[9242]: Received disconnect from 106.255.248.19 port 51164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:52:26 honeypot-ams-1 sshd[13979]: Disconnected from authenticating user root 61.177.172.98 port 32579 [preauth]","@timestamp":"2022-09-12T23:52:26.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:00:26 honeypot-ams-1 sshd[13985]: Received disconnect from 61.177.172.108 port 35095:11:  [preauth]","@timestamp":"2022-09-13T00:00:27.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:01:17 honeypot-fra-1 sshd[4637]: Invalid user kliv from 165.22.45.108 port 43766","@timestamp":"2022-09-13T00:01:18.242Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:05:28.319Z","@version":"1","message":"Sep 13 00:05:28 honeypot-sgp-1 sshd[9249]: Invalid user admin from 128.199.160.207 port 47562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:05:29.321Z","@version":"1","message":"Sep 13 00:05:28 honeypot-sgp-1 sshd[9255]: Invalid user admin from 128.199.160.207 port 47604","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:06:08 honeypot-ams-1 sshd[13992]: Received disconnect from 46.101.149.216 port 45736:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:06:08.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:06:34 honeypot-ams-1 sshd[13998]: Received disconnect from 167.71.59.102 port 47136:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:06:35.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:07:25 honeypot-fra-1 sshd[4643]: Connection closed by invalid user user 179.60.147.69 port 37338 [preauth]","@timestamp":"2022-09-13T00:07:26.383Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:08:27 honeypot-ams-1 sshd[14002]: Disconnected from invalid user pkm 137.184.2.1 port 51054 [preauth]","@timestamp":"2022-09-13T00:08:27.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:09:41 honeypot-ams-1 sshd[14006]: Disconnected from invalid user admin 20.106.195.16 port 1024 [preauth]","@timestamp":"2022-09-13T00:09:41.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:10:27 honeypot-ams-1 sshd[14013]: Invalid user uu from 147.182.188.81 port 42626","@timestamp":"2022-09-13T00:10:27.898Z"}
{"@timestamp":"2022-09-13T00:11:43.469Z","@version":"1","message":"Sep 13 00:11:42 honeypot-sgp-1 sshd[9260]: Did not receive identification string from 45.61.184.204 port 48512","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:15.483Z","@version":"1","message":"Sep 13 00:12:14 honeypot-sgp-1 sshd[9263]: Disconnected from invalid user user 45.61.184.204 port 37176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:37.494Z","@version":"1","message":"Sep 13 00:12:36 honeypot-sgp-1 sshd[9267]: Disconnected from invalid user user 45.61.184.204 port 34968 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:57.503Z","@version":"1","message":"Sep 13 00:12:56 honeypot-sgp-1 sshd[9271]: Disconnected from invalid user user 45.61.184.204 port 60978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:14:07 honeypot-ams-1 sshd[14015]: Invalid user ps from 103.188.176.251 port 52364","@timestamp":"2022-09-13T00:14:07.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:15:58 honeypot-fra-1 sshd[4650]: Did not receive identification string from 45.61.187.160 port 48976","@timestamp":"2022-09-13T00:15:59.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:23 honeypot-fra-1 sshd[4653]: Disconnected from invalid user user 45.61.187.160 port 60624 [preauth]","@timestamp":"2022-09-13T00:16:23.591Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:16:32.591Z","@version":"1","message":"Sep 13 00:16:32 honeypot-sgp-1 kernel: [83904303.092583] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=28868 DF PROTO=TCP SPT=58103 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:43 honeypot-fra-1 sshd[4657]: Disconnected from invalid user user 45.61.187.160 port 55490 [preauth]","@timestamp":"2022-09-13T00:16:44.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:02 honeypot-fra-1 sshd[4664]: Invalid user user from 45.61.187.160 port 50346","@timestamp":"2022-09-13T00:17:03.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:17 honeypot-fra-1 kernel: [83902662.638567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=59371 DF PROTO=TCP SPT=53168 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T00:17:17.623Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:17:27 honeypot-ams-1 kernel: [83904831.874124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.27.54.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=53901 PROTO=TCP SPT=30725 DPT=80 WINDOW=8070 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:17:28.086Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:29:03 honeypot-fra-1 sshd[4674]: Received disconnect from 92.255.85.70 port 34422:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:29:03.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:30:02.905Z","@version":"1","message":"Sep 13 00:30:01 honeypot-sgp-1 sshd[9282]: Received disconnect from 165.22.21.143 port 45688:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:30:53 honeypot-fra-1 sshd[4681]: Received disconnect from 45.61.186.249 port 51334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:30:53.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:31:07 honeypot-ams-1 sshd[14034]: Received disconnect from 61.177.172.108 port 61726:11:  [preauth]","@timestamp":"2022-09-13T00:31:08.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:10 honeypot-fra-1 sshd[4685]: Invalid user user from 45.61.186.249 port 45784","@timestamp":"2022-09-13T00:31:10.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:26 honeypot-fra-1 sshd[4689]: Invalid user user from 45.61.186.249 port 40212","@timestamp":"2022-09-13T00:31:26.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:42 honeypot-fra-1 sshd[4693]: Invalid user user from 45.61.186.249 port 34668","@timestamp":"2022-09-13T00:31:42.973Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:33:01 honeypot-ams-1 sshd[14040]: Connection closed by 192.241.219.173 port 37276 [preauth]","@timestamp":"2022-09-13T00:33:02.498Z"}
{"@timestamp":"2022-09-13T00:34:27.010Z","@version":"1","message":"Sep 13 00:34:26 honeypot-sgp-1 sshd[9287]: Received disconnect from 121.165.140.242 port 36154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:39:15.145Z","@version":"1","message":"Sep 13 00:39:14 honeypot-sgp-1 kernel: [83905665.290194] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.16.149.255 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=52488 DF PROTO=TCP SPT=41012 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:40:27 honeypot-fra-1 kernel: [83904052.335194] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=39.45.84.184 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58471 DF PROTO=TCP SPT=30577 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:40:27.175Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T00:44:24.268Z","@version":"1","message":"Sep 13 00:44:24 honeypot-sgp-1 sshd[9297]: Connection closed by invalid user unknown 179.60.147.69 port 41732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:45:32 honeypot-fra-1 sshd[4702]: Connection closed by invalid user unknown 179.60.147.69 port 5570 [preauth]","@timestamp":"2022-09-13T00:45:32.294Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:47:45 honeypot-ams-1 sshd[14061]: Invalid user unknown from 179.60.147.69 port 56074","@timestamp":"2022-09-13T00:47:46.883Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:52:46 honeypot-fra-1 sshd[4707]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-13T00:52:46.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:54:51 honeypot-ams-1 sshd[14070]: Received disconnect from 92.255.85.69 port 60158:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:54:52.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:06 honeypot-ams-1 sshd[14077]: Invalid user user from 141.255.162.226 port 51726","@timestamp":"2022-09-13T00:56:06.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:11 honeypot-ams-1 sshd[14081]: Invalid user user from 141.255.162.226 port 58224","@timestamp":"2022-09-13T00:56:12.109Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:56:33 honeypot-ams-1 kernel: [83907177.620632] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=40106 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:56:34.119Z"}
{"@timestamp":"2022-09-13T00:57:10.574Z","@version":"1","message":"Sep 13 00:57:10 honeypot-sgp-1 kernel: [83906741.054809] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=213.32.15.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=35443 PROTO=TCP SPT=62868 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:09 honeypot-fra-1 sshd[4712]: Invalid user user from 45.61.187.160 port 38480","@timestamp":"2022-09-13T01:04:10.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:28 honeypot-fra-1 sshd[4716]: Invalid user user from 45.61.187.160 port 33236","@timestamp":"2022-09-13T01:04:29.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:46 honeypot-fra-1 sshd[4720]: Invalid user user from 45.61.187.160 port 56222","@timestamp":"2022-09-13T01:04:46.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:54 honeypot-fra-1 sshd[4724]: Received disconnect from 45.61.187.160 port 39476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T01:04:55.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:06:27.796Z","@version":"1","message":"Sep 13 01:06:27 honeypot-sgp-1 sshd[9312]: Received disconnect from 164.163.96.253 port 58015:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:06:35 honeypot-ams-1 sshd[14092]: Invalid user hadoop from 117.102.82.42 port 48942","@timestamp":"2022-09-13T01:06:36.397Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:09:07 honeypot-ams-1 kernel: [83907932.138201] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=52625 PROTO=TCP SPT=39458 DPT=80 WINDOW=17122 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:09:08.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:11:35 honeypot-ams-1 sshd[14103]: Invalid user test from 95.71.91.87 port 48602","@timestamp":"2022-09-13T01:11:35.537Z"}
{"@timestamp":"2022-09-13T01:12:36.941Z","@version":"1","message":"Sep 13 01:12:36 honeypot-sgp-1 sshd[9317]: Disconnected from invalid user zimbra 196.203.207.165 port 50162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:13:27 honeypot-ams-1 sshd[14107]: Disconnected from authenticating user root 104.197.35.43 port 59118 [preauth]","@timestamp":"2022-09-13T01:13:28.587Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:15:09 honeypot-ams-1 sshd[14113]: Invalid user undernet from 137.184.183.159 port 51140","@timestamp":"2022-09-13T01:15:09.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:17:01 honeypot-fra-1 CRON[4729]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T01:17:02.024Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:17:31.061Z","@version":"1","message":"Sep 13 01:17:30 honeypot-sgp-1 kernel: [83907961.735474] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=56080 PROTO=TCP SPT=51517 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:17:40 honeypot-ams-1 sshd[14119]: Received disconnect from 61.177.173.36 port 41552:11:  [preauth]","@timestamp":"2022-09-13T01:17:40.698Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:20:56 honeypot-ams-1 kernel: [83908640.230004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=53816 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:20:56.435Z"}
{"@timestamp":"2022-09-13T01:21:40.182Z","@version":"1","message":"Sep 13 01:21:40 honeypot-sgp-1 sshd[9330]: Disconnected from authenticating user root 51.250.79.55 port 55426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:22:34 honeypot-fra-1 sshd[4735]: Connection closed by authenticating user root 179.60.147.69 port 61126 [preauth]","@timestamp":"2022-09-13T01:22:35.149Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:29:05.361Z","@version":"1","message":"Sep 13 01:29:04 honeypot-sgp-1 sshd[9335]: Invalid user eddie from 168.232.123.171 port 51505","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:30:12 honeypot-ams-1 sshd[14135]: Received disconnect from 157.230.47.123 port 37834:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:30:12.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:32:36 honeypot-ams-1 sshd[14142]: Invalid user adlina from 31.27.35.138 port 42268","@timestamp":"2022-09-13T01:32:36.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:38:09 honeypot-fra-1 sshd[4743]: Disconnected from invalid user testftp 129.146.247.68 port 43678 [preauth]","@timestamp":"2022-09-13T01:38:10.493Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:38:57.595Z","@version":"1","message":"Sep 13 01:38:56 honeypot-sgp-1 kernel: [83909247.528828] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=58345 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:41:19 honeypot-ams-1 sshd[14153]: Received disconnect from 92.255.85.70 port 38026:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:41:19.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:41:33 honeypot-fra-1 kernel: [83907718.525813] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=65141 PROTO=TCP SPT=60000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:41:33.573Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:45:09 honeypot-ams-1 kernel: [83910093.379741] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.138.70.212 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=47 ID=36649 PROTO=TCP SPT=54020 DPT=80 WINDOW=37452 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:45:10.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:48:57 honeypot-ams-1 sshd[14163]: Invalid user admin from 222.120.180.206 port 51369","@timestamp":"2022-09-13T01:48:57.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:55:35 honeypot-ams-1 sshd[14168]: Disconnected from authenticating user root 61.177.173.53 port 60196 [preauth]","@timestamp":"2022-09-13T01:55:35.368Z"}
{"@timestamp":"2022-09-13T01:58:15.060Z","@version":"1","message":"Sep 13 01:58:14 honeypot-sgp-1 kernel: [83910404.913017] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.5.173.16 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=56391 PROTO=TCP SPT=54309 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:59:18 honeypot-fra-1 kernel: [83908783.200602] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59266 PROTO=TCP SPT=53573 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:59:18.960Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T02:00:04.110Z","@version":"1","message":"Sep 13 02:00:03 honeypot-sgp-1 sshd[9357]: Disconnected from invalid user user 45.61.184.204 port 59930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:23.120Z","@version":"1","message":"Sep 13 02:00:22 honeypot-sgp-1 sshd[9361]: Disconnected from invalid user user 45.61.184.204 port 54264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:40.127Z","@version":"1","message":"Sep 13 02:00:39 honeypot-sgp-1 sshd[9365]: Disconnected from invalid user user 45.61.184.204 port 48612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:57.135Z","@version":"1","message":"Sep 13 02:00:56 honeypot-sgp-1 sshd[9369]: Disconnected from invalid user user 45.61.184.204 port 42948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:01:46 honeypot-fra-1 sshd[4758]: Disconnected from authenticating user root 189.8.108.24 port 37186 [preauth]","@timestamp":"2022-09-13T02:01:47.018Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:03:24 honeypot-fra-1 kernel: [83909029.604919] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37347 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:03:25.058Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:03:56 honeypot-ams-1 sshd[14175]: Disconnected from authenticating user root 61.177.172.108 port 46089 [preauth]","@timestamp":"2022-09-13T02:03:56.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:06:29 honeypot-ams-1 sshd[14181]: Received disconnect from 61.177.172.114 port 44913:11:  [preauth]","@timestamp":"2022-09-13T02:06:29.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:11:38 honeypot-fra-1 sshd[4770]: Received disconnect from 128.1.134.248 port 35978:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:11:39.244Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:15:09 honeypot-ams-1 kernel: [83911893.257589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=59731 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:15:09.897Z"}
{"@timestamp":"2022-09-13T02:17:01.552Z","@version":"1","message":"Sep 13 02:17:01 honeypot-sgp-1 CRON[9372]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:23:38 honeypot-ams-1 sshd[14199]: Disconnected from authenticating user root 61.177.173.36 port 35269 [preauth]","@timestamp":"2022-09-13T02:23:39.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:00 honeypot-ams-1 sshd[14204]: Received disconnect from 45.61.187.160 port 53398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:25:01.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:20 honeypot-ams-1 sshd[14208]: Received disconnect from 45.61.187.160 port 47974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:25:20.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:25:33 honeypot-fra-1 sshd[4783]: Disconnected from authenticating user root 92.255.85.69 port 38742 [preauth]","@timestamp":"2022-09-13T02:25:33.571Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:39 honeypot-ams-1 sshd[14212]: Received disconnect from 45.61.187.160 port 42562:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:25:40.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:59 honeypot-ams-1 sshd[14216]: Received disconnect from 45.61.187.160 port 37146:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:26:00.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:28:15 honeypot-fra-1 sshd[4785]: Disconnected from invalid user icinga 49.247.213.18 port 38367 [preauth]","@timestamp":"2022-09-13T02:28:16.634Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:28:36 honeypot-ams-1 sshd[14221]: Received disconnect from 143.198.50.154 port 36270:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:28:36.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:31:46 honeypot-ams-1 sshd[14227]: Received disconnect from 142.93.212.10 port 39406:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:31:46.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:32:09 honeypot-ams-1 sshd[14231]: Disconnected from authenticating user root 64.64.226.195 port 42844 [preauth]","@timestamp":"2022-09-13T02:32:10.388Z"}
{"@timestamp":"2022-09-13T02:34:55.992Z","@version":"1","message":"Sep 13 02:34:55 honeypot-sgp-1 sshd[9380]: Connection closed by invalid user centos 179.60.147.69 port 33098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:36:20 honeypot-ams-1 sshd[14238]: Disconnected from authenticating user root 61.177.173.37 port 61674 [preauth]","@timestamp":"2022-09-13T02:36:21.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:39:31 honeypot-ams-1 sshd[14245]: Received disconnect from 80.76.51.46 port 39836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:39:32.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:16 honeypot-ams-1 sshd[14251]: Received disconnect from 80.76.51.46 port 58148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:40:16.608Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:58 honeypot-ams-1 sshd[14257]: Received disconnect from 80.76.51.46 port 48200:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:40:58.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:30 honeypot-ams-1 sshd[14264]: Received disconnect from 61.177.173.51 port 48863:11:  [preauth]","@timestamp":"2022-09-13T02:41:30.647Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:42:07 honeypot-fra-1 kernel: [83911352.769847] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=60257 PROTO=TCP SPT=56865 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:42:07.943Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:07 honeypot-ams-1 sshd[14270]: Invalid user test from 80.76.51.46 port 59660","@timestamp":"2022-09-13T02:42:08.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:35 honeypot-ams-1 sshd[14274]: Invalid user testuser from 80.76.51.46 port 53016","@timestamp":"2022-09-13T02:42:36.684Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:42:53 honeypot-fra-1 kernel: [83911398.962549] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=48196 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:42:54.966Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:03 honeypot-ams-1 sshd[14278]: Invalid user ubuntu from 80.76.51.46 port 46548","@timestamp":"2022-09-13T02:43:04.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:31 honeypot-ams-1 sshd[14282]: Invalid user ubuntu from 80.76.51.46 port 39664","@timestamp":"2022-09-13T02:43:31.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:59 honeypot-ams-1 sshd[14286]: Disconnected from authenticating user root 80.76.51.46 port 33046 [preauth]","@timestamp":"2022-09-13T02:43:59.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:27 honeypot-ams-1 sshd[14290]: Disconnected from invalid user postgres 80.76.51.46 port 54524 [preauth]","@timestamp":"2022-09-13T02:44:27.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:08 honeypot-ams-1 sshd[14296]: Received disconnect from 80.76.51.46 port 44544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:45:08.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:31 honeypot-ams-1 sshd[14302]: Disconnected from authenticating user root 61.177.173.35 port 45589 [preauth]","@timestamp":"2022-09-13T02:45:32.779Z"}
{"@timestamp":"2022-09-13T02:46:04.293Z","@version":"1","message":"Sep 13 02:46:03 honeypot-sgp-1 sshd[9386]: Disconnected from authenticating user root 92.255.85.70 port 58654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:48:58 honeypot-fra-1 kernel: [83911763.243576] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=121.46.25.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=21180 PROTO=TCP SPT=57120 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:48:59.103Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:50:48 honeypot-ams-1 sshd[14309]: Received disconnect from 92.255.85.69 port 47654:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:50:48.921Z"}
{"@timestamp":"2022-09-13T02:51:57.443Z","@version":"1","message":"Sep 13 02:51:56 honeypot-sgp-1 sshd[9392]: Received disconnect from 45.61.186.169 port 38504:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:13.452Z","@version":"1","message":"Sep 13 02:52:13 honeypot-sgp-1 sshd[9396]: Received disconnect from 45.61.186.169 port 33228:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:29.460Z","@version":"1","message":"Sep 13 02:52:28 honeypot-sgp-1 sshd[9400]: Received disconnect from 45.61.186.169 port 56184:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:16 honeypot-fra-1 sshd[4806]: Received disconnect from 45.61.186.49 port 39854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:55:17.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:28 honeypot-fra-1 sshd[4810]: Received disconnect from 45.61.186.49 port 51414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:55:28.251Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T02:56:07.556Z","@version":"1","message":"Sep 13 02:56:06 honeypot-sgp-1 kernel: [83913877.674809] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.134.144.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=64752 PROTO=TCP SPT=57734 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:56:11 honeypot-ams-1 sshd[14317]: Received disconnect from 61.177.173.36 port 44875:11:  [preauth]","@timestamp":"2022-09-13T02:56:12.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:00:29 honeypot-fra-1 sshd[4815]: Invalid user zhup from 161.35.102.143 port 53408","@timestamp":"2022-09-13T03:00:29.364Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:00:56 honeypot-ams-1 kernel: [83914640.381104] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.65.225.201 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=64448 PROTO=TCP SPT=58858 DPT=443 WINDOW=39834 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:00:57.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:05:00 honeypot-ams-1 sshd[14325]: Disconnected from invalid user xze 104.236.228.230 port 58462 [preauth]","@timestamp":"2022-09-13T03:05:01.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:06:36 honeypot-ams-1 sshd[14329]: Disconnected from invalid user sino_zsk 45.191.91.45 port 58164 [preauth]","@timestamp":"2022-09-13T03:06:37.341Z"}
{"@timestamp":"2022-09-13T03:09:09.888Z","@version":"1","message":"Sep 13 03:09:09 honeypot-sgp-1 sshd[9406]: Received disconnect from 92.255.85.70 port 27910:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:11:09 honeypot-ams-1 sshd[14338]: Received disconnect from 61.177.172.124 port 42629:11:  [preauth]","@timestamp":"2022-09-13T03:11:09.459Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:02 honeypot-fra-1 sshd[4820]: Received disconnect from 92.255.85.70 port 26386:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:12:02.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:35 honeypot-fra-1 sshd[4827]: Invalid user ipko from 141.98.10.158 port 51454","@timestamp":"2022-09-13T03:12:35.640Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:47 honeypot-fra-1 sshd[4829]: Received disconnect from 198.98.61.9 port 42266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:12:48.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:02 honeypot-fra-1 sshd[4833]: Connection closed by invalid user debian 179.60.147.69 port 47180 [preauth]","@timestamp":"2022-09-13T03:13:02.653Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:12 honeypot-fra-1 sshd[4837]: Disconnected from invalid user user 198.98.61.9 port 48778 [preauth]","@timestamp":"2022-09-13T03:13:12.658Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:14:27 honeypot-ams-1 sshd[14344]: Received disconnect from 92.255.85.69 port 50004:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:14:28.546Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:16:39 honeypot-fra-1 kernel: [83913424.402252] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.134.144.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=49726 PROTO=TCP SPT=58833 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:16:39.740Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T03:17:02.083Z","@version":"1","message":"Sep 13 03:17:01 honeypot-sgp-1 CRON[9413]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:22:37 honeypot-fra-1 sshd[4871]: Disconnected from invalid user koala 165.22.45.108 port 40200 [preauth]","@timestamp":"2022-09-13T03:22:37.874Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:25:45 honeypot-ams-1 sshd[14354]: Invalid user admin from 108.41.8.142 port 63672","@timestamp":"2022-09-13T03:25:45.833Z"}
{"@timestamp":"2022-09-13T03:26:48.346Z","@version":"1","message":"Sep 13 03:26:47 honeypot-sgp-1 sshd[9419]: Protocol major versions differ for 141.105.66.148 port 5559: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Nmap-SSH1-Hostkey","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:26:50.348Z","@version":"1","message":"Sep 13 03:26:49 honeypot-sgp-1 sshd[9421]: Connection closed by 141.105.66.148 port 51197 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:26:53 honeypot-ams-1 sshd[14357]: Disconnected from invalid user admin 103.176.179.185 port 58186 [preauth]","@timestamp":"2022-09-13T03:26:53.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:28:17 honeypot-ams-1 sshd[14365]: Disconnected from authenticating user root 181.49.50.202 port 46662 [preauth]","@timestamp":"2022-09-13T03:28:17.904Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:28:29 honeypot-fra-1 sshd[4878]: Invalid user vcsh from 161.35.59.177 port 38938","@timestamp":"2022-09-13T03:28:30.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:31:05 honeypot-fra-1 sshd[4880]: Disconnected from invalid user cynthia 162.243.172.239 port 53684 [preauth]","@timestamp":"2022-09-13T03:31:06.066Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:31:13.456Z","@version":"1","message":"Sep 13 03:31:13 honeypot-sgp-1 sshd[9440]: Invalid user default from 164.92.186.90 port 37308","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:32:51.498Z","@version":"1","message":"Sep 13 03:32:50 honeypot-sgp-1 sshd[9445]: Received disconnect from 91.93.63.187 port 52704:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:34:26 honeypot-ams-1 sshd[14373]: Connection closed by 167.94.138.61 port 55364 [preauth]","@timestamp":"2022-09-13T03:34:27.061Z"}
{"@timestamp":"2022-09-13T03:35:28.562Z","@version":"1","message":"Sep 13 03:35:28 honeypot-sgp-1 sshd[9449]: Received disconnect from 61.93.186.125 port 36692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:30 honeypot-fra-1 sshd[4906]: Did not receive identification string from 120.199.82.50 port 28679","@timestamp":"2022-09-13T03:35:31.165Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:38 honeypot-fra-1 sshd[4910]: Connection closed by authenticating user root 120.199.82.50 port 31830 [preauth]","@timestamp":"2022-09-13T03:35:39.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:43 honeypot-fra-1 sshd[4909]: Invalid user centos from 120.199.82.50 port 3396","@timestamp":"2022-09-13T03:35:44.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:52 honeypot-fra-1 sshd[4923]: Connection closed by invalid user elastic 120.199.82.50 port 10291 [preauth]","@timestamp":"2022-09-13T03:35:53.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:06 honeypot-fra-1 sshd[4932]: Invalid user oracle from 120.199.82.50 port 9926","@timestamp":"2022-09-13T03:36:07.186Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:08 honeypot-fra-1 sshd[4934]: Invalid user es from 120.199.82.50 port 14364","@timestamp":"2022-09-13T03:36:09.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:37 honeypot-fra-1 sshd[4944]: Invalid user elastic from 120.199.82.50 port 40210","@timestamp":"2022-09-13T03:36:38.201Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:37:21.631Z","@version":"1","message":"Sep 13 03:37:21 honeypot-sgp-1 sshd[9453]: Received disconnect from 143.244.141.173 port 40126:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:37:41 honeypot-ams-1 sshd[14378]: Disconnected from invalid user laraht 188.166.23.215 port 41956 [preauth]","@timestamp":"2022-09-13T03:37:42.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:39:33 honeypot-ams-1 sshd[14382]: Disconnected from authenticating user root 61.177.173.39 port 10396 [preauth]","@timestamp":"2022-09-13T03:39:33.197Z"}
{"@timestamp":"2022-09-13T03:43:38.786Z","@version":"1","message":"Sep 13 03:43:38 honeypot-sgp-1 sshd[9460]: Invalid user installer from 116.98.167.15 port 53548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:50.791Z","@version":"1","message":"Sep 13 03:43:50 honeypot-sgp-1 sshd[9466]: Connection closed by authenticating user root 116.98.167.15 port 36614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:53.795Z","@version":"1","message":"Sep 13 03:43:53 honeypot-sgp-1 sshd[9474]: Connection closed by invalid user ftp 116.98.167.15 port 55250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:15.805Z","@version":"1","message":"Sep 13 03:44:14 honeypot-sgp-1 sshd[9482]: Invalid user monitor from 116.98.167.15 port 54770","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:44:20 honeypot-fra-1 kernel: [83915084.901324] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=48967 DF PROTO=TCP SPT=55255 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:44:20.371Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T03:44:36.815Z","@version":"1","message":"Sep 13 03:44:36 honeypot-sgp-1 sshd[9488]: Invalid user ftpuser from 116.98.167.15 port 52456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:06.830Z","@version":"1","message":"Sep 13 03:45:06 honeypot-sgp-1 sshd[9494]: Invalid user tomcat from 116.98.167.15 port 35420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:20.837Z","@version":"1","message":"Sep 13 03:45:20 honeypot-sgp-1 sshd[9500]: Invalid user listd from 116.98.167.15 port 50030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:46:27.892Z","@version":"1","message":"Sep 13 03:46:27 honeypot-sgp-1 sshd[9506]: Connection closed by invalid user admin 116.98.167.15 port 33310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:47:36.924Z","@version":"1","message":"Sep 13 03:47:36 honeypot-sgp-1 sshd[9512]: Invalid user ww from 52.151.65.193 port 32902","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:48:25.947Z","@version":"1","message":"Sep 13 03:48:25 honeypot-sgp-1 sshd[9517]: Connection closed by invalid user arkserver 116.98.167.15 port 44136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:50:24.999Z","@version":"1","message":"Sep 13 03:50:24 honeypot-sgp-1 sshd[9525]: Invalid user temp1 from 116.98.167.15 port 44132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:10 honeypot-ams-1 sshd[14391]: Disconnected from authenticating user root 46.19.141.122 port 36738 [preauth]","@timestamp":"2022-09-13T03:51:10.495Z"}
{"@timestamp":"2022-09-13T03:51:15.024Z","@version":"1","message":"Sep 13 03:51:14 honeypot-sgp-1 sshd[9531]: Connection closed by authenticating user root 116.98.167.15 port 39384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:53 honeypot-ams-1 sshd[14397]: Invalid user debian from 179.60.147.69 port 2804","@timestamp":"2022-09-13T03:51:53.516Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:52:43 honeypot-ams-1 sshd[14401]: Disconnected from invalid user admin 46.19.141.122 port 52600 [preauth]","@timestamp":"2022-09-13T03:52:44.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:18 honeypot-ams-1 sshd[14405]: Disconnected from invalid user ubuntu 46.19.141.122 port 34968 [preauth]","@timestamp":"2022-09-13T03:53:18.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:54:19 honeypot-ams-1 sshd[14410]: Disconnected from invalid user user 46.19.141.122 port 45556 [preauth]","@timestamp":"2022-09-13T03:54:19.586Z"}
{"@timestamp":"2022-09-13T03:54:53.116Z","@version":"1","message":"Sep 13 03:54:52 honeypot-sgp-1 sshd[9537]: Disconnected from invalid user user 45.61.186.49 port 59670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:54:54 honeypot-ams-1 kernel: [83917878.710851] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.129 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46147 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:54:54.605Z"}
{"@timestamp":"2022-09-13T03:55:03.121Z","@version":"1","message":"Sep 13 03:55:02 honeypot-sgp-1 sshd[9541]: Disconnected from invalid user user 45.61.186.49 port 43106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:55:27 honeypot-ams-1 kernel: [83917911.866164] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=14552 PROTO=TCP SPT=41264 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:55:28.623Z"}
{"@timestamp":"2022-09-13T03:57:40.188Z","@version":"1","message":"Sep 13 03:57:39 honeypot-sgp-1 kernel: [83917569.825076] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59370 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:58:21 honeypot-fra-1 sshd[4954]: Received disconnect from 92.255.85.69 port 28934:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:58:22.685Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:01:11 honeypot-ams-1 sshd[14425]: Received disconnect from 92.255.85.69 port 49334:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:01:11.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:03:50 honeypot-fra-1 kernel: [83916255.763214] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.145.144.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54839 PROTO=TCP SPT=47483 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:03:51.809Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:09 honeypot-fra-1 sshd[4962]: Disconnected from invalid user user 141.255.162.226 port 34940 [preauth]","@timestamp":"2022-09-13T04:06:09.863Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:11 honeypot-fra-1 sshd[4966]: Disconnected from invalid user user 141.255.162.226 port 48252 [preauth]","@timestamp":"2022-09-13T04:06:11.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:17 honeypot-fra-1 sshd[4970]: Disconnected from invalid user user 141.255.162.226 port 39994 [preauth]","@timestamp":"2022-09-13T04:06:17.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:15:05 honeypot-fra-1 sshd[4976]: Invalid user breeanna from 189.112.0.11 port 54386","@timestamp":"2022-09-13T04:15:06.065Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:16:56 honeypot-ams-1 kernel: [83919200.563892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=121.4.27.90 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=31125 DF PROTO=TCP SPT=59672 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:16:57.179Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:18:17 honeypot-fra-1 sshd[4981]: Received disconnect from 89.22.165.187 port 9283:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:18:18.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:19:00.733Z","@version":"1","message":"Sep 13 04:18:59 honeypot-sgp-1 sshd[9552]: Disconnected from authenticating user root 92.255.85.70 port 25310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:22:01 honeypot-fra-1 sshd[4988]: Received disconnect from 92.255.85.70 port 41432:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:22:02.224Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:24:29 honeypot-ams-1 sshd[14438]: Disconnected from authenticating user root 92.255.85.69 port 22542 [preauth]","@timestamp":"2022-09-13T04:24:30.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:26:29 honeypot-fra-1 sshd[4992]: Invalid user unknown from 179.60.147.69 port 32176","@timestamp":"2022-09-13T04:26:29.326Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:27:48.955Z","@version":"1","message":"Sep 13 04:27:48 honeypot-sgp-1 sshd[9559]: Received disconnect from 143.244.158.100 port 56878:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:29:35.001Z","@version":"1","message":"Sep 13 04:29:34 honeypot-sgp-1 sshd[9564]: Disconnected from authenticating user root 143.244.158.100 port 48684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:30:20.023Z","@version":"1","message":"Sep 13 04:30:19 honeypot-sgp-1 sshd[9568]: Disconnected from invalid user ts 43.154.14.246 port 44808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:31:58.066Z","@version":"1","message":"Sep 13 04:31:57 honeypot-sgp-1 sshd[9574]: Disconnected from authenticating user root 143.244.158.100 port 56954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:33:33 honeypot-ams-1 kernel: [83920197.670925] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.82.47.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56933 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:33:33.643Z"}
{"@timestamp":"2022-09-13T04:34:23.127Z","@version":"1","message":"Sep 13 04:34:22 honeypot-sgp-1 sshd[9581]: Disconnected from authenticating user root 143.244.158.100 port 37392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:36:48.215Z","@version":"1","message":"Sep 13 04:36:47 honeypot-sgp-1 sshd[9587]: Received disconnect from 143.244.158.100 port 58068:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:37:42 honeypot-ams-1 sshd[14445]: Disconnected from authenticating user root 2.139.38.109 port 39116 [preauth]","@timestamp":"2022-09-13T04:37:43.753Z"}
{"@timestamp":"2022-09-13T04:38:25.258Z","@version":"1","message":"Sep 13 04:38:24 honeypot-sgp-1 sshd[9593]: Received disconnect from 143.244.158.100 port 45638:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:40:52.322Z","@version":"1","message":"Sep 13 04:40:51 honeypot-sgp-1 sshd[9600]: Received disconnect from 143.244.158.100 port 37276:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:41:42 honeypot-ams-1 sshd[14450]: Connection closed by invalid user user 167.99.220.160 port 49540 [preauth]","@timestamp":"2022-09-13T04:41:42.860Z"}
{"@timestamp":"2022-09-13T04:42:47.373Z","@version":"1","message":"Sep 13 04:42:47 honeypot-sgp-1 sshd[9606]: Received disconnect from 92.255.85.69 port 55152:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:43:29 honeypot-fra-1 sshd[4998]: Invalid user konakova from 165.22.45.108 port 50044","@timestamp":"2022-09-13T04:43:30.708Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:44:04 honeypot-fra-1 sshd[5002]: Received disconnect from 41.63.9.36 port 43580:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:44:05.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:45:04.432Z","@version":"1","message":"Sep 13 04:45:03 honeypot-sgp-1 sshd[9613]: Received disconnect from 143.244.158.100 port 46458:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:47:32.494Z","@version":"1","message":"Sep 13 04:47:32 honeypot-sgp-1 sshd[9619]: Received disconnect from 143.244.158.100 port 42012:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:50:04.558Z","@version":"1","message":"Sep 13 04:50:03 honeypot-sgp-1 sshd[9625]: Received disconnect from 143.244.158.100 port 49826:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:52:34.622Z","@version":"1","message":"Sep 13 04:52:34 honeypot-sgp-1 sshd[9632]: Received disconnect from 143.244.158.100 port 42446:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:54:13.667Z","@version":"1","message":"Sep 13 04:54:12 honeypot-sgp-1 sshd[9636]: Received disconnect from 143.244.158.100 port 60818:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:56:42.729Z","@version":"1","message":"Sep 13 04:56:42 honeypot-sgp-1 sshd[9643]: Received disconnect from 143.244.158.100 port 55876:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:57:18 honeypot-fra-1 sshd[5008]: Received disconnect from 190.128.230.98 port 38944:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:57:19.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:59:08.792Z","@version":"1","message":"Sep 13 04:59:08 honeypot-sgp-1 sshd[9649]: Received disconnect from 143.244.158.100 port 33910:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:00:21 honeypot-ams-1 sshd[14457]: Did not receive identification string from 45.61.187.160 port 59528","@timestamp":"2022-09-13T05:00:22.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:00:54 honeypot-ams-1 sshd[14460]: Disconnected from invalid user user 45.61.187.160 port 58210 [preauth]","@timestamp":"2022-09-13T05:00:54.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:13 honeypot-ams-1 sshd[14464]: Disconnected from invalid user user 45.61.187.160 port 53236 [preauth]","@timestamp":"2022-09-13T05:01:13.352Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:13 honeypot-fra-1 sshd[5013]: Invalid user user from 45.61.186.49 port 55306","@timestamp":"2022-09-13T05:01:14.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:22 honeypot-fra-1 sshd[5017]: Invalid user user from 45.61.186.49 port 38760","@timestamp":"2022-09-13T05:01:23.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:31 honeypot-ams-1 sshd[14468]: Disconnected from invalid user user 45.61.187.160 port 48264 [preauth]","@timestamp":"2022-09-13T05:01:31.363Z"}
{"@timestamp":"2022-09-13T05:01:38.855Z","@version":"1","message":"Sep 13 05:01:38 honeypot-sgp-1 sshd[9656]: Received disconnect from 143.244.158.100 port 51978:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:02:53 honeypot-fra-1 sshd[5022]: Disconnected from authenticating user root 128.201.78.253 port 56062 [preauth]","@timestamp":"2022-09-13T05:02:54.149Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:03:31.905Z","@version":"1","message":"Sep 13 05:03:31 honeypot-sgp-1 sshd[9663]: Received disconnect from 143.244.158.100 port 47798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:05:45.962Z","@version":"1","message":"Sep 13 05:05:45 honeypot-sgp-1 sshd[9669]: Received disconnect from 92.255.85.70 port 52978:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:06:24 honeypot-fra-1 sshd[5028]: Received disconnect from 147.135.219.202 port 39346:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:06:25.246Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:07:08 honeypot-ams-1 kernel: [83922212.672426] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59075 PROTO=TCP SPT=56536 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:07:09.509Z"}
{"@timestamp":"2022-09-13T05:08:02.021Z","@version":"1","message":"Sep 13 05:08:01 honeypot-sgp-1 sshd[9676]: Received disconnect from 143.244.158.100 port 32984:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:08:25 honeypot-fra-1 sshd[5033]: Received disconnect from 92.255.85.69 port 15928:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:08:26.293Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:10:33.085Z","@version":"1","message":"Sep 13 05:10:32 honeypot-sgp-1 sshd[9682]: Received disconnect from 143.244.158.100 port 55438:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:13:04.148Z","@version":"1","message":"Sep 13 05:13:03 honeypot-sgp-1 sshd[9689]: Invalid user mmm from 104.236.237.117 port 34114","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:53 honeypot-ams-1 sshd[14479]: Received disconnect from 141.255.162.226 port 37734:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:13:54.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:56 honeypot-ams-1 sshd[14483]: Received disconnect from 141.255.162.226 port 58160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:13:57.681Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:00 honeypot-ams-1 sshd[14487]: Received disconnect from 141.255.162.226 port 43550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:14:00.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:02 honeypot-ams-1 sshd[14491]: Received disconnect from 141.255.162.226 port 50360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:14:02.685Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:16:53 honeypot-fra-1 kernel: [83920638.486678] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63703 PROTO=TCP SPT=46053 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:16:54.485Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:18:03 honeypot-ams-1 sshd[14497]: Invalid user bbnc from 103.188.176.251 port 53794","@timestamp":"2022-09-13T05:18:04.789Z"}
{"@timestamp":"2022-09-13T05:20:48.335Z","@version":"1","message":"Sep 13 05:20:47 honeypot-sgp-1 sshd[9695]: Received disconnect from 13.82.51.214 port 49370:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:21:01 honeypot-ams-1 sshd[14501]: Disconnected from invalid user ng 104.130.135.117 port 60926 [preauth]","@timestamp":"2022-09-13T05:21:01.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:22:14 honeypot-fra-1 sshd[5042]: Connection closed by invalid user bbnc 103.188.176.251 port 58540 [preauth]","@timestamp":"2022-09-13T05:22:15.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:27:48 honeypot-fra-1 kernel: [83921292.641769] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=29064 PROTO=TCP SPT=46435 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:27:48.738Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T05:29:44.552Z","@version":"1","message":"Sep 13 05:29:44 honeypot-sgp-1 sshd[9700]: Did not receive identification string from 45.61.186.49 port 57572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:29:57.559Z","@version":"1","message":"Sep 13 05:29:56 honeypot-sgp-1 sshd[9703]: Disconnected from invalid user user 45.61.186.49 port 37200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:30:07.564Z","@version":"1","message":"Sep 13 05:30:06 honeypot-sgp-1 sshd[9707]: Disconnected from invalid user user 45.61.186.49 port 48994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:33:00 honeypot-ams-1 kernel: [83923764.499224] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.45.162.41 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=61500 PROTO=TCP SPT=15690 DPT=80 WINDOW=31746 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:33:01.174Z"}
{"@timestamp":"2022-09-13T05:34:19.670Z","@version":"1","message":"Sep 13 05:34:19 honeypot-sgp-1 sshd[9712]: Invalid user jonatan from 190.104.2.46 port 58158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:48.684Z","@version":"1","message":"Sep 13 05:34:47 honeypot-sgp-1 sshd[9716]: Disconnected from authenticating user root 185.180.29.203 port 13411 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:54.687Z","@version":"1","message":"Sep 13 05:34:54 honeypot-sgp-1 sshd[9722]: Received disconnect from 185.180.29.203 port 13448:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:01.691Z","@version":"1","message":"Sep 13 05:35:00 honeypot-sgp-1 sshd[9728]: Received disconnect from 185.180.29.203 port 13468:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:07.694Z","@version":"1","message":"Sep 13 05:35:07 honeypot-sgp-1 sshd[9734]: Received disconnect from 185.180.29.203 port 13507:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:13.697Z","@version":"1","message":"Sep 13 05:35:13 honeypot-sgp-1 sshd[9740]: Received disconnect from 185.180.29.203 port 13533:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:35:18 honeypot-ams-1 sshd[14512]: Received disconnect from 159.65.204.223 port 60832:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:35:18.233Z"}
{"@timestamp":"2022-09-13T05:35:20.702Z","@version":"1","message":"Sep 13 05:35:20 honeypot-sgp-1 sshd[9746]: Received disconnect from 185.180.29.203 port 13591:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:26.705Z","@version":"1","message":"Sep 13 05:35:26 honeypot-sgp-1 sshd[9752]: Received disconnect from 185.180.29.203 port 13610:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:33.709Z","@version":"1","message":"Sep 13 05:35:32 honeypot-sgp-1 sshd[9758]: Received disconnect from 185.180.29.203 port 13636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:39.713Z","@version":"1","message":"Sep 13 05:35:39 honeypot-sgp-1 sshd[9764]: Received disconnect from 185.180.29.203 port 13655:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:41.714Z","@version":"1","message":"Sep 13 05:35:41 honeypot-sgp-1 sshd[9767]: Disconnected from authenticating user root 185.180.29.203 port 13673 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:48.718Z","@version":"1","message":"Sep 13 05:35:47 honeypot-sgp-1 sshd[9774]: Disconnected from authenticating user root 185.180.29.203 port 13708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:35:50 honeypot-fra-1 kernel: [83921775.471936] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=190.219.10.67 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=7103 DF PROTO=TCP SPT=41671 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:35:50.921Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T05:35:54.721Z","@version":"1","message":"Sep 13 05:35:54 honeypot-sgp-1 sshd[9780]: Disconnected from authenticating user root 185.180.29.203 port 13755 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:01.725Z","@version":"1","message":"Sep 13 05:36:00 honeypot-sgp-1 sshd[9786]: Disconnected from authenticating user root 185.180.29.203 port 13800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:05.728Z","@version":"1","message":"Sep 13 05:36:04 honeypot-sgp-1 sshd[9790]: Disconnected from invalid user admin 185.180.29.203 port 13818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:09.730Z","@version":"1","message":"Sep 13 05:36:09 honeypot-sgp-1 sshd[9794]: Disconnected from invalid user admin 185.180.29.203 port 13843 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:13.732Z","@version":"1","message":"Sep 13 05:36:13 honeypot-sgp-1 sshd[9798]: Disconnected from invalid user admin 185.180.29.203 port 13880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:17.735Z","@version":"1","message":"Sep 13 05:36:17 honeypot-sgp-1 sshd[9802]: Disconnected from invalid user admin 185.180.29.203 port 13904 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:22.738Z","@version":"1","message":"Sep 13 05:36:22 honeypot-sgp-1 sshd[9806]: Disconnected from invalid user admin 185.180.29.203 port 13950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:28.741Z","@version":"1","message":"Sep 13 05:36:28 honeypot-sgp-1 sshd[9812]: Received disconnect from 185.180.29.203 port 14003:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:32.744Z","@version":"1","message":"Sep 13 05:36:32 honeypot-sgp-1 sshd[9816]: Received disconnect from 185.180.29.203 port 14020:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:37.747Z","@version":"1","message":"Sep 13 05:36:37 honeypot-sgp-1 sshd[9820]: Received disconnect from 185.180.29.203 port 14051:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:41.749Z","@version":"1","message":"Sep 13 05:36:41 honeypot-sgp-1 sshd[9824]: Received disconnect from 185.180.29.203 port 14069:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:45.751Z","@version":"1","message":"Sep 13 05:36:45 honeypot-sgp-1 sshd[9828]: Received disconnect from 185.180.29.203 port 14111:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:50.754Z","@version":"1","message":"Sep 13 05:36:49 honeypot-sgp-1 sshd[9832]: Received disconnect from 185.180.29.203 port 14129:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:36:53 honeypot-ams-1 sshd[14516]: Received disconnect from 134.17.94.27 port 33156:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:36:54.277Z"}
{"@timestamp":"2022-09-13T05:36:54.757Z","@version":"1","message":"Sep 13 05:36:54 honeypot-sgp-1 sshd[9836]: Received disconnect from 185.180.29.203 port 14153:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:58.759Z","@version":"1","message":"Sep 13 05:36:58 honeypot-sgp-1 sshd[9840]: Received disconnect from 185.180.29.203 port 14173:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:03.763Z","@version":"1","message":"Sep 13 05:37:02 honeypot-sgp-1 sshd[9844]: Received disconnect from 185.180.29.203 port 14212:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:07.765Z","@version":"1","message":"Sep 13 05:37:07 honeypot-sgp-1 sshd[9849]: Received disconnect from 185.180.29.203 port 14243:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:09.767Z","@version":"1","message":"Sep 13 05:37:09 honeypot-sgp-1 sshd[9853]: Disconnected from invalid user guest 185.180.29.203 port 14235 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:13.769Z","@version":"1","message":"Sep 13 05:37:13 honeypot-sgp-1 sshd[9857]: Disconnected from invalid user cirros 185.180.29.203 port 14269 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:40:08.843Z","@version":"1","message":"Sep 13 05:40:08 honeypot-sgp-1 sshd[9863]: Received disconnect from 20.226.1.90 port 49670:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:41:43 honeypot-ams-1 sshd[14521]: Received disconnect from 119.28.215.47 port 40832:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:41:44.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:42:31 honeypot-ams-1 sshd[14525]: Connection closed by invalid user user 179.60.147.69 port 53790 [preauth]","@timestamp":"2022-09-13T05:42:31.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:35 honeypot-ams-1 sshd[14530]: Received disconnect from 141.255.162.226 port 41988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:45:35.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:37 honeypot-ams-1 sshd[14534]: Received disconnect from 141.255.162.226 port 48524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:45:37.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:38 honeypot-ams-1 sshd[14538]: Received disconnect from 141.255.162.226 port 33370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:45:38.507Z"}
{"@timestamp":"2022-09-13T05:53:00.150Z","@version":"1","message":"Sep 13 05:52:59 honeypot-sgp-1 sshd[9869]: Received disconnect from 92.255.85.69 port 60166:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:55:32 honeypot-fra-1 sshd[5059]: Received disconnect from 92.255.85.69 port 46778:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:55:32.361Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:01:43 honeypot-ams-1 kernel: [83925487.108420] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=24445 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:01:43.917Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:04:40 honeypot-fra-1 sshd[5065]: Invalid user kongxx from 165.22.45.108 port 60772","@timestamp":"2022-09-13T06:04:40.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:09:53 honeypot-ams-1 kernel: [83925977.826488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8240 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:09:54.206Z"}
{"@timestamp":"2022-09-13T06:11:55.612Z","@version":"1","message":"Sep 13 06:11:54 honeypot-sgp-1 kernel: [83925625.244914] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=37811 PROTO=TCP SPT=48854 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5164]: Connection closed by invalid user admin 20.13.161.157 port 53572 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5165]: Invalid user docker from 20.13.161.157 port 53532","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5163]: Connection closed by authenticating user root 20.13.161.157 port 53590 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5180]: Connection closed by invalid user admin 20.13.161.157 port 53538 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5179]: Connection closed by invalid user testuser 20.13.161.157 port 53594 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:31 honeypot-fra-1 sshd[5203]: Connection closed by invalid user postgres 20.13.161.157 port 53544 [preauth]","@timestamp":"2022-09-13T06:15:31.835Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:17:01 honeypot-fra-1 CRON[5209]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T06:17:01.872Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:19:13 honeypot-ams-1 sshd[14553]: Connection closed by authenticating user root 179.60.147.69 port 14944 [preauth]","@timestamp":"2022-09-13T06:19:13.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:23:23 honeypot-fra-1 sshd[5216]: Connection closed by invalid user squid 24.245.64.3 port 46222 [preauth]","@timestamp":"2022-09-13T06:23:24.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:23:49.910Z","@version":"1","message":"Sep 13 06:23:49 honeypot-sgp-1 kernel: [83926339.819911] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.133 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36109 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:25:03 honeypot-ams-1 CRON[14558]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T06:25:04.605Z"}
{"@timestamp":"2022-09-13T06:26:41.987Z","@version":"1","message":"Sep 13 06:26:41 honeypot-sgp-1 sshd[10041]: Received disconnect from 51.15.83.17 port 50723:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:27:47 honeypot-fra-1 sshd[5354]: Disconnected from authenticating user root 82.180.162.70 port 47956 [preauth]","@timestamp":"2022-09-13T06:27:48.143Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:28:08.026Z","@version":"1","message":"Sep 13 06:28:07 honeypot-sgp-1 sshd[10142]: Invalid user user from 45.61.186.249 port 56310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:27.035Z","@version":"1","message":"Sep 13 06:28:26 honeypot-sgp-1 sshd[10146]: Invalid user user from 45.61.186.249 port 51152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:43.043Z","@version":"1","message":"Sep 13 06:28:42 honeypot-sgp-1 sshd[10150]: Invalid user user from 45.61.186.249 port 45998","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:29:06 honeypot-fra-1 sshd[5360]: Received disconnect from 76.108.109.69 port 54046:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:29:07.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:29:50 honeypot-ams-1 sshd[14726]: ssh_dispatch_run_fatal: Connection from 190.220.133.74 port 36505: Connection corrupted [preauth]","@timestamp":"2022-09-13T06:29:51.733Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:30:29 honeypot-fra-1 sshd[5366]: Received disconnect from 222.124.214.10 port 44746:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:30:30.214Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:31:33.115Z","@version":"1","message":"Sep 13 06:31:32 honeypot-sgp-1 sshd[10155]: Invalid user allsportsmetroworkers from 157.245.204.50 port 33028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10162]: Invalid user oracle from 189.8.29.5 port 60604","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10172]: Invalid user ansible from 189.8.29.5 port 60620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10185]: Invalid user oracle from 189.8.29.5 port 60640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10182]: Invalid user steam from 189.8.29.5 port 60644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10166]: Invalid user hadoop from 189.8.29.5 port 60590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10187]: Connection closed by invalid user test 189.8.29.5 port 60662 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10179]: Connection closed by invalid user steam 189.8.29.5 port 60624 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10171]: Connection closed by invalid user admin 189.8.29.5 port 60586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10165]: Connection closed by invalid user test 189.8.29.5 port 60626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10161]: Connection closed by invalid user hadoop 189.8.29.5 port 60622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:34:34 honeypot-fra-1 sshd[5373]: Disconnected from invalid user postgres 81.45.44.185 port 38170 [preauth]","@timestamp":"2022-09-13T06:34:34.307Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:39:20 honeypot-ams-1 sshd[14731]: Received disconnect from 104.248.228.139 port 35444:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:39:20.982Z"}
{"@timestamp":"2022-09-13T06:39:33.318Z","@version":"1","message":"Sep 13 06:39:33 honeypot-sgp-1 sshd[10225]: Received disconnect from 92.255.85.69 port 37162:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:40:48 honeypot-fra-1 kernel: [83925672.499490] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=62410 PROTO=TCP SPT=16121 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:40:48.449Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:02 honeypot-ams-1 sshd[14840]: Received disconnect from 80.76.51.43 port 54108:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T06:42:03.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:32 honeypot-ams-1 sshd[14844]: Received disconnect from 80.76.51.43 port 55196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T06:42:33.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:45:12 honeypot-fra-1 sshd[5386]: Received disconnect from 165.22.45.108 port 37932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T06:45:13.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5397]: Invalid user user from 20.254.57.199 port 53986","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5405]: Invalid user ubuntu from 20.254.57.199 port 53930","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5408]: Invalid user guest from 20.254.57.199 port 53974","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5395]: Connection closed by invalid user guest 20.254.57.199 port 53950 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5402]: Connection closed by invalid user docker 20.254.57.199 port 53948 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5400]: Connection closed by invalid user oracle 20.254.57.199 port 53964 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5410]: Connection closed by invalid user admin 20.254.57.199 port 53940 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5439]: Connection closed by authenticating user root 20.254.57.199 port 53942 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5443]: Connection closed by authenticating user root 20.254.57.199 port 53990 [preauth]","@timestamp":"2022-09-13T06:51:13.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:15 honeypot-fra-1 sshd[5455]: Invalid user guest from 20.254.57.199 port 54006","@timestamp":"2022-09-13T06:51:15.692Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:52:05 honeypot-ams-1 kernel: [83928509.986153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.185 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42685 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:52:06.314Z"}
{"@timestamp":"2022-09-13T06:52:32.645Z","@version":"1","message":"Sep 13 06:52:32 honeypot-sgp-1 sshd[10228]: Connection closed by invalid user debian 179.60.147.69 port 25076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:49.703Z","@version":"1","message":"Sep 13 06:54:48 honeypot-sgp-1 sshd[10234]: Invalid user user from 141.255.162.226 port 52410","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:52.707Z","@version":"1","message":"Sep 13 06:54:52 honeypot-sgp-1 sshd[10238]: Invalid user user from 141.255.162.226 port 44688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:55.708Z","@version":"1","message":"Sep 13 06:54:55 honeypot-sgp-1 sshd[10242]: Connection closed by 141.255.162.226 port 36984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:55:53 honeypot-ams-1 sshd[14855]: Connection closed by invalid user debian 179.60.147.69 port 20364 [preauth]","@timestamp":"2022-09-13T06:55:54.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:01:15 honeypot-ams-1 sshd[15295]: Invalid user majidi from 51.79.70.102 port 54204","@timestamp":"2022-09-13T07:01:16.555Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:32 honeypot-ams-1 sshd[15298]: Disconnected from invalid user user 45.61.184.204 port 36548 [preauth]","@timestamp":"2022-09-13T07:02:32.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:51 honeypot-ams-1 sshd[15302]: Received disconnect from 45.61.184.204 port 59642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:02:51.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:09 honeypot-ams-1 sshd[15306]: Received disconnect from 45.61.184.204 port 54504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:03:09.610Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:03:16 honeypot-fra-1 sshd[5464]: Invalid user ftp from 178.15.138.196 port 52775","@timestamp":"2022-09-13T07:03:16.965Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:25 honeypot-ams-1 sshd[15310]: Received disconnect from 45.61.184.204 port 49356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:03:26.619Z"}
{"@timestamp":"2022-09-13T07:05:21.970Z","@version":"1","message":"Sep 13 07:05:21 honeypot-sgp-1 sshd[10247]: Invalid user avis from 102.219.33.70 port 60594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:06:53 honeypot-ams-1 sshd[15316]: Invalid user user from 45.61.186.249 port 44976","@timestamp":"2022-09-13T07:06:53.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:11 honeypot-ams-1 sshd[15320]: Invalid user user from 45.61.186.249 port 39726","@timestamp":"2022-09-13T07:07:12.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:28 honeypot-ams-1 sshd[15324]: Invalid user user from 45.61.186.249 port 34470","@timestamp":"2022-09-13T07:07:28.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:08:14 honeypot-ams-1 sshd[15328]: Received disconnect from 92.255.85.70 port 18158:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:08:14.753Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:17:01 honeypot-fra-1 CRON[5470]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T07:17:02.272Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:17:02.263Z","@version":"1","message":"Sep 13 07:17:01 honeypot-sgp-1 CRON[10252]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:06 honeypot-fra-1 sshd[5477]: Invalid user user from 45.61.187.160 port 39068","@timestamp":"2022-09-13T07:18:06.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:22 honeypot-fra-1 kernel: [83927927.011913] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.191 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46025 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:18:23.311Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:33 honeypot-fra-1 sshd[5483]: Disconnected from invalid user user 45.61.187.160 port 45804 [preauth]","@timestamp":"2022-09-13T07:18:34.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:51 honeypot-fra-1 sshd[5487]: Disconnected from invalid user user 45.61.187.160 port 40874 [preauth]","@timestamp":"2022-09-13T07:18:51.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:21:39 honeypot-ams-1 sshd[15334]: Disconnected from authenticating user root 84.201.158.231 port 42810 [preauth]","@timestamp":"2022-09-13T07:21:40.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:25:39 honeypot-fra-1 sshd[5492]: Disconnected from invalid user kornievsky 165.22.45.108 port 42866 [preauth]","@timestamp":"2022-09-13T07:25:39.483Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:27:04.512Z","@version":"1","message":"Sep 13 07:27:03 honeypot-sgp-1 sshd[10258]: Received disconnect from 92.255.85.69 port 32534:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:30:49 honeypot-fra-1 sshd[5499]: Invalid user test from 179.60.147.69 port 60264","@timestamp":"2022-09-13T07:30:50.603Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:32:33 honeypot-ams-1 sshd[15340]: Disconnected from authenticating user root 92.255.85.69 port 25364 [preauth]","@timestamp":"2022-09-13T07:32:33.393Z"}
{"@timestamp":"2022-09-13T07:33:00.688Z","@version":"1","message":"Sep 13 07:32:59 honeypot-sgp-1 sshd[10263]: Disconnected from invalid user deploy 51.15.56.154 port 37162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:25.907Z","@version":"1","message":"Sep 13 07:41:25 honeypot-sgp-1 sshd[10267]: Disconnected from invalid user user 45.61.186.49 port 42490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:34.912Z","@version":"1","message":"Sep 13 07:41:34 honeypot-sgp-1 sshd[10271]: Disconnected from invalid user user 45.61.186.49 port 54262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:47:25.065Z","@version":"1","message":"Sep 13 07:47:24 honeypot-sgp-1 kernel: [83931354.777603] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.67.234.39 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55193 DF PROTO=TCP SPT=60621 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:49:09 honeypot-fra-1 kernel: [83929773.323839] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.84 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40747 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:49:10.015Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:50:34 honeypot-ams-1 sshd[15348]: Invalid user litao from 103.188.176.251 port 36264","@timestamp":"2022-09-13T07:50:34.873Z"}
{"@timestamp":"2022-09-13T07:54:26.273Z","@version":"1","message":"Sep 13 07:54:25 honeypot-sgp-1 kernel: [83931776.168696] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=47418 DF PROTO=TCP SPT=48442 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:54:51 honeypot-fra-1 sshd[5510]: Invalid user litao from 103.188.176.251 port 41242","@timestamp":"2022-09-13T07:54:52.145Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:59:26 honeypot-ams-1 sshd[15353]: Received disconnect from 167.172.253.42 port 58756:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:59:27.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:03:58 honeypot-ams-1 sshd[15358]: Invalid user admin from 159.65.46.55 port 33268","@timestamp":"2022-09-13T08:03:59.226Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:06:07 honeypot-fra-1 sshd[5517]: Invalid user kosokowsky from 165.22.45.108 port 47782","@timestamp":"2022-09-13T08:06:07.451Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:51 honeypot-ams-1 sshd[15362]: Disconnected from authenticating user root 83.228.83.95 port 10458 [preauth]","@timestamp":"2022-09-13T08:07:51.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:52 honeypot-ams-1 sshd[15368]: Received disconnect from 83.228.83.95 port 10824:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:53.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:53 honeypot-ams-1 sshd[15374]: Received disconnect from 83.228.83.95 port 10888:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:54.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:54 honeypot-ams-1 sshd[15380]: Received disconnect from 83.228.83.95 port 10472:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:55.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:55 honeypot-ams-1 sshd[15386]: Received disconnect from 83.228.83.95 port 10516:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:56.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:56 honeypot-ams-1 sshd[15392]: Received disconnect from 83.228.83.95 port 10248:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:57.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:58 honeypot-ams-1 sshd[15398]: Received disconnect from 83.228.83.95 port 10032:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:58.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:59 honeypot-ams-1 sshd[15404]: Received disconnect from 83.228.83.95 port 10720:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:59.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:00 honeypot-ams-1 sshd[15410]: Received disconnect from 83.228.83.95 port 10210:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:01.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:01 honeypot-ams-1 sshd[15416]: Received disconnect from 83.228.83.95 port 10256:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:02.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:02 honeypot-ams-1 sshd[15422]: Received disconnect from 83.228.83.95 port 10406:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:03.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:03 honeypot-ams-1 sshd[15428]: Received disconnect from 83.228.83.95 port 10648:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:04.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:04 honeypot-ams-1 sshd[15434]: Invalid user admin from 83.228.83.95 port 10832","@timestamp":"2022-09-13T08:08:05.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:05 honeypot-ams-1 sshd[15438]: Invalid user admin from 83.228.83.95 port 10388","@timestamp":"2022-09-13T08:08:06.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:06 honeypot-ams-1 sshd[15442]: Invalid user admin from 83.228.83.95 port 10944","@timestamp":"2022-09-13T08:08:07.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15446]: Invalid user admin from 83.228.83.95 port 10300","@timestamp":"2022-09-13T08:08:07.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15450]: Invalid user admin from 83.228.83.95 port 10582","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:08 honeypot-ams-1 sshd[15454]: Invalid user user from 83.228.83.95 port 10754","@timestamp":"2022-09-13T08:08:09.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:09 honeypot-ams-1 sshd[15458]: Disconnected from authenticating user root 83.228.83.95 port 10632 [preauth]","@timestamp":"2022-09-13T08:08:10.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15462]: Disconnected from invalid user pi 83.228.83.95 port 10262 [preauth]","@timestamp":"2022-09-13T08:08:10.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15466]: Disconnected from invalid user ethos 83.228.83.95 port 10984 [preauth]","@timestamp":"2022-09-13T08:08:11.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:11 honeypot-ams-1 sshd[15470]: Disconnected from invalid user miner 83.228.83.95 port 10160 [preauth]","@timestamp":"2022-09-13T08:08:12.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15474]: Disconnected from invalid user volumio 83.228.83.95 port 10220 [preauth]","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:13 honeypot-ams-1 sshd[15478]: Disconnected from invalid user nagios 83.228.83.95 port 10130 [preauth]","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:14 honeypot-ams-1 sshd[15482]: Disconnected from invalid user vagrant 83.228.83.95 port 10850 [preauth]","@timestamp":"2022-09-13T08:08:14.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:14 honeypot-ams-1 sshd[15486]: Disconnected from invalid user debian 83.228.83.95 port 10382 [preauth]","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15490]: Disconnected from invalid user debian 83.228.83.95 port 10564 [preauth]","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:16 honeypot-ams-1 sshd[15494]: Disconnected from invalid user alarm 83.228.83.95 port 10968 [preauth]","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15498]: Disconnected from invalid user test 83.228.83.95 port 10612 [preauth]","@timestamp":"2022-09-13T08:08:17.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15502]: Disconnected from invalid user cirros 83.228.83.95 port 10860 [preauth]","@timestamp":"2022-09-13T08:08:18.350Z"}
{"@timestamp":"2022-09-13T08:08:45.639Z","@version":"1","message":"Sep 13 08:08:45 honeypot-sgp-1 sshd[10284]: Received disconnect from 50.116.41.163 port 13864:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:10:25 honeypot-fra-1 kernel: [83931049.961404] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.124.119.180 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=231 ID=62502 PROTO=TCP SPT=50257 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:10:26.555Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:14:23 honeypot-ams-1 sshd[15509]: Invalid user pi from 82.66.77.8 port 49022","@timestamp":"2022-09-13T08:14:24.510Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:15:39 honeypot-ams-1 sshd[15515]: error: maximum authentication attempts exceeded for root from 120.48.37.84 port 47498 ssh2 [preauth]","@timestamp":"2022-09-13T08:15:39.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:29 honeypot-fra-1 sshd[5545]: Disconnected from invalid user user 45.61.186.169 port 55184 [preauth]","@timestamp":"2022-09-13T08:16:29.694Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:16:33.840Z","@version":"1","message":"Sep 13 08:16:33 honeypot-sgp-1 sshd[10290]: Received disconnect from 118.70.74.172 port 59540:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:46 honeypot-fra-1 sshd[5549]: Disconnected from invalid user user 45.61.186.169 port 50142 [preauth]","@timestamp":"2022-09-13T08:16:47.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:02 honeypot-fra-1 sshd[5557]: Invalid user user from 45.61.186.169 port 45094","@timestamp":"2022-09-13T08:17:03.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:19 honeypot-fra-1 sshd[5561]: Invalid user user from 45.61.186.169 port 40066","@timestamp":"2022-09-13T08:17:19.719Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:18:42 honeypot-ams-1 sshd[15523]: Received disconnect from 92.255.85.70 port 54972:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:18:43.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:19:46 honeypot-fra-1 sshd[5565]: Invalid user pi from 220.71.14.93 port 34096","@timestamp":"2022-09-13T08:19:47.780Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:21:22.993Z","@version":"1","message":"Sep 13 08:21:22 honeypot-sgp-1 sshd[10316]: Received disconnect from 139.59.112.202 port 46060:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:24:46 honeypot-fra-1 sshd[5570]: Invalid user admin from 103.106.23.221 port 43062","@timestamp":"2022-09-13T08:24:46.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:34:32 honeypot-fra-1 sshd[5575]: Received disconnect from 188.166.58.179 port 49454:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:34:33.139Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:36:27.373Z","@version":"1","message":"Sep 13 08:36:27 honeypot-sgp-1 sshd[10323]: Unable to negotiate with 113.5.234.18 port 63312: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:36:48 honeypot-ams-1 sshd[15547]: Received disconnect from 62.64.86.44 port 51743:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:36:49.089Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:39:14 honeypot-fra-1 sshd[5580]: Disconnected from authenticating user root 218.92.0.208 port 45038 [preauth]","@timestamp":"2022-09-13T08:39:14.249Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:41:57 honeypot-ams-1 sshd[15552]: Disconnected from authenticating user root 92.255.85.69 port 61854 [preauth]","@timestamp":"2022-09-13T08:41:57.222Z"}
{"@timestamp":"2022-09-13T08:43:07.547Z","@version":"1","message":"Sep 13 08:43:06 honeypot-sgp-1 sshd[10328]: Connection closed by invalid user test 179.60.147.69 port 10510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:30 honeypot-fra-1 sshd[5588]: Invalid user git from 182.253.81.212 port 33684","@timestamp":"2022-09-13T08:44:30.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:45:04 honeypot-fra-1 kernel: [83933128.373874] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=63498 PROTO=TCP SPT=38124 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:45:04.387Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T08:46:02.625Z","@version":"1","message":"Sep 13 08:46:02 honeypot-sgp-1 sshd[10332]: Received disconnect from 46.101.149.216 port 39150:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T08:47:32.667Z","@version":"1","message":"Sep 13 08:47:31 honeypot-sgp-1 sshd[10339]: Received disconnect from 20.205.9.176 port 34860:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:48:30 honeypot-fra-1 sshd[5598]: Did not receive identification string from 45.61.187.160 port 44268","@timestamp":"2022-09-13T08:48:30.468Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:48:58 honeypot-fra-1 sshd[5601]: Disconnected from invalid user user 45.61.187.160 port 36432 [preauth]","@timestamp":"2022-09-13T08:48:59.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:14 honeypot-fra-1 sshd[5606]: Disconnected from invalid user user 45.61.187.160 port 59246 [preauth]","@timestamp":"2022-09-13T08:49:15.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:30 honeypot-fra-1 sshd[5610]: Disconnected from invalid user user 45.61.187.160 port 53846 [preauth]","@timestamp":"2022-09-13T08:49:31.497Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:49:50 honeypot-ams-1 sshd[15559]: Received disconnect from 198.98.61.9 port 40156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:49:51.429Z"}
{"@timestamp":"2022-09-13T08:50:01.730Z","@version":"1","message":"Sep 13 08:50:01 honeypot-sgp-1 sshd[10341]: Disconnected from authenticating user root 181.49.50.202 port 51080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:12 honeypot-ams-1 sshd[15562]: Received disconnect from 198.98.61.9 port 51774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:50:12.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:34 honeypot-ams-1 sshd[15566]: Received disconnect from 198.98.61.9 port 46762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:50:34.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:55 honeypot-ams-1 sshd[15570]: Received disconnect from 198.98.61.9 port 41756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:50:56.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:55:29 honeypot-fra-1 kernel: [83933753.806419] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=16816 PROTO=TCP SPT=57577 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:55:30.638Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:56:50 honeypot-ams-1 sshd[15575]: Disconnected from authenticating user root 49.88.112.65 port 15930 [preauth]","@timestamp":"2022-09-13T08:56:50.617Z"}
{"@timestamp":"2022-09-13T09:00:09.990Z","@version":"1","message":"Sep 13 09:00:09 honeypot-sgp-1 sshd[10348]: Received disconnect from 92.255.85.70 port 45086:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:17 honeypot-ams-1 sshd[15580]: Invalid user user from 141.255.162.226 port 52354","@timestamp":"2022-09-13T09:00:17.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:22 honeypot-ams-1 sshd[15584]: Invalid user user from 141.255.162.226 port 50582","@timestamp":"2022-09-13T09:00:22.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:24 honeypot-ams-1 sshd[15588]: Invalid user user from 141.255.162.226 port 57194","@timestamp":"2022-09-13T09:00:24.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:46 honeypot-ams-1 sshd[15591]: Disconnected from authenticating user root 20.239.93.250 port 53248 [preauth]","@timestamp":"2022-09-13T09:00:47.722Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:02:41 honeypot-fra-1 sshd[5621]: Received disconnect from 92.255.85.69 port 39268:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:02:41.805Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:07:17 honeypot-fra-1 sshd[5627]: Did not receive identification string from 82.157.251.34 port 53626","@timestamp":"2022-09-13T09:07:17.914Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:09:08 honeypot-ams-1 sshd[15597]: Disconnected from invalid user wh 200.91.219.250 port 58104 [preauth]","@timestamp":"2022-09-13T09:09:08.941Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:13:23 honeypot-fra-1 sshd[5641]: Connection closed by invalid user admin 148.153.82.133 port 59286 [preauth]","@timestamp":"2022-09-13T09:13:24.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:13:30 honeypot-fra-1 sshd[5647]: Connection closed by invalid user admin 148.153.82.133 port 57518 [preauth]","@timestamp":"2022-09-13T09:13:31.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:17:02.411Z","@version":"1","message":"Sep 13 09:17:01 honeypot-sgp-1 CRON[10352]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:18:46 honeypot-ams-1 sshd[15605]: Received disconnect from 58.246.125.198 port 52114:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:18:47.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5668]: Invalid user a from 92.205.165.95 port 40806","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5662]: Invalid user es from 92.205.165.95 port 40798","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5674]: Invalid user oracle from 92.205.165.95 port 40828","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5668]: Connection closed by invalid user a 92.205.165.95 port 40806 [preauth]","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5662]: Connection closed by invalid user es 92.205.165.95 port 40798 [preauth]","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5666]: Connection closed by invalid user steam 92.205.165.95 port 40810 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5661]: Connection closed by invalid user oracle 92.205.165.95 port 40788 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5656]: Connection closed by invalid user chia 92.205.165.95 port 40784 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5679]: Invalid user admin from 92.205.165.95 port 40838","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5686]: Connection closed by invalid user devops 92.205.165.95 port 40852 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:23:16 honeypot-ams-1 sshd[15608]: Connection closed by invalid user config 179.60.147.69 port 38842 [preauth]","@timestamp":"2022-09-13T09:23:17.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:23:41 honeypot-fra-1 sshd[5717]: Disconnected from invalid user mariajose 158.101.155.195 port 36244 [preauth]","@timestamp":"2022-09-13T09:23:41.290Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:24:57.613Z","@version":"1","message":"Sep 13 09:24:56 honeypot-sgp-1 sshd[10360]: Invalid user admin from 211.250.4.137 port 56274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:26:47 honeypot-fra-1 sshd[5725]: Received disconnect from 165.22.45.108 port 59134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:26:47.364Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:29:43 honeypot-ams-1 sshd[15615]: Received disconnect from 129.146.247.68 port 45688:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:29:44.498Z"}
{"@timestamp":"2022-09-13T09:29:58.738Z","@version":"1","message":"Sep 13 09:29:57 honeypot-sgp-1 sshd[10366]: Invalid user huawei from 139.59.224.111 port 35108","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:36:42 honeypot-ams-1 kernel: [83938386.223872] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=42925 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:36:42.682Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:38:33 honeypot-fra-1 sshd[5730]: Received disconnect from 74.92.28.228 port 58672:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:38:33.632Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:46:39.145Z","@version":"1","message":"Sep 13 09:46:38 honeypot-sgp-1 sshd[10372]: Received disconnect from 92.255.85.69 port 52060:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5736]: Invalid user user from 141.255.162.226 port 51426","@timestamp":"2022-09-13T09:46:41.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5740]: Invalid user user from 141.255.162.226 port 36322","@timestamp":"2022-09-13T09:46:42.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:45 honeypot-fra-1 sshd[5744]: Invalid user user from 141.255.162.226 port 49444","@timestamp":"2022-09-13T09:46:46.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:48 honeypot-fra-1 sshd[5748]: Invalid user user from 141.255.162.226 port 34340","@timestamp":"2022-09-13T09:46:48.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:47:31.169Z","@version":"1","message":"Sep 13 09:47:31 honeypot-sgp-1 sshd[10377]: Received disconnect from 64.227.126.250 port 58084:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:19 honeypot-fra-1 sshd[5751]: Invalid user user from 45.61.186.169 port 58138","@timestamp":"2022-09-13T09:49:19.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:36 honeypot-fra-1 sshd[5755]: Invalid user user from 45.61.186.169 port 52818","@timestamp":"2022-09-13T09:49:36.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:45 honeypot-fra-1 sshd[5759]: Received disconnect from 45.61.186.169 port 36052:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:49:45.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:50:00 honeypot-fra-1 sshd[5763]: Received disconnect from 45.61.186.169 port 58952:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:50:00.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:50:21 honeypot-fra-1 sshd[5767]: Disconnected from authenticating user root 92.255.85.69 port 51102 [preauth]","@timestamp":"2022-09-13T09:50:21.912Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:52:13 honeypot-ams-1 sshd[15622]: Received disconnect from 92.255.85.70 port 18304:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:52:13.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:56:49 honeypot-ams-1 sshd[15626]: Disconnected from invalid user user 198.98.61.9 port 36594 [preauth]","@timestamp":"2022-09-13T09:56:50.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:13 honeypot-ams-1 sshd[15630]: Disconnected from invalid user user 198.98.61.9 port 59902 [preauth]","@timestamp":"2022-09-13T09:57:14.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:43 honeypot-ams-1 sshd[15634]: Disconnected from invalid user user 198.98.61.9 port 54984 [preauth]","@timestamp":"2022-09-13T09:57:44.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:58:08 honeypot-ams-1 sshd[15638]: Disconnected from invalid user user 198.98.61.9 port 50054 [preauth]","@timestamp":"2022-09-13T09:58:09.257Z"}
{"@timestamp":"2022-09-13T10:02:47.538Z","@version":"1","message":"Sep 13 10:02:47 honeypot-sgp-1 sshd[10383]: Disconnected from authenticating user root 147.182.184.139 port 32880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:05:57.616Z","@version":"1","message":"Sep 13 10:05:56 honeypot-sgp-1 sshd[10388]: Disconnected from invalid user guest 206.189.46.251 port 43626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:07:21 honeypot-fra-1 sshd[5775]: Invalid user kramer from 165.22.45.108 port 35914","@timestamp":"2022-09-13T10:07:21.294Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:08:53.690Z","@version":"1","message":"Sep 13 10:08:53 honeypot-sgp-1 sshd[10394]: Disconnected from invalid user dh 167.71.160.75 port 55348 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:10.699Z","@version":"1","message":"Sep 13 10:09:09 honeypot-sgp-1 sshd[10398]: Disconnected from invalid user user 45.61.184.204 port 53190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:28.708Z","@version":"1","message":"Sep 13 10:09:27 honeypot-sgp-1 sshd[10402]: Disconnected from invalid user user 45.61.184.204 port 47790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:45.717Z","@version":"1","message":"Sep 13 10:09:45 honeypot-sgp-1 sshd[10406]: Disconnected from invalid user user 45.61.184.204 port 42390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:10:05 honeypot-fra-1 sshd[5778]: Connection closed by invalid user odoo 117.86.103.243 port 48230 [preauth]","@timestamp":"2022-09-13T10:10:06.357Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:11:47.769Z","@version":"1","message":"Sep 13 10:11:47 honeypot-sgp-1 sshd[10412]: Invalid user so360 from 159.192.99.12 port 48756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:12:04 honeypot-ams-1 kernel: [83940508.030049] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.132.2.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=46834 PROTO=TCP SPT=33935 DPT=80 WINDOW=55255 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:12:04.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:13:39 honeypot-fra-1 sshd[5789]: Received disconnect from 92.255.85.70 port 35428:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:13:40.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:14:26 honeypot-ams-1 sshd[15647]: Disconnected from invalid user br 159.65.97.125 port 39096 [preauth]","@timestamp":"2022-09-13T10:14:27.685Z"}
{"@timestamp":"2022-09-13T10:18:19.930Z","@version":"1","message":"Sep 13 10:18:19 honeypot-sgp-1 sshd[10434]: Invalid user  from 64.62.197.122 port 31380","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:20:16 honeypot-ams-1 sshd[15656]: Connection closed by authenticating user root 103.188.176.251 port 59694 [preauth]","@timestamp":"2022-09-13T10:20:16.839Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:20:35 honeypot-fra-1 sshd[5797]: Did not receive identification string from 92.255.85.113 port 53483","@timestamp":"2022-09-13T10:20:35.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:22:27 honeypot-fra-1 sshd[5801]: Connection closed by invalid user pi 70.175.251.169 port 53048 [preauth]","@timestamp":"2022-09-13T10:22:28.643Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:28:39.183Z","@version":"1","message":"Sep 13 10:28:38 honeypot-sgp-1 kernel: [83941029.047648] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8680 PROTO=TCP SPT=36336 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:28:42 honeypot-fra-1 kernel: [83939346.182823] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.56.110.249 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44455 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:28:42.785Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T10:34:59.341Z","@version":"1","message":"Sep 13 10:34:58 honeypot-sgp-1 kernel: [83941409.190139] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.169.195.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=874 PROTO=TCP SPT=44005 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:35:08 honeypot-ams-1 sshd[15660]: Invalid user admin from 68.183.170.149 port 51034","@timestamp":"2022-09-13T10:35:08.226Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:22 honeypot-ams-1 sshd[15665]: Invalid user support from 179.60.147.69 port 45666","@timestamp":"2022-09-13T10:36:22.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:36 honeypot-ams-1 sshd[15669]: Received disconnect from 172.105.37.138 port 50062:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:36:37.270Z"}
{"@timestamp":"2022-09-13T10:37:03.394Z","@version":"1","message":"Sep 13 10:37:03 honeypot-sgp-1 sshd[10447]: Disconnected from authenticating user root 104.131.186.38 port 50930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:37:15 honeypot-ams-1 sshd[15673]: Received disconnect from 159.65.115.222 port 42540:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:37:15.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:38:04 honeypot-ams-1 sshd[15679]: Did not receive identification string from 80.87.206.236 port 47752","@timestamp":"2022-09-13T10:38:04.314Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:44:08 honeypot-ams-1 kernel: [83942432.461906] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.19.118 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=22966 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:44:09.471Z"}
{"@timestamp":"2022-09-13T10:44:26.578Z","@version":"1","message":"Sep 13 10:44:26 honeypot-sgp-1 kernel: [83941976.252327] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.228.40.32 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=1986 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:46:56 honeypot-fra-1 sshd[6256]: Invalid user admin from 141.95.86.99 port 36980","@timestamp":"2022-09-13T10:46:57.194Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:52:57 honeypot-fra-1 sshd[6261]: Invalid user tripsle from 137.184.150.119 port 38364","@timestamp":"2022-09-13T10:52:57.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6273]: Invalid user testuser from 137.184.227.149 port 55128","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6268]: Invalid user steam from 137.184.227.149 port 55066","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6270]: Invalid user oracle from 137.184.227.149 port 55080","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6273]: Connection closed by invalid user testuser 137.184.227.149 port 55128 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6285]: Connection closed by invalid user esuser 137.184.227.149 port 55078 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6284]: Connection closed by invalid user user 137.184.227.149 port 55114 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6275]: Connection closed by invalid user mysql 137.184.227.149 port 55082 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:56:18.892Z","@version":"1","message":"Sep 13 10:56:18 honeypot-sgp-1 sshd[10890]: Disconnected from authenticating user root 92.255.85.70 port 46790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:57:34 honeypot-fra-1 sshd[6314]: Connection reset by invalid user bzrx1098ui 92.255.85.113 port 7395 [preauth]","@timestamp":"2022-09-13T10:57:34.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:59:30 honeypot-fra-1 kernel: [83941194.163693] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=53860 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:59:30.483Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:08:30 honeypot-ams-1 kernel: [83943894.050438] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.56.18.163 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9554 DF PROTO=TCP SPT=52050 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:08:31.098Z"}
{"@timestamp":"2022-09-13T11:09:27.221Z","@version":"1","message":"Sep 13 11:09:26 honeypot-sgp-1 sshd[10898]: Invalid user config from 179.60.147.69 port 30408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:10:36 honeypot-fra-1 sshd[6325]: Connection closed by invalid user config 179.60.147.69 port 7442 [preauth]","@timestamp":"2022-09-13T11:10:37.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:12:51 honeypot-ams-1 sshd[15693]: Connection closed by invalid user config 179.60.147.69 port 24866 [preauth]","@timestamp":"2022-09-13T11:12:52.214Z"}
{"@timestamp":"2022-09-13T11:14:02.335Z","@version":"1","message":"Sep 13 11:14:02 honeypot-sgp-1 sshd[10904]: Disconnected from authenticating user root 143.198.165.162 port 46944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:16:52.409Z","@version":"1","message":"Sep 13 11:16:51 honeypot-sgp-1 sshd[10910]: Disconnected from authenticating user root 217.160.49.50 port 37290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:18:39.455Z","@version":"1","message":"Sep 13 11:18:38 honeypot-sgp-1 sshd[10918]: Did not receive identification string from 45.61.184.204 port 39644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:44 honeypot-fra-1 sshd[6332]: Invalid user testuser from 36.99.192.209 port 60756","@timestamp":"2022-09-13T11:18:44.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:48 honeypot-fra-1 sshd[6344]: Connection closed by invalid user docker 36.99.192.209 port 60748 [preauth]","@timestamp":"2022-09-13T11:18:48.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:19:00 honeypot-fra-1 sshd[6354]: Connection closed by invalid user es 36.99.192.209 port 60812 [preauth]","@timestamp":"2022-09-13T11:19:00.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:19:13 honeypot-ams-1 sshd[15699]: Received disconnect from 103.97.184.106 port 42612:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:19:13.380Z"}
{"@timestamp":"2022-09-13T11:19:14.472Z","@version":"1","message":"Sep 13 11:19:14 honeypot-sgp-1 sshd[10921]: Received disconnect from 45.61.184.204 port 56370:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:23.478Z","@version":"1","message":"Sep 13 11:19:23 honeypot-sgp-1 sshd[10927]: Received disconnect from 45.61.184.204 port 39802:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:34.483Z","@version":"1","message":"Sep 13 11:19:33 honeypot-sgp-1 sshd[10931]: Disconnected from authenticating user root 150.109.7.77 port 36058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:51.492Z","@version":"1","message":"Sep 13 11:19:51 honeypot-sgp-1 sshd[10935]: Disconnected from invalid user user 45.61.184.204 port 46550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:25:04 honeypot-ams-1 sshd[15704]: Disconnected from authenticating user root 194.150.69.207 port 59296 [preauth]","@timestamp":"2022-09-13T11:25:05.532Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:26:11 honeypot-ams-1 kernel: [83944955.777177] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.180.198.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=42049 PROTO=TCP SPT=48364 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:26:12.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:25 honeypot-ams-1 sshd[15711]: Disconnected from invalid user user 45.61.186.169 port 60058 [preauth]","@timestamp":"2022-09-13T11:26:25.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:41 honeypot-ams-1 sshd[15715]: Disconnected from invalid user user 45.61.186.169 port 55202 [preauth]","@timestamp":"2022-09-13T11:26:41.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:56 honeypot-ams-1 sshd[15719]: Disconnected from invalid user user 45.61.186.169 port 50338 [preauth]","@timestamp":"2022-09-13T11:26:57.595Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:28:05 honeypot-fra-1 sshd[6363]: Connection closed by 95.210.111.212 port 54332 [preauth]","@timestamp":"2022-09-13T11:28:05.149Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:29:11.718Z","@version":"1","message":"Sep 13 11:29:10 honeypot-sgp-1 kernel: [83944661.027307] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=49.232.96.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=44738 DF PROTO=TCP SPT=16500 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:31:05 honeypot-ams-1 sshd[15723]: Disconnected from authenticating user root 201.186.40.35 port 41480 [preauth]","@timestamp":"2022-09-13T11:31:06.704Z"}
{"@timestamp":"2022-09-13T11:31:57.789Z","@version":"1","message":"Sep 13 11:31:57 honeypot-sgp-1 sshd[10943]: Invalid user user from 45.61.187.160 port 50340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:16.799Z","@version":"1","message":"Sep 13 11:32:16 honeypot-sgp-1 sshd[10947]: Invalid user user from 45.61.187.160 port 45254","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:36.809Z","@version":"1","message":"Sep 13 11:32:36 honeypot-sgp-1 sshd[10951]: Invalid user user from 45.61.187.160 port 40198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:34:35.858Z","@version":"1","message":"Sep 13 11:34:34 honeypot-sgp-1 kernel: [83944985.128477] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=20522 DF PROTO=TCP SPT=21546 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:34:38 honeypot-ams-1 kernel: [83945462.426731] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.252 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=17585 DF PROTO=TCP SPT=20124 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 ","@timestamp":"2022-09-13T11:34:38.798Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:12 honeypot-fra-1 sshd[6369]: Did not receive identification string from 45.61.184.204 port 43942","@timestamp":"2022-09-13T11:35:13.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:32 honeypot-fra-1 sshd[6372]: Disconnected from invalid user user 45.61.184.204 port 45110 [preauth]","@timestamp":"2022-09-13T11:35:32.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:49 honeypot-fra-1 sshd[6376]: Disconnected from invalid user user 45.61.184.204 port 39522 [preauth]","@timestamp":"2022-09-13T11:35:50.344Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:36:06 honeypot-fra-1 sshd[6380]: Disconnected from invalid user user 45.61.184.204 port 33954 [preauth]","@timestamp":"2022-09-13T11:36:06.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:40:47 honeypot-fra-1 kernel: [83943671.330426] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=15271 PROTO=TCP SPT=46141 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:40:48.461Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T11:41:33.032Z","@version":"1","message":"Sep 13 11:41:32 honeypot-sgp-1 kernel: [83945402.730017] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37124 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:43:32 honeypot-ams-1 kernel: [83945996.206139] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.6.130.144 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56699 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:43:33.034Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:47:10 honeypot-ams-1 kernel: [83946214.589249] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.41.8.254 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42175 PROTO=TCP SPT=49058 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:47:11.132Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:47:23 honeypot-fra-1 sshd[6389]: Connection closed by authenticating user nobody 179.60.147.69 port 40144 [preauth]","@timestamp":"2022-09-13T11:47:23.611Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:48:11 honeypot-ams-1 sshd[15735]: Disconnected from invalid user chris 210.56.25.101 port 51844 [preauth]","@timestamp":"2022-09-13T11:48:12.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:38 honeypot-ams-1 sshd[15742]: Disconnected from authenticating user root 80.76.51.45 port 41326 [preauth]","@timestamp":"2022-09-13T11:49:39.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:10 honeypot-ams-1 sshd[15746]: Received disconnect from 80.76.51.45 port 36186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:50:10.219Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:50:34 honeypot-fra-1 sshd[6397]: Invalid user intraswitch from 167.99.147.105 port 42422","@timestamp":"2022-09-13T11:50:34.688Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:50:35 honeypot-ams-1 kernel: [83946419.854663] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=28422 DF PROTO=TCP SPT=41072 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:50:36.234Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:51:10 honeypot-ams-1 sshd[15754]: Disconnected from authenticating user root 80.76.51.45 port 54332 [preauth]","@timestamp":"2022-09-13T11:51:11.253Z"}
{"@timestamp":"2022-09-13T11:51:53.305Z","@version":"1","message":"Sep 13 11:51:52 honeypot-sgp-1 sshd[10964]: Invalid user user4 from 68.183.142.49 port 55058","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:51:55 honeypot-ams-1 sshd[15760]: Disconnected from authenticating user root 80.76.51.45 port 60892 [preauth]","@timestamp":"2022-09-13T11:51:55.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:52:24 honeypot-ams-1 sshd[15765]: Disconnected from invalid user user 80.76.51.45 port 55856 [preauth]","@timestamp":"2022-09-13T11:52:25.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:54:33 honeypot-ams-1 sshd[15769]: Disconnected from invalid user fieu 163.177.9.152 port 45918 [preauth]","@timestamp":"2022-09-13T11:54:34.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:54:59 honeypot-fra-1 kernel: [83944523.383991] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=5911 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:54:59.789Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:01:50 honeypot-fra-1 sshd[6405]: Disconnected from invalid user user 45.61.186.249 port 60876 [preauth]","@timestamp":"2022-09-13T12:01:50.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:07 honeypot-fra-1 sshd[6409]: Disconnected from invalid user user 45.61.186.249 port 55476 [preauth]","@timestamp":"2022-09-13T12:02:07.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:26 honeypot-fra-1 sshd[6413]: Disconnected from invalid user user 45.61.186.249 port 50078 [preauth]","@timestamp":"2022-09-13T12:02:26.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:43 honeypot-fra-1 sshd[6417]: Received disconnect from 45.61.186.249 port 44690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:02:43.970Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:04:56.623Z","@version":"1","message":"Sep 13 12:04:56 honeypot-sgp-1 sshd[10968]: Received disconnect from 45.61.186.49 port 35428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:05:06.629Z","@version":"1","message":"Sep 13 12:05:06 honeypot-sgp-1 sshd[10972]: Received disconnect from 45.61.186.49 port 47048:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:06:17.658Z","@version":"1","message":"Sep 13 12:06:16 honeypot-sgp-1 sshd[10976]: Disconnected from authenticating user root 92.255.85.69 port 63198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:08:49 honeypot-fra-1 sshd[6425]: Received disconnect from 92.255.85.70 port 56300:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:08:50.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:10:57 honeypot-ams-1 sshd[15777]: Disconnected from authenticating user root 92.255.85.69 port 18524 [preauth]","@timestamp":"2022-09-13T12:10:58.767Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:17:01 honeypot-fra-1 CRON[6431]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T12:17:02.299Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:17:51 honeypot-ams-1 sshd[15784]: Disconnected from authenticating user root 121.165.140.242 port 42876 [preauth]","@timestamp":"2022-09-13T12:17:51.947Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:19:46 honeypot-ams-1 sshd[15788]: Disconnected from invalid user nang 175.126.146.170 port 45972 [preauth]","@timestamp":"2022-09-13T12:19:46.998Z"}
{"@timestamp":"2022-09-13T12:22:50.065Z","@version":"1","message":"Sep 13 12:22:49 honeypot-sgp-1 sshd[10984]: Invalid user blank from 179.60.147.69 port 14762","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:23:57 honeypot-fra-1 sshd[6437]: Connection closed by invalid user blank 179.60.147.69 port 58418 [preauth]","@timestamp":"2022-09-13T12:23:57.455Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:26:08 honeypot-ams-1 sshd[15793]: Connection closed by invalid user blank 179.60.147.69 port 51210 [preauth]","@timestamp":"2022-09-13T12:26:09.162Z"}
{"@timestamp":"2022-09-13T12:31:35.284Z","@version":"1","message":"Sep 13 12:31:34 honeypot-sgp-1 sshd[10991]: Connection closed by invalid user admin 58.142.29.91 port 52479 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:32:18 honeypot-fra-1 sshd[6442]: Disconnected from authenticating user root 92.255.85.69 port 46224 [preauth]","@timestamp":"2022-09-13T12:32:18.648Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:34:11 honeypot-ams-1 kernel: [83949035.568012] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53309 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:34:12.370Z"}
{"@timestamp":"2022-09-13T12:37:50.448Z","@version":"1","message":"Sep 13 12:37:50 honeypot-sgp-1 kernel: [83948780.389510] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.244 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54603 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:41:27 honeypot-ams-1 kernel: [83949470.958930] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47316 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:41:27.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:44:32 honeypot-ams-1 sshd[15804]: Disconnected from invalid user zxin10 23.225.191.123 port 52694 [preauth]","@timestamp":"2022-09-13T12:44:33.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:44:40 honeypot-fra-1 sshd[6446]: Received disconnect from 117.251.18.98 port 36868:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:44:40.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6472]: Invalid user esuser from 94.156.175.57 port 60747","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6463]: Invalid user user from 94.156.175.57 port 60695","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6475]: Invalid user ansible from 94.156.175.57 port 60753","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6473]: Invalid user ftpadmin from 94.156.175.57 port 60737","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6471]: Connection closed by invalid user teamspeak3 94.156.175.57 port 60745 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6461]: Connection closed by invalid user vagrant 94.156.175.57 port 60690 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6476]: Connection closed by invalid user mcsv 94.156.175.57 port 60757 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6483]: Connection closed by invalid user teamspeak 94.156.175.57 port 60761 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6460]: Connection closed by invalid user steam 94.156.175.57 port 60691 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6486]: Connection closed by invalid user elastic 94.156.175.57 port 60772 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:48:51 honeypot-fra-1 sshd[6518]: Received disconnect from 165.22.45.108 port 55622:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:48:52.031Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:53:54 honeypot-fra-1 sshd[6523]: Connection closed by 167.248.133.118 port 52324 [preauth]","@timestamp":"2022-09-13T12:53:54.142Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:54:12 honeypot-ams-1 sshd[15811]: Disconnected from authenticating user root 163.44.207.144 port 51938 [preauth]","@timestamp":"2022-09-13T12:54:12.891Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:58:31 honeypot-fra-1 sshd[6531]: Received disconnect from 41.82.208.182 port 25673:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:58:32.252Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:59:20.971Z","@version":"1","message":"Sep 13 12:59:20 honeypot-sgp-1 sshd[11001]: Invalid user admin from 179.60.147.69 port 8300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:01:04 honeypot-fra-1 sshd[6535]: Received disconnect from 159.65.133.50 port 49436:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:01:05.311Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:02:07 honeypot-ams-1 sshd[15821]: Connection closed by invalid user test 193.106.191.157 port 47378 [preauth]","@timestamp":"2022-09-13T13:02:08.095Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:02:18 honeypot-fra-1 kernel: [83948561.712565] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48145 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:02:18.343Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T13:04:04.092Z","@version":"1","message":"Sep 13 13:04:03 honeypot-sgp-1 sshd[11003]: Received disconnect from 43.132.121.97 port 36418:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:04:38 honeypot-fra-1 sshd[6544]: Received disconnect from 179.43.156.143 port 42448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:04:39.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:06:37 honeypot-fra-1 sshd[6550]: Received disconnect from 179.43.156.143 port 57092:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:06:37.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:08:16 honeypot-fra-1 sshd[6557]: Invalid user spark from 141.98.10.158 port 56324","@timestamp":"2022-09-13T13:08:17.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:09:09 honeypot-fra-1 sshd[6561]: Received disconnect from 179.43.156.143 port 38890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:09:09.503Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:09:19 honeypot-ams-1 kernel: [83951143.423091] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39217 PROTO=TCP SPT=54243 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:09:20.284Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:17 honeypot-fra-1 kernel: [83949040.858050] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=1266 PROTO=TCP SPT=45851 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:10:17.531Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:27 honeypot-fra-1 sshd[6570]: Invalid user user from 45.61.186.169 port 38090","@timestamp":"2022-09-13T13:10:27.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:10:27 honeypot-ams-1 sshd[15834]: Invalid user admin from 121.151.75.159 port 52120","@timestamp":"2022-09-13T13:10:28.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:46 honeypot-fra-1 sshd[6574]: Invalid user user from 45.61.186.169 port 33466","@timestamp":"2022-09-13T13:10:46.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:03 honeypot-fra-1 sshd[6578]: Invalid user user from 45.61.186.169 port 57078","@timestamp":"2022-09-13T13:11:03.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:11 honeypot-fra-1 sshd[6582]: Received disconnect from 45.61.186.169 port 40652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:11:11.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:12:19 honeypot-fra-1 sshd[6589]: Disconnected from authenticating user root 179.43.156.143 port 44458 [preauth]","@timestamp":"2022-09-13T13:12:19.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:15:11 honeypot-fra-1 kernel: [83949335.531809] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=180.149.126.129 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=59692 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:15:12.649Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T13:17:08.431Z","@version":"1","message":"Sep 13 13:17:08 honeypot-sgp-1 sshd[11010]: Received disconnect from 92.255.85.70 port 50430:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:17:47 honeypot-ams-1 sshd[15842]: Disconnected from invalid user rosok 46.101.132.159 port 51746 [preauth]","@timestamp":"2022-09-13T13:17:47.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:18:20 honeypot-ams-1 sshd[15847]: Disconnected from authenticating user root 124.194.74.203 port 39868 [preauth]","@timestamp":"2022-09-13T13:18:20.520Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:19:13 honeypot-ams-1 kernel: [83951736.941788] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=51209 PROTO=TCP SPT=55116 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:19:13.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:19:40 honeypot-fra-1 sshd[6599]: Disconnected from authenticating user root 92.255.85.70 port 21208 [preauth]","@timestamp":"2022-09-13T13:19:41.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:20:36 honeypot-ams-1 sshd[15854]: Received disconnect from 143.198.179.96 port 47980:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:20:36.587Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:24:58 honeypot-ams-1 kernel: [83952082.433489] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=18.189.61.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=40 ID=52876 PROTO=TCP SPT=22065 DPT=80 WINDOW=58001 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:24:58.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:29:04 honeypot-fra-1 sshd[6604]: Disconnected from invalid user krister 165.22.45.108 port 60554 [preauth]","@timestamp":"2022-09-13T13:29:04.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:08 honeypot-fra-1 sshd[6609]: Received disconnect from 45.61.186.169 port 51306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:30:08.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:25 honeypot-fra-1 sshd[6613]: Received disconnect from 45.61.186.169 port 46304:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:30:25.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:42 honeypot-fra-1 sshd[6617]: Received disconnect from 45.61.186.169 port 41298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:30:43.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:31:47 honeypot-fra-1 sshd[6621]: Connection closed by invalid user vpn 95.153.85.106 port 51645 [preauth]","@timestamp":"2022-09-13T13:31:47.046Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:32:51 honeypot-fra-1 sshd[6626]: Disconnected from invalid user cooper 187.235.4.20 port 45388 [preauth]","@timestamp":"2022-09-13T13:32:51.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:36:39.902Z","@version":"1","message":"Sep 13 13:36:39 honeypot-sgp-1 kernel: [83952309.519109] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.109.190 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=33 ID=5407 PROTO=TCP SPT=51502 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:40:20.993Z","@version":"1","message":"Sep 13 13:40:20 honeypot-sgp-1 sshd[11020]: Disconnected from authenticating user root 92.255.85.69 port 16230 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:40:51 honeypot-ams-1 kernel: [83953035.547578] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.121.154 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=34675 PROTO=TCP SPT=56206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:40:52.114Z"}
{"@timestamp":"2022-09-13T13:41:13.018Z","@version":"1","message":"Sep 13 13:41:12 honeypot-sgp-1 sshd[11026]: Received disconnect from 213.108.241.222 port 51192:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:44:12 honeypot-fra-1 sshd[6638]: Received disconnect from 193.168.195.23 port 35024:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:44:13.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:45:11 honeypot-fra-1 kernel: [83951135.050789] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=52998 PROTO=TCP SPT=50301 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:45:12.425Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T13:47:59.186Z","@version":"1","message":"Sep 13 13:47:58 honeypot-sgp-1 sshd[11031]: Invalid user crchen from 137.116.144.39 port 52216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:52:31 honeypot-fra-1 sshd[6647]: Invalid user admin from 174.44.75.242 port 39005","@timestamp":"2022-09-13T13:52:32.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:53:21 honeypot-ams-1 kernel: [83953785.715361] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.207.248.16 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=20111 DF PROTO=TCP SPT=10076 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:53:22.434Z"}
{"@timestamp":"2022-09-13T13:55:53.382Z","@version":"1","message":"Sep 13 13:55:52 honeypot-sgp-1 sshd[11037]: Invalid user user from 141.255.162.226 port 33162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:57.385Z","@version":"1","message":"Sep 13 13:55:56 honeypot-sgp-1 sshd[11041]: Invalid user user from 141.255.162.226 port 46180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:56:00.387Z","@version":"1","message":"Sep 13 13:55:59 honeypot-sgp-1 sshd[11048]: Connection reset by 141.255.162.226 port 52692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:02:20.544Z","@version":"1","message":"Sep 13 14:02:20 honeypot-sgp-1 sshd[11052]: Received disconnect from 92.255.85.70 port 16936:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:08:42 honeypot-fra-1 kernel: [83952545.720213] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.143.207.200 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=866 PROTO=TCP SPT=58039 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:08:42.961Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:08:48 honeypot-ams-1 sshd[15877]: Disconnected from authenticating user root 92.255.85.70 port 44836 [preauth]","@timestamp":"2022-09-13T14:08:48.828Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:12:47 honeypot-fra-1 sshd[6662]: Connection closed by invalid user ubnt 118.69.69.120 port 42647 [preauth]","@timestamp":"2022-09-13T14:12:48.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:15:27.867Z","@version":"1","message":"Sep 13 14:15:27 honeypot-sgp-1 sshd[11059]: Invalid user user from 45.61.187.160 port 51522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:15:46.877Z","@version":"1","message":"Sep 13 14:15:46 honeypot-sgp-1 sshd[11063]: Invalid user user from 45.61.187.160 port 46222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:04.887Z","@version":"1","message":"Sep 13 14:16:04 honeypot-sgp-1 sshd[11067]: Invalid user user from 45.61.187.160 port 40942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:21.896Z","@version":"1","message":"Sep 13 14:16:21 honeypot-sgp-1 sshd[11071]: Invalid user user from 45.61.187.160 port 35642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:17:01 honeypot-ams-1 CRON[15882]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T14:17:02.070Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:17:01 honeypot-fra-1 CRON[6667]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T14:17:02.153Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:19:33.979Z","@version":"1","message":"Sep 13 14:19:33 honeypot-sgp-1 sshd[11076]: Received disconnect from 122.170.105.253 port 33288:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:24:19.100Z","@version":"1","message":"Sep 13 14:24:18 honeypot-sgp-1 kernel: [83955168.686667] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.139 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=20859 PROTO=TCP SPT=14002 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:25 honeypot-fra-1 sshd[6673]: Disconnected from authenticating user root 165.232.173.191 port 56246 [preauth]","@timestamp":"2022-09-13T14:24:25.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:58 honeypot-fra-1 sshd[6675]: Disconnected from invalid user mirle 104.245.44.233 port 54054 [preauth]","@timestamp":"2022-09-13T14:24:59.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:09 honeypot-fra-1 sshd[6681]: Received disconnect from 198.98.61.9 port 53804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:26:09.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:26 honeypot-fra-1 sshd[6685]: Received disconnect from 198.98.61.9 port 48450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:26:27.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:43 honeypot-fra-1 sshd[6689]: Invalid user user from 198.98.61.9 port 43086","@timestamp":"2022-09-13T14:26:44.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:54 honeypot-fra-1 kernel: [83953637.423656] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.181.80.53 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=41341 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:26:54.383Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:30:11 honeypot-ams-1 kernel: [83955995.440409] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=52543 PROTO=TCP SPT=51407 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:30:12.453Z"}
{"@timestamp":"2022-09-13T14:31:00.272Z","@version":"1","message":"Sep 13 14:30:59 honeypot-sgp-1 kernel: [83955569.306938] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=23825 PROTO=TCP SPT=59403 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:32:54 honeypot-fra-1 sshd[6696]: Connection closed by invalid user User 178.74.44.23 port 41528 [preauth]","@timestamp":"2022-09-13T14:32:54.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:43:59.595Z","@version":"1","message":"Sep 13 14:43:58 honeypot-sgp-1 sshd[11091]: Received disconnect from 103.185.185.65 port 53460:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:07:48.240Z","@version":"1","message":"Sep 12 17:07:47 honeypot-sgp-1 sshd[8729]: Invalid user www from 178.128.28.223 port 36554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:07:50 honeypot-ams-1 sshd[13150]: Disconnected from authenticating user root 46.101.253.249 port 46235 [preauth]","@timestamp":"2022-09-12T17:07:50.559Z"}
{"@timestamp":"2022-09-12T17:08:55.268Z","@version":"1","message":"Sep 12 17:08:54 honeypot-sgp-1 sshd[8731]: Connection closed by invalid user user1 103.188.176.251 port 43826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:09:20 honeypot-fra-1 kernel: [83876986.896952] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.175 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43491 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:09:20.718Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:10:17 honeypot-ams-1 kernel: [83879201.920902] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=8020 PROTO=TCP SPT=32451 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:10:17.641Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:14:18 honeypot-fra-1 sshd[3790]: Connection closed by 103.231.214.252 port 11989 [preauth]","@timestamp":"2022-09-12T17:14:19.832Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:14:38 honeypot-ams-1 kernel: [83879462.896741] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.204.176 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45383 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:14:38.753Z"}
{"@timestamp":"2022-09-12T17:14:48.411Z","@version":"1","message":"Sep 12 17:14:47 honeypot-sgp-1 kernel: [83878998.919826] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.207.230 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57958 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:17:01 honeypot-fra-1 CRON[3796]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T17:17:01.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:19:30 honeypot-fra-1 kernel: [83877596.682319] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.112 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50972 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:19:30.956Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:20:11 honeypot-ams-1 sshd[13166]: Disconnected from invalid user rp1999a 180.167.207.234 port 46029 [preauth]","@timestamp":"2022-09-12T17:20:11.895Z"}
{"@timestamp":"2022-09-12T17:21:36.575Z","@version":"1","message":"Sep 12 17:21:35 honeypot-sgp-1 kernel: [83879407.122034] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.202.219 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36122 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:22:09 honeypot-ams-1 sshd[13170]: Received disconnect from 165.227.167.225 port 50476:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:22:10.948Z"}
{"@timestamp":"2022-09-12T17:23:09.615Z","@version":"1","message":"Sep 12 17:23:09 honeypot-sgp-1 sshd[8745]: Disconnected from invalid user mario 43.154.17.218 port 53790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:24:56 honeypot-fra-1 kernel: [83877923.090053] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.134 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=43190 PROTO=TCP SPT=31613 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:24:57.081Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T17:25:47.680Z","@version":"1","message":"Sep 12 17:25:47 honeypot-sgp-1 sshd[8750]: Received disconnect from 92.80.217.82 port 51154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:26:51 honeypot-fra-1 kernel: [83878037.735124] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=27575 PROTO=TCP SPT=43901 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:26:52.129Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:28:15 honeypot-fra-1 sshd[3822]: Disconnected from invalid user chrissie 129.205.124.253 port 36474 [preauth]","@timestamp":"2022-09-12T17:28:16.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:28:16 honeypot-ams-1 sshd[13174]: Received disconnect from 46.243.226.11 port 48488:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:28:17.107Z"}
{"@timestamp":"2022-09-12T17:28:52.757Z","@version":"1","message":"Sep 12 17:28:52 honeypot-sgp-1 sshd[8754]: Disconnected from authenticating user root 92.255.85.70 port 33392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:30:39 honeypot-ams-1 sshd[13179]: Invalid user ts3 from 202.4.119.45 port 56676","@timestamp":"2022-09-12T17:30:40.170Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:31:28 honeypot-fra-1 sshd[3832]: Connection closed by 103.231.214.252 port 29135 [preauth]","@timestamp":"2022-09-12T17:31:29.239Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:31:50 honeypot-ams-1 sshd[13181]: Invalid user ichiuji from 108.171.92.54 port 58606","@timestamp":"2022-09-12T17:31:50.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:32:37 honeypot-ams-1 sshd[13186]: Received disconnect from 159.65.77.254 port 57034:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:32:37.223Z"}
{"@timestamp":"2022-09-12T17:32:38.849Z","@version":"1","message":"Sep 12 17:32:38 honeypot-sgp-1 sshd[8760]: Disconnected from invalid user user 198.98.61.9 port 43062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:01.861Z","@version":"1","message":"Sep 12 17:33:01 honeypot-sgp-1 sshd[8764]: Disconnected from invalid user user 198.98.61.9 port 39200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:20.870Z","@version":"1","message":"Sep 12 17:33:20 honeypot-sgp-1 sshd[8768]: Disconnected from invalid user user 198.98.61.9 port 35346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:39.881Z","@version":"1","message":"Sep 12 17:33:39 honeypot-sgp-1 sshd[8772]: Disconnected from invalid user user 198.98.61.9 port 59716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:33:52 honeypot-ams-1 sshd[13192]: Received disconnect from 92.255.85.70 port 45118:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:33:53.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:36:16 honeypot-ams-1 sshd[13196]: Invalid user admin from 51.83.132.19 port 33402","@timestamp":"2022-09-12T17:36:16.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:36:58 honeypot-ams-1 sshd[13198]: Received disconnect from 41.73.252.229 port 52784:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:36:59.347Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:37:44 honeypot-fra-1 sshd[3846]: Connection closed by 103.231.214.252 port 17772 [preauth]","@timestamp":"2022-09-12T17:37:44.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:40:37 honeypot-ams-1 sshd[13203]: Disconnected from authenticating user root 2.232.250.91 port 49302 [preauth]","@timestamp":"2022-09-12T17:40:38.440Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:42:43 honeypot-fra-1 sshd[3858]: Invalid user kimr from 165.22.45.108 port 49558","@timestamp":"2022-09-12T17:42:43.497Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:43:43.125Z","@version":"1","message":"Sep 12 17:43:42 honeypot-sgp-1 kernel: [83880733.719475] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62084 PROTO=TCP SPT=30084 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:46:17 honeypot-ams-1 kernel: [83881362.402762] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=24737 PROTO=TCP SPT=45074 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:46:18.583Z"}
{"@timestamp":"2022-09-12T17:46:24.190Z","@version":"1","message":"Sep 12 17:46:23 honeypot-sgp-1 sshd[8782]: Received disconnect from 61.93.240.18 port 41129:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:47:07 honeypot-fra-1 sshd[3866]: Connection closed by 103.231.214.252 port 33729 [preauth]","@timestamp":"2022-09-12T17:47:07.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:48:40 honeypot-fra-1 sshd[3873]: Connection closed by 103.231.214.252 port 12562 [preauth]","@timestamp":"2022-09-12T17:48:41.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:51:48 honeypot-fra-1 sshd[3881]: Connection closed by 103.231.214.252 port 62739 [preauth]","@timestamp":"2022-09-12T17:51:48.710Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:52:33.336Z","@version":"1","message":"Sep 12 17:52:33 honeypot-sgp-1 sshd[8787]: Disconnected from authenticating user root 60.250.94.62 port 52361 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:53:58 honeypot-fra-1 sshd[3888]: Disconnected from authenticating user root 92.255.85.70 port 25788 [preauth]","@timestamp":"2022-09-12T17:53:58.762Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:53:58 honeypot-ams-1 kernel: [83881822.727107] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=36858 PROTO=TCP SPT=41363 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:53:58.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:19 honeypot-ams-1 sshd[13217]: Received disconnect from 45.61.184.204 port 60346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:56:19.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:37 honeypot-ams-1 sshd[13221]: Received disconnect from 45.61.184.204 port 55500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:56:37.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:46 honeypot-ams-1 sshd[13223]: Disconnected from invalid user user 45.61.184.204 port 38942 [preauth]","@timestamp":"2022-09-12T17:56:46.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:57:03 honeypot-ams-1 sshd[13229]: Invalid user user from 45.61.184.204 port 34080","@timestamp":"2022-09-12T17:57:03.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:58:38 honeypot-fra-1 kernel: [83879944.692045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=88.249.127.164 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15686 PROTO=TCP SPT=47467 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:58:38.868Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:00:38.526Z","@version":"1","message":"Sep 12 18:00:38 honeypot-sgp-1 kernel: [83881749.686488] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36355 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:01:55 honeypot-ams-1 kernel: [83882299.891647] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44099 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:01:56.009Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:02:06 honeypot-fra-1 kernel: [83880152.835240] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.134.144.72 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=50825 PROTO=TCP SPT=45671 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:02:06.952Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:03:08.590Z","@version":"1","message":"Sep 12 18:03:08 honeypot-sgp-1 sshd[8798]: Received disconnect from 14.225.17.9 port 47412:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:04:19 honeypot-fra-1 sshd[3910]: Connection closed by 103.231.214.252 port 20776 [preauth]","@timestamp":"2022-09-12T18:04:20.005Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:04:32.627Z","@version":"1","message":"Sep 12 18:04:32 honeypot-sgp-1 sshd[8804]: Invalid user user from 45.61.184.204 port 47610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:04:53.637Z","@version":"1","message":"Sep 12 18:04:52 honeypot-sgp-1 sshd[8808]: Invalid user user from 45.61.184.204 port 42720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:00 honeypot-ams-1 sshd[13246]: Disconnected from authenticating user root 188.250.234.67 port 36126 [preauth]","@timestamp":"2022-09-12T18:05:00.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:01 honeypot-ams-1 sshd[13252]: Received disconnect from 188.250.234.67 port 36198:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:02.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:02 honeypot-ams-1 sshd[13258]: Received disconnect from 188.250.234.67 port 36266:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:03.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:03 honeypot-ams-1 sshd[13264]: Received disconnect from 188.250.234.67 port 36309:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:04.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:05 honeypot-ams-1 sshd[13270]: Received disconnect from 188.250.234.67 port 36353:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:06.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:06 honeypot-ams-1 sshd[13276]: Received disconnect from 188.250.234.67 port 36390:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:07.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:07 honeypot-ams-1 sshd[13282]: Received disconnect from 188.250.234.67 port 36435:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:08.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:09 honeypot-ams-1 sshd[13288]: Received disconnect from 188.250.234.67 port 36466:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:09.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:10 honeypot-ams-1 sshd[13294]: Received disconnect from 188.250.234.67 port 36511:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:11.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:11 honeypot-ams-1 sshd[13300]: Received disconnect from 188.250.234.67 port 36586:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:12.107Z"}
{"@timestamp":"2022-09-12T18:05:12.647Z","@version":"1","message":"Sep 12 18:05:12 honeypot-sgp-1 sshd[8812]: Invalid user user from 45.61.184.204 port 37838","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:12 honeypot-ams-1 sshd[13306]: Received disconnect from 188.250.234.67 port 36643:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:13.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:14 honeypot-ams-1 sshd[13312]: Received disconnect from 188.250.234.67 port 36684:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:15.109Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:15 honeypot-ams-1 sshd[13318]: Invalid user admin from 188.250.234.67 port 36727","@timestamp":"2022-09-12T18:05:16.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:16 honeypot-ams-1 sshd[13322]: Invalid user admin from 188.250.234.67 port 36751","@timestamp":"2022-09-12T18:05:17.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:17 honeypot-ams-1 sshd[13326]: Invalid user admin from 188.250.234.67 port 36780","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:17 honeypot-ams-1 sshd[13330]: Invalid user admin from 188.250.234.67 port 36799","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:18 honeypot-ams-1 sshd[13334]: Invalid user admin from 188.250.234.67 port 36818","@timestamp":"2022-09-12T18:05:19.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:19 honeypot-ams-1 sshd[13338]: Invalid user user from 188.250.234.67 port 36849","@timestamp":"2022-09-12T18:05:20.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:20 honeypot-ams-1 sshd[13342]: Disconnected from authenticating user root 188.250.234.67 port 36886 [preauth]","@timestamp":"2022-09-12T18:05:21.115Z"}
{"@timestamp":"2022-09-12T18:05:21.654Z","@version":"1","message":"Sep 12 18:05:20 honeypot-sgp-1 sshd[8814]: Disconnected from invalid user user 45.61.184.204 port 49506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:21 honeypot-ams-1 sshd[13346]: Disconnected from invalid user pi 188.250.234.67 port 36929 [preauth]","@timestamp":"2022-09-12T18:05:22.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:22 honeypot-ams-1 sshd[13350]: Disconnected from invalid user ethos 188.250.234.67 port 36973 [preauth]","@timestamp":"2022-09-12T18:05:23.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:23 honeypot-ams-1 sshd[13355]: Disconnected from invalid user miner 188.250.234.67 port 37003 [preauth]","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:24 honeypot-ams-1 sshd[13359]: Disconnected from invalid user volumio 188.250.234.67 port 37028 [preauth]","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:24 honeypot-ams-1 sshd[13363]: Disconnected from invalid user nagios 188.250.234.67 port 37054 [preauth]","@timestamp":"2022-09-12T18:05:25.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:25 honeypot-ams-1 sshd[13367]: Disconnected from invalid user vagrant 188.250.234.67 port 37071 [preauth]","@timestamp":"2022-09-12T18:05:26.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:26 honeypot-ams-1 sshd[13371]: Disconnected from invalid user debian 188.250.234.67 port 37088 [preauth]","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:27 honeypot-ams-1 sshd[13375]: Disconnected from invalid user debian 188.250.234.67 port 37112 [preauth]","@timestamp":"2022-09-12T18:05:28.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:28 honeypot-ams-1 sshd[13379]: Disconnected from invalid user alarm 188.250.234.67 port 37130 [preauth]","@timestamp":"2022-09-12T18:05:29.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:29 honeypot-ams-1 sshd[13383]: Disconnected from invalid user test 188.250.234.67 port 37146 [preauth]","@timestamp":"2022-09-12T18:05:30.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:30 honeypot-ams-1 sshd[13387]: Disconnected from invalid user cirros 188.250.234.67 port 37163 [preauth]","@timestamp":"2022-09-12T18:05:30.123Z"}
{"@timestamp":"2022-09-12T18:06:37.689Z","@version":"1","message":"Sep 12 18:06:37 honeypot-sgp-1 kernel: [83882108.386746] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=33095 PROTO=TCP SPT=45517 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:07:33 honeypot-fra-1 kernel: [83880480.049702] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50381 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:07:34.082Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T18:09:26.763Z","@version":"1","message":"Sep 12 18:09:26 honeypot-sgp-1 sshd[8823]: Disconnected from authenticating user root 201.217.194.32 port 30876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:10:21.789Z","@version":"1","message":"Sep 12 18:10:21 honeypot-sgp-1 sshd[8827]: Did not receive identification string from 58.72.18.130 port 11686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:10:30 honeypot-ams-1 kernel: [83882815.442842] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63243 PROTO=TCP SPT=45604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:10:31.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:11:44 honeypot-ams-1 sshd[13395]: Disconnected from invalid user user 45.61.186.169 port 56184 [preauth]","@timestamp":"2022-09-12T18:11:45.310Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:03 honeypot-ams-1 sshd[13399]: Disconnected from invalid user user 45.61.186.169 port 51080 [preauth]","@timestamp":"2022-09-12T18:12:03.319Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:12:08 honeypot-fra-1 sshd[3926]: Connection closed by 103.231.214.252 port 27275 [preauth]","@timestamp":"2022-09-12T18:12:09.190Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:20 honeypot-ams-1 sshd[13405]: Disconnected from invalid user butter 165.227.160.124 port 59052 [preauth]","@timestamp":"2022-09-12T18:12:21.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:29 honeypot-ams-1 sshd[13407]: Disconnected from invalid user user 45.61.186.169 port 57558 [preauth]","@timestamp":"2022-09-12T18:12:29.333Z"}
{"@timestamp":"2022-09-12T18:13:59.879Z","@version":"1","message":"Sep 12 18:13:58 honeypot-sgp-1 sshd[8833]: Disconnected from authenticating user root 129.226.182.174 port 55954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:14:28 honeypot-ams-1 sshd[13412]: Connection closed by invalid user User 179.60.147.69 port 26858 [preauth]","@timestamp":"2022-09-12T18:14:29.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:15:17 honeypot-fra-1 sshd[3932]: Connection closed by 103.231.214.252 port 39940 [preauth]","@timestamp":"2022-09-12T18:15:17.264Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:44 honeypot-ams-1 sshd[13417]: Received disconnect from 141.255.162.226 port 60388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:15:45.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:48 honeypot-ams-1 sshd[13421]: Received disconnect from 141.255.162.226 port 39144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:15:49.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:50 honeypot-ams-1 sshd[13425]: Received disconnect from 141.255.162.226 port 46130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T18:15:51.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:17:01 honeypot-ams-1 CRON[13429]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T18:17:02.459Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:17:12 honeypot-fra-1 sshd[3942]: Received disconnect from 92.255.85.69 port 56342:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:17:12.310Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:17:21.964Z","@version":"1","message":"Sep 12 18:17:21 honeypot-sgp-1 sshd[8841]: Disconnected from authenticating user root 221.140.57.201 port 49264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:19:58 honeypot-fra-1 sshd[3948]: Connection closed by 103.231.214.252 port 57360 [preauth]","@timestamp":"2022-09-12T18:19:59.374Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:20:28 honeypot-ams-1 sshd[13509]: Connection closed by authenticating user root 193.106.191.157 port 48226 [preauth]","@timestamp":"2022-09-12T18:20:29.549Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:23:06 honeypot-fra-1 sshd[3957]: Connection closed by 103.231.214.252 port 30093 [preauth]","@timestamp":"2022-09-12T18:23:07.447Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:23:53 honeypot-ams-1 sshd[13517]: Invalid user toto from 65.52.9.242 port 34524","@timestamp":"2022-09-12T18:23:53.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:24:18 honeypot-ams-1 sshd[13522]: Received disconnect from 102.216.117.235 port 50408:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:24:18.650Z"}
{"@timestamp":"2022-09-12T18:25:44.163Z","@version":"1","message":"Sep 12 18:25:43 honeypot-sgp-1 sshd[8847]: Invalid user lfranzoi from 74.92.28.228 port 54794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:26:15 honeypot-fra-1 sshd[3965]: Connection closed by 103.231.214.252 port 59985 [preauth]","@timestamp":"2022-09-12T18:26:15.521Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:28:09.223Z","@version":"1","message":"Sep 12 18:28:08 honeypot-sgp-1 sshd[8851]: Received disconnect from 106.51.72.221 port 50488:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:28:56 honeypot-fra-1 sshd[3972]: Disconnected from authenticating user root 157.130.44.246 port 42484 [preauth]","@timestamp":"2022-09-12T18:28:56.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:29:35 honeypot-fra-1 sshd[3978]: Disconnected from authenticating user root 38.72.132.40 port 60252 [preauth]","@timestamp":"2022-09-12T18:29:36.603Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:31:36 honeypot-ams-1 sshd[13525]: Received disconnect from 164.92.197.101 port 43868:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:31:36.843Z"}
{"@timestamp":"2022-09-12T18:32:16.323Z","@version":"1","message":"Sep 12 18:32:16 honeypot-sgp-1 sshd[8856]: Received disconnect from 190.145.123.26 port 36508:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:34:05 honeypot-fra-1 sshd[3987]: Connection closed by 103.231.214.252 port 12329 [preauth]","@timestamp":"2022-09-12T18:34:05.705Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:38:47 honeypot-fra-1 sshd[3996]: Connection closed by 103.231.214.252 port 57274 [preauth]","@timestamp":"2022-09-12T18:38:48.813Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:43:14 honeypot-ams-1 sshd[13530]: Disconnected from authenticating user root 92.255.85.69 port 30226 [preauth]","@timestamp":"2022-09-12T18:43:14.138Z"}
{"@timestamp":"2022-09-12T18:44:52.642Z","@version":"1","message":"Sep 12 18:44:52 honeypot-sgp-1 sshd[8862]: Invalid user User from 179.60.147.69 port 40830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:45:04 honeypot-fra-1 sshd[4007]: Connection closed by 103.231.214.252 port 55572 [preauth]","@timestamp":"2022-09-12T18:45:04.957Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:48:09 honeypot-ams-1 kernel: [83885073.861215] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.45.162.41 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=19071 PROTO=TCP SPT=14666 DPT=80 WINDOW=23586 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:48:10.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:51:57 honeypot-fra-1 kernel: [83883143.358249] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5708 PROTO=TCP SPT=50582 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:51:58.116Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:56:03 honeypot-fra-1 sshd[4024]: Connection closed by 103.231.214.252 port 32590 [preauth]","@timestamp":"2022-09-12T18:56:03.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:02:19 honeypot-fra-1 sshd[4036]: Connection closed by 103.231.214.252 port 41664 [preauth]","@timestamp":"2022-09-12T19:02:19.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:03:25 honeypot-ams-1 kernel: [83885989.761360] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=242 ID=23832 DF PROTO=TCP SPT=32758 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:03:25.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:04:14 honeypot-fra-1 sshd[4042]: Received disconnect from 92.255.85.69 port 19706:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:04:14.398Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:05:11.124Z","@version":"1","message":"Sep 12 19:05:11 honeypot-sgp-1 kernel: [83885622.197097] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34903 PROTO=TCP SPT=48949 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:06:28.155Z","@version":"1","message":"Sep 12 19:06:27 honeypot-sgp-1 kernel: [83885698.377675] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.140.143.47 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=22322 DF PROTO=TCP SPT=25333 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:07:46 honeypot-ams-1 kernel: [83886251.390448] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=29576 DF PROTO=TCP SPT=62429 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T19:07:47.774Z"}
{"@timestamp":"2022-09-12T19:08:10.198Z","@version":"1","message":"Sep 12 19:08:09 honeypot-sgp-1 sshd[8875]: Disconnected from invalid user monitor 165.227.204.174 port 49056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:08:41 honeypot-fra-1 sshd[4051]: Received disconnect from 103.3.247.120 port 55416:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:08:41.501Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:11:15.273Z","@version":"1","message":"Sep 12 19:11:15 honeypot-sgp-1 sshd[8881]: Invalid user sshservice from 180.167.214.190 port 25634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:11:44 honeypot-fra-1 sshd[4057]: Connection closed by 103.231.214.252 port 27669 [preauth]","@timestamp":"2022-09-12T19:11:44.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:12:12 honeypot-ams-1 sshd[13546]: Invalid user user1 from 103.188.176.251 port 49070","@timestamp":"2022-09-12T19:12:12.894Z"}
{"@timestamp":"2022-09-12T19:13:44.335Z","@version":"1","message":"Sep 12 19:13:44 honeypot-sgp-1 sshd[8887]: Invalid user cak from 84.54.74.130 port 38636","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:13:49 honeypot-fra-1 sshd[4066]: Invalid user wp-admin from 188.166.225.37 port 37654","@timestamp":"2022-09-12T19:13:50.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:16:25 honeypot-fra-1 sshd[4072]: Connection closed by 103.231.214.252 port 32767 [preauth]","@timestamp":"2022-09-12T19:16:26.678Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:17:13.419Z","@version":"1","message":"Sep 12 19:17:13 honeypot-sgp-1 sshd[8892]: Disconnected from authenticating user root 188.166.153.99 port 60148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:19:33 honeypot-fra-1 sshd[4082]: Connection closed by 103.231.214.252 port 45438 [preauth]","@timestamp":"2022-09-12T19:19:34.751Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:19:54 honeypot-ams-1 kernel: [83886978.864837] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.133.58 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5710 PROTO=TCP SPT=14304 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:19:55.092Z"}
{"@timestamp":"2022-09-12T19:20:32.506Z","@version":"1","message":"Sep 12 19:20:31 honeypot-sgp-1 sshd[8901]: Invalid user mysql from 123.100.226.242 port 49626","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:23:13 honeypot-fra-1 kernel: [83885019.961207] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=33537 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:23:14.837Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T19:25:36.625Z","@version":"1","message":"Sep 12 19:25:36 honeypot-sgp-1 sshd[8916]: Invalid user guest from 202.53.80.157 port 52464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:26:29 honeypot-fra-1 sshd[4095]: Disconnected from invalid user scan 91.240.118.222 port 7584 [preauth]","@timestamp":"2022-09-12T19:26:29.912Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:26:45 honeypot-ams-1 sshd[13559]: Connection closed by invalid user user 193.106.191.157 port 43240 [preauth]","@timestamp":"2022-09-12T19:26:46.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:27:54 honeypot-fra-1 sshd[4101]: Received disconnect from 165.22.45.108 port 36428:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T19:27:54.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:32:42 honeypot-fra-1 sshd[4110]: Connection closed by invalid user User 179.60.147.69 port 62404 [preauth]","@timestamp":"2022-09-12T19:32:43.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:36:23 honeypot-ams-1 sshd[13567]: Invalid user user from 193.106.191.157 port 55676","@timestamp":"2022-09-12T19:36:24.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:39:56 honeypot-fra-1 sshd[4121]: Connection closed by 103.231.214.252 port 23108 [preauth]","@timestamp":"2022-09-12T19:39:57.223Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:43:05.026Z","@version":"1","message":"Sep 12 19:43:04 honeypot-sgp-1 kernel: [83887895.946362] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=164.92.198.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=36885 PROTO=TCP SPT=24071 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:43:46.045Z","@version":"1","message":"Sep 12 19:43:45 honeypot-sgp-1 sshd[8927]: Disconnected from authenticating user daemon 197.248.2.229 port 39510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:44:38 honeypot-fra-1 sshd[4132]: Connection closed by 103.231.214.252 port 23914 [preauth]","@timestamp":"2022-09-12T19:44:39.331Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:49:03.171Z","@version":"1","message":"Sep 12 19:49:03 honeypot-sgp-1 sshd[8934]: Disconnected from invalid user nitish 156.67.219.143 port 41832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:49:26 honeypot-ams-1 kernel: [83888750.714385] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=3581 DF PROTO=TCP SPT=49547 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:49:26.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:50:13 honeypot-fra-1 kernel: [83886639.920351] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.212.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58082 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:50:14.460Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:52:38 honeypot-ams-1 sshd[13573]: Disconnected from authenticating user root 92.255.85.70 port 38076 [preauth]","@timestamp":"2022-09-12T19:52:38.953Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:53:07 honeypot-fra-1 kernel: [83886813.261944] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.143 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=20431 PROTO=TCP SPT=49468 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:53:07.529Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T19:55:36.327Z","@version":"1","message":"Sep 12 19:55:36 honeypot-sgp-1 sshd[8939]: Disconnected from authenticating user root 143.244.162.174 port 48026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:56:51 honeypot-fra-1 kernel: [83887037.256091] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=37147 PROTO=TCP SPT=25096 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:56:51.616Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:59:04 honeypot-ams-1 sshd[13576]: Disconnected from invalid user rc 161.97.81.82 port 34072 [preauth]","@timestamp":"2022-09-12T19:59:05.121Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:15 honeypot-fra-1 sshd[4239]: Disconnected from invalid user user 141.255.162.226 port 51564 [preauth]","@timestamp":"2022-09-12T19:59:15.674Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:16 honeypot-fra-1 sshd[4243]: Disconnected from invalid user user 141.255.162.226 port 43984 [preauth]","@timestamp":"2022-09-12T19:59:17.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:20 honeypot-fra-1 sshd[4247]: Disconnected from invalid user user 141.255.162.226 port 57768 [preauth]","@timestamp":"2022-09-12T19:59:21.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:02:03 honeypot-ams-1 sshd[13581]: Disconnected from authenticating user root 103.189.234.107 port 51452 [preauth]","@timestamp":"2022-09-12T20:02:04.201Z"}
{"@timestamp":"2022-09-12T20:02:08.483Z","@version":"1","message":"Sep 12 20:02:08 honeypot-sgp-1 sshd[8946]: Invalid user vincent from 203.245.29.159 port 45096","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:03:05 honeypot-fra-1 sshd[4256]: Invalid user kirkd from 165.22.45.108 port 41224","@timestamp":"2022-09-12T20:03:05.763Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:06:22.585Z","@version":"1","message":"Sep 12 20:06:21 honeypot-sgp-1 sshd[8950]: Disconnected from authenticating user root 134.209.153.189 port 43710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:06:23 honeypot-ams-1 kernel: [83889767.980005] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.143.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4326 PROTO=TCP SPT=44943 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:06:24.318Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:06:34 honeypot-fra-1 sshd[4262]: Connection closed by 103.231.214.252 port 11997 [preauth]","@timestamp":"2022-09-12T20:06:34.843Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:08:26.637Z","@version":"1","message":"Sep 12 20:08:26 honeypot-sgp-1 sshd[8957]: Disconnected from authenticating user root 164.155.77.123 port 40778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:09:39 honeypot-fra-1 kernel: [83887805.371520] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=58757 PROTO=TCP SPT=34920 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:09:39.917Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T20:12:14.730Z","@version":"1","message":"Sep 12 20:12:14 honeypot-sgp-1 sshd[8963]: Received disconnect from 81.250.204.52 port 50878:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:12:50 honeypot-fra-1 sshd[4278]: Connection closed by 103.231.214.252 port 48420 [preauth]","@timestamp":"2022-09-12T20:12:50.992Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:14:59 honeypot-ams-1 sshd[13587]: Received disconnect from 92.255.85.69 port 43646:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:14:59.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:17:37 honeypot-ams-1 sshd[13593]: Disconnected from invalid user kf 210.196.250.246 port 46270 [preauth]","@timestamp":"2022-09-12T20:17:38.653Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:17:49 honeypot-fra-1 kernel: [83888295.285682] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=53705 PROTO=TCP SPT=58738 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:17:50.106Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:22:14 honeypot-fra-1 sshd[4296]: Connection closed by 103.231.214.252 port 56207 [preauth]","@timestamp":"2022-09-12T20:22:15.207Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:22:39 honeypot-ams-1 sshd[13600]: Received disconnect from 190.144.232.142 port 44872:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:22:39.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:26:28 honeypot-fra-1 sshd[4306]: Invalid user belea from 80.91.223.98 port 55446","@timestamp":"2022-09-12T20:26:28.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:28:30 honeypot-fra-1 sshd[4312]: Connection closed by 103.231.214.252 port 30117 [preauth]","@timestamp":"2022-09-12T20:28:31.354Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:30:24.158Z","@version":"1","message":"Sep 12 20:30:23 honeypot-sgp-1 sshd[8970]: Received disconnect from 144.34.212.207 port 45856:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:31:28.185Z","@version":"1","message":"Sep 12 20:31:27 honeypot-sgp-1 sshd[8974]: Received disconnect from 138.68.2.22 port 42324:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:28.212Z","@version":"1","message":"Sep 12 20:32:27 honeypot-sgp-1 sshd[8982]: Did not receive identification string from 141.255.162.226 port 46848","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:33.215Z","@version":"1","message":"Sep 12 20:32:32 honeypot-sgp-1 sshd[8985]: Invalid user user from 141.255.162.226 port 53202","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:35.216Z","@version":"1","message":"Sep 12 20:32:34 honeypot-sgp-1 sshd[8989]: Invalid user user from 141.255.162.226 port 59404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:32:35 honeypot-fra-1 sshd[4322]: Disconnected from authenticating user root 24.135.138.224 port 54508 [preauth]","@timestamp":"2022-09-12T20:32:35.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:32:43.242Z","@version":"1","message":"Sep 12 20:32:42 honeypot-sgp-1 kernel: [83890873.626717] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.141.36 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43322 PROTO=TCP SPT=39404 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:33:17 honeypot-ams-1 sshd[13603]: Disconnected from invalid user test 144.24.214.117 port 44452 [preauth]","@timestamp":"2022-09-12T20:33:18.069Z"}
{"@timestamp":"2022-09-12T20:33:47.271Z","@version":"1","message":"Sep 12 20:33:46 honeypot-sgp-1 sshd[8997]: Invalid user danuta from 177.229.215.234 port 52936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:35:19 honeypot-fra-1 sshd[4330]: Disconnected from authenticating user root 92.255.85.70 port 41060 [preauth]","@timestamp":"2022-09-12T20:35:19.515Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:36:14.330Z","@version":"1","message":"Sep 12 20:36:14 honeypot-sgp-1 sshd[9000]: Disconnected from invalid user wasadrc 165.227.25.154 port 56536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:38:20 honeypot-ams-1 sshd[13610]: Disconnected from authenticating user root 92.255.85.70 port 31582 [preauth]","@timestamp":"2022-09-12T20:38:21.200Z"}
{"@timestamp":"2022-09-12T20:38:56.398Z","@version":"1","message":"Sep 12 20:38:55 honeypot-sgp-1 sshd[9005]: Received disconnect from 141.255.162.226 port 58024:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:38:58.400Z","@version":"1","message":"Sep 12 20:38:57 honeypot-sgp-1 sshd[9009]: Received disconnect from 141.255.162.226 port 43286:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:39:01.401Z","@version":"1","message":"Sep 12 20:39:00 honeypot-sgp-1 sshd[9013]: Received disconnect from 141.255.162.226 port 56786:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:39:01 honeypot-ams-1 sshd[13614]: Received disconnect from 138.68.178.64 port 42516:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:39:02.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:39:24 honeypot-fra-1 kernel: [83889590.126385] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=14131 DF PROTO=TCP SPT=55566 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T20:39:24.611Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:40:43 honeypot-ams-1 sshd[13619]: Received disconnect from 31.220.17.116 port 39096:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:40:44.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:41:03 honeypot-fra-1 sshd[4343]: Connection closed by 103.231.214.252 port 63835 [preauth]","@timestamp":"2022-09-12T20:41:03.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:47:19 honeypot-fra-1 sshd[4354]: Connection closed by 103.231.214.252 port 48680 [preauth]","@timestamp":"2022-09-12T20:47:19.792Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:47:21 honeypot-ams-1 sshd[13626]: Received disconnect from 85.172.189.189 port 55122:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:47:21.438Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:48:53 honeypot-fra-1 sshd[4362]: Connection closed by 103.231.214.252 port 27515 [preauth]","@timestamp":"2022-09-12T20:48:53.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:54:31 honeypot-fra-1 kernel: [83890497.543672] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=41600 DF PROTO=TCP SPT=58693 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:54:31.961Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:54:37 honeypot-ams-1 sshd[13631]: Disconnected from invalid user by 157.230.234.93 port 40462 [preauth]","@timestamp":"2022-09-12T20:54:37.621Z"}
{"@timestamp":"2022-09-12T20:55:33.784Z","@version":"1","message":"Sep 12 20:55:33 honeypot-sgp-1 kernel: [83892244.298138] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=62044 DF PROTO=TCP SPT=47510 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:55:58.797Z","@version":"1","message":"Sep 12 20:55:57 honeypot-sgp-1 sshd[9020]: Disconnected from authenticating user root 92.255.85.70 port 22760 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:57:15 honeypot-ams-1 kernel: [83892819.778323] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.45.162.41 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=11288 PROTO=TCP SPT=14666 DPT=80 WINDOW=23586 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:57:15.690Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:57:20 honeypot-fra-1 sshd[4377]: Invalid user support from 193.106.191.157 port 39396","@timestamp":"2022-09-12T20:57:21.030Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:02 honeypot-ams-1 sshd[13641]: Disconnected from authenticating user root 193.142.146.50 port 38050 [preauth]","@timestamp":"2022-09-12T20:58:02.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:29 honeypot-ams-1 sshd[13647]: Received disconnect from 160.120.130.101 port 13358:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:58:29.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:58:53 honeypot-fra-1 kernel: [83890759.070833] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=53553 DF PROTO=TCP SPT=33170 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:58:54.068Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T20:59:17.880Z","@version":"1","message":"Sep 12 20:59:17 honeypot-sgp-1 sshd[9025]: Bad protocol version identification 'GET / HTTP/1.1' from 89.248.163.219 port 41610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:59:38 honeypot-ams-1 sshd[13651]: Disconnected from authenticating user root 193.142.146.50 port 38642 [preauth]","@timestamp":"2022-09-12T20:59:38.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:21 honeypot-ams-1 sshd[13657]: Disconnected from authenticating user root 193.142.146.50 port 50290 [preauth]","@timestamp":"2022-09-12T21:00:21.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:01:02 honeypot-ams-1 sshd[13663]: Received disconnect from 92.255.85.70 port 44546:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:01:02.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:01:56 honeypot-ams-1 sshd[13667]: Received disconnect from 193.142.146.50 port 50876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:01:56.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:27 honeypot-ams-1 sshd[13671]: Received disconnect from 193.142.146.50 port 39820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:02:28.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:03:04 honeypot-ams-1 sshd[13676]: Disconnected from authenticating user root 193.142.146.50 port 56996 [preauth]","@timestamp":"2022-09-12T21:03:04.864Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:03:38 honeypot-fra-1 sshd[4388]: Connection closed by 103.231.214.252 port 53979 [preauth]","@timestamp":"2022-09-12T21:03:38.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:01 honeypot-ams-1 sshd[13682]: Invalid user postgres from 193.142.146.50 port 40412","@timestamp":"2022-09-12T21:04:01.891Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:04:22 honeypot-ams-1 kernel: [83893246.950303] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=26342 DF PROTO=TCP SPT=53680 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:04:22.903Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:52 honeypot-ams-1 sshd[13688]: Invalid user odoo from 193.142.146.50 port 52060","@timestamp":"2022-09-12T21:04:52.919Z"}
{"@timestamp":"2022-09-12T21:05:29.025Z","@version":"1","message":"Sep 12 21:05:28 honeypot-sgp-1 sshd[9029]: Received disconnect from 209.141.59.131 port 60420:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:05:32 honeypot-ams-1 sshd[13692]: Disconnected from authenticating user root 193.142.146.50 port 41002 [preauth]","@timestamp":"2022-09-12T21:05:32.939Z"}
{"@timestamp":"2022-09-12T21:07:11.066Z","@version":"1","message":"Sep 12 21:07:10 honeypot-sgp-1 sshd[9033]: Received disconnect from 14.224.169.32 port 56260:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:07:46 honeypot-fra-1 sshd[4395]: Disconnected from invalid user bi 150.136.65.184 port 40478 [preauth]","@timestamp":"2022-09-12T21:07:47.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:13:01 honeypot-fra-1 sshd[4406]: Connection closed by 103.231.214.252 port 42026 [preauth]","@timestamp":"2022-09-12T21:13:02.413Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:14:07 honeypot-ams-1 sshd[13699]: Received disconnect from 91.240.118.222 port 47168:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-12T21:14:07.166Z"}
{"@timestamp":"2022-09-12T21:17:02.292Z","@version":"1","message":"Sep 12 21:17:01 honeypot-sgp-1 CRON[9039]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:17:11 honeypot-fra-1 sshd[4416]: Invalid user User from 179.60.147.69 port 2988","@timestamp":"2022-09-12T21:17:12.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:19:57 honeypot-fra-1 sshd[4422]: Disconnected from invalid user kitty 165.22.45.108 port 50972 [preauth]","@timestamp":"2022-09-12T21:19:57.574Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:20 honeypot-ams-1 sshd[13706]: Received disconnect from 45.61.186.169 port 46692:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:22:20.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:37 honeypot-ams-1 sshd[13710]: Received disconnect from 45.61.186.169 port 41026:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:22:38.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:55 honeypot-ams-1 sshd[13714]: Received disconnect from 45.61.186.169 port 35362:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:22:55.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:12 honeypot-ams-1 sshd[13719]: Received disconnect from 45.61.186.169 port 57920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:23:12.405Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:23:17 honeypot-ams-1 kernel: [83894382.212079] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=60186 DF PROTO=TCP SPT=60303 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T21:23:18.408Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:25:33 honeypot-fra-1 sshd[4434]: Connection closed by 103.231.214.252 port 15369 [preauth]","@timestamp":"2022-09-12T21:25:34.704Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:28:22.553Z","@version":"1","message":"Sep 12 21:28:21 honeypot-sgp-1 kernel: [83894212.999633] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.234.79.108 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=47403 PROTO=TCP SPT=56649 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:32:23 honeypot-ams-1 kernel: [83894927.755064] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.179.4.28 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=121 ID=2814 DF PROTO=TCP SPT=58634 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:32:23.640Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:33:24 honeypot-fra-1 sshd[4446]: Connection closed by 103.231.214.252 port 43046 [preauth]","@timestamp":"2022-09-12T21:33:24.883Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:40:43.836Z","@version":"1","message":"Sep 12 21:40:43 honeypot-sgp-1 kernel: [83894954.328840] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.186 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=236 ID=73 PROTO=TCP SPT=59623 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:20.877Z","@version":"1","message":"Sep 12 21:42:20 honeypot-sgp-1 sshd[9052]: Disconnected from authenticating user root 92.255.85.69 port 30626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:42:23 honeypot-ams-1 sshd[13730]: Invalid user ruthart from 188.157.24.174 port 50042","@timestamp":"2022-09-12T21:42:23.894Z"}
{"@timestamp":"2022-09-12T21:42:38.885Z","@version":"1","message":"Sep 12 21:42:38 honeypot-sgp-1 sshd[9057]: Received disconnect from 198.98.61.9 port 36672:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:53.893Z","@version":"1","message":"Sep 12 21:42:52 honeypot-sgp-1 sshd[9061]: Received disconnect from 198.98.61.9 port 59022:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:43:07.899Z","@version":"1","message":"Sep 12 21:43:07 honeypot-sgp-1 sshd[9065]: Received disconnect from 198.98.61.9 port 53162:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:43:19 honeypot-ams-1 sshd[13734]: Invalid user user1 from 103.188.176.251 port 55536","@timestamp":"2022-09-12T21:43:19.922Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:45:34 honeypot-fra-1 sshd[4459]: Disconnected from authenticating user root 92.255.85.70 port 49448 [preauth]","@timestamp":"2022-09-12T21:45:35.154Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:46:27 honeypot-ams-1 sshd[13739]: Invalid user zxiptv from 132.247.181.75 port 37938","@timestamp":"2022-09-12T21:46:28.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:48:19 honeypot-ams-1 sshd[13743]: Disconnected from authenticating user root 92.255.85.70 port 16440 [preauth]","@timestamp":"2022-09-12T21:48:20.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:51:33 honeypot-fra-1 sshd[4466]: Connection closed by invalid user test 193.106.191.157 port 45418 [preauth]","@timestamp":"2022-09-12T21:51:33.289Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:51:45.122Z","@version":"1","message":"Sep 12 21:51:44 honeypot-sgp-1 sshd[9070]: Disconnected from invalid user sulo 115.68.219.249 port 36936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:55:33 honeypot-ams-1 sshd[13748]: Received disconnect from 159.223.172.195 port 49734:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:55:34.272Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:57:13 honeypot-ams-1 sshd[13750]: Disconnected from authenticating user root 37.110.25.185 port 55058 [preauth]","@timestamp":"2022-09-12T21:57:14.319Z"}
{"@timestamp":"2022-09-12T21:57:59.266Z","@version":"1","message":"Sep 12 21:57:58 honeypot-sgp-1 sshd[9152]: Disconnected from 206.81.0.243 port 42850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:22 honeypot-fra-1 sshd[4470]: Invalid user user from 45.61.186.169 port 46152","@timestamp":"2022-09-12T21:59:22.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:40 honeypot-fra-1 sshd[4474]: Invalid user user from 45.61.186.169 port 42022","@timestamp":"2022-09-12T21:59:41.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:52 honeypot-fra-1 sshd[4476]: Connection closed by 43.158.216.231 port 47786 [preauth]","@timestamp":"2022-09-12T21:59:53.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:08 honeypot-fra-1 sshd[4482]: Disconnected from invalid user user 45.61.186.169 port 49950 [preauth]","@timestamp":"2022-09-12T22:00:08.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:23 honeypot-fra-1 sshd[4486]: Disconnected from invalid user kiwi 165.22.45.108 port 55890 [preauth]","@timestamp":"2022-09-12T22:00:24.510Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:03:16 honeypot-ams-1 kernel: [83896780.925029] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=2974 PROTO=TCP SPT=18743 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:03:17.475Z"}
{"@timestamp":"2022-09-12T22:06:08.458Z","@version":"1","message":"Sep 12 22:06:07 honeypot-sgp-1 sshd[9159]: Disconnected from authenticating user root 92.255.85.70 port 59634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:06:29 honeypot-fra-1 sshd[4491]: Received disconnect from 40.89.190.3 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:06:29.646Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:08:00 honeypot-ams-1 kernel: [83897064.405925] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=59385 DF PROTO=TCP SPT=58545 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T22:08:00.596Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:09:12 honeypot-fra-1 sshd[4497]: Invalid user temp from 77.158.71.118 port 40708","@timestamp":"2022-09-12T22:09:13.709Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:09:54.548Z","@version":"1","message":"Sep 12 22:09:54 honeypot-sgp-1 kernel: [83896705.512917] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=25285 DF PROTO=TCP SPT=49472 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:09:58 honeypot-ams-1 sshd[13767]: Disconnected from authenticating user root 114.206.23.151 port 59614 [preauth]","@timestamp":"2022-09-12T22:09:59.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:04 honeypot-fra-1 sshd[4501]: Disconnected from invalid user user 141.255.162.226 port 51088 [preauth]","@timestamp":"2022-09-12T22:12:04.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:06 honeypot-fra-1 sshd[4505]: Disconnected from invalid user user 141.255.162.226 port 43070 [preauth]","@timestamp":"2022-09-12T22:12:06.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:09 honeypot-fra-1 sshd[4509]: Disconnected from invalid user user 141.255.162.226 port 56518 [preauth]","@timestamp":"2022-09-12T22:12:09.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:12 honeypot-fra-1 sshd[4513]: Disconnected from invalid user user 141.255.162.226 port 36314 [preauth]","@timestamp":"2022-09-12T22:12:12.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:13:14 honeypot-ams-1 kernel: [83897379.186857] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.117.122.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57920 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:13:15.740Z"}
{"@timestamp":"2022-09-12T22:17:01.716Z","@version":"1","message":"Sep 12 22:17:01 honeypot-sgp-1 CRON[9169]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:19:59.787Z","@version":"1","message":"Sep 12 22:19:59 honeypot-sgp-1 sshd[9174]: Disconnected from invalid user user 198.98.61.9 port 60888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:16.796Z","@version":"1","message":"Sep 12 22:20:16 honeypot-sgp-1 sshd[9179]: Disconnected from invalid user user 198.98.61.9 port 55062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:20:25 honeypot-ams-1 kernel: [83897809.784019] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=145.40.77.125 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38886 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:20:25.941Z"}
{"@timestamp":"2022-09-12T22:20:33.805Z","@version":"1","message":"Sep 12 22:20:33 honeypot-sgp-1 sshd[9184]: Disconnected from invalid user user 198.98.61.9 port 49224 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:49.812Z","@version":"1","message":"Sep 12 22:20:49 honeypot-sgp-1 sshd[9188]: Disconnected from invalid user user 198.98.61.9 port 43396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:23:25 honeypot-fra-1 sshd[4522]: Invalid user User from 179.60.147.69 port 20388","@timestamp":"2022-09-12T22:23:26.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:29:08 honeypot-fra-1 sshd[4528]: Received disconnect from 149.56.22.235 port 60210:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:29:09.158Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:32:11 honeypot-ams-1 sshd[13791]: Received disconnect from 61.177.173.46 port 54636:11:  [preauth]","@timestamp":"2022-09-12T22:32:12.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:35:42 honeypot-ams-1 sshd[13796]: Disconnected from invalid user webster 179.157.7.171 port 47320 [preauth]","@timestamp":"2022-09-12T22:35:43.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:22 honeypot-ams-1 sshd[13801]: Invalid user user from 165.22.63.110 port 41362","@timestamp":"2022-09-12T22:36:22.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:49 honeypot-ams-1 sshd[13807]: Invalid user user from 45.61.186.249 port 58768","@timestamp":"2022-09-12T22:36:50.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:08 honeypot-ams-1 sshd[13811]: Invalid user user from 45.61.186.249 port 53804","@timestamp":"2022-09-12T22:37:09.390Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:25 honeypot-ams-1 sshd[13815]: Invalid user user from 45.61.186.249 port 48832","@timestamp":"2022-09-12T22:37:26.399Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:41 honeypot-ams-1 sshd[13819]: Received disconnect from 203.106.164.74 port 54884:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:37:42.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:38:54 honeypot-ams-1 sshd[13822]: Received disconnect from 45.61.186.169 port 59892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:38:54.443Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:12 honeypot-ams-1 sshd[13826]: Received disconnect from 45.61.186.169 port 54850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:39:13.454Z"}
{"@timestamp":"2022-09-12T22:39:17.244Z","@version":"1","message":"Sep 12 22:39:16 honeypot-sgp-1 sshd[9195]: Invalid user rachid from 43.154.50.195 port 55406","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:30 honeypot-ams-1 sshd[13830]: Received disconnect from 45.61.186.169 port 49810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:39:31.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:47 honeypot-ams-1 sshd[13835]: Received disconnect from 45.61.186.169 port 44776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:39:47.471Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:40:34 honeypot-fra-1 sshd[4535]: Invalid user kjpark from 165.22.45.108 port 33902","@timestamp":"2022-09-12T22:40:34.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:40:57 honeypot-ams-1 sshd[13839]: Disconnected from invalid user wxw 157.230.45.177 port 43138 [preauth]","@timestamp":"2022-09-12T22:40:58.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:41:33 honeypot-ams-1 sshd[13843]: Disconnected from invalid user nf 40.114.69.14 port 56404 [preauth]","@timestamp":"2022-09-12T22:41:34.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:43:25 honeypot-ams-1 sshd[13847]: Disconnected from authenticating user root 61.177.173.48 port 42783 [preauth]","@timestamp":"2022-09-12T22:43:25.571Z"}
{"@timestamp":"2022-09-12T22:43:42.348Z","@version":"1","message":"Sep 12 22:43:42 honeypot-sgp-1 sshd[9198]: Connection closed by invalid user loan 137.116.144.39 port 43944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:47:42 honeypot-ams-1 kernel: [83899446.520712] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=31689 PROTO=TCP SPT=10788 DPT=80 WINDOW=40580 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:47:42.683Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:51:50 honeypot-fra-1 sshd[4539]: Invalid user guest from 223.99.16.201 port 40163","@timestamp":"2022-09-12T22:51:50.663Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:53:18.572Z","@version":"1","message":"Sep 12 22:53:18 honeypot-sgp-1 kernel: [83899309.348725] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.123.184.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=55608 PROTO=TCP SPT=43146 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:59:10 honeypot-ams-1 sshd[13864]: Disconnected from authenticating user root 61.177.172.108 port 49034 [preauth]","@timestamp":"2022-09-12T22:59:10.987Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:02:06 honeypot-fra-1 kernel: [83898152.275126] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.192.251 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57787 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:02:06.893Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:24 honeypot-ams-1 sshd[13868]: Received disconnect from 141.255.162.226 port 36316:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:04:25.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:27 honeypot-ams-1 sshd[13872]: Received disconnect from 141.255.162.226 port 49708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:04:28.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:31 honeypot-ams-1 sshd[13876]: Received disconnect from 141.255.162.226 port 34876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:04:32.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:05:05 honeypot-ams-1 sshd[13880]: Disconnected from authenticating user root 50.208.237.91 port 37792 [preauth]","@timestamp":"2022-09-12T23:05:06.142Z"}
{"@timestamp":"2022-09-12T23:06:13.869Z","@version":"1","message":"Sep 12 23:06:13 honeypot-sgp-1 sshd[9209]: Invalid user admin from 114.144.5.51 port 60313","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:02 honeypot-fra-1 sshd[4551]: Connection reset by 114.116.221.4 port 58466 [preauth]","@timestamp":"2022-09-12T23:09:03.051Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4560]: Invalid user steam from 114.116.221.4 port 58504","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4561]: Connection closed by invalid user devops 114.116.221.4 port 58494 [preauth]","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:49 honeypot-fra-1 sshd[4577]: Received disconnect from 194.141.2.239 port 47498:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:09:50.071Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:09:57 honeypot-ams-1 sshd[13887]: Disconnected from authenticating user root 61.177.173.36 port 52766 [preauth]","@timestamp":"2022-09-12T23:09:58.270Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:14:46 honeypot-fra-1 sshd[4582]: Disconnected from invalid user ftpuser 177.37.164.118 port 42629 [preauth]","@timestamp":"2022-09-12T23:14:47.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:21 honeypot-ams-1 sshd[13895]: Invalid user user from 45.61.184.204 port 58132","@timestamp":"2022-09-12T23:15:22.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:44 honeypot-ams-1 sshd[13899]: Invalid user user from 45.61.184.204 port 55674","@timestamp":"2022-09-12T23:15:45.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:04 honeypot-ams-1 sshd[13903]: Invalid user user from 45.61.184.204 port 53216","@timestamp":"2022-09-12T23:16:04.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:23 honeypot-ams-1 sshd[13907]: Invalid user user from 45.61.184.204 port 50758","@timestamp":"2022-09-12T23:16:23.444Z"}
{"@timestamp":"2022-09-12T23:17:02.135Z","@version":"1","message":"Sep 12 23:17:01 honeypot-sgp-1 CRON[9214]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:17:13 honeypot-ams-1 sshd[13912]: Disconnected from authenticating user root 64.227.180.226 port 39488 [preauth]","@timestamp":"2022-09-12T23:17:14.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:18:44 honeypot-fra-1 sshd[4587]: Received disconnect from 92.255.85.69 port 35372:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:18:45.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:21:49 honeypot-fra-1 kernel: [83899335.051423] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.232.45.241 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=3036 PROTO=TCP SPT=57193 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:21:50.344Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:22:43 honeypot-ams-1 sshd[13917]: Connection closed by invalid user User 179.60.147.69 port 55892 [preauth]","@timestamp":"2022-09-12T23:22:43.617Z"}
{"@timestamp":"2022-09-12T23:25:46.340Z","@version":"1","message":"Sep 12 23:25:45 honeypot-sgp-1 sshd[9222]: Invalid user ubnt from 179.60.147.69 port 23950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:27:58 honeypot-ams-1 sshd[13926]: Received disconnect from 61.177.173.49 port 18099:11:  [preauth]","@timestamp":"2022-09-12T23:27:58.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:28:16 honeypot-fra-1 kernel: [83899722.106734] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.184 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=52957 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:28:17.493Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T23:28:28.407Z","@version":"1","message":"Sep 12 23:28:27 honeypot-sgp-1 sshd[9226]: Connection closed by 124.156.222.254 port 47394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:29:48 honeypot-fra-1 sshd[4599]: Received disconnect from 192.241.174.44 port 39996:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:29:48.531Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:29:58 honeypot-ams-1 sshd[13933]: Received disconnect from 61.177.172.124 port 38960:11:  [preauth]","@timestamp":"2022-09-12T23:29:59.810Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:33:46 honeypot-fra-1 sshd[4602]: Disconnected from invalid user cele 167.114.67.95 port 41402 [preauth]","@timestamp":"2022-09-12T23:33:46.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:33:49 honeypot-ams-1 sshd[13938]: Disconnected from authenticating user root 160.119.69.41 port 44858 [preauth]","@timestamp":"2022-09-12T23:33:49.910Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:40:24 honeypot-fra-1 sshd[4608]: Received disconnect from 159.89.194.103 port 48680:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:40:24.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:41:17 honeypot-fra-1 sshd[4613]: Received disconnect from 185.17.229.65 port 2728:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:41:17.792Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:42:59 honeypot-ams-1 sshd[13949]: Did not receive identification string from 45.61.186.169 port 47958","@timestamp":"2022-09-12T23:43:00.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:30 honeypot-ams-1 sshd[13952]: Disconnected from invalid user user 45.61.186.169 port 44314 [preauth]","@timestamp":"2022-09-12T23:43:31.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:48 honeypot-ams-1 sshd[13956]: Disconnected from invalid user user 45.61.186.169 port 39432 [preauth]","@timestamp":"2022-09-12T23:43:49.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:05 honeypot-ams-1 sshd[13960]: Disconnected from invalid user user 45.61.186.169 port 34554 [preauth]","@timestamp":"2022-09-12T23:44:06.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:59 honeypot-ams-1 sshd[13966]: Invalid user slut from 159.65.91.105 port 60446","@timestamp":"2022-09-12T23:45:00.207Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:47:01 honeypot-ams-1 sshd[13973]: Did not receive identification string from 90.12.204.90 port 53878","@timestamp":"2022-09-12T23:47:01.263Z"}
{"@timestamp":"2022-09-12T23:47:27.869Z","@version":"1","message":"Sep 12 23:47:27 honeypot-sgp-1 kernel: [83902558.085910] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=93.170.114.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=23585 DF PROTO=TCP SPT=30385 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:47:49 honeypot-fra-1 sshd[4619]: Received disconnect from 142.93.211.192 port 39116:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:47:49.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:11 honeypot-fra-1 sshd[4625]: Invalid user admin from 159.203.178.0 port 41554","@timestamp":"2022-09-12T23:49:11.972Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:50:04 honeypot-ams-1 sshd[13976]: Connection closed by 43.158.216.231 port 50426 [preauth]","@timestamp":"2022-09-12T23:50:05.348Z"}
{"@timestamp":"2022-09-12T23:51:07.956Z","@version":"1","message":"Sep 12 23:51:07 honeypot-sgp-1 sshd[9240]: Disconnected from authenticating user root 49.0.129.25 port 42848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:55:24 honeypot-fra-1 sshd[4632]: Invalid user admin from 141.98.10.158 port 40394","@timestamp":"2022-09-12T23:55:25.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:59:14 honeypot-ams-1 kernel: [83903738.906394] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=85.132.128.137 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=20102 PROTO=TCP SPT=60820 DPT=80 WINDOW=65412 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:59:15.587Z"}
{"@timestamp":"2022-09-13T00:02:39.253Z","@version":"1","message":"Sep 13 00:02:38 honeypot-sgp-1 sshd[9247]: Received disconnect from 92.255.85.70 port 60516:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:05:12 honeypot-ams-1 sshd[13990]: Received disconnect from 50.116.41.163 port 20926:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:05:13.749Z"}
{"@timestamp":"2022-09-13T00:05:29.321Z","@version":"1","message":"Sep 13 00:05:28 honeypot-sgp-1 sshd[9253]: Invalid user admin from 128.199.160.207 port 47588","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:05:38 honeypot-fra-1 sshd[4639]: Disconnected from authenticating user root 92.255.85.70 port 34044 [preauth]","@timestamp":"2022-09-13T00:05:38.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:06:24 honeypot-ams-1 kernel: [83904168.960489] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22265 PROTO=TCP SPT=47203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:06:24.784Z"}
{"@timestamp":"2022-09-13T00:07:58.380Z","@version":"1","message":"Sep 13 00:07:57 honeypot-sgp-1 kernel: [83903788.759799] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=32871 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:08:27 honeypot-ams-1 sshd[14002]: Invalid user pkm from 137.184.2.1 port 51054","@timestamp":"2022-09-13T00:08:27.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:09:41 honeypot-ams-1 sshd[14006]: Invalid user admin from 20.106.195.16 port 1024","@timestamp":"2022-09-13T00:09:41.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:10:10 honeypot-ams-1 sshd[14010]: Received disconnect from 20.198.109.140 port 55742:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:10:10.890Z"}
{"@timestamp":"2022-09-13T00:12:15.483Z","@version":"1","message":"Sep 13 00:12:14 honeypot-sgp-1 sshd[9263]: Invalid user user from 45.61.184.204 port 37176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:12:16 honeypot-ams-1 kernel: [83904521.204327] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=52982 PROTO=TCP SPT=40485 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:12:16.946Z"}
{"@timestamp":"2022-09-13T00:12:37.494Z","@version":"1","message":"Sep 13 00:12:36 honeypot-sgp-1 sshd[9267]: Invalid user user from 45.61.184.204 port 34968","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:57.503Z","@version":"1","message":"Sep 13 00:12:56 honeypot-sgp-1 sshd[9271]: Invalid user user from 45.61.184.204 port 60978","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:13:30 honeypot-fra-1 kernel: [83902436.313419] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27907 PROTO=TCP SPT=47203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:13:31.523Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T00:13:39.522Z","@version":"1","message":"Sep 13 00:13:39 honeypot-sgp-1 kernel: [83904130.317351] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=35625 PROTO=TCP SPT=40612 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:23 honeypot-fra-1 sshd[4653]: Invalid user user from 45.61.187.160 port 60624","@timestamp":"2022-09-13T00:16:23.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:43 honeypot-fra-1 sshd[4657]: Invalid user user from 45.61.187.160 port 55490","@timestamp":"2022-09-13T00:16:43.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:01 honeypot-fra-1 CRON[4661]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T00:17:01.616Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:17:01 honeypot-ams-1 CRON[14024]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T00:17:02.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:11 honeypot-fra-1 sshd[4666]: Received disconnect from 45.61.187.160 port 33654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:17:11.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:22:39 honeypot-fra-1 sshd[4671]: Received disconnect from 89.22.180.184 port 22686:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:22:39.744Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:26:11.815Z","@version":"1","message":"Sep 13 00:26:11 honeypot-sgp-1 sshd[9280]: Disconnected from authenticating user root 92.255.85.69 port 31992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:28:17 honeypot-ams-1 sshd[14031]: Received disconnect from 61.177.173.36 port 60302:11:  [preauth]","@timestamp":"2022-09-13T00:28:18.371Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:30:40 honeypot-fra-1 sshd[4678]: Did not receive identification string from 45.61.186.249 port 51658","@timestamp":"2022-09-13T00:30:40.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:02 honeypot-fra-1 sshd[4683]: Received disconnect from 45.61.186.249 port 34438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:31:02.954Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:18 honeypot-fra-1 sshd[4687]: Received disconnect from 45.61.186.249 port 57102:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:31:18.961Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:31:32 honeypot-ams-1 sshd[14038]: Received disconnect from 61.177.173.37 port 11990:11:  [preauth]","@timestamp":"2022-09-13T00:31:33.459Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:34 honeypot-fra-1 sshd[4691]: Received disconnect from 45.61.186.249 port 51544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:31:34.969Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:33:39.990Z","@version":"1","message":"Sep 13 00:33:39 honeypot-sgp-1 sshd[9285]: Disconnected from invalid user tobin 103.38.4.238 port 39288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:34:50 honeypot-fra-1 sshd[4696]: Received disconnect from 103.144.82.250 port 42084:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:34:51.046Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:35:39.040Z","@version":"1","message":"Sep 13 00:35:38 honeypot-sgp-1 sshd[9291]: Received disconnect from 159.65.142.84 port 46214:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:41:21 honeypot-ams-1 sshd[14056]: Disconnected from authenticating user root 61.177.173.47 port 39784 [preauth]","@timestamp":"2022-09-13T00:41:21.717Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:41:41 honeypot-fra-1 kernel: [83904126.446282] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.55.210 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=47230 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:41:41.205Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T00:43:31.247Z","@version":"1","message":"Sep 13 00:43:30 honeypot-sgp-1 kernel: [83905921.764382] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.137 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=24520 PROTO=TCP SPT=57326 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:51:06.429Z","@version":"1","message":"Sep 13 00:51:06 honeypot-sgp-1 kernel: [83906376.984977] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=33645 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:52:09 honeypot-fra-1 sshd[4705]: Received disconnect from 92.255.85.69 port 37808:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:52:10.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:52:54 honeypot-ams-1 sshd[14066]: Received disconnect from 61.177.173.39 port 29363:11:  [preauth]","@timestamp":"2022-09-13T00:52:55.019Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:05 honeypot-ams-1 sshd[14075]: Received disconnect from 141.255.162.226 port 38742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:56:06.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:10 honeypot-ams-1 sshd[14079]: Received disconnect from 141.255.162.226 port 36488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:56:10.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:11 honeypot-ams-1 sshd[14083]: Received disconnect from 141.255.162.226 port 42982:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:56:12.109Z"}
{"@timestamp":"2022-09-13T00:59:56.642Z","@version":"1","message":"Sep 13 00:59:56 honeypot-sgp-1 sshd[9309]: Received disconnect from 157.230.98.148 port 54442:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:03:59 honeypot-fra-1 sshd[4710]: Received disconnect from 45.61.187.160 port 55238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T01:03:59.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:20 honeypot-fra-1 sshd[4714]: Received disconnect from 45.61.187.160 port 49968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T01:04:20.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:37 honeypot-fra-1 sshd[4718]: Received disconnect from 45.61.187.160 port 44746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T01:04:38.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:52 honeypot-fra-1 sshd[4722]: Connection closed by invalid user admin 201.28.105.119 port 48736 [preauth]","@timestamp":"2022-09-13T01:04:52.747Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:05:22 honeypot-ams-1 sshd[14090]: Received disconnect from 79.245.170.228 port 59398:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:05:23.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:09:00 honeypot-ams-1 sshd[14096]: Received disconnect from 64.119.29.152 port 39590:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:09:00.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:10:16 honeypot-ams-1 sshd[14100]: Received disconnect from 107.173.159.85 port 60184:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:10:17.493Z"}
{"@timestamp":"2022-09-13T01:12:36.941Z","@version":"1","message":"Sep 13 01:12:36 honeypot-sgp-1 sshd[9317]: Invalid user zimbra from 196.203.207.165 port 50162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:13:03 honeypot-ams-1 sshd[14105]: Disconnected from authenticating user root 46.101.248.68 port 36898 [preauth]","@timestamp":"2022-09-13T01:13:04.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:14:25 honeypot-ams-1 sshd[14111]: Received disconnect from 159.223.51.245 port 59382:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:14:25.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:15:25 honeypot-fra-1 sshd[4727]: Received disconnect from 92.255.85.69 port 25520:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:15:25.987Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:17:02.048Z","@version":"1","message":"Sep 13 01:17:01 honeypot-sgp-1 CRON[9322]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:17:01 honeypot-ams-1 CRON[14116]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T01:17:02.680Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:19:12 honeypot-ams-1 kernel: [83908536.512837] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36397 PROTO=TCP SPT=51517 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:19:13.389Z"}
{"@timestamp":"2022-09-13T01:21:26.175Z","@version":"1","message":"Sep 13 01:21:26 honeypot-sgp-1 sshd[9328]: Connection closed by authenticating user root 179.60.147.69 port 37950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:21:59 honeypot-fra-1 sshd[4733]: Disconnected from invalid user kmrr 165.22.45.108 port 53682 [preauth]","@timestamp":"2022-09-13T01:22:00.133Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:25:05.264Z","@version":"1","message":"Sep 13 01:25:04 honeypot-sgp-1 kernel: [83908415.307559] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.230.47.65 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=108 ID=25303 DF PROTO=TCP SPT=57656 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:28:49 honeypot-ams-1 sshd[14132]: Received disconnect from 61.177.173.48 port 49733:11:  [preauth]","@timestamp":"2022-09-13T01:28:49.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:31:54 honeypot-ams-1 sshd[14139]: Received disconnect from 150.107.149.31 port 20902:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:31:55.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:34:27 honeypot-ams-1 sshd[14144]: Received disconnect from 20.57.113.125 port 35060:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:34:28.798Z"}
{"@timestamp":"2022-09-13T01:36:11.528Z","@version":"1","message":"Sep 13 01:36:11 honeypot-sgp-1 sshd[9339]: Disconnected from authenticating user root 92.255.85.70 port 17250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:38:09 honeypot-fra-1 sshd[4743]: Invalid user testftp from 129.146.247.68 port 43678","@timestamp":"2022-09-13T01:38:10.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:39:52 honeypot-fra-1 sshd[4747]: Received disconnect from 74.204.129.194 port 37882:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:39:52.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:44:55 honeypot-ams-1 sshd[14156]: Received disconnect from 61.177.172.124 port 14472:11:  [preauth]","@timestamp":"2022-09-13T01:44:56.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:46:18 honeypot-ams-1 sshd[14160]: Received disconnect from 192.241.174.44 port 46808:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:46:19.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:50:40 honeypot-ams-1 sshd[14165]: Disconnected from authenticating user root 61.177.173.47 port 26298 [preauth]","@timestamp":"2022-09-13T01:50:41.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:51:30 honeypot-fra-1 kernel: [83908315.260340] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=19052 PROTO=TCP SPT=41897 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:51:30.787Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T01:58:13.058Z","@version":"1","message":"Sep 13 01:58:12 honeypot-sgp-1 sshd[9351]: Invalid user blank from 179.60.147.69 port 33628","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:03.108Z","@version":"1","message":"Sep 13 02:00:03 honeypot-sgp-1 sshd[9357]: Invalid user user from 45.61.184.204 port 59930","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:22.119Z","@version":"1","message":"Sep 13 02:00:22 honeypot-sgp-1 sshd[9361]: Invalid user user from 45.61.184.204 port 54264","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:40.127Z","@version":"1","message":"Sep 13 02:00:39 honeypot-sgp-1 sshd[9365]: Invalid user user from 45.61.184.204 port 48612","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:57.135Z","@version":"1","message":"Sep 13 02:00:56 honeypot-sgp-1 sshd[9369]: Invalid user user from 45.61.184.204 port 42948","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:01:34 honeypot-ams-1 sshd[14171]: Connection closed by invalid user blank 179.60.147.69 port 21630 [preauth]","@timestamp":"2022-09-13T02:01:34.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:01:42 honeypot-fra-1 sshd[4756]: Disconnected from authenticating user root 92.255.85.70 port 36048 [preauth]","@timestamp":"2022-09-13T02:01:43.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:03:22 honeypot-fra-1 sshd[4763]: Received disconnect from 137.184.118.54 port 57596:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:03:23.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:04:50 honeypot-ams-1 sshd[14179]: Disconnected from authenticating user root 92.255.85.69 port 20818 [preauth]","@timestamp":"2022-09-13T02:04:50.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:10:46 honeypot-fra-1 kernel: [83909471.061445] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51192 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:10:46.223Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:14:03 honeypot-ams-1 sshd[14186]: Received disconnect from 61.177.173.53 port 20111:11:  [preauth]","@timestamp":"2022-09-13T02:14:03.867Z"}
{"@timestamp":"2022-09-13T02:16:18.535Z","@version":"1","message":"Sep 13 02:16:17 honeypot-sgp-1 kernel: [83911488.499683] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=235 ID=15212 PROTO=TCP SPT=44676 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:23:00 honeypot-ams-1 sshd[14195]: Disconnected from authenticating user root 61.177.172.124 port 12032 [preauth]","@timestamp":"2022-09-13T02:23:01.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:24:26 honeypot-fra-1 kernel: [83910291.304510] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.110.62.234 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=43374 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:24:26.545Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:24:55 honeypot-ams-1 kernel: [83912479.662816] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.147.100.149 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=252 ID=42704 PROTO=TCP SPT=53940 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:24:56.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:11 honeypot-ams-1 sshd[14206]: Disconnected from invalid user user 45.61.187.160 port 36566 [preauth]","@timestamp":"2022-09-13T02:25:11.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:29 honeypot-ams-1 sshd[14210]: Disconnected from invalid user user 45.61.187.160 port 59388 [preauth]","@timestamp":"2022-09-13T02:25:30.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:51 honeypot-ams-1 sshd[14214]: Disconnected from invalid user user 45.61.187.160 port 53972 [preauth]","@timestamp":"2022-09-13T02:25:52.190Z"}
{"@timestamp":"2022-09-13T02:27:47.816Z","@version":"1","message":"Sep 13 02:27:47 honeypot-sgp-1 kernel: [83912178.347727] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5434 PROTO=TCP SPT=53573 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:27:48 honeypot-ams-1 sshd[14218]: Disconnected from authenticating user root 92.255.85.69 port 49648 [preauth]","@timestamp":"2022-09-13T02:27:48.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:28:15 honeypot-fra-1 sshd[4785]: Invalid user icinga from 49.247.213.18 port 38367","@timestamp":"2022-09-13T02:28:15.633Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:31:30 honeypot-ams-1 sshd[14225]: Received disconnect from 195.218.137.42 port 45378:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:31:30.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:32:05 honeypot-ams-1 sshd[14229]: Disconnected from invalid user teamspeak 164.92.129.174 port 35714 [preauth]","@timestamp":"2022-09-13T02:32:06.385Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:36:03 honeypot-ams-1 kernel: [83913147.305745] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.57.35.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=51250 PROTO=TCP SPT=29672 DPT=443 WINDOW=24256 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:36:03.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:37:59 honeypot-fra-1 kernel: [83911104.143976] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.91.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=55902 PROTO=TCP SPT=13828 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:37:59.851Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:38:17 honeypot-ams-1 sshd[14242]: Connection closed by invalid user centos 179.60.147.69 port 64224 [preauth]","@timestamp":"2022-09-13T02:38:17.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:01 honeypot-ams-1 sshd[14249]: Received disconnect from 80.76.51.46 port 33214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:40:01.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:44 honeypot-ams-1 sshd[14255]: Received disconnect from 80.76.51.46 port 51438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:40:45.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:26 honeypot-ams-1 sshd[14262]: Received disconnect from 80.76.51.46 port 41510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:41:26.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:54 honeypot-ams-1 sshd[14268]: Received disconnect from 80.76.51.46 port 34770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:41:54.661Z"}
{"@timestamp":"2022-09-13T02:42:18.199Z","@version":"1","message":"Sep 13 02:42:17 honeypot-sgp-1 sshd[9383]: Disconnected from invalid user hug 178.62.200.235 port 38702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:42:17 honeypot-fra-1 sshd[4793]: Disconnected from invalid user knight 165.22.45.108 port 35282 [preauth]","@timestamp":"2022-09-13T02:42:18.950Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:21 honeypot-ams-1 sshd[14272]: Received disconnect from 80.76.51.46 port 56574:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:42:22.676Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:49 honeypot-ams-1 sshd[14276]: Received disconnect from 80.76.51.46 port 49652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:42:50.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:17 honeypot-ams-1 sshd[14280]: Received disconnect from 80.76.51.46 port 43002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:43:18.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:45 honeypot-ams-1 sshd[14284]: Disconnected from authenticating user root 80.76.51.46 port 36322 [preauth]","@timestamp":"2022-09-13T02:43:45.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:27 honeypot-ams-1 sshd[14290]: Invalid user postgres from 80.76.51.46 port 54524","@timestamp":"2022-09-13T02:44:27.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:54 honeypot-ams-1 sshd[14294]: Disconnected from authenticating user root 80.76.51.46 port 47886 [preauth]","@timestamp":"2022-09-13T02:44:54.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:26 honeypot-ams-1 sshd[14300]: Connection closed by authenticating user root 103.188.176.251 port 58304 [preauth]","@timestamp":"2022-09-13T02:45:27.777Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:48:47 honeypot-fra-1 sshd[4799]: Received disconnect from 92.255.85.69 port 44608:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:48:48.098Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:50:33 honeypot-ams-1 sshd[14307]: Received disconnect from 61.177.173.50 port 20548:11:  [preauth]","@timestamp":"2022-09-13T02:50:33.913Z"}
{"@timestamp":"2022-09-13T02:51:47.438Z","@version":"1","message":"Sep 13 02:51:46 honeypot-sgp-1 sshd[9390]: Disconnected from invalid user user 45.61.186.169 port 55256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:05.448Z","@version":"1","message":"Sep 13 02:52:05 honeypot-sgp-1 sshd[9394]: Disconnected from invalid user user 45.61.186.169 port 49982 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:21.457Z","@version":"1","message":"Sep 13 02:52:21 honeypot-sgp-1 sshd[9398]: Disconnected from invalid user user 45.61.186.169 port 44720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:37.465Z","@version":"1","message":"Sep 13 02:52:36 honeypot-sgp-1 sshd[9402]: Disconnected from invalid user user 45.61.186.169 port 39426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:54:55 honeypot-ams-1 sshd[14314]: Received disconnect from 61.177.172.124 port 63214:11:  [preauth]","@timestamp":"2022-09-13T02:54:56.030Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:02 honeypot-fra-1 sshd[4805]: Did not receive identification string from 45.61.186.49 port 34568","@timestamp":"2022-09-13T02:55:03.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:23 honeypot-fra-1 sshd[4808]: Disconnected from invalid user user 45.61.186.49 port 45636 [preauth]","@timestamp":"2022-09-13T02:55:24.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:32 honeypot-fra-1 sshd[4812]: Disconnected from invalid user user 45.61.186.49 port 57194 [preauth]","@timestamp":"2022-09-13T02:55:33.254Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:59:49 honeypot-ams-1 sshd[14320]: Received disconnect from 61.177.173.51 port 30202:11:  [preauth]","@timestamp":"2022-09-13T02:59:50.160Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:00:47 honeypot-fra-1 sshd[4817]: Disconnected from authenticating user root 117.186.96.54 port 44882 [preauth]","@timestamp":"2022-09-13T03:00:48.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:05:00 honeypot-ams-1 sshd[14325]: Invalid user xze from 104.236.228.230 port 58462","@timestamp":"2022-09-13T03:05:01.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:06:36 honeypot-ams-1 sshd[14329]: Invalid user sino_zsk from 45.191.91.45 port 58164","@timestamp":"2022-09-13T03:06:36.339Z"}
{"@timestamp":"2022-09-13T03:07:41.850Z","@version":"1","message":"Sep 13 03:07:41 honeypot-sgp-1 kernel: [83914572.437996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=7629 PROTO=TCP SPT=40581 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:08:45 honeypot-ams-1 sshd[14333]: Received disconnect from 103.186.0.8 port 57882:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:08:45.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:26 honeypot-fra-1 sshd[4823]: Received disconnect from 198.98.61.9 port 47354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:12:27.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:35 honeypot-fra-1 sshd[4825]: Disconnected from invalid user user 198.98.61.9 port 58942 [preauth]","@timestamp":"2022-09-13T03:12:35.641Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:12:35.974Z","@version":"1","message":"Sep 13 03:12:35 honeypot-sgp-1 sshd[9410]: Invalid user bbnc from 103.188.176.251 port 33402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:56 honeypot-fra-1 sshd[4831]: Disconnected from invalid user user 198.98.61.9 port 53850 [preauth]","@timestamp":"2022-09-13T03:12:56.650Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:13:00 honeypot-ams-1 sshd[14342]: Received disconnect from 61.177.172.104 port 13575:11:  [preauth]","@timestamp":"2022-09-13T03:13:01.508Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:12 honeypot-fra-1 sshd[4837]: Invalid user user from 198.98.61.9 port 48778","@timestamp":"2022-09-13T03:13:12.658Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:14:49 honeypot-fra-1 kernel: [83913314.087553] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=44722 PROTO=TCP SPT=58003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:14:49.697Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:17:01 honeypot-ams-1 CRON[14349]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T03:17:02.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:22:37 honeypot-fra-1 sshd[4871]: Invalid user koala from 165.22.45.108 port 40200","@timestamp":"2022-09-13T03:22:37.874Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:26:48.346Z","@version":"1","message":"Sep 13 03:26:47 honeypot-sgp-1 sshd[9418]: Unable to negotiate with 141.105.66.148 port 34443: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:26:50.348Z","@version":"1","message":"Sep 13 03:26:49 honeypot-sgp-1 sshd[9428]: Unable to negotiate with 141.105.66.148 port 40365: no matching host key type found. Their offer: ssh-dss [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:26:53 honeypot-ams-1 sshd[14357]: Invalid user admin from 103.176.179.185 port 58186","@timestamp":"2022-09-13T03:26:53.865Z"}
{"@timestamp":"2022-09-13T03:26:56.351Z","@version":"1","message":"Sep 13 03:26:56 honeypot-sgp-1 sshd[9436]: Unable to negotiate with 141.105.66.148 port 43513: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:27:47 honeypot-ams-1 sshd[14363]: Disconnected from authenticating user root 5.183.9.248 port 53100 [preauth]","@timestamp":"2022-09-13T03:27:47.890Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:27:54 honeypot-fra-1 sshd[4876]: Received disconnect from 111.220.139.23 port 53308:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:27:54.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:31:05 honeypot-fra-1 sshd[4880]: Invalid user cynthia from 162.243.172.239 port 53684","@timestamp":"2022-09-13T03:31:06.066Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:31:37 honeypot-ams-1 sshd[14371]: Received disconnect from 61.177.173.37 port 21486:11:  [preauth]","@timestamp":"2022-09-13T03:31:37.989Z"}
{"@timestamp":"2022-09-13T03:32:33.489Z","@version":"1","message":"Sep 13 03:32:33 honeypot-sgp-1 sshd[9443]: Disconnected from authenticating user root 92.255.85.70 port 61496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:13 honeypot-fra-1 sshd[4900]: Received disconnect from 92.255.85.69 port 58372:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:35:14.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:35:25.560Z","@version":"1","message":"Sep 13 03:35:25 honeypot-sgp-1 sshd[9447]: Disconnected from invalid user faridah 60.196.69.234 port 34435 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:34 honeypot-fra-1 sshd[4904]: Connection closed by invalid user vagrant 120.199.82.50 port 2941 [preauth]","@timestamp":"2022-09-13T03:35:35.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:40 honeypot-fra-1 sshd[4907]: Connection closed by invalid user ec2-user 120.199.82.50 port 58191 [preauth]","@timestamp":"2022-09-13T03:35:41.171Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:50 honeypot-fra-1 sshd[4923]: Invalid user elastic from 120.199.82.50 port 10291","@timestamp":"2022-09-13T03:35:50.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:04 honeypot-fra-1 sshd[4929]: Invalid user vagrant from 120.199.82.50 port 36429","@timestamp":"2022-09-13T03:36:05.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:08 honeypot-fra-1 kernel: [83914593.832326] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.135 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35117 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:36:09.187Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:37 honeypot-fra-1 sshd[4940]: Invalid user admin from 120.199.82.50 port 31790","@timestamp":"2022-09-13T03:36:37.200Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:37:06.623Z","@version":"1","message":"Sep 13 03:37:05 honeypot-sgp-1 kernel: [83916336.299360] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.158 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34160 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:37:41 honeypot-ams-1 sshd[14378]: Invalid user laraht from 188.166.23.215 port 41956","@timestamp":"2022-09-13T03:37:42.145Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:39:30 honeypot-ams-1 kernel: [83916954.159885] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.25.54.5 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=15612 PROTO=TCP SPT=64069 DPT=80 WINDOW=24821 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:39:30.194Z"}
{"@timestamp":"2022-09-13T03:43:37.784Z","@version":"1","message":"Sep 13 03:43:37 honeypot-sgp-1 sshd[9458]: Invalid user ubnt from 116.98.167.15 port 48074","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:41.788Z","@version":"1","message":"Sep 13 03:43:41 honeypot-sgp-1 sshd[9464]: Invalid user ubnt from 116.98.167.15 port 36184","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:53.794Z","@version":"1","message":"Sep 13 03:43:52 honeypot-sgp-1 sshd[9472]: Connection closed by authenticating user root 116.98.167.15 port 53084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:11.803Z","@version":"1","message":"Sep 13 03:44:11 honeypot-sgp-1 sshd[9480]: Invalid user support from 116.98.167.15 port 48132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:44:17 honeypot-fra-1 kernel: [83915081.886576] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=48965 DF PROTO=TCP SPT=55255 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:44:17.368Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T03:44:21.808Z","@version":"1","message":"Sep 13 03:44:21 honeypot-sgp-1 sshd[9486]: Invalid user admin from 116.98.167.15 port 33076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:03.828Z","@version":"1","message":"Sep 13 03:45:03 honeypot-sgp-1 sshd[9492]: Invalid user username from 116.98.167.15 port 38002","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:13.834Z","@version":"1","message":"Sep 13 03:45:12 honeypot-sgp-1 sshd[9498]: Invalid user test from 116.98.167.15 port 36622","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:46:10.883Z","@version":"1","message":"Sep 13 03:46:09 honeypot-sgp-1 sshd[9504]: Connection closed by invalid user belkinstyle 116.98.167.15 port 41114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:47:28.919Z","@version":"1","message":"Sep 13 03:47:28 honeypot-sgp-1 sshd[9510]: Invalid user camera from 116.98.167.15 port 41080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:48:15.941Z","@version":"1","message":"Sep 13 03:48:15 honeypot-sgp-1 sshd[9515]: Connection closed by invalid user factorio 116.98.167.15 port 34016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:49:15.970Z","@version":"1","message":"Sep 13 03:49:15 honeypot-sgp-1 sshd[9523]: Invalid user pal from 116.98.167.15 port 45398","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:50:53 honeypot-ams-1 sshd[14390]: Did not receive identification string from 46.19.141.122 port 36560","@timestamp":"2022-09-13T03:50:53.486Z"}
{"@timestamp":"2022-09-13T03:51:03.017Z","@version":"1","message":"Sep 13 03:51:02 honeypot-sgp-1 sshd[9529]: Invalid user user7 from 116.98.167.15 port 44842","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:42 honeypot-ams-1 sshd[14395]: Received disconnect from 43.154.143.45 port 59790:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:51:43.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:52:43 honeypot-ams-1 sshd[14401]: Invalid user admin from 46.19.141.122 port 52600","@timestamp":"2022-09-13T03:52:44.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:52:45 honeypot-fra-1 kernel: [83915590.392064] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=59837 PROTO=TCP SPT=42728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:52:46.561Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:18 honeypot-ams-1 sshd[14405]: Invalid user ubuntu from 46.19.141.122 port 34968","@timestamp":"2022-09-13T03:53:18.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:54:19 honeypot-ams-1 sshd[14410]: Invalid user user from 46.19.141.122 port 45556","@timestamp":"2022-09-13T03:54:19.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:54:46 honeypot-ams-1 sshd[14414]: Received disconnect from 46.19.141.122 port 50852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:54:47.601Z"}
{"@timestamp":"2022-09-13T03:54:52.115Z","@version":"1","message":"Sep 13 03:54:52 honeypot-sgp-1 sshd[9537]: Invalid user user from 45.61.186.49 port 59670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:55:02.121Z","@version":"1","message":"Sep 13 03:55:01 honeypot-sgp-1 sshd[9541]: Invalid user user from 45.61.186.49 port 43106","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:55:21 honeypot-ams-1 sshd[14418]: Received disconnect from 46.19.141.122 port 33180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:55:22.620Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:55:49 honeypot-ams-1 kernel: [83917933.260752] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=38133 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:55:49.634Z"}
{"@timestamp":"2022-09-13T03:55:51.142Z","@version":"1","message":"Sep 13 03:55:50 honeypot-sgp-1 sshd[9545]: Received disconnect from 92.255.85.69 port 39732:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:03:06 honeypot-fra-1 sshd[4956]: Received disconnect from 165.22.45.108 port 45124:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T04:03:06.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:09 honeypot-fra-1 sshd[4962]: Invalid user user from 141.255.162.226 port 34940","@timestamp":"2022-09-13T04:06:09.863Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:11 honeypot-fra-1 sshd[4966]: Invalid user user from 141.255.162.226 port 48252","@timestamp":"2022-09-13T04:06:11.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:17 honeypot-fra-1 sshd[4970]: Invalid user user from 141.255.162.226 port 39994","@timestamp":"2022-09-13T04:06:17.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:09:26 honeypot-fra-1 kernel: [83916591.007546] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=55534 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:09:26.938Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:14:41 honeypot-ams-1 kernel: [83919065.746878] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40370 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:14:42.121Z"}
{"@timestamp":"2022-09-13T04:17:01.685Z","@version":"1","message":"Sep 13 04:17:01 honeypot-sgp-1 CRON[9549]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:17:01 honeypot-fra-1 CRON[4978]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T04:17:02.108Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:18:42 honeypot-fra-1 sshd[4985]: Disconnected from authenticating user root 92.106.169.34 port 42618 [preauth]","@timestamp":"2022-09-13T04:18:42.148Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:24:23 honeypot-ams-1 kernel: [83919647.563825] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.196.66.42 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=41455 PROTO=TCP SPT=62804 DPT=80 WINDOW=36924 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:24:24.372Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:26:04 honeypot-fra-1 kernel: [83917589.205873] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.158 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=43641 PROTO=TCP SPT=43122 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:26:05.315Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T04:26:51.931Z","@version":"1","message":"Sep 13 04:26:51 honeypot-sgp-1 sshd[9557]: Received disconnect from 143.244.158.100 port 45430:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:29:14.992Z","@version":"1","message":"Sep 13 04:29:14 honeypot-sgp-1 kernel: [83919465.017714] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.105 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59331 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:30:09 honeypot-ams-1 kernel: [83919993.226187] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.242.20.11 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=4790 DF PROTO=TCP SPT=61459 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:30:09.556Z"}
{"@timestamp":"2022-09-13T04:30:20.023Z","@version":"1","message":"Sep 13 04:30:19 honeypot-sgp-1 sshd[9568]: Invalid user ts from 43.154.14.246 port 44808","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:31:10.046Z","@version":"1","message":"Sep 13 04:31:09 honeypot-sgp-1 sshd[9572]: Disconnected from authenticating user root 143.244.158.100 port 39240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:32:12 honeypot-fra-1 kernel: [83917956.815812] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.226 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57081 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:32:12.456Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T04:33:35.107Z","@version":"1","message":"Sep 13 04:33:34 honeypot-sgp-1 sshd[9578]: Disconnected from authenticating user root 143.244.158.100 port 43654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:35:59.192Z","@version":"1","message":"Sep 13 04:35:59 honeypot-sgp-1 sshd[9585]: Disconnected from authenticating user root 143.244.158.100 port 48796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:37:28 honeypot-ams-1 kernel: [83920432.489303] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.79.64 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=35067 PROTO=TCP SPT=39906 DPT=80 WINDOW=30370 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:37:28.745Z"}
{"@timestamp":"2022-09-13T04:37:37.238Z","@version":"1","message":"Sep 13 04:37:36 honeypot-sgp-1 sshd[9591]: Received disconnect from 143.244.158.100 port 47778:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:40:02.301Z","@version":"1","message":"Sep 13 04:40:01 honeypot-sgp-1 sshd[9598]: Received disconnect from 143.244.158.100 port 36818:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:40:31 honeypot-ams-1 kernel: [83920615.331249] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.24 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=10208 PROTO=TCP SPT=35216 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:40:31.827Z"}
{"@timestamp":"2022-09-13T04:42:29.364Z","@version":"1","message":"Sep 13 04:42:28 honeypot-sgp-1 sshd[9604]: Received disconnect from 143.244.158.100 port 58554:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:43:48 honeypot-fra-1 sshd[5000]: Connection closed by invalid user 1234 124.221.61.174 port 36036 [preauth]","@timestamp":"2022-09-13T04:43:48.717Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:44:11.410Z","@version":"1","message":"Sep 13 04:44:11 honeypot-sgp-1 sshd[9610]: Received disconnect from 143.244.158.100 port 57038:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:46:44.474Z","@version":"1","message":"Sep 13 04:46:43 honeypot-sgp-1 sshd[9617]: Received disconnect from 143.244.158.100 port 59684:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:47:54 honeypot-fra-1 kernel: [83918898.801969] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=181.211.252.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=57142 DF PROTO=TCP SPT=54108 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:47:54.811Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T04:49:14.537Z","@version":"1","message":"Sep 13 04:49:13 honeypot-sgp-1 sshd[9623]: Received disconnect from 143.244.158.100 port 40624:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:51:43.600Z","@version":"1","message":"Sep 13 04:51:42 honeypot-sgp-1 sshd[9630]: Received disconnect from 143.244.158.100 port 53878:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:53:32.648Z","@version":"1","message":"Sep 13 04:53:31 honeypot-sgp-1 kernel: [83920922.443639] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.4.90 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20523 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:53:41 honeypot-ams-1 kernel: [83921405.316622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.107 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=43035 PROTO=TCP SPT=37277 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:53:42.160Z"}
{"@timestamp":"2022-09-13T04:55:51.708Z","@version":"1","message":"Sep 13 04:55:50 honeypot-sgp-1 sshd[9640]: Received disconnect from 143.244.158.100 port 51826:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:58:21.772Z","@version":"1","message":"Sep 13 04:58:20 honeypot-sgp-1 sshd[9647]: Received disconnect from 143.244.158.100 port 41208:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:00:49.835Z","@version":"1","message":"Sep 13 05:00:49 honeypot-sgp-1 sshd[9654]: Received disconnect from 143.244.158.100 port 57582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:00:53 honeypot-ams-1 sshd[14460]: Invalid user user from 45.61.187.160 port 58210","@timestamp":"2022-09-13T05:00:54.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:08 honeypot-fra-1 sshd[5011]: Received disconnect from 45.61.186.49 port 49464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:09.108Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:13 honeypot-ams-1 sshd[14464]: Invalid user user from 45.61.187.160 port 53236","@timestamp":"2022-09-13T05:01:13.352Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:18 honeypot-fra-1 sshd[5015]: Received disconnect from 45.61.186.49 port 32946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:18.113Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:31 honeypot-ams-1 sshd[14468]: Invalid user user from 45.61.187.160 port 48264","@timestamp":"2022-09-13T05:01:31.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:02:22 honeypot-fra-1 sshd[5020]: Disconnected from authenticating user root 152.228.217.107 port 54360 [preauth]","@timestamp":"2022-09-13T05:02:23.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:02:35.882Z","@version":"1","message":"Sep 13 05:02:35 honeypot-sgp-1 sshd[9661]: Received disconnect from 143.244.158.100 port 38062:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:03:44 honeypot-fra-1 sshd[5026]: Connection closed by invalid user admin 107.204.192.210 port 51662 [preauth]","@timestamp":"2022-09-13T05:03:45.171Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:05:28 honeypot-ams-1 sshd[14473]: Invalid user centos from 179.60.147.69 port 61784","@timestamp":"2022-09-13T05:05:28.464Z"}
{"@timestamp":"2022-09-13T05:05:29.955Z","@version":"1","message":"Sep 13 05:05:29 honeypot-sgp-1 sshd[9667]: Received disconnect from 143.244.158.100 port 36346:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:06:29 honeypot-fra-1 sshd[5030]: Disconnected from invalid user rufus 52.160.46.145 port 40206 [preauth]","@timestamp":"2022-09-13T05:06:29.249Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:07:10.999Z","@version":"1","message":"Sep 13 05:07:10 honeypot-sgp-1 sshd[9674]: Received disconnect from 143.244.158.100 port 37828:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:09:40.062Z","@version":"1","message":"Sep 13 05:09:39 honeypot-sgp-1 sshd[9680]: Received disconnect from 143.244.158.100 port 49996:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:10:51 honeypot-fra-1 sshd[5035]: Received disconnect from 178.46.163.191 port 37240:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:10:52.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:12:22.131Z","@version":"1","message":"Sep 13 05:12:22 honeypot-sgp-1 sshd[9687]: Received disconnect from 143.244.158.100 port 38350:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:47 honeypot-ams-1 sshd[14478]: Did not receive identification string from 141.255.162.226 port 40672","@timestamp":"2022-09-13T05:13:47.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:54 honeypot-ams-1 sshd[14481]: Disconnected from invalid user user 141.255.162.226 port 51348 [preauth]","@timestamp":"2022-09-13T05:13:54.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:59 honeypot-ams-1 sshd[14485]: Disconnected from invalid user user 141.255.162.226 port 36738 [preauth]","@timestamp":"2022-09-13T05:13:59.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:01 honeypot-ams-1 sshd[14489]: Disconnected from invalid user user 141.255.162.226 port 44544 [preauth]","@timestamp":"2022-09-13T05:14:01.684Z"}
{"@timestamp":"2022-09-13T05:17:02.245Z","@version":"1","message":"Sep 13 05:17:01 honeypot-sgp-1 CRON[9691]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:17:01 honeypot-ams-1 CRON[14494]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T05:17:02.763Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:20:47 honeypot-fra-1 kernel: [83920871.980092] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.182.129.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=48954 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:20:47.577Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:21:01 honeypot-ams-1 sshd[14501]: Invalid user ng from 104.130.135.117 port 60926","@timestamp":"2022-09-13T05:21:01.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:24:06 honeypot-fra-1 sshd[5046]: Received disconnect from 165.22.45.108 port 54972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:24:07.657Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:28:13 honeypot-ams-1 kernel: [83923477.989477] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.36 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=2750 PROTO=TCP SPT=51820 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:28:14.052Z"}
{"@timestamp":"2022-09-13T05:28:59.532Z","@version":"1","message":"Sep 13 05:28:59 honeypot-sgp-1 sshd[9698]: Received disconnect from 92.255.85.69 port 29784:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:29:57.559Z","@version":"1","message":"Sep 13 05:29:56 honeypot-sgp-1 sshd[9703]: Invalid user user from 45.61.186.49 port 37200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:30:06.564Z","@version":"1","message":"Sep 13 05:30:06 honeypot-sgp-1 sshd[9707]: Invalid user user from 45.61.186.49 port 48994","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:32:19 honeypot-fra-1 sshd[5049]: Disconnected from authenticating user root 92.255.85.70 port 52302 [preauth]","@timestamp":"2022-09-13T05:32:20.842Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:33:38.652Z","@version":"1","message":"Sep 13 05:33:37 honeypot-sgp-1 sshd[9710]: Received disconnect from 187.216.254.180 port 58546:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:45.681Z","@version":"1","message":"Sep 13 05:34:45 honeypot-sgp-1 sshd[9714]: Disconnected from authenticating user root 185.180.29.203 port 13404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:52.686Z","@version":"1","message":"Sep 13 05:34:52 honeypot-sgp-1 sshd[9720]: Received disconnect from 185.180.29.203 port 13434:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:58.689Z","@version":"1","message":"Sep 13 05:34:58 honeypot-sgp-1 sshd[9726]: Received disconnect from 185.180.29.203 port 13462:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:35:03 honeypot-ams-1 sshd[14510]: Disconnected from authenticating user root 14.225.17.9 port 49498 [preauth]","@timestamp":"2022-09-13T05:35:04.226Z"}
{"@timestamp":"2022-09-13T05:35:05.693Z","@version":"1","message":"Sep 13 05:35:04 honeypot-sgp-1 sshd[9732]: Received disconnect from 185.180.29.203 port 13493:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:11.696Z","@version":"1","message":"Sep 13 05:35:11 honeypot-sgp-1 sshd[9738]: Received disconnect from 185.180.29.203 port 13529:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:18.701Z","@version":"1","message":"Sep 13 05:35:17 honeypot-sgp-1 sshd[9744]: Received disconnect from 185.180.29.203 port 13579:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:24.704Z","@version":"1","message":"Sep 13 05:35:24 honeypot-sgp-1 sshd[9750]: Received disconnect from 185.180.29.203 port 13605:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:30.707Z","@version":"1","message":"Sep 13 05:35:30 honeypot-sgp-1 sshd[9756]: Received disconnect from 185.180.29.203 port 13624:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:37.711Z","@version":"1","message":"Sep 13 05:35:37 honeypot-sgp-1 sshd[9762]: Received disconnect from 185.180.29.203 port 13649:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:41.714Z","@version":"1","message":"Sep 13 05:35:41 honeypot-sgp-1 sshd[9766]: Disconnected from invalid user fukai 70.35.202.246 port 34254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:46.717Z","@version":"1","message":"Sep 13 05:35:45 honeypot-sgp-1 sshd[9772]: Disconnected from authenticating user root 185.180.29.203 port 13696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:35:49 honeypot-ams-1 sshd[14514]: Disconnected from invalid user demo 118.27.35.131 port 39954 [preauth]","@timestamp":"2022-09-13T05:35:50.249Z"}
{"@timestamp":"2022-09-13T05:35:52.720Z","@version":"1","message":"Sep 13 05:35:52 honeypot-sgp-1 sshd[9778]: Disconnected from authenticating user root 185.180.29.203 port 13741 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:58.723Z","@version":"1","message":"Sep 13 05:35:58 honeypot-sgp-1 sshd[9784]: Disconnected from authenticating user root 185.180.29.203 port 13785 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:04.727Z","@version":"1","message":"Sep 13 05:36:04 honeypot-sgp-1 sshd[9790]: Invalid user admin from 185.180.29.203 port 13818","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:09.730Z","@version":"1","message":"Sep 13 05:36:08 honeypot-sgp-1 sshd[9794]: Invalid user admin from 185.180.29.203 port 13843","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:13.732Z","@version":"1","message":"Sep 13 05:36:13 honeypot-sgp-1 sshd[9798]: Invalid user admin from 185.180.29.203 port 13880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:17.735Z","@version":"1","message":"Sep 13 05:36:17 honeypot-sgp-1 sshd[9802]: Invalid user admin from 185.180.29.203 port 13904","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:22.738Z","@version":"1","message":"Sep 13 05:36:21 honeypot-sgp-1 sshd[9806]: Invalid user admin from 185.180.29.203 port 13950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:26.740Z","@version":"1","message":"Sep 13 05:36:26 honeypot-sgp-1 sshd[9810]: Received disconnect from 185.180.29.203 port 13989:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:30.742Z","@version":"1","message":"Sep 13 05:36:30 honeypot-sgp-1 sshd[9814]: Disconnected from invalid user pi 185.180.29.203 port 14011 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:35.746Z","@version":"1","message":"Sep 13 05:36:34 honeypot-sgp-1 sshd[9818]: Disconnected from invalid user user 185.180.29.203 port 14039 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:39.748Z","@version":"1","message":"Sep 13 05:36:39 honeypot-sgp-1 sshd[9822]: Disconnected from invalid user mine 185.180.29.203 port 14055 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:43.750Z","@version":"1","message":"Sep 13 05:36:43 honeypot-sgp-1 sshd[9826]: Disconnected from invalid user xbmc 185.180.29.203 port 14093 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:47.753Z","@version":"1","message":"Sep 13 05:36:47 honeypot-sgp-1 sshd[9830]: Disconnected from invalid user oracle 185.180.29.203 port 14122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:52.756Z","@version":"1","message":"Sep 13 05:36:51 honeypot-sgp-1 sshd[9834]: Disconnected from invalid user postgres 185.180.29.203 port 14139 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:56.758Z","@version":"1","message":"Sep 13 05:36:56 honeypot-sgp-1 sshd[9838]: Disconnected from invalid user support 185.180.29.203 port 14164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:00.760Z","@version":"1","message":"Sep 13 05:37:00 honeypot-sgp-1 sshd[9842]: Disconnected from invalid user ubuntu 185.180.29.203 port 14193 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:05.764Z","@version":"1","message":"Sep 13 05:37:04 honeypot-sgp-1 sshd[9847]: Disconnected from invalid user ubuntu 185.180.29.203 port 14223 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:09.767Z","@version":"1","message":"Sep 13 05:37:08 honeypot-sgp-1 sshd[9853]: Invalid user guest from 185.180.29.203 port 14235","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:13.769Z","@version":"1","message":"Sep 13 05:37:13 honeypot-sgp-1 sshd[9857]: Invalid user cirros from 185.180.29.203 port 14269","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:38:59 honeypot-ams-1 sshd[14518]: Disconnected from invalid user anonymous 210.196.250.246 port 36692 [preauth]","@timestamp":"2022-09-13T05:38:59.330Z"}
{"@timestamp":"2022-09-13T05:39:06.816Z","@version":"1","message":"Sep 13 05:39:06 honeypot-sgp-1 sshd[9861]: Invalid user user from 179.60.147.69 port 28088","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:41:58 honeypot-ams-1 sshd[14523]: Disconnected from invalid user nicholas 106.245.234.10 port 39602 [preauth]","@timestamp":"2022-09-13T05:41:59.409Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:43:22 honeypot-fra-1 sshd[5055]: Connection closed by invalid user admin 200.223.219.62 port 49350 [preauth]","@timestamp":"2022-09-13T05:43:23.094Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:31 honeypot-ams-1 sshd[14528]: Disconnected from invalid user user 141.255.162.226 port 35454 [preauth]","@timestamp":"2022-09-13T05:45:31.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:36 honeypot-ams-1 sshd[14532]: Disconnected from invalid user user 141.255.162.226 port 55058 [preauth]","@timestamp":"2022-09-13T05:45:36.506Z"}
{"@timestamp":"2022-09-13T05:45:37.976Z","@version":"1","message":"Sep 13 05:45:36 honeypot-sgp-1 sshd[9866]: Connection closed by invalid user litao 103.188.176.251 port 54996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:38 honeypot-ams-1 sshd[14536]: Disconnected from invalid user user 141.255.162.226 port 50614 [preauth]","@timestamp":"2022-09-13T05:45:38.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:57:35 honeypot-ams-1 sshd[14541]: Received disconnect from 92.255.85.69 port 30536:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:57:35.811Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:03:09 honeypot-fra-1 sshd[5063]: Invalid user guest from 165.98.12.138 port 55414","@timestamp":"2022-09-13T06:03:09.534Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:07:15.496Z","@version":"1","message":"Sep 13 06:07:15 honeypot-sgp-1 kernel: [83925345.738612] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=44008 PROTO=TCP SPT=48803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:09:45 honeypot-ams-1 sshd[14546]: Invalid user loan from 137.116.144.39 port 56294","@timestamp":"2022-09-13T06:09:46.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5162]: Did not receive identification string from 20.13.161.157 port 53390","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5180]: Invalid user admin from 20.13.161.157 port 53538","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5167]: Connection closed by authenticating user root 20.13.161.157 port 53520 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5175]: Connection closed by invalid user mysql 20.13.161.157 port 53518 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5169]: Connection closed by invalid user centos 20.13.161.157 port 53542 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:28 honeypot-fra-1 sshd[5201]: Connection closed by authenticating user root 20.13.161.157 port 53560 [preauth]","@timestamp":"2022-09-13T06:15:29.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:16:58 honeypot-fra-1 sshd[5207]: Connection closed by authenticating user root 179.60.147.69 port 43916 [preauth]","@timestamp":"2022-09-13T06:16:59.870Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:17:01.738Z","@version":"1","message":"Sep 13 06:17:01 honeypot-sgp-1 CRON[9879]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:17:01 honeypot-ams-1 CRON[14550]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T06:17:02.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:22:28 honeypot-fra-1 kernel: [83924572.822880] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.68.117 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64408 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:22:28.997Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:24:57 honeypot-ams-1 kernel: [83926881.816945] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.73.163.131 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=29178 DF PROTO=TCP SPT=10991 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:24:58.596Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:25:03 honeypot-fra-1 CRON[5221]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T06:25:04.080Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:25:05.946Z","@version":"1","message":"Sep 13 06:25:05 honeypot-sgp-1 CRON[9888]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:27:59.021Z","@version":"1","message":"Sep 13 06:27:58 honeypot-sgp-1 sshd[10140]: Received disconnect from 45.61.186.249 port 44792:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:28:14 honeypot-ams-1 kernel: [83927078.172455] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.102.251.63 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=53345 PROTO=TCP SPT=56064 DPT=80 WINDOW=3944 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:28:14.690Z"}
{"@timestamp":"2022-09-13T06:28:18.031Z","@version":"1","message":"Sep 13 06:28:17 honeypot-sgp-1 sshd[10144]: Received disconnect from 45.61.186.249 port 39614:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:36.040Z","@version":"1","message":"Sep 13 06:28:35 honeypot-sgp-1 sshd[10148]: Received disconnect from 45.61.186.249 port 34498:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:28:45 honeypot-fra-1 sshd[5358]: Received disconnect from 41.191.116.18 port 52556:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:28:46.169Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:28:51.048Z","@version":"1","message":"Sep 13 06:28:51 honeypot-sgp-1 sshd[10153]: Received disconnect from 45.61.186.249 port 57534:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:30:03 honeypot-fra-1 sshd[5363]: Disconnected from invalid user admin 210.245.34.243 port 55109 [preauth]","@timestamp":"2022-09-13T06:30:03.201Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:33:00.152Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10158]: Invalid user lighthouse from 189.8.29.5 port 60600","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10186]: Invalid user rustserver from 189.8.29.5 port 60656","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10191]: Invalid user centos from 189.8.29.5 port 60648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10184]: Invalid user ubuntu from 189.8.29.5 port 60646","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10173]: Invalid user admin from 189.8.29.5 port 60614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10162]: Connection closed by invalid user oracle 189.8.29.5 port 60604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10176]: Connection closed by invalid user mysql 189.8.29.5 port 60602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10178]: Connection closed by invalid user es 189.8.29.5 port 60594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10159]: Connection closed by invalid user oracle 189.8.29.5 port 60610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10181]: Connection closed by invalid user postgres 189.8.29.5 port 60634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:34:34 honeypot-fra-1 sshd[5373]: Invalid user postgres from 81.45.44.185 port 38170","@timestamp":"2022-09-13T06:34:34.307Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:35:20.212Z","@version":"1","message":"Sep 13 06:35:19 honeypot-sgp-1 kernel: [83927029.854362] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=25178 PROTO=TCP SPT=50391 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:36:52 honeypot-fra-1 sshd[5379]: Received disconnect from 167.99.236.74 port 58436:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:36:53.361Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:38:04 honeypot-ams-1 kernel: [83927668.907327] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.161.131.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=54321 PROTO=TCP SPT=58875 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:38:04.946Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:41:47 honeypot-ams-1 sshd[14838]: Disconnected from authenticating user root 80.76.51.43 port 39406 [preauth]","@timestamp":"2022-09-13T06:41:48.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:17 honeypot-ams-1 sshd[14842]: Disconnected from invalid user support 80.76.51.43 port 40536 [preauth]","@timestamp":"2022-09-13T06:42:18.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:44:17 honeypot-fra-1 kernel: [83925882.213387] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=54.37.163.160 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=7197 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:44:18.531Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:44:57 honeypot-ams-1 sshd[14849]: Disconnected from authenticating user root 92.255.85.70 port 60672 [preauth]","@timestamp":"2022-09-13T06:44:58.132Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:47:47 honeypot-fra-1 sshd[5388]: Disconnected from invalid user leo 144.126.215.161 port 58282 [preauth]","@timestamp":"2022-09-13T06:47:47.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5399]: Invalid user odoo from 20.254.57.199 port 53970","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5398]: Invalid user admin from 20.254.57.199 port 53934","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5406]: Connection closed by authenticating user root 20.254.57.199 port 53968 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5408]: Connection closed by invalid user guest 20.254.57.199 port 53974 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5411]: Invalid user mysql from 20.254.57.199 port 53956","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5410]: Invalid user admin from 20.254.57.199 port 53940","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5442]: Invalid user testuser from 20.254.57.199 port 53976","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5438]: Connection closed by invalid user devops 20.254.57.199 port 53960 [preauth]","@timestamp":"2022-09-13T06:51:13.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:15 honeypot-fra-1 sshd[5454]: Invalid user hadoop from 20.254.57.199 port 53998","@timestamp":"2022-09-13T06:51:15.691Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:52:13.636Z","@version":"1","message":"Sep 13 06:52:13 honeypot-sgp-1 kernel: [83928043.705090] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.214.26.53 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=232 ID=65151 PROTO=TCP SPT=42229 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:53:49 honeypot-ams-1 sshd[14852]: Disconnected from invalid user celery 24.166.23.99 port 35618 [preauth]","@timestamp":"2022-09-13T06:53:49.361Z"}
{"@timestamp":"2022-09-13T06:54:47.702Z","@version":"1","message":"Sep 13 06:54:47 honeypot-sgp-1 sshd[10232]: Received disconnect from 141.255.162.226 port 37846:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:51.706Z","@version":"1","message":"Sep 13 06:54:51 honeypot-sgp-1 sshd[10236]: Received disconnect from 141.255.162.226 port 51526:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:53.707Z","@version":"1","message":"Sep 13 06:54:52 honeypot-sgp-1 sshd[10240]: Received disconnect from 141.255.162.226 port 58374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:58:33 honeypot-fra-1 kernel: [83926738.196631] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.17.105.85 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=14489 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:58:33.856Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:00:34 honeypot-ams-1 sshd[15292]: Received disconnect from 200.72.227.83 port 58018:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:00:35.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:31 honeypot-ams-1 sshd[15298]: Invalid user user from 45.61.184.204 port 36548","@timestamp":"2022-09-13T07:02:32.590Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 07:02:48 honeypot-ams-1 kernel: [83929152.768809] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23640 PROTO=TCP SPT=52278 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:02:49.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:00 honeypot-ams-1 sshd[15304]: Disconnected from invalid user user 45.61.184.204 port 42958 [preauth]","@timestamp":"2022-09-13T07:03:00.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:17 honeypot-ams-1 sshd[15308]: Disconnected from invalid user user 45.61.184.204 port 37816 [preauth]","@timestamp":"2022-09-13T07:03:17.614Z"}
{"@timestamp":"2022-09-13T07:03:52.931Z","@version":"1","message":"Sep 13 07:03:52 honeypot-sgp-1 sshd[10245]: Disconnected from authenticating user root 92.255.85.70 port 25726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:06:43 honeypot-ams-1 sshd[15314]: Received disconnect from 45.61.186.249 port 33486:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:06:44.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:03 honeypot-ams-1 sshd[15318]: Received disconnect from 45.61.186.249 port 56468:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:07:03.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:20 honeypot-ams-1 sshd[15322]: Received disconnect from 45.61.186.249 port 51208:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:07:20.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:36 honeypot-ams-1 sshd[15326]: Received disconnect from 45.61.186.249 port 45958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:07:37.735Z"}
{"@timestamp":"2022-09-13T07:07:52.034Z","@version":"1","message":"Sep 13 07:07:51 honeypot-sgp-1 sshd[10249]: Received disconnect from 20.91.214.19 port 34310:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:12:13 honeypot-fra-1 kernel: [83927558.000531] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.197.26.253 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=12311 DF PROTO=TCP SPT=27903 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:12:14.166Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:17:01 honeypot-ams-1 CRON[15331]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T07:17:01.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:17:57 honeypot-fra-1 sshd[5475]: Received disconnect from 45.61.187.160 port 55646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:17:57.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:15 honeypot-fra-1 sshd[5479]: Received disconnect from 45.61.187.160 port 50716:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:18:15.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:33 honeypot-fra-1 sshd[5483]: Invalid user user from 45.61.187.160 port 45804","@timestamp":"2022-09-13T07:18:34.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:51 honeypot-fra-1 sshd[5487]: Invalid user user from 45.61.187.160 port 40874","@timestamp":"2022-09-13T07:18:51.326Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:23:21.421Z","@version":"1","message":"Sep 13 07:23:20 honeypot-sgp-1 sshd[10256]: Received disconnect from 189.45.78.175 port 14760:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:25:39 honeypot-fra-1 sshd[5492]: Invalid user kornievsky from 165.22.45.108 port 42866","@timestamp":"2022-09-13T07:25:39.483Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:27:53 honeypot-ams-1 sshd[15338]: Disconnected from authenticating user root 134.122.8.241 port 53424 [preauth]","@timestamp":"2022-09-13T07:27:53.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:29:34 honeypot-fra-1 sshd[5497]: Received disconnect from 119.28.215.47 port 45804:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:29:35.573Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:32:59.686Z","@version":"1","message":"Sep 13 07:32:59 honeypot-sgp-1 sshd[10263]: Invalid user deploy from 51.15.56.154 port 37162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:33:35 honeypot-fra-1 sshd[5501]: Received disconnect from 222.252.243.104 port 28472:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:33:35.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:36:53 honeypot-ams-1 sshd[15345]: Disconnected from authenticating user root 161.132.180.117 port 2188 [preauth]","@timestamp":"2022-09-13T07:36:53.521Z"}
{"@timestamp":"2022-09-13T07:41:24.906Z","@version":"1","message":"Sep 13 07:41:24 honeypot-sgp-1 sshd[10267]: Invalid user user from 45.61.186.49 port 42490","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:34.912Z","@version":"1","message":"Sep 13 07:41:34 honeypot-sgp-1 sshd[10271]: Invalid user user from 45.61.186.49 port 54262","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:43:07.953Z","@version":"1","message":"Sep 13 07:43:07 honeypot-sgp-1 kernel: [83931097.858737] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.39 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=3158 PROTO=TCP SPT=50363 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:49:58.160Z","@version":"1","message":"Sep 13 07:49:57 honeypot-sgp-1 sshd[10276]: Received disconnect from 92.255.85.70 port 35258:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:52:17 honeypot-fra-1 sshd[5507]: Disconnected from authenticating user root 92.255.85.69 port 56938 [preauth]","@timestamp":"2022-09-13T07:52:17.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 07:59:10 honeypot-ams-1 kernel: [83932534.362938] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.20.33.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36689 PROTO=TCP SPT=55693 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:59:11.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:02:34 honeypot-ams-1 sshd[15356]: Disconnected from invalid user admin 207.180.211.196 port 35094 [preauth]","@timestamp":"2022-09-13T08:02:35.189Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:04:19 honeypot-fra-1 sshd[5513]: Invalid user test from 111.59.45.19 port 41639","@timestamp":"2022-09-13T08:04:19.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:06:17 honeypot-ams-1 kernel: [83932961.322173] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.185.227.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64845 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:06:18.287Z"}
{"@timestamp":"2022-09-13T08:06:22.578Z","@version":"1","message":"Sep 13 08:06:22 honeypot-sgp-1 sshd[10282]: Connection closed by invalid user user 179.60.147.69 port 60070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:07:32 honeypot-fra-1 sshd[5519]: Invalid user user from 179.60.147.69 port 12332","@timestamp":"2022-09-13T08:07:32.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:51 honeypot-ams-1 sshd[15366]: Received disconnect from 83.228.83.95 port 10564:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:52.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:53 honeypot-ams-1 sshd[15372]: Received disconnect from 83.228.83.95 port 10688:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:53.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:54 honeypot-ams-1 sshd[15378]: Received disconnect from 83.228.83.95 port 10262:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:54.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:55 honeypot-ams-1 sshd[15384]: Received disconnect from 83.228.83.95 port 10146:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:56.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:56 honeypot-ams-1 sshd[15390]: Received disconnect from 83.228.83.95 port 10222:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:57.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:57 honeypot-ams-1 sshd[15396]: Received disconnect from 83.228.83.95 port 10290:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:58.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:58 honeypot-ams-1 sshd[15402]: Received disconnect from 83.228.83.95 port 10728:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:59.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:59 honeypot-ams-1 sshd[15408]: Received disconnect from 83.228.83.95 port 10030:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:00.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:01 honeypot-ams-1 sshd[15414]: Received disconnect from 83.228.83.95 port 10554:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:01.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:02 honeypot-ams-1 sshd[15420]: Received disconnect from 83.228.83.95 port 10304:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:02.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:03 honeypot-ams-1 sshd[15426]: Received disconnect from 83.228.83.95 port 10818:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:04.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:04 honeypot-ams-1 sshd[15432]: Received disconnect from 83.228.83.95 port 10410:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:05.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:05 honeypot-ams-1 sshd[15436]: Received disconnect from 83.228.83.95 port 10856:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:05.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:06 honeypot-ams-1 sshd[15440]: Received disconnect from 83.228.83.95 port 10614:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:06.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:06 honeypot-ams-1 sshd[15444]: Received disconnect from 83.228.83.95 port 10960:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:07.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15448]: Received disconnect from 83.228.83.95 port 10892:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:08 honeypot-ams-1 sshd[15452]: Received disconnect from 83.228.83.95 port 10432:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:09 honeypot-ams-1 sshd[15456]: Disconnected from authenticating user root 83.228.83.95 port 10084 [preauth]","@timestamp":"2022-09-13T08:08:09.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15462]: Invalid user pi from 83.228.83.95 port 10262","@timestamp":"2022-09-13T08:08:10.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15466]: Invalid user ethos from 83.228.83.95 port 10984","@timestamp":"2022-09-13T08:08:11.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:11 honeypot-ams-1 sshd[15470]: Invalid user miner from 83.228.83.95 port 10160","@timestamp":"2022-09-13T08:08:12.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15474]: Invalid user volumio from 83.228.83.95 port 10220","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:13 honeypot-ams-1 sshd[15478]: Invalid user nagios from 83.228.83.95 port 10130","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:13 honeypot-ams-1 sshd[15482]: Invalid user vagrant from 83.228.83.95 port 10850","@timestamp":"2022-09-13T08:08:14.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:14 honeypot-ams-1 sshd[15486]: Invalid user debian from 83.228.83.95 port 10382","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15490]: Invalid user debian from 83.228.83.95 port 10564","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:16 honeypot-ams-1 sshd[15494]: Invalid user alarm from 83.228.83.95 port 10968","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15498]: Invalid user test from 83.228.83.95 port 10612","@timestamp":"2022-09-13T08:08:17.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15502]: Invalid user cirros from 83.228.83.95 port 10860","@timestamp":"2022-09-13T08:08:18.350Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:10:23 honeypot-ams-1 sshd[15506]: Received disconnect from 107.175.33.240 port 48914:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:10:24.409Z"}
{"@timestamp":"2022-09-13T08:13:03.751Z","@version":"1","message":"Sep 13 08:13:02 honeypot-sgp-1 sshd[10287]: Received disconnect from 92.255.85.70 port 28636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:15:35 honeypot-ams-1 sshd[15513]: error: maximum authentication attempts exceeded for root from 120.48.37.84 port 42410 ssh2 [preauth]","@timestamp":"2022-09-13T08:15:35.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:29 honeypot-fra-1 sshd[5545]: Invalid user user from 45.61.186.169 port 55184","@timestamp":"2022-09-13T08:16:29.694Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:46 honeypot-fra-1 sshd[5549]: Invalid user user from 45.61.186.169 port 50142","@timestamp":"2022-09-13T08:16:46.703Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:01 honeypot-fra-1 CRON[5553]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T08:17:01.710Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:17:01 honeypot-ams-1 CRON[15520]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T08:17:02.579Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:11 honeypot-fra-1 sshd[5559]: Received disconnect from 45.61.186.169 port 56698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:17:11.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:17:19.863Z","@version":"1","message":"Sep 13 08:17:19 honeypot-sgp-1 sshd[10295]: Connection closed by authenticating user root 103.188.176.251 port 35444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:18:26 honeypot-fra-1 kernel: [83931530.336061] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=33921 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:18:26.747Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:21:38 honeypot-fra-1 sshd[5567]: Received disconnect from 167.99.236.74 port 37080:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:21:38.824Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:25:12 honeypot-fra-1 sshd[5572]: Disconnected from authenticating user root 122.179.17.65 port 57648 [preauth]","@timestamp":"2022-09-13T08:25:12.907Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:30:19 honeypot-ams-1 kernel: [83934403.862025] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=60607 PROTO=TCP SPT=57802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:30:19.923Z"}
{"@timestamp":"2022-09-13T08:36:03.362Z","@version":"1","message":"Sep 13 08:36:02 honeypot-sgp-1 sshd[10321]: Received disconnect from 92.255.85.70 port 53822:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:38:35 honeypot-fra-1 kernel: [83932739.821210] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62632 PROTO=TCP SPT=58207 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:38:36.231Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:39:34 honeypot-ams-1 kernel: [83934958.078669] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=59212 PROTO=TCP SPT=58207 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:39:34.160Z"}
{"@timestamp":"2022-09-13T08:41:35.507Z","@version":"1","message":"Sep 13 08:41:35 honeypot-sgp-1 kernel: [83934605.444805] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.89.174.147 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=60427 PROTO=TCP SPT=61953 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:13 honeypot-fra-1 sshd[5585]: Connection closed by invalid user test 179.60.147.69 port 14988 [preauth]","@timestamp":"2022-09-13T08:44:14.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:33 honeypot-fra-1 sshd[5590]: Connection closed by invalid user pi 182.253.81.212 port 33688 [preauth]","@timestamp":"2022-09-13T08:44:34.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:45:13.603Z","@version":"1","message":"Sep 13 08:45:12 honeypot-sgp-1 sshd[10330]: Disconnected from invalid user ftp 86.102.122.148 port 41782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:46:33 honeypot-fra-1 sshd[5596]: Received disconnect from 165.22.45.108 port 54130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:46:33.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:47:10.657Z","@version":"1","message":"Sep 13 08:47:10 honeypot-sgp-1 sshd[10335]: Disconnected from authenticating user root 45.115.99.42 port 57706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T08:47:32.667Z","@version":"1","message":"Sep 13 08:47:32 honeypot-sgp-1 sshd[10337]: Disconnected from invalid user ansible 103.147.4.202 port 44702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:48:58 honeypot-fra-1 sshd[5601]: Invalid user user from 45.61.187.160 port 36432","@timestamp":"2022-09-13T08:48:59.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:14 honeypot-fra-1 sshd[5606]: Invalid user user from 45.61.187.160 port 59246","@timestamp":"2022-09-13T08:49:15.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:49:16 honeypot-ams-1 kernel: [83935540.608244] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.201.241.58 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=50034 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:49:17.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:30 honeypot-fra-1 sshd[5610]: Invalid user user from 45.61.187.160 port 53846","@timestamp":"2022-09-13T08:49:31.497Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:49:56 honeypot-ams-1 sshd[15558]: Disconnected from invalid user user 198.98.61.9 port 56778 [preauth]","@timestamp":"2022-09-13T08:49:57.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:22 honeypot-ams-1 sshd[15564]: Disconnected from invalid user user 198.98.61.9 port 35148 [preauth]","@timestamp":"2022-09-13T08:50:23.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:45 honeypot-ams-1 sshd[15568]: Disconnected from invalid user user 198.98.61.9 port 58366 [preauth]","@timestamp":"2022-09-13T08:50:45.457Z"}
{"@timestamp":"2022-09-13T08:50:48.753Z","@version":"1","message":"Sep 13 08:50:48 honeypot-sgp-1 sshd[10345]: Received disconnect from 103.41.65.10 port 33298:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:51:03 honeypot-fra-1 kernel: [83933487.856076] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.238.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=30483 PROTO=TCP SPT=28653 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:51:04.535Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:55:48 honeypot-ams-1 sshd[15573]: Disconnected from authenticating user root 82.6.16.46 port 48250 [preauth]","@timestamp":"2022-09-13T08:55:48.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:59:05 honeypot-ams-1 sshd[15577]: Disconnected from invalid user mckey 185.13.235.204 port 58574 [preauth]","@timestamp":"2022-09-13T08:59:06.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:21 honeypot-ams-1 sshd[15582]: Received disconnect from 141.255.162.226 port 37350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:00:21.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:23 honeypot-ams-1 sshd[15586]: Received disconnect from 141.255.162.226 port 43962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:00:24.710Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:00:40 honeypot-fra-1 sshd[5618]: Received disconnect from 198.12.114.231 port 36956:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:00:40.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:00:46 honeypot-ams-1 kernel: [83936230.403521] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=46571 PROTO=TCP SPT=59603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:00:46.721Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:02:58 honeypot-fra-1 sshd[5623]: Disconnected from invalid user deploy 68.183.87.50 port 54704 [preauth]","@timestamp":"2022-09-13T09:02:59.815Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:07:49.183Z","@version":"1","message":"Sep 13 09:07:48 honeypot-sgp-1 kernel: [83936178.576963] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.36 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=52862 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:07:56 honeypot-fra-1 kernel: [83934500.451356] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4077 PROTO=TCP SPT=59603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:07:56.931Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:09:07 honeypot-ams-1 sshd[15597]: Invalid user wh from 200.91.219.250 port 58104","@timestamp":"2022-09-13T09:09:07.939Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:13:28 honeypot-fra-1 sshd[5645]: Connection closed by invalid user admin 148.153.82.133 port 57516 [preauth]","@timestamp":"2022-09-13T09:13:29.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:17:01 honeypot-ams-1 CRON[15602]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T09:17:02.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:03 honeypot-fra-1 sshd[5653]: Connection closed by invalid user config 179.60.147.69 port 33376 [preauth]","@timestamp":"2022-09-13T09:21:03.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5663]: Invalid user guest from 92.205.165.95 port 40794","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5670]: Invalid user deployer from 92.205.165.95 port 40812","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5671]: Invalid user grid from 92.205.165.95 port 40822","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5663]: Connection closed by invalid user guest 92.205.165.95 port 40794 [preauth]","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5683]: Invalid user test from 92.205.165.95 port 40840","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5675]: Connection closed by invalid user hadoop 92.205.165.95 port 40836 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5684]: Connection closed by invalid user ubuntu 92.205.165.95 port 40850 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5686]: Invalid user devops from 92.205.165.95 port 40852","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5687]: Connection closed by invalid user postgres 92.205.165.95 port 40858 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:22:35 honeypot-ams-1 kernel: [83937539.710901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.243.172.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=22440 PROTO=TCP SPT=48287 DPT=80 WINDOW=8502 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:22:36.308Z"}
{"@timestamp":"2022-09-13T09:23:12.569Z","@version":"1","message":"Sep 13 09:23:11 honeypot-sgp-1 sshd[10358]: Received disconnect from 92.255.85.69 port 54036:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:23:40 honeypot-fra-1 sshd[5717]: Invalid user mariajose from 158.101.155.195 port 36244","@timestamp":"2022-09-13T09:23:41.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:26:21 honeypot-fra-1 sshd[5723]: Connection closed by invalid user ubnt 117.221.23.67 port 49470 [preauth]","@timestamp":"2022-09-13T09:26:22.354Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:26:25.652Z","@version":"1","message":"Sep 13 09:26:25 honeypot-sgp-1 sshd[10363]: Received disconnect from 45.181.32.42 port 57618:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:28:40 honeypot-ams-1 sshd[15613]: Received disconnect from 85.29.135.21 port 60516:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:28:41.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:29:17 honeypot-fra-1 kernel: [83935781.686497] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.127.98.53 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=44670 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:29:18.423Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:31:42 honeypot-ams-1 sshd[15617]: Received disconnect from 24.194.231.208 port 51534:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:31:42.551Z"}
{"@timestamp":"2022-09-13T09:32:46.807Z","@version":"1","message":"Sep 13 09:32:46 honeypot-sgp-1 sshd[10368]: Disconnected from authenticating user root 167.172.159.73 port 58918 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:25 honeypot-fra-1 sshd[5733]: Connection closed by invalid user admin 178.61.160.28 port 38152 [preauth]","@timestamp":"2022-09-13T09:46:26.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5738]: Received disconnect from 141.255.162.226 port 57990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:46:41.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:42 honeypot-fra-1 sshd[5742]: Received disconnect from 141.255.162.226 port 42884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:46:42.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:46 honeypot-fra-1 sshd[5746]: Received disconnect from 141.255.162.226 port 56006:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:46:46.818Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:47:17.162Z","@version":"1","message":"Sep 13 09:47:16 honeypot-sgp-1 sshd[10374]: Disconnected from invalid user sfukaya 60.50.99.134 port 60404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:48:22 honeypot-fra-1 kernel: [83936926.810339] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.101 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=53280 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:48:22.858Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:28 honeypot-fra-1 sshd[5753]: Received disconnect from 45.61.186.169 port 41360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:49:28.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:43 honeypot-fra-1 sshd[5757]: Connection closed by invalid user cube 141.98.10.158 port 45286 [preauth]","@timestamp":"2022-09-13T09:49:44.893Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:49:51 honeypot-ams-1 kernel: [83939175.437892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33689 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:49:52.038Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:52 honeypot-fra-1 sshd[5761]: Disconnected from invalid user user 45.61.186.169 port 47500 [preauth]","@timestamp":"2022-09-13T09:49:52.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:50:07 honeypot-fra-1 sshd[5765]: Disconnected from invalid user user 45.61.186.169 port 42176 [preauth]","@timestamp":"2022-09-13T09:50:08.906Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:56:49 honeypot-ams-1 sshd[15626]: Invalid user user from 198.98.61.9 port 36594","@timestamp":"2022-09-13T09:56:50.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:13 honeypot-ams-1 sshd[15630]: Invalid user user from 198.98.61.9 port 59902","@timestamp":"2022-09-13T09:57:14.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:43 honeypot-ams-1 sshd[15634]: Invalid user user from 198.98.61.9 port 54984","@timestamp":"2022-09-13T09:57:44.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:58:08 honeypot-ams-1 sshd[15638]: Invalid user user from 198.98.61.9 port 50054","@timestamp":"2022-09-13T09:58:09.257Z"}
{"@timestamp":"2022-09-13T10:01:29.506Z","@version":"1","message":"Sep 13 10:01:29 honeypot-sgp-1 kernel: [83939399.544600] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.163 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=45850 PROTO=TCP SPT=50564 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:05:57.616Z","@version":"1","message":"Sep 13 10:05:56 honeypot-sgp-1 sshd[10388]: Invalid user guest from 206.189.46.251 port 43626","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:06:43 honeypot-fra-1 sshd[5773]: Invalid user default from 218.2.101.210 port 43360","@timestamp":"2022-09-13T10:06:43.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:07:26 honeypot-ams-1 kernel: [83940229.995327] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.19.118 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=31664 PROTO=TCP SPT=27860 DPT=80 WINDOW=62812 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:07:26.499Z"}
{"@timestamp":"2022-09-13T10:08:53.690Z","@version":"1","message":"Sep 13 10:08:53 honeypot-sgp-1 sshd[10394]: Invalid user dh from 167.71.160.75 port 55348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:09.698Z","@version":"1","message":"Sep 13 10:09:09 honeypot-sgp-1 sshd[10398]: Invalid user user from 45.61.184.204 port 53190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:27.708Z","@version":"1","message":"Sep 13 10:09:27 honeypot-sgp-1 sshd[10402]: Invalid user user from 45.61.184.204 port 47790","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:45.717Z","@version":"1","message":"Sep 13 10:09:45 honeypot-sgp-1 sshd[10406]: Invalid user user from 45.61.184.204 port 42390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:10:05 honeypot-fra-1 sshd[5778]: Invalid user odoo from 117.86.103.243 port 48230","@timestamp":"2022-09-13T10:10:06.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:10:06 honeypot-fra-1 sshd[5781]: Connection closed by invalid user devops 117.86.103.243 port 48220 [preauth]","@timestamp":"2022-09-13T10:10:07.358Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:10:54.747Z","@version":"1","message":"Sep 13 10:10:54 honeypot-sgp-1 sshd[10410]: Received disconnect from 92.255.85.69 port 34356:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:14:26 honeypot-ams-1 sshd[15647]: Invalid user br from 159.65.97.125 port 39096","@timestamp":"2022-09-13T10:14:27.685Z"}
{"@timestamp":"2022-09-13T10:17:01.897Z","@version":"1","message":"Sep 13 10:17:01 honeypot-sgp-1 CRON[10415]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:17:01 honeypot-ams-1 CRON[15652]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T10:17:02.753Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:19:25 honeypot-fra-1 sshd[5795]: Received disconnect from 125.163.156.69 port 55076:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:19:25.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:22:09 honeypot-fra-1 sshd[5799]: Connection closed by invalid user  65.49.20.69 port 7654 [preauth]","@timestamp":"2022-09-13T10:22:09.635Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:26:27 honeypot-fra-1 kernel: [83939211.924582] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=32974 DF PROTO=TCP SPT=34728 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:26:28.733Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T10:27:09.145Z","@version":"1","message":"Sep 13 10:27:08 honeypot-sgp-1 kernel: [83940939.175603] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.182.129.137 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50363 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:30:26 honeypot-ams-1 kernel: [83941610.677406] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 PROTO=TCP SPT=3758 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:30:27.104Z"}
{"@timestamp":"2022-09-13T10:34:12.322Z","@version":"1","message":"Sep 13 10:34:11 honeypot-sgp-1 sshd[10442]: Received disconnect from 92.255.85.69 port 36652:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:35:43 honeypot-ams-1 sshd[15663]: Received disconnect from 195.222.163.54 port 44922:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:35:43.243Z"}
{"@timestamp":"2022-09-13T10:36:15.374Z","@version":"1","message":"Sep 13 10:36:14 honeypot-sgp-1 sshd[10445]: Disconnected from invalid user zdu 181.49.50.202 port 32908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:36:17 honeypot-fra-1 sshd[6253]: Disconnected from authenticating user root 92.255.85.70 port 45528 [preauth]","@timestamp":"2022-09-13T10:36:17.956Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:23 honeypot-ams-1 sshd[15667]: Disconnected from invalid user admin 112.166.144.105 port 35660 [preauth]","@timestamp":"2022-09-13T10:36:24.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:48 honeypot-ams-1 sshd[15671]: Disconnected from invalid user user8 222.128.10.105 port 44361 [preauth]","@timestamp":"2022-09-13T10:36:48.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:37:43 honeypot-ams-1 sshd[15677]: Received disconnect from 41.85.251.8 port 37758:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:37:44.304Z"}
{"@timestamp":"2022-09-13T10:38:58.444Z","@version":"1","message":"Sep 13 10:38:58 honeypot-sgp-1 kernel: [83941648.532516] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=118.123.105.87 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=17578 PROTO=TCP SPT=34519 DPT=5432 WINDOW=63540 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:39:32 honeypot-ams-1 sshd[15682]: Disconnected from authenticating user root 189.213.210.132 port 35079 [preauth]","@timestamp":"2022-09-13T10:39:33.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:48:07 honeypot-fra-1 sshd[6258]: Disconnected from invalid user kraydashenko 165.22.45.108 port 40924 [preauth]","@timestamp":"2022-09-13T10:48:07.221Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:55:04.861Z","@version":"1","message":"Sep 13 10:55:04 honeypot-sgp-1 kernel: [83942614.427902] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.180.198.178 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47572 PROTO=TCP SPT=46486 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6267]: Invalid user test from 137.184.227.149 port 55068","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6285]: Invalid user esuser from 137.184.227.149 port 55078","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6284]: Invalid user user from 137.184.227.149 port 55114","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6267]: Connection closed by invalid user test 137.184.227.149 port 55068 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6277]: Connection closed by authenticating user root 137.184.227.149 port 55084 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6270]: Connection closed by invalid user oracle 137.184.227.149 port 55080 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6274]: Connection closed by authenticating user root 137.184.227.149 port 55126 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6298]: Connection closed by invalid user hadoop 137.184.227.149 port 55134 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:58:38 honeypot-fra-1 sshd[6319]: Received disconnect from 92.255.85.70 port 22536:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:58:39.463Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:02:16 honeypot-ams-1 sshd[15688]: Received disconnect from 92.255.85.69 port 50404:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:02:16.938Z"}
{"@timestamp":"2022-09-13T11:05:49.131Z","@version":"1","message":"Sep 13 11:05:48 honeypot-sgp-1 sshd[10896]: Invalid user bzrx1098ui from 92.255.85.113 port 13019","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:07:15 honeypot-fra-1 kernel: [83941659.698479] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=40517 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:07:16.687Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:11:35 honeypot-ams-1 kernel: [83944079.622156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.251.218.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=32631 PROTO=TCP SPT=46375 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:11:36.181Z"}
{"@timestamp":"2022-09-13T11:12:10.290Z","@version":"1","message":"Sep 13 11:12:09 honeypot-sgp-1 kernel: [83943640.068873] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=50432 PROTO=TCP SPT=19066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:16:43.403Z","@version":"1","message":"Sep 13 11:16:42 honeypot-sgp-1 sshd[10908]: Disconnected from invalid user kong 138.68.91.192 port 38716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:17:27.426Z","@version":"1","message":"Sep 13 11:17:26 honeypot-sgp-1 sshd[10915]: Received disconnect from 20.94.74.40 port 37984:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:17:47 honeypot-ams-1 kernel: [83944451.546370] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.14 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48382 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:17:48.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:14 honeypot-fra-1 kernel: [83942318.502485] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=27684 PROTO=TCP SPT=47663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:18:14.925Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:47 honeypot-fra-1 sshd[6350]: Invalid user mc from 36.99.192.209 port 60776","@timestamp":"2022-09-13T11:18:48.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:57 honeypot-fra-1 kernel: [83942360.999961] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.60 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=38286 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:18:57.945Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T11:19:08.469Z","@version":"1","message":"Sep 13 11:19:08 honeypot-sgp-1 kernel: [83944058.592484] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58088 PROTO=TCP SPT=47663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:17.474Z","@version":"1","message":"Sep 13 11:19:16 honeypot-sgp-1 sshd[10925]: Unable to negotiate with 211.24.73.92 port 56244: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:32.482Z","@version":"1","message":"Sep 13 11:19:32 honeypot-sgp-1 sshd[10929]: Disconnected from invalid user user 45.61.184.204 port 51460 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:51.492Z","@version":"1","message":"Sep 13 11:19:50 honeypot-sgp-1 sshd[10935]: Invalid user user from 45.61.184.204 port 46550","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:24:53 honeypot-fra-1 kernel: [83942717.009013] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=39418 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:24:54.080Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:25:01 honeypot-ams-1 sshd[15702]: Disconnected from authenticating user root 92.255.85.70 port 48300 [preauth]","@timestamp":"2022-09-13T11:25:02.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:07 honeypot-ams-1 sshd[15707]: Received disconnect from 45.61.186.169 port 36686:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:26:07.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:25 honeypot-ams-1 sshd[15711]: Invalid user user from 45.61.186.169 port 60058","@timestamp":"2022-09-13T11:26:25.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:41 honeypot-ams-1 sshd[15715]: Invalid user user from 45.61.186.169 port 55202","@timestamp":"2022-09-13T11:26:41.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:56 honeypot-ams-1 sshd[15719]: Invalid user user from 45.61.186.169 port 50338","@timestamp":"2022-09-13T11:26:57.595Z"}
{"@timestamp":"2022-09-13T11:27:39.680Z","@version":"1","message":"Sep 13 11:27:38 honeypot-sgp-1 kernel: [83944569.037151] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=216.218.206.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44646 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:30:05 honeypot-ams-1 kernel: [83945189.310995] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=28839 PROTO=TCP SPT=48602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:30:05.676Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:30:52 honeypot-fra-1 kernel: [83943075.852856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=9165 PROTO=TCP SPT=48602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:30:52.211Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T11:31:48.785Z","@version":"1","message":"Sep 13 11:31:47 honeypot-sgp-1 sshd[10941]: Received disconnect from 45.61.187.160 port 38774:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:07.795Z","@version":"1","message":"Sep 13 11:32:07 honeypot-sgp-1 sshd[10945]: Received disconnect from 45.61.187.160 port 33688:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:26.804Z","@version":"1","message":"Sep 13 11:32:26 honeypot-sgp-1 sshd[10949]: Received disconnect from 45.61.187.160 port 56840:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:47.814Z","@version":"1","message":"Sep 13 11:32:46 honeypot-sgp-1 sshd[10954]: Received disconnect from 45.61.187.160 port 51764:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:34:20 honeypot-ams-1 kernel: [83945444.390119] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.57.81.252 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=31523 DF PROTO=TCP SPT=20046 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:34:20.790Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:31 honeypot-fra-1 sshd[6372]: Invalid user user from 45.61.184.204 port 45110","@timestamp":"2022-09-13T11:35:32.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:49 honeypot-fra-1 sshd[6376]: Invalid user user from 45.61.184.204 port 39522","@timestamp":"2022-09-13T11:35:50.344Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:36:05 honeypot-fra-1 sshd[6380]: Invalid user user from 45.61.184.204 port 33954","@timestamp":"2022-09-13T11:36:06.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:39:12 honeypot-fra-1 kernel: [83943575.851390] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.183 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41607 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:39:12.423Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:40:22 honeypot-ams-1 kernel: [83945806.117289] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=31557 PROTO=TCP SPT=56132 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:40:22.951Z"}
{"@timestamp":"2022-09-13T11:41:04.020Z","@version":"1","message":"Sep 13 11:41:03 honeypot-sgp-1 kernel: [83945373.287854] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=16511 DF PROTO=TCP SPT=60162 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:43:00.070Z","@version":"1","message":"Sep 13 11:42:59 honeypot-sgp-1 kernel: [83945489.504023] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=47062 DF PROTO=TCP SPT=44738 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:44:31 honeypot-ams-1 sshd[15730]: Disconnected from invalid user tester 20.36.182.53 port 56566 [preauth]","@timestamp":"2022-09-13T11:44:32.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:45:48 honeypot-fra-1 sshd[6387]: Received disconnect from 92.255.85.69 port 23938:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:45:49.575Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:48:11 honeypot-ams-1 sshd[15735]: Invalid user chris from 210.56.25.101 port 51844","@timestamp":"2022-09-13T11:48:12.162Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:49:16 honeypot-fra-1 sshd[6394]: Connection reset by 205.210.31.58 port 53289 [preauth]","@timestamp":"2022-09-13T11:49:16.657Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:35 honeypot-ams-1 sshd[15738]: ssh_dispatch_run_fatal: Connection from 179.60.147.69 port 50856: message authentication code incorrect [preauth]","@timestamp":"2022-09-13T11:49:36.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:54 honeypot-ams-1 sshd[15744]: Disconnected from invalid user admin 80.76.51.45 port 52962 [preauth]","@timestamp":"2022-09-13T11:49:55.211Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:50:32 honeypot-ams-1 kernel: [83946416.823256] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=28420 DF PROTO=TCP SPT=41072 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:50:33.232Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:55 honeypot-ams-1 sshd[15752]: Disconnected from authenticating user root 80.76.51.45 port 42758 [preauth]","@timestamp":"2022-09-13T11:50:56.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:51:40 honeypot-ams-1 sshd[15758]: Disconnected from authenticating user root 80.76.51.45 port 49296 [preauth]","@timestamp":"2022-09-13T11:51:41.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:52:24 honeypot-ams-1 sshd[15765]: Invalid user user from 80.76.51.45 port 55856","@timestamp":"2022-09-13T11:52:25.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:52:35 honeypot-fra-1 kernel: [83944379.504748] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.94.6.47 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=8199 PROTO=TCP SPT=58629 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:52:36.735Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:54:33 honeypot-ams-1 sshd[15769]: Invalid user fieu from 163.177.9.152 port 45918","@timestamp":"2022-09-13T11:54:34.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:01:49 honeypot-fra-1 sshd[6405]: Invalid user user from 45.61.186.249 port 60876","@timestamp":"2022-09-13T12:01:49.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:07 honeypot-fra-1 sshd[6409]: Invalid user user from 45.61.186.249 port 55476","@timestamp":"2022-09-13T12:02:07.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:26 honeypot-fra-1 sshd[6413]: Invalid user user from 45.61.186.249 port 50078","@timestamp":"2022-09-13T12:02:26.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:38 honeypot-fra-1 kernel: [83944982.111646] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.156.91.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24342 PROTO=TCP SPT=53735 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:02:38.968Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T12:04:46.618Z","@version":"1","message":"Sep 13 12:04:46 honeypot-sgp-1 sshd[10967]: Did not receive identification string from 45.61.186.49 port 60216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:05:01.625Z","@version":"1","message":"Sep 13 12:05:01 honeypot-sgp-1 sshd[10970]: Disconnected from invalid user user 45.61.186.49 port 41230 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:05:11.631Z","@version":"1","message":"Sep 13 12:05:10 honeypot-sgp-1 sshd[10974]: Disconnected from invalid user user 45.61.186.49 port 52860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:08:33 honeypot-fra-1 sshd[6422]: Received disconnect from 165.22.45.108 port 50720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:08:34.102Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:10:57 honeypot-ams-1 sshd[15775]: Connection closed by invalid user admin 220.90.156.4 port 57574 [preauth]","@timestamp":"2022-09-13T12:10:57.767Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:10:57 honeypot-fra-1 kernel: [83945480.884826] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.178.125.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=42287 PROTO=TCP SPT=43385 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:10:58.162Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:17:01 honeypot-ams-1 CRON[15781]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T12:17:01.926Z"}
{"@timestamp":"2022-09-13T12:17:01.921Z","@version":"1","message":"Sep 13 12:17:01 honeypot-sgp-1 CRON[10980]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:19:46 honeypot-ams-1 sshd[15788]: Invalid user nang from 175.126.146.170 port 45972","@timestamp":"2022-09-13T12:19:46.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:21:45 honeypot-fra-1 kernel: [83946129.610959] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.116.58.149 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=4495 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:21:46.406Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:22:32 honeypot-ams-1 kernel: [83948335.973776] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=168.181.139.14 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=49094 PROTO=TCP SPT=50971 DPT=80 WINDOW=65316 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:22:33.071Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:29:17 honeypot-fra-1 sshd[6440]: Connection closed by authenticating user root 103.172.10.78 port 48480 [preauth]","@timestamp":"2022-09-13T12:29:18.580Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:31:11 honeypot-ams-1 kernel: [83948855.590981] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=115.29.50.70 DST=178.62.254.91 LEN=40 TOS=0x14 PREC=0x00 TTL=43 ID=60931 DF PROTO=TCP SPT=7169 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:31:12.293Z"}
{"@timestamp":"2022-09-13T12:31:31.281Z","@version":"1","message":"Sep 13 12:31:30 honeypot-sgp-1 kernel: [83948400.942508] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=33773 PROTO=TCP SPT=52015 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:34:53 honeypot-ams-1 sshd[15799]: Disconnected from authenticating user root 92.255.85.69 port 39648 [preauth]","@timestamp":"2022-09-13T12:34:53.392Z"}
{"@timestamp":"2022-09-13T12:35:48.395Z","@version":"1","message":"Sep 13 12:35:48 honeypot-sgp-1 kernel: [83948658.329486] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.12.89.184 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=53554 PROTO=TCP SPT=52520 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:39:13 honeypot-fra-1 kernel: [83947177.555430] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.184 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=52775 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:39:14.802Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:44:32 honeypot-ams-1 sshd[15804]: Invalid user zxin10 from 23.225.191.123 port 52694","@timestamp":"2022-09-13T12:44:32.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:08 honeypot-fra-1 sshd[6459]: Did not receive identification string from 94.156.175.57 port 60444","@timestamp":"2022-09-13T12:46:08.964Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6461]: Invalid user vagrant from 94.156.175.57 port 60690","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6477]: Invalid user ts3srv from 94.156.175.57 port 60760","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6460]: Invalid user steam from 94.156.175.57 port 60691","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6480]: Invalid user ts3sv from 94.156.175.57 port 60765","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6467]: Connection closed by invalid user hadoop 94.156.175.57 port 60694 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6466]: Invalid user postgres from 94.156.175.57 port 60692","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6477]: Connection closed by invalid user ts3srv 94.156.175.57 port 60760 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6480]: Connection closed by invalid user ts3sv 94.156.175.57 port 60765 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6469]: Connection closed by invalid user elasticsearch 94.156.175.57 port 60736 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:47:34 honeypot-fra-1 kernel: [83947677.885329] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.60 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54547 PROTO=TCP SPT=53461 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:47:35.001Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:50:14 honeypot-fra-1 sshd[6521]: Connection closed by invalid user ftpuser 195.242.235.46 port 55324 [preauth]","@timestamp":"2022-09-13T12:50:15.064Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T12:52:49.813Z","@version":"1","message":"Sep 13 12:52:49 honeypot-sgp-1 sshd[10998]: Disconnected from authenticating user root 92.255.85.69 port 54826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:53:00 honeypot-ams-1 sshd[15807]: Connection closed by invalid user user1 103.188.176.251 port 60660 [preauth]","@timestamp":"2022-09-13T12:53:01.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:57:04 honeypot-fra-1 sshd[6529]: Connection closed by invalid user user1 103.188.176.251 port 36108 [preauth]","@timestamp":"2022-09-13T12:57:04.217Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:57:52 honeypot-ams-1 sshd[15816]: Disconnected from authenticating user root 92.255.85.70 port 50264 [preauth]","@timestamp":"2022-09-13T12:57:52.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:00:29 honeypot-fra-1 sshd[6533]: Connection closed by invalid user admin 179.60.147.69 port 48564 [preauth]","@timestamp":"2022-09-13T13:00:30.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:02:05 honeypot-fra-1 sshd[6538]: Received disconnect from 221.157.75.252 port 50532:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:02:05.336Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:03:26.075Z","@version":"1","message":"Sep 13 13:03:25 honeypot-sgp-1 kernel: [83950315.410049] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.149.126.137 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41600 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:04:15 honeypot-fra-1 sshd[6542]: Received disconnect from 159.65.240.232 port 57116:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:04:16.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:05:58 honeypot-fra-1 sshd[6548]: Received disconnect from 179.43.156.143 port 33372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:05:59.428Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:06:15 honeypot-ams-1 sshd[15826]: Unable to negotiate with 211.24.73.92 port 56996: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-13T13:06:16.205Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:07:54 honeypot-fra-1 sshd[6555]: Received disconnect from 179.43.156.143 port 47980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:07:54.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:08:31 honeypot-fra-1 sshd[6559]: Disconnected from invalid user nutanix 179.43.156.143 port 43414 [preauth]","@timestamp":"2022-09-13T13:08:31.488Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:09:46 honeypot-fra-1 sshd[6564]: Received disconnect from 179.43.156.143 port 34326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:09:47.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:10:09 honeypot-ams-1 sshd[15832]: Received disconnect from 148.66.129.194 port 49284:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:10:10.308Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:24 honeypot-fra-1 sshd[6568]: Received disconnect from 179.43.156.143 port 58094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:10:25.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:37 honeypot-fra-1 sshd[6572]: Received disconnect from 45.61.186.169 port 49886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:10:37.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:55 honeypot-fra-1 sshd[6576]: Received disconnect from 45.61.186.169 port 45282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:10:55.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:04 honeypot-fra-1 sshd[6580]: Disconnected from authenticating user root 179.43.156.143 port 53522 [preauth]","@timestamp":"2022-09-13T13:11:04.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:42 honeypot-fra-1 sshd[6586]: Disconnected from authenticating user root 179.43.156.143 port 48972 [preauth]","@timestamp":"2022-09-13T13:11:42.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:13:35 honeypot-fra-1 sshd[6593]: Disconnected from authenticating user root 179.43.156.143 port 35340 [preauth]","@timestamp":"2022-09-13T13:13:36.609Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:17:02.428Z","@version":"1","message":"Sep 13 13:17:01 honeypot-sgp-1 CRON[11007]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:17:47 honeypot-ams-1 sshd[15842]: Invalid user rosok from 46.101.132.159 port 51746","@timestamp":"2022-09-13T13:17:47.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:17:56 honeypot-ams-1 sshd[15844]: Disconnected from invalid user dye 24.188.213.50 port 59132 [preauth]","@timestamp":"2022-09-13T13:17:56.508Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:18:05 honeypot-fra-1 kernel: [83949508.680066] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=21765 PROTO=TCP SPT=55022 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:18:05.716Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:19:04 honeypot-ams-1 sshd[15849]: Received disconnect from 165.22.1.73 port 48920:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:19:04.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:20:04 honeypot-ams-1 sshd[15851]: Disconnected from invalid user ftpuser 37.24.207.203 port 44548 [preauth]","@timestamp":"2022-09-13T13:20:04.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:21:58 honeypot-ams-1 sshd[15858]: Invalid user test from 193.106.191.157 port 32842","@timestamp":"2022-09-13T13:21:58.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:29:04 honeypot-fra-1 sshd[6604]: Invalid user krister from 165.22.45.108 port 60554","@timestamp":"2022-09-13T13:29:04.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:29:58 honeypot-fra-1 sshd[6607]: Disconnected from invalid user user 45.61.186.169 port 39690 [preauth]","@timestamp":"2022-09-13T13:29:58.987Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:17 honeypot-fra-1 sshd[6611]: Disconnected from invalid user user 45.61.186.169 port 34678 [preauth]","@timestamp":"2022-09-13T13:30:17.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:34 honeypot-fra-1 sshd[6615]: Disconnected from invalid user user 45.61.186.169 port 57920 [preauth]","@timestamp":"2022-09-13T13:30:35.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:50 honeypot-fra-1 sshd[6619]: Disconnected from invalid user user 45.61.186.169 port 52908 [preauth]","@timestamp":"2022-09-13T13:30:51.009Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:32:50 honeypot-fra-1 sshd[6626]: Invalid user cooper from 187.235.4.20 port 45388","@timestamp":"2022-09-13T13:32:51.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:36:25.895Z","@version":"1","message":"Sep 13 13:36:25 honeypot-sgp-1 sshd[11015]: Connection closed by authenticating user nobody 179.60.147.69 port 43172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:39:02 honeypot-ams-1 kernel: [83952926.070374] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30909 PROTO=TCP SPT=56088 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:39:03.067Z"}
{"@timestamp":"2022-09-13T13:40:19.991Z","@version":"1","message":"Sep 13 13:40:19 honeypot-sgp-1 sshd[11018]: Disconnected from invalid user henrietta 79.225.76.143 port 37348 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:40:58.010Z","@version":"1","message":"Sep 13 13:40:57 honeypot-sgp-1 sshd[11024]: Disconnected from authenticating user root 45.141.151.196 port 41060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:42:50 honeypot-fra-1 kernel: [83950994.127790] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.121.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=7202 PROTO=TCP SPT=56206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:42:51.369Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T13:43:15.070Z","@version":"1","message":"Sep 13 13:43:15 honeypot-sgp-1 sshd[11028]: Received disconnect from 68.183.78.141 port 40686:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:44:13 honeypot-fra-1 sshd[6640]: Disconnected from invalid user ftpuser 134.209.102.211 port 42716 [preauth]","@timestamp":"2022-09-13T13:44:14.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:47:51 honeypot-fra-1 sshd[6645]: Received disconnect from 188.136.151.4 port 41888:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:47:52.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:53:12 honeypot-ams-1 kernel: [83953776.686898] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.207.248.16 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=19985 DF PROTO=TCP SPT=10076 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:53:13.429Z"}
{"@timestamp":"2022-09-13T13:54:20.342Z","@version":"1","message":"Sep 13 13:54:20 honeypot-sgp-1 sshd[11034]: Disconnected from authenticating user root 103.90.220.156 port 43292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:56.384Z","@version":"1","message":"Sep 13 13:55:55 honeypot-sgp-1 sshd[11039]: Received disconnect from 141.255.162.226 port 39666:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:59.386Z","@version":"1","message":"Sep 13 13:55:58 honeypot-sgp-1 sshd[11045]: Received disconnect from 141.255.162.226 port 48370:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:58:20 honeypot-ams-1 sshd[15874]: Disconnected from authenticating user root 178.128.159.1 port 46388 [preauth]","@timestamp":"2022-09-13T13:58:20.565Z"}
{"@timestamp":"2022-09-13T13:59:26.472Z","@version":"1","message":"Sep 13 13:59:25 honeypot-sgp-1 kernel: [83953675.786756] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=39256 PROTO=TCP SPT=46141 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:05:15 honeypot-fra-1 sshd[6654]: Received disconnect from 92.255.85.70 port 47798:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:05:15.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:09:39 honeypot-fra-1 sshd[6659]: Disconnected from invalid user krister 165.22.45.108 port 37266 [preauth]","@timestamp":"2022-09-13T14:09:40.986Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:12:58.806Z","@version":"1","message":"Sep 13 14:12:58 honeypot-sgp-1 sshd[11055]: Connection closed by invalid user unknown 179.60.147.69 port 57814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:15:36.872Z","@version":"1","message":"Sep 13 14:15:36 honeypot-sgp-1 sshd[11061]: Received disconnect from 45.61.187.160 port 34762:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:15:56.882Z","@version":"1","message":"Sep 13 14:15:56 honeypot-sgp-1 sshd[11065]: Received disconnect from 45.61.187.160 port 57700:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:13.892Z","@version":"1","message":"Sep 13 14:16:13 honeypot-sgp-1 sshd[11069]: Received disconnect from 45.61.187.160 port 52440:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:16:20 honeypot-ams-1 sshd[15880]: Connection closed by invalid user unknown 179.60.147.69 port 19752 [preauth]","@timestamp":"2022-09-13T14:16:21.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:16:52 honeypot-fra-1 kernel: [83953035.558891] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=189.147.172.108 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=2341 PROTO=TCP SPT=19072 DPT=80 WINDOW=5291 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:16:53.149Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T14:17:01.915Z","@version":"1","message":"Sep 13 14:17:01 honeypot-sgp-1 CRON[11073]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:20:21.001Z","@version":"1","message":"Sep 13 14:20:20 honeypot-sgp-1 sshd[11079]: Received disconnect from 182.74.249.110 port 47640:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:21 honeypot-fra-1 sshd[6671]: Disconnected from invalid user neel 187.75.209.161 port 54272 [preauth]","@timestamp":"2022-09-13T14:24:22.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:58 honeypot-fra-1 sshd[6675]: Invalid user mirle from 104.245.44.233 port 54054","@timestamp":"2022-09-13T14:24:59.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:25:59 honeypot-fra-1 sshd[6679]: Disconnected from invalid user user 198.98.61.9 port 42376 [preauth]","@timestamp":"2022-09-13T14:26:00.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:18 honeypot-fra-1 sshd[6683]: Disconnected from invalid user user 198.98.61.9 port 37010 [preauth]","@timestamp":"2022-09-13T14:26:18.366Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:26:28.156Z","@version":"1","message":"Sep 13 14:26:27 honeypot-sgp-1 sshd[11084]: Disconnected from authenticating user root 139.59.76.127 port 58184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:35 honeypot-fra-1 sshd[6687]: Received disconnect from 198.98.61.9 port 59900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:26:35.375Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:51 honeypot-fra-1 sshd[6691]: Received disconnect from 198.98.61.9 port 54518:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T14:26:52.383Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:28:09 honeypot-ams-1 kernel: [83955873.136271] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=5491 PROTO=TCP SPT=52814 DPT=80 WINDOW=34318 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:28:09.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:30:58 honeypot-fra-1 kernel: [83953881.413373] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=32342 PROTO=TCP SPT=59403 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:30:58.494Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:31:29 honeypot-ams-1 kernel: [83956072.853230] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=180.149.126.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=25114 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:31:29.490Z"}
{"@timestamp":"2022-09-13T14:36:10.402Z","@version":"1","message":"Sep 13 14:36:10 honeypot-sgp-1 sshd[11088]: Disconnected from invalid user alexandr 172.79.124.130 port 11849 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:44:59 honeypot-ams-1 sshd[15895]: Received disconnect from 187.157.23.243 port 52442:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:45:00.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:46:49 honeypot-fra-1 sshd[6702]: Received disconnect from 125.164.21.83 port 27328:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:46:49.855Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:49:23.731Z","@version":"1","message":"Sep 13 14:49:23 honeypot-sgp-1 sshd[11094]: Disconnected from authenticating user root 92.255.85.69 port 54502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:49:57 honeypot-fra-1 sshd[6706]: Bad protocol version identification '\\003' from 91.191.209.202 port 61834","@timestamp":"2022-09-13T14:49:57.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:51:02 honeypot-fra-1 sshd[6713]: Received disconnect from 189.5.124.232 port 49144:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:51:02.982Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:52:24 honeypot-fra-1 sshd[6720]: Received disconnect from 35.230.36.24 port 47738:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:52:25.018Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:55:26 honeypot-fra-1 sshd[6724]: Received disconnect from 68.237.78.73 port 34934:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:55:27.087Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:55:45 honeypot-ams-1 kernel: [83957529.028392] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=27920 PROTO=TCP SPT=16847 DPT=80 WINDOW=50611 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:55:46.120Z"}
{"@timestamp":"2022-09-13T15:00:27.004Z","@version":"1","message":"Sep 13 15:00:26 honeypot-sgp-1 kernel: [83957336.004853] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.76.8 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26787 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:06:30 honeypot-fra-1 kernel: [83956014.253926] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.248.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41578 PROTO=TCP SPT=37659 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:06:31.330Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:10:21 honeypot-ams-1 kernel: [83958405.015026] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.161.155.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=35744 PROTO=TCP SPT=10952 DPT=80 WINDOW=23984 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:10:21.493Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:11:49 honeypot-fra-1 kernel: [83956332.469643] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.245.21.133 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=36624 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:11:49.453Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T15:13:58.335Z","@version":"1","message":"Sep 13 15:13:57 honeypot-sgp-1 kernel: [83958147.811223] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=37699 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:15:48 honeypot-fra-1 sshd[6737]: Received disconnect from 92.255.85.69 port 15790:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:15:48.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:17:01 honeypot-fra-1 CRON[6742]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T15:17:01.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:21:08 honeypot-fra-1 sshd[6747]: Invalid user crchen from 137.116.144.39 port 32884","@timestamp":"2022-09-13T15:21:09.673Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:21:15.514Z","@version":"1","message":"Sep 13 15:21:14 honeypot-sgp-1 sshd[11115]: Disconnected from authenticating user root 162.19.64.34 port 50574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:24:31.596Z","@version":"1","message":"Sep 13 15:24:31 honeypot-sgp-1 sshd[11123]: Received disconnect from 92.119.231.13 port 52302:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:24:31 honeypot-ams-1 sshd[15915]: Connection closed by authenticating user root 103.188.176.251 port 40540 [preauth]","@timestamp":"2022-09-13T15:24:32.875Z"}
{"@timestamp":"2022-09-13T15:25:45.629Z","@version":"1","message":"Sep 13 15:25:45 honeypot-sgp-1 sshd[11128]: Received disconnect from 85.237.57.253 port 52516:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:28:38 honeypot-fra-1 sshd[6752]: Connection closed by authenticating user root 103.188.176.251 port 43536 [preauth]","@timestamp":"2022-09-13T15:28:38.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:32:09 honeypot-fra-1 sshd[6759]: Received disconnect from 180.179.114.44 port 36232:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:32:09.945Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:36:31.894Z","@version":"1","message":"Sep 13 15:36:31 honeypot-sgp-1 sshd[11133]: Disconnected from authenticating user root 92.255.85.69 port 58882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:37:07 honeypot-fra-1 kernel: [83957850.905247] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=13866 PROTO=TCP SPT=56902 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:37:08.053Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:39:44 honeypot-ams-1 kernel: [83960168.461076] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=252 ID=54321 PROTO=TCP SPT=53243 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:39:45.283Z"}
{"@timestamp":"2022-09-13T15:42:09.032Z","@version":"1","message":"Sep 13 15:42:08 honeypot-sgp-1 sshd[11140]: Invalid user wr from 193.95.228.126 port 46771","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:06 honeypot-fra-1 sshd[6768]: Disconnected from invalid user user 45.61.186.169 port 45456 [preauth]","@timestamp":"2022-09-13T15:43:07.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:24 honeypot-fra-1 sshd[6772]: Disconnected from invalid user user 45.61.186.169 port 40324 [preauth]","@timestamp":"2022-09-13T15:43:25.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:40 honeypot-fra-1 sshd[6776]: Disconnected from invalid user user 45.61.186.169 port 35186 [preauth]","@timestamp":"2022-09-13T15:43:41.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:56 honeypot-fra-1 sshd[6780]: Disconnected from invalid user user 45.61.186.169 port 58280 [preauth]","@timestamp":"2022-09-13T15:43:57.216Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:46:01.126Z","@version":"1","message":"Sep 13 15:46:00 honeypot-sgp-1 sshd[11144]: Received disconnect from 137.184.123.69 port 58780:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:48:11 honeypot-ams-1 sshd[15936]: Did not receive identification string from 80.76.51.189 port 34156","@timestamp":"2022-09-13T15:48:11.503Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:49:02 honeypot-fra-1 sshd[6787]: Invalid user susan from 143.110.254.115 port 43672","@timestamp":"2022-09-13T15:49:02.331Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:49:42 honeypot-ams-1 sshd[15941]: Disconnected from authenticating user root 80.76.51.189 port 42118 [preauth]","@timestamp":"2022-09-13T15:49:42.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:51:15 honeypot-ams-1 sshd[15947]: Received disconnect from 80.76.51.189 port 43676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:51:15.589Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:52:30 honeypot-fra-1 sshd[6792]: Received disconnect from 159.65.232.191 port 50016:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:52:31.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:52:49 honeypot-ams-1 sshd[15954]: Received disconnect from 80.76.51.189 port 45232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:52:50.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:54:23 honeypot-ams-1 sshd[15960]: Invalid user test from 80.76.51.189 port 46796","@timestamp":"2022-09-13T15:54:23.675Z"}
{"@timestamp":"2022-09-13T15:55:24.384Z","@version":"1","message":"Sep 13 15:55:23 honeypot-sgp-1 sshd[11151]: Invalid user mythtv from 62.204.41.222 port 57429","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:55:28 honeypot-ams-1 sshd[15965]: Invalid user testuser from 80.76.51.189 port 57256","@timestamp":"2022-09-13T15:55:28.704Z"}
{"@timestamp":"2022-09-13T15:55:56.398Z","@version":"1","message":"Sep 13 15:55:55 honeypot-sgp-1 kernel: [83960665.800650] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.89.239.57 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=37992 DF PROTO=TCP SPT=56234 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:56:21 honeypot-fra-1 kernel: [83959004.614316] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.184 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=58896 PROTO=TCP SPT=44515 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:56:21.505Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:56:37 honeypot-ams-1 sshd[15969]: Invalid user ubuntu from 80.76.51.189 port 39482","@timestamp":"2022-09-13T15:56:37.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:57:48 honeypot-ams-1 sshd[15974]: Invalid user ubuntu from 80.76.51.189 port 49944","@timestamp":"2022-09-13T15:57:48.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:58:59 honeypot-ams-1 sshd[15978]: Disconnected from authenticating user root 80.76.51.189 port 60396 [preauth]","@timestamp":"2022-09-13T15:58:59.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:00:10 honeypot-ams-1 sshd[15982]: Disconnected from invalid user postgres 80.76.51.189 port 42636 [preauth]","@timestamp":"2022-09-13T16:00:10.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:01:59 honeypot-ams-1 sshd[15988]: Received disconnect from 80.76.51.189 port 44192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T16:01:59.948Z"}
{"@timestamp":"2022-09-13T16:03:02.571Z","@version":"1","message":"Sep 13 16:03:02 honeypot-sgp-1 sshd[11160]: Did not receive identification string from 141.255.162.226 port 59744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:13.577Z","@version":"1","message":"Sep 13 16:03:13 honeypot-sgp-1 sshd[11165]: Disconnected from invalid user user 141.255.162.226 port 32778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:15.578Z","@version":"1","message":"Sep 13 16:03:15 honeypot-sgp-1 sshd[11169]: Disconnected from invalid user user 141.255.162.226 port 40116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:05:10 honeypot-ams-1 sshd[15995]: Invalid user oracle from 92.255.85.70 port 20804","@timestamp":"2022-09-13T16:05:11.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:05:37 honeypot-fra-1 kernel: [83959561.044608] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.132 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=23508 PROTO=TCP SPT=51315 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:05:38.720Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:07:12 honeypot-ams-1 sshd[15999]: Connection closed by invalid user test 193.106.191.157 port 49132 [preauth]","@timestamp":"2022-09-13T16:07:12.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:15:14 honeypot-fra-1 kernel: [83960137.315994] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.149 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=57144 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:15:14.942Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T16:17:01.908Z","@version":"1","message":"Sep 13 16:17:01 honeypot-sgp-1 CRON[11176]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:17:01 honeypot-ams-1 CRON[16003]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T16:17:02.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:17:03 honeypot-fra-1 sshd[6814]: Invalid user test from 193.106.191.157 port 46836","@timestamp":"2022-09-13T16:17:04.013Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:18:02 honeypot-fra-1 sshd[6816]: Received disconnect from 128.199.187.30 port 57390:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:18:03.039Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:22:54 honeypot-fra-1 sshd[6821]: Received disconnect from 202.83.17.205 port 54404:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:22:55.149Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:24:15.082Z","@version":"1","message":"Sep 13 16:24:14 honeypot-sgp-1 sshd[11180]: Received disconnect from 92.255.85.70 port 52854:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:26:34 honeypot-fra-1 sshd[6825]: Connection closed by invalid user engineer 141.98.10.158 port 39138 [preauth]","@timestamp":"2022-09-13T16:26:34.231Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:28:27 honeypot-ams-1 sshd[16009]: Received disconnect from 92.255.85.70 port 59510:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:28:27.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:31:45 honeypot-fra-1 sshd[6832]: Invalid user temp from 36.66.16.233 port 52672","@timestamp":"2022-09-13T16:31:46.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:32:50.287Z","@version":"1","message":"Sep 13 16:32:49 honeypot-sgp-1 kernel: [83962879.655581] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=49260 PROTO=TCP SPT=50301 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:07.296Z","@version":"1","message":"Sep 13 16:33:06 honeypot-sgp-1 sshd[11188]: Disconnected from invalid user user 45.61.186.169 port 45304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:25.304Z","@version":"1","message":"Sep 13 16:33:25 honeypot-sgp-1 sshd[11192]: Disconnected from invalid user user 45.61.186.169 port 39996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:42.314Z","@version":"1","message":"Sep 13 16:33:41 honeypot-sgp-1 sshd[11196]: Disconnected from invalid user user 45.61.186.169 port 34748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:36:03 honeypot-fra-1 sshd[6836]: Disconnected from invalid user mrc 175.97.136.186 port 60460 [preauth]","@timestamp":"2022-09-13T16:36:03.437Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:40:12 honeypot-ams-1 sshd[16015]: Received disconnect from 103.75.148.11 port 52310:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:40:12.983Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:42:43 honeypot-ams-1 sshd[16019]: Connection closed by invalid user test 179.60.147.69 port 64850 [preauth]","@timestamp":"2022-09-13T16:42:44.067Z"}
{"@timestamp":"2022-09-13T16:45:35.601Z","@version":"1","message":"Sep 13 16:45:34 honeypot-sgp-1 kernel: [83963644.780679] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:48:36 honeypot-ams-1 kernel: [83964299.705413] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18293 PROTO=TCP SPT=45827 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:48:36.241Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:48:59 honeypot-fra-1 sshd[6842]: Disconnected from authenticating user root 92.255.85.69 port 58002 [preauth]","@timestamp":"2022-09-13T16:48:59.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:50:14 honeypot-fra-1 sshd[6848]: Invalid user openfiler from 91.240.118.222 port 36666","@timestamp":"2022-09-13T16:50:14.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:51:10 honeypot-fra-1 sshd[6852]: Invalid user mythtv from 62.204.41.222 port 56621","@timestamp":"2022-09-13T16:51:10.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:51:21.745Z","@version":"1","message":"Sep 13 16:51:21 honeypot-sgp-1 sshd[11209]: Received disconnect from 109.197.194.157 port 37092:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:53:35 honeypot-fra-1 sshd[6856]: Disconnected from authenticating user root 193.194.87.117 port 35266 [preauth]","@timestamp":"2022-09-13T16:53:35.848Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:56:09.864Z","@version":"1","message":"Sep 13 16:56:09 honeypot-sgp-1 kernel: [83964279.180238] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.146.65 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=9905 PROTO=TCP SPT=60492 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:58:03 honeypot-ams-1 sshd[16033]: Received disconnect from 128.199.225.7 port 42110:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:58:04.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:44 honeypot-ams-1 sshd[16036]: Invalid user user from 141.255.162.226 port 56816","@timestamp":"2022-09-13T17:00:44.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:51 honeypot-ams-1 sshd[16040]: Invalid user user from 141.255.162.226 port 58758","@timestamp":"2022-09-13T17:00:51.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:53 honeypot-ams-1 sshd[16044]: Invalid user user from 141.255.162.226 port 38074","@timestamp":"2022-09-13T17:00:54.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:04:30 honeypot-fra-1 kernel: [83963093.685260] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.94.6.47 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=57338 PROTO=TCP SPT=58629 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:04:31.111Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:08:47 honeypot-fra-1 sshd[6862]: Disconnected from authenticating user root 190.11.80.188 port 57556 [preauth]","@timestamp":"2022-09-13T17:08:48.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:11:29.236Z","@version":"1","message":"Sep 13 17:11:28 honeypot-sgp-1 sshd[11237]: Invalid user administrator from 129.226.182.174 port 57752","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:12:50 honeypot-fra-1 sshd[6869]: Connection closed by authenticating user root 12.171.207.202 port 58458 [preauth]","@timestamp":"2022-09-13T17:12:50.305Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:12:57 honeypot-ams-1 sshd[16050]: Received disconnect from 92.255.85.70 port 63802:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:12:57.882Z"}
{"@timestamp":"2022-09-13T17:15:36.339Z","@version":"1","message":"Sep 13 17:15:35 honeypot-sgp-1 sshd[11241]: Received disconnect from 81.16.11.250 port 55550:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:01 honeypot-ams-1 sshd[16055]: Disconnected from authenticating user root 68.183.77.204 port 36558 [preauth]","@timestamp":"2022-09-13T17:17:01.987Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:17:01 honeypot-fra-1 CRON[6874]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T17:17:02.403Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:38 honeypot-ams-1 sshd[16061]: Received disconnect from 141.255.162.226 port 37968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:17:39.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:40 honeypot-ams-1 sshd[16065]: Received disconnect from 141.255.162.226 port 59048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:17:41.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:45 honeypot-ams-1 sshd[16069]: Received disconnect from 141.255.162.226 port 44880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:17:45.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:18:49 honeypot-ams-1 sshd[16074]: Received disconnect from 179.43.145.74 port 55142:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:18:50.039Z"}
{"@timestamp":"2022-09-13T17:19:03.426Z","@version":"1","message":"Sep 13 17:19:02 honeypot-sgp-1 kernel: [83965652.788177] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.204.242 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53474 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:19:23 honeypot-ams-1 sshd[16078]: Disconnected from invalid user test 46.101.29.76 port 38840 [preauth]","@timestamp":"2022-09-13T17:19:24.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:21:08 honeypot-ams-1 sshd[16085]: Disconnected from authenticating user root 179.43.145.74 port 36084 [preauth]","@timestamp":"2022-09-13T17:21:09.109Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:22:22 honeypot-ams-1 sshd[16092]: Received disconnect from 179.43.145.74 port 39754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:22:23.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:24:17 honeypot-ams-1 sshd[16096]: Received disconnect from 179.43.145.74 port 47104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:24:17.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:25:22 honeypot-ams-1 sshd[16100]: Received disconnect from 179.43.145.74 port 52616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:25:23.232Z"}
{"@timestamp":"2022-09-13T17:26:01.597Z","@version":"1","message":"Sep 13 17:26:01 honeypot-sgp-1 kernel: [83966071.122310] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.182.129.137 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=55233 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:26:50 honeypot-ams-1 sshd[16104]: Received disconnect from 179.43.145.74 port 58122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:26:51.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:28:23 honeypot-ams-1 sshd[16109]: Disconnected from invalid user oracle 179.43.145.74 port 35404 [preauth]","@timestamp":"2022-09-13T17:28:24.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:29:12 honeypot-ams-1 sshd[16113]: Disconnected from authenticating user root 179.43.145.74 port 39080 [preauth]","@timestamp":"2022-09-13T17:29:12.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:30:43 honeypot-ams-1 sshd[16117]: Disconnected from authenticating user root 179.43.145.74 port 44590 [preauth]","@timestamp":"2022-09-13T17:30:43.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:31:57 honeypot-fra-1 kernel: [83964740.212793] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.169.162 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=42852 DF PROTO=TCP SPT=58814 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T17:31:57.742Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:32:31.760Z","@version":"1","message":"Sep 13 17:32:30 honeypot-sgp-1 sshd[11255]: Connection reset by 79.180.115.227 port 56819 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:34:01 honeypot-fra-1 sshd[6884]: Received disconnect from 92.255.85.70 port 28418:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:34:02.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:18 honeypot-ams-1 sshd[16123]: Received disconnect from 45.61.184.204 port 40998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:34:19.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:37 honeypot-ams-1 sshd[16127]: Received disconnect from 45.61.184.204 port 35690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:34:37.480Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:55 honeypot-ams-1 sshd[16131]: Received disconnect from 45.61.184.204 port 58604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:34:56.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:35:41 honeypot-ams-1 sshd[16135]: Disconnected from authenticating user root 92.255.85.70 port 20730 [preauth]","@timestamp":"2022-09-13T17:35:42.512Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:40:27 honeypot-fra-1 sshd[6889]: Received disconnect from 92.9.123.122 port 46514:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:40:27.935Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:40:27.955Z","@version":"1","message":"Sep 13 17:40:27 honeypot-sgp-1 kernel: [83966937.517918] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=165.227.76.114 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=47028 DF PROTO=TCP SPT=38024 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:45:07 honeypot-fra-1 kernel: [83965530.139572] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.228.151.5 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=37478 DF PROTO=TCP SPT=37443 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:45:08.041Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:41 honeypot-ams-1 sshd[16139]: Did not receive identification string from 104.156.155.31 port 13558","@timestamp":"2022-09-13T17:50:41.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:42 honeypot-ams-1 sshd[16143]: Invalid user giqsw from 104.156.155.31 port 62076","@timestamp":"2022-09-13T17:50:42.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:45 honeypot-ams-1 sshd[16156]: Unable to negotiate with 104.156.155.31 port 49364: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]","@timestamp":"2022-09-13T17:50:45.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:15 honeypot-fra-1 sshd[6897]: Did not receive identification string from 45.61.184.204 port 56724","@timestamp":"2022-09-13T17:52:16.202Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:52:21.243Z","@version":"1","message":"Sep 13 17:52:20 honeypot-sgp-1 kernel: [83967650.687943] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58288 PROTO=TCP SPT=18798 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6910]: Invalid user hadoop from 94.156.175.57 port 42640","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6924]: Invalid user ts3srv from 94.156.175.57 port 42685","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6913]: Invalid user guest from 94.156.175.57 port 42667","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6915]: Invalid user ts3srv from 94.156.175.57 port 42673","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6916]: Connection closed by invalid user oracle 94.156.175.57 port 42683 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6911]: Connection closed by invalid user steam 94.156.175.57 port 42663 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6899]: Connection closed by invalid user jenkins 94.156.175.57 port 42625 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6920]: Connection closed by invalid user teamspeak 94.156.175.57 port 42689 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6914]: Connection closed by invalid user esuser 94.156.175.57 port 42660 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:48 honeypot-fra-1 sshd[6955]: Disconnected from invalid user user 45.61.184.204 port 54294 [preauth]","@timestamp":"2022-09-13T17:52:49.217Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:07 honeypot-fra-1 sshd[6960]: Disconnected from invalid user user 45.61.184.204 port 48454 [preauth]","@timestamp":"2022-09-13T17:53:08.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:23 honeypot-fra-1 sshd[6964]: Invalid user user from 45.61.184.204 port 42608","@timestamp":"2022-09-13T17:53:24.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:31 honeypot-fra-1 sshd[6968]: Received disconnect from 45.61.184.204 port 53808:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:53:31.238Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:47 honeypot-fra-1 sshd[6972]: Connection closed by invalid user default 179.60.147.69 port 39000 [preauth]","@timestamp":"2022-09-13T17:53:47.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:38 honeypot-fra-1 sshd[6978]: Received disconnect from 141.255.162.226 port 60884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:57:39.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:40 honeypot-fra-1 sshd[6982]: Received disconnect from 141.255.162.226 port 53630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:57:41.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:42 honeypot-fra-1 sshd[6986]: Received disconnect from 141.255.162.226 port 39906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:57:43.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:57:55 honeypot-ams-1 sshd[16167]: Received disconnect from 92.255.85.69 port 49772:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:57:56.108Z"}
{"@timestamp":"2022-09-13T17:58:00.381Z","@version":"1","message":"Sep 13 17:58:00 honeypot-sgp-1 kernel: [83967990.013278] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=14135 DF PROTO=TCP SPT=62651 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:31 honeypot-ams-1 sshd[16170]: Disconnected from invalid user user 45.61.186.249 port 35896 [preauth]","@timestamp":"2022-09-13T17:58:32.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:55 honeypot-ams-1 sshd[16174]: Disconnected from invalid user user 45.61.186.249 port 33752 [preauth]","@timestamp":"2022-09-13T17:58:56.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:16 honeypot-ams-1 sshd[16178]: Disconnected from invalid user user 45.61.186.249 port 59834 [preauth]","@timestamp":"2022-09-13T17:59:17.151Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:59:33 honeypot-fra-1 sshd[6992]: Invalid user panchkarmaindore from 193.46.199.36 port 33664","@timestamp":"2022-09-13T17:59:34.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:37 honeypot-ams-1 sshd[16184]: Invalid user user from 45.61.186.249 port 57680","@timestamp":"2022-09-13T17:59:38.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:02:44 honeypot-fra-1 kernel: [83966587.701952] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=39037 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:02:45.454Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:07:21 honeypot-ams-1 sshd[16187]: Received disconnect from 202.139.196.201 port 35500:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:07:22.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:08:33 honeypot-fra-1 sshd[7000]: Disconnected from invalid user dilza 171.244.139.236 port 35928 [preauth]","@timestamp":"2022-09-13T18:08:33.579Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:09:07 honeypot-ams-1 sshd[16191]: Invalid user mythtv from 62.204.41.222 port 43460","@timestamp":"2022-09-13T18:09:08.436Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:10:33 honeypot-ams-1 kernel: [83969217.118095] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59593 PROTO=TCP SPT=52004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:10:33.474Z"}
{"@timestamp":"2022-09-13T18:16:05.812Z","@version":"1","message":"Sep 13 18:16:04 honeypot-sgp-1 sshd[11270]: Received disconnect from 92.255.85.69 port 39126:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:16:45 honeypot-fra-1 kernel: [83967428.438261] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.142.137.96 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=22961 DF PROTO=TCP SPT=58910 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:16:45.779Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:20:40 honeypot-ams-1 sshd[16199]: Disconnected from authenticating user root 92.255.85.70 port 37056 [preauth]","@timestamp":"2022-09-13T18:20:41.734Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:23:29 honeypot-fra-1 kernel: [83967832.374267] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=52127 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:23:29.931Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T18:25:14.036Z","@version":"1","message":"Sep 13 18:25:13 honeypot-sgp-1 kernel: [83969623.574509] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.203.57.6 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=47560 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:31:39 honeypot-fra-1 sshd[7014]: Disconnected from invalid user ksb 165.22.45.108 port 40476 [preauth]","@timestamp":"2022-09-13T18:31:39.114Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:32:26 honeypot-ams-1 sshd[16205]: Connection closed by invalid user admin 179.60.147.69 port 15342 [preauth]","@timestamp":"2022-09-13T18:32:27.039Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:35:25 honeypot-fra-1 sshd[7021]: Invalid user admin from 43.154.43.99 port 41382","@timestamp":"2022-09-13T18:35:26.218Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:22 honeypot-ams-1 sshd[16208]: Disconnected from invalid user user 45.61.186.169 port 50418 [preauth]","@timestamp":"2022-09-13T18:36:23.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:40 honeypot-ams-1 sshd[16212]: Disconnected from invalid user user 45.61.186.169 port 47388 [preauth]","@timestamp":"2022-09-13T18:36:40.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:57 honeypot-ams-1 sshd[16216]: Disconnected from invalid user user 45.61.186.169 port 44368 [preauth]","@timestamp":"2022-09-13T18:36:58.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:37:14 honeypot-ams-1 sshd[16221]: Received disconnect from 45.61.186.169 port 41340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:37:15.185Z"}
{"@timestamp":"2022-09-13T18:38:26.356Z","@version":"1","message":"Sep 13 18:38:25 honeypot-sgp-1 kernel: [83970415.413534] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15212 PROTO=TCP SPT=33795 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:38:52 honeypot-fra-1 sshd[7025]: Invalid user jessica from 179.60.230.131 port 47310","@timestamp":"2022-09-13T18:38:53.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:38 honeypot-fra-1 sshd[7029]: Disconnected from authenticating user root 157.245.122.58 port 46402 [preauth]","@timestamp":"2022-09-13T18:39:39.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:43 honeypot-fra-1 sshd[7035]: Invalid user admin from 37.187.123.50 port 42232","@timestamp":"2022-09-13T18:39:44.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:40:42 honeypot-fra-1 sshd[7040]: Disconnected from authenticating user root 157.245.122.58 port 59922 [preauth]","@timestamp":"2022-09-13T18:40:43.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:42:51 honeypot-fra-1 sshd[7044]: Received disconnect from 157.245.122.58 port 58756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:42:51.395Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:44:42 honeypot-fra-1 sshd[7048]: Received disconnect from 157.245.122.58 port 57592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:44:43.461Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:44:51 honeypot-ams-1 sshd[16229]: Received disconnect from 80.76.51.189 port 35756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:44:52.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:45:50 honeypot-ams-1 sshd[16234]: Disconnected from authenticating user root 80.76.51.189 port 47216 [preauth]","@timestamp":"2022-09-13T18:45:50.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:46:33 honeypot-fra-1 sshd[7053]: Received disconnect from 157.245.122.58 port 56418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:46:33.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:47:20 honeypot-ams-1 sshd[16240]: Disconnected from authenticating user root 80.76.51.189 port 50250 [preauth]","@timestamp":"2022-09-13T18:47:20.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:48:55 honeypot-ams-1 sshd[16247]: Disconnected from authenticating user root 80.76.51.189 port 53322 [preauth]","@timestamp":"2022-09-13T18:48:56.497Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:50:11 honeypot-ams-1 sshd[16253]: Received disconnect from 143.110.151.255 port 51544:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:50:12.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:51:06 honeypot-ams-1 sshd[16257]: Received disconnect from 80.76.51.189 port 48004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:51:07.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:52:13 honeypot-ams-1 sshd[16261]: Received disconnect from 80.76.51.189 port 59454:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:52:13.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:52:45 honeypot-ams-1 sshd[16265]: Disconnected from invalid user ubuntu 80.76.51.189 port 51068 [preauth]","@timestamp":"2022-09-13T18:52:46.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:53:53 honeypot-ams-1 sshd[16270]: Disconnected from invalid user ubuntu 80.76.51.189 port 34300 [preauth]","@timestamp":"2022-09-13T18:53:53.640Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:54:57 honeypot-fra-1 sshd[7058]: Connection closed by invalid user test 193.106.191.157 port 60258 [preauth]","@timestamp":"2022-09-13T18:54:57.693Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:55:38 honeypot-ams-1 sshd[16276]: Received disconnect from 80.76.51.189 port 37394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:55:39.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:56:53 honeypot-ams-1 sshd[16280]: Received disconnect from 80.76.51.189 port 48828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:56:53.724Z"}
{"@timestamp":"2022-09-13T18:57:12.803Z","@version":"1","message":"Sep 13 18:57:12 honeypot-sgp-1 kernel: [83971542.077392] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=55442 DF PROTO=TCP SPT=53581 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:57:27 honeypot-fra-1 sshd[7062]: Disconnected from invalid user csgoserver 202.70.87.193 port 55706 [preauth]","@timestamp":"2022-09-13T18:57:27.754Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:58:05 honeypot-ams-1 sshd[16284]: Disconnected from invalid user odoo 80.76.51.189 port 60286 [preauth]","@timestamp":"2022-09-13T18:58:05.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:59:18 honeypot-ams-1 sshd[16291]: Received disconnect from 80.76.51.189 port 43514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:59:19.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:01:26 honeypot-fra-1 sshd[7069]: Received disconnect from 43.135.144.44 port 40802:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:01:26.846Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:03:51 honeypot-ams-1 kernel: [83972414.900437] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:03:51.910Z"}
{"@timestamp":"2022-09-13T19:08:22.068Z","@version":"1","message":"Sep 13 19:08:21 honeypot-sgp-1 kernel: [83972211.142806] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=40792 PROTO=TCP SPT=55962 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:11:12.138Z","@version":"1","message":"Sep 13 19:11:11 honeypot-sgp-1 sshd[11300]: Invalid user cpc from 137.184.59.80 port 55776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:11:46 honeypot-fra-1 kernel: [83970729.205821] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=5805 PROTO=TCP SPT=55962 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:11:47.078Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:13:12 honeypot-ams-1 kernel: [83972976.231160] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.14.239.14 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=59871 PROTO=TCP SPT=15373 DPT=80 WINDOW=32484 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:13:13.172Z"}
{"@timestamp":"2022-09-13T19:14:56.227Z","@version":"1","message":"Sep 13 19:14:55 honeypot-sgp-1 sshd[11302]: Disconnected from invalid user mat 137.184.25.247 port 36382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:15:47 honeypot-fra-1 sshd[7081]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.213.59 port 36026","@timestamp":"2022-09-13T19:15:48.170Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:17:01 honeypot-ams-1 CRON[16304]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T19:17:02.272Z"}
{"@timestamp":"2022-09-13T19:19:18.331Z","@version":"1","message":"Sep 13 19:19:18 honeypot-sgp-1 kernel: [83972867.792046] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.32.218.10 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=31529 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:21:19 honeypot-ams-1 sshd[16312]: Received disconnect from 157.245.122.58 port 59422:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:21:19.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:22:21 honeypot-ams-1 sshd[16316]: Received disconnect from 157.245.122.58 port 44720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:22:22.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:23:21 honeypot-ams-1 sshd[16318]: Invalid user tenancy from 157.245.122.58 port 58260","@timestamp":"2022-09-13T19:23:22.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:23:24 honeypot-fra-1 sshd[7088]: Received disconnect from 92.255.85.69 port 18692:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:23:25.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:17 honeypot-ams-1 sshd[16321]: Disconnected from invalid user data.user 157.245.122.58 port 43558 [preauth]","@timestamp":"2022-09-13T19:24:17.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:43 honeypot-ams-1 sshd[16325]: Disconnected from invalid user user 45.61.186.169 port 50582 [preauth]","@timestamp":"2022-09-13T19:24:44.487Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:00 honeypot-ams-1 sshd[16329]: Disconnected from invalid user user 45.61.186.169 port 44696 [preauth]","@timestamp":"2022-09-13T19:25:00.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:13 honeypot-ams-1 sshd[16333]: Disconnected from invalid user jonitwiso 157.245.122.58 port 57086 [preauth]","@timestamp":"2022-09-13T19:25:14.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:23 honeypot-ams-1 sshd[16338]: Received disconnect from 45.61.186.169 port 49974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:25:24.509Z"}
{"@timestamp":"2022-09-13T19:25:41.485Z","@version":"1","message":"Sep 13 19:25:40 honeypot-sgp-1 sshd[11313]: Invalid user juin from 157.245.142.116 port 45876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:26:08 honeypot-ams-1 sshd[16342]: Received disconnect from 157.245.122.58 port 42388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:26:09.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:26:34 honeypot-fra-1 sshd[7092]: Disconnected from invalid user monitor 162.243.172.239 port 40034 [preauth]","@timestamp":"2022-09-13T19:26:35.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:27:11 honeypot-ams-1 kernel: [83973814.901045] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.48 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=51562 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:27:11.572Z"}
{"@timestamp":"2022-09-13T19:27:40.533Z","@version":"1","message":"Sep 13 19:27:39 honeypot-sgp-1 sshd[11317]: Invalid user ftp from 142.93.135.234 port 53984","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:30:30.619Z","@version":"1","message":"Sep 13 19:30:29 honeypot-sgp-1 kernel: [83973539.578504] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.163.83.124 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54819 PROTO=TCP SPT=47763 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:38:30 honeypot-fra-1 sshd[7097]: Received disconnect from 64.135.113.136 port 44776:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:38:30.676Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:40:03.844Z","@version":"1","message":"Sep 13 19:40:03 honeypot-sgp-1 sshd[11326]: Disconnected from invalid user user 45.61.186.49 port 39432 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:40:13.850Z","@version":"1","message":"Sep 13 19:40:12 honeypot-sgp-1 sshd[11330]: Disconnected from invalid user user 45.61.186.49 port 51080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:42:39 honeypot-fra-1 sshd[7104]: Received disconnect from 161.18.254.73 port 57154:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:42:39.770Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:42:47.910Z","@version":"1","message":"Sep 13 19:42:47 honeypot-sgp-1 sshd[11336]: Connection closed by invalid user guest 179.60.147.69 port 8030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:45:27.975Z","@version":"1","message":"Sep 13 19:45:27 honeypot-sgp-1 kernel: [83974437.632928] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=57658 DF PROTO=TCP SPT=58968 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:45:44 honeypot-fra-1 sshd[7109]: Received disconnect from 209.141.52.250 port 59740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:45:44.843Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:47:19 honeypot-ams-1 kernel: [83975023.378996] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=39509 PROTO=TCP SPT=57637 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:47:20.089Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:48:14 honeypot-fra-1 kernel: [83972917.368470] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=51472 DF PROTO=TCP SPT=44282 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:48:14.903Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:52:16 honeypot-ams-1 sshd[16353]: Received disconnect from 159.89.163.217 port 50312:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:52:16.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:53:55 honeypot-fra-1 kernel: [83973257.968973] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=429 PROTO=TCP SPT=58753 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:53:56.033Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:55:36 honeypot-ams-1 sshd[16355]: Received disconnect from 68.183.78.141 port 44948:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:55:37.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:58:33 honeypot-fra-1 sshd[7118]: Received disconnect from 165.22.45.108 port 50416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:58:34.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:59:21.303Z","@version":"1","message":"Sep 13 19:59:20 honeypot-sgp-1 kernel: [83975270.560542] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=62963 PROTO=TCP SPT=58685 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:03:31 honeypot-ams-1 sshd[16360]: Disconnected from authenticating user root 85.31.46.45 port 36852 [preauth]","@timestamp":"2022-09-13T20:03:32.520Z"}
{"@timestamp":"2022-09-13T20:03:53.415Z","@version":"1","message":"Sep 13 20:03:53 honeypot-sgp-1 sshd[11349]: Received disconnect from 45.61.186.169 port 54482:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:02 honeypot-ams-1 sshd[16364]: Disconnected from invalid user test 85.31.46.45 port 56516 [preauth]","@timestamp":"2022-09-13T20:04:03.536Z"}
{"@timestamp":"2022-09-13T20:04:05.421Z","@version":"1","message":"Sep 13 20:04:05 honeypot-sgp-1 sshd[11353]: Disconnected from authenticating user root 101.100.186.174 port 48680 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:20.429Z","@version":"1","message":"Sep 13 20:04:19 honeypot-sgp-1 sshd[11357]: Disconnected from invalid user user 45.61.186.169 port 60910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T01:41:01.172Z","@version":"1","message":"Sep 10 01:41:00 honeypot-sgp-1 sshd[1686]: Disconnected from invalid user traning 123.142.3.137 port 39882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:44:03 honeypot-ams-1 sshd[5561]: Connection closed by invalid user admin 216.52.136.77 port 43270 [preauth]","@timestamp":"2022-09-10T01:44:03.890Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:44:07 honeypot-ams-1 sshd[5567]: Connection closed by invalid user admin 216.52.136.77 port 44758 [preauth]","@timestamp":"2022-09-10T01:44:07.894Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:27 honeypot-fra-1 sshd[28100]: Invalid user admin from 137.184.77.246 port 58442","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28102]: Invalid user oracle from 137.184.77.246 port 58456","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28120]: Invalid user ubuntu from 137.184.77.246 port 58464","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28126]: Invalid user es from 137.184.77.246 port 58460","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28103]: Connection closed by authenticating user root 137.184.77.246 port 58438 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28111]: Connection closed by invalid user jenkins 137.184.77.246 port 58436 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28104]: Connection closed by authenticating user root 137.184.77.246 port 58432 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:46:28 honeypot-fra-1 sshd[28127]: Connection closed by invalid user ubuntu 137.184.77.246 port 58494 [preauth]","@timestamp":"2022-09-10T01:46:28.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:48:15 honeypot-fra-1 sshd[28156]: Disconnected from invalid user backup1 20.91.219.70 port 44696 [preauth]","@timestamp":"2022-09-10T01:48:15.350Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:52:13 honeypot-ams-1 sshd[5574]: Did not receive identification string from 198.98.61.9 port 41242","@timestamp":"2022-09-10T01:52:14.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:52:40 honeypot-ams-1 sshd[5577]: Disconnected from invalid user user 198.98.61.9 port 36652 [preauth]","@timestamp":"2022-09-10T01:52:41.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:52:58 honeypot-ams-1 sshd[5581]: Disconnected from invalid user user 198.98.61.9 port 59864 [preauth]","@timestamp":"2022-09-10T01:52:59.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:53:18 honeypot-ams-1 sshd[5585]: Disconnected from invalid user user 198.98.61.9 port 54870 [preauth]","@timestamp":"2022-09-10T01:53:18.144Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 01:55:22 honeypot-ams-1 kernel: [83651509.507286] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.172.26.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13432 PROTO=TCP SPT=53679 DPT=80 WINDOW=2948 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T01:55:23.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:11 honeypot-ams-1 sshd[5595]: Received disconnect from 141.255.162.226 port 45572:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:58:12.279Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:16 honeypot-ams-1 sshd[5599]: Received disconnect from 141.255.162.226 port 34248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:58:17.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 01:58:18 honeypot-ams-1 sshd[5603]: Received disconnect from 141.255.162.226 port 59610:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T01:58:19.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 01:59:32 honeypot-fra-1 sshd[28164]: Invalid user  from 128.14.232.100 port 38798","@timestamp":"2022-09-10T01:59:32.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:03:16 honeypot-fra-1 sshd[28168]: Disconnected from invalid user nuki 61.138.100.126 port 9616 [preauth]","@timestamp":"2022-09-10T02:03:16.684Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:04:58 honeypot-ams-1 kernel: [83652084.980669] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=93 TOS=0x00 PREC=0x00 TTL=252 ID=52187 PROTO=TCP SPT=5075 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:04:58.459Z"}
{"@timestamp":"2022-09-10T02:05:47.745Z","@version":"1","message":"Sep 10 02:05:47 honeypot-sgp-1 kernel: [83651662.570548] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.12 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48943 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:09:04 honeypot-ams-1 sshd[5614]: Disconnected from invalid user user 141.255.162.226 port 37422 [preauth]","@timestamp":"2022-09-10T02:09:05.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:09:08 honeypot-ams-1 sshd[5618]: Disconnected from invalid user user 141.255.162.226 port 45970 [preauth]","@timestamp":"2022-09-10T02:09:08.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:09:13 honeypot-ams-1 sshd[5622]: Disconnected from invalid user user 141.255.162.226 port 51946 [preauth]","@timestamp":"2022-09-10T02:09:13.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:10:15 honeypot-fra-1 sshd[28174]: Received disconnect from 92.255.85.70 port 19916:11: Bye Bye [preauth]","@timestamp":"2022-09-10T02:10:16.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:10:53 honeypot-ams-1 sshd[5628]: Disconnected from authenticating user root 61.177.173.36 port 20831 [preauth]","@timestamp":"2022-09-10T02:10:53.623Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:12:30 honeypot-ams-1 sshd[5633]: Disconnected from authenticating user root 92.255.85.69 port 57730 [preauth]","@timestamp":"2022-09-10T02:12:31.670Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:34 honeypot-fra-1 sshd[28179]: Invalid user user from 141.255.162.226 port 60084","@timestamp":"2022-09-10T02:14:34.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:38 honeypot-fra-1 sshd[28183]: Invalid user user from 141.255.162.226 port 57690","@timestamp":"2022-09-10T02:14:38.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:14:42 honeypot-fra-1 sshd[28187]: Invalid user user from 141.255.162.226 port 38070","@timestamp":"2022-09-10T02:14:42.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:17:01 honeypot-ams-1 CRON[5638]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T02:17:01.795Z"}
{"@timestamp":"2022-09-10T02:17:02.016Z","@version":"1","message":"Sep 10 02:17:01 honeypot-sgp-1 CRON[1695]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:21:41 honeypot-ams-1 sshd[5644]: Received disconnect from 61.177.173.50 port 18230:11:  [preauth]","@timestamp":"2022-09-10T02:21:41.924Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:23:34 honeypot-ams-1 kernel: [83653201.275387] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.141.242 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38227 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:23:34.977Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:23:40 honeypot-fra-1 sshd[28194]: Invalid user kala from 151.84.64.165 port 38028","@timestamp":"2022-09-10T02:23:40.165Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:26:11 honeypot-ams-1 sshd[5651]: Received disconnect from 31.187.76.21 port 44264:11: Bye Bye [preauth]","@timestamp":"2022-09-10T02:26:12.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:26:19 honeypot-fra-1 sshd[28197]: Connection closed by invalid user devops 34.92.211.177 port 37964 [preauth]","@timestamp":"2022-09-10T02:26:20.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:28:55 honeypot-ams-1 sshd[5656]: Disconnected from authenticating user root 51.250.75.17 port 37410 [preauth]","@timestamp":"2022-09-10T02:28:56.122Z"}
{"@timestamp":"2022-09-10T02:30:16.365Z","@version":"1","message":"Sep 10 02:30:15 honeypot-sgp-1 sshd[1701]: Received disconnect from 92.255.85.69 port 51492:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:30:39 honeypot-fra-1 sshd[28204]: Received disconnect from 165.22.45.108 port 42986:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:30:39.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:37:12 honeypot-ams-1 sshd[5663]: Did not receive identification string from 45.61.186.49 port 37592","@timestamp":"2022-09-10T02:37:13.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:37:28 honeypot-ams-1 sshd[5666]: Disconnected from invalid user user 45.61.186.49 port 53854 [preauth]","@timestamp":"2022-09-10T02:37:29.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:37:38 honeypot-ams-1 sshd[5670]: Received disconnect from 45.61.186.49 port 36934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T02:37:39.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:39:04 honeypot-fra-1 kernel: [83651979.778445] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.98.54.66 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=49816 PROTO=TCP SPT=56066 DPT=3389 WINDOW=3072 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:39:05.510Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 02:44:41 honeypot-ams-1 kernel: [83654468.201465] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.193 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=49688 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T02:44:42.540Z"}
{"@timestamp":"2022-09-10T02:54:11.938Z","@version":"1","message":"Sep 10 02:54:11 honeypot-sgp-1 sshd[1706]: Received disconnect from 92.255.85.69 port 63126:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:55:53 honeypot-ams-1 sshd[5683]: Disconnected from authenticating user root 61.177.173.36 port 19226 [preauth]","@timestamp":"2022-09-10T02:55:53.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 02:56:37 honeypot-fra-1 sshd[28216]: Received disconnect from 92.255.85.70 port 27596:11: Bye Bye [preauth]","@timestamp":"2022-09-10T02:56:37.903Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:58:49 honeypot-ams-1 sshd[5688]: Disconnected from authenticating user root 61.177.173.51 port 39547 [preauth]","@timestamp":"2022-09-10T02:58:49.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:59:23 honeypot-ams-1 sshd[5694]: Invalid user user from 45.61.187.160 port 55646","@timestamp":"2022-09-10T02:59:24.942Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:59:43 honeypot-ams-1 sshd[5698]: Invalid user user from 45.61.187.160 port 49804","@timestamp":"2022-09-10T02:59:43.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 02:59:53 honeypot-ams-1 sshd[5700]: Disconnected from invalid user user 45.61.187.160 port 60982 [preauth]","@timestamp":"2022-09-10T02:59:53.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:00:10 honeypot-ams-1 sshd[5704]: Disconnected from invalid user user 45.61.187.160 port 55134 [preauth]","@timestamp":"2022-09-10T03:00:10.969Z"}
{"@timestamp":"2022-09-10T03:01:51.119Z","@version":"1","message":"Sep 10 03:01:50 honeypot-sgp-1 sshd[1711]: Invalid user masuda from 103.228.204.79 port 36194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:05:35.206Z","@version":"1","message":"Sep 10 03:05:34 honeypot-sgp-1 sshd[1716]: Received disconnect from 167.99.68.65 port 52422:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:06:05 honeypot-fra-1 kernel: [83653600.507069] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=31645 PROTO=TCP SPT=58803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:06:06.113Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:08:02 honeypot-ams-1 kernel: [83655868.915246] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54765 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:08:03.184Z"}
{"@timestamp":"2022-09-10T03:08:10.268Z","@version":"1","message":"Sep 10 03:08:09 honeypot-sgp-1 kernel: [83655404.768170] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.216.97 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=37652 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:09:23 honeypot-ams-1 kernel: [83655949.963622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43729 PROTO=TCP SPT=58803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:09:24.223Z"}
{"@timestamp":"2022-09-10T03:15:03.435Z","@version":"1","message":"Sep 10 03:15:02 honeypot-sgp-1 sshd[1723]: Corrupted MAC on input. [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:17:01 honeypot-fra-1 CRON[28225]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T03:17:01.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:17:01 honeypot-ams-1 CRON[5719]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T03:17:02.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:22:23 honeypot-ams-1 sshd[5730]: Disconnected from authenticating user root 92.255.85.70 port 17090 [preauth]","@timestamp":"2022-09-10T03:22:23.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:22:52 honeypot-fra-1 sshd[28233]: Invalid user user from 103.188.176.251 port 56002","@timestamp":"2022-09-10T03:22:53.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:25:44 honeypot-fra-1 sshd[28671]: Disconnected from invalid user anikei 194.163.43.87 port 54912 [preauth]","@timestamp":"2022-09-10T03:25:45.555Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:26:25 honeypot-ams-1 sshd[5736]: Disconnected from authenticating user root 61.177.173.50 port 17547 [preauth]","@timestamp":"2022-09-10T03:26:25.678Z"}
{"@timestamp":"2022-09-10T03:28:08.749Z","@version":"1","message":"Sep 10 03:28:08 honeypot-sgp-1 kernel: [83656603.342298] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.176.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=57621 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:31:35 honeypot-fra-1 sshd[28677]: Received disconnect from 45.61.186.49 port 46982:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T03:31:36.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:31:46 honeypot-fra-1 sshd[28681]: Received disconnect from 45.61.186.49 port 58458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T03:31:46.692Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T03:34:51.913Z","@version":"1","message":"Sep 10 03:34:51 honeypot-sgp-1 kernel: [83657006.034710] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34589 PROTO=TCP SPT=52640 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:36:34 honeypot-ams-1 sshd[5741]: Disconnected from authenticating user root 61.177.173.51 port 49433 [preauth]","@timestamp":"2022-09-10T03:36:34.941Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:38:26 honeypot-fra-1 kernel: [83655541.397917] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=54258 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:38:26.841Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T03:40:01.042Z","@version":"1","message":"Sep 10 03:40:00 honeypot-sgp-1 kernel: [83657315.988548] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=238 ID=17968 PROTO=TCP SPT=15101 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:43:25 honeypot-fra-1 sshd[28690]: Disconnected from authenticating user root 118.27.106.123 port 45032 [preauth]","@timestamp":"2022-09-10T03:43:25.954Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:45:10 honeypot-ams-1 sshd[5750]: Disconnected from authenticating user root 92.255.85.69 port 43532 [preauth]","@timestamp":"2022-09-10T03:45:11.163Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 03:47:43 honeypot-ams-1 kernel: [83658250.437579] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.127.205.85 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=50675 DF PROTO=TCP SPT=50075 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T03:47:44.232Z"}
{"@timestamp":"2022-09-10T03:49:19.263Z","@version":"1","message":"Sep 10 03:49:18 honeypot-sgp-1 sshd[2174]: Did not receive identification string from 45.61.184.204 port 38022","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:06.283Z","@version":"1","message":"Sep 10 03:50:05 honeypot-sgp-1 sshd[2177]: Disconnected from invalid user user 45.61.184.204 port 58688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:24.292Z","@version":"1","message":"Sep 10 03:50:24 honeypot-sgp-1 sshd[2181]: Disconnected from invalid user user 45.61.184.204 port 53168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T03:50:41.300Z","@version":"1","message":"Sep 10 03:50:40 honeypot-sgp-1 sshd[2185]: Disconnected from invalid user user 45.61.184.204 port 47706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:51:08 honeypot-ams-1 sshd[5757]: Invalid user wallimo_phpbb1 from 161.35.100.253 port 46660","@timestamp":"2022-09-10T03:51:08.322Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 03:51:28 honeypot-fra-1 sshd[28694]: Received disconnect from 167.71.236.26 port 33664:11: Bye Bye [preauth]","@timestamp":"2022-09-10T03:51:29.138Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 03:59:59 honeypot-ams-1 sshd[5764]: Received disconnect from 139.59.36.71 port 50250:11: Bye Bye [preauth]","@timestamp":"2022-09-10T03:59:59.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:10 honeypot-fra-1 sshd[28708]: Invalid user test7 from 101.34.221.23 port 42602","@timestamp":"2022-09-10T04:00:11.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:12 honeypot-fra-1 sshd[28714]: Invalid user nagios from 101.34.221.23 port 42568","@timestamp":"2022-09-10T04:00:13.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:16 honeypot-fra-1 sshd[28722]: Invalid user test4 from 101.34.221.23 port 42590","@timestamp":"2022-09-10T04:00:17.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:00:22 honeypot-fra-1 sshd[28716]: Connection closed by invalid user test6 101.34.221.23 port 42598 [preauth]","@timestamp":"2022-09-10T04:00:23.336Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:02:31 honeypot-ams-1 kernel: [83659138.507851] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.85 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42708 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:02:32.615Z"}
{"@timestamp":"2022-09-10T04:03:21.604Z","@version":"1","message":"Sep 10 04:03:21 honeypot-sgp-1 sshd[2191]: Received disconnect from 92.255.85.69 port 18684:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:04:15 honeypot-fra-1 sshd[28750]: Invalid user bird from 68.183.156.109 port 36468","@timestamp":"2022-09-10T04:04:16.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:10 honeypot-fra-1 sshd[28754]: Disconnected from invalid user user 198.98.61.9 port 43272 [preauth]","@timestamp":"2022-09-10T04:05:11.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:27 honeypot-fra-1 sshd[28758]: Disconnected from invalid user user 198.98.61.9 port 38196 [preauth]","@timestamp":"2022-09-10T04:05:28.456Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:44 honeypot-fra-1 sshd[28762]: Disconnected from invalid user user 198.98.61.9 port 33080 [preauth]","@timestamp":"2022-09-10T04:05:44.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:05:58 honeypot-fra-1 sshd[28768]: Invalid user user from 198.98.61.9 port 56208","@timestamp":"2022-09-10T04:05:59.471Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:06:15 honeypot-ams-1 kernel: [83659361.760258] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=64348 DF PROTO=TCP SPT=57342 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:06:15.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:07:57 honeypot-fra-1 kernel: [83657312.136098] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=3014 PROTO=TCP SPT=42579 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:07:58.518Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:15:38 honeypot-ams-1 kernel: [83659925.207600] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.52.24.190 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=43572 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:15:38.957Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:17:01 honeypot-fra-1 CRON[28777]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T04:17:01.720Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:17:01.932Z","@version":"1","message":"Sep 10 04:17:01 honeypot-sgp-1 CRON[2196]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:21:41 honeypot-fra-1 sshd[28785]: Received disconnect from 51.250.65.201 port 42286:11: Bye Bye [preauth]","@timestamp":"2022-09-10T04:21:42.824Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:23:49 honeypot-fra-1 sshd[28791]: Received disconnect from 143.244.158.100 port 57336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:23:49.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:26:09 honeypot-fra-1 sshd[28798]: Received disconnect from 143.244.158.100 port 39016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:26:09.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:28:32 honeypot-fra-1 sshd[28804]: Received disconnect from 143.244.158.100 port 32842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:28:32.984Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 04:28:46 honeypot-ams-1 kernel: [83660712.962739] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=20951 PROTO=TCP SPT=44386 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:28:47.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:30:08 honeypot-fra-1 sshd[28810]: Received disconnect from 143.244.158.100 port 52514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:30:09.023Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:31:45 honeypot-fra-1 sshd[28815]: Disconnected from authenticating user root 143.244.158.100 port 38940 [preauth]","@timestamp":"2022-09-10T04:31:46.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:34:12 honeypot-fra-1 sshd[28821]: Disconnected from authenticating user root 143.244.158.100 port 42718 [preauth]","@timestamp":"2022-09-10T04:34:13.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28841]: Invalid user oracle from 161.35.100.253 port 40080","@timestamp":"2022-09-10T04:36:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28845]: Invalid user steam from 161.35.100.253 port 40112","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28837]: Invalid user testuser from 161.35.100.253 port 40056","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28843]: Connection closed by invalid user ubuntu 161.35.100.253 port 40076 [preauth]","@timestamp":"2022-09-10T04:36:06.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:05 honeypot-fra-1 sshd[28833]: Connection closed by authenticating user root 161.35.100.253 port 40074 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28830]: Connection closed by authenticating user root 161.35.100.253 port 40064 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28844]: Connection closed by invalid user user 161.35.100.253 port 40082 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28846]: Connection closed by invalid user ubuntu 161.35.100.253 port 40068 [preauth]","@timestamp":"2022-09-10T04:36:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:06 honeypot-fra-1 sshd[28856]: Invalid user admin from 161.35.100.253 port 40130","@timestamp":"2022-09-10T04:36:07.315Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:36:39.409Z","@version":"1","message":"Sep 10 04:36:39 honeypot-sgp-1 sshd[2203]: Received disconnect from 122.160.82.93 port 32930:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:36:44 honeypot-fra-1 sshd[28889]: Disconnected from authenticating user root 143.244.158.100 port 43684 [preauth]","@timestamp":"2022-09-10T04:36:45.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:38:28 honeypot-fra-1 sshd[28895]: Received disconnect from 143.244.158.100 port 47124:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:38:29.374Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:39:03 honeypot-ams-1 sshd[6234]: Did not receive identification string from 27.124.32.142 port 37552","@timestamp":"2022-09-10T04:39:04.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:40:55 honeypot-fra-1 sshd[28901]: Received disconnect from 143.244.158.100 port 36844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:40:56.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:42:31 honeypot-fra-1 sshd[28906]: Received disconnect from 143.244.158.100 port 42458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:42:32.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:44:03 honeypot-fra-1 kernel: [83659478.264093] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.137.180 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=11079 PROTO=TCP SPT=34094 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T04:44:04.508Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:45:40 honeypot-fra-1 sshd[28916]: Received disconnect from 143.244.158.100 port 58766:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:45:40.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:47:18 honeypot-fra-1 sshd[28922]: Disconnected from authenticating user root 143.244.158.100 port 43518 [preauth]","@timestamp":"2022-09-10T04:47:18.588Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:49:43.720Z","@version":"1","message":"Sep 10 04:49:43 honeypot-sgp-1 sshd[2209]: Invalid user oracle from 92.255.85.70 port 25068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:49:47 honeypot-fra-1 sshd[28928]: Received disconnect from 143.244.158.100 port 38500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:49:48.647Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T04:51:37.768Z","@version":"1","message":"Sep 10 04:51:37 honeypot-sgp-1 sshd[2214]: Invalid user user from 141.255.162.226 port 46426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T04:51:42.771Z","@version":"1","message":"Sep 10 04:51:41 honeypot-sgp-1 sshd[2218]: Invalid user user from 141.255.162.226 port 35134","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T04:51:46.774Z","@version":"1","message":"Sep 10 04:51:46 honeypot-sgp-1 sshd[2222]: Invalid user user from 141.255.162.226 port 60550","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:52:18 honeypot-fra-1 sshd[28934]: Received disconnect from 143.244.158.100 port 55714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:52:18.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:53:09 honeypot-fra-1 sshd[28940]: Received disconnect from 143.244.158.100 port 43048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:53:09.723Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:54:18 honeypot-ams-1 sshd[6240]: Disconnected from authenticating user root 84.1.30.70 port 50236 [preauth]","@timestamp":"2022-09-10T04:54:18.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:54:50 honeypot-fra-1 sshd[28946]: Received disconnect from 143.244.158.100 port 33656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:54:51.763Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:55:57 honeypot-fra-1 sshd[28950]: Disconnected from invalid user fun 201.48.78.29 port 36476 [preauth]","@timestamp":"2022-09-10T04:55:57.789Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 04:57:35 honeypot-ams-1 sshd[6245]: Disconnected from authenticating user root 51.38.70.212 port 39300 [preauth]","@timestamp":"2022-09-10T04:57:36.034Z"}
{"@timestamp":"2022-09-10T04:58:05.921Z","@version":"1","message":"Sep 10 04:58:05 honeypot-sgp-1 kernel: [83662000.495539] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=54.237.215.76 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=3701 DF PROTO=TCP SPT=4399 DPT=443 WINDOW=26733 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:58:11 honeypot-fra-1 sshd[28957]: Received disconnect from 143.244.158.100 port 56564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:58:11.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 04:59:11 honeypot-fra-1 sshd[28961]: Received disconnect from 143.244.158.100 port 41564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T04:59:11.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:01:48 honeypot-fra-1 sshd[28967]: Received disconnect from 143.244.158.100 port 51512:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:01:48.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:03:34 honeypot-fra-1 sshd[28972]: Disconnected from authenticating user root 143.244.158.100 port 36910 [preauth]","@timestamp":"2022-09-10T05:03:34.970Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:05:46.106Z","@version":"1","message":"Sep 10 05:05:45 honeypot-sgp-1 sshd[2228]: Received disconnect from 206.189.65.29 port 49772:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:06:20 honeypot-fra-1 sshd[28978]: Disconnected from authenticating user root 143.244.158.100 port 52494 [preauth]","@timestamp":"2022-09-10T05:06:21.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:09:36.200Z","@version":"1","message":"Sep 10 05:09:35 honeypot-sgp-1 sshd[2232]: Received disconnect from 189.195.123.54 port 38152:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:09:42 honeypot-fra-1 sshd[28983]: Disconnected from invalid user jz 165.22.45.108 port 39938 [preauth]","@timestamp":"2022-09-10T05:09:43.109Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:10:07 honeypot-ams-1 sshd[6251]: Disconnected from invalid user gituser 206.189.204.63 port 59960 [preauth]","@timestamp":"2022-09-10T05:10:07.352Z"}
{"@timestamp":"2022-09-10T05:15:52.349Z","@version":"1","message":"Sep 10 05:15:51 honeypot-sgp-1 kernel: [83663066.373354] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=120.87.56.214 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=5113 DF PROTO=TCP SPT=37029 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:17:01 honeypot-fra-1 CRON[28990]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T05:17:01.272Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 05:18:09 honeypot-ams-1 kernel: [83663675.890823] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.96.138 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51452 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:18:09.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:21:53 honeypot-fra-1 sshd[29001]: Protocol major versions differ for 154.198.211.133 port 59884: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Server","@timestamp":"2022-09-10T05:21:53.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 05:25:06 honeypot-ams-1 kernel: [83664092.560985] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=39939 PROTO=TCP SPT=50209 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:25:06.737Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:29:24 honeypot-fra-1 sshd[29007]: Received disconnect from 161.35.236.24 port 43056:11: Bye Bye [preauth]","@timestamp":"2022-09-10T05:29:24.547Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:31:37 honeypot-ams-1 sshd[6267]: Received disconnect from 45.61.186.49 port 37256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:31:38.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:31:47 honeypot-ams-1 sshd[6271]: Received disconnect from 45.61.186.49 port 48938:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T05:31:47.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:32:16 honeypot-fra-1 sshd[29011]: Disconnected from authenticating user root 138.197.138.123 port 40328 [preauth]","@timestamp":"2022-09-10T05:32:16.613Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:33:11.758Z","@version":"1","message":"Sep 10 05:33:10 honeypot-sgp-1 sshd[2243]: Did not receive identification string from 45.61.187.160 port 57174","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:33:39.772Z","@version":"1","message":"Sep 10 05:33:39 honeypot-sgp-1 sshd[2246]: Disconnected from invalid user user 45.61.187.160 port 37214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:33:58.781Z","@version":"1","message":"Sep 10 05:33:58 honeypot-sgp-1 sshd[2250]: Disconnected from invalid user user 45.61.187.160 port 60560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:34:16.790Z","@version":"1","message":"Sep 10 05:34:16 honeypot-sgp-1 sshd[2254]: Disconnected from invalid user user 45.61.187.160 port 55706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T05:36:46.849Z","@version":"1","message":"Sep 10 05:36:46 honeypot-sgp-1 sshd[2258]: Disconnected from invalid user usuario 92.255.85.69 port 33082 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:37:31 honeypot-fra-1 sshd[29019]: Disconnected from authenticating user root 64.225.43.245 port 38860 [preauth]","@timestamp":"2022-09-10T05:37:31.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:39:52 honeypot-fra-1 sshd[29025]: Disconnected from authenticating user root 64.225.43.245 port 51220 [preauth]","@timestamp":"2022-09-10T05:39:52.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:40:39 honeypot-fra-1 sshd[29030]: Disconnected from authenticating user root 64.225.43.245 port 36518 [preauth]","@timestamp":"2022-09-10T05:40:39.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:41:37 honeypot-fra-1 kernel: [83662932.155881] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.224.189.47 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=TCP SPT=46457 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:41:37.825Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:42:04 honeypot-ams-1 sshd[6275]: Received disconnect from 92.255.85.70 port 43492:11: Bye Bye [preauth]","@timestamp":"2022-09-10T05:42:05.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:42:56 honeypot-fra-1 sshd[29040]: Disconnected from authenticating user root 64.225.43.245 port 48876 [preauth]","@timestamp":"2022-09-10T05:42:56.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:44:59 honeypot-fra-1 kernel: [83663134.200807] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.238.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40543 PROTO=TCP SPT=1037 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T05:44:59.906Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T05:46:00.092Z","@version":"1","message":"Sep 10 05:45:59 honeypot-sgp-1 sshd[2264]: Received disconnect from 167.71.65.64 port 59850:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:46:50 honeypot-fra-1 sshd[29051]: Disconnected from authenticating user root 64.225.43.245 port 60064 [preauth]","@timestamp":"2022-09-10T05:46:51.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:49:13 honeypot-fra-1 sshd[29057]: Disconnected from authenticating user root 64.225.43.245 port 44194 [preauth]","@timestamp":"2022-09-10T05:49:14.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:51:36 honeypot-fra-1 sshd[29063]: Disconnected from authenticating user root 64.225.43.245 port 56552 [preauth]","@timestamp":"2022-09-10T05:51:37.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:53:58 honeypot-fra-1 sshd[29070]: Disconnected from authenticating user root 64.225.43.245 port 40684 [preauth]","@timestamp":"2022-09-10T05:53:59.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:56:16 honeypot-fra-1 sshd[29076]: Disconnected from authenticating user root 64.225.43.245 port 53038 [preauth]","@timestamp":"2022-09-10T05:56:17.165Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T05:56:48.374Z","@version":"1","message":"Sep 10 05:56:47 honeypot-sgp-1 sshd[2268]: Connection closed by invalid user admin 210.178.65.187 port 34296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 05:57:43 honeypot-ams-1 sshd[6281]: Invalid user admin from 122.23.90.2 port 63968","@timestamp":"2022-09-10T05:57:44.590Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 05:57:51 honeypot-fra-1 sshd[29083]: Disconnected from authenticating user root 64.225.43.245 port 51866 [preauth]","@timestamp":"2022-09-10T05:57:52.201Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:00:17 honeypot-fra-1 sshd[29089]: Disconnected from authenticating user root 64.225.43.245 port 35992 [preauth]","@timestamp":"2022-09-10T06:00:18.257Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:00:59.476Z","@version":"1","message":"Sep 10 06:00:59 honeypot-sgp-1 sshd[2274]: Received disconnect from 92.255.85.70 port 26768:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:01:48.518Z","@version":"1","message":"Sep 10 06:01:48 honeypot-sgp-1 sshd[2278]: Disconnected from authenticating user root 187.35.147.87 port 42975 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:02:44 honeypot-fra-1 sshd[29096]: Disconnected from authenticating user root 64.225.43.245 port 48428 [preauth]","@timestamp":"2022-09-10T06:02:44.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:03:21 honeypot-fra-1 sshd[29100]: Disconnected from invalid user usuario 92.255.85.70 port 51248 [preauth]","@timestamp":"2022-09-10T06:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:05:10 honeypot-fra-1 sshd[29106]: Disconnected from authenticating user root 64.225.43.245 port 60790 [preauth]","@timestamp":"2022-09-10T06:05:11.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:07:35 honeypot-fra-1 sshd[29112]: Received disconnect from 64.225.43.245 port 44918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:07:36.426Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 06:08:10 honeypot-ams-1 kernel: [83666676.639299] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=59706 PROTO=TCP SPT=52076 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:08:10.856Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:09:41 honeypot-fra-1 kernel: [83664615.894468] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53036 PROTO=TCP SPT=49603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:09:42.476Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:11:38 honeypot-fra-1 sshd[29123]: Received disconnect from 64.225.43.245 port 56110:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T06:11:39.523Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:12:25.802Z","@version":"1","message":"Sep 10 06:12:25 honeypot-sgp-1 sshd[2285]: Disconnected from invalid user webadmin 159.89.19.21 port 44294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:13:35 honeypot-fra-1 sshd[29131]: Invalid user ka from 165.22.45.108 port 50036","@timestamp":"2022-09-10T06:13:35.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:14:58 honeypot-fra-1 sshd[29135]: Received disconnect from 165.227.118.41 port 58854:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:14:58.616Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:15:37.882Z","@version":"1","message":"Sep 10 06:15:37 honeypot-sgp-1 kernel: [83666652.194595] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=4848 PROTO=TCP SPT=49603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:16:35 honeypot-fra-1 kernel: [83665029.986244] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.141.35 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21119 PROTO=TCP SPT=23893 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:16:36.654Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:17:01 honeypot-ams-1 CRON[6289]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T06:17:02.081Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:17:27 honeypot-fra-1 sshd[29147]: Disconnected from authenticating user root 64.225.43.245 port 37902 [preauth]","@timestamp":"2022-09-10T06:17:27.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:19:56 honeypot-fra-1 sshd[29154]: Disconnected from authenticating user root 64.225.43.245 port 50268 [preauth]","@timestamp":"2022-09-10T06:19:56.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:20:38.007Z","@version":"1","message":"Sep 10 06:20:37 honeypot-sgp-1 kernel: [83666951.940145] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46106 PROTO=TCP SPT=48885 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:22:24 honeypot-fra-1 sshd[29160]: Disconnected from authenticating user root 64.225.43.245 port 34424 [preauth]","@timestamp":"2022-09-10T06:22:24.790Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 06:23:18 honeypot-ams-1 kernel: [83667585.271857] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.189.107.44 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=35820 PROTO=TCP SPT=58048 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:23:19.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:23:55 honeypot-fra-1 sshd[29166]: Disconnected from invalid user user 45.61.186.249 port 39358 [preauth]","@timestamp":"2022-09-10T06:23:55.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:06 honeypot-fra-1 sshd[29170]: Disconnected from authenticating user root 64.225.43.245 port 33256 [preauth]","@timestamp":"2022-09-10T06:24:06.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:24:21.099Z","@version":"1","message":"Sep 10 06:24:21 honeypot-sgp-1 sshd[2397]: Disconnected from invalid user ftpuser 92.255.85.70 port 42130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:23 honeypot-fra-1 sshd[29175]: Disconnected from invalid user user 45.61.186.249 port 45966 [preauth]","@timestamp":"2022-09-10T06:24:23.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:33 honeypot-fra-1 sshd[29179]: Disconnected from invalid user user 45.61.186.249 port 57562 [preauth]","@timestamp":"2022-09-10T06:24:34.846Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:24:52 honeypot-fra-1 sshd[29183]: Disconnected from invalid user user 45.61.186.249 port 52548 [preauth]","@timestamp":"2022-09-10T06:24:53.855Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:25:39 honeypot-fra-1 sshd[29320]: Received disconnect from 107.170.113.190 port 52572:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:25:39.876Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:26:03.145Z","@version":"1","message":"Sep 10 06:26:02 honeypot-sgp-1 sshd[2549]: Received disconnect from 61.76.169.138 port 1926:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:27:09 honeypot-fra-1 sshd[29326]: Invalid user ftpuser from 92.255.85.69 port 54450","@timestamp":"2022-09-10T06:27:09.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:28:22 honeypot-fra-1 sshd[29330]: Disconnected from authenticating user root 64.225.43.245 port 44438 [preauth]","@timestamp":"2022-09-10T06:28:23.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 06:28:37 honeypot-ams-1 kernel: [83667903.776520] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=47404 PROTO=TCP SPT=50055 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:28:37.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:32:03 honeypot-fra-1 sshd[29337]: Received disconnect from 119.92.70.82 port 58938:11: Bye Bye [preauth]","@timestamp":"2022-09-10T06:32:04.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:38:14 honeypot-fra-1 kernel: [83666328.966765] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=65104 PROTO=TCP SPT=51861 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:38:15.180Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:38:23 honeypot-ams-1 sshd[6563]: Did not receive identification string from 193.142.146.50 port 33500","@timestamp":"2022-09-10T06:38:23.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:39:15 honeypot-ams-1 sshd[6568]: Disconnected from authenticating user root 193.142.146.50 port 52074 [preauth]","@timestamp":"2022-09-10T06:39:15.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:40:38 honeypot-ams-1 sshd[6574]: Disconnected from authenticating user root 193.142.146.50 port 55094 [preauth]","@timestamp":"2022-09-10T06:40:38.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:41:02 honeypot-ams-1 sshd[6580]: Disconnected from authenticating user root 193.142.146.50 port 56610 [preauth]","@timestamp":"2022-09-10T06:41:02.719Z"}
{"@timestamp":"2022-09-10T06:43:26.591Z","@version":"1","message":"Sep 10 06:43:26 honeypot-sgp-1 kernel: [83668320.908142] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.92.32.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=65019 PROTO=TCP SPT=52205 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:45:55 honeypot-fra-1 sshd[29341]: Disconnected from invalid user ka 165.22.45.108 port 55082 [preauth]","@timestamp":"2022-09-10T06:45:56.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T06:46:45.672Z","@version":"1","message":"Sep 10 06:46:44 honeypot-sgp-1 sshd[2559]: Received disconnect from 170.106.168.129 port 60582:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:47:27.691Z","@version":"1","message":"Sep 10 06:47:27 honeypot-sgp-1 sshd[2579]: Received disconnect from 142.93.64.67 port 56706:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:47:43 honeypot-fra-1 sshd[29346]: Disconnected from invalid user takeall 118.70.175.209 port 47404 [preauth]","@timestamp":"2022-09-10T06:47:43.393Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:01 honeypot-ams-1 sshd[6586]: Invalid user user from 45.61.187.160 port 55960","@timestamp":"2022-09-10T06:49:01.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:19 honeypot-ams-1 sshd[6590]: Invalid user user from 45.61.187.160 port 51148","@timestamp":"2022-09-10T06:49:19.937Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:36 honeypot-ams-1 sshd[6594]: Invalid user user from 45.61.187.160 port 46304","@timestamp":"2022-09-10T06:49:37.946Z"}
{"@timestamp":"2022-09-10T06:49:49.749Z","@version":"1","message":"Sep 10 06:49:49 honeypot-sgp-1 sshd[2584]: Received disconnect from 13.67.201.190 port 48574:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:49:53 honeypot-ams-1 sshd[6598]: Invalid user user from 45.61.187.160 port 41484","@timestamp":"2022-09-10T06:49:53.954Z"}
{"@timestamp":"2022-09-10T06:50:21.763Z","@version":"1","message":"Sep 10 06:50:21 honeypot-sgp-1 sshd[2588]: Received disconnect from 41.227.27.129 port 15956:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:51:12.787Z","@version":"1","message":"Sep 10 06:51:12 honeypot-sgp-1 sshd[2592]: Invalid user images from 46.101.5.100 port 59296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 06:51:30 honeypot-ams-1 sshd[6600]: Disconnected from invalid user jet 157.245.13.253 port 49548 [preauth]","@timestamp":"2022-09-10T06:51:30.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 06:51:40 honeypot-fra-1 kernel: [83667134.329593] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25152 PROTO=TCP SPT=52347 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:51:40.483Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T06:52:08.811Z","@version":"1","message":"Sep 10 06:52:08 honeypot-sgp-1 sshd[2596]: Received disconnect from 98.110.183.53 port 32872:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T06:58:15.956Z","@version":"1","message":"Sep 10 06:58:15 honeypot-sgp-1 sshd[2599]: Disconnected from invalid user jeff 58.8.148.64 port 45978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 06:59:07 honeypot-ams-1 kernel: [83669734.035943] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=54105 DF PROTO=TCP SPT=55129 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T06:59:08.189Z"}
{"@timestamp":"2022-09-10T07:02:32.062Z","@version":"1","message":"Sep 10 07:02:31 honeypot-sgp-1 sshd[2602]: Disconnected from invalid user merlin 103.42.72.20 port 59800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:10:09 honeypot-fra-1 kernel: [83668244.002206] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=53818 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:10:09.888Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T07:11:11.281Z","@version":"1","message":"Sep 10 07:11:11 honeypot-sgp-1 sshd[2605]: Disconnected from authenticating user root 92.255.85.70 port 46472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:16:13 honeypot-ams-1 kernel: [83670760.275556] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.125 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58260 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:16:14.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:17:01 honeypot-fra-1 CRON[29463]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T07:17:02.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:18:52 honeypot-fra-1 sshd[29469]: Invalid user test from 193.106.191.157 port 37374","@timestamp":"2022-09-10T07:18:53.099Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 07:19:14 honeypot-ams-1 kernel: [83670941.327679] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.129 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15713 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T07:19:15.698Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:22:10 honeypot-fra-1 sshd[29473]: Received disconnect from 202.162.109.25 port 49684:11: Bye Bye [preauth]","@timestamp":"2022-09-10T07:22:11.175Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T07:25:24.631Z","@version":"1","message":"Sep 10 07:25:23 honeypot-sgp-1 sshd[2613]: Received disconnect from 157.255.28.157 port 47118:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T07:34:32.865Z","@version":"1","message":"Sep 10 07:34:31 honeypot-sgp-1 sshd[2620]: Received disconnect from 92.255.85.70 port 47964:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:37:22 honeypot-fra-1 sshd[29477]: Disconnected from authenticating user root 92.255.85.70 port 18096 [preauth]","@timestamp":"2022-09-10T07:37:22.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T07:38:00.952Z","@version":"1","message":"Sep 10 07:38:00 honeypot-sgp-1 sshd[2625]: Connection closed by invalid user  152.32.255.215 port 42244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:39:56 honeypot-ams-1 sshd[6617]: Disconnected from authenticating user root 92.255.85.69 port 28026 [preauth]","@timestamp":"2022-09-10T07:39:57.242Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:26 honeypot-fra-1 sshd[29486]: Invalid user oracle from 147.182.210.165 port 34086","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29488]: Connection closed by invalid user postgres 147.182.210.165 port 34046 [preauth]","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29505]: Invalid user ubuntu from 147.182.210.165 port 34062","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29500]: Invalid user steam from 147.182.210.165 port 34088","@timestamp":"2022-09-10T07:42:27.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29503]: Invalid user www from 147.182.210.165 port 34048","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29510]: Connection closed by invalid user admin 147.182.210.165 port 34090 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29491]: Connection closed by invalid user devops 147.182.210.165 port 34040 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29498]: Connection closed by authenticating user root 147.182.210.165 port 34070 [preauth]","@timestamp":"2022-09-10T07:42:27.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:42:27 honeypot-fra-1 sshd[29537]: Invalid user test from 147.182.210.165 port 34060","@timestamp":"2022-09-10T07:42:28.624Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:43:29 honeypot-ams-1 sshd[6622]: Did not receive identification string from 220.169.156.44 port 52201","@timestamp":"2022-09-10T07:43:30.338Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 07:48:53 honeypot-fra-1 sshd[29540]: Received disconnect from 165.22.45.108 port 36908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T07:48:53.768Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:39 honeypot-ams-1 sshd[6625]: Invalid user ubnt from 20.118.188.175 port 57626","@timestamp":"2022-09-10T07:53:39.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:47 honeypot-ams-1 sshd[6629]: error: Received disconnect from 20.118.188.175 port 57854:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-10T07:53:48.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:53:55 honeypot-ams-1 sshd[6633]: error: Received disconnect from 20.118.188.175 port 58131:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-10T07:53:55.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:55:29 honeypot-ams-1 sshd[6637]: error: Received disconnect from 20.118.188.175 port 61298:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-10T07:55:30.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 07:55:35 honeypot-ams-1 sshd[6641]: error: Received disconnect from 20.118.188.175 port 61555:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-10T07:55:36.652Z"}
{"@timestamp":"2022-09-10T07:59:10.476Z","@version":"1","message":"Sep 10 07:59:09 honeypot-sgp-1 kernel: [83672864.692276] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=194.147.58.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=23961 PROTO=TCP SPT=56477 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:01:06 honeypot-fra-1 sshd[29545]: Disconnected from authenticating user root 92.255.85.70 port 28284 [preauth]","@timestamp":"2022-09-10T08:01:07.038Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:03:21 honeypot-ams-1 sshd[6646]: Received disconnect from 92.255.85.70 port 30580:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:03:22.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:06:31 honeypot-ams-1 sshd[6652]: Received disconnect from 143.244.158.100 port 51992:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:06:31.936Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:06:41 honeypot-fra-1 sshd[29548]: Disconnected from invalid user shhk 181.129.166.202 port 40188 [preauth]","@timestamp":"2022-09-10T08:06:42.166Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:08:05 honeypot-ams-1 sshd[6657]: Disconnected from authenticating user root 143.244.158.100 port 41248 [preauth]","@timestamp":"2022-09-10T08:08:05.979Z"}
{"@timestamp":"2022-09-10T08:10:24.755Z","@version":"1","message":"Sep 10 08:10:24 honeypot-sgp-1 kernel: [83673539.098000] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.9.71.118 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=34388 DF PROTO=TCP SPT=10446 DPT=443 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:10:26 honeypot-ams-1 sshd[6663]: Disconnected from authenticating user root 143.244.158.100 port 40294 [preauth]","@timestamp":"2022-09-10T08:10:27.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:12:47 honeypot-ams-1 sshd[6670]: Received disconnect from 143.244.158.100 port 34812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:12:48.107Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:14:10 honeypot-fra-1 sshd[29573]: Invalid user noel from 114.246.10.197 port 43854","@timestamp":"2022-09-10T08:14:10.334Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:15:11 honeypot-ams-1 sshd[6676]: Received disconnect from 143.244.158.100 port 53448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:15:12.172Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:15:12 honeypot-fra-1 sshd[29576]: Disconnected from invalid user jesica 68.183.226.236 port 45812 [preauth]","@timestamp":"2022-09-10T08:15:12.359Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T08:16:25.901Z","@version":"1","message":"Sep 10 08:16:25 honeypot-sgp-1 sshd[2635]: Received disconnect from 122.181.16.134 port 44762:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:17:01 honeypot-ams-1 CRON[6682]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T08:17:02.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:19:14 honeypot-ams-1 sshd[6690]: Received disconnect from 143.244.158.100 port 53730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:19:15.280Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:20:34 honeypot-fra-1 sshd[29582]: Disconnected from invalid user kafka 165.22.45.108 port 41952 [preauth]","@timestamp":"2022-09-10T08:20:34.485Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:20:53 honeypot-ams-1 sshd[6696]: Invalid user jacuna from 190.119.187.173 port 59497","@timestamp":"2022-09-10T08:20:54.325Z"}
{"@timestamp":"2022-09-10T08:21:52.056Z","@version":"1","message":"Sep 10 08:21:51 honeypot-sgp-1 sshd[2659]: Disconnected from authenticating user root 92.255.85.70 port 41238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:22:26 honeypot-ams-1 sshd[6700]: Disconnected from authenticating user root 143.244.158.100 port 42340 [preauth]","@timestamp":"2022-09-10T08:22:27.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:24:01 honeypot-ams-1 sshd[6707]: Received disconnect from 143.244.158.100 port 54132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:24:02.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:25:43 honeypot-ams-1 sshd[6711]: Disconnected from authenticating user root 143.244.158.100 port 32950 [preauth]","@timestamp":"2022-09-10T08:25:44.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:27:28 honeypot-ams-1 sshd[6736]: Received disconnect from 143.244.158.100 port 50972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:27:29.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:30:13 honeypot-ams-1 sshd[6743]: Received disconnect from 143.244.158.100 port 35266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:30:14.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:32:59 honeypot-ams-1 sshd[6749]: Received disconnect from 143.244.158.100 port 46990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:32:59.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:35:47 honeypot-ams-1 sshd[6756]: Received disconnect from 143.244.158.100 port 47108:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:35:47.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:37:02 honeypot-fra-1 sshd[29590]: Connection closed by invalid user vbox 141.98.10.158 port 56018 [preauth]","@timestamp":"2022-09-10T08:37:03.849Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:37:34 honeypot-ams-1 sshd[6760]: Disconnected from authenticating user root 143.244.158.100 port 57118 [preauth]","@timestamp":"2022-09-10T08:37:34.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:40:08 honeypot-ams-1 sshd[6768]: Disconnected from authenticating user root 143.244.158.100 port 48560 [preauth]","@timestamp":"2022-09-10T08:40:08.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:41:03 honeypot-ams-1 sshd[6774]: Received disconnect from 143.244.158.100 port 49430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:41:04.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:42:54 honeypot-ams-1 sshd[6778]: Disconnected from authenticating user root 143.244.158.100 port 54260 [preauth]","@timestamp":"2022-09-10T08:42:54.924Z"}
{"@timestamp":"2022-09-10T08:43:13.568Z","@version":"1","message":"Sep 10 08:43:12 honeypot-sgp-1 sshd[2665]: Invalid user sham from 104.248.131.9 port 57710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:43:39 honeypot-ams-1 sshd[6782]: Received disconnect from 184.168.123.65 port 48722:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:43:39.946Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:44:49 honeypot-ams-1 sshd[6786]: Disconnected from authenticating user root 143.244.158.100 port 50886 [preauth]","@timestamp":"2022-09-10T08:44:49.979Z"}
{"@timestamp":"2022-09-10T08:45:52.631Z","@version":"1","message":"Sep 10 08:45:52 honeypot-sgp-1 sshd[2670]: Received disconnect from 206.189.233.23 port 59936:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:46:37 honeypot-ams-1 sshd[6793]: Received disconnect from 143.244.158.100 port 59710:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:46:38.027Z"}
{"@timestamp":"2022-09-10T08:46:49.656Z","@version":"1","message":"Sep 10 08:46:49 honeypot-sgp-1 sshd[2675]: Invalid user user from 45.61.186.249 port 48794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:47:06 honeypot-fra-1 sshd[29597]: Invalid user wsmith from 165.227.232.25 port 59064","@timestamp":"2022-09-10T08:47:07.088Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T08:47:08.665Z","@version":"1","message":"Sep 10 08:47:08 honeypot-sgp-1 sshd[2679]: Invalid user user from 45.61.186.249 port 43406","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T08:47:25.674Z","@version":"1","message":"Sep 10 08:47:25 honeypot-sgp-1 sshd[2683]: Invalid user user from 45.61.186.249 port 38018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:48:22 honeypot-ams-1 sshd[6797]: Received disconnect from 103.20.188.28 port 33296:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:48:23.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:50:06 honeypot-fra-1 sshd[29602]: Disconnected from authenticating user root 49.236.204.16 port 36330 [preauth]","@timestamp":"2022-09-10T08:50:07.156Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:50:09 honeypot-ams-1 sshd[6803]: Received disconnect from 143.244.158.100 port 48580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T08:50:10.122Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:53:01 honeypot-fra-1 sshd[29606]: Received disconnect from 178.128.22.123 port 56020:11: Bye Bye [preauth]","@timestamp":"2022-09-10T08:53:02.224Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 08:53:12 honeypot-ams-1 sshd[6811]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-10T08:53:13.203Z"}
{"@timestamp":"2022-09-10T08:55:01.880Z","@version":"1","message":"Sep 10 08:55:01 honeypot-sgp-1 sshd[2688]: Invalid user guest from 79.62.236.130 port 43864","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 08:59:39 honeypot-fra-1 kernel: [83674812.987936] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.171.59.221 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=16729 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T08:59:39.374Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T09:02:51.076Z","@version":"1","message":"Sep 10 09:02:50 honeypot-sgp-1 kernel: [83676684.941273] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=31764 PROTO=TCP SPT=17525 DPT=80 WINDOW=48237 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 09:08:17 honeypot-ams-1 kernel: [83677483.692298] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.170.203.80 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=42933 PROTO=TCP SPT=58914 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T09:08:17.589Z"}
{"@timestamp":"2022-09-10T09:10:41.276Z","@version":"1","message":"Sep 10 09:10:40 honeypot-sgp-1 sshd[2768]: Disconnected from authenticating user root 172.247.104.122 port 60578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:11:55 honeypot-fra-1 sshd[29614]: Received disconnect from 92.255.85.70 port 15606:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:11:55.651Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:13:57 honeypot-ams-1 sshd[6822]: Received disconnect from 92.255.85.70 port 40696:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:13:57.734Z"}
{"@timestamp":"2022-09-10T09:14:50.383Z","@version":"1","message":"Sep 10 09:14:50 honeypot-sgp-1 sshd[2773]: Did not receive identification string from 141.255.162.226 port 54410","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:14:59.387Z","@version":"1","message":"Sep 10 09:14:58 honeypot-sgp-1 sshd[2776]: Disconnected from invalid user user 141.255.162.226 port 35016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:15:02.389Z","@version":"1","message":"Sep 10 09:15:01 honeypot-sgp-1 sshd[2780]: Disconnected from invalid user user 141.255.162.226 port 54746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:15:05.391Z","@version":"1","message":"Sep 10 09:15:04 honeypot-sgp-1 sshd[2784]: Disconnected from invalid user user 141.255.162.226 port 60516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:17:01 honeypot-fra-1 CRON[29619]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T09:17:01.779Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T09:18:05.462Z","@version":"1","message":"Sep 10 09:18:05 honeypot-sgp-1 sshd[2791]: Did not receive identification string from 114.67.225.93 port 59968","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:23:23 honeypot-fra-1 sshd[29625]: Received disconnect from 165.22.45.108 port 52024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T09:23:23.920Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T09:24:35.624Z","@version":"1","message":"Sep 10 09:24:34 honeypot-sgp-1 sshd[2872]: Received disconnect from 218.92.0.205 port 32722:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:26:42.675Z","@version":"1","message":"Sep 10 09:26:42 honeypot-sgp-1 sshd[2878]: Disconnected from authenticating user root 218.92.0.205 port 56006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:29:21 honeypot-ams-1 sshd[6831]: Connection closed by invalid user  152.32.255.215 port 22362 [preauth]","@timestamp":"2022-09-10T09:29:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:32 honeypot-ams-1 sshd[6836]: Disconnected from authenticating user root 191.211.61.227 port 44875 [preauth]","@timestamp":"2022-09-10T09:35:32.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:35:33 honeypot-fra-1 sshd[29629]: Invalid user cameras from 92.255.85.69 port 36204","@timestamp":"2022-09-10T09:35:34.206Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:35 honeypot-ams-1 sshd[6840]: Disconnected from invalid user ubnt 191.211.61.227 port 44967 [preauth]","@timestamp":"2022-09-10T09:35:36.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:41 honeypot-ams-1 sshd[6846]: Disconnected from authenticating user root 191.211.61.227 port 45162 [preauth]","@timestamp":"2022-09-10T09:35:41.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:45 honeypot-ams-1 sshd[6852]: Disconnected from authenticating user root 191.211.61.227 port 45334 [preauth]","@timestamp":"2022-09-10T09:35:46.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:50 honeypot-ams-1 sshd[6858]: Disconnected from authenticating user root 191.211.61.227 port 45502 [preauth]","@timestamp":"2022-09-10T09:35:51.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:35:56 honeypot-ams-1 sshd[6864]: Disconnected from authenticating user root 191.211.61.227 port 45709 [preauth]","@timestamp":"2022-09-10T09:35:57.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:01 honeypot-ams-1 sshd[6870]: Disconnected from authenticating user root 191.211.61.227 port 45864 [preauth]","@timestamp":"2022-09-10T09:36:02.340Z"}
{"@timestamp":"2022-09-10T09:36:05.906Z","@version":"1","message":"Sep 10 09:36:05 honeypot-sgp-1 kernel: [83678680.265436] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.241 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=240 ID=17218 DF PROTO=TCP SPT=10228 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:07 honeypot-ams-1 sshd[6876]: Disconnected from authenticating user root 191.211.61.227 port 46067 [preauth]","@timestamp":"2022-09-10T09:36:08.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:13 honeypot-ams-1 sshd[6882]: Disconnected from authenticating user root 191.211.61.227 port 46244 [preauth]","@timestamp":"2022-09-10T09:36:13.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:18 honeypot-ams-1 sshd[6888]: Disconnected from authenticating user root 191.211.61.227 port 46465 [preauth]","@timestamp":"2022-09-10T09:36:18.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:22 honeypot-ams-1 sshd[6894]: Disconnected from authenticating user root 191.211.61.227 port 46629 [preauth]","@timestamp":"2022-09-10T09:36:23.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:27 honeypot-ams-1 sshd[6900]: Received disconnect from 191.211.61.227 port 46819:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:28.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:32 honeypot-ams-1 sshd[6906]: Received disconnect from 191.211.61.227 port 46990:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:33.361Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:35 honeypot-ams-1 sshd[6910]: Received disconnect from 191.211.61.227 port 47111:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:36.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:42 honeypot-ams-1 sshd[6914]: Received disconnect from 191.211.61.227 port 47331:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:42.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:45 honeypot-ams-1 sshd[6918]: Received disconnect from 191.211.61.227 port 47446:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:46.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:48 honeypot-ams-1 sshd[6922]: Received disconnect from 191.211.61.227 port 47566:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:49.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:51 honeypot-ams-1 sshd[6926]: Received disconnect from 191.211.61.227 port 47687:11: Bye Bye [preauth]","@timestamp":"2022-09-10T09:36:52.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:36:55 honeypot-ams-1 sshd[6930]: Disconnected from authenticating user root 191.211.61.227 port 47821 [preauth]","@timestamp":"2022-09-10T09:36:55.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:00 honeypot-ams-1 sshd[6936]: Invalid user pi from 191.211.61.227 port 48030","@timestamp":"2022-09-10T09:37:01.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:03 honeypot-ams-1 sshd[6940]: Invalid user ethos from 191.211.61.227 port 48161","@timestamp":"2022-09-10T09:37:04.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:08 honeypot-ams-1 sshd[6944]: Invalid user miner from 191.211.61.227 port 48322","@timestamp":"2022-09-10T09:37:08.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:11 honeypot-ams-1 sshd[6948]: Invalid user volumio from 191.211.61.227 port 48450","@timestamp":"2022-09-10T09:37:12.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:15 honeypot-ams-1 sshd[6952]: Invalid user nagios from 191.211.61.227 port 48594","@timestamp":"2022-09-10T09:37:16.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:18 honeypot-ams-1 sshd[6956]: Invalid user vagrant from 191.211.61.227 port 48715","@timestamp":"2022-09-10T09:37:19.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:22 honeypot-ams-1 sshd[6960]: Invalid user debian from 191.211.61.227 port 48850","@timestamp":"2022-09-10T09:37:22.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:26 honeypot-ams-1 sshd[6964]: Invalid user debian from 191.211.61.227 port 49006","@timestamp":"2022-09-10T09:37:27.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:29 honeypot-ams-1 sshd[6968]: Invalid user alarm from 191.211.61.227 port 49133","@timestamp":"2022-09-10T09:37:30.399Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:32 honeypot-ams-1 sshd[6972]: Invalid user test from 191.211.61.227 port 49258","@timestamp":"2022-09-10T09:37:33.402Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:37:36 honeypot-ams-1 sshd[6976]: Invalid user cirros from 191.211.61.227 port 49373","@timestamp":"2022-09-10T09:37:36.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 09:38:20 honeypot-ams-1 sshd[6978]: Disconnected from invalid user cameras 92.255.85.69 port 38384 [preauth]","@timestamp":"2022-09-10T09:38:21.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:38:56 honeypot-fra-1 sshd[29633]: Disconnected from authenticating user root 144.64.1.83 port 45196 [preauth]","@timestamp":"2022-09-10T09:38:57.279Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T09:43:33.080Z","@version":"1","message":"Sep 10 09:43:32 honeypot-sgp-1 kernel: [83679127.117773] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=32714 PROTO=TCP SPT=51102 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T09:56:14.382Z","@version":"1","message":"Sep 10 09:56:13 honeypot-sgp-1 sshd[2897]: Disconnected from invalid user admin 92.255.85.70 port 27070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 09:58:37 honeypot-fra-1 sshd[29641]: Invalid user admin from 92.255.85.69 port 17716","@timestamp":"2022-09-10T09:58:37.722Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 09:58:39 honeypot-ams-1 kernel: [83680506.382173] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=28547 PROTO=TCP SPT=5736 DPT=80 WINDOW=24104 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T09:58:40.941Z"}
{"@timestamp":"2022-09-10T10:03:23.557Z","@version":"1","message":"Sep 10 10:03:22 honeypot-sgp-1 sshd[2902]: Disconnected from invalid user rapid 222.255.148.167 port 34242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:06:04 honeypot-ams-1 sshd[7009]: Received disconnect from 36.89.238.235 port 60260:11: Bye Bye [preauth]","@timestamp":"2022-09-10T10:06:05.147Z"}
{"@timestamp":"2022-09-10T10:06:54.642Z","@version":"1","message":"Sep 10 10:06:53 honeypot-sgp-1 sshd[2908]: Received disconnect from 20.228.209.161 port 51030:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:10.650Z","@version":"1","message":"Sep 10 10:07:10 honeypot-sgp-1 sshd[2912]: Received disconnect from 45.61.187.160 port 52806:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:26.684Z","@version":"1","message":"Sep 10 10:07:26 honeypot-sgp-1 sshd[2916]: Received disconnect from 45.61.187.160 port 47428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:07:37.689Z","@version":"1","message":"Sep 10 10:07:36 honeypot-sgp-1 sshd[2920]: Received disconnect from 104.248.138.141 port 38754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:08:25.712Z","@version":"1","message":"Sep 10 10:08:24 honeypot-sgp-1 kernel: [83680619.496993] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.152.44 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=46346 PROTO=TCP SPT=41987 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:13:39 honeypot-ams-1 sshd[7016]: Received disconnect from 64.225.43.245 port 54498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:13:40.340Z"}
{"@timestamp":"2022-09-10T10:14:29.857Z","@version":"1","message":"Sep 10 10:14:29 honeypot-sgp-1 sshd[2930]: Disconnected from authenticating user root 61.177.172.98 port 28567 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:15:09 honeypot-fra-1 sshd[29647]: Received disconnect from 61.177.172.124 port 57468:11:  [preauth]","@timestamp":"2022-09-10T10:15:10.085Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:15:12 honeypot-ams-1 sshd[7022]: Disconnected from authenticating user root 64.225.43.245 port 53334 [preauth]","@timestamp":"2022-09-10T10:15:13.406Z"}
{"@timestamp":"2022-09-10T10:17:01.919Z","@version":"1","message":"Sep 10 10:17:01 honeypot-sgp-1 CRON[2935]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:17:01 honeypot-ams-1 CRON[7031]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T10:17:02.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:18:19 honeypot-ams-1 sshd[7039]: Disconnected from authenticating user root 64.225.43.245 port 51006 [preauth]","@timestamp":"2022-09-10T10:18:20.492Z"}
{"@timestamp":"2022-09-10T10:19:24.979Z","@version":"1","message":"Sep 10 10:19:24 honeypot-sgp-1 sshd[2940]: Disconnected from authenticating user root 92.255.85.70 port 18704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:20:43 honeypot-ams-1 sshd[7046]: Disconnected from authenticating user root 64.225.43.245 port 35142 [preauth]","@timestamp":"2022-09-10T10:20:44.554Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:22:16 honeypot-fra-1 sshd[29653]: Disconnected from authenticating user root 92.255.85.69 port 44644 [preauth]","@timestamp":"2022-09-10T10:22:17.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:23:05 honeypot-ams-1 sshd[7053]: Received disconnect from 64.225.43.245 port 47516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:23:05.618Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:24:57 honeypot-ams-1 sshd[7059]: Received disconnect from 92.255.85.69 port 46180:11: Bye Bye [preauth]","@timestamp":"2022-09-10T10:24:58.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:25:31 honeypot-fra-1 sshd[29658]: Disconnected from authenticating user root 61.177.173.49 port 12437 [preauth]","@timestamp":"2022-09-10T10:25:32.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:26:23 honeypot-ams-1 sshd[7064]: Disconnected from authenticating user root 64.225.43.245 port 45188 [preauth]","@timestamp":"2022-09-10T10:26:23.707Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:27:48 honeypot-fra-1 kernel: [83680101.944149] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=24.134.112.201 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=22127 DF PROTO=TCP SPT=46519 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:27:48.382Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T10:28:12.189Z","@version":"1","message":"Sep 10 10:28:11 honeypot-sgp-1 kernel: [83681806.384632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63436 PROTO=TCP SPT=42932 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:28:45 honeypot-ams-1 sshd[7076]: Disconnected from authenticating user root 64.225.43.245 port 57556 [preauth]","@timestamp":"2022-09-10T10:28:45.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:30:19 honeypot-ams-1 sshd[7083]: Disconnected from authenticating user root 64.225.43.245 port 56390 [preauth]","@timestamp":"2022-09-10T10:30:19.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:31:21 honeypot-fra-1 kernel: [83680315.286218] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=38253 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:31:22.464Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:32:44 honeypot-ams-1 sshd[7089]: Disconnected from authenticating user root 64.225.43.245 port 40534 [preauth]","@timestamp":"2022-09-10T10:32:44.878Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 10:35:01 honeypot-ams-1 kernel: [83682687.446777] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.44.5.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=58720 PROTO=TCP SPT=57114 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:35:01.958Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:36:21 honeypot-ams-1 sshd[7102]: Invalid user test from 193.106.191.157 port 56690","@timestamp":"2022-09-10T10:36:21.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:38:27 honeypot-ams-1 sshd[7108]: Received disconnect from 64.225.43.245 port 50568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:38:28.055Z"}
{"@timestamp":"2022-09-10T10:39:59.467Z","@version":"1","message":"Sep 10 10:39:58 honeypot-sgp-1 sshd[2957]: Disconnected from authenticating user root 61.177.173.35 port 29997 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:40:05 honeypot-ams-1 sshd[7113]: Disconnected from authenticating user root 64.225.43.245 port 49404 [preauth]","@timestamp":"2022-09-10T10:40:06.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:42:01 honeypot-ams-1 sshd[7119]: Disconnected from authenticating user root 61.177.173.35 port 22700 [preauth]","@timestamp":"2022-09-10T10:42:02.151Z"}
{"@timestamp":"2022-09-10T10:43:07.541Z","@version":"1","message":"Sep 10 10:43:07 honeypot-sgp-1 sshd[2961]: Received disconnect from 92.255.85.69 port 51320:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:44:09 honeypot-ams-1 sshd[7125]: Received disconnect from 64.225.43.245 port 60606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:44:10.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:33 honeypot-fra-1 sshd[29673]: Did not receive identification string from 152.136.130.81 port 36160","@timestamp":"2022-09-10T10:44:33.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29677]: Invalid user hadoop from 152.136.130.81 port 36878","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29691]: Invalid user es from 152.136.130.81 port 36890","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29695]: Invalid user centos from 152.136.130.81 port 36928","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29697]: Invalid user web from 152.136.130.81 port 36880","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29704]: Invalid user postgres from 152.136.130.81 port 36864","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29676]: Connection closed by authenticating user root 152.136.130.81 port 36870 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29696]: Connection closed by invalid user devops 152.136.130.81 port 36908 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29682]: Connection closed by invalid user es 152.136.130.81 port 36872 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:44:34 honeypot-fra-1 sshd[29691]: Connection closed by invalid user es 152.136.130.81 port 36890 [preauth]","@timestamp":"2022-09-10T10:44:34.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:45:14 honeypot-fra-1 kernel: [83681148.484713] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.241 DST=165.22.82.222 LEN=82 TOS=0x00 PREC=0x00 TTL=239 ID=17218 DF PROTO=TCP SPT=10194 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:45:15.774Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 10:45:47 honeypot-ams-1 kernel: [83683333.534335] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=14569 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:45:47.257Z"}
{"@timestamp":"2022-09-10T10:46:21.618Z","@version":"1","message":"Sep 10 10:46:21 honeypot-sgp-1 kernel: [83682895.784354] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=201.44.5.140 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=65349 PROTO=TCP SPT=57114 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:46:21 honeypot-fra-1 sshd[29737]: Received disconnect from 45.61.186.49 port 34920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:46:22.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:46:30 honeypot-fra-1 sshd[29741]: Received disconnect from 45.61.186.49 port 46354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:46:30.808Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:47:26 honeypot-ams-1 sshd[7136]: Received disconnect from 64.225.43.245 port 58278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:47:26.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:48:17 honeypot-ams-1 sshd[7141]: Disconnected from invalid user ftpuser 92.255.85.69 port 50196 [preauth]","@timestamp":"2022-09-10T10:48:18.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:49:05 honeypot-ams-1 sshd[7146]: Disconnected from authenticating user root 80.76.51.46 port 42590 [preauth]","@timestamp":"2022-09-10T10:49:06.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:49:36 honeypot-ams-1 sshd[7150]: Disconnected from invalid user test 80.76.51.46 port 42806 [preauth]","@timestamp":"2022-09-10T10:49:37.369Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 10:49:58 honeypot-ams-1 kernel: [83683585.048827] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.74.143.183 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=44542 DF PROTO=TCP SPT=62397 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T10:49:59.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:50:35 honeypot-ams-1 sshd[7161]: Disconnected from authenticating user root 80.76.51.46 port 43176 [preauth]","@timestamp":"2022-09-10T10:50:35.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:51:04 honeypot-ams-1 sshd[7167]: Disconnected from authenticating user root 80.76.51.46 port 42826 [preauth]","@timestamp":"2022-09-10T10:51:04.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:51:35 honeypot-ams-1 sshd[7173]: Disconnected from authenticating user root 64.225.43.245 port 41242 [preauth]","@timestamp":"2022-09-10T10:51:36.434Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:51:39 honeypot-fra-1 sshd[29750]: Received disconnect from 20.249.12.244 port 37238:11: Bye Bye [preauth]","@timestamp":"2022-09-10T10:51:39.922Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:52:02 honeypot-ams-1 sshd[7177]: Disconnected from invalid user git 80.76.51.46 port 42968 [preauth]","@timestamp":"2022-09-10T10:52:03.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:54:01 honeypot-ams-1 sshd[7185]: Received disconnect from 64.225.43.245 port 53608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:54:02.503Z"}
{"@timestamp":"2022-09-10T10:54:52.821Z","@version":"1","message":"Sep 10 10:54:52 honeypot-sgp-1 sshd[2973]: Received disconnect from 141.255.162.226 port 38478:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T10:54:55.823Z","@version":"1","message":"Sep 10 10:54:54 honeypot-sgp-1 sshd[2977]: Received disconnect from 141.255.162.226 port 53450:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:54:58 honeypot-fra-1 sshd[29758]: Disconnected from authenticating user root 124.158.5.133 port 39504 [preauth]","@timestamp":"2022-09-10T10:54:58.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:54:58 honeypot-ams-1 sshd[7192]: Received disconnect from 45.61.184.204 port 40674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:54:59.529Z"}
{"@timestamp":"2022-09-10T10:54:59.825Z","@version":"1","message":"Sep 10 10:54:59 honeypot-sgp-1 sshd[2981]: Received disconnect from 141.255.162.226 port 60942:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:14 honeypot-ams-1 sshd[7196]: Disconnected from authenticating user root 61.177.173.36 port 26186 [preauth]","@timestamp":"2022-09-10T10:55:14.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:27 honeypot-ams-1 sshd[7201]: Disconnected from invalid user user 45.61.184.204 port 47458 [preauth]","@timestamp":"2022-09-10T10:55:27.544Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:39 honeypot-ams-1 sshd[7206]: Received disconnect from 64.225.43.245 port 52444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:55:39.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:55:46 honeypot-ams-1 sshd[7210]: Disconnected from invalid user user 45.61.184.204 port 42638 [preauth]","@timestamp":"2022-09-10T10:55:46.555Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:56:34 honeypot-ams-1 sshd[7216]: Received disconnect from 118.27.30.17 port 48094:11: Bye Bye [preauth]","@timestamp":"2022-09-10T10:56:35.581Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 10:58:04 honeypot-fra-1 sshd[29779]: Connection closed by invalid user test 193.106.191.157 port 57448 [preauth]","@timestamp":"2022-09-10T10:58:05.068Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 10:58:09 honeypot-ams-1 sshd[7222]: Received disconnect from 64.225.43.245 port 36578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T10:58:09.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:00:37 honeypot-ams-1 sshd[7229]: Received disconnect from 64.225.43.245 port 48948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:00:38.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:02:19 honeypot-ams-1 sshd[7235]: Disconnected from authenticating user root 64.225.43.245 port 47860 [preauth]","@timestamp":"2022-09-10T11:02:19.738Z"}
{"@timestamp":"2022-09-10T11:03:41.029Z","@version":"1","message":"Sep 10 11:03:40 honeypot-sgp-1 sshd[2988]: Disconnected from authenticating user root 61.177.173.49 port 34564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:03:59 honeypot-fra-1 sshd[29785]: Disconnected from authenticating user root 61.177.173.51 port 53420 [preauth]","@timestamp":"2022-09-10T11:04:00.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:04:45 honeypot-ams-1 sshd[7241]: Disconnected from authenticating user root 64.225.43.245 port 60228 [preauth]","@timestamp":"2022-09-10T11:04:45.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:05:19 honeypot-ams-1 sshd[7245]: Disconnected from invalid user smith 118.200.42.47 port 59240 [preauth]","@timestamp":"2022-09-10T11:05:20.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:06:12 honeypot-ams-1 sshd[7252]: Received disconnect from 206.189.134.26 port 45244:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:06:12.847Z"}
{"@timestamp":"2022-09-10T11:06:27.095Z","@version":"1","message":"Sep 10 11:06:26 honeypot-sgp-1 sshd[2991]: Disconnected from authenticating user root 61.177.173.47 port 31152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:07:46 honeypot-fra-1 sshd[29793]: Disconnected from authenticating user root 61.177.172.19 port 49984 [preauth]","@timestamp":"2022-09-10T11:07:47.301Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:08:55 honeypot-ams-1 sshd[7259]: Invalid user taketo from 121.79.128.37 port 38491","@timestamp":"2022-09-10T11:08:55.920Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:09:13 honeypot-ams-1 kernel: [83684739.845259] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.145 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61954 PROTO=TCP SPT=48124 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:09:13.930Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:09:17 honeypot-fra-1 sshd[29797]: Disconnected from 161.35.131.133 port 56244 [preauth]","@timestamp":"2022-09-10T11:09:17.337Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:11:43.221Z","@version":"1","message":"Sep 10 11:11:42 honeypot-sgp-1 sshd[2999]: Disconnected from invalid user user 141.255.162.226 port 54306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T11:11:48.224Z","@version":"1","message":"Sep 10 11:11:47 honeypot-sgp-1 sshd[3003]: Disconnected from invalid user user 141.255.162.226 port 41200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:11:50 honeypot-ams-1 sshd[7265]: Received disconnect from 92.255.85.70 port 62326:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:11:51.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:12:23 honeypot-fra-1 sshd[29800]: Disconnected from authenticating user root 201.89.65.215 port 16549 [preauth]","@timestamp":"2022-09-10T11:12:23.410Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:13:05.256Z","@version":"1","message":"Sep 10 11:13:04 honeypot-sgp-1 sshd[3009]: Disconnected from authenticating user root 61.177.173.53 port 61990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:17:01 honeypot-fra-1 CRON[29807]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T11:17:01.514Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:18:41 honeypot-ams-1 kernel: [83685307.661354] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4633 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:18:42.178Z"}
{"@timestamp":"2022-09-10T11:19:24.406Z","@version":"1","message":"Sep 10 11:19:23 honeypot-sgp-1 sshd[3018]: Corrupted MAC on input. [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:20:43 honeypot-fra-1 kernel: [83683276.949701] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.212.101 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37972 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:20:43.598Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:21:10 honeypot-ams-1 sshd[7278]: Received disconnect from 61.177.172.90 port 63166:11:  [preauth]","@timestamp":"2022-09-10T11:21:11.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:23:18 honeypot-ams-1 sshd[7285]: Invalid user pi from 37.189.36.203 port 55360","@timestamp":"2022-09-10T11:23:19.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:23:41 honeypot-ams-1 sshd[7290]: Received disconnect from 80.76.51.46 port 43452:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:23:42.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:24:13 honeypot-ams-1 sshd[7296]: Disconnected from authenticating user root 80.76.51.46 port 47374 [preauth]","@timestamp":"2022-09-10T11:24:14.330Z"}
{"@timestamp":"2022-09-10T11:24:42.531Z","@version":"1","message":"Sep 10 11:24:42 honeypot-sgp-1 sshd[3024]: Received disconnect from 61.177.172.114 port 18032:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:24:43 honeypot-ams-1 sshd[7302]: Received disconnect from 80.76.51.46 port 51398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:24:43.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:25:25 honeypot-fra-1 sshd[29819]: Invalid user jeronimo from 160.153.252.142 port 53816","@timestamp":"2022-09-10T11:25:25.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:25:28 honeypot-ams-1 sshd[7308]: Received disconnect from 80.76.51.46 port 57306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:25:28.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:26:13 honeypot-ams-1 sshd[7314]: Invalid user user from 80.76.51.46 port 35036","@timestamp":"2022-09-10T11:26:14.391Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:26:38 honeypot-ams-1 kernel: [83685784.577475] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.215.42 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33121 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:26:38.404Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:28:51 honeypot-fra-1 sshd[29821]: Received disconnect from 165.22.45.108 port 43928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T11:28:51.784Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:29:39.648Z","@version":"1","message":"Sep 10 11:29:39 honeypot-sgp-1 sshd[3028]: Received disconnect from 92.255.85.70 port 29528:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:33:02 honeypot-fra-1 sshd[29826]: Received disconnect from 61.177.173.36 port 55776:11:  [preauth]","@timestamp":"2022-09-10T11:33:02.879Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:33:59.761Z","@version":"1","message":"Sep 10 11:33:58 honeypot-sgp-1 sshd[3033]: Disconnected from authenticating user root 61.177.173.46 port 11771 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:34:59 honeypot-ams-1 sshd[7325]: Invalid user ftpuser from 92.255.85.70 port 23354","@timestamp":"2022-09-10T11:35:00.614Z"}
{"@timestamp":"2022-09-10T11:41:35.942Z","@version":"1","message":"Sep 10 11:41:35 honeypot-sgp-1 sshd[3036]: Disconnected from 61.177.172.19 port 25129 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:42:54 honeypot-ams-1 sshd[7331]: Invalid user kurita from 62.231.21.18 port 34596","@timestamp":"2022-09-10T11:42:54.815Z"}
{"@timestamp":"2022-09-10T11:47:04.072Z","@version":"1","message":"Sep 10 11:47:03 honeypot-sgp-1 kernel: [83686537.769294] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.109 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39457 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 11:47:25 honeypot-ams-1 sshd[7338]: Disconnected from authenticating user root 61.177.173.37 port 18623 [preauth]","@timestamp":"2022-09-10T11:47:25.931Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:49:38 honeypot-fra-1 kernel: [83685011.682005] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56473 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:49:38.243Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:56:35 honeypot-fra-1 sshd[29841]: Received disconnect from 92.255.85.69 port 39798:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:56:36.400Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T11:58:10.333Z","@version":"1","message":"Sep 10 11:58:09 honeypot-sgp-1 sshd[3048]: Connection reset by 61.177.173.52 port 39049 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:58:28 honeypot-fra-1 sshd[29845]: Received disconnect from 103.146.202.151 port 43196:11: Bye Bye [preauth]","@timestamp":"2022-09-10T11:58:29.445Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 11:58:49 honeypot-ams-1 kernel: [83687715.954263] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.251.102.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=45782 PROTO=TCP SPT=41262 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T11:58:50.224Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 11:59:55 honeypot-fra-1 sshd[29849]: Disconnected from invalid user kafka 165.22.45.108 port 48954 [preauth]","@timestamp":"2022-09-10T11:59:55.478Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:01:44 honeypot-ams-1 sshd[7350]: Received disconnect from 61.177.172.19 port 60446:11:  [preauth]","@timestamp":"2022-09-10T12:01:44.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:10:35 honeypot-fra-1 sshd[29858]: Received disconnect from 61.177.173.37 port 51821:11:  [preauth]","@timestamp":"2022-09-10T12:10:36.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:11:59 honeypot-fra-1 sshd[29863]: Invalid user zhangtao from 157.245.46.21 port 54250","@timestamp":"2022-09-10T12:11:59.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:12:51 honeypot-fra-1 sshd[29865]: Received disconnect from 140.206.157.242 port 48888:11: Bye Bye [preauth]","@timestamp":"2022-09-10T12:12:51.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:16:08 honeypot-fra-1 sshd[29872]: Received disconnect from 43.154.6.172 port 35396:11: Bye Bye [preauth]","@timestamp":"2022-09-10T12:16:08.858Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:17:01 honeypot-ams-1 CRON[7356]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T12:17:01.706Z"}
{"@timestamp":"2022-09-10T12:17:02.789Z","@version":"1","message":"Sep 10 12:17:01 honeypot-sgp-1 CRON[3061]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:19:56 honeypot-fra-1 sshd[29880]: Received disconnect from 92.255.85.69 port 23102:11: Bye Bye [preauth]","@timestamp":"2022-09-10T12:19:56.945Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:22:10 honeypot-ams-1 sshd[7365]: Disconnected from authenticating user root 61.177.173.53 port 35734 [preauth]","@timestamp":"2022-09-10T12:22:11.838Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:55 honeypot-fra-1 sshd[29886]: Connection closed by authenticating user root 75.90.49.160 port 48584 [preauth]","@timestamp":"2022-09-10T12:22:56.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29898]: Invalid user admin from 75.90.49.160 port 48504","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29908]: Invalid user pi from 75.90.49.160 port 48388","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29915]: Invalid user user from 75.90.49.160 port 48412","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29920]: Invalid user admin from 75.90.49.160 port 48656","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29919]: Invalid user nexus from 75.90.49.160 port 48386","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29924]: Connection closed by invalid user ansible 75.90.49.160 port 48452 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:56 honeypot-fra-1 sshd[29913]: Connection closed by authenticating user root 75.90.49.160 port 48544 [preauth]","@timestamp":"2022-09-10T12:22:57.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:22:57 honeypot-fra-1 sshd[29909]: Connection closed by invalid user michael 75.90.49.160 port 48674 [preauth]","@timestamp":"2022-09-10T12:22:58.013Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:23:22 honeypot-fra-1 kernel: [83687036.233429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=59116 PROTO=TCP SPT=39462 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:23:23.023Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T12:25:18.986Z","@version":"1","message":"Sep 10 12:25:18 honeypot-sgp-1 kernel: [83688833.104483] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=21255 PROTO=TCP SPT=40367 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:30:18 honeypot-ams-1 kernel: [83689604.792046] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.214.234.16 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=107 ID=9533 DF PROTO=TCP SPT=58294 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:30:19.039Z"}
{"@timestamp":"2022-09-10T12:31:16.145Z","@version":"1","message":"Sep 10 12:31:15 honeypot-sgp-1 sshd[3075]: Received disconnect from 128.199.177.224 port 40452:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:32:31 honeypot-ams-1 kernel: [83689737.900591] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.44.5.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=57739 PROTO=TCP SPT=57114 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:32:32.100Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:33:34 honeypot-fra-1 sshd[29956]: Received disconnect from 61.177.172.124 port 11615:11:  [preauth]","@timestamp":"2022-09-10T12:33:34.247Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T12:36:03.257Z","@version":"1","message":"Sep 10 12:36:03 honeypot-sgp-1 sshd[3080]: Received disconnect from 103.42.57.139 port 33712:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:39:33 honeypot-ams-1 sshd[7381]: Disconnected from authenticating user root 61.177.172.90 port 22327 [preauth]","@timestamp":"2022-09-10T12:39:34.289Z"}
{"@timestamp":"2022-09-10T12:40:06.352Z","@version":"1","message":"Sep 10 12:40:05 honeypot-sgp-1 sshd[3100]: Disconnected from authenticating user root 61.177.172.108 port 25875 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:42:15 honeypot-fra-1 kernel: [83688168.771805] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=90 TOS=0x00 PREC=0x00 TTL=250 ID=23924 PROTO=TCP SPT=22427 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:42:15.448Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:46:00 honeypot-ams-1 sshd[7386]: Disconnected from authenticating user root 92.255.85.70 port 45612 [preauth]","@timestamp":"2022-09-10T12:46:01.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:48:10 honeypot-ams-1 sshd[7391]: Disconnected from authenticating user root 94.30.68.41 port 50260 [preauth]","@timestamp":"2022-09-10T12:48:11.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:49:34 honeypot-fra-1 kernel: [83688607.843134] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.221.114.88 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=33990 PROTO=TCP SPT=51147 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:49:34.617Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:51:03 honeypot-ams-1 sshd[7395]: Disconnected from invalid user akiyama 211.252.84.133 port 53100 [preauth]","@timestamp":"2022-09-10T12:51:04.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 12:54:44 honeypot-ams-1 sshd[7402]: Disconnected from authenticating user root 83.229.115.152 port 40242 [preauth]","@timestamp":"2022-09-10T12:54:45.691Z"}
{"@timestamp":"2022-09-10T12:55:58.724Z","@version":"1","message":"Sep 10 12:55:58 honeypot-sgp-1 kernel: [83690673.059019] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=53412 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 12:57:56 honeypot-ams-1 kernel: [83691262.617463] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56595 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:57:56.781Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 12:59:15 honeypot-fra-1 kernel: [83689188.727884] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44253 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T12:59:15.838Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:01:15 honeypot-ams-1 sshd[7410]: Disconnected from authenticating user root 61.177.173.53 port 44765 [preauth]","@timestamp":"2022-09-10T13:01:15.872Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:18 honeypot-fra-1 sshd[29987]: Received disconnect from 198.98.61.9 port 58556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:01:18.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:36 honeypot-fra-1 sshd[29991]: Received disconnect from 198.98.61.9 port 53324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:01:36.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:01:44 honeypot-fra-1 sshd[29995]: Received disconnect from 198.98.61.9 port 36570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:01:44.902Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:02:00 honeypot-fra-1 sshd[29999]: Received disconnect from 198.98.61.9 port 59564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T13:02:00.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:02:54 honeypot-fra-1 sshd[30003]: Received disconnect from 61.177.173.48 port 11928:11:  [preauth]","@timestamp":"2022-09-10T13:02:54.932Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:03:50.915Z","@version":"1","message":"Sep 10 13:03:50 honeypot-sgp-1 sshd[3114]: Received disconnect from 92.255.85.69 port 19056:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:05:45 honeypot-fra-1 kernel: [83689578.570384] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=201.44.5.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=16918 PROTO=TCP SPT=57114 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:05:45.998Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T13:06:44.008Z","@version":"1","message":"Sep 10 13:06:43 honeypot-sgp-1 sshd[3120]: Received disconnect from 68.183.25.187 port 36114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 13:07:51 honeypot-ams-1 kernel: [83691857.476794] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=90 TOS=0x00 PREC=0x00 TTL=252 ID=44580 PROTO=TCP SPT=227 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:07:52.047Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:08:30 honeypot-fra-1 kernel: [83689743.790030] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=52598 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:08:31.062Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:09:26 honeypot-fra-1 sshd[30013]: Connection closed by invalid user test 193.106.191.157 port 52780 [preauth]","@timestamp":"2022-09-10T13:09:27.090Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:11:06 honeypot-ams-1 sshd[7424]: Received disconnect from 61.177.172.124 port 27907:11:  [preauth]","@timestamp":"2022-09-10T13:11:07.135Z"}
{"@timestamp":"2022-09-10T13:11:37.126Z","@version":"1","message":"Sep 10 13:11:37 honeypot-sgp-1 kernel: [83691611.401588] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=42216 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 13:13:58 honeypot-ams-1 kernel: [83692224.763167] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.201.9.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=26408 PROTO=TCP SPT=56599 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:13:59.213Z"}
{"@timestamp":"2022-09-10T13:14:19.194Z","@version":"1","message":"Sep 10 13:14:18 honeypot-sgp-1 sshd[3132]: Disconnected from authenticating user root 61.177.173.47 port 12251 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:17:01 honeypot-fra-1 CRON[30024]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T13:17:01.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:22:49 honeypot-fra-1 sshd[30049]: Disconnected from invalid user user 45.61.186.249 port 46810 [preauth]","@timestamp":"2022-09-10T13:22:49.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:23:07 honeypot-fra-1 sshd[30054]: Disconnected from invalid user user 45.61.186.249 port 41644 [preauth]","@timestamp":"2022-09-10T13:23:08.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:23:25 honeypot-fra-1 sshd[30058]: Disconnected from invalid user user 45.61.186.249 port 36526 [preauth]","@timestamp":"2022-09-10T13:23:25.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 13:23:32 honeypot-ams-1 kernel: [83692798.466170] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16463 PROTO=TCP SPT=55777 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:23:32.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:23:43 honeypot-fra-1 sshd[30062]: Disconnected from invalid user user 45.61.186.249 port 59638 [preauth]","@timestamp":"2022-09-10T13:23:43.418Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:26:47.491Z","@version":"1","message":"Sep 10 13:26:46 honeypot-sgp-1 sshd[3144]: Received disconnect from 61.177.173.37 port 62886:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T13:27:56.521Z","@version":"1","message":"Sep 10 13:27:55 honeypot-sgp-1 kernel: [83692590.098317] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=49106 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:30:07 honeypot-fra-1 sshd[30073]: Disconnected from authenticating user root 92.255.85.69 port 51050 [preauth]","@timestamp":"2022-09-10T13:30:08.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 13:31:38 honeypot-ams-1 kernel: [83693284.651984] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33468 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:31:38.703Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30081]: Invalid user test from 183.146.30.220 port 61743","@timestamp":"2022-09-10T13:32:33.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30085]: Invalid user test from 183.146.30.220 port 61705","@timestamp":"2022-09-10T13:32:33.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:33 honeypot-fra-1 sshd[30097]: Connection closed by authenticating user root 183.146.30.220 port 61739 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:34 honeypot-fra-1 sshd[30083]: Connection closed by invalid user steam 183.146.30.220 port 61757 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:34 honeypot-fra-1 sshd[30084]: Connection closed by invalid user linkxess 183.146.30.220 port 61719 [preauth]","@timestamp":"2022-09-10T13:32:34.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:35 honeypot-fra-1 sshd[30096]: Invalid user test from 183.146.30.220 port 61727","@timestamp":"2022-09-10T13:32:35.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:32:35 honeypot-fra-1 sshd[30103]: Connection closed by invalid user ZXDSL 183.146.30.220 port 61723 [preauth]","@timestamp":"2022-09-10T13:32:36.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:38:46 honeypot-fra-1 kernel: [83691559.978395] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=123.57.27.117 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=20539 DF PROTO=TCP SPT=18659 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:38:46.849Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:39:41 honeypot-ams-1 sshd[7459]: Received disconnect from 61.177.173.36 port 21950:11:  [preauth]","@timestamp":"2022-09-10T13:39:41.917Z"}
{"@timestamp":"2022-09-10T13:40:43.828Z","@version":"1","message":"Sep 10 13:40:43 honeypot-sgp-1 sshd[3153]: Disconnected from authenticating user root 61.177.173.51 port 40270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:44:28 honeypot-fra-1 sshd[30139]: Received disconnect from 137.184.197.218 port 39752:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:44:28.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T13:50:46.073Z","@version":"1","message":"Sep 10 13:50:45 honeypot-sgp-1 sshd[3159]: Received disconnect from 92.255.85.70 port 31732:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:48 honeypot-fra-1 sshd[30147]: Invalid user user from 141.255.162.226 port 36070","@timestamp":"2022-09-10T13:50:49.124Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:50 honeypot-fra-1 sshd[30151]: Invalid user user from 141.255.162.226 port 51494","@timestamp":"2022-09-10T13:50:51.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:50:53 honeypot-fra-1 sshd[30155]: Invalid user user from 141.255.162.226 port 38700","@timestamp":"2022-09-10T13:50:54.127Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:51:35 honeypot-ams-1 sshd[7471]: Disconnected from authenticating user root 61.177.172.108 port 16235 [preauth]","@timestamp":"2022-09-10T13:51:36.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:52:57 honeypot-fra-1 kernel: [83692411.043977] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.213.55 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44824 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T13:52:58.174Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T13:53:59.156Z","@version":"1","message":"Sep 10 13:53:58 honeypot-sgp-1 kernel: [83694152.610574] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.193.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57590 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 13:55:56 honeypot-ams-1 sshd[7478]: Received disconnect from 92.255.85.69 port 33194:11: Bye Bye [preauth]","@timestamp":"2022-09-10T13:55:56.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 13:58:17 honeypot-fra-1 sshd[30164]: Disconnected from invalid user kyoshida 2.139.38.109 port 43243 [preauth]","@timestamp":"2022-09-10T13:58:18.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:01:24 honeypot-fra-1 sshd[30170]: Received disconnect from 61.177.173.49 port 20894:11:  [preauth]","@timestamp":"2022-09-10T14:01:25.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:02:37 honeypot-ams-1 sshd[7485]: Disconnected from authenticating user root 61.177.173.46 port 31222 [preauth]","@timestamp":"2022-09-10T14:02:37.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:03:00 honeypot-fra-1 sshd[30174]: Disconnected from authenticating user root 61.177.172.124 port 56885 [preauth]","@timestamp":"2022-09-10T14:03:01.407Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:07:16.482Z","@version":"1","message":"Sep 10 14:07:15 honeypot-sgp-1 sshd[3177]: Received disconnect from 61.177.173.37 port 54245:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:07:28.488Z","@version":"1","message":"Sep 10 14:07:28 honeypot-sgp-1 sshd[3181]: Received disconnect from 45.61.186.249 port 33328:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:07:47.499Z","@version":"1","message":"Sep 10 14:07:47 honeypot-sgp-1 sshd[3185]: Received disconnect from 45.61.186.249 port 56670:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:08:03.507Z","@version":"1","message":"Sep 10 14:08:03 honeypot-sgp-1 sshd[3189]: Received disconnect from 45.61.186.249 port 51808:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:09:27.543Z","@version":"1","message":"Sep 10 14:09:26 honeypot-sgp-1 sshd[3193]: Invalid user admin from 91.240.118.222 port 50033","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 14:10:49 honeypot-ams-1 kernel: [83695635.441680] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27158 PROTO=TCP SPT=58473 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:10:49.741Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:11:30 honeypot-fra-1 sshd[30182]: Disconnected from authenticating user root 61.177.173.46 port 48642 [preauth]","@timestamp":"2022-09-10T14:11:31.595Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:14:13.659Z","@version":"1","message":"Sep 10 14:14:12 honeypot-sgp-1 sshd[3200]: Invalid user test from 92.255.85.69 port 61010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:16:32 honeypot-fra-1 sshd[30188]: Connection closed by invalid user User 62.92.89.220 port 20621 [preauth]","@timestamp":"2022-09-10T14:16:32.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:17:09 honeypot-fra-1 sshd[30194]: Disconnected from invalid user test 92.255.85.69 port 37778 [preauth]","@timestamp":"2022-09-10T14:17:10.723Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:19:26 honeypot-ams-1 sshd[7504]: Disconnected from invalid user test 92.255.85.69 port 53578 [preauth]","@timestamp":"2022-09-10T14:19:26.979Z"}
{"@timestamp":"2022-09-10T14:20:58.823Z","@version":"1","message":"Sep 10 14:20:58 honeypot-sgp-1 sshd[3207]: Received disconnect from 61.177.173.50 port 46326:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:23:03 honeypot-ams-1 sshd[7509]: Disconnected from authenticating user root 61.177.172.124 port 61923 [preauth]","@timestamp":"2022-09-10T14:23:04.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:26:54 honeypot-fra-1 sshd[30197]: Received disconnect from 41.93.33.2 port 54300:11: Bye Bye [preauth]","@timestamp":"2022-09-10T14:26:54.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:28:32 honeypot-fra-1 sshd[30204]: Received disconnect from 167.99.184.212 port 58548:11: Bye Bye [preauth]","@timestamp":"2022-09-10T14:28:32.976Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:31:11 honeypot-fra-1 sshd[30208]: Disconnected from invalid user prasad 209.141.52.250 port 51876 [preauth]","@timestamp":"2022-09-10T14:31:12.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:31:45 honeypot-fra-1 sshd[30214]: Invalid user dulap from 27.71.238.208 port 49688","@timestamp":"2022-09-10T14:31:46.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:35:13 honeypot-fra-1 sshd[30218]: Disconnected from invalid user user 45.61.186.49 port 50332 [preauth]","@timestamp":"2022-09-10T14:35:14.130Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:35:23 honeypot-fra-1 sshd[30222]: Disconnected from invalid user user 45.61.186.49 port 33780 [preauth]","@timestamp":"2022-09-10T14:35:24.135Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:37:04.234Z","@version":"1","message":"Sep 10 14:37:03 honeypot-sgp-1 sshd[3220]: Received disconnect from 61.177.173.35 port 12827:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:37:38.251Z","@version":"1","message":"Sep 10 14:37:37 honeypot-sgp-1 sshd[3228]: Connection closed by authenticating user root 43.142.168.245 port 51986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:37:46 honeypot-fra-1 sshd[30228]: Invalid user kaliakra from 165.22.45.108 port 45022","@timestamp":"2022-09-10T14:37:47.189Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:37:48.257Z","@version":"1","message":"Sep 10 14:37:48 honeypot-sgp-1 sshd[3237]: Connection closed by authenticating user root 43.142.168.245 port 60968 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:38:05.266Z","@version":"1","message":"Sep 10 14:38:04 honeypot-sgp-1 sshd[3246]: Connection closed by authenticating user root 43.142.168.245 port 44572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:38:32.280Z","@version":"1","message":"Sep 10 14:38:31 honeypot-sgp-1 sshd[3258]: Connection closed by authenticating user root 43.142.168.245 port 34348 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:39:19.302Z","@version":"1","message":"Sep 10 14:39:19 honeypot-sgp-1 sshd[3270]: Connection closed by authenticating user root 43.142.168.245 port 38142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:39:41.314Z","@version":"1","message":"Sep 10 14:39:40 honeypot-sgp-1 sshd[3282]: Connection closed by authenticating user root 43.142.168.245 port 56110 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:40:24.336Z","@version":"1","message":"Sep 10 14:40:23 honeypot-sgp-1 sshd[3294]: Connection closed by authenticating user root 43.142.168.245 port 49128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:40:58 honeypot-ams-1 sshd[7521]: Received disconnect from 61.177.172.19 port 64058:11:  [preauth]","@timestamp":"2022-09-10T14:40:58.555Z"}
{"@timestamp":"2022-09-10T14:41:11.359Z","@version":"1","message":"Sep 10 14:41:10 honeypot-sgp-1 sshd[3307]: Connection closed by authenticating user root 43.142.168.245 port 53834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:41:26 honeypot-fra-1 sshd[30235]: Received disconnect from 61.177.173.51 port 50835:11:  [preauth]","@timestamp":"2022-09-10T14:41:27.269Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T14:41:32.370Z","@version":"1","message":"Sep 10 14:41:31 honeypot-sgp-1 sshd[3321]: Connection closed by authenticating user root 43.142.168.245 port 48464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:42:04.386Z","@version":"1","message":"Sep 10 14:42:04 honeypot-sgp-1 sshd[3333]: Connection closed by authenticating user root 43.142.168.245 port 43688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:42:23.397Z","@version":"1","message":"Sep 10 14:42:23 honeypot-sgp-1 sshd[3345]: Connection closed by authenticating user root 43.142.168.245 port 58408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:42:47.409Z","@version":"1","message":"Sep 10 14:42:46 honeypot-sgp-1 sshd[3357]: Connection closed by authenticating user root 43.142.168.245 port 45592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:42:48 honeypot-ams-1 sshd[7526]: Disconnected from invalid user test1 92.255.85.69 port 39558 [preauth]","@timestamp":"2022-09-10T14:42:48.604Z"}
{"@timestamp":"2022-09-10T14:43:17.424Z","@version":"1","message":"Sep 10 14:43:17 honeypot-sgp-1 sshd[3369]: Connection closed by authenticating user root 43.142.168.245 port 41072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:00.446Z","@version":"1","message":"Sep 10 14:43:59 honeypot-sgp-1 sshd[3379]: Connection closed by authenticating user root 43.142.168.245 port 34904 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:16.454Z","@version":"1","message":"Sep 10 14:44:16 honeypot-sgp-1 sshd[3389]: Connection closed by authenticating user root 43.142.168.245 port 56192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:30.462Z","@version":"1","message":"Sep 10 14:44:30 honeypot-sgp-1 sshd[3395]: Connection closed by invalid user user 43.142.168.245 port 38228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:41.468Z","@version":"1","message":"Sep 10 14:44:40 honeypot-sgp-1 sshd[3403]: Invalid user user from 43.142.168.245 port 46026","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:45.471Z","@version":"1","message":"Sep 10 14:44:45 honeypot-sgp-1 sshd[3407]: Connection closed by invalid user user 43.142.168.245 port 49238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:44:54.476Z","@version":"1","message":"Sep 10 14:44:53 honeypot-sgp-1 sshd[3413]: Connection closed by invalid user user 43.142.168.245 port 55064 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:09.485Z","@version":"1","message":"Sep 10 14:45:09 honeypot-sgp-1 sshd[3419]: Connection closed by invalid user user 43.142.168.245 port 59690 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:28.494Z","@version":"1","message":"Sep 10 14:45:27 honeypot-sgp-1 sshd[3425]: Connection closed by invalid user user 43.142.168.245 port 49608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:40.500Z","@version":"1","message":"Sep 10 14:45:40 honeypot-sgp-1 sshd[3431]: Connection closed by invalid user user 43.142.168.245 port 56442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:45:56.509Z","@version":"1","message":"Sep 10 14:45:56 honeypot-sgp-1 sshd[3437]: Connection closed by invalid user user 43.142.168.245 port 41072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:05.513Z","@version":"1","message":"Sep 10 14:46:05 honeypot-sgp-1 sshd[3444]: Connection closed by invalid user user 43.142.168.245 port 48622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:13.518Z","@version":"1","message":"Sep 10 14:46:13 honeypot-sgp-1 sshd[3450]: Connection closed by invalid user user 43.142.168.245 port 53644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:35.529Z","@version":"1","message":"Sep 10 14:46:34 honeypot-sgp-1 sshd[3456]: Connection closed by invalid user user 43.142.168.245 port 34792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:46:51.538Z","@version":"1","message":"Sep 10 14:46:50 honeypot-sgp-1 sshd[3462]: Connection closed by invalid user user 43.142.168.245 port 50572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:29.556Z","@version":"1","message":"Sep 10 14:47:29 honeypot-sgp-1 sshd[3468]: Connection closed by invalid user user 43.142.168.245 port 44714 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:40.562Z","@version":"1","message":"Sep 10 14:47:40 honeypot-sgp-1 sshd[3474]: Connection closed by invalid user user 43.142.168.245 port 57572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:47:49.567Z","@version":"1","message":"Sep 10 14:47:48 honeypot-sgp-1 sshd[3480]: Connection closed by invalid user user 43.142.168.245 port 34346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:48:04.575Z","@version":"1","message":"Sep 10 14:48:03 honeypot-sgp-1 sshd[3486]: Connection closed by invalid user user 43.142.168.245 port 40142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:48:22.586Z","@version":"1","message":"Sep 10 14:48:22 honeypot-sgp-1 sshd[3492]: Connection closed by invalid user user 43.142.168.245 port 57132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:48:33 honeypot-fra-1 kernel: [83695746.508839] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53958 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:48:33.426Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T14:48:37.595Z","@version":"1","message":"Sep 10 14:48:36 honeypot-sgp-1 sshd[3498]: Connection closed by invalid user user 43.142.168.245 port 40712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:49:16.615Z","@version":"1","message":"Sep 10 14:49:16 honeypot-sgp-1 sshd[3502]: Connection closed by invalid user user 43.142.168.245 port 46358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:50:01.636Z","@version":"1","message":"Sep 10 14:50:00 honeypot-sgp-1 sshd[3510]: Connection closed by invalid user user 43.142.168.245 port 37484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:50:28.729Z","@version":"1","message":"Sep 10 14:50:28 honeypot-sgp-1 sshd[3516]: Connection closed by invalid user user 43.142.168.245 port 60272 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:51:02.746Z","@version":"1","message":"Sep 10 14:51:01 honeypot-sgp-1 sshd[3523]: Connection closed by invalid user user 43.142.168.245 port 57902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:51:15.778Z","@version":"1","message":"Sep 10 14:51:15 honeypot-sgp-1 sshd[3529]: Connection closed by invalid user user 43.142.168.245 port 35864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:51:50.795Z","@version":"1","message":"Sep 10 14:51:49 honeypot-sgp-1 sshd[3535]: Connection closed by invalid user user 43.142.168.245 port 49262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:52:48 honeypot-ams-1 sshd[7538]: Received disconnect from 61.177.173.49 port 60010:11:  [preauth]","@timestamp":"2022-09-10T14:52:49.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:54:55 honeypot-ams-1 sshd[7543]: Did not receive identification string from 104.33.41.28 port 40490","@timestamp":"2022-09-10T14:54:55.928Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 14:56:16 honeypot-fra-1 kernel: [83696209.280599] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=10554 PROTO=TCP SPT=55604 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T14:56:16.593Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T14:56:26.911Z","@version":"1","message":"Sep 10 14:56:26 honeypot-sgp-1 sshd[3540]: Disconnected from authenticating user root 61.177.172.19 port 46634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T14:59:05.978Z","@version":"1","message":"Sep 10 14:59:05 honeypot-sgp-1 kernel: [83698059.578976] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42768 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 14:59:19 honeypot-ams-1 sshd[7546]: Disconnected from authenticating user root 61.177.172.124 port 43407 [preauth]","@timestamp":"2022-09-10T14:59:20.047Z"}
{"@timestamp":"2022-09-10T15:03:59.101Z","@version":"1","message":"Sep 10 15:03:58 honeypot-sgp-1 kernel: [83698352.592882] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.6 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47339 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:04:07 honeypot-fra-1 sshd[30250]: Disconnected from authenticating user root 92.255.85.70 port 47612 [preauth]","@timestamp":"2022-09-10T15:04:07.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:04:37 honeypot-fra-1 sshd[30254]: Disconnected from invalid user oracle 164.92.85.159 port 35870 [preauth]","@timestamp":"2022-09-10T15:04:38.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:09:03 honeypot-fra-1 sshd[30261]: Invalid user kandlharsh from 165.22.45.108 port 49776","@timestamp":"2022-09-10T15:09:04.885Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:10:52 honeypot-ams-1 sshd[7554]: Received disconnect from 91.138.228.31 port 35636:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:10:52.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:12:12 honeypot-ams-1 sshd[7558]: Invalid user robert from 61.93.186.125 port 33999","@timestamp":"2022-09-10T15:12:13.386Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 15:12:40 honeypot-ams-1 kernel: [83699346.690192] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.197.40.144 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=18597 DF PROTO=TCP SPT=54815 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:12:41.401Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:13:20 honeypot-fra-1 sshd[30339]: Received disconnect from 68.183.25.156 port 56528:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:13:21.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:13:28.357Z","@version":"1","message":"Sep 10 15:13:27 honeypot-sgp-1 sshd[3556]: Disconnected from authenticating user root 61.177.173.47 port 47119 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:15:38 honeypot-fra-1 sshd[30345]: Disconnected from authenticating user root 61.177.172.98 port 18643 [preauth]","@timestamp":"2022-09-10T15:15:39.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:15:56.420Z","@version":"1","message":"Sep 10 15:15:55 honeypot-sgp-1 sshd[3563]: Disconnected from 157.245.9.6 port 54120 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:16:35 honeypot-ams-1 sshd[7569]: Received disconnect from 123.142.3.137 port 43974:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:16:36.506Z"}
{"@timestamp":"2022-09-10T15:17:02.449Z","@version":"1","message":"Sep 10 15:17:01 honeypot-sgp-1 CRON[3569]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:19:19 honeypot-fra-1 sshd[30351]: Disconnected from invalid user stevem 20.25.38.254 port 54102 [preauth]","@timestamp":"2022-09-10T15:19:20.117Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:19:41.516Z","@version":"1","message":"Sep 10 15:19:40 honeypot-sgp-1 sshd[3576]: Received disconnect from 198.98.61.9 port 58682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:20:01.526Z","@version":"1","message":"Sep 10 15:20:01 honeypot-sgp-1 sshd[3582]: Received disconnect from 115.241.20.242 port 58162:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:20:12.532Z","@version":"1","message":"Sep 10 15:20:11 honeypot-sgp-1 sshd[3584]: Received disconnect from 198.98.61.9 port 36856:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:20:35.543Z","@version":"1","message":"Sep 10 15:20:34 honeypot-sgp-1 sshd[3586]: Received disconnect from 198.98.61.9 port 48408:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 15:21:44 honeypot-ams-1 kernel: [83699890.500624] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=5800 PROTO=TCP SPT=41901 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:21:44.645Z"}
{"@timestamp":"2022-09-10T15:23:02.602Z","@version":"1","message":"Sep 10 15:23:02 honeypot-sgp-1 sshd[3592]: Disconnected from authenticating user root 61.177.173.46 port 27495 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:25:27 honeypot-fra-1 sshd[30358]: Disconnected from invalid user rt 143.198.117.165 port 36744 [preauth]","@timestamp":"2022-09-10T15:25:28.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:27:16 honeypot-fra-1 sshd[30362]: Disconnected from invalid user admin 91.240.118.222 port 50588 [preauth]","@timestamp":"2022-09-10T15:27:17.296Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:27:27 honeypot-ams-1 sshd[7581]: Disconnected from authenticating user root 61.177.173.35 port 49527 [preauth]","@timestamp":"2022-09-10T15:27:27.803Z"}
{"@timestamp":"2022-09-10T15:28:07.729Z","@version":"1","message":"Sep 10 15:28:07 honeypot-sgp-1 sshd[3600]: Connection closed by 50.31.21.10 port 42932 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:33:34 honeypot-fra-1 sshd[30369]: Received disconnect from 61.177.173.50 port 29242:11:  [preauth]","@timestamp":"2022-09-10T15:33:35.435Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:34:47 honeypot-ams-1 sshd[7591]: Disconnected from authenticating user root 61.177.173.51 port 12204 [preauth]","@timestamp":"2022-09-10T15:34:48.001Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:36:12 honeypot-fra-1 kernel: [83698605.167077] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=18343 PROTO=TCP SPT=43977 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:36:12.512Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T15:37:21.955Z","@version":"1","message":"Sep 10 15:37:20 honeypot-sgp-1 kernel: [83700355.204901] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=34253 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:37:53 honeypot-fra-1 kernel: [83698706.506295] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.6.46 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=18775 DF PROTO=TCP SPT=51140 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:37:53.551Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:40:17 honeypot-fra-1 sshd[30382]: Disconnected from authenticating user root 130.61.251.75 port 50550 [preauth]","@timestamp":"2022-09-10T15:40:17.607Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:44:39 honeypot-fra-1 kernel: [83699112.764496] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=201.44.5.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=42760 PROTO=TCP SPT=57114 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:44:40.720Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:45:03 honeypot-ams-1 sshd[7672]: Received disconnect from 61.177.173.49 port 18624:11:  [preauth]","@timestamp":"2022-09-10T15:45:04.277Z"}
{"@timestamp":"2022-09-10T15:48:20.220Z","@version":"1","message":"Sep 10 15:48:19 honeypot-sgp-1 sshd[3614]: Disconnected from authenticating user root 92.255.85.70 port 26884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:50:50 honeypot-fra-1 sshd[30396]: Received disconnect from 92.255.85.70 port 16816:11: Bye Bye [preauth]","@timestamp":"2022-09-10T15:50:50.855Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T15:52:33.323Z","@version":"1","message":"Sep 10 15:52:32 honeypot-sgp-1 sshd[3622]: Received disconnect from 141.255.162.226 port 48124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 15:52:33 honeypot-ams-1 sshd[7679]: Disconnected from 137.184.118.54 port 39628 [preauth]","@timestamp":"2022-09-10T15:52:33.472Z"}
{"@timestamp":"2022-09-10T15:52:35.326Z","@version":"1","message":"Sep 10 15:52:34 honeypot-sgp-1 sshd[3626]: Received disconnect from 141.255.162.226 port 55684:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:52:38.328Z","@version":"1","message":"Sep 10 15:52:37 honeypot-sgp-1 sshd[3630]: Received disconnect from 141.255.162.226 port 53682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T15:54:02.364Z","@version":"1","message":"Sep 10 15:54:02 honeypot-sgp-1 sshd[3635]: Did not receive identification string from 58.72.18.130 port 18233","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 15:59:36 honeypot-fra-1 kernel: [83700009.052090] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=145.40.99.39 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=45457 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T15:59:37.047Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:00:21 honeypot-ams-1 sshd[7693]: Invalid user prasad from 209.141.52.250 port 49084","@timestamp":"2022-09-10T16:00:21.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:04:56 honeypot-ams-1 sshd[7699]: Connection closed by invalid user test 193.106.191.157 port 59916 [preauth]","@timestamp":"2022-09-10T16:04:56.806Z"}
{"@timestamp":"2022-09-10T16:07:36.692Z","@version":"1","message":"Sep 10 16:07:36 honeypot-sgp-1 sshd[3639]: Disconnected from invalid user user 141.255.162.226 port 42424 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:40.695Z","@version":"1","message":"Sep 10 16:07:39 honeypot-sgp-1 sshd[3643]: Disconnected from invalid user user 141.255.162.226 port 49904 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:07:41.696Z","@version":"1","message":"Sep 10 16:07:41 honeypot-sgp-1 sshd[3647]: Disconnected from invalid user user 141.255.162.226 port 44132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:11:46.795Z","@version":"1","message":"Sep 10 16:11:46 honeypot-sgp-1 sshd[3654]: Disconnected from authenticating user root 92.255.85.70 port 43488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:12:00 honeypot-fra-1 sshd[30407]: Disconnected from invalid user kangchenliang 165.22.45.108 port 59278 [preauth]","@timestamp":"2022-09-10T16:12:00.326Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:15:27.887Z","@version":"1","message":"Sep 10 16:15:26 honeypot-sgp-1 sshd[3659]: Invalid user user from 45.61.187.160 port 59038","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:15:48.899Z","@version":"1","message":"Sep 10 16:15:48 honeypot-sgp-1 sshd[3663]: Invalid user user from 45.61.187.160 port 53890","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:16:04 honeypot-fra-1 kernel: [83700997.724245] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60220 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:16:05.445Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T16:16:10.910Z","@version":"1","message":"Sep 10 16:16:10 honeypot-sgp-1 sshd[3667]: Invalid user user from 45.61.187.160 port 48752","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T16:16:20.915Z","@version":"1","message":"Sep 10 16:16:20 honeypot-sgp-1 sshd[3669]: Disconnected from invalid user user 45.61.187.160 port 60288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:17:01 honeypot-ams-1 CRON[7706]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-10T16:17:02.130Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:18:12 honeypot-ams-1 kernel: [83703278.415435] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.64 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40612 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:18:13.165Z"}
{"@timestamp":"2022-09-10T16:21:35.045Z","@version":"1","message":"Sep 10 16:21:34 honeypot-sgp-1 sshd[3675]: Received disconnect from 190.18.110.53 port 60416:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30418]: Invalid user www from 193.187.101.187 port 57128","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30434]: Invalid user git from 193.187.101.187 port 57090","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30417]: Invalid user test from 193.187.101.187 port 57176","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30428]: Connection closed by invalid user hadoop 193.187.101.187 port 57148 [preauth]","@timestamp":"2022-09-10T16:22:01.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:01 honeypot-fra-1 sshd[30418]: Connection closed by invalid user www 193.187.101.187 port 57128 [preauth]","@timestamp":"2022-09-10T16:22:02.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:22:03 honeypot-fra-1 sshd[30458]: Connection closed by authenticating user root 193.187.101.187 port 57118 [preauth]","@timestamp":"2022-09-10T16:22:03.586Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:25:59.153Z","@version":"1","message":"Sep 10 16:25:58 honeypot-sgp-1 kernel: [83703272.630398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.141.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9028 PROTO=TCP SPT=28510 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:26:13 honeypot-fra-1 sshd[30460]: Invalid user test from 193.106.191.157 port 59588","@timestamp":"2022-09-10T16:26:13.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:27:47 honeypot-ams-1 sshd[7716]: Connection closed by 36.110.228.254 port 54330 [preauth]","@timestamp":"2022-09-10T16:27:47.420Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:29:15 honeypot-fra-1 sshd[30463]: Disconnected from invalid user carlo 179.108.181.161 port 39922 [preauth]","@timestamp":"2022-09-10T16:29:16.750Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:31:47.292Z","@version":"1","message":"Sep 10 16:31:46 honeypot-sgp-1 sshd[3683]: Disconnected from invalid user davis 128.199.74.173 port 56746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:33:39 honeypot-ams-1 kernel: [83704205.181189] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=165.73.172.49 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=4608 PROTO=TCP SPT=7719 DPT=80 WINDOW=59110 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:33:39.578Z"}
{"@timestamp":"2022-09-10T16:36:59.421Z","@version":"1","message":"Sep 10 16:36:58 honeypot-sgp-1 sshd[3688]: Connection closed by invalid user easyits 103.188.176.251 port 49284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:36:59 honeypot-ams-1 sshd[7740]: Received disconnect from 68.183.141.33 port 48934:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:36:59.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:37:53 honeypot-fra-1 sshd[30470]: Received disconnect from 92.255.85.70 port 50644:11: Bye Bye [preauth]","@timestamp":"2022-09-10T16:37:53.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 16:41:34 honeypot-ams-1 sshd[7745]: Connection closed by 198.235.24.8 port 43545 [preauth]","@timestamp":"2022-09-10T16:41:34.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:43:34 honeypot-fra-1 sshd[30475]: Received disconnect from 165.22.45.108 port 35798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T16:43:35.092Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 16:52:03 honeypot-ams-1 kernel: [83705309.729685] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.184 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=55823 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T16:52:04.070Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 16:58:14 honeypot-fra-1 sshd[30480]: Invalid user john from 164.92.87.79 port 38530","@timestamp":"2022-09-10T16:58:15.422Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T16:58:36.931Z","@version":"1","message":"Sep 10 16:58:36 honeypot-sgp-1 sshd[3692]: Received disconnect from 92.255.85.69 port 55150:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:01:22 honeypot-fra-1 sshd[30484]: Received disconnect from 92.255.85.70 port 46650:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:01:22.492Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:05:57 honeypot-ams-1 kernel: [83706143.703882] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=487 PROTO=TCP SPT=31242 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:05:58.435Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:07:19 honeypot-ams-1 sshd[7760]: Disconnected from authenticating user root 128.199.120.249 port 39672 [preauth]","@timestamp":"2022-09-10T17:07:19.499Z"}
{"@timestamp":"2022-09-10T17:09:02.197Z","@version":"1","message":"Sep 10 17:09:01 honeypot-sgp-1 CRON[3698]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:10:39 honeypot-ams-1 sshd[7768]: Received disconnect from 43.154.50.12 port 42356:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:10:39.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:11:42 honeypot-ams-1 sshd[7774]: Invalid user admin from 91.240.118.222 port 23194","@timestamp":"2022-09-10T17:11:42.615Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:12:13 honeypot-fra-1 sshd[30491]: Received disconnect from 51.195.91.241 port 41158:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:12:13.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:14:23 honeypot-fra-1 sshd[30496]: Received disconnect from 188.170.13.225 port 51918:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:14:23.813Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:14:48 honeypot-fra-1 sshd[30500]: Received disconnect from 165.22.45.108 port 40564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T17:14:49.825Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:18:21 honeypot-ams-1 kernel: [83706887.840694] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.76 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8566 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:18:21.787Z"}
{"@timestamp":"2022-09-10T17:18:50.458Z","@version":"1","message":"Sep 10 17:18:49 honeypot-sgp-1 sshd[3705]: Invalid user vis123 from 189.4.149.140 port 49258","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:22:11.540Z","@version":"1","message":"Sep 10 17:22:10 honeypot-sgp-1 sshd[3710]: Disconnected from authenticating user root 92.255.85.70 port 54782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:24:26 honeypot-fra-1 sshd[30507]: Received disconnect from 92.255.85.70 port 57108:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:24:27.039Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 17:27:20 honeypot-ams-1 sshd[7788]: Received disconnect from 92.255.85.69 port 26996:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:27:21.017Z"}
{"@timestamp":"2022-09-10T17:27:29.668Z","@version":"1","message":"Sep 10 17:27:28 honeypot-sgp-1 sshd[3716]: Disconnected from invalid user user 45.61.186.49 port 45614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:27:38.674Z","@version":"1","message":"Sep 10 17:27:38 honeypot-sgp-1 sshd[3720]: Disconnected from invalid user user 45.61.186.49 port 56908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:32:14 honeypot-fra-1 sshd[30511]: Connection closed by invalid user test 193.106.191.157 port 43118 [preauth]","@timestamp":"2022-09-10T17:32:15.217Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T17:32:56.804Z","@version":"1","message":"Sep 10 17:32:56 honeypot-sgp-1 sshd[3725]: Did not receive identification string from 45.61.184.204 port 43360","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:33:40.823Z","@version":"1","message":"Sep 10 17:33:40 honeypot-sgp-1 sshd[3728]: Disconnected from invalid user user 45.61.184.204 port 54678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:33:59.833Z","@version":"1","message":"Sep 10 17:33:59 honeypot-sgp-1 sshd[3732]: Received disconnect from 45.61.184.204 port 49618:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:34:17.843Z","@version":"1","message":"Sep 10 17:34:17 honeypot-sgp-1 sshd[3736]: Received disconnect from 45.61.184.204 port 44564:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:35:20.870Z","@version":"1","message":"Sep 10 17:35:20 honeypot-sgp-1 sshd[3740]: Connection closed by invalid user admin 183.107.45.127 port 37939 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:38 honeypot-fra-1 sshd[30515]: Invalid user user from 141.255.162.226 port 33206","@timestamp":"2022-09-10T17:40:38.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:39 honeypot-fra-1 sshd[30519]: Invalid user user from 141.255.162.226 port 46682","@timestamp":"2022-09-10T17:40:40.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:40:43 honeypot-fra-1 sshd[30523]: Invalid user user from 141.255.162.226 port 34504","@timestamp":"2022-09-10T17:40:44.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:41:15 honeypot-fra-1 kernel: [83706108.172820] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.134 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=37782 PROTO=TCP SPT=64161 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:41:15.425Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:45:48 honeypot-ams-1 kernel: [83708534.837627] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41684 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:45:49.506Z"}
{"@timestamp":"2022-09-10T17:47:30.156Z","@version":"1","message":"Sep 10 17:47:29 honeypot-sgp-1 sshd[3747]: Invalid user User from 59.120.23.124 port 38526","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 17:48:17 honeypot-fra-1 sshd[30530]: Received disconnect from 92.255.85.70 port 62400:11: Bye Bye [preauth]","@timestamp":"2022-09-10T17:48:18.584Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 17:52:13 honeypot-ams-1 kernel: [83708919.166131] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36597 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T17:52:13.676Z"}
{"@timestamp":"2022-09-10T17:52:17.271Z","@version":"1","message":"Sep 10 17:52:17 honeypot-sgp-1 sshd[3752]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:53:33.302Z","@version":"1","message":"Sep 10 17:53:33 honeypot-sgp-1 sshd[3755]: Disconnected from invalid user public 64.227.35.112 port 34020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T17:59:06.433Z","@version":"1","message":"Sep 10 17:59:05 honeypot-sgp-1 kernel: [83708859.704340] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.136.78 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=39102 PROTO=TCP SPT=17464 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:36 honeypot-ams-1 sshd[7806]: Received disconnect from 141.255.162.226 port 46362:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:01:36.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:36 honeypot-ams-1 sshd[7810]: Received disconnect from 141.255.162.226 port 41214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:01:36.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:01:40 honeypot-ams-1 sshd[7814]: Received disconnect from 141.255.162.226 port 56604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:01:40.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:03:32 honeypot-ams-1 sshd[7818]: Did not receive identification string from 198.235.24.144 port 53664","@timestamp":"2022-09-10T18:03:32.972Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:04:23 honeypot-fra-1 sshd[30533]: Disconnected from invalid user takemoto 64.227.178.106 port 37674 [preauth]","@timestamp":"2022-09-10T18:04:23.940Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:06:12.602Z","@version":"1","message":"Sep 10 18:06:12 honeypot-sgp-1 kernel: [83709286.444465] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59390 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:12:03 honeypot-fra-1 sshd[30537]: Disconnected from authenticating user root 92.255.85.70 port 28612 [preauth]","@timestamp":"2022-09-10T18:12:04.113Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:12:20.767Z","@version":"1","message":"Sep 10 18:12:20 honeypot-sgp-1 kernel: [83709654.760594] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=46687 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:13:54 honeypot-ams-1 sshd[7821]: Disconnected from authenticating user root 92.255.85.70 port 24648 [preauth]","@timestamp":"2022-09-10T18:13:55.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:18:03 honeypot-fra-1 sshd[30543]: Received disconnect from 165.22.45.108 port 50108:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T18:18:04.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:08 honeypot-fra-1 sshd[30548]: Invalid user user from 141.255.162.226 port 48910","@timestamp":"2022-09-10T18:19:08.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:13 honeypot-fra-1 sshd[30552]: Invalid user user from 141.255.162.226 port 42086","@timestamp":"2022-09-10T18:19:14.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:19:14 honeypot-fra-1 sshd[30556]: Invalid user user from 141.255.162.226 port 49226","@timestamp":"2022-09-10T18:19:15.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:22:22 honeypot-fra-1 sshd[30560]: Received disconnect from 13.67.201.190 port 59362:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:22:23.349Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:23:40 honeypot-ams-1 kernel: [83710806.189195] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.141.242 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38227 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:23:40.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:24:54 honeypot-fra-1 sshd[30566]: Invalid user user from 45.61.186.249 port 34844","@timestamp":"2022-09-10T18:24:55.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:13 honeypot-fra-1 sshd[30570]: Invalid user user from 45.61.186.249 port 57626","@timestamp":"2022-09-10T18:25:14.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:22 honeypot-fra-1 sshd[30574]: Invalid user user from 45.61.186.249 port 40816","@timestamp":"2022-09-10T18:25:23.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:32 honeypot-fra-1 sshd[30578]: Invalid user user from 45.61.186.249 port 52202","@timestamp":"2022-09-10T18:25:32.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:25:49 honeypot-fra-1 sshd[30583]: Invalid user user from 45.61.186.249 port 46780","@timestamp":"2022-09-10T18:25:50.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:29:51 honeypot-fra-1 sshd[30588]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-10T18:29:51.525Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T18:32:44.249Z","@version":"1","message":"Sep 10 18:32:43 honeypot-sgp-1 sshd[3775]: Disconnected from authenticating user root 92.255.85.69 port 42798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:35:39 honeypot-fra-1 sshd[30592]: Disconnected from invalid user Gyongyver 60.9.237.201 port 11139 [preauth]","@timestamp":"2022-09-10T18:35:39.658Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 18:40:59 honeypot-ams-1 kernel: [83711845.716211] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=44067 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T18:40:59.937Z"}
{"@timestamp":"2022-09-10T18:46:45.592Z","@version":"1","message":"Sep 10 18:46:45 honeypot-sgp-1 sshd[3783]: Invalid user eddie from 164.92.142.65 port 58416","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:47:50 honeypot-fra-1 sshd[30599]: Invalid user easyits from 103.188.176.251 port 41104","@timestamp":"2022-09-10T18:47:50.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:49:49 honeypot-fra-1 sshd[30601]: Disconnected from invalid user kanwarpreet 165.22.45.108 port 54882 [preauth]","@timestamp":"2022-09-10T18:49:49.980Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:51:59 honeypot-ams-1 sshd[7848]: Disconnected from authenticating user root 47.180.249.215 port 56488 [preauth]","@timestamp":"2022-09-10T18:52:00.218Z"}
{"@timestamp":"2022-09-10T18:53:51.758Z","@version":"1","message":"Sep 10 18:53:51 honeypot-sgp-1 sshd[3788]: Invalid user gast from 149.7.217.27 port 50158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T18:56:31.822Z","@version":"1","message":"Sep 10 18:56:31 honeypot-sgp-1 sshd[3790]: Disconnected from invalid user usuario 92.255.85.69 port 47966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 18:58:34 honeypot-ams-1 sshd[7853]: Received disconnect from 97.74.92.195 port 55542:11: Bye Bye [preauth]","@timestamp":"2022-09-10T18:58:35.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 18:58:38 honeypot-fra-1 sshd[30608]: Invalid user usuario from 92.255.85.69 port 49254","@timestamp":"2022-09-10T18:58:39.178Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:01:49 honeypot-ams-1 sshd[7858]: Invalid user snelson from 83.221.180.202 port 33642","@timestamp":"2022-09-10T19:01:50.476Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:05:35 honeypot-ams-1 kernel: [83713321.615645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.212.119.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=35527 PROTO=TCP SPT=17883 DPT=80 WINDOW=3483 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:05:35.591Z"}
{"@timestamp":"2022-09-10T19:07:51.081Z","@version":"1","message":"Sep 10 19:07:50 honeypot-sgp-1 kernel: [83712984.933721] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.141.41 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=47450 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:09:05 honeypot-ams-1 sshd[7866]: Disconnected from authenticating user root 80.76.51.189 port 51090 [preauth]","@timestamp":"2022-09-10T19:09:05.684Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:09:14 honeypot-fra-1 kernel: [83711387.363039] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.56.108.158 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=17122 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:09:15.432Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:10:09 honeypot-ams-1 sshd[7870]: Disconnected from invalid user support 80.76.51.189 port 44488 [preauth]","@timestamp":"2022-09-10T19:10:09.715Z"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3808]: Invalid user mcserver from 94.156.175.57 port 34836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3817]: Invalid user guest from 94.156.175.57 port 34846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3820]: Invalid user es from 94.156.175.57 port 34742","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3803]: Connection closed by invalid user esuser 94.156.175.57 port 34863 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3815]: Invalid user esuser from 94.156.175.57 port 34912","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3806]: Connection closed by invalid user esuser 94.156.175.57 port 34867 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3811]: Connection closed by invalid user ec2 94.156.175.57 port 34906 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3814]: Connection closed by invalid user vagrant 94.156.175.57 port 34904 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T19:10:31.147Z","@version":"1","message":"Sep 10 19:10:30 honeypot-sgp-1 sshd[3824]: Connection closed by authenticating user root 94.156.175.57 port 34893 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:12:22 honeypot-ams-1 kernel: [83713728.939202] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.158.14.109 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x20 TTL=57 ID=22157 PROTO=TCP SPT=47967 DPT=80 WINDOW=27287 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:12:23.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:17:01 honeypot-fra-1 CRON[30615]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T19:17:01.609Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:17:02.297Z","@version":"1","message":"Sep 10 19:17:01 honeypot-sgp-1 CRON[3858]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:21:03 honeypot-fra-1 sshd[30621]: Invalid user kanwarpreet from 165.22.45.108 port 59642","@timestamp":"2022-09-10T19:21:04.702Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 19:21:05 honeypot-ams-1 kernel: [83714251.718767] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.88.18.101 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=46024 PROTO=TCP SPT=33533 DPT=80 WINDOW=8486 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:21:06.003Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:22:12 honeypot-fra-1 sshd[30625]: Received disconnect from 41.93.33.2 port 46314:11: Bye Bye [preauth]","@timestamp":"2022-09-10T19:22:13.729Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:22:39 honeypot-ams-1 sshd[7886]: Connection closed by invalid user admin 220.121.250.154 port 47827 [preauth]","@timestamp":"2022-09-10T19:22:40.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:26:39 honeypot-ams-1 sshd[7891]: Received disconnect from 45.61.184.204 port 54244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T19:26:40.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:01 honeypot-ams-1 sshd[7897]: Invalid user user from 45.61.184.204 port 49360","@timestamp":"2022-09-10T19:27:02.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:10 honeypot-ams-1 sshd[7901]: Invalid user user from 45.61.184.204 port 32798","@timestamp":"2022-09-10T19:27:11.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:19 honeypot-ams-1 sshd[7905]: Invalid user user from 45.61.184.204 port 44480","@timestamp":"2022-09-10T19:27:20.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:28 honeypot-ams-1 sshd[7909]: Invalid user user from 45.61.184.204 port 56196","@timestamp":"2022-09-10T19:27:29.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:36 honeypot-ams-1 sshd[7913]: Invalid user user from 45.61.184.204 port 39592","@timestamp":"2022-09-10T19:27:37.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:27:49 honeypot-ams-1 sshd[7917]: Invalid user user from 45.61.186.169 port 46502","@timestamp":"2022-09-10T19:27:50.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:30:24 honeypot-ams-1 sshd[7922]: Invalid user ssw from 137.116.144.39 port 49954","@timestamp":"2022-09-10T19:30:25.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:30:50 honeypot-fra-1 kernel: [83712683.130431] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=85.237.200.148 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48670 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T19:30:50.921Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:32:06 honeypot-ams-1 sshd[7932]: Connection closed by authenticating user root 111.68.111.100 port 42420 [preauth]","@timestamp":"2022-09-10T19:32:07.310Z"}
{"@timestamp":"2022-09-10T19:33:04.660Z","@version":"1","message":"Sep 10 19:33:04 honeypot-sgp-1 kernel: [83714498.607015] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.225.27.109 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=746 PROTO=TCP SPT=58479 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:43:31 honeypot-fra-1 sshd[30639]: Invalid user test from 193.106.191.157 port 38356","@timestamp":"2022-09-10T19:43:32.207Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T19:44:26.914Z","@version":"1","message":"Sep 10 19:44:26 honeypot-sgp-1 sshd[3868]: Disconnected from authenticating user root 20.91.221.85 port 47522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:48:09 honeypot-ams-1 sshd[7941]: Disconnected from invalid user usuario 92.255.85.70 port 45164 [preauth]","@timestamp":"2022-09-10T19:48:10.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:52:21 honeypot-fra-1 sshd[30645]: Invalid user kanwarpreet from 165.22.45.108 port 36152","@timestamp":"2022-09-10T19:52:22.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 19:54:34 honeypot-fra-1 sshd[30649]: Disconnected from authenticating user root 35.230.36.24 port 48422 [preauth]","@timestamp":"2022-09-10T19:54:35.454Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 19:56:24 honeypot-ams-1 sshd[7947]: Disconnected from authenticating user root 200.52.65.31 port 7959 [preauth]","@timestamp":"2022-09-10T19:56:24.942Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:16 honeypot-fra-1 sshd[30661]: Invalid user user from 45.61.187.160 port 46262","@timestamp":"2022-09-10T20:05:17.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:37 honeypot-fra-1 sshd[30665]: Invalid user user from 45.61.187.160 port 40980","@timestamp":"2022-09-10T20:05:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:05:55 honeypot-fra-1 sshd[30669]: Invalid user user from 45.61.187.160 port 35696","@timestamp":"2022-09-10T20:05:55.714Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:06:13.437Z","@version":"1","message":"Sep 10 20:06:13 honeypot-sgp-1 sshd[3877]: Received disconnect from 92.255.85.70 port 43424:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:07:21 honeypot-fra-1 kernel: [83714873.517367] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=35751 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:07:21.746Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:11:22 honeypot-ams-1 sshd[7955]: Received disconnect from 92.255.85.70 port 33578:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:11:22.326Z"}
{"@timestamp":"2022-09-10T20:13:40.614Z","@version":"1","message":"Sep 10 20:13:40 honeypot-sgp-1 sshd[3883]: Disconnected from invalid user team 179.157.22.88 port 25479 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:14:56 honeypot-ams-1 kernel: [83717482.205741] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=44512 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:14:56.443Z"}
{"@timestamp":"2022-09-10T20:15:55.671Z","@version":"1","message":"Sep 10 20:15:55 honeypot-sgp-1 sshd[3887]: Disconnected from 204.48.30.72 port 53912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:17:01 honeypot-fra-1 CRON[30676]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T20:17:01.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:18:29 honeypot-ams-1 kernel: [83717695.499116] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=14519 PROTO=TCP SPT=14334 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:18:29.538Z"}
{"@timestamp":"2022-09-10T20:19:30.757Z","@version":"1","message":"Sep 10 20:19:30 honeypot-sgp-1 kernel: [83717284.191921] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.203.57.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41757 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:23:33 honeypot-fra-1 sshd[30682]: Received disconnect from 165.22.45.108 port 42314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T20:23:33.103Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:27:42 honeypot-ams-1 kernel: [83718248.119317] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58864 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:27:42.776Z"}
{"@timestamp":"2022-09-10T20:28:41.002Z","@version":"1","message":"Sep 10 20:28:40 honeypot-sgp-1 sshd[3897]: Disconnected from invalid user porno 117.220.15.119 port 41440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:29:29.022Z","@version":"1","message":"Sep 10 20:29:29 honeypot-sgp-1 sshd[3901]: Disconnected from invalid user usuario 92.255.85.69 port 62202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:29:38 honeypot-fra-1 sshd[30688]: Connection closed by 70.123.147.18 port 45710 [preauth]","@timestamp":"2022-09-10T20:29:38.255Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:35:39 honeypot-ams-1 kernel: [83718725.515544] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47408 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:35:39.979Z"}
{"@timestamp":"2022-09-10T20:36:59.201Z","@version":"1","message":"Sep 10 20:36:58 honeypot-sgp-1 kernel: [83718332.404592] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49627 PROTO=TCP SPT=56793 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:39:01 honeypot-fra-1 sshd[30695]: Unable to negotiate with 113.5.234.18 port 35972: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-10T20:39:02.459Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:42:00 honeypot-ams-1 sshd[7982]: Disconnected from invalid user ubuntu 95.85.27.201 port 54086 [preauth]","@timestamp":"2022-09-10T20:42:01.143Z"}
{"@timestamp":"2022-09-10T20:42:30.339Z","@version":"1","message":"Sep 10 20:42:29 honeypot-sgp-1 kernel: [83718663.342116] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.67.140 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=56926 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:42:56 honeypot-fra-1 sshd[30700]: Disconnected from invalid user rust 5.101.1.20 port 58756 [preauth]","@timestamp":"2022-09-10T20:42:56.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:44:33 honeypot-fra-1 sshd[30707]: Received disconnect from 94.75.123.43 port 46020:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:44:33.589Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:44:48.399Z","@version":"1","message":"Sep 10 20:44:47 honeypot-sgp-1 sshd[3913]: Disconnected from 137.184.105.25 port 33538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:03.406Z","@version":"1","message":"Sep 10 20:45:03 honeypot-sgp-1 sshd[3917]: Disconnected from invalid user user 45.61.186.249 port 43982 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:22.415Z","@version":"1","message":"Sep 10 20:45:21 honeypot-sgp-1 sshd[3921]: Disconnected from invalid user user 45.61.186.249 port 39150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T20:45:41.423Z","@version":"1","message":"Sep 10 20:45:40 honeypot-sgp-1 sshd[3925]: Disconnected from invalid user user 45.61.186.249 port 34316 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:49:26 honeypot-fra-1 sshd[30711]: Connection closed by invalid user test 193.106.191.157 port 50080 [preauth]","@timestamp":"2022-09-10T20:49:26.719Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T20:49:30.510Z","@version":"1","message":"Sep 10 20:49:29 honeypot-sgp-1 kernel: [83719083.759949] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=18837 PROTO=TCP SPT=48545 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 20:51:44 honeypot-ams-1 kernel: [83719690.619152] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54423 PROTO=TCP SPT=59508 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T20:51:45.389Z"}
{"@timestamp":"2022-09-10T20:54:57.647Z","@version":"1","message":"Sep 10 20:54:56 honeypot-sgp-1 kernel: [83719410.743770] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59394 DF PROTO=TCP SPT=60894 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 20:56:08 honeypot-fra-1 sshd[30716]: Received disconnect from 92.255.85.70 port 60034:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:56:08.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:58:11 honeypot-ams-1 sshd[7991]: Received disconnect from 92.255.85.70 port 31346:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:58:11.558Z"}
{"@timestamp":"2022-09-10T20:58:55.765Z","@version":"1","message":"Sep 10 20:58:55 honeypot-sgp-1 sshd[3933]: Invalid user vnc from 23.224.98.194 port 33056","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 20:59:31 honeypot-ams-1 sshd[7995]: Received disconnect from 128.199.251.65 port 39142:11: Bye Bye [preauth]","@timestamp":"2022-09-10T20:59:31.595Z"}
{"@timestamp":"2022-09-10T21:02:30.848Z","@version":"1","message":"Sep 10 21:02:30 honeypot-sgp-1 kernel: [83719864.012347] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52487 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:05:47 honeypot-fra-1 sshd[30722]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 38133","@timestamp":"2022-09-10T21:05:48.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:08:10 honeypot-ams-1 kernel: [83720676.657382] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.67.197.241 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=56656 PROTO=TCP SPT=30101 DPT=80 WINDOW=50270 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:08:10.823Z"}
{"@timestamp":"2022-09-10T21:08:33.003Z","@version":"1","message":"Sep 10 21:08:32 honeypot-sgp-1 sshd[3941]: Disconnected from authenticating user root 216.137.185.227 port 59378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:08:39 honeypot-fra-1 sshd[30725]: Connection closed by invalid user User 183.242.64.111 port 41128 [preauth]","@timestamp":"2022-09-10T21:08:40.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:09:01 honeypot-fra-1 sshd[30731]: Disconnected from invalid user user 45.61.186.49 port 49128 [preauth]","@timestamp":"2022-09-10T21:09:02.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:09:11 honeypot-fra-1 sshd[30735]: Disconnected from invalid user user 45.61.186.49 port 60940 [preauth]","@timestamp":"2022-09-10T21:09:12.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:13:28 honeypot-ams-1 sshd[8002]: Received disconnect from 139.59.26.69 port 43144:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:13:29.962Z"}
{"@timestamp":"2022-09-10T21:14:07.131Z","@version":"1","message":"Sep 10 21:14:06 honeypot-sgp-1 sshd[3947]: Invalid user user from 45.61.186.49 port 44870","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T21:14:16.136Z","@version":"1","message":"Sep 10 21:14:15 honeypot-sgp-1 sshd[3951]: Invalid user user from 45.61.186.49 port 56454","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:30 honeypot-fra-1 sshd[30741]: Disconnected from invalid user user 45.61.184.204 port 55248 [preauth]","@timestamp":"2022-09-10T21:14:30.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:14:51 honeypot-fra-1 sshd[30745]: Disconnected from invalid user user 45.61.184.204 port 50040 [preauth]","@timestamp":"2022-09-10T21:14:51.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:15:08 honeypot-fra-1 sshd[30749]: Disconnected from invalid user user 45.61.184.204 port 44830 [preauth]","@timestamp":"2022-09-10T21:15:09.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:15:25 honeypot-fra-1 sshd[30753]: Disconnected from invalid user user 45.61.184.204 port 39638 [preauth]","@timestamp":"2022-09-10T21:15:26.350Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:16:50.196Z","@version":"1","message":"Sep 10 21:16:49 honeypot-sgp-1 sshd[3957]: Received disconnect from 92.255.85.70 port 63586:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:16:51 honeypot-ams-1 sshd[8006]: Did not receive identification string from 178.79.177.104 port 42898","@timestamp":"2022-09-10T21:16:52.050Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:18:28 honeypot-ams-1 kernel: [83721294.155466] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=59835 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:18:29.093Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:20:14 honeypot-fra-1 sshd[30761]: Received disconnect from 92.255.85.69 port 45166:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:20:15.457Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:21:32 honeypot-ams-1 sshd[8017]: Received disconnect from 92.255.85.70 port 52496:11: Bye Bye [preauth]","@timestamp":"2022-09-10T21:21:33.172Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:23:29 honeypot-fra-1 sshd[30765]: Disconnected from authenticating user root 190.52.39.248 port 45830 [preauth]","@timestamp":"2022-09-10T21:23:30.531Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:27:57 honeypot-ams-1 sshd[8023]: Connection closed by 178.79.177.104 port 41598 [preauth]","@timestamp":"2022-09-10T21:27:58.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:28:40 honeypot-ams-1 sshd[8033]: Connection closed by invalid user admin 59.27.98.103 port 58792 [preauth]","@timestamp":"2022-09-10T21:28:40.360Z"}
{"@timestamp":"2022-09-10T21:33:00.581Z","@version":"1","message":"Sep 10 21:33:00 honeypot-sgp-1 sshd[3964]: Received disconnect from 118.200.42.47 port 55710:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:35:24 honeypot-fra-1 sshd[30773]: Disconnected from authenticating user root 139.59.255.59 port 45306 [preauth]","@timestamp":"2022-09-10T21:35:25.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:35:55.649Z","@version":"1","message":"Sep 10 21:35:55 honeypot-sgp-1 sshd[3969]: Disconnected from authenticating user root 94.30.68.41 port 46518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:36:55 honeypot-ams-1 sshd[8040]: Invalid user abcdef from 161.82.233.179 port 41730","@timestamp":"2022-09-10T21:36:55.595Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:37:29 honeypot-ams-1 kernel: [83722435.422627] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=4922 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:37:29.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:41:39 honeypot-fra-1 sshd[30779]: Disconnected from invalid user lextend 159.223.51.140 port 55566 [preauth]","@timestamp":"2022-09-10T21:41:39.935Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:42:12.790Z","@version":"1","message":"Sep 10 21:42:12 honeypot-sgp-1 sshd[3977]: Invalid user nvidia from 103.188.176.251 port 40872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:50:38 honeypot-fra-1 sshd[30785]: Connection closed by invalid user ventamaxx 141.98.10.158 port 43816 [preauth]","@timestamp":"2022-09-10T21:50:38.136Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T21:50:55.998Z","@version":"1","message":"Sep 10 21:50:55 honeypot-sgp-1 kernel: [83722769.076237] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33859 PROTO=TCP SPT=46613 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 21:52:01 honeypot-ams-1 sshd[8048]: Invalid user ncuser from 84.201.164.50 port 57414","@timestamp":"2022-09-10T21:52:01.985Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 21:55:15 honeypot-fra-1 sshd[30861]: Connection closed by invalid user test 193.106.191.157 port 33594 [preauth]","@timestamp":"2022-09-10T21:55:16.244Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:57:25 honeypot-ams-1 kernel: [83723631.338080] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.52 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=49682 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:57:26.125Z"}
{"@timestamp":"2022-09-10T21:58:11.173Z","@version":"1","message":"Sep 10 21:58:10 honeypot-sgp-1 sshd[3989]: Connection closed by invalid user  128.14.232.100 port 43574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 21:59:55 honeypot-ams-1 kernel: [83723781.074586] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.38.12.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58037 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T21:59:55.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:01:30 honeypot-ams-1 sshd[8060]: Received disconnect from 109.205.213.23 port 60536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:01:31.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:03:05 honeypot-ams-1 sshd[8065]: Disconnected from authenticating user root 109.205.213.23 port 48866 [preauth]","@timestamp":"2022-09-10T22:03:06.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:04:28 honeypot-ams-1 sshd[8071]: Disconnected from authenticating user root 109.205.213.23 port 37196 [preauth]","@timestamp":"2022-09-10T22:04:28.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:05:20 honeypot-ams-1 sshd[8076]: Disconnected from authenticating user root 109.205.213.23 port 57648 [preauth]","@timestamp":"2022-09-10T22:05:21.343Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:06:16 honeypot-fra-1 sshd[30867]: Disconnected from authenticating user root 92.255.85.70 port 30838 [preauth]","@timestamp":"2022-09-10T22:06:16.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:09:28 honeypot-ams-1 sshd[8083]: Disconnected from authenticating user root 92.255.85.70 port 35360 [preauth]","@timestamp":"2022-09-10T22:09:29.447Z"}
{"@timestamp":"2022-09-10T22:12:49.536Z","@version":"1","message":"Sep 10 22:12:48 honeypot-sgp-1 kernel: [83724082.580109] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.146.70 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=29702 PROTO=TCP SPT=37831 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:14:05 honeypot-ams-1 sshd[8089]: Received disconnect from 79.127.36.98 port 51134:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:14:06.562Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:18:46 honeypot-ams-1 kernel: [83724912.650192] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.55.63.134 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=8796 PROTO=TCP SPT=29489 DPT=80 WINDOW=55464 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:18:47.682Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:22:29 honeypot-fra-1 sshd[30876]: Received disconnect from 165.232.172.31 port 47416:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:22:29.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:23:37 honeypot-ams-1 sshd[8105]: Received disconnect from 61.177.172.114 port 27018:11:  [preauth]","@timestamp":"2022-09-10T22:23:37.811Z"}
{"@timestamp":"2022-09-10T22:23:49.039Z","@version":"1","message":"Sep 10 22:23:48 honeypot-sgp-1 sshd[4003]: Did not receive identification string from 45.61.187.160 port 41110","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:10.050Z","@version":"1","message":"Sep 10 22:24:09 honeypot-sgp-1 sshd[4008]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 10459","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:22.056Z","@version":"1","message":"Sep 10 22:24:21 honeypot-sgp-1 sshd[4013]: Invalid user cameras from 31.184.198.71 port 5005","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:31.060Z","@version":"1","message":"Sep 10 22:24:30 honeypot-sgp-1 sshd[4017]: Disconnecting invalid user  31.184.198.71 port 53017: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:39.064Z","@version":"1","message":"Sep 10 22:24:38 honeypot-sgp-1 sshd[4021]: Disconnecting invalid user admin 31.184.198.71 port 2085: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:39 honeypot-ams-1 sshd[8110]: Invalid user user from 45.61.186.169 port 53820","@timestamp":"2022-09-10T22:24:39.843Z"}
{"@timestamp":"2022-09-10T22:24:43.066Z","@version":"1","message":"Sep 10 22:24:42 honeypot-sgp-1 sshd[4025]: Invalid user  from 31.184.198.71 port 17077","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:24:51.070Z","@version":"1","message":"Sep 10 22:24:50 honeypot-sgp-1 sshd[4031]: Disconnected from invalid user user 45.61.187.160 port 36374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:24:57 honeypot-ams-1 sshd[8114]: Invalid user user from 45.61.186.169 port 48902","@timestamp":"2022-09-10T22:24:57.852Z"}
{"@timestamp":"2022-09-10T22:25:03.075Z","@version":"1","message":"Sep 10 22:25:02 honeypot-sgp-1 sshd[4037]: Invalid user admin from 31.184.198.71 port 6723","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:25:14 honeypot-ams-1 sshd[8118]: Invalid user user from 45.61.186.169 port 43934","@timestamp":"2022-09-10T22:25:14.861Z"}
{"@timestamp":"2022-09-10T22:25:24.086Z","@version":"1","message":"Sep 10 22:25:23 honeypot-sgp-1 sshd[4043]: Disconnecting authenticating user root 31.184.198.71 port 14860: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:25:40.094Z","@version":"1","message":"Sep 10 22:25:40 honeypot-sgp-1 sshd[4049]: Disconnecting invalid user araknis 31.184.198.71 port 32764: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:04.104Z","@version":"1","message":"Sep 10 22:26:03 honeypot-sgp-1 sshd[4057]: Invalid user Admin from 31.184.198.71 port 30231","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:24.114Z","@version":"1","message":"Sep 10 22:26:23 honeypot-sgp-1 sshd[4063]: Invalid user guest from 31.184.198.71 port 51695","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:46.124Z","@version":"1","message":"Sep 10 22:26:46 honeypot-sgp-1 sshd[4069]: Invalid user  from 31.184.198.71 port 46158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:26:59.132Z","@version":"1","message":"Sep 10 22:26:58 honeypot-sgp-1 sshd[4075]: Invalid user cisco from 31.184.198.71 port 13216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:21.142Z","@version":"1","message":"Sep 10 22:27:20 honeypot-sgp-1 sshd[4081]: Disconnecting authenticating user root 31.184.198.71 port 35095: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:27:43.152Z","@version":"1","message":"Sep 10 22:27:43 honeypot-sgp-1 sshd[4087]: Disconnecting invalid user adslroot 31.184.198.71 port 58226: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:27:55 honeypot-ams-1 sshd[8123]: Received disconnect from 61.177.173.35 port 12397:11:  [preauth]","@timestamp":"2022-09-10T22:27:55.929Z"}
{"@timestamp":"2022-09-10T22:28:03.162Z","@version":"1","message":"Sep 10 22:28:02 honeypot-sgp-1 sshd[4096]: Received disconnect from 188.166.184.30 port 37774:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:19.170Z","@version":"1","message":"Sep 10 22:28:18 honeypot-sgp-1 sshd[4100]: Invalid user  from 31.184.198.71 port 41137","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:28:42.181Z","@version":"1","message":"Sep 10 22:28:41 honeypot-sgp-1 sshd[4106]: Disconnecting invalid user admin 31.184.198.71 port 53645: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:05.193Z","@version":"1","message":"Sep 10 22:29:04 honeypot-sgp-1 sshd[4112]: Disconnecting invalid user cusadmin 31.184.198.71 port 56292: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:29:30.205Z","@version":"1","message":"Sep 10 22:29:29 honeypot-sgp-1 sshd[4118]: Disconnecting invalid user lgnortel 31.184.198.71 port 15236: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:29:43 honeypot-fra-1 sshd[30881]: Received disconnect from 165.22.45.108 port 33946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:29:44.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T22:29:46.213Z","@version":"1","message":"Sep 10 22:29:45 honeypot-sgp-1 sshd[4124]: Disconnecting invalid user admin 31.184.198.71 port 14160: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:04.221Z","@version":"1","message":"Sep 10 22:30:04 honeypot-sgp-1 sshd[4130]: Disconnecting invalid user matrix 31.184.198.71 port 61362: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:30:08 honeypot-ams-1 sshd[8125]: Disconnected from authenticating user root 61.177.173.50 port 57777 [preauth]","@timestamp":"2022-09-10T22:30:08.990Z"}
{"@timestamp":"2022-09-10T22:30:19.229Z","@version":"1","message":"Sep 10 22:30:19 honeypot-sgp-1 sshd[4136]: Disconnecting invalid user motorola 31.184.198.71 port 26455: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:30:39.239Z","@version":"1","message":"Sep 10 22:30:38 honeypot-sgp-1 sshd[4144]: Invalid user admin from 31.184.198.71 port 51065","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:30:50 honeypot-fra-1 sshd[30883]: Received disconnect from 187.218.23.85 port 54726:11: Bye Bye [preauth]","@timestamp":"2022-09-10T22:30:51.047Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T22:30:58.248Z","@version":"1","message":"Sep 10 22:30:57 honeypot-sgp-1 sshd[4150]: Invalid user admin from 31.184.198.71 port 19655","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:24.261Z","@version":"1","message":"Sep 10 22:31:23 honeypot-sgp-1 sshd[4156]: Invalid user Shiko from 31.184.198.71 port 52128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:43.271Z","@version":"1","message":"Sep 10 22:31:43 honeypot-sgp-1 sshd[4162]: Invalid user smcadmin from 31.184.198.71 port 40555","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:31:56.278Z","@version":"1","message":"Sep 10 22:31:56 honeypot-sgp-1 sshd[4166]: Invalid user cusadmin from 31.184.198.71 port 5093","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:12.285Z","@version":"1","message":"Sep 10 22:32:12 honeypot-sgp-1 sshd[4172]: Invalid user sweex from 31.184.198.71 port 47150","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:29.294Z","@version":"1","message":"Sep 10 22:32:28 honeypot-sgp-1 sshd[4178]: Invalid user  from 31.184.198.71 port 3839","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:32:49.304Z","@version":"1","message":"Sep 10 22:32:48 honeypot-sgp-1 sshd[4184]: Invalid user ubnt from 31.184.198.71 port 41834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:09.315Z","@version":"1","message":"Sep 10 22:33:08 honeypot-sgp-1 sshd[4191]: Disconnecting invalid user user 31.184.198.71 port 12620: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:32.325Z","@version":"1","message":"Sep 10 22:33:32 honeypot-sgp-1 sshd[4197]: Disconnecting invalid user Admin 31.184.198.71 port 9219: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:33:53.336Z","@version":"1","message":"Sep 10 22:33:53 honeypot-sgp-1 sshd[4203]: Disconnecting invalid user 0 31.184.198.71 port 50752: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:34:11.345Z","@version":"1","message":"Sep 10 22:34:10 honeypot-sgp-1 sshd[4209]: Disconnecting invalid user admin 31.184.198.71 port 50438: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:40:34.489Z","@version":"1","message":"Sep 10 22:40:34 honeypot-sgp-1 kernel: [83725747.894885] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.209.229 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=18728 PROTO=TCP SPT=25075 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 22:44:01 honeypot-ams-1 kernel: [83726427.515704] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.214.43.215 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57684 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:44:02.345Z"}
{"@timestamp":"2022-09-10T22:45:34.607Z","@version":"1","message":"Sep 10 22:45:34 honeypot-sgp-1 sshd[4218]: Did not receive identification string from 104.152.52.104 port 49933","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T22:48:48.682Z","@version":"1","message":"Sep 10 22:48:48 honeypot-sgp-1 kernel: [83726242.078828] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.40.82 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5985 PROTO=TCP SPT=47333 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:49:46 honeypot-fra-1 kernel: [83724618.872013] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.167 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56925 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T22:49:47.467Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:52:25 honeypot-ams-1 sshd[8151]: Received disconnect from 80.76.51.41 port 59026:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:52:26.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:52:55 honeypot-ams-1 sshd[8155]: Received disconnect from 80.76.51.41 port 45472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:52:55.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:53:23 honeypot-ams-1 sshd[8161]: Received disconnect from 80.76.51.41 port 60192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:53:23.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:04 honeypot-ams-1 sshd[8167]: Received disconnect from 80.76.51.41 port 53928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:54:04.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:54:41 honeypot-fra-1 kernel: [83724913.927381] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.145.63.181 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=14548 DF PROTO=TCP SPT=47705 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-10T22:54:42.579Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:54:45 honeypot-ams-1 sshd[8173]: Received disconnect from 80.76.51.41 port 47730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:54:45.636Z"}
{"@timestamp":"2022-09-10T22:54:51.831Z","@version":"1","message":"Sep 10 22:54:50 honeypot-sgp-1 kernel: [83726604.661332] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=18.194.17.5 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=226 ID=34748 DF PROTO=TCP SPT=50202 DPT=443 WINDOW=62727 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 22:55:12 honeypot-ams-1 sshd[8177]: Received disconnect from 80.76.51.41 port 33954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T22:55:13.651Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 22:58:26 honeypot-fra-1 sshd[30894]: Disconnected from 159.223.164.107 port 33200 [preauth]","@timestamp":"2022-09-10T22:58:27.665Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:00:08 honeypot-ams-1 sshd[8184]: Received disconnect from 61.177.172.124 port 64693:11:  [preauth]","@timestamp":"2022-09-10T23:00:08.779Z"}
{"@timestamp":"2022-09-10T23:00:59.970Z","@version":"1","message":"Sep 10 23:00:59 honeypot-sgp-1 sshd[4228]: Invalid user user from 45.61.186.249 port 53794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:01:19 honeypot-fra-1 sshd[30899]: Disconnected from invalid user ka 165.22.45.108 port 38926 [preauth]","@timestamp":"2022-09-10T23:01:19.733Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-10T23:01:19.998Z","@version":"1","message":"Sep 10 23:01:19 honeypot-sgp-1 sshd[4232]: Invalid user user from 45.61.186.249 port 48862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-10T23:01:39.007Z","@version":"1","message":"Sep 10 23:01:38 honeypot-sgp-1 sshd[4236]: Invalid user user from 45.61.186.249 port 43884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:05:49 honeypot-ams-1 sshd[8187]: Disconnected from authenticating user root 61.177.173.49 port 14423 [preauth]","@timestamp":"2022-09-10T23:05:49.929Z"}
{"@timestamp":"2022-09-10T23:07:37.143Z","@version":"1","message":"Sep 10 23:07:36 honeypot-sgp-1 sshd[4241]: Received disconnect from 43.155.65.44 port 49454:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:08:37 honeypot-fra-1 kernel: [83725749.757944] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63452 PROTO=TCP SPT=51255 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:08:37.961Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T23:10:08.201Z","@version":"1","message":"Sep 10 23:10:07 honeypot-sgp-1 kernel: [83727521.591127] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39533 PROTO=TCP SPT=16862 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 10 23:10:52 honeypot-ams-1 kernel: [83728038.318447] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.92.32.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=10382 PROTO=TCP SPT=51451 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:10:53.063Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:17:01 honeypot-ams-1 CRON[8197]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-10T23:17:02.224Z"}
{"@timestamp":"2022-09-10T23:17:51.399Z","@version":"1","message":"Sep 10 23:17:50 honeypot-sgp-1 sshd[4251]: Received disconnect from 105.159.249.53 port 17137:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:08 honeypot-ams-1 sshd[8203]: Disconnected from authenticating user root 80.76.51.46 port 51408 [preauth]","@timestamp":"2022-09-10T23:19:09.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:19:39 honeypot-ams-1 sshd[8210]: Disconnected from authenticating user root 80.76.51.46 port 47788 [preauth]","@timestamp":"2022-09-10T23:19:40.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:20:21 honeypot-ams-1 sshd[8216]: Disconnected from authenticating user root 80.76.51.46 port 42284 [preauth]","@timestamp":"2022-09-10T23:20:22.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:20:49 honeypot-ams-1 sshd[8222]: Received disconnect from 80.76.51.46 port 38638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:20:50.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:21:32 honeypot-ams-1 sshd[8228]: Received disconnect from 80.76.51.46 port 33186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-10T23:21:32.373Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:22:23 honeypot-fra-1 kernel: [83726575.852677] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35645 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:22:24.286Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:30:49 honeypot-ams-1 sshd[8237]: Received disconnect from 61.177.173.35 port 29639:11:  [preauth]","@timestamp":"2022-09-10T23:30:50.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:32:50 honeypot-ams-1 sshd[8244]: Disconnected from authenticating user root 61.177.173.37 port 22282 [preauth]","@timestamp":"2022-09-10T23:32:50.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:33:52 honeypot-ams-1 sshd[8250]: Invalid user support from 80.76.51.189 port 58256","@timestamp":"2022-09-10T23:33:53.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:34:09 honeypot-fra-1 sshd[30917]: Invalid user alimov from 37.187.146.134 port 39428","@timestamp":"2022-09-10T23:34:09.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:35:00 honeypot-ams-1 sshd[8254]: Connection closed by 80.76.51.189 port 32932 [preauth]","@timestamp":"2022-09-10T23:35:00.725Z"}
{"@timestamp":"2022-09-10T23:37:29.856Z","@version":"1","message":"Sep 10 23:37:29 honeypot-sgp-1 sshd[4257]: Received disconnect from 92.255.85.70 port 25936:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:05 honeypot-ams-1 sshd[8261]: Disconnecting authenticating user root 18.140.57.224 port 42788: Too many authentication failures [preauth]","@timestamp":"2022-09-10T23:39:05.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:12 honeypot-ams-1 sshd[8267]: Invalid user admin from 18.140.57.224 port 42822","@timestamp":"2022-09-10T23:39:12.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:17 honeypot-ams-1 sshd[8271]: Invalid user oracle from 18.140.57.224 port 42846","@timestamp":"2022-09-10T23:39:18.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:23 honeypot-ams-1 sshd[8275]: Invalid user oracle from 18.140.57.224 port 42864","@timestamp":"2022-09-10T23:39:23.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:29 honeypot-ams-1 sshd[8279]: Invalid user usuario from 18.140.57.224 port 42884","@timestamp":"2022-09-10T23:39:29.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:34 honeypot-ams-1 sshd[8283]: Invalid user test from 18.140.57.224 port 42904","@timestamp":"2022-09-10T23:39:34.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:40 honeypot-ams-1 sshd[8287]: Invalid user test from 18.140.57.224 port 42924","@timestamp":"2022-09-10T23:39:40.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:45 honeypot-ams-1 sshd[8291]: Invalid user user from 18.140.57.224 port 42946","@timestamp":"2022-09-10T23:39:45.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:50 honeypot-ams-1 sshd[8295]: Invalid user ftpuser from 18.140.57.224 port 42960","@timestamp":"2022-09-10T23:39:51.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:39:56 honeypot-ams-1 sshd[8299]: Invalid user ftpuser from 18.140.57.224 port 42980","@timestamp":"2022-09-10T23:39:56.866Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:02 honeypot-ams-1 sshd[8303]: Invalid user test1 from 18.140.57.224 port 42992","@timestamp":"2022-09-10T23:40:02.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:40:06 honeypot-fra-1 sshd[30920]: Disconnected from invalid user test 92.255.85.69 port 28102 [preauth]","@timestamp":"2022-09-10T23:40:07.681Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:07 honeypot-ams-1 sshd[8307]: Invalid user test2 from 18.140.57.224 port 43004","@timestamp":"2022-09-10T23:40:07.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:13 honeypot-ams-1 sshd[8311]: Invalid user test2 from 18.140.57.224 port 43026","@timestamp":"2022-09-10T23:40:13.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:18 honeypot-ams-1 sshd[8315]: Invalid user ubuntu from 18.140.57.224 port 43036","@timestamp":"2022-09-10T23:40:18.881Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:24 honeypot-ams-1 sshd[8319]: Invalid user ubuntu from 18.140.57.224 port 43058","@timestamp":"2022-09-10T23:40:24.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:40:28 honeypot-ams-1 sshd[8323]: Invalid user pi from 18.140.57.224 port 43066","@timestamp":"2022-09-10T23:40:28.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:41:31 honeypot-ams-1 sshd[8327]: Received disconnect from 61.177.172.19 port 51850:11:  [preauth]","@timestamp":"2022-09-10T23:41:31.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:43:13 honeypot-ams-1 sshd[8333]: Disconnected from authenticating user root 61.177.173.36 port 16530 [preauth]","@timestamp":"2022-09-10T23:43:13.962Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:46:27 honeypot-ams-1 sshd[8339]: Received disconnect from 35.216.73.53 port 52660:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:46:28.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:49:10 honeypot-ams-1 sshd[8345]: Disconnected from authenticating user root 61.177.173.46 port 12103 [preauth]","@timestamp":"2022-09-10T23:49:11.127Z"}
{"@timestamp":"2022-09-10T23:51:13.198Z","@version":"1","message":"Sep 10 23:51:12 honeypot-sgp-1 sshd[4260]: Invalid user homekit from 164.92.117.121 port 51234","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:52:35 honeypot-ams-1 sshd[8353]: Received disconnect from 103.3.247.120 port 47708:11: Bye Bye [preauth]","@timestamp":"2022-09-10T23:52:36.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:53:23 honeypot-ams-1 sshd[8359]: Disconnected from invalid user baxi 195.158.21.214 port 45182 [preauth]","@timestamp":"2022-09-10T23:53:24.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 10 23:55:45 honeypot-fra-1 kernel: [83728577.526532] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.129 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=7121 PROTO=TCP SPT=4025 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-10T23:55:46.025Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-10T23:58:57.369Z","@version":"1","message":"Sep 10 23:58:56 honeypot-sgp-1 sshd[4265]: Received disconnect from 92.255.85.69 port 28750:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 10 23:59:35 honeypot-ams-1 sshd[8364]: Disconnected from authenticating user root 61.177.173.49 port 54788 [preauth]","@timestamp":"2022-09-10T23:59:35.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:00:32 honeypot-fra-1 sshd[30928]: Received disconnect from 92.255.85.70 port 39982:11: Bye Bye [preauth]","@timestamp":"2022-09-11T00:00:33.137Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:03:51 honeypot-ams-1 kernel: [83731217.282439] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.211.241.141 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=8776 DF PROTO=TCP SPT=32775 DPT=80 WINDOW=0 RES=0x00 ACK RST URGP=0 ","@timestamp":"2022-09-11T00:03:51.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:04:19 honeypot-fra-1 sshd[30931]: Disconnected from invalid user karen1 165.22.45.108 port 49092 [preauth]","@timestamp":"2022-09-11T00:04:20.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:04 honeypot-ams-1 sshd[8372]: Invalid user user from 141.255.162.226 port 44126","@timestamp":"2022-09-11T00:06:04.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:07 honeypot-ams-1 sshd[8376]: Invalid user user from 141.255.162.226 port 58718","@timestamp":"2022-09-11T00:06:07.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:06:12 honeypot-ams-1 sshd[8380]: Invalid user user from 141.255.162.226 port 52368","@timestamp":"2022-09-11T00:06:13.601Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:12:06 honeypot-ams-1 kernel: [83731712.498433] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.156 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36357 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:12:06.762Z"}
{"@timestamp":"2022-09-11T00:16:11.769Z","@version":"1","message":"Sep 11 00:16:11 honeypot-sgp-1 sshd[4271]: Connection closed by invalid user ubuntu 103.188.176.251 port 51010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:17:01 honeypot-fra-1 CRON[30953]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T00:17:01.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:19:05 honeypot-ams-1 kernel: [83732131.161146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=42057 PROTO=TCP SPT=55525 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:19:05.948Z"}
{"@timestamp":"2022-09-11T00:19:57.859Z","@version":"1","message":"Sep 11 00:19:57 honeypot-sgp-1 sshd[4278]: Received disconnect from 143.244.158.100 port 34598:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:21:44.904Z","@version":"1","message":"Sep 11 00:21:44 honeypot-sgp-1 sshd[4285]: Received disconnect from 143.244.158.100 port 38620:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:22:33.925Z","@version":"1","message":"Sep 11 00:22:33 honeypot-sgp-1 sshd[4289]: Disconnected from authenticating user root 143.244.158.100 port 39276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:22:44 honeypot-ams-1 sshd[8394]: Disconnected from authenticating user root 61.177.172.19 port 62299 [preauth]","@timestamp":"2022-09-11T00:22:45.050Z"}
{"@timestamp":"2022-09-11T00:24:52.983Z","@version":"1","message":"Sep 11 00:24:52 honeypot-sgp-1 sshd[4726]: Received disconnect from 94.75.123.43 port 38642:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:26:36.025Z","@version":"1","message":"Sep 11 00:26:35 honeypot-sgp-1 sshd[4734]: Received disconnect from 143.244.158.100 port 35304:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:27:38 honeypot-ams-1 sshd[8399]: Received disconnect from 92.255.85.69 port 62854:11: Bye Bye [preauth]","@timestamp":"2022-09-11T00:27:39.182Z"}
{"@timestamp":"2022-09-11T00:28:58.082Z","@version":"1","message":"Sep 11 00:28:57 honeypot-sgp-1 sshd[4740]: Received disconnect from 143.244.158.100 port 41172:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:31:23.141Z","@version":"1","message":"Sep 11 00:31:22 honeypot-sgp-1 sshd[4746]: Received disconnect from 143.244.158.100 port 52874:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 00:32:11 honeypot-ams-1 kernel: [83732917.639762] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.137 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=61289 PROTO=TCP SPT=9058 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:32:12.305Z"}
{"@timestamp":"2022-09-11T00:33:05.183Z","@version":"1","message":"Sep 11 00:33:04 honeypot-sgp-1 sshd[4751]: Disconnected from authenticating user root 143.244.158.100 port 38298 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:33:26 honeypot-fra-1 kernel: [83730838.009711] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=65481 PROTO=TCP SPT=55827 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T00:33:26.869Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T00:35:28.242Z","@version":"1","message":"Sep 11 00:35:28 honeypot-sgp-1 sshd[4757]: Received disconnect from 143.244.158.100 port 39484:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:37:26 honeypot-ams-1 sshd[8409]: Connection closed by invalid user User 124.65.142.62 port 34512 [preauth]","@timestamp":"2022-09-11T00:37:26.444Z"}
{"@timestamp":"2022-09-11T00:37:50.300Z","@version":"1","message":"Sep 11 00:37:49 honeypot-sgp-1 sshd[4764]: Received disconnect from 143.244.158.100 port 43742:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:39:21.338Z","@version":"1","message":"Sep 11 00:39:20 honeypot-sgp-1 kernel: [83732874.042871] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39509 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:40:58.397Z","@version":"1","message":"Sep 11 00:40:57 honeypot-sgp-1 sshd[4774]: Disconnected from authenticating user root 143.244.158.100 port 50862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:43:19.455Z","@version":"1","message":"Sep 11 00:43:19 honeypot-sgp-1 sshd[4781]: Disconnected from authenticating user root 143.244.158.100 port 54554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:44:52 honeypot-ams-1 sshd[8419]: Disconnected from authenticating user root 61.177.172.90 port 12176 [preauth]","@timestamp":"2022-09-11T00:44:52.637Z"}
{"@timestamp":"2022-09-11T00:45:47.516Z","@version":"1","message":"Sep 11 00:45:46 honeypot-sgp-1 sshd[4788]: Disconnected from authenticating user root 143.244.158.100 port 58308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:46:38 honeypot-fra-1 sshd[30965]: Disconnected from invalid user nagios 14.32.0.111 port 42826 [preauth]","@timestamp":"2022-09-11T00:46:39.164Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:46:57.547Z","@version":"1","message":"Sep 11 00:46:57 honeypot-sgp-1 sshd[4794]: Disconnected from authenticating user root 167.71.131.111 port 52146 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:48:55.595Z","@version":"1","message":"Sep 11 00:48:54 honeypot-sgp-1 sshd[4801]: Disconnected from authenticating user root 143.244.158.100 port 37152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:50:29.635Z","@version":"1","message":"Sep 11 00:50:29 honeypot-sgp-1 sshd[4805]: Disconnected from authenticating user root 143.244.158.100 port 47690 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:50:35 honeypot-ams-1 sshd[8428]: Connection closed by invalid user test 193.106.191.157 port 42310 [preauth]","@timestamp":"2022-09-11T00:50:35.792Z"}
{"@timestamp":"2022-09-11T00:52:55.695Z","@version":"1","message":"Sep 11 00:52:55 honeypot-sgp-1 sshd[4811]: Received disconnect from 143.244.158.100 port 36618:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:53:48 honeypot-ams-1 sshd[8434]: Disconnected from invalid user user 45.61.186.169 port 51500 [preauth]","@timestamp":"2022-09-11T00:53:48.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:06 honeypot-ams-1 sshd[8438]: Disconnected from invalid user user 45.61.186.169 port 46502 [preauth]","@timestamp":"2022-09-11T00:54:06.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:23 honeypot-ams-1 sshd[8442]: Received disconnect from 45.61.186.169 port 41504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T00:54:23.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:54:38 honeypot-ams-1 sshd[8446]: Invalid user user from 45.61.186.169 port 36560","@timestamp":"2022-09-11T00:54:38.907Z"}
{"@timestamp":"2022-09-11T00:55:27.756Z","@version":"1","message":"Sep 11 00:55:27 honeypot-sgp-1 sshd[4818]: Received disconnect from 143.244.158.100 port 58824:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 00:56:34 honeypot-ams-1 sshd[8449]: Disconnected from authenticating user root 61.177.173.47 port 10793 [preauth]","@timestamp":"2022-09-11T00:56:34.960Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 00:57:01 honeypot-fra-1 CRON[30970]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T00:57:02.398Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T00:57:05.797Z","@version":"1","message":"Sep 11 00:57:05 honeypot-sgp-1 sshd[4825]: Received disconnect from 143.244.158.100 port 58114:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T00:59:33.856Z","@version":"1","message":"Sep 11 00:59:33 honeypot-sgp-1 sshd[4831]: Received disconnect from 143.244.158.100 port 56376:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:02:06.918Z","@version":"1","message":"Sep 11 01:02:06 honeypot-sgp-1 sshd[4838]: Received disconnect from 143.244.158.100 port 49912:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:02:54.939Z","@version":"1","message":"Sep 11 01:02:54 honeypot-sgp-1 sshd[4842]: Disconnected from authenticating user root 143.244.158.100 port 55556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:07:27 honeypot-fra-1 sshd[30976]: Received disconnect from 165.22.45.108 port 60002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:07:27.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:07:59 honeypot-ams-1 kernel: [83735065.724290] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.159 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=32447 PROTO=TCP SPT=52593 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:08:00.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:09:01 honeypot-ams-1 sshd[8467]: Disconnected from authenticating user root 61.177.173.46 port 38911 [preauth]","@timestamp":"2022-09-11T01:09:02.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:04 honeypot-ams-1 sshd[8472]: Received disconnect from 80.76.51.41 port 38698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T01:12:04.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:12:27 honeypot-fra-1 sshd[30983]: Invalid user test from 193.106.191.157 port 40508","@timestamp":"2022-09-11T01:12:28.742Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:12:31 honeypot-ams-1 sshd[8476]: Disconnected from authenticating user root 80.76.51.41 port 48544 [preauth]","@timestamp":"2022-09-11T01:12:32.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:13:07 honeypot-ams-1 sshd[8483]: Disconnected from authenticating user root 80.76.51.41 port 35042 [preauth]","@timestamp":"2022-09-11T01:13:07.409Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:13:45 honeypot-ams-1 sshd[8489]: Disconnected from authenticating user root 80.76.51.41 port 49890 [preauth]","@timestamp":"2022-09-11T01:13:46.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:14:10 honeypot-ams-1 sshd[8493]: Disconnected from invalid user user 80.76.51.41 port 59730 [preauth]","@timestamp":"2022-09-11T01:14:11.442Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:14:50 honeypot-ams-1 sshd[8497]: Disconnected from authenticating user root 92.255.85.70 port 15900 [preauth]","@timestamp":"2022-09-11T01:14:51.461Z"}
{"@timestamp":"2022-09-11T01:17:01.267Z","@version":"1","message":"Sep 11 01:17:01 honeypot-sgp-1 CRON[4853]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:20.275Z","@version":"1","message":"Sep 11 01:17:19 honeypot-sgp-1 sshd[4858]: Received disconnect from 45.61.186.249 port 32926:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:38.284Z","@version":"1","message":"Sep 11 01:17:38 honeypot-sgp-1 sshd[4862]: Invalid user user from 45.61.186.249 port 56296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:17:57.293Z","@version":"1","message":"Sep 11 01:17:56 honeypot-sgp-1 sshd[4866]: Invalid user user from 45.61.186.249 port 51440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T01:18:07.298Z","@version":"1","message":"Sep 11 01:18:06 honeypot-sgp-1 kernel: [83735200.378138] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=49508 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 01:22:12 honeypot-ams-1 kernel: [83735918.065423] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.171.162.40 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=16174 PROTO=TCP SPT=15518 DPT=80 WINDOW=32214 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:22:12.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:28:05 honeypot-fra-1 sshd[30992]: Invalid user  from 64.62.197.197 port 15660","@timestamp":"2022-09-11T01:28:06.094Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:28:11 honeypot-ams-1 sshd[8516]: Disconnected from authenticating user root 61.177.173.39 port 52576 [preauth]","@timestamp":"2022-09-11T01:28:11.813Z"}
{"@timestamp":"2022-09-11T01:30:10.576Z","@version":"1","message":"Sep 11 01:30:10 honeypot-sgp-1 kernel: [83735924.044645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=35703 PROTO=TCP SPT=48143 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:36:07 honeypot-fra-1 sshd[30997]: Disconnected from authenticating user root 92.255.85.70 port 43112 [preauth]","@timestamp":"2022-09-11T01:36:08.271Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:38:25 honeypot-ams-1 sshd[8524]: Disconnected from authenticating user root 61.177.173.36 port 64795 [preauth]","@timestamp":"2022-09-11T01:38:26.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:40:18 honeypot-fra-1 sshd[31003]: Connection closed by invalid user User 189.216.254.136 port 41866 [preauth]","@timestamp":"2022-09-11T01:40:18.368Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:44:42 honeypot-ams-1 sshd[8531]: Received disconnect from 61.177.173.49 port 26191:11:  [preauth]","@timestamp":"2022-09-11T01:44:43.262Z"}
{"@timestamp":"2022-09-11T01:46:01.942Z","@version":"1","message":"Sep 11 01:46:00 honeypot-sgp-1 kernel: [83736874.565038] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=18336 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:49:37 honeypot-ams-1 sshd[8538]: Received disconnect from 61.177.172.114 port 33015:11:  [preauth]","@timestamp":"2022-09-11T01:49:37.392Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:50:12 honeypot-fra-1 kernel: [83735443.692989] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=2382 PROTO=TCP SPT=32374 DPT=443 WINDOW=62958 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T01:50:12.595Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T01:53:49.128Z","@version":"1","message":"Sep 11 01:53:48 honeypot-sgp-1 sshd[4886]: Invalid user postgres from 45.249.247.148 port 60494","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:55:04 honeypot-fra-1 sshd[31013]: Invalid user user5 from 187.190.40.6 port 54970","@timestamp":"2022-09-11T01:55:04.708Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:56:33 honeypot-ams-1 sshd[8543]: Invalid user test from 193.106.191.157 port 54160","@timestamp":"2022-09-11T01:56:33.574Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 01:57:52 honeypot-fra-1 sshd[31016]: Disconnected from invalid user user 101.231.146.34 port 57850 [preauth]","@timestamp":"2022-09-11T01:57:52.772Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T01:59:08.279Z","@version":"1","message":"Sep 11 01:59:08 honeypot-sgp-1 kernel: [83737661.607781] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.0.77.75 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=34103 DF PROTO=TCP SPT=14299 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 01:59:08 honeypot-ams-1 sshd[8547]: Disconnected from authenticating user root 61.177.173.39 port 12446 [preauth]","@timestamp":"2022-09-11T01:59:09.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:01:51 honeypot-ams-1 sshd[8553]: Disconnected from authenticating user root 92.255.85.70 port 26184 [preauth]","@timestamp":"2022-09-11T02:01:51.722Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:07:47 honeypot-ams-1 kernel: [83738653.516536] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=56258 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:07:47.884Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:10:04 honeypot-fra-1 kernel: [83736636.150495] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.94 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39677 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:10:05.050Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:11:37 honeypot-ams-1 sshd[8569]: Received disconnect from 189.5.124.232 port 48950:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:11:37.989Z"}
{"@timestamp":"2022-09-11T02:11:39.594Z","@version":"1","message":"Sep 11 02:11:39 honeypot-sgp-1 kernel: [83738412.746987] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.92 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=2908 PROTO=TCP SPT=41530 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:14:14 honeypot-fra-1 kernel: [83736886.161857] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=40798 PROTO=TCP SPT=25897 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:14:15.149Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T02:17:57.746Z","@version":"1","message":"Sep 11 02:17:56 honeypot-sgp-1 sshd[4901]: Received disconnect from 45.61.186.249 port 33928:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:15.755Z","@version":"1","message":"Sep 11 02:18:14 honeypot-sgp-1 sshd[4905]: Received disconnect from 45.61.186.249 port 56774:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:32.764Z","@version":"1","message":"Sep 11 02:18:31 honeypot-sgp-1 sshd[4910]: Received disconnect from 45.61.186.249 port 51456:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:18:49.773Z","@version":"1","message":"Sep 11 02:18:49 honeypot-sgp-1 sshd[4914]: Received disconnect from 45.61.186.249 port 46096:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:20:47 honeypot-ams-1 sshd[8579]: Received disconnect from 61.177.172.104 port 27940:11:  [preauth]","@timestamp":"2022-09-11T02:20:48.259Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:22:04 honeypot-fra-1 sshd[31034]: Disconnected from authenticating user root 92.255.85.70 port 38440 [preauth]","@timestamp":"2022-09-11T02:22:04.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:25:08 honeypot-ams-1 sshd[8586]: Invalid user monitor from 139.226.68.213 port 34206","@timestamp":"2022-09-11T02:25:09.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:28:35 honeypot-ams-1 sshd[8592]: Received disconnect from 61.177.173.49 port 57776:11:  [preauth]","@timestamp":"2022-09-11T02:28:35.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:30:25 honeypot-ams-1 sshd[8597]: Invalid user admin from 61.199.47.58 port 62550","@timestamp":"2022-09-11T02:30:25.528Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:34:12 honeypot-fra-1 sshd[31042]: Disconnected from authenticating user root 178.128.91.244 port 40820 [preauth]","@timestamp":"2022-09-11T02:34:13.600Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:34:16.139Z","@version":"1","message":"Sep 11 02:34:15 honeypot-sgp-1 kernel: [83739769.235884] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=59263 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:37:06 honeypot-ams-1 sshd[8602]: Disconnected from authenticating user root 61.177.173.50 port 19215 [preauth]","@timestamp":"2022-09-11T02:37:06.714Z"}
{"@timestamp":"2022-09-11T02:40:16.283Z","@version":"1","message":"Sep 11 02:40:16 honeypot-sgp-1 sshd[4928]: Invalid user user from 45.61.186.49 port 59260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T02:40:28.289Z","@version":"1","message":"Sep 11 02:40:27 honeypot-sgp-1 sshd[4932]: Invalid user user from 45.61.186.49 port 42540","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:44:02 honeypot-fra-1 sshd[31049]: Invalid user pi from 79.248.107.21 port 59516","@timestamp":"2022-09-11T02:44:03.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:44:41 honeypot-fra-1 sshd[31053]: Disconnected from authenticating user root 92.255.85.70 port 18502 [preauth]","@timestamp":"2022-09-11T02:44:41.847Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T02:45:21.405Z","@version":"1","message":"Sep 11 02:45:20 honeypot-sgp-1 kernel: [83740434.211961] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=38.132.109.117 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48005 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:48:20 honeypot-ams-1 sshd[8611]: Disconnected from authenticating user root 92.255.85.69 port 18480 [preauth]","@timestamp":"2022-09-11T02:48:21.017Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:52:39 honeypot-fra-1 sshd[31059]: Received disconnect from 201.71.186.82 port 40224:11: Bye Bye [preauth]","@timestamp":"2022-09-11T02:52:40.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:53:00 honeypot-ams-1 kernel: [83741366.477508] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.72.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=17236 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:53:01.150Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:54:34 honeypot-ams-1 sshd[8620]: Received disconnect from 61.177.173.49 port 29510:11:  [preauth]","@timestamp":"2022-09-11T02:54:34.195Z"}
{"@timestamp":"2022-09-11T02:57:18.712Z","@version":"1","message":"Sep 11 02:57:18 honeypot-sgp-1 sshd[4943]: Connection closed by invalid user yujun 137.116.144.39 port 59996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 02:57:27 honeypot-ams-1 kernel: [83741633.602810] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=44748 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:57:28.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 02:58:46 honeypot-fra-1 kernel: [83739557.606016] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=38.132.109.117 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=45129 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T02:58:46.162Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:22 honeypot-ams-1 sshd[8630]: Invalid user user from 141.255.162.226 port 47058","@timestamp":"2022-09-11T02:59:23.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:25 honeypot-ams-1 sshd[8634]: Invalid user user from 141.255.162.226 port 40032","@timestamp":"2022-09-11T02:59:26.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 02:59:29 honeypot-ams-1 sshd[8638]: Invalid user user from 141.255.162.226 port 54170","@timestamp":"2022-09-11T02:59:30.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:02:11 honeypot-ams-1 sshd[8642]: Invalid user test from 193.106.191.157 port 37712","@timestamp":"2022-09-11T03:02:12.410Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:18 honeypot-ams-1 sshd[8648]: Invalid user user from 45.61.187.160 port 41394","@timestamp":"2022-09-11T03:05:18.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:38 honeypot-ams-1 sshd[8652]: Invalid user user from 45.61.187.160 port 36156","@timestamp":"2022-09-11T03:05:38.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:05:57 honeypot-ams-1 sshd[8656]: Invalid user user from 45.61.187.160 port 59092","@timestamp":"2022-09-11T03:05:57.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:06:15 honeypot-ams-1 sshd[8660]: Invalid user user from 45.61.187.160 port 53828","@timestamp":"2022-09-11T03:06:15.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:11:25 honeypot-ams-1 sshd[8665]: Received disconnect from 92.255.85.70 port 53906:11: Bye Bye [preauth]","@timestamp":"2022-09-11T03:11:26.679Z"}
{"@timestamp":"2022-09-11T03:12:00.056Z","@version":"1","message":"Sep 11 03:11:59 honeypot-sgp-1 sshd[4950]: Invalid user javira from 139.59.23.154 port 34958","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:15:31.139Z","@version":"1","message":"Sep 11 03:15:30 honeypot-sgp-1 kernel: [83742244.492284] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.204.28 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50193 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:15:54 honeypot-ams-1 kernel: [83742740.556602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=50395 PROTO=TCP SPT=45204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:15:54.796Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:16:28 honeypot-fra-1 kernel: [83740619.679640] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.218.165 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38643 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:16:28.546Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T03:20:14.252Z","@version":"1","message":"Sep 11 03:20:14 honeypot-sgp-1 sshd[4961]: Disconnected from invalid user user 198.98.61.9 port 44492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:20:36.263Z","@version":"1","message":"Sep 11 03:20:36 honeypot-sgp-1 sshd[4965]: Disconnected from invalid user user 198.98.61.9 port 38658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:20:57.273Z","@version":"1","message":"Sep 11 03:20:56 honeypot-sgp-1 sshd[4969]: Disconnected from invalid user user 198.98.61.9 port 32812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:21:13.280Z","@version":"1","message":"Sep 11 03:21:12 honeypot-sgp-1 sshd[4973]: Disconnected from invalid user user 198.98.61.9 port 55216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:24:18 honeypot-fra-1 sshd[31074]: Connection closed by 167.248.133.60 port 38678 [preauth]","@timestamp":"2022-09-11T03:24:19.720Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:25:34.385Z","@version":"1","message":"Sep 11 03:25:33 honeypot-sgp-1 sshd[4979]: Received disconnect from 45.61.186.49 port 50342:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:25:44.390Z","@version":"1","message":"Sep 11 03:25:44 honeypot-sgp-1 sshd[4983]: Received disconnect from 45.61.186.49 port 33780:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:26:42 honeypot-ams-1 sshd[8682]: Received disconnect from 61.177.172.124 port 18244:11:  [preauth]","@timestamp":"2022-09-11T03:26:43.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:30:19 honeypot-ams-1 sshd[8687]: Disconnected from authenticating user root 61.177.172.108 port 64043 [preauth]","@timestamp":"2022-09-11T03:30:20.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:32:29 honeypot-fra-1 sshd[31081]: Received disconnect from 92.255.85.69 port 35842:11: Bye Bye [preauth]","@timestamp":"2022-09-11T03:32:29.902Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:34:28.598Z","@version":"1","message":"Sep 11 03:34:28 honeypot-sgp-1 kernel: [83743381.507492] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.31 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47125 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 03:34:39 honeypot-ams-1 kernel: [83743864.996088] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=35218 PROTO=TCP SPT=61509 DPT=80 WINDOW=45325 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T03:34:39.296Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:44:29 honeypot-fra-1 sshd[31089]: Did not receive identification string from 101.33.218.153 port 33633","@timestamp":"2022-09-11T03:44:30.161Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T03:47:46.917Z","@version":"1","message":"Sep 11 03:47:46 honeypot-sgp-1 kernel: [83744180.195322] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.93.144.180 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=57077 PROTO=TCP SPT=47866 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T03:50:18.981Z","@version":"1","message":"Sep 11 03:50:18 honeypot-sgp-1 kernel: [83744332.303059] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=8255 PROTO=TCP SPT=49663 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:51:05 honeypot-fra-1 sshd[31117]: Disconnected from invalid user Katie 165.22.45.108 port 56230 [preauth]","@timestamp":"2022-09-11T03:51:06.306Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:52:55 honeypot-ams-1 sshd[8704]: Received disconnect from 61.177.173.47 port 49076:11:  [preauth]","@timestamp":"2022-09-11T03:52:55.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 03:57:50 honeypot-ams-1 sshd[8708]: Received disconnect from 92.255.85.69 port 56048:11: Bye Bye [preauth]","@timestamp":"2022-09-11T03:57:50.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:58:57 honeypot-fra-1 sshd[31124]: Connection closed by invalid user admin 51.79.224.191 port 57224 [preauth]","@timestamp":"2022-09-11T03:58:58.478Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 03:59:00 honeypot-fra-1 sshd[31130]: Connection closed by invalid user admin 51.79.224.191 port 57254 [preauth]","@timestamp":"2022-09-11T03:59:01.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:00:58.250Z","@version":"1","message":"Sep 11 04:00:57 honeypot-sgp-1 sshd[5000]: Did not receive identification string from 45.61.184.204 port 34458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:01:34.266Z","@version":"1","message":"Sep 11 04:01:33 honeypot-sgp-1 sshd[5003]: Disconnected from invalid user user 45.61.184.204 port 35868 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:01:54.277Z","@version":"1","message":"Sep 11 04:01:53 honeypot-sgp-1 sshd[5007]: Disconnected from invalid user user 45.61.184.204 port 60018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:02:12.285Z","@version":"1","message":"Sep 11 04:02:11 honeypot-sgp-1 sshd[5011]: Disconnected from invalid user user 45.61.184.204 port 55928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:03:58 honeypot-fra-1 sshd[31135]: Invalid user user from 121.5.54.92 port 43246","@timestamp":"2022-09-11T04:03:59.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:04:20 honeypot-ams-1 sshd[8714]: Disconnected from authenticating user root 201.163.1.66 port 47554 [preauth]","@timestamp":"2022-09-11T04:04:21.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:06:38 honeypot-ams-1 sshd[8721]: Received disconnect from 43.134.197.174 port 43436:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:06:39.167Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:07:02 honeypot-fra-1 kernel: [83743653.582630] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=60409 PROTO=TCP SPT=46906 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:07:02.673Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:09:15 honeypot-ams-1 sshd[8726]: Disconnected from 143.110.236.239 port 36080 [preauth]","@timestamp":"2022-09-11T04:09:16.237Z"}
{"@timestamp":"2022-09-11T04:10:23.487Z","@version":"1","message":"Sep 11 04:10:22 honeypot-sgp-1 kernel: [83745536.067070] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20888 PROTO=TCP SPT=28910 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:11:58 honeypot-ams-1 kernel: [83746104.136346] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=31.163.107.127 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=61697 PROTO=TCP SPT=53605 DPT=80 WINDOW=39205 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:11:59.312Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:17:01 honeypot-fra-1 CRON[31149]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T04:17:01.896Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:19:57 honeypot-fra-1 sshd[31155]: Disconnected from authenticating user root 92.255.85.69 port 15996 [preauth]","@timestamp":"2022-09-11T04:19:57.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:20:20 honeypot-ams-1 kernel: [83746605.874904] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=45250 PROTO=TCP SPT=51700 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:20:20.543Z"}
{"@timestamp":"2022-09-11T04:21:57.785Z","@version":"1","message":"Sep 11 04:21:57 honeypot-sgp-1 sshd[5024]: Invalid user admin from 128.199.160.207 port 20426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T04:21:57.785Z","@version":"1","message":"Sep 11 04:21:57 honeypot-sgp-1 sshd[5030]: Invalid user admin from 128.199.160.207 port 20460","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:24:02 honeypot-fra-1 sshd[31159]: Received disconnect from 165.22.45.108 port 32786:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T04:24:03.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:26:58 honeypot-fra-1 sshd[31164]: Connection closed by invalid user devmgr 141.98.10.158 port 37744 [preauth]","@timestamp":"2022-09-11T04:26:59.121Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:27:17 honeypot-ams-1 sshd[8740]: Received disconnect from 201.217.143.51 port 20896:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:27:18.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:29:02 honeypot-fra-1 kernel: [83744973.384695] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.180.224.103 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=50900 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:29:02.170Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:34:31 honeypot-ams-1 sshd[8745]: Invalid user tf2 from 20.40.73.192 port 47180","@timestamp":"2022-09-11T04:34:31.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:34:54 honeypot-ams-1 sshd[8749]: Did not receive identification string from 45.61.184.204 port 57292","@timestamp":"2022-09-11T04:34:54.948Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:38 honeypot-ams-1 sshd[8752]: Disconnected from invalid user user 45.61.184.204 port 50340 [preauth]","@timestamp":"2022-09-11T04:35:38.974Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:35:58 honeypot-ams-1 sshd[8756]: Disconnected from invalid user user 45.61.184.204 port 45302 [preauth]","@timestamp":"2022-09-11T04:35:58.984Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:36:16 honeypot-ams-1 sshd[8760]: Disconnected from invalid user user 45.61.184.204 port 40278 [preauth]","@timestamp":"2022-09-11T04:36:16.994Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:36:16 honeypot-fra-1 kernel: [83745408.155982] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=201.171.20.237 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=13732 DF PROTO=TCP SPT=49626 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:36:17.333Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:39:06 honeypot-ams-1 sshd[8767]: Invalid user matt from 101.231.146.34 port 49801","@timestamp":"2022-09-11T04:39:06.068Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 04:39:49 honeypot-ams-1 kernel: [83747775.583279] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.140.155.213 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=45812 DF PROTO=TCP SPT=25110 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:39:50.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:40:08 honeypot-fra-1 sshd[31179]: Did not receive identification string from 114.33.94.230 port 38622","@timestamp":"2022-09-11T04:40:09.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:40:44.240Z","@version":"1","message":"Sep 11 04:40:43 honeypot-sgp-1 sshd[5034]: Disconnected from authenticating user root 92.255.85.69 port 60242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:43:19 honeypot-fra-1 sshd[31183]: Disconnected from authenticating user root 92.255.85.70 port 56312 [preauth]","@timestamp":"2022-09-11T04:43:19.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:45:34 honeypot-ams-1 sshd[8772]: Received disconnect from 92.255.85.70 port 58622:11: Bye Bye [preauth]","@timestamp":"2022-09-11T04:45:35.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:47:02 honeypot-fra-1 sshd[31189]: Disconnected from invalid user admin 119.159.226.213 port 46524 [preauth]","@timestamp":"2022-09-11T04:47:03.577Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T04:48:17.422Z","@version":"1","message":"Sep 11 04:48:16 honeypot-sgp-1 kernel: [83747809.900133] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=55405 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 04:55:21 honeypot-ams-1 sshd[8776]: Connection closed by invalid user test123 103.188.176.251 port 60078 [preauth]","@timestamp":"2022-09-11T04:55:22.502Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 04:55:33 honeypot-fra-1 kernel: [83746565.183428] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.219.216.222 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=24577 PROTO=TCP SPT=51903 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T04:55:34.783Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:00:16 honeypot-fra-1 sshd[31199]: Did not receive identification string from 45.61.187.160 port 41282","@timestamp":"2022-09-11T05:00:16.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:00 honeypot-fra-1 sshd[31204]: Disconnected from invalid user user 45.61.187.160 port 52188 [preauth]","@timestamp":"2022-09-11T05:01:00.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:18 honeypot-fra-1 sshd[31208]: Disconnected from invalid user user 45.61.187.160 port 47380 [preauth]","@timestamp":"2022-09-11T05:01:19.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:01:37 honeypot-fra-1 sshd[31212]: Disconnected from invalid user user 45.61.187.160 port 42580 [preauth]","@timestamp":"2022-09-11T05:01:37.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:01:41.743Z","@version":"1","message":"Sep 11 05:01:41 honeypot-sgp-1 sshd[5068]: Received disconnect from 71.25.118.117 port 41270:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:04:53 honeypot-fra-1 sshd[31217]: Disconnected from invalid user satu 20.87.8.78 port 60924 [preauth]","@timestamp":"2022-09-11T05:04:53.999Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:07:23.881Z","@version":"1","message":"Sep 11 05:07:23 honeypot-sgp-1 kernel: [83748957.220746] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=165.22.56.103 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=126 ID=909 DF PROTO=TCP SPT=64082 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:07:23 honeypot-fra-1 sshd[31224]: Invalid user wpyan from 189.7.129.60 port 54450","@timestamp":"2022-09-11T05:07:24.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:11:11 honeypot-ams-1 sshd[8782]: Invalid user User from 121.128.205.161 port 51284","@timestamp":"2022-09-11T05:11:11.920Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:17:01 honeypot-ams-1 CRON[9223]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T05:17:02.076Z"}
{"@timestamp":"2022-09-11T05:17:02.114Z","@version":"1","message":"Sep 11 05:17:01 honeypot-sgp-1 CRON[5078]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:17:01 honeypot-fra-1 CRON[31229]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T05:17:02.265Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:23:49.276Z","@version":"1","message":"Sep 11 05:23:49 honeypot-sgp-1 sshd[5085]: Received disconnect from 64.225.43.245 port 59342:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:23:52.278Z","@version":"1","message":"Sep 11 05:23:52 honeypot-sgp-1 sshd[5089]: Connection closed by invalid user user 103.188.176.251 port 48350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:14.289Z","@version":"1","message":"Sep 11 05:24:13 honeypot-sgp-1 sshd[5094]: Disconnected from invalid user user 198.98.61.9 port 43238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:32.298Z","@version":"1","message":"Sep 11 05:24:31 honeypot-sgp-1 sshd[5098]: Disconnected from invalid user user 198.98.61.9 port 38962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:24:48.306Z","@version":"1","message":"Sep 11 05:24:47 honeypot-sgp-1 sshd[5104]: Invalid user user from 198.98.61.9 port 34688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:25:24.322Z","@version":"1","message":"Sep 11 05:25:23 honeypot-sgp-1 sshd[5108]: Disconnected from authenticating user root 64.225.43.245 port 58182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:27:32.374Z","@version":"1","message":"Sep 11 05:27:31 honeypot-sgp-1 sshd[5114]: Received disconnect from 92.255.85.70 port 28708:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:28:44 honeypot-ams-1 kernel: [83750710.715334] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=59584 PROTO=TCP SPT=43105 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:28:45.386Z"}
{"@timestamp":"2022-09-11T05:29:19.418Z","@version":"1","message":"Sep 11 05:29:18 honeypot-sgp-1 sshd[5121]: Received disconnect from 64.225.43.245 port 41194:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:29:20 honeypot-fra-1 sshd[31238]: Invalid user ftpuser from 92.255.85.69 port 52218","@timestamp":"2022-09-11T05:29:21.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:30:53 honeypot-fra-1 sshd[31242]: Disconnected from invalid user katrin 165.22.45.108 port 42332 [preauth]","@timestamp":"2022-09-11T05:30:53.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:30:57 honeypot-ams-1 sshd[9232]: Received disconnect from 157.230.32.105 port 56104:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:30:58.447Z"}
{"@timestamp":"2022-09-11T05:31:01.461Z","@version":"1","message":"Sep 11 05:31:00 honeypot-sgp-1 kernel: [83750374.076072] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.152.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=13602 PROTO=TCP SPT=14004 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:32:46.506Z","@version":"1","message":"Sep 11 05:32:46 honeypot-sgp-1 kernel: [83750479.525353] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.88.125.200 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=3310 DF PROTO=TCP SPT=50834 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:33:44 honeypot-ams-1 kernel: [83751010.110076] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=102.22.167.169 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=6015 PROTO=TCP SPT=43928 DPT=80 WINDOW=21337 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:33:44.519Z"}
{"@timestamp":"2022-09-11T05:34:05.541Z","@version":"1","message":"Sep 11 05:34:04 honeypot-sgp-1 sshd[5136]: Disconnected from authenticating user root 64.225.43.245 port 37710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:34:53.585Z","@version":"1","message":"Sep 11 05:34:53 honeypot-sgp-1 sshd[5141]: Disconnected from authenticating user root 64.225.43.245 port 51246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:36:04.616Z","@version":"1","message":"Sep 11 05:36:03 honeypot-sgp-1 sshd[5147]: Disconnected from authenticating user root 179.43.156.143 port 60350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:37:21.650Z","@version":"1","message":"Sep 11 05:37:20 honeypot-sgp-1 sshd[5153]: Disconnected from authenticating user root 179.43.156.143 port 55188 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:38:09.670Z","@version":"1","message":"Sep 11 05:38:09 honeypot-sgp-1 sshd[5159]: Received disconnect from 64.225.43.245 port 48932:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:38:57.693Z","@version":"1","message":"Sep 11 05:38:57 honeypot-sgp-1 sshd[5163]: Disconnected from authenticating user root 64.225.43.245 port 34236 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:39:45.715Z","@version":"1","message":"Sep 11 05:39:45 honeypot-sgp-1 sshd[5168]: Disconnected from authenticating user root 64.225.43.245 port 47768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:20 honeypot-fra-1 sshd[31249]: Received disconnect from 141.94.76.58 port 54200:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:40:20.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:40:35.736Z","@version":"1","message":"Sep 11 05:40:35 honeypot-sgp-1 sshd[5174]: Disconnected from authenticating user root 179.43.156.143 port 42312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:43 honeypot-fra-1 sshd[31254]: Invalid user user from 141.255.162.226 port 56652","@timestamp":"2022-09-11T05:40:43.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:45 honeypot-fra-1 sshd[31258]: Invalid user user from 141.255.162.226 port 36100","@timestamp":"2022-09-11T05:40:45.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:40:58 honeypot-fra-1 kernel: [83749290.050831] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.126.12.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9720 PROTO=TCP SPT=54794 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:40:59.788Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T05:41:57.772Z","@version":"1","message":"Sep 11 05:41:56 honeypot-sgp-1 sshd[5180]: Disconnected from authenticating user root 179.43.156.143 port 37158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 05:42:46 honeypot-ams-1 kernel: [83751552.021647] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=144.126.130.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4737 PROTO=TCP SPT=54962 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T05:42:46.752Z"}
{"@timestamp":"2022-09-11T05:42:57.799Z","@version":"1","message":"Sep 11 05:42:56 honeypot-sgp-1 sshd[5186]: Disconnected from authenticating user root 64.225.43.245 port 45478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:44:34.841Z","@version":"1","message":"Sep 11 05:44:34 honeypot-sgp-1 sshd[5192]: Disconnected from authenticating user root 64.225.43.245 port 44318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:46:58.903Z","@version":"1","message":"Sep 11 05:46:58 honeypot-sgp-1 sshd[5199]: Received disconnect from 64.225.43.245 port 56694:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:47:10 honeypot-fra-1 sshd[31265]: Invalid user clock from 164.92.154.145 port 39272","@timestamp":"2022-09-11T05:47:10.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:48:37.945Z","@version":"1","message":"Sep 11 05:48:37 honeypot-sgp-1 sshd[5205]: Received disconnect from 64.225.43.245 port 55538:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:50:14.986Z","@version":"1","message":"Sep 11 05:50:14 honeypot-sgp-1 sshd[5210]: Disconnected from authenticating user root 64.225.43.245 port 54376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:50:31 honeypot-fra-1 sshd[31268]: Received disconnect from 34.78.205.135 port 50229:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:50:32.003Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:50:41.999Z","@version":"1","message":"Sep 11 05:50:41 honeypot-sgp-1 sshd[5214]: Disconnected from invalid user ftpuser 92.255.85.70 port 47332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:52:40.048Z","@version":"1","message":"Sep 11 05:52:39 honeypot-sgp-1 sshd[5220]: Disconnected from authenticating user root 64.225.43.245 port 38524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 05:52:56 honeypot-fra-1 sshd[31272]: Received disconnect from 187.230.139.33 port 54497:11: Bye Bye [preauth]","@timestamp":"2022-09-11T05:52:57.060Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T05:54:59.106Z","@version":"1","message":"Sep 11 05:54:58 honeypot-sgp-1 kernel: [83751811.601291] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=61.140.176.26 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29935 DF PROTO=TCP SPT=34722 DPT=80 WINDOW=64800 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:55:53.129Z","@version":"1","message":"Sep 11 05:55:52 honeypot-sgp-1 sshd[5229]: Disconnected from authenticating user root 64.225.43.245 port 36202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 05:56:39 honeypot-ams-1 sshd[9247]: Invalid user ftpuser from 92.255.85.70 port 59100","@timestamp":"2022-09-11T05:56:40.110Z"}
{"@timestamp":"2022-09-11T05:58:19.188Z","@version":"1","message":"Sep 11 05:58:18 honeypot-sgp-1 sshd[5235]: Disconnected from authenticating user root 64.225.43.245 port 48578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T05:59:57.229Z","@version":"1","message":"Sep 11 05:59:56 honeypot-sgp-1 sshd[5241]: Received disconnect from 64.225.43.245 port 47416:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:01:20 honeypot-ams-1 sshd[9249]: Received disconnect from 107.189.10.112 port 56394:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:01:20.230Z"}
{"@timestamp":"2022-09-11T06:01:35.273Z","@version":"1","message":"Sep 11 06:01:34 honeypot-sgp-1 sshd[5246]: Disconnected from authenticating user root 64.225.43.245 port 46260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:02:42 honeypot-fra-1 kernel: [83750593.093181] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=45829 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:02:42.273Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:28 honeypot-fra-1 sshd[31281]: Received disconnect from 45.61.187.160 port 43080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:03:29.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:03:46 honeypot-fra-1 sshd[31285]: Received disconnect from 45.61.187.160 port 37596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:03:46.302Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:04:01.334Z","@version":"1","message":"Sep 11 06:04:00 honeypot-sgp-1 sshd[5252]: Received disconnect from 64.225.43.245 port 58706:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:04:02 honeypot-fra-1 sshd[31289]: Received disconnect from 45.61.187.160 port 60354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:04:03.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:04:10 honeypot-fra-1 sshd[31293]: Received disconnect from 45.61.187.160 port 43482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:04:11.314Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:05:38.376Z","@version":"1","message":"Sep 11 06:05:38 honeypot-sgp-1 sshd[5257]: Disconnected from authenticating user root 64.225.43.245 port 57544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:05:55 honeypot-fra-1 sshd[31298]: Invalid user user from 198.98.61.9 port 49812","@timestamp":"2022-09-11T06:05:55.355Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:06:04 honeypot-ams-1 kernel: [83752950.197642] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.253.103.226 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=58 ID=31735 PROTO=TCP SPT=57545 DPT=443 WINDOW=34209 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:06:05.353Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:17 honeypot-fra-1 sshd[31302]: Invalid user user from 198.98.61.9 port 44714","@timestamp":"2022-09-11T06:06:17.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:06:35 honeypot-fra-1 sshd[31306]: Invalid user user from 198.98.61.9 port 39620","@timestamp":"2022-09-11T06:06:36.373Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:07:15.418Z","@version":"1","message":"Sep 11 06:07:15 honeypot-sgp-1 sshd[5264]: Received disconnect from 64.225.43.245 port 56382:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:08:19 honeypot-fra-1 kernel: [83750930.464724] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.92.18.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=8337 PROTO=TCP SPT=56492 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:08:19.409Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T06:08:20.447Z","@version":"1","message":"Sep 11 06:08:20 honeypot-sgp-1 sshd[5268]: Disconnected from authenticating user root 128.199.133.168 port 53096 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:10:33.504Z","@version":"1","message":"Sep 11 06:10:33 honeypot-sgp-1 sshd[5274]: Received disconnect from 64.225.43.245 port 54060:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:11:22.527Z","@version":"1","message":"Sep 11 06:11:22 honeypot-sgp-1 sshd[5278]: Disconnected from authenticating user root 64.225.43.245 port 39364 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:13:01.569Z","@version":"1","message":"Sep 11 06:13:01 honeypot-sgp-1 sshd[5285]: Received disconnect from 64.225.43.245 port 38206:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:13:50.591Z","@version":"1","message":"Sep 11 06:13:50 honeypot-sgp-1 sshd[5289]: Disconnected from authenticating user root 64.225.43.245 port 51742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:15:12 honeypot-fra-1 kernel: [83751343.049217] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.198.79.96 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=15789 PROTO=TCP SPT=54944 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:15:12.565Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:16:02 honeypot-ams-1 kernel: [83753547.723503] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=53438 PROTO=TCP SPT=64170 DPT=80 WINDOW=35373 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:16:02.610Z"}
{"@timestamp":"2022-09-11T06:16:15.653Z","@version":"1","message":"Sep 11 06:16:15 honeypot-sgp-1 sshd[5295]: Disconnected from authenticating user root 64.225.43.245 port 35884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:17:01 honeypot-fra-1 CRON[31411]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T06:17:01.610Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:18:23.710Z","@version":"1","message":"Sep 11 06:18:23 honeypot-sgp-1 sshd[5304]: Invalid user user from 45.61.187.160 port 53952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:18:42.720Z","@version":"1","message":"Sep 11 06:18:41 honeypot-sgp-1 sshd[5308]: Invalid user user from 45.61.187.160 port 49078","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:19:00.729Z","@version":"1","message":"Sep 11 06:18:59 honeypot-sgp-1 sshd[5312]: Invalid user user from 45.61.187.160 port 44216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:19:16.737Z","@version":"1","message":"Sep 11 06:19:16 honeypot-sgp-1 sshd[5316]: Invalid user user from 45.61.187.160 port 39264","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:19:32 honeypot-ams-1 sshd[9260]: Disconnected from invalid user ftpuser 92.255.85.69 port 53382 [preauth]","@timestamp":"2022-09-11T06:19:32.701Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:23:33 honeypot-fra-1 sshd[31417]: Received disconnect from 8.213.17.47 port 36474:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:23:33.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:25:01 honeypot-ams-1 CRON[9267]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T06:25:02.848Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:30:31 honeypot-fra-1 sshd[31560]: Disconnected from authenticating user root 202.170.60.201 port 45732 [preauth]","@timestamp":"2022-09-11T06:30:31.963Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:30:37.018Z","@version":"1","message":"Sep 11 06:30:36 honeypot-sgp-1 kernel: [83753949.953569] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33188 PROTO=TCP SPT=16510 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:19 honeypot-ams-1 sshd[9436]: Received disconnect from 141.255.162.226 port 59514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:31:20.010Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:22 honeypot-ams-1 sshd[9440]: Received disconnect from 141.255.162.226 port 38556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:31:23.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:31:24 honeypot-ams-1 sshd[9444]: Received disconnect from 141.255.162.226 port 60356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:31:25.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:31:56 honeypot-fra-1 sshd[31565]: Received disconnect from 198.98.61.9 port 51178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:31:56.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:16 honeypot-fra-1 sshd[31569]: Received disconnect from 198.98.61.9 port 46360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:32:17.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:32:33 honeypot-fra-1 sshd[31573]: Received disconnect from 198.98.61.9 port 41546:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T06:32:34.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:35:59 honeypot-fra-1 kernel: [83752590.698380] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=42248 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:36:00.092Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:38:14 honeypot-ams-1 sshd[9449]: Invalid user pi from 78.70.114.29 port 57688","@timestamp":"2022-09-11T06:38:15.188Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:40:42 honeypot-fra-1 sshd[31581]: Disconnected from invalid user test1 92.255.85.70 port 15618 [preauth]","@timestamp":"2022-09-11T06:40:43.194Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T06:41:31.299Z","@version":"1","message":"Sep 11 06:41:31 honeypot-sgp-1 kernel: [83754604.600629] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.248.175.149 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=8599 PROTO=TCP SPT=58004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:42:33 honeypot-ams-1 sshd[9453]: Received disconnect from 92.255.85.69 port 44122:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:42:34.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:47:01 honeypot-fra-1 CRON[31588]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T06:47:02.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:47:02 honeypot-ams-1 CRON[9456]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T06:47:02.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:49:58 honeypot-fra-1 kernel: [83753429.787109] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.242.173 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=44385 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:49:59.400Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T06:50:41.520Z","@version":"1","message":"Sep 11 06:50:40 honeypot-sgp-1 sshd[5593]: Invalid user user from 45.61.187.160 port 34444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:50:58.528Z","@version":"1","message":"Sep 11 06:50:58 honeypot-sgp-1 sshd[5597]: Invalid user user from 45.61.187.160 port 57002","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:15.537Z","@version":"1","message":"Sep 11 06:51:14 honeypot-sgp-1 sshd[5601]: Invalid user user from 45.61.187.160 port 51340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T06:51:31.545Z","@version":"1","message":"Sep 11 06:51:30 honeypot-sgp-1 sshd[5605]: Invalid user user from 45.61.187.160 port 45676","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 06:55:10 honeypot-ams-1 sshd[9571]: Connection closed by invalid user admin 183.107.50.18 port 55060 [preauth]","@timestamp":"2022-09-11T06:55:10.639Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 06:56:14 honeypot-ams-1 kernel: [83755960.193990] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.146.63.210 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=1644 DF PROTO=TCP SPT=25776 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T06:56:14.670Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 06:58:59 honeypot-fra-1 sshd[31614]: Received disconnect from 45.240.88.36 port 44384:11: Bye Bye [preauth]","@timestamp":"2022-09-11T06:59:00.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:01:23 honeypot-fra-1 kernel: [83754114.919539] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.248.175.149 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=13821 PROTO=TCP SPT=58004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:01:24.649Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:04:16 honeypot-fra-1 sshd[31622]: Received disconnect from 92.255.85.70 port 22410:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:04:17.711Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:04:58.880Z","@version":"1","message":"Sep 11 07:04:58 honeypot-sgp-1 kernel: [83756012.145214] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=2.57.122.153 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=33950 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:14.006Z","@version":"1","message":"Sep 11 07:10:13 honeypot-sgp-1 sshd[5614]: Received disconnect from 45.61.187.160 port 37328:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:31.014Z","@version":"1","message":"Sep 11 07:10:30 honeypot-sgp-1 sshd[5618]: Received disconnect from 45.61.187.160 port 32962:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:10:48.022Z","@version":"1","message":"Sep 11 07:10:47 honeypot-sgp-1 sshd[5622]: Received disconnect from 45.61.187.160 port 56828:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:37 honeypot-fra-1 sshd[31628]: Invalid user user from 45.61.186.169 port 40022","@timestamp":"2022-09-11T07:12:37.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:12:54 honeypot-fra-1 sshd[31632]: Invalid user user from 45.61.186.169 port 35020","@timestamp":"2022-09-11T07:12:54.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:11 honeypot-fra-1 sshd[31636]: Invalid user user from 45.61.186.169 port 58266","@timestamp":"2022-09-11T07:13:11.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:13:26 honeypot-fra-1 sshd[31640]: Invalid user user from 45.61.186.169 port 53298","@timestamp":"2022-09-11T07:13:26.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:15:02.122Z","@version":"1","message":"Sep 11 07:15:01 honeypot-sgp-1 sshd[5629]: Invalid user admin from 161.35.112.155 port 50622","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:16:27.159Z","@version":"1","message":"Sep 11 07:16:26 honeypot-sgp-1 sshd[5633]: Received disconnect from 104.248.181.156 port 48674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:16:44.168Z","@version":"1","message":"Sep 11 07:16:43 honeypot-sgp-1 sshd[5637]: Disconnected from authenticating user root 59.19.54.171 port 50894 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:17:01 honeypot-fra-1 CRON[31645]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T07:17:01.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:17:01 honeypot-ams-1 CRON[9579]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T07:17:02.205Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:43 honeypot-fra-1 sshd[31654]: Invalid user elastic from 43.138.12.15 port 37098","@timestamp":"2022-09-11T07:18:44.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31654]: Connection closed by invalid user elastic 43.138.12.15 port 37098 [preauth]","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:44 honeypot-fra-1 sshd[31662]: Connection closed by invalid user ts3server 43.138.12.15 port 37090 [preauth]","@timestamp":"2022-09-11T07:18:45.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:45 honeypot-fra-1 sshd[31653]: Connection closed by invalid user elasticsearch 43.138.12.15 port 37086 [preauth]","@timestamp":"2022-09-11T07:18:46.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:46 honeypot-fra-1 sshd[31692]: Invalid user es from 43.138.12.15 port 37122","@timestamp":"2022-09-11T07:18:47.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31686]: Invalid user elastic from 43.138.12.15 port 37130","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31675]: Invalid user ec2 from 43.138.12.15 port 37108","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31685]: Invalid user mcserv from 43.138.12.15 port 37126","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:47 honeypot-fra-1 sshd[31681]: Connection closed by invalid user admin 43.138.12.15 port 37096 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31679]: Connection closed by invalid user vagrant 43.138.12.15 port 37148 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31680]: Connection closed by invalid user hduser 43.138.12.15 port 37136 [preauth]","@timestamp":"2022-09-11T07:18:48.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:18:48 honeypot-fra-1 sshd[31699]: Connection closed by invalid user guest 43.138.12.15 port 37138 [preauth]","@timestamp":"2022-09-11T07:18:49.044Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:20:05.248Z","@version":"1","message":"Sep 11 07:20:04 honeypot-sgp-1 sshd[5645]: Disconnected from invalid user hn 203.172.41.149 port 39982 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:25:02.367Z","@version":"1","message":"Sep 11 07:25:01 honeypot-sgp-1 sshd[5650]: Disconnected from invalid user test1 92.255.85.70 port 52426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:27:39.433Z","@version":"1","message":"Sep 11 07:27:38 honeypot-sgp-1 sshd[5656]: Received disconnect from 45.61.184.204 port 58406:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:00.443Z","@version":"1","message":"Sep 11 07:27:59 honeypot-sgp-1 sshd[5660]: Received disconnect from 45.61.184.204 port 53916:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T07:28:18.452Z","@version":"1","message":"Sep 11 07:28:18 honeypot-sgp-1 sshd[5664]: Received disconnect from 45.61.184.204 port 49462:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:28:24 honeypot-fra-1 sshd[31722]: Received disconnect from 92.255.85.69 port 58188:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:28:25.268Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:28:32 honeypot-ams-1 sshd[9585]: Invalid user test from 193.106.191.157 port 57096","@timestamp":"2022-09-11T07:28:33.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:30:12 honeypot-ams-1 sshd[9589]: Disconnected from invalid user test1 92.255.85.69 port 41024 [preauth]","@timestamp":"2022-09-11T07:30:13.549Z"}
{"@timestamp":"2022-09-11T07:30:24.505Z","@version":"1","message":"Sep 11 07:30:24 honeypot-sgp-1 sshd[5668]: Connection closed by invalid user User 202.53.71.24 port 47080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:40:57 honeypot-fra-1 kernel: [83756488.278708] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24590 PROTO=TCP SPT=59399 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:40:57.549Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:47:14 honeypot-fra-1 kernel: [83756865.637593] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.218.139 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54711 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T07:47:15.691Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T07:47:24.918Z","@version":"1","message":"Sep 11 07:47:24 honeypot-sgp-1 kernel: [83758557.594941] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.88.125.200 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=15922 DF PROTO=TCP SPT=50198 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:47:55 honeypot-ams-1 sshd[9597]: Invalid user user from 45.61.186.249 port 57108","@timestamp":"2022-09-11T07:47:56.011Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:15 honeypot-ams-1 sshd[9601]: Invalid user user from 45.61.186.249 port 51818","@timestamp":"2022-09-11T07:48:16.022Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:32 honeypot-ams-1 sshd[9605]: Invalid user user from 45.61.186.249 port 46494","@timestamp":"2022-09-11T07:48:33.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:48:49 honeypot-ams-1 sshd[9609]: Invalid user user from 45.61.186.249 port 41162","@timestamp":"2022-09-11T07:48:49.040Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:51:59 honeypot-fra-1 sshd[31737]: Disconnected from invalid user test1 92.255.85.69 port 24708 [preauth]","@timestamp":"2022-09-11T07:51:59.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 07:53:53 honeypot-ams-1 sshd[9614]: Received disconnect from 92.255.85.70 port 62808:11: Bye Bye [preauth]","@timestamp":"2022-09-11T07:53:54.172Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:55:07 honeypot-fra-1 sshd[31740]: Disconnected from authenticating user root 200.16.132.42 port 46729 [preauth]","@timestamp":"2022-09-11T07:55:07.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 07:58:21 honeypot-fra-1 sshd[31745]: Disconnected from invalid user admin 51.250.85.165 port 38676 [preauth]","@timestamp":"2022-09-11T07:58:21.950Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T07:59:24.201Z","@version":"1","message":"Sep 11 07:59:23 honeypot-sgp-1 sshd[5677]: Connection closed by invalid user prueba 103.188.176.251 port 42716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:03:38.304Z","@version":"1","message":"Sep 11 08:03:37 honeypot-sgp-1 sshd[5681]: Disconnected from invalid user lds 103.77.252.60 port 44566 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:04:36 honeypot-ams-1 sshd[9619]: Received disconnect from 167.172.152.18 port 44898:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:04:37.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:05:57 honeypot-ams-1 sshd[9625]: Received disconnect from 167.172.152.18 port 44716:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:05:58.493Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:07:14 honeypot-ams-1 sshd[9631]: Received disconnect from 167.172.152.18 port 46144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T08:07:15.529Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:07:44 honeypot-fra-1 kernel: [83758095.256966] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=47170 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:07:45.165Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:08:10 honeypot-ams-1 sshd[9637]: Did not receive identification string from 128.199.96.88 port 61000","@timestamp":"2022-09-11T08:08:11.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:08:55 honeypot-ams-1 sshd[9640]: Disconnected from invalid user git 167.172.152.18 port 37556 [preauth]","@timestamp":"2022-09-11T08:08:56.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:09:45 honeypot-ams-1 sshd[9645]: Disconnected from invalid user oracle 167.172.152.18 port 47568 [preauth]","@timestamp":"2022-09-11T08:09:46.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:10:36 honeypot-ams-1 sshd[9649]: Disconnected from invalid user odoo 167.172.152.18 port 57180 [preauth]","@timestamp":"2022-09-11T08:10:36.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:11:25 honeypot-ams-1 sshd[9653]: Disconnected from invalid user ec2-user 167.172.152.18 port 38882 [preauth]","@timestamp":"2022-09-11T08:11:26.653Z"}
{"@timestamp":"2022-09-11T08:12:15.517Z","@version":"1","message":"Sep 11 08:12:14 honeypot-sgp-1 sshd[5685]: Invalid user user from 45.61.184.204 port 41908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:12:15 honeypot-ams-1 sshd[9657]: Disconnected from invalid user ubuntu 167.172.152.18 port 48484 [preauth]","@timestamp":"2022-09-11T08:12:15.678Z"}
{"@timestamp":"2022-09-11T08:12:34.530Z","@version":"1","message":"Sep 11 08:12:33 honeypot-sgp-1 sshd[5689]: Invalid user user from 45.61.184.204 port 37436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:12:46.536Z","@version":"1","message":"Sep 11 08:12:46 honeypot-sgp-1 sshd[5693]: Invalid user test1 from 92.255.85.70 port 47536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T08:13:01.542Z","@version":"1","message":"Sep 11 08:13:01 honeypot-sgp-1 sshd[5697]: Invalid user user from 45.61.184.204 port 44902","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:13:05 honeypot-ams-1 sshd[9661]: Disconnected from invalid user spark 167.172.152.18 port 58300 [preauth]","@timestamp":"2022-09-11T08:13:05.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:13:55 honeypot-ams-1 sshd[9665]: Disconnected from invalid user debian 167.172.152.18 port 40008 [preauth]","@timestamp":"2022-09-11T08:13:55.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:14:45 honeypot-ams-1 sshd[9669]: Disconnected from invalid user webadmin 167.172.152.18 port 49706 [preauth]","@timestamp":"2022-09-11T08:14:45.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:15:35 honeypot-ams-1 sshd[9674]: Disconnected from invalid user student 167.172.152.18 port 59524 [preauth]","@timestamp":"2022-09-11T08:15:36.778Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:16:27 honeypot-ams-1 sshd[9678]: Disconnected from invalid user weblogic 167.172.152.18 port 40946 [preauth]","@timestamp":"2022-09-11T08:16:27.802Z"}
{"@timestamp":"2022-09-11T08:16:57.635Z","@version":"1","message":"Sep 11 08:16:56 honeypot-sgp-1 kernel: [83760330.208227] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=15411 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:17:01 honeypot-fra-1 CRON[31779]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T08:17:01.377Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:18:02 honeypot-ams-1 sshd[9685]: Invalid user test1 from 92.255.85.69 port 60934","@timestamp":"2022-09-11T08:18:02.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:23:03 honeypot-ams-1 sshd[9688]: Received disconnect from 203.128.242.166 port 58612:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:23:03.971Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:23:59 honeypot-fra-1 kernel: [83759070.481612] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24155 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:24:00.553Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T08:26:00.859Z","@version":"1","message":"Sep 11 08:26:00 honeypot-sgp-1 kernel: [83760874.036257] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=10040 DF PROTO=TCP SPT=17868 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:33:55 honeypot-ams-1 sshd[9708]: Invalid user katie from 182.52.90.164 port 44264","@timestamp":"2022-09-11T08:33:56.252Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:34:23 honeypot-fra-1 kernel: [83759693.782420] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=1215 DF PROTO=TCP SPT=56172 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T08:34:23.789Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T08:35:43.092Z","@version":"1","message":"Sep 11 08:35:42 honeypot-sgp-1 sshd[5729]: Disconnected from invalid user test1 92.255.85.70 port 15716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:37:49 honeypot-ams-1 sshd[9711]: Received disconnect from 143.198.45.196 port 53044:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:37:49.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:41:14 honeypot-ams-1 sshd[9715]: Connection closed by invalid user test 193.106.191.157 port 40814 [preauth]","@timestamp":"2022-09-11T08:41:14.445Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:42:20 honeypot-fra-1 kernel: [83760171.636318] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.104 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38517 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:42:20.968Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T08:43:22.272Z","@version":"1","message":"Sep 11 08:43:21 honeypot-sgp-1 sshd[5734]: Disconnected from authenticating user root 36.170.39.170 port 16034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:32 honeypot-ams-1 sshd[9721]: Invalid user user from 45.61.186.169 port 51500","@timestamp":"2022-09-11T08:43:32.510Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:43:48 honeypot-ams-1 sshd[9725]: Invalid user user from 45.61.186.169 port 46646","@timestamp":"2022-09-11T08:43:48.519Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:44:04 honeypot-ams-1 sshd[9729]: Invalid user user from 45.61.186.169 port 41798","@timestamp":"2022-09-11T08:44:05.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 08:44:13 honeypot-ams-1 sshd[9731]: Disconnected from invalid user user 45.61.186.169 port 53484 [preauth]","@timestamp":"2022-09-11T08:44:13.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:45:23 honeypot-fra-1 sshd[31794]: Disconnected from invalid user optimax 197.159.66.222 port 36072 [preauth]","@timestamp":"2022-09-11T08:45:24.038Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:49:22 honeypot-fra-1 sshd[31798]: Received disconnect from 161.35.113.188 port 44400:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:49:23.126Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 08:50:40 honeypot-fra-1 sshd[31803]: Received disconnect from 189.29.171.10 port 60024:11: Bye Bye [preauth]","@timestamp":"2022-09-11T08:50:41.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 08:50:52 honeypot-ams-1 kernel: [83762838.261065] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.72.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=19576 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T08:50:52.706Z"}
{"@timestamp":"2022-09-11T08:59:11.640Z","@version":"1","message":"Sep 11 08:59:10 honeypot-sgp-1 sshd[5739]: Disconnected from invalid user test1 92.255.85.70 port 46822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:01:52 honeypot-fra-1 sshd[31808]: Invalid user test1 from 92.255.85.69 port 22458","@timestamp":"2022-09-11T09:01:53.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:04:26 honeypot-ams-1 sshd[9741]: Received disconnect from 92.255.85.69 port 45298:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:04:26.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:03 honeypot-fra-1 sshd[31813]: Did not receive identification string from 45.61.186.49 port 54784","@timestamp":"2022-09-11T09:05:03.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:17 honeypot-fra-1 sshd[31816]: Disconnected from invalid user user 45.61.186.49 port 46220 [preauth]","@timestamp":"2022-09-11T09:05:17.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:05:25 honeypot-fra-1 sshd[31820]: Disconnected from invalid user user 45.61.186.49 port 57964 [preauth]","@timestamp":"2022-09-11T09:05:25.501Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:06:25.817Z","@version":"1","message":"Sep 11 09:06:25 honeypot-sgp-1 kernel: [83763298.386028] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=38253 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:06:36 honeypot-ams-1 sshd[9747]: Disconnected from authenticating user root 167.172.152.18 port 43586 [preauth]","@timestamp":"2022-09-11T09:06:37.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:07:55 honeypot-ams-1 sshd[9753]: Received disconnect from 167.172.152.18 port 41874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:07:55.164Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:08:53 honeypot-ams-1 kernel: [83763919.574843] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=51185 PROTO=TCP SPT=21532 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:08:54.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:10:01 honeypot-ams-1 sshd[9763]: Received disconnect from 167.172.152.18 port 49120:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:10:02.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:10:52 honeypot-ams-1 sshd[9768]: Received disconnect from 167.172.152.18 port 57422:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:10:52.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:11:39 honeypot-ams-1 sshd[9781]: Did not receive identification string from 45.61.187.160 port 42638","@timestamp":"2022-09-11T09:11:40.272Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:01 honeypot-ams-1 sshd[9784]: Disconnected from invalid user user 45.61.187.160 port 39910 [preauth]","@timestamp":"2022-09-11T09:12:02.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:10 honeypot-ams-1 sshd[9788]: Disconnected from invalid user user 45.61.187.160 port 51406 [preauth]","@timestamp":"2022-09-11T09:12:11.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:26 honeypot-ams-1 sshd[9792]: Disconnected from invalid user user 45.61.187.160 port 46172 [preauth]","@timestamp":"2022-09-11T09:12:27.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:35 honeypot-ams-1 sshd[9796]: Disconnected from invalid user user 45.61.187.160 port 57648 [preauth]","@timestamp":"2022-09-11T09:12:35.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:12:51 honeypot-ams-1 sshd[9800]: Disconnected from invalid user user 45.61.187.160 port 52418 [preauth]","@timestamp":"2022-09-11T09:12:51.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:13:22 honeypot-ams-1 sshd[9804]: Disconnected from invalid user test 167.172.152.18 port 53434 [preauth]","@timestamp":"2022-09-11T09:13:23.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:13:47 honeypot-ams-1 sshd[9808]: Disconnected from invalid user ubuntu 167.172.152.18 port 44822 [preauth]","@timestamp":"2022-09-11T09:13:48.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:14:37 honeypot-ams-1 sshd[9812]: Disconnected from invalid user spark 167.172.152.18 port 53366 [preauth]","@timestamp":"2022-09-11T09:14:38.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:15:27 honeypot-ams-1 sshd[9816]: Disconnected from invalid user debian 167.172.152.18 port 33518 [preauth]","@timestamp":"2022-09-11T09:15:28.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:16:17 honeypot-ams-1 sshd[9821]: Disconnected from invalid user webadmin 167.172.152.18 port 41946 [preauth]","@timestamp":"2022-09-11T09:16:18.411Z"}
{"@timestamp":"2022-09-11T09:17:02.069Z","@version":"1","message":"Sep 11 09:17:01 honeypot-sgp-1 CRON[5746]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:17:05 honeypot-ams-1 kernel: [83764410.974327] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.253.103.226 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=58 ID=15557 PROTO=TCP SPT=61905 DPT=80 WINDOW=52969 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:17:05.435Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:17:34 honeypot-ams-1 sshd[9831]: Disconnected from invalid user www 167.172.152.18 port 40730 [preauth]","@timestamp":"2022-09-11T09:17:35.450Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:17:56 honeypot-fra-1 sshd[31826]: Disconnected from invalid user pei 39.109.114.28 port 39698 [preauth]","@timestamp":"2022-09-11T09:17:57.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:18:03 honeypot-ams-1 sshd[9835]: Disconnected from invalid user izabele 200.66.77.178 port 44398 [preauth]","@timestamp":"2022-09-11T09:18:03.464Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:28 honeypot-fra-1 sshd[31831]: Received disconnect from 141.255.162.226 port 50126:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:18:28.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:31 honeypot-fra-1 sshd[31835]: Received disconnect from 141.255.162.226 port 43088:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:18:32.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:18:36 honeypot-fra-1 sshd[31839]: Received disconnect from 141.255.162.226 port 50164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:18:36.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:23:08 honeypot-fra-1 sshd[31846]: Invalid user best from 178.128.72.150 port 57386","@timestamp":"2022-09-11T09:23:09.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:23:58 honeypot-fra-1 sshd[31850]: Invalid user blackjack from 178.128.72.150 port 55994","@timestamp":"2022-09-11T09:23:58.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:24:22 honeypot-fra-1 sshd[31854]: Invalid user blood from 178.128.72.150 port 41198","@timestamp":"2022-09-11T09:24:22.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:10 honeypot-fra-1 sshd[31858]: Invalid user boxer from 178.128.72.150 port 39814","@timestamp":"2022-09-11T09:25:10.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:25:44 honeypot-fra-1 sshd[31862]: Invalid user test2 from 92.255.85.70 port 51818","@timestamp":"2022-09-11T09:25:44.959Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:26:02 honeypot-ams-1 kernel: [83764948.307065] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.66.78.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=27341 PROTO=TCP SPT=57159 DPT=80 WINDOW=54217 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:26:03.693Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:26:12 honeypot-fra-1 kernel: [83762802.637352] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=85.73.83.54 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=39400 PROTO=TCP SPT=36945 DPT=443 WINDOW=50413 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:26:12.972Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:26:46 honeypot-fra-1 sshd[31868]: Disconnected from invalid user chad 178.128.72.150 port 37026 [preauth]","@timestamp":"2022-09-11T09:26:46.987Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:27:33 honeypot-fra-1 sshd[31872]: Disconnected from invalid user class 178.128.72.150 port 35632 [preauth]","@timestamp":"2022-09-11T09:27:34.007Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:28:10 honeypot-fra-1 sshd[31877]: Disconnected from invalid user alar 159.65.194.58 port 37310 [preauth]","@timestamp":"2022-09-11T09:28:11.023Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:28:45 honeypot-fra-1 sshd[31881]: Disconnected from invalid user def 178.128.72.150 port 47664 [preauth]","@timestamp":"2022-09-11T09:28:46.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:29:33 honeypot-fra-1 sshd[31885]: Disconnected from invalid user disco 178.128.72.150 port 46278 [preauth]","@timestamp":"2022-09-11T09:29:34.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:30:22 honeypot-fra-1 sshd[31889]: Received disconnect from 178.128.72.150 port 44882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:30:22.082Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T09:36:50.548Z","@version":"1","message":"Sep 11 09:36:50 honeypot-sgp-1 sshd[5753]: Received disconnect from 159.223.217.44 port 45246:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 09:37:55 honeypot-ams-1 kernel: [83765661.472839] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=61.6.135.203 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=415 PROTO=TCP SPT=2350 DPT=80 WINDOW=48647 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T09:37:55.997Z"}
{"@timestamp":"2022-09-11T09:39:28.611Z","@version":"1","message":"Sep 11 09:39:27 honeypot-sgp-1 sshd[5758]: Disconnected from authenticating user root 43.154.77.244 port 33230 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:44:03 honeypot-fra-1 sshd[31896]: Disconnected from authenticating user root 203.130.255.2 port 60952 [preauth]","@timestamp":"2022-09-11T09:44:04.386Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:47:14 honeypot-ams-1 sshd[9845]: Connection closed by invalid user test 193.106.191.157 port 52734 [preauth]","@timestamp":"2022-09-11T09:47:15.240Z"}
{"@timestamp":"2022-09-11T09:47:39.806Z","@version":"1","message":"Sep 11 09:47:38 honeypot-sgp-1 kernel: [83765771.991981] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.179.35.246 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61639 PROTO=TCP SPT=53739 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:48:56 honeypot-fra-1 sshd[31901]: Disconnected from authenticating user root 92.255.85.69 port 62416 [preauth]","@timestamp":"2022-09-11T09:48:57.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:52:34 honeypot-fra-1 sshd[31907]: Invalid user postgres from 163.172.251.68 port 58840","@timestamp":"2022-09-11T09:52:34.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:53:10 honeypot-fra-1 sshd[31911]: Invalid user oracle from 163.172.251.68 port 28636","@timestamp":"2022-09-11T09:53:10.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:53:45 honeypot-fra-1 sshd[31915]: Invalid user git from 163.172.251.68 port 54942","@timestamp":"2022-09-11T09:53:46.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:21 honeypot-fra-1 sshd[31919]: Invalid user tim from 163.172.251.68 port 24746","@timestamp":"2022-09-11T09:54:22.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:54:57 honeypot-fra-1 sshd[31923]: Invalid user mosquitto from 163.172.251.68 port 51054","@timestamp":"2022-09-11T09:54:57.643Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:54:58 honeypot-ams-1 sshd[9852]: Invalid user brenda from 128.199.129.68 port 40192","@timestamp":"2022-09-11T09:54:58.438Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:55:33 honeypot-fra-1 sshd[31927]: Received disconnect from 163.172.251.68 port 20858:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:55:33.660Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:56:10 honeypot-fra-1 sshd[31932]: Received disconnect from 163.172.251.68 port 47160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T09:56:10.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 09:57:14 honeypot-ams-1 sshd[9856]: Received disconnect from 220.205.122.4 port 59192:11: Bye Bye [preauth]","@timestamp":"2022-09-11T09:57:14.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 09:57:27 honeypot-fra-1 sshd[31936]: Invalid user kavita from 165.22.45.108 port 53752","@timestamp":"2022-09-11T09:57:27.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:01:49 honeypot-fra-1 sshd[31941]: Invalid user elastic from 179.221.221.78 port 34304","@timestamp":"2022-09-11T10:01:49.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:06:58 honeypot-fra-1 sshd[31944]: Disconnected from invalid user python 188.226.207.26 port 49122 [preauth]","@timestamp":"2022-09-11T10:06:59.947Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:07:18 honeypot-ams-1 sshd[9860]: Invalid user prueba from 103.188.176.251 port 47502","@timestamp":"2022-09-11T10:07:18.762Z"}
{"@timestamp":"2022-09-11T10:09:48.341Z","@version":"1","message":"Sep 11 10:09:47 honeypot-sgp-1 sshd[5844]: Received disconnect from 92.255.85.69 port 38908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:11:25.383Z","@version":"1","message":"Sep 11 10:11:25 honeypot-sgp-1 kernel: [83767198.284445] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.95.19 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52855 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:12:42 honeypot-fra-1 sshd[31955]: Received disconnect from 92.255.85.69 port 59866:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:12:43.077Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:13:27.436Z","@version":"1","message":"Sep 11 10:13:26 honeypot-sgp-1 kernel: [83767319.834538] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=8329 PROTO=TCP SPT=42094 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:16:33 honeypot-fra-1 sshd[31961]: Received disconnect from 61.177.173.37 port 28448:11:  [preauth]","@timestamp":"2022-09-11T10:16:34.165Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:17:01 honeypot-ams-1 CRON[9866]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T10:17:02.013Z"}
{"@timestamp":"2022-09-11T10:17:18.532Z","@version":"1","message":"Sep 11 10:17:17 honeypot-sgp-1 sshd[5861]: Disconnected from invalid user user 45.61.186.249 port 51184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:17:39.544Z","@version":"1","message":"Sep 11 10:17:38 honeypot-sgp-1 sshd[5865]: Disconnected from invalid user user 45.61.186.249 port 46062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:17:58.553Z","@version":"1","message":"Sep 11 10:17:57 honeypot-sgp-1 sshd[5870]: Disconnected from invalid user user 45.61.186.249 port 40956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:18:15.561Z","@version":"1","message":"Sep 11 10:18:14 honeypot-sgp-1 sshd[5874]: Disconnected from invalid user user 45.61.186.249 port 35844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:18:15 honeypot-fra-1 sshd[31967]: Received disconnect from 81.169.137.181 port 55140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:18:16.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:19:00 honeypot-fra-1 sshd[31973]: Invalid user demo from 81.169.137.181 port 40282","@timestamp":"2022-09-11T10:19:01.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:20:25 honeypot-fra-1 sshd[31977]: Invalid user willie from 81.169.137.181 port 38822","@timestamp":"2022-09-11T10:20:26.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:21:35 honeypot-fra-1 sshd[31981]: Did not receive identification string from 92.255.85.113 port 8998","@timestamp":"2022-09-11T10:21:36.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:21:48 honeypot-fra-1 sshd[31984]: Disconnected from invalid user tmpfs 209.141.60.201 port 55400 [preauth]","@timestamp":"2022-09-11T10:21:49.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:03 honeypot-fra-1 sshd[31989]: Disconnected from invalid user webmaster 81.169.137.181 port 35888 [preauth]","@timestamp":"2022-09-11T10:23:04.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31991]: Invalid user es from 185.209.179.41 port 45144","@timestamp":"2022-09-11T10:23:16.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[32003]: Invalid user wordpress from 185.209.179.41 port 45150","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[31995]: Connection closed by invalid user oracle 185.209.179.41 port 45176 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:16 honeypot-fra-1 sshd[32003]: Connection closed by invalid user wordpress 185.209.179.41 port 45150 [preauth]","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32023]: Invalid user postgres from 185.209.179.41 port 45160","@timestamp":"2022-09-11T10:23:17.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:17 honeypot-fra-1 sshd[32023]: Connection closed by invalid user postgres 185.209.179.41 port 45160 [preauth]","@timestamp":"2022-09-11T10:23:18.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:18 honeypot-fra-1 sshd[32035]: Did not receive identification string from 185.209.179.41 port 40002","@timestamp":"2022-09-11T10:23:19.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:19 honeypot-fra-1 sshd[32036]: Connection closed by invalid user devops 185.209.179.41 port 45184 [preauth]","@timestamp":"2022-09-11T10:23:20.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:23:41 honeypot-fra-1 sshd[32046]: Invalid user vnc from 81.169.137.181 port 49268","@timestamp":"2022-09-11T10:23:42.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:24:58 honeypot-fra-1 sshd[32050]: Received disconnect from 81.169.137.181 port 47780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:24:59.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:26:17 honeypot-fra-1 sshd[32056]: Received disconnect from 81.169.137.181 port 46308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:26:18.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:27:34 honeypot-fra-1 sshd[32061]: Invalid user vagrant from 81.169.137.181 port 44854","@timestamp":"2022-09-11T10:27:35.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:28:43 honeypot-fra-1 sshd[32066]: Received disconnect from 61.177.173.51 port 47554:11:  [preauth]","@timestamp":"2022-09-11T10:28:44.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:29:31 honeypot-fra-1 sshd[32070]: Invalid user vbox from 81.169.137.181 port 56734","@timestamp":"2022-09-11T10:29:31.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:30:47 honeypot-fra-1 sshd[32074]: Invalid user kayama from 165.22.45.108 port 59540","@timestamp":"2022-09-11T10:30:48.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:31:31 honeypot-fra-1 sshd[32078]: Invalid user ubnt from 81.169.137.181 port 40410","@timestamp":"2022-09-11T10:31:32.528Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:32:48 honeypot-fra-1 sshd[32082]: Received disconnect from 61.177.173.52 port 43879:11:  [preauth]","@timestamp":"2022-09-11T10:32:49.558Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:34:18 honeypot-fra-1 sshd[32087]: Disconnected from authenticating user games 206.189.14.223 port 36520 [preauth]","@timestamp":"2022-09-11T10:34:18.594Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T10:35:00.955Z","@version":"1","message":"Sep 11 10:35:00 honeypot-sgp-1 sshd[5891]: Connection closed by invalid user inspur 103.188.176.251 port 55388 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:36:59 honeypot-fra-1 sshd[32093]: Received disconnect from 203.223.191.206 port 46274:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:36:59.656Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:38:32 honeypot-ams-1 sshd[9871]: Received disconnect from 92.255.85.70 port 23638:11: Bye Bye [preauth]","@timestamp":"2022-09-11T10:38:32.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:39:39 honeypot-ams-1 sshd[9888]: Invalid user best from 178.128.72.150 port 56784","@timestamp":"2022-09-11T10:39:39.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:39:44 honeypot-fra-1 sshd[32100]: Received disconnect from 61.177.173.39 port 34159:11:  [preauth]","@timestamp":"2022-09-11T10:39:44.720Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:40:33 honeypot-ams-1 sshd[9896]: Invalid user blackjack from 178.128.72.150 port 60498","@timestamp":"2022-09-11T10:40:33.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:41:00 honeypot-ams-1 sshd[9898]: Disconnected from invalid user blood 178.128.72.150 port 48224 [preauth]","@timestamp":"2022-09-11T10:41:00.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:38 honeypot-fra-1 sshd[32105]: Received disconnect from 45.61.186.249 port 42254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:41:38.764Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:41:53 honeypot-ams-1 sshd[9911]: Invalid user boxer from 178.128.72.150 port 51922","@timestamp":"2022-09-11T10:41:54.671Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:41:58 honeypot-fra-1 sshd[32110]: Received disconnect from 45.61.186.249 port 37284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:41:58.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:16 honeypot-fra-1 sshd[32114]: Received disconnect from 45.61.186.249 port 60550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:42:16.782Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:42:20 honeypot-ams-1 sshd[9916]: Invalid user brain from 178.128.72.150 port 39658","@timestamp":"2022-09-11T10:42:21.685Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:42:32 honeypot-fra-1 sshd[32118]: Received disconnect from 45.61.186.249 port 55578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:42:33.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:42:56 honeypot-ams-1 sshd[9920]: Did not receive identification string from 163.172.251.68 port 18356","@timestamp":"2022-09-11T10:42:56.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:15 honeypot-ams-1 sshd[9923]: Disconnected from invalid user minecraft 163.172.251.68 port 34292 [preauth]","@timestamp":"2022-09-11T10:43:15.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:43:41 honeypot-ams-1 sshd[9928]: Disconnected from invalid user chad 178.128.72.150 port 59326 [preauth]","@timestamp":"2022-09-11T10:43:41.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:43:52 honeypot-fra-1 kernel: [83767463.329522] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=58.37.245.113 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=61603 DF PROTO=TCP SPT=43630 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:43:53.824Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:02 honeypot-ams-1 sshd[9932]: Disconnected from invalid user oracle 163.172.251.68 port 24882 [preauth]","@timestamp":"2022-09-11T10:44:03.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:19 honeypot-ams-1 sshd[9936]: Disconnected from invalid user test 163.172.251.68 port 40578 [preauth]","@timestamp":"2022-09-11T10:44:19.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:44:36 honeypot-ams-1 sshd[9940]: Disconnected from invalid user git 163.172.251.68 port 56284 [preauth]","@timestamp":"2022-09-11T10:44:37.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:02 honeypot-ams-1 sshd[9944]: Disconnected from invalid user claude 178.128.72.150 port 50730 [preauth]","@timestamp":"2022-09-11T10:45:02.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:29 honeypot-ams-1 sshd[9948]: Disconnected from invalid user cora 178.128.72.150 port 38508 [preauth]","@timestamp":"2022-09-11T10:45:29.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:45:46 honeypot-ams-1 sshd[9952]: Received disconnect from 163.172.251.68 port 62572:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:45:46.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:03 honeypot-ams-1 sshd[9956]: Received disconnect from 163.172.251.68 port 21772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:46:03.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:22 honeypot-ams-1 sshd[9960]: Disconnected from invalid user denise 178.128.72.150 port 42214 [preauth]","@timestamp":"2022-09-11T10:46:22.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:46:49 honeypot-ams-1 sshd[9964]: Disconnected from invalid user disco 178.128.72.150 port 58176 [preauth]","@timestamp":"2022-09-11T10:46:49.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:47:13 honeypot-ams-1 sshd[9968]: Disconnected from invalid user test 163.172.251.68 port 28062 [preauth]","@timestamp":"2022-09-11T10:47:14.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:47:43 honeypot-ams-1 sshd[9972]: Disconnected from invalid user rap 178.128.72.150 port 33642 [preauth]","@timestamp":"2022-09-11T10:47:43.852Z"}
{"@timestamp":"2022-09-11T10:49:39.299Z","@version":"1","message":"Sep 11 10:49:38 honeypot-sgp-1 sshd[5902]: Received disconnect from 61.82.54.57 port 48032:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T10:51:55.353Z","@version":"1","message":"Sep 11 10:51:55 honeypot-sgp-1 sshd[5906]: Disconnected from invalid user admin1 178.128.30.95 port 44248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 10:53:38 honeypot-ams-1 kernel: [83770203.556709] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=18488 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T10:53:39.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 10:54:27 honeypot-fra-1 sshd[32128]: Disconnected from authenticating user root 61.177.173.50 port 24085 [preauth]","@timestamp":"2022-09-11T10:54:28.063Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:33 honeypot-ams-1 sshd[9983]: Received disconnect from 141.255.162.226 port 36828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:54:34.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:35 honeypot-ams-1 sshd[9987]: Received disconnect from 141.255.162.226 port 57812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:54:36.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 10:54:40 honeypot-ams-1 sshd[9991]: Received disconnect from 141.255.162.226 port 44848:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T10:54:41.035Z"}
{"@timestamp":"2022-09-11T10:57:23.483Z","@version":"1","message":"Sep 11 10:57:22 honeypot-sgp-1 sshd[5912]: Disconnected from authenticating user root 92.255.85.70 port 34034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:00:54 honeypot-ams-1 kernel: [83770639.542743] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=50539 PROTO=TCP SPT=54017 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:00:54.193Z"}
{"@timestamp":"2022-09-11T11:03:46.654Z","@version":"1","message":"Sep 11 11:03:46 honeypot-sgp-1 sshd[5922]: Invalid user user from 45.61.187.160 port 33662","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T11:04:03.662Z","@version":"1","message":"Sep 11 11:04:03 honeypot-sgp-1 sshd[5926]: Invalid user user from 45.61.187.160 port 56654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:04:07 honeypot-fra-1 sshd[32137]: Invalid user kay from 165.22.45.108 port 36466","@timestamp":"2022-09-11T11:04:08.274Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:04:18.669Z","@version":"1","message":"Sep 11 11:04:18 honeypot-sgp-1 sshd[5930]: Invalid user user from 45.61.187.160 port 51400","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:06:03 honeypot-fra-1 kernel: [83768794.206710] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=33436 PROTO=TCP SPT=57502 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:06:04.318Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T11:09:03.783Z","@version":"1","message":"Sep 11 11:09:02 honeypot-sgp-1 kernel: [83770655.948132] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=21570 PROTO=TCP SPT=54181 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:14:35 honeypot-fra-1 sshd[32149]: Disconnected from authenticating user root 61.177.172.98 port 57188 [preauth]","@timestamp":"2022-09-11T11:14:36.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:15:29 honeypot-fra-1 sshd[32155]: Disconnected from authenticating user root 61.177.173.47 port 39656 [preauth]","@timestamp":"2022-09-11T11:15:30.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:16:06.947Z","@version":"1","message":"Sep 11 11:16:06 honeypot-sgp-1 sshd[5944]: Invalid user tomcat7 from 91.240.118.222 port 49329","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:17:01 honeypot-ams-1 CRON[10003]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T11:17:01.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:19:35 honeypot-ams-1 sshd[10010]: Did not receive identification string from 45.61.187.160 port 37166","@timestamp":"2022-09-11T11:19:35.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:09 honeypot-ams-1 sshd[10013]: Disconnected from invalid user user 45.61.187.160 port 60728 [preauth]","@timestamp":"2022-09-11T11:20:09.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:26 honeypot-ams-1 sshd[10017]: Disconnected from invalid user user 45.61.187.160 port 55298 [preauth]","@timestamp":"2022-09-11T11:20:26.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:20:42 honeypot-ams-1 sshd[10021]: Disconnected from invalid user user 45.61.187.160 port 49876 [preauth]","@timestamp":"2022-09-11T11:20:42.702Z"}
{"@timestamp":"2022-09-11T11:20:49.061Z","@version":"1","message":"Sep 11 11:20:48 honeypot-sgp-1 sshd[5950]: Disconnected from authenticating user root 92.255.85.70 port 46438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:23:21 honeypot-fra-1 sshd[32163]: Disconnected from authenticating user root 92.255.85.69 port 31298 [preauth]","@timestamp":"2022-09-11T11:23:21.705Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:24:27 honeypot-ams-1 sshd[10026]: Disconnected from authenticating user root 107.173.111.206 port 37860 [preauth]","@timestamp":"2022-09-11T11:24:27.801Z"}
{"@timestamp":"2022-09-11T11:27:02.207Z","@version":"1","message":"Sep 11 11:27:01 honeypot-sgp-1 sshd[5957]: Disconnected from authenticating user root 61.177.173.47 port 60919 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:28:05 honeypot-fra-1 kernel: [83770116.081398] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34266 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:28:05.811Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:32:42 honeypot-fra-1 sshd[32181]: Disconnected from invalid user ubuntu 103.66.218.65 port 42918 [preauth]","@timestamp":"2022-09-11T11:32:42.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:33:52.403Z","@version":"1","message":"Sep 11 11:33:52 honeypot-sgp-1 sshd[5962]: Disconnected from authenticating user root 61.177.172.19 port 33756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:37:40 honeypot-fra-1 sshd[32188]: Received disconnect from 165.22.45.108 port 41258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T11:37:41.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:37:50 honeypot-ams-1 kernel: [83772855.979579] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.209.78.189 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=65094 PROTO=TCP SPT=56646 DPT=80 WINDOW=25989 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:37:51.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:39:40 honeypot-fra-1 sshd[32195]: Invalid user faruk from 138.68.50.30 port 36392","@timestamp":"2022-09-11T11:39:41.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:41:11 honeypot-fra-1 sshd[32199]: Disconnected from invalid user ez 102.223.92.101 port 34547 [preauth]","@timestamp":"2022-09-11T11:41:12.104Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:41:12.578Z","@version":"1","message":"Sep 11 11:41:12 honeypot-sgp-1 sshd[5969]: Received disconnect from 61.177.172.114 port 47186:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:46:35 honeypot-fra-1 sshd[32204]: Disconnected from invalid user test2 92.255.85.69 port 58866 [preauth]","@timestamp":"2022-09-11T11:46:36.225Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T11:46:41.706Z","@version":"1","message":"Sep 11 11:46:40 honeypot-sgp-1 kernel: [83772913.728825] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=56958 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 11:49:06 honeypot-ams-1 sshd[10035]: Invalid user amit from 119.202.72.87 port 60715","@timestamp":"2022-09-11T11:49:07.444Z"}
{"@timestamp":"2022-09-11T11:53:39.872Z","@version":"1","message":"Sep 11 11:53:39 honeypot-sgp-1 sshd[5981]: Invalid user muthu from 140.213.201.45 port 48757","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 11:54:02 honeypot-ams-1 kernel: [83773827.989217] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53095 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T11:54:02.566Z"}
{"@timestamp":"2022-09-11T11:55:09.912Z","@version":"1","message":"Sep 11 11:55:09 honeypot-sgp-1 kernel: [83773422.270417] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=12873 PROTO=TCP SPT=57063 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 11:55:09 honeypot-fra-1 sshd[32215]: Disconnected from authenticating user root 61.177.172.124 port 29559 [preauth]","@timestamp":"2022-09-11T11:55:10.413Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:03:07 honeypot-fra-1 sshd[32220]: Received disconnect from 61.177.173.50 port 13049:11:  [preauth]","@timestamp":"2022-09-11T12:03:07.591Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:04:19.131Z","@version":"1","message":"Sep 11 12:04:18 honeypot-sgp-1 sshd[5990]: Disconnected from authenticating user root 61.177.173.36 port 63693 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:04:46.144Z","@version":"1","message":"Sep 11 12:04:45 honeypot-sgp-1 sshd[5995]: Received disconnect from 45.61.186.249 port 42988:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:05.154Z","@version":"1","message":"Sep 11 12:05:04 honeypot-sgp-1 sshd[5999]: Received disconnect from 45.61.186.249 port 37676:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:05:23.163Z","@version":"1","message":"Sep 11 12:05:22 honeypot-sgp-1 sshd[6003]: Received disconnect from 45.61.186.249 port 60424:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:05:39 honeypot-ams-1 kernel: [83774524.945503] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1167 PROTO=TCP SPT=57604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:05:39.875Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:47 honeypot-fra-1 sshd[32227]: Invalid user user from 141.255.162.226 port 40008","@timestamp":"2022-09-11T12:05:47.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:05:49 honeypot-fra-1 sshd[32231]: Invalid user user from 141.255.162.226 port 47078","@timestamp":"2022-09-11T12:05:49.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:07:28.215Z","@version":"1","message":"Sep 11 12:07:27 honeypot-sgp-1 sshd[6008]: Invalid user test2 from 92.255.85.70 port 25136","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:09:49 honeypot-fra-1 kernel: [83772619.678482] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=22074 PROTO=TCP SPT=57604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:09:49.745Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:10:28 honeypot-fra-1 sshd[32237]: Disconnected from invalid user k_baza 165.22.45.108 port 46048 [preauth]","@timestamp":"2022-09-11T12:10:28.761Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:12:37.339Z","@version":"1","message":"Sep 11 12:12:37 honeypot-sgp-1 sshd[6015]: Received disconnect from 220.134.113.188 port 40308:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T12:14:22.382Z","@version":"1","message":"Sep 11 12:14:21 honeypot-sgp-1 sshd[6019]: Disconnected from authenticating user root 61.177.172.124 port 50670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:15:41 honeypot-ams-1 kernel: [83775127.136083] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.29.127.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=63919 PROTO=TCP SPT=51599 DPT=80 WINDOW=45393 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:15:42.137Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:17:01 honeypot-fra-1 CRON[32247]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T12:17:01.906Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:23:23 honeypot-ams-1 sshd[10052]: Disconnected from invalid user deploy 81.169.137.181 port 44814 [preauth]","@timestamp":"2022-09-11T12:23:24.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:24:12 honeypot-ams-1 sshd[10054]: Disconnected from invalid user demo 81.169.137.181 port 60790 [preauth]","@timestamp":"2022-09-11T12:24:12.362Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:24:34 honeypot-fra-1 kernel: [83773504.928045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.145.61.132 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=12634 PROTO=TCP SPT=56024 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:24:35.079Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:25:39 honeypot-ams-1 sshd[10058]: Disconnected from invalid user willie 81.169.137.181 port 36174 [preauth]","@timestamp":"2022-09-11T12:25:39.402Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:27:01 honeypot-ams-1 sshd[10062]: Disconnected from invalid user vic 81.169.137.181 port 39812 [preauth]","@timestamp":"2022-09-11T12:27:01.438Z"}
{"@timestamp":"2022-09-11T12:27:55.701Z","@version":"1","message":"Sep 11 12:27:55 honeypot-sgp-1 sshd[6029]: Disconnected from authenticating user root 61.177.173.47 port 32505 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:19 honeypot-ams-1 sshd[10068]: Received disconnect from 81.169.137.181 port 43464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:28:20.476Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:28:36 honeypot-ams-1 kernel: [83775902.417765] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.117.198.12 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x20 TTL=119 ID=13386 DF PROTO=TCP SPT=57417 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:28:37.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:28:58 honeypot-ams-1 sshd[10075]: Disconnected from invalid user vnc 81.169.137.181 port 59416 [preauth]","@timestamp":"2022-09-11T12:28:58.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:27 honeypot-ams-1 sshd[10081]: Received disconnect from 80.76.51.45 port 56080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:29:28.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:29:44 honeypot-ams-1 sshd[10085]: Received disconnect from 80.76.51.45 port 38794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:29:44.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:14 honeypot-ams-1 sshd[10091]: Received disconnect from 167.172.152.18 port 36394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:30:15.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:16 honeypot-ams-1 sshd[10095]: Disconnected from invalid user view 81.169.137.181 port 34790 [preauth]","@timestamp":"2022-09-11T12:30:16.542Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:35 honeypot-fra-1 sshd[32261]: Received disconnect from 62.204.41.222 port 39441:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-11T12:30:36.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:46 honeypot-fra-1 sshd[32267]: Invalid user ubnt from 62.218.227.178 port 40402","@timestamp":"2022-09-11T12:30:46.218Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:30:46 honeypot-ams-1 sshd[10101]: Disconnected from authenticating user root 80.76.51.45 port 54624 [preauth]","@timestamp":"2022-09-11T12:30:46.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:46 honeypot-fra-1 sshd[32271]: Disconnected from authenticating user root 62.218.227.178 port 40474 [preauth]","@timestamp":"2022-09-11T12:30:47.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:47 honeypot-fra-1 sshd[32277]: Disconnected from authenticating user root 62.218.227.178 port 40538 [preauth]","@timestamp":"2022-09-11T12:30:48.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:48 honeypot-fra-1 sshd[32283]: Disconnected from authenticating user root 62.218.227.178 port 40570 [preauth]","@timestamp":"2022-09-11T12:30:49.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:49 honeypot-fra-1 sshd[32289]: Disconnected from authenticating user root 62.218.227.178 port 40632 [preauth]","@timestamp":"2022-09-11T12:30:50.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:50 honeypot-fra-1 sshd[32295]: Disconnected from authenticating user root 62.218.227.178 port 40668 [preauth]","@timestamp":"2022-09-11T12:30:50.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:50 honeypot-fra-1 sshd[32301]: Disconnected from authenticating user root 62.218.227.178 port 40706 [preauth]","@timestamp":"2022-09-11T12:30:51.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:51 honeypot-fra-1 sshd[32307]: Disconnected from authenticating user root 62.218.227.178 port 40740 [preauth]","@timestamp":"2022-09-11T12:30:52.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:52 honeypot-fra-1 sshd[32313]: Disconnected from authenticating user root 62.218.227.178 port 40770 [preauth]","@timestamp":"2022-09-11T12:30:53.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:53 honeypot-fra-1 sshd[32319]: Disconnected from authenticating user root 62.218.227.178 port 40816 [preauth]","@timestamp":"2022-09-11T12:30:54.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:54 honeypot-fra-1 sshd[32325]: Disconnected from authenticating user root 62.218.227.178 port 40870 [preauth]","@timestamp":"2022-09-11T12:30:55.225Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:55 honeypot-fra-1 sshd[32331]: Disconnected from authenticating user root 62.218.227.178 port 40912 [preauth]","@timestamp":"2022-09-11T12:30:56.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:56 honeypot-fra-1 sshd[32337]: Invalid user admin from 62.218.227.178 port 41042","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:56 honeypot-fra-1 sshd[32341]: Invalid user admin from 62.218.227.178 port 41092","@timestamp":"2022-09-11T12:30:57.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:57 honeypot-fra-1 sshd[32345]: Invalid user admin from 62.218.227.178 port 41138","@timestamp":"2022-09-11T12:30:58.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32349]: Invalid user admin from 62.218.227.178 port 41154","@timestamp":"2022-09-11T12:30:58.227Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:58 honeypot-fra-1 sshd[32353]: Invalid user admin from 62.218.227.178 port 41176","@timestamp":"2022-09-11T12:30:59.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:59 honeypot-fra-1 sshd[32357]: Received disconnect from 62.218.227.178 port 41224:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:31:00.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:30:59 honeypot-fra-1 sshd[32361]: Disconnected from invalid user pi 62.218.227.178 port 41238 [preauth]","@timestamp":"2022-09-11T12:31:00.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:00 honeypot-fra-1 sshd[32365]: Disconnected from invalid user user 62.218.227.178 port 41264 [preauth]","@timestamp":"2022-09-11T12:31:01.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32369]: Disconnected from invalid user mine 62.218.227.178 port 41286 [preauth]","@timestamp":"2022-09-11T12:31:01.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:01 honeypot-fra-1 sshd[32373]: Disconnected from invalid user xbmc 62.218.227.178 port 41302 [preauth]","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:02 honeypot-fra-1 sshd[32377]: Disconnected from invalid user oracle 62.218.227.178 port 41322 [preauth]","@timestamp":"2022-09-11T12:31:02.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:02 honeypot-fra-1 sshd[32381]: Disconnected from invalid user postgres 62.218.227.178 port 41340 [preauth]","@timestamp":"2022-09-11T12:31:03.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32385]: Disconnected from invalid user support 62.218.227.178 port 41360 [preauth]","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:03 honeypot-fra-1 sshd[32389]: Disconnected from invalid user ubuntu 62.218.227.178 port 41390 [preauth]","@timestamp":"2022-09-11T12:31:04.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:04 honeypot-fra-1 sshd[32393]: Disconnected from invalid user ubuntu 62.218.227.178 port 41416 [preauth]","@timestamp":"2022-09-11T12:31:05.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32397]: Disconnected from invalid user guest 62.218.227.178 port 41436 [preauth]","@timestamp":"2022-09-11T12:31:05.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:31:05 honeypot-fra-1 sshd[32401]: Disconnected from invalid user cirros 62.218.227.178 port 41502 [preauth]","@timestamp":"2022-09-11T12:31:06.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:06 honeypot-ams-1 sshd[10107]: Received disconnect from 167.172.152.18 port 45970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:31:06.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:32 honeypot-ams-1 sshd[10111]: Received disconnect from 167.172.152.18 port 36674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:31:32.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:31:46 honeypot-ams-1 sshd[10117]: Disconnected from authenticating user root 80.76.51.45 port 42166 [preauth]","@timestamp":"2022-09-11T12:31:47.590Z"}
{"@timestamp":"2022-09-11T12:31:58.799Z","@version":"1","message":"Sep 11 12:31:58 honeypot-sgp-1 sshd[6036]: Disconnected from authenticating user root 61.177.173.52 port 34324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:13 honeypot-ams-1 sshd[10123]: Received disconnect from 81.169.137.181 port 54392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:32:13.603Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:32:23 honeypot-ams-1 kernel: [83776128.531124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.104 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48129 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:32:23.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:32:49 honeypot-ams-1 sshd[10130]: Received disconnect from 167.172.152.18 port 37020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:32:49.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:33:15 honeypot-ams-1 sshd[10134]: Received disconnect from 167.172.152.18 port 55958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:33:15.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:33:28 honeypot-fra-1 sshd[32405]: Disconnected from invalid user tomcat7 91.240.118.222 port 24282 [preauth]","@timestamp":"2022-09-11T12:33:28.286Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:33:41 honeypot-ams-1 sshd[10138]: Received disconnect from 167.172.152.18 port 46612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T12:33:41.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:11 honeypot-ams-1 sshd[10142]: Invalid user vanessa from 81.169.137.181 port 45738","@timestamp":"2022-09-11T12:34:12.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:34:51 honeypot-ams-1 sshd[10146]: Invalid user vbox from 81.169.137.181 port 33476","@timestamp":"2022-09-11T12:34:52.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:35:24 honeypot-ams-1 sshd[10150]: Invalid user ec2-user from 167.172.152.18 port 37680","@timestamp":"2022-09-11T12:35:24.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:35:49 honeypot-ams-1 sshd[10154]: Invalid user test from 167.172.152.18 port 56592","@timestamp":"2022-09-11T12:35:49.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:11 honeypot-ams-1 sshd[10158]: Invalid user update from 81.169.137.181 port 37082","@timestamp":"2022-09-11T12:36:11.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:36:39 honeypot-ams-1 sshd[10162]: Invalid user demo from 167.172.152.18 port 37972","@timestamp":"2022-09-11T12:36:39.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:04 honeypot-ams-1 sshd[10166]: Invalid user spark from 167.172.152.18 port 56916","@timestamp":"2022-09-11T12:37:05.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:37:36 honeypot-ams-1 sshd[10170]: Invalid user tony from 81.169.137.181 port 40726","@timestamp":"2022-09-11T12:37:36.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:38:20 honeypot-ams-1 sshd[10175]: Invalid user ftpadmin from 167.172.152.18 port 57246","@timestamp":"2022-09-11T12:38:20.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:38:20 honeypot-fra-1 sshd[32416]: Disconnected from authenticating user root 61.177.172.114 port 33937 [preauth]","@timestamp":"2022-09-11T12:38:21.398Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 12:39:11 honeypot-ams-1 kernel: [83776536.762747] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.248.41.74 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=51936 DF PROTO=TCP SPT=63883 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T12:39:11.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:39:37 honeypot-ams-1 sshd[10181]: Disconnected from invalid user student 167.172.152.18 port 57542 [preauth]","@timestamp":"2022-09-11T12:39:37.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:40:29 honeypot-ams-1 sshd[10185]: Disconnected from invalid user weblogic 167.172.152.18 port 38942 [preauth]","@timestamp":"2022-09-11T12:40:29.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:41:02 honeypot-ams-1 sshd[10189]: Disconnected from invalid user boon 187.230.139.33 port 42607 [preauth]","@timestamp":"2022-09-11T12:41:02.873Z"}
{"@timestamp":"2022-09-11T12:42:59.061Z","@version":"1","message":"Sep 11 12:42:58 honeypot-sgp-1 sshd[6049]: Invalid user samba1 from 146.19.133.233 port 60556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:45:37 honeypot-fra-1 sshd[32423]: Invalid user inspur from 103.188.176.251 port 60286","@timestamp":"2022-09-11T12:45:38.583Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T12:49:27.220Z","@version":"1","message":"Sep 11 12:49:26 honeypot-sgp-1 sshd[6057]: Connection closed by 167.248.133.63 port 47778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:49:48 honeypot-ams-1 sshd[10195]: Connection closed by invalid user support 219.92.230.70 port 48618 [preauth]","@timestamp":"2022-09-11T12:49:49.106Z"}
{"@timestamp":"2022-09-11T12:54:26.344Z","@version":"1","message":"Sep 11 12:54:25 honeypot-sgp-1 sshd[6063]: Disconnected from authenticating user root 92.255.85.69 port 28910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 12:57:21 honeypot-fra-1 sshd[32435]: Disconnected from authenticating user root 61.177.173.37 port 23368 [preauth]","@timestamp":"2022-09-11T12:57:21.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 12:59:55 honeypot-ams-1 sshd[10202]: Received disconnect from 92.255.85.70 port 59874:11: Bye Bye [preauth]","@timestamp":"2022-09-11T12:59:56.372Z"}
{"@timestamp":"2022-09-11T13:05:16.602Z","@version":"1","message":"Sep 11 13:05:16 honeypot-sgp-1 sshd[6071]: Received disconnect from 61.177.172.114 port 22746:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:05:19 honeypot-fra-1 sshd[32440]: Received disconnect from 61.177.173.36 port 48247:11:  [preauth]","@timestamp":"2022-09-11T13:05:20.020Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:11:14.745Z","@version":"1","message":"Sep 11 13:11:14 honeypot-sgp-1 kernel: [83777987.307087] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43400 PROTO=TCP SPT=54145 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:12:42 honeypot-ams-1 sshd[10225]: Received disconnect from 221.195.49.78 port 24498:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:12:43.716Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:13:00 honeypot-fra-1 sshd[32445]: Disconnected from authenticating user root 61.177.173.46 port 27712 [preauth]","@timestamp":"2022-09-11T13:13:01.194Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:16:37 honeypot-fra-1 sshd[32451]: Received disconnect from 165.22.45.108 port 57694:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:16:37.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:18:26 honeypot-fra-1 sshd[32457]: Disconnected from authenticating user root 61.177.173.36 port 14268 [preauth]","@timestamp":"2022-09-11T13:18:27.321Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:19:07.935Z","@version":"1","message":"Sep 11 13:19:07 honeypot-sgp-1 sshd[6088]: Received disconnect from 61.177.173.47 port 26721:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:20:17 honeypot-fra-1 sshd[32464]: Invalid user cet from 137.135.226.173 port 49390","@timestamp":"2022-09-11T13:20:18.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:21:04 honeypot-fra-1 sshd[32468]: Disconnected from authenticating user root 92.255.85.69 port 61590 [preauth]","@timestamp":"2022-09-11T13:21:05.385Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:22:44.021Z","@version":"1","message":"Sep 11 13:22:43 honeypot-sgp-1 sshd[6099]: Disconnected from invalid user user 141.255.162.226 port 45546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:22:47.023Z","@version":"1","message":"Sep 11 13:22:46 honeypot-sgp-1 sshd[6104]: Invalid user user from 141.255.162.226 port 59256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:02 honeypot-ams-1 sshd[10234]: Did not receive identification string from 45.61.186.169 port 37390","@timestamp":"2022-09-11T13:23:03.014Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:23:42 honeypot-ams-1 sshd[10239]: Invalid user user from 45.61.186.169 port 48156","@timestamp":"2022-09-11T13:23:43.034Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:02 honeypot-ams-1 sshd[10243]: Invalid user user from 45.61.186.169 port 42956","@timestamp":"2022-09-11T13:24:03.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:24:20 honeypot-ams-1 sshd[10248]: Invalid user user from 45.61.186.169 port 37754","@timestamp":"2022-09-11T13:24:21.058Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:29:12 honeypot-ams-1 kernel: [83779538.052792] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.3.136.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58146 PROTO=TCP SPT=42919 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:29:13.182Z"}
{"@timestamp":"2022-09-11T13:29:21.181Z","@version":"1","message":"Sep 11 13:29:20 honeypot-sgp-1 kernel: [83779073.625262] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.218.147 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=53873 PROTO=TCP SPT=39524 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:30.212Z","@version":"1","message":"Sep 11 13:30:29 honeypot-sgp-1 sshd[6116]: Received disconnect from 45.61.184.204 port 40436:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:30:50.221Z","@version":"1","message":"Sep 11 13:30:49 honeypot-sgp-1 sshd[6120]: Received disconnect from 45.61.184.204 port 35444:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:31:07.230Z","@version":"1","message":"Sep 11 13:31:06 honeypot-sgp-1 sshd[6124]: Received disconnect from 45.61.184.204 port 58690:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:34:36 honeypot-fra-1 sshd[32483]: Invalid user oracle from 121.130.111.133 port 59446","@timestamp":"2022-09-11T13:34:36.709Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:35:21 honeypot-fra-1 sshd[32487]: Received disconnect from 104.248.159.207 port 19096:11: Bye Bye [preauth]","@timestamp":"2022-09-11T13:35:21.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:13 honeypot-ams-1 sshd[10257]: Received disconnect from 45.61.184.204 port 56488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:36:14.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:32 honeypot-ams-1 sshd[10261]: Received disconnect from 45.61.184.204 port 51870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:36:32.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:36:50 honeypot-ams-1 sshd[10265]: Invalid user user from 45.61.184.204 port 47262","@timestamp":"2022-09-11T13:36:51.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:39:08 honeypot-fra-1 sshd[32493]: Received disconnect from 61.177.173.36 port 53999:11:  [preauth]","@timestamp":"2022-09-11T13:39:09.813Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:39:20 honeypot-ams-1 sshd[10269]: Invalid user fork1 from 14.102.74.99 port 48774","@timestamp":"2022-09-11T13:39:20.445Z"}
{"@timestamp":"2022-09-11T13:39:50.436Z","@version":"1","message":"Sep 11 13:39:50 honeypot-sgp-1 kernel: [83779702.934508] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.189.85.32 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=61402 PROTO=TCP SPT=42077 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 13:40:26 honeypot-ams-1 sshd[10272]: Disconnected from invalid user sbear 137.184.90.200 port 34684 [preauth]","@timestamp":"2022-09-11T13:40:27.478Z"}
{"@timestamp":"2022-09-11T13:43:29.527Z","@version":"1","message":"Sep 11 13:43:28 honeypot-sgp-1 sshd[6140]: Received disconnect from 180.168.192.126 port 59533:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:45:20 honeypot-fra-1 sshd[32500]: Disconnected from authenticating user root 92.255.85.69 port 57736 [preauth]","@timestamp":"2022-09-11T13:45:20.952Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 13:49:59 honeypot-fra-1 sshd[32507]: Received disconnect from 165.22.45.108 port 34460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T13:49:59.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T13:51:04.709Z","@version":"1","message":"Sep 11 13:51:04 honeypot-sgp-1 sshd[6150]: Received disconnect from 209.65.66.239 port 43439:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T13:51:49.730Z","@version":"1","message":"Sep 11 13:51:49 honeypot-sgp-1 sshd[6152]: Disconnected from invalid user david 14.63.162.98 port 51671 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 13:55:13 honeypot-ams-1 kernel: [83781098.755860] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58056 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T13:55:13.867Z"}
{"@timestamp":"2022-09-11T13:59:18.913Z","@version":"1","message":"Sep 11 13:59:18 honeypot-sgp-1 sshd[6161]: Received disconnect from 200.111.119.58 port 43664:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:00:31 honeypot-ams-1 kernel: [83781416.680884] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.57.47.54 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=46726 DF PROTO=TCP SPT=41205 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:00:32.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:02:03 honeypot-fra-1 kernel: [83779353.807291] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=134.209.233.125 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=64026 DF PROTO=TCP SPT=38112 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:02:04.324Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:03:53 honeypot-ams-1 sshd[10282]: Invalid user electrum from 203.190.55.203 port 34989","@timestamp":"2022-09-11T14:03:54.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:17 honeypot-fra-1 sshd[32524]: Disconnected from invalid user user 45.61.184.204 port 45054 [preauth]","@timestamp":"2022-09-11T14:06:18.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:36 honeypot-fra-1 sshd[32528]: Disconnected from invalid user user 45.61.184.204 port 40058 [preauth]","@timestamp":"2022-09-11T14:06:37.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:06:56 honeypot-fra-1 sshd[32533]: Disconnected from invalid user user 45.61.184.204 port 35058 [preauth]","@timestamp":"2022-09-11T14:06:56.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:07:14 honeypot-fra-1 sshd[32537]: Disconnected from invalid user user 45.61.184.204 port 58290 [preauth]","@timestamp":"2022-09-11T14:07:15.448Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:08:44 honeypot-fra-1 sshd[32541]: Disconnected from authenticating user root 92.255.85.70 port 30900 [preauth]","@timestamp":"2022-09-11T14:08:44.483Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:08:55.148Z","@version":"1","message":"Sep 11 14:08:54 honeypot-sgp-1 sshd[6171]: Disconnected from authenticating user root 61.177.173.53 port 11013 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:10:17 honeypot-fra-1 sshd[32547]: Disconnected from invalid user vt 122.176.119.202 port 53280 [preauth]","@timestamp":"2022-09-11T14:10:17.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:10:41 honeypot-ams-1 sshd[10285]: Received disconnect from 92.255.85.70 port 21874:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:10:41.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:11:37 honeypot-ams-1 sshd[10289]: Connection closed by invalid user test 193.106.191.157 port 44062 [preauth]","@timestamp":"2022-09-11T14:11:38.321Z"}
{"@timestamp":"2022-09-11T14:15:01.294Z","@version":"1","message":"Sep 11 14:15:01 honeypot-sgp-1 sshd[6178]: Disconnected from authenticating user root 61.177.173.46 port 59434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:17:01 honeypot-fra-1 CRON[32558]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T14:17:01.672Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:19:29 honeypot-ams-1 sshd[10300]: Invalid user gateway from 62.204.41.222 port 8746","@timestamp":"2022-09-11T14:19:30.531Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 14:20:24 honeypot-ams-1 kernel: [83782610.110235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.188.210.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=31604 PROTO=TCP SPT=40969 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:20:25.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:20:38 honeypot-fra-1 kernel: [83780467.973597] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.156.209 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=26642 DF PROTO=TCP SPT=52642 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T14:20:38.756Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T14:21:45.458Z","@version":"1","message":"Sep 11 14:21:45 honeypot-sgp-1 kernel: [83782217.930356] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.214.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49492 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:24:24 honeypot-fra-1 sshd[32567]: Disconnected from authenticating user root 61.177.173.46 port 47126 [preauth]","@timestamp":"2022-09-11T14:24:24.839Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:31:43 honeypot-fra-1 sshd[32572]: Received disconnect from 92.255.85.70 port 63802:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:31:44.004Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:32:56.728Z","@version":"1","message":"Sep 11 14:32:56 honeypot-sgp-1 sshd[6195]: Disconnected from authenticating user root 61.177.172.19 port 12292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:33:10 honeypot-fra-1 kernel: [83781220.099801] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56392 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:33:11.041Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:54 honeypot-ams-1 sshd[10310]: Invalid user ubnt from 182.105.189.1 port 39971","@timestamp":"2022-09-11T14:33:54.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:33:59 honeypot-ams-1 sshd[10314]: Disconnected from authenticating user root 182.105.189.1 port 40110 [preauth]","@timestamp":"2022-09-11T14:33:59.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:07 honeypot-ams-1 sshd[10320]: Disconnected from authenticating user root 182.105.189.1 port 40297 [preauth]","@timestamp":"2022-09-11T14:34:07.924Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:15 honeypot-ams-1 sshd[10326]: Disconnected from authenticating user root 182.105.189.1 port 40516 [preauth]","@timestamp":"2022-09-11T14:34:15.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:21 honeypot-ams-1 sshd[10332]: Disconnected from authenticating user root 182.105.189.1 port 40684 [preauth]","@timestamp":"2022-09-11T14:34:21.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:28 honeypot-ams-1 sshd[10338]: Disconnected from authenticating user root 182.105.189.1 port 40839 [preauth]","@timestamp":"2022-09-11T14:34:28.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:34 honeypot-ams-1 sshd[10344]: Disconnected from authenticating user root 182.105.189.1 port 41019 [preauth]","@timestamp":"2022-09-11T14:34:34.991Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:39 honeypot-fra-1 sshd[32586]: Invalid user user from 45.61.184.204 port 57776","@timestamp":"2022-09-11T14:34:40.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:43 honeypot-ams-1 sshd[10350]: Disconnected from authenticating user root 182.105.189.1 port 41206 [preauth]","@timestamp":"2022-09-11T14:34:43.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:51 honeypot-ams-1 sshd[10356]: Disconnected from authenticating user root 182.105.189.1 port 41397 [preauth]","@timestamp":"2022-09-11T14:34:52.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:34:57 honeypot-ams-1 sshd[10362]: Disconnected from authenticating user root 182.105.189.1 port 41584 [preauth]","@timestamp":"2022-09-11T14:34:58.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:34:59 honeypot-fra-1 sshd[32590]: Invalid user user from 45.61.184.204 port 53366","@timestamp":"2022-09-11T14:35:00.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:02 honeypot-ams-1 sshd[10368]: Disconnected from authenticating user root 182.105.189.1 port 41690 [preauth]","@timestamp":"2022-09-11T14:35:03.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:10 honeypot-ams-1 sshd[10374]: Disconnected from authenticating user root 182.105.189.1 port 41900 [preauth]","@timestamp":"2022-09-11T14:35:11.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:17 honeypot-ams-1 sshd[10380]: Received disconnect from 182.105.189.1 port 42082:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:18.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:35:17 honeypot-fra-1 sshd[32594]: Invalid user user from 45.61.184.204 port 48966","@timestamp":"2022-09-11T14:35:18.094Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:23 honeypot-ams-1 sshd[10384]: Received disconnect from 182.105.189.1 port 42256:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:24.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:29 honeypot-ams-1 sshd[10388]: Received disconnect from 182.105.189.1 port 42406:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:30.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:33 honeypot-ams-1 sshd[10392]: Received disconnect from 182.105.189.1 port 42507:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:34.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:37 honeypot-ams-1 sshd[10396]: Received disconnect from 182.105.189.1 port 42602:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:38.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:42 honeypot-ams-1 sshd[10400]: Received disconnect from 182.105.189.1 port 42705:11: Bye Bye [preauth]","@timestamp":"2022-09-11T14:35:43.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:48 honeypot-ams-1 sshd[10406]: Invalid user pi from 182.105.189.1 port 42865","@timestamp":"2022-09-11T14:35:49.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:53 honeypot-ams-1 sshd[10410]: Invalid user user from 182.105.189.1 port 42995","@timestamp":"2022-09-11T14:35:54.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:35:58 honeypot-ams-1 sshd[10414]: Invalid user mine from 182.105.189.1 port 43125","@timestamp":"2022-09-11T14:35:59.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:06 honeypot-ams-1 sshd[10418]: Invalid user xbmc from 182.105.189.1 port 43319","@timestamp":"2022-09-11T14:36:07.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:13 honeypot-ams-1 sshd[10422]: Invalid user oracle from 182.105.189.1 port 43419","@timestamp":"2022-09-11T14:36:14.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:18 honeypot-ams-1 sshd[10426]: Invalid user postgres from 182.105.189.1 port 43631","@timestamp":"2022-09-11T14:36:19.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:22 honeypot-ams-1 sshd[10430]: Invalid user support from 182.105.189.1 port 43733","@timestamp":"2022-09-11T14:36:23.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:29 honeypot-ams-1 sshd[10434]: Invalid user ubuntu from 182.105.189.1 port 43835","@timestamp":"2022-09-11T14:36:30.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:34 honeypot-ams-1 sshd[10438]: Invalid user ubuntu from 182.105.189.1 port 44001","@timestamp":"2022-09-11T14:36:34.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:39 honeypot-ams-1 sshd[10442]: Invalid user guest from 182.105.189.1 port 44155","@timestamp":"2022-09-11T14:36:40.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:36:45 honeypot-ams-1 sshd[10446]: Invalid user cirros from 182.105.189.1 port 44311","@timestamp":"2022-09-11T14:36:46.091Z"}
{"@timestamp":"2022-09-11T14:38:41.872Z","@version":"1","message":"Sep 11 14:38:41 honeypot-sgp-1 sshd[6201]: Connection closed by 134.209.44.233 port 53837 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:40:52 honeypot-fra-1 kernel: [83781682.563804] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=24519 PROTO=TCP SPT=45389 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:40:53.219Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:43:53 honeypot-ams-1 sshd[10451]: Did not receive identification string from 45.61.186.49 port 58596","@timestamp":"2022-09-11T14:43:53.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:18 honeypot-ams-1 sshd[10454]: Disconnected from invalid user user 45.61.186.49 port 47604 [preauth]","@timestamp":"2022-09-11T14:44:19.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:44:27 honeypot-ams-1 sshd[10458]: Disconnected from invalid user user 45.61.186.49 port 59112 [preauth]","@timestamp":"2022-09-11T14:44:28.289Z"}
{"@timestamp":"2022-09-11T14:45:19.046Z","@version":"1","message":"Sep 11 14:45:18 honeypot-sgp-1 sshd[6208]: Disconnected from invalid user tester 49.247.22.240 port 43610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:51:05 honeypot-fra-1 sshd[32604]: Disconnected from authenticating user root 61.177.172.124 port 62864 [preauth]","@timestamp":"2022-09-11T14:51:06.444Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T14:51:29.196Z","@version":"1","message":"Sep 11 14:51:28 honeypot-sgp-1 kernel: [83784001.404952] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=8399 PROTO=TCP SPT=41106 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T14:53:55.257Z","@version":"1","message":"Sep 11 14:53:54 honeypot-sgp-1 sshd[6219]: Received disconnect from 61.177.173.36 port 48408:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:54:47 honeypot-fra-1 kernel: [83782517.160377] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.203.56.0 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45268 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T14:54:47.530Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 14:56:40 honeypot-fra-1 sshd[32618]: Invalid user kehuceshi from 165.22.45.108 port 44458","@timestamp":"2022-09-11T14:56:41.576Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 14:58:14 honeypot-ams-1 sshd[10462]: Disconnected from authenticating user root 92.255.85.69 port 28162 [preauth]","@timestamp":"2022-09-11T14:58:15.646Z"}
{"@timestamp":"2022-09-11T15:01:25.436Z","@version":"1","message":"Sep 11 15:01:25 honeypot-sgp-1 sshd[6225]: Disconnected from invalid user user 45.61.186.249 port 37472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:01:45.447Z","@version":"1","message":"Sep 11 15:01:44 honeypot-sgp-1 sshd[6231]: Disconnected from invalid user user 45.61.186.249 port 60436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:02:03.456Z","@version":"1","message":"Sep 11 15:02:02 honeypot-sgp-1 sshd[6235]: Disconnected from invalid user user 45.61.186.249 port 55124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:02:20.465Z","@version":"1","message":"Sep 11 15:02:20 honeypot-sgp-1 sshd[6239]: Disconnected from invalid user user 45.61.186.249 port 49836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:03:36 honeypot-fra-1 sshd[32623]: Did not receive identification string from 58.72.18.130 port 4530","@timestamp":"2022-09-11T15:03:36.733Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:04:30 honeypot-ams-1 kernel: [83785255.620449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=44292 PROTO=TCP SPT=48403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:04:30.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:05:47 honeypot-fra-1 sshd[32628]: Disconnected from authenticating user root 61.177.172.19 port 10103 [preauth]","@timestamp":"2022-09-11T15:05:47.783Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:08:39.635Z","@version":"1","message":"Sep 11 15:08:39 honeypot-sgp-1 sshd[6248]: Received disconnect from 61.177.172.90 port 44833:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:08:39 honeypot-ams-1 sshd[10471]: Connection closed by invalid user guest 67.204.24.218 port 35108 [preauth]","@timestamp":"2022-09-11T15:08:39.921Z"}
{"@timestamp":"2022-09-11T15:13:03.742Z","@version":"1","message":"Sep 11 15:13:03 honeypot-sgp-1 sshd[6255]: Invalid user db2inst from 96.78.175.36 port 46612","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:15:18 honeypot-fra-1 sshd[32638]: Invalid user sbot from 147.182.210.165 port 53498","@timestamp":"2022-09-11T15:15:18.994Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:15:51.811Z","@version":"1","message":"Sep 11 15:15:50 honeypot-sgp-1 kernel: [83785463.619740] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.119 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34508 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:17:01 honeypot-ams-1 CRON[10477]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T15:17:02.135Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:17:44 honeypot-fra-1 kernel: [83783894.047362] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.111.212 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33243 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:17:45.051Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:21:29 honeypot-ams-1 sshd[10482]: Received disconnect from 92.255.85.70 port 45492:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:21:30.255Z"}
{"@timestamp":"2022-09-11T15:24:16.013Z","@version":"1","message":"Sep 11 15:24:15 honeypot-sgp-1 kernel: [83785968.449026] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=2.57.122.153 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=38261 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:24:26 honeypot-fra-1 sshd[32653]: Bad protocol version identification '\\026\\003\\001' from 106.75.227.154 port 39314","@timestamp":"2022-09-11T15:24:26.202Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:25:58 honeypot-ams-1 kernel: [83786543.936528] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.162.88.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=47625 PROTO=TCP SPT=49608 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:25:59.373Z"}
{"@timestamp":"2022-09-11T15:28:14.111Z","@version":"1","message":"Sep 11 15:28:13 honeypot-sgp-1 sshd[6271]: Received disconnect from 141.94.223.98 port 53440:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:29:31 honeypot-fra-1 sshd[32660]: Received disconnect from 61.177.173.46 port 22341:11:  [preauth]","@timestamp":"2022-09-11T15:29:32.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:31:22 honeypot-fra-1 kernel: [83784712.226788] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.219.36.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38622 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:31:23.378Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:36:17 honeypot-ams-1 sshd[10561]: Disconnected from authenticating user root 84.52.103.234 port 41848 [preauth]","@timestamp":"2022-09-11T15:36:17.635Z"}
{"@timestamp":"2022-09-11T15:37:25.332Z","@version":"1","message":"Sep 11 15:37:24 honeypot-sgp-1 sshd[6278]: Received disconnect from 61.177.173.36 port 37622:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:38:54 honeypot-fra-1 sshd[32669]: Received disconnect from 61.177.173.46 port 47284:11:  [preauth]","@timestamp":"2022-09-11T15:38:54.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:39:22 honeypot-fra-1 sshd[32676]: Invalid user kt from 187.51.55.82 port 38879","@timestamp":"2022-09-11T15:39:22.560Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:43:12.469Z","@version":"1","message":"Sep 11 15:43:11 honeypot-sgp-1 kernel: [83787104.616156] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=72.255.231.87 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=44666 DF PROTO=TCP SPT=48027 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:43:18 honeypot-fra-1 sshd[32680]: Received disconnect from 68.183.141.33 port 51402:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:43:18.650Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 15:44:35 honeypot-ams-1 sshd[10568]: Received disconnect from 92.255.85.70 port 51244:11: Bye Bye [preauth]","@timestamp":"2022-09-11T15:44:35.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:46:28 honeypot-fra-1 sshd[32685]: Disconnected from authenticating user root 119.73.179.114 port 24133 [preauth]","@timestamp":"2022-09-11T15:46:29.722Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T15:48:12.592Z","@version":"1","message":"Sep 11 15:48:12 honeypot-sgp-1 sshd[6291]: Received disconnect from 61.177.173.36 port 58341:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:50:17 honeypot-ams-1 kernel: [83788002.911983] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.58.105.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=45709 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:50:17.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 15:52:15 honeypot-fra-1 kernel: [83785964.823600] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=31.220.1.83 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=45786 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:52:15.866Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T15:53:47.724Z","@version":"1","message":"Sep 11 15:53:47 honeypot-sgp-1 sshd[6298]: Received disconnect from 157.245.243.224 port 51688:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T15:57:04.802Z","@version":"1","message":"Sep 11 15:57:04 honeypot-sgp-1 sshd[6303]: Disconnected from authenticating user root 61.177.173.49 port 56762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 15:58:05 honeypot-ams-1 kernel: [83788471.220676] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.186.91.175 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x20 TTL=57 ID=55868 PROTO=TCP SPT=16060 DPT=80 WINDOW=388 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T15:58:06.197Z"}
{"@timestamp":"2022-09-11T16:02:53.941Z","@version":"1","message":"Sep 11 16:02:53 honeypot-sgp-1 sshd[6313]: Received disconnect from 92.255.85.70 port 20182:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:03:25 honeypot-fra-1 sshd[32698]: Invalid user keiv from 165.22.45.108 port 54458","@timestamp":"2022-09-11T16:03:26.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:06:22 honeypot-fra-1 sshd[32700]: Disconnected from authenticating user root 92.255.85.70 port 35080 [preauth]","@timestamp":"2022-09-11T16:06:23.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:06:37 honeypot-ams-1 kernel: [83788982.741752] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33296 PROTO=TCP SPT=44723 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:06:37.421Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:11:26 honeypot-ams-1 kernel: [83789271.718345] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.50.161.249 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=46373 PROTO=TCP SPT=56203 DPT=80 WINDOW=10818 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:11:26.548Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:17:01 honeypot-ams-1 CRON[10589]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T16:17:01.698Z"}
{"@timestamp":"2022-09-11T16:17:58.319Z","@version":"1","message":"Sep 11 16:17:58 honeypot-sgp-1 kernel: [83789191.048509] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.19.141.122 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58998 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:18:42 honeypot-fra-1 kernel: [83787551.707043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=3768 PROTO=TCP SPT=50560 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:18:42.473Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T16:27:10.540Z","@version":"1","message":"Sep 11 16:27:10 honeypot-sgp-1 sshd[6329]: Disconnected from authenticating user root 92.255.85.70 port 37136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:29:07 honeypot-ams-1 kernel: [83790332.983719] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.100.76.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=9451 DF PROTO=TCP SPT=19350 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:29:08.019Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:29:25 honeypot-fra-1 sshd[32713]: Disconnected from authenticating user root 92.255.85.70 port 60092 [preauth]","@timestamp":"2022-09-11T16:29:26.727Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T16:34:42.718Z","@version":"1","message":"Sep 11 16:34:42 honeypot-sgp-1 sshd[6334]: Received disconnect from 187.216.90.114 port 56534:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:36:36 honeypot-fra-1 sshd[32716]: Received disconnect from 165.22.45.108 port 59448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T16:36:36.888Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T16:43:01.918Z","@version":"1","message":"Sep 11 16:43:01 honeypot-sgp-1 sshd[6339]: Invalid user ubnt from 187.216.90.114 port 57128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:46:00 honeypot-ams-1 kernel: [83791345.957579] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=60407 PROTO=TCP SPT=55891 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:46:01.487Z"}
{"@timestamp":"2022-09-11T16:50:13.088Z","@version":"1","message":"Sep 11 16:50:12 honeypot-sgp-1 sshd[6344]: Received disconnect from 92.255.85.70 port 16282:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 16:50:41 honeypot-ams-1 kernel: [83791626.482149] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.222 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44911 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T16:50:41.614Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 16:53:30 honeypot-fra-1 sshd[32722]: Disconnected from authenticating user root 92.255.85.70 port 63612 [preauth]","@timestamp":"2022-09-11T16:53:31.259Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 16:56:51 honeypot-ams-1 sshd[10606]: Disconnected from invalid user ftpuser 92.46.126.30 port 41694 [preauth]","@timestamp":"2022-09-11T16:56:51.778Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:00:19 honeypot-ams-1 kernel: [83792204.803501] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.111.173.150 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44173 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:00:19.875Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:01:42 honeypot-fra-1 sshd[32726]: Connection closed by 139.59.234.70 port 42678 [preauth]","@timestamp":"2022-09-11T17:01:42.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:41 honeypot-fra-1 sshd[32732]: Invalid user user from 141.255.162.226 port 39196","@timestamp":"2022-09-11T17:02:42.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:02:45 honeypot-fra-1 sshd[32736]: Invalid user user from 141.255.162.226 port 53274","@timestamp":"2022-09-11T17:02:46.471Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:03:57.411Z","@version":"1","message":"Sep 11 17:03:57 honeypot-sgp-1 sshd[6352]: Disconnected from authenticating user root 200.68.60.130 port 45348 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:04:09 honeypot-ams-1 sshd[10611]: Disconnected from 159.223.164.107 port 37390 [preauth]","@timestamp":"2022-09-11T17:04:09.977Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:06:15 honeypot-fra-1 sshd[32741]: Did not receive identification string from 45.61.186.169 port 54306","@timestamp":"2022-09-11T17:06:15.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:06:44 honeypot-fra-1 sshd[32744]: Disconnected from invalid user user 45.61.186.169 port 40906 [preauth]","@timestamp":"2022-09-11T17:06:45.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:02 honeypot-fra-1 sshd[32748]: Disconnected from invalid user user 45.61.186.169 port 35920 [preauth]","@timestamp":"2022-09-11T17:07:02.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:07:17 honeypot-fra-1 sshd[32752]: Disconnected from invalid user user 45.61.186.169 port 59180 [preauth]","@timestamp":"2022-09-11T17:07:18.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:09:30 honeypot-fra-1 sshd[32759]: Received disconnect from 202.83.17.205 port 60952:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:09:31.634Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:11:16 honeypot-fra-1 kernel: [83790706.424235] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.195 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=4705 PROTO=TCP SPT=20401 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:11:17.676Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T17:12:28.613Z","@version":"1","message":"Sep 11 17:12:27 honeypot-sgp-1 sshd[6359]: Disconnected from authenticating user root 200.68.60.130 port 45647 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:26.639Z","@version":"1","message":"Sep 11 17:13:25 honeypot-sgp-1 sshd[6364]: Received disconnect from 45.61.187.160 port 37572:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:13:45.649Z","@version":"1","message":"Sep 11 17:13:44 honeypot-sgp-1 sshd[6368]: Received disconnect from 45.61.187.160 port 60534:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:14:02.658Z","@version":"1","message":"Sep 11 17:14:01 honeypot-sgp-1 sshd[6372]: Received disconnect from 45.61.187.160 port 55256:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:14:11.662Z","@version":"1","message":"Sep 11 17:14:10 honeypot-sgp-1 sshd[6377]: Received disconnect from 92.255.85.69 port 15680:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:37 honeypot-ams-1 sshd[10619]: Invalid user user from 45.61.186.49 port 44608","@timestamp":"2022-09-11T17:14:37.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:14:47 honeypot-ams-1 sshd[10623]: Invalid user user from 45.61.186.49 port 56362","@timestamp":"2022-09-11T17:14:48.254Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:14:55 honeypot-fra-1 sshd[747]: Received disconnect from 35.219.62.194 port 44798:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:14:55.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:16:27 honeypot-ams-1 kernel: [83793172.573180] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.205.213.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52811 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:16:27.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:17:01 honeypot-fra-1 CRON[752]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-11T17:17:01.803Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:19:22.785Z","@version":"1","message":"Sep 11 17:19:22 honeypot-sgp-1 sshd[6383]: Disconnected from invalid user gc 165.227.84.172 port 47210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:25:40 honeypot-ams-1 kernel: [83793725.779225] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.112.42.212 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=52618 PROTO=TCP SPT=55633 DPT=443 WINDOW=41254 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:25:40.535Z"}
{"@timestamp":"2022-09-11T17:27:55.986Z","@version":"1","message":"Sep 11 17:27:55 honeypot-sgp-1 sshd[6388]: Connection closed by invalid user wry 137.116.144.39 port 57786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:30:47 honeypot-ams-1 sshd[10639]: Invalid user user from 45.61.187.160 port 35812","@timestamp":"2022-09-11T17:30:48.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:30:56 honeypot-fra-1 sshd[756]: Connection closed by invalid user admin 128.199.160.207 port 57010 [preauth]","@timestamp":"2022-09-11T17:30:57.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:30:59 honeypot-fra-1 sshd[762]: Connection closed by invalid user admin 128.199.160.207 port 57032 [preauth]","@timestamp":"2022-09-11T17:31:00.113Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:09 honeypot-ams-1 sshd[10643]: Invalid user user from 45.61.187.160 port 59208","@timestamp":"2022-09-11T17:31:10.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:31:29 honeypot-ams-1 sshd[10647]: Invalid user user from 45.61.187.160 port 54368","@timestamp":"2022-09-11T17:31:29.695Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:31:39 honeypot-ams-1 kernel: [83794084.918525] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=60647 PROTO=TCP SPT=4000 DPT=80 WINDOW=48929 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:31:39.702Z"}
{"@timestamp":"2022-09-11T17:37:57.221Z","@version":"1","message":"Sep 11 17:37:56 honeypot-sgp-1 sshd[6397]: Invalid user test2 from 92.255.85.69 port 51132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:38:21 honeypot-fra-1 sshd[765]: Disconnected from invalid user monitor 51.83.71.70 port 60804 [preauth]","@timestamp":"2022-09-11T17:38:22.277Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:40:28 honeypot-ams-1 sshd[10654]: Disconnected from authenticating user root 177.68.156.24 port 19581 [preauth]","@timestamp":"2022-09-11T17:40:28.927Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:42:45 honeypot-ams-1 kernel: [83794750.778898] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.96.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54026 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:42:45.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:43:13 honeypot-fra-1 sshd[772]: Invalid user ken from 165.22.45.108 port 41024","@timestamp":"2022-09-11T17:43:13.388Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 17:45:56 honeypot-ams-1 sshd[10663]: Disconnected from authenticating user root 147.182.247.29 port 41136 [preauth]","@timestamp":"2022-09-11T17:45:57.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:48:58 honeypot-fra-1 sshd[777]: Received disconnect from 157.245.9.6 port 48442:11: Bye Bye [preauth]","@timestamp":"2022-09-11T17:48:59.516Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:50:23.527Z","@version":"1","message":"Sep 11 17:50:22 honeypot-sgp-1 sshd[6402]: Invalid user admin from 178.128.125.205 port 31290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 17:51:06 honeypot-ams-1 kernel: [83795252.103124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.251.9.244 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x20 TTL=50 ID=22410 DF PROTO=TCP SPT=60218 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T17:51:07.208Z"}
{"@timestamp":"2022-09-11T17:51:52.563Z","@version":"1","message":"Sep 11 17:51:52 honeypot-sgp-1 sshd[6408]: Invalid user fedora from 210.245.111.33 port 55724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:53:28.604Z","@version":"1","message":"Sep 11 17:53:28 honeypot-sgp-1 sshd[6412]: Disconnected from invalid user oracle 147.182.188.81 port 58288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:31 honeypot-fra-1 sshd[785]: Invalid user user from 141.255.162.226 port 52570","@timestamp":"2022-09-11T17:55:31.665Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:33 honeypot-fra-1 sshd[789]: Invalid user user from 141.255.162.226 port 37572","@timestamp":"2022-09-11T17:55:34.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 17:55:37 honeypot-fra-1 sshd[793]: Invalid user user from 141.255.162.226 port 50816","@timestamp":"2022-09-11T17:55:37.669Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T17:57:48.710Z","@version":"1","message":"Sep 11 17:57:48 honeypot-sgp-1 sshd[6417]: Disconnected from invalid user Administrator 132.148.75.125 port 33370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T17:59:42.760Z","@version":"1","message":"Sep 11 17:59:42 honeypot-sgp-1 sshd[6424]: Disconnected from authenticating user root 132.148.75.125 port 45834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:00:00 honeypot-ams-1 sshd[10669]: Connection closed by 167.99.1.98 port 40036 [preauth]","@timestamp":"2022-09-11T18:00:01.440Z"}
{"@timestamp":"2022-09-11T18:01:01.795Z","@version":"1","message":"Sep 11 18:01:01 honeypot-sgp-1 sshd[6430]: Received disconnect from 132.148.75.125 port 47808:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:02:14.830Z","@version":"1","message":"Sep 11 18:02:14 honeypot-sgp-1 kernel: [83795447.036800] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=42134 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:02:24 honeypot-ams-1 sshd[10674]: Disconnected from invalid user chad 104.28.206.119 port 32121 [preauth]","@timestamp":"2022-09-11T18:02:25.503Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:02:58 honeypot-fra-1 sshd[796]: Received disconnect from 92.255.85.69 port 39944:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:02:58.835Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:03:42.898Z","@version":"1","message":"Sep 11 18:03:42 honeypot-sgp-1 sshd[6439]: Received disconnect from 132.148.75.125 port 59326:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:05:40.952Z","@version":"1","message":"Sep 11 18:05:40 honeypot-sgp-1 sshd[6445]: Received disconnect from 132.148.75.125 port 54024:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:06:37 honeypot-ams-1 sshd[10678]: Disconnected from invalid user test2 92.255.85.69 port 26888 [preauth]","@timestamp":"2022-09-11T18:06:38.612Z"}
{"@timestamp":"2022-09-11T18:07:42.004Z","@version":"1","message":"Sep 11 18:07:41 honeypot-sgp-1 sshd[6451]: Received disconnect from 132.148.75.125 port 49214:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:09:49.059Z","@version":"1","message":"Sep 11 18:09:48 honeypot-sgp-1 sshd[6458]: Received disconnect from 132.148.75.125 port 51396:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:10:04 honeypot-fra-1 kernel: [83794234.066693] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.174.103.86 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=52 ID=21060 DF PROTO=TCP SPT=48880 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:10:04.996Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:11:13 honeypot-ams-1 kernel: [83796459.285229] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.251.9.244 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=55221 DF PROTO=TCP SPT=60364 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:11:14.732Z"}
{"@timestamp":"2022-09-11T18:11:50.112Z","@version":"1","message":"Sep 11 18:11:49 honeypot-sgp-1 sshd[6464]: Received disconnect from 132.148.75.125 port 45242:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:13:09.165Z","@version":"1","message":"Sep 11 18:13:08 honeypot-sgp-1 sshd[6468]: Disconnected from authenticating user root 132.148.75.125 port 48568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:13:38 honeypot-fra-1 sshd[801]: Received disconnect from 103.9.36.69 port 57676:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:13:39.079Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:15:10.217Z","@version":"1","message":"Sep 11 18:15:09 honeypot-sgp-1 sshd[6475]: Disconnected from authenticating user root 132.148.75.125 port 42266 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:05.243Z","@version":"1","message":"Sep 11 18:16:04 honeypot-sgp-1 sshd[6480]: Received disconnect from 141.255.162.226 port 46648:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:10.246Z","@version":"1","message":"Sep 11 18:16:09 honeypot-sgp-1 sshd[6485]: Received disconnect from 141.255.162.226 port 38046:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:16:30.255Z","@version":"1","message":"Sep 11 18:16:29 honeypot-sgp-1 sshd[6490]: Connection closed by authenticating user root 103.188.176.251 port 58928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:17:01 honeypot-fra-1 CRON[806]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T18:17:02.156Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:17:11.272Z","@version":"1","message":"Sep 11 18:17:10 honeypot-sgp-1 sshd[6497]: Disconnected from authenticating user root 132.148.75.125 port 36448 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:17:31 honeypot-ams-1 sshd[10685]: Disconnected from authenticating user root 62.64.86.44 port 63536 [preauth]","@timestamp":"2022-09-11T18:17:31.898Z"}
{"@timestamp":"2022-09-11T18:19:13.325Z","@version":"1","message":"Sep 11 18:19:12 honeypot-sgp-1 sshd[6503]: Disconnected from authenticating user root 132.148.75.125 port 58582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:20:41 honeypot-ams-1 sshd[10690]: Invalid user batch from 103.253.175.10 port 41556","@timestamp":"2022-09-11T18:20:42.984Z"}
{"@timestamp":"2022-09-11T18:21:23.381Z","@version":"1","message":"Sep 11 18:21:22 honeypot-sgp-1 sshd[6510]: Received disconnect from 132.148.75.125 port 35514:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:22:20 honeypot-ams-1 kernel: [83797125.371687] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.214 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=52458 PROTO=TCP SPT=41177 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:22:21.027Z"}
{"@timestamp":"2022-09-11T18:23:28.435Z","@version":"1","message":"Sep 11 18:23:27 honeypot-sgp-1 sshd[6516]: Received disconnect from 132.148.75.125 port 34778:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:24:08.454Z","@version":"1","message":"Sep 11 18:24:08 honeypot-sgp-1 sshd[6520]: Disconnected from authenticating user root 132.148.75.125 port 50514 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:26:11.510Z","@version":"1","message":"Sep 11 18:26:11 honeypot-sgp-1 sshd[6528]: Received disconnect from 132.148.75.125 port 47300:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:28:16.564Z","@version":"1","message":"Sep 11 18:28:16 honeypot-sgp-1 sshd[6534]: Received disconnect from 132.148.75.125 port 48196:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:28:40 honeypot-fra-1 kernel: [83795350.185332] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34953 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:28:41.411Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 18:29:11 honeypot-ams-1 kernel: [83797536.840014] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33956 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T18:29:12.205Z"}
{"@timestamp":"2022-09-11T18:30:20.617Z","@version":"1","message":"Sep 11 18:30:19 honeypot-sgp-1 sshd[6540]: Received disconnect from 132.148.75.125 port 44838:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:32:25.670Z","@version":"1","message":"Sep 11 18:32:24 honeypot-sgp-1 sshd[6547]: Received disconnect from 132.148.75.125 port 44974:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:34:14.717Z","@version":"1","message":"Sep 11 18:34:14 honeypot-sgp-1 kernel: [83797367.255632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=168.205.133.39 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=18179 DF PROTO=TCP SPT=44752 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:34:47 honeypot-fra-1 sshd[824]: Invalid user temp from 211.45.162.52 port 51472","@timestamp":"2022-09-11T18:34:47.551Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T18:35:58.763Z","@version":"1","message":"Sep 11 18:35:57 honeypot-sgp-1 sshd[6557]: Received disconnect from 132.148.75.125 port 55618:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:38:00.816Z","@version":"1","message":"Sep 11 18:38:00 honeypot-sgp-1 sshd[6564]: Received disconnect from 132.148.75.125 port 49686:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:39:47 honeypot-ams-1 sshd[10704]: Received disconnect from 79.7.186.65 port 49008:11: Bye Bye [preauth]","@timestamp":"2022-09-11T18:39:47.476Z"}
{"@timestamp":"2022-09-11T18:40:06.870Z","@version":"1","message":"Sep 11 18:40:06 honeypot-sgp-1 sshd[6570]: Received disconnect from 132.148.75.125 port 48968:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:41:43.910Z","@version":"1","message":"Sep 11 18:41:43 honeypot-sgp-1 sshd[6577]: Received disconnect from 161.35.131.133 port 44014:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:42:51.940Z","@version":"1","message":"Sep 11 18:42:51 honeypot-sgp-1 sshd[6584]: Received disconnect from 132.148.75.125 port 37782:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:43:31 honeypot-fra-1 sshd[829]: Connection closed by 188.166.87.67 port 46104 [preauth]","@timestamp":"2022-09-11T18:43:32.749Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:43:34 honeypot-ams-1 sshd[10710]: Invalid user raymon from 167.71.142.220 port 54556","@timestamp":"2022-09-11T18:43:35.574Z"}
{"@timestamp":"2022-09-11T18:44:16.975Z","@version":"1","message":"Sep 11 18:44:16 honeypot-sgp-1 sshd[6588]: Disconnected from authenticating user root 132.148.75.125 port 48354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:45:41 honeypot-ams-1 sshd[10712]: Disconnected from invalid user xh 143.110.177.216 port 47664 [preauth]","@timestamp":"2022-09-11T18:45:42.630Z"}
{"@timestamp":"2022-09-11T18:46:26.030Z","@version":"1","message":"Sep 11 18:46:25 honeypot-sgp-1 sshd[6594]: Disconnected from authenticating user root 132.148.75.125 port 51692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T18:47:49.066Z","@version":"1","message":"Sep 11 18:47:48 honeypot-sgp-1 sshd[6601]: Disconnected from authenticating user root 132.148.75.125 port 59376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:48:50 honeypot-ams-1 sshd[10717]: Disconnected from invalid user student 94.153.212.68 port 45224 [preauth]","@timestamp":"2022-09-11T18:48:50.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:49:33 honeypot-fra-1 sshd[837]: Invalid user kenneth.heslop from 165.22.45.108 port 50616","@timestamp":"2022-09-11T18:49:33.882Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:26 honeypot-ams-1 sshd[10720]: Received disconnect from 45.61.184.204 port 57132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T18:51:26.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:51:48 honeypot-ams-1 sshd[10724]: Received disconnect from 45.61.184.204 port 52682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T18:51:48.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:07 honeypot-ams-1 sshd[10728]: Received disconnect from 45.61.184.204 port 48260:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T18:52:08.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:52:26 honeypot-ams-1 sshd[10733]: Received disconnect from 45.61.184.204 port 43800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T18:52:26.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 18:53:40 honeypot-fra-1 sshd[843]: Invalid user wry from 137.116.144.39 port 55442","@timestamp":"2022-09-11T18:53:40.973Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 18:59:06 honeypot-ams-1 sshd[10739]: Invalid user django from 39.118.192.135 port 52310","@timestamp":"2022-09-11T18:59:06.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:09 honeypot-fra-1 sshd[848]: Did not receive identification string from 45.61.184.204 port 45672","@timestamp":"2022-09-11T19:00:10.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:36 honeypot-fra-1 sshd[851]: Disconnected from invalid user user 45.61.184.204 port 58002 [preauth]","@timestamp":"2022-09-11T19:00:37.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:00:57 honeypot-fra-1 sshd[855]: Disconnected from invalid user user 45.61.184.204 port 54354 [preauth]","@timestamp":"2022-09-11T19:00:58.143Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:01:18 honeypot-fra-1 sshd[861]: Disconnected from invalid user user 45.61.184.204 port 50700 [preauth]","@timestamp":"2022-09-11T19:01:19.153Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:03:11 honeypot-ams-1 sshd[10743]: Disconnected from 204.48.30.72 port 57556 [preauth]","@timestamp":"2022-09-11T19:03:12.097Z"}
{"@timestamp":"2022-09-11T19:04:38.465Z","@version":"1","message":"Sep 11 19:04:37 honeypot-sgp-1 kernel: [83799190.455311] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=14.56.74.230 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=7879 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:40.516Z","@version":"1","message":"Sep 11 19:06:40 honeypot-sgp-1 sshd[6613]: Invalid user user from 141.255.162.226 port 47302","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:42.517Z","@version":"1","message":"Sep 11 19:06:41 honeypot-sgp-1 sshd[6617]: Invalid user user from 141.255.162.226 port 44582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:06:45.519Z","@version":"1","message":"Sep 11 19:06:44 honeypot-sgp-1 sshd[6619]: Invalid user user from 141.255.162.226 port 50966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:08:44.568Z","@version":"1","message":"Sep 11 19:08:44 honeypot-sgp-1 sshd[6622]: Disconnected from invalid user download 188.166.19.128 port 39004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:08:45 honeypot-ams-1 sshd[10749]: Received disconnect from 45.61.186.249 port 40144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T19:08:46.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:00 honeypot-ams-1 sshd[10754]: error: maximum authentication attempts exceeded for invalid user admin from 222.228.6.98 port 34666 ssh2 [preauth]","@timestamp":"2022-09-11T19:09:00.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:12 honeypot-ams-1 sshd[10759]: Invalid user user from 45.61.186.249 port 46280","@timestamp":"2022-09-11T19:09:12.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:09:28 honeypot-ams-1 sshd[10763]: Invalid user user from 45.61.186.249 port 40948","@timestamp":"2022-09-11T19:09:29.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:12:40 honeypot-ams-1 sshd[10767]: Disconnected from authenticating user root 164.92.179.150 port 51470 [preauth]","@timestamp":"2022-09-11T19:12:40.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:13:00 honeypot-fra-1 kernel: [83798009.326432] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.59.136.126 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=24750 DF PROTO=TCP SPT=53358 DPT=5432 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:13:00.408Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:16:20 honeypot-fra-1 sshd[869]: Disconnected from invalid user server 221.156.126.1 port 51114 [preauth]","@timestamp":"2022-09-11T19:16:20.498Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:17:02.765Z","@version":"1","message":"Sep 11 19:17:01 honeypot-sgp-1 CRON[6627]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:19:40.838Z","@version":"1","message":"Sep 11 19:19:40 honeypot-sgp-1 sshd[6633]: Invalid user km from 170.210.46.4 port 47952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:19:42 honeypot-fra-1 sshd[878]: Invalid user admin from 220.86.33.251 port 52495","@timestamp":"2022-09-11T19:19:42.573Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:19:53.845Z","@version":"1","message":"Sep 11 19:19:53 honeypot-sgp-1 sshd[6637]: Invalid user user from 198.98.61.9 port 58986","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:11.854Z","@version":"1","message":"Sep 11 19:20:11 honeypot-sgp-1 sshd[6641]: Invalid user user from 198.98.61.9 port 53870","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:20:28.861Z","@version":"1","message":"Sep 11 19:20:28 honeypot-sgp-1 sshd[6645]: Invalid user user from 198.98.61.9 port 48754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:23:35 honeypot-ams-1 sshd[10777]: Received disconnect from 85.18.236.229 port 55282:11: Bye Bye [preauth]","@timestamp":"2022-09-11T19:23:36.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:40 honeypot-fra-1 sshd[884]: Invalid user user from 198.98.61.9 port 39014","@timestamp":"2022-09-11T19:24:40.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:24:51 honeypot-fra-1 kernel: [83798720.970588] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.156 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=62104 PROTO=TCP SPT=42663 DPT=389 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:24:52.693Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:06 honeypot-fra-1 sshd[890]: Disconnected from invalid user user 198.98.61.9 port 45800 [preauth]","@timestamp":"2022-09-11T19:25:06.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:25:21 honeypot-fra-1 sshd[894]: Disconnected from invalid user user 198.98.61.9 port 40900 [preauth]","@timestamp":"2022-09-11T19:25:21.708Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:28:08 honeypot-ams-1 kernel: [83801073.713457] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.124.71.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=28546 PROTO=TCP SPT=62774 DPT=80 WINDOW=48503 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:28:08.753Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:33:02 honeypot-ams-1 kernel: [83801367.591642] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=63854 DF PROTO=TCP SPT=55941 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T19:33:02.888Z"}
{"@timestamp":"2022-09-11T19:34:51.200Z","@version":"1","message":"Sep 11 19:34:50 honeypot-sgp-1 sshd[6651]: Received disconnect from 92.255.85.69 port 42126:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:16.259Z","@version":"1","message":"Sep 11 19:37:16 honeypot-sgp-1 sshd[6656]: Invalid user user from 198.98.61.9 port 35862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:37:23 honeypot-fra-1 sshd[899]: Disconnected from authenticating user root 92.255.85.70 port 63182 [preauth]","@timestamp":"2022-09-11T19:37:23.978Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:37:36.269Z","@version":"1","message":"Sep 11 19:37:35 honeypot-sgp-1 sshd[6660]: Invalid user user from 198.98.61.9 port 59470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T19:37:56.280Z","@version":"1","message":"Sep 11 19:37:55 honeypot-sgp-1 sshd[6664]: Invalid user user from 198.98.61.9 port 54846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:42:02 honeypot-ams-1 sshd[10790]: Connection closed by invalid user test 193.106.191.157 port 46882 [preauth]","@timestamp":"2022-09-11T19:42:03.126Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:45:18 honeypot-fra-1 kernel: [83799947.904220] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.248.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64194 PROTO=TCP SPT=12575 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:45:19.157Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T19:46:25.476Z","@version":"1","message":"Sep 11 19:46:24 honeypot-sgp-1 kernel: [83801697.238948] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=117.253.252.202 DST=159.89.202.188 LEN=40 TOS=0x18 PREC=0xA0 TTL=245 ID=12777 DF PROTO=TCP SPT=55939 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:48:30 honeypot-ams-1 kernel: [83802296.115743] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.191.206.21 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=28424 PROTO=TCP SPT=47579 DPT=80 WINDOW=24859 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:48:31.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:08 honeypot-ams-1 sshd[10798]: Disconnected from invalid user user 45.61.187.160 port 59282 [preauth]","@timestamp":"2022-09-11T19:49:09.315Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:25 honeypot-ams-1 sshd[10802]: Disconnected from invalid user user 45.61.187.160 port 53744 [preauth]","@timestamp":"2022-09-11T19:49:26.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 19:49:43 honeypot-ams-1 sshd[10806]: Disconnected from invalid user user 45.61.187.160 port 48214 [preauth]","@timestamp":"2022-09-11T19:49:44.335Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 19:52:41 honeypot-ams-1 kernel: [83802546.300477] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.205.213.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37806 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T19:52:41.413Z"}
{"@timestamp":"2022-09-11T19:54:46.665Z","@version":"1","message":"Sep 11 19:54:46 honeypot-sgp-1 sshd[6673]: Disconnected from invalid user fu 188.173.136.132 port 58909 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[923]: Invalid user admin from 34.71.244.4 port 56178","@timestamp":"2022-09-11T19:56:27.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[937]: Invalid user chia from 34.71.244.4 port 56362","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[910]: Invalid user devops from 34.71.244.4 port 56206","@timestamp":"2022-09-11T19:56:28.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[923]: Connection closed by invalid user admin 34.71.244.4 port 56178 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[924]: Connection closed by authenticating user root 34.71.244.4 port 56188 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[931]: Connection closed by invalid user ansible 34.71.244.4 port 56280 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[915]: Connection closed by invalid user admin 34.71.244.4 port 56456 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 19:56:27 honeypot-fra-1 sshd[918]: Connection closed by invalid user momo 34.71.244.4 port 56372 [preauth]","@timestamp":"2022-09-11T19:56:28.404Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T19:57:57.743Z","@version":"1","message":"Sep 11 19:57:57 honeypot-sgp-1 sshd[6677]: Received disconnect from 92.255.85.70 port 45602:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:00:45 honeypot-fra-1 sshd[968]: Received disconnect from 92.255.85.70 port 41210:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:00:46.500Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:05:20 honeypot-ams-1 sshd[10817]: Received disconnect from 106.51.48.117 port 53267:11: Bye Bye [preauth]","@timestamp":"2022-09-11T20:05:20.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:08:18 honeypot-ams-1 sshd[10822]: Connection closed by invalid user admin 148.153.82.133 port 53438 [preauth]","@timestamp":"2022-09-11T20:08:18.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:17:01 honeypot-fra-1 CRON[983]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T20:17:01.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:17:01 honeypot-ams-1 CRON[10829]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T20:17:02.040Z"}
{"@timestamp":"2022-09-11T20:19:53.255Z","@version":"1","message":"Sep 11 20:19:52 honeypot-sgp-1 kernel: [83803704.785530] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.69.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=40695 DF PROTO=TCP SPT=52496 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:23:00 honeypot-fra-1 kernel: [83802209.430764] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.205.213.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=35910 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:23:00.992Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:23:26 honeypot-ams-1 sshd[10837]: Connection closed by authenticating user root 103.188.176.251 port 49736 [preauth]","@timestamp":"2022-09-11T20:23:27.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:30:25 honeypot-ams-1 sshd[10842]: Disconnected from invalid user zoq 107.173.209.238 port 54652 [preauth]","@timestamp":"2022-09-11T20:30:26.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:30:47 honeypot-fra-1 sshd[992]: Invalid user Kepler from 165.22.45.108 port 36838","@timestamp":"2022-09-11T20:30:48.187Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T20:34:06.587Z","@version":"1","message":"Sep 11 20:34:06 honeypot-sgp-1 kernel: [83804558.657494] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.69.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=43369 DF PROTO=TCP SPT=47176 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:37:36 honeypot-fra-1 kernel: [83803086.017035] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=52567 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:37:37.337Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T20:40:10.728Z","@version":"1","message":"Sep 11 20:40:10 honeypot-sgp-1 sshd[6696]: Disconnected from authenticating user root 178.128.83.25 port 45098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 20:43:50 honeypot-ams-1 kernel: [83805615.838481] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=47323 PROTO=TCP SPT=48467 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T20:43:50.749Z"}
{"@timestamp":"2022-09-11T20:44:40.833Z","@version":"1","message":"Sep 11 20:44:40 honeypot-sgp-1 sshd[6701]: Disconnected from authenticating user root 92.255.85.70 port 39514 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:47:33 honeypot-fra-1 sshd[1005]: Disconnected from authenticating user root 92.255.85.69 port 29350 [preauth]","@timestamp":"2022-09-11T20:47:33.558Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:53:44 honeypot-fra-1 sshd[1011]: Disconnected from invalid user user 45.61.184.204 port 48126 [preauth]","@timestamp":"2022-09-11T20:53:45.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:06 honeypot-fra-1 sshd[1015]: Disconnected from invalid user user 45.61.184.204 port 43756 [preauth]","@timestamp":"2022-09-11T20:54:06.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:27 honeypot-fra-1 sshd[1019]: Disconnected from invalid user user 45.61.184.204 port 39406 [preauth]","@timestamp":"2022-09-11T20:54:27.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 20:54:46 honeypot-fra-1 sshd[1023]: Disconnected from invalid user user 45.61.184.204 port 35030 [preauth]","@timestamp":"2022-09-11T20:54:46.726Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 20:58:59 honeypot-ams-1 sshd[10854]: Received disconnect from 218.92.0.204 port 23148:11:  [preauth]","@timestamp":"2022-09-11T20:59:00.140Z"}
{"@timestamp":"2022-09-11T20:59:49.184Z","@version":"1","message":"Sep 11 20:59:48 honeypot-sgp-1 kernel: [83806101.385874] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6728 DF PROTO=TCP SPT=43312 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:06:03 honeypot-ams-1 kernel: [83806948.882198] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.6.108.207 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=19528 PROTO=TCP SPT=50196 DPT=443 WINDOW=47716 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:06:04.327Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:07:00 honeypot-fra-1 sshd[1027]: Disconnected from invalid user kermit 165.22.45.108 port 41676 [preauth]","@timestamp":"2022-09-11T21:07:00.998Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:08:13.376Z","@version":"1","message":"Sep 11 21:08:12 honeypot-sgp-1 sshd[6712]: Disconnected from authenticating user root 92.255.85.69 port 55140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:13:43.507Z","@version":"1","message":"Sep 11 21:13:42 honeypot-sgp-1 kernel: [83806935.120221] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.146.42.199 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=8250 DF PROTO=TCP SPT=10281 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:14:54 honeypot-ams-1 sshd[10860]: Connection closed by invalid user pi 189.180.95.203 port 38786 [preauth]","@timestamp":"2022-09-11T21:14:54.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:16:11 honeypot-fra-1 sshd[1032]: Disconnected from invalid user odoo2 111.95.141.34 port 41184 [preauth]","@timestamp":"2022-09-11T21:16:12.203Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 21:21:36 honeypot-ams-1 kernel: [83807881.689253] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.239.218.180 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=44527 DF PROTO=TCP SPT=60406 DPT=5432 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:21:36.728Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:24:11 honeypot-fra-1 kernel: [83805880.136640] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.42.201 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=1156 DF PROTO=TCP SPT=5557 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T21:24:11.379Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T21:25:59.785Z","@version":"1","message":"Sep 11 21:25:59 honeypot-sgp-1 sshd[6722]: Received disconnect from 45.61.186.49 port 43318:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:26:09.790Z","@version":"1","message":"Sep 11 21:26:09 honeypot-sgp-1 sshd[6726]: Received disconnect from 45.61.186.49 port 55208:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:28:58.855Z","@version":"1","message":"Sep 11 21:28:58 honeypot-sgp-1 sshd[6731]: Invalid user user from 45.61.186.249 port 35076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:16.864Z","@version":"1","message":"Sep 11 21:29:16 honeypot-sgp-1 sshd[6735]: Invalid user user from 45.61.186.249 port 57564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:26.868Z","@version":"1","message":"Sep 11 21:29:26 honeypot-sgp-1 sshd[6738]: Disconnected from invalid user user 45.61.186.249 port 40602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:43.876Z","@version":"1","message":"Sep 11 21:29:43 honeypot-sgp-1 sshd[6742]: Disconnected from invalid user user 45.61.186.49 port 49692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:49.879Z","@version":"1","message":"Sep 11 21:29:49 honeypot-sgp-1 sshd[6746]: Disconnected from invalid user user 45.61.186.49 port 55530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T21:29:55.882Z","@version":"1","message":"Sep 11 21:29:55 honeypot-sgp-1 sshd[6750]: Disconnected from invalid user user 45.61.186.49 port 33126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1057]: Invalid user admin from 13.229.182.132 port 24032","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1069]: Invalid user grid from 13.229.182.132 port 24048","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1051]: Invalid user testuser from 13.229.182.132 port 24100","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1062]: Connection closed by invalid user steam 13.229.182.132 port 24290 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1058]: Connection closed by authenticating user root 13.229.182.132 port 24178 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1064]: Connection closed by invalid user admin 13.229.182.132 port 24366 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1061]: Connection closed by invalid user test 13.229.182.132 port 24256 [preauth]","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:31:16 honeypot-fra-1 sshd[1077]: Invalid user ubuntu from 13.229.182.132 port 24218","@timestamp":"2022-09-11T21:31:16.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:34:27 honeypot-fra-1 sshd[1106]: Received disconnect from 92.255.85.69 port 50426:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:34:28.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:36:51 honeypot-ams-1 sshd[10873]: Received disconnect from 92.255.85.69 port 24942:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:36:52.138Z"}
{"@timestamp":"2022-09-11T21:38:10.069Z","@version":"1","message":"Sep 11 21:38:09 honeypot-sgp-1 kernel: [83808402.366391] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49558 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:45:10 honeypot-fra-1 sshd[1111]: Invalid user mythtv from 211.125.67.35 port 35554","@timestamp":"2022-09-11T21:45:11.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:51:39 honeypot-fra-1 sshd[1114]: Invalid user jiu from 138.68.178.64 port 35230","@timestamp":"2022-09-11T21:51:40.007Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:04 honeypot-ams-1 sshd[10882]: Invalid user user from 141.255.162.226 port 58132","@timestamp":"2022-09-11T21:55:04.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:08 honeypot-ams-1 sshd[10886]: Invalid user user from 141.255.162.226 port 33318","@timestamp":"2022-09-11T21:55:08.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:55:09 honeypot-ams-1 sshd[10890]: Invalid user user from 141.255.162.226 port 39648","@timestamp":"2022-09-11T21:55:10.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 21:56:02 honeypot-ams-1 sshd[10894]: Received disconnect from 211.22.236.44 port 35705:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:56:03.635Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 21:57:37 honeypot-fra-1 sshd[1120]: Received disconnect from 92.255.85.70 port 62802:11: Bye Bye [preauth]","@timestamp":"2022-09-11T21:57:38.140Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T21:59:43.560Z","@version":"1","message":"Sep 11 21:59:42 honeypot-sgp-1 sshd[6764]: Invalid user admin from 121.171.55.115 port 45310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:00:45 honeypot-ams-1 sshd[10899]: Disconnected from authenticating user root 92.255.85.69 port 60710 [preauth]","@timestamp":"2022-09-11T22:00:46.760Z"}
{"@timestamp":"2022-09-11T22:07:08.732Z","@version":"1","message":"Sep 11 22:07:08 honeypot-sgp-1 kernel: [83810140.743152] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=56298 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:07 honeypot-fra-1 sshd[1130]: Invalid user user from 45.61.186.49 port 48340","@timestamp":"2022-09-11T22:08:08.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:08:18 honeypot-fra-1 sshd[1134]: Invalid user user from 45.61.186.49 port 60256","@timestamp":"2022-09-11T22:08:19.378Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:11:45 honeypot-ams-1 kernel: [83810890.561821] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=14630 PROTO=TCP SPT=5270 DPT=80 WINDOW=9836 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T22:11:46.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:16:27 honeypot-ams-1 sshd[10909]: Received disconnect from 178.176.224.148 port 59510:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:16:28.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:17:01 honeypot-fra-1 CRON[1137]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T22:17:02.572Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:18:12.982Z","@version":"1","message":"Sep 11 22:18:12 honeypot-sgp-1 sshd[6774]: Received disconnect from 92.255.85.69 port 37796:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:18:59 honeypot-ams-1 sshd[10914]: Received disconnect from 128.199.177.224 port 52872:11: Bye Bye [preauth]","@timestamp":"2022-09-11T22:19:00.260Z"}
{"@timestamp":"2022-09-11T22:19:53.024Z","@version":"1","message":"Sep 11 22:19:52 honeypot-sgp-1 sshd[6778]: Connection closed by invalid user admin 183.107.114.23 port 35831 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:21:18 honeypot-fra-1 sshd[1144]: Disconnected from authenticating user root 92.255.85.69 port 40452 [preauth]","@timestamp":"2022-09-11T22:21:18.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:28:47 honeypot-ams-1 sshd[10920]: Connection closed by 125.111.41.253 port 40343 [preauth]","@timestamp":"2022-09-11T22:28:48.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:32:19 honeypot-ams-1 sshd[10925]: Disconnected from authenticating user root 80.76.51.46 port 53230 [preauth]","@timestamp":"2022-09-11T22:32:20.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:33:04 honeypot-ams-1 sshd[10931]: Disconnected from authenticating user root 80.76.51.46 port 47206 [preauth]","@timestamp":"2022-09-11T22:33:04.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:33:32 honeypot-ams-1 sshd[10935]: Disconnected from authenticating user root 80.76.51.46 port 43272 [preauth]","@timestamp":"2022-09-11T22:33:33.640Z"}
{"@timestamp":"2022-09-11T22:33:38.340Z","@version":"1","message":"Sep 11 22:33:37 honeypot-sgp-1 sshd[6784]: Disconnected from invalid user winter 206.189.145.18 port 51176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:33:54.348Z","@version":"1","message":"Sep 11 22:33:53 honeypot-sgp-1 sshd[6788]: Disconnected from invalid user user 198.98.61.9 port 37638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T22:34:10.355Z","@version":"1","message":"Sep 11 22:34:10 honeypot-sgp-1 sshd[6792]: Disconnected from invalid user user 198.98.61.9 port 60422 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:15 honeypot-ams-1 sshd[10942]: Received disconnect from 80.76.51.46 port 37218:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:34:15.661Z"}
{"@timestamp":"2022-09-11T22:34:30.365Z","@version":"1","message":"Sep 11 22:34:29 honeypot-sgp-1 sshd[6797]: Disconnected from invalid user user 198.98.61.9 port 55002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:43 honeypot-fra-1 sshd[1153]: Disconnected from invalid user user 141.255.162.226 port 34412 [preauth]","@timestamp":"2022-09-11T22:34:43.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:34:44 honeypot-ams-1 sshd[10946]: Disconnected from invalid user test 80.76.51.46 port 33210 [preauth]","@timestamp":"2022-09-11T22:34:44.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:47 honeypot-fra-1 sshd[1157]: Disconnected from invalid user user 141.255.162.226 port 47634 [preauth]","@timestamp":"2022-09-11T22:34:47.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:50 honeypot-fra-1 sshd[1161]: Disconnected from invalid user user 141.255.162.226 port 60860 [preauth]","@timestamp":"2022-09-11T22:34:50.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:34:51 honeypot-fra-1 sshd[1165]: Disconnected from invalid user user 141.255.162.226 port 39238 [preauth]","@timestamp":"2022-09-11T22:34:51.967Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:13 honeypot-ams-1 sshd[10950]: Disconnected from invalid user testuser 80.76.51.46 port 57406 [preauth]","@timestamp":"2022-09-11T22:35:13.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:35:41 honeypot-ams-1 sshd[10954]: Disconnected from invalid user ubuntu 80.76.51.46 port 53408 [preauth]","@timestamp":"2022-09-11T22:35:42.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:10 honeypot-ams-1 sshd[10958]: Disconnected from invalid user ubuntu 80.76.51.46 port 49448 [preauth]","@timestamp":"2022-09-11T22:36:11.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:36:54 honeypot-ams-1 sshd[10964]: Invalid user oracle from 80.76.51.46 port 43412","@timestamp":"2022-09-11T22:36:54.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:23 honeypot-ams-1 sshd[10968]: Received disconnect from 80.76.51.46 port 39472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-11T22:37:23.761Z"}
{"@timestamp":"2022-09-11T22:37:27.437Z","@version":"1","message":"Sep 11 22:37:26 honeypot-sgp-1 sshd[6805]: Invalid user ratequote from 118.27.107.120 port 56650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:37:52 honeypot-ams-1 sshd[10972]: Disconnected from invalid user odoo 80.76.51.46 port 35372 [preauth]","@timestamp":"2022-09-11T22:37:52.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:44:52 honeypot-fra-1 sshd[1171]: Disconnected from authenticating user root 92.255.85.69 port 21700 [preauth]","@timestamp":"2022-09-11T22:44:53.191Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 22:46:24 honeypot-ams-1 sshd[10979]: Invalid user support from 136.185.7.173 port 39652","@timestamp":"2022-09-11T22:46:24.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1184]: Invalid user test from 147.135.252.17 port 49692","@timestamp":"2022-09-11T22:46:45.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1177]: Connection closed by authenticating user root 147.135.252.17 port 49706 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1181]: Invalid user test from 147.135.252.17 port 49710","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1186]: Connection closed by authenticating user root 147.135.252.17 port 49736 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1191]: Connection closed by authenticating user root 147.135.252.17 port 49760 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1193]: Invalid user testuser from 147.135.252.17 port 49672","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1200]: Invalid user ubuntu from 147.135.252.17 port 49728","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:44 honeypot-fra-1 sshd[1199]: Connection closed by invalid user ansible 147.135.252.17 port 49734 [preauth]","@timestamp":"2022-09-11T22:46:45.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:46:54 honeypot-fra-1 sshd[1230]: Disconnected from authenticating user root 103.9.159.153 port 38926 [preauth]","@timestamp":"2022-09-11T22:46:55.238Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:47:06.660Z","@version":"1","message":"Sep 11 22:47:06 honeypot-sgp-1 sshd[6883]: Connection closed by invalid user support 197.211.115.66 port 49067 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:47:15 honeypot-ams-1 kernel: [83813020.999881] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=52094 DF PROTO=TCP SPT=61260 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T22:47:16.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 22:52:52 honeypot-fra-1 sshd[1235]: Disconnected from invalid user kevin 165.22.45.108 port 57062 [preauth]","@timestamp":"2022-09-11T22:52:53.370Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T22:55:59.868Z","@version":"1","message":"Sep 11 22:55:59 honeypot-sgp-1 kernel: [83813071.458102] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51226 PROTO=TCP SPT=16302 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 22:58:41 honeypot-ams-1 kernel: [83813706.664037] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=6027 DF PROTO=TCP SPT=53751 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T22:58:42.323Z"}
{"@timestamp":"2022-09-11T23:00:07.967Z","@version":"1","message":"Sep 11 23:00:07 honeypot-sgp-1 kernel: [83813320.016250] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=27577 DF PROTO=TCP SPT=52032 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:03:06 honeypot-fra-1 sshd[1240]: Received disconnect from 181.49.254.238 port 42686:11: Bye Bye [preauth]","@timestamp":"2022-09-11T23:03:06.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:03:17.043Z","@version":"1","message":"Sep 11 23:03:16 honeypot-sgp-1 sshd[6898]: Disconnected from authenticating user root 36.93.142.202 port 40380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:05:47.108Z","@version":"1","message":"Sep 11 23:05:46 honeypot-sgp-1 sshd[6920]: Received disconnect from 202.158.139.57 port 33784:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:10:33 honeypot-ams-1 kernel: [83814418.782373] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=30733 PROTO=TCP SPT=41379 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:10:33.711Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:17:01 honeypot-fra-1 CRON[1249]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-11T23:17:01.903Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:17:02.388Z","@version":"1","message":"Sep 11 23:17:01 honeypot-sgp-1 CRON[6927]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:17:32.403Z","@version":"1","message":"Sep 11 23:17:32 honeypot-sgp-1 sshd[6942]: Disconnecting invalid user cameras 185.246.130.20 port 34849: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:18:12.422Z","@version":"1","message":"Sep 11 23:18:12 honeypot-sgp-1 sshd[6949]: Disconnecting invalid user  185.246.130.20 port 9617: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:18:26 honeypot-fra-1 sshd[1254]: Disconnected from authenticating user root 157.230.38.31 port 49906 [preauth]","@timestamp":"2022-09-11T23:18:26.936Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:18:41.434Z","@version":"1","message":"Sep 11 23:18:41 honeypot-sgp-1 sshd[6955]: Disconnecting invalid user admin 185.246.130.20 port 12105: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:14.449Z","@version":"1","message":"Sep 11 23:19:13 honeypot-sgp-1 sshd[6964]: Invalid user 1234 from 185.246.130.20 port 17211","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:19:40.461Z","@version":"1","message":"Sep 11 23:19:40 honeypot-sgp-1 sshd[6971]: Invalid user  from 185.246.130.20 port 24582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:12.476Z","@version":"1","message":"Sep 11 23:20:12 honeypot-sgp-1 sshd[6977]: Disconnecting invalid user Admin 185.246.130.20 port 57686: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:20:44.490Z","@version":"1","message":"Sep 11 23:20:44 honeypot-sgp-1 sshd[6983]: Disconnecting invalid user guest 185.246.130.20 port 50092: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:14.504Z","@version":"1","message":"Sep 11 23:21:14 honeypot-sgp-1 sshd[6991]: Invalid user Cisco from 185.246.130.20 port 32068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:21:32.513Z","@version":"1","message":"Sep 11 23:21:31 honeypot-sgp-1 sshd[6997]: Invalid user 1234 from 185.246.130.20 port 1646","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:00.525Z","@version":"1","message":"Sep 11 23:21:59 honeypot-sgp-1 sshd[7003]: Disconnecting invalid user  185.246.130.20 port 32464: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:21.536Z","@version":"1","message":"Sep 11 23:22:21 honeypot-sgp-1 sshd[7010]: Invalid user ubuntu from 103.188.176.251 port 38618","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:22:54.551Z","@version":"1","message":"Sep 11 23:22:53 honeypot-sgp-1 sshd[7016]: Invalid user zhone from 185.246.130.20 port 11147","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:11 honeypot-ams-1 sshd[10996]: Did not receive identification string from 85.31.46.45 port 43362","@timestamp":"2022-09-11T23:23:12.066Z"}
{"@timestamp":"2022-09-11T23:23:21.564Z","@version":"1","message":"Sep 11 23:23:20 honeypot-sgp-1 sshd[7022]: Disconnecting invalid user default 185.246.130.20 port 58805: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:23:43.575Z","@version":"1","message":"Sep 11 23:23:43 honeypot-sgp-1 sshd[7028]: Disconnecting invalid user Administrator 185.246.130.20 port 7388: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:23:53 honeypot-ams-1 sshd[11001]: Invalid user test from 85.31.46.45 port 35726","@timestamp":"2022-09-11T23:23:54.088Z"}
{"@timestamp":"2022-09-11T23:24:06.587Z","@version":"1","message":"Sep 11 23:24:06 honeypot-sgp-1 sshd[7035]: Disconnecting invalid user admin 185.246.130.20 port 7452: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:24:35.600Z","@version":"1","message":"Sep 11 23:24:35 honeypot-sgp-1 sshd[7042]: Disconnecting invalid user comcast 185.246.130.20 port 30098: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:15.619Z","@version":"1","message":"Sep 11 23:25:15 honeypot-sgp-1 sshd[7048]: Disconnecting invalid user admin1234 185.246.130.20 port 51520: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:25:51.636Z","@version":"1","message":"Sep 11 23:25:51 honeypot-sgp-1 sshd[7054]: Disconnecting invalid user admin 185.246.130.20 port 48322: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:17.648Z","@version":"1","message":"Sep 11 23:26:17 honeypot-sgp-1 sshd[7060]: Disconnecting invalid user blank 185.246.130.20 port 42539: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:26:49.665Z","@version":"1","message":"Sep 11 23:26:49 honeypot-sgp-1 sshd[7068]: Invalid user 0 from 185.246.130.20 port 55856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:27:22.680Z","@version":"1","message":"Sep 11 23:27:22 honeypot-sgp-1 sshd[7074]: Invalid user admin from 185.246.130.20 port 46448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:27:51 honeypot-fra-1 sshd[1257]: Disconnected from invalid user kevin 165.22.45.108 port 34148 [preauth]","@timestamp":"2022-09-11T23:27:51.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:27:51.694Z","@version":"1","message":"Sep 11 23:27:51 honeypot-sgp-1 sshd[7089]: Invalid user Broadcom from 185.246.130.20 port 33829","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:25.710Z","@version":"1","message":"Sep 11 23:28:25 honeypot-sgp-1 sshd[7095]: Invalid user cusadmin from 185.246.130.20 port 42021","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:28:36.716Z","@version":"1","message":"Sep 11 23:28:35 honeypot-sgp-1 sshd[7099]: Disconnecting invalid user highspeed 185.246.130.20 port 56740: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:04.729Z","@version":"1","message":"Sep 11 23:29:03 honeypot-sgp-1 sshd[7105]: Disconnecting invalid user  185.246.130.20 port 64011: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:29:34.744Z","@version":"1","message":"Sep 11 23:29:33 honeypot-sgp-1 sshd[7111]: Disconnecting invalid user public 185.246.130.20 port 46901: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:08.760Z","@version":"1","message":"Sep 11 23:30:08 honeypot-sgp-1 sshd[7120]: Invalid user 123456 from 185.246.130.20 port 4590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:38.775Z","@version":"1","message":"Sep 11 23:30:38 honeypot-sgp-1 sshd[7126]: Invalid user readwrite from 185.246.130.20 port 9055","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:30:56.783Z","@version":"1","message":"Sep 11 23:30:56 honeypot-sgp-1 sshd[7130]: Invalid user admin from 185.246.130.20 port 19506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:31:32.800Z","@version":"1","message":"Sep 11 23:31:32 honeypot-sgp-1 sshd[7134]: Disconnecting invalid user 0 185.246.130.20 port 46315: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-11T23:31:59.813Z","@version":"1","message":"Sep 11 23:31:59 honeypot-sgp-1 sshd[7140]: Invalid user zoomadsl from 185.246.130.20 port 28743","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:32:16 honeypot-fra-1 sshd[1262]: Did not receive identification string from 45.61.184.204 port 43842","@timestamp":"2022-09-11T23:32:17.259Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-11T23:32:38.832Z","@version":"1","message":"Sep 11 23:32:38 honeypot-sgp-1 sshd[7146]: Invalid user ltecl4r0 from 185.246.130.20 port 37228","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:00 honeypot-fra-1 sshd[1265]: Disconnected from invalid user user 45.61.184.204 port 44668 [preauth]","@timestamp":"2022-09-11T23:33:01.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:18 honeypot-fra-1 sshd[1269]: Disconnected from invalid user user 45.61.184.204 port 39820 [preauth]","@timestamp":"2022-09-11T23:33:19.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:33:35 honeypot-fra-1 sshd[1273]: Disconnected from invalid user user 45.61.184.204 port 34974 [preauth]","@timestamp":"2022-09-11T23:33:36.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:34:03 honeypot-ams-1 sshd[11004]: Disconnected from invalid user test2 92.255.85.70 port 56782 [preauth]","@timestamp":"2022-09-11T23:34:03.355Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:34:29 honeypot-fra-1 kernel: [83813698.431884] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=23020 DF PROTO=TCP SPT=50709 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-11T23:34:30.336Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-11T23:36:05.913Z","@version":"1","message":"Sep 11 23:36:05 honeypot-sgp-1 sshd[7151]: Disconnected from invalid user uf 71.67.66.226 port 54810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:38:14 honeypot-ams-1 kernel: [83816079.860211] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.139 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=22731 PROTO=TCP SPT=50947 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:38:15.466Z"}
{"@timestamp":"2022-09-11T23:40:33.020Z","@version":"1","message":"Sep 11 23:40:32 honeypot-sgp-1 kernel: [83815744.416974] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=60809 DF PROTO=TCP SPT=53659 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:18 honeypot-ams-1 sshd[11013]: Invalid user user from 45.61.187.160 port 40782","@timestamp":"2022-09-11T23:43:18.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:43:39 honeypot-ams-1 sshd[11017]: Invalid user user from 45.61.187.160 port 35638","@timestamp":"2022-09-11T23:43:40.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 11 23:44:00 honeypot-ams-1 sshd[11021]: Invalid user user from 45.61.187.160 port 58712","@timestamp":"2022-09-11T23:44:00.621Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 11 23:45:52 honeypot-ams-1 kernel: [83816537.191361] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=39098 PROTO=TCP SPT=50663 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-11T23:45:52.671Z"}
{"@timestamp":"2022-09-11T23:54:53.348Z","@version":"1","message":"Sep 11 23:54:52 honeypot-sgp-1 kernel: [83816604.901958] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=41257 DF PROTO=TCP SPT=50060 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 11 23:54:57 honeypot-fra-1 sshd[1358]: Invalid user contador from 92.255.85.69 port 58572","@timestamp":"2022-09-11T23:54:57.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:03:13 honeypot-fra-1 sshd[1372]: Disconnected from invalid user kevin 165.22.45.108 port 38972 [preauth]","@timestamp":"2022-09-12T00:03:13.989Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:03:18 honeypot-ams-1 kernel: [83817583.569182] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=6518 PROTO=TCP SPT=42582 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:03:19.134Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:08:24 honeypot-ams-1 kernel: [83817889.752097] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49353 PROTO=TCP SPT=41053 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:08:25.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:11:18 honeypot-ams-1 sshd[11044]: Connection closed by 193.106.191.157 port 33930 [preauth]","@timestamp":"2022-09-12T00:11:19.357Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:14:26 honeypot-fra-1 kernel: [83816094.709363] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55168 PROTO=TCP SPT=41053 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:14:26.240Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T00:15:21.830Z","@version":"1","message":"Sep 12 00:15:21 honeypot-sgp-1 kernel: [83817833.753978] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.208 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47091 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:18:50.918Z","@version":"1","message":"Sep 12 00:18:50 honeypot-sgp-1 kernel: [83818043.116835] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=49560 PROTO=TCP SPT=51407 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:20:48 honeypot-ams-1 sshd[11052]: Received disconnect from 92.255.85.70 port 27932:11: Bye Bye [preauth]","@timestamp":"2022-09-12T00:20:48.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:24:59 honeypot-fra-1 kernel: [83816727.800746] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=121.4.27.90 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=2436 DF PROTO=TCP SPT=59534 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:24:59.479Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T00:25:09.072Z","@version":"1","message":"Sep 12 00:25:08 honeypot-sgp-1 sshd[7191]: Received disconnect from 85.237.57.193 port 34762:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:26:23.106Z","@version":"1","message":"Sep 12 00:26:22 honeypot-sgp-1 sshd[7195]: Invalid user hw01 from 45.175.18.29 port 45606","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:13.154Z","@version":"1","message":"Sep 12 00:28:12 honeypot-sgp-1 sshd[7200]: Invalid user user from 45.61.187.160 port 34090","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:34.164Z","@version":"1","message":"Sep 12 00:28:33 honeypot-sgp-1 sshd[7204]: Invalid user user from 45.61.187.160 port 57632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:28:56.174Z","@version":"1","message":"Sep 12 00:28:55 honeypot-sgp-1 sshd[7209]: Invalid user user from 45.61.187.160 port 52928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:12.180Z","@version":"1","message":"Sep 12 00:29:12 honeypot-sgp-1 sshd[7213]: Received disconnect from 43.154.66.195 port 37094:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:29:52.197Z","@version":"1","message":"Sep 12 00:29:51 honeypot-sgp-1 sshd[7217]: Disconnected from authenticating user root 143.244.161.152 port 51756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 00:33:46 honeypot-ams-1 kernel: [83819412.006241] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59042 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:33:46.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:37:20 honeypot-fra-1 kernel: [83817468.633761] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37195 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T00:37:20.776Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T00:39:16.423Z","@version":"1","message":"Sep 12 00:39:15 honeypot-sgp-1 sshd[7223]: Received disconnect from 92.255.85.69 port 32560:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:41:47 honeypot-fra-1 sshd[1393]: Disconnected from authenticating user root 92.255.85.69 port 39858 [preauth]","@timestamp":"2022-09-12T00:41:47.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:44:35 honeypot-fra-1 sshd[1401]: Invalid user odoo from 157.245.122.58 port 58598","@timestamp":"2022-09-12T00:44:36.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:45:35 honeypot-fra-1 sshd[1403]: Disconnected from invalid user tenancy 157.245.122.58 port 43896 [preauth]","@timestamp":"2022-09-12T00:45:35.973Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:47:20 honeypot-fra-1 sshd[1409]: Invalid user jonitwiso from 157.245.122.58 port 42726","@timestamp":"2022-09-12T00:47:21.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 00:48:14 honeypot-ams-1 sshd[11061]: Connection closed by invalid user wry 137.116.144.39 port 49730 [preauth]","@timestamp":"2022-09-12T00:48:15.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 00:49:00 honeypot-fra-1 sshd[1414]: Invalid user cypress from 157.245.122.58 port 41556","@timestamp":"2022-09-12T00:49:01.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T00:49:55.680Z","@version":"1","message":"Sep 12 00:49:55 honeypot-sgp-1 sshd[7228]: Invalid user admin from 62.204.41.222 port 38176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T00:54:47.799Z","@version":"1","message":"Sep 12 00:54:47 honeypot-sgp-1 sshd[7231]: Invalid user git from 91.240.118.222 port 52945","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T01:02:32.986Z","@version":"1","message":"Sep 12 01:02:32 honeypot-sgp-1 sshd[7234]: Disconnected from authenticating user root 92.255.85.69 port 26252 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:02:49 honeypot-ams-1 kernel: [83821154.625984] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.188.51.244 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=5398 PROTO=TCP SPT=22104 DPT=80 WINDOW=13991 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:02:49.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:05:49 honeypot-fra-1 sshd[1418]: Disconnected from authenticating user root 92.255.85.70 port 20286 [preauth]","@timestamp":"2022-09-12T01:05:50.456Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:10:38 honeypot-ams-1 sshd[11073]: Connection closed by invalid user admin 99.97.212.80 port 43148 [preauth]","@timestamp":"2022-09-12T01:10:38.953Z"}
{"@timestamp":"2022-09-12T01:13:43.258Z","@version":"1","message":"Sep 12 01:13:43 honeypot-sgp-1 sshd[7241]: Received disconnect from 27.74.254.115 port 52690:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:14:15 honeypot-fra-1 sshd[1424]: Connection closed by invalid user  118.193.59.5 port 39266 [preauth]","@timestamp":"2022-09-12T01:14:15.649Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:16 honeypot-ams-1 sshd[11080]: Did not receive identification string from 198.98.61.9 port 59990","@timestamp":"2022-09-12T01:15:17.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:28 honeypot-ams-1 sshd[11083]: Disconnected from invalid user user 45.61.186.249 port 47054 [preauth]","@timestamp":"2022-09-12T01:15:29.086Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:48 honeypot-ams-1 sshd[11087]: Disconnected from invalid user user 45.61.186.249 port 41512 [preauth]","@timestamp":"2022-09-12T01:15:49.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:15:57 honeypot-ams-1 sshd[11091]: Disconnected from invalid user user 45.61.186.249 port 52908 [preauth]","@timestamp":"2022-09-12T01:15:58.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:06 honeypot-ams-1 sshd[11095]: Disconnected from invalid user user 45.61.186.249 port 35964 [preauth]","@timestamp":"2022-09-12T01:16:07.107Z"}
{"@timestamp":"2022-09-12T01:16:19.322Z","@version":"1","message":"Sep 12 01:16:19 honeypot-sgp-1 sshd[7245]: Received disconnect from 103.174.114.55 port 45010:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:20 honeypot-ams-1 sshd[11099]: Disconnected from invalid user user 198.98.61.9 port 45968 [preauth]","@timestamp":"2022-09-12T01:16:21.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:16:40 honeypot-ams-1 sshd[11103]: Disconnected from invalid user user 198.98.61.9 port 40752 [preauth]","@timestamp":"2022-09-12T01:16:41.127Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:17:04 honeypot-fra-1 sshd[1431]: Disconnected from authenticating user root 60.10.160.76 port 49648 [preauth]","@timestamp":"2022-09-12T01:17:04.717Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:20:40 honeypot-ams-1 sshd[11113]: Received disconnect from 157.245.122.58 port 59244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:20:41.237Z"}
{"@timestamp":"2022-09-12T01:20:46.432Z","@version":"1","message":"Sep 12 01:20:46 honeypot-sgp-1 kernel: [83821758.346072] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=16343 PROTO=TCP SPT=44724 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:22:27 honeypot-ams-1 sshd[11117]: Disconnected from invalid user esearch 2.44.166.148 port 40982 [preauth]","@timestamp":"2022-09-12T01:22:28.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:23:37 honeypot-ams-1 sshd[11122]: Disconnected from invalid user tenancy 157.245.122.58 port 43386 [preauth]","@timestamp":"2022-09-12T01:23:38.322Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:25:22 honeypot-ams-1 sshd[11126]: Invalid user jonitwiso from 157.245.122.58 port 42222","@timestamp":"2022-09-12T01:25:22.371Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:26:28 honeypot-ams-1 kernel: [83822573.960346] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=4128 PROTO=TCP SPT=44300 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T01:26:29.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:04 honeypot-ams-1 sshd[11134]: Disconnected from invalid user cypress 157.245.122.58 port 41062 [preauth]","@timestamp":"2022-09-12T01:27:05.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:35 honeypot-ams-1 sshd[11138]: Disconnected from invalid user user 45.61.186.169 port 42426 [preauth]","@timestamp":"2022-09-12T01:27:35.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:27:52 honeypot-ams-1 sshd[11142]: Disconnected from invalid user user 45.61.186.169 port 37698 [preauth]","@timestamp":"2022-09-12T01:27:53.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:28:08 honeypot-ams-1 sshd[11146]: Disconnected from invalid user user 45.61.186.169 port 32992 [preauth]","@timestamp":"2022-09-12T01:28:08.458Z"}
{"@timestamp":"2022-09-12T01:28:27.622Z","@version":"1","message":"Sep 12 01:28:26 honeypot-sgp-1 sshd[7254]: Invalid user aldric from 122.176.119.202 port 47708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:31:06 honeypot-ams-1 sshd[11150]: Disconnected from authenticating user root 92.255.85.69 port 35392 [preauth]","@timestamp":"2022-09-12T01:31:07.542Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:31:26 honeypot-fra-1 sshd[1441]: Invalid user ubuntu from 103.188.176.251 port 54010","@timestamp":"2022-09-12T01:31:27.047Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T01:37:02.844Z","@version":"1","message":"Sep 12 01:37:02 honeypot-sgp-1 sshd[7258]: Connection closed by 192.241.208.27 port 60936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1449]: Invalid user testuser from 49.234.154.127 port 33914","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1459]: Invalid user ubuntu from 49.234.154.127 port 33848","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1470]: Invalid user mysql from 49.234.154.127 port 33904","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1455]: Connection closed by invalid user admin 49.234.154.127 port 33920 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:32 honeypot-fra-1 sshd[1467]: Connection closed by invalid user www 49.234.154.127 port 33884 [preauth]","@timestamp":"2022-09-12T01:37:33.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:33 honeypot-fra-1 sshd[1450]: Connection closed by invalid user vagrant 49.234.154.127 port 33910 [preauth]","@timestamp":"2022-09-12T01:37:34.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:34 honeypot-fra-1 sshd[1495]: Connection closed by invalid user admin 49.234.154.127 port 33842 [preauth]","@timestamp":"2022-09-12T01:37:35.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:37 honeypot-fra-1 sshd[1452]: Connection closed by invalid user nexus 49.234.154.127 port 33888 [preauth]","@timestamp":"2022-09-12T01:37:37.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:37:41 honeypot-fra-1 sshd[1499]: Connection closed by invalid user www 49.234.154.127 port 33860 [preauth]","@timestamp":"2022-09-12T01:37:41.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 01:40:08 honeypot-ams-1 kernel: [83823393.074628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=52737 DF PROTO=TCP SPT=64898 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T01:40:08.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:43:14 honeypot-ams-1 sshd[11160]: Invalid user admin from 80.76.51.45 port 55106","@timestamp":"2022-09-12T01:43:14.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:43:45 honeypot-ams-1 sshd[11164]: Received disconnect from 80.76.51.45 port 50032:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:43:45.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:15 honeypot-ams-1 sshd[11168]: Disconnected from authenticating user root 80.76.51.45 port 44914 [preauth]","@timestamp":"2022-09-12T01:44:15.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:44:59 honeypot-ams-1 sshd[11174]: Disconnected from authenticating user root 80.76.51.45 port 51424 [preauth]","@timestamp":"2022-09-12T01:45:00.941Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:45:44 honeypot-ams-1 sshd[11180]: Received disconnect from 80.76.51.45 port 57874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T01:45:44.965Z"}
{"@timestamp":"2022-09-12T01:50:19.177Z","@version":"1","message":"Sep 12 01:50:18 honeypot-sgp-1 sshd[7264]: Received disconnect from 202.29.13.51 port 58580:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:51:12 honeypot-ams-1 sshd[11185]: Invalid user cpage from 208.184.30.130 port 34414","@timestamp":"2022-09-12T01:51:12.113Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 01:52:03 honeypot-fra-1 sshd[1510]: Received disconnect from 92.255.85.69 port 26320:11: Bye Bye [preauth]","@timestamp":"2022-09-12T01:52:04.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 01:55:16 honeypot-ams-1 sshd[11187]: Disconnected from authenticating user root 92.255.85.69 port 26326 [preauth]","@timestamp":"2022-09-12T01:55:17.225Z"}
{"@timestamp":"2022-09-12T02:01:20.450Z","@version":"1","message":"Sep 12 02:01:20 honeypot-sgp-1 kernel: [83824192.541031] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=61895 DF PROTO=TCP SPT=62785 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:02:14 honeypot-ams-1 sshd[11192]: Disconnected from invalid user miner 123.157.77.200 port 45570 [preauth]","@timestamp":"2022-09-12T02:02:15.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:03:43 honeypot-fra-1 kernel: [83822652.274255] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.188.210.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=31516 PROTO=TCP SPT=40969 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:03:44.780Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:37 honeypot-fra-1 sshd[1520]: Received disconnect from 62.204.41.222 port 56546:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-12T02:06:37.849Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:06:53 honeypot-fra-1 sshd[1524]: Received disconnect from 45.61.186.169 port 40654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:06:53.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:11 honeypot-fra-1 sshd[1528]: Received disconnect from 45.61.186.169 port 35504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:07:11.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:07:27 honeypot-fra-1 sshd[1532]: Received disconnect from 45.61.186.169 port 58594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:07:27.892Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:10:55 honeypot-fra-1 sshd[1537]: Invalid user git from 91.240.118.222 port 40068","@timestamp":"2022-09-12T02:10:55.972Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:11:15 honeypot-ams-1 kernel: [83825260.669357] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.107.76.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=22729 PROTO=TCP SPT=24501 DPT=80 WINDOW=61054 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:11:15.656Z"}
{"@timestamp":"2022-09-12T02:13:42.754Z","@version":"1","message":"Sep 12 02:13:42 honeypot-sgp-1 sshd[7274]: Received disconnect from 212.33.250.241 port 36870:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:15:24 honeypot-fra-1 sshd[1539]: Disconnected from authenticating user root 92.255.85.70 port 50854 [preauth]","@timestamp":"2022-09-12T02:15:24.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:22:06 honeypot-ams-1 kernel: [83825911.356241] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=141.156.242.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=3300 PROTO=TCP SPT=32149 DPT=80 WINDOW=33822 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:22:06.948Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:23:40 honeypot-fra-1 sshd[1546]: Disconnected from invalid user kevin 165.22.45.108 port 59870 [preauth]","@timestamp":"2022-09-12T02:23:40.265Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:27:28.100Z","@version":"1","message":"Sep 12 02:27:27 honeypot-sgp-1 kernel: [83825759.428590] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=11107 DF PROTO=TCP SPT=48051 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 02:29:30 honeypot-ams-1 sshd[11218]: Invalid user admin from 91.201.240.153 port 59006","@timestamp":"2022-09-12T02:29:31.149Z"}
{"@timestamp":"2022-09-12T02:31:00.188Z","@version":"1","message":"Sep 12 02:30:59 honeypot-sgp-1 sshd[7283]: Disconnected from invalid user kettle 178.154.203.18 port 50780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T02:36:07.316Z","@version":"1","message":"Sep 12 02:36:07 honeypot-sgp-1 sshd[7289]: Received disconnect from 92.255.85.69 port 54530:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T02:37:13.345Z","@version":"1","message":"Sep 12 02:37:12 honeypot-sgp-1 kernel: [83826344.843071] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=124 ID=15186 DF PROTO=TCP SPT=59501 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:40:02 honeypot-ams-1 kernel: [83826987.585409] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=69.3.241.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=45509 PROTO=TCP SPT=33472 DPT=80 WINDOW=17649 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:40:03.434Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:45:34 honeypot-fra-1 kernel: [83825162.804709] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13853 PROTO=TCP SPT=50489 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:45:34.757Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 02:53:51 honeypot-ams-1 kernel: [83827816.597222] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.71.6.86 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=12007 PROTO=TCP SPT=12826 DPT=443 WINDOW=22386 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T02:53:51.808Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:56:24 honeypot-fra-1 sshd[1557]: Received disconnect from 210.4.123.219 port 59553:11: Bye Bye [preauth]","@timestamp":"2022-09-12T02:56:24.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 02:58:54 honeypot-fra-1 sshd[1561]: Received disconnect from 165.22.45.108 port 36698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T02:58:55.055Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T02:59:16.874Z","@version":"1","message":"Sep 12 02:59:15 honeypot-sgp-1 sshd[7300]: Connection closed by 67.207.95.230 port 52804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T03:07:23.078Z","@version":"1","message":"Sep 12 03:07:22 honeypot-sgp-1 kernel: [83828154.635986] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25643 PROTO=TCP SPT=52039 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:10:32 honeypot-fra-1 sshd[1569]: Received disconnect from 159.65.77.254 port 48874:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:10:33.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:12:39 honeypot-ams-1 sshd[11230]: Received disconnect from 139.59.2.151 port 38156:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:12:40.313Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:16:35 honeypot-fra-1 kernel: [83827023.293645] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.218.50 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=56653 DF PROTO=TCP SPT=49565 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T03:16:35.448Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:19:09 honeypot-ams-1 sshd[11236]: Invalid user guest from 203.122.48.130 port 33217","@timestamp":"2022-09-12T03:19:10.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:19:26 honeypot-fra-1 sshd[1575]: Connection closed by invalid user admin 121.171.55.115 port 55119 [preauth]","@timestamp":"2022-09-12T03:19:27.516Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:23:42.474Z","@version":"1","message":"Sep 12 03:23:41 honeypot-sgp-1 sshd[7312]: Disconnected from authenticating user root 92.255.85.70 port 25362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:07 honeypot-ams-1 sshd[11242]: Did not receive identification string from 45.61.184.204 port 44114","@timestamp":"2022-09-12T03:29:07.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:38 honeypot-ams-1 sshd[11245]: Disconnected from invalid user user 45.61.184.204 port 41044 [preauth]","@timestamp":"2022-09-12T03:29:38.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:29:55 honeypot-ams-1 sshd[11249]: Disconnected from invalid user user 45.61.184.204 port 36350 [preauth]","@timestamp":"2022-09-12T03:29:56.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:30:13 honeypot-ams-1 sshd[11253]: Disconnected from invalid user user 45.61.184.204 port 59774 [preauth]","@timestamp":"2022-09-12T03:30:13.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:31:17 honeypot-fra-1 sshd[1582]: Received disconnect from 159.65.129.227 port 52830:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:31:17.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:22 honeypot-fra-1 sshd[1587]: Invalid user user from 45.61.184.204 port 50542","@timestamp":"2022-09-12T03:32:22.814Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:39 honeypot-fra-1 sshd[1591]: Invalid user user from 45.61.184.204 port 45132","@timestamp":"2022-09-12T03:32:40.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:32:57 honeypot-fra-1 sshd[1595]: Invalid user user from 45.61.184.204 port 39720","@timestamp":"2022-09-12T03:32:57.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:33:57 honeypot-fra-1 sshd[1599]: Invalid user kevin from 165.22.45.108 port 41740","@timestamp":"2022-09-12T03:33:57.854Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T03:34:02.756Z","@version":"1","message":"Sep 12 03:34:01 honeypot-sgp-1 sshd[7318]: Disconnected from 68.183.25.156 port 48138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:44:31 honeypot-ams-1 kernel: [83830856.663692] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=12230 PROTO=TCP SPT=39718 DPT=80 WINDOW=25575 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:44:32.164Z"}
{"@timestamp":"2022-09-12T03:46:47.067Z","@version":"1","message":"Sep 12 03:46:46 honeypot-sgp-1 sshd[7324]: Disconnected from authenticating user root 92.255.85.70 port 17724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 03:49:18 honeypot-fra-1 sshd[1603]: Received disconnect from 92.255.85.69 port 43958:11: Bye Bye [preauth]","@timestamp":"2022-09-12T03:49:19.192Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:50:33 honeypot-ams-1 sshd[11262]: Invalid user user from 43.135.1.155 port 45292","@timestamp":"2022-09-12T03:50:34.326Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:52:04 honeypot-ams-1 kernel: [83831309.649307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.88.49.77 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=28395 DF PROTO=TCP SPT=61814 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:52:05.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:52:51 honeypot-ams-1 sshd[11271]: Received disconnect from 46.19.141.122 port 42206:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T03:52:52.393Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:54:17 honeypot-ams-1 sshd[11277]: Invalid user admin from 46.19.141.122 port 39300","@timestamp":"2022-09-12T03:54:18.433Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 03:54:45 honeypot-ams-1 kernel: [83831470.179575] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=131.159.24.205 DST=178.62.254.91 LEN=72 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38845 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T03:54:45.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:55:09 honeypot-ams-1 sshd[11286]: Invalid user user from 46.19.141.122 port 36388","@timestamp":"2022-09-12T03:55:10.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:56:04 honeypot-ams-1 sshd[11290]: Invalid user support from 46.19.141.122 port 53268","@timestamp":"2022-09-12T03:56:04.488Z"}
{"@timestamp":"2022-09-12T03:57:20.324Z","@version":"1","message":"Sep 12 03:57:20 honeypot-sgp-1 sshd[7329]: Received disconnect from 64.227.98.3 port 52250:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 03:57:58 honeypot-ams-1 sshd[11294]: Received disconnect from 62.204.41.222 port 45124:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-12T03:57:58.539Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:00:51 honeypot-ams-1 kernel: [83831836.075890] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.241 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=53772 DF PROTO=TCP SPT=55400 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:00:51.619Z"}
{"@timestamp":"2022-09-12T04:03:07.470Z","@version":"1","message":"Sep 12 04:03:07 honeypot-sgp-1 kernel: [83831499.067386] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.34.56.97 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=36413 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:04:19.504Z","@version":"1","message":"Sep 12 04:04:18 honeypot-sgp-1 sshd[7341]: Disconnected from invalid user odoo 157.245.122.58 port 34606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:05:12 honeypot-fra-1 sshd[1610]: Connection closed by invalid user kiss 141.98.10.158 port 58754 [preauth]","@timestamp":"2022-09-12T04:05:12.580Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:06:14.555Z","@version":"1","message":"Sep 12 04:06:13 honeypot-sgp-1 sshd[7345]: Disconnected from invalid user data.user 157.245.122.58 port 33448 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:08:05 honeypot-ams-1 kernel: [83832270.680639] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=33630 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:08:05.815Z"}
{"@timestamp":"2022-09-12T04:08:08.603Z","@version":"1","message":"Sep 12 04:08:08 honeypot-sgp-1 sshd[7349]: Disconnected from invalid user jonitiso 157.245.122.58 port 60518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:09:56.650Z","@version":"1","message":"Sep 12 04:09:56 honeypot-sgp-1 sshd[7356]: Received disconnect from 92.255.85.69 port 51690:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:46 honeypot-fra-1 sshd[1627]: Invalid user admin from 204.44.66.189 port 59100","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1630]: Invalid user git from 204.44.66.189 port 59054","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1629]: Invalid user testuser from 204.44.66.189 port 59068","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1620]: Invalid user ubuntu from 204.44.66.189 port 59060","@timestamp":"2022-09-12T04:13:47.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1633]: Connection closed by invalid user admin 204.44.66.189 port 59082 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1621]: Connection closed by invalid user www 204.44.66.189 port 59080 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1618]: Connection closed by invalid user user 204.44.66.189 port 59038 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:47 honeypot-fra-1 sshd[1617]: Connection closed by invalid user lighthouse 204.44.66.189 port 59094 [preauth]","@timestamp":"2022-09-12T04:13:47.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:13:54 honeypot-fra-1 sshd[1668]: Received disconnect from 92.255.85.69 port 19222:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:13:55.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:17:01 honeypot-ams-1 CRON[11307]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T04:17:02.053Z"}
{"@timestamp":"2022-09-12T04:17:13.830Z","@version":"1","message":"Sep 12 04:17:12 honeypot-sgp-1 sshd[7362]: Did not receive identification string from 45.61.186.169 port 54634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:41.843Z","@version":"1","message":"Sep 12 04:17:41 honeypot-sgp-1 sshd[7365]: Disconnected from invalid user user 45.61.186.169 port 40722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:17:58.852Z","@version":"1","message":"Sep 12 04:17:58 honeypot-sgp-1 sshd[7369]: Disconnected from invalid user user 45.61.186.169 port 35748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:18:14.860Z","@version":"1","message":"Sep 12 04:18:14 honeypot-sgp-1 sshd[7373]: Disconnected from invalid user user 45.61.186.169 port 58920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:19:44 honeypot-fra-1 sshd[1674]: Received disconnect from 165.22.56.109 port 54594:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:19:44.902Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:19:58.907Z","@version":"1","message":"Sep 12 04:19:58 honeypot-sgp-1 kernel: [83832510.541060] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.41.53.116 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=15686 PROTO=TCP SPT=54221 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:08 honeypot-ams-1 sshd[11314]: Invalid user user from 45.61.186.49 port 38492","@timestamp":"2022-09-12T04:20:09.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:20:18 honeypot-ams-1 sshd[11318]: Invalid user user from 45.61.186.49 port 50410","@timestamp":"2022-09-12T04:20:19.147Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:20:55 honeypot-ams-1 kernel: [83833040.577351] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=56569 DF PROTO=TCP SPT=58897 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T04:20:56.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:23:58 honeypot-fra-1 sshd[1679]: Disconnected from authenticating user root 134.209.198.12 port 59172 [preauth]","@timestamp":"2022-09-12T04:23:58.999Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:30:33 honeypot-ams-1 sshd[11326]: Received disconnect from 80.76.51.43 port 56006:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:30:33.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:31:03 honeypot-ams-1 sshd[11330]: Received disconnect from 80.76.51.43 port 55486:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:31:03.437Z"}
{"@timestamp":"2022-09-12T04:34:36.265Z","@version":"1","message":"Sep 12 04:34:35 honeypot-sgp-1 sshd[7396]: Received disconnect from 92.255.85.69 port 25780:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:36:42 honeypot-fra-1 sshd[1685]: Received disconnect from 92.255.85.69 port 21562:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:36:43.282Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:01 honeypot-ams-1 sshd[11338]: Invalid user user from 45.61.184.204 port 43448","@timestamp":"2022-09-12T04:40:01.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:22 honeypot-ams-1 sshd[11342]: Invalid user user from 45.61.184.204 port 39384","@timestamp":"2022-09-12T04:40:22.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:31 honeypot-ams-1 sshd[11344]: Disconnected from invalid user user 45.61.184.204 port 51466 [preauth]","@timestamp":"2022-09-12T04:40:31.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:40:51 honeypot-ams-1 sshd[11348]: Received disconnect from 45.61.184.204 port 47470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:40:51.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:42:51 honeypot-ams-1 sshd[11352]: Disconnected from authenticating user root 35.204.72.77 port 56148 [preauth]","@timestamp":"2022-09-12T04:42:51.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:42:59 honeypot-fra-1 sshd[1688]: Received disconnect from 159.223.95.166 port 59870:11: Bye Bye [preauth]","@timestamp":"2022-09-12T04:43:00.422Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:45:22 honeypot-fra-1 sshd[1692]: Received disconnect from 165.22.45.108 port 51854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T04:45:23.478Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T04:49:57.656Z","@version":"1","message":"Sep 12 04:49:56 honeypot-sgp-1 sshd[7400]: Received disconnect from 217.147.1.240 port 48866:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 04:51:26 honeypot-ams-1 sshd[11359]: Invalid user awa from 43.154.55.148 port 32808","@timestamp":"2022-09-12T04:51:27.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1708]: Invalid user oracle from 212.87.251.118 port 45342","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1713]: Invalid user guest from 212.87.251.118 port 45358","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1718]: Invalid user git from 212.87.251.118 port 45376","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1699]: Invalid user elasticsearch from 212.87.251.118 port 45314","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1709]: Connection closed by authenticating user root 212.87.251.118 port 45348 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1710]: Connection closed by invalid user esuser 212.87.251.118 port 45346 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1718]: Connection closed by invalid user git 212.87.251.118 port 45376 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1715]: Connection closed by invalid user chia 212.87.251.118 port 45364 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1722]: Connection closed by invalid user es 212.87.251.118 port 45386 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:36 honeypot-fra-1 sshd[1729]: Connection closed by invalid user test 212.87.251.118 port 45424 [preauth]","@timestamp":"2022-09-12T04:55:37.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 04:55:37 honeypot-fra-1 sshd[1727]: Connection closed by invalid user guest 212.87.251.118 port 45414 [preauth]","@timestamp":"2022-09-12T04:55:37.707Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 04:56:41 honeypot-ams-1 kernel: [83835186.515888] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=425 PROTO=TCP SPT=55985 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T04:56:42.155Z"}
{"@timestamp":"2022-09-12T04:57:23.838Z","@version":"1","message":"Sep 12 04:57:23 honeypot-sgp-1 sshd[7407]: Received disconnect from 92.255.85.70 port 16282:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:59:17.888Z","@version":"1","message":"Sep 12 04:59:17 honeypot-sgp-1 sshd[7412]: Invalid user user from 45.61.186.49 port 41046","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T04:59:26.892Z","@version":"1","message":"Sep 12 04:59:26 honeypot-sgp-1 sshd[7416]: Invalid user user from 45.61.186.49 port 52466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:07:05 honeypot-fra-1 sshd[1766]: Connection closed by invalid user user 176.126.166.60 port 36250 [preauth]","@timestamp":"2022-09-12T05:07:05.959Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:08:09.101Z","@version":"1","message":"Sep 12 05:08:08 honeypot-sgp-1 kernel: [83835400.189505] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37369 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:12:30 honeypot-ams-1 kernel: [83836135.787995] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=47824 PROTO=TCP SPT=37401 DPT=80 WINDOW=21984 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:12:31.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:14:52 honeypot-ams-1 sshd[11826]: Received disconnect from 45.61.186.249 port 37598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:14:52.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:10 honeypot-ams-1 sshd[11830]: Received disconnect from 45.61.186.249 port 60914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:15:11.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:15:28 honeypot-ams-1 sshd[11834]: Received disconnect from 45.61.186.249 port 55998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:15:29.661Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:15:59 honeypot-ams-1 kernel: [83836344.718343] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=50463 DF PROTO=TCP SPT=56143 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T05:16:00.678Z"}
{"@timestamp":"2022-09-12T05:16:54.317Z","@version":"1","message":"Sep 12 05:16:53 honeypot-sgp-1 sshd[7423]: Disconnected from authenticating user root 49.0.129.25 port 41846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:17:01 honeypot-fra-1 CRON[1772]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T05:17:02.182Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:19:06.374Z","@version":"1","message":"Sep 12 05:19:05 honeypot-sgp-1 sshd[7429]: Received disconnect from 159.89.173.162 port 53332:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:19:52 honeypot-fra-1 sshd[1778]: Disconnected from invalid user robin 114.247.103.218 port 24933 [preauth]","@timestamp":"2022-09-12T05:19:53.246Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:20:40.416Z","@version":"1","message":"Sep 12 05:20:39 honeypot-sgp-1 sshd[7435]: Received disconnect from 92.255.85.69 port 23790:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:23:21 honeypot-fra-1 sshd[1784]: Received disconnect from 92.255.85.69 port 15686:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:23:22.326Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T05:25:01.523Z","@version":"1","message":"Sep 12 05:25:01 honeypot-sgp-1 sshd[7440]: Disconnected from authenticating user root 51.12.81.43 port 53902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:26:09 honeypot-ams-1 sshd[11844]: Received disconnect from 92.255.85.69 port 49648:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:26:09.949Z"}
{"@timestamp":"2022-09-12T05:32:31.704Z","@version":"1","message":"Sep 12 05:32:31 honeypot-sgp-1 sshd[7446]: Invalid user user from 45.61.187.160 port 33980","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:32:50.713Z","@version":"1","message":"Sep 12 05:32:50 honeypot-sgp-1 sshd[7450]: Invalid user user from 45.61.187.160 port 57430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T05:33:08.723Z","@version":"1","message":"Sep 12 05:33:08 honeypot-sgp-1 sshd[7454]: Invalid user user from 45.61.187.160 port 52658","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:00 honeypot-ams-1 sshd[11848]: Received disconnect from 45.61.187.160 port 48324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:35:00.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:18 honeypot-ams-1 sshd[11852]: Received disconnect from 45.61.187.160 port 43020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:35:19.194Z"}
{"@timestamp":"2022-09-12T05:35:22.778Z","@version":"1","message":"Sep 12 05:35:22 honeypot-sgp-1 kernel: [83837034.433505] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.109 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=27261 PROTO=TCP SPT=37855 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:36 honeypot-ams-1 sshd[11856]: Received disconnect from 45.61.187.160 port 37710:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:35:37.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:35:54 honeypot-ams-1 sshd[11860]: Received disconnect from 45.61.187.160 port 60636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:35:54.212Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:39:50 honeypot-ams-1 sshd[11863]: Connection closed by invalid user support 107.179.222.3 port 57122 [preauth]","@timestamp":"2022-09-12T05:39:50.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:34 honeypot-fra-1 sshd[1790]: Did not receive identification string from 141.255.162.226 port 37120","@timestamp":"2022-09-12T05:44:35.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:39 honeypot-fra-1 sshd[1793]: Disconnected from invalid user user 141.255.162.226 port 33086 [preauth]","@timestamp":"2022-09-12T05:44:39.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:43 honeypot-fra-1 sshd[1797]: Disconnected from invalid user user 141.255.162.226 port 54350 [preauth]","@timestamp":"2022-09-12T05:44:43.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:44:47 honeypot-fra-1 sshd[1801]: Disconnected from invalid user user 141.255.162.226 port 40286 [preauth]","@timestamp":"2022-09-12T05:44:47.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:49:30 honeypot-fra-1 kernel: [83836198.164842] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.225.195.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=2851 PROTO=TCP SPT=41760 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T05:49:30.911Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T05:50:24.142Z","@version":"1","message":"Sep 12 05:50:23 honeypot-sgp-1 sshd[7466]: Received disconnect from 157.245.9.6 port 57416:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 05:51:16 honeypot-ams-1 kernel: [83838461.062690] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=61513 DF PROTO=TCP SPT=56682 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T05:51:16.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 05:54:21 honeypot-ams-1 sshd[11872]: Received disconnect from 181.95.50.114 port 50434:11: Bye Bye [preauth]","@timestamp":"2022-09-12T05:54:22.719Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:54:53 honeypot-fra-1 sshd[1808]: Received disconnect from 45.61.187.160 port 41460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:54:54.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:11 honeypot-fra-1 sshd[1812]: Received disconnect from 45.61.187.160 port 37436:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:55:12.043Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:28 honeypot-fra-1 sshd[1816]: Received disconnect from 45.61.187.160 port 33420:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:55:29.050Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 05:55:45 honeypot-fra-1 sshd[1820]: Received disconnect from 45.61.187.160 port 57630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T05:55:46.058Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:00:52.394Z","@version":"1","message":"Sep 12 06:00:52 honeypot-sgp-1 sshd[7470]: Received disconnect from 141.255.162.226 port 59658:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:00:58.398Z","@version":"1","message":"Sep 12 06:00:57 honeypot-sgp-1 sshd[7474]: Received disconnect from 141.255.162.226 port 51802:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:02:31.438Z","@version":"1","message":"Sep 12 06:02:31 honeypot-sgp-1 kernel: [83838663.261895] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26065 PROTO=TCP SPT=41580 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:04:58 honeypot-fra-1 kernel: [83837126.288477] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.123.184.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=27411 PROTO=TCP SPT=42399 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:04:59.260Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T06:07:22.559Z","@version":"1","message":"Sep 12 06:07:22 honeypot-sgp-1 sshd[7577]: Disconnected from authenticating user root 92.255.85.69 port 40154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:10:48 honeypot-fra-1 sshd[1832]: Received disconnect from 92.255.85.70 port 22788:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:10:48.392Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:14:10 honeypot-ams-1 kernel: [83839835.700899] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=564 PROTO=TCP SPT=25119 DPT=443 WINDOW=35204 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:14:11.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1931]: Invalid user admin from 185.196.220.81 port 53246","@timestamp":"2022-09-12T06:15:33.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:33 honeypot-fra-1 sshd[1935]: Invalid user admin from 185.196.220.81 port 54488","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1939]: Disconnected from authenticating user root 185.196.220.81 port 55836 [preauth]","@timestamp":"2022-09-12T06:15:34.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1945]: Invalid user admin from 185.196.220.81 port 57844","@timestamp":"2022-09-12T06:15:35.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:34 honeypot-fra-1 sshd[1949]: Invalid user test from 185.196.220.81 port 59410","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1953]: Disconnected from authenticating user root 185.196.220.81 port 60626 [preauth]","@timestamp":"2022-09-12T06:15:35.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:35 honeypot-fra-1 sshd[1957]: Disconnected from invalid user admin 185.196.220.81 port 33846 [preauth]","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1963]: Invalid user telnet from 185.196.220.81 port 36400","@timestamp":"2022-09-12T06:15:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:36 honeypot-fra-1 sshd[1967]: Received disconnect from 185.196.220.81 port 38026:11: end [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1971]: Received disconnect from 185.196.220.81 port 39678:11: end [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:37 honeypot-fra-1 sshd[1975]: Disconnected from invalid user admin 185.196.220.81 port 41542 [preauth]","@timestamp":"2022-09-12T06:15:37.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1981]: Invalid user guest from 185.196.220.81 port 43826","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1985]: Invalid user Admin from 185.196.220.81 port 45410","@timestamp":"2022-09-12T06:15:38.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:15:38 honeypot-fra-1 sshd[1989]: Invalid user user from 185.196.220.81 port 46804","@timestamp":"2022-09-12T06:15:39.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:17:01 honeypot-fra-1 CRON[1993]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T06:17:02.536Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T06:17:02.797Z","@version":"1","message":"Sep 12 06:17:01 honeypot-sgp-1 CRON[7580]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:24:57.992Z","@version":"1","message":"Sep 12 06:24:57 honeypot-sgp-1 kernel: [83840009.328387] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.163.149 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28048 PROTO=TCP SPT=41207 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:25:01 honeypot-ams-1 CRON[11883]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T06:25:02.503Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:27:09 honeypot-fra-1 kernel: [83838456.880424] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47904 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:27:09.765Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T06:31:31.160Z","@version":"1","message":"Sep 12 06:31:30 honeypot-sgp-1 sshd[7736]: Disconnected from authenticating user root 92.255.85.70 port 35382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:32:14 honeypot-fra-1 sshd[2135]: Disconnected from invalid user ubnt 167.99.236.74 port 46296 [preauth]","@timestamp":"2022-09-12T06:32:14.879Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:32:18 honeypot-ams-1 kernel: [83840923.327727] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=4087 DF PROTO=TCP SPT=47326 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:32:18.697Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:35:07 honeypot-fra-1 sshd[2142]: Connection closed by invalid user manager 103.188.176.251 port 36248 [preauth]","@timestamp":"2022-09-12T06:35:07.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:39:58 honeypot-ams-1 sshd[12152]: Received disconnect from 165.227.84.172 port 49218:11: Bye Bye [preauth]","@timestamp":"2022-09-12T06:39:58.899Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 06:43:50 honeypot-ams-1 kernel: [83841615.672751] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.92.87.63 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=4853 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:43:51.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:00 honeypot-ams-1 sshd[12159]: Disconnected from invalid user user 45.61.187.160 port 46294 [preauth]","@timestamp":"2022-09-12T06:44:01.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:18 honeypot-ams-1 sshd[12163]: Received disconnect from 45.61.187.160 port 42082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T06:44:19.017Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:44:34 honeypot-ams-1 sshd[12167]: Received disconnect from 45.61.187.160 port 37858:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T06:44:35.027Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:50:15 honeypot-fra-1 kernel: [83839842.850057] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.99.1.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31624 PROTO=TCP SPT=42785 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T06:50:15.284Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T06:50:20.642Z","@version":"1","message":"Sep 12 06:50:19 honeypot-sgp-1 kernel: [83841531.670590] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=20554 DF PROTO=TCP SPT=58678 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 06:52:32 honeypot-fra-1 sshd[2155]: Disconnected from invalid user lz 178.62.90.145 port 45758 [preauth]","@timestamp":"2022-09-12T06:52:32.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 06:54:19 honeypot-ams-1 sshd[12172]: Disconnected from authenticating user root 68.183.142.49 port 39348 [preauth]","@timestamp":"2022-09-12T06:54:20.301Z"}
{"@timestamp":"2022-09-12T06:54:25.744Z","@version":"1","message":"Sep 12 06:54:24 honeypot-sgp-1 sshd[7746]: Invalid user wkv from 207.254.224.220 port 49846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:55:45.780Z","@version":"1","message":"Sep 12 06:55:45 honeypot-sgp-1 sshd[7750]: Disconnected from authenticating user root 122.117.25.149 port 59757 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T06:58:14.846Z","@version":"1","message":"Sep 12 06:58:14 honeypot-sgp-1 sshd[7757]: Invalid user zabbix from 103.188.176.251 port 48226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:04:16 honeypot-ams-1 sshd[12177]: Disconnected from authenticating user root 64.227.134.110 port 35260 [preauth]","@timestamp":"2022-09-12T07:04:17.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:05:35 honeypot-fra-1 kernel: [83840763.261170] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=17407 DF PROTO=TCP SPT=40438 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:05:35.629Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T07:07:45.081Z","@version":"1","message":"Sep 12 07:07:44 honeypot-sgp-1 sshd[7763]: Connection closed by invalid user User 179.60.147.69 port 31332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:12:08 honeypot-fra-1 kernel: [83841155.717931] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=6430 DF PROTO=TCP SPT=42206 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:12:08.776Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:24 honeypot-fra-1 sshd[2173]: Received disconnect from 45.61.184.204 port 45928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:16:24.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:16:44 honeypot-fra-1 sshd[2177]: Received disconnect from 45.61.184.204 port 41268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:16:44.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:01 honeypot-fra-1 CRON[2183]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T07:17:01.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:17:09 honeypot-fra-1 sshd[2187]: Disconnected from invalid user user 45.61.184.204 port 48422 [preauth]","@timestamp":"2022-09-12T07:17:10.896Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:17:16 honeypot-ams-1 sshd[12186]: Disconnected from 147.182.219.221 port 54046 [preauth]","@timestamp":"2022-09-12T07:17:16.890Z"}
{"@timestamp":"2022-09-12T07:18:16.342Z","@version":"1","message":"Sep 12 07:18:16 honeypot-sgp-1 sshd[7771]: Received disconnect from 92.255.85.69 port 44164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:29.423Z","@version":"1","message":"Sep 12 07:21:28 honeypot-sgp-1 sshd[7775]: Received disconnect from 141.255.162.226 port 45236:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T07:21:32.424Z","@version":"1","message":"Sep 12 07:21:31 honeypot-sgp-1 sshd[7779]: Disconnected from invalid user user 141.255.162.226 port 52134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:21:32 honeypot-fra-1 sshd[2191]: Disconnected from authenticating user root 92.255.85.69 port 59382 [preauth]","@timestamp":"2022-09-12T07:21:33.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:21:36.428Z","@version":"1","message":"Sep 12 07:21:36 honeypot-sgp-1 sshd[7783]: Disconnected from invalid user user 141.255.162.226 port 37698 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:12 honeypot-fra-1 sshd[2200]: Received disconnect from 45.61.187.160 port 57040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:26:13.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:30 honeypot-fra-1 sshd[2204]: Received disconnect from 45.61.187.160 port 52514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:26:31.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:26:48 honeypot-fra-1 sshd[2208]: Received disconnect from 45.61.187.160 port 47962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:26:48.141Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:27:03 honeypot-fra-1 sshd[2212]: Received disconnect from 45.61.187.160 port 43446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:27:04.149Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:27:35 honeypot-ams-1 kernel: [83844240.571320] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=54562 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:27:36.180Z"}
{"@timestamp":"2022-09-12T07:27:52.616Z","@version":"1","message":"Sep 12 07:27:52 honeypot-sgp-1 sshd[7790]: Received disconnect from 139.59.231.120 port 38948:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:22 honeypot-ams-1 sshd[12196]: Received disconnect from 45.61.186.249 port 43986:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:32:23.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:32:43 honeypot-ams-1 sshd[12200]: Received disconnect from 45.61.186.249 port 39720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:32:43.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:33:01 honeypot-ams-1 sshd[12204]: Received disconnect from 45.61.186.249 port 35416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:33:01.332Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:33 honeypot-fra-1 sshd[2219]: Invalid user user from 141.255.162.226 port 36098","@timestamp":"2022-09-12T07:33:34.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:33:37 honeypot-fra-1 sshd[2223]: Invalid user user from 141.255.162.226 port 41392","@timestamp":"2022-09-12T07:33:38.295Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 07:37:01 honeypot-ams-1 kernel: [83844806.166028] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.8.77.109 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=34418 PROTO=TCP SPT=15022 DPT=443 WINDOW=62559 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:37:01.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:39:48 honeypot-fra-1 kernel: [83842815.750853] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=33548 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:39:48.431Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:41:51 honeypot-fra-1 sshd[2230]: Disconnected from authenticating user root 143.244.158.100 port 38470 [preauth]","@timestamp":"2022-09-12T07:41:51.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T07:41:58.964Z","@version":"1","message":"Sep 12 07:41:58 honeypot-sgp-1 sshd[7798]: Invalid user User from 179.60.147.69 port 6008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:42:07 honeypot-fra-1 sshd[2234]: Disconnected from invalid user kf2 165.22.45.108 port 49332 [preauth]","@timestamp":"2022-09-12T07:42:08.488Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:43:37 honeypot-fra-1 sshd[2240]: Disconnected from authenticating user root 143.244.158.100 port 49596 [preauth]","@timestamp":"2022-09-12T07:43:37.526Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:44:30 honeypot-fra-1 sshd[2246]: Invalid user duni from 92.255.85.69 port 39508","@timestamp":"2022-09-12T07:44:31.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:46:06 honeypot-fra-1 sshd[2251]: Disconnected from authenticating user root 143.244.158.100 port 46834 [preauth]","@timestamp":"2022-09-12T07:46:07.588Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:47:11 honeypot-ams-1 sshd[12214]: Invalid user duni from 92.255.85.70 port 62888","@timestamp":"2022-09-12T07:47:11.701Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:47:28 honeypot-fra-1 kernel: [83843276.547934] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.34 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51992 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T07:47:29.622Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T07:48:47.134Z","@version":"1","message":"Sep 12 07:48:46 honeypot-sgp-1 kernel: [83845038.008225] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.118 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42141 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:49:17 honeypot-fra-1 sshd[2261]: Received disconnect from 143.244.158.100 port 41998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:49:17.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:51:40 honeypot-fra-1 sshd[2268]: Received disconnect from 143.244.158.100 port 50144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:51:40.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:53:15 honeypot-fra-1 sshd[2272]: Disconnected from authenticating user root 143.244.158.100 port 50762 [preauth]","@timestamp":"2022-09-12T07:53:15.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:54:54 honeypot-fra-1 sshd[2278]: Received disconnect from 143.244.158.100 port 34568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:54:54.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 07:56:53 honeypot-ams-1 sshd[12219]: Connection closed by invalid user support 58.248.167.244 port 36348 [preauth]","@timestamp":"2022-09-12T07:56:53.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:57:21 honeypot-fra-1 sshd[2285]: Received disconnect from 143.244.158.100 port 33770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T07:57:22.859Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 07:59:01 honeypot-fra-1 sshd[2290]: Disconnected from authenticating user root 143.244.158.100 port 39092 [preauth]","@timestamp":"2022-09-12T07:59:01.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:00:44 honeypot-fra-1 sshd[2297]: Received disconnect from 143.244.158.100 port 55528:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:00:44.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:02:25 honeypot-fra-1 sshd[2302]: Received disconnect from 143.244.158.100 port 42748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:02:25.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:03:37.503Z","@version":"1","message":"Sep 12 08:03:37 honeypot-sgp-1 kernel: [83845928.957778] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.21 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58003 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:04:00 honeypot-fra-1 sshd[2308]: Received disconnect from 143.244.158.100 port 34248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:04:01.018Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:31 honeypot-ams-1 sshd[12225]: Received disconnect from 45.61.186.249 port 47050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:04:31.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:04:51 honeypot-ams-1 sshd[12229]: Received disconnect from 45.61.186.249 port 42648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:04:52.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:05:09 honeypot-ams-1 sshd[12233]: Received disconnect from 45.61.186.249 port 38268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:05:09.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:05:33 honeypot-fra-1 sshd[2314]: Received disconnect from 143.244.158.100 port 49746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:05:34.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:05:45 honeypot-ams-1 kernel: [83846530.121548] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=19534 PROTO=TCP SPT=49003 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:05:46.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:07:08 honeypot-fra-1 sshd[2319]: Disconnected from authenticating user root 143.244.158.100 port 60916 [preauth]","@timestamp":"2022-09-12T08:07:09.094Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:08:02.638Z","@version":"1","message":"Sep 12 08:08:01 honeypot-sgp-1 kernel: [83846193.781384] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=34162 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:08:47 honeypot-fra-1 sshd[2325]: Received disconnect from 143.244.158.100 port 55070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:08:48.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:10:23 honeypot-fra-1 sshd[2330]: Disconnected from authenticating user root 143.244.158.100 port 49980 [preauth]","@timestamp":"2022-09-12T08:10:24.172Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:11:15 honeypot-fra-1 sshd[2355]: Disconnected from authenticating user root 207.154.205.34 port 40724 [preauth]","@timestamp":"2022-09-12T08:11:15.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:12:49 honeypot-fra-1 sshd[2362]: Disconnected from authenticating user root 143.244.158.100 port 52260 [preauth]","@timestamp":"2022-09-12T08:12:49.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:14:30 honeypot-fra-1 sshd[2368]: Received disconnect from 143.244.158.100 port 35032:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:14:30.274Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:15:16 honeypot-ams-1 sshd[12240]: Received disconnect from 147.182.219.221 port 42566:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:15:16.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:16:12 honeypot-fra-1 sshd[2374]: Received disconnect from 143.244.158.100 port 54364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:16:13.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:16:59 honeypot-fra-1 sshd[2378]: Disconnected from authenticating user root 143.244.158.100 port 50202 [preauth]","@timestamp":"2022-09-12T08:16:59.336Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:17:01.864Z","@version":"1","message":"Sep 12 08:17:01 honeypot-sgp-1 CRON[7813]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:18:23 honeypot-ams-1 sshd[12246]: Disconnected from invalid user test 103.133.57.242 port 45596 [preauth]","@timestamp":"2022-09-12T08:18:23.517Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:18:35 honeypot-fra-1 sshd[2386]: Disconnected from authenticating user root 143.244.158.100 port 35532 [preauth]","@timestamp":"2022-09-12T08:18:35.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:20:43.959Z","@version":"1","message":"Sep 12 08:20:43 honeypot-sgp-1 sshd[7842]: Disconnected from authenticating user root 181.188.180.226 port 42558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:20:45 honeypot-fra-1 sshd[2392]: Invalid user admin from 196.219.43.242 port 48732","@timestamp":"2022-09-12T08:20:46.425Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:21:02 honeypot-ams-1 kernel: [83847447.173774] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=28707 PROTO=TCP SPT=1149 DPT=80 WINDOW=20691 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:21:02.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:46 honeypot-ams-1 sshd[12256]: Received disconnect from 141.255.162.226 port 41536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:21:47.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:52 honeypot-ams-1 sshd[12260]: Received disconnect from 141.255.162.226 port 55302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:21:52.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:21:54 honeypot-ams-1 sshd[12264]: Received disconnect from 141.255.162.226 port 33944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:21:54.619Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:21:58 honeypot-fra-1 sshd[2396]: Disconnected from authenticating user root 143.244.158.100 port 46350 [preauth]","@timestamp":"2022-09-12T08:21:59.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:24:23 honeypot-fra-1 sshd[2403]: Disconnected from authenticating user root 143.244.158.100 port 44394 [preauth]","@timestamp":"2022-09-12T08:24:23.512Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:25:18.076Z","@version":"1","message":"Sep 12 08:25:17 honeypot-sgp-1 sshd[7846]: Disconnected from authenticating user root 101.32.11.149 port 45144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:29:22 honeypot-ams-1 kernel: [83847947.456049] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.58 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49181 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:29:22.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:30:17 honeypot-fra-1 sshd[2421]: Invalid user User from 179.60.147.69 port 37630","@timestamp":"2022-09-12T08:30:17.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:34:49 honeypot-fra-1 sshd[2429]: Received disconnect from 159.65.136.44 port 49936:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:34:49.751Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:36:17 honeypot-ams-1 sshd[12289]: Disconnected from authenticating user root 157.230.233.185 port 34112 [preauth]","@timestamp":"2022-09-12T08:36:18.012Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:37:13 honeypot-ams-1 kernel: [83848418.097198] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.120.202.242 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=21083 DF PROTO=TCP SPT=51092 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:37:14.041Z"}
{"@timestamp":"2022-09-12T08:41:09.471Z","@version":"1","message":"Sep 12 08:41:09 honeypot-sgp-1 sshd[7852]: Did not receive identification string from 45.61.186.169 port 33616","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:36.485Z","@version":"1","message":"Sep 12 08:41:35 honeypot-sgp-1 sshd[7855]: Disconnected from invalid user user 45.61.186.169 port 33716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:41:52.493Z","@version":"1","message":"Sep 12 08:41:52 honeypot-sgp-1 sshd[7859]: Disconnected from invalid user user 45.61.186.169 port 57756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:09.502Z","@version":"1","message":"Sep 12 08:42:08 honeypot-sgp-1 sshd[7863]: Disconnected from invalid user user 45.61.186.169 port 53554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T08:42:35.516Z","@version":"1","message":"Sep 12 08:42:34 honeypot-sgp-1 kernel: [83848266.738816] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=7678 DF PROTO=TCP SPT=50036 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:43:57 honeypot-fra-1 sshd[2437]: Disconnected from invalid user admin 162.241.222.29 port 56130 [preauth]","@timestamp":"2022-09-12T08:43:57.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:50:50 honeypot-fra-1 sshd[2443]: Disconnected from invalid user lqq 80.87.83.58 port 43164 [preauth]","@timestamp":"2022-09-12T08:50:51.111Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:51:53 honeypot-ams-1 kernel: [83849298.318856] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.91.47.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=53832 PROTO=TCP SPT=4153 DPT=80 WINDOW=9737 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:51:54.424Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:52:33 honeypot-fra-1 sshd[2449]: Invalid user ling from 60.10.160.75 port 39290","@timestamp":"2022-09-12T08:52:34.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T08:53:40.792Z","@version":"1","message":"Sep 12 08:53:40 honeypot-sgp-1 sshd[7873]: Connection closed by invalid user User 179.60.147.69 port 31000 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:14 honeypot-ams-1 sshd[12297]: Received disconnect from 141.255.162.226 port 40404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:54:14.486Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:19 honeypot-ams-1 sshd[12301]: Received disconnect from 141.255.162.226 port 33164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:54:20.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 08:54:21 honeypot-ams-1 sshd[12305]: Received disconnect from 141.255.162.226 port 40160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T08:54:22.492Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:54:39 honeypot-fra-1 sshd[2453]: Received disconnect from 164.92.66.116 port 46210:11: Bye Bye [preauth]","@timestamp":"2022-09-12T08:54:40.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 08:55:04 honeypot-fra-1 sshd[2457]: Disconnected from invalid user joaquim 133.130.101.23 port 37480 [preauth]","@timestamp":"2022-09-12T08:55:04.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 08:59:40 honeypot-ams-1 kernel: [83849765.165972] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=10836 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T08:59:40.629Z"}
{"@timestamp":"2022-09-12T09:05:35.115Z","@version":"1","message":"Sep 12 09:05:34 honeypot-sgp-1 kernel: [83849646.312258] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.65.119.94 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=29867 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:05:50 honeypot-fra-1 sshd[2463]: Connection closed by invalid user User 179.60.147.69 port 63242 [preauth]","@timestamp":"2022-09-12T09:05:50.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:10 honeypot-fra-1 sshd[2468]: Received disconnect from 45.61.186.49 port 49184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:06:11.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:06:19 honeypot-fra-1 sshd[2472]: Received disconnect from 45.61.186.49 port 60792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T09:06:19.470Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:07:33.166Z","@version":"1","message":"Sep 12 09:07:32 honeypot-sgp-1 sshd[7879]: Invalid user jukka from 52.172.5.99 port 42458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:09:03 honeypot-fra-1 sshd[2476]: Connection closed by invalid user admin 211.24.100.56 port 46826 [preauth]","@timestamp":"2022-09-12T09:09:04.534Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:15:40.370Z","@version":"1","message":"Sep 12 09:15:39 honeypot-sgp-1 sshd[7882]: Disconnected from authenticating user root 92.255.85.69 port 58958 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:15:45 honeypot-ams-1 kernel: [83850730.249831] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=9189 PROTO=TCP SPT=25447 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:15:46.041Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:17:54 honeypot-fra-1 sshd[2483]: Received disconnect from 123.1.234.238 port 37588:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:17:55.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:19:21 honeypot-ams-1 sshd[12322]: Received disconnect from 207.249.96.168 port 40062:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:19:22.136Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:19:32 honeypot-fra-1 sshd[2488]: Disconnected from invalid user admin 43.156.237.102 port 52186 [preauth]","@timestamp":"2022-09-12T09:19:32.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:20:19 honeypot-ams-1 kernel: [83851004.190779] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59813 PROTO=TCP SPT=16686 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:20:20.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:20:50 honeypot-ams-1 sshd[12331]: Received disconnect from 92.255.85.69 port 23208:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:20:50.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:25:07 honeypot-ams-1 sshd[12336]: Received disconnect from 68.183.56.198 port 55968:11: Bye Bye [preauth]","@timestamp":"2022-09-12T09:25:07.292Z"}
{"@timestamp":"2022-09-12T09:25:30.612Z","@version":"1","message":"Sep 12 09:25:30 honeypot-sgp-1 kernel: [83850841.974634] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=53197 PROTO=TCP SPT=49003 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:26:51 honeypot-fra-1 sshd[2495]: Connection closed by invalid user user 190.202.146.30 port 34786 [preauth]","@timestamp":"2022-09-12T09:26:52.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:29:25 honeypot-fra-1 kernel: [83849392.848703] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=31039 DF PROTO=TCP SPT=65258 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T09:29:26.021Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T09:32:05.774Z","@version":"1","message":"Sep 12 09:32:05 honeypot-sgp-1 sshd[7896]: Invalid user user from 103.188.176.251 port 49504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 09:32:06 honeypot-ams-1 kernel: [83851710.819701] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.219 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55085 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:32:06.471Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:36:40 honeypot-fra-1 sshd[2507]: Invalid user cent from 217.182.253.249 port 54958","@timestamp":"2022-09-12T09:36:41.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:39:52 honeypot-fra-1 sshd[2511]: Connection closed by invalid user User 179.60.147.69 port 32986 [preauth]","@timestamp":"2022-09-12T09:39:53.263Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:40:35.986Z","@version":"1","message":"Sep 12 09:40:35 honeypot-sgp-1 kernel: [83851747.156341] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.127.8 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=58197 PROTO=TCP SPT=54573 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:33 honeypot-fra-1 sshd[2519]: Connection closed by invalid user admin 178.219.115.231 port 35165 [preauth]","@timestamp":"2022-09-12T09:44:34.371Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:42 honeypot-fra-1 sshd[2523]: Disconnected from invalid user user 45.61.186.49 port 57458 [preauth]","@timestamp":"2022-09-12T09:44:42.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:44:50 honeypot-fra-1 sshd[2527]: Disconnected from invalid user user 45.61.186.49 port 41148 [preauth]","@timestamp":"2022-09-12T09:44:51.379Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T09:48:58.195Z","@version":"1","message":"Sep 12 09:48:57 honeypot-sgp-1 sshd[7903]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 09:51:30 honeypot-fra-1 kernel: [83850717.784683] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.56.61.144 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=24043 PROTO=TCP SPT=49673 DPT=636 WINDOW=63540 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T09:51:30.526Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:52:18 honeypot-ams-1 sshd[12349]: Invalid user conciergerie from 142.93.117.15 port 54314","@timestamp":"2022-09-12T09:52:18.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 09:54:10 honeypot-ams-1 sshd[12351]: Disconnected from invalid user tstanaka 43.135.8.135 port 59364 [preauth]","@timestamp":"2022-09-12T09:54:11.037Z"}
{"@timestamp":"2022-09-12T09:55:05.369Z","@version":"1","message":"Sep 12 09:55:05 honeypot-sgp-1 sshd[7905]: Disconnected from invalid user git 5.195.211.234 port 33464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2543]: Invalid user oracle from 51.79.254.140 port 52224","@timestamp":"2022-09-12T10:01:36.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2553]: Invalid user user from 51.79.254.140 port 52050","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2545]: Invalid user test from 51.79.254.140 port 52236","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2582]: Invalid user steam from 51.79.254.140 port 52220","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2539]: Connection closed by authenticating user root 51.79.254.140 port 52018 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2563]: Connection closed by authenticating user root 51.79.254.140 port 52168 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2562]: Connection closed by invalid user michael 51.79.254.140 port 52012 [preauth]","@timestamp":"2022-09-12T10:01:36.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2557]: Connection closed by invalid user user 51.79.254.140 port 52144 [preauth]","@timestamp":"2022-09-12T10:01:37.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:01:36 honeypot-fra-1 sshd[2582]: Connection closed by invalid user steam 51.79.254.140 port 52220 [preauth]","@timestamp":"2022-09-12T10:01:37.755Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:01:48.537Z","@version":"1","message":"Sep 12 10:01:48 honeypot-sgp-1 sshd[7911]: Invalid user User from 179.60.147.69 port 55440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:02:39.562Z","@version":"1","message":"Sep 12 10:02:39 honeypot-sgp-1 sshd[7915]: Disconnected from authenticating user root 92.255.85.69 port 58286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:02:48 honeypot-fra-1 kernel: [83851395.724212] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=9845 PROTO=TCP SPT=49850 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:02:48.786Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:04:59 honeypot-ams-1 sshd[12362]: Disconnected from authenticating user root 46.19.141.122 port 41438 [preauth]","@timestamp":"2022-09-12T10:05:00.315Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:06:48 honeypot-ams-1 sshd[12369]: Invalid user admin from 46.19.141.122 port 43222","@timestamp":"2022-09-12T10:06:48.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:07:20 honeypot-ams-1 sshd[12373]: Received disconnect from 46.19.141.122 port 58200:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:07:21.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:08:05 honeypot-ams-1 sshd[12377]: Disconnected from authenticating user root 92.255.85.70 port 26698 [preauth]","@timestamp":"2022-09-12T10:08:06.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:08:41 honeypot-ams-1 sshd[12381]: Invalid user support from 46.19.141.122 port 52472","@timestamp":"2022-09-12T10:08:42.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:10:58 honeypot-ams-1 sshd[12385]: Disconnected from authenticating user root 176.215.237.117 port 54290 [preauth]","@timestamp":"2022-09-12T10:10:59.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:11:08 honeypot-fra-1 sshd[2626]: Received disconnect from 157.245.122.58 port 52458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:11:08.978Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:18 honeypot-ams-1 sshd[12393]: Received disconnect from 45.61.186.49 port 36242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:12:19.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:12:23 honeypot-ams-1 sshd[12395]: Disconnected from invalid user user 45.61.186.49 port 42256 [preauth]","@timestamp":"2022-09-12T10:12:24.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:12:55 honeypot-fra-1 kernel: [83852002.937159] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.67.226.60 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=22595 DF PROTO=TCP SPT=49723 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:12:56.020Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:13:55 honeypot-fra-1 sshd[2632]: Invalid user data.user from 157.245.122.58 port 36592","@timestamp":"2022-09-12T10:13:56.044Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:14:28.851Z","@version":"1","message":"Sep 12 10:14:27 honeypot-sgp-1 sshd[7923]: Invalid user pi from 136.37.6.214 port 19379","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:14:44 honeypot-ams-1 sshd[12399]: Connection closed by invalid user pi 50.45.186.194 port 45240 [preauth]","@timestamp":"2022-09-12T10:14:44.583Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:14:49 honeypot-fra-1 sshd[2637]: Received disconnect from 157.245.122.58 port 50120:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:14:50.067Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:15:28 honeypot-ams-1 sshd[12403]: Disconnected from invalid user wwwrun 58.186.85.94 port 51552 [preauth]","@timestamp":"2022-09-12T10:15:28.605Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:16:38 honeypot-fra-1 sshd[2641]: Received disconnect from 157.245.122.58 port 48982:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T10:16:39.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2647]: Invalid user chia from 81.69.194.231 port 57528","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2670]: Invalid user test from 81.69.194.231 port 57540","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2662]: Connection closed by invalid user postgres 81.69.194.231 port 57603 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:33 honeypot-fra-1 sshd[2653]: Invalid user test from 81.69.194.231 port 57594","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2658]: Connection closed by invalid user mysql 81.69.194.231 port 57570 [preauth]","@timestamp":"2022-09-12T10:18:34.160Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2654]: Connection closed by invalid user steam 81.69.194.231 port 57552 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2668]: Invalid user vnc from 81.69.194.231 port 57590","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:34 honeypot-fra-1 sshd[2673]: Connection closed by invalid user kafka 81.69.194.231 port 57588 [preauth]","@timestamp":"2022-09-12T10:18:35.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2700]: Connection closed by authenticating user root 217.115.58.242 port 57118 [preauth]","@timestamp":"2022-09-12T10:18:53.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2708]: Invalid user devops from 217.115.58.242 port 57144","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2698]: Connection closed by invalid user mysql 217.115.58.242 port 57128 [preauth]","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2699]: Invalid user zabbix from 217.115.58.242 port 57126","@timestamp":"2022-09-12T10:18:53.169Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:18:53.958Z","@version":"1","message":"Sep 12 10:18:53 honeypot-sgp-1 kernel: [83854045.306979] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.123.184.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=56750 PROTO=TCP SPT=57903 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2706]: Connection closed by invalid user docker 217.115.58.242 port 57140 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2736]: Invalid user user from 217.115.58.242 port 57156","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2711]: Connection closed by authenticating user root 217.115.58.242 port 57194 [preauth]","@timestamp":"2022-09-12T10:18:54.169Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2742]: Connection closed by invalid user mysql 217.115.58.242 port 57182 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2734]: Connection closed by invalid user devops 217.115.58.242 port 57162 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:18:53 honeypot-fra-1 sshd[2758]: Connection closed by invalid user testuser 217.115.58.242 port 57210 [preauth]","@timestamp":"2022-09-12T10:18:54.170Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:20:49.009Z","@version":"1","message":"Sep 12 10:20:48 honeypot-sgp-1 sshd[7934]: Received disconnect from 45.61.186.49 port 54546:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T10:23:15.069Z","@version":"1","message":"Sep 12 10:23:14 honeypot-sgp-1 kernel: [83854306.051657] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=59118 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:24:19 honeypot-ams-1 sshd[12409]: Disconnected from authenticating user root 61.177.173.51 port 23580 [preauth]","@timestamp":"2022-09-12T10:24:19.834Z"}
{"@timestamp":"2022-09-12T10:27:42.178Z","@version":"1","message":"Sep 12 10:27:41 honeypot-sgp-1 kernel: [83854573.015018] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=485 PROTO=TCP SPT=57967 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:29:16 honeypot-fra-1 sshd[2765]: Received disconnect from 139.59.93.234 port 50720:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:29:17.403Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:31:36 honeypot-ams-1 sshd[12418]: Disconnected from authenticating user root 61.177.173.36 port 39558 [preauth]","@timestamp":"2022-09-12T10:31:37.021Z"}
{"@timestamp":"2022-09-12T10:34:51.356Z","@version":"1","message":"Sep 12 10:34:50 honeypot-sgp-1 sshd[7948]: Disconnected from invalid user client001 139.198.18.230 port 35212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:38:21 honeypot-fra-1 sshd[2770]: Disconnected from invalid user kf 165.22.45.108 port 46880 [preauth]","@timestamp":"2022-09-12T10:38:21.606Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T10:43:14.565Z","@version":"1","message":"Sep 12 10:43:14 honeypot-sgp-1 kernel: [83855505.882607] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=52828 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:43:53 honeypot-ams-1 sshd[12425]: Disconnected from invalid user factorio 39.91.166.193 port 54292 [preauth]","@timestamp":"2022-09-12T10:43:53.340Z"}
{"@timestamp":"2022-09-12T10:44:46.604Z","@version":"1","message":"Sep 12 10:44:45 honeypot-sgp-1 sshd[7959]: Disconnected from invalid user knox 210.187.80.132 port 37762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:48:23 honeypot-ams-1 sshd[12436]: Disconnected from authenticating user root 157.245.122.58 port 38408 [preauth]","@timestamp":"2022-09-12T10:48:24.455Z"}
{"@timestamp":"2022-09-12T10:50:11.735Z","@version":"1","message":"Sep 12 10:50:11 honeypot-sgp-1 sshd[7962]: Disconnected from authenticating user root 92.255.85.70 port 39782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:51:07 honeypot-ams-1 sshd[12443]: Invalid user tenancy from 157.245.122.58 port 50784","@timestamp":"2022-09-12T10:51:07.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:52:02 honeypot-ams-1 sshd[12445]: Disconnected from invalid user data.user 157.245.122.58 port 36084 [preauth]","@timestamp":"2022-09-12T10:52:03.554Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:52:51 honeypot-fra-1 sshd[2777]: Received disconnect from 92.255.85.70 port 50256:11: Bye Bye [preauth]","@timestamp":"2022-09-12T10:52:51.939Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 10:53:27 honeypot-ams-1 kernel: [83856592.423571] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.129.219.189 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=43393 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:53:28.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:54:44 honeypot-ams-1 sshd[12455]: Disconnected from invalid user cypress 157.245.122.58 port 48446 [preauth]","@timestamp":"2022-09-12T10:54:44.626Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 10:55:42 honeypot-ams-1 sshd[12461]: Disconnected from authenticating user root 92.255.85.70 port 43948 [preauth]","@timestamp":"2022-09-12T10:55:42.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 10:59:26 honeypot-fra-1 kernel: [83854794.071062] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.227.254.28 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25225 PROTO=TCP SPT=42320 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T10:59:27.089Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:01:52 honeypot-ams-1 sshd[12469]: Disconnected from invalid user secdemo 167.235.132.243 port 52610 [preauth]","@timestamp":"2022-09-12T11:01:52.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:05:28 honeypot-ams-1 sshd[12474]: Disconnected from invalid user hsf 94.153.212.78 port 45706 [preauth]","@timestamp":"2022-09-12T11:05:28.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:09:52 honeypot-fra-1 sshd[2785]: Disconnected from invalid user admin 165.227.109.79 port 53590 [preauth]","@timestamp":"2022-09-12T11:09:53.324Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T11:13:46.325Z","@version":"1","message":"Sep 12 11:13:45 honeypot-sgp-1 sshd[7966]: Disconnected from authenticating user root 92.255.85.70 port 48348 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:14:59 honeypot-fra-1 sshd[2792]: Invalid user eran from 161.35.112.95 port 42086","@timestamp":"2022-09-12T11:14:59.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:09 honeypot-ams-1 sshd[12485]: Invalid user user from 45.61.186.169 port 56692","@timestamp":"2022-09-12T11:15:09.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:27 honeypot-ams-1 sshd[12489]: Invalid user user from 45.61.186.169 port 52170","@timestamp":"2022-09-12T11:15:28.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:15:44 honeypot-ams-1 sshd[12493]: Invalid user user from 45.61.186.169 port 47638","@timestamp":"2022-09-12T11:15:44.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:16:00 honeypot-ams-1 sshd[12497]: Invalid user user from 45.61.186.169 port 43110","@timestamp":"2022-09-12T11:16:00.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:16:05 honeypot-fra-1 sshd[2796]: Connection closed by invalid user support 58.52.198.77 port 33883 [preauth]","@timestamp":"2022-09-12T11:16:05.472Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T11:18:22.442Z","@version":"1","message":"Sep 12 11:18:22 honeypot-sgp-1 kernel: [83857613.826552] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=42864 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:03 honeypot-ams-1 sshd[12505]: Received disconnect from 61.177.173.37 port 18313:11:  [preauth]","@timestamp":"2022-09-12T11:19:04.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:19:18 honeypot-fra-1 sshd[2803]: Connection closed by invalid user admin 148.153.82.141 port 45820 [preauth]","@timestamp":"2022-09-12T11:19:19.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:19:19 honeypot-fra-1 sshd[2809]: Connection closed by invalid user admin 148.153.82.141 port 45858 [preauth]","@timestamp":"2022-09-12T11:19:19.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:19:35 honeypot-ams-1 sshd[12511]: Invalid user pi from 2.205.35.215 port 57000","@timestamp":"2022-09-12T11:19:35.286Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 11:23:14 honeypot-ams-1 kernel: [83858379.613137] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.54.56.108 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=65098 PROTO=TCP SPT=33054 DPT=80 WINDOW=1754 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:23:15.383Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:29:51 honeypot-fra-1 kernel: [83856618.130900] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.131 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=25571 PROTO=TCP SPT=41032 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T11:29:51.787Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T11:30:33.735Z","@version":"1","message":"Sep 12 11:30:32 honeypot-sgp-1 sshd[7979]: Invalid user admin from 178.128.125.205 port 59458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T11:30:33.735Z","@version":"1","message":"Sep 12 11:30:33 honeypot-sgp-1 sshd[7985]: Invalid user admin from 178.128.125.205 port 59486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:30:36 honeypot-ams-1 sshd[12591]: Disconnected from authenticating user root 61.177.173.51 port 50807 [preauth]","@timestamp":"2022-09-12T11:30:36.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:34:35 honeypot-ams-1 sshd[12597]: Disconnected from authenticating user root 143.244.158.100 port 38650 [preauth]","@timestamp":"2022-09-12T11:34:36.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:37:20 honeypot-ams-1 sshd[12604]: Received disconnect from 143.244.158.100 port 59802:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:37:20.769Z"}
{"@timestamp":"2022-09-12T11:37:23.902Z","@version":"1","message":"Sep 12 11:37:22 honeypot-sgp-1 sshd[7991]: Received disconnect from 92.255.85.69 port 63046:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:37:37 honeypot-fra-1 sshd[2820]: Connection closed by invalid user userPgNU2xE52xM52xE5PM__wasadmin 193.106.191.157 port 53092 [preauth]","@timestamp":"2022-09-12T11:37:37.966Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:38:55 honeypot-ams-1 sshd[12610]: Invalid user admin from 193.194.91.166 port 16299","@timestamp":"2022-09-12T11:38:55.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:39:24 honeypot-fra-1 kernel: [83857191.413887] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=38525 DF PROTO=TCP SPT=51771 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T11:39:25.011Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:39:47 honeypot-fra-1 sshd[2829]: Disconnected from invalid user teamspeak3 159.223.107.102 port 42932 [preauth]","@timestamp":"2022-09-12T11:39:48.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:39:50 honeypot-ams-1 sshd[12614]: Received disconnect from 61.177.173.51 port 43993:11:  [preauth]","@timestamp":"2022-09-12T11:39:51.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:41:25 honeypot-ams-1 sshd[12623]: Invalid user heaven from 182.253.28.123 port 58674","@timestamp":"2022-09-12T11:41:25.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:42:24 honeypot-ams-1 sshd[12627]: Disconnected from authenticating user root 143.244.158.100 port 45450 [preauth]","@timestamp":"2022-09-12T11:42:24.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:44:02 honeypot-ams-1 sshd[12633]: Disconnected from authenticating user root 143.244.158.100 port 45870 [preauth]","@timestamp":"2022-09-12T11:44:02.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:45:49 honeypot-ams-1 sshd[12639]: Connection closed by invalid user userPgfF2xN52xEUobF0P3__wasadmin 193.106.191.157 port 53260 [preauth]","@timestamp":"2022-09-12T11:45:50.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:47:37 honeypot-ams-1 sshd[12646]: Disconnected from authenticating user root 143.244.158.100 port 55184 [preauth]","@timestamp":"2022-09-12T11:47:38.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:49:28 honeypot-ams-1 sshd[12652]: Disconnected from authenticating user root 61.177.173.50 port 18049 [preauth]","@timestamp":"2022-09-12T11:49:29.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:49:49 honeypot-fra-1 sshd[2834]: Received disconnect from 165.22.45.108 port 56988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:49:50.251Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T11:50:58.228Z","@version":"1","message":"Sep 12 11:50:57 honeypot-sgp-1 sshd[7999]: Connection closed by invalid user User 179.60.147.69 port 41932 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:52:03 honeypot-ams-1 sshd[12659]: Received disconnect from 143.244.158.100 port 35074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:52:04.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:53:47 honeypot-ams-1 sshd[12667]: Received disconnect from 143.244.158.100 port 44708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:53:48.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:55:35 honeypot-ams-1 sshd[12675]: Invalid user userPgfF2xN52xEUobF0P3__wasadmin from 193.106.191.157 port 37596","@timestamp":"2022-09-12T11:55:36.273Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 11:57:18 honeypot-fra-1 sshd[2839]: Disconnected from authenticating user root 134.209.103.181 port 51544 [preauth]","@timestamp":"2022-09-12T11:57:18.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 11:58:06 honeypot-ams-1 sshd[12682]: Received disconnect from 143.244.158.100 port 58190:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T11:58:07.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:00:37 honeypot-ams-1 sshd[12692]: Received disconnect from 143.244.158.100 port 45850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:00:37.405Z"}
{"@timestamp":"2022-09-12T12:00:42.466Z","@version":"1","message":"Sep 12 12:00:42 honeypot-sgp-1 kernel: [83860153.906372] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=12415 DF PROTO=TCP SPT=43064 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:00:50 honeypot-fra-1 sshd[2843]: Connection closed by invalid user userPgNU2xE52xM52xE5PM__wasadmin 193.106.191.157 port 53478 [preauth]","@timestamp":"2022-09-12T12:00:51.526Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:02:08 honeypot-ams-1 kernel: [83860713.441475] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.132.3.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57239 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:02:09.449Z"}
{"@timestamp":"2022-09-12T12:02:18.508Z","@version":"1","message":"Sep 12 12:02:17 honeypot-sgp-1 kernel: [83860249.480672] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=40974 DF PROTO=TCP SPT=58780 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:03:54 honeypot-ams-1 sshd[12701]: Received disconnect from 143.244.158.100 port 52290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:03:55.498Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:04:31 honeypot-fra-1 kernel: [83858698.569872] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=12229 DF PROTO=TCP SPT=58096 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:04:31.614Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:06:06 honeypot-ams-1 sshd[12707]: Received disconnect from 92.255.85.70 port 23604:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:06:06.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:07:34 honeypot-ams-1 sshd[12716]: Received disconnect from 61.177.173.52 port 63157:11:  [preauth]","@timestamp":"2022-09-12T12:07:35.600Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:08:10 honeypot-ams-1 kernel: [83861075.483626] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57144 DF PROTO=TCP SPT=51402 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:08:11.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:09:32 honeypot-ams-1 sshd[12722]: Disconnected from authenticating user root 61.177.172.104 port 32186 [preauth]","@timestamp":"2022-09-12T12:09:32.656Z"}
{"@timestamp":"2022-09-12T12:10:06.702Z","@version":"1","message":"Sep 12 12:10:06 honeypot-sgp-1 sshd[8008]: Received disconnect from 154.209.4.54 port 41584:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:12:00 honeypot-ams-1 sshd[12729]: Disconnected from authenticating user root 143.244.158.100 port 59036 [preauth]","@timestamp":"2022-09-12T12:12:00.723Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:13:41 honeypot-fra-1 kernel: [83859248.933491] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=10160 PROTO=TCP SPT=44004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:13:42.827Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:14:32 honeypot-ams-1 sshd[12736]: Received disconnect from 143.244.158.100 port 43906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:14:33.792Z"}
{"@timestamp":"2022-09-12T12:15:31.837Z","@version":"1","message":"Sep 12 12:15:31 honeypot-sgp-1 sshd[8011]: Received disconnect from 211.245.31.15 port 45548:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:15:49 honeypot-ams-1 sshd[12741]: Disconnected from authenticating user root 61.177.172.98 port 32188 [preauth]","@timestamp":"2022-09-12T12:15:49.829Z"}
{"@timestamp":"2022-09-12T12:16:24.860Z","@version":"1","message":"Sep 12 12:16:24 honeypot-sgp-1 sshd[8015]: Disconnected from authenticating user root 188.112.63.67 port 10151 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:17:01 honeypot-ams-1 CRON[12748]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T12:17:01.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:18:40 honeypot-ams-1 sshd[12755]: Disconnected from authenticating user root 143.244.158.100 port 56164 [preauth]","@timestamp":"2022-09-12T12:18:40.908Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:46 honeypot-fra-1 sshd[2856]: Disconnected from invalid user user 45.61.186.49 port 40658 [preauth]","@timestamp":"2022-09-12T12:18:46.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:18:55 honeypot-fra-1 sshd[2860]: Disconnected from invalid user user 45.61.186.49 port 52374 [preauth]","@timestamp":"2022-09-12T12:18:55.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:22:50 honeypot-fra-1 kernel: [83859797.415941] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=15826 PROTO=TCP SPT=58002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:22:51.038Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T12:24:21.056Z","@version":"1","message":"Sep 12 12:24:20 honeypot-sgp-1 sshd[8023]: Connection closed by invalid user User 179.60.147.69 port 2586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:24:49 honeypot-ams-1 kernel: [83862073.709455] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=46084 PROTO=TCP SPT=52181 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:24:49.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:25:35 honeypot-fra-1 sshd[2867]: Disconnected from invalid user kfserver 165.22.45.108 port 33794 [preauth]","@timestamp":"2022-09-12T12:25:36.102Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:27:07 honeypot-ams-1 sshd[12766]: Invalid user User from 179.60.147.69 port 40794","@timestamp":"2022-09-12T12:27:08.138Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:29:26 honeypot-ams-1 kernel: [83862350.939341] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=10287 PROTO=TCP SPT=59500 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T12:29:27.202Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:36:02 honeypot-fra-1 sshd[2875]: Invalid user User from 179.60.147.69 port 49414","@timestamp":"2022-09-12T12:36:03.342Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:40:54.456Z","@version":"1","message":"Sep 12 12:40:54 honeypot-sgp-1 sshd[8032]: Received disconnect from 175.144.17.41 port 32970:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:41:40 honeypot-ams-1 sshd[12784]: Received disconnect from 45.61.184.204 port 59278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:41:40.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:02 honeypot-ams-1 sshd[12788]: Received disconnect from 45.61.184.204 port 55698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:42:02.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:21 honeypot-ams-1 sshd[12792]: Received disconnect from 45.61.184.204 port 52058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:42:22.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:42:38 honeypot-ams-1 sshd[12796]: Received disconnect from 45.61.184.204 port 48426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T12:42:39.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:45:43 honeypot-fra-1 sshd[2887]: Received disconnect from 43.132.183.192 port 57468:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:45:44.570Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:47:19.614Z","@version":"1","message":"Sep 12 12:47:19 honeypot-sgp-1 sshd[8035]: Disconnected from authenticating user root 92.255.85.69 port 51674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2898]: Invalid user testuser from 52.66.15.94 port 52476","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:47:42 honeypot-fra-1 sshd[2895]: Connection closed by invalid user admin 52.66.15.94 port 52472 [preauth]","@timestamp":"2022-09-12T12:47:43.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:49:07 honeypot-ams-1 sshd[12805]: Received disconnect from 201.217.143.51 port 34335:11: Bye Bye [preauth]","@timestamp":"2022-09-12T12:49:08.712Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 12:50:57 honeypot-ams-1 kernel: [83863641.819786] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=64609 DF PROTO=TCP SPT=56179 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T12:50:57.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:52:56 honeypot-fra-1 sshd[2907]: Connection closed by 104.194.75.112 port 51938 [preauth]","@timestamp":"2022-09-12T12:52:56.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 12:53:05 honeypot-ams-1 sshd[12810]: Disconnected from invalid user calice 189.142.109.122 port 44100 [preauth]","@timestamp":"2022-09-12T12:53:05.824Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:56:05 honeypot-fra-1 sshd[2911]: Connection closed by invalid user guest 193.106.191.157 port 59836 [preauth]","@timestamp":"2022-09-12T12:56:05.815Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T12:58:02.907Z","@version":"1","message":"Sep 12 12:58:02 honeypot-sgp-1 sshd[8038]: Connection closed by invalid user User 179.60.147.69 port 9610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 12:58:32 honeypot-fra-1 sshd[2916]: Disconnected from invalid user ec2-user 165.22.60.176 port 57258 [preauth]","@timestamp":"2022-09-12T12:58:32.873Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:00:01 honeypot-ams-1 sshd[12819]: Disconnected from authenticating user root 61.177.173.36 port 25052 [preauth]","@timestamp":"2022-09-12T13:00:02.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:04:12 honeypot-ams-1 sshd[12828]: Connection closed by invalid user guest 193.106.191.157 port 33412 [preauth]","@timestamp":"2022-09-12T13:04:13.119Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:34 honeypot-fra-1 sshd[2922]: Received disconnect from 20.198.66.189 port 34806:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:05:35.037Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:47 honeypot-fra-1 sshd[2926]: Received disconnect from 45.61.186.169 port 36426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:05:48.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:05:56 honeypot-fra-1 sshd[2930]: Disconnected from invalid user user 45.61.186.169 port 48084 [preauth]","@timestamp":"2022-09-12T13:05:57.046Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:13 honeypot-fra-1 sshd[2934]: Disconnected from invalid user user 45.61.186.169 port 43166 [preauth]","@timestamp":"2022-09-12T13:06:13.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:06:29 honeypot-fra-1 sshd[2938]: Disconnected from invalid user user 45.61.186.169 port 38248 [preauth]","@timestamp":"2022-09-12T13:06:29.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:09:47 honeypot-fra-1 sshd[2942]: Invalid user User from 179.60.147.69 port 59758","@timestamp":"2022-09-12T13:09:47.142Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:05 honeypot-fra-1 sshd[2948]: Received disconnect from 45.61.184.204 port 42298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:10:06.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:23 honeypot-fra-1 sshd[2953]: Received disconnect from 45.61.184.204 port 37704:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:10:24.161Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:10:39.215Z","@version":"1","message":"Sep 12 13:10:38 honeypot-sgp-1 sshd[8044]: Received disconnect from 198.100.155.70 port 54678:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:10:42 honeypot-fra-1 sshd[2957]: Received disconnect from 45.61.184.204 port 33118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T13:10:42.169Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:13:04 honeypot-ams-1 sshd[12835]: Disconnected from authenticating user root 61.177.173.51 port 29481 [preauth]","@timestamp":"2022-09-12T13:13:05.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:16:26 honeypot-fra-1 sshd[2962]: Invalid user applmgr from 51.38.49.17 port 37012","@timestamp":"2022-09-12T13:16:27.301Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:17:01 honeypot-ams-1 CRON[12843]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T13:17:02.452Z"}
{"@timestamp":"2022-09-12T13:17:25.382Z","@version":"1","message":"Sep 12 13:17:25 honeypot-sgp-1 sshd[8053]: Did not receive identification string from 45.61.184.204 port 52326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:03.400Z","@version":"1","message":"Sep 12 13:18:03 honeypot-sgp-1 sshd[8056]: Received disconnect from 45.61.184.204 port 59930:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:18:19 honeypot-fra-1 sshd[2967]: Invalid user csgoserver from 46.101.187.234 port 53688","@timestamp":"2022-09-12T13:18:19.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:18:23.410Z","@version":"1","message":"Sep 12 13:18:22 honeypot-sgp-1 sshd[8060]: Received disconnect from 45.61.184.204 port 54788:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:37.417Z","@version":"1","message":"Sep 12 13:18:36 honeypot-sgp-1 kernel: [83864828.333353] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=15648 DF PROTO=TCP SPT=56326 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:18:50.424Z","@version":"1","message":"Sep 12 13:18:49 honeypot-sgp-1 sshd[8066]: Received disconnect from 45.61.184.204 port 32978:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:20:08 honeypot-fra-1 sshd[2973]: Invalid user banet from 59.52.27.235 port 54768","@timestamp":"2022-09-12T13:20:09.392Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:27:13.625Z","@version":"1","message":"Sep 12 13:27:13 honeypot-sgp-1 sshd[8071]: Disconnected from invalid user oracle 177.55.100.134 port 43788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:27:55 honeypot-fra-1 sshd[2976]: Invalid user lam from 128.199.177.90 port 56012","@timestamp":"2022-09-12T13:27:55.568Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:29:22.679Z","@version":"1","message":"Sep 12 13:29:21 honeypot-sgp-1 sshd[8077]: Received disconnect from 157.245.122.58 port 42004:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:30:41.715Z","@version":"1","message":"Sep 12 13:30:41 honeypot-sgp-1 kernel: [83865553.106337] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=27 ID=54451 PROTO=TCP SPT=37426 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:06 honeypot-fra-1 sshd[2980]: Did not receive identification string from 45.61.184.204 port 47866","@timestamp":"2022-09-12T13:31:06.640Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:31:22 honeypot-ams-1 sshd[12854]: Disconnected from authenticating user root 61.177.173.51 port 10415 [preauth]","@timestamp":"2022-09-12T13:31:22.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:24 honeypot-fra-1 sshd[2983]: Disconnected from invalid user user 45.61.184.204 port 56128 [preauth]","@timestamp":"2022-09-12T13:31:25.650Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:31:28.738Z","@version":"1","message":"Sep 12 13:31:28 honeypot-sgp-1 sshd[8084]: Connection closed by invalid user User 179.60.147.69 port 50148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:31:44 honeypot-fra-1 sshd[2987]: Disconnected from invalid user user 45.61.184.204 port 51406 [preauth]","@timestamp":"2022-09-12T13:31:44.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:32:00 honeypot-fra-1 sshd[2991]: Disconnected from invalid user user 45.61.184.204 port 46674 [preauth]","@timestamp":"2022-09-12T13:32:01.668Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:32:56.777Z","@version":"1","message":"Sep 12 13:32:56 honeypot-sgp-1 sshd[8088]: Disconnected from invalid user jonitiso 157.245.122.58 port 39678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:33:47.800Z","@version":"1","message":"Sep 12 13:33:47 honeypot-sgp-1 sshd[8092]: Disconnected from invalid user cypress 157.245.122.58 port 53216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:35:39 honeypot-fra-1 kernel: [83864166.265319] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.152.42 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=9491 PROTO=TCP SPT=19275 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:35:39.752Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:36:38 honeypot-ams-1 sshd[12864]: Connection closed by invalid user  118.193.59.5 port 42596 [preauth]","@timestamp":"2022-09-12T13:36:38.952Z"}
{"@timestamp":"2022-09-12T13:37:30.895Z","@version":"1","message":"Sep 12 13:37:30 honeypot-sgp-1 sshd[8099]: Did not receive identification string from 45.61.186.249 port 36632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T13:37:50.906Z","@version":"1","message":"Sep 12 13:37:50 honeypot-sgp-1 sshd[8102]: Disconnected from invalid user user 45.61.186.249 port 52596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:37:57 honeypot-fra-1 sshd[3002]: Did not receive identification string from 141.255.162.226 port 56966","@timestamp":"2022-09-12T13:37:58.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:05 honeypot-fra-1 sshd[3005]: Disconnected from invalid user user 141.255.162.226 port 51740 [preauth]","@timestamp":"2022-09-12T13:38:05.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:08 honeypot-fra-1 sshd[3009]: Disconnected from invalid user user 141.255.162.226 port 44294 [preauth]","@timestamp":"2022-09-12T13:38:08.812Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:08.915Z","@version":"1","message":"Sep 12 13:38:08 honeypot-sgp-1 sshd[8106]: Disconnected from invalid user user 45.61.186.249 port 47662 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:38:12 honeypot-fra-1 sshd[3013]: Disconnected from invalid user user 141.255.162.226 port 58668 [preauth]","@timestamp":"2022-09-12T13:38:12.814Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T13:38:25.923Z","@version":"1","message":"Sep 12 13:38:25 honeypot-sgp-1 sshd[8110]: Disconnected from invalid user user 45.61.186.249 port 42734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:39:24 honeypot-ams-1 sshd[12872]: Invalid user javadog from 190.1.203.180 port 56576","@timestamp":"2022-09-12T13:39:25.029Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:39:44 honeypot-ams-1 sshd[12874]: Disconnected from authenticating user root 92.255.85.69 port 59274 [preauth]","@timestamp":"2022-09-12T13:39:45.041Z"}
{"@timestamp":"2022-09-12T13:40:02.967Z","@version":"1","message":"Sep 12 13:40:02 honeypot-sgp-1 sshd[8114]: Received disconnect from 206.189.197.134 port 50726:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:45:25 honeypot-ams-1 sshd[12881]: Disconnected from authenticating user root 186.209.111.2 port 43964 [preauth]","@timestamp":"2022-09-12T13:45:26.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:15 honeypot-ams-1 sshd[12888]: Invalid user user from 141.255.162.226 port 37622","@timestamp":"2022-09-12T13:46:16.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 13:46:18 honeypot-ams-1 sshd[12892]: Invalid user user from 141.255.162.226 port 51864","@timestamp":"2022-09-12T13:46:19.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:46:28 honeypot-fra-1 sshd[3019]: Received disconnect from 128.199.171.119 port 47342:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:46:29.012Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:48:24 honeypot-ams-1 kernel: [83867088.679516] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=41757 PROTO=TCP SPT=52457 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:48:24.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:49:24 honeypot-fra-1 sshd[3023]: Disconnected from invalid user volmer 198.23.148.137 port 33870 [preauth]","@timestamp":"2022-09-12T13:49:25.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 13:51:53 honeypot-fra-1 sshd[3028]: Received disconnect from 43.153.29.185 port 39106:11: Bye Bye [preauth]","@timestamp":"2022-09-12T13:51:54.141Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:53:09 honeypot-ams-1 kernel: [83867373.978808] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=54.39.2.109 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=27095 PROTO=TCP SPT=31060 DPT=80 WINDOW=14364 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:53:09.405Z"}
{"@timestamp":"2022-09-12T13:56:07.361Z","@version":"1","message":"Sep 12 13:56:06 honeypot-sgp-1 kernel: [83867078.403856] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23451 PROTO=TCP SPT=58867 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 13:58:24 honeypot-ams-1 kernel: [83867688.880764] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=64802 PROTO=TCP SPT=42299 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T13:58:24.545Z"}
{"@timestamp":"2022-09-12T13:59:32.450Z","@version":"1","message":"Sep 12 13:59:31 honeypot-sgp-1 sshd[8122]: Received disconnect from 122.168.194.41 port 59752:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:01:25 honeypot-fra-1 sshd[3033]: Disconnected from authenticating user root 92.255.85.70 port 47986 [preauth]","@timestamp":"2022-09-12T14:01:26.351Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:07:04.638Z","@version":"1","message":"Sep 12 14:07:03 honeypot-sgp-1 sshd[8129]: Invalid user ronjones from 8.213.129.130 port 46472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:07:53 honeypot-ams-1 sshd[12913]: Connection closed by invalid user User 179.60.147.69 port 25024 [preauth]","@timestamp":"2022-09-12T14:07:53.790Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:09:28 honeypot-ams-1 kernel: [83868353.006913] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.219.89.138 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=16309 DF PROTO=TCP SPT=58356 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:09:28.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:11:04 honeypot-fra-1 sshd[3039]: Received disconnect from 165.22.45.108 port 48810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:11:04.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:17:01 honeypot-fra-1 CRON[3047]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T14:17:01.724Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:17:01.884Z","@version":"1","message":"Sep 12 14:17:01 honeypot-sgp-1 CRON[8132]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:17:01 honeypot-ams-1 CRON[12929]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T14:17:02.027Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:20:57 honeypot-ams-1 sshd[12936]: Connection closed by invalid user admin 193.106.191.157 port 41310 [preauth]","@timestamp":"2022-09-12T14:20:58.132Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:28:07 honeypot-fra-1 kernel: [83867314.597064] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=46043 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:28:07.973Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:30:56 honeypot-ams-1 sshd[12944]: Connection reset by 61.177.173.51 port 45315 [preauth]","@timestamp":"2022-09-12T14:30:57.414Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 14:32:46 honeypot-ams-1 kernel: [83869750.911438] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.233.25 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=22514 PROTO=TCP SPT=61509 DPT=80 WINDOW=45325 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:32:46.469Z"}
{"@timestamp":"2022-09-12T14:32:58.287Z","@version":"1","message":"Sep 12 14:32:57 honeypot-sgp-1 kernel: [83869288.896947] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.87.184.196 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=41503 PROTO=TCP SPT=53135 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:41:47.518Z","@version":"1","message":"Sep 12 14:41:47 honeypot-sgp-1 sshd[8147]: Connection closed by invalid user User 179.60.147.69 port 14848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:42:40 honeypot-fra-1 sshd[3059]: Received disconnect from 165.22.97.194 port 33174:11: Bye Bye [preauth]","@timestamp":"2022-09-12T14:42:40.296Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:07.554Z","@version":"1","message":"Sep 12 14:43:07 honeypot-sgp-1 sshd[8152]: Received disconnect from 45.61.187.160 port 39474:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:15 honeypot-fra-1 sshd[3064]: Received disconnect from 45.61.187.160 port 51346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:43:16.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:29.566Z","@version":"1","message":"Sep 12 14:43:29 honeypot-sgp-1 sshd[8157]: Received disconnect from 45.61.187.160 port 34520:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:37 honeypot-fra-1 sshd[3068]: Received disconnect from 45.61.187.160 port 46404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:43:38.322Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:43:50.575Z","@version":"1","message":"Sep 12 14:43:50 honeypot-sgp-1 sshd[8161]: Received disconnect from 45.61.187.160 port 57798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:43:52 honeypot-ams-1 sshd[12955]: Disconnected from authenticating user root 61.177.173.36 port 43248 [preauth]","@timestamp":"2022-09-12T14:43:52.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:43:57 honeypot-fra-1 sshd[3072]: Received disconnect from 45.61.187.160 port 41436:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:43:58.332Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:45:34.620Z","@version":"1","message":"Sep 12 14:45:33 honeypot-sgp-1 sshd[8166]: Disconnected from authenticating user root 92.255.85.70 port 56888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:46:25 honeypot-fra-1 sshd[3076]: Received disconnect from 165.22.45.108 port 53676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T14:46:26.390Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T14:50:00.736Z","@version":"1","message":"Sep 12 14:49:59 honeypot-sgp-1 sshd[8173]: Received disconnect from 103.242.199.234 port 41938:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 14:50:49 honeypot-ams-1 sshd[12963]: Received disconnect from 92.255.85.69 port 59698:11: Bye Bye [preauth]","@timestamp":"2022-09-12T14:50:49.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 14:55:24 honeypot-fra-1 kernel: [83868950.683689] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=51279 PROTO=TCP SPT=50426 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T14:55:24.588Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T14:55:26.874Z","@version":"1","message":"Sep 12 14:55:25 honeypot-sgp-1 sshd[8178]: Invalid user mcserver from 206.189.46.251 port 56840","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:00.941Z","@version":"1","message":"Sep 12 14:58:00 honeypot-sgp-1 sshd[8181]: Disconnected from invalid user user 45.61.186.49 port 50306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T14:58:11.946Z","@version":"1","message":"Sep 12 14:58:11 honeypot-sgp-1 sshd[8185]: Disconnected from invalid user user 45.61.186.49 port 33858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:02:31 honeypot-ams-1 sshd[12973]: Disconnected from authenticating user root 218.92.0.204 port 11026 [preauth]","@timestamp":"2022-09-12T15:02:32.265Z"}
{"@timestamp":"2022-09-12T15:06:42.162Z","@version":"1","message":"Sep 12 15:06:42 honeypot-sgp-1 kernel: [83871313.469255] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=54355 PROTO=TCP SPT=54803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T15:08:11.202Z","@version":"1","message":"Sep 12 15:08:10 honeypot-sgp-1 sshd[8192]: Disconnected from invalid user admin 138.201.20.212 port 16636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:11:05 honeypot-fra-1 sshd[3087]: Received disconnect from 92.255.85.70 port 62904:11: Bye Bye [preauth]","@timestamp":"2022-09-12T15:11:05.967Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:12:39.339Z","@version":"1","message":"Sep 12 15:12:38 honeypot-sgp-1 kernel: [83871670.084350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=38133 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:14:21 honeypot-ams-1 sshd[12979]: Disconnected from authenticating user root 92.255.85.70 port 24296 [preauth]","@timestamp":"2022-09-12T15:14:22.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:33 honeypot-ams-1 sshd[12984]: Disconnected from invalid user user 45.61.187.160 port 42614 [preauth]","@timestamp":"2022-09-12T15:15:33.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:15:59 honeypot-ams-1 sshd[12990]: Invalid user user from 45.61.187.160 port 37286","@timestamp":"2022-09-12T15:15:59.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:17 honeypot-ams-1 sshd[12994]: Invalid user user from 45.61.187.160 port 60186","@timestamp":"2022-09-12T15:16:17.621Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:16:34 honeypot-ams-1 sshd[12998]: Invalid user user from 45.61.187.160 port 54854","@timestamp":"2022-09-12T15:16:35.630Z"}
{"@timestamp":"2022-09-12T15:17:01.453Z","@version":"1","message":"Sep 12 15:17:01 honeypot-sgp-1 CRON[8202]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:18:31 honeypot-ams-1 sshd[13006]: Received disconnect from 61.177.173.36 port 60519:11:  [preauth]","@timestamp":"2022-09-12T15:18:31.684Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:21:45 honeypot-fra-1 sshd[3096]: Invalid user killer from 165.22.45.108 port 58510","@timestamp":"2022-09-12T15:21:46.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:22:36.596Z","@version":"1","message":"Sep 12 15:22:36 honeypot-sgp-1 sshd[8208]: Received disconnect from 138.197.142.81 port 58736:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:20 honeypot-fra-1 sshd[3100]: Invalid user user from 198.98.61.9 port 54174","@timestamp":"2022-09-12T15:27:21.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:38 honeypot-fra-1 sshd[3104]: Invalid user user from 198.98.61.9 port 49334","@timestamp":"2022-09-12T15:27:39.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:27:50 honeypot-fra-1 kernel: [83870897.172896] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.232.45.241 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=3737 PROTO=TCP SPT=53299 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:27:51.347Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:28:08 honeypot-fra-1 sshd[3110]: Disconnected from invalid user user 198.98.61.9 port 56202 [preauth]","@timestamp":"2022-09-12T15:28:08.355Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 15:28:08 honeypot-ams-1 kernel: [83873073.540321] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.128 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=4192 PROTO=TCP SPT=61099 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:28:09.934Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:31:31 honeypot-fra-1 kernel: [83871118.393760] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=60978 DF PROTO=TCP SPT=51399 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T15:31:32.453Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T15:34:35.890Z","@version":"1","message":"Sep 12 15:34:35 honeypot-sgp-1 sshd[8652]: Invalid user cvsroot from 193.46.199.36 port 43688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:27 honeypot-fra-1 sshd[3123]: Did not receive identification string from 45.61.186.49 port 49424","@timestamp":"2022-09-12T15:36:28.570Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:46 honeypot-fra-1 sshd[3126]: Disconnected from invalid user user 45.61.186.49 port 39584 [preauth]","@timestamp":"2022-09-12T15:36:46.580Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:36:47 honeypot-ams-1 sshd[13022]: Received disconnect from 92.255.85.69 port 40372:11: Bye Bye [preauth]","@timestamp":"2022-09-12T15:36:48.158Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:36:56 honeypot-fra-1 sshd[3130]: Disconnected from invalid user user 45.61.186.49 port 50994 [preauth]","@timestamp":"2022-09-12T15:36:56.584Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:15 honeypot-ams-1 sshd[13026]: Received disconnect from 45.61.184.204 port 33002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:37:16.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:35 honeypot-ams-1 sshd[13030]: Received disconnect from 45.61.184.204 port 56952:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:37:36.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:37:54 honeypot-ams-1 sshd[13035]: Invalid user user from 45.61.184.204 port 52670","@timestamp":"2022-09-12T15:37:55.198Z"}
{"@timestamp":"2022-09-12T15:38:08.977Z","@version":"1","message":"Sep 12 15:38:08 honeypot-sgp-1 sshd[8656]: Invalid user admin from 23.94.194.115 port 57548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:38:09 honeypot-ams-1 sshd[13037]: Connection closed by authenticating user mail 193.106.191.157 port 49104 [preauth]","@timestamp":"2022-09-12T15:38:10.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:45:51 honeypot-ams-1 sshd[13049]: Received disconnect from 45.61.187.160 port 33234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T15:45:51.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:02 honeypot-ams-1 sshd[13051]: Disconnected from invalid user user 45.61.187.160 port 44644 [preauth]","@timestamp":"2022-09-12T15:46:03.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:21 honeypot-ams-1 sshd[13055]: Disconnected from invalid user user 45.61.187.160 port 39194 [preauth]","@timestamp":"2022-09-12T15:46:22.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:46:40 honeypot-ams-1 sshd[13059]: Disconnected from invalid user user 45.61.187.160 port 33784 [preauth]","@timestamp":"2022-09-12T15:46:41.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:50:41 honeypot-ams-1 sshd[13066]: Disconnected from authenticating user root 61.177.172.19 port 15213 [preauth]","@timestamp":"2022-09-12T15:50:42.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:52:33 honeypot-fra-1 sshd[3136]: Invalid user guest from 148.66.39.117 port 60226","@timestamp":"2022-09-12T15:52:33.933Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T15:55:51.404Z","@version":"1","message":"Sep 12 15:55:50 honeypot-sgp-1 sshd[8663]: Invalid user User from 179.60.147.69 port 15632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 15:56:52 honeypot-fra-1 sshd[3142]: Invalid user KILLER from 165.22.45.108 port 35104","@timestamp":"2022-09-12T15:56:53.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 15:58:53 honeypot-ams-1 sshd[13073]: Invalid user User from 179.60.147.69 port 48686","@timestamp":"2022-09-12T15:58:54.754Z"}
{"@timestamp":"2022-09-12T16:01:56.553Z","@version":"1","message":"Sep 12 16:01:56 honeypot-sgp-1 sshd[8668]: Received disconnect from 51.38.227.101 port 43736:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:02:59 honeypot-fra-1 sshd[3149]: Received disconnect from 96.78.175.36 port 36406:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:03:00.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:02 honeypot-fra-1 sshd[3158]: Invalid user web from 122.128.79.246 port 56364","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3160]: Invalid user vagrant from 122.128.79.246 port 56360","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3154]: Invalid user web from 122.128.79.246 port 56350","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3173]: Invalid user hadoop from 122.128.79.246 port 56328","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3178]: Invalid user elasticsearch from 122.128.79.246 port 56352","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3155]: Connection closed by invalid user git 122.128.79.246 port 56386 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3171]: Connection closed by invalid user centos 122.128.79.246 port 56384 [preauth]","@timestamp":"2022-09-12T16:08:03.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3167]: Connection closed by invalid user esuser 122.128.79.246 port 56366 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3165]: Connection closed by invalid user test 122.128.79.246 port 56348 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:03 honeypot-fra-1 sshd[3180]: Connection closed by authenticating user root 122.128.79.246 port 56408 [preauth]","@timestamp":"2022-09-12T16:08:04.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:08:59 honeypot-fra-1 sshd[3214]: Disconnected from invalid user user 45.61.186.49 port 59500 [preauth]","@timestamp":"2022-09-12T16:09:00.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:09:11 honeypot-fra-1 sshd[3218]: Disconnected from invalid user user 45.61.186.49 port 42910 [preauth]","@timestamp":"2022-09-12T16:09:12.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:10:14 honeypot-ams-1 sshd[13078]: Invalid user git from 178.46.163.191 port 50816","@timestamp":"2022-09-12T16:10:15.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:12:44 honeypot-ams-1 sshd[13082]: Disconnected from authenticating user root 61.105.158.130 port 39440 [preauth]","@timestamp":"2022-09-12T16:12:45.113Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:17:01 honeypot-fra-1 CRON[3223]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T16:17:01.488Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:17:01.948Z","@version":"1","message":"Sep 12 16:17:01 honeypot-sgp-1 CRON[8674]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:19:19 honeypot-ams-1 sshd[13091]: Bad protocol version identification 'MGLNDD_178.62.254.91_22' from 192.241.212.115 port 43440","@timestamp":"2022-09-12T16:19:19.283Z"}
{"@timestamp":"2022-09-12T16:20:18.030Z","@version":"1","message":"Sep 12 16:20:18 honeypot-sgp-1 sshd[8681]: Invalid user tanis from 84.154.21.138 port 35708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:20:28 honeypot-fra-1 kernel: [83874055.320268] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=19993 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:20:29.588Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:22:09 honeypot-fra-1 sshd[3232]: Received disconnect from 159.65.156.159 port 33064:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:22:10.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3238]: Invalid user admin from 1.13.177.251 port 47634","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3247]: Invalid user oracle from 1.13.177.251 port 47620","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3258]: Invalid user devops from 1.13.177.251 port 47686","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:52 honeypot-fra-1 sshd[3237]: Connection closed by invalid user oracle 1.13.177.251 port 47676 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3244]: Connection closed by authenticating user root 1.13.177.251 port 47610 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3246]: Connection closed by invalid user mysql 1.13.177.251 port 47692 [preauth]","@timestamp":"2022-09-12T16:23:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3261]: Connection closed by invalid user hadoop 1.13.177.251 port 47640 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3251]: Connection closed by invalid user admin 1.13.177.251 port 47646 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:23:53 honeypot-fra-1 sshd[3263]: Connection closed by invalid user oracle 1.13.177.251 port 47622 [preauth]","@timestamp":"2022-09-12T16:23:53.670Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:24:24.131Z","@version":"1","message":"Sep 12 16:24:23 honeypot-sgp-1 sshd[8685]: Received disconnect from 177.37.164.118 port 42320:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:26:36 honeypot-ams-1 kernel: [83876581.304182] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=46181 DF PROTO=TCP SPT=64306 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T16:26:37.470Z"}
{"@timestamp":"2022-09-12T16:30:42.313Z","@version":"1","message":"Sep 12 16:30:42 honeypot-sgp-1 sshd[8691]: Invalid user bremen from 143.198.39.132 port 56740","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:31:46.344Z","@version":"1","message":"Sep 12 16:31:46 honeypot-sgp-1 sshd[8693]: Connection closed by invalid user User 179.60.147.69 port 49172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:32:12 honeypot-fra-1 sshd[3739]: Disconnected from invalid user kimberly 165.22.45.108 port 39932 [preauth]","@timestamp":"2022-09-12T16:32:12.853Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:36:06.450Z","@version":"1","message":"Sep 12 16:36:06 honeypot-sgp-1 kernel: [83876677.432867] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.193.130 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33746 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:36:19 honeypot-ams-1 kernel: [83877164.221787] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=49163 DF PROTO=TCP SPT=64559 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T16:36:19.719Z"}
{"@timestamp":"2022-09-12T16:37:36.490Z","@version":"1","message":"Sep 12 16:37:36 honeypot-sgp-1 sshd[8705]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T16:40:50.569Z","@version":"1","message":"Sep 12 16:40:50 honeypot-sgp-1 sshd[8709]: Disconnected from 159.223.172.195 port 57960 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:43:23 honeypot-fra-1 sshd[3748]: Invalid user User from 179.60.147.69 port 10694","@timestamp":"2022-09-12T16:43:24.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T16:43:28.634Z","@version":"1","message":"Sep 12 16:43:28 honeypot-sgp-1 kernel: [83877119.843472] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=50977 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:46:10 honeypot-fra-1 sshd[3752]: Connection closed by invalid user devops 103.188.176.251 port 60948 [preauth]","@timestamp":"2022-09-12T16:46:11.189Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:47:47 honeypot-ams-1 sshd[13104]: Disconnected from authenticating user root 92.255.85.69 port 63596 [preauth]","@timestamp":"2022-09-12T16:47:48.013Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:49:25 honeypot-ams-1 kernel: [83877949.580294] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.98.49.139 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=29 ID=57322 PROTO=TCP SPT=46913 DPT=3389 WINDOW=2048 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:49:26.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:50:37 honeypot-fra-1 sshd[3761]: Disconnected from authenticating user root 164.90.224.134 port 44834 [preauth]","@timestamp":"2022-09-12T16:50:37.290Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:17 honeypot-ams-1 sshd[13117]: Received disconnect from 206.189.14.223 port 45322:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:51:18.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:51:18 honeypot-ams-1 sshd[13114]: Disconnected from authenticating user root 96.1.64.194 port 53572 [preauth]","@timestamp":"2022-09-12T16:51:19.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:52:55 honeypot-fra-1 kernel: [83876001.366710] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=169.228.66.212 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52166 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:52:55.345Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 16:53:40 honeypot-ams-1 kernel: [83878205.381054] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.96.157.114 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=53171 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T16:53:41.180Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 16:54:00 honeypot-fra-1 sshd[3772]: Invalid user oracle from 172.104.51.35 port 49636","@timestamp":"2022-09-12T16:54:01.373Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:55:09 honeypot-ams-1 sshd[13128]: Invalid user ftp from 193.106.191.157 port 56600","@timestamp":"2022-09-12T16:55:10.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 16:56:57 honeypot-ams-1 sshd[13132]: Received disconnect from 194.31.55.148 port 37854:11: Bye Bye [preauth]","@timestamp":"2022-09-12T16:56:57.272Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:00:42 honeypot-ams-1 sshd[13137]: Connection closed by invalid user  64.62.197.212 port 5686 [preauth]","@timestamp":"2022-09-12T17:00:43.371Z"}
{"@timestamp":"2022-09-12T17:01:38.088Z","@version":"1","message":"Sep 12 17:01:37 honeypot-sgp-1 sshd[8720]: Invalid user hcat from 167.71.235.223 port 57772","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:04:55 honeypot-ams-1 sshd[13143]: Invalid user ftp from 193.106.191.157 port 40772","@timestamp":"2022-09-12T17:04:56.479Z"}
{"@timestamp":"2022-09-12T17:06:12.199Z","@version":"1","message":"Sep 12 17:06:12 honeypot-sgp-1 sshd[8725]: Disconnected from authenticating user root 92.255.85.70 port 26532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:07:24 honeypot-fra-1 sshd[3779]: Invalid user kim from 165.22.45.108 port 44740","@timestamp":"2022-09-12T17:07:24.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:07:46 honeypot-ams-1 sshd[13148]: Disconnected from invalid user ftpuser 190.226.244.9 port 39294 [preauth]","@timestamp":"2022-09-12T17:07:46.556Z"}
{"@timestamp":"2022-09-12T17:08:34.259Z","@version":"1","message":"Sep 12 17:08:33 honeypot-sgp-1 kernel: [83878625.048502] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.38.12.21 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=40394 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:09:01 honeypot-fra-1 CRON[3783]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T17:09:01.709Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:09:02.273Z","@version":"1","message":"Sep 12 17:09:01 honeypot-sgp-1 CRON[8735]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:09:01 honeypot-ams-1 CRON[13154]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T17:09:02.592Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:10:27 honeypot-fra-1 kernel: [83877053.845199] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39121 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:10:27.746Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:12:39 honeypot-ams-1 sshd[13160]: Received disconnect from 141.8.195.167 port 60018:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:12:39.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:16:56 honeypot-fra-1 sshd[3794]: Invalid user User from 179.60.147.69 port 39414","@timestamp":"2022-09-12T17:16:56.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:19:00 honeypot-fra-1 sshd[3804]: Invalid user admin from 141.98.10.158 port 46550","@timestamp":"2022-09-12T17:19:00.944Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:19:35.526Z","@version":"1","message":"Sep 12 17:19:35 honeypot-sgp-1 kernel: [83879286.644486] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=18420 DF PROTO=TCP SPT=19444 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:20:11 honeypot-ams-1 sshd[13166]: Invalid user rp1999a from 180.167.207.234 port 46029","@timestamp":"2022-09-12T17:20:11.895Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:22:04 honeypot-ams-1 kernel: [83879908.813156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.12 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58506 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:22:04.944Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:23:07 honeypot-fra-1 kernel: [83877814.109017] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.213.246 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52966 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:23:08.040Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T17:23:09.615Z","@version":"1","message":"Sep 12 17:23:09 honeypot-sgp-1 sshd[8745]: Invalid user mario from 43.154.17.218 port 53790","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:25:37.675Z","@version":"1","message":"Sep 12 17:25:37 honeypot-sgp-1 kernel: [83879648.324080] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64099 PROTO=TCP SPT=40115 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:25:50 honeypot-fra-1 sshd[3815]: Disconnected from invalid user rails 125.129.140.104 port 45997 [preauth]","@timestamp":"2022-09-12T17:25:51.105Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T17:27:55.733Z","@version":"1","message":"Sep 12 17:27:55 honeypot-sgp-1 sshd[8752]: Disconnected from authenticating user root 61.138.100.126 port 59707 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:28:15 honeypot-fra-1 sshd[3822]: Invalid user chrissie from 129.205.124.253 port 36474","@timestamp":"2022-09-12T17:28:16.162Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:28:17 honeypot-ams-1 kernel: [83880281.522438] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.181.44.193 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=33785 PROTO=TCP SPT=20525 DPT=443 WINDOW=6253 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:28:17.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:30:36 honeypot-ams-1 sshd[13177]: Received disconnect from 188.166.95.44 port 42468:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:30:37.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:30:38 honeypot-fra-1 sshd[3830]: Received disconnect from 92.255.85.70 port 16726:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:30:38.220Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:31:40 honeypot-ams-1 kernel: [83880484.786802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.41.208.63 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=32495 DF PROTO=TCP SPT=40993 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:31:41.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:31:54 honeypot-ams-1 sshd[13183]: Disconnected from authenticating user root 49.205.179.22 port 44462 [preauth]","@timestamp":"2022-09-12T17:31:55.205Z"}
{"@timestamp":"2022-09-12T17:32:38.849Z","@version":"1","message":"Sep 12 17:32:37 honeypot-sgp-1 sshd[8760]: Invalid user user from 198.98.61.9 port 43062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:01.861Z","@version":"1","message":"Sep 12 17:33:01 honeypot-sgp-1 sshd[8764]: Invalid user user from 198.98.61.9 port 39200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T17:33:20.870Z","@version":"1","message":"Sep 12 17:33:20 honeypot-sgp-1 sshd[8768]: Invalid user user from 198.98.61.9 port 35346","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:33:29 honeypot-ams-1 sshd[13190]: Received disconnect from 4.7.94.244 port 51532:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:33:30.248Z"}
{"@timestamp":"2022-09-12T17:33:39.881Z","@version":"1","message":"Sep 12 17:33:38 honeypot-sgp-1 sshd[8772]: Invalid user user from 198.98.61.9 port 59716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:34:36 honeypot-fra-1 sshd[3840]: Connection closed by 103.231.214.252 port 41798 [preauth]","@timestamp":"2022-09-12T17:34:37.311Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:35:21 honeypot-ams-1 sshd[13194]: Received disconnect from 129.226.167.18 port 34000:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:35:21.300Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:36:37 honeypot-ams-1 kernel: [83880782.275285] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=28901 DF PROTO=TCP SPT=51491 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T17:36:38.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:38:15 honeypot-ams-1 sshd[13201]: Disconnected from invalid user submartin 203.98.76.172 port 57012 [preauth]","@timestamp":"2022-09-12T17:38:16.380Z"}
{"@timestamp":"2022-09-12T17:38:35.002Z","@version":"1","message":"Sep 12 17:38:34 honeypot-sgp-1 sshd[8775]: Connection closed by invalid user User 179.60.147.69 port 24826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:40:51 honeypot-fra-1 sshd[3853]: Connection closed by 103.231.214.252 port 30440 [preauth]","@timestamp":"2022-09-12T17:40:52.454Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:41:18 honeypot-ams-1 sshd[13205]: Connection closed by invalid user User 179.60.147.69 port 61506 [preauth]","@timestamp":"2022-09-12T17:41:18.458Z"}
{"@timestamp":"2022-09-12T17:45:15.162Z","@version":"1","message":"Sep 12 17:45:14 honeypot-sgp-1 sshd[8780]: Received disconnect from 111.193.237.29 port 42128:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:45:33 honeypot-fra-1 sshd[3863]: Connection closed by 103.231.214.252 port 58293 [preauth]","@timestamp":"2022-09-12T17:45:33.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:48:11 honeypot-fra-1 sshd[3871]: Received disconnect from 103.113.104.43 port 35534:11: Bye Bye [preauth]","@timestamp":"2022-09-12T17:48:12.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:50:10 honeypot-fra-1 sshd[3877]: Connection closed by invalid user User 179.60.147.69 port 14682 [preauth]","@timestamp":"2022-09-12T17:50:10.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:51:04 honeypot-ams-1 kernel: [83881648.953143] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.190.69.47 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=49151 PROTO=TCP SPT=47506 DPT=80 WINDOW=28995 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:51:04.704Z"}
{"@timestamp":"2022-09-12T17:51:53.319Z","@version":"1","message":"Sep 12 17:51:52 honeypot-sgp-1 kernel: [83881223.952735] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=54617 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:53:31 honeypot-fra-1 kernel: [83879637.354095] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=119.235.21.10 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=64835 DF PROTO=TCP SPT=49904 DPT=5432 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:53:31.750Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T17:53:39.363Z","@version":"1","message":"Sep 12 17:53:38 honeypot-sgp-1 sshd[8791]: Disconnected from authenticating user root 109.234.156.116 port 42210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:09 honeypot-ams-1 sshd[13215]: Disconnected from invalid user user 45.61.184.204 port 48648 [preauth]","@timestamp":"2022-09-12T17:56:09.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:28 honeypot-ams-1 sshd[13219]: Disconnected from invalid user user 45.61.184.204 port 43802 [preauth]","@timestamp":"2022-09-12T17:56:29.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 17:56:29 honeypot-fra-1 sshd[3894]: Connection closed by 103.231.214.252 port 24943 [preauth]","@timestamp":"2022-09-12T17:56:30.819Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:46 honeypot-ams-1 sshd[13223]: Invalid user user from 45.61.184.204 port 38942","@timestamp":"2022-09-12T17:56:46.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 17:56:54 honeypot-ams-1 sshd[13227]: Received disconnect from 45.61.184.204 port 50626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T17:56:55.864Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 17:59:48 honeypot-ams-1 kernel: [83882172.715728] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=35182 PROTO=TCP SPT=30084 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T17:59:48.953Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:01:11 honeypot-fra-1 sshd[3901]: Connection closed by 103.231.214.252 port 63108 [preauth]","@timestamp":"2022-09-12T18:01:11.929Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:01:38.554Z","@version":"1","message":"Sep 12 18:01:38 honeypot-sgp-1 sshd[8795]: Received disconnect from 157.245.252.34 port 41498:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:02:45 honeypot-fra-1 sshd[3907]: Connection closed by 103.231.214.252 port 41942 [preauth]","@timestamp":"2022-09-12T18:02:45.968Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:04:23.622Z","@version":"1","message":"Sep 12 18:04:23 honeypot-sgp-1 sshd[8801]: Received disconnect from 45.61.184.204 port 35938:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:04:32 honeypot-ams-1 kernel: [83882456.626000] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.121.154 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=42597 PROTO=TCP SPT=45571 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:04:33.084Z"}
{"@timestamp":"2022-09-12T18:04:43.633Z","@version":"1","message":"Sep 12 18:04:42 honeypot-sgp-1 sshd[8806]: Received disconnect from 45.61.184.204 port 59278:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:00 honeypot-ams-1 sshd[13250]: Received disconnect from 188.250.234.67 port 36175:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:01.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:02 honeypot-ams-1 sshd[13256]: Received disconnect from 188.250.234.67 port 36240:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:03.099Z"}
{"@timestamp":"2022-09-12T18:05:03.643Z","@version":"1","message":"Sep 12 18:05:02 honeypot-sgp-1 sshd[8810]: Received disconnect from 45.61.184.204 port 54394:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:03 honeypot-ams-1 sshd[13262]: Received disconnect from 188.250.234.67 port 36293:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:04.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:04 honeypot-ams-1 sshd[13268]: Received disconnect from 188.250.234.67 port 36340:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:05.101Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:06 honeypot-ams-1 sshd[13274]: Received disconnect from 188.250.234.67 port 36380:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:06.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:07 honeypot-ams-1 sshd[13280]: Received disconnect from 188.250.234.67 port 36422:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:08.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:08 honeypot-ams-1 sshd[13286]: Received disconnect from 188.250.234.67 port 36455:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:09.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:09 honeypot-ams-1 sshd[13292]: Received disconnect from 188.250.234.67 port 36493:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:10.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:11 honeypot-ams-1 sshd[13298]: Received disconnect from 188.250.234.67 port 36559:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:12.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:12 honeypot-ams-1 sshd[13304]: Received disconnect from 188.250.234.67 port 36628:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:13.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:13 honeypot-ams-1 sshd[13310]: Received disconnect from 188.250.234.67 port 36672:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:14.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:15 honeypot-ams-1 sshd[13316]: Received disconnect from 188.250.234.67 port 36712:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:15.109Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:15 honeypot-ams-1 sshd[13320]: Received disconnect from 188.250.234.67 port 36736:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:16.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:16 honeypot-ams-1 sshd[13324]: Received disconnect from 188.250.234.67 port 36766:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:17.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:17 honeypot-ams-1 sshd[13328]: Received disconnect from 188.250.234.67 port 36791:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:18.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:18 honeypot-ams-1 sshd[13332]: Received disconnect from 188.250.234.67 port 36809:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:19.114Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:19 honeypot-ams-1 sshd[13336]: Received disconnect from 188.250.234.67 port 36838:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:05:20.114Z"}
{"@timestamp":"2022-09-12T18:05:20.653Z","@version":"1","message":"Sep 12 18:05:20 honeypot-sgp-1 sshd[8814]: Invalid user user from 45.61.184.204 port 49506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:20 honeypot-ams-1 sshd[13340]: Disconnected from authenticating user root 188.250.234.67 port 36859 [preauth]","@timestamp":"2022-09-12T18:05:21.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:21 honeypot-ams-1 sshd[13346]: Invalid user pi from 188.250.234.67 port 36929","@timestamp":"2022-09-12T18:05:22.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:22 honeypot-ams-1 sshd[13350]: Invalid user ethos from 188.250.234.67 port 36973","@timestamp":"2022-09-12T18:05:23.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:23 honeypot-ams-1 sshd[13355]: Invalid user miner from 188.250.234.67 port 37003","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:23 honeypot-ams-1 sshd[13359]: Invalid user volumio from 188.250.234.67 port 37028","@timestamp":"2022-09-12T18:05:24.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:24 honeypot-ams-1 sshd[13363]: Invalid user nagios from 188.250.234.67 port 37054","@timestamp":"2022-09-12T18:05:25.118Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:25 honeypot-ams-1 sshd[13367]: Invalid user vagrant from 188.250.234.67 port 37071","@timestamp":"2022-09-12T18:05:26.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:26 honeypot-ams-1 sshd[13371]: Invalid user debian from 188.250.234.67 port 37088","@timestamp":"2022-09-12T18:05:27.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:27 honeypot-ams-1 sshd[13375]: Invalid user debian from 188.250.234.67 port 37112","@timestamp":"2022-09-12T18:05:28.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:28 honeypot-ams-1 sshd[13379]: Invalid user alarm from 188.250.234.67 port 37130","@timestamp":"2022-09-12T18:05:29.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:29 honeypot-ams-1 sshd[13383]: Invalid user test from 188.250.234.67 port 37146","@timestamp":"2022-09-12T18:05:29.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:05:29 honeypot-ams-1 sshd[13387]: Invalid user cirros from 188.250.234.67 port 37163","@timestamp":"2022-09-12T18:05:30.123Z"}
{"@timestamp":"2022-09-12T18:06:14.679Z","@version":"1","message":"Sep 12 18:06:13 honeypot-sgp-1 sshd[8818]: Received disconnect from 123.22.57.119 port 53058:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:06:40 honeypot-fra-1 kernel: [83880427.015322] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=188.50.161.249 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=18008 PROTO=TCP SPT=56971 DPT=443 WINDOW=618 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:06:41.061Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:08:24 honeypot-ams-1 sshd[13390]: Disconnected from invalid user oracle 211.125.67.35 port 43416 [preauth]","@timestamp":"2022-09-12T18:08:25.215Z"}
{"@timestamp":"2022-09-12T18:08:41.744Z","@version":"1","message":"Sep 12 18:08:40 honeypot-sgp-1 kernel: [83882232.126701] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.73 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34417 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T18:10:13.784Z","@version":"1","message":"Sep 12 18:10:13 honeypot-sgp-1 kernel: [83882324.763315] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=53458 DF PROTO=TCP SPT=61481 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:11:09 honeypot-fra-1 sshd[3923]: Invalid user guest from 125.19.244.54 port 46120","@timestamp":"2022-09-12T18:11:10.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:11:39.823Z","@version":"1","message":"Sep 12 18:11:39 honeypot-sgp-1 sshd[8830]: Connection closed by invalid user User 179.60.147.69 port 59824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:11:44 honeypot-ams-1 sshd[13395]: Invalid user user from 45.61.186.169 port 56184","@timestamp":"2022-09-12T18:11:45.310Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:03 honeypot-ams-1 sshd[13399]: Invalid user user from 45.61.186.169 port 51080","@timestamp":"2022-09-12T18:12:03.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:20 honeypot-ams-1 sshd[13405]: Invalid user butter from 165.227.160.124 port 59052","@timestamp":"2022-09-12T18:12:21.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:12:29 honeypot-ams-1 sshd[13407]: Invalid user user from 45.61.186.169 port 57558","@timestamp":"2022-09-12T18:12:29.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:13:45 honeypot-fra-1 kernel: [83880851.796068] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33723 PROTO=TCP SPT=45604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:13:46.229Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:13:54 honeypot-ams-1 kernel: [83883019.081735] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=15622 PROTO=TCP SPT=53086 DPT=80 WINDOW=3206 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:13:55.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:43 honeypot-ams-1 sshd[13415]: Disconnected from invalid user user 141.255.162.226 port 53414 [preauth]","@timestamp":"2022-09-12T18:15:44.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:46 honeypot-ams-1 sshd[13419]: Disconnected from invalid user user 141.255.162.226 port 46428 [preauth]","@timestamp":"2022-09-12T18:15:46.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:49 honeypot-ams-1 sshd[13423]: Disconnected from invalid user user 141.255.162.226 port 53112 [preauth]","@timestamp":"2022-09-12T18:15:50.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:15:51 honeypot-ams-1 sshd[13427]: Disconnected from invalid user user 141.255.162.226 port 60094 [preauth]","@timestamp":"2022-09-12T18:15:52.429Z"}
{"@timestamp":"2022-09-12T18:17:01.955Z","@version":"1","message":"Sep 12 18:17:01 honeypot-sgp-1 CRON[8838]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:17:01 honeypot-fra-1 CRON[3939]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T18:17:02.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:17:48 honeypot-fra-1 sshd[3944]: Disconnected from invalid user kingfish 165.22.45.108 port 55042 [preauth]","@timestamp":"2022-09-12T18:17:48.325Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:20:24 honeypot-ams-1 sshd[13511]: Received disconnect from 200.111.119.58 port 37694:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:20:24.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:22:28 honeypot-fra-1 sshd[3955]: Received disconnect from 206.189.213.126 port 43370:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:22:29.432Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:22:31.086Z","@version":"1","message":"Sep 12 18:22:30 honeypot-sgp-1 kernel: [83883061.693254] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.32.14 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=38990 PROTO=TCP SPT=61953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:23:44 honeypot-ams-1 sshd[13515]: Received disconnect from 101.178.223.39 port 43914:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:23:45.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:24:08 honeypot-ams-1 sshd[13519]: Disconnected from 159.223.164.107 port 41224 [preauth]","@timestamp":"2022-09-12T18:24:09.646Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:25:27 honeypot-fra-1 sshd[3963]: Connection closed by authenticating user root 193.106.191.157 port 55650 [preauth]","@timestamp":"2022-09-12T18:25:28.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:27:49 honeypot-fra-1 sshd[3970]: Connection closed by 103.231.214.252 port 38819 [preauth]","@timestamp":"2022-09-12T18:27:50.561Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:27:54.216Z","@version":"1","message":"Sep 12 18:27:53 honeypot-sgp-1 sshd[8849]: Disconnected from authenticating user root 123.30.249.49 port 36907 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:28:22 honeypot-ams-1 kernel: [83883886.630151] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.50.161.249 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=14576 PROTO=TCP SPT=54155 DPT=80 WINDOW=27138 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:28:22.760Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:29:24 honeypot-fra-1 sshd[3974]: Disconnected from invalid user admin 180.168.2.154 port 56324 [preauth]","@timestamp":"2022-09-12T18:29:24.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T18:30:31.281Z","@version":"1","message":"Sep 12 18:30:31 honeypot-sgp-1 sshd[8853]: Disconnected from invalid user iris 103.233.0.58 port 42670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:33:22 honeypot-fra-1 sshd[3985]: Received disconnect from 154.86.27.92 port 53068:11: Bye Bye [preauth]","@timestamp":"2022-09-12T18:33:23.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:35:39 honeypot-fra-1 sshd[3991]: Connection closed by 103.231.214.252 port 46165 [preauth]","@timestamp":"2022-09-12T18:35:39.742Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:35:41 honeypot-ams-1 kernel: [83884325.626729] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.180.105.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=38005 PROTO=TCP SPT=17337 DPT=80 WINDOW=4321 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:35:41.946Z"}
{"@timestamp":"2022-09-12T18:37:52.476Z","@version":"1","message":"Sep 12 18:37:51 honeypot-sgp-1 sshd[8859]: Disconnected from authenticating user root 92.255.85.70 port 42076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:41:56 honeypot-fra-1 sshd[4002]: Connection closed by 103.231.214.252 port 42902 [preauth]","@timestamp":"2022-09-12T18:41:56.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 18:47:37 honeypot-ams-1 sshd[13532]: Invalid user User from 179.60.147.69 port 8516","@timestamp":"2022-09-12T18:47:38.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:49:46 honeypot-fra-1 sshd[4013]: Connection closed by 103.231.214.252 port 51914 [preauth]","@timestamp":"2022-09-12T18:49:47.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:52:56 honeypot-fra-1 sshd[4020]: Disconnected from invalid user kira 165.22.45.108 port 59838 [preauth]","@timestamp":"2022-09-12T18:52:57.141Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 18:55:59 honeypot-ams-1 kernel: [83885544.373775] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.6.93.108 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=39908 PROTO=TCP SPT=62048 DPT=443 WINDOW=42695 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T18:56:00.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 18:59:11 honeypot-fra-1 sshd[4031]: Connection closed by 103.231.214.252 port 54551 [preauth]","@timestamp":"2022-09-12T18:59:11.281Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:01:17.029Z","@version":"1","message":"Sep 12 19:01:16 honeypot-sgp-1 sshd[8866]: Disconnected from authenticating user root 92.255.85.70 port 16848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:03:07 honeypot-fra-1 sshd[4038]: Disconnected from invalid user oracle 88.142.46.185 port 35976 [preauth]","@timestamp":"2022-09-12T19:03:08.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:06:25.154Z","@version":"1","message":"Sep 12 19:06:25 honeypot-sgp-1 sshd[8871]: Received disconnect from 146.59.45.211 port 44454:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:06:51 honeypot-ams-1 sshd[13540]: Received disconnect from 115.68.248.184 port 37154:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:06:51.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:07:01 honeypot-fra-1 sshd[4046]: Connection closed by 103.231.214.252 port 31392 [preauth]","@timestamp":"2022-09-12T19:07:01.462Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:08:09.197Z","@version":"1","message":"Sep 12 19:08:09 honeypot-sgp-1 sshd[8875]: Invalid user monitor from 165.227.204.174 port 49056","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:09:30 honeypot-fra-1 sshd[4053]: Disconnected from invalid user ws 43.128.188.237 port 41580 [preauth]","@timestamp":"2022-09-12T19:09:30.520Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:09:50.239Z","@version":"1","message":"Sep 12 19:09:50 honeypot-sgp-1 sshd[8879]: Received disconnect from 104.248.199.34 port 50100:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:10:39 honeypot-ams-1 sshd[13544]: Received disconnect from 68.183.25.156 port 44868:11: Bye Bye [preauth]","@timestamp":"2022-09-12T19:10:39.853Z"}
{"@timestamp":"2022-09-12T19:11:17.275Z","@version":"1","message":"Sep 12 19:11:16 honeypot-sgp-1 sshd[8883]: Disconnected from authenticating user root 118.70.170.120 port 52268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:13:15 honeypot-fra-1 sshd[4061]: Disconnected from authenticating user root 190.85.108.189 port 51072 [preauth]","@timestamp":"2022-09-12T19:13:15.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:16:20 honeypot-fra-1 sshd[4070]: Invalid user user1 from 103.188.176.251 port 56238","@timestamp":"2022-09-12T19:16:21.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:17:01 honeypot-ams-1 CRON[13551]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T19:17:02.016Z"}
{"@timestamp":"2022-09-12T19:17:02.414Z","@version":"1","message":"Sep 12 19:17:01 honeypot-sgp-1 CRON[8889]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:18:32 honeypot-fra-1 sshd[4079]: Invalid user user from 193.106.191.157 port 33208","@timestamp":"2022-09-12T19:18:32.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:19:54.485Z","@version":"1","message":"Sep 12 19:19:53 honeypot-sgp-1 sshd[8899]: Invalid user User from 179.60.147.69 port 14176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:21:07 honeypot-fra-1 sshd[4086]: Connection closed by 103.231.214.252 port 24272 [preauth]","@timestamp":"2022-09-12T19:21:07.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:24:39.602Z","@version":"1","message":"Sep 12 19:24:39 honeypot-sgp-1 sshd[8913]: Received disconnect from 92.255.85.69 port 22116:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:25:00 honeypot-ams-1 sshd[13557]: Connection closed by invalid user guest 27.72.41.166 port 26728 [preauth]","@timestamp":"2022-09-12T19:25:01.225Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:26:29 honeypot-fra-1 sshd[4095]: Invalid user scan from 91.240.118.222 port 7584","@timestamp":"2022-09-12T19:26:29.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:27:43 honeypot-fra-1 sshd[4099]: Disconnected from authenticating user root 92.255.85.69 port 49790 [preauth]","@timestamp":"2022-09-12T19:27:43.943Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:31:32 honeypot-ams-1 kernel: [83887677.245283] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=45004 PROTO=TCP SPT=50582 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:31:33.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:32:05 honeypot-fra-1 sshd[4108]: Connection closed by 103.231.214.252 port 13182 [preauth]","@timestamp":"2022-09-12T19:32:06.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:36:48 honeypot-fra-1 sshd[4116]: Connection closed by 103.231.214.252 port 10444 [preauth]","@timestamp":"2022-09-12T19:36:49.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:39:40.946Z","@version":"1","message":"Sep 12 19:39:40 honeypot-sgp-1 sshd[8924]: Invalid user user1 from 103.188.176.251 port 36900","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:43:04 honeypot-fra-1 sshd[4127]: Connection closed by 103.231.214.252 port 45081 [preauth]","@timestamp":"2022-09-12T19:43:05.295Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:43:24.036Z","@version":"1","message":"Sep 12 19:43:23 honeypot-sgp-1 sshd[8926]: Bad protocol version identification 'GET / HTTP/1.1' from 143.244.187.127 port 47578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:47:46 honeypot-fra-1 sshd[4216]: Connection closed by 103.231.214.252 port 12233 [preauth]","@timestamp":"2022-09-12T19:47:47.404Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:48:51 honeypot-ams-1 kernel: [83888716.244301] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=6892 DF PROTO=TCP SPT=61289 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T19:48:51.851Z"}
{"@timestamp":"2022-09-12T19:49:03.171Z","@version":"1","message":"Sep 12 19:49:03 honeypot-sgp-1 sshd[8934]: Invalid user nitish from 156.67.219.143 port 41832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 19:52:19 honeypot-ams-1 kernel: [83888924.193180] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.142 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=15630 PROTO=TCP SPT=3792 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T19:52:19.944Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:52:28 honeypot-fra-1 sshd[4225]: Connection closed by 103.231.214.252 port 43980 [preauth]","@timestamp":"2022-09-12T19:52:29.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:54:02 honeypot-fra-1 sshd[4229]: Connection closed by 103.231.214.252 port 22813 [preauth]","@timestamp":"2022-09-12T19:54:02.552Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T19:55:10.316Z","@version":"1","message":"Sep 12 19:55:09 honeypot-sgp-1 sshd[8937]: Disconnected from invalid user vf 72.167.55.58 port 35426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T19:56:32.351Z","@version":"1","message":"Sep 12 19:56:31 honeypot-sgp-1 sshd[8943]: Connection closed by invalid user User 179.60.147.69 port 60266 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 19:59:04 honeypot-ams-1 sshd[13576]: Invalid user rc from 161.97.81.82 port 34072","@timestamp":"2022-09-12T19:59:05.121Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:15 honeypot-fra-1 sshd[4239]: Invalid user user from 141.255.162.226 port 51564","@timestamp":"2022-09-12T19:59:15.674Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:16 honeypot-fra-1 sshd[4243]: Invalid user user from 141.255.162.226 port 43984","@timestamp":"2022-09-12T19:59:17.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 19:59:20 honeypot-fra-1 sshd[4247]: Invalid user user from 141.255.162.226 port 57768","@timestamp":"2022-09-12T19:59:21.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:00:18 honeypot-fra-1 sshd[4251]: Connection closed by 103.231.214.252 port 21244 [preauth]","@timestamp":"2022-09-12T20:00:18.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:01:53 honeypot-ams-1 kernel: [83889498.143497] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39954 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:01:54.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:02:15 honeypot-ams-1 sshd[13583]: Disconnected from invalid user enganga 89.236.239.25 port 56748 [preauth]","@timestamp":"2022-09-12T20:02:15.208Z"}
{"@timestamp":"2022-09-12T20:03:33.517Z","@version":"1","message":"Sep 12 20:03:33 honeypot-sgp-1 sshd[8948]: Disconnected from authenticating user root 207.138.39.234 port 41444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:04:27 honeypot-fra-1 kernel: [83887493.552070] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.221.192.27 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=3805 PROTO=TCP SPT=33839 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:04:27.794Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T20:06:57.601Z","@version":"1","message":"Sep 12 20:06:57 honeypot-sgp-1 sshd[8954]: Disconnected from authenticating user root 176.215.237.117 port 49278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:09:25 honeypot-fra-1 sshd[4269]: Invalid user User from 179.60.147.69 port 45448","@timestamp":"2022-09-12T20:09:25.910Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:10:23 honeypot-ams-1 kernel: [83890008.383920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=12905 PROTO=TCP SPT=63536 DPT=80 WINDOW=8136 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:10:24.463Z"}
{"@timestamp":"2022-09-12T20:10:36.691Z","@version":"1","message":"Sep 12 20:10:35 honeypot-sgp-1 sshd[8961]: Disconnected from authenticating user root 157.230.245.64 port 46284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:12:07 honeypot-fra-1 sshd[4275]: Received disconnect from 92.255.85.70 port 41000:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:12:07.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:17:01.847Z","@version":"1","message":"Sep 12 20:17:01 honeypot-sgp-1 CRON[8966]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:17:01 honeypot-fra-1 CRON[4284]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T20:17:02.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:17:37 honeypot-ams-1 sshd[13593]: Invalid user kf from 210.196.250.246 port 46270","@timestamp":"2022-09-12T20:17:37.651Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:19:15 honeypot-fra-1 sshd[4292]: Disconnected from invalid user osvaldo 190.226.244.9 port 41548 [preauth]","@timestamp":"2022-09-12T20:19:16.140Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:19:58 honeypot-ams-1 sshd[13597]: Disconnected from invalid user kf 45.249.247.148 port 53716 [preauth]","@timestamp":"2022-09-12T20:19:58.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:23:48 honeypot-fra-1 sshd[4301]: Connection closed by 103.231.214.252 port 35042 [preauth]","@timestamp":"2022-09-12T20:23:49.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:27:03 honeypot-fra-1 sshd[4310]: Received disconnect from 190.18.110.53 port 36758:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:27:04.320Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:30:53.170Z","@version":"1","message":"Sep 12 20:30:52 honeypot-sgp-1 sshd[8972]: Disconnected from invalid user test 159.65.188.65 port 51950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:31:38 honeypot-fra-1 sshd[4320]: Connection closed by 103.231.214.252 port 22264 [preauth]","@timestamp":"2022-09-12T20:31:39.428Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:32:12.205Z","@version":"1","message":"Sep 12 20:32:11 honeypot-sgp-1 sshd[8978]: Invalid user User from 179.60.147.69 port 7060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:32.213Z","@version":"1","message":"Sep 12 20:32:31 honeypot-sgp-1 sshd[8983]: Received disconnect from 141.255.162.226 port 40804:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:34.215Z","@version":"1","message":"Sep 12 20:32:33 honeypot-sgp-1 sshd[8987]: Received disconnect from 141.255.162.226 port 34612:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:32:37.217Z","@version":"1","message":"Sep 12 20:32:36 honeypot-sgp-1 sshd[8991]: Received disconnect from 141.255.162.226 port 37378:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:33:07.254Z","@version":"1","message":"Sep 12 20:33:06 honeypot-sgp-1 sshd[8995]: Received disconnect from 139.59.233.124 port 37042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:33:17 honeypot-ams-1 sshd[13603]: Invalid user test from 144.24.214.117 port 44452","@timestamp":"2022-09-12T20:33:18.069Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:34:46 honeypot-fra-1 sshd[4328]: Connection closed by 103.231.214.252 port 34932 [preauth]","@timestamp":"2022-09-12T20:34:47.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:34:58 honeypot-ams-1 sshd[13608]: Connection closed by invalid user User 179.60.147.69 port 65434 [preauth]","@timestamp":"2022-09-12T20:34:59.114Z"}
{"@timestamp":"2022-09-12T20:36:14.330Z","@version":"1","message":"Sep 12 20:36:13 honeypot-sgp-1 sshd[9000]: Invalid user wasadrc from 165.227.25.154 port 56536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:37:54 honeypot-fra-1 sshd[4337]: Connection closed by 103.231.214.252 port 51171 [preauth]","@timestamp":"2022-09-12T20:37:55.577Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:38:29 honeypot-ams-1 sshd[13612]: Disconnected from invalid user edsalse1 78.135.105.203 port 35602 [preauth]","@timestamp":"2022-09-12T20:38:30.205Z"}
{"@timestamp":"2022-09-12T20:38:34.388Z","@version":"1","message":"Sep 12 20:38:33 honeypot-sgp-1 sshd[9004]: Did not receive identification string from 141.255.162.226 port 54606","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:38:56.398Z","@version":"1","message":"Sep 12 20:38:55 honeypot-sgp-1 sshd[9007]: Disconnected from invalid user user 141.255.162.226 port 36546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T20:39:00.401Z","@version":"1","message":"Sep 12 20:38:59 honeypot-sgp-1 sshd[9011]: Disconnected from invalid user user 141.255.162.226 port 50036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:39:54 honeypot-ams-1 sshd[13617]: Disconnected from invalid user salomao 200.60.92.170 port 50686 [preauth]","@timestamp":"2022-09-12T20:39:55.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:40:54 honeypot-fra-1 sshd[4341]: Received disconnect from 165.22.45.108 port 46072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T20:40:54.646Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:42:41 honeypot-ams-1 sshd[13623]: Connection closed by invalid user support 193.106.191.157 port 50752 [preauth]","@timestamp":"2022-09-12T20:42:42.318Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:44:11 honeypot-fra-1 sshd[4350]: Connection closed by 103.231.214.252 port 48202 [preauth]","@timestamp":"2022-09-12T20:44:11.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:48:51 honeypot-fra-1 sshd[4360]: Received disconnect from 36.91.38.31 port 39694:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:48:51.829Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T20:51:15.683Z","@version":"1","message":"Sep 12 20:51:14 honeypot-sgp-1 sshd[9018]: Received disconnect from 89.190.84.6 port 59718:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:53:24 honeypot-fra-1 kernel: [83890430.006849] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.126.12.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7693 PROTO=TCP SPT=55981 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:53:24.934Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:54:36 honeypot-ams-1 sshd[13631]: Invalid user by from 157.230.234.93 port 40462","@timestamp":"2022-09-12T20:54:37.621Z"}
{"@timestamp":"2022-09-12T20:55:44.791Z","@version":"1","message":"Sep 12 20:55:43 honeypot-sgp-1 kernel: [83892254.929424] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=50417 DF PROTO=TCP SPT=53502 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:56:36 honeypot-fra-1 kernel: [83890621.941321] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=120.48.14.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=35356 PROTO=TCP SPT=48925 DPT=80 WINDOW=41989 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:56:37.010Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:57:05 honeypot-ams-1 sshd[13635]: Received disconnect from 202.53.175.36 port 32964:11: Bye Bye [preauth]","@timestamp":"2022-09-12T20:57:05.685Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:57:59 honeypot-ams-1 kernel: [83892863.623114] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.5.105.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=3776 PROTO=TCP SPT=7045 DPT=80 WINDOW=41617 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:57:59.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 20:58:27 honeypot-ams-1 sshd[13645]: Disconnected from authenticating user root 193.142.146.50 port 55226 [preauth]","@timestamp":"2022-09-12T20:58:27.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 20:58:38 honeypot-fra-1 kernel: [83890744.191638] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=65366 DF PROTO=TCP SPT=52462 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:58:39.061Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 20:58:54 honeypot-ams-1 kernel: [83892919.282129] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.33.220.45 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=24916 PROTO=TCP SPT=9481 DPT=80 WINDOW=30289 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T20:58:55.740Z"}
{"@timestamp":"2022-09-12T20:59:10.876Z","@version":"1","message":"Sep 12 20:59:10 honeypot-sgp-1 sshd[9023]: Received disconnect from 161.35.125.167 port 39060:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:06 honeypot-ams-1 sshd[13655]: Disconnected from authenticating user root 193.142.146.50 port 55818 [preauth]","@timestamp":"2022-09-12T21:00:07.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:00:29 honeypot-fra-1 sshd[4384]: Connection closed by 103.231.214.252 port 27282 [preauth]","@timestamp":"2022-09-12T21:00:30.106Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:00:53 honeypot-ams-1 sshd[13661]: Received disconnect from 193.142.146.50 port 39234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:00:53.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:01:41 honeypot-ams-1 sshd[13665]: Disconnected from invalid user testuser 193.142.146.50 port 56404 [preauth]","@timestamp":"2022-09-12T21:01:41.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:12 honeypot-ams-1 sshd[13669]: Disconnected from invalid user ubuntu 193.142.146.50 port 45348 [preauth]","@timestamp":"2022-09-12T21:02:12.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:02:43 honeypot-ams-1 sshd[13674]: Disconnected from invalid user ubuntu 193.142.146.50 port 34292 [preauth]","@timestamp":"2022-09-12T21:02:44.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:03:45 honeypot-ams-1 sshd[13680]: Received disconnect from 193.142.146.50 port 45940:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:03:45.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:04:18 honeypot-ams-1 sshd[13684]: Disconnected from authenticating user root 193.142.146.50 port 34884 [preauth]","@timestamp":"2022-09-12T21:04:18.900Z"}
{"@timestamp":"2022-09-12T21:04:23.998Z","@version":"1","message":"Sep 12 21:04:23 honeypot-sgp-1 sshd[9027]: Disconnected from invalid user packer 52.172.46.214 port 39722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:04:42 honeypot-ams-1 kernel: [83893267.214888] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=1829 DF PROTO=TCP SPT=42004 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:04:42.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:05:29 honeypot-ams-1 sshd[13690]: Disconnected from authenticating user root 62.204.41.222 port 50431 [preauth]","@timestamp":"2022-09-12T21:05:29.936Z"}
{"@timestamp":"2022-09-12T21:06:58.060Z","@version":"1","message":"Sep 12 21:06:57 honeypot-sgp-1 kernel: [83892928.439645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.230.22.132 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=7781 PROTO=TCP SPT=38581 DPT=80 WINDOW=62429 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:07:46 honeypot-fra-1 sshd[4395]: Invalid user bi from 150.136.65.184 port 40478","@timestamp":"2022-09-12T21:07:47.291Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:08:22 honeypot-ams-1 sshd[13696]: Connection closed by invalid user User 179.60.147.69 port 65362 [preauth]","@timestamp":"2022-09-12T21:08:23.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:10:43 honeypot-fra-1 sshd[4402]: Disconnected from 143.110.236.239 port 36360 [preauth]","@timestamp":"2022-09-12T21:10:44.360Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:11:28.164Z","@version":"1","message":"Sep 12 21:11:28 honeypot-sgp-1 kernel: [83893199.115414] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=119.91.113.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56292 PROTO=TCP SPT=43359 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:17:01 honeypot-fra-1 CRON[4413]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T21:17:01.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:19:57 honeypot-fra-1 sshd[4422]: Invalid user kitty from 165.22.45.108 port 50972","@timestamp":"2022-09-12T21:19:57.574Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:21:52.405Z","@version":"1","message":"Sep 12 21:21:51 honeypot-sgp-1 kernel: [83893823.009473] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.162 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=34045 PROTO=TCP SPT=36474 DPT=3389 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:11 honeypot-ams-1 sshd[13705]: Did not receive identification string from 45.61.186.169 port 59632","@timestamp":"2022-09-12T21:22:11.372Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:22:25 honeypot-fra-1 sshd[4430]: Connection closed by 103.231.214.252 port 57704 [preauth]","@timestamp":"2022-09-12T21:22:26.633Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:28 honeypot-ams-1 sshd[13708]: Disconnected from invalid user user 45.61.186.169 port 57978 [preauth]","@timestamp":"2022-09-12T21:22:29.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:22:46 honeypot-ams-1 sshd[13712]: Disconnected from invalid user user 45.61.186.169 port 52320 [preauth]","@timestamp":"2022-09-12T21:22:47.393Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:03 honeypot-ams-1 sshd[13716]: Disconnected from invalid user user 45.61.186.169 port 46628 [preauth]","@timestamp":"2022-09-12T21:23:04.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:23:17 honeypot-ams-1 sshd[13721]: Received disconnect from 202.74.243.26 port 12541:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:23:17.408Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:30:16 honeypot-fra-1 sshd[4441]: Connection closed by 103.231.214.252 port 21671 [preauth]","@timestamp":"2022-09-12T21:30:16.811Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:30:55 honeypot-ams-1 kernel: [83894840.075121] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=4343 DF PROTO=TCP SPT=58088 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T21:30:56.600Z"}
{"@timestamp":"2022-09-12T21:38:39.789Z","@version":"1","message":"Sep 12 21:38:39 honeypot-sgp-1 sshd[9047]: Invalid user User from 179.60.147.69 port 13570","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:39:40 honeypot-fra-1 sshd[4456]: Connection closed by 103.231.214.252 port 58780 [preauth]","@timestamp":"2022-09-12T21:39:41.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:41:24 honeypot-ams-1 sshd[13728]: Invalid user User from 179.60.147.69 port 47440","@timestamp":"2022-09-12T21:41:24.869Z"}
{"@timestamp":"2022-09-12T21:42:19.876Z","@version":"1","message":"Sep 12 21:42:18 honeypot-sgp-1 sshd[9050]: Disconnected from invalid user user 198.98.61.9 port 42524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:37.885Z","@version":"1","message":"Sep 12 21:42:37 honeypot-sgp-1 kernel: [83895068.229039] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=144.126.130.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5569 PROTO=TCP SPT=58829 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:45.888Z","@version":"1","message":"Sep 12 21:42:45 honeypot-sgp-1 sshd[9059]: Disconnected from invalid user user 198.98.61.9 port 47852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T21:42:59.895Z","@version":"1","message":"Sep 12 21:42:59 honeypot-sgp-1 sshd[9063]: Disconnected from invalid user user 198.98.61.9 port 41982 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:43:02 honeypot-ams-1 sshd[13732]: Connection closed by invalid user guest 182.70.125.202 port 39092 [preauth]","@timestamp":"2022-09-12T21:43:02.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:46:08 honeypot-ams-1 sshd[13736]: Disconnected from invalid user ybb 77.173.61.93 port 35726 [preauth]","@timestamp":"2022-09-12T21:46:08.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:47:24 honeypot-ams-1 sshd[13741]: Disconnected from authenticating user root 212.205.99.56 port 40286 [preauth]","@timestamp":"2022-09-12T21:47:25.030Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:50:15 honeypot-fra-1 sshd[4463]: Connection closed by invalid user User 179.60.147.69 port 37292 [preauth]","@timestamp":"2022-09-12T21:50:16.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T21:51:45.122Z","@version":"1","message":"Sep 12 21:51:44 honeypot-sgp-1 sshd[9070]: Invalid user sulo from 115.68.219.249 port 36936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:54:53 honeypot-ams-1 sshd[13746]: Received disconnect from 159.223.172.195 port 37068:11: Bye Bye [preauth]","@timestamp":"2022-09-12T21:54:53.224Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 21:56:47 honeypot-ams-1 kernel: [83896391.821596] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.112.176 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=6529 DF PROTO=TCP SPT=50600 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:56:48.307Z"}
{"@timestamp":"2022-09-12T21:57:31.255Z","@version":"1","message":"Sep 12 21:57:30 honeypot-sgp-1 sshd[9150]: Connection closed by invalid user admin 121.154.34.24 port 33020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:57:35 honeypot-fra-1 kernel: [83894281.112834] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.209.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=7950 PROTO=TCP SPT=29447 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T21:57:36.440Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 21:59:25 honeypot-ams-1 sshd[13755]: Invalid user test from 193.106.191.157 port 58202","@timestamp":"2022-09-12T21:59:25.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:31 honeypot-fra-1 sshd[4472]: Received disconnect from 45.61.186.169 port 58210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:59:32.485Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 21:59:49 honeypot-fra-1 sshd[4478]: Received disconnect from 45.61.186.169 port 54070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T21:59:50.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:08 honeypot-fra-1 sshd[4482]: Invalid user user from 45.61.186.169 port 49950","@timestamp":"2022-09-12T22:00:08.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:00:23 honeypot-fra-1 sshd[4486]: Invalid user kiwi from 165.22.45.108 port 55890","@timestamp":"2022-09-12T22:00:23.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:05:17.437Z","@version":"1","message":"Sep 12 22:05:17 honeypot-sgp-1 sshd[9157]: Connection closed by 167.94.138.45 port 56366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:06:06 honeypot-fra-1 kernel: [83894792.197233] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.82.70.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=51623 PROTO=TCP SPT=60000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:06:06.637Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:07:22 honeypot-ams-1 sshd[13760]: Connection closed by invalid user pi 96.3.36.65 port 53554 [preauth]","@timestamp":"2022-09-12T22:07:22.578Z"}
{"@timestamp":"2022-09-12T22:08:28.513Z","@version":"1","message":"Sep 12 22:08:28 honeypot-sgp-1 kernel: [83896619.224671] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45065 PROTO=TCP SPT=40018 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:08:45 honeypot-fra-1 sshd[4495]: Received disconnect from 111.67.197.106 port 33688:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:08:45.697Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:09:33 honeypot-ams-1 sshd[13765]: Disconnected from authenticating user root 167.71.216.161 port 55196 [preauth]","@timestamp":"2022-09-12T22:09:33.639Z"}
{"@timestamp":"2022-09-12T22:11:46.595Z","@version":"1","message":"Sep 12 22:11:45 honeypot-sgp-1 sshd[9166]: Connection closed by invalid user User 179.60.147.69 port 56446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:04 honeypot-fra-1 sshd[4501]: Invalid user user from 141.255.162.226 port 51088","@timestamp":"2022-09-12T22:12:04.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:06 honeypot-fra-1 sshd[4505]: Invalid user user from 141.255.162.226 port 43070","@timestamp":"2022-09-12T22:12:06.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:09 honeypot-fra-1 sshd[4509]: Invalid user user from 141.255.162.226 port 56518","@timestamp":"2022-09-12T22:12:09.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:12:12 honeypot-fra-1 sshd[4513]: Invalid user user from 141.255.162.226 port 36314","@timestamp":"2022-09-12T22:12:12.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:12:45 honeypot-ams-1 kernel: [83897350.205645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=61099 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:12:46.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:17:01 honeypot-ams-1 CRON[13776]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-12T22:17:01.857Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:17:01 honeypot-fra-1 CRON[4518]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T22:17:01.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-12T22:19:59.787Z","@version":"1","message":"Sep 12 22:19:58 honeypot-sgp-1 sshd[9174]: Invalid user user from 198.98.61.9 port 60888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:16.796Z","@version":"1","message":"Sep 12 22:20:16 honeypot-sgp-1 sshd[9179]: Invalid user user from 198.98.61.9 port 55062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:33.804Z","@version":"1","message":"Sep 12 22:20:33 honeypot-sgp-1 sshd[9184]: Invalid user user from 198.98.61.9 port 49224","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:20:49.812Z","@version":"1","message":"Sep 12 22:20:49 honeypot-sgp-1 sshd[9188]: Invalid user user from 198.98.61.9 port 43396","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:27:42 honeypot-fra-1 kernel: [83896087.960049] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=40990 PROTO=TCP SPT=58317 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:27:43.125Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:28:29 honeypot-ams-1 sshd[13787]: Received disconnect from 61.177.172.108 port 56042:11:  [preauth]","@timestamp":"2022-09-12T22:28:30.160Z"}
{"@timestamp":"2022-09-12T22:29:20.013Z","@version":"1","message":"Sep 12 22:29:19 honeypot-sgp-1 sshd[9192]: Disconnected from authenticating user root 92.255.85.70 port 24304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:35:42 honeypot-ams-1 sshd[13796]: Invalid user webster from 179.157.7.171 port 47320","@timestamp":"2022-09-12T22:35:42.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:21 honeypot-ams-1 sshd[13803]: Received disconnect from 2.139.220.58 port 58358:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:36:22.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:39 honeypot-ams-1 sshd[13805]: Received disconnect from 45.61.186.249 port 47132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:36:40.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:36:59 honeypot-ams-1 sshd[13809]: Received disconnect from 45.61.186.249 port 42162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:36:59.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:17 honeypot-ams-1 sshd[13813]: Received disconnect from 45.61.186.249 port 37196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:37:17.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:37:33 honeypot-ams-1 sshd[13817]: Received disconnect from 45.61.186.249 port 60462:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T22:37:34.404Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 22:38:31 honeypot-ams-1 kernel: [83898895.336242] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=33193 PROTO=TCP SPT=40612 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:38:31.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:38:36 honeypot-fra-1 sshd[4533]: Received disconnect from 180.69.254.177 port 52315:11: Bye Bye [preauth]","@timestamp":"2022-09-12T22:38:37.366Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:03 honeypot-ams-1 sshd[13824]: Disconnected from invalid user user 45.61.186.169 port 43264 [preauth]","@timestamp":"2022-09-12T22:39:04.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:21 honeypot-ams-1 sshd[13828]: Disconnected from invalid user user 45.61.186.169 port 38212 [preauth]","@timestamp":"2022-09-12T22:39:22.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:39:39 honeypot-ams-1 sshd[13832]: Disconnected from invalid user user 45.61.186.169 port 33176 [preauth]","@timestamp":"2022-09-12T22:39:39.467Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:40:57 honeypot-ams-1 sshd[13839]: Invalid user wxw from 157.230.45.177 port 43138","@timestamp":"2022-09-12T22:40:58.504Z"}
{"@timestamp":"2022-09-12T22:41:29.295Z","@version":"1","message":"Sep 12 22:41:28 honeypot-sgp-1 kernel: [83898599.399639] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=10264 DF PROTO=TCP SPT=61771 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:41:33 honeypot-ams-1 sshd[13843]: Invalid user nf from 40.114.69.14 port 56404","@timestamp":"2022-09-12T22:41:33.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:42:50 honeypot-ams-1 sshd[13845]: Disconnected from invalid user fk 189.46.157.37 port 47468 [preauth]","@timestamp":"2022-09-12T22:42:50.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:45:17 honeypot-fra-1 kernel: [83897142.723538] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=35412 PROTO=TCP SPT=40018 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T22:45:17.516Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:47:38 honeypot-ams-1 sshd[13854]: Invalid user User from 179.60.147.69 port 21638","@timestamp":"2022-09-12T22:47:39.680Z"}
{"@timestamp":"2022-09-12T22:52:36.555Z","@version":"1","message":"Sep 12 22:52:36 honeypot-sgp-1 sshd[9203]: Received disconnect from 92.255.85.70 port 52256:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-12T22:55:27.624Z","@version":"1","message":"Sep 12 22:55:27 honeypot-sgp-1 kernel: [83899438.519343] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=29496 PROTO=TCP SPT=43901 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 22:56:27 honeypot-fra-1 sshd[4543]: Invalid user User from 179.60.147.69 port 10124","@timestamp":"2022-09-12T22:56:28.767Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 22:58:00 honeypot-ams-1 sshd[13861]: Disconnected from authenticating user root 92.255.85.70 port 46408 [preauth]","@timestamp":"2022-09-12T22:58:00.958Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:04:10 honeypot-ams-1 kernel: [83900434.909599] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=519 PROTO=TCP SPT=41728 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:04:11.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:25 honeypot-ams-1 sshd[13870]: Disconnected from invalid user user 141.255.162.226 port 57860 [preauth]","@timestamp":"2022-09-12T23:04:26.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:29 honeypot-ams-1 sshd[13874]: Disconnected from invalid user user 141.255.162.226 port 56414 [preauth]","@timestamp":"2022-09-12T23:04:30.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:04:33 honeypot-ams-1 sshd[13878]: Disconnected from invalid user user 141.255.162.226 port 41582 [preauth]","@timestamp":"2022-09-12T23:04:34.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:06:32 honeypot-fra-1 sshd[4548]: Invalid user Admin from 193.106.191.157 port 51318","@timestamp":"2022-09-12T23:06:32.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:07:10 honeypot-ams-1 kernel: [83900615.229337] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=105.72.35.24 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=61257 DF PROTO=TCP SPT=14341 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:07:11.199Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4557]: Invalid user ftpuser from 114.116.221.4 port 58520","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:03 honeypot-fra-1 sshd[4557]: Connection closed by invalid user ftpuser 114.116.221.4 port 58520 [preauth]","@timestamp":"2022-09-12T23:09:04.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:09:14 honeypot-fra-1 sshd[4575]: Invalid user oracle from 114.116.221.4 port 58474","@timestamp":"2022-09-12T23:09:15.057Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:14:46 honeypot-fra-1 sshd[4582]: Invalid user ftpuser from 177.37.164.118 port 42629","@timestamp":"2022-09-12T23:14:46.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:06 honeypot-ams-1 sshd[13893]: Received disconnect from 61.177.172.104 port 29633:11:  [preauth]","@timestamp":"2022-09-12T23:15:07.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:33 honeypot-ams-1 sshd[13897]: Received disconnect from 45.61.184.204 port 42800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:15:33.417Z"}
{"@timestamp":"2022-09-12T23:15:40.103Z","@version":"1","message":"Sep 12 23:15:39 honeypot-sgp-1 sshd[9212]: Disconnected from authenticating user root 92.255.85.70 port 20058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:15:54 honeypot-ams-1 sshd[13901]: Received disconnect from 45.61.184.204 port 40324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:15:55.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:16:14 honeypot-ams-1 sshd[13905]: Received disconnect from 45.61.184.204 port 37872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:16:14.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:17:01 honeypot-ams-1 CRON[13909]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-12T23:17:02.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:17:15 honeypot-fra-1 kernel: [83899061.332311] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.208.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=35123 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:17:16.238Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T23:20:18.214Z","@version":"1","message":"Sep 12 23:20:17 honeypot-sgp-1 sshd[9219]: Received disconnect from 139.59.28.53 port 40444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:20:54 honeypot-fra-1 sshd[4590]: Disconnected from invalid user klaudiu 165.22.45.108 port 38812 [preauth]","@timestamp":"2022-09-12T23:20:55.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:22:24 honeypot-ams-1 kernel: [83901528.865512] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55949 PROTO=TCP SPT=25657 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:22:24.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:24:10 honeypot-ams-1 sshd[13923]: Connection closed by invalid user Admin 193.106.191.157 port 49850 [preauth]","@timestamp":"2022-09-12T23:24:11.657Z"}
{"@timestamp":"2022-09-12T23:26:29.360Z","@version":"1","message":"Sep 12 23:26:29 honeypot-sgp-1 kernel: [83901299.919640] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=55562 PROTO=TCP SPT=45123 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:27:00 honeypot-fra-1 sshd[4593]: Invalid user ubnt from 179.60.147.69 port 16648","@timestamp":"2022-09-12T23:27:00.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:28:52 honeypot-fra-1 sshd[4597]: Connection closed by invalid user Admin 193.106.191.157 port 51386 [preauth]","@timestamp":"2022-09-12T23:28:53.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:29:43 honeypot-ams-1 sshd[13931]: Received disconnect from 61.177.172.108 port 40354:11:  [preauth]","@timestamp":"2022-09-12T23:29:43.801Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:31:03 honeypot-ams-1 kernel: [83902047.590308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26385 PROTO=TCP SPT=45133 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:31:03.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:33:46 honeypot-fra-1 sshd[4602]: Invalid user cele from 167.114.67.95 port 41402","@timestamp":"2022-09-12T23:33:46.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:37:54 honeypot-fra-1 kernel: [83900300.177220] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54254 PROTO=TCP SPT=18515 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:37:55.715Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:40:29 honeypot-ams-1 sshd[13947]: Disconnected from authenticating user root 61.177.172.104 port 43628 [preauth]","@timestamp":"2022-09-12T23:40:30.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:41:01 honeypot-fra-1 sshd[4611]: Disconnected from invalid user default 88.142.46.185 port 34786 [preauth]","@timestamp":"2022-09-12T23:41:01.784Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:30 honeypot-ams-1 sshd[13952]: Invalid user user from 45.61.186.169 port 44314","@timestamp":"2022-09-12T23:43:31.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:43:48 honeypot-ams-1 sshd[13956]: Invalid user user from 45.61.186.169 port 39432","@timestamp":"2022-09-12T23:43:49.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:05 honeypot-ams-1 sshd[13960]: Invalid user user from 45.61.186.169 port 34554","@timestamp":"2022-09-12T23:44:06.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:44:13 honeypot-ams-1 sshd[13964]: Received disconnect from 45.61.186.169 port 46226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-12T23:44:14.187Z"}
{"@timestamp":"2022-09-12T23:45:43.828Z","@version":"1","message":"Sep 12 23:45:43 honeypot-sgp-1 sshd[9233]: Received disconnect from 204.48.30.77 port 58018:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:46:18 honeypot-ams-1 sshd[13969]: Received disconnect from 177.129.4.35 port 46602:11: Bye Bye [preauth]","@timestamp":"2022-09-12T23:46:19.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:46:58 honeypot-fra-1 kernel: [83900843.944661] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.9.168.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3854 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:46:58.919Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T23:49:02.907Z","@version":"1","message":"Sep 12 23:49:02 honeypot-sgp-1 sshd[9237]: Disconnected from authenticating user root 124.152.118.194 port 10217 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:10 honeypot-fra-1 sshd[4623]: Invalid user admin from 159.203.178.0 port 50728","@timestamp":"2022-09-12T23:49:10.970Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 12 23:49:43 honeypot-ams-1 kernel: [83903167.418769] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.39 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=57930 DF PROTO=TCP SPT=64561 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-12T23:49:43.334Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 12 23:49:51 honeypot-fra-1 kernel: [83901016.416545] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=38187 PROTO=TCP SPT=10645 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-12T23:49:51.987Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-12T23:54:45.042Z","@version":"1","message":"Sep 12 23:54:44 honeypot-sgp-1 sshd[9244]: Received disconnect from 186.96.22.59 port 48242:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 12 23:55:49 honeypot-ams-1 sshd[13982]: Disconnected from authenticating user root 61.177.173.49 port 57148 [preauth]","@timestamp":"2022-09-12T23:55:50.498Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:01:17 honeypot-fra-1 sshd[4637]: Disconnected from invalid user kliv 165.22.45.108 port 43766 [preauth]","@timestamp":"2022-09-13T00:01:18.242Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:03:32 honeypot-ams-1 sshd[13987]: Received disconnect from 61.177.173.47 port 25684:11:  [preauth]","@timestamp":"2022-09-13T00:03:32.703Z"}
{"@timestamp":"2022-09-13T00:05:28.319Z","@version":"1","message":"Sep 13 00:05:28 honeypot-sgp-1 sshd[9251]: Invalid user admin from 128.199.160.207 port 47576","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:06:09.338Z","@version":"1","message":"Sep 13 00:06:08 honeypot-sgp-1 sshd[9257]: Invalid user user from 179.60.147.69 port 64302","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:06:10 honeypot-ams-1 sshd[13994]: Received disconnect from 61.177.173.52 port 22674:11:  [preauth]","@timestamp":"2022-09-13T00:06:10.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:08:07 honeypot-ams-1 sshd[14000]: Received disconnect from 92.255.85.69 port 56074:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:08:08.831Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:08:59 honeypot-fra-1 sshd[4645]: Invalid user loan from 137.116.144.39 port 50976","@timestamp":"2022-09-13T00:09:00.421Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:09:16 honeypot-ams-1 sshd[14004]: Received disconnect from 139.59.112.202 port 58912:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:09:16.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:09:51 honeypot-ams-1 sshd[14008]: Connection closed by invalid user user 179.60.147.69 port 59106 [preauth]","@timestamp":"2022-09-13T00:09:51.881Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:10:27 honeypot-ams-1 sshd[14013]: Disconnected from invalid user uu 147.182.188.81 port 42626 [preauth]","@timestamp":"2022-09-13T00:10:27.899Z"}
{"@timestamp":"2022-09-13T00:12:04.478Z","@version":"1","message":"Sep 13 00:12:04 honeypot-sgp-1 sshd[9261]: Received disconnect from 45.61.184.204 port 52410:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:26.489Z","@version":"1","message":"Sep 13 00:12:26 honeypot-sgp-1 sshd[9265]: Received disconnect from 45.61.184.204 port 50194:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:12:47.498Z","@version":"1","message":"Sep 13 00:12:47 honeypot-sgp-1 sshd[9269]: Received disconnect from 45.61.184.204 port 47972:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:13:06.508Z","@version":"1","message":"Sep 13 00:13:06 honeypot-sgp-1 sshd[9274]: Received disconnect from 45.61.184.204 port 45758:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:15:21 honeypot-ams-1 sshd[14021]: Received disconnect from 61.177.173.47 port 53438:11:  [preauth]","@timestamp":"2022-09-13T00:15:22.030Z"}
{"@timestamp":"2022-09-13T20:04:36.436Z","@version":"1","message":"Sep 13 20:04:35 honeypot-sgp-1 sshd[11361]: Disconnected from invalid user user 45.61.186.169 port 55788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:48 honeypot-ams-1 sshd[16371]: Disconnected from authenticating user root 85.31.46.45 port 57742 [preauth]","@timestamp":"2022-09-13T20:04:48.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:05:31 honeypot-ams-1 sshd[16377]: Disconnected from authenticating user root 85.31.46.45 port 59204 [preauth]","@timestamp":"2022-09-13T20:05:32.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:15 honeypot-ams-1 sshd[16384]: Invalid user user from 85.31.46.45 port 60296","@timestamp":"2022-09-13T20:06:16.604Z"}
{"@timestamp":"2022-09-13T20:07:20.504Z","@version":"1","message":"Sep 13 20:07:20 honeypot-sgp-1 sshd[11368]: Invalid user juanda from 137.184.126.78 port 43358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:09:27 honeypot-ams-1 kernel: [83976351.065524] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.7 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13240 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:09:27.688Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:10:31 honeypot-fra-1 sshd[7125]: Received disconnect from 104.248.199.34 port 42434:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:10:32.413Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:13:13.643Z","@version":"1","message":"Sep 13 20:13:12 honeypot-sgp-1 kernel: [83976102.360023] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.133 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42049 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:14:06 honeypot-fra-1 sshd[7129]: Invalid user dovecot from 165.22.60.53 port 37542","@timestamp":"2022-09-13T20:14:06.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:17:01 honeypot-fra-1 CRON[7134]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T20:17:02.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:17:01 honeypot-ams-1 CRON[16394]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T20:17:02.885Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:20:47 honeypot-fra-1 kernel: [83974869.934173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.156.155.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23512 PROTO=TCP SPT=53102 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:20:47.652Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T20:22:02.852Z","@version":"1","message":"Sep 13 20:22:02 honeypot-sgp-1 kernel: [83976631.717630] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.140 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41706 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:22:38 honeypot-ams-1 sshd[16398]: Connection closed by invalid user guest 179.60.147.69 port 21150 [preauth]","@timestamp":"2022-09-13T20:22:39.033Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:29:40 honeypot-ams-1 kernel: [83977564.102713] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=168.181.139.14 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=14361 PROTO=TCP SPT=50971 DPT=80 WINDOW=65316 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:29:41.217Z"}
{"@timestamp":"2022-09-13T20:32:44.110Z","@version":"1","message":"Sep 13 20:32:43 honeypot-sgp-1 sshd[11386]: Received disconnect from 206.81.15.128 port 47550:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:32:49 honeypot-ams-1 sshd[16405]: Disconnected from authenticating user root 185.172.3.226 port 54794 [preauth]","@timestamp":"2022-09-13T20:32:49.304Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:33:16 honeypot-fra-1 sshd[7144]: Disconnected from authenticating user root 92.255.85.70 port 27606 [preauth]","@timestamp":"2022-09-13T20:33:16.936Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:37:27 honeypot-ams-1 kernel: [83978031.238229] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.27 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=40108 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:37:28.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:37:50 honeypot-fra-1 sshd[7150]: Disconnected from invalid user user 198.98.61.9 port 36920 [preauth]","@timestamp":"2022-09-13T20:37:51.040Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:07 honeypot-fra-1 sshd[7154]: Disconnected from invalid user user 198.98.61.9 port 59994 [preauth]","@timestamp":"2022-09-13T20:38:08.048Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:30 honeypot-fra-1 sshd[7159]: Disconnected from invalid user user 198.98.61.9 port 54838 [preauth]","@timestamp":"2022-09-13T20:38:30.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:46 honeypot-fra-1 sshd[7163]: Disconnected from invalid user user 198.98.61.9 port 49680 [preauth]","@timestamp":"2022-09-13T20:38:46.066Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:41:32 honeypot-ams-1 sshd[16415]: Disconnected from authenticating user root 138.68.91.192 port 43788 [preauth]","@timestamp":"2022-09-13T20:41:33.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:41:52 honeypot-fra-1 sshd[7169]: Received disconnect from 45.61.187.160 port 38850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:41:53.142Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:07 honeypot-fra-1 sshd[7173]: Received disconnect from 165.22.45.108 port 55350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:42:07.148Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:25 honeypot-fra-1 sshd[7177]: Received disconnect from 45.61.187.160 port 44982:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:42:26.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:44 honeypot-fra-1 sshd[7181]: Received disconnect from 45.61.187.160 port 39648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:42:45.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:55 honeypot-fra-1 sshd[7183]: Received disconnect from 3.38.231.14 port 42514:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:42:55.171Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:45:30.441Z","@version":"1","message":"Sep 13 20:45:29 honeypot-sgp-1 sshd[11392]: Invalid user ue from 137.184.104.77 port 33428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:45:56.454Z","@version":"1","message":"Sep 13 20:45:55 honeypot-sgp-1 sshd[11394]: Disconnected from invalid user db 185.53.229.86 port 59164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:51:24 honeypot-ams-1 kernel: [83978868.204956] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36027 PROTO=TCP SPT=58908 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:51:24.800Z"}
{"@timestamp":"2022-09-13T20:53:55.651Z","@version":"1","message":"Sep 13 20:53:55 honeypot-sgp-1 sshd[11402]: Received disconnect from 92.255.85.70 port 24908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:55:38 honeypot-fra-1 sshd[7196]: Invalid user pi from 80.117.229.198 port 55898","@timestamp":"2022-09-13T20:55:39.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:55:39.696Z","@version":"1","message":"Sep 13 20:55:39 honeypot-sgp-1 sshd[11408]: Invalid user support from 179.60.147.69 port 24984","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:56:23 honeypot-fra-1 sshd[7200]: Disconnected from authenticating user root 92.255.85.69 port 17860 [preauth]","@timestamp":"2022-09-13T20:56:23.471Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:56:55.730Z","@version":"1","message":"Sep 13 20:56:55 honeypot-sgp-1 sshd[11414]: Received disconnect from 179.43.156.143 port 47978:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:58:06.760Z","@version":"1","message":"Sep 13 20:58:06 honeypot-sgp-1 sshd[11419]: Received disconnect from 179.43.156.143 port 39172:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:48 honeypot-fra-1 sshd[7206]: Received disconnect from 45.61.186.49 port 57176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:58:48.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:56 honeypot-fra-1 sshd[7210]: Disconnected from authenticating user root 210.187.80.132 port 33034 [preauth]","@timestamp":"2022-09-13T20:58:56.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:59:04 honeypot-fra-1 sshd[7214]: Disconnected from invalid user user 45.61.186.49 port 48478 [preauth]","@timestamp":"2022-09-13T20:59:05.538Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:59:07 honeypot-ams-1 sshd[16423]: Disconnected from authenticating user root 92.255.85.70 port 33736 [preauth]","@timestamp":"2022-09-13T20:59:08.002Z"}
{"@timestamp":"2022-09-13T20:59:29.795Z","@version":"1","message":"Sep 13 20:59:29 honeypot-sgp-1 sshd[11423]: Received disconnect from 179.43.156.143 port 58640:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:01:38.849Z","@version":"1","message":"Sep 13 21:01:38 honeypot-sgp-1 sshd[11429]: Received disconnect from 179.43.156.143 port 45466:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:43 honeypot-fra-1 sshd[7221]: Received disconnect from 45.61.186.169 port 57600:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:02:43.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:02 honeypot-fra-1 sshd[7225]: Received disconnect from 45.61.186.169 port 53506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:03:02.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:19 honeypot-fra-1 sshd[7229]: Received disconnect from 45.61.186.169 port 49404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:03:19.636Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:03:52.904Z","@version":"1","message":"Sep 13 21:03:52 honeypot-sgp-1 kernel: [83979142.176201] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=228 ID=53383 PROTO=TCP SPT=42803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:06:58 honeypot-fra-1 kernel: [83977640.638024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.236.109 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=40679 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:06:58.721Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:08:24 honeypot-ams-1 sshd[16426]: Connection closed by invalid user test 193.106.191.157 port 39548 [preauth]","@timestamp":"2022-09-13T21:08:25.242Z"}
{"@timestamp":"2022-09-13T21:08:37.018Z","@version":"1","message":"Sep 13 21:08:36 honeypot-sgp-1 kernel: [83979426.524475] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.46.215.90 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=7201 DF PROTO=TCP SPT=41456 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:11:46.095Z","@version":"1","message":"Sep 13 21:11:45 honeypot-sgp-1 sshd[11441]: Invalid user steam from 190.117.147.185 port 36834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:37.119Z","@version":"1","message":"Sep 13 21:12:36 honeypot-sgp-1 sshd[11444]: Disconnected from invalid user user 141.255.162.226 port 57120 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:39.120Z","@version":"1","message":"Sep 13 21:12:38 honeypot-sgp-1 sshd[11448]: Disconnected from invalid user user 141.255.162.226 port 41724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:43.122Z","@version":"1","message":"Sep 13 21:12:42 honeypot-sgp-1 sshd[11452]: Disconnected from invalid user user 141.255.162.226 port 48148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:15:39 honeypot-ams-1 kernel: [83980323.018812] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.197.13 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59822 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:15:40.430Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:16:09 honeypot-fra-1 kernel: [83978192.279705] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56406 PROTO=TCP SPT=42803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:16:09.927Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:17:01 honeypot-fra-1 CRON[7240]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T21:17:01.952Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:17:40.241Z","@version":"1","message":"Sep 13 21:17:39 honeypot-sgp-1 kernel: [83979969.157104] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.204.42.89 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55832 DF PROTO=TCP SPT=52176 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:18:55 honeypot-ams-1 kernel: [83980519.197984] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39557 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:18:56.518Z"}
{"@timestamp":"2022-09-13T21:20:37.313Z","@version":"1","message":"Sep 13 21:20:36 honeypot-sgp-1 sshd[11460]: Received disconnect from 35.210.132.198 port 42794:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:21:56 honeypot-ams-1 kernel: [83980699.909146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.109 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=43917 PROTO=TCP SPT=63068 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:21:56.599Z"}
{"@timestamp":"2022-09-13T21:24:48.415Z","@version":"1","message":"Sep 13 21:24:48 honeypot-sgp-1 kernel: [83980397.902153] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=177.66.94.26 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=15686 PROTO=TCP SPT=40576 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:25:59 honeypot-fra-1 sshd[7251]: Received disconnect from 165.22.45.108 port 60266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:25:59.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:28:01.493Z","@version":"1","message":"Sep 13 21:28:00 honeypot-sgp-1 sshd[11466]: Disconnected from invalid user ftpadmin 201.21.236.19 port 41554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:28:22 honeypot-ams-1 sshd[16445]: Disconnected from authenticating user www-data 143.198.165.162 port 58732 [preauth]","@timestamp":"2022-09-13T21:28:23.770Z"}
{"@timestamp":"2022-09-13T21:28:38.509Z","@version":"1","message":"Sep 13 21:28:38 honeypot-sgp-1 sshd[11470]: Disconnected from invalid user user 198.98.61.9 port 41094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:28:55.516Z","@version":"1","message":"Sep 13 21:28:54 honeypot-sgp-1 sshd[11474]: Disconnected from invalid user user 198.98.61.9 port 36672 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:08.522Z","@version":"1","message":"Sep 13 21:29:08 honeypot-sgp-1 sshd[11478]: Disconnected from invalid user shj 177.33.46.250 port 39732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:18.527Z","@version":"1","message":"Sep 13 21:29:17 honeypot-sgp-1 sshd[11483]: Disconnected from invalid user user 198.98.61.9 port 44148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:32:48.610Z","@version":"1","message":"Sep 13 21:32:47 honeypot-sgp-1 sshd[11488]: Disconnected from invalid user chandler 52.172.168.56 port 42196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:33:31 honeypot-fra-1 sshd[7257]: Connection closed by invalid user ubnt 179.60.147.69 port 63550 [preauth]","@timestamp":"2022-09-13T21:33:32.325Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:34:30 honeypot-ams-1 sshd[16454]: Connection closed by invalid user crchen 137.116.144.39 port 50724 [preauth]","@timestamp":"2022-09-13T21:34:30.929Z"}
{"@timestamp":"2022-09-13T21:37:50.732Z","@version":"1","message":"Sep 13 21:37:49 honeypot-sgp-1 kernel: [83981179.410982] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.88 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=56088 PROTO=TCP SPT=50940 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:39:49 honeypot-fra-1 sshd[7262]: Disconnected from authenticating user root 92.255.85.70 port 21448 [preauth]","@timestamp":"2022-09-13T21:39:49.472Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:41:00.811Z","@version":"1","message":"Sep 13 21:41:00 honeypot-sgp-1 sshd[11499]: Disconnecting invalid user cameras 185.246.130.20 port 45609: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:15.819Z","@version":"1","message":"Sep 13 21:41:15 honeypot-sgp-1 sshd[11503]: Disconnecting invalid user admin 185.246.130.20 port 57778: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:57.838Z","@version":"1","message":"Sep 13 21:41:56 honeypot-sgp-1 sshd[11509]: Disconnecting invalid user aerohive 185.246.130.20 port 16634: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:25.853Z","@version":"1","message":"Sep 13 21:42:24 honeypot-sgp-1 sshd[11515]: Disconnecting invalid user private 185.246.130.20 port 1721: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:51.866Z","@version":"1","message":"Sep 13 21:42:51 honeypot-sgp-1 sshd[11523]: Invalid user araknis from 185.246.130.20 port 8193","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:43:17.879Z","@version":"1","message":"Sep 13 21:43:17 honeypot-sgp-1 sshd[11529]: Disconnecting authenticating user root 185.246.130.20 port 37697: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:15.906Z","@version":"1","message":"Sep 13 21:44:15 honeypot-sgp-1 sshd[11535]: Disconnecting invalid user admin 185.246.130.20 port 51853: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:44.920Z","@version":"1","message":"Sep 13 21:44:44 honeypot-sgp-1 sshd[11543]: Invalid user  from 185.246.130.20 port 28330","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:05.928Z","@version":"1","message":"Sep 13 21:45:05 honeypot-sgp-1 sshd[11549]: Invalid user admin from 185.246.130.20 port 63425","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:29.954Z","@version":"1","message":"Sep 13 21:45:29 honeypot-sgp-1 sshd[11555]: Disconnecting invalid user Administrator 185.246.130.20 port 46424: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:02.970Z","@version":"1","message":"Sep 13 21:46:02 honeypot-sgp-1 sshd[11562]: Disconnecting invalid user sti.admin5 185.246.130.20 port 8633: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:34.984Z","@version":"1","message":"Sep 13 21:46:34 honeypot-sgp-1 sshd[11569]: Invalid user zhone from 185.246.130.20 port 61137","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:46:34 honeypot-ams-1 sshd[16461]: Did not receive identification string from 92.255.85.183 port 60753","@timestamp":"2022-09-13T21:46:35.238Z"}
{"@timestamp":"2022-09-13T21:47:00.997Z","@version":"1","message":"Sep 13 21:47:00 honeypot-sgp-1 sshd[11576]: Disconnecting invalid user default 185.246.130.20 port 52806: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:25.009Z","@version":"1","message":"Sep 13 21:47:24 honeypot-sgp-1 sshd[11582]: Disconnecting invalid user Administrator 185.246.130.20 port 53705: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:54.023Z","@version":"1","message":"Sep 13 21:47:53 honeypot-sgp-1 sshd[11588]: Disconnecting invalid user admin 185.246.130.20 port 42598: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:47:58 honeypot-ams-1 sshd[16465]: Received disconnect from 190.13.81.218 port 41320:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:47:59.277Z"}
{"@timestamp":"2022-09-13T21:48:05.028Z","@version":"1","message":"Sep 13 21:48:04 honeypot-sgp-1 sshd[11590]: Disconnecting invalid user lgnortel 185.246.130.20 port 41770: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:36.042Z","@version":"1","message":"Sep 13 21:48:36 honeypot-sgp-1 sshd[11600]: Disconnecting invalid user admin 185.246.130.20 port 28911: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:54.050Z","@version":"1","message":"Sep 13 21:48:53 honeypot-sgp-1 sshd[11606]: Invalid user admin1234 from 185.246.130.20 port 41835","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:19.063Z","@version":"1","message":"Sep 13 21:49:18 honeypot-sgp-1 sshd[11611]: Disconnecting invalid user  185.246.130.20 port 28475: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:48.076Z","@version":"1","message":"Sep 13 21:49:48 honeypot-sgp-1 sshd[11617]: Disconnecting invalid user admin 185.246.130.20 port 45539: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:50:09 honeypot-fra-1 sshd[7265]: Disconnected from invalid user rodriguez 103.248.60.70 port 55747 [preauth]","@timestamp":"2022-09-13T21:50:09.706Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:50:27.094Z","@version":"1","message":"Sep 13 21:50:26 honeypot-sgp-1 sshd[11625]: Invalid user airlive from 185.246.130.20 port 14923","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:50:52.106Z","@version":"1","message":"Sep 13 21:50:52 honeypot-sgp-1 sshd[11630]: Disconnecting invalid user admin 185.246.130.20 port 21120: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:24.121Z","@version":"1","message":"Sep 13 21:51:23 honeypot-sgp-1 sshd[11637]: Disconnecting invalid user Shiko 185.246.130.20 port 35778: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:54.135Z","@version":"1","message":"Sep 13 21:51:53 honeypot-sgp-1 sshd[11643]: Disconnecting invalid user smcadmin 185.246.130.20 port 48776: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:26.150Z","@version":"1","message":"Sep 13 21:52:25 honeypot-sgp-1 sshd[11649]: Invalid user highspeed from 185.246.130.20 port 18556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:56.165Z","@version":"1","message":"Sep 13 21:52:55 honeypot-sgp-1 sshd[11655]: Invalid user  from 185.246.130.20 port 44772","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:53:30.181Z","@version":"1","message":"Sep 13 21:53:29 honeypot-sgp-1 sshd[11661]: Invalid user public from 185.246.130.20 port 14738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:54:03.198Z","@version":"1","message":"Sep 13 21:54:02 honeypot-sgp-1 sshd[11667]: Disconnecting authenticating user root 185.246.130.20 port 56411: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:54:44.217Z","@version":"1","message":"Sep 13 21:54:43 honeypot-sgp-1 sshd[11674]: Disconnecting invalid user amdin 185.246.130.20 port 12896: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:54:58 honeypot-ams-1 sshd[16470]: Invalid user redmine from 129.151.252.157 port 50420","@timestamp":"2022-09-13T21:54:58.455Z"}
{"@timestamp":"2022-09-13T21:55:29.238Z","@version":"1","message":"Sep 13 21:55:28 honeypot-sgp-1 sshd[11680]: Disconnecting invalid user admin 185.246.130.20 port 20764: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:56:17.261Z","@version":"1","message":"Sep 13 21:56:16 honeypot-sgp-1 sshd[11687]: Disconnecting invalid user admin 185.246.130.20 port 19501: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:56:38 honeypot-fra-1 kernel: [83980621.129487] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=182.61.58.87 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=105 ID=5482 DF PROTO=TCP SPT=61598 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T21:56:38.853Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T21:56:55.278Z","@version":"1","message":"Sep 13 21:56:54 honeypot-sgp-1 sshd[11693]: Disconnecting invalid user 1admin0 185.246.130.20 port 63494: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:59:47 honeypot-ams-1 sshd[16472]: Connection closed by 223.71.167.164 port 38105 [preauth]","@timestamp":"2022-09-13T21:59:48.585Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:06:02 honeypot-ams-1 kernel: [83983346.248409] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.209.94.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=24154 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:06:02.752Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:08:05 honeypot-fra-1 sshd[7277]: error: maximum authentication attempts exceeded for invalid user admin from 128.53.5.55 port 62677 ssh2 [preauth]","@timestamp":"2022-09-13T22:08:06.111Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:08:43.548Z","@version":"1","message":"Sep 13 22:08:43 honeypot-sgp-1 sshd[11700]: Connection closed by authenticating user nobody 179.60.147.69 port 62398 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:09:34 honeypot-fra-1 sshd[7281]: Received disconnect from 165.22.45.108 port 38344:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:09:35.147Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:12:02 honeypot-ams-1 sshd[16481]: Connection closed by authenticating user nobody 179.60.147.69 port 61614 [preauth]","@timestamp":"2022-09-13T22:12:02.930Z"}
{"@timestamp":"2022-09-13T22:12:51.650Z","@version":"1","message":"Sep 13 22:12:50 honeypot-sgp-1 sshd[11709]: Received disconnect from 157.245.122.58 port 51084:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:13:13 honeypot-fra-1 kernel: [83981615.891846] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=9684 PROTO=TCP SPT=47033 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:13:14.233Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:13:19 honeypot-ams-1 sshd[16485]: Disconnected from invalid user fi 62.231.21.18 port 45106 [preauth]","@timestamp":"2022-09-13T22:13:19.965Z"}
{"@timestamp":"2022-09-13T22:14:54.703Z","@version":"1","message":"Sep 13 22:14:53 honeypot-sgp-1 sshd[11715]: Invalid user odoo from 157.245.122.58 port 49934","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:15:57.729Z","@version":"1","message":"Sep 13 22:15:57 honeypot-sgp-1 sshd[11719]: Received disconnect from 157.245.122.58 port 35246:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:16:57.755Z","@version":"1","message":"Sep 13 22:16:56 honeypot-sgp-1 sshd[11723]: Disconnected from invalid user data.user 157.245.122.58 port 48782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:17:01 honeypot-ams-1 CRON[16489]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T22:17:01.059Z"}
{"@timestamp":"2022-09-13T22:17:54.780Z","@version":"1","message":"Sep 13 22:17:54 honeypot-sgp-1 sshd[11729]: Invalid user jonitwiso from 157.245.122.58 port 34094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:19:27.819Z","@version":"1","message":"Sep 13 22:19:27 honeypot-sgp-1 sshd[11733]: Invalid user joaquina from 123.125.194.150 port 35090","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:20:11.839Z","@version":"1","message":"Sep 13 22:20:11 honeypot-sgp-1 sshd[11812]: Received disconnect from 92.255.85.69 port 53024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:21:52 honeypot-fra-1 sshd[7365]: Disconnected from authenticating user root 92.255.85.69 port 47882 [preauth]","@timestamp":"2022-09-13T22:21:52.427Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:24:28 honeypot-ams-1 sshd[16504]: Disconnected from authenticating user root 69.49.245.238 port 53468 [preauth]","@timestamp":"2022-09-13T22:24:28.252Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:26:02 honeypot-fra-1 sshd[7368]: Disconnected from authenticating user root 128.199.167.161 port 42322 [preauth]","@timestamp":"2022-09-13T22:26:03.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:28:47.043Z","@version":"1","message":"Sep 13 22:28:46 honeypot-sgp-1 sshd[11816]: Invalid user teamspeak3 from 104.248.62.102 port 55400","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:29:16 honeypot-ams-1 sshd[16510]: Received disconnect from 59.26.216.102 port 49098:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:29:16.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:29:41 honeypot-ams-1 sshd[16513]: Disconnected from authenticating user root 61.177.173.53 port 27319 [preauth]","@timestamp":"2022-09-13T22:29:41.393Z"}
{"@timestamp":"2022-09-13T22:31:01.097Z","@version":"1","message":"Sep 13 22:31:00 honeypot-sgp-1 kernel: [83984370.071418] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.88.165.76 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=59398 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:42 honeypot-fra-1 sshd[7376]: Did not receive identification string from 52.183.129.64 port 46048","@timestamp":"2022-09-13T22:36:43.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7380]: Invalid user chia from 52.183.129.64 port 49408","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7383]: Invalid user centos from 52.183.129.64 port 49410","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7378]: Connection closed by invalid user es 52.183.129.64 port 49400 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7384]: Connection closed by invalid user hadoop 52.183.129.64 port 49424 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7407]: Invalid user mysql from 52.183.129.64 port 49456","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7409]: Invalid user ftpuser from 52.183.129.64 port 49406","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7410]: Connection closed by invalid user admin 52.183.129.64 port 49396 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7422]: Invalid user ubuntu from 52.183.129.64 port 49444","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7423]: Connection closed by invalid user oracle 52.183.129.64 port 49442 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7430]: Connection closed by invalid user guest 52.183.129.64 port 49458 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:36:59.239Z","@version":"1","message":"Sep 13 22:36:58 honeypot-sgp-1 sshd[11828]: Invalid user rstudio-server from 138.197.68.4 port 33884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:37:53.261Z","@version":"1","message":"Sep 13 22:37:53 honeypot-sgp-1 sshd[11832]: Received disconnect from 91.144.20.198 port 40922:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:38:38 honeypot-ams-1 sshd[16520]: Disconnected from authenticating user root 61.177.173.36 port 59774 [preauth]","@timestamp":"2022-09-13T22:38:38.628Z"}
{"@timestamp":"2022-09-13T22:42:19.369Z","@version":"1","message":"Sep 13 22:42:19 honeypot-sgp-1 sshd[11835]: Disconnected from authenticating user root 92.255.85.70 port 22154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:43:54 honeypot-fra-1 kernel: [83983456.661750] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.106.220 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=41616 DF PROTO=TCP SPT=45651 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:43:54.924Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:44:55 honeypot-ams-1 sshd[16529]: Received disconnect from 80.76.51.46 port 46998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:44:55.813Z"}
{"@timestamp":"2022-09-13T22:45:04.437Z","@version":"1","message":"Sep 13 22:45:04 honeypot-sgp-1 sshd[11839]: Connection closed by invalid user config 179.60.147.69 port 14860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:45:38 honeypot-ams-1 sshd[16535]: Received disconnect from 80.76.51.46 port 60834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:45:38.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:19 honeypot-ams-1 sshd[16541]: Received disconnect from 80.76.51.46 port 46232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:46:19.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:59 honeypot-ams-1 sshd[16547]: Received disconnect from 80.76.51.46 port 59890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:46:59.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:26 honeypot-ams-1 sshd[16552]: Disconnected from invalid user test 80.76.51.46 port 50242 [preauth]","@timestamp":"2022-09-13T22:47:26.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:52 honeypot-ams-1 sshd[16556]: Invalid user testuser from 80.76.51.46 port 40422","@timestamp":"2022-09-13T22:47:52.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:19 honeypot-ams-1 sshd[16561]: Invalid user ubuntu from 80.76.51.46 port 58990","@timestamp":"2022-09-13T22:48:20.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:33 honeypot-ams-1 sshd[16565]: Received disconnect from 80.76.51.46 port 54174:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:48:33.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:48:41 honeypot-fra-1 kernel: [83983743.294688] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.212.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36927 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:48:42.036Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:47 honeypot-ams-1 sshd[16569]: Disconnected from invalid user ubuntu 80.76.51.46 port 49422 [preauth]","@timestamp":"2022-09-13T22:48:47.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:28 honeypot-ams-1 sshd[16575]: Received disconnect from 80.76.51.46 port 34774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:49:28.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:55 honeypot-ams-1 sshd[16579]: Disconnected from authenticating user root 80.76.51.46 port 53302 [preauth]","@timestamp":"2022-09-13T22:49:55.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:36 honeypot-ams-1 sshd[16585]: Received disconnect from 80.76.51.46 port 38788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:50:36.985Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:52:22 honeypot-fra-1 sshd[7451]: Invalid user csl from 173.186.116.37 port 44762","@timestamp":"2022-09-13T22:52:22.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:53:28 honeypot-fra-1 sshd[7455]: Invalid user admin from 195.135.28.185 port 37976","@timestamp":"2022-09-13T22:53:29.149Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:55:17 honeypot-ams-1 sshd[16592]: Connection closed by invalid user admin 125.139.58.175 port 46067 [preauth]","@timestamp":"2022-09-13T22:55:18.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:55:53 honeypot-fra-1 sshd[7460]: Disconnected from invalid user simsadmin 54.36.19.17 port 53990 [preauth]","@timestamp":"2022-09-13T22:55:53.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:27 honeypot-fra-1 sshd[7470]: Disconnected from invalid user user 198.98.61.9 port 48634 [preauth]","@timestamp":"2022-09-13T23:03:28.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:46 honeypot-fra-1 sshd[7474]: Disconnected from invalid user user 198.98.61.9 port 45368 [preauth]","@timestamp":"2022-09-13T23:03:47.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:05 honeypot-fra-1 sshd[7478]: Disconnected from invalid user user 198.98.61.9 port 42160 [preauth]","@timestamp":"2022-09-13T23:04:06.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:22 honeypot-fra-1 sshd[7482]: Disconnected from invalid user user 198.98.61.9 port 38848 [preauth]","@timestamp":"2022-09-13T23:04:23.407Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:05:15 honeypot-ams-1 kernel: [83986898.796342] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=11635 PROTO=TCP SPT=3232 DPT=443 WINDOW=42809 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:05:15.359Z"}
{"@timestamp":"2022-09-13T23:05:34.922Z","@version":"1","message":"Sep 13 23:05:34 honeypot-sgp-1 sshd[11855]: Received disconnect from 103.221.252.46 port 48144:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:08:23 honeypot-fra-1 sshd[7487]: Disconnected from authenticating user root 209.14.68.151 port 39034 [preauth]","@timestamp":"2022-09-13T23:08:24.500Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:09:19.014Z","@version":"1","message":"Sep 13 23:09:18 honeypot-sgp-1 sshd[11859]: Received disconnect from 199.115.228.186 port 35872:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:03 honeypot-fra-1 sshd[7492]: Disconnected from invalid user user 45.61.186.249 port 38524 [preauth]","@timestamp":"2022-09-13T23:10:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:22 honeypot-fra-1 sshd[7496]: Disconnected from invalid user user 45.61.186.249 port 33570 [preauth]","@timestamp":"2022-09-13T23:10:22.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:41 honeypot-fra-1 sshd[7500]: Received disconnect from 45.61.186.249 port 56816:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:10:41.559Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:57 honeypot-fra-1 sshd[7504]: Received disconnect from 45.61.186.249 port 51846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:10:58.567Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:12:24 honeypot-ams-1 sshd[16613]: Disconnected from authenticating user root 61.177.173.49 port 36766 [preauth]","@timestamp":"2022-09-13T23:12:24.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:57 honeypot-fra-1 sshd[7510]: Invalid user user from 141.255.162.226 port 47214","@timestamp":"2022-09-13T23:15:57.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:00 honeypot-fra-1 sshd[7514]: Invalid user user from 141.255.162.226 port 47666","@timestamp":"2022-09-13T23:16:00.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:03 honeypot-fra-1 sshd[7518]: Invalid user user from 141.255.162.226 port 33778","@timestamp":"2022-09-13T23:16:04.686Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:17:02.196Z","@version":"1","message":"Sep 13 23:17:01 honeypot-sgp-1 CRON[11864]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:18:23 honeypot-fra-1 kernel: [83985525.400988] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.142.115.61 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=25484 DF PROTO=TCP SPT=39824 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:18:23.741Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:19:26 honeypot-ams-1 sshd[16621]: Disconnected from authenticating user root 61.177.172.124 port 29699 [preauth]","@timestamp":"2022-09-13T23:19:27.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:21:01 honeypot-ams-1 sshd[16626]: Disconnected from authenticating user root 61.177.173.51 port 57575 [preauth]","@timestamp":"2022-09-13T23:21:01.777Z"}
{"@timestamp":"2022-09-13T23:24:31.379Z","@version":"1","message":"Sep 13 23:24:30 honeypot-sgp-1 sshd[11876]: Received disconnect from 61.177.172.90 port 36003:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:26:43 honeypot-ams-1 sshd[16632]: Received disconnect from 61.177.173.36 port 57927:11:  [preauth]","@timestamp":"2022-09-13T23:26:43.935Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:27:12 honeypot-fra-1 sshd[7528]: Invalid user mc from 103.90.177.102 port 56420","@timestamp":"2022-09-13T23:27:12.939Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:31:02.535Z","@version":"1","message":"Sep 13 23:31:01 honeypot-sgp-1 kernel: [83987971.369467] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=25192 PROTO=TCP SPT=51802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:31:05 honeypot-ams-1 sshd[16638]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 40015","@timestamp":"2022-09-13T23:31:06.049Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:31:38 honeypot-fra-1 sshd[7532]: Disconnected from authenticating user root 92.255.85.70 port 30866 [preauth]","@timestamp":"2022-09-13T23:31:39.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:24 honeypot-fra-1 sshd[7536]: Disconnected from invalid user user 198.98.61.9 port 38902 [preauth]","@timestamp":"2022-09-13T23:32:25.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:43 honeypot-fra-1 sshd[7540]: Disconnected from invalid user user 198.98.61.9 port 33668 [preauth]","@timestamp":"2022-09-13T23:32:44.072Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:00 honeypot-fra-1 sshd[7544]: Disconnected from invalid user user 198.98.61.9 port 56704 [preauth]","@timestamp":"2022-09-13T23:33:01.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:16 honeypot-fra-1 sshd[7550]: Invalid user user from 198.98.61.9 port 51506","@timestamp":"2022-09-13T23:33:17.089Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:34:18 honeypot-ams-1 sshd[16642]: Received disconnect from 92.255.85.70 port 52900:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:34:19.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:38:52 honeypot-ams-1 sshd[16649]: Received disconnect from 61.177.173.39 port 50668:11:  [preauth]","@timestamp":"2022-09-13T23:38:52.253Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:44:55 honeypot-fra-1 sshd[7556]: Did not receive identification string from 185.100.87.133 port 40551","@timestamp":"2022-09-13T23:44:55.346Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:44:56.861Z","@version":"1","message":"Sep 13 23:44:56 honeypot-sgp-1 kernel: [83988805.537676] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=50315 PROTO=TCP SPT=50448 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:45:22 honeypot-ams-1 sshd[16654]: Connection closed by invalid user test 193.106.191.157 port 55256 [preauth]","@timestamp":"2022-09-13T23:45:22.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:48:44 honeypot-ams-1 sshd[16664]: Disconnected from authenticating user root 69.250.26.126 port 53120 [preauth]","@timestamp":"2022-09-13T23:48:44.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:50:48 honeypot-ams-1 sshd[16669]: Disconnected from authenticating user root 61.177.173.36 port 55336 [preauth]","@timestamp":"2022-09-13T23:50:49.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:51:28 honeypot-fra-1 sshd[7561]: Received disconnect from 187.141.135.181 port 60750:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:51:29.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:55:08 honeypot-fra-1 sshd[7567]: Received disconnect from 92.255.85.69 port 52952:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:55:09.598Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:55:25.104Z","@version":"1","message":"Sep 13 23:55:24 honeypot-sgp-1 kernel: [83989434.365007] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=49720 PROTO=TCP SPT=52893 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:57:45 honeypot-ams-1 sshd[16676]: Disconnected from authenticating user root 92.255.85.70 port 47672 [preauth]","@timestamp":"2022-09-13T23:57:45.760Z"}
{"@timestamp":"2022-09-13T23:58:43.185Z","@version":"1","message":"Sep 13 23:58:42 honeypot-sgp-1 sshd[11910]: Invalid user admin from 81.17.25.50 port 34645","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:35.208Z","@version":"1","message":"Sep 13 23:59:34 honeypot-sgp-1 sshd[11916]: Invalid user admin from 81.17.25.50 port 25691","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:00:13.226Z","@version":"1","message":"Sep 14 00:00:12 honeypot-sgp-1 sshd[11924]: Invalid user centos from 179.60.147.69 port 40702","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:01:28.259Z","@version":"1","message":"Sep 14 00:01:27 honeypot-sgp-1 sshd[11926]: Invalid user aerohive from 81.17.25.50 port 49727","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:03:27.312Z","@version":"1","message":"Sep 14 00:03:27 honeypot-sgp-1 sshd[11935]: Invalid user private from 81.17.25.50 port 28690","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:03:42 honeypot-ams-1 sshd[16681]: Connection closed by invalid user centos 179.60.147.69 port 45074 [preauth]","@timestamp":"2022-09-14T00:03:42.927Z"}
{"@timestamp":"2022-09-14T00:06:01.376Z","@version":"1","message":"Sep 14 00:06:00 honeypot-sgp-1 sshd[11941]: Invalid user Admin from 81.17.25.50 port 2296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:08:15.434Z","@version":"1","message":"Sep 14 00:08:14 honeypot-sgp-1 sshd[11949]: Invalid user user from 81.17.25.50 port 48720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:09:13 honeypot-fra-1 sshd[7575]: Unable to negotiate with 59.173.241.166 port 2614: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-14T00:09:13.929Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:09:20.464Z","@version":"1","message":"Sep 14 00:09:20 honeypot-sgp-1 sshd[11958]: Disconnected from authenticating user root 61.177.172.90 port 12068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:10:58 honeypot-ams-1 sshd[16687]: Received disconnect from 61.177.173.50 port 64378:11:  [preauth]","@timestamp":"2022-09-14T00:10:59.127Z"}
{"@timestamp":"2022-09-14T00:11:24.519Z","@version":"1","message":"Sep 14 00:11:24 honeypot-sgp-1 sshd[11964]: Disconnecting invalid user blank 81.17.25.50 port 5157: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:13:11.567Z","@version":"1","message":"Sep 14 00:13:10 honeypot-sgp-1 sshd[11971]: Disconnecting invalid user guest 81.17.25.50 port 37237: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:14:57.612Z","@version":"1","message":"Sep 14 00:14:56 honeypot-sgp-1 sshd[11977]: Disconnecting invalid user  81.17.25.50 port 47786: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:15:01 honeypot-fra-1 sshd[7580]: Connection closed by invalid user test 193.106.191.157 port 58564 [preauth]","@timestamp":"2022-09-14T00:15:02.065Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:15:13.620Z","@version":"1","message":"Sep 14 00:15:13 honeypot-sgp-1 sshd[11980]: Disconnecting invalid user Cisco 81.17.25.50 port 11878: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:16:41.659Z","@version":"1","message":"Sep 14 00:16:41 honeypot-sgp-1 sshd[11987]: Disconnecting invalid user admin 81.17.25.50 port 21642: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:17:01 honeypot-ams-1 CRON[16695]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T00:17:01.289Z"}
{"@timestamp":"2022-09-14T00:18:12.700Z","@version":"1","message":"Sep 14 00:18:12 honeypot-sgp-1 sshd[12001]: Disconnecting authenticating user root 81.17.25.50 port 16364: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:18:38.713Z","@version":"1","message":"Sep 14 00:18:38 honeypot-sgp-1 sshd[12007]: Disconnecting invalid user adslroot 81.17.25.50 port 8498: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:11.729Z","@version":"1","message":"Sep 14 00:19:11 honeypot-sgp-1 sshd[12019]: Invalid user admin from 45.33.107.51 port 60080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:29.738Z","@version":"1","message":"Sep 14 00:19:28 honeypot-sgp-1 sshd[12015]: Invalid user blank from 81.17.25.50 port 5355","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:19:46 honeypot-ams-1 sshd[16703]: Disconnected from authenticating user root 92.255.85.70 port 18044 [preauth]","@timestamp":"2022-09-14T00:19:47.363Z"}
{"@timestamp":"2022-09-14T00:19:53.750Z","@version":"1","message":"Sep 14 00:19:53 honeypot-sgp-1 sshd[12025]: Invalid user  from 81.17.25.50 port 50889","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:20:40.772Z","@version":"1","message":"Sep 14 00:20:40 honeypot-sgp-1 sshd[12031]: Disconnecting invalid user admin 81.17.25.50 port 44036: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:21:47 honeypot-fra-1 sshd[7589]: Received disconnect from 211.125.67.35 port 35492:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:21:48.215Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:21:54.805Z","@version":"1","message":"Sep 14 00:21:54 honeypot-sgp-1 sshd[12037]: Disconnecting invalid user cusadmin 81.17.25.50 port 15522: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:22:42.828Z","@version":"1","message":"Sep 14 00:22:42 honeypot-sgp-1 sshd[12043]: Invalid user lgnortel from 81.17.25.50 port 8838","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:23:46.858Z","@version":"1","message":"Sep 14 00:23:46 honeypot-sgp-1 sshd[12050]: Invalid user admin from 81.17.25.50 port 17910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:24:58.890Z","@version":"1","message":"Sep 14 00:24:58 honeypot-sgp-1 sshd[12056]: Invalid user matrix from 81.17.25.50 port 21523","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:25:25 honeypot-ams-1 kernel: [83991709.167723] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.221.192.27 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22062 PROTO=TCP SPT=26132 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:25:26.513Z"}
{"@timestamp":"2022-09-14T00:25:56.917Z","@version":"1","message":"Sep 14 00:25:56 honeypot-sgp-1 sshd[12063]: Invalid user motorola from 81.17.25.50 port 38065","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:26:18.928Z","@version":"1","message":"Sep 14 00:26:18 honeypot-sgp-1 sshd[12069]: Disconnecting authenticating user root 81.17.25.50 port 53050: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:05.950Z","@version":"1","message":"Sep 14 00:27:05 honeypot-sgp-1 sshd[12075]: Disconnecting invalid user 0 81.17.25.50 port 42811: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:16.957Z","@version":"1","message":"Sep 14 00:27:16 honeypot-sgp-1 sshd[12081]: Disconnecting invalid user admin 81.17.25.50 port 10035: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:23.962Z","@version":"1","message":"Sep 14 00:27:23 honeypot-sgp-1 sshd[12087]: Disconnecting invalid user Broadcom 81.17.25.50 port 50565: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:27:24 honeypot-fra-1 sshd[7596]: Invalid user bho from 144.217.81.162 port 56058","@timestamp":"2022-09-14T00:27:25.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:27:37.970Z","@version":"1","message":"Sep 14 00:27:37 honeypot-sgp-1 sshd[12093]: Disconnecting invalid user cusadmin 81.17.25.50 port 5730: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:27:37 honeypot-ams-1 sshd[16716]: Disconnected from authenticating user root 61.177.173.36 port 51800 [preauth]","@timestamp":"2022-09-14T00:27:38.586Z"}
{"@timestamp":"2022-09-14T00:28:03.981Z","@version":"1","message":"Sep 14 00:28:03 honeypot-sgp-1 sshd[12100]: Received disconnect from 159.223.95.166 port 45762:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:28:46.002Z","@version":"1","message":"Sep 14 00:28:45 honeypot-sgp-1 sshd[12104]: Disconnecting invalid user sweex 81.17.25.50 port 14898: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:29:21.018Z","@version":"1","message":"Sep 14 00:29:20 honeypot-sgp-1 sshd[12110]: Disconnecting invalid user  81.17.25.50 port 53601: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:29:36.025Z","@version":"1","message":"Sep 14 00:29:35 honeypot-sgp-1 sshd[12116]: Disconnecting invalid user ubnt 81.17.25.50 port 32247: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:36 honeypot-ams-1 sshd[16722]: Received disconnect from 177.24.46.4 port 35351:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:36.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:40 honeypot-ams-1 sshd[16726]: Disconnected from authenticating user root 177.24.46.4 port 35441 [preauth]","@timestamp":"2022-09-14T00:29:40.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:46 honeypot-ams-1 sshd[16732]: Disconnected from authenticating user root 177.24.46.4 port 35614 [preauth]","@timestamp":"2022-09-14T00:29:47.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:52 honeypot-ams-1 sshd[16738]: Disconnected from authenticating user root 177.24.46.4 port 35737 [preauth]","@timestamp":"2022-09-14T00:29:53.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:00 honeypot-ams-1 sshd[16744]: Disconnected from authenticating user root 177.24.46.4 port 35938 [preauth]","@timestamp":"2022-09-14T00:30:00.655Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:06 honeypot-ams-1 sshd[16750]: Disconnected from authenticating user root 177.24.46.4 port 36094 [preauth]","@timestamp":"2022-09-14T00:30:06.660Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:11 honeypot-ams-1 sshd[16756]: Disconnected from authenticating user root 177.24.46.4 port 36228 [preauth]","@timestamp":"2022-09-14T00:30:11.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:17 honeypot-ams-1 sshd[16762]: Disconnected from authenticating user root 177.24.46.4 port 36393 [preauth]","@timestamp":"2022-09-14T00:30:17.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:23 honeypot-ams-1 sshd[16768]: Disconnected from authenticating user root 177.24.46.4 port 36520 [preauth]","@timestamp":"2022-09-14T00:30:23.671Z"}
{"@timestamp":"2022-09-14T00:30:24.047Z","@version":"1","message":"Sep 14 00:30:23 honeypot-sgp-1 sshd[12124]: Invalid user amdin from 81.17.25.50 port 12028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:30:35.053Z","@version":"1","message":"Sep 14 00:30:34 honeypot-sgp-1 sshd[12130]: Invalid user admin from 81.17.25.50 port 4013","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:37 honeypot-ams-1 sshd[16775]: Disconnected from authenticating user root 177.24.46.4 port 36767 [preauth]","@timestamp":"2022-09-14T00:30:37.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:30:44 honeypot-fra-1 sshd[7600]: Invalid user nj from 111.93.38.34 port 39234","@timestamp":"2022-09-14T00:30:45.419Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:52 honeypot-ams-1 sshd[16781]: Received disconnect from 177.24.46.4 port 37161:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:52.689Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:00 honeypot-ams-1 sshd[16787]: Received disconnect from 177.24.46.4 port 37355:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:00.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:07 honeypot-ams-1 sshd[16793]: Invalid user admin from 177.24.46.4 port 37563","@timestamp":"2022-09-14T00:31:08.700Z"}
{"@timestamp":"2022-09-14T00:31:10.070Z","@version":"1","message":"Sep 14 00:31:10 honeypot-sgp-1 sshd[12136]: Invalid user admin from 81.17.25.50 port 11007","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:11 honeypot-ams-1 sshd[16797]: Invalid user admin from 177.24.46.4 port 37647","@timestamp":"2022-09-14T00:31:11.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:15 honeypot-ams-1 sshd[16801]: Invalid user admin from 177.24.46.4 port 37735","@timestamp":"2022-09-14T00:31:15.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:19 honeypot-ams-1 sshd[16805]: Invalid user admin from 177.24.46.4 port 37844","@timestamp":"2022-09-14T00:31:19.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:23 honeypot-ams-1 sshd[16809]: Invalid user admin from 177.24.46.4 port 37918","@timestamp":"2022-09-14T00:31:23.711Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:31:27 honeypot-ams-1 kernel: [83992070.814569] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.136.194.68 DST=178.62.254.91 LEN=60 TOS=0x08 PREC=0x00 TTL=47 ID=14768 DF PROTO=TCP SPT=42028 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:31:27.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:31 honeypot-ams-1 sshd[16817]: Received disconnect from 177.24.46.4 port 38116:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:31.716Z"}
{"@timestamp":"2022-09-14T00:31:32.080Z","@version":"1","message":"Sep 14 00:31:31 honeypot-sgp-1 sshd[12142]: Received disconnect from 144.64.1.83 port 57084:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:35 honeypot-ams-1 sshd[16821]: Received disconnect from 177.24.46.4 port 38202:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:35.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:38 honeypot-ams-1 sshd[16825]: Received disconnect from 177.24.46.4 port 38302:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:39.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:43 honeypot-ams-1 sshd[16829]: Received disconnect from 177.24.46.4 port 38384:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:43.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:47 honeypot-ams-1 sshd[16833]: Invalid user volumio from 177.24.46.4 port 38506","@timestamp":"2022-09-14T00:31:47.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:49 honeypot-ams-1 sshd[16835]: Disconnected from invalid user oracle 177.24.46.4 port 38555 [preauth]","@timestamp":"2022-09-14T00:31:49.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:52 honeypot-ams-1 sshd[16839]: Disconnected from invalid user postgres 177.24.46.4 port 38635 [preauth]","@timestamp":"2022-09-14T00:31:53.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:56 honeypot-ams-1 sshd[16843]: Disconnected from invalid user support 177.24.46.4 port 38735 [preauth]","@timestamp":"2022-09-14T00:31:56.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:00 honeypot-ams-1 sshd[16847]: Disconnected from invalid user ubuntu 177.24.46.4 port 38836 [preauth]","@timestamp":"2022-09-14T00:32:00.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:03 honeypot-ams-1 sshd[16851]: Disconnected from invalid user ubuntu 177.24.46.4 port 38911 [preauth]","@timestamp":"2022-09-14T00:32:04.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:07 honeypot-ams-1 sshd[16855]: Disconnected from invalid user guest 177.24.46.4 port 39013 [preauth]","@timestamp":"2022-09-14T00:32:08.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:11 honeypot-ams-1 sshd[16859]: Disconnected from invalid user cirros 177.24.46.4 port 39097 [preauth]","@timestamp":"2022-09-14T00:32:11.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:33:05 honeypot-fra-1 sshd[7607]: Received disconnect from 138.68.148.157 port 55076:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:33:05.474Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:33:10.120Z","@version":"1","message":"Sep 14 00:33:09 honeypot-sgp-1 sshd[12149]: Connection closed by 192.241.208.150 port 38668 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:35:52 honeypot-ams-1 sshd[16866]: Received disconnect from 61.177.172.104 port 21256:11:  [preauth]","@timestamp":"2022-09-14T00:35:53.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:05 honeypot-fra-1 sshd[7611]: Did not receive identification string from 141.255.162.226 port 32802","@timestamp":"2022-09-14T00:36:06.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:09 honeypot-fra-1 sshd[7614]: Disconnected from invalid user user 141.255.162.226 port 42968 [preauth]","@timestamp":"2022-09-14T00:36:09.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:13 honeypot-fra-1 sshd[7618]: Disconnected from invalid user user 141.255.162.226 port 41378 [preauth]","@timestamp":"2022-09-14T00:36:13.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:41 honeypot-fra-1 sshd[7624]: Disconnected from authenticating user root 178.172.173.123 port 36868 [preauth]","@timestamp":"2022-09-14T00:36:42.562Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:37:41.226Z","@version":"1","message":"Sep 14 00:37:40 honeypot-sgp-1 sshd[12159]: Invalid user guest from 179.60.147.69 port 42764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:38:59.260Z","@version":"1","message":"Sep 14 00:38:58 honeypot-sgp-1 sshd[12164]: Disconnected from authenticating user root 41.169.26.228 port 60282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:41:02 honeypot-ams-1 sshd[16876]: Invalid user guest from 179.60.147.69 port 3830","@timestamp":"2022-09-14T00:41:02.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:41:12 honeypot-fra-1 sshd[7631]: Received disconnect from 92.255.85.70 port 22010:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:41:12.666Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16890]: Invalid user nagios from 193.176.239.126 port 48284","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16904]: Invalid user guest from 193.176.239.126 port 48280","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16899]: Invalid user testuser from 193.176.239.126 port 48308","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16906]: Invalid user mysql from 193.176.239.126 port 48274","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16919]: Invalid user chia from 193.176.239.126 port 48342","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16887]: Connection closed by invalid user lighthouse 193.176.239.126 port 48326 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16886]: Connection closed by invalid user web 193.176.239.126 port 48290 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16915]: Invalid user testuser from 193.176.239.126 port 48278","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16921]: Connection closed by invalid user admin 193.176.239.126 port 48298 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16915]: Connection closed by invalid user testuser 193.176.239.126 port 48278 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@timestamp":"2022-09-14T00:45:41.419Z","@version":"1","message":"Sep 14 00:45:40 honeypot-sgp-1 sshd[12173]: Received disconnect from 80.91.223.117 port 36616:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:49:00 honeypot-ams-1 sshd[16958]: Received disconnect from 147.182.170.143 port 56232:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:49:01.203Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:50:25 honeypot-fra-1 kernel: [83991047.732241] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.60.133 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=54971 DF PROTO=TCP SPT=27098 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:50:25.875Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T00:50:38.536Z","@version":"1","message":"Sep 14 00:50:38 honeypot-sgp-1 sshd[12181]: Invalid user  from 64.62.197.17 port 11478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:54:57.639Z","@version":"1","message":"Sep 14 00:54:57 honeypot-sgp-1 sshd[12189]: Invalid user topomaps from 159.223.68.133 port 55218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:00:11 honeypot-fra-1 sshd[7641]: Connection closed by invalid user  64.62.197.92 port 61226 [preauth]","@timestamp":"2022-09-14T01:00:12.096Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:00:35 honeypot-ams-1 sshd[16966]: Received disconnect from 61.177.173.36 port 39906:11:  [preauth]","@timestamp":"2022-09-14T01:00:36.506Z"}
{"@timestamp":"2022-09-14T01:01:32.790Z","@version":"1","message":"Sep 14 01:01:32 honeypot-sgp-1 sshd[12200]: Received disconnect from 91.187.147.69 port 34748:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:43 honeypot-ams-1 sshd[16971]: Received disconnect from 45.61.186.249 port 54812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:02:44.565Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:02 honeypot-ams-1 sshd[16975]: Received disconnect from 45.61.186.249 port 49194:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:03:02.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:21 honeypot-ams-1 sshd[16979]: Received disconnect from 45.61.186.249 port 43582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:03:21.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:40 honeypot-ams-1 sshd[16983]: Received disconnect from 45.61.186.249 port 37960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:03:41.596Z"}
{"@timestamp":"2022-09-14T01:04:36.864Z","@version":"1","message":"Sep 14 01:04:36 honeypot-sgp-1 sshd[12205]: Disconnected from invalid user cloudadmin 185.231.245.49 port 49496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:05:19.884Z","@version":"1","message":"Sep 14 01:05:19 honeypot-sgp-1 sshd[12211]: Received disconnect from 41.59.100.34 port 33610:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:06:35 honeypot-ams-1 sshd[16986]: Disconnected from authenticating user root 61.177.173.53 port 63653 [preauth]","@timestamp":"2022-09-14T01:06:35.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:54 honeypot-ams-1 sshd[16994]: Disconnected from authenticating user root 175.4.209.29 port 32081 [preauth]","@timestamp":"2022-09-14T01:09:55.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:00 honeypot-ams-1 sshd[17000]: Received disconnect from 175.4.209.29 port 32229:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:00.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:06 honeypot-ams-1 sshd[17007]: Received disconnect from 175.4.209.29 port 32453:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:06.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:12 honeypot-ams-1 sshd[17013]: Received disconnect from 175.4.209.29 port 32614:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:12.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:18 honeypot-ams-1 sshd[17019]: Received disconnect from 175.4.209.29 port 32822:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:18.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:24 honeypot-ams-1 sshd[17025]: Received disconnect from 175.4.209.29 port 33008:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:25.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:31 honeypot-ams-1 sshd[17031]: Received disconnect from 175.4.209.29 port 33186:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:31.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:37 honeypot-ams-1 sshd[17037]: Received disconnect from 175.4.209.29 port 33410:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:37.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:43 honeypot-ams-1 sshd[17043]: Received disconnect from 175.4.209.29 port 33563:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:43.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:49 honeypot-ams-1 sshd[17049]: Received disconnect from 175.4.209.29 port 33767:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:49.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:22 honeypot-ams-1 sshd[17061]: Received disconnect from 175.4.209.29 port 30667:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:22.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:26 honeypot-ams-1 sshd[17067]: Invalid user admin from 175.4.209.29 port 30825","@timestamp":"2022-09-14T01:11:26.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:30 honeypot-ams-1 sshd[17071]: Invalid user admin from 175.4.209.29 port 30947","@timestamp":"2022-09-14T01:11:30.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:34 honeypot-ams-1 sshd[17075]: Invalid user admin from 175.4.209.29 port 31075","@timestamp":"2022-09-14T01:11:34.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:38 honeypot-ams-1 sshd[17079]: Invalid user admin from 175.4.209.29 port 31206","@timestamp":"2022-09-14T01:11:38.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:42 honeypot-ams-1 sshd[17083]: Invalid user admin from 175.4.209.29 port 31317","@timestamp":"2022-09-14T01:11:42.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:46 honeypot-ams-1 sshd[17087]: Invalid user user from 175.4.209.29 port 31445","@timestamp":"2022-09-14T01:11:46.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:50 honeypot-ams-1 sshd[17091]: Disconnected from authenticating user root 175.4.209.29 port 31556 [preauth]","@timestamp":"2022-09-14T01:11:50.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:54 honeypot-ams-1 sshd[17095]: Disconnected from invalid user pi 175.4.209.29 port 31719 [preauth]","@timestamp":"2022-09-14T01:11:54.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:59 honeypot-ams-1 sshd[17099]: Disconnected from invalid user ethos 175.4.209.29 port 31848 [preauth]","@timestamp":"2022-09-14T01:11:59.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:03 honeypot-ams-1 sshd[17103]: Disconnected from invalid user miner 175.4.209.29 port 32035 [preauth]","@timestamp":"2022-09-14T01:12:03.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:07 honeypot-ams-1 sshd[17107]: Disconnected from invalid user volumio 175.4.209.29 port 32180 [preauth]","@timestamp":"2022-09-14T01:12:08.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:14 honeypot-ams-1 sshd[17111]: Disconnected from invalid user nagios 175.4.209.29 port 32292 [preauth]","@timestamp":"2022-09-14T01:12:14.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:18 honeypot-ams-1 sshd[17115]: Disconnected from invalid user vagrant 175.4.209.29 port 32526 [preauth]","@timestamp":"2022-09-14T01:12:18.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:22 honeypot-ams-1 sshd[17119]: Disconnected from invalid user debian 175.4.209.29 port 32640 [preauth]","@timestamp":"2022-09-14T01:12:22.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:26 honeypot-ams-1 sshd[17123]: Disconnected from invalid user debian 175.4.209.29 port 32801 [preauth]","@timestamp":"2022-09-14T01:12:26.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:30 honeypot-ams-1 sshd[17127]: Disconnected from invalid user alarm 175.4.209.29 port 32923 [preauth]","@timestamp":"2022-09-14T01:12:30.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:34 honeypot-ams-1 sshd[17131]: Disconnected from invalid user test 175.4.209.29 port 33078 [preauth]","@timestamp":"2022-09-14T01:12:34.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:38 honeypot-ams-1 sshd[17135]: Disconnected from invalid user cirros 175.4.209.29 port 33202 [preauth]","@timestamp":"2022-09-14T01:12:38.875Z"}
{"@timestamp":"2022-09-14T01:12:46.065Z","@version":"1","message":"Sep 14 01:12:45 honeypot-sgp-1 kernel: [83994074.943509] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=22109 DF PROTO=TCP SPT=56044 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:14:03 honeypot-fra-1 kernel: [83992465.564692] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=17236 DF PROTO=TCP SPT=33428 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:14:04.404Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:15:06 honeypot-fra-1 sshd[7653]: Invalid user default from 179.60.147.69 port 14338","@timestamp":"2022-09-14T01:15:07.432Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:17:02.176Z","@version":"1","message":"Sep 14 01:17:01 honeypot-sgp-1 CRON[12223]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:17:20 honeypot-ams-1 kernel: [83994823.685125] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2495 DF PROTO=TCP SPT=33204 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:17:21.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:17:48 honeypot-fra-1 sshd[7660]: Disconnected from invalid user bbu 31.47.192.98 port 56506 [preauth]","@timestamp":"2022-09-14T01:17:49.495Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:18:21 honeypot-ams-1 sshd[17147]: Received disconnect from 104.248.116.140 port 41192:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:18:22.030Z"}
{"@timestamp":"2022-09-14T01:19:06.229Z","@version":"1","message":"Sep 14 01:19:05 honeypot-sgp-1 kernel: [83994454.936175] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.92.32.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=12176 PROTO=TCP SPT=58344 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:00 honeypot-fra-1 sshd[7663]: Disconnected from invalid user jimmy 80.91.223.118 port 33486 [preauth]","@timestamp":"2022-09-14T01:21:00.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:13 honeypot-fra-1 sshd[7669]: Connection closed by invalid user admin 128.199.160.207 port 58614 [preauth]","@timestamp":"2022-09-14T01:21:13.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:22:14 honeypot-ams-1 sshd[17153]: Received disconnect from 61.177.173.36 port 10416:11:  [preauth]","@timestamp":"2022-09-14T01:22:15.132Z"}
{"@timestamp":"2022-09-14T01:28:22.468Z","@version":"1","message":"Sep 14 01:28:21 honeypot-sgp-1 kernel: [83995011.246808] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.96.13.144 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=14438 DF PROTO=TCP SPT=54271 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:29:31 honeypot-fra-1 sshd[7676]: Connection closed by authenticating user root 103.188.176.251 port 40060 [preauth]","@timestamp":"2022-09-14T01:29:32.766Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:30:24 honeypot-ams-1 sshd[17164]: Disconnected from authenticating user root 92.255.85.70 port 49930 [preauth]","@timestamp":"2022-09-14T01:30:25.346Z"}
{"@timestamp":"2022-09-14T01:32:57.578Z","@version":"1","message":"Sep 14 01:32:57 honeypot-sgp-1 sshd[12241]: Invalid user webadmin from 104.248.251.225 port 36412","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:36:03 honeypot-ams-1 sshd[17171]: Received disconnect from 159.203.66.111 port 46290:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:36:04.498Z"}
{"@timestamp":"2022-09-14T01:37:16.682Z","@version":"1","message":"Sep 14 01:37:16 honeypot-sgp-1 sshd[12247]: Invalid user admin from 178.128.125.205 port 43576","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:37:25.686Z","@version":"1","message":"Sep 14 01:37:25 honeypot-sgp-1 sshd[12243]: Received disconnect from 61.177.173.46 port 34429:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:41:22 honeypot-ams-1 sshd[17180]: Did not receive identification string from 80.76.51.45 port 44130","@timestamp":"2022-09-14T01:41:22.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:00 honeypot-ams-1 sshd[17183]: Disconnected from invalid user admin 80.76.51.45 port 37760 [preauth]","@timestamp":"2022-09-14T01:42:00.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:45 honeypot-ams-1 sshd[17189]: Received disconnect from 80.76.51.45 port 43908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:42:45.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:43:29 honeypot-ams-1 sshd[17195]: Received disconnect from 80.76.51.45 port 50020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:43:30.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:44:14 honeypot-ams-1 sshd[17201]: Received disconnect from 80.76.51.45 port 56156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:44:14.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:44:43 honeypot-ams-1 sshd[17205]: Received disconnect from 80.76.51.45 port 50836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:44:44.779Z"}
{"@timestamp":"2022-09-14T01:47:31.928Z","@version":"1","message":"Sep 14 01:47:30 honeypot-sgp-1 sshd[12259]: Disconnected from authenticating user root 61.177.173.37 port 17697 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:48:08 honeypot-fra-1 kernel: [83994510.262205] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.104.9 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=12133 DF PROTO=TCP SPT=20622 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:48:09.199Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:51:48 honeypot-fra-1 sshd[7685]: Disconnected from authenticating user root 92.255.85.69 port 27572 [preauth]","@timestamp":"2022-09-14T01:51:48.285Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:53:14.068Z","@version":"1","message":"Sep 14 01:53:13 honeypot-sgp-1 sshd[12270]: Did not receive identification string from 45.61.186.49 port 57166","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:53:26 honeypot-ams-1 sshd[17214]: Disconnected from authenticating user root 92.255.85.70 port 20568 [preauth]","@timestamp":"2022-09-14T01:53:27.005Z"}
{"@timestamp":"2022-09-14T01:53:34.078Z","@version":"1","message":"Sep 14 01:53:33 honeypot-sgp-1 sshd[12275]: Disconnected from invalid user user 45.61.186.49 port 52670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:53:45.085Z","@version":"1","message":"Sep 14 01:53:44 honeypot-sgp-1 sshd[12279]: Disconnected from invalid user user 45.61.186.49 port 36084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:56:25 honeypot-ams-1 sshd[17220]: Disconnected from invalid user timemachine 89.22.165.187 port 26752 [preauth]","@timestamp":"2022-09-14T01:56:26.088Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:02:42 honeypot-fra-1 sshd[7691]: Received disconnect from 207.249.96.147 port 53560:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:02:43.536Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:24 honeypot-fra-1 sshd[7696]: Disconnected from authenticating user root 179.43.145.74 port 56220 [preauth]","@timestamp":"2022-09-14T02:04:24.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:50 honeypot-fra-1 sshd[7702]: Disconnected from authenticating user root 179.43.145.74 port 37114 [preauth]","@timestamp":"2022-09-14T02:04:50.591Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:05:02 honeypot-ams-1 sshd[17227]: Connection closed by 46.243.226.11 port 42998 [preauth]","@timestamp":"2022-09-14T02:05:02.315Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:06:13 honeypot-fra-1 sshd[7708]: Received disconnect from 179.43.145.74 port 55364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:06:13.625Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:06:28.410Z","@version":"1","message":"Sep 14 02:06:27 honeypot-sgp-1 kernel: [83997297.268293] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=87.246.7.194 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28172 PROTO=TCP SPT=58327 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:07:32 honeypot-fra-1 sshd[7712]: Received disconnect from 143.244.158.100 port 36870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:07:32.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:09:20 honeypot-fra-1 kernel: [83995782.611172] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=45147 DF PROTO=TCP SPT=63226 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:09:21.703Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:06 honeypot-fra-1 sshd[7723]: Received disconnect from 143.244.158.100 port 52770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:11:06.746Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:11:18 honeypot-ams-1 sshd[17236]: Disconnected from authenticating user root 61.177.173.51 port 20483 [preauth]","@timestamp":"2022-09-14T02:11:19.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:41 honeypot-fra-1 sshd[7727]: Disconnected from invalid user user1 135.125.10.56 port 35552 [preauth]","@timestamp":"2022-09-14T02:11:42.762Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:12:25.558Z","@version":"1","message":"Sep 14 02:12:25 honeypot-sgp-1 sshd[12298]: Received disconnect from 92.255.85.70 port 33090:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:46 honeypot-fra-1 sshd[7734]: Received disconnect from 143.244.158.100 port 36528:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:12:46.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:56 honeypot-fra-1 sshd[7738]: Received disconnect from 45.61.184.204 port 50844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:12:56.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:14 honeypot-fra-1 sshd[7742]: Received disconnect from 45.61.184.204 port 45708:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:13:15.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:32 honeypot-fra-1 sshd[7747]: Received disconnect from 45.61.184.204 port 40578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:13:33.815Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:41 honeypot-fra-1 sshd[7751]: Disconnected from invalid user user 45.61.184.204 port 52170 [preauth]","@timestamp":"2022-09-14T02:13:41.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:15:15 honeypot-fra-1 sshd[7757]: Disconnected from authenticating user root 143.244.158.100 port 50948 [preauth]","@timestamp":"2022-09-14T02:15:15.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:16:58 honeypot-fra-1 sshd[7763]: Disconnected from authenticating user root 143.244.158.100 port 48698 [preauth]","@timestamp":"2022-09-14T02:16:58.895Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:17:02.669Z","@version":"1","message":"Sep 14 02:17:01 honeypot-sgp-1 CRON[12303]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:17:27 honeypot-ams-1 sshd[17673]: Disconnected from authenticating user root 92.255.85.70 port 25968 [preauth]","@timestamp":"2022-09-14T02:17:27.638Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:18:37 honeypot-fra-1 sshd[7771]: Disconnected from authenticating user root 143.244.158.100 port 46886 [preauth]","@timestamp":"2022-09-14T02:18:37.936Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:18:55 honeypot-ams-1 sshd[17677]: Did not receive identification string from 58.77.199.182 port 51609","@timestamp":"2022-09-14T02:18:55.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:29 honeypot-fra-1 sshd[7776]: Disconnected from invalid user user 141.255.162.226 port 55004 [preauth]","@timestamp":"2022-09-14T02:19:29.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:31 honeypot-fra-1 sshd[7780]: Disconnected from invalid user user 141.255.162.226 port 39800 [preauth]","@timestamp":"2022-09-14T02:19:31.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:33 honeypot-fra-1 sshd[7784]: Disconnected from invalid user user 141.255.162.226 port 46318 [preauth]","@timestamp":"2022-09-14T02:19:33.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:37 honeypot-fra-1 sshd[7788]: Disconnected from invalid user user 141.255.162.226 port 33286 [preauth]","@timestamp":"2022-09-14T02:19:37.964Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:10 honeypot-ams-1 sshd[17685]: Received disconnect from 109.205.213.23 port 46698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:20:10.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:34 honeypot-ams-1 sshd[17691]: Received disconnect from 109.205.213.23 port 33536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:20:34.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:21:00 honeypot-ams-1 sshd[17697]: Received disconnect from 109.205.213.23 port 48604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:21:00.744Z"}
{"@timestamp":"2022-09-14T02:21:04.769Z","@version":"1","message":"Sep 14 02:21:04 honeypot-sgp-1 kernel: [83998173.797505] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.93.144.180 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=18535 PROTO=TCP SPT=41942 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:21:10 honeypot-fra-1 sshd[7792]: Disconnected from authenticating user root 143.244.158.100 port 40528 [preauth]","@timestamp":"2022-09-14T02:21:11.005Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:21:58 honeypot-ams-1 sshd[17701]: Received disconnect from 109.205.213.23 port 35442:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:21:58.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:22:17 honeypot-ams-1 sshd[17706]: Received disconnect from 109.205.213.23 port 36078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:22:17.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:22:56 honeypot-fra-1 sshd[7798]: Received disconnect from 143.244.158.100 port 48392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:22:57.049Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:23:46 honeypot-fra-1 sshd[7803]: Disconnected from authenticating user root 143.244.158.100 port 59166 [preauth]","@timestamp":"2022-09-14T02:23:47.070Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:26:19 honeypot-fra-1 sshd[7809]: Disconnected from authenticating user root 143.244.158.100 port 60472 [preauth]","@timestamp":"2022-09-14T02:26:20.132Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:26:58.914Z","@version":"1","message":"Sep 14 02:26:57 honeypot-sgp-1 sshd[12318]: Invalid user debian from 179.60.147.69 port 45874","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:28:06 honeypot-fra-1 sshd[7815]: Connection closed by invalid user debian 179.60.147.69 port 9544 [preauth]","@timestamp":"2022-09-14T02:28:07.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:28:23 honeypot-ams-1 sshd[17713]: Connection closed by invalid user test 193.106.191.157 port 42944 [preauth]","@timestamp":"2022-09-14T02:28:23.944Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:05 honeypot-ams-1 sshd[17718]: Disconnected from invalid user user 45.61.186.169 port 60972 [preauth]","@timestamp":"2022-09-14T02:29:05.966Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:22 honeypot-ams-1 sshd[17722]: Disconnected from invalid user user 45.61.186.169 port 55812 [preauth]","@timestamp":"2022-09-14T02:29:22.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:39 honeypot-ams-1 sshd[17726]: Invalid user user from 45.61.186.169 port 50676","@timestamp":"2022-09-14T02:29:39.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:55 honeypot-ams-1 sshd[17730]: Connection closed by 45.61.186.169 port 45528 [preauth]","@timestamp":"2022-09-14T02:29:55.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:30:37 honeypot-fra-1 sshd[7822]: Received disconnect from 143.244.158.100 port 48160:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:30:38.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:32:18 honeypot-fra-1 sshd[7827]: Disconnected from authenticating user root 143.244.158.100 port 48182 [preauth]","@timestamp":"2022-09-14T02:32:19.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:33:42 honeypot-ams-1 sshd[17735]: Received disconnect from 164.177.31.66 port 48690:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:33:43.098Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:34:30 honeypot-fra-1 sshd[7834]: Did not receive identification string from 34.92.211.177 port 34088","@timestamp":"2022-09-14T02:34:31.332Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:35:43.126Z","@version":"1","message":"Sep 14 02:35:42 honeypot-sgp-1 sshd[12323]: Disconnected from authenticating user root 92.255.85.70 port 21472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:35:47 honeypot-fra-1 sshd[7839]: Received disconnect from 143.244.158.100 port 45694:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:35:48.367Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:37:29 honeypot-fra-1 sshd[7843]: Disconnected from authenticating user root 143.244.158.100 port 45758 [preauth]","@timestamp":"2022-09-14T02:37:29.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:39:06 honeypot-fra-1 sshd[7850]: Received disconnect from 143.244.158.100 port 33612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:39:07.448Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:39:59 honeypot-ams-1 sshd[17742]: Received disconnect from 61.177.173.37 port 28006:11:  [preauth]","@timestamp":"2022-09-14T02:39:59.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:40:41 honeypot-ams-1 sshd[17746]: Received disconnect from 74.208.121.225 port 54148:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:40:41.280Z"}
{"@timestamp":"2022-09-14T02:40:53.254Z","@version":"1","message":"Sep 14 02:40:53 honeypot-sgp-1 sshd[12330]: Disconnected from invalid user reginaldo 200.7.168.217 port 35224 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:12 honeypot-ams-1 sshd[17751]: Disconnected from authenticating user root 109.205.213.23 port 56646 [preauth]","@timestamp":"2022-09-14T02:41:13.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:27 honeypot-ams-1 sshd[17757]: Disconnected from authenticating user root 109.205.213.23 port 56158 [preauth]","@timestamp":"2022-09-14T02:41:28.308Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:41:38 honeypot-fra-1 sshd[7856]: Received disconnect from 143.244.158.100 port 55072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:41:39.508Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:52 honeypot-ams-1 sshd[17763]: Disconnected from authenticating user root 109.205.213.23 port 41308 [preauth]","@timestamp":"2022-09-14T02:41:52.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:42:29 honeypot-ams-1 sshd[17769]: Disconnected from authenticating user root 109.205.213.23 port 54690 [preauth]","@timestamp":"2022-09-14T02:42:29.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:43:16 honeypot-ams-1 sshd[17775]: Invalid user admin from 109.205.213.23 port 39842","@timestamp":"2022-09-14T02:43:16.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:44:09 honeypot-fra-1 sshd[7863]: Received disconnect from 143.244.158.100 port 60978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:44:10.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:45:57 honeypot-fra-1 sshd[7867]: Received disconnect from 143.244.158.100 port 56718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:45:57.612Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:47:36 honeypot-ams-1 sshd[17782]: Invalid user test from 193.106.191.157 port 56492","@timestamp":"2022-09-14T02:47:37.511Z"}
{"@timestamp":"2022-09-14T02:47:51.427Z","@version":"1","message":"Sep 14 02:47:51 honeypot-sgp-1 sshd[12340]: Invalid user ubuntu from 43.132.121.97 port 57142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:48:28 honeypot-fra-1 sshd[7873]: Received disconnect from 143.244.158.100 port 53748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:48:28.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:49:39 honeypot-fra-1 sshd[7878]: Disconnected from invalid user kundert 165.22.45.108 port 40058 [preauth]","@timestamp":"2022-09-14T02:49:39.700Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:51:44 honeypot-ams-1 sshd[17789]: Disconnected from authenticating user root 61.177.173.50 port 20052 [preauth]","@timestamp":"2022-09-14T02:51:44.628Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:51:50 honeypot-fra-1 kernel: [83998332.431505] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=31253 PROTO=TCP SPT=32083 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:51:50.754Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T02:53:10.558Z","@version":"1","message":"Sep 14 02:53:10 honeypot-sgp-1 sshd[12344]: Disconnected from invalid user aldin 159.223.225.146 port 34666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:53:36 honeypot-fra-1 sshd[7888]: Disconnected from authenticating user root 143.244.158.100 port 43582 [preauth]","@timestamp":"2022-09-14T02:53:36.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:58:46.723Z","@version":"1","message":"Sep 14 02:58:46 honeypot-sgp-1 sshd[12351]: Received disconnect from 92.255.85.70 port 15950:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:00:50 honeypot-ams-1 kernel: [84001034.263421] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=26230 PROTO=TCP SPT=43459 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:00:51.885Z"}
{"@timestamp":"2022-09-14T03:01:19.790Z","@version":"1","message":"Sep 14 03:01:19 honeypot-sgp-1 kernel: [84000588.569161] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=2355 DF PROTO=TCP SPT=52883 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:01:36 honeypot-fra-1 kernel: [83998918.308628] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24466 PROTO=TCP SPT=43563 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:01:36.986Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:04:27 honeypot-fra-1 sshd[7898]: Connection closed by invalid user admin 179.60.147.69 port 64640 [preauth]","@timestamp":"2022-09-14T03:04:28.057Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:06:40 honeypot-ams-1 sshd[17802]: Connection closed by invalid user admin 179.60.147.69 port 38620 [preauth]","@timestamp":"2022-09-14T03:06:41.050Z"}
{"@timestamp":"2022-09-14T03:07:29.942Z","@version":"1","message":"Sep 14 03:07:29 honeypot-sgp-1 kernel: [84000958.686933] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40760 PROTO=TCP SPT=44844 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:10:50 honeypot-fra-1 kernel: [83999472.257001] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.156 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=60960 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:10:51.201Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T03:13:41.093Z","@version":"1","message":"Sep 14 03:13:40 honeypot-sgp-1 sshd[12368]: Received disconnect from 45.61.186.49 port 53688:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:13:52.098Z","@version":"1","message":"Sep 14 03:13:51 honeypot-sgp-1 sshd[12372]: Received disconnect from 45.61.186.49 port 37054:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:14:18 honeypot-ams-1 kernel: [84001842.018302] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.96.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43111 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:14:19.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:30 honeypot-fra-1 sshd[7909]: Did not receive identification string from 179.43.156.143 port 35432","@timestamp":"2022-09-14T03:14:31.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:48 honeypot-fra-1 sshd[7912]: Invalid user user from 45.61.184.204 port 35808","@timestamp":"2022-09-14T03:14:49.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:05 honeypot-fra-1 sshd[7916]: Invalid user user from 45.61.184.204 port 59152","@timestamp":"2022-09-14T03:15:06.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:13 honeypot-fra-1 sshd[7918]: Received disconnect from 45.61.184.204 port 42604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:15:14.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:54 honeypot-fra-1 sshd[7924]: Received disconnect from 179.43.156.143 port 34752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:15:54.328Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:17:02.179Z","@version":"1","message":"Sep 14 03:17:01 honeypot-sgp-1 CRON[12378]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:17:16 honeypot-ams-1 sshd[17824]: Disconnected from authenticating user root 61.177.173.36 port 28326 [preauth]","@timestamp":"2022-09-14T03:17:17.338Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:17:16 honeypot-fra-1 sshd[7931]: Received disconnect from 179.43.156.143 port 55154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:17:17.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:19:19 honeypot-fra-1 sshd[7938]: Invalid user nutanix from 179.43.156.143 port 43384","@timestamp":"2022-09-14T03:19:20.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:19:59 honeypot-fra-1 sshd[7940]: Disconnected from invalid user ossuser 179.43.156.143 port 39412 [preauth]","@timestamp":"2022-09-14T03:20:00.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:21:37.293Z","@version":"1","message":"Sep 14 03:21:36 honeypot-sgp-1 sshd[12384]: Disconnected from authenticating user root 193.8.210.136 port 45544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:22:01 honeypot-fra-1 sshd[7946]: Received disconnect from 179.43.156.143 port 55910:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:22:02.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:23:22 honeypot-fra-1 sshd[7950]: Disconnected from authenticating user root 179.43.156.143 port 48104 [preauth]","@timestamp":"2022-09-14T03:23:22.522Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:23:30.342Z","@version":"1","message":"Sep 14 03:23:29 honeypot-sgp-1 sshd[12390]: Received disconnect from 42.200.66.164 port 45194:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:25:05 honeypot-fra-1 sshd[7958]: Disconnected from authenticating user root 92.255.85.70 port 46848 [preauth]","@timestamp":"2022-09-14T03:25:06.563Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:27:23 honeypot-ams-1 sshd[17834]: Received disconnect from 92.255.85.69 port 52664:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:27:23.600Z"}
{"@timestamp":"2022-09-14T03:28:34.469Z","@version":"1","message":"Sep 14 03:28:33 honeypot-sgp-1 sshd[12395]: Received disconnect from 89.163.178.15 port 36214:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:31:56.553Z","@version":"1","message":"Sep 14 03:31:55 honeypot-sgp-1 sshd[12401]: Disconnected from authenticating user root 14.97.69.254 port 23210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:32:08 honeypot-fra-1 sshd[7963]: Disconnected from invalid user developer 80.87.83.58 port 46384 [preauth]","@timestamp":"2022-09-14T03:32:08.711Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:32:49 honeypot-ams-1 sshd[17840]: Received disconnect from 61.177.173.51 port 56446:11:  [preauth]","@timestamp":"2022-09-14T03:32:49.744Z"}
{"@timestamp":"2022-09-14T03:36:11.659Z","@version":"1","message":"Sep 14 03:36:11 honeypot-sgp-1 kernel: [84002680.825784] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.212 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44667 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:37:10 honeypot-fra-1 sshd[7968]: Invalid user 54.168.45.132 from 154.70.208.66 port 55164","@timestamp":"2022-09-14T03:37:11.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:37:12 honeypot-ams-1 kernel: [84003216.020850] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=62345 PROTO=TCP SPT=12974 DPT=80 WINDOW=31470 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:37:12.859Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:38:51 honeypot-fra-1 kernel: [84001153.505979] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.242.217.94 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=27654 PROTO=TCP SPT=52409 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:38:52.873Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:39:03 honeypot-ams-1 kernel: [84003326.659989] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=63628 PROTO=TCP SPT=48325 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:39:03.911Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:22 honeypot-fra-1 sshd[7973]: Received disconnect from 198.98.61.9 port 56806:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:40:22.910Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:40:32.769Z","@version":"1","message":"Sep 14 03:40:32 honeypot-sgp-1 sshd[12414]: Invalid user centos from 179.60.147.69 port 20342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:40 honeypot-fra-1 sshd[7977]: Received disconnect from 198.98.61.9 port 51276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:40:40.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:41:01 honeypot-fra-1 sshd[7981]: Received disconnect from 198.98.61.9 port 45796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:41:01.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:41:42 honeypot-fra-1 sshd[7985]: Connection closed by invalid user centos 179.60.147.69 port 16158 [preauth]","@timestamp":"2022-09-14T03:41:42.943Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:51:00 honeypot-ams-1 sshd[17856]: Received disconnect from 92.255.85.70 port 31002:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:51:01.219Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:07 honeypot-fra-1 sshd[8012]: Received disconnect from 115.92.154.46 port 65422:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:51:08.172Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:25 honeypot-fra-1 sshd[8016]: Received disconnect from 60.199.224.55 port 56942:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:51:26.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:54:33 honeypot-ams-1 sshd[17861]: Connection closed by invalid user user 103.188.176.251 port 34688 [preauth]","@timestamp":"2022-09-14T03:54:34.316Z"}
{"@timestamp":"2022-09-14T03:55:03.130Z","@version":"1","message":"Sep 14 03:55:02 honeypot-sgp-1 sshd[12422]: Received disconnect from 61.177.173.36 port 15468:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:58:48 honeypot-fra-1 sshd[8023]: Connection closed by invalid user user 103.188.176.251 port 35872 [preauth]","@timestamp":"2022-09-14T03:58:49.348Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:03:36.339Z","@version":"1","message":"Sep 14 04:03:36 honeypot-sgp-1 sshd[12434]: Received disconnect from 206.81.0.243 port 45574:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:04:46 honeypot-ams-1 kernel: [84004869.772379] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=23298 DF PROTO=TCP SPT=58018 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T04:04:46.579Z"}
{"@timestamp":"2022-09-14T04:05:41.393Z","@version":"1","message":"Sep 14 04:05:41 honeypot-sgp-1 sshd[12438]: Invalid user gaurav from 144.24.190.159 port 53544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:08:31 honeypot-fra-1 sshd[8029]: Disconnected from authenticating user root 43.245.185.66 port 57416 [preauth]","@timestamp":"2022-09-14T04:08:32.576Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:08:56.475Z","@version":"1","message":"Sep 14 04:08:56 honeypot-sgp-1 sshd[12441]: Disconnected from authenticating user root 92.255.85.70 port 58684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:12:26 honeypot-fra-1 sshd[8034]: Disconnected from invalid user kalista 167.99.55.86 port 60482 [preauth]","@timestamp":"2022-09-14T04:12:27.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:13:56 honeypot-fra-1 sshd[8038]: Received disconnect from 178.128.165.94 port 59342:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:13:56.703Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:15:27 honeypot-ams-1 kernel: [84005510.596568] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.6.141 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13400 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:15:27.857Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:17:01 honeypot-fra-1 CRON[8043]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T04:17:01.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:21:52 honeypot-fra-1 sshd[8050]: Disconnected from authenticating user root 40.75.92.48 port 36078 [preauth]","@timestamp":"2022-09-14T04:21:52.883Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:23:47.838Z","@version":"1","message":"Sep 14 04:23:47 honeypot-sgp-1 sshd[12451]: Invalid user admin from 128.199.32.98 port 57062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:35 honeypot-ams-1 sshd[17883]: Received disconnect from 121.25.250.163 port 58226:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:36.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:39 honeypot-ams-1 sshd[17887]: Disconnected from authenticating user root 121.25.250.163 port 36620 [preauth]","@timestamp":"2022-09-14T04:25:40.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:45 honeypot-ams-1 sshd[17893]: Disconnected from authenticating user root 121.25.250.163 port 58134 [preauth]","@timestamp":"2022-09-14T04:25:46.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:50 honeypot-ams-1 sshd[17899]: Disconnected from authenticating user root 121.25.250.163 port 49036 [preauth]","@timestamp":"2022-09-14T04:25:51.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:58 honeypot-ams-1 sshd[17905]: Disconnected from authenticating user root 121.25.250.163 port 44356 [preauth]","@timestamp":"2022-09-14T04:25:59.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:10 honeypot-ams-1 sshd[17911]: Disconnected from authenticating user root 121.25.250.163 port 50506 [preauth]","@timestamp":"2022-09-14T04:26:10.136Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:19 honeypot-ams-1 sshd[17917]: Disconnected from authenticating user root 121.25.250.163 port 39970 [preauth]","@timestamp":"2022-09-14T04:26:20.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:25 honeypot-ams-1 sshd[17923]: Disconnected from authenticating user root 121.25.250.163 port 41622 [preauth]","@timestamp":"2022-09-14T04:26:26.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:32 honeypot-ams-1 sshd[17929]: Disconnected from authenticating user root 121.25.250.163 port 50128 [preauth]","@timestamp":"2022-09-14T04:26:33.150Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:40 honeypot-ams-1 sshd[17935]: Disconnected from authenticating user root 121.25.250.163 port 47620 [preauth]","@timestamp":"2022-09-14T04:26:41.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:48 honeypot-ams-1 sshd[17941]: Disconnected from authenticating user root 121.25.250.163 port 56658 [preauth]","@timestamp":"2022-09-14T04:26:49.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:56 honeypot-ams-1 sshd[17947]: Disconnected from authenticating user root 121.25.250.163 port 43944 [preauth]","@timestamp":"2022-09-14T04:26:57.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:02 honeypot-ams-1 sshd[17953]: Received disconnect from 121.25.250.163 port 46386:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:03.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:05 honeypot-ams-1 sshd[17957]: Received disconnect from 121.25.250.163 port 46808:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:06.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:11 honeypot-ams-1 sshd[17961]: Received disconnect from 121.25.250.163 port 34120:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:11.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:15 honeypot-ams-1 sshd[17965]: Received disconnect from 121.25.250.163 port 56008:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:16.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:21 honeypot-ams-1 sshd[17969]: Received disconnect from 121.25.250.163 port 33462:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:22.182Z"}
{"@timestamp":"2022-09-14T04:27:23.928Z","@version":"1","message":"Sep 14 04:27:23 honeypot-sgp-1 sshd[12456]: Invalid user user from 141.144.193.76 port 47430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:27 honeypot-ams-1 sshd[17973]: Received disconnect from 121.25.250.163 port 57004:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:28.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:35 honeypot-ams-1 sshd[17979]: Invalid user pi from 121.25.250.163 port 50410","@timestamp":"2022-09-14T04:27:36.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:39 honeypot-ams-1 sshd[17983]: Invalid user user from 121.25.250.163 port 33968","@timestamp":"2022-09-14T04:27:40.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:42 honeypot-ams-1 sshd[17987]: Invalid user mine from 121.25.250.163 port 33426","@timestamp":"2022-09-14T04:27:43.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:48 honeypot-ams-1 sshd[17991]: Invalid user xbmc from 121.25.250.163 port 38024","@timestamp":"2022-09-14T04:27:49.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:55 honeypot-ams-1 sshd[17995]: Invalid user oracle from 121.25.250.163 port 35366","@timestamp":"2022-09-14T04:27:56.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:01 honeypot-ams-1 sshd[17999]: Invalid user postgres from 121.25.250.163 port 37322","@timestamp":"2022-09-14T04:28:01.207Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:09 honeypot-ams-1 sshd[18003]: Invalid user support from 121.25.250.163 port 39258","@timestamp":"2022-09-14T04:28:09.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:14 honeypot-ams-1 sshd[18007]: Invalid user ubuntu from 121.25.250.163 port 41380","@timestamp":"2022-09-14T04:28:15.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:18 honeypot-ams-1 sshd[18011]: Invalid user ubuntu from 121.25.250.163 port 56446","@timestamp":"2022-09-14T04:28:18.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:23 honeypot-ams-1 sshd[18015]: Invalid user guest from 121.25.250.163 port 34772","@timestamp":"2022-09-14T04:28:24.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:28 honeypot-ams-1 sshd[18019]: Invalid user cirros from 121.25.250.163 port 57818","@timestamp":"2022-09-14T04:28:29.226Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:28:34 honeypot-ams-1 kernel: [84006297.716477] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=129.153.212.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=48889 PROTO=TCP SPT=26468 DPT=80 WINDOW=44238 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:28:35.230Z"}
{"@timestamp":"2022-09-14T04:28:46.965Z","@version":"1","message":"Sep 14 04:28:46 honeypot-sgp-1 kernel: [84005835.342428] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.6.15 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=55694 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:35:40 honeypot-fra-1 sshd[8056]: Disconnected from authenticating user root 92.255.85.70 port 20898 [preauth]","@timestamp":"2022-09-14T04:35:41.191Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:37:50 honeypot-ams-1 sshd[18026]: Disconnected from authenticating user root 92.255.85.69 port 63544 [preauth]","@timestamp":"2022-09-14T04:37:51.466Z"}
{"@timestamp":"2022-09-14T04:39:11.221Z","@version":"1","message":"Sep 14 04:39:10 honeypot-sgp-1 sshd[12465]: Invalid user marco from 144.24.178.128 port 56870","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:44:40 honeypot-ams-1 sshd[18029]: Connection closed by invalid user admin 148.153.82.141 port 35586 [preauth]","@timestamp":"2022-09-14T04:44:40.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:44:40 honeypot-ams-1 sshd[18035]: Connection closed by invalid user admin 148.153.82.141 port 35610 [preauth]","@timestamp":"2022-09-14T04:44:41.645Z"}
{"@timestamp":"2022-09-14T04:46:34.403Z","@version":"1","message":"Sep 14 04:46:33 honeypot-sgp-1 sshd[12470]: Invalid user visitante from 183.82.96.133 port 37928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:47:52 honeypot-fra-1 sshd[8066]: Invalid user user from 45.61.186.249 port 55878","@timestamp":"2022-09-14T04:47:53.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:10 honeypot-fra-1 sshd[8070]: Invalid user user from 45.61.186.249 port 50550","@timestamp":"2022-09-14T04:48:11.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:28 honeypot-fra-1 sshd[8074]: Invalid user user from 45.61.186.249 port 45228","@timestamp":"2022-09-14T04:48:29.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:37 honeypot-fra-1 sshd[8077]: Disconnected from invalid user user 45.61.186.249 port 56666 [preauth]","@timestamp":"2022-09-14T04:48:37.486Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:54:21.593Z","@version":"1","message":"Sep 14 04:54:21 honeypot-sgp-1 kernel: [84007370.140102] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.250.253.30 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=10635 PROTO=TCP SPT=58991 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:59:28 honeypot-fra-1 sshd[8087]: Disconnected from authenticating user root 92.255.85.69 port 39528 [preauth]","@timestamp":"2022-09-14T04:59:28.730Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:10:57 honeypot-ams-1 sshd[18042]: Invalid user test from 193.106.191.157 port 58784","@timestamp":"2022-09-14T05:10:58.307Z"}
{"@timestamp":"2022-09-14T05:12:19.024Z","@version":"1","message":"Sep 14 05:12:19 honeypot-sgp-1 kernel: [84008448.131788] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.93.232 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40080 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:12:21 honeypot-fra-1 sshd[8091]: Received disconnect from 165.22.45.108 port 55008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T05:12:22.019Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:18:33 honeypot-ams-1 kernel: [84009296.478375] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.89 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51108 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:18:33.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:19:45 honeypot-fra-1 kernel: [84007206.625334] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=25276 PROTO=TCP SPT=49432 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:19:46.186Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T05:23:51.300Z","@version":"1","message":"Sep 14 05:23:51 honeypot-sgp-1 kernel: [84009140.342403] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.38.12.14 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=50121 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:25:14 honeypot-ams-1 sshd[18054]: Received disconnect from 92.255.85.69 port 28378:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:25:15.677Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:26:40 honeypot-ams-1 kernel: [84009783.347077] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.125.34.196 DST=178.62.254.91 LEN=48 TOS=0x08 PREC=0x40 TTL=113 ID=17775 DF PROTO=TCP SPT=51900 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:26:40.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:27:42 honeypot-fra-1 sshd[8101]: Disconnected from authenticating user root 167.172.58.10 port 57206 [preauth]","@timestamp":"2022-09-14T05:27:43.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T05:30:55.469Z","@version":"1","message":"Sep 14 05:30:55 honeypot-sgp-1 sshd[12487]: Disconnected from invalid user user 45.61.184.204 port 50248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:15.480Z","@version":"1","message":"Sep 14 05:31:15 honeypot-sgp-1 sshd[12491]: Disconnected from invalid user user 45.61.184.204 port 45318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:33.488Z","@version":"1","message":"Sep 14 05:31:32 honeypot-sgp-1 sshd[12495]: Disconnected from invalid user user 45.61.184.204 port 40392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:49.496Z","@version":"1","message":"Sep 14 05:31:49 honeypot-sgp-1 sshd[12499]: Disconnected from invalid user user 45.61.184.204 port 35466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:40:38.726Z","@version":"1","message":"Sep 14 05:40:38 honeypot-sgp-1 kernel: [84010147.663935] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=38552 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:40:38 honeypot-fra-1 sshd[8107]: Invalid user test from 193.106.191.157 port 57034","@timestamp":"2022-09-14T05:40:39.654Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:41:19 honeypot-ams-1 sshd[18060]: Disconnected from invalid user napoleon 157.52.184.32 port 35910 [preauth]","@timestamp":"2022-09-14T05:41:20.089Z"}
{"@timestamp":"2022-09-14T05:43:12.791Z","@version":"1","message":"Sep 14 05:43:12 honeypot-sgp-1 sshd[12510]: Received disconnect from 45.61.187.160 port 58814:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:29.799Z","@version":"1","message":"Sep 14 05:43:28 honeypot-sgp-1 sshd[12514]: Disconnected from authenticating user root 92.255.85.69 port 20754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:40.805Z","@version":"1","message":"Sep 14 05:43:40 honeypot-sgp-1 sshd[12518]: Disconnected from invalid user user 45.61.187.160 port 36700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:56.813Z","@version":"1","message":"Sep 14 05:43:56 honeypot-sgp-1 sshd[12522]: Disconnected from invalid user user 45.61.187.160 port 59596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:49:09 honeypot-ams-1 sshd[18063]: Disconnected from authenticating user root 92.255.85.70 port 57210 [preauth]","@timestamp":"2022-09-14T05:49:10.305Z"}
{"@timestamp":"2022-09-14T05:51:25.999Z","@version":"1","message":"Sep 14 05:51:25 honeypot-sgp-1 kernel: [84010794.999682] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.152.37.65 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49848 PROTO=TCP SPT=58953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:55:26 honeypot-fra-1 sshd[8116]: Disconnected from authenticating user root 64.227.103.202 port 41840 [preauth]","@timestamp":"2022-09-14T05:55:27.000Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:57:23 honeypot-ams-1 kernel: [84011627.210371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=18.189.61.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=40 ID=32571 PROTO=TCP SPT=7379 DPT=443 WINDOW=56106 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:57:24.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:59:49 honeypot-fra-1 sshd[8122]: Invalid user kundert from 165.22.45.108 port 59984","@timestamp":"2022-09-14T05:59:50.102Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:04:02 honeypot-ams-1 kernel: [84012025.507377] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12179 PROTO=TCP SPT=55204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:04:02.687Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:04:08 honeypot-fra-1 sshd[8126]: Disconnected from authenticating user root 148.66.132.190 port 45638 [preauth]","@timestamp":"2022-09-14T06:04:09.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:06:11 honeypot-ams-1 sshd[18082]: Disconnected from authenticating user root 143.244.158.100 port 35000 [preauth]","@timestamp":"2022-09-14T06:06:11.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:06:45 honeypot-fra-1 sshd[8131]: Disconnected from invalid user user 45.61.186.249 port 51086 [preauth]","@timestamp":"2022-09-14T06:06:46.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:04 honeypot-fra-1 sshd[8233]: Disconnected from invalid user user 45.61.186.249 port 45804 [preauth]","@timestamp":"2022-09-14T06:07:05.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:21 honeypot-fra-1 sshd[8237]: Disconnected from invalid user user 45.61.186.249 port 40512 [preauth]","@timestamp":"2022-09-14T06:07:22.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:39 honeypot-fra-1 sshd[8241]: Disconnected from invalid user user 45.61.186.249 port 35224 [preauth]","@timestamp":"2022-09-14T06:07:39.289Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:07:50 honeypot-ams-1 sshd[18089]: Disconnected from authenticating user root 143.244.158.100 port 41040 [preauth]","@timestamp":"2022-09-14T06:07:50.792Z"}
{"@timestamp":"2022-09-14T06:08:28.451Z","@version":"1","message":"Sep 14 06:08:27 honeypot-sgp-1 kernel: [84011816.782077] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=19173 PROTO=TCP SPT=55252 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:10:16 honeypot-ams-1 sshd[18095]: Received disconnect from 143.244.158.100 port 58510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:10:16.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:11:52 honeypot-ams-1 sshd[23795]: Received disconnect from 143.244.158.100 port 48514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:11:52.903Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:12:35 honeypot-fra-1 kernel: [84010376.385345] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61141 PROTO=TCP SPT=41459 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:12:35.401Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:13:29 honeypot-ams-1 sshd[23804]: Received disconnect from 143.244.158.100 port 53458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:13:29.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:14:16 honeypot-ams-1 sshd[23808]: Disconnected from authenticating user root 143.244.158.100 port 45436 [preauth]","@timestamp":"2022-09-14T06:14:16.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:15:56 honeypot-ams-1 sshd[23812]: Disconnected from authenticating user root 143.244.158.100 port 38364 [preauth]","@timestamp":"2022-09-14T06:15:57.019Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:16:21 honeypot-fra-1 kernel: [84010602.769331] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.237.145.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41000 PROTO=TCP SPT=56174 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:16:22.515Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T06:17:01.659Z","@version":"1","message":"Sep 14 06:17:01 honeypot-sgp-1 CRON[12533]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:17:40 honeypot-ams-1 sshd[23821]: Disconnected from authenticating user root 143.244.158.100 port 60894 [preauth]","@timestamp":"2022-09-14T06:17:40.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:20:07 honeypot-ams-1 sshd[23827]: Disconnected from authenticating user root 143.244.158.100 port 60760 [preauth]","@timestamp":"2022-09-14T06:20:08.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:21:38 honeypot-ams-1 sshd[23831]: Received disconnect from 2.204.77.74 port 42016:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:21:39.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:23:26 honeypot-ams-1 sshd[23838]: Received disconnect from 143.244.158.100 port 45850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:23:27.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:25:03 honeypot-ams-1 sshd[23938]: Disconnected from authenticating user root 143.244.158.100 port 35242 [preauth]","@timestamp":"2022-09-14T06:25:04.270Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:25:30 honeypot-fra-1 kernel: [84011151.953623] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=32531 DF PROTO=TCP SPT=1236 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:25:31.723Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:26:01 honeypot-ams-1 sshd[24019]: Connection closed by invalid user user1 103.188.176.251 port 38382 [preauth]","@timestamp":"2022-09-14T06:26:02.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:28:19 honeypot-ams-1 sshd[24026]: Received disconnect from 143.244.158.100 port 56868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:28:19.363Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:29:43 honeypot-ams-1 kernel: [84013566.841497] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.235.21.10 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=39184 DF PROTO=TCP SPT=56178 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:29:44.403Z"}
{"@timestamp":"2022-09-14T06:30:23.000Z","@version":"1","message":"Sep 14 06:30:22 honeypot-sgp-1 kernel: [84013131.423027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=223.71.167.164 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=111 ID=44350 PROTO=TCP SPT=38165 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:31:02 honeypot-ams-1 sshd[24034]: Disconnected from authenticating user root 143.244.158.100 port 37262 [preauth]","@timestamp":"2022-09-14T06:31:03.440Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:33:28 honeypot-fra-1 sshd[8393]: Received disconnect from 92.255.85.69 port 60234:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:33:28.904Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:33:33 honeypot-ams-1 sshd[24041]: Disconnected from authenticating user root 143.244.158.100 port 46862 [preauth]","@timestamp":"2022-09-14T06:33:33.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:35:50 honeypot-ams-1 sshd[24047]: Received disconnect from 92.255.85.70 port 26118:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:35:50.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:36:51 honeypot-ams-1 sshd[24051]: Received disconnect from 143.244.158.100 port 58248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:36:51.600Z"}
{"@timestamp":"2022-09-14T06:37:53.188Z","@version":"1","message":"Sep 14 06:37:52 honeypot-sgp-1 sshd[12691]: Invalid user user from 45.61.186.49 port 41106","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:38:01 honeypot-fra-1 sshd[8396]: Disconnected from invalid user devops 202.29.13.51 port 44614 [preauth]","@timestamp":"2022-09-14T06:38:02.007Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:38:02.193Z","@version":"1","message":"Sep 14 06:38:02 honeypot-sgp-1 sshd[12695]: Invalid user user from 45.61.186.49 port 52602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:39:05 honeypot-ams-1 sshd[24060]: Invalid user hadoop from 84.42.96.48 port 54732","@timestamp":"2022-09-14T06:39:06.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:40:06 honeypot-ams-1 sshd[24064]: Disconnected from authenticating user root 143.244.158.100 port 35188 [preauth]","@timestamp":"2022-09-14T06:40:06.690Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:40:33 honeypot-fra-1 sshd[8400]: ssh_dispatch_run_fatal: Connection from 88.88.97.30 port 42631: Connection corrupted [preauth]","@timestamp":"2022-09-14T06:40:34.066Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:41:08.271Z","@version":"1","message":"Sep 14 06:41:07 honeypot-sgp-1 sshd[12700]: Received disconnect from 45.61.186.49 port 40120:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:41:17.276Z","@version":"1","message":"Sep 14 06:41:16 honeypot-sgp-1 sshd[12704]: Received disconnect from 45.61.186.49 port 51698:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:42:37 honeypot-ams-1 sshd[24070]: Disconnected from authenticating user root 143.244.158.100 port 36056 [preauth]","@timestamp":"2022-09-14T06:42:37.757Z"}
{"@timestamp":"2022-09-14T06:43:22.328Z","@version":"1","message":"Sep 14 06:43:21 honeypot-sgp-1 kernel: [84013910.825276] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=29496 PROTO=TCP SPT=11932 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:45:03 honeypot-ams-1 sshd[24077]: Disconnected from authenticating user root 143.244.158.100 port 58336 [preauth]","@timestamp":"2022-09-14T06:45:03.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:47:30 honeypot-ams-1 sshd[24083]: Received disconnect from 143.244.158.100 port 58118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:47:30.892Z"}
{"@timestamp":"2022-09-14T06:54:19.605Z","@version":"1","message":"Sep 14 06:54:18 honeypot-sgp-1 sshd[12721]: Received disconnect from 92.255.85.69 port 61060:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:54:21 honeypot-ams-1 kernel: [84015044.325098] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40386 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:54:22.068Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:56:43 honeypot-fra-1 sshd[8406]: Disconnected from authenticating user root 92.255.85.69 port 31836 [preauth]","@timestamp":"2022-09-14T06:56:43.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:59:06.725Z","@version":"1","message":"Sep 14 06:59:06 honeypot-sgp-1 kernel: [84014855.884768] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=32384 DF PROTO=TCP SPT=61554 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:02:29 honeypot-fra-1 kernel: [84013370.360311] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=51752 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:02:29.558Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T07:03:30.832Z","@version":"1","message":"Sep 14 07:03:30 honeypot-sgp-1 kernel: [84015119.932918] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=40015 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:11:09 honeypot-fra-1 sshd[8418]: Invalid user monitor from 167.71.110.45 port 48458","@timestamp":"2022-09-14T07:11:10.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:12 honeypot-fra-1 sshd[8421]: Disconnected from invalid user user 141.255.162.226 port 41606 [preauth]","@timestamp":"2022-09-14T07:12:12.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:16 honeypot-fra-1 sshd[8425]: Received disconnect from 141.255.162.226 port 38666:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:12:16.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:18 honeypot-fra-1 sshd[8429]: Disconnected from invalid user user 141.255.162.226 port 44990 [preauth]","@timestamp":"2022-09-14T07:12:18.786Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:12:28 honeypot-ams-1 kernel: [84016131.694424] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.124.127.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=37959 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:12:28.530Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:53 honeypot-fra-1 sshd[8434]: Disconnected from invalid user intel 87.245.17.229 port 45558 [preauth]","@timestamp":"2022-09-14T07:12:53.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:17:01 honeypot-fra-1 CRON[8438]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T07:17:01.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:17:02.166Z","@version":"1","message":"Sep 14 07:17:01 honeypot-sgp-1 CRON[12833]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:07.169Z","@version":"1","message":"Sep 14 07:17:06 honeypot-sgp-1 sshd[12836]: Received disconnect from 45.61.186.49 port 47900:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:15.173Z","@version":"1","message":"Sep 14 07:17:15 honeypot-sgp-1 sshd[12840]: Received disconnect from 45.61.186.49 port 59096:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:19:27 honeypot-fra-1 sshd[8446]: Invalid user zhi from 34.231.32.12 port 47136","@timestamp":"2022-09-14T07:19:27.955Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:19:43 honeypot-ams-1 sshd[24097]: Received disconnect from 46.19.141.122 port 36978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:19:44.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:32 honeypot-ams-1 sshd[24102]: Received disconnect from 46.19.141.122 port 47892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:21:32.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:47 honeypot-ams-1 sshd[24106]: Received disconnect from 198.98.61.9 port 51476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:21:47.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:05 honeypot-ams-1 sshd[24111]: Received disconnect from 198.98.61.9 port 46744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:22:05.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:13 honeypot-ams-1 sshd[24115]: Received disconnect from 198.98.61.9 port 58462:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:22:14.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:30 honeypot-ams-1 sshd[24119]: Received disconnect from 198.98.61.9 port 53738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:22:30.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:51 honeypot-ams-1 sshd[24123]: Received disconnect from 46.19.141.122 port 58824:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:22:51.810Z"}
{"@timestamp":"2022-09-14T07:23:17.321Z","@version":"1","message":"Sep 14 07:23:17 honeypot-sgp-1 kernel: [84016306.213424] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50343 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:30 honeypot-ams-1 sshd[24127]: Disconnected from invalid user user 46.19.141.122 port 34230 [preauth]","@timestamp":"2022-09-14T07:23:30.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:24:04 honeypot-ams-1 sshd[24133]: Invalid user support from 46.19.141.122 port 41518","@timestamp":"2022-09-14T07:24:04.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:31:26 honeypot-fra-1 kernel: [84015107.827122] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.69.221.167 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=27520 PROTO=TCP SPT=45017 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:31:27.223Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:35:35 honeypot-fra-1 sshd[8453]: Received disconnect from 165.22.45.108 port 41684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:35:36.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:37:19 honeypot-ams-1 sshd[24139]: Invalid user admin from 221.160.105.162 port 44117","@timestamp":"2022-09-14T07:37:20.183Z"}
{"@timestamp":"2022-09-14T07:38:41.697Z","@version":"1","message":"Sep 14 07:38:40 honeypot-sgp-1 sshd[12849]: Invalid user user from 141.255.162.226 port 40324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:46.700Z","@version":"1","message":"Sep 14 07:38:45 honeypot-sgp-1 sshd[12853]: Invalid user user from 141.255.162.226 port 48174","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:49.702Z","@version":"1","message":"Sep 14 07:38:49 honeypot-sgp-1 sshd[12859]: Connection closed by 141.255.162.226 port 43560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:41:39 honeypot-fra-1 sshd[8460]: Received disconnect from 202.53.1.114 port 45072:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:41:40.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:45:03 honeypot-ams-1 sshd[24144]: Invalid user fgshiu from 149.56.102.60 port 38928","@timestamp":"2022-09-14T07:45:04.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:47:42 honeypot-fra-1 sshd[8465]: Disconnected from invalid user gesi 206.189.189.7 port 36378 [preauth]","@timestamp":"2022-09-14T07:47:42.588Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:48:03.925Z","@version":"1","message":"Sep 14 07:48:03 honeypot-sgp-1 kernel: [84017792.003514] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.107 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59354 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:48:24 honeypot-ams-1 kernel: [84018287.324939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.206.139.51 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=55444 PROTO=TCP SPT=40362 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:48:24.474Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:50:07 honeypot-fra-1 sshd[8470]: Received disconnect from 144.217.13.134 port 58260:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:50:08.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:20 honeypot-ams-1 sshd[24223]: Invalid user user from 45.61.184.204 port 36172","@timestamp":"2022-09-14T07:53:21.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:41 honeypot-ams-1 sshd[24228]: Invalid user user from 45.61.184.204 port 60326","@timestamp":"2022-09-14T07:53:41.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:54:00 honeypot-ams-1 sshd[24232]: Invalid user user from 45.61.184.204 port 56238","@timestamp":"2022-09-14T07:54:01.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:54:31 honeypot-ams-1 sshd[24236]: Invalid user test from 193.106.191.157 port 46254","@timestamp":"2022-09-14T07:54:31.639Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:00:42 honeypot-ams-1 kernel: [84019025.877293] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=8279 PROTO=TCP SPT=18842 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:00:42.802Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:03:26 honeypot-fra-1 sshd[8473]: Disconnected from authenticating user root 103.105.130.83 port 38946 [preauth]","@timestamp":"2022-09-14T08:03:26.951Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:05:19.343Z","@version":"1","message":"Sep 14 08:05:19 honeypot-sgp-1 sshd[12868]: Disconnected from authenticating user root 92.255.85.69 port 55036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:07:36 honeypot-fra-1 sshd[8478]: Disconnected from authenticating user root 92.255.85.69 port 50998 [preauth]","@timestamp":"2022-09-14T08:07:37.049Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:09:59 honeypot-ams-1 sshd[24243]: Received disconnect from 92.255.85.70 port 43082:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:10:00.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:14:51 honeypot-ams-1 sshd[24249]: Received disconnect from 45.61.186.49 port 33042:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:14:52.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:15:00 honeypot-ams-1 sshd[24253]: Received disconnect from 45.61.186.49 port 44298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:15:00.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:17:01 honeypot-ams-1 CRON[24260]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T08:17:01.235Z"}
{"@timestamp":"2022-09-14T08:17:01.629Z","@version":"1","message":"Sep 14 08:17:01 honeypot-sgp-1 CRON[12893]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:53 honeypot-ams-1 sshd[24264]: Received disconnect from 141.255.162.226 port 38202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:18:54.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:55 honeypot-ams-1 sshd[24268]: Received disconnect from 141.255.162.226 port 53914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:18:56.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:19:00 honeypot-ams-1 sshd[24272]: Received disconnect from 141.255.162.226 port 41436:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:19:00.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:20:57 honeypot-ams-1 sshd[24278]: Invalid user user from 45.61.186.169 port 44788","@timestamp":"2022-09-14T08:20:58.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:14 honeypot-ams-1 sshd[24282]: Invalid user user from 45.61.186.169 port 39502","@timestamp":"2022-09-14T08:21:15.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:30 honeypot-ams-1 sshd[24286]: Invalid user user from 45.61.186.169 port 34222","@timestamp":"2022-09-14T08:21:31.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:46 honeypot-ams-1 sshd[24290]: Invalid user user from 45.61.186.169 port 57158","@timestamp":"2022-09-14T08:21:47.374Z"}
{"@timestamp":"2022-09-14T08:24:45.818Z","@version":"1","message":"Sep 14 08:24:45 honeypot-sgp-1 sshd[12918]: Disconnected from invalid user marlon 138.68.9.83 port 48554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:27:44.893Z","@version":"1","message":"Sep 14 08:27:44 honeypot-sgp-1 sshd[12923]: Disconnected from invalid user standard 125.235.240.165 port 45928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:28:01 honeypot-fra-1 kernel: [84018501.973473] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=106.55.34.148 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=45671 DF PROTO=TCP SPT=56576 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:28:01.506Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T08:30:32.964Z","@version":"1","message":"Sep 14 08:30:32 honeypot-sgp-1 kernel: [84020341.841517] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.136.145 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=52572 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:31:12 honeypot-fra-1 sshd[8507]: Disconnected from authenticating user root 92.255.85.69 port 25402 [preauth]","@timestamp":"2022-09-14T08:31:12.585Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:34:15 honeypot-ams-1 sshd[24313]: Received disconnect from 92.255.85.70 port 40686:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:34:15.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:36:16 honeypot-ams-1 sshd[24318]: Disconnected from invalid user info 23.95.164.237 port 46978 [preauth]","@timestamp":"2022-09-14T08:36:16.746Z"}
{"@timestamp":"2022-09-14T08:38:11.160Z","@version":"1","message":"Sep 14 08:38:10 honeypot-sgp-1 sshd[12932]: Did not receive identification string from 141.255.162.226 port 46794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:36 honeypot-ams-1 sshd[24323]: Received disconnect from 141.255.162.226 port 53966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:38:36.809Z"}
{"@timestamp":"2022-09-14T08:38:37.174Z","@version":"1","message":"Sep 14 08:38:36 honeypot-sgp-1 sshd[12933]: Disconnected from invalid user user 141.255.162.226 port 47534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:37 honeypot-ams-1 sshd[24327]: Received disconnect from 141.255.162.226 port 49126:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:38:38.810Z"}
{"@timestamp":"2022-09-14T08:38:40.175Z","@version":"1","message":"Sep 14 08:38:40 honeypot-sgp-1 sshd[12939]: Disconnected from invalid user user 141.255.162.226 port 42676 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:38:42.176Z","@version":"1","message":"Sep 14 08:38:42 honeypot-sgp-1 sshd[12943]: Disconnected from invalid user user 141.255.162.226 port 55314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:41 honeypot-ams-1 sshd[24331]: Received disconnect from 141.255.162.226 port 36494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:38:42.813Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:47:31 honeypot-ams-1 kernel: [84021834.513338] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.228.47.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23833 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:47:32.041Z"}
{"@timestamp":"2022-09-14T08:50:00.461Z","@version":"1","message":"Sep 14 08:50:00 honeypot-sgp-1 sshd[12950]: Connection closed by 121.157.23.122 port 42174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:51:50 honeypot-fra-1 kernel: [84019931.734964] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=34925 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:51:51.069Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T08:56:21.622Z","@version":"1","message":"Sep 14 08:56:21 honeypot-sgp-1 kernel: [84021890.299668] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.38.93.168 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=14280 PROTO=TCP SPT=55185 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:56:39 honeypot-fra-1 kernel: [84020220.631167] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.240 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57772 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:56:40.181Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:01:57 honeypot-ams-1 kernel: [84022701.027880] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57596 PROTO=TCP SPT=46003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:01:58.410Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:10:36 honeypot-fra-1 kernel: [84021057.737569] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.235 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40770 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-14T09:10:37.496Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:15:35 honeypot-ams-1 kernel: [84023518.375394] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.104.179.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=13908 PROTO=TCP SPT=56203 DPT=80 WINDOW=10818 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:15:35.757Z"}
{"@timestamp":"2022-09-14T09:15:44.109Z","@version":"1","message":"Sep 14 09:15:43 honeypot-sgp-1 sshd[12962]: Received disconnect from 92.255.85.69 port 22476:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T09:17:02.144Z","@version":"1","message":"Sep 14 09:17:01 honeypot-sgp-1 CRON[12966]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:18:32 honeypot-fra-1 sshd[8530]: Received disconnect from 92.255.85.69 port 61886:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:18:33.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:22:33 honeypot-ams-1 kernel: [84023936.161962] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.49.20.115 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40400 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-14T09:22:33.939Z"}
{"@timestamp":"2022-09-14T09:23:33.311Z","@version":"1","message":"Sep 14 09:23:32 honeypot-sgp-1 sshd[12970]: Connection closed by invalid user user1 103.188.176.251 port 50638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:25:57 honeypot-ams-1 sshd[24356]: Disconnected from invalid user admin 159.65.65.135 port 35078 [preauth]","@timestamp":"2022-09-14T09:25:58.029Z"}
{"@timestamp":"2022-09-14T09:29:23.461Z","@version":"1","message":"Sep 14 09:29:22 honeypot-sgp-1 sshd[12975]: Invalid user admin from 178.128.125.205 port 46936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T09:29:23.461Z","@version":"1","message":"Sep 14 09:29:22 honeypot-sgp-1 sshd[12981]: Invalid user admin from 178.128.125.205 port 46964","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:30:02 honeypot-ams-1 sshd[24362]: Received disconnect from 80.76.51.189 port 60894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:30:03.139Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:31:07 honeypot-fra-1 sshd[8535]: Invalid user wawi from 80.253.31.232 port 42952","@timestamp":"2022-09-14T09:31:07.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:31:18 honeypot-ams-1 sshd[24368]: Received disconnect from 80.76.51.189 port 42402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:31:19.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:32:10 honeypot-ams-1 sshd[24372]: Disconnected from authenticating user root 80.76.51.189 port 48908 [preauth]","@timestamp":"2022-09-14T09:32:11.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:33:33 honeypot-ams-1 sshd[24378]: Disconnected from authenticating user root 80.76.51.189 port 58638 [preauth]","@timestamp":"2022-09-14T09:33:33.239Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:34:29 honeypot-ams-1 sshd[24383]: Disconnected from invalid user test 80.76.51.189 port 36894 [preauth]","@timestamp":"2022-09-14T09:34:30.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:35:25 honeypot-ams-1 sshd[24387]: Disconnected from invalid user testuser 80.76.51.189 port 43380 [preauth]","@timestamp":"2022-09-14T09:35:25.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:36:20 honeypot-ams-1 sshd[24391]: Disconnected from invalid user ubuntu 80.76.51.189 port 49870 [preauth]","@timestamp":"2022-09-14T09:36:21.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:37:16 honeypot-ams-1 sshd[24395]: Disconnected from invalid user ubuntu 80.76.51.189 port 56360 [preauth]","@timestamp":"2022-09-14T09:37:17.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:38:42 honeypot-ams-1 sshd[24401]: Received disconnect from 80.76.51.189 port 37866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:38:43.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:39:41 honeypot-ams-1 sshd[24406]: Disconnected from authenticating user root 80.76.51.189 port 44348 [preauth]","@timestamp":"2022-09-14T09:39:42.411Z"}
{"@timestamp":"2022-09-14T09:40:52.748Z","@version":"1","message":"Sep 14 09:40:51 honeypot-sgp-1 sshd[12988]: Invalid user cyyang from 94.179.133.22 port 10497","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:41:13 honeypot-ams-1 kernel: [84025056.204645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=18.189.61.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=38 ID=5607 PROTO=TCP SPT=5075 DPT=80 WINDOW=41810 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:41:13.453Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:41:55 honeypot-fra-1 sshd[8540]: Disconnected from authenticating user root 92.255.85.70 port 28760 [preauth]","@timestamp":"2022-09-14T09:41:56.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:43:58 honeypot-fra-1 sshd[8544]: Disconnected from authenticating user root 211.200.178.178 port 54248 [preauth]","@timestamp":"2022-09-14T09:43:59.253Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:44:33 honeypot-ams-1 sshd[24416]: Received disconnect from 92.255.85.70 port 41298:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:44:34.542Z"}
{"@timestamp":"2022-09-14T09:45:41.871Z","@version":"1","message":"Sep 14 09:45:41 honeypot-sgp-1 kernel: [84024850.275677] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.96.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=39336 PROTO=TCP SPT=13001 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:47:24 honeypot-ams-1 kernel: [84025427.837347] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:47:25.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:51:00 honeypot-fra-1 sshd[8551]: Disconnected from authenticating user root 218.92.0.208 port 58090 [preauth]","@timestamp":"2022-09-14T09:51:00.434Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:54:01 honeypot-ams-1 sshd[24423]: Disconnected from authenticating user root 49.88.112.65 port 60751 [preauth]","@timestamp":"2022-09-14T09:54:01.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:55:00 honeypot-fra-1 sshd[8558]: Received disconnect from 89.163.178.15 port 37852:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:55:01.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:01:08 honeypot-fra-1 sshd[8564]: Disconnecting authenticating user root 124.79.243.92 port 50317: Too many authentication failures [preauth]","@timestamp":"2022-09-14T10:01:08.695Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:02:07.279Z","@version":"1","message":"Sep 14 10:02:07 honeypot-sgp-1 sshd[12997]: Disconnected from invalid user dummy 198.12.85.199 port 53004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:03:08 honeypot-fra-1 sshd[8571]: Received disconnect from 179.43.145.74 port 43480:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:03:08.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:05:06 honeypot-fra-1 sshd[8577]: Received disconnect from 92.255.85.70 port 34858:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:05:06.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:06:43.398Z","@version":"1","message":"Sep 14 10:06:42 honeypot-sgp-1 kernel: [84026111.509137] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=7581 DF PROTO=TCP SPT=49786 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:08:02 honeypot-ams-1 sshd[24430]: Disconnected from authenticating user root 92.255.85.70 port 24652 [preauth]","@timestamp":"2022-09-14T10:08:02.154Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:11:27 honeypot-fra-1 sshd[8582]: Received disconnect from 61.177.173.49 port 54168:11:  [preauth]","@timestamp":"2022-09-14T10:11:27.933Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:12:11.540Z","@version":"1","message":"Sep 14 10:12:10 honeypot-sgp-1 sshd[13004]: Disconnected from 61.177.173.50 port 23256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:16:38 honeypot-fra-1 sshd[8587]: Disconnected from authenticating user root 61.177.172.104 port 62278 [preauth]","@timestamp":"2022-09-14T10:16:39.054Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:16:50.659Z","@version":"1","message":"Sep 14 10:16:50 honeypot-sgp-1 sshd[13013]: Disconnected from authenticating user root 61.177.172.108 port 39998 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:17:01 honeypot-ams-1 CRON[24435]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T10:17:01.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:23:38 honeypot-fra-1 sshd[8597]: Received disconnect from 134.209.233.126 port 49634:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:23:39.216Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:23:41.837Z","@version":"1","message":"Sep 14 10:23:41 honeypot-sgp-1 sshd[13021]: Received disconnect from 61.177.173.39 port 45706:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:26:41.919Z","@version":"1","message":"Sep 14 10:26:41 honeypot-sgp-1 kernel: [84027310.026070] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=58195 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:26:59 honeypot-ams-1 kernel: [84027802.721683] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=65103 PROTO=TCP SPT=32186 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:26:59.646Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:27:43 honeypot-fra-1 sshd[8605]: Received disconnect from 61.177.173.51 port 62893:11:  [preauth]","@timestamp":"2022-09-14T10:27:44.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:28:50 honeypot-fra-1 sshd[8610]: Disconnected from authenticating user root 92.255.85.69 port 46140 [preauth]","@timestamp":"2022-09-14T10:28:51.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:32:58 honeypot-ams-1 kernel: [84028161.583897] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=50076 PROTO=TCP SPT=36567 DPT=80 WINDOW=25606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:32:58.821Z"}
{"@timestamp":"2022-09-14T10:35:49.158Z","@version":"1","message":"Sep 14 10:35:48 honeypot-sgp-1 sshd[13031]: Received disconnect from 61.177.173.50 port 26826:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:35:49 honeypot-fra-1 sshd[8613]: Disconnected from authenticating user root 61.177.173.51 port 49064 [preauth]","@timestamp":"2022-09-14T10:35:50.498Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:39:46.281Z","@version":"1","message":"Sep 14 10:39:45 honeypot-sgp-1 sshd[13039]: Disconnected from authenticating user root 148.153.110.76 port 38896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:40:34 honeypot-ams-1 sshd[24446]: Invalid user oracle from 190.156.238.155 port 43516","@timestamp":"2022-09-14T10:40:35.027Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:47:44 honeypot-ams-1 kernel: [84029047.793268] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=12573 PROTO=TCP SPT=13860 DPT=80 WINDOW=32356 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:47:45.212Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:47:50 honeypot-fra-1 sshd[8619]: Received disconnect from 165.22.45.108 port 33216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:47:50.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:08 honeypot-ams-1 sshd[24453]: Received disconnect from 171.110.164.56 port 50048:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:08.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:14 honeypot-ams-1 sshd[24459]: Received disconnect from 171.110.164.56 port 50086:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:14.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:19 honeypot-ams-1 sshd[24465]: Received disconnect from 171.110.164.56 port 52128:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:20.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:25 honeypot-ams-1 sshd[24471]: Received disconnect from 171.110.164.56 port 52152:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:26.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:31 honeypot-ams-1 sshd[24477]: Received disconnect from 171.110.164.56 port 56164:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:32.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:37 honeypot-ams-1 sshd[24483]: Received disconnect from 171.110.164.56 port 59710:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:38.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:43 honeypot-ams-1 sshd[24489]: Received disconnect from 171.110.164.56 port 59728:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:44.272Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:49 honeypot-ams-1 sshd[24495]: Received disconnect from 171.110.164.56 port 57786:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:50.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:56 honeypot-ams-1 sshd[24501]: Received disconnect from 171.110.164.56 port 57808:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:57.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:02 honeypot-ams-1 sshd[24507]: Received disconnect from 171.110.164.56 port 43876:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:03.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:08 honeypot-ams-1 sshd[24513]: Received disconnect from 171.110.164.56 port 34172:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:09.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:14 honeypot-ams-1 sshd[24519]: Received disconnect from 171.110.164.56 port 34204:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:15.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:18 honeypot-ams-1 sshd[24523]: Received disconnect from 171.110.164.56 port 39450:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:19.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:22 honeypot-ams-1 sshd[24527]: Received disconnect from 171.110.164.56 port 39476:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:23.298Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:26 honeypot-ams-1 sshd[24531]: Received disconnect from 171.110.164.56 port 39492:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:27.300Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:30 honeypot-ams-1 sshd[24535]: Received disconnect from 171.110.164.56 port 37644:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:31.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:34 honeypot-ams-1 sshd[24539]: Received disconnect from 171.110.164.56 port 37654:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:35.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:38 honeypot-ams-1 sshd[24543]: Disconnected from authenticating user root 171.110.164.56 port 60834 [preauth]","@timestamp":"2022-09-14T10:50:39.307Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:44 honeypot-ams-1 sshd[24549]: Invalid user pi from 171.110.164.56 port 60864","@timestamp":"2022-09-14T10:50:45.310Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:48 honeypot-ams-1 sshd[24553]: Invalid user ethos from 171.110.164.56 port 49894","@timestamp":"2022-09-14T10:50:49.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:53 honeypot-ams-1 sshd[24557]: Invalid user miner from 171.110.164.56 port 49918","@timestamp":"2022-09-14T10:50:53.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:57 honeypot-ams-1 sshd[24561]: Invalid user volumio from 171.110.164.56 port 49936","@timestamp":"2022-09-14T10:50:57.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:01 honeypot-ams-1 sshd[24565]: Invalid user nagios from 171.110.164.56 port 58938","@timestamp":"2022-09-14T10:51:01.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:04 honeypot-ams-1 sshd[24569]: Invalid user vagrant from 171.110.164.56 port 58946","@timestamp":"2022-09-14T10:51:05.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:08 honeypot-ams-1 sshd[24573]: Invalid user debian from 171.110.164.56 port 51514","@timestamp":"2022-09-14T10:51:09.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:12 honeypot-ams-1 sshd[24577]: Invalid user debian from 171.110.164.56 port 51528","@timestamp":"2022-09-14T10:51:13.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:16 honeypot-ams-1 sshd[24581]: Invalid user alarm from 171.110.164.56 port 51544","@timestamp":"2022-09-14T10:51:17.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:19 honeypot-ams-1 sshd[24583]: Disconnected from invalid user guest 171.110.164.56 port 53692 [preauth]","@timestamp":"2022-09-14T10:51:19.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:23 honeypot-ams-1 sshd[24587]: Disconnected from invalid user cirros 171.110.164.56 port 53710 [preauth]","@timestamp":"2022-09-14T10:51:23.334Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:52:13 honeypot-fra-1 sshd[8625]: Received disconnect from 92.255.85.70 port 48832:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:52:13.895Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:53:57.640Z","@version":"1","message":"Sep 14 10:53:57 honeypot-sgp-1 sshd[13049]: Received disconnect from 61.177.172.98 port 11882:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:54:41 honeypot-ams-1 sshd[24592]: Disconnected from authenticating user root 92.255.85.70 port 60656 [preauth]","@timestamp":"2022-09-14T10:54:41.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:57:59 honeypot-ams-1 sshd[24596]: Disconnected from authenticating user root 183.144.121.209 port 48488 [preauth]","@timestamp":"2022-09-14T10:58:00.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:05 honeypot-ams-1 sshd[24602]: Received disconnect from 183.144.121.209 port 48840:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:06.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:11 honeypot-ams-1 sshd[24608]: Received disconnect from 183.144.121.209 port 49182:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:11.513Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:17 honeypot-ams-1 sshd[24614]: Received disconnect from 183.144.121.209 port 49508:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:17.516Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:23 honeypot-ams-1 sshd[24620]: Received disconnect from 183.144.121.209 port 49858:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:23.520Z"}
{"@timestamp":"2022-09-14T10:58:24.773Z","@version":"1","message":"Sep 14 10:58:24 honeypot-sgp-1 sshd[13053]: Received disconnect from 45.61.184.204 port 36774:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:28 honeypot-ams-1 sshd[24626]: Received disconnect from 183.144.121.209 port 50158:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:29.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:34 honeypot-ams-1 sshd[24632]: Received disconnect from 183.144.121.209 port 50478:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:35.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:40 honeypot-ams-1 sshd[24638]: Received disconnect from 183.144.121.209 port 50798:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:40.530Z"}
{"@timestamp":"2022-09-14T10:58:43.783Z","@version":"1","message":"Sep 14 10:58:43 honeypot-sgp-1 sshd[13057]: Received disconnect from 45.61.184.204 port 59998:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:44 honeypot-ams-1 sshd[24643]: Disconnected from authenticating user root 183.144.121.209 port 51008 [preauth]","@timestamp":"2022-09-14T10:58:44.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:49 honeypot-ams-1 sshd[24651]: Received disconnect from 183.144.121.209 port 51320:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:50.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:55 honeypot-ams-1 sshd[24657]: Received disconnect from 183.144.121.209 port 51648:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:56.539Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:01 honeypot-ams-1 sshd[24663]: Received disconnect from 183.144.121.209 port 51962:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:01.542Z"}
{"@timestamp":"2022-09-14T10:59:03.793Z","@version":"1","message":"Sep 14 10:59:03 honeypot-sgp-1 sshd[13061]: Received disconnect from 45.61.184.204 port 54994:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:06 honeypot-fra-1 sshd[8629]: Received disconnect from 141.255.162.226 port 53946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:59:07.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:06 honeypot-ams-1 sshd[24669]: Invalid user admin from 183.144.121.209 port 52274","@timestamp":"2022-09-14T10:59:07.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:08 honeypot-fra-1 sshd[8633]: Received disconnect from 141.255.162.226 port 39138:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:59:09.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:10 honeypot-ams-1 sshd[24673]: Invalid user admin from 183.144.121.209 port 52498","@timestamp":"2022-09-14T10:59:11.549Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:12 honeypot-fra-1 sshd[8637]: Received disconnect from 141.255.162.226 port 45844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:59:13.058Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:14 honeypot-ams-1 sshd[24677]: Invalid user admin from 183.144.121.209 port 52702","@timestamp":"2022-09-14T10:59:15.551Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:15 honeypot-fra-1 sshd[8641]: Received disconnect from 141.255.162.226 port 37746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:59:16.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:18 honeypot-ams-1 sshd[24681]: Invalid user admin from 183.144.121.209 port 52914","@timestamp":"2022-09-14T10:59:18.553Z"}
{"@timestamp":"2022-09-14T10:59:20.801Z","@version":"1","message":"Sep 14 10:59:20 honeypot-sgp-1 sshd[13065]: Received disconnect from 45.61.184.204 port 49990:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:22 honeypot-ams-1 sshd[24685]: Invalid user admin from 183.144.121.209 port 53124","@timestamp":"2022-09-14T10:59:22.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:26 honeypot-ams-1 sshd[24689]: Invalid user user from 183.144.121.209 port 53312","@timestamp":"2022-09-14T10:59:26.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:30 honeypot-ams-1 sshd[24693]: Disconnected from authenticating user root 183.144.121.209 port 53536 [preauth]","@timestamp":"2022-09-14T10:59:30.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:34 honeypot-ams-1 sshd[24697]: Disconnected from invalid user pi 183.144.121.209 port 53746 [preauth]","@timestamp":"2022-09-14T10:59:34.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:37 honeypot-ams-1 sshd[24701]: Disconnected from invalid user ethos 183.144.121.209 port 53936 [preauth]","@timestamp":"2022-09-14T10:59:38.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:41 honeypot-ams-1 sshd[24705]: Disconnected from invalid user miner 183.144.121.209 port 54152 [preauth]","@timestamp":"2022-09-14T10:59:42.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:45 honeypot-ams-1 sshd[24710]: Disconnected from invalid user volumio 183.144.121.209 port 54332 [preauth]","@timestamp":"2022-09-14T10:59:46.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:49 honeypot-ams-1 sshd[24714]: Disconnected from invalid user nagios 183.144.121.209 port 54532 [preauth]","@timestamp":"2022-09-14T10:59:49.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:53 honeypot-ams-1 sshd[24718]: Disconnected from invalid user vagrant 183.144.121.209 port 54752 [preauth]","@timestamp":"2022-09-14T10:59:53.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:56 honeypot-ams-1 sshd[24722]: Disconnected from invalid user debian 183.144.121.209 port 54948 [preauth]","@timestamp":"2022-09-14T10:59:57.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:00 honeypot-ams-1 sshd[24726]: Disconnected from invalid user debian 183.144.121.209 port 55166 [preauth]","@timestamp":"2022-09-14T11:00:01.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:04 honeypot-ams-1 sshd[24730]: Disconnected from invalid user alarm 183.144.121.209 port 55356 [preauth]","@timestamp":"2022-09-14T11:00:05.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:08 honeypot-ams-1 sshd[24734]: Disconnected from invalid user test 183.144.121.209 port 55550 [preauth]","@timestamp":"2022-09-14T11:00:08.588Z"}
{"@timestamp":"2022-09-14T11:00:08.824Z","@version":"1","message":"Sep 14 11:00:08 honeypot-sgp-1 sshd[13073]: Received disconnect from 45.61.186.249 port 53484:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:12 honeypot-ams-1 sshd[24738]: Disconnected from invalid user cirros 183.144.121.209 port 55750 [preauth]","@timestamp":"2022-09-14T11:00:12.590Z"}
{"@timestamp":"2022-09-14T11:00:27.834Z","@version":"1","message":"Sep 14 11:00:26 honeypot-sgp-1 sshd[13077]: Received disconnect from 45.61.186.249 port 48418:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:45.842Z","@version":"1","message":"Sep 14 11:00:45 honeypot-sgp-1 sshd[13081]: Received disconnect from 45.61.186.249 port 43368:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:01:03.851Z","@version":"1","message":"Sep 14 11:01:02 honeypot-sgp-1 sshd[13085]: Received disconnect from 45.61.186.249 port 38318:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:02:32 honeypot-fra-1 kernel: [84027772.607262] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.140.166.49 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=249 ID=22444 PROTO=TCP SPT=50282 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:02:32.138Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8669]: Invalid user test from 34.71.244.4 port 41222","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8658]: Connection closed by invalid user odoo 34.71.244.4 port 41198 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8675]: Invalid user elasticsearch from 34.71.244.4 port 41374","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8677]: Invalid user admin from 34.71.244.4 port 41396","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8657]: Invalid user www from 34.71.244.4 port 41168","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8674]: Connection closed by authenticating user root 34.71.244.4 port 41332 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8685]: Connection closed by invalid user oracle 34.71.244.4 port 41428 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8677]: Connection closed by invalid user admin 34.71.244.4 port 41396 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:08:24 honeypot-fra-1 kernel: [84028124.879495] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=25080 DF PROTO=TCP SPT=62945 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T11:08:25.275Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8739]: Invalid user ftpuser from 197.5.145.54 port 55382","@timestamp":"2022-09-14T11:11:10.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8728]: Connection closed by invalid user mysql 197.5.145.54 port 55381 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8734]: Connection closed by invalid user admin 197.5.145.54 port 55376 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:12:39.134Z","@version":"1","message":"Sep 14 11:12:38 honeypot-sgp-1 sshd[13094]: Did not receive identification string from 45.61.186.249 port 43632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:12:44 honeypot-fra-1 sshd[8752]: Received disconnect from 61.177.172.108 port 62224:11:  [preauth]","@timestamp":"2022-09-14T11:12:45.382Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:13:11.151Z","@version":"1","message":"Sep 14 11:13:11 honeypot-sgp-1 sshd[13099]: Invalid user user from 45.61.186.249 port 54456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:30.160Z","@version":"1","message":"Sep 14 11:13:29 honeypot-sgp-1 sshd[13103]: Invalid user user from 45.61.186.249 port 49652","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:47.169Z","@version":"1","message":"Sep 14 11:13:47 honeypot-sgp-1 kernel: [84030135.823690] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=82.52.46.187 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=33473 PROTO=TCP SPT=14410 DPT=443 WINDOW=21546 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:55.179Z","@version":"1","message":"Sep 14 11:13:54 honeypot-sgp-1 sshd[13109]: Disconnected from invalid user user 45.61.186.249 port 56586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:15:33 honeypot-fra-1 sshd[8757]: Disconnected from authenticating user root 61.177.172.19 port 50995 [preauth]","@timestamp":"2022-09-14T11:15:33.453Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:16:55 honeypot-ams-1 sshd[24744]: Disconnected from invalid user gmodserver 114.247.103.218 port 15405 [preauth]","@timestamp":"2022-09-14T11:16:56.015Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:41 honeypot-ams-1 sshd[24752]: Invalid user user from 141.255.162.226 port 51044","@timestamp":"2022-09-14T11:17:42.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:47 honeypot-ams-1 sshd[24756]: Invalid user user from 141.255.162.226 port 51728","@timestamp":"2022-09-14T11:17:48.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:49 honeypot-ams-1 sshd[24760]: Invalid user user from 141.255.162.226 port 37264","@timestamp":"2022-09-14T11:17:50.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:50 honeypot-ams-1 sshd[24762]: Disconnected from invalid user user 141.255.162.226 port 37954 [preauth]","@timestamp":"2022-09-14T11:17:51.043Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8770]: Invalid user user from 175.24.188.217 port 34500","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8774]: Invalid user web from 175.24.188.217 port 34444","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8780]: Invalid user lighthouse from 175.24.188.217 port 34476","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8790]: Invalid user deploy from 175.24.188.217 port 34490","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8796]: Invalid user admin from 175.24.188.217 port 34466","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8774]: Connection closed by invalid user web 175.24.188.217 port 34444 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8780]: Connection closed by invalid user lighthouse 175.24.188.217 port 34476 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8789]: Connection closed by invalid user ts3 175.24.188.217 port 34426 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:22:58 honeypot-fra-1 sshd[8821]: Received disconnect from 159.223.95.166 port 46064:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:22:58.632Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:23:42 honeypot-ams-1 kernel: [84031205.702607] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=118.123.105.87 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=36146 PROTO=TCP SPT=54002 DPT=443 WINDOW=63540 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:23:43.195Z"}
{"@timestamp":"2022-09-14T11:24:44.443Z","@version":"1","message":"Sep 14 11:24:44 honeypot-sgp-1 kernel: [84030793.061528] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.99.216.93 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=23441 PROTO=TCP SPT=54492 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:26:39 honeypot-fra-1 sshd[8831]: Invalid user rg from 67.205.132.113 port 42810","@timestamp":"2022-09-14T11:26:39.720Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:30:55.596Z","@version":"1","message":"Sep 14 11:30:54 honeypot-sgp-1 kernel: [84031163.371590] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50901 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:30:55 honeypot-fra-1 sshd[8834]: Connection closed by invalid user user1 103.188.176.251 port 36820 [preauth]","@timestamp":"2022-09-14T11:30:55.822Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:36:49 honeypot-ams-1 kernel: [84031993.025820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=46411 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:36:50.533Z"}
{"@timestamp":"2022-09-14T11:37:07.750Z","@version":"1","message":"Sep 14 11:37:07 honeypot-sgp-1 sshd[13131]: Received disconnect from 61.177.173.47 port 28217:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:39:24 honeypot-fra-1 sshd[8841]: Disconnected from authenticating user root 92.255.85.70 port 15944 [preauth]","@timestamp":"2022-09-14T11:39:25.026Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:40:54 honeypot-ams-1 kernel: [84032237.111055] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46988 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:40:54.642Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:44:13 honeypot-ams-1 kernel: [84032436.952090] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49330 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:44:14.729Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:46:07 honeypot-fra-1 kernel: [84030387.590861] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=6100 PROTO=TCP SPT=55369 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:46:07.182Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T11:47:03.999Z","@version":"1","message":"Sep 14 11:47:03 honeypot-sgp-1 sshd[13135]: Disconnected from authenticating user root 61.177.173.46 port 24947 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8855]: Invalid user www from 52.237.82.21 port 37842","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8877]: Invalid user es from 52.237.82.21 port 37878","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8860]: Invalid user hadoop from 52.237.82.21 port 37838","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8863]: Invalid user momo from 52.237.82.21 port 37854","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8871]: Invalid user steam from 52.237.82.21 port 37880","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8873]: Connection closed by authenticating user root 52.237.82.21 port 37916 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8860]: Connection closed by invalid user hadoop 52.237.82.21 port 37838 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8869]: Connection closed by invalid user testuser 52.237.82.21 port 37870 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:50:19.079Z","@version":"1","message":"Sep 14 11:50:18 honeypot-sgp-1 sshd[13141]: Disconnected from authenticating user root 61.177.173.53 port 44447 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:50:19 honeypot-fra-1 sshd[8909]: Received disconnect from 61.177.173.50 port 53471:11:  [preauth]","@timestamp":"2022-09-14T11:50:20.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:51:29 honeypot-fra-1 sshd[8915]: Invalid user cameras from 81.17.25.50 port 58684","@timestamp":"2022-09-14T11:51:30.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:51:46.116Z","@version":"1","message":"Sep 14 11:51:45 honeypot-sgp-1 sshd[13145]: Disconnected from invalid user tbi 164.92.142.65 port 35102 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:52:57 honeypot-fra-1 sshd[8921]: Invalid user  from 81.17.25.50 port 57179","@timestamp":"2022-09-14T11:52:58.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:08 honeypot-fra-1 sshd[8927]: Invalid user admin from 81.17.25.50 port 20584","@timestamp":"2022-09-14T11:53:09.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:49 honeypot-fra-1 sshd[8933]: Disconnecting authenticating user root 81.17.25.50 port 36428: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:53:49.397Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:54:40 honeypot-fra-1 sshd[8939]: Disconnecting invalid user araknis 81.17.25.50 port 64835: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:54:41.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:18 honeypot-fra-1 sshd[8947]: Invalid user Admin from 81.17.25.50 port 7606","@timestamp":"2022-09-14T11:55:19.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:49 honeypot-fra-1 sshd[8954]: Invalid user guest from 81.17.25.50 port 37651","@timestamp":"2022-09-14T11:55:49.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:59 honeypot-fra-1 sshd[8960]: Disconnecting invalid user  81.17.25.50 port 5587: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:59.457Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:23 honeypot-fra-1 sshd[8966]: Disconnecting invalid user admin 81.17.25.50 port 26188: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:56:23.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:41 honeypot-fra-1 sshd[8976]: Invalid user  from 81.17.25.50 port 16236","@timestamp":"2022-09-14T11:56:41.478Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:15 honeypot-fra-1 sshd[8983]: Invalid user admin from 81.17.25.50 port 6595","@timestamp":"2022-09-14T11:57:16.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:35 honeypot-fra-1 sshd[8989]: Invalid user  from 81.17.25.50 port 62800","@timestamp":"2022-09-14T11:57:36.504Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:58:03 honeypot-ams-1 sshd[24780]: Received disconnect from 161.35.26.171 port 54630:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:58:04.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:58:31 honeypot-fra-1 sshd[8995]: Disconnecting invalid user admin 81.17.25.50 port 14733: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:58:31.528Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:15 honeypot-fra-1 sshd[9004]: Disconnecting invalid user cusadmin 81.17.25.50 port 7945: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:59:16.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:52 honeypot-fra-1 sshd[9010]: Invalid user lgnortel from 81.17.25.50 port 52365","@timestamp":"2022-09-14T11:59:52.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:22 honeypot-fra-1 sshd[9016]: Invalid user admin from 81.17.25.50 port 60722","@timestamp":"2022-09-14T12:00:23.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:22 honeypot-fra-1 sshd[9023]: Invalid user admin1234 from 81.17.25.50 port 58375","@timestamp":"2022-09-14T12:01:22.608Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:01:25.351Z","@version":"1","message":"Sep 14 12:01:24 honeypot-sgp-1 kernel: [84032993.430779] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=7785 DF PROTO=TCP SPT=51669 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:51 honeypot-fra-1 sshd[9027]: Disconnecting invalid user  81.17.25.50 port 40741: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:01:51.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:13 honeypot-fra-1 sshd[9033]: Disconnecting invalid user admin 81.17.25.50 port 35743: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:02:13.633Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:03:11 honeypot-fra-1 sshd[9039]: Disconnecting authenticating user root 81.17.25.50 port 13164: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:03:11.660Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:03:58 honeypot-fra-1 sshd[9043]: Disconnecting invalid user airlive 81.17.25.50 port 29616: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:03:58.683Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:05:06 honeypot-fra-1 sshd[9049]: Disconnecting invalid user roqos 81.17.25.50 port 44793: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:05:06.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:05:10 honeypot-ams-1 sshd[24786]: Received disconnect from 92.255.85.70 port 39338:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:05:10.295Z"}
{"@timestamp":"2022-09-14T12:05:34.455Z","@version":"1","message":"Sep 14 12:05:33 honeypot-sgp-1 sshd[13612]: Received disconnect from 201.249.89.102 port 46136:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:06:10 honeypot-fra-1 sshd[9056]: Invalid user sitecom from 81.17.25.50 port 10620","@timestamp":"2022-09-14T12:06:11.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:06:47 honeypot-fra-1 sshd[9063]: Disconnecting invalid user smcadmin 81.17.25.50 port 3366: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:06:47.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:07:36.507Z","@version":"1","message":"Sep 14 12:07:35 honeypot-sgp-1 sshd[13616]: Received disconnect from 61.177.172.104 port 54449:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:07:51 honeypot-fra-1 sshd[9071]: Disconnecting invalid user highspeed 81.17.25.50 port 15125: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:07:51.787Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:24 honeypot-ams-1 sshd[24792]: Received disconnect from 141.255.162.226 port 41886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:08:25.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:08:25 honeypot-fra-1 sshd[9077]: Disconnecting invalid user sweex 81.17.25.50 port 45873: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:08:25.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:28 honeypot-ams-1 sshd[24796]: Received disconnect from 141.255.162.226 port 57130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:08:29.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:30 honeypot-ams-1 sshd[24800]: Received disconnect from 141.255.162.226 port 36524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:08:31.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:24 honeypot-fra-1 sshd[9083]: Disconnecting invalid user  81.17.25.50 port 33001: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:25.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:43 honeypot-fra-1 sshd[9089]: Disconnecting invalid user ubnt 81.17.25.50 port 29963: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:43.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:47 honeypot-fra-1 sshd[9097]: Invalid user amdin from 81.17.25.50 port 28451","@timestamp":"2022-09-14T12:09:47.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:47 honeypot-fra-1 sshd[9103]: Invalid user admin from 81.17.25.50 port 41987","@timestamp":"2022-09-14T12:09:48.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:51 honeypot-fra-1 sshd[9109]: Invalid user admin from 81.17.25.50 port 17398","@timestamp":"2022-09-14T12:09:51.845Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:10:14.573Z","@version":"1","message":"Sep 14 12:10:13 honeypot-sgp-1 sshd[13622]: Received disconnect from 142.93.145.85 port 39220:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:10:24 honeypot-fra-1 sshd[9113]: Disconnecting invalid user admin 81.17.25.50 port 11643: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:10:25.870Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:12:33.633Z","@version":"1","message":"Sep 14 12:12:33 honeypot-sgp-1 sshd[13627]: Received disconnect from 207.154.231.64 port 45002:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:13:41 honeypot-ams-1 kernel: [84034204.251098] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=1365 DF PROTO=TCP SPT=51117 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T12:13:41.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:14:17 honeypot-fra-1 sshd[9125]: Connection closed by authenticating user root 141.98.10.158 port 48852 [preauth]","@timestamp":"2022-09-14T12:14:17.957Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:19:58 honeypot-ams-1 sshd[24809]: Disconnected from authenticating user root 179.103.152.130 port 57278 [preauth]","@timestamp":"2022-09-14T12:19:59.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:05 honeypot-ams-1 sshd[24815]: Received disconnect from 179.103.152.130 port 57556:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:05.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:12 honeypot-ams-1 sshd[24821]: Received disconnect from 179.103.152.130 port 57974:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:12.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:18 honeypot-ams-1 sshd[24827]: Received disconnect from 179.103.152.130 port 58310:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:19.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:25 honeypot-ams-1 sshd[24833]: Received disconnect from 179.103.152.130 port 58632:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:26.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:32 honeypot-ams-1 sshd[24839]: Received disconnect from 179.103.152.130 port 59020:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:32.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:39 honeypot-ams-1 sshd[24845]: Received disconnect from 179.103.152.130 port 59372:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:39.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:46 honeypot-ams-1 sshd[24851]: Received disconnect from 179.103.152.130 port 59764:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:46.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:53 honeypot-ams-1 sshd[24857]: Received disconnect from 179.103.152.130 port 60110:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:53.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:00 honeypot-ams-1 sshd[24863]: Received disconnect from 179.103.152.130 port 60470:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:00.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:07 honeypot-ams-1 sshd[24869]: Received disconnect from 179.103.152.130 port 60826:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:07.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:14 honeypot-ams-1 sshd[24875]: Received disconnect from 179.103.152.130 port 32940:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:14.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:21 honeypot-ams-1 sshd[24881]: Invalid user admin from 179.103.152.130 port 33348","@timestamp":"2022-09-14T12:21:21.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:26 honeypot-ams-1 sshd[24885]: Invalid user admin from 179.103.152.130 port 33650","@timestamp":"2022-09-14T12:21:26.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:30 honeypot-ams-1 sshd[24889]: Invalid user admin from 179.103.152.130 port 33868","@timestamp":"2022-09-14T12:21:31.739Z"}
{"@timestamp":"2022-09-14T12:21:33.852Z","@version":"1","message":"Sep 14 12:21:33 honeypot-sgp-1 sshd[13635]: Invalid user dedy from 200.66.77.178 port 48738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:36 honeypot-ams-1 sshd[24893]: Invalid user admin from 179.103.152.130 port 34120","@timestamp":"2022-09-14T12:21:36.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:41 honeypot-ams-1 sshd[24897]: Invalid user admin from 179.103.152.130 port 34402","@timestamp":"2022-09-14T12:21:41.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:45 honeypot-ams-1 sshd[24901]: Invalid user user from 179.103.152.130 port 34646","@timestamp":"2022-09-14T12:21:45.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:51 honeypot-ams-1 sshd[24905]: Disconnected from authenticating user root 179.103.152.130 port 34952 [preauth]","@timestamp":"2022-09-14T12:21:51.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:56 honeypot-ams-1 sshd[24909]: Disconnected from invalid user pi 179.103.152.130 port 35200 [preauth]","@timestamp":"2022-09-14T12:21:56.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:01 honeypot-ams-1 sshd[24913]: Disconnected from invalid user ethos 179.103.152.130 port 35466 [preauth]","@timestamp":"2022-09-14T12:22:01.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:06 honeypot-ams-1 sshd[24917]: Disconnected from invalid user miner 179.103.152.130 port 35736 [preauth]","@timestamp":"2022-09-14T12:22:06.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:11 honeypot-ams-1 sshd[24921]: Disconnected from invalid user volumio 179.103.152.130 port 35954 [preauth]","@timestamp":"2022-09-14T12:22:11.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:16 honeypot-ams-1 sshd[24925]: Disconnected from invalid user nagios 179.103.152.130 port 36204 [preauth]","@timestamp":"2022-09-14T12:22:16.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:20 honeypot-ams-1 sshd[24929]: Disconnected from invalid user vagrant 179.103.152.130 port 36446 [preauth]","@timestamp":"2022-09-14T12:22:20.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:26 honeypot-ams-1 sshd[24933]: Disconnected from invalid user debian 179.103.152.130 port 36720 [preauth]","@timestamp":"2022-09-14T12:22:26.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:31 honeypot-ams-1 sshd[24937]: Disconnected from invalid user debian 179.103.152.130 port 37026 [preauth]","@timestamp":"2022-09-14T12:22:31.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:36 honeypot-ams-1 sshd[24941]: Disconnected from invalid user alarm 179.103.152.130 port 37260 [preauth]","@timestamp":"2022-09-14T12:22:36.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:38 honeypot-ams-1 sshd[24945]: Disconnected from authenticating user root 190.110.214.198 port 36670 [preauth]","@timestamp":"2022-09-14T12:22:38.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:44 honeypot-ams-1 sshd[24949]: Disconnected from invalid user cirros 179.103.152.130 port 37632 [preauth]","@timestamp":"2022-09-14T12:22:44.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:23:10 honeypot-fra-1 sshd[9137]: Did not receive identification string from 45.61.186.169 port 42108","@timestamp":"2022-09-14T12:23:11.163Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:23:24.898Z","@version":"1","message":"Sep 14 12:23:24 honeypot-sgp-1 sshd[13640]: Disconnected from authenticating user root 92.255.85.70 port 18350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:23:40 honeypot-ams-1 kernel: [84034803.591631] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=4126 DF PROTO=TCP SPT=58985 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T12:23:40.818Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:23:51 honeypot-fra-1 sshd[9140]: Disconnected from invalid user user 45.61.186.169 port 51748 [preauth]","@timestamp":"2022-09-14T12:23:52.181Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:08 honeypot-fra-1 sshd[9146]: Disconnected from invalid user user 45.61.186.169 port 46566 [preauth]","@timestamp":"2022-09-14T12:24:09.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:18 honeypot-fra-1 sshd[9150]: Received disconnect from 165.22.45.108 port 43092:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:24:19.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:33 honeypot-fra-1 sshd[9154]: Received disconnect from 45.61.186.169 port 52922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:24:34.202Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:26:11 honeypot-ams-1 sshd[24960]: Invalid user ssh from 71.251.220.249 port 55190","@timestamp":"2022-09-14T12:26:11.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:03 honeypot-ams-1 sshd[24964]: Disconnected from authenticating user root 179.151.180.133 port 52184 [preauth]","@timestamp":"2022-09-14T12:27:03.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:10 honeypot-ams-1 sshd[24970]: Received disconnect from 179.151.180.133 port 52588:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:10.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:17 honeypot-ams-1 sshd[24976]: Received disconnect from 179.151.180.133 port 52962:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:17.921Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:24 honeypot-ams-1 sshd[24982]: Received disconnect from 179.151.180.133 port 53332:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:24.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:31 honeypot-ams-1 sshd[24988]: Received disconnect from 179.151.180.133 port 53704:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:31.930Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:38 honeypot-ams-1 sshd[24994]: Received disconnect from 179.151.180.133 port 54106:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:38.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:45 honeypot-ams-1 sshd[25000]: Received disconnect from 179.151.180.133 port 54470:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:45.937Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:53 honeypot-ams-1 sshd[25006]: Received disconnect from 179.151.180.133 port 54868:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:53.942Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:00 honeypot-ams-1 sshd[25012]: Received disconnect from 179.151.180.133 port 55266:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:00.946Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:07 honeypot-ams-1 sshd[25018]: Received disconnect from 179.151.180.133 port 55636:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:07.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:14 honeypot-ams-1 sshd[25024]: Received disconnect from 179.151.180.133 port 56034:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:15.955Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:22 honeypot-ams-1 sshd[25030]: Received disconnect from 179.151.180.133 port 56466:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:22.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:27 honeypot-ams-1 sshd[25034]: Disconnected from invalid user admin 179.151.180.133 port 56704 [preauth]","@timestamp":"2022-09-14T12:28:27.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:32 honeypot-ams-1 sshd[25038]: Disconnected from invalid user admin 179.151.180.133 port 56974 [preauth]","@timestamp":"2022-09-14T12:28:32.967Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:37 honeypot-ams-1 sshd[25042]: Disconnected from invalid user admin 179.151.180.133 port 57220 [preauth]","@timestamp":"2022-09-14T12:28:37.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:42 honeypot-ams-1 sshd[25046]: Disconnected from invalid user admin 179.151.180.133 port 57492 [preauth]","@timestamp":"2022-09-14T12:28:42.972Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:47 honeypot-ams-1 sshd[25050]: Disconnected from invalid user admin 179.151.180.133 port 57756 [preauth]","@timestamp":"2022-09-14T12:28:47.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:52 honeypot-ams-1 sshd[25054]: Disconnected from invalid user user 179.151.180.133 port 58030 [preauth]","@timestamp":"2022-09-14T12:28:52.979Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:56 honeypot-ams-1 sshd[25060]: Disconnected from authenticating user root 179.151.180.133 port 58302 [preauth]","@timestamp":"2022-09-14T12:28:56.981Z"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13649]: Invalid user centos from 35.90.115.181 port 54458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13654]: Invalid user postgres from 35.90.115.181 port 54448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13657]: Invalid user chia from 35.90.115.181 port 54440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13668]: Invalid user postgres from 35.90.115.181 port 54446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13655]: Connection closed by invalid user devops 35.90.115.181 port 54492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13652]: Connection closed by invalid user admin 35.90.115.181 port 54488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13662]: Connection closed by invalid user admin 35.90.115.181 port 54494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13672]: Connection closed by invalid user www 35.90.115.181 port 54506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:01 honeypot-ams-1 sshd[25064]: Disconnected from invalid user pi 179.151.180.133 port 58530 [preauth]","@timestamp":"2022-09-14T12:29:01.985Z"}
{"@timestamp":"2022-09-14T12:29:02.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13671]: Connection closed by authenticating user root 35.90.115.181 port 54516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:02.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13669]: Connection closed by invalid user chia 35.90.115.181 port 54504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:06 honeypot-ams-1 sshd[25068]: Disconnected from invalid user ethos 179.151.180.133 port 58816 [preauth]","@timestamp":"2022-09-14T12:29:06.988Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:10 honeypot-ams-1 sshd[25072]: Disconnected from invalid user miner 179.151.180.133 port 59062 [preauth]","@timestamp":"2022-09-14T12:29:10.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:15 honeypot-ams-1 sshd[25076]: Disconnected from invalid user volumio 179.151.180.133 port 59302 [preauth]","@timestamp":"2022-09-14T12:29:15.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:20 honeypot-ams-1 sshd[25080]: Disconnected from invalid user nagios 179.151.180.133 port 59596 [preauth]","@timestamp":"2022-09-14T12:29:20.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:24 honeypot-ams-1 sshd[25084]: Disconnected from invalid user vagrant 179.151.180.133 port 59802 [preauth]","@timestamp":"2022-09-14T12:29:24.999Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:28 honeypot-ams-1 sshd[25088]: Disconnected from invalid user debian 179.151.180.133 port 60070 [preauth]","@timestamp":"2022-09-14T12:29:29.001Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:33 honeypot-ams-1 sshd[25092]: Disconnected from invalid user debian 179.151.180.133 port 60298 [preauth]","@timestamp":"2022-09-14T12:29:34.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:38 honeypot-ams-1 sshd[25096]: Disconnected from invalid user alarm 179.151.180.133 port 60546 [preauth]","@timestamp":"2022-09-14T12:29:39.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:43 honeypot-ams-1 sshd[25100]: Disconnected from invalid user test 179.151.180.133 port 60812 [preauth]","@timestamp":"2022-09-14T12:29:44.011Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:49 honeypot-ams-1 sshd[25104]: Disconnected from invalid user cirros 179.151.180.133 port 32842 [preauth]","@timestamp":"2022-09-14T12:29:50.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:30:26 honeypot-fra-1 sshd[9159]: Received disconnect from 61.177.173.53 port 49631:11:  [preauth]","@timestamp":"2022-09-14T12:30:26.336Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:31:06.109Z","@version":"1","message":"Sep 14 12:31:05 honeypot-sgp-1 sshd[13710]: Disconnected from authenticating user root 61.177.173.36 port 44582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:34:07 honeypot-fra-1 sshd[9162]: Disconnected from authenticating user root 61.177.172.114 port 16912 [preauth]","@timestamp":"2022-09-14T12:34:08.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:36:25.244Z","@version":"1","message":"Sep 14 12:36:24 honeypot-sgp-1 sshd[13719]: Disconnected from authenticating user root 61.177.173.36 port 62443 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:43:48 honeypot-fra-1 kernel: [84033848.955708] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=74.82.47.17 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50114 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:43:48.645Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:43:50.437Z","@version":"1","message":"Sep 14 12:43:50 honeypot-sgp-1 kernel: [84035538.764645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=41993 PROTO=TCP SPT=45145 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:48:31.558Z","@version":"1","message":"Sep 14 12:48:30 honeypot-sgp-1 sshd[13733]: Disconnected from authenticating user root 61.177.173.36 port 18115 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:48:46 honeypot-ams-1 kernel: [84036309.354885] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=168.195.81.3 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=57 ID=50352 PROTO=TCP SPT=55899 DPT=80 WINDOW=30922 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:48:46.501Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:49:11 honeypot-fra-1 kernel: [84034172.215472] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.42.204 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=29689 DF PROTO=TCP SPT=13163 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:49:12.771Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:51:44.640Z","@version":"1","message":"Sep 14 12:51:43 honeypot-sgp-1 sshd[13739]: Disconnected from invalid user test 62.204.41.222 port 35607 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:53:03 honeypot-fra-1 sshd[9178]: Disconnected from authenticating user root 61.177.173.37 port 25310 [preauth]","@timestamp":"2022-09-14T12:53:03.859Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:55:11 honeypot-ams-1 kernel: [84036694.837862] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=7803 PROTO=TCP SPT=56701 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:55:12.667Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:55:46 honeypot-fra-1 kernel: [84034566.457901] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.7 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49870 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:55:46.924Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:56:40.766Z","@version":"1","message":"Sep 14 12:56:40 honeypot-sgp-1 sshd[13747]: Did not receive identification string from 118.193.59.5 port 46586","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:31.815Z","@version":"1","message":"Sep 14 12:58:30 honeypot-sgp-1 sshd[13754]: Invalid user user from 45.61.186.249 port 53534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:51.826Z","@version":"1","message":"Sep 14 12:58:51 honeypot-sgp-1 sshd[13758]: Received disconnect from 61.177.173.36 port 64928:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:02.831Z","@version":"1","message":"Sep 14 12:59:01 honeypot-sgp-1 sshd[13762]: Received disconnect from 45.61.186.249 port 60242:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:21.840Z","@version":"1","message":"Sep 14 12:59:21 honeypot-sgp-1 sshd[13766]: Invalid user user from 45.61.186.249 port 55296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:38 honeypot-ams-1 sshd[25116]: Disconnected from authenticating user root 61.245.162.61 port 56750 [preauth]","@timestamp":"2022-09-14T12:59:39.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:43 honeypot-ams-1 sshd[25122]: Received disconnect from 61.245.162.61 port 56992:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:43.788Z"}
{"@timestamp":"2022-09-14T12:59:46.850Z","@version":"1","message":"Sep 14 12:59:46 honeypot-sgp-1 sshd[13770]: Received disconnect from 61.177.172.19 port 42374:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:47 honeypot-ams-1 sshd[25128]: Received disconnect from 61.245.162.61 port 57188:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:48.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:52 honeypot-ams-1 sshd[25134]: Received disconnect from 61.245.162.61 port 57502:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:52.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:57 honeypot-ams-1 sshd[25140]: Received disconnect from 61.245.162.61 port 57658:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:57.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:01 honeypot-ams-1 sshd[25146]: Received disconnect from 61.245.162.61 port 58008:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:01.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:06 honeypot-ams-1 sshd[25152]: Received disconnect from 61.245.162.61 port 58218:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:06.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:10 honeypot-ams-1 sshd[25158]: Received disconnect from 61.245.162.61 port 58506:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:11.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:15 honeypot-ams-1 sshd[25164]: Received disconnect from 61.245.162.61 port 58702:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:15.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:20 honeypot-ams-1 sshd[25170]: Received disconnect from 61.245.162.61 port 59022:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:20.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:24 honeypot-ams-1 sshd[25176]: Received disconnect from 61.245.162.61 port 59246:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:24.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:29 honeypot-ams-1 sshd[25182]: Received disconnect from 61.245.162.61 port 59530:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:29.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:33 honeypot-ams-1 sshd[25188]: Invalid user admin from 61.245.162.61 port 59782","@timestamp":"2022-09-14T13:00:34.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:37 honeypot-ams-1 sshd[25192]: Invalid user admin from 61.245.162.61 port 59936","@timestamp":"2022-09-14T13:00:37.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:40 honeypot-ams-1 sshd[25196]: Invalid user admin from 61.245.162.61 port 60144","@timestamp":"2022-09-14T13:00:40.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:43 honeypot-ams-1 sshd[25200]: Invalid user admin from 61.245.162.61 port 60322","@timestamp":"2022-09-14T13:00:43.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:46 honeypot-ams-1 sshd[25204]: Invalid user admin from 61.245.162.61 port 60452","@timestamp":"2022-09-14T13:00:46.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:49 honeypot-ams-1 sshd[25208]: Invalid user user from 61.245.162.61 port 60666","@timestamp":"2022-09-14T13:00:49.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:52 honeypot-ams-1 sshd[25212]: Disconnected from authenticating user root 61.245.162.61 port 60860 [preauth]","@timestamp":"2022-09-14T13:00:53.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:56 honeypot-ams-1 sshd[25216]: Disconnected from invalid user pi 61.245.162.61 port 60988 [preauth]","@timestamp":"2022-09-14T13:00:56.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:59 honeypot-ams-1 sshd[25220]: Disconnected from invalid user ethos 61.245.162.61 port 32926 [preauth]","@timestamp":"2022-09-14T13:00:59.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:02 honeypot-ams-1 sshd[25224]: Disconnected from invalid user miner 61.245.162.61 port 33150 [preauth]","@timestamp":"2022-09-14T13:01:02.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:05 honeypot-ams-1 sshd[25228]: Disconnected from invalid user volumio 61.245.162.61 port 33294 [preauth]","@timestamp":"2022-09-14T13:01:05.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:08 honeypot-ams-1 sshd[25232]: Disconnected from invalid user nagios 61.245.162.61 port 33472 [preauth]","@timestamp":"2022-09-14T13:01:09.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:12 honeypot-ams-1 sshd[25236]: Disconnected from invalid user vagrant 61.245.162.61 port 33682 [preauth]","@timestamp":"2022-09-14T13:01:12.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:15 honeypot-ams-1 sshd[25240]: Disconnected from invalid user debian 61.245.162.61 port 33846 [preauth]","@timestamp":"2022-09-14T13:01:15.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:18 honeypot-ams-1 sshd[25244]: Disconnected from invalid user debian 61.245.162.61 port 33980 [preauth]","@timestamp":"2022-09-14T13:01:18.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:21 honeypot-ams-1 sshd[25248]: Disconnected from invalid user alarm 61.245.162.61 port 34210 [preauth]","@timestamp":"2022-09-14T13:01:21.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:24 honeypot-ams-1 sshd[25252]: Disconnected from invalid user test 61.245.162.61 port 34380 [preauth]","@timestamp":"2022-09-14T13:01:24.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:27 honeypot-ams-1 sshd[25256]: Disconnected from invalid user cirros 61.245.162.61 port 34514 [preauth]","@timestamp":"2022-09-14T13:01:27.861Z"}
{"@timestamp":"2022-09-14T13:05:07.982Z","@version":"1","message":"Sep 14 13:05:07 honeypot-sgp-1 sshd[13778]: Received disconnect from 105.28.108.165 port 56222:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:05:27.992Z","@version":"1","message":"Sep 14 13:05:27 honeypot-sgp-1 sshd[13782]: Received disconnect from 13.67.221.136 port 1024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:10:24 honeypot-ams-1 kernel: [84037607.948761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=50560 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:10:25.096Z"}
{"@timestamp":"2022-09-14T13:10:54.128Z","@version":"1","message":"Sep 14 13:10:54 honeypot-sgp-1 sshd[13789]: Received disconnect from 61.177.173.49 port 50750:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:12:12 honeypot-fra-1 sshd[9197]: Disconnected from invalid user l4d 165.22.45.108 port 48030 [preauth]","@timestamp":"2022-09-14T13:12:12.286Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:17:02.286Z","@version":"1","message":"Sep 14 13:17:01 honeypot-sgp-1 CRON[13794]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:17:01 honeypot-fra-1 CRON[9204]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T13:17:02.398Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:19:29 honeypot-ams-1 kernel: [84038152.326803] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1827 PROTO=TCP SPT=42989 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:19:29.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:21:02 honeypot-fra-1 kernel: [84036082.593401] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=50596 PROTO=TCP SPT=56061 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:21:02.488Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T13:22:00.411Z","@version":"1","message":"Sep 14 13:22:00 honeypot-sgp-1 kernel: [84037828.844741] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.214.43.215 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=59523 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:23:29 honeypot-ams-1 sshd[25269]: Disconnected from authenticating user root 188.166.114.8 port 33350 [preauth]","@timestamp":"2022-09-14T13:23:29.441Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:28:30 honeypot-ams-1 kernel: [84038693.143386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.112.169.248 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=22429 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:28:30.573Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:28:39 honeypot-fra-1 kernel: [84036539.678435] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.125.66.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=38482 PROTO=TCP SPT=47984 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:28:39.661Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T13:28:50.581Z","@version":"1","message":"Sep 14 13:28:50 honeypot-sgp-1 sshd[13806]: Received disconnect from 61.177.172.108 port 24354:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:07 honeypot-fra-1 sshd[9660]: Invalid user qsvr from 115.112.152.114 port 2030","@timestamp":"2022-09-14T13:31:07.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:31:17 honeypot-ams-1 sshd[25277]: Received disconnect from 103.137.75.79 port 44180:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:31:17.647Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:32 honeypot-fra-1 sshd[9664]: Invalid user user from 198.98.61.9 port 56932","@timestamp":"2022-09-14T13:31:32.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:50 honeypot-fra-1 sshd[9668]: Invalid user user from 198.98.61.9 port 51844","@timestamp":"2022-09-14T13:31:50.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:07 honeypot-fra-1 sshd[9672]: Invalid user user from 198.98.61.9 port 46760","@timestamp":"2022-09-14T13:32:07.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:34 honeypot-fra-1 sshd[9678]: Invalid user monitor from 159.65.98.176 port 58346","@timestamp":"2022-09-14T13:32:34.795Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:33:25.699Z","@version":"1","message":"Sep 14 13:33:25 honeypot-sgp-1 sshd[13811]: Disconnected from authenticating user root 92.255.85.69 port 31762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:35:13 honeypot-fra-1 sshd[9682]: Received disconnect from 61.177.173.51 port 24873:11:  [preauth]","@timestamp":"2022-09-14T13:35:14.856Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:35:58 honeypot-ams-1 sshd[25282]: Received disconnect from 117.161.75.116 port 59262:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:35:58.768Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:41:11 honeypot-ams-1 kernel: [84039454.404868] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=45310 DF PROTO=TCP SPT=54132 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:41:11.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:43:18 honeypot-fra-1 kernel: [84037418.742271] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=182.254.225.35 DST=165.22.82.222 LEN=60 TOS=0x08 PREC=0x00 TTL=42 ID=52411 DF PROTO=TCP SPT=55940 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:43:19.040Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T13:43:31.955Z","@version":"1","message":"Sep 14 13:43:31 honeypot-sgp-1 sshd[13820]: Invalid user insideout from 139.59.102.10 port 54578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:52 honeypot-fra-1 sshd[9694]: Invalid user user from 45.61.186.49 port 43112","@timestamp":"2022-09-14T13:44:53.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:03 honeypot-fra-1 sshd[9698]: Invalid user user from 45.61.186.49 port 54698","@timestamp":"2022-09-14T13:45:04.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:12 honeypot-fra-1 sshd[9702]: Received disconnect from 179.43.156.143 port 42930:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:45:13.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:46:31 honeypot-fra-1 sshd[9708]: Disconnected from authenticating user root 179.43.156.143 port 36078 [preauth]","@timestamp":"2022-09-14T13:46:32.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:48:29 honeypot-fra-1 sshd[9715]: Invalid user ossuser from 179.43.156.143 port 54010","@timestamp":"2022-09-14T13:48:30.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:49:22 honeypot-fra-1 sshd[9717]: Connection closed by 162.142.125.210 port 48364 [preauth]","@timestamp":"2022-09-14T13:49:23.192Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:50:27.148Z","@version":"1","message":"Sep 14 13:50:26 honeypot-sgp-1 kernel: [84039535.033404] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.9.150.141 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33909 PROTO=TCP SPT=44606 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:51:18 honeypot-fra-1 sshd[9727]: Disconnected from authenticating user root 179.43.156.143 port 40342 [preauth]","@timestamp":"2022-09-14T13:51:18.254Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:51:21.172Z","@version":"1","message":"Sep 14 13:51:21 honeypot-sgp-1 sshd[13833]: Connection closed by invalid user admin 178.128.125.205 port 63134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:53:20 honeypot-fra-1 sshd[9729]: Connection reset by 61.177.173.39 port 43133 [preauth]","@timestamp":"2022-09-14T13:53:20.304Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:54:40.258Z","@version":"1","message":"Sep 14 13:54:39 honeypot-sgp-1 sshd[13838]: Disconnected from invalid user ek 195.36.209.129 port 60788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:54:49 honeypot-ams-1 sshd[25291]: Connection closed by authenticating user root 103.188.176.251 port 50114 [preauth]","@timestamp":"2022-09-14T13:54:50.257Z"}
{"@timestamp":"2022-09-14T13:58:50.366Z","@version":"1","message":"Sep 14 13:58:50 honeypot-sgp-1 sshd[13844]: Disconnected from invalid user admin 138.197.97.211 port 55990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:00:01 honeypot-fra-1 sshd[9744]: Received disconnect from 92.255.85.69 port 19580:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:00:02.457Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:02:15 honeypot-ams-1 sshd[25296]: Received disconnect from 92.255.85.69 port 19882:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:02:15.456Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:02:41 honeypot-fra-1 sshd[9752]: Disconnected from authenticating user root 61.177.172.90 port 62732 [preauth]","@timestamp":"2022-09-14T14:02:42.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:13 honeypot-ams-1 sshd[25301]: Invalid user user from 45.61.186.49 port 56130","@timestamp":"2022-09-14T14:04:13.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:27 honeypot-ams-1 sshd[25305]: Invalid user user from 45.61.186.49 port 39672","@timestamp":"2022-09-14T14:04:27.519Z"}
{"@timestamp":"2022-09-14T14:07:30.583Z","@version":"1","message":"Sep 14 14:07:29 honeypot-sgp-1 sshd[13852]: Disconnected from authenticating user root 61.177.173.53 port 12276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:09:26 honeypot-fra-1 sshd[9757]: Disconnected from invalid user admin 91.240.118.222 port 7735 [preauth]","@timestamp":"2022-09-14T14:09:26.674Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:12:19 honeypot-ams-1 sshd[25310]: Received disconnect from 35.219.98.224 port 60792:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:12:19.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:17:01 honeypot-fra-1 CRON[9767]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T14:17:01.848Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:17:01 honeypot-ams-1 CRON[25317]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T14:17:01.854Z"}
{"@timestamp":"2022-09-14T14:17:09.817Z","@version":"1","message":"Sep 14 14:17:08 honeypot-sgp-1 sshd[13857]: Disconnected from 61.177.172.19 port 24373 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:20:53.906Z","@version":"1","message":"Sep 14 14:20:53 honeypot-sgp-1 sshd[13869]: Received disconnect from 92.255.85.69 port 28674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:20:56 honeypot-fra-1 sshd[9772]: Disconnected from authenticating user root 61.177.173.36 port 14753 [preauth]","@timestamp":"2022-09-14T14:20:56.936Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:23:54 honeypot-fra-1 sshd[9777]: Received disconnect from 92.255.85.69 port 60616:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:23:55.009Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:24:51.026Z","@version":"1","message":"Sep 14 14:24:50 honeypot-sgp-1 kernel: [84041598.749687] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34899 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:25:56.054Z","@version":"1","message":"Sep 14 14:25:55 honeypot-sgp-1 sshd[13881]: Did not receive identification string from 45.61.184.204 port 43418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:19.065Z","@version":"1","message":"Sep 14 14:26:18 honeypot-sgp-1 sshd[13884]: Disconnected from invalid user user 45.61.184.204 port 48344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:39.075Z","@version":"1","message":"Sep 14 14:26:38 honeypot-sgp-1 sshd[13888]: Disconnected from invalid user user 45.61.184.204 port 43480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:26:55 honeypot-ams-1 sshd[25328]: Did not receive identification string from 80.76.51.189 port 40984","@timestamp":"2022-09-14T14:26:56.110Z"}
{"@timestamp":"2022-09-14T14:26:57.084Z","@version":"1","message":"Sep 14 14:26:56 honeypot-sgp-1 sshd[13892]: Disconnected from invalid user user 45.61.184.204 port 38614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:28:12 honeypot-ams-1 sshd[25334]: Disconnected from authenticating user root 80.76.51.189 port 47080 [preauth]","@timestamp":"2022-09-14T14:28:13.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:29:31 honeypot-ams-1 sshd[25340]: Received disconnect from 80.76.51.189 port 55402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:29:32.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:30:24 honeypot-ams-1 sshd[25345]: Disconnected from authenticating user root 80.76.51.189 port 60990 [preauth]","@timestamp":"2022-09-14T14:30:25.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:30:39 honeypot-fra-1 sshd[9782]: Disconnected from authenticating user root 61.177.173.36 port 41730 [preauth]","@timestamp":"2022-09-14T14:30:40.161Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:31:46 honeypot-ams-1 sshd[25352]: Disconnected from authenticating user root 80.76.51.189 port 41114 [preauth]","@timestamp":"2022-09-14T14:31:47.249Z"}
{"@timestamp":"2022-09-14T14:32:18.223Z","@version":"1","message":"Sep 14 14:32:17 honeypot-sgp-1 sshd[13899]: Received disconnect from 61.177.172.124 port 13707:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:32:42 honeypot-ams-1 sshd[25356]: Disconnected from invalid user admin 80.76.51.189 port 46686 [preauth]","@timestamp":"2022-09-14T14:32:43.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:33:25 honeypot-fra-1 sshd[9788]: Disconnected from authenticating user root 14.102.154.66 port 43128 [preauth]","@timestamp":"2022-09-14T14:33:25.228Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:33:40 honeypot-ams-1 sshd[25361]: Disconnected from invalid user ansible 80.76.51.189 port 52258 [preauth]","@timestamp":"2022-09-14T14:33:41.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:34:38 honeypot-ams-1 sshd[25365]: Disconnected from invalid user ansible 80.76.51.189 port 57818 [preauth]","@timestamp":"2022-09-14T14:34:38.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:36:03 honeypot-ams-1 sshd[25371]: Received disconnect from 80.76.51.189 port 37940:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:36:04.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:37:02 honeypot-ams-1 sshd[25376]: Received disconnect from 80.76.51.189 port 43512:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:37:03.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9799]: Invalid user es from 185.209.179.41 port 58204","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9806]: Invalid user mcsv from 185.209.179.41 port 58188","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9812]: Invalid user admin from 185.209.179.41 port 58206","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9811]: Connection closed by invalid user bitwarden 185.209.179.41 port 58182 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9802]: Connection closed by invalid user ansible 185.209.179.41 port 58208 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9799]: Connection closed by invalid user es 185.209.179.41 port 58204 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9794]: Connection closed by invalid user esuser 185.209.179.41 port 58180 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9834]: Invalid user oracle from 185.209.179.41 port 58168","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9837]: Connection closed by invalid user es 185.209.179.41 port 58192 [preauth]","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:06 honeypot-fra-1 sshd[9850]: Connection closed by invalid user ansible 185.209.179.41 port 58218 [preauth]","@timestamp":"2022-09-14T14:37:07.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9852]: Connection closed by invalid user admin 185.209.179.41 port 58246 [preauth]","@timestamp":"2022-09-14T14:37:08.316Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:37:34.357Z","@version":"1","message":"Sep 14 14:37:34 honeypot-sgp-1 kernel: [84042362.826560] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=48614 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:38:33 honeypot-ams-1 sshd[25382]: Invalid user odoo from 80.76.51.189 port 51866","@timestamp":"2022-09-14T14:38:33.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:39:35 honeypot-ams-1 sshd[25386]: Disconnected from authenticating user root 80.76.51.189 port 57416 [preauth]","@timestamp":"2022-09-14T14:39:36.467Z"}
{"@timestamp":"2022-09-14T14:44:40.534Z","@version":"1","message":"Sep 14 14:44:40 honeypot-sgp-1 sshd[13910]: Disconnected from authenticating user root 92.255.85.70 port 34148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:45:12 honeypot-fra-1 sshd[9867]: Disconnected from authenticating user root 61.177.172.108 port 43369 [preauth]","@timestamp":"2022-09-14T14:45:12.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:47:19 honeypot-fra-1 sshd[9871]: Disconnected from authenticating user root 92.255.85.69 port 62378 [preauth]","@timestamp":"2022-09-14T14:47:20.576Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:47:58 honeypot-ams-1 sshd[25391]: Connection closed by invalid user  152.32.142.133 port 32086 [preauth]","@timestamp":"2022-09-14T14:47:59.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:48:02 honeypot-fra-1 sshd[9877]: Disconnected from invalid user l4d2server 165.22.45.108 port 57906 [preauth]","@timestamp":"2022-09-14T14:48:02.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:50:46 honeypot-fra-1 sshd[9886]: Disconnected from authenticating user root 14.140.95.157 port 58012 [preauth]","@timestamp":"2022-09-14T14:50:47.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:23 honeypot-ams-1 sshd[25398]: Disconnected from authenticating user root 109.205.213.23 port 55164 [preauth]","@timestamp":"2022-09-14T14:52:23.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:52:45 honeypot-fra-1 sshd[9892]: Disconnected from authenticating user root 66.154.107.48 port 51050 [preauth]","@timestamp":"2022-09-14T14:52:45.726Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:46 honeypot-ams-1 sshd[25404]: Disconnected from authenticating user root 109.205.213.23 port 42386 [preauth]","@timestamp":"2022-09-14T14:52:46.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:53:10 honeypot-ams-1 sshd[25410]: Disconnected from authenticating user root 109.205.213.23 port 57840 [preauth]","@timestamp":"2022-09-14T14:53:11.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:25 honeypot-ams-1 sshd[25416]: Disconnected from authenticating user root 109.205.213.23 port 59624 [preauth]","@timestamp":"2022-09-14T14:54:25.898Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:42 honeypot-ams-1 sshd[25420]: Disconnected from invalid user admin 109.205.213.23 port 60516 [preauth]","@timestamp":"2022-09-14T14:54:42.906Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:01:25 honeypot-fra-1 kernel: [84042105.809979] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x08 PREC=0x60 TTL=51 ID=39552 DF PROTO=TCP SPT=40576 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:01:25.922Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T15:03:50.998Z","@version":"1","message":"Sep 14 15:03:50 honeypot-sgp-1 sshd[13928]: Received disconnect from 170.106.167.158 port 59984:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:06:15.060Z","@version":"1","message":"Sep 14 15:06:14 honeypot-sgp-1 sshd[13932]: Disconnected from authenticating user root 61.177.173.53 port 60113 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:06:20 honeypot-ams-1 sshd[25425]: Invalid user oyn from 104.248.113.173 port 53094","@timestamp":"2022-09-14T15:06:21.209Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:07:02 honeypot-ams-1 kernel: [84044605.657969] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59507 PROTO=TCP SPT=47603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:07:03.229Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:09:37 honeypot-fra-1 sshd[9907]: Received disconnect from 61.177.173.35 port 34606:11:  [preauth]","@timestamp":"2022-09-14T15:09:38.108Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:15:58 honeypot-ams-1 kernel: [84045141.373641] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.214.43.215 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=55646 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:15:58.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:17:01 honeypot-fra-1 CRON[9914]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T15:17:02.276Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:17:02.342Z","@version":"1","message":"Sep 14 15:17:01 honeypot-sgp-1 CRON[13944]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:05 honeypot-ams-1 sshd[25438]: Invalid user user from 45.61.186.49 port 59954","@timestamp":"2022-09-14T15:21:05.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:15 honeypot-ams-1 sshd[25442]: Invalid user user from 45.61.186.49 port 43358","@timestamp":"2022-09-14T15:21:16.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:22:37 honeypot-fra-1 sshd[9923]: Received disconnect from 45.33.107.51 port 42158:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:22:37.408Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:23:47.509Z","@version":"1","message":"Sep 14 15:23:46 honeypot-sgp-1 sshd[13953]: Invalid user user from 45.61.186.49 port 57326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:23:58.516Z","@version":"1","message":"Sep 14 15:23:57 honeypot-sgp-1 sshd[13959]: Invalid user user from 45.61.186.49 port 40954","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:24:39.534Z","@version":"1","message":"Sep 14 15:24:39 honeypot-sgp-1 kernel: [84045187.581165] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24829 PROTO=TCP SPT=22362 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:24:43 honeypot-ams-1 kernel: [84045666.281422] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=47894 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:24:43.723Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:13 honeypot-fra-1 sshd[9931]: Received disconnect from 92.106.169.34 port 56852:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:26:13.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:47 honeypot-fra-1 sshd[9936]: Disconnected from authenticating user root 193.142.146.50 port 57844 [preauth]","@timestamp":"2022-09-14T15:26:47.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:27:53 honeypot-fra-1 sshd[9943]: Disconnected from authenticating user root 193.142.146.50 port 55404 [preauth]","@timestamp":"2022-09-14T15:27:53.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:28:25 honeypot-ams-1 kernel: [84045888.255251] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=47714 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:28:25.822Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:28:48 honeypot-fra-1 sshd[9949]: Disconnected from authenticating user root 193.142.146.50 port 52962 [preauth]","@timestamp":"2022-09-14T15:28:48.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:29:49 honeypot-fra-1 sshd[9957]: Disconnected from authenticating user root 61.177.173.50 port 22502 [preauth]","@timestamp":"2022-09-14T15:29:49.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:30:33 honeypot-fra-1 sshd[9961]: Disconnected from invalid user admin 193.142.146.50 port 58306 [preauth]","@timestamp":"2022-09-14T15:30:33.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:30:57.695Z","@version":"1","message":"Sep 14 15:30:56 honeypot-sgp-1 sshd[13974]: Received disconnect from 139.59.248.243 port 49466:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:31:27 honeypot-ams-1 sshd[25452]: Disconnected from authenticating user root 175.170.149.29 port 31440 [preauth]","@timestamp":"2022-09-14T15:31:27.902Z"}
{"@timestamp":"2022-09-14T15:33:35.758Z","@version":"1","message":"Sep 14 15:33:35 honeypot-sgp-1 sshd[13978]: Disconnected from invalid user friend 189.174.32.32 port 48600 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:34:12 honeypot-fra-1 sshd[9969]: Received disconnect from 92.255.85.69 port 17878:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:34:12.690Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:20 honeypot-ams-1 sshd[25459]: Did not receive identification string from 141.255.162.226 port 43110","@timestamp":"2022-09-14T15:37:21.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:41 honeypot-ams-1 sshd[25462]: Disconnected from invalid user user 141.255.162.226 port 52024 [preauth]","@timestamp":"2022-09-14T15:37:42.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:43 honeypot-ams-1 sshd[25466]: Disconnected from invalid user user 141.255.162.226 port 37952 [preauth]","@timestamp":"2022-09-14T15:37:44.069Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:38:11 honeypot-fra-1 sshd[9975]: Disconnected from authenticating user root 61.177.172.108 port 37655 [preauth]","@timestamp":"2022-09-14T15:38:11.779Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:38:37.882Z","@version":"1","message":"Sep 14 15:38:37 honeypot-sgp-1 sshd[13985]: Received disconnect from 61.177.172.124 port 20274:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:43:39.024Z","@version":"1","message":"Sep 14 15:43:38 honeypot-sgp-1 sshd[13990]: Invalid user aw from 37.110.25.185 port 54648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:43:53 honeypot-ams-1 kernel: [84046815.927413] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=25769 PROTO=TCP SPT=14940 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:43:53.227Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:48:14 honeypot-fra-1 sshd[9981]: Received disconnect from 61.177.173.36 port 35862:11:  [preauth]","@timestamp":"2022-09-14T15:48:15.005Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:48:24.136Z","@version":"1","message":"Sep 14 15:48:23 honeypot-sgp-1 sshd[13998]: Received disconnect from 159.223.179.50 port 43840:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:54:53.312Z","@version":"1","message":"Sep 14 15:54:52 honeypot-sgp-1 sshd[14005]: Disconnected from authenticating user root 92.255.85.69 port 31234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:56:48 honeypot-ams-1 kernel: [84047591.083548] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=190.224.242.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=15533 PROTO=TCP SPT=56891 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:56:48.564Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:57:42 honeypot-fra-1 sshd[9988]: Disconnected from authenticating user root 92.255.85.70 port 50664 [preauth]","@timestamp":"2022-09-14T15:57:43.230Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:01:14 honeypot-ams-1 sshd[25494]: Disconnected from invalid user admin 91.240.118.222 port 51422 [preauth]","@timestamp":"2022-09-14T16:01:14.679Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:04:33 honeypot-fra-1 kernel: [84045893.570735] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.168.16.46 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=7244 DF PROTO=TCP SPT=52727 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:04:34.378Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:05:17 honeypot-ams-1 sshd[25499]: Disconnected from invalid user iz 196.30.23.194 port 50680 [preauth]","@timestamp":"2022-09-14T16:05:17.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:06:31 honeypot-ams-1 sshd[25503]: Received disconnect from 187.200.175.193 port 56417:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:06:31.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:09:05 honeypot-ams-1 sshd[25507]: Invalid user test from 62.204.41.222 port 26334","@timestamp":"2022-09-14T16:09:05.887Z"}
{"@timestamp":"2022-09-14T16:09:38.663Z","@version":"1","message":"Sep 14 16:09:38 honeypot-sgp-1 sshd[14015]: Invalid user  from 31.184.198.71 port 23714","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:09:58.675Z","@version":"1","message":"Sep 14 16:09:58 honeypot-sgp-1 sshd[14019]: Disconnecting invalid user cameras 31.184.198.71 port 2054: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:25.689Z","@version":"1","message":"Sep 14 16:10:24 honeypot-sgp-1 sshd[14025]: Disconnecting invalid user  31.184.198.71 port 18898: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:45.699Z","@version":"1","message":"Sep 14 16:10:44 honeypot-sgp-1 sshd[14031]: Disconnecting invalid user admin 31.184.198.71 port 56080: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:26.719Z","@version":"1","message":"Sep 14 16:11:25 honeypot-sgp-1 sshd[14039]: Invalid user 1234 from 31.184.198.71 port 33807","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:44.729Z","@version":"1","message":"Sep 14 16:11:43 honeypot-sgp-1 sshd[14043]: Disconnecting invalid user araknis 31.184.198.71 port 4941: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:18.745Z","@version":"1","message":"Sep 14 16:12:17 honeypot-sgp-1 sshd[14052]: Invalid user Admin from 31.184.198.71 port 32631","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:28.751Z","@version":"1","message":"Sep 14 16:12:28 honeypot-sgp-1 sshd[14054]: Disconnecting invalid user blank 31.184.198.71 port 32087: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:40.758Z","@version":"1","message":"Sep 14 16:12:40 honeypot-sgp-1 sshd[14062]: Invalid user user from 45.61.184.204 port 39534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:50.763Z","@version":"1","message":"Sep 14 16:12:50 honeypot-sgp-1 sshd[14066]: Received disconnect from 45.61.184.204 port 51152:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:59.768Z","@version":"1","message":"Sep 14 16:12:59 honeypot-sgp-1 sshd[14070]: Disconnected from invalid user user 45.61.184.204 port 34582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:14.776Z","@version":"1","message":"Sep 14 16:13:14 honeypot-sgp-1 sshd[14076]: Disconnecting invalid user  31.184.198.71 port 28390: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:29.784Z","@version":"1","message":"Sep 14 16:13:29 honeypot-sgp-1 sshd[14082]: Invalid user cisco from 31.184.198.71 port 58596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:50.795Z","@version":"1","message":"Sep 14 16:13:49 honeypot-sgp-1 sshd[14088]: Disconnecting authenticating user root 31.184.198.71 port 14263: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:18.810Z","@version":"1","message":"Sep 14 16:14:18 honeypot-sgp-1 sshd[14094]: Disconnecting invalid user adslroot 31.184.198.71 port 35342: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:46.825Z","@version":"1","message":"Sep 14 16:14:46 honeypot-sgp-1 sshd[14101]: Disconnecting invalid user blank 31.184.198.71 port 37032: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:17.840Z","@version":"1","message":"Sep 14 16:15:17 honeypot-sgp-1 sshd[14109]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 31235","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:46.855Z","@version":"1","message":"Sep 14 16:15:45 honeypot-sgp-1 sshd[14114]: Disconnecting invalid user c1@r0 31.184.198.71 port 21115: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:54 honeypot-ams-1 sshd[25514]: Received disconnect from 191.49.65.97 port 42949:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:15:55.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:59 honeypot-ams-1 sshd[25518]: Disconnected from authenticating user root 191.49.65.97 port 43140 [preauth]","@timestamp":"2022-09-14T16:16:00.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:07 honeypot-ams-1 sshd[25524]: Disconnected from authenticating user root 191.49.65.97 port 43339 [preauth]","@timestamp":"2022-09-14T16:16:08.069Z"}
{"@timestamp":"2022-09-14T16:16:14.870Z","@version":"1","message":"Sep 14 16:16:14 honeypot-sgp-1 sshd[14121]: Invalid user superonline from 31.184.198.71 port 16169","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:19 honeypot-ams-1 sshd[25530]: Received disconnect from 191.49.65.97 port 43617:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:20.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:31 honeypot-ams-1 sshd[25536]: Received disconnect from 191.49.65.97 port 43841:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:32.082Z"}
{"@timestamp":"2022-09-14T16:16:43.885Z","@version":"1","message":"Sep 14 16:16:43 honeypot-sgp-1 sshd[14127]: Invalid user Admin from 31.184.198.71 port 45935","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:43 honeypot-ams-1 sshd[25542]: Received disconnect from 191.49.65.97 port 44151:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:44.089Z"}
{"@timestamp":"2022-09-14T16:17:02.895Z","@version":"1","message":"Sep 14 16:17:02 honeypot-sgp-1 sshd[14131]: Invalid user admin from 31.184.198.71 port 14025","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:17:32.911Z","@version":"1","message":"Sep 14 16:17:32 honeypot-sgp-1 sshd[14140]: Invalid user matrix from 31.184.198.71 port 53753","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:00.925Z","@version":"1","message":"Sep 14 16:18:00 honeypot-sgp-1 sshd[14146]: Invalid user motorola from 31.184.198.71 port 47503","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:22.935Z","@version":"1","message":"Sep 14 16:18:22 honeypot-sgp-1 sshd[14150]: Invalid user blank from 31.184.198.71 port 40308","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:46.948Z","@version":"1","message":"Sep 14 16:18:46 honeypot-sgp-1 sshd[14159]: Invalid user airlive from 31.184.198.71 port 20698","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:18:46 honeypot-ams-1 sshd[25549]: Invalid user admin from 162.241.222.29 port 49682","@timestamp":"2022-09-14T16:18:47.144Z"}
{"@timestamp":"2022-09-14T16:19:18.964Z","@version":"1","message":"Sep 14 16:19:18 honeypot-sgp-1 sshd[14165]: Invalid user roqos from 31.184.198.71 port 64161","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:38.974Z","@version":"1","message":"Sep 14 16:19:38 honeypot-sgp-1 sshd[14171]: Invalid user sitecom from 31.184.198.71 port 1838","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:59.986Z","@version":"1","message":"Sep 14 16:19:59 honeypot-sgp-1 sshd[14178]: Invalid user admin from 31.184.198.71 port 62457","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:23.998Z","@version":"1","message":"Sep 14 16:20:23 honeypot-sgp-1 sshd[14182]: Disconnecting invalid user highspeed 31.184.198.71 port 14427: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:20:42 honeypot-fra-1 sshd[10001]: Disconnected from authenticating user root 92.255.85.70 port 61344 [preauth]","@timestamp":"2022-09-14T16:20:42.738Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:20:44.009Z","@version":"1","message":"Sep 14 16:20:43 honeypot-sgp-1 sshd[14189]: Invalid user  from 31.184.198.71 port 15632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:12.023Z","@version":"1","message":"Sep 14 16:21:11 honeypot-sgp-1 sshd[14195]: Invalid user public from 31.184.198.71 port 47091","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:40.037Z","@version":"1","message":"Sep 14 16:21:39 honeypot-sgp-1 sshd[14201]: Disconnecting authenticating user root 31.184.198.71 port 11925: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:15.054Z","@version":"1","message":"Sep 14 16:22:14 honeypot-sgp-1 sshd[14208]: Invalid user amdin from 31.184.198.71 port 62665","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:22:28 honeypot-ams-1 kernel: [84049131.453428] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.196.66.42 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=36745 PROTO=TCP SPT=61780 DPT=80 WINDOW=45084 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:22:29.239Z"}
{"@timestamp":"2022-09-14T16:22:45.070Z","@version":"1","message":"Sep 14 16:22:44 honeypot-sgp-1 sshd[14214]: Invalid user admin from 31.184.198.71 port 55343","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:23:23.088Z","@version":"1","message":"Sep 14 16:23:22 honeypot-sgp-1 sshd[14221]: Invalid user admin from 31.184.198.71 port 45803","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:23:56.105Z","@version":"1","message":"Sep 14 16:23:55 honeypot-sgp-1 sshd[14227]: Invalid user 1admin0 from 31.184.198.71 port 33175","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:28:18 honeypot-ams-1 sshd[25559]: Disconnected from invalid user admin 161.35.127.34 port 48130 [preauth]","@timestamp":"2022-09-14T16:28:19.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:28:38 honeypot-fra-1 kernel: [84047337.903562] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.151 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=65340 PROTO=TCP SPT=52430 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:28:38.918Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:29:25.256Z","@version":"1","message":"Sep 14 16:29:24 honeypot-sgp-1 kernel: [84049073.330141] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.155.88.234 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=61496 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:33:43 honeypot-ams-1 sshd[25564]: Disconnected from invalid user worker 14.225.198.182 port 36892 [preauth]","@timestamp":"2022-09-14T16:33:43.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:35:52 honeypot-fra-1 sshd[10012]: Connection closed by 114.35.235.34 port 33411 [preauth]","@timestamp":"2022-09-14T16:35:52.084Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:39:03 honeypot-ams-1 kernel: [84050126.468102] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.156.73.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=65092 PROTO=TCP SPT=59192 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:39:03.665Z"}
{"@timestamp":"2022-09-14T16:41:20.537Z","@version":"1","message":"Sep 14 16:41:20 honeypot-sgp-1 sshd[14237]: Disconnected from authenticating user root 92.255.85.69 port 55582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:51:20 honeypot-fra-1 kernel: [84048700.610747] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=58742 DF PROTO=TCP SPT=56228 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:51:21.434Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:52:29.810Z","@version":"1","message":"Sep 14 16:52:29 honeypot-sgp-1 sshd[14242]: Received disconnect from 193.142.146.50 port 56258:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:53:05.828Z","@version":"1","message":"Sep 14 16:53:05 honeypot-sgp-1 sshd[14248]: Received disconnect from 193.142.146.50 port 52288:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:54:29.866Z","@version":"1","message":"Sep 14 16:54:29 honeypot-sgp-1 sshd[14255]: Received disconnect from 193.142.146.50 port 48314:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:55:08.885Z","@version":"1","message":"Sep 14 16:55:08 honeypot-sgp-1 sshd[14261]: Received disconnect from 193.142.146.50 port 44344:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:55:15 honeypot-ams-1 kernel: [84051098.026034] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5836 PROTO=TCP SPT=11123 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:55:16.076Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:15 honeypot-fra-1 sshd[10020]: Received disconnect from 45.61.186.49 port 55076:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T16:55:16.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:25 honeypot-fra-1 sshd[10024]: Received disconnect from 45.61.186.49 port 38134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T16:55:25.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:56:12.914Z","@version":"1","message":"Sep 14 16:56:12 honeypot-sgp-1 sshd[14267]: Invalid user test from 193.142.146.50 port 51108","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:59:05 honeypot-fra-1 kernel: [84049165.556572] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.6 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=55330 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:59:06.634Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T17:05:11.125Z","@version":"1","message":"Sep 14 17:05:10 honeypot-sgp-1 sshd[14272]: Received disconnect from 92.255.85.69 port 32218:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:30 honeypot-fra-1 sshd[10032]: Invalid user user from 45.61.187.160 port 52154","@timestamp":"2022-09-14T17:05:30.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:49 honeypot-fra-1 sshd[10036]: Invalid user user from 45.61.187.160 port 46660","@timestamp":"2022-09-14T17:05:49.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:06:06 honeypot-fra-1 sshd[10041]: Invalid user user from 45.61.187.160 port 41186","@timestamp":"2022-09-14T17:06:06.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:07:30 honeypot-fra-1 sshd[10045]: Received disconnect from 92.255.85.69 port 37508:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:07:30.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:08:14 honeypot-ams-1 kernel: [84051877.238619] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.23.148.223 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:08:14.411Z"}
{"@timestamp":"2022-09-14T17:08:56.218Z","@version":"1","message":"Sep 14 17:08:55 honeypot-sgp-1 sshd[14278]: Received disconnect from 109.205.213.23 port 51068:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:11.225Z","@version":"1","message":"Sep 14 17:09:10 honeypot-sgp-1 sshd[14285]: Received disconnect from 109.205.213.23 port 52384:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:27.233Z","@version":"1","message":"Sep 14 17:09:27 honeypot-sgp-1 sshd[14289]: Disconnected from authenticating user root 109.205.213.23 port 53700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:10:15 honeypot-ams-1 sshd[25582]: Invalid user odoo from 192.241.243.84 port 36810","@timestamp":"2022-09-14T17:10:15.465Z"}
{"@timestamp":"2022-09-14T17:10:45.267Z","@version":"1","message":"Sep 14 17:10:44 honeypot-sgp-1 sshd[14296]: Disconnected from authenticating user root 109.205.213.23 port 56332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:11:12.280Z","@version":"1","message":"Sep 14 17:11:11 honeypot-sgp-1 sshd[14302]: Invalid user admin from 109.205.213.23 port 44190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:11:51 honeypot-fra-1 kernel: [84049931.678355] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47233 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:11:52.931Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:13:35 honeypot-ams-1 sshd[25587]: Invalid user qhsupport from 162.19.64.34 port 37500","@timestamp":"2022-09-14T17:13:35.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:15:05 honeypot-ams-1 sshd[25591]: Received disconnect from 51.83.131.123 port 53616:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:15:06.591Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:17:01 honeypot-fra-1 CRON[10055]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T17:17:02.051Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:17:02.423Z","@version":"1","message":"Sep 14 17:17:01 honeypot-sgp-1 CRON[14307]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:19:08 honeypot-ams-1 kernel: [84052530.884724] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.23.148.223 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=131 ID=45093 PROTO=TCP SPT=46117 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:19:08.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:30 honeypot-ams-1 sshd[25599]: Disconnected from invalid user user 198.98.61.9 port 33496 [preauth]","@timestamp":"2022-09-14T17:22:30.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:48 honeypot-ams-1 sshd[25603]: Disconnected from invalid user user 198.98.61.9 port 56010 [preauth]","@timestamp":"2022-09-14T17:22:48.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:06 honeypot-ams-1 sshd[25607]: Disconnected from invalid user user 198.98.61.9 port 50276 [preauth]","@timestamp":"2022-09-14T17:23:06.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:23 honeypot-ams-1 sshd[25611]: Disconnected from invalid user user 198.98.61.9 port 44546 [preauth]","@timestamp":"2022-09-14T17:23:23.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:24:38 honeypot-fra-1 sshd[10059]: Received disconnect from 107.175.150.83 port 53320:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:24:38.225Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:27:10.662Z","@version":"1","message":"Sep 14 17:27:10 honeypot-sgp-1 kernel: [84052538.865694] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=239 ID=6822 PROTO=TCP SPT=56372 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:27:10 honeypot-fra-1 sshd[10063]: Disconnected from authenticating user root 206.81.9.31 port 22220 [preauth]","@timestamp":"2022-09-14T17:27:11.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:28:55 honeypot-fra-1 sshd[10070]: Invalid user user from 45.61.184.204 port 47670","@timestamp":"2022-09-14T17:28:56.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:13 honeypot-fra-1 sshd[10074]: Invalid user user from 45.61.184.204 port 42244","@timestamp":"2022-09-14T17:29:14.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:27 honeypot-fra-1 sshd[10078]: Received disconnect from 68.183.212.10 port 39350:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:29:28.344Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:40 honeypot-fra-1 sshd[10082]: Received disconnect from 45.61.184.204 port 48238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:29:41.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:30:15 honeypot-ams-1 sshd[25619]: Received disconnect from 159.65.91.105 port 41716:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:30:15.984Z"}
{"@timestamp":"2022-09-14T17:34:45.843Z","@version":"1","message":"Sep 14 17:34:45 honeypot-sgp-1 sshd[14316]: Received disconnect from 190.64.136.124 port 42451:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:34:55 honeypot-ams-1 sshd[25624]: Disconnected from invalid user monitor 152.32.229.160 port 64096 [preauth]","@timestamp":"2022-09-14T17:34:56.102Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:37:23 honeypot-fra-1 kernel: [84051463.608561] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.227.97.195 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=64707 DF PROTO=TCP SPT=50094 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:37:24.525Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:41:55 honeypot-fra-1 sshd[10092]: Received disconnect from 122.53.86.126 port 52206:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:41:55.633Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:42:57 honeypot-fra-1 kernel: [84051797.282664] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=28745 PROTO=TCP SPT=57137 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:42:57.659Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:45:48 honeypot-ams-1 kernel: [84054131.468467] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.154.242.150 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=47770 PROTO=TCP SPT=55509 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:45:49.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:49:14 honeypot-fra-1 sshd[10102]: Invalid user seafile from 20.126.126.43 port 41826","@timestamp":"2022-09-14T17:49:14.804Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:49:48.194Z","@version":"1","message":"Sep 14 17:49:47 honeypot-sgp-1 kernel: [84053895.911487] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18200 PROTO=TCP SPT=57464 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:52:11 honeypot-fra-1 kernel: [84052350.795729] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=54.185.167.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=220 ID=62336 PROTO=TCP SPT=57807 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:52:11.873Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:56:14 honeypot-fra-1 kernel: [84052593.951864] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.136.198 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16581 PROTO=TCP SPT=51177 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:56:14.966Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:01:05 honeypot-ams-1 kernel: [84055048.683263] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=23401 PROTO=TCP SPT=45030 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:01:06.775Z"}
{"@timestamp":"2022-09-14T18:02:16.486Z","@version":"1","message":"Sep 14 18:02:15 honeypot-sgp-1 kernel: [84054643.867922] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=13161 PROTO=TCP SPT=58403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:02:40 honeypot-fra-1 sshd[10114]: Received disconnect from 186.109.86.184 port 48116:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:02:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:05:36 honeypot-fra-1 sshd[10118]: Connection closed by invalid user pi 78.43.206.165 port 48734 [preauth]","@timestamp":"2022-09-14T18:05:37.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:07:20 honeypot-ams-1 kernel: [84055423.049864] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49608 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:07:20.941Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:08:01 honeypot-fra-1 sshd[10124]: Disconnected from authenticating user root 181.115.156.59 port 48796 [preauth]","@timestamp":"2022-09-14T18:08:02.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:10:12 honeypot-fra-1 kernel: [84053432.597260] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=47481 DPT=389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:10:13.291Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:11:52 honeypot-fra-1 sshd[10133]: Invalid user oracle from 170.210.203.212 port 56870","@timestamp":"2022-09-14T18:11:53.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T18:12:07.149Z","@version":"1","message":"Sep 14 18:12:06 honeypot-sgp-1 kernel: [84055234.906983] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.158.113.63 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=32629 PROTO=TCP SPT=51642 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:16:14 honeypot-ams-1 kernel: [84055957.781637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.133.75 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=19838 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:16:15.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:17:48 honeypot-fra-1 sshd[10142]: Received disconnect from 92.255.85.69 port 34528:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:17:48.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:20:44 honeypot-fra-1 sshd[10147]: Received disconnect from 165.22.3.63 port 56592:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:20:44.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:25:12 honeypot-ams-1 kernel: [84056495.456018] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=68.183.119.187 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39017 PROTO=TCP SPT=51183 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:25:13.401Z"}
{"@timestamp":"2022-09-14T18:26:57.497Z","@version":"1","message":"Sep 14 18:26:57 honeypot-sgp-1 sshd[14337]: Invalid user odoo from 185.143.45.150 port 58748","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T18:31:14.601Z","@version":"1","message":"Sep 14 18:31:14 honeypot-sgp-1 kernel: [84056382.510417] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=69.164.214.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=46378 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:31:59 honeypot-fra-1 kernel: [84054739.526610] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.212 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38046 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:32:00.790Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:39:36 honeypot-ams-1 sshd[25651]: Did not receive identification string from 80.76.51.45 port 33894","@timestamp":"2022-09-14T18:39:37.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:31 honeypot-ams-1 sshd[25656]: Invalid user test from 80.76.51.45 port 59330","@timestamp":"2022-09-14T18:40:31.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:00 honeypot-ams-1 sshd[25660]: Disconnected from authenticating user root 80.76.51.45 port 58064 [preauth]","@timestamp":"2022-09-14T18:41:00.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:43 honeypot-ams-1 sshd[25666]: Disconnected from authenticating user root 80.76.51.45 port 41832 [preauth]","@timestamp":"2022-09-14T18:41:43.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:42:05 honeypot-fra-1 sshd[10157]: Received disconnect from 200.54.189.102 port 43340:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:42:06.019Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:26 honeypot-ams-1 sshd[25672]: Disconnected from authenticating user root 80.76.51.45 port 53826 [preauth]","@timestamp":"2022-09-14T18:42:26.883Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:55 honeypot-ams-1 sshd[25676]: Disconnected from invalid user git 80.76.51.45 port 52664 [preauth]","@timestamp":"2022-09-14T18:42:55.897Z"}
{"@timestamp":"2022-09-14T18:44:30.913Z","@version":"1","message":"Sep 14 18:44:30 honeypot-sgp-1 kernel: [84057178.999696] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=239 ID=11030 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:46:54 honeypot-ams-1 kernel: [84057797.481710] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.212.158.233 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=21820 PROTO=TCP SPT=14310 DPT=443 WINDOW=32679 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:46:55.005Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:48:04 honeypot-fra-1 sshd[10160]: Disconnected from authenticating user root 154.92.23.239 port 42000 [preauth]","@timestamp":"2022-09-14T18:48:05.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:52:53 honeypot-fra-1 kernel: [84055993.451451] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=36624 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:52:54.294Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:16 honeypot-ams-1 sshd[25684]: Did not receive identification string from 80.76.51.46 port 58560","@timestamp":"2022-09-14T18:53:17.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:42 honeypot-ams-1 sshd[25689]: Disconnected from authenticating user root 80.76.51.46 port 41830 [preauth]","@timestamp":"2022-09-14T18:53:43.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:12 honeypot-ams-1 sshd[25696]: Received disconnect from 80.76.51.46 port 52500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:13.234Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:15 honeypot-ams-1 sshd[25700]: Received disconnect from 141.255.162.226 port 46228:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:16.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:21 honeypot-ams-1 sshd[25704]: Received disconnect from 141.255.162.226 port 54572:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:22.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:22 honeypot-ams-1 sshd[25708]: Received disconnect from 141.255.162.226 port 43022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:23.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:24 honeypot-ams-1 sshd[25712]: Disconnected from invalid user user 141.255.162.226 port 51358 [preauth]","@timestamp":"2022-09-14T18:54:24.241Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:54 honeypot-ams-1 sshd[25718]: Disconnected from authenticating user root 80.76.51.46 port 38538 [preauth]","@timestamp":"2022-09-14T18:54:54.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:54:55 honeypot-fra-1 sshd[10169]: Received disconnect from 73.52.12.202 port 46530:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:54:56.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:26 honeypot-ams-1 sshd[25724]: Invalid user admin from 80.76.51.46 port 49212","@timestamp":"2022-09-14T18:55:27.275Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:57:37 honeypot-ams-1 sshd[25728]: Connection closed by invalid user user1 103.188.176.251 port 53660 [preauth]","@timestamp":"2022-09-14T18:57:37.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:57:39 honeypot-fra-1 kernel: [84056279.414707] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.97.244 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=39826 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:57:40.407Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T19:01:50.312Z","@version":"1","message":"Sep 14 19:01:50 honeypot-sgp-1 sshd[14361]: Disconnected from invalid user qq 112.137.140.40 port 46294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:04:22 honeypot-fra-1 sshd[10178]: Received disconnect from 92.255.85.69 port 36538:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:04:22.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:07:15 honeypot-ams-1 sshd[25732]: Disconnected from authenticating user root 92.255.85.69 port 57728 [preauth]","@timestamp":"2022-09-14T19:07:15.581Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10187]: Invalid user mcsrv from 43.138.12.15 port 44030","@timestamp":"2022-09-14T19:07:59.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10216]: Invalid user minecraft from 43.138.12.15 port 44055","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10203]: Connection closed by invalid user user 43.138.12.15 port 44064 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10186]: Invalid user user from 43.138.12.15 port 44062","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10194]: Invalid user ts3server from 43.138.12.15 port 44060","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10192]: Invalid user vagrant from 43.138.12.15 port 44058","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10214]: Invalid user teamspeak from 43.138.12.15 port 44036","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10191]: Connection closed by invalid user elasticsearch 43.138.12.15 port 44054 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10194]: Connection closed by invalid user ts3server 43.138.12.15 port 44060 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10209]: Connection closed by invalid user postgres 43.138.12.15 port 44044 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:09:12.491Z","@version":"1","message":"Sep 14 19:09:12 honeypot-sgp-1 sshd[14366]: Disconnected from invalid user dmz 139.99.88.110 port 55962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:09:44 honeypot-fra-1 kernel: [84057003.545452] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.194.31 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60787 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:09:44.689Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:12:47 honeypot-ams-1 kernel: [84059350.324261] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=134.122.47.156 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58153 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:12:47.729Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:21:33 honeypot-ams-1 kernel: [84059876.636137] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.57.122.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=10682 PROTO=TCP SPT=43098 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:21:33.976Z"}
{"@timestamp":"2022-09-14T19:24:20.854Z","@version":"1","message":"Sep 14 19:24:20 honeypot-sgp-1 sshd[14373]: Invalid user es from 103.188.176.251 port 38022","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:26:53.937Z","@version":"1","message":"Sep 14 19:26:53 honeypot-sgp-1 sshd[14379]: Invalid user zn from 47.250.47.151 port 48868","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:27:59 honeypot-fra-1 sshd[10350]: Disconnected from authenticating user root 92.255.85.69 port 41508 [preauth]","@timestamp":"2022-09-14T19:27:59.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:29:18.996Z","@version":"1","message":"Sep 14 19:29:18 honeypot-sgp-1 kernel: [84059866.292334] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54480 PROTO=TCP SPT=44853 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:30:22 honeypot-ams-1 sshd[25746]: Disconnected from authenticating user root 92.255.85.69 port 54462 [preauth]","@timestamp":"2022-09-14T19:30:23.207Z"}
{"@timestamp":"2022-09-14T19:32:48.083Z","@version":"1","message":"Sep 14 19:32:47 honeypot-sgp-1 kernel: [84060075.532912] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.116.48.39 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=40699 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:34:03 honeypot-fra-1 sshd[10353]: Connection closed by invalid user tomcat 193.106.191.157 port 53058 [preauth]","@timestamp":"2022-09-14T19:34:04.241Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:42:20 honeypot-ams-1 kernel: [84061123.406796] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51075 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:42:21.512Z"}
{"@timestamp":"2022-09-14T19:46:09.403Z","@version":"1","message":"Sep 14 19:46:09 honeypot-sgp-1 sshd[14395]: Received disconnect from 128.199.90.73 port 44740:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:46:15.407Z","@version":"1","message":"Sep 14 19:46:14 honeypot-sgp-1 sshd[14399]: Disconnected from authenticating user root 162.19.26.39 port 59568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:50:00 honeypot-fra-1 sshd[10362]: Invalid user den from 115.36.144.104 port 40272","@timestamp":"2022-09-14T19:50:01.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:51:06 honeypot-ams-1 sshd[25754]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-14T19:51:06.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:09 honeypot-fra-1 sshd[10366]: Disconnected from authenticating user root 135.125.107.159 port 46938 [preauth]","@timestamp":"2022-09-14T19:53:10.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10391]: Invalid user testuser from 45.127.108.174 port 54222","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10390]: Invalid user admin from 45.127.108.174 port 54214","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10398]: Invalid user mysql from 45.127.108.174 port 54252","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10378]: Connection closed by authenticating user root 45.127.108.174 port 54258 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10382]: Connection closed by authenticating user root 45.127.108.174 port 54198 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10390]: Connection closed by invalid user admin 45.127.108.174 port 54214 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10369]: Connection closed by invalid user devops 45.127.108.174 port 54192 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:54 honeypot-fra-1 sshd[10400]: Connection closed by authenticating user root 45.127.108.174 port 54208 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:01:15.767Z","@version":"1","message":"Sep 14 20:01:14 honeypot-sgp-1 kernel: [84061783.206980] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.175.70.147 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=53760 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:10:03 honeypot-ams-1 sshd[25762]: Invalid user tomcat from 193.106.191.157 port 47474","@timestamp":"2022-09-14T20:10:04.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:10:26 honeypot-fra-1 sshd[10434]: Disconnected from authenticating user root 143.198.168.31 port 50280 [preauth]","@timestamp":"2022-09-14T20:10:26.059Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:11:48.020Z","@version":"1","message":"Sep 14 20:11:47 honeypot-sgp-1 sshd[14410]: Received disconnect from 92.255.85.70 port 25066:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:30.063Z","@version":"1","message":"Sep 14 20:13:29 honeypot-sgp-1 sshd[14414]: Disconnected from invalid user user 141.255.162.226 port 33494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:31.065Z","@version":"1","message":"Sep 14 20:13:30 honeypot-sgp-1 sshd[14418]: Disconnected from invalid user user 141.255.162.226 port 49670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:36.067Z","@version":"1","message":"Sep 14 20:13:35 honeypot-sgp-1 sshd[14423]: Received disconnect from 141.255.162.226 port 57762:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:38.068Z","@version":"1","message":"Sep 14 20:13:37 honeypot-sgp-1 sshd[14427]: Received disconnect from 141.255.162.226 port 53820:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:53.076Z","@version":"1","message":"Sep 14 20:13:52 honeypot-sgp-1 sshd[14431]: Connection closed by invalid user admin 220.135.177.191 port 47347 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:58.078Z","@version":"1","message":"Sep 14 20:13:57 honeypot-sgp-1 sshd[14435]: Disconnected from invalid user user 45.61.186.49 port 42876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:14:44 honeypot-fra-1 sshd[10440]: Disconnected from invalid user chase 103.2.135.19 port 39428 [preauth]","@timestamp":"2022-09-14T20:14:45.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:17:01 honeypot-fra-1 CRON[10445]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T20:17:02.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:17:02.154Z","@version":"1","message":"Sep 14 20:17:01 honeypot-sgp-1 CRON[14441]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:17:21 honeypot-ams-1 sshd[25768]: Received disconnect from 92.255.85.70 port 23228:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:17:21.444Z"}
{"@timestamp":"2022-09-14T20:22:02.276Z","@version":"1","message":"Sep 14 20:22:01 honeypot-sgp-1 sshd[14447]: Received disconnect from 210.4.123.219 port 43945:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:28:24 honeypot-ams-1 sshd[25773]: Invalid user remnux from 128.199.22.126 port 57474","@timestamp":"2022-09-14T20:28:24.733Z"}
{"@timestamp":"2022-09-14T20:28:47.442Z","@version":"1","message":"Sep 14 20:28:46 honeypot-sgp-1 kernel: [84063434.783435] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=38112 PROTO=TCP SPT=47184 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:30:05 honeypot-fra-1 kernel: [84061825.219172] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.178.84.183 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55842 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:30:06.507Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:30:41 honeypot-ams-1 sshd[25777]: Received disconnect from 64.227.126.250 port 33386:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:30:41.795Z"}
{"@timestamp":"2022-09-14T20:34:57.595Z","@version":"1","message":"Sep 14 20:34:57 honeypot-sgp-1 sshd[14453]: Disconnected from authenticating user root 92.255.85.69 port 34312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:42.820Z","@version":"1","message":"Sep 14 20:36:42 honeypot-sgp-1 sshd[14459]: Received disconnect from 141.255.162.226 port 33322:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:45.822Z","@version":"1","message":"Sep 14 20:36:44 honeypot-sgp-1 sshd[14463]: Received disconnect from 141.255.162.226 port 41750:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:48.824Z","@version":"1","message":"Sep 14 20:36:48 honeypot-sgp-1 sshd[14467]: Connection closed by invalid user user 141.255.162.226 port 58616 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:37:44 honeypot-fra-1 sshd[10454]: Disconnected from authenticating user root 92.255.85.70 port 33976 [preauth]","@timestamp":"2022-09-14T20:37:44.680Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:38:04 honeypot-ams-1 kernel: [84064467.570344] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=202.164.131.68 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=33137 DF PROTO=TCP SPT=39059 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:38:04.991Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:47:15 honeypot-ams-1 kernel: [84065018.467487] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.200.31.222 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=51230 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:47:16.236Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:52:17 honeypot-ams-1 kernel: [84065320.128575] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52819 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:52:18.370Z"}
{"@timestamp":"2022-09-14T20:54:47.238Z","@version":"1","message":"Sep 14 20:54:46 honeypot-sgp-1 sshd[14472]: Received disconnect from 107.173.209.238 port 59402:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:59:09 honeypot-fra-1 kernel: [84063568.950528] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.227.219.234 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24114 PROTO=TCP SPT=47992 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:59:10.160Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T20:59:46.354Z","@version":"1","message":"Sep 14 20:59:46 honeypot-sgp-1 sshd[14479]: Received disconnect from 206.189.136.28 port 40144:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:01:58 honeypot-fra-1 kernel: [84063737.547693] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=27496 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:01:59.226Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:02:43 honeypot-ams-1 kernel: [84065946.423190] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=53675 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:02:44.643Z"}
{"@timestamp":"2022-09-14T21:05:40.491Z","@version":"1","message":"Sep 14 21:05:40 honeypot-sgp-1 kernel: [84065648.414434] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=218.95.234.41 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=49288 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:02 honeypot-fra-1 sshd[10469]: Connection closed by invalid user elasticsearch 43.138.12.15 port 55904 [preauth]","@timestamp":"2022-09-14T21:08:03.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10477]: Invalid user user from 43.138.12.15 port 55942","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10482]: Invalid user mcsrv from 43.138.12.15 port 55908","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10494]: Invalid user hduser from 43.138.12.15 port 55972","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10477]: Connection closed by invalid user user 43.138.12.15 port 55942 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10484]: Connection closed by invalid user admin 43.138.12.15 port 55946 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10492]: Invalid user admin from 43.138.12.15 port 55914","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10492]: Connection closed by invalid user admin 43.138.12.15 port 55914 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10487]: Connection closed by invalid user esuser 43.138.12.15 port 55932 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10496]: Connection closed by invalid user mcserv 43.138.12.15 port 55968 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10491]: Connection closed by invalid user elastic 43.138.12.15 port 55970 [preauth]","@timestamp":"2022-09-14T21:08:07.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T21:09:32.580Z","@version":"1","message":"Sep 14 21:09:32 honeypot-sgp-1 kernel: [84065880.340898] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=19564 DF PROTO=TCP SPT=45570 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T21:10:58.616Z","@version":"1","message":"Sep 14 21:10:57 honeypot-sgp-1 kernel: [84065965.878323] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.236.109 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=52631 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:16:08 honeypot-ams-1 kernel: [84066751.019368] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.82.67.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=51736 PROTO=TCP SPT=20574 DPT=443 WINDOW=52757 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:16:09.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:16:55 honeypot-fra-1 kernel: [84064634.455103] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=18680 PROTO=TCP SPT=47184 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:16:55.560Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T21:17:01.755Z","@version":"1","message":"Sep 14 21:17:01 honeypot-sgp-1 CRON[14570]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:25:50 honeypot-ams-1 sshd[25801]: Invalid user es from 103.188.176.251 port 42202","@timestamp":"2022-09-14T21:25:51.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:26:13 honeypot-fra-1 kernel: [84065193.134330] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.152.52.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=65031 PROTO=TCP SPT=50773 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:26:14.769Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:29:59 honeypot-fra-1 sshd[10540]: Invalid user es from 103.188.176.251 port 39662","@timestamp":"2022-09-14T21:29:59.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:36 honeypot-ams-1 sshd[25807]: Received disconnect from 198.98.61.9 port 59768:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:31:37.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:58 honeypot-ams-1 sshd[25811]: Received disconnect from 198.98.61.9 port 54646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:31:58.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:15 honeypot-ams-1 sshd[25815]: Received disconnect from 198.98.61.9 port 49524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:32:16.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:34 honeypot-ams-1 sshd[25819]: Received disconnect from 198.98.61.9 port 44392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:32:34.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:37:36 honeypot-ams-1 sshd[25822]: Disconnected from invalid user saber 3.110.215.200 port 59348 [preauth]","@timestamp":"2022-09-14T21:37:36.595Z"}
{"@timestamp":"2022-09-14T21:45:50.423Z","@version":"1","message":"Sep 14 21:45:49 honeypot-sgp-1 sshd[14578]: Received disconnect from 92.255.85.69 port 25656:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:46:50 honeypot-ams-1 kernel: [84068593.141720] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.254.43 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=4169 DF PROTO=TCP SPT=53254 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T21:46:50.838Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:48:35 honeypot-fra-1 sshd[10546]: Received disconnect from 92.255.85.69 port 28938:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:48:36.265Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:14 honeypot-ams-1 sshd[25831]: Received disconnect from 45.61.186.249 port 46190:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:51:15.955Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:34 honeypot-ams-1 sshd[25835]: Received disconnect from 45.61.186.249 port 40254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:51:34.965Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:53 honeypot-ams-1 sshd[25839]: Received disconnect from 45.61.186.249 port 34312:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:51:53.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:52:09 honeypot-ams-1 sshd[25843]: Received disconnect from 45.61.186.249 port 56626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:52:09.982Z"}
{"@timestamp":"2022-09-14T21:55:13.638Z","@version":"1","message":"Sep 14 21:55:13 honeypot-sgp-1 sshd[14584]: Received disconnect from 195.19.4.22 port 65505:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:56:58 honeypot-fra-1 kernel: [84067037.597460] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.81.55 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=4906 PROTO=TCP SPT=52447 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:56:59.467Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:00:13.755Z","@version":"1","message":"Sep 14 22:00:13 honeypot-sgp-1 sshd[14586]: Invalid user ilaria from 41.169.26.228 port 44780","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:26.877Z","@version":"1","message":"Sep 14 22:05:26 honeypot-sgp-1 sshd[14591]: Received disconnect from 141.255.162.226 port 40056:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:32.879Z","@version":"1","message":"Sep 14 22:05:32 honeypot-sgp-1 sshd[14595]: Received disconnect from 141.255.162.226 port 49330:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:57.890Z","@version":"1","message":"Sep 14 22:05:57 honeypot-sgp-1 kernel: [84069265.156448] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:05:58 honeypot-fra-1 sshd[10553]: Received disconnect from 188.166.127.59 port 45086:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:05:59.691Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:09:12.965Z","@version":"1","message":"Sep 14 22:09:12 honeypot-sgp-1 sshd[14601]: Disconnected from authenticating user root 92.255.85.69 port 55438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:22 honeypot-ams-1 sshd[25847]: Invalid user dlm from 101.32.213.77 port 36780","@timestamp":"2022-09-14T22:09:23.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:39 honeypot-ams-1 sshd[25851]: Invalid user lo from 208.184.30.130 port 46884","@timestamp":"2022-09-14T22:09:39.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:10:18 honeypot-ams-1 sshd[25855]: Disconnected from authenticating user root 41.82.208.182 port 39816 [preauth]","@timestamp":"2022-09-14T22:10:19.451Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:11:10 honeypot-ams-1 sshd[25857]: Disconnected from invalid user http 162.19.26.39 port 44774 [preauth]","@timestamp":"2022-09-14T22:11:11.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:12:21 honeypot-fra-1 kernel: [84067961.020786] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=13806 PROTO=TCP SPT=46289 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:12:22.850Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:12:49.051Z","@version":"1","message":"Sep 14 22:12:48 honeypot-sgp-1 sshd[14608]: Invalid user admin from 217.165.114.155 port 46177","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:14:57 honeypot-ams-1 sshd[25864]: Received disconnect from 61.177.172.98 port 10113:11:  [preauth]","@timestamp":"2022-09-14T22:14:57.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:17:01 honeypot-ams-1 CRON[25869]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T22:17:01.636Z"}
{"@timestamp":"2022-09-14T22:17:02.150Z","@version":"1","message":"Sep 14 22:17:01 honeypot-sgp-1 CRON[14612]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:17:59 honeypot-fra-1 sshd[10565]: Invalid user tomcat from 193.106.191.157 port 38158","@timestamp":"2022-09-14T22:17:59.978Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:18:00 honeypot-ams-1 sshd[25872]: Disconnected from authenticating user root 61.177.172.108 port 14554 [preauth]","@timestamp":"2022-09-14T22:18:00.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:22:45 honeypot-ams-1 sshd[25877]: Received disconnect from 79.127.55.178 port 50868:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:22:45.790Z"}
{"@timestamp":"2022-09-14T22:24:58.353Z","@version":"1","message":"Sep 14 22:24:57 honeypot-sgp-1 sshd[14620]: Invalid user vitastaa from 115.75.146.156 port 47450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:09.383Z","@version":"1","message":"Sep 14 22:26:09 honeypot-sgp-1 sshd[14622]: Disconnected from invalid user murilo 46.101.2.4 port 57634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:26:27 honeypot-fra-1 kernel: [84068806.149717] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.55 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51939 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:26:27.193Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:26:46.401Z","@version":"1","message":"Sep 14 22:26:45 honeypot-sgp-1 sshd[14628]: Invalid user pi from 60.221.50.163 port 39814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:27:02 honeypot-ams-1 sshd[25884]: Connection reset by 179.229.8.92 port 18671 [preauth]","@timestamp":"2022-09-14T22:27:03.905Z"}
{"@timestamp":"2022-09-14T22:27:43.423Z","@version":"1","message":"Sep 14 22:27:42 honeypot-sgp-1 sshd[14632]: Disconnected from invalid user lxs 62.84.124.238 port 40526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:29:04.458Z","@version":"1","message":"Sep 14 22:29:03 honeypot-sgp-1 sshd[14636]: Disconnected from invalid user lhd 180.130.116.221 port 58042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:30:27.493Z","@version":"1","message":"Sep 14 22:30:27 honeypot-sgp-1 sshd[14643]: Disconnected from authenticating user root 167.71.233.59 port 42016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:31:43.527Z","@version":"1","message":"Sep 14 22:31:43 honeypot-sgp-1 sshd[14647]: Received disconnect from 202.61.105.17 port 43350:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:32:22.546Z","@version":"1","message":"Sep 14 22:32:21 honeypot-sgp-1 sshd[14651]: Received disconnect from 92.255.85.69 port 58510:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:33:48.581Z","@version":"1","message":"Sep 14 22:33:48 honeypot-sgp-1 sshd[14655]: Disconnected from invalid user database 217.13.211.152 port 41522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:35:35 honeypot-ams-1 kernel: [84071518.485599] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=203.206.188.109 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=49700 PROTO=TCP SPT=44030 DPT=80 WINDOW=59295 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:35:36.128Z"}
{"@timestamp":"2022-09-14T22:37:26.668Z","@version":"1","message":"Sep 14 22:37:25 honeypot-sgp-1 sshd[14662]: Received disconnect from 141.255.162.226 port 45180:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:28.669Z","@version":"1","message":"Sep 14 22:37:28 honeypot-sgp-1 sshd[14666]: Received disconnect from 141.255.162.226 port 40284:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:34.672Z","@version":"1","message":"Sep 14 22:37:34 honeypot-sgp-1 sshd[14670]: Received disconnect from 141.255.162.226 port 35394:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:54.682Z","@version":"1","message":"Sep 14 22:37:54 honeypot-sgp-1 kernel: [84071182.741888] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.81.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=63333 PROTO=TCP SPT=52447 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:38:26 honeypot-fra-1 kernel: [84069525.789514] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.119 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5924 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:38:27.495Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:38:51 honeypot-ams-1 sshd[25896]: Received disconnect from 61.177.172.124 port 15534:11:  [preauth]","@timestamp":"2022-09-14T22:38:52.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:39:57 honeypot-fra-1 sshd[10574]: Disconnected from invalid user fei 164.92.210.129 port 45878 [preauth]","@timestamp":"2022-09-14T22:39:57.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:43:17.813Z","@version":"1","message":"Sep 14 22:43:16 honeypot-sgp-1 kernel: [84071505.003419] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.141.64 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=46518 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:43:50 honeypot-ams-1 kernel: [84072013.222219] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=110.16.41.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=9540 PROTO=TCP SPT=9014 DPT=443 WINDOW=7182 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:43:51.344Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:44:33 honeypot-fra-1 sshd[10579]: Received disconnect from 186.206.151.246 port 41950:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:44:34.638Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:49:29.963Z","@version":"1","message":"Sep 14 22:49:29 honeypot-sgp-1 sshd[14686]: Received disconnect from 61.177.173.46 port 29378:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:49:47 honeypot-ams-1 sshd[25910]: Disconnected from authenticating user root 179.43.156.143 port 53806 [preauth]","@timestamp":"2022-09-14T22:49:47.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:50:33 honeypot-fra-1 sshd[10584]: Disconnected from authenticating user landscape 165.22.45.108 port 51262 [preauth]","@timestamp":"2022-09-14T22:50:34.771Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:51:06 honeypot-ams-1 sshd[25920]: Disconnected from authenticating user root 179.43.156.143 port 46730 [preauth]","@timestamp":"2022-09-14T22:51:06.535Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:53:00 honeypot-ams-1 kernel: [84072562.839557] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=26138 PROTO=TCP SPT=39224 DPT=80 WINDOW=22147 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:53:00.587Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:53:39 honeypot-ams-1 sshd[25931]: Received disconnect from 179.43.156.143 port 60950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:53:40.606Z"}
{"@timestamp":"2022-09-14T22:54:00.074Z","@version":"1","message":"Sep 14 22:53:59 honeypot-sgp-1 sshd[14690]: Disconnected from authenticating user root 182.160.96.46 port 54808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:19 honeypot-fra-1 sshd[10589]: Received disconnect from 198.98.61.9 port 34836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:54:19.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:54:28 honeypot-ams-1 kernel: [84072650.945575] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=19904 PROTO=TCP SPT=49801 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:54:28.629Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:39 honeypot-fra-1 sshd[10593]: Received disconnect from 198.98.61.9 port 56978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:54:39.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:56 honeypot-fra-1 sshd[10597]: Received disconnect from 198.98.61.9 port 50884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:54:56.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:55:12 honeypot-fra-1 sshd[10601]: Received disconnect from 198.98.61.9 port 44792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:55:12.882Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:55:26.109Z","@version":"1","message":"Sep 14 22:55:25 honeypot-sgp-1 sshd[14695]: Disconnected from invalid user kernoops 123.120.1.239 port 57338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:55:37 honeypot-ams-1 sshd[25940]: Received disconnect from 179.43.156.143 port 50426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:55:37.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:56:56 honeypot-ams-1 sshd[25944]: Disconnected from authenticating user root 179.43.156.143 port 43416 [preauth]","@timestamp":"2022-09-14T22:56:56.696Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:58:58 honeypot-ams-1 sshd[25950]: Disconnected from authenticating user root 179.43.156.143 port 32910 [preauth]","@timestamp":"2022-09-14T22:58:59.751Z"}
{"@timestamp":"2022-09-14T22:59:25.204Z","@version":"1","message":"Sep 14 22:59:24 honeypot-sgp-1 sshd[14701]: Disconnected from authenticating user root 61.177.173.46 port 49785 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:01:16 honeypot-ams-1 sshd[25957]: Received disconnect from 61.177.172.19 port 58963:11:  [preauth]","@timestamp":"2022-09-14T23:01:16.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:02:19 honeypot-fra-1 sshd[10607]: Invalid user webadmin from 45.181.32.42 port 33024","@timestamp":"2022-09-14T23:02:20.058Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:03:43 honeypot-fra-1 sshd[10611]: Connection closed by invalid user tomcat 193.106.191.157 port 40374 [preauth]","@timestamp":"2022-09-14T23:03:43.091Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:04:51.335Z","@version":"1","message":"Sep 14 23:04:51 honeypot-sgp-1 kernel: [84072799.347121] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40638 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:08:51 honeypot-ams-1 sshd[25964]: Disconnected from authenticating user root 103.29.85.13 port 60286 [preauth]","@timestamp":"2022-09-14T23:08:52.012Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:11:14 honeypot-ams-1 kernel: [84073656.694979] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.196 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58862 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:11:14.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:12:11 honeypot-ams-1 sshd[25973]: Disconnected from invalid user admin 46.19.141.122 port 34228 [preauth]","@timestamp":"2022-09-14T23:12:12.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:15 honeypot-ams-1 sshd[25980]: Invalid user ubnt from 46.19.141.122 port 36220","@timestamp":"2022-09-14T23:14:16.159Z"}
{"@timestamp":"2022-09-14T23:14:39.567Z","@version":"1","message":"Sep 14 23:14:39 honeypot-sgp-1 sshd[14713]: Received disconnect from 62.171.146.208 port 38980:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:15:39 honeypot-ams-1 sshd[25984]: Received disconnect from 46.19.141.122 port 37232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:15:40.196Z"}
{"@timestamp":"2022-09-14T23:17:02.627Z","@version":"1","message":"Sep 14 23:17:01 honeypot-sgp-1 CRON[14718]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:17:09 honeypot-fra-1 kernel: [84071848.401452] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.81.55 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x20 TTL=118 ID=20278 DF PROTO=TCP SPT=56416 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T23:17:10.385Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:51 honeypot-fra-1 sshd[10625]: Invalid user user from 45.61.186.169 port 38290","@timestamp":"2022-09-14T23:18:51.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:07 honeypot-fra-1 sshd[10629]: Invalid user user from 45.61.186.169 port 32962","@timestamp":"2022-09-14T23:19:08.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:23 honeypot-fra-1 sshd[10633]: Invalid user user from 45.61.186.169 port 55862","@timestamp":"2022-09-14T23:19:24.442Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:19:32.688Z","@version":"1","message":"Sep 14 23:19:32 honeypot-sgp-1 sshd[14724]: Received disconnect from 92.255.85.69 port 33740:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:20:24.711Z","@version":"1","message":"Sep 14 23:20:24 honeypot-sgp-1 sshd[14729]: Disconnected from invalid user admin 51.15.225.183 port 37808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:07.730Z","@version":"1","message":"Sep 14 23:21:07 honeypot-sgp-1 sshd[14734]: Received disconnect from 45.61.186.169 port 59064:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:25.739Z","@version":"1","message":"Sep 14 23:21:25 honeypot-sgp-1 sshd[14738]: Received disconnect from 45.61.186.169 port 53614:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:33.743Z","@version":"1","message":"Sep 14 23:21:33 honeypot-sgp-1 sshd[14743]: Disconnected from invalid user user 45.61.186.169 port 36770 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:21:38 honeypot-ams-1 sshd[25990]: Disconnected from authenticating user root 61.177.172.108 port 30119 [preauth]","@timestamp":"2022-09-14T23:21:38.349Z"}
{"@timestamp":"2022-09-14T23:21:49.750Z","@version":"1","message":"Sep 14 23:21:48 honeypot-sgp-1 sshd[14749]: Invalid user user from 45.61.186.169 port 59540","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:22:18 honeypot-fra-1 sshd[10637]: Received disconnect from 92.255.85.70 port 41384:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:22:19.511Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:23:35.793Z","@version":"1","message":"Sep 14 23:23:35 honeypot-sgp-1 sshd[14753]: Disconnected from authenticating user root 143.244.158.100 port 35184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:25:02 honeypot-ams-1 sshd[25996]: Disconnected from authenticating user root 92.255.85.70 port 24274 [preauth]","@timestamp":"2022-09-14T23:25:02.439Z"}
{"@timestamp":"2022-09-14T23:26:23.862Z","@version":"1","message":"Sep 14 23:26:23 honeypot-sgp-1 sshd[14760]: Disconnected from authenticating user root 143.244.158.100 port 48804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:28:11.909Z","@version":"1","message":"Sep 14 23:28:11 honeypot-sgp-1 kernel: [84074199.086632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.23.144.23 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=7426 DF PROTO=TCP SPT=64781 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:29:33.943Z","@version":"1","message":"Sep 14 23:29:33 honeypot-sgp-1 sshd[14770]: Disconnected from authenticating user root 161.35.98.96 port 59668 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:30:15 honeypot-ams-1 kernel: [84074798.047560] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=22545 PROTO=TCP SPT=58202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:30:15.575Z"}
{"@timestamp":"2022-09-14T23:31:02.981Z","@version":"1","message":"Sep 14 23:31:02 honeypot-sgp-1 sshd[14777]: Received disconnect from 61.177.172.104 port 16043:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:32:13.012Z","@version":"1","message":"Sep 14 23:32:12 honeypot-sgp-1 sshd[14781]: Disconnected from authenticating user root 143.244.158.100 port 50682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:35:15.085Z","@version":"1","message":"Sep 14 23:35:14 honeypot-sgp-1 sshd[14787]: Disconnected from authenticating user root 143.244.158.100 port 44890 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:36:39 honeypot-ams-1 sshd[26008]: Disconnected from invalid user booking 94.159.31.10 port 54265 [preauth]","@timestamp":"2022-09-14T23:36:39.740Z"}
{"@timestamp":"2022-09-14T23:37:06.258Z","@version":"1","message":"Sep 14 23:37:05 honeypot-sgp-1 sshd[14794]: Disconnected from authenticating user root 143.244.158.100 port 48174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:40:03.328Z","@version":"1","message":"Sep 14 23:40:02 honeypot-sgp-1 sshd[14802]: Received disconnect from 143.244.158.100 port 49456:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:40:30 honeypot-ams-1 sshd[26013]: Disconnected from authenticating user root 68.183.92.26 port 38504 [preauth]","@timestamp":"2022-09-14T23:40:30.842Z"}
{"@timestamp":"2022-09-14T23:42:40.391Z","@version":"1","message":"Sep 14 23:42:39 honeypot-sgp-1 kernel: [84075068.008737] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=32915 PROTO=TCP SPT=58606 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:43:57.423Z","@version":"1","message":"Sep 14 23:43:57 honeypot-sgp-1 sshd[14814]: Disconnected from authenticating user root 143.244.158.100 port 47152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:44:21 honeypot-fra-1 kernel: [84073480.037688] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35656 PROTO=TCP SPT=58606 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:44:21.994Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T23:45:34.463Z","@version":"1","message":"Sep 14 23:45:34 honeypot-sgp-1 sshd[14820]: Received disconnect from 43.155.80.159 port 41500:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:45:52 honeypot-ams-1 kernel: [84075734.761439] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.55 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39603 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:45:52.986Z"}
{"@timestamp":"2022-09-14T23:47:43.515Z","@version":"1","message":"Sep 14 23:47:43 honeypot-sgp-1 sshd[14827]: Received disconnect from 143.244.158.100 port 35428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:48:08 honeypot-ams-1 sshd[26027]: Disconnected from authenticating user root 92.255.85.70 port 54660 [preauth]","@timestamp":"2022-09-14T23:48:09.053Z"}
{"@timestamp":"2022-09-14T23:48:47.542Z","@version":"1","message":"Sep 14 23:48:47 honeypot-sgp-1 sshd[14831]: Disconnected from invalid user boxer 138.2.245.103 port 41972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:51:10 honeypot-ams-1 sshd[26033]: Disconnected from authenticating user root 149.56.102.60 port 50172 [preauth]","@timestamp":"2022-09-14T23:51:10.134Z"}
{"@timestamp":"2022-09-14T23:51:26.605Z","@version":"1","message":"Sep 14 23:51:25 honeypot-sgp-1 sshd[14841]: Disconnected from authenticating user root 143.244.158.100 port 42466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:52:58 honeypot-ams-1 sshd[26039]: Invalid user user from 103.188.176.251 port 53450","@timestamp":"2022-09-14T23:52:59.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:53:54 honeypot-ams-1 sshd[26046]: Received disconnect from 45.61.186.249 port 41476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:53:55.215Z"}
{"@timestamp":"2022-09-14T23:54:00.667Z","@version":"1","message":"Sep 14 23:53:59 honeypot-sgp-1 sshd[14848]: Disconnected from authenticating user root 61.177.173.39 port 17442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:04 honeypot-ams-1 sshd[26050]: Disconnected from invalid user user 45.61.186.249 port 53144 [preauth]","@timestamp":"2022-09-14T23:54:05.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:22 honeypot-ams-1 sshd[26054]: Disconnected from invalid user user 45.61.186.249 port 48282 [preauth]","@timestamp":"2022-09-14T23:54:22.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:39 honeypot-ams-1 sshd[26058]: Disconnected from invalid user user 45.61.186.249 port 43366 [preauth]","@timestamp":"2022-09-14T23:54:40.239Z"}
{"@timestamp":"2022-09-14T23:56:01.717Z","@version":"1","message":"Sep 14 23:56:01 honeypot-sgp-1 sshd[14854]: Disconnected from authenticating user root 143.244.158.100 port 38966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:57:45 honeypot-fra-1 kernel: [84074284.431302] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.38.211 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=53546 PROTO=TCP SPT=54895 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:57:46.298Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T23:58:45.783Z","@version":"1","message":"Sep 14 23:58:45 honeypot-sgp-1 sshd[14862]: Disconnected from authenticating user root 143.244.158.100 port 48638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:14 honeypot-fra-1 sshd[10655]: Invalid user user from 45.61.186.169 port 48708","@timestamp":"2022-09-14T23:59:15.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:32 honeypot-fra-1 sshd[10659]: Invalid user user from 45.61.186.169 port 43518","@timestamp":"2022-09-14T23:59:32.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:48 honeypot-fra-1 sshd[10663]: Invalid user user from 45.61.186.169 port 38328","@timestamp":"2022-09-14T23:59:49.351Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:00:59.838Z","@version":"1","message":"Sep 15 00:00:59 honeypot-sgp-1 sshd[14868]: Disconnected from authenticating user root 143.244.158.100 port 40572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:01:20 honeypot-ams-1 sshd[26063]: Received disconnect from 61.177.173.49 port 13983:11:  [preauth]","@timestamp":"2022-09-15T00:01:20.416Z"}
{"@timestamp":"2022-09-15T00:03:50.907Z","@version":"1","message":"Sep 15 00:03:50 honeypot-sgp-1 sshd[14875]: Received disconnect from 143.244.158.100 port 37958:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:05:00 honeypot-ams-1 sshd[26067]: Disconnected from authenticating user root 61.177.173.35 port 58535 [preauth]","@timestamp":"2022-09-15T00:05:00.515Z"}
{"@timestamp":"2022-09-15T00:05:49.957Z","@version":"1","message":"Sep 15 00:05:49 honeypot-sgp-1 sshd[14881]: Received disconnect from 143.244.158.100 port 34692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:06:52.985Z","@version":"1","message":"Sep 15 00:06:52 honeypot-sgp-1 sshd[14885]: Disconnected from authenticating user root 143.244.158.100 port 59726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:09:28 honeypot-fra-1 sshd[10668]: Received disconnect from 92.255.85.70 port 58734:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:09:28.569Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:09:44.053Z","@version":"1","message":"Sep 15 00:09:43 honeypot-sgp-1 sshd[14894]: Disconnected from authenticating user root 143.244.158.100 port 47146 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:11:48.100Z","@version":"1","message":"Sep 15 00:11:48 honeypot-sgp-1 sshd[14898]: Disconnected from authenticating user root 143.244.158.100 port 60296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:12:32.120Z","@version":"1","message":"Sep 15 00:12:32 honeypot-sgp-1 sshd[14902]: Disconnected from authenticating user root 104.131.190.193 port 35209 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:13:16 honeypot-fra-1 kernel: [84075215.005748] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=46557 PROTO=TCP SPT=40003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:13:16.657Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:14:29 honeypot-ams-1 kernel: [84077452.376905] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52299 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:14:29.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:16 honeypot-ams-1 sshd[26079]: Received disconnect from 45.61.186.49 port 46216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:16:16.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:25 honeypot-ams-1 sshd[26083]: Received disconnect from 45.61.186.49 port 57820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:16:26.820Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:17:01 honeypot-fra-1 CRON[10676]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T00:17:01.776Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:17:02.227Z","@version":"1","message":"Sep 15 00:17:01 honeypot-sgp-1 CRON[14913]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:19:02 honeypot-ams-1 sshd[26088]: Disconnected from authenticating user root 61.177.173.35 port 26671 [preauth]","@timestamp":"2022-09-15T00:19:03.891Z"}
{"@timestamp":"2022-09-15T00:20:03.300Z","@version":"1","message":"Sep 15 00:20:02 honeypot-sgp-1 sshd[14920]: Received disconnect from 104.236.237.117 port 52271:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:34 honeypot-ams-1 sshd[26096]: Received disconnect from 141.255.162.226 port 34448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:22:34.985Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:38 honeypot-ams-1 sshd[26100]: Received disconnect from 141.255.162.226 port 39932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:22:38.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:39 honeypot-ams-1 sshd[26104]: Received disconnect from 141.255.162.226 port 48370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:22:39.989Z"}
{"@timestamp":"2022-09-15T00:23:27.381Z","@version":"1","message":"Sep 15 00:23:26 honeypot-sgp-1 sshd[14927]: Received disconnect from 61.177.173.37 port 34041:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:25:01.419Z","@version":"1","message":"Sep 15 00:25:00 honeypot-sgp-1 sshd[14931]: Received disconnect from 20.87.8.78 port 38884:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:28:59.516Z","@version":"1","message":"Sep 15 00:28:58 honeypot-sgp-1 sshd[14934]: Disconnected from 61.177.173.51 port 22652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:31:08 honeypot-ams-1 kernel: [84078451.424470] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.110 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=1902 PROTO=TCP SPT=24510 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:31:09.210Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:32:22 honeypot-fra-1 sshd[10688]: Received disconnect from 92.255.85.69 port 19292:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:32:23.122Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:33:46.631Z","@version":"1","message":"Sep 15 00:33:46 honeypot-sgp-1 sshd[14942]: Invalid user ubnt from 179.60.147.69 port 37974","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:34:26 honeypot-ams-1 sshd[26115]: Disconnected from authenticating user root 61.177.172.19 port 63247 [preauth]","@timestamp":"2022-09-15T00:34:26.301Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:34:55 honeypot-fra-1 sshd[10692]: Connection closed by invalid user ubnt 179.60.147.69 port 58220 [preauth]","@timestamp":"2022-09-15T00:34:56.182Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:36:56 honeypot-ams-1 sshd[26122]: Received disconnect from 111.67.197.237 port 32940:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:36:57.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:39:43 honeypot-ams-1 sshd[26126]: Disconnected from invalid user colord 13.83.41.0 port 35150 [preauth]","@timestamp":"2022-09-15T00:39:43.444Z"}
{"@timestamp":"2022-09-15T00:40:24.790Z","@version":"1","message":"Sep 15 00:40:24 honeypot-sgp-1 sshd[14948]: Received disconnect from 20.55.113.203 port 1024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:43:12.857Z","@version":"1","message":"Sep 15 00:43:11 honeypot-sgp-1 sshd[14952]: Connection closed by invalid user admin 128.199.168.83 port 48554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:44:22.886Z","@version":"1","message":"Sep 15 00:44:22 honeypot-sgp-1 sshd[14958]: Disconnected from authenticating user root 103.68.183.202 port 47940 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:46:24.937Z","@version":"1","message":"Sep 15 00:46:24 honeypot-sgp-1 kernel: [84078892.509138] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=61783 DF PROTO=TCP SPT=59722 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:49:31 honeypot-ams-1 kernel: [84079553.925481] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.72.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=50361 PROTO=TCP SPT=27860 DPT=80 WINDOW=62812 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:49:31.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:55:26 honeypot-fra-1 sshd[10699]: Invalid user admin from 111.99.190.118 port 43412","@timestamp":"2022-09-15T00:55:27.659Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:57:24 honeypot-ams-1 sshd[26138]: Disconnected from authenticating user root 61.177.172.114 port 37625 [preauth]","@timestamp":"2022-09-15T00:57:24.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:59:25 honeypot-fra-1 sshd[10703]: Received disconnect from 200.66.77.178 port 41354:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:59:25.755Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:01:14 honeypot-ams-1 kernel: [84080256.750694] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=49362 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:01:15.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:02:31 honeypot-fra-1 kernel: [84078170.100926] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.6 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48522 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:02:31.831Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T01:03:44.379Z","@version":"1","message":"Sep 15 01:03:43 honeypot-sgp-1 kernel: [84079931.509493] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=47121 DF PROTO=TCP SPT=61151 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:09:01 honeypot-ams-1 sshd[26151]: Received disconnect from 61.177.173.51 port 59357:11:  [preauth]","@timestamp":"2022-09-15T01:09:02.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:33 honeypot-fra-1 sshd[10714]: Invalid user user from 45.61.186.169 port 40794","@timestamp":"2022-09-15T01:10:34.106Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:41 honeypot-fra-1 sshd[10716]: Disconnected from invalid user user 45.61.186.169 port 52232 [preauth]","@timestamp":"2022-09-15T01:10:42.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:57 honeypot-fra-1 sshd[10721]: Disconnected from invalid user user 45.61.186.169 port 46870 [preauth]","@timestamp":"2022-09-15T01:10:58.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:11:13 honeypot-fra-1 sshd[10725]: Disconnected from invalid user user 45.61.186.169 port 41520 [preauth]","@timestamp":"2022-09-15T01:11:14.125Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:13:47.632Z","@version":"1","message":"Sep 15 01:13:47 honeypot-sgp-1 sshd[14986]: Connection closed by 192.241.219.87 port 36522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:13:50 honeypot-ams-1 sshd[26156]: Connection closed by invalid user guest 179.60.147.69 port 43788 [preauth]","@timestamp":"2022-09-15T01:13:50.357Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:17:30 honeypot-ams-1 kernel: [84081233.006746] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.246.253.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=43720 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:17:30.456Z"}
{"@timestamp":"2022-09-15T01:17:40.726Z","@version":"1","message":"Sep 15 01:17:40 honeypot-sgp-1 sshd[14994]: Received disconnect from 61.177.173.49 port 57462:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:19:17 honeypot-fra-1 sshd[10736]: Disconnected from authenticating user root 92.255.85.69 port 60454 [preauth]","@timestamp":"2022-09-15T01:19:17.307Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:19:55.780Z","@version":"1","message":"Sep 15 01:19:55 honeypot-sgp-1 sshd[14998]: Disconnected from invalid user long 113.203.237.139 port 54270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:27:19.959Z","@version":"1","message":"Sep 15 01:27:19 honeypot-sgp-1 sshd[15022]: Disconnected from authenticating user root 61.177.173.49 port 11053 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:30:57 honeypot-fra-1 sshd[10743]: Received disconnect from 45.61.184.204 port 39318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:30:58.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:16 honeypot-fra-1 sshd[10759]: Received disconnect from 45.61.184.204 port 34862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:31:16.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:33 honeypot-fra-1 sshd[10763]: Received disconnect from 45.61.184.204 port 58624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:31:34.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:52 honeypot-fra-1 sshd[10771]: Received disconnect from 45.61.184.204 port 54168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:31:52.604Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:34:21 honeypot-ams-1 kernel: [84082244.045576] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.186.19.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=39832 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:34:21.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:35:47 honeypot-ams-1 sshd[26189]: Invalid user tomcat from 193.106.191.157 port 50636","@timestamp":"2022-09-15T01:35:47.935Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:36:51 honeypot-fra-1 sshd[10787]: Invalid user admin from 141.98.10.158 port 36418","@timestamp":"2022-09-15T01:36:51.717Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:38:20 honeypot-ams-1 sshd[26196]: Received disconnect from 61.177.173.49 port 48263:11:  [preauth]","@timestamp":"2022-09-15T01:38:21.003Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:39:24 honeypot-fra-1 sshd[10792]: Did not receive identification string from 152.32.154.27 port 56546","@timestamp":"2022-09-15T01:39:25.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:39:48.253Z","@version":"1","message":"Sep 15 01:39:47 honeypot-sgp-1 kernel: [84082095.678040] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=24220 DF PROTO=TCP SPT=62166 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:45:41.396Z","@version":"1","message":"Sep 15 01:45:41 honeypot-sgp-1 sshd[15034]: Disconnected from authenticating user root 61.177.173.36 port 24729 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:45:45 honeypot-fra-1 kernel: [84080763.763759] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.193.221 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54536 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:45:45.925Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:48:22 honeypot-fra-1 kernel: [84080921.145024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=6159 PROTO=TCP SPT=50424 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:48:22.991Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:09 honeypot-ams-1 sshd[26205]: Did not receive identification string from 141.255.162.226 port 53476","@timestamp":"2022-09-15T01:50:10.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:21 honeypot-ams-1 sshd[26211]: Invalid user user from 141.255.162.226 port 36324","@timestamp":"2022-09-15T01:50:22.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:24 honeypot-ams-1 sshd[26215]: Invalid user user from 141.255.162.226 port 44706","@timestamp":"2022-09-15T01:50:25.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:30 honeypot-ams-1 sshd[26219]: Invalid user user from 141.255.162.226 port 49990","@timestamp":"2022-09-15T01:50:31.325Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:52:40 honeypot-ams-1 kernel: [84083343.433307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=39127 PROTO=TCP SPT=39628 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:52:41.381Z"}
{"@timestamp":"2022-09-15T01:52:57.569Z","@version":"1","message":"Sep 15 01:52:57 honeypot-sgp-1 sshd[15041]: Received disconnect from 36.156.145.28 port 37738:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:56:31.657Z","@version":"1","message":"Sep 15 01:56:31 honeypot-sgp-1 sshd[15045]: Disconnected from authenticating user root 61.177.173.49 port 20739 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:01:27 honeypot-ams-1 kernel: [84083870.048345] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25595 PROTO=TCP SPT=53216 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:01:27.613Z"}
{"@timestamp":"2022-09-15T02:01:33.780Z","@version":"1","message":"Sep 15 02:01:32 honeypot-sgp-1 sshd[15054]: Received disconnect from 64.227.172.225 port 59626:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:03:44 honeypot-fra-1 sshd[10810]: Disconnected from invalid user webmail 190.128.230.98 port 35494 [preauth]","@timestamp":"2022-09-15T02:03:45.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:06:01 honeypot-fra-1 sshd[10816]: Disconnected from invalid user gy 192.3.253.15 port 33442 [preauth]","@timestamp":"2022-09-15T02:06:01.409Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T02:06:34.903Z","@version":"1","message":"Sep 15 02:06:34 honeypot-sgp-1 sshd[15060]: Connection reset by 128.199.44.251 port 21686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:08:42.976Z","@version":"1","message":"Sep 15 02:08:42 honeypot-sgp-1 sshd[15066]: Disconnected from authenticating user root 61.177.173.48 port 35695 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26241]: error: maximum authentication attempts exceeded for root from 89.163.142.195 port 53616 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:14.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26247]: Invalid user admin from 89.163.142.195 port 53624","@timestamp":"2022-09-15T02:11:14.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26251]: Invalid user admin from 89.163.142.195 port 53630","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26255]: Invalid user oracle from 89.163.142.195 port 53636","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26259]: Invalid user usuario from 89.163.142.195 port 53640","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26263]: Invalid user usuario from 89.163.142.195 port 53644","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26267]: Invalid user test from 89.163.142.195 port 53650","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26271]: Invalid user user from 89.163.142.195 port 53658","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26275]: Invalid user user from 89.163.142.195 port 53662","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26279]: Invalid user ftpuser from 89.163.142.195 port 53668","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26283]: Invalid user test1 from 89.163.142.195 port 53674","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26287]: Invalid user test1 from 89.163.142.195 port 53678","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26291]: Invalid user test2 from 89.163.142.195 port 53686","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26295]: Invalid user contador from 89.163.142.195 port 53690","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26299]: Invalid user ubuntu from 89.163.142.195 port 53694","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26303]: Invalid user duni from 89.163.142.195 port 53700","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:21 honeypot-ams-1 sshd[26307]: Invalid user baikal from 89.163.142.195 port 53704","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:12:01 honeypot-ams-1 sshd[26312]: Received disconnect from 193.142.146.50 port 58096:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:12:02.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:13:28 honeypot-ams-1 sshd[26317]: Received disconnect from 193.142.146.50 port 54276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:13:28.938Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:14:07 honeypot-ams-1 sshd[26323]: Received disconnect from 193.142.146.50 port 50456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:14:07.958Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:15:43 honeypot-ams-1 sshd[26329]: Invalid user test from 193.142.146.50 port 35950","@timestamp":"2022-09-15T02:15:44.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:17:01 honeypot-ams-1 CRON[26333]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T02:17:02.038Z"}
{"@timestamp":"2022-09-15T02:17:02.180Z","@version":"1","message":"Sep 15 02:17:01 honeypot-sgp-1 CRON[15071]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:17:01 honeypot-fra-1 CRON[10838]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T02:17:02.662Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:15 honeypot-ams-1 sshd[26343]: Received disconnect from 141.255.162.226 port 46692:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:18:16.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:18 honeypot-ams-1 sshd[26347]: Received disconnect from 141.255.162.226 port 34984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:18:18.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:21 honeypot-ams-1 sshd[26351]: Received disconnect from 141.255.162.226 port 51524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:18:22.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:25 honeypot-ams-1 sshd[26355]: Received disconnect from 141.255.162.226 port 39836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:18:26.080Z"}
{"@timestamp":"2022-09-15T02:21:40.297Z","@version":"1","message":"Sep 15 02:21:39 honeypot-sgp-1 sshd[15077]: Received disconnect from 61.177.172.124 port 27506:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:24:26 honeypot-fra-1 sshd[10847]: Invalid user support from 179.60.147.69 port 63060","@timestamp":"2022-09-15T02:24:26.828Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:27:23 honeypot-ams-1 sshd[26368]: Invalid user bitrix from 167.99.147.105 port 60550","@timestamp":"2022-09-15T02:27:24.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:28:11 honeypot-fra-1 kernel: [84083309.785580] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.128.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=2973 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:28:11.918Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T02:28:33.467Z","@version":"1","message":"Sep 15 02:28:32 honeypot-sgp-1 kernel: [84085020.685597] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.175 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45782 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:29:43 honeypot-ams-1 kernel: [84085566.387348] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.128.221 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=166 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:29:44.379Z"}
{"@timestamp":"2022-09-15T02:31:56.552Z","@version":"1","message":"Sep 15 02:31:55 honeypot-sgp-1 sshd[15088]: Received disconnect from 192.241.174.44 port 60850:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:32:18 honeypot-ams-1 sshd[26378]: Disconnected from authenticating user root 92.255.85.70 port 30394 [preauth]","@timestamp":"2022-09-15T02:32:18.450Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:34:12 honeypot-fra-1 sshd[10854]: Received disconnect from 190.153.222.250 port 34615:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:34:13.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T02:34:38.618Z","@version":"1","message":"Sep 15 02:34:38 honeypot-sgp-1 sshd[15092]: Disconnected from invalid user medeia 103.99.203.103 port 33116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:37:55 honeypot-ams-1 kernel: [84086058.507817] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17726 PROTO=TCP SPT=47860 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:37:56.598Z"}
{"@timestamp":"2022-09-15T02:43:22.833Z","@version":"1","message":"Sep 15 02:43:22 honeypot-sgp-1 kernel: [84085910.328894] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.128.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=11894 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:46:07 honeypot-ams-1 sshd[26394]: Disconnected from authenticating user root 61.177.173.53 port 19398 [preauth]","@timestamp":"2022-09-15T02:46:08.810Z"}
{"@timestamp":"2022-09-15T02:49:37.987Z","@version":"1","message":"Sep 15 02:49:37 honeypot-sgp-1 sshd[15107]: Received disconnect from 92.255.85.69 port 34442:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:12 honeypot-ams-1 sshd[26405]: Disconnected from invalid user user 45.61.184.204 port 46464 [preauth]","@timestamp":"2022-09-15T02:52:12.971Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:52:29 honeypot-fra-1 sshd[10858]: Disconnected from authenticating user root 92.255.85.69 port 35684 [preauth]","@timestamp":"2022-09-15T02:52:30.467Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:32 honeypot-ams-1 sshd[26409]: Disconnected from invalid user user 45.61.184.204 port 40894 [preauth]","@timestamp":"2022-09-15T02:52:32.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:51 honeypot-ams-1 sshd[26413]: Disconnected from invalid user user 45.61.184.204 port 35318 [preauth]","@timestamp":"2022-09-15T02:52:51.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:53:07 honeypot-ams-1 sshd[26417]: Disconnected from invalid user user 45.61.184.204 port 57974 [preauth]","@timestamp":"2022-09-15T02:53:08.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:56:29 honeypot-fra-1 sshd[10862]: Received disconnect from 51.83.131.123 port 36612:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:56:29.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:59:10 honeypot-ams-1 sshd[26426]: Received disconnect from 61.177.172.19 port 17687:11:  [preauth]","@timestamp":"2022-09-15T02:59:11.158Z"}
{"@timestamp":"2022-09-15T03:02:55.313Z","@version":"1","message":"Sep 15 03:02:54 honeypot-sgp-1 kernel: [84087082.778967] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=15751 PROTO=TCP SPT=39643 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:05:39 honeypot-ams-1 sshd[26433]: Received disconnect from 61.177.173.46 port 29263:11:  [preauth]","@timestamp":"2022-09-15T03:05:40.330Z"}
{"@timestamp":"2022-09-15T03:07:27.430Z","@version":"1","message":"Sep 15 03:07:27 honeypot-sgp-1 kernel: [84087355.065617] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3039 PROTO=TCP SPT=51238 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:12:04 honeypot-ams-1 sshd[26438]: Received disconnect from 51.15.105.243 port 41074:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:12:05.494Z"}
{"@timestamp":"2022-09-15T03:13:06.573Z","@version":"1","message":"Sep 15 03:13:05 honeypot-sgp-1 sshd[15128]: Received disconnect from 92.255.85.69 port 40390:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:13:38 honeypot-fra-1 kernel: [84086037.233049] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=10283 PROTO=TCP SPT=50803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:13:38.942Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:15:17 honeypot-ams-1 sshd[26445]: Invalid user admin from 68.183.88.186 port 35048","@timestamp":"2022-09-15T03:15:18.576Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10879]: Invalid user testuser from 160.86.90.2 port 46306","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10873]: Connection closed by invalid user guest 160.86.90.2 port 46416 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10871]: Connection closed by invalid user admin 160.86.90.2 port 46178 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:44 honeypot-fra-1 sshd[10891]: Connection closed by invalid user steam 160.86.90.2 port 46404 [preauth]","@timestamp":"2022-09-15T03:15:44.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10900]: Invalid user testuser from 160.86.90.2 port 46276","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10900]: Connection closed by invalid user testuser 160.86.90.2 port 46276 [preauth]","@timestamp":"2022-09-15T03:15:46.995Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:17:01 honeypot-fra-1 CRON[10913]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T03:17:02.026Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:17:02.672Z","@version":"1","message":"Sep 15 03:17:01 honeypot-sgp-1 CRON[15134]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:18:11 honeypot-ams-1 sshd[26452]: Disconnected from authenticating user root 92.255.85.69 port 48072 [preauth]","@timestamp":"2022-09-15T03:18:11.650Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:20:10 honeypot-ams-1 kernel: [84088592.993985] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.72.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=12248 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:20:10.719Z"}
{"@timestamp":"2022-09-15T03:21:10.780Z","@version":"1","message":"Sep 15 03:21:10 honeypot-sgp-1 kernel: [84088178.120451] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=147.182.148.167 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=12137 PROTO=TCP SPT=16409 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:23 honeypot-fra-1 sshd[10920]: Invalid user user from 45.61.186.169 port 51792","@timestamp":"2022-09-15T03:22:24.150Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:38 honeypot-fra-1 sshd[10924]: Received disconnect from 157.245.122.58 port 54298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:22:39.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:50 honeypot-fra-1 sshd[10928]: Received disconnect from 45.61.186.169 port 58450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:22:51.163Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:09 honeypot-fra-1 sshd[10932]: Invalid user user from 45.61.186.169 port 53474","@timestamp":"2022-09-15T03:23:10.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:22 honeypot-fra-1 sshd[10936]: Did not receive identification string from 141.255.162.226 port 40984","@timestamp":"2022-09-15T03:23:22.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:24 honeypot-fra-1 sshd[10939]: Disconnected from invalid user user 141.255.162.226 port 59508 [preauth]","@timestamp":"2022-09-15T03:23:24.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:29 honeypot-fra-1 sshd[10943]: Disconnected from invalid user user 141.255.162.226 port 55296 [preauth]","@timestamp":"2022-09-15T03:23:30.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:31 honeypot-fra-1 sshd[10947]: Received disconnect from 141.255.162.226 port 35070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:32.184Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:39 honeypot-fra-1 sshd[10951]: Received disconnect from 157.245.122.58 port 39606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:40.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:45 honeypot-fra-1 sshd[10955]: Disconnected from invalid user cvs 165.227.110.188 port 60622 [preauth]","@timestamp":"2022-09-15T03:23:46.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:24:39 honeypot-fra-1 sshd[10960]: Disconnected from invalid user tenancy 157.245.122.58 port 53166 [preauth]","@timestamp":"2022-09-15T03:24:40.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:26:34 honeypot-fra-1 sshd[10966]: Invalid user jonitwiso from 157.245.122.58 port 51996","@timestamp":"2022-09-15T03:26:35.260Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:27:28 honeypot-fra-1 sshd[10970]: Received disconnect from 157.245.122.58 port 37306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:27:28.282Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:29:09.978Z","@version":"1","message":"Sep 15 03:29:09 honeypot-sgp-1 sshd[15146]: Disconnected from authenticating user root 61.177.173.39 port 38536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:30:53 honeypot-ams-1 sshd[26464]: Received disconnect from 61.177.173.52 port 53756:11:  [preauth]","@timestamp":"2022-09-15T03:30:53.995Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:34:02 honeypot-fra-1 kernel: [84087260.828706] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26031 PROTO=TCP SPT=52776 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:34:03.431Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T03:34:11.104Z","@version":"1","message":"Sep 15 03:34:10 honeypot-sgp-1 sshd[15152]: Invalid user cliqruser from 104.244.75.159 port 55354","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:36:32.163Z","@version":"1","message":"Sep 15 03:36:31 honeypot-sgp-1 kernel: [84089099.327710] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=43243 PROTO=TCP SPT=52776 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:38:58.226Z","@version":"1","message":"Sep 15 03:38:57 honeypot-sgp-1 sshd[15159]: Disconnected from authenticating user root 61.177.173.36 port 55825 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:40:42 honeypot-fra-1 sshd[10979]: Connection closed by invalid user user 179.60.147.69 port 36972 [preauth]","@timestamp":"2022-09-15T03:40:43.584Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:43:03.330Z","@version":"1","message":"Sep 15 03:43:03 honeypot-sgp-1 sshd[15168]: Disconnected from authenticating user root 204.15.74.100 port 51058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:43:08 honeypot-ams-1 sshd[26475]: Invalid user user from 179.60.147.69 port 53086","@timestamp":"2022-09-15T03:43:09.299Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:48:39 honeypot-fra-1 kernel: [84088137.955350] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=20232 PROTO=TCP SPT=50875 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:48:39.767Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T03:51:45.545Z","@version":"1","message":"Sep 15 03:51:45 honeypot-sgp-1 kernel: [84090013.297342] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=231 ID=24970 PROTO=TCP SPT=61002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:51:59 honeypot-ams-1 sshd[26485]: Received disconnect from 198.98.61.9 port 40044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:52:00.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:20 honeypot-ams-1 sshd[26489]: Received disconnect from 198.98.61.9 port 35354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:52:20.538Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:40 honeypot-ams-1 sshd[26493]: Received disconnect from 198.98.61.9 port 58916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:52:41.549Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:53:00 honeypot-ams-1 sshd[26497]: Received disconnect from 198.98.61.9 port 54242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:53:00.558Z"}
{"@timestamp":"2022-09-15T03:56:39.667Z","@version":"1","message":"Sep 15 03:56:38 honeypot-sgp-1 kernel: [84090306.465090] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=61603 DF PROTO=TCP SPT=56316 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:00:19 honeypot-ams-1 sshd[26506]: Invalid user joisber from 60.196.69.234 port 39995","@timestamp":"2022-09-15T04:00:20.748Z"}
{"@timestamp":"2022-09-15T04:00:47.771Z","@version":"1","message":"Sep 15 04:00:47 honeypot-sgp-1 sshd[15187]: Disconnected from invalid user admin 92.255.85.69 port 58764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:03:38 honeypot-ams-1 sshd[26510]: Received disconnect from 157.245.122.58 port 54082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:03:38.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:05:44 honeypot-ams-1 sshd[26515]: Received disconnect from 157.245.122.58 port 52920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:05:44.892Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:05:46 honeypot-fra-1 sshd[10990]: Received disconnect from 165.22.45.108 port 53350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:05:47.154Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:06:40 honeypot-ams-1 sshd[26521]: Received disconnect from 157.245.122.58 port 38238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:06:40.919Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:08:07 honeypot-ams-1 sshd[26525]: Received disconnect from 189.112.0.11 port 50124:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:08:07.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:09:30 honeypot-ams-1 sshd[26529]: Received disconnect from 157.245.122.58 port 50620:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:09:30.994Z"}
{"@timestamp":"2022-09-15T04:10:24.010Z","@version":"1","message":"Sep 15 04:10:23 honeypot-sgp-1 sshd[15192]: Disconnected from authenticating user root 23.95.90.184 port 46258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:12:19.062Z","@version":"1","message":"Sep 15 04:12:18 honeypot-sgp-1 sshd[15199]: Received disconnect from 193.142.146.50 port 46724:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:13:12.086Z","@version":"1","message":"Sep 15 04:13:12 honeypot-sgp-1 sshd[15204]: Received disconnect from 46.101.31.237 port 37678:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:14:14.115Z","@version":"1","message":"Sep 15 04:14:13 honeypot-sgp-1 sshd[15210]: Received disconnect from 193.142.146.50 port 49828:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:15:50.155Z","@version":"1","message":"Sep 15 04:15:49 honeypot-sgp-1 sshd[15214]: Disconnected from invalid user test 193.142.146.50 port 35368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:18:29 honeypot-ams-1 sshd[26535]: Connection closed by invalid user tomcat 193.106.191.157 port 37916 [preauth]","@timestamp":"2022-09-15T04:18:30.244Z"}
{"@timestamp":"2022-09-15T04:19:24.249Z","@version":"1","message":"Sep 15 04:19:23 honeypot-sgp-1 kernel: [84091671.328619] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54503 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:20:49 honeypot-fra-1 sshd[10997]: Invalid user default from 179.60.147.69 port 55148","@timestamp":"2022-09-15T04:20:50.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:32 honeypot-fra-1 sshd[11002]: Invalid user user from 141.255.162.226 port 33372","@timestamp":"2022-09-15T04:21:33.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:39 honeypot-fra-1 sshd[11006]: Invalid user user from 141.255.162.226 port 47652","@timestamp":"2022-09-15T04:21:39.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:40 honeypot-fra-1 sshd[11010]: Invalid user user from 141.255.162.226 port 40840","@timestamp":"2022-09-15T04:21:40.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T04:25:11.395Z","@version":"1","message":"Sep 15 04:25:11 honeypot-sgp-1 kernel: [84092019.106559] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.108 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=2060 PROTO=TCP SPT=43628 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:26:25 honeypot-ams-1 kernel: [84092568.191943] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=56812 DF PROTO=TCP SPT=58058 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:26:26.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:26:46 honeypot-fra-1 sshd[11013]: Disconnected from authenticating user root 92.255.85.70 port 15904 [preauth]","@timestamp":"2022-09-15T04:26:46.635Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:29:32 honeypot-ams-1 sshd[26541]: Disconnected from authenticating user root 92.255.85.69 port 58430 [preauth]","@timestamp":"2022-09-15T04:29:33.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:40:15 honeypot-fra-1 kernel: [84091234.176298] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=44045 PROTO=TCP SPT=29406 DPT=443 WINDOW=42621 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:40:16.946Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T04:47:42.963Z","@version":"1","message":"Sep 15 04:47:42 honeypot-sgp-1 sshd[15230]: Disconnected from authenticating user root 92.255.85.69 port 26048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11024]: Invalid user chia from 45.127.108.174 port 42280","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11034]: Invalid user mysql from 45.127.108.174 port 42432","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11038]: Invalid user testuser from 45.127.108.174 port 42394","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11027]: Connection closed by invalid user postgres 45.127.108.174 port 42404 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11059]: Invalid user demo from 45.127.108.174 port 42384","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11042]: Connection closed by authenticating user root 45.127.108.174 port 42430 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11030]: Connection closed by invalid user oracle 45.127.108.174 port 42398 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11048]: Connection closed by authenticating user root 45.127.108.174 port 42408 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11059]: Connection closed by invalid user demo 45.127.108.174 port 42384 [preauth]","@timestamp":"2022-09-15T04:50:13.192Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:51:42 honeypot-fra-1 kernel: [84091920.489945] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16913 PROTO=TCP SPT=40960 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:51:43.226Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:52:59 honeypot-ams-1 sshd[26547]: Received disconnect from 92.255.85.70 port 39858:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:53:00.127Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:58:51 honeypot-fra-1 sshd[11097]: Received disconnect from 165.22.45.108 port 58410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:58:51.386Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:02:08.317Z","@version":"1","message":"Sep 15 05:02:07 honeypot-sgp-1 kernel: [84094235.033089] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=157.245.245.240 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=44952 PROTO=TCP SPT=58108 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:37 honeypot-fra-1 sshd[11104]: Invalid user user from 45.61.186.249 port 59668","@timestamp":"2022-09-15T05:02:38.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:56 honeypot-fra-1 sshd[11108]: Invalid user user from 45.61.186.249 port 54268","@timestamp":"2022-09-15T05:02:57.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:12 honeypot-fra-1 sshd[11112]: Invalid user user from 45.61.186.249 port 48872","@timestamp":"2022-09-15T05:03:13.511Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:04:38.382Z","@version":"1","message":"Sep 15 05:04:38 honeypot-sgp-1 sshd[15239]: Invalid user user from 45.61.186.169 port 37270","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:04:56.390Z","@version":"1","message":"Sep 15 05:04:55 honeypot-sgp-1 sshd[15243]: Invalid user user from 45.61.186.169 port 60568","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:13.399Z","@version":"1","message":"Sep 15 05:05:12 honeypot-sgp-1 kernel: [84094420.135082] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.93.21 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=53553 PROTO=TCP SPT=58293 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:21.404Z","@version":"1","message":"Sep 15 05:05:20 honeypot-sgp-1 sshd[15249]: Disconnected from invalid user user 45.61.186.169 port 39028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:06:54 honeypot-fra-1 sshd[11116]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-15T05:06:54.596Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:11:18.547Z","@version":"1","message":"Sep 15 05:11:18 honeypot-sgp-1 sshd[15254]: Disconnected from authenticating user root 92.255.85.69 port 57050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:13:28 honeypot-ams-1 sshd[26992]: Did not receive identification string from 45.61.186.169 port 37454","@timestamp":"2022-09-15T05:13:28.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:14 honeypot-ams-1 sshd[26995]: Disconnected from invalid user user 45.61.186.169 port 54336 [preauth]","@timestamp":"2022-09-15T05:14:14.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:30 honeypot-ams-1 sshd[26999]: Disconnected from invalid user user 45.61.186.169 port 49398 [preauth]","@timestamp":"2022-09-15T05:14:31.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:46 honeypot-ams-1 sshd[27004]: Disconnected from invalid user user 45.61.186.169 port 44402 [preauth]","@timestamp":"2022-09-15T05:14:46.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:16:31 honeypot-ams-1 sshd[27008]: Received disconnect from 92.255.85.69 port 53350:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:16:32.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:17:01 honeypot-fra-1 CRON[11123]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T05:17:01.823Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:22:38.819Z","@version":"1","message":"Sep 15 05:22:38 honeypot-sgp-1 kernel: [84095466.431486] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=23397 DF PROTO=TCP SPT=24421 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:27:07 honeypot-ams-1 sshd[27019]: Received disconnect from 58.144.251.23 port 43552:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:27:08.013Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:34:01 honeypot-fra-1 sshd[11130]: Invalid user user from 179.60.147.69 port 46260","@timestamp":"2022-09-15T05:34:02.225Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:34:16.138Z","@version":"1","message":"Sep 15 05:34:15 honeypot-sgp-1 sshd[15266]: Disconnected from authenticating user root 92.255.85.69 port 54846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:36:15 honeypot-ams-1 sshd[27024]: Invalid user user from 179.60.147.69 port 59084","@timestamp":"2022-09-15T05:36:16.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:40:03 honeypot-ams-1 sshd[27029]: Disconnected from authenticating user root 92.255.85.70 port 51636 [preauth]","@timestamp":"2022-09-15T05:40:04.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:44:21 honeypot-fra-1 sshd[11135]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 34468: Connection corrupted [preauth]","@timestamp":"2022-09-15T05:44:22.466Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:50:59.542Z","@version":"1","message":"Sep 15 05:50:59 honeypot-sgp-1 sshd[15272]: Invalid user user from 45.61.186.49 port 58488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:09.547Z","@version":"1","message":"Sep 15 05:51:08 honeypot-sgp-1 sshd[15276]: Invalid user user from 45.61.186.49 port 41858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:51:27 honeypot-fra-1 kernel: [84095505.376353] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=58321 PROTO=TCP SPT=42702 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:51:27.627Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T05:56:35.680Z","@version":"1","message":"Sep 15 05:56:35 honeypot-sgp-1 sshd[15281]: Invalid user oracle from 5.188.36.164 port 57716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:56:38 honeypot-ams-1 sshd[27034]: Received disconnect from 45.128.209.111 port 51376:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:56:38.756Z"}
{"@timestamp":"2022-09-15T05:57:57.716Z","@version":"1","message":"Sep 15 05:57:56 honeypot-sgp-1 sshd[15286]: Received disconnect from 92.255.85.70 port 24368:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:59:25 honeypot-ams-1 kernel: [84098147.744376] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=55561 PROTO=TCP SPT=61002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:59:25.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:05:57 honeypot-fra-1 sshd[11145]: Invalid user user from 45.61.184.204 port 38704","@timestamp":"2022-09-15T06:05:57.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:18 honeypot-fra-1 sshd[11149]: Invalid user user from 45.61.184.204 port 34312","@timestamp":"2022-09-15T06:06:18.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:28 honeypot-fra-1 sshd[11151]: Disconnected from invalid user user 45.61.184.204 port 46272 [preauth]","@timestamp":"2022-09-15T06:06:28.967Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:47 honeypot-fra-1 sshd[11155]: Disconnected from invalid user user 45.61.184.204 port 41848 [preauth]","@timestamp":"2022-09-15T06:06:47.976Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:09:21.997Z","@version":"1","message":"Sep 15 06:09:21 honeypot-sgp-1 sshd[20997]: Invalid user admin from 179.60.147.69 port 19808","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27046]: Invalid user testuser from 52.237.82.21 port 48764","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27060]: Invalid user ubuntu from 52.237.82.21 port 48828","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27074]: Invalid user es from 52.237.82.21 port 48812","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27072]: Invalid user deploy from 52.237.82.21 port 48814","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27050]: Connection closed by authenticating user root 52.237.82.21 port 48862 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27060]: Connection closed by invalid user ubuntu 52.237.82.21 port 48828 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27064]: Connection closed by invalid user testuser 52.237.82.21 port 48756 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27071]: Connection closed by invalid user ansible 52.237.82.21 port 48848 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:10:30 honeypot-fra-1 sshd[11159]: Connection closed by invalid user admin 179.60.147.69 port 50926 [preauth]","@timestamp":"2022-09-15T06:10:31.079Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:13:24 honeypot-ams-1 kernel: [84098987.418831] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=10578 PROTO=TCP SPT=27119 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:13:25.197Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:18:08 honeypot-fra-1 sshd[11165]: Disconnected from invalid user 137.220.212.237 189.141.65.234 port 41580 [preauth]","@timestamp":"2022-09-15T06:18:08.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:20:16 honeypot-fra-1 kernel: [84097234.337568] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=31429 PROTO=TCP SPT=57822 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:20:17.307Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T06:20:37.279Z","@version":"1","message":"Sep 15 06:20:37 honeypot-sgp-1 kernel: [84098944.888284] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=118.123.105.87 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=64227 PROTO=TCP SPT=59012 DPT=80 WINDOW=63540 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:21:53 honeypot-fra-1 sshd[11175]: Disconnected from authenticating user root 193.142.146.50 port 52316 [preauth]","@timestamp":"2022-09-15T06:21:54.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:33 honeypot-fra-1 sshd[11181]: Disconnected from authenticating user root 193.142.146.50 port 52234 [preauth]","@timestamp":"2022-09-15T06:22:33.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:23:58 honeypot-fra-1 sshd[11187]: Received disconnect from 193.142.146.50 port 52152:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:23:59.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:24:26 honeypot-fra-1 sshd[11191]: Received disconnect from 193.142.146.50 port 33276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:24:26.414Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:25:04 honeypot-ams-1 CRON[27105]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T06:25:05.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:25:39 honeypot-fra-1 sshd[11331]: Received disconnect from 92.255.85.69 port 24548:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:25:40.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:11 honeypot-ams-1 sshd[27274]: Invalid user user from 45.61.187.160 port 36030","@timestamp":"2022-09-15T06:26:11.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:29 honeypot-ams-1 sshd[27278]: Invalid user user from 45.61.187.160 port 59220","@timestamp":"2022-09-15T06:26:30.555Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:47 honeypot-ams-1 sshd[27282]: Invalid user user from 45.61.187.160 port 54176","@timestamp":"2022-09-15T06:26:47.564Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:26:56 honeypot-fra-1 sshd[11336]: Invalid user mazzoni from 193.70.21.56 port 58596","@timestamp":"2022-09-15T06:26:56.481Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:27:23.450Z","@version":"1","message":"Sep 15 06:27:22 honeypot-sgp-1 kernel: [84099350.390950] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.207.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59535 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:27:26 honeypot-ams-1 kernel: [84099828.500780] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=35537 PROTO=TCP SPT=42767 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:27:26.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:29:57 honeypot-ams-1 sshd[27291]: Invalid user sonja from 186.215.70.14 port 55251","@timestamp":"2022-09-15T06:29:57.652Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:36:15 honeypot-ams-1 kernel: [84100358.102983] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46295 PROTO=TCP SPT=41459 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:36:15.817Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:41:43 honeypot-ams-1 kernel: [84100685.616236] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.201.241.41 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=36015 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:41:43.960Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:43:09 honeypot-fra-1 sshd[17473]: Connection closed by 162.142.125.219 port 50482 [preauth]","@timestamp":"2022-09-15T06:43:10.861Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:45:51.910Z","@version":"1","message":"Sep 15 06:45:51 honeypot-sgp-1 sshd[21159]: Connection closed by invalid user centos 179.60.147.69 port 51530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:46:23 honeypot-fra-1 sshd[17477]: Received disconnect from 161.82.233.183 port 41264:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:46:23.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:49:48 honeypot-fra-1 sshd[17484]: Did not receive identification string from 192.241.220.190 port 42234","@timestamp":"2022-09-15T06:49:49.019Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:53:02 honeypot-ams-1 kernel: [84101365.121372] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=21553 PROTO=TCP SPT=5736 DPT=80 WINDOW=24104 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:53:03.249Z"}
{"@timestamp":"2022-09-15T06:56:21.178Z","@version":"1","message":"Sep 15 06:56:20 honeypot-sgp-1 sshd[21164]: Disconnected from authenticating user root 157.245.122.58 port 46476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T06:58:20.231Z","@version":"1","message":"Sep 15 06:58:20 honeypot-sgp-1 sshd[21169]: Disconnected from invalid user odoo 157.245.122.58 port 45322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:58:47 honeypot-fra-1 kernel: [84099544.961106] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=120.48.123.170 DST=165.22.82.222 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=29414 PROTO=TCP SPT=42803 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:58:47.225Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:00:15.283Z","@version":"1","message":"Sep 15 07:00:14 honeypot-sgp-1 sshd[21173]: Disconnected from invalid user data.user 157.245.122.58 port 44184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:01:30 honeypot-ams-1 kernel: [84101873.203526] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=64554 PROTO=TCP SPT=42359 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:01:31.472Z"}
{"@timestamp":"2022-09-15T07:02:09.336Z","@version":"1","message":"Sep 15 07:02:09 honeypot-sgp-1 sshd[21178]: Received disconnect from 157.245.122.58 port 43048:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:03:04.363Z","@version":"1","message":"Sep 15 07:03:03 honeypot-sgp-1 sshd[21181]: Disconnected from invalid user cypress 157.245.122.58 port 56582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:40 honeypot-fra-1 sshd[17493]: Disconnected from invalid user tester 103.125.189.140 port 61371 [preauth]","@timestamp":"2022-09-15T07:04:41.358Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:50 honeypot-fra-1 sshd[17497]: Disconnected from invalid user ubnt 103.125.189.140 port 62548 [preauth]","@timestamp":"2022-09-15T07:04:50.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:57 honeypot-fra-1 sshd[17501]: Disconnected from invalid user ftpuser 103.125.189.140 port 64270 [preauth]","@timestamp":"2022-09-15T07:04:58.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:04 honeypot-fra-1 sshd[17505]: Disconnected from invalid user user 103.125.189.140 port 64912 [preauth]","@timestamp":"2022-09-15T07:05:04.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:10 honeypot-fra-1 sshd[17509]: Disconnected from invalid user service 103.125.189.140 port 49768 [preauth]","@timestamp":"2022-09-15T07:05:11.375Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:16 honeypot-fra-1 sshd[17513]: Disconnected from invalid user guest 103.125.189.140 port 50803 [preauth]","@timestamp":"2022-09-15T07:05:16.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:22 honeypot-fra-1 sshd[17517]: Disconnected from invalid user admin 103.125.189.140 port 51594 [preauth]","@timestamp":"2022-09-15T07:05:23.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:08:14 honeypot-ams-1 kernel: [84102276.467536] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=33692 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:08:14.650Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:11:22 honeypot-fra-1 sshd[17524]: Invalid user tomcat from 193.106.191.157 port 51346","@timestamp":"2022-09-15T07:11:23.516Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:13:31 honeypot-ams-1 sshd[27413]: Disconnected from invalid user webmaster 152.32.145.211 port 58854 [preauth]","@timestamp":"2022-09-15T07:13:31.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:14:28 honeypot-fra-1 kernel: [84100486.776099] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=9367 PROTO=TCP SPT=41459 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:14:29.591Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:17:01 honeypot-ams-1 CRON[27418]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T07:17:01.887Z"}
{"@timestamp":"2022-09-15T07:17:38.752Z","@version":"1","message":"Sep 15 07:17:37 honeypot-sgp-1 sshd[21195]: Invalid user  from 152.32.157.116 port 49774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:20:10 honeypot-ams-1 sshd[27427]: Invalid user admin from 202.88.244.36 port 37367","@timestamp":"2022-09-15T07:20:10.972Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:21:03 honeypot-fra-1 kernel: [84100881.019865] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.248.36.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=15533 PROTO=TCP SPT=50339 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:21:03.743Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:24:21 honeypot-ams-1 sshd[27431]: Disconnected from invalid user gargy 112.23.2.254 port 40475 [preauth]","@timestamp":"2022-09-15T07:24:22.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:25:17 honeypot-fra-1 sshd[17537]: Connection closed by invalid user blank 179.60.147.69 port 17824 [preauth]","@timestamp":"2022-09-15T07:25:17.841Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:27:42 honeypot-ams-1 sshd[27435]: Connection closed by invalid user blank 179.60.147.69 port 54736 [preauth]","@timestamp":"2022-09-15T07:27:43.171Z"}
{"@timestamp":"2022-09-15T07:30:59.086Z","@version":"1","message":"Sep 15 07:30:58 honeypot-sgp-1 sshd[21201]: Invalid user tft from 51.254.101.166 port 60458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:31:30.101Z","@version":"1","message":"Sep 15 07:31:30 honeypot-sgp-1 sshd[21203]: Disconnected from authenticating user root 68.183.78.141 port 48018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:34:08.171Z","@version":"1","message":"Sep 15 07:34:07 honeypot-sgp-1 kernel: [84103354.716706] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18853 PROTO=TCP SPT=45797 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17548]: Invalid user dev from 101.43.159.25 port 41526","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17568]: Invalid user user from 101.43.159.25 port 41562","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17556]: Connection closed by invalid user ubuntu 101.43.159.25 port 41564 [preauth]","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17551]: Invalid user kafka from 101.43.159.25 port 41528","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17567]: Invalid user user from 101.43.159.25 port 41604","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17555]: Connection closed by invalid user admin 101.43.159.25 port 41600 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17591]: Invalid user mysql from 101.43.159.25 port 41576","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17594]: Connection closed by invalid user admin 101.43.159.25 port 41524 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:42 honeypot-fra-1 sshd[17593]: Connection closed by invalid user test 101.43.159.25 port 41574 [preauth]","@timestamp":"2022-09-15T07:36:43.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:48 honeypot-fra-1 sshd[17601]: Connection closed by authenticating user root 101.43.159.25 port 41572 [preauth]","@timestamp":"2022-09-15T07:36:49.116Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:38:36.286Z","@version":"1","message":"Sep 15 07:38:36 honeypot-sgp-1 kernel: [84103623.757115] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59351 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:39:37 honeypot-ams-1 kernel: [84104159.906306] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.12 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59533 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:39:38.502Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:41:30 honeypot-fra-1 kernel: [84102108.088182] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47955 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:41:31.226Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:45:22.458Z","@version":"1","message":"Sep 15 07:45:21 honeypot-sgp-1 sshd[21218]: Received disconnect from 179.43.156.143 port 49380:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:46:21.487Z","@version":"1","message":"Sep 15 07:46:21 honeypot-sgp-1 sshd[21225]: Received disconnect from 128.199.68.220 port 53326:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:47:49.526Z","@version":"1","message":"Sep 15 07:47:49 honeypot-sgp-1 sshd[21231]: Invalid user wbz from 206.217.131.233 port 39004","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:48:16 honeypot-ams-1 sshd[27441]: Disconnected from invalid user vhe 36.95.55.131 port 57620 [preauth]","@timestamp":"2022-09-15T07:48:16.725Z"}
{"@timestamp":"2022-09-15T07:48:25.545Z","@version":"1","message":"Sep 15 07:48:24 honeypot-sgp-1 sshd[21235]: Disconnected from authenticating user root 179.43.156.143 port 34026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:49:23 honeypot-fra-1 sshd[17611]: Did not receive identification string from 92.255.85.135 port 62754","@timestamp":"2022-09-15T07:49:23.406Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:49:35.577Z","@version":"1","message":"Sep 15 07:49:35 honeypot-sgp-1 sshd[21239]: Disconnected from invalid user ossuser 179.43.156.143 port 56144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:51:28.628Z","@version":"1","message":"Sep 15 07:51:27 honeypot-sgp-1 sshd[21246]: Received disconnect from 179.43.156.143 port 46882:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:51:58 honeypot-ams-1 kernel: [84104901.361524] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.49.20.124 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44570 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:51:59.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:52:39 honeypot-ams-1 sshd[27450]: Disconnected from invalid user acs 37.32.29.44 port 46564 [preauth]","@timestamp":"2022-09-15T07:52:39.844Z"}
{"@timestamp":"2022-09-15T07:53:21.677Z","@version":"1","message":"Sep 15 07:53:21 honeypot-sgp-1 sshd[21252]: Received disconnect from 179.43.156.143 port 37728:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:54:53 honeypot-ams-1 sshd[27454]: Connection closed by invalid user admin 112.186.242.154 port 50912 [preauth]","@timestamp":"2022-09-15T07:54:54.907Z"}
{"@timestamp":"2022-09-15T07:57:01.770Z","@version":"1","message":"Sep 15 07:57:01 honeypot-sgp-1 sshd[21257]: Disconnected from authenticating user root 92.255.85.70 port 43370 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:59:14 honeypot-fra-1 sshd[17616]: Received disconnect from 92.255.85.69 port 22812:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:59:14.635Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:02:35 honeypot-ams-1 sshd[27462]: Disconnected from authenticating user root 92.255.85.69 port 24072 [preauth]","@timestamp":"2022-09-15T08:02:36.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:06 honeypot-ams-1 sshd[27468]: Invalid user user from 45.61.186.169 port 60330","@timestamp":"2022-09-15T08:08:07.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:24 honeypot-ams-1 sshd[27472]: Invalid user user from 45.61.186.169 port 55218","@timestamp":"2022-09-15T08:08:24.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:40 honeypot-ams-1 sshd[27476]: Invalid user user from 45.61.186.169 port 50110","@timestamp":"2022-09-15T08:08:40.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:55 honeypot-ams-1 sshd[27480]: Invalid user user from 45.61.186.169 port 44998","@timestamp":"2022-09-15T08:08:56.282Z"}
{"@timestamp":"2022-09-15T08:10:08.098Z","@version":"1","message":"Sep 15 08:10:07 honeypot-sgp-1 kernel: [84105515.460802] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5610 PROTO=TCP SPT=41005 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:12:45 honeypot-fra-1 sshd[17625]: Received disconnect from 218.92.0.211 port 23016:11:  [preauth]","@timestamp":"2022-09-15T08:12:45.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:17:01 honeypot-ams-1 CRON[27483]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T08:17:02.511Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:17:37 honeypot-fra-1 sshd[17652]: Connection closed by invalid user admin 141.98.10.158 port 58432 [preauth]","@timestamp":"2022-09-15T08:17:38.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:21:43.386Z","@version":"1","message":"Sep 15 08:21:42 honeypot-sgp-1 sshd[21287]: Received disconnect from 49.88.112.60 port 34181:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:22:30 honeypot-fra-1 kernel: [84104568.258941] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35744 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:22:31.190Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:22:30 honeypot-ams-1 kernel: [84106733.195164] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.12.89.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2604 PROTO=TCP SPT=49520 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:22:31.655Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:24:41 honeypot-fra-1 sshd[17667]: Invalid user ec2-user from 40.70.0.187 port 46836","@timestamp":"2022-09-15T08:24:42.244Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:26:09.497Z","@version":"1","message":"Sep 15 08:26:09 honeypot-sgp-1 kernel: [84106476.553736] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=55654 PROTO=TCP SPT=47472 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:27:33 honeypot-fra-1 sshd[17669]: Received disconnect from 162.241.114.75 port 36774:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:27:33.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:28:40 honeypot-fra-1 sshd[17673]: Received disconnect from 221.0.94.20 port 35610:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:28:41.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:29:36 honeypot-ams-1 kernel: [84107158.735328] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=69.164.209.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=1907 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:29:36.842Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:30:47 honeypot-fra-1 sshd[17678]: Invalid user laura from 165.22.45.108 port 50416","@timestamp":"2022-09-15T08:30:48.391Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:32:09.646Z","@version":"1","message":"Sep 15 08:32:08 honeypot-sgp-1 sshd[21301]: Received disconnect from 51.250.5.16 port 35208:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:36:47 honeypot-ams-1 kernel: [84107589.584309] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.191.209.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=12057 PROTO=TCP SPT=48408 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:36:48.032Z"}
{"@timestamp":"2022-09-15T08:36:48.763Z","@version":"1","message":"Sep 15 08:36:47 honeypot-sgp-1 sshd[21308]: Disconnected from 49.88.112.60 port 17164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T08:41:48.888Z","@version":"1","message":"Sep 15 08:41:48 honeypot-sgp-1 kernel: [84107416.097813] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.215.35 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=47284 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:41:58 honeypot-fra-1 kernel: [84105736.121753] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=42.192.144.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=29099 DF PROTO=TCP SPT=36546 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:41:58.648Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T08:43:51.944Z","@version":"1","message":"Sep 15 08:43:51 honeypot-sgp-1 sshd[21321]: Received disconnect from 49.88.112.60 port 26128:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:35 honeypot-ams-1 sshd[27532]: Did not receive identification string from 141.255.162.226 port 58388","@timestamp":"2022-09-15T08:45:35.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:58 honeypot-ams-1 sshd[27535]: Received disconnect from 141.255.162.226 port 60868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:59 honeypot-ams-1 sshd[27539]: Received disconnect from 141.255.162.226 port 47722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:02 honeypot-ams-1 sshd[27543]: Received disconnect from 141.255.162.226 port 34606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:46:03.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:46:17 honeypot-fra-1 sshd[17686]: Disconnected from authenticating user root 92.255.85.70 port 45378 [preauth]","@timestamp":"2022-09-15T08:46:17.748Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:26 honeypot-ams-1 sshd[27547]: Received disconnect from 61.177.173.33 port 37108:11:  [preauth]","@timestamp":"2022-09-15T08:46:27.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17711]: Invalid user es from 172.104.240.40 port 43970","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17707]: Connection closed by invalid user spark 172.104.240.40 port 43908 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17713]: Connection closed by authenticating user root 172.104.240.40 port 43990 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17702]: Invalid user steam from 172.104.240.40 port 43836","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17703]: Invalid user postgres from 172.104.240.40 port 43780","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17706]: Connection closed by invalid user guest 172.104.240.40 port 43864 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17699]: Connection closed by invalid user user 172.104.240.40 port 43754 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17721]: Connection closed by invalid user ftpuser 172.104.240.40 port 44034 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17712]: Connection closed by invalid user admin 172.104.240.40 port 43984 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:49:55 honeypot-ams-1 kernel: [84108377.754561] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=35267 PROTO=TCP SPT=52613 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:49:56.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:52:49 honeypot-fra-1 kernel: [84106387.553839] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=61.143.193.91 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=43185 DF PROTO=TCP SPT=43932 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:52:50.901Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:59:17 honeypot-ams-1 kernel: [84108940.287541] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.153.29.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=54382 PROTO=TCP SPT=8706 DPT=80 WINDOW=5170 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:59:18.637Z"}
{"@timestamp":"2022-09-15T09:02:42.406Z","@version":"1","message":"Sep 15 09:02:42 honeypot-sgp-1 kernel: [84108669.532174] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.29 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49782 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:03:17 honeypot-ams-1 sshd[27568]: Disconnected from 61.177.173.33 port 17428 [preauth]","@timestamp":"2022-09-15T09:03:17.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:03:58 honeypot-fra-1 sshd[17759]: Did not receive identification string from 141.255.162.226 port 46334","@timestamp":"2022-09-15T09:03:59.164Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:21 honeypot-fra-1 sshd[17762]: Disconnected from invalid user user 141.255.162.226 port 47740 [preauth]","@timestamp":"2022-09-15T09:04:22.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:26 honeypot-fra-1 sshd[17766]: Disconnected from invalid user user 141.255.162.226 port 42466 [preauth]","@timestamp":"2022-09-15T09:04:27.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:28 honeypot-fra-1 sshd[17770]: Disconnected from invalid user user 141.255.162.226 port 50122 [preauth]","@timestamp":"2022-09-15T09:04:29.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:05:05 honeypot-ams-1 kernel: [84109287.450507] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.182.2.216 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63786 DF PROTO=TCP SPT=7535 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:05:05.796Z"}
{"@timestamp":"2022-09-15T09:07:01.516Z","@version":"1","message":"Sep 15 09:07:01 honeypot-sgp-1 sshd[21328]: Disconnected from authenticating user root 92.255.85.70 port 42934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:20.526Z","@version":"1","message":"Sep 15 09:07:19 honeypot-sgp-1 sshd[21332]: Disconnected from invalid user user 45.61.184.204 port 44010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:40.537Z","@version":"1","message":"Sep 15 09:07:39 honeypot-sgp-1 sshd[21336]: Disconnected from invalid user user 45.61.184.204 port 39840 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:08:00.547Z","@version":"1","message":"Sep 15 09:08:00 honeypot-sgp-1 sshd[21341]: Disconnected from invalid user user 45.61.184.204 port 35658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:08:53 honeypot-ams-1 sshd[27578]: Connection closed by invalid user  104.218.164.12 port 16394 [preauth]","@timestamp":"2022-09-15T09:08:53.898Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:10:22 honeypot-fra-1 sshd[17775]: Disconnected from authenticating user root 92.255.85.69 port 35296 [preauth]","@timestamp":"2022-09-15T09:10:23.314Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:11:18 honeypot-ams-1 kernel: [84109660.472921] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50421 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:11:18.965Z"}
{"@timestamp":"2022-09-15T09:17:01.769Z","@version":"1","message":"Sep 15 09:17:01 honeypot-sgp-1 CRON[21348]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:17:01 honeypot-ams-1 CRON[27594]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T09:17:02.116Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:19:30 honeypot-fra-1 sshd[17784]: Connection closed by invalid user ubnt 179.60.147.69 port 54988 [preauth]","@timestamp":"2022-09-15T09:19:31.522Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:36 honeypot-ams-1 sshd[27602]: Invalid user user from 141.255.162.226 port 48450","@timestamp":"2022-09-15T09:19:37.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:40 honeypot-ams-1 sshd[27606]: Invalid user user from 141.255.162.226 port 42200","@timestamp":"2022-09-15T09:19:40.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:41 honeypot-ams-1 sshd[27611]: Invalid user user from 141.255.162.226 port 49526","@timestamp":"2022-09-15T09:19:42.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:21:42 honeypot-ams-1 sshd[27616]: Invalid user ubnt from 179.60.147.69 port 28716","@timestamp":"2022-09-15T09:21:43.245Z"}
{"@timestamp":"2022-09-15T09:30:03.084Z","@version":"1","message":"Sep 15 09:30:03 honeypot-sgp-1 sshd[21355]: Received disconnect from 111.202.249.76 port 2613:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:31:36.124Z","@version":"1","message":"Sep 15 09:31:35 honeypot-sgp-1 sshd[21359]: Disconnected from invalid user sammy 190.12.102.58 port 47372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:31:53 honeypot-ams-1 sshd[27622]: Received disconnect from 61.177.173.33 port 53587:11:  [preauth]","@timestamp":"2022-09-15T09:31:54.526Z"}
{"@timestamp":"2022-09-15T09:33:29.174Z","@version":"1","message":"Sep 15 09:33:28 honeypot-sgp-1 sshd[21365]: Received disconnect from 178.128.19.209 port 60812:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:34:19 honeypot-ams-1 sshd[27628]: Received disconnect from 61.177.173.33 port 11593:11:  [preauth]","@timestamp":"2022-09-15T09:34:19.596Z"}
{"@timestamp":"2022-09-15T09:34:27.201Z","@version":"1","message":"Sep 15 09:34:26 honeypot-sgp-1 sshd[21369]: Invalid user alano from 182.73.123.118 port 16008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:39:15.318Z","@version":"1","message":"Sep 15 09:39:15 honeypot-sgp-1 kernel: [84110862.550045] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=62227 PROTO=TCP SPT=54555 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:40:47 honeypot-fra-1 kernel: [84109264.503729] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51741 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:40:47.992Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:41:59 honeypot-ams-1 sshd[27631]: Disconnected from 61.177.173.33 port 16695 [preauth]","@timestamp":"2022-09-15T09:41:59.792Z"}
{"@timestamp":"2022-09-15T09:43:05.414Z","@version":"1","message":"Sep 15 09:43:05 honeypot-sgp-1 sshd[21380]: Received disconnect from 179.43.156.143 port 57674:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:43:17 honeypot-ams-1 sshd[27636]: Disconnected from invalid user uk 86.110.184.234 port 53788 [preauth]","@timestamp":"2022-09-15T09:43:17.828Z"}
{"@timestamp":"2022-09-15T09:43:58.437Z","@version":"1","message":"Sep 15 09:43:58 honeypot-sgp-1 sshd[21384]: Disconnected from invalid user ts3 20.214.244.148 port 35154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:45:01 honeypot-fra-1 kernel: [84109518.972426] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.117.17.214 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=19328 DF PROTO=TCP SPT=50330 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:45:02.109Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T09:45:24.475Z","@version":"1","message":"Sep 15 09:45:24 honeypot-sgp-1 sshd[21390]: Received disconnect from 179.43.156.143 port 42402:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:46:00.492Z","@version":"1","message":"Sep 15 09:45:59 honeypot-sgp-1 sshd[21394]: Received disconnect from 179.43.156.143 port 38560:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:47:07.521Z","@version":"1","message":"Sep 15 09:47:07 honeypot-sgp-1 sshd[21399]: Disconnected from authenticating user root 179.43.156.143 port 59156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:47:29 honeypot-ams-1 sshd[27643]: Disconnected from invalid user sebastian 185.230.138.117 port 43166 [preauth]","@timestamp":"2022-09-15T09:47:30.939Z"}
{"@timestamp":"2022-09-15T09:48:23.555Z","@version":"1","message":"Sep 15 09:48:23 honeypot-sgp-1 sshd[21405]: Disconnected from authenticating user root 179.43.156.143 port 51508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:50:15.602Z","@version":"1","message":"Sep 15 09:50:14 honeypot-sgp-1 sshd[21411]: Disconnected from authenticating user root 179.43.156.143 port 40054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:54:34.708Z","@version":"1","message":"Sep 15 09:54:34 honeypot-sgp-1 sshd[21418]: Invalid user support from 179.60.147.69 port 1578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:55:42 honeypot-fra-1 sshd[17805]: Invalid user support from 179.60.147.69 port 53290","@timestamp":"2022-09-15T09:55:43.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:57:56 honeypot-ams-1 sshd[27663]: Connection closed by invalid user support 179.60.147.69 port 58480 [preauth]","@timestamp":"2022-09-15T09:57:56.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:04:39 honeypot-fra-1 kernel: [84110697.139294] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=51863 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:04:40.560Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:06:41.002Z","@version":"1","message":"Sep 15 10:06:40 honeypot-sgp-1 kernel: [84112508.205184] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6810 PROTO=TCP SPT=56186 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:06:58 honeypot-ams-1 sshd[27674]: Invalid user cf from 210.106.108.250 port 38344","@timestamp":"2022-09-15T10:06:58.440Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:08:17 honeypot-fra-1 kernel: [84110915.407601] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=60187 DF PROTO=TCP SPT=51513 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:08:18.650Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:09:49 honeypot-ams-1 sshd[27681]: Did not receive identification string from 61.177.173.33 port 11439","@timestamp":"2022-09-15T10:09:50.516Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:13:45 honeypot-ams-1 sshd[27689]: Received disconnect from 179.43.156.143 port 55366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:13:46.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:14:25 honeypot-fra-1 sshd[17813]: Received disconnect from 202.170.60.201 port 52718:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:14:25.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:14:57 honeypot-ams-1 sshd[27696]: Disconnected from authenticating user root 179.43.156.143 port 49088 [preauth]","@timestamp":"2022-09-15T10:14:57.650Z"}
{"@timestamp":"2022-09-15T10:15:08.210Z","@version":"1","message":"Sep 15 10:15:07 honeypot-sgp-1 sshd[21430]: Invalid user pengfan from 103.188.176.251 port 48464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:16:08 honeypot-ams-1 sshd[27700]: Disconnected from authenticating user root 179.43.156.143 port 42780 [preauth]","@timestamp":"2022-09-15T10:16:08.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:01 honeypot-ams-1 CRON[27706]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T10:17:02.712Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:17:01 honeypot-fra-1 CRON[17818]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T10:17:02.852Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:13 honeypot-ams-1 sshd[27711]: Disconnected from invalid user voq 45.228.19.1 port 57674 [preauth]","@timestamp":"2022-09-15T10:17:14.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:50 honeypot-ams-1 sshd[27715]: Disconnected from invalid user nfsnobod 179.43.156.143 port 33322 [preauth]","@timestamp":"2022-09-15T10:17:51.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:19:35 honeypot-ams-1 sshd[27724]: Disconnected from authenticating user root 179.43.156.143 port 52102 [preauth]","@timestamp":"2022-09-15T10:19:35.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:21:24 honeypot-ams-1 sshd[27730]: Disconnected from authenticating user root 179.43.156.143 port 42614 [preauth]","@timestamp":"2022-09-15T10:21:25.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:23:21 honeypot-ams-1 sshd[27739]: Received disconnect from 118.27.27.133 port 44346:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:23:21.892Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:25:23 honeypot-ams-1 sshd[27746]: Received disconnect from 124.160.96.249 port 63612:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:25:23.947Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:25:56 honeypot-fra-1 kernel: [84111974.161838] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=7192 DF PROTO=TCP SPT=56409 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:25:57.056Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:30:50.585Z","@version":"1","message":"Sep 15 10:30:50 honeypot-sgp-1 sshd[21437]: Invalid user blank from 179.60.147.69 port 45270","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:31:00 honeypot-ams-1 sshd[27754]: Received disconnect from 61.177.173.33 port 59259:11:  [preauth]","@timestamp":"2022-09-15T10:31:01.095Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:31:11 honeypot-fra-1 kernel: [84112288.949351] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5902 PROTO=TCP SPT=42228 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:31:12.178Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:32:05 honeypot-ams-1 sshd[27758]: Disconnected from authenticating user root 61.177.173.33 port 52654 [preauth]","@timestamp":"2022-09-15T10:32:05.125Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:35:06 honeypot-fra-1 kernel: [84112524.200517] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=13300 DF PROTO=TCP SPT=53214 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:35:07.270Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:37:05 honeypot-ams-1 sshd[27766]: Disconnected from authenticating user root 61.177.173.47 port 35260 [preauth]","@timestamp":"2022-09-15T10:37:05.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:39:44 honeypot-ams-1 sshd[27772]: Disconnected from invalid user admin 103.176.179.185 port 45482 [preauth]","@timestamp":"2022-09-15T10:39:44.327Z"}
{"@timestamp":"2022-09-15T10:41:32.842Z","@version":"1","message":"Sep 15 10:41:32 honeypot-sgp-1 sshd[21440]: Disconnected from invalid user web 138.197.195.123 port 46068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:31.918Z","@version":"1","message":"Sep 15 10:44:31 honeypot-sgp-1 sshd[21446]: Invalid user user from 198.98.61.9 port 35586","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:48.926Z","@version":"1","message":"Sep 15 10:44:48 honeypot-sgp-1 sshd[21450]: Invalid user user from 198.98.61.9 port 58908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:45:05.935Z","@version":"1","message":"Sep 15 10:45:05 honeypot-sgp-1 sshd[21454]: Invalid user user from 198.98.61.9 port 54006","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:46:01 honeypot-ams-1 sshd[27779]: Received disconnect from 61.177.173.51 port 47439:11:  [preauth]","@timestamp":"2022-09-15T10:46:01.486Z"}
{"@timestamp":"2022-09-15T10:47:09.986Z","@version":"1","message":"Sep 15 10:47:09 honeypot-sgp-1 kernel: [84114936.746176] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.142.154.40 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=27227 DF PROTO=TCP SPT=32661 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:20 honeypot-ams-1 sshd[27787]: Invalid user user from 141.255.162.226 port 44970","@timestamp":"2022-09-15T10:52:20.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:23 honeypot-ams-1 sshd[27791]: Invalid user user from 141.255.162.226 port 59582","@timestamp":"2022-09-15T10:52:23.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:27 honeypot-ams-1 sshd[27795]: Invalid user user from 141.255.162.226 port 37674","@timestamp":"2022-09-15T10:52:27.654Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:54:27 honeypot-ams-1 kernel: [84115849.601110] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=14176 PROTO=TCP SPT=47472 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:54:27.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:55:53 honeypot-fra-1 kernel: [84113771.261351] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=58756 PROTO=TCP SPT=58074 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:55:54.740Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:59:54.290Z","@version":"1","message":"Sep 15 10:59:53 honeypot-sgp-1 kernel: [84115701.322649] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=24462 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:04:48 honeypot-ams-1 kernel: [84116470.386938] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.163.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57434 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:04:48.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:10:03 honeypot-fra-1 sshd[17837]: Invalid user lav from 165.22.45.108 port 37370","@timestamp":"2022-09-15T11:10:04.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:10:48 honeypot-ams-1 sshd[27818]: Invalid user test from 179.60.147.69 port 17074","@timestamp":"2022-09-15T11:10:49.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:15:01 honeypot-ams-1 sshd[27824]: Disconnected from authenticating user root 61.177.173.50 port 33262 [preauth]","@timestamp":"2022-09-15T11:15:01.254Z"}
{"@timestamp":"2022-09-15T11:17:01.700Z","@version":"1","message":"Sep 15 11:17:01 honeypot-sgp-1 CRON[21468]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:19:25 honeypot-fra-1 sshd[17843]: Invalid user admin from 43.132.254.141 port 47766","@timestamp":"2022-09-15T11:19:26.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:20:43 honeypot-ams-1 kernel: [84117425.461413] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=35611 PROTO=TCP SPT=40230 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:20:43.403Z"}
{"@timestamp":"2022-09-15T11:28:04.972Z","@version":"1","message":"Sep 15 11:28:04 honeypot-sgp-1 sshd[21474]: Invalid user lokesh from 43.245.185.66 port 47338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:30:39 honeypot-fra-1 kernel: [84115856.254844] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28782 PROTO=TCP SPT=41402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:30:39.524Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:34:01 honeypot-ams-1 sshd[27841]: Disconnected from authenticating user root 61.177.173.51 port 63243 [preauth]","@timestamp":"2022-09-15T11:34:01.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:34:25 honeypot-fra-1 kernel: [84116083.139438] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=38670 PROTO=TCP SPT=58064 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:34:26.644Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T11:34:29.130Z","@version":"1","message":"Sep 15 11:34:29 honeypot-sgp-1 kernel: [84117776.366253] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=74.82.47.34 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59633 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:35:26.159Z","@version":"1","message":"Sep 15 11:35:25 honeypot-sgp-1 sshd[21483]: Disconnected from invalid user tam 159.89.40.119 port 54338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:37:44.218Z","@version":"1","message":"Sep 15 11:37:43 honeypot-sgp-1 sshd[21489]: Received disconnect from 122.155.0.205 port 43672:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:39:44 honeypot-ams-1 sshd[27848]: Invalid user nugie from 143.244.190.237 port 54492","@timestamp":"2022-09-15T11:39:44.895Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:39:59 honeypot-fra-1 sshd[17858]: Invalid user tomcat from 193.106.191.157 port 46724","@timestamp":"2022-09-15T11:39:59.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:41:32.314Z","@version":"1","message":"Sep 15 11:41:31 honeypot-sgp-1 kernel: [84118199.031243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15212 PROTO=TCP SPT=52167 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:41:34 honeypot-fra-1 kernel: [84116511.576796] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.145.91 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=18891 PROTO=TCP SPT=59053 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:41:34.805Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:14 honeypot-ams-1 sshd[27853]: Received disconnect from 61.177.173.46 port 18636:11:  [preauth]","@timestamp":"2022-09-15T11:43:15.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:32 honeypot-ams-1 sshd[27857]: Received disconnect from 80.76.51.45 port 47346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:43:33.014Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:44:23 honeypot-ams-1 sshd[27863]: Received disconnect from 80.76.51.45 port 43868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:44:24.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:45:13 honeypot-ams-1 sshd[27872]: Received disconnect from 80.76.51.45 port 40456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:45:14.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:45:47 honeypot-ams-1 sshd[27876]: Disconnected from authenticating user root 80.76.51.45 port 47604 [preauth]","@timestamp":"2022-09-15T11:45:48.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:46:10 honeypot-fra-1 sshd[17865]: Disconnected from authenticating user root 118.70.169.150 port 52472 [preauth]","@timestamp":"2022-09-15T11:46:10.911Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:46:19 honeypot-ams-1 sshd[27882]: Invalid user git from 80.76.51.45 port 54660","@timestamp":"2022-09-15T11:46:20.099Z"}
{"@timestamp":"2022-09-15T11:49:20.507Z","@version":"1","message":"Sep 15 11:49:20 honeypot-sgp-1 kernel: [84118667.761031] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=137.184.53.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=32465 PROTO=TCP SPT=42475 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:52:05 honeypot-fra-1 sshd[17870]: Disconnected from invalid user rp1999a 178.62.233.100 port 47698 [preauth]","@timestamp":"2022-09-15T11:52:06.047Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:54:59 honeypot-ams-1 sshd[27890]: Disconnected from authenticating user root 61.177.172.104 port 46788 [preauth]","@timestamp":"2022-09-15T11:55:00.322Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:57:45 honeypot-fra-1 kernel: [84117482.860149] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.171.59.221 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=16729 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:57:46.177Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:00:27.777Z","@version":"1","message":"Sep 15 12:00:27 honeypot-sgp-1 sshd[21501]: Disconnected from authenticating user root 193.142.146.50 port 53516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:11.821Z","@version":"1","message":"Sep 15 12:02:11 honeypot-sgp-1 sshd[21507]: Disconnected from authenticating user root 193.142.146.50 port 43378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:35.834Z","@version":"1","message":"Sep 15 12:02:35 honeypot-sgp-1 sshd[21513]: Disconnected from invalid user user 45.61.186.49 port 49218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:46.840Z","@version":"1","message":"Sep 15 12:02:46 honeypot-sgp-1 sshd[21519]: Invalid user user from 45.61.186.49 port 60710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:03:04.849Z","@version":"1","message":"Sep 15 12:03:04 honeypot-sgp-1 sshd[21523]: Received disconnect from 193.142.146.50 port 42832:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:19.883Z","@version":"1","message":"Sep 15 12:04:19 honeypot-sgp-1 sshd[21529]: Invalid user test from 193.142.146.50 port 42288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:34.890Z","@version":"1","message":"Sep 15 12:04:34 honeypot-sgp-1 sshd[21531]: Disconnected from invalid user admin 193.142.146.50 port 60928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:05:22 honeypot-fra-1 sshd[17880]: Invalid user teampspeak from 101.255.65.138 port 39088","@timestamp":"2022-09-15T12:05:23.354Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 12:06:18 honeypot-ams-1 kernel: [84120160.971374] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=40667 PROTO=TCP SPT=44336 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:06:19.618Z"}
{"@timestamp":"2022-09-15T12:10:30.037Z","@version":"1","message":"Sep 15 12:10:29 honeypot-sgp-1 sshd[21539]: Did not receive identification string from 45.61.184.204 port 38224","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:08.055Z","@version":"1","message":"Sep 15 12:11:07 honeypot-sgp-1 sshd[21542]: Disconnected from invalid user user 45.61.184.204 port 39190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:11:24 honeypot-fra-1 kernel: [84118301.635345] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=52053 PROTO=TCP SPT=43203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:11:24.510Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:11:27.064Z","@version":"1","message":"Sep 15 12:11:26 honeypot-sgp-1 sshd[21547]: Disconnected from invalid user user 45.61.184.204 port 33990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:46.074Z","@version":"1","message":"Sep 15 12:11:45 honeypot-sgp-1 sshd[21551]: Disconnected from invalid user user 45.61.184.204 port 57022 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:12:47 honeypot-fra-1 sshd[17889]: Connection closed by invalid user admin 128.199.160.207 port 54934 [preauth]","@timestamp":"2022-09-15T12:12:48.544Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:14:54.152Z","@version":"1","message":"Sep 15 12:14:53 honeypot-sgp-1 sshd[21556]: Disconnected from authenticating user sshd 92.255.85.70 port 60058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:01 honeypot-fra-1 sshd[17894]: Received disconnect from 45.61.187.160 port 59388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:15:02.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:21 honeypot-fra-1 sshd[17898]: Received disconnect from 45.61.187.160 port 53846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:15:22.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:40 honeypot-fra-1 sshd[17902]: Received disconnect from 45.61.187.160 port 48302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:15:40.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:51 honeypot-fra-1 sshd[17906]: Disconnected from authenticating user root 164.90.149.69 port 34376 [preauth]","@timestamp":"2022-09-15T12:15:51.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:16:59 honeypot-fra-1 sshd[17911]: Disconnected from invalid user prueb 139.59.78.156 port 40958 [preauth]","@timestamp":"2022-09-15T12:16:59.652Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:17:01 honeypot-ams-1 CRON[27912]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T12:17:01.898Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:30 honeypot-ams-1 sshd[27918]: Received disconnect from 45.61.186.249 port 55184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:18:30.938Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:50 honeypot-ams-1 sshd[27922]: Received disconnect from 45.61.186.249 port 49518:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:18:50.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:08 honeypot-ams-1 sshd[27926]: Received disconnect from 45.61.186.249 port 43854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:19:08.977Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:25 honeypot-ams-1 sshd[27930]: Received disconnect from 45.61.186.249 port 38192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:19:25.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:20:24 honeypot-ams-1 sshd[27934]: Disconnected from authenticating user sshd 92.255.85.70 port 49170 [preauth]","@timestamp":"2022-09-15T12:20:25.016Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:21:23 honeypot-ams-1 sshd[27940]: Disconnected from authenticating user root 61.177.172.98 port 47126 [preauth]","@timestamp":"2022-09-15T12:21:24.044Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:23:09 honeypot-fra-1 kernel: [84119006.727339] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=164.92.106.242 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=61140 PROTO=TCP SPT=42475 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:23:09.815Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:25:29.408Z","@version":"1","message":"Sep 15 12:25:29 honeypot-sgp-1 sshd[21565]: Invalid user admin from 178.128.125.205 port 48440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:25:29 honeypot-fra-1 sshd[17921]: Disconnected from authenticating user sshd 92.255.85.70 port 22518 [preauth]","@timestamp":"2022-09-15T12:25:29.872Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:26:43.439Z","@version":"1","message":"Sep 15 12:26:43 honeypot-sgp-1 sshd[21571]: Invalid user Administrator from 92.255.85.70 port 55624","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:27:02 honeypot-fra-1 sshd[17925]: Disconnected from invalid user yd 89.28.92.118 port 49518 [preauth]","@timestamp":"2022-09-15T12:27:02.910Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:28:29.484Z","@version":"1","message":"Sep 15 12:28:28 honeypot-sgp-1 sshd[21576]: Disconnected from authenticating user root 109.42.178.255 port 5636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:33.487Z","@version":"1","message":"Sep 15 12:28:33 honeypot-sgp-1 sshd[21582]: Received disconnect from 109.42.178.255 port 15068:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:38.490Z","@version":"1","message":"Sep 15 12:28:37 honeypot-sgp-1 sshd[21588]: Received disconnect from 109.42.178.255 port 16243:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:42.492Z","@version":"1","message":"Sep 15 12:28:42 honeypot-sgp-1 sshd[21594]: Received disconnect from 109.42.178.255 port 8603:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:46.495Z","@version":"1","message":"Sep 15 12:28:46 honeypot-sgp-1 sshd[21600]: Received disconnect from 109.42.178.255 port 14782:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:51.498Z","@version":"1","message":"Sep 15 12:28:50 honeypot-sgp-1 sshd[21606]: Received disconnect from 109.42.178.255 port 14469:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:55.500Z","@version":"1","message":"Sep 15 12:28:55 honeypot-sgp-1 sshd[21612]: Received disconnect from 109.42.178.255 port 1751:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:00.504Z","@version":"1","message":"Sep 15 12:28:59 honeypot-sgp-1 sshd[21618]: Received disconnect from 109.42.178.255 port 22268:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:04.506Z","@version":"1","message":"Sep 15 12:29:03 honeypot-sgp-1 sshd[21624]: Received disconnect from 109.42.178.255 port 22829:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:08.509Z","@version":"1","message":"Sep 15 12:29:08 honeypot-sgp-1 sshd[21630]: Received disconnect from 109.42.178.255 port 9200:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:13.511Z","@version":"1","message":"Sep 15 12:29:12 honeypot-sgp-1 sshd[21636]: Received disconnect from 109.42.178.255 port 11639:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:17.515Z","@version":"1","message":"Sep 15 12:29:17 honeypot-sgp-1 sshd[21642]: Received disconnect from 109.42.178.255 port 26415:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:21.517Z","@version":"1","message":"Sep 15 12:29:21 honeypot-sgp-1 sshd[21648]: Invalid user admin from 109.42.178.255 port 21286","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:24.519Z","@version":"1","message":"Sep 15 12:29:24 honeypot-sgp-1 sshd[21652]: Invalid user admin from 109.42.178.255 port 27407","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:27.521Z","@version":"1","message":"Sep 15 12:29:26 honeypot-sgp-1 sshd[21656]: Invalid user admin from 109.42.178.255 port 2122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:30.524Z","@version":"1","message":"Sep 15 12:29:29 honeypot-sgp-1 sshd[21660]: Invalid user admin from 109.42.178.255 port 15075","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:33.525Z","@version":"1","message":"Sep 15 12:29:32 honeypot-sgp-1 sshd[21664]: Invalid user admin from 109.42.178.255 port 17228","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:36.527Z","@version":"1","message":"Sep 15 12:29:35 honeypot-sgp-1 sshd[21668]: Invalid user user from 109.42.178.255 port 22577","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:39.529Z","@version":"1","message":"Sep 15 12:29:38 honeypot-sgp-1 sshd[21672]: Disconnected from authenticating user root 109.42.178.255 port 30164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:42.531Z","@version":"1","message":"Sep 15 12:29:41 honeypot-sgp-1 sshd[21676]: Disconnected from invalid user pi 109.42.178.255 port 23053 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:44.532Z","@version":"1","message":"Sep 15 12:29:44 honeypot-sgp-1 sshd[21680]: Disconnected from invalid user ethos 109.42.178.255 port 9105 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:47.535Z","@version":"1","message":"Sep 15 12:29:47 honeypot-sgp-1 sshd[21684]: Disconnected from invalid user miner 109.42.178.255 port 17539 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:50.536Z","@version":"1","message":"Sep 15 12:29:50 honeypot-sgp-1 sshd[21688]: Disconnected from invalid user volumio 109.42.178.255 port 19400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:53.538Z","@version":"1","message":"Sep 15 12:29:53 honeypot-sgp-1 sshd[21692]: Disconnected from invalid user nagios 109.42.178.255 port 4853 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:56.540Z","@version":"1","message":"Sep 15 12:29:56 honeypot-sgp-1 sshd[21696]: Disconnected from invalid user vagrant 109.42.178.255 port 13877 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:59.542Z","@version":"1","message":"Sep 15 12:29:58 honeypot-sgp-1 sshd[21700]: Disconnected from invalid user debian 109.42.178.255 port 31205 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:02.545Z","@version":"1","message":"Sep 15 12:30:01 honeypot-sgp-1 sshd[21704]: Disconnected from invalid user debian 109.42.178.255 port 5852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:05.546Z","@version":"1","message":"Sep 15 12:30:04 honeypot-sgp-1 sshd[21708]: Disconnected from invalid user alarm 109.42.178.255 port 25641 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:08.548Z","@version":"1","message":"Sep 15 12:30:07 honeypot-sgp-1 sshd[21712]: Disconnected from invalid user test 109.42.178.255 port 4351 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:10.550Z","@version":"1","message":"Sep 15 12:30:10 honeypot-sgp-1 sshd[21716]: Disconnected from invalid user cirros 109.42.178.255 port 25475 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 12:31:44 honeypot-ams-1 kernel: [84121687.138963] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.151.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18689 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:31:45.312Z"}
{"@timestamp":"2022-09-15T12:34:42.664Z","@version":"1","message":"Sep 15 12:34:42 honeypot-sgp-1 sshd[21722]: Received disconnect from 141.255.162.226 port 57876:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:34:43 honeypot-fra-1 sshd[17931]: Disconnected from authenticating user root 189.33.0.103 port 52308 [preauth]","@timestamp":"2022-09-15T12:34:44.090Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:34:45 honeypot-ams-1 sshd[28032]: Received disconnect from 189.33.0.103 port 55195:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:34:45.394Z"}
{"@timestamp":"2022-09-15T12:34:45.667Z","@version":"1","message":"Sep 15 12:34:44 honeypot-sgp-1 sshd[21726]: Received disconnect from 141.255.162.226 port 51414:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:34:48.669Z","@version":"1","message":"Sep 15 12:34:48 honeypot-sgp-1 sshd[21730]: Received disconnect from 141.255.162.226 port 37704:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:35:57 honeypot-ams-1 sshd[28036]: Invalid user  from 81.17.25.50 port 55245","@timestamp":"2022-09-15T12:35:57.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:38:17 honeypot-ams-1 sshd[28042]: Invalid user admin from 81.17.25.50 port 19226","@timestamp":"2022-09-15T12:38:17.495Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:40:00 honeypot-ams-1 sshd[28051]: Connection reset by 61.177.173.48 port 14209 [preauth]","@timestamp":"2022-09-15T12:40:01.546Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:42:09 honeypot-ams-1 sshd[28059]: Invalid user 1234 from 81.17.25.50 port 2358","@timestamp":"2022-09-15T12:42:09.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:43:03 honeypot-ams-1 sshd[28063]: Disconnecting invalid user Admin 81.17.25.50 port 31497: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:43:03.635Z"}
{"@timestamp":"2022-09-15T12:44:15.898Z","@version":"1","message":"Sep 15 12:44:15 honeypot-sgp-1 sshd[21735]: Invalid user yanhao from 103.188.176.251 port 43810","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:44:54 honeypot-ams-1 sshd[28072]: Disconnecting invalid user user 81.17.25.50 port 55870: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:44:55.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:46:31 honeypot-ams-1 sshd[28082]: Invalid user admin from 81.17.25.50 port 51883","@timestamp":"2022-09-15T12:46:31.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:47:29 honeypot-ams-1 sshd[28090]: Disconnecting authenticating user root 81.17.25.50 port 18125: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:47:29.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:15 honeypot-ams-1 sshd[28094]: Disconnecting invalid user Cisco 81.17.25.50 port 9767: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:48:15.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:03 honeypot-ams-1 sshd[28103]: Disconnecting invalid user 1234 81.17.25.50 port 23563: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:49:04.819Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:49:05 honeypot-fra-1 sshd[17934]: Disconnected from invalid user th 190.153.249.99 port 35721 [preauth]","@timestamp":"2022-09-15T12:49:05.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:38 honeypot-ams-1 sshd[28111]: Invalid user adslroot from 81.17.25.50 port 4081","@timestamp":"2022-09-15T12:49:38.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:50:02 honeypot-ams-1 sshd[28117]: Disconnected from invalid user ubnt 150.136.132.142 port 26095 [preauth]","@timestamp":"2022-09-15T12:50:02.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:50:24 honeypot-fra-1 sshd[17939]: Disconnected from invalid user Administrator 92.255.85.70 port 17804 [preauth]","@timestamp":"2022-09-15T12:50:25.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:50:59.066Z","@version":"1","message":"Sep 15 12:50:58 honeypot-sgp-1 sshd[21738]: Disconnected from invalid user cloud 143.198.140.38 port 51366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:51:20 honeypot-ams-1 sshd[28121]: Disconnecting invalid user zhone 81.17.25.50 port 44046: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:51:20.893Z"}
{"@timestamp":"2022-09-15T12:52:20.103Z","@version":"1","message":"Sep 15 12:52:19 honeypot-sgp-1 sshd[21744]: Connection closed by invalid user pi 79.232.100.20 port 38138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:52:40 honeypot-ams-1 sshd[28127]: Invalid user default from 81.17.25.50 port 56872","@timestamp":"2022-09-15T12:52:40.934Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:53:35 honeypot-ams-1 sshd[28133]: Invalid user c1@r0 from 81.17.25.50 port 41224","@timestamp":"2022-09-15T12:53:35.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:54:17 honeypot-ams-1 sshd[28138]: Disconnecting invalid user cusadmin 81.17.25.50 port 29373: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:54:17.983Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:56:59 honeypot-ams-1 sshd[28144]: Disconnecting invalid user lgnortel 81.17.25.50 port 53433: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:57:00.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:57:50 honeypot-ams-1 sshd[28150]: Disconnecting invalid user admin 81.17.25.50 port 19004: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:57:51.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:58:00 honeypot-fra-1 sshd[17944]: Disconnected from invalid user law 165.22.45.108 port 47516 [preauth]","@timestamp":"2022-09-15T12:58:00.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:59:04 honeypot-ams-1 sshd[28156]: Disconnecting invalid user admin1234 81.17.25.50 port 5643: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:59:05.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:04 honeypot-ams-1 sshd[28164]: Disconnecting invalid user admin 81.17.25.50 port 5000: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:00:05.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:47 honeypot-ams-1 sshd[28170]: Disconnecting invalid user blank 81.17.25.50 port 60264: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:00:48.175Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:01:25 honeypot-fra-1 sshd[17950]: Invalid user sage from 138.0.239.70 port 36246","@timestamp":"2022-09-15T13:01:25.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:01:56 honeypot-ams-1 sshd[28178]: Invalid user 0 from 81.17.25.50 port 30634","@timestamp":"2022-09-15T13:01:57.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:02:47 honeypot-ams-1 sshd[28184]: Invalid user admin from 81.17.25.50 port 34138","@timestamp":"2022-09-15T13:02:47.303Z"}
{"@timestamp":"2022-09-15T13:03:02.372Z","@version":"1","message":"Sep 15 13:03:01 honeypot-sgp-1 sshd[21751]: Invalid user debian from 179.60.147.69 port 61758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:03:36 honeypot-ams-1 sshd[28188]: Disconnecting invalid user sitecom 81.17.25.50 port 39006: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:03:36.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:04:10 honeypot-ams-1 sshd[28195]: Invalid user admin from 81.17.25.50 port 19287","@timestamp":"2022-09-15T13:04:11.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:05:30 honeypot-ams-1 sshd[28202]: Invalid user smcadmin from 81.17.25.50 port 60590","@timestamp":"2022-09-15T13:05:31.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:16 honeypot-ams-1 sshd[28210]: Did not receive identification string from 80.76.51.189 port 60782","@timestamp":"2022-09-15T13:06:17.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:25 honeypot-ams-1 sshd[28208]: Disconnecting invalid user admin 81.17.25.50 port 39309: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:06:25.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:06:40 honeypot-fra-1 sshd[17955]: Disconnected from authenticating user root 157.245.46.21 port 39774 [preauth]","@timestamp":"2022-09-15T13:06:40.820Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:59 honeypot-ams-1 sshd[28219]: Disconnecting invalid user public 81.17.25.50 port 61297: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:06:59.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:27 honeypot-ams-1 sshd[28227]: Invalid user ubnt from 81.17.25.50 port 15118","@timestamp":"2022-09-15T13:07:27.470Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:06 honeypot-ams-1 sshd[28237]: Invalid user Administrator from 92.255.85.69 port 59976","@timestamp":"2022-09-15T13:08:06.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:17 honeypot-ams-1 sshd[28241]: Invalid user user from 81.17.25.50 port 5851","@timestamp":"2022-09-15T13:08:17.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:42 honeypot-ams-1 sshd[28245]: Invalid user readwrite from 81.17.25.50 port 60152","@timestamp":"2022-09-15T13:08:43.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:08 honeypot-ams-1 sshd[28253]: Invalid user DZY-W2914NSV2 from 81.17.25.50 port 30723","@timestamp":"2022-09-15T13:09:09.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:29 honeypot-ams-1 sshd[28260]: Invalid user admin from 81.17.25.50 port 11685","@timestamp":"2022-09-15T13:09:29.536Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:09:43 honeypot-ams-1 kernel: [84123966.019844] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x18 PREC=0x00 TTL=239 ID=15138 PROTO=TCP SPT=41304 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:09:44.544Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:54 honeypot-ams-1 sshd[28270]: Connection closed by invalid user ltecl4r0 81.17.25.50 port 27324 [preauth]","@timestamp":"2022-09-15T13:09:54.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:11:18 honeypot-ams-1 sshd[28279]: Disconnected from authenticating user root 80.76.51.189 port 46324 [preauth]","@timestamp":"2022-09-15T13:11:18.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:12:22 honeypot-ams-1 sshd[28283]: Disconnected from invalid user test 80.76.51.189 port 58872 [preauth]","@timestamp":"2022-09-15T13:12:22.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:13:28 honeypot-ams-1 sshd[28287]: Disconnected from invalid user testuser 80.76.51.189 port 43176 [preauth]","@timestamp":"2022-09-15T13:13:28.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:14:36 honeypot-ams-1 sshd[28292]: Disconnected from invalid user ubuntu 80.76.51.189 port 55712 [preauth]","@timestamp":"2022-09-15T13:14:36.681Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:15:45 honeypot-ams-1 sshd[28296]: Disconnected from invalid user ubuntu 80.76.51.189 port 40018 [preauth]","@timestamp":"2022-09-15T13:15:45.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:17:01 honeypot-fra-1 CRON[17962]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T13:17:01.055Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:01 honeypot-ams-1 CRON[28304]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T13:17:02.749Z"}
{"@timestamp":"2022-09-15T13:17:01.723Z","@version":"1","message":"Sep 15 13:17:01 honeypot-sgp-1 CRON[21757]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:27 honeypot-ams-1 sshd[28309]: Disconnected from invalid user oracle 80.76.51.189 port 44676 [preauth]","@timestamp":"2022-09-15T13:17:27.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:55 honeypot-ams-1 sshd[28313]: Disconnected from invalid user user 198.98.61.9 port 47278 [preauth]","@timestamp":"2022-09-15T13:17:55.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:03 honeypot-ams-1 sshd[28317]: Disconnected from invalid user user 198.98.61.9 port 59008 [preauth]","@timestamp":"2022-09-15T13:18:04.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:20 honeypot-ams-1 sshd[28321]: Disconnected from invalid user user 198.98.61.9 port 54230 [preauth]","@timestamp":"2022-09-15T13:18:20.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:36 honeypot-ams-1 sshd[28329]: Received disconnect from 80.76.51.189 port 57236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:18:36.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:41 honeypot-ams-1 sshd[28331]: Disconnected from authenticating user root 61.177.173.35 port 59222 [preauth]","@timestamp":"2022-09-15T13:18:41.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:20:23 honeypot-ams-1 sshd[28338]: Received disconnect from 80.76.51.189 port 33682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:20:23.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:28 honeypot-fra-1 sshd[17967]: Received disconnect from 192.174.125.154 port 63105:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:29.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:30 honeypot-fra-1 sshd[17972]: Disconnected from invalid user admin 192.174.125.154 port 11937 [preauth]","@timestamp":"2022-09-15T13:23:30.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:32 honeypot-fra-1 sshd[17976]: Disconnected from invalid user user2 192.174.125.154 port 24193 [preauth]","@timestamp":"2022-09-15T13:23:32.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:34 honeypot-fra-1 sshd[17982]: Invalid user user from 192.174.125.154 port 42689","@timestamp":"2022-09-15T13:23:35.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:36 honeypot-fra-1 sshd[17986]: Received disconnect from 192.174.125.154 port 54593:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:37.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:39 honeypot-fra-1 sshd[17990]: Received disconnect from 192.174.125.154 port 3201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:39.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:40 honeypot-fra-1 sshd[17994]: Disconnected from authenticating user root 192.174.125.154 port 14497 [preauth]","@timestamp":"2022-09-15T13:23:41.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:42 honeypot-fra-1 sshd[17998]: Disconnected from invalid user user 192.174.125.154 port 25537 [preauth]","@timestamp":"2022-09-15T13:23:43.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:45 honeypot-fra-1 sshd[18004]: Invalid user admin from 192.174.125.154 port 43297","@timestamp":"2022-09-15T13:23:46.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:47 honeypot-fra-1 sshd[18008]: Invalid user user2 from 192.174.125.154 port 55521","@timestamp":"2022-09-15T13:23:48.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:49 honeypot-fra-1 sshd[18012]: Received disconnect from 192.174.125.154 port 3938:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:50.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:51 honeypot-fra-1 sshd[18016]: Received disconnect from 192.174.125.154 port 15681:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:52.217Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:53 honeypot-fra-1 sshd[18020]: Disconnected from invalid user admin 192.174.125.154 port 27745 [preauth]","@timestamp":"2022-09-15T13:23:54.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:55 honeypot-fra-1 sshd[18024]: Disconnected from invalid user user2 192.174.125.154 port 39329 [preauth]","@timestamp":"2022-09-15T13:23:56.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:58 honeypot-fra-1 sshd[18030]: Invalid user user from 192.174.125.154 port 56801","@timestamp":"2022-09-15T13:23:59.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:00 honeypot-fra-1 sshd[18034]: Received disconnect from 192.174.125.154 port 6113:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:01.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:02 honeypot-fra-1 sshd[18038]: Received disconnect from 192.174.125.154 port 19010:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:03.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:24:05 honeypot-ams-1 sshd[28342]: Received disconnect from 92.255.85.70 port 16392:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:05.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:11 honeypot-fra-1 sshd[18042]: Received disconnect from 192.174.125.154 port 10529:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:12.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:13 honeypot-fra-1 sshd[18046]: Received disconnect from 192.174.125.154 port 22145:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:14.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:15 honeypot-fra-1 sshd[18050]: Disconnected from authenticating user root 192.174.125.154 port 33441 [preauth]","@timestamp":"2022-09-15T13:24:16.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:17 honeypot-fra-1 sshd[18054]: Disconnected from invalid user user 192.174.125.154 port 45474 [preauth]","@timestamp":"2022-09-15T13:24:18.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:20 honeypot-fra-1 sshd[18060]: Invalid user admin from 192.174.125.154 port 63777","@timestamp":"2022-09-15T13:24:21.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:22 honeypot-fra-1 sshd[18064]: Invalid user user2 from 192.174.125.154 port 12801","@timestamp":"2022-09-15T13:24:23.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:25 honeypot-fra-1 sshd[18068]: Received disconnect from 192.174.125.154 port 24737:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:25.238Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:27 honeypot-fra-1 sshd[18072]: Received disconnect from 192.174.125.154 port 37217:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:27.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:29 honeypot-fra-1 sshd[18076]: Disconnected from invalid user admin 192.174.125.154 port 49089 [preauth]","@timestamp":"2022-09-15T13:24:29.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:31 honeypot-fra-1 sshd[18080]: Disconnected from invalid user user2 192.174.125.154 port 61186 [preauth]","@timestamp":"2022-09-15T13:24:31.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:33 honeypot-fra-1 sshd[18086]: Invalid user user from 192.174.125.154 port 16257","@timestamp":"2022-09-15T13:24:34.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:36 honeypot-fra-1 sshd[18090]: Received disconnect from 192.174.125.154 port 27969:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:36.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:38 honeypot-fra-1 sshd[18094]: Received disconnect from 192.174.125.154 port 40257:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:38.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:40 honeypot-fra-1 sshd[18098]: Disconnected from authenticating user root 192.174.125.154 port 52289 [preauth]","@timestamp":"2022-09-15T13:24:40.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:42 honeypot-fra-1 sshd[18102]: Disconnected from invalid user user 192.174.125.154 port 64354 [preauth]","@timestamp":"2022-09-15T13:24:42.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:44 honeypot-fra-1 sshd[18108]: Invalid user admin from 192.174.125.154 port 19809","@timestamp":"2022-09-15T13:24:45.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:46 honeypot-fra-1 sshd[18112]: Invalid user user2 from 192.174.125.154 port 32225","@timestamp":"2022-09-15T13:24:47.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:49 honeypot-fra-1 sshd[18116]: Received disconnect from 192.174.125.154 port 44865:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:49.255Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:51 honeypot-fra-1 sshd[18120]: Received disconnect from 192.174.125.154 port 57537:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:51.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:53 honeypot-fra-1 sshd[18124]: Disconnected from invalid user admin 192.174.125.154 port 6402 [preauth]","@timestamp":"2022-09-15T13:24:53.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:55 honeypot-fra-1 sshd[18128]: Disconnected from invalid user user2 192.174.125.154 port 18913 [preauth]","@timestamp":"2022-09-15T13:24:55.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:57 honeypot-fra-1 sshd[18134]: Invalid user user from 192.174.125.154 port 36802","@timestamp":"2022-09-15T13:24:58.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:00 honeypot-fra-1 sshd[18138]: Received disconnect from 192.174.125.154 port 49409:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:00.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:02 honeypot-fra-1 sshd[18142]: Received disconnect from 192.174.125.154 port 61761:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:02.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:04 honeypot-fra-1 sshd[18146]: Received disconnect from 192.174.125.154 port 10401:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:04.266Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:06 honeypot-fra-1 sshd[18150]: Received disconnect from 192.174.125.154 port 22209:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:06.267Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:08 honeypot-fra-1 sshd[18154]: Disconnected from authenticating user root 192.174.125.154 port 34081 [preauth]","@timestamp":"2022-09-15T13:25:08.268Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:10 honeypot-fra-1 sshd[18158]: Disconnected from invalid user user 192.174.125.154 port 45409 [preauth]","@timestamp":"2022-09-15T13:25:10.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:12 honeypot-fra-1 sshd[18164]: Invalid user admin from 192.174.125.154 port 63553","@timestamp":"2022-09-15T13:25:13.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:15 honeypot-fra-1 sshd[18168]: Invalid user user2 from 192.174.125.154 port 12577","@timestamp":"2022-09-15T13:25:15.274Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:17 honeypot-fra-1 sshd[18172]: Received disconnect from 192.174.125.154 port 24929:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:17.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:19 honeypot-fra-1 sshd[18176]: Received disconnect from 192.174.125.154 port 36161:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:19.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:21 honeypot-fra-1 sshd[18180]: Disconnected from invalid user admin 192.174.125.154 port 48033 [preauth]","@timestamp":"2022-09-15T13:25:21.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:23 honeypot-fra-1 sshd[18184]: Disconnected from invalid user user2 192.174.125.154 port 60321 [preauth]","@timestamp":"2022-09-15T13:25:23.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:26 honeypot-fra-1 sshd[18190]: Invalid user user from 192.174.125.154 port 15361","@timestamp":"2022-09-15T13:25:26.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:28 honeypot-fra-1 sshd[18194]: Received disconnect from 192.174.125.154 port 27457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:28.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:30 honeypot-fra-1 sshd[18198]: Received disconnect from 192.174.125.154 port 39009:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:30.284Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:32 honeypot-fra-1 sshd[18202]: Disconnected from authenticating user root 192.174.125.154 port 50657 [preauth]","@timestamp":"2022-09-15T13:25:32.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:34 honeypot-fra-1 sshd[18206]: Disconnected from invalid user user 192.174.125.154 port 62337 [preauth]","@timestamp":"2022-09-15T13:25:35.287Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:37 honeypot-fra-1 sshd[18212]: Invalid user admin from 192.174.125.154 port 17154","@timestamp":"2022-09-15T13:25:37.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:39 honeypot-fra-1 sshd[18216]: Invalid user user2 from 192.174.125.154 port 28705","@timestamp":"2022-09-15T13:25:39.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:41 honeypot-fra-1 sshd[18220]: Received disconnect from 192.174.125.154 port 40097:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:41.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:43 honeypot-fra-1 sshd[18224]: Received disconnect from 192.174.125.154 port 51041:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:43.293Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:45 honeypot-fra-1 sshd[18228]: Disconnected from invalid user admin 192.174.125.154 port 62657 [preauth]","@timestamp":"2022-09-15T13:25:45.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:47 honeypot-fra-1 sshd[18232]: Disconnected from invalid user user2 192.174.125.154 port 10945 [preauth]","@timestamp":"2022-09-15T13:25:47.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:50 honeypot-fra-1 sshd[18238]: Invalid user user from 192.174.125.154 port 27905","@timestamp":"2022-09-15T13:25:50.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:52 honeypot-fra-1 sshd[18242]: Received disconnect from 192.174.125.154 port 39297:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:52.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:54 honeypot-fra-1 sshd[18246]: Received disconnect from 192.174.125.154 port 49633:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:55.300Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:56 honeypot-fra-1 sshd[18250]: Disconnected from authenticating user root 192.174.125.154 port 61729 [preauth]","@timestamp":"2022-09-15T13:25:57.302Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:58 honeypot-fra-1 sshd[18254]: Disconnected from invalid user user 192.174.125.154 port 9697 [preauth]","@timestamp":"2022-09-15T13:25:58.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:01 honeypot-fra-1 sshd[18260]: Invalid user admin from 192.174.125.154 port 26081","@timestamp":"2022-09-15T13:26:01.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:03 honeypot-fra-1 sshd[18264]: Invalid user user2 from 192.174.125.154 port 37217","@timestamp":"2022-09-15T13:26:03.307Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:05 honeypot-fra-1 sshd[18268]: Received disconnect from 192.174.125.154 port 47969:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:05.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:07 honeypot-fra-1 sshd[18273]: Received disconnect from 192.174.125.154 port 58945:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:07.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:09 honeypot-fra-1 sshd[18277]: Disconnected from invalid user admin 192.174.125.154 port 6689 [preauth]","@timestamp":"2022-09-15T13:26:10.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:11 honeypot-fra-1 sshd[18281]: Disconnected from invalid user user2 192.174.125.154 port 17121 [preauth]","@timestamp":"2022-09-15T13:26:11.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:14 honeypot-fra-1 sshd[18287]: Invalid user user from 192.174.125.154 port 32801","@timestamp":"2022-09-15T13:26:14.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:16 honeypot-fra-1 sshd[18291]: Received disconnect from 192.174.125.154 port 43617:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:16.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:18 honeypot-fra-1 sshd[18295]: Received disconnect from 192.174.125.154 port 54625:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:18.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:20 honeypot-fra-1 sshd[18299]: Disconnected from authenticating user root 192.174.125.154 port 2305 [preauth]","@timestamp":"2022-09-15T13:26:20.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:22 honeypot-fra-1 sshd[18303]: Disconnected from invalid user user 192.174.125.154 port 12963 [preauth]","@timestamp":"2022-09-15T13:26:22.319Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:25 honeypot-fra-1 sshd[18309]: Invalid user admin from 192.174.125.154 port 28833","@timestamp":"2022-09-15T13:26:25.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:27 honeypot-fra-1 sshd[18313]: Invalid user user2 from 192.174.125.154 port 39489","@timestamp":"2022-09-15T13:26:27.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:29 honeypot-fra-1 sshd[18317]: Received disconnect from 192.174.125.154 port 50465:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:29.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:31 honeypot-fra-1 sshd[18321]: Received disconnect from 192.174.125.154 port 61601:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:31.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:33 honeypot-fra-1 sshd[18325]: Disconnected from invalid user admin 192.174.125.154 port 9185 [preauth]","@timestamp":"2022-09-15T13:26:33.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:35 honeypot-fra-1 sshd[18329]: Disconnected from invalid user user2 192.174.125.154 port 19649 [preauth]","@timestamp":"2022-09-15T13:26:35.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:37 honeypot-fra-1 sshd[18335]: Invalid user user from 192.174.125.154 port 34785","@timestamp":"2022-09-15T13:26:38.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:40 honeypot-fra-1 sshd[18339]: Received disconnect from 192.174.125.154 port 44897:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:40.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:42 honeypot-fra-1 sshd[18343]: Received disconnect from 192.174.125.154 port 54689:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:42.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:43 honeypot-fra-1 sshd[18347]: Disconnected from authenticating user root 192.174.125.154 port 64481 [preauth]","@timestamp":"2022-09-15T13:26:44.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:45 honeypot-fra-1 sshd[18351]: Disconnected from invalid user user 192.174.125.154 port 10914 [preauth]","@timestamp":"2022-09-15T13:26:46.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:48 honeypot-fra-1 sshd[18357]: Invalid user admin from 192.174.125.154 port 26401","@timestamp":"2022-09-15T13:26:49.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:50 honeypot-fra-1 sshd[18361]: Invalid user user2 from 192.174.125.154 port 36257","@timestamp":"2022-09-15T13:26:51.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:52 honeypot-fra-1 sshd[18365]: Received disconnect from 192.174.125.154 port 46465:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:53.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:54 honeypot-fra-1 sshd[18369]: Received disconnect from 192.174.125.154 port 56545:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:55.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:56 honeypot-fra-1 sshd[18373]: Disconnected from invalid user admin 192.174.125.154 port 3201 [preauth]","@timestamp":"2022-09-15T13:26:57.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:58 honeypot-fra-1 sshd[18377]: Disconnected from invalid user user2 192.174.125.154 port 13665 [preauth]","@timestamp":"2022-09-15T13:26:59.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:01 honeypot-fra-1 sshd[18383]: Invalid user user from 192.174.125.154 port 28321","@timestamp":"2022-09-15T13:27:02.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:03 honeypot-fra-1 sshd[18387]: Received disconnect from 192.174.125.154 port 37857:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:04.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:05 honeypot-fra-1 sshd[18391]: Received disconnect from 192.174.125.154 port 47905:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:06.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:07 honeypot-fra-1 sshd[18395]: Disconnected from authenticating user root 192.174.125.154 port 57473 [preauth]","@timestamp":"2022-09-15T13:27:08.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:09 honeypot-fra-1 sshd[18399]: Disconnected from invalid user user 192.174.125.154 port 4641 [preauth]","@timestamp":"2022-09-15T13:27:10.353Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:12 honeypot-fra-1 sshd[18405]: Invalid user admin from 192.174.125.154 port 19105","@timestamp":"2022-09-15T13:27:12.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:14 honeypot-fra-1 sshd[18409]: Invalid user user2 from 192.174.125.154 port 29121","@timestamp":"2022-09-15T13:27:14.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:16 honeypot-fra-1 sshd[18413]: Received disconnect from 192.174.125.154 port 39553:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:17.358Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:18 honeypot-fra-1 sshd[18417]: Received disconnect from 192.174.125.154 port 49345:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:18.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:20 honeypot-fra-1 sshd[18421]: Disconnected from invalid user admin 192.174.125.154 port 59041 [preauth]","@timestamp":"2022-09-15T13:27:20.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:22 honeypot-fra-1 sshd[18425]: Disconnected from invalid user user2 192.174.125.154 port 5697 [preauth]","@timestamp":"2022-09-15T13:27:23.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:25 honeypot-fra-1 sshd[18431]: Invalid user user from 192.174.125.154 port 20513","@timestamp":"2022-09-15T13:27:25.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:27 honeypot-fra-1 sshd[18435]: Received disconnect from 192.174.125.154 port 30369:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:27.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:29 honeypot-fra-1 sshd[18439]: Invalid user user from 192.174.125.154 port 40321","@timestamp":"2022-09-15T13:27:29.367Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:31 honeypot-fra-1 sshd[18443]: Received disconnect from 192.174.125.154 port 50274:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:31.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:40 honeypot-fra-1 sshd[18447]: Received disconnect from 192.174.125.154 port 30945:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:40.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:42 honeypot-fra-1 sshd[18451]: Disconnected from authenticating user root 192.174.125.154 port 40513 [preauth]","@timestamp":"2022-09-15T13:27:42.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:44 honeypot-fra-1 sshd[18455]: Disconnected from invalid user user 192.174.125.154 port 51009 [preauth]","@timestamp":"2022-09-15T13:27:44.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:47 honeypot-fra-1 sshd[18461]: Invalid user admin from 192.174.125.154 port 3233","@timestamp":"2022-09-15T13:27:47.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:48 honeypot-fra-1 sshd[18465]: Invalid user user2 from 192.174.125.154 port 12963","@timestamp":"2022-09-15T13:27:49.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:50 honeypot-fra-1 sshd[18469]: Received disconnect from 192.174.125.154 port 22401:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:51.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:52 honeypot-fra-1 sshd[18473]: Received disconnect from 192.174.125.154 port 32641:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:53.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:54 honeypot-fra-1 sshd[18477]: Disconnected from invalid user admin 192.174.125.154 port 42593 [preauth]","@timestamp":"2022-09-15T13:27:55.383Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:56 honeypot-fra-1 sshd[18481]: Disconnected from invalid user user2 192.174.125.154 port 52737 [preauth]","@timestamp":"2022-09-15T13:27:57.385Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:59 honeypot-fra-1 sshd[18487]: Invalid user user from 192.174.125.154 port 5409","@timestamp":"2022-09-15T13:28:00.387Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:01 honeypot-fra-1 sshd[18491]: Received disconnect from 192.174.125.154 port 16097:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:02.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:03 honeypot-fra-1 sshd[18495]: Received disconnect from 192.174.125.154 port 26433:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:04.390Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:05 honeypot-fra-1 sshd[18499]: Disconnected from authenticating user root 192.174.125.154 port 36705 [preauth]","@timestamp":"2022-09-15T13:28:06.391Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:07 honeypot-fra-1 sshd[18503]: Disconnected from invalid user user 192.174.125.154 port 47457 [preauth]","@timestamp":"2022-09-15T13:28:08.392Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:10 honeypot-fra-1 sshd[18509]: Invalid user admin from 192.174.125.154 port 63361","@timestamp":"2022-09-15T13:28:11.394Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:12 honeypot-fra-1 sshd[18513]: Invalid user user2 from 192.174.125.154 port 11489","@timestamp":"2022-09-15T13:28:13.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:14 honeypot-fra-1 sshd[18517]: Received disconnect from 192.174.125.154 port 21889:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:15.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:16 honeypot-fra-1 sshd[18521]: Received disconnect from 192.174.125.154 port 32481:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:17.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:18 honeypot-fra-1 sshd[18525]: Disconnected from invalid user admin 192.174.125.154 port 43201 [preauth]","@timestamp":"2022-09-15T13:28:19.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:20 honeypot-fra-1 sshd[18529]: Disconnected from invalid user user2 192.174.125.154 port 54305 [preauth]","@timestamp":"2022-09-15T13:28:21.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:23 honeypot-fra-1 sshd[18535]: Invalid user user from 192.174.125.154 port 6945","@timestamp":"2022-09-15T13:28:23.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:25 honeypot-fra-1 sshd[18539]: Received disconnect from 192.174.125.154 port 17730:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:25.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:27 honeypot-fra-1 sshd[18543]: Received disconnect from 192.174.125.154 port 28545:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:27.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:29 honeypot-fra-1 sshd[18547]: Disconnected from authenticating user root 192.174.125.154 port 39009 [preauth]","@timestamp":"2022-09-15T13:28:29.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:31 honeypot-fra-1 sshd[18551]: Disconnected from invalid user user 192.174.125.154 port 50209 [preauth]","@timestamp":"2022-09-15T13:28:31.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:33 honeypot-fra-1 sshd[18557]: Invalid user admin from 192.174.125.154 port 4097","@timestamp":"2022-09-15T13:28:34.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:35 honeypot-fra-1 sshd[18561]: Invalid user user2 from 192.174.125.154 port 15041","@timestamp":"2022-09-15T13:28:36.413Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:37 honeypot-fra-1 sshd[18565]: Received disconnect from 192.174.125.154 port 25921:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:38.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:39 honeypot-fra-1 sshd[18569]: Received disconnect from 192.174.125.154 port 36930:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:40.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:41 honeypot-fra-1 sshd[18573]: Disconnected from invalid user admin 192.174.125.154 port 48545 [preauth]","@timestamp":"2022-09-15T13:28:42.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:50 honeypot-fra-1 sshd[18577]: Disconnected from invalid user user2 192.174.125.154 port 36769 [preauth]","@timestamp":"2022-09-15T13:28:51.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:53 honeypot-fra-1 sshd[18583]: Invalid user user from 192.174.125.154 port 53634","@timestamp":"2022-09-15T13:28:54.423Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:55 honeypot-fra-1 sshd[18587]: Received disconnect from 192.174.125.154 port 2081:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:56.424Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:57 honeypot-fra-1 sshd[18591]: Received disconnect from 192.174.125.154 port 13057:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:58.426Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:59 honeypot-fra-1 sshd[18595]: Disconnected from authenticating user root 192.174.125.154 port 24385 [preauth]","@timestamp":"2022-09-15T13:29:00.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:01 honeypot-fra-1 sshd[18599]: Disconnected from invalid user user 192.174.125.154 port 35617 [preauth]","@timestamp":"2022-09-15T13:29:02.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:04 honeypot-fra-1 sshd[18605]: Invalid user admin from 192.174.125.154 port 52929","@timestamp":"2022-09-15T13:29:05.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:06 honeypot-fra-1 sshd[18609]: Invalid user user2 from 192.174.125.154 port 64289","@timestamp":"2022-09-15T13:29:07.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:08 honeypot-fra-1 sshd[18613]: Received disconnect from 192.174.125.154 port 12769:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:09.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:10 honeypot-fra-1 sshd[18617]: Received disconnect from 192.174.125.154 port 23905:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:11.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:12 honeypot-fra-1 sshd[18621]: Disconnected from invalid user admin 192.174.125.154 port 35201 [preauth]","@timestamp":"2022-09-15T13:29:13.437Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:14 honeypot-fra-1 sshd[18625]: Disconnected from invalid user user2 192.174.125.154 port 46529 [preauth]","@timestamp":"2022-09-15T13:29:15.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:17 honeypot-fra-1 sshd[18631]: Invalid user user from 192.174.125.154 port 63265","@timestamp":"2022-09-15T13:29:17.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:18 honeypot-fra-1 sshd[18633]: Disconnected from invalid user user2 192.174.125.154 port 5921 [preauth]","@timestamp":"2022-09-15T13:29:19.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:21 honeypot-fra-1 sshd[18639]: Invalid user user from 192.174.125.154 port 22689","@timestamp":"2022-09-15T13:29:21.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:23 honeypot-fra-1 sshd[18643]: Received disconnect from 192.174.125.154 port 33313:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:23.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:25 honeypot-fra-1 sshd[18647]: Received disconnect from 192.174.125.154 port 44577:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:25.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:27 honeypot-fra-1 sshd[18651]: Disconnected from authenticating user root 192.174.125.154 port 56161 [preauth]","@timestamp":"2022-09-15T13:29:27.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:29 honeypot-fra-1 sshd[18655]: Disconnected from invalid user user 192.174.125.154 port 5377 [preauth]","@timestamp":"2022-09-15T13:29:29.448Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:31 honeypot-fra-1 sshd[18661]: Invalid user admin from 192.174.125.154 port 23841","@timestamp":"2022-09-15T13:29:32.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:33 honeypot-fra-1 sshd[18665]: Invalid user user2 from 192.174.125.154 port 34562","@timestamp":"2022-09-15T13:29:34.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:35 honeypot-fra-1 sshd[18669]: Received disconnect from 192.174.125.154 port 45409:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:36.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:37 honeypot-fra-1 sshd[18673]: Received disconnect from 192.174.125.154 port 56993:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:38.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:39 honeypot-fra-1 sshd[18677]: Disconnected from invalid user admin 192.174.125.154 port 5857 [preauth]","@timestamp":"2022-09-15T13:29:40.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:41 honeypot-fra-1 sshd[18681]: Disconnected from invalid user user2 192.174.125.154 port 17506 [preauth]","@timestamp":"2022-09-15T13:29:42.456Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:44 honeypot-fra-1 sshd[18687]: Invalid user user from 192.174.125.154 port 34113","@timestamp":"2022-09-15T13:29:45.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:46 honeypot-fra-1 sshd[18691]: Received disconnect from 192.174.125.154 port 45217:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:47.460Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:48 honeypot-fra-1 sshd[18695]: Received disconnect from 192.174.125.154 port 56545:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:49.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:50 honeypot-fra-1 sshd[18699]: Disconnected from authenticating user root 192.174.125.154 port 4929 [preauth]","@timestamp":"2022-09-15T13:29:51.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:52 honeypot-fra-1 sshd[18703]: Disconnected from invalid user user 192.174.125.154 port 16033 [preauth]","@timestamp":"2022-09-15T13:29:53.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:55 honeypot-fra-1 sshd[18709]: Invalid user admin from 192.174.125.154 port 32897","@timestamp":"2022-09-15T13:29:56.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:57 honeypot-fra-1 sshd[18713]: Invalid user user2 from 192.174.125.154 port 44033","@timestamp":"2022-09-15T13:29:58.468Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:59 honeypot-fra-1 sshd[18717]: Received disconnect from 192.174.125.154 port 55457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:00.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:01 honeypot-fra-1 sshd[18721]: Received disconnect from 192.174.125.154 port 3457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:02.471Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:03 honeypot-fra-1 sshd[18725]: Disconnected from invalid user admin 192.174.125.154 port 14754 [preauth]","@timestamp":"2022-09-15T13:30:04.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:05 honeypot-fra-1 sshd[18729]: Disconnected from invalid user user2 192.174.125.154 port 26049 [preauth]","@timestamp":"2022-09-15T13:30:06.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:08 honeypot-fra-1 sshd[18735]: Invalid user user from 192.174.125.154 port 43169","@timestamp":"2022-09-15T13:30:08.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:10 honeypot-fra-1 sshd[18739]: Received disconnect from 192.174.125.154 port 54817:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:11.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:12 honeypot-fra-1 sshd[18743]: Received disconnect from 192.174.125.154 port 2273:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:12.477Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:14 honeypot-fra-1 sshd[18747]: Disconnected from authenticating user root 192.174.125.154 port 12993 [preauth]","@timestamp":"2022-09-15T13:30:14.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:16 honeypot-fra-1 sshd[18751]: Disconnected from invalid user user 192.174.125.154 port 23297 [preauth]","@timestamp":"2022-09-15T13:30:16.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:19 honeypot-fra-1 sshd[18757]: Invalid user admin from 192.174.125.154 port 40226","@timestamp":"2022-09-15T13:30:19.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:21 honeypot-fra-1 sshd[18761]: Invalid user user2 from 192.174.125.154 port 51649","@timestamp":"2022-09-15T13:30:21.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:23 honeypot-fra-1 sshd[18765]: Received disconnect from 192.174.125.154 port 63169:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:23.485Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:25 honeypot-fra-1 sshd[18769]: Received disconnect from 192.174.125.154 port 11745:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:25.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:27 honeypot-fra-1 sshd[18773]: Disconnected from invalid user admin 192.174.125.154 port 22049 [preauth]","@timestamp":"2022-09-15T13:30:27.488Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:29 honeypot-fra-1 sshd[18777]: Disconnected from invalid user user2 192.174.125.154 port 33249 [preauth]","@timestamp":"2022-09-15T13:30:29.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:31 honeypot-fra-1 sshd[18783]: Invalid user user from 192.174.125.154 port 49633","@timestamp":"2022-09-15T13:30:32.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:34 honeypot-fra-1 sshd[18787]: Received disconnect from 192.174.125.154 port 60769:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:34.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:36 honeypot-fra-1 sshd[18791]: Received disconnect from 192.174.125.154 port 8705:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:36.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:38 honeypot-fra-1 sshd[18795]: Disconnected from authenticating user root 192.174.125.154 port 20161 [preauth]","@timestamp":"2022-09-15T13:30:38.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:40 honeypot-fra-1 sshd[18799]: Disconnected from invalid user user 192.174.125.154 port 31329 [preauth]","@timestamp":"2022-09-15T13:30:40.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:42 honeypot-fra-1 sshd[18805]: Invalid user admin from 192.174.125.154 port 49377","@timestamp":"2022-09-15T13:30:43.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:44 honeypot-fra-1 sshd[18809]: Invalid user user2 from 192.174.125.154 port 61121","@timestamp":"2022-09-15T13:30:45.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:46 honeypot-fra-1 sshd[18813]: Received disconnect from 192.174.125.154 port 9441:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:47.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:49 honeypot-fra-1 sshd[18817]: Received disconnect from 192.174.125.154 port 20897:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:49.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:51 honeypot-fra-1 sshd[18821]: Disconnected from invalid user admin 192.174.125.154 port 31905 [preauth]","@timestamp":"2022-09-15T13:30:51.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:52 honeypot-fra-1 sshd[18825]: Disconnected from invalid user user2 192.174.125.154 port 43009 [preauth]","@timestamp":"2022-09-15T13:30:53.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:55 honeypot-fra-1 sshd[18831]: Invalid user user from 192.174.125.154 port 59105","@timestamp":"2022-09-15T13:30:56.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:57 honeypot-fra-1 sshd[18835]: Received disconnect from 192.174.125.154 port 6849:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:58.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:59 honeypot-fra-1 sshd[18839]: Received disconnect from 192.174.125.154 port 18369:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:00.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:01 honeypot-fra-1 sshd[18843]: Disconnected from authenticating user root 192.174.125.154 port 28705 [preauth]","@timestamp":"2022-09-15T13:31:02.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:03 honeypot-fra-1 sshd[18847]: Disconnected from invalid user user 192.174.125.154 port 39585 [preauth]","@timestamp":"2022-09-15T13:31:04.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:06 honeypot-fra-1 sshd[18854]: Invalid user admin from 192.174.125.154 port 56545","@timestamp":"2022-09-15T13:31:06.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:08 honeypot-fra-1 sshd[18858]: Invalid user user2 from 192.174.125.154 port 4481","@timestamp":"2022-09-15T13:31:08.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:10 honeypot-fra-1 sshd[18862]: Received disconnect from 192.174.125.154 port 15905:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:10.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:31:52.096Z","@version":"1","message":"Sep 15 13:31:51 honeypot-sgp-1 sshd[21764]: Disconnected from authenticating user root 62.204.41.222 port 47131 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:35:22 honeypot-ams-1 sshd[28354]: Disconnected from authenticating user root 61.177.173.53 port 26777 [preauth]","@timestamp":"2022-09-15T13:35:23.238Z"}
{"@timestamp":"2022-09-15T13:35:52.199Z","@version":"1","message":"Sep 15 13:35:51 honeypot-sgp-1 kernel: [84125058.448335] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.26.204 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=33148 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:36:24 honeypot-fra-1 sshd[18866]: Disconnected from invalid user deploy 188.166.247.82 port 44214 [preauth]","@timestamp":"2022-09-15T13:36:24.640Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:39:03 honeypot-fra-1 sshd[18872]: Invalid user steam from 92.255.85.69 port 37708","@timestamp":"2022-09-15T13:39:03.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:24 honeypot-fra-1 sshd[18877]: Invalid user user from 45.61.184.204 port 42596","@timestamp":"2022-09-15T13:40:25.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:43 honeypot-fra-1 sshd[18881]: Invalid user user from 45.61.184.204 port 37418","@timestamp":"2022-09-15T13:40:43.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:53 honeypot-fra-1 sshd[18885]: Disconnected from invalid user user 45.61.184.204 port 48868 [preauth]","@timestamp":"2022-09-15T13:40:53.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:11 honeypot-fra-1 sshd[18889]: Disconnected from invalid user user 45.61.184.204 port 43636 [preauth]","@timestamp":"2022-09-15T13:41:11.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:42:42.370Z","@version":"1","message":"Sep 15 13:42:42 honeypot-sgp-1 sshd[22216]: Received disconnect from 92.255.85.69 port 45324:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:49:33 honeypot-ams-1 sshd[28366]: Disconnected from invalid user user1 92.255.85.70 port 49804 [preauth]","@timestamp":"2022-09-15T13:49:34.624Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:50:49 honeypot-fra-1 sshd[18894]: Received disconnect from 165.22.45.108 port 52582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:50:50.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:55:29 honeypot-fra-1 sshd[18899]: Invalid user admin from 165.22.100.115 port 54582","@timestamp":"2022-09-15T13:55:30.091Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:59:22 honeypot-fra-1 sshd[18903]: Received disconnect from 188.166.39.184 port 36162:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:59:22.178Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:35 honeypot-ams-1 sshd[28377]: Received disconnect from 198.98.61.9 port 46044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:00:35.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:53 honeypot-ams-1 sshd[28381]: Received disconnect from 198.98.61.9 port 40798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:00:53.922Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:09 honeypot-ams-1 sshd[28385]: Received disconnect from 198.98.61.9 port 35656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:01:09.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:24 honeypot-ams-1 sshd[28389]: Received disconnect from 198.98.61.9 port 58532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:01:24.944Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:06:51 honeypot-ams-1 sshd[28396]: Received disconnect from 61.177.173.35 port 11813:11:  [preauth]","@timestamp":"2022-09-15T14:06:52.091Z"}
{"@timestamp":"2022-09-15T14:07:46.992Z","@version":"1","message":"Sep 15 14:07:46 honeypot-sgp-1 sshd[22220]: Disconnected from invalid user admin 92.255.85.69 port 15380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:35 honeypot-ams-1 sshd[28401]: Invalid user user from 198.98.61.9 port 56854","@timestamp":"2022-09-15T14:10:36.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:53 honeypot-ams-1 sshd[28406]: Invalid user user from 198.98.61.9 port 51970","@timestamp":"2022-09-15T14:10:54.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:10 honeypot-ams-1 sshd[28410]: Invalid user user from 198.98.61.9 port 47082","@timestamp":"2022-09-15T14:11:11.208Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:11:50 honeypot-ams-1 kernel: [84127692.263811] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=55139 PROTO=TCP SPT=50906 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:11:50.227Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:33 honeypot-ams-1 sshd[28420]: Disconnected from invalid user admin 92.255.85.69 port 33568 [preauth]","@timestamp":"2022-09-15T14:14:34.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:47 honeypot-ams-1 sshd[28426]: Connection closed by invalid user admin 216.52.136.77 port 26762 [preauth]","@timestamp":"2022-09-15T14:14:48.313Z"}
{"@timestamp":"2022-09-15T14:17:02.226Z","@version":"1","message":"Sep 15 14:17:01 honeypot-sgp-1 CRON[22225]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:17:01 honeypot-fra-1 CRON[18909]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T14:17:01.594Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:18:57 honeypot-ams-1 kernel: [84128119.919802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.170.3 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53627 PROTO=TCP SPT=50649 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:18:58.420Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:20:33 honeypot-fra-1 sshd[18914]: Received disconnect from 92.255.85.69 port 58456:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:20:33.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:24:46 honeypot-ams-1 sshd[28442]: Received disconnect from 61.177.172.90 port 17161:11:  [preauth]","@timestamp":"2022-09-15T14:24:47.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:25:52 honeypot-fra-1 kernel: [84126369.726032] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.91.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=37558 PROTO=TCP SPT=34908 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:25:53.804Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:30:22 honeypot-ams-1 kernel: [84128804.748820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=43849 PROTO=TCP SPT=52202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:30:22.717Z"}
{"@timestamp":"2022-09-15T14:31:10.575Z","@version":"1","message":"Sep 15 14:31:10 honeypot-sgp-1 sshd[22231]: Received disconnect from 45.61.186.249 port 46062:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:30.584Z","@version":"1","message":"Sep 15 14:31:29 honeypot-sgp-1 sshd[22235]: Received disconnect from 45.61.186.249 port 40570:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:50.595Z","@version":"1","message":"Sep 15 14:31:49 honeypot-sgp-1 sshd[22239]: Received disconnect from 45.61.186.249 port 35074:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:32:04.603Z","@version":"1","message":"Sep 15 14:32:04 honeypot-sgp-1 sshd[22243]: Invalid user admin from 92.255.85.69 port 58054","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:32:53.624Z","@version":"1","message":"Sep 15 14:32:53 honeypot-sgp-1 sshd[22247]: Received disconnect from 43.154.17.218 port 47410:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:41:04 honeypot-fra-1 sshd[18921]: Disconnected from invalid user admin 206.189.138.174 port 44220 [preauth]","@timestamp":"2022-09-15T14:41:04.144Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:42:26 honeypot-ams-1 kernel: [84129529.007441] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.129.188.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=37257 PROTO=TCP SPT=55656 DPT=443 WINDOW=35485 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:42:27.041Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:43:33 honeypot-fra-1 sshd[18925]: Disconnected from invalid user admin 92.255.85.69 port 47182 [preauth]","@timestamp":"2022-09-15T14:43:34.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:44:56 honeypot-ams-1 sshd[28467]: Received disconnect from 138.68.230.183 port 41814:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:44:57.108Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:48:48 honeypot-ams-1 sshd[28475]: Received disconnect from 61.177.173.51 port 37490:11:  [preauth]","@timestamp":"2022-09-15T14:48:49.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:48:49 honeypot-fra-1 sshd[18930]: Disconnected from authenticating user root 190.12.102.58 port 53038 [preauth]","@timestamp":"2022-09-15T14:48:50.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:51:49 honeypot-fra-1 sshd[18937]: Connection closed by invalid user yanhao 103.188.176.251 port 56152 [preauth]","@timestamp":"2022-09-15T14:51:50.391Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:52:23.101Z","@version":"1","message":"Sep 15 14:52:22 honeypot-sgp-1 sshd[22254]: Invalid user test from 179.60.147.69 port 2040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:52:34 honeypot-ams-1 sshd[28480]: Received disconnect from 206.81.0.243 port 57598:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:52:35.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:53:28 honeypot-fra-1 sshd[18943]: Received disconnect from 157.245.9.6 port 52660:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:53:28.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:54:12.150Z","@version":"1","message":"Sep 15 14:54:11 honeypot-sgp-1 sshd[22259]: Disconnected from invalid user admin 190.104.245.41 port 62078 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:56:41 honeypot-ams-1 kernel: [84130383.963692] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=14922 DF PROTO=TCP SPT=45230 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:56:42.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:58:21 honeypot-fra-1 sshd[18946]: Invalid user documenti-per-aprire-un-impresa-sicurezza-sul-lavoro from 141.98.10.158 port 52208","@timestamp":"2022-09-15T14:58:22.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18956]: Invalid user elasticsearch from 137.184.77.246 port 54514","@timestamp":"2022-09-15T15:01:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18950]: Connection closed by invalid user user 137.184.77.246 port 54508 [preauth]","@timestamp":"2022-09-15T15:01:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18967]: Invalid user mc from 137.184.77.246 port 54574","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18994]: Invalid user es from 137.184.77.246 port 54578","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18973]: Connection closed by invalid user test 137.184.77.246 port 54590 [preauth]","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18953]: Connection closed by authenticating user root 137.184.77.246 port 54528 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18962]: Connection closed by invalid user chia 137.184.77.246 port 54564 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18958]: Connection closed by invalid user pi 137.184.77.246 port 54562 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18992]: Connection closed by invalid user es 137.184.77.246 port 54516 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:03:12.371Z","@version":"1","message":"Sep 15 15:03:11 honeypot-sgp-1 kernel: [84130298.945027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=10340 PROTO=TCP SPT=54004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:03:45 honeypot-ams-1 sshd[28496]: Received disconnect from 92.255.85.70 port 35726:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:03:45.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:06:09 honeypot-fra-1 sshd[19010]: Disconnected from authenticating user root 182.72.142.62 port 38832 [preauth]","@timestamp":"2022-09-15T15:06:09.729Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:07:32 honeypot-ams-1 sshd[28502]: Received disconnect from 61.177.173.49 port 41648:11:  [preauth]","@timestamp":"2022-09-15T15:07:32.711Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:10:55 honeypot-fra-1 kernel: [84129072.223554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57961 PROTO=TCP SPT=54004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:10:55.837Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:17:01 honeypot-ams-1 CRON[28506]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T15:17:01.954Z"}
{"@timestamp":"2022-09-15T15:18:43.743Z","@version":"1","message":"Sep 15 15:18:43 honeypot-sgp-1 sshd[22274]: Invalid user admin from 92.255.85.70 port 39252","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:20:27 honeypot-fra-1 kernel: [84129643.740287] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3450 PROTO=TCP SPT=55076 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:20:27.051Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:21:45 honeypot-ams-1 kernel: [84131887.241906] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=35407 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:21:46.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:28:23 honeypot-ams-1 sshd[28523]: Received disconnect from 92.255.85.69 port 48916:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:28:24.249Z"}
{"@timestamp":"2022-09-15T15:30:13.021Z","@version":"1","message":"Sep 15 15:30:12 honeypot-sgp-1 sshd[22280]: Received disconnect from 179.43.156.143 port 50482:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:31:19.053Z","@version":"1","message":"Sep 15 15:31:18 honeypot-sgp-1 sshd[22287]: Received disconnect from 179.43.156.143 port 43666:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:32:55.094Z","@version":"1","message":"Sep 15 15:32:54 honeypot-sgp-1 sshd[22294]: Received disconnect from 179.43.156.143 port 33442:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:34:00.123Z","@version":"1","message":"Sep 15 15:33:59 honeypot-sgp-1 sshd[22299]: Received disconnect from 179.43.156.143 port 54970:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:01 honeypot-fra-1 sshd[19026]: Disconnected from invalid user user 45.61.186.169 port 57164 [preauth]","@timestamp":"2022-09-15T15:34:02.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:19 honeypot-fra-1 sshd[19030]: Disconnected from invalid user user 45.61.186.169 port 51396 [preauth]","@timestamp":"2022-09-15T15:34:20.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:33 honeypot-fra-1 sshd[19034]: Disconnected from invalid user admin 92.255.85.70 port 28008 [preauth]","@timestamp":"2022-09-15T15:34:33.371Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:34:40 honeypot-ams-1 sshd[28528]: Disconnected from authenticating user root 115.66.54.52 port 51126 [preauth]","@timestamp":"2022-09-15T15:34:40.411Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:43 honeypot-fra-1 sshd[19038]: Disconnected from invalid user user 45.61.186.169 port 56870 [preauth]","@timestamp":"2022-09-15T15:34:44.376Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:35:03.152Z","@version":"1","message":"Sep 15 15:35:03 honeypot-sgp-1 sshd[22303]: Disconnected from authenticating user root 179.43.156.143 port 48180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:35:33 honeypot-fra-1 sshd[19042]: Disconnected from invalid user lbruce 165.22.45.108 port 34428 [preauth]","@timestamp":"2022-09-15T15:35:34.397Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:36:34 honeypot-ams-1 kernel: [84132776.617597] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=131 ID=45093 PROTO=TCP SPT=46117 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:36:35.465Z"}
{"@timestamp":"2022-09-15T15:36:42.196Z","@version":"1","message":"Sep 15 15:36:41 honeypot-sgp-1 sshd[22309]: Disconnected from authenticating user root 179.43.156.143 port 38004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:37:53.228Z","@version":"1","message":"Sep 15 15:37:52 honeypot-sgp-1 sshd[22316]: Disconnected from authenticating user root 179.43.156.143 port 59472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:40:08 honeypot-fra-1 sshd[19047]: Disconnected from invalid user admin 191.7.28.155 port 37750 [preauth]","@timestamp":"2022-09-15T15:40:08.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:41:35 honeypot-ams-1 sshd[28539]: Received disconnect from 61.177.172.90 port 11793:11:  [preauth]","@timestamp":"2022-09-15T15:41:35.590Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:45:45 honeypot-fra-1 sshd[19056]: Received disconnect from 178.128.22.123 port 42064:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:45:46.631Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:49:55 honeypot-ams-1 sshd[28546]: Disconnected from authenticating user root 211.253.9.49 port 56969 [preauth]","@timestamp":"2022-09-15T15:49:56.801Z"}
{"@timestamp":"2022-09-15T15:52:21.584Z","@version":"1","message":"Sep 15 15:52:21 honeypot-sgp-1 sshd[22320]: Received disconnect from 117.131.215.49 port 55374:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:54:21 honeypot-ams-1 kernel: [84133843.897054] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41873 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:54:21.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:58:26 honeypot-fra-1 kernel: [84131923.046355] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=12104 PROTO=TCP SPT=54001 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:58:26.918Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:01:48 honeypot-ams-1 sshd[28568]: Received disconnect from 128.199.87.28 port 45686:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:01:49.109Z"}
{"@timestamp":"2022-09-15T16:02:54.841Z","@version":"1","message":"Sep 15 16:02:53 honeypot-sgp-1 sshd[22325]: Received disconnect from 92.255.85.69 port 62674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:05:15 honeypot-fra-1 sshd[19083]: Received disconnect from 152.89.198.129 port 25225:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-15T16:05:16.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:07:07.947Z","@version":"1","message":"Sep 15 16:07:06 honeypot-sgp-1 kernel: [84134134.038214] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4433 PROTO=TCP SPT=57947 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T16:11:02.046Z","@version":"1","message":"Sep 15 16:11:01 honeypot-sgp-1 sshd[22335]: Connection closed by invalid user user 179.60.147.69 port 7050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:11:01 honeypot-fra-1 kernel: [84132677.949198] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=34379 DF PROTO=TCP SPT=40164 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:11:02.209Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:14:41 honeypot-ams-1 sshd[28573]: Invalid user user from 179.60.147.69 port 55226","@timestamp":"2022-09-15T16:14:42.475Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:17:01 honeypot-fra-1 CRON[19091]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T16:17:01.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:17:01 honeypot-ams-1 CRON[28578]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T16:17:02.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:19:17 honeypot-fra-1 sshd[19094]: Disconnected from invalid user intaller 144.34.164.27 port 48506 [preauth]","@timestamp":"2022-09-15T16:19:18.399Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:21:25.322Z","@version":"1","message":"Sep 15 16:21:25 honeypot-sgp-1 sshd[22343]: Disconnected from authenticating user root 103.253.175.10 port 35270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:22:52 honeypot-fra-1 sshd[19101]: Received disconnect from 69.250.26.126 port 34708:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:22:53.504Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:23:17.368Z","@version":"1","message":"Sep 15 16:23:17 honeypot-sgp-1 sshd[22348]: Disconnected from invalid user admin 125.212.237.41 port 45544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:23:20 honeypot-fra-1 sshd[19105]: Disconnected from invalid user 02 92.255.85.70 port 40946 [preauth]","@timestamp":"2022-09-15T16:23:21.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:26:37 honeypot-fra-1 kernel: [84133614.458572] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.255.233.36 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45076 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:26:38.592Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:28:46 honeypot-ams-1 kernel: [84135908.419478] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.117.17.214 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55844 DF PROTO=TCP SPT=50762 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:28:46.850Z"}
{"@timestamp":"2022-09-15T16:30:00.531Z","@version":"1","message":"Sep 15 16:29:59 honeypot-sgp-1 sshd[22353]: Disconnected from authenticating user root 61.177.172.90 port 44051 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:33:08 honeypot-fra-1 kernel: [84134004.961798] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34509 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:33:08.755Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:34:45 honeypot-ams-1 sshd[28585]: Disconnected from invalid user ubnt 92.255.85.70 port 17288 [preauth]","@timestamp":"2022-09-15T16:34:46.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:41:00 honeypot-fra-1 sshd[19128]: Did not receive identification string from 45.147.178.14 port 61000","@timestamp":"2022-09-15T16:41:00.933Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:42:24 honeypot-ams-1 sshd[28592]: Received disconnect from 62.204.41.222 port 30433:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-15T16:42:25.222Z"}
{"@timestamp":"2022-09-15T16:44:02.868Z","@version":"1","message":"Sep 15 16:44:02 honeypot-sgp-1 sshd[22363]: Disconnected from authenticating user root 61.177.173.47 port 20223 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:46:05 honeypot-ams-1 kernel: [84136947.171882] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.24 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=197 PROTO=TCP SPT=55719 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:46:05.319Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:39 honeypot-fra-1 sshd[19135]: Received disconnect from 45.61.186.169 port 43888:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:46:40.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:47 honeypot-fra-1 sshd[19139]: Disconnected from authenticating user root 61.177.173.50 port 45465 [preauth]","@timestamp":"2022-09-15T16:46:48.068Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:59 honeypot-fra-1 sshd[19143]: Disconnected from invalid user user 45.61.186.169 port 38484 [preauth]","@timestamp":"2022-09-15T16:47:00.074Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:17 honeypot-fra-1 sshd[19148]: Received disconnect from 45.61.186.169 port 33094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:47:18.083Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:34 honeypot-fra-1 sshd[19152]: Received disconnect from 45.61.186.169 port 55932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:47:35.092Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:51:41.058Z","@version":"1","message":"Sep 15 16:51:40 honeypot-sgp-1 sshd[22372]: Received disconnect from 92.255.85.69 port 57406:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:51:57 honeypot-fra-1 sshd[19162]: Received disconnect from 61.177.173.37 port 28325:11:  [preauth]","@timestamp":"2022-09-15T16:51:58.192Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:29 honeypot-ams-1 sshd[28601]: Received disconnect from 45.61.186.169 port 43786:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:54:29.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:48 honeypot-ams-1 sshd[28605]: Received disconnect from 45.61.186.169 port 38744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:54:48.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:04 honeypot-ams-1 sshd[28609]: Received disconnect from 106.51.37.85 port 52892:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:55:05.550Z"}
{"@timestamp":"2022-09-15T16:55:07.143Z","@version":"1","message":"Sep 15 16:55:06 honeypot-sgp-1 kernel: [84137013.159377] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=41404 PROTO=TCP SPT=43101 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:14 honeypot-ams-1 sshd[28613]: Received disconnect from 45.61.186.169 port 45302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:55:15.556Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:57:09 honeypot-ams-1 kernel: [84137611.223488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=194.26.29.86 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=34499 PROTO=TCP SPT=50082 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:57:09.606Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:58:39 honeypot-fra-1 sshd[19169]: Did not receive identification string from 179.43.156.143 port 42686","@timestamp":"2022-09-15T16:58:40.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:45 honeypot-ams-1 sshd[28620]: Disconnected from invalid user gitlab 123.142.3.137 port 34976 [preauth]","@timestamp":"2022-09-15T16:59:45.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:00:32 honeypot-fra-1 sshd[19174]: Received disconnect from 179.43.156.143 port 37188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:00:33.390Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:02:10 honeypot-fra-1 sshd[19180]: Received disconnect from 179.43.156.143 port 54526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:02:11.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:02:43 honeypot-fra-1 sshd[19184]: Received disconnect from 179.43.156.143 port 50894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:02:44.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:03:51 honeypot-fra-1 sshd[19189]: Invalid user nfsnobod from 179.43.156.143 port 43678","@timestamp":"2022-09-15T17:03:51.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:04:02 honeypot-ams-1 sshd[28627]: Invalid user admin from 103.101.125.37 port 52032","@timestamp":"2022-09-15T17:04:02.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:05:00 honeypot-fra-1 sshd[19193]: Disconnected from authenticating user root 179.43.156.143 port 36340 [preauth]","@timestamp":"2022-09-15T17:05:00.504Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:05:42.401Z","@version":"1","message":"Sep 15 17:05:42 honeypot-sgp-1 sshd[22385]: Received disconnect from 61.177.173.52 port 12441:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:05:46 honeypot-fra-1 sshd[19199]: Invalid user tomcat from 193.106.191.157 port 44324","@timestamp":"2022-09-15T17:05:46.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:06:53 honeypot-fra-1 sshd[19205]: Invalid user pubsub from 180.180.123.207 port 51872","@timestamp":"2022-09-15T17:06:54.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:07:49 honeypot-fra-1 sshd[19209]: Received disconnect from 117.2.161.45 port 49242:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:07:49.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:09:01 honeypot-fra-1 CRON[19214]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T17:09:01.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:09:01 honeypot-ams-1 CRON[28630]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T17:09:01.914Z"}
{"@timestamp":"2022-09-15T17:10:37.520Z","@version":"1","message":"Sep 15 17:10:36 honeypot-sgp-1 sshd[22393]: Received disconnect from 40.114.69.14 port 43952:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:12:51 honeypot-fra-1 sshd[19219]: Did not receive identification string from 61.81.70.227 port 7083","@timestamp":"2022-09-15T17:12:51.715Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:14:35 honeypot-fra-1 kernel: [84136492.134823] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=62.8.79.2 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=15970 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:14:35.754Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T17:16:12.657Z","@version":"1","message":"Sep 15 17:16:12 honeypot-sgp-1 sshd[22398]: Invalid user kevin from 92.255.85.69 port 53856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:17:12 honeypot-ams-1 sshd[28639]: Invalid user test5 from 208.109.32.171 port 47282","@timestamp":"2022-09-15T17:17:13.127Z"}
{"@timestamp":"2022-09-15T17:19:52.748Z","@version":"1","message":"Sep 15 17:19:51 honeypot-sgp-1 sshd[22404]: Did not receive identification string from 45.61.186.169 port 55594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:27.765Z","@version":"1","message":"Sep 15 17:20:27 honeypot-sgp-1 sshd[22408]: Disconnected from invalid user user 45.61.186.169 port 52876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:45.774Z","@version":"1","message":"Sep 15 17:20:45 honeypot-sgp-1 sshd[22413]: Invalid user user from 45.61.186.169 port 47558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:21:01.782Z","@version":"1","message":"Sep 15 17:21:01 honeypot-sgp-1 sshd[22417]: Invalid user user from 45.61.186.169 port 42256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:21:37 honeypot-fra-1 sshd[19235]: Bad protocol version identification '\\003' from 92.255.85.183 port 61853","@timestamp":"2022-09-15T17:21:37.909Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:22:07 honeypot-ams-1 sshd[28643]: Connection closed by invalid user tomcat 193.106.191.157 port 45442 [preauth]","@timestamp":"2022-09-15T17:22:08.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:23:21 honeypot-ams-1 sshd[28651]: Received disconnect from 92.255.85.69 port 61148:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:23:21.291Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:24:44 honeypot-ams-1 kernel: [84139266.783905] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=129 ID=50900 PROTO=TCP SPT=49876 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:24:45.328Z"}
{"@timestamp":"2022-09-15T17:24:47.875Z","@version":"1","message":"Sep 15 17:24:47 honeypot-sgp-1 sshd[22423]: Invalid user guest from 179.60.147.69 port 16510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:25:50 honeypot-fra-1 sshd[19240]: Disconnected from authenticating user root 61.177.173.46 port 24636 [preauth]","@timestamp":"2022-09-15T17:25:51.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:25:53 honeypot-ams-1 sshd[28657]: Disconnected from authenticating user root 192.3.253.15 port 58120 [preauth]","@timestamp":"2022-09-15T17:25:54.360Z"}
{"@timestamp":"2022-09-15T17:27:38.946Z","@version":"1","message":"Sep 15 17:27:38 honeypot-sgp-1 sshd[22429]: Invalid user ela from 181.84.108.242 port 57278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:29:00 honeypot-fra-1 sshd[19247]: Received disconnect from 61.177.173.36 port 28922:11:  [preauth]","@timestamp":"2022-09-15T17:29:01.082Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:30:06 honeypot-ams-1 sshd[28664]: Received disconnect from 52.237.203.60 port 41228:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:30:06.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:33:27 honeypot-fra-1 sshd[19252]: Received disconnect from 161.35.131.133 port 57612:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:33:28.183Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:33:52 honeypot-ams-1 sshd[28668]: Received disconnect from 49.146.253.11 port 25595:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:33:52.568Z"}
{"@timestamp":"2022-09-15T17:34:02.102Z","@version":"1","message":"Sep 15 17:34:02 honeypot-sgp-1 sshd[22438]: Received disconnect from 61.177.172.124 port 60630:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:35:27 honeypot-fra-1 sshd[19260]: Received disconnect from 61.177.172.98 port 31098:11:  [preauth]","@timestamp":"2022-09-15T17:35:27.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:40:29.258Z","@version":"1","message":"Sep 15 17:40:28 honeypot-sgp-1 sshd[22441]: Received disconnect from 92.255.85.70 port 23010:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:41:10 honeypot-fra-1 sshd[19282]: Received disconnect from 61.177.173.35 port 51799:11:  [preauth]","@timestamp":"2022-09-15T17:41:11.382Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:45:43 honeypot-ams-1 sshd[28674]: Invalid user cfs from 138.94.193.68 port 42304","@timestamp":"2022-09-15T17:45:43.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:47:51 honeypot-ams-1 sshd[28678]: Invalid user admin from 92.255.85.70 port 38402","@timestamp":"2022-09-15T17:47:51.927Z"}
{"@timestamp":"2022-09-15T17:49:11.466Z","@version":"1","message":"Sep 15 17:49:10 honeypot-sgp-1 sshd[22450]: Received disconnect from 61.177.173.51 port 21266:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:49:28 honeypot-fra-1 sshd[19287]: Disconnected from authenticating user root 61.177.173.51 port 25514 [preauth]","@timestamp":"2022-09-15T17:49:28.572Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:51:09 honeypot-ams-1 sshd[28684]: Received disconnect from 155.0.2.218 port 28368:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:51:10.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:52:44 honeypot-fra-1 sshd[19294]: Received disconnect from 61.177.173.35 port 43623:11:  [preauth]","@timestamp":"2022-09-15T17:52:44.648Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:16 honeypot-ams-1 sshd[28688]: Disconnected from invalid user user 198.98.61.9 port 46066 [preauth]","@timestamp":"2022-09-15T17:58:17.194Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:37 honeypot-ams-1 sshd[28692]: Disconnected from invalid user user 198.98.61.9 port 40860 [preauth]","@timestamp":"2022-09-15T17:58:38.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:55 honeypot-ams-1 sshd[28696]: Disconnected from invalid user user 198.98.61.9 port 35672 [preauth]","@timestamp":"2022-09-15T17:58:56.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:59:04 honeypot-fra-1 kernel: [84139161.144367] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.163.175.129 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63165 PROTO=TCP SPT=40265 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:59:04.793Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:59:11 honeypot-ams-1 sshd[28700]: Disconnected from invalid user user 198.98.61.9 port 58716 [preauth]","@timestamp":"2022-09-15T17:59:12.223Z"}
{"@timestamp":"2022-09-15T17:59:32.711Z","@version":"1","message":"Sep 15 17:59:32 honeypot-sgp-1 sshd[22460]: Did not receive identification string from 45.61.186.49 port 48638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:59:54.723Z","@version":"1","message":"Sep 15 17:59:54 honeypot-sgp-1 sshd[22463]: Received disconnect from 45.61.186.49 port 36070:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:00:04.729Z","@version":"1","message":"Sep 15 18:00:03 honeypot-sgp-1 sshd[22467]: Received disconnect from 45.61.186.49 port 47560:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:00:57.753Z","@version":"1","message":"Sep 15 18:00:57 honeypot-sgp-1 sshd[22469]: Connection closed by invalid user centos 179.60.147.69 port 23638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:02:06 honeypot-fra-1 sshd[19304]: Disconnected from invalid user guinness 197.155.234.157 port 39342 [preauth]","@timestamp":"2022-09-15T18:02:06.863Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:03:25.816Z","@version":"1","message":"Sep 15 18:03:24 honeypot-sgp-1 sshd[22473]: Disconnected from authenticating user root 61.177.173.36 port 48258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:05:41.872Z","@version":"1","message":"Sep 15 18:05:41 honeypot-sgp-1 sshd[22480]: Invalid user florian from 198.46.152.24 port 39138","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:08:14 honeypot-ams-1 kernel: [84141876.905994] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48943 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:08:15.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:09:39 honeypot-fra-1 kernel: [84139795.514974] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=168.63.40.51 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=7984 DF PROTO=TCP SPT=53868 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T18:09:40.038Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T18:15:23.102Z","@version":"1","message":"Sep 15 18:15:22 honeypot-sgp-1 sshd[22487]: Received disconnect from 61.177.172.98 port 64558:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:15:47 honeypot-fra-1 sshd[19319]: Received disconnect from 61.177.173.36 port 30102:11:  [preauth]","@timestamp":"2022-09-15T18:15:48.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:17:01 honeypot-fra-1 kernel: [84140237.851211] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=5214 PROTO=TCP SPT=45784 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:17:02.210Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T18:17:02.145Z","@version":"1","message":"Sep 15 18:17:01 honeypot-sgp-1 CRON[22491]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:17:01 honeypot-ams-1 CRON[28710]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T18:17:02.678Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:19:00 honeypot-fra-1 sshd[19328]: Received disconnect from 92.255.85.69 port 31914:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:19:01.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:22:41.282Z","@version":"1","message":"Sep 15 18:22:40 honeypot-sgp-1 sshd[22496]: Disconnected from invalid user nq 134.17.16.196 port 45551 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:25:23 honeypot-fra-1 kernel: [84140739.758637] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=59427 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:25:24.406Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T18:27:33.401Z","@version":"1","message":"Sep 15 18:27:32 honeypot-sgp-1 sshd[22500]: Disconnected from authenticating user root 61.177.173.49 port 56608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:29:44 honeypot-fra-1 sshd[19343]: Received disconnect from 61.177.172.124 port 14347:11:  [preauth]","@timestamp":"2022-09-15T18:29:44.506Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:31:28.515Z","@version":"1","message":"Sep 15 18:31:27 honeypot-sgp-1 sshd[22510]: Invalid user user from 198.98.61.9 port 49942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:31:49.526Z","@version":"1","message":"Sep 15 18:31:48 honeypot-sgp-1 sshd[22514]: Invalid user user from 198.98.61.9 port 44806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:32:14 honeypot-ams-1 sshd[28715]: Invalid user wpyan from 122.165.93.92 port 59612","@timestamp":"2022-09-15T18:32:15.069Z"}
{"@timestamp":"2022-09-15T18:32:15.539Z","@version":"1","message":"Sep 15 18:32:15 honeypot-sgp-1 sshd[22518]: Invalid user user from 198.98.61.9 port 39684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:31.547Z","@version":"1","message":"Sep 15 18:32:31 honeypot-sgp-1 sshd[22522]: Invalid user user from 198.98.61.9 port 34568","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:36:01 honeypot-ams-1 kernel: [84143543.692670] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.140.196.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=49654 PROTO=TCP SPT=7629 DPT=80 WINDOW=20117 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:36:02.170Z"}
{"@timestamp":"2022-09-15T18:37:06.658Z","@version":"1","message":"Sep 15 18:37:06 honeypot-sgp-1 sshd[22527]: Invalid user default from 179.60.147.69 port 62918","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:38:40 honeypot-fra-1 sshd[19350]: Disconnected from authenticating user root 61.177.173.37 port 50663 [preauth]","@timestamp":"2022-09-15T18:38:40.708Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:40:27 honeypot-ams-1 sshd[28725]: Connection closed by invalid user default 179.60.147.69 port 43354 [preauth]","@timestamp":"2022-09-15T18:40:28.287Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:30 honeypot-fra-1 sshd[19358]: Invalid user indian from 43.154.138.122 port 54624","@timestamp":"2022-09-15T18:42:30.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:41 honeypot-fra-1 sshd[19362]: Invalid user user from 198.98.61.9 port 36094","@timestamp":"2022-09-15T18:42:41.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:49 honeypot-fra-1 sshd[19366]: Invalid user user from 198.98.61.9 port 47654","@timestamp":"2022-09-15T18:42:50.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:05 honeypot-fra-1 sshd[19370]: Received disconnect from 61.177.172.124 port 59374:11:  [preauth]","@timestamp":"2022-09-15T18:43:05.815Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:18 honeypot-fra-1 sshd[19376]: Received disconnect from 198.98.61.9 port 53934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T18:43:18.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:46:36 honeypot-fra-1 sshd[19381]: Invalid user teste from 188.134.83.209 port 55286","@timestamp":"2022-09-15T18:46:37.916Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:47:41 honeypot-fra-1 sshd[19385]: Disconnected from authenticating user root 202.165.17.131 port 39420 [preauth]","@timestamp":"2022-09-15T18:47:41.942Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:47:48 honeypot-ams-1 sshd[28732]: Invalid user pi from 121.178.241.243 port 1638","@timestamp":"2022-09-15T18:47:49.474Z"}
{"@timestamp":"2022-09-15T18:47:53.918Z","@version":"1","message":"Sep 15 18:47:53 honeypot-sgp-1 sshd[22534]: Received disconnect from 92.255.85.70 port 18132:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:52:50.039Z","@version":"1","message":"Sep 15 18:52:49 honeypot-sgp-1 kernel: [84144076.635850] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.160.102.76 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=36103 DF PROTO=TCP SPT=35243 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:57:30 honeypot-fra-1 sshd[19395]: Received disconnect from 190.181.25.210 port 52081:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:57:31.165Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:57:34 honeypot-ams-1 kernel: [84144836.605589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.205.177.99 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41542 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:57:34.726Z"}
{"@timestamp":"2022-09-15T18:59:26.195Z","@version":"1","message":"Sep 15 18:59:25 honeypot-sgp-1 sshd[22543]: Received disconnect from 61.177.173.39 port 41629:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:00:09 honeypot-fra-1 sshd[19400]: Received disconnect from 61.177.173.37 port 61817:11:  [preauth]","@timestamp":"2022-09-15T19:00:09.226Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:00:54.265Z","@version":"1","message":"Sep 15 19:00:53 honeypot-sgp-1 sshd[22548]: Received disconnect from 45.90.218.197 port 48396:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:02:49 honeypot-fra-1 sshd[19408]: Received disconnect from 61.177.173.36 port 11724:11:  [preauth]","@timestamp":"2022-09-15T19:02:50.288Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:04:31 honeypot-ams-1 sshd[28756]: Received disconnect from 119.159.226.30 port 37834:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:04:31.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:07:05 honeypot-fra-1 sshd[19425]: Received disconnect from 165.22.45.108 port 54668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:07:05.385Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:08:43 honeypot-fra-1 sshd[19429]: Disconnected from invalid user person 195.158.18.237 port 49914 [preauth]","@timestamp":"2022-09-15T19:08:43.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:09:48.475Z","@version":"1","message":"Sep 15 19:09:47 honeypot-sgp-1 sshd[22558]: Did not receive identification string from 193.142.146.50 port 56724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:09:56 honeypot-ams-1 kernel: [84145578.622961] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.34.140.207 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=54733 PROTO=TCP SPT=30806 DPT=443 WINDOW=20603 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:09:57.066Z"}
{"@timestamp":"2022-09-15T19:11:43.523Z","@version":"1","message":"Sep 15 19:11:42 honeypot-sgp-1 sshd[22564]: Disconnected from authenticating user root 193.142.146.50 port 38858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:13:31.570Z","@version":"1","message":"Sep 15 19:13:31 honeypot-sgp-1 kernel: [84145318.059477] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=208.67.104.120 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=109 ID=9902 DF PROTO=TCP SPT=58015 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:14:02.584Z","@version":"1","message":"Sep 15 19:14:02 honeypot-sgp-1 sshd[22574]: Connection closed by invalid user ubnt 179.60.147.69 port 63068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:38 honeypot-fra-1 sshd[19442]: Invalid user user from 198.98.61.9 port 51186","@timestamp":"2022-09-15T19:15:38.587Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:15:40.626Z","@version":"1","message":"Sep 15 19:15:40 honeypot-sgp-1 sshd[22581]: Received disconnect from 193.142.146.50 port 36118:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:04 honeypot-fra-1 sshd[19446]: Invalid user user from 198.98.61.9 port 46778","@timestamp":"2022-09-15T19:16:05.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:26 honeypot-fra-1 sshd[19450]: Invalid user user from 198.98.61.9 port 42374","@timestamp":"2022-09-15T19:16:27.611Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:16:27.646Z","@version":"1","message":"Sep 15 19:16:26 honeypot-sgp-1 sshd[22586]: Disconnected from invalid user test 193.142.146.50 port 55502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:44 honeypot-fra-1 sshd[19454]: Invalid user user from 198.98.61.9 port 37962","@timestamp":"2022-09-15T19:16:44.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:17:42 honeypot-ams-1 sshd[28767]: Connection closed by invalid user ubnt 179.60.147.69 port 60128 [preauth]","@timestamp":"2022-09-15T19:17:42.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:20:01 honeypot-fra-1 sshd[19459]: Received disconnect from 103.137.75.78 port 54788:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:20:01.698Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:20:56.770Z","@version":"1","message":"Sep 15 19:20:56 honeypot-sgp-1 sshd[22593]: Received disconnect from 61.177.172.104 port 18696:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:25:26.877Z","@version":"1","message":"Sep 15 19:25:26 honeypot-sgp-1 sshd[22600]: Received disconnect from 61.177.173.48 port 21972:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:31:31 honeypot-fra-1 sshd[19471]: Received disconnect from 92.255.85.70 port 19080:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:31:31.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:32:41.064Z","@version":"1","message":"Sep 15 19:32:40 honeypot-sgp-1 kernel: [84146467.272285] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61914 PROTO=TCP SPT=52903 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:34:06 honeypot-ams-1 kernel: [84147027.985854] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.133 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=35157 PROTO=TCP SPT=42392 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:34:06.707Z"}
{"@timestamp":"2022-09-15T19:36:01.142Z","@version":"1","message":"Sep 15 19:36:00 honeypot-sgp-1 sshd[22612]: Disconnected from invalid user manager 92.255.85.70 port 29078 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:37:44 honeypot-fra-1 sshd[19477]: Received disconnect from 61.177.173.48 port 24993:11:  [preauth]","@timestamp":"2022-09-15T19:37:45.116Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:42:03.280Z","@version":"1","message":"Sep 15 19:42:02 honeypot-sgp-1 sshd[22621]: Disconnected from invalid user install 35.246.83.56 port 54146 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:43:51 honeypot-fra-1 sshd[19485]: Connection closed by invalid user tomcat 193.106.191.157 port 57222 [preauth]","@timestamp":"2022-09-15T19:43:52.257Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:49:28.452Z","@version":"1","message":"Sep 15 19:49:28 honeypot-sgp-1 sshd[22630]: Received disconnect from 61.177.173.39 port 37127:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:51:18.499Z","@version":"1","message":"Sep 15 19:51:18 honeypot-sgp-1 kernel: [84147585.206501] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=17009 PROTO=TCP SPT=44726 DPT=443 WINDOW=49878 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:51:19 honeypot-fra-1 sshd[19493]: Connection closed by invalid user user 103.188.176.251 port 33838 [preauth]","@timestamp":"2022-09-15T19:51:20.422Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:53:44 honeypot-ams-1 sshd[28782]: Invalid user gambaa from 180.179.24.156 port 40404","@timestamp":"2022-09-15T19:53:44.208Z"}
{"@timestamp":"2022-09-15T19:54:47.580Z","@version":"1","message":"Sep 15 19:54:46 honeypot-sgp-1 sshd[22641]: Received disconnect from 189.112.196.1 port 29255:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:55:30 honeypot-fra-1 kernel: [84146146.751094] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.99.150 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35746 PROTO=TCP SPT=56789 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:55:31.518Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:56:45 honeypot-ams-1 sshd[28784]: Received disconnect from 103.133.57.242 port 45350:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:56:45.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:57:13 honeypot-ams-1 sshd[28788]: Received disconnect from 142.93.50.201 port 35610:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:57:13.304Z"}
{"@timestamp":"2022-09-15T19:59:28.708Z","@version":"1","message":"Sep 15 19:59:28 honeypot-sgp-1 kernel: [84148075.006973] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=101.43.192.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=23035 DF PROTO=TCP SPT=31243 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:00:05.725Z","@version":"1","message":"Sep 15 20:00:05 honeypot-sgp-1 kernel: [84148112.348106] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=36286 PROTO=TCP SPT=40383 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:00:24 honeypot-fra-1 sshd[19509]: Received disconnect from 61.177.173.52 port 40204:11:  [preauth]","@timestamp":"2022-09-15T20:00:24.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:02:03 honeypot-ams-1 sshd[28795]: Received disconnect from 157.230.47.241 port 54822:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:02:03.431Z"}
{"@timestamp":"2022-09-15T20:02:37.788Z","@version":"1","message":"Sep 15 20:02:37 honeypot-sgp-1 sshd[22655]: Disconnecting invalid user cameras 185.246.130.20 port 20761: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:08.804Z","@version":"1","message":"Sep 15 20:03:07 honeypot-sgp-1 sshd[22661]: Disconnecting invalid user  185.246.130.20 port 61285: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:34.816Z","@version":"1","message":"Sep 15 20:03:34 honeypot-sgp-1 sshd[22668]: Invalid user admin from 185.246.130.20 port 52196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:08.834Z","@version":"1","message":"Sep 15 20:04:08 honeypot-sgp-1 sshd[22674]: Disconnecting authenticating user root 185.246.130.20 port 38446: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:36.846Z","@version":"1","message":"Sep 15 20:04:36 honeypot-sgp-1 sshd[22680]: Disconnecting invalid user araknis 185.246.130.20 port 57697: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:17.866Z","@version":"1","message":"Sep 15 20:05:16 honeypot-sgp-1 sshd[22689]: Invalid user Admin from 185.246.130.20 port 58533","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:43.879Z","@version":"1","message":"Sep 15 20:05:43 honeypot-sgp-1 sshd[22697]: Invalid user guest from 185.246.130.20 port 33363","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:06:04 honeypot-fra-1 sshd[19512]: Disconnected from authenticating user root 61.177.172.108 port 50190 [preauth]","@timestamp":"2022-09-15T20:06:05.760Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:06:16.894Z","@version":"1","message":"Sep 15 20:06:16 honeypot-sgp-1 sshd[22704]: Invalid user  from 185.246.130.20 port 26939","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:39.907Z","@version":"1","message":"Sep 15 20:06:39 honeypot-sgp-1 sshd[22710]: Invalid user admin from 185.246.130.20 port 63674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:05.919Z","@version":"1","message":"Sep 15 20:07:05 honeypot-sgp-1 sshd[22716]: Disconnecting invalid user Administrator 185.246.130.20 port 8765: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:32.932Z","@version":"1","message":"Sep 15 20:07:32 honeypot-sgp-1 sshd[22722]: Disconnecting invalid user sti.admin5 185.246.130.20 port 8258: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:54.944Z","@version":"1","message":"Sep 15 20:07:54 honeypot-sgp-1 sshd[22726]: Disconnecting invalid user blank 185.246.130.20 port 38402: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:10.952Z","@version":"1","message":"Sep 15 20:08:10 honeypot-sgp-1 sshd[22734]: Disconnecting invalid user  185.246.130.20 port 2988: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:41.971Z","@version":"1","message":"Sep 15 20:08:41 honeypot-sgp-1 sshd[22742]: Invalid user c1@r0 from 185.246.130.20 port 53159","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:56.978Z","@version":"1","message":"Sep 15 20:08:56 honeypot-sgp-1 sshd[22748]: Invalid user superonline from 185.246.130.20 port 63242","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:28.993Z","@version":"1","message":"Sep 15 20:09:28 honeypot-sgp-1 sshd[22754]: Invalid user Admin from 185.246.130.20 port 16533","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:00.008Z","@version":"1","message":"Sep 15 20:09:59 honeypot-sgp-1 sshd[22761]: Invalid user  from 185.246.130.20 port 29542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:30.023Z","@version":"1","message":"Sep 15 20:10:29 honeypot-sgp-1 sshd[22767]: Invalid user  from 185.246.130.20 port 19181","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:00.038Z","@version":"1","message":"Sep 15 20:10:59 honeypot-sgp-1 sshd[22775]: Invalid user admin from 185.246.130.20 port 52192","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:31.052Z","@version":"1","message":"Sep 15 20:11:30 honeypot-sgp-1 sshd[22781]: Disconnecting invalid user admin 185.246.130.20 port 49850: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:58.066Z","@version":"1","message":"Sep 15 20:11:58 honeypot-sgp-1 sshd[22787]: Disconnecting invalid user admin 185.246.130.20 port 6875: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:21.076Z","@version":"1","message":"Sep 15 20:12:20 honeypot-sgp-1 sshd[22793]: Disconnecting invalid user Shiko 185.246.130.20 port 49913: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:46.089Z","@version":"1","message":"Sep 15 20:12:45 honeypot-sgp-1 sshd[22799]: Disconnecting invalid user smcadmin 185.246.130.20 port 59667: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:12.102Z","@version":"1","message":"Sep 15 20:13:11 honeypot-sgp-1 sshd[22805]: Disconnecting invalid user highspeed 185.246.130.20 port 42734: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:39.116Z","@version":"1","message":"Sep 15 20:13:38 honeypot-sgp-1 sshd[22811]: Disconnecting invalid user  185.246.130.20 port 9600: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:59.125Z","@version":"1","message":"Sep 15 20:13:58 honeypot-sgp-1 sshd[22817]: Connection closed by invalid user user1 103.188.176.251 port 56256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:19.135Z","@version":"1","message":"Sep 15 20:14:18 honeypot-sgp-1 sshd[22823]: Disconnecting invalid user ubnt 185.246.130.20 port 47987: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:53.153Z","@version":"1","message":"Sep 15 20:14:52 honeypot-sgp-1 sshd[22832]: Invalid user amdin from 185.246.130.20 port 3786","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:15:18 honeypot-ams-1 kernel: [84149500.454449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=134.209.154.1 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=245 ID=54321 PROTO=TCP SPT=51372 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:15:18.766Z"}
{"@timestamp":"2022-09-15T20:15:21.166Z","@version":"1","message":"Sep 15 20:15:20 honeypot-sgp-1 sshd[22838]: Invalid user admin from 185.246.130.20 port 32458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:40.176Z","@version":"1","message":"Sep 15 20:15:39 honeypot-sgp-1 sshd[22842]: Invalid user 0 from 185.246.130.20 port 52846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:00 honeypot-fra-1 sshd[19521]: Received disconnect from 92.255.85.70 port 42154:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:16:00.989Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:16:04.188Z","@version":"1","message":"Sep 15 20:16:03 honeypot-sgp-1 sshd[22848]: Disconnecting invalid user zoomadsl 185.246.130.20 port 33969: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:20 honeypot-fra-1 sshd[19525]: Connection closed by invalid user guest 54.163.60.60 port 60610 [preauth]","@timestamp":"2022-09-15T20:16:20.999Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:16:25.199Z","@version":"1","message":"Sep 15 20:16:24 honeypot-sgp-1 sshd[22852]: Disconnecting invalid user 1admin0 185.246.130.20 port 51198: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:23:39 honeypot-fra-1 sshd[19536]: Received disconnect from 61.177.173.49 port 20729:11:  [preauth]","@timestamp":"2022-09-15T20:23:39.168Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:24:35.392Z","@version":"1","message":"Sep 15 20:24:35 honeypot-sgp-1 sshd[22864]: Received disconnect from 92.255.85.70 port 23582:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:27:21 honeypot-ams-1 sshd[28807]: Received disconnect from 212.20.41.28 port 54103:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:27:22.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:29:35 honeypot-fra-1 sshd[19543]: Invalid user tomcat from 193.106.191.157 port 59494","@timestamp":"2022-09-15T20:29:36.302Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:30:52.539Z","@version":"1","message":"Sep 15 20:30:51 honeypot-sgp-1 sshd[22871]: Received disconnect from 61.177.173.49 port 54113:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:32:59 honeypot-ams-1 sshd[28812]: Received disconnect from 92.255.85.70 port 19014:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:33:00.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:33:44 honeypot-fra-1 sshd[19550]: Connection closed by invalid user ubnt 179.60.147.69 port 24772 [preauth]","@timestamp":"2022-09-15T20:33:45.399Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:35:38.651Z","@version":"1","message":"Sep 15 20:35:38 honeypot-sgp-1 sshd[22875]: Disconnected from authenticating user root 61.177.172.114 port 14391 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:39:46.750Z","@version":"1","message":"Sep 15 20:39:46 honeypot-sgp-1 sshd[22882]: Invalid user pbx from 128.199.91.252 port 50260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:41:20.789Z","@version":"1","message":"Sep 15 20:41:20 honeypot-sgp-1 kernel: [84150587.035496] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=157.245.218.254 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=45476 PROTO=TCP SPT=20000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:43:21 honeypot-fra-1 kernel: [84149017.235610] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.84.131.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51322 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:43:21.614Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T20:46:40.916Z","@version":"1","message":"Sep 15 20:46:40 honeypot-sgp-1 sshd[22888]: Disconnected from invalid user wendy 143.198.123.124 port 37556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:46:55 honeypot-fra-1 sshd[19562]: Disconnected from authenticating user root 61.177.173.53 port 38551 [preauth]","@timestamp":"2022-09-15T20:46:55.697Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:49:04 honeypot-fra-1 sshd[19568]: Disconnected from authenticating user root 207.154.205.115 port 52966 [preauth]","@timestamp":"2022-09-15T20:49:04.748Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:49:07.976Z","@version":"1","message":"Sep 15 20:49:07 honeypot-sgp-1 sshd[22897]: Received disconnect from 206.217.131.233 port 53320:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:51:34 honeypot-ams-1 kernel: [84151676.731759] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.103.32.192 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=57893 DF PROTO=TCP SPT=53270 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:51:35.691Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:52:20 honeypot-fra-1 sshd[19575]: Disconnected from invalid user ldanko 165.22.45.108 port 36544 [preauth]","@timestamp":"2022-09-15T20:52:20.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:54:03.093Z","@version":"1","message":"Sep 15 20:54:02 honeypot-sgp-1 sshd[22903]: Invalid user user from 45.61.186.249 port 50168","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:12.098Z","@version":"1","message":"Sep 15 20:54:11 honeypot-sgp-1 sshd[22921]: Received disconnect from 45.61.186.249 port 33148:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:29.106Z","@version":"1","message":"Sep 15 20:54:28 honeypot-sgp-1 sshd[22925]: Received disconnect from 45.61.186.249 port 55596:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:48.114Z","@version":"1","message":"Sep 15 20:54:47 honeypot-sgp-1 sshd[22929]: Received disconnect from 45.61.186.249 port 49812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:56:59 honeypot-fra-1 sshd[19580]: Disconnected from invalid user user 198.98.61.9 port 52130 [preauth]","@timestamp":"2022-09-15T20:56:59.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:16 honeypot-fra-1 sshd[19584]: Received disconnect from 198.98.61.9 port 46530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T20:57:16.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:37 honeypot-fra-1 sshd[19589]: Received disconnect from 198.98.61.9 port 40930:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T20:57:37.944Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:57:47.184Z","@version":"1","message":"Sep 15 20:57:46 honeypot-sgp-1 sshd[22933]: Disconnected from authenticating user root 61.177.172.114 port 33174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:56 honeypot-fra-1 sshd[19593]: Received disconnect from 198.98.61.9 port 35334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T20:57:56.953Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:59:35 honeypot-ams-1 kernel: [84152157.419889] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33738 PROTO=TCP SPT=52938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:59:35.910Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:59:49 honeypot-ams-1 sshd[28823]: Disconnected from invalid user azure 52.178.155.67 port 1024 [preauth]","@timestamp":"2022-09-15T20:59:49.918Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:02:23 honeypot-fra-1 sshd[19595]: Disconnected from invalid user anonymous 92.255.85.70 port 36752 [preauth]","@timestamp":"2022-09-15T21:02:24.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:03:45 honeypot-ams-1 kernel: [84152407.342398] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.163.41 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=31389 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:03:46.022Z"}
{"@timestamp":"2022-09-15T21:06:31.405Z","@version":"1","message":"Sep 15 21:06:31 honeypot-sgp-1 kernel: [84152097.844638] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=228 ID=11906 PROTO=TCP SPT=55604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:07:18 honeypot-fra-1 sshd[19602]: Disconnected from invalid user htp 200.10.192.5 port 39833 [preauth]","@timestamp":"2022-09-15T21:07:18.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:08:28 honeypot-fra-1 sshd[19606]: Disconnected from invalid user admin 185.149.120.61 port 48958 [preauth]","@timestamp":"2022-09-15T21:08:29.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:10:03 honeypot-fra-1 sshd[19612]: Did not receive identification string from 162.241.189.135 port 44924","@timestamp":"2022-09-15T21:10:04.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:11:12 honeypot-fra-1 sshd[19618]: Received disconnect from 68.183.56.198 port 57942:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:11:13.264Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:12:02 honeypot-ams-1 sshd[28831]: Invalid user default from 179.60.147.69 port 49016","@timestamp":"2022-09-15T21:12:03.242Z"}
{"@timestamp":"2022-09-15T21:12:46.554Z","@version":"1","message":"Sep 15 21:12:45 honeypot-sgp-1 sshd[22951]: Invalid user admin from 118.21.144.227 port 53642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:13:44 honeypot-ams-1 sshd[28836]: Connection closed by 13.56.251.189 port 44150 [preauth]","@timestamp":"2022-09-15T21:13:45.287Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:14:28 honeypot-ams-1 sshd[28846]: Disconnected from authenticating user root 124.137.205.59 port 62867 [preauth]","@timestamp":"2022-09-15T21:14:29.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:26 honeypot-ams-1 sshd[28853]: Received disconnect from 198.98.61.9 port 40040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T21:15:26.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:38 honeypot-ams-1 sshd[28855]: Invalid user user from 198.98.61.9 port 51624","@timestamp":"2022-09-15T21:15:39.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:15:56 honeypot-fra-1 kernel: [84150972.017020] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58650 PROTO=TCP SPT=55604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:15:56.371Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:59 honeypot-ams-1 sshd[28859]: Invalid user user from 198.98.61.9 port 46562","@timestamp":"2022-09-15T21:16:00.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:11 honeypot-ams-1 sshd[28863]: Received disconnect from 159.65.129.227 port 45584:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:16:12.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:35 honeypot-ams-1 sshd[28867]: Received disconnect from 128.199.137.41 port 54932:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:16:35.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:17:01 honeypot-fra-1 CRON[19627]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T21:17:01.398Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:17:01.673Z","@version":"1","message":"Sep 15 21:17:01 honeypot-sgp-1 CRON[22958]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:18:32 honeypot-ams-1 sshd[28873]: Invalid user admin from 92.255.85.69 port 63140","@timestamp":"2022-09-15T21:18:33.431Z"}
{"@timestamp":"2022-09-15T21:21:16.776Z","@version":"1","message":"Sep 15 21:21:16 honeypot-sgp-1 kernel: [84152982.805022] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=25621 PROTO=TCP SPT=46528 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:21:30 honeypot-ams-1 sshd[28875]: Disconnected from invalid user wdw 185.211.4.43 port 46298 [preauth]","@timestamp":"2022-09-15T21:21:30.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:24:47 honeypot-fra-1 kernel: [84151502.979991] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39987 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:24:47.574Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:29:09 honeypot-ams-1 sshd[28882]: Received disconnect from 186.10.125.209 port 26016:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:29:10.701Z"}
{"@timestamp":"2022-09-15T21:31:02.023Z","@version":"1","message":"Sep 15 21:31:01 honeypot-sgp-1 sshd[22972]: Disconnected from authenticating user root 92.255.85.69 port 29002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:31:06 honeypot-fra-1 sshd[19640]: Received disconnect from 61.177.172.124 port 53529:11:  [preauth]","@timestamp":"2022-09-15T21:31:07.718Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:34:12.099Z","@version":"1","message":"Sep 15 21:34:11 honeypot-sgp-1 sshd[22978]: Disconnected from authenticating user root 157.230.245.64 port 50672 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:41:22 honeypot-fra-1 sshd[19649]: Disconnected from authenticating user root 61.177.173.51 port 46255 [preauth]","@timestamp":"2022-09-15T21:41:22.945Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:43:14 honeypot-ams-1 sshd[28891]: Received disconnect from 92.255.85.69 port 61376:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:43:15.062Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:46:16 honeypot-fra-1 sshd[19658]: Connection closed by authenticating user nobody 179.60.147.69 port 4706 [preauth]","@timestamp":"2022-09-15T21:46:17.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:47:44.412Z","@version":"1","message":"Sep 15 21:47:43 honeypot-sgp-1 kernel: [84154570.225890] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=17334 DF PROTO=TCP SPT=49590 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:51:05 honeypot-fra-1 kernel: [84153081.227217] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=24920 PROTO=TCP SPT=52938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:51:06.183Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T21:54:16.563Z","@version":"1","message":"Sep 15 21:54:15 honeypot-sgp-1 kernel: [84154962.326040] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=36208 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:54:20 honeypot-ams-1 kernel: [84155442.555163] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.89.53.76 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=55227 PROTO=TCP SPT=8030 DPT=443 WINDOW=54670 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:54:21.343Z"}
{"@timestamp":"2022-09-15T21:56:15.611Z","@version":"1","message":"Sep 15 21:56:15 honeypot-sgp-1 sshd[23065]: Disconnected from authenticating user root 61.177.173.50 port 12656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:58:37 honeypot-fra-1 sshd[19674]: Connection closed by 43.135.123.64 port 35688 [preauth]","@timestamp":"2022-09-15T21:58:38.353Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:00:56 honeypot-ams-1 sshd[28902]: Received disconnect from 209.73.215.135 port 34736:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:00:57.521Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:20 honeypot-fra-1 sshd[19682]: Received disconnect from 162.241.189.135 port 47922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:21.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:27 honeypot-fra-1 sshd[19686]: Received disconnect from 162.241.189.135 port 33108:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:28.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:35 honeypot-fra-1 sshd[19690]: Received disconnect from 162.241.189.135 port 38496:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:36.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:44 honeypot-fra-1 sshd[19694]: Received disconnect from 162.241.189.135 port 51100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:44.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:52 honeypot-fra-1 sshd[19698]: Received disconnect from 162.241.189.135 port 34848:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:52.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:00 honeypot-fra-1 sshd[19702]: Received disconnect from 162.241.189.135 port 47892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:00.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:07 honeypot-fra-1 sshd[19706]: Received disconnect from 162.241.189.135 port 60136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:08.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:15 honeypot-fra-1 sshd[19710]: Invalid user user from 162.241.189.135 port 44310","@timestamp":"2022-09-15T22:03:16.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:26 honeypot-fra-1 sshd[19714]: Invalid user user from 162.241.189.135 port 57486","@timestamp":"2022-09-15T22:03:27.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:31 honeypot-fra-1 sshd[19718]: Invalid user user from 162.241.189.135 port 43534","@timestamp":"2022-09-15T22:03:31.475Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:39 honeypot-fra-1 sshd[19722]: Invalid user user from 162.241.189.135 port 57430","@timestamp":"2022-09-15T22:03:39.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:47 honeypot-fra-1 sshd[19726]: Invalid user user from 162.241.189.135 port 42648","@timestamp":"2022-09-15T22:03:47.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:51 honeypot-fra-1 sshd[19728]: Disconnected from invalid user user 162.241.189.135 port 34902 [preauth]","@timestamp":"2022-09-15T22:03:51.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:59 honeypot-fra-1 sshd[19732]: Disconnected from invalid user user 162.241.189.135 port 50776 [preauth]","@timestamp":"2022-09-15T22:03:59.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:07 honeypot-fra-1 sshd[19736]: Disconnected from invalid user user 162.241.189.135 port 35196 [preauth]","@timestamp":"2022-09-15T22:04:07.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:21 honeypot-fra-1 sshd[19740]: Disconnected from invalid user user 162.241.189.135 port 41910 [preauth]","@timestamp":"2022-09-15T22:04:22.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:29 honeypot-fra-1 sshd[19744]: Disconnected from invalid user user 162.241.189.135 port 53744 [preauth]","@timestamp":"2022-09-15T22:04:29.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:36 honeypot-fra-1 sshd[19748]: Disconnected from invalid user user 162.241.189.135 port 42038 [preauth]","@timestamp":"2022-09-15T22:04:37.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:44 honeypot-fra-1 sshd[19752]: Disconnected from invalid user user 162.241.189.135 port 56920 [preauth]","@timestamp":"2022-09-15T22:04:45.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:52 honeypot-fra-1 sshd[19756]: Disconnected from invalid user user 162.241.189.135 port 42184 [preauth]","@timestamp":"2022-09-15T22:04:53.519Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:00 honeypot-fra-1 sshd[19760]: Disconnected from invalid user user 162.241.189.135 port 55434 [preauth]","@timestamp":"2022-09-15T22:05:01.522Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:08 honeypot-fra-1 sshd[19764]: Disconnected from invalid user user 162.241.189.135 port 40642 [preauth]","@timestamp":"2022-09-15T22:05:09.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:16 honeypot-fra-1 sshd[19768]: Disconnected from invalid user user 162.241.189.135 port 55010 [preauth]","@timestamp":"2022-09-15T22:05:17.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:24 honeypot-fra-1 sshd[19772]: Disconnected from invalid user user 162.241.189.135 port 42606 [preauth]","@timestamp":"2022-09-15T22:05:24.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:32 honeypot-fra-1 sshd[19776]: Disconnected from invalid user user 162.241.189.135 port 57354 [preauth]","@timestamp":"2022-09-15T22:05:32.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:39 honeypot-fra-1 sshd[19780]: Disconnected from invalid user user 162.241.189.135 port 45014 [preauth]","@timestamp":"2022-09-15T22:05:40.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:50 honeypot-fra-1 sshd[19784]: Disconnected from invalid user user 162.241.189.135 port 37334 [preauth]","@timestamp":"2022-09-15T22:05:51.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:59 honeypot-fra-1 sshd[19788]: Disconnected from invalid user user 162.241.189.135 port 35270 [preauth]","@timestamp":"2022-09-15T22:05:59.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:02 honeypot-fra-1 sshd[19792]: Disconnected from invalid user user 162.241.189.135 port 55928 [preauth]","@timestamp":"2022-09-15T22:06:03.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:10 honeypot-fra-1 sshd[19796]: Disconnected from invalid user user 162.241.189.135 port 40900 [preauth]","@timestamp":"2022-09-15T22:06:11.559Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:20 honeypot-fra-1 sshd[19800]: Disconnected from invalid user user 162.241.189.135 port 53238 [preauth]","@timestamp":"2022-09-15T22:06:20.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:28 honeypot-fra-1 sshd[19804]: Disconnected from invalid user user 162.241.189.135 port 37944 [preauth]","@timestamp":"2022-09-15T22:06:29.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:35 honeypot-fra-1 sshd[19808]: Disconnected from invalid user user 162.241.189.135 port 50566 [preauth]","@timestamp":"2022-09-15T22:06:35.572Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:43 honeypot-fra-1 sshd[19812]: Disconnected from invalid user user 162.241.189.135 port 36624 [preauth]","@timestamp":"2022-09-15T22:06:43.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:51 honeypot-fra-1 sshd[19816]: Disconnected from invalid user user 162.241.189.135 port 49264 [preauth]","@timestamp":"2022-09-15T22:06:51.580Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:06:53 honeypot-ams-1 sshd[28905]: Disconnected from invalid user ftpuser 92.255.85.70 port 54174 [preauth]","@timestamp":"2022-09-15T22:06:53.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:59 honeypot-fra-1 sshd[19820]: Received disconnect from 162.241.189.135 port 33790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:59.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:07 honeypot-fra-1 sshd[19824]: Received disconnect from 162.241.189.135 port 45890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:07.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:15 honeypot-fra-1 sshd[19828]: Received disconnect from 162.241.189.135 port 33068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:15.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:22 honeypot-fra-1 sshd[19833]: Received disconnect from 162.241.189.135 port 46540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:23.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:30 honeypot-fra-1 sshd[19837]: Received disconnect from 162.241.189.135 port 58990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:31.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:38 honeypot-fra-1 sshd[19841]: Received disconnect from 162.241.189.135 port 45108:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:39.603Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:07:51.882Z","@version":"1","message":"Sep 15 22:07:51 honeypot-sgp-1 kernel: [84155777.995021] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.9.71.118 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=16657 DF PROTO=TCP SPT=10446 DPT=443 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:12:14 honeypot-ams-1 sshd[28910]: Received disconnect from 23.95.115.90 port 43138:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:12:15.818Z"}
{"@timestamp":"2022-09-15T22:13:20.016Z","@version":"1","message":"Sep 15 22:13:19 honeypot-sgp-1 kernel: [84156105.798600] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=27749 PROTO=TCP SPT=59922 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:14:01 honeypot-fra-1 sshd[19844]: Invalid user ftpuser from 92.255.85.70 port 35780","@timestamp":"2022-09-15T22:14:01.764Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:14:57 honeypot-ams-1 sshd[28914]: Disconnected from invalid user lke 103.68.183.202 port 53274 [preauth]","@timestamp":"2022-09-15T22:14:57.893Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:18:46 honeypot-fra-1 sshd[19850]: Invalid user user1 from 103.188.176.251 port 36906","@timestamp":"2022-09-15T22:18:46.872Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:19:01.157Z","@version":"1","message":"Sep 15 22:19:00 honeypot-sgp-1 sshd[23080]: Disconnected from invalid user guyoef5 138.68.230.183 port 33680 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T22:21:16.211Z","@version":"1","message":"Sep 15 22:21:15 honeypot-sgp-1 sshd[23086]: Invalid user default from 179.60.147.69 port 63974","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:22:24 honeypot-fra-1 sshd[19854]: Invalid user default from 179.60.147.69 port 36798","@timestamp":"2022-09-15T22:22:24.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:24:30 honeypot-fra-1 kernel: [84155086.078210] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=23618 PROTO=TCP SPT=50059 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:24:31.008Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:28:22 honeypot-ams-1 sshd[28923]: Invalid user admin from 92.255.85.70 port 40676","@timestamp":"2022-09-15T22:28:22.246Z"}
{"@timestamp":"2022-09-15T22:31:50.460Z","@version":"1","message":"Sep 15 22:31:49 honeypot-sgp-1 sshd[23092]: Received disconnect from 104.194.75.112 port 31112:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:35:20 honeypot-fra-1 kernel: [84155736.610619] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=23303 PROTO=TCP SPT=43206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:35:21.252Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:37:49 honeypot-fra-1 sshd[19870]: Disconnected from invalid user admin 92.255.85.70 port 59582 [preauth]","@timestamp":"2022-09-15T22:37:50.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:37:51 honeypot-ams-1 sshd[28927]: Invalid user gituser from 27.74.254.115 port 54606","@timestamp":"2022-09-15T22:37:52.497Z"}
{"@timestamp":"2022-09-15T22:42:22.709Z","@version":"1","message":"Sep 15 22:42:22 honeypot-sgp-1 kernel: [84157848.745996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.139.197 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=34358 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:43:03 honeypot-ams-1 sshd[28930]: Invalid user tomcat from 193.106.191.157 port 48294","@timestamp":"2022-09-15T22:43:04.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:52:22 honeypot-ams-1 sshd[28933]: Disconnected from invalid user jenkins 92.255.85.69 port 53894 [preauth]","@timestamp":"2022-09-15T22:52:22.879Z"}
{"@timestamp":"2022-09-15T22:55:01.012Z","@version":"1","message":"Sep 15 22:55:00 honeypot-sgp-1 kernel: [84158606.991681] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=60718 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19884]: Invalid user user from 20.13.161.157 port 56990","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19880]: Invalid user www from 20.13.161.157 port 56986","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19881]: Connection closed by invalid user chia 20.13.161.157 port 57028 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19880]: Connection closed by invalid user www 20.13.161.157 port 56986 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19907]: Connection closed by invalid user user 20.13.161.157 port 56978 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19911]: Invalid user vagrant from 20.13.161.157 port 57000","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19903]: Connection closed by invalid user support 20.13.161.157 port 56982 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19902]: Connection closed by authenticating user root 20.13.161.157 port 56984 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:59:07 honeypot-fra-1 sshd[19926]: Disconnected from invalid user jenkins 92.255.85.70 port 63480 [preauth]","@timestamp":"2022-09-15T22:59:08.807Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:59:44.127Z","@version":"1","message":"Sep 15 22:59:43 honeypot-sgp-1 kernel: [84158889.939458] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.150 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=54966 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:02:50 honeypot-ams-1 sshd[28938]: Connection closed by invalid user tomcat 193.106.191.157 port 33500 [preauth]","@timestamp":"2022-09-15T23:02:50.158Z"}
{"@timestamp":"2022-09-15T23:03:31.219Z","@version":"1","message":"Sep 15 23:03:30 honeypot-sgp-1 sshd[23113]: Disconnected from authenticating user root 165.232.141.0 port 56150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:09:16.360Z","@version":"1","message":"Sep 15 23:09:16 honeypot-sgp-1 kernel: [84159462.758883] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.132 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=740 PROTO=TCP SPT=43143 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:10:22 honeypot-fra-1 sshd[19931]: Connection closed by invalid user admin 60.251.146.248 port 56842 [preauth]","@timestamp":"2022-09-15T23:10:23.064Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:12:50 honeypot-ams-1 kernel: [84160151.905367] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=41434 PROTO=TCP SPT=19182 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:12:50.424Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:17:01 honeypot-fra-1 CRON[19936]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T23:17:01.217Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:17:02.571Z","@version":"1","message":"Sep 15 23:17:01 honeypot-sgp-1 CRON[23123]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:17:18 honeypot-ams-1 kernel: [84160420.740068] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.116.246.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=60032 PROTO=TCP SPT=18046 DPT=443 WINDOW=31046 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:17:19.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:46 honeypot-ams-1 sshd[28951]: Disconnected from authenticating user root 80.76.51.46 port 38594 [preauth]","@timestamp":"2022-09-15T23:21:47.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:04 honeypot-ams-1 sshd[28958]: Received disconnect from 80.76.51.46 port 45656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:22:04.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:31 honeypot-ams-1 sshd[28964]: Received disconnect from 80.76.51.46 port 56398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:22:32.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:01 honeypot-ams-1 sshd[28970]: Received disconnect from 80.76.51.46 port 38894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:23:01.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:21 honeypot-ams-1 sshd[28974]: Disconnected from invalid user test 80.76.51.46 port 46040 [preauth]","@timestamp":"2022-09-15T23:23:22.709Z"}
{"@timestamp":"2022-09-15T23:24:55.757Z","@version":"1","message":"Sep 15 23:24:55 honeypot-sgp-1 sshd[23129]: Disconnected from invalid user celia 190.11.80.188 port 43750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:28:43 honeypot-fra-1 kernel: [84158938.704357] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x08 PREC=0x60 TTL=52 ID=22964 DF PROTO=TCP SPT=23988 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:28:43.502Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:30:08 honeypot-ams-1 kernel: [84161190.545075] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=11478 PROTO=TCP SPT=44602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:30:08.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:33:24 honeypot-ams-1 sshd[28983]: Disconnected from invalid user nominatim 159.223.95.166 port 35628 [preauth]","@timestamp":"2022-09-15T23:33:24.974Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:34:39 honeypot-fra-1 sshd[19946]: Disconnected from authenticating user root 64.225.65.224 port 60310 [preauth]","@timestamp":"2022-09-15T23:34:40.636Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:36:30.040Z","@version":"1","message":"Sep 15 23:36:29 honeypot-sgp-1 sshd[23135]: Connection closed by invalid user admin 179.60.147.69 port 48226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:38:38 honeypot-fra-1 sshd[19957]: Connection closed by 100.20.101.213 port 50890 [preauth]","@timestamp":"2022-09-15T23:38:39.749Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:44:00 honeypot-ams-1 kernel: [84162022.422427] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=17354 PROTO=TCP SPT=44005 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:44:01.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:49:44 honeypot-ams-1 sshd[28996]: Disconnected from invalid user user 45.61.186.249 port 33076 [preauth]","@timestamp":"2022-09-15T23:49:45.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:04 honeypot-ams-1 sshd[29000]: Disconnected from invalid user user 45.61.186.249 port 55728 [preauth]","@timestamp":"2022-09-15T23:50:05.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:23 honeypot-ams-1 sshd[29004]: Disconnected from invalid user user 45.61.186.249 port 50196 [preauth]","@timestamp":"2022-09-15T23:50:24.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:35 honeypot-fra-1 sshd[19968]: Protocol major versions differ for 31.192.105.81 port 32591: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-NmapNSE_1.0","@timestamp":"2022-09-15T23:50:36.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:36 honeypot-fra-1 sshd[19972]: Connection closed by invalid user crcin 31.192.105.81 port 50318 [preauth]","@timestamp":"2022-09-15T23:50:37.032Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:38 honeypot-fra-1 sshd[19986]: Connection closed by 31.192.105.81 port 64556 [preauth]","@timestamp":"2022-09-15T23:50:39.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:40 honeypot-ams-1 sshd[29008]: Disconnected from invalid user user 45.61.186.249 port 44650 [preauth]","@timestamp":"2022-09-15T23:50:41.435Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:52:47 honeypot-ams-1 sshd[29014]: Disconnected from invalid user admin 80.76.51.45 port 46174 [preauth]","@timestamp":"2022-09-15T23:52:47.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:37 honeypot-ams-1 sshd[29020]: Received disconnect from 80.76.51.45 port 44014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:53:38.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:54:26 honeypot-ams-1 sshd[29026]: Received disconnect from 80.76.51.45 port 42016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:54:27.540Z"}
{"@timestamp":"2022-09-15T23:55:10.479Z","@version":"1","message":"Sep 15 23:55:10 honeypot-sgp-1 sshd[23143]: Received disconnect from 92.255.85.69 port 37774:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:55:15 honeypot-ams-1 sshd[29032]: Received disconnect from 80.76.51.45 port 39984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:55:16.567Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:55:48 honeypot-ams-1 sshd[29036]: Received disconnect from 80.76.51.45 port 48076:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:55:49.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19993]: Invalid user oracle from 182.253.81.212 port 33846","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19993]: Connection closed by invalid user oracle 182.253.81.212 port 33846 [preauth]","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:28 honeypot-fra-1 sshd[20008]: Connection closed by invalid user steam 182.253.81.212 port 33844 [preauth]","@timestamp":"2022-09-15T23:56:29.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:56:41.518Z","@version":"1","message":"Sep 15 23:56:41 honeypot-sgp-1 sshd[23147]: Received disconnect from 14.52.249.27 port 38760:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:42.543Z","@version":"1","message":"Sep 15 23:57:42 honeypot-sgp-1 sshd[23152]: Invalid user ap from 190.115.208.250 port 44568","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:50.548Z","@version":"1","message":"Sep 15 23:57:49 honeypot-sgp-1 sshd[23156]: Invalid user user from 45.61.186.49 port 60380","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:58:19.559Z","@version":"1","message":"Sep 15 23:58:18 honeypot-sgp-1 sshd[23160]: Did not receive identification string from 45.61.186.169 port 50742","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:58:58.577Z","@version":"1","message":"Sep 15 23:58:57 honeypot-sgp-1 sshd[23164]: Disconnected from invalid user user 45.61.186.169 port 45648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:15.585Z","@version":"1","message":"Sep 15 23:59:14 honeypot-sgp-1 sshd[23168]: Disconnected from invalid user user 45.61.186.169 port 40304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:30.592Z","@version":"1","message":"Sep 15 23:59:30 honeypot-sgp-1 sshd[23172]: Disconnected from invalid user user 45.61.186.169 port 34978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:03:16 honeypot-ams-1 sshd[29040]: Disconnected from authenticating user root 92.255.85.70 port 58208 [preauth]","@timestamp":"2022-09-16T00:03:16.787Z"}
{"@timestamp":"2022-09-16T00:05:09.746Z","@version":"1","message":"Sep 16 00:05:09 honeypot-sgp-1 kernel: [84162815.811982] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=197.46.202.176 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=47385 PROTO=TCP SPT=5319 DPT=80 WINDOW=11512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:10:53 honeypot-fra-1 sshd[20015]: Received disconnect from 92.255.85.69 port 22518:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:10:53.494Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T00:11:13.890Z","@version":"1","message":"Sep 16 00:11:13 honeypot-sgp-1 sshd[23181]: Received disconnect from 45.61.186.249 port 47544:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:31.898Z","@version":"1","message":"Sep 16 00:11:31 honeypot-sgp-1 sshd[23185]: Received disconnect from 45.61.186.249 port 41832:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:48.936Z","@version":"1","message":"Sep 16 00:11:48 honeypot-sgp-1 sshd[23189]: Received disconnect from 45.61.186.249 port 36122:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:12:04.943Z","@version":"1","message":"Sep 16 00:12:04 honeypot-sgp-1 sshd[23193]: Received disconnect from 45.61.186.249 port 58678:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:17:02.064Z","@version":"1","message":"Sep 16 00:17:01 honeypot-sgp-1 CRON[23200]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:17:16 honeypot-fra-1 kernel: [84161851.771511] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.189.59.155 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=56277 DF PROTO=TCP SPT=37534 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:17:16.643Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:18:00 honeypot-ams-1 kernel: [84164062.420289] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.150.37.58 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=3853 PROTO=TCP SPT=45407 DPT=80 WINDOW=25399 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:18:01.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:19:56 honeypot-fra-1 kernel: [84162012.286142] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=36624 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:19:57.711Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:20:09.141Z","@version":"1","message":"Sep 16 00:20:08 honeypot-sgp-1 sshd[23204]: Received disconnect from 45.61.184.204 port 49656:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:27.150Z","@version":"1","message":"Sep 16 00:20:26 honeypot-sgp-1 sshd[23208]: Received disconnect from 45.61.184.204 port 43892:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:45.159Z","@version":"1","message":"Sep 16 00:20:45 honeypot-sgp-1 sshd[23212]: Received disconnect from 45.61.184.204 port 38148:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:21:01.167Z","@version":"1","message":"Sep 16 00:21:00 honeypot-sgp-1 sshd[23216]: Received disconnect from 45.61.184.204 port 60618:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:22:40 honeypot-ams-1 kernel: [84164342.398196] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.162.222.36 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=43995 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:22:41.338Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:23:43 honeypot-fra-1 kernel: [84162238.642394] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=44931 PROTO=TCP SPT=19304 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:23:43.800Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:26:48 honeypot-ams-1 sshd[29051]: Received disconnect from 92.255.85.69 port 54292:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:26:49.449Z"}
{"@timestamp":"2022-09-16T00:34:59.493Z","@version":"1","message":"Sep 16 00:34:58 honeypot-sgp-1 sshd[23220]: Disconnected from authenticating user root 180.250.115.121 port 42856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:39:02.591Z","@version":"1","message":"Sep 16 00:39:02 honeypot-sgp-1 sshd[23226]: Invalid user sylvia from 20.205.9.176 port 47152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:39:57 honeypot-ams-1 sshd[29058]: Connection closed by invalid user sftpuser 103.188.176.251 port 57584 [preauth]","@timestamp":"2022-09-16T00:39:57.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:40:40 honeypot-fra-1 kernel: [84163255.562760] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.201.29.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=32442 PROTO=TCP SPT=36574 DPT=80 WINDOW=46817 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:40:40.231Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:41:03.641Z","@version":"1","message":"Sep 16 00:41:02 honeypot-sgp-1 sshd[23232]: Invalid user phion from 120.88.46.226 port 46092","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:42:40 honeypot-ams-1 sshd[29065]: Received disconnect from 137.184.118.54 port 53310:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:42:40.910Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:47:39 honeypot-ams-1 kernel: [84165841.117559] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=32939 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:47:40.045Z"}
{"@timestamp":"2022-09-16T00:48:05.809Z","@version":"1","message":"Sep 16 00:48:05 honeypot-sgp-1 kernel: [84165391.664116] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.175 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45995 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:52:01.902Z","@version":"1","message":"Sep 16 00:52:01 honeypot-sgp-1 sshd[23240]: Connection closed by invalid user admin 178.128.125.205 port 63264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:54:07 honeypot-fra-1 sshd[20034]: Connection closed by invalid user debian 179.60.147.69 port 38520 [preauth]","@timestamp":"2022-09-16T00:54:08.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T00:56:02.996Z","@version":"1","message":"Sep 16 00:56:02 honeypot-sgp-1 kernel: [84165869.440055] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.146.70 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=36630 PROTO=TCP SPT=47197 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:56:21 honeypot-ams-1 sshd[29073]: Invalid user debian from 179.60.147.69 port 39438","@timestamp":"2022-09-16T00:56:22.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:59:13 honeypot-fra-1 sshd[20039]: Connection closed by invalid user test2 141.98.10.158 port 56990 [preauth]","@timestamp":"2022-09-16T00:59:13.658Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:09:17.306Z","@version":"1","message":"Sep 16 01:09:16 honeypot-sgp-1 kernel: [84166663.228182] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=218.29.55.169 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=65424 DF PROTO=TCP SPT=2290 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:09:37 honeypot-ams-1 sshd[29077]: Invalid user en from 185.74.4.17 port 57076","@timestamp":"2022-09-16T01:09:37.626Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:09:37 honeypot-fra-1 sshd[20045]: Invalid user tomcat from 193.106.191.157 port 54908","@timestamp":"2022-09-16T01:09:37.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:10:57 honeypot-ams-1 sshd[29080]: Disconnected from invalid user view 164.92.212.181 port 42164 [preauth]","@timestamp":"2022-09-16T01:10:57.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:11:15 honeypot-fra-1 sshd[20050]: Received disconnect from 159.65.41.104 port 60546:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:11:15.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:15:21 honeypot-fra-1 sshd[20055]: Invalid user lee from 165.22.45.108 port 34114","@timestamp":"2022-09-16T01:15:22.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:16 honeypot-fra-1 sshd[20061]: Invalid user user from 45.61.186.49 port 39558","@timestamp":"2022-09-16T01:17:16.082Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:26 honeypot-fra-1 sshd[20065]: Invalid user user from 45.61.186.49 port 51506","@timestamp":"2022-09-16T01:17:27.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:19:20 honeypot-fra-1 kernel: [84165576.172246] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.65.232.229 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=48808 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:19:21.133Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:20:39.576Z","@version":"1","message":"Sep 16 01:20:38 honeypot-sgp-1 kernel: [84167345.425701] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=39667 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:21:52.608Z","@version":"1","message":"Sep 16 01:21:52 honeypot-sgp-1 sshd[23264]: Disconnected from authenticating user root 20.228.209.161 port 38358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:24:00 honeypot-fra-1 kernel: [84165855.951932] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.46 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=249 ID=54321 PROTO=TCP SPT=49350 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:24:01.244Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:24:38 honeypot-ams-1 sshd[29091]: Received disconnect from 147.182.188.81 port 48658:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:24:39.031Z"}
{"@timestamp":"2022-09-16T01:25:35.699Z","@version":"1","message":"Sep 16 01:25:35 honeypot-sgp-1 sshd[23270]: Invalid user otso from 188.166.95.44 port 53714","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:28:37.773Z","@version":"1","message":"Sep 16 01:28:37 honeypot-sgp-1 sshd[23277]: Received disconnect from 177.170.20.12 port 37940:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:29:43.803Z","@version":"1","message":"Sep 16 01:29:43 honeypot-sgp-1 sshd[23298]: Connection closed by invalid user admin 14.63.59.146 port 52043 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:30:38 honeypot-fra-1 sshd[20091]: Connection closed by invalid user guest 179.60.147.69 port 10740 [preauth]","@timestamp":"2022-09-16T01:30:39.398Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:31:08 honeypot-ams-1 sshd[29096]: Connection closed by 192.241.219.72 port 34392 [preauth]","@timestamp":"2022-09-16T01:31:09.204Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:53 honeypot-fra-1 sshd[20107]: Connection closed by authenticating user root 121.4.171.88 port 45708 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20108]: Invalid user postgres from 121.4.171.88 port 45652","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20105]: Connection closed by invalid user postgres 121.4.171.88 port 45636 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20124]: Connection closed by invalid user hadoop 121.4.171.88 port 45676 [preauth]","@timestamp":"2022-09-16T01:31:55.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:36:02 honeypot-ams-1 sshd[29102]: Invalid user administrador from 43.154.230.33 port 44372","@timestamp":"2022-09-16T01:36:03.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:13 honeypot-fra-1 sshd[20143]: Disconnected from invalid user user 45.61.186.49 port 48798 [preauth]","@timestamp":"2022-09-16T01:37:14.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:23 honeypot-fra-1 sshd[20148]: Disconnected from invalid user user 45.61.186.49 port 60350 [preauth]","@timestamp":"2022-09-16T01:37:24.559Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:38:07 honeypot-ams-1 sshd[29105]: Disconnected from invalid user operador 180.69.254.177 port 50870 [preauth]","@timestamp":"2022-09-16T01:38:08.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:38:53 honeypot-ams-1 sshd[29110]: Disconnected from authenticating user root 80.76.51.46 port 34334 [preauth]","@timestamp":"2022-09-16T01:38:53.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:21 honeypot-ams-1 sshd[29116]: Received disconnect from 80.76.51.46 port 44876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:39:22.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:51 honeypot-ams-1 sshd[29122]: Received disconnect from 80.76.51.46 port 55398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:39:51.444Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:21 honeypot-ams-1 sshd[29128]: Received disconnect from 80.76.51.46 port 37682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:40:22.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:32 honeypot-ams-1 sshd[29132]: Disconnected from invalid user test 80.76.51.46 port 41190 [preauth]","@timestamp":"2022-09-16T01:40:33.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:44:17 honeypot-fra-1 kernel: [84167073.182209] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=2041 PROTO=TCP SPT=45754 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:44:18.733Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:47:18 honeypot-ams-1 kernel: [84169420.198681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=14403 PROTO=TCP SPT=46528 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:47:18.645Z"}
{"@timestamp":"2022-09-16T01:49:15.285Z","@version":"1","message":"Sep 16 01:49:14 honeypot-sgp-1 sshd[23302]: Disconnected from authenticating user root 92.255.85.69 port 22762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:43 honeypot-ams-1 sshd[29144]: Invalid user ubnt from 111.226.108.58 port 43350","@timestamp":"2022-09-16T01:50:43.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:47 honeypot-ams-1 sshd[29148]: Disconnected from authenticating user root 111.226.108.58 port 43510 [preauth]","@timestamp":"2022-09-16T01:50:47.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:51 honeypot-ams-1 sshd[29154]: Disconnected from authenticating user root 111.226.108.58 port 43752 [preauth]","@timestamp":"2022-09-16T01:50:52.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:56 honeypot-ams-1 sshd[29160]: Disconnected from authenticating user root 111.226.108.58 port 43995 [preauth]","@timestamp":"2022-09-16T01:50:56.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:01 honeypot-ams-1 sshd[29166]: Disconnected from authenticating user root 111.226.108.58 port 44236 [preauth]","@timestamp":"2022-09-16T01:51:01.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:05 honeypot-ams-1 sshd[29172]: Disconnected from authenticating user root 111.226.108.58 port 44477 [preauth]","@timestamp":"2022-09-16T01:51:06.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:10 honeypot-ams-1 sshd[29178]: Disconnected from authenticating user root 111.226.108.58 port 44718 [preauth]","@timestamp":"2022-09-16T01:51:10.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:15 honeypot-ams-1 sshd[29184]: Disconnected from authenticating user root 111.226.108.58 port 44945 [preauth]","@timestamp":"2022-09-16T01:51:15.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:19 honeypot-ams-1 sshd[29190]: Disconnected from authenticating user root 111.226.108.58 port 45184 [preauth]","@timestamp":"2022-09-16T01:51:20.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:24 honeypot-ams-1 sshd[29196]: Disconnected from authenticating user root 111.226.108.58 port 45451 [preauth]","@timestamp":"2022-09-16T01:51:24.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:29 honeypot-ams-1 sshd[29202]: Disconnected from authenticating user root 111.226.108.58 port 45716 [preauth]","@timestamp":"2022-09-16T01:51:29.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:34 honeypot-ams-1 sshd[29208]: Disconnected from authenticating user root 111.226.108.58 port 45962 [preauth]","@timestamp":"2022-09-16T01:51:34.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:38 honeypot-ams-1 sshd[29214]: Invalid user admin from 111.226.108.58 port 46222","@timestamp":"2022-09-16T01:51:38.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:41 honeypot-ams-1 sshd[29218]: Invalid user admin from 111.226.108.58 port 46391","@timestamp":"2022-09-16T01:51:42.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:44 honeypot-ams-1 sshd[29222]: Invalid user admin from 111.226.108.58 port 46553","@timestamp":"2022-09-16T01:51:45.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:48 honeypot-ams-1 sshd[29226]: Invalid user admin from 111.226.108.58 port 46731","@timestamp":"2022-09-16T01:51:48.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:51 honeypot-ams-1 sshd[29230]: Invalid user admin from 111.226.108.58 port 46877","@timestamp":"2022-09-16T01:51:51.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:54 honeypot-ams-1 sshd[29234]: Received disconnect from 111.226.108.58 port 47057:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:54.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:57 honeypot-ams-1 sshd[29238]: Disconnected from invalid user pi 111.226.108.58 port 47218 [preauth]","@timestamp":"2022-09-16T01:51:58.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:00 honeypot-ams-1 sshd[29242]: Disconnected from invalid user user 111.226.108.58 port 47374 [preauth]","@timestamp":"2022-09-16T01:52:01.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:04 honeypot-ams-1 sshd[29246]: Disconnected from invalid user mine 111.226.108.58 port 47552 [preauth]","@timestamp":"2022-09-16T01:52:04.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:07 honeypot-ams-1 sshd[29250]: Disconnected from invalid user xbmc 111.226.108.58 port 47717 [preauth]","@timestamp":"2022-09-16T01:52:07.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:10 honeypot-ams-1 sshd[29254]: Disconnected from invalid user oracle 111.226.108.58 port 47872 [preauth]","@timestamp":"2022-09-16T01:52:10.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:13 honeypot-ams-1 sshd[29258]: Disconnected from invalid user postgres 111.226.108.58 port 48030 [preauth]","@timestamp":"2022-09-16T01:52:13.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:16 honeypot-ams-1 sshd[29262]: Disconnected from invalid user support 111.226.108.58 port 48195 [preauth]","@timestamp":"2022-09-16T01:52:16.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:19 honeypot-ams-1 sshd[29266]: Disconnected from invalid user ubuntu 111.226.108.58 port 48366 [preauth]","@timestamp":"2022-09-16T01:52:20.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:22 honeypot-ams-1 sshd[29270]: Disconnected from invalid user ubuntu 111.226.108.58 port 48516 [preauth]","@timestamp":"2022-09-16T01:52:23.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:26 honeypot-ams-1 sshd[29274]: Disconnected from invalid user guest 111.226.108.58 port 48676 [preauth]","@timestamp":"2022-09-16T01:52:26.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:29 honeypot-ams-1 sshd[29278]: Disconnected from invalid user cirros 111.226.108.58 port 48843 [preauth]","@timestamp":"2022-09-16T01:52:29.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:54:55 honeypot-fra-1 sshd[20158]: Disconnecting invalid user admin 217.42.70.30 port 55320: Too many authentication failures [preauth]","@timestamp":"2022-09-16T01:54:55.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:54:57.424Z","@version":"1","message":"Sep 16 01:54:56 honeypot-sgp-1 sshd[23305]: Disconnected from invalid user bitnami 211.193.31.52 port 57800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:56:09 honeypot-fra-1 sshd[20164]: Disconnected from invalid user http 139.59.176.155 port 47850 [preauth]","@timestamp":"2022-09-16T01:56:10.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:59:46 honeypot-ams-1 sshd[29283]: Disconnected from invalid user whq 46.101.169.25 port 54468 [preauth]","@timestamp":"2022-09-16T01:59:47.003Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:20 honeypot-fra-1 sshd[20170]: Received disconnect from 45.61.186.169 port 41326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:05:21.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:37 honeypot-fra-1 sshd[20174]: Received disconnect from 45.61.186.169 port 36228:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:05:38.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:55 honeypot-fra-1 sshd[20178]: Received disconnect from 45.61.186.169 port 59360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:05:56.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:11 honeypot-fra-1 sshd[20182]: Received disconnect from 45.61.186.169 port 54252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:06:12.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:06:26 honeypot-ams-1 kernel: [84170567.968781] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.212.138 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45602 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:06:27.186Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:08:09 honeypot-fra-1 sshd[20188]: Invalid user legend from 165.22.45.108 port 39164","@timestamp":"2022-09-16T02:08:10.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:08:45.759Z","@version":"1","message":"Sep 16 02:08:45 honeypot-sgp-1 kernel: [84170232.147833] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54511 PROTO=TCP SPT=50681 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:09:06 honeypot-ams-1 sshd[29292]: Invalid user admin from 179.60.147.69 port 12320","@timestamp":"2022-09-16T02:09:07.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:10:43 honeypot-ams-1 sshd[29296]: Received disconnect from 196.203.105.41 port 51352:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:10:44.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:30 honeypot-fra-1 sshd[20192]: Disconnected from invalid user user 45.61.186.249 port 43132 [preauth]","@timestamp":"2022-09-16T02:11:30.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:50 honeypot-fra-1 sshd[20196]: Disconnected from invalid user user 45.61.186.249 port 37718 [preauth]","@timestamp":"2022-09-16T02:11:51.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:07 honeypot-fra-1 sshd[20200]: Disconnected from invalid user user 45.61.186.249 port 60542 [preauth]","@timestamp":"2022-09-16T02:12:07.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:24 honeypot-fra-1 sshd[20204]: Received disconnect from 45.61.186.249 port 55124:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:12:24.478Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:13:48 honeypot-ams-1 sshd[29301]: Received disconnect from 187.190.252.164 port 45481:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:13:48.389Z"}
{"@timestamp":"2022-09-16T02:14:39.908Z","@version":"1","message":"Sep 16 02:14:39 honeypot-sgp-1 sshd[23316]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:17:49.987Z","@version":"1","message":"Sep 16 02:17:49 honeypot-sgp-1 kernel: [84170776.388025] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=669 PROTO=TCP SPT=15364 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:18:15 honeypot-ams-1 sshd[29306]: Disconnected from authenticating user root 190.18.110.53 port 38874 [preauth]","@timestamp":"2022-09-16T02:18:16.506Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:22:22 honeypot-ams-1 kernel: [84171524.153208] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.234.78.25 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=54273 DF PROTO=TCP SPT=40383 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:22:22.615Z"}
{"@timestamp":"2022-09-16T02:24:56.161Z","@version":"1","message":"Sep 16 02:24:55 honeypot-sgp-1 sshd[23326]: Received disconnect from 185.149.120.23 port 39018:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:26:37 honeypot-fra-1 kernel: [84169612.877322] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=22491 PROTO=TCP SPT=45948 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:26:37.881Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:26:41 honeypot-ams-1 sshd[29316]: Disconnected from invalid user raisa 209.97.162.46 port 42330 [preauth]","@timestamp":"2022-09-16T02:26:42.728Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:30:38 honeypot-fra-1 sshd[20212]: Received disconnect from 92.255.85.70 port 22776:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:30:38.978Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:32:52.356Z","@version":"1","message":"Sep 16 02:32:51 honeypot-sgp-1 sshd[23330]: Invalid user user from 45.61.186.249 port 44980","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:33:00 honeypot-ams-1 kernel: [84172162.207773] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=17503 PROTO=TCP SPT=62725 DPT=80 WINDOW=40602 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:33:00.894Z"}
{"@timestamp":"2022-09-16T02:33:11.366Z","@version":"1","message":"Sep 16 02:33:10 honeypot-sgp-1 sshd[23334]: Invalid user user from 45.61.186.249 port 39782","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:28.375Z","@version":"1","message":"Sep 16 02:33:28 honeypot-sgp-1 sshd[23338]: Invalid user user from 45.61.186.249 port 34590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:48.385Z","@version":"1","message":"Sep 16 02:33:47 honeypot-sgp-1 sshd[23342]: Invalid user user from 45.61.186.249 port 57626","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:40:09.538Z","@version":"1","message":"Sep 16 02:40:09 honeypot-sgp-1 kernel: [84172115.798762] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23534 PROTO=TCP SPT=43691 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:44:07 honeypot-fra-1 sshd[20218]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-16T02:44:08.281Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:45:31 honeypot-ams-1 sshd[29323]: Connection closed by authenticating user nobody 179.60.147.69 port 25858 [preauth]","@timestamp":"2022-09-16T02:45:31.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:47:31 honeypot-ams-1 sshd[29327]: Disconnected from invalid user test 52.140.103.80 port 49960 [preauth]","@timestamp":"2022-09-16T02:47:32.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:51:13 honeypot-ams-1 sshd[29333]: Received disconnect from 52.172.208.61 port 51400:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:51:14.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:53:53 honeypot-fra-1 sshd[20222]: Disconnected from invalid user admin 92.255.85.70 port 20726 [preauth]","@timestamp":"2022-09-16T02:53:53.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:59:27 honeypot-ams-1 kernel: [84173749.233589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=32799 PROTO=TCP SPT=50681 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:59:27.586Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:00:04 honeypot-fra-1 kernel: [84171620.071978] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=2386 PROTO=TCP SPT=24771 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:00:05.646Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T03:00:48.045Z","@version":"1","message":"Sep 16 03:00:47 honeypot-sgp-1 kernel: [84173353.973558] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.141.35 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=52040 PROTO=TCP SPT=26392 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:02:55 honeypot-ams-1 kernel: [84173957.549990] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=31937 PROTO=TCP SPT=56865 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:02:56.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:06:58 honeypot-ams-1 sshd[29344]: Disconnected from authenticating user root 178.134.60.186 port 45584 [preauth]","@timestamp":"2022-09-16T03:06:59.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:08:15 honeypot-fra-1 kernel: [84172110.485413] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=119.243.76.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=23650 PROTO=TCP SPT=57689 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:08:15.834Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T03:08:57.246Z","@version":"1","message":"Sep 16 03:08:56 honeypot-sgp-1 kernel: [84173843.082121] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=11762 PROTO=TCP SPT=57204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:10:07 honeypot-ams-1 sshd[29349]: Received disconnect from 92.255.85.69 port 48798:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:10:07.880Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:12:13 honeypot-fra-1 sshd[20234]: Connection closed by authenticating user root 103.188.176.251 port 60434 [preauth]","@timestamp":"2022-09-16T03:12:13.925Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:16:55 honeypot-ams-1 sshd[29353]: Disconnected from authenticating user root 80.76.51.46 port 60970 [preauth]","@timestamp":"2022-09-16T03:16:56.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:14 honeypot-ams-1 sshd[29360]: Disconnected from authenticating user root 80.76.51.46 port 40946 [preauth]","@timestamp":"2022-09-16T03:17:15.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:42 honeypot-ams-1 sshd[29367]: Received disconnect from 80.76.51.46 port 53278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:17:42.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:51 honeypot-ams-1 sshd[29371]: Disconnected from authenticating user root 80.76.51.46 port 57366 [preauth]","@timestamp":"2022-09-16T03:17:51.084Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:06 honeypot-ams-1 sshd[29377]: Invalid user user from 45.61.186.169 port 37198","@timestamp":"2022-09-16T03:18:07.093Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:14 honeypot-ams-1 sshd[29381]: Received disconnect from 45.61.186.169 port 48874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:15.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:23 honeypot-ams-1 sshd[29385]: Disconnected from invalid user user 45.61.186.169 port 60560 [preauth]","@timestamp":"2022-09-16T03:18:23.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:38 honeypot-ams-1 sshd[29391]: Invalid user test from 80.76.51.46 port 49616","@timestamp":"2022-09-16T03:18:38.110Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:47 honeypot-ams-1 sshd[29395]: Invalid user admin from 80.76.51.46 port 53706","@timestamp":"2022-09-16T03:18:48.115Z"}
{"@timestamp":"2022-09-16T03:19:43.514Z","@version":"1","message":"Sep 16 03:19:43 honeypot-sgp-1 sshd[23364]: Invalid user debian from 179.60.147.69 port 29226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:20:57 honeypot-fra-1 sshd[20242]: Connection closed by invalid user debian 179.60.147.69 port 36768 [preauth]","@timestamp":"2022-09-16T03:20:58.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:23:14 honeypot-ams-1 sshd[29398]: Connection closed by invalid user debian 179.60.147.69 port 34456 [preauth]","@timestamp":"2022-09-16T03:23:15.231Z"}
{"@timestamp":"2022-09-16T03:23:59.623Z","@version":"1","message":"Sep 16 03:23:58 honeypot-sgp-1 sshd[23372]: Invalid user admin from 92.255.85.69 port 36518","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:29:08 honeypot-ams-1 sshd[29404]: Disconnected from authenticating user root 209.97.146.150 port 33637 [preauth]","@timestamp":"2022-09-16T03:29:08.397Z"}
{"@timestamp":"2022-09-16T03:31:33.811Z","@version":"1","message":"Sep 16 03:31:33 honeypot-sgp-1 sshd[23378]: Received disconnect from 206.81.15.128 port 53848:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:35:04 honeypot-ams-1 kernel: [84175886.489505] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.20.104.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=55620 PROTO=TCP SPT=62658 DPT=80 WINDOW=18854 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:35:05.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:39:02 honeypot-fra-1 kernel: [84173957.937076] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.89 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36864 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:39:03.676Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T03:39:04.999Z","@version":"1","message":"Sep 16 03:39:04 honeypot-sgp-1 kernel: [84175650.558311] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.143 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36796 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:31 honeypot-fra-1 sshd[20255]: Invalid user user from 45.61.186.169 port 51286","@timestamp":"2022-09-16T03:42:31.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:48 honeypot-fra-1 sshd[20259]: Invalid user user from 45.61.186.169 port 46094","@timestamp":"2022-09-16T03:42:48.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:04 honeypot-fra-1 sshd[20264]: Invalid user user from 45.61.186.169 port 40908","@timestamp":"2022-09-16T03:43:05.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:20 honeypot-fra-1 sshd[20268]: Invalid user user from 45.61.186.169 port 35718","@timestamp":"2022-09-16T03:43:20.798Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:44:03.125Z","@version":"1","message":"Sep 16 03:44:02 honeypot-sgp-1 kernel: [84175949.149961] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.19 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=50239 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:45:31 honeypot-ams-1 sshd[29412]: Did not receive identification string from 80.76.51.46 port 59550","@timestamp":"2022-09-16T03:45:31.817Z"}
{"@timestamp":"2022-09-16T03:45:58.177Z","@version":"1","message":"Sep 16 03:45:57 honeypot-sgp-1 sshd[23395]: Received disconnect from 84.54.74.130 port 49866:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:45:59 honeypot-ams-1 sshd[29418]: Disconnected from authenticating user root 80.76.51.46 port 52804 [preauth]","@timestamp":"2022-09-16T03:45:59.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:29 honeypot-ams-1 sshd[29424]: Disconnected from authenticating user root 80.76.51.46 port 37870 [preauth]","@timestamp":"2022-09-16T03:46:29.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:00 honeypot-ams-1 sshd[29430]: Disconnected from authenticating user root 80.76.51.46 port 51238 [preauth]","@timestamp":"2022-09-16T03:47:00.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:33 honeypot-ams-1 sshd[29436]: Received disconnect from 80.76.51.46 port 36388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:47:33.883Z"}
{"@timestamp":"2022-09-16T03:48:15.238Z","@version":"1","message":"Sep 16 03:48:15 honeypot-sgp-1 sshd[23399]: Received disconnect from 138.2.245.103 port 34732:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:51:14.313Z","@version":"1","message":"Sep 16 03:51:13 honeypot-sgp-1 sshd[23404]: Received disconnect from 13.233.208.64 port 47182:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:52:28 honeypot-fra-1 sshd[20272]: Invalid user tomcat from 193.106.191.157 port 39484","@timestamp":"2022-09-16T03:52:29.001Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:57:02 honeypot-ams-1 sshd[29441]: Disconnected from authenticating user root 92.255.85.70 port 18576 [preauth]","@timestamp":"2022-09-16T03:57:03.122Z"}
{"@timestamp":"2022-09-16T03:57:07.463Z","@version":"1","message":"Sep 16 03:57:06 honeypot-sgp-1 sshd[23409]: Connection closed by invalid user support 179.60.147.69 port 37084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:58:21 honeypot-fra-1 sshd[20277]: Connection closed by invalid user support 179.60.147.69 port 59556 [preauth]","@timestamp":"2022-09-16T03:58:22.137Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:03:26.624Z","@version":"1","message":"Sep 16 04:03:25 honeypot-sgp-1 sshd[23414]: Disconnected from invalid user edoardo 159.89.173.162 port 33304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:05:07 honeypot-fra-1 kernel: [84175522.621195] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=28611 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:05:08.291Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:07:07 honeypot-ams-1 sshd[29446]: Invalid user htf from 125.209.85.186 port 51772","@timestamp":"2022-09-16T04:07:08.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:08:55 honeypot-ams-1 sshd[29451]: Connection closed by invalid user tomcat 193.106.191.157 port 50944 [preauth]","@timestamp":"2022-09-16T04:08:56.435Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:09:55 honeypot-fra-1 sshd[20288]: Received disconnect from 45.61.186.249 port 45834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:09:56.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:14 honeypot-fra-1 sshd[20292]: Received disconnect from 45.61.186.249 port 40450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:10:15.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:32 honeypot-fra-1 sshd[20296]: Received disconnect from 45.61.186.249 port 35064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:10:32.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:11:35 honeypot-fra-1 kernel: [84175910.183726] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=44343 PROTO=TCP SPT=45860 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:11:35.447Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:13:08 honeypot-ams-1 kernel: [84178170.451436] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.54.184.91 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=14138 PROTO=TCP SPT=38791 DPT=80 WINDOW=227 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:13:09.547Z"}
{"@timestamp":"2022-09-16T04:14:30.909Z","@version":"1","message":"Sep 16 04:14:29 honeypot-sgp-1 sshd[23420]: Received disconnect from 61.177.173.51 port 27648:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:39.969Z","@version":"1","message":"Sep 16 04:16:39 honeypot-sgp-1 sshd[23426]: Invalid user user from 45.61.184.204 port 45634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:58.977Z","@version":"1","message":"Sep 16 04:16:58 honeypot-sgp-1 sshd[23430]: Invalid user user from 45.61.184.204 port 41166","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:08.984Z","@version":"1","message":"Sep 16 04:17:08 honeypot-sgp-1 sshd[23435]: Received disconnect from 45.61.184.204 port 53080:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:25.993Z","@version":"1","message":"Sep 16 04:17:25 honeypot-sgp-1 sshd[23440]: Received disconnect from 45.61.184.204 port 48574:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:18:57 honeypot-ams-1 sshd[29461]: Did not receive identification string from 45.61.184.204 port 46900","@timestamp":"2022-09-16T04:18:58.700Z"}
{"@timestamp":"2022-09-16T04:19:20.044Z","@version":"1","message":"Sep 16 04:19:19 honeypot-sgp-1 sshd[23444]: Disconnected from authenticating user root 61.177.172.124 port 48048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:26 honeypot-ams-1 sshd[29464]: Disconnected from invalid user user 45.61.184.204 port 39576 [preauth]","@timestamp":"2022-09-16T04:19:26.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:44 honeypot-ams-1 sshd[29468]: Disconnected from invalid user user 45.61.184.204 port 34522 [preauth]","@timestamp":"2022-09-16T04:19:44.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:20:01 honeypot-ams-1 sshd[29472]: Disconnected from invalid user user 45.61.184.204 port 57750 [preauth]","@timestamp":"2022-09-16T04:20:01.734Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:20:34 honeypot-fra-1 sshd[20308]: Invalid user kennedy from 37.59.120.179 port 50924","@timestamp":"2022-09-16T04:20:35.652Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:21:06 honeypot-ams-1 sshd[29479]: Invalid user admin from 92.255.85.69 port 43934","@timestamp":"2022-09-16T04:21:07.768Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:22:59 honeypot-fra-1 kernel: [84176594.811979] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=39201 PROTO=TCP SPT=46528 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:23:00.710Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:25:19.198Z","@version":"1","message":"Sep 16 04:25:18 honeypot-sgp-1 sshd[23451]: Connection closed by 61.115.72.251 port 59559 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:25:22 honeypot-ams-1 sshd[29483]: Received disconnect from 61.177.173.51 port 38629:11:  [preauth]","@timestamp":"2022-09-16T04:25:22.881Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:30:25 honeypot-fra-1 kernel: [84177040.451556] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.66.83.53 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=46590 PROTO=TCP SPT=46450 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:30:25.894Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:33:20.403Z","@version":"1","message":"Sep 16 04:33:19 honeypot-sgp-1 sshd[23458]: Received disconnect from 61.177.173.51 port 53485:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:34:14 honeypot-ams-1 sshd[29489]: Disconnected from authenticating user root 61.177.173.36 port 28981 [preauth]","@timestamp":"2022-09-16T04:34:15.111Z"}
{"@timestamp":"2022-09-16T04:35:28.461Z","@version":"1","message":"Sep 16 04:35:27 honeypot-sgp-1 sshd[23462]: Connection closed by invalid user blank 179.60.147.69 port 17222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:38:50 honeypot-ams-1 sshd[29927]: Connection closed by invalid user blank 179.60.147.69 port 32012 [preauth]","@timestamp":"2022-09-16T04:38:51.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:39:31 honeypot-fra-1 sshd[20321]: Invalid user support from 87.245.17.229 port 43525","@timestamp":"2022-09-16T04:39:32.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:44:27 honeypot-ams-1 sshd[29935]: Invalid user administrator from 92.255.85.69 port 16098","@timestamp":"2022-09-16T04:44:27.381Z"}
{"@timestamp":"2022-09-16T04:45:17.712Z","@version":"1","message":"Sep 16 04:45:16 honeypot-sgp-1 sshd[23468]: Received disconnect from 23.83.239.130 port 48040:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:46:26.743Z","@version":"1","message":"Sep 16 04:46:26 honeypot-sgp-1 sshd[23474]: Invalid user  from 64.62.197.47 port 33746","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:47:26.770Z","@version":"1","message":"Sep 16 04:47:26 honeypot-sgp-1 sshd[23478]: Disconnected from authenticating user root 46.101.169.25 port 43248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:48:42 honeypot-fra-1 kernel: [84178137.813073] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42260 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:48:43.311Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:51:50 honeypot-fra-1 sshd[20767]: Disconnected from invalid user administrator 92.255.85.70 port 51068 [preauth]","@timestamp":"2022-09-16T04:51:51.384Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:52:12.893Z","@version":"1","message":"Sep 16 04:52:12 honeypot-sgp-1 sshd[23485]: Received disconnect from 61.177.173.49 port 16736:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:52:33.904Z","@version":"1","message":"Sep 16 04:52:33 honeypot-sgp-1 sshd[23489]: Connection closed by 100.20.101.213 port 58308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:54:26 honeypot-fra-1 sshd[20771]: Invalid user murai1 from 68.183.156.109 port 33554","@timestamp":"2022-09-16T04:54:27.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:55:58 honeypot-fra-1 sshd[20775]: Received disconnect from 103.160.24.2 port 40244:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:55:58.483Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:56:36.008Z","@version":"1","message":"Sep 16 04:56:35 honeypot-sgp-1 sshd[23500]: Received disconnect from 218.10.34.1 port 35746:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:57:17 honeypot-fra-1 sshd[20780]: Disconnected from invalid user admin 85.237.57.193 port 35110 [preauth]","@timestamp":"2022-09-16T04:57:17.515Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:57:42 honeypot-ams-1 kernel: [84180844.536529] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33760 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:57:43.719Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:00:42 honeypot-fra-1 sshd[20786]: Invalid user  from 64.62.197.227 port 64892","@timestamp":"2022-09-16T05:00:42.596Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:00:56.120Z","@version":"1","message":"Sep 16 05:00:55 honeypot-sgp-1 sshd[23504]: Disconnected from authenticating user root 61.177.173.36 port 23956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:02:27 honeypot-fra-1 sshd[20791]: Disconnected from invalid user admin 206.189.213.126 port 48392 [preauth]","@timestamp":"2022-09-16T05:02:27.639Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:06:35.262Z","@version":"1","message":"Sep 16 05:06:34 honeypot-sgp-1 sshd[23511]: Disconnected from authenticating user root 208.109.32.171 port 43466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:06:53 honeypot-ams-1 sshd[29954]: Received disconnect from 61.177.173.52 port 57780:11:  [preauth]","@timestamp":"2022-09-16T05:06:53.958Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:10:17 honeypot-fra-1 kernel: [84179432.296076] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=60852 PROTO=TCP SPT=42789 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:10:17.819Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:14:07 honeypot-fra-1 sshd[20802]: Disconnected from invalid user admin 201.63.97.218 port 38054 [preauth]","@timestamp":"2022-09-16T05:14:07.910Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:15:07 honeypot-ams-1 sshd[29965]: Connection closed by authenticating user nobody 179.60.147.69 port 15518 [preauth]","@timestamp":"2022-09-16T05:15:08.170Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:17:01 honeypot-fra-1 CRON[20809]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T05:17:01.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:17:02.524Z","@version":"1","message":"Sep 16 05:17:01 honeypot-sgp-1 CRON[23522]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:21:57.651Z","@version":"1","message":"Sep 16 05:21:56 honeypot-sgp-1 sshd[23530]: Invalid user ubuntu from 92.255.85.70 port 52382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:22:13 honeypot-ams-1 sshd[29973]: Received disconnect from 61.177.173.37 port 45487:11:  [preauth]","@timestamp":"2022-09-16T05:22:13.353Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:22:52 honeypot-fra-1 sshd[20815]: Received disconnect from 134.17.95.120 port 57082:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:22:53.113Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:28:03.804Z","@version":"1","message":"Sep 16 05:28:03 honeypot-sgp-1 kernel: [84182190.001243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=194.163.175.129 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=57824 PROTO=TCP SPT=48461 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:29:58 honeypot-fra-1 sshd[20820]: Connection closed by invalid user admin 222.117.123.95 port 51696 [preauth]","@timestamp":"2022-09-16T05:29:59.276Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:30:26 honeypot-ams-1 kernel: [84182808.349801] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=62385 PROTO=TCP SPT=46202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:30:27.565Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:32:18 honeypot-ams-1 sshd[29982]: Disconnected from authenticating user root 61.177.173.47 port 32489 [preauth]","@timestamp":"2022-09-16T05:32:19.615Z"}
{"@timestamp":"2022-09-16T05:33:07.933Z","@version":"1","message":"Sep 16 05:33:07 honeypot-sgp-1 sshd[23543]: Received disconnect from 193.142.146.50 port 36752:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:33:46.952Z","@version":"1","message":"Sep 16 05:33:46 honeypot-sgp-1 sshd[23549]: Received disconnect from 193.142.146.50 port 56900:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:35:21.994Z","@version":"1","message":"Sep 16 05:35:21 honeypot-sgp-1 sshd[23553]: Disconnected from authenticating user root 193.142.146.50 port 48816 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:37:37.053Z","@version":"1","message":"Sep 16 05:37:37 honeypot-sgp-1 sshd[23560]: Disconnected from authenticating user root 193.142.146.50 port 60880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:38:44 honeypot-fra-1 sshd[20825]: Received disconnect from 165.22.45.108 port 59388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T05:38:44.474Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:38:59.090Z","@version":"1","message":"Sep 16 05:38:58 honeypot-sgp-1 sshd[23564]: Disconnected from invalid user admin 193.142.146.50 port 52796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:41:27 honeypot-fra-1 kernel: [84181302.448585] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37651 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:41:28.539Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:42:54 honeypot-ams-1 sshd[29990]: Received disconnect from 61.177.173.46 port 19831:11:  [preauth]","@timestamp":"2022-09-16T05:42:54.889Z"}
{"@timestamp":"2022-09-16T05:44:10.221Z","@version":"1","message":"Sep 16 05:44:10 honeypot-sgp-1 sshd[23572]: Disconnected from 61.177.172.104 port 28961 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:46:33 honeypot-ams-1 sshd[29996]: Did not receive identification string from 45.61.187.160 port 42962","@timestamp":"2022-09-16T05:46:33.985Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:46:46 honeypot-fra-1 sshd[20834]: Disconnected from authenticating user root 221.195.80.203 port 42966 [preauth]","@timestamp":"2022-09-16T05:46:47.665Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:46:55 honeypot-ams-1 sshd[29999]: Received disconnect from 45.61.187.160 port 44640:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T05:46:55.997Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:14 honeypot-ams-1 sshd[30005]: Received disconnect from 45.61.187.160 port 39080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T05:47:15.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:32 honeypot-ams-1 sshd[30009]: Received disconnect from 45.61.187.160 port 33514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T05:47:33.017Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:51:47 honeypot-ams-1 sshd[30017]: Connection closed by invalid user ubnt 179.60.147.69 port 5518 [preauth]","@timestamp":"2022-09-16T05:51:48.126Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:55:14 honeypot-fra-1 kernel: [84182129.330876] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.144.216 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3868 PROTO=TCP SPT=60000 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:55:14.857Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T06:03:42.696Z","@version":"1","message":"Sep 16 06:03:42 honeypot-sgp-1 kernel: [84184328.227206] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=27026 PROTO=TCP SPT=59555 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:03:50 honeypot-fra-1 sshd[20846]: Disconnected from invalid user ws 189.195.123.28 port 47139 [preauth]","@timestamp":"2022-09-16T06:03:51.052Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:05:18 honeypot-ams-1 kernel: [84184899.862380] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=56292 PROTO=TCP SPT=43691 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:05:18.471Z"}
{"@timestamp":"2022-09-16T06:08:53.828Z","@version":"1","message":"Sep 16 06:08:53 honeypot-sgp-1 sshd[23588]: Received disconnect from 92.255.85.69 port 39260:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:11:50 honeypot-fra-1 sshd[20853]: Invalid user rr from 121.6.175.44 port 59568","@timestamp":"2022-09-16T06:11:51.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:13:14 honeypot-fra-1 sshd[20855]: Disconnected from invalid user admin 147.182.235.17 port 38194 [preauth]","@timestamp":"2022-09-16T06:13:15.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:15:37 honeypot-ams-1 sshd[30034]: Disconnected from authenticating user root 61.177.173.36 port 39017 [preauth]","@timestamp":"2022-09-16T06:15:37.752Z"}
{"@timestamp":"2022-09-16T06:17:02.032Z","@version":"1","message":"Sep 16 06:17:01 honeypot-sgp-1 CRON[23595]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:21:02 honeypot-ams-1 sshd[30042]: Received disconnect from 61.177.172.19 port 49191:11:  [preauth]","@timestamp":"2022-09-16T06:21:03.895Z"}
{"@timestamp":"2022-09-16T06:24:48.228Z","@version":"1","message":"Sep 16 06:24:47 honeypot-sgp-1 sshd[23602]: Connection closed by invalid user test 179.60.147.69 port 12478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:07 honeypot-fra-1 CRON[20862]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T06:25:08.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:56 honeypot-fra-1 sshd[20997]: Invalid user test from 179.60.147.69 port 4494","@timestamp":"2022-09-16T06:25:57.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:28:09 honeypot-ams-1 sshd[30835]: Connection closed by invalid user test 179.60.147.69 port 63146 [preauth]","@timestamp":"2022-09-16T06:28:10.103Z"}
{"@timestamp":"2022-09-16T06:28:41.349Z","@version":"1","message":"Sep 16 06:28:40 honeypot-sgp-1 sshd[23758]: Disconnected from authenticating user root 38.143.137.90 port 49268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:29:39.375Z","@version":"1","message":"Sep 16 06:29:39 honeypot-sgp-1 sshd[23762]: Disconnected from invalid user user 38.143.137.90 port 19628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:30:38.403Z","@version":"1","message":"Sep 16 06:30:38 honeypot-sgp-1 sshd[23766]: Received disconnect from 38.143.137.90 port 35944:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:09 honeypot-ams-1 sshd[30841]: Disconnected from authenticating user root 80.76.51.46 port 46900 [preauth]","@timestamp":"2022-09-16T06:31:10.184Z"}
{"@timestamp":"2022-09-16T06:31:37.429Z","@version":"1","message":"Sep 16 06:31:36 honeypot-sgp-1 sshd[24306]: Received disconnect from 38.143.137.90 port 8620:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:38 honeypot-ams-1 sshd[30847]: Disconnected from authenticating user root 80.76.51.46 port 58678 [preauth]","@timestamp":"2022-09-16T06:31:39.199Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:57 honeypot-ams-1 sshd[30853]: Disconnected from authenticating user root 80.76.51.46 port 38360 [preauth]","@timestamp":"2022-09-16T06:31:58.209Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:32:26 honeypot-ams-1 kernel: [84186527.704971] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27672 PROTO=TCP SPT=46409 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:32:26.225Z"}
{"@timestamp":"2022-09-16T06:32:29.452Z","@version":"1","message":"Sep 16 06:32:28 honeypot-sgp-1 sshd[24313]: Disconnected from authenticating user root 92.255.85.70 port 20148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:49 honeypot-ams-1 sshd[30863]: Disconnected from authenticating user root 80.76.51.46 port 58162 [preauth]","@timestamp":"2022-09-16T06:32:50.238Z"}
{"@timestamp":"2022-09-16T06:33:07.470Z","@version":"1","message":"Sep 16 06:33:07 honeypot-sgp-1 sshd[24317]: Disconnected from invalid user user 38.143.137.90 port 44844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:33:10 honeypot-ams-1 sshd[30868]: Disconnected from invalid user admin 80.76.51.46 port 37842 [preauth]","@timestamp":"2022-09-16T06:33:10.248Z"}
{"@timestamp":"2022-09-16T06:34:07.496Z","@version":"1","message":"Sep 16 06:34:07 honeypot-sgp-1 sshd[24322]: Disconnected from invalid user user 38.143.137.90 port 64484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:35:07.526Z","@version":"1","message":"Sep 16 06:35:07 honeypot-sgp-1 sshd[24327]: Disconnected from invalid user user 38.143.137.90 port 23374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:35:53 honeypot-fra-1 sshd[21620]: Invalid user guest from 193.106.191.157 port 52642","@timestamp":"2022-09-16T06:35:53.781Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:36:08.554Z","@version":"1","message":"Sep 16 06:36:08 honeypot-sgp-1 sshd[24331]: Disconnected from invalid user user 38.143.137.90 port 21214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:37:09.582Z","@version":"1","message":"Sep 16 06:37:09 honeypot-sgp-1 sshd[24335]: Disconnected from invalid user user 38.143.137.90 port 30118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:38:11.612Z","@version":"1","message":"Sep 16 06:38:10 honeypot-sgp-1 sshd[24339]: Disconnected from invalid user chia 38.143.137.90 port 32730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:39:13.641Z","@version":"1","message":"Sep 16 06:39:13 honeypot-sgp-1 sshd[24344]: Disconnected from authenticating user root 38.143.137.90 port 31496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:39:27 honeypot-ams-1 sshd[30875]: Received disconnect from 34.70.38.122 port 39654:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:39:27.410Z"}
{"@timestamp":"2022-09-16T06:40:17.670Z","@version":"1","message":"Sep 16 06:40:17 honeypot-sgp-1 sshd[24350]: Disconnected from invalid user yangbing 38.143.137.90 port 63008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:41:52.712Z","@version":"1","message":"Sep 16 06:41:52 honeypot-sgp-1 sshd[24356]: Received disconnect from 38.143.137.90 port 13344:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:42:11 honeypot-ams-1 sshd[30882]: Disconnected from authenticating user root 92.255.85.70 port 58784 [preauth]","@timestamp":"2022-09-16T06:42:11.481Z"}
{"@timestamp":"2022-09-16T06:42:24.727Z","@version":"1","message":"Sep 16 06:42:24 honeypot-sgp-1 sshd[24360]: Disconnected from invalid user liuxing 38.143.137.90 port 16682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:44:02.769Z","@version":"1","message":"Sep 16 06:44:02 honeypot-sgp-1 sshd[24366]: Received disconnect from 38.143.137.90 port 23710:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:45:07.798Z","@version":"1","message":"Sep 16 06:45:07 honeypot-sgp-1 sshd[24371]: Disconnected from invalid user bestlol 38.143.137.90 port 49922 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:45:58.822Z","@version":"1","message":"Sep 16 06:45:58 honeypot-sgp-1 sshd[24375]: Disconnected from invalid user admin 43.155.83.218 port 44052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:47:15.858Z","@version":"1","message":"Sep 16 06:47:15 honeypot-sgp-1 sshd[24381]: Disconnected from authenticating user root 38.143.137.90 port 49124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:48:53.904Z","@version":"1","message":"Sep 16 06:48:52 honeypot-sgp-1 sshd[24387]: Received disconnect from 38.143.137.90 port 7546:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:49:29.921Z","@version":"1","message":"Sep 16 06:49:29 honeypot-sgp-1 sshd[24392]: Disconnected from invalid user murka 190.115.208.250 port 38474 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:50:34.952Z","@version":"1","message":"Sep 16 06:50:34 honeypot-sgp-1 sshd[24399]: Received disconnect from 38.143.137.90 port 9942:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:51:03 honeypot-fra-1 kernel: [84185478.603045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36996 PROTO=TCP SPT=50480 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:51:04.141Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T06:51:43.985Z","@version":"1","message":"Sep 16 06:51:43 honeypot-sgp-1 sshd[24403]: Received disconnect from 38.143.137.90 port 7764:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:52:27 honeypot-ams-1 kernel: [84187729.562359] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.149.137.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=40 ID=48693 PROTO=TCP SPT=33853 DPT=443 WINDOW=17348 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:52:28.743Z"}
{"@timestamp":"2022-09-16T06:53:23.029Z","@version":"1","message":"Sep 16 06:53:22 honeypot-sgp-1 sshd[24409]: Invalid user zkti from 38.143.137.90 port 8682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21640]: Connection closed by invalid user ansible 101.33.218.153 port 36307 [preauth]","@timestamp":"2022-09-16T06:53:54.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:54 honeypot-fra-1 sshd[21641]: Connection closed by invalid user dev 101.33.218.153 port 36263 [preauth]","@timestamp":"2022-09-16T06:53:54.208Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:54:29.076Z","@version":"1","message":"Sep 16 06:54:28 honeypot-sgp-1 sshd[24413]: Received disconnect from 38.143.137.90 port 8006:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:09.120Z","@version":"1","message":"Sep 16 06:56:08 honeypot-sgp-1 sshd[24420]: Invalid user admin from 38.143.137.90 port 14094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:25.129Z","@version":"1","message":"Sep 16 06:56:24 honeypot-sgp-1 kernel: [84187491.037317] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=41226 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:57:00.146Z","@version":"1","message":"Sep 16 06:56:59 honeypot-sgp-1 sshd[24428]: Disconnected from authenticating user root 210.16.201.131 port 42210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:57:51.170Z","@version":"1","message":"Sep 16 06:57:50 honeypot-sgp-1 sshd[24432]: Disconnected from invalid user lk 38.143.137.90 port 59306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:58:26 honeypot-ams-1 sshd[30897]: Received disconnect from 61.177.173.36 port 17231:11:  [preauth]","@timestamp":"2022-09-16T06:58:26.898Z"}
{"@timestamp":"2022-09-16T06:58:58.202Z","@version":"1","message":"Sep 16 06:58:58 honeypot-sgp-1 sshd[24439]: Disconnected from authenticating user root 38.143.137.90 port 47060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:00:07.235Z","@version":"1","message":"Sep 16 07:00:06 honeypot-sgp-1 sshd[24445]: Disconnected from invalid user admin 38.143.137.90 port 22708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:01:04.263Z","@version":"1","message":"Sep 16 07:01:03 honeypot-sgp-1 sshd[24451]: Connection closed by invalid user admin 179.60.147.69 port 28170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:02:21.297Z","@version":"1","message":"Sep 16 07:02:20 honeypot-sgp-1 sshd[24457]: Disconnected from authenticating user root 38.143.137.90 port 39884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:03:25 honeypot-ams-1 kernel: [84188387.157873] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.166.255.48 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=8117 PROTO=TCP SPT=51684 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:03:26.026Z"}
{"@timestamp":"2022-09-16T07:04:03.343Z","@version":"1","message":"Sep 16 07:04:03 honeypot-sgp-1 sshd[24464]: Invalid user data from 38.143.137.90 port 61686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:05:10.372Z","@version":"1","message":"Sep 16 07:05:09 honeypot-sgp-1 sshd[24470]: Disconnected from authenticating user root 38.143.137.90 port 17746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:05:34 honeypot-ams-1 sshd[30912]: Received disconnect from 92.255.85.69 port 26420:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:05:35.083Z"}
{"@timestamp":"2022-09-16T07:06:51.417Z","@version":"1","message":"Sep 16 07:06:50 honeypot-sgp-1 sshd[24476]: Received disconnect from 38.143.137.90 port 29694:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:07:57.448Z","@version":"1","message":"Sep 16 07:07:56 honeypot-sgp-1 sshd[24480]: Disconnected from invalid user xdp 38.143.137.90 port 19738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:08:04 honeypot-fra-1 sshd[21670]: Invalid user admin from 59.126.178.69 port 48532","@timestamp":"2022-09-16T07:08:05.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:09:04.478Z","@version":"1","message":"Sep 16 07:09:03 honeypot-sgp-1 sshd[24485]: Disconnected from invalid user xdp 38.143.137.90 port 20740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:10:41.519Z","@version":"1","message":"Sep 16 07:10:40 honeypot-sgp-1 sshd[24494]: Disconnected from 61.177.173.48 port 53144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:11:44 honeypot-ams-1 kernel: [84188886.339672] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.200 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56317 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:11:45.249Z"}
{"@timestamp":"2022-09-16T07:11:49.550Z","@version":"1","message":"Sep 16 07:11:48 honeypot-sgp-1 sshd[24501]: Received disconnect from 38.143.137.90 port 7650:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:12:30 honeypot-ams-1 sshd[30921]: Disconnected from authenticating user root 61.177.173.36 port 59178 [preauth]","@timestamp":"2022-09-16T07:12:31.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:12:36 honeypot-fra-1 sshd[21674]: Disconnected from authenticating user root 84.2.226.70 port 34592 [preauth]","@timestamp":"2022-09-16T07:12:36.657Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:12:55.579Z","@version":"1","message":"Sep 16 07:12:55 honeypot-sgp-1 sshd[24505]: Disconnected from invalid user dell 38.143.137.90 port 32852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:14:01.609Z","@version":"1","message":"Sep 16 07:14:01 honeypot-sgp-1 sshd[24509]: Disconnected from invalid user Chaolei1984 38.143.137.90 port 15056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:15:39.653Z","@version":"1","message":"Sep 16 07:15:39 honeypot-sgp-1 sshd[24519]: Received disconnect from 38.143.137.90 port 19902:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:17:01 honeypot-ams-1 CRON[30929]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T07:17:02.396Z"}
{"@timestamp":"2022-09-16T07:17:02.689Z","@version":"1","message":"Sep 16 07:17:02 honeypot-sgp-1 CRON[24525]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:17:53.712Z","@version":"1","message":"Sep 16 07:17:53 honeypot-sgp-1 sshd[24531]: Received disconnect from 38.143.137.90 port 64654:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:18:42.734Z","@version":"1","message":"Sep 16 07:18:42 honeypot-sgp-1 kernel: [84188828.730166] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.125 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48058 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:19:44 honeypot-fra-1 kernel: [84187198.956871] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.7.168.115 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=25770 DF PROTO=TCP SPT=54173 DPT=5432 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:19:44.820Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T07:20:05.771Z","@version":"1","message":"Sep 16 07:20:05 honeypot-sgp-1 kernel: [84188911.618180] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.25.186.58 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58885 PROTO=TCP SPT=50318 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:20:15.776Z","@version":"1","message":"Sep 16 07:20:15 honeypot-sgp-1 sshd[24545]: Disconnected from invalid user 123 92.255.85.69 port 39778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:21:44.816Z","@version":"1","message":"Sep 16 07:21:43 honeypot-sgp-1 sshd[24552]: Received disconnect from 38.143.137.90 port 58700:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:22:40 honeypot-ams-1 kernel: [84189542.527460] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37724 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:22:41.545Z"}
{"@timestamp":"2022-09-16T07:22:50.844Z","@version":"1","message":"Sep 16 07:22:50 honeypot-sgp-1 sshd[24556]: Disconnected from invalid user ysxk 38.143.137.90 port 8512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:23:59.876Z","@version":"1","message":"Sep 16 07:23:59 honeypot-sgp-1 sshd[24562]: Disconnected from authenticating user root 38.143.137.90 port 21746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:24:37 honeypot-fra-1 kernel: [84187492.281521] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=48207 PROTO=TCP SPT=41841 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:24:37.933Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T07:24:54.902Z","@version":"1","message":"Sep 16 07:24:54 honeypot-sgp-1 sshd[24568]: Disconnected from authenticating user root 61.177.172.124 port 18150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:28:05 honeypot-ams-1 sshd[30959]: Disconnected from authenticating user root 195.29.51.137 port 37114 [preauth]","@timestamp":"2022-09-16T07:28:05.684Z"}
{"@timestamp":"2022-09-16T07:33:15.109Z","@version":"1","message":"Sep 16 07:33:14 honeypot-sgp-1 sshd[24575]: Invalid user cooper from 52.172.225.142 port 58532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:36:25 honeypot-fra-1 sshd[21691]: Invalid user 123 from 92.255.85.70 port 51812","@timestamp":"2022-09-16T07:36:25.263Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:38:15.231Z","@version":"1","message":"Sep 16 07:38:14 honeypot-sgp-1 sshd[24580]: Received disconnect from 61.177.172.108 port 51508:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:39:21 honeypot-fra-1 sshd[21695]: Invalid user ubnt from 43.155.86.244 port 49274","@timestamp":"2022-09-16T07:39:21.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:40:14 honeypot-fra-1 sshd[21700]: Connection closed by invalid user david 141.98.10.158 port 50738 [preauth]","@timestamp":"2022-09-16T07:40:15.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:31 honeypot-ams-1 sshd[16210]: Disconnected from invalid user user 45.61.186.169 port 34800 [preauth]","@timestamp":"2022-09-13T18:36:32.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:48 honeypot-ams-1 sshd[16214]: Disconnected from invalid user user 45.61.186.169 port 59998 [preauth]","@timestamp":"2022-09-13T18:36:49.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:37:06 honeypot-ams-1 sshd[16218]: Received disconnect from 45.61.186.169 port 57002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:37:07.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:38:10 honeypot-fra-1 sshd[7023]: Invalid user ksh from 202.29.236.130 port 58488","@timestamp":"2022-09-13T18:38:10.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:25 honeypot-fra-1 sshd[7027]: Received disconnect from 200.7.168.217 port 36048:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:39:25.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:40 honeypot-fra-1 sshd[7031]: Disconnected from invalid user bonec 144.24.116.174 port 51244 [preauth]","@timestamp":"2022-09-13T18:39:40.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:40:26 honeypot-fra-1 sshd[7037]: Received disconnect from 167.172.144.144 port 60480:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:40:26.338Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T18:41:26.432Z","@version":"1","message":"Sep 13 18:41:25 honeypot-sgp-1 kernel: [83970595.463120] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=44.204.88.3 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=28426 PROTO=TCP SPT=54470 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:41:46 honeypot-fra-1 sshd[7042]: Received disconnect from 157.245.122.58 port 45224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:41:47.371Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:42:52 honeypot-ams-1 sshd[16224]: Disconnected from authenticating user root 92.255.85.69 port 49258 [preauth]","@timestamp":"2022-09-13T18:42:52.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:43:46 honeypot-fra-1 sshd[7046]: Received disconnect from 157.245.122.58 port 44066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:43:47.440Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:45:20 honeypot-ams-1 sshd[16232]: Received disconnect from 80.76.51.189 port 55554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:45:21.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:45:38 honeypot-fra-1 sshd[7051]: Received disconnect from 157.245.122.58 port 42894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:45:38.483Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:46:49 honeypot-ams-1 sshd[16238]: Received disconnect from 80.76.51.189 port 58632:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:46:50.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:48:23 honeypot-ams-1 sshd[16245]: Received disconnect from 80.76.51.189 port 33476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:48:23.482Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:49:38 honeypot-ams-1 kernel: [83971562.029083] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56631 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:49:38.518Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:50:34 honeypot-ams-1 sshd[16255]: Received disconnect from 80.76.51.189 port 56396:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:50:34.546Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:51:40 honeypot-ams-1 sshd[16259]: Received disconnect from 80.76.51.189 port 39614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:51:40.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:52:37 honeypot-ams-1 sshd[16263]: Disconnected from authenticating user root 52.142.11.171 port 1024 [preauth]","@timestamp":"2022-09-13T18:52:38.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:53:19 honeypot-ams-1 sshd[16267]: Disconnected from invalid user ansible 80.76.51.189 port 42688 [preauth]","@timestamp":"2022-09-13T18:53:19.624Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:53:59 honeypot-fra-1 sshd[7056]: Invalid user ftp from 81.191.131.184 port 39981","@timestamp":"2022-09-13T18:54:00.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:55:03 honeypot-ams-1 sshd[16274]: Received disconnect from 80.76.51.189 port 45766:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:55:03.671Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:55:44 honeypot-fra-1 sshd[7060]: Disconnected from invalid user test_user 82.196.7.111 port 42162 [preauth]","@timestamp":"2022-09-13T18:55:44.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:56:16 honeypot-ams-1 sshd[16278]: Invalid user postgres from 80.76.51.189 port 57216","@timestamp":"2022-09-13T18:56:16.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:57:29 honeypot-ams-1 sshd[16282]: Disconnected from authenticating user root 80.76.51.189 port 40444 [preauth]","@timestamp":"2022-09-13T18:57:29.740Z"}
{"@timestamp":"2022-09-13T18:58:48.843Z","@version":"1","message":"Sep 13 18:58:48 honeypot-sgp-1 sshd[11289]: Disconnected from authenticating user root 92.255.85.69 port 36454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:58:53 honeypot-ams-1 sshd[16288]: Invalid user astr from 202.53.1.114 port 38954","@timestamp":"2022-09-13T18:58:53.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:59:13 honeypot-fra-1 sshd[7065]: Disconnected from invalid user admin 94.69.226.48 port 47688 [preauth]","@timestamp":"2022-09-13T18:59:13.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:02:28 honeypot-fra-1 sshd[7071]: Disconnected from authenticating user root 92.255.85.70 port 57762 [preauth]","@timestamp":"2022-09-13T19:02:28.870Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:03:20 honeypot-ams-1 sshd[16293]: Disconnected from authenticating user root 92.255.85.69 port 49576 [preauth]","@timestamp":"2022-09-13T19:03:20.895Z"}
{"@timestamp":"2022-09-13T19:09:07.087Z","@version":"1","message":"Sep 13 19:09:07 honeypot-sgp-1 sshd[11295]: Disconnected from invalid user monitor 45.119.9.158 port 45344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:09:17 honeypot-ams-1 sshd[16296]: Connection closed by invalid user blank 179.60.147.69 port 45984 [preauth]","@timestamp":"2022-09-13T19:09:18.053Z"}
{"@timestamp":"2022-09-13T19:13:52.201Z","@version":"1","message":"Sep 13 19:13:51 honeypot-sgp-1 kernel: [83972540.920308] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=43811 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:15:06 honeypot-fra-1 sshd[7079]: Invalid user ksb from 165.22.45.108 port 45446","@timestamp":"2022-09-13T19:15:07.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:15:17 honeypot-ams-1 sshd[16301]: Disconnected from authenticating user root 103.153.175.18 port 59532 [preauth]","@timestamp":"2022-09-13T19:15:18.226Z"}
{"@timestamp":"2022-09-13T19:17:02.277Z","@version":"1","message":"Sep 13 19:17:01 honeypot-sgp-1 CRON[11305]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:20:18 honeypot-ams-1 sshd[16308]: Disconnected from authenticating user root 157.245.122.58 port 45882 [preauth]","@timestamp":"2022-09-13T19:20:19.357Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:20:23 honeypot-fra-1 sshd[7086]: Invalid user horia from 180.167.207.234 port 49497","@timestamp":"2022-09-13T19:20:24.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:21:23 honeypot-ams-1 sshd[16314]: Received disconnect from 73.204.6.32 port 48594:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:21:23.390Z"}
{"@timestamp":"2022-09-13T19:21:40.388Z","@version":"1","message":"Sep 13 19:21:39 honeypot-sgp-1 sshd[11310]: Disconnected from authenticating user root 92.255.85.69 port 30516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:22:48 honeypot-ams-1 kernel: [83973551.819846] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.168.28.81 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=26844 DF PROTO=TCP SPT=59194 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:22:48.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:23:59 honeypot-ams-1 sshd[16320]: Did not receive identification string from 45.61.186.169 port 58998","@timestamp":"2022-09-13T19:23:59.464Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:34 honeypot-ams-1 sshd[16323]: Disconnected from invalid user user 45.61.186.169 port 39410 [preauth]","@timestamp":"2022-09-13T19:24:34.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:51 honeypot-ams-1 sshd[16327]: Disconnected from invalid user user 45.61.186.169 port 33524 [preauth]","@timestamp":"2022-09-13T19:24:52.492Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:08 honeypot-ams-1 sshd[16331]: Disconnected from invalid user user 45.61.186.169 port 55866 [preauth]","@timestamp":"2022-09-13T19:25:08.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:16 honeypot-ams-1 sshd[16335]: Disconnected from invalid user user 45.61.186.169 port 38800 [preauth]","@timestamp":"2022-09-13T19:25:16.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:25:32 honeypot-fra-1 kernel: [83971554.744068] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.230.103.243 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=36994 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:25:32.386Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:50 honeypot-ams-1 sshd[16340]: Received disconnect from 92.255.85.69 port 60054:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:25:50.523Z"}
{"@timestamp":"2022-09-13T19:26:35.507Z","@version":"1","message":"Sep 13 19:26:35 honeypot-sgp-1 sshd[11315]: Invalid user admin from 167.99.68.65 port 52034","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:27:00 honeypot-ams-1 sshd[16344]: Invalid user cypress from 157.245.122.58 port 55930","@timestamp":"2022-09-13T19:27:00.558Z"}
{"@timestamp":"2022-09-13T19:28:15.547Z","@version":"1","message":"Sep 13 19:28:15 honeypot-sgp-1 sshd[11319]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 38006: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:37:16 honeypot-fra-1 kernel: [83972259.308650] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:37:16.648Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T19:39:54.840Z","@version":"1","message":"Sep 13 19:39:54 honeypot-sgp-1 sshd[11325]: Did not receive identification string from 45.61.186.49 port 43482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:40:08.847Z","@version":"1","message":"Sep 13 19:40:08 honeypot-sgp-1 sshd[11328]: Disconnected from invalid user user 45.61.186.49 port 45254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:40:12 honeypot-fra-1 sshd[7100]: Connection closed by invalid user admin 141.98.10.158 port 50190 [preauth]","@timestamp":"2022-09-13T19:40:12.714Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:40:18.852Z","@version":"1","message":"Sep 13 19:40:17 honeypot-sgp-1 sshd[11332]: Disconnected from invalid user user 45.61.186.49 port 56908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:43:56 honeypot-fra-1 sshd[7106]: Connection closed by invalid user guest 179.60.147.69 port 54994 [preauth]","@timestamp":"2022-09-13T19:43:56.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:45:13 honeypot-ams-1 kernel: [83974896.789551] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=47206 PROTO=TCP SPT=46095 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:45:14.034Z"}
{"@timestamp":"2022-09-13T19:45:23.972Z","@version":"1","message":"Sep 13 19:45:23 honeypot-sgp-1 kernel: [83974433.343866] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=46975 PROTO=TCP SPT=58305 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:46:08 honeypot-fra-1 sshd[7111]: Disconnected from authenticating user root 92.255.85.69 port 51820 [preauth]","@timestamp":"2022-09-13T19:46:09.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:50:04 honeypot-ams-1 sshd[16350]: Disconnected from authenticating user root 92.255.85.69 port 29980 [preauth]","@timestamp":"2022-09-13T19:50:05.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:53:29 honeypot-fra-1 kernel: [83973232.273362] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=4217 PROTO=TCP SPT=58753 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:53:30.022Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:53:50 honeypot-ams-1 kernel: [83975414.557460] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26176 DF PROTO=TCP SPT=44220 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:53:51.278Z"}
{"@timestamp":"2022-09-13T19:54:27.187Z","@version":"1","message":"Sep 13 19:54:26 honeypot-sgp-1 kernel: [83974976.439119] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=47810 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:57:29 honeypot-fra-1 kernel: [83973472.372337] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=14179 PROTO=TCP SPT=57637 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:57:30.116Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:00:05 honeypot-ams-1 kernel: [83975789.375362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53302 PROTO=TCP SPT=48512 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:00:06.433Z"}
{"@timestamp":"2022-09-13T20:01:37.359Z","@version":"1","message":"Sep 13 20:01:36 honeypot-sgp-1 sshd[11346]: Disconnected from invalid user oracle 46.101.141.155 port 34472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:01:44 honeypot-fra-1 kernel: [83973727.066787] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.156.155.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19186 PROTO=TCP SPT=53102 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:01:45.218Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:03:48 honeypot-ams-1 sshd[16362]: Disconnected from invalid user admin 85.31.46.45 port 46674 [preauth]","@timestamp":"2022-09-13T20:03:48.528Z"}
{"@timestamp":"2022-09-13T20:04:03.420Z","@version":"1","message":"Sep 13 20:04:02 honeypot-sgp-1 sshd[11351]: Received disconnect from 45.61.186.169 port 37802:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:11.425Z","@version":"1","message":"Sep 13 20:04:11 honeypot-sgp-1 sshd[11355]: Disconnected from invalid user user 45.61.186.169 port 49380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:28.433Z","@version":"1","message":"Sep 13 20:04:27 honeypot-sgp-1 sshd[11359]: Disconnected from invalid user user 45.61.186.169 port 44222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:36 honeypot-ams-1 sshd[16369]: Received disconnect from 85.31.46.45 port 47894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:04:36.552Z"}
{"@timestamp":"2022-09-13T20:04:44.441Z","@version":"1","message":"Sep 13 20:04:44 honeypot-sgp-1 sshd[11363]: Disconnected from invalid user user 45.61.186.169 port 39104 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:05:18 honeypot-ams-1 sshd[16375]: Received disconnect from 85.31.46.45 port 49178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:05:18.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:01 honeypot-ams-1 sshd[16381]: Received disconnect from 85.31.46.45 port 50466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:06:02.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:30 honeypot-ams-1 sshd[16386]: Invalid user git from 85.31.46.45 port 41764","@timestamp":"2022-09-13T20:06:30.612Z"}
{"@timestamp":"2022-09-13T20:09:53.564Z","@version":"1","message":"Sep 13 20:09:52 honeypot-sgp-1 kernel: [83975902.257116] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=16958 PROTO=TCP SPT=57637 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:10:39 honeypot-ams-1 sshd[16389]: Disconnected from invalid user user 167.99.220.160 port 48392 [preauth]","@timestamp":"2022-09-13T20:10:39.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:13:01 honeypot-fra-1 kernel: [83974404.187244] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=43067 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:13:02.471Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:15:11 honeypot-fra-1 sshd[7131]: Received disconnect from 164.92.183.3 port 45424:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:15:11.522Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:19:17 honeypot-fra-1 sshd[7137]: Disconnected from invalid user jkl 118.212.146.43 port 46768 [preauth]","@timestamp":"2022-09-13T20:19:17.614Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:19:19.787Z","@version":"1","message":"Sep 13 20:19:18 honeypot-sgp-1 sshd[11380]: Invalid user guest from 179.60.147.69 port 16820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:20:53 honeypot-ams-1 kernel: [83977037.344704] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.132.7.111 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=40874 PROTO=TCP SPT=11248 DPT=80 WINDOW=52232 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:20:53.987Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:24:13 honeypot-ams-1 kernel: [83977237.491434] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:24:14.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:29:48 honeypot-ams-1 sshd[16403]: Disconnected from invalid user tzf 188.166.252.132 port 39888 [preauth]","@timestamp":"2022-09-13T20:29:49.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:30:01 honeypot-fra-1 sshd[7142]: Connection closed by authenticating user root 103.188.176.251 port 45842 [preauth]","@timestamp":"2022-09-13T20:30:01.861Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:31:11.072Z","@version":"1","message":"Sep 13 20:31:10 honeypot-sgp-1 sshd[11384]: Received disconnect from 92.255.85.69 port 40378:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:35:34.178Z","@version":"1","message":"Sep 13 20:35:33 honeypot-sgp-1 sshd[11388]: Disconnected from 104.248.228.139 port 56446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:36:25 honeypot-ams-1 sshd[16410]: Invalid user samp from 104.131.39.193 port 55950","@timestamp":"2022-09-13T20:36:26.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:37:38 honeypot-fra-1 sshd[7149]: Did not receive identification string from 198.98.61.9 port 40292","@timestamp":"2022-09-13T20:37:39.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:37:59 honeypot-fra-1 sshd[7152]: Disconnected from invalid user user 198.98.61.9 port 48454 [preauth]","@timestamp":"2022-09-13T20:38:00.045Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:16 honeypot-fra-1 sshd[7156]: Disconnected from invalid user user 198.98.61.9 port 43300 [preauth]","@timestamp":"2022-09-13T20:38:17.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:37 honeypot-fra-1 sshd[7161]: Disconnected from invalid user user 198.98.61.9 port 38140 [preauth]","@timestamp":"2022-09-13T20:38:38.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:40:02 honeypot-fra-1 kernel: [83976025.421785] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.210.150 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34003 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:40:03.098Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:41:18 honeypot-ams-1 sshd[16413]: Disconnected from authenticating user root 222.122.67.97 port 59194 [preauth]","@timestamp":"2022-09-13T20:41:18.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:06 honeypot-fra-1 sshd[7171]: Received disconnect from 45.61.187.160 port 50316:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:42:07.148Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:15 honeypot-fra-1 sshd[7175]: Received disconnect from 45.61.187.160 port 33530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:42:16.152Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:35 honeypot-fra-1 sshd[7179]: Received disconnect from 45.61.187.160 port 56434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:42:36.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:54 honeypot-fra-1 sshd[7185]: Received disconnect from 45.61.187.160 port 51102:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:42:55.171Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:44:05 honeypot-ams-1 sshd[16417]: Received disconnect from 85.114.98.146 port 55536:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:44:06.598Z"}
{"@timestamp":"2022-09-13T20:45:42.447Z","@version":"1","message":"Sep 13 20:45:41 honeypot-sgp-1 kernel: [83978051.564021] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=216.250.248.232 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=55309 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:52:07 honeypot-fra-1 sshd[7191]: Invalid user test from 193.106.191.157 port 42896","@timestamp":"2022-09-13T20:52:08.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:53:18.633Z","@version":"1","message":"Sep 13 20:53:18 honeypot-sgp-1 sshd[11398]: Connection closed by authenticating user root 103.188.176.251 port 59016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:54:29.665Z","@version":"1","message":"Sep 13 20:54:29 honeypot-sgp-1 sshd[11404]: Disconnected from authenticating user root 179.43.156.143 port 37332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:55:43.699Z","@version":"1","message":"Sep 13 20:55:42 honeypot-sgp-1 sshd[11410]: Disconnected from authenticating user root 179.43.156.143 port 56746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:56:10 honeypot-fra-1 sshd[7198]: Received disconnect from 186.154.4.20 port 59848:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:56:10.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:56:55 honeypot-fra-1 sshd[7204]: Did not receive identification string from 114.252.41.101 port 53862","@timestamp":"2022-09-13T20:56:55.485Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:57:30.745Z","@version":"1","message":"Sep 13 20:57:30 honeypot-sgp-1 sshd[11416]: Received disconnect from 179.43.156.143 port 43554:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:58:48.777Z","@version":"1","message":"Sep 13 20:58:48 honeypot-sgp-1 sshd[11421]: Received disconnect from 179.43.156.143 port 34792:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:54 honeypot-fra-1 sshd[7208]: Received disconnect from 45.61.186.49 port 35460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:58:54.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:59 honeypot-fra-1 sshd[7212]: Disconnected from invalid user user 45.61.186.49 port 41966 [preauth]","@timestamp":"2022-09-13T20:58:59.535Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:59:01 honeypot-ams-1 sshd[16421]: Invalid user support from 179.60.147.69 port 49764","@timestamp":"2022-09-13T20:59:01.998Z"}
{"@timestamp":"2022-09-13T21:00:13.814Z","@version":"1","message":"Sep 13 21:00:13 honeypot-sgp-1 sshd[11425]: Disconnected from authenticating user root 179.43.156.143 port 54234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:02:21.867Z","@version":"1","message":"Sep 13 21:02:21 honeypot-sgp-1 sshd[11431]: Disconnected from authenticating user root 179.43.156.143 port 41038 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:33 honeypot-fra-1 sshd[7219]: Received disconnect from 45.61.186.169 port 45526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:02:33.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:52 honeypot-fra-1 sshd[7223]: Received disconnect from 45.61.186.169 port 41430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:02:53.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:11 honeypot-fra-1 sshd[7227]: Received disconnect from 45.61.186.169 port 37354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:03:11.632Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:27 honeypot-fra-1 sshd[7231]: Received disconnect from 45.61.186.169 port 33252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:03:28.639Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:03:50 honeypot-ams-1 kernel: [83979613.985280] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=33884 PROTO=TCP SPT=42803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:03:51.124Z"}
{"@timestamp":"2022-09-13T21:08:35.016Z","@version":"1","message":"Sep 13 21:08:34 honeypot-sgp-1 kernel: [83979424.221169] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.46.215.90 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=2386 DF PROTO=TCP SPT=41426 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:10:41.067Z","@version":"1","message":"Sep 13 21:10:40 honeypot-sgp-1 sshd[11437]: Disconnected from invalid user huan 103.92.24.243 port 43890 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:31.115Z","@version":"1","message":"Sep 13 21:12:30 honeypot-sgp-1 sshd[11443]: Did not receive identification string from 141.255.162.226 port 55348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:38.119Z","@version":"1","message":"Sep 13 21:12:37 honeypot-sgp-1 sshd[11446]: Disconnected from invalid user user 141.255.162.226 port 35302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:39.120Z","@version":"1","message":"Sep 13 21:12:38 honeypot-sgp-1 sshd[11450]: Disconnected from invalid user user 141.255.162.226 port 50700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:13:28 honeypot-ams-1 sshd[16429]: Invalid user sysgames from 209.141.52.250 port 56956","@timestamp":"2022-09-13T21:13:29.374Z"}
{"@timestamp":"2022-09-13T21:15:18.185Z","@version":"1","message":"Sep 13 21:15:17 honeypot-sgp-1 sshd[11454]: Disconnected from authenticating user root 92.255.85.70 port 56116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:15:56 honeypot-fra-1 sshd[7236]: Invalid user jjf from 210.105.193.6 port 37176","@timestamp":"2022-09-13T21:15:56.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:16:27 honeypot-fra-1 sshd[7238]: Received disconnect from 101.32.10.55 port 54292:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:16:27.937Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:17:47.245Z","@version":"1","message":"Sep 13 21:17:46 honeypot-sgp-1 kernel: [83979976.491246] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.204.42.89 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55835 DF PROTO=TCP SPT=52176 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:18:20 honeypot-ams-1 kernel: [83980483.593952] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=5259 PROTO=TCP SPT=29209 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:18:20.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:18:37 honeypot-fra-1 sshd[7246]: Received disconnect from 92.255.85.70 port 19448:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:18:37.990Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:20:54 honeypot-ams-1 sshd[16437]: Disconnected from invalid user gozone 187.102.174.154 port 53136 [preauth]","@timestamp":"2022-09-13T21:20:54.569Z"}
{"@timestamp":"2022-09-13T21:24:09.398Z","@version":"1","message":"Sep 13 21:24:09 honeypot-sgp-1 sshd[11463]: Invalid user admin from 85.237.57.253 port 45498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:27:56.490Z","@version":"1","message":"Sep 13 21:27:56 honeypot-sgp-1 sshd[11465]: Did not receive identification string from 198.98.61.9 port 40884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:27:57 honeypot-ams-1 sshd[16443]: Connection closed by invalid user test 193.106.191.157 port 53084 [preauth]","@timestamp":"2022-09-13T21:27:57.756Z"}
{"@timestamp":"2022-09-13T21:28:29.505Z","@version":"1","message":"Sep 13 21:28:28 honeypot-sgp-1 sshd[11468]: Disconnected from invalid user user 198.98.61.9 port 57428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:28:38 honeypot-fra-1 kernel: [83978940.933276] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.7.143.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40694 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:28:39.216Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T21:28:46.513Z","@version":"1","message":"Sep 13 21:28:46 honeypot-sgp-1 sshd[11472]: Disconnected from invalid user user 198.98.61.9 port 53008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:03.520Z","@version":"1","message":"Sep 13 21:29:02 honeypot-sgp-1 sshd[11476]: Disconnected from invalid user user 198.98.61.9 port 48572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:10.523Z","@version":"1","message":"Sep 13 21:29:10 honeypot-sgp-1 sshd[11480]: Disconnected from invalid user user 198.98.61.9 port 60500 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:30:04 honeypot-ams-1 sshd[16450]: Received disconnect from 219.91.140.43 port 37832:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:30:04.815Z"}
{"@timestamp":"2022-09-13T21:32:26.600Z","@version":"1","message":"Sep 13 21:32:26 honeypot-sgp-1 sshd[11486]: Connection closed by invalid user ubnt 179.60.147.69 port 64116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:35:45 honeypot-ams-1 sshd[16456]: Connection closed by invalid user ubnt 179.60.147.69 port 1480 [preauth]","@timestamp":"2022-09-13T21:35:45.962Z"}
{"@timestamp":"2022-09-13T21:36:01.687Z","@version":"1","message":"Sep 13 21:36:01 honeypot-sgp-1 kernel: [83981071.143938] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.38.211 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=57457 PROTO=TCP SPT=44536 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:37:59 honeypot-fra-1 sshd[7259]: Connection closed by invalid user test 193.106.191.157 port 45312 [preauth]","@timestamp":"2022-09-13T21:38:00.429Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:40:52.807Z","@version":"1","message":"Sep 13 21:40:52 honeypot-sgp-1 sshd[11497]: Invalid user admin from 185.246.130.20 port 5194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:11.816Z","@version":"1","message":"Sep 13 21:41:10 honeypot-sgp-1 kernel: [83981380.398079] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=182.61.58.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=45084 DF PROTO=TCP SPT=59230 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:42.831Z","@version":"1","message":"Sep 13 21:41:42 honeypot-sgp-1 sshd[11507]: Invalid user admin from 185.246.130.20 port 62339","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:14.848Z","@version":"1","message":"Sep 13 21:42:14 honeypot-sgp-1 sshd[11513]: Invalid user manager from 185.246.130.20 port 35088","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:41.861Z","@version":"1","message":"Sep 13 21:42:41 honeypot-sgp-1 sshd[11519]: Disconnecting invalid user 1234 185.246.130.20 port 15413: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:59.871Z","@version":"1","message":"Sep 13 21:42:59 honeypot-sgp-1 sshd[11525]: Disconnecting invalid user  185.246.130.20 port 47394: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:43:51.894Z","@version":"1","message":"Sep 13 21:43:50 honeypot-sgp-1 sshd[11533]: Invalid user blank from 185.246.130.20 port 4939","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:30.913Z","@version":"1","message":"Sep 13 21:44:30 honeypot-sgp-1 sshd[11539]: Invalid user 1234 from 185.246.130.20 port 33936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:52.923Z","@version":"1","message":"Sep 13 21:44:52 honeypot-sgp-1 sshd[11545]: Disconnecting invalid user Cisco 185.246.130.20 port 10330: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:11.931Z","@version":"1","message":"Sep 13 21:45:11 honeypot-sgp-1 sshd[11551]: Disconnecting invalid user 1234 185.246.130.20 port 23148: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:45:29 honeypot-fra-1 kernel: [83979951.743297] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.38.211 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=61077 PROTO=TCP SPT=45195 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:45:29.606Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T21:45:46.962Z","@version":"1","message":"Sep 13 21:45:46 honeypot-sgp-1 sshd[11559]: Invalid user adslroot from 185.246.130.20 port 22063","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:14.975Z","@version":"1","message":"Sep 13 21:46:14 honeypot-sgp-1 sshd[11566]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 17735","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:44.990Z","@version":"1","message":"Sep 13 21:46:44 honeypot-sgp-1 sshd[11572]: Disconnecting invalid user  185.246.130.20 port 63018: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:16.006Z","@version":"1","message":"Sep 13 21:47:15 honeypot-sgp-1 sshd[11580]: Invalid user c1@r0 from 185.246.130.20 port 35521","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:47:29 honeypot-ams-1 sshd[16463]: Received disconnect from 35.205.118.1 port 54179:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:47:30.264Z"}
{"@timestamp":"2022-09-13T21:47:42.017Z","@version":"1","message":"Sep 13 21:47:41 honeypot-sgp-1 sshd[11586]: Invalid user superonline from 185.246.130.20 port 40743","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:56.024Z","@version":"1","message":"Sep 13 21:47:55 honeypot-sgp-1 sshd[11594]: Invalid user pi from 183.82.107.151 port 42148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:48:14 honeypot-ams-1 sshd[16467]: Received disconnect from 156.254.125.106 port 46622:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:48:14.284Z"}
{"@timestamp":"2022-09-13T21:48:24.037Z","@version":"1","message":"Sep 13 21:48:23 honeypot-sgp-1 sshd[11598]: Invalid user comcast from 185.246.130.20 port 19279","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:44.046Z","@version":"1","message":"Sep 13 21:48:43 honeypot-sgp-1 sshd[11604]: Received disconnect from 197.159.66.211 port 56394:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:08.057Z","@version":"1","message":"Sep 13 21:49:07 honeypot-sgp-1 sshd[11609]: Disconnecting invalid user matrix 185.246.130.20 port 17352: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:39.071Z","@version":"1","message":"Sep 13 21:49:38 honeypot-sgp-1 sshd[11615]: Invalid user motorola from 185.246.130.20 port 19559","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:50:05.084Z","@version":"1","message":"Sep 13 21:50:04 honeypot-sgp-1 sshd[11621]: Disconnecting authenticating user root 185.246.130.20 port 15046: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:50:40.100Z","@version":"1","message":"Sep 13 21:50:40 honeypot-sgp-1 sshd[11628]: Disconnecting invalid user 0 185.246.130.20 port 27371: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:09.114Z","@version":"1","message":"Sep 13 21:51:08 honeypot-sgp-1 sshd[11635]: Invalid user admin from 185.246.130.20 port 5305","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:40.129Z","@version":"1","message":"Sep 13 21:51:39 honeypot-sgp-1 sshd[11641]: Invalid user Broadcom from 185.246.130.20 port 42433","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:03.140Z","@version":"1","message":"Sep 13 21:52:02 honeypot-sgp-1 sshd[11645]: Disconnecting invalid user admin 185.246.130.20 port 50885: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:40.157Z","@version":"1","message":"Sep 13 21:52:39 honeypot-sgp-1 sshd[11651]: Disconnecting invalid user smcadmin 185.246.130.20 port 11198: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:53:06 honeypot-fra-1 sshd[7268]: Disconnected from invalid user omsagent 107.173.111.206 port 42926 [preauth]","@timestamp":"2022-09-13T21:53:06.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:53:12.172Z","@version":"1","message":"Sep 13 21:53:11 honeypot-sgp-1 sshd[11657]: Disconnecting invalid user admin 185.246.130.20 port 11452: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:53:43.187Z","@version":"1","message":"Sep 13 21:53:43 honeypot-sgp-1 sshd[11663]: Disconnecting invalid user user 185.246.130.20 port 35467: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:54:24.207Z","@version":"1","message":"Sep 13 21:54:23 honeypot-sgp-1 sshd[11671]: Invalid user user from 185.246.130.20 port 21437","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:55:15.232Z","@version":"1","message":"Sep 13 21:55:14 honeypot-sgp-1 sshd[11678]: Invalid user Admin from 185.246.130.20 port 29080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:55:59.251Z","@version":"1","message":"Sep 13 21:55:59 honeypot-sgp-1 sshd[11684]: Invalid user 0 from 185.246.130.20 port 31396","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:56:42.272Z","@version":"1","message":"Sep 13 21:56:42 honeypot-sgp-1 sshd[11691]: Invalid user admin from 185.246.130.20 port 19256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:58:26 honeypot-ams-1 kernel: [83982889.990904] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.158.225.147 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39345 PROTO=TCP SPT=45616 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:58:26.545Z"}
{"@timestamp":"2022-09-13T21:58:44.322Z","@version":"1","message":"Sep 13 21:58:43 honeypot-sgp-1 sshd[11697]: Received disconnect from 92.255.85.69 port 16854:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:00:29 honeypot-ams-1 kernel: [83983012.843166] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=39984 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:00:29.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:07:14 honeypot-fra-1 kernel: [83981257.315198] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.39.220.40 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=16734 PROTO=TCP SPT=46743 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:07:15.090Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:08:05 honeypot-fra-1 sshd[7276]: Disconnecting invalid user admin 128.53.5.55 port 62671: Too many authentication failures [preauth]","@timestamp":"2022-09-13T22:08:06.111Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:09:37 honeypot-ams-1 kernel: [83983560.873482] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.74.61.96 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26451 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:09:37.850Z"}
{"@timestamp":"2022-09-13T22:10:02.581Z","@version":"1","message":"Sep 13 22:10:01 honeypot-sgp-1 sshd[11702]: Disconnected from invalid user muriel 187.170.240.80 port 42278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:12:06 honeypot-ams-1 sshd[16483]: Disconnected from invalid user oracle 94.139.201.56 port 44446 [preauth]","@timestamp":"2022-09-13T22:12:06.933Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:12:20 honeypot-fra-1 kernel: [83981562.512646] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=61212 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:12:20.210Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T22:13:51.676Z","@version":"1","message":"Sep 13 22:13:50 honeypot-sgp-1 sshd[11711]: Disconnected from authenticating user root 157.245.122.58 port 36382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:14:39 honeypot-ams-1 sshd[16487]: Disconnected from invalid user ethos 113.161.79.231 port 32862 [preauth]","@timestamp":"2022-09-13T22:14:40.000Z"}
{"@timestamp":"2022-09-13T22:15:08.709Z","@version":"1","message":"Sep 13 22:15:08 honeypot-sgp-1 sshd[11717]: Received disconnect from 61.177.173.37 port 63110:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:16:53.752Z","@version":"1","message":"Sep 13 22:16:52 honeypot-sgp-1 sshd[11721]: Disconnected from authenticating user root 61.177.172.114 port 47165 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:17:39.773Z","@version":"1","message":"Sep 13 22:17:39 honeypot-sgp-1 kernel: [83983568.702610] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=25716 PROTO=TCP SPT=47022 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:18:50.803Z","@version":"1","message":"Sep 13 22:18:50 honeypot-sgp-1 sshd[11731]: Invalid user jonitiso from 157.245.122.58 port 47654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:18:55 honeypot-fra-1 kernel: [83981957.963576] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17168 PROTO=TCP SPT=47022 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:18:56.360Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T22:19:44.827Z","@version":"1","message":"Sep 13 22:19:44 honeypot-sgp-1 sshd[11735]: Invalid user cypress from 157.245.122.58 port 32954","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:20:23 honeypot-ams-1 kernel: [83984206.752427] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48088 PROTO=TCP SPT=47022 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:20:24.142Z"}
{"@timestamp":"2022-09-13T22:23:33.919Z","@version":"1","message":"Sep 13 22:23:33 honeypot-sgp-1 kernel: [83983923.401466] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=5541 DF PROTO=TCP SPT=57188 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:24:58 honeypot-fra-1 kernel: [83982320.661827] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=58646 DF PROTO=TCP SPT=36882 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:24:58.498Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:25:37 honeypot-ams-1 sshd[16508]: Received disconnect from 202.88.244.36 port 11562:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:25:38.284Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:29:27 honeypot-ams-1 kernel: [83984751.268959] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=31512 DF PROTO=TCP SPT=39918 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:29:28.386Z"}
{"@timestamp":"2022-09-13T22:30:47.090Z","@version":"1","message":"Sep 13 22:30:46 honeypot-sgp-1 sshd[11820]: Invalid user xi from 103.20.188.28 port 43028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:33:04 honeypot-fra-1 sshd[7373]: Invalid user r00t from 162.219.253.27 port 47468","@timestamp":"2022-09-13T22:33:04.681Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:35:28 honeypot-ams-1 sshd[16516]: Disconnected from authenticating user root 61.177.173.39 port 61391 [preauth]","@timestamp":"2022-09-13T22:35:28.543Z"}
{"@timestamp":"2022-09-13T22:36:27.224Z","@version":"1","message":"Sep 13 22:36:27 honeypot-sgp-1 sshd[11824]: Disconnected from authenticating user root 61.177.173.51 port 12696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7381]: Invalid user centos from 52.183.129.64 port 49422","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7384]: Invalid user hadoop from 52.183.129.64 port 49424","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7389]: Connection closed by invalid user chia 52.183.129.64 port 49450 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7379]: Connection closed by invalid user ftpuser 52.183.129.64 port 49412 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7385]: Connection closed by invalid user postgres 52.183.129.64 port 49426 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7411]: Invalid user chia from 52.183.129.64 port 49454","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7413]: Connection closed by invalid user mysql 52.183.129.64 port 49388 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7425]: Invalid user hadoop from 52.183.129.64 port 49428","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7430]: Invalid user guest from 52.183.129.64 port 49458","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7427]: Connection closed by invalid user user 52.183.129.64 port 49394 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7428]: Connection closed by invalid user centos 52.183.129.64 port 49436 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:37:08.244Z","@version":"1","message":"Sep 13 22:37:07 honeypot-sgp-1 sshd[11830]: Received disconnect from 77.20.117.212 port 41194:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:38:23.275Z","@version":"1","message":"Sep 13 22:38:23 honeypot-sgp-1 kernel: [83984812.651205] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.17.105.85 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=53776 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:42:53.385Z","@version":"1","message":"Sep 13 22:42:52 honeypot-sgp-1 sshd[11837]: Disconnected from invalid user wp-user 134.209.99.121 port 42204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:43:11 honeypot-ams-1 sshd[16526]: Received disconnect from 61.177.173.37 port 44830:11:  [preauth]","@timestamp":"2022-09-13T22:43:12.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:45:09 honeypot-ams-1 sshd[16531]: Disconnected from authenticating user root 80.76.51.46 port 42200 [preauth]","@timestamp":"2022-09-13T22:45:10.820Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:45:50 honeypot-fra-1 sshd[7444]: Disconnected from authenticating user root 92.255.85.70 port 63128 [preauth]","@timestamp":"2022-09-13T22:45:51.971Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:45:52 honeypot-ams-1 sshd[16537]: Disconnected from authenticating user root 80.76.51.46 port 55982 [preauth]","@timestamp":"2022-09-13T22:45:52.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:32 honeypot-ams-1 sshd[16543]: Disconnected from authenticating user root 80.76.51.46 port 41340 [preauth]","@timestamp":"2022-09-13T22:46:32.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:12 honeypot-ams-1 sshd[16550]: Disconnected from authenticating user root 80.76.51.46 port 55040 [preauth]","@timestamp":"2022-09-13T22:47:12.880Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:39 honeypot-ams-1 sshd[16554]: Invalid user admin from 80.76.51.46 port 45332","@timestamp":"2022-09-13T22:47:39.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:06 honeypot-ams-1 sshd[16559]: Invalid user ansible from 80.76.51.46 port 35770","@timestamp":"2022-09-13T22:48:06.906Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:24 honeypot-ams-1 sshd[16563]: Invalid user config from 179.60.147.69 port 10894","@timestamp":"2022-09-13T22:48:24.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:42 honeypot-ams-1 sshd[16567]: Disconnected from authenticating user root 92.255.85.69 port 45778 [preauth]","@timestamp":"2022-09-13T22:48:42.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:14 honeypot-ams-1 sshd[16573]: Received disconnect from 80.76.51.46 port 39620:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:49:14.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:42 honeypot-ams-1 sshd[16577]: Received disconnect from 80.76.51.46 port 58182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:49:42.957Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:50:06 honeypot-fra-1 sshd[7449]: Disconnected from invalid user itump 82.39.244.117 port 59622 [preauth]","@timestamp":"2022-09-13T22:50:07.069Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:23 honeypot-ams-1 sshd[16583]: Invalid user odoo from 80.76.51.46 port 43728","@timestamp":"2022-09-13T22:50:23.978Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:50 honeypot-ams-1 sshd[16588]: Disconnected from authenticating user root 80.76.51.46 port 33882 [preauth]","@timestamp":"2022-09-13T22:50:50.992Z"}
{"@timestamp":"2022-09-13T22:51:47.596Z","@version":"1","message":"Sep 13 22:51:47 honeypot-sgp-1 kernel: [83985616.525175] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.128.139 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=23926 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:53:19 honeypot-fra-1 sshd[7453]: Invalid user kstrioich from 165.22.45.108 port 43328","@timestamp":"2022-09-13T22:53:20.145Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:54:47 honeypot-fra-1 sshd[7457]: Disconnected from authenticating user root 143.198.60.41 port 43236 [preauth]","@timestamp":"2022-09-13T22:54:48.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:59:45 honeypot-ams-1 sshd[16598]: Disconnected from authenticating user root 103.88.240.2 port 56504 [preauth]","@timestamp":"2022-09-13T22:59:46.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:14 honeypot-fra-1 sshd[7469]: Did not receive identification string from 198.98.61.9 port 60684","@timestamp":"2022-09-13T23:03:15.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:37 honeypot-fra-1 sshd[7472]: Disconnected from invalid user user 198.98.61.9 port 32882 [preauth]","@timestamp":"2022-09-13T23:03:37.384Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:56 honeypot-fra-1 sshd[7476]: Disconnected from invalid user user 198.98.61.9 port 57860 [preauth]","@timestamp":"2022-09-13T23:03:56.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:14 honeypot-fra-1 sshd[7480]: Disconnected from invalid user user 198.98.61.9 port 54612 [preauth]","@timestamp":"2022-09-13T23:04:15.402Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:06:06.936Z","@version":"1","message":"Sep 13 23:06:06 honeypot-sgp-1 sshd[11857]: Received disconnect from 92.255.85.70 port 25398:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:07:35 honeypot-fra-1 kernel: [83984877.416826] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50021 PROTO=TCP SPT=49908 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:07:35.480Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:09:39 honeypot-fra-1 sshd[7491]: Did not receive identification string from 45.61.186.249 port 34090","@timestamp":"2022-09-13T23:09:39.531Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:10:08.034Z","@version":"1","message":"Sep 13 23:10:07 honeypot-sgp-1 kernel: [83986716.941290] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.188.210.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=31881 PROTO=TCP SPT=57674 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:12 honeypot-fra-1 sshd[7494]: Disconnected from invalid user user 45.61.186.249 port 50146 [preauth]","@timestamp":"2022-09-13T23:10:13.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:31 honeypot-fra-1 sshd[7498]: Received disconnect from 45.61.186.249 port 45186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:10:31.554Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:10:40 honeypot-ams-1 sshd[16609]: Received disconnect from 92.255.85.70 port 24576:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:10:40.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:50 honeypot-fra-1 sshd[7502]: Received disconnect from 45.61.186.249 port 40214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:10:50.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:35 honeypot-fra-1 kernel: [83985357.317228] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56130 PROTO=TCP SPT=54720 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:15:35.671Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:58 honeypot-fra-1 sshd[7512]: Invalid user user from 141.255.162.226 port 40494","@timestamp":"2022-09-13T23:15:59.683Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:01 honeypot-fra-1 sshd[7516]: Invalid user user from 141.255.162.226 port 54838","@timestamp":"2022-09-13T23:16:02.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:08 honeypot-fra-1 kernel: [83985390.451415] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.147.216 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58800 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:16:08.689Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:17:01 honeypot-ams-1 CRON[16618]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T23:17:01.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:20:44 honeypot-ams-1 sshd[16623]: Received disconnect from 187.188.11.222 port 41898:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:20:45.769Z"}
{"@timestamp":"2022-09-13T23:22:10.321Z","@version":"1","message":"Sep 13 23:22:09 honeypot-sgp-1 sshd[11872]: Connection closed by invalid user default 179.60.147.69 port 39368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:22:30 honeypot-ams-1 kernel: [83987934.389129] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.142.115.61 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=59420 DF PROTO=TCP SPT=52366 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:22:31.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:23:22 honeypot-fra-1 sshd[7524]: Connection closed by invalid user default 179.60.147.69 port 39696 [preauth]","@timestamp":"2022-09-13T23:23:22.852Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:24:56.390Z","@version":"1","message":"Sep 13 23:24:55 honeypot-sgp-1 sshd[11878]: Disconnected from authenticating user root 61.177.173.48 port 46452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:29:16 honeypot-fra-1 sshd[7530]: Connection closed by invalid user test 193.106.191.157 port 56208 [preauth]","@timestamp":"2022-09-13T23:29:16.986Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:30:35 honeypot-ams-1 sshd[16636]: Received disconnect from 68.183.25.174 port 50476:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:30:36.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:01 honeypot-fra-1 kernel: [83986343.667977] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=10564 PROTO=TCP SPT=44893 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:32:02.053Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:34 honeypot-fra-1 sshd[7538]: Disconnected from invalid user user 198.98.61.9 port 50392 [preauth]","@timestamp":"2022-09-13T23:32:35.068Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:52 honeypot-fra-1 sshd[7542]: Disconnected from invalid user user 198.98.61.9 port 45188 [preauth]","@timestamp":"2022-09-13T23:32:53.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:08 honeypot-fra-1 sshd[7548]: Invalid user user from 198.98.61.9 port 39990","@timestamp":"2022-09-13T23:33:09.085Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:33:09 honeypot-ams-1 sshd[16640]: Received disconnect from 213.194.132.143 port 38144:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:33:10.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:34:48 honeypot-ams-1 sshd[16644]: Disconnected from authenticating user root 61.177.173.50 port 61254 [preauth]","@timestamp":"2022-09-13T23:34:49.148Z"}
{"@timestamp":"2022-09-13T23:36:36.667Z","@version":"1","message":"Sep 13 23:36:35 honeypot-sgp-1 sshd[11892]: Disconnected from authenticating user root 64.227.36.9 port 51176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:39:45 honeypot-ams-1 sshd[16651]: Disconnected from authenticating user root 61.177.172.19 port 59315 [preauth]","@timestamp":"2022-09-13T23:39:46.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:40:21 honeypot-fra-1 sshd[7554]: Invalid user kuangwh from 165.22.45.108 port 48354","@timestamp":"2022-09-13T23:40:22.247Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:47:35 honeypot-ams-1 sshd[16660]: Connection closed by invalid user pi 201.137.106.75 port 55256 [preauth]","@timestamp":"2022-09-13T23:47:36.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:48:20 honeypot-fra-1 kernel: [83987322.808831] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49634 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:48:21.443Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:50:03 honeypot-ams-1 sshd[16666]: Received disconnect from 128.199.52.45 port 50178:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:50:04.552Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:51:30 honeypot-fra-1 sshd[7563]: Disconnected from authenticating user root 202.73.11.37 port 42326 [preauth]","@timestamp":"2022-09-13T23:51:31.516Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:51:54.022Z","@version":"1","message":"Sep 13 23:51:53 honeypot-sgp-1 sshd[11903]: Received disconnect from 92.255.85.70 port 54154:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:54:21 honeypot-ams-1 kernel: [83989844.889004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.152.37.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=11520 PROTO=TCP SPT=58953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:54:21.667Z"}
{"@timestamp":"2022-09-13T23:56:58.142Z","@version":"1","message":"Sep 13 23:56:58 honeypot-sgp-1 kernel: [83989527.440930] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.20 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55647 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:02.194Z","@version":"1","message":"Sep 13 23:59:02 honeypot-sgp-1 sshd[11912]: Disconnecting invalid user cameras 81.17.25.50 port 10761: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:44.212Z","@version":"1","message":"Sep 13 23:59:43 honeypot-sgp-1 sshd[11918]: Disconnecting invalid user  81.17.25.50 port 42792: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:00:33.235Z","@version":"1","message":"Sep 14 00:00:32 honeypot-sgp-1 sshd[11920]: Disconnecting invalid user admin 81.17.25.50 port 21230: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:01:24 honeypot-fra-1 sshd[7570]: Invalid user centos from 179.60.147.69 port 16866","@timestamp":"2022-09-14T00:01:24.738Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:01:25 honeypot-ams-1 sshd[16678]: Connection reset by 61.177.172.19 port 25611 [preauth]","@timestamp":"2022-09-14T00:01:25.862Z"}
{"@timestamp":"2022-09-14T00:02:42.291Z","@version":"1","message":"Sep 14 00:02:42 honeypot-sgp-1 sshd[11931]: Disconnecting invalid user admin 81.17.25.50 port 48453: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:05:19.358Z","@version":"1","message":"Sep 14 00:05:18 honeypot-sgp-1 sshd[11939]: Invalid user 1234 from 81.17.25.50 port 29555","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:06:48.398Z","@version":"1","message":"Sep 14 00:06:47 honeypot-sgp-1 sshd[11944]: Disconnecting invalid user araknis 81.17.25.50 port 17542: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:08:21 honeypot-ams-1 kernel: [83990684.738195] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43804 PROTO=TCP SPT=45521 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:08:22.054Z"}
{"@timestamp":"2022-09-14T00:08:39.446Z","@version":"1","message":"Sep 14 00:08:39 honeypot-sgp-1 sshd[11955]: Disconnected from authenticating user root 61.177.173.49 port 27593 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:10:23.492Z","@version":"1","message":"Sep 14 00:10:23 honeypot-sgp-1 sshd[11961]: Invalid user Admin from 81.17.25.50 port 20118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:12:23.544Z","@version":"1","message":"Sep 14 00:12:22 honeypot-sgp-1 sshd[11969]: Invalid user admin from 81.17.25.50 port 35448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:12:31 honeypot-fra-1 sshd[7578]: Invalid user admin from 124.223.54.132 port 58298","@timestamp":"2022-09-14T00:12:32.006Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:13:39.580Z","@version":"1","message":"Sep 14 00:13:38 honeypot-sgp-1 sshd[11973]: Disconnecting invalid user 1234 81.17.25.50 port 20858: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:14:08 honeypot-ams-1 sshd[16693]: Received disconnect from 61.177.173.37 port 53713:11:  [preauth]","@timestamp":"2022-09-14T00:14:09.212Z"}
{"@timestamp":"2022-09-14T00:15:01.614Z","@version":"1","message":"Sep 14 00:15:01 honeypot-sgp-1 sshd[11983]: Received disconnect from 92.255.85.69 port 47776:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:16:23.651Z","@version":"1","message":"Sep 14 00:16:23 honeypot-sgp-1 sshd[11988]: Received disconnect from 61.177.172.98 port 46182:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:17:17.676Z","@version":"1","message":"Sep 14 00:17:17 honeypot-sgp-1 sshd[11991]: Invalid user 1234 from 81.17.25.50 port 36117","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:17:49 honeypot-fra-1 sshd[7587]: Received disconnect from 92.255.85.69 port 25318:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:17:50.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:18:20 honeypot-ams-1 sshd[16700]: Received disconnect from 61.177.173.46 port 61952:11:  [preauth]","@timestamp":"2022-09-14T00:18:21.326Z"}
{"@timestamp":"2022-09-14T00:18:22.706Z","@version":"1","message":"Sep 14 00:18:21 honeypot-sgp-1 sshd[12005]: Invalid user  from 81.17.25.50 port 32862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:18:46.718Z","@version":"1","message":"Sep 14 00:18:45 honeypot-sgp-1 sshd[12011]: Invalid user admin from 81.17.25.50 port 11579","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:11.729Z","@version":"1","message":"Sep 14 00:19:11 honeypot-sgp-1 sshd[12019]: Disconnected from invalid user admin 45.33.107.51 port 60080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:36.742Z","@version":"1","message":"Sep 14 00:19:36 honeypot-sgp-1 sshd[12023]: Received disconnect from 217.79.178.122 port 59598:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:20:31.767Z","@version":"1","message":"Sep 14 00:20:31 honeypot-sgp-1 sshd[12029]: Invalid user default from 81.17.25.50 port 64360","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:20:32 honeypot-ams-1 kernel: [83991416.293671] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=110.16.43.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=28014 PROTO=TCP SPT=9014 DPT=443 WINDOW=7182 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:20:33.387Z"}
{"@timestamp":"2022-09-14T00:21:39.798Z","@version":"1","message":"Sep 14 00:21:39 honeypot-sgp-1 sshd[12035]: Invalid user Administrator from 81.17.25.50 port 40655","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:22:11 honeypot-fra-1 sshd[7592]: Invalid user pi from 143.92.181.171 port 37350","@timestamp":"2022-09-14T00:22:12.225Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:22:35.824Z","@version":"1","message":"Sep 14 00:22:35 honeypot-sgp-1 sshd[12039]: Disconnecting invalid user superonline 81.17.25.50 port 44235: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:23:19.845Z","@version":"1","message":"Sep 14 00:23:19 honeypot-sgp-1 sshd[12046]: Disconnecting invalid user Admin 81.17.25.50 port 12965: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:24:18.873Z","@version":"1","message":"Sep 14 00:24:18 honeypot-sgp-1 sshd[12052]: Disconnecting invalid user  81.17.25.50 port 43425: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:25:27.904Z","@version":"1","message":"Sep 14 00:25:26 honeypot-sgp-1 sshd[12059]: Disconnecting invalid user  81.17.25.50 port 48792: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:25:58.919Z","@version":"1","message":"Sep 14 00:25:58 honeypot-sgp-1 sshd[12065]: Disconnecting invalid user admin 81.17.25.50 port 15278: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:26:25 honeypot-ams-1 sshd[16712]: Received disconnect from 221.165.250.44 port 35960:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:26:26.541Z"}
{"@timestamp":"2022-09-14T00:26:51.943Z","@version":"1","message":"Sep 14 00:26:51 honeypot-sgp-1 sshd[12073]: Invalid user airlive from 81.17.25.50 port 15531","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:14.955Z","@version":"1","message":"Sep 14 00:27:14 honeypot-sgp-1 sshd[12079]: Invalid user roqos from 81.17.25.50 port 50327","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:20.959Z","@version":"1","message":"Sep 14 00:27:20 honeypot-sgp-1 sshd[12085]: Invalid user sitecom from 81.17.25.50 port 18007","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:26.964Z","@version":"1","message":"Sep 14 00:27:26 honeypot-sgp-1 sshd[12091]: Invalid user admin from 81.17.25.50 port 11255","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:27:56 honeypot-fra-1 sshd[7598]: Invalid user kuantic from 165.22.45.108 port 53378","@timestamp":"2022-09-14T00:27:57.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:28:02.980Z","@version":"1","message":"Sep 14 00:28:02 honeypot-sgp-1 sshd[12098]: Disconnected from invalid user rofstad 188.166.210.28 port 58038 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:28:28.994Z","@version":"1","message":"Sep 14 00:28:28 honeypot-sgp-1 sshd[12102]: Invalid user smcadmin from 81.17.25.50 port 44613","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:28:52 honeypot-ams-1 sshd[16718]: Disconnected from invalid user ftpuser 20.204.106.198 port 41464 [preauth]","@timestamp":"2022-09-14T00:28:53.621Z"}
{"@timestamp":"2022-09-14T00:29:07.013Z","@version":"1","message":"Sep 14 00:29:06 honeypot-sgp-1 sshd[12108]: Invalid user admin from 81.17.25.50 port 58546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:29:26.021Z","@version":"1","message":"Sep 14 00:29:25 honeypot-sgp-1 sshd[12114]: Invalid user user from 81.17.25.50 port 60254","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:38 honeypot-ams-1 sshd[16724]: Received disconnect from 177.24.46.4 port 35395:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:38.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:44 honeypot-ams-1 sshd[16730]: Received disconnect from 177.24.46.4 port 35509:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:45.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:50 honeypot-ams-1 sshd[16736]: Received disconnect from 177.24.46.4 port 35703:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:50.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:57 honeypot-ams-1 sshd[16742]: Received disconnect from 177.24.46.4 port 35891:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:57.653Z"}
{"@timestamp":"2022-09-14T00:29:58.035Z","@version":"1","message":"Sep 14 00:29:57 honeypot-sgp-1 sshd[12120]: Disconnecting invalid user 123456 81.17.25.50 port 55369: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:04 honeypot-ams-1 sshd[16748]: Received disconnect from 177.24.46.4 port 36018:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:04.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:09 honeypot-ams-1 sshd[16754]: Received disconnect from 177.24.46.4 port 36198:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:10.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:15 honeypot-ams-1 sshd[16760]: Received disconnect from 177.24.46.4 port 36327:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:15.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:21 honeypot-ams-1 sshd[16766]: Received disconnect from 177.24.46.4 port 36484:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:21.670Z"}
{"@timestamp":"2022-09-14T00:30:27.049Z","@version":"1","message":"Sep 14 00:30:26 honeypot-sgp-1 sshd[12126]: Disconnecting invalid user readwrite 81.17.25.50 port 33427: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:32 honeypot-ams-1 sshd[16773]: Received disconnect from 177.24.46.4 port 36674:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:32.676Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:30:43 honeypot-ams-1 kernel: [83992026.468643] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.248.6.38 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=74 ID=49592 PROTO=TCP SPT=42818 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:30:43.683Z"}
{"@timestamp":"2022-09-14T00:30:55.063Z","@version":"1","message":"Sep 14 00:30:54 honeypot-sgp-1 sshd[12132]: Disconnecting invalid user DZY-W2914NSV2 81.17.25.50 port 61587: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:55 honeypot-ams-1 sshd[16783]: Disconnected from authenticating user root 177.24.46.4 port 37216 [preauth]","@timestamp":"2022-09-14T00:30:55.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:02 honeypot-ams-1 sshd[16789]: Disconnected from authenticating user root 177.24.46.4 port 37420 [preauth]","@timestamp":"2022-09-14T00:31:02.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:09 honeypot-ams-1 sshd[16795]: Invalid user admin from 177.24.46.4 port 37615","@timestamp":"2022-09-14T00:31:10.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:13 honeypot-ams-1 sshd[16799]: Invalid user admin from 177.24.46.4 port 37682","@timestamp":"2022-09-14T00:31:13.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:17 honeypot-ams-1 sshd[16803]: Invalid user admin from 177.24.46.4 port 37797","@timestamp":"2022-09-14T00:31:17.706Z"}
{"@timestamp":"2022-09-14T00:31:21.075Z","@version":"1","message":"Sep 14 00:31:21 honeypot-sgp-1 sshd[12138]: Disconnecting invalid user zoomadsl 81.17.25.50 port 9530: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:21 honeypot-ams-1 sshd[16807]: Invalid user admin from 177.24.46.4 port 37876","@timestamp":"2022-09-14T00:31:21.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:25 honeypot-ams-1 sshd[16811]: Invalid user admin from 177.24.46.4 port 37964","@timestamp":"2022-09-14T00:31:25.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:27 honeypot-ams-1 sshd[16813]: Disconnected from invalid user user 177.24.46.4 port 38036 [preauth]","@timestamp":"2022-09-14T00:31:27.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:33 honeypot-ams-1 sshd[16819]: Received disconnect from 177.24.46.4 port 38153:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:33.717Z"}
{"@timestamp":"2022-09-14T00:31:34.081Z","@version":"1","message":"Sep 14 00:31:33 honeypot-sgp-1 sshd[12144]: Disconnecting invalid user 1admin0 81.17.25.50 port 31189: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:37 honeypot-ams-1 sshd[16823]: Received disconnect from 177.24.46.4 port 38264:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:37.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:40 honeypot-ams-1 sshd[16827]: Received disconnect from 177.24.46.4 port 38346:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:41.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:45 honeypot-ams-1 sshd[16831]: Invalid user xbmc from 177.24.46.4 port 38447","@timestamp":"2022-09-14T00:31:45.726Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:31:49 honeypot-ams-1 kernel: [83992092.682510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=55787 PROTO=TCP SPT=44893 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:31:49.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:50 honeypot-ams-1 sshd[16837]: Disconnected from invalid user nagios 177.24.46.4 port 38593 [preauth]","@timestamp":"2022-09-14T00:31:51.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:54 honeypot-ams-1 sshd[16841]: Disconnected from invalid user vagrant 177.24.46.4 port 38672 [preauth]","@timestamp":"2022-09-14T00:31:55.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:58 honeypot-ams-1 sshd[16845]: Disconnected from invalid user debian 177.24.46.4 port 38790 [preauth]","@timestamp":"2022-09-14T00:31:58.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:02 honeypot-ams-1 sshd[16849]: Disconnected from invalid user debian 177.24.46.4 port 38871 [preauth]","@timestamp":"2022-09-14T00:32:02.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:05 honeypot-ams-1 sshd[16853]: Disconnected from invalid user alarm 177.24.46.4 port 38961 [preauth]","@timestamp":"2022-09-14T00:32:06.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:09 honeypot-ams-1 sshd[16857]: Disconnected from invalid user test 177.24.46.4 port 39059 [preauth]","@timestamp":"2022-09-14T00:32:09.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:13 honeypot-ams-1 sshd[16861]: Disconnected from invalid user cirros 177.24.46.4 port 39141 [preauth]","@timestamp":"2022-09-14T00:32:13.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:32:19 honeypot-fra-1 sshd[7602]: Invalid user admin from 144.217.162.95 port 55797","@timestamp":"2022-09-14T00:32:19.454Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:34:58 honeypot-fra-1 sshd[7609]: Invalid user uwsgi from 157.230.254.228 port 53544","@timestamp":"2022-09-14T00:34:58.519Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:35:37.177Z","@version":"1","message":"Sep 14 00:35:36 honeypot-sgp-1 sshd[12156]: Received disconnect from 61.177.172.114 port 36378:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:08 honeypot-fra-1 sshd[7612]: Disconnected from invalid user user 141.255.162.226 port 56286 [preauth]","@timestamp":"2022-09-14T00:36:09.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:11 honeypot-fra-1 sshd[7616]: Disconnected from invalid user user 141.255.162.226 port 49624 [preauth]","@timestamp":"2022-09-14T00:36:12.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:14 honeypot-fra-1 sshd[7620]: Disconnected from invalid user user 141.255.162.226 port 48034 [preauth]","@timestamp":"2022-09-14T00:36:14.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:36:40 honeypot-ams-1 sshd[16868]: Disconnected from authenticating user root 197.235.16.123 port 46412 [preauth]","@timestamp":"2022-09-14T00:36:41.872Z"}
{"@timestamp":"2022-09-14T00:38:29.246Z","@version":"1","message":"Sep 14 00:38:28 honeypot-sgp-1 sshd[12162]: Disconnected from authenticating user root 92.255.85.69 port 60734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:38:48 honeypot-fra-1 kernel: [83990350.957998] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=47260 DF PROTO=TCP SPT=54274 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:38:49.610Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T00:41:07.311Z","@version":"1","message":"Sep 14 00:41:06 honeypot-sgp-1 sshd[12166]: Disconnected from invalid user ubnt 5.182.18.155 port 42994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:41:44 honeypot-fra-1 kernel: [83990526.517798] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.111.173.247 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=12156 DF PROTO=TCP SPT=3665 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T00:41:44.681Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:43:37 honeypot-ams-1 sshd[16880]: Disconnected from authenticating user root 92.255.85.69 port 15156 [preauth]","@timestamp":"2022-09-14T00:43:38.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16885]: Invalid user ansible from 193.176.239.126 port 48272","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16894]: Invalid user chia from 193.176.239.126 port 48286","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16889]: Connection closed by authenticating user root 193.176.239.126 port 48296 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16921]: Invalid user admin from 193.176.239.126 port 48298","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16893]: Connection closed by authenticating user root 193.176.239.126 port 48388 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16895]: Connection closed by invalid user admin 193.176.239.126 port 48320 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16892]: Connection closed by invalid user ftp 193.176.239.126 port 48360 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16906]: Connection closed by invalid user mysql 193.176.239.126 port 48274 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16919]: Connection closed by invalid user chia 193.176.239.126 port 48342 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:44:57 honeypot-ams-1 kernel: [83992880.572882] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41017 PROTO=TCP SPT=55877 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:44:58.097Z"}
{"@timestamp":"2022-09-14T00:49:50.515Z","@version":"1","message":"Sep 14 00:49:49 honeypot-sgp-1 sshd[12179]: Received disconnect from 201.116.3.194 port 57480:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:51:41.562Z","@version":"1","message":"Sep 14 00:51:40 honeypot-sgp-1 sshd[12185]: Received disconnect from 128.199.118.93 port 46798:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:54:34 honeypot-ams-1 kernel: [83993458.083475] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.28.218.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57239 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:54:35.351Z"}
{"@timestamp":"2022-09-14T00:57:17.692Z","@version":"1","message":"Sep 14 00:57:17 honeypot-sgp-1 sshd[12196]: Invalid user lines from 159.223.65.243 port 34994","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:59:36 honeypot-fra-1 sshd[7639]: Received disconnect from 143.110.236.239 port 57758:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:59:37.081Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:01:46.797Z","@version":"1","message":"Sep 14 01:01:46 honeypot-sgp-1 sshd[12202]: Disconnected from authenticating user root 92.255.85.69 port 59692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:37 honeypot-ams-1 sshd[16969]: Received disconnect from 61.177.172.19 port 58536:11:  [preauth]","@timestamp":"2022-09-14T01:02:37.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:53 honeypot-ams-1 sshd[16973]: Received disconnect from 45.61.186.249 port 37900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:02:53.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:11 honeypot-ams-1 sshd[16977]: Received disconnect from 45.61.186.249 port 60502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:03:12.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:30 honeypot-ams-1 sshd[16981]: Received disconnect from 45.61.186.249 port 54884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:03:31.591Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:04:06 honeypot-ams-1 kernel: [83994029.548014] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.70.11.13 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=63890 DF PROTO=TCP SPT=59236 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T01:04:06.609Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:04:11 honeypot-fra-1 sshd[7646]: Received disconnect from 92.255.85.70 port 59496:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:04:12.184Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:05:04.877Z","@version":"1","message":"Sep 14 01:05:04 honeypot-sgp-1 sshd[12209]: Received disconnect from 61.177.173.46 port 34195:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:52 honeypot-ams-1 sshd[16992]: Received disconnect from 175.4.209.29 port 32009:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:09:53.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:56 honeypot-ams-1 sshd[16996]: Disconnected from invalid user ubnt 175.4.209.29 port 32147 [preauth]","@timestamp":"2022-09-14T01:09:57.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:02 honeypot-ams-1 sshd[17002]: Disconnected from authenticating user root 175.4.209.29 port 32298 [preauth]","@timestamp":"2022-09-14T01:10:02.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:08 honeypot-ams-1 sshd[17009]: Disconnected from authenticating user root 175.4.209.29 port 32501 [preauth]","@timestamp":"2022-09-14T01:10:08.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:14 honeypot-ams-1 sshd[17015]: Disconnected from authenticating user root 175.4.209.29 port 32687 [preauth]","@timestamp":"2022-09-14T01:10:14.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:20 honeypot-ams-1 sshd[17021]: Disconnected from authenticating user root 175.4.209.29 port 32864 [preauth]","@timestamp":"2022-09-14T01:10:20.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:26 honeypot-ams-1 sshd[17027]: Disconnected from authenticating user root 175.4.209.29 port 33094 [preauth]","@timestamp":"2022-09-14T01:10:27.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:33 honeypot-ams-1 sshd[17033]: Disconnected from authenticating user root 175.4.209.29 port 33254 [preauth]","@timestamp":"2022-09-14T01:10:33.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:39 honeypot-ams-1 sshd[17039]: Disconnected from authenticating user root 175.4.209.29 port 33457 [preauth]","@timestamp":"2022-09-14T01:10:39.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:45 honeypot-ams-1 sshd[17045]: Disconnected from authenticating user root 175.4.209.29 port 33634 [preauth]","@timestamp":"2022-09-14T01:10:45.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:07 honeypot-ams-1 sshd[17055]: Disconnected from authenticating user root 175.4.209.29 port 30208 [preauth]","@timestamp":"2022-09-14T01:11:07.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:23 honeypot-ams-1 sshd[17063]: Disconnected from authenticating user root 61.177.173.47 port 12721 [preauth]","@timestamp":"2022-09-14T01:11:23.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:28 honeypot-ams-1 sshd[17069]: Invalid user admin from 175.4.209.29 port 30891","@timestamp":"2022-09-14T01:11:28.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:32 honeypot-ams-1 sshd[17073]: Invalid user admin from 175.4.209.29 port 31003","@timestamp":"2022-09-14T01:11:32.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:36 honeypot-ams-1 sshd[17077]: Invalid user admin from 175.4.209.29 port 31142","@timestamp":"2022-09-14T01:11:36.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:40 honeypot-ams-1 sshd[17081]: Invalid user admin from 175.4.209.29 port 31258","@timestamp":"2022-09-14T01:11:40.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:44 honeypot-ams-1 sshd[17085]: Invalid user admin from 175.4.209.29 port 31383","@timestamp":"2022-09-14T01:11:44.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:48 honeypot-ams-1 sshd[17089]: Received disconnect from 175.4.209.29 port 31500:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:48.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:52 honeypot-ams-1 sshd[17093]: Disconnected from invalid user pi 175.4.209.29 port 31621 [preauth]","@timestamp":"2022-09-14T01:11:52.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:56 honeypot-ams-1 sshd[17097]: Disconnected from invalid user user 175.4.209.29 port 31789 [preauth]","@timestamp":"2022-09-14T01:11:56.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:01 honeypot-ams-1 sshd[17101]: Disconnected from invalid user mine 175.4.209.29 port 31957 [preauth]","@timestamp":"2022-09-14T01:12:01.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:05 honeypot-ams-1 sshd[17105]: Disconnected from invalid user xbmc 175.4.209.29 port 32104 [preauth]","@timestamp":"2022-09-14T01:12:05.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:09 honeypot-ams-1 sshd[17109]: Disconnected from invalid user oracle 175.4.209.29 port 32247 [preauth]","@timestamp":"2022-09-14T01:12:10.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:16 honeypot-ams-1 sshd[17113]: Disconnected from invalid user postgres 175.4.209.29 port 32460 [preauth]","@timestamp":"2022-09-14T01:12:16.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:20 honeypot-ams-1 sshd[17117]: Disconnected from invalid user support 175.4.209.29 port 32584 [preauth]","@timestamp":"2022-09-14T01:12:20.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:24 honeypot-ams-1 sshd[17121]: Disconnected from invalid user ubuntu 175.4.209.29 port 32731 [preauth]","@timestamp":"2022-09-14T01:12:24.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:28 honeypot-ams-1 sshd[17125]: Disconnected from invalid user ubuntu 175.4.209.29 port 32867 [preauth]","@timestamp":"2022-09-14T01:12:28.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:32 honeypot-ams-1 sshd[17129]: Disconnected from invalid user guest 175.4.209.29 port 32989 [preauth]","@timestamp":"2022-09-14T01:12:32.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:36 honeypot-ams-1 sshd[17133]: Disconnected from invalid user cirros 175.4.209.29 port 33144 [preauth]","@timestamp":"2022-09-14T01:12:36.874Z"}
{"@timestamp":"2022-09-14T01:12:42.062Z","@version":"1","message":"Sep 14 01:12:41 honeypot-sgp-1 sshd[12215]: Disconnected from authenticating user root 52.149.180.228 port 48864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:14:37 honeypot-fra-1 sshd[7651]: Invalid user kubeadmin from 165.22.45.108 port 58358","@timestamp":"2022-09-14T01:14:37.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:14:57.119Z","@version":"1","message":"Sep 14 01:14:56 honeypot-sgp-1 kernel: [83994205.538777] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=38.70.11.13 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=64111 DF PROTO=TCP SPT=59012 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:17:01 honeypot-ams-1 CRON[17140]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T01:17:01.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:17:01 honeypot-fra-1 CRON[7655]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T01:17:02.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:17:23 honeypot-ams-1 kernel: [83994826.723819] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2497 DF PROTO=TCP SPT=33204 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:17:24.002Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:17:49 honeypot-fra-1 sshd[7658]: Disconnected from invalid user it 222.232.29.235 port 53216 [preauth]","@timestamp":"2022-09-14T01:17:49.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:18:00.201Z","@version":"1","message":"Sep 14 01:17:59 honeypot-sgp-1 sshd[12227]: Disconnected from authenticating user root 61.177.172.98 port 13229 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:20:12 honeypot-ams-1 kernel: [83994995.553351] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=175.24.180.25 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=3298 DF PROTO=TCP SPT=57258 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T01:20:13.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:11 honeypot-fra-1 sshd[7667]: Invalid user admin from 128.199.160.207 port 58606","@timestamp":"2022-09-14T01:21:12.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:24:57 honeypot-ams-1 kernel: [83995280.664530] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=13133 PROTO=TCP SPT=24863 DPT=80 WINDOW=37276 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:24:58.205Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:26:22 honeypot-fra-1 kernel: [83993204.672779] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.170.119.250 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=20365 PROTO=TCP SPT=55062 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:26:23.693Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T01:27:14.439Z","@version":"1","message":"Sep 14 01:27:14 honeypot-sgp-1 kernel: [83994943.560146] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=175.24.180.25 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=7816 DF PROTO=TCP SPT=56270 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:28:34.473Z","@version":"1","message":"Sep 14 01:28:34 honeypot-sgp-1 sshd[12236]: Disconnected from authenticating user root 61.177.173.39 port 43328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:33:48 honeypot-ams-1 kernel: [83995812.287370] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35613 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:33:49.436Z"}
{"@timestamp":"2022-09-14T01:36:59.674Z","@version":"1","message":"Sep 14 01:36:59 honeypot-sgp-1 kernel: [83995528.339619] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.104 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44598 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:37:16.682Z","@version":"1","message":"Sep 14 01:37:16 honeypot-sgp-1 sshd[12249]: Connection closed by invalid user admin 178.128.125.205 port 43578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:38:03 honeypot-fra-1 kernel: [83993905.818043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16194 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:38:03.966Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:39:49 honeypot-ams-1 sshd[17175]: Received disconnect from 61.177.173.36 port 36577:11:  [preauth]","@timestamp":"2022-09-14T01:39:49.596Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:41:49 honeypot-ams-1 kernel: [83996293.158093] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.230.158.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=56592 PROTO=TCP SPT=59337 DPT=443 WINDOW=11545 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:41:50.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:15 honeypot-ams-1 sshd[17185]: Disconnected from invalid user test 80.76.51.45 port 49190 [preauth]","@timestamp":"2022-09-14T01:42:15.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:59 honeypot-ams-1 sshd[17191]: Disconnected from authenticating user root 80.76.51.45 port 55322 [preauth]","@timestamp":"2022-09-14T01:43:00.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:43:45 honeypot-ams-1 sshd[17197]: Disconnected from authenticating user root 80.76.51.45 port 33248 [preauth]","@timestamp":"2022-09-14T01:43:45.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:44:28 honeypot-ams-1 sshd[17203]: Received disconnect from 80.76.51.45 port 39430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:44:28.771Z"}
{"@timestamp":"2022-09-14T01:45:26.878Z","@version":"1","message":"Sep 14 01:45:25 honeypot-sgp-1 sshd[12256]: Received disconnect from 61.177.173.46 port 23259:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:46:15 honeypot-ams-1 sshd[17207]: Disconnected from authenticating user root 61.177.172.19 port 31784 [preauth]","@timestamp":"2022-09-14T01:46:15.819Z"}
{"@timestamp":"2022-09-14T01:50:37.004Z","@version":"1","message":"Sep 14 01:50:36 honeypot-sgp-1 sshd[12266]: Connection closed by authenticating user nobody 179.60.147.69 port 48050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:50:47 honeypot-fra-1 sshd[7681]: Disconnected from invalid user idemo_user 200.73.134.13 port 39594 [preauth]","@timestamp":"2022-09-14T01:50:47.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:53:28.075Z","@version":"1","message":"Sep 14 01:53:27 honeypot-sgp-1 sshd[12273]: Disconnected from invalid user user 45.61.186.49 port 46852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:53:39.081Z","@version":"1","message":"Sep 14 01:53:38 honeypot-sgp-1 sshd[12277]: Disconnected from invalid user user 45.61.186.49 port 58492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:54:59 honeypot-ams-1 sshd[17218]: Disconnected from authenticating user root 61.177.173.50 port 41310 [preauth]","@timestamp":"2022-09-14T01:55:00.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:01:24 honeypot-ams-1 sshd[17224]: Invalid user admin from 114.7.195.180 port 35598","@timestamp":"2022-09-14T02:01:25.219Z"}
{"@timestamp":"2022-09-14T02:01:44.295Z","@version":"1","message":"Sep 14 02:01:43 honeypot-sgp-1 sshd[12288]: Received disconnect from 61.177.173.50 port 14203:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:01:59 honeypot-fra-1 sshd[7688]: Invalid user kuglerjh from 165.22.45.108 port 35078","@timestamp":"2022-09-14T02:01:59.518Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:20 honeypot-fra-1 sshd[7694]: Received disconnect from 179.43.145.74 port 53178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:04:20.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:33 honeypot-fra-1 sshd[7700]: Received disconnect from 179.43.145.74 port 34072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:04:34.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:05:26 honeypot-fra-1 kernel: [83995548.214013] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.141.34 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=66 PROTO=TCP SPT=30667 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:05:26.605Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:06:18 honeypot-fra-1 sshd[7710]: Received disconnect from 179.43.145.74 port 58406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:06:19.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:08:25 honeypot-fra-1 sshd[7715]: Disconnected from authenticating user root 143.244.158.100 port 33734 [preauth]","@timestamp":"2022-09-14T02:08:26.680Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:09:06 honeypot-ams-1 sshd[17233]: Received disconnect from 61.177.173.47 port 35894:11:  [preauth]","@timestamp":"2022-09-14T02:09:07.421Z"}
{"@timestamp":"2022-09-14T02:09:28.485Z","@version":"1","message":"Sep 14 02:09:28 honeypot-sgp-1 kernel: [83997477.720039] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=35328 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:09:55 honeypot-fra-1 sshd[7719]: Disconnected from authenticating user root 142.93.112.39 port 32862 [preauth]","@timestamp":"2022-09-14T02:09:55.718Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:10 honeypot-fra-1 sshd[7725]: Disconnected from authenticating user root 200.217.20.227 port 58244 [preauth]","@timestamp":"2022-09-14T02:11:10.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:04 honeypot-fra-1 sshd[7731]: Invalid user test from 193.106.191.157 port 41370","@timestamp":"2022-09-14T02:12:04.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:47 honeypot-fra-1 sshd[7736]: Received disconnect from 45.61.184.204 port 39294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:12:47.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:05 honeypot-fra-1 sshd[7740]: Received disconnect from 45.61.184.204 port 34162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:13:05.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:23 honeypot-fra-1 sshd[7744]: Received disconnect from 45.61.184.204 port 57262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:13:23.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:37 honeypot-fra-1 sshd[7749]: Disconnected from authenticating user root 143.244.158.100 port 45090 [preauth]","@timestamp":"2022-09-14T02:13:37.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:14:31 honeypot-fra-1 sshd[7755]: Received disconnect from 92.255.85.69 port 59576:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:14:31.837Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:15:50.641Z","@version":"1","message":"Sep 14 02:15:49 honeypot-sgp-1 sshd[12301]: Received disconnect from 61.177.172.98 port 30608:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:16:08 honeypot-fra-1 sshd[7759]: Received disconnect from 143.244.158.100 port 57220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:16:08.875Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:17:01 honeypot-ams-1 CRON[17670]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T02:17:01.625Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:17:47 honeypot-fra-1 sshd[7768]: Received disconnect from 143.244.158.100 port 33208:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:17:47.916Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:18:53 honeypot-ams-1 sshd[17675]: Invalid user admin from 58.77.199.182 port 51584","@timestamp":"2022-09-14T02:18:53.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:25 honeypot-fra-1 sshd[7774]: Disconnected from authenticating user root 143.244.158.100 port 54004 [preauth]","@timestamp":"2022-09-14T02:19:25.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:29 honeypot-fra-1 sshd[7778]: Disconnected from invalid user user 141.255.162.226 port 41974 [preauth]","@timestamp":"2022-09-14T02:19:29.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:31 honeypot-fra-1 sshd[7782]: Disconnected from invalid user user 141.255.162.226 port 48492 [preauth]","@timestamp":"2022-09-14T02:19:31.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:35 honeypot-fra-1 sshd[7786]: Disconnected from invalid user user 141.255.162.226 port 52836 [preauth]","@timestamp":"2022-09-14T02:19:35.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:19:50 honeypot-ams-1 sshd[17682]: Did not receive identification string from 109.205.213.23 port 55590","@timestamp":"2022-09-14T02:19:50.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:18 honeypot-ams-1 sshd[17687]: Disconnected from authenticating user root 109.205.213.23 port 32900 [preauth]","@timestamp":"2022-09-14T02:20:18.721Z"}
{"@timestamp":"2022-09-14T02:20:18.749Z","@version":"1","message":"Sep 14 02:20:18 honeypot-sgp-1 sshd[12310]: Received disconnect from 61.177.173.52 port 33454:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:20:18 honeypot-fra-1 sshd[7790]: Disconnected from authenticating user root 143.244.158.100 port 34432 [preauth]","@timestamp":"2022-09-14T02:20:18.982Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:42 honeypot-ams-1 sshd[17693]: Disconnected from authenticating user root 109.205.213.23 port 47970 [preauth]","@timestamp":"2022-09-14T02:20:43.735Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:21:39 honeypot-fra-1 sshd[7794]: Disconnected from invalid user admin 157.245.157.93 port 58464 [preauth]","@timestamp":"2022-09-14T02:21:40.017Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:21:45 honeypot-ams-1 kernel: [83998688.773946] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=32829 DF PROTO=TCP SPT=63283 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T02:21:45.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:22:07 honeypot-ams-1 sshd[17704]: Received disconnect from 109.205.213.23 port 49876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:22:08.778Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:23:09 honeypot-fra-1 sshd[7800]: Received disconnect from 112.146.205.124 port 34210:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:23:10.055Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:25:13.872Z","@version":"1","message":"Sep 14 02:25:13 honeypot-sgp-1 kernel: [83998422.611317] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51587 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:25:26 honeypot-fra-1 sshd[7807]: Received disconnect from 143.244.158.100 port 52492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:25:27.111Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:25:52 honeypot-ams-1 kernel: [83998935.387679] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47080 PROTO=TCP SPT=41960 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:25:52.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:27:59 honeypot-fra-1 sshd[7813]: Received disconnect from 143.244.158.100 port 39818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:28:00.172Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:28:51 honeypot-ams-1 sshd[17717]: Did not receive identification string from 45.61.186.169 port 55552","@timestamp":"2022-09-14T02:28:51.959Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:14 honeypot-ams-1 sshd[17720]: Disconnected from invalid user user 45.61.186.169 port 44276 [preauth]","@timestamp":"2022-09-14T02:29:14.971Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:29:31 honeypot-ams-1 kernel: [83999155.159236] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.200.118.79 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=54011 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:29:31.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:47 honeypot-ams-1 sshd[17728]: Invalid user user from 45.61.186.169 port 33988","@timestamp":"2022-09-14T02:29:47.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:29:47 honeypot-fra-1 sshd[7820]: Received disconnect from 143.244.158.100 port 49742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:29:48.216Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:30:44.006Z","@version":"1","message":"Sep 14 02:30:43 honeypot-sgp-1 kernel: [83998752.554903] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=49210 PROTO=TCP SPT=42602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:30:55 honeypot-ams-1 kernel: [83999238.829769] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=8500 PROTO=TCP SPT=42602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:30:56.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:31:26 honeypot-fra-1 sshd[7825]: Received disconnect from 143.244.158.100 port 40610:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:31:27.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:34:00 honeypot-fra-1 kernel: [83997262.617709] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.163 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42736 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:34:01.319Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:34:53 honeypot-fra-1 sshd[7837]: Disconnected from authenticating user root 143.244.158.100 port 36338 [preauth]","@timestamp":"2022-09-14T02:34:54.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:35:41 honeypot-ams-1 sshd[17737]: Disconnected from authenticating user root 61.177.173.50 port 64214 [preauth]","@timestamp":"2022-09-14T02:35:42.148Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:36:39 honeypot-fra-1 sshd[7841]: Received disconnect from 143.244.158.100 port 59606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:36:40.390Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:36:45.154Z","@version":"1","message":"Sep 14 02:36:44 honeypot-sgp-1 sshd[12326]: Disconnected from authenticating user root 61.177.173.35 port 43816 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:38:18 honeypot-fra-1 sshd[7847]: Received disconnect from 143.244.158.100 port 34586:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:38:19.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:39:59 honeypot-fra-1 sshd[7852]: Disconnected from authenticating user root 143.244.158.100 port 46062 [preauth]","@timestamp":"2022-09-14T02:39:59.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:40:28 honeypot-ams-1 sshd[17744]: Received disconnect from 95.79.31.128 port 51895:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:40:28.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:05 honeypot-ams-1 sshd[17749]: Received disconnect from 109.205.213.23 port 42774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:41:06.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:24 honeypot-ams-1 sshd[17755]: Received disconnect from 92.255.85.70 port 23652:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:41:24.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:44 honeypot-ams-1 sshd[17761]: Received disconnect from 109.205.213.23 port 55668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:41:44.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:42:09 honeypot-ams-1 sshd[17767]: Received disconnect from 109.205.213.23 port 40818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:42:09.353Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:42:28 honeypot-fra-1 sshd[7858]: Disconnected from authenticating user root 143.244.158.100 port 53502 [preauth]","@timestamp":"2022-09-14T02:42:28.528Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:43:07 honeypot-ams-1 sshd[17773]: Invalid user test from 109.205.213.23 port 54202","@timestamp":"2022-09-14T02:43:08.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:43:25 honeypot-ams-1 sshd[17777]: Connection closed by 109.205.213.23 port 53714 [preauth]","@timestamp":"2022-09-14T02:43:25.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:45:01 honeypot-fra-1 sshd[7865]: Received disconnect from 143.244.158.100 port 38090:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:45:01.589Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:45:29.366Z","@version":"1","message":"Sep 14 02:45:28 honeypot-sgp-1 sshd[12335]: Disconnected from 61.177.172.98 port 31088 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:46:48 honeypot-fra-1 sshd[7869]: Disconnected from authenticating user root 143.244.158.100 port 55780 [preauth]","@timestamp":"2022-09-14T02:46:48.632Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:48:13 honeypot-ams-1 sshd[17784]: Disconnected from authenticating user root 61.177.173.39 port 63110 [preauth]","@timestamp":"2022-09-14T02:48:14.530Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:49:20 honeypot-fra-1 sshd[7876]: Disconnected from authenticating user root 143.244.158.100 port 50332 [preauth]","@timestamp":"2022-09-14T02:49:20.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:50:58 honeypot-fra-1 sshd[7882]: Received disconnect from 143.244.158.100 port 33354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:50:58.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:51:05.506Z","@version":"1","message":"Sep 14 02:51:05 honeypot-sgp-1 kernel: [83999974.490348] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.200.118.79 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=46402 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:52:43 honeypot-fra-1 sshd[7886]: Received disconnect from 143.244.158.100 port 57330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:52:44.778Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:57:25 honeypot-ams-1 sshd[17792]: Disconnected from authenticating user root 61.177.173.52 port 63687 [preauth]","@timestamp":"2022-09-14T02:57:25.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:57:37 honeypot-fra-1 sshd[7891]: Invalid user test from 193.106.191.157 port 43758","@timestamp":"2022-09-14T02:57:37.892Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:58:16.708Z","@version":"1","message":"Sep 14 02:58:16 honeypot-sgp-1 sshd[12349]: Received disconnect from 61.177.173.50 port 19229:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T02:58:49.725Z","@version":"1","message":"Sep 14 02:58:49 honeypot-sgp-1 kernel: [84000438.468302] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.104.20.135 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=57090 DF PROTO=TCP SPT=58772 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:02:39 honeypot-fra-1 kernel: [83998981.069755] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.104.9 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=20799 DF PROTO=TCP SPT=14457 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:02:40.012Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T03:03:18.840Z","@version":"1","message":"Sep 14 03:03:17 honeypot-sgp-1 sshd[12356]: Connection closed by invalid user admin 179.60.147.69 port 41766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:05:22 honeypot-ams-1 kernel: [84001305.621940] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=169.38.115.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64915 PROTO=TCP SPT=12080 DPT=80 WINDOW=30048 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:05:23.009Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:08:06 honeypot-ams-1 kernel: [84001469.573816] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=62797 PROTO=TCP SPT=44844 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:08:07.091Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:08:52 honeypot-fra-1 sshd[7901]: Received disconnect from 174.138.24.231 port 51556:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:08:53.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:13:35.089Z","@version":"1","message":"Sep 14 03:13:34 honeypot-sgp-1 sshd[12366]: Received disconnect from 45.61.186.49 port 47900:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:13:47.095Z","@version":"1","message":"Sep 14 03:13:46 honeypot-sgp-1 sshd[12370]: Received disconnect from 45.61.186.49 port 59488:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:13:55 honeypot-fra-1 kernel: [83999656.690809] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42636 PROTO=TCP SPT=44403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:13:55.271Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:39 honeypot-fra-1 sshd[7910]: Invalid user user from 45.61.184.204 port 52364","@timestamp":"2022-09-14T03:14:40.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:56 honeypot-fra-1 sshd[7914]: Invalid user user from 45.61.184.204 port 47482","@timestamp":"2022-09-14T03:14:57.300Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:13 honeypot-fra-1 sshd[7920]: Received disconnect from 179.43.156.143 port 38688:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:15:13.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:15:20.136Z","@version":"1","message":"Sep 14 03:15:20 honeypot-sgp-1 kernel: [84001429.365942] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=13089 DF PROTO=TCP SPT=52325 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:21 honeypot-fra-1 sshd[7922]: Received disconnect from 45.61.184.204 port 54282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:15:21.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:16:35 honeypot-fra-1 sshd[7926]: Disconnected from authenticating user root 179.43.156.143 port 59080 [preauth]","@timestamp":"2022-09-14T03:16:36.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:17:01 honeypot-ams-1 CRON[17820]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T03:17:01.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:17:58 honeypot-fra-1 sshd[7933]: Disconnected from authenticating user root 179.43.156.143 port 51230 [preauth]","@timestamp":"2022-09-14T03:17:58.395Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:19:43 honeypot-fra-1 kernel: [84000004.880193] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=56765 DF PROTO=TCP SPT=31654 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:19:43.436Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:20:41 honeypot-fra-1 sshd[7942]: Disconnected from invalid user nfsnobod 179.43.156.143 port 35572 [preauth]","@timestamp":"2022-09-14T03:20:41.459Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:21:14.282Z","@version":"1","message":"Sep 14 03:21:13 honeypot-sgp-1 sshd[12382]: Received disconnect from 87.245.184.58 port 38084:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:21:28 honeypot-ams-1 sshd[17828]: Received disconnect from 61.177.172.114 port 46469:11:  [preauth]","@timestamp":"2022-09-14T03:21:28.448Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:22:42 honeypot-fra-1 sshd[7948]: Disconnected from authenticating user root 179.43.156.143 port 52014 [preauth]","@timestamp":"2022-09-14T03:22:42.506Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:23:06.331Z","@version":"1","message":"Sep 14 03:23:06 honeypot-sgp-1 sshd[12388]: Received disconnect from 61.177.173.49 port 43423:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:24:43 honeypot-fra-1 sshd[7956]: Received disconnect from 179.43.156.143 port 40236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:24:43.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:28:17.461Z","@version":"1","message":"Sep 14 03:28:17 honeypot-sgp-1 sshd[12393]: Received disconnect from 61.177.172.104 port 23512:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:30:54.527Z","@version":"1","message":"Sep 14 03:30:54 honeypot-sgp-1 sshd[12399]: Received disconnect from 165.22.16.134 port 36294:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:31:21 honeypot-ams-1 sshd[17837]: Received disconnect from 61.177.173.52 port 19682:11:  [preauth]","@timestamp":"2022-09-14T03:31:21.704Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:32:01 honeypot-fra-1 kernel: [84000743.355315] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.175 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=52552 PROTO=TCP SPT=54772 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:32:02.708Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T03:32:18.563Z","@version":"1","message":"Sep 14 03:32:17 honeypot-sgp-1 sshd[12403]: Disconnected from invalid user admin 210.187.80.132 port 40366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:33:36 honeypot-ams-1 sshd[17842]: Received disconnect from 61.177.172.98 port 12409:11:  [preauth]","@timestamp":"2022-09-14T03:33:36.765Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:36:56 honeypot-fra-1 sshd[7965]: Invalid user kundert from 165.22.45.108 port 45028","@timestamp":"2022-09-14T03:36:56.823Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:37:24 honeypot-ams-1 kernel: [84003227.801875] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37972 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:37:24.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:37:44 honeypot-fra-1 kernel: [84001085.970141] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.113 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37331 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:37:44.843Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T03:38:10.708Z","@version":"1","message":"Sep 14 03:38:10 honeypot-sgp-1 sshd[12408]: Disconnected from invalid user rosco 49.236.192.106 port 44120 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:13 honeypot-fra-1 sshd[7971]: Received disconnect from 198.98.61.9 port 45362:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:40:13.906Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:30 honeypot-fra-1 sshd[7975]: Received disconnect from 198.98.61.9 port 39894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:40:30.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:52 honeypot-fra-1 sshd[7979]: Received disconnect from 198.98.61.9 port 34410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:40:52.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:41:08 honeypot-fra-1 sshd[7983]: Received disconnect from 198.98.61.9 port 57222:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:41:08.931Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:44:06 honeypot-ams-1 sshd[17851]: Connection closed by invalid user centos 179.60.147.69 port 20852 [preauth]","@timestamp":"2022-09-14T03:44:07.039Z"}
{"@timestamp":"2022-09-14T03:45:45.900Z","@version":"1","message":"Sep 14 03:45:45 honeypot-sgp-1 sshd[12417]: Received disconnect from 92.255.85.69 port 28976:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:48:23 honeypot-fra-1 sshd[8009]: Received disconnect from 92.255.85.70 port 44152:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:48:24.109Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:15 honeypot-fra-1 sshd[8014]: Received disconnect from 157.230.155.135 port 33887:11: Bye Bye [preauth]","@timestamp":"2022-09-14T03:51:16.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:51:30 honeypot-ams-1 sshd[17858]: Disconnected from authenticating user root 61.177.172.108 port 29716 [preauth]","@timestamp":"2022-09-14T03:51:31.234Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:57:12 honeypot-fra-1 sshd[8021]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 40015","@timestamp":"2022-09-14T03:57:12.309Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:01:02 honeypot-ams-1 kernel: [84004646.185896] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=55031 PROTO=TCP SPT=13860 DPT=80 WINDOW=32356 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:01:03.481Z"}
{"@timestamp":"2022-09-14T04:02:47.319Z","@version":"1","message":"Sep 14 04:02:46 honeypot-sgp-1 sshd[12429]: error: maximum authentication attempts exceeded for invalid user admin from 79.79.21.253 port 38324 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T04:05:34.389Z","@version":"1","message":"Sep 14 04:05:33 honeypot-sgp-1 sshd[12436]: Invalid user gaurav from 46.151.137.136 port 41524","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T04:06:22.410Z","@version":"1","message":"Sep 14 04:06:21 honeypot-sgp-1 kernel: [84004490.798773] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.152.37.65 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=41386 PROTO=TCP SPT=58953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:08:07 honeypot-fra-1 sshd[8027]: Received disconnect from 67.243.72.138 port 51194:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:08:08.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:11:41 honeypot-fra-1 sshd[8032]: Disconnected from authenticating user root 92.255.85.69 port 33316 [preauth]","@timestamp":"2022-09-14T04:11:42.649Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:13:10 honeypot-fra-1 sshd[8036]: Disconnected from invalid user healthtech 103.145.50.51 port 39518 [preauth]","@timestamp":"2022-09-14T04:13:10.684Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:14:15 honeypot-ams-1 kernel: [84005438.567194] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=41298 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:14:15.823Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:15:32 honeypot-fra-1 sshd[8040]: Received disconnect from 143.198.11.227 port 57184:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:15:33.739Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:19:02.721Z","@version":"1","message":"Sep 14 04:19:02 honeypot-sgp-1 kernel: [84005251.723007] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=38896 DF PROTO=TCP SPT=48941 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:19:19 honeypot-ams-1 kernel: [84005743.170392] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.222.119.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=11052 DF PROTO=TCP SPT=45801 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:19:19.955Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:21:00 honeypot-fra-1 sshd[8048]: Received disconnect from 146.190.227.169 port 58034:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:21:00.863Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:24:48 honeypot-fra-1 sshd[8053]: Disconnected from invalid user kundert 165.22.45.108 port 50012 [preauth]","@timestamp":"2022-09-14T04:24:48.949Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:25:30.881Z","@version":"1","message":"Sep 14 04:25:30 honeypot-sgp-1 sshd[12453]: Invalid user temp from 139.59.26.97 port 33914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:37 honeypot-ams-1 sshd[17885]: Received disconnect from 121.25.250.163 port 47914:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:38.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:43 honeypot-ams-1 sshd[17891]: Received disconnect from 121.25.250.163 port 45518:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:44.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:49 honeypot-ams-1 sshd[17897]: Received disconnect from 121.25.250.163 port 36618:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:49.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:54 honeypot-ams-1 sshd[17903]: Received disconnect from 121.25.250.163 port 49192:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:55.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:02 honeypot-ams-1 sshd[17909]: Received disconnect from 121.25.250.163 port 58534:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:03.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:16 honeypot-ams-1 sshd[17915]: Received disconnect from 121.25.250.163 port 43132:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:17.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:23 honeypot-ams-1 sshd[17921]: Received disconnect from 121.25.250.163 port 47692:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:24.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:28 honeypot-ams-1 sshd[17927]: Received disconnect from 121.25.250.163 port 41916:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:29.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:38 honeypot-ams-1 sshd[17933]: Received disconnect from 121.25.250.163 port 47212:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:38.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:45 honeypot-ams-1 sshd[17939]: Received disconnect from 121.25.250.163 port 40196:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:46.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:53 honeypot-ams-1 sshd[17945]: Received disconnect from 121.25.250.163 port 48864:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:26:54.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:00 honeypot-ams-1 sshd[17951]: Received disconnect from 121.25.250.163 port 56694:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:01.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:03 honeypot-ams-1 sshd[17955]: Received disconnect from 121.25.250.163 port 34480:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:04.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:08 honeypot-ams-1 sshd[17959]: Received disconnect from 121.25.250.163 port 35030:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:09.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:13 honeypot-ams-1 sshd[17963]: Received disconnect from 121.25.250.163 port 47018:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:14.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:18 honeypot-ams-1 sshd[17967]: Received disconnect from 121.25.250.163 port 37206:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:19.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:24 honeypot-ams-1 sshd[17971]: Received disconnect from 121.25.250.163 port 44404:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:25.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:31 honeypot-ams-1 sshd[17975]: Disconnected from authenticating user root 121.25.250.163 port 44232 [preauth]","@timestamp":"2022-09-14T04:27:32.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:37 honeypot-ams-1 sshd[17981]: Invalid user pi from 121.25.250.163 port 41460","@timestamp":"2022-09-14T04:27:38.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:40 honeypot-ams-1 sshd[17985]: Invalid user ethos from 121.25.250.163 port 41732","@timestamp":"2022-09-14T04:27:41.194Z"}
{"@timestamp":"2022-09-14T04:27:44.938Z","@version":"1","message":"Sep 14 04:27:44 honeypot-sgp-1 sshd[12458]: Invalid user cisco2 from 143.198.75.234 port 40950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:45 honeypot-ams-1 sshd[17989]: Invalid user miner from 121.25.250.163 port 42432","@timestamp":"2022-09-14T04:27:46.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:51 honeypot-ams-1 sshd[17993]: Invalid user volumio from 121.25.250.163 port 39002","@timestamp":"2022-09-14T04:27:51.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:58 honeypot-ams-1 sshd[17997]: Invalid user nagios from 121.25.250.163 port 41100","@timestamp":"2022-09-14T04:27:58.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:05 honeypot-ams-1 sshd[18001]: Invalid user vagrant from 121.25.250.163 port 36614","@timestamp":"2022-09-14T04:28:05.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:12 honeypot-ams-1 sshd[18005]: Invalid user debian from 121.25.250.163 port 43634","@timestamp":"2022-09-14T04:28:13.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:16 honeypot-ams-1 sshd[18009]: Invalid user debian from 121.25.250.163 port 48934","@timestamp":"2022-09-14T04:28:17.217Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:20 honeypot-ams-1 sshd[18013]: Invalid user alarm from 121.25.250.163 port 37580","@timestamp":"2022-09-14T04:28:21.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:26 honeypot-ams-1 sshd[18017]: Invalid user test from 121.25.250.163 port 59870","@timestamp":"2022-09-14T04:28:26.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:31 honeypot-ams-1 sshd[18021]: Invalid user cirros from 121.25.250.163 port 50926","@timestamp":"2022-09-14T04:28:32.228Z"}
{"@timestamp":"2022-09-14T04:32:42.064Z","@version":"1","message":"Sep 14 04:32:41 honeypot-sgp-1 sshd[12461]: Disconnected from authenticating user root 92.255.85.70 port 54506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:36:15 honeypot-ams-1 sshd[18024]: Received disconnect from 151.0.165.235 port 49054:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:36:16.425Z"}
{"@timestamp":"2022-09-14T04:42:26.301Z","@version":"1","message":"Sep 14 04:42:25 honeypot-sgp-1 kernel: [84006654.721850] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.6.155 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=787 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:43:48 honeypot-ams-1 kernel: [84007212.111430] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=121.206.180.35 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=53546 DF PROTO=TCP SPT=40393 DPT=80 WINDOW=5760 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:43:49.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:44:40 honeypot-ams-1 sshd[18033]: Invalid user admin from 148.153.82.141 port 35606","@timestamp":"2022-09-14T04:44:41.645Z"}
{"@timestamp":"2022-09-14T04:46:47.409Z","@version":"1","message":"Sep 14 04:46:47 honeypot-sgp-1 sshd[12472]: Invalid user admin from 210.245.26.43 port 54194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:47:42 honeypot-fra-1 sshd[8064]: Invalid user user from 45.61.186.249 port 44448","@timestamp":"2022-09-14T04:47:43.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:01 honeypot-fra-1 sshd[8068]: Invalid user user from 45.61.186.249 port 39098","@timestamp":"2022-09-14T04:48:02.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:20 honeypot-fra-1 sshd[8072]: Invalid user user from 45.61.186.249 port 33764","@timestamp":"2022-09-14T04:48:20.477Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:32 honeypot-fra-1 sshd[8076]: Bad protocol version identification 'GET / HTTP/1.1' from 89.248.163.219 port 50806","@timestamp":"2022-09-14T04:48:33.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:54:51 honeypot-fra-1 sshd[8083]: Invalid user test from 193.106.191.157 port 54812","@timestamp":"2022-09-14T04:54:51.626Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:01:30 honeypot-ams-1 sshd[18039]: Received disconnect from 92.255.85.69 port 54116:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:01:31.071Z"}
{"@timestamp":"2022-09-14T05:02:36.793Z","@version":"1","message":"Sep 14 05:02:36 honeypot-sgp-1 kernel: [84007865.308889] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.47 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41482 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:11:23 honeypot-fra-1 kernel: [84006704.995045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36230 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:11:23.995Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:16:55 honeypot-fra-1 kernel: [84007036.774417] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=5404 PROTO=TCP SPT=43459 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:16:56.122Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:17:01 honeypot-ams-1 CRON[18046]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T05:17:01.462Z"}
{"@timestamp":"2022-09-14T05:17:07.138Z","@version":"1","message":"Sep 14 05:17:07 honeypot-sgp-1 kernel: [84008736.200396] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.97 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=24417 PROTO=TCP SPT=24344 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:22:44 honeypot-fra-1 sshd[8098]: Disconnected from authenticating user root 92.255.85.70 port 32702 [preauth]","@timestamp":"2022-09-14T05:22:45.254Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:24:44 honeypot-ams-1 sshd[18050]: Connection closed by invalid user pi 164.177.68.149 port 52684 [preauth]","@timestamp":"2022-09-14T05:24:45.664Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:26:40 honeypot-ams-1 kernel: [84009783.335162] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.125.34.196 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=113 ID=17737 DF PROTO=TCP SPT=51900 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:26:40.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:30:34 honeypot-fra-1 kernel: [84007855.573272] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=42035 PROTO=TCP SPT=53402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:30:34.430Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T05:30:41.463Z","@version":"1","message":"Sep 14 05:30:40 honeypot-sgp-1 kernel: [84009549.730007] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=30995 PROTO=TCP SPT=53402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:30:59 honeypot-ams-1 kernel: [84010042.837455] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=49942 PROTO=TCP SPT=53402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:30:59.826Z"}
{"@timestamp":"2022-09-14T05:31:05.475Z","@version":"1","message":"Sep 14 05:31:05 honeypot-sgp-1 sshd[12489]: Disconnected from invalid user user 45.61.184.204 port 33666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:24.484Z","@version":"1","message":"Sep 14 05:31:24 honeypot-sgp-1 sshd[12493]: Disconnected from invalid user user 45.61.184.204 port 56980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:42.494Z","@version":"1","message":"Sep 14 05:31:41 honeypot-sgp-1 sshd[12497]: Disconnected from invalid user user 45.61.184.204 port 52040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:35:40.606Z","@version":"1","message":"Sep 14 05:35:39 honeypot-sgp-1 sshd[12502]: Disconnected from invalid user test123 43.155.83.218 port 50810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:03.786Z","@version":"1","message":"Sep 14 05:43:03 honeypot-sgp-1 sshd[12508]: Received disconnect from 45.61.187.160 port 47368:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:22.796Z","@version":"1","message":"Sep 14 05:43:22 honeypot-sgp-1 sshd[12512]: Received disconnect from 45.61.187.160 port 42036:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:31.800Z","@version":"1","message":"Sep 14 05:43:31 honeypot-sgp-1 sshd[12516]: Disconnected from invalid user user 45.61.187.160 port 53476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:48.808Z","@version":"1","message":"Sep 14 05:43:48 honeypot-sgp-1 sshd[12520]: Disconnected from invalid user user 45.61.187.160 port 48140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:43:54 honeypot-ams-1 kernel: [84010817.970601] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.189.161.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=38398 PROTO=TCP SPT=44553 DPT=80 WINDOW=18172 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:43:55.157Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:46:12 honeypot-fra-1 sshd[8110]: Received disconnect from 92.255.85.69 port 31464:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:46:12.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T05:48:17.920Z","@version":"1","message":"Sep 14 05:48:16 honeypot-sgp-1 sshd[12525]: Received disconnect from 128.199.118.93 port 49266:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:52:45 honeypot-ams-1 kernel: [84011348.730024] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.74.24.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=27562 PROTO=TCP SPT=6668 DPT=443 WINDOW=11324 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:52:46.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:58:47 honeypot-fra-1 sshd[8120]: Invalid user student1 from 94.153.212.78 port 53606","@timestamp":"2022-09-14T05:58:48.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:00:30 honeypot-fra-1 kernel: [84009651.734089] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=42770 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:00:31.118Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:02:48 honeypot-ams-1 kernel: [84011952.018837] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=34833 PROTO=TCP SPT=42104 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:02:49.655Z"}
{"@timestamp":"2022-09-14T06:03:38.333Z","@version":"1","message":"Sep 14 06:03:38 honeypot-sgp-1 kernel: [84011527.108286] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=865 PROTO=TCP SPT=55204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:05:16 honeypot-ams-1 sshd[18080]: Received disconnect from 143.244.158.100 port 39596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:05:17.722Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:06:17 honeypot-fra-1 kernel: [84009998.967985] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=33351 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:06:18.251Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:06:55 honeypot-fra-1 sshd[8231]: Disconnected from invalid user user 45.61.186.249 port 34338 [preauth]","@timestamp":"2022-09-14T06:06:56.268Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:13 honeypot-fra-1 sshd[8235]: Disconnected from invalid user user 45.61.186.249 port 57268 [preauth]","@timestamp":"2022-09-14T06:07:14.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:30 honeypot-fra-1 sshd[8239]: Disconnected from invalid user user 45.61.186.249 port 51990 [preauth]","@timestamp":"2022-09-14T06:07:31.285Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:07:34 honeypot-ams-1 sshd[18087]: Received disconnect from 175.126.38.54 port 51586:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:07:35.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:09:27 honeypot-ams-1 sshd[18093]: Received disconnect from 143.244.158.100 port 54204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:09:27.837Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:09:41 honeypot-fra-1 sshd[8243]: Disconnected from authenticating user root 92.255.85.69 port 52998 [preauth]","@timestamp":"2022-09-14T06:09:42.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:11:03 honeypot-ams-1 sshd[18098]: Disconnected from authenticating user root 143.244.158.100 port 48604 [preauth]","@timestamp":"2022-09-14T06:11:04.881Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:12:20 honeypot-ams-1 sshd[23797]: Disconnected from authenticating user root 92.255.85.69 port 47298 [preauth]","@timestamp":"2022-09-14T06:12:20.916Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:13:35 honeypot-fra-1 kernel: [84010436.660897] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=29005 PROTO=TCP SPT=55204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:13:35.450Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:14:02 honeypot-ams-1 sshd[23806]: Received disconnect from 35.222.227.227 port 41288:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:14:03.965Z"}
{"@timestamp":"2022-09-14T06:15:09.612Z","@version":"1","message":"Sep 14 06:15:08 honeypot-sgp-1 kernel: [84012217.723996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.248.6.38 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=60 ID=9183 PROTO=TCP SPT=42818 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:15:14 honeypot-ams-1 kernel: [84012697.357529] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=45058 PROTO=TCP SPT=55602 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:15:14.998Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:17:01 honeypot-ams-1 CRON[23818]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T06:17:02.049Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:17:25 honeypot-fra-1 kernel: [84010666.388092] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53787 PROTO=TCP SPT=55602 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:17:25.540Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:19:19 honeypot-ams-1 sshd[23825]: Received disconnect from 143.244.158.100 port 57504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:19:20.111Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:21:04 honeypot-ams-1 kernel: [84013048.085145] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.117.152.98 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=28610 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:21:05.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:21:46 honeypot-ams-1 sshd[23833]: Disconnected from authenticating user root 143.244.158.100 port 45244 [preauth]","@timestamp":"2022-09-14T06:21:47.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:24:15 honeypot-ams-1 sshd[23840]: Disconnected from authenticating user root 143.244.158.100 port 42638 [preauth]","@timestamp":"2022-09-14T06:24:16.245Z"}
{"@timestamp":"2022-09-14T06:25:05.864Z","@version":"1","message":"Sep 14 06:25:05 honeypot-sgp-1 CRON[12537]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:25:52 honeypot-ams-1 sshd[24017]: Received disconnect from 143.244.158.100 port 38218:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:25:53.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:27:31 honeypot-ams-1 sshd[24023]: Received disconnect from 143.244.158.100 port 42134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:27:31.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:29:10 honeypot-ams-1 sshd[24028]: Disconnected from authenticating user root 143.244.158.100 port 53212 [preauth]","@timestamp":"2022-09-14T06:29:10.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:30:09 honeypot-ams-1 sshd[24032]: Received disconnect from 143.244.158.100 port 47272:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:30:10.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:30:27 honeypot-fra-1 sshd[8390]: Connection closed by invalid user user1 103.188.176.251 port 37818 [preauth]","@timestamp":"2022-09-14T06:30:27.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:30:39.009Z","@version":"1","message":"Sep 14 06:30:38 honeypot-sgp-1 kernel: [84013147.643447] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=57994 PROTO=TCP SPT=49896 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:32:40 honeypot-ams-1 sshd[24038]: Received disconnect from 143.244.158.100 port 47204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:32:41.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:34:30 honeypot-fra-1 kernel: [84011692.177575] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.187.49 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18490 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:34:31.930Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:34:46 honeypot-ams-1 kernel: [84013869.369746] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=58286 PROTO=TCP SPT=56419 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:34:46.539Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:36:01 honeypot-ams-1 sshd[24049]: Disconnected from authenticating user root 143.244.158.100 port 41374 [preauth]","@timestamp":"2022-09-14T06:36:02.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:37:39 honeypot-ams-1 sshd[24053]: Disconnected from authenticating user root 143.244.158.100 port 56558 [preauth]","@timestamp":"2022-09-14T06:37:40.622Z"}
{"@timestamp":"2022-09-14T06:37:58.191Z","@version":"1","message":"Sep 14 06:37:57 honeypot-sgp-1 sshd[12693]: Invalid user user from 45.61.186.49 port 46866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:38:07.195Z","@version":"1","message":"Sep 14 06:38:06 honeypot-sgp-1 sshd[12697]: Connection closed by 45.61.186.49 port 58350 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:39:18 honeypot-ams-1 sshd[24062]: Received disconnect from 143.244.158.100 port 37764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:39:18.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:39:45 honeypot-fra-1 sshd[8398]: Invalid user jy from 178.62.29.96 port 47832","@timestamp":"2022-09-14T06:39:46.048Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:41:12.273Z","@version":"1","message":"Sep 14 06:41:12 honeypot-sgp-1 sshd[12702]: Received disconnect from 45.61.186.49 port 45898:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:41:22.279Z","@version":"1","message":"Sep 14 06:41:21 honeypot-sgp-1 sshd[12706]: Received disconnect from 45.61.186.49 port 57488:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:41:46 honeypot-ams-1 sshd[24068]: Received disconnect from 143.244.158.100 port 42880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:41:46.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:44:14 honeypot-ams-1 sshd[24075]: Received disconnect from 143.244.158.100 port 54462:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:44:14.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:46:39 honeypot-ams-1 sshd[24081]: Received disconnect from 143.244.158.100 port 50372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:46:39.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:47:38 honeypot-fra-1 sshd[8403]: Received disconnect from 165.22.45.108 port 36730:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:47:38.222Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:48:18 honeypot-ams-1 sshd[24085]: Received disconnect from 143.244.158.100 port 42888:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:48:18.913Z"}
{"@timestamp":"2022-09-14T06:53:31.583Z","@version":"1","message":"Sep 14 06:53:31 honeypot-sgp-1 sshd[12716]: Disconnected from authenticating user root 103.9.36.69 port 52564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:55:40.639Z","@version":"1","message":"Sep 14 06:55:39 honeypot-sgp-1 sshd[12723]: Received disconnect from 164.90.195.134 port 54836:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:59:17.729Z","@version":"1","message":"Sep 14 06:59:16 honeypot-sgp-1 sshd[12823]: Invalid user admin from 51.83.44.100 port 39440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:59:18 honeypot-ams-1 sshd[24089]: Received disconnect from 92.255.85.69 port 40862:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:59:19.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:59:26 honeypot-fra-1 sshd[8408]: Disconnected from invalid user csgo 206.189.128.17 port 42440 [preauth]","@timestamp":"2022-09-14T06:59:27.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:06:02 honeypot-fra-1 sshd[8413]: Disconnected from invalid user admin 195.24.148.206 port 64875 [preauth]","@timestamp":"2022-09-14T07:06:02.638Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:09:55.994Z","@version":"1","message":"Sep 14 07:09:55 honeypot-sgp-1 kernel: [84015504.376877] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.176 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=51951 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:11:58 honeypot-fra-1 sshd[8420]: Did not receive identification string from 141.255.162.226 port 49248","@timestamp":"2022-09-14T07:11:58.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:14 honeypot-fra-1 sshd[8423]: Disconnected from invalid user user 141.255.162.226 port 60574 [preauth]","@timestamp":"2022-09-14T07:12:14.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:16 honeypot-fra-1 sshd[8426]: Disconnected from invalid user user 141.255.162.226 port 54250 [preauth]","@timestamp":"2022-09-14T07:12:16.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:21 honeypot-fra-1 sshd[8431]: Disconnected from invalid user user 141.255.162.226 port 51314 [preauth]","@timestamp":"2022-09-14T07:12:21.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:16:59 honeypot-fra-1 sshd[8436]: Received disconnect from 178.128.116.50 port 42470:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:16:59.894Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:17:01 honeypot-ams-1 CRON[24093]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T07:17:01.646Z"}
{"@timestamp":"2022-09-14T07:17:03.168Z","@version":"1","message":"Sep 14 07:17:02 honeypot-sgp-1 sshd[12831]: Received disconnect from 45.61.186.49 port 42294:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:11.171Z","@version":"1","message":"Sep 14 07:17:10 honeypot-sgp-1 sshd[12838]: Received disconnect from 45.61.186.49 port 53492:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:41.186Z","@version":"1","message":"Sep 14 07:17:40 honeypot-sgp-1 sshd[12842]: Received disconnect from 92.255.85.69 port 51462:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:18:34 honeypot-fra-1 sshd[8444]: Invalid user  from 152.32.249.159 port 41148","@timestamp":"2022-09-14T07:18:34.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:20:22 honeypot-fra-1 sshd[8448]: Received disconnect from 92.255.85.69 port 34424:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:20:22.977Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:20:57 honeypot-ams-1 sshd[24099]: Disconnected from authenticating user root 46.19.141.122 port 44258 [preauth]","@timestamp":"2022-09-14T07:20:57.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:46 honeypot-ams-1 sshd[24104]: Received disconnect from 46.19.141.122 port 51526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:21:46.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:56 honeypot-ams-1 sshd[24108]: Received disconnect from 198.98.61.9 port 34994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:21:56.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:07 honeypot-ams-1 sshd[24113]: Received disconnect from 46.19.141.122 port 55170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:22:07.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:22 honeypot-ams-1 sshd[24117]: Received disconnect from 198.98.61.9 port 42002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:22:22.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:38 honeypot-ams-1 sshd[24121]: Invalid user user from 198.98.61.9 port 37262","@timestamp":"2022-09-14T07:22:38.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:13 honeypot-ams-1 sshd[24125]: Disconnected from authenticating user root 92.255.85.70 port 44176 [preauth]","@timestamp":"2022-09-14T07:23:13.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:46 honeypot-ams-1 sshd[24129]: Disconnected from invalid user ubnt 46.19.141.122 port 37862 [preauth]","@timestamp":"2022-09-14T07:23:46.838Z"}
{"@timestamp":"2022-09-14T07:23:57.339Z","@version":"1","message":"Sep 14 07:23:56 honeypot-sgp-1 sshd[12845]: Disconnected from invalid user infusion-stoked 139.59.188.13 port 57354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:24:47 honeypot-ams-1 sshd[24135]: Received disconnect from 46.19.141.122 port 45174:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:24:48.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:35:27 honeypot-fra-1 sshd[8451]: Received disconnect from 167.99.55.86 port 54236:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:35:27.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:38:37 honeypot-fra-1 sshd[8456]: Connection closed by invalid user test 193.106.191.157 port 39596 [preauth]","@timestamp":"2022-09-14T07:38:37.382Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:38:41.697Z","@version":"1","message":"Sep 14 07:38:40 honeypot-sgp-1 sshd[12849]: Disconnected from invalid user user 141.255.162.226 port 40324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:48.702Z","@version":"1","message":"Sep 14 07:38:48 honeypot-sgp-1 sshd[12855]: Invalid user user from 141.255.162.226 port 56048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:40:24 honeypot-ams-1 sshd[24141]: Received disconnect from 59.3.76.218 port 37880:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:40:25.266Z"}
{"@timestamp":"2022-09-14T07:41:12.760Z","@version":"1","message":"Sep 14 07:41:11 honeypot-sgp-1 sshd[12861]: Received disconnect from 92.255.85.70 port 26580:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:44:28 honeypot-fra-1 sshd[8463]: Disconnected from authenticating user root 92.255.85.69 port 40420 [preauth]","@timestamp":"2022-09-14T07:44:28.516Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:46:38 honeypot-ams-1 sshd[24146]: Received disconnect from 92.255.85.69 port 42028:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:46:39.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:49:42 honeypot-fra-1 sshd[8468]: Received disconnect from 161.35.109.221 port 42444:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:49:42.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:10 honeypot-ams-1 sshd[24221]: Invalid user user from 45.61.184.204 port 52324","@timestamp":"2022-09-14T07:53:10.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:30 honeypot-ams-1 sshd[24226]: Invalid user user from 45.61.184.204 port 48304","@timestamp":"2022-09-14T07:53:31.608Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:51 honeypot-ams-1 sshd[24230]: Invalid user user from 45.61.184.204 port 44156","@timestamp":"2022-09-14T07:53:51.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:54:09 honeypot-ams-1 sshd[24234]: Invalid user user from 45.61.184.204 port 40104","@timestamp":"2022-09-14T07:54:09.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:57:19 honeypot-ams-1 sshd[24238]: Received disconnect from 204.48.30.72 port 54870:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:57:19.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:58:27 honeypot-fra-1 kernel: [84016728.367980] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.96.184.220 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=1053 PROTO=TCP SPT=12325 DPT=80 WINDOW=23621 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:58:27.836Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T08:03:54.306Z","@version":"1","message":"Sep 14 08:03:53 honeypot-sgp-1 sshd[12865]: Unable to negotiate with 211.24.73.92 port 52410: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:04:57 honeypot-ams-1 kernel: [84019280.439426] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37164 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:04:57.914Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:05:15 honeypot-fra-1 sshd[8476]: Received disconnect from 103.176.21.55 port 36904:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:05:15.995Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:13:28.542Z","@version":"1","message":"Sep 14 08:13:28 honeypot-sgp-1 sshd[12872]: Disconnected from authenticating user root 51.83.71.70 port 51394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:14:37 honeypot-ams-1 kernel: [84019860.209173] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.86.37.37 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54543 PROTO=TCP SPT=53651 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:14:37.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:14:55 honeypot-ams-1 sshd[24251]: Received disconnect from 45.61.186.49 port 38672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:14:56.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:15:04 honeypot-ams-1 sshd[24255]: Received disconnect from 45.61.186.49 port 49980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:15:05.183Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:18:14 honeypot-ams-1 kernel: [84020077.249758] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=93.159.145.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=60506 DF PROTO=TCP SPT=50711 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:18:14.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:55 honeypot-ams-1 sshd[24266]: Received disconnect from 141.255.162.226 port 46052:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:18:56.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:59 honeypot-ams-1 sshd[24270]: Received disconnect from 141.255.162.226 port 33562:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:18:59.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:19:02 honeypot-ams-1 sshd[24274]: Received disconnect from 141.255.162.226 port 49300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:19:03.295Z"}
{"@timestamp":"2022-09-14T08:20:26.713Z","@version":"1","message":"Sep 14 08:20:26 honeypot-sgp-1 sshd[12897]: Disconnected from invalid user redis 34.93.196.224 port 60444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:06 honeypot-ams-1 sshd[24280]: Invalid user user from 45.61.186.169 port 56258","@timestamp":"2022-09-14T08:21:06.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:22 honeypot-ams-1 sshd[24284]: Invalid user user from 45.61.186.169 port 50974","@timestamp":"2022-09-14T08:21:23.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:38 honeypot-ams-1 sshd[24288]: Invalid user user from 45.61.186.169 port 45696","@timestamp":"2022-09-14T08:21:39.369Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:22:25 honeypot-ams-1 kernel: [84020328.581729] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.126.67 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=44496 PROTO=TCP SPT=20000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:22:26.391Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:23:19 honeypot-fra-1 sshd[8502]: Invalid user kundert from 165.22.45.108 port 46616","@timestamp":"2022-09-14T08:23:19.400Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:26:32.863Z","@version":"1","message":"Sep 14 08:26:32 honeypot-sgp-1 sshd[12921]: Disconnected from invalid user godzilla 217.67.121.75 port 10888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:28:28.914Z","@version":"1","message":"Sep 14 08:28:28 honeypot-sgp-1 sshd[12927]: Invalid user standard from 155.0.68.5 port 41466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:28:57 honeypot-fra-1 sshd[8505]: Connection closed by invalid user test 193.106.191.157 port 41918 [preauth]","@timestamp":"2022-09-14T08:28:57.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:34:14.059Z","@version":"1","message":"Sep 14 08:34:13 honeypot-sgp-1 kernel: [84020561.984413] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14775 PROTO=TCP SPT=38035 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:34:21 honeypot-ams-1 sshd[24315]: Disconnected from authenticating user root 77.109.16.42 port 31202 [preauth]","@timestamp":"2022-09-14T08:34:22.697Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:36:06 honeypot-fra-1 kernel: [84018987.667705] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=3931 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:36:07.697Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:20 honeypot-ams-1 sshd[24320]: Disconnected from invalid user zxvf 69.250.26.126 port 57846 [preauth]","@timestamp":"2022-09-14T08:38:20.799Z"}
{"@timestamp":"2022-09-14T08:38:36.172Z","@version":"1","message":"Sep 14 08:38:36 honeypot-sgp-1 sshd[12935]: Received disconnect from 141.255.162.226 port 34880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:36 honeypot-ams-1 sshd[24325]: Received disconnect from 141.255.162.226 port 33528:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:38:37.809Z"}
{"@timestamp":"2022-09-14T08:38:40.175Z","@version":"1","message":"Sep 14 08:38:40 honeypot-sgp-1 sshd[12937]: Received disconnect from 141.255.162.226 port 50480:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:39 honeypot-ams-1 sshd[24329]: Received disconnect from 141.255.162.226 port 56928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:38:40.812Z"}
{"@timestamp":"2022-09-14T08:38:41.176Z","@version":"1","message":"Sep 14 08:38:40 honeypot-sgp-1 sshd[12941]: Disconnected from invalid user user 141.255.162.226 port 58278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:40:44 honeypot-ams-1 kernel: [84021427.437282] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=45003 PROTO=TCP SPT=43020 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:40:44.866Z"}
{"@timestamp":"2022-09-14T08:44:30.323Z","@version":"1","message":"Sep 14 08:44:30 honeypot-sgp-1 kernel: [84021179.084412] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.148.206 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=23484 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:52:02.513Z","@version":"1","message":"Sep 14 08:52:01 honeypot-sgp-1 sshd[12952]: Disconnected from invalid user sampler2 103.240.110.130 port 36218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:54:45 honeypot-fra-1 sshd[8517]: Received disconnect from 92.255.85.70 port 49816:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:54:46.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:56:43 honeypot-ams-1 kernel: [84022387.103339] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.162.207.84 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=62471 PROTO=TCP SPT=39135 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:56:44.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:10:25 honeypot-fra-1 kernel: [84021046.389078] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=47112 PROTO=TCP SPT=46003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:10:26.490Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T09:11:01.992Z","@version":"1","message":"Sep 14 09:11:01 honeypot-sgp-1 sshd[12959]: Invalid user admin from 222.122.82.135 port 37561","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:11:05 honeypot-fra-1 sshd[8524]: Disconnected from invalid user kundert 165.22.45.108 port 51550 [preauth]","@timestamp":"2022-09-14T09:11:06.508Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:13:11 honeypot-ams-1 sshd[24347]: Received disconnect from 204.48.30.72 port 47376:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:13:11.694Z"}
{"@timestamp":"2022-09-14T09:15:50.113Z","@version":"1","message":"Sep 14 09:15:49 honeypot-sgp-1 sshd[12964]: Received disconnect from 197.248.2.229 port 57156:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:21:10 honeypot-ams-1 sshd[24354]: Received disconnect from 92.255.85.69 port 45700:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:21:10.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:22:42 honeypot-fra-1 kernel: [84021782.997425] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.68 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=45842 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:22:42.774Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T09:23:14.300Z","@version":"1","message":"Sep 14 09:23:14 honeypot-sgp-1 kernel: [84023502.889254] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.254 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35730 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:24:32 honeypot-ams-1 kernel: [84024055.805109] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14525 PROTO=TCP SPT=58928 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:24:32.992Z"}
{"@timestamp":"2022-09-14T09:26:57.398Z","@version":"1","message":"Sep 14 09:26:57 honeypot-sgp-1 kernel: [84023726.110760] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.67.229.64 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55319 DF PROTO=TCP SPT=50274 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T09:29:23.461Z","@version":"1","message":"Sep 14 09:29:22 honeypot-sgp-1 sshd[12977]: Connection closed by invalid user admin 178.128.125.205 port 46944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:29:37 honeypot-ams-1 sshd[24360]: Received disconnect from 80.76.51.189 port 57780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:29:38.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:30:28 honeypot-ams-1 sshd[24364]: Disconnected from authenticating user root 80.76.51.189 port 35922 [preauth]","@timestamp":"2022-09-14T09:30:29.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:31:44 honeypot-ams-1 sshd[24370]: Disconnected from authenticating user root 80.76.51.189 port 45668 [preauth]","@timestamp":"2022-09-14T09:31:45.188Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:32:18 honeypot-fra-1 sshd[8537]: Received disconnect from 165.227.195.34 port 53358:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:32:18.990Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:33:05 honeypot-ams-1 sshd[24376]: Received disconnect from 80.76.51.189 port 55392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:33:06.226Z"}
{"@timestamp":"2022-09-14T09:33:37.566Z","@version":"1","message":"Sep 14 09:33:37 honeypot-sgp-1 sshd[12983]: Disconnected from authenticating user root 96.84.149.98 port 44414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:34:01 honeypot-ams-1 sshd[24380]: Disconnected from authenticating user root 80.76.51.189 port 33654 [preauth]","@timestamp":"2022-09-14T09:34:01.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:34:57 honeypot-ams-1 sshd[24385]: Disconnected from invalid user admin 80.76.51.189 port 40138 [preauth]","@timestamp":"2022-09-14T09:34:57.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:35:52 honeypot-ams-1 sshd[24389]: Disconnected from invalid user ansible 80.76.51.189 port 46626 [preauth]","@timestamp":"2022-09-14T09:35:53.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:36:48 honeypot-ams-1 sshd[24393]: Disconnected from invalid user ansible 80.76.51.189 port 53114 [preauth]","@timestamp":"2022-09-14T09:36:49.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:38:13 honeypot-ams-1 sshd[24399]: Received disconnect from 80.76.51.189 port 34624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:38:14.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:39:12 honeypot-ams-1 sshd[24403]: Received disconnect from 80.76.51.189 port 41104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:39:12.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:40:43 honeypot-ams-1 sshd[24410]: Invalid user odoo from 80.76.51.189 port 50836","@timestamp":"2022-09-14T09:40:43.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:41:44 honeypot-ams-1 sshd[24414]: Received disconnect from 80.76.51.189 port 57340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:41:44.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:43:18 honeypot-fra-1 sshd[8542]: Received disconnect from 159.223.22.132 port 40026:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:43:19.237Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:44:54.850Z","@version":"1","message":"Sep 14 09:44:54 honeypot-sgp-1 sshd[12991]: Invalid user osm from 159.89.29.240 port 39126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:46:06 honeypot-ams-1 kernel: [84025350.097801] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5204 PROTO=TCP SPT=59380 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:46:07.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:49:09 honeypot-fra-1 sshd[8549]: Received disconnect from 103.221.223.250 port 33152:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:49:10.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:51:02 honeypot-ams-1 sshd[24420]: Received disconnect from 64.227.126.250 port 53942:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:51:02.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:53:57 honeypot-fra-1 sshd[8555]: Invalid user damien from 161.35.102.143 port 53314","@timestamp":"2022-09-14T09:53:58.505Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:55:06.106Z","@version":"1","message":"Sep 14 09:55:05 honeypot-sgp-1 kernel: [84025414.160419] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45306 PROTO=TCP SPT=34711 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:55:13 honeypot-ams-1 sshd[24425]: Disconnected from invalid user vnc 34.126.78.62 port 54392 [preauth]","@timestamp":"2022-09-14T09:55:14.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:59:28 honeypot-fra-1 sshd[8560]: Received disconnect from 165.22.45.108 port 56492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:59:29.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:01:17 honeypot-fra-1 sshd[8567]: Disconnected from authenticating user root 179.43.145.74 port 33178 [preauth]","@timestamp":"2022-09-14T10:01:17.699Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:02:57.302Z","@version":"1","message":"Sep 14 10:02:56 honeypot-sgp-1 sshd[13001]: Invalid user prueba from 189.50.97.12 port 20374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:03:15 honeypot-fra-1 sshd[8573]: Disconnected from authenticating user root 179.43.145.74 port 39894 [preauth]","@timestamp":"2022-09-14T10:03:15.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:10:30 honeypot-fra-1 sshd[8580]: Invalid user gogs from 24.194.231.208 port 38776","@timestamp":"2022-09-14T10:10:30.910Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:10:46 honeypot-ams-1 sshd[24432]: Received disconnect from 146.190.60.149 port 48764:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:10:46.228Z"}
{"@timestamp":"2022-09-14T10:10:47.503Z","@version":"1","message":"Sep 14 10:10:46 honeypot-sgp-1 kernel: [84026355.425628] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=65139 DF PROTO=TCP SPT=61015 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:12:45 honeypot-fra-1 sshd[8584]: Disconnected from authenticating user root 61.177.173.36 port 31094 [preauth]","@timestamp":"2022-09-14T10:12:45.963Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:15:08.616Z","@version":"1","message":"Sep 14 10:15:07 honeypot-sgp-1 sshd[13010]: Received disconnect from 61.177.173.37 port 53625:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:18:19.699Z","@version":"1","message":"Sep 14 10:18:18 honeypot-sgp-1 kernel: [84026807.724814] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.31 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=40198 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:19:39 honeypot-fra-1 sshd[8594]: Received disconnect from 61.177.173.50 port 51453:11:  [preauth]","@timestamp":"2022-09-14T10:19:40.124Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:20:23 honeypot-ams-1 kernel: [84027407.018996] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=32920 DF PROTO=TCP SPT=33944 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:20:24.475Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:24:25 honeypot-fra-1 sshd[8599]: Disconnected from authenticating user root 125.164.18.96 port 26919 [preauth]","@timestamp":"2022-09-14T10:24:26.234Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:24:49.870Z","@version":"1","message":"Sep 14 10:24:49 honeypot-sgp-1 sshd[13023]: Disconnected from 61.177.173.35 port 35463 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:27:30.944Z","@version":"1","message":"Sep 14 10:27:30 honeypot-sgp-1 sshd[13027]: Disconnected from authenticating user root 61.177.173.51 port 35063 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:28:40 honeypot-fra-1 sshd[8607]: Invalid user admin from 183.107.114.23 port 47855","@timestamp":"2022-09-14T10:28:41.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:31:15 honeypot-ams-1 sshd[24441]: Received disconnect from 92.255.85.70 port 48300:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:31:15.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:33:05 honeypot-fra-1 kernel: [84026006.320158] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=51527 PROTO=TCP SPT=15127 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:33:06.435Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T10:37:49.209Z","@version":"1","message":"Sep 14 10:37:48 honeypot-sgp-1 sshd[13033]: Disconnected from authenticating user root 61.177.173.36 port 38772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:38:35 honeypot-fra-1 sshd[8615]: Disconnected from authenticating user root 61.177.172.90 port 23576 [preauth]","@timestamp":"2022-09-14T10:38:36.562Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:39:42 honeypot-ams-1 sshd[24444]: Invalid user vu from 206.189.233.82 port 57092","@timestamp":"2022-09-14T10:39:42.997Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:41:57 honeypot-ams-1 kernel: [84028700.310781] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.49.120 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=4558 DF PROTO=TCP SPT=62067 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:41:58.062Z"}
{"@timestamp":"2022-09-14T10:43:38.381Z","@version":"1","message":"Sep 14 10:43:37 honeypot-sgp-1 sshd[13042]: Disconnected from authenticating user root 61.177.173.49 port 55087 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:49:01 honeypot-fra-1 sshd[8621]: Disconnected from authenticating user root 61.177.173.47 port 11654 [preauth]","@timestamp":"2022-09-14T10:49:01.817Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:06 honeypot-ams-1 sshd[24451]: Received disconnect from 171.110.164.56 port 50952:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:06.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:10 honeypot-ams-1 sshd[24455]: Disconnected from authenticating user root 171.110.164.56 port 50062 [preauth]","@timestamp":"2022-09-14T10:49:10.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:16 honeypot-ams-1 sshd[24461]: Disconnected from authenticating user root 171.110.164.56 port 50100 [preauth]","@timestamp":"2022-09-14T10:49:16.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:21 honeypot-ams-1 sshd[24467]: Disconnected from authenticating user root 171.110.164.56 port 52142 [preauth]","@timestamp":"2022-09-14T10:49:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:27 honeypot-ams-1 sshd[24473]: Disconnected from authenticating user root 171.110.164.56 port 56148 [preauth]","@timestamp":"2022-09-14T10:49:28.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:33 honeypot-ams-1 sshd[24479]: Disconnected from authenticating user root 171.110.164.56 port 56168 [preauth]","@timestamp":"2022-09-14T10:49:34.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:39 honeypot-ams-1 sshd[24485]: Disconnected from authenticating user root 171.110.164.56 port 59716 [preauth]","@timestamp":"2022-09-14T10:49:40.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:45 honeypot-ams-1 sshd[24491]: Disconnected from authenticating user root 171.110.164.56 port 59732 [preauth]","@timestamp":"2022-09-14T10:49:46.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:51 honeypot-ams-1 sshd[24497]: Disconnected from authenticating user root 171.110.164.56 port 57798 [preauth]","@timestamp":"2022-09-14T10:49:52.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:58 honeypot-ams-1 sshd[24503]: Disconnected from authenticating user root 171.110.164.56 port 43856 [preauth]","@timestamp":"2022-09-14T10:49:59.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:04 honeypot-ams-1 sshd[24509]: Disconnected from authenticating user root 171.110.164.56 port 43884 [preauth]","@timestamp":"2022-09-14T10:50:05.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:10 honeypot-ams-1 sshd[24515]: Disconnected from authenticating user root 171.110.164.56 port 34182 [preauth]","@timestamp":"2022-09-14T10:50:11.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:16 honeypot-ams-1 sshd[24521]: Received disconnect from 171.110.164.56 port 34218:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:17.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:20 honeypot-ams-1 sshd[24525]: Received disconnect from 171.110.164.56 port 39464:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:21.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:24 honeypot-ams-1 sshd[24529]: Received disconnect from 171.110.164.56 port 39490:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:25.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:28 honeypot-ams-1 sshd[24533]: Received disconnect from 171.110.164.56 port 37634:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:29.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:32 honeypot-ams-1 sshd[24537]: Received disconnect from 171.110.164.56 port 37646:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:33.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:36 honeypot-ams-1 sshd[24541]: Received disconnect from 171.110.164.56 port 37662:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:37.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:42 honeypot-ams-1 sshd[24547]: Invalid user pi from 171.110.164.56 port 60848","@timestamp":"2022-09-14T10:50:43.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:46 honeypot-ams-1 sshd[24551]: Invalid user user from 171.110.164.56 port 60880","@timestamp":"2022-09-14T10:50:47.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:51 honeypot-ams-1 sshd[24555]: Invalid user mine from 171.110.164.56 port 49906","@timestamp":"2022-09-14T10:50:51.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:55 honeypot-ams-1 sshd[24559]: Invalid user xbmc from 171.110.164.56 port 49926","@timestamp":"2022-09-14T10:50:55.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:59 honeypot-ams-1 sshd[24563]: Invalid user oracle from 171.110.164.56 port 58928","@timestamp":"2022-09-14T10:50:59.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:03 honeypot-ams-1 sshd[24567]: Invalid user postgres from 171.110.164.56 port 58944","@timestamp":"2022-09-14T10:51:03.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:06 honeypot-ams-1 sshd[24571]: Invalid user support from 171.110.164.56 port 58958","@timestamp":"2022-09-14T10:51:07.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:10 honeypot-ams-1 sshd[24575]: Invalid user ubuntu from 171.110.164.56 port 51524","@timestamp":"2022-09-14T10:51:11.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:14 honeypot-ams-1 sshd[24579]: Invalid user ubuntu from 171.110.164.56 port 51536","@timestamp":"2022-09-14T10:51:15.329Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:51:17 honeypot-ams-1 kernel: [84029260.421177] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=223.87.167.109 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=9722 PROTO=TCP SPT=31411 DPT=443 WINDOW=29764 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:51:18.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:21 honeypot-ams-1 sshd[24585]: Disconnected from invalid user test 171.110.164.56 port 53704 [preauth]","@timestamp":"2022-09-14T10:51:21.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:25 honeypot-ams-1 sshd[24589]: Disconnected from invalid user cirros 171.110.164.56 port 53720 [preauth]","@timestamp":"2022-09-14T10:51:25.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:55:41 honeypot-fra-1 kernel: [84027361.798507] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=55043 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:55:41.975Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T10:56:39.709Z","@version":"1","message":"Sep 14 10:56:39 honeypot-sgp-1 kernel: [84029108.394026] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=50539 PROTO=TCP SPT=52508 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:57:57 honeypot-ams-1 sshd[24594]: Received disconnect from 183.144.121.209 port 48370:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:57:58.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:01 honeypot-ams-1 sshd[24598]: Disconnected from invalid user ubnt 183.144.121.209 port 48616 [preauth]","@timestamp":"2022-09-14T10:58:02.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:07 honeypot-ams-1 sshd[24604]: Disconnected from authenticating user root 183.144.121.209 port 48944 [preauth]","@timestamp":"2022-09-14T10:58:08.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:13 honeypot-ams-1 sshd[24610]: Disconnected from authenticating user root 183.144.121.209 port 49290 [preauth]","@timestamp":"2022-09-14T10:58:14.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:19 honeypot-ams-1 sshd[24616]: Disconnected from authenticating user root 183.144.121.209 port 49616 [preauth]","@timestamp":"2022-09-14T10:58:19.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:25 honeypot-ams-1 sshd[24622]: Disconnected from authenticating user root 183.144.121.209 port 49950 [preauth]","@timestamp":"2022-09-14T10:58:25.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:30 honeypot-ams-1 sshd[24628]: Disconnected from authenticating user root 183.144.121.209 port 50278 [preauth]","@timestamp":"2022-09-14T10:58:31.524Z"}
{"@timestamp":"2022-09-14T10:58:34.778Z","@version":"1","message":"Sep 14 10:58:33 honeypot-sgp-1 sshd[13055]: Received disconnect from 45.61.184.204 port 48382:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:36 honeypot-ams-1 sshd[24634]: Disconnected from authenticating user root 183.144.121.209 port 50572 [preauth]","@timestamp":"2022-09-14T10:58:37.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:42 honeypot-ams-1 sshd[24640]: Disconnected from authenticating user root 183.144.121.209 port 50892 [preauth]","@timestamp":"2022-09-14T10:58:42.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:46 honeypot-ams-1 sshd[24647]: Disconnected from authenticating user root 183.144.121.209 port 51100 [preauth]","@timestamp":"2022-09-14T10:58:46.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:51 honeypot-ams-1 sshd[24653]: Disconnected from authenticating user root 183.144.121.209 port 51434 [preauth]","@timestamp":"2022-09-14T10:58:52.537Z"}
{"@timestamp":"2022-09-14T10:58:54.788Z","@version":"1","message":"Sep 14 10:58:53 honeypot-sgp-1 sshd[13059]: Received disconnect from 45.61.184.204 port 43384:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:57 honeypot-ams-1 sshd[24659]: Disconnected from authenticating user root 183.144.121.209 port 51748 [preauth]","@timestamp":"2022-09-14T10:58:58.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:03 honeypot-ams-1 sshd[24665]: Disconnected from authenticating user root 183.144.121.209 port 52076 [preauth]","@timestamp":"2022-09-14T10:59:03.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:07 honeypot-fra-1 sshd[8631]: Received disconnect from 141.255.162.226 port 60656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:59:08.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:08 honeypot-ams-1 sshd[24671]: Invalid user admin from 183.144.121.209 port 52390","@timestamp":"2022-09-14T10:59:09.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:11 honeypot-fra-1 sshd[8635]: Received disconnect from 141.255.162.226 port 52554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:59:12.058Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:12 honeypot-ams-1 sshd[24675]: Invalid user admin from 183.144.121.209 port 52604","@timestamp":"2022-09-14T10:59:12.549Z"}
{"@timestamp":"2022-09-14T10:59:12.798Z","@version":"1","message":"Sep 14 10:59:12 honeypot-sgp-1 sshd[13063]: Received disconnect from 45.61.184.204 port 38376:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:13 honeypot-fra-1 sshd[8639]: Received disconnect from 141.255.162.226 port 59266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:59:14.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:16 honeypot-ams-1 sshd[24679]: Invalid user admin from 183.144.121.209 port 52812","@timestamp":"2022-09-14T10:59:16.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:20 honeypot-ams-1 sshd[24683]: Invalid user admin from 183.144.121.209 port 53022","@timestamp":"2022-09-14T10:59:20.556Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:24 honeypot-ams-1 sshd[24687]: Invalid user admin from 183.144.121.209 port 53226","@timestamp":"2022-09-14T10:59:24.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:28 honeypot-ams-1 sshd[24691]: Received disconnect from 183.144.121.209 port 53436:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:28.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:32 honeypot-ams-1 sshd[24695]: Disconnected from invalid user pi 183.144.121.209 port 53646 [preauth]","@timestamp":"2022-09-14T10:59:32.563Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:35 honeypot-ams-1 sshd[24699]: Disconnected from invalid user user 183.144.121.209 port 53838 [preauth]","@timestamp":"2022-09-14T10:59:36.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:39 honeypot-ams-1 sshd[24703]: Disconnected from invalid user mine 183.144.121.209 port 54014 [preauth]","@timestamp":"2022-09-14T10:59:40.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:43 honeypot-ams-1 sshd[24708]: Disconnected from invalid user xbmc 183.144.121.209 port 54230 [preauth]","@timestamp":"2022-09-14T10:59:44.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:47 honeypot-ams-1 sshd[24712]: Disconnected from invalid user oracle 183.144.121.209 port 54432 [preauth]","@timestamp":"2022-09-14T10:59:47.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:51 honeypot-ams-1 sshd[24716]: Disconnected from invalid user postgres 183.144.121.209 port 54646 [preauth]","@timestamp":"2022-09-14T10:59:51.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:55 honeypot-ams-1 sshd[24720]: Disconnected from invalid user support 183.144.121.209 port 54840 [preauth]","@timestamp":"2022-09-14T10:59:55.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:58 honeypot-ams-1 sshd[24724]: Disconnected from invalid user ubuntu 183.144.121.209 port 55042 [preauth]","@timestamp":"2022-09-14T10:59:59.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:02 honeypot-ams-1 sshd[24728]: Disconnected from invalid user ubuntu 183.144.121.209 port 55262 [preauth]","@timestamp":"2022-09-14T11:00:03.583Z"}
{"@timestamp":"2022-09-14T11:00:04.821Z","@version":"1","message":"Sep 14 11:00:04 honeypot-sgp-1 sshd[13069]: Received disconnect from 61.177.173.51 port 61586:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:06 honeypot-ams-1 sshd[24732]: Disconnected from invalid user guest 183.144.121.209 port 55446 [preauth]","@timestamp":"2022-09-14T11:00:06.587Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:10 honeypot-ams-1 sshd[24736]: Disconnected from invalid user cirros 183.144.121.209 port 55648 [preauth]","@timestamp":"2022-09-14T11:00:10.589Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:00:12 honeypot-fra-1 sshd[8644]: Disconnected from authenticating user root 61.177.173.51 port 44983 [preauth]","@timestamp":"2022-09-14T11:00:13.082Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:00:17.828Z","@version":"1","message":"Sep 14 11:00:17 honeypot-sgp-1 sshd[13075]: Received disconnect from 45.61.186.249 port 36832:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:36.839Z","@version":"1","message":"Sep 14 11:00:35 honeypot-sgp-1 sshd[13079]: Received disconnect from 45.61.186.249 port 60016:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:54.847Z","@version":"1","message":"Sep 14 11:00:54 honeypot-sgp-1 sshd[13083]: Received disconnect from 45.61.186.249 port 54958:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:03:21.910Z","@version":"1","message":"Sep 14 11:03:21 honeypot-sgp-1 sshd[13089]: Received disconnect from 85.154.238.58 port 42950:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8662]: Invalid user test from 34.71.244.4 port 41316","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8673]: Invalid user momo from 34.71.244.4 port 41342","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8687]: Invalid user chia from 34.71.244.4 port 41468","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8676]: Invalid user ts3 from 34.71.244.4 port 41384","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8668]: Invalid user user from 34.71.244.4 port 41368","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8659]: Connection closed by invalid user ansible 34.71.244.4 port 41296 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8678]: Connection closed by authenticating user root 34.71.244.4 port 41410 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8665]: Connection closed by invalid user oracle 34.71.244.4 port 41360 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8689]: Connection closed by authenticating user root 34.71.244.4 port 41512 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8730]: Invalid user chia from 197.5.145.54 port 55372","@timestamp":"2022-09-14T11:11:10.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8732]: Invalid user es from 197.5.145.54 port 55374","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8738]: Connection closed by invalid user user 197.5.145.54 port 55379 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8733]: Connection closed by authenticating user root 197.5.145.54 port 55375 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:12:59 honeypot-fra-1 sshd[8755]: Disconnected from authenticating user root 61.177.173.36 port 43504 [preauth]","@timestamp":"2022-09-14T11:13:00.389Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:13:02.146Z","@version":"1","message":"Sep 14 11:13:01 honeypot-sgp-1 sshd[13097]: Invalid user user from 45.61.186.249 port 42734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:21.155Z","@version":"1","message":"Sep 14 11:13:20 honeypot-sgp-1 sshd[13101]: Invalid user user from 45.61.186.249 port 37942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:38.164Z","@version":"1","message":"Sep 14 11:13:37 honeypot-sgp-1 sshd[13105]: Invalid user user from 45.61.186.249 port 33140","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:47.169Z","@version":"1","message":"Sep 14 11:13:46 honeypot-sgp-1 sshd[13107]: Disconnected from invalid user user 45.61.186.249 port 44860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:13:53 honeypot-ams-1 sshd[24741]: Disconnected from authenticating user root 129.159.63.83 port 37155 [preauth]","@timestamp":"2022-09-14T11:13:53.936Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:17:01 honeypot-fra-1 CRON[8762]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T11:17:01.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:23 honeypot-ams-1 sshd[24749]: Did not receive identification string from 141.255.162.226 port 46324","@timestamp":"2022-09-14T11:17:24.028Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:46 honeypot-ams-1 sshd[24754]: Invalid user user from 141.255.162.226 port 44496","@timestamp":"2022-09-14T11:17:47.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:48 honeypot-ams-1 sshd[24758]: Invalid user user from 141.255.162.226 port 58960","@timestamp":"2022-09-14T11:17:49.041Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:17:50 honeypot-ams-1 kernel: [84030853.602250] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60862 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:17:51.043Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8771]: Invalid user test from 175.24.188.217 port 34494","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8781]: Invalid user ubuntu from 175.24.188.217 port 34438","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8788]: Invalid user admin from 175.24.188.217 port 34462","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8795]: Invalid user user from 175.24.188.217 port 34454","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8769]: Connection closed by authenticating user root 175.24.188.217 port 34422 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8778]: Connection closed by invalid user elasticsearch 175.24.188.217 port 34464 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8786]: Connection closed by invalid user user 175.24.188.217 port 34430 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8795]: Connection closed by invalid user user 175.24.188.217 port 34454 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:20:04.328Z","@version":"1","message":"Sep 14 11:20:04 honeypot-sgp-1 kernel: [84030512.994083] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.178.86.77 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21405 PROTO=TCP SPT=54257 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:21:45 honeypot-ams-1 kernel: [84031088.609305] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=40343 PROTO=TCP SPT=36504 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:21:46.143Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:23:33 honeypot-fra-1 sshd[8823]: Disconnected from authenticating user root 61.177.172.104 port 14627 [preauth]","@timestamp":"2022-09-14T11:23:34.646Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:26:07.478Z","@version":"1","message":"Sep 14 11:26:07 honeypot-sgp-1 kernel: [84030875.791976] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.97 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53178 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:26:37 honeypot-ams-1 sshd[24767]: Connection closed by invalid user user1 103.188.176.251 port 37758 [preauth]","@timestamp":"2022-09-14T11:26:37.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:30:33 honeypot-fra-1 kernel: [84029453.574730] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58032 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:30:33.811Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T11:36:30.732Z","@version":"1","message":"Sep 14 11:36:29 honeypot-sgp-1 sshd[13129]: Received disconnect from 92.255.85.70 port 26258:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:36:44 honeypot-fra-1 sshd[8839]: Disconnected from invalid user kvm 165.22.45.108 port 38166 [preauth]","@timestamp":"2022-09-14T11:36:44.961Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:39:51 honeypot-ams-1 kernel: [84032174.628154] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.67.66.107 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=17361 DF PROTO=TCP SPT=18414 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:39:51.615Z"}
{"@timestamp":"2022-09-14T11:40:31.833Z","@version":"1","message":"Sep 14 11:40:31 honeypot-sgp-1 kernel: [84031739.984250] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.91.121.252 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=41839 PROTO=TCP SPT=40712 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:40:48 honeypot-fra-1 kernel: [84030068.794953] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.99.216.93 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=51791 PROTO=TCP SPT=54492 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:40:49.059Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:44:04 honeypot-ams-1 sshd[24775]: Invalid user kutimukha from 195.36.209.129 port 42414","@timestamp":"2022-09-14T11:44:05.724Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8858]: Invalid user steam from 52.237.82.21 port 37818","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8879]: Invalid user ubuntu from 52.237.82.21 port 37920","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8856]: Connection closed by authenticating user root 52.237.82.21 port 37884 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8869]: Invalid user testuser from 52.237.82.21 port 37870","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8854]: Invalid user ubuntu from 52.237.82.21 port 37892","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8853]: Connection closed by invalid user ubuntu 52.237.82.21 port 37826 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8866]: Connection closed by invalid user user 52.237.82.21 port 37810 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8874]: Connection closed by invalid user ftpuser 52.237.82.21 port 37950 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8854]: Connection closed by invalid user ubuntu 52.237.82.21 port 37892 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:49:55.069Z","@version":"1","message":"Sep 14 11:49:54 honeypot-sgp-1 sshd[13139]: Received disconnect from 61.177.173.36 port 64166:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:50:36 honeypot-fra-1 sshd[8911]: Disconnecting invalid user  81.17.25.50 port 31160: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:50:37.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:51:25.107Z","@version":"1","message":"Sep 14 11:51:24 honeypot-sgp-1 sshd[13143]: Disconnected from invalid user xbot_premium 80.68.7.179 port 36532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:52:02 honeypot-fra-1 sshd[8917]: Disconnecting invalid user  81.17.25.50 port 52111: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:52:03.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:52:57 honeypot-fra-1 sshd[8923]: Disconnecting invalid user admin 81.17.25.50 port 20124: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:52:58.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:25 honeypot-fra-1 sshd[8929]: Disconnecting invalid user manager 81.17.25.50 port 1130: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:53:26.388Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:53:34 honeypot-ams-1 sshd[24778]: Invalid user pentaho from 164.92.212.181 port 57576","@timestamp":"2022-09-14T11:53:34.970Z"}
{"@timestamp":"2022-09-14T11:53:39.163Z","@version":"1","message":"Sep 14 11:53:38 honeypot-sgp-1 sshd[13150]: Connection closed by authenticating user root 103.188.176.251 port 40716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:54:30 honeypot-fra-1 sshd[8937]: Invalid user Admin from 81.17.25.50 port 40951","@timestamp":"2022-09-14T11:54:31.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:05 honeypot-fra-1 sshd[8943]: Invalid user user from 81.17.25.50 port 23764","@timestamp":"2022-09-14T11:55:05.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:47 honeypot-fra-1 sshd[8950]: Disconnecting invalid user blank 81.17.25.50 port 37698: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:48.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:51 honeypot-fra-1 sshd[8956]: Disconnecting invalid user 1234 81.17.25.50 port 50997: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:51.454Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:11 honeypot-fra-1 sshd[8964]: Invalid user cisco from 81.17.25.50 port 21074","@timestamp":"2022-09-14T11:56:11.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:31 honeypot-fra-1 sshd[8972]: Disconnecting authenticating user root 81.17.25.50 port 53527: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:56:31.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:05 honeypot-fra-1 sshd[8978]: Disconnecting invalid user adslroot 81.17.25.50 port 50217: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:57:05.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:16 honeypot-fra-1 sshd[8985]: Disconnecting invalid user blank 81.17.25.50 port 9122: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:57:16.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:49 honeypot-fra-1 sshd[8993]: Invalid user default from 81.17.25.50 port 27992","@timestamp":"2022-09-14T11:57:50.511Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:58:33 honeypot-ams-1 sshd[24782]: Received disconnect from 161.18.254.73 port 49980:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:58:34.120Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:58:49 honeypot-fra-1 sshd[9001]: Invalid user Administrator from 81.17.25.50 port 57432","@timestamp":"2022-09-14T11:58:49.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:31 honeypot-fra-1 kernel: [84031192.204726] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.223.115.11 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=32215 PROTO=TCP SPT=56506 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:59:32.557Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:15 honeypot-fra-1 sshd[9012]: Disconnecting invalid user Admin 81.17.25.50 port 5913: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:00:16.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:36 honeypot-fra-1 sshd[9020]: Disconnected from authenticating user root 61.177.173.36 port 56096 [preauth]","@timestamp":"2022-09-14T12:00:37.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:29 honeypot-fra-1 sshd[9025]: Disconnecting invalid user matrix 81.17.25.50 port 45322: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:01:29.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:00 honeypot-fra-1 sshd[9031]: Invalid user motorola from 81.17.25.50 port 26031","@timestamp":"2022-09-14T12:02:00.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:45 honeypot-fra-1 sshd[9037]: Received disconnect from 92.255.85.70 port 27642:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:02:45.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:03:25 honeypot-fra-1 kernel: [84031426.419714] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=22421 DF PROTO=TCP SPT=62499 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T12:03:26.668Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:03:49.410Z","@version":"1","message":"Sep 14 12:03:49 honeypot-sgp-1 sshd[13609]: Received disconnect from 129.159.63.83 port 50691:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:04:34 honeypot-fra-1 sshd[9047]: Invalid user admin from 81.17.25.50 port 53411","@timestamp":"2022-09-14T12:04:35.699Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:05:19 honeypot-ams-1 sshd[24788]: Disconnected from authenticating user root 190.12.102.58 port 55111 [preauth]","@timestamp":"2022-09-14T12:05:19.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:05:39 honeypot-fra-1 kernel: [84031560.030265] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42748 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:05:39.730Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:06:24 honeypot-fra-1 sshd[9059]: Disconnecting invalid user Broadcom 81.17.25.50 port 57634: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:06:24.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:06:46.486Z","@version":"1","message":"Sep 14 12:06:45 honeypot-sgp-1 sshd[13614]: Invalid user mongodb2 from 148.240.122.192 port 33168","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:07:22 honeypot-fra-1 sshd[9069]: Invalid user cusadmin from 81.17.25.50 port 5290","@timestamp":"2022-09-14T12:07:22.775Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:07:51.515Z","@version":"1","message":"Sep 14 12:07:51 honeypot-sgp-1 sshd[13618]: Received disconnect from 150.107.205.78 port 36324:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:08:24 honeypot-fra-1 sshd[9075]: Invalid user smcadmin from 81.17.25.50 port 2898","@timestamp":"2022-09-14T12:08:24.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:25 honeypot-ams-1 sshd[24794]: Received disconnect from 141.255.162.226 port 49508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:08:25.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:29 honeypot-ams-1 sshd[24798]: Received disconnect from 141.255.162.226 port 44150:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:08:29.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:31 honeypot-ams-1 sshd[24802]: Received disconnect from 141.255.162.226 port 51780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:08:31.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:08:53 honeypot-fra-1 sshd[9081]: Invalid user admin from 81.17.25.50 port 27379","@timestamp":"2022-09-14T12:08:53.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:39 honeypot-fra-1 sshd[9087]: Invalid user user from 81.17.25.50 port 14433","@timestamp":"2022-09-14T12:09:39.838Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:44 honeypot-fra-1 sshd[9093]: Disconnecting invalid user 123456 81.17.25.50 port 19140: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:44.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:47 honeypot-fra-1 sshd[9099]: Disconnecting invalid user readwrite 81.17.25.50 port 35045: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:47.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:48 honeypot-fra-1 sshd[9105]: Disconnecting invalid user DZY-W2914NSV2 81.17.25.50 port 44864: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:48.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:58 honeypot-fra-1 sshd[9111]: Disconnecting invalid user zoomadsl 81.17.25.50 port 18446: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:59.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:10:25 honeypot-fra-1 sshd[9116]: Disconnecting invalid user 1admin0 81.17.25.50 port 1931: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:10:26.870Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:11:45.612Z","@version":"1","message":"Sep 14 12:11:45 honeypot-sgp-1 sshd[13625]: Received disconnect from 64.227.126.207 port 43998:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:12:41.637Z","@version":"1","message":"Sep 14 12:12:41 honeypot-sgp-1 kernel: [84033670.204219] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=18530 DF PROTO=TCP SPT=50172 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:17:01 honeypot-ams-1 CRON[24805]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T12:17:01.606Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:17:01 honeypot-fra-1 CRON[9129]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T12:17:02.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:03 honeypot-ams-1 sshd[24813]: Invalid user ubnt from 179.103.152.130 port 57452","@timestamp":"2022-09-14T12:20:03.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:08 honeypot-ams-1 sshd[24817]: Disconnected from authenticating user root 179.103.152.130 port 57704 [preauth]","@timestamp":"2022-09-14T12:20:08.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:14 honeypot-ams-1 sshd[24823]: Disconnected from authenticating user root 179.103.152.130 port 58042 [preauth]","@timestamp":"2022-09-14T12:20:15.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:21 honeypot-ams-1 sshd[24829]: Disconnected from authenticating user root 179.103.152.130 port 58436 [preauth]","@timestamp":"2022-09-14T12:20:21.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:27 honeypot-ams-1 sshd[24835]: Disconnected from authenticating user root 179.103.152.130 port 58770 [preauth]","@timestamp":"2022-09-14T12:20:28.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:35 honeypot-ams-1 sshd[24841]: Disconnected from authenticating user root 179.103.152.130 port 59122 [preauth]","@timestamp":"2022-09-14T12:20:35.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:42 honeypot-ams-1 sshd[24847]: Disconnected from authenticating user root 179.103.152.130 port 59502 [preauth]","@timestamp":"2022-09-14T12:20:42.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:48 honeypot-ams-1 sshd[24853]: Disconnected from authenticating user root 179.103.152.130 port 59870 [preauth]","@timestamp":"2022-09-14T12:20:49.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:55 honeypot-ams-1 sshd[24859]: Disconnected from authenticating user root 179.103.152.130 port 60208 [preauth]","@timestamp":"2022-09-14T12:20:55.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:02 honeypot-ams-1 sshd[24865]: Disconnected from authenticating user root 179.103.152.130 port 60594 [preauth]","@timestamp":"2022-09-14T12:21:02.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:09 honeypot-ams-1 sshd[24871]: Disconnected from authenticating user root 179.103.152.130 port 60940 [preauth]","@timestamp":"2022-09-14T12:21:09.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:17 honeypot-ams-1 sshd[24877]: Disconnected from authenticating user root 179.103.152.130 port 33078 [preauth]","@timestamp":"2022-09-14T12:21:17.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:24 honeypot-ams-1 sshd[24883]: Invalid user admin from 179.103.152.130 port 33482","@timestamp":"2022-09-14T12:21:24.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:28 honeypot-ams-1 sshd[24887]: Invalid user admin from 179.103.152.130 port 33744","@timestamp":"2022-09-14T12:21:28.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:33 honeypot-ams-1 sshd[24891]: Invalid user admin from 179.103.152.130 port 34010","@timestamp":"2022-09-14T12:21:34.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:38 honeypot-ams-1 sshd[24895]: Invalid user admin from 179.103.152.130 port 34254","@timestamp":"2022-09-14T12:21:39.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:43 honeypot-ams-1 sshd[24899]: Invalid user admin from 179.103.152.130 port 34542","@timestamp":"2022-09-14T12:21:43.748Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:49 honeypot-ams-1 sshd[24903]: Received disconnect from 179.103.152.130 port 34758:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:49.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:53 honeypot-ams-1 sshd[24907]: Disconnected from invalid user pi 179.103.152.130 port 35108 [preauth]","@timestamp":"2022-09-14T12:21:54.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:59 honeypot-ams-1 sshd[24911]: Disconnected from invalid user user 179.103.152.130 port 35344 [preauth]","@timestamp":"2022-09-14T12:21:59.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:04 honeypot-ams-1 sshd[24915]: Disconnected from invalid user mine 179.103.152.130 port 35592 [preauth]","@timestamp":"2022-09-14T12:22:04.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:08 honeypot-ams-1 sshd[24919]: Disconnected from invalid user xbmc 179.103.152.130 port 35852 [preauth]","@timestamp":"2022-09-14T12:22:09.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:13 honeypot-ams-1 sshd[24923]: Disconnected from invalid user oracle 179.103.152.130 port 36088 [preauth]","@timestamp":"2022-09-14T12:22:13.767Z"}
{"@timestamp":"2022-09-14T12:22:17.870Z","@version":"1","message":"Sep 14 12:22:17 honeypot-sgp-1 sshd[13638]: Received disconnect from 61.177.173.51 port 10613:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:18 honeypot-ams-1 sshd[24927]: Disconnected from invalid user postgres 179.103.152.130 port 36326 [preauth]","@timestamp":"2022-09-14T12:22:18.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:23 honeypot-ams-1 sshd[24931]: Disconnected from invalid user support 179.103.152.130 port 36562 [preauth]","@timestamp":"2022-09-14T12:22:23.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:29 honeypot-ams-1 sshd[24935]: Disconnected from invalid user ubuntu 179.103.152.130 port 36894 [preauth]","@timestamp":"2022-09-14T12:22:29.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:33 honeypot-ams-1 sshd[24939]: Disconnected from invalid user ubuntu 179.103.152.130 port 37132 [preauth]","@timestamp":"2022-09-14T12:22:34.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:38 honeypot-ams-1 sshd[24943]: Received disconnect from 179.103.152.130 port 37382:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:38.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:41 honeypot-ams-1 sshd[24947]: Disconnected from invalid user test 179.103.152.130 port 37486 [preauth]","@timestamp":"2022-09-14T12:22:41.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:46 honeypot-ams-1 sshd[24951]: Disconnected from invalid user cirros 179.103.152.130 port 37808 [preauth]","@timestamp":"2022-09-14T12:22:46.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:23:42 honeypot-fra-1 sshd[9138]: Disconnected from invalid user user 45.61.186.169 port 40220 [preauth]","@timestamp":"2022-09-14T12:23:43.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:00 honeypot-fra-1 sshd[9143]: Disconnected from invalid user user 45.61.186.169 port 35044 [preauth]","@timestamp":"2022-09-14T12:24:00.185Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:24:09 honeypot-ams-1 sshd[24955]: Connection closed by invalid user zhangguoqiang 137.116.144.39 port 36394 [preauth]","@timestamp":"2022-09-14T12:24:10.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:16 honeypot-fra-1 sshd[9148]: Received disconnect from 45.61.186.169 port 58116:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:24:17.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:25 honeypot-fra-1 sshd[9152]: Received disconnect from 45.61.186.169 port 41390:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:24:26.198Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:25:53 honeypot-fra-1 sshd[9157]: Disconnected from authenticating user root 92.255.85.69 port 59010 [preauth]","@timestamp":"2022-09-14T12:25:54.232Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:25:56.973Z","@version":"1","message":"Sep 14 12:25:56 honeypot-sgp-1 sshd[13642]: Disconnected from invalid user cx 220.134.113.188 port 48513 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:00 honeypot-ams-1 sshd[24962]: Received disconnect from 179.151.180.133 port 52054:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:00.909Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:05 honeypot-ams-1 sshd[24966]: Disconnected from invalid user ubnt 179.151.180.133 port 52324 [preauth]","@timestamp":"2022-09-14T12:27:05.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:12 honeypot-ams-1 sshd[24972]: Disconnected from authenticating user root 179.151.180.133 port 52708 [preauth]","@timestamp":"2022-09-14T12:27:12.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:19 honeypot-ams-1 sshd[24978]: Disconnected from authenticating user root 179.151.180.133 port 53084 [preauth]","@timestamp":"2022-09-14T12:27:19.922Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:26 honeypot-ams-1 sshd[24984]: Disconnected from authenticating user root 179.151.180.133 port 53450 [preauth]","@timestamp":"2022-09-14T12:27:26.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:33 honeypot-ams-1 sshd[24990]: Disconnected from authenticating user root 179.151.180.133 port 53838 [preauth]","@timestamp":"2022-09-14T12:27:33.931Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:40 honeypot-ams-1 sshd[24996]: Disconnected from authenticating user root 179.151.180.133 port 54224 [preauth]","@timestamp":"2022-09-14T12:27:40.934Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:48 honeypot-ams-1 sshd[25002]: Disconnected from authenticating user root 179.151.180.133 port 54598 [preauth]","@timestamp":"2022-09-14T12:27:48.939Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:55 honeypot-ams-1 sshd[25008]: Disconnected from authenticating user root 179.151.180.133 port 54996 [preauth]","@timestamp":"2022-09-14T12:27:55.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:03 honeypot-ams-1 sshd[25014]: Disconnected from authenticating user root 179.151.180.133 port 55390 [preauth]","@timestamp":"2022-09-14T12:28:03.948Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:09 honeypot-ams-1 sshd[25020]: Disconnected from authenticating user root 179.151.180.133 port 55752 [preauth]","@timestamp":"2022-09-14T12:28:10.952Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:17 honeypot-ams-1 sshd[25026]: Disconnected from authenticating user root 179.151.180.133 port 56174 [preauth]","@timestamp":"2022-09-14T12:28:18.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:24 honeypot-ams-1 sshd[25032]: Disconnected from authenticating user root 179.151.180.133 port 56582 [preauth]","@timestamp":"2022-09-14T12:28:25.962Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:29 honeypot-ams-1 sshd[25036]: Disconnected from invalid user admin 179.151.180.133 port 56834 [preauth]","@timestamp":"2022-09-14T12:28:29.964Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:34 honeypot-ams-1 sshd[25040]: Disconnected from invalid user admin 179.151.180.133 port 57092 [preauth]","@timestamp":"2022-09-14T12:28:34.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:39 honeypot-ams-1 sshd[25044]: Disconnected from invalid user admin 179.151.180.133 port 57350 [preauth]","@timestamp":"2022-09-14T12:28:39.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:44 honeypot-ams-1 sshd[25048]: Disconnected from invalid user admin 179.151.180.133 port 57638 [preauth]","@timestamp":"2022-09-14T12:28:44.973Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:49 honeypot-ams-1 sshd[25052]: Disconnected from invalid user admin 179.151.180.133 port 57894 [preauth]","@timestamp":"2022-09-14T12:28:49.977Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:54 honeypot-ams-1 sshd[25056]: Received disconnect from 179.151.180.133 port 58172:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:54.980Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:58 honeypot-ams-1 sshd[25062]: Disconnected from invalid user pi 179.151.180.133 port 58412 [preauth]","@timestamp":"2022-09-14T12:28:58.982Z"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13653]: Invalid user oracle from 35.90.115.181 port 54462","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13652]: Invalid user admin from 35.90.115.181 port 54488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13663]: Invalid user oracle from 35.90.115.181 port 54436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13649]: Connection closed by invalid user centos 35.90.115.181 port 54458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13651]: Connection closed by invalid user esuser 35.90.115.181 port 54514 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13664]: Connection closed by invalid user oracle 35.90.115.181 port 54510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13665]: Connection closed by invalid user ubuntu 35.90.115.181 port 54466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13674]: Connection closed by invalid user ubuntu 35.90.115.181 port 54452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:02.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13669]: Invalid user chia from 35.90.115.181 port 54504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:03 honeypot-ams-1 sshd[25066]: Disconnected from invalid user user 179.151.180.133 port 58676 [preauth]","@timestamp":"2022-09-14T12:29:03.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:08 honeypot-ams-1 sshd[25070]: Disconnected from invalid user mine 179.151.180.133 port 58950 [preauth]","@timestamp":"2022-09-14T12:29:08.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:13 honeypot-ams-1 sshd[25074]: Disconnected from invalid user xbmc 179.151.180.133 port 59188 [preauth]","@timestamp":"2022-09-14T12:29:13.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:17 honeypot-ams-1 sshd[25078]: Disconnected from invalid user oracle 179.151.180.133 port 59448 [preauth]","@timestamp":"2022-09-14T12:29:17.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:22 honeypot-ams-1 sshd[25082]: Disconnected from invalid user postgres 179.151.180.133 port 59692 [preauth]","@timestamp":"2022-09-14T12:29:22.998Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:26 honeypot-ams-1 sshd[25086]: Disconnected from invalid user support 179.151.180.133 port 59934 [preauth]","@timestamp":"2022-09-14T12:29:27.000Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:31 honeypot-ams-1 sshd[25090]: Disconnected from invalid user ubuntu 179.151.180.133 port 60188 [preauth]","@timestamp":"2022-09-14T12:29:32.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:36 honeypot-ams-1 sshd[25094]: Disconnected from invalid user ubuntu 179.151.180.133 port 60404 [preauth]","@timestamp":"2022-09-14T12:29:37.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:40 honeypot-ams-1 sshd[25098]: Disconnected from invalid user guest 179.151.180.133 port 60676 [preauth]","@timestamp":"2022-09-14T12:29:41.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:46 honeypot-ams-1 sshd[25102]: Disconnected from invalid user cirros 179.151.180.133 port 60928 [preauth]","@timestamp":"2022-09-14T12:29:47.014Z"}
{"@timestamp":"2022-09-14T12:30:59.106Z","@version":"1","message":"Sep 14 12:30:58 honeypot-sgp-1 sshd[13708]: Received disconnect from 61.177.172.104 port 40679:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:31:42.126Z","@version":"1","message":"Sep 14 12:31:41 honeypot-sgp-1 sshd[13714]: Received disconnect from 201.217.194.126 port 44746:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:33:33 honeypot-fra-1 kernel: [84033233.706837] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=41003 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:33:33.408Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:37:29 honeypot-fra-1 kernel: [84033470.136465] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x60 TTL=53 ID=50138 DF PROTO=TCP SPT=51162 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:37:30.500Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:37:43 honeypot-ams-1 kernel: [84035646.369522] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.47.127.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=33060 PROTO=TCP SPT=33003 DPT=443 WINDOW=55995 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:37:44.219Z"}
{"@timestamp":"2022-09-14T12:38:55.308Z","@version":"1","message":"Sep 14 12:38:55 honeypot-sgp-1 sshd[13721]: Disconnected from authenticating user root 61.177.172.19 port 12734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:46:37.509Z","@version":"1","message":"Sep 14 12:46:36 honeypot-sgp-1 sshd[13727]: Disconnected from authenticating user root 92.255.85.70 port 30104 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:47:19 honeypot-fra-1 sshd[9173]: Disconnected from authenticating user root 61.177.173.36 port 63816 [preauth]","@timestamp":"2022-09-14T12:47:20.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:49:27 honeypot-fra-1 sshd[9176]: Received disconnect from 92.255.85.70 port 57154:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:49:27.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:51:05.623Z","@version":"1","message":"Sep 14 12:51:04 honeypot-sgp-1 sshd[13736]: Disconnected from invalid user admin 91.240.118.222 port 41757 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:52:14 honeypot-ams-1 sshd[25110]: Disconnected from authenticating user root 92.255.85.69 port 23578 [preauth]","@timestamp":"2022-09-14T12:52:15.590Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:54:24 honeypot-fra-1 sshd[9181]: Disconnected from invalid user fujiwara 118.27.107.40 port 54032 [preauth]","@timestamp":"2022-09-14T12:54:24.892Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:54:27.710Z","@version":"1","message":"Sep 14 12:54:26 honeypot-sgp-1 kernel: [84036175.378797] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.9.71.118 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=18494 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:56:26 honeypot-ams-1 kernel: [84036769.791770] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=60297 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:56:27.702Z"}
{"@timestamp":"2022-09-14T12:57:33.789Z","@version":"1","message":"Sep 14 12:57:33 honeypot-sgp-1 sshd[13751]: Received disconnect from 182.23.23.42 port 54114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:41.820Z","@version":"1","message":"Sep 14 12:58:41 honeypot-sgp-1 sshd[13756]: Invalid user user from 45.61.186.249 port 36950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:52.826Z","@version":"1","message":"Sep 14 12:58:52 honeypot-sgp-1 sshd[13760]: Received disconnect from 45.61.186.249 port 48600:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:11.834Z","@version":"1","message":"Sep 14 12:59:11 honeypot-sgp-1 sshd[13764]: Received disconnect from 45.61.186.249 port 43670:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:30.843Z","@version":"1","message":"Sep 14 12:59:30 honeypot-sgp-1 sshd[13768]: Invalid user user from 45.61.186.249 port 38720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:41 honeypot-ams-1 sshd[25120]: Invalid user ubnt from 61.245.162.61 port 56932","@timestamp":"2022-09-14T12:59:42.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:45 honeypot-ams-1 sshd[25124]: Disconnected from authenticating user root 61.245.162.61 port 57044 [preauth]","@timestamp":"2022-09-14T12:59:45.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:49 honeypot-ams-1 sshd[25130]: Disconnected from authenticating user root 61.245.162.61 port 57334 [preauth]","@timestamp":"2022-09-14T12:59:49.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:54 honeypot-ams-1 sshd[25136]: Disconnected from authenticating user root 61.245.162.61 port 57564 [preauth]","@timestamp":"2022-09-14T12:59:54.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:58 honeypot-ams-1 sshd[25142]: Disconnected from authenticating user root 61.245.162.61 port 57776 [preauth]","@timestamp":"2022-09-14T12:59:58.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:03 honeypot-ams-1 sshd[25148]: Disconnected from authenticating user root 61.245.162.61 port 58076 [preauth]","@timestamp":"2022-09-14T13:00:03.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:07 honeypot-ams-1 sshd[25154]: Disconnected from authenticating user root 61.245.162.61 port 58282 [preauth]","@timestamp":"2022-09-14T13:00:08.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:12 honeypot-ams-1 sshd[25160]: Disconnected from authenticating user root 61.245.162.61 port 58592 [preauth]","@timestamp":"2022-09-14T13:00:12.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:17 honeypot-ams-1 sshd[25166]: Disconnected from authenticating user root 61.245.162.61 port 58788 [preauth]","@timestamp":"2022-09-14T13:00:17.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:21 honeypot-ams-1 sshd[25172]: Disconnected from authenticating user root 61.245.162.61 port 59094 [preauth]","@timestamp":"2022-09-14T13:00:21.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:26 honeypot-ams-1 sshd[25178]: Disconnected from authenticating user root 61.245.162.61 port 59298 [preauth]","@timestamp":"2022-09-14T13:00:26.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:31 honeypot-ams-1 sshd[25184]: Disconnected from authenticating user root 61.245.162.61 port 59644 [preauth]","@timestamp":"2022-09-14T13:00:31.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:35 honeypot-ams-1 sshd[25190]: Invalid user admin from 61.245.162.61 port 59852","@timestamp":"2022-09-14T13:00:35.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:38 honeypot-ams-1 sshd[25194]: Invalid user admin from 61.245.162.61 port 60036","@timestamp":"2022-09-14T13:00:38.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:41 honeypot-ams-1 sshd[25198]: Invalid user admin from 61.245.162.61 port 60250","@timestamp":"2022-09-14T13:00:41.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:44 honeypot-ams-1 sshd[25202]: Invalid user admin from 61.245.162.61 port 60392","@timestamp":"2022-09-14T13:00:44.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:48 honeypot-ams-1 sshd[25206]: Invalid user admin from 61.245.162.61 port 60544","@timestamp":"2022-09-14T13:00:48.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:51 honeypot-ams-1 sshd[25210]: Received disconnect from 61.245.162.61 port 60776:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:51.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:54 honeypot-ams-1 sshd[25214]: Disconnected from invalid user pi 61.245.162.61 port 60918 [preauth]","@timestamp":"2022-09-14T13:00:54.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:57 honeypot-ams-1 sshd[25218]: Disconnected from invalid user user 61.245.162.61 port 32820 [preauth]","@timestamp":"2022-09-14T13:00:57.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:00 honeypot-ams-1 sshd[25222]: Disconnected from invalid user mine 61.245.162.61 port 33024 [preauth]","@timestamp":"2022-09-14T13:01:00.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:03 honeypot-ams-1 sshd[25226]: Disconnected from invalid user xbmc 61.245.162.61 port 33212 [preauth]","@timestamp":"2022-09-14T13:01:04.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:07 honeypot-ams-1 sshd[25230]: Disconnected from invalid user oracle 61.245.162.61 port 33358 [preauth]","@timestamp":"2022-09-14T13:01:07.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:10 honeypot-ams-1 sshd[25234]: Disconnected from invalid user postgres 61.245.162.61 port 33590 [preauth]","@timestamp":"2022-09-14T13:01:10.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:13 honeypot-ams-1 sshd[25238]: Disconnected from invalid user support 61.245.162.61 port 33764 [preauth]","@timestamp":"2022-09-14T13:01:13.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:16 honeypot-ams-1 sshd[25242]: Disconnected from invalid user ubuntu 61.245.162.61 port 33918 [preauth]","@timestamp":"2022-09-14T13:01:16.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:19 honeypot-ams-1 sshd[25246]: Disconnected from invalid user ubuntu 61.245.162.61 port 34120 [preauth]","@timestamp":"2022-09-14T13:01:20.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:23 honeypot-ams-1 sshd[25250]: Disconnected from invalid user guest 61.245.162.61 port 34298 [preauth]","@timestamp":"2022-09-14T13:01:23.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:26 honeypot-ams-1 sshd[25254]: Disconnected from invalid user cirros 61.245.162.61 port 34452 [preauth]","@timestamp":"2022-09-14T13:01:26.861Z"}
{"@timestamp":"2022-09-14T13:01:54.902Z","@version":"1","message":"Sep 14 13:01:54 honeypot-sgp-1 sshd[13774]: Received disconnect from 157.230.183.86 port 34080:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:05:13.985Z","@version":"1","message":"Sep 14 13:05:13 honeypot-sgp-1 sshd[13780]: Received disconnect from 103.42.57.139 port 33822:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:07:57 honeypot-ams-1 kernel: [84037460.442256] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.35.16.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=63105 PROTO=TCP SPT=55471 DPT=443 WINDOW=4222 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:07:58.030Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:09:02 honeypot-fra-1 kernel: [84035362.999264] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.50.105 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53705 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:09:03.215Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T13:09:27.091Z","@version":"1","message":"Sep 14 13:09:26 honeypot-sgp-1 sshd[13784]: Disconnected from authenticating user root 37.193.112.180 port 40804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:12:43 honeypot-fra-1 sshd[9199]: Disconnected from authenticating user root 92.255.85.70 port 42446 [preauth]","@timestamp":"2022-09-14T13:12:44.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:14:14.213Z","@version":"1","message":"Sep 14 13:14:13 honeypot-sgp-1 kernel: [84037362.393481] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=137.184.66.255 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=44057 PROTO=TCP SPT=58156 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:17:01 honeypot-ams-1 CRON[25263]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T13:17:01.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:19:05 honeypot-fra-1 sshd[9207]: Disconnected from authenticating user root 61.177.173.50 port 29067 [preauth]","@timestamp":"2022-09-14T13:19:05.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:19:49.357Z","@version":"1","message":"Sep 14 13:19:48 honeypot-sgp-1 sshd[13798]: Received disconnect from 61.177.172.98 port 25115:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:21:21 honeypot-fra-1 sshd[9212]: Disconnected from invalid user jfk 175.197.233.197 port 44890 [preauth]","@timestamp":"2022-09-14T13:21:22.497Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:22:12 honeypot-ams-1 kernel: [84038315.288653] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=111 ID=8258 PROTO=TCP SPT=63967 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:22:12.405Z"}
{"@timestamp":"2022-09-14T13:26:19.518Z","@version":"1","message":"Sep 14 13:26:19 honeypot-sgp-1 kernel: [84038087.755942] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.167.66.138 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=2198 PROTO=TCP SPT=59830 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:27:28 honeypot-ams-1 sshd[25273]: Invalid user team from 182.16.245.85 port 40944","@timestamp":"2022-09-14T13:27:28.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:29:03 honeypot-ams-1 sshd[25275]: Disconnected from invalid user eversec 177.94.199.94 port 48144 [preauth]","@timestamp":"2022-09-14T13:29:03.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:29:38 honeypot-fra-1 sshd[9654]: Disconnected from authenticating user root 61.177.172.114 port 26073 [preauth]","@timestamp":"2022-09-14T13:29:39.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:18 honeypot-fra-1 sshd[9662]: Invalid user user from 198.98.61.9 port 45354","@timestamp":"2022-09-14T13:31:18.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:31:34.652Z","@version":"1","message":"Sep 14 13:31:34 honeypot-sgp-1 kernel: [84038403.019766] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.51.254 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=34399 PROTO=TCP SPT=62801 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:41 honeypot-fra-1 sshd[9666]: Invalid user user from 198.98.61.9 port 40274","@timestamp":"2022-09-14T13:31:41.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:59 honeypot-fra-1 sshd[9670]: Invalid user user from 198.98.61.9 port 35178","@timestamp":"2022-09-14T13:31:59.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:32:13 honeypot-ams-1 sshd[25279]: Disconnected from authenticating user root 35.202.200.207 port 1944 [preauth]","@timestamp":"2022-09-14T13:32:13.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:16 honeypot-fra-1 sshd[9676]: Invalid user user from 198.98.61.9 port 58330","@timestamp":"2022-09-14T13:32:17.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:38 honeypot-fra-1 sshd[9680]: Received disconnect from 43.224.110.14 port 44386:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:32:38.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:36:44 honeypot-fra-1 sshd[9685]: Disconnected from authenticating user root 92.255.85.70 port 34278 [preauth]","@timestamp":"2022-09-14T13:36:44.891Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:38:48 honeypot-ams-1 sshd[25284]: Disconnected from authenticating user root 92.255.85.69 port 47628 [preauth]","@timestamp":"2022-09-14T13:38:48.843Z"}
{"@timestamp":"2022-09-14T13:39:51.860Z","@version":"1","message":"Sep 14 13:39:51 honeypot-sgp-1 kernel: [84038899.755350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=47481 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:32 honeypot-fra-1 sshd[9691]: Received disconnect from 179.43.156.143 port 46352:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:44:32.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:58 honeypot-fra-1 sshd[9696]: Invalid user user from 45.61.186.49 port 48926","@timestamp":"2022-09-14T13:44:59.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:08 honeypot-fra-1 sshd[9700]: Invalid user user from 45.61.186.49 port 60494","@timestamp":"2022-09-14T13:45:09.087Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:52 honeypot-fra-1 sshd[9704]: Received disconnect from 179.43.156.143 port 39508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:45:53.106Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:47:15.067Z","@version":"1","message":"Sep 14 13:47:14 honeypot-sgp-1 kernel: [84039343.441791] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36800 PROTO=TCP SPT=42989 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:47:49 honeypot-fra-1 sshd[9712]: Invalid user nutanix from 179.43.156.143 port 57434","@timestamp":"2022-09-14T13:47:50.153Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:49:09 honeypot-fra-1 sshd[9719]: Invalid user nfsnobod from 179.43.156.143 port 50636","@timestamp":"2022-09-14T13:49:10.186Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:50:36 honeypot-fra-1 sshd[9723]: Received disconnect from 179.43.156.143 port 43754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:50:36.238Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:51:21.172Z","@version":"1","message":"Sep 14 13:51:21 honeypot-sgp-1 sshd[13831]: Invalid user admin from 178.128.125.205 port 63122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:51:38 honeypot-ams-1 sshd[25288]: Invalid user roosevelt from 51.250.89.156 port 49962","@timestamp":"2022-09-14T13:51:39.175Z"}
{"@timestamp":"2022-09-14T13:51:39.181Z","@version":"1","message":"Sep 14 13:51:38 honeypot-sgp-1 kernel: [84039606.853919] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=23149 PROTO=TCP SPT=43489 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:52:39 honeypot-fra-1 sshd[9733]: Received disconnect from 179.43.156.143 port 33504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:52:40.286Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:58:17.348Z","@version":"1","message":"Sep 14 13:58:16 honeypot-sgp-1 kernel: [84040005.434992] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=21471 DF PROTO=TCP SPT=55698 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:59:00 honeypot-fra-1 sshd[9740]: Connection closed by authenticating user root 103.188.176.251 port 47884 [preauth]","@timestamp":"2022-09-14T13:59:01.432Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:59:22 honeypot-ams-1 kernel: [84040545.119108] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=10279 PROTO=TCP SPT=15754 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:59:22.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:00:16 honeypot-fra-1 sshd[9746]: Received disconnect from 165.22.45.108 port 52972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:00:17.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:02:28.459Z","@version":"1","message":"Sep 14 14:02:27 honeypot-sgp-1 kernel: [84040256.390699] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5427 PROTO=TCP SPT=42964 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:04 honeypot-ams-1 sshd[25299]: Invalid user user from 45.61.186.49 port 50238","@timestamp":"2022-09-14T14:04:05.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:21 honeypot-ams-1 sshd[25303]: Invalid user user from 45.61.186.49 port 33784","@timestamp":"2022-09-14T14:04:21.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:05:11 honeypot-fra-1 kernel: [84038731.177902] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.134.114.97 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=47535 DF PROTO=TCP SPT=6407 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:05:11.579Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:10:08 honeypot-ams-1 kernel: [84041191.876050] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=52258 PROTO=TCP SPT=50818 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:10:09.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:11:29 honeypot-fra-1 sshd[9762]: Received disconnect from 62.204.41.222 port 17384:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-14T14:11:29.722Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:14:43 honeypot-ams-1 sshd[25313]: Disconnected from authenticating user root 178.62.81.147 port 44328 [preauth]","@timestamp":"2022-09-14T14:14:43.792Z"}
{"@timestamp":"2022-09-14T14:17:01.812Z","@version":"1","message":"Sep 14 14:17:01 honeypot-sgp-1 CRON[13858]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:18:36 honeypot-fra-1 sshd[9770]: Disconnected from authenticating user root 61.177.172.90 port 64363 [preauth]","@timestamp":"2022-09-14T14:18:37.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:18:47.855Z","@version":"1","message":"Sep 14 14:18:47 honeypot-sgp-1 sshd[13865]: Disconnected from invalid user teodora 173.82.235.128 port 49910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:22:24 honeypot-fra-1 kernel: [84039764.158341] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=37005 DF PROTO=TCP SPT=39584 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:22:24.973Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T14:24:01.004Z","@version":"1","message":"Sep 14 14:24:00 honeypot-sgp-1 sshd[13875]: Received disconnect from 85.18.236.229 port 52796:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:24:07 honeypot-fra-1 sshd[9779]: Disconnected from authenticating user root 61.177.173.50 port 36673 [preauth]","@timestamp":"2022-09-14T14:24:08.015Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:24:12 honeypot-ams-1 kernel: [84042035.692353] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.246.253.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48836 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:24:13.039Z"}
{"@timestamp":"2022-09-14T14:25:30.043Z","@version":"1","message":"Sep 14 14:25:29 honeypot-sgp-1 sshd[13879]: Invalid user sa from 96.78.175.36 port 55398","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:10.061Z","@version":"1","message":"Sep 14 14:26:09 honeypot-sgp-1 sshd[13882]: Disconnected from invalid user user 45.61.184.204 port 36678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:28.070Z","@version":"1","message":"Sep 14 14:26:27 honeypot-sgp-1 sshd[13886]: Disconnected from invalid user user 45.61.184.204 port 60042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:49.080Z","@version":"1","message":"Sep 14 14:26:48 honeypot-sgp-1 sshd[13890]: Disconnected from invalid user user 45.61.184.204 port 55166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:27:46 honeypot-ams-1 sshd[25332]: Received disconnect from 80.76.51.189 port 44214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:27:47.135Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:28:41 honeypot-ams-1 kernel: [84042304.225638] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.86 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=44309 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:28:42.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:29:57 honeypot-ams-1 sshd[25343]: Disconnected from authenticating user root 80.76.51.189 port 58202 [preauth]","@timestamp":"2022-09-14T14:29:58.198Z"}
{"@timestamp":"2022-09-14T14:30:27.172Z","@version":"1","message":"Sep 14 14:30:26 honeypot-sgp-1 sshd[13897]: Received disconnect from 61.177.173.39 port 34979:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:31:18 honeypot-ams-1 sshd[25350]: Received disconnect from 80.76.51.189 port 38324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:31:19.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:32:14 honeypot-ams-1 sshd[25354]: Disconnected from invalid user test 80.76.51.189 port 43904 [preauth]","@timestamp":"2022-09-14T14:32:14.262Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:32:39 honeypot-fra-1 sshd[9786]: Received disconnect from 61.177.172.19 port 48441:11:  [preauth]","@timestamp":"2022-09-14T14:32:40.210Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:33:11 honeypot-ams-1 sshd[25358]: Disconnected from invalid user testuser 80.76.51.189 port 49458 [preauth]","@timestamp":"2022-09-14T14:33:12.289Z"}
{"@timestamp":"2022-09-14T14:33:16.250Z","@version":"1","message":"Sep 14 14:33:15 honeypot-sgp-1 sshd[13901]: Received disconnect from 61.177.173.53 port 60097:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:34:09 honeypot-ams-1 sshd[25363]: Disconnected from invalid user ubuntu 80.76.51.189 port 55040 [preauth]","@timestamp":"2022-09-14T14:34:10.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:35:06 honeypot-ams-1 sshd[25367]: Disconnected from invalid user ubuntu 80.76.51.189 port 60610 [preauth]","@timestamp":"2022-09-14T14:35:07.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:36:32 honeypot-ams-1 sshd[25374]: Received disconnect from 80.76.51.189 port 40726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:36:33.383Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:03 honeypot-fra-1 sshd[9793]: Did not receive identification string from 185.209.179.41 port 52978","@timestamp":"2022-09-14T14:37:04.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9804]: Invalid user postgres from 185.209.179.41 port 58250","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9802]: Invalid user ansible from 185.209.179.41 port 58208","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9808]: Invalid user ts3srv from 185.209.179.41 port 58228","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9801]: Connection closed by invalid user test 185.209.179.41 port 58240 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9810]: Connection closed by invalid user postgres 185.209.179.41 port 58214 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9803]: Connection closed by invalid user dev 185.209.179.41 port 58254 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9838]: Invalid user wordpress from 185.209.179.41 port 58248","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9835]: Connection closed by invalid user oracle 185.209.179.41 port 58186 [preauth]","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9840]: Connection closed by invalid user test 185.209.179.41 port 58212 [preauth]","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9855]: Invalid user oracle from 185.209.179.41 port 58202","@timestamp":"2022-09-14T14:37:07.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9854]: Connection closed by invalid user linkxess 185.209.179.41 port 58160 [preauth]","@timestamp":"2022-09-14T14:37:08.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:37:32 honeypot-ams-1 sshd[25378]: Disconnected from authenticating user root 80.76.51.189 port 46298 [preauth]","@timestamp":"2022-09-14T14:37:32.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:39:04 honeypot-ams-1 sshd[25384]: Received disconnect from 80.76.51.189 port 54650:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:39:05.452Z"}
{"@timestamp":"2022-09-14T14:42:18.475Z","@version":"1","message":"Sep 14 14:42:18 honeypot-sgp-1 sshd[13907]: Disconnected from authenticating user root 61.177.172.108 port 54169 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:46:02 honeypot-fra-1 sshd[9869]: Disconnected from invalid user fnjoroge 191.251.56.156 port 44293 [preauth]","@timestamp":"2022-09-14T14:46:02.545Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:47:06 honeypot-ams-1 kernel: [84043409.805628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.4.99 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=46687 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:47:07.691Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:48:00 honeypot-fra-1 sshd[9875]: Disconnected from invalid user test 111.67.193.58 port 35044 [preauth]","@timestamp":"2022-09-14T14:48:01.594Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:49:46 honeypot-ams-1 sshd[25393]: Disconnected from authenticating user root 92.255.85.70 port 49006 [preauth]","@timestamp":"2022-09-14T14:49:46.763Z"}
{"@timestamp":"2022-09-14T14:50:01.665Z","@version":"1","message":"Sep 14 14:50:01 honeypot-sgp-1 sshd[13914]: Disconnected from authenticating user root 61.177.173.36 port 14673 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:50:06 honeypot-fra-1 sshd[9881]: Received disconnect from 61.177.173.39 port 17113:11:  [preauth]","@timestamp":"2022-09-14T14:50:06.661Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:51:23 honeypot-fra-1 sshd[9888]: Received disconnect from 201.123.131.103 port 43116:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:51:23.695Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:38 honeypot-ams-1 sshd[25402]: Received disconnect from 109.205.213.23 port 56056:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:52:38.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:53:02 honeypot-ams-1 sshd[25408]: Received disconnect from 109.205.213.23 port 43278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:53:02.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:17 honeypot-ams-1 sshd[25414]: Received disconnect from 109.205.213.23 port 45062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:54:17.888Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:34 honeypot-ams-1 sshd[25418]: Disconnected from invalid user test 109.205.213.23 port 45954 [preauth]","@timestamp":"2022-09-14T14:54:34.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:59:10 honeypot-fra-1 kernel: [84041970.504861] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=65121 PROTO=TCP SPT=47439 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:59:10.869Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:01:35 honeypot-ams-1 kernel: [84044277.982078] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.89.239.57 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=2103 DF PROTO=TCP SPT=48810 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:01:35.086Z"}
{"@timestamp":"2022-09-14T15:04:09.007Z","@version":"1","message":"Sep 14 15:04:08 honeypot-sgp-1 sshd[13930]: Received disconnect from 86.102.122.148 port 45184:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:07:01 honeypot-ams-1 sshd[25428]: Invalid user oyn from 103.180.120.160 port 51606","@timestamp":"2022-09-14T15:07:02.228Z"}
{"@timestamp":"2022-09-14T15:09:06.130Z","@version":"1","message":"Sep 14 15:09:05 honeypot-sgp-1 sshd[13937]: Received disconnect from 61.177.173.37 port 38029:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:09:15 honeypot-fra-1 kernel: [84042575.836187] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.48 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=54916 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:09:16.097Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:10:31 honeypot-fra-1 sshd[9909]: Disconnected from authenticating user root 92.255.85.70 port 39186 [preauth]","@timestamp":"2022-09-14T15:10:32.129Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:13:38 honeypot-ams-1 sshd[25431]: Disconnected from authenticating user root 92.255.85.70 port 52212 [preauth]","@timestamp":"2022-09-14T15:13:38.413Z"}
{"@timestamp":"2022-09-14T15:19:50.412Z","@version":"1","message":"Sep 14 15:19:49 honeypot-sgp-1 kernel: [84044897.997902] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.246.253.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=57422 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:20:31 honeypot-ams-1 kernel: [84045414.674010] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=24362 PROTO=TCP SPT=48765 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:20:32.594Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:10 honeypot-ams-1 sshd[25440]: Invalid user user from 45.61.186.49 port 37552","@timestamp":"2022-09-14T15:21:11.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:20 honeypot-ams-1 sshd[25444]: Invalid user user from 45.61.186.49 port 49156","@timestamp":"2022-09-14T15:21:20.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:21:44 honeypot-fra-1 sshd[9920]: Received disconnect from 61.177.173.51 port 37829:11:  [preauth]","@timestamp":"2022-09-14T15:21:45.388Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:23:52.513Z","@version":"1","message":"Sep 14 15:23:52 honeypot-sgp-1 sshd[13957]: Invalid user user from 45.61.186.49 port 35024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:24:03.519Z","@version":"1","message":"Sep 14 15:24:02 honeypot-sgp-1 sshd[13961]: Invalid user user from 45.61.186.49 port 46878","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:25:18 honeypot-ams-1 sshd[25446]: Received disconnect from 204.48.30.77 port 46438:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:25:18.741Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:25:43 honeypot-fra-1 sshd[9926]: Received disconnect from 177.73.136.175 port 50930:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:25:44.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:36 honeypot-fra-1 sshd[9934]: Received disconnect from 193.142.146.50 port 39836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:26:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:27:10 honeypot-fra-1 sshd[9940]: Received disconnect from 193.142.146.50 port 37396:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:27:10.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:28:35 honeypot-fra-1 sshd[9947]: Received disconnect from 193.142.146.50 port 34954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:28:35.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:29:15 honeypot-fra-1 sshd[9955]: Received disconnect from 193.142.146.50 port 60746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:29:15.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:30:19 honeypot-fra-1 sshd[9959]: Disconnected from invalid user test 193.142.146.50 port 40298 [preauth]","@timestamp":"2022-09-14T15:30:19.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:30:49.691Z","@version":"1","message":"Sep 14 15:30:49 honeypot-sgp-1 sshd[13972]: Received disconnect from 200.241.46.178 port 32994:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:31:23.707Z","@version":"1","message":"Sep 14 15:31:23 honeypot-sgp-1 sshd[13976]: Disconnected from authenticating user root 92.255.85.69 port 26190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:31:24 honeypot-ams-1 sshd[25450]: Received disconnect from 175.203.23.6 port 40566:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:31:24.899Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:33:49 honeypot-fra-1 sshd[9965]: Received disconnect from 61.177.172.124 port 63740:11:  [preauth]","@timestamp":"2022-09-14T15:33:49.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:35:00 honeypot-ams-1 sshd[25454]: Disconnected from invalid user todds 148.72.244.44 port 43904 [preauth]","@timestamp":"2022-09-14T15:35:00.994Z"}
{"@timestamp":"2022-09-14T15:35:27.805Z","@version":"1","message":"Sep 14 15:35:27 honeypot-sgp-1 sshd[13981]: Disconnected from 61.177.172.108 port 11478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:37:12 honeypot-fra-1 sshd[9971]: Received disconnect from 165.22.45.108 port 34630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:37:12.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:39 honeypot-ams-1 sshd[25460]: Disconnected from invalid user user 141.255.162.226 port 59100 [preauth]","@timestamp":"2022-09-14T15:37:40.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:42 honeypot-ams-1 sshd[25464]: Disconnected from invalid user user 141.255.162.226 port 45038 [preauth]","@timestamp":"2022-09-14T15:37:43.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:44 honeypot-ams-1 sshd[25468]: Disconnected from invalid user user 141.255.162.226 port 52120 [preauth]","@timestamp":"2022-09-14T15:37:45.070Z"}
{"@timestamp":"2022-09-14T15:43:18.013Z","@version":"1","message":"Sep 14 15:43:17 honeypot-sgp-1 sshd[13988]: Invalid user admin from 196.30.23.194 port 55341","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:45:56 honeypot-fra-1 sshd[9979]: Received disconnect from 61.177.173.50 port 34350:11:  [preauth]","@timestamp":"2022-09-14T15:45:56.952Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:47:15.108Z","@version":"1","message":"Sep 14 15:47:14 honeypot-sgp-1 sshd[13996]: Invalid user rlombardo from 114.205.54.184 port 55214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:50:00 honeypot-ams-1 kernel: [84047183.805435] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44272 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:50:01.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:53:50 honeypot-fra-1 sshd[9986]: Disconnected from authenticating user root 61.177.173.53 port 50234 [preauth]","@timestamp":"2022-09-14T15:53:51.127Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:54:09.293Z","@version":"1","message":"Sep 14 15:54:08 honeypot-sgp-1 sshd[14003]: Received disconnect from 61.177.173.49 port 16172:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:59:50.431Z","@version":"1","message":"Sep 14 15:59:49 honeypot-sgp-1 kernel: [84047297.922605] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.154 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=22662 PROTO=TCP SPT=55481 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:00:17 honeypot-ams-1 kernel: [84047800.680615] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=62570 PROTO=TCP SPT=36547 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:00:18.655Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:03:33 honeypot-fra-1 kernel: [84045833.458575] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=1829 PROTO=TCP SPT=18248 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:03:34.355Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:04:48 honeypot-ams-1 sshd[25497]: Disconnected from authenticating user root 144.24.190.159 port 59634 [preauth]","@timestamp":"2022-09-14T16:04:48.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:05:24 honeypot-ams-1 sshd[25501]: Disconnected from authenticating user root 46.23.109.125 port 33416 [preauth]","@timestamp":"2022-09-14T16:05:24.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:06:54 honeypot-ams-1 sshd[25505]: Disconnected from authenticating user root 34.231.32.12 port 46544 [preauth]","@timestamp":"2022-09-14T16:06:54.829Z"}
{"@timestamp":"2022-09-14T16:09:45.668Z","@version":"1","message":"Sep 14 16:09:45 honeypot-sgp-1 kernel: [84047893.859418] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=235 ID=15212 PROTO=TCP SPT=43986 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:15.683Z","@version":"1","message":"Sep 14 16:10:14 honeypot-sgp-1 sshd[14023]: Invalid user admin from 31.184.198.71 port 2437","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:38.694Z","@version":"1","message":"Sep 14 16:10:38 honeypot-sgp-1 sshd[14029]: Invalid user aerohive from 31.184.198.71 port 42804","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:01.706Z","@version":"1","message":"Sep 14 16:11:01 honeypot-sgp-1 sshd[14035]: Invalid user private from 31.184.198.71 port 58775","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:33.723Z","@version":"1","message":"Sep 14 16:11:33 honeypot-sgp-1 sshd[14041]: Disconnecting invalid user Admin 31.184.198.71 port 15212: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:02.737Z","@version":"1","message":"Sep 14 16:12:02 honeypot-sgp-1 sshd[14048]: Invalid user user from 31.184.198.71 port 39872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:21.747Z","@version":"1","message":"Sep 14 16:12:21 honeypot-sgp-1 sshd[14055]: Received disconnect from 45.61.184.204 port 44392:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:31.753Z","@version":"1","message":"Sep 14 16:12:31 honeypot-sgp-1 sshd[14058]: Disconnected from invalid user user 45.61.184.204 port 56050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:46.761Z","@version":"1","message":"Sep 14 16:12:46 honeypot-sgp-1 sshd[14064]: Invalid user guest from 31.184.198.71 port 46989","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:58.767Z","@version":"1","message":"Sep 14 16:12:58 honeypot-sgp-1 sshd[14068]: Disconnecting invalid user 1234 31.184.198.71 port 32735: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:08.772Z","@version":"1","message":"Sep 14 16:13:07 honeypot-sgp-1 sshd[14074]: Received disconnect from 45.61.184.204 port 46238:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:17.778Z","@version":"1","message":"Sep 14 16:13:17 honeypot-sgp-1 sshd[14078]: Disconnected from invalid user user 45.61.184.204 port 57912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:37.788Z","@version":"1","message":"Sep 14 16:13:36 honeypot-sgp-1 sshd[14084]: Disconnecting invalid user admin 31.184.198.71 port 45596: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:07.804Z","@version":"1","message":"Sep 14 16:14:07 honeypot-sgp-1 sshd[14092]: Invalid user  from 31.184.198.71 port 24821","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:33.818Z","@version":"1","message":"Sep 14 16:14:33 honeypot-sgp-1 sshd[14098]: Invalid user admin from 31.184.198.71 port 38125","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:14:41 honeypot-ams-1 sshd[25510]: Connection closed by 167.94.145.57 port 52500 [preauth]","@timestamp":"2022-09-14T16:14:42.029Z"}
{"@timestamp":"2022-09-14T16:15:02.833Z","@version":"1","message":"Sep 14 16:15:01 honeypot-sgp-1 sshd[14105]: Invalid user  from 31.184.198.71 port 2958","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:36.850Z","@version":"1","message":"Sep 14 16:15:36 honeypot-sgp-1 sshd[14112]: Invalid user admin from 31.184.198.71 port 40525","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:56 honeypot-ams-1 sshd[25516]: Received disconnect from 191.49.65.97 port 43085:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:15:57.062Z"}
{"@timestamp":"2022-09-14T16:16:01.863Z","@version":"1","message":"Sep 14 16:16:00 honeypot-sgp-1 sshd[14118]: Invalid user cusadmin from 31.184.198.71 port 23869","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:05 honeypot-ams-1 sshd[25522]: Received disconnect from 191.49.65.97 port 43271:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:06.068Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:16:15 honeypot-ams-1 kernel: [84048758.529465] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.220.77.14 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=63908 PROTO=TCP SPT=52164 DPT=80 WINDOW=58345 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:16:16.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:22 honeypot-ams-1 sshd[25532]: Disconnected from authenticating user root 191.49.65.97 port 43670 [preauth]","@timestamp":"2022-09-14T16:16:23.078Z"}
{"@timestamp":"2022-09-14T16:16:28.878Z","@version":"1","message":"Sep 14 16:16:28 honeypot-sgp-1 sshd[14123]: Disconnecting invalid user admin 31.184.198.71 port 33274: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:35 honeypot-ams-1 sshd[25538]: Disconnected from authenticating user root 191.49.65.97 port 43961 [preauth]","@timestamp":"2022-09-14T16:16:36.085Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:53 honeypot-ams-1 sshd[25544]: Connection closed by 191.49.65.97 port 44229 [preauth]","@timestamp":"2022-09-14T16:16:54.095Z"}
{"@timestamp":"2022-09-14T16:16:55.892Z","@version":"1","message":"Sep 14 16:16:55 honeypot-sgp-1 sshd[14129]: Disconnecting invalid user comcast 31.184.198.71 port 30874: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:17:01 honeypot-fra-1 CRON[9998]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T16:17:01.654Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:17:14.902Z","@version":"1","message":"Sep 14 16:17:14 honeypot-sgp-1 sshd[14136]: Disconnecting invalid user  31.184.198.71 port 16472: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:17:41.915Z","@version":"1","message":"Sep 14 16:17:41 honeypot-sgp-1 sshd[14142]: Disconnecting invalid user  31.184.198.71 port 9949: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:12.931Z","@version":"1","message":"Sep 14 16:18:12 honeypot-sgp-1 sshd[14148]: Disconnecting invalid user admin 31.184.198.71 port 15942: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:32.941Z","@version":"1","message":"Sep 14 16:18:32 honeypot-sgp-1 sshd[14156]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 25011","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:00.955Z","@version":"1","message":"Sep 14 16:19:00 honeypot-sgp-1 sshd[14161]: Disconnecting invalid user 0 31.184.198.71 port 62626: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:25.969Z","@version":"1","message":"Sep 14 16:19:25 honeypot-sgp-1 sshd[14167]: Disconnecting invalid user admin 31.184.198.71 port 64518: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:46.979Z","@version":"1","message":"Sep 14 16:19:46 honeypot-sgp-1 sshd[14173]: Disconnecting invalid user Broadcom 31.184.198.71 port 6475: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:14.994Z","@version":"1","message":"Sep 14 16:20:14 honeypot-sgp-1 sshd[14180]: Disconnecting invalid user cusadmin 31.184.198.71 port 58057: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:38.005Z","@version":"1","message":"Sep 14 16:20:37 honeypot-sgp-1 sshd[14186]: Invalid user sweex from 31.184.198.71 port 8821","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:57.016Z","@version":"1","message":"Sep 14 16:20:56 honeypot-sgp-1 sshd[14191]: Disconnecting invalid user admin 31.184.198.71 port 24437: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:20:58 honeypot-ams-1 sshd[25552]: Invalid user pxe from 68.183.145.59 port 34564","@timestamp":"2022-09-14T16:20:59.201Z"}
{"@timestamp":"2022-09-14T16:21:23.028Z","@version":"1","message":"Sep 14 16:21:22 honeypot-sgp-1 sshd[14197]: Disconnecting invalid user user 31.184.198.71 port 34899: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:56.045Z","@version":"1","message":"Sep 14 16:21:55 honeypot-sgp-1 sshd[14204]: Disconnecting invalid user 123456 31.184.198.71 port 12501: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:29.062Z","@version":"1","message":"Sep 14 16:22:28 honeypot-sgp-1 sshd[14210]: Disconnecting invalid user readwrite 31.184.198.71 port 25662: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:55.075Z","@version":"1","message":"Sep 14 16:22:54 honeypot-sgp-1 sshd[14216]: Disconnecting invalid user DZY-W2914NSV2 31.184.198.71 port 4005: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:23:37.095Z","@version":"1","message":"Sep 14 16:23:36 honeypot-sgp-1 sshd[14223]: Disconnecting invalid user zoomadsl 31.184.198.71 port 51036: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:24:11.113Z","@version":"1","message":"Sep 14 16:24:10 honeypot-sgp-1 sshd[14229]: Connection closed by invalid user ltecl4r0 31.184.198.71 port 24160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:26:46 honeypot-fra-1 sshd[10004]: Received disconnect from 165.22.45.108 port 39606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T16:26:47.876Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:27:55 honeypot-ams-1 sshd[25557]: Connection closed by authenticating user root 103.188.176.251 port 43218 [preauth]","@timestamp":"2022-09-14T16:27:56.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:29:49 honeypot-ams-1 sshd[25561]: Disconnected from invalid user test2 200.137.5.196 port 44284 [preauth]","@timestamp":"2022-09-14T16:29:49.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:34:13 honeypot-ams-1 sshd[25566]: Disconnected from invalid user friend 201.17.133.138 port 39914 [preauth]","@timestamp":"2022-09-14T16:34:13.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:35:49 honeypot-fra-1 sshd[10010]: Invalid user admin from 114.35.235.34 port 33395","@timestamp":"2022-09-14T16:35:50.082Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:37:53.454Z","@version":"1","message":"Sep 14 16:37:52 honeypot-sgp-1 sshd[14235]: Received disconnect from 104.131.190.193 port 40210:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:44:31 honeypot-fra-1 sshd[10015]: Disconnected from authenticating user root 92.255.85.69 port 25598 [preauth]","@timestamp":"2022-09-14T16:44:32.280Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:47:34 honeypot-ams-1 sshd[25572]: Disconnected from authenticating user root 92.255.85.70 port 21494 [preauth]","@timestamp":"2022-09-14T16:47:35.880Z"}
{"@timestamp":"2022-09-14T16:49:18.731Z","@version":"1","message":"Sep 14 16:49:18 honeypot-sgp-1 kernel: [84050266.853314] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=20896 PROTO=TCP SPT=53938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:51:27 honeypot-fra-1 kernel: [84048707.618152] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=58745 DF PROTO=TCP SPT=56228 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:51:28.439Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:52:41.816Z","@version":"1","message":"Sep 14 16:52:41 honeypot-sgp-1 sshd[14244]: Disconnected from authenticating user root 193.142.146.50 port 45524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:53:34.842Z","@version":"1","message":"Sep 14 16:53:33 honeypot-sgp-1 sshd[14250]: Disconnected from authenticating user root 193.142.146.50 port 41552 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:54:41.872Z","@version":"1","message":"Sep 14 16:54:41 honeypot-sgp-1 sshd[14257]: Disconnected from authenticating user root 193.142.146.50 port 37580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:20 honeypot-fra-1 sshd[10022]: Received disconnect from 45.61.186.49 port 60738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T16:55:21.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:55:22.892Z","@version":"1","message":"Sep 14 16:55:22 honeypot-sgp-1 sshd[14263]: Connection closed by invalid user user1 103.188.176.251 port 37776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:30 honeypot-fra-1 sshd[10026]: Received disconnect from 45.61.186.49 port 43788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T16:55:30.534Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:56:27.921Z","@version":"1","message":"Sep 14 16:56:27 honeypot-sgp-1 sshd[14269]: Invalid user admin from 193.142.146.50 port 40374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:04:58 honeypot-ams-1 kernel: [84051681.136118] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.214.231.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=33228 PROTO=TCP SPT=45399 DPT=80 WINDOW=32920 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:04:58.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:19 honeypot-fra-1 sshd[10030]: Invalid user user from 45.61.187.160 port 40734","@timestamp":"2022-09-14T17:05:19.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:39 honeypot-fra-1 sshd[10034]: Invalid user user from 45.61.187.160 port 35270","@timestamp":"2022-09-14T17:05:39.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:58 honeypot-fra-1 sshd[10039]: Invalid user user from 45.61.187.160 port 58048","@timestamp":"2022-09-14T17:05:58.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:06:14 honeypot-fra-1 sshd[10043]: Invalid user user from 45.61.187.160 port 52556","@timestamp":"2022-09-14T17:06:15.801Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:08:38.208Z","@version":"1","message":"Sep 14 17:08:38 honeypot-sgp-1 sshd[14275]: Did not receive identification string from 109.205.213.23 port 57010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:09:01 honeypot-ams-1 CRON[25577]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T17:09:01.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:09:01 honeypot-fra-1 CRON[10047]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T17:09:01.865Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:09:02.220Z","@version":"1","message":"Sep 14 17:09:01 honeypot-sgp-1 CRON[14280]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:19.229Z","@version":"1","message":"Sep 14 17:09:18 honeypot-sgp-1 sshd[14287]: Received disconnect from 109.205.213.23 port 38926:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:52.244Z","@version":"1","message":"Sep 14 17:09:51 honeypot-sgp-1 sshd[14293]: Received disconnect from 109.205.213.23 port 55014:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:11:02.276Z","@version":"1","message":"Sep 14 17:11:02 honeypot-sgp-1 sshd[14300]: Invalid user test from 109.205.213.23 port 57648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:11:21.285Z","@version":"1","message":"Sep 14 17:11:20 honeypot-sgp-1 sshd[14304]: Connection closed by 109.205.213.23 port 58964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:12:18 honeypot-ams-1 sshd[25584]: Invalid user server-pilotuser from 187.32.8.50 port 51168","@timestamp":"2022-09-14T17:12:19.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:13:44 honeypot-ams-1 sshd[25589]: Invalid user liam from 203.151.83.7 port 32848","@timestamp":"2022-09-14T17:13:45.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:14:29 honeypot-fra-1 sshd[10052]: Disconnected from invalid user la 165.22.45.108 port 44584 [preauth]","@timestamp":"2022-09-14T17:14:29.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:17:01 honeypot-ams-1 CRON[25593]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T17:17:01.642Z"}
{"@timestamp":"2022-09-14T17:18:48.466Z","@version":"1","message":"Sep 14 17:18:48 honeypot-sgp-1 kernel: [84052036.682595] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=164.92.106.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=34226 PROTO=TCP SPT=55501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:09 honeypot-ams-1 sshd[25598]: Did not receive identification string from 198.98.61.9 port 45694","@timestamp":"2022-09-14T17:22:09.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:22:16 honeypot-fra-1 kernel: [84050556.276120] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=51098 PROTO=TCP SPT=55101 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:22:17.170Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:39 honeypot-ams-1 sshd[25601]: Disconnected from invalid user user 198.98.61.9 port 44746 [preauth]","@timestamp":"2022-09-14T17:22:39.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:57 honeypot-ams-1 sshd[25605]: Disconnected from invalid user user 198.98.61.9 port 39062 [preauth]","@timestamp":"2022-09-14T17:22:58.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:14 honeypot-ams-1 sshd[25609]: Disconnected from invalid user user 198.98.61.9 port 33286 [preauth]","@timestamp":"2022-09-14T17:23:14.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:25:25 honeypot-fra-1 sshd[10061]: Received disconnect from 199.115.228.186 port 42494:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:25:26.246Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:26:53 honeypot-ams-1 sshd[25616]: Disconnected from invalid user webmo 190.128.230.98 port 36030 [preauth]","@timestamp":"2022-09-14T17:26:53.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:28:46 honeypot-fra-1 sshd[10068]: Invalid user user from 45.61.184.204 port 36266","@timestamp":"2022-09-14T17:28:46.324Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:04 honeypot-fra-1 sshd[10072]: Invalid user user from 45.61.184.204 port 59078","@timestamp":"2022-09-14T17:29:05.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:23 honeypot-fra-1 sshd[10076]: Invalid user user from 45.61.184.204 port 53654","@timestamp":"2022-09-14T17:29:23.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:31 honeypot-fra-1 sshd[10080]: Received disconnect from 45.61.184.204 port 36832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:29:32.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:29:48.726Z","@version":"1","message":"Sep 14 17:29:47 honeypot-sgp-1 kernel: [84052696.327664] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=36923 PROTO=TCP SPT=54393 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:31:17 honeypot-fra-1 sshd[10084]: Received disconnect from 92.255.85.69 port 42276:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:31:17.388Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:33:42 honeypot-ams-1 sshd[25622]: Disconnected from authenticating user root 92.255.85.70 port 18082 [preauth]","@timestamp":"2022-09-14T17:33:43.070Z"}
{"@timestamp":"2022-09-14T17:38:24.929Z","@version":"1","message":"Sep 14 17:38:24 honeypot-sgp-1 sshd[14318]: Unable to negotiate with 41.86.17.229 port 55827: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:40:17 honeypot-ams-1 kernel: [84053800.006913] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.190.153.0 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=9093 DF PROTO=TCP SPT=17103 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:40:17.241Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:41:04 honeypot-fra-1 sshd[10090]: Received disconnect from 139.59.233.124 port 44004:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:41:05.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:42:08 honeypot-fra-1 sshd[10095]: Disconnected from authenticating user root 143.198.154.97 port 36444 [preauth]","@timestamp":"2022-09-14T17:42:09.639Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:48:27 honeypot-fra-1 kernel: [84052126.997473] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=58302 PROTO=TCP SPT=57464 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:48:27.784Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:50:36 honeypot-fra-1 sshd[10104]: Invalid user admin from 162.215.1.193 port 52342","@timestamp":"2022-09-14T17:50:36.836Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:54:27 honeypot-ams-1 kernel: [84054650.000679] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=144.126.222.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=16194 PROTO=TCP SPT=55501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:54:27.606Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:55:12 honeypot-fra-1 kernel: [84052531.732729] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=13481 PROTO=TCP SPT=17038 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:55:12.943Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T17:55:25.325Z","@version":"1","message":"Sep 14 17:55:24 honeypot-sgp-1 kernel: [84054233.262467] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=8797 PROTO=TCP SPT=55101 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:02:31 honeypot-fra-1 sshd[10112]: Received disconnect from 165.22.45.108 port 49570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:02:32.108Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:03:54 honeypot-fra-1 sshd[10116]: Received disconnect from 82.200.65.218 port 43772:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:03:55.143Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T18:04:01.955Z","@version":"1","message":"Sep 14 18:04:01 honeypot-sgp-1 kernel: [84054749.868679] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=137.184.149.73 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=47962 PROTO=TCP SPT=51182 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:05:08 honeypot-ams-1 sshd[25636]: Received disconnect from 104.131.13.185 port 44880:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:05:08.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:07:03 honeypot-fra-1 kernel: [84053242.760534] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=47481 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:07:03.213Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:08:12 honeypot-ams-1 sshd[25639]: Disconnected from invalid user admin 185.118.48.206 port 57724 [preauth]","@timestamp":"2022-09-14T18:08:12.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:08:37 honeypot-fra-1 sshd[10126]: Received disconnect from 164.70.100.221 port 47422:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:08:37.253Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:11:27 honeypot-fra-1 sshd[10129]: Disconnected from authenticating user root 51.38.227.101 port 43050 [preauth]","@timestamp":"2022-09-14T18:11:28.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:13:21 honeypot-fra-1 kernel: [84053620.914878] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.102.227 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28107 PROTO=TCP SPT=55501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:13:21.368Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T18:17:02.264Z","@version":"1","message":"Sep 14 18:17:01 honeypot-sgp-1 CRON[14333]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:19:40 honeypot-fra-1 sshd[10145]: Received disconnect from 119.28.105.34 port 53788:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:19:40.511Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:20:15 honeypot-ams-1 sshd[25645]: Received disconnect from 92.255.85.70 port 26770:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:20:16.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:23:11 honeypot-fra-1 sshd[10149]: Disconnected from authenticating user root 31.220.59.91 port 51850 [preauth]","@timestamp":"2022-09-14T18:23:11.591Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T18:28:30.534Z","@version":"1","message":"Sep 14 18:28:30 honeypot-sgp-1 kernel: [84056218.658836] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=119.53.185.124 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=43252 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:32:36 honeypot-ams-1 kernel: [84056939.231928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36155 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:32:36.601Z"}
{"@timestamp":"2022-09-14T18:38:33.772Z","@version":"1","message":"Sep 14 18:38:33 honeypot-sgp-1 sshd[14355]: Disconnected from authenticating user root 92.255.85.69 port 21918 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:39:54 honeypot-fra-1 kernel: [84055214.454822] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.118 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=48565 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:39:54.969Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:16 honeypot-ams-1 sshd[25654]: Invalid user admin from 80.76.51.45 port 45866","@timestamp":"2022-09-14T18:40:16.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:45 honeypot-ams-1 sshd[25658]: Received disconnect from 80.76.51.45 port 44536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:40:46.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:29 honeypot-ams-1 sshd[25664]: Received disconnect from 80.76.51.45 port 56666:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:41:29.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:12 honeypot-ams-1 sshd[25670]: Received disconnect from 80.76.51.45 port 40580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:42:12.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:40 honeypot-ams-1 sshd[25674]: Disconnected from invalid user user 80.76.51.45 port 39094 [preauth]","@timestamp":"2022-09-14T18:42:41.890Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:44:39 honeypot-ams-1 sshd[25680]: Invalid user admin from 175.203.31.86 port 32932","@timestamp":"2022-09-14T18:44:39.943Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:47:39 honeypot-ams-1 kernel: [84057842.258270] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.179.184.132 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=14262 DF PROTO=TCP SPT=59056 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:47:40.028Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:47:53 honeypot-fra-1 kernel: [84055692.670919] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=129.226.40.165 DST=165.22.82.222 LEN=60 TOS=0x0A PREC=0x60 TTL=53 ID=16511 DF PROTO=TCP SPT=50661 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T18:47:53.150Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:50:34 honeypot-fra-1 sshd[10162]: Disconnected from invalid user lacrosse 165.22.45.108 port 54562 [preauth]","@timestamp":"2022-09-14T18:50:35.216Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:33 honeypot-ams-1 sshd[25687]: Received disconnect from 80.76.51.46 port 38224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:53:33.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:52 honeypot-ams-1 sshd[25693]: Did not receive identification string from 141.255.162.226 port 38190","@timestamp":"2022-09-14T18:53:53.224Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:53:58 honeypot-fra-1 sshd[10165]: Disconnected from invalid user degenius 103.19.229.213 port 51576 [preauth]","@timestamp":"2022-09-14T18:53:59.318Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:15 honeypot-ams-1 sshd[25698]: Received disconnect from 141.255.162.226 port 37894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:15.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:17 honeypot-ams-1 sshd[25702]: Received disconnect from 141.255.162.226 port 57790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:18.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:21 honeypot-ams-1 sshd[25706]: Received disconnect from 141.255.162.226 port 34676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:22.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:22 honeypot-ams-1 sshd[25710]: Disconnected from authenticating user root 80.76.51.46 port 56070 [preauth]","@timestamp":"2022-09-14T18:54:23.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:43 honeypot-ams-1 sshd[25716]: Received disconnect from 80.76.51.46 port 34950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:44.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:15 honeypot-ams-1 sshd[25722]: Invalid user test from 80.76.51.46 port 45654","@timestamp":"2022-09-14T18:55:16.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:54 honeypot-ams-1 sshd[25726]: Received disconnect from 187.157.153.167 port 56144:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:55:55.288Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:56:06 honeypot-fra-1 sshd[10171]: Connection closed by invalid user pi 194.44.139.244 port 49526 [preauth]","@timestamp":"2022-09-14T18:56:07.370Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:00:23 honeypot-ams-1 kernel: [84058606.541791] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=47481 DPT=389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:00:24.408Z"}
{"@timestamp":"2022-09-14T19:01:46.309Z","@version":"1","message":"Sep 14 19:01:45 honeypot-sgp-1 sshd[14359]: Disconnected from authenticating user root 92.255.85.70 port 16218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:01:53 honeypot-fra-1 sshd[10176]: Connection closed by invalid user user1 103.188.176.251 port 50900 [preauth]","@timestamp":"2022-09-14T19:01:53.504Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:06:53.434Z","@version":"1","message":"Sep 14 19:06:53 honeypot-sgp-1 kernel: [84058521.423203] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.215.196 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41994 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:15 honeypot-fra-1 sshd[10182]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-14T19:07:15.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10203]: Invalid user user from 43.138.12.15 port 44064","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10187]: Connection closed by invalid user mcsrv 43.138.12.15 port 44030 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10216]: Connection closed by invalid user minecraft 43.138.12.15 port 44055 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10191]: Invalid user elasticsearch from 43.138.12.15 port 44054","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10204]: Invalid user admin from 43.138.12.15 port 44042","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10211]: Invalid user devops from 43.138.12.15 port 44098","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10186]: Connection closed by invalid user user 43.138.12.15 port 44062 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10204]: Connection closed by invalid user admin 43.138.12.15 port 44042 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10206]: Connection closed by invalid user ansible 43.138.12.15 port 44094 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10214]: Connection closed by invalid user teamspeak 43.138.12.15 port 44036 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:09:46 honeypot-ams-1 sshd[25734]: error: maximum authentication attempts exceeded for invalid user admin from 176.15.138.108 port 1716 ssh2 [preauth]","@timestamp":"2022-09-14T19:09:47.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:14:42 honeypot-ams-1 sshd[25737]: Disconnected from invalid user iz 179.96.150.109 port 49284 [preauth]","@timestamp":"2022-09-14T19:14:42.779Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:17:01 honeypot-fra-1 CRON[10255]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T19:17:01.853Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:20:09.752Z","@version":"1","message":"Sep 14 19:20:08 honeypot-sgp-1 kernel: [84059317.178631] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=239 ID=11030 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:24:37.863Z","@version":"1","message":"Sep 14 19:24:37 honeypot-sgp-1 sshd[14375]: Disconnected from authenticating user root 211.253.27.169 port 40748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:26:31 honeypot-ams-1 kernel: [84060174.100901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.179.200.105 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=37126 PROTO=TCP SPT=53947 DPT=80 WINDOW=12284 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:26:32.108Z"}
{"@timestamp":"2022-09-14T19:28:41.980Z","@version":"1","message":"Sep 14 19:28:41 honeypot-sgp-1 sshd[14382]: Invalid user tex from 186.233.210.86 port 56888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:29:51 honeypot-fra-1 kernel: [84058211.191917] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=18368 DF PROTO=TCP SPT=58812 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T19:29:52.143Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T19:30:24.024Z","@version":"1","message":"Sep 14 19:30:23 honeypot-sgp-1 sshd[14387]: Received disconnect from 45.181.32.41 port 37596:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:35:27.147Z","@version":"1","message":"Sep 14 19:35:27 honeypot-sgp-1 sshd[14391]: Connection closed by invalid user bianyuzhe 137.116.144.39 port 48070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:38:40 honeypot-fra-1 sshd[10356]: Disconnected from invalid user lafeiorg 165.22.45.108 port 59550 [preauth]","@timestamp":"2022-09-14T19:38:41.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:39:06 honeypot-ams-1 kernel: [84060929.040866] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15954 PROTO=TCP SPT=57822 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:39:06.423Z"}
{"@timestamp":"2022-09-14T19:46:14.406Z","@version":"1","message":"Sep 14 19:46:13 honeypot-sgp-1 sshd[14397]: Received disconnect from 113.200.60.74 port 41933:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:49:02 honeypot-ams-1 kernel: [84061525.621540] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=17358 PROTO=TCP SPT=53576 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:49:03.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:51:10 honeypot-fra-1 sshd[10364]: Received disconnect from 92.255.85.69 port 58242:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:51:10.623Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:51:13.527Z","@version":"1","message":"Sep 14 19:51:13 honeypot-sgp-1 sshd[14404]: Invalid user si from 13.76.164.123 port 34374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10384]: Invalid user testuser from 45.127.108.174 port 54262","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10377]: Invalid user ubuntu from 45.127.108.174 port 54218","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10374]: Invalid user test from 45.127.108.174 port 54240","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10379]: Connection closed by authenticating user root 45.127.108.174 port 54216 [preauth]","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10391]: Connection closed by invalid user testuser 45.127.108.174 port 54222 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10387]: Connection closed by authenticating user root 45.127.108.174 port 54230 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10385]: Connection closed by invalid user zabbix 45.127.108.174 port 54220 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10374]: Connection closed by invalid user test 45.127.108.174 port 54240 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:54:58 honeypot-fra-1 sshd[10430]: Disconnected from authenticating user root 198.23.148.137 port 52036 [preauth]","@timestamp":"2022-09-14T19:54:58.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:59:03 honeypot-ams-1 kernel: [84062125.949486] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.214.231.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=21035 PROTO=TCP SPT=45399 DPT=80 WINDOW=32920 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:59:03.951Z"}
{"@timestamp":"2022-09-14T20:05:05.861Z","@version":"1","message":"Sep 14 20:05:05 honeypot-sgp-1 sshd[14407]: error: maximum authentication attempts exceeded for invalid user admin from 180.150.31.207 port 46065 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:06.052Z","@version":"1","message":"Sep 14 20:13:05 honeypot-sgp-1 sshd[14413]: Did not receive identification string from 141.255.162.226 port 36216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:30.063Z","@version":"1","message":"Sep 14 20:13:29 honeypot-sgp-1 sshd[14416]: Disconnected from invalid user user 141.255.162.226 port 41582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:35.066Z","@version":"1","message":"Sep 14 20:13:34 honeypot-sgp-1 sshd[14423]: Invalid user user from 141.255.162.226 port 57762","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:36.067Z","@version":"1","message":"Sep 14 20:13:35 honeypot-sgp-1 sshd[14425]: Received disconnect from 141.255.162.226 port 45728:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:49.074Z","@version":"1","message":"Sep 14 20:13:48 honeypot-sgp-1 sshd[14429]: Received disconnect from 45.61.186.49 port 59704:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:53.076Z","@version":"1","message":"Sep 14 20:13:52 honeypot-sgp-1 sshd[14433]: Disconnected from invalid user user 45.61.186.49 port 37174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:14:11 honeypot-fra-1 sshd[10438]: Disconnected from authenticating user root 92.255.85.69 port 19188 [preauth]","@timestamp":"2022-09-14T20:14:12.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:14:26.091Z","@version":"1","message":"Sep 14 20:14:25 honeypot-sgp-1 kernel: [84062573.327612] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52592 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:15:07 honeypot-fra-1 sshd[10442]: Disconnected from invalid user ca 217.218.215.101 port 42584 [preauth]","@timestamp":"2022-09-14T20:15:08.167Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:15:28 honeypot-ams-1 kernel: [84063111.229137] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.12.17 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=40510 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:15:29.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:18:17 honeypot-ams-1 sshd[25770]: Invalid user admin from 110.149.184.98 port 56041","@timestamp":"2022-09-14T20:18:18.470Z"}
{"@timestamp":"2022-09-14T20:19:21.210Z","@version":"1","message":"Sep 14 20:19:21 honeypot-sgp-1 kernel: [84062869.242988] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=57021 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:26:28.384Z","@version":"1","message":"Sep 14 20:26:27 honeypot-sgp-1 kernel: [84063296.173109] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.203.57.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=47496 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:26:37 honeypot-fra-1 sshd[10451]: Invalid user la from 165.22.45.108 port 36298","@timestamp":"2022-09-14T20:26:38.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:29:40 honeypot-ams-1 sshd[25775]: Invalid user loyal from 164.163.96.253 port 44304","@timestamp":"2022-09-14T20:29:40.767Z"}
{"@timestamp":"2022-09-14T20:30:56.497Z","@version":"1","message":"Sep 14 20:30:55 honeypot-sgp-1 kernel: [84063563.734672] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=41045 PROTO=TCP SPT=47402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:35:01 honeypot-fra-1 kernel: [84062120.835210] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=43875 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:35:01.618Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:35:54 honeypot-ams-1 kernel: [84064337.286121] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.230.183 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=50055 DF PROTO=TCP SPT=47804 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:35:54.932Z"}
{"@timestamp":"2022-09-14T20:36:39.819Z","@version":"1","message":"Sep 14 20:36:38 honeypot-sgp-1 sshd[14457]: Received disconnect from 141.255.162.226 port 36274:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:43.821Z","@version":"1","message":"Sep 14 20:36:43 honeypot-sgp-1 sshd[14461]: Received disconnect from 141.255.162.226 port 53118:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:47.823Z","@version":"1","message":"Sep 14 20:36:46 honeypot-sgp-1 sshd[14465]: Received disconnect from 141.255.162.226 port 50182:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:39:27 honeypot-fra-1 kernel: [84062387.164497] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.119 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5924 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:39:28.722Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:40:37 honeypot-ams-1 sshd[25780]: Disconnected from authenticating user root 92.255.85.70 port 35990 [preauth]","@timestamp":"2022-09-14T20:40:38.061Z"}
{"@timestamp":"2022-09-14T20:46:41.050Z","@version":"1","message":"Sep 14 20:46:40 honeypot-sgp-1 kernel: [84064509.082094] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.23.222.167 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=14034 PROTO=TCP SPT=48018 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:48:34 honeypot-ams-1 sshd[25785]: Invalid user admin from 202.88.244.36 port 38098","@timestamp":"2022-09-14T20:48:34.270Z"}
{"@timestamp":"2022-09-14T20:58:33.325Z","@version":"1","message":"Sep 14 20:58:33 honeypot-sgp-1 sshd[14476]: Received disconnect from 92.255.85.70 port 32480:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:59:51.357Z","@version":"1","message":"Sep 14 20:59:50 honeypot-sgp-1 sshd[14481]: Received disconnect from 116.92.213.114 port 53358:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:00:57 honeypot-fra-1 sshd[10458]: Connection closed by invalid user bianyuzhe 137.116.144.39 port 41928 [preauth]","@timestamp":"2022-09-14T21:00:57.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:02:20 honeypot-ams-1 sshd[25789]: Invalid user beltrami from 45.175.18.29 port 44634","@timestamp":"2022-09-14T21:02:21.632Z"}
{"@timestamp":"2022-09-14T21:06:19.507Z","@version":"1","message":"Sep 14 21:06:18 honeypot-sgp-1 sshd[14561]: Connection closed by invalid user pi 50.45.186.194 port 38320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:07:08 honeypot-ams-1 kernel: [84066211.153326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.170.202.113 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=61002 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:07:08.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:02 honeypot-fra-1 sshd[10463]: Invalid user devops from 43.138.12.15 port 55980","@timestamp":"2022-09-14T21:08:02.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:03 honeypot-fra-1 sshd[10464]: Connection closed by invalid user ec2-user 43.138.12.15 port 55982 [preauth]","@timestamp":"2022-09-14T21:08:03.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10473]: Invalid user elastic from 43.138.12.15 port 55940","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10486]: Invalid user ansible from 43.138.12.15 port 55978","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10497]: Invalid user vagrant from 43.138.12.15 port 55960","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10475]: Connection closed by invalid user minecraft 43.138.12.15 port 55958 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10480]: Invalid user mcserv from 43.138.12.15 port 55910","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10480]: Connection closed by invalid user mcserv 43.138.12.15 port 55910 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10482]: Connection closed by invalid user mcsrv 43.138.12.15 port 55908 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10500]: Connection closed by invalid user hduser 43.138.12.15 port 55944 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10472]: Connection closed by invalid user ansible 43.138.12.15 port 55964 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T21:09:35.582Z","@version":"1","message":"Sep 14 21:09:35 honeypot-sgp-1 kernel: [84065883.294149] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=55936 DF PROTO=TCP SPT=43460 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T21:13:50.682Z","@version":"1","message":"Sep 14 21:13:50 honeypot-sgp-1 sshd[14567]: Disconnected from authenticating user root 68.183.88.138 port 51056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:14:36 honeypot-fra-1 sshd[10531]: Invalid user lambda from 165.22.45.108 port 41286","@timestamp":"2022-09-14T21:14:37.510Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:17:36 honeypot-ams-1 kernel: [84066838.787037] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=30691 PROTO=TCP SPT=47184 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:17:37.040Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:18:26 honeypot-fra-1 kernel: [84064726.125992] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=44.204.176.173 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=15357 DF PROTO=TCP SPT=57372 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T21:18:27.596Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T21:22:24.877Z","@version":"1","message":"Sep 14 21:22:24 honeypot-sgp-1 sshd[14574]: Disconnected from authenticating user root 92.255.85.69 port 50720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:26:13 honeypot-fra-1 kernel: [84065193.163224] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.152.52.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1804 PROTO=TCP SPT=50773 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:26:14.769Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:27:20 honeypot-ams-1 sshd[25803]: Disconnected from authenticating user root 92.255.85.69 port 40724 [preauth]","@timestamp":"2022-09-14T21:27:20.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:30:11 honeypot-fra-1 kernel: [84065430.705604] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.254.43 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=55514 DF PROTO=TCP SPT=50262 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T21:30:11.860Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:49 honeypot-ams-1 sshd[25809]: Received disconnect from 198.98.61.9 port 43092:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:31:50.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:06 honeypot-ams-1 sshd[25813]: Received disconnect from 198.98.61.9 port 38022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:32:07.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:24 honeypot-ams-1 sshd[25817]: Received disconnect from 198.98.61.9 port 32830:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:32:25.434Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:35:04 honeypot-ams-1 kernel: [84067887.254717] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51796 PROTO=TCP SPT=51116 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:35:05.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:38:59 honeypot-ams-1 sshd[25824]: Disconnected from authenticating user root 143.244.134.191 port 35546 [preauth]","@timestamp":"2022-09-14T21:38:59.632Z"}
{"@timestamp":"2022-09-14T21:49:16.501Z","@version":"1","message":"Sep 14 21:49:16 honeypot-sgp-1 kernel: [84068264.223554] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.246.253.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=43407 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:10 honeypot-ams-1 sshd[25829]: Received disconnect from 92.255.85.69 port 20584:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:51:10.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:24 honeypot-ams-1 sshd[25833]: Received disconnect from 45.61.186.249 port 57334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:51:24.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:44 honeypot-ams-1 sshd[25837]: Received disconnect from 45.61.186.249 port 51402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:51:44.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:52:01 honeypot-ams-1 sshd[25841]: Received disconnect from 45.61.186.249 port 45470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:52:01.979Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:53:42 honeypot-fra-1 kernel: [84066841.816049] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.91.221.105 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:53:43.395Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T21:56:53.677Z","@version":"1","message":"Sep 14 21:56:53 honeypot-sgp-1 kernel: [84068721.607244] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=64943 PROTO=TCP SPT=51715 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:02:05 honeypot-ams-1 kernel: [84069508.158508] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=147.75.47.189 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41423 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:02:06.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:02:48 honeypot-fra-1 sshd[10550]: Disconnected from invalid user lance 165.22.45.108 port 46276 [preauth]","@timestamp":"2022-09-14T22:02:48.618Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:04:37.856Z","@version":"1","message":"Sep 14 22:04:37 honeypot-sgp-1 kernel: [84069185.344214] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=2993 PROTO=TCP SPT=58933 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:29.878Z","@version":"1","message":"Sep 14 22:05:28 honeypot-sgp-1 sshd[14593]: Received disconnect from 141.255.162.226 port 34332:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:34.880Z","@version":"1","message":"Sep 14 22:05:34 honeypot-sgp-1 sshd[14597]: Received disconnect from 141.255.162.226 port 56832:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:07:12.919Z","@version":"1","message":"Sep 14 22:07:12 honeypot-sgp-1 sshd[14599]: Received disconnect from 128.199.150.171 port 49156:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:08:30 honeypot-fra-1 kernel: [84067729.093381] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=147.75.47.189 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44572 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:08:30.747Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:27 honeypot-ams-1 sshd[25849]: Invalid user sld from 46.101.135.232 port 55410","@timestamp":"2022-09-14T22:09:28.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:49 honeypot-ams-1 sshd[25853]: Received disconnect from 103.119.144.75 port 41852:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:09:49.438Z"}
{"@timestamp":"2022-09-14T22:10:30.996Z","@version":"1","message":"Sep 14 22:10:30 honeypot-sgp-1 kernel: [84069538.382895] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=51752 PROTO=TCP SPT=65329 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:11:08 honeypot-ams-1 kernel: [84070051.304876] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.91.221.105 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:11:09.474Z"}
{"@timestamp":"2022-09-14T22:14:08.082Z","@version":"1","message":"Sep 14 22:14:07 honeypot-sgp-1 sshd[14610]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.215.24 port 58582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:14:28 honeypot-ams-1 kernel: [84070251.348141] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.141.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=37542 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:14:29.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:15:58 honeypot-ams-1 sshd[25867]: Received disconnect from 61.177.172.104 port 26746:11:  [preauth]","@timestamp":"2022-09-14T22:15:58.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:16:13 honeypot-fra-1 sshd[10560]: Connection closed by invalid user MASTERWIFI 141.98.10.158 port 53626 [preauth]","@timestamp":"2022-09-14T22:16:13.937Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:17:38 honeypot-ams-1 kernel: [84070441.545112] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:17:39.653Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:21:07 honeypot-ams-1 kernel: [84070650.033775] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.7 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51737 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:21:07.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:22:41 honeypot-fra-1 kernel: [84068581.021626] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=22855 PROTO=TCP SPT=37037 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:22:42.107Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:23:03 honeypot-ams-1 sshd[25879]: Disconnected from authenticating user root 107.189.10.112 port 33406 [preauth]","@timestamp":"2022-09-14T22:23:03.799Z"}
{"@timestamp":"2022-09-14T22:24:28.339Z","@version":"1","message":"Sep 14 22:24:27 honeypot-sgp-1 sshd[14616]: Received disconnect from 61.177.173.39 port 44195:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:08.382Z","@version":"1","message":"Sep 14 22:26:07 honeypot-sgp-1 kernel: [84070475.595365] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=69.94.89.184 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=15650 PROTO=TCP SPT=30890 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:24.391Z","@version":"1","message":"Sep 14 22:26:24 honeypot-sgp-1 sshd[14624]: Disconnected from invalid user beny 223.197.151.55 port 43553 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:47.401Z","@version":"1","message":"Sep 14 22:26:46 honeypot-sgp-1 sshd[14630]: Connection closed by invalid user pi 60.221.50.163 port 39822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:28:57.453Z","@version":"1","message":"Sep 14 22:28:57 honeypot-sgp-1 sshd[14634]: Disconnected from invalid user odoo9 213.222.20.244 port 43234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:29:45.475Z","@version":"1","message":"Sep 14 22:29:45 honeypot-sgp-1 sshd[14641]: Received disconnect from 89.203.192.113 port 32878:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:30:45.501Z","@version":"1","message":"Sep 14 22:30:44 honeypot-sgp-1 sshd[14645]: Disconnected from invalid user admin 103.147.4.202 port 46450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:32:12.540Z","@version":"1","message":"Sep 14 22:32:11 honeypot-sgp-1 sshd[14649]: Invalid user postgres from 43.132.253.90 port 53590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:32:49 honeypot-ams-1 kernel: [84071352.534370] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.95.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47241 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:32:50.053Z"}
{"@timestamp":"2022-09-14T22:33:16.568Z","@version":"1","message":"Sep 14 22:33:16 honeypot-sgp-1 sshd[14653]: Disconnected from authenticating user root 178.128.28.51 port 33964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:34:00.586Z","@version":"1","message":"Sep 14 22:33:59 honeypot-sgp-1 sshd[14657]: Disconnected from invalid user rw 81.16.11.250 port 54256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:34:54 honeypot-fra-1 kernel: [84069313.616177] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.89 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46984 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:34:55.399Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:37:02 honeypot-ams-1 sshd[25891]: Disconnected from authenticating user root 61.177.173.39 port 53695 [preauth]","@timestamp":"2022-09-14T22:37:03.166Z"}
{"@timestamp":"2022-09-14T22:37:26.668Z","@version":"1","message":"Sep 14 22:37:26 honeypot-sgp-1 sshd[14664]: Received disconnect from 141.255.162.226 port 60730:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:30.670Z","@version":"1","message":"Sep 14 22:37:30 honeypot-sgp-1 sshd[14668]: Received disconnect from 141.255.162.226 port 48064:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:50.680Z","@version":"1","message":"Sep 14 22:37:50 honeypot-sgp-1 sshd[14674]: Invalid user admin from 117.202.18.5 port 44372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:38:35 honeypot-fra-1 sshd[10572]: Disconnected from invalid user seven 219.240.99.77 port 55354 [preauth]","@timestamp":"2022-09-14T22:38:36.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:41:09 honeypot-ams-1 sshd[25898]: Disconnected from authenticating user root 61.177.173.49 port 59963 [preauth]","@timestamp":"2022-09-14T22:41:09.274Z"}
{"@timestamp":"2022-09-14T22:41:11.762Z","@version":"1","message":"Sep 14 22:41:11 honeypot-sgp-1 kernel: [84071379.661693] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:41:26 honeypot-fra-1 sshd[10576]: Disconnected from authenticating user root 68.183.225.151 port 33992 [preauth]","@timestamp":"2022-09-14T22:41:27.565Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:45:08.860Z","@version":"1","message":"Sep 14 22:45:08 honeypot-sgp-1 sshd[14681]: Disconnected from authenticating user root 61.177.173.39 port 20633 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:48:02 honeypot-fra-1 sshd[10581]: Disconnected from authenticating user root 188.36.125.179 port 39736 [preauth]","@timestamp":"2022-09-14T22:48:02.714Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:48:10 honeypot-ams-1 kernel: [84072272.994689] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.176.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=49663 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:48:10.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:50:57 honeypot-ams-1 sshd[25918]: Received disconnect from 61.177.173.49 port 52986:11:  [preauth]","@timestamp":"2022-09-14T22:50:57.530Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:50:59 honeypot-fra-1 sshd[10586]: Disconnected from authenticating user root 143.198.50.154 port 45572 [preauth]","@timestamp":"2022-09-14T22:50:59.783Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:51:01.001Z","@version":"1","message":"Sep 14 22:51:00 honeypot-sgp-1 kernel: [84071968.743178] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45586 PROTO=TCP SPT=59844 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:52:24 honeypot-ams-1 sshd[25924]: Received disconnect from 179.43.156.143 port 39724:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:52:24.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:53:26 honeypot-ams-1 sshd[25928]: Invalid user tomcat from 193.106.191.157 port 34932","@timestamp":"2022-09-14T22:53:26.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:54:18 honeypot-ams-1 sshd[25933]: Invalid user ossuser from 179.43.156.143 port 57452","@timestamp":"2022-09-14T22:54:18.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:29 honeypot-fra-1 sshd[10591]: Received disconnect from 198.98.61.9 port 45902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:54:29.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:48 honeypot-fra-1 sshd[10595]: Received disconnect from 198.98.61.9 port 39820:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:54:48.870Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:54:56 honeypot-ams-1 sshd[25935]: Disconnected from invalid user nfsnobod 179.43.156.143 port 53934 [preauth]","@timestamp":"2022-09-14T22:54:57.641Z"}
{"@timestamp":"2022-09-14T22:55:04.100Z","@version":"1","message":"Sep 14 22:55:04 honeypot-sgp-1 sshd[14693]: Disconnected from invalid user postgres 202.88.244.36 port 60727 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:55:04 honeypot-fra-1 sshd[10599]: Received disconnect from 198.98.61.9 port 33714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:55:04.878Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:56:16 honeypot-ams-1 sshd[25942]: Disconnected from authenticating user root 179.43.156.143 port 46920 [preauth]","@timestamp":"2022-09-14T22:56:16.677Z"}
{"@timestamp":"2022-09-14T22:56:27.134Z","@version":"1","message":"Sep 14 22:56:26 honeypot-sgp-1 sshd[14698]: Received disconnect from 92.255.85.70 port 30816:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:58:18 honeypot-ams-1 sshd[25948]: Received disconnect from 179.43.156.143 port 36408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:58:18.733Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:58:51 honeypot-fra-1 sshd[10604]: Received disconnect from 92.255.85.70 port 52096:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:58:51.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:59:26.206Z","@version":"1","message":"Sep 14 22:59:25 honeypot-sgp-1 kernel: [84072473.605189] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=53610 PROTO=TCP SPT=54634 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:00:44 honeypot-ams-1 sshd[25953]: Disconnected from authenticating user root 61.177.173.51 port 60481 [preauth]","@timestamp":"2022-09-14T23:00:45.799Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:02:24 honeypot-fra-1 sshd[10609]: Invalid user centos from 179.60.147.69 port 24686","@timestamp":"2022-09-14T23:02:25.061Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:05:06 honeypot-ams-1 sshd[25959]: Invalid user centos from 179.60.147.69 port 65240","@timestamp":"2022-09-14T23:05:07.915Z"}
{"@timestamp":"2022-09-14T23:09:33.445Z","@version":"1","message":"Sep 14 23:09:33 honeypot-sgp-1 sshd[14710]: Disconnected from authenticating user root 61.177.173.53 port 43856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:10:00 honeypot-ams-1 sshd[25968]: Did not receive identification string from 46.19.141.122 port 40436","@timestamp":"2022-09-14T23:10:01.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:11:58 honeypot-ams-1 sshd[25971]: Disconnected from invalid user admin 46.19.141.122 port 33724 [preauth]","@timestamp":"2022-09-14T23:11:59.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:00 honeypot-ams-1 sshd[25978]: Invalid user user from 46.19.141.122 port 35734","@timestamp":"2022-09-14T23:14:01.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:49 honeypot-ams-1 sshd[25982]: Invalid user support from 46.19.141.122 port 36716","@timestamp":"2022-09-14T23:14:50.174Z"}
{"@timestamp":"2022-09-14T23:14:52.573Z","@version":"1","message":"Sep 14 23:14:52 honeypot-sgp-1 kernel: [84073400.513533] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=194.28.112.135 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=2379 PROTO=TCP SPT=51499 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:17:01 honeypot-ams-1 CRON[25986]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T23:17:02.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:17:01 honeypot-fra-1 CRON[10618]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T23:17:02.381Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:17:58.651Z","@version":"1","message":"Sep 14 23:17:58 honeypot-sgp-1 sshd[14721]: Received disconnect from 40.115.18.231 port 49452:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:42 honeypot-fra-1 sshd[10623]: Invalid user user from 45.61.186.169 port 55076","@timestamp":"2022-09-14T23:18:43.423Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:59 honeypot-fra-1 sshd[10627]: Invalid user user from 45.61.186.169 port 49758","@timestamp":"2022-09-14T23:19:00.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:15 honeypot-fra-1 sshd[10631]: Invalid user user from 45.61.186.169 port 44412","@timestamp":"2022-09-14T23:19:16.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:31 honeypot-fra-1 sshd[10635]: Invalid user user from 45.61.186.169 port 39086","@timestamp":"2022-09-14T23:19:31.447Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:20:18.707Z","@version":"1","message":"Sep 14 23:20:18 honeypot-sgp-1 sshd[14727]: Disconnected from authenticating user root 61.177.173.49 port 56717 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:20:59.725Z","@version":"1","message":"Sep 14 23:20:59 honeypot-sgp-1 sshd[14732]: Received disconnect from 45.61.186.169 port 47682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:17.735Z","@version":"1","message":"Sep 14 23:21:16 honeypot-sgp-1 sshd[14736]: Received disconnect from 45.61.186.169 port 42218:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:31.742Z","@version":"1","message":"Sep 14 23:21:31 honeypot-sgp-1 sshd[14740]: Disconnected from authenticating user root 143.244.158.100 port 53664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:41.746Z","@version":"1","message":"Sep 14 23:21:41 honeypot-sgp-1 sshd[14745]: Disconnected from authenticating user root 61.177.172.19 port 21313 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:22:35.769Z","@version":"1","message":"Sep 14 23:22:35 honeypot-sgp-1 sshd[14751]: Received disconnect from 143.244.158.100 port 54284:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:23:53 honeypot-ams-1 sshd[25994]: Received disconnect from 61.177.173.39 port 11869:11:  [preauth]","@timestamp":"2022-09-14T23:23:54.409Z"}
{"@timestamp":"2022-09-14T23:25:28.839Z","@version":"1","message":"Sep 14 23:25:28 honeypot-sgp-1 sshd[14758]: Received disconnect from 143.244.158.100 port 37574:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:25:55 honeypot-ams-1 kernel: [84074537.750165] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5703 PROTO=TCP SPT=55990 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:25:55.464Z"}
{"@timestamp":"2022-09-14T23:27:21.887Z","@version":"1","message":"Sep 14 23:27:20 honeypot-sgp-1 sshd[14764]: Received disconnect from 143.244.158.100 port 48270:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:29:18.935Z","@version":"1","message":"Sep 14 23:29:18 honeypot-sgp-1 sshd[14768]: Received disconnect from 143.244.158.100 port 60526:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:30:17.962Z","@version":"1","message":"Sep 14 23:30:17 honeypot-sgp-1 sshd[14774]: Received disconnect from 143.244.158.100 port 50586:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:31:10.985Z","@version":"1","message":"Sep 14 23:31:10 honeypot-sgp-1 sshd[14779]: Disconnected from authenticating user root 143.244.158.100 port 55646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:31:20 honeypot-ams-1 sshd[26003]: Disconnected from authenticating user root 61.177.173.50 port 53107 [preauth]","@timestamp":"2022-09-14T23:31:20.604Z"}
{"@timestamp":"2022-09-14T23:34:16.062Z","@version":"1","message":"Sep 14 23:34:15 honeypot-sgp-1 sshd[14785]: Received disconnect from 143.244.158.100 port 35368:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:36:20.112Z","@version":"1","message":"Sep 14 23:36:19 honeypot-sgp-1 sshd[14792]: Received disconnect from 61.177.173.35 port 28406:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:37:24 honeypot-ams-1 sshd[26010]: Received disconnect from 61.177.173.48 port 16909:11:  [preauth]","@timestamp":"2022-09-14T23:37:25.763Z"}
{"@timestamp":"2022-09-14T23:39:03.303Z","@version":"1","message":"Sep 14 23:39:02 honeypot-sgp-1 sshd[14798]: Received disconnect from 143.244.158.100 port 37920:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:40:22 honeypot-fra-1 sshd[10641]: Connection closed by authenticating user root 179.60.147.69 port 24874 [preauth]","@timestamp":"2022-09-14T23:40:22.902Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:41:10.355Z","@version":"1","message":"Sep 14 23:41:09 honeypot-sgp-1 sshd[14804]: Disconnected from authenticating user root 143.244.158.100 port 53682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:42:36 honeypot-ams-1 sshd[26020]: Connection closed by authenticating user root 179.60.147.69 port 53918 [preauth]","@timestamp":"2022-09-14T23:42:36.899Z"}
{"@timestamp":"2022-09-14T23:43:04.402Z","@version":"1","message":"Sep 14 23:43:03 honeypot-sgp-1 sshd[14812]: Received disconnect from 143.244.158.100 port 55722:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:44:54.447Z","@version":"1","message":"Sep 14 23:44:53 honeypot-sgp-1 sshd[14818]: Received disconnect from 143.244.158.100 port 54546:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:45:51.470Z","@version":"1","message":"Sep 14 23:45:50 honeypot-sgp-1 sshd[14822]: Disconnected from authenticating user root 143.244.158.100 port 36454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:47:34 honeypot-ams-1 sshd[26024]: Received disconnect from 61.177.173.52 port 44395:11:  [preauth]","@timestamp":"2022-09-14T23:47:35.037Z"}
{"@timestamp":"2022-09-14T23:48:35.536Z","@version":"1","message":"Sep 14 23:48:34 honeypot-sgp-1 sshd[14829]: Disconnected from authenticating user root 143.244.158.100 port 44152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:50:35.584Z","@version":"1","message":"Sep 14 23:50:35 honeypot-sgp-1 sshd[14839]: Received disconnect from 143.244.158.100 port 54622:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:51:09 honeypot-ams-1 sshd[26031]: Received disconnect from 61.177.173.36 port 19107:11:  [preauth]","@timestamp":"2022-09-14T23:51:10.134Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:51:51 honeypot-fra-1 kernel: [84073930.020785] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=35649 PROTO=TCP SPT=50478 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:51:52.165Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:52:08 honeypot-ams-1 sshd[26037]: Invalid user kise from 222.253.43.62 port 63195","@timestamp":"2022-09-14T23:52:09.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:53:17 honeypot-ams-1 sshd[26043]: Disconnected from authenticating user root 61.177.172.108 port 38403 [preauth]","@timestamp":"2022-09-14T23:53:18.196Z"}
{"@timestamp":"2022-09-14T23:53:21.651Z","@version":"1","message":"Sep 14 23:53:21 honeypot-sgp-1 sshd[14846]: Received disconnect from 143.244.158.100 port 54406:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:04 honeypot-ams-1 sshd[26048]: Disconnected from authenticating user root 187.17.43.167 port 30804 [preauth]","@timestamp":"2022-09-14T23:54:04.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:13 honeypot-ams-1 sshd[26052]: Disconnected from invalid user user 45.61.186.249 port 36610 [preauth]","@timestamp":"2022-09-14T23:54:14.225Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:31 honeypot-ams-1 sshd[26056]: Disconnected from invalid user user 45.61.186.249 port 59930 [preauth]","@timestamp":"2022-09-14T23:54:31.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:48 honeypot-ams-1 sshd[26060]: Disconnected from invalid user user 45.61.186.249 port 55034 [preauth]","@timestamp":"2022-09-14T23:54:48.244Z"}
{"@timestamp":"2022-09-14T23:55:07.695Z","@version":"1","message":"Sep 14 23:55:07 honeypot-sgp-1 sshd[14852]: Received disconnect from 143.244.158.100 port 60734:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:57:51.761Z","@version":"1","message":"Sep 14 23:57:51 honeypot-sgp-1 sshd[14859]: Received disconnect from 143.244.158.100 port 42796:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:05 honeypot-fra-1 sshd[10653]: Invalid user user from 45.61.186.169 port 37192","@timestamp":"2022-09-14T23:59:05.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:24 honeypot-fra-1 sshd[10657]: Invalid user user from 45.61.186.169 port 60226","@timestamp":"2022-09-14T23:59:24.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:40 honeypot-fra-1 sshd[10661]: Invalid user user from 45.61.186.169 port 55040","@timestamp":"2022-09-14T23:59:40.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:59:50.810Z","@version":"1","message":"Sep 14 23:59:50 honeypot-sgp-1 sshd[14866]: Received disconnect from 143.244.158.100 port 34894:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:56 honeypot-fra-1 sshd[10665]: Invalid user user from 45.61.186.169 port 49842","@timestamp":"2022-09-14T23:59:57.355Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:01:41 honeypot-ams-1 sshd[26065]: Disconnected from authenticating user root 61.177.172.90 port 38145 [preauth]","@timestamp":"2022-09-15T00:01:42.427Z"}
{"@timestamp":"2022-09-15T00:02:01.863Z","@version":"1","message":"Sep 15 00:02:01 honeypot-sgp-1 kernel: [84076229.387796] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=62908 PROTO=TCP SPT=52613 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:04:21.920Z","@version":"1","message":"Sep 15 00:04:21 honeypot-sgp-1 sshd[14877]: Disconnected from authenticating user root 61.177.173.36 port 21789 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:05:57.961Z","@version":"1","message":"Sep 15 00:05:57 honeypot-sgp-1 sshd[14883]: Disconnected from authenticating user root 92.255.85.70 port 16492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:08:49.031Z","@version":"1","message":"Sep 15 00:08:48 honeypot-sgp-1 sshd[14889]: Received disconnect from 143.244.158.100 port 36886:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:10:48.077Z","@version":"1","message":"Sep 15 00:10:47 honeypot-sgp-1 sshd[14896]: Received disconnect from 143.244.158.100 port 57074:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:11:04 honeypot-ams-1 sshd[26071]: Disconnected from authenticating user root 61.177.173.53 port 48193 [preauth]","@timestamp":"2022-09-15T00:11:04.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:12:08 honeypot-fra-1 kernel: [84075147.728702] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.187 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50603 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:12:09.630Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T00:12:10.110Z","@version":"1","message":"Sep 15 00:12:09 honeypot-sgp-1 sshd[14900]: Disconnected from invalid user chinchilla 179.104.53.194 port 58316 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:13:48.151Z","@version":"1","message":"Sep 15 00:13:47 honeypot-sgp-1 sshd[14908]: Received disconnect from 143.244.158.100 port 43290:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:14:25 honeypot-fra-1 sshd[10672]: Disconnected from invalid user darioopen 37.77.105.29 port 47342 [preauth]","@timestamp":"2022-09-15T00:14:25.685Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:10 honeypot-ams-1 sshd[26077]: Received disconnect from 45.61.186.49 port 40434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:16:10.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:20 honeypot-ams-1 sshd[26081]: Received disconnect from 45.61.186.49 port 52028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:16:21.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:17:01 honeypot-ams-1 CRON[26085]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T00:17:01.837Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:18:09 honeypot-fra-1 sshd[10680]: Disconnected from invalid user ih 128.199.128.68 port 39298 [preauth]","@timestamp":"2022-09-15T00:18:10.803Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:19:19.281Z","@version":"1","message":"Sep 15 00:19:19 honeypot-sgp-1 sshd[14916]: Disconnected from authenticating user root 61.177.173.53 port 48352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:22:09.350Z","@version":"1","message":"Sep 15 00:22:08 honeypot-sgp-1 sshd[14925]: Received disconnect from 64.227.185.119 port 38110:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:32 honeypot-ams-1 sshd[26094]: Received disconnect from 141.255.162.226 port 42884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:22:32.984Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:37 honeypot-ams-1 sshd[26098]: Received disconnect from 141.255.162.226 port 51308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:22:37.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:39 honeypot-ams-1 sshd[26101]: Received disconnect from 141.255.162.226 port 59734:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T00:22:39.989Z"}
{"@timestamp":"2022-09-15T00:23:40.387Z","@version":"1","message":"Sep 15 00:23:39 honeypot-sgp-1 sshd[14929]: Received disconnect from 96.78.175.36 port 40430:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:25:35 honeypot-ams-1 kernel: [84078117.712266] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.214.231.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=57296 PROTO=TCP SPT=47447 DPT=80 WINDOW=49368 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:25:36.068Z"}
{"@timestamp":"2022-09-15T00:25:54.442Z","@version":"1","message":"Sep 15 00:25:54 honeypot-sgp-1 kernel: [84077662.111559] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=51271 DF PROTO=TCP SPT=50134 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:30:53.562Z","@version":"1","message":"Sep 15 00:30:52 honeypot-sgp-1 sshd[14940]: Received disconnect from 61.177.173.36 port 59279:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:32:49 honeypot-ams-1 sshd[26113]: Disconnected from authenticating user root 61.177.173.36 port 59926 [preauth]","@timestamp":"2022-09-15T00:32:50.258Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:33:37 honeypot-fra-1 sshd[10690]: Received disconnect from 181.48.60.50 port 52276:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:33:38.150Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:34:21.648Z","@version":"1","message":"Sep 15 00:34:21 honeypot-sgp-1 kernel: [84078168.997726] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.88.165.76 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=59398 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:34:39 honeypot-ams-1 sshd[26117]: Disconnected from authenticating user root 92.255.85.70 port 46596 [preauth]","@timestamp":"2022-09-15T00:34:40.309Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:35:48 honeypot-fra-1 kernel: [84076567.155846] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=64798 PROTO=TCP SPT=42348 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:35:49.205Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:37:09 honeypot-ams-1 sshd[26124]: Connection closed by invalid user ubnt 179.60.147.69 port 39016 [preauth]","@timestamp":"2022-09-15T00:37:09.376Z"}
{"@timestamp":"2022-09-15T00:43:12.857Z","@version":"1","message":"Sep 15 00:43:11 honeypot-sgp-1 sshd[14950]: Invalid user admin from 128.199.168.83 port 48552","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:43:12.857Z","@version":"1","message":"Sep 15 00:43:12 honeypot-sgp-1 sshd[14956]: Invalid user admin from 128.199.168.83 port 48572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:45:42.919Z","@version":"1","message":"Sep 15 00:45:42 honeypot-sgp-1 sshd[14963]: Received disconnect from 203.218.247.74 port 45038:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:46:17 honeypot-ams-1 kernel: [84079360.204668] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.209.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=7111 PROTO=TCP SPT=35260 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:46:17.628Z"}
{"@timestamp":"2022-09-15T00:53:09.112Z","@version":"1","message":"Sep 15 00:53:08 honeypot-sgp-1 sshd[14971]: Received disconnect from 92.255.85.69 port 45962:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:53:35 honeypot-ams-1 sshd[26136]: Received disconnect from 61.177.173.37 port 62901:11:  [preauth]","@timestamp":"2022-09-15T00:53:35.822Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:55:57 honeypot-fra-1 sshd[10701]: Received disconnect from 92.255.85.70 port 39300:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:55:57.672Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:59:22 honeypot-ams-1 sshd[26145]: Received disconnect from 61.177.173.53 port 23148:11:  [preauth]","@timestamp":"2022-09-15T00:59:22.974Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:59:58 honeypot-fra-1 sshd[10705]: Disconnected from authenticating user root 190.210.182.179 port 37244 [preauth]","@timestamp":"2022-09-15T00:59:58.769Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:05:20 honeypot-ams-1 kernel: [84080502.863939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.44.215.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=55623 DF PROTO=TCP SPT=40081 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:05:21.134Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:24 honeypot-fra-1 sshd[10712]: Invalid user user from 45.61.186.169 port 57588","@timestamp":"2022-09-15T01:10:25.102Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:10:31.554Z","@version":"1","message":"Sep 15 01:10:30 honeypot-sgp-1 sshd[14982]: Invalid user guest from 179.60.147.69 port 54516","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:10:35 honeypot-ams-1 sshd[26154]: Received disconnect from 218.60.104.104 port 38660:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:10:35.273Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:37 honeypot-fra-1 kernel: [84078655.903706] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.88.165.76 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=220 ID=10069 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:10:38.108Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:49 honeypot-fra-1 sshd[10718]: Disconnected from invalid user user 45.61.186.169 port 35436 [preauth]","@timestamp":"2022-09-15T01:10:50.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:11:05 honeypot-fra-1 sshd[10723]: Disconnected from invalid user user 45.61.186.169 port 58308 [preauth]","@timestamp":"2022-09-15T01:11:06.121Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:16:38.700Z","@version":"1","message":"Sep 15 01:16:38 honeypot-sgp-1 sshd[14989]: Disconnected from authenticating user root 92.255.85.69 port 53714 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:16:46 honeypot-ams-1 sshd[26164]: Connection closed by 192.241.219.111 port 46654 [preauth]","@timestamp":"2022-09-15T01:16:46.435Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:17:01 honeypot-fra-1 CRON[10732]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T01:17:02.255Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:18:03.736Z","@version":"1","message":"Sep 15 01:18:03 honeypot-sgp-1 sshd[14996]: Disconnected from authenticating user root 61.177.172.98 port 13506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:20:51.804Z","@version":"1","message":"Sep 15 01:20:51 honeypot-sgp-1 sshd[15000]: Received disconnect from 105.174.43.194 port 34535:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:28:33.990Z","@version":"1","message":"Sep 15 01:28:33 honeypot-sgp-1 kernel: [84081421.763888] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=55072 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:30:35 honeypot-fra-1 sshd[10742]: Did not receive identification string from 45.61.184.204 port 57502","@timestamp":"2022-09-15T01:30:35.565Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:06 honeypot-fra-1 sshd[10757]: Received disconnect from 45.61.184.204 port 51202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:31:07.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:24 honeypot-fra-1 sshd[10761]: Received disconnect from 45.61.184.204 port 46746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:31:25.590Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:31:28 honeypot-ams-1 sshd[26183]: Invalid user anna from 152.67.45.125 port 44544","@timestamp":"2022-09-15T01:31:28.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:43 honeypot-fra-1 sshd[10768]: Received disconnect from 45.61.184.204 port 42278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:31:44.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:35:08 honeypot-ams-1 sshd[26185]: Disconnected from authenticating user root 61.177.172.104 port 18456 [preauth]","@timestamp":"2022-09-15T01:35:08.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:36:02 honeypot-ams-1 sshd[26189]: Connection closed by invalid user tomcat 193.106.191.157 port 50636 [preauth]","@timestamp":"2022-09-15T01:36:02.942Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:36:38 honeypot-fra-1 sshd[10776]: Disconnected from authenticating user root 128.199.225.7 port 46850 [preauth]","@timestamp":"2022-09-15T01:36:38.711Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:37:28 honeypot-fra-1 sshd[10790]: Disconnected from authenticating user root 43.134.179.51 port 46254 [preauth]","@timestamp":"2022-09-15T01:37:28.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:39:51.256Z","@version":"1","message":"Sep 15 01:39:50 honeypot-sgp-1 kernel: [84082098.685120] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=24221 DF PROTO=TCP SPT=62166 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:40:03 honeypot-fra-1 sshd[10797]: Connection closed by invalid user admin 220.74.55.232 port 51297 [preauth]","@timestamp":"2022-09-15T01:40:03.794Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:45:18 honeypot-ams-1 sshd[26201]: Received disconnect from 92.255.85.70 port 35954:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:45:19.186Z"}
{"@timestamp":"2022-09-15T01:46:53.426Z","@version":"1","message":"Sep 15 01:46:53 honeypot-sgp-1 sshd[15037]: Connection closed by invalid user support 179.60.147.69 port 37666 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:46:54 honeypot-fra-1 kernel: [84080833.179213] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.121 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=36201 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:46:54.955Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:21 honeypot-ams-1 sshd[26209]: Invalid user user from 141.255.162.226 port 56178","@timestamp":"2022-09-15T01:50:21.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:23 honeypot-ams-1 sshd[26213]: Invalid user user from 141.255.162.226 port 53084","@timestamp":"2022-09-15T01:50:24.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:25 honeypot-ams-1 sshd[26217]: Invalid user user from 141.255.162.226 port 33234","@timestamp":"2022-09-15T01:50:26.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:30 honeypot-ams-1 sshd[26221]: Invalid user user from 141.255.162.226 port 41608","@timestamp":"2022-09-15T01:50:31.325Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:53:36 honeypot-ams-1 kernel: [84083398.585465] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.200 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54979 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:53:36.409Z"}
{"@timestamp":"2022-09-15T01:55:55.641Z","@version":"1","message":"Sep 15 01:55:54 honeypot-sgp-1 sshd[15043]: Received disconnect from 202.83.18.224 port 53094:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:59:43.735Z","@version":"1","message":"Sep 15 01:59:43 honeypot-sgp-1 sshd[15052]: Invalid user logger from 118.70.180.174 port 35353","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:01:39.784Z","@version":"1","message":"Sep 15 02:01:38 honeypot-sgp-1 kernel: [84083406.845051] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53896 PROTO=TCP SPT=29733 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:01:48 honeypot-fra-1 sshd[10808]: Disconnected from invalid user teamspeak 206.189.126.211 port 60504 [preauth]","@timestamp":"2022-09-15T02:01:49.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:06:00 honeypot-fra-1 sshd[10812]: Invalid user johnf from 97.64.122.66 port 8350","@timestamp":"2022-09-15T02:06:01.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:07:41 honeypot-fra-1 kernel: [84082079.938756] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=2500 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:07:41.447Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T02:08:21.966Z","@version":"1","message":"Sep 15 02:08:21 honeypot-sgp-1 sshd[15064]: Received disconnect from 23.83.239.130 port 55972:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:08:31 honeypot-ams-1 sshd[26237]: Received disconnect from 92.255.85.69 port 38440:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:08:31.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26243]: Disconnecting authenticating user root 89.163.142.195 port 53620: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:14.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26249]: Invalid user admin from 89.163.142.195 port 53628","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26253]: Invalid user oracle from 89.163.142.195 port 53632","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26257]: Invalid user oracle from 89.163.142.195 port 53638","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26261]: Invalid user usuario from 89.163.142.195 port 53642","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26265]: Invalid user test from 89.163.142.195 port 53646","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26269]: Invalid user test from 89.163.142.195 port 53656","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26273]: Invalid user user from 89.163.142.195 port 53660","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26277]: Invalid user ftpuser from 89.163.142.195 port 53666","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26281]: Invalid user ftpuser from 89.163.142.195 port 53670","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26285]: Invalid user test1 from 89.163.142.195 port 53676","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26289]: Invalid user test2 from 89.163.142.195 port 53680","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26293]: Invalid user test2 from 89.163.142.195 port 53688","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26297]: Invalid user ubuntu from 89.163.142.195 port 53692","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26301]: Invalid user ubuntu from 89.163.142.195 port 53698","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:21 honeypot-ams-1 sshd[26305]: Invalid user pi from 89.163.142.195 port 53702","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:34 honeypot-ams-1 sshd[26309]: Did not receive identification string from 193.142.146.50 port 34350","@timestamp":"2022-09-15T02:11:34.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:12:13 honeypot-ams-1 sshd[26314]: Received disconnect from 193.142.146.50 port 47412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:12:13.904Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:13:41 honeypot-ams-1 sshd[26319]: Disconnected from authenticating user root 193.142.146.50 port 43592 [preauth]","@timestamp":"2022-09-15T02:13:41.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:14:21 honeypot-ams-1 sshd[26325]: Disconnected from authenticating user root 193.142.146.50 port 39772 [preauth]","@timestamp":"2022-09-15T02:14:21.965Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:15:57 honeypot-ams-1 sshd[26331]: Invalid user admin from 193.142.146.50 port 53498","@timestamp":"2022-09-15T02:15:58.010Z"}
{"@timestamp":"2022-09-15T02:16:30.165Z","@version":"1","message":"Sep 15 02:16:29 honeypot-sgp-1 sshd[15069]: Received disconnect from 61.177.173.51 port 18796:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:07 honeypot-ams-1 sshd[26341]: Received disconnect from 43.225.158.223 port 60469:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:18:08.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:16 honeypot-ams-1 sshd[26345]: Received disconnect from 141.255.162.226 port 54952:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:18:17.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:20 honeypot-ams-1 sshd[26349]: Received disconnect from 141.255.162.226 port 43256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:18:21.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:24 honeypot-ams-1 sshd[26353]: Received disconnect from 141.255.162.226 port 59798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:18:25.080Z"}
{"@timestamp":"2022-09-15T02:20:06.257Z","@version":"1","message":"Sep 15 02:20:05 honeypot-sgp-1 sshd[15075]: Received disconnect from 61.177.173.36 port 18104:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:20:17 honeypot-fra-1 sshd[10844]: Received disconnect from 165.22.45.108 port 43240:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:20:18.736Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:20:35 honeypot-ams-1 sshd[26357]: Connection closed by invalid user samba 103.188.176.251 port 49012 [preauth]","@timestamp":"2022-09-15T02:20:36.138Z"}
{"@timestamp":"2022-09-15T02:23:19.338Z","@version":"1","message":"Sep 15 02:23:18 honeypot-sgp-1 sshd[15079]: Connection closed by invalid user support 179.60.147.69 port 35038 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:24:51 honeypot-fra-1 sshd[10849]: Connection closed by invalid user samba 103.188.176.251 port 45856 [preauth]","@timestamp":"2022-09-15T02:24:52.841Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:27:58 honeypot-ams-1 sshd[26370]: Invalid user pz from 43.129.237.211 port 39546","@timestamp":"2022-09-15T02:27:58.332Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:29:29 honeypot-fra-1 kernel: [84083387.566854] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.25 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54217 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:29:29.949Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T02:30:13.509Z","@version":"1","message":"Sep 15 02:30:13 honeypot-sgp-1 sshd[15085]: Disconnected from authenticating user root 61.177.172.104 port 61919 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:31:47 honeypot-ams-1 sshd[26375]: Received disconnect from 203.106.164.74 port 48564:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:31:48.435Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:32:54 honeypot-ams-1 sshd[26380]: Disconnected from authenticating user root 61.177.173.52 port 18138 [preauth]","@timestamp":"2022-09-15T02:32:54.468Z"}
{"@timestamp":"2022-09-15T02:33:38.594Z","@version":"1","message":"Sep 15 02:33:38 honeypot-sgp-1 kernel: [84085325.993461] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.182.234.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=19344 PROTO=TCP SPT=6726 DPT=80 WINDOW=20551 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:39:17.732Z","@version":"1","message":"Sep 15 02:39:17 honeypot-sgp-1 sshd[15096]: Received disconnect from 61.177.172.114 port 42225:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:44:39 honeypot-ams-1 sshd[26391]: Received disconnect from 61.177.173.48 port 16112:11:  [preauth]","@timestamp":"2022-09-15T02:44:39.771Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:44:57 honeypot-fra-1 kernel: [84084315.745159] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=45618 PROTO=TCP SPT=46356 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:44:58.297Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T02:49:11.974Z","@version":"1","message":"Sep 15 02:49:11 honeypot-sgp-1 kernel: [84086258.919178] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.127.98.19 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=53946 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:05 honeypot-ams-1 sshd[26404]: Did not receive identification string from 45.61.184.204 port 44468","@timestamp":"2022-09-15T02:52:05.966Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:21 honeypot-ams-1 sshd[26407]: Disconnected from invalid user user 45.61.184.204 port 57796 [preauth]","@timestamp":"2022-09-15T02:52:21.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:41 honeypot-ams-1 sshd[26411]: Disconnected from invalid user user 45.61.184.204 port 52210 [preauth]","@timestamp":"2022-09-15T02:52:41.986Z"}
{"@timestamp":"2022-09-15T02:52:50.066Z","@version":"1","message":"Sep 15 02:52:49 honeypot-sgp-1 sshd[15109]: Disconnected from authenticating user root 61.177.172.108 port 64683 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:59 honeypot-ams-1 sshd[26415]: Disconnected from invalid user user 45.61.184.204 port 46652 [preauth]","@timestamp":"2022-09-15T02:52:59.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:55:05 honeypot-ams-1 sshd[26419]: Disconnected from authenticating user root 92.255.85.70 port 54798 [preauth]","@timestamp":"2022-09-15T02:55:05.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:55:51 honeypot-fra-1 sshd[10860]: Received disconnect from 103.127.224.6 port 50274:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:55:51.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:02:46 honeypot-ams-1 kernel: [84087548.899146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=62.108.40.120 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=61564 PROTO=TCP SPT=11410 DPT=80 WINDOW=33578 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:02:47.253Z"}
{"@timestamp":"2022-09-15T03:04:22.352Z","@version":"1","message":"Sep 15 03:04:22 honeypot-sgp-1 sshd[15121]: Received disconnect from 61.177.173.49 port 29991:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:06:49 honeypot-ams-1 sshd[26435]: Received disconnect from 5.195.211.234 port 41226:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:06:50.360Z"}
{"@timestamp":"2022-09-15T03:08:58.469Z","@version":"1","message":"Sep 15 03:08:57 honeypot-sgp-1 sshd[15124]: Disconnected from invalid user fedor 180.250.115.121 port 53045 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:12:12 honeypot-ams-1 sshd[26440]: Disconnected from authenticating user root 200.192.97.64 port 55382 [preauth]","@timestamp":"2022-09-15T03:12:13.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:12:32 honeypot-fra-1 sshd[10868]: Invalid user la from 165.22.45.108 port 48284","@timestamp":"2022-09-15T03:12:32.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:13:55.595Z","@version":"1","message":"Sep 15 03:13:54 honeypot-sgp-1 sshd[15130]: Disconnected from authenticating user root 61.177.172.124 port 14613 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10872]: Invalid user nexus from 160.86.90.2 port 46170","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10871]: Invalid user admin from 160.86.90.2 port 46178","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10877]: Connection closed by invalid user test 160.86.90.2 port 46462 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:44 honeypot-fra-1 sshd[10890]: Invalid user teamspeak from 160.86.90.2 port 46224","@timestamp":"2022-09-15T03:15:44.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10897]: Invalid user ubuntu from 160.86.90.2 port 46392","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10897]: Connection closed by invalid user ubuntu 160.86.90.2 port 46392 [preauth]","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10903]: Connection closed by authenticating user root 160.86.90.2 port 46132 [preauth]","@timestamp":"2022-09-15T03:15:46.995Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:17:01 honeypot-ams-1 CRON[26449]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T03:17:01.619Z"}
{"@timestamp":"2022-09-15T03:17:48.693Z","@version":"1","message":"Sep 15 03:17:47 honeypot-sgp-1 sshd[15139]: Bad protocol version identification 'GET / HTTP/1.1' from 111.90.147.18 port 47132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:19:37 honeypot-ams-1 sshd[26456]: Invalid user zabbix from 41.169.26.228 port 36656","@timestamp":"2022-09-15T03:19:37.703Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:21:36 honeypot-fra-1 sshd[10917]: Received disconnect from 157.245.122.58 port 40762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:21:36.129Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:32 honeypot-fra-1 sshd[10922]: Invalid user user from 45.61.186.169 port 35210","@timestamp":"2022-09-15T03:22:33.154Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:42 honeypot-fra-1 sshd[10926]: Received disconnect from 45.61.186.169 port 46832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:22:42.159Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:00 honeypot-fra-1 sshd[10930]: Invalid user user from 45.61.186.169 port 41852","@timestamp":"2022-09-15T03:23:00.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:18 honeypot-fra-1 sshd[10934]: Invalid user user from 45.61.186.169 port 36862","@timestamp":"2022-09-15T03:23:19.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:23 honeypot-fra-1 sshd[10937]: Disconnected from invalid user user 141.255.162.226 port 51508 [preauth]","@timestamp":"2022-09-15T03:23:24.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:24 honeypot-fra-1 sshd[10941]: Disconnected from invalid user user 141.255.162.226 port 39284 [preauth]","@timestamp":"2022-09-15T03:23:25.181Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:30 honeypot-fra-1 sshd[10945]: Received disconnect from 141.255.162.226 port 47290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:31.184Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:33 honeypot-fra-1 sshd[10949]: Received disconnect from 141.255.162.226 port 43074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:34.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:41 honeypot-fra-1 sshd[10953]: Disconnected from authenticating user root 68.183.78.141 port 54964 [preauth]","@timestamp":"2022-09-15T03:23:42.190Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:24:31.864Z","@version":"1","message":"Sep 15 03:24:30 honeypot-sgp-1 sshd[15143]: Received disconnect from 61.177.173.53 port 33867:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:24:37 honeypot-fra-1 sshd[10958]: Disconnected from invalid user engenhar 103.180.95.2 port 60942 [preauth]","@timestamp":"2022-09-15T03:24:38.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:25:39 honeypot-fra-1 sshd[10964]: Invalid user data.user from 157.245.122.58 port 38484","@timestamp":"2022-09-15T03:25:40.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:26:55 honeypot-fra-1 sshd[10968]: Received disconnect from 94.188.177.110 port 58744:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:26:56.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:28:21 honeypot-fra-1 sshd[10972]: Received disconnect from 157.245.122.58 port 50846:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:28:21.303Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:29:54.998Z","@version":"1","message":"Sep 15 03:29:54 honeypot-sgp-1 sshd[15148]: Disconnected from invalid user deon 190.129.60.125 port 38602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:30:42 honeypot-ams-1 sshd[26462]: Received disconnect from 61.177.173.36 port 33130:11:  [preauth]","@timestamp":"2022-09-15T03:30:42.989Z"}
{"@timestamp":"2022-09-15T03:34:28.112Z","@version":"1","message":"Sep 15 03:34:27 honeypot-sgp-1 kernel: [84088975.088176] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.51.105.110 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=47725 DF PROTO=TCP SPT=32241 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:37:05.178Z","@version":"1","message":"Sep 15 03:37:04 honeypot-sgp-1 sshd[15157]: Disconnected from authenticating user root 92.255.85.69 port 50948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:39:58 honeypot-fra-1 sshd[10977]: Received disconnect from 92.255.85.70 port 36366:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:39:59.565Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:40:42 honeypot-ams-1 kernel: [84089824.874817] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59992 PROTO=TCP SPT=52776 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:40:43.238Z"}
{"@timestamp":"2022-09-15T03:40:54.277Z","@version":"1","message":"Sep 15 03:40:53 honeypot-sgp-1 sshd[15164]: Received disconnect from 61.177.173.36 port 16394:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:43:05 honeypot-fra-1 sshd[10983]: Invalid user admin from 185.61.92.143 port 34592","@timestamp":"2022-09-15T03:43:06.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:44:23 honeypot-ams-1 sshd[26478]: Disconnected from authenticating user root 61.177.173.49 port 53638 [preauth]","@timestamp":"2022-09-15T03:44:24.333Z"}
{"@timestamp":"2022-09-15T03:49:20.484Z","@version":"1","message":"Sep 15 03:49:19 honeypot-sgp-1 sshd[15175]: Invalid user ubuntu from 20.126.126.43 port 53180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:09 honeypot-ams-1 sshd[26487]: Received disconnect from 198.98.61.9 port 51812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:52:09.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:30 honeypot-ams-1 sshd[26491]: Received disconnect from 198.98.61.9 port 47140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:52:30.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:50 honeypot-ams-1 sshd[26495]: Received disconnect from 198.98.61.9 port 42464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:52:51.554Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:53:42 honeypot-ams-1 sshd[26499]: Disconnected from authenticating user root 61.177.173.47 port 46369 [preauth]","@timestamp":"2022-09-15T03:53:43.579Z"}
{"@timestamp":"2022-09-15T03:54:07.604Z","@version":"1","message":"Sep 15 03:54:07 honeypot-sgp-1 sshd[15182]: Received disconnect from 61.177.172.108 port 43467:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:57:15.684Z","@version":"1","message":"Sep 15 03:57:14 honeypot-sgp-1 sshd[15184]: Disconnected from invalid user vpl 220.203.8.38 port 55330 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:02:19 honeypot-ams-1 kernel: [84091122.382681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=5361 PROTO=TCP SPT=47472 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:02:20.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:03:26 honeypot-fra-1 sshd[10988]: Received disconnect from 92.255.85.69 port 26710:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:03:27.101Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:04:41 honeypot-ams-1 sshd[26513]: Received disconnect from 157.245.122.58 port 39376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:04:41.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:05:49 honeypot-ams-1 sshd[26517]: Received disconnect from 92.255.85.70 port 33346:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:05:49.896Z"}
{"@timestamp":"2022-09-15T04:07:37.942Z","@version":"1","message":"Sep 15 04:07:37 honeypot-sgp-1 sshd[15190]: Received disconnect from 197.248.95.31 port 45354:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:07:38 honeypot-ams-1 sshd[26523]: Received disconnect from 157.245.122.58 port 51774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:07:38.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:08:34 honeypot-ams-1 sshd[26527]: Received disconnect from 157.245.122.58 port 37080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:08:34.970Z"}
{"@timestamp":"2022-09-15T04:11:56.050Z","@version":"1","message":"Sep 15 04:11:56 honeypot-sgp-1 sshd[15195]: Disconnected from authenticating user root 193.142.146.50 port 39836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:12:31.068Z","@version":"1","message":"Sep 15 04:12:30 honeypot-sgp-1 sshd[15201]: Received disconnect from 193.142.146.50 port 36052:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:13:46.101Z","@version":"1","message":"Sep 15 04:13:45 honeypot-sgp-1 sshd[15206]: Disconnected from authenticating user root 193.142.146.50 port 42940 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:14:28.122Z","@version":"1","message":"Sep 15 04:14:27 honeypot-sgp-1 sshd[15212]: Disconnected from authenticating user root 193.142.146.50 port 39154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:15:26 honeypot-fra-1 kernel: [84089745.124990] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=111.161.155.54 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=43611 PROTO=TCP SPT=10696 DPT=443 WINDOW=17832 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:15:27.372Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T04:16:05.162Z","@version":"1","message":"Sep 15 04:16:04 honeypot-sgp-1 sshd[15216]: Disconnected from invalid user admin 193.142.146.50 port 52928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:17:01 honeypot-ams-1 CRON[26532]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T04:17:02.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:32 honeypot-fra-1 sshd[11000]: Invalid user user from 141.255.162.226 port 54470","@timestamp":"2022-09-15T04:21:32.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:38 honeypot-fra-1 sshd[11004]: Invalid user user from 141.255.162.226 port 33706","@timestamp":"2022-09-15T04:21:39.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:39 honeypot-fra-1 sshd[11008]: Invalid user user from 141.255.162.226 port 54790","@timestamp":"2022-09-15T04:21:40.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T04:22:00.314Z","@version":"1","message":"Sep 15 04:22:00 honeypot-sgp-1 kernel: [84091827.853974] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.82.129 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=33503 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:23:06 honeypot-ams-1 sshd[26538]: Invalid user default from 179.60.147.69 port 51864","@timestamp":"2022-09-15T04:23:07.362Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:23:16 honeypot-fra-1 kernel: [84090214.913183] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45802 PROTO=TCP SPT=55664 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:23:17.554Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:28:57 honeypot-ams-1 kernel: [84092719.523606] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.189.199.69 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=41994 PROTO=TCP SPT=21607 DPT=80 WINDOW=36004 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:28:57.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:29:37 honeypot-fra-1 sshd[11018]: Received disconnect from 209.141.57.23 port 46504:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:29:37.703Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:33:48 honeypot-ams-1 kernel: [84093010.926237] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.213.116.183 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=35436 PROTO=TCP SPT=26362 DPT=443 WINDOW=11963 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:33:48.643Z"}
{"@timestamp":"2022-09-15T04:36:48.697Z","@version":"1","message":"Sep 15 04:36:48 honeypot-sgp-1 kernel: [84092716.108463] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63386 PROTO=TCP SPT=40960 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11026]: Invalid user testuser from 45.127.108.174 port 42422","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11040]: Invalid user admin from 45.127.108.174 port 42386","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11036]: Invalid user devops from 45.127.108.174 port 42364","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11032]: Connection closed by invalid user test 45.127.108.174 port 42412 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11051]: Invalid user dev from 45.127.108.174 port 42420","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11040]: Connection closed by invalid user admin 45.127.108.174 port 42386 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11050]: Connection closed by authenticating user root 45.127.108.174 port 42436 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11034]: Connection closed by invalid user mysql 45.127.108.174 port 42432 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11057]: Connection closed by authenticating user root 45.127.108.174 port 42388 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:32 honeypot-fra-1 sshd[11088]: Received disconnect from 92.255.85.69 port 37220:11: Bye Bye [preauth]","@timestamp":"2022-09-15T04:50:33.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:56:34 honeypot-fra-1 sshd[11093]: Connection closed by invalid user bookhijama 141.98.10.158 port 47428 [preauth]","@timestamp":"2022-09-15T04:56:34.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T04:57:53.212Z","@version":"1","message":"Sep 15 04:57:52 honeypot-sgp-1 kernel: [84093980.296100] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.197.151.29 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=21277 PROTO=TCP SPT=57852 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:02:26.326Z","@version":"1","message":"Sep 15 05:02:25 honeypot-sgp-1 sshd[15236]: Disconnected from invalid user supra 37.77.105.29 port 33354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:27 honeypot-fra-1 sshd[11102]: Invalid user user from 45.61.186.249 port 48244","@timestamp":"2022-09-15T05:02:28.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:47 honeypot-fra-1 sshd[11106]: Invalid user user from 45.61.186.249 port 42852","@timestamp":"2022-09-15T05:02:48.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:04 honeypot-fra-1 sshd[11110]: Invalid user user from 45.61.186.249 port 37452","@timestamp":"2022-09-15T05:03:05.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:21 honeypot-fra-1 sshd[11114]: Invalid user user from 45.61.186.249 port 60300","@timestamp":"2022-09-15T05:03:21.515Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:04:43 honeypot-ams-1 kernel: [84094866.369365] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57690 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:04:44.438Z"}
{"@timestamp":"2022-09-15T05:04:47.386Z","@version":"1","message":"Sep 15 05:04:47 honeypot-sgp-1 sshd[15241]: Invalid user user from 45.61.186.169 port 48914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:04.394Z","@version":"1","message":"Sep 15 05:05:04 honeypot-sgp-1 sshd[15245]: Invalid user user from 45.61.186.169 port 43970","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:13.399Z","@version":"1","message":"Sep 15 05:05:12 honeypot-sgp-1 sshd[15247]: Disconnected from invalid user user 45.61.186.169 port 55622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:28.407Z","@version":"1","message":"Sep 15 05:05:28 honeypot-sgp-1 sshd[15251]: Disconnected from invalid user user 45.61.186.169 port 50664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:10:53 honeypot-fra-1 sshd[11118]: Disconnected from authenticating user root 222.124.177.148 port 50742 [preauth]","@timestamp":"2022-09-15T05:10:53.685Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:05 honeypot-ams-1 sshd[26993]: Disconnected from invalid user user 45.61.186.169 port 42702 [preauth]","@timestamp":"2022-09-15T05:14:06.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:22 honeypot-ams-1 sshd[26997]: Disconnected from invalid user user 45.61.186.169 port 37754 [preauth]","@timestamp":"2022-09-15T05:14:22.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:38 honeypot-ams-1 sshd[27001]: Disconnected from invalid user user 45.61.186.169 port 32770 [preauth]","@timestamp":"2022-09-15T05:14:39.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:54 honeypot-ams-1 sshd[27006]: Disconnected from invalid user user 45.61.186.169 port 56044 [preauth]","@timestamp":"2022-09-15T05:14:54.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:17:01 honeypot-ams-1 CRON[27011]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T05:17:01.764Z"}
{"@timestamp":"2022-09-15T05:17:02.683Z","@version":"1","message":"Sep 15 05:17:01 honeypot-sgp-1 CRON[15259]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:28:21 honeypot-fra-1 sshd[11127]: Invalid user admin from 218.250.188.244 port 34345","@timestamp":"2022-09-15T05:28:22.096Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:30:52 honeypot-ams-1 sshd[27021]: Received disconnect from 23.224.121.241 port 49258:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:30:53.107Z"}
{"@timestamp":"2022-09-15T05:32:54.086Z","@version":"1","message":"Sep 15 05:32:53 honeypot-sgp-1 sshd[15264]: Invalid user user from 179.60.147.69 port 18400","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:36:21 honeypot-fra-1 kernel: [84094599.472029] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55871 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:36:22.281Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:37:32 honeypot-ams-1 sshd[27026]: Received disconnect from 167.172.58.10 port 60126:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:37:33.279Z"}
{"@timestamp":"2022-09-15T05:43:24.358Z","@version":"1","message":"Sep 15 05:43:23 honeypot-sgp-1 kernel: [84096711.032671] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=39611 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:04.545Z","@version":"1","message":"Sep 15 05:51:03 honeypot-sgp-1 sshd[15274]: Invalid user user from 45.61.186.49 port 36050","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:14.550Z","@version":"1","message":"Sep 15 05:51:13 honeypot-sgp-1 sshd[15278]: Invalid user user from 45.61.186.49 port 47654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:51:25 honeypot-fra-1 sshd[11138]: Invalid user lara from 165.22.45.108 port 35226","@timestamp":"2022-09-15T05:51:25.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:53:05 honeypot-ams-1 kernel: [84097768.031555] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.187.198.254 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=17130 PROTO=TCP SPT=48242 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:53:05.666Z"}
{"@timestamp":"2022-09-15T05:57:36.706Z","@version":"1","message":"Sep 15 05:57:36 honeypot-sgp-1 sshd[15284]: Invalid user nexus from 134.0.193.138 port 52870","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:57:36 honeypot-ams-1 sshd[27036]: Disconnected from authenticating user root 23.88.125.126 port 43502 [preauth]","@timestamp":"2022-09-15T05:57:37.782Z"}
{"@timestamp":"2022-09-15T05:59:45.760Z","@version":"1","message":"Sep 15 05:59:45 honeypot-sgp-1 sshd[15288]: Received disconnect from 119.4.210.70 port 47886:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:00:49 honeypot-fra-1 sshd[11141]: Disconnected from authenticating user root 92.255.85.69 port 27204 [preauth]","@timestamp":"2022-09-15T06:00:49.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:03:05 honeypot-ams-1 sshd[27042]: Disconnected from authenticating user root 92.255.85.70 port 43556 [preauth]","@timestamp":"2022-09-15T06:03:05.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:08 honeypot-fra-1 sshd[11147]: Invalid user user from 45.61.184.204 port 50628","@timestamp":"2022-09-15T06:06:08.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:28 honeypot-fra-1 kernel: [84096406.698513] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=67.211.215.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42971 PROTO=TCP SPT=41571 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:06:28.967Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:38 honeypot-fra-1 sshd[11153]: Disconnected from invalid user user 45.61.184.204 port 58144 [preauth]","@timestamp":"2022-09-15T06:06:38.972Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:57 honeypot-fra-1 sshd[11157]: Disconnected from invalid user user 45.61.184.204 port 53754 [preauth]","@timestamp":"2022-09-15T06:06:57.980Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27055]: Invalid user steam from 52.237.82.21 port 48760","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27073]: Invalid user admin from 52.237.82.21 port 48846","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27061]: Invalid user test from 52.237.82.21 port 48772","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27047]: Connection closed by authenticating user root 52.237.82.21 port 48806 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27063]: Connection closed by invalid user admin 52.237.82.21 port 48834 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27051]: Connection closed by authenticating user root 52.237.82.21 port 48808 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27052]: Connection closed by invalid user testuser 52.237.82.21 port 48840 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27070]: Connection closed by invalid user admin 52.237.82.21 port 48804 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@timestamp":"2022-09-15T06:14:08.119Z","@version":"1","message":"Sep 15 06:14:07 honeypot-sgp-1 kernel: [84098554.942334] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.254.73.181 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=44401 DF PROTO=TCP SPT=13605 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:17:01 honeypot-fra-1 CRON[11162]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T06:17:02.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:19:50 honeypot-fra-1 sshd[11167]: Did not receive identification string from 193.142.146.50 port 42324","@timestamp":"2022-09-15T06:19:51.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:20:36 honeypot-fra-1 sshd[11173]: Received disconnect from 193.142.146.50 port 42962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:20:37.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:21:26 honeypot-ams-1 kernel: [84099468.972235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.83 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=52353 PROTO=TCP SPT=44029 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:21:27.417Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:19 honeypot-fra-1 sshd[11179]: Received disconnect from 193.142.146.50 port 33440:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:22:20.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:53 honeypot-fra-1 kernel: [84097391.669332] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40076 PROTO=TCP SPT=793 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:22:54.374Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:24:12 honeypot-fra-1 sshd[11189]: Received disconnect from 193.142.146.50 port 42714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:24:13.408Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:25:02.388Z","@version":"1","message":"Sep 15 06:25:01 honeypot-sgp-1 CRON[21009]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:25:03 honeypot-fra-1 CRON[11193]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T06:25:04.433Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:01 honeypot-ams-1 sshd[27272]: Invalid user user from 45.61.187.160 port 52680","@timestamp":"2022-09-15T06:26:02.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:26:08 honeypot-fra-1 kernel: [84097586.806620] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28082 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:26:09.461Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:20 honeypot-ams-1 sshd[27276]: Invalid user user from 45.61.187.160 port 47612","@timestamp":"2022-09-15T06:26:20.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:38 honeypot-ams-1 sshd[27280]: Invalid user user from 45.61.187.160 port 42590","@timestamp":"2022-09-15T06:26:39.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:55 honeypot-ams-1 sshd[27284]: Invalid user user from 45.61.187.160 port 37546","@timestamp":"2022-09-15T06:26:56.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:27:43 honeypot-ams-1 sshd[27286]: Disconnected from authenticating user root 92.255.85.69 port 63652 [preauth]","@timestamp":"2022-09-15T06:27:43.593Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:30:20 honeypot-ams-1 kernel: [84100002.893265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=129.153.212.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=9912 PROTO=TCP SPT=41871 DPT=80 WINDOW=44238 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:30:20.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:31:56 honeypot-fra-1 kernel: [84097934.538436] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=50962 PROTO=TCP SPT=42236 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:31:57.611Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:36:37 honeypot-ams-1 sshd[27294]: Disconnected from invalid user admin 165.22.55.238 port 59538 [preauth]","@timestamp":"2022-09-15T06:36:37.828Z"}
{"@timestamp":"2022-09-15T06:38:02.714Z","@version":"1","message":"Sep 15 06:38:02 honeypot-sgp-1 sshd[21155]: Connection closed by invalid user admin 121.154.34.24 port 44076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:43:30 honeypot-fra-1 sshd[17475]: Disconnected from invalid user larin 165.22.45.108 port 40276 [preauth]","@timestamp":"2022-09-15T06:43:30.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:47:00 honeypot-fra-1 sshd[17479]: Connection closed by invalid user centos 179.60.147.69 port 52108 [preauth]","@timestamp":"2022-09-15T06:47:00.954Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:49:13 honeypot-ams-1 sshd[27301]: Connection closed by invalid user centos 179.60.147.69 port 46524 [preauth]","@timestamp":"2022-09-15T06:49:13.150Z"}
{"@timestamp":"2022-09-15T06:50:11.021Z","@version":"1","message":"Sep 15 06:50:10 honeypot-sgp-1 kernel: [84100717.611525] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.86.113.103 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=48789 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:53:38 honeypot-fra-1 sshd[17486]: Received disconnect from 139.59.121.188 port 51142:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:53:39.109Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:57:18 honeypot-ams-1 kernel: [84101620.825960] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.50 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52834 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:57:19.361Z"}
{"@timestamp":"2022-09-15T06:57:24.207Z","@version":"1","message":"Sep 15 06:57:24 honeypot-sgp-1 kernel: [84101151.737652] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.76.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=26728 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T06:59:16.256Z","@version":"1","message":"Sep 15 06:59:15 honeypot-sgp-1 sshd[21171]: Disconnected from invalid user tenancy 157.245.122.58 port 58872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:01:13.310Z","@version":"1","message":"Sep 15 07:01:12 honeypot-sgp-1 sshd[21175]: Disconnected from invalid user jonitwiso 157.245.122.58 port 57720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:02:46.354Z","@version":"1","message":"Sep 15 07:02:45 honeypot-sgp-1 kernel: [84101473.147159] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.117.17.214 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=2508 DF PROTO=TCP SPT=55099 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:03:49 honeypot-ams-1 kernel: [84102012.287827] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=8171 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:03:50.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:36 honeypot-fra-1 sshd[17491]: Disconnected from authenticating user root 103.125.189.140 port 60920 [preauth]","@timestamp":"2022-09-15T07:04:37.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:44 honeypot-fra-1 sshd[17495]: Disconnected from invalid user admin 103.125.189.140 port 62052 [preauth]","@timestamp":"2022-09-15T07:04:44.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:54 honeypot-fra-1 sshd[17499]: Disconnected from invalid user admin 103.125.189.140 port 63640 [preauth]","@timestamp":"2022-09-15T07:04:55.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:00 honeypot-fra-1 sshd[17503]: Disconnected from invalid user support 103.125.189.140 port 64570 [preauth]","@timestamp":"2022-09-15T07:05:00.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:06 honeypot-fra-1 sshd[17507]: Disconnected from invalid user username 103.125.189.140 port 49374 [preauth]","@timestamp":"2022-09-15T07:05:07.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:13 honeypot-fra-1 sshd[17511]: Disconnected from invalid user ftp 103.125.189.140 port 50105 [preauth]","@timestamp":"2022-09-15T07:05:14.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:18 honeypot-fra-1 sshd[17515]: Disconnected from invalid user super 103.125.189.140 port 51332 [preauth]","@timestamp":"2022-09-15T07:05:19.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:07:41 honeypot-fra-1 sshd[17521]: Invalid user nginx from 102.223.173.17 port 45738","@timestamp":"2022-09-15T07:07:42.434Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:10:16.544Z","@version":"1","message":"Sep 15 07:10:15 honeypot-sgp-1 kernel: [84101923.295194] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.100.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=46823 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:12:25 honeypot-ams-1 sshd[27409]: Disconnected from invalid user svk 175.212.89.108 port 58318 [preauth]","@timestamp":"2022-09-15T07:12:25.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:12:48 honeypot-fra-1 sshd[17526]: Received disconnect from 92.255.85.69 port 36590:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:12:48.552Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:15:41 honeypot-ams-1 kernel: [84102723.973260] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=35836 PROTO=TCP SPT=41005 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:15:41.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:16:02 honeypot-fra-1 kernel: [84100580.299177] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=41311 PROTO=TCP SPT=61002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:16:02.630Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:19:14 honeypot-ams-1 sshd[27425]: Invalid user filer from 73.203.127.7 port 41284","@timestamp":"2022-09-15T07:19:14.946Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:20:11 honeypot-ams-1 kernel: [84102994.372222] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=40979 PROTO=TCP SPT=40362 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:20:12.974Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:22:43 honeypot-fra-1 kernel: [84100981.016492] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49106 PROTO=TCP SPT=45797 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:22:43.781Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:24:01.908Z","@version":"1","message":"Sep 15 07:24:01 honeypot-sgp-1 sshd[21198]: Invalid user blank from 179.60.147.69 port 10548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:24:27 honeypot-ams-1 sshd[27433]: Disconnected from invalid user admin 222.105.103.72 port 44224 [preauth]","@timestamp":"2022-09-15T07:24:28.085Z"}
{"@timestamp":"2022-09-15T07:31:15.093Z","@version":"1","message":"Sep 15 07:31:14 honeypot-sgp-1 kernel: [84103181.717654] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=85.119.151.254 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34439 PROTO=TCP SPT=47066 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:31:46.109Z","@version":"1","message":"Sep 15 07:31:45 honeypot-sgp-1 sshd[21205]: Disconnected from invalid user quantip 187.235.106.121 port 57760 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:36:10.223Z","@version":"1","message":"Sep 15 07:36:09 honeypot-sgp-1 sshd[21210]: Disconnected from authenticating user root 161.97.104.148 port 48952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:18 honeypot-fra-1 sshd[17542]: Received disconnect from 92.255.85.70 port 18950:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:36:19.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17553]: Invalid user docker from 101.43.159.25 port 41550","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17552]: Connection closed by invalid user ftpuser 101.43.159.25 port 41582 [preauth]","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17546]: Invalid user ubuntu from 101.43.159.25 port 41534","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17558]: Invalid user admin from 101.43.159.25 port 41532","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17565]: Connection closed by invalid user es 101.43.159.25 port 41556 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17564]: Connection closed by authenticating user root 101.43.159.25 port 41548 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17550]: Connection closed by invalid user steam 101.43.159.25 port 41560 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17595]: Connection closed by authenticating user root 101.43.159.25 port 41540 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:43 honeypot-fra-1 sshd[17604]: Connection closed by invalid user user 101.43.159.25 port 41538 [preauth]","@timestamp":"2022-09-15T07:36:44.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:37:08 honeypot-fra-1 sshd[17607]: Disconnected from invalid user larry 165.22.45.108 port 45340 [preauth]","@timestamp":"2022-09-15T07:37:09.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:38:15 honeypot-ams-1 kernel: [84104077.389164] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.161.155.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=30370 PROTO=TCP SPT=11976 DPT=80 WINDOW=32144 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:38:15.464Z"}
{"@timestamp":"2022-09-15T07:44:10.426Z","@version":"1","message":"Sep 15 07:44:09 honeypot-sgp-1 sshd[21215]: Received disconnect from 73.52.12.202 port 54266:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:44:32 honeypot-fra-1 kernel: [84102290.622658] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=59341 PROTO=TCP SPT=40184 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:44:33.296Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:45:30.463Z","@version":"1","message":"Sep 15 07:45:29 honeypot-sgp-1 sshd[21220]: Connection closed by invalid user nvidia 103.188.176.251 port 34190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:45:55 honeypot-ams-1 kernel: [84104537.862092] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.249.42.176 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=2176 PROTO=TCP SPT=16671 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:45:55.664Z"}
{"@timestamp":"2022-09-15T07:46:36.494Z","@version":"1","message":"Sep 15 07:46:36 honeypot-sgp-1 sshd[21227]: Disconnected from authenticating user root 179.43.156.143 port 43276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:47:50.528Z","@version":"1","message":"Sep 15 07:47:50 honeypot-sgp-1 sshd[21233]: Received disconnect from 179.43.156.143 port 37102:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:48:59.561Z","@version":"1","message":"Sep 15 07:48:58 honeypot-sgp-1 sshd[21237]: Disconnected from invalid user nutanix 179.43.156.143 port 59222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:49:49 honeypot-ams-1 sshd[27444]: Disconnected from authenticating user root 159.65.154.92 port 52000 [preauth]","@timestamp":"2022-09-15T07:49:50.766Z"}
{"@timestamp":"2022-09-15T07:50:13.595Z","@version":"1","message":"Sep 15 07:50:12 honeypot-sgp-1 sshd[21241]: Disconnected from invalid user nfsnobod 179.43.156.143 port 53062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:52:05.645Z","@version":"1","message":"Sep 15 07:52:05 honeypot-sgp-1 sshd[21248]: Disconnected from authenticating user root 179.43.156.143 port 43804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:52:27 honeypot-ams-1 sshd[27448]: Disconnected from invalid user albertm 104.131.185.48 port 36174 [preauth]","@timestamp":"2022-09-15T07:52:27.838Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:53:26 honeypot-ams-1 kernel: [84104988.675317] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=10946 PROTO=TCP SPT=3806 DPT=443 WINDOW=18078 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:53:26.868Z"}
{"@timestamp":"2022-09-15T07:54:00.696Z","@version":"1","message":"Sep 15 07:54:00 honeypot-sgp-1 sshd[21254]: Received disconnect from 179.43.156.143 port 34598:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:55:30 honeypot-ams-1 sshd[27457]: Received disconnect from 111.95.141.34 port 44976:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:55:30.925Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:55:46 honeypot-fra-1 kernel: [84102964.382427] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=85.119.151.254 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=59535 PROTO=TCP SPT=48482 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:55:47.555Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T08:03:54.943Z","@version":"1","message":"Sep 15 08:03:54 honeypot-sgp-1 sshd[21260]: Invalid user support from 179.60.147.69 port 33154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:05:11 honeypot-fra-1 sshd[17620]: Connection closed by invalid user support 179.60.147.69 port 11570 [preauth]","@timestamp":"2022-09-15T08:05:11.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:07:30 honeypot-ams-1 sshd[27464]: Did not receive identification string from 45.61.186.169 port 49730","@timestamp":"2022-09-15T08:07:30.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:15 honeypot-ams-1 sshd[27470]: Invalid user user from 45.61.186.169 port 43658","@timestamp":"2022-09-15T08:08:16.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:32 honeypot-ams-1 sshd[27474]: Invalid user user from 45.61.186.169 port 38540","@timestamp":"2022-09-15T08:08:32.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:48 honeypot-ams-1 sshd[27478]: Invalid user user from 45.61.186.169 port 33438","@timestamp":"2022-09-15T08:08:48.277Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:13:20 honeypot-ams-1 kernel: [84106183.227936] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11543 PROTO=TCP SPT=45797 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:13:21.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:17:01 honeypot-fra-1 CRON[17649]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T08:17:02.061Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:17:02.269Z","@version":"1","message":"Sep 15 08:17:01 honeypot-sgp-1 CRON[21264]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:18:46 honeypot-ams-1 sshd[27489]: Received disconnect from 167.71.236.26 port 59312:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:18:47.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:21:18 honeypot-fra-1 sshd[17658]: Invalid user jenkins from 179.60.150.118 port 36674","@timestamp":"2022-09-15T08:21:19.162Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:21:45.388Z","@version":"1","message":"Sep 15 08:21:44 honeypot-sgp-1 kernel: [84106211.981535] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.239.198.69 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=114 ID=23461 DF PROTO=TCP SPT=65023 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:23:31 honeypot-fra-1 sshd[17662]: Invalid user vy from 62.197.194.60 port 60782","@timestamp":"2022-09-15T08:23:32.216Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:25:45 honeypot-ams-1 sshd[27495]: Received disconnect from 92.255.85.70 port 35608:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:25:46.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:25:53 honeypot-fra-1 kernel: [84104771.056035] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=43480 PROTO=TCP SPT=64866 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:25:54.272Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:28:28 honeypot-fra-1 sshd[17671]: Received disconnect from 160.153.252.142 port 47456:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:28:28.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:29:10 honeypot-fra-1 sshd[17675]: Received disconnect from 137.184.225.163 port 48008:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:29:10.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:30:12.596Z","@version":"1","message":"Sep 15 08:30:11 honeypot-sgp-1 sshd[21297]: Connection reset by 49.88.112.60 port 39335 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:32:52 honeypot-fra-1 sshd[17680]: Bad protocol version identification '\\003' from 92.255.85.183 port 62421","@timestamp":"2022-09-15T08:32:53.438Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:35:46.735Z","@version":"1","message":"Sep 15 08:35:45 honeypot-sgp-1 sshd[21306]: Disconnected from 49.88.112.60 port 36472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:36:40 honeypot-ams-1 kernel: [84107583.185725] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.230.158.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=7918 PROTO=TCP SPT=59337 DPT=443 WINDOW=11545 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:36:41.027Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:40:16 honeypot-ams-1 kernel: [84107798.500262] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=62.108.40.120 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=43548 PROTO=TCP SPT=8338 DPT=80 WINDOW=58186 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:40:17.124Z"}
{"@timestamp":"2022-09-15T08:40:41.858Z","@version":"1","message":"Sep 15 08:40:41 honeypot-sgp-1 sshd[21312]: Disconnected from 49.88.112.60 port 61024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:43:13 honeypot-fra-1 kernel: [84105811.041814] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.35.161.133 DST=165.22.82.222 LEN=60 TOS=0x08 PREC=0x00 TTL=43 ID=33159 DF PROTO=TCP SPT=33632 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:43:13.679Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T08:43:21.929Z","@version":"1","message":"Sep 15 08:43:21 honeypot-sgp-1 sshd[21319]: Received disconnect from 92.255.85.70 port 37070:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:57 honeypot-ams-1 sshd[27533]: Received disconnect from 141.255.162.226 port 55284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:45:58.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:58 honeypot-ams-1 sshd[27537]: Received disconnect from 141.255.162.226 port 40182:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:01 honeypot-ams-1 sshd[27541]: Received disconnect from 141.255.162.226 port 42154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:46:02.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:03 honeypot-ams-1 sshd[27545]: Received disconnect from 141.255.162.226 port 49706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:46:04.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:48:04 honeypot-ams-1 sshd[27549]: Disconnected from 61.177.173.33 port 64081 [preauth]","@timestamp":"2022-09-15T08:48:04.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17692]: Invalid user steam from 172.104.240.40 port 43710","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17711]: Connection closed by invalid user es 172.104.240.40 port 43970 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17697]: Invalid user admin from 172.104.240.40 port 43800","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17697]: Connection closed by invalid user admin 172.104.240.40 port 43800 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17709]: Invalid user admin from 172.104.240.40 port 43958","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17691]: Connection closed by invalid user user 172.104.240.40 port 43702 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17699]: Invalid user user from 172.104.240.40 port 43754","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17721]: Invalid user ftpuser from 172.104.240.40 port 44034","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17714]: Connection closed by invalid user esuser 172.104.240.40 port 44002 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17720]: Connection closed by invalid user esuser 172.104.240.40 port 43960 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:50:58 honeypot-ams-1 sshd[27556]: Disconnected from 61.177.173.33 port 36402 [preauth]","@timestamp":"2022-09-15T08:50:59.425Z"}
{"@timestamp":"2022-09-15T08:53:21.177Z","@version":"1","message":"Sep 15 08:53:20 honeypot-sgp-1 kernel: [84108108.343725] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.152.42 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=57339 PROTO=TCP SPT=18018 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:57:48 honeypot-fra-1 sshd[17752]: Connection closed by invalid user tomcat 193.106.191.157 port 33756 [preauth]","@timestamp":"2022-09-15T08:57:49.015Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:02:39 honeypot-ams-1 sshd[27566]: Received disconnect from 23.94.194.177 port 46786:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:02:40.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:04:08 honeypot-ams-1 sshd[27570]: Disconnected from invalid user admin2 119.180.97.100 port 35137 [preauth]","@timestamp":"2022-09-15T09:04:08.768Z"}
{"@timestamp":"2022-09-15T09:04:13.444Z","@version":"1","message":"Sep 15 09:04:13 honeypot-sgp-1 sshd[21325]: Disconnected from invalid user friends 115.92.154.46 port 17050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:21 honeypot-fra-1 sshd[17760]: Disconnected from invalid user user 141.255.162.226 port 40094 [preauth]","@timestamp":"2022-09-15T09:04:22.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:22 honeypot-fra-1 sshd[17764]: Disconnected from invalid user user 141.255.162.226 port 55392 [preauth]","@timestamp":"2022-09-15T09:04:23.176Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:28 honeypot-fra-1 sshd[17768]: Disconnected from invalid user user 141.255.162.226 port 34814 [preauth]","@timestamp":"2022-09-15T09:04:28.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:30 honeypot-fra-1 sshd[17772]: Disconnected from invalid user user 141.255.162.226 port 57784 [preauth]","@timestamp":"2022-09-15T09:04:31.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:05:28 honeypot-ams-1 sshd[27572]: Disconnected from invalid user odhagent 181.129.14.218 port 63267 [preauth]","@timestamp":"2022-09-15T09:05:28.807Z"}
{"@timestamp":"2022-09-15T09:07:09.520Z","@version":"1","message":"Sep 15 09:07:09 honeypot-sgp-1 sshd[21330]: Disconnected from invalid user user 45.61.184.204 port 60216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:30.531Z","@version":"1","message":"Sep 15 09:07:29 honeypot-sgp-1 sshd[21334]: Disconnected from invalid user user 45.61.184.204 port 56048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:51.543Z","@version":"1","message":"Sep 15 09:07:50 honeypot-sgp-1 sshd[21339]: Disconnected from invalid user user 45.61.184.204 port 51868 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:08:09.552Z","@version":"1","message":"Sep 15 09:08:09 honeypot-sgp-1 sshd[21343]: Disconnected from invalid user user 45.61.184.204 port 47688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:10:07 honeypot-ams-1 sshd[27580]: Received disconnect from 61.177.173.33 port 20591:11:  [preauth]","@timestamp":"2022-09-15T09:10:07.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:12:25 honeypot-ams-1 sshd[27586]: Connection closed by 192.241.220.24 port 59104 [preauth]","@timestamp":"2022-09-15T09:12:25.996Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:17:01 honeypot-fra-1 CRON[17780]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T09:17:02.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T09:18:23.803Z","@version":"1","message":"Sep 15 09:18:23 honeypot-sgp-1 sshd[21351]: Connection closed by invalid user ubnt 179.60.147.69 port 9126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:35 honeypot-ams-1 sshd[27600]: Invalid user user from 141.255.162.226 port 55776","@timestamp":"2022-09-15T09:19:36.184Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:38 honeypot-ams-1 sshd[27604]: Invalid user user from 141.255.162.226 port 41118","@timestamp":"2022-09-15T09:19:38.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:41 honeypot-ams-1 sshd[27608]: Invalid user user from 141.255.162.226 port 34872","@timestamp":"2022-09-15T09:19:42.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:47 honeypot-ams-1 sshd[27610]: Received disconnect from 61.177.173.33 port 57647:11:  [preauth]","@timestamp":"2022-09-15T09:19:48.192Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:23:36 honeypot-fra-1 sshd[17787]: Disconnected from invalid user laura 165.22.45.108 port 55476 [preauth]","@timestamp":"2022-09-15T09:23:36.616Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:30:08 honeypot-ams-1 sshd[27619]: Invalid user  from 64.62.197.32 port 56664","@timestamp":"2022-09-15T09:30:09.477Z"}
{"@timestamp":"2022-09-15T09:30:50.104Z","@version":"1","message":"Sep 15 09:30:49 honeypot-sgp-1 sshd[21357]: Connection closed by invalid user  64.62.197.152 port 32952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:32:21.145Z","@version":"1","message":"Sep 15 09:32:20 honeypot-sgp-1 sshd[21361]: Disconnected from invalid user tss 154.214.4.199 port 48528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:33:04 honeypot-ams-1 sshd[27625]: Invalid user tomcat from 193.106.191.157 port 40748","@timestamp":"2022-09-15T09:33:05.561Z"}
{"@timestamp":"2022-09-15T09:33:58.188Z","@version":"1","message":"Sep 15 09:33:57 honeypot-sgp-1 sshd[21367]: Received disconnect from 126.113.24.98 port 40496:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:36:06.241Z","@version":"1","message":"Sep 15 09:36:06 honeypot-sgp-1 sshd[21372]: Received disconnect from 105.28.108.165 port 59140:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:41:09 honeypot-ams-1 kernel: [84111451.792780] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=45230 PROTO=TCP SPT=54555 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:41:09.769Z"}
{"@timestamp":"2022-09-15T09:41:56.384Z","@version":"1","message":"Sep 15 09:41:55 honeypot-sgp-1 sshd[21376]: Disconnected from authenticating user root 179.43.156.143 port 37076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:43:04 honeypot-ams-1 sshd[27633]: Disconnected from invalid user ubuntu 82.196.5.251 port 47294 [preauth]","@timestamp":"2022-09-15T09:43:04.821Z"}
{"@timestamp":"2022-09-15T09:43:39.428Z","@version":"1","message":"Sep 15 09:43:39 honeypot-sgp-1 sshd[21382]: Disconnected from authenticating user root 179.43.156.143 port 53880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:43:41 honeypot-fra-1 kernel: [84109438.655057] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1704 PROTO=TCP SPT=54555 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:43:42.077Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T09:44:48.459Z","@version":"1","message":"Sep 15 09:44:48 honeypot-sgp-1 sshd[21388]: Received disconnect from 179.43.156.143 port 46204:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:45:26.476Z","@version":"1","message":"Sep 15 09:45:26 honeypot-sgp-1 sshd[21392]: Disconnected from authenticating user root 133.130.103.236 port 43114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:45:41 honeypot-ams-1 sshd[27640]: Disconnected from authenticating user root 194.209.191.243 port 47612 [preauth]","@timestamp":"2022-09-15T09:45:41.892Z"}
{"@timestamp":"2022-09-15T09:46:34.507Z","@version":"1","message":"Sep 15 09:46:33 honeypot-sgp-1 sshd[21397]: Received disconnect from 179.43.156.143 port 34720:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:48:16.551Z","@version":"1","message":"Sep 15 09:48:15 honeypot-sgp-1 sshd[21403]: Received disconnect from 200.42.148.168 port 55518:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:49:35.585Z","@version":"1","message":"Sep 15 09:49:35 honeypot-sgp-1 sshd[21409]: Received disconnect from 179.43.156.143 port 43886:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:49:59 honeypot-ams-1 kernel: [84111982.045322] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57587 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:50:00.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:50:21 honeypot-fra-1 kernel: [84109839.182385] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.92.87.63 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=64928 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:50:22.231Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T09:52:36.660Z","@version":"1","message":"Sep 15 09:52:36 honeypot-sgp-1 sshd[21416]: Invalid user xij from 104.248.251.225 port 50152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:56:54.765Z","@version":"1","message":"Sep 15 09:56:54 honeypot-sgp-1 sshd[21420]: Received disconnect from 181.48.60.50 port 51518:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:03:04 honeypot-fra-1 sshd[17808]: Received disconnect from 102.223.173.17 port 57990:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:03:04.523Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:03:11 honeypot-ams-1 sshd[27669]: Received disconnect from 108.171.92.54 port 39150:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:03:12.344Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:07:11 honeypot-fra-1 kernel: [84110849.172993] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=60185 DF PROTO=TCP SPT=59670 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:07:12.621Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:08:27.047Z","@version":"1","message":"Sep 15 10:08:26 honeypot-sgp-1 sshd[21427]: Disconnected from invalid user pmd 103.138.10.78 port 57194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:08:32 honeypot-ams-1 kernel: [84113094.928327] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=47315 PROTO=TCP SPT=56325 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:08:33.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:09:35 honeypot-fra-1 kernel: [84110992.597975] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=6516 PROTO=TCP SPT=17525 DPT=80 WINDOW=7930 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:09:35.682Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:12:39 honeypot-ams-1 sshd[27685]: Did not receive identification string from 179.43.156.143 port 47096","@timestamp":"2022-09-15T10:12:39.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:14:22 honeypot-ams-1 sshd[27692]: Disconnected from authenticating user root 179.43.156.143 port 52244 [preauth]","@timestamp":"2022-09-15T10:14:22.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:15:33 honeypot-ams-1 sshd[27698]: Received disconnect from 179.43.156.143 port 45926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:15:33.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:16:03 honeypot-fra-1 sshd[17816]: Invalid user laurent from 165.22.45.108 port 60524","@timestamp":"2022-09-15T10:16:03.829Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:16:42 honeypot-ams-1 sshd[27703]: Received disconnect from 179.43.156.143 port 39626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:16:42.701Z"}
{"@timestamp":"2022-09-15T10:17:02.256Z","@version":"1","message":"Sep 15 10:17:01 honeypot-sgp-1 CRON[21432]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:06 honeypot-ams-1 sshd[27709]: Disconnected from authenticating user root 61.177.173.46 port 26318 [preauth]","@timestamp":"2022-09-15T10:17:06.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:16 honeypot-ams-1 sshd[27713]: Disconnected from invalid user ossuser 179.43.156.143 port 36470 [preauth]","@timestamp":"2022-09-15T10:17:16.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:19:00 honeypot-ams-1 sshd[27722]: Received disconnect from 179.43.156.143 port 55224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:19:01.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:20:48 honeypot-ams-1 sshd[27728]: Received disconnect from 179.43.156.143 port 45762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:20:48.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:23:04 honeypot-ams-1 sshd[27737]: Invalid user testuser from 203.240.232.56 port 39328","@timestamp":"2022-09-15T10:23:04.881Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:23:49 honeypot-fra-1 kernel: [84111846.459767] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59011 PROTO=TCP SPT=59411 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:23:50.004Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:24:47 honeypot-ams-1 sshd[27742]: Disconnected from authenticating user root 181.49.17.194 port 39292 [preauth]","@timestamp":"2022-09-15T10:24:48.929Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:27:42 honeypot-ams-1 kernel: [84114244.778370] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=132.255.217.220 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=34440 PROTO=TCP SPT=1160 DPT=443 WINDOW=24280 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:27:43.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:28:46 honeypot-fra-1 kernel: [84112143.686896] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=6995 DF PROTO=TCP SPT=63032 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:28:47.121Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:31:16 honeypot-ams-1 sshd[27756]: Disconnected from authenticating user root 61.177.172.124 port 43204 [preauth]","@timestamp":"2022-09-15T10:31:17.103Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:33:46 honeypot-fra-1 kernel: [84112443.947684] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=20290 DF PROTO=TCP SPT=55761 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:33:47.238Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:35:08 honeypot-ams-1 kernel: [84114690.397462] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=63891 PROTO=TCP SPT=59411 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:35:08.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:39:06 honeypot-ams-1 sshd[27768]: Disconnected from authenticating user root 178.128.148.229 port 54422 [preauth]","@timestamp":"2022-09-15T10:39:07.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:40:08 honeypot-ams-1 sshd[27774]: Disconnected from invalid user sync1 43.224.110.21 port 36948 [preauth]","@timestamp":"2022-09-15T10:40:09.337Z"}
{"@timestamp":"2022-09-15T10:40:57.827Z","@version":"1","message":"Sep 15 10:40:56 honeypot-sgp-1 kernel: [84114564.246460] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.116.60.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=39788 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:41:18 honeypot-fra-1 kernel: [84112896.158640] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=32870 DF PROTO=TCP SPT=50815 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:41:19.413Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:44:22.914Z","@version":"1","message":"Sep 15 10:44:21 honeypot-sgp-1 sshd[21444]: Invalid user user from 198.98.61.9 port 52168","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:40.923Z","@version":"1","message":"Sep 15 10:44:40 honeypot-sgp-1 sshd[21448]: Invalid user user from 198.98.61.9 port 47250","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:57.931Z","@version":"1","message":"Sep 15 10:44:56 honeypot-sgp-1 sshd[21452]: Invalid user user from 198.98.61.9 port 42342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:45:13.939Z","@version":"1","message":"Sep 15 10:45:12 honeypot-sgp-1 sshd[21456]: Invalid user user from 198.98.61.9 port 37436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:19 honeypot-ams-1 sshd[27785]: Invalid user user from 141.255.162.226 port 58608","@timestamp":"2022-09-15T10:52:20.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:22 honeypot-ams-1 sshd[27789]: Invalid user user from 141.255.162.226 port 52270","@timestamp":"2022-09-15T10:52:22.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:25 honeypot-ams-1 sshd[27793]: Invalid user user from 141.255.162.226 port 38648","@timestamp":"2022-09-15T10:52:25.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:28 honeypot-ams-1 sshd[27797]: Invalid user user from 141.255.162.226 port 45946","@timestamp":"2022-09-15T10:52:28.655Z"}
{"@timestamp":"2022-09-15T10:53:22.134Z","@version":"1","message":"Sep 15 10:53:22 honeypot-sgp-1 sshd[21459]: Received disconnect from 157.245.93.228 port 48018:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:58:11 honeypot-ams-1 kernel: [84116073.981334] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.2.240.220 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=11498 DF PROTO=TCP SPT=58339 DPT=80 WINDOW=62720 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:58:11.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:05:24 honeypot-ams-1 sshd[27815]: Received disconnect from 61.177.173.53 port 32513:11:  [preauth]","@timestamp":"2022-09-15T11:05:25.002Z"}
{"@timestamp":"2022-09-15T11:07:08.465Z","@version":"1","message":"Sep 15 11:07:07 honeypot-sgp-1 sshd[21463]: Connection closed by invalid user test 179.60.147.69 port 62734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:07:13 honeypot-fra-1 kernel: [84114450.764350] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=28228 PROTO=TCP SPT=58074 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:07:13.993Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:14:30 honeypot-ams-1 sshd[27822]: Received disconnect from 61.177.173.39 port 40994:11:  [preauth]","@timestamp":"2022-09-15T11:14:31.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:17:01 honeypot-fra-1 CRON[17840]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T11:17:02.214Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:18:50 honeypot-ams-1 sshd[27830]: Received disconnect from 61.177.173.36 port 40334:11:  [preauth]","@timestamp":"2022-09-15T11:18:51.352Z"}
{"@timestamp":"2022-09-15T11:21:09.801Z","@version":"1","message":"Sep 15 11:21:08 honeypot-sgp-1 sshd[21471]: Disconnected from authenticating user root 103.84.236.242 port 33638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:21:49 honeypot-fra-1 kernel: [84115326.600278] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.223.186.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59823 PROTO=TCP SPT=60000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:21:50.325Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:28:54 honeypot-ams-1 sshd[27836]: Disconnected from authenticating user root 61.177.172.90 port 24120 [preauth]","@timestamp":"2022-09-15T11:28:54.610Z"}
{"@timestamp":"2022-09-15T11:30:07.022Z","@version":"1","message":"Sep 15 11:30:06 honeypot-sgp-1 kernel: [84117513.902226] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=52654 PROTO=TCP SPT=41402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:31:11 honeypot-fra-1 sshd[17849]: Connection closed by invalid user pi 73.100.162.94 port 56200 [preauth]","@timestamp":"2022-09-15T11:31:11.573Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:34:46.142Z","@version":"1","message":"Sep 15 11:34:45 honeypot-sgp-1 sshd[21480]: Disconnected from invalid user amavis 210.97.86.61 port 42294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:34:53 honeypot-ams-1 sshd[27843]: Received disconnect from 154.209.4.128 port 49484:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:34:53.767Z"}
{"@timestamp":"2022-09-15T11:37:01.200Z","@version":"1","message":"Sep 15 11:37:00 honeypot-sgp-1 sshd[21487]: Invalid user er from 103.161.236.11 port 58896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:38:08 honeypot-fra-1 sshd[17856]: Received disconnect from 190.153.249.99 port 50442:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:38:08.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:38:56.249Z","@version":"1","message":"Sep 15 11:38:56 honeypot-sgp-1 sshd[21491]: Received disconnect from 122.176.119.202 port 40530:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:40:24 honeypot-fra-1 kernel: [84116441.337303] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.70 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57854 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-15T11:40:24.778Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:41:40 honeypot-fra-1 sshd[17862]: Disconnected from invalid user admin 178.176.225.151 port 33690 [preauth]","@timestamp":"2022-09-15T11:41:40.808Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:42:37 honeypot-ams-1 sshd[27850]: Did not receive identification string from 80.76.51.45 port 44162","@timestamp":"2022-09-15T11:42:37.985Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:15 honeypot-ams-1 sshd[27855]: Received disconnect from 80.76.51.45 port 57868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:43:16.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:50 honeypot-ams-1 sshd[27859]: Disconnected from authenticating user root 80.76.51.45 port 36824 [preauth]","@timestamp":"2022-09-15T11:43:51.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:44:40 honeypot-ams-1 sshd[27865]: Disconnected from authenticating user root 80.76.51.45 port 33434 [preauth]","@timestamp":"2022-09-15T11:44:41.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:45:30 honeypot-ams-1 sshd[27874]: Disconnected from authenticating user root 80.76.51.45 port 58174 [preauth]","@timestamp":"2022-09-15T11:45:31.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:46:03 honeypot-ams-1 sshd[27880]: Invalid user user from 80.76.51.45 port 37030","@timestamp":"2022-09-15T11:46:04.091Z"}
{"@timestamp":"2022-09-15T11:46:32.436Z","@version":"1","message":"Sep 15 11:46:31 honeypot-sgp-1 kernel: [84118499.252515] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=36235 DF PROTO=TCP SPT=58276 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:51:01 honeypot-ams-1 sshd[27885]: Invalid user guest from 179.60.147.69 port 49002","@timestamp":"2022-09-15T11:51:02.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:51:47 honeypot-fra-1 kernel: [84117124.442546] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=6269 PROTO=TCP SPT=58064 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:51:48.040Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:55:40 honeypot-fra-1 sshd[17874]: Received disconnect from 147.182.205.245 port 49530:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:55:41.129Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:56:17 honeypot-ams-1 sshd[27892]: Connection closed by invalid user tomcat 193.106.191.157 port 42644 [preauth]","@timestamp":"2022-09-15T11:56:17.358Z"}
{"@timestamp":"2022-09-15T12:00:16.772Z","@version":"1","message":"Sep 15 12:00:16 honeypot-sgp-1 sshd[21499]: Received disconnect from 193.142.146.50 port 34876:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:01:58.815Z","@version":"1","message":"Sep 15 12:01:58 honeypot-sgp-1 sshd[21505]: Received disconnect from 193.142.146.50 port 52970:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:24.828Z","@version":"1","message":"Sep 15 12:02:24 honeypot-sgp-1 sshd[21511]: Disconnected from authenticating user root 193.142.146.50 port 33786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:40.836Z","@version":"1","message":"Sep 15 12:02:40 honeypot-sgp-1 sshd[21517]: Invalid user user from 45.61.186.49 port 54966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:51.842Z","@version":"1","message":"Sep 15 12:02:51 honeypot-sgp-1 sshd[21521]: Invalid user user from 45.61.186.49 port 38234","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:03:17 honeypot-fra-1 kernel: [84117814.504617] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44376 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:03:18.304Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:03:55.871Z","@version":"1","message":"Sep 15 12:03:55 honeypot-sgp-1 sshd[21525]: Disconnected from authenticating user root 193.142.146.50 port 33240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:28.888Z","@version":"1","message":"Sep 15 12:04:27 honeypot-sgp-1 kernel: [84119575.180486] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=23346 PROTO=TCP SPT=43203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:05:38 honeypot-fra-1 sshd[17882]: Invalid user lavinia from 165.22.45.108 port 42464","@timestamp":"2022-09-15T12:05:39.362Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:08:43.993Z","@version":"1","message":"Sep 15 12:08:43 honeypot-sgp-1 sshd[21537]: Invalid user nagios from 128.199.19.74 port 51748","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:10:58.049Z","@version":"1","message":"Sep 15 12:10:58 honeypot-sgp-1 sshd[21540]: Disconnected from invalid user user 45.61.184.204 port 55902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:18.060Z","@version":"1","message":"Sep 15 12:11:17 honeypot-sgp-1 sshd[21544]: Disconnected from invalid user user 45.61.184.204 port 50708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 12:11:27 honeypot-ams-1 kernel: [84120469.388374] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28657 PROTO=TCP SPT=43203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:11:27.755Z"}
{"@timestamp":"2022-09-15T12:11:37.069Z","@version":"1","message":"Sep 15 12:11:36 honeypot-sgp-1 sshd[21549]: Disconnected from invalid user user 45.61.184.204 port 45504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:54.078Z","@version":"1","message":"Sep 15 12:11:53 honeypot-sgp-1 sshd[21553]: Disconnected from invalid user user 45.61.184.204 port 40310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:12:46 honeypot-fra-1 sshd[17887]: Invalid user admin from 128.199.160.207 port 54918","@timestamp":"2022-09-15T12:12:47.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:13:23 honeypot-fra-1 kernel: [84118421.124913] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=41594 PROTO=TCP SPT=47472 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:13:24.559Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:12 honeypot-fra-1 sshd[17896]: Received disconnect from 45.61.187.160 port 42504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:15:12.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:30 honeypot-fra-1 sshd[17900]: Received disconnect from 45.61.187.160 port 36964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:15:31.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:49 honeypot-fra-1 sshd[17904]: Received disconnect from 45.61.187.160 port 59652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:15:49.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:57 honeypot-fra-1 sshd[17908]: Disconnected from invalid user user 45.61.187.160 port 42780 [preauth]","@timestamp":"2022-09-15T12:15:58.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:17:09 honeypot-ams-1 sshd[27915]: Connection closed by invalid user pengfan 103.188.176.251 port 49786 [preauth]","@timestamp":"2022-09-15T12:17:10.903Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:17:36 honeypot-fra-1 kernel: [84118673.286654] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38032 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:17:36.669Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:40 honeypot-ams-1 sshd[27920]: Received disconnect from 45.61.186.249 port 38224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:18:40.944Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:59 honeypot-ams-1 sshd[27924]: Received disconnect from 45.61.186.249 port 60804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:18:59.973Z"}
{"@timestamp":"2022-09-15T12:19:02.255Z","@version":"1","message":"Sep 15 12:19:01 honeypot-sgp-1 kernel: [84120448.726187] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=165.140.166.222 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=21211 PROTO=TCP SPT=41063 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:17 honeypot-ams-1 sshd[27928]: Received disconnect from 45.61.186.249 port 55150:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:19:17.983Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:20:04 honeypot-ams-1 sshd[27932]: Received disconnect from 61.177.173.51 port 44632:11:  [preauth]","@timestamp":"2022-09-15T12:20:05.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:20:48 honeypot-ams-1 sshd[27938]: Received disconnect from 61.177.172.90 port 37221:11:  [preauth]","@timestamp":"2022-09-15T12:20:49.028Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:24:25 honeypot-fra-1 kernel: [84119083.066446] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=50332 DF PROTO=TCP SPT=42124 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:24:26.846Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:25:29.408Z","@version":"1","message":"Sep 15 12:25:29 honeypot-sgp-1 sshd[21567]: Connection closed by invalid user admin 178.128.125.205 port 48456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:25:51 honeypot-fra-1 sshd[17923]: Connection closed by invalid user tomcat 193.106.191.157 port 48890 [preauth]","@timestamp":"2022-09-15T12:25:51.882Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:26:46.442Z","@version":"1","message":"Sep 15 12:26:45 honeypot-sgp-1 sshd[21573]: Invalid user ubnt from 179.60.147.69 port 59708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:32.487Z","@version":"1","message":"Sep 15 12:28:31 honeypot-sgp-1 sshd[21580]: Invalid user ubnt from 109.42.178.255 port 29744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:35.488Z","@version":"1","message":"Sep 15 12:28:34 honeypot-sgp-1 sshd[21584]: Disconnected from authenticating user root 109.42.178.255 port 16091 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:39.490Z","@version":"1","message":"Sep 15 12:28:39 honeypot-sgp-1 sshd[21590]: Disconnected from authenticating user root 109.42.178.255 port 20494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:43.493Z","@version":"1","message":"Sep 15 12:28:43 honeypot-sgp-1 sshd[21596]: Disconnected from authenticating user root 109.42.178.255 port 3398 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:48.496Z","@version":"1","message":"Sep 15 12:28:47 honeypot-sgp-1 sshd[21602]: Disconnected from authenticating user root 109.42.178.255 port 9886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:52.498Z","@version":"1","message":"Sep 15 12:28:52 honeypot-sgp-1 sshd[21608]: Disconnected from authenticating user root 109.42.178.255 port 31177 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:57.501Z","@version":"1","message":"Sep 15 12:28:56 honeypot-sgp-1 sshd[21614]: Disconnected from authenticating user root 109.42.178.255 port 26730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:01.505Z","@version":"1","message":"Sep 15 12:29:01 honeypot-sgp-1 sshd[21620]: Disconnected from authenticating user root 109.42.178.255 port 20584 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:05.507Z","@version":"1","message":"Sep 15 12:29:05 honeypot-sgp-1 sshd[21626]: Disconnected from authenticating user root 109.42.178.255 port 22352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:10.510Z","@version":"1","message":"Sep 15 12:29:09 honeypot-sgp-1 sshd[21632]: Disconnected from authenticating user root 109.42.178.255 port 7360 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:14.512Z","@version":"1","message":"Sep 15 12:29:14 honeypot-sgp-1 sshd[21638]: Disconnected from authenticating user root 109.42.178.255 port 29223 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:29:17 honeypot-fra-1 kernel: [84119374.237987] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=48549 PROTO=TCP SPT=58067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:29:17.964Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:29:19.516Z","@version":"1","message":"Sep 15 12:29:18 honeypot-sgp-1 sshd[21644]: Disconnected from authenticating user root 109.42.178.255 port 23529 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:23.518Z","@version":"1","message":"Sep 15 12:29:22 honeypot-sgp-1 sshd[21650]: Invalid user admin from 109.42.178.255 port 13735","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:25.520Z","@version":"1","message":"Sep 15 12:29:25 honeypot-sgp-1 sshd[21654]: Invalid user admin from 109.42.178.255 port 5371","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:28.522Z","@version":"1","message":"Sep 15 12:29:28 honeypot-sgp-1 sshd[21658]: Invalid user admin from 109.42.178.255 port 29674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:31.524Z","@version":"1","message":"Sep 15 12:29:31 honeypot-sgp-1 sshd[21662]: Invalid user admin from 109.42.178.255 port 14227","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:34.526Z","@version":"1","message":"Sep 15 12:29:34 honeypot-sgp-1 sshd[21666]: Invalid user admin from 109.42.178.255 port 13033","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:37.528Z","@version":"1","message":"Sep 15 12:29:37 honeypot-sgp-1 sshd[21670]: Received disconnect from 109.42.178.255 port 18477:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:40.529Z","@version":"1","message":"Sep 15 12:29:40 honeypot-sgp-1 sshd[21674]: Disconnected from invalid user pi 109.42.178.255 port 2162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:43.531Z","@version":"1","message":"Sep 15 12:29:43 honeypot-sgp-1 sshd[21678]: Disconnected from invalid user user 109.42.178.255 port 23788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:46.534Z","@version":"1","message":"Sep 15 12:29:45 honeypot-sgp-1 sshd[21682]: Disconnected from invalid user mine 109.42.178.255 port 29830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:49.536Z","@version":"1","message":"Sep 15 12:29:48 honeypot-sgp-1 sshd[21686]: Disconnected from invalid user xbmc 109.42.178.255 port 4849 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:52.537Z","@version":"1","message":"Sep 15 12:29:51 honeypot-sgp-1 sshd[21690]: Disconnected from invalid user oracle 109.42.178.255 port 10275 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:55.539Z","@version":"1","message":"Sep 15 12:29:54 honeypot-sgp-1 sshd[21694]: Disconnected from invalid user postgres 109.42.178.255 port 6094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:58.541Z","@version":"1","message":"Sep 15 12:29:57 honeypot-sgp-1 sshd[21698]: Disconnected from invalid user support 109.42.178.255 port 3964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:00.544Z","@version":"1","message":"Sep 15 12:30:00 honeypot-sgp-1 sshd[21702]: Disconnected from invalid user ubuntu 109.42.178.255 port 30295 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:03.545Z","@version":"1","message":"Sep 15 12:30:03 honeypot-sgp-1 sshd[21706]: Disconnected from invalid user ubuntu 109.42.178.255 port 1248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:30:05 honeypot-ams-1 sshd[27947]: Connection closed by invalid user ubnt 179.60.147.69 port 12276 [preauth]","@timestamp":"2022-09-15T12:30:06.269Z"}
{"@timestamp":"2022-09-15T12:30:06.547Z","@version":"1","message":"Sep 15 12:30:06 honeypot-sgp-1 sshd[21710]: Disconnected from invalid user guest 109.42.178.255 port 28644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:09.549Z","@version":"1","message":"Sep 15 12:30:08 honeypot-sgp-1 sshd[21714]: Disconnected from invalid user cirros 109.42.178.255 port 16156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:33:27.631Z","@version":"1","message":"Sep 15 12:33:27 honeypot-sgp-1 sshd[21719]: Disconnected from authenticating user root 195.14.105.159 port 59046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:33:37 honeypot-ams-1 sshd[28028]: Received disconnect from 63.222.7.131 port 5957:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:33:37.363Z"}
{"@timestamp":"2022-09-15T12:34:44.666Z","@version":"1","message":"Sep 15 12:34:44 honeypot-sgp-1 sshd[21724]: Received disconnect from 141.255.162.226 port 44156:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:34:47.668Z","@version":"1","message":"Sep 15 12:34:47 honeypot-sgp-1 sshd[21728]: Received disconnect from 141.255.162.226 port 58670:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:35:01 honeypot-ams-1 sshd[28030]: Disconnecting invalid user admin 81.17.25.50 port 55128: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:35:02.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:37:03 honeypot-ams-1 sshd[28038]: Disconnecting invalid user admin 81.17.25.50 port 17630: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:37:03.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:39:07 honeypot-ams-1 sshd[28045]: Disconnecting invalid user aerohive 81.17.25.50 port 45230: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:39:07.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:40:32 honeypot-ams-1 sshd[28055]: Invalid user private from 81.17.25.50 port 1823","@timestamp":"2022-09-15T12:40:33.565Z"}
{"@timestamp":"2022-09-15T12:41:39.831Z","@version":"1","message":"Sep 15 12:41:39 honeypot-sgp-1 kernel: [84121806.729358] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.128.96 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=38223 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:42:32 honeypot-ams-1 sshd[28061]: Received disconnect from 92.255.85.70 port 51188:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:42:32.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:44:18 honeypot-ams-1 sshd[28068]: Invalid user  from 81.17.25.50 port 51224","@timestamp":"2022-09-15T12:44:18.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:45:43 honeypot-ams-1 sshd[28076]: Disconnecting invalid user Admin 81.17.25.50 port 29913: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:45:43.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:47:02 honeypot-ams-1 sshd[28086]: Disconnecting invalid user guest 81.17.25.50 port 38989: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:47:02.756Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:47:27 honeypot-fra-1 kernel: [84120464.893416] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.128 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60542 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:47:28.380Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:05 honeypot-ams-1 sshd[28094]: Invalid user Cisco from 81.17.25.50 port 9767","@timestamp":"2022-09-15T12:48:05.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:37 honeypot-ams-1 sshd[28100]: Invalid user admin from 81.17.25.50 port 34555","@timestamp":"2022-09-15T12:48:37.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:21 honeypot-ams-1 sshd[28107]: Disconnecting invalid user Administrator 81.17.25.50 port 28222: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:49:21.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:58 honeypot-ams-1 sshd[28113]: Disconnecting invalid user sti.admin5 81.17.25.50 port 60894: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:49:58.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:50:14 honeypot-fra-1 sshd[17937]: Disconnected from invalid user test2 159.65.27.32 port 40038 [preauth]","@timestamp":"2022-09-15T12:50:15.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:50:18.048Z","@version":"1","message":"Sep 15 12:50:17 honeypot-sgp-1 kernel: [84122324.770201] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.171.59.221 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=32378 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:50:43 honeypot-ams-1 sshd[28119]: Invalid user blank from 81.17.25.50 port 27897","@timestamp":"2022-09-15T12:50:43.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:51:39 honeypot-ams-1 sshd[28123]: Invalid user  from 81.17.25.50 port 10991","@timestamp":"2022-09-15T12:51:39.903Z"}
{"@timestamp":"2022-09-15T12:52:19.102Z","@version":"1","message":"Sep 15 12:52:18 honeypot-sgp-1 sshd[21742]: Invalid user pi from 79.232.100.20 port 38132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:52:22.105Z","@version":"1","message":"Sep 15 12:52:21 honeypot-sgp-1 sshd[21746]: Disconnected from invalid user Administrator 92.255.85.69 port 31850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:52:51 honeypot-fra-1 sshd[17941]: Disconnected from invalid user odoo 138.68.166.112 port 54500 [preauth]","@timestamp":"2022-09-15T12:52:51.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:53:02 honeypot-ams-1 sshd[28131]: Disconnected from authenticating user root 61.177.173.36 port 51206 [preauth]","@timestamp":"2022-09-15T12:53:02.944Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:53:59 honeypot-ams-1 sshd[28136]: Invalid user Administrator from 81.17.25.50 port 44138","@timestamp":"2022-09-15T12:53:59.973Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:54:59 honeypot-ams-1 sshd[28142]: Invalid user admin from 81.17.25.50 port 50783","@timestamp":"2022-09-15T12:55:00.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:57:46 honeypot-ams-1 sshd[28148]: Invalid user comcast from 81.17.25.50 port 25430","@timestamp":"2022-09-15T12:57:47.081Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:58:20 honeypot-ams-1 sshd[28152]: Invalid user  from 81.17.25.50 port 56150","@timestamp":"2022-09-15T12:58:21.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:59:37 honeypot-ams-1 sshd[28162]: Invalid user  from 81.17.25.50 port 9426","@timestamp":"2022-09-15T12:59:37.138Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:27 honeypot-ams-1 sshd[28168]: Invalid user admin from 81.17.25.50 port 44841","@timestamp":"2022-09-15T13:00:27.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:01:02 honeypot-fra-1 sshd[17948]: Invalid user gh from 67.207.94.180 port 35348","@timestamp":"2022-09-15T13:01:03.691Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:01:09 honeypot-ams-1 sshd[28174]: Disconnecting invalid user admin 81.17.25.50 port 25610: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:01:10.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:02:22 honeypot-ams-1 sshd[28180]: Disconnecting invalid user admin 81.17.25.50 port 15796: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:02:23.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:03:16 honeypot-ams-1 sshd[28186]: Invalid user Shiko from 81.17.25.50 port 14789","@timestamp":"2022-09-15T13:03:17.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:03:58 honeypot-ams-1 sshd[28190]: Disconnecting invalid user Broadcom 81.17.25.50 port 25659: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:03:59.338Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:04:10 honeypot-fra-1 sshd[17953]: Invalid user debian from 179.60.147.69 port 48528","@timestamp":"2022-09-15T13:04:10.762Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:04:45 honeypot-ams-1 sshd[28198]: Disconnecting invalid user cusadmin 81.17.25.50 port 40251: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:04:46.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:05:48 honeypot-ams-1 sshd[28204]: Disconnecting invalid user sweex 81.17.25.50 port 35485: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:05:49.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:19 honeypot-ams-1 sshd[28208]: Invalid user admin from 81.17.25.50 port 39309","@timestamp":"2022-09-15T13:06:19.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:41 honeypot-ams-1 sshd[28215]: Invalid user  from 81.17.25.50 port 27538","@timestamp":"2022-09-15T13:06:42.445Z"}
{"@timestamp":"2022-09-15T13:07:05.475Z","@version":"1","message":"Sep 15 13:07:05 honeypot-sgp-1 sshd[21754]: Received disconnect from 190.13.81.218 port 39655:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:14 honeypot-ams-1 sshd[28223]: Invalid user user from 81.17.25.50 port 34858","@timestamp":"2022-09-15T13:07:14.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:39 honeypot-ams-1 sshd[28233]: Disconnected from authenticating user root 80.76.51.189 port 44960 [preauth]","@timestamp":"2022-09-15T13:07:39.477Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:07 honeypot-ams-1 sshd[28235]: Disconnecting invalid user 123456 81.17.25.50 port 59075: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:08:07.492Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:32 honeypot-ams-1 sshd[28243]: Disconnecting invalid user amdin 81.17.25.50 port 37637: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:08:32.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:51 honeypot-ams-1 sshd[28249]: Disconnecting invalid user Admin 81.17.25.50 port 15428: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:08:52.516Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:13 honeypot-ams-1 sshd[28253]: Disconnecting invalid user DZY-W2914NSV2 81.17.25.50 port 30723: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:09:14.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:29 honeypot-ams-1 sshd[28262]: Disconnecting invalid user zoomadsl 81.17.25.50 port 27695: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:09:30.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:46 honeypot-ams-1 sshd[28266]: Invalid user 1admin0 from 81.17.25.50 port 43548","@timestamp":"2022-09-15T13:09:46.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:10:47 honeypot-ams-1 sshd[28276]: Received disconnect from 80.76.51.189 port 54184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:10:47.576Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:12:01 honeypot-ams-1 kernel: [84124103.613012] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37036 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:12:01.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:12:55 honeypot-ams-1 sshd[28285]: Disconnected from invalid user admin 80.76.51.189 port 51024 [preauth]","@timestamp":"2022-09-15T13:12:55.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:14:02 honeypot-ams-1 sshd[28289]: Disconnected from invalid user ansible 80.76.51.189 port 35330 [preauth]","@timestamp":"2022-09-15T13:14:02.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:15:11 honeypot-ams-1 sshd[28294]: Disconnected from invalid user ansible 80.76.51.189 port 47868 [preauth]","@timestamp":"2022-09-15T13:15:11.697Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:15:43 honeypot-fra-1 sshd[17960]: Invalid user Administrator from 92.255.85.69 port 51366","@timestamp":"2022-09-15T13:15:44.024Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:16:53 honeypot-ams-1 sshd[28300]: Received disconnect from 80.76.51.189 port 52552:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:16:53.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:24 honeypot-ams-1 sshd[28308]: Did not receive identification string from 198.98.61.9 port 58612","@timestamp":"2022-09-15T13:17:24.760Z"}
{"@timestamp":"2022-09-15T13:17:31.737Z","@version":"1","message":"Sep 15 13:17:31 honeypot-sgp-1 sshd[21760]: Disconnected from invalid user steam 92.255.85.70 port 41166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:46 honeypot-ams-1 sshd[28311]: Disconnected from invalid user user 198.98.61.9 port 35552 [preauth]","@timestamp":"2022-09-15T13:17:46.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:01 honeypot-ams-1 sshd[28315]: Disconnected from invalid user postgres 80.76.51.189 port 36844 [preauth]","@timestamp":"2022-09-15T13:18:01.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:12 honeypot-ams-1 sshd[28319]: Disconnected from invalid user user 198.98.61.9 port 42500 [preauth]","@timestamp":"2022-09-15T13:18:12.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:28 honeypot-ams-1 sshd[28325]: Invalid user user from 198.98.61.9 port 37728","@timestamp":"2022-09-15T13:18:29.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:36 honeypot-ams-1 sshd[28327]: Received disconnect from 198.98.61.9 port 49450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:18:37.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:19:47 honeypot-ams-1 sshd[28336]: Invalid user odoo from 80.76.51.189 port 41530","@timestamp":"2022-09-15T13:19:47.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:20:59 honeypot-ams-1 sshd[28340]: Disconnected from authenticating user root 80.76.51.189 port 54070 [preauth]","@timestamp":"2022-09-15T13:20:59.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:26 honeypot-fra-1 sshd[17966]: Did not receive identification string from 192.174.125.154 port 59041","@timestamp":"2022-09-15T13:23:27.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:29 honeypot-fra-1 sshd[17970]: Disconnected from authenticating user root 192.174.125.154 port 6209 [preauth]","@timestamp":"2022-09-15T13:23:29.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:31 honeypot-fra-1 sshd[17974]: Disconnected from invalid user user 192.174.125.154 port 17857 [preauth]","@timestamp":"2022-09-15T13:23:31.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:33 honeypot-fra-1 sshd[17980]: Invalid user admin from 192.174.125.154 port 36577","@timestamp":"2022-09-15T13:23:34.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:35 honeypot-fra-1 sshd[17984]: Invalid user user2 from 192.174.125.154 port 48641","@timestamp":"2022-09-15T13:23:36.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:38 honeypot-fra-1 sshd[17988]: Received disconnect from 192.174.125.154 port 60385:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:38.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:40 honeypot-fra-1 sshd[17992]: Received disconnect from 192.174.125.154 port 8929:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:40.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:41 honeypot-fra-1 sshd[17996]: Disconnected from invalid user admin 192.174.125.154 port 19841 [preauth]","@timestamp":"2022-09-15T13:23:42.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:43 honeypot-fra-1 sshd[18000]: Disconnected from invalid user user2 192.174.125.154 port 31457 [preauth]","@timestamp":"2022-09-15T13:23:44.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:46 honeypot-fra-1 sshd[18006]: Invalid user user from 192.174.125.154 port 49377","@timestamp":"2022-09-15T13:23:47.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:48 honeypot-fra-1 sshd[18010]: Received disconnect from 192.174.125.154 port 61057:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:49.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:50 honeypot-fra-1 sshd[18014]: Received disconnect from 192.174.125.154 port 9697:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:51.217Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:52 honeypot-fra-1 sshd[18018]: Disconnected from authenticating user root 192.174.125.154 port 21633 [preauth]","@timestamp":"2022-09-15T13:23:53.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:54 honeypot-fra-1 sshd[18022]: Disconnected from invalid user user 192.174.125.154 port 33025 [preauth]","@timestamp":"2022-09-15T13:23:55.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:57 honeypot-fra-1 sshd[18028]: Invalid user admin from 192.174.125.154 port 51425","@timestamp":"2022-09-15T13:23:58.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:59 honeypot-fra-1 sshd[18032]: Invalid user user2 from 192.174.125.154 port 62913","@timestamp":"2022-09-15T13:24:00.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:01 honeypot-fra-1 sshd[18036]: Received disconnect from 192.174.125.154 port 13057:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:02.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:10 honeypot-fra-1 sshd[18040]: Invalid user user2 from 192.174.125.154 port 4961","@timestamp":"2022-09-15T13:24:11.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:12 honeypot-fra-1 sshd[18044]: Received disconnect from 192.174.125.154 port 16770:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:13.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:14 honeypot-fra-1 sshd[18048]: Received disconnect from 192.174.125.154 port 27745:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:15.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:16 honeypot-fra-1 sshd[18052]: Disconnected from invalid user admin 192.174.125.154 port 39777 [preauth]","@timestamp":"2022-09-15T13:24:17.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:18 honeypot-fra-1 sshd[18056]: Disconnected from invalid user user2 192.174.125.154 port 51585 [preauth]","@timestamp":"2022-09-15T13:24:19.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:21 honeypot-fra-1 sshd[18062]: Invalid user user from 192.174.125.154 port 7233","@timestamp":"2022-09-15T13:24:22.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:24 honeypot-fra-1 sshd[18066]: Received disconnect from 192.174.125.154 port 19042:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:24.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:26 honeypot-fra-1 sshd[18070]: Received disconnect from 192.174.125.154 port 30817:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:26.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:28 honeypot-fra-1 sshd[18074]: Disconnected from authenticating user root 192.174.125.154 port 42977 [preauth]","@timestamp":"2022-09-15T13:24:28.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:30 honeypot-fra-1 sshd[18078]: Disconnected from invalid user user 192.174.125.154 port 55201 [preauth]","@timestamp":"2022-09-15T13:24:30.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:32 honeypot-fra-1 sshd[18084]: Invalid user admin from 192.174.125.154 port 10177","@timestamp":"2022-09-15T13:24:33.244Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:34 honeypot-fra-1 sshd[18088]: Invalid user user2 from 192.174.125.154 port 22113","@timestamp":"2022-09-15T13:24:35.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:37 honeypot-fra-1 sshd[18092]: Received disconnect from 192.174.125.154 port 34306:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:37.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:39 honeypot-fra-1 sshd[18096]: Received disconnect from 192.174.125.154 port 46625:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:39.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:41 honeypot-fra-1 sshd[18100]: Disconnected from invalid user admin 192.174.125.154 port 58497 [preauth]","@timestamp":"2022-09-15T13:24:41.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:43 honeypot-fra-1 sshd[18104]: Disconnected from invalid user user2 192.174.125.154 port 7681 [preauth]","@timestamp":"2022-09-15T13:24:43.251Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:45 honeypot-fra-1 sshd[18110]: Invalid user user from 192.174.125.154 port 25633","@timestamp":"2022-09-15T13:24:46.253Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:48 honeypot-fra-1 sshd[18114]: Received disconnect from 192.174.125.154 port 38529:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:48.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:50 honeypot-fra-1 sshd[18118]: Received disconnect from 192.174.125.154 port 51169:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:50.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:52 honeypot-fra-1 sshd[18122]: Disconnected from authenticating user root 192.174.125.154 port 63617 [preauth]","@timestamp":"2022-09-15T13:24:52.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:54 honeypot-fra-1 sshd[18126]: Disconnected from invalid user user 192.174.125.154 port 12450 [preauth]","@timestamp":"2022-09-15T13:24:54.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:56 honeypot-fra-1 sshd[18132]: Invalid user admin from 192.174.125.154 port 30977","@timestamp":"2022-09-15T13:24:57.260Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:59 honeypot-fra-1 sshd[18136]: Invalid user user2 from 192.174.125.154 port 43265","@timestamp":"2022-09-15T13:24:59.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:01 honeypot-fra-1 sshd[18140]: Received disconnect from 192.174.125.154 port 55873:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:01.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:03 honeypot-fra-1 sshd[18144]: Received disconnect from 192.174.125.154 port 4801:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:03.265Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:05 honeypot-fra-1 sshd[18148]: Received disconnect from 192.174.125.154 port 16257:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:05.266Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:07 honeypot-fra-1 sshd[18152]: Received disconnect from 192.174.125.154 port 28161:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:07.267Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:09 honeypot-fra-1 sshd[18156]: Disconnected from invalid user admin 192.174.125.154 port 39905 [preauth]","@timestamp":"2022-09-15T13:25:09.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:11 honeypot-fra-1 sshd[18160]: Disconnected from invalid user user2 192.174.125.154 port 51330 [preauth]","@timestamp":"2022-09-15T13:25:11.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:14 honeypot-fra-1 sshd[18166]: Invalid user user from 192.174.125.154 port 6785","@timestamp":"2022-09-15T13:25:14.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:16 honeypot-fra-1 sshd[18170]: Received disconnect from 192.174.125.154 port 19009:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:16.274Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:18 honeypot-fra-1 sshd[18174]: Received disconnect from 192.174.125.154 port 30658:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:18.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:20 honeypot-fra-1 sshd[18178]: Disconnected from authenticating user root 192.174.125.154 port 42114 [preauth]","@timestamp":"2022-09-15T13:25:20.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:22 honeypot-fra-1 sshd[18182]: Disconnected from invalid user user 192.174.125.154 port 54049 [preauth]","@timestamp":"2022-09-15T13:25:22.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:25 honeypot-fra-1 sshd[18188]: Invalid user admin from 192.174.125.154 port 9249","@timestamp":"2022-09-15T13:25:25.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:27 honeypot-fra-1 sshd[18192]: Invalid user user2 from 192.174.125.154 port 21281","@timestamp":"2022-09-15T13:25:27.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:29 honeypot-fra-1 sshd[18196]: Received disconnect from 192.174.125.154 port 33057:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:29.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:31 honeypot-fra-1 sshd[18200]: Received disconnect from 192.174.125.154 port 44865:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:31.284Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:33 honeypot-fra-1 sshd[18204]: Disconnected from invalid user admin 192.174.125.154 port 56193 [preauth]","@timestamp":"2022-09-15T13:25:33.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:35 honeypot-fra-1 sshd[18208]: Disconnected from invalid user user2 192.174.125.154 port 5633 [preauth]","@timestamp":"2022-09-15T13:25:36.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:38 honeypot-fra-1 sshd[18214]: Invalid user user from 192.174.125.154 port 23009","@timestamp":"2022-09-15T13:25:38.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:40 honeypot-fra-1 sshd[18218]: Received disconnect from 192.174.125.154 port 34081:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:40.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:42 honeypot-fra-1 sshd[18222]: Received disconnect from 192.174.125.154 port 45121:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:42.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:44 honeypot-fra-1 sshd[18226]: Disconnected from authenticating user root 192.174.125.154 port 56353 [preauth]","@timestamp":"2022-09-15T13:25:44.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:46 honeypot-fra-1 sshd[18230]: Disconnected from invalid user user 192.174.125.154 port 5025 [preauth]","@timestamp":"2022-09-15T13:25:46.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:49 honeypot-fra-1 sshd[18236]: Invalid user admin from 192.174.125.154 port 22273","@timestamp":"2022-09-15T13:25:49.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:51 honeypot-fra-1 sshd[18240]: Invalid user user2 from 192.174.125.154 port 33921","@timestamp":"2022-09-15T13:25:51.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:53 honeypot-fra-1 sshd[18244]: Received disconnect from 192.174.125.154 port 44737:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:53.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:55 honeypot-fra-1 sshd[18248]: Received disconnect from 192.174.125.154 port 56193:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:56.301Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:57 honeypot-fra-1 sshd[18252]: Disconnected from invalid user admin 192.174.125.154 port 4417 [preauth]","@timestamp":"2022-09-15T13:25:58.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:59 honeypot-fra-1 sshd[18256]: Disconnected from invalid user user2 192.174.125.154 port 14529 [preauth]","@timestamp":"2022-09-15T13:25:59.304Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:02 honeypot-fra-1 sshd[18262]: Invalid user user from 192.174.125.154 port 32097","@timestamp":"2022-09-15T13:26:02.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:04 honeypot-fra-1 sshd[18266]: Received disconnect from 192.174.125.154 port 42817:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:04.307Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:06 honeypot-fra-1 sshd[18271]: Received disconnect from 192.174.125.154 port 53826:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:06.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:08 honeypot-fra-1 sshd[18275]: Disconnected from authenticating user root 192.174.125.154 port 64353 [preauth]","@timestamp":"2022-09-15T13:26:09.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:10 honeypot-fra-1 sshd[18279]: Disconnected from invalid user user 192.174.125.154 port 12449 [preauth]","@timestamp":"2022-09-15T13:26:10.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:13 honeypot-fra-1 sshd[18285]: Invalid user admin from 192.174.125.154 port 27777","@timestamp":"2022-09-15T13:26:13.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:15 honeypot-fra-1 sshd[18289]: Invalid user user2 from 192.174.125.154 port 38498","@timestamp":"2022-09-15T13:26:15.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:17 honeypot-fra-1 sshd[18293]: Received disconnect from 192.174.125.154 port 48897:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:17.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:19 honeypot-fra-1 sshd[18297]: Received disconnect from 192.174.125.154 port 59618:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:19.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:21 honeypot-fra-1 sshd[18301]: Disconnected from invalid user admin 192.174.125.154 port 7393 [preauth]","@timestamp":"2022-09-15T13:26:21.319Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:23 honeypot-fra-1 sshd[18305]: Disconnected from invalid user user2 192.174.125.154 port 17921 [preauth]","@timestamp":"2022-09-15T13:26:23.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:26 honeypot-fra-1 sshd[18311]: Invalid user user from 192.174.125.154 port 34241","@timestamp":"2022-09-15T13:26:26.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:28 honeypot-fra-1 sshd[18315]: Received disconnect from 192.174.125.154 port 45313:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:28.324Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:30 honeypot-fra-1 sshd[18319]: Received disconnect from 192.174.125.154 port 56129:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:30.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:32 honeypot-fra-1 sshd[18323]: Disconnected from authenticating user root 192.174.125.154 port 4033 [preauth]","@timestamp":"2022-09-15T13:26:32.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:34 honeypot-fra-1 sshd[18327]: Disconnected from invalid user user 192.174.125.154 port 14561 [preauth]","@timestamp":"2022-09-15T13:26:34.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:37 honeypot-fra-1 sshd[18333]: Invalid user admin from 192.174.125.154 port 29377","@timestamp":"2022-09-15T13:26:37.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:39 honeypot-fra-1 sshd[18337]: Invalid user user2 from 192.174.125.154 port 39489","@timestamp":"2022-09-15T13:26:39.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:41 honeypot-fra-1 sshd[18341]: Received disconnect from 192.174.125.154 port 49857:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:41.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:43 honeypot-fra-1 sshd[18345]: Received disconnect from 192.174.125.154 port 59617:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:43.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:44 honeypot-fra-1 sshd[18349]: Disconnected from invalid user admin 192.174.125.154 port 6017 [preauth]","@timestamp":"2022-09-15T13:26:45.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:46 honeypot-fra-1 sshd[18353]: Disconnected from invalid user user2 192.174.125.154 port 16065 [preauth]","@timestamp":"2022-09-15T13:26:47.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:49 honeypot-fra-1 sshd[18359]: Invalid user user from 192.174.125.154 port 31425","@timestamp":"2022-09-15T13:26:50.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:51 honeypot-fra-1 sshd[18363]: Received disconnect from 192.174.125.154 port 41314:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:52.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:53 honeypot-fra-1 sshd[18367]: Received disconnect from 192.174.125.154 port 51521:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:54.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:55 honeypot-fra-1 sshd[18371]: Disconnected from authenticating user root 192.174.125.154 port 61185 [preauth]","@timestamp":"2022-09-15T13:26:56.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:57 honeypot-fra-1 sshd[18375]: Disconnected from invalid user user 192.174.125.154 port 8353 [preauth]","@timestamp":"2022-09-15T13:26:58.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:00 honeypot-fra-1 sshd[18381]: Invalid user admin from 192.174.125.154 port 23425","@timestamp":"2022-09-15T13:27:01.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:02 honeypot-fra-1 sshd[18385]: Invalid user user2 from 192.174.125.154 port 32994","@timestamp":"2022-09-15T13:27:03.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:04 honeypot-fra-1 sshd[18389]: Received disconnect from 192.174.125.154 port 42913:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:05.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:06 honeypot-fra-1 sshd[18393]: Received disconnect from 192.174.125.154 port 52577:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:07.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:08 honeypot-fra-1 sshd[18397]: Disconnected from invalid user admin 192.174.125.154 port 62561 [preauth]","@timestamp":"2022-09-15T13:27:09.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:10 honeypot-fra-1 sshd[18401]: Disconnected from invalid user user2 192.174.125.154 port 9089 [preauth]","@timestamp":"2022-09-15T13:27:11.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:13 honeypot-fra-1 sshd[18407]: Invalid user user from 192.174.125.154 port 24417","@timestamp":"2022-09-15T13:27:13.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:15 honeypot-fra-1 sshd[18411]: Received disconnect from 192.174.125.154 port 34241:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:16.358Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:17 honeypot-fra-1 sshd[18415]: Received disconnect from 192.174.125.154 port 44577:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:18.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:19 honeypot-fra-1 sshd[18419]: Disconnected from authenticating user root 192.174.125.154 port 54177 [preauth]","@timestamp":"2022-09-15T13:27:20.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:21 honeypot-fra-1 sshd[18423]: Disconnected from invalid user user 192.174.125.154 port 64193 [preauth]","@timestamp":"2022-09-15T13:27:21.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:24 honeypot-fra-1 sshd[18429]: Invalid user admin from 192.174.125.154 port 15457","@timestamp":"2022-09-15T13:27:24.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:26 honeypot-fra-1 sshd[18433]: Invalid user user2 from 192.174.125.154 port 25314","@timestamp":"2022-09-15T13:27:26.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:28 honeypot-fra-1 sshd[18437]: Received disconnect from 192.174.125.154 port 35361:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:28.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:30 honeypot-fra-1 sshd[18441]: Invalid user user2 from 192.174.125.154 port 45249","@timestamp":"2022-09-15T13:27:30.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:32 honeypot-fra-1 sshd[18445]: Received disconnect from 192.174.125.154 port 54593:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:32.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:41 honeypot-fra-1 sshd[18449]: Received disconnect from 192.174.125.154 port 35969:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:41.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:43 honeypot-fra-1 sshd[18453]: Disconnected from invalid user admin 192.174.125.154 port 45825 [preauth]","@timestamp":"2022-09-15T13:27:43.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:45 honeypot-fra-1 sshd[18457]: Disconnected from invalid user user2 192.174.125.154 port 56097 [preauth]","@timestamp":"2022-09-15T13:27:45.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:47 honeypot-fra-1 sshd[18463]: Invalid user user from 192.174.125.154 port 7873","@timestamp":"2022-09-15T13:27:48.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:50 honeypot-fra-1 sshd[18467]: Received disconnect from 192.174.125.154 port 17730:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:50.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:51 honeypot-fra-1 sshd[18471]: Received disconnect from 192.174.125.154 port 27233:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:52.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:53 honeypot-fra-1 sshd[18475]: Disconnected from authenticating user root 192.174.125.154 port 37537 [preauth]","@timestamp":"2022-09-15T13:27:54.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:55 honeypot-fra-1 sshd[18479]: Disconnected from invalid user user 192.174.125.154 port 47777 [preauth]","@timestamp":"2022-09-15T13:27:56.384Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:58 honeypot-fra-1 sshd[18485]: Invalid user admin from 192.174.125.154 port 63201","@timestamp":"2022-09-15T13:27:59.387Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:00 honeypot-fra-1 sshd[18489]: Invalid user user2 from 192.174.125.154 port 11009","@timestamp":"2022-09-15T13:28:01.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:02 honeypot-fra-1 sshd[18493]: Received disconnect from 192.174.125.154 port 21409:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:03.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:04 honeypot-fra-1 sshd[18497]: Received disconnect from 192.174.125.154 port 31617:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:05.391Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:06 honeypot-fra-1 sshd[18501]: Disconnected from invalid user admin 192.174.125.154 port 42177 [preauth]","@timestamp":"2022-09-15T13:28:07.392Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:08 honeypot-fra-1 sshd[18505]: Disconnected from invalid user user2 192.174.125.154 port 52769 [preauth]","@timestamp":"2022-09-15T13:28:09.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:11 honeypot-fra-1 sshd[18511]: Invalid user user from 192.174.125.154 port 5825","@timestamp":"2022-09-15T13:28:12.396Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:13 honeypot-fra-1 sshd[18515]: Received disconnect from 192.174.125.154 port 16642:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:14.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:15 honeypot-fra-1 sshd[18519]: Received disconnect from 192.174.125.154 port 27201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:16.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:17 honeypot-fra-1 sshd[18523]: Disconnected from authenticating user root 192.174.125.154 port 37953 [preauth]","@timestamp":"2022-09-15T13:28:18.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:19 honeypot-fra-1 sshd[18527]: Disconnected from invalid user user 192.174.125.154 port 48737 [preauth]","@timestamp":"2022-09-15T13:28:20.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:22 honeypot-fra-1 sshd[18533]: Invalid user admin from 192.174.125.154 port 64961","@timestamp":"2022-09-15T13:28:22.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:24 honeypot-fra-1 sshd[18537]: Invalid user user2 from 192.174.125.154 port 12545","@timestamp":"2022-09-15T13:28:24.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:26 honeypot-fra-1 sshd[18541]: Received disconnect from 192.174.125.154 port 23041:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:26.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:28 honeypot-fra-1 sshd[18545]: Received disconnect from 192.174.125.154 port 33537:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:28.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:30 honeypot-fra-1 sshd[18549]: Disconnected from invalid user admin 192.174.125.154 port 44642 [preauth]","@timestamp":"2022-09-15T13:28:30.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:32 honeypot-fra-1 sshd[18553]: Disconnected from invalid user user2 192.174.125.154 port 55425 [preauth]","@timestamp":"2022-09-15T13:28:32.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:34 honeypot-fra-1 sshd[18559]: Invalid user user from 192.174.125.154 port 9633","@timestamp":"2022-09-15T13:28:35.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:37 honeypot-fra-1 sshd[18563]: Received disconnect from 192.174.125.154 port 20449:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:37.413Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:38 honeypot-fra-1 sshd[18567]: Received disconnect from 192.174.125.154 port 31489:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:39.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:40 honeypot-fra-1 sshd[18571]: Disconnected from authenticating user root 192.174.125.154 port 42945 [preauth]","@timestamp":"2022-09-15T13:28:41.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:49 honeypot-fra-1 sshd[18575]: Disconnected from invalid user user 192.174.125.154 port 31137 [preauth]","@timestamp":"2022-09-15T13:28:50.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:52 honeypot-fra-1 sshd[18581]: Invalid user admin from 192.174.125.154 port 47713","@timestamp":"2022-09-15T13:28:53.422Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:54 honeypot-fra-1 sshd[18585]: Invalid user user2 from 192.174.125.154 port 59617","@timestamp":"2022-09-15T13:28:55.424Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:56 honeypot-fra-1 sshd[18589]: Received disconnect from 192.174.125.154 port 7586:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:57.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:58 honeypot-fra-1 sshd[18593]: Received disconnect from 192.174.125.154 port 18977:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:59.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:00 honeypot-fra-1 sshd[18597]: Disconnected from invalid user admin 192.174.125.154 port 30177 [preauth]","@timestamp":"2022-09-15T13:29:01.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:02 honeypot-fra-1 sshd[18601]: Disconnected from invalid user user2 192.174.125.154 port 41441 [preauth]","@timestamp":"2022-09-15T13:29:03.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:05 honeypot-fra-1 sshd[18607]: Invalid user user from 192.174.125.154 port 58209","@timestamp":"2022-09-15T13:29:06.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:07 honeypot-fra-1 sshd[18611]: Received disconnect from 192.174.125.154 port 6881:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:08.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:09 honeypot-fra-1 sshd[18615]: Received disconnect from 192.174.125.154 port 18081:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:10.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:11 honeypot-fra-1 sshd[18619]: Disconnected from authenticating user root 192.174.125.154 port 29569 [preauth]","@timestamp":"2022-09-15T13:29:12.436Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:13 honeypot-fra-1 sshd[18623]: Disconnected from invalid user user 192.174.125.154 port 40609 [preauth]","@timestamp":"2022-09-15T13:29:14.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:16 honeypot-fra-1 sshd[18629]: Invalid user admin from 192.174.125.154 port 57889","@timestamp":"2022-09-15T13:29:17.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:17 honeypot-fra-1 sshd[18631]: Disconnected from invalid user user 192.174.125.154 port 63265 [preauth]","@timestamp":"2022-09-15T13:29:18.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:20 honeypot-fra-1 sshd[18637]: Invalid user admin from 192.174.125.154 port 17634","@timestamp":"2022-09-15T13:29:20.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:22 honeypot-fra-1 sshd[18641]: Invalid user user2 from 192.174.125.154 port 28545","@timestamp":"2022-09-15T13:29:22.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:24 honeypot-fra-1 sshd[18645]: Received disconnect from 192.174.125.154 port 39201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:24.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:26 honeypot-fra-1 sshd[18649]: Received disconnect from 192.174.125.154 port 50305:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:26.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:28 honeypot-fra-1 sshd[18653]: Disconnected from invalid user admin 192.174.125.154 port 62849 [preauth]","@timestamp":"2022-09-15T13:29:28.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:30 honeypot-fra-1 sshd[18657]: Disconnected from invalid user user2 192.174.125.154 port 11425 [preauth]","@timestamp":"2022-09-15T13:29:30.449Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:32 honeypot-fra-1 sshd[18663]: Invalid user user from 192.174.125.154 port 29058","@timestamp":"2022-09-15T13:29:33.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:34 honeypot-fra-1 sshd[18667]: Received disconnect from 192.174.125.154 port 39617:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:35.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:36 honeypot-fra-1 sshd[18671]: Received disconnect from 192.174.125.154 port 50977:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:37.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:38 honeypot-fra-1 sshd[18675]: Disconnected from authenticating user root 192.174.125.154 port 62913 [preauth]","@timestamp":"2022-09-15T13:29:39.454Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:40 honeypot-fra-1 sshd[18679]: Disconnected from invalid user user 192.174.125.154 port 11873 [preauth]","@timestamp":"2022-09-15T13:29:41.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:43 honeypot-fra-1 sshd[18685]: Invalid user admin from 192.174.125.154 port 28769","@timestamp":"2022-09-15T13:29:44.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:45 honeypot-fra-1 sshd[18689]: Invalid user user2 from 192.174.125.154 port 39713","@timestamp":"2022-09-15T13:29:46.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:47 honeypot-fra-1 sshd[18693]: Received disconnect from 192.174.125.154 port 50689:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:48.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:49 honeypot-fra-1 sshd[18697]: Received disconnect from 192.174.125.154 port 61985:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:50.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:51 honeypot-fra-1 sshd[18701]: Disconnected from invalid user admin 192.174.125.154 port 10273 [preauth]","@timestamp":"2022-09-15T13:29:52.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:53 honeypot-fra-1 sshd[18705]: Disconnected from invalid user user2 192.174.125.154 port 21441 [preauth]","@timestamp":"2022-09-15T13:29:54.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:56 honeypot-fra-1 sshd[18711]: Invalid user user from 192.174.125.154 port 38498","@timestamp":"2022-09-15T13:29:57.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:58 honeypot-fra-1 sshd[18715]: Received disconnect from 192.174.125.154 port 49633:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:59.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:00 honeypot-fra-1 sshd[18719]: Received disconnect from 192.174.125.154 port 60673:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:01.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:02 honeypot-fra-1 sshd[18723]: Disconnected from authenticating user root 192.174.125.154 port 9025 [preauth]","@timestamp":"2022-09-15T13:30:03.471Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:04 honeypot-fra-1 sshd[18727]: Disconnected from invalid user user 192.174.125.154 port 20289 [preauth]","@timestamp":"2022-09-15T13:30:05.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:07 honeypot-fra-1 sshd[18733]: Invalid user admin from 192.174.125.154 port 37569","@timestamp":"2022-09-15T13:30:07.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:09 honeypot-fra-1 sshd[18737]: Invalid user user2 from 192.174.125.154 port 48801","@timestamp":"2022-09-15T13:30:09.475Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:11 honeypot-fra-1 sshd[18741]: Received disconnect from 192.174.125.154 port 59905:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:11.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:13 honeypot-fra-1 sshd[18745]: Received disconnect from 192.174.125.154 port 7841:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:13.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:15 honeypot-fra-1 sshd[18749]: Disconnected from invalid user admin 192.174.125.154 port 18145 [preauth]","@timestamp":"2022-09-15T13:30:15.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:17 honeypot-fra-1 sshd[18753]: Disconnected from invalid user user2 192.174.125.154 port 29121 [preauth]","@timestamp":"2022-09-15T13:30:17.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:20 honeypot-fra-1 sshd[18759]: Invalid user user from 192.174.125.154 port 45857","@timestamp":"2022-09-15T13:30:20.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:22 honeypot-fra-1 sshd[18763]: Received disconnect from 192.174.125.154 port 57569:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:22.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:24 honeypot-fra-1 sshd[18767]: Received disconnect from 192.174.125.154 port 5569:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:24.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:26 honeypot-fra-1 sshd[18771]: Disconnected from authenticating user root 192.174.125.154 port 16642 [preauth]","@timestamp":"2022-09-15T13:30:26.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:28 honeypot-fra-1 sshd[18775]: Disconnected from invalid user user 192.174.125.154 port 27457 [preauth]","@timestamp":"2022-09-15T13:30:28.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:30 honeypot-fra-1 sshd[18781]: Invalid user admin from 192.174.125.154 port 44417","@timestamp":"2022-09-15T13:30:31.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:32 honeypot-fra-1 sshd[18785]: Invalid user user2 from 192.174.125.154 port 55265","@timestamp":"2022-09-15T13:30:33.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:35 honeypot-fra-1 sshd[18789]: Received disconnect from 192.174.125.154 port 3457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:35.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:37 honeypot-fra-1 sshd[18793]: Received disconnect from 192.174.125.154 port 14561:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:37.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:39 honeypot-fra-1 sshd[18797]: Disconnected from invalid user admin 192.174.125.154 port 25953 [preauth]","@timestamp":"2022-09-15T13:30:39.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:41 honeypot-fra-1 sshd[18801]: Disconnected from invalid user user2 192.174.125.154 port 37281 [preauth]","@timestamp":"2022-09-15T13:30:41.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:43 honeypot-fra-1 sshd[18807]: Invalid user user from 192.174.125.154 port 55425","@timestamp":"2022-09-15T13:30:44.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:46 honeypot-fra-1 sshd[18811]: Received disconnect from 192.174.125.154 port 3553:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:46.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:48 honeypot-fra-1 sshd[18815]: Received disconnect from 192.174.125.154 port 14753:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:48.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:50 honeypot-fra-1 sshd[18819]: Disconnected from authenticating user root 192.174.125.154 port 26177 [preauth]","@timestamp":"2022-09-15T13:30:50.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:51 honeypot-fra-1 sshd[18823]: Disconnected from invalid user user 192.174.125.154 port 37377 [preauth]","@timestamp":"2022-09-15T13:30:52.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:54 honeypot-fra-1 sshd[18829]: Invalid user admin from 192.174.125.154 port 53665","@timestamp":"2022-09-15T13:30:55.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:56 honeypot-fra-1 sshd[18833]: Invalid user user2 from 192.174.125.154 port 64481","@timestamp":"2022-09-15T13:30:57.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:58 honeypot-fra-1 sshd[18837]: Received disconnect from 192.174.125.154 port 12867:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:59.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:00 honeypot-fra-1 sshd[18841]: Received disconnect from 192.174.125.154 port 23457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:01.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:02 honeypot-fra-1 sshd[18845]: Disconnected from invalid user admin 192.174.125.154 port 34369 [preauth]","@timestamp":"2022-09-15T13:31:03.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:04 honeypot-fra-1 sshd[18849]: Disconnected from invalid user user2 192.174.125.154 port 45249 [preauth]","@timestamp":"2022-09-15T13:31:05.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:07 honeypot-fra-1 sshd[18856]: Invalid user user from 192.174.125.154 port 62018","@timestamp":"2022-09-15T13:31:07.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:09 honeypot-fra-1 sshd[18860]: Invalid user admin from 192.174.125.154 port 10081","@timestamp":"2022-09-15T13:31:09.518Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:32:17 honeypot-ams-1 kernel: [84125320.061471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.33.66.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9910 DF PROTO=TCP SPT=50686 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:32:18.158Z"}
{"@timestamp":"2022-09-15T13:32:39.119Z","@version":"1","message":"Sep 15 13:32:38 honeypot-sgp-1 sshd[21766]: Invalid user admin from 91.240.118.222 port 25023","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:34:39 honeypot-fra-1 kernel: [84123296.211311] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=37.21.72.232 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=51172 PROTO=TCP SPT=27092 DPT=443 WINDOW=56692 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:34:39.599Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:37:35 honeypot-fra-1 sshd[18870]: Invalid user white from 189.126.202.121 port 42050","@timestamp":"2022-09-15T13:37:35.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:04 honeypot-fra-1 sshd[18874]: Did not receive identification string from 45.61.184.204 port 36542","@timestamp":"2022-09-15T13:40:04.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:34 honeypot-fra-1 sshd[18879]: Invalid user user from 45.61.184.204 port 54098","@timestamp":"2022-09-15T13:40:34.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:50 honeypot-fra-1 sshd[18883]: Connection closed by authenticating user root 179.60.147.69 port 54268 [preauth]","@timestamp":"2022-09-15T13:40:50.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:02 honeypot-fra-1 sshd[18887]: Disconnected from invalid user user 45.61.184.204 port 60372 [preauth]","@timestamp":"2022-09-15T13:41:03.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:19 honeypot-fra-1 sshd[18891]: Disconnected from invalid user user 45.61.184.204 port 55142 [preauth]","@timestamp":"2022-09-15T13:41:20.764Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:42:34.367Z","@version":"1","message":"Sep 15 13:42:34 honeypot-sgp-1 kernel: [84125461.288348] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=58303 PROTO=TCP SPT=60817 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:48:29 honeypot-ams-1 kernel: [84126291.692622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.247.170.168 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=48438 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:48:29.595Z"}
{"@timestamp":"2022-09-15T13:51:12.580Z","@version":"1","message":"Sep 15 13:51:12 honeypot-sgp-1 kernel: [84125979.494549] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11565 PROTO=TCP SPT=41304 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:51:16 honeypot-fra-1 sshd[18896]: Received disconnect from 128.199.177.224 port 58390:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:51:16.994Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:54:45 honeypot-ams-1 sshd[28373]: Disconnected from authenticating user root 61.177.173.36 port 23559 [preauth]","@timestamp":"2022-09-15T13:54:45.757Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:57:35 honeypot-fra-1 sshd[18901]: Invalid user admin from 117.103.2.146 port 59534","@timestamp":"2022-09-15T13:57:36.139Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:44 honeypot-ams-1 sshd[28379]: Received disconnect from 198.98.61.9 port 57538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:00:44.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:01 honeypot-ams-1 sshd[28383]: Received disconnect from 198.98.61.9 port 52286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:01:02.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:16 honeypot-ams-1 sshd[28387]: Received disconnect from 198.98.61.9 port 47040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:01:17.939Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:01:21 honeypot-fra-1 sshd[18906]: Received disconnect from 92.255.85.70 port 39088:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:01:22.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:02:51 honeypot-ams-1 sshd[28391]: Disconnected from authenticating user root 61.177.173.50 port 36344 [preauth]","@timestamp":"2022-09-15T14:02:51.983Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:26 honeypot-ams-1 sshd[28399]: Invalid user user from 198.98.61.9 port 45180","@timestamp":"2022-09-15T14:10:26.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:45 honeypot-ams-1 sshd[28404]: Invalid user user from 198.98.61.9 port 40300","@timestamp":"2022-09-15T14:10:45.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:02 honeypot-ams-1 sshd[28408]: Invalid user user from 198.98.61.9 port 35406","@timestamp":"2022-09-15T14:11:02.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:18 honeypot-ams-1 sshd[28412]: Invalid user user from 198.98.61.9 port 58772","@timestamp":"2022-09-15T14:11:19.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:16 honeypot-ams-1 sshd[28418]: Connection closed by invalid user admin 112.160.69.124 port 58370 [preauth]","@timestamp":"2022-09-15T14:14:17.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:46 honeypot-ams-1 sshd[28424]: Invalid user admin from 216.52.136.77 port 32034","@timestamp":"2022-09-15T14:14:47.312Z"}
{"@timestamp":"2022-09-15T14:16:02.200Z","@version":"1","message":"Sep 15 14:16:01 honeypot-sgp-1 sshd[22223]: Invalid user blank from 179.60.147.69 port 57344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:17:01 honeypot-ams-1 CRON[28431]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T14:17:02.368Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:17:10 honeypot-fra-1 sshd[18912]: Connection closed by invalid user blank 179.60.147.69 port 15106 [preauth]","@timestamp":"2022-09-15T14:17:10.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:22:02 honeypot-ams-1 sshd[28439]: Invalid user admin from 118.70.170.120 port 36674","@timestamp":"2022-09-15T14:22:03.501Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:23:05 honeypot-fra-1 sshd[18917]: Connection closed by invalid user tomcat 193.106.191.157 port 59640 [preauth]","@timestamp":"2022-09-15T14:23:05.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:29:48 honeypot-ams-1 kernel: [84128770.851896] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.255.225.86 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=42755 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:29:49.701Z"}
{"@timestamp":"2022-09-15T14:30:45.563Z","@version":"1","message":"Sep 15 14:30:44 honeypot-sgp-1 sshd[22230]: Did not receive identification string from 45.61.186.249 port 59756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:20.580Z","@version":"1","message":"Sep 15 14:31:20 honeypot-sgp-1 sshd[22233]: Received disconnect from 45.61.186.249 port 57432:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:40.589Z","@version":"1","message":"Sep 15 14:31:39 honeypot-sgp-1 sshd[22237]: Received disconnect from 45.61.186.249 port 51940:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:58.599Z","@version":"1","message":"Sep 15 14:31:58 honeypot-sgp-1 sshd[22241]: Invalid user user from 45.61.186.249 port 46450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:32:06.604Z","@version":"1","message":"Sep 15 14:32:06 honeypot-sgp-1 sshd[22245]: Invalid user user from 45.61.186.249 port 57812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:32:08 honeypot-fra-1 kernel: [84126745.652806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=31992 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:32:08.946Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T14:37:06.728Z","@version":"1","message":"Sep 15 14:37:05 honeypot-sgp-1 kernel: [84128732.912941] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.231.222 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=64174 PROTO=TCP SPT=50649 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:39:25 honeypot-ams-1 sshd[28456]: Invalid user admin from 92.255.85.70 port 45660","@timestamp":"2022-09-15T14:39:25.963Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:42:36 honeypot-fra-1 sshd[18923]: Disconnected from invalid user lbitind 165.22.45.108 port 57608 [preauth]","@timestamp":"2022-09-15T14:42:37.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:44:06 honeypot-ams-1 sshd[28465]: Received disconnect from 159.223.179.50 port 47454:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:44:07.085Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:45:21 honeypot-fra-1 sshd[18927]: Received disconnect from 200.116.195.123 port 55320:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:45:22.243Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:47:29 honeypot-ams-1 sshd[28471]: Connection closed by invalid user yanhao 103.188.176.251 port 33540 [preauth]","@timestamp":"2022-09-15T14:47:30.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:50:38 honeypot-ams-1 sshd[28478]: Received disconnect from 138.68.27.174 port 57780:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:50:39.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:50:40 honeypot-fra-1 kernel: [84127857.294017] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.2.240.220 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=119 ID=32735 DF PROTO=TCP SPT=63229 DPT=80 WINDOW=62720 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T14:50:41.362Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:51:53 honeypot-fra-1 sshd[18939]: Disconnected from invalid user admin 91.240.118.222 port 39167 [preauth]","@timestamp":"2022-09-15T14:51:54.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:53:29 honeypot-fra-1 sshd[18941]: Connection closed by invalid user test 179.60.147.69 port 29270 [preauth]","@timestamp":"2022-09-15T14:53:29.437Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:53:54.140Z","@version":"1","message":"Sep 15 14:53:53 honeypot-sgp-1 sshd[22257]: Disconnected from authenticating user root 167.71.59.102 port 45544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:54:53 honeypot-ams-1 sshd[28482]: Disconnected from authenticating user root 61.177.173.35 port 11860 [preauth]","@timestamp":"2022-09-15T14:54:54.368Z"}
{"@timestamp":"2022-09-15T14:56:40.211Z","@version":"1","message":"Sep 15 14:56:40 honeypot-sgp-1 sshd[22263]: Received disconnect from 92.255.85.69 port 62008:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18952]: Invalid user testuser from 137.184.77.246 port 54518","@timestamp":"2022-09-15T15:01:22.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18960]: Invalid user user from 137.184.77.246 port 54538","@timestamp":"2022-09-15T15:01:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18971]: Invalid user www from 137.184.77.246 port 54532","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18958]: Invalid user pi from 137.184.77.246 port 54562","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18955]: Connection closed by authenticating user root 137.184.77.246 port 54536 [preauth]","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18963]: Connection closed by invalid user devops 137.184.77.246 port 54550 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18970]: Connection closed by authenticating user root 137.184.77.246 port 54530 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18965]: Connection closed by invalid user esuser 137.184.77.246 port 54580 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18993]: Connection closed by authenticating user root 137.184.77.246 port 54540 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:03:04 honeypot-ams-1 sshd[28494]: Received disconnect from 61.177.173.37 port 48111:11:  [preauth]","@timestamp":"2022-09-15T15:03:04.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:04:11 honeypot-fra-1 kernel: [84128668.034290] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:04:11.684Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:06:02 honeypot-ams-1 sshd[28498]: Invalid user admin from 211.75.30.180 port 50384","@timestamp":"2022-09-15T15:06:02.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:10:09 honeypot-fra-1 sshd[19015]: Invalid user carlos from 92.255.85.70 port 61458","@timestamp":"2022-09-15T15:10:09.819Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:12:44 honeypot-ams-1 kernel: [84131346.904656] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.245.80.71 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49132 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:12:44.845Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:16:15 honeypot-fra-1 kernel: [84129391.927338] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.202.145.175 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=51230 DF PROTO=TCP SPT=19100 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:16:15.956Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T15:17:01.701Z","@version":"1","message":"Sep 15 15:17:01 honeypot-sgp-1 CRON[22271]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:17:16 honeypot-ams-1 sshd[28509]: Disconnected from authenticating user root 61.177.173.50 port 60518 [preauth]","@timestamp":"2022-09-15T15:17:16.962Z"}
{"@timestamp":"2022-09-15T15:19:59.774Z","@version":"1","message":"Sep 15 15:19:59 honeypot-sgp-1 kernel: [84131306.282541] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55902 PROTO=TCP SPT=55076 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:26:05 honeypot-ams-1 kernel: [84132148.067255] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47274 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:26:06.190Z"}
{"@timestamp":"2022-09-15T15:30:47.038Z","@version":"1","message":"Sep 15 15:30:46 honeypot-sgp-1 sshd[22283]: Received disconnect from 179.43.156.143 port 47072:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:31:20 honeypot-ams-1 sshd[28525]: Disconnected from authenticating user root 61.177.173.39 port 49724 [preauth]","@timestamp":"2022-09-15T15:31:21.324Z"}
{"@timestamp":"2022-09-15T15:31:53.067Z","@version":"1","message":"Sep 15 15:31:52 honeypot-sgp-1 sshd[22289]: Disconnected from authenticating user root 179.43.156.143 port 40336 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:33:27.109Z","@version":"1","message":"Sep 15 15:33:26 honeypot-sgp-1 sshd[22296]: Received disconnect from 179.43.156.143 port 58362:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:33:36 honeypot-fra-1 sshd[19025]: Did not receive identification string from 45.61.186.169 port 48656","@timestamp":"2022-09-15T15:33:36.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:11 honeypot-fra-1 sshd[19028]: Disconnected from invalid user user 45.61.186.169 port 40172 [preauth]","@timestamp":"2022-09-15T15:34:11.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:27 honeypot-fra-1 sshd[19032]: Disconnected from invalid user user 45.61.186.169 port 34394 [preauth]","@timestamp":"2022-09-15T15:34:28.368Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:34:31.137Z","@version":"1","message":"Sep 15 15:34:30 honeypot-sgp-1 sshd[22301]: Received disconnect from 179.43.156.143 port 51562:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:35 honeypot-fra-1 sshd[19036]: Disconnected from invalid user user 45.61.186.169 port 45634 [preauth]","@timestamp":"2022-09-15T15:34:36.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:51 honeypot-fra-1 sshd[19040]: Disconnected from invalid user user 45.61.186.169 port 39872 [preauth]","@timestamp":"2022-09-15T15:34:51.380Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:35:11 honeypot-ams-1 sshd[28532]: Disconnected from authenticating user root 165.227.202.89 port 56080 [preauth]","@timestamp":"2022-09-15T15:35:12.427Z"}
{"@timestamp":"2022-09-15T15:36:09.181Z","@version":"1","message":"Sep 15 15:36:08 honeypot-sgp-1 sshd[22307]: Received disconnect from 179.43.156.143 port 41414:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:37:44.223Z","@version":"1","message":"Sep 15 15:37:43 honeypot-sgp-1 sshd[22314]: Received disconnect from 92.255.85.70 port 32604:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:39:46 honeypot-fra-1 sshd[19045]: Disconnected from invalid user postgres 197.248.2.229 port 51285 [preauth]","@timestamp":"2022-09-15T15:39:46.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:40:48 honeypot-ams-1 kernel: [84133030.345321] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:40:48.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:45:22 honeypot-fra-1 sshd[19054]: Received disconnect from 14.99.176.210 port 30646:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:45:23.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:46:13 honeypot-ams-1 kernel: [84133355.265042] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46658 PROTO=TCP SPT=42350 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:46:13.707Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:47:00 honeypot-fra-1 sshd[19058]: Did not receive identification string from 101.42.249.241 port 32934","@timestamp":"2022-09-15T15:47:00.661Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:47:26.464Z","@version":"1","message":"Sep 15 15:47:26 honeypot-sgp-1 kernel: [84132953.068247] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.175.70.147 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=20507 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:50:56 honeypot-ams-1 sshd[28548]: Disconnected from invalid user Administrator 106.53.153.69 port 34556 [preauth]","@timestamp":"2022-09-15T15:50:56.830Z"}
{"@timestamp":"2022-09-15T15:52:31.589Z","@version":"1","message":"Sep 15 15:52:30 honeypot-sgp-1 sshd[22322]: Received disconnect from 103.226.249.239 port 59430:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:54:45 honeypot-ams-1 sshd[28562]: Invalid user pi from 96.48.254.68 port 60058","@timestamp":"2022-09-15T15:54:45.932Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:00:34 honeypot-fra-1 kernel: [84132051.311919] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.57.122.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=56042 PROTO=TCP SPT=55997 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:00:34.969Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:03:39.862Z","@version":"1","message":"Sep 15 16:03:39 honeypot-sgp-1 sshd[22328]: Received disconnect from 103.54.85.180 port 48558:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T16:07:47.964Z","@version":"1","message":"Sep 15 16:07:47 honeypot-sgp-1 sshd[22330]: Disconnected from invalid user chiba 128.199.19.74 port 55270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:08:49 honeypot-fra-1 kernel: [84132545.788928] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.57.122.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=25026 PROTO=TCP SPT=55997 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:08:50.156Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:09:51 honeypot-ams-1 kernel: [84134773.159479] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=34281 PROTO=TCP SPT=37401 DPT=80 WINDOW=21984 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:09:51.326Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:15:11 honeypot-fra-1 sshd[19088]: Received disconnect from 61.177.173.46 port 60868:11:  [preauth]","@timestamp":"2022-09-15T16:15:11.302Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:15:44 honeypot-ams-1 sshd[28576]: Invalid user 02 from 92.255.85.69 port 48588","@timestamp":"2022-09-15T16:15:44.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:17:49 honeypot-ams-1 sshd[28581]: Disconnected from authenticating user root 188.254.0.160 port 37102 [preauth]","@timestamp":"2022-09-15T16:17:49.562Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:18:54 honeypot-fra-1 kernel: [84133151.586580] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.33 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=64137 PROTO=TCP SPT=51047 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:18:55.388Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:19:22.272Z","@version":"1","message":"Sep 15 16:19:22 honeypot-sgp-1 sshd[22341]: Received disconnect from 61.177.173.36 port 27410:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:22:10 honeypot-fra-1 kernel: [84133347.049890] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=57 ID=60246 DF PROTO=TCP SPT=59510 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:22:10.486Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:22:51.356Z","@version":"1","message":"Sep 15 16:22:50 honeypot-sgp-1 sshd[22346]: Disconnected from invalid user ubnt 134.17.17.35 port 15979 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:23:17 honeypot-fra-1 sshd[19103]: Disconnected from authenticating user root 61.177.173.49 port 26482 [preauth]","@timestamp":"2022-09-15T16:23:17.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:24:25 honeypot-fra-1 sshd[19107]: Disconnected from invalid user araujo 114.4.110.242 port 41654 [preauth]","@timestamp":"2022-09-15T16:24:26.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:27:33.470Z","@version":"1","message":"Sep 15 16:27:33 honeypot-sgp-1 sshd[22350]: Disconnected from invalid user ubnt 92.255.85.69 port 29744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:28:03 honeypot-fra-1 sshd[19112]: Disconnected from invalid user lc 165.22.45.108 port 39482 [preauth]","@timestamp":"2022-09-15T16:28:04.626Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:29:26 honeypot-ams-1 kernel: [84135948.156577] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.208.16 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=37066 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:29:26.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:36:06 honeypot-fra-1 sshd[19123]: Received disconnect from 217.160.53.52 port 50372:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:36:06.823Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:38:33 honeypot-ams-1 kernel: [84136495.479050] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.97.18.168 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=59925 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:38:34.101Z"}
{"@timestamp":"2022-09-15T16:38:37.738Z","@version":"1","message":"Sep 15 16:38:37 honeypot-sgp-1 sshd[22360]: Disconnected from authenticating user root 61.177.173.51 port 32807 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:42:41 honeypot-ams-1 sshd[28594]: Received disconnect from 91.240.118.222 port 33254:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-15T16:42:42.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:45:45 honeypot-fra-1 kernel: [84134762.435552] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.255.233.123 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=62030 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:45:46.041Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:40 honeypot-fra-1 sshd[19137]: Received disconnect from 92.255.85.69 port 16948:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:46:41.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:49 honeypot-fra-1 sshd[19141]: Disconnected from invalid user user 45.61.186.169 port 55294 [preauth]","@timestamp":"2022-09-15T16:46:50.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:08 honeypot-fra-1 sshd[19145]: Disconnected from invalid user user 45.61.186.169 port 49908 [preauth]","@timestamp":"2022-09-15T16:47:09.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:25 honeypot-fra-1 sshd[19150]: Received disconnect from 45.61.186.169 port 44514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:47:26.087Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:48:12.971Z","@version":"1","message":"Sep 15 16:48:12 honeypot-sgp-1 sshd[22366]: Connection closed by invalid user user 179.60.147.69 port 28130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:49:11 honeypot-fra-1 sshd[19157]: Disconnected from authenticating user root 61.177.172.98 port 39075 [preauth]","@timestamp":"2022-09-15T16:49:12.129Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:51:53 honeypot-ams-1 kernel: [84137295.871925] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.42.199.109 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=39083 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:51:54.464Z"}
{"@timestamp":"2022-09-15T16:52:40.083Z","@version":"1","message":"Sep 15 16:52:39 honeypot-sgp-1 sshd[22374]: Disconnected from authenticating user root 61.177.172.90 port 56924 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:53:38 honeypot-fra-1 sshd[19164]: Disconnected from authenticating user root 61.177.173.36 port 35418 [preauth]","@timestamp":"2022-09-15T16:53:39.230Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:38 honeypot-ams-1 sshd[28603]: Received disconnect from 45.61.186.169 port 55382:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:54:39.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:56 honeypot-ams-1 sshd[28607]: Received disconnect from 45.61.186.169 port 50342:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:54:57.546Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:05 honeypot-ams-1 sshd[28611]: Received disconnect from 45.61.186.169 port 33684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:55:06.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:22 honeypot-ams-1 sshd[28615]: Received disconnect from 45.61.186.169 port 56874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:55:23.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:37 honeypot-ams-1 sshd[28618]: Disconnected from invalid user correoweb 200.60.92.170 port 34940 [preauth]","@timestamp":"2022-09-15T16:59:38.670Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:59:45 honeypot-fra-1 kernel: [84135601.880479] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46340 PROTO=TCP SPT=42350 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:59:46.371Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:58 honeypot-ams-1 sshd[28622]: Disconnected from invalid user git 92.255.85.69 port 49288 [preauth]","@timestamp":"2022-09-15T16:59:59.680Z"}
{"@timestamp":"2022-09-15T17:00:11.267Z","@version":"1","message":"Sep 15 17:00:10 honeypot-sgp-1 sshd[22382]: Received disconnect from 206.81.15.128 port 48930:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:01:05 honeypot-fra-1 sshd[19176]: Disconnected from authenticating user root 179.43.156.143 port 33558 [preauth]","@timestamp":"2022-09-15T17:01:06.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:02:14 honeypot-fra-1 sshd[19182]: Disconnected from authenticating user root 61.177.173.53 port 54713 [preauth]","@timestamp":"2022-09-15T17:02:14.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:03:17 honeypot-fra-1 sshd[19186]: Invalid user ossuser from 179.43.156.143 port 47256","@timestamp":"2022-09-15T17:03:18.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:04:25 honeypot-fra-1 sshd[19191]: Received disconnect from 179.43.156.143 port 39976:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:04:26.490Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:05:33 honeypot-ams-1 kernel: [84138115.637541] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.130.55 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56689 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:05:33.824Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:05:37 honeypot-fra-1 sshd[19195]: Disconnected from authenticating user root 179.43.156.143 port 60958 [preauth]","@timestamp":"2022-09-15T17:05:37.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:06:13 honeypot-fra-1 sshd[19201]: Disconnected from authenticating user root 179.43.156.143 port 57330 [preauth]","@timestamp":"2022-09-15T17:06:13.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:07:24 honeypot-fra-1 sshd[19207]: Received disconnect from 179.43.156.143 port 50076:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:07:25.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:08:12 honeypot-fra-1 sshd[19211]: Received disconnect from 92.255.85.69 port 47742:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:08:12.608Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:09:02.482Z","@version":"1","message":"Sep 15 17:09:01 honeypot-sgp-1 CRON[22387]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:11:13 honeypot-fra-1 sshd[19217]: Received disconnect from 223.255.187.154 port 26038:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:11:14.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:14:23 honeypot-fra-1 sshd[19223]: Invalid user user1 from 103.211.217.103 port 40004","@timestamp":"2022-09-15T17:14:23.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:14:42.620Z","@version":"1","message":"Sep 15 17:14:41 honeypot-sgp-1 sshd[22395]: Invalid user apache from 143.110.179.172 port 60556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:16:59 honeypot-ams-1 sshd[28634]: Connection closed by authenticating user root 137.116.144.39 port 54644 [preauth]","@timestamp":"2022-09-15T17:16:59.118Z"}
{"@timestamp":"2022-09-15T17:17:01.677Z","@version":"1","message":"Sep 15 17:17:01 honeypot-sgp-1 CRON[22400]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:19:00 honeypot-ams-1 sshd[28641]: Invalid user node02 from 103.188.176.251 port 57950","@timestamp":"2022-09-15T17:19:00.173Z"}
{"@timestamp":"2022-09-15T17:20:17.759Z","@version":"1","message":"Sep 15 17:20:17 honeypot-sgp-1 sshd[22405]: Disconnected from invalid user user 45.61.186.169 port 41396 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:36.770Z","@version":"1","message":"Sep 15 17:20:36 honeypot-sgp-1 sshd[22411]: Invalid user user from 45.61.186.169 port 36112","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:20:49 honeypot-fra-1 sshd[19231]: Invalid user lc from 165.22.45.108 port 44538","@timestamp":"2022-09-15T17:20:50.890Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:20:53.779Z","@version":"1","message":"Sep 15 17:20:53 honeypot-sgp-1 sshd[22415]: Invalid user user from 45.61.186.169 port 59024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:21:09.787Z","@version":"1","message":"Sep 15 17:21:09 honeypot-sgp-1 sshd[22419]: Invalid user user from 45.61.186.169 port 53716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:22:34 honeypot-ams-1 sshd[28648]: Received disconnect from 94.200.206.6 port 51282:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:22:34.270Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:23:27 honeypot-ams-1 sshd[28653]: Received disconnect from 147.182.251.31 port 37490:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:23:28.295Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:23:36 honeypot-fra-1 sshd[19238]: Received disconnect from 212.109.207.62 port 39930:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:23:36.956Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:25:17 honeypot-ams-1 sshd[28655]: Received disconnect from 178.128.88.244 port 40944:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:25:18.344Z"}
{"@timestamp":"2022-09-15T17:25:33.895Z","@version":"1","message":"Sep 15 17:25:33 honeypot-sgp-1 sshd[22425]: Disconnected from authenticating user root 61.177.173.50 port 36159 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:26:57 honeypot-fra-1 sshd[19245]: Invalid user charlott from 197.45.35.19 port 55350","@timestamp":"2022-09-15T17:26:58.034Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:28:06 honeypot-ams-1 sshd[28662]: Invalid user postgres from 154.211.12.170 port 56708","@timestamp":"2022-09-15T17:28:07.418Z"}
{"@timestamp":"2022-09-15T17:30:30.016Z","@version":"1","message":"Sep 15 17:30:29 honeypot-sgp-1 kernel: [84139136.301508] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=29511 PROTO=TCP SPT=43002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:30:38 honeypot-ams-1 kernel: [84139621.027757] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=58065 PROTO=TCP SPT=43002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:30:39.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:30:47 honeypot-fra-1 sshd[19249]: Invalid user kevin from 92.255.85.69 port 32004","@timestamp":"2022-09-15T17:30:48.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:33:52 honeypot-fra-1 sshd[19254]: Disconnected from authenticating user root 61.177.173.49 port 21329 [preauth]","@timestamp":"2022-09-15T17:33:52.193Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:36:04.152Z","@version":"1","message":"Sep 15 17:36:03 honeypot-sgp-1 kernel: [84139470.510186] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=16260 PROTO=TCP SPT=43359 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:39:47 honeypot-ams-1 kernel: [84140169.178688] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51631 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:39:47.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:40:40 honeypot-fra-1 sshd[19263]: Did not receive identification string from 222.87.110.49 port 19901","@timestamp":"2022-09-15T17:40:41.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:42:53 honeypot-fra-1 sshd[19284]: Disconnected from authenticating user root 106.51.3.154 port 18865 [preauth]","@timestamp":"2022-09-15T17:42:53.422Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:45:37.381Z","@version":"1","message":"Sep 15 17:45:37 honeypot-sgp-1 sshd[22446]: Connection closed by invalid user user 103.188.176.251 port 47812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:46:16 honeypot-ams-1 sshd[28676]: Received disconnect from 159.223.164.107 port 36098:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:46:17.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:48:28 honeypot-ams-1 sshd[28681]: Received disconnect from 201.17.133.138 port 59150:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:48:28.944Z"}
{"@timestamp":"2022-09-15T17:51:59.532Z","@version":"1","message":"Sep 15 17:51:59 honeypot-sgp-1 sshd[22453]: Disconnected from authenticating user root 61.177.173.35 port 38275 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:52:29 honeypot-fra-1 sshd[19292]: Invalid user fg from 123.30.212.86 port 48426","@timestamp":"2022-09-15T17:52:29.641Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:54:13 honeypot-fra-1 sshd[19296]: Received disconnect from 92.255.85.70 port 62374:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:54:14.684Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:57:49 honeypot-ams-1 sshd[28687]: Did not receive identification string from 198.98.61.9 port 33812","@timestamp":"2022-09-15T17:57:50.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:29 honeypot-ams-1 sshd[28690]: Disconnected from invalid user user 198.98.61.9 port 57584 [preauth]","@timestamp":"2022-09-15T17:58:30.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:46 honeypot-ams-1 sshd[28694]: Disconnected from invalid user user 198.98.61.9 port 52382 [preauth]","@timestamp":"2022-09-15T17:58:47.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:59:04 honeypot-ams-1 sshd[28698]: Disconnected from invalid user user 198.98.61.9 port 47186 [preauth]","@timestamp":"2022-09-15T17:59:05.220Z"}
{"@timestamp":"2022-09-15T17:59:48.720Z","@version":"1","message":"Sep 15 17:59:48 honeypot-sgp-1 sshd[22461]: Received disconnect from 45.61.186.49 port 58562:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:59:58.725Z","@version":"1","message":"Sep 15 17:59:58 honeypot-sgp-1 sshd[22465]: Received disconnect from 45.61.186.49 port 41810:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:00:14.733Z","@version":"1","message":"Sep 15 18:00:14 honeypot-sgp-1 kernel: [84140921.534346] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=168.63.40.51 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=20539 DF PROTO=TCP SPT=58074 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:01:46.774Z","@version":"1","message":"Sep 15 18:01:46 honeypot-sgp-1 sshd[22471]: Disconnected from authenticating user root 61.177.172.108 port 62419 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:02:06 honeypot-fra-1 sshd[19304]: Invalid user guinness from 197.155.234.157 port 39342","@timestamp":"2022-09-15T18:02:06.863Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:03:34 honeypot-fra-1 kernel: [84139430.973048] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=8391 PROTO=TCP SPT=44803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:03:34.899Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T18:03:50.826Z","@version":"1","message":"Sep 15 18:03:50 honeypot-sgp-1 sshd[22475]: Disconnected from invalid user operator 92.255.85.70 port 46178 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:04:15 honeypot-ams-1 kernel: [84141637.288798] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=8762 PROTO=TCP SPT=44803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:04:15.354Z"}
{"@timestamp":"2022-09-15T18:07:19.911Z","@version":"1","message":"Sep 15 18:07:19 honeypot-sgp-1 kernel: [84141346.618812] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44140 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:12:06 honeypot-ams-1 sshd[28707]: Disconnected from invalid user operator 92.255.85.69 port 30300 [preauth]","@timestamp":"2022-09-15T18:12:07.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:13:53 honeypot-fra-1 sshd[19315]: Invalid user lchen from 165.22.45.108 port 49598","@timestamp":"2022-09-15T18:13:54.136Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:15:55.117Z","@version":"1","message":"Sep 15 18:15:54 honeypot-sgp-1 sshd[22489]: Received disconnect from 61.177.173.37 port 48520:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:16:15 honeypot-fra-1 sshd[19321]: Disconnected from authenticating user root 61.177.173.39 port 29593 [preauth]","@timestamp":"2022-09-15T18:16:16.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:18:35 honeypot-fra-1 kernel: [84140331.763322] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=60734 PROTO=TCP SPT=45518 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:18:36.249Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:19:57 honeypot-fra-1 sshd[19331]: Connection closed by invalid user admin 141.98.10.158 port 34980 [preauth]","@timestamp":"2022-09-15T18:19:57.282Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:19:57.216Z","@version":"1","message":"Sep 15 18:19:56 honeypot-sgp-1 kernel: [84142103.892545] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.100.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=53694 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:25:19 honeypot-ams-1 kernel: [84142901.268735] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.229.109.109 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=36483 PROTO=TCP SPT=18570 DPT=443 WINDOW=32442 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:25:19.892Z"}
{"@timestamp":"2022-09-15T18:25:35.352Z","@version":"1","message":"Sep 15 18:25:35 honeypot-sgp-1 sshd[22498]: Disconnected from invalid user admin 92.255.85.70 port 57466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:26:31 honeypot-fra-1 sshd[19338]: Disconnected from 206.81.0.243 port 34804 [preauth]","@timestamp":"2022-09-15T18:26:32.433Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:30:28.490Z","@version":"1","message":"Sep 15 18:30:27 honeypot-sgp-1 sshd[22507]: Received disconnect from 34.69.148.77 port 56752:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:31:39.521Z","@version":"1","message":"Sep 15 18:31:38 honeypot-sgp-1 sshd[22512]: Invalid user user from 198.98.61.9 port 33248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:02.533Z","@version":"1","message":"Sep 15 18:32:02 honeypot-sgp-1 sshd[22516]: Invalid user user from 198.98.61.9 port 56374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:23.543Z","@version":"1","message":"Sep 15 18:32:23 honeypot-sgp-1 sshd[22520]: Invalid user user from 198.98.61.9 port 51228","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:32:41 honeypot-ams-1 sshd[28717]: Received disconnect from 95.182.122.92 port 58634:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:32:41.080Z"}
{"@timestamp":"2022-09-15T18:35:11.610Z","@version":"1","message":"Sep 15 18:35:11 honeypot-sgp-1 kernel: [84143018.233984] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=21848 PROTO=TCP SPT=41711 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:36:25 honeypot-ams-1 sshd[28722]: Disconnected from invalid user admin 92.255.85.69 port 34306 [preauth]","@timestamp":"2022-09-15T18:36:26.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:38:14 honeypot-fra-1 sshd[19348]: Invalid user default from 179.60.147.69 port 64662","@timestamp":"2022-09-15T18:38:14.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:24 honeypot-fra-1 sshd[19356]: Invalid user user from 198.98.61.9 port 41290","@timestamp":"2022-09-15T18:42:24.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:33 honeypot-fra-1 sshd[19360]: Invalid user user from 198.98.61.9 port 52808","@timestamp":"2022-09-15T18:42:33.799Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:42:36 honeypot-ams-1 sshd[28728]: Disconnected from invalid user yo 192.3.134.93 port 36248 [preauth]","@timestamp":"2022-09-15T18:42:37.342Z"}
{"@timestamp":"2022-09-15T18:42:48.795Z","@version":"1","message":"Sep 15 18:42:48 honeypot-sgp-1 sshd[22530]: Received disconnect from 61.177.173.49 port 35485:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:49 honeypot-fra-1 sshd[19364]: Invalid user admin from 92.255.85.69 port 27498","@timestamp":"2022-09-15T18:42:49.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:58 honeypot-fra-1 sshd[19368]: Invalid user user from 198.98.61.9 port 59128","@timestamp":"2022-09-15T18:42:58.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:06 honeypot-fra-1 sshd[19372]: Received disconnect from 198.98.61.9 port 42412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T18:43:06.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:44:49 honeypot-fra-1 sshd[19379]: Invalid user deploy from 165.22.3.41 port 55120","@timestamp":"2022-09-15T18:44:49.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:47:26 honeypot-fra-1 sshd[19383]: Received disconnect from 43.254.240.202 port 36415:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:47:26.935Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:47:48 honeypot-ams-1 sshd[28733]: Connection closed by invalid user pi 121.178.241.243 port 46700 [preauth]","@timestamp":"2022-09-15T18:47:49.474Z"}
{"@timestamp":"2022-09-15T18:49:28.957Z","@version":"1","message":"Sep 15 18:49:28 honeypot-sgp-1 kernel: [84143874.943962] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.12.89.184 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=3358 PROTO=TCP SPT=47433 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:54:08 honeypot-fra-1 sshd[19391]: Received disconnect from 150.107.149.31 port 14724:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:54:09.089Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:56:20.120Z","@version":"1","message":"Sep 15 18:56:19 honeypot-sgp-1 kernel: [84144286.794723] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=17475 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:59:28 honeypot-fra-1 sshd[19398]: Disconnected from authenticating user root 61.177.173.46 port 58940 [preauth]","@timestamp":"2022-09-15T18:59:29.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:00:33 honeypot-fra-1 sshd[19404]: Disconnected from authenticating user root 66.98.45.242 port 50326 [preauth]","@timestamp":"2022-09-15T19:00:33.236Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:00:42.259Z","@version":"1","message":"Sep 15 19:00:42 honeypot-sgp-1 sshd[22545]: Received disconnect from 79.9.37.49 port 57456:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:02:06.294Z","@version":"1","message":"Sep 15 19:02:05 honeypot-sgp-1 sshd[22552]: Disconnected from authenticating user root 61.177.173.47 port 41156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:02:30 honeypot-ams-1 kernel: [84145132.612140] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=19129 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:02:30.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:06:11 honeypot-fra-1 sshd[19421]: Received disconnect from 180.180.123.207 port 60698:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:06:12.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:07:17 honeypot-fra-1 sshd[19427]: Disconnected from authenticating user root 92.255.85.70 port 20594 [preauth]","@timestamp":"2022-09-15T19:07:17.391Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:08:54 honeypot-ams-1 sshd[28758]: Disconnected from authenticating user root 103.147.5.1 port 41162 [preauth]","@timestamp":"2022-09-15T19:08:55.039Z"}
{"@timestamp":"2022-09-15T19:11:21.513Z","@version":"1","message":"Sep 15 19:11:21 honeypot-sgp-1 sshd[22561]: Received disconnect from 92.255.85.69 port 51048:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:12:22.541Z","@version":"1","message":"Sep 15 19:12:21 honeypot-sgp-1 sshd[22568]: Received disconnect from 193.142.146.50 port 58240:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:13:52.579Z","@version":"1","message":"Sep 15 19:13:51 honeypot-sgp-1 sshd[22572]: Received disconnect from 193.142.146.50 port 49390:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:14:31.597Z","@version":"1","message":"Sep 15 19:14:31 honeypot-sgp-1 kernel: [84145377.940468] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.146.67 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=43843 PROTO=TCP SPT=45891 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:11 honeypot-fra-1 sshd[19438]: Did not receive identification string from 198.98.61.9 port 37806","@timestamp":"2022-09-15T19:15:11.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:51 honeypot-fra-1 sshd[19444]: Invalid user user from 198.98.61.9 port 34860","@timestamp":"2022-09-15T19:15:52.594Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:16:03.636Z","@version":"1","message":"Sep 15 19:16:03 honeypot-sgp-1 sshd[22583]: Disconnected from authenticating user root 193.142.146.50 port 59926 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:18 honeypot-fra-1 sshd[19448]: Invalid user user from 198.98.61.9 port 58680","@timestamp":"2022-09-15T19:16:19.607Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:36 honeypot-fra-1 sshd[19452]: Invalid user user from 198.98.61.9 port 54276","@timestamp":"2022-09-15T19:16:36.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:17:01 honeypot-fra-1 CRON[19456]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T19:17:01.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:17:03 honeypot-ams-1 kernel: [84146005.160199] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.94.6.47 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=47387 PROTO=TCP SPT=55488 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:17:03.249Z"}
{"@timestamp":"2022-09-15T19:17:55.682Z","@version":"1","message":"Sep 15 19:17:54 honeypot-sgp-1 kernel: [84145581.619631] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.140.230 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=19048 DF PROTO=TCP SPT=52691 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:21:23.782Z","@version":"1","message":"Sep 15 19:21:23 honeypot-sgp-1 sshd[22595]: Disconnected from authenticating user root 61.177.173.53 port 13323 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:21:52 honeypot-fra-1 sshd[19462]: Disconnected from authenticating user root 61.177.173.51 port 59099 [preauth]","@timestamp":"2022-09-15T19:21:52.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:22:31 honeypot-ams-1 sshd[28770]: Disconnected from authenticating user root 92.255.85.70 port 41492 [preauth]","@timestamp":"2022-09-15T19:22:32.415Z"}
{"@timestamp":"2022-09-15T19:25:34.882Z","@version":"1","message":"Sep 15 19:25:34 honeypot-sgp-1 kernel: [84146041.448509] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.99.150 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=27891 DF PROTO=TCP SPT=62033 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:34:05.096Z","@version":"1","message":"Sep 15 19:34:04 honeypot-sgp-1 sshd[22608]: Disconnected from invalid user zeus 157.245.13.253 port 59914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:36:28 honeypot-fra-1 kernel: [84145004.913758] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.99.150 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=5257 DF PROTO=TCP SPT=57106 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T19:36:29.086Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:39:37 honeypot-fra-1 kernel: [84145193.208104] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=4535 PROTO=TCP SPT=50652 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:39:37.160Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T19:40:04.235Z","@version":"1","message":"Sep 15 19:40:03 honeypot-sgp-1 kernel: [84146910.344806] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24513 PROTO=TCP SPT=18742 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:42:52.301Z","@version":"1","message":"Sep 15 19:42:51 honeypot-sgp-1 kernel: [84147078.612888] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=55241 PROTO=TCP SPT=50652 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:44:52 honeypot-ams-1 sshd[28776]: Disconnected from invalid user manager 92.255.85.69 port 48034 [preauth]","@timestamp":"2022-09-15T19:44:52.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:49:04 honeypot-fra-1 sshd[19491]: Received disconnect from 61.177.173.36 port 31188:11:  [preauth]","@timestamp":"2022-09-15T19:49:05.371Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:50:50.485Z","@version":"1","message":"Sep 15 19:50:50 honeypot-sgp-1 sshd[22632]: Invalid user igor from 89.109.36.61 port 36558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:53:20 honeypot-fra-1 sshd[19499]: Disconnected from invalid user manager 92.255.85.69 port 32324 [preauth]","@timestamp":"2022-09-15T19:53:21.467Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:54:00.561Z","@version":"1","message":"Sep 15 19:53:59 honeypot-sgp-1 sshd[22639]: Invalid user test from 179.60.147.69 port 21340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:54:34 honeypot-ams-1 kernel: [84148256.952576] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=12973 PROTO=TCP SPT=53129 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:54:35.232Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:56:47 honeypot-ams-1 sshd[28786]: Received disconnect from 103.99.203.103 port 59414:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:56:47.291Z"}
{"@timestamp":"2022-09-15T19:56:48.628Z","@version":"1","message":"Sep 15 19:56:47 honeypot-sgp-1 sshd[22643]: Invalid user minecraft from 2.139.220.58 port 32926","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:57:42 honeypot-ams-1 sshd[28790]: Connection closed by invalid user test 179.60.147.69 port 11770 [preauth]","@timestamp":"2022-09-15T19:57:42.317Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:59:40 honeypot-fra-1 sshd[19504]: Disconnected from invalid user lc 165.22.45.108 port 59720 [preauth]","@timestamp":"2022-09-15T19:59:40.608Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:00:00.722Z","@version":"1","message":"Sep 15 19:59:59 honeypot-sgp-1 sshd[22648]: Invalid user master from 92.255.85.69 port 45884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:01:15 honeypot-fra-1 kernel: [84146491.260899] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.145.88 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=17880 PROTO=TCP SPT=54906 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:01:15.648Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T20:02:29.784Z","@version":"1","message":"Sep 15 20:02:29 honeypot-sgp-1 sshd[22652]: Invalid user admin from 185.246.130.20 port 10815","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:02:53.796Z","@version":"1","message":"Sep 15 20:02:52 honeypot-sgp-1 sshd[22659]: Invalid user admin from 185.246.130.20 port 24904","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:20.809Z","@version":"1","message":"Sep 15 20:03:19 honeypot-sgp-1 sshd[22664]: Disconnecting invalid user admin 185.246.130.20 port 8752: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:50.824Z","@version":"1","message":"Sep 15 20:03:50 honeypot-sgp-1 sshd[22670]: Disconnecting invalid user manager 185.246.130.20 port 5377: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:23.841Z","@version":"1","message":"Sep 15 20:04:23 honeypot-sgp-1 sshd[22678]: Invalid user Admin from 185.246.130.20 port 13251","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:51.853Z","@version":"1","message":"Sep 15 20:04:51 honeypot-sgp-1 sshd[22685]: Invalid user user from 185.246.130.20 port 23364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:25.870Z","@version":"1","message":"Sep 15 20:05:25 honeypot-sgp-1 sshd[22693]: Disconnecting invalid user blank 185.246.130.20 port 8277: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:54.884Z","@version":"1","message":"Sep 15 20:05:54 honeypot-sgp-1 sshd[22699]: Disconnecting invalid user 1234 185.246.130.20 port 28820: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:25.900Z","@version":"1","message":"Sep 15 20:06:25 honeypot-sgp-1 sshd[22706]: Disconnecting invalid user Cisco 185.246.130.20 port 30749: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:50.911Z","@version":"1","message":"Sep 15 20:06:50 honeypot-sgp-1 sshd[22712]: Disconnecting invalid user 1234 185.246.130.20 port 17939: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:23.928Z","@version":"1","message":"Sep 15 20:07:23 honeypot-sgp-1 sshd[22720]: Invalid user adslroot from 185.246.130.20 port 46796","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:53.943Z","@version":"1","message":"Sep 15 20:07:53 honeypot-sgp-1 sshd[22726]: Invalid user blank from 185.246.130.20 port 38402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:58.946Z","@version":"1","message":"Sep 15 20:07:58 honeypot-sgp-1 sshd[22732]: Disconnected from authenticating user root 61.177.173.51 port 52430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:27.960Z","@version":"1","message":"Sep 15 20:08:27 honeypot-sgp-1 sshd[22738]: Disconnecting invalid user default 185.246.130.20 port 55372: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:08:27 honeypot-ams-1 sshd[28798]: Invalid user master from 92.255.85.69 port 52358","@timestamp":"2022-09-15T20:08:28.594Z"}
{"@timestamp":"2022-09-15T20:08:48.974Z","@version":"1","message":"Sep 15 20:08:48 honeypot-sgp-1 sshd[22744]: Disconnecting invalid user Administrator 185.246.130.20 port 32128: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:08.984Z","@version":"1","message":"Sep 15 20:09:08 honeypot-sgp-1 sshd[22750]: Disconnecting invalid user admin 185.246.130.20 port 54925: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:42.000Z","@version":"1","message":"Sep 15 20:09:41 honeypot-sgp-1 sshd[22756]: Disconnecting invalid user comcast 185.246.130.20 port 49799: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:13.015Z","@version":"1","message":"Sep 15 20:10:12 honeypot-sgp-1 sshd[22763]: Disconnecting invalid user admin1234 185.246.130.20 port 2316: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:42.030Z","@version":"1","message":"Sep 15 20:10:41 honeypot-sgp-1 sshd[22769]: Disconnecting invalid user admin 185.246.130.20 port 38678: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:10.043Z","@version":"1","message":"Sep 15 20:11:09 honeypot-sgp-1 sshd[22777]: Disconnecting invalid user blank 185.246.130.20 port 51437: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:45.059Z","@version":"1","message":"Sep 15 20:11:44 honeypot-sgp-1 sshd[22785]: Invalid user 0 from 185.246.130.20 port 33057","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:14.073Z","@version":"1","message":"Sep 15 20:12:13 honeypot-sgp-1 sshd[22791]: Invalid user admin from 185.246.130.20 port 34497","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:37.085Z","@version":"1","message":"Sep 15 20:12:36 honeypot-sgp-1 sshd[22797]: Invalid user Broadcom from 185.246.130.20 port 44067","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:02.096Z","@version":"1","message":"Sep 15 20:13:01 honeypot-sgp-1 sshd[22803]: Invalid user cusadmin from 185.246.130.20 port 57087","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:28.110Z","@version":"1","message":"Sep 15 20:13:27 honeypot-sgp-1 sshd[22809]: Invalid user sweex from 185.246.130.20 port 32147","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:54.123Z","@version":"1","message":"Sep 15 20:13:53 honeypot-sgp-1 sshd[22815]: Invalid user  from 185.246.130.20 port 9532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:08.131Z","@version":"1","message":"Sep 15 20:14:07 honeypot-sgp-1 sshd[22821]: Invalid user user from 185.246.130.20 port 63417","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:35.143Z","@version":"1","message":"Sep 15 20:14:34 honeypot-sgp-1 sshd[22827]: Disconnecting invalid user 123456 185.246.130.20 port 60712: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:05.158Z","@version":"1","message":"Sep 15 20:15:04 honeypot-sgp-1 sshd[22834]: Disconnecting invalid user readwrite 185.246.130.20 port 48186: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:34.172Z","@version":"1","message":"Sep 15 20:15:33 honeypot-sgp-1 sshd[22840]: Disconnecting invalid user DZY-W2914NSV2 185.246.130.20 port 19704: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:15:40 honeypot-fra-1 sshd[19519]: Received disconnect from 143.110.236.239 port 53460:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:15:40.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:15:52.182Z","@version":"1","message":"Sep 15 20:15:52 honeypot-sgp-1 kernel: [84149058.935076] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.142.236.40 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=111 ID=50516 PROTO=TCP SPT=17340 DPT=80 WINDOW=47701 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:20 honeypot-fra-1 sshd[19524]: Invalid user chia from 54.163.60.60 port 60608","@timestamp":"2022-09-15T20:16:20.999Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:16:24.198Z","@version":"1","message":"Sep 15 20:16:23 honeypot-sgp-1 sshd[22854]: Received disconnect from 61.177.172.108 port 19431:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:17:01 honeypot-fra-1 CRON[19528]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T20:17:02.016Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:17:02.216Z","@version":"1","message":"Sep 15 20:17:01 honeypot-sgp-1 CRON[22858]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:19:27 honeypot-ams-1 sshd[28804]: Invalid user tomcat from 193.106.191.157 port 46242","@timestamp":"2022-09-15T20:19:27.875Z"}
{"@timestamp":"2022-09-15T20:27:28.458Z","@version":"1","message":"Sep 15 20:27:27 honeypot-sgp-1 sshd[22868]: Disconnected from authenticating user root 206.189.157.19 port 35696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:27:28 honeypot-fra-1 sshd[19540]: Received disconnect from 61.177.172.104 port 58420:11:  [preauth]","@timestamp":"2022-09-15T20:27:29.255Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:30:05 honeypot-ams-1 kernel: [84150387.599848] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=1159 PROTO=TCP SPT=53557 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:30:06.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:32:21 honeypot-fra-1 sshd[19546]: Received disconnect from 61.177.173.49 port 45018:11:  [preauth]","@timestamp":"2022-09-15T20:32:22.367Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:32:35.579Z","@version":"1","message":"Sep 15 20:32:35 honeypot-sgp-1 sshd[22873]: Connection closed by invalid user ubnt 179.60.147.69 port 42864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:35:56 honeypot-ams-1 sshd[28815]: Invalid user ubnt from 179.60.147.69 port 16132","@timestamp":"2022-09-15T20:35:57.297Z"}
{"@timestamp":"2022-09-15T20:39:03.733Z","@version":"1","message":"Sep 15 20:39:03 honeypot-sgp-1 sshd[22880]: Invalid user jp from 216.137.185.113 port 41922","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:39:19 honeypot-fra-1 sshd[19553]: Disconnected from invalid user oracle 92.255.85.70 port 28924 [preauth]","@timestamp":"2022-09-15T20:39:20.522Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:40:35.770Z","@version":"1","message":"Sep 15 20:40:34 honeypot-sgp-1 sshd[22884]: Received disconnect from 223.197.186.7 port 42834:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:45:50 honeypot-fra-1 sshd[19560]: Received disconnect from 106.241.54.211 port 47040:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:45:50.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:46:32.912Z","@version":"1","message":"Sep 15 20:46:32 honeypot-sgp-1 kernel: [84150899.001399] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.140.230 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=19618 DF PROTO=TCP SPT=51021 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:47:47.943Z","@version":"1","message":"Sep 15 20:47:47 honeypot-sgp-1 sshd[22895]: Invalid user anonymous from 92.255.85.69 port 48464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:47:50 honeypot-fra-1 sshd[19566]: Received disconnect from 128.199.144.93 port 60658:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:47:51.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:50:09 honeypot-fra-1 sshd[19570]: Disconnected from invalid user gs 20.214.104.165 port 57946 [preauth]","@timestamp":"2022-09-15T20:50:09.772Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:53:54.088Z","@version":"1","message":"Sep 15 20:53:53 honeypot-sgp-1 sshd[22901]: Invalid user user from 45.61.186.249 port 38930","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:11.097Z","@version":"1","message":"Sep 15 20:54:10 honeypot-sgp-1 sshd[22919]: Received disconnect from 61.177.173.51 port 16406:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:20.101Z","@version":"1","message":"Sep 15 20:54:19 honeypot-sgp-1 sshd[22923]: Received disconnect from 45.61.186.249 port 44376:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:39.110Z","@version":"1","message":"Sep 15 20:54:38 honeypot-sgp-1 sshd[22927]: Received disconnect from 45.61.186.249 port 38602:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:50.115Z","@version":"1","message":"Sep 15 20:54:49 honeypot-sgp-1 sshd[22931]: Disconnected from authenticating user root 61.177.173.36 port 27774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:55:49 honeypot-ams-1 sshd[28819]: Invalid user anonymous from 92.255.85.70 port 57318","@timestamp":"2022-09-15T20:55:49.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:56:42 honeypot-fra-1 sshd[19579]: Did not receive identification string from 198.98.61.9 port 54590","@timestamp":"2022-09-15T20:56:42.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:08 honeypot-fra-1 sshd[19582]: Received disconnect from 198.98.61.9 port 35212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T20:57:08.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:24 honeypot-fra-1 sshd[19587]: Received disconnect from 198.98.61.9 port 57868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T20:57:24.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:48 honeypot-fra-1 sshd[19591]: Received disconnect from 198.98.61.9 port 52254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T20:57:48.949Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:59:40 honeypot-ams-1 sshd[28821]: Disconnected from invalid user nh 45.64.134.14 port 65320 [preauth]","@timestamp":"2022-09-15T20:59:40.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:00:06 honeypot-fra-1 kernel: [84150022.401707] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58113 PROTO=TCP SPT=44158 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:00:07.002Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:01:36 honeypot-ams-1 sshd[28828]: Invalid user mnj from 138.197.195.123 port 36260","@timestamp":"2022-09-15T21:01:36.966Z"}
{"@timestamp":"2022-09-15T21:01:49.279Z","@version":"1","message":"Sep 15 21:01:48 honeypot-sgp-1 sshd[22936]: Disconnected from invalid user amark 92.9.123.122 port 56332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:06:30 honeypot-fra-1 sshd[19600]: Disconnected from authenticating user root 61.177.173.35 port 62687 [preauth]","@timestamp":"2022-09-15T21:06:31.148Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:07:01 honeypot-ams-1 kernel: [84152603.131128] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=47984 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:07:02.112Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:08:20 honeypot-fra-1 sshd[19604]: Disconnected from invalid user admin 114.108.150.156 port 59324 [preauth]","@timestamp":"2022-09-15T21:08:21.191Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:09:29.477Z","@version":"1","message":"Sep 15 21:09:28 honeypot-sgp-1 sshd[22947]: Invalid user admin from 92.255.85.70 port 31196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:09:42 honeypot-fra-1 kernel: [84150598.545909] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=6866 PROTO=TCP SPT=32781 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:09:43.225Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:10:17 honeypot-fra-1 sshd[19613]: Disconnected from invalid user monitor 185.231.245.49 port 60830 [preauth]","@timestamp":"2022-09-15T21:10:18.241Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:12:34 honeypot-ams-1 sshd[28834]: Received disconnect from 34.69.39.31 port 37616:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:12:35.256Z"}
{"@timestamp":"2022-09-15T21:12:47.555Z","@version":"1","message":"Sep 15 21:12:46 honeypot-sgp-1 sshd[22953]: Connection closed by 118.21.144.227 port 53653 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:13:11 honeypot-fra-1 sshd[19620]: Received disconnect from 77.104.75.106 port 56500:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:13:12.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:14:17 honeypot-ams-1 sshd[28842]: Connection closed by 13.56.251.189 port 47214 [preauth]","@timestamp":"2022-09-15T21:14:18.305Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:17 honeypot-ams-1 sshd[28849]: Received disconnect from 198.98.61.9 port 56690:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T21:15:17.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:31 honeypot-ams-1 sshd[28851]: Received disconnect from 52.160.46.145 port 50830:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:15:32.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:47 honeypot-ams-1 sshd[28857]: Invalid user user from 198.98.61.9 port 34976","@timestamp":"2022-09-15T21:15:47.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:16:01 honeypot-fra-1 kernel: [84150977.309453] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.55.26.211 DST=165.22.82.222 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=6639 DF PROTO=TCP SPT=39323 DPT=443 WINDOW=63443 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:16:02.375Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:07 honeypot-ams-1 sshd[28861]: Invalid user user from 198.98.61.9 port 58140","@timestamp":"2022-09-15T21:16:08.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:15 honeypot-ams-1 sshd[28865]: Received disconnect from 198.98.61.9 port 41494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T21:16:16.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:17:02 honeypot-ams-1 CRON[28869]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T21:17:02.390Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:18:09 honeypot-fra-1 sshd[19632]: Received disconnect from 221.130.59.248 port 2062:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:18:09.426Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:20:45.763Z","@version":"1","message":"Sep 15 21:20:45 honeypot-sgp-1 sshd[22963]: Invalid user kulok from 194.113.237.49 port 49432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:20:50 honeypot-ams-1 kernel: [84153432.726449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.150.176.243 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=56656 DF PROTO=TCP SPT=39511 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:20:51.489Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:25:42 honeypot-fra-1 sshd[19635]: Disconnected from invalid user admin 92.255.85.70 port 43006 [preauth]","@timestamp":"2022-09-15T21:25:42.595Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:27:41 honeypot-ams-1 sshd[28879]: Disconnected from invalid user paraccel 148.72.244.44 port 39282 [preauth]","@timestamp":"2022-09-15T21:27:42.660Z"}
{"@timestamp":"2022-09-15T21:30:32.010Z","@version":"1","message":"Sep 15 21:30:31 honeypot-sgp-1 sshd[22969]: Received disconnect from 61.177.172.98 port 47211:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T21:33:02.071Z","@version":"1","message":"Sep 15 21:33:01 honeypot-sgp-1 sshd[22976]: Received disconnect from 61.177.173.46 port 19055:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:33:32 honeypot-fra-1 sshd[19644]: Disconnected from authenticating user root 61.177.173.51 port 44254 [preauth]","@timestamp":"2022-09-15T21:33:32.772Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:36:01 honeypot-ams-1 kernel: [84154343.633902] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.161.155.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=10942 PROTO=TCP SPT=11720 DPT=443 WINDOW=25992 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:36:01.878Z"}
{"@timestamp":"2022-09-15T21:42:05.283Z","@version":"1","message":"Sep 15 21:42:04 honeypot-sgp-1 sshd[22983]: Received disconnect from 61.177.173.48 port 56985:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:44:43 honeypot-fra-1 sshd[19655]: Invalid user ldapsun from 165.22.45.108 port 41600","@timestamp":"2022-09-15T21:44:44.020Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:47:47.415Z","@version":"1","message":"Sep 15 21:47:47 honeypot-sgp-1 kernel: [84154573.939724] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=2095 DF PROTO=TCP SPT=41722 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:49:03 honeypot-fra-1 sshd[19660]: Disconnected from authenticating user root 61.177.173.51 port 17922 [preauth]","@timestamp":"2022-09-15T21:49:04.120Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:49:30 honeypot-ams-1 sshd[28896]: Invalid user mdpi from 92.205.19.152 port 59946","@timestamp":"2022-09-15T21:49:30.216Z"}
{"@timestamp":"2022-09-15T21:54:56.581Z","@version":"1","message":"Sep 15 21:54:55 honeypot-sgp-1 sshd[23063]: Received disconnect from 92.255.85.70 port 58826:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:56:10 honeypot-fra-1 kernel: [84153386.547780] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=54.185.167.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=215 ID=36690 PROTO=TCP SPT=58965 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:56:11.296Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:56:40 honeypot-ams-1 kernel: [84155582.195078] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.123.117.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=3389 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:56:40.404Z"}
{"@timestamp":"2022-09-15T22:01:47.737Z","@version":"1","message":"Sep 15 22:01:47 honeypot-sgp-1 sshd[23070]: Received disconnect from 159.223.172.195 port 36140:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:16 honeypot-fra-1 sshd[19680]: Received disconnect from 162.241.189.135 port 37200:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:17.436Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:24 honeypot-fra-1 sshd[19684]: Received disconnect from 162.241.189.135 port 46998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:24.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:31 honeypot-fra-1 sshd[19688]: Received disconnect from 162.241.189.135 port 45330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:32.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:39 honeypot-fra-1 sshd[19692]: Received disconnect from 162.241.189.135 port 58968:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:40.449Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:48 honeypot-fra-1 sshd[19696]: Received disconnect from 162.241.189.135 port 43070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:48.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:59 honeypot-fra-1 sshd[19700]: Received disconnect from 162.241.189.135 port 55642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:02:59.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:04 honeypot-fra-1 sshd[19704]: Received disconnect from 162.241.189.135 port 39840:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:04.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:12 honeypot-fra-1 sshd[19708]: Received disconnect from 162.241.189.135 port 52210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:12.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:19 honeypot-fra-1 sshd[19712]: Invalid user user from 162.241.189.135 port 36212","@timestamp":"2022-09-15T22:03:20.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:28 honeypot-fra-1 sshd[19716]: Invalid user user from 162.241.189.135 port 51148","@timestamp":"2022-09-15T22:03:29.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:35 honeypot-fra-1 sshd[19720]: Invalid user user from 162.241.189.135 port 35792","@timestamp":"2022-09-15T22:03:35.478Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:43 honeypot-fra-1 sshd[19724]: Invalid user user from 162.241.189.135 port 50672","@timestamp":"2022-09-15T22:03:43.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:50 honeypot-fra-1 kernel: [84153846.278096] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.211 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=50135 PROTO=TCP SPT=22242 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:03:50.486Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:55 honeypot-fra-1 sshd[19730]: Disconnected from invalid user user 162.241.189.135 port 55314 [preauth]","@timestamp":"2022-09-15T22:03:55.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:03 honeypot-fra-1 sshd[19734]: Disconnected from invalid user user 162.241.189.135 port 42988 [preauth]","@timestamp":"2022-09-15T22:04:03.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:17 honeypot-fra-1 sshd[19738]: Disconnected from invalid user user 162.241.189.135 port 47260 [preauth]","@timestamp":"2022-09-15T22:04:18.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:25 honeypot-fra-1 sshd[19742]: Disconnected from invalid user user 162.241.189.135 port 38578 [preauth]","@timestamp":"2022-09-15T22:04:25.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:32 honeypot-fra-1 sshd[19746]: Disconnected from invalid user user 162.241.189.135 port 49540 [preauth]","@timestamp":"2022-09-15T22:04:33.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:40 honeypot-fra-1 sshd[19750]: Disconnected from invalid user user 162.241.189.135 port 36018 [preauth]","@timestamp":"2022-09-15T22:04:41.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:48 honeypot-fra-1 sshd[19754]: Disconnected from invalid user user 162.241.189.135 port 49328 [preauth]","@timestamp":"2022-09-15T22:04:49.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:56 honeypot-fra-1 sshd[19758]: Disconnected from invalid user user 162.241.189.135 port 34562 [preauth]","@timestamp":"2022-09-15T22:04:57.521Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:04 honeypot-fra-1 sshd[19762]: Disconnected from invalid user user 162.241.189.135 port 47972 [preauth]","@timestamp":"2022-09-15T22:05:05.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:12 honeypot-fra-1 sshd[19766]: Disconnected from invalid user user 162.241.189.135 port 33560 [preauth]","@timestamp":"2022-09-15T22:05:13.529Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:20 honeypot-fra-1 sshd[19770]: Disconnected from invalid user user 162.241.189.135 port 49900 [preauth]","@timestamp":"2022-09-15T22:05:21.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:28 honeypot-fra-1 sshd[19774]: Disconnected from invalid user user 162.241.189.135 port 37036 [preauth]","@timestamp":"2022-09-15T22:05:28.537Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:05:32 honeypot-ams-1 kernel: [84156113.882388] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59467 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:05:32.640Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:35 honeypot-fra-1 sshd[19778]: Disconnected from invalid user user 162.241.189.135 port 49416 [preauth]","@timestamp":"2022-09-15T22:05:36.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:47 honeypot-fra-1 sshd[19782]: Disconnected from invalid user user 162.241.189.135 port 57832 [preauth]","@timestamp":"2022-09-15T22:05:48.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:51 honeypot-fra-1 sshd[19786]: Disconnected from invalid user user 162.241.189.135 port 49718 [preauth]","@timestamp":"2022-09-15T22:05:51.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:02 honeypot-fra-1 sshd[19790]: Disconnected from invalid user user 162.241.189.135 port 42016 [preauth]","@timestamp":"2022-09-15T22:06:02.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:06 honeypot-fra-1 sshd[19794]: Disconnected from invalid user user 162.241.189.135 port 48978 [preauth]","@timestamp":"2022-09-15T22:06:07.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:16 honeypot-fra-1 sshd[19798]: Disconnected from invalid user user 162.241.189.135 port 32794 [preauth]","@timestamp":"2022-09-15T22:06:17.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:24 honeypot-fra-1 sshd[19802]: Disconnected from invalid user user 162.241.189.135 port 45220 [preauth]","@timestamp":"2022-09-15T22:06:24.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:31 honeypot-fra-1 sshd[19806]: Disconnected from invalid user user 162.241.189.135 port 58588 [preauth]","@timestamp":"2022-09-15T22:06:32.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:39 honeypot-fra-1 sshd[19810]: Disconnected from invalid user user 162.241.189.135 port 43654 [preauth]","@timestamp":"2022-09-15T22:06:39.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:47 honeypot-fra-1 sshd[19814]: Disconnected from invalid user user 162.241.189.135 port 57280 [preauth]","@timestamp":"2022-09-15T22:06:47.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:55 honeypot-fra-1 sshd[19818]: Received disconnect from 162.241.189.135 port 41450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:55.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:04 honeypot-fra-1 sshd[19822]: Received disconnect from 162.241.189.135 port 54032:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:04.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:11 honeypot-fra-1 sshd[19826]: Received disconnect from 162.241.189.135 port 38458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:11.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:19 honeypot-fra-1 sshd[19831]: Received disconnect from 162.241.189.135 port 53408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:19.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:26 honeypot-fra-1 sshd[19835]: Received disconnect from 162.241.189.135 port 38726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:27.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:34 honeypot-fra-1 sshd[19839]: Received disconnect from 162.241.189.135 port 50980:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:07:35.602Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:10:35.948Z","@version":"1","message":"Sep 15 22:10:35 honeypot-sgp-1 sshd[23073]: Received disconnect from 157.230.47.60 port 39614:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:10:57 honeypot-fra-1 kernel: [84154273.741326] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x18 PREC=0x00 TTL=237 ID=13181 PROTO=TCP SPT=41304 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:10:58.693Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:11:26 honeypot-ams-1 sshd[28907]: Invalid user ffw from 188.165.78.53 port 34448","@timestamp":"2022-09-15T22:11:26.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:14:33 honeypot-ams-1 sshd[28912]: Connection closed by invalid user user1 103.188.176.251 port 43754 [preauth]","@timestamp":"2022-09-15T22:14:33.881Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:16:41 honeypot-fra-1 kernel: [84154617.322333] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.233.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=3389 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:16:41.824Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:17:01 honeypot-ams-1 CRON[28916]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T22:17:01.953Z"}
{"@timestamp":"2022-09-15T22:17:02.107Z","@version":"1","message":"Sep 15 22:17:01 honeypot-sgp-1 CRON[23076]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T22:19:11.161Z","@version":"1","message":"Sep 15 22:19:10 honeypot-sgp-1 sshd[23082]: Disconnected from invalid user admin 92.255.85.70 port 45958 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:19:59 honeypot-fra-1 sshd[19852]: Received disconnect from 139.59.112.202 port 55320:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:19:59.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:23:09 honeypot-fra-1 sshd[19856]: Received disconnect from 184.168.125.40 port 57412:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:23:09.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:23:26.265Z","@version":"1","message":"Sep 15 22:23:25 honeypot-sgp-1 sshd[23088]: Received disconnect from 159.65.128.16 port 49896:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:27:14 honeypot-fra-1 sshd[19859]: Connection closed by invalid user tomcat 193.106.191.157 port 41878 [preauth]","@timestamp":"2022-09-15T22:27:15.072Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:29:45 honeypot-ams-1 kernel: [84157567.341601] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.103.148 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60162 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:29:46.285Z"}
{"@timestamp":"2022-09-15T22:32:11.470Z","@version":"1","message":"Sep 15 22:32:10 honeypot-sgp-1 kernel: [84157237.256760] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.55.45.125 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=630 PROTO=TCP SPT=20000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:37:30 honeypot-fra-1 sshd[19868]: Disconnected from invalid user ldggzxc 165.22.45.108 port 46662 [preauth]","@timestamp":"2022-09-15T22:37:31.301Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:42:24 honeypot-ams-1 kernel: [84158326.108086] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=48294 PROTO=TCP SPT=51578 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:42:24.613Z"}
{"@timestamp":"2022-09-15T22:42:54.724Z","@version":"1","message":"Sep 15 22:42:53 honeypot-sgp-1 sshd[23098]: Disconnected from invalid user jenkins 92.255.85.70 port 58910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:49:51 honeypot-ams-1 kernel: [84158773.490311] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=59792 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:49:51.811Z"}
{"@timestamp":"2022-09-15T22:57:22.069Z","@version":"1","message":"Sep 15 22:57:21 honeypot-sgp-1 sshd[23109]: Invalid user default from 179.60.147.69 port 56704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:35 honeypot-fra-1 sshd[19875]: Did not receive identification string from 20.13.161.157 port 55968","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19885]: Invalid user postgres from 20.13.161.157 port 57034","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19882]: Invalid user centos from 20.13.161.157 port 57050","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19879]: Connection closed by invalid user steam 20.13.161.157 port 56994 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19878]: Connection closed by invalid user ubuntu 20.13.161.157 port 57038 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19905]: Invalid user vagrant from 20.13.161.157 port 56998","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19904]: Invalid user systems from 20.13.161.157 port 56980","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19908]: Connection closed by invalid user hadoop 20.13.161.157 port 56976 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:58:30 honeypot-fra-1 sshd[19924]: Connection closed by invalid user default 179.60.147.69 port 43892 [preauth]","@timestamp":"2022-09-15T22:58:30.792Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:01:11 honeypot-ams-1 kernel: [84159453.670625] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=51591 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:01:12.112Z"}
{"@timestamp":"2022-09-15T23:03:30.218Z","@version":"1","message":"Sep 15 23:03:29 honeypot-sgp-1 sshd[23115]: Received disconnect from 118.174.4.5 port 41387:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:06:03 honeypot-fra-1 sshd[19929]: Received disconnect from 139.59.18.217 port 47684:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:06:03.964Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:06:05 honeypot-ams-1 kernel: [84159747.683978] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.4 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50008 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:06:06.245Z"}
{"@timestamp":"2022-09-15T23:06:37.294Z","@version":"1","message":"Sep 15 23:06:36 honeypot-sgp-1 sshd[23117]: Received disconnect from 92.255.85.70 port 25546:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:11:08.406Z","@version":"1","message":"Sep 15 23:11:08 honeypot-sgp-1 sshd[23120]: Received disconnect from 178.49.141.172 port 35340:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:12:34 honeypot-fra-1 sshd[19934]: Invalid user tomcat from 193.106.191.157 port 44202","@timestamp":"2022-09-15T23:12:35.117Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:16:06 honeypot-ams-1 sshd[28942]: Disconnected from invalid user adm 92.255.85.69 port 63414 [preauth]","@timestamp":"2022-09-15T23:16:07.510Z"}
{"@timestamp":"2022-09-15T23:21:09.668Z","@version":"1","message":"Sep 15 23:21:08 honeypot-sgp-1 sshd[23126]: Disconnected from authenticating user root 165.22.202.225 port 52586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:38 honeypot-ams-1 sshd[28949]: Received disconnect from 80.76.51.46 port 35020:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:21:38.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:48 honeypot-ams-1 sshd[28953]: Disconnected from invalid user administrador 139.59.92.30 port 44524 [preauth]","@timestamp":"2022-09-15T23:21:48.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:13 honeypot-ams-1 sshd[28960]: Disconnected from authenticating user root 80.76.51.46 port 49214 [preauth]","@timestamp":"2022-09-15T23:22:13.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:41 honeypot-ams-1 sshd[28966]: Disconnected from authenticating user root 80.76.51.46 port 59966 [preauth]","@timestamp":"2022-09-15T23:22:41.687Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:23:05 honeypot-fra-1 sshd[19940]: Invalid user adm from 92.255.85.70 port 59458","@timestamp":"2022-09-15T23:23:06.354Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:11 honeypot-ams-1 sshd[28972]: Disconnected from authenticating user root 80.76.51.46 port 42466 [preauth]","@timestamp":"2022-09-15T23:23:11.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:32 honeypot-ams-1 sshd[28976]: Disconnected from invalid user admin 80.76.51.46 port 49624 [preauth]","@timestamp":"2022-09-15T23:23:32.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:30:32 honeypot-fra-1 sshd[19943]: Disconnected from invalid user lebedevalk 165.22.45.108 port 51722 [preauth]","@timestamp":"2022-09-15T23:30:32.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:30:36 honeypot-ams-1 sshd[28981]: Disconnected from invalid user monitor 40.124.120.52 port 47660 [preauth]","@timestamp":"2022-09-15T23:30:36.897Z"}
{"@timestamp":"2022-09-15T23:31:16.910Z","@version":"1","message":"Sep 15 23:31:16 honeypot-sgp-1 sshd[23132]: Received disconnect from 92.255.85.70 port 38610:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:38:29 honeypot-fra-1 sshd[19951]: Connection closed by 100.20.101.213 port 47230 [preauth]","@timestamp":"2022-09-15T23:38:30.744Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:40:14 honeypot-ams-1 sshd[28989]: Invalid user admin from 179.60.147.69 port 25962","@timestamp":"2022-09-15T23:40:15.152Z"}
{"@timestamp":"2022-09-15T23:44:07.219Z","@version":"1","message":"Sep 15 23:44:06 honeypot-sgp-1 sshd[23138]: Disconnected from 161.35.113.79 port 40166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:47:02 honeypot-fra-1 sshd[19962]: Disconnected from authenticating user root 92.255.85.69 port 54320 [preauth]","@timestamp":"2022-09-15T23:47:03.951Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:49:06 honeypot-ams-1 sshd[28994]: Did not receive identification string from 45.61.186.249 port 41180","@timestamp":"2022-09-15T23:49:07.390Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:49:54 honeypot-ams-1 sshd[28998]: Disconnected from invalid user user 45.61.186.249 port 44426 [preauth]","@timestamp":"2022-09-15T23:49:55.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:14 honeypot-ams-1 sshd[29002]: Disconnected from invalid user user 45.61.186.249 port 38854 [preauth]","@timestamp":"2022-09-15T23:50:14.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:32 honeypot-ams-1 sshd[29006]: Disconnected from invalid user user 45.61.186.249 port 33306 [preauth]","@timestamp":"2022-09-15T23:50:32.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:35 honeypot-fra-1 sshd[19971]: Did not receive identification string from 31.192.105.81 port 30042","@timestamp":"2022-09-15T23:50:36.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:37 honeypot-fra-1 sshd[19982]: Unable to negotiate with 31.192.105.81 port 8980: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]","@timestamp":"2022-09-15T23:50:38.032Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:52:30 honeypot-ams-1 sshd[29012]: Disconnected from authenticating user root 80.76.51.45 port 56284 [preauth]","@timestamp":"2022-09-15T23:52:30.483Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:04 honeypot-ams-1 sshd[29016]: Disconnected from invalid user test 80.76.51.45 port 36118 [preauth]","@timestamp":"2022-09-15T23:53:05.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:54 honeypot-ams-1 sshd[29022]: Disconnected from authenticating user root 80.76.51.45 port 33970 [preauth]","@timestamp":"2022-09-15T23:53:54.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:54:42 honeypot-ams-1 sshd[29028]: Disconnected from authenticating user root 80.76.51.45 port 60170 [preauth]","@timestamp":"2022-09-15T23:54:43.549Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:55:32 honeypot-ams-1 sshd[29034]: Received disconnect from 80.76.51.45 port 58156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:55:32.576Z"}
{"@timestamp":"2022-09-15T23:55:47.496Z","@version":"1","message":"Sep 15 23:55:46 honeypot-sgp-1 sshd[23145]: Received disconnect from 181.117.6.49 port 52062:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19996]: Invalid user admin from 182.253.81.212 port 33840","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19996]: Connection closed by invalid user admin 182.253.81.212 port 33840 [preauth]","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:28 honeypot-fra-1 sshd[20008]: Invalid user steam from 182.253.81.212 port 33844","@timestamp":"2022-09-15T23:56:29.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:57:38.541Z","@version":"1","message":"Sep 15 23:57:38 honeypot-sgp-1 sshd[23150]: Invalid user user from 45.61.186.49 port 48736","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:45.545Z","@version":"1","message":"Sep 15 23:57:44 honeypot-sgp-1 sshd[23154]: Invalid user user from 45.61.186.49 port 54564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:55.550Z","@version":"1","message":"Sep 15 23:57:54 honeypot-sgp-1 sshd[23158]: Invalid user user from 45.61.186.49 port 37962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:58:49.572Z","@version":"1","message":"Sep 15 23:58:49 honeypot-sgp-1 sshd[23161]: Disconnected from invalid user user 45.61.186.169 port 34190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:06.581Z","@version":"1","message":"Sep 15 23:59:06 honeypot-sgp-1 sshd[23166]: Disconnected from invalid user user 45.61.186.169 port 57106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:23.589Z","@version":"1","message":"Sep 15 23:59:22 honeypot-sgp-1 sshd[23170]: Disconnected from invalid user user 45.61.186.169 port 51764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:59:27 honeypot-ams-1 kernel: [84162949.084626] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=182.120.1.177 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=17721 DF PROTO=TCP SPT=39718 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:59:27.682Z"}
{"@timestamp":"2022-09-15T23:59:37.596Z","@version":"1","message":"Sep 15 23:59:37 honeypot-sgp-1 sshd[23174]: Disconnected from invalid user user 45.61.186.169 port 46424 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:00:24 honeypot-fra-1 kernel: [84160840.371459] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=3420 PROTO=TCP SPT=44005 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:00:25.255Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:10:50.877Z","@version":"1","message":"Sep 16 00:10:50 honeypot-sgp-1 kernel: [84163157.350953] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=49220 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:22.894Z","@version":"1","message":"Sep 16 00:11:22 honeypot-sgp-1 sshd[23183]: Received disconnect from 45.61.186.249 port 58790:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:40.903Z","@version":"1","message":"Sep 16 00:11:40 honeypot-sgp-1 sshd[23187]: Received disconnect from 45.61.186.249 port 53080:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:56.940Z","@version":"1","message":"Sep 16 00:11:56 honeypot-sgp-1 sshd[23191]: Received disconnect from 45.61.186.249 port 47386:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:14:29 honeypot-fra-1 kernel: [84161684.801355] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52375 PROTO=TCP SPT=46404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:14:29.578Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:16:26.047Z","@version":"1","message":"Sep 16 00:16:26 honeypot-sgp-1 sshd[23196]: Connection closed by invalid user centos 179.60.147.69 port 20850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:16:47 honeypot-ams-1 kernel: [84163988.994585] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.37.67.66 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=53499 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:16:48.171Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:17:48 honeypot-fra-1 kernel: [84161884.080727] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28126 PROTO=TCP SPT=57423 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:17:48.658Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:18:13.094Z","@version":"1","message":"Sep 16 00:18:12 honeypot-sgp-1 kernel: [84163599.155554] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.236.217.254 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=44184 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:18.146Z","@version":"1","message":"Sep 16 00:20:17 honeypot-sgp-1 sshd[23206]: Received disconnect from 45.61.184.204 port 60892:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:36.154Z","@version":"1","message":"Sep 16 00:20:35 honeypot-sgp-1 sshd[23210]: Received disconnect from 45.61.184.204 port 55162:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:53.162Z","@version":"1","message":"Sep 16 00:20:52 honeypot-sgp-1 sshd[23214]: Received disconnect from 45.61.184.204 port 49390:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:21:13 honeypot-ams-1 kernel: [84164255.603035] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44937 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:21:14.296Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:23:08 honeypot-fra-1 sshd[20024]: Invalid user LEECHENG from 165.22.45.108 port 57084","@timestamp":"2022-09-16T00:23:08.786Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:23:34 honeypot-ams-1 sshd[29049]: Disconnected from invalid user soporte 73.3.242.105 port 60874 [preauth]","@timestamp":"2022-09-16T00:23:35.363Z"}
{"@timestamp":"2022-09-16T00:25:47.279Z","@version":"1","message":"Sep 16 00:25:46 honeypot-sgp-1 kernel: [84164053.307601] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29487 PROTO=TCP SPT=47491 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:34:08 honeypot-fra-1 sshd[20027]: Disconnected from authenticating user root 92.255.85.69 port 36630 [preauth]","@timestamp":"2022-09-16T00:34:09.081Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T00:35:33.507Z","@version":"1","message":"Sep 16 00:35:33 honeypot-sgp-1 sshd[23222]: Disconnected from invalid user rq 138.97.64.134 port 50736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:39:28 honeypot-ams-1 sshd[29056]: Received disconnect from 147.182.235.17 port 44362:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:39:28.817Z"}
{"@timestamp":"2022-09-16T00:40:04.616Z","@version":"1","message":"Sep 16 00:40:04 honeypot-sgp-1 sshd[23229]: Invalid user Guest from 92.255.85.69 port 25036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:42:07 honeypot-ams-1 sshd[29061]: Disconnected from invalid user boon 128.199.71.153 port 39408 [preauth]","@timestamp":"2022-09-16T00:42:07.893Z"}
{"@timestamp":"2022-09-16T00:42:33.677Z","@version":"1","message":"Sep 16 00:42:32 honeypot-sgp-1 kernel: [84165059.434745] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=32546 PROTO=TCP SPT=48882 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:45:56 honeypot-ams-1 sshd[29068]: Received disconnect from 159.65.89.121 port 56118:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:45:56.997Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:46:05 honeypot-fra-1 kernel: [84163581.116602] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=50064 PROTO=TCP SPT=43101 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:46:06.357Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:50:41 honeypot-ams-1 sshd[29070]: Disconnected from invalid user Guest 92.255.85.70 port 37024 [preauth]","@timestamp":"2022-09-16T00:50:41.127Z"}
{"@timestamp":"2022-09-16T00:52:01.902Z","@version":"1","message":"Sep 16 00:52:01 honeypot-sgp-1 sshd[23238]: Invalid user admin from 178.128.125.205 port 63262","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:53:00.926Z","@version":"1","message":"Sep 16 00:53:00 honeypot-sgp-1 sshd[23244]: Invalid user debian from 179.60.147.69 port 44152","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:56:08 honeypot-fra-1 sshd[20036]: Disconnected from invalid user Guest 92.255.85.70 port 26836 [preauth]","@timestamp":"2022-09-16T00:56:08.586Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:01:17 honeypot-ams-1 kernel: [84166659.679559] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=10162 PROTO=TCP SPT=39449 DPT=80 WINDOW=5536 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:01:18.411Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:03:54 honeypot-fra-1 kernel: [84164649.974072] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.149 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54116 PROTO=TCP SPT=46553 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:03:54.768Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:06:05.231Z","@version":"1","message":"Sep 16 01:06:04 honeypot-sgp-1 sshd[23249]: Connection closed by authenticating user root 103.188.176.251 port 37506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:09:42 honeypot-ams-1 sshd[29079]: Bad protocol version identification 'MGLNDD_178.62.254.91_22' from 192.241.210.200 port 56170","@timestamp":"2022-09-16T01:09:43.629Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:10:58 honeypot-fra-1 sshd[20048]: Invalid user vu from 121.126.224.151 port 53210","@timestamp":"2022-09-16T01:10:58.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:11:54 honeypot-fra-1 sshd[20052]: Disconnected from authenticating user root 116.193.133.36 port 58131 [preauth]","@timestamp":"2022-09-16T01:11:54.955Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:16:29.477Z","@version":"1","message":"Sep 16 01:16:29 honeypot-sgp-1 sshd[23254]: Connection closed by 43.158.217.180 port 39684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:17:01 honeypot-ams-1 CRON[29086]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T01:17:01.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:01 honeypot-fra-1 CRON[20057]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T01:17:02.075Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:21 honeypot-fra-1 sshd[20063]: Invalid user user from 45.61.186.49 port 45532","@timestamp":"2022-09-16T01:17:22.086Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:31 honeypot-fra-1 sshd[20067]: Invalid user user from 45.61.186.49 port 57494","@timestamp":"2022-09-16T01:17:32.090Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:21:23.595Z","@version":"1","message":"Sep 16 01:21:22 honeypot-sgp-1 sshd[23261]: Received disconnect from 196.3.164.45 port 52066:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:22:09.616Z","@version":"1","message":"Sep 16 01:22:09 honeypot-sgp-1 sshd[23266]: Disconnected from invalid user bb 167.172.98.89 port 51393 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:22:18 honeypot-fra-1 kernel: [84165753.975657] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.170 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=249 ID=23207 PROTO=TCP SPT=57095 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:22:19.202Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:25:39 honeypot-ams-1 sshd[29093]: Invalid user tomcat from 193.106.191.157 port 35432","@timestamp":"2022-09-16T01:25:40.060Z"}
{"@timestamp":"2022-09-16T01:25:58.708Z","@version":"1","message":"Sep 16 01:25:57 honeypot-sgp-1 sshd[23272]: Received disconnect from 92.255.85.70 port 15410:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:28:53 honeypot-fra-1 kernel: [84166149.083358] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.196.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44349 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:28:54.355Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:29:26.794Z","@version":"1","message":"Sep 16 01:29:26 honeypot-sgp-1 sshd[23296]: Invalid user guest from 179.60.147.69 port 61922","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:53 honeypot-fra-1 sshd[20119]: Invalid user admin from 121.4.171.88 port 45684","@timestamp":"2022-09-16T01:31:53.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:53 honeypot-fra-1 sshd[20118]: Connection closed by invalid user oracle 121.4.171.88 port 45712 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20124]: Invalid user hadoop from 121.4.171.88 port 45676","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20115]: Connection closed by authenticating user root 121.4.171.88 port 45710 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:32:51 honeypot-ams-1 sshd[29098]: Connection closed by invalid user guest 179.60.147.69 port 45558 [preauth]","@timestamp":"2022-09-16T01:32:51.249Z"}
{"@timestamp":"2022-09-16T01:33:01.900Z","@version":"1","message":"Sep 16 01:33:01 honeypot-sgp-1 kernel: [84168087.741146] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.209 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=238 ID=53984 PROTO=TCP SPT=47328 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:36:51 honeypot-fra-1 sshd[20142]: Did not receive identification string from 45.61.186.49 port 42212","@timestamp":"2022-09-16T01:36:52.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:18 honeypot-fra-1 sshd[20146]: Disconnected from invalid user user 45.61.186.49 port 54592 [preauth]","@timestamp":"2022-09-16T01:37:19.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:29 honeypot-fra-1 sshd[20150]: Disconnected from invalid user user 45.61.186.49 port 37894 [preauth]","@timestamp":"2022-09-16T01:37:29.562Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:37:59 honeypot-ams-1 kernel: [84168861.646445] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.152.42 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14681 PROTO=TCP SPT=34037 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:38:00.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:38:44 honeypot-ams-1 sshd[29108]: Received disconnect from 80.76.51.46 port 59138:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:38:44.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:02 honeypot-ams-1 sshd[29112]: Disconnected from authenticating user root 80.76.51.46 port 37870 [preauth]","@timestamp":"2022-09-16T01:39:03.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:31 honeypot-ams-1 sshd[29118]: Disconnected from authenticating user root 80.76.51.46 port 48394 [preauth]","@timestamp":"2022-09-16T01:39:31.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:01 honeypot-ams-1 sshd[29124]: Disconnected from authenticating user root 80.76.51.46 port 58904 [preauth]","@timestamp":"2022-09-16T01:40:02.450Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:21 honeypot-ams-1 sshd[29130]: Disconnected from authenticating user root 46.101.23.51 port 44956 [preauth]","@timestamp":"2022-09-16T01:40:22.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:43 honeypot-ams-1 sshd[29134]: Disconnected from invalid user admin 80.76.51.46 port 44678 [preauth]","@timestamp":"2022-09-16T01:40:43.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:40 honeypot-ams-1 sshd[29140]: Disconnected from authenticating user root 111.226.108.58 port 43205 [preauth]","@timestamp":"2022-09-16T01:50:41.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:45 honeypot-ams-1 sshd[29146]: Received disconnect from 111.226.108.58 port 43444:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:45.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:50 honeypot-ams-1 sshd[29152]: Received disconnect from 111.226.108.58 port 43674:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:50.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:54 honeypot-ams-1 sshd[29158]: Received disconnect from 111.226.108.58 port 43901:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:55.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:59 honeypot-ams-1 sshd[29164]: Received disconnect from 111.226.108.58 port 44141:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:59.749Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:04 honeypot-ams-1 sshd[29170]: Received disconnect from 111.226.108.58 port 44386:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:04.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:09 honeypot-ams-1 sshd[29176]: Received disconnect from 111.226.108.58 port 44637:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:09.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:13 honeypot-ams-1 sshd[29182]: Received disconnect from 111.226.108.58 port 44871:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:13.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:18 honeypot-ams-1 sshd[29188]: Received disconnect from 111.226.108.58 port 45120:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:18.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:23 honeypot-ams-1 sshd[29194]: Received disconnect from 111.226.108.58 port 45364:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:23.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:27 honeypot-ams-1 sshd[29200]: Received disconnect from 111.226.108.58 port 45631:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:28.769Z"}
{"@timestamp":"2022-09-16T01:51:29.342Z","@version":"1","message":"Sep 16 01:51:28 honeypot-sgp-1 kernel: [84169194.860617] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=47003 PROTO=TCP SPT=48628 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:32 honeypot-ams-1 sshd[29206]: Received disconnect from 111.226.108.58 port 45888:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:32.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:37 honeypot-ams-1 sshd[29212]: Invalid user admin from 111.226.108.58 port 46146","@timestamp":"2022-09-16T01:51:37.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:40 honeypot-ams-1 sshd[29216]: Invalid user admin from 111.226.108.58 port 46307","@timestamp":"2022-09-16T01:51:40.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:43 honeypot-ams-1 sshd[29220]: Invalid user admin from 111.226.108.58 port 46477","@timestamp":"2022-09-16T01:51:43.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:46 honeypot-ams-1 sshd[29224]: Invalid user admin from 111.226.108.58 port 46639","@timestamp":"2022-09-16T01:51:46.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:49 honeypot-ams-1 sshd[29228]: Invalid user admin from 111.226.108.58 port 46804","@timestamp":"2022-09-16T01:51:49.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:52 honeypot-ams-1 sshd[29232]: Invalid user user from 111.226.108.58 port 46974","@timestamp":"2022-09-16T01:51:53.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:56 honeypot-ams-1 sshd[29236]: Disconnected from authenticating user root 111.226.108.58 port 47138 [preauth]","@timestamp":"2022-09-16T01:51:56.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:59 honeypot-ams-1 sshd[29240]: Disconnected from invalid user pi 111.226.108.58 port 47302 [preauth]","@timestamp":"2022-09-16T01:51:59.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:02 honeypot-ams-1 sshd[29244]: Disconnected from invalid user ethos 111.226.108.58 port 47456 [preauth]","@timestamp":"2022-09-16T01:52:02.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:05 honeypot-ams-1 sshd[29248]: Disconnected from invalid user miner 111.226.108.58 port 47633 [preauth]","@timestamp":"2022-09-16T01:52:05.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:08 honeypot-ams-1 sshd[29252]: Disconnected from invalid user volumio 111.226.108.58 port 47786 [preauth]","@timestamp":"2022-09-16T01:52:09.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:12 honeypot-ams-1 sshd[29256]: Disconnected from invalid user nagios 111.226.108.58 port 47957 [preauth]","@timestamp":"2022-09-16T01:52:12.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:15 honeypot-ams-1 sshd[29260]: Disconnected from invalid user vagrant 111.226.108.58 port 48127 [preauth]","@timestamp":"2022-09-16T01:52:15.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:18 honeypot-ams-1 sshd[29264]: Disconnected from invalid user debian 111.226.108.58 port 48288 [preauth]","@timestamp":"2022-09-16T01:52:18.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:21 honeypot-ams-1 sshd[29268]: Disconnected from invalid user debian 111.226.108.58 port 48438 [preauth]","@timestamp":"2022-09-16T01:52:21.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:24 honeypot-ams-1 sshd[29272]: Disconnected from invalid user alarm 111.226.108.58 port 48597 [preauth]","@timestamp":"2022-09-16T01:52:24.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:27 honeypot-ams-1 sshd[29276]: Disconnected from invalid user test 111.226.108.58 port 48754 [preauth]","@timestamp":"2022-09-16T01:52:27.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:30 honeypot-ams-1 sshd[29280]: Disconnected from invalid user cirros 111.226.108.58 port 48919 [preauth]","@timestamp":"2022-09-16T01:52:31.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:54:27 honeypot-fra-1 sshd[20156]: Disconnected from invalid user monitor 200.108.139.242 port 58125 [preauth]","@timestamp":"2022-09-16T01:54:27.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:55:27 honeypot-fra-1 sshd[20162]: Connection closed by invalid user tomcat 193.106.191.157 port 57082 [preauth]","@timestamp":"2022-09-16T01:55:27.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:02:43 honeypot-ams-1 kernel: [84170345.295664] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.90.148.15 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=24688 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:02:44.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:04:58 honeypot-fra-1 sshd[20169]: Did not receive identification string from 45.61.186.169 port 53690","@timestamp":"2022-09-16T02:04:59.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:29 honeypot-fra-1 sshd[20172]: Received disconnect from 45.61.186.169 port 52892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:05:29.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:46 honeypot-fra-1 sshd[20176]: Received disconnect from 45.61.186.169 port 47812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:05:47.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:05:47.685Z","@version":"1","message":"Sep 16 02:05:47 honeypot-sgp-1 sshd[23310]: Connection closed by invalid user admin 179.60.147.69 port 43802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:03 honeypot-fra-1 sshd[20180]: Received disconnect from 45.61.186.169 port 42684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:06:04.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:35 honeypot-fra-1 sshd[20184]: Disconnected from authenticating user root 92.255.85.69 port 19938 [preauth]","@timestamp":"2022-09-16T02:06:35.335Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:07:42 honeypot-ams-1 sshd[29288]: Disconnected from invalid user app 178.62.97.236 port 41476 [preauth]","@timestamp":"2022-09-16T02:07:43.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:09:17 honeypot-ams-1 sshd[29294]: Disconnected from authenticating user root 179.1.85.122 port 34356 [preauth]","@timestamp":"2022-09-16T02:09:18.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:11:09 honeypot-ams-1 sshd[29298]: Disconnected from authenticating user root 103.99.203.103 port 40620 [preauth]","@timestamp":"2022-09-16T02:11:10.317Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:10 honeypot-fra-1 sshd[20191]: Did not receive identification string from 45.61.186.249 port 60544","@timestamp":"2022-09-16T02:11:10.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:40 honeypot-fra-1 sshd[20194]: Disconnected from invalid user user 45.61.186.249 port 54542 [preauth]","@timestamp":"2022-09-16T02:11:41.456Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:59 honeypot-fra-1 sshd[20198]: Disconnected from invalid user user 45.61.186.249 port 49154 [preauth]","@timestamp":"2022-09-16T02:11:59.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:15 honeypot-fra-1 sshd[20202]: Received disconnect from 45.61.186.249 port 43720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:12:16.475Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:12:33.855Z","@version":"1","message":"Sep 16 02:12:33 honeypot-sgp-1 sshd[23313]: Received disconnect from 92.255.85.70 port 49340:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:15:15.924Z","@version":"1","message":"Sep 16 02:15:15 honeypot-sgp-1 sshd[23317]: Disconnected from invalid user dw 119.187.147.110 port 2268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:17:01 honeypot-ams-1 CRON[29303]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T02:17:01.473Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:17:01 honeypot-fra-1 CRON[20208]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T02:17:01.614Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:18:45 honeypot-ams-1 sshd[29308]: Disconnected from invalid user admin 89.22.173.148 port 52754 [preauth]","@timestamp":"2022-09-16T02:18:45.519Z"}
{"@timestamp":"2022-09-16T02:19:46.035Z","@version":"1","message":"Sep 16 02:19:46 honeypot-sgp-1 sshd[23323]: Disconnected from invalid user saaf 165.227.231.151 port 56604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:22:55 honeypot-ams-1 sshd[29313]: Disconnected from invalid user ansible 92.255.85.69 port 18194 [preauth]","@timestamp":"2022-09-16T02:22:55.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:29:16 honeypot-fra-1 kernel: [84169771.918886] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=56297 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:29:16.945Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:31:45 honeypot-ams-1 sshd[29319]: Received disconnect from 82.200.65.218 port 48264:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:31:45.860Z"}
{"@timestamp":"2022-09-16T02:31:53.329Z","@version":"1","message":"Sep 16 02:31:52 honeypot-sgp-1 kernel: [84171618.870811] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=58086 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:01.361Z","@version":"1","message":"Sep 16 02:33:01 honeypot-sgp-1 sshd[23332]: Invalid user user from 45.61.186.249 port 56552","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:19.370Z","@version":"1","message":"Sep 16 02:33:19 honeypot-sgp-1 sshd[23336]: Invalid user user from 45.61.186.249 port 51304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:38.379Z","@version":"1","message":"Sep 16 02:33:37 honeypot-sgp-1 sshd[23340]: Invalid user user from 45.61.186.249 port 46108","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:37:23.471Z","@version":"1","message":"Sep 16 02:37:22 honeypot-sgp-1 sshd[23345]: Invalid user admin from 92.255.85.70 port 35130","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:39:03 honeypot-fra-1 kernel: [84170358.730940] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60642 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:39:04.168Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:43:12 honeypot-ams-1 kernel: [84172774.473883] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.41 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55331 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:43:13.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:46:22 honeypot-ams-1 sshd[29325]: Disconnected from invalid user admin 92.255.85.70 port 44432 [preauth]","@timestamp":"2022-09-16T02:46:23.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:50:53 honeypot-ams-1 sshd[29331]: Received disconnect from 43.154.230.33 port 35832:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:50:53.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:52:49 honeypot-ams-1 sshd[29335]: Received disconnect from 2.44.166.148 port 42496:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:52:50.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:53:25 honeypot-fra-1 sshd[20220]: Disconnected from authenticating user root 43.159.49.47 port 45844 [preauth]","@timestamp":"2022-09-16T02:53:25.489Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:57:46.969Z","@version":"1","message":"Sep 16 02:57:46 honeypot-sgp-1 kernel: [84173173.298198] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.163.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30640 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:58:11 honeypot-fra-1 sshd[20225]: Received disconnect from 210.74.128.186 port 55480:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:58:12.602Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:00:21 honeypot-ams-1 sshd[29339]: Received disconnect from 134.19.146.45 port 51762:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:00:21.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:00:33 honeypot-fra-1 sshd[20228]: Received disconnect from 165.22.45.108 port 44222:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:00:34.660Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:04:28 honeypot-ams-1 sshd[29341]: Received disconnect from 170.210.46.4 port 59294:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:04:28.724Z"}
{"@timestamp":"2022-09-16T03:04:48.143Z","@version":"1","message":"Sep 16 03:04:47 honeypot-sgp-1 kernel: [84173594.067668] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=15700 PROTO=TCP SPT=43102 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:08:03 honeypot-ams-1 kernel: [84174264.976894] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=64562 PROTO=TCP SPT=57654 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:08:03.823Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:11:24 honeypot-fra-1 sshd[20232]: Disconnected from invalid user nl 188.166.23.215 port 47222 [preauth]","@timestamp":"2022-09-16T03:11:24.905Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:14:20 honeypot-ams-1 kernel: [84174641.770575] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.133 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=49379 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:14:20.989Z"}
{"@timestamp":"2022-09-16T03:15:26.408Z","@version":"1","message":"Sep 16 03:15:25 honeypot-sgp-1 sshd[23356]: Connection closed by 195.144.21.56 port 39324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:04 honeypot-ams-1 sshd[29358]: Received disconnect from 80.76.51.46 port 36874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:17:05.060Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:17:15 honeypot-fra-1 sshd[20240]: Received disconnect from 92.255.85.70 port 18980:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:17:16.041Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:32 honeypot-ams-1 sshd[29364]: Did not receive identification string from 45.61.186.169 port 43494","@timestamp":"2022-09-16T03:17:33.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:47 honeypot-ams-1 sshd[29369]: Received disconnect from 45.61.186.169 port 42070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:17:48.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:57 honeypot-ams-1 sshd[29373]: Disconnected from invalid user user 45.61.186.169 port 53758 [preauth]","@timestamp":"2022-09-16T03:17:57.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:09 honeypot-ams-1 sshd[29379]: Received disconnect from 80.76.51.46 port 37286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:10.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:19 honeypot-ams-1 sshd[29383]: Disconnected from authenticating user root 80.76.51.46 port 41400 [preauth]","@timestamp":"2022-09-16T03:18:19.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:30 honeypot-ams-1 sshd[29389]: Invalid user user from 45.61.186.169 port 43996","@timestamp":"2022-09-16T03:18:31.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:38 honeypot-ams-1 sshd[29393]: Invalid user user from 45.61.186.169 port 55664","@timestamp":"2022-09-16T03:18:39.111Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:22:17 honeypot-ams-1 kernel: [84175119.220077] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=329 PROTO=TCP SPT=19304 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:22:18.205Z"}
{"@timestamp":"2022-09-16T03:22:21.580Z","@version":"1","message":"Sep 16 03:22:20 honeypot-sgp-1 sshd[23368]: Disconnected from authenticating user root 123.30.157.54 port 59114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:25:06.651Z","@version":"1","message":"Sep 16 03:25:06 honeypot-sgp-1 sshd[23374]: Invalid user auxiliar from 139.198.14.22 port 33926","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:26:27 honeypot-ams-1 sshd[29400]: Disconnected from invalid user zabbix 217.182.253.249 port 48592 [preauth]","@timestamp":"2022-09-16T03:26:27.311Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:29:58 honeypot-fra-1 sshd[20246]: Invalid user admin from 185.61.92.143 port 40670","@timestamp":"2022-09-16T03:29:58.474Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:31:53.820Z","@version":"1","message":"Sep 16 03:31:52 honeypot-sgp-1 sshd[23380]: Disconnected from 206.81.15.128 port 51244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:33:39 honeypot-ams-1 sshd[29407]: Received disconnect from 92.255.85.69 port 54262:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:33:40.510Z"}
{"@timestamp":"2022-09-16T03:40:01.024Z","@version":"1","message":"Sep 16 03:40:00 honeypot-sgp-1 sshd[23385]: Disconnected from invalid user info 35.221.82.156 port 46830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:41:01 honeypot-fra-1 sshd[20252]: Received disconnect from 92.255.85.70 port 16156:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:41:02.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:41:12 honeypot-ams-1 kernel: [84176254.620471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41678 PROTO=TCP SPT=59669 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:41:13.704Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:40 honeypot-fra-1 sshd[20257]: Invalid user user from 45.61.186.169 port 34580","@timestamp":"2022-09-16T03:42:40.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:56 honeypot-fra-1 sshd[20261]: Invalid user user from 45.61.186.169 port 57620","@timestamp":"2022-09-16T03:42:57.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:12 honeypot-fra-1 sshd[20266]: Invalid user user from 45.61.186.169 port 52424","@timestamp":"2022-09-16T03:43:12.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:44:36.142Z","@version":"1","message":"Sep 16 03:44:35 honeypot-sgp-1 sshd[23393]: Received disconnect from 103.236.201.117 port 51044:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:45:49 honeypot-ams-1 sshd[29416]: Received disconnect from 80.76.51.46 port 48246:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:45:50.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:19 honeypot-ams-1 sshd[29422]: Received disconnect from 80.76.51.46 port 33414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:46:19.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:50 honeypot-ams-1 sshd[29428]: Received disconnect from 80.76.51.46 port 46762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:46:50.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:46:58 honeypot-fra-1 kernel: [84174433.261001] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17112 PROTO=TCP SPT=59669 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:46:58.878Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:22 honeypot-ams-1 sshd[29434]: Received disconnect from 80.76.51.46 port 60162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:47:22.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:44 honeypot-ams-1 sshd[29438]: Received disconnect from 80.76.51.46 port 40848:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:47:44.888Z"}
{"@timestamp":"2022-09-16T03:48:14.236Z","@version":"1","message":"Sep 16 03:48:13 honeypot-sgp-1 sshd[23397]: Received disconnect from 92.255.85.70 port 39928:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:49:16.263Z","@version":"1","message":"Sep 16 03:49:15 honeypot-sgp-1 sshd[23401]: Disconnected from authenticating user root 133.130.99.35 port 47872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:53:13.363Z","@version":"1","message":"Sep 16 03:53:13 honeypot-sgp-1 sshd[23406]: Disconnected from authenticating user root 72.203.210.19 port 41698 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:53:17 honeypot-fra-1 sshd[20274]: Received disconnect from 165.22.45.108 port 49280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:53:18.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:59:47.531Z","@version":"1","message":"Sep 16 03:59:47 honeypot-sgp-1 kernel: [84176893.641459] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.204.120.32 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=9406 DF PROTO=TCP SPT=39025 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:00:47 honeypot-ams-1 sshd[29443]: Invalid user support from 179.60.147.69 port 45400","@timestamp":"2022-09-16T04:00:47.219Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:01:28 honeypot-fra-1 sshd[20279]: Disconnecting invalid user admin 125.4.158.186 port 58878: Too many authentication failures [preauth]","@timestamp":"2022-09-16T04:01:28.209Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:07:14 honeypot-ams-1 sshd[29448]: Received disconnect from 35.237.244.47 port 49428:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:07:14.390Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:09:46 honeypot-fra-1 sshd[20286]: Received disconnect from 45.61.186.249 port 34406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:09:47.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:04 honeypot-fra-1 sshd[20290]: Received disconnect from 45.61.186.249 port 57256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:10:05.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:23 honeypot-fra-1 sshd[20294]: Received disconnect from 45.61.186.249 port 51890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:10:24.417Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:40 honeypot-fra-1 sshd[20298]: Received disconnect from 45.61.186.249 port 46488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:10:40.424Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:11:14 honeypot-ams-1 sshd[29453]: Received disconnect from 148.240.122.192 port 42690:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:11:15.496Z"}
{"@timestamp":"2022-09-16T04:11:16.824Z","@version":"1","message":"Sep 16 04:11:15 honeypot-sgp-1 sshd[23418]: Invalid user admin from 92.255.85.69 port 44712","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:29.963Z","@version":"1","message":"Sep 16 04:16:29 honeypot-sgp-1 sshd[23424]: Invalid user user from 45.61.184.204 port 33754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:49.974Z","@version":"1","message":"Sep 16 04:16:49 honeypot-sgp-1 sshd[23428]: Invalid user user from 45.61.184.204 port 57516","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:17:01 honeypot-ams-1 CRON[29458]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T04:17:01.649Z"}
{"@timestamp":"2022-09-16T04:17:01.980Z","@version":"1","message":"Sep 16 04:17:01 honeypot-sgp-1 CRON[23432]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:17.989Z","@version":"1","message":"Sep 16 04:17:17 honeypot-sgp-1 sshd[23438]: Received disconnect from 45.61.184.204 port 36690:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:29.994Z","@version":"1","message":"Sep 16 04:17:29 honeypot-sgp-1 sshd[23442]: Disconnected from authenticating user root 61.177.173.36 port 21742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:16 honeypot-ams-1 sshd[29462]: Disconnected from invalid user user 45.61.184.204 port 56204 [preauth]","@timestamp":"2022-09-16T04:19:16.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:35 honeypot-ams-1 sshd[29466]: Disconnected from invalid user user 45.61.184.204 port 51166 [preauth]","@timestamp":"2022-09-16T04:19:35.719Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:19:48 honeypot-fra-1 sshd[20306]: Invalid user admin from 141.98.10.158 port 39748","@timestamp":"2022-09-16T04:19:49.632Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:53 honeypot-ams-1 sshd[29470]: Disconnected from invalid user user 45.61.184.204 port 46136 [preauth]","@timestamp":"2022-09-16T04:19:53.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:20:09 honeypot-ams-1 sshd[29476]: Invalid user user from 45.61.184.204 port 41068","@timestamp":"2022-09-16T04:20:09.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:20:52 honeypot-fra-1 sshd[20310]: Invalid user hadoop from 188.170.13.225 port 41866","@timestamp":"2022-09-16T04:20:52.659Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:21:46 honeypot-ams-1 sshd[29481]: Received disconnect from 61.177.172.98 port 10079:11:  [preauth]","@timestamp":"2022-09-16T04:21:46.785Z"}
{"@timestamp":"2022-09-16T04:25:18.196Z","@version":"1","message":"Sep 16 04:25:17 honeypot-sgp-1 sshd[23449]: Invalid user admin from 61.115.72.251 port 59554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:26:16.222Z","@version":"1","message":"Sep 16 04:26:15 honeypot-sgp-1 kernel: [84178481.960328] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.228.46.125 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=44132 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:27:54 honeypot-fra-1 sshd[20313]: Received disconnect from 92.255.85.70 port 36988:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:27:54.819Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:28:33 honeypot-ams-1 sshd[29486]: Connection closed by invalid user tomcat 193.106.191.157 port 36118 [preauth]","@timestamp":"2022-09-16T04:28:33.965Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:34:46 honeypot-ams-1 sshd[29925]: Disconnected from authenticating user root 61.177.173.51 port 14836 [preauth]","@timestamp":"2022-09-16T04:34:47.127Z"}
{"@timestamp":"2022-09-16T04:34:54.444Z","@version":"1","message":"Sep 16 04:34:54 honeypot-sgp-1 sshd[23460]: Received disconnect from 92.255.85.69 port 45066:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:38:24 honeypot-fra-1 sshd[20319]: Invalid user tomcat from 193.106.191.157 port 41812","@timestamp":"2022-09-16T04:38:25.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:39:31 honeypot-ams-1 kernel: [84179752.787526] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54236 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:39:31.252Z"}
{"@timestamp":"2022-09-16T04:42:52.650Z","@version":"1","message":"Sep 16 04:42:52 honeypot-sgp-1 sshd[23465]: Received disconnect from 61.177.173.51 port 52325:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:45:19.713Z","@version":"1","message":"Sep 16 04:45:18 honeypot-sgp-1 sshd[23470]: Disconnected from authenticating user root 61.177.173.39 port 40288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:45:58 honeypot-fra-1 sshd[20764]: Invalid user leo from 165.22.45.108 port 54328","@timestamp":"2022-09-16T04:45:59.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:47:21.767Z","@version":"1","message":"Sep 16 04:47:21 honeypot-sgp-1 sshd[23476]: Received disconnect from 115.94.79.59 port 52136:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:48:51 honeypot-ams-1 kernel: [84180312.944607] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=62744 PROTO=TCP SPT=50785 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:48:51.492Z"}
{"@timestamp":"2022-09-16T04:51:19.869Z","@version":"1","message":"Sep 16 04:51:19 honeypot-sgp-1 sshd[23483]: Invalid user bouncer from 167.71.233.59 port 48030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:51:32 honeypot-fra-1 kernel: [84178307.198328] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=165.22.82.222 LEN=52 TOS=0x08 PREC=0x60 TTL=53 ID=54483 DF PROTO=TCP SPT=55507 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:51:32.376Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:52:20.897Z","@version":"1","message":"Sep 16 04:52:20 honeypot-sgp-1 sshd[23487]: Invalid user vanesa from 138.197.152.128 port 60132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:53:39 honeypot-fra-1 sshd[20769]: Invalid user abc from 162.19.26.39 port 33934","@timestamp":"2022-09-16T04:53:39.428Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:54:17.950Z","@version":"1","message":"Sep 16 04:54:17 honeypot-sgp-1 sshd[23497]: Received disconnect from 61.177.172.124 port 42504:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:55:29 honeypot-fra-1 sshd[20773]: Invalid user ozzy from 52.183.159.83 port 53522","@timestamp":"2022-09-16T04:55:30.471Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:56:19 honeypot-fra-1 sshd[20777]: Disconnected from authenticating user root 203.101.126.19 port 60476 [preauth]","@timestamp":"2022-09-16T04:56:19.492Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:58:16.051Z","@version":"1","message":"Sep 16 04:58:15 honeypot-sgp-1 sshd[23502]: Disconnected from authenticating user backup 92.255.85.70 port 50096 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:58:17 honeypot-fra-1 sshd[20782]: Disconnected from invalid user anon 162.215.1.198 port 55670 [preauth]","@timestamp":"2022-09-16T04:58:18.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:01:13 honeypot-ams-1 sshd[29947]: Connection closed by invalid user  65.49.20.68 port 15890 [preauth]","@timestamp":"2022-09-16T05:01:13.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:01:45 honeypot-fra-1 sshd[20788]: Disconnected from authenticating user root 43.156.237.102 port 35276 [preauth]","@timestamp":"2022-09-16T05:01:46.622Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:02:22.158Z","@version":"1","message":"Sep 16 05:02:21 honeypot-sgp-1 sshd[23509]: Received disconnect from 107.152.37.185 port 57962:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:05:36 honeypot-fra-1 sshd[20794]: Invalid user webalizer from 115.247.30.162 port 49814","@timestamp":"2022-09-16T05:05:36.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:08:14 honeypot-ams-1 sshd[29956]: Disconnected from authenticating user backup 92.255.85.69 port 58660 [preauth]","@timestamp":"2022-09-16T05:08:14.994Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:13:58 honeypot-fra-1 kernel: [84179653.167277] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=58632 PROTO=TCP SPT=25770 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:13:58.905Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T05:15:20.480Z","@version":"1","message":"Sep 16 05:15:20 honeypot-sgp-1 sshd[23518]: Received disconnect from 61.177.173.36 port 47229:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:16:13 honeypot-fra-1 sshd[20807]: Invalid user admin from 41.77.186.96 port 58802","@timestamp":"2022-09-16T05:16:13.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:17:30 honeypot-ams-1 sshd[29970]: Received disconnect from 61.177.173.36 port 36334:11:  [preauth]","@timestamp":"2022-09-16T05:17:31.231Z"}
{"@timestamp":"2022-09-16T05:18:43.567Z","@version":"1","message":"Sep 16 05:18:43 honeypot-sgp-1 sshd[23525]: Disconnected from invalid user cs 172.247.194.147 port 40888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:19:36 honeypot-fra-1 sshd[20812]: Received disconnect from 41.93.31.73 port 40042:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:19:37.039Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:23:06 honeypot-ams-1 sshd[29975]: Disconnected from authenticating user root 61.177.173.50 port 50218 [preauth]","@timestamp":"2022-09-16T05:23:07.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:25:15 honeypot-fra-1 sshd[20817]: Disconnected from authenticating user root 107.175.150.83 port 37249 [preauth]","@timestamp":"2022-09-16T05:25:16.168Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:26:00.752Z","@version":"1","message":"Sep 16 05:25:59 honeypot-sgp-1 sshd[23533]: Received disconnect from 61.177.172.108 port 17095:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:30:12 honeypot-fra-1 sshd[20822]: Disconnected from invalid user vagrant 202.74.243.26 port 64062 [preauth]","@timestamp":"2022-09-16T05:30:13.282Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:31:33.893Z","@version":"1","message":"Sep 16 05:31:33 honeypot-sgp-1 sshd[23541]: Received disconnect from 193.142.146.50 port 44838:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:32:01 honeypot-ams-1 sshd[29980]: Disconnected from invalid user ubuntu 92.255.85.69 port 58636 [preauth]","@timestamp":"2022-09-16T05:32:01.605Z"}
{"@timestamp":"2022-09-16T05:33:26.942Z","@version":"1","message":"Sep 16 05:33:26 honeypot-sgp-1 sshd[23545]: Disconnected from authenticating user root 193.142.146.50 port 60942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:34:38.975Z","@version":"1","message":"Sep 16 05:34:38 honeypot-sgp-1 sshd[23551]: Received disconnect from 193.142.146.50 port 52858:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:37:15.043Z","@version":"1","message":"Sep 16 05:37:14 honeypot-sgp-1 sshd[23558]: Received disconnect from 193.142.146.50 port 36690:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:37:28 honeypot-ams-1 sshd[29987]: Invalid user zabbix from 103.188.176.251 port 36734","@timestamp":"2022-09-16T05:37:28.747Z"}
{"@timestamp":"2022-09-16T05:38:00.063Z","@version":"1","message":"Sep 16 05:37:59 honeypot-sgp-1 sshd[23562]: Disconnected from invalid user test 193.142.146.50 port 56838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:39:04 honeypot-fra-1 sshd[20827]: Invalid user ubuntu from 92.255.85.70 port 53114","@timestamp":"2022-09-16T05:39:04.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:40:08.121Z","@version":"1","message":"Sep 16 05:40:08 honeypot-sgp-1 sshd[23566]: Disconnected from authenticating user root 61.177.173.39 port 55781 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:44:08 honeypot-ams-1 sshd[29992]: Invalid user men from 186.226.37.45 port 52863","@timestamp":"2022-09-16T05:44:08.923Z"}
{"@timestamp":"2022-09-16T05:45:18.249Z","@version":"1","message":"Sep 16 05:45:17 honeypot-sgp-1 sshd[23577]: Disconnected from invalid user ubnt 92.255.85.70 port 50854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:46:12 honeypot-fra-1 kernel: [84181586.987595] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.101.189.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=36015 PROTO=TCP SPT=46964 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:46:12.649Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:46:45 honeypot-ams-1 sshd[29997]: Received disconnect from 45.61.187.160 port 33310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T05:46:45.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:46:54 honeypot-fra-1 sshd[20836]: Disconnected from invalid user com 81.28.167.30 port 33798 [preauth]","@timestamp":"2022-09-16T05:46:54.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:05 honeypot-ams-1 sshd[30003]: Received disconnect from 45.61.187.160 port 55986:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T05:47:06.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:23 honeypot-ams-1 sshd[30007]: Received disconnect from 45.61.187.160 port 50418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T05:47:24.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:40 honeypot-ams-1 sshd[30011]: Received disconnect from 45.61.187.160 port 44862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T05:47:41.022Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:55:03 honeypot-ams-1 sshd[30021]: Disconnected from invalid user ubnt 92.255.85.69 port 23262 [preauth]","@timestamp":"2022-09-16T05:55:04.210Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:02:52 honeypot-fra-1 sshd[20844]: Disconnected from invalid user ubnt 92.255.85.69 port 43030 [preauth]","@timestamp":"2022-09-16T06:02:53.029Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:04:49.726Z","@version":"1","message":"Sep 16 06:04:48 honeypot-sgp-1 kernel: [84184395.168871] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=17951 PROTO=TCP SPT=48003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:08:26 honeypot-fra-1 sshd[20849]: Disconnected from invalid user ubnt 97.112.107.231 port 49730 [preauth]","@timestamp":"2022-09-16T06:08:27.158Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:10:10 honeypot-ams-1 kernel: [84185192.200801] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.42.54.32 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=50365 PROTO=TCP SPT=60066 DPT=80 WINDOW=62137 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:10:10.596Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:11:55 honeypot-fra-1 kernel: [84183130.632119] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=31612 PROTO=TCP SPT=48003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:11:56.238Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T06:13:38.946Z","@version":"1","message":"Sep 16 06:13:38 honeypot-sgp-1 sshd[23592]: Received disconnect from 61.177.173.47 port 48806:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:41:23 honeypot-ams-1 sshd[30974]: Received disconnect from 61.177.173.46 port 11130:11:  [preauth]","@timestamp":"2022-09-16T07:41:24.026Z"}
{"@timestamp":"2022-09-16T07:43:35.361Z","@version":"1","message":"Sep 16 07:43:34 honeypot-sgp-1 sshd[24586]: Disconnected from invalid user admin 92.255.85.69 port 53646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:49:58 honeypot-fra-1 kernel: [84189013.458383] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=50353 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:49:59.592Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:50:33 honeypot-ams-1 sshd[30979]: Received disconnect from 61.177.173.46 port 20948:11:  [preauth]","@timestamp":"2022-09-16T07:50:34.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:52:48 honeypot-ams-1 sshd[30982]: Disconnected from invalid user admin 92.255.85.69 port 48858 [preauth]","@timestamp":"2022-09-16T07:52:49.322Z"}
{"@timestamp":"2022-09-16T07:56:35.675Z","@version":"1","message":"Sep 16 07:56:35 honeypot-sgp-1 sshd[24595]: Did not receive identification string from 45.61.184.204 port 46818","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:56:39 honeypot-ams-1 kernel: [84191580.968362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42767 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:56:39.425Z"}
{"@timestamp":"2022-09-16T07:56:51.685Z","@version":"1","message":"Sep 16 07:56:50 honeypot-sgp-1 sshd[24598]: Disconnected from invalid user user 45.61.184.204 port 41322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:09.694Z","@version":"1","message":"Sep 16 07:57:09 honeypot-sgp-1 sshd[24602]: Disconnected from invalid user user 45.61.184.204 port 36188 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:27.702Z","@version":"1","message":"Sep 16 07:57:27 honeypot-sgp-1 sshd[24607]: Disconnected from invalid user user 45.61.184.204 port 59272 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:00:04 honeypot-fra-1 sshd[21709]: Invalid user admin from 92.255.85.70 port 61974","@timestamp":"2022-09-16T08:00:05.824Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:02:24 honeypot-fra-1 kernel: [84189758.550938] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=110.138.22.17 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=30399 DF PROTO=TCP SPT=57012 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:02:24.879Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T08:04:45.901Z","@version":"1","message":"Sep 16 08:04:45 honeypot-sgp-1 sshd[24614]: Received disconnect from 61.177.173.36 port 13227:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:06:17 honeypot-ams-1 sshd[30996]: Invalid user dell from 103.188.176.251 port 52214","@timestamp":"2022-09-16T08:06:17.674Z"}
{"@timestamp":"2022-09-16T08:07:13.966Z","@version":"1","message":"Sep 16 08:07:13 honeypot-sgp-1 sshd[24617]: Disconnected from invalid user a 92.255.85.69 port 25754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:08:34 honeypot-ams-1 sshd[31000]: Connection closed by 85.210.177.104 port 50826 [preauth]","@timestamp":"2022-09-16T08:08:34.739Z"}
{"@timestamp":"2022-09-16T08:13:06.113Z","@version":"1","message":"Sep 16 08:13:05 honeypot-sgp-1 sshd[24620]: Disconnected from invalid user deathrun 43.154.50.195 port 37226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:15:16 honeypot-fra-1 sshd[21738]: Invalid user guest from 179.60.147.69 port 64092","@timestamp":"2022-09-16T08:15:17.174Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:15:41 honeypot-ams-1 kernel: [84192722.910364] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.214 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34338 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:15:41.941Z"}
{"@timestamp":"2022-09-16T08:16:01.187Z","@version":"1","message":"Sep 16 08:16:00 honeypot-sgp-1 sshd[24626]: Received disconnect from 40.85.90.154 port 51546:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:17:08 honeypot-ams-1 sshd[31012]: Invalid user arrezo from 159.223.95.166 port 53078","@timestamp":"2022-09-16T08:17:08.981Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:17:35 honeypot-fra-1 sshd[21744]: Invalid user leon from 165.22.45.108 port 46326","@timestamp":"2022-09-16T08:17:36.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T08:18:54.259Z","@version":"1","message":"Sep 16 08:18:54 honeypot-sgp-1 sshd[24633]: Disconnected from invalid user claroc 218.60.104.104 port 56108 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:19:50 honeypot-ams-1 sshd[31018]: Disconnected from authenticating user root 61.177.173.36 port 28851 [preauth]","@timestamp":"2022-09-16T08:19:51.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:23:26 honeypot-fra-1 sshd[21747]: Invalid user a from 92.255.85.70 port 19324","@timestamp":"2022-09-16T08:23:27.370Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:23:38 honeypot-ams-1 kernel: [84193199.902973] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.191.136.69 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=2105 DF PROTO=TCP SPT=47488 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:23:39.154Z"}
{"@timestamp":"2022-09-16T08:24:54.410Z","@version":"1","message":"Sep 16 08:24:53 honeypot-sgp-1 kernel: [84192799.718638] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.106.74 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=289 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:26:42 honeypot-ams-1 sshd[31025]: Disconnected from invalid user murai1 209.141.35.242 port 59486 [preauth]","@timestamp":"2022-09-16T08:26:43.237Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:30:24 honeypot-ams-1 kernel: [84193606.398146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.14.51.134 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=20040 DF PROTO=TCP SPT=50284 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:30:25.337Z"}
{"@timestamp":"2022-09-16T08:30:46.558Z","@version":"1","message":"Sep 16 08:30:46 honeypot-sgp-1 sshd[24663]: Disconnected from authenticating user root 92.255.85.69 port 39422 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:33:02 honeypot-ams-1 kernel: [84193764.099681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.14.51.134 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=2499 DF PROTO=TCP SPT=51348 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:33:03.410Z"}
{"@timestamp":"2022-09-16T08:33:18.622Z","@version":"1","message":"Sep 16 08:33:18 honeypot-sgp-1 sshd[24667]: Disconnected from invalid user numbonsouvr 59.162.182.20 port 42332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:34:33.656Z","@version":"1","message":"Sep 16 08:34:33 honeypot-sgp-1 sshd[24673]: Received disconnect from 52.163.248.162 port 43310:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:35:20 honeypot-ams-1 kernel: [84193902.280209] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.243.112.212 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=13488 PROTO=TCP SPT=56665 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:35:21.473Z"}
{"@timestamp":"2022-09-16T08:43:41.904Z","@version":"1","message":"Sep 16 08:43:41 honeypot-sgp-1 sshd[24681]: Received disconnect from 61.177.173.37 port 52974:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:45:47 honeypot-fra-1 kernel: [84192361.806583] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=44777 PROTO=TCP SPT=46149 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:45:47.885Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:46:32 honeypot-ams-1 kernel: [84194574.183146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=47215 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:46:32.757Z"}
{"@timestamp":"2022-09-16T08:50:26.073Z","@version":"1","message":"Sep 16 08:50:25 honeypot-sgp-1 sshd[24690]: Invalid user blank from 179.60.147.69 port 54802","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:51:34 honeypot-fra-1 sshd[21754]: Invalid user blank from 179.60.147.69 port 52622","@timestamp":"2022-09-16T08:51:35.019Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:53:48 honeypot-ams-1 sshd[31074]: Connection closed by invalid user blank 179.60.147.69 port 13912 [preauth]","@timestamp":"2022-09-16T08:53:48.952Z"}
{"@timestamp":"2022-09-16T08:57:17.245Z","@version":"1","message":"Sep 16 08:57:16 honeypot-sgp-1 kernel: [84194742.382088] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.166.87.67 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=15212 PROTO=TCP SPT=43584 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:59:13 honeypot-ams-1 kernel: [84195334.621619] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=65121 PROTO=TCP SPT=6431 DPT=80 WINDOW=20831 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:59:14.098Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:59:55 honeypot-fra-1 sshd[21757]: Disconnected from authenticating user root 157.245.98.161 port 47342 [preauth]","@timestamp":"2022-09-16T08:59:56.211Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:00:57.347Z","@version":"1","message":"Sep 16 09:00:56 honeypot-sgp-1 kernel: [84194962.978238] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=26083 PROTO=TCP SPT=58803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:02:55 honeypot-ams-1 sshd[31086]: Disconnected from invalid user web 124.82.111.218 port 59334 [preauth]","@timestamp":"2022-09-16T09:02:56.199Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:03:54 honeypot-ams-1 sshd[31091]: Received disconnect from 45.61.184.204 port 51900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T09:03:55.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:04 honeypot-ams-1 sshd[31095]: Disconnected from authenticating user root 92.255.85.69 port 44608 [preauth]","@timestamp":"2022-09-16T09:04:05.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:22 honeypot-ams-1 sshd[31099]: Disconnected from invalid user user 45.61.184.204 port 59344 [preauth]","@timestamp":"2022-09-16T09:04:23.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:40 honeypot-ams-1 sshd[31103]: Disconnected from invalid user user 45.61.184.204 port 54892 [preauth]","@timestamp":"2022-09-16T09:04:41.254Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:11:25 honeypot-fra-1 sshd[21763]: Received disconnect from 92.255.85.69 port 30540:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:11:26.472Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:13:03 honeypot-ams-1 kernel: [84196164.829178] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6183 PROTO=TCP SPT=58803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:13:03.474Z"}
{"@timestamp":"2022-09-16T09:15:36.709Z","@version":"1","message":"Sep 16 09:15:36 honeypot-sgp-1 sshd[24707]: Disconnected from authenticating user root 61.177.173.49 port 51826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:17:01.747Z","@version":"1","message":"Sep 16 09:17:01 honeypot-sgp-1 CRON[24713]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:19:09 honeypot-fra-1 sshd[21771]: Invalid user robbin.shahani from 43.154.190.157 port 46722","@timestamp":"2022-09-16T09:19:09.649Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:22:48 honeypot-fra-1 sshd[21774]: Disconnected from invalid user es 85.154.238.58 port 42342 [preauth]","@timestamp":"2022-09-16T09:22:49.731Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:22:51 honeypot-ams-1 sshd[31123]: Disconnected from authenticating user root 49.88.112.114 port 37582 [preauth]","@timestamp":"2022-09-16T09:22:51.724Z"}
{"@timestamp":"2022-09-16T09:26:51.988Z","@version":"1","message":"Sep 16 09:26:51 honeypot-sgp-1 sshd[24724]: Invalid user wksys from 112.25.135.51 port 38236","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:27:14 honeypot-ams-1 sshd[31130]: Received disconnect from 92.255.85.69 port 31386:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:27:14.841Z"}
{"@timestamp":"2022-09-16T09:30:07.071Z","@version":"1","message":"Sep 16 09:30:07 honeypot-sgp-1 sshd[24728]: Disconnected from authenticating user root 143.244.137.54 port 39336 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:31:42 honeypot-fra-1 sshd[21783]: Received disconnect from 218.92.0.200 port 22715:11:  [preauth]","@timestamp":"2022-09-16T09:31:42.938Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:31:50.117Z","@version":"1","message":"Sep 16 09:31:49 honeypot-sgp-1 sshd[24735]: Invalid user user from 45.61.186.169 port 54564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:31:56 honeypot-ams-1 kernel: [84197298.125544] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.209.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20888 PROTO=TCP SPT=20815 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:31:56.964Z"}
{"@timestamp":"2022-09-16T09:31:59.123Z","@version":"1","message":"Sep 16 09:31:58 honeypot-sgp-1 sshd[24738]: Received disconnect from 45.61.186.169 port 37666:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:15.131Z","@version":"1","message":"Sep 16 09:32:15 honeypot-sgp-1 sshd[24742]: Received disconnect from 45.61.186.169 port 60324:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:31.139Z","@version":"1","message":"Sep 16 09:32:30 honeypot-sgp-1 sshd[24746]: Received disconnect from 45.61.186.169 port 54758:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:34:46.196Z","@version":"1","message":"Sep 16 09:34:45 honeypot-sgp-1 kernel: [84196991.737085] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=36205 PROTO=TCP SPT=40602 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:34:51 honeypot-fra-1 sshd[21788]: Invalid user odoo from 92.255.85.69 port 36492","@timestamp":"2022-09-16T09:34:52.014Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:36:39 honeypot-ams-1 sshd[31139]: Disconnected from authenticating user root 61.177.173.39 port 58587 [preauth]","@timestamp":"2022-09-16T09:36:40.087Z"}
{"@timestamp":"2022-09-16T09:40:04.330Z","@version":"1","message":"Sep 16 09:40:04 honeypot-sgp-1 sshd[24757]: Received disconnect from 45.61.186.49 port 53540:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:40:13.335Z","@version":"1","message":"Sep 16 09:40:12 honeypot-sgp-1 sshd[24761]: Received disconnect from 45.61.186.49 port 36704:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:41:33 honeypot-fra-1 sshd[21791]: Received disconnect from 218.92.0.200 port 11188:11:  [preauth]","@timestamp":"2022-09-16T09:41:33.169Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:42:50 honeypot-ams-1 kernel: [84197951.898917] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=27.220.173.69 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=31204 PROTO=TCP SPT=12006 DPT=443 WINDOW=60734 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:42:51.247Z"}
{"@timestamp":"2022-09-16T09:47:11.505Z","@version":"1","message":"Sep 16 09:47:11 honeypot-sgp-1 kernel: [84197737.297793] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=177.55.245.42 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=229 ID=3276 DF PROTO=TCP SPT=63535 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:49:42 honeypot-ams-1 sshd[31155]: Disconnected from authenticating user root 61.177.173.35 port 16888 [preauth]","@timestamp":"2022-09-16T09:49:43.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:53:50 honeypot-ams-1 sshd[31159]: Disconnected from authenticating user root 61.177.172.19 port 31568 [preauth]","@timestamp":"2022-09-16T09:53:51.541Z"}
{"@timestamp":"2022-09-16T09:55:20.708Z","@version":"1","message":"Sep 16 09:55:19 honeypot-sgp-1 kernel: [84198225.858361] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15212 PROTO=TCP SPT=38911 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:56:08 honeypot-ams-1 sshd[31166]: Disconnected from invalid user admin 180.250.115.121 port 35171 [preauth]","@timestamp":"2022-09-16T09:56:09.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:59:33 honeypot-fra-1 kernel: [84196787.967003] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=58505 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:59:34.590Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T10:01:14.877Z","@version":"1","message":"Sep 16 10:01:14 honeypot-sgp-1 sshd[24780]: Disconnected from 61.177.173.39 port 34519 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:01:44 honeypot-ams-1 sshd[31173]: Received disconnect from 13.67.201.190 port 56392:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:01:45.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:03:16 honeypot-fra-1 sshd[21798]: Received disconnect from 165.22.45.108 port 56442:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:03:16.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:03:25 honeypot-ams-1 sshd[31177]: Disconnected from invalid user dev 96.78.175.36 port 56018 [preauth]","@timestamp":"2022-09-16T10:03:25.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:04:35 honeypot-fra-1 sshd[21802]: Invalid user guest from 193.106.191.157 port 39528","@timestamp":"2022-09-16T10:04:35.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:06:51 honeypot-ams-1 kernel: [84199392.496334] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=27.9.248.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=5887 PROTO=TCP SPT=24346 DPT=443 WINDOW=14962 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:06:51.891Z"}
{"@timestamp":"2022-09-16T10:08:05.046Z","@version":"1","message":"Sep 16 10:08:04 honeypot-sgp-1 sshd[24787]: Received disconnect from 179.84.67.240 port 37533:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:44 honeypot-fra-1 sshd[21805]: Did not receive identification string from 137.184.77.246 port 41966","@timestamp":"2022-09-16T10:16:44.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21806]: Invalid user ubuntu from 137.184.77.246 port 41994","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21810]: Invalid user elasticsearch from 137.184.77.246 port 42058","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21831]: Invalid user mc from 137.184.77.246 port 42060","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21808]: Connection closed by authenticating user root 137.184.77.246 port 42070 [preauth]","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21822]: Connection closed by invalid user esuser 137.184.77.246 port 42066 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21820]: Connection closed by invalid user ftpuser 137.184.77.246 port 42044 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21826]: Connection closed by authenticating user root 137.184.77.246 port 42024 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21839]: Invalid user chia from 137.184.77.246 port 42050","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21836]: Connection closed by invalid user steam 137.184.77.246 port 42054 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:17:01 honeypot-fra-1 CRON[21875]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T10:17:02.000Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:17:01 honeypot-ams-1 CRON[31185]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T10:17:02.157Z"}
{"@timestamp":"2022-09-16T10:19:03.317Z","@version":"1","message":"Sep 16 10:19:02 honeypot-sgp-1 sshd[24793]: Received disconnect from 62.204.41.222 port 54470:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:24:42 honeypot-fra-1 kernel: [84198296.728580] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=34940 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:24:43.178Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:24:57 honeypot-ams-1 sshd[31190]: Disconnected from invalid user coke 165.227.196.229 port 58826 [preauth]","@timestamp":"2022-09-16T10:24:57.363Z"}
{"@timestamp":"2022-09-16T10:26:26.498Z","@version":"1","message":"Sep 16 10:26:26 honeypot-sgp-1 sshd[24798]: Received disconnect from 175.170.149.29 port 25593:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:30:13 honeypot-fra-1 sshd[21885]: Received disconnect from 187.188.206.106 port 47856:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:30:13.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:29 honeypot-fra-1 sshd[21893]: Invalid user deployer from 137.184.77.246 port 37902","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21896]: Invalid user user from 137.184.77.246 port 37826","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21911]: Invalid user steam from 137.184.77.246 port 37904","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21918]: Invalid user ts3 from 137.184.77.246 port 37872","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21912]: Connection closed by invalid user admin 137.184.77.246 port 37830 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21897]: Connection closed by authenticating user root 137.184.77.246 port 37848 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21898]: Connection closed by invalid user elasticsearch 137.184.77.246 port 37832 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21889]: Connection closed by authenticating user root 137.184.77.246 port 37900 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21895]: Connection closed by invalid user elasticsearch 137.184.77.246 port 37888 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:33:42 honeypot-ams-1 sshd[31196]: Did not receive identification string from 134.122.123.117 port 49526","@timestamp":"2022-09-16T10:33:42.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:34:34 honeypot-ams-1 sshd[31199]: Connection closed by invalid user user1 103.188.176.251 port 54078 [preauth]","@timestamp":"2022-09-16T10:34:35.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:36:15 honeypot-ams-1 sshd[31207]: Disconnected from authenticating user root 134.122.123.117 port 48774 [preauth]","@timestamp":"2022-09-16T10:36:15.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:37:21 honeypot-ams-1 sshd[31214]: Received disconnect from 134.122.123.117 port 45156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:37:21.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:38:26 honeypot-ams-1 sshd[31218]: Disconnected from authenticating user root 134.122.123.117 port 41540 [preauth]","@timestamp":"2022-09-16T10:38:26.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:38:37 honeypot-fra-1 sshd[21952]: Connection closed by invalid user user1 103.188.176.251 port 45400 [preauth]","@timestamp":"2022-09-16T10:38:38.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:39:13.807Z","@version":"1","message":"Sep 16 10:39:13 honeypot-sgp-1 sshd[24805]: Connection closed by invalid user test 179.60.147.69 port 45880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:39:32 honeypot-ams-1 sshd[31222]: Disconnected from invalid user git 134.122.123.117 port 38016 [preauth]","@timestamp":"2022-09-16T10:39:32.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:40:26 honeypot-fra-1 sshd[21959]: Received disconnect from 51.12.81.43 port 50212:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:40:27.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:40:38 honeypot-ams-1 sshd[31226]: Disconnected from invalid user oracle 134.122.123.117 port 34250 [preauth]","@timestamp":"2022-09-16T10:40:39.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:41:45 honeypot-ams-1 sshd[31230]: Received disconnect from 134.122.123.117 port 58856:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:41:45.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:42:33 honeypot-ams-1 sshd[31235]: Connection closed by invalid user test 179.60.147.69 port 38372 [preauth]","@timestamp":"2022-09-16T10:42:33.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:43:21 honeypot-ams-1 sshd[31239]: Disconnected from invalid user test 134.122.123.117 port 53398 [preauth]","@timestamp":"2022-09-16T10:43:22.895Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:44:26 honeypot-ams-1 sshd[31243]: Disconnected from invalid user demo 134.122.123.117 port 49794 [preauth]","@timestamp":"2022-09-16T10:44:26.924Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:45:30 honeypot-ams-1 sshd[31247]: Disconnected from invalid user jenkins 134.122.123.117 port 46148 [preauth]","@timestamp":"2022-09-16T10:45:30.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:46:36 honeypot-ams-1 sshd[31251]: Received disconnect from 134.122.123.117 port 42456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:46:36.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:47:42 honeypot-ams-1 sshd[31256]: Received disconnect from 134.122.123.117 port 38892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:47:43.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:48:48 honeypot-ams-1 sshd[31260]: Invalid user www from 134.122.123.117 port 35182","@timestamp":"2022-09-16T10:48:48.051Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:49:10 honeypot-fra-1 kernel: [84199764.879914] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54748 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:49:11.750Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:49:42 honeypot-ams-1 kernel: [84201963.713741] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18932 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:49:43.079Z"}
{"@timestamp":"2022-09-16T10:51:31.109Z","@version":"1","message":"Sep 16 10:51:30 honeypot-sgp-1 kernel: [84201596.524279] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=62688 PROTO=TCP SPT=42887 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:58:46 honeypot-ams-1 kernel: [84202507.916130] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.144.216 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13911 PROTO=TCP SPT=60000 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:58:47.313Z"}
{"@timestamp":"2022-09-16T10:59:10.299Z","@version":"1","message":"Sep 16 10:59:10 honeypot-sgp-1 kernel: [84202056.056204] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.163.44 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=18445 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:01:01 honeypot-fra-1 sshd[21968]: Connection closed by authenticating user root 141.98.10.158 port 33518 [preauth]","@timestamp":"2022-09-16T11:01:02.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:04:50.440Z","@version":"1","message":"Sep 16 11:04:49 honeypot-sgp-1 sshd[24818]: Disconnected from invalid user blueeyes 20.44.152.59 port 36338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:06:06 honeypot-ams-1 kernel: [84202947.473268] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.14.114.125 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=57920 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:06:06.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:07:54 honeypot-fra-1 sshd[21971]: Disconnected from authenticating user root 92.255.85.70 port 60738 [preauth]","@timestamp":"2022-09-16T11:07:55.174Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:15:19.693Z","@version":"1","message":"Sep 16 11:15:19 honeypot-sgp-1 sshd[24825]: Connection closed by authenticating user root 179.60.147.69 port 54294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:15:42 honeypot-ams-1 kernel: [84203523.680196] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=63832 PROTO=TCP SPT=46774 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:15:42.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:17:01 honeypot-fra-1 CRON[21976]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T11:17:02.383Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:20:00.807Z","@version":"1","message":"Sep 16 11:20:00 honeypot-sgp-1 kernel: [84203306.063162] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.80 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=34 ID=21312 PROTO=TCP SPT=4586 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:23:26 honeypot-ams-1 kernel: [84203987.653621] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.189.199.86 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=45252 PROTO=TCP SPT=27754 DPT=80 WINDOW=13369 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:23:26.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:27:23 honeypot-fra-1 sshd[21983]: Received disconnect from 190.128.230.98 port 59204:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:27:24.622Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:28:38 honeypot-ams-1 sshd[31286]: Received disconnect from 161.82.233.183 port 45902:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:28:39.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:29:43 honeypot-fra-1 sshd[21988]: Received disconnect from 159.65.127.239 port 54092:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:29:43.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:31:08 honeypot-fra-1 sshd[21992]: Received disconnect from 92.255.85.70 port 25188:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:31:08.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:32:12.103Z","@version":"1","message":"Sep 16 11:32:11 honeypot-sgp-1 kernel: [84204037.163064] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58422 PROTO=TCP SPT=25946 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:32:32 honeypot-ams-1 kernel: [84204534.132232] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.169.113.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=18549 PROTO=TCP SPT=47916 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:32:33.213Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:35:40 honeypot-fra-1 sshd[21997]: Received disconnect from 91.240.118.222 port 59838:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-16T11:35:40.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:40:44.312Z","@version":"1","message":"Sep 16 11:40:44 honeypot-sgp-1 kernel: [84204550.089050] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=58269 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:41:49 honeypot-fra-1 sshd[22000]: Disconnected from invalid user cecil 113.200.81.41 port 2411 [preauth]","@timestamp":"2022-09-16T11:41:49.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:42:09 honeypot-ams-1 sshd[31366]: Received disconnect from 61.80.56.252 port 44782:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:42:09.473Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:50:09 honeypot-ams-1 kernel: [84205590.647362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=59701 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:50:09.694Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:24 honeypot-fra-1 sshd[22004]: Invalid user user from 45.61.186.169 port 59428","@timestamp":"2022-09-16T11:51:25.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:41 honeypot-fra-1 sshd[22008]: Invalid user user from 45.61.186.169 port 54176","@timestamp":"2022-09-16T11:51:42.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:50 honeypot-fra-1 sshd[22010]: Disconnected from invalid user user 45.61.186.169 port 37488 [preauth]","@timestamp":"2022-09-16T11:51:50.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:52:06 honeypot-fra-1 sshd[22014]: Disconnected from invalid user user 45.61.186.169 port 60410 [preauth]","@timestamp":"2022-09-16T11:52:07.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:54:59 honeypot-fra-1 sshd[22021]: Received disconnect from 92.255.85.69 port 43322:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:55:00.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:55:31.667Z","@version":"1","message":"Sep 16 11:55:30 honeypot-sgp-1 sshd[24846]: Received disconnect from 134.209.153.189 port 48532:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:56:23 honeypot-ams-1 kernel: [84205965.281535] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=42961 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:56:24.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:57:31 honeypot-fra-1 sshd[22025]: Disconnected from invalid user levina 165.22.45.108 port 38462 [preauth]","@timestamp":"2022-09-16T11:57:32.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:01:29.816Z","@version":"1","message":"Sep 16 12:01:28 honeypot-sgp-1 sshd[24849]: Received disconnect from 159.65.43.192 port 54194:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:04:00.875Z","@version":"1","message":"Sep 16 12:04:00 honeypot-sgp-1 sshd[24854]: Disconnected from invalid user dq 20.230.177.106 port 48430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:04:20 honeypot-fra-1 kernel: [84204274.288361] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47460 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:04:20.495Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:06:00 honeypot-fra-1 sshd[22035]: Connection closed by invalid user admin 159.203.178.0 port 48134 [preauth]","@timestamp":"2022-09-16T12:06:01.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:12 honeypot-ams-1 sshd[31376]: Received disconnect from 45.61.187.160 port 56184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T12:06:13.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:33 honeypot-ams-1 sshd[31380]: Received disconnect from 45.61.187.160 port 50178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T12:06:34.142Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:52 honeypot-ams-1 sshd[31384]: Received disconnect from 45.61.187.160 port 44156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T12:06:53.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:07:09 honeypot-ams-1 sshd[31388]: Received disconnect from 45.61.187.160 port 38150:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T12:07:10.160Z"}
{"@timestamp":"2022-09-16T12:08:39.987Z","@version":"1","message":"Sep 16 12:08:39 honeypot-sgp-1 sshd[24859]: Disconnected from invalid user apache 207.154.229.107 port 43372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:10:58.048Z","@version":"1","message":"Sep 16 12:10:57 honeypot-sgp-1 sshd[24865]: Received disconnect from 45.126.184.170 port 45806:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:17:01 honeypot-ams-1 CRON[31394]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T12:17:02.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:17:01 honeypot-fra-1 CRON[22040]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T12:17:02.788Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:18:19.225Z","@version":"1","message":"Sep 16 12:18:18 honeypot-sgp-1 kernel: [84206804.755736] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.118.55.90 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=34820 DF PROTO=TCP SPT=63684 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:19:33 honeypot-ams-1 sshd[31399]: Invalid user fafuli from 45.119.215.150 port 39056","@timestamp":"2022-09-16T12:19:33.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:19:48 honeypot-fra-1 sshd[22048]: Invalid user adrianus from 174.138.28.154 port 39218","@timestamp":"2022-09-16T12:19:48.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:23:19 honeypot-ams-1 sshd[31402]: Disconnected from invalid user kumar 103.27.236.73 port 52216 [preauth]","@timestamp":"2022-09-16T12:23:20.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:23:33 honeypot-fra-1 sshd[22050]: Disconnected from invalid user danielo 165.227.166.247 port 44602 [preauth]","@timestamp":"2022-09-16T12:23:33.940Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:26:22.447Z","@version":"1","message":"Sep 16 12:26:22 honeypot-sgp-1 kernel: [84207288.229527] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=21355 PROTO=TCP SPT=49868 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:29:49 honeypot-fra-1 sshd[22055]: Received disconnect from 177.184.133.130 port 58132:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:29:50.082Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:31:46.580Z","@version":"1","message":"Sep 16 12:31:46 honeypot-sgp-1 sshd[24884]: Disconnected from authenticating user root 187.141.135.181 port 55252 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:33:09.616Z","@version":"1","message":"Sep 16 12:33:08 honeypot-sgp-1 sshd[24890]: Invalid user admin from 128.199.160.207 port 21312","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:33:13 honeypot-fra-1 sshd[22060]: Received disconnect from 104.248.251.225 port 45234:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:33:14.161Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:33:43 honeypot-ams-1 sshd[31405]: Invalid user test from 179.60.147.69 port 51470","@timestamp":"2022-09-16T12:33:43.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:34:42 honeypot-fra-1 sshd[22064]: Invalid user nagios from 43.134.240.234 port 34488","@timestamp":"2022-09-16T12:34:43.197Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:35:41.676Z","@version":"1","message":"Sep 16 12:35:41 honeypot-sgp-1 sshd[24897]: Received disconnect from 159.223.42.103 port 35026:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:37:15 honeypot-ams-1 sshd[31410]: Connection closed by invalid user guest 193.106.191.157 port 54306 [preauth]","@timestamp":"2022-09-16T12:37:15.962Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:41:09 honeypot-fra-1 kernel: [84206483.203122] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.118.55.90 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=24678 DF PROTO=TCP SPT=64737 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T12:41:10.344Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:45:57 honeypot-fra-1 kernel: [84206771.251496] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54520 PROTO=TCP SPT=45163 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:45:57.455Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:47:03.958Z","@version":"1","message":"Sep 16 12:47:02 honeypot-sgp-1 sshd[24902]: Disconnected from invalid user user 45.61.186.249 port 45176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:22.967Z","@version":"1","message":"Sep 16 12:47:22 honeypot-sgp-1 sshd[24906]: Disconnected from invalid user user 45.61.186.249 port 39304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:40.975Z","@version":"1","message":"Sep 16 12:47:40 honeypot-sgp-1 sshd[24910]: Disconnected from invalid user user 45.61.186.249 port 33442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:57.984Z","@version":"1","message":"Sep 16 12:47:57 honeypot-sgp-1 sshd[24914]: Received disconnect from 45.61.186.249 port 55802:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:53:23.119Z","@version":"1","message":"Sep 16 12:53:22 honeypot-sgp-1 kernel: [84208908.742112] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=3.92.87.63 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=48872 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:55:57 honeypot-fra-1 sshd[22079]: Invalid user lexx from 165.22.45.108 port 43606","@timestamp":"2022-09-16T12:55:58.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:58:07 honeypot-ams-1 sshd[31415]: Received disconnect from 92.255.85.69 port 52474:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:58:08.488Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:02:26 honeypot-fra-1 sshd[22082]: Disconnected from authenticating user root 197.5.145.87 port 52633 [preauth]","@timestamp":"2022-09-16T13:02:26.835Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22093]: Invalid user ftpuser from 57.128.11.39 port 57432","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22086]: Invalid user user from 57.128.11.39 port 57376","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22090]: Invalid user ms from 57.128.11.39 port 57442","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22101]: Invalid user testuser from 57.128.11.39 port 57368","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22101]: Connection closed by invalid user testuser 57.128.11.39 port 57368 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22104]: Connection closed by invalid user mc 57.128.11.39 port 57394 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22115]: Invalid user ubuntu from 57.128.11.39 port 57458","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22113]: Invalid user chia from 57.128.11.39 port 57422","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22113]: Connection closed by invalid user chia 57.128.11.39 port 57422 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:20 honeypot-fra-1 sshd[22151]: Received disconnect from 92.255.85.70 port 39948:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:05:20.904Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:06:06 honeypot-ams-1 kernel: [84210147.496213] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.20.104.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=5220 PROTO=TCP SPT=58601 DPT=80 WINDOW=7374 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:06:06.691Z"}
{"@timestamp":"2022-09-16T13:06:37.450Z","@version":"1","message":"Sep 16 13:06:37 honeypot-sgp-1 kernel: [84209703.123660] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=28144 PROTO=TCP SPT=56732 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:11:57.584Z","@version":"1","message":"Sep 16 13:11:57 honeypot-sgp-1 sshd[24927]: Invalid user sysroot from 92.255.85.70 port 59678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:17:01.712Z","@version":"1","message":"Sep 16 13:17:01 honeypot-sgp-1 CRON[24930]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:17:01 honeypot-fra-1 CRON[22159]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T13:17:02.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:19:14 honeypot-ams-1 kernel: [84210935.757299] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.155 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=62135 PROTO=TCP SPT=54483 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:19:15.024Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:20:58 honeypot-ams-1 sshd[31429]: Disconnected from invalid user mts 91.240.118.222 port 27492 [preauth]","@timestamp":"2022-09-16T13:20:59.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:21:54 honeypot-fra-1 sshd[22163]: Disconnected from invalid user wilmerding 185.126.8.102 port 51344 [preauth]","@timestamp":"2022-09-16T13:21:55.298Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:26:30.948Z","@version":"1","message":"Sep 16 13:26:30 honeypot-sgp-1 sshd[24936]: Disconnected from authenticating user root 75.188.17.172 port 39704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:28:52 honeypot-ams-1 kernel: [84211513.654983] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.236.174.101 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64619 PROTO=TCP SPT=65020 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:28:53.277Z"}
{"@timestamp":"2022-09-16T13:30:30.050Z","@version":"1","message":"Sep 16 13:30:29 honeypot-sgp-1 sshd[24944]: Received disconnect from 193.142.146.50 port 58088:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:30:44 honeypot-ams-1 sshd[31437]: Disconnected from invalid user student 203.218.247.74 port 52102 [preauth]","@timestamp":"2022-09-16T13:30:45.326Z"}
{"@timestamp":"2022-09-16T13:32:06.094Z","@version":"1","message":"Sep 16 13:32:06 honeypot-sgp-1 sshd[24948]: Received disconnect from 193.142.146.50 port 48118:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:32:25 honeypot-ams-1 sshd[31443]: Received disconnect from 128.199.1.140 port 41696:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:32:26.372Z"}
{"@timestamp":"2022-09-16T13:34:22.171Z","@version":"1","message":"Sep 16 13:34:21 honeypot-sgp-1 sshd[24954]: Received disconnect from 193.142.146.50 port 56412:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:35:48.208Z","@version":"1","message":"Sep 16 13:35:47 honeypot-sgp-1 sshd[24959]: Disconnected from invalid user remote 92.255.85.70 port 45166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:43:57 honeypot-ams-1 kernel: [84212418.463110] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=14.21.203.146 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24876 DF PROTO=TCP SPT=54304 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:43:57.666Z"}
{"@timestamp":"2022-09-16T13:44:10.444Z","@version":"1","message":"Sep 16 13:44:10 honeypot-sgp-1 sshd[24964]: Connection closed by invalid user guest 179.60.147.69 port 21242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:45:20 honeypot-fra-1 sshd[22171]: Connection closed by invalid user guest 179.60.147.69 port 55092 [preauth]","@timestamp":"2022-09-16T13:45:20.827Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:45:29 honeypot-ams-1 sshd[31449]: Disconnected from authenticating user root 208.109.34.15 port 43624 [preauth]","@timestamp":"2022-09-16T13:45:29.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:51:32 honeypot-ams-1 sshd[31454]: Received disconnect from 190.145.12.233 port 39782:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:51:32.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:52:09 honeypot-fra-1 sshd[22174]: Received disconnect from 92.255.85.70 port 55650:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:52:09.984Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:53:04.676Z","@version":"1","message":"Sep 16 13:53:03 honeypot-sgp-1 kernel: [84212489.625471] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.109.190 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=28 ID=40087 PROTO=TCP SPT=33512 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:53:56 honeypot-ams-1 kernel: [84213017.531833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=54.37.163.160 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=30829 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:53:56.932Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:54:30 honeypot-fra-1 kernel: [84210883.690908] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=7642 PROTO=TCP SPT=47699 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:54:31.041Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:55:35 honeypot-ams-1 sshd[31464]: Invalid user pi from 73.173.30.173 port 58118","@timestamp":"2022-09-16T13:55:35.983Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:58:18 honeypot-ams-1 sshd[31468]: Invalid user cocoon from 140.238.167.51 port 52056","@timestamp":"2022-09-16T13:58:19.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:59:30 honeypot-ams-1 sshd[31473]: Received disconnect from 106.215.82.197 port 15860:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:59:31.093Z"}
{"@timestamp":"2022-09-16T14:00:01.847Z","@version":"1","message":"Sep 16 14:00:01 honeypot-sgp-1 kernel: [84212906.967951] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.218.241.151 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x60 TTL=47 ID=5986 DF PROTO=TCP SPT=45197 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:00:23 honeypot-fra-1 sshd[22183]: Invalid user osanna from 59.26.216.102 port 48964","@timestamp":"2022-09-16T14:00:23.173Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:02:13 honeypot-ams-1 kernel: [84213515.151823] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.155.79.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=30190 PROTO=TCP SPT=50291 DPT=80 WINDOW=65055 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:02:14.165Z"}
{"@timestamp":"2022-09-16T14:02:15.909Z","@version":"1","message":"Sep 16 14:02:15 honeypot-sgp-1 sshd[24976]: Connection closed by authenticating user root 137.116.144.39 port 45608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:28.916Z","@version":"1","message":"Sep 16 14:02:28 honeypot-sgp-1 sshd[24980]: Disconnected from invalid user user 45.61.184.204 port 35476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:47.926Z","@version":"1","message":"Sep 16 14:02:47 honeypot-sgp-1 sshd[24984]: Disconnected from invalid user user 45.61.184.204 port 58538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:03:04.935Z","@version":"1","message":"Sep 16 14:03:04 honeypot-sgp-1 sshd[24988]: Disconnected from invalid user user 45.61.184.204 port 53404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:05:34 honeypot-ams-1 sshd[31482]: Invalid user blank from 81.1.219.10 port 50640","@timestamp":"2022-09-16T14:05:35.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:05:47 honeypot-fra-1 sshd[22255]: Received disconnect from 20.40.73.192 port 46674:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:05:48.295Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:09:02 honeypot-ams-1 sshd[31486]: Received disconnect from 79.225.75.199 port 53484:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:09:03.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:15:24 honeypot-fra-1 sshd[22263]: Received disconnect from 92.255.85.69 port 17186:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:15:24.513Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:15:36 honeypot-ams-1 kernel: [84214317.391119] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39807 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:15:36.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:18:04 honeypot-fra-1 kernel: [84212297.743916] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.110.203.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=57588 PROTO=TCP SPT=57785 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:18:04.578Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T14:20:30.388Z","@version":"1","message":"Sep 16 14:20:29 honeypot-sgp-1 sshd[25431]: Invalid user centos from 179.60.147.69 port 42182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:23:50 honeypot-ams-1 sshd[31498]: Invalid user centos from 179.60.147.69 port 65096","@timestamp":"2022-09-16T14:23:50.723Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:24:36 honeypot-fra-1 sshd[22274]: Received disconnect from 103.45.69.246 port 55712:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:24:36.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:30:59 honeypot-ams-1 kernel: [84215241.079330] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57211 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:30:59.920Z"}
{"@timestamp":"2022-09-16T14:32:48.700Z","@version":"1","message":"Sep 16 14:32:48 honeypot-sgp-1 kernel: [84214874.274854] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.200.118.90 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=55003 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:35:14 honeypot-fra-1 kernel: [84213327.968900] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.195.116.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18111 PROTO=TCP SPT=55796 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:35:14.985Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T14:45:42.019Z","@version":"1","message":"Sep 16 14:45:41 honeypot-sgp-1 sshd[25440]: Disconnected from authenticating user root 92.255.85.70 port 18668 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:47:37 honeypot-ams-1 sshd[31509]: Invalid user pi from 92.89.85.54 port 47030","@timestamp":"2022-09-16T14:47:38.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:48:45 honeypot-fra-1 sshd[22284]: Invalid user admin from 167.99.236.74 port 50352","@timestamp":"2022-09-16T14:48:46.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:49:10 honeypot-ams-1 sshd[31514]: Connection closed by invalid user guest 193.106.191.157 port 56240 [preauth]","@timestamp":"2022-09-16T14:49:11.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:53:27 honeypot-fra-1 sshd[22290]: Invalid user lfz from 165.22.45.108 port 53896","@timestamp":"2022-09-16T14:53:27.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:57:50 honeypot-fra-1 kernel: [84214684.308851] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=4044 PROTO=TCP SPT=61004 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:57:51.530Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T14:59:09.364Z","@version":"1","message":"Sep 16 14:59:08 honeypot-sgp-1 sshd[25447]: Connection closed by invalid user admin 157.230.47.155 port 57096 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:59:09.364Z","@version":"1","message":"Sep 16 14:59:08 honeypot-sgp-1 sshd[25453]: Connection closed by invalid user admin 157.230.47.155 port 57118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:04:41.503Z","@version":"1","message":"Sep 16 15:04:40 honeypot-sgp-1 sshd[25458]: Received disconnect from 111.67.197.134 port 43248:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:06:39 honeypot-ams-1 kernel: [84217380.642046] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=34534 PROTO=TCP SPT=40483 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:06:39.850Z"}
{"@timestamp":"2022-09-16T15:09:33.625Z","@version":"1","message":"Sep 16 15:09:33 honeypot-sgp-1 sshd[25463]: Received disconnect from 92.255.85.70 port 60150:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:10:48 honeypot-fra-1 kernel: [84215462.241664] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:10:48.821Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:11:56.687Z","@version":"1","message":"Sep 16 15:11:56 honeypot-sgp-1 sshd[25467]: Disconnecting invalid user admin 31.184.198.71 port 33091: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:21.700Z","@version":"1","message":"Sep 16 15:12:21 honeypot-sgp-1 sshd[25473]: Disconnecting invalid user admin 31.184.198.71 port 9705: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:48.713Z","@version":"1","message":"Sep 16 15:12:48 honeypot-sgp-1 sshd[25479]: Disconnecting invalid user aerohive 31.184.198.71 port 41408: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:16.727Z","@version":"1","message":"Sep 16 15:13:16 honeypot-sgp-1 sshd[25485]: Disconnecting invalid user private 31.184.198.71 port 19229: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:44.742Z","@version":"1","message":"Sep 16 15:13:44 honeypot-sgp-1 sshd[25493]: Invalid user araknis from 31.184.198.71 port 61113","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:09.755Z","@version":"1","message":"Sep 16 15:14:09 honeypot-sgp-1 sshd[25499]: Disconnecting authenticating user root 31.184.198.71 port 10460: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:14:34 honeypot-fra-1 sshd[22300]: Disconnected from 159.223.172.195 port 36076 [preauth]","@timestamp":"2022-09-16T15:14:34.905Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:14:39.771Z","@version":"1","message":"Sep 16 15:14:39 honeypot-sgp-1 sshd[25506]: Disconnecting invalid user admin 31.184.198.71 port 41919: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:15.788Z","@version":"1","message":"Sep 16 15:15:14 honeypot-sgp-1 sshd[25514]: Invalid user  from 31.184.198.71 port 16995","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:15:24 honeypot-ams-1 sshd[31526]: Received disconnect from 190.226.244.9 port 35548:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:15:25.076Z"}
{"@timestamp":"2022-09-16T15:15:48.805Z","@version":"1","message":"Sep 16 15:15:48 honeypot-sgp-1 sshd[25520]: Invalid user admin from 31.184.198.71 port 16090","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:17.823Z","@version":"1","message":"Sep 16 15:16:17 honeypot-sgp-1 sshd[25526]: Disconnecting invalid user Administrator 31.184.198.71 port 53026: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:46.837Z","@version":"1","message":"Sep 16 15:16:46 honeypot-sgp-1 sshd[25532]: Disconnecting invalid user sti.admin5 31.184.198.71 port 48724: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:01.845Z","@version":"1","message":"Sep 16 15:17:01 honeypot-sgp-1 CRON[25540]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:20.856Z","@version":"1","message":"Sep 16 15:17:20 honeypot-sgp-1 sshd[25545]: Invalid user  from 31.184.198.71 port 51214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:48.869Z","@version":"1","message":"Sep 16 15:17:48 honeypot-sgp-1 sshd[25551]: Disconnecting invalid user admin 31.184.198.71 port 60244: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:18:15.883Z","@version":"1","message":"Sep 16 15:18:15 honeypot-sgp-1 sshd[25557]: Disconnecting invalid user cusadmin 31.184.198.71 port 20260: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:18:45 honeypot-ams-1 sshd[31532]: Disconnected from authenticating user root 147.182.180.116 port 49536 [preauth]","@timestamp":"2022-09-16T15:18:46.165Z"}
{"@timestamp":"2022-09-16T15:18:49.901Z","@version":"1","message":"Sep 16 15:18:49 honeypot-sgp-1 sshd[25563]: Disconnecting invalid user lgnortel 31.184.198.71 port 28215: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:19.916Z","@version":"1","message":"Sep 16 15:19:19 honeypot-sgp-1 sshd[25569]: Disconnecting invalid user admin 31.184.198.71 port 1192: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:40.927Z","@version":"1","message":"Sep 16 15:19:40 honeypot-sgp-1 sshd[25575]: Disconnecting invalid user matrix 31.184.198.71 port 43996: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:10.942Z","@version":"1","message":"Sep 16 15:20:10 honeypot-sgp-1 sshd[25582]: Disconnecting invalid user motorola 31.184.198.71 port 7091: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:37.956Z","@version":"1","message":"Sep 16 15:20:37 honeypot-sgp-1 sshd[25590]: Invalid user admin from 31.184.198.71 port 17278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:01.968Z","@version":"1","message":"Sep 16 15:21:01 honeypot-sgp-1 sshd[25596]: Invalid user admin from 31.184.198.71 port 44122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:25.980Z","@version":"1","message":"Sep 16 15:21:25 honeypot-sgp-1 sshd[25602]: Invalid user Shiko from 31.184.198.71 port 11594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:52.995Z","@version":"1","message":"Sep 16 15:21:52 honeypot-sgp-1 sshd[25608]: Invalid user smcadmin from 31.184.198.71 port 46623","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:22:06 honeypot-fra-1 sshd[22313]: Invalid user pi from 188.2.132.158 port 43676","@timestamp":"2022-09-16T15:22:07.080Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:22:25.011Z","@version":"1","message":"Sep 16 15:22:24 honeypot-sgp-1 sshd[25614]: Invalid user highspeed from 31.184.198.71 port 52658","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:51.024Z","@version":"1","message":"Sep 16 15:22:50 honeypot-sgp-1 sshd[25620]: Invalid user  from 31.184.198.71 port 49330","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:17.037Z","@version":"1","message":"Sep 16 15:23:16 honeypot-sgp-1 sshd[25626]: Invalid user public from 31.184.198.71 port 32413","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:44.051Z","@version":"1","message":"Sep 16 15:23:43 honeypot-sgp-1 sshd[25632]: Disconnecting authenticating user root 31.184.198.71 port 28683: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:14.066Z","@version":"1","message":"Sep 16 15:24:13 honeypot-sgp-1 sshd[25638]: Disconnecting invalid user amdin 31.184.198.71 port 7021: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:44.082Z","@version":"1","message":"Sep 16 15:24:43 honeypot-sgp-1 sshd[25644]: Disconnecting invalid user admin 31.184.198.71 port 25610: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:14.097Z","@version":"1","message":"Sep 16 15:25:13 honeypot-sgp-1 sshd[25651]: Disconnecting invalid user admin 31.184.198.71 port 32895: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:44.113Z","@version":"1","message":"Sep 16 15:25:43 honeypot-sgp-1 sshd[25657]: Disconnecting invalid user 1admin0 31.184.198.71 port 58997: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:27:02 honeypot-fra-1 sshd[22318]: Did not receive identification string from 45.61.187.160 port 51472","@timestamp":"2022-09-16T15:27:03.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:27:55 honeypot-fra-1 sshd[22322]: Disconnected from invalid user user 45.61.187.160 port 54348 [preauth]","@timestamp":"2022-09-16T15:27:56.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:19 honeypot-fra-1 sshd[22326]: Disconnected from invalid user user 45.61.187.160 port 48712 [preauth]","@timestamp":"2022-09-16T15:28:20.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:36 honeypot-fra-1 sshd[22330]: Received disconnect from 45.61.187.160 port 43080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T15:28:37.227Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:33:01.291Z","@version":"1","message":"Sep 16 15:33:01 honeypot-sgp-1 sshd[25664]: Connection closed by invalid user debian 179.60.147.69 port 41776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:33:46 honeypot-ams-1 sshd[31538]: Invalid user zookeeper from 103.188.176.251 port 51794","@timestamp":"2022-09-16T15:33:46.541Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:34:09 honeypot-fra-1 sshd[22338]: Invalid user debian from 179.60.147.69 port 62684","@timestamp":"2022-09-16T15:34:10.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22348]: Invalid user oracle from 139.59.152.202 port 36130","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22347]: Invalid user ubuntu from 139.59.152.202 port 36126","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22346]: Invalid user steam from 139.59.152.202 port 36124","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22367]: Invalid user ubuntu from 139.59.152.202 port 36180","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22355]: Connection closed by invalid user admin 139.59.152.202 port 36140 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22349]: Connection closed by invalid user chia 139.59.152.202 port 36132 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22359]: Connection closed by authenticating user root 139.59.152.202 port 36150 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22350]: Connection closed by invalid user cloud 139.59.152.202 port 36136 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22370]: Connection closed by invalid user test 139.59.152.202 port 36190 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:40:49 honeypot-ams-1 kernel: [84219430.643203] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.153 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=60361 PROTO=TCP SPT=54183 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:40:49.725Z"}
{"@timestamp":"2022-09-16T15:41:38.520Z","@version":"1","message":"Sep 16 15:41:38 honeypot-sgp-1 sshd[25667]: Received disconnect from 79.225.75.199 port 40288:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:15 honeypot-ams-1 sshd[31547]: Invalid user ubnt from 60.181.19.237 port 21542","@timestamp":"2022-09-16T15:42:15.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:20 honeypot-ams-1 sshd[31551]: Disconnected from authenticating user root 60.181.19.237 port 21685 [preauth]","@timestamp":"2022-09-16T15:42:20.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:28 honeypot-ams-1 sshd[31557]: Disconnected from authenticating user root 60.181.19.237 port 21868 [preauth]","@timestamp":"2022-09-16T15:42:28.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:32 honeypot-ams-1 sshd[31563]: Disconnected from authenticating user root 60.181.19.237 port 22007 [preauth]","@timestamp":"2022-09-16T15:42:32.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:39 honeypot-ams-1 sshd[31569]: Disconnected from authenticating user root 60.181.19.237 port 22198 [preauth]","@timestamp":"2022-09-16T15:42:39.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:46 honeypot-ams-1 sshd[31575]: Received disconnect from 60.181.19.237 port 22384:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:46.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:53 honeypot-ams-1 sshd[31581]: Received disconnect from 60.181.19.237 port 22561:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:53.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:59 honeypot-ams-1 sshd[31587]: Received disconnect from 60.181.19.237 port 22753:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:00.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:06 honeypot-ams-1 sshd[31593]: Received disconnect from 60.181.19.237 port 22931:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:06.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:13 honeypot-ams-1 sshd[31599]: Received disconnect from 60.181.19.237 port 22812:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:14.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:21 honeypot-ams-1 sshd[31605]: Received disconnect from 60.181.19.237 port 23330:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:21.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:28 honeypot-ams-1 sshd[31611]: Received disconnect from 60.181.19.237 port 23449:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:28.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:35 honeypot-ams-1 sshd[31617]: Invalid user admin from 60.181.19.237 port 23718","@timestamp":"2022-09-16T15:43:35.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:39 honeypot-ams-1 sshd[31621]: Invalid user admin from 60.181.19.237 port 23848","@timestamp":"2022-09-16T15:43:39.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:44 honeypot-ams-1 sshd[31625]: Invalid user admin from 60.181.19.237 port 23957","@timestamp":"2022-09-16T15:43:44.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:49 honeypot-ams-1 sshd[31629]: Invalid user admin from 60.181.19.237 port 23994","@timestamp":"2022-09-16T15:43:49.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:53 honeypot-ams-1 sshd[31633]: Invalid user admin from 60.181.19.237 port 24814","@timestamp":"2022-09-16T15:43:53.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:57 honeypot-ams-1 sshd[31637]: Invalid user user from 60.181.19.237 port 24944","@timestamp":"2022-09-16T15:43:57.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:02 honeypot-ams-1 sshd[31641]: Disconnected from authenticating user root 60.181.19.237 port 25064 [preauth]","@timestamp":"2022-09-16T15:44:02.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:07 honeypot-ams-1 sshd[31645]: Disconnected from invalid user pi 60.181.19.237 port 25589 [preauth]","@timestamp":"2022-09-16T15:44:07.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:12 honeypot-ams-1 sshd[31649]: Disconnected from invalid user ethos 60.181.19.237 port 21634 [preauth]","@timestamp":"2022-09-16T15:44:13.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:18 honeypot-ams-1 sshd[31653]: Disconnected from invalid user miner 60.181.19.237 port 21852 [preauth]","@timestamp":"2022-09-16T15:44:18.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:22 honeypot-ams-1 sshd[31657]: Disconnected from invalid user volumio 60.181.19.237 port 21995 [preauth]","@timestamp":"2022-09-16T15:44:22.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:27 honeypot-ams-1 sshd[31662]: Disconnected from invalid user nagios 60.181.19.237 port 22112 [preauth]","@timestamp":"2022-09-16T15:44:27.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:33 honeypot-ams-1 sshd[31666]: Disconnected from invalid user vagrant 60.181.19.237 port 22404 [preauth]","@timestamp":"2022-09-16T15:44:33.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:38 honeypot-ams-1 sshd[31670]: Disconnected from invalid user debian 60.181.19.237 port 22696 [preauth]","@timestamp":"2022-09-16T15:44:38.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:44 honeypot-ams-1 sshd[31674]: Disconnected from invalid user debian 60.181.19.237 port 22834 [preauth]","@timestamp":"2022-09-16T15:44:44.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:49 honeypot-ams-1 sshd[31678]: Disconnected from invalid user alarm 60.181.19.237 port 23028 [preauth]","@timestamp":"2022-09-16T15:44:49.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:53 honeypot-ams-1 sshd[31682]: Disconnected from invalid user test 60.181.19.237 port 23175 [preauth]","@timestamp":"2022-09-16T15:44:53.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:58 honeypot-ams-1 sshd[31686]: Disconnected from invalid user cirros 60.181.19.237 port 23314 [preauth]","@timestamp":"2022-09-16T15:44:58.893Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:45:13 honeypot-fra-1 kernel: [84217527.368033] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=37809 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:45:14.611Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:52:53 honeypot-ams-1 sshd[31691]: Received disconnect from 189.126.202.121 port 57097:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:52:54.099Z"}
{"@timestamp":"2022-09-16T15:53:00.796Z","@version":"1","message":"Sep 16 15:53:00 honeypot-sgp-1 kernel: [84219685.862754] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=220.250.62.12 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=3645 DF PROTO=TCP SPT=57578 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:55:49 honeypot-fra-1 kernel: [84218162.944602] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=47.90.203.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=25958 PROTO=TCP SPT=43664 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:55:49.836Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:00:16 honeypot-ams-1 kernel: [84220598.228130] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5196 PROTO=TCP SPT=15962 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:00:17.290Z"}
{"@timestamp":"2022-09-16T16:00:58.991Z","@version":"1","message":"Sep 16 16:00:58 honeypot-sgp-1 sshd[25679]: Invalid user developer from 103.188.176.251 port 45788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:41.085Z","@version":"1","message":"Sep 16 16:04:40 honeypot-sgp-1 sshd[25686]: Invalid user user from 45.61.186.49 port 44288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:51.089Z","@version":"1","message":"Sep 16 16:04:50 honeypot-sgp-1 sshd[25690]: Invalid user user from 45.61.186.49 port 55672","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:09:28.204Z","@version":"1","message":"Sep 16 16:09:28 honeypot-sgp-1 sshd[25693]: Invalid user user from 179.60.147.69 port 29468","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:11:38 honeypot-fra-1 sshd[22412]: Received disconnect from 92.255.85.70 port 22120:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:11:39.198Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:12:50 honeypot-ams-1 sshd[31701]: Connection closed by invalid user user 179.60.147.69 port 15646 [preauth]","@timestamp":"2022-09-16T16:12:50.609Z"}
{"@timestamp":"2022-09-16T16:15:13.383Z","@version":"1","message":"Sep 16 16:15:12 honeypot-sgp-1 sshd[25698]: Disconnected from authenticating user root 123.21.36.204 port 35168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:17:38 honeypot-fra-1 kernel: [84219472.101896] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.143 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=41394 PROTO=TCP SPT=51777 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:17:39.335Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T16:18:09.457Z","@version":"1","message":"Sep 16 16:18:08 honeypot-sgp-1 sshd[25705]: Invalid user gabriel from 103.221.221.247 port 45590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:18:47.474Z","@version":"1","message":"Sep 16 16:18:46 honeypot-sgp-1 sshd[25709]: Invalid user adrian from 92.255.85.70 port 16112","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:21:02 honeypot-fra-1 kernel: [84219675.543426] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57555 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:21:02.415Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:34 honeypot-fra-1 sshd[22428]: Invalid user ubnt from 187.116.49.64 port 47063","@timestamp":"2022-09-16T16:24:35.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:39 honeypot-fra-1 sshd[22432]: Disconnected from authenticating user root 187.116.49.64 port 47065 [preauth]","@timestamp":"2022-09-16T16:24:39.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:45 honeypot-fra-1 sshd[22438]: Disconnected from authenticating user root 187.116.49.64 port 47068 [preauth]","@timestamp":"2022-09-16T16:24:46.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:52 honeypot-fra-1 sshd[22444]: Disconnected from authenticating user root 187.116.49.64 port 47071 [preauth]","@timestamp":"2022-09-16T16:24:52.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:58 honeypot-fra-1 sshd[22450]: Disconnected from authenticating user root 187.116.49.64 port 47074 [preauth]","@timestamp":"2022-09-16T16:24:59.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:04 honeypot-fra-1 sshd[22456]: Disconnected from authenticating user root 187.116.49.64 port 47077 [preauth]","@timestamp":"2022-09-16T16:25:05.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:11 honeypot-fra-1 sshd[22462]: Disconnected from authenticating user root 187.116.49.64 port 47080 [preauth]","@timestamp":"2022-09-16T16:25:12.518Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:17 honeypot-fra-1 sshd[22468]: Disconnected from authenticating user root 187.116.49.64 port 47083 [preauth]","@timestamp":"2022-09-16T16:25:18.522Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:24 honeypot-fra-1 sshd[22474]: Disconnected from authenticating user root 187.116.49.64 port 47086 [preauth]","@timestamp":"2022-09-16T16:25:24.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:31 honeypot-fra-1 sshd[22480]: Disconnected from authenticating user root 187.116.49.64 port 47089 [preauth]","@timestamp":"2022-09-16T16:25:31.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:37 honeypot-fra-1 sshd[22486]: Disconnected from authenticating user root 187.116.49.64 port 47092 [preauth]","@timestamp":"2022-09-16T16:25:38.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:44 honeypot-fra-1 sshd[22492]: Disconnected from authenticating user root 187.116.49.64 port 47095 [preauth]","@timestamp":"2022-09-16T16:25:44.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:50 honeypot-fra-1 sshd[22498]: Invalid user admin from 187.116.49.64 port 47098","@timestamp":"2022-09-16T16:25:51.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:54 honeypot-fra-1 sshd[22502]: Invalid user admin from 187.116.49.64 port 47100","@timestamp":"2022-09-16T16:25:55.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:59 honeypot-fra-1 sshd[22506]: Invalid user admin from 187.116.49.64 port 47102","@timestamp":"2022-09-16T16:25:59.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:03 honeypot-fra-1 sshd[22510]: Invalid user admin from 187.116.49.64 port 47104","@timestamp":"2022-09-16T16:26:03.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:07 honeypot-fra-1 sshd[22514]: Invalid user admin from 187.116.49.64 port 47106","@timestamp":"2022-09-16T16:26:07.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:12 honeypot-fra-1 sshd[22518]: Received disconnect from 187.116.49.64 port 47108:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:12.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:16 honeypot-fra-1 sshd[22522]: Disconnected from invalid user pi 187.116.49.64 port 47110 [preauth]","@timestamp":"2022-09-16T16:26:16.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:20 honeypot-fra-1 sshd[22526]: Disconnected from invalid user user 187.116.49.64 port 47112 [preauth]","@timestamp":"2022-09-16T16:26:20.609Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:25 honeypot-fra-1 sshd[22530]: Disconnected from invalid user mine 187.116.49.64 port 47114 [preauth]","@timestamp":"2022-09-16T16:26:25.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:29 honeypot-fra-1 sshd[22534]: Disconnected from invalid user xbmc 187.116.49.64 port 47116 [preauth]","@timestamp":"2022-09-16T16:26:29.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:33 honeypot-fra-1 sshd[22538]: Disconnected from invalid user oracle 187.116.49.64 port 47061 [preauth]","@timestamp":"2022-09-16T16:26:34.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:38 honeypot-fra-1 sshd[22542]: Disconnected from invalid user postgres 187.116.49.64 port 47063 [preauth]","@timestamp":"2022-09-16T16:26:38.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:42 honeypot-fra-1 sshd[22546]: Disconnected from invalid user support 187.116.49.64 port 47065 [preauth]","@timestamp":"2022-09-16T16:26:42.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:46 honeypot-fra-1 sshd[22550]: Disconnected from invalid user ubuntu 187.116.49.64 port 47067 [preauth]","@timestamp":"2022-09-16T16:26:47.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:51 honeypot-fra-1 sshd[22554]: Disconnected from invalid user ubuntu 187.116.49.64 port 47069 [preauth]","@timestamp":"2022-09-16T16:26:51.626Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:55 honeypot-fra-1 sshd[22558]: Disconnected from invalid user guest 187.116.49.64 port 47071 [preauth]","@timestamp":"2022-09-16T16:26:55.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:59 honeypot-fra-1 sshd[22562]: Disconnected from invalid user cirros 187.116.49.64 port 47073 [preauth]","@timestamp":"2022-09-16T16:26:59.630Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:27:17 honeypot-ams-1 sshd[31709]: Invalid user adrian from 92.255.85.69 port 24236","@timestamp":"2022-09-16T16:27:17.980Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:34:21 honeypot-fra-1 sshd[22567]: Received disconnect from 92.255.85.69 port 17470:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:34:21.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T16:35:51.906Z","@version":"1","message":"Sep 16 16:35:51 honeypot-sgp-1 sshd[25713]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:37:28 honeypot-ams-1 kernel: [84222830.096290] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.36.19.166 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=33299 DF PROTO=TCP SPT=42546 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:37:29.245Z"}
{"@timestamp":"2022-09-16T16:40:25.018Z","@version":"1","message":"Sep 16 16:40:24 honeypot-sgp-1 sshd[25717]: Disconnected from invalid user wp 165.22.101.75 port 55068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:42:55 honeypot-ams-1 sshd[31715]: Received disconnect from 209.14.136.27 port 40338:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:42:56.390Z"}
{"@timestamp":"2022-09-16T16:45:09.136Z","@version":"1","message":"Sep 16 16:45:08 honeypot-sgp-1 sshd[25724]: Invalid user gozone from 69.10.39.91 port 47158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:45:44 honeypot-ams-1 sshd[31719]: Disconnected from authenticating user root 34.126.71.110 port 56796 [preauth]","@timestamp":"2022-09-16T16:45:44.463Z"}
{"@timestamp":"2022-09-16T16:45:49.155Z","@version":"1","message":"Sep 16 16:45:48 honeypot-sgp-1 sshd[25728]: Disconnected from invalid user uploader 43.154.142.229 port 38574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:48:05 honeypot-ams-1 sshd[31726]: Received disconnect from 46.101.244.79 port 45768:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:48:06.526Z"}
{"@timestamp":"2022-09-16T16:49:06.238Z","@version":"1","message":"Sep 16 16:49:05 honeypot-sgp-1 sshd[25734]: Received disconnect from 106.245.234.10 port 56912:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:49:44 honeypot-fra-1 kernel: [84221397.295871] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.178.160.229 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24550 DF PROTO=TCP SPT=47028 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:49:44.138Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:52:43 honeypot-ams-1 kernel: [84223744.528761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=30767 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:52:43.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:53:56 honeypot-fra-1 kernel: [84221649.266342] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.99.55.191 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10663 PROTO=TCP SPT=43909 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:53:56.233Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:56:59 honeypot-fra-1 sshd[22598]: Received disconnect from 45.61.184.204 port 56680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T16:56:59.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:18 honeypot-fra-1 sshd[22602]: Received disconnect from 45.61.184.204 port 51368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T16:57:19.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:36 honeypot-fra-1 sshd[22606]: Received disconnect from 45.61.184.204 port 46052:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T16:57:37.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:47 honeypot-fra-1 sshd[22612]: Disconnected from authenticating user root 92.255.85.70 port 48470 [preauth]","@timestamp":"2022-09-16T16:57:47.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T16:58:51.475Z","@version":"1","message":"Sep 16 16:58:51 honeypot-sgp-1 kernel: [84223636.605905] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.163.46 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=39236 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:13 honeypot-ams-1 sshd[31736]: Received disconnect from 45.61.187.160 port 55178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T17:01:13.894Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:32 honeypot-ams-1 sshd[31740]: Received disconnect from 45.61.187.160 port 49482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T17:01:32.905Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:51 honeypot-ams-1 sshd[31744]: Received disconnect from 45.61.187.160 port 43796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T17:01:51.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:02:08 honeypot-ams-1 sshd[31748]: Received disconnect from 45.61.187.160 port 38090:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T17:02:08.923Z"}
{"@timestamp":"2022-09-16T17:04:23.609Z","@version":"1","message":"Sep 16 17:04:23 honeypot-sgp-1 sshd[25744]: Disconnected from authenticating user root 92.255.85.70 port 31544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:07:36 honeypot-fra-1 sshd[22620]: Invalid user users from 183.194.1.194 port 39666","@timestamp":"2022-09-16T17:07:36.591Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:09:01 honeypot-ams-1 CRON[31751]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T17:09:02.102Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:09:01 honeypot-fra-1 CRON[22625]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T17:09:02.628Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:17:01.912Z","@version":"1","message":"Sep 16 17:17:01 honeypot-sgp-1 CRON[25751]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:17:01 honeypot-ams-1 CRON[31758]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T17:17:02.309Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:17:53 honeypot-fra-1 kernel: [84223086.315306] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=39239 PROTO=TCP SPT=49547 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:17:53.136Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:23:00 honeypot-fra-1 sshd[22639]: Invalid user user from 179.60.147.69 port 31666","@timestamp":"2022-09-16T17:23:01.254Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:23:52.081Z","@version":"1","message":"Sep 16 17:23:51 honeypot-sgp-1 kernel: [84225137.065188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=51760 PROTO=TCP SPT=49024 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:25:11 honeypot-ams-1 sshd[31764]: Invalid user user from 179.60.147.69 port 12556","@timestamp":"2022-09-16T17:25:11.518Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:09 honeypot-fra-1 sshd[22641]: Disconnected from invalid user jenkins 165.227.85.21 port 59464 [preauth]","@timestamp":"2022-09-16T17:27:09.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:59 honeypot-fra-1 sshd[22645]: Disconnected from authenticating user root 179.99.246.60 port 49468 [preauth]","@timestamp":"2022-09-16T17:27:59.373Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:28:05.186Z","@version":"1","message":"Sep 16 17:28:05 honeypot-sgp-1 sshd[25760]: Received disconnect from 92.255.85.69 port 39674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:30:26 honeypot-ams-1 kernel: [84226007.695899] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=28613 PROTO=TCP SPT=48133 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:30:26.655Z"}
{"@timestamp":"2022-09-16T17:33:43.323Z","@version":"1","message":"Sep 16 17:33:42 honeypot-sgp-1 kernel: [84225728.163656] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=62.233.50.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41044 PROTO=TCP SPT=40340 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:34:39 honeypot-ams-1 sshd[31770]: Disconnected from invalid user control 195.19.105.13 port 17911 [preauth]","@timestamp":"2022-09-16T17:34:39.766Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:38:25 honeypot-fra-1 kernel: [84224318.983355] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61126 PROTO=TCP SPT=49527 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:38:26.627Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:40:42 honeypot-ams-1 sshd[31775]: Connection closed by invalid user guest 193.106.191.157 port 56980 [preauth]","@timestamp":"2022-09-16T17:40:42.926Z"}
{"@timestamp":"2022-09-16T17:45:07.593Z","@version":"1","message":"Sep 16 17:45:07 honeypot-sgp-1 sshd[25767]: Invalid user buradrc from 34.93.204.90 port 37068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:46:09 honeypot-fra-1 kernel: [84224782.694603] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.68 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=9309 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:46:09.795Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T17:46:49.635Z","@version":"1","message":"Sep 16 17:46:49 honeypot-sgp-1 sshd[25770]: Disconnected from invalid user admin 161.82.233.183 port 41080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T17:48:48.685Z","@version":"1","message":"Sep 16 17:48:48 honeypot-sgp-1 sshd[25776]: Received disconnect from 64.227.185.119 port 43148:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:50:40 honeypot-fra-1 sshd[22659]: Connection closed by invalid user guest 193.106.191.157 port 50092 [preauth]","@timestamp":"2022-09-16T17:50:40.901Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:52:48.781Z","@version":"1","message":"Sep 16 17:52:48 honeypot-sgp-1 sshd[25781]: Disconnected from invalid user test 182.23.23.42 port 49744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:54:34 honeypot-ams-1 kernel: [84227456.172103] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.118.53.210 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=50804 PROTO=TCP SPT=31455 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:54:35.279Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:01:37 honeypot-ams-1 sshd[31787]: Connection closed by authenticating user nobody 179.60.147.69 port 35498 [preauth]","@timestamp":"2022-09-16T18:01:38.454Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:33 honeypot-fra-1 sshd[22665]: Disconnected from invalid user user 45.61.186.249 port 47754 [preauth]","@timestamp":"2022-09-16T18:02:34.171Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:51 honeypot-fra-1 sshd[22669]: Disconnected from invalid user user 45.61.186.249 port 42178 [preauth]","@timestamp":"2022-09-16T18:02:52.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:11 honeypot-fra-1 sshd[22673]: Disconnected from invalid user user 45.61.186.249 port 36598 [preauth]","@timestamp":"2022-09-16T18:03:12.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:28 honeypot-fra-1 sshd[22677]: Disconnected from invalid user user 45.61.186.249 port 59278 [preauth]","@timestamp":"2022-09-16T18:03:29.213Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:06:01 honeypot-ams-1 sshd[31793]: Invalid user admin from 165.232.158.22 port 37830","@timestamp":"2022-09-16T18:06:01.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:06:04 honeypot-ams-1 sshd[31799]: Invalid user admin from 165.232.158.22 port 37862","@timestamp":"2022-09-16T18:06:04.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:08:45 honeypot-ams-1 sshd[31804]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-16T18:08:45.643Z"}
{"@timestamp":"2022-09-16T18:08:59.187Z","@version":"1","message":"Sep 16 18:08:58 honeypot-sgp-1 kernel: [84227843.807074] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60404 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:09:06 honeypot-fra-1 sshd[22682]: Disconnected from authenticating user nobody 92.255.85.69 port 42060 [preauth]","@timestamp":"2022-09-16T18:09:07.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:16:38 honeypot-fra-1 kernel: [84226611.596778] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:16:39.517Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T18:17:01.378Z","@version":"1","message":"Sep 16 18:17:01 honeypot-sgp-1 CRON[25791]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:17:01 honeypot-ams-1 CRON[31806]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T18:17:02.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:24:54 honeypot-ams-1 sshd[31812]: Received disconnect from 92.255.85.69 port 61302:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:24:55.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:26:04 honeypot-ams-1 sshd[31816]: Received disconnect from 20.25.38.254 port 34024:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:26:05.091Z"}
{"@timestamp":"2022-09-16T18:30:55.712Z","@version":"1","message":"Sep 16 18:30:54 honeypot-sgp-1 kernel: [84229160.239818] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=35039 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:31:46 honeypot-fra-1 sshd[22690]: Received disconnect from 92.255.85.69 port 34080:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:31:46.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:35:54 honeypot-ams-1 kernel: [84229935.706880] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.3.151.2 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=41998 PROTO=TCP SPT=41716 DPT=80 WINDOW=20855 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:35:55.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:36:35 honeypot-ams-1 sshd[31826]: Disconnected from authenticating user root 46.19.141.122 port 57416 [preauth]","@timestamp":"2022-09-16T18:36:35.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:37:45 honeypot-ams-1 sshd[31832]: Connection closed by authenticating user nobody 179.60.147.69 port 3090 [preauth]","@timestamp":"2022-09-16T18:37:46.415Z"}
{"@timestamp":"2022-09-16T18:38:04.886Z","@version":"1","message":"Sep 16 18:38:04 honeypot-sgp-1 sshd[25801]: Disconnected from invalid user sftpuser 92.255.85.69 port 32202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:38:18 honeypot-ams-1 sshd[31836]: Disconnected from invalid user ubuntu 46.19.141.122 port 50340 [preauth]","@timestamp":"2022-09-16T18:38:19.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:39:16 honeypot-ams-1 sshd[31840]: Disconnected from invalid user user 46.19.141.122 port 60914 [preauth]","@timestamp":"2022-09-16T18:39:17.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:40:04 honeypot-ams-1 sshd[31844]: Received disconnect from 46.19.141.122 port 43250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:40:05.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:42:05 honeypot-fra-1 kernel: [84228138.912839] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.151.215 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=2478 DF PROTO=TCP SPT=33644 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:42:06.086Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:46:28 honeypot-ams-1 kernel: [84230569.416010] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37411 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:46:28.648Z"}
{"@timestamp":"2022-09-16T18:48:11.127Z","@version":"1","message":"Sep 16 18:48:10 honeypot-sgp-1 sshd[25806]: Invalid user ghost from 122.155.169.49 port 46959","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:51:41 honeypot-ams-1 kernel: [84230882.913234] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.139 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60524 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:51:41.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:52:37 honeypot-fra-1 kernel: [84228770.530555] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=50525 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:52:38.371Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T18:57:11.337Z","@version":"1","message":"Sep 16 18:57:11 honeypot-sgp-1 kernel: [84230736.775343] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=157.245.80.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59738 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:00:41 honeypot-fra-1 kernel: [84229254.845829] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48898 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:00:42.554Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T19:04:38.514Z","@version":"1","message":"Sep 16 19:04:37 honeypot-sgp-1 sshd[25812]: Invalid user http from 178.128.159.1 port 56530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:17.531Z","@version":"1","message":"Sep 16 19:05:17 honeypot-sgp-1 sshd[25815]: Disconnected from invalid user user 45.61.186.249 port 38324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:36.541Z","@version":"1","message":"Sep 16 19:05:35 honeypot-sgp-1 sshd[25819]: Disconnected from invalid user user 45.61.186.249 port 60892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:56.550Z","@version":"1","message":"Sep 16 19:05:56 honeypot-sgp-1 sshd[25823]: Disconnected from invalid user user 45.61.186.249 port 55238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:03 honeypot-ams-1 sshd[31929]: Did not receive identification string from 45.61.184.204 port 57970","@timestamp":"2022-09-16T19:06:03.161Z"}
{"@timestamp":"2022-09-16T19:06:14.558Z","@version":"1","message":"Sep 16 19:06:13 honeypot-sgp-1 sshd[25827]: Disconnected from invalid user user 45.61.186.249 port 49590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:44 honeypot-ams-1 sshd[31933]: Disconnected from invalid user user 45.61.184.204 port 45506 [preauth]","@timestamp":"2022-09-16T19:06:45.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:02 honeypot-ams-1 sshd[31937]: Disconnected from invalid user user 45.61.184.204 port 39756 [preauth]","@timestamp":"2022-09-16T19:07:03.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:20 honeypot-ams-1 sshd[31941]: Disconnected from invalid user user 45.61.184.204 port 34010 [preauth]","@timestamp":"2022-09-16T19:07:21.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:29 honeypot-ams-1 sshd[31945]: Disconnected from invalid user user 45.61.184.204 port 45256 [preauth]","@timestamp":"2022-09-16T19:07:30.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:11 honeypot-fra-1 sshd[22709]: Received disconnect from 139.59.4.184 port 48160:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:11:12.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:47 honeypot-fra-1 sshd[22713]: Connection closed by invalid user debian 179.60.147.69 port 52906 [preauth]","@timestamp":"2022-09-16T19:11:47.808Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:12:24 honeypot-ams-1 kernel: [84232126.104993] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.188 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49723 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:12:25.338Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:17:01 honeypot-fra-1 CRON[22721]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T19:17:01.927Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:18:08 honeypot-ams-1 kernel: [84232469.442113] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.156.155.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=55860 PROTO=TCP SPT=45326 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:18:08.491Z"}
{"@timestamp":"2022-09-16T19:20:38.892Z","@version":"1","message":"Sep 16 19:20:38 honeypot-sgp-1 sshd[25836]: Disconnected from authenticating user root 58.32.17.88 port 50318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:21:36 honeypot-fra-1 sshd[22726]: Connection closed by authenticating user root 194.163.190.53 port 56214 [preauth]","@timestamp":"2022-09-16T19:21:37.032Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:32:54 honeypot-ams-1 kernel: [84233355.773665] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.220.205.13 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45420 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:32:54.878Z"}
{"@timestamp":"2022-09-16T19:34:46.221Z","@version":"1","message":"Sep 16 19:34:45 honeypot-sgp-1 sshd[25842]: Received disconnect from 20.228.209.161 port 33908:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:36:06 honeypot-fra-1 kernel: [84231379.366217] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.128 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=22672 PROTO=TCP SPT=47317 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:36:07.360Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:41:59 honeypot-fra-1 sshd[22739]: Invalid user admin1 from 92.255.85.70 port 58120","@timestamp":"2022-09-16T19:42:00.496Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:44:19.446Z","@version":"1","message":"Sep 16 19:44:18 honeypot-sgp-1 kernel: [84233564.233337] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=201.130.179.72 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=11151 DF PROTO=TCP SPT=58880 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:44:34 honeypot-ams-1 sshd[31963]: Connection closed by 122.231.221.13 port 60766 [preauth]","@timestamp":"2022-09-16T19:44:35.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:46:29 honeypot-fra-1 sshd[22743]: Connection closed by authenticating user root 194.163.190.53 port 58732 [preauth]","@timestamp":"2022-09-16T19:46:29.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:49:08 honeypot-ams-1 sshd[31968]: Disconnected from authenticating user root 46.19.141.122 port 52838 [preauth]","@timestamp":"2022-09-16T19:49:09.300Z"}
{"@timestamp":"2022-09-16T19:50:09.583Z","@version":"1","message":"Sep 16 19:50:09 honeypot-sgp-1 kernel: [84233914.964332] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=90 TOS=0x00 PREC=0x00 TTL=245 ID=53738 PROTO=TCP SPT=14449 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:50:25 honeypot-ams-1 sshd[31975]: Connection closed by invalid user test 179.60.147.69 port 60352 [preauth]","@timestamp":"2022-09-16T19:50:25.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:01 honeypot-ams-1 sshd[31979]: Disconnected from invalid user admin 46.19.141.122 port 52952 [preauth]","@timestamp":"2022-09-16T19:51:02.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:51:28 honeypot-fra-1 sshd[22750]: Invalid user niang from 45.191.91.45 port 40732","@timestamp":"2022-09-16T19:51:28.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31985]: Did not receive identification string from 176.31.240.226 port 43288","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31997]: Invalid user postgres from 176.31.240.226 port 44162","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31997]: Connection closed by invalid user postgres 176.31.240.226 port 44162 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31989]: Connection closed by authenticating user root 176.31.240.226 port 44140 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[32001]: Invalid user git from 176.31.240.226 port 44190","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32025]: Connection closed by invalid user hadoop 176.31.240.226 port 44154 [preauth]","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32022]: Invalid user ubuntu from 176.31.240.226 port 44150","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32026]: Connection closed by invalid user test 176.31.240.226 port 44122 [preauth]","@timestamp":"2022-09-16T19:51:45.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32043]: Connection closed by authenticating user root 176.31.240.226 port 44130 [preauth]","@timestamp":"2022-09-16T19:51:47.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32038]: Connection closed by invalid user testuser 176.31.240.226 port 44134 [preauth]","@timestamp":"2022-09-16T19:51:47.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:52:16 honeypot-ams-1 sshd[32052]: Disconnected from invalid user user 46.19.141.122 port 45972 [preauth]","@timestamp":"2022-09-16T19:52:17.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:53:04 honeypot-ams-1 sshd[32056]: Disconnected from invalid user support 46.19.141.122 port 60142 [preauth]","@timestamp":"2022-09-16T19:53:05.417Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:54:11 honeypot-fra-1 sshd[22755]: Connection closed by authenticating user root 194.163.190.53 port 40330 [preauth]","@timestamp":"2022-09-16T19:54:12.775Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:56:58 honeypot-ams-1 sshd[32063]: Received disconnect from 138.68.166.112 port 43636:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:56:59.519Z"}
{"@timestamp":"2022-09-16T19:59:51.805Z","@version":"1","message":"Sep 16 19:59:51 honeypot-sgp-1 sshd[25853]: Disconnected from invalid user git 196.191.116.209 port 2130 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:01:23.844Z","@version":"1","message":"Sep 16 20:01:23 honeypot-sgp-1 sshd[25858]: Disconnected from invalid user andreia 178.128.114.244 port 39660 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:04:47 honeypot-ams-1 sshd[32069]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-16T20:04:48.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:05:03 honeypot-fra-1 sshd[22763]: Received disconnect from 92.255.85.69 port 47814:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:05:04.015Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:05:15.936Z","@version":"1","message":"Sep 16 20:05:15 honeypot-sgp-1 sshd[25862]: Disconnected from invalid user git 43.154.5.246 port 33708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:09:59 honeypot-fra-1 sshd[22768]: Disconnected from authenticating user root 178.128.30.95 port 56990 [preauth]","@timestamp":"2022-09-16T20:10:00.126Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:12:12.101Z","@version":"1","message":"Sep 16 20:12:12 honeypot-sgp-1 sshd[25867]: Received disconnect from 92.255.85.70 port 51310:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:17:01 honeypot-fra-1 CRON[22775]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T20:17:01.279Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:17:01 honeypot-ams-1 CRON[32074]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T20:17:02.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:18 honeypot-ams-1 sshd[32078]: Received disconnect from 45.61.186.169 port 45668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:19:19.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:34 honeypot-ams-1 sshd[32082]: Received disconnect from 45.61.186.169 port 40102:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:19:35.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:50 honeypot-ams-1 sshd[32086]: Received disconnect from 45.61.186.169 port 34536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:19:50.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:20:04 honeypot-ams-1 sshd[32090]: Received disconnect from 45.61.186.169 port 57212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:20:05.138Z"}
{"@timestamp":"2022-09-16T20:22:59.354Z","@version":"1","message":"Sep 16 20:22:58 honeypot-sgp-1 kernel: [84235884.150165] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.137 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=5817 PROTO=TCP SPT=45451 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:23:53 honeypot-fra-1 kernel: [84234246.563341] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.39.19.17 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=2153 PROTO=TCP SPT=59704 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:23:54.436Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:25:35 honeypot-ams-1 kernel: [84236516.134978] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.167 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=50521 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:25:35.282Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:28:29 honeypot-fra-1 sshd[22788]: Disconnected from invalid user mysql 92.255.85.70 port 31496 [preauth]","@timestamp":"2022-09-16T20:28:29.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:30:46 honeypot-ams-1 kernel: [84236827.853722] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=44051 PROTO=TCP SPT=40204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:30:47.417Z"}
{"@timestamp":"2022-09-16T20:32:55.588Z","@version":"1","message":"Sep 16 20:32:54 honeypot-sgp-1 kernel: [84236480.130750] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=43642 DF PROTO=TCP SPT=63730 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:34:57 honeypot-fra-1 sshd[22796]: Connection closed by authenticating user root 103.188.176.251 port 43474 [preauth]","@timestamp":"2022-09-16T20:34:57.693Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:38:53 honeypot-ams-1 kernel: [84237314.172870] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.238.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=32606 PROTO=TCP SPT=28653 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:38:53.623Z"}
{"@timestamp":"2022-09-16T20:40:19.763Z","@version":"1","message":"Sep 16 20:40:19 honeypot-sgp-1 sshd[25882]: Connection closed by invalid user support 116.98.174.154 port 52592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:40:58.780Z","@version":"1","message":"Sep 16 20:40:57 honeypot-sgp-1 sshd[25890]: Invalid user ftpuser from 116.98.174.154 port 53536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:02.784Z","@version":"1","message":"Sep 16 20:41:02 honeypot-sgp-1 sshd[25896]: Invalid user nginx from 116.98.174.154 port 44896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:10.788Z","@version":"1","message":"Sep 16 20:41:10 honeypot-sgp-1 sshd[25902]: Invalid user ubnt from 116.98.174.154 port 34594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:21.794Z","@version":"1","message":"Sep 16 20:41:21 honeypot-sgp-1 sshd[25908]: Connection closed by invalid user ubnt 116.98.174.154 port 42532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:29.799Z","@version":"1","message":"Sep 16 20:41:29 honeypot-sgp-1 sshd[25914]: Connection closed by invalid user admin 116.98.174.154 port 45382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:36.802Z","@version":"1","message":"Sep 16 20:41:36 honeypot-sgp-1 sshd[25918]: Connection closed by invalid user support1 116.98.174.154 port 41430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:55.812Z","@version":"1","message":"Sep 16 20:41:55 honeypot-sgp-1 sshd[25926]: Invalid user admin from 116.98.174.154 port 52992","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:06.817Z","@version":"1","message":"Sep 16 20:42:06 honeypot-sgp-1 sshd[25932]: Connection closed by authenticating user root 116.98.174.154 port 45014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:11.820Z","@version":"1","message":"Sep 16 20:42:11 honeypot-sgp-1 sshd[25938]: Connection closed by invalid user monitor 116.98.174.154 port 47744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:17.824Z","@version":"1","message":"Sep 16 20:42:17 honeypot-sgp-1 sshd[25944]: Connection closed by invalid user admin 116.98.174.154 port 60444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:35.832Z","@version":"1","message":"Sep 16 20:42:35 honeypot-sgp-1 sshd[25950]: Connection closed by invalid user tomcat7 116.98.174.154 port 48002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:44.838Z","@version":"1","message":"Sep 16 20:42:43 honeypot-sgp-1 sshd[25956]: Connection closed by invalid user barbara 116.98.174.154 port 52484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:48.840Z","@version":"1","message":"Sep 16 20:42:48 honeypot-sgp-1 sshd[25960]: Connection closed by invalid user sysadmin 116.98.174.154 port 40286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:53.842Z","@version":"1","message":"Sep 16 20:42:53 honeypot-sgp-1 sshd[25970]: Connection closed by authenticating user root 116.98.174.154 port 40376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:58.845Z","@version":"1","message":"Sep 16 20:42:58 honeypot-sgp-1 sshd[25976]: Connection closed by invalid user danielle 116.98.174.154 port 45100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:43:05 honeypot-fra-1 sshd[22801]: Disconnected from invalid user liberty 165.22.45.108 port 56498 [preauth]","@timestamp":"2022-09-16T20:43:05.875Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:43:10.851Z","@version":"1","message":"Sep 16 20:43:10 honeypot-sgp-1 sshd[25982]: Connection closed by invalid user data 116.98.174.154 port 57198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:19.856Z","@version":"1","message":"Sep 16 20:43:19 honeypot-sgp-1 sshd[25990]: Invalid user rebecca from 116.98.174.154 port 42814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:21.857Z","@version":"1","message":"Sep 16 20:43:21 honeypot-sgp-1 sshd[25996]: Invalid user gary from 116.98.174.154 port 41130","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:30.863Z","@version":"1","message":"Sep 16 20:43:29 honeypot-sgp-1 sshd[26005]: Invalid user administrator from 116.98.174.154 port 49944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:35.865Z","@version":"1","message":"Sep 16 20:43:35 honeypot-sgp-1 sshd[26010]: Invalid user ggg from 116.98.174.154 port 54014","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:48.872Z","@version":"1","message":"Sep 16 20:43:48 honeypot-sgp-1 sshd[26016]: Invalid user default from 116.98.174.154 port 60366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:54.874Z","@version":"1","message":"Sep 16 20:43:54 honeypot-sgp-1 sshd[26022]: Connection closed by invalid user monitor 116.98.174.154 port 38338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:06.881Z","@version":"1","message":"Sep 16 20:44:06 honeypot-sgp-1 sshd[26028]: Invalid user cusadmin from 116.98.174.154 port 53932","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:07.882Z","@version":"1","message":"Sep 16 20:44:07 honeypot-sgp-1 sshd[26034]: Invalid user minecraft from 116.98.174.154 port 54688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:10.883Z","@version":"1","message":"Sep 16 20:44:10 honeypot-sgp-1 sshd[26038]: Invalid user press from 116.98.174.154 port 33606","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:18.888Z","@version":"1","message":"Sep 16 20:44:18 honeypot-sgp-1 sshd[26046]: Connection closed by invalid user fttrans 116.98.174.154 port 59204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:24.891Z","@version":"1","message":"Sep 16 20:44:24 honeypot-sgp-1 sshd[26052]: Connection closed by invalid user test 116.98.174.154 port 42026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:51.904Z","@version":"1","message":"Sep 16 20:44:51 honeypot-sgp-1 sshd[26059]: Invalid user office from 116.98.174.154 port 59712","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:58.907Z","@version":"1","message":"Sep 16 20:44:58 honeypot-sgp-1 sshd[26065]: Invalid user 5fe5d4 from 116.98.174.154 port 48688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:07.912Z","@version":"1","message":"Sep 16 20:45:07 honeypot-sgp-1 sshd[26071]: Invalid user user from 45.61.186.169 port 34836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:10.913Z","@version":"1","message":"Sep 16 20:45:10 honeypot-sgp-1 sshd[26075]: Connection closed by invalid user miner 116.98.174.154 port 36062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:15.917Z","@version":"1","message":"Sep 16 20:45:15 honeypot-sgp-1 sshd[26082]: Received disconnect from 45.61.186.169 port 46126:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:19.919Z","@version":"1","message":"Sep 16 20:45:19 honeypot-sgp-1 sshd[26088]: Connection closed by invalid user aidvolunteers 116.98.174.154 port 43770 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:22.921Z","@version":"1","message":"Sep 16 20:45:22 honeypot-sgp-1 sshd[26096]: Invalid user super from 116.98.174.154 port 39906","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:26.923Z","@version":"1","message":"Sep 16 20:45:26 honeypot-sgp-1 sshd[26100]: Connection closed by invalid user git 116.98.174.154 port 56856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:31.926Z","@version":"1","message":"Sep 16 20:45:31 honeypot-sgp-1 sshd[26108]: Connection closed by invalid user testuser 116.98.174.154 port 42728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:35.928Z","@version":"1","message":"Sep 16 20:45:35 honeypot-sgp-1 sshd[26112]: Connection closed by authenticating user root 116.98.174.154 port 34832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:39.930Z","@version":"1","message":"Sep 16 20:45:39 honeypot-sgp-1 sshd[26118]: Received disconnect from 45.61.186.169 port 51824:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:44.934Z","@version":"1","message":"Sep 16 20:45:44 honeypot-sgp-1 sshd[26126]: Invalid user admin from 116.98.174.154 port 53342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:47.935Z","@version":"1","message":"Sep 16 20:45:47 honeypot-sgp-1 sshd[26128]: Disconnected from invalid user user 45.61.186.169 port 34892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:52.937Z","@version":"1","message":"Sep 16 20:45:52 honeypot-sgp-1 sshd[26136]: Connection closed by invalid user test 116.98.174.154 port 59194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:55.939Z","@version":"1","message":"Sep 16 20:45:55 honeypot-sgp-1 sshd[26140]: Connection closed by invalid user keith 116.98.174.154 port 42604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:01.943Z","@version":"1","message":"Sep 16 20:46:01 honeypot-sgp-1 sshd[26146]: Connection closed by invalid user shutdown 116.98.174.154 port 51372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:10.947Z","@version":"1","message":"Sep 16 20:46:10 honeypot-sgp-1 sshd[26152]: Invalid user sms from 116.98.174.154 port 53736","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:13.949Z","@version":"1","message":"Sep 16 20:46:13 honeypot-sgp-1 sshd[26158]: Connection closed by invalid user sftpuser 116.98.174.154 port 53480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:19.953Z","@version":"1","message":"Sep 16 20:46:19 honeypot-sgp-1 sshd[26164]: Connection closed by invalid user administrator 116.98.174.154 port 59806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:30.958Z","@version":"1","message":"Sep 16 20:46:30 honeypot-sgp-1 sshd[26170]: Connection closed by invalid user cyrus 116.98.174.154 port 40492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:34.961Z","@version":"1","message":"Sep 16 20:46:34 honeypot-sgp-1 sshd[26178]: Invalid user rotarypoperinge from 116.98.174.154 port 37772","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:48.968Z","@version":"1","message":"Sep 16 20:46:48 honeypot-sgp-1 sshd[26184]: Connection closed by invalid user nagios 116.98.174.154 port 59250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:08.977Z","@version":"1","message":"Sep 16 20:47:08 honeypot-sgp-1 sshd[26192]: Connection closed by invalid user coach 116.98.174.154 port 33768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:20.983Z","@version":"1","message":"Sep 16 20:47:20 honeypot-sgp-1 sshd[26198]: Connection closed by invalid user adm 116.98.174.154 port 34952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:34.991Z","@version":"1","message":"Sep 16 20:47:34 honeypot-sgp-1 sshd[26204]: Connection closed by invalid user admin 116.98.174.154 port 40450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:38.993Z","@version":"1","message":"Sep 16 20:47:38 honeypot-sgp-1 sshd[26210]: Connection closed by invalid user adminpldt 116.98.174.154 port 56476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:44.996Z","@version":"1","message":"Sep 16 20:47:44 honeypot-sgp-1 sshd[26216]: Connection closed by invalid user ax 116.98.174.154 port 40426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:49.999Z","@version":"1","message":"Sep 16 20:47:49 honeypot-sgp-1 sshd[26224]: Invalid user boss from 116.98.174.154 port 45778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:56.002Z","@version":"1","message":"Sep 16 20:47:55 honeypot-sgp-1 sshd[26230]: Connection closed by authenticating user root 116.98.174.154 port 51358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:01.005Z","@version":"1","message":"Sep 16 20:48:00 honeypot-sgp-1 sshd[26236]: Connection closed by invalid user fe5ced 116.98.174.154 port 58144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:06.008Z","@version":"1","message":"Sep 16 20:48:05 honeypot-sgp-1 sshd[26246]: Invalid user admin from 116.98.174.154 port 42468","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:10.010Z","@version":"1","message":"Sep 16 20:48:09 honeypot-sgp-1 sshd[26252]: Invalid user admin from 116.98.174.154 port 34170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:13.012Z","@version":"1","message":"Sep 16 20:48:12 honeypot-sgp-1 sshd[26258]: Invalid user odoo from 116.98.174.154 port 51422","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:23.017Z","@version":"1","message":"Sep 16 20:48:22 honeypot-sgp-1 sshd[26264]: Invalid user admin from 116.98.174.154 port 49580","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:40.026Z","@version":"1","message":"Sep 16 20:48:39 honeypot-sgp-1 sshd[26270]: Connection closed by invalid user sh 116.98.174.154 port 57244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:54.033Z","@version":"1","message":"Sep 16 20:48:53 honeypot-sgp-1 sshd[26276]: Invalid user apple from 116.98.174.154 port 36312","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:59.036Z","@version":"1","message":"Sep 16 20:48:58 honeypot-sgp-1 sshd[26282]: Connection closed by invalid user matt 116.98.174.154 port 52298 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:07.040Z","@version":"1","message":"Sep 16 20:49:06 honeypot-sgp-1 sshd[26288]: Connection closed by invalid user recovery 116.98.174.154 port 43882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:15.045Z","@version":"1","message":"Sep 16 20:49:15 honeypot-sgp-1 sshd[26294]: Connection closed by invalid user ftpadmin 116.98.174.154 port 51364 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:37.055Z","@version":"1","message":"Sep 16 20:49:36 honeypot-sgp-1 sshd[26300]: Connection closed by invalid user admin 116.98.174.154 port 36150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:41.058Z","@version":"1","message":"Sep 16 20:49:40 honeypot-sgp-1 sshd[26308]: Invalid user hadoop from 116.98.174.154 port 50178","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:43.059Z","@version":"1","message":"Sep 16 20:49:42 honeypot-sgp-1 sshd[26314]: Invalid user contact from 116.98.174.154 port 51598","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:45.061Z","@version":"1","message":"Sep 16 20:49:44 honeypot-sgp-1 sshd[26320]: Invalid user adnmin from 116.98.174.154 port 55232","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:50.063Z","@version":"1","message":"Sep 16 20:49:49 honeypot-sgp-1 kernel: [84237494.985273] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=40396 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:03.070Z","@version":"1","message":"Sep 16 20:50:02 honeypot-sgp-1 sshd[26332]: Invalid user tmax from 116.98.174.154 port 45384","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:11.074Z","@version":"1","message":"Sep 16 20:50:10 honeypot-sgp-1 sshd[26338]: Connection closed by authenticating user root 116.98.174.154 port 52586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:27.082Z","@version":"1","message":"Sep 16 20:50:26 honeypot-sgp-1 sshd[26347]: Invalid user ftpuser from 116.98.174.154 port 55328","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:28.082Z","@version":"1","message":"Sep 16 20:50:27 honeypot-sgp-1 sshd[26353]: Invalid user 0f9246 from 116.98.174.154 port 42126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:36.087Z","@version":"1","message":"Sep 16 20:50:35 honeypot-sgp-1 sshd[26361]: Invalid user test from 116.98.174.154 port 37160","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:48.093Z","@version":"1","message":"Sep 16 20:50:47 honeypot-sgp-1 sshd[26369]: Invalid user test01 from 116.98.174.154 port 42936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:14.105Z","@version":"1","message":"Sep 16 20:51:13 honeypot-sgp-1 sshd[26375]: Connection closed by invalid user ftpuser 116.98.174.154 port 42806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:19.108Z","@version":"1","message":"Sep 16 20:51:18 honeypot-sgp-1 sshd[26381]: Connection closed by invalid user daegalnet 116.98.174.154 port 33996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:31.114Z","@version":"1","message":"Sep 16 20:51:30 honeypot-sgp-1 sshd[26389]: Invalid user psybnc from 116.98.174.154 port 47064","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:36.116Z","@version":"1","message":"Sep 16 20:51:36 honeypot-sgp-1 sshd[26395]: Invalid user incoming from 116.98.174.154 port 58482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:40.118Z","@version":"1","message":"Sep 16 20:51:39 honeypot-sgp-1 sshd[26401]: Invalid user chris from 116.98.174.154 port 40328","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:58.127Z","@version":"1","message":"Sep 16 20:51:57 honeypot-sgp-1 sshd[26411]: Invalid user tester from 116.98.174.154 port 56278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:05.131Z","@version":"1","message":"Sep 16 20:52:04 honeypot-sgp-1 sshd[26417]: Invalid user www from 116.98.174.154 port 49030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:52:09 honeypot-ams-1 sshd[32110]: Did not receive identification string from 80.76.51.189 port 60930","@timestamp":"2022-09-16T20:52:09.968Z"}
{"@timestamp":"2022-09-16T20:52:18.138Z","@version":"1","message":"Sep 16 20:52:17 honeypot-sgp-1 sshd[26423]: Invalid user postmaster from 116.98.174.154 port 39424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:22.140Z","@version":"1","message":"Sep 16 20:52:21 honeypot-sgp-1 sshd[26429]: Connection closed by authenticating user root 116.98.174.154 port 55984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:31.145Z","@version":"1","message":"Sep 16 20:52:30 honeypot-sgp-1 sshd[26435]: Connection closed by invalid user ftp 116.98.174.154 port 38526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:41.150Z","@version":"1","message":"Sep 16 20:52:40 honeypot-sgp-1 sshd[26441]: Invalid user operations from 116.98.174.154 port 34400","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:52:42 honeypot-ams-1 sshd[32113]: Disconnected from invalid user uqs 190.104.25.210 port 54100 [preauth]","@timestamp":"2022-09-16T20:52:42.986Z"}
{"@timestamp":"2022-09-16T20:52:52.155Z","@version":"1","message":"Sep 16 20:52:51 honeypot-sgp-1 sshd[26447]: Invalid user monolit1 from 116.98.174.154 port 47700","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:52:56 honeypot-fra-1 kernel: [84235989.413978] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.127.126.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26990 DF PROTO=TCP SPT=35724 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:52:57.094Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:52:59.160Z","@version":"1","message":"Sep 16 20:52:58 honeypot-sgp-1 sshd[26453]: Connection closed by invalid user 1e905c 116.98.174.154 port 45856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:13.166Z","@version":"1","message":"Sep 16 20:53:12 honeypot-sgp-1 sshd[26459]: Connection closed by invalid user git 116.98.174.154 port 44048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:27.173Z","@version":"1","message":"Sep 16 20:53:26 honeypot-sgp-1 sshd[26465]: Connection closed by invalid user app 116.98.174.154 port 37726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:40.179Z","@version":"1","message":"Sep 16 20:53:39 honeypot-sgp-1 sshd[26471]: Connection closed by invalid user w 116.98.174.154 port 52718 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:40 honeypot-ams-1 sshd[32120]: Invalid user user from 45.61.186.49 port 60554","@timestamp":"2022-09-16T20:53:41.016Z"}
{"@timestamp":"2022-09-16T20:53:46.183Z","@version":"1","message":"Sep 16 20:53:45 honeypot-sgp-1 sshd[26478]: Invalid user english from 116.98.174.154 port 54874","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:54 honeypot-ams-1 sshd[32124]: Invalid user user from 45.61.186.49 port 43606","@timestamp":"2022-09-16T20:53:55.022Z"}
{"@timestamp":"2022-09-16T20:53:57.188Z","@version":"1","message":"Sep 16 20:53:56 honeypot-sgp-1 sshd[26483]: Invalid user tracy from 116.98.174.154 port 48970","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:59 honeypot-ams-1 sshd[32128]: Received disconnect from 45.61.186.49 port 49186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:54:00.026Z"}
{"@timestamp":"2022-09-16T20:54:04.192Z","@version":"1","message":"Sep 16 20:54:03 honeypot-sgp-1 sshd[26489]: Invalid user 1 from 116.98.174.154 port 42572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:14.197Z","@version":"1","message":"Sep 16 20:54:13 honeypot-sgp-1 sshd[26495]: Invalid user apache from 116.98.174.154 port 58370","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:24.202Z","@version":"1","message":"Sep 16 20:54:23 honeypot-sgp-1 sshd[26501]: Connection closed by invalid user test 116.98.174.154 port 42496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:25.202Z","@version":"1","message":"Sep 16 20:54:24 honeypot-sgp-1 sshd[26507]: Connection closed by invalid user dexter 116.98.174.154 port 39970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:37.208Z","@version":"1","message":"Sep 16 20:54:37 honeypot-sgp-1 sshd[26515]: Connection closed by invalid user tim 116.98.174.154 port 41938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:42.211Z","@version":"1","message":"Sep 16 20:54:41 honeypot-sgp-1 sshd[26521]: Connection closed by invalid user support 116.98.174.154 port 57648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:48.215Z","@version":"1","message":"Sep 16 20:54:47 honeypot-sgp-1 sshd[26527]: Connection closed by authenticating user root 116.98.174.154 port 50606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:07.224Z","@version":"1","message":"Sep 16 20:55:07 honeypot-sgp-1 sshd[26535]: Invalid user training from 116.98.174.154 port 60880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:21.231Z","@version":"1","message":"Sep 16 20:55:21 honeypot-sgp-1 sshd[26542]: Connection closed by invalid user john 116.98.174.154 port 35204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:55:21 honeypot-ams-1 sshd[32135]: Received disconnect from 80.76.51.189 port 37604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:55:22.066Z"}
{"@timestamp":"2022-09-16T20:55:36.238Z","@version":"1","message":"Sep 16 20:55:35 honeypot-sgp-1 sshd[26548]: Connection closed by invalid user eseasonminbak 116.98.174.154 port 34072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:41.241Z","@version":"1","message":"Sep 16 20:55:41 honeypot-sgp-1 sshd[26556]: Connection closed by authenticating user root 116.98.174.154 port 53764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:47.245Z","@version":"1","message":"Sep 16 20:55:46 honeypot-sgp-1 sshd[26564]: Invalid user nagios from 116.98.174.154 port 50594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:53.248Z","@version":"1","message":"Sep 16 20:55:52 honeypot-sgp-1 sshd[26570]: Invalid user nagios from 116.98.174.154 port 47502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:57.250Z","@version":"1","message":"Sep 16 20:55:56 honeypot-sgp-1 sshd[26576]: Connection closed by authenticating user root 116.98.174.154 port 43806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:10.257Z","@version":"1","message":"Sep 16 20:56:10 honeypot-sgp-1 sshd[26582]: Connection closed by invalid user operator 116.98.174.154 port 37506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:20.262Z","@version":"1","message":"Sep 16 20:56:19 honeypot-sgp-1 sshd[26588]: Connection closed by invalid user qq 116.98.174.154 port 44546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:29.268Z","@version":"1","message":"Sep 16 20:56:29 honeypot-sgp-1 sshd[26596]: Invalid user admIndian from 116.98.174.154 port 44212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:39.272Z","@version":"1","message":"Sep 16 20:56:38 honeypot-sgp-1 sshd[26602]: Connection closed by authenticating user root 116.98.174.154 port 46440 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:45.276Z","@version":"1","message":"Sep 16 20:56:45 honeypot-sgp-1 sshd[26610]: Invalid user joggler from 116.98.174.154 port 40478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:56:50 honeypot-ams-1 sshd[32142]: Received disconnect from 80.76.51.189 port 47242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:56:51.108Z"}
{"@timestamp":"2022-09-16T20:56:57.281Z","@version":"1","message":"Sep 16 20:56:57 honeypot-sgp-1 sshd[26616]: Connection closed by authenticating user root 116.98.174.154 port 47544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:57:03.285Z","@version":"1","message":"Sep 16 20:57:02 honeypot-sgp-1 sshd[26622]: Connection closed by invalid user jose 116.98.174.154 port 59668 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:57:30.298Z","@version":"1","message":"Sep 16 20:57:29 honeypot-sgp-1 sshd[26630]: Connection closed by invalid user nginx 103.188.176.251 port 43876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:57:52 honeypot-ams-1 sshd[32146]: Received disconnect from 80.76.51.189 port 44254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:57:53.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:58:55 honeypot-ams-1 sshd[32150]: Received disconnect from 80.76.51.189 port 41260:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:58:56.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:59:58 honeypot-ams-1 sshd[32154]: Received disconnect from 80.76.51.189 port 38270:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:59:59.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:01 honeypot-ams-1 sshd[32159]: Received disconnect from 80.76.51.189 port 35286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:01:02.225Z"}
{"@timestamp":"2022-09-16T21:01:02.382Z","@version":"1","message":"Sep 16 21:01:01 honeypot-sgp-1 kernel: [84238167.020472] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=147.182.160.15 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=26488 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:43 honeypot-ams-1 sshd[32163]: Disconnected from authenticating user root 179.171.158.147 port 59228 [preauth]","@timestamp":"2022-09-16T21:01:44.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:49 honeypot-ams-1 sshd[32169]: Received disconnect from 179.171.158.147 port 59610:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:01:50.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:56 honeypot-ams-1 sshd[32175]: Received disconnect from 179.171.158.147 port 59884:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:01:57.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:05 honeypot-ams-1 sshd[32181]: Received disconnect from 179.171.158.147 port 60270:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:05.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:11 honeypot-ams-1 sshd[32187]: Received disconnect from 179.171.158.147 port 60664:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:12.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:02:12 honeypot-fra-1 sshd[22815]: Connection closed by 3.111.30.213 port 59334 [preauth]","@timestamp":"2022-09-16T21:02:13.302Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:18 honeypot-ams-1 sshd[32193]: Received disconnect from 179.171.158.147 port 60992:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:18.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:25 honeypot-ams-1 sshd[32199]: Received disconnect from 179.171.158.147 port 33126:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:26.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:32 honeypot-ams-1 sshd[32205]: Invalid user blank from 179.60.147.69 port 36796","@timestamp":"2022-09-16T21:02:32.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:37 honeypot-ams-1 sshd[32211]: Received disconnect from 179.171.158.147 port 33780:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:38.368Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:39 honeypot-ams-1 sshd[32215]: Disconnected from invalid user oracle 80.76.51.189 port 44924 [preauth]","@timestamp":"2022-09-16T21:02:40.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:47 honeypot-ams-1 sshd[32221]: Disconnected from authenticating user root 179.171.158.147 port 34244 [preauth]","@timestamp":"2022-09-16T21:02:48.373Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:54 honeypot-ams-1 sshd[32227]: Disconnected from authenticating user root 179.171.158.147 port 34638 [preauth]","@timestamp":"2022-09-16T21:02:55.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:00 honeypot-ams-1 sshd[32233]: Disconnected from authenticating user root 179.171.158.147 port 35014 [preauth]","@timestamp":"2022-09-16T21:03:01.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:08 honeypot-ams-1 sshd[32239]: Disconnected from authenticating user root 179.171.158.147 port 35362 [preauth]","@timestamp":"2022-09-16T21:03:09.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:12 honeypot-ams-1 sshd[32243]: Disconnected from invalid user admin 179.171.158.147 port 35668 [preauth]","@timestamp":"2022-09-16T21:03:13.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:15 honeypot-ams-1 sshd[32245]: Disconnected from invalid user admin 179.171.158.147 port 35746 [preauth]","@timestamp":"2022-09-16T21:03:16.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:20 honeypot-ams-1 sshd[32251]: Disconnected from invalid user admin 179.171.158.147 port 36008 [preauth]","@timestamp":"2022-09-16T21:03:20.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:25 honeypot-ams-1 sshd[32255]: Disconnected from invalid user admin 179.171.158.147 port 36270 [preauth]","@timestamp":"2022-09-16T21:03:26.397Z"}
{"@timestamp":"2022-09-16T21:03:27.439Z","@version":"1","message":"Sep 16 21:03:27 honeypot-sgp-1 sshd[26639]: Disconnected from invalid user ubuntu 66.76.55.84 port 52210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:30 honeypot-ams-1 sshd[32259]: Disconnected from invalid user admin 179.171.158.147 port 36522 [preauth]","@timestamp":"2022-09-16T21:03:31.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:35 honeypot-ams-1 sshd[32263]: Disconnected from invalid user user 179.171.158.147 port 36836 [preauth]","@timestamp":"2022-09-16T21:03:35.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:42 honeypot-ams-1 sshd[32269]: Received disconnect from 179.171.158.147 port 37190:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:43.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:46 honeypot-ams-1 sshd[32273]: Received disconnect from 179.171.158.147 port 37448:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:47.410Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:49 honeypot-ams-1 sshd[32277]: Received disconnect from 80.76.51.189 port 41936:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:03:49.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:54 honeypot-ams-1 sshd[32281]: Received disconnect from 179.171.158.147 port 37792:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:54.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:59 honeypot-ams-1 sshd[32285]: Received disconnect from 179.171.158.147 port 38100:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:59.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:03 honeypot-ams-1 sshd[32289]: Received disconnect from 179.171.158.147 port 38304:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:03.421Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:07 honeypot-ams-1 sshd[32293]: Invalid user vagrant from 179.171.158.147 port 38538","@timestamp":"2022-09-16T21:04:08.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:12 honeypot-ams-1 sshd[32297]: Invalid user debian from 179.171.158.147 port 38818","@timestamp":"2022-09-16T21:04:13.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:16 honeypot-ams-1 sshd[32301]: Invalid user debian from 179.171.158.147 port 39044","@timestamp":"2022-09-16T21:04:17.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:22 honeypot-ams-1 sshd[32305]: Invalid user alarm from 179.171.158.147 port 39352","@timestamp":"2022-09-16T21:04:22.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:24 honeypot-ams-1 sshd[32309]: Received disconnect from 80.76.51.189 port 54560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:04:25.436Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:28 honeypot-ams-1 sshd[32313]: Received disconnect from 179.171.158.147 port 39656:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:28.438Z"}
{"@timestamp":"2022-09-16T21:04:32.466Z","@version":"1","message":"Sep 16 21:04:32 honeypot-sgp-1 sshd[26643]: Disconnected from invalid user pi 82.112.131.162 port 37597 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:00 honeypot-ams-1 sshd[32317]: Received disconnect from 80.76.51.189 port 38954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:05:01.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:36 honeypot-ams-1 sshd[32322]: Received disconnect from 182.52.90.164 port 34696:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:05:36.473Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:08:04 honeypot-fra-1 kernel: [84236897.118324] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.90.148.15 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=42336 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:08:05.438Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:10:06 honeypot-ams-1 kernel: [84239187.166498] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=12696 PROTO=TCP SPT=61004 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:10:06.616Z"}
{"@timestamp":"2022-09-16T21:11:19.622Z","@version":"1","message":"Sep 16 21:11:18 honeypot-sgp-1 sshd[26648]: Disconnected from invalid user ubnt 46.101.132.159 port 59510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:11:44.633Z","@version":"1","message":"Sep 16 21:11:44 honeypot-sgp-1 kernel: [84238809.467295] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=38329 DF PROTO=TCP SPT=61405 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:12:41.658Z","@version":"1","message":"Sep 16 21:12:40 honeypot-sgp-1 sshd[26656]: Received disconnect from 82.112.131.162 port 37896:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:15:32 honeypot-fra-1 sshd[22825]: Connection closed by authenticating user root 194.163.190.53 port 53012 [preauth]","@timestamp":"2022-09-16T21:15:33.611Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:17:25 honeypot-ams-1 sshd[32334]: Disconnected from invalid user job 157.230.47.123 port 33958 [preauth]","@timestamp":"2022-09-16T21:17:26.809Z"}
{"@timestamp":"2022-09-16T21:18:10.786Z","@version":"1","message":"Sep 16 21:18:10 honeypot-sgp-1 sshd[26665]: Received disconnect from 23.105.217.120 port 58786:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22833]: Invalid user testuser from 134.209.151.21 port 49338","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22849]: Invalid user mysql from 134.209.151.21 port 49394","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22846]: Invalid user cloud from 134.209.151.21 port 49340","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22840]: Connection closed by authenticating user root 134.209.151.21 port 49400 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22834]: Connection closed by invalid user ubuntu 134.209.151.21 port 49354 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22850]: Connection closed by invalid user oracle 134.209.151.21 port 49412 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22845]: Connection closed by invalid user user 134.209.151.21 port 49410 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22858]: Connection closed by invalid user ubuntu 134.209.151.21 port 49402 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:21:36.867Z","@version":"1","message":"Sep 16 21:21:36 honeypot-sgp-1 sshd[26669]: Disconnected from invalid user user 92.255.85.69 port 35426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:23:22 honeypot-ams-1 kernel: [84239983.260051] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.245.80.71 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47160 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:23:22.966Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:28:19 honeypot-ams-1 sshd[32341]: Received disconnect from 103.186.48.7 port 48810:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:28:20.097Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:31:59 honeypot-ams-1 kernel: [84240500.498524] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=87 TOS=0x00 PREC=0x00 TTL=252 ID=22174 PROTO=TCP SPT=14627 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:32:00.192Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:33:07 honeypot-fra-1 kernel: [84238400.215742] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.72.78.236 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=42071 DF PROTO=TCP SPT=39970 DPT=80 WINDOW=5648 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:33:08.017Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:38:40 honeypot-ams-1 sshd[32351]: Connection closed by invalid user ubnt 179.60.147.69 port 30392 [preauth]","@timestamp":"2022-09-16T21:38:41.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:12 honeypot-fra-1 sshd[22899]: Invalid user user15 from 122.53.86.126 port 51520","@timestamp":"2022-09-16T21:40:13.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:45 honeypot-fra-1 sshd[22903]: Received disconnect from 165.22.45.108 port 33408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:40:46.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:41:32 honeypot-fra-1 sshd[22908]: Received disconnect from 129.146.241.147 port 44576:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:41:33.213Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:45:24.411Z","@version":"1","message":"Sep 16 21:45:23 honeypot-sgp-1 sshd[26691]: Received disconnect from 92.255.85.69 port 17872:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:47:19 honeypot-ams-1 kernel: [84241420.660777] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=4224 PROTO=TCP SPT=64048 DPT=80 WINDOW=4056 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:47:19.609Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:53:50 honeypot-fra-1 sshd[22913]: Received disconnect from 188.166.176.236 port 55178:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:53:51.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:56:39 honeypot-ams-1 kernel: [84241980.621342] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=18682 DF PROTO=TCP SPT=65514 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:56:39.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:57:12 honeypot-fra-1 sshd[22919]: Invalid user samba from 138.197.19.166 port 59074","@timestamp":"2022-09-16T21:57:13.567Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:01:58.790Z","@version":"1","message":"Sep 16 22:01:58 honeypot-sgp-1 sshd[26695]: Disconnected from authenticating user root 27.50.54.88 port 59934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:02:30 honeypot-fra-1 sshd[22924]: Invalid user admin from 92.255.85.69 port 48954","@timestamp":"2022-09-16T22:02:30.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:05:53 honeypot-fra-1 sshd[22928]: Received disconnect from 182.23.23.42 port 46856:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:05:54.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:07:58 honeypot-fra-1 sshd[22933]: Disconnected from invalid user gi 104.236.237.117 port 35127 [preauth]","@timestamp":"2022-09-16T22:07:58.840Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:08:09.935Z","@version":"1","message":"Sep 16 22:08:09 honeypot-sgp-1 kernel: [84242195.072409] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=41517 DF PROTO=TCP SPT=55966 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:09:01.957Z","@version":"1","message":"Sep 16 22:09:01 honeypot-sgp-1 sshd[26702]: Disconnected from authenticating user root 92.255.85.69 port 32788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:09:53 honeypot-fra-1 sshd[22939]: Invalid user guest from 193.106.191.157 port 45330","@timestamp":"2022-09-16T22:09:53.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:10:49.002Z","@version":"1","message":"Sep 16 22:10:48 honeypot-sgp-1 sshd[26707]: Invalid user user from 45.61.184.204 port 44404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:06.010Z","@version":"1","message":"Sep 16 22:11:05 honeypot-sgp-1 sshd[26711]: Invalid user user from 45.61.184.204 port 38844","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:23.018Z","@version":"1","message":"Sep 16 22:11:22 honeypot-sgp-1 sshd[26715]: Invalid user user from 45.61.184.204 port 33284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:41.027Z","@version":"1","message":"Sep 16 22:11:40 honeypot-sgp-1 sshd[26719]: Connection closed by authenticating user nobody 179.60.147.69 port 14730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:13:29 honeypot-ams-1 kernel: [84242990.296974] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.125.193.34 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24051 DF PROTO=TCP SPT=25878 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:13:29.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:15:52 honeypot-fra-1 kernel: [84240965.392689] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=40767 PROTO=TCP SPT=47936 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:15:53.025Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:18:23 honeypot-ams-1 sshd[32382]: Disconnected from authenticating user root 92.255.85.70 port 62196 [preauth]","@timestamp":"2022-09-16T22:18:24.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:22:42 honeypot-ams-1 sshd[32387]: Invalid user sanjay from 45.120.69.82 port 47054","@timestamp":"2022-09-16T22:22:42.531Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:23:52 honeypot-fra-1 sshd[22953]: Connection closed by authenticating user root 77.99.64.144 port 49318 [preauth]","@timestamp":"2022-09-16T22:23:53.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:26:05 honeypot-fra-1 sshd[22958]: Received disconnect from 92.255.85.70 port 22682:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:26:06.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:26:10 honeypot-ams-1 sshd[32390]: Connection closed by invalid user guest 193.106.191.157 port 46078 [preauth]","@timestamp":"2022-09-16T22:26:10.623Z"}
{"@timestamp":"2022-09-16T22:28:32.418Z","@version":"1","message":"Sep 16 22:28:32 honeypot-sgp-1 sshd[26726]: Invalid user postgres from 71.128.32.24 port 47356","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:30:09.460Z","@version":"1","message":"Sep 16 22:30:08 honeypot-sgp-1 sshd[26731]: Invalid user duci from 143.198.209.48 port 37570","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:33:26.538Z","@version":"1","message":"Sep 16 22:33:26 honeypot-sgp-1 sshd[26735]: Invalid user mysql from 92.255.85.69 port 23638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:34:33 honeypot-fra-1 sshd[22967]: Invalid user ogp_agent from 159.65.218.99 port 58524","@timestamp":"2022-09-16T22:34:33.451Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:35:36 honeypot-ams-1 sshd[32397]: Invalid user oop@123 from 62.84.124.148 port 53124","@timestamp":"2022-09-16T22:35:36.867Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:38:37 honeypot-fra-1 sshd[22971]: Disconnected from invalid user library 165.22.45.108 port 38542 [preauth]","@timestamp":"2022-09-16T22:38:38.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:41:42 honeypot-ams-1 sshd[32400]: Received disconnect from 92.255.85.69 port 58240:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:41:43.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:36 honeypot-fra-1 sshd[22978]: Invalid user admin from 128.199.168.83 port 32278","@timestamp":"2022-09-16T22:44:36.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:45:24 honeypot-ams-1 kernel: [84244906.020415] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.107.107.252 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=2346 PROTO=TCP SPT=22453 DPT=80 WINDOW=44606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:45:25.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:35 honeypot-ams-1 sshd[32410]: Received disconnect from 45.61.184.204 port 52162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T22:45:36.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:54 honeypot-ams-1 sshd[32414]: Invalid user user from 45.61.184.204 port 46348","@timestamp":"2022-09-16T22:45:55.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:46:11 honeypot-ams-1 sshd[32418]: Invalid user user from 45.61.184.204 port 40528","@timestamp":"2022-09-16T22:46:12.162Z"}
{"@timestamp":"2022-09-16T22:48:28.929Z","@version":"1","message":"Sep 16 22:48:28 honeypot-sgp-1 sshd[26738]: Invalid user vhost from 31.3.91.99 port 34866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:48:57 honeypot-fra-1 sshd[22985]: Invalid user mysql from 92.255.85.70 port 42342","@timestamp":"2022-09-16T22:48:58.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:50:04 honeypot-fra-1 sshd[22987]: Connection closed by invalid user support 179.60.147.69 port 11738 [preauth]","@timestamp":"2022-09-16T22:50:05.811Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:52:22 honeypot-ams-1 sshd[32421]: Connection closed by invalid user support 179.60.147.69 port 20572 [preauth]","@timestamp":"2022-09-16T22:52:23.324Z"}
{"@timestamp":"2022-09-16T22:56:22.116Z","@version":"1","message":"Sep 16 22:56:21 honeypot-sgp-1 sshd[26743]: Received disconnect from 92.255.85.70 port 52892:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:57:00 honeypot-ams-1 sshd[32428]: Invalid user nginx from 103.188.176.251 port 58862","@timestamp":"2022-09-16T22:57:00.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:01:50 honeypot-fra-1 kernel: [84243723.016851] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=24487 PROTO=TCP SPT=45414 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:01:51.097Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:05:18 honeypot-ams-1 sshd[32431]: Received disconnect from 92.255.85.69 port 52694:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:05:18.652Z"}
{"@timestamp":"2022-09-16T23:05:56.339Z","@version":"1","message":"Sep 16 23:05:56 honeypot-sgp-1 sshd[26751]: Invalid user admin from 128.199.160.207 port 45914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:05:56.339Z","@version":"1","message":"Sep 16 23:05:56 honeypot-sgp-1 sshd[26757]: Invalid user admin from 128.199.160.207 port 45946","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:11.418Z","@version":"1","message":"Sep 16 23:09:10 honeypot-sgp-1 sshd[26760]: Received disconnect from 45.61.184.204 port 43744:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:30.426Z","@version":"1","message":"Sep 16 23:09:30 honeypot-sgp-1 sshd[26764]: Received disconnect from 45.61.184.204 port 38362:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:49.435Z","@version":"1","message":"Sep 16 23:09:49 honeypot-sgp-1 sshd[26768]: Received disconnect from 45.61.184.204 port 32976:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:10:06.443Z","@version":"1","message":"Sep 16 23:10:05 honeypot-sgp-1 sshd[26772]: Received disconnect from 45.61.184.204 port 55824:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:12:28 honeypot-fra-1 sshd[23000]: Received disconnect from 92.255.85.69 port 26620:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:12:29.337Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:14:52.554Z","@version":"1","message":"Sep 16 23:14:52 honeypot-sgp-1 sshd[26778]: Invalid user user from 45.61.186.49 port 58300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:15:06.561Z","@version":"1","message":"Sep 16 23:15:05 honeypot-sgp-1 sshd[26782]: Invalid user user from 45.61.186.49 port 41330","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:16:35 honeypot-ams-1 kernel: [84246776.350142] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=24760 PROTO=TCP SPT=63749 DPT=80 WINDOW=65274 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:16:35.936Z"}
{"@timestamp":"2022-09-16T23:17:54.627Z","@version":"1","message":"Sep 16 23:17:54 honeypot-sgp-1 sshd[26787]: Disconnected from authenticating user root 103.186.100.72 port 40258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:18:36 honeypot-fra-1 kernel: [84244729.009571] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=88 TOS=0x00 PREC=0x00 TTL=250 ID=24210 PROTO=TCP SPT=21791 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:18:37.478Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:24:56 honeypot-fra-1 kernel: [84245109.068173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39234 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:24:57.621Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T23:25:00.815Z","@version":"1","message":"Sep 16 23:25:00 honeypot-sgp-1 kernel: [84246805.729232] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=106.13.70.166 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=16253 DF PROTO=TCP SPT=26038 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:08 honeypot-ams-1 sshd[32441]: Disconnected from authenticating user root 185.172.77.242 port 59734 [preauth]","@timestamp":"2022-09-16T23:25:09.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32447]: Received disconnect from 185.172.77.242 port 59770:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:10.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:10 honeypot-ams-1 sshd[32453]: Received disconnect from 185.172.77.242 port 59798:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:10 honeypot-ams-1 sshd[32459]: Received disconnect from 185.172.77.242 port 59836:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:11.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:11 honeypot-ams-1 sshd[32465]: Received disconnect from 185.172.77.242 port 59868:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:12 honeypot-ams-1 sshd[32471]: Received disconnect from 185.172.77.242 port 59914:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:13 honeypot-ams-1 sshd[32477]: Received disconnect from 185.172.77.242 port 60050:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:14 honeypot-ams-1 sshd[32483]: Received disconnect from 185.172.77.242 port 60098:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:14 honeypot-ams-1 sshd[32489]: Received disconnect from 185.172.77.242 port 60154:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:15 honeypot-ams-1 sshd[32495]: Received disconnect from 185.172.77.242 port 60198:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:16.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:16 honeypot-ams-1 sshd[32501]: Received disconnect from 185.172.77.242 port 60266:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:17.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:17 honeypot-ams-1 sshd[32507]: Received disconnect from 185.172.77.242 port 60304:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:17 honeypot-ams-1 sshd[32513]: Invalid user admin from 185.172.77.242 port 60346","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32517]: Invalid user admin from 185.172.77.242 port 60370","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32521]: Invalid user admin from 185.172.77.242 port 60408","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32525]: Invalid user admin from 185.172.77.242 port 60428","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32529]: Invalid user admin from 185.172.77.242 port 60448","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32533]: Invalid user user from 185.172.77.242 port 60476","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32537]: Disconnected from authenticating user root 185.172.77.242 port 60508 [preauth]","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32541]: Disconnected from invalid user pi 185.172.77.242 port 60536 [preauth]","@timestamp":"2022-09-16T23:25:22.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32545]: Disconnected from invalid user ethos 185.172.77.242 port 60560 [preauth]","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32549]: Disconnected from invalid user miner 185.172.77.242 port 60600 [preauth]","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32553]: Disconnected from invalid user volumio 185.172.77.242 port 60710 [preauth]","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32557]: Disconnected from invalid user nagios 185.172.77.242 port 60746 [preauth]","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32561]: Disconnected from invalid user vagrant 185.172.77.242 port 60790 [preauth]","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32565]: Disconnected from invalid user debian 185.172.77.242 port 60826 [preauth]","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32569]: Disconnected from invalid user debian 185.172.77.242 port 60854 [preauth]","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32573]: Disconnected from invalid user alarm 185.172.77.242 port 60888 [preauth]","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32577]: Disconnected from invalid user test 185.172.77.242 port 60938 [preauth]","@timestamp":"2022-09-16T23:25:27.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32581]: Disconnected from invalid user cirros 185.172.77.242 port 60976 [preauth]","@timestamp":"2022-09-16T23:25:27.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:29:06 honeypot-ams-1 sshd[32585]: Disconnected from invalid user admin 92.255.85.69 port 15274 [preauth]","@timestamp":"2022-09-16T23:29:07.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:34 honeypot-fra-1 sshd[23023]: Invalid user es from 125.88.226.4 port 41652","@timestamp":"2022-09-16T23:29:34.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:35 honeypot-fra-1 sshd[23033]: Connection closed by invalid user ftpuser 125.88.226.4 port 41686 [preauth]","@timestamp":"2022-09-16T23:29:35.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:36 honeypot-fra-1 sshd[23045]: Connection closed by invalid user vagrant 125.88.226.4 port 41670 [preauth]","@timestamp":"2022-09-16T23:29:36.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:37 honeypot-fra-1 sshd[23029]: Connection closed by invalid user es 125.88.226.4 port 41650 [preauth]","@timestamp":"2022-09-16T23:29:38.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:40 honeypot-fra-1 sshd[23025]: Invalid user postgres from 125.88.226.4 port 41702","@timestamp":"2022-09-16T23:29:40.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:04 honeypot-fra-1 sshd[23021]: Invalid user ftpuser from 125.88.226.4 port 41668","@timestamp":"2022-09-16T23:30:04.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:07 honeypot-fra-1 sshd[23021]: Connection closed by invalid user ftpuser 125.88.226.4 port 41668 [preauth]","@timestamp":"2022-09-16T23:30:07.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:11 honeypot-fra-1 sshd[23024]: Connection closed by invalid user guest 125.88.226.4 port 41692 [preauth]","@timestamp":"2022-09-16T23:30:12.747Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:22 honeypot-fra-1 sshd[23042]: Invalid user ubuntu from 125.88.226.4 port 41648","@timestamp":"2022-09-16T23:30:22.752Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:34:12 honeypot-ams-1 sshd[32590]: Disconnected from invalid user surat 161.97.104.148 port 45922 [preauth]","@timestamp":"2022-09-16T23:34:12.448Z"}
{"@timestamp":"2022-09-16T23:36:02.070Z","@version":"1","message":"Sep 16 23:36:01 honeypot-sgp-1 sshd[26799]: Disconnecting invalid user admin 207.65.145.87 port 45072: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:36:14 honeypot-fra-1 sshd[23077]: Invalid user admin from 92.255.85.69 port 57706","@timestamp":"2022-09-16T23:36:14.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:38:11 honeypot-fra-1 sshd[23081]: Connection closed by authenticating user root 194.163.190.53 port 52902 [preauth]","@timestamp":"2022-09-16T23:38:12.930Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:45:18.286Z","@version":"1","message":"Sep 16 23:45:17 honeypot-sgp-1 sshd[26805]: Received disconnect from 172.87.22.100 port 35324:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:46:02 honeypot-ams-1 sshd[32596]: Connection closed by 154.89.5.117 port 57400 [preauth]","@timestamp":"2022-09-16T23:46:03.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:57:40 honeypot-fra-1 sshd[23091]: Connection closed by authenticating user root 194.163.190.53 port 50244 [preauth]","@timestamp":"2022-09-16T23:57:41.369Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:59:32 honeypot-ams-1 kernel: [84249353.943400] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=29663 DF PROTO=TCP SPT=58958 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T23:59:33.112Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:59:47 honeypot-fra-1 sshd[23096]: Disconnected from invalid user init 92.255.85.70 port 40854 [preauth]","@timestamp":"2022-09-16T23:59:48.421Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:01:54.672Z","@version":"1","message":"Sep 17 00:01:53 honeypot-sgp-1 sshd[26808]: Invalid user support from 179.60.147.69 port 6792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:02:11 honeypot-fra-1 sshd[23102]: Invalid user ripple from 186.117.165.67 port 48022","@timestamp":"2022-09-17T00:02:12.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:04:28 honeypot-fra-1 sshd[23106]: Disconnected from authenticating user root 107.173.25.166 port 57784 [preauth]","@timestamp":"2022-09-17T00:04:28.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:12:34.938Z","@version":"1","message":"Sep 17 00:12:34 honeypot-sgp-1 kernel: [84249659.644411] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=88 TOS=0x00 PREC=0x00 TTL=245 ID=20222 PROTO=TCP SPT=21115 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:13:01 honeypot-fra-1 sshd[23112]: Did not receive identification string from 179.43.156.143 port 58128","@timestamp":"2022-09-17T00:13:01.729Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:13:02 honeypot-ams-1 kernel: [84250163.658682] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.32.143.129 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x60 TTL=48 ID=4641 DF PROTO=TCP SPT=46229 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:13:03.477Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:14:40 honeypot-fra-1 sshd[23117]: Disconnected from authenticating user root 179.43.156.143 port 56286 [preauth]","@timestamp":"2022-09-17T00:14:41.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:16:27 honeypot-fra-1 sshd[23123]: Received disconnect from 179.43.156.143 port 45904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:16:27.833Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:01 honeypot-ams-1 CRON[32609]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T00:17:01.585Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:01 honeypot-fra-1 sshd[23128]: Disconnected from invalid user nutanix 179.43.156.143 port 42462 [preauth]","@timestamp":"2022-09-17T00:17:01.848Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:36 honeypot-fra-1 sshd[23138]: Invalid user ossuser from 179.43.156.143 port 39000","@timestamp":"2022-09-17T00:17:37.865Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:38 honeypot-ams-1 sshd[32615]: Disconnected from authenticating user root 101.231.146.34 port 38290 [preauth]","@timestamp":"2022-09-17T00:17:39.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:38 honeypot-fra-1 sshd[23140]: Received disconnect from 27.77.249.10 port 48584:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:39.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:43 honeypot-fra-1 sshd[23146]: Received disconnect from 27.77.249.10 port 48966:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:43.868Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:47 honeypot-fra-1 sshd[23152]: Received disconnect from 27.77.249.10 port 49110:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:47.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:51 honeypot-fra-1 sshd[23158]: Received disconnect from 27.77.249.10 port 49404:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:51.873Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:55 honeypot-ams-1 sshd[32619]: Disconnected from invalid user user 45.61.186.249 port 50758 [preauth]","@timestamp":"2022-09-17T00:17:55.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:55 honeypot-fra-1 sshd[23164]: Received disconnect from 27.77.249.10 port 49582:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:55.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:59 honeypot-fra-1 sshd[23170]: Received disconnect from 27.77.249.10 port 49836:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:00.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:03 honeypot-fra-1 sshd[23177]: Received disconnect from 27.77.249.10 port 50012:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:04.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:08 honeypot-fra-1 sshd[23183]: Received disconnect from 27.77.249.10 port 50118:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:08.883Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:12 honeypot-fra-1 sshd[23189]: Received disconnect from 27.77.249.10 port 50410:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:12.885Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:13 honeypot-fra-1 sshd[23191]: Disconnected from authenticating user root 27.77.249.10 port 50478 [preauth]","@timestamp":"2022-09-17T00:18:13.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:14 honeypot-ams-1 sshd[32623]: Disconnected from invalid user user 45.61.186.249 port 44958 [preauth]","@timestamp":"2022-09-17T00:18:14.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:17 honeypot-fra-1 sshd[23199]: Disconnected from authenticating user root 27.77.249.10 port 50590 [preauth]","@timestamp":"2022-09-17T00:18:17.888Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:22 honeypot-fra-1 sshd[23205]: Disconnected from authenticating user root 27.77.249.10 port 50858 [preauth]","@timestamp":"2022-09-17T00:18:22.892Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:26 honeypot-fra-1 sshd[23211]: Invalid user admin from 27.77.249.10 port 51016","@timestamp":"2022-09-17T00:18:26.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:28 honeypot-fra-1 sshd[23215]: Invalid user admin from 27.77.249.10 port 51110","@timestamp":"2022-09-17T00:18:29.896Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:31 honeypot-ams-1 sshd[32627]: Disconnected from invalid user user 45.61.186.249 port 39158 [preauth]","@timestamp":"2022-09-17T00:18:31.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:31 honeypot-fra-1 sshd[23219]: Invalid user admin from 27.77.249.10 port 51328","@timestamp":"2022-09-17T00:18:31.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:34 honeypot-fra-1 sshd[23223]: Invalid user admin from 27.77.249.10 port 51452","@timestamp":"2022-09-17T00:18:34.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:37 honeypot-fra-1 sshd[23227]: Invalid user admin from 27.77.249.10 port 51526","@timestamp":"2022-09-17T00:18:37.902Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:40 honeypot-fra-1 sshd[23231]: Received disconnect from 27.77.249.10 port 51734:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:40.903Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:43 honeypot-fra-1 sshd[23235]: Disconnected from invalid user pi 27.77.249.10 port 51878 [preauth]","@timestamp":"2022-09-17T00:18:43.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:45 honeypot-fra-1 sshd[23239]: Disconnected from invalid user user 27.77.249.10 port 51940 [preauth]","@timestamp":"2022-09-17T00:18:46.907Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:48 honeypot-fra-1 sshd[23243]: Disconnected from invalid user mine 27.77.249.10 port 52010 [preauth]","@timestamp":"2022-09-17T00:18:48.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:51 honeypot-fra-1 sshd[23247]: Invalid user xbmc from 27.77.249.10 port 52256","@timestamp":"2022-09-17T00:18:51.911Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:53 honeypot-fra-1 sshd[23253]: Invalid user oracle from 27.77.249.10 port 52382","@timestamp":"2022-09-17T00:18:54.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:56 honeypot-fra-1 sshd[23257]: Invalid user postgres from 27.77.249.10 port 52456","@timestamp":"2022-09-17T00:18:56.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:59 honeypot-fra-1 sshd[23261]: Invalid user support from 27.77.249.10 port 52650","@timestamp":"2022-09-17T00:18:59.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:02 honeypot-fra-1 sshd[23265]: Invalid user ubuntu from 27.77.249.10 port 52798","@timestamp":"2022-09-17T00:19:02.916Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:05 honeypot-fra-1 sshd[23269]: Invalid user ubuntu from 27.77.249.10 port 52900","@timestamp":"2022-09-17T00:19:05.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:07 honeypot-fra-1 sshd[23273]: Invalid user guest from 27.77.249.10 port 52982","@timestamp":"2022-09-17T00:19:08.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:10 honeypot-fra-1 sshd[23277]: Invalid user cirros from 27.77.249.10 port 53208","@timestamp":"2022-09-17T00:19:10.922Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:28 honeypot-fra-1 sshd[23281]: Received disconnect from 179.43.156.143 port 56890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:19:28.930Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:20:08 honeypot-ams-1 sshd[32631]: Connection closed by invalid user pi 95.91.249.69 port 41061 [preauth]","@timestamp":"2022-09-17T00:20:08.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:20:52 honeypot-fra-1 sshd[23287]: Invalid user git from 141.98.10.158 port 49208","@timestamp":"2022-09-17T00:20:52.964Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:21:04.137Z","@version":"1","message":"Sep 17 00:21:03 honeypot-sgp-1 sshd[26818]: Received disconnect from 157.230.132.100 port 34312:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:21:21 honeypot-ams-1 sshd[32637]: Invalid user pufferd from 202.47.117.222 port 60820","@timestamp":"2022-09-17T00:21:21.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:22:04 honeypot-fra-1 sshd[23293]: Received disconnect from 179.43.156.143 port 43012:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:22:04.995Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:24:47 honeypot-ams-1 sshd[32640]: Received disconnect from 187.190.40.6 port 10304:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:24:47.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32655]: Invalid user oracle from 36.93.83.5 port 43382","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32659]: Invalid user test from 36.93.83.5 port 43500","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32653]: Connection closed by invalid user test 36.93.83.5 port 43506 [preauth]","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32648]: Invalid user odoo from 36.93.83.5 port 43374","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32661]: Connection closed by invalid user michael 36.93.83.5 port 43248 [preauth]","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32662]: Connection closed by invalid user admin 36.93.83.5 port 43184 [preauth]","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32658]: Connection closed by invalid user oracle 36.93.83.5 port 43348 [preauth]","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:32 honeypot-ams-1 sshd[32656]: Connection closed by invalid user chia 36.93.83.5 port 43334 [preauth]","@timestamp":"2022-09-17T00:26:32.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:34 honeypot-ams-1 sshd[32693]: Connection closed by invalid user steam 36.93.83.5 port 43200 [preauth]","@timestamp":"2022-09-17T00:26:34.858Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:26:59 honeypot-fra-1 sshd[23300]: Connection closed by authenticating user root 194.163.190.53 port 55946 [preauth]","@timestamp":"2022-09-17T00:27:00.111Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:27:57.301Z","@version":"1","message":"Sep 17 00:27:56 honeypot-sgp-1 kernel: [84250581.948198] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=12404 DF PROTO=TCP SPT=59500 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:34:17 honeypot-fra-1 sshd[23307]: Disconnected from invalid user libsys 165.22.45.108 port 48816 [preauth]","@timestamp":"2022-09-17T00:34:18.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:36:15 honeypot-ams-1 kernel: [84251555.994694] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=17949 PROTO=TCP SPT=59040 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:36:15.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:38:15 honeypot-ams-1 sshd[32709]: Disconnected from invalid user er 202.77.105.98 port 40330 [preauth]","@timestamp":"2022-09-17T00:38:16.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:40:51 honeypot-ams-1 sshd[32716]: Disconnected from invalid user celery 51.15.221.3 port 59436 [preauth]","@timestamp":"2022-09-17T00:40:52.240Z"}
{"@timestamp":"2022-09-17T00:41:12.612Z","@version":"1","message":"Sep 17 00:41:12 honeypot-sgp-1 kernel: [84251377.465037] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=43667 DF PROTO=TCP SPT=52770 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:41:25 honeypot-fra-1 sshd[23314]: Invalid user user from 193.106.191.157 port 58300","@timestamp":"2022-09-17T00:41:25.446Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:47:21 honeypot-fra-1 sshd[23321]: Disconnected from authenticating user root 92.255.85.69 port 55038 [preauth]","@timestamp":"2022-09-17T00:47:21.583Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:47:33 honeypot-ams-1 kernel: [84252233.989308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.22.30.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=1203 PROTO=TCP SPT=50223 DPT=80 WINDOW=7421 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:47:33.435Z"}
{"@timestamp":"2022-09-17T00:54:54.938Z","@version":"1","message":"Sep 17 00:54:54 honeypot-sgp-1 kernel: [84252199.358908] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.215.9 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48631 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:55:05 honeypot-ams-1 kernel: [84252686.876924] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.218.5.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=47597 PROTO=TCP SPT=42028 DPT=443 WINDOW=21698 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:55:06.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:58:17 honeypot-fra-1 kernel: [84250709.272828] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=51962 PROTO=TCP SPT=52626 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:58:17.832Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:59:04 honeypot-ams-1 kernel: [84252925.010124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46467 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:59:04.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:36 honeypot-ams-1 sshd[32728]: Disconnected from invalid user user 45.61.187.160 port 53908 [preauth]","@timestamp":"2022-09-17T00:59:37.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:55 honeypot-ams-1 sshd[32732]: Disconnected from invalid user user 45.61.187.160 port 48484 [preauth]","@timestamp":"2022-09-17T00:59:55.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:14 honeypot-ams-1 sshd[32736]: Disconnected from invalid user user 45.61.187.160 port 42926 [preauth]","@timestamp":"2022-09-17T01:00:14.782Z"}
{"@timestamp":"2022-09-17T01:02:23.116Z","@version":"1","message":"Sep 17 01:02:22 honeypot-sgp-1 sshd[26839]: Invalid user wwwrocket from 194.67.27.30 port 41914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:03:04 honeypot-ams-1 kernel: [84253165.334565] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.133 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44886 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:03:04.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:18 honeypot-ams-1 sshd[32747]: Received disconnect from 116.70.238.244 port 58423:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:18.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:22 honeypot-ams-1 sshd[32751]: Disconnected from authenticating user root 116.70.238.244 port 58518 [preauth]","@timestamp":"2022-09-17T01:06:22.953Z"}
{"@timestamp":"2022-09-17T01:06:27.212Z","@version":"1","message":"Sep 17 01:06:27 honeypot-sgp-1 sshd[26844]: Received disconnect from 223.70.243.190 port 54596:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:29 honeypot-ams-1 sshd[32757]: Disconnected from authenticating user root 116.70.238.244 port 58715 [preauth]","@timestamp":"2022-09-17T01:06:29.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:36 honeypot-ams-1 sshd[32763]: Disconnected from authenticating user root 116.70.238.244 port 58858 [preauth]","@timestamp":"2022-09-17T01:06:36.962Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:43 honeypot-ams-1 sshd[301]: Disconnected from authenticating user root 116.70.238.244 port 59058 [preauth]","@timestamp":"2022-09-17T01:06:43.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:08:59 honeypot-fra-1 sshd[23332]: Disconnected from authenticating user root 51.38.49.17 port 40448 [preauth]","@timestamp":"2022-09-17T01:09:00.075Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:11:03.323Z","@version":"1","message":"Sep 17 01:11:02 honeypot-sgp-1 sshd[26849]: Received disconnect from 178.176.228.45 port 45290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T01:13:56.391Z","@version":"1","message":"Sep 17 01:13:55 honeypot-sgp-1 kernel: [84253340.832942] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=24803 DF PROTO=TCP SPT=55866 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:14:47 honeypot-fra-1 sshd[23339]: Invalid user morgan from 128.199.238.70 port 48438","@timestamp":"2022-09-17T01:14:48.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:17:01 honeypot-fra-1 CRON[23345]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T01:17:01.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:17:01.468Z","@version":"1","message":"Sep 17 01:17:01 honeypot-sgp-1 CRON[26858]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:17:07 honeypot-ams-1 sshd[310]: Invalid user user from 193.106.191.157 port 46872","@timestamp":"2022-09-17T01:17:08.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:25:46 honeypot-fra-1 sshd[23351]: Connection closed by authenticating user root 103.188.176.251 port 44202 [preauth]","@timestamp":"2022-09-17T01:25:46.460Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:26:15 honeypot-ams-1 sshd[330]: Disconnected from authenticating user root 92.255.85.69 port 46736 [preauth]","@timestamp":"2022-09-17T01:26:16.482Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:28:31 honeypot-fra-1 sshd[23358]: Disconnected from authenticating user root 165.227.196.229 port 58084 [preauth]","@timestamp":"2022-09-17T01:28:31.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:33:17.847Z","@version":"1","message":"Sep 17 01:33:17 honeypot-sgp-1 sshd[26863]: Disconnected from invalid user superadmin 91.240.118.222 port 38896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:33:44 honeypot-fra-1 sshd[23365]: Received disconnect from 92.255.85.70 port 26642:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:33:45.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:34:13 honeypot-fra-1 sshd[23369]: Disconnected from authenticating user root 128.199.73.168 port 45418 [preauth]","@timestamp":"2022-09-17T01:34:13.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:36:55 honeypot-ams-1 kernel: [84255196.597928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=38220 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:36:55.773Z"}
{"@timestamp":"2022-09-17T01:38:18.969Z","@version":"1","message":"Sep 17 01:38:18 honeypot-sgp-1 sshd[26870]: Connection closed by invalid user admin 121.130.13.166 port 54019 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:41:08 honeypot-ams-1 sshd[342]: Invalid user admin from 177.74.124.101 port 45454","@timestamp":"2022-09-17T01:41:08.894Z"}
{"@timestamp":"2022-09-17T01:44:43.120Z","@version":"1","message":"Sep 17 01:44:42 honeypot-sgp-1 sshd[26877]: Received disconnect from 199.192.24.154 port 49290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:45:04 honeypot-ams-1 kernel: [84255685.543804] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.182 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=47942 PROTO=TCP SPT=49874 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:45:05.000Z"}
{"@timestamp":"2022-09-17T01:48:53.222Z","@version":"1","message":"Sep 17 01:48:52 honeypot-sgp-1 sshd[26884]: Received disconnect from 186.121.203.115 port 45740:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:49:40 honeypot-ams-1 sshd[349]: Disconnected from authenticating user root 92.255.85.70 port 44530 [preauth]","@timestamp":"2022-09-17T01:49:41.125Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:51:37 honeypot-fra-1 sshd[23377]: Invalid user test from 179.60.147.69 port 8492","@timestamp":"2022-09-17T01:51:38.058Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:53:07.330Z","@version":"1","message":"Sep 17 01:53:07 honeypot-sgp-1 kernel: [84255692.216681] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=44967 PROTO=TCP SPT=3232 DPT=443 WINDOW=42809 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:53:58 honeypot-ams-1 sshd[354]: Connection closed by invalid user test 179.60.147.69 port 55370 [preauth]","@timestamp":"2022-09-17T01:53:59.243Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:59:26 honeypot-ams-1 kernel: [84256547.654243] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=47465 PROTO=TCP SPT=47936 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:59:27.395Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:00:52 honeypot-fra-1 sshd[23384]: Connection closed by authenticating user root 194.163.190.53 port 35324 [preauth]","@timestamp":"2022-09-17T02:00:52.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23393]: Invalid user devops from 168.167.72.179 port 3161","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23400]: Invalid user admin from 168.167.72.179 port 3227","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23412]: Invalid user postgres from 168.167.72.179 port 3146","@timestamp":"2022-09-17T02:03:21.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23396]: Connection closed by invalid user oracle 168.167.72.179 port 3152 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23399]: Connection closed by invalid user testuser 168.167.72.179 port 3135 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23406]: Connection closed by invalid user es 168.167.72.179 port 3159 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23411]: Connection closed by invalid user admin 168.167.72.179 port 3147 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:04:14.608Z","@version":"1","message":"Sep 17 02:04:14 honeypot-sgp-1 sshd[26892]: Disconnected from authenticating user root 92.255.85.69 port 25212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:06:40 honeypot-ams-1 kernel: [84256981.342455] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=46528 DF PROTO=TCP SPT=55739 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T02:06:40.596Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:07:47 honeypot-fra-1 kernel: [84254879.018754] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=52081 PROTO=TCP SPT=40322 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:07:47.427Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:08:58 honeypot-ams-1 sshd[364]: Invalid user autonavi from 52.178.155.67 port 1024","@timestamp":"2022-09-17T02:08:59.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:14:27 honeypot-ams-1 sshd[369]: Received disconnect from 209.141.52.250 port 36678:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:14:27.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:16:16 honeypot-fra-1 sshd[23444]: Disconnected from authenticating user root 128.199.171.119 port 54172 [preauth]","@timestamp":"2022-09-17T02:16:16.621Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:17:01 honeypot-ams-1 CRON[373]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T02:17:01.884Z"}
{"@timestamp":"2022-09-17T02:17:01.944Z","@version":"1","message":"Sep 17 02:17:01 honeypot-sgp-1 CRON[26901]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:20:27 honeypot-ams-1 sshd[381]: Invalid user sys_admin from 159.65.151.241 port 37794","@timestamp":"2022-09-17T02:20:28.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:21:28 honeypot-ams-1 sshd[385]: Invalid user oex from 107.170.113.190 port 34040","@timestamp":"2022-09-17T02:21:29.035Z"}
{"@timestamp":"2022-09-17T02:26:43.187Z","@version":"1","message":"Sep 17 02:26:42 honeypot-sgp-1 sshd[26905]: Connection closed by invalid user debian 179.60.147.69 port 51172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:26:58.195Z","@version":"1","message":"Sep 17 02:26:58 honeypot-sgp-1 sshd[26910]: Received disconnect from 45.61.186.49 port 53194:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:08.200Z","@version":"1","message":"Sep 17 02:27:07 honeypot-sgp-1 sshd[26914]: Received disconnect from 45.61.186.49 port 35952:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:27:50 honeypot-fra-1 sshd[23454]: Invalid user debian from 179.60.147.69 port 9728","@timestamp":"2022-09-17T02:27:50.883Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:30:02 honeypot-ams-1 sshd[389]: Connection closed by invalid user debian 179.60.147.69 port 2324 [preauth]","@timestamp":"2022-09-17T02:30:02.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:30:27 honeypot-fra-1 kernel: [84256239.134024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=1065 PROTO=TCP SPT=41804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:30:27.944Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T02:30:58.298Z","@version":"1","message":"Sep 17 02:30:57 honeypot-sgp-1 sshd[26919]: Received disconnect from 209.97.183.120 port 57444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:32:57 honeypot-ams-1 sshd[395]: Invalid user admin from 85.31.46.45 port 52332","@timestamp":"2022-09-17T02:32:57.350Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:25 honeypot-ams-1 sshd[399]: Received disconnect from 85.31.46.45 port 32788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:33:26.364Z"}
{"@timestamp":"2022-09-17T02:33:45.368Z","@version":"1","message":"Sep 17 02:33:45 honeypot-sgp-1 sshd[26923]: Disconnected from authenticating user root 170.210.46.4 port 50302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:34:07 honeypot-ams-1 sshd[406]: Received disconnect from 85.31.46.45 port 59684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:34:08.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:34:35 honeypot-ams-1 sshd[411]: Disconnected from authenticating user root 85.31.46.45 port 40164 [preauth]","@timestamp":"2022-09-17T02:34:36.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:34:58 honeypot-fra-1 kernel: [84256509.934305] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.95.173 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=48398 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:34:58.046Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:35:18 honeypot-ams-1 sshd[417]: Received disconnect from 85.31.46.45 port 38844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:35:18.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:36:53 honeypot-ams-1 sshd[425]: Received disconnect from 92.255.85.69 port 26596:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:36:54.464Z"}
{"@timestamp":"2022-09-17T02:40:54.544Z","@version":"1","message":"Sep 17 02:40:53 honeypot-sgp-1 sshd[26930]: Received disconnect from 27.118.22.221 port 39540:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:25 honeypot-fra-1 sshd[23470]: Invalid user user from 45.61.186.169 port 37968","@timestamp":"2022-09-17T02:41:26.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:43 honeypot-fra-1 sshd[23474]: Invalid user user from 45.61.186.169 port 60720","@timestamp":"2022-09-17T02:41:43.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:59 honeypot-fra-1 sshd[23478]: Invalid user user from 45.61.186.169 port 55242","@timestamp":"2022-09-17T02:42:00.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:42:15 honeypot-fra-1 sshd[23482]: Invalid user user from 45.61.186.169 port 49774","@timestamp":"2022-09-17T02:42:16.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:08 honeypot-ams-1 sshd[428]: Received disconnect from 60.179.177.78 port 54016:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:08.660Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:11 honeypot-ams-1 sshd[433]: Disconnected from invalid user ubnt 60.179.177.78 port 54232 [preauth]","@timestamp":"2022-09-17T02:44:12.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:17 honeypot-ams-1 sshd[439]: Disconnected from authenticating user root 60.179.177.78 port 54546 [preauth]","@timestamp":"2022-09-17T02:44:17.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:23 honeypot-ams-1 sshd[445]: Disconnected from authenticating user root 60.179.177.78 port 54884 [preauth]","@timestamp":"2022-09-17T02:44:23.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:28 honeypot-ams-1 sshd[451]: Disconnected from authenticating user root 60.179.177.78 port 55188 [preauth]","@timestamp":"2022-09-17T02:44:29.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:34 honeypot-ams-1 sshd[457]: Disconnected from authenticating user root 60.179.177.78 port 55518 [preauth]","@timestamp":"2022-09-17T02:44:34.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:40 honeypot-ams-1 sshd[463]: Disconnected from authenticating user root 60.179.177.78 port 55848 [preauth]","@timestamp":"2022-09-17T02:44:40.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:45 honeypot-ams-1 sshd[469]: Disconnected from authenticating user root 60.179.177.78 port 56174 [preauth]","@timestamp":"2022-09-17T02:44:46.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:51 honeypot-ams-1 sshd[475]: Disconnected from authenticating user root 60.179.177.78 port 56490 [preauth]","@timestamp":"2022-09-17T02:44:51.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:57 honeypot-ams-1 sshd[481]: Disconnected from authenticating user root 60.179.177.78 port 56820 [preauth]","@timestamp":"2022-09-17T02:44:57.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:02 honeypot-ams-1 sshd[487]: Disconnected from authenticating user root 60.179.177.78 port 57138 [preauth]","@timestamp":"2022-09-17T02:45:03.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:08 honeypot-ams-1 sshd[493]: Disconnected from authenticating user root 60.179.177.78 port 57466 [preauth]","@timestamp":"2022-09-17T02:45:08.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:14 honeypot-ams-1 sshd[499]: Disconnected from authenticating user root 60.179.177.78 port 57818 [preauth]","@timestamp":"2022-09-17T02:45:14.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:18 honeypot-ams-1 sshd[503]: Disconnected from invalid user admin 60.179.177.78 port 58044 [preauth]","@timestamp":"2022-09-17T02:45:18.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:22 honeypot-ams-1 sshd[507]: Disconnected from invalid user admin 60.179.177.78 port 58312 [preauth]","@timestamp":"2022-09-17T02:45:22.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:26 honeypot-ams-1 sshd[511]: Disconnected from invalid user admin 60.179.177.78 port 58532 [preauth]","@timestamp":"2022-09-17T02:45:26.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:30 honeypot-ams-1 sshd[515]: Disconnected from invalid user admin 60.179.177.78 port 58750 [preauth]","@timestamp":"2022-09-17T02:45:30.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:33 honeypot-ams-1 sshd[519]: Disconnected from invalid user admin 60.179.177.78 port 58976 [preauth]","@timestamp":"2022-09-17T02:45:34.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:39 honeypot-ams-1 sshd[525]: Received disconnect from 60.179.177.78 port 59298:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:39.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:43 honeypot-ams-1 sshd[529]: Received disconnect from 60.179.177.78 port 59528:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:43.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:47 honeypot-ams-1 sshd[533]: Received disconnect from 60.179.177.78 port 59746:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:47.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:51 honeypot-ams-1 sshd[537]: Received disconnect from 60.179.177.78 port 59966:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:51.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:54 honeypot-ams-1 sshd[541]: Received disconnect from 60.179.177.78 port 60184:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:55.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:58 honeypot-ams-1 sshd[545]: Received disconnect from 60.179.177.78 port 60422:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:59.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:02 honeypot-ams-1 sshd[549]: Received disconnect from 60.179.177.78 port 60656:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:02.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:06 honeypot-ams-1 sshd[553]: Received disconnect from 60.179.177.78 port 60864:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:06.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:10 honeypot-ams-1 sshd[557]: Received disconnect from 60.179.177.78 port 32852:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:10.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:14 honeypot-ams-1 sshd[561]: Received disconnect from 60.179.177.78 port 33120:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:14.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:17 honeypot-ams-1 sshd[565]: Received disconnect from 60.179.177.78 port 33332:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:18.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:21 honeypot-ams-1 sshd[569]: Received disconnect from 60.179.177.78 port 33570:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:21.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:47:13 honeypot-fra-1 sshd[23487]: Connection closed by 167.94.138.63 port 38610 [preauth]","@timestamp":"2022-09-17T02:47:13.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:48:18 honeypot-fra-1 sshd[23491]: Disconnected from invalid user superadmin 91.240.118.222 port 49834 [preauth]","@timestamp":"2022-09-17T02:48:19.351Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:52:57.843Z","@version":"1","message":"Sep 17 02:52:57 honeypot-sgp-1 kernel: [84259282.265517] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.159.102.65 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=45370 PROTO=TCP SPT=43000 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:59:28 honeypot-fra-1 sshd[23501]: Invalid user www from 213.74.115.162 port 36714","@timestamp":"2022-09-17T02:59:28.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:00:19 honeypot-fra-1 sshd[23506]: Connection closed by invalid user admin 122.117.240.70 port 54068 [preauth]","@timestamp":"2022-09-17T03:00:19.624Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:00:40 honeypot-ams-1 sshd[573]: Received disconnect from 92.255.85.70 port 29500:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:00:41.118Z"}
{"@timestamp":"2022-09-17T03:02:52.090Z","@version":"1","message":"Sep 17 03:02:52 honeypot-sgp-1 kernel: [84259876.961645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=28957 DF PROTO=TCP SPT=61498 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:04:32 honeypot-fra-1 kernel: [84258283.902364] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3098 PROTO=TCP SPT=43604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:04:32.727Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:07:27 honeypot-ams-1 kernel: [84260628.816854] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=25993 PROTO=TCP SPT=44044 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:07:28.304Z"}
{"@timestamp":"2022-09-17T03:13:15.356Z","@version":"1","message":"Sep 17 03:13:14 honeypot-sgp-1 kernel: [84260499.415676] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.143 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=57567 PROTO=TCP SPT=39157 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:13:20 honeypot-fra-1 kernel: [84258812.813973] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.203.113.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=5296 PROTO=TCP SPT=50135 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:13:21.926Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:16:16 honeypot-fra-1 sshd[23522]: Disconnected from authenticating user root 186.209.111.2 port 57104 [preauth]","@timestamp":"2022-09-17T03:16:16.994Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:17:10 honeypot-ams-1 sshd[582]: Disconnected from invalid user zes 160.251.83.115 port 60856 [preauth]","@timestamp":"2022-09-17T03:17:10.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:21:24 honeypot-ams-1 sshd[586]: Disconnected from invalid user lico 46.101.82.89 port 59630 [preauth]","@timestamp":"2022-09-17T03:21:25.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:25:07 honeypot-fra-1 sshd[23532]: Invalid user chaunte from 219.78.72.195 port 43230","@timestamp":"2022-09-17T03:25:08.190Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:26:50.694Z","@version":"1","message":"Sep 17 03:26:49 honeypot-sgp-1 sshd[26948]: Connection reset by 124.71.209.98 port 54006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:26:56 honeypot-fra-1 sshd[23536]: Received disconnect from 45.61.186.49 port 59920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:26:56.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:06 honeypot-fra-1 sshd[23540]: Received disconnect from 45.61.186.49 port 43286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:27:07.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:54 honeypot-fra-1 sshd[23544]: Received disconnect from 165.22.45.108 port 35984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:27:54.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:05 honeypot-ams-1 sshd[594]: Invalid user user from 45.61.186.49 port 52342","@timestamp":"2022-09-17T03:36:06.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:16 honeypot-ams-1 sshd[598]: Invalid user user from 45.61.186.49 port 35762","@timestamp":"2022-09-17T03:36:17.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:37:37 honeypot-ams-1 sshd[602]: Invalid user graal from 93.153.192.254 port 33800","@timestamp":"2022-09-17T03:37:38.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:38:44 honeypot-fra-1 kernel: [84260336.447220] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42121 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:38:45.501Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T03:38:48.984Z","@version":"1","message":"Sep 17 03:38:48 honeypot-sgp-1 sshd[26957]: Connection closed by authenticating user root 179.60.147.69 port 56538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:39:53 honeypot-ams-1 kernel: [84262574.414331] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51360 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:39:54.160Z"}
{"@timestamp":"2022-09-17T03:42:58.086Z","@version":"1","message":"Sep 17 03:42:57 honeypot-sgp-1 sshd[26961]: Received disconnect from 187.102.174.154 port 53854:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:43:06 honeypot-fra-1 kernel: [84260598.595965] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=15205 PROTO=TCP SPT=24933 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:43:07.607Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T03:48:53.231Z","@version":"1","message":"Sep 17 03:48:52 honeypot-sgp-1 sshd[26966]: Invalid user ze from 137.184.123.69 port 40872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:49:00 honeypot-ams-1 sshd[612]: Connection closed by invalid user user 193.106.191.157 port 34130 [preauth]","@timestamp":"2022-09-17T03:49:01.391Z"}
{"@timestamp":"2022-09-17T03:51:05.287Z","@version":"1","message":"Sep 17 03:51:04 honeypot-sgp-1 sshd[26982]: Received disconnect from 24.69.190.84 port 45804:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:52:07 honeypot-fra-1 sshd[23564]: Received disconnect from 182.70.115.11 port 46606:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:52:07.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:55:34 honeypot-fra-1 sshd[23568]: Disconnected from invalid user ansible 104.248.123.197 port 41624 [preauth]","@timestamp":"2022-09-17T03:55:34.899Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:57:33 honeypot-ams-1 sshd[615]: Disconnected from invalid user ftpuser 43.155.83.218 port 35724 [preauth]","@timestamp":"2022-09-17T03:57:33.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:59:07 honeypot-fra-1 sshd[23575]: Connection closed by invalid user user 193.106.191.157 port 45162 [preauth]","@timestamp":"2022-09-17T03:59:08.020Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:07:40 honeypot-ams-1 kernel: [84264241.409733] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=32297 DF PROTO=TCP SPT=58423 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T04:07:40.888Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:09:28 honeypot-fra-1 sshd[23580]: Connection closed by authenticating user root 194.163.190.53 port 53090 [preauth]","@timestamp":"2022-09-17T04:09:28.261Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:11:54.787Z","@version":"1","message":"Sep 17 04:11:54 honeypot-sgp-1 sshd[26987]: Disconnected from authenticating user root 61.177.173.53 port 28024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:16:29 honeypot-fra-1 sshd[23589]: Connection closed by invalid user default 179.60.147.69 port 36942 [preauth]","@timestamp":"2022-09-17T04:16:30.427Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:17:01 honeypot-ams-1 CRON[623]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T04:17:01.138Z"}
{"@timestamp":"2022-09-17T04:17:01.916Z","@version":"1","message":"Sep 17 04:17:01 honeypot-sgp-1 CRON[26996]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:19:29 honeypot-fra-1 kernel: [84262780.785015] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.213.219 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47474 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:19:29.498Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:20:21 honeypot-ams-1 kernel: [84265001.911728] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.55 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43905 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:20:21.233Z"}
{"@timestamp":"2022-09-17T04:21:24.024Z","@version":"1","message":"Sep 17 04:21:23 honeypot-sgp-1 sshd[27003]: Received disconnect from 221.148.45.168 port 43496:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:24:16 honeypot-fra-1 kernel: [84263068.628398] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=31.214.157.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=43906 PROTO=TCP SPT=56677 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:24:17.610Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:05 honeypot-ams-1 sshd[632]: Received disconnect from 45.61.186.49 port 51058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:27:06.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:15 honeypot-ams-1 sshd[636]: Received disconnect from 45.61.186.49 port 34540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:27:16.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:29:25 honeypot-fra-1 sshd[23613]: Disconnected from invalid user kadri 103.140.181.14 port 36662 [preauth]","@timestamp":"2022-09-17T04:29:26.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:13 honeypot-fra-1 sshd[23625]: Invalid user user from 45.61.186.169 port 51332","@timestamp":"2022-09-17T04:32:13.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:31 honeypot-fra-1 sshd[23629]: Invalid user user from 45.61.186.169 port 46294","@timestamp":"2022-09-17T04:32:31.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:48 honeypot-fra-1 sshd[23633]: Invalid user user from 45.61.186.169 port 41236","@timestamp":"2022-09-17T04:32:49.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:33:28 honeypot-fra-1 kernel: [84263619.741171] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=14292 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:33:28.829Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:34:56 honeypot-ams-1 sshd[639]: Invalid user kyivstar from 62.204.41.222 port 38288","@timestamp":"2022-09-17T04:34:56.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:36:22 honeypot-ams-1 sshd[643]: Received disconnect from 206.81.0.243 port 53094:11: Bye Bye [preauth]","@timestamp":"2022-09-17T04:36:22.658Z"}
{"@timestamp":"2022-09-17T04:39:03.450Z","@version":"1","message":"Sep 17 04:39:02 honeypot-sgp-1 sshd[27010]: Disconnected from authenticating user root 61.177.173.53 port 15181 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:41:31 honeypot-fra-1 sshd[23644]: Connection closed by authenticating user root 194.163.190.53 port 60582 [preauth]","@timestamp":"2022-09-17T04:41:32.012Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:41:45.520Z","@version":"1","message":"Sep 17 04:41:45 honeypot-sgp-1 sshd[27015]: Received disconnect from 61.177.173.36 port 21089:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:45:02 honeypot-fra-1 sshd[23651]: Disconnected from authenticating user root 202.4.119.45 port 33681 [preauth]","@timestamp":"2022-09-17T04:45:03.095Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:48:30 honeypot-fra-1 sshd[23655]: Disconnected from authenticating user root 61.177.173.51 port 43112 [preauth]","@timestamp":"2022-09-17T04:48:30.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:50:11 honeypot-ams-1 sshd[648]: Received disconnect from 211.252.84.224 port 41918:11: Bye Bye [preauth]","@timestamp":"2022-09-17T04:50:12.034Z"}
{"@timestamp":"2022-09-17T04:50:37.739Z","@version":"1","message":"Sep 17 04:50:36 honeypot-sgp-1 sshd[27021]: Received disconnect from 61.177.173.37 port 64859:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:50:51 honeypot-fra-1 kernel: [84264663.559617] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46233 PROTO=TCP SPT=50103 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:50:52.235Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23680]: Invalid user admin from 185.209.179.41 port 40888","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23686]: Invalid user postgres from 185.209.179.41 port 40880","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23679]: Invalid user bitwarden from 185.209.179.41 port 40896","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23670]: Invalid user ansible from 185.209.179.41 port 40912","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23672]: Connection closed by invalid user esuser 185.209.179.41 port 40890 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23688]: Connection closed by invalid user esuser 185.209.179.41 port 40938 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23681]: Connection closed by invalid user es 185.209.179.41 port 40920 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23678]: Connection closed by invalid user mcsv 185.209.179.41 port 40904 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:19 honeypot-fra-1 sshd[23715]: Connection closed by invalid user deploy 185.209.179.41 port 40932 [preauth]","@timestamp":"2022-09-17T04:52:19.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23727]: Invalid user dev from 185.209.179.41 port 40870","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23727]: Connection closed by invalid user dev 185.209.179.41 port 40870 [preauth]","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23724]: Connection closed by invalid user ts3srv 185.209.179.41 port 40900 [preauth]","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:53:04.803Z","@version":"1","message":"Sep 17 04:53:03 honeypot-sgp-1 sshd[27025]: Received disconnect from 104.131.190.193 port 50722:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:54:52 honeypot-ams-1 sshd[650]: Connection closed by invalid user user 179.60.147.69 port 2162 [preauth]","@timestamp":"2022-09-17T04:54:53.164Z"}
{"@timestamp":"2022-09-17T04:55:54.874Z","@version":"1","message":"Sep 17 04:55:54 honeypot-sgp-1 sshd[27032]: Received disconnect from 61.177.173.36 port 44475:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:57:36 honeypot-fra-1 kernel: [84265068.281217] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.213.153 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40951 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:57:37.394Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:59:05.955Z","@version":"1","message":"Sep 17 04:59:05 honeypot-sgp-1 sshd[27034]: Connection reset by 61.177.173.50 port 21956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:44.069Z","@version":"1","message":"Sep 17 05:03:43 honeypot-sgp-1 sshd[27044]: Invalid user user from 45.61.186.49 port 47702","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:53.075Z","@version":"1","message":"Sep 17 05:03:52 honeypot-sgp-1 sshd[27048]: Invalid user user from 45.61.186.49 port 59320","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:04:03.079Z","@version":"1","message":"Sep 17 05:04:02 honeypot-sgp-1 sshd[27052]: Received disconnect from 186.233.210.86 port 42160:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:05:30 honeypot-fra-1 kernel: [84265542.130212] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.94.201 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37264 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:05:30.573Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:06:20 honeypot-ams-1 kernel: [84267761.703689] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.219 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44403 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:06:21.459Z"}
{"@timestamp":"2022-09-17T05:08:25.185Z","@version":"1","message":"Sep 17 05:08:24 honeypot-sgp-1 sshd[27057]: Received disconnect from 61.177.173.37 port 39056:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:10:37.240Z","@version":"1","message":"Sep 17 05:10:36 honeypot-sgp-1 kernel: [84267541.682514] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=213.136.88.148 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7842 PROTO=TCP SPT=51405 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:17:01 honeypot-ams-1 CRON[659]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T05:17:01.735Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:17:01 honeypot-fra-1 CRON[23768]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T05:17:01.830Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:20:13.471Z","@version":"1","message":"Sep 17 05:20:12 honeypot-sgp-1 sshd[27070]: Disconnected from authenticating user root 61.177.172.19 port 37650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:22:18 honeypot-fra-1 sshd[23776]: Invalid user dev from 103.92.26.252 port 53800","@timestamp":"2022-09-17T05:22:18.952Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:23:25.549Z","@version":"1","message":"Sep 17 05:23:25 honeypot-sgp-1 sshd[27511]: Disconnected from authenticating user root 61.177.173.50 port 37126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:23:53 honeypot-fra-1 sshd[23780]: Disconnected from invalid user lidl 165.22.45.108 port 46256 [preauth]","@timestamp":"2022-09-17T05:23:53.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:25:43 honeypot-ams-1 kernel: [84268924.471348] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57554 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:25:43.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:26:09 honeypot-fra-1 sshd[23788]: Invalid user ghost from 15.235.140.144 port 50624","@timestamp":"2022-09-17T05:26:09.045Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:14 honeypot-ams-1 sshd[667]: Received disconnect from 45.61.187.160 port 33266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T05:26:14.980Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:32 honeypot-ams-1 sshd[671]: Received disconnect from 45.61.187.160 port 55840:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T05:26:32.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:49 honeypot-ams-1 sshd[675]: Received disconnect from 45.61.187.160 port 50170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T05:26:49.998Z"}
{"@timestamp":"2022-09-17T05:27:43.655Z","@version":"1","message":"Sep 17 05:27:42 honeypot-sgp-1 sshd[27516]: Invalid user debian from 179.60.147.69 port 45244","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:28:10 honeypot-ams-1 kernel: [84269071.333109] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=11080 PROTO=TCP SPT=16647 DPT=80 WINDOW=42751 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:28:11.036Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:30:38 honeypot-fra-1 sshd[23795]: Received disconnect from 138.94.75.17 port 47896:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:30:39.151Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:33:42.801Z","@version":"1","message":"Sep 17 05:33:42 honeypot-sgp-1 sshd[27522]: Received disconnect from 45.61.184.204 port 58048:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:01.811Z","@version":"1","message":"Sep 17 05:34:01 honeypot-sgp-1 sshd[27526]: Received disconnect from 45.61.184.204 port 52514:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:21.821Z","@version":"1","message":"Sep 17 05:34:20 honeypot-sgp-1 sshd[27530]: Invalid user user from 45.61.184.204 port 46986","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:40.830Z","@version":"1","message":"Sep 17 05:34:40 honeypot-sgp-1 sshd[27534]: Invalid user user from 45.61.184.204 port 41446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:35:24 honeypot-fra-1 sshd[24235]: Connection closed by authenticating user root 117.20.66.169 port 50937 [preauth]","@timestamp":"2022-09-17T05:35:24.259Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:38:51 honeypot-ams-1 sshd[683]: error: maximum authentication attempts exceeded for invalid user admin from 61.190.73.102 port 42046 ssh2 [preauth]","@timestamp":"2022-09-17T05:38:51.313Z"}
{"@timestamp":"2022-09-17T05:39:38.951Z","@version":"1","message":"Sep 17 05:39:38 honeypot-sgp-1 kernel: [84269283.080269] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=17650 PROTO=TCP SPT=59801 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:42:20 honeypot-fra-1 kernel: [84267751.970823] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=3804 PROTO=TCP SPT=41309 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:42:21.416Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:45:27 honeypot-fra-1 sshd[24250]: Connection closed by invalid user user 193.106.191.157 port 55706 [preauth]","@timestamp":"2022-09-17T05:45:27.491Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:50:56.228Z","@version":"1","message":"Sep 17 05:50:55 honeypot-sgp-1 sshd[27547]: Received disconnect from 61.177.173.51 port 62102:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:51:12 honeypot-ams-1 sshd[690]: Disconnected from 143.110.236.239 port 48778 [preauth]","@timestamp":"2022-09-17T05:51:13.628Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:51:35 honeypot-fra-1 kernel: [84268306.625035] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.136.88.148 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=55885 PROTO=TCP SPT=53865 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:51:35.633Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:55:02 honeypot-fra-1 sshd[24262]: Disconnected from invalid user tsbot 87.148.116.106 port 42300 [preauth]","@timestamp":"2022-09-17T05:55:02.715Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:56:49 honeypot-ams-1 kernel: [84270790.507353] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.28.33.12 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=TCP SPT=6545 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:56:49.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:59:04 honeypot-fra-1 sshd[24264]: Disconnected from authenticating user root 40.68.90.206 port 44426 [preauth]","@timestamp":"2022-09-17T05:59:04.810Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:01:32 honeypot-ams-1 sshd[698]: Connection closed by invalid user user 193.106.191.157 port 35968 [preauth]","@timestamp":"2022-09-17T06:01:32.902Z"}
{"@timestamp":"2022-09-17T06:03:40.532Z","@version":"1","message":"Sep 17 06:03:40 honeypot-sgp-1 sshd[27555]: Received disconnect from 61.177.173.36 port 30020:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:05:21 honeypot-fra-1 sshd[24275]: Connection closed by authenticating user nobody 179.60.147.69 port 62028 [preauth]","@timestamp":"2022-09-17T06:05:22.956Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:07:35.632Z","@version":"1","message":"Sep 17 06:07:35 honeypot-sgp-1 sshd[27563]: Invalid user pi from 210.125.97.225 port 37196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:07:36.633Z","@version":"1","message":"Sep 17 06:07:35 honeypot-sgp-1 sshd[27562]: Disconnected from invalid user saugata 162.243.237.90 port 40847 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:08:12 honeypot-ams-1 sshd[704]: Disconnected from invalid user webmin 178.128.217.58 port 37536 [preauth]","@timestamp":"2022-09-17T06:08:13.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:11:20 honeypot-ams-1 sshd[708]: Invalid user r from 164.92.233.93 port 52232","@timestamp":"2022-09-17T06:11:21.163Z"}
{"@timestamp":"2022-09-17T06:12:00.861Z","@version":"1","message":"Sep 17 06:11:59 honeypot-sgp-1 kernel: [84271224.742008] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=46584 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:15:37 honeypot-ams-1 sshd[713]: Connection closed by invalid user songjiazhi 103.188.176.251 port 50200 [preauth]","@timestamp":"2022-09-17T06:15:37.317Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:16:50 honeypot-fra-1 kernel: [84269822.385100] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.110.62.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=57753 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:16:51.217Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T06:17:01.990Z","@version":"1","message":"Sep 17 06:17:01 honeypot-sgp-1 CRON[27577]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:19:52 honeypot-fra-1 sshd[24293]: Connection closed by invalid user songjiazhi 103.188.176.251 port 36128 [preauth]","@timestamp":"2022-09-17T06:19:52.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:21:50 honeypot-fra-1 sshd[24297]: Disconnected from invalid user lieke 165.22.45.108 port 51390 [preauth]","@timestamp":"2022-09-17T06:21:50.334Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:22:18 honeypot-ams-1 kernel: [84272319.595552] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=5295 PROTO=TCP SPT=32713 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:22:19.493Z"}
{"@timestamp":"2022-09-17T06:24:04.164Z","@version":"1","message":"Sep 17 06:24:03 honeypot-sgp-1 sshd[27587]: Disconnected from invalid user tomcat 64.69.36.42 port 33436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:25:01 honeypot-fra-1 CRON[24306]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T06:25:01.412Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:25:01 honeypot-ams-1 CRON[726]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T06:25:01.565Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:30:04 honeypot-fra-1 sshd[24466]: Disconnected from authenticating user root 61.177.173.36 port 43309 [preauth]","@timestamp":"2022-09-17T06:30:04.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:32:28.377Z","@version":"1","message":"Sep 17 06:32:27 honeypot-sgp-1 kernel: [84272452.488482] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.46.249 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=53326 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:34:57 honeypot-fra-1 kernel: [84270908.970243] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=97.107.134.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50592 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:34:57.668Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T06:36:15.471Z","@version":"1","message":"Sep 17 06:36:14 honeypot-sgp-1 kernel: [84272679.309262] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=46 ID=18256 PROTO=TCP SPT=29406 DPT=443 WINDOW=42621 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:38:32 honeypot-fra-1 sshd[24570]: Invalid user testtest from 115.75.142.7 port 51206","@timestamp":"2022-09-17T06:38:32.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:39:58 honeypot-ams-1 sshd[893]: Did not receive identification string from 45.137.206.207 port 34633","@timestamp":"2022-09-17T06:39:58.952Z"}
{"@timestamp":"2022-09-17T06:40:24.576Z","@version":"1","message":"Sep 17 06:40:24 honeypot-sgp-1 kernel: [84272929.085474] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15212 PROTO=TCP SPT=60002 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:41:35 honeypot-fra-1 sshd[24575]: Connection closed by invalid user support 179.60.147.69 port 27088 [preauth]","@timestamp":"2022-09-17T06:41:35.823Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:42:19.625Z","@version":"1","message":"Sep 17 06:42:19 honeypot-sgp-1 sshd[27759]: Received disconnect from 61.177.173.47 port 44270:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:44:51.688Z","@version":"1","message":"Sep 17 06:44:51 honeypot-sgp-1 kernel: [84273195.939926] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=31.214.157.137 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=36474 PROTO=TCP SPT=56677 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:50:54.841Z","@version":"1","message":"Sep 17 06:50:54 honeypot-sgp-1 kernel: [84273558.972569] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.134.93 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=49316 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:52:54 honeypot-fra-1 sshd[24584]: Connection closed by authenticating user root 194.163.190.53 port 51682 [preauth]","@timestamp":"2022-09-17T06:52:55.080Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:55:31 honeypot-fra-1 sshd[24591]: Disconnected from authenticating user root 61.177.173.36 port 38618 [preauth]","@timestamp":"2022-09-17T06:55:32.142Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:02:44 honeypot-fra-1 kernel: [84272576.245548] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=29490 PROTO=TCP SPT=18195 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:02:45.308Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T07:02:46.129Z","@version":"1","message":"Sep 17 07:02:45 honeypot-sgp-1 sshd[27960]: Disconnected from authenticating user root 61.177.173.46 port 41141 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:03:10 honeypot-ams-1 kernel: [84274771.090209] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41061 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:03:10.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:11:28 honeypot-fra-1 sshd[24609]: Connection closed by authenticating user root 194.163.190.53 port 47192 [preauth]","@timestamp":"2022-09-17T07:11:29.506Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:13:36.395Z","@version":"1","message":"Sep 17 07:13:35 honeypot-sgp-1 sshd[27970]: Disconnected from authenticating user root 164.92.91.240 port 43852 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T07:17:02.482Z","@version":"1","message":"Sep 17 07:17:01 honeypot-sgp-1 CRON[27976]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:46 honeypot-fra-1 sshd[24620]: Received disconnect from 45.61.186.169 port 46172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:17:46.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:54 honeypot-fra-1 sshd[24624]: Disconnected from invalid user user 45.61.186.169 port 57776 [preauth]","@timestamp":"2022-09-17T07:17:55.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:11 honeypot-fra-1 sshd[24628]: Disconnected from invalid user user 45.61.186.169 port 52774 [preauth]","@timestamp":"2022-09-17T07:18:12.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:27 honeypot-fra-1 sshd[24632]: Disconnected from invalid user user 45.61.186.169 port 47764 [preauth]","@timestamp":"2022-09-17T07:18:28.672Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:18:55 honeypot-ams-1 kernel: [84275716.556006] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.131.66.209 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x60 TTL=55 ID=34882 DF PROTO=TCP SPT=35906 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:18:55.950Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:20:58 honeypot-fra-1 sshd[24638]: Received disconnect from 165.22.45.108 port 56546:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:20:58.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:27:39 honeypot-fra-1 sshd[24647]: Invalid user admin from 14.47.57.72 port 57987","@timestamp":"2022-09-17T07:27:39.884Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:01 honeypot-ams-1 sshd[1007]: Invalid user ftpuser from 193.142.146.50 port 45286","@timestamp":"2022-09-17T07:28:02.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:12 honeypot-ams-1 sshd[1009]: Disconnected from invalid user git 193.142.146.50 port 44720 [preauth]","@timestamp":"2022-09-17T07:28:13.199Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:29:50 honeypot-ams-1 sshd[1013]: Received disconnect from 193.142.146.50 port 43022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:29:50.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:13 honeypot-ams-1 sshd[1017]: Disconnected from invalid user oracle 193.142.146.50 port 41886 [preauth]","@timestamp":"2022-09-17T07:30:14.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:39 honeypot-ams-1 sshd[1021]: Disconnected from invalid user ubuntu 193.142.146.50 port 40754 [preauth]","@timestamp":"2022-09-17T07:30:39.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:31:54 honeypot-ams-1 sshd[1463]: Disconnected from invalid user redis 193.142.146.50 port 39622 [preauth]","@timestamp":"2022-09-17T07:31:55.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:22 honeypot-ams-1 sshd[1467]: Received disconnect from 193.142.146.50 port 38488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:32:22.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:53 honeypot-ams-1 sshd[1471]: Received disconnect from 193.142.146.50 port 37356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:32:53.337Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:33:48 honeypot-fra-1 sshd[24660]: Received disconnect from 61.177.173.47 port 52510:11:  [preauth]","@timestamp":"2022-09-17T07:33:49.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:34:02 honeypot-ams-1 sshd[1477]: Disconnected from authenticating user root 193.142.146.50 port 36224 [preauth]","@timestamp":"2022-09-17T07:34:03.368Z"}
{"@timestamp":"2022-09-17T07:39:41.035Z","@version":"1","message":"Sep 17 07:39:40 honeypot-sgp-1 sshd[27996]: Received disconnect from 1.235.192.218 port 47784:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:39:50 honeypot-fra-1 sshd[24668]: Disconnected from authenticating user root 61.177.173.46 port 56229 [preauth]","@timestamp":"2022-09-17T07:39:51.166Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:42:29.106Z","@version":"1","message":"Sep 17 07:42:28 honeypot-sgp-1 sshd[28002]: Invalid user monitor from 1.224.37.98 port 39196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T07:43:19.127Z","@version":"1","message":"Sep 17 07:43:19 honeypot-sgp-1 sshd[28006]: Received disconnect from 210.187.80.132 port 37694:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:46 honeypot-ams-1 sshd[1483]: Received disconnect from 39.90.161.165 port 38310:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:43:46.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:50 honeypot-ams-1 sshd[1487]: Disconnected from authenticating user root 39.90.161.165 port 38390 [preauth]","@timestamp":"2022-09-17T07:43:50.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:55 honeypot-ams-1 sshd[1493]: Disconnected from authenticating user root 39.90.161.165 port 38818 [preauth]","@timestamp":"2022-09-17T07:43:56.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:01 honeypot-ams-1 sshd[1499]: Disconnected from authenticating user root 39.90.161.165 port 38970 [preauth]","@timestamp":"2022-09-17T07:44:02.627Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:07 honeypot-ams-1 sshd[1505]: Disconnected from authenticating user root 39.90.161.165 port 39410 [preauth]","@timestamp":"2022-09-17T07:44:07.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:12 honeypot-ams-1 sshd[1511]: Disconnected from authenticating user root 39.90.161.165 port 39544 [preauth]","@timestamp":"2022-09-17T07:44:13.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:19 honeypot-ams-1 sshd[1517]: Disconnected from authenticating user root 39.90.161.165 port 40002 [preauth]","@timestamp":"2022-09-17T07:44:19.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:24 honeypot-ams-1 sshd[1523]: Disconnected from authenticating user root 39.90.161.165 port 40306 [preauth]","@timestamp":"2022-09-17T07:44:24.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:30 honeypot-ams-1 sshd[1529]: Disconnected from authenticating user root 39.90.161.165 port 40588 [preauth]","@timestamp":"2022-09-17T07:44:30.644Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:35 honeypot-ams-1 sshd[1535]: Disconnected from authenticating user root 39.90.161.165 port 40986 [preauth]","@timestamp":"2022-09-17T07:44:36.648Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:41 honeypot-ams-1 sshd[1541]: Disconnected from authenticating user root 39.90.161.165 port 41190 [preauth]","@timestamp":"2022-09-17T07:44:41.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:47 honeypot-ams-1 sshd[1547]: Disconnected from authenticating user root 39.90.161.165 port 41614 [preauth]","@timestamp":"2022-09-17T07:44:47.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:16 honeypot-ams-1 sshd[1554]: Received disconnect from 45.61.186.49 port 58466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:45:17.671Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:24 honeypot-ams-1 sshd[1558]: Received disconnect from 45.61.186.49 port 41836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:45:25.676Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:46:01 honeypot-fra-1 sshd[24676]: Disconnected from authenticating user root 61.177.173.39 port 52564 [preauth]","@timestamp":"2022-09-17T07:46:02.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:47:23 honeypot-ams-1 sshd[1563]: Received disconnect from 165.232.176.114 port 35074:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:47:23.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:49:56 honeypot-ams-1 sshd[1569]: Invalid user vpnguardbot from 161.35.229.78 port 58504","@timestamp":"2022-09-17T07:49:56.796Z"}
{"@timestamp":"2022-09-17T07:50:30.299Z","@version":"1","message":"Sep 17 07:50:30 honeypot-sgp-1 sshd[28013]: Disconnected from authenticating user root 61.177.172.104 port 57236 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:54:05 honeypot-fra-1 sshd[24688]: Invalid user blank from 179.60.147.69 port 15722","@timestamp":"2022-09-17T07:54:05.492Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:54:15.394Z","@version":"1","message":"Sep 17 07:54:15 honeypot-sgp-1 sshd[28018]: Received disconnect from 190.156.238.155 port 34004:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:54:26 honeypot-ams-1 kernel: [84277847.500130] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41090 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:54:26.914Z"}
{"@timestamp":"2022-09-17T07:57:52.481Z","@version":"1","message":"Sep 17 07:57:51 honeypot-sgp-1 kernel: [84277576.360901] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=48019 PROTO=TCP SPT=19401 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T08:04:08.631Z","@version":"1","message":"Sep 17 08:04:08 honeypot-sgp-1 kernel: [84277953.068565] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.210 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54106 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:07:23 honeypot-fra-1 sshd[24721]: Received disconnect from 61.177.173.51 port 33072:11:  [preauth]","@timestamp":"2022-09-17T08:07:23.795Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:09:05 honeypot-ams-1 sshd[1581]: Invalid user zu from 189.100.73.39 port 51177","@timestamp":"2022-09-17T08:09:06.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:10:40 honeypot-fra-1 sshd[24725]: Received disconnect from 61.177.173.36 port 12162:11:  [preauth]","@timestamp":"2022-09-17T08:10:40.870Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:14:51 honeypot-ams-1 kernel: [84279071.765963] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.163 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=25107 PROTO=TCP SPT=22972 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:14:51.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:15:41 honeypot-fra-1 sshd[24735]: Disconnected from authenticating user root 61.177.172.104 port 50999 [preauth]","@timestamp":"2022-09-17T08:15:41.989Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:17:01.937Z","@version":"1","message":"Sep 17 08:17:01 honeypot-sgp-1 CRON[28041]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:30 honeypot-fra-1 sshd[24766]: Invalid user ftpuser from 178.128.72.150 port 37532","@timestamp":"2022-09-17T08:17:31.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:18:18 honeypot-fra-1 kernel: [84277109.222925] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=53404 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:18:19.056Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:18:45 honeypot-fra-1 sshd[24773]: Disconnected from invalid user postgres 178.128.72.150 port 50024 [preauth]","@timestamp":"2022-09-17T08:18:46.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:33 honeypot-fra-1 sshd[24777]: Disconnected from invalid user mysql 178.128.72.150 port 48968 [preauth]","@timestamp":"2022-09-17T08:19:34.090Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:20 honeypot-fra-1 sshd[24781]: Disconnected from invalid user teamspeak 178.128.72.150 port 47886 [preauth]","@timestamp":"2022-09-17T08:20:21.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:44 honeypot-fra-1 sshd[24785]: Disconnected from invalid user ftpuser 178.128.72.150 port 33232 [preauth]","@timestamp":"2022-09-17T08:20:45.123Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:31 honeypot-fra-1 sshd[24789]: Disconnected from invalid user es 178.128.72.150 port 60376 [preauth]","@timestamp":"2022-09-17T08:21:32.143Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:22:18 honeypot-fra-1 sshd[24795]: Received disconnect from 178.128.72.150 port 59310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:22:19.164Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:22:42 honeypot-fra-1 sshd[24799]: Disconnected from invalid user postgres 178.128.72.150 port 44646 [preauth]","@timestamp":"2022-09-17T08:22:43.175Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:24:14.114Z","@version":"1","message":"Sep 17 08:24:13 honeypot-sgp-1 kernel: [84279158.123975] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.112.190 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57498 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:30:31 honeypot-fra-1 sshd[24807]: Connection closed by invalid user guest 179.60.147.69 port 54522 [preauth]","@timestamp":"2022-09-17T08:30:32.355Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:30:53 honeypot-ams-1 kernel: [84280034.072843] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=52349 PROTO=TCP SPT=43411 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:30:53.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24814]: Invalid user grid from 43.138.78.204 port 49866","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24821]: Invalid user hostmetrics from 43.138.78.204 port 49894","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24815]: Connection closed by invalid user ec2-user 43.138.78.204 port 49874 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24825]: Connection closed by invalid user odoo 43.138.78.204 port 49814 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:22 honeypot-fra-1 sshd[24838]: Invalid user wy from 43.138.78.204 port 49818","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24845]: Invalid user zerotier-one from 43.138.78.204 port 49926","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24852]: Invalid user linkxess from 43.138.78.204 port 49844","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24842]: Connection closed by invalid user secscan 43.138.78.204 port 49886 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24849]: Connection closed by invalid user kibana 43.138.78.204 port 49864 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24857]: Connection closed by invalid user opc 43.138.78.204 port 49890 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:33:48.348Z","@version":"1","message":"Sep 17 08:33:47 honeypot-sgp-1 sshd[28070]: Received disconnect from 61.177.173.50 port 45942:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:34:37 honeypot-ams-1 kernel: [84280258.342262] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=85 TOS=0x00 PREC=0x00 TTL=252 ID=30088 PROTO=TCP SPT=22023 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:34:37.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:40:47 honeypot-fra-1 sshd[24881]: Received disconnect from 61.177.172.114 port 13750:11:  [preauth]","@timestamp":"2022-09-17T08:40:48.593Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:41:34.537Z","@version":"1","message":"Sep 17 08:41:33 honeypot-sgp-1 sshd[28076]: Connection closed by 90.241.214.134 port 48769 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:42:06 honeypot-ams-1 kernel: [84280707.641385] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.49.20.101 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35842 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:42:07.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:12 honeypot-fra-1 sshd[24890]: Received disconnect from 200.54.15.172 port 43168:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:46:12.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:25 honeypot-fra-1 sshd[24892]: Disconnected from authenticating user root 61.177.173.48 port 39941 [preauth]","@timestamp":"2022-09-17T08:46:26.719Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:32 honeypot-fra-1 sshd[24898]: Disconnected from invalid user user 45.61.186.49 port 44708 [preauth]","@timestamp":"2022-09-17T08:46:33.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:48:16 honeypot-fra-1 sshd[24904]: Connection closed by authenticating user root 194.163.190.53 port 48796 [preauth]","@timestamp":"2022-09-17T08:48:17.768Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:49:11 honeypot-ams-1 sshd[1624]: Disconnected from invalid user visitor 114.7.162.198 port 35578 [preauth]","@timestamp":"2022-09-17T08:49:12.354Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:51:49 honeypot-ams-1 sshd[1630]: Received disconnect from 106.241.54.211 port 54248:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:51:49.426Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:53:14 honeypot-ams-1 kernel: [84281375.541171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.242.247.75 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=18973 PROTO=TCP SPT=44792 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:53:15.467Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:56:48 honeypot-fra-1 kernel: [84279419.779191] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=8543 PROTO=TCP SPT=46772 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:56:48.966Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:58:16 honeypot-fra-1 sshd[24915]: Disconnected from authenticating user root 61.177.173.36 port 61778 [preauth]","@timestamp":"2022-09-17T08:58:17.002Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:02:01.034Z","@version":"1","message":"Sep 17 09:02:00 honeypot-sgp-1 kernel: [84281425.296262] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=85 TOS=0x00 PREC=0x00 TTL=245 ID=14790 PROTO=TCP SPT=2047 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:02:58 honeypot-fra-1 sshd[24922]: Invalid user user from 193.106.191.157 port 42550","@timestamp":"2022-09-17T09:02:59.135Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:03:32 honeypot-ams-1 kernel: [84281992.743969] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=50441 PROTO=TCP SPT=44076 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:03:32.732Z"}
{"@timestamp":"2022-09-17T09:05:35.124Z","@version":"1","message":"Sep 17 09:05:34 honeypot-sgp-1 sshd[28097]: Connection closed by invalid user admin 179.60.147.69 port 56346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:06:42 honeypot-fra-1 sshd[24929]: Connection closed by invalid user admin 179.60.147.69 port 49518 [preauth]","@timestamp":"2022-09-17T09:06:43.225Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:07:24.168Z","@version":"1","message":"Sep 17 09:07:23 honeypot-sgp-1 sshd[28102]: Connection closed by invalid user  64.62.197.107 port 39000 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:10:16 honeypot-fra-1 sshd[24934]: Disconnected from authenticating user root 61.177.173.39 port 12026 [preauth]","@timestamp":"2022-09-17T09:10:16.307Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:10:48.256Z","@version":"1","message":"Sep 17 09:10:48 honeypot-sgp-1 sshd[28109]: Connection closed by invalid user user1 103.188.176.251 port 58006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:12:58 honeypot-ams-1 kernel: [84282559.506488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.216.191.54 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53319 DF PROTO=TCP SPT=51102 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:12:58.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:15:16 honeypot-fra-1 kernel: [84280527.908287] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=22202 PROTO=TCP SPT=44499 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:15:17.422Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:16:29 honeypot-ams-1 sshd[1651]: Invalid user ftpuser from 178.128.72.150 port 56238","@timestamp":"2022-09-17T09:16:30.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:17:01 honeypot-ams-1 CRON[1655]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T09:17:02.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:17:50 honeypot-ams-1 sshd[1660]: Received disconnect from 178.128.72.150 port 45278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:17:51.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:18:26 honeypot-fra-1 sshd[24946]: Received disconnect from 165.22.45.108 port 38618:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:18:26.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:18:28.448Z","@version":"1","message":"Sep 17 09:18:28 honeypot-sgp-1 sshd[28116]: Received disconnect from 61.177.173.46 port 51899:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:18:43 honeypot-ams-1 sshd[1665]: Received disconnect from 178.128.72.150 port 47360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:18:44.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:19:35 honeypot-ams-1 sshd[1669]: Received disconnect from 178.128.72.150 port 49446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:19:36.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:19:59 honeypot-fra-1 sshd[24951]: Received disconnect from 45.61.186.169 port 44180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:19:59.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:17 honeypot-fra-1 sshd[24956]: Received disconnect from 45.61.186.169 port 39378:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:17.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:28 honeypot-ams-1 sshd[1673]: Received disconnect from 178.128.72.150 port 51550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:28.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:33 honeypot-fra-1 sshd[24960]: Invalid user user from 45.61.186.169 port 34580","@timestamp":"2022-09-17T09:20:34.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:41 honeypot-fra-1 sshd[24962]: Disconnected from invalid user user 45.61.186.169 port 46292 [preauth]","@timestamp":"2022-09-17T09:20:42.557Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:21:20 honeypot-ams-1 sshd[1677]: Received disconnect from 178.128.72.150 port 53658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:21:21.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:22:13 honeypot-ams-1 sshd[1681]: Received disconnect from 178.128.72.150 port 55774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:22:14.245Z"}
{"@timestamp":"2022-09-17T09:25:43.623Z","@version":"1","message":"Sep 17 09:25:43 honeypot-sgp-1 sshd[28121]: Disconnected from authenticating user root 61.177.173.37 port 11479 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:32:54 honeypot-fra-1 sshd[24977]: Invalid user cdiptv from 194.163.190.53 port 44480","@timestamp":"2022-09-17T09:32:54.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:36:34.888Z","@version":"1","message":"Sep 17 09:36:34 honeypot-sgp-1 sshd[28129]: Received disconnect from 61.177.173.53 port 60143:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:37:30 honeypot-ams-1 sshd[1685]: Disconnected from invalid user mrx 133.130.89.4 port 40080 [preauth]","@timestamp":"2022-09-17T09:37:31.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:38:46 honeypot-ams-1 sshd[1689]: Disconnected from invalid user admin 186.206.144.34 port 36673 [preauth]","@timestamp":"2022-09-17T09:38:47.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:29 honeypot-fra-1 kernel: [84282040.922358] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.172.166.5 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=52600 DF PROTO=TCP SPT=56744 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:40:30.021Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:44 honeypot-fra-1 sshd[24990]: Disconnected from invalid user oracle 193.142.146.50 port 38800 [preauth]","@timestamp":"2022-09-17T09:40:45.028Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:21 honeypot-fra-1 sshd[24997]: Received disconnect from 193.142.146.50 port 36526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:42:22.068Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:46 honeypot-fra-1 sshd[25001]: Received disconnect from 193.142.146.50 port 35008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:42:47.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:43:05 honeypot-fra-1 sshd[25005]: Connection closed by invalid user centos 179.60.147.69 port 5086 [preauth]","@timestamp":"2022-09-17T09:43:06.087Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:43:58.090Z","@version":"1","message":"Sep 17 09:43:57 honeypot-sgp-1 kernel: [84283942.491670] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=6052 PROTO=TCP SPT=47408 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:12 honeypot-fra-1 sshd[25011]: Invalid user redis from 193.142.146.50 port 60964","@timestamp":"2022-09-17T09:44:13.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:27 honeypot-fra-1 sshd[25013]: Disconnected from invalid user mysql 193.142.146.50 port 60204 [preauth]","@timestamp":"2022-09-17T09:44:28.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:55 honeypot-fra-1 sshd[25017]: Disconnected from invalid user postgres 193.142.146.50 port 58688 [preauth]","@timestamp":"2022-09-17T09:44:56.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:45:15 honeypot-ams-1 sshd[1692]: Invalid user centos from 179.60.147.69 port 11020","@timestamp":"2022-09-17T09:45:15.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:46:16 honeypot-fra-1 kernel: [84282387.120349] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.130 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=24498 PROTO=TCP SPT=40612 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:46:17.167Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T09:48:19.199Z","@version":"1","message":"Sep 17 09:48:18 honeypot-sgp-1 kernel: [84284203.235410] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.172.166.5 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=44277 DF PROTO=TCP SPT=46694 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:49 honeypot-ams-1 sshd[1698]: Invalid user user from 45.61.186.249 port 47152","@timestamp":"2022-09-17T09:50:49.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:58 honeypot-ams-1 sshd[1700]: Disconnected from invalid user user 45.61.186.249 port 59022 [preauth]","@timestamp":"2022-09-17T09:50:58.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:18 honeypot-ams-1 sshd[1704]: Disconnected from invalid user user 45.61.186.249 port 54524 [preauth]","@timestamp":"2022-09-17T09:51:19.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:35 honeypot-ams-1 sshd[1708]: Disconnected from invalid user user 45.61.186.249 port 50014 [preauth]","@timestamp":"2022-09-17T09:51:36.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:51:37 honeypot-fra-1 sshd[25034]: Disconnected from authenticating user root 61.177.173.37 port 57396 [preauth]","@timestamp":"2022-09-17T09:51:38.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:54:59 honeypot-fra-1 sshd[25041]: Received disconnect from 61.177.173.50 port 26528:11:  [preauth]","@timestamp":"2022-09-17T09:55:00.366Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:56:28 honeypot-ams-1 sshd[1716]: Received disconnect from 46.19.141.122 port 57120:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:56:29.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:57:06 honeypot-ams-1 sshd[1720]: Disconnected from invalid user admin 46.19.141.122 port 47300 [preauth]","@timestamp":"2022-09-17T09:57:07.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:09 honeypot-ams-1 sshd[1724]: Disconnected from invalid user user 46.19.141.122 port 37504 [preauth]","@timestamp":"2022-09-17T09:58:10.187Z"}
{"@timestamp":"2022-09-17T09:58:40.454Z","@version":"1","message":"Sep 17 09:58:40 honeypot-sgp-1 sshd[28153]: Invalid user hv from 62.231.21.18 port 37742","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:50 honeypot-ams-1 sshd[1729]: Disconnected from invalid user pi 46.19.141.122 port 55860 [preauth]","@timestamp":"2022-09-17T09:58:50.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:59:08 honeypot-fra-1 sshd[25050]: Received disconnect from 103.55.38.26 port 33694:11: Bye Bye [preauth]","@timestamp":"2022-09-17T09:59:08.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:31 honeypot-ams-1 sshd[1733]: Disconnected from invalid user ubnt 46.19.141.122 port 45994 [preauth]","@timestamp":"2022-09-17T09:59:32.227Z"}
{"@timestamp":"2022-09-17T09:59:51.486Z","@version":"1","message":"Sep 17 09:59:50 honeypot-sgp-1 sshd[28155]: Received disconnect from 211.224.131.58 port 20059:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:00:18 honeypot-ams-1 sshd[1737]: Disconnected from invalid user support 46.19.141.122 port 36144 [preauth]","@timestamp":"2022-09-17T10:00:19.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:01:02 honeypot-fra-1 sshd[25054]: Received disconnect from 51.222.13.62 port 40594:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:01:02.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:01:29 honeypot-ams-1 sshd[1744]: Received disconnect from 46.19.141.122 port 49574:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:01:29.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:02:19 honeypot-ams-1 sshd[1748]: Disconnected from authenticating user root 46.19.141.122 port 39716 [preauth]","@timestamp":"2022-09-17T10:02:19.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:03:38 honeypot-ams-1 sshd[1754]: Received disconnect from 46.19.141.122 port 53154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:03:39.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:04:36 honeypot-ams-1 sshd[1758]: Disconnected from invalid user admin 46.19.141.122 port 43310 [preauth]","@timestamp":"2022-09-17T10:04:36.371Z"}
{"@timestamp":"2022-09-17T10:09:13.720Z","@version":"1","message":"Sep 17 10:09:13 honeypot-sgp-1 kernel: [84285458.015410] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=245 ID=144 PROTO=TCP SPT=14477 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:13:15 honeypot-fra-1 kernel: [84284006.839404] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=202.55.132.19 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64487 PROTO=TCP SPT=42893 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:13:16.784Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:17:01 honeypot-ams-1 CRON[1769]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T10:17:02.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:17:15 honeypot-fra-1 sshd[25067]: Invalid user juzici from 194.163.190.53 port 44120","@timestamp":"2022-09-17T10:17:15.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:20:56 honeypot-fra-1 sshd[25072]: Connection closed by invalid user ftp 141.98.10.158 port 53876 [preauth]","@timestamp":"2022-09-17T10:20:56.965Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:20:59 honeypot-ams-1 sshd[1776]: Disconnected from authenticating user root 134.122.17.178 port 59472 [preauth]","@timestamp":"2022-09-17T10:21:00.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25077]: Invalid user testuser from 196.216.253.24 port 38496","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25081]: Connection closed by authenticating user root 196.216.253.24 port 38566 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25084]: Connection closed by authenticating user root 196.216.253.24 port 38512 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:24:20 honeypot-ams-1 sshd[1781]: Disconnected from invalid user mother 43.156.32.144 port 58692 [preauth]","@timestamp":"2022-09-17T10:24:20.881Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:26:23 honeypot-fra-1 sshd[25098]: Connection closed by invalid user juzici 194.163.190.53 port 55990 [preauth]","@timestamp":"2022-09-17T10:26:24.095Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:26:30.145Z","@version":"1","message":"Sep 17 10:26:29 honeypot-sgp-1 sshd[28237]: Connection closed by 167.248.133.120 port 39720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:30:22 honeypot-ams-1 kernel: [84287202.954622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=32057 DF PROTO=TCP SPT=55763 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:30:23.037Z"}
{"@timestamp":"2022-09-17T10:31:23.267Z","@version":"1","message":"Sep 17 10:31:22 honeypot-sgp-1 kernel: [84286787.089691] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=26895 DF PROTO=TCP SPT=53178 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:33:09 honeypot-fra-1 sshd[25103]: Received disconnect from 123.122.160.39 port 35639:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:33:10.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:34:23.344Z","@version":"1","message":"Sep 17 10:34:22 honeypot-sgp-1 sshd[28244]: Disconnected from authenticating user root 187.189.108.99 port 42406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:34:42 honeypot-ams-1 sshd[1791]: Invalid user admin from 222.228.6.98 port 43943","@timestamp":"2022-09-17T10:34:42.150Z"}
{"@timestamp":"2022-09-17T10:35:54.384Z","@version":"1","message":"Sep 17 10:35:53 honeypot-sgp-1 sshd[28248]: Disconnected from invalid user test 89.190.84.6 port 35952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:36:53 honeypot-fra-1 kernel: [84285424.062320] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.219.111.149 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=35094 DF PROTO=TCP SPT=31317 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:36:53.337Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:36:54 honeypot-ams-1 kernel: [84287595.317062] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.99 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=4051 PROTO=TCP SPT=3892 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:36:55.207Z"}
{"@timestamp":"2022-09-17T10:38:23.448Z","@version":"1","message":"Sep 17 10:38:22 honeypot-sgp-1 sshd[28253]: Disconnected from invalid user user3 187.109.253.246 port 39778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:43:53 honeypot-fra-1 sshd[25114]: Invalid user cdh from 194.163.190.53 port 50548","@timestamp":"2022-09-17T10:43:53.498Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:45:41 honeypot-ams-1 sshd[1799]: Invalid user xuwenhua from 137.116.144.39 port 43146","@timestamp":"2022-09-17T10:45:42.448Z"}
{"@timestamp":"2022-09-17T10:46:09.637Z","@version":"1","message":"Sep 17 10:46:09 honeypot-sgp-1 sshd[28258]: Received disconnect from 81.183.222.181 port 48444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:46:55 honeypot-ams-1 sshd[1805]: Invalid user user from 45.61.184.204 port 58372","@timestamp":"2022-09-17T10:46:55.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:14 honeypot-ams-1 sshd[1809]: Invalid user user from 45.61.184.204 port 53648","@timestamp":"2022-09-17T10:47:15.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:32 honeypot-ams-1 sshd[1813]: Invalid user user from 45.61.184.204 port 48936","@timestamp":"2022-09-17T10:47:33.506Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:47:44 honeypot-ams-1 kernel: [84288245.161080] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=2780 PROTO=TCP SPT=8433 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:47:45.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:49:30 honeypot-fra-1 sshd[25117]: Connection closed by invalid user user 193.106.191.157 port 53132 [preauth]","@timestamp":"2022-09-17T10:49:31.630Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:53:59 honeypot-fra-1 sshd[25123]: Received disconnect from 182.23.63.23 port 56108:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:53:59.731Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:56:34.894Z","@version":"1","message":"Sep 17 10:56:34 honeypot-sgp-1 kernel: [84288299.028306] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.151 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44005 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:01:29 honeypot-fra-1 sshd[25129]: Invalid user cdh from 194.163.190.53 port 43856","@timestamp":"2022-09-17T11:01:29.905Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:04:35 honeypot-ams-1 sshd[1821]: Connection closed by 192.241.219.54 port 53728 [preauth]","@timestamp":"2022-09-17T11:04:36.944Z"}
{"@timestamp":"2022-09-17T11:07:35.182Z","@version":"1","message":"Sep 17 11:07:35 honeypot-sgp-1 sshd[28265]: Connection closed by 192.241.208.61 port 52716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:10:24 honeypot-fra-1 sshd[25134]: Connection closed by invalid user cdh 194.163.190.53 port 53704 [preauth]","@timestamp":"2022-09-17T11:10:25.107Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:12:37 honeypot-ams-1 sshd[1827]: Invalid user user1 from 103.188.176.251 port 39124","@timestamp":"2022-09-17T11:12:38.154Z"}
{"@timestamp":"2022-09-17T11:13:36.339Z","@version":"1","message":"Sep 17 11:13:36 honeypot-sgp-1 sshd[28268]: Received disconnect from 187.235.106.121 port 38450:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:13:46.344Z","@version":"1","message":"Sep 17 11:13:45 honeypot-sgp-1 sshd[28272]: Received disconnect from 27.254.159.123 port 40699:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:15:54 honeypot-fra-1 sshd[25139]: Disconnected from invalid user benutzer 165.227.160.124 port 40362 [preauth]","@timestamp":"2022-09-17T11:15:55.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:16:26.412Z","@version":"1","message":"Sep 17 11:16:25 honeypot-sgp-1 kernel: [84289490.456263] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=53959 PROTO=TCP SPT=17707 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:17:01 honeypot-fra-1 CRON[25145]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T11:17:01.260Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:21:21.535Z","@version":"1","message":"Sep 17 11:21:21 honeypot-sgp-1 sshd[28283]: Did not receive identification string from 121.180.163.250 port 7603","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:25:03 honeypot-fra-1 kernel: [84288313.991185] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.230.113.51 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=231 ID=42819 PROTO=TCP SPT=53902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:25:03.444Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:25:22 honeypot-ams-1 sshd[1834]: Connection closed by invalid user user 193.106.191.157 port 52066 [preauth]","@timestamp":"2022-09-17T11:25:23.494Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:28:17 honeypot-fra-1 sshd[25154]: Connection closed by invalid user meta 194.163.190.53 port 47660 [preauth]","@timestamp":"2022-09-17T11:28:17.520Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:30:06.752Z","@version":"1","message":"Sep 17 11:30:06 honeypot-sgp-1 kernel: [84290310.715311] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=27249 PROTO=TCP SPT=54205 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:30:44 honeypot-ams-1 sshd[1839]: Disconnected from authenticating user root 20.40.73.192 port 60068 [preauth]","@timestamp":"2022-09-17T11:30:44.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:32:06 honeypot-fra-1 sshd[25161]: Received disconnect from 193.227.16.23 port 46610:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:32:06.607Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:33:21.837Z","@version":"1","message":"Sep 17 11:33:21 honeypot-sgp-1 kernel: [84290506.244799] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=55842 DF PROTO=TCP SPT=57606 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:34:03 honeypot-ams-1 sshd[1843]: Invalid user ubnt from 179.60.147.69 port 25616","@timestamp":"2022-09-17T11:34:04.720Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:35:12 honeypot-fra-1 sshd[25166]: Invalid user user from 193.106.191.157 port 55264","@timestamp":"2022-09-17T11:35:12.676Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:40:28.014Z","@version":"1","message":"Sep 17 11:40:27 honeypot-sgp-1 sshd[28291]: Disconnected from invalid user info2 64.225.111.207 port 53226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:40:29 honeypot-fra-1 sshd[25172]: Invalid user user from 103.129.221.188 port 58954","@timestamp":"2022-09-17T11:40:29.797Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:43:48.105Z","@version":"1","message":"Sep 17 11:43:47 honeypot-sgp-1 sshd[28296]: Disconnected from invalid user helpdesk 89.177.128.164 port 37310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:44:01 honeypot-fra-1 sshd[25177]: Disconnected from authenticating user root 139.59.247.236 port 50292 [preauth]","@timestamp":"2022-09-17T11:44:01.882Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:44:58.136Z","@version":"1","message":"Sep 17 11:44:58 honeypot-sgp-1 sshd[28300]: Disconnected from invalid user jova 104.248.181.156 port 47514 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:44:59 honeypot-ams-1 kernel: [84291679.958653] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41879 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:44:59.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:55:12 honeypot-fra-1 sshd[25182]: Invalid user rna from 194.163.190.53 port 54856","@timestamp":"2022-09-17T11:55:13.153Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:55:31 honeypot-ams-1 kernel: [84292311.992139] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.207.116 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46128 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:55:32.280Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:57:27 honeypot-fra-1 sshd[25186]: Disconnected from authenticating user root 46.101.248.68 port 43778 [preauth]","@timestamp":"2022-09-17T11:57:28.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:03:24 honeypot-fra-1 sshd[25192]: Received disconnect from 165.22.21.143 port 55638:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:03:24.346Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:04:41 honeypot-ams-1 sshd[1851]: Invalid user ubuntu from 5.200.70.148 port 55414","@timestamp":"2022-09-17T12:04:41.540Z"}
{"@timestamp":"2022-09-17T12:06:50.667Z","@version":"1","message":"Sep 17 12:06:49 honeypot-sgp-1 kernel: [84292514.139839] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.238 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48115 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:06:55 honeypot-fra-1 kernel: [84290826.198456] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=35302 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:06:56.430Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:08:41.718Z","@version":"1","message":"Sep 17 12:08:41 honeypot-sgp-1 sshd[28313]: Connection closed by authenticating user root 117.36.196.122 port 41953 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:10:28 honeypot-ams-1 sshd[1854]: Invalid user admin from 179.60.147.69 port 33078","@timestamp":"2022-09-17T12:10:29.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:12:36 honeypot-fra-1 sshd[25205]: Invalid user rna from 194.163.190.53 port 49020","@timestamp":"2022-09-17T12:12:37.560Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:13:58 honeypot-fra-1 sshd[25207]: Disconnected from invalid user lifferay 165.22.45.108 port 54048 [preauth]","@timestamp":"2022-09-17T12:13:58.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:18:13 honeypot-fra-1 kernel: [84291504.491620] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=2218 PROTO=TCP SPT=54421 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:18:14.699Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:26:08.147Z","@version":"1","message":"Sep 17 12:26:07 honeypot-sgp-1 kernel: [84293671.906018] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=7183 PROTO=TCP SPT=55902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:28:00 honeypot-ams-1 sshd[1864]: Received disconnect from 162.243.237.90 port 46204:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:28:01.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:31:37 honeypot-ams-1 sshd[1868]: Disconnected from invalid user xbot 46.101.254.194 port 60050 [preauth]","@timestamp":"2022-09-17T12:31:38.268Z"}
{"@timestamp":"2022-09-17T12:34:59.368Z","@version":"1","message":"Sep 17 12:34:58 honeypot-sgp-1 kernel: [84294203.335128] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.96.217 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=45502 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:35:11 honeypot-fra-1 kernel: [84292521.584878] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=86 TOS=0x00 PREC=0x00 TTL=250 ID=3027 PROTO=TCP SPT=10083 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:35:11.090Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:36:35 honeypot-ams-1 sshd[1873]: Received disconnect from 188.68.220.190 port 50916:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:36:36.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:37:31 honeypot-fra-1 kernel: [84292662.117175] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=58249 PROTO=TCP SPT=56890 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:37:32.152Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:43:33.582Z","@version":"1","message":"Sep 17 12:43:32 honeypot-sgp-1 sshd[28334]: Connection closed by authenticating user root 179.60.147.69 port 32614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:44:53 honeypot-ams-1 sshd[1876]: Disconnected from invalid user guest 187.157.153.167 port 38280 [preauth]","@timestamp":"2022-09-17T12:44:53.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:45:06 honeypot-fra-1 sshd[25226]: Disconnected from authenticating user root 200.49.105.91 port 58318 [preauth]","@timestamp":"2022-09-17T12:45:07.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:48:39 honeypot-fra-1 kernel: [84293329.849003] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.134 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=29398 PROTO=TCP SPT=13224 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:48:39.414Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:53:31 honeypot-fra-1 sshd[25239]: Received disconnect from 178.128.43.209 port 49344:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:53:32.526Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:55:58.891Z","@version":"1","message":"Sep 17 12:55:58 honeypot-sgp-1 sshd[28340]: Disconnected from invalid user musli 159.65.41.104 port 49758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T12:56:14.899Z","@version":"1","message":"Sep 17 12:56:14 honeypot-sgp-1 sshd[28346]: Connection closed by invalid user admin 128.199.168.83 port 35046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:56:32 honeypot-fra-1 sshd[25243]: Invalid user sunp from 194.163.190.53 port 48210","@timestamp":"2022-09-17T12:56:33.598Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:04:58 honeypot-ams-1 kernel: [84296479.064815] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.75.35.124 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=41753 PROTO=TCP SPT=63691 DPT=443 WINDOW=10241 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:04:59.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:05:23 honeypot-fra-1 sshd[25249]: Invalid user yangjy from 194.163.190.53 port 58484","@timestamp":"2022-09-17T13:05:23.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:05:25.126Z","@version":"1","message":"Sep 17 13:05:25 honeypot-sgp-1 sshd[28355]: Invalid user user from 45.61.187.160 port 37562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:05:36.132Z","@version":"1","message":"Sep 17 13:05:35 honeypot-sgp-1 sshd[28357]: Disconnected from invalid user user 45.61.187.160 port 49192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:05:56.142Z","@version":"1","message":"Sep 17 13:05:55 honeypot-sgp-1 sshd[28362]: Disconnected from invalid user user 45.61.187.160 port 44200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:13.152Z","@version":"1","message":"Sep 17 13:06:12 honeypot-sgp-1 sshd[28366]: Received disconnect from 45.61.187.160 port 39246:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:08:51.219Z","@version":"1","message":"Sep 17 13:08:51 honeypot-sgp-1 sshd[28371]: Did not receive identification string from 45.61.186.169 port 47608","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:25.343Z","@version":"1","message":"Sep 17 13:09:24 honeypot-sgp-1 sshd[28375]: Disconnected from invalid user user 45.61.186.169 port 49606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:42.352Z","@version":"1","message":"Sep 17 13:09:42 honeypot-sgp-1 sshd[28379]: Disconnected from invalid user user 45.61.186.169 port 44536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:58.359Z","@version":"1","message":"Sep 17 13:09:58 honeypot-sgp-1 sshd[28383]: Disconnected from invalid user user 45.61.186.169 port 39458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:10:57 honeypot-fra-1 kernel: [84294667.989871] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=122.58.118.141 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=48543 PROTO=TCP SPT=65285 DPT=443 WINDOW=19365 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:10:57.927Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:11:52.409Z","@version":"1","message":"Sep 17 13:11:51 honeypot-sgp-1 kernel: [84296416.172105] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60005 PROTO=TCP SPT=40083 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:12:41 honeypot-fra-1 kernel: [84294772.413431] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.244.213.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=37549 PROTO=TCP SPT=50903 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:12:41.969Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:12:56 honeypot-ams-1 sshd[1885]: Did not receive identification string from 45.61.184.204 port 52960","@timestamp":"2022-09-17T13:12:56.377Z"}
{"@timestamp":"2022-09-17T13:13:13.446Z","@version":"1","message":"Sep 17 13:13:13 honeypot-sgp-1 sshd[28392]: Received disconnect from 45.61.186.249 port 33058:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:13:30.455Z","@version":"1","message":"Sep 17 13:13:30 honeypot-sgp-1 sshd[28396]: Received disconnect from 45.61.186.249 port 55942:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:40 honeypot-ams-1 sshd[1888]: Disconnected from invalid user user 45.61.184.204 port 36510 [preauth]","@timestamp":"2022-09-17T13:13:40.400Z"}
{"@timestamp":"2022-09-17T13:13:47.463Z","@version":"1","message":"Sep 17 13:13:47 honeypot-sgp-1 sshd[28401]: Received disconnect from 45.61.186.249 port 50582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:59 honeypot-ams-1 sshd[1892]: Received disconnect from 45.61.184.204 port 59352:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T13:13:59.410Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:14:06 honeypot-fra-1 sshd[25263]: Disconnected from invalid user nagios 13.80.7.122 port 43284 [preauth]","@timestamp":"2022-09-17T13:14:07.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:08 honeypot-ams-1 sshd[1894]: Disconnected from authenticating user root 49.247.198.162 port 50350 [preauth]","@timestamp":"2022-09-17T13:14:08.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:23 honeypot-ams-1 sshd[1900]: Disconnected from invalid user user 45.61.184.204 port 37182 [preauth]","@timestamp":"2022-09-17T13:14:24.424Z"}
{"@timestamp":"2022-09-17T13:15:05.498Z","@version":"1","message":"Sep 17 13:15:04 honeypot-sgp-1 sshd[28405]: Received disconnect from 143.110.151.255 port 56814:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:17:01 honeypot-fra-1 CRON[25270]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T13:17:02.075Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:17:02.549Z","@version":"1","message":"Sep 17 13:17:01 honeypot-sgp-1 CRON[28411]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:17:37 honeypot-ams-1 sshd[1906]: Disconnected from invalid user vinoth 13.67.201.190 port 33698 [preauth]","@timestamp":"2022-09-17T13:17:37.511Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:23:02 honeypot-fra-1 sshd[25278]: Invalid user yangjy from 194.163.190.53 port 55298","@timestamp":"2022-09-17T13:23:03.232Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:23:49.717Z","@version":"1","message":"Sep 17 13:23:49 honeypot-sgp-1 kernel: [84297133.935687] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=25555 PROTO=TCP SPT=50279 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:29:30 honeypot-ams-1 kernel: [84297950.864471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=617 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:29:30.832Z"}
{"@timestamp":"2022-09-17T13:33:36.958Z","@version":"1","message":"Sep 17 13:33:36 honeypot-sgp-1 sshd[28426]: Disconnected from invalid user user 45.61.186.169 port 41970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:33:55.968Z","@version":"1","message":"Sep 17 13:33:55 honeypot-sgp-1 sshd[28430]: Disconnected from invalid user user 45.61.186.169 port 36502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:12.977Z","@version":"1","message":"Sep 17 13:34:12 honeypot-sgp-1 sshd[28434]: Disconnected from invalid user user 45.61.186.169 port 59326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:28.986Z","@version":"1","message":"Sep 17 13:34:28 honeypot-sgp-1 sshd[28438]: Received disconnect from 45.61.186.169 port 53810:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:40:26 honeypot-fra-1 sshd[25284]: Invalid user wangyi from 194.163.190.53 port 49000","@timestamp":"2022-09-17T13:40:27.622Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:41:07.150Z","@version":"1","message":"Sep 17 13:41:06 honeypot-sgp-1 sshd[28447]: Invalid user user from 45.61.186.169 port 49272","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:20.158Z","@version":"1","message":"Sep 17 13:41:19 honeypot-sgp-1 kernel: [84298183.504208] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=41000 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:34.169Z","@version":"1","message":"Sep 17 13:41:33 honeypot-sgp-1 sshd[28453]: Disconnected from invalid user user 45.61.186.169 port 56456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:50.176Z","@version":"1","message":"Sep 17 13:41:49 honeypot-sgp-1 sshd[28457]: Disconnected from invalid user user 45.61.186.169 port 51746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:44:25 honeypot-ams-1 kernel: [84298846.068223] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.127.126.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32957 DF PROTO=TCP SPT=51380 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:44:26.229Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:44:30 honeypot-fra-1 sshd[25288]: Received disconnect from 217.10.103.163 port 56210:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:44:30.719Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:51:22 honeypot-fra-1 kernel: [84297093.062003] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.131 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=33955 PROTO=TCP SPT=6057 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:51:22.877Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:54:42.486Z","@version":"1","message":"Sep 17 13:54:42 honeypot-sgp-1 sshd[28466]: Received disconnect from 91.240.118.222 port 17957:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:57:02.545Z","@version":"1","message":"Sep 17 13:57:01 honeypot-sgp-1 kernel: [84299126.133912] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=24 ID=19443 PROTO=TCP SPT=52575 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:04:15 honeypot-fra-1 sshd[25301]: Invalid user wangyi from 194.163.190.53 port 46218","@timestamp":"2022-09-17T14:04:16.166Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:05:38 honeypot-ams-1 kernel: [84300119.251053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.146 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=53559 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:05:38.798Z"}
{"@timestamp":"2022-09-17T14:05:45.776Z","@version":"1","message":"Sep 17 14:05:44 honeypot-sgp-1 sshd[28473]: Did not receive identification string from 61.199.47.58 port 63490","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:07:40 honeypot-fra-1 sshd[25303]: Invalid user user from 193.106.191.157 port 39898","@timestamp":"2022-09-17T14:07:41.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:12:22 honeypot-fra-1 sshd[25308]: Connection closed by invalid user aaai2020 194.163.190.53 port 54912 [preauth]","@timestamp":"2022-09-17T14:12:23.353Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:15:22 honeypot-ams-1 kernel: [84300703.066946] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.3.26.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=46202 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:15:23.060Z"}
{"@timestamp":"2022-09-17T14:17:02.054Z","@version":"1","message":"Sep 17 14:17:01 honeypot-sgp-1 CRON[28477]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:20:48 honeypot-ams-1 sshd[1938]: Did not receive identification string from 45.61.184.204 port 46172","@timestamp":"2022-09-17T14:20:49.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:07 honeypot-ams-1 sshd[1941]: Disconnected from invalid user user 45.61.184.204 port 43382 [preauth]","@timestamp":"2022-09-17T14:21:08.246Z"}
{"@timestamp":"2022-09-17T14:21:18.159Z","@version":"1","message":"Sep 17 14:21:17 honeypot-sgp-1 sshd[28483]: Connection closed by invalid user  128.14.232.100 port 20220 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:26 honeypot-ams-1 sshd[1945]: Disconnected from invalid user user 45.61.184.204 port 38282 [preauth]","@timestamp":"2022-09-17T14:21:27.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:43 honeypot-ams-1 sshd[1949]: Disconnected from invalid user user 45.61.184.204 port 33118 [preauth]","@timestamp":"2022-09-17T14:21:44.263Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:22:17 honeypot-fra-1 kernel: [84298948.231236] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=60096 PROTO=TCP SPT=55439 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:22:18.575Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:29:20 honeypot-fra-1 kernel: [84299370.438717] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=29024 DF PROTO=TCP SPT=26739 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:29:20.734Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T14:30:32.389Z","@version":"1","message":"Sep 17 14:30:31 honeypot-sgp-1 kernel: [84301136.035159] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=37253 PROTO=TCP SPT=45006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:32:55 honeypot-ams-1 kernel: [84301755.633985] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=55550 PROTO=TCP SPT=16647 DPT=80 WINDOW=42751 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:32:55.552Z"}
{"@timestamp":"2022-09-17T14:33:10.460Z","@version":"1","message":"Sep 17 14:33:09 honeypot-sgp-1 sshd[28498]: Received disconnect from 159.223.213.242 port 37730:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:01 honeypot-fra-1 sshd[25330]: Invalid user test from 20.243.201.105 port 60774","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25345]: Invalid user ubuntu from 20.243.201.105 port 60832","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25342]: Invalid user oracle from 20.243.201.105 port 60822","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25334]: Invalid user admin from 20.243.201.105 port 60792","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25358]: Connection closed by authenticating user root 20.243.201.105 port 60812 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25328]: Connection closed by invalid user postgres 20.243.201.105 port 60806 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25345]: Connection closed by invalid user ubuntu 20.243.201.105 port 60832 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25326]: Connection closed by invalid user oracle 20.243.201.105 port 60782 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25344]: Connection closed by invalid user appuser 20.243.201.105 port 60840 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:36:10.537Z","@version":"1","message":"Sep 17 14:36:10 honeypot-sgp-1 kernel: [84301474.442855] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.53.57.69 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=239 ID=53081 PROTO=TCP SPT=54565 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:37:19 honeypot-fra-1 kernel: [84299849.328707] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=57520 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:37:19.922Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:38:57 honeypot-ams-1 kernel: [84302118.153757] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.253.93.158 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=1913 PROTO=TCP SPT=51962 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:38:57.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:42:03 honeypot-fra-1 sshd[25387]: Connection closed by invalid user admin 128.199.160.207 port 60548 [preauth]","@timestamp":"2022-09-17T14:42:04.028Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:49:48.877Z","@version":"1","message":"Sep 17 14:49:48 honeypot-sgp-1 sshd[28506]: Invalid user monitor from 107.173.111.206 port 49170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:51:47 honeypot-fra-1 sshd[25395]: Invalid user kodi from 159.65.1.92 port 41388","@timestamp":"2022-09-17T14:51:48.264Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:51:52 honeypot-ams-1 kernel: [84302893.276315] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=48556 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:51:53.052Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:53:35 honeypot-fra-1 sshd[25399]: Invalid user admin from 221.158.195.111 port 42296","@timestamp":"2022-09-17T14:53:36.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:57:34.090Z","@version":"1","message":"Sep 17 14:57:33 honeypot-sgp-1 sshd[28510]: Disconnected from invalid user linuxacademy 143.110.176.216 port 40542 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:02:15 honeypot-fra-1 sshd[25404]: Received disconnect from 62.204.41.222 port 40237:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-17T15:02:15.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:08:11 honeypot-fra-1 sshd[25407]: Disconnected from invalid user lifferay 165.22.45.108 port 41228 [preauth]","@timestamp":"2022-09-17T15:08:12.638Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:08:52.371Z","@version":"1","message":"Sep 17 15:08:52 honeypot-sgp-1 sshd[28518]: Connection closed by invalid user debian 179.60.147.69 port 38804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:10:29 honeypot-fra-1 sshd[25414]: Connection closed by invalid user  163.152.214.150 port 33518 [preauth]","@timestamp":"2022-09-17T15:10:29.694Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:11:37 honeypot-ams-1 kernel: [84304078.353731] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=88 TOS=0x00 PREC=0x00 TTL=252 ID=39583 PROTO=TCP SPT=31475 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:11:38.567Z"}
{"@timestamp":"2022-09-17T15:11:58.452Z","@version":"1","message":"Sep 17 15:11:57 honeypot-sgp-1 sshd[28524]: Disconnected from authenticating user root 167.71.38.231 port 59652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:16:15.560Z","@version":"1","message":"Sep 17 15:16:15 honeypot-sgp-1 sshd[28528]: Disconnected from invalid user developer 140.238.255.101 port 59244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:17:00 honeypot-fra-1 sshd[25419]: Connection closed by invalid user fuweijie 194.163.190.53 port 34508 [preauth]","@timestamp":"2022-09-17T15:17:00.843Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:18:28.618Z","@version":"1","message":"Sep 17 15:18:28 honeypot-sgp-1 kernel: [84304012.603964] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=31519 PROTO=TCP SPT=43353 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:19:44 honeypot-fra-1 sshd[25426]: Invalid user worker from 103.235.170.195 port 57792","@timestamp":"2022-09-17T15:19:44.906Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:21:16 honeypot-fra-1 kernel: [84302486.789166] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=82 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=26576 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:21:16.942Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:22:08 honeypot-ams-1 kernel: [84304708.689342] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=2014 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:22:08.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:25:17 honeypot-fra-1 kernel: [84302727.864805] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.93.201.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57107 PROTO=TCP SPT=46982 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:25:18.033Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T15:25:34.825Z","@version":"1","message":"Sep 17 15:25:34 honeypot-sgp-1 sshd[28541]: Received disconnect from 184.168.122.62 port 59350:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:26:59.862Z","@version":"1","message":"Sep 17 15:26:59 honeypot-sgp-1 sshd[28545]: Disconnected from authenticating user root 165.232.141.0 port 49450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:30:39 honeypot-ams-1 sshd[1974]: Disconnected from authenticating user root 137.184.216.0 port 47786 [preauth]","@timestamp":"2022-09-17T15:30:40.086Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:51 honeypot-fra-1 sshd[25442]: Invalid user fuweijie from 194.163.190.53 port 49766","@timestamp":"2022-09-17T15:32:52.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:56 honeypot-fra-1 sshd[25444]: Disconnected from invalid user mprima 62.74.208.58 port 39072 [preauth]","@timestamp":"2022-09-17T15:32:57.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:35:50 honeypot-fra-1 sshd[25450]: Received disconnect from 206.189.226.38 port 52090:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:35:51.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:37:20 honeypot-fra-1 sshd[25455]: Invalid user terrariaserver from 103.226.248.61 port 48346","@timestamp":"2022-09-17T15:37:21.309Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:41:09 honeypot-ams-1 sshd[1979]: Received disconnect from 213.82.38.225 port 49506:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:41:10.355Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:41:09 honeypot-fra-1 kernel: [84303679.566669] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.6 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=7557 PROTO=TCP SPT=53888 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:41:10.398Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T15:45:10.309Z","@version":"1","message":"Sep 17 15:45:10 honeypot-sgp-1 sshd[28552]: Invalid user ubnt from 179.60.147.69 port 63888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:48:25.392Z","@version":"1","message":"Sep 17 15:48:24 honeypot-sgp-1 sshd[28558]: Invalid user user from 45.61.184.204 port 33098","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:48:44.401Z","@version":"1","message":"Sep 17 15:48:44 honeypot-sgp-1 sshd[28562]: Invalid user user from 45.61.184.204 port 56614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:49:02.412Z","@version":"1","message":"Sep 17 15:49:01 honeypot-sgp-1 sshd[28566]: Invalid user user from 45.61.184.204 port 51898","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:50:01 honeypot-fra-1 kernel: [84304211.179147] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.96.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59079 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:50:01.630Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T15:53:58.534Z","@version":"1","message":"Sep 17 15:53:58 honeypot-sgp-1 sshd[28572]: Invalid user pi from 173.17.219.96 port 38298","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:54:12.541Z","@version":"1","message":"Sep 17 15:54:11 honeypot-sgp-1 sshd[28576]: Connection closed by invalid user pi 79.232.97.97 port 39100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:54:15 honeypot-fra-1 sshd[25469]: Invalid user admin from 134.209.210.254 port 50480","@timestamp":"2022-09-17T15:54:16.731Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:54:25 honeypot-ams-1 kernel: [84306645.897602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.93.201.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=3361 PROTO=TCP SPT=50035 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:54:25.697Z"}
{"@timestamp":"2022-09-17T15:57:07.615Z","@version":"1","message":"Sep 17 15:57:07 honeypot-sgp-1 kernel: [84306331.254892] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.24 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56973 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:59:21 honeypot-fra-1 sshd[25474]: Received disconnect from 112.196.54.35 port 50650:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:59:21.847Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:04:07.791Z","@version":"1","message":"Sep 17 16:04:06 honeypot-sgp-1 sshd[28587]: Disconnected from authenticating user root 34.81.150.245 port 35696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:06:43 honeypot-fra-1 sshd[25479]: Invalid user lifferay from 165.22.45.108 port 46368","@timestamp":"2022-09-17T16:06:44.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:10:25 honeypot-ams-1 sshd[1994]: Invalid user user from 193.106.191.157 port 41386","@timestamp":"2022-09-17T16:10:26.113Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:14:42 honeypot-fra-1 sshd[25484]: Connection closed by invalid user ops 103.188.176.251 port 58992 [preauth]","@timestamp":"2022-09-17T16:14:43.197Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:15:40 honeypot-ams-1 kernel: [84307920.592898] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=40223 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:15:40.251Z"}
{"@timestamp":"2022-09-17T16:17:35.119Z","@version":"1","message":"Sep 17 16:17:34 honeypot-sgp-1 sshd[28597]: Disconnected from authenticating user root 61.177.172.108 port 48058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:20:07 honeypot-fra-1 sshd[25492]: Invalid user huzhou from 194.163.190.53 port 43266","@timestamp":"2022-09-17T16:20:08.322Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:21:40.220Z","@version":"1","message":"Sep 17 16:21:39 honeypot-sgp-1 sshd[28604]: Invalid user default from 179.60.147.69 port 56212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:22:19.239Z","@version":"1","message":"Sep 17 16:22:18 honeypot-sgp-1 sshd[28608]: Received disconnect from 206.189.153.72 port 55988:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:24:58 honeypot-ams-1 sshd[2002]: Connection closed by invalid user default 179.60.147.69 port 42352 [preauth]","@timestamp":"2022-09-17T16:24:59.523Z"}
{"@timestamp":"2022-09-17T16:25:50.327Z","@version":"1","message":"Sep 17 16:25:49 honeypot-sgp-1 kernel: [84308053.520562] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.254.71.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=28200 PROTO=TCP SPT=51817 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:28:14 honeypot-fra-1 sshd[25498]: Connection closed by invalid user huzhou 194.163.190.53 port 51438 [preauth]","@timestamp":"2022-09-17T16:28:15.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:35:05.557Z","@version":"1","message":"Sep 17 16:35:05 honeypot-sgp-1 kernel: [84308609.540412] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=13182 PROTO=TCP SPT=52430 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:37:23 honeypot-fra-1 sshd[25504]: Invalid user tester from 103.246.240.30 port 45084","@timestamp":"2022-09-17T16:37:23.717Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:38:14.638Z","@version":"1","message":"Sep 17 16:38:13 honeypot-sgp-1 sshd[28626]: Received disconnect from 61.177.173.36 port 34993:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:40:47 honeypot-fra-1 sshd[25510]: Invalid user test from 43.154.143.45 port 60874","@timestamp":"2022-09-17T16:40:47.799Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:43:15 honeypot-ams-1 kernel: [84309576.279909] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.58 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=32089 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:43:15.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:44:36 honeypot-fra-1 sshd[25514]: Invalid user huzhou from 194.163.190.53 port 43414","@timestamp":"2022-09-17T16:44:36.885Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:48:29 honeypot-ams-1 sshd[2009]: Disconnected from invalid user admin 62.204.41.222 port 24938 [preauth]","@timestamp":"2022-09-17T16:48:30.129Z"}
{"@timestamp":"2022-09-17T16:49:56.927Z","@version":"1","message":"Sep 17 16:49:56 honeypot-sgp-1 sshd[28633]: Received disconnect from 113.21.232.39 port 42986:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:52:35 honeypot-fra-1 kernel: [84307965.484298] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.126 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28948 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:52:36.068Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:56:57 honeypot-ams-1 sshd[2014]: Disconnected from invalid user gituser 186.147.129.110 port 48236 [preauth]","@timestamp":"2022-09-17T16:56:58.354Z"}
{"@timestamp":"2022-09-17T16:57:48.120Z","@version":"1","message":"Sep 17 16:57:47 honeypot-sgp-1 sshd[28640]: Invalid user centos from 179.60.147.69 port 49960","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:58:59 honeypot-fra-1 sshd[25527]: Invalid user mjuma from 190.35.38.226 port 53620","@timestamp":"2022-09-17T16:59:00.214Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:00:57 honeypot-ams-1 sshd[2020]: Received disconnect from 134.122.57.194 port 55162:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:00:57.461Z"}
{"@timestamp":"2022-09-17T17:01:05.203Z","@version":"1","message":"Sep 17 17:01:04 honeypot-sgp-1 sshd[28645]: Connection closed by invalid user pi 95.131.147.215 port 40760 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:02:36 honeypot-fra-1 sshd[25531]: Invalid user openerp from 141.98.10.158 port 47592","@timestamp":"2022-09-17T17:02:37.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:16 honeypot-fra-1 sshd[25536]: Did not receive identification string from 45.61.186.169 port 37816","@timestamp":"2022-09-17T17:05:17.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:34 honeypot-fra-1 sshd[25539]: Disconnected from invalid user user 45.61.186.169 port 45924 [preauth]","@timestamp":"2022-09-17T17:05:35.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:53 honeypot-fra-1 sshd[25544]: Disconnected from invalid user user 45.61.186.169 port 41230 [preauth]","@timestamp":"2022-09-17T17:05:53.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:10 honeypot-fra-1 sshd[25548]: Disconnected from invalid user user 45.61.186.169 port 36560 [preauth]","@timestamp":"2022-09-17T17:06:11.385Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:27 honeypot-fra-1 sshd[25552]: Disconnected from invalid user user 45.61.186.169 port 60114 [preauth]","@timestamp":"2022-09-17T17:06:28.403Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:07:16.357Z","@version":"1","message":"Sep 17 17:07:15 honeypot-sgp-1 kernel: [84310539.487224] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30234 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:09:01 honeypot-fra-1 CRON[25556]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T17:09:01.545Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:09:02.403Z","@version":"1","message":"Sep 17 17:09:01 honeypot-sgp-1 CRON[28656]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:09:01 honeypot-ams-1 CRON[2025]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T17:09:02.671Z"}
{"@timestamp":"2022-09-17T17:11:07.455Z","@version":"1","message":"Sep 17 17:11:07 honeypot-sgp-1 sshd[28661]: Received disconnect from 68.183.92.26 port 49944:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:15:29.563Z","@version":"1","message":"Sep 17 17:15:28 honeypot-sgp-1 sshd[28672]: Received disconnect from 64.227.185.119 port 34318:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:16:26 honeypot-fra-1 sshd[25566]: Invalid user luosuchang from 194.163.190.53 port 52540","@timestamp":"2022-09-17T17:16:27.717Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:17:02.603Z","@version":"1","message":"Sep 17 17:17:01 honeypot-sgp-1 CRON[28677]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:19:31 honeypot-fra-1 sshd[25571]: Invalid user angerine from 189.112.251.33 port 56593","@timestamp":"2022-09-17T17:19:31.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:24:32.785Z","@version":"1","message":"Sep 17 17:24:32 honeypot-sgp-1 sshd[28683]: Disconnected from authenticating user root 61.177.172.114 port 19243 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:25:29 honeypot-fra-1 kernel: [84309939.169547] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=38496 PROTO=TCP SPT=55156 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:25:29.927Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:25:37 honeypot-ams-1 kernel: [84312118.394167] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=93 TOS=0x00 PREC=0x00 TTL=252 ID=9978 PROTO=TCP SPT=15147 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:25:38.099Z"}
{"@timestamp":"2022-09-17T17:30:22.928Z","@version":"1","message":"Sep 17 17:30:22 honeypot-sgp-1 sshd[28688]: Received disconnect from 190.210.182.179 port 39114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:29.933Z","@version":"1","message":"Sep 17 17:30:29 honeypot-sgp-1 sshd[28692]: Received disconnect from 202.88.241.158 port 3496:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:57.947Z","@version":"1","message":"Sep 17 17:30:57 honeypot-sgp-1 sshd[28696]: Disconnected from invalid user archive 160.251.47.176 port 41066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:31:31.963Z","@version":"1","message":"Sep 17 17:31:31 honeypot-sgp-1 sshd[28700]: Disconnected from invalid user redis 104.131.186.38 port 50674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:32:12 honeypot-fra-1 sshd[25582]: Invalid user tomcat02 from 60.249.82.125 port 51466","@timestamp":"2022-09-17T17:32:13.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:32:43 honeypot-fra-1 sshd[25586]: Received disconnect from 79.129.29.237 port 54606:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:32:44.097Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:34:46 honeypot-fra-1 sshd[25591]: Disconnected from invalid user sublink 167.71.77.9 port 60104 [preauth]","@timestamp":"2022-09-17T17:34:47.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:37:14.103Z","@version":"1","message":"Sep 17 17:37:13 honeypot-sgp-1 sshd[28708]: Invalid user thumvass from 137.116.144.39 port 59642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:37:15 honeypot-ams-1 sshd[2053]: Invalid user centos from 179.60.147.69 port 30296","@timestamp":"2022-09-17T17:37:16.403Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:42:45 honeypot-fra-1 kernel: [84310975.417986] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=15389 PROTO=TCP SPT=51442 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:42:46.327Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:50:56.433Z","@version":"1","message":"Sep 17 17:50:56 honeypot-sgp-1 kernel: [84313160.488650] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=59720 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:54:27.863Z","@version":"1","message":"Sep 17 17:54:26 honeypot-sgp-1 kernel: [84313371.037293] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=93 TOS=0x00 PREC=0x00 TTL=245 ID=10928 PROTO=TCP SPT=15469 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:54:52 honeypot-ams-1 kernel: [84313872.722200] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.81.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=42206 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:54:52.858Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:55:24 honeypot-fra-1 sshd[25672]: Invalid user shaopengyang from 194.163.190.53 port 35776","@timestamp":"2022-09-17T17:55:24.638Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:58:04.956Z","@version":"1","message":"Sep 17 17:58:04 honeypot-sgp-1 sshd[28726]: Disconnected from authenticating user root 61.177.172.108 port 10386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:02:37 honeypot-fra-1 sshd[25677]: Invalid user terraria from 118.70.170.120 port 45970","@timestamp":"2022-09-17T18:02:37.805Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:03:27 honeypot-fra-1 sshd[25681]: Invalid user shaopengyang from 194.163.190.53 port 45592","@timestamp":"2022-09-17T18:03:27.826Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:04:38.122Z","@version":"1","message":"Sep 17 18:04:37 honeypot-sgp-1 kernel: [84313981.961401] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=60344 PROTO=TCP SPT=57603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:09:37 honeypot-ams-1 kernel: [84314757.476477] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.82.113 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=33979 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:09:37.240Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:11:22 honeypot-fra-1 sshd[25685]: Connection closed by invalid user shaopengyang 194.163.190.53 port 53974 [preauth]","@timestamp":"2022-09-17T18:11:23.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:19:03 honeypot-fra-1 kernel: [84313153.070295] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=36624 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:19:04.187Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:23:30 honeypot-ams-1 kernel: [84315590.471153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=43511 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:23:30.599Z"}
{"@timestamp":"2022-09-17T18:24:34.609Z","@version":"1","message":"Sep 17 18:24:34 honeypot-sgp-1 sshd[28752]: Received disconnect from 177.93.51.98 port 57618:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:26:00 honeypot-fra-1 sshd[25698]: Disconnected from invalid user jim 213.215.140.6 port 51408 [preauth]","@timestamp":"2022-09-17T18:26:00.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:26:17.654Z","@version":"1","message":"Sep 17 18:26:16 honeypot-sgp-1 kernel: [84315280.807860] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.24 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=52143 PROTO=TCP SPT=55704 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:27:44.693Z","@version":"1","message":"Sep 17 18:27:44 honeypot-sgp-1 sshd[28762]: Disconnecting invalid user cameras 185.246.130.20 port 24513: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:08.705Z","@version":"1","message":"Sep 17 18:28:07 honeypot-sgp-1 sshd[28768]: Disconnected from invalid user meng 118.172.198.216 port 47142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:29.716Z","@version":"1","message":"Sep 17 18:28:28 honeypot-sgp-1 sshd[28772]: Disconnecting invalid user admin 185.246.130.20 port 57274: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:01.733Z","@version":"1","message":"Sep 17 18:29:01 honeypot-sgp-1 sshd[28778]: Disconnecting invalid user manager 185.246.130.20 port 30893: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:29:09 honeypot-ams-1 sshd[2071]: Disconnected from invalid user tms 109.62.195.23 port 58866 [preauth]","@timestamp":"2022-09-17T18:29:09.771Z"}
{"@timestamp":"2022-09-17T18:29:34.751Z","@version":"1","message":"Sep 17 18:29:34 honeypot-sgp-1 sshd[28786]: Invalid user Admin from 185.246.130.20 port 11345","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:57.762Z","@version":"1","message":"Sep 17 18:29:56 honeypot-sgp-1 sshd[28793]: Invalid user user from 185.246.130.20 port 46669","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:30:32 honeypot-fra-1 sshd[25776]: Did not receive identification string from 152.32.157.116 port 43174","@timestamp":"2022-09-17T18:30:32.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:30:34.781Z","@version":"1","message":"Sep 17 18:30:34 honeypot-sgp-1 sshd[28799]: Disconnecting invalid user blank 185.246.130.20 port 6680: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:49.788Z","@version":"1","message":"Sep 17 18:30:49 honeypot-sgp-1 sshd[28806]: Disconnected from invalid user user 45.61.184.204 port 53674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:02.794Z","@version":"1","message":"Sep 17 18:31:02 honeypot-sgp-1 sshd[28808]: Invalid user 1234 from 185.246.130.20 port 53638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:16.801Z","@version":"1","message":"Sep 17 18:31:15 honeypot-sgp-1 sshd[28817]: Invalid user user from 45.61.184.204 port 59498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:24.805Z","@version":"1","message":"Sep 17 18:31:24 honeypot-sgp-1 sshd[28820]: Received disconnect from 45.61.184.204 port 42608:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:33.810Z","@version":"1","message":"Sep 17 18:31:33 honeypot-sgp-1 sshd[28824]: Disconnected from invalid user user 45.61.184.204 port 53966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:44.816Z","@version":"1","message":"Sep 17 18:31:44 honeypot-sgp-1 sshd[28828]: Invalid user admin from 185.246.130.20 port 56085","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:32:07.827Z","@version":"1","message":"Sep 17 18:32:07 honeypot-sgp-1 sshd[28836]: Disconnecting invalid user Administrator 185.246.130.20 port 57264: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:24 honeypot-fra-1 sshd[25782]: Invalid user user from 45.61.187.160 port 41942","@timestamp":"2022-09-17T18:32:25.494Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:32:33.841Z","@version":"1","message":"Sep 17 18:32:33 honeypot-sgp-1 sshd[28842]: Disconnecting invalid user adslroot 185.246.130.20 port 8050: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:45 honeypot-fra-1 sshd[25786]: Invalid user user from 45.61.187.160 port 36960","@timestamp":"2022-09-17T18:32:46.504Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:33:02.855Z","@version":"1","message":"Sep 17 18:33:02 honeypot-sgp-1 sshd[28848]: Disconnecting invalid user blank 185.246.130.20 port 31751: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:33:04 honeypot-fra-1 sshd[25790]: Invalid user user from 45.61.187.160 port 60170","@timestamp":"2022-09-17T18:33:04.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:33:34.871Z","@version":"1","message":"Sep 17 18:33:34 honeypot-sgp-1 sshd[28857]: Invalid user default from 185.246.130.20 port 29013","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:50.880Z","@version":"1","message":"Sep 17 18:33:50 honeypot-sgp-1 sshd[28862]: Invalid user c1@r0 from 185.246.130.20 port 9351","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:34:07 honeypot-fra-1 kernel: [84314057.344173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.7.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6059 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:34:08.539Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T18:34:12.891Z","@version":"1","message":"Sep 17 18:34:11 honeypot-sgp-1 sshd[28868]: Invalid user superonline from 185.246.130.20 port 56182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:34:36.903Z","@version":"1","message":"Sep 17 18:34:36 honeypot-sgp-1 sshd[28874]: Invalid user Admin from 185.246.130.20 port 12561","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:34:46 honeypot-ams-1 sshd[2074]: Received disconnect from 190.226.244.9 port 41058:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:34:46.923Z"}
{"@timestamp":"2022-09-17T18:35:13.922Z","@version":"1","message":"Sep 17 18:35:13 honeypot-sgp-1 sshd[28881]: Invalid user  from 185.246.130.20 port 31963","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:35:50.940Z","@version":"1","message":"Sep 17 18:35:50 honeypot-sgp-1 sshd[28887]: Invalid user  from 185.246.130.20 port 14013","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:35:57 honeypot-fra-1 sshd[25799]: Disconnected from authenticating user root 200.91.219.250 port 57290 [preauth]","@timestamp":"2022-09-17T18:35:57.586Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:36:21.955Z","@version":"1","message":"Sep 17 18:36:20 honeypot-sgp-1 sshd[28893]: Invalid user admin from 185.246.130.20 port 27436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:36:54.976Z","@version":"1","message":"Sep 17 18:36:54 honeypot-sgp-1 sshd[28899]: Disconnecting invalid user admin 185.246.130.20 port 11584: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:15.986Z","@version":"1","message":"Sep 17 18:37:15 honeypot-sgp-1 sshd[28905]: Disconnecting invalid user 0 185.246.130.20 port 10432: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:47.002Z","@version":"1","message":"Sep 17 18:37:46 honeypot-sgp-1 sshd[28911]: Disconnecting invalid user admin 185.246.130.20 port 2339: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:15.016Z","@version":"1","message":"Sep 17 18:38:14 honeypot-sgp-1 sshd[28917]: Disconnecting invalid user Broadcom 185.246.130.20 port 61396: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:42.029Z","@version":"1","message":"Sep 17 18:38:41 honeypot-sgp-1 sshd[28923]: Disconnecting invalid user cusadmin 185.246.130.20 port 42903: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:12.044Z","@version":"1","message":"Sep 17 18:39:11 honeypot-sgp-1 sshd[28929]: Disconnecting invalid user sweex 185.246.130.20 port 25319: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:45.062Z","@version":"1","message":"Sep 17 18:39:44 honeypot-sgp-1 sshd[28935]: Disconnecting invalid user  185.246.130.20 port 54711: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:08.073Z","@version":"1","message":"Sep 17 18:40:07 honeypot-sgp-1 sshd[28942]: Disconnecting invalid user ubnt 185.246.130.20 port 38533: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:39.089Z","@version":"1","message":"Sep 17 18:40:38 honeypot-sgp-1 sshd[28950]: Invalid user amdin from 185.246.130.20 port 29313","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:09.104Z","@version":"1","message":"Sep 17 18:41:08 honeypot-sgp-1 sshd[28957]: Invalid user admin from 185.246.130.20 port 53160","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:41:29 honeypot-ams-1 sshd[2080]: Received disconnect from 167.172.152.18 port 40386:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:41:30.109Z"}
{"@timestamp":"2022-09-17T18:41:40.120Z","@version":"1","message":"Sep 17 18:41:39 honeypot-sgp-1 sshd[28963]: Disconnected from authenticating user root 61.177.172.19 port 38558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:42:11.135Z","@version":"1","message":"Sep 17 18:42:10 honeypot-sgp-1 sshd[28969]: Invalid user admin from 185.246.130.20 port 48242","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:42:29 honeypot-ams-1 sshd[2084]: Disconnected from authenticating user root 167.172.152.18 port 37552 [preauth]","@timestamp":"2022-09-17T18:42:30.140Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:42:53 honeypot-fra-1 sshd[25806]: Invalid user admin from 14.241.100.188 port 49577","@timestamp":"2022-09-17T18:42:53.743Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:43:26 honeypot-ams-1 sshd[2090]: Disconnected from authenticating user root 167.172.152.18 port 34730 [preauth]","@timestamp":"2022-09-17T18:43:27.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:44:50 honeypot-ams-1 sshd[2096]: Disconnected from authenticating user root 167.172.152.18 port 58706 [preauth]","@timestamp":"2022-09-17T18:44:51.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:46:14 honeypot-ams-1 sshd[2103]: Invalid user git from 167.172.152.18 port 54660","@timestamp":"2022-09-17T18:46:14.249Z"}
{"@timestamp":"2022-09-17T18:46:38.243Z","@version":"1","message":"Sep 17 18:46:37 honeypot-sgp-1 sshd[28976]: Invalid user default from 179.60.147.69 port 21172","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:47:09 honeypot-ams-1 sshd[2107]: Invalid user oracle from 167.172.152.18 port 51762","@timestamp":"2022-09-17T18:47:10.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:04 honeypot-ams-1 sshd[2111]: Invalid user odoo from 167.172.152.18 port 48926","@timestamp":"2022-09-17T18:48:05.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:59 honeypot-ams-1 sshd[2115]: Invalid user ec2-user from 167.172.152.18 port 46068","@timestamp":"2022-09-17T18:49:00.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:49:06 honeypot-fra-1 sshd[25811]: Connection closed by invalid user share 194.163.190.53 port 60874 [preauth]","@timestamp":"2022-09-17T18:49:06.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:49:20.310Z","@version":"1","message":"Sep 17 18:49:19 honeypot-sgp-1 sshd[28982]: Disconnected from authenticating user root 61.177.173.50 port 24617 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:49:54 honeypot-ams-1 sshd[2119]: Invalid user ubuntu from 167.172.152.18 port 43588","@timestamp":"2022-09-17T18:49:54.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:50:21 honeypot-ams-1 sshd[2123]: Received disconnect from 167.172.152.18 port 41888:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:50:22.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:51:16 honeypot-ams-1 sshd[2128]: Received disconnect from 167.172.152.18 port 38770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:51:16.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:52:10 honeypot-ams-1 sshd[2132]: Received disconnect from 167.172.152.18 port 36278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:52:11.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:53:06 honeypot-ams-1 sshd[2136]: Invalid user svn from 167.172.152.18 port 33412","@timestamp":"2022-09-17T18:53:07.466Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:02 honeypot-ams-1 sshd[2140]: Invalid user www from 167.172.152.18 port 58920","@timestamp":"2022-09-17T18:54:03.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:58 honeypot-ams-1 sshd[2144]: Invalid user db2inst1 from 167.172.152.18 port 56036","@timestamp":"2022-09-17T18:54:58.518Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:56:39 honeypot-ams-1 kernel: [84317579.781411] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18640 PROTO=TCP SPT=40993 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:56:39.564Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:56:46 honeypot-fra-1 sshd[25821]: Invalid user songzijie from 194.163.190.53 port 41592","@timestamp":"2022-09-17T18:56:47.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:58:33 honeypot-ams-1 sshd[2153]: Received disconnect from 128.199.97.155 port 3859:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:58:33.618Z"}
{"@timestamp":"2022-09-17T18:59:48.557Z","@version":"1","message":"Sep 17 18:59:48 honeypot-sgp-1 kernel: [84317292.428375] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:01:27.596Z","@version":"1","message":"Sep 17 19:01:27 honeypot-sgp-1 kernel: [84317391.469705] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24134 PROTO=TCP SPT=40993 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:02:01 honeypot-fra-1 sshd[25829]: Invalid user lijing from 165.22.45.108 port 33568","@timestamp":"2022-09-17T19:02:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:02:42 honeypot-ams-1 kernel: [84317943.162921] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=19031 PROTO=TCP SPT=41343 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:02:43.737Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:04:46 honeypot-fra-1 sshd[25833]: Invalid user songzijie from 194.163.190.53 port 49280","@timestamp":"2022-09-17T19:04:47.243Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:08:30 honeypot-ams-1 kernel: [84318290.864058] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.181 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=51654 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:08:30.902Z"}
{"@timestamp":"2022-09-17T19:10:49.819Z","@version":"1","message":"Sep 17 19:10:49 honeypot-sgp-1 sshd[28995]: Connection reset by 61.177.172.124 port 20946 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:12:39 honeypot-fra-1 kernel: [84316368.983443] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=9268 PROTO=TCP SPT=5893 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:12:39.423Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:13:57 honeypot-fra-1 kernel: [84316447.213077] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=33089 PROTO=TCP SPT=40620 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:13:58.456Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T19:14:48.916Z","@version":"1","message":"Sep 17 19:14:48 honeypot-sgp-1 sshd[29003]: Received disconnect from 77.37.248.144 port 48728:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:16:51 honeypot-ams-1 sshd[2169]: Received disconnect from 124.221.41.109 port 40914:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:16:52.126Z"}
{"@timestamp":"2022-09-17T19:17:39.988Z","@version":"1","message":"Sep 17 19:17:39 honeypot-sgp-1 sshd[29011]: Disconnected from invalid user fofserver 8.213.17.47 port 58044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:19:31 honeypot-fra-1 sshd[25850]: Connection closed by invalid user  151.84.56.72 port 54604 [preauth]","@timestamp":"2022-09-17T19:19:31.581Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:19:57 honeypot-ams-1 kernel: [84318978.201481] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=190.220.234.82 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=35208 PROTO=TCP SPT=19428 DPT=80 WINDOW=40403 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:19:58.208Z"}
{"@timestamp":"2022-09-17T19:20:35.077Z","@version":"1","message":"Sep 17 19:20:34 honeypot-sgp-1 sshd[29015]: Disconnected from authenticating user root 142.93.65.9 port 56924 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:21:48.109Z","@version":"1","message":"Sep 17 19:21:47 honeypot-sgp-1 sshd[29021]: Disconnected from authenticating user root 61.177.173.36 port 36888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:21:56 honeypot-ams-1 sshd[2179]: Disconnected from invalid user ier 186.122.149.6 port 34858 [preauth]","@timestamp":"2022-09-17T19:21:57.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:24:10 honeypot-ams-1 sshd[2185]: Received disconnect from 124.221.41.109 port 55164:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:24:10.326Z"}
{"@timestamp":"2022-09-17T19:26:35.226Z","@version":"1","message":"Sep 17 19:26:34 honeypot-sgp-1 kernel: [84318898.683823] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.134.144.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=65431 PROTO=TCP SPT=52937 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:27:35 honeypot-ams-1 sshd[2193]: Received disconnect from 124.221.41.109 port 46054:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:27:36.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:27:54 honeypot-fra-1 kernel: [84317284.425935] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.53 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=63459 PROTO=TCP SPT=50556 DPT=5432 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:27:55.773Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:30:50 honeypot-ams-1 sshd[2199]: Disconnected from authenticating user root 124.221.41.109 port 36012 [preauth]","@timestamp":"2022-09-17T19:30:51.509Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:31:26 honeypot-fra-1 kernel: [84317496.346242] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=25001 DF PROTO=TCP SPT=50308 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T19:31:26.855Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:35:40 honeypot-ams-1 sshd[2207]: Received disconnect from 124.221.41.109 port 34980:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:35:41.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:35:57 honeypot-fra-1 sshd[25868]: Disconnecting invalid user admin 180.49.192.10 port 62848: Too many authentication failures [preauth]","@timestamp":"2022-09-17T19:35:57.959Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:36:18.456Z","@version":"1","message":"Sep 17 19:36:18 honeypot-sgp-1 sshd[29037]: Received disconnect from 61.177.173.52 port 43600:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:38:54 honeypot-ams-1 sshd[2213]: Received disconnect from 124.221.41.109 port 53044:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:38:55.729Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:41:19 honeypot-fra-1 kernel: [84318088.704949] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=59121 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:41:20.084Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:42:04 honeypot-ams-1 sshd[2218]: Disconnected from authenticating user root 124.221.41.109 port 42636 [preauth]","@timestamp":"2022-09-17T19:42:04.815Z"}
{"@timestamp":"2022-09-17T19:43:31.627Z","@version":"1","message":"Sep 17 19:43:30 honeypot-sgp-1 sshd[29044]: Received disconnect from 61.177.173.36 port 18561:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:45:13 honeypot-ams-1 sshd[2226]: Disconnected from authenticating user root 124.221.41.109 port 60306 [preauth]","@timestamp":"2022-09-17T19:45:13.903Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:48:20 honeypot-ams-1 sshd[2230]: Received disconnect from 124.221.41.109 port 49682:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:48:20.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:48:59 honeypot-fra-1 sshd[25878]: Disconnected from invalid user electrical 104.131.93.177 port 58393 [preauth]","@timestamp":"2022-09-17T19:48:59.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:52:14 honeypot-ams-1 sshd[2238]: Invalid user aart from 147.182.179.237 port 36652","@timestamp":"2022-09-17T19:52:15.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:53:24 honeypot-ams-1 sshd[2242]: Received disconnect from 188.234.247.110 port 37644:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:53:25.127Z"}
{"@timestamp":"2022-09-17T19:53:52.866Z","@version":"1","message":"Sep 17 19:53:52 honeypot-sgp-1 sshd[29049]: Disconnected from authenticating user root 61.177.173.49 port 36795 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:55:03 honeypot-ams-1 sshd[2247]: Disconnected from authenticating user root 45.95.235.42 port 57208 [preauth]","@timestamp":"2022-09-17T19:55:03.173Z"}
{"@timestamp":"2022-09-17T19:55:33.908Z","@version":"1","message":"Sep 17 19:55:33 honeypot-sgp-1 sshd[29056]: Invalid user user from 45.61.186.169 port 38100","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:55:51.917Z","@version":"1","message":"Sep 17 19:55:51 honeypot-sgp-1 sshd[29060]: Invalid user user from 45.61.186.169 port 33340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:09.926Z","@version":"1","message":"Sep 17 19:56:09 honeypot-sgp-1 sshd[29064]: Invalid user user from 45.61.186.169 port 56846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:25.933Z","@version":"1","message":"Sep 17 19:56:25 honeypot-sgp-1 sshd[29068]: Invalid user user from 45.61.186.169 port 52074","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:56:30 honeypot-ams-1 sshd[2254]: Invalid user admin from 45.140.141.188 port 42438","@timestamp":"2022-09-17T19:56:30.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:57:09 honeypot-fra-1 sshd[25887]: Connection closed by authenticating user root 34.168.2.103 port 46976 [preauth]","@timestamp":"2022-09-17T19:57:09.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:59:06 honeypot-fra-1 sshd[25899]: Connection closed by authenticating user root 34.168.2.103 port 34572 [preauth]","@timestamp":"2022-09-17T19:59:07.492Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:59:16 honeypot-ams-1 sshd[2258]: Received disconnect from 124.221.41.109 port 54432:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:59:16.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:00:08 honeypot-fra-1 sshd[25910]: Invalid user blank from 179.60.147.69 port 5040","@timestamp":"2022-09-17T20:00:08.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:49 honeypot-ams-1 sshd[2264]: Received disconnect from 124.221.41.109 port 34896:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:00:50.351Z"}
{"@timestamp":"2022-09-17T20:01:00.042Z","@version":"1","message":"Sep 17 20:00:59 honeypot-sgp-1 sshd[29073]: Received disconnect from 61.177.172.104 port 43701:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:04 honeypot-ams-1 sshd[2268]: Received disconnect from 45.61.186.249 port 45758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:01:05.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:22 honeypot-ams-1 sshd[2272]: Received disconnect from 45.61.186.249 port 40594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:01:23.370Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:01:31 honeypot-fra-1 sshd[25917]: Connection closed by authenticating user root 34.168.2.103 port 36424 [preauth]","@timestamp":"2022-09-17T20:01:31.557Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:40 honeypot-ams-1 sshd[2276]: Received disconnect from 45.61.186.249 port 35418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:01:40.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:02:19 honeypot-ams-1 sshd[2280]: Connection closed by invalid user blank 179.60.147.69 port 40514 [preauth]","@timestamp":"2022-09-17T20:02:20.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:02:56 honeypot-fra-1 sshd[25928]: Disconnected from invalid user like 165.22.45.108 port 38746 [preauth]","@timestamp":"2022-09-17T20:02:56.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:05:07 honeypot-fra-1 sshd[25938]: Connection closed by authenticating user root 34.168.2.103 port 50242 [preauth]","@timestamp":"2022-09-17T20:05:08.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:05:27 honeypot-ams-1 sshd[2286]: Disconnected from authenticating user root 124.221.41.109 port 60888 [preauth]","@timestamp":"2022-09-17T20:05:28.482Z"}
{"@timestamp":"2022-09-17T20:06:25.170Z","@version":"1","message":"Sep 17 20:06:25 honeypot-sgp-1 kernel: [84321288.957406] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=18603 PROTO=TCP SPT=13019 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:07:24 honeypot-fra-1 sshd[25953]: Invalid user wanghao from 194.163.190.53 port 55528","@timestamp":"2022-09-17T20:07:24.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:08:50 honeypot-fra-1 sshd[25961]: Connection closed by authenticating user root 34.168.2.103 port 43984 [preauth]","@timestamp":"2022-09-17T20:08:50.767Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:09:04 honeypot-ams-1 kernel: [84321925.244423] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60718 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:09:05.582Z"}
{"@timestamp":"2022-09-17T20:09:42.247Z","@version":"1","message":"Sep 17 20:09:41 honeypot-sgp-1 sshd[29084]: Received disconnect from 61.177.172.108 port 12683:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:10:33 honeypot-fra-1 sshd[25971]: Connection closed by authenticating user root 34.168.2.103 port 59794 [preauth]","@timestamp":"2022-09-17T20:10:33.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:12:22 honeypot-fra-1 sshd[25984]: Connection closed by authenticating user root 34.168.2.103 port 51330 [preauth]","@timestamp":"2022-09-17T20:12:22.860Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:13:08 honeypot-ams-1 sshd[2299]: Received disconnect from 124.221.41.109 port 47442:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:13:08.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:13:45 honeypot-fra-1 sshd[25996]: Disconnected from authenticating user root 92.255.85.69 port 47774 [preauth]","@timestamp":"2022-09-17T20:13:45.898Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:14:17.356Z","@version":"1","message":"Sep 17 20:14:16 honeypot-sgp-1 sshd[29091]: Received disconnect from 178.128.148.229 port 41780:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:15:12 honeypot-fra-1 sshd[26002]: Connection closed by authenticating user root 34.168.2.103 port 48900 [preauth]","@timestamp":"2022-09-17T20:15:12.936Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:16:14.403Z","@version":"1","message":"Sep 17 20:16:14 honeypot-sgp-1 sshd[29097]: Received disconnect from 51.250.90.116 port 50156:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:16:56 honeypot-fra-1 sshd[26016]: Connection closed by authenticating user root 34.168.2.103 port 50504 [preauth]","@timestamp":"2022-09-17T20:16:56.983Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:17:01 honeypot-ams-1 CRON[2305]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T20:17:01.822Z"}
{"@timestamp":"2022-09-17T20:17:21.433Z","@version":"1","message":"Sep 17 20:17:20 honeypot-sgp-1 sshd[29105]: Invalid user stan from 198.46.152.24 port 55174","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:18:32 honeypot-fra-1 sshd[26028]: Connection closed by authenticating user root 34.168.2.103 port 43116 [preauth]","@timestamp":"2022-09-17T20:18:32.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:19:14 honeypot-ams-1 sshd[2311]: Disconnected from authenticating user root 124.221.41.109 port 53414 [preauth]","@timestamp":"2022-09-17T20:19:14.888Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:19:16 honeypot-fra-1 sshd[26035]: Disconnected from authenticating user root 160.16.143.158 port 44544 [preauth]","@timestamp":"2022-09-17T20:19:17.045Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:20:50.515Z","@version":"1","message":"Sep 17 20:20:49 honeypot-sgp-1 sshd[29110]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:22:27 honeypot-fra-1 sshd[26044]: Connection closed by invalid user olimex 141.98.10.158 port 58558 [preauth]","@timestamp":"2022-09-17T20:22:28.121Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:22:53.567Z","@version":"1","message":"Sep 17 20:22:53 honeypot-sgp-1 sshd[29115]: Disconnected from authenticating user root 159.65.103.250 port 48234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:23:48 honeypot-ams-1 sshd[2318]: Received disconnect from 124.221.41.109 port 50736:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:23:49.016Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:26:50 honeypot-ams-1 sshd[2325]: Received disconnect from 124.221.41.109 port 39490:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:26:51.101Z"}
{"@timestamp":"2022-09-17T20:27:26.678Z","@version":"1","message":"Sep 17 20:27:26 honeypot-sgp-1 sshd[29126]: Invalid user smbuser from 13.76.166.169 port 46018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:29:41 honeypot-ams-1 sshd[2329]: Connection closed by 167.94.138.61 port 37788 [preauth]","@timestamp":"2022-09-17T20:29:42.180Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:30:16 honeypot-fra-1 kernel: [84321025.609267] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:30:16.292Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T20:30:38.771Z","@version":"1","message":"Sep 17 20:30:37 honeypot-sgp-1 kernel: [84322741.720975] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=55059 PROTO=TCP SPT=46602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:31:23 honeypot-ams-1 sshd[2336]: Received disconnect from 124.221.41.109 port 36670:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:31:24.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:34:25 honeypot-ams-1 sshd[2341]: Disconnected from authenticating user root 124.221.41.109 port 53524 [preauth]","@timestamp":"2022-09-17T20:34:25.573Z"}
{"@timestamp":"2022-09-17T20:35:56.893Z","@version":"1","message":"Sep 17 20:35:56 honeypot-sgp-1 kernel: [84323060.761523] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.162.64 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=47727 PROTO=TCP SPT=48247 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:38:49 honeypot-ams-1 sshd[2348]: Invalid user guest from 179.60.147.69 port 62870","@timestamp":"2022-09-17T20:38:49.694Z"}
{"@timestamp":"2022-09-17T20:40:17.997Z","@version":"1","message":"Sep 17 20:40:17 honeypot-sgp-1 sshd[29143]: Did not receive identification string from 45.61.186.249 port 39578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:39.008Z","@version":"1","message":"Sep 17 20:40:38 honeypot-sgp-1 sshd[29147]: Received disconnect from 45.61.186.249 port 40708:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:40:54 honeypot-ams-1 kernel: [84323834.668660] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.171.97.131 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=46214 PROTO=TCP SPT=44508 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:40:54.752Z"}
{"@timestamp":"2022-09-17T20:40:58.017Z","@version":"1","message":"Sep 17 20:40:57 honeypot-sgp-1 sshd[29151]: Received disconnect from 45.61.186.249 port 35768:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26050]: Did not receive identification string from 212.87.251.118 port 34862","@timestamp":"2022-09-17T20:41:09.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26052]: Invalid user web from 212.87.251.118 port 35386","@timestamp":"2022-09-17T20:41:10.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26065]: Invalid user guest from 212.87.251.118 port 35408","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26073]: Invalid user hadoop from 212.87.251.118 port 35444","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26075]: Invalid user elastic from 212.87.251.118 port 35456","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26052]: Connection closed by invalid user web 212.87.251.118 port 35386 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26067]: Connection closed by invalid user git 212.87.251.118 port 35420 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26054]: Connection closed by invalid user es 212.87.251.118 port 35384 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26075]: Connection closed by invalid user elastic 212.87.251.118 port 35456 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:41:15.026Z","@version":"1","message":"Sep 17 20:41:14 honeypot-sgp-1 sshd[29155]: Received disconnect from 45.61.186.249 port 59072:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:44:44 honeypot-ams-1 kernel: [84324064.725029] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=86 TOS=0x00 PREC=0x00 TTL=252 ID=16677 PROTO=TCP SPT=3019 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:44:44.859Z"}
{"@timestamp":"2022-09-17T20:46:07.139Z","@version":"1","message":"Sep 17 20:46:06 honeypot-sgp-1 kernel: [84323670.844200] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=55067 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:47:51 honeypot-ams-1 sshd[2364]: Disconnected from authenticating user root 124.221.41.109 port 44032 [preauth]","@timestamp":"2022-09-17T20:47:51.945Z"}
{"@timestamp":"2022-09-17T20:48:55.206Z","@version":"1","message":"Sep 17 20:48:54 honeypot-sgp-1 sshd[29167]: Received disconnect from 99.37.212.75 port 47686:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:10 honeypot-fra-1 sshd[26105]: Invalid user user from 45.61.186.249 port 43122","@timestamp":"2022-09-17T20:51:11.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:29 honeypot-fra-1 sshd[26109]: Invalid user user from 45.61.186.249 port 38206","@timestamp":"2022-09-17T20:51:29.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:46 honeypot-fra-1 sshd[26113]: Invalid user user from 45.61.186.249 port 33278","@timestamp":"2022-09-17T20:51:46.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:52:18 honeypot-ams-1 sshd[2370]: Received disconnect from 124.221.41.109 port 40660:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:52:19.066Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:52:37 honeypot-fra-1 kernel: [84322367.303688] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.129.95 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=36691 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:52:38.794Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T20:53:54.321Z","@version":"1","message":"Sep 17 20:53:53 honeypot-sgp-1 sshd[29173]: Received disconnect from 79.69.57.2 port 55002:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:54:26.336Z","@version":"1","message":"Sep 17 20:54:25 honeypot-sgp-1 sshd[29178]: Received disconnect from 165.22.55.238 port 50740:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:56:04.375Z","@version":"1","message":"Sep 17 20:56:03 honeypot-sgp-1 sshd[29182]: Received disconnect from 94.23.27.28 port 41218:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:56:43 honeypot-ams-1 sshd[2377]: Received disconnect from 124.221.41.109 port 37196:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:56:43.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:01:07 honeypot-ams-1 sshd[2385]: Received disconnect from 124.221.41.109 port 33664:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:01:08.302Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:02:43 honeypot-fra-1 sshd[26123]: Invalid user admin from 92.255.85.69 port 38072","@timestamp":"2022-09-17T21:02:44.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:02:47.530Z","@version":"1","message":"Sep 17 21:02:47 honeypot-sgp-1 sshd[29190]: Disconnected from authenticating user root 69.49.244.103 port 57226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:04:04 honeypot-ams-1 sshd[2389]: Disconnected from authenticating user root 124.221.41.109 port 50090 [preauth]","@timestamp":"2022-09-17T21:04:04.381Z"}
{"@timestamp":"2022-09-17T21:06:05.609Z","@version":"1","message":"Sep 17 21:06:05 honeypot-sgp-1 sshd[29193]: Disconnected from authenticating user root 61.177.172.104 port 40360 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:06:24 honeypot-fra-1 sshd[26126]: Disconnected from invalid user ellen 81.169.137.181 port 55290 [preauth]","@timestamp":"2022-09-17T21:06:25.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:06:59 honeypot-ams-1 sshd[2396]: Received disconnect from 124.221.41.109 port 38242:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:06:59.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:07:18 honeypot-ams-1 sshd[2400]: Connection closed by invalid user liu 103.188.176.251 port 53516 [preauth]","@timestamp":"2022-09-17T21:07:19.473Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:07:54 honeypot-fra-1 sshd[26131]: Received disconnect from 81.169.137.181 port 54368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:07:55.141Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:09:18 honeypot-fra-1 sshd[26135]: Received disconnect from 81.169.137.181 port 53416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:09:19.199Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:09:54 honeypot-ams-1 sshd[2406]: Received disconnect from 124.221.41.109 port 54566:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:09:55.543Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:33 honeypot-fra-1 sshd[26140]: Invalid user user from 45.61.184.204 port 53168","@timestamp":"2022-09-17T21:10:34.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:43 honeypot-fra-1 sshd[26144]: Invalid user user from 45.61.184.204 port 36520","@timestamp":"2022-09-17T21:10:44.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:01 honeypot-fra-1 sshd[26148]: Invalid user user from 45.61.184.204 port 59634","@timestamp":"2022-09-17T21:11:02.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:16 honeypot-fra-1 sshd[26152]: Invalid user equistat from 81.169.137.181 port 37908","@timestamp":"2022-09-17T21:11:16.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:22 honeypot-fra-1 sshd[26154]: Invalid user liu from 103.188.176.251 port 35780","@timestamp":"2022-09-17T21:11:22.253Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:11:41.740Z","@version":"1","message":"Sep 17 21:11:41 honeypot-sgp-1 sshd[29204]: Invalid user test from 179.60.147.69 port 27458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:43 honeypot-fra-1 sshd[26160]: Received disconnect from 165.22.45.108 port 44050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:11:44.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:12:08 honeypot-fra-1 kernel: [84323538.060272] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=30922 DF PROTO=TCP SPT=55640 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:12:09.275Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:12:49 honeypot-fra-1 sshd[26167]: Connection closed by invalid user test 179.60.147.69 port 51722 [preauth]","@timestamp":"2022-09-17T21:12:49.293Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:12:49 honeypot-ams-1 sshd[2414]: Received disconnect from 124.221.41.109 port 42638:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:12:50.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:13:51 honeypot-fra-1 sshd[26171]: Disconnected from invalid user es 81.169.137.181 port 36034 [preauth]","@timestamp":"2022-09-17T21:13:51.319Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:14:28.809Z","@version":"1","message":"Sep 17 21:14:27 honeypot-sgp-1 kernel: [84325371.860313] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=57853 DF PROTO=TCP SPT=54984 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:15:06 honeypot-ams-1 sshd[2420]: Invalid user admin from 193.106.191.157 port 43566","@timestamp":"2022-09-17T21:15:07.684Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:15:09 honeypot-fra-1 sshd[26175]: Received disconnect from 81.169.137.181 port 35100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:15:09.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:16:05 honeypot-ams-1 sshd[2424]: Disconnected from invalid user admin 92.255.85.69 port 31686 [preauth]","@timestamp":"2022-09-17T21:16:05.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:16:27 honeypot-fra-1 sshd[26179]: Received disconnect from 81.169.137.181 port 34146:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:16:27.383Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:07 honeypot-fra-1 sshd[26184]: Disconnected from invalid user exit 81.169.137.181 port 47770 [preauth]","@timestamp":"2022-09-17T21:17:07.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:18:27 honeypot-fra-1 sshd[26190]: Invalid user farheen from 81.169.137.181 port 46854","@timestamp":"2022-09-17T21:18:28.435Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:18:38 honeypot-ams-1 sshd[2432]: Disconnected from authenticating user root 124.221.41.109 port 46976 [preauth]","@timestamp":"2022-09-17T21:18:39.783Z"}
{"@timestamp":"2022-09-17T21:19:28.926Z","@version":"1","message":"Sep 17 21:19:28 honeypot-sgp-1 sshd[29217]: Received disconnect from 61.177.173.48 port 13590:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:19:48 honeypot-fra-1 sshd[26194]: Invalid user feel from 81.169.137.181 port 45902","@timestamp":"2022-09-17T21:19:49.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:21:11 honeypot-fra-1 sshd[26198]: Invalid user ferlin from 81.169.137.181 port 44968","@timestamp":"2022-09-17T21:21:12.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:22:34 honeypot-fra-1 sshd[26202]: Invalid user finsa from 81.169.137.181 port 44050","@timestamp":"2022-09-17T21:22:34.537Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:22:58 honeypot-ams-1 sshd[2439]: Received disconnect from 124.221.41.109 port 43082:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:22:58.902Z"}
{"@timestamp":"2022-09-17T21:24:01.038Z","@version":"1","message":"Sep 17 21:24:00 honeypot-sgp-1 kernel: [84325944.479457] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.32 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34072 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:26:30 honeypot-ams-1 sshd[2445]: Invalid user bull from 119.4.210.70 port 35860","@timestamp":"2022-09-17T21:26:30.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:27:18 honeypot-ams-1 sshd[2447]: Disconnected from authenticating user root 124.221.41.109 port 39108 [preauth]","@timestamp":"2022-09-17T21:27:19.020Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:30:52 honeypot-ams-1 sshd[2454]: Invalid user apache from 189.105.10.204 port 44006","@timestamp":"2022-09-17T21:30:53.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:31:19 honeypot-fra-1 sshd[26206]: Invalid user bzrx1098ui from 92.255.85.113 port 39526","@timestamp":"2022-09-17T21:31:19.734Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:33:03 honeypot-ams-1 sshd[2458]: Received disconnect from 124.221.41.109 port 43122:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:33:04.173Z"}
{"@timestamp":"2022-09-17T21:34:15.295Z","@version":"1","message":"Sep 17 21:34:14 honeypot-sgp-1 kernel: [84326558.576393] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=34323 PROTO=TCP SPT=47873 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:35:06 honeypot-ams-1 sshd[2464]: Connection closed by invalid user admin 193.106.191.157 port 57048 [preauth]","@timestamp":"2022-09-17T21:35:07.230Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:37:43 honeypot-ams-1 sshd[2470]: Received disconnect from 128.199.208.187 port 52250:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:37:43.301Z"}
{"@timestamp":"2022-09-17T21:39:41.421Z","@version":"1","message":"Sep 17 21:39:41 honeypot-sgp-1 sshd[29314]: Received disconnect from 61.177.173.52 port 19695:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:40:14 honeypot-ams-1 sshd[2476]: Received disconnect from 124.221.41.109 port 55012:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:40:14.370Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:41:47 honeypot-ams-1 kernel: [84327487.760875] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.148.45.120 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=32850 DF PROTO=TCP SPT=23206 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:41:48.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:43:46 honeypot-fra-1 kernel: [84325435.405562] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=39674 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:43:47.014Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:44:16 honeypot-fra-1 sshd[26211]: Disconnected from invalid user michaels 159.65.249.79 port 52106 [preauth]","@timestamp":"2022-09-17T21:44:17.028Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:44:29 honeypot-ams-1 sshd[2486]: Disconnected from authenticating user root 124.221.41.109 port 50764 [preauth]","@timestamp":"2022-09-17T21:44:29.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:47:20 honeypot-ams-1 sshd[2491]: Disconnected from authenticating user root 124.221.41.109 port 38464 [preauth]","@timestamp":"2022-09-17T21:47:20.568Z"}
{"@timestamp":"2022-09-17T21:47:51.615Z","@version":"1","message":"Sep 17 21:47:51 honeypot-sgp-1 sshd[29322]: Invalid user admin from 179.60.147.69 port 6296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:49:16 honeypot-fra-1 kernel: [84325766.273398] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.199.159.202 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=23252 PROTO=TCP SPT=56384 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:49:17.145Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:49:54 honeypot-ams-1 sshd[2497]: Invalid user z from 190.103.202.7 port 33200","@timestamp":"2022-09-17T21:49:54.636Z"}
{"@timestamp":"2022-09-17T21:50:36.680Z","@version":"1","message":"Sep 17 21:50:35 honeypot-sgp-1 kernel: [84327539.723191] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=17955 PROTO=TCP SPT=47565 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:51:01 honeypot-fra-1 sshd[26222]: Connection closed by invalid user admin 157.230.10.173 port 41570 [preauth]","@timestamp":"2022-09-17T21:51:02.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:51:10 honeypot-ams-1 sshd[2502]: Invalid user admin from 179.60.147.69 port 47980","@timestamp":"2022-09-17T21:51:10.672Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:52:36 honeypot-ams-1 kernel: [84328136.782685] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.204.144.160 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44204 PROTO=TCP SPT=51396 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:52:36.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:55:51 honeypot-ams-1 sshd[2512]: Received disconnect from 124.221.41.109 port 57774:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:55:51.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:58:39 honeypot-ams-1 sshd[2520]: Received disconnect from 124.221.41.109 port 45306:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:58:39.883Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:00:07 honeypot-fra-1 sshd[26227]: Disconnected from invalid user ilyse 20.108.156.65 port 37322 [preauth]","@timestamp":"2022-09-17T22:00:08.384Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T22:00:26.909Z","@version":"1","message":"Sep 17 22:00:26 honeypot-sgp-1 sshd[29332]: Invalid user telecomadmin from 92.255.85.69 port 54686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:01:29 honeypot-ams-1 sshd[2524]: Received disconnect from 124.221.41.109 port 32800:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:01:29.960Z"}
{"@timestamp":"2022-09-17T22:01:51.944Z","@version":"1","message":"Sep 17 22:01:51 honeypot-sgp-1 kernel: [84328215.071875] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.77.28.208 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=11084 PROTO=TCP SPT=52787 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:01:59 honeypot-fra-1 sshd[26231]: Received disconnect from 190.85.108.186 port 35304:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:01:59.430Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T22:03:52.993Z","@version":"1","message":"Sep 17 22:03:52 honeypot-sgp-1 sshd[29342]: Connection closed by invalid user admin 159.203.178.0 port 54556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:04:15 honeypot-ams-1 sshd[2529]: Disconnected from authenticating user root 124.221.41.109 port 48476 [preauth]","@timestamp":"2022-09-17T22:04:16.050Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:05:46 honeypot-fra-1 sshd[26236]: Received disconnect from 206.189.65.29 port 48606:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:05:47.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:06:08 honeypot-ams-1 kernel: [84328948.565674] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=33632 PROTO=TCP SPT=50279 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:06:09.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:08:58 honeypot-ams-1 sshd[2541]: Connection closed by invalid user admin 121.171.55.115 port 43403 [preauth]","@timestamp":"2022-09-17T22:08:59.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:14 honeypot-ams-1 sshd[2545]: Disconnected from authenticating user root 124.221.41.109 port 59352 [preauth]","@timestamp":"2022-09-17T22:11:15.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:58 honeypot-ams-1 sshd[2550]: Received disconnect from 45.61.186.249 port 34454:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T22:11:58.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:16 honeypot-ams-1 sshd[2554]: Invalid user user from 45.61.186.249 port 57250","@timestamp":"2022-09-17T22:12:16.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:33 honeypot-ams-1 sshd[2558]: Invalid user user from 45.61.186.249 port 51828","@timestamp":"2022-09-17T22:12:33.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:41 honeypot-ams-1 sshd[2562]: Received disconnect from 45.61.186.249 port 35000:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T22:12:42.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:15:27 honeypot-ams-1 sshd[2567]: Disconnected from authenticating user root 124.221.41.109 port 54510 [preauth]","@timestamp":"2022-09-17T22:15:27.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:18:13 honeypot-ams-1 sshd[2574]: Disconnected from authenticating user root 124.221.41.109 port 41832 [preauth]","@timestamp":"2022-09-17T22:18:14.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:20:58 honeypot-ams-1 sshd[2579]: Disconnected from authenticating user root 124.221.41.109 port 57364 [preauth]","@timestamp":"2022-09-17T22:20:59.541Z"}
{"@timestamp":"2022-09-17T22:24:24.463Z","@version":"1","message":"Sep 17 22:24:23 honeypot-sgp-1 sshd[29351]: Invalid user support from 179.60.147.69 port 62142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:24:24 honeypot-ams-1 sshd[2585]: Received disconnect from 92.255.85.69 port 62734:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:24:25.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:25:31 honeypot-fra-1 sshd[26243]: Invalid user support from 179.60.147.69 port 54766","@timestamp":"2022-09-17T22:25:31.979Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:26:33 honeypot-ams-1 kernel: [84330173.315389] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36446 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:26:33.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:29:13 honeypot-ams-1 sshd[2597]: Disconnected from authenticating user root 124.221.41.109 port 47300 [preauth]","@timestamp":"2022-09-17T22:29:13.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:31:11 honeypot-fra-1 sshd[26248]: Received disconnect from 165.22.45.108 port 49522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T22:31:12.124Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:31:58 honeypot-ams-1 sshd[2604]: Received disconnect from 124.221.41.109 port 34466:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:31:58.839Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:35:20 honeypot-fra-1 kernel: [84328529.399371] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.116.59.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51195 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:35:20.218Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:36:03 honeypot-ams-1 sshd[2611]: Received disconnect from 124.221.41.109 port 57476:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:36:03.947Z"}
{"@timestamp":"2022-09-17T22:37:37.764Z","@version":"1","message":"Sep 17 22:37:37 honeypot-sgp-1 kernel: [84330360.801452] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.20.227 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=41332 DF PROTO=TCP SPT=43476 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:40:08 honeypot-ams-1 sshd[2617]: Received disconnect from 124.221.41.109 port 52158:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:40:09.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:42:50 honeypot-ams-1 sshd[2626]: Received disconnect from 124.221.41.109 port 39152:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:42:51.128Z"}
{"@timestamp":"2022-09-17T22:43:28.899Z","@version":"1","message":"Sep 17 22:43:28 honeypot-sgp-1 sshd[29358]: Invalid user lilijin from 93.189.11.246 port 57893","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:45:32 honeypot-ams-1 sshd[2630]: Disconnected from authenticating user root 124.221.41.109 port 54332 [preauth]","@timestamp":"2022-09-17T22:45:33.201Z"}
{"@timestamp":"2022-09-17T22:47:03.983Z","@version":"1","message":"Sep 17 22:47:03 honeypot-sgp-1 sshd[29362]: Invalid user admin from 182.71.227.50 port 39550","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:49:36 honeypot-ams-1 sshd[2637]: Disconnected from authenticating user root 124.221.41.109 port 48822 [preauth]","@timestamp":"2022-09-17T22:49:36.306Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:52:43 honeypot-ams-1 kernel: [84331743.520780] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=118.126.82.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=41748 PROTO=TCP SPT=44592 DPT=80 WINDOW=25824 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:52:43.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:53:37 honeypot-ams-1 sshd[2647]: Disconnected from authenticating user root 124.221.41.109 port 43268 [preauth]","@timestamp":"2022-09-17T22:53:38.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:56:18 honeypot-ams-1 sshd[2653]: Received disconnect from 124.221.41.109 port 58350:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:56:19.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:59:00 honeypot-ams-1 sshd[2659]: Received disconnect from 124.221.41.109 port 45174:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:59:01.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:00:19 honeypot-ams-1 sshd[2661]: Disconnected from authenticating user root 124.221.41.109 port 52684 [preauth]","@timestamp":"2022-09-17T23:00:20.596Z"}
{"@timestamp":"2022-09-17T23:00:26.289Z","@version":"1","message":"Sep 17 23:00:25 honeypot-sgp-1 sshd[29366]: Connection closed by invalid user debian 179.60.147.69 port 19644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:01:33 honeypot-fra-1 sshd[26273]: Invalid user debian from 179.60.147.69 port 57634","@timestamp":"2022-09-17T23:01:33.805Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:03:47 honeypot-ams-1 sshd[2668]: Connection closed by invalid user debian 179.60.147.69 port 63338 [preauth]","@timestamp":"2022-09-17T23:03:47.687Z"}
{"@timestamp":"2022-09-17T23:04:42.390Z","@version":"1","message":"Sep 17 23:04:41 honeypot-sgp-1 sshd[29371]: Received disconnect from 45.61.184.204 port 48736:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:01.399Z","@version":"1","message":"Sep 17 23:05:00 honeypot-sgp-1 sshd[29375]: Received disconnect from 45.61.184.204 port 44152:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:18.408Z","@version":"1","message":"Sep 17 23:05:18 honeypot-sgp-1 sshd[29379]: Received disconnect from 45.61.184.204 port 39594:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:07:02 honeypot-ams-1 sshd[2674]: Disconnected from authenticating user root 124.221.41.109 port 33610 [preauth]","@timestamp":"2022-09-17T23:07:02.775Z"}
{"@timestamp":"2022-09-17T23:08:48.489Z","@version":"1","message":"Sep 17 23:08:47 honeypot-sgp-1 sshd[29384]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:11:01 honeypot-ams-1 sshd[2683]: Disconnected from authenticating user root 124.221.41.109 port 55856 [preauth]","@timestamp":"2022-09-17T23:11:01.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:14:56 honeypot-ams-1 sshd[2690]: Received disconnect from 124.221.41.109 port 49772:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:14:56.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:17:01 honeypot-ams-1 CRON[2694]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T23:17:02.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:18:50 honeypot-ams-1 sshd[2702]: Disconnected from authenticating user root 124.221.41.109 port 43604 [preauth]","@timestamp":"2022-09-17T23:18:51.093Z"}
{"@timestamp":"2022-09-17T23:19:42.737Z","@version":"1","message":"Sep 17 23:19:42 honeypot-sgp-1 sshd[29392]: Invalid user bcd from 155.0.2.218 port 39849","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:19:55 honeypot-fra-1 kernel: [84331204.385241] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=58900 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:19:56.216Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:22:47 honeypot-ams-1 sshd[2708]: Received disconnect from 124.221.41.109 port 37366:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:22:48.197Z"}
{"@timestamp":"2022-09-17T23:23:59.836Z","@version":"1","message":"Sep 17 23:23:58 honeypot-sgp-1 sshd[29396]: Received disconnect from 92.255.85.70 port 36142:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:25:24 honeypot-ams-1 sshd[2714]: Disconnected from authenticating user root 124.221.41.109 port 51988 [preauth]","@timestamp":"2022-09-17T23:25:25.269Z"}
{"@timestamp":"2022-09-17T23:26:14.891Z","@version":"1","message":"Sep 17 23:26:14 honeypot-sgp-1 sshd[29413]: Disconnected from invalid user usuario 195.206.60.116 port 36382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:26:36 honeypot-ams-1 sshd[2720]: Invalid user elvin from 81.169.137.181 port 47896","@timestamp":"2022-09-17T23:26:37.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:27:19 honeypot-ams-1 sshd[2724]: Received disconnect from 81.169.137.181 port 34812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:27:20.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:28:03 honeypot-ams-1 sshd[2728]: Disconnected from invalid user emil 81.169.137.181 port 49970 [preauth]","@timestamp":"2022-09-17T23:28:04.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:29:24 honeypot-ams-1 sshd[2735]: Invalid user enver from 81.169.137.181 port 52102","@timestamp":"2022-09-17T23:29:25.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:30:16 honeypot-fra-1 kernel: [84331825.897245] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=56679 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:30:17.448Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:30:32 honeypot-ams-1 kernel: [84334013.088759] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=2776 PROTO=TCP SPT=57408 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:30:33.417Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:30:46 honeypot-ams-1 kernel: [84334026.539127] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.98.76 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47715 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:30:46.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:31:20 honeypot-ams-1 sshd[2744]: Received disconnect from 81.169.137.181 port 41022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:31:20.443Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:43 honeypot-fra-1 sshd[26290]: Received disconnect from 45.61.186.49 port 35184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:31:43.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:54 honeypot-fra-1 sshd[26294]: Received disconnect from 45.61.186.49 port 46904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:31:54.492Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:31:58 honeypot-ams-1 sshd[2748]: Disconnected from invalid user ericka 81.169.137.181 port 56104 [preauth]","@timestamp":"2022-09-17T23:31:58.463Z"}
{"@timestamp":"2022-09-17T23:32:04.025Z","@version":"1","message":"Sep 17 23:32:03 honeypot-sgp-1 sshd[29418]: Received disconnect from 46.101.82.89 port 49826:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:33:15 honeypot-ams-1 sshd[2754]: Invalid user es from 81.169.137.181 port 58160","@timestamp":"2022-09-17T23:33:15.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:33:54 honeypot-ams-1 sshd[2756]: Disconnected from invalid user este 81.169.137.181 port 45070 [preauth]","@timestamp":"2022-09-17T23:33:54.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:34:32 honeypot-ams-1 sshd[2763]: Invalid user esteban from 81.169.137.181 port 60216","@timestamp":"2022-09-17T23:34:33.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:35:44 honeypot-ams-1 sshd[2767]: Received disconnect from 124.221.41.109 port 53768:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:35:45.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:36:28 honeypot-ams-1 sshd[2771]: Received disconnect from 81.169.137.181 port 49192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:36:29.597Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:36:36 honeypot-fra-1 kernel: [84332205.114248] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44058 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:36:36.599Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:37:08 honeypot-ams-1 sshd[2775]: Invalid user fabienne from 81.169.137.181 port 36086","@timestamp":"2022-09-17T23:37:09.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:37:49 honeypot-ams-1 sshd[2777]: Disconnected from invalid user farheen 81.169.137.181 port 51210 [preauth]","@timestamp":"2022-09-17T23:37:49.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:28 honeypot-ams-1 sshd[2781]: Disconnected from invalid user fedora 81.169.137.181 port 38130 [preauth]","@timestamp":"2022-09-17T23:38:29.673Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:38 honeypot-ams-1 sshd[2787]: Received disconnect from 39.71.48.53 port 31704:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:38.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:43 honeypot-ams-1 sshd[2793]: Received disconnect from 39.71.48.53 port 29810:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:43.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:48 honeypot-ams-1 sshd[2799]: Received disconnect from 39.71.48.53 port 29939:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:48.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:53 honeypot-ams-1 sshd[2805]: Received disconnect from 39.71.48.53 port 30136:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:54.689Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:59 honeypot-ams-1 sshd[2811]: Received disconnect from 39.71.48.53 port 30221:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:59.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:04 honeypot-ams-1 sshd[2817]: Received disconnect from 39.71.48.53 port 30420:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:04.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:09 honeypot-ams-1 sshd[2823]: Received disconnect from 39.71.48.53 port 30510:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:09.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:11 honeypot-ams-1 sshd[2825]: Disconnected from authenticating user root 39.71.48.53 port 30534 [preauth]","@timestamp":"2022-09-17T23:39:11.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:16 honeypot-ams-1 sshd[2833]: Disconnected from authenticating user root 39.71.48.53 port 30744 [preauth]","@timestamp":"2022-09-17T23:39:16.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:21 honeypot-ams-1 sshd[2839]: Disconnected from authenticating user root 39.71.48.53 port 30838 [preauth]","@timestamp":"2022-09-17T23:39:22.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:25 honeypot-ams-1 sshd[2843]: Received disconnect from 39.71.48.53 port 31015:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:25.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:30 honeypot-ams-1 sshd[2852]: Received disconnect from 39.71.48.53 port 31151:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:30.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:35 honeypot-ams-1 sshd[2860]: Received disconnect from 39.71.48.53 port 31350:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:35.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:37 honeypot-ams-1 sshd[2862]: Disconnected from invalid user admin 39.71.48.53 port 31394 [preauth]","@timestamp":"2022-09-17T23:39:37.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:40 honeypot-ams-1 sshd[2866]: Disconnected from invalid user admin 39.71.48.53 port 31447 [preauth]","@timestamp":"2022-09-17T23:39:40.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:44 honeypot-ams-1 sshd[2870]: Disconnected from invalid user admin 39.71.48.53 port 31601 [preauth]","@timestamp":"2022-09-17T23:39:44.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:47 honeypot-ams-1 sshd[2874]: Disconnected from invalid user admin 39.71.48.53 port 31671 [preauth]","@timestamp":"2022-09-17T23:39:47.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:50 honeypot-ams-1 sshd[2880]: Received disconnect from 39.71.48.53 port 31729:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:51.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:52 honeypot-ams-1 sshd[2882]: Received disconnect from 39.71.48.53 port 29697:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:52.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:56 honeypot-ams-1 sshd[2888]: Disconnected from authenticating user root 39.71.48.53 port 29852 [preauth]","@timestamp":"2022-09-17T23:39:56.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:01 honeypot-ams-1 sshd[2894]: Invalid user pi from 39.71.48.53 port 29951","@timestamp":"2022-09-17T23:40:01.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:04 honeypot-ams-1 sshd[2898]: Invalid user ethos from 39.71.48.53 port 30126","@timestamp":"2022-09-17T23:40:04.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:07 honeypot-ams-1 sshd[2902]: Invalid user miner from 39.71.48.53 port 30199","@timestamp":"2022-09-17T23:40:08.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:11 honeypot-ams-1 sshd[2906]: Invalid user volumio from 39.71.48.53 port 30250","@timestamp":"2022-09-17T23:40:11.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:13 honeypot-ams-1 sshd[2910]: Invalid user flashlight from 103.235.170.195 port 36550","@timestamp":"2022-09-17T23:40:13.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:16 honeypot-ams-1 sshd[2914]: Invalid user postgres from 39.71.48.53 port 30446","@timestamp":"2022-09-17T23:40:16.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:20 honeypot-ams-1 sshd[2918]: Invalid user support from 39.71.48.53 port 30518","@timestamp":"2022-09-17T23:40:20.749Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:23 honeypot-ams-1 sshd[2922]: Invalid user ubuntu from 39.71.48.53 port 30645","@timestamp":"2022-09-17T23:40:23.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:26 honeypot-ams-1 sshd[2926]: Invalid user ubuntu from 39.71.48.53 port 30766","@timestamp":"2022-09-17T23:40:27.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:30 honeypot-ams-1 sshd[2930]: Invalid user guest from 39.71.48.53 port 30848","@timestamp":"2022-09-17T23:40:30.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:33 honeypot-ams-1 sshd[2934]: Invalid user cirros from 39.71.48.53 port 30988","@timestamp":"2022-09-17T23:40:34.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:35 honeypot-ams-1 sshd[2938]: Invalid user cirros from 39.71.48.53 port 31028","@timestamp":"2022-09-17T23:40:35.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:41:16 honeypot-ams-1 sshd[2942]: Received disconnect from 81.169.137.181 port 42250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:41:16.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:42:09 honeypot-ams-1 sshd[2946]: Disconnected from authenticating user root 124.221.41.109 port 33444 [preauth]","@timestamp":"2022-09-17T23:42:09.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:42:12 honeypot-fra-1 sshd[26304]: Connection closed by invalid user g 141.98.10.158 port 41290 [preauth]","@timestamp":"2022-09-17T23:42:12.731Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:43:26 honeypot-ams-1 sshd[2950]: Disconnected from authenticating user root 124.221.41.109 port 40654 [preauth]","@timestamp":"2022-09-17T23:43:26.844Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:45:29 honeypot-ams-1 kernel: [84334909.498607] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=36321 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:45:29.902Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:46:20 honeypot-ams-1 kernel: [84334960.359510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60513 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:46:20.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:31 honeypot-ams-1 sshd[2969]: Did not receive identification string from 212.192.246.174 port 32768","@timestamp":"2022-09-17T23:48:31.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:33 honeypot-ams-1 sshd[2973]: Did not receive identification string from 212.192.246.174 port 35492","@timestamp":"2022-09-17T23:48:33.992Z"}
{"@timestamp":"2022-09-17T23:50:10.437Z","@version":"1","message":"Sep 17 23:50:09 honeypot-sgp-1 sshd[29424]: Received disconnect from 167.172.112.115 port 55554:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:51:06 honeypot-ams-1 sshd[2978]: Disconnected from authenticating user root 124.221.41.109 port 55476 [preauth]","@timestamp":"2022-09-17T23:51:07.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:53:21 honeypot-fra-1 sshd[26309]: Received disconnect from 165.22.45.108 port 55030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:53:21.985Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T23:54:28.534Z","@version":"1","message":"Sep 17 23:54:28 honeypot-sgp-1 sshd[29428]: Disconnected from authenticating user root 185.143.45.73 port 44428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:54:54 honeypot-ams-1 sshd[2985]: Disconnected from authenticating user root 124.221.41.109 port 48632 [preauth]","@timestamp":"2022-09-17T23:54:55.164Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:57:22 honeypot-fra-1 sshd[26313]: Disconnected from authenticating user root 112.28.209.251 port 52788 [preauth]","@timestamp":"2022-09-17T23:57:23.077Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:57:26 honeypot-ams-1 sshd[2991]: Received disconnect from 124.221.41.109 port 34622:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:57:26.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:59:57 honeypot-ams-1 sshd[2995]: Disconnected from authenticating user root 124.221.41.109 port 48818 [preauth]","@timestamp":"2022-09-17T23:59:57.311Z"}
{"@timestamp":"2022-09-18T00:00:30.675Z","@version":"1","message":"Sep 18 00:00:30 honeypot-sgp-1 sshd[29433]: Connection closed by authenticating user root 103.188.176.251 port 59616 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:01:58 honeypot-fra-1 sshd[26320]: Received disconnect from 157.230.81.123 port 46058:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:01:59.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:03:45 honeypot-ams-1 sshd[3002]: Received disconnect from 124.221.41.109 port 41830:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:03:46.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:04:11 honeypot-fra-1 kernel: [84333860.433742] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=44512 PROTO=TCP SPT=61001 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:04:12.233Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:06:16 honeypot-ams-1 sshd[3007]: Disconnected from authenticating user root 124.221.41.109 port 55940 [preauth]","@timestamp":"2022-09-18T00:06:16.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:08:44 honeypot-ams-1 sshd[3013]: Disconnected from authenticating user root 124.221.41.109 port 41782 [preauth]","@timestamp":"2022-09-18T00:08:44.562Z"}
{"@timestamp":"2022-09-18T00:08:49.870Z","@version":"1","message":"Sep 18 00:08:49 honeypot-sgp-1 sshd[29438]: Invalid user protect from 138.68.189.163 port 39754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:10:44 honeypot-fra-1 sshd[26330]: Invalid user user from 92.255.85.69 port 42744","@timestamp":"2022-09-18T00:10:45.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:11:13 honeypot-ams-1 sshd[3020]: Disconnected from authenticating user root 124.221.41.109 port 55770 [preauth]","@timestamp":"2022-09-18T00:11:14.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:12:28 honeypot-fra-1 sshd[26334]: Received disconnect from 111.95.141.34 port 56344:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:12:28.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:13:13.974Z","@version":"1","message":"Sep 18 00:13:13 honeypot-sgp-1 kernel: [84336096.798361] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.14 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57428 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:13:42 honeypot-ams-1 sshd[3026]: Received disconnect from 124.221.41.109 port 41448:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:13:42.700Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:13:57 honeypot-fra-1 sshd[26338]: Connection closed by invalid user default 179.60.147.69 port 51208 [preauth]","@timestamp":"2022-09-18T00:13:58.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26376]: Invalid user testuser from 139.59.152.202 port 34816","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26348]: Invalid user steam from 139.59.152.202 port 34754","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26347]: Connection closed by invalid user chia 139.59.152.202 port 34752 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26349]: Connection closed by invalid user oracle 139.59.152.202 port 34758 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26342]: Connection closed by authenticating user root 139.59.152.202 port 34626 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26354]: Connection closed by invalid user oracle 139.59.152.202 port 34768 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26368]: Connection closed by authenticating user root 139.59.152.202 port 34804 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26359]: Connection closed by invalid user deploy 139.59.152.202 port 34784 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:30 honeypot-fra-1 sshd[26401]: Received disconnect from 113.193.191.132 port 43159:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:14:30.503Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:15:00 honeypot-ams-1 kernel: [84336680.837300] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.89.243.168 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=10086 PROTO=TCP SPT=59841 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:15:00.740Z"}
{"@timestamp":"2022-09-18T00:15:14.024Z","@version":"1","message":"Sep 18 00:15:13 honeypot-sgp-1 sshd[29443]: Disconnected from invalid user user 92.255.85.70 port 49390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:16:40 honeypot-ams-1 kernel: [84336780.798088] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=43213 PROTO=TCP SPT=59071 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:16:40.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:17:01 honeypot-fra-1 CRON[26406]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T00:17:01.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:18:37 honeypot-ams-1 sshd[3041]: Received disconnect from 124.221.41.109 port 40678:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:18:37.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:21:04 honeypot-ams-1 sshd[3045]: Disconnected from authenticating user root 124.221.41.109 port 54348 [preauth]","@timestamp":"2022-09-18T00:21:04.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:24:44 honeypot-ams-1 sshd[3052]: Received disconnect from 124.221.41.109 port 46590:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:24:45.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:27:08 honeypot-ams-1 sshd[3056]: Disconnected from authenticating user root 124.221.41.109 port 60196 [preauth]","@timestamp":"2022-09-18T00:27:09.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:28:27 honeypot-fra-1 kernel: [84335316.690308] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=57470 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:28:27.823Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:30:28 honeypot-ams-1 sshd[3063]: Invalid user thumvass from 137.116.144.39 port 59412","@timestamp":"2022-09-18T00:30:29.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:33:15 honeypot-ams-1 sshd[3070]: Received disconnect from 124.221.41.109 port 37610:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:33:16.266Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:35:57 honeypot-ams-1 sshd[3076]: Received disconnect from 186.103.169.12 port 43058:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:35:57.341Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:37:01 honeypot-ams-1 kernel: [84338001.236042] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.17.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=56393 PROTO=TCP SPT=45832 DPT=80 WINDOW=59736 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:37:01.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:40:29 honeypot-ams-1 sshd[3087]: Disconnected from authenticating user root 124.221.41.109 port 49816 [preauth]","@timestamp":"2022-09-18T00:40:29.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:44:06 honeypot-ams-1 sshd[3093]: Disconnected from authenticating user root 124.221.41.109 port 41706 [preauth]","@timestamp":"2022-09-18T00:44:06.574Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:46:15 honeypot-fra-1 sshd[26416]: Received disconnect from 46.101.141.33 port 34766:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:46:15.226Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:46:17.757Z","@version":"1","message":"Sep 18 00:46:16 honeypot-sgp-1 sshd[29450]: Received disconnect from 165.232.158.187 port 46984:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:47:13 honeypot-ams-1 sshd[3100]: Disconnected from authenticating user root 201.48.4.15 port 59934 [preauth]","@timestamp":"2022-09-18T00:47:14.655Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:48:08 honeypot-ams-1 kernel: [84338669.128574] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=33376 PROTO=TCP SPT=59071 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:48:09.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:49:20 honeypot-ams-1 sshd[3108]: Received disconnect from 113.161.79.231 port 40510:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:49:20.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:52:30 honeypot-ams-1 sshd[3115]: Received disconnect from 124.221.41.109 port 60246:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:52:30.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:53:43 honeypot-ams-1 sshd[3119]: Disconnected from authenticating user root 124.221.41.109 port 38682 [preauth]","@timestamp":"2022-09-18T00:53:43.843Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:54:31 honeypot-fra-1 sshd[26421]: Received disconnect from 92.255.85.70 port 38328:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:54:32.413Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:55:22.975Z","@version":"1","message":"Sep 18 00:55:22 honeypot-sgp-1 sshd[29455]: Disconnected from invalid user mysql 92.255.85.69 port 51946 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:55:59 honeypot-ams-1 kernel: [84339139.417069] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.44.108.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=53285 PROTO=TCP SPT=18890 DPT=80 WINDOW=31111 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:55:59.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:57:01 honeypot-fra-1 CRON[26427]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T00:57:01.474Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:57:14 honeypot-ams-1 sshd[3131]: Disconnected from authenticating user root 124.221.41.109 port 58626 [preauth]","@timestamp":"2022-09-18T00:57:14.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:00:50 honeypot-ams-1 sshd[3138]: Disconnected from authenticating user root 124.221.41.109 port 50234 [preauth]","@timestamp":"2022-09-18T01:00:51.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:02:52 honeypot-ams-1 sshd[3145]: Received disconnect from 210.4.123.219 port 58353:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:02:53.110Z"}
{"@timestamp":"2022-09-18T01:03:25.164Z","@version":"1","message":"Sep 18 01:03:24 honeypot-sgp-1 kernel: [84339107.982759] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.167 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=50649 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:04:09 honeypot-ams-1 sshd[3149]: Disconnected from invalid user mysql 92.255.85.69 port 41486 [preauth]","@timestamp":"2022-09-18T01:04:10.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:05:33 honeypot-ams-1 sshd[3155]: Received disconnect from 124.221.41.109 port 48330:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:05:34.190Z"}
{"@timestamp":"2022-09-18T01:07:06.251Z","@version":"1","message":"Sep 18 01:07:05 honeypot-sgp-1 sshd[29463]: Received disconnect from 205.185.123.128 port 59884:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:07:54 honeypot-ams-1 sshd[3160]: Disconnected from authenticating user root 124.221.41.109 port 33206 [preauth]","@timestamp":"2022-09-18T01:07:54.257Z"}
{"@timestamp":"2022-09-18T01:08:21.281Z","@version":"1","message":"Sep 18 01:08:20 honeypot-sgp-1 sshd[29468]: Disconnected from authenticating user root 113.200.60.74 port 60115 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:09:04 honeypot-ams-1 sshd[3164]: Received disconnect from 124.221.41.109 port 39748:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:09:05.293Z"}
{"@timestamp":"2022-09-18T01:09:18.305Z","@version":"1","message":"Sep 18 01:09:18 honeypot-sgp-1 sshd[29472]: Disconnected from invalid user kw 139.59.189.130 port 47648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:10:38.339Z","@version":"1","message":"Sep 18 01:10:38 honeypot-sgp-1 sshd[29476]: Did not receive identification string from 152.32.142.133 port 44932","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:11:25 honeypot-ams-1 sshd[3168]: Disconnected from authenticating user root 124.221.41.109 port 52798 [preauth]","@timestamp":"2022-09-18T01:11:26.358Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:11:27 honeypot-fra-1 sshd[26433]: Did not receive identification string from 137.220.228.81 port 52492","@timestamp":"2022-09-18T01:11:27.801Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T01:13:28.407Z","@version":"1","message":"Sep 18 01:13:27 honeypot-sgp-1 sshd[29484]: Received disconnect from 147.182.184.139 port 35782:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:14:31 honeypot-ams-1 kernel: [84340251.814052] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=10490 PROTO=TCP SPT=33371 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:14:32.464Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:42 honeypot-ams-1 sshd[3178]: Disconnected from invalid user user 45.61.186.49 port 43424 [preauth]","@timestamp":"2022-09-18T01:14:43.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:54 honeypot-ams-1 sshd[3184]: Disconnected from invalid user user 45.61.186.49 port 55218 [preauth]","@timestamp":"2022-09-18T01:14:55.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:15:00 honeypot-fra-1 sshd[26440]: Disconnected from invalid user gioia 34.229.206.8 port 60030 [preauth]","@timestamp":"2022-09-18T01:15:00.883Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:17:01 honeypot-ams-1 CRON[3189]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T01:17:01.532Z"}
{"@timestamp":"2022-09-18T01:17:02.491Z","@version":"1","message":"Sep 18 01:17:01 honeypot-sgp-1 CRON[29490]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:17:24 honeypot-fra-1 sshd[26447]: Connection closed by 192.241.219.118 port 57850 [preauth]","@timestamp":"2022-09-18T01:17:24.943Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:19:34 honeypot-ams-1 sshd[3199]: Received disconnect from 124.221.41.109 port 41856:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:19:35.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:21:13 honeypot-fra-1 kernel: [84338482.141417] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.183.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=36467 PROTO=TCP SPT=26398 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 ","@timestamp":"2022-09-18T01:21:14.033Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:21:55 honeypot-ams-1 sshd[3203]: Received disconnect from 124.221.41.109 port 54822:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:21:55.675Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:24:25 honeypot-ams-1 kernel: [84340845.575451] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=55071 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:24:25.744Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:27:20 honeypot-ams-1 kernel: [84341020.748653] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.221.157.87 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=52011 PROTO=TCP SPT=42522 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:27:20.824Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:28:48 honeypot-ams-1 kernel: [84341108.394632] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.169.168.147 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=17376 PROTO=TCP SPT=40336 DPT=3389 WINDOW=2048 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:28:48.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:31:09 honeypot-ams-1 sshd[3223]: Received disconnect from 124.221.41.109 port 49890:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:31:09.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:34:36 honeypot-ams-1 sshd[3229]: Received disconnect from 124.221.41.109 port 40896:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:34:37.025Z"}
{"@timestamp":"2022-09-18T01:35:39.922Z","@version":"1","message":"Sep 18 01:35:39 honeypot-sgp-1 kernel: [84341043.003173] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=245 ID=50545 PROTO=TCP SPT=6265 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:41 honeypot-ams-1 sshd[3237]: Invalid user admin from 143.198.135.228 port 45656","@timestamp":"2022-09-18T01:35:42.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:36:53 honeypot-ams-1 sshd[3242]: Received disconnect from 124.221.41.109 port 53698:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:36:54.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:38:02 honeypot-ams-1 sshd[3248]: Disconnected from invalid user tickets 137.184.50.19 port 39486 [preauth]","@timestamp":"2022-09-18T01:38:03.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:38:08 honeypot-fra-1 sshd[26456]: Received disconnect from 92.255.85.70 port 58062:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:38:08.411Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:39:11 honeypot-ams-1 sshd[3252]: Disconnected from authenticating user root 124.221.41.109 port 38254 [preauth]","@timestamp":"2022-09-18T01:39:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:41:29 honeypot-ams-1 sshd[3256]: Disconnected from authenticating user root 124.221.41.109 port 51018 [preauth]","@timestamp":"2022-09-18T01:41:30.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:44:55 honeypot-ams-1 sshd[3263]: Received disconnect from 124.221.41.109 port 41858:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:44:56.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:47:10 honeypot-ams-1 sshd[3267]: Disconnected from authenticating user root 124.221.41.109 port 54546 [preauth]","@timestamp":"2022-09-18T01:47:10.383Z"}
{"@timestamp":"2022-09-18T01:48:39.241Z","@version":"1","message":"Sep 18 01:48:38 honeypot-sgp-1 sshd[29503]: Disconnected from invalid user admin 92.255.85.70 port 36190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:50:34 honeypot-ams-1 sshd[3274]: Disconnected from authenticating user root 124.221.41.109 port 45274 [preauth]","@timestamp":"2022-09-18T01:50:35.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:52:50 honeypot-ams-1 sshd[3278]: Disconnected from authenticating user root 124.221.41.109 port 57874 [preauth]","@timestamp":"2022-09-18T01:52:50.544Z"}
{"@timestamp":"2022-09-18T01:54:59.390Z","@version":"1","message":"Sep 18 01:54:58 honeypot-sgp-1 kernel: [84342202.099622] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=113.116.246.210 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=41212 DF PROTO=TCP SPT=46095 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:56:14 honeypot-ams-1 sshd[3285]: Received disconnect from 124.221.41.109 port 48488:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:56:15.641Z"}
{"@timestamp":"2022-09-18T01:58:19.472Z","@version":"1","message":"Sep 18 01:58:18 honeypot-sgp-1 kernel: [84342402.457300] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=147.182.199.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=51593 PROTO=TCP SPT=46231 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:58:30 honeypot-ams-1 sshd[3291]: Received disconnect from 124.221.41.109 port 32796:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:58:30.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:09 honeypot-fra-1 sshd[26463]: Invalid user user from 45.61.186.49 port 46686","@timestamp":"2022-09-18T02:00:09.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:13 honeypot-fra-1 sshd[26466]: Disconnected from invalid user user 45.61.186.49 port 52372 [preauth]","@timestamp":"2022-09-18T02:00:14.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:23 honeypot-fra-1 sshd[26470]: Disconnected from invalid user user 45.61.186.49 port 35500 [preauth]","@timestamp":"2022-09-18T02:00:23.916Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:00:44 honeypot-ams-1 sshd[3296]: Disconnected from authenticating user root 124.221.41.109 port 45314 [preauth]","@timestamp":"2022-09-18T02:00:44.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:03:17 honeypot-fra-1 sshd[26478]: Invalid user admin from 193.106.191.157 port 44968","@timestamp":"2022-09-18T02:03:17.989Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:04:07 honeypot-ams-1 sshd[3303]: Received disconnect from 124.221.41.109 port 35810:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:04:07.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:06:19 honeypot-ams-1 sshd[3310]: Received disconnect from 124.221.41.109 port 48262:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:06:19.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:08:34 honeypot-ams-1 sshd[3314]: Disconnected from authenticating user root 124.221.41.109 port 60694 [preauth]","@timestamp":"2022-09-18T02:08:34.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:08:52 honeypot-fra-1 kernel: [84341341.356434] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.128 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=27760 PROTO=TCP SPT=46874 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:08:53.118Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T02:08:59.726Z","@version":"1","message":"Sep 18 02:08:59 honeypot-sgp-1 kernel: [84343043.178734] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=48442 DF PROTO=TCP SPT=62510 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:11:23 honeypot-ams-1 sshd[3321]: Invalid user gpadmin from 147.182.184.139 port 34342","@timestamp":"2022-09-18T02:11:24.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:12:33 honeypot-fra-1 sshd[26491]: Disconnected from authenticating user root 24.135.138.224 port 59550 [preauth]","@timestamp":"2022-09-18T02:12:33.204Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:13:00 honeypot-ams-1 sshd[3325]: Received disconnect from 124.221.41.109 port 57244:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:13:01.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:14:18 honeypot-ams-1 sshd[3331]: Invalid user vnstat from 31.47.192.98 port 46218","@timestamp":"2022-09-18T02:14:18.162Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:15:25 honeypot-fra-1 sshd[26495]: Disconnected from authenticating user root 157.230.218.88 port 41306 [preauth]","@timestamp":"2022-09-18T02:15:26.275Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:16:18 honeypot-ams-1 sshd[3336]: Received disconnect from 124.221.41.109 port 47544:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:16:19.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:17:01 honeypot-ams-1 CRON[3340]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T02:17:01.241Z"}
{"@timestamp":"2022-09-18T02:17:02.916Z","@version":"1","message":"Sep 18 02:17:01 honeypot-sgp-1 CRON[29515]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:28 honeypot-ams-1 sshd[3347]: Disconnecting authenticating user root 124.79.243.92 port 19367: Too many authentication failures [preauth]","@timestamp":"2022-09-18T02:18:28.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:34 honeypot-ams-1 sshd[3353]: error: maximum authentication attempts exceeded for invalid user admin from 124.79.243.92 port 21911 ssh2 [preauth]","@timestamp":"2022-09-18T02:18:35.287Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:40 honeypot-ams-1 sshd[3357]: Received disconnect from 124.79.243.92 port 23290:11: disconnected by user [preauth]","@timestamp":"2022-09-18T02:18:41.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:46 honeypot-ams-1 sshd[3361]: error: maximum authentication attempts exceeded for invalid user oracle from 124.79.243.92 port 24564 ssh2 [preauth]","@timestamp":"2022-09-18T02:18:47.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:19:38 honeypot-ams-1 sshd[3367]: Received disconnect from 124.221.41.109 port 37812:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:19:39.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:20:50 honeypot-ams-1 sshd[3372]: Disconnected from invalid user abc 139.59.248.243 port 55366 [preauth]","@timestamp":"2022-09-18T02:20:51.371Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:21:54 honeypot-fra-1 sshd[26502]: Invalid user user from 45.61.186.249 port 58758","@timestamp":"2022-09-18T02:21:55.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:13 honeypot-fra-1 sshd[26506]: Invalid user user from 45.61.186.249 port 53532","@timestamp":"2022-09-18T02:22:14.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:31 honeypot-fra-1 sshd[26510]: Invalid user user from 45.61.186.249 port 48356","@timestamp":"2022-09-18T02:22:32.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:49 honeypot-fra-1 sshd[26514]: Invalid user user from 45.61.186.249 port 43068","@timestamp":"2022-09-18T02:22:50.458Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:23:51 honeypot-ams-1 sshd[3378]: Connection closed by 167.94.146.58 port 53272 [preauth]","@timestamp":"2022-09-18T02:23:52.453Z"}
{"@timestamp":"2022-09-18T02:24:53.101Z","@version":"1","message":"Sep 18 02:24:52 honeypot-sgp-1 sshd[29522]: Disconnected from 206.81.0.243 port 38438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:25:27 honeypot-ams-1 kernel: [84344507.773020] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.25.67.180 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=33425 PROTO=TCP SPT=47889 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:25:28.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:27:21 honeypot-ams-1 sshd[3387]: Received disconnect from 124.221.41.109 port 52586:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:27:22.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:30:37 honeypot-ams-1 sshd[3393]: Received disconnect from 124.221.41.109 port 42652:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:30:38.768Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:32:10 honeypot-fra-1 sshd[26518]: Received disconnect from 179.43.156.143 port 43794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:32:10.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:32:49 honeypot-ams-1 sshd[3398]: Received disconnect from 124.221.41.109 port 54814:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:32:49.831Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:33:55 honeypot-fra-1 sshd[26524]: Received disconnect from 179.43.156.143 port 35964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:33:55.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:34:30 honeypot-fra-1 sshd[26528]: Disconnected from authenticating user root 179.43.156.143 port 33362 [preauth]","@timestamp":"2022-09-18T02:34:31.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:34:58 honeypot-ams-1 sshd[3402]: Disconnected from authenticating user root 124.221.41.109 port 38706 [preauth]","@timestamp":"2022-09-18T02:34:59.895Z"}
{"@timestamp":"2022-09-18T02:35:00.340Z","@version":"1","message":"Sep 18 02:35:00 honeypot-sgp-1 sshd[29525]: Disconnected from invalid user ramesh 104.248.155.120 port 51620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:36:05 honeypot-ams-1 sshd[3406]: Disconnected from authenticating user root 124.221.41.109 port 44754 [preauth]","@timestamp":"2022-09-18T02:36:05.928Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:36:15 honeypot-fra-1 sshd[26535]: Invalid user ossuser from 179.43.156.143 port 53788","@timestamp":"2022-09-18T02:36:15.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:37:25 honeypot-fra-1 sshd[26539]: Invalid user esunny from 179.43.156.143 port 48608","@timestamp":"2022-09-18T02:37:25.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:38:10 honeypot-ams-1 sshd[3415]: Received disconnect from 165.227.160.124 port 43698:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:38:10.986Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:38:38 honeypot-fra-1 sshd[26543]: Received disconnect from 179.43.156.143 port 43408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:38:38.864Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:17 honeypot-ams-1 sshd[3420]: Received disconnect from 124.221.41.109 port 34622:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:18.020Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:33 honeypot-fra-1 sshd[26550]: Invalid user linda from 165.22.45.108 port 37832","@timestamp":"2022-09-18T02:39:33.887Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:45 honeypot-ams-1 sshd[3426]: Invalid user ubnt from 84.122.178.78 port 34792","@timestamp":"2022-09-18T02:39:46.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:46 honeypot-ams-1 sshd[3430]: Disconnected from authenticating user root 84.122.178.78 port 34850 [preauth]","@timestamp":"2022-09-18T02:39:47.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:48 honeypot-ams-1 sshd[3436]: Disconnected from authenticating user root 84.122.178.78 port 34916 [preauth]","@timestamp":"2022-09-18T02:39:49.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:49 honeypot-ams-1 sshd[3442]: Disconnected from authenticating user root 84.122.178.78 port 35002 [preauth]","@timestamp":"2022-09-18T02:39:50.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:50 honeypot-ams-1 sshd[3448]: Disconnected from authenticating user root 84.122.178.78 port 35058 [preauth]","@timestamp":"2022-09-18T02:39:51.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:52 honeypot-ams-1 sshd[3454]: Disconnected from authenticating user root 84.122.178.78 port 35110 [preauth]","@timestamp":"2022-09-18T02:39:53.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:53 honeypot-ams-1 sshd[3460]: Disconnected from authenticating user root 84.122.178.78 port 35166 [preauth]","@timestamp":"2022-09-18T02:39:54.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:54 honeypot-ams-1 sshd[3466]: Disconnected from authenticating user root 84.122.178.78 port 35206 [preauth]","@timestamp":"2022-09-18T02:39:55.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:55 honeypot-ams-1 sshd[3472]: Disconnected from authenticating user root 84.122.178.78 port 35438 [preauth]","@timestamp":"2022-09-18T02:39:56.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:57 honeypot-ams-1 sshd[3478]: Disconnected from authenticating user root 84.122.178.78 port 35522 [preauth]","@timestamp":"2022-09-18T02:39:58.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:58 honeypot-ams-1 sshd[3484]: Disconnected from authenticating user root 84.122.178.78 port 35622 [preauth]","@timestamp":"2022-09-18T02:39:59.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:59 honeypot-ams-1 sshd[3490]: Disconnected from authenticating user root 84.122.178.78 port 35700 [preauth]","@timestamp":"2022-09-18T02:40:00.046Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:40:00 honeypot-fra-1 kernel: [84343208.659286] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.95.209 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58325 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:40:00.900Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:01 honeypot-ams-1 sshd[3496]: Invalid user admin from 84.122.178.78 port 35780","@timestamp":"2022-09-18T02:40:02.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:02 honeypot-ams-1 sshd[3500]: Invalid user admin from 84.122.178.78 port 35806","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:02 honeypot-ams-1 sshd[3504]: Invalid user admin from 84.122.178.78 port 35852","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:03 honeypot-ams-1 sshd[3508]: Invalid user admin from 84.122.178.78 port 35882","@timestamp":"2022-09-18T02:40:04.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:04 honeypot-ams-1 sshd[3512]: Invalid user admin from 84.122.178.78 port 35916","@timestamp":"2022-09-18T02:40:05.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:05 honeypot-ams-1 sshd[3516]: Received disconnect from 84.122.178.78 port 36130:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:06.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:06 honeypot-ams-1 sshd[3520]: Disconnected from invalid user pi 84.122.178.78 port 36214 [preauth]","@timestamp":"2022-09-18T02:40:07.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:07 honeypot-ams-1 sshd[3524]: Disconnected from invalid user user 84.122.178.78 port 36250 [preauth]","@timestamp":"2022-09-18T02:40:08.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:08 honeypot-ams-1 sshd[3528]: Disconnected from invalid user mine 84.122.178.78 port 36326 [preauth]","@timestamp":"2022-09-18T02:40:09.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:09 honeypot-ams-1 sshd[3532]: Disconnected from invalid user xbmc 84.122.178.78 port 36400 [preauth]","@timestamp":"2022-09-18T02:40:10.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:10 honeypot-ams-1 sshd[3536]: Disconnected from invalid user oracle 84.122.178.78 port 36446 [preauth]","@timestamp":"2022-09-18T02:40:10.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:10 honeypot-ams-1 sshd[3540]: Disconnected from invalid user postgres 84.122.178.78 port 36482 [preauth]","@timestamp":"2022-09-18T02:40:11.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:11 honeypot-ams-1 sshd[3544]: Disconnected from invalid user support 84.122.178.78 port 36536 [preauth]","@timestamp":"2022-09-18T02:40:12.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:12 honeypot-ams-1 sshd[3548]: Disconnected from invalid user ubuntu 84.122.178.78 port 36580 [preauth]","@timestamp":"2022-09-18T02:40:13.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:13 honeypot-ams-1 sshd[3552]: Disconnected from invalid user ubuntu 84.122.178.78 port 36624 [preauth]","@timestamp":"2022-09-18T02:40:14.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:14 honeypot-ams-1 sshd[3556]: Disconnected from invalid user guest 84.122.178.78 port 36652 [preauth]","@timestamp":"2022-09-18T02:40:15.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3560]: Disconnected from invalid user cirros 84.122.178.78 port 36834 [preauth]","@timestamp":"2022-09-18T02:40:16.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:41 honeypot-ams-1 sshd[3566]: Invalid user admin from 188.166.153.99 port 51362","@timestamp":"2022-09-18T02:40:41.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:41:03 honeypot-fra-1 sshd[26557]: Disconnected from invalid user vagrant 179.43.156.143 port 33042 [preauth]","@timestamp":"2022-09-18T02:41:03.925Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:41:12 honeypot-ams-1 sshd[3569]: Disconnected from invalid user tester 222.252.243.104 port 58541 [preauth]","@timestamp":"2022-09-18T02:41:13.089Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:42:20 honeypot-fra-1 sshd[26563]: Invalid user drcomadmin from 179.43.156.143 port 56034","@timestamp":"2022-09-18T02:42:20.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:21 honeypot-ams-1 sshd[3575]: Disconnected from authenticating user root 18.179.32.110 port 7789 [preauth]","@timestamp":"2022-09-18T02:42:22.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:27 honeypot-ams-1 sshd[3581]: Received disconnect from 18.179.32.110 port 1657:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:28.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:32 honeypot-ams-1 sshd[3589]: Received disconnect from 18.179.32.110 port 32557:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:33.130Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:36 honeypot-ams-1 sshd[3593]: Received disconnect from 18.179.32.110 port 2745:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:37.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:42 honeypot-ams-1 sshd[3599]: Received disconnect from 18.179.32.110 port 25581:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:43.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:48 honeypot-ams-1 sshd[3605]: Received disconnect from 18.179.32.110 port 10389:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:48.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:53 honeypot-ams-1 sshd[3611]: Received disconnect from 18.179.32.110 port 20273:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:54.144Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:59 honeypot-ams-1 sshd[3617]: Received disconnect from 18.179.32.110 port 31567:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:00.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:04 honeypot-ams-1 sshd[3623]: Received disconnect from 18.179.32.110 port 25121:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:05.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:10 honeypot-ams-1 sshd[3629]: Received disconnect from 18.179.32.110 port 26593:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:16 honeypot-ams-1 sshd[3635]: Received disconnect from 18.179.32.110 port 32173:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:17.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:21 honeypot-ams-1 sshd[3641]: Received disconnect from 18.179.32.110 port 17717:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:22.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:27 honeypot-ams-1 sshd[3647]: Received disconnect from 18.179.32.110 port 27925:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:28.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:31 honeypot-ams-1 sshd[3651]: Received disconnect from 18.179.32.110 port 16547:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:32.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:43:33 honeypot-fra-1 kernel: [84343422.541500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.123 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50862 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:43:33.990Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:35 honeypot-ams-1 sshd[3655]: Received disconnect from 18.179.32.110 port 15969:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:36.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:39 honeypot-ams-1 sshd[3661]: Received disconnect from 18.179.32.110 port 24905:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:40.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:41 honeypot-ams-1 sshd[3663]: Disconnected from invalid user admin 18.179.32.110 port 24233 [preauth]","@timestamp":"2022-09-18T02:43:41.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:45 honeypot-ams-1 sshd[3667]: Disconnected from invalid user admin 18.179.32.110 port 3053 [preauth]","@timestamp":"2022-09-18T02:43:45.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:48 honeypot-ams-1 sshd[3671]: Disconnected from invalid user user 18.179.32.110 port 25889 [preauth]","@timestamp":"2022-09-18T02:43:49.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:54 honeypot-ams-1 sshd[3677]: Received disconnect from 18.179.32.110 port 32547:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:55.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:58 honeypot-ams-1 sshd[3681]: Received disconnect from 18.179.32.110 port 13065:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:59.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:01 honeypot-ams-1 sshd[3685]: Received disconnect from 18.179.32.110 port 20229:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:02.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:05 honeypot-ams-1 sshd[3689]: Received disconnect from 18.179.32.110 port 13279:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:06.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:09 honeypot-ams-1 sshd[3693]: Received disconnect from 18.179.32.110 port 22985:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:10.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:13 honeypot-ams-1 sshd[3697]: Received disconnect from 18.179.32.110 port 11019:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:14.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:17 honeypot-ams-1 sshd[3701]: Received disconnect from 18.179.32.110 port 23899:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:18.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:21 honeypot-ams-1 sshd[3705]: Received disconnect from 18.179.32.110 port 16681:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:21.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:24 honeypot-ams-1 sshd[3709]: Received disconnect from 18.179.32.110 port 5185:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:25.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:28 honeypot-ams-1 sshd[3713]: Received disconnect from 18.179.32.110 port 13529:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:29.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:32 honeypot-ams-1 sshd[3717]: Received disconnect from 18.179.32.110 port 23235:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:33.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:43 honeypot-ams-1 sshd[3721]: Disconnected from authenticating user root 124.221.41.109 port 36398 [preauth]","@timestamp":"2022-09-18T02:44:44.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:44:54 honeypot-fra-1 sshd[26571]: Received disconnect from 179.43.156.143 port 45604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:44:55.025Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:45:33 honeypot-fra-1 sshd[26575]: Disconnected from authenticating user root 179.43.156.143 port 43016 [preauth]","@timestamp":"2022-09-18T02:45:34.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:15 honeypot-fra-1 sshd[26582]: Received disconnect from 179.43.156.143 port 40408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:46:16.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:47:40 honeypot-fra-1 sshd[26588]: Invalid user centos from 179.43.156.143 port 35202","@timestamp":"2022-09-18T02:47:41.096Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:47:54 honeypot-ams-1 sshd[3728]: Received disconnect from 124.221.41.109 port 54294:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:47:55.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:48:22 honeypot-fra-1 sshd[26592]: Received disconnect from 179.43.156.143 port 60828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:48:23.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:48:23.654Z","@version":"1","message":"Sep 18 02:48:22 honeypot-sgp-1 sshd[29551]: Disconnected from authenticating user root 92.255.85.69 port 43756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:49:16 honeypot-fra-1 sshd[26594]: Connection closed by invalid user admin 193.106.191.157 port 47340 [preauth]","@timestamp":"2022-09-18T02:49:17.139Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:50:05 honeypot-ams-1 sshd[3734]: Bad protocol version identification '\\026\\003\\001' from 156.251.172.207 port 53336","@timestamp":"2022-09-18T02:50:06.366Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:50:43 honeypot-fra-1 sshd[26602]: Disconnected from authenticating user root 121.136.39.210 port 50960 [preauth]","@timestamp":"2022-09-18T02:50:44.175Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:33 honeypot-fra-1 sshd[26607]: Received disconnect from 118.70.170.120 port 58466:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:51:34.199Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:52:11 honeypot-ams-1 sshd[4182]: Received disconnect from 124.221.41.109 port 49836:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:52:11.425Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:52:31 honeypot-fra-1 sshd[26611]: Received disconnect from 179.43.156.143 port 45222:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:52:32.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:53:11 honeypot-fra-1 sshd[26615]: Disconnected from authenticating user root 179.43.156.143 port 42650 [preauth]","@timestamp":"2022-09-18T02:53:11.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:55:08 honeypot-fra-1 sshd[26621]: Received disconnect from 179.43.156.143 port 34838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:55:09.291Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:55:23 honeypot-ams-1 sshd[4189]: Received disconnect from 124.221.41.109 port 39350:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:55:24.513Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:56:48 honeypot-ams-1 kernel: [84346388.599572] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.72.105 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26756 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:56:48.554Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:57:06 honeypot-fra-1 sshd[26628]: Invalid user sysgames from 179.43.156.143 port 55264","@timestamp":"2022-09-18T02:57:07.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:57:45 honeypot-fra-1 sshd[26630]: Disconnected from invalid user prasad 179.43.156.143 port 52672 [preauth]","@timestamp":"2022-09-18T02:57:45.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:58:23 honeypot-fra-1 sshd[26634]: Disconnected from authenticating user root 179.43.156.143 port 50074 [preauth]","@timestamp":"2022-09-18T02:58:24.373Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:59:22 honeypot-ams-1 kernel: [84346542.216535] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52593 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:59:22.627Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:01:42 honeypot-ams-1 sshd[4202]: Received disconnect from 124.221.41.109 port 46388:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:01:42.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:02:25 honeypot-fra-1 sshd[26640]: Disconnected from invalid user devstaff 181.65.186.50 port 56267 [preauth]","@timestamp":"2022-09-18T03:02:25.468Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:02:45 honeypot-ams-1 sshd[4207]: Disconnected from authenticating user root 124.221.41.109 port 52240 [preauth]","@timestamp":"2022-09-18T03:02:45.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:04:50 honeypot-ams-1 sshd[4214]: Received disconnect from 124.221.41.109 port 35700:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:04:51.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:06:57 honeypot-ams-1 sshd[4218]: Disconnected from authenticating user root 124.221.41.109 port 47358 [preauth]","@timestamp":"2022-09-18T03:06:57.847Z"}
{"@timestamp":"2022-09-18T03:07:30.111Z","@version":"1","message":"Sep 18 03:07:29 honeypot-sgp-1 kernel: [84346552.981365] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63043 PROTO=TCP SPT=50441 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:10:04 honeypot-ams-1 sshd[4225]: Received disconnect from 124.221.41.109 port 36556:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:10:04.947Z"}
{"@timestamp":"2022-09-18T03:10:16.182Z","@version":"1","message":"Sep 18 03:10:15 honeypot-sgp-1 kernel: [84346719.162388] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=25196 DF PROTO=TCP SPT=61421 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:11:30 honeypot-fra-1 kernel: [84345098.585188] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=9556 PROTO=TCP SPT=47825 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:11:30.671Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:12:17 honeypot-ams-1 sshd[4231]: Invalid user monitor from 167.71.233.59 port 47412","@timestamp":"2022-09-18T03:12:18.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:13:55 honeypot-ams-1 sshd[4235]: Received disconnect from 43.129.216.151 port 58786:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:13:56.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:16:16 honeypot-ams-1 sshd[4242]: Received disconnect from 124.221.41.109 port 42998:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:16:17.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:17:24 honeypot-ams-1 sshd[4249]: Connection closed by authenticating user nobody 179.60.147.69 port 17226 [preauth]","@timestamp":"2022-09-18T03:17:25.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:19:00 honeypot-fra-1 kernel: [84345549.379968] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54163 PROTO=TCP SPT=51058 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:19:00.855Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:19:44 honeypot-ams-1 kernel: [84347764.529384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.14.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=34270 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:19:45.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:22:29 honeypot-ams-1 sshd[4262]: Received disconnect from 124.221.41.109 port 49184:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:22:30.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:24:33 honeypot-ams-1 sshd[4267]: Disconnected from authenticating user root 124.221.41.109 port 60612 [preauth]","@timestamp":"2022-09-18T03:24:33.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:25:55 honeypot-fra-1 sshd[26656]: Disconnected from authenticating user root 27.115.50.114 port 58981 [preauth]","@timestamp":"2022-09-18T03:25:56.009Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:26:18.568Z","@version":"1","message":"Sep 18 03:26:18 honeypot-sgp-1 sshd[29567]: Invalid user josh from 162.241.222.29 port 58404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:26:48 honeypot-ams-1 kernel: [84348188.854651] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.250.201.87 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=38495 PROTO=TCP SPT=9038 DPT=443 WINDOW=27406 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:26:49.422Z"}
{"@timestamp":"2022-09-18T03:29:24.644Z","@version":"1","message":"Sep 18 03:29:24 honeypot-sgp-1 sshd[29572]: Received disconnect from 46.105.29.159 port 60290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:29:37 honeypot-ams-1 sshd[4278]: Disconnected from authenticating user root 124.221.41.109 port 60804 [preauth]","@timestamp":"2022-09-18T03:29:38.498Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:30:37 honeypot-fra-1 sshd[26659]: Invalid user 1234 from 92.255.85.70 port 57960","@timestamp":"2022-09-18T03:30:38.118Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:31:11.688Z","@version":"1","message":"Sep 18 03:31:11 honeypot-sgp-1 sshd[29576]: Received disconnect from 124.156.216.31 port 37110:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:32:41 honeypot-ams-1 sshd[4284]: Disconnected from authenticating user root 124.221.41.109 port 49528 [preauth]","@timestamp":"2022-09-18T03:32:41.580Z"}
{"@timestamp":"2022-09-18T03:32:54.731Z","@version":"1","message":"Sep 18 03:32:53 honeypot-sgp-1 sshd[29581]: Disconnected from authenticating user root 124.152.118.194 port 10323 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:06.762Z","@version":"1","message":"Sep 18 03:34:06 honeypot-sgp-1 sshd[29588]: Received disconnect from 103.163.21.24 port 35608:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:07.764Z","@version":"1","message":"Sep 18 03:34:07 honeypot-sgp-1 sshd[29592]: Disconnected from invalid user ubnt 103.163.21.24 port 35650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:09.765Z","@version":"1","message":"Sep 18 03:34:09 honeypot-sgp-1 sshd[29598]: Disconnected from authenticating user root 103.163.21.24 port 35714 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:11.767Z","@version":"1","message":"Sep 18 03:34:11 honeypot-sgp-1 sshd[29604]: Disconnected from authenticating user root 103.163.21.24 port 35776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:13.768Z","@version":"1","message":"Sep 18 03:34:13 honeypot-sgp-1 sshd[29610]: Disconnected from authenticating user root 103.163.21.24 port 35834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:15.769Z","@version":"1","message":"Sep 18 03:34:15 honeypot-sgp-1 sshd[29616]: Disconnected from authenticating user root 103.163.21.24 port 35899 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:17.771Z","@version":"1","message":"Sep 18 03:34:17 honeypot-sgp-1 sshd[29622]: Disconnected from authenticating user root 103.163.21.24 port 35964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:19.772Z","@version":"1","message":"Sep 18 03:34:19 honeypot-sgp-1 sshd[29630]: Disconnected from authenticating user root 103.163.21.24 port 36024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:20.772Z","@version":"1","message":"Sep 18 03:34:20 honeypot-sgp-1 sshd[29634]: Disconnected from authenticating user root 103.163.21.24 port 36066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:22.775Z","@version":"1","message":"Sep 18 03:34:22 honeypot-sgp-1 sshd[29640]: Disconnected from authenticating user root 103.163.21.24 port 36128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:24.776Z","@version":"1","message":"Sep 18 03:34:24 honeypot-sgp-1 sshd[29646]: Disconnected from authenticating user root 103.163.21.24 port 36190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:26.777Z","@version":"1","message":"Sep 18 03:34:26 honeypot-sgp-1 sshd[29652]: Disconnected from authenticating user root 103.163.21.24 port 36255 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:28.779Z","@version":"1","message":"Sep 18 03:34:28 honeypot-sgp-1 sshd[29658]: Disconnected from authenticating user root 103.163.21.24 port 36320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:30.780Z","@version":"1","message":"Sep 18 03:34:29 honeypot-sgp-1 sshd[29664]: Invalid user admin from 103.163.21.24 port 36382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:31.781Z","@version":"1","message":"Sep 18 03:34:31 honeypot-sgp-1 sshd[29668]: Invalid user admin from 103.163.21.24 port 36422","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:32.781Z","@version":"1","message":"Sep 18 03:34:32 honeypot-sgp-1 sshd[29672]: Invalid user admin from 103.163.21.24 port 36467","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:33.782Z","@version":"1","message":"Sep 18 03:34:33 honeypot-sgp-1 sshd[29676]: Invalid user admin from 103.163.21.24 port 36507","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:35.783Z","@version":"1","message":"Sep 18 03:34:34 honeypot-sgp-1 sshd[29680]: Invalid user admin from 103.163.21.24 port 36549","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:36.784Z","@version":"1","message":"Sep 18 03:34:36 honeypot-sgp-1 sshd[29684]: Received disconnect from 103.163.21.24 port 36588:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:37.786Z","@version":"1","message":"Sep 18 03:34:37 honeypot-sgp-1 sshd[29688]: Disconnected from invalid user pi 103.163.21.24 port 36627 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:39.788Z","@version":"1","message":"Sep 18 03:34:38 honeypot-sgp-1 sshd[29692]: Disconnected from invalid user user 103.163.21.24 port 36674 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:40.788Z","@version":"1","message":"Sep 18 03:34:40 honeypot-sgp-1 sshd[29696]: Disconnected from invalid user mine 103.163.21.24 port 36716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:41.789Z","@version":"1","message":"Sep 18 03:34:41 honeypot-sgp-1 sshd[29700]: Disconnected from invalid user xbmc 103.163.21.24 port 36756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:42.790Z","@version":"1","message":"Sep 18 03:34:42 honeypot-sgp-1 sshd[29704]: Disconnected from invalid user oracle 103.163.21.24 port 36797 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:44.791Z","@version":"1","message":"Sep 18 03:34:43 honeypot-sgp-1 sshd[29708]: Disconnected from invalid user postgres 103.163.21.24 port 36844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:45.792Z","@version":"1","message":"Sep 18 03:34:45 honeypot-sgp-1 sshd[29712]: Disconnected from invalid user support 103.163.21.24 port 36887 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:46.792Z","@version":"1","message":"Sep 18 03:34:46 honeypot-sgp-1 sshd[29716]: Disconnected from invalid user ubuntu 103.163.21.24 port 36920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:34:46 honeypot-fra-1 sshd[26663]: Invalid user admin from 52.149.180.228 port 37170","@timestamp":"2022-09-18T03:34:47.213Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:34:47.793Z","@version":"1","message":"Sep 18 03:34:47 honeypot-sgp-1 sshd[29720]: Disconnected from invalid user ubuntu 103.163.21.24 port 36964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:49.794Z","@version":"1","message":"Sep 18 03:34:49 honeypot-sgp-1 sshd[29724]: Disconnected from invalid user guest 103.163.21.24 port 37003 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:50.795Z","@version":"1","message":"Sep 18 03:34:50 honeypot-sgp-1 sshd[29728]: Disconnected from invalid user cirros 103.163.21.24 port 37042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:51.795Z","@version":"1","message":"Sep 18 03:34:51 honeypot-sgp-1 sshd[29732]: Disconnected from invalid user santiago 43.156.32.144 port 60798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:35:43 honeypot-ams-1 sshd[4291]: Received disconnect from 124.221.41.109 port 38202:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:35:43.661Z"}
{"@timestamp":"2022-09-18T03:38:05.874Z","@version":"1","message":"Sep 18 03:38:05 honeypot-sgp-1 sshd[29737]: Disconnected from invalid user centos 52.172.225.142 port 47354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:38:45 honeypot-ams-1 sshd[4297]: Received disconnect from 124.221.41.109 port 55076:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:38:46.744Z"}
{"@timestamp":"2022-09-18T03:39:33.912Z","@version":"1","message":"Sep 18 03:39:33 honeypot-sgp-1 sshd[29741]: Disconnected from invalid user 1234 92.255.85.70 port 31480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:40:22 honeypot-ams-1 sshd[4302]: Disconnected from invalid user 1234 92.255.85.69 port 44312 [preauth]","@timestamp":"2022-09-18T03:40:22.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:42:48 honeypot-ams-1 sshd[4308]: Received disconnect from 124.221.41.109 port 49292:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:42:49.858Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:44:32 honeypot-fra-1 sshd[26667]: Invalid user steam from 103.226.248.146 port 44460","@timestamp":"2022-09-18T03:44:33.432Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:44:49 honeypot-ams-1 sshd[4312]: Disconnected from authenticating user root 124.221.41.109 port 60488 [preauth]","@timestamp":"2022-09-18T03:44:49.911Z"}
{"@timestamp":"2022-09-18T03:45:37.058Z","@version":"1","message":"Sep 18 03:45:36 honeypot-sgp-1 kernel: [84348839.856188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.131.181.99 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=40585 DF PROTO=TCP SPT=42382 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:47:50 honeypot-ams-1 sshd[4319]: Disconnected from authenticating user root 124.221.41.109 port 49024 [preauth]","@timestamp":"2022-09-18T03:47:50.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:50:50 honeypot-ams-1 sshd[4326]: Received disconnect from 124.221.41.109 port 37512:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:50:51.073Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:51:45 honeypot-fra-1 kernel: [84347514.305175] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=3028 PROTO=TCP SPT=52450 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:51:46.598Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:53:35 honeypot-ams-1 sshd[4332]: Invalid user default from 179.60.147.69 port 49100","@timestamp":"2022-09-18T03:53:36.146Z"}
{"@timestamp":"2022-09-18T03:55:17.289Z","@version":"1","message":"Sep 18 03:55:16 honeypot-sgp-1 kernel: [84349420.077003] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.93.129 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56950 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:55:38 honeypot-ams-1 kernel: [84349918.278785] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.197.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53616 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:55:39.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:57:47 honeypot-ams-1 sshd[4343]: Received disconnect from 124.221.41.109 port 48106:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:57:48.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:59:47 honeypot-ams-1 sshd[4347]: Disconnected from authenticating user root 124.221.41.109 port 59156 [preauth]","@timestamp":"2022-09-18T03:59:48.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:00:43 honeypot-fra-1 sshd[26676]: Received disconnect from 92.255.85.70 port 40708:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:00:44.817Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T04:02:38.466Z","@version":"1","message":"Sep 18 04:02:38 honeypot-sgp-1 sshd[29757]: Received disconnect from 162.215.1.51 port 46510:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:02:46 honeypot-ams-1 sshd[4354]: Disconnected from authenticating user root 124.221.41.109 port 47460 [preauth]","@timestamp":"2022-09-18T04:02:46.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:05:35 honeypot-fra-1 sshd[26681]: Received disconnect from 135.125.233.142 port 39374:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:05:35.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:05:42 honeypot-ams-1 sshd[4360]: Disconnected from authenticating user root 124.221.41.109 port 35698 [preauth]","@timestamp":"2022-09-18T04:05:42.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:08:40 honeypot-ams-1 sshd[4367]: Disconnected from authenticating user root 124.221.41.109 port 52078 [preauth]","@timestamp":"2022-09-18T04:08:40.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:10:24 honeypot-ams-1 sshd[4373]: Received disconnect from 92.255.85.70 port 29904:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:10:25.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:12:32 honeypot-ams-1 sshd[4382]: Received disconnect from 61.177.173.50 port 46126:11:  [preauth]","@timestamp":"2022-09-18T04:12:32.657Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:14:21 honeypot-ams-1 sshd[4386]: Received disconnect from 61.177.173.36 port 13213:11:  [preauth]","@timestamp":"2022-09-18T04:14:21.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:16:28 honeypot-ams-1 sshd[4392]: Received disconnect from 124.221.41.109 port 39032:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:16:28.764Z"}
{"@timestamp":"2022-09-18T04:17:02.805Z","@version":"1","message":"Sep 18 04:17:01 honeypot-sgp-1 CRON[29763]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:17:37 honeypot-ams-1 kernel: [84351237.693148] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.180.224.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=49074 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:17:37.797Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:18:59 honeypot-fra-1 kernel: [84349147.419674] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=32832 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:18:59.239Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:20:19 honeypot-ams-1 sshd[4406]: Received disconnect from 124.221.41.109 port 60562:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:20:19.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:23:13 honeypot-ams-1 sshd[4415]: Received disconnect from 124.221.41.109 port 48428:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:23:13.950Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:23:51 honeypot-fra-1 kernel: [84349439.505823] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.180.224.103 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=46421 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:23:51.353Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T04:23:51.968Z","@version":"1","message":"Sep 18 04:23:51 honeypot-sgp-1 sshd[29769]: Disconnected from authenticating user root 159.65.224.135 port 59384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:25:07 honeypot-ams-1 sshd[4421]: Received disconnect from 124.221.41.109 port 59122:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:25:08.002Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:27:59 honeypot-ams-1 sshd[4428]: Received disconnect from 124.221.41.109 port 46872:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:28:00.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:29:09 honeypot-ams-1 sshd[4435]: Invalid user libsys from 222.252.243.104 port 62892","@timestamp":"2022-09-18T04:29:10.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:29:53 honeypot-ams-1 sshd[4441]: Received disconnect from 124.221.41.109 port 57506:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:29:54.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:30:52 honeypot-ams-1 sshd[4445]: Disconnected from authenticating user root 124.221.41.109 port 34586 [preauth]","@timestamp":"2022-09-18T04:30:53.163Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:32:04 honeypot-ams-1 kernel: [84352104.786165] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=90 TOS=0x00 PREC=0x00 TTL=252 ID=35404 PROTO=TCP SPT=9425 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:32:05.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:32:45 honeypot-ams-1 sshd[4451]: Received disconnect from 124.221.41.109 port 45190:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:32:46.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:34:54 honeypot-ams-1 sshd[4458]: Invalid user dockerroot from 43.154.4.192 port 41826","@timestamp":"2022-09-18T04:34:54.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:35:05 honeypot-fra-1 sshd[26716]: Invalid user admin from 193.106.191.157 port 57894","@timestamp":"2022-09-18T04:35:06.614Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:36:15 honeypot-ams-1 sshd[4462]: Received disconnect from 109.234.36.47 port 44444:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:36:16.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:37:29 honeypot-ams-1 sshd[4476]: Received disconnect from 124.221.41.109 port 43336:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:37:30.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:38:27 honeypot-ams-1 sshd[4482]: Disconnected from authenticating user root 124.221.41.109 port 48598 [preauth]","@timestamp":"2022-09-18T04:38:27.375Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:08 honeypot-fra-1 kernel: [84350357.329996] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=40210 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:39:09.710Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:21 honeypot-fra-1 sshd[26723]: Disconnected from invalid user user 45.61.186.169 port 39612 [preauth]","@timestamp":"2022-09-18T04:39:21.716Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:39:33 honeypot-ams-1 sshd[4486]: Disconnected from invalid user vncserver 24.188.213.50 port 60094 [preauth]","@timestamp":"2022-09-18T04:39:34.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:37 honeypot-fra-1 sshd[26727]: Disconnected from invalid user user 45.61.186.169 port 34464 [preauth]","@timestamp":"2022-09-18T04:39:38.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:53 honeypot-fra-1 sshd[26731]: Disconnected from invalid user user 45.61.186.169 port 57536 [preauth]","@timestamp":"2022-09-18T04:39:53.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:40:19 honeypot-ams-1 sshd[4491]: Disconnected from authenticating user root 124.221.41.109 port 59078 [preauth]","@timestamp":"2022-09-18T04:40:20.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:41:15 honeypot-ams-1 sshd[4495]: Disconnected from authenticating user root 124.221.41.109 port 36070 [preauth]","@timestamp":"2022-09-18T04:41:15.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:42:11 honeypot-ams-1 sshd[4501]: Disconnected from authenticating user root 124.221.41.109 port 41294 [preauth]","@timestamp":"2022-09-18T04:42:11.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:43:09 honeypot-fra-1 sshd[26736]: Disconnected from invalid user fz 45.119.215.150 port 33624 [preauth]","@timestamp":"2022-09-18T04:43:09.809Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:44:04 honeypot-ams-1 sshd[4507]: Received disconnect from 124.221.41.109 port 51720:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:44:05.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:45:01 honeypot-ams-1 sshd[4513]: Disconnected from authenticating user root 124.221.41.109 port 56916 [preauth]","@timestamp":"2022-09-18T04:45:02.562Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:47:34 honeypot-ams-1 kernel: [84353034.424347] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=3583 DF PROTO=TCP SPT=53165 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T04:47:34.631Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:49:36 honeypot-ams-1 kernel: [84353156.803474] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37031 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:49:37.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:51:07 honeypot-ams-1 sshd[4530]: Invalid user admin from 193.106.191.157 port 32796","@timestamp":"2022-09-18T04:51:07.732Z"}
{"@timestamp":"2022-09-18T04:51:37.624Z","@version":"1","message":"Sep 18 04:51:37 honeypot-sgp-1 sshd[29774]: Connection closed by invalid user user1 103.188.176.251 port 50528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:52:27 honeypot-ams-1 sshd[4536]: Received disconnect from 124.221.41.109 port 41750:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:52:27.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:54:18 honeypot-ams-1 sshd[4542]: Received disconnect from 124.221.41.109 port 52026:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:54:18.821Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:55:23 honeypot-ams-1 kernel: [84353503.748765] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.4.80.223 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=41357 PROTO=TCP SPT=55705 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:55:23.855Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:56:44 honeypot-ams-1 kernel: [84353584.394275] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.163.46 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=14517 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:56:44.893Z"}
{"@timestamp":"2022-09-18T04:56:57.772Z","@version":"1","message":"Sep 18 04:56:57 honeypot-sgp-1 sshd[29779]: Disconnected from authenticating user root 93.49.97.102 port 50500 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:58:54 honeypot-ams-1 sshd[4558]: Received disconnect from 124.221.41.109 port 49380:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:58:54.954Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:59:23 honeypot-fra-1 sshd[26744]: Disconnected from authenticating user root 167.71.233.59 port 48342 [preauth]","@timestamp":"2022-09-18T04:59:23.177Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:59:48 honeypot-ams-1 sshd[4562]: Disconnected from authenticating user root 124.221.41.109 port 54478 [preauth]","@timestamp":"2022-09-18T04:59:48.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:01:40 honeypot-ams-1 sshd[4570]: Disconnected from authenticating user root 124.221.41.109 port 36428 [preauth]","@timestamp":"2022-09-18T05:01:40.033Z"}
{"@timestamp":"2022-09-18T05:02:52.918Z","@version":"1","message":"Sep 18 05:02:52 honeypot-sgp-1 sshd[29784]: Invalid user ubnt from 179.60.147.69 port 3304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:03:56 honeypot-ams-1 sshd[4579]: Received disconnect from 61.177.173.37 port 38621:11:  [preauth]","@timestamp":"2022-09-18T05:03:57.095Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:05:20 honeypot-fra-1 sshd[26749]: Invalid user kde from 34.80.217.216 port 60314","@timestamp":"2022-09-18T05:05:21.315Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:06:10 honeypot-ams-1 sshd[4585]: Received disconnect from 124.221.41.109 port 33518:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:06:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:07:59 honeypot-ams-1 sshd[4592]: Received disconnect from 124.221.41.109 port 43604:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:08:00.203Z"}
{"@timestamp":"2022-09-18T05:08:21.055Z","@version":"1","message":"Sep 18 05:08:20 honeypot-sgp-1 sshd[29789]: Received disconnect from 210.22.111.77 port 44886:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:08:27 honeypot-ams-1 sshd[4596]: Disconnected from invalid user username 92.255.85.70 port 17840 [preauth]","@timestamp":"2022-09-18T05:08:28.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:10:43 honeypot-ams-1 sshd[4606]: Received disconnect from 183.192.0.18 port 43718:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:10:43.282Z"}
{"@timestamp":"2022-09-18T05:11:14.128Z","@version":"1","message":"Sep 18 05:11:13 honeypot-sgp-1 sshd[29793]: Received disconnect from 178.27.237.198 port 46408:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:11:36 honeypot-ams-1 sshd[4608]: Disconnected from authenticating user root 124.221.41.109 port 35484 [preauth]","@timestamp":"2022-09-18T05:11:36.308Z"}
{"@timestamp":"2022-09-18T05:12:02.150Z","@version":"1","message":"Sep 18 05:12:01 honeypot-sgp-1 sshd[29795]: Disconnected from authenticating user root 49.247.24.207 port 58996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:13:21 honeypot-fra-1 kernel: [84352410.086650] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=34150 PROTO=TCP SPT=56287 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:13:22.498Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:14:07 honeypot-ams-1 sshd[4615]: Received disconnect from 61.177.173.35 port 34334:11:  [preauth]","@timestamp":"2022-09-18T05:14:07.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:15:52 honeypot-ams-1 sshd[4623]: Invalid user cwy from 64.227.183.182 port 41410","@timestamp":"2022-09-18T05:15:52.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:01 honeypot-ams-1 sshd[4631]: Disconnected from authenticating user root 124.221.41.109 port 37254 [preauth]","@timestamp":"2022-09-18T05:17:01.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:17:32 honeypot-fra-1 kernel: [84352660.967590] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40298 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:17:33.621Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:55 honeypot-ams-1 sshd[4639]: Disconnected from authenticating user root 124.221.41.109 port 42234 [preauth]","@timestamp":"2022-09-18T05:17:55.483Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:19:40 honeypot-ams-1 sshd[4645]: Received disconnect from 124.221.41.109 port 52186:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:19:41.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:21:27 honeypot-ams-1 sshd[4649]: Disconnected from authenticating user root 124.221.41.109 port 33888 [preauth]","@timestamp":"2022-09-18T05:21:28.582Z"}
{"@timestamp":"2022-09-18T05:21:35.378Z","@version":"1","message":"Sep 18 05:21:34 honeypot-sgp-1 sshd[29804]: Disconnected from authenticating user root 213.32.22.97 port 54983 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:23:16 honeypot-ams-1 sshd[4654]: Received disconnect from 124.221.41.109 port 43818:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:23:16.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:24:16 honeypot-ams-1 sshd[4660]: Disconnected from invalid user tushar 159.65.235.114 port 53584 [preauth]","@timestamp":"2022-09-18T05:24:17.662Z"}
{"@timestamp":"2022-09-18T05:24:22.466Z","@version":"1","message":"Sep 18 05:24:21 honeypot-sgp-1 sshd[29809]: Disconnected from invalid user radius 210.4.123.219 port 15855 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:25:56 honeypot-ams-1 sshd[4666]: Disconnected from authenticating user root 124.221.41.109 port 58672 [preauth]","@timestamp":"2022-09-18T05:25:57.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:25:59 honeypot-fra-1 sshd[26764]: Did not receive identification string from 159.223.82.54 port 34292","@timestamp":"2022-09-18T05:25:59.813Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:27:41 honeypot-ams-1 sshd[4672]: Received disconnect from 124.221.41.109 port 40314:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:27:41.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:29:27 honeypot-ams-1 sshd[4677]: Received disconnect from 124.221.41.109 port 50172:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:29:27.808Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:30:33 honeypot-ams-1 kernel: [84355613.408280] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=28903 PROTO=TCP SPT=59006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:30:33.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:33:43 honeypot-ams-1 sshd[4692]: Invalid user kr from 60.210.40.210 port 2457","@timestamp":"2022-09-18T05:33:43.933Z"}
{"@timestamp":"2022-09-18T05:36:51.764Z","@version":"1","message":"Sep 18 05:36:51 honeypot-sgp-1 kernel: [84355514.452322] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47925 PROTO=TCP SPT=59254 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:37:22 honeypot-ams-1 sshd[4696]: Received disconnect from 61.177.173.47 port 16612:11:  [preauth]","@timestamp":"2022-09-18T05:37:23.031Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:39:16 honeypot-fra-1 sshd[26768]: Invalid user admin from 92.255.85.70 port 33210","@timestamp":"2022-09-18T05:39:16.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:40:06 honeypot-fra-1 sshd[26772]: Invalid user test from 179.60.147.69 port 1424","@timestamp":"2022-09-18T05:40:06.135Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T05:41:14.874Z","@version":"1","message":"Sep 18 05:41:14 honeypot-sgp-1 kernel: [84355777.631861] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=176.104.108.149 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39973 DF PROTO=TCP SPT=38625 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:45:40 honeypot-ams-1 sshd[4701]: Invalid user admin from 92.255.85.70 port 51592","@timestamp":"2022-09-18T05:45:41.248Z"}
{"@timestamp":"2022-09-18T05:53:36.171Z","@version":"1","message":"Sep 18 05:53:35 honeypot-sgp-1 kernel: [84356519.079228] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=24941 PROTO=TCP SPT=59941 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:56:37 honeypot-ams-1 sshd[4713]: Disconnected from authenticating user root 61.177.172.124 port 60337 [preauth]","@timestamp":"2022-09-18T05:56:38.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:57:40 honeypot-ams-1 sshd[4719]: Invalid user serviceop from 176.122.138.198 port 48190","@timestamp":"2022-09-18T05:57:40.567Z"}
{"@timestamp":"2022-09-18T06:00:50.368Z","@version":"1","message":"Sep 18 06:00:50 honeypot-sgp-1 kernel: [84356953.658409] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=26973 PROTO=TCP SPT=40804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:02:20 honeypot-ams-1 sshd[4723]: Disconnected from authenticating user root 61.177.173.36 port 10465 [preauth]","@timestamp":"2022-09-18T06:02:20.690Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:05:19 honeypot-fra-1 kernel: [84355527.254760] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=51642 PROTO=TCP SPT=40804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:05:19.688Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T06:07:52.538Z","@version":"1","message":"Sep 18 06:07:52 honeypot-sgp-1 sshd[29827]: Received disconnect from 109.195.242.57 port 36352:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:13:07 honeypot-ams-1 kernel: [84358167.159899] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=50925 PROTO=TCP SPT=40751 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:13:07.976Z"}
{"@timestamp":"2022-09-18T06:14:11.692Z","@version":"1","message":"Sep 18 06:14:11 honeypot-sgp-1 kernel: [84357754.425530] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=49148 DF PROTO=TCP SPT=49615 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:17:01.765Z","@version":"1","message":"Sep 18 06:17:01 honeypot-sgp-1 CRON[29833]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:17:01 honeypot-fra-1 CRON[26876]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T06:17:01.969Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:18:15 honeypot-ams-1 kernel: [84358475.297153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.244.244.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=13324 PROTO=TCP SPT=55448 DPT=80 WINDOW=30323 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:18:16.116Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:22:24 honeypot-fra-1 sshd[26882]: Connection closed by invalid user test1 141.98.10.158 port 34974 [preauth]","@timestamp":"2022-09-18T06:22:25.091Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:25:01 honeypot-ams-1 CRON[4837]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T06:25:01.295Z"}
{"@timestamp":"2022-09-18T06:25:01.961Z","@version":"1","message":"Sep 18 06:25:01 honeypot-sgp-1 CRON[29839]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:25:22 honeypot-fra-1 kernel: [84356730.881414] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=5099 PROTO=TCP SPT=16105 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:25:23.165Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:25 honeypot-ams-1 sshd[5019]: Received disconnect from 46.19.141.122 port 51256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:31:26.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:46 honeypot-ams-1 sshd[5023]: Disconnected from authenticating user root 46.19.141.122 port 40594 [preauth]","@timestamp":"2022-09-18T06:31:46.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:10 honeypot-ams-1 sshd[5027]: Disconnected from invalid user user 46.19.141.122 port 53278 [preauth]","@timestamp":"2022-09-18T06:32:10.600Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:32:43 honeypot-fra-1 kernel: [84357171.306739] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.197.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48328 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:32:43.333Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:54 honeypot-ams-1 sshd[5031]: Disconnected from invalid user admin 46.19.141.122 port 48808 [preauth]","@timestamp":"2022-09-18T06:32:55.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:29 honeypot-ams-1 sshd[5035]: Disconnected from invalid user raspberry 46.19.141.122 port 58748 [preauth]","@timestamp":"2022-09-18T06:33:29.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:57 honeypot-ams-1 sshd[5039]: Disconnected from invalid user usuario 46.19.141.122 port 33210 [preauth]","@timestamp":"2022-09-18T06:33:57.654Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:25 honeypot-ams-1 sshd[5043]: Disconnected from invalid user 1234 46.19.141.122 port 48990 [preauth]","@timestamp":"2022-09-18T06:34:25.669Z"}
{"@timestamp":"2022-09-18T06:34:43.205Z","@version":"1","message":"Sep 18 06:34:42 honeypot-sgp-1 sshd[29983]: Did not receive identification string from 45.61.186.249 port 45722","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:00.215Z","@version":"1","message":"Sep 18 06:35:00 honeypot-sgp-1 sshd[29986]: Disconnected from invalid user user 45.61.186.249 port 43262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:11 honeypot-ams-1 sshd[5052]: Invalid user telnet from 46.19.141.122 port 56566","@timestamp":"2022-09-18T06:35:11.692Z"}
{"@timestamp":"2022-09-18T06:35:18.224Z","@version":"1","message":"Sep 18 06:35:17 honeypot-sgp-1 sshd[29990]: Disconnected from invalid user user 45.61.186.249 port 38530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:34 honeypot-ams-1 sshd[5056]: Disconnected from authenticating user root 46.19.141.122 port 58990 [preauth]","@timestamp":"2022-09-18T06:35:34.704Z"}
{"@timestamp":"2022-09-18T06:35:36.233Z","@version":"1","message":"Sep 18 06:35:35 honeypot-sgp-1 sshd[29994]: Disconnected from invalid user user 45.61.186.249 port 33848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:36:09 honeypot-ams-1 sshd[5064]: Disconnected from authenticating user root 46.19.141.122 port 35122 [preauth]","@timestamp":"2022-09-18T06:36:09.722Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:37:09 honeypot-ams-1 kernel: [84359609.459292] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38812 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:37:09.751Z"}
{"@timestamp":"2022-09-18T06:37:26.277Z","@version":"1","message":"Sep 18 06:37:26 honeypot-sgp-1 sshd[29998]: Disconnected from invalid user admin 76.95.32.130 port 57480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:38:24.305Z","@version":"1","message":"Sep 18 06:38:23 honeypot-sgp-1 kernel: [84359206.626342] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=44422 PROTO=TCP SPT=61002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:40:35.362Z","@version":"1","message":"Sep 18 06:40:35 honeypot-sgp-1 kernel: [84359338.490391] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=20064 PROTO=TCP SPT=40751 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:42:13.405Z","@version":"1","message":"Sep 18 06:42:13 honeypot-sgp-1 sshd[30007]: Received disconnect from 87.219.167.59 port 47718:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:43:35 honeypot-fra-1 sshd[27024]: Disconnected from invalid user c_sarda 221.213.129.46 port 45272 [preauth]","@timestamp":"2022-09-18T06:43:36.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:15 honeypot-fra-1 sshd[27029]: Received disconnect from 45.61.187.160 port 51764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:44:15.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:24 honeypot-fra-1 sshd[27033]: Received disconnect from 45.61.187.160 port 35332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:44:24.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:42 honeypot-fra-1 sshd[27037]: Received disconnect from 45.61.187.160 port 58906:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:44:42.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:59 honeypot-fra-1 sshd[27041]: Received disconnect from 45.61.187.160 port 54248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:45:00.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:45:22 honeypot-fra-1 sshd[27046]: Invalid user tb5 from 94.253.14.90 port 38232","@timestamp":"2022-09-18T06:45:22.632Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:46:57 honeypot-fra-1 sshd[27050]: Invalid user linjunyang from 165.22.45.108 port 54354","@timestamp":"2022-09-18T06:46:57.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:47:01 honeypot-ams-1 CRON[5077]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T06:47:02.009Z"}
{"@timestamp":"2022-09-18T06:47:36.537Z","@version":"1","message":"Sep 18 06:47:35 honeypot-sgp-1 sshd[30032]: Received disconnect from 97.74.83.174 port 51740:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:48:39 honeypot-fra-1 sshd[27077]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-18T06:48:40.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:52:05 honeypot-fra-1 sshd[27081]: Disconnected from invalid user josefina 43.154.211.62 port 42978 [preauth]","@timestamp":"2022-09-18T06:52:05.791Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:53:30 honeypot-ams-1 sshd[5175]: Connection closed by invalid user user1 103.188.176.251 port 39346 [preauth]","@timestamp":"2022-09-18T06:53:31.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:08 honeypot-ams-1 sshd[5181]: Invalid user user from 45.61.184.204 port 45010","@timestamp":"2022-09-18T06:56:08.256Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:56:26 honeypot-ams-1 kernel: [84360766.540307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40157 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:56:27.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:36 honeypot-ams-1 sshd[5187]: Disconnected from invalid user user 45.61.184.204 port 52204 [preauth]","@timestamp":"2022-09-18T06:56:36.272Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:54 honeypot-ams-1 sshd[5201]: Invalid user user from 45.61.184.204 port 47582","@timestamp":"2022-09-18T06:56:55.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:57:41 honeypot-fra-1 sshd[27089]: Invalid user user1 from 103.188.176.251 port 49836","@timestamp":"2022-09-18T06:57:41.918Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:59:37.825Z","@version":"1","message":"Sep 18 06:59:37 honeypot-sgp-1 sshd[30037]: Disconnecting invalid user admin 221.185.76.103 port 33435: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:00:05 honeypot-ams-1 sshd[5205]: Received disconnect from 61.177.173.49 port 59305:11:  [preauth]","@timestamp":"2022-09-18T07:00:05.366Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:02:14 honeypot-fra-1 sshd[27092]: Connection closed by invalid user mysql 193.106.191.157 port 38824 [preauth]","@timestamp":"2022-09-18T07:02:15.024Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:03:01.912Z","@version":"1","message":"Sep 18 07:03:01 honeypot-sgp-1 sshd[30137]: Disconnected from invalid user plex 88.142.46.185 port 55472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:04:19.947Z","@version":"1","message":"Sep 18 07:04:19 honeypot-sgp-1 sshd[30141]: Disconnected from authenticating user root 92.255.85.69 port 51118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:05:07 honeypot-ams-1 sshd[5209]: Disconnected from authenticating user root 61.177.172.124 port 42334 [preauth]","@timestamp":"2022-09-18T07:05:08.499Z"}
{"@timestamp":"2022-09-18T07:11:13.116Z","@version":"1","message":"Sep 18 07:11:12 honeypot-sgp-1 sshd[30146]: Did not receive identification string from 192.241.206.177 port 45092","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:14:45 honeypot-ams-1 sshd[5223]: Connection closed by invalid user mysql 193.106.191.157 port 42004 [preauth]","@timestamp":"2022-09-18T07:14:45.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:15:57 honeypot-fra-1 sshd[27099]: Received disconnect from 45.61.187.160 port 57026:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:15:58.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:15 honeypot-fra-1 sshd[27104]: Received disconnect from 45.61.187.160 port 52748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:16:16.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:32 honeypot-fra-1 sshd[27108]: Received disconnect from 45.61.187.160 port 48422:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:16:33.349Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:16:47.253Z","@version":"1","message":"Sep 18 07:16:46 honeypot-sgp-1 sshd[30151]: Did not receive identification string from 27.124.5.116 port 50640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:48 honeypot-fra-1 sshd[27112]: Received disconnect from 45.61.187.160 port 44114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:16:49.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:18:30.299Z","@version":"1","message":"Sep 18 07:18:29 honeypot-sgp-1 kernel: [84361613.185268] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.197.132 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48677 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:21:09 honeypot-ams-1 kernel: [84362249.053001] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12695 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:21:10.049Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:22:59 honeypot-fra-1 sshd[27120]: Invalid user admin from 135.129.133.147 port 38385","@timestamp":"2022-09-18T07:23:00.496Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:26:52 honeypot-ams-1 sshd[5241]: Invalid user user from 45.61.184.204 port 36816","@timestamp":"2022-09-18T07:26:53.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:01 honeypot-ams-1 sshd[5244]: Disconnected from invalid user user 45.61.184.204 port 48678 [preauth]","@timestamp":"2022-09-18T07:27:02.207Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:27:11 honeypot-fra-1 sshd[27126]: Received disconnect from 165.227.232.25 port 56862:11: Bye Bye [preauth]","@timestamp":"2022-09-18T07:27:11.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:20 honeypot-ams-1 sshd[5248]: Disconnected from invalid user user 45.61.184.204 port 44172 [preauth]","@timestamp":"2022-09-18T07:27:21.217Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:37 honeypot-ams-1 sshd[5254]: Invalid user user from 45.61.184.204 port 39684","@timestamp":"2022-09-18T07:27:38.225Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:30:36 honeypot-ams-1 sshd[5260]: Disconnected from authenticating user root 61.177.173.52 port 12263 [preauth]","@timestamp":"2022-09-18T07:30:37.306Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:35:40 honeypot-ams-1 kernel: [84363120.929367] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.89.30.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=42096 PROTO=TCP SPT=38549 DPT=443 WINDOW=7260 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:35:41.445Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:37:30 honeypot-fra-1 sshd[27132]: Invalid user mysql from 193.106.191.157 port 34396","@timestamp":"2022-09-18T07:37:30.827Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:39:31 honeypot-ams-1 sshd[5274]: Received disconnect from 134.122.123.117 port 55164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:39:32.546Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:48:33 honeypot-ams-1 kernel: [84363893.014449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.66.73.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=43204 PROTO=TCP SPT=47435 DPT=80 WINDOW=54217 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:48:33.780Z"}
{"@timestamp":"2022-09-18T07:48:57.020Z","@version":"1","message":"Sep 18 07:48:56 honeypot-sgp-1 sshd[30166]: Invalid user user from 45.61.186.249 port 59224","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:17.029Z","@version":"1","message":"Sep 18 07:49:16 honeypot-sgp-1 sshd[30170]: Invalid user user from 45.61.186.249 port 54820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:36.038Z","@version":"1","message":"Sep 18 07:49:35 honeypot-sgp-1 sshd[30174]: Invalid user user from 45.61.186.249 port 50422","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:54.048Z","@version":"1","message":"Sep 18 07:49:53 honeypot-sgp-1 sshd[30178]: Invalid user user from 45.61.186.249 port 46020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:51:30 honeypot-fra-1 kernel: [84361897.975918] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=65464 PROTO=TCP SPT=56755 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:51:30.140Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:58:06 honeypot-ams-1 kernel: [84364466.265016] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.60.15.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=54696 PROTO=TCP SPT=58515 DPT=80 WINDOW=3650 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:58:07.034Z"}
{"@timestamp":"2022-09-18T07:58:14.247Z","@version":"1","message":"Sep 18 07:58:13 honeypot-sgp-1 sshd[30182]: Invalid user oleta from 165.227.160.124 port 49184","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:02:27 honeypot-ams-1 kernel: [84364727.313106] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=20247 PROTO=TCP SPT=52051 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:02:28.154Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:03:28 honeypot-fra-1 sshd[27145]: Invalid user ts3bot3 from 164.90.194.36 port 47030","@timestamp":"2022-09-18T08:03:29.412Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:03:41.377Z","@version":"1","message":"Sep 18 08:03:40 honeypot-sgp-1 sshd[30189]: Invalid user support from 179.60.147.69 port 41478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:05:41 honeypot-fra-1 kernel: [84362749.443083] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38113 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:05:42.465Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:13:20 honeypot-ams-1 kernel: [84365380.539668] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46497 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:13:21.474Z"}
{"@timestamp":"2022-09-18T08:17:01.696Z","@version":"1","message":"Sep 18 08:17:01 honeypot-sgp-1 CRON[30196]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:17:16 honeypot-fra-1 kernel: [84363444.610425] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.163.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=12886 PROTO=TCP SPT=48970 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:17:17.729Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:25:30 honeypot-fra-1 kernel: [84363938.671134] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.209.50 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49711 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:25:30.915Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:27:39 honeypot-ams-1 sshd[5320]: Disconnected from authenticating user root 61.177.173.52 port 57347 [preauth]","@timestamp":"2022-09-18T08:27:39.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:28:34 honeypot-ams-1 sshd[5324]: Disconnected from invalid user toor 49.247.31.104 port 15843 [preauth]","@timestamp":"2022-09-18T08:28:35.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:29:01 honeypot-fra-1 sshd[27183]: Received disconnect from 176.102.38.41 port 58464:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:29:01.996Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:29:45.999Z","@version":"1","message":"Sep 18 08:29:45 honeypot-sgp-1 sshd[30220]: Invalid user sierra from 163.177.9.151 port 46274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:33:03.079Z","@version":"1","message":"Sep 18 08:33:02 honeypot-sgp-1 sshd[30223]: Received disconnect from 180.228.243.235 port 27683:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:38:38 honeypot-ams-1 kernel: [84366898.193313] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=34313 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:38:39.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:41:16 honeypot-fra-1 sshd[27634]: Connection closed by invalid user blank 179.60.147.69 port 52450 [preauth]","@timestamp":"2022-09-18T08:41:17.275Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:41:53.291Z","@version":"1","message":"Sep 18 08:41:53 honeypot-sgp-1 sshd[30229]: Received disconnect from 45.61.186.249 port 45528:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:13.301Z","@version":"1","message":"Sep 18 08:42:12 honeypot-sgp-1 sshd[30233]: Received disconnect from 45.61.186.249 port 41056:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:31.310Z","@version":"1","message":"Sep 18 08:42:31 honeypot-sgp-1 sshd[30237]: Received disconnect from 45.61.186.249 port 36590:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:50.319Z","@version":"1","message":"Sep 18 08:42:49 honeypot-sgp-1 sshd[30241]: Received disconnect from 45.61.186.249 port 60360:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:45:21.379Z","@version":"1","message":"Sep 18 08:45:21 honeypot-sgp-1 kernel: [84366824.458252] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:49:10 honeypot-ams-1 sshd[5363]: Invalid user djangotest from 157.230.6.213 port 35998","@timestamp":"2022-09-18T08:49:11.437Z"}
{"@timestamp":"2022-09-18T08:53:18.572Z","@version":"1","message":"Sep 18 08:53:18 honeypot-sgp-1 kernel: [84367301.251008] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=247 ID=1721 PROTO=TCP SPT=55439 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:53:32 honeypot-ams-1 sshd[5370]: Received disconnect from 61.177.172.90 port 38819:11:  [preauth]","@timestamp":"2022-09-18T08:53:32.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:54:54 honeypot-ams-1 sshd[5374]: Disconnected from invalid user admin 92.255.85.69 port 36230 [preauth]","@timestamp":"2022-09-18T08:54:54.589Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:57:53 honeypot-ams-1 kernel: [84368053.443676] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.161.155.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=41742 PROTO=TCP SPT=11976 DPT=80 WINDOW=32144 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:57:53.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:00:42 honeypot-fra-1 sshd[27641]: Did not receive identification string from 45.61.186.249 port 51108","@timestamp":"2022-09-18T09:00:43.708Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:13 honeypot-fra-1 sshd[27646]: Invalid user user from 45.61.186.249 port 54380","@timestamp":"2022-09-18T09:01:14.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:23 honeypot-fra-1 sshd[27648]: Disconnected from invalid user user 45.61.186.249 port 37756 [preauth]","@timestamp":"2022-09-18T09:01:24.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:43 honeypot-fra-1 sshd[27652]: Received disconnect from 45.61.186.249 port 60986:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:01:43.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:02:01 honeypot-fra-1 sshd[27656]: Received disconnect from 45.61.186.249 port 55972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:02:02.775Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:03:07.806Z","@version":"1","message":"Sep 18 09:03:07 honeypot-sgp-1 sshd[30251]: Invalid user egg from 80.229.18.62 port 56694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:16 honeypot-ams-1 sshd[5387]: Received disconnect from 149.74.230.97 port 52509:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:16.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:17 honeypot-ams-1 sshd[5391]: Disconnected from authenticating user root 149.74.230.97 port 52553 [preauth]","@timestamp":"2022-09-18T09:03:17.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:18 honeypot-ams-1 sshd[5397]: Disconnected from authenticating user root 149.74.230.97 port 52611 [preauth]","@timestamp":"2022-09-18T09:03:19.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:20 honeypot-ams-1 sshd[5403]: Disconnected from authenticating user root 149.74.230.97 port 52659 [preauth]","@timestamp":"2022-09-18T09:03:20.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:21 honeypot-ams-1 sshd[5409]: Disconnected from authenticating user root 149.74.230.97 port 52709 [preauth]","@timestamp":"2022-09-18T09:03:22.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:23 honeypot-ams-1 sshd[5415]: Disconnected from authenticating user root 149.74.230.97 port 52751 [preauth]","@timestamp":"2022-09-18T09:03:23.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:24 honeypot-ams-1 sshd[5421]: Disconnected from authenticating user root 149.74.230.97 port 52809 [preauth]","@timestamp":"2022-09-18T09:03:24.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:26 honeypot-ams-1 sshd[5427]: Disconnected from authenticating user root 149.74.230.97 port 52864 [preauth]","@timestamp":"2022-09-18T09:03:26.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:27 honeypot-ams-1 sshd[5433]: Disconnected from authenticating user root 149.74.230.97 port 52908 [preauth]","@timestamp":"2022-09-18T09:03:27.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:29 honeypot-ams-1 sshd[5439]: Disconnected from authenticating user root 149.74.230.97 port 52967 [preauth]","@timestamp":"2022-09-18T09:03:29.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:30 honeypot-ams-1 sshd[5445]: Disconnected from authenticating user root 149.74.230.97 port 53021 [preauth]","@timestamp":"2022-09-18T09:03:30.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:31 honeypot-ams-1 sshd[5451]: Disconnected from authenticating user root 149.74.230.97 port 53069 [preauth]","@timestamp":"2022-09-18T09:03:31.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:33 honeypot-ams-1 sshd[5457]: Received disconnect from 149.74.230.97 port 53111:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:33.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:34 honeypot-ams-1 sshd[5461]: Received disconnect from 149.74.230.97 port 53148:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:34.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:35 honeypot-ams-1 sshd[5466]: Received disconnect from 149.74.230.97 port 53182:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:35.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:36 honeypot-ams-1 sshd[5470]: Received disconnect from 149.74.230.97 port 53217:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:36.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:36 honeypot-ams-1 sshd[5474]: Received disconnect from 149.74.230.97 port 53238:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:37.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:37 honeypot-ams-1 sshd[5478]: Received disconnect from 149.74.230.97 port 53275:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:37.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:39 honeypot-ams-1 sshd[5484]: Invalid user pi from 149.74.230.97 port 53328","@timestamp":"2022-09-18T09:03:39.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:40 honeypot-ams-1 sshd[5488]: Invalid user user from 149.74.230.97 port 53357","@timestamp":"2022-09-18T09:03:40.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:41 honeypot-ams-1 sshd[5492]: Invalid user mine from 149.74.230.97 port 53403","@timestamp":"2022-09-18T09:03:41.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:42 honeypot-ams-1 sshd[5496]: Invalid user xbmc from 149.74.230.97 port 53454","@timestamp":"2022-09-18T09:03:42.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:43 honeypot-ams-1 sshd[5500]: Invalid user oracle from 149.74.230.97 port 53478","@timestamp":"2022-09-18T09:03:43.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:44 honeypot-ams-1 sshd[5504]: Invalid user postgres from 149.74.230.97 port 53508","@timestamp":"2022-09-18T09:03:44.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5508]: Invalid user support from 149.74.230.97 port 53552","@timestamp":"2022-09-18T09:03:45.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:46 honeypot-ams-1 sshd[5512]: Invalid user ubuntu from 149.74.230.97 port 53583","@timestamp":"2022-09-18T09:03:46.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:47 honeypot-ams-1 sshd[5516]: Invalid user ubuntu from 149.74.230.97 port 53610","@timestamp":"2022-09-18T09:03:47.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:48 honeypot-ams-1 sshd[5520]: Invalid user guest from 149.74.230.97 port 53646","@timestamp":"2022-09-18T09:03:48.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:49 honeypot-ams-1 sshd[5524]: Invalid user cirros from 149.74.230.97 port 53675","@timestamp":"2022-09-18T09:03:49.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:04:36 honeypot-fra-1 sshd[27660]: Received disconnect from 178.128.61.21 port 38728:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:04:37.838Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:06:12 honeypot-ams-1 kernel: [84368552.627769] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24641 PROTO=TCP SPT=51603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:06:12.911Z"}
{"@timestamp":"2022-09-18T09:07:59.936Z","@version":"1","message":"Sep 18 09:07:59 honeypot-sgp-1 sshd[30256]: Invalid user alfred from 88.147.254.66 port 53974","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T09:09:48.981Z","@version":"1","message":"Sep 18 09:09:48 honeypot-sgp-1 kernel: [84368291.706069] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=58051 PROTO=TCP SPT=51603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:40 honeypot-fra-1 sshd[27670]: Invalid user user from 45.61.187.160 port 34274","@timestamp":"2022-09-18T09:11:41.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:57 honeypot-fra-1 sshd[27674]: Invalid user user from 45.61.187.160 port 57240","@timestamp":"2022-09-18T09:11:58.007Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:12 honeypot-fra-1 sshd[27678]: Invalid user user from 45.61.187.160 port 51966","@timestamp":"2022-09-18T09:12:13.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:27 honeypot-fra-1 sshd[27682]: Invalid user user from 45.61.187.160 port 46686","@timestamp":"2022-09-18T09:12:28.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:14:27.094Z","@version":"1","message":"Sep 18 09:14:26 honeypot-sgp-1 kernel: [84368569.392493] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.90 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5149 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:15:49 honeypot-fra-1 sshd[27686]: Received disconnect from 45.61.184.204 port 47072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:15:50.100Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:09 honeypot-fra-1 sshd[27698]: Invalid user user from 45.61.184.204 port 42556","@timestamp":"2022-09-18T09:16:10.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:29 honeypot-fra-1 sshd[27702]: Invalid user user from 45.61.184.204 port 37960","@timestamp":"2022-09-18T09:16:30.118Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:49 honeypot-fra-1 sshd[27706]: Invalid user user from 45.61.184.204 port 33398","@timestamp":"2022-09-18T09:16:50.140Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:17:01 honeypot-ams-1 CRON[5540]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T09:17:02.199Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:17:20 honeypot-fra-1 sshd[27714]: Connection closed by invalid user test 179.60.147.69 port 47922 [preauth]","@timestamp":"2022-09-18T09:17:21.156Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:19:31 honeypot-ams-1 sshd[5544]: Connection closed by invalid user test 179.60.147.69 port 58630 [preauth]","@timestamp":"2022-09-18T09:19:32.270Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:21:13 honeypot-ams-1 sshd[5548]: Invalid user test2 from 103.188.176.251 port 43876","@timestamp":"2022-09-18T09:21:14.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:00 honeypot-ams-1 sshd[5557]: Invalid user fs2017 from 190.226.244.9 port 35746","@timestamp":"2022-09-18T09:25:01.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:10 honeypot-fra-1 sshd[27719]: Did not receive identification string from 45.61.187.160 port 33442","@timestamp":"2022-09-18T09:25:11.334Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:25:30 honeypot-ams-1 kernel: [84369710.733280] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54467 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:25:31.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:45 honeypot-ams-1 sshd[5564]: Disconnected from invalid user user 45.61.187.160 port 55250 [preauth]","@timestamp":"2022-09-18T09:25:45.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:46 honeypot-fra-1 sshd[27725]: Invalid user user from 45.61.187.160 port 37592","@timestamp":"2022-09-18T09:25:47.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:01 honeypot-ams-1 sshd[5568]: Disconnected from invalid user user 45.61.187.160 port 49916 [preauth]","@timestamp":"2022-09-18T09:26:02.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:02 honeypot-fra-1 sshd[27729]: Invalid user user from 45.61.187.160 port 60510","@timestamp":"2022-09-18T09:26:03.361Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:26:03.372Z","@version":"1","message":"Sep 18 09:26:03 honeypot-sgp-1 sshd[30700]: Received disconnect from 175.170.149.29 port 27881:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:18 honeypot-ams-1 sshd[5572]: Disconnected from invalid user user 45.61.187.160 port 44592 [preauth]","@timestamp":"2022-09-18T09:26:18.465Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:19 honeypot-fra-1 sshd[27733]: Invalid user user from 45.61.187.160 port 55170","@timestamp":"2022-09-18T09:26:20.369Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:27:19 honeypot-ams-1 sshd[5576]: Disconnected from invalid user isauro 192.227.166.144 port 41028 [preauth]","@timestamp":"2022-09-18T09:27:20.495Z"}
{"@timestamp":"2022-09-18T09:28:21.429Z","@version":"1","message":"Sep 18 09:28:20 honeypot-sgp-1 sshd[30704]: Disconnected from invalid user admin 92.255.85.70 port 51940 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:28:46 honeypot-fra-1 kernel: [84367734.674933] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=60251 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:28:47.428Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:28:56 honeypot-ams-1 sshd[5582]: Received disconnect from 165.22.62.203 port 54180:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:28:56.538Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:31:05 honeypot-ams-1 sshd[5587]: Received disconnect from 61.177.173.51 port 21010:11:  [preauth]","@timestamp":"2022-09-18T09:31:06.599Z"}
{"@timestamp":"2022-09-18T09:33:14.548Z","@version":"1","message":"Sep 18 09:33:14 honeypot-sgp-1 sshd[30709]: Received disconnect from 5.196.68.38 port 55152:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:27 honeypot-fra-1 sshd[27741]: Invalid user user from 45.61.186.249 port 57908","@timestamp":"2022-09-18T09:33:28.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:49 honeypot-fra-1 sshd[27748]: Invalid user user from 45.61.186.249 port 53084","@timestamp":"2022-09-18T09:33:49.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:58 honeypot-fra-1 sshd[27750]: Received disconnect from 45.61.186.249 port 36550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:33:59.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:13 honeypot-fra-1 sshd[27754]: Received disconnect from 165.22.45.108 port 37178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:34:14.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:24 honeypot-fra-1 sshd[27760]: Received disconnect from 45.61.186.249 port 43426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:34:25.560Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:36:47 honeypot-fra-1 sshd[27762]: Connection closed by invalid user mysql 193.106.191.157 port 53416 [preauth]","@timestamp":"2022-09-18T09:36:47.616Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:40:58 honeypot-ams-1 sshd[5597]: Received disconnect from 218.92.0.221 port 54094:11:  [preauth]","@timestamp":"2022-09-18T09:40:58.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:42:41 honeypot-fra-1 sshd[27769]: Invalid user admin from 141.98.10.158 port 46208","@timestamp":"2022-09-18T09:42:41.748Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:45:49 honeypot-ams-1 sshd[5604]: Received disconnect from 61.177.172.98 port 47857:11:  [preauth]","@timestamp":"2022-09-18T09:45:50.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:47:32 honeypot-ams-1 sshd[5608]: Disconnected from invalid user admin 92.255.85.69 port 48066 [preauth]","@timestamp":"2022-09-18T09:47:33.059Z"}
{"@timestamp":"2022-09-18T09:47:37.889Z","@version":"1","message":"Sep 18 09:47:37 honeypot-sgp-1 sshd[30717]: Connection closed by invalid user user1 103.188.176.251 port 38530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:47:43 honeypot-fra-1 sshd[27776]: Received disconnect from 43.242.247.141 port 49912:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:47:43.861Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:18 honeypot-fra-1 sshd[27781]: Invalid user user from 45.61.184.204 port 36432","@timestamp":"2022-09-18T09:50:18.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:39 honeypot-fra-1 sshd[27785]: Invalid user user from 45.61.184.204 port 59988","@timestamp":"2022-09-18T09:50:39.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:58 honeypot-fra-1 sshd[27789]: Invalid user user from 45.61.184.204 port 55326","@timestamp":"2022-09-18T09:50:58.942Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:51:08.975Z","@version":"1","message":"Sep 18 09:51:08 honeypot-sgp-1 sshd[30725]: Invalid user no from 46.101.29.76 port 48318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:51:15 honeypot-fra-1 sshd[27793]: Invalid user user from 45.61.184.204 port 50658","@timestamp":"2022-09-18T09:51:15.950Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:55:34 honeypot-ams-1 sshd[5615]: Invalid user admin from 179.60.147.69 port 10690","@timestamp":"2022-09-18T09:55:35.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27799]: Invalid user mcserv from 140.246.118.203 port 41920","@timestamp":"2022-09-18T09:55:51.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27799]: Connection closed by invalid user mcserv 140.246.118.203 port 41920 [preauth]","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:55 honeypot-fra-1 sshd[27811]: Invalid user oracle from 140.246.118.203 port 41932","@timestamp":"2022-09-18T09:55:56.057Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:58:17.145Z","@version":"1","message":"Sep 18 09:58:16 honeypot-sgp-1 kernel: [84371199.458247] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.25 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47651 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:58:50 honeypot-fra-1 kernel: [84369538.001036] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.129 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56949 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:58:51.124Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:02:30 honeypot-ams-1 kernel: [84371930.030121] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53953 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:02:30.452Z"}
{"@timestamp":"2022-09-18T10:03:29.273Z","@version":"1","message":"Sep 18 10:03:28 honeypot-sgp-1 sshd[30733]: Received disconnect from 143.198.8.62 port 43352:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:11:48 honeypot-fra-1 sshd[27822]: Invalid user admin from 92.255.85.69 port 33722","@timestamp":"2022-09-18T10:11:49.419Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:14:56 honeypot-fra-1 sshd[27827]: Did not receive identification string from 154.61.75.68 port 34584","@timestamp":"2022-09-18T10:14:57.490Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:17:01 honeypot-ams-1 CRON[5630]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T10:17:01.830Z"}
{"@timestamp":"2022-09-18T10:19:10.643Z","@version":"1","message":"Sep 18 10:19:10 honeypot-sgp-1 sshd[30740]: Received disconnect from 147.182.170.143 port 55804:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:20:13 honeypot-fra-1 kernel: [84370821.361542] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.105 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=51902 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:20:14.611Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:21:50.708Z","@version":"1","message":"Sep 18 10:21:50 honeypot-sgp-1 sshd[30744]: Received disconnect from 104.225.146.77 port 53276:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:24:39.781Z","@version":"1","message":"Sep 18 10:24:39 honeypot-sgp-1 sshd[30749]: Invalid user admin from 221.158.195.111 port 42797","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:37 honeypot-fra-1 sshd[27837]: Received disconnect from 179.86.94.249 port 5851:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:37.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:40 honeypot-fra-1 sshd[27841]: Disconnected from authenticating user root 179.86.94.249 port 5853 [preauth]","@timestamp":"2022-09-18T10:25:41.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:46 honeypot-fra-1 sshd[27847]: Disconnected from authenticating user root 179.86.94.249 port 5856 [preauth]","@timestamp":"2022-09-18T10:25:46.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:52 honeypot-fra-1 sshd[27853]: Disconnected from authenticating user root 179.86.94.249 port 5859 [preauth]","@timestamp":"2022-09-18T10:25:52.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:58 honeypot-fra-1 sshd[27859]: Disconnected from authenticating user root 179.86.94.249 port 5862 [preauth]","@timestamp":"2022-09-18T10:25:58.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:03 honeypot-fra-1 sshd[27865]: Disconnected from authenticating user root 179.86.94.249 port 5865 [preauth]","@timestamp":"2022-09-18T10:26:03.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:09 honeypot-fra-1 sshd[27871]: Disconnected from authenticating user root 179.86.94.249 port 5868 [preauth]","@timestamp":"2022-09-18T10:26:09.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:14 honeypot-fra-1 sshd[27877]: Received disconnect from 179.86.94.249 port 5871:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:15.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:20 honeypot-fra-1 sshd[27883]: Received disconnect from 179.86.94.249 port 5874:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:20.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:26 honeypot-fra-1 sshd[27889]: Received disconnect from 179.86.94.249 port 5877:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:26.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:31 honeypot-fra-1 sshd[27895]: Received disconnect from 179.86.94.249 port 5880:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:31.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:37 honeypot-fra-1 sshd[27901]: Received disconnect from 179.86.94.249 port 5883:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:37.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:42 honeypot-fra-1 sshd[27907]: Invalid user admin from 179.86.94.249 port 5886","@timestamp":"2022-09-18T10:26:42.768Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:26:43.834Z","@version":"1","message":"Sep 18 10:26:43 honeypot-sgp-1 sshd[30753]: Disconnected from invalid user ubuntu 121.165.140.242 port 42072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:46 honeypot-fra-1 sshd[27911]: Invalid user admin from 179.86.94.249 port 5888","@timestamp":"2022-09-18T10:26:46.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:50 honeypot-fra-1 sshd[27915]: Invalid user admin from 179.86.94.249 port 5890","@timestamp":"2022-09-18T10:26:50.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:54 honeypot-fra-1 sshd[27919]: Invalid user admin from 179.86.94.249 port 5892","@timestamp":"2022-09-18T10:26:54.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:57 honeypot-fra-1 sshd[27923]: Invalid user admin from 179.86.94.249 port 5894","@timestamp":"2022-09-18T10:26:58.777Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:01 honeypot-fra-1 sshd[27927]: Invalid user user from 179.86.94.249 port 5896","@timestamp":"2022-09-18T10:27:01.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:05 honeypot-fra-1 sshd[27931]: Disconnected from authenticating user root 179.86.94.249 port 5898 [preauth]","@timestamp":"2022-09-18T10:27:05.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:09 honeypot-fra-1 sshd[27935]: Disconnected from invalid user pi 179.86.94.249 port 5900 [preauth]","@timestamp":"2022-09-18T10:27:09.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:13 honeypot-fra-1 sshd[27939]: Received disconnect from 179.86.94.249 port 5902:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:13.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:16 honeypot-fra-1 sshd[27943]: Received disconnect from 179.86.94.249 port 5904:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:16.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:20 honeypot-fra-1 sshd[27947]: Received disconnect from 179.86.94.249 port 5906:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:20.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:24 honeypot-fra-1 sshd[27951]: Received disconnect from 179.86.94.249 port 5908:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:24.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:27 honeypot-fra-1 sshd[27955]: Received disconnect from 179.86.94.249 port 5910:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:28.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:31 honeypot-fra-1 sshd[27959]: Received disconnect from 179.86.94.249 port 5912:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:31.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:35 honeypot-fra-1 sshd[27963]: Received disconnect from 179.86.94.249 port 5914:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:35.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:39 honeypot-fra-1 sshd[27967]: Received disconnect from 179.86.94.249 port 5850:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:39.805Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:42 honeypot-fra-1 sshd[27971]: Received disconnect from 179.86.94.249 port 5852:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:43.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:46 honeypot-fra-1 sshd[27975]: Received disconnect from 179.86.94.249 port 5854:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:46.809Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:28:51 honeypot-ams-1 kernel: [84373511.237442] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.82.47.25 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51019 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:28:52.155Z"}
{"@timestamp":"2022-09-18T10:31:46.959Z","@version":"1","message":"Sep 18 10:31:46 honeypot-sgp-1 kernel: [84373210.020875] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.108 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37967 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:33:59 honeypot-ams-1 kernel: [84373819.524362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.254.76.122 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=24843 PROTO=TCP SPT=55766 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:34:00.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:35:18 honeypot-ams-1 sshd[5643]: Invalid user corp from 128.199.103.79 port 33520","@timestamp":"2022-09-18T10:35:19.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:35:36 honeypot-fra-1 kernel: [84371744.170491] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=202.107.151.160 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=28273 DF PROTO=TCP SPT=20368 DPT=80 WINDOW=5440 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:35:36.989Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:42:39.222Z","@version":"1","message":"Sep 18 10:42:38 honeypot-sgp-1 sshd[30763]: Connection closed by invalid user admin 178.128.125.205 port 51596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:43:08 honeypot-ams-1 kernel: [84374368.740373] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.123.143.250 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=10947 PROTO=TCP SPT=47785 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:43:09.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:57 honeypot-ams-1 sshd[5650]: Disconnected from invalid user redis 143.244.178.40 port 34376 [preauth]","@timestamp":"2022-09-18T10:43:57.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:56:53 honeypot-fra-1 sshd[27982]: Received disconnect from 165.22.45.108 port 42700:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T10:56:53.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:59:14 honeypot-fra-1 kernel: [84373161.771686] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56880 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:59:14.537Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:03 honeypot-fra-1 sshd[27991]: Invalid user user from 45.61.184.204 port 54482","@timestamp":"2022-09-18T11:00:04.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:16 honeypot-fra-1 sshd[27989]: Connection closed by invalid user mysql 193.106.191.157 port 48500 [preauth]","@timestamp":"2022-09-18T11:00:17.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:30 honeypot-fra-1 sshd[27998]: Disconnected from invalid user user 45.61.184.204 port 32958 [preauth]","@timestamp":"2022-09-18T11:00:31.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:47 honeypot-fra-1 sshd[28002]: Disconnected from invalid user user 45.61.184.204 port 56162 [preauth]","@timestamp":"2022-09-18T11:00:47.579Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:00:54 honeypot-ams-1 kernel: [84375434.363336] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49959 PROTO=TCP SPT=58468 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:00:55.014Z"}
{"@timestamp":"2022-09-18T11:03:26.722Z","@version":"1","message":"Sep 18 11:03:26 honeypot-sgp-1 kernel: [84375109.224173] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=61918 DF PROTO=TCP SPT=56904 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:09:14 honeypot-ams-1 kernel: [84375934.174012] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.233 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=2571 PROTO=TCP SPT=59346 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:09:15.236Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:09:47 honeypot-ams-1 kernel: [84375967.459063] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.233 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13169 PROTO=TCP SPT=59346 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:09:48.623Z"}
{"@timestamp":"2022-09-18T11:11:13.928Z","@version":"1","message":"Sep 18 11:11:13 honeypot-sgp-1 sshd[30772]: Disconnected from invalid user teste 92.255.85.69 port 21312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:17:01 honeypot-fra-1 CRON[28008]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T11:17:01.947Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:20:11 honeypot-ams-1 kernel: [84376591.295833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=6619 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:20:11.897Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:21:18 honeypot-ams-1 kernel: [84376658.569512] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=23475 PROTO=TCP SPT=59154 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:21:18.931Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:25:01 honeypot-fra-1 sshd[28012]: Disconnected from authenticating user root 190.128.230.98 port 42478 [preauth]","@timestamp":"2022-09-18T11:25:02.130Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:27:59 honeypot-ams-1 sshd[5680]: Connection closed by invalid user mysql 193.106.191.157 port 38350 [preauth]","@timestamp":"2022-09-18T11:28:00.110Z"}
{"@timestamp":"2022-09-18T11:30:09.401Z","@version":"1","message":"Sep 18 11:30:08 honeypot-sgp-1 sshd[30779]: Invalid user bikeople from 73.203.127.7 port 51952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:34:05 honeypot-fra-1 sshd[28018]: Disconnected from authenticating user root 171.244.140.174 port 21317 [preauth]","@timestamp":"2022-09-18T11:34:06.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:34:18 honeypot-ams-1 sshd[5683]: Disconnected from authenticating user root 103.226.248.61 port 50582 [preauth]","@timestamp":"2022-09-18T11:34:19.278Z"}
{"@timestamp":"2022-09-18T11:35:18.528Z","@version":"1","message":"Sep 18 11:35:17 honeypot-sgp-1 sshd[30783]: Received disconnect from 122.55.75.198 port 27533:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:41:24 honeypot-ams-1 sshd[5688]: Did not receive identification string from 45.61.186.249 port 51778","@timestamp":"2022-09-18T11:41:24.466Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:04 honeypot-ams-1 sshd[5691]: Disconnected from invalid user user 45.61.186.249 port 36110 [preauth]","@timestamp":"2022-09-18T11:42:05.488Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:22 honeypot-ams-1 sshd[5696]: Received disconnect from 87.245.184.58 port 53430:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:42:23.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:25 honeypot-ams-1 sshd[5700]: Received disconnect from 190.202.124.93 port 44416:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:42:25.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:43 honeypot-ams-1 sshd[5704]: Received disconnect from 45.61.186.249 port 54520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:42:43.509Z"}
{"@timestamp":"2022-09-18T11:42:57.713Z","@version":"1","message":"Sep 18 11:42:57 honeypot-sgp-1 sshd[30791]: Received disconnect from 187.35.147.87 port 51730:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:43:12 honeypot-fra-1 sshd[28028]: Received disconnect from 129.146.242.59 port 38892:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:43:13.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:44:15 honeypot-ams-1 kernel: [84378035.217700] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=33050 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:44:15.552Z"}
{"@timestamp":"2022-09-18T11:46:26.802Z","@version":"1","message":"Sep 18 11:46:25 honeypot-sgp-1 kernel: [84377688.858481] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.168.174.238 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=25666 DF PROTO=TCP SPT=37001 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:47:22 honeypot-fra-1 sshd[28033]: Disconnected from authenticating user root 201.48.4.15 port 43072 [preauth]","@timestamp":"2022-09-18T11:47:22.634Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:48:34 honeypot-ams-1 sshd[5713]: Received disconnect from 34.75.26.147 port 38640:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:48:34.670Z"}
{"@timestamp":"2022-09-18T11:48:57.865Z","@version":"1","message":"Sep 18 11:48:57 honeypot-sgp-1 kernel: [84377840.142276] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.89.75.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=1770 PROTO=TCP SPT=40222 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:49:07 honeypot-ams-1 sshd[5717]: Disconnected from invalid user nh 43.155.100.37 port 34076 [preauth]","@timestamp":"2022-09-18T11:49:08.689Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:52:54 honeypot-fra-1 sshd[28042]: Invalid user user1 from 103.188.176.251 port 51830","@timestamp":"2022-09-18T11:52:55.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:44 honeypot-fra-1 sshd[28047]: Invalid user user from 45.61.186.169 port 60684","@timestamp":"2022-09-18T11:53:44.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:00 honeypot-fra-1 sshd[28051]: Invalid user user from 45.61.186.169 port 55342","@timestamp":"2022-09-18T11:54:01.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:17 honeypot-fra-1 sshd[28055]: Invalid user user from 45.61.186.169 port 49988","@timestamp":"2022-09-18T11:54:17.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:56:01 honeypot-fra-1 kernel: [84376569.342909] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=3918 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:56:02.841Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:01:06 honeypot-ams-1 sshd[5721]: Received disconnect from 92.255.85.70 port 49272:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:01:07.012Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:03 honeypot-ams-1 sshd[5727]: Invalid user user from 45.61.187.160 port 53964","@timestamp":"2022-09-18T12:06:04.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:21 honeypot-ams-1 sshd[5731]: Invalid user user from 45.61.187.160 port 48654","@timestamp":"2022-09-18T12:06:21.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:37 honeypot-ams-1 sshd[5735]: Invalid user user from 45.61.187.160 port 43352","@timestamp":"2022-09-18T12:06:38.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:47 honeypot-ams-1 sshd[5739]: Invalid user tester from 67.205.165.12 port 57282","@timestamp":"2022-09-18T12:06:48.168Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:09:09 honeypot-ams-1 kernel: [84379529.018802] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52877 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:09:10.227Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:09:50 honeypot-fra-1 kernel: [84377398.225085] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60627 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:09:51.156Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T12:11:27.410Z","@version":"1","message":"Sep 18 12:11:26 honeypot-sgp-1 kernel: [84379189.512099] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=41.238.141.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=22503 PROTO=TCP SPT=24395 DPT=80 WINDOW=30566 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:13:14 honeypot-ams-1 sshd[5746]: Disconnected from invalid user test 154.61.72.164 port 53106 [preauth]","@timestamp":"2022-09-18T12:13:14.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:17:01 honeypot-ams-1 CRON[5751]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T12:17:02.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:12 honeypot-ams-1 sshd[5757]: Received disconnect from 45.61.186.249 port 35388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:18:13.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:30 honeypot-ams-1 sshd[5761]: Received disconnect from 45.61.186.249 port 58714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:18:30.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:18:34 honeypot-fra-1 sshd[28066]: Invalid user linwei from 165.22.45.108 port 48190","@timestamp":"2022-09-18T12:18:35.357Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:18:47.594Z","@version":"1","message":"Sep 18 12:18:46 honeypot-sgp-1 kernel: [84379629.819893] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=26994 PROTO=TCP SPT=43374 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:48 honeypot-ams-1 sshd[5765]: Received disconnect from 45.61.186.249 port 53806:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:18:49.493Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:05 honeypot-ams-1 sshd[5778]: Invalid user pi from 130.193.40.11 port 52652","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5775]: Invalid user ftp from 130.193.40.11 port 52674","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5790]: Invalid user postgres from 130.193.40.11 port 52656","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5786]: Invalid user testuser from 130.193.40.11 port 52592","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5783]: Connection closed by invalid user admin 130.193.40.11 port 52586 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5789]: Invalid user mysql from 130.193.40.11 port 52648","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5781]: Connection closed by invalid user test 130.193.40.11 port 52646 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5772]: Connection closed by invalid user es 130.193.40.11 port 52594 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5822]: Connection closed by invalid user hadoop 130.193.40.11 port 52670 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:08 honeypot-ams-1 sshd[5830]: Connection closed by authenticating user root 130.193.40.11 port 52708 [preauth]","@timestamp":"2022-09-18T12:20:09.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:21 honeypot-ams-1 sshd[5839]: Disconnected from invalid user mongo 45.20.209.253 port 57784 [preauth]","@timestamp":"2022-09-18T12:20:21.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:25:39 honeypot-fra-1 sshd[28069]: Received disconnect from 143.244.158.100 port 42330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:25:39.518Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:28:17 honeypot-fra-1 sshd[28076]: Received disconnect from 143.244.158.100 port 47682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:28:17.581Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:29:24 honeypot-ams-1 sshd[5846]: Disconnecting authenticating user root 37.116.206.113 port 34913: Too many authentication failures [preauth]","@timestamp":"2022-09-18T12:29:24.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:29:58 honeypot-fra-1 sshd[28082]: Received disconnect from 143.244.158.100 port 49976:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:29:58.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:32:33 honeypot-fra-1 sshd[28089]: Received disconnect from 143.244.158.100 port 41852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:32:33.683Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:34:12 honeypot-fra-1 sshd[28093]: Received disconnect from 143.244.158.100 port 45918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:34:12.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:36:42 honeypot-fra-1 sshd[28100]: Received disconnect from 143.244.158.100 port 55860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:36:43.784Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:38:09 honeypot-ams-1 sshd[5850]: Invalid user support from 104.248.153.95 port 46226","@timestamp":"2022-09-18T12:38:10.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:38:25 honeypot-fra-1 sshd[28106]: Disconnected from authenticating user root 143.244.158.100 port 37044 [preauth]","@timestamp":"2022-09-18T12:38:26.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:30 honeypot-fra-1 sshd[28112]: Connection closed by invalid user admin 137.184.48.78 port 34010 [preauth]","@timestamp":"2022-09-18T12:39:30.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:39:32 honeypot-ams-1 sshd[5854]: Connection closed by 192.241.220.81 port 50462 [preauth]","@timestamp":"2022-09-18T12:39:33.050Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:40:10 honeypot-fra-1 sshd[28118]: Received disconnect from 143.244.158.100 port 42932:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:40:11.870Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:41:24.142Z","@version":"1","message":"Sep 18 12:41:23 honeypot-sgp-1 sshd[30814]: Invalid user eversec from 51.83.45.72 port 54968","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:42:32 honeypot-fra-1 sshd[28125]: Invalid user 12345 from 92.255.85.70 port 47874","@timestamp":"2022-09-18T12:42:32.926Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:42:49.178Z","@version":"1","message":"Sep 18 12:42:48 honeypot-sgp-1 sshd[30820]: Received disconnect from 92.255.85.69 port 56914:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:43:34 honeypot-fra-1 sshd[28129]: Disconnected from authenticating user root 143.244.158.100 port 42452 [preauth]","@timestamp":"2022-09-18T12:43:34.961Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:44:31.222Z","@version":"1","message":"Sep 18 12:44:30 honeypot-sgp-1 sshd[30824]: Invalid user admin from 52.140.206.1 port 1024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:46:06 honeypot-fra-1 sshd[28136]: Disconnected from authenticating user root 143.244.158.100 port 55088 [preauth]","@timestamp":"2022-09-18T12:46:07.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:48:40 honeypot-fra-1 sshd[28143]: Disconnected from authenticating user root 143.244.158.100 port 42332 [preauth]","@timestamp":"2022-09-18T12:48:41.082Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:50:32 honeypot-fra-1 sshd[28147]: Disconnected from authenticating user root 143.244.158.100 port 57104 [preauth]","@timestamp":"2022-09-18T12:50:32.127Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:51:43.399Z","@version":"1","message":"Sep 18 12:51:43 honeypot-sgp-1 sshd[30830]: Received disconnect from 69.49.244.103 port 56424:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:53:07 honeypot-fra-1 sshd[28154]: Disconnected from authenticating user root 143.244.158.100 port 47960 [preauth]","@timestamp":"2022-09-18T12:53:07.196Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:54:08.461Z","@version":"1","message":"Sep 18 12:54:07 honeypot-sgp-1 sshd[30835]: Disconnected from invalid user ubuntu 52.151.24.212 port 52884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:55:39 honeypot-fra-1 sshd[28160]: Disconnected from authenticating user root 143.244.158.100 port 37238 [preauth]","@timestamp":"2022-09-18T12:55:40.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:14 honeypot-fra-1 sshd[28168]: Received disconnect from 143.244.158.100 port 42934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:58:15.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:46 honeypot-fra-1 sshd[28171]: Disconnected from invalid user user 45.61.184.204 port 33192 [preauth]","@timestamp":"2022-09-18T12:58:47.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:06 honeypot-fra-1 sshd[28177]: Invalid user user from 45.61.184.204 port 56314","@timestamp":"2022-09-18T12:59:07.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:24 honeypot-fra-1 sshd[28181]: Invalid user user from 45.61.184.204 port 51236","@timestamp":"2022-09-18T12:59:25.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:34 honeypot-fra-1 sshd[28185]: Disconnected from invalid user user 45.61.184.204 port 34578 [preauth]","@timestamp":"2022-09-18T12:59:35.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:49 honeypot-fra-1 sshd[28189]: Received disconnect from 164.92.183.3 port 55012:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:59:50.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:00:46 honeypot-fra-1 sshd[28193]: Disconnected from authenticating user root 143.244.158.100 port 48284 [preauth]","@timestamp":"2022-09-18T13:00:46.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:02:29 honeypot-fra-1 sshd[28200]: Received disconnect from 143.244.158.100 port 32858:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:02:30.460Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:04:17 honeypot-fra-1 sshd[28206]: Received disconnect from 143.244.158.100 port 57502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:04:17.507Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:04:53 honeypot-ams-1 kernel: [84382872.873173] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=165.227.115.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64026 PROTO=TCP SPT=46233 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:04:53.721Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:05:16 honeypot-fra-1 sshd[28210]: Received disconnect from 185.243.218.76 port 49798:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:05:17.535Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T13:05:27.754Z","@version":"1","message":"Sep 18 13:05:27 honeypot-sgp-1 kernel: [84382430.639445] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.210 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55012 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:06:49 honeypot-fra-1 sshd[28215]: Disconnected from authenticating user root 143.244.158.100 port 38544 [preauth]","@timestamp":"2022-09-18T13:06:49.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:08:32 honeypot-fra-1 sshd[28222]: Disconnected from authenticating user root 143.244.158.100 port 40320 [preauth]","@timestamp":"2022-09-18T13:08:32.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:10:14 honeypot-fra-1 sshd[28228]: Disconnected from 206.81.15.128 port 43714 [preauth]","@timestamp":"2022-09-18T13:10:14.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:11:59 honeypot-fra-1 sshd[28234]: Disconnected from authenticating user root 143.244.158.100 port 50928 [preauth]","@timestamp":"2022-09-18T13:11:59.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:14:20 honeypot-fra-1 sshd[28239]: Disconnected from authenticating user root 128.199.32.98 port 51190 [preauth]","@timestamp":"2022-09-18T13:14:20.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:17:01 honeypot-ams-1 CRON[5868]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T13:17:02.046Z"}
{"@timestamp":"2022-09-18T13:17:02.036Z","@version":"1","message":"Sep 18 13:17:01 honeypot-sgp-1 CRON[30841]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:25:32 honeypot-fra-1 sshd[28247]: Invalid user guest from 92.255.85.70 port 49920","@timestamp":"2022-09-18T13:25:33.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:27:29 honeypot-ams-1 sshd[5876]: Connection closed by invalid user mysql 193.106.191.157 port 59410 [preauth]","@timestamp":"2022-09-18T13:27:29.328Z"}
{"@timestamp":"2022-09-18T13:29:17.327Z","@version":"1","message":"Sep 18 13:29:17 honeypot-sgp-1 sshd[30848]: Disconnected from invalid user edv 178.128.123.42 port 39114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:35:22.476Z","@version":"1","message":"Sep 18 13:35:22 honeypot-sgp-1 kernel: [84384225.211422] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.126 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56286 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:35:40 honeypot-ams-1 sshd[5883]: Invalid user guest from 92.255.85.69 port 60770","@timestamp":"2022-09-18T13:35:41.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:36:06 honeypot-fra-1 kernel: [84382573.541349] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.12 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39301 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:36:07.275Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:42:16 honeypot-ams-1 kernel: [84385115.738072] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.125.52.107 DST=178.62.254.91 LEN=40 TOS=0x18 PREC=0xA0 TTL=55 ID=29381 PROTO=TCP SPT=58468 DPT=443 WINDOW=39444 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:42:16.718Z"}
{"@timestamp":"2022-09-18T13:48:08.787Z","@version":"1","message":"Sep 18 13:48:07 honeypot-sgp-1 sshd[30859]: Bad protocol version identification '\\026\\003\\001' from 143.198.136.88 port 54544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:21.794Z","@version":"1","message":"Sep 18 13:48:20 honeypot-sgp-1 sshd[30866]: Invalid user admin from 210.146.173.28 port 60964","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:42.804Z","@version":"1","message":"Sep 18 13:48:42 honeypot-sgp-1 sshd[30870]: Received disconnect from 45.61.186.249 port 60650:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:01.814Z","@version":"1","message":"Sep 18 13:49:01 honeypot-sgp-1 sshd[30874]: Received disconnect from 45.61.186.249 port 55810:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:19.822Z","@version":"1","message":"Sep 18 13:49:19 honeypot-sgp-1 sshd[30878]: Received disconnect from 45.61.186.249 port 50966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:50:16.849Z","@version":"1","message":"Sep 18 13:50:16 honeypot-sgp-1 kernel: [84385119.708480] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.37.140.92 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=20693 DF PROTO=TCP SPT=46883 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:50:45 honeypot-ams-1 sshd[5894]: Disconnected from authenticating user root 165.232.138.25 port 56304 [preauth]","@timestamp":"2022-09-18T13:50:45.949Z"}
{"@timestamp":"2022-09-18T13:51:24.882Z","@version":"1","message":"Sep 18 13:51:24 honeypot-sgp-1 sshd[30885]: Received disconnect from 45.61.186.249 port 58158:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:42.890Z","@version":"1","message":"Sep 18 13:51:42 honeypot-sgp-1 sshd[30890]: Received disconnect from 45.61.186.249 port 52798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:52:00.900Z","@version":"1","message":"Sep 18 13:52:00 honeypot-sgp-1 sshd[30894]: Invalid user user from 45.61.186.249 port 47438","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:53:18 honeypot-ams-1 sshd[5898]: Invalid user tk from 188.166.53.188 port 41970","@timestamp":"2022-09-18T13:53:19.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:54:30 honeypot-ams-1 sshd[5902]: Invalid user finexa from 189.29.171.10 port 55288","@timestamp":"2022-09-18T13:54:31.057Z"}
{"@timestamp":"2022-09-18T13:55:26.984Z","@version":"1","message":"Sep 18 13:55:26 honeypot-sgp-1 sshd[30899]: Invalid user admin from 203.125.29.136 port 49976","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:01:06 honeypot-ams-1 sshd[5907]: Received disconnect from 190.104.146.136 port 60163:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:01:07.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:01:43 honeypot-fra-1 kernel: [84384111.056429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38268 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:01:44.850Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:04:24.201Z","@version":"1","message":"Sep 18 14:04:23 honeypot-sgp-1 sshd[30903]: Invalid user  from 31.184.198.71 port 5732","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:04:57.218Z","@version":"1","message":"Sep 18 14:04:57 honeypot-sgp-1 sshd[30909]: Invalid user  from 31.184.198.71 port 44768","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:26.233Z","@version":"1","message":"Sep 18 14:05:25 honeypot-sgp-1 sshd[30915]: Invalid user admin from 31.184.198.71 port 27060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:50.247Z","@version":"1","message":"Sep 18 14:05:49 honeypot-sgp-1 sshd[30920]: Disconnecting invalid user admin 31.184.198.71 port 21694: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:30.266Z","@version":"1","message":"Sep 18 14:06:30 honeypot-sgp-1 sshd[30928]: Invalid user 1234 from 31.184.198.71 port 15763","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:53.279Z","@version":"1","message":"Sep 18 14:06:52 honeypot-sgp-1 sshd[30934]: Invalid user  from 31.184.198.71 port 50818","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:24.295Z","@version":"1","message":"Sep 18 14:07:23 honeypot-sgp-1 sshd[30940]: Disconnecting invalid user Admin 31.184.198.71 port 37773: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:52.310Z","@version":"1","message":"Sep 18 14:07:51 honeypot-sgp-1 sshd[30946]: Disconnecting invalid user guest 31.184.198.71 port 25514: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:18.324Z","@version":"1","message":"Sep 18 14:08:18 honeypot-sgp-1 sshd[30952]: Disconnecting invalid user  31.184.198.71 port 29030: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:43.337Z","@version":"1","message":"Sep 18 14:08:43 honeypot-sgp-1 sshd[30958]: Disconnecting invalid user admin 31.184.198.71 port 37458: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:23.357Z","@version":"1","message":"Sep 18 14:09:22 honeypot-sgp-1 sshd[30967]: Invalid user  from 31.184.198.71 port 26559","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:49.371Z","@version":"1","message":"Sep 18 14:09:49 honeypot-sgp-1 sshd[30973]: Invalid user admin from 31.184.198.71 port 15058","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:15.385Z","@version":"1","message":"Sep 18 14:10:14 honeypot-sgp-1 sshd[30979]: Invalid user  from 31.184.198.71 port 4474","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:33.395Z","@version":"1","message":"Sep 18 14:10:33 honeypot-sgp-1 sshd[30985]: Invalid user default from 31.184.198.71 port 57709","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:59.409Z","@version":"1","message":"Sep 18 14:10:58 honeypot-sgp-1 sshd[30991]: Invalid user Administrator from 31.184.198.71 port 44631","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:24.422Z","@version":"1","message":"Sep 18 14:11:24 honeypot-sgp-1 sshd[30997]: Invalid user admin from 31.184.198.71 port 47397","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:03.442Z","@version":"1","message":"Sep 18 14:12:03 honeypot-sgp-1 sshd[31003]: Invalid user comcast from 31.184.198.71 port 49734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:12:16 honeypot-fra-1 sshd[28262]: Invalid user admin from 92.255.85.69 port 48812","@timestamp":"2022-09-18T14:12:16.088Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:12:30.456Z","@version":"1","message":"Sep 18 14:12:29 honeypot-sgp-1 sshd[31009]: Invalid user admin1234 from 31.184.198.71 port 5771","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:59.471Z","@version":"1","message":"Sep 18 14:12:58 honeypot-sgp-1 sshd[31015]: Invalid user admin from 31.184.198.71 port 28720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:25.484Z","@version":"1","message":"Sep 18 14:13:24 honeypot-sgp-1 sshd[31021]: Invalid user blank from 31.184.198.71 port 6865","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:55.501Z","@version":"1","message":"Sep 18 14:13:55 honeypot-sgp-1 sshd[31027]: Disconnecting invalid user airlive 31.184.198.71 port 53336: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:14:14 honeypot-ams-1 kernel: [84387033.965436] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=46799 PROTO=TCP SPT=34984 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:14:14.588Z"}
{"@timestamp":"2022-09-18T14:14:25.516Z","@version":"1","message":"Sep 18 14:14:24 honeypot-sgp-1 sshd[31035]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 63590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:48.529Z","@version":"1","message":"Sep 18 14:14:48 honeypot-sgp-1 sshd[31040]: Disconnecting invalid user Shiko 31.184.198.71 port 21213: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:17.544Z","@version":"1","message":"Sep 18 14:15:17 honeypot-sgp-1 sshd[31046]: Disconnecting invalid user smcadmin 31.184.198.71 port 28559: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:43.556Z","@version":"1","message":"Sep 18 14:15:42 honeypot-sgp-1 sshd[31052]: Disconnecting invalid user highspeed 31.184.198.71 port 62260: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:04.569Z","@version":"1","message":"Sep 18 14:16:04 honeypot-sgp-1 sshd[31059]: Invalid user  from 31.184.198.71 port 31534","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:28.605Z","@version":"1","message":"Sep 18 14:16:28 honeypot-sgp-1 sshd[31065]: Invalid user public from 31.184.198.71 port 10699","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:01.622Z","@version":"1","message":"Sep 18 14:17:01 honeypot-sgp-1 CRON[31073]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:20.633Z","@version":"1","message":"Sep 18 14:17:19 honeypot-sgp-1 sshd[31078]: Disconnecting invalid user user 31.184.198.71 port 18741: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:17:38 honeypot-fra-1 kernel: [84385065.541731] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=5873 PROTO=TCP SPT=21345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:17:39.212Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:17:47.647Z","@version":"1","message":"Sep 18 14:17:47 honeypot-sgp-1 sshd[31085]: Disconnecting invalid user Admin 31.184.198.71 port 31352: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:23.665Z","@version":"1","message":"Sep 18 14:18:23 honeypot-sgp-1 sshd[31091]: Disconnecting invalid user 0 31.184.198.71 port 25421: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:52.679Z","@version":"1","message":"Sep 18 14:18:51 honeypot-sgp-1 sshd[31097]: Disconnecting invalid user admin 31.184.198.71 port 34360: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:20:04.711Z","@version":"1","message":"Sep 18 14:20:04 honeypot-sgp-1 sshd[31104]: Received disconnect from 116.92.213.114 port 34314:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:22:00 honeypot-fra-1 sshd[28273]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:22:00.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:23:14 honeypot-ams-1 sshd[5919]: Invalid user admin from 92.255.85.69 port 50980","@timestamp":"2022-09-18T14:23:14.830Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:23:39 honeypot-fra-1 kernel: [84385426.405055] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:23:40.354Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:26:20 honeypot-fra-1 kernel: [84385587.350817] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:26:20.418Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:31:30 honeypot-fra-1 sshd[28284]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:31:31.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:31:46 honeypot-fra-1 sshd[28289]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:31:47.548Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:33:10 honeypot-ams-1 kernel: [84388169.962056] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.77.96.135 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=29894 DF PROTO=TCP SPT=56673 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:11.093Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:33:28 honeypot-fra-1 kernel: [84386015.026830] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:28.592Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:36:24 honeypot-fra-1 kernel: [84386191.085206] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=5873 PROTO=TCP SPT=21345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:36:24.661Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:38:21.157Z","@version":"1","message":"Sep 18 14:38:20 honeypot-sgp-1 kernel: [84388003.487188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.123.143.250 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=10269 PROTO=TCP SPT=47785 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:41:05 honeypot-fra-1 sshd[28296]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:41:05.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:41:53 honeypot-ams-1 sshd[5924]: Disconnected from invalid user ubnt 128.199.105.99 port 57786 [preauth]","@timestamp":"2022-09-18T14:41:54.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:42:12 honeypot-fra-1 sshd[28301]: Received disconnect from 45.191.91.45 port 40394:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:42:12.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:42:55 honeypot-fra-1 kernel: [84386582.414771] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:42:55.819Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:44:54 honeypot-fra-1 sshd[28307]: Received disconnect from 192.227.174.167 port 38494:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:44:54.866Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:45:26 honeypot-ams-1 sshd[5931]: Invalid user emiliojose from 123.30.249.49 port 37202","@timestamp":"2022-09-18T14:45:26.417Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:45:47 honeypot-fra-1 kernel: [84386754.052987] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:45:47.889Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:46:35 honeypot-ams-1 sshd[5934]: Received disconnect from 79.62.236.130 port 58176:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:46:35.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:47:00 honeypot-ams-1 sshd[5938]: Disconnected from invalid user testserver 43.154.7.110 port 42572 [preauth]","@timestamp":"2022-09-18T14:47:00.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:06 honeypot-fra-1 sshd[28311]: Disconnected from invalid user emiliojose 143.198.200.168 port 51892 [preauth]","@timestamp":"2022-09-18T14:48:06.944Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:20 honeypot-fra-1 sshd[28315]: Disconnected from invalid user user 45.61.187.160 port 49326 [preauth]","@timestamp":"2022-09-18T14:48:20.952Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:40 honeypot-fra-1 sshd[28319]: Received disconnect from 45.61.187.160 port 44058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T14:48:40.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:58 honeypot-fra-1 sshd[28323]: Received disconnect from 45.61.187.160 port 38694:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T14:48:58.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:49:11 honeypot-fra-1 sshd[28327]: Received disconnect from 190.104.25.215 port 56756:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:49:11.997Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:51:02 honeypot-fra-1 sshd[28334]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:51:03.042Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:51:24 honeypot-ams-1 sshd[5943]: Disconnected from invalid user mmmm 89.22.180.184 port 18051 [preauth]","@timestamp":"2022-09-18T14:51:24.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:55:01 honeypot-fra-1 kernel: [84387308.192896] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:55:02.136Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:55:36 honeypot-ams-1 sshd[5947]: Received disconnect from 103.248.25.99 port 48568:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:55:36.696Z"}
{"@timestamp":"2022-09-18T14:55:38.578Z","@version":"1","message":"Sep 18 14:55:38 honeypot-sgp-1 sshd[31116]: Disconnected from invalid user admin 60.10.160.77 port 40902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:57:00 honeypot-ams-1 sshd[5950]: Disconnected from invalid user admin 200.195.162.66 port 56736 [preauth]","@timestamp":"2022-09-18T14:57:01.739Z"}
{"@timestamp":"2022-09-18T14:57:56.636Z","@version":"1","message":"Sep 18 14:57:56 honeypot-sgp-1 sshd[31122]: Received disconnect from 211.252.84.224 port 46850:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:58:40 honeypot-fra-1 sshd[28336]: Invalid user mysql from 193.106.191.157 port 58058","@timestamp":"2022-09-18T14:58:41.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:00:15 honeypot-fra-1 sshd[28339]: Disconnected from invalid user ubnt 92.255.85.70 port 44610 [preauth]","@timestamp":"2022-09-18T15:00:16.281Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:01:16.718Z","@version":"1","message":"Sep 18 15:01:16 honeypot-sgp-1 sshd[31127]: Received disconnect from 60.10.160.73 port 39887:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:01:54 honeypot-fra-1 kernel: [84387721.171983] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:01:54.322Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:03:41 honeypot-fra-1 sshd[28346]: Received disconnect from 165.22.45.108 port 59204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:03:42.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:04:50 honeypot-fra-1 kernel: [84387897.710342] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:04:51.398Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:07:17 honeypot-ams-1 sshd[5955]: Disconnecting invalid user admin 75.72.187.36 port 59313: Too many authentication failures [preauth]","@timestamp":"2022-09-18T15:07:18.017Z"}
{"@timestamp":"2022-09-18T15:08:14.885Z","@version":"1","message":"Sep 18 15:08:14 honeypot-sgp-1 kernel: [84389797.174207] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=32529 DF PROTO=TCP SPT=37162 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:47 honeypot-fra-1 sshd[28352]: Invalid user user from 45.61.186.169 port 34642","@timestamp":"2022-09-18T15:09:48.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:06 honeypot-fra-1 sshd[28357]: Invalid user user from 45.61.186.169 port 57722","@timestamp":"2022-09-18T15:10:06.521Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:23 honeypot-fra-1 sshd[28361]: Invalid user user from 45.61.186.169 port 52576","@timestamp":"2022-09-18T15:10:24.530Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:11:33 honeypot-ams-1 sshd[5962]: Invalid user liams from 67.207.94.180 port 46294","@timestamp":"2022-09-18T15:11:33.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:15:39 honeypot-ams-1 sshd[5966]: Disconnected from authenticating user root 43.254.240.201 port 50473 [preauth]","@timestamp":"2022-09-18T15:15:39.246Z"}
{"@timestamp":"2022-09-18T15:17:02.101Z","@version":"1","message":"Sep 18 15:17:01 honeypot-sgp-1 CRON[31133]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:17:01 honeypot-fra-1 CRON[28366]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T15:17:02.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28378]: Invalid user mc from 103.90.177.102 port 40966","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28372]: Connection closed by invalid user ubuntu 103.90.177.102 port 40976 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28380]: Connection closed by authenticating user root 103.90.177.102 port 40962 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:21:06 honeypot-ams-1 sshd[5974]: Received disconnect from 125.209.85.186 port 42972:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:21:07.392Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:22:08 honeypot-fra-1 kernel: [84388934.989627] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.97 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=7521 PROTO=TCP SPT=25729 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:22:08.796Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:23:48 honeypot-ams-1 sshd[5978]: Invalid user user from 139.59.233.124 port 51736","@timestamp":"2022-09-18T15:23:49.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:26 honeypot-ams-1 sshd[5981]: Disconnected from invalid user user 45.61.186.49 port 47162 [preauth]","@timestamp":"2022-09-18T15:24:26.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:39 honeypot-ams-1 sshd[5985]: Disconnected from invalid user user 45.61.186.49 port 59370 [preauth]","@timestamp":"2022-09-18T15:24:39.488Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:25:13 honeypot-fra-1 sshd[28398]: Disconnected from invalid user admin 145.239.90.216 port 49608 [preauth]","@timestamp":"2022-09-18T15:25:13.866Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:26:14 honeypot-ams-1 sshd[5990]: Disconnected from invalid user web 79.188.52.121 port 53730 [preauth]","@timestamp":"2022-09-18T15:26:15.529Z"}
{"@timestamp":"2022-09-18T15:27:12.346Z","@version":"1","message":"Sep 18 15:27:11 honeypot-sgp-1 sshd[31139]: Received disconnect from 167.99.243.12 port 36104:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:27:47.362Z","@version":"1","message":"Sep 18 15:27:46 honeypot-sgp-1 sshd[31141]: Disconnected from invalid user nac 41.72.219.102 port 56154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:30:33 honeypot-fra-1 sshd[28405]: Received disconnect from 13.72.86.172 port 35680:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:30:33.985Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:31:29 honeypot-ams-1 kernel: [84391669.311068] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=9355 PROTO=TCP SPT=63749 DPT=80 WINDOW=65274 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:31:29.665Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:31:30 honeypot-fra-1 sshd[28409]: Received disconnect from 221.140.2.233 port 43784:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:31:31.008Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:35:10 honeypot-fra-1 sshd[28414]: Disconnected from invalid user admin 200.29.109.224 port 51724 [preauth]","@timestamp":"2022-09-18T15:35:11.093Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:39:00.629Z","@version":"1","message":"Sep 18 15:38:59 honeypot-sgp-1 kernel: [84391642.460267] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54606 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:39:24 honeypot-fra-1 kernel: [84389971.592042] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.152 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=56123 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:39:25.204Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:39:40 honeypot-ams-1 sshd[5999]: Disconnected from invalid user user 45.61.187.160 port 39486 [preauth]","@timestamp":"2022-09-18T15:39:40.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:00 honeypot-ams-1 sshd[6003]: Received disconnect from 45.61.187.160 port 34618:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:40:00.897Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:18 honeypot-ams-1 sshd[6007]: Received disconnect from 45.61.187.160 port 58010:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:40:18.905Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:35 honeypot-ams-1 sshd[6011]: Received disconnect from 45.61.187.160 port 53132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:40:35.913Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:44:30 honeypot-fra-1 sshd[28423]: Disconnected from invalid user test 103.149.158.241 port 3277 [preauth]","@timestamp":"2022-09-18T15:44:31.320Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:45:42.791Z","@version":"1","message":"Sep 18 15:45:42 honeypot-sgp-1 sshd[31154]: Invalid user user from 45.61.186.169 port 46338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:00.800Z","@version":"1","message":"Sep 18 15:46:00 honeypot-sgp-1 sshd[31158]: Invalid user user from 45.61.186.169 port 41366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:17.810Z","@version":"1","message":"Sep 18 15:46:17 honeypot-sgp-1 sshd[31162]: Invalid user user from 45.61.186.169 port 36342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:33.817Z","@version":"1","message":"Sep 18 15:46:33 honeypot-sgp-1 sshd[31166]: Invalid user user from 45.61.186.169 port 59580","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:49:48 honeypot-ams-1 kernel: [84392768.463379] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.204.182.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=65357 PROTO=TCP SPT=40371 DPT=443 WINDOW=12544 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:49:49.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28436]: Invalid user oracle from 45.127.108.132 port 23338","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28428]: Invalid user admin from 45.127.108.132 port 29179","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28456]: Invalid user es from 45.127.108.132 port 18547","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28447]: Invalid user dev from 45.127.108.132 port 56181","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28436]: Connection closed by invalid user oracle 45.127.108.132 port 23338 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28429]: Connection closed by invalid user test 45.127.108.132 port 26344 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28454]: Connection closed by invalid user hadoop 45.127.108.132 port 62827 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28456]: Connection closed by invalid user es 45.127.108.132 port 18547 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28458]: Connection closed by authenticating user root 45.127.108.132 port 47904 [preauth]","@timestamp":"2022-09-18T15:56:16.581Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:57:35.077Z","@version":"1","message":"Sep 18 15:57:34 honeypot-sgp-1 sshd[31172]: Invalid user md from 5.191.253.21 port 52712","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:58:54 honeypot-ams-1 sshd[6019]: Received disconnect from 13.70.39.68 port 55736:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:58:54.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:01:54 honeypot-ams-1 sshd[6024]: Received disconnect from 190.64.68.178 port 4704:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:01:54.476Z"}
{"@timestamp":"2022-09-18T16:08:34.337Z","@version":"1","message":"Sep 18 16:08:34 honeypot-sgp-1 sshd[31178]: Did not receive identification string from 45.61.187.160 port 56194","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:26.361Z","@version":"1","message":"Sep 18 16:09:25 honeypot-sgp-1 sshd[31183]: Received disconnect from 45.61.187.160 port 44972:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:45.370Z","@version":"1","message":"Sep 18 16:09:44 honeypot-sgp-1 sshd[31187]: Received disconnect from 45.61.187.160 port 40428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:10:05.380Z","@version":"1","message":"Sep 18 16:10:04 honeypot-sgp-1 sshd[31191]: Received disconnect from 45.61.187.160 port 35886:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:12 honeypot-ams-1 sshd[6032]: Received disconnect from 182.117.131.146 port 33412:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:13.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:18 honeypot-ams-1 sshd[6036]: Disconnected from authenticating user root 182.117.131.146 port 33814 [preauth]","@timestamp":"2022-09-18T16:10:18.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:23 honeypot-ams-1 sshd[6042]: Received disconnect from 182.117.131.146 port 34000:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:23.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:32 honeypot-ams-1 sshd[6048]: Received disconnect from 182.117.131.146 port 34586:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:32.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:40 honeypot-ams-1 sshd[6054]: Received disconnect from 182.117.131.146 port 35094:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:40.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:49 honeypot-ams-1 sshd[6060]: Received disconnect from 182.117.131.146 port 35630:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:49.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:56 honeypot-ams-1 sshd[6066]: Received disconnect from 182.117.131.146 port 36106:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:57.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:05 honeypot-ams-1 sshd[6072]: Received disconnect from 182.117.131.146 port 36638:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:06.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:14 honeypot-ams-1 sshd[6078]: Received disconnect from 182.117.131.146 port 37002:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:15.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:24 honeypot-ams-1 sshd[6084]: Received disconnect from 182.117.131.146 port 37600:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:24.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:31 honeypot-ams-1 sshd[6090]: Received disconnect from 182.117.131.146 port 38124:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:32.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:40 honeypot-ams-1 sshd[6096]: Received disconnect from 182.117.131.146 port 38630:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:40.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:48 honeypot-ams-1 sshd[6102]: Received disconnect from 182.117.131.146 port 39184:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:49.748Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:54 honeypot-ams-1 sshd[6106]: Received disconnect from 182.117.131.146 port 39476:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:54.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:59 honeypot-ams-1 sshd[6110]: Received disconnect from 182.117.131.146 port 39844:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:00.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:07 honeypot-ams-1 sshd[6114]: Received disconnect from 182.117.131.146 port 40262:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:08.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:13 honeypot-ams-1 sshd[6118]: Received disconnect from 182.117.131.146 port 40604:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:13.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:20 honeypot-ams-1 sshd[6122]: Received disconnect from 182.117.131.146 port 41048:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:20.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:28 honeypot-ams-1 sshd[6126]: Disconnected from authenticating user root 182.117.131.146 port 41366 [preauth]","@timestamp":"2022-09-18T16:12:28.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:37 honeypot-ams-1 sshd[6132]: Invalid user pi from 182.117.131.146 port 42122","@timestamp":"2022-09-18T16:12:37.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:42 honeypot-ams-1 sshd[6136]: Invalid user ethos from 182.117.131.146 port 42418","@timestamp":"2022-09-18T16:12:42.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:48 honeypot-ams-1 sshd[6140]: Invalid user miner from 182.117.131.146 port 42864","@timestamp":"2022-09-18T16:12:49.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:56 honeypot-ams-1 sshd[6144]: Invalid user volumio from 182.117.131.146 port 43128","@timestamp":"2022-09-18T16:12:56.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:02 honeypot-ams-1 sshd[6148]: Invalid user nagios from 182.117.131.146 port 43612","@timestamp":"2022-09-18T16:13:02.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:07 honeypot-ams-1 sshd[6152]: Invalid user vagrant from 182.117.131.146 port 43964","@timestamp":"2022-09-18T16:13:07.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:12 honeypot-ams-1 sshd[6156]: Invalid user debian from 182.117.131.146 port 44212","@timestamp":"2022-09-18T16:13:13.799Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:13:15 honeypot-fra-1 sshd[28497]: Received disconnect from 61.177.172.104 port 40129:11:  [preauth]","@timestamp":"2022-09-18T16:13:15.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:19 honeypot-ams-1 sshd[6160]: Invalid user debian from 182.117.131.146 port 44608","@timestamp":"2022-09-18T16:13:19.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:26 honeypot-ams-1 sshd[6164]: Invalid user alarm from 182.117.131.146 port 44906","@timestamp":"2022-09-18T16:13:26.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:32 honeypot-ams-1 sshd[6168]: Invalid user test from 182.117.131.146 port 45350","@timestamp":"2022-09-18T16:13:32.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:37 honeypot-ams-1 sshd[6172]: Invalid user cirros from 182.117.131.146 port 45696","@timestamp":"2022-09-18T16:13:38.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:14:41 honeypot-ams-1 sshd[6176]: Connection closed by invalid user pi 76.28.20.79 port 50138 [preauth]","@timestamp":"2022-09-18T16:14:41.843Z"}
{"@timestamp":"2022-09-18T16:16:06.527Z","@version":"1","message":"Sep 18 16:16:06 honeypot-sgp-1 kernel: [84393868.953739] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.248.207.141 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=35834 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:17:01 honeypot-ams-1 CRON[6181]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T16:17:01.907Z"}
{"@timestamp":"2022-09-18T16:22:52.694Z","@version":"1","message":"Sep 18 16:22:52 honeypot-sgp-1 sshd[31205]: Disconnected from authenticating user root 61.177.172.108 port 33779 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:22:53 honeypot-fra-1 sshd[28505]: Invalid user steam from 141.98.10.158 port 39682","@timestamp":"2022-09-18T16:22:54.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:24:47 honeypot-fra-1 sshd[28509]: Disconnected from invalid user admin 92.255.85.70 port 58960 [preauth]","@timestamp":"2022-09-18T16:24:47.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:25:36 honeypot-fra-1 sshd[28517]: Disconnected from authenticating user root 61.177.172.108 port 27260 [preauth]","@timestamp":"2022-09-18T16:25:37.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:26:58 honeypot-ams-1 sshd[6187]: Disconnected from authenticating user root 143.244.158.100 port 34226 [preauth]","@timestamp":"2022-09-18T16:26:59.184Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:29:53 honeypot-ams-1 sshd[6194]: Received disconnect from 143.244.158.100 port 53480:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:29:54.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:30:33 honeypot-fra-1 kernel: [84393039.899922] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=47.90.203.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=2399 PROTO=TCP SPT=58576 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:30:33.379Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:32:25 honeypot-ams-1 sshd[6200]: Received disconnect from 143.244.158.100 port 51250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:32:26.331Z"}
{"@timestamp":"2022-09-18T16:33:53.960Z","@version":"1","message":"Sep 18 16:33:53 honeypot-sgp-1 sshd[31212]: Received disconnect from 92.255.85.69 port 31786:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:34:53 honeypot-ams-1 sshd[6208]: Did not receive identification string from 117.173.165.22 port 40709","@timestamp":"2022-09-18T16:34:54.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:36:45 honeypot-ams-1 sshd[6213]: Disconnected from authenticating user root 143.244.158.100 port 45286 [preauth]","@timestamp":"2022-09-18T16:36:46.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:38:16 honeypot-fra-1 sshd[28531]: Invalid user admin from 45.120.216.114 port 57090","@timestamp":"2022-09-18T16:38:17.556Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:39:16 honeypot-ams-1 sshd[6220]: Received disconnect from 143.244.158.100 port 33600:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:39:16.512Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:40:58 honeypot-fra-1 sshd[28533]: Disconnected from invalid user administrator 147.182.169.107 port 34514 [preauth]","@timestamp":"2022-09-18T16:40:58.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:41:01 honeypot-ams-1 sshd[6226]: Invalid user admin from 92.255.85.70 port 52112","@timestamp":"2022-09-18T16:41:02.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:41:56 honeypot-ams-1 sshd[6230]: Received disconnect from 143.244.158.100 port 45994:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:41:57.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:43:40 honeypot-ams-1 sshd[6237]: Received disconnect from 143.244.158.100 port 57330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:43:40.631Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:44:12 honeypot-fra-1 sshd[28540]: Connection closed by invalid user test 103.188.176.251 port 46814 [preauth]","@timestamp":"2022-09-18T16:44:12.699Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:45:52 honeypot-ams-1 sshd[6243]: Did not receive identification string from 45.61.184.204 port 41610","@timestamp":"2022-09-18T16:45:52.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:38 honeypot-ams-1 sshd[6248]: Invalid user user from 45.61.184.204 port 39248","@timestamp":"2022-09-18T16:46:39.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:57 honeypot-ams-1 sshd[6252]: Invalid user user from 45.61.184.204 port 34450","@timestamp":"2022-09-18T16:46:58.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:16 honeypot-ams-1 sshd[6256]: Invalid user user from 45.61.184.204 port 57880","@timestamp":"2022-09-18T16:47:16.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:27 honeypot-ams-1 sshd[6260]: Received disconnect from 143.244.158.100 port 51498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:47:27.730Z"}
{"@timestamp":"2022-09-18T16:47:49.295Z","@version":"1","message":"Sep 18 16:47:48 honeypot-sgp-1 sshd[31223]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28554]: Connection closed by invalid user www 139.59.152.202 port 44004 [preauth]","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28568]: Invalid user oracle from 139.59.152.202 port 44058","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28560]: Invalid user web from 139.59.152.202 port 44018","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28545]: Connection closed by authenticating user root 139.59.152.202 port 43828 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28558]: Connection closed by invalid user steam 139.59.152.202 port 44014 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28563]: Connection closed by invalid user spark 139.59.152.202 port 44026 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28551]: Connection closed by invalid user test 139.59.152.202 port 43996 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:50:06 honeypot-ams-1 sshd[6267]: Received disconnect from 143.244.158.100 port 58836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:50:06.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:50 honeypot-ams-1 sshd[6272]: Received disconnect from 45.61.186.249 port 43048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:51:50.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:59 honeypot-ams-1 sshd[6276]: Disconnected from invalid user user 45.61.186.249 port 54786 [preauth]","@timestamp":"2022-09-18T16:51:59.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:17 honeypot-ams-1 sshd[6280]: Disconnected from invalid user user 45.61.186.249 port 49990 [preauth]","@timestamp":"2022-09-18T16:52:17.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:35 honeypot-ams-1 sshd[6284]: Disconnected from invalid user user 45.61.186.249 port 45190 [preauth]","@timestamp":"2022-09-18T16:52:35.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:53:42 honeypot-ams-1 sshd[6290]: Received disconnect from 143.244.158.100 port 44022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:53:42.908Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:54:45 honeypot-ams-1 sshd[6295]: Disconnected from invalid user wt 200.166.96.4 port 41496 [preauth]","@timestamp":"2022-09-18T16:54:45.938Z"}
{"@timestamp":"2022-09-18T16:56:07.495Z","@version":"1","message":"Sep 18 16:56:06 honeypot-sgp-1 sshd[31229]: Disconnected from invalid user my 202.58.205.75 port 47408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:57:28 honeypot-ams-1 sshd[6301]: Disconnected from authenticating user root 143.244.158.100 port 58856 [preauth]","@timestamp":"2022-09-18T16:57:29.012Z"}
{"@timestamp":"2022-09-18T16:57:43.537Z","@version":"1","message":"Sep 18 16:57:43 honeypot-sgp-1 kernel: [84396365.996540] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=33904 PROTO=TCP SPT=42431 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:00:15 honeypot-ams-1 sshd[6308]: Received disconnect from 143.244.158.100 port 59754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:00:16.090Z"}
{"@timestamp":"2022-09-18T17:01:56.641Z","@version":"1","message":"Sep 18 17:01:56 honeypot-sgp-1 sshd[31241]: Disconnected from invalid user admin 146.190.31.94 port 34406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:02:48 honeypot-fra-1 kernel: [84394974.921617] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.18.220 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4616 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:02:49.130Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:02:58 honeypot-ams-1 sshd[6314]: Received disconnect from 143.244.158.100 port 44634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:02:59.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:04:51 honeypot-ams-1 sshd[6318]: Disconnected from authenticating user root 143.244.158.100 port 48722 [preauth]","@timestamp":"2022-09-18T17:04:52.219Z"}
{"@timestamp":"2022-09-18T17:06:11.743Z","@version":"1","message":"Sep 18 17:06:11 honeypot-sgp-1 kernel: [84396874.226203] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.110 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=48766 PROTO=TCP SPT=28727 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:06:53 honeypot-fra-1 sshd[28607]: Invalid user dba from 20.87.45.109 port 56450","@timestamp":"2022-09-18T17:06:54.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:07:33 honeypot-ams-1 sshd[6325]: Disconnected from authenticating user root 143.244.158.100 port 37682 [preauth]","@timestamp":"2022-09-18T17:07:33.294Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:07:49 honeypot-fra-1 sshd[28611]: Disconnected from authenticating user root 125.164.62.7 port 49958 [preauth]","@timestamp":"2022-09-18T17:07:50.246Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:09:16 honeypot-ams-1 sshd[6332]: Disconnected from authenticating user root 143.244.158.100 port 40648 [preauth]","@timestamp":"2022-09-18T17:09:17.344Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:10:09 honeypot-fra-1 kernel: [84395415.919012] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=55871 PROTO=TCP SPT=42431 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:10:09.300Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:11:09 honeypot-ams-1 sshd[6339]: Disconnected from 159.223.164.107 port 48952 [preauth]","@timestamp":"2022-09-18T17:11:10.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:12:49 honeypot-ams-1 sshd[6345]: Disconnected from authenticating user root 143.244.158.100 port 57620 [preauth]","@timestamp":"2022-09-18T17:12:49.443Z"}
{"@timestamp":"2022-09-18T17:13:04.908Z","@version":"1","message":"Sep 18 17:13:04 honeypot-sgp-1 sshd[31257]: Received disconnect from 61.177.173.35 port 34849:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:14:38.948Z","@version":"1","message":"Sep 18 17:14:38 honeypot-sgp-1 sshd[31260]: Disconnected from authenticating user root 61.177.173.51 port 32304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:15:24 honeypot-ams-1 sshd[6351]: Disconnected from authenticating user root 143.244.158.100 port 59492 [preauth]","@timestamp":"2022-09-18T17:15:25.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28649]: Invalid user oracle from 24.213.148.68 port 38020","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28637]: Invalid user user from 24.213.148.68 port 38036","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28650]: Invalid user oracle from 24.213.148.68 port 38026","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28638]: Invalid user mysql from 24.213.148.68 port 37968","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28649]: Connection closed by invalid user oracle 24.213.148.68 port 38020 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28634]: Connection closed by invalid user admin 24.213.148.68 port 37982 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28650]: Connection closed by invalid user oracle 24.213.148.68 port 38026 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28629]: Connection closed by invalid user ubuntu 24.213.148.68 port 37972 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28655]: Invalid user elasticsearch from 24.213.148.68 port 38016","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28657]: Connection closed by invalid user es 24.213.148.68 port 38004 [preauth]","@timestamp":"2022-09-18T17:16:15.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:17:23 honeypot-fra-1 sshd[28692]: Received disconnect from 92.255.85.70 port 23236:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:17:24.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:20:09 honeypot-ams-1 sshd[6359]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-18T17:20:10.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:21:29 honeypot-fra-1 kernel: [84396095.815886] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.97.187.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=34931 PROTO=TCP SPT=61953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:21:29.563Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:27:13 honeypot-ams-1 sshd[6363]: Connection closed by invalid user postgres 193.106.191.157 port 45500 [preauth]","@timestamp":"2022-09-18T17:27:13.822Z"}
{"@timestamp":"2022-09-18T17:27:17.250Z","@version":"1","message":"Sep 18 17:27:17 honeypot-sgp-1 sshd[31270]: Invalid user admin from 118.70.81.109 port 5706","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:30:27.330Z","@version":"1","message":"Sep 18 17:30:27 honeypot-sgp-1 sshd[31277]: Received disconnect from 92.255.85.70 port 26244:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:34:19 honeypot-fra-1 sshd[28709]: Disconnected from authenticating user root 61.177.173.51 port 21165 [preauth]","@timestamp":"2022-09-18T17:34:20.848Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:35:14 honeypot-ams-1 sshd[6368]: Invalid user prueba from 92.255.85.69 port 48814","@timestamp":"2022-09-18T17:35:15.035Z"}
{"@timestamp":"2022-09-18T17:41:23.589Z","@version":"1","message":"Sep 18 17:41:22 honeypot-sgp-1 sshd[31284]: Disconnected from authenticating user root 61.177.173.36 port 42728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:48:57.799Z","@version":"1","message":"Sep 18 17:48:57 honeypot-sgp-1 sshd[31296]: Invalid user user from 179.43.145.98 port 54562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:51:12.853Z","@version":"1","message":"Sep 18 17:51:12 honeypot-sgp-1 kernel: [84399574.789976] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.53 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59181 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:51:25 honeypot-fra-1 sshd[28720]: Invalid user litvak1 from 165.22.45.108 port 42034","@timestamp":"2022-09-18T17:51:26.229Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:57:57.017Z","@version":"1","message":"Sep 18 17:57:57 honeypot-sgp-1 kernel: [84399979.649240] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=50714 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:00:06 honeypot-ams-1 kernel: [84400586.258345] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=217.93.247.233 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=15686 PROTO=TCP SPT=58137 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:00:07.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:02:04 honeypot-fra-1 kernel: [84398531.231943] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=50576 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:02:05.460Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:07:31 honeypot-ams-1 sshd[6374]: Received disconnect from 20.195.224.231 port 52974:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:07:31.869Z"}
{"@timestamp":"2022-09-18T18:10:19.315Z","@version":"1","message":"Sep 18 18:10:18 honeypot-sgp-1 kernel: [84400721.418318] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49538 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:10:20 honeypot-ams-1 sshd[6378]: Invalid user ztt from 51.83.131.123 port 45296","@timestamp":"2022-09-18T18:10:20.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:13:36 honeypot-fra-1 sshd[28738]: Invalid user d6nw5v1x2pc7st9m from 91.240.118.222 port 36099","@timestamp":"2022-09-18T18:13:36.746Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:14:05.410Z","@version":"1","message":"Sep 18 18:14:04 honeypot-sgp-1 sshd[31317]: Invalid user admin from 165.232.158.22 port 36578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:14:38.425Z","@version":"1","message":"Sep 18 18:14:37 honeypot-sgp-1 sshd[31323]: Received disconnect from 66.70.208.241 port 34810:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:15:00 honeypot-fra-1 kernel: [84399306.929502] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.171.3.179 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=58401 DF PROTO=TCP SPT=34220 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:15:00.784Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:16:50 honeypot-ams-1 kernel: [84401589.785986] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=150.255.252.56 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=54546 PROTO=TCP SPT=1293 DPT=80 WINDOW=51894 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:16:51.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:17:59 honeypot-fra-1 sshd[28744]: Received disconnect from 134.17.16.92 port 35477:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:17:59.856Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:18:12 honeypot-ams-1 sshd[6386]: Disconnected from invalid user pi 92.255.85.69 port 44198 [preauth]","@timestamp":"2022-09-18T18:18:13.156Z"}
{"@timestamp":"2022-09-18T18:18:19.514Z","@version":"1","message":"Sep 18 18:18:18 honeypot-sgp-1 sshd[31328]: Received disconnect from 182.23.67.49 port 47348:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:20:22 honeypot-fra-1 sshd[28748]: Received disconnect from 62.204.41.222 port 23535:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-18T18:20:22.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:21:59.602Z","@version":"1","message":"Sep 18 18:21:59 honeypot-sgp-1 sshd[31333]: Connection reset by 61.177.173.39 port 44883 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:23:19 honeypot-fra-1 sshd[28759]: Disconnected from 204.48.30.72 port 43652 [preauth]","@timestamp":"2022-09-18T18:23:19.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:34 honeypot-fra-1 sshd[28776]: Invalid user test from 183.146.30.163 port 33544","@timestamp":"2022-09-18T18:24:35.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28771]: Connection closed by invalid user ansible 183.146.30.163 port 33533 [preauth]","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28762]: Connection closed by authenticating user root 183.146.30.163 port 33480 [preauth]","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28770]: Connection closed by authenticating user root 183.146.30.163 port 33478 [preauth]","@timestamp":"2022-09-18T18:24:37.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:37 honeypot-fra-1 sshd[28767]: Connection closed by invalid user git 183.146.30.163 port 33484 [preauth]","@timestamp":"2022-09-18T18:24:38.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:55 honeypot-fra-1 sshd[28779]: Invalid user ubuntu from 183.146.30.163 port 33512","@timestamp":"2022-09-18T18:24:56.025Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28825]: Invalid user zabbix from 130.193.40.11 port 33004","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28817]: Invalid user mysql from 130.193.40.11 port 32956","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28819]: Connection closed by invalid user admin 130.193.40.11 port 32938 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28827]: Invalid user ubuntu from 130.193.40.11 port 32960","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28828]: Connection closed by invalid user ftp 130.193.40.11 port 33024 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28817]: Connection closed by invalid user mysql 130.193.40.11 port 32956 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28864]: Received disconnect from 61.177.172.19 port 36402:11:  [preauth]","@timestamp":"2022-09-18T18:25:18.035Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28863]: Connection closed by invalid user testuser 130.193.40.11 port 33084 [preauth]","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:26:09 honeypot-fra-1 sshd[28869]: Invalid user ansible from 183.146.30.163 port 33518","@timestamp":"2022-09-18T18:26:10.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:33:37 honeypot-fra-1 sshd[28879]: Received disconnect from 61.177.172.114 port 58169:11:  [preauth]","@timestamp":"2022-09-18T18:33:38.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:34:42 honeypot-ams-1 sshd[6394]: Received disconnect from 159.65.98.176 port 42784:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:34:42.610Z"}
{"@timestamp":"2022-09-18T18:35:27.940Z","@version":"1","message":"Sep 18 18:35:27 honeypot-sgp-1 sshd[31351]: Disconnected from authenticating user root 61.177.173.47 port 56736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:38:29 honeypot-fra-1 kernel: [84400715.958849] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.36 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43068 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:38:30.346Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:46:31.218Z","@version":"1","message":"Sep 18 18:46:30 honeypot-sgp-1 sshd[31362]: Disconnected from invalid user admin 160.251.55.50 port 60596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:49:27.290Z","@version":"1","message":"Sep 18 18:49:26 honeypot-sgp-1 sshd[31369]: Invalid user admin from 124.160.96.249 port 24237","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:49:52 honeypot-fra-1 kernel: [84401398.943135] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.151.174.127 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x40 TTL=248 ID=63142 DF PROTO=TCP SPT=26736 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:49:52.623Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:53:09.403Z","@version":"1","message":"Sep 18 18:53:08 honeypot-sgp-1 sshd[31374]: Invalid user temp from 178.18.206.83 port 57874","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:53:34.415Z","@version":"1","message":"Sep 18 18:53:34 honeypot-sgp-1 sshd[31378]: Disconnected from 204.48.30.72 port 33278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:53:50 honeypot-ams-1 kernel: [84403809.925976] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=58935 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:53:51.112Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:02 honeypot-fra-1 sshd[28893]: Did not receive identification string from 45.61.184.204 port 33062","@timestamp":"2022-09-18T18:56:02.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:25 honeypot-fra-1 sshd[28894]: Disconnected from invalid user admin 92.255.85.69 port 63608 [preauth]","@timestamp":"2022-09-18T18:56:25.777Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:56:33.487Z","@version":"1","message":"Sep 18 18:56:33 honeypot-sgp-1 sshd[31383]: Disconnected from invalid user liangbin 59.19.54.171 port 51118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:41 honeypot-fra-1 sshd[28900]: Disconnected from invalid user user 45.61.184.204 port 40770 [preauth]","@timestamp":"2022-09-18T18:56:41.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:01 honeypot-fra-1 sshd[28904]: Disconnected from invalid user user 45.61.184.204 port 36294 [preauth]","@timestamp":"2022-09-18T18:57:01.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:20 honeypot-fra-1 sshd[28908]: Disconnected from invalid user user 45.61.184.204 port 60056 [preauth]","@timestamp":"2022-09-18T18:57:20.802Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:58:51.544Z","@version":"1","message":"Sep 18 18:58:50 honeypot-sgp-1 kernel: [84403633.511498] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=108.61.87.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=50854 PROTO=TCP SPT=47405 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:00:26 honeypot-ams-1 kernel: [84404205.941089] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.61.87.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51800 PROTO=TCP SPT=47405 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:00:27.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:01:40 honeypot-fra-1 kernel: [84402106.800234] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.56.103.21 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59943 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:01:40.903Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T19:03:41.658Z","@version":"1","message":"Sep 18 19:03:41 honeypot-sgp-1 sshd[31394]: Disconnected from invalid user oracle 118.34.14.126 port 50636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:05:51 honeypot-ams-1 sshd[6406]: Invalid user dev from 103.188.176.251 port 40102","@timestamp":"2022-09-18T19:05:52.438Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:09:18 honeypot-ams-1 kernel: [84404738.460464] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.48.122.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=447 PROTO=TCP SPT=49584 DPT=80 WINDOW=38518 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:09:19.531Z"}
{"@timestamp":"2022-09-18T19:14:06.917Z","@version":"1","message":"Sep 18 19:14:06 honeypot-sgp-1 sshd[31404]: Received disconnect from 61.177.173.36 port 44173:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:14:13 honeypot-ams-1 sshd[6414]: Connection closed by invalid user postgres 193.106.191.157 port 56684 [preauth]","@timestamp":"2022-09-18T19:14:13.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:16:23 honeypot-fra-1 kernel: [84402990.090873] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=46864 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:16:24.238Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:17:52 honeypot-ams-1 sshd[6421]: Received disconnect from 119.5.157.124 port 13633:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:17:52.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:18:30 honeypot-ams-1 sshd[6425]: Disconnected from invalid user loice 34.64.215.4 port 43162 [preauth]","@timestamp":"2022-09-18T19:18:30.780Z"}
{"@timestamp":"2022-09-18T19:21:52.097Z","@version":"1","message":"Sep 18 19:21:51 honeypot-sgp-1 kernel: [84405013.855582] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=37784 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:23:41 honeypot-ams-1 sshd[6431]: Disconnected from authenticating user root 138.197.19.166 port 54466 [preauth]","@timestamp":"2022-09-18T19:23:41.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:26:24 honeypot-fra-1 sshd[28942]: Received disconnect from 165.22.45.108 port 47724:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:26:25.467Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:27:13.222Z","@version":"1","message":"Sep 18 19:27:12 honeypot-sgp-1 kernel: [84405335.288061] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50673 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:25 honeypot-fra-1 sshd[28954]: Connection closed by authenticating user root 13.126.217.41 port 33810 [preauth]","@timestamp":"2022-09-18T19:27:25.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:30 honeypot-fra-1 sshd[28966]: Connection closed by authenticating user root 13.126.217.41 port 40212 [preauth]","@timestamp":"2022-09-18T19:27:30.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:36 honeypot-fra-1 sshd[28978]: Connection closed by authenticating user root 13.126.217.41 port 46404 [preauth]","@timestamp":"2022-09-18T19:27:36.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:42 honeypot-fra-1 sshd[28990]: Connection closed by authenticating user root 13.126.217.41 port 53372 [preauth]","@timestamp":"2022-09-18T19:27:42.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:47 honeypot-fra-1 sshd[29002]: Connection closed by authenticating user root 13.126.217.41 port 59722 [preauth]","@timestamp":"2022-09-18T19:27:48.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:53 honeypot-fra-1 sshd[29014]: Connection closed by authenticating user root 13.126.217.41 port 37828 [preauth]","@timestamp":"2022-09-18T19:27:53.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:58 honeypot-fra-1 sshd[29026]: Connection closed by authenticating user root 13.126.217.41 port 44226 [preauth]","@timestamp":"2022-09-18T19:27:59.515Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:28:00 honeypot-ams-1 sshd[6434]: Disconnected from authenticating user root 89.22.67.66 port 56476 [preauth]","@timestamp":"2022-09-18T19:28:00.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:04 honeypot-fra-1 sshd[29038]: Connection closed by authenticating user root 13.126.217.41 port 50408 [preauth]","@timestamp":"2022-09-18T19:28:05.519Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:28:06.245Z","@version":"1","message":"Sep 18 19:28:05 honeypot-sgp-1 sshd[31420]: Disconnected from invalid user rizon 43.130.40.251 port 54698 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:10 honeypot-fra-1 sshd[29050]: Connection closed by authenticating user root 13.126.217.41 port 56924 [preauth]","@timestamp":"2022-09-18T19:28:10.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:15 honeypot-fra-1 sshd[29062]: Connection closed by authenticating user root 13.126.217.41 port 34816 [preauth]","@timestamp":"2022-09-18T19:28:16.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:21 honeypot-fra-1 sshd[29074]: Connection closed by authenticating user root 13.126.217.41 port 41166 [preauth]","@timestamp":"2022-09-18T19:28:22.531Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:27 honeypot-fra-1 sshd[29086]: Connection closed by authenticating user root 13.126.217.41 port 47448 [preauth]","@timestamp":"2022-09-18T19:28:27.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:31 honeypot-fra-1 sshd[29096]: Connection closed by authenticating user root 13.126.217.41 port 53202 [preauth]","@timestamp":"2022-09-18T19:28:32.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:37 honeypot-fra-1 sshd[29108]: Connection closed by authenticating user root 13.126.217.41 port 59222 [preauth]","@timestamp":"2022-09-18T19:28:37.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:40 honeypot-fra-1 sshd[29114]: Connection closed by invalid user user 13.126.217.41 port 34228 [preauth]","@timestamp":"2022-09-18T19:28:40.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:42 honeypot-fra-1 sshd[29120]: Connection closed by invalid user user 13.126.217.41 port 37346 [preauth]","@timestamp":"2022-09-18T19:28:43.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:45 honeypot-fra-1 sshd[29126]: Connection closed by invalid user user 13.126.217.41 port 40332 [preauth]","@timestamp":"2022-09-18T19:28:46.546Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:48 honeypot-fra-1 sshd[29132]: Connection closed by invalid user user 13.126.217.41 port 43484 [preauth]","@timestamp":"2022-09-18T19:28:49.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:51 honeypot-fra-1 sshd[29138]: Connection closed by invalid user user 13.126.217.41 port 46576 [preauth]","@timestamp":"2022-09-18T19:28:51.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:54 honeypot-fra-1 sshd[29144]: Connection closed by invalid user user 13.126.217.41 port 49660 [preauth]","@timestamp":"2022-09-18T19:28:54.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:56 honeypot-fra-1 sshd[29150]: Connection closed by invalid user user 13.126.217.41 port 52622 [preauth]","@timestamp":"2022-09-18T19:28:57.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:59 honeypot-fra-1 sshd[29156]: Connection closed by invalid user user 13.126.217.41 port 55694 [preauth]","@timestamp":"2022-09-18T19:29:00.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:02 honeypot-fra-1 sshd[29162]: Connection closed by invalid user user 13.126.217.41 port 58862 [preauth]","@timestamp":"2022-09-18T19:29:02.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:05 honeypot-fra-1 sshd[29168]: Connection closed by invalid user user 13.126.217.41 port 33508 [preauth]","@timestamp":"2022-09-18T19:29:05.559Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:08 honeypot-fra-1 sshd[29174]: Connection closed by invalid user user 13.126.217.41 port 36730 [preauth]","@timestamp":"2022-09-18T19:29:08.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:10 honeypot-fra-1 sshd[29180]: Connection closed by invalid user user 13.126.217.41 port 39736 [preauth]","@timestamp":"2022-09-18T19:29:11.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:13 honeypot-fra-1 sshd[29186]: Connection closed by invalid user user 13.126.217.41 port 42970 [preauth]","@timestamp":"2022-09-18T19:29:14.565Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:16 honeypot-fra-1 sshd[29192]: Connection closed by invalid user user 13.126.217.41 port 46030 [preauth]","@timestamp":"2022-09-18T19:29:16.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:19 honeypot-fra-1 sshd[29198]: Connection closed by invalid user user 13.126.217.41 port 49076 [preauth]","@timestamp":"2022-09-18T19:29:19.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:21 honeypot-fra-1 sshd[29204]: Connection closed by invalid user user 13.126.217.41 port 52182 [preauth]","@timestamp":"2022-09-18T19:29:22.570Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:24 honeypot-fra-1 sshd[29210]: Connection closed by invalid user user 13.126.217.41 port 55132 [preauth]","@timestamp":"2022-09-18T19:29:25.572Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:27 honeypot-fra-1 sshd[29216]: Connection closed by invalid user user 13.126.217.41 port 58076 [preauth]","@timestamp":"2022-09-18T19:29:27.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:30 honeypot-fra-1 sshd[29222]: Connection closed by invalid user user 13.126.217.41 port 32898 [preauth]","@timestamp":"2022-09-18T19:29:30.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:32 honeypot-fra-1 sshd[29228]: Connection closed by invalid user user 13.126.217.41 port 35980 [preauth]","@timestamp":"2022-09-18T19:29:33.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:35 honeypot-fra-1 sshd[29234]: Connection closed by invalid user user 13.126.217.41 port 39034 [preauth]","@timestamp":"2022-09-18T19:29:36.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:38 honeypot-fra-1 sshd[29240]: Connection closed by invalid user user 13.126.217.41 port 42056 [preauth]","@timestamp":"2022-09-18T19:29:38.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:41 honeypot-fra-1 sshd[29246]: Connection closed by invalid user user 13.126.217.41 port 44904 [preauth]","@timestamp":"2022-09-18T19:29:41.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:43 honeypot-fra-1 sshd[29252]: Connection closed by invalid user user 13.126.217.41 port 47976 [preauth]","@timestamp":"2022-09-18T19:29:44.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:46 honeypot-fra-1 sshd[29258]: Connection closed by invalid user user 13.126.217.41 port 51016 [preauth]","@timestamp":"2022-09-18T19:29:47.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:49 honeypot-fra-1 sshd[29264]: Connection closed by invalid user user 13.126.217.41 port 54072 [preauth]","@timestamp":"2022-09-18T19:29:49.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:52 honeypot-fra-1 sshd[29270]: Connection closed by invalid user user 13.126.217.41 port 57078 [preauth]","@timestamp":"2022-09-18T19:29:52.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:54 honeypot-fra-1 sshd[29276]: Connection closed by invalid user ubuntu 13.126.217.41 port 59924 [preauth]","@timestamp":"2022-09-18T19:29:55.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:57 honeypot-fra-1 sshd[29282]: Connection closed by invalid user ubuntu 13.126.217.41 port 34664 [preauth]","@timestamp":"2022-09-18T19:29:58.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:00 honeypot-fra-1 sshd[29288]: Connection closed by invalid user ubuntu 13.126.217.41 port 37590 [preauth]","@timestamp":"2022-09-18T19:30:00.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:03 honeypot-fra-1 sshd[29294]: Connection closed by invalid user ubuntu 13.126.217.41 port 40432 [preauth]","@timestamp":"2022-09-18T19:30:03.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:05 honeypot-fra-1 sshd[29300]: Connection closed by invalid user ubuntu 13.126.217.41 port 43428 [preauth]","@timestamp":"2022-09-18T19:30:06.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:08 honeypot-fra-1 sshd[29306]: Connection closed by invalid user ubuntu 13.126.217.41 port 46612 [preauth]","@timestamp":"2022-09-18T19:30:09.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:11 honeypot-fra-1 sshd[29312]: Connection closed by invalid user ubuntu 13.126.217.41 port 49420 [preauth]","@timestamp":"2022-09-18T19:30:11.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:14 honeypot-fra-1 sshd[29318]: Connection closed by invalid user ubuntu 13.126.217.41 port 52294 [preauth]","@timestamp":"2022-09-18T19:30:14.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:16 honeypot-fra-1 sshd[29324]: Connection closed by invalid user ubuntu 13.126.217.41 port 55088 [preauth]","@timestamp":"2022-09-18T19:30:17.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:19 honeypot-fra-1 sshd[29330]: Connection closed by invalid user ubuntu 13.126.217.41 port 58066 [preauth]","@timestamp":"2022-09-18T19:30:19.607Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:22 honeypot-fra-1 sshd[29336]: Connection closed by invalid user ubuntu 13.126.217.41 port 32820 [preauth]","@timestamp":"2022-09-18T19:30:22.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:24 honeypot-fra-1 sshd[29342]: Connection closed by invalid user ubuntu 13.126.217.41 port 35756 [preauth]","@timestamp":"2022-09-18T19:30:25.649Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:27 honeypot-fra-1 sshd[29348]: Connection closed by invalid user ubuntu 13.126.217.41 port 38568 [preauth]","@timestamp":"2022-09-18T19:30:27.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:30 honeypot-fra-1 sshd[29354]: Connection closed by invalid user ubuntu 13.126.217.41 port 41524 [preauth]","@timestamp":"2022-09-18T19:30:30.653Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:32 honeypot-fra-1 sshd[29361]: Connection closed by invalid user ubuntu 13.126.217.41 port 44402 [preauth]","@timestamp":"2022-09-18T19:30:33.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:35 honeypot-fra-1 sshd[29367]: Connection closed by invalid user ubuntu 13.126.217.41 port 47220 [preauth]","@timestamp":"2022-09-18T19:30:36.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:38 honeypot-fra-1 sshd[29373]: Connection closed by invalid user ubuntu 13.126.217.41 port 50126 [preauth]","@timestamp":"2022-09-18T19:30:38.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:41 honeypot-fra-1 sshd[29379]: Connection closed by invalid user ubuntu 13.126.217.41 port 52972 [preauth]","@timestamp":"2022-09-18T19:30:41.661Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:43 honeypot-fra-1 sshd[29385]: Connection closed by invalid user ubuntu 13.126.217.41 port 55966 [preauth]","@timestamp":"2022-09-18T19:30:44.662Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:46 honeypot-fra-1 sshd[29391]: Connection closed by invalid user ubuntu 13.126.217.41 port 58638 [preauth]","@timestamp":"2022-09-18T19:30:46.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:49 honeypot-fra-1 sshd[29397]: Connection closed by invalid user ubuntu 13.126.217.41 port 33524 [preauth]","@timestamp":"2022-09-18T19:30:49.666Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:51 honeypot-fra-1 sshd[29403]: Connection closed by invalid user ubuntu 13.126.217.41 port 36308 [preauth]","@timestamp":"2022-09-18T19:30:52.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:54 honeypot-fra-1 sshd[29409]: Connection closed by invalid user ubuntu 13.126.217.41 port 39300 [preauth]","@timestamp":"2022-09-18T19:30:54.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:57 honeypot-fra-1 sshd[29415]: Connection closed by invalid user ubuntu 13.126.217.41 port 42140 [preauth]","@timestamp":"2022-09-18T19:30:57.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:59 honeypot-fra-1 sshd[29421]: Connection closed by invalid user ubuntu 13.126.217.41 port 45006 [preauth]","@timestamp":"2022-09-18T19:31:00.673Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:02 honeypot-fra-1 sshd[29427]: Connection closed by invalid user ubuntu 13.126.217.41 port 47928 [preauth]","@timestamp":"2022-09-18T19:31:02.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:05 honeypot-fra-1 sshd[29433]: Connection closed by invalid user ubuntu 13.126.217.41 port 50812 [preauth]","@timestamp":"2022-09-18T19:31:05.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:07 honeypot-fra-1 sshd[29439]: Connection closed by invalid user debian 13.126.217.41 port 53646 [preauth]","@timestamp":"2022-09-18T19:31:08.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:10 honeypot-fra-1 sshd[29445]: Connection closed by invalid user debian 13.126.217.41 port 56340 [preauth]","@timestamp":"2022-09-18T19:31:10.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:13 honeypot-fra-1 sshd[29451]: Connection closed by invalid user debian 13.126.217.41 port 59252 [preauth]","@timestamp":"2022-09-18T19:31:13.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:15 honeypot-fra-1 sshd[29457]: Connection closed by invalid user debian 13.126.217.41 port 33916 [preauth]","@timestamp":"2022-09-18T19:31:16.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:18 honeypot-fra-1 sshd[29463]: Connection closed by invalid user debian 13.126.217.41 port 37160 [preauth]","@timestamp":"2022-09-18T19:31:18.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:21 honeypot-fra-1 sshd[29469]: Connection closed by invalid user debian 13.126.217.41 port 40324 [preauth]","@timestamp":"2022-09-18T19:31:21.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:23 honeypot-fra-1 sshd[29475]: Connection closed by invalid user debian 13.126.217.41 port 43632 [preauth]","@timestamp":"2022-09-18T19:31:24.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:26 honeypot-fra-1 sshd[29482]: Connection closed by invalid user debian 13.126.217.41 port 46790 [preauth]","@timestamp":"2022-09-18T19:31:27.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:29 honeypot-fra-1 sshd[29488]: Connection closed by invalid user debian 13.126.217.41 port 50196 [preauth]","@timestamp":"2022-09-18T19:31:29.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:32 honeypot-fra-1 sshd[29494]: Connection closed by invalid user debian 13.126.217.41 port 53000 [preauth]","@timestamp":"2022-09-18T19:31:32.694Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:34 honeypot-fra-1 sshd[29500]: Connection closed by invalid user debian 13.126.217.41 port 56074 [preauth]","@timestamp":"2022-09-18T19:31:35.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:37 honeypot-fra-1 sshd[29506]: Connection closed by invalid user debian 13.126.217.41 port 58922 [preauth]","@timestamp":"2022-09-18T19:31:37.698Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:40 honeypot-fra-1 sshd[29512]: Connection closed by invalid user debian 13.126.217.41 port 33824 [preauth]","@timestamp":"2022-09-18T19:31:40.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:42 honeypot-fra-1 sshd[29518]: Connection closed by invalid user debian 13.126.217.41 port 36644 [preauth]","@timestamp":"2022-09-18T19:31:43.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:45 honeypot-fra-1 sshd[29524]: Connection closed by invalid user debian 13.126.217.41 port 39730 [preauth]","@timestamp":"2022-09-18T19:31:45.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:48 honeypot-fra-1 sshd[29530]: Connection closed by invalid user debian 13.126.217.41 port 42618 [preauth]","@timestamp":"2022-09-18T19:31:48.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:50 honeypot-fra-1 sshd[29536]: Connection closed by invalid user debian 13.126.217.41 port 45710 [preauth]","@timestamp":"2022-09-18T19:31:51.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:53 honeypot-fra-1 sshd[29542]: Connection closed by invalid user debian 13.126.217.41 port 48600 [preauth]","@timestamp":"2022-09-18T19:31:53.708Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:56 honeypot-fra-1 sshd[29548]: Connection closed by invalid user debian 13.126.217.41 port 51348 [preauth]","@timestamp":"2022-09-18T19:31:56.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:59 honeypot-fra-1 sshd[29554]: Connection closed by invalid user debian 13.126.217.41 port 54468 [preauth]","@timestamp":"2022-09-18T19:31:59.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:01 honeypot-fra-1 sshd[29561]: Connection closed by invalid user debian 13.126.217.41 port 57636 [preauth]","@timestamp":"2022-09-18T19:32:02.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:04 honeypot-fra-1 sshd[29568]: Connection closed by invalid user debian 13.126.217.41 port 60916 [preauth]","@timestamp":"2022-09-18T19:32:05.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:32:06.341Z","@version":"1","message":"Sep 18 19:32:06 honeypot-sgp-1 sshd[31428]: Invalid user oe from 128.199.250.238 port 51632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:07 honeypot-fra-1 sshd[29574]: Connection closed by invalid user debian 13.126.217.41 port 35684 [preauth]","@timestamp":"2022-09-18T19:32:07.717Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:10 honeypot-fra-1 sshd[29580]: Connection closed by invalid user debian 13.126.217.41 port 38778 [preauth]","@timestamp":"2022-09-18T19:32:10.719Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:12 honeypot-fra-1 sshd[29586]: Connection closed by invalid user debian 13.126.217.41 port 41844 [preauth]","@timestamp":"2022-09-18T19:32:13.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:15 honeypot-fra-1 sshd[29592]: Connection closed by invalid user debian 13.126.217.41 port 45078 [preauth]","@timestamp":"2022-09-18T19:32:15.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:18 honeypot-fra-1 sshd[29598]: Connection closed by invalid user debian 13.126.217.41 port 47918 [preauth]","@timestamp":"2022-09-18T19:32:18.724Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:21 honeypot-fra-1 sshd[29604]: Connection closed by invalid user debian 13.126.217.41 port 50868 [preauth]","@timestamp":"2022-09-18T19:32:21.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:23 honeypot-fra-1 sshd[29610]: Connection closed by invalid user admin 13.126.217.41 port 53820 [preauth]","@timestamp":"2022-09-18T19:32:24.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:26 honeypot-fra-1 sshd[29616]: Connection closed by invalid user admin 13.126.217.41 port 56894 [preauth]","@timestamp":"2022-09-18T19:32:26.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:29 honeypot-fra-1 sshd[29622]: Connection closed by invalid user admin 13.126.217.41 port 59960 [preauth]","@timestamp":"2022-09-18T19:32:29.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:32 honeypot-fra-1 sshd[29628]: Connection closed by invalid user admin 13.126.217.41 port 34820 [preauth]","@timestamp":"2022-09-18T19:32:32.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:35 honeypot-fra-1 sshd[29634]: Connection closed by invalid user admin 13.126.217.41 port 37768 [preauth]","@timestamp":"2022-09-18T19:32:35.735Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:37 honeypot-fra-1 sshd[29640]: Connection closed by invalid user admin 13.126.217.41 port 40876 [preauth]","@timestamp":"2022-09-18T19:32:38.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:40 honeypot-fra-1 sshd[29646]: Connection closed by invalid user admin 13.126.217.41 port 43670 [preauth]","@timestamp":"2022-09-18T19:32:40.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:43 honeypot-fra-1 sshd[29652]: Connection closed by invalid user admin 13.126.217.41 port 46474 [preauth]","@timestamp":"2022-09-18T19:32:43.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:45 honeypot-fra-1 sshd[29658]: Connection closed by invalid user admin 13.126.217.41 port 49376 [preauth]","@timestamp":"2022-09-18T19:32:46.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:48 honeypot-fra-1 sshd[29664]: Connection closed by invalid user admin 13.126.217.41 port 52520 [preauth]","@timestamp":"2022-09-18T19:32:48.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:51 honeypot-fra-1 sshd[29670]: Connection closed by invalid user admin 13.126.217.41 port 55434 [preauth]","@timestamp":"2022-09-18T19:32:51.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:53 honeypot-fra-1 sshd[29676]: Connection closed by invalid user admin 13.126.217.41 port 58348 [preauth]","@timestamp":"2022-09-18T19:32:54.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:56 honeypot-fra-1 sshd[29682]: Connection closed by invalid user admin 13.126.217.41 port 32912 [preauth]","@timestamp":"2022-09-18T19:32:56.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:59 honeypot-fra-1 sshd[29688]: Connection closed by invalid user admin 13.126.217.41 port 35928 [preauth]","@timestamp":"2022-09-18T19:32:59.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:02 honeypot-fra-1 sshd[29694]: Connection closed by invalid user admin 13.126.217.41 port 38982 [preauth]","@timestamp":"2022-09-18T19:33:02.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:04 honeypot-fra-1 sshd[29700]: Connection closed by invalid user admin 13.126.217.41 port 41678 [preauth]","@timestamp":"2022-09-18T19:33:04.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:07 honeypot-fra-1 sshd[29706]: Connection closed by invalid user admin 13.126.217.41 port 44748 [preauth]","@timestamp":"2022-09-18T19:33:07.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:10 honeypot-fra-1 sshd[29712]: Connection closed by invalid user admin 13.126.217.41 port 47680 [preauth]","@timestamp":"2022-09-18T19:33:10.759Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:33:10 honeypot-ams-1 kernel: [84406170.382473] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43977 PROTO=TCP SPT=43305 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:33:11.522Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:12 honeypot-fra-1 sshd[29718]: Connection closed by invalid user admin 13.126.217.41 port 50942 [preauth]","@timestamp":"2022-09-18T19:33:12.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:15 honeypot-fra-1 sshd[29724]: Connection closed by invalid user admin 13.126.217.41 port 53864 [preauth]","@timestamp":"2022-09-18T19:33:15.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:18 honeypot-fra-1 sshd[29730]: Connection closed by invalid user admin 13.126.217.41 port 56926 [preauth]","@timestamp":"2022-09-18T19:33:18.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:20 honeypot-fra-1 sshd[29736]: Connection closed by invalid user admin 13.126.217.41 port 60082 [preauth]","@timestamp":"2022-09-18T19:33:21.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:23 honeypot-fra-1 sshd[29744]: Connection closed by invalid user admin 13.126.217.41 port 35146 [preauth]","@timestamp":"2022-09-18T19:33:23.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:26 honeypot-fra-1 sshd[29750]: Connection closed by invalid user admin 13.126.217.41 port 38168 [preauth]","@timestamp":"2022-09-18T19:33:26.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:28 honeypot-fra-1 sshd[29756]: Connection closed by invalid user admin 13.126.217.41 port 41042 [preauth]","@timestamp":"2022-09-18T19:33:29.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:31 honeypot-fra-1 sshd[29762]: Connection closed by invalid user admin 13.126.217.41 port 44302 [preauth]","@timestamp":"2022-09-18T19:33:31.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:34 honeypot-fra-1 sshd[29768]: Connection closed by invalid user admin 13.126.217.41 port 47406 [preauth]","@timestamp":"2022-09-18T19:33:34.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:37 honeypot-fra-1 sshd[29774]: Connection closed by invalid user ftp 13.126.217.41 port 50702 [preauth]","@timestamp":"2022-09-18T19:33:37.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:34:01.388Z","@version":"1","message":"Sep 18 19:34:00 honeypot-sgp-1 sshd[31433]: Received disconnect from 61.177.172.124 port 18822:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:38:02.484Z","@version":"1","message":"Sep 18 19:38:02 honeypot-sgp-1 sshd[31438]: Disconnected from authenticating user root 154.61.72.164 port 53614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:38:08 honeypot-fra-1 kernel: [84404295.317916] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=22331 PROTO=TCP SPT=42301 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:38:09.883Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T19:40:43.550Z","@version":"1","message":"Sep 18 19:40:43 honeypot-sgp-1 sshd[31446]: Invalid user guoyunpeng from 164.92.167.86 port 56642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:10.586Z","@version":"1","message":"Sep 18 19:42:09 honeypot-sgp-1 sshd[31453]: Invalid user user from 45.61.186.49 port 57382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:19.590Z","@version":"1","message":"Sep 18 19:42:19 honeypot-sgp-1 sshd[31457]: Invalid user user from 45.61.186.49 port 40490","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:43:12 honeypot-fra-1 sshd[29789]: Connection closed by invalid user daniel 141.98.10.158 port 50484 [preauth]","@timestamp":"2022-09-18T19:43:12.997Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:43:43.625Z","@version":"1","message":"Sep 18 19:43:42 honeypot-sgp-1 sshd[31462]: Received disconnect from 58.17.200.197 port 54574:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:45:49 honeypot-ams-1 sshd[6447]: Invalid user admin from 31.52.230.39 port 49192","@timestamp":"2022-09-18T19:45:49.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:47:51 honeypot-ams-1 sshd[6452]: Invalid user user from 45.61.184.204 port 44324","@timestamp":"2022-09-18T19:47:51.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:10 honeypot-ams-1 sshd[6456]: Invalid user user from 45.61.184.204 port 38934","@timestamp":"2022-09-18T19:48:10.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:27 honeypot-ams-1 sshd[6460]: Invalid user user from 45.61.184.204 port 33568","@timestamp":"2022-09-18T19:48:27.938Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:43 honeypot-ams-1 sshd[6464]: Invalid user user from 45.61.184.204 port 56424","@timestamp":"2022-09-18T19:48:43.947Z"}
{"@timestamp":"2022-09-18T19:49:03.751Z","@version":"1","message":"Sep 18 19:49:03 honeypot-sgp-1 sshd[31467]: Received disconnect from 167.99.66.74 port 42973:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:50:32 honeypot-fra-1 sshd[29796]: Received disconnect from 159.223.70.83 port 43537:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:50:33.163Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:52:31 honeypot-fra-1 sshd[29801]: Disconnected from authenticating user root 61.177.173.47 port 45099 [preauth]","@timestamp":"2022-09-18T19:52:31.211Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:53:06.848Z","@version":"1","message":"Sep 18 19:53:06 honeypot-sgp-1 sshd[31475]: Received disconnect from 138.197.138.123 port 33098:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:53:10 honeypot-fra-1 sshd[29805]: Disconnected from invalid user test 178.128.72.150 port 36972 [preauth]","@timestamp":"2022-09-18T19:53:11.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:00 honeypot-fra-1 sshd[29809]: Disconnected from invalid user minecraft 178.128.72.150 port 36308 [preauth]","@timestamp":"2022-09-18T19:54:01.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:49 honeypot-fra-1 sshd[29814]: Disconnected from invalid user oracle 178.128.72.150 port 35654 [preauth]","@timestamp":"2022-09-18T19:54:50.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:55:37 honeypot-fra-1 sshd[29818]: Disconnected from invalid user test 178.128.72.150 port 34992 [preauth]","@timestamp":"2022-09-18T19:55:37.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:24 honeypot-fra-1 sshd[29822]: Disconnected from invalid user ftpuser 178.128.72.150 port 34334 [preauth]","@timestamp":"2022-09-18T19:56:25.331Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:56:57 honeypot-ams-1 sshd[6467]: Invalid user teste from 92.255.85.70 port 57846","@timestamp":"2022-09-18T19:56:57.167Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:57:12 honeypot-fra-1 sshd[29828]: Invalid user admin from 178.128.72.150 port 33670","@timestamp":"2022-09-18T19:57:13.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:58:00 honeypot-fra-1 sshd[29832]: Invalid user postgres from 178.128.72.150 port 33008","@timestamp":"2022-09-18T19:58:01.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:58:46 honeypot-ams-1 kernel: [84407705.681924] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.48.122.52 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=44 ID=41382 PROTO=TCP SPT=46333 DPT=443 WINDOW=39657 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:58:46.216Z"}
{"@timestamp":"2022-09-18T19:58:48.981Z","@version":"1","message":"Sep 18 19:58:48 honeypot-sgp-1 sshd[31480]: Disconnected from authenticating user root 85.208.252.181 port 52832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:00:08 honeypot-fra-1 kernel: [84405614.601440] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41846 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:00:08.425Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T20:02:36.073Z","@version":"1","message":"Sep 18 20:02:35 honeypot-sgp-1 sshd[31486]: Disconnected from authenticating user root 202.29.4.190 port 54420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:04:55 honeypot-ams-1 sshd[6473]: Disconnected from invalid user d6nw5v1x2pc7st9m 91.240.118.222 port 27689 [preauth]","@timestamp":"2022-09-18T20:04:56.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:07:47 honeypot-ams-1 sshd[6478]: Disconnected from invalid user user1!2@3#4$ 62.204.41.222 port 14849 [preauth]","@timestamp":"2022-09-18T20:07:47.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:10:36 honeypot-ams-1 sshd[6484]: Received disconnect from 206.189.151.245 port 36444:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:10:36.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:11:11 honeypot-fra-1 sshd[29844]: Received disconnect from 20.171.106.5 port 41438:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:11:11.673Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:14:20.350Z","@version":"1","message":"Sep 18 20:14:20 honeypot-sgp-1 sshd[31492]: Disconnected from authenticating user root 61.177.173.51 port 59997 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:18 honeypot-fra-1 sshd[29854]: Disconnected from invalid user rot 178.62.81.147 port 52484 [preauth]","@timestamp":"2022-09-18T20:19:18.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:47 honeypot-fra-1 sshd[29862]: Disconnected from invalid user admin 220.225.126.55 port 42356 [preauth]","@timestamp":"2022-09-18T20:19:47.882Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:20:23 honeypot-ams-1 sshd[6490]: Disconnected from authenticating user root 128.199.225.7 port 35070 [preauth]","@timestamp":"2022-09-18T20:20:23.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:22:48 honeypot-fra-1 sshd[29869]: Received disconnect from 58.8.213.27 port 33102:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:22:48.949Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:23:26.562Z","@version":"1","message":"Sep 18 20:23:25 honeypot-sgp-1 sshd[31505]: Disconnected from authenticating user root 61.177.172.19 port 15838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:24:02 honeypot-fra-1 sshd[29873]: Invalid user musicbot1 from 165.227.123.61 port 47622","@timestamp":"2022-09-18T20:24:02.980Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:28:34 honeypot-fra-1 sshd[29880]: Invalid user 1234 from 195.78.54.251 port 6397","@timestamp":"2022-09-18T20:28:34.105Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:30:44.731Z","@version":"1","message":"Sep 18 20:30:44 honeypot-sgp-1 kernel: [84409147.060596] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=40109 PROTO=TCP SPT=53008 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:34:51 honeypot-fra-1 kernel: [84407697.487018] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35664 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:34:52.244Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:38:17 honeypot-ams-1 kernel: [84410077.283983] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36306 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:38:18.259Z"}
{"@timestamp":"2022-09-18T20:41:36.982Z","@version":"1","message":"Sep 18 20:41:36 honeypot-sgp-1 sshd[31535]: Invalid user admin from 92.255.85.70 port 33306","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:42:07 honeypot-fra-1 sshd[29892]: Received disconnect from 61.177.173.47 port 27615:11:  [preauth]","@timestamp":"2022-09-18T20:42:08.405Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:47:34 honeypot-ams-1 sshd[6501]: Invalid user tpg from 37.193.112.180 port 56272","@timestamp":"2022-09-18T20:47:35.511Z"}
{"@timestamp":"2022-09-18T20:51:30.207Z","@version":"1","message":"Sep 18 20:51:29 honeypot-sgp-1 sshd[31540]: Received disconnect from 61.177.173.52 port 36469:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:51:54 honeypot-ams-1 sshd[6506]: Invalid user ftpuser from 178.128.72.150 port 54974","@timestamp":"2022-09-18T20:51:55.628Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:52:25 honeypot-ams-1 kernel: [84410924.964143] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=7306 PROTO=TCP SPT=42301 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:52:25.644Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:53:15 honeypot-ams-1 sshd[6513]: Disconnected from invalid user minecraft 178.128.72.150 port 44136 [preauth]","@timestamp":"2022-09-18T20:53:15.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:54:08 honeypot-ams-1 sshd[6517]: Disconnected from invalid user oracle 178.128.72.150 port 46366 [preauth]","@timestamp":"2022-09-18T20:54:09.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:01 honeypot-ams-1 sshd[6521]: Disconnected from invalid user test 178.128.72.150 port 48532 [preauth]","@timestamp":"2022-09-18T20:55:01.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:53 honeypot-ams-1 sshd[6525]: Disconnected from invalid user ftpuser 178.128.72.150 port 50710 [preauth]","@timestamp":"2022-09-18T20:55:53.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:56:45 honeypot-ams-1 sshd[6529]: Disconnected from invalid user admin 178.128.72.150 port 52904 [preauth]","@timestamp":"2022-09-18T20:56:45.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:57:37 honeypot-ams-1 sshd[6533]: Received disconnect from 178.128.72.150 port 55062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:57:38.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:00:43 honeypot-ams-1 sshd[6536]: Disconnected from invalid user admin 92.255.85.70 port 54698 [preauth]","@timestamp":"2022-09-18T21:00:43.888Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:01:24 honeypot-fra-1 kernel: [84409290.474896] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.228.34.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16528 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:01:24.833Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:04:09 honeypot-fra-1 sshd[29927]: Invalid user user from 159.203.85.196 port 46373","@timestamp":"2022-09-18T21:04:09.899Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:04:42.508Z","@version":"1","message":"Sep 18 21:04:41 honeypot-sgp-1 sshd[31551]: Received disconnect from 210.195.11.120 port 40048:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:06:44 honeypot-fra-1 sshd[29932]: Disconnected from authenticating user root 92.36.144.96 port 47016 [preauth]","@timestamp":"2022-09-18T21:06:44.959Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:07:04.565Z","@version":"1","message":"Sep 18 21:07:04 honeypot-sgp-1 sshd[31558]: Received disconnect from 61.177.173.51 port 63202:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:11:31 honeypot-fra-1 kernel: [84409897.821815] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1991 PROTO=TCP SPT=54804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:11:32.066Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T21:11:59.683Z","@version":"1","message":"Sep 18 21:11:58 honeypot-sgp-1 kernel: [84411621.150336] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.89 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=52264 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:16:34 honeypot-ams-1 sshd[6542]: Connection closed by invalid user postgres 193.106.191.157 port 50452 [preauth]","@timestamp":"2022-09-18T21:16:34.313Z"}
{"@timestamp":"2022-09-18T21:17:01.803Z","@version":"1","message":"Sep 18 21:17:01 honeypot-sgp-1 CRON[31572]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:17:01 honeypot-fra-1 CRON[29949]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T21:17:02.191Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:19:54.896Z","@version":"1","message":"Sep 18 21:19:54 honeypot-sgp-1 sshd[31584]: Received disconnect from 92.255.85.70 port 49940:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:26:12 honeypot-fra-1 sshd[29958]: Received disconnect from 138.68.110.55 port 37696:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:26:13.394Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:26:43 honeypot-ams-1 sshd[6548]: Invalid user admin from 92.255.85.70 port 23276","@timestamp":"2022-09-18T21:26:43.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:29:06 honeypot-ams-1 sshd[6552]: Received disconnect from 133.130.101.23 port 36994:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:29:07.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:30:00 honeypot-fra-1 sshd[29968]: Invalid user ari from 195.158.21.214 port 41140","@timestamp":"2022-09-18T21:30:00.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:31:08 honeypot-fra-1 sshd[29972]: Received disconnect from 43.134.162.83 port 35174:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:31:08.507Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:31:37 honeypot-ams-1 sshd[6555]: Connection closed by invalid user system 103.188.176.251 port 59898 [preauth]","@timestamp":"2022-09-18T21:31:38.716Z"}
{"@timestamp":"2022-09-18T21:31:59.170Z","@version":"1","message":"Sep 18 21:31:59 honeypot-sgp-1 sshd[31591]: Disconnected from authenticating user root 218.92.0.221 port 16377 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:35:49 honeypot-fra-1 sshd[29976]: Connection closed by invalid user system 103.188.176.251 port 41320 [preauth]","@timestamp":"2022-09-18T21:35:49.611Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:39:58.356Z","@version":"1","message":"Sep 18 21:39:57 honeypot-sgp-1 kernel: [84413299.945627] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=56857 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:41:35.397Z","@version":"1","message":"Sep 18 21:41:34 honeypot-sgp-1 sshd[31603]: Disconnected from authenticating user root 179.43.156.143 port 33334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:43:05 honeypot-fra-1 sshd[29985]: Received disconnect from 92.255.85.70 port 52002:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:43:05.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:44:01 honeypot-ams-1 sshd[15893]: Received disconnect from 41.185.26.240 port 46668:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:44:01.808Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:46:52 honeypot-ams-1 kernel: [83956996.420068] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=52586 PROTO=TCP SPT=13860 DPT=80 WINDOW=32356 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:46:52.891Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:47:44 honeypot-fra-1 sshd[6704]: Received disconnect from 128.199.192.230 port 16092:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:47:45.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:49:59 honeypot-fra-1 sshd[6707]: Disconnected from authenticating user root 60.208.119.154 port 33680 [preauth]","@timestamp":"2022-09-13T14:49:59.955Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:50:29.761Z","@version":"1","message":"Sep 13 14:50:29 honeypot-sgp-1 sshd[11098]: Received disconnect from 182.73.147.154 port 54316:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:51:33 honeypot-fra-1 sshd[6715]: Invalid user admin1 from 187.103.206.54 port 37471","@timestamp":"2022-09-13T14:51:33.995Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:53:17 honeypot-fra-1 sshd[6722]: Invalid user krut from 165.22.45.108 port 42240","@timestamp":"2022-09-13T14:53:18.039Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:57:13 honeypot-fra-1 kernel: [83955456.793622] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46385 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:57:14.128Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:57:38 honeypot-ams-1 kernel: [83957642.644421] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.16 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=33900 PROTO=TCP SPT=55892 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:57:39.170Z"}
{"@timestamp":"2022-09-13T15:08:33.202Z","@version":"1","message":"Sep 13 15:08:32 honeypot-sgp-1 kernel: [83957822.702822] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=47249 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:09:00 honeypot-fra-1 sshd[6728]: Received disconnect from 143.244.154.61 port 59138:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:09:01.387Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:13:22 honeypot-fra-1 sshd[6733]: Invalid user 22 from 180.250.248.169 port 58850","@timestamp":"2022-09-13T15:13:23.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:16:08 honeypot-fra-1 sshd[6735]: Invalid user admin from 220.135.177.191 port 38177","@timestamp":"2022-09-13T15:16:08.557Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:17:02.410Z","@version":"1","message":"Sep 13 15:17:01 honeypot-sgp-1 CRON[11109]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:17:01 honeypot-ams-1 CRON[15909]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T15:17:02.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:18:02 honeypot-fra-1 kernel: [83956705.688373] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18327 PROTO=TCP SPT=39706 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:18:02.601Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T15:21:18.517Z","@version":"1","message":"Sep 13 15:21:18 honeypot-sgp-1 sshd[11117]: Disconnected from authenticating user root 203.98.76.172 port 53748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:24:55.607Z","@version":"1","message":"Sep 13 15:24:54 honeypot-sgp-1 sshd[11125]: Received disconnect from 94.242.58.213 port 36612:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:25:20 honeypot-fra-1 kernel: [83957144.242777] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.228.46.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31558 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:25:21.767Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T15:26:26.647Z","@version":"1","message":"Sep 13 15:26:26 honeypot-sgp-1 sshd[11130]: Invalid user default from 179.60.147.69 port 43788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:29:45 honeypot-ams-1 sshd[15918]: Invalid user default from 179.60.147.69 port 60184","@timestamp":"2022-09-13T15:29:46.028Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:31:17 honeypot-fra-1 sshd[6755]: Connection closed by invalid user test 193.106.191.157 port 44470 [preauth]","@timestamp":"2022-09-13T15:31:17.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:34:34 honeypot-fra-1 kernel: [83957697.864643] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=83.229.82.155 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51629 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:34:34.998Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T15:38:54.952Z","@version":"1","message":"Sep 13 15:38:54 honeypot-sgp-1 sshd[11135]: Received disconnect from 103.242.117.234 port 59810:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:39:14 honeypot-fra-1 sshd[6764]: Disconnected from authenticating user root 92.255.85.70 port 42252 [preauth]","@timestamp":"2022-09-13T15:39:15.100Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:41:38 honeypot-ams-1 sshd[15922]: Disconnected from authenticating user root 92.255.85.70 port 54700 [preauth]","@timestamp":"2022-09-13T15:41:38.333Z"}
{"@timestamp":"2022-09-13T15:42:09.032Z","@version":"1","message":"Sep 13 15:42:08 honeypot-sgp-1 sshd[11140]: Disconnected from invalid user wr 193.95.228.126 port 46771 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:15 honeypot-fra-1 sshd[6770]: Received disconnect from 45.61.186.169 port 56996:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:43:16.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:32 honeypot-fra-1 sshd[6774]: Received disconnect from 45.61.186.169 port 51870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:43:33.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:48 honeypot-fra-1 sshd[6778]: Received disconnect from 45.61.186.169 port 46736:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:43:49.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:45:54 honeypot-fra-1 sshd[6782]: Disconnected from authenticating user root 206.189.151.245 port 47096 [preauth]","@timestamp":"2022-09-13T15:45:55.262Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:48:42 honeypot-ams-1 sshd[15937]: Disconnected from authenticating user root 80.76.51.189 port 59872 [preauth]","@timestamp":"2022-09-13T15:48:42.517Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:49:02 honeypot-fra-1 sshd[6787]: Disconnected from invalid user susan 143.110.254.115 port 43672 [preauth]","@timestamp":"2022-09-13T15:49:03.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:50:12 honeypot-ams-1 sshd[15943]: Received disconnect from 80.76.51.189 port 33220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:50:13.560Z"}
{"@timestamp":"2022-09-13T15:51:31.260Z","@version":"1","message":"Sep 13 15:51:30 honeypot-sgp-1 sshd[11147]: Connection closed by authenticating user root 103.188.176.251 port 41334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:51:47 honeypot-ams-1 sshd[15949]: Received disconnect from 80.76.51.189 port 34788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:51:47.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:53:20 honeypot-ams-1 sshd[15956]: Received disconnect from 80.76.51.189 port 36346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:53:21.646Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:53:39 honeypot-fra-1 sshd[6794]: Did not receive identification string from 58.72.18.130 port 21238","@timestamp":"2022-09-13T15:53:40.442Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:54:23 honeypot-ams-1 sshd[15960]: Disconnected from invalid user test 80.76.51.189 port 46796 [preauth]","@timestamp":"2022-09-13T15:54:23.675Z"}
{"@timestamp":"2022-09-13T15:55:24.384Z","@version":"1","message":"Sep 13 15:55:23 honeypot-sgp-1 sshd[11151]: Received disconnect from 62.204.41.222 port 57429:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:55:28 honeypot-ams-1 sshd[15965]: Disconnected from invalid user testuser 80.76.51.189 port 57256 [preauth]","@timestamp":"2022-09-13T15:55:28.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:56:37 honeypot-ams-1 sshd[15969]: Disconnected from invalid user ubuntu 80.76.51.189 port 39482 [preauth]","@timestamp":"2022-09-13T15:56:37.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:57:48 honeypot-ams-1 sshd[15974]: Disconnected from invalid user ubuntu 80.76.51.189 port 49944 [preauth]","@timestamp":"2022-09-13T15:57:48.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:59:34 honeypot-ams-1 sshd[15980]: Received disconnect from 80.76.51.189 port 51508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:59:34.882Z"}
{"@timestamp":"2022-09-13T15:59:50.492Z","@version":"1","message":"Sep 13 15:59:49 honeypot-sgp-1 sshd[11156]: Received disconnect from 92.255.85.69 port 53086:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:00:46 honeypot-ams-1 sshd[15984]: Disconnected from authenticating user root 80.76.51.189 port 33732 [preauth]","@timestamp":"2022-09-13T16:00:46.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:02:37 honeypot-ams-1 sshd[15990]: Received disconnect from 80.76.51.189 port 35306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T16:02:37.965Z"}
{"@timestamp":"2022-09-13T16:03:09.574Z","@version":"1","message":"Sep 13 16:03:09 honeypot-sgp-1 sshd[11163]: Received disconnect from 141.255.162.226 port 47086:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:14.578Z","@version":"1","message":"Sep 13 16:03:13 honeypot-sgp-1 sshd[11167]: Received disconnect from 141.255.162.226 port 39744:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:16.579Z","@version":"1","message":"Sep 13 16:03:16 honeypot-sgp-1 sshd[11161]: Connection closed by 141.255.162.226 port 33158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:03:32 honeypot-fra-1 sshd[6799]: Received disconnect from 92.255.85.70 port 22914:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:03:33.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:05:10 honeypot-ams-1 sshd[15995]: Disconnected from invalid user oracle 92.255.85.70 port 20804 [preauth]","@timestamp":"2022-09-13T16:05:11.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:08:22 honeypot-fra-1 kernel: [83959725.559318] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.204.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59374 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:08:22.783Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:08:30 honeypot-ams-1 kernel: [83961893.750103] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=15.236.39.0 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=51041 PROTO=TCP SPT=65462 DPT=443 WINDOW=12615 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:08:30.124Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:16:53 honeypot-fra-1 sshd[6807]: Received disconnect from 68.183.236.92 port 41434:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:16:53.979Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:17:05 honeypot-fra-1 sshd[6809]: Disconnected from authenticating user root 58.246.187.126 port 21120 [preauth]","@timestamp":"2022-09-13T16:17:06.014Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:17:52.930Z","@version":"1","message":"Sep 13 16:17:52 honeypot-sgp-1 kernel: [83961981.894243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.31 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=51755 PROTO=TCP SPT=50562 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:19:24 honeypot-ams-1 sshd[16006]: Received disconnect from 164.70.100.221 port 34520:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:19:25.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:19:49 honeypot-fra-1 kernel: [83960412.516378] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.9.87 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=11506 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:19:50.078Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:23:47 honeypot-fra-1 kernel: [83960650.813859] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=58905 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:23:48.169Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:27:53 honeypot-fra-1 sshd[6827]: Received disconnect from 46.101.132.159 port 47792:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:27:54.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:31:46 honeypot-fra-1 sshd[6832]: Disconnected from invalid user temp 36.66.16.233 port 52672 [preauth]","@timestamp":"2022-09-13T16:31:46.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:32:41.282Z","@version":"1","message":"Sep 13 16:32:41 honeypot-sgp-1 sshd[11183]: Did not receive identification string from 45.61.186.169 port 58130","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:32:45 honeypot-ams-1 kernel: [83963348.948723] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=12.220.156.28 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=60411 PROTO=TCP SPT=13110 DPT=80 WINDOW=61678 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:32:45.789Z"}
{"@timestamp":"2022-09-13T16:32:57.291Z","@version":"1","message":"Sep 13 16:32:56 honeypot-sgp-1 sshd[11186]: Received disconnect from 45.61.186.169 port 33808:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:16.300Z","@version":"1","message":"Sep 13 16:33:15 honeypot-sgp-1 sshd[11190]: Received disconnect from 45.61.186.169 port 56742:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:34.309Z","@version":"1","message":"Sep 13 16:33:33 honeypot-sgp-1 sshd[11194]: Received disconnect from 45.61.186.169 port 51464:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:39:21.450Z","@version":"1","message":"Sep 13 16:39:21 honeypot-sgp-1 sshd[11200]: Connection closed by invalid user test 179.60.147.69 port 21230 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:40:29 honeypot-fra-1 sshd[6839]: Invalid user test from 179.60.147.69 port 55484","@timestamp":"2022-09-13T16:40:29.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:41:17 honeypot-ams-1 sshd[16017]: Invalid user student from 202.53.175.28 port 39170","@timestamp":"2022-09-13T16:41:18.012Z"}
{"@timestamp":"2022-09-13T16:46:21.621Z","@version":"1","message":"Sep 13 16:46:20 honeypot-sgp-1 sshd[11204]: Disconnected from authenticating user root 92.255.85.70 port 57100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:46:53 honeypot-ams-1 sshd[16023]: Disconnected from authenticating user root 68.183.16.211 port 58114 [preauth]","@timestamp":"2022-09-13T16:46:54.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:49:19 honeypot-ams-1 sshd[16027]: Disconnected from authenticating user root 154.70.208.66 port 44822 [preauth]","@timestamp":"2022-09-13T16:49:20.260Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:49:43 honeypot-fra-1 sshd[6844]: Disconnected from authenticating user root 106.215.82.197 port 6829 [preauth]","@timestamp":"2022-09-13T16:49:44.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:50:14 honeypot-fra-1 sshd[6848]: Disconnected from invalid user openfiler 91.240.118.222 port 36666 [preauth]","@timestamp":"2022-09-13T16:50:14.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:51:10 honeypot-fra-1 sshd[6852]: Disconnected from invalid user mythtv 62.204.41.222 port 56621 [preauth]","@timestamp":"2022-09-13T16:51:10.790Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:51:31.749Z","@version":"1","message":"Sep 13 16:51:31 honeypot-sgp-1 sshd[11211]: Received disconnect from 157.230.190.64 port 38460:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:58:29 honeypot-ams-1 kernel: [83964892.960735] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48013 PROTO=TCP SPT=25213 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:58:29.497Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:44 honeypot-ams-1 sshd[16036]: Disconnected from invalid user user 141.255.162.226 port 56816 [preauth]","@timestamp":"2022-09-13T17:00:44.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:51 honeypot-ams-1 sshd[16040]: Disconnected from invalid user user 141.255.162.226 port 58758 [preauth]","@timestamp":"2022-09-13T17:00:52.565Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:53 honeypot-ams-1 sshd[16044]: Disconnected from invalid user user 141.255.162.226 port 38074 [preauth]","@timestamp":"2022-09-13T17:00:54.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:03:20 honeypot-fra-1 kernel: [83963023.454024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=4385 PROTO=TCP SPT=40211 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:03:21.083Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:05:30 honeypot-fra-1 kernel: [83963153.348277] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=50626 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:05:31.136Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:08:03.152Z","@version":"1","message":"Sep 13 17:08:02 honeypot-sgp-1 sshd[11231]: Received disconnect from 92.255.85.70 port 56288:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:09:01 honeypot-fra-1 CRON[6864]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T17:09:02.219Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:11:29.237Z","@version":"1","message":"Sep 13 17:11:28 honeypot-sgp-1 sshd[11237]: Disconnected from invalid user administrator 129.226.182.174 port 57752 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:14:31 honeypot-fra-1 kernel: [83963694.945796] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.14.128.179 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=26611 PROTO=TCP SPT=15684 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:14:32.345Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:15:46.344Z","@version":"1","message":"Sep 13 17:15:45 honeypot-sgp-1 sshd[11243]: Invalid user admin from 179.60.147.69 port 16640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:16:46 honeypot-ams-1 sshd[16053]: Invalid user admin from 153.191.2.2 port 63078","@timestamp":"2022-09-13T17:16:46.978Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:01 honeypot-ams-1 CRON[16057]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T17:17:01.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:39 honeypot-ams-1 sshd[16063]: Invalid user user from 141.255.162.226 port 52016","@timestamp":"2022-09-13T17:17:40.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:41 honeypot-ams-1 sshd[16067]: Invalid user user from 141.255.162.226 port 44988","@timestamp":"2022-09-13T17:17:42.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:46 honeypot-ams-1 sshd[16071]: Invalid user user from 141.255.162.226 port 51918","@timestamp":"2022-09-13T17:17:47.010Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:19:10 honeypot-ams-1 sshd[16076]: Invalid user admin from 179.60.147.69 port 29396","@timestamp":"2022-09-13T17:19:10.051Z"}
{"@timestamp":"2022-09-13T17:19:26.438Z","@version":"1","message":"Sep 13 17:19:25 honeypot-sgp-1 sshd[11249]: Invalid user ftpguest from 52.184.91.79 port 50202","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:20:27 honeypot-ams-1 sshd[16081]: Disconnected from authenticating user root 179.43.145.74 port 60646 [preauth]","@timestamp":"2022-09-13T17:20:28.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:21:09 honeypot-ams-1 sshd[16086]: Disconnected from authenticating user root 159.223.79.49 port 34432 [preauth]","@timestamp":"2022-09-13T17:21:10.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:22:39 honeypot-ams-1 sshd[16094]: Received disconnect from 179.43.145.74 port 41592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:22:40.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:23:35 honeypot-fra-1 kernel: [83964238.595611] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.201.9.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=34651 PROTO=TCP SPT=58123 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:23:36.550Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:24:35 honeypot-ams-1 sshd[16098]: Invalid user admin from 179.43.145.74 port 48940","@timestamp":"2022-09-13T17:24:36.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:26:32 honeypot-ams-1 sshd[16102]: Invalid user ansible from 179.43.145.74 port 56284","@timestamp":"2022-09-13T17:26:32.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:27:15 honeypot-ams-1 sshd[16106]: Received disconnect from 179.43.145.74 port 59960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:27:16.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:28:46 honeypot-ams-1 sshd[16111]: Invalid user postgres from 179.43.145.74 port 37242","@timestamp":"2022-09-13T17:28:47.325Z"}
{"@timestamp":"2022-09-13T17:30:05.698Z","@version":"1","message":"Sep 13 17:30:05 honeypot-sgp-1 kernel: [83966315.420314] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=27.71.238.124 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=32735 PROTO=TCP SPT=46098 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:30:13 honeypot-ams-1 sshd[16115]: Received disconnect from 179.43.145.74 port 42752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:30:14.364Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:32:58 honeypot-fra-1 sshd[6879]: Received disconnect from 20.239.69.124 port 35104:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:32:58.764Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:08 honeypot-ams-1 sshd[16121]: Invalid user user from 45.61.184.204 port 57758","@timestamp":"2022-09-13T17:34:09.465Z"}
{"@timestamp":"2022-09-13T17:34:18.805Z","@version":"1","message":"Sep 13 17:34:18 honeypot-sgp-1 kernel: [83966568.393906] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.222.144.15 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=6200 DF PROTO=TCP SPT=51153 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:27 honeypot-ams-1 sshd[16125]: Invalid user user from 45.61.184.204 port 52442","@timestamp":"2022-09-13T17:34:28.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:46 honeypot-ams-1 sshd[16129]: Invalid user user from 45.61.184.204 port 47144","@timestamp":"2022-09-13T17:34:46.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:35:04 honeypot-ams-1 sshd[16133]: Invalid user user from 45.61.184.204 port 41842","@timestamp":"2022-09-13T17:35:04.495Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:40:19 honeypot-fra-1 sshd[6887]: Invalid user docker from 137.184.103.103 port 58852","@timestamp":"2022-09-13T17:40:19.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:40:50 honeypot-fra-1 kernel: [83965273.740179] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38222 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:40:50.945Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:41:04.971Z","@version":"1","message":"Sep 13 17:41:04 honeypot-sgp-1 sshd[11260]: Disconnected from authenticating user root 80.91.223.97 port 40484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:41:25 honeypot-ams-1 kernel: [83967469.240138] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=55336 PROTO=TCP SPT=4000 DPT=80 WINDOW=48929 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:41:25.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:48:01 honeypot-fra-1 sshd[6894]: Invalid user ksb from 165.22.45.108 port 35502","@timestamp":"2022-09-13T17:48:02.107Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:42 honeypot-ams-1 sshd[16142]: Protocol major versions differ for 104.156.155.31 port 14326: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-NmapNSE_1.0","@timestamp":"2022-09-13T17:50:42.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:43 honeypot-ams-1 sshd[16150]: Unable to negotiate with 104.156.155.31 port 2081: no matching host key type found. Their offer: ssh-dss [preauth]","@timestamp":"2022-09-13T17:50:43.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:47 honeypot-ams-1 sshd[16160]: Connection closed by 104.156.155.31 port 14489 [preauth]","@timestamp":"2022-09-13T17:50:47.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6907]: Invalid user guest from 94.156.175.57 port 42648","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6918]: Invalid user ubuntu from 94.156.175.57 port 42684","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6901]: Invalid user user from 94.156.175.57 port 42635","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6899]: Invalid user jenkins from 94.156.175.57 port 42625","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6911]: Invalid user steam from 94.156.175.57 port 42663","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6923]: Connection closed by invalid user ts3sv 94.156.175.57 port 42699 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6915]: Connection closed by invalid user ts3srv 94.156.175.57 port 42673 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6912]: Connection closed by invalid user elastic 94.156.175.57 port 42666 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6910]: Connection closed by invalid user hadoop 94.156.175.57 port 42640 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6934]: Connection closed by invalid user deploy 94.156.175.57 port 42698 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:52:40.253Z","@version":"1","message":"Sep 13 17:52:40 honeypot-sgp-1 sshd[11264]: Connection closed by invalid user default 179.60.147.69 port 21284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:58 honeypot-fra-1 sshd[6958]: Received disconnect from 45.61.184.204 port 37252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:52:59.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:14 honeypot-fra-1 kernel: [83966017.227254] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.222.144.15 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=20653 DF PROTO=TCP SPT=50298 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T17:53:15.230Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:23 honeypot-fra-1 sshd[6964]: Disconnected from invalid user user 45.61.184.204 port 42608 [preauth]","@timestamp":"2022-09-13T17:53:24.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:38 honeypot-fra-1 sshd[6970]: Invalid user user from 45.61.184.204 port 36766","@timestamp":"2022-09-13T17:53:39.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:56:10 honeypot-fra-1 sshd[6974]: Disconnected from authenticating user root 92.255.85.70 port 22160 [preauth]","@timestamp":"2022-09-13T17:56:11.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:38 honeypot-fra-1 sshd[6980]: Invalid user user from 141.255.162.226 port 46376","@timestamp":"2022-09-13T17:57:39.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:41 honeypot-fra-1 sshd[6984]: Invalid user user from 141.255.162.226 port 47166","@timestamp":"2022-09-13T17:57:42.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:45 honeypot-fra-1 sshd[6988]: Invalid user user from 141.255.162.226 port 33446","@timestamp":"2022-09-13T17:57:46.339Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:57:57 honeypot-ams-1 sshd[16169]: Did not receive identification string from 45.61.186.249 port 35644","@timestamp":"2022-09-13T17:57:58.110Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:43 honeypot-ams-1 sshd[16172]: Received disconnect from 45.61.186.249 port 48946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:58:44.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:05 honeypot-ams-1 sshd[16176]: Received disconnect from 45.61.186.249 port 46842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:59:06.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:27 honeypot-ams-1 sshd[16180]: Received disconnect from 45.61.186.249 port 44642:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:59:27.157Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:59:33 honeypot-fra-1 sshd[6992]: Disconnected from invalid user panchkarmaindore 193.46.199.36 port 33664 [preauth]","@timestamp":"2022-09-13T17:59:34.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:37 honeypot-ams-1 sshd[16184]: Disconnected from invalid user user 45.61.186.249 port 57680 [preauth]","@timestamp":"2022-09-13T17:59:38.163Z"}
{"@timestamp":"2022-09-13T18:01:34.466Z","@version":"1","message":"Sep 13 18:01:34 honeypot-sgp-1 kernel: [83968203.891335] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.27.253 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=64960 PROTO=TCP SPT=52092 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:05:58 honeypot-fra-1 sshd[6997]: Received disconnect from 185.151.51.90 port 46346:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:05:59.522Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:08:20 honeypot-ams-1 sshd[16189]: Invalid user openfiler from 91.240.118.222 port 6435","@timestamp":"2022-09-13T18:08:20.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:09:05 honeypot-fra-1 sshd[7002]: Connection closed by invalid user test 193.106.191.157 port 57896 [preauth]","@timestamp":"2022-09-13T18:09:06.594Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:09:07 honeypot-ams-1 sshd[16191]: Disconnected from invalid user mythtv 62.204.41.222 port 43460 [preauth]","@timestamp":"2022-09-13T18:09:08.436Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:17:01 honeypot-fra-1 CRON[7005]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T18:17:01.787Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T18:17:01.836Z","@version":"1","message":"Sep 13 18:17:01 honeypot-sgp-1 CRON[11273]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:17:01 honeypot-ams-1 CRON[16196]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T18:17:02.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:25:16 honeypot-ams-1 sshd[16202]: Connection closed by invalid user test 193.106.191.157 port 51694 [preauth]","@timestamp":"2022-09-13T18:25:16.854Z"}
{"@timestamp":"2022-09-13T18:29:06.131Z","@version":"1","message":"Sep 13 18:29:05 honeypot-sgp-1 sshd[11280]: Connection closed by invalid user admin 179.60.147.69 port 33464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:30:12 honeypot-fra-1 sshd[7012]: Invalid user admin from 179.60.147.69 port 47844","@timestamp":"2022-09-13T18:30:13.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:32:30 honeypot-fra-1 sshd[7016]: Received disconnect from 104.248.91.215 port 51938:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:32:30.134Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:35:26 honeypot-fra-1 sshd[7021]: Disconnected from invalid user admin 43.154.43.99 port 41382 [preauth]","@timestamp":"2022-09-13T18:35:26.218Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:36:02 honeypot-ams-1 kernel: [83970746.128508] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.161.155.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=46003 PROTO=TCP SPT=10696 DPT=443 WINDOW=17832 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:36:03.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:31 honeypot-ams-1 sshd[16210]: Received disconnect from 45.61.186.169 port 34800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:36:32.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:48 honeypot-ams-1 sshd[16214]: Received disconnect from 45.61.186.169 port 59998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:36:49.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:37:06 honeypot-ams-1 sshd[16218]: Invalid user user from 45.61.186.169 port 57002","@timestamp":"2022-09-13T18:37:06.180Z"}
{"@timestamp":"2022-09-13T18:38:50.368Z","@version":"1","message":"Sep 13 18:38:49 honeypot-sgp-1 kernel: [83970439.664070] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.248.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=50194 PROTO=TCP SPT=16003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:38:52 honeypot-fra-1 sshd[7025]: Disconnected from invalid user jessica 179.60.230.131 port 47310 [preauth]","@timestamp":"2022-09-13T18:38:53.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:40 honeypot-fra-1 sshd[7031]: Received disconnect from 144.24.116.174 port 51244:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:39:40.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:43 honeypot-fra-1 sshd[7035]: Disconnected from invalid user admin 37.187.123.50 port 42232 [preauth]","@timestamp":"2022-09-13T18:39:44.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:41:46 honeypot-fra-1 sshd[7042]: Invalid user odoo from 157.245.122.58 port 45224","@timestamp":"2022-09-13T18:41:47.371Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:42:52 honeypot-ams-1 sshd[16224]: Received disconnect from 92.255.85.69 port 49258:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:42:52.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:43:46 honeypot-fra-1 sshd[7046]: Invalid user data.user from 157.245.122.58 port 44066","@timestamp":"2022-09-13T18:43:47.440Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:44:54 honeypot-ams-1 sshd[16227]: Connection closed by invalid user test 193.106.191.157 port 37004 [preauth]","@timestamp":"2022-09-13T18:44:54.387Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:45:38 honeypot-fra-1 sshd[7051]: Invalid user jonitiso from 157.245.122.58 port 42894","@timestamp":"2022-09-13T18:45:38.483Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:46:19 honeypot-ams-1 sshd[16236]: Disconnected from authenticating user root 80.76.51.189 port 38790 [preauth]","@timestamp":"2022-09-13T18:46:19.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:47:51 honeypot-ams-1 sshd[16242]: Disconnected from authenticating user root 80.76.51.189 port 41866 [preauth]","@timestamp":"2022-09-13T18:47:51.467Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:48:34 honeypot-fra-1 kernel: [83969337.156354] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.73 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52797 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:48:34.551Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:49:28 honeypot-ams-1 sshd[16249]: Disconnected from authenticating user root 80.76.51.189 port 44938 [preauth]","@timestamp":"2022-09-13T18:49:29.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:50:34 honeypot-ams-1 sshd[16255]: Invalid user test from 80.76.51.189 port 56396","@timestamp":"2022-09-13T18:50:34.546Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:51:40 honeypot-ams-1 sshd[16259]: Invalid user testuser from 80.76.51.189 port 39614","@timestamp":"2022-09-13T18:51:40.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:52:37 honeypot-ams-1 sshd[16263]: Received disconnect from 52.142.11.171 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:52:38.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:53:19 honeypot-ams-1 sshd[16267]: Received disconnect from 80.76.51.189 port 42688:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:53:19.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:54:27 honeypot-ams-1 sshd[16272]: Disconnected from authenticating user root 80.76.51.189 port 54150 [preauth]","@timestamp":"2022-09-13T18:54:28.656Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:55:44 honeypot-fra-1 sshd[7060]: Received disconnect from 82.196.7.111 port 42162:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:55:44.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:55:53 honeypot-ams-1 kernel: [83971937.544864] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=49315 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:55:54.696Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:57:29 honeypot-ams-1 sshd[16282]: Received disconnect from 80.76.51.189 port 40444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:57:29.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:58:41 honeypot-ams-1 sshd[16286]: Disconnected from authenticating user root 80.76.51.189 port 51900 [preauth]","@timestamp":"2022-09-13T18:58:42.773Z"}
{"@timestamp":"2022-09-13T18:58:48.843Z","@version":"1","message":"Sep 13 18:58:48 honeypot-sgp-1 sshd[11289]: Received disconnect from 92.255.85.69 port 36454:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:59:13 honeypot-fra-1 sshd[7065]: Received disconnect from 94.69.226.48 port 47688:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:59:13.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:02:28 honeypot-fra-1 sshd[7071]: Received disconnect from 92.255.85.70 port 57762:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:02:28.870Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:03:20 honeypot-ams-1 sshd[16293]: Received disconnect from 92.255.85.69 port 49576:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:03:20.895Z"}
{"@timestamp":"2022-09-13T19:09:07.087Z","@version":"1","message":"Sep 13 19:09:07 honeypot-sgp-1 sshd[11295]: Received disconnect from 45.119.9.158 port 45344:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:09:16 honeypot-ams-1 sshd[16296]: Invalid user blank from 179.60.147.69 port 45984","@timestamp":"2022-09-13T19:09:17.051Z"}
{"@timestamp":"2022-09-13T19:11:12.138Z","@version":"1","message":"Sep 13 19:11:11 honeypot-sgp-1 sshd[11300]: Disconnected from invalid user cpc 137.184.59.80 port 55776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:14:11 honeypot-fra-1 sshd[7077]: Connection closed by invalid user admin 92.124.220.106 port 41948 [preauth]","@timestamp":"2022-09-13T19:14:12.133Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:15:17 honeypot-ams-1 sshd[16301]: Received disconnect from 103.153.175.18 port 59532:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:15:18.226Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:17:01 honeypot-fra-1 CRON[7082]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T19:17:02.197Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:17:02.277Z","@version":"1","message":"Sep 13 19:17:01 honeypot-sgp-1 CRON[11305]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:20:18 honeypot-ams-1 sshd[16308]: Received disconnect from 157.245.122.58 port 45882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:20:19.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:21:23 honeypot-ams-1 sshd[16314]: Invalid user wqs from 73.204.6.32 port 48594","@timestamp":"2022-09-13T19:21:23.390Z"}
{"@timestamp":"2022-09-13T19:21:40.388Z","@version":"1","message":"Sep 13 19:21:39 honeypot-sgp-1 sshd[11310]: Received disconnect from 92.255.85.69 port 30516:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:22:47 honeypot-ams-1 kernel: [83973550.817086] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.168.28.81 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=26843 DF PROTO=TCP SPT=59194 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:22:47.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:23:21 honeypot-ams-1 sshd[16318]: Disconnected from invalid user tenancy 157.245.122.58 port 58260 [preauth]","@timestamp":"2022-09-13T19:23:22.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:34 honeypot-ams-1 sshd[16323]: Received disconnect from 45.61.186.169 port 39410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:24:34.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:51 honeypot-ams-1 sshd[16327]: Received disconnect from 45.61.186.169 port 33524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:24:52.492Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:08 honeypot-ams-1 sshd[16331]: Received disconnect from 45.61.186.169 port 55866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:25:08.501Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:25:09 honeypot-fra-1 kernel: [83971532.375163] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.198 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35702 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:25:10.377Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:16 honeypot-ams-1 sshd[16335]: Received disconnect from 45.61.186.169 port 38800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:25:16.505Z"}
{"@timestamp":"2022-09-13T19:25:41.485Z","@version":"1","message":"Sep 13 19:25:40 honeypot-sgp-1 sshd[11313]: Disconnected from invalid user juin 157.245.142.116 port 45876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:25:41 honeypot-ams-1 kernel: [83973725.450023] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.90.160.139 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=28882 PROTO=TCP SPT=31521 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:25:42.519Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:26:50 honeypot-ams-1 kernel: [83973793.994820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.188.17.227 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=59673 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:26:50.552Z"}
{"@timestamp":"2022-09-13T19:27:40.533Z","@version":"1","message":"Sep 13 19:27:39 honeypot-sgp-1 sshd[11317]: Disconnected from invalid user ftp 142.93.135.234 port 53984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:34:19 honeypot-fra-1 kernel: [83972082.181307] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56403 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:34:19.582Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:35:06 honeypot-ams-1 kernel: [83974289.660943] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39562 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:35:06.776Z"}
{"@timestamp":"2022-09-13T19:37:25.782Z","@version":"1","message":"Sep 13 19:37:25 honeypot-sgp-1 kernel: [83973955.293122] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.201.75 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43914 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:40:08.847Z","@version":"1","message":"Sep 13 19:40:08 honeypot-sgp-1 sshd[11328]: Received disconnect from 45.61.186.49 port 45254:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:40:11 honeypot-fra-1 sshd[7100]: Invalid user admin from 141.98.10.158 port 50190","@timestamp":"2022-09-13T19:40:12.714Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:40:18.852Z","@version":"1","message":"Sep 13 19:40:17 honeypot-sgp-1 sshd[11332]: Received disconnect from 45.61.186.49 port 56908:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:43:52.936Z","@version":"1","message":"Sep 13 19:43:52 honeypot-sgp-1 sshd[11338]: Disconnected from authenticating user root 92.255.85.70 port 62144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:43:55 honeypot-fra-1 sshd[7106]: Invalid user guest from 179.60.147.69 port 54994","@timestamp":"2022-09-13T19:43:56.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:46:08 honeypot-fra-1 sshd[7111]: Received disconnect from 92.255.85.69 port 51820:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:46:09.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:50:04 honeypot-ams-1 sshd[16350]: Received disconnect from 92.255.85.69 port 29980:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:50:05.161Z"}
{"@timestamp":"2022-09-13T19:50:17.089Z","@version":"1","message":"Sep 13 19:50:16 honeypot-sgp-1 kernel: [83974726.123793] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=19772 PROTO=TCP SPT=50301 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:51:50 honeypot-fra-1 kernel: [83973132.952200] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.118.253.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=38058 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:51:50.984Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:53:49 honeypot-ams-1 kernel: [83975413.546672] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26175 DF PROTO=TCP SPT=44220 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:53:50.276Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:57:16 honeypot-fra-1 kernel: [83973458.684409] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.175 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52570 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:57:16.110Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:59:08 honeypot-ams-1 kernel: [83975732.142218] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x18 PREC=0x00 TTL=239 ID=12189 PROTO=TCP SPT=45851 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:59:09.409Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:01:18 honeypot-fra-1 kernel: [83973700.943539] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25200 PROTO=TCP SPT=58685 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:01:19.207Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T20:01:37.359Z","@version":"1","message":"Sep 13 20:01:36 honeypot-sgp-1 sshd[11346]: Received disconnect from 46.101.141.155 port 34472:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:03:48 honeypot-ams-1 sshd[16362]: Received disconnect from 85.31.46.45 port 46674:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:03:48.528Z"}
{"@timestamp":"2022-09-13T20:04:02.419Z","@version":"1","message":"Sep 13 20:04:02 honeypot-sgp-1 sshd[11351]: Invalid user user from 45.61.186.169 port 37802","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:11.425Z","@version":"1","message":"Sep 13 20:04:11 honeypot-sgp-1 sshd[11355]: Received disconnect from 45.61.186.169 port 49380:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:18 honeypot-ams-1 sshd[16367]: Disconnected from authenticating user root 85.31.46.45 port 38164 [preauth]","@timestamp":"2022-09-13T20:04:18.544Z"}
{"@timestamp":"2022-09-13T20:04:28.433Z","@version":"1","message":"Sep 13 20:04:27 honeypot-sgp-1 sshd[11359]: Received disconnect from 45.61.186.169 port 44222:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:44.441Z","@version":"1","message":"Sep 13 20:04:44 honeypot-sgp-1 sshd[11363]: Received disconnect from 45.61.186.169 port 39104:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:05:03 honeypot-ams-1 sshd[16373]: Disconnected from authenticating user root 85.31.46.45 port 39332 [preauth]","@timestamp":"2022-09-13T20:05:03.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:05:46 honeypot-ams-1 sshd[16379]: Disconnected from authenticating user root 85.31.46.45 port 40572 [preauth]","@timestamp":"2022-09-13T20:05:46.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:15 honeypot-ams-1 sshd[16384]: Disconnected from invalid user user 85.31.46.45 port 60296 [preauth]","@timestamp":"2022-09-13T20:06:16.604Z"}
{"@timestamp":"2022-09-13T20:07:20.504Z","@version":"1","message":"Sep 13 20:07:20 honeypot-sgp-1 sshd[11368]: Disconnected from invalid user juanda 137.184.126.78 port 43358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:10:39 honeypot-ams-1 sshd[16389]: Received disconnect from 167.99.220.160 port 48392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:10:39.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:12:55 honeypot-fra-1 kernel: [83974398.418050] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.200.187 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34945 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:12:56.467Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:14:06 honeypot-fra-1 sshd[7129]: Disconnected from invalid user dovecot 165.22.60.53 port 37542 [preauth]","@timestamp":"2022-09-13T20:14:06.496Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:17:02.732Z","@version":"1","message":"Sep 13 20:17:01 honeypot-sgp-1 CRON[11375]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:17:27 honeypot-ams-1 kernel: [83976830.678053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.199.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=32787 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:17:27.897Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:19:17 honeypot-fra-1 sshd[7137]: Received disconnect from 118.212.146.43 port 46768:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:19:17.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:21:30 honeypot-fra-1 kernel: [83974912.656269] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.117 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40633 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:21:30.671Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:24:13 honeypot-ams-1 kernel: [83977237.491420] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:24:14.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:29:48 honeypot-ams-1 sshd[16403]: Received disconnect from 188.166.252.132 port 39888:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:29:49.222Z"}
{"@timestamp":"2022-09-13T20:30:52.063Z","@version":"1","message":"Sep 13 20:30:51 honeypot-sgp-1 kernel: [83977161.282279] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.154.2.224 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=27248 PROTO=TCP SPT=49046 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:35:34.178Z","@version":"1","message":"Sep 13 20:35:33 honeypot-sgp-1 sshd[11388]: Received disconnect from 104.248.228.139 port 56446:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:35:36 honeypot-ams-1 sshd[16408]: Disconnected from authenticating user root 92.255.85.70 port 62206 [preauth]","@timestamp":"2022-09-13T20:35:37.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:36:33 honeypot-fra-1 kernel: [83975816.231190] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=190.180.154.217 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=34960 DF PROTO=TCP SPT=56796 DPT=80 WINDOW=5640 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:36:34.011Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:37:59 honeypot-fra-1 sshd[7152]: Received disconnect from 198.98.61.9 port 48454:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:38:00.045Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:16 honeypot-fra-1 sshd[7156]: Received disconnect from 198.98.61.9 port 43300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:38:17.053Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:37 honeypot-fra-1 sshd[7161]: Received disconnect from 198.98.61.9 port 38140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:38:38.062Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:39:44 honeypot-fra-1 kernel: [83976007.480458] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43112 PROTO=TCP SPT=58908 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:39:45.090Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:41:18 honeypot-ams-1 sshd[16413]: Received disconnect from 222.122.67.97 port 59194:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:41:18.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:06 honeypot-fra-1 sshd[7171]: Invalid user user from 45.61.187.160 port 50316","@timestamp":"2022-09-13T20:42:07.148Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:15 honeypot-fra-1 sshd[7175]: Invalid user user from 45.61.187.160 port 33530","@timestamp":"2022-09-13T20:42:16.152Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:35 honeypot-fra-1 sshd[7179]: Invalid user user from 45.61.187.160 port 56434","@timestamp":"2022-09-13T20:42:36.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:54 honeypot-fra-1 sshd[7185]: Invalid user user from 45.61.187.160 port 51102","@timestamp":"2022-09-13T20:42:55.171Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:44:05 honeypot-ams-1 sshd[16417]: Invalid user statd from 85.114.98.146 port 55536","@timestamp":"2022-09-13T20:44:06.598Z"}
{"@timestamp":"2022-09-13T20:45:30.441Z","@version":"1","message":"Sep 13 20:45:29 honeypot-sgp-1 sshd[11392]: Disconnected from invalid user ue 137.184.104.77 port 33428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:49:44 honeypot-fra-1 kernel: [83976607.016312] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=37071 PROTO=TCP SPT=22452 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:49:45.322Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T20:53:02.626Z","@version":"1","message":"Sep 13 20:53:02 honeypot-sgp-1 sshd[11397]: Did not receive identification string from 179.43.156.143 port 38366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:53:51 honeypot-ams-1 kernel: [83979015.116422] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.102 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=12566 PROTO=TCP SPT=13011 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:53:51.865Z"}
{"@timestamp":"2022-09-13T20:54:29.665Z","@version":"1","message":"Sep 13 20:54:29 honeypot-sgp-1 sshd[11404]: Received disconnect from 179.43.156.143 port 37332:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:55:38 honeypot-fra-1 sshd[7196]: Connection closed by invalid user pi 80.117.229.198 port 55898 [preauth]","@timestamp":"2022-09-13T20:55:39.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:55:43.699Z","@version":"1","message":"Sep 13 20:55:42 honeypot-sgp-1 sshd[11410]: Received disconnect from 179.43.156.143 port 56746:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:56:47 honeypot-fra-1 sshd[7202]: Connection closed by invalid user support 179.60.147.69 port 22778 [preauth]","@timestamp":"2022-09-13T20:56:48.481Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:57:30.745Z","@version":"1","message":"Sep 13 20:57:30 honeypot-sgp-1 sshd[11416]: Invalid user nutanix from 179.43.156.143 port 43554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:58:48.777Z","@version":"1","message":"Sep 13 20:58:47 honeypot-sgp-1 sshd[11421]: Invalid user nfsnobod from 179.43.156.143 port 34792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:53 honeypot-fra-1 sshd[7208]: Invalid user user from 45.61.186.49 port 35460","@timestamp":"2022-09-13T20:58:54.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:59 honeypot-fra-1 sshd[7212]: Received disconnect from 45.61.186.49 port 41966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:58:59.535Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:00:13.814Z","@version":"1","message":"Sep 13 21:00:13 honeypot-sgp-1 sshd[11425]: Received disconnect from 179.43.156.143 port 54234:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:01:20 honeypot-ams-1 kernel: [83979463.830317] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16100 PROTO=TCP SPT=42821 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:01:21.060Z"}
{"@timestamp":"2022-09-13T21:02:21.867Z","@version":"1","message":"Sep 13 21:02:21 honeypot-sgp-1 sshd[11431]: Received disconnect from 179.43.156.143 port 41038:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:33 honeypot-fra-1 sshd[7219]: Invalid user user from 45.61.186.169 port 45526","@timestamp":"2022-09-13T21:02:33.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:52 honeypot-fra-1 sshd[7223]: Invalid user user from 45.61.186.169 port 41430","@timestamp":"2022-09-13T21:02:53.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:10 honeypot-fra-1 sshd[7227]: Invalid user user from 45.61.186.169 port 37354","@timestamp":"2022-09-13T21:03:11.632Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:27 honeypot-fra-1 sshd[7231]: Invalid user user from 45.61.186.169 port 33252","@timestamp":"2022-09-13T21:03:28.639Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:08:35.016Z","@version":"1","message":"Sep 13 21:08:34 honeypot-sgp-1 kernel: [83979424.165738] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.46.215.90 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=10538 DF PROTO=TCP SPT=37966 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:10:41.067Z","@version":"1","message":"Sep 13 21:10:40 honeypot-sgp-1 sshd[11437]: Received disconnect from 103.92.24.243 port 43890:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:11:47.096Z","@version":"1","message":"Sep 13 21:11:46 honeypot-sgp-1 sshd[11441]: Disconnected from invalid user steam 190.117.147.185 port 36834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:38.119Z","@version":"1","message":"Sep 13 21:12:37 honeypot-sgp-1 sshd[11446]: Received disconnect from 141.255.162.226 port 35302:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:39.120Z","@version":"1","message":"Sep 13 21:12:38 honeypot-sgp-1 sshd[11450]: Received disconnect from 141.255.162.226 port 50700:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:13:27 honeypot-ams-1 kernel: [83980190.764337] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=61.53.125.174 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=37814 PROTO=TCP SPT=58975 DPT=443 WINDOW=33591 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:13:27.372Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:13:32 honeypot-fra-1 sshd[7234]: Connection closed by invalid user admin 200.37.213.21 port 45024 [preauth]","@timestamp":"2022-09-13T21:13:32.867Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:15:18.185Z","@version":"1","message":"Sep 13 21:15:17 honeypot-sgp-1 sshd[11454]: Received disconnect from 92.255.85.70 port 56116:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:16:27 honeypot-fra-1 sshd[7238]: Invalid user bf1942server from 101.32.10.55 port 54292","@timestamp":"2022-09-13T21:16:27.937Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:17:02 honeypot-ams-1 CRON[16431]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T21:17:02.466Z"}
{"@timestamp":"2022-09-13T21:17:43.244Z","@version":"1","message":"Sep 13 21:17:42 honeypot-sgp-1 kernel: [83979972.397576] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.204.42.89 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55834 DF PROTO=TCP SPT=52176 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:18:26 honeypot-fra-1 sshd[7243]: Disconnected from authenticating user root 94.139.166.33 port 59636 [preauth]","@timestamp":"2022-09-13T21:18:26.984Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:20:54 honeypot-ams-1 sshd[16437]: Received disconnect from 187.102.174.154 port 53136:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:20:54.569Z"}
{"@timestamp":"2022-09-13T21:22:02.347Z","@version":"1","message":"Sep 13 21:22:01 honeypot-sgp-1 kernel: [83980231.444859] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13475 PROTO=TCP SPT=36794 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:26:20.453Z","@version":"1","message":"Sep 13 21:26:19 honeypot-sgp-1 kernel: [83980489.126536] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=62347 PROTO=TCP SPT=44159 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:27:42 honeypot-ams-1 sshd[16443]: Invalid user test from 193.106.191.157 port 53084","@timestamp":"2022-09-13T21:27:42.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:27:47 honeypot-fra-1 kernel: [83978889.475316] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63864 PROTO=TCP SPT=44159 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:27:47.196Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T21:28:29.505Z","@version":"1","message":"Sep 13 21:28:28 honeypot-sgp-1 sshd[11468]: Received disconnect from 198.98.61.9 port 57428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:28:46.513Z","@version":"1","message":"Sep 13 21:28:46 honeypot-sgp-1 sshd[11472]: Received disconnect from 198.98.61.9 port 53008:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:03.520Z","@version":"1","message":"Sep 13 21:29:02 honeypot-sgp-1 sshd[11476]: Received disconnect from 198.98.61.9 port 48572:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:10.523Z","@version":"1","message":"Sep 13 21:29:10 honeypot-sgp-1 sshd[11480]: Received disconnect from 198.98.61.9 port 60500:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:29:15 honeypot-ams-1 sshd[16448]: Disconnected from authenticating user root 179.60.230.131 port 45855 [preauth]","@timestamp":"2022-09-13T21:29:15.793Z"}
{"@timestamp":"2022-09-13T21:32:25.599Z","@version":"1","message":"Sep 13 21:32:25 honeypot-sgp-1 sshd[11486]: Invalid user ubnt from 179.60.147.69 port 64116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:34:40.655Z","@version":"1","message":"Sep 13 21:34:40 honeypot-sgp-1 kernel: [83980989.998360] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=31.192.111.224 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6952 PROTO=TCP SPT=44629 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:35:44 honeypot-ams-1 sshd[16456]: Invalid user ubnt from 179.60.147.69 port 1480","@timestamp":"2022-09-13T21:35:44.960Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:37:44 honeypot-fra-1 sshd[7259]: Invalid user test from 193.106.191.157 port 45312","@timestamp":"2022-09-13T21:37:45.422Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:40:44.803Z","@version":"1","message":"Sep 13 21:40:43 honeypot-sgp-1 sshd[11495]: Disconnecting invalid user  185.246.130.20 port 58810: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:10.816Z","@version":"1","message":"Sep 13 21:41:10 honeypot-sgp-1 sshd[11501]: Invalid user  from 185.246.130.20 port 54545","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:29.826Z","@version":"1","message":"Sep 13 21:41:29 honeypot-sgp-1 sshd[11505]: Disconnecting invalid user  185.246.130.20 port 41012: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:06.843Z","@version":"1","message":"Sep 13 21:42:05 honeypot-sgp-1 sshd[11511]: Disconnecting invalid user admin 185.246.130.20 port 20659: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:42:20 honeypot-fra-1 kernel: [83979762.445386] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=136.228.128.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16081 DF PROTO=TCP SPT=27738 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:42:20.535Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T21:42:37.859Z","@version":"1","message":"Sep 13 21:42:37 honeypot-sgp-1 sshd[11519]: Invalid user 1234 from 185.246.130.20 port 15413","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:57.869Z","@version":"1","message":"Sep 13 21:42:57 honeypot-sgp-1 sshd[11525]: Invalid user  from 185.246.130.20 port 47394","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:43:32.886Z","@version":"1","message":"Sep 13 21:43:31 honeypot-sgp-1 sshd[11531]: Disconnecting invalid user Admin 185.246.130.20 port 9697: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:22.909Z","@version":"1","message":"Sep 13 21:44:22 honeypot-sgp-1 sshd[11537]: Disconnecting invalid user guest 185.246.130.20 port 59293: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:51.922Z","@version":"1","message":"Sep 13 21:44:51 honeypot-sgp-1 sshd[11545]: Invalid user Cisco from 185.246.130.20 port 10330","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:10.931Z","@version":"1","message":"Sep 13 21:45:10 honeypot-sgp-1 sshd[11551]: Invalid user 1234 from 185.246.130.20 port 23148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:40.958Z","@version":"1","message":"Sep 13 21:45:40 honeypot-sgp-1 sshd[11557]: Disconnecting invalid user  185.246.130.20 port 50936: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:10.973Z","@version":"1","message":"Sep 13 21:46:10 honeypot-sgp-1 sshd[11564]: Disconnecting invalid user admin 185.246.130.20 port 19149: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:42.988Z","@version":"1","message":"Sep 13 21:46:42 honeypot-sgp-1 sshd[11572]: Invalid user  from 185.246.130.20 port 63018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:09.001Z","@version":"1","message":"Sep 13 21:47:08 honeypot-sgp-1 sshd[11578]: Disconnecting invalid user admin 185.246.130.20 port 3829: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:47:29 honeypot-ams-1 sshd[16463]: Invalid user git from 35.205.118.1 port 54179","@timestamp":"2022-09-13T21:47:30.264Z"}
{"@timestamp":"2022-09-13T21:47:36.015Z","@version":"1","message":"Sep 13 21:47:35 honeypot-sgp-1 sshd[11584]: Disconnecting invalid user cusadmin 185.246.130.20 port 37643: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:56.024Z","@version":"1","message":"Sep 13 21:47:55 honeypot-sgp-1 sshd[11591]: Connection closed by invalid user pi 183.82.107.151 port 42134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:48:13 honeypot-ams-1 sshd[16467]: Invalid user mapred from 156.254.125.106 port 46622","@timestamp":"2022-09-13T21:48:14.284Z"}
{"@timestamp":"2022-09-13T21:48:18.035Z","@version":"1","message":"Sep 13 21:48:17 honeypot-sgp-1 sshd[11596]: Disconnecting invalid user Admin 185.246.130.20 port 6877: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:43.045Z","@version":"1","message":"Sep 13 21:48:42 honeypot-sgp-1 sshd[11604]: Invalid user admin from 197.159.66.211 port 56394","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:06.056Z","@version":"1","message":"Sep 13 21:49:05 honeypot-sgp-1 sshd[11609]: Invalid user matrix from 185.246.130.20 port 17352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:31.068Z","@version":"1","message":"Sep 13 21:49:30 honeypot-sgp-1 sshd[11613]: Disconnecting invalid user admin 185.246.130.20 port 49170: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:56.080Z","@version":"1","message":"Sep 13 21:49:55 honeypot-sgp-1 sshd[11619]: Disconnecting invalid user blank 185.246.130.20 port 38008: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:50:38.099Z","@version":"1","message":"Sep 13 21:50:37 honeypot-sgp-1 sshd[11628]: Invalid user 0 from 185.246.130.20 port 27371","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:03.112Z","@version":"1","message":"Sep 13 21:51:03 honeypot-sgp-1 sshd[11633]: Disconnecting invalid user roqos 185.246.130.20 port 51289: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:34.126Z","@version":"1","message":"Sep 13 21:51:33 honeypot-sgp-1 sshd[11639]: Disconnecting invalid user sitecom 185.246.130.20 port 3530: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:01.139Z","@version":"1","message":"Sep 13 21:52:00 honeypot-sgp-1 sshd[11645]: Invalid user admin from 185.246.130.20 port 50885","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:35.155Z","@version":"1","message":"Sep 13 21:52:35 honeypot-sgp-1 sshd[11651]: Invalid user smcadmin from 185.246.130.20 port 11198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:53:06 honeypot-fra-1 sshd[7268]: Received disconnect from 107.173.111.206 port 42926:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:53:06.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:53:11.171Z","@version":"1","message":"Sep 13 21:53:10 honeypot-sgp-1 sshd[11657]: Invalid user admin from 185.246.130.20 port 11452","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:53:43.187Z","@version":"1","message":"Sep 13 21:53:42 honeypot-sgp-1 sshd[11663]: Invalid user user from 185.246.130.20 port 35467","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:54:14.203Z","@version":"1","message":"Sep 13 21:54:13 honeypot-sgp-1 sshd[11669]: Disconnecting invalid user 123456 185.246.130.20 port 22196: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:54:58 honeypot-ams-1 sshd[16470]: Disconnected from invalid user redmine 129.151.252.157 port 50420 [preauth]","@timestamp":"2022-09-13T21:54:59.457Z"}
{"@timestamp":"2022-09-13T21:55:02.225Z","@version":"1","message":"Sep 13 21:55:01 honeypot-sgp-1 sshd[11676]: Disconnecting invalid user readwrite 185.246.130.20 port 60043: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:55:42.244Z","@version":"1","message":"Sep 13 21:55:41 honeypot-sgp-1 sshd[11682]: Disconnecting invalid user DZY-W2914NSV2 185.246.130.20 port 9812: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:56:34.268Z","@version":"1","message":"Sep 13 21:56:33 honeypot-sgp-1 sshd[11689]: Disconnecting invalid user zoomadsl 185.246.130.20 port 29692: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:57:09.285Z","@version":"1","message":"Sep 13 21:57:08 honeypot-sgp-1 sshd[11695]: Connection closed by invalid user ltecl4r0 185.246.130.20 port 33832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:59:48 honeypot-ams-1 sshd[16475]: Bad protocol version identification '\\026\\003\\001\\002' from 223.71.167.164 port 13827","@timestamp":"2022-09-13T21:59:49.586Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:01:13 honeypot-fra-1 sshd[7273]: Disconnected from authenticating user root 92.255.85.70 port 20760 [preauth]","@timestamp":"2022-09-13T22:01:13.956Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:08:05 honeypot-fra-1 sshd[7276]: error: maximum authentication attempts exceeded for invalid user admin from 128.53.5.55 port 62671 ssh2 [preauth]","@timestamp":"2022-09-13T22:08:06.111Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:08:44 honeypot-ams-1 kernel: [83983508.352522] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=25273 DF PROTO=TCP SPT=55007 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:08:45.826Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:09:51 honeypot-fra-1 sshd[7283]: Connection closed by authenticating user nobody 179.60.147.69 port 60862 [preauth]","@timestamp":"2022-09-13T22:09:52.154Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:10:02.581Z","@version":"1","message":"Sep 13 22:10:01 honeypot-sgp-1 sshd[11702]: Received disconnect from 187.170.240.80 port 42278:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:12:06 honeypot-ams-1 sshd[16483]: Received disconnect from 94.139.201.56 port 44446:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:12:06.933Z"}
{"@timestamp":"2022-09-13T22:13:51.675Z","@version":"1","message":"Sep 13 22:13:50 honeypot-sgp-1 sshd[11711]: Received disconnect from 157.245.122.58 port 36382:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:14:39 honeypot-ams-1 sshd[16487]: Received disconnect from 113.161.79.231 port 32862:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:14:40.000Z"}
{"@timestamp":"2022-09-13T22:14:54.703Z","@version":"1","message":"Sep 13 22:14:53 honeypot-sgp-1 sshd[11715]: Disconnected from invalid user odoo 157.245.122.58 port 49934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:16:53.752Z","@version":"1","message":"Sep 13 22:16:52 honeypot-sgp-1 sshd[11721]: Received disconnect from 61.177.172.114 port 47165:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:17:01 honeypot-fra-1 CRON[7288]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T22:17:02.317Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:17:02.757Z","@version":"1","message":"Sep 13 22:17:01 honeypot-sgp-1 CRON[11725]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:17:54.780Z","@version":"1","message":"Sep 13 22:17:54 honeypot-sgp-1 sshd[11729]: Disconnected from invalid user jonitwiso 157.245.122.58 port 34094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:18:02 honeypot-ams-1 sshd[16493]: Disconnected from authenticating user root 61.177.172.124 port 56388 [preauth]","@timestamp":"2022-09-13T22:18:03.085Z"}
{"@timestamp":"2022-09-13T22:19:27.819Z","@version":"1","message":"Sep 13 22:19:27 honeypot-sgp-1 sshd[11733]: Disconnected from invalid user joaquina 123.125.194.150 port 35090 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:23:32.917Z","@version":"1","message":"Sep 13 22:23:32 honeypot-sgp-1 kernel: [83983922.374344] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=5540 DF PROTO=TCP SPT=57188 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:24:57 honeypot-fra-1 kernel: [83982319.633052] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=58645 DF PROTO=TCP SPT=36882 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:24:57.497Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:25:17 honeypot-ams-1 sshd[16506]: Disconnected from authenticating user root 92.255.85.70 port 39534 [preauth]","@timestamp":"2022-09-13T22:25:17.274Z"}
{"@timestamp":"2022-09-13T22:28:47.043Z","@version":"1","message":"Sep 13 22:28:46 honeypot-sgp-1 sshd[11816]: Disconnected from invalid user teamspeak3 104.248.62.102 port 55400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:29:26 honeypot-ams-1 kernel: [83984750.260106] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=31511 DF PROTO=TCP SPT=39918 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:29:27.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:29:45 honeypot-fra-1 sshd[7370]: Connection closed by invalid user admin 119.196.184.146 port 59463 [preauth]","@timestamp":"2022-09-13T22:29:45.606Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:35:28 honeypot-ams-1 sshd[16516]: Received disconnect from 61.177.173.39 port 61391:11:  [preauth]","@timestamp":"2022-09-13T22:35:28.543Z"}
{"@timestamp":"2022-09-13T22:36:27.224Z","@version":"1","message":"Sep 13 22:36:27 honeypot-sgp-1 sshd[11824]: Received disconnect from 61.177.173.51 port 12696:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7386]: Invalid user git from 52.183.129.64 port 49430","@timestamp":"2022-09-13T22:36:43.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7387]: Invalid user elastic from 52.183.129.64 port 49440","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7390]: Invalid user web from 52.183.129.64 port 49460","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7388]: Connection closed by authenticating user root 52.183.129.64 port 49448 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7391]: Connection closed by invalid user ftpuser 52.183.129.64 port 49462 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7410]: Invalid user admin from 52.183.129.64 port 49396","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7414]: Connection closed by invalid user testuser 52.183.129.64 port 49464 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7423]: Invalid user oracle from 52.183.129.64 port 49442","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7427]: Invalid user user from 52.183.129.64 port 49394","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7429]: Connection closed by invalid user elasticsearch 52.183.129.64 port 49452 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7421]: Connection closed by invalid user chia 52.183.129.64 port 49420 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:36:59.239Z","@version":"1","message":"Sep 13 22:36:58 honeypot-sgp-1 sshd[11828]: Disconnected from invalid user rstudio-server 138.197.68.4 port 33884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:38:21.274Z","@version":"1","message":"Sep 13 22:38:21 honeypot-sgp-1 kernel: [83984810.700160] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54166 PROTO=TCP SPT=28664 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:42:06 honeypot-ams-1 sshd[16524]: Disconnected from authenticating user root 159.65.41.104 port 50006 [preauth]","@timestamp":"2022-09-13T22:42:06.738Z"}
{"@timestamp":"2022-09-13T22:42:53.385Z","@version":"1","message":"Sep 13 22:42:52 honeypot-sgp-1 sshd[11837]: Received disconnect from 134.209.99.121 port 42204:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:45:09 honeypot-ams-1 sshd[16531]: Received disconnect from 80.76.51.46 port 42200:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:45:10.820Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:45:50 honeypot-fra-1 sshd[7444]: Received disconnect from 92.255.85.70 port 63128:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:45:51.970Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:45:52 honeypot-ams-1 sshd[16537]: Received disconnect from 80.76.51.46 port 55982:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:45:52.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:32 honeypot-ams-1 sshd[16543]: Received disconnect from 80.76.51.46 port 41340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:46:32.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:12 honeypot-ams-1 sshd[16550]: Received disconnect from 80.76.51.46 port 55040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:47:12.880Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:47:38 honeypot-ams-1 kernel: [83985841.577189] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.119.206 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53558 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:47:38.892Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:52 honeypot-ams-1 sshd[16556]: Disconnected from invalid user testuser 80.76.51.46 port 40422 [preauth]","@timestamp":"2022-09-13T22:47:52.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:19 honeypot-ams-1 sshd[16561]: Disconnected from invalid user ubuntu 80.76.51.46 port 58990 [preauth]","@timestamp":"2022-09-13T22:48:20.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:42 honeypot-ams-1 sshd[16567]: Received disconnect from 92.255.85.69 port 45778:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:48:42.926Z"}
{"@timestamp":"2022-09-13T22:48:53.527Z","@version":"1","message":"Sep 13 22:48:52 honeypot-sgp-1 kernel: [83985442.040695] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=39761 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:01 honeypot-ams-1 sshd[16571]: Disconnected from authenticating user root 80.76.51.46 port 44538 [preauth]","@timestamp":"2022-09-13T22:49:01.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:42 honeypot-ams-1 sshd[16577]: Invalid user postgres from 80.76.51.46 port 58182","@timestamp":"2022-09-13T22:49:42.957Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:50:06 honeypot-fra-1 sshd[7449]: Received disconnect from 82.39.244.117 port 59622:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:50:07.069Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:09 honeypot-ams-1 sshd[16581]: Disconnected from authenticating user root 80.76.51.46 port 48464 [preauth]","@timestamp":"2022-09-13T22:50:09.970Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:50 honeypot-ams-1 sshd[16588]: Received disconnect from 80.76.51.46 port 33882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:50:50.991Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:52:22 honeypot-fra-1 sshd[7451]: Disconnected from invalid user csl 173.186.116.37 port 44762 [preauth]","@timestamp":"2022-09-13T22:52:23.123Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:54:47 honeypot-fra-1 sshd[7457]: Received disconnect from 143.198.60.41 port 43236:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:54:48.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:59:45 honeypot-ams-1 sshd[16598]: Received disconnect from 103.88.240.2 port 56504:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:59:46.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:00:56 honeypot-fra-1 sshd[7467]: Connection closed by authenticating user root 103.188.176.251 port 35814 [preauth]","@timestamp":"2022-09-13T23:00:57.323Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:37 honeypot-fra-1 sshd[7472]: Received disconnect from 198.98.61.9 port 32882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:03:37.384Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:56 honeypot-fra-1 sshd[7476]: Received disconnect from 198.98.61.9 port 57860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:03:56.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:14 honeypot-fra-1 sshd[7480]: Received disconnect from 198.98.61.9 port 54612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:04:15.402Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:05:40.925Z","@version":"1","message":"Sep 13 23:05:40 honeypot-sgp-1 kernel: [83986450.159353] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3606 PROTO=TCP SPT=49908 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:07:11 honeypot-fra-1 sshd[7485]: Disconnected from authenticating user root 201.89.69.63 port 60600 [preauth]","@timestamp":"2022-09-13T23:07:11.470Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:09:03 honeypot-ams-1 kernel: [83987126.567429] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56455 PROTO=TCP SPT=49908 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:09:03.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:09:03 honeypot-fra-1 sshd[7489]: Disconnected from authenticating user root 92.255.85.69 port 47248 [preauth]","@timestamp":"2022-09-13T23:09:04.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:09:22.015Z","@version":"1","message":"Sep 13 23:09:21 honeypot-sgp-1 kernel: [83986671.015884] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.29.10.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=458 PROTO=TCP SPT=52627 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:12 honeypot-fra-1 sshd[7494]: Received disconnect from 45.61.186.249 port 50146:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:10:13.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:31 honeypot-fra-1 sshd[7498]: Invalid user user from 45.61.186.249 port 45186","@timestamp":"2022-09-13T23:10:31.554Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:50 honeypot-fra-1 sshd[7502]: Invalid user user from 45.61.186.249 port 40214","@timestamp":"2022-09-13T23:10:50.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:13:20 honeypot-fra-1 sshd[7507]: Connection closed by authenticating user root 103.144.36.195 port 60050 [preauth]","@timestamp":"2022-09-13T23:13:20.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:15:48 honeypot-ams-1 sshd[16616]: Disconnected from authenticating user root 61.177.173.36 port 11977 [preauth]","@timestamp":"2022-09-13T23:15:49.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:57 honeypot-fra-1 sshd[7510]: Disconnected from invalid user user 141.255.162.226 port 47214 [preauth]","@timestamp":"2022-09-13T23:15:57.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:00 honeypot-fra-1 sshd[7514]: Disconnected from invalid user user 141.255.162.226 port 47666 [preauth]","@timestamp":"2022-09-13T23:16:00.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:03 honeypot-fra-1 sshd[7518]: Disconnected from invalid user user 141.255.162.226 port 33778 [preauth]","@timestamp":"2022-09-13T23:16:04.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:20:44 honeypot-ams-1 sshd[16623]: Invalid user temp from 187.188.11.222 port 41898","@timestamp":"2022-09-13T23:20:44.768Z"}
{"@timestamp":"2022-09-13T23:22:10.320Z","@version":"1","message":"Sep 13 23:22:09 honeypot-sgp-1 kernel: [83987438.978295] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5820 PROTO=TCP SPT=59586 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:22:21 honeypot-ams-1 kernel: [83987924.631050] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.39.220.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=15542 PROTO=TCP SPT=50976 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:22:21.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:23:22 honeypot-fra-1 sshd[7524]: Invalid user default from 179.60.147.69 port 39696","@timestamp":"2022-09-13T23:23:22.851Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:24:56.390Z","@version":"1","message":"Sep 13 23:24:55 honeypot-sgp-1 sshd[11878]: Received disconnect from 61.177.173.48 port 46452:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:29:01 honeypot-fra-1 sshd[7530]: Invalid user test from 193.106.191.157 port 56208","@timestamp":"2022-09-13T23:29:01.980Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:30:35 honeypot-ams-1 sshd[16636]: Invalid user rou from 68.183.25.174 port 50476","@timestamp":"2022-09-13T23:30:36.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:31:59 honeypot-fra-1 sshd[7535]: Did not receive identification string from 198.98.61.9 port 49190","@timestamp":"2022-09-13T23:32:00.052Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:34 honeypot-fra-1 sshd[7538]: Received disconnect from 198.98.61.9 port 50392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:32:35.068Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:52 honeypot-fra-1 sshd[7542]: Received disconnect from 198.98.61.9 port 45188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:32:53.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:06 honeypot-fra-1 sshd[7546]: Connection closed by invalid user admin 184.147.35.101 port 33823 [preauth]","@timestamp":"2022-09-13T23:33:07.084Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:33:09 honeypot-ams-1 sshd[16640]: Invalid user siska from 213.194.132.143 port 38144","@timestamp":"2022-09-13T23:33:10.102Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:16 honeypot-fra-1 sshd[7550]: Disconnected from invalid user user 198.98.61.9 port 51506 [preauth]","@timestamp":"2022-09-13T23:33:17.089Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:34:48 honeypot-ams-1 sshd[16644]: Received disconnect from 61.177.173.50 port 61254:11:  [preauth]","@timestamp":"2022-09-13T23:34:49.148Z"}
{"@timestamp":"2022-09-13T23:36:36.667Z","@version":"1","message":"Sep 13 23:36:35 honeypot-sgp-1 sshd[11892]: Received disconnect from 64.227.36.9 port 51176:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:39:45 honeypot-ams-1 sshd[16651]: Received disconnect from 61.177.172.19 port 59315:11:  [preauth]","@timestamp":"2022-09-13T23:39:46.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:46:16 honeypot-fra-1 kernel: [83987198.279756] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49162 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:46:16.396Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:47:35 honeypot-ams-1 sshd[16661]: Invalid user pi from 201.137.106.75 port 55262","@timestamp":"2022-09-13T23:47:36.484Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:49:56 honeypot-ams-1 kernel: [83989580.024633] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=5624 PROTO=TCP SPT=52893 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:49:57.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:51:30 honeypot-fra-1 sshd[7563]: Received disconnect from 202.73.11.37 port 42326:11: Bye Bye [preauth]","@timestamp":"2022-09-13T23:51:31.516Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:51:43.016Z","@version":"1","message":"Sep 13 23:51:42 honeypot-sgp-1 kernel: [83989211.836564] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.255.246.131 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=30742 DF PROTO=TCP SPT=59342 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:54:04 honeypot-ams-1 sshd[16673]: Disconnected from authenticating user root 61.177.173.53 port 18839 [preauth]","@timestamp":"2022-09-13T23:54:04.659Z"}
{"@timestamp":"2022-09-13T23:56:15.124Z","@version":"1","message":"Sep 13 23:56:14 honeypot-sgp-1 sshd[11906]: Disconnected from 61.177.172.124 port 18135 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:58:06 honeypot-ams-1 kernel: [83990069.894760] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.70.11.13 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=61485 DF PROTO=TCP SPT=53168 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T23:58:06.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:58:25 honeypot-fra-1 kernel: [83987927.937924] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1162 PROTO=TCP SPT=52893 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:58:26.671Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T23:59:00.193Z","@version":"1","message":"Sep 13 23:58:59 honeypot-sgp-1 sshd[11912]: Invalid user cameras from 81.17.25.50 port 10761","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:42.211Z","@version":"1","message":"Sep 13 23:59:41 honeypot-sgp-1 sshd[11918]: Invalid user  from 81.17.25.50 port 42792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:00:23.231Z","@version":"1","message":"Sep 14 00:00:22 honeypot-sgp-1 sshd[11920]: Invalid user admin from 81.17.25.50 port 21230","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:02:18.280Z","@version":"1","message":"Sep 14 00:02:18 honeypot-sgp-1 sshd[11931]: Invalid user admin from 81.17.25.50 port 48453","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:04:25.336Z","@version":"1","message":"Sep 14 00:04:24 honeypot-sgp-1 sshd[11937]: Disconnecting authenticating user root 81.17.25.50 port 4509: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:04:57 honeypot-ams-1 sshd[16683]: Connection closed by invalid user test 193.106.191.157 port 40460 [preauth]","@timestamp":"2022-09-14T00:04:57.962Z"}
{"@timestamp":"2022-09-14T00:06:34.391Z","@version":"1","message":"Sep 14 00:06:34 honeypot-sgp-1 sshd[11944]: Invalid user araknis from 81.17.25.50 port 17542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:08:39.446Z","@version":"1","message":"Sep 14 00:08:39 honeypot-sgp-1 sshd[11955]: Received disconnect from 61.177.173.49 port 27593:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:09:58.481Z","@version":"1","message":"Sep 14 00:09:57 honeypot-sgp-1 sshd[11957]: Disconnecting authenticating user root 81.17.25.50 port 44554: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:11:01 honeypot-ams-1 sshd[16689]: Did not receive identification string from 172.104.131.24 port 48220","@timestamp":"2022-09-14T00:11:02.130Z"}
{"@timestamp":"2022-09-14T00:11:30.523Z","@version":"1","message":"Sep 14 00:11:30 honeypot-sgp-1 sshd[11966]: Disconnected from authenticating user root 61.177.173.36 port 13782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:11:49 honeypot-fra-1 kernel: [83988731.751838] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.90 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49018 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:11:49.989Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T00:13:34.577Z","@version":"1","message":"Sep 14 00:13:33 honeypot-sgp-1 sshd[11973]: Invalid user 1234 from 81.17.25.50 port 20858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:15:00.614Z","@version":"1","message":"Sep 14 00:15:00 honeypot-sgp-1 sshd[11979]: Disconnected from authenticating user root 61.177.173.39 port 15982 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:16:00.641Z","@version":"1","message":"Sep 14 00:16:00 honeypot-sgp-1 sshd[11985]: Disconnecting invalid user cisco 81.17.25.50 port 31093: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:17:01 honeypot-fra-1 CRON[7583]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T00:17:02.111Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:17:02.668Z","@version":"1","message":"Sep 14 00:17:01 honeypot-sgp-1 CRON[11993]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:18:15 honeypot-ams-1 sshd[16698]: Connection closed by 192.241.216.14 port 33202 [preauth]","@timestamp":"2022-09-14T00:18:15.322Z"}
{"@timestamp":"2022-09-14T00:18:15.702Z","@version":"1","message":"Sep 14 00:18:14 honeypot-sgp-1 sshd[12003]: Disconnecting invalid user Administrator 81.17.25.50 port 16283: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:18:40.715Z","@version":"1","message":"Sep 14 00:18:40 honeypot-sgp-1 sshd[12009]: Disconnecting invalid user sti.admin5 81.17.25.50 port 3706: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:11.729Z","@version":"1","message":"Sep 14 00:19:11 honeypot-sgp-1 sshd[12019]: Received disconnect from 45.33.107.51 port 60080:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:33.741Z","@version":"1","message":"Sep 14 00:19:33 honeypot-sgp-1 sshd[12021]: Invalid user zhone from 81.17.25.50 port 30952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:20:14.759Z","@version":"1","message":"Sep 14 00:20:14 honeypot-sgp-1 sshd[12027]: Disconnecting authenticating user root 81.17.25.50 port 43344: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:20:30 honeypot-ams-1 sshd[16705]: Disconnected from authenticating user root 61.177.172.98 port 39969 [preauth]","@timestamp":"2022-09-14T00:20:30.384Z"}
{"@timestamp":"2022-09-14T00:21:09.785Z","@version":"1","message":"Sep 14 00:21:09 honeypot-sgp-1 sshd[12033]: Disconnecting invalid user c1@r0 81.17.25.50 port 24063: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:22:11 honeypot-fra-1 sshd[7591]: Invalid user pi from 143.92.181.171 port 37346","@timestamp":"2022-09-14T00:22:12.225Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:22:25.820Z","@version":"1","message":"Sep 14 00:22:24 honeypot-sgp-1 kernel: [83991054.272805] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.236 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=53331 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:23:15.843Z","@version":"1","message":"Sep 14 00:23:15 honeypot-sgp-1 sshd[12046]: Invalid user Admin from 81.17.25.50 port 12965","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:24:10.870Z","@version":"1","message":"Sep 14 00:24:10 honeypot-sgp-1 sshd[12052]: Invalid user  from 81.17.25.50 port 43425","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:25:25.903Z","@version":"1","message":"Sep 14 00:25:25 honeypot-sgp-1 sshd[12059]: Invalid user  from 81.17.25.50 port 48792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:25:48 honeypot-ams-1 sshd[16710]: Disconnected from authenticating user root 61.177.173.39 port 15545 [preauth]","@timestamp":"2022-09-14T00:25:48.524Z"}
{"@timestamp":"2022-09-14T00:25:58.918Z","@version":"1","message":"Sep 14 00:25:58 honeypot-sgp-1 sshd[12065]: Invalid user admin from 81.17.25.50 port 15278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:26:40.939Z","@version":"1","message":"Sep 14 00:26:40 honeypot-sgp-1 sshd[12071]: Disconnecting invalid user admin 81.17.25.50 port 12121: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:13.955Z","@version":"1","message":"Sep 14 00:27:13 honeypot-sgp-1 sshd[12077]: Disconnecting invalid user admin 81.17.25.50 port 39273: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:19.959Z","@version":"1","message":"Sep 14 00:27:19 honeypot-sgp-1 sshd[12083]: Disconnecting invalid user Shiko 81.17.25.50 port 40581: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:24.963Z","@version":"1","message":"Sep 14 00:27:24 honeypot-sgp-1 sshd[12089]: Disconnecting invalid user smcadmin 81.17.25.50 port 36827: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:27:24 honeypot-fra-1 sshd[7596]: Disconnected from invalid user bho 144.217.81.162 port 56058 [preauth]","@timestamp":"2022-09-14T00:27:25.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:28:02.980Z","@version":"1","message":"Sep 14 00:28:02 honeypot-sgp-1 sshd[12098]: Received disconnect from 188.166.210.28 port 58038:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:28:17.988Z","@version":"1","message":"Sep 14 00:28:17 honeypot-sgp-1 sshd[12095]: Disconnecting invalid user highspeed 81.17.25.50 port 41642: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:28:52 honeypot-ams-1 sshd[16718]: Received disconnect from 20.204.106.198 port 41464:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:28:53.621Z"}
{"@timestamp":"2022-09-14T00:28:59.009Z","@version":"1","message":"Sep 14 00:28:58 honeypot-sgp-1 sshd[12106]: Disconnecting invalid user  81.17.25.50 port 45279: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:29:25.021Z","@version":"1","message":"Sep 14 00:29:24 honeypot-sgp-1 sshd[12112]: Disconnecting invalid user public 81.17.25.50 port 22346: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:38 honeypot-ams-1 sshd[16724]: Invalid user ubnt from 177.24.46.4 port 35395","@timestamp":"2022-09-14T00:29:38.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:42 honeypot-ams-1 sshd[16728]: Disconnected from authenticating user root 177.24.46.4 port 35473 [preauth]","@timestamp":"2022-09-14T00:29:42.644Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:48 honeypot-ams-1 sshd[16734]: Disconnected from authenticating user root 177.24.46.4 port 35655 [preauth]","@timestamp":"2022-09-14T00:29:48.648Z"}
{"@timestamp":"2022-09-14T00:29:53.033Z","@version":"1","message":"Sep 14 00:29:52 honeypot-sgp-1 sshd[12120]: Invalid user 123456 from 81.17.25.50 port 55369","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:55 honeypot-ams-1 sshd[16740]: Disconnected from authenticating user root 177.24.46.4 port 35789 [preauth]","@timestamp":"2022-09-14T00:29:56.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:02 honeypot-ams-1 sshd[16746]: Disconnected from authenticating user root 177.24.46.4 port 35986 [preauth]","@timestamp":"2022-09-14T00:30:02.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:07 honeypot-ams-1 sshd[16752]: Disconnected from authenticating user root 177.24.46.4 port 36151 [preauth]","@timestamp":"2022-09-14T00:30:08.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:13 honeypot-ams-1 sshd[16758]: Disconnected from authenticating user root 177.24.46.4 port 36262 [preauth]","@timestamp":"2022-09-14T00:30:13.664Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:19 honeypot-ams-1 sshd[16764]: Disconnected from authenticating user root 177.24.46.4 port 36444 [preauth]","@timestamp":"2022-09-14T00:30:19.668Z"}
{"@timestamp":"2022-09-14T00:30:26.048Z","@version":"1","message":"Sep 14 00:30:25 honeypot-sgp-1 sshd[12126]: Invalid user readwrite from 81.17.25.50 port 33427","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:26 honeypot-ams-1 sshd[16770]: Disconnected from authenticating user root 177.24.46.4 port 36572 [preauth]","@timestamp":"2022-09-14T00:30:27.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:40 honeypot-ams-1 sshd[16777]: Disconnected from authenticating user root 177.24.46.4 port 36904 [preauth]","@timestamp":"2022-09-14T00:30:40.682Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:30:45 honeypot-fra-1 sshd[7600]: Disconnected from invalid user nj 111.93.38.34 port 39234 [preauth]","@timestamp":"2022-09-14T00:30:45.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:30:53.062Z","@version":"1","message":"Sep 14 00:30:53 honeypot-sgp-1 sshd[12132]: Invalid user DZY-W2914NSV2 from 81.17.25.50 port 61587","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:55 honeypot-ams-1 sshd[16783]: Received disconnect from 177.24.46.4 port 37216:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:55.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:02 honeypot-ams-1 sshd[16789]: Received disconnect from 177.24.46.4 port 37420:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:02.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:08 honeypot-ams-1 sshd[16793]: Disconnected from invalid user admin 177.24.46.4 port 37563 [preauth]","@timestamp":"2022-09-14T00:31:08.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:11 honeypot-ams-1 sshd[16797]: Disconnected from invalid user admin 177.24.46.4 port 37647 [preauth]","@timestamp":"2022-09-14T00:31:12.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:15 honeypot-ams-1 sshd[16801]: Disconnected from invalid user admin 177.24.46.4 port 37735 [preauth]","@timestamp":"2022-09-14T00:31:16.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:19 honeypot-ams-1 sshd[16805]: Disconnected from invalid user admin 177.24.46.4 port 37844 [preauth]","@timestamp":"2022-09-14T00:31:19.708Z"}
{"@timestamp":"2022-09-14T00:31:20.074Z","@version":"1","message":"Sep 14 00:31:19 honeypot-sgp-1 sshd[12138]: Invalid user zoomadsl from 81.17.25.50 port 9530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:23 honeypot-ams-1 sshd[16809]: Disconnected from invalid user admin 177.24.46.4 port 37918 [preauth]","@timestamp":"2022-09-14T00:31:23.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:27 honeypot-ams-1 sshd[16813]: Received disconnect from 177.24.46.4 port 38036:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:27.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:32 honeypot-ams-1 sshd[16819]: Invalid user pi from 177.24.46.4 port 38153","@timestamp":"2022-09-14T00:31:33.717Z"}
{"@timestamp":"2022-09-14T00:31:34.081Z","@version":"1","message":"Sep 14 00:31:33 honeypot-sgp-1 sshd[12144]: Invalid user 1admin0 from 81.17.25.50 port 31189","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:36 honeypot-ams-1 sshd[16823]: Invalid user user from 177.24.46.4 port 38264","@timestamp":"2022-09-14T00:31:37.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:40 honeypot-ams-1 sshd[16827]: Invalid user mine from 177.24.46.4 port 38346","@timestamp":"2022-09-14T00:31:40.722Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:31:44 honeypot-ams-1 kernel: [83992088.124397] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5662 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:31:44.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:47 honeypot-ams-1 sshd[16833]: Disconnected from invalid user volumio 177.24.46.4 port 38506 [preauth]","@timestamp":"2022-09-14T00:31:47.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:50 honeypot-ams-1 sshd[16837]: Received disconnect from 177.24.46.4 port 38593:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:51.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:54 honeypot-ams-1 sshd[16841]: Received disconnect from 177.24.46.4 port 38672:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:55.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:58 honeypot-ams-1 sshd[16845]: Received disconnect from 177.24.46.4 port 38790:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:58.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:02 honeypot-ams-1 sshd[16849]: Received disconnect from 177.24.46.4 port 38871:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:32:02.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:05 honeypot-ams-1 sshd[16853]: Received disconnect from 177.24.46.4 port 38961:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:32:06.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:09 honeypot-ams-1 sshd[16857]: Received disconnect from 177.24.46.4 port 39059:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:32:09.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:13 honeypot-ams-1 sshd[16861]: Received disconnect from 177.24.46.4 port 39141:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:32:13.748Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:33:13 honeypot-fra-1 sshd[7605]: Connection closed by 192.241.208.113 port 44070 [preauth]","@timestamp":"2022-09-14T00:33:14.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:35:14.168Z","@version":"1","message":"Sep 14 00:35:13 honeypot-sgp-1 sshd[12154]: Disconnected from authenticating user root 61.177.173.36 port 43598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:08 honeypot-fra-1 sshd[7612]: Received disconnect from 141.255.162.226 port 56286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T00:36:09.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:11 honeypot-fra-1 sshd[7616]: Received disconnect from 141.255.162.226 port 49624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T00:36:12.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:14 honeypot-fra-1 sshd[7620]: Received disconnect from 141.255.162.226 port 48034:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T00:36:14.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:36:40 honeypot-ams-1 sshd[16868]: Received disconnect from 197.235.16.123 port 46412:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:36:41.872Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:37:27 honeypot-fra-1 sshd[7626]: Disconnected from authenticating user root 51.83.44.100 port 54630 [preauth]","@timestamp":"2022-09-14T00:37:28.580Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:38:29.246Z","@version":"1","message":"Sep 14 00:38:28 honeypot-sgp-1 sshd[12162]: Received disconnect from 92.255.85.69 port 60734:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:41:07.311Z","@version":"1","message":"Sep 14 00:41:06 honeypot-sgp-1 sshd[12166]: Received disconnect from 5.182.18.155 port 42994:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:41:41 honeypot-fra-1 kernel: [83990523.499034] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.111.173.247 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=12155 DF PROTO=TCP SPT=3665 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T00:41:41.678Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:43:37 honeypot-ams-1 sshd[16880]: Received disconnect from 92.255.85.69 port 15156:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:43:38.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16888]: Invalid user guest from 193.176.239.126 port 48276","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16895]: Invalid user admin from 193.176.239.126 port 48320","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16891]: Connection closed by authenticating user root 193.176.239.126 port 48352 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16914]: Invalid user oracle from 193.176.239.126 port 48346","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16901]: Connection closed by authenticating user root 193.176.239.126 port 48282 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16894]: Connection closed by invalid user chia 193.176.239.126 port 48286 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16904]: Connection closed by invalid user guest 193.176.239.126 port 48280 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16920]: Invalid user vnc from 193.176.239.126 port 48340","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16916]: Connection closed by invalid user centos 193.176.239.126 port 48310 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16920]: Connection closed by invalid user vnc 193.176.239.126 port 48340 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@timestamp":"2022-09-14T00:49:50.515Z","@version":"1","message":"Sep 14 00:49:49 honeypot-sgp-1 sshd[12179]: Invalid user samura from 201.116.3.194 port 57480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:50:57 honeypot-ams-1 kernel: [83993240.731416] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=8848 PROTO=TCP SPT=50301 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:50:58.256Z"}
{"@timestamp":"2022-09-14T00:51:41.562Z","@version":"1","message":"Sep 14 00:51:40 honeypot-sgp-1 sshd[12185]: Invalid user mssql from 128.199.118.93 port 46798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:52:16 honeypot-fra-1 sshd[7636]: Connection closed by invalid user admin 200.215.164.83 port 47652 [preauth]","@timestamp":"2022-09-14T00:52:17.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:54:57.639Z","@version":"1","message":"Sep 14 00:54:57 honeypot-sgp-1 sshd[12189]: Disconnected from invalid user topomaps 159.223.68.133 port 55218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:00:12 honeypot-fra-1 sshd[7643]: Connection closed by invalid user admin 220.121.250.154 port 47506 [preauth]","@timestamp":"2022-09-14T01:00:12.097Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:01:46.797Z","@version":"1","message":"Sep 14 01:01:46 honeypot-sgp-1 sshd[12202]: Received disconnect from 92.255.85.69 port 59692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:10 honeypot-ams-1 sshd[16968]: Did not receive identification string from 45.61.186.249 port 37688","@timestamp":"2022-09-14T01:02:11.548Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:53 honeypot-ams-1 sshd[16973]: Invalid user user from 45.61.186.249 port 37900","@timestamp":"2022-09-14T01:02:53.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:11 honeypot-ams-1 sshd[16977]: Invalid user user from 45.61.186.249 port 60502","@timestamp":"2022-09-14T01:03:12.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:30 honeypot-ams-1 sshd[16981]: Invalid user user from 45.61.186.249 port 54884","@timestamp":"2022-09-14T01:03:30.590Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:04:05 honeypot-ams-1 kernel: [83994028.543661] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.70.11.13 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=63889 DF PROTO=TCP SPT=57200 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T01:04:05.609Z"}
{"@timestamp":"2022-09-14T01:04:58.874Z","@version":"1","message":"Sep 14 01:04:58 honeypot-sgp-1 sshd[12207]: Disconnected from authenticating user root 103.246.240.30 port 53538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:07:06 honeypot-ams-1 sshd[16988]: Disconnected from authenticating user root 92.255.85.70 port 47322 [preauth]","@timestamp":"2022-09-14T01:07:07.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:56 honeypot-ams-1 sshd[16996]: Received disconnect from 175.4.209.29 port 32147:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:09:57.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:02 honeypot-ams-1 sshd[17002]: Received disconnect from 175.4.209.29 port 32298:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:02.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:08 honeypot-ams-1 sshd[17009]: Received disconnect from 175.4.209.29 port 32501:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:08.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:14 honeypot-ams-1 sshd[17015]: Received disconnect from 175.4.209.29 port 32687:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:14.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:20 honeypot-ams-1 sshd[17021]: Received disconnect from 175.4.209.29 port 32864:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:20.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:26 honeypot-ams-1 sshd[17027]: Received disconnect from 175.4.209.29 port 33094:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:27.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:33 honeypot-ams-1 sshd[17033]: Received disconnect from 175.4.209.29 port 33254:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:33.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:39 honeypot-ams-1 sshd[17039]: Received disconnect from 175.4.209.29 port 33457:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:39.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:45 honeypot-ams-1 sshd[17045]: Received disconnect from 175.4.209.29 port 33634:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:45.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:07 honeypot-ams-1 sshd[17055]: Received disconnect from 175.4.209.29 port 30208:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:07.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:23 honeypot-ams-1 sshd[17063]: Received disconnect from 61.177.173.47 port 12721:11:  [preauth]","@timestamp":"2022-09-14T01:11:23.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:26 honeypot-ams-1 sshd[17067]: Disconnected from invalid user admin 175.4.209.29 port 30825 [preauth]","@timestamp":"2022-09-14T01:11:26.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:30 honeypot-ams-1 sshd[17071]: Disconnected from invalid user admin 175.4.209.29 port 30947 [preauth]","@timestamp":"2022-09-14T01:11:30.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:34 honeypot-ams-1 sshd[17075]: Disconnected from invalid user admin 175.4.209.29 port 31075 [preauth]","@timestamp":"2022-09-14T01:11:34.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:38 honeypot-ams-1 sshd[17079]: Disconnected from invalid user admin 175.4.209.29 port 31206 [preauth]","@timestamp":"2022-09-14T01:11:38.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:42 honeypot-ams-1 sshd[17083]: Disconnected from invalid user admin 175.4.209.29 port 31317 [preauth]","@timestamp":"2022-09-14T01:11:42.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:46 honeypot-ams-1 sshd[17087]: Disconnected from invalid user user 175.4.209.29 port 31445 [preauth]","@timestamp":"2022-09-14T01:11:46.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:52 honeypot-ams-1 sshd[17093]: Received disconnect from 175.4.209.29 port 31621:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:52.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:56 honeypot-ams-1 sshd[17097]: Received disconnect from 175.4.209.29 port 31789:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:56.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:01 honeypot-ams-1 sshd[17101]: Received disconnect from 175.4.209.29 port 31957:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:01.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:05 honeypot-ams-1 sshd[17105]: Received disconnect from 175.4.209.29 port 32104:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:05.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:09 honeypot-ams-1 sshd[17109]: Received disconnect from 175.4.209.29 port 32247:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:10.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:16 honeypot-ams-1 sshd[17113]: Received disconnect from 175.4.209.29 port 32460:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:16.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:20 honeypot-ams-1 sshd[17117]: Received disconnect from 175.4.209.29 port 32584:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:20.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:24 honeypot-ams-1 sshd[17121]: Received disconnect from 175.4.209.29 port 32731:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:24.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:28 honeypot-ams-1 sshd[17125]: Received disconnect from 175.4.209.29 port 32867:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:28.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:32 honeypot-ams-1 sshd[17129]: Received disconnect from 175.4.209.29 port 32989:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:32.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:36 honeypot-ams-1 sshd[17133]: Received disconnect from 175.4.209.29 port 33144:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:12:36.874Z"}
{"@timestamp":"2022-09-14T01:12:42.062Z","@version":"1","message":"Sep 14 01:12:41 honeypot-sgp-1 sshd[12215]: Received disconnect from 52.149.180.228 port 48864:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:14:00.096Z","@version":"1","message":"Sep 14 01:13:59 honeypot-sgp-1 sshd[12219]: Connection closed by invalid user default 179.60.147.69 port 1642 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:14:06 honeypot-fra-1 kernel: [83992468.593852] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=17238 DF PROTO=TCP SPT=33428 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:14:07.407Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:14:34 honeypot-ams-1 sshd[17137]: Disconnected from authenticating user root 61.177.173.51 port 35174 [preauth]","@timestamp":"2022-09-14T01:14:34.926Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:17:01 honeypot-fra-1 CRON[7655]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T01:17:02.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:17:21 honeypot-ams-1 kernel: [83994824.712297] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2496 DF PROTO=TCP SPT=33204 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:17:22.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:17:49 honeypot-fra-1 sshd[7658]: Received disconnect from 222.232.29.235 port 53216:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:17:49.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:18:00.201Z","@version":"1","message":"Sep 14 01:17:59 honeypot-sgp-1 sshd[12227]: Received disconnect from 61.177.172.98 port 13229:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:20:09 honeypot-ams-1 kernel: [83994992.538281] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=175.24.180.25 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=3297 DF PROTO=TCP SPT=57258 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T01:20:10.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:11 honeypot-fra-1 sshd[7665]: Connection closed by invalid user admin 128.199.160.207 port 58604 [preauth]","@timestamp":"2022-09-14T01:21:11.572Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:14 honeypot-fra-1 sshd[7671]: Connection closed by invalid user admin 128.199.160.207 port 58624 [preauth]","@timestamp":"2022-09-14T01:21:14.574Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:24:07 honeypot-ams-1 kernel: [83995231.130541] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.48.54.32 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=44 ID=53976 PROTO=TCP SPT=8146 DPT=443 WINDOW=17794 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:24:08.183Z"}
{"@timestamp":"2022-09-14T01:24:46.362Z","@version":"1","message":"Sep 14 01:24:45 honeypot-sgp-1 sshd[12234]: Disconnected from authenticating user root 92.255.85.69 port 34648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:28:34.473Z","@version":"1","message":"Sep 14 01:28:34 honeypot-sgp-1 sshd[12236]: Received disconnect from 61.177.173.39 port 43328:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:30:33 honeypot-ams-1 sshd[17166]: Disconnected from authenticating user root 61.177.173.46 port 46958 [preauth]","@timestamp":"2022-09-14T01:30:34.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:32:08 honeypot-fra-1 kernel: [83993550.815636] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.172.240.54 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=18162 DF PROTO=TCP SPT=43008 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:32:09.824Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T01:32:57.578Z","@version":"1","message":"Sep 14 01:32:57 honeypot-sgp-1 sshd[12241]: Disconnected from invalid user webadmin 104.248.251.225 port 36412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:37:16.682Z","@version":"1","message":"Sep 14 01:37:16 honeypot-sgp-1 sshd[12249]: Invalid user admin from 178.128.125.205 port 43578","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:37:23 honeypot-ams-1 kernel: [83996027.194036] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=25233 PROTO=TCP SPT=4410 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:37:24.533Z"}
{"@timestamp":"2022-09-14T01:37:49.697Z","@version":"1","message":"Sep 14 01:37:48 honeypot-sgp-1 kernel: [83995578.043378] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=33047 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:41:43 honeypot-ams-1 sshd[17181]: Disconnected from authenticating user root 80.76.51.45 port 54434 [preauth]","@timestamp":"2022-09-14T01:41:44.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:15 honeypot-ams-1 sshd[17185]: Received disconnect from 80.76.51.45 port 49190:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:42:15.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:59 honeypot-ams-1 sshd[17191]: Received disconnect from 80.76.51.45 port 55322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:43:00.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:43:45 honeypot-ams-1 sshd[17197]: Received disconnect from 80.76.51.45 port 33248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:43:45.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:44:28 honeypot-ams-1 sshd[17203]: Invalid user user from 80.76.51.45 port 39430","@timestamp":"2022-09-14T01:44:28.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:46:15 honeypot-ams-1 sshd[17207]: Received disconnect from 61.177.172.19 port 31784:11:  [preauth]","@timestamp":"2022-09-14T01:46:15.819Z"}
{"@timestamp":"2022-09-14T01:48:38.955Z","@version":"1","message":"Sep 14 01:48:38 honeypot-sgp-1 sshd[12263]: Disconnected from authenticating user root 92.255.85.69 port 29648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:50:47 honeypot-fra-1 sshd[7681]: Received disconnect from 200.73.134.13 port 39594:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:50:47.259Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:53:28.075Z","@version":"1","message":"Sep 14 01:53:27 honeypot-sgp-1 sshd[12273]: Received disconnect from 45.61.186.49 port 46852:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:53:39.081Z","@version":"1","message":"Sep 14 01:53:38 honeypot-sgp-1 sshd[12277]: Received disconnect from 45.61.186.49 port 58492:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:54:59 honeypot-ams-1 sshd[17218]: Received disconnect from 61.177.173.50 port 41310:11:  [preauth]","@timestamp":"2022-09-14T01:55:00.049Z"}
{"@timestamp":"2022-09-14T01:57:28.192Z","@version":"1","message":"Sep 14 01:57:27 honeypot-sgp-1 sshd[12282]: Disconnected from authenticating user root 61.177.173.36 port 64405 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:59:16 honeypot-ams-1 kernel: [83997340.081599] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.172.17.236 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=33669 DF PROTO=TCP SPT=50438 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T01:59:17.162Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:01:53 honeypot-fra-1 kernel: [83995335.176613] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.60.133 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=29559 DF PROTO=TCP SPT=10907 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:01:53.514Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:14 honeypot-fra-1 sshd[7693]: Did not receive identification string from 179.43.145.74 port 54334","@timestamp":"2022-09-14T02:04:14.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:27 honeypot-fra-1 sshd[7698]: Disconnected from authenticating user root 179.43.145.74 port 59262 [preauth]","@timestamp":"2022-09-14T02:04:27.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:57 honeypot-fra-1 sshd[7704]: Disconnected from authenticating user root 179.43.145.74 port 40156 [preauth]","@timestamp":"2022-09-14T02:04:57.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:06:18 honeypot-fra-1 sshd[7710]: Invalid user admin from 179.43.145.74 port 58406","@timestamp":"2022-09-14T02:06:19.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:06:56 honeypot-ams-1 sshd[17229]: Disconnected from authenticating user root 61.177.173.52 port 35045 [preauth]","@timestamp":"2022-09-14T02:06:57.366Z"}
{"@timestamp":"2022-09-14T02:07:12.429Z","@version":"1","message":"Sep 14 02:07:12 honeypot-sgp-1 sshd[12293]: Disconnected from authenticating user root 61.177.173.36 port 49113 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:08:25 honeypot-fra-1 sshd[7715]: Received disconnect from 143.244.158.100 port 33734:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:08:26.680Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:09:55 honeypot-fra-1 sshd[7719]: Received disconnect from 142.93.112.39 port 32862:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:09:55.718Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:10 honeypot-fra-1 sshd[7725]: Received disconnect from 200.217.20.227 port 58244:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:11:10.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:54 honeypot-fra-1 sshd[7729]: Disconnected from authenticating user root 143.244.158.100 port 57276 [preauth]","@timestamp":"2022-09-14T02:11:54.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:46 honeypot-fra-1 sshd[7736]: Invalid user user from 45.61.184.204 port 39294","@timestamp":"2022-09-14T02:12:47.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:05 honeypot-fra-1 sshd[7740]: Invalid user user from 45.61.184.204 port 34162","@timestamp":"2022-09-14T02:13:05.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:23 honeypot-fra-1 sshd[7744]: Invalid user user from 45.61.184.204 port 57262","@timestamp":"2022-09-14T02:13:23.810Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:13:33.586Z","@version":"1","message":"Sep 14 02:13:33 honeypot-sgp-1 kernel: [83997722.475457] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=51340 PROTO=TCP SPT=45521 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:37 honeypot-fra-1 sshd[7749]: Received disconnect from 143.244.158.100 port 45090:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:13:37.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:14:25 honeypot-fra-1 sshd[7753]: Disconnected from authenticating user root 143.244.158.100 port 44910 [preauth]","@timestamp":"2022-09-14T02:14:25.834Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:15:00 honeypot-ams-1 kernel: [83998283.388124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.199.168.167 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=29443 PROTO=TCP SPT=59740 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:15:00.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:16:08 honeypot-fra-1 sshd[7761]: Connection closed by invalid user admin 141.98.10.158 port 44018 [preauth]","@timestamp":"2022-09-14T02:16:08.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:17:01 honeypot-fra-1 CRON[7765]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T02:17:01.898Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:18:13.698Z","@version":"1","message":"Sep 14 02:18:13 honeypot-sgp-1 sshd[12308]: Disconnected from 61.177.173.51 port 33838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:18:20 honeypot-ams-1 kernel: [83998483.932488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.109.80.14 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=26511 DF PROTO=TCP SPT=50417 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:18:20.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:19:07 honeypot-ams-1 sshd[17678]: Disconnected from 61.177.172.124 port 51247 [preauth]","@timestamp":"2022-09-14T02:19:08.686Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:25 honeypot-fra-1 sshd[7774]: Received disconnect from 143.244.158.100 port 54004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:19:25.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:29 honeypot-fra-1 sshd[7778]: Received disconnect from 141.255.162.226 port 41974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:19:29.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:31 honeypot-fra-1 sshd[7782]: Received disconnect from 141.255.162.226 port 48492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:19:31.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:35 honeypot-fra-1 sshd[7786]: Received disconnect from 141.255.162.226 port 52836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:19:35.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:18 honeypot-ams-1 sshd[17687]: Received disconnect from 109.205.213.23 port 32900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:20:18.721Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:20:18 honeypot-fra-1 sshd[7790]: Received disconnect from 143.244.158.100 port 34432:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:20:18.982Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:42 honeypot-ams-1 sshd[17693]: Received disconnect from 109.205.213.23 port 47970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:20:43.735Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:21:39 honeypot-fra-1 sshd[7794]: Received disconnect from 157.245.157.93 port 58464:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:21:40.017Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:21:44 honeypot-ams-1 kernel: [83998687.775466] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=32828 DF PROTO=TCP SPT=61506 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T02:21:44.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:22:07 honeypot-ams-1 sshd[17704]: Invalid user test from 109.205.213.23 port 49876","@timestamp":"2022-09-14T02:22:08.778Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:22:23 honeypot-ams-1 sshd[17708]: Connection closed by 109.205.213.23 port 50512 [preauth]","@timestamp":"2022-09-14T02:22:24.786Z"}
{"@timestamp":"2022-09-14T02:23:03.818Z","@version":"1","message":"Sep 14 02:23:03 honeypot-sgp-1 sshd[12313]: ssh_dispatch_run_fatal: Connection from 136.52.13.251 port 44116: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:23:09 honeypot-fra-1 sshd[7800]: Invalid user md from 112.146.205.124 port 34210","@timestamp":"2022-09-14T02:23:10.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:24:38 honeypot-fra-1 sshd[7805]: Disconnected from authenticating user root 143.244.158.100 port 33280 [preauth]","@timestamp":"2022-09-14T02:24:39.092Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:27:09 honeypot-fra-1 sshd[7811]: Disconnected from authenticating user root 143.244.158.100 port 53512 [preauth]","@timestamp":"2022-09-14T02:27:10.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:28:34.954Z","@version":"1","message":"Sep 14 02:28:34 honeypot-sgp-1 kernel: [83998623.794913] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.141.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26157 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:28:49 honeypot-ams-1 sshd[17715]: Disconnected from authenticating user root 61.177.173.36 port 44784 [preauth]","@timestamp":"2022-09-14T02:28:49.956Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:28:54 honeypot-fra-1 sshd[7818]: Disconnected from authenticating user root 143.244.158.100 port 58542 [preauth]","@timestamp":"2022-09-14T02:28:55.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:14 honeypot-ams-1 sshd[17720]: Received disconnect from 45.61.186.169 port 44276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:29:14.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:30 honeypot-ams-1 sshd[17724]: Invalid user user from 45.61.186.169 port 39128","@timestamp":"2022-09-14T02:29:30.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:39 honeypot-ams-1 sshd[17726]: Disconnected from invalid user user 45.61.186.169 port 50676 [preauth]","@timestamp":"2022-09-14T02:29:39.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:30:19 honeypot-ams-1 sshd[17732]: Connection closed by invalid user debian 179.60.147.69 port 55718 [preauth]","@timestamp":"2022-09-14T02:30:20.007Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:30:39 honeypot-fra-1 kernel: [83997061.614100] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=38692 PROTO=TCP SPT=42602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:30:40.239Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:33:10 honeypot-fra-1 sshd[7829]: Disconnected from authenticating user root 143.244.158.100 port 60238 [preauth]","@timestamp":"2022-09-14T02:33:11.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:34:53 honeypot-fra-1 sshd[7837]: Received disconnect from 143.244.158.100 port 36338:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:34:54.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:35:41 honeypot-ams-1 sshd[17737]: Received disconnect from 61.177.173.50 port 64214:11:  [preauth]","@timestamp":"2022-09-14T02:35:42.148Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:36:33 honeypot-fra-1 kernel: [83997415.431833] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.189.182.234 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51307 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:36:34.386Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T02:36:45.154Z","@version":"1","message":"Sep 14 02:36:44 honeypot-sgp-1 sshd[12326]: Received disconnect from 61.177.173.35 port 43816:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:37:59 honeypot-fra-1 sshd[7845]: Disconnected from authenticating user root 92.255.85.70 port 20942 [preauth]","@timestamp":"2022-09-14T02:37:59.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:39:59 honeypot-fra-1 sshd[7852]: Received disconnect from 143.244.158.100 port 46062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:39:59.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:40:28 honeypot-ams-1 sshd[17744]: Invalid user ubuntu from 95.79.31.128 port 51895","@timestamp":"2022-09-14T02:40:28.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:03 honeypot-ams-1 sshd[17748]: Did not receive identification string from 109.205.213.23 port 60998","@timestamp":"2022-09-14T02:41:03.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:20 honeypot-ams-1 sshd[17753]: Disconnected from authenticating user root 109.205.213.23 port 42286 [preauth]","@timestamp":"2022-09-14T02:41:20.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:36 honeypot-ams-1 sshd[17759]: Disconnected from authenticating user root 109.205.213.23 port 41796 [preauth]","@timestamp":"2022-09-14T02:41:36.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:42:00 honeypot-ams-1 sshd[17765]: Disconnected from authenticating user root 109.205.213.23 port 55180 [preauth]","@timestamp":"2022-09-14T02:42:01.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:42:28 honeypot-fra-1 sshd[7858]: Received disconnect from 143.244.158.100 port 53502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:42:28.528Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:42:59 honeypot-ams-1 sshd[17771]: Disconnected from authenticating user root 109.205.213.23 port 40330 [preauth]","@timestamp":"2022-09-14T02:42:59.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:43:16 honeypot-ams-1 sshd[17775]: Disconnected from invalid user admin 109.205.213.23 port 39842 [preauth]","@timestamp":"2022-09-14T02:43:16.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:45:01 honeypot-fra-1 kernel: [83997923.014666] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.246.253.24 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=32798 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:45:01.588Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T02:45:29.366Z","@version":"1","message":"Sep 14 02:45:28 honeypot-sgp-1 sshd[12335]: Received disconnect from 61.177.172.98 port 31088:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:46:48 honeypot-fra-1 sshd[7869]: Received disconnect from 143.244.158.100 port 55780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:46:48.632Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:47:51.427Z","@version":"1","message":"Sep 14 02:47:51 honeypot-sgp-1 sshd[12340]: Disconnected from invalid user ubuntu 43.132.121.97 port 57142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:48:13 honeypot-ams-1 sshd[17784]: Received disconnect from 61.177.173.39 port 63110:11:  [preauth]","@timestamp":"2022-09-14T02:48:14.530Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:49:20 honeypot-fra-1 sshd[7876]: Received disconnect from 143.244.158.100 port 50332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:49:20.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:50:10 honeypot-fra-1 sshd[7880]: Disconnected from authenticating user root 143.244.158.100 port 53134 [preauth]","@timestamp":"2022-09-14T02:50:10.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:51:53 honeypot-fra-1 sshd[7884]: Disconnected from authenticating user root 143.244.158.100 port 53522 [preauth]","@timestamp":"2022-09-14T02:51:53.757Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:56:07.655Z","@version":"1","message":"Sep 14 02:56:07 honeypot-sgp-1 sshd[12346]: Disconnected from authenticating user root 61.177.173.35 port 26219 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:57:24 honeypot-fra-1 kernel: [83998665.809972] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=61168 PROTO=TCP SPT=50301 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:57:24.886Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:57:25 honeypot-ams-1 sshd[17792]: Received disconnect from 61.177.173.52 port 63687:11:  [preauth]","@timestamp":"2022-09-14T02:57:25.788Z"}
{"@timestamp":"2022-09-14T02:58:47.724Z","@version":"1","message":"Sep 14 02:58:47 honeypot-sgp-1 kernel: [84000436.460328] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.104.20.135 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=57089 DF PROTO=TCP SPT=58772 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:01:46 honeypot-fra-1 sshd[7896]: Disconnected from authenticating user root 92.255.85.70 port 45618 [preauth]","@timestamp":"2022-09-14T03:01:46.991Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:03:17.839Z","@version":"1","message":"Sep 14 03:03:17 honeypot-sgp-1 sshd[12356]: Invalid user admin from 179.60.147.69 port 41766","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:04:22 honeypot-ams-1 sshd[17800]: Disconnected from authenticating user root 92.255.85.69 port 59728 [preauth]","@timestamp":"2022-09-14T03:04:22.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:07:42 honeypot-ams-1 sshd[17804]: Disconnected from authenticating user root 61.177.173.36 port 43748 [preauth]","@timestamp":"2022-09-14T03:07:43.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:08:52 honeypot-fra-1 sshd[7901]: Invalid user joyoudata from 174.138.24.231 port 51556","@timestamp":"2022-09-14T03:08:53.155Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:13:05 honeypot-fra-1 sshd[7903]: Disconnected from authenticating user root 128.199.74.173 port 48652 [preauth]","@timestamp":"2022-09-14T03:13:06.252Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:13:35.089Z","@version":"1","message":"Sep 14 03:13:34 honeypot-sgp-1 sshd[12366]: Invalid user user from 45.61.186.49 port 47900","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:13:47.095Z","@version":"1","message":"Sep 14 03:13:46 honeypot-sgp-1 sshd[12370]: Invalid user user from 45.61.186.49 port 59488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:30 honeypot-fra-1 sshd[7907]: Disconnected from invalid user user 45.61.184.204 port 40684 [preauth]","@timestamp":"2022-09-14T03:14:31.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:48 honeypot-fra-1 sshd[7912]: Disconnected from invalid user user 45.61.184.204 port 35808 [preauth]","@timestamp":"2022-09-14T03:14:49.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:05 honeypot-fra-1 sshd[7916]: Disconnected from invalid user user 45.61.184.204 port 59152 [preauth]","@timestamp":"2022-09-14T03:15:06.305Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:15:19.134Z","@version":"1","message":"Sep 14 03:15:19 honeypot-sgp-1 kernel: [84001428.363636] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=13088 DF PROTO=TCP SPT=60468 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:20 honeypot-fra-1 sshd[7922]: Invalid user user from 45.61.184.204 port 54282","@timestamp":"2022-09-14T03:15:21.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:16:35 honeypot-fra-1 sshd[7926]: Received disconnect from 179.43.156.143 port 59080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:16:36.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:16:52 honeypot-ams-1 kernel: [84001996.076794] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=13259 DF PROTO=TCP SPT=35709 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:16:53.325Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:17:58 honeypot-fra-1 sshd[7933]: Received disconnect from 179.43.156.143 port 51230:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:17:58.395Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:19:19 honeypot-fra-1 sshd[7938]: Disconnected from invalid user nutanix 179.43.156.143 port 43384 [preauth]","@timestamp":"2022-09-14T03:19:20.427Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:19:35 honeypot-ams-1 sshd[17826]: Disconnected from authenticating user root 201.219.220.224 port 37460 [preauth]","@timestamp":"2022-09-14T03:19:35.398Z"}
{"@timestamp":"2022-09-14T03:20:10.256Z","@version":"1","message":"Sep 14 03:20:09 honeypot-sgp-1 kernel: [84001718.613844] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.39.234.40 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=49982 PROTO=TCP SPT=53517 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:20:41 honeypot-fra-1 sshd[7942]: Received disconnect from 179.43.156.143 port 35572:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:20:41.459Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:22:21.312Z","@version":"1","message":"Sep 14 03:22:21 honeypot-sgp-1 sshd[12386]: Disconnected from authenticating user root 92.255.85.69 port 37896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:22:42 honeypot-fra-1 sshd[7948]: Received disconnect from 179.43.156.143 port 52014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:22:42.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:24:02 honeypot-fra-1 sshd[7953]: Disconnected from authenticating user root 179.43.156.143 port 44182 [preauth]","@timestamp":"2022-09-14T03:24:03.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:25:40.396Z","@version":"1","message":"Sep 14 03:25:39 honeypot-sgp-1 kernel: [84002048.655973] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.118.53.197 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=26137 PROTO=TCP SPT=42685 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:28:27 honeypot-ams-1 kernel: [84002690.616335] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.59.125.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=61321 PROTO=TCP SPT=9295 DPT=443 WINDOW=7031 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:28:27.628Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:29:20 honeypot-fra-1 sshd[7960]: Disconnected from authenticating user root 74.208.121.225 port 56620 [preauth]","@timestamp":"2022-09-14T03:29:20.650Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:30:54.527Z","@version":"1","message":"Sep 14 03:30:54 honeypot-sgp-1 sshd[12399]: Invalid user zhangw from 165.22.16.134 port 36294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:32:18.563Z","@version":"1","message":"Sep 14 03:32:17 honeypot-sgp-1 sshd[12403]: Received disconnect from 210.187.80.132 port 40366:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:33:12 honeypot-ams-1 kernel: [84002976.236438] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=35533 PROTO=TCP SPT=36311 DPT=80 WINDOW=31774 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:33:13.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:34:34 honeypot-fra-1 kernel: [84000896.030618] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=23996 DF PROTO=TCP SPT=24133 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:34:34.769Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:37:11 honeypot-fra-1 sshd[7968]: Disconnected from invalid user 54.168.45.132 154.70.208.66 port 55164 [preauth]","@timestamp":"2022-09-14T03:37:11.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:37:18 honeypot-ams-1 sshd[17846]: Disconnected from authenticating user root 61.177.173.48 port 27018 [preauth]","@timestamp":"2022-09-14T03:37:18.863Z"}
{"@timestamp":"2022-09-14T03:38:10.708Z","@version":"1","message":"Sep 14 03:38:10 honeypot-sgp-1 sshd[12408]: Received disconnect from 49.236.192.106 port 44120:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:13 honeypot-fra-1 sshd[7971]: Invalid user user from 198.98.61.9 port 45362","@timestamp":"2022-09-14T03:40:13.906Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:30 honeypot-fra-1 sshd[7975]: Invalid user user from 198.98.61.9 port 39894","@timestamp":"2022-09-14T03:40:30.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:52 honeypot-fra-1 sshd[7979]: Invalid user user from 198.98.61.9 port 34410","@timestamp":"2022-09-14T03:40:52.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:41:08 honeypot-fra-1 sshd[7983]: Invalid user user from 198.98.61.9 port 57222","@timestamp":"2022-09-14T03:41:08.931Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:43:51.852Z","@version":"1","message":"Sep 14 03:43:51 honeypot-sgp-1 kernel: [84003140.859847] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=5957 PROTO=TCP SPT=43459 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:44:05 honeypot-ams-1 sshd[17851]: Invalid user centos from 179.60.147.69 port 20852","@timestamp":"2022-09-14T03:44:06.037Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:44:07 honeypot-fra-1 sshd[7988]: Disconnected from authenticating user root 159.203.113.193 port 34352 [preauth]","@timestamp":"2022-09-14T03:44:07.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:15 honeypot-fra-1 sshd[8014]: Invalid user malik from 157.230.155.135 port 33887","@timestamp":"2022-09-14T03:51:15.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:51:30 honeypot-ams-1 sshd[17858]: Received disconnect from 61.177.172.108 port 29716:11:  [preauth]","@timestamp":"2022-09-14T03:51:31.234Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:54:42 honeypot-fra-1 kernel: [84002103.724625] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=40015 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:54:42.254Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:57:40 honeypot-ams-1 sshd[17864]: Disconnected from authenticating user root 61.177.173.53 port 51613 [preauth]","@timestamp":"2022-09-14T03:57:41.396Z"}
{"@timestamp":"2022-09-14T04:02:45.317Z","@version":"1","message":"Sep 14 04:02:44 honeypot-sgp-1 sshd[12429]: Invalid user admin from 79.79.21.253 port 38324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T04:03:55.348Z","@version":"1","message":"Sep 14 04:03:54 honeypot-sgp-1 kernel: [84004343.829228] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.118 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51160 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:05:13 honeypot-fra-1 kernel: [84002735.024125] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=43097 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:05:13.500Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T04:05:42.394Z","@version":"1","message":"Sep 14 04:05:41 honeypot-sgp-1 sshd[12438]: Disconnected from invalid user gaurav 144.24.190.159 port 53544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:09:41 honeypot-ams-1 kernel: [84005165.225001] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.211 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=43895 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:09:42.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:11:41 honeypot-fra-1 sshd[8032]: Received disconnect from 92.255.85.69 port 33316:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:11:42.649Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:13:10 honeypot-fra-1 sshd[8036]: Received disconnect from 103.145.50.51 port 39518:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:13:10.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:15:32 honeypot-fra-1 sshd[8040]: Invalid user postgres from 143.198.11.227 port 57184","@timestamp":"2022-09-14T04:15:33.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:17:01 honeypot-ams-1 CRON[17876]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T04:17:01.897Z"}
{"@timestamp":"2022-09-14T04:17:01.671Z","@version":"1","message":"Sep 14 04:17:01 honeypot-sgp-1 CRON[12445]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:20:32 honeypot-fra-1 sshd[8046]: Disconnected from authenticating user root 45.186.248.135 port 32903 [preauth]","@timestamp":"2022-09-14T04:20:32.851Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:23:47.838Z","@version":"1","message":"Sep 14 04:23:47 honeypot-sgp-1 sshd[12451]: Disconnected from invalid user admin 128.199.32.98 port 57062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:24:48 honeypot-fra-1 sshd[8053]: Received disconnect from 165.22.45.108 port 50012:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T04:24:48.949Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:37 honeypot-ams-1 sshd[17885]: Invalid user ubnt from 121.25.250.163 port 47914","@timestamp":"2022-09-14T04:25:38.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:41 honeypot-ams-1 sshd[17889]: Disconnected from authenticating user root 121.25.250.163 port 50090 [preauth]","@timestamp":"2022-09-14T04:25:42.119Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:47 honeypot-ams-1 sshd[17895]: Disconnected from authenticating user root 121.25.250.163 port 47694 [preauth]","@timestamp":"2022-09-14T04:25:48.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:52 honeypot-ams-1 sshd[17901]: Disconnected from authenticating user root 121.25.250.163 port 37200 [preauth]","@timestamp":"2022-09-14T04:25:53.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:00 honeypot-ams-1 sshd[17907]: Disconnected from authenticating user root 121.25.250.163 port 44432 [preauth]","@timestamp":"2022-09-14T04:26:00.130Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:14 honeypot-ams-1 sshd[17913]: Disconnected from authenticating user root 121.25.250.163 port 52794 [preauth]","@timestamp":"2022-09-14T04:26:15.139Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:21 honeypot-ams-1 sshd[17919]: Disconnected from authenticating user root 121.25.250.163 port 50786 [preauth]","@timestamp":"2022-09-14T04:26:22.144Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:27 honeypot-ams-1 sshd[17925]: Disconnected from authenticating user root 121.25.250.163 port 50008 [preauth]","@timestamp":"2022-09-14T04:26:28.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:34 honeypot-ams-1 sshd[17931]: Disconnected from authenticating user root 121.25.250.163 port 50272 [preauth]","@timestamp":"2022-09-14T04:26:35.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:43 honeypot-ams-1 sshd[17937]: Disconnected from authenticating user root 121.25.250.163 port 42912 [preauth]","@timestamp":"2022-09-14T04:26:44.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:51 honeypot-ams-1 sshd[17943]: Disconnected from authenticating user root 121.25.250.163 port 49082 [preauth]","@timestamp":"2022-09-14T04:26:52.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:58 honeypot-ams-1 sshd[17949]: Disconnected from authenticating user root 121.25.250.163 port 41010 [preauth]","@timestamp":"2022-09-14T04:26:59.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:03 honeypot-ams-1 sshd[17955]: Invalid user admin from 121.25.250.163 port 34480","@timestamp":"2022-09-14T04:27:04.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:08 honeypot-ams-1 sshd[17959]: Invalid user admin from 121.25.250.163 port 35030","@timestamp":"2022-09-14T04:27:09.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:13 honeypot-ams-1 sshd[17963]: Invalid user admin from 121.25.250.163 port 47018","@timestamp":"2022-09-14T04:27:14.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:18 honeypot-ams-1 sshd[17967]: Invalid user admin from 121.25.250.163 port 37206","@timestamp":"2022-09-14T04:27:18.178Z"}
{"@timestamp":"2022-09-14T04:27:23.929Z","@version":"1","message":"Sep 14 04:27:23 honeypot-sgp-1 sshd[12456]: Disconnected from invalid user user 141.144.193.76 port 47430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:24 honeypot-ams-1 sshd[17971]: Invalid user admin from 121.25.250.163 port 44404","@timestamp":"2022-09-14T04:27:25.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:31 honeypot-ams-1 sshd[17975]: Received disconnect from 121.25.250.163 port 44232:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:32.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:36 honeypot-ams-1 sshd[17979]: Disconnected from invalid user pi 121.25.250.163 port 50410 [preauth]","@timestamp":"2022-09-14T04:27:36.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:39 honeypot-ams-1 sshd[17983]: Disconnected from invalid user user 121.25.250.163 port 33968 [preauth]","@timestamp":"2022-09-14T04:27:40.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:43 honeypot-ams-1 sshd[17987]: Disconnected from invalid user mine 121.25.250.163 port 33426 [preauth]","@timestamp":"2022-09-14T04:27:43.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:49 honeypot-ams-1 sshd[17991]: Disconnected from invalid user xbmc 121.25.250.163 port 38024 [preauth]","@timestamp":"2022-09-14T04:27:50.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:55 honeypot-ams-1 sshd[17995]: Disconnected from invalid user oracle 121.25.250.163 port 35366 [preauth]","@timestamp":"2022-09-14T04:27:56.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:01 honeypot-ams-1 sshd[17999]: Disconnected from invalid user postgres 121.25.250.163 port 37322 [preauth]","@timestamp":"2022-09-14T04:28:02.207Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:09 honeypot-ams-1 sshd[18003]: Disconnected from invalid user support 121.25.250.163 port 39258 [preauth]","@timestamp":"2022-09-14T04:28:10.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:14 honeypot-ams-1 sshd[18007]: Disconnected from invalid user ubuntu 121.25.250.163 port 41380 [preauth]","@timestamp":"2022-09-14T04:28:15.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:18 honeypot-ams-1 sshd[18011]: Disconnected from invalid user ubuntu 121.25.250.163 port 56446 [preauth]","@timestamp":"2022-09-14T04:28:19.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:23 honeypot-ams-1 sshd[18015]: Disconnected from invalid user guest 121.25.250.163 port 34772 [preauth]","@timestamp":"2022-09-14T04:28:24.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:29 honeypot-ams-1 sshd[18019]: Disconnected from invalid user cirros 121.25.250.163 port 57818 [preauth]","@timestamp":"2022-09-14T04:28:29.226Z"}
{"@timestamp":"2022-09-14T04:32:42.064Z","@version":"1","message":"Sep 14 04:32:41 honeypot-sgp-1 sshd[12461]: Received disconnect from 92.255.85.70 port 54506:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:36:15 honeypot-ams-1 sshd[18024]: Invalid user ecd from 151.0.165.235 port 49054","@timestamp":"2022-09-14T04:36:15.423Z"}
{"@timestamp":"2022-09-14T04:39:11.221Z","@version":"1","message":"Sep 14 04:39:10 honeypot-sgp-1 sshd[12465]: Disconnected from invalid user marco 144.24.178.128 port 56870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:40:28 honeypot-ams-1 kernel: [84007012.155300] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=44944 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:40:29.535Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:44:40 honeypot-ams-1 sshd[18031]: Connection closed by invalid user admin 148.153.82.141 port 35592 [preauth]","@timestamp":"2022-09-14T04:44:41.645Z"}
{"@timestamp":"2022-09-14T04:46:34.403Z","@version":"1","message":"Sep 14 04:46:33 honeypot-sgp-1 sshd[12470]: Disconnected from invalid user visitante 183.82.96.133 port 37928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:47:33 honeypot-fra-1 sshd[8063]: Did not receive identification string from 45.61.186.249 port 35354","@timestamp":"2022-09-14T04:47:33.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:47:52 honeypot-fra-1 sshd[8066]: Disconnected from invalid user user 45.61.186.249 port 55878 [preauth]","@timestamp":"2022-09-14T04:47:53.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:11 honeypot-fra-1 sshd[8070]: Disconnected from invalid user user 45.61.186.249 port 50550 [preauth]","@timestamp":"2022-09-14T04:48:11.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:28 honeypot-fra-1 sshd[8074]: Disconnected from invalid user user 45.61.186.249 port 45228 [preauth]","@timestamp":"2022-09-14T04:48:29.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:49:56 honeypot-fra-1 kernel: [84005417.474553] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.89.101.47 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=21949 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:49:56.516Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:50:22 honeypot-ams-1 kernel: [84007605.670343] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.225.73.224 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=28162 PROTO=TCP SPT=53720 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:50:22.788Z"}
{"@timestamp":"2022-09-14T04:56:24.643Z","@version":"1","message":"Sep 14 04:56:24 honeypot-sgp-1 sshd[12475]: Disconnected from authenticating user root 92.255.85.70 port 55508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:02:00 honeypot-fra-1 kernel: [84006142.195144] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=7989 DF PROTO=TCP SPT=62902 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T05:02:01.788Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:13:08 honeypot-fra-1 kernel: [84006809.546788] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=18885 PROTO=TCP SPT=18026 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:13:09.037Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T05:17:01.134Z","@version":"1","message":"Sep 14 05:17:01 honeypot-sgp-1 CRON[12479]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:17:01 honeypot-ams-1 CRON[18046]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T05:17:01.462Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:22:44 honeypot-fra-1 sshd[8098]: Received disconnect from 92.255.85.70 port 32702:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:22:45.254Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:24:44 honeypot-ams-1 sshd[18050]: Invalid user pi from 164.177.68.149 port 52684","@timestamp":"2022-09-14T05:24:45.664Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:26:40 honeypot-ams-1 kernel: [84009783.325456] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.125.34.196 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=113 ID=17685 DF PROTO=TCP SPT=51900 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:26:40.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:29:57 honeypot-fra-1 kernel: [84007819.255976] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=51279 DF PROTO=TCP SPT=29551 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:29:58.416Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T05:30:20.453Z","@version":"1","message":"Sep 14 05:30:19 honeypot-sgp-1 sshd[12486]: Did not receive identification string from 45.61.184.204 port 45356","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:30:49 honeypot-ams-1 sshd[18057]: Connection closed by invalid user test 193.106.191.157 port 44046 [preauth]","@timestamp":"2022-09-14T05:30:49.820Z"}
{"@timestamp":"2022-09-14T05:31:05.475Z","@version":"1","message":"Sep 14 05:31:05 honeypot-sgp-1 sshd[12489]: Received disconnect from 45.61.184.204 port 33666:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:24.484Z","@version":"1","message":"Sep 14 05:31:24 honeypot-sgp-1 sshd[12493]: Received disconnect from 45.61.184.204 port 56980:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:42.494Z","@version":"1","message":"Sep 14 05:31:41 honeypot-sgp-1 sshd[12497]: Received disconnect from 45.61.184.204 port 52040:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:35:40.606Z","@version":"1","message":"Sep 14 05:35:39 honeypot-sgp-1 sshd[12502]: Received disconnect from 43.155.83.218 port 50810:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:42:18 honeypot-fra-1 kernel: [84008559.661186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.158.217.180 DST=165.22.82.222 LEN=40 TOS=0x08 PREC=0x60 TTL=244 ID=54321 PROTO=TCP SPT=38899 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:42:18.691Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T05:43:03.786Z","@version":"1","message":"Sep 14 05:43:03 honeypot-sgp-1 sshd[12508]: Invalid user user from 45.61.187.160 port 47368","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:22.796Z","@version":"1","message":"Sep 14 05:43:21 honeypot-sgp-1 sshd[12512]: Invalid user user from 45.61.187.160 port 42036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:43:28 honeypot-ams-1 kernel: [84010792.054472] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=12060 PROTO=TCP SPT=54166 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:43:29.145Z"}
{"@timestamp":"2022-09-14T05:43:31.800Z","@version":"1","message":"Sep 14 05:43:31 honeypot-sgp-1 sshd[12516]: Received disconnect from 45.61.187.160 port 53476:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:48.808Z","@version":"1","message":"Sep 14 05:43:48 honeypot-sgp-1 sshd[12520]: Received disconnect from 45.61.187.160 port 48140:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:48:17.920Z","@version":"1","message":"Sep 14 05:48:16 honeypot-sgp-1 sshd[12525]: Invalid user hl2dm from 128.199.118.93 port 49266","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:52:09 honeypot-ams-1 sshd[18065]: Disconnected from authenticating user root 138.197.19.166 port 59666 [preauth]","@timestamp":"2022-09-14T05:52:09.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:57:50 honeypot-fra-1 sshd[8118]: Disconnected from authenticating user root 5.58.8.4 port 53280 [preauth]","@timestamp":"2022-09-14T05:57:51.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:59:49 honeypot-fra-1 sshd[8122]: Disconnected from invalid user kundert 165.22.45.108 port 59984 [preauth]","@timestamp":"2022-09-14T05:59:50.102Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:02:22 honeypot-ams-1 kernel: [84011925.664680] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=50812 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:02:22.643Z"}
{"@timestamp":"2022-09-14T06:03:13.321Z","@version":"1","message":"Sep 14 06:03:13 honeypot-sgp-1 kernel: [84011502.244792] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27902 PROTO=TCP SPT=37181 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:04:25 honeypot-ams-1 sshd[18076]: Disconnected from authenticating user root 143.244.158.100 port 44666 [preauth]","@timestamp":"2022-09-14T06:04:26.699Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:06:09 honeypot-fra-1 sshd[8130]: Did not receive identification string from 45.61.186.249 port 55454","@timestamp":"2022-09-14T06:06:09.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:06:55 honeypot-fra-1 sshd[8231]: Received disconnect from 45.61.186.249 port 34338:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:06:56.268Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:06:59 honeypot-ams-1 sshd[18084]: Disconnected from authenticating user root 143.244.158.100 port 55486 [preauth]","@timestamp":"2022-09-14T06:06:59.768Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:13 honeypot-fra-1 sshd[8235]: Received disconnect from 45.61.186.249 port 57268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:07:14.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:30 honeypot-fra-1 sshd[8239]: Received disconnect from 45.61.186.249 port 51990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:07:31.285Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:08:40 honeypot-ams-1 sshd[18091]: Disconnected from authenticating user root 143.244.158.100 port 50538 [preauth]","@timestamp":"2022-09-14T06:08:40.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:09:41 honeypot-fra-1 sshd[8243]: Received disconnect from 92.255.85.69 port 52998:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:09:42.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:11:03 honeypot-ams-1 sshd[18098]: Received disconnect from 143.244.158.100 port 48604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:11:04.881Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:12:20 honeypot-ams-1 sshd[23797]: Received disconnect from 92.255.85.69 port 47298:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:12:20.916Z"}
{"@timestamp":"2022-09-14T06:13:12.565Z","@version":"1","message":"Sep 14 06:13:12 honeypot-sgp-1 kernel: [84012101.443889] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=20816 PROTO=TCP SPT=22182 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:13:24 honeypot-fra-1 kernel: [84010425.860441] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=2729 PROTO=TCP SPT=55772 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:13:25.422Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:14:02 honeypot-ams-1 sshd[23806]: Invalid user data from 35.222.227.227 port 41288","@timestamp":"2022-09-14T06:14:02.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:15:04 honeypot-ams-1 sshd[23810]: Disconnected from authenticating user root 143.244.158.100 port 56746 [preauth]","@timestamp":"2022-09-14T06:15:04.993Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:16:48 honeypot-ams-1 sshd[23816]: Disconnected from authenticating user root 143.244.158.100 port 49462 [preauth]","@timestamp":"2022-09-14T06:16:49.042Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:17:01 honeypot-fra-1 CRON[8250]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T06:17:02.531Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:18:29 honeypot-ams-1 sshd[23823]: Disconnected from authenticating user root 143.244.158.100 port 33032 [preauth]","@timestamp":"2022-09-14T06:18:30.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:20:56 honeypot-ams-1 sshd[23829]: Disconnected from authenticating user root 143.244.158.100 port 42958 [preauth]","@timestamp":"2022-09-14T06:20:57.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:21:46 honeypot-ams-1 sshd[23833]: Received disconnect from 143.244.158.100 port 45244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:21:47.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:24:15 honeypot-ams-1 sshd[23840]: Received disconnect from 143.244.158.100 port 42638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:24:16.245Z"}
{"@timestamp":"2022-09-14T06:25:01.857Z","@version":"1","message":"Sep 14 06:25:01 honeypot-sgp-1 CRON[12537]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:25:17 honeypot-ams-1 sshd[24016]: Did not receive identification string from 41.73.132.4 port 44004","@timestamp":"2022-09-14T06:25:18.278Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:26:43 honeypot-ams-1 sshd[24021]: Disconnected from authenticating user root 143.244.158.100 port 38080 [preauth]","@timestamp":"2022-09-14T06:26:44.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:29:10 honeypot-ams-1 sshd[24028]: Received disconnect from 143.244.158.100 port 53212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:29:10.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:30:07 honeypot-ams-1 sshd[24030]: Disconnected from authenticating user root 162.243.136.58 port 36010 [preauth]","@timestamp":"2022-09-14T06:30:07.413Z"}
{"@timestamp":"2022-09-14T06:30:26.002Z","@version":"1","message":"Sep 14 06:30:25 honeypot-sgp-1 sshd[12687]: Disconnected from authenticating user root 92.255.85.69 port 51228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:30:26 honeypot-fra-1 sshd[8390]: Invalid user user1 from 103.188.176.251 port 37818","@timestamp":"2022-09-14T06:30:26.832Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:31:50 honeypot-ams-1 sshd[24036]: Disconnected from authenticating user root 143.244.158.100 port 60550 [preauth]","@timestamp":"2022-09-14T06:31:51.460Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:33:45 honeypot-fra-1 kernel: [84011646.202837] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=111.161.155.54 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=48802 PROTO=TCP SPT=10696 DPT=443 WINDOW=17832 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:33:45.912Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:34:21 honeypot-ams-1 sshd[24043]: Disconnected from authenticating user root 143.244.158.100 port 51552 [preauth]","@timestamp":"2022-09-14T06:34:21.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:36:01 honeypot-ams-1 sshd[24049]: Received disconnect from 143.244.158.100 port 41374:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:36:02.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:37:39 honeypot-ams-1 sshd[24053]: Received disconnect from 143.244.158.100 port 56558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:37:40.622Z"}
{"@timestamp":"2022-09-14T06:37:53.188Z","@version":"1","message":"Sep 14 06:37:53 honeypot-sgp-1 sshd[12691]: Disconnected from invalid user user 45.61.186.49 port 41106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:38:03.194Z","@version":"1","message":"Sep 14 06:38:02 honeypot-sgp-1 sshd[12695]: Disconnected from invalid user user 45.61.186.49 port 52602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:38:21 honeypot-fra-1 kernel: [84011922.827491] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.116 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5956 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:38:22.017Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:39:05 honeypot-ams-1 sshd[24060]: Disconnected from invalid user hadoop 84.42.96.48 port 54732 [preauth]","@timestamp":"2022-09-14T06:39:06.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:40:57 honeypot-ams-1 sshd[24066]: Disconnected from authenticating user root 143.244.158.100 port 55840 [preauth]","@timestamp":"2022-09-14T06:40:57.713Z"}
{"@timestamp":"2022-09-14T06:41:12.273Z","@version":"1","message":"Sep 14 06:41:11 honeypot-sgp-1 sshd[12702]: Invalid user user from 45.61.186.49 port 45898","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:41:21.278Z","@version":"1","message":"Sep 14 06:41:21 honeypot-sgp-1 sshd[12706]: Invalid user user from 45.61.186.49 port 57488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:43:26 honeypot-ams-1 sshd[24072]: Disconnected from authenticating user root 143.244.158.100 port 56280 [preauth]","@timestamp":"2022-09-14T06:43:26.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:45:52 honeypot-ams-1 sshd[24079]: Disconnected from authenticating user root 143.244.158.100 port 51962 [preauth]","@timestamp":"2022-09-14T06:45:52.847Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:47:30 honeypot-ams-1 kernel: [84014634.147252] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.103.181.180 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=39595 PROTO=TCP SPT=7669 DPT=80 WINDOW=4069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:47:31.892Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:47:38 honeypot-fra-1 sshd[8403]: Invalid user kundert from 165.22.45.108 port 36730","@timestamp":"2022-09-14T06:47:38.222Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:53:31.583Z","@version":"1","message":"Sep 14 06:53:31 honeypot-sgp-1 sshd[12716]: Received disconnect from 103.9.36.69 port 52564:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:55:39.637Z","@version":"1","message":"Sep 14 06:55:39 honeypot-sgp-1 sshd[12723]: Invalid user hamlet from 164.90.195.134 port 54836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:57:03 honeypot-ams-1 kernel: [84015207.196151] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61049 PROTO=TCP SPT=16540 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:57:04.136Z"}
{"@timestamp":"2022-09-14T06:59:08.726Z","@version":"1","message":"Sep 14 06:59:07 honeypot-sgp-1 sshd[12821]: Disconnected from authenticating user root 34.92.220.10 port 2818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:59:26 honeypot-fra-1 sshd[8408]: Received disconnect from 206.189.128.17 port 42440:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:59:27.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:06:02 honeypot-fra-1 sshd[8413]: Received disconnect from 195.24.148.206 port 64875:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:06:02.638Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:09:09.975Z","@version":"1","message":"Sep 14 07:09:09 honeypot-sgp-1 kernel: [84015458.511812] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=40015 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:11:10 honeypot-fra-1 sshd[8418]: Disconnected from invalid user monitor 167.71.110.45 port 48458 [preauth]","@timestamp":"2022-09-14T07:11:10.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:14 honeypot-fra-1 sshd[8423]: Received disconnect from 141.255.162.226 port 60574:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:12:14.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:16 honeypot-fra-1 sshd[8426]: Received disconnect from 141.255.162.226 port 54250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:12:16.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:21 honeypot-fra-1 sshd[8431]: Received disconnect from 141.255.162.226 port 51314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:12:21.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:15:51 honeypot-fra-1 kernel: [84014172.784109] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.60.133 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=52842 DF PROTO=TCP SPT=65165 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:15:51.868Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:17:01 honeypot-ams-1 CRON[24093]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T07:17:01.646Z"}
{"@timestamp":"2022-09-14T07:17:02.166Z","@version":"1","message":"Sep 14 07:17:01 honeypot-sgp-1 sshd[12831]: Invalid user user from 45.61.186.49 port 42294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:11.171Z","@version":"1","message":"Sep 14 07:17:10 honeypot-sgp-1 sshd[12838]: Invalid user user from 45.61.186.49 port 53492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:18.175Z","@version":"1","message":"Sep 14 07:17:17 honeypot-sgp-1 kernel: [84015946.780493] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.118.55.164 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=10979 PROTO=TCP SPT=15760 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:17:52 honeypot-fra-1 kernel: [84014293.098164] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.104.9 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=56076 DF PROTO=TCP SPT=4090 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:17:52.918Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:19:27 honeypot-fra-1 sshd[8446]: Disconnected from invalid user zhi 34.231.32.12 port 47136 [preauth]","@timestamp":"2022-09-14T07:19:27.956Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:20:57 honeypot-ams-1 sshd[24099]: Received disconnect from 46.19.141.122 port 44258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:20:57.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:46 honeypot-ams-1 sshd[24104]: Invalid user admin from 46.19.141.122 port 51526","@timestamp":"2022-09-14T07:21:46.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:56 honeypot-ams-1 sshd[24108]: Invalid user user from 198.98.61.9 port 34994","@timestamp":"2022-09-14T07:21:56.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:07 honeypot-ams-1 sshd[24113]: Invalid user ubuntu from 46.19.141.122 port 55170","@timestamp":"2022-09-14T07:22:07.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:22 honeypot-ams-1 sshd[24117]: Invalid user user from 198.98.61.9 port 42002","@timestamp":"2022-09-14T07:22:22.795Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:22:35 honeypot-ams-1 kernel: [84016738.668844] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.206 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48508 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:22:35.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:13 honeypot-ams-1 sshd[24125]: Received disconnect from 92.255.85.70 port 44176:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:23:13.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:46 honeypot-ams-1 sshd[24129]: Received disconnect from 46.19.141.122 port 37862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:23:46.838Z"}
{"@timestamp":"2022-09-14T07:23:57.339Z","@version":"1","message":"Sep 14 07:23:56 honeypot-sgp-1 sshd[12845]: Received disconnect from 139.59.188.13 port 57354:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:24:04 honeypot-ams-1 sshd[24133]: Disconnected from invalid user support 46.19.141.122 port 41518 [preauth]","@timestamp":"2022-09-14T07:24:04.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:35:26 honeypot-fra-1 sshd[8451]: Invalid user isabelle from 167.99.55.86 port 54236","@timestamp":"2022-09-14T07:35:27.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:38:21 honeypot-fra-1 sshd[8456]: Invalid user test from 193.106.191.157 port 39596","@timestamp":"2022-09-14T07:38:22.375Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:38:41.697Z","@version":"1","message":"Sep 14 07:38:40 honeypot-sgp-1 sshd[12849]: Received disconnect from 141.255.162.226 port 40324:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:46.701Z","@version":"1","message":"Sep 14 07:38:46 honeypot-sgp-1 sshd[12853]: Disconnected from invalid user user 141.255.162.226 port 48174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:49.702Z","@version":"1","message":"Sep 14 07:38:49 honeypot-sgp-1 sshd[12857]: Connection closed by invalid user user 141.255.162.226 port 35692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:40:24 honeypot-ams-1 sshd[24141]: Invalid user admin from 59.3.76.218 port 37880","@timestamp":"2022-09-14T07:40:24.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:44:28 honeypot-fra-1 sshd[8463]: Received disconnect from 92.255.85.69 port 40420:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:44:28.516Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:45:03 honeypot-ams-1 sshd[24144]: Disconnected from invalid user fgshiu 149.56.102.60 port 38928 [preauth]","@timestamp":"2022-09-14T07:45:04.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:48:59 honeypot-fra-1 kernel: [84016160.978492] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.151 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52879 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:49:00.619Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:50:13 honeypot-fra-1 kernel: [84016234.583253] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.37 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56744 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:50:13.650Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:52:58 honeypot-ams-1 sshd[24220]: Did not receive identification string from 45.61.184.204 port 46184","@timestamp":"2022-09-14T07:52:58.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:20 honeypot-ams-1 sshd[24223]: Disconnected from invalid user user 45.61.184.204 port 36172 [preauth]","@timestamp":"2022-09-14T07:53:21.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:41 honeypot-ams-1 sshd[24228]: Disconnected from invalid user user 45.61.184.204 port 60326 [preauth]","@timestamp":"2022-09-14T07:53:41.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:54:00 honeypot-ams-1 sshd[24232]: Disconnected from invalid user user 45.61.184.204 port 56238 [preauth]","@timestamp":"2022-09-14T07:54:01.625Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:57:16 honeypot-ams-1 kernel: [84018819.711326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=42.243.172.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=58696 PROTO=TCP SPT=32927 DPT=80 WINDOW=49623 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:57:16.712Z"}
{"@timestamp":"2022-09-14T08:02:12.265Z","@version":"1","message":"Sep 14 08:02:11 honeypot-sgp-1 kernel: [84018640.307676] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36616 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:02:55 honeypot-ams-1 kernel: [84019158.562879] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.99.136 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48689 PROTO=TCP SPT=41411 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:02:55.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:05:14 honeypot-fra-1 sshd[8476]: Invalid user ryder from 103.176.21.55 port 36904","@timestamp":"2022-09-14T08:05:14.993Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:13:28.542Z","@version":"1","message":"Sep 14 08:13:28 honeypot-sgp-1 sshd[12872]: Received disconnect from 51.83.71.70 port 51394:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:14:35 honeypot-ams-1 sshd[24248]: Did not receive identification string from 45.61.186.49 port 48344","@timestamp":"2022-09-14T08:14:36.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:14:55 honeypot-ams-1 sshd[24251]: Invalid user user from 45.61.186.49 port 38672","@timestamp":"2022-09-14T08:14:56.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:15:04 honeypot-ams-1 sshd[24255]: Invalid user user from 45.61.186.49 port 49980","@timestamp":"2022-09-14T08:15:05.183Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:17:01 honeypot-fra-1 CRON[8498]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T08:17:02.259Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:17:07 honeypot-ams-1 sshd[24257]: Connection closed by invalid user test 193.106.191.157 port 59730 [preauth]","@timestamp":"2022-09-14T08:17:08.239Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:55 honeypot-ams-1 sshd[24266]: Invalid user user from 141.255.162.226 port 46052","@timestamp":"2022-09-14T08:18:56.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:59 honeypot-ams-1 sshd[24270]: Invalid user user from 141.255.162.226 port 33562","@timestamp":"2022-09-14T08:18:59.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:19:02 honeypot-ams-1 sshd[24274]: Invalid user user from 141.255.162.226 port 49300","@timestamp":"2022-09-14T08:19:03.295Z"}
{"@timestamp":"2022-09-14T08:20:26.713Z","@version":"1","message":"Sep 14 08:20:26 honeypot-sgp-1 sshd[12897]: Received disconnect from 34.93.196.224 port 60444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:20:57 honeypot-ams-1 sshd[24278]: Disconnected from invalid user user 45.61.186.169 port 44788 [preauth]","@timestamp":"2022-09-14T08:20:58.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:14 honeypot-ams-1 sshd[24282]: Disconnected from invalid user user 45.61.186.169 port 39502 [preauth]","@timestamp":"2022-09-14T08:21:15.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:31 honeypot-ams-1 sshd[24286]: Disconnected from invalid user user 45.61.186.169 port 34222 [preauth]","@timestamp":"2022-09-14T08:21:31.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:46 honeypot-ams-1 sshd[24290]: Disconnected from invalid user user 45.61.186.169 port 57158 [preauth]","@timestamp":"2022-09-14T08:21:47.374Z"}
{"@timestamp":"2022-09-14T08:26:32.863Z","@version":"1","message":"Sep 14 08:26:32 honeypot-sgp-1 sshd[12921]: Received disconnect from 217.67.121.75 port 10888:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:28:16.908Z","@version":"1","message":"Sep 14 08:28:16 honeypot-sgp-1 sshd[12925]: Disconnected from authenticating user root 92.255.85.69 port 57172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:28:42 honeypot-fra-1 sshd[8505]: Invalid user test from 193.106.191.157 port 41918","@timestamp":"2022-09-14T08:28:42.525Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:33:43.045Z","@version":"1","message":"Sep 14 08:33:42 honeypot-sgp-1 sshd[12931]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:34:21 honeypot-ams-1 sshd[24315]: Received disconnect from 77.109.16.42 port 31202:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:34:22.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:35:29 honeypot-fra-1 sshd[8510]: Unable to negotiate with 211.24.73.92 port 63206: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-14T08:35:29.682Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:20 honeypot-ams-1 sshd[24320]: Received disconnect from 69.250.26.126 port 57846:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:38:20.799Z"}
{"@timestamp":"2022-09-14T08:38:36.172Z","@version":"1","message":"Sep 14 08:38:35 honeypot-sgp-1 sshd[12935]: Invalid user user from 141.255.162.226 port 34880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:36 honeypot-ams-1 sshd[24325]: Invalid user user from 141.255.162.226 port 33528","@timestamp":"2022-09-14T08:38:37.809Z"}
{"@timestamp":"2022-09-14T08:38:40.175Z","@version":"1","message":"Sep 14 08:38:39 honeypot-sgp-1 sshd[12939]: Invalid user user from 141.255.162.226 port 42676","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:39 honeypot-ams-1 sshd[24329]: Invalid user user from 141.255.162.226 port 56928","@timestamp":"2022-09-14T08:38:40.811Z"}
{"@timestamp":"2022-09-14T08:38:41.176Z","@version":"1","message":"Sep 14 08:38:40 honeypot-sgp-1 sshd[12941]: Received disconnect from 141.255.162.226 port 58278:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:43 honeypot-ams-1 sshd[24333]: Connection closed by 141.255.162.226 port 41328 [preauth]","@timestamp":"2022-09-14T08:38:43.814Z"}
{"@timestamp":"2022-09-14T08:43:10.289Z","@version":"1","message":"Sep 14 08:43:09 honeypot-sgp-1 kernel: [84021098.332263] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=63341 PROTO=TCP SPT=43020 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:52:02.513Z","@version":"1","message":"Sep 14 08:52:01 honeypot-sgp-1 sshd[12952]: Received disconnect from 103.240.110.130 port 36218:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:54:44 honeypot-fra-1 sshd[8515]: Connection closed by invalid user cnt 141.98.10.158 port 37834 [preauth]","@timestamp":"2022-09-14T08:54:45.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:56:11 honeypot-ams-1 sshd[24339]: Connection closed by authenticating user root 103.188.176.251 port 40504 [preauth]","@timestamp":"2022-09-14T08:56:11.262Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:08:26 honeypot-fra-1 kernel: [84020927.397827] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=17174 PROTO=TCP SPT=45145 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:08:27.445Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T09:10:20.974Z","@version":"1","message":"Sep 14 09:10:20 honeypot-sgp-1 kernel: [84022729.853198] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=216.218.206.70 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=50094 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:10:31 honeypot-ams-1 sshd[24345]: Connection closed by 167.248.133.46 port 39634 [preauth]","@timestamp":"2022-09-14T09:10:32.626Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:11:05 honeypot-fra-1 sshd[8524]: Received disconnect from 165.22.45.108 port 51550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:11:06.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:15:46.111Z","@version":"1","message":"Sep 14 09:15:45 honeypot-sgp-1 kernel: [84023054.364544] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=9385 PROTO=TCP SPT=46003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:17:01 honeypot-ams-1 CRON[24350]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T09:17:01.795Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:22:19 honeypot-fra-1 kernel: [84021760.603583] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41695 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:22:20.764Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T09:23:14.300Z","@version":"1","message":"Sep 14 09:23:13 honeypot-sgp-1 kernel: [84023502.844038] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.137 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26259 PROTO=TCP SPT=31911 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:24:10 honeypot-ams-1 kernel: [84024033.305004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55974 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:24:10.981Z"}
{"@timestamp":"2022-09-14T09:25:07.352Z","@version":"1","message":"Sep 14 09:25:06 honeypot-sgp-1 sshd[12972]: Disconnected from authenticating user root 210.196.250.246 port 49042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:29:20 honeypot-ams-1 sshd[24359]: Did not receive identification string from 80.76.51.189 port 58800","@timestamp":"2022-09-14T09:29:21.117Z"}
{"@timestamp":"2022-09-14T09:29:23.461Z","@version":"1","message":"Sep 14 09:29:22 honeypot-sgp-1 sshd[12977]: Invalid user admin from 178.128.125.205 port 46944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:30:28 honeypot-ams-1 sshd[24364]: Received disconnect from 80.76.51.189 port 35922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:30:29.151Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:31:07 honeypot-fra-1 sshd[8535]: Disconnected from invalid user wawi 80.253.31.232 port 42952 [preauth]","@timestamp":"2022-09-14T09:31:07.963Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:31:44 honeypot-ams-1 sshd[24370]: Received disconnect from 80.76.51.189 port 45668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:31:45.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:32:38 honeypot-ams-1 sshd[24374]: Disconnected from authenticating user root 80.76.51.189 port 52150 [preauth]","@timestamp":"2022-09-14T09:32:38.213Z"}
{"@timestamp":"2022-09-14T09:33:37.566Z","@version":"1","message":"Sep 14 09:33:37 honeypot-sgp-1 sshd[12983]: Received disconnect from 96.84.149.98 port 44414:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:34:01 honeypot-ams-1 sshd[24380]: Received disconnect from 80.76.51.189 port 33654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:34:01.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:34:57 honeypot-ams-1 sshd[24385]: Received disconnect from 80.76.51.189 port 40138:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:34:57.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:35:52 honeypot-ams-1 sshd[24389]: Received disconnect from 80.76.51.189 port 46626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:35:53.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:36:48 honeypot-ams-1 sshd[24393]: Received disconnect from 80.76.51.189 port 53114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:36:49.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:37:44 honeypot-ams-1 sshd[24397]: Disconnected from authenticating user root 80.76.51.189 port 59602 [preauth]","@timestamp":"2022-09-14T09:37:45.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:39:12 honeypot-ams-1 sshd[24403]: Invalid user postgres from 80.76.51.189 port 41104","@timestamp":"2022-09-14T09:39:12.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:40:12 honeypot-ams-1 sshd[24408]: Disconnected from authenticating user root 80.76.51.189 port 47594 [preauth]","@timestamp":"2022-09-14T09:40:13.425Z"}
{"@timestamp":"2022-09-14T09:40:52.748Z","@version":"1","message":"Sep 14 09:40:52 honeypot-sgp-1 sshd[12988]: Disconnected from invalid user cyyang 94.179.133.22 port 10497 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:41:13 honeypot-ams-1 sshd[24412]: Disconnected from authenticating user root 80.76.51.189 port 54084 [preauth]","@timestamp":"2022-09-14T09:41:14.455Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:43:18 honeypot-fra-1 sshd[8542]: Invalid user charles from 159.223.22.132 port 40026","@timestamp":"2022-09-14T09:43:19.237Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:45:27 honeypot-ams-1 kernel: [84025310.399726] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.103.82.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=3544 PROTO=TCP SPT=44349 DPT=443 WINDOW=9225 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:45:27.566Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:46:49 honeypot-fra-1 sshd[8546]: Disconnected from authenticating user root 20.224.226.157 port 43030 [preauth]","@timestamp":"2022-09-14T09:46:50.317Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:50:35.993Z","@version":"1","message":"Sep 14 09:50:35 honeypot-sgp-1 sshd[12994]: Disconnected from authenticating user root 207.138.39.234 port 51042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:51:02 honeypot-ams-1 sshd[24420]: Invalid user affleck from 64.227.126.250 port 53942","@timestamp":"2022-09-14T09:51:02.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:51:24 honeypot-fra-1 sshd[8553]: Disconnected from authenticating user root 134.122.30.119 port 37402 [preauth]","@timestamp":"2022-09-14T09:51:24.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:55:13 honeypot-ams-1 sshd[24425]: Received disconnect from 34.126.78.62 port 54392:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:55:14.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:59:28 honeypot-fra-1 sshd[8560]: Invalid user kundert from 165.22.45.108 port 56492","@timestamp":"2022-09-14T09:59:28.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:01:17 honeypot-fra-1 sshd[8567]: Received disconnect from 179.43.145.74 port 33178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:01:17.699Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:02:29.289Z","@version":"1","message":"Sep 14 10:02:29 honeypot-sgp-1 sshd[12999]: Disconnected from authenticating user root 92.255.85.70 port 24034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:03:15 honeypot-fra-1 sshd[8573]: Received disconnect from 179.43.145.74 port 39894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:03:15.746Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:08:05 honeypot-ams-1 kernel: [84026668.371799] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58530 PROTO=TCP SPT=49070 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:08:06.158Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:08:22 honeypot-fra-1 kernel: [84024523.472918] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=3112 PROTO=TCP SPT=47734 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:08:22.862Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T10:10:46.502Z","@version":"1","message":"Sep 14 10:10:45 honeypot-sgp-1 kernel: [84026354.424952] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=65138 DF PROTO=TCP SPT=59943 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:12:45 honeypot-fra-1 sshd[8584]: Received disconnect from 61.177.173.36 port 31094:11:  [preauth]","@timestamp":"2022-09-14T10:12:45.963Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:14:27.598Z","@version":"1","message":"Sep 14 10:14:27 honeypot-sgp-1 sshd[13008]: Disconnected from authenticating user root 61.177.172.19 port 34561 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:17:01.665Z","@version":"1","message":"Sep 14 10:17:01 honeypot-sgp-1 CRON[13015]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:17:01 honeypot-fra-1 CRON[8589]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T10:17:02.064Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:17:46 honeypot-ams-1 kernel: [84027249.142628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46707 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:17:46.408Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:24:25 honeypot-fra-1 sshd[8599]: Received disconnect from 125.164.18.96 port 26919:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:24:26.234Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:24:49.870Z","@version":"1","message":"Sep 14 10:24:49 honeypot-sgp-1 sshd[13023]: Received disconnect from 61.177.173.35 port 35463:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:27:30.944Z","@version":"1","message":"Sep 14 10:27:30 honeypot-sgp-1 sshd[13027]: Received disconnect from 61.177.173.51 port 35063:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:28:37 honeypot-fra-1 kernel: [84025738.471402] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58896 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:28:38.334Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:29:09 honeypot-ams-1 kernel: [84027932.277538] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=13495 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:29:09.704Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:30:47 honeypot-fra-1 kernel: [84025867.679627] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.156.145 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=19340 PROTO=TCP SPT=45402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:30:47.384Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T10:37:49.209Z","@version":"1","message":"Sep 14 10:37:48 honeypot-sgp-1 sshd[13033]: Received disconnect from 61.177.173.36 port 38772:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:38:35 honeypot-fra-1 sshd[8615]: Received disconnect from 61.177.172.90 port 23576:11:  [preauth]","@timestamp":"2022-09-14T10:38:36.562Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:39:37 honeypot-ams-1 kernel: [84028560.528279] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=35748 PROTO=TCP SPT=6431 DPT=80 WINDOW=20831 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:39:37.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:40:34 honeypot-ams-1 sshd[24446]: Disconnected from invalid user oracle 190.156.238.155 port 43516 [preauth]","@timestamp":"2022-09-14T10:40:35.027Z"}
{"@timestamp":"2022-09-14T10:43:38.381Z","@version":"1","message":"Sep 14 10:43:37 honeypot-sgp-1 sshd[13042]: Received disconnect from 61.177.173.49 port 55087:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:49:01 honeypot-fra-1 sshd[8621]: Received disconnect from 61.177.173.47 port 11654:11:  [preauth]","@timestamp":"2022-09-14T10:49:01.817Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:04 honeypot-ams-1 sshd[24449]: Disconnected from authenticating user root 171.110.164.56 port 50940 [preauth]","@timestamp":"2022-09-14T10:49:04.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:10 honeypot-ams-1 sshd[24455]: Received disconnect from 171.110.164.56 port 50062:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:10.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:16 honeypot-ams-1 sshd[24461]: Received disconnect from 171.110.164.56 port 50100:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:16.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:21 honeypot-ams-1 sshd[24467]: Received disconnect from 171.110.164.56 port 52142:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:27 honeypot-ams-1 sshd[24473]: Received disconnect from 171.110.164.56 port 56148:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:28.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:33 honeypot-ams-1 sshd[24479]: Received disconnect from 171.110.164.56 port 56168:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:34.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:39 honeypot-ams-1 sshd[24485]: Received disconnect from 171.110.164.56 port 59716:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:40.269Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:45 honeypot-ams-1 sshd[24491]: Received disconnect from 171.110.164.56 port 59732:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:46.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:51 honeypot-ams-1 sshd[24497]: Received disconnect from 171.110.164.56 port 57798:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:52.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:58 honeypot-ams-1 sshd[24503]: Received disconnect from 171.110.164.56 port 43856:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:59.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:04 honeypot-ams-1 sshd[24509]: Received disconnect from 171.110.164.56 port 43884:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:05.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:10 honeypot-ams-1 sshd[24515]: Received disconnect from 171.110.164.56 port 34182:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:11.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:16 honeypot-ams-1 sshd[24521]: Invalid user admin from 171.110.164.56 port 34218","@timestamp":"2022-09-14T10:50:17.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:20 honeypot-ams-1 sshd[24525]: Invalid user admin from 171.110.164.56 port 39464","@timestamp":"2022-09-14T10:50:21.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:24 honeypot-ams-1 sshd[24529]: Invalid user admin from 171.110.164.56 port 39490","@timestamp":"2022-09-14T10:50:25.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:28 honeypot-ams-1 sshd[24533]: Invalid user admin from 171.110.164.56 port 37634","@timestamp":"2022-09-14T10:50:29.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:32 honeypot-ams-1 sshd[24537]: Invalid user admin from 171.110.164.56 port 37646","@timestamp":"2022-09-14T10:50:33.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:36 honeypot-ams-1 sshd[24541]: Invalid user user from 171.110.164.56 port 37662","@timestamp":"2022-09-14T10:50:37.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:40 honeypot-ams-1 sshd[24545]: Disconnected from authenticating user root 171.110.164.56 port 60838 [preauth]","@timestamp":"2022-09-14T10:50:41.308Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:44 honeypot-ams-1 sshd[24549]: Disconnected from invalid user pi 171.110.164.56 port 60864 [preauth]","@timestamp":"2022-09-14T10:50:45.310Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:48 honeypot-ams-1 sshd[24553]: Disconnected from invalid user ethos 171.110.164.56 port 49894 [preauth]","@timestamp":"2022-09-14T10:50:49.312Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:53 honeypot-ams-1 sshd[24557]: Disconnected from invalid user miner 171.110.164.56 port 49918 [preauth]","@timestamp":"2022-09-14T10:50:54.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:57 honeypot-ams-1 sshd[24561]: Disconnected from invalid user volumio 171.110.164.56 port 49936 [preauth]","@timestamp":"2022-09-14T10:50:57.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:01 honeypot-ams-1 sshd[24565]: Disconnected from invalid user nagios 171.110.164.56 port 58938 [preauth]","@timestamp":"2022-09-14T10:51:02.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:05 honeypot-ams-1 sshd[24569]: Disconnected from invalid user vagrant 171.110.164.56 port 58946 [preauth]","@timestamp":"2022-09-14T10:51:05.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:09 honeypot-ams-1 sshd[24573]: Disconnected from invalid user debian 171.110.164.56 port 51514 [preauth]","@timestamp":"2022-09-14T10:51:09.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:13 honeypot-ams-1 sshd[24577]: Disconnected from invalid user debian 171.110.164.56 port 51528 [preauth]","@timestamp":"2022-09-14T10:51:13.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:17 honeypot-ams-1 sshd[24581]: Disconnected from invalid user alarm 171.110.164.56 port 51544 [preauth]","@timestamp":"2022-09-14T10:51:17.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:21 honeypot-ams-1 sshd[24585]: Received disconnect from 171.110.164.56 port 53704:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:21.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:25 honeypot-ams-1 sshd[24589]: Received disconnect from 171.110.164.56 port 53720:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:25.335Z"}
{"@timestamp":"2022-09-14T10:54:48.663Z","@version":"1","message":"Sep 14 10:54:48 honeypot-sgp-1 kernel: [84028996.954641] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=216.218.206.117 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52169 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:54:58 honeypot-fra-1 kernel: [84027319.338822] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.117 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40208 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:54:58.958Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:57:48 honeypot-ams-1 kernel: [84029652.038747] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65243 PROTO=TCP SPT=52508 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:57:49.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:01 honeypot-ams-1 sshd[24598]: Received disconnect from 183.144.121.209 port 48616:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:02.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:07 honeypot-ams-1 sshd[24604]: Received disconnect from 183.144.121.209 port 48944:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:08.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:13 honeypot-ams-1 sshd[24610]: Received disconnect from 183.144.121.209 port 49290:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:14.514Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:19 honeypot-ams-1 sshd[24616]: Received disconnect from 183.144.121.209 port 49616:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:19.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:25 honeypot-ams-1 sshd[24622]: Received disconnect from 183.144.121.209 port 49950:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:25.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:30 honeypot-ams-1 sshd[24628]: Received disconnect from 183.144.121.209 port 50278:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:31.524Z"}
{"@timestamp":"2022-09-14T10:58:33.777Z","@version":"1","message":"Sep 14 10:58:33 honeypot-sgp-1 sshd[13055]: Invalid user user from 45.61.184.204 port 48382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:36 honeypot-ams-1 sshd[24634]: Received disconnect from 183.144.121.209 port 50572:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:37.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:42 honeypot-ams-1 sshd[24640]: Received disconnect from 183.144.121.209 port 50892:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:42.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:46 honeypot-ams-1 sshd[24647]: Received disconnect from 183.144.121.209 port 51100:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:46.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:51 honeypot-ams-1 sshd[24653]: Received disconnect from 183.144.121.209 port 51434:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:52.537Z"}
{"@timestamp":"2022-09-14T10:58:53.787Z","@version":"1","message":"Sep 14 10:58:53 honeypot-sgp-1 sshd[13059]: Invalid user user from 45.61.184.204 port 43384","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:57 honeypot-ams-1 sshd[24659]: Received disconnect from 183.144.121.209 port 51748:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:58.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:03 honeypot-ams-1 sshd[24665]: Received disconnect from 183.144.121.209 port 52076:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:03.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:07 honeypot-ams-1 sshd[24669]: Disconnected from invalid user admin 183.144.121.209 port 52274 [preauth]","@timestamp":"2022-09-14T10:59:07.547Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:07 honeypot-fra-1 sshd[8631]: Invalid user user from 141.255.162.226 port 60656","@timestamp":"2022-09-14T10:59:08.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:10 honeypot-ams-1 sshd[24673]: Disconnected from invalid user admin 183.144.121.209 port 52498 [preauth]","@timestamp":"2022-09-14T10:59:11.549Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:11 honeypot-fra-1 sshd[8635]: Invalid user user from 141.255.162.226 port 52554","@timestamp":"2022-09-14T10:59:12.058Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:59:12.798Z","@version":"1","message":"Sep 14 10:59:11 honeypot-sgp-1 sshd[13063]: Invalid user user from 45.61.184.204 port 38376","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:13 honeypot-fra-1 sshd[8639]: Invalid user user from 141.255.162.226 port 59266","@timestamp":"2022-09-14T10:59:14.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:14 honeypot-ams-1 sshd[24677]: Disconnected from invalid user admin 183.144.121.209 port 52702 [preauth]","@timestamp":"2022-09-14T10:59:15.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:18 honeypot-ams-1 sshd[24681]: Disconnected from invalid user admin 183.144.121.209 port 52914 [preauth]","@timestamp":"2022-09-14T10:59:19.554Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:22 honeypot-ams-1 sshd[24685]: Disconnected from invalid user admin 183.144.121.209 port 53124 [preauth]","@timestamp":"2022-09-14T10:59:22.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:26 honeypot-ams-1 sshd[24689]: Disconnected from invalid user user 183.144.121.209 port 53312 [preauth]","@timestamp":"2022-09-14T10:59:26.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:32 honeypot-ams-1 sshd[24695]: Received disconnect from 183.144.121.209 port 53646:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:32.563Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:35 honeypot-ams-1 sshd[24699]: Received disconnect from 183.144.121.209 port 53838:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:36.566Z"}
{"@timestamp":"2022-09-14T10:59:39.810Z","@version":"1","message":"Sep 14 10:59:39 honeypot-sgp-1 sshd[13067]: Did not receive identification string from 45.61.186.249 port 56356","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:39 honeypot-ams-1 sshd[24703]: Received disconnect from 183.144.121.209 port 54014:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:40.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:43 honeypot-ams-1 sshd[24708]: Received disconnect from 183.144.121.209 port 54230:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:44.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:47 honeypot-ams-1 sshd[24712]: Received disconnect from 183.144.121.209 port 54432:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:47.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:51 honeypot-ams-1 sshd[24716]: Received disconnect from 183.144.121.209 port 54646:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:51.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:55 honeypot-ams-1 sshd[24720]: Received disconnect from 183.144.121.209 port 54840:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:55.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:58 honeypot-ams-1 sshd[24724]: Received disconnect from 183.144.121.209 port 55042:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:59.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:02 honeypot-ams-1 sshd[24728]: Received disconnect from 183.144.121.209 port 55262:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:00:03.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:06 honeypot-ams-1 sshd[24732]: Received disconnect from 183.144.121.209 port 55446:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:00:06.587Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:10 honeypot-ams-1 sshd[24736]: Received disconnect from 183.144.121.209 port 55648:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:00:10.589Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:00:12 honeypot-fra-1 sshd[8644]: Received disconnect from 61.177.173.51 port 44983:11:  [preauth]","@timestamp":"2022-09-14T11:00:13.082Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:00:17.828Z","@version":"1","message":"Sep 14 11:00:17 honeypot-sgp-1 sshd[13075]: Invalid user user from 45.61.186.249 port 36832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:35.838Z","@version":"1","message":"Sep 14 11:00:35 honeypot-sgp-1 sshd[13079]: Invalid user user from 45.61.186.249 port 60016","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:54.847Z","@version":"1","message":"Sep 14 11:00:54 honeypot-sgp-1 sshd[13083]: Invalid user user from 45.61.186.249 port 54958","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:01:38.867Z","@version":"1","message":"Sep 14 11:01:38 honeypot-sgp-1 kernel: [84029407.223353] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.68.42.1 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=239 ID=47520 DF PROTO=TCP SPT=33187 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8656]: Invalid user admin from 34.71.244.4 port 41152","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8660]: Invalid user steam from 34.71.244.4 port 41284","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8661]: Invalid user devops from 34.71.244.4 port 41252","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8684]: Invalid user user from 34.71.244.4 port 41426","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8664]: Connection closed by authenticating user root 34.71.244.4 port 41194 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8667]: Connection closed by authenticating user root 34.71.244.4 port 41250 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8666]: Connection closed by authenticating user root 34.71.244.4 port 41206 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8676]: Connection closed by invalid user ts3 34.71.244.4 port 41384 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8682]: Connection closed by authenticating user root 34.71.244.4 port 41436 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:08 honeypot-fra-1 sshd[8727]: Did not receive identification string from 197.5.145.54 port 55370","@timestamp":"2022-09-14T11:11:09.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8738]: Invalid user user from 197.5.145.54 port 55379","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8736]: Connection closed by authenticating user root 197.5.145.54 port 55378 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8732]: Connection closed by invalid user es 197.5.145.54 port 55374 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:12:54.141Z","@version":"1","message":"Sep 14 11:12:53 honeypot-sgp-1 sshd[13095]: Disconnected from authenticating user root 92.255.85.70 port 25910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:12:59 honeypot-fra-1 sshd[8755]: Received disconnect from 61.177.173.36 port 43504:11:  [preauth]","@timestamp":"2022-09-14T11:13:00.389Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:13:12.152Z","@version":"1","message":"Sep 14 11:13:11 honeypot-sgp-1 sshd[13099]: Disconnected from invalid user user 45.61.186.249 port 54456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:30.160Z","@version":"1","message":"Sep 14 11:13:29 honeypot-sgp-1 sshd[13103]: Disconnected from invalid user user 45.61.186.249 port 49652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:47.169Z","@version":"1","message":"Sep 14 11:13:46 honeypot-sgp-1 sshd[13107]: Received disconnect from 45.61.186.249 port 44860:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:13:53 honeypot-ams-1 sshd[24741]: Received disconnect from 129.159.63.83 port 37155:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:13:53.936Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:15:54 honeypot-fra-1 sshd[8759]: Disconnected from authenticating user root 92.255.85.69 port 15082 [preauth]","@timestamp":"2022-09-14T11:15:54.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:01 honeypot-ams-1 CRON[24746]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T11:17:02.018Z"}
{"@timestamp":"2022-09-14T11:17:02.256Z","@version":"1","message":"Sep 14 11:17:01 honeypot-sgp-1 CRON[13113]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:41 honeypot-ams-1 sshd[24752]: Disconnected from invalid user user 141.255.162.226 port 51044 [preauth]","@timestamp":"2022-09-14T11:17:42.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:47 honeypot-ams-1 sshd[24756]: Disconnected from invalid user user 141.255.162.226 port 51728 [preauth]","@timestamp":"2022-09-14T11:17:48.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:49 honeypot-ams-1 sshd[24760]: Disconnected from invalid user user 141.255.162.226 port 37264 [preauth]","@timestamp":"2022-09-14T11:17:50.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:18:16 honeypot-ams-1 sshd[24764]: Disconnected from authenticating user root 92.255.85.70 port 34030 [preauth]","@timestamp":"2022-09-14T11:18:17.055Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8779]: Invalid user test from 175.24.188.217 port 34472","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8784]: Invalid user admin from 175.24.188.217 port 34478","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8783]: Invalid user admin from 175.24.188.217 port 34480","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8776]: Connection closed by authenticating user root 175.24.188.217 port 34452 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8779]: Connection closed by invalid user test 175.24.188.217 port 34472 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8782]: Connection closed by authenticating user root 175.24.188.217 port 34428 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8787]: Connection closed by invalid user postgres 175.24.188.217 port 34486 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8791]: Connection closed by invalid user steam 175.24.188.217 port 34468 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:23:33 honeypot-fra-1 sshd[8823]: Received disconnect from 61.177.172.104 port 14627:11:  [preauth]","@timestamp":"2022-09-14T11:23:34.646Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:25:19.458Z","@version":"1","message":"Sep 14 11:25:19 honeypot-sgp-1 sshd[13120]: Disconnected from authenticating user root 61.177.173.36 port 51923 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:26:36 honeypot-ams-1 sshd[24767]: Invalid user user1 from 103.188.176.251 port 37758","@timestamp":"2022-09-14T11:26:37.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:26:39 honeypot-fra-1 sshd[8831]: Disconnected from invalid user rg 67.205.132.113 port 42810 [preauth]","@timestamp":"2022-09-14T11:26:39.720Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:33:17.654Z","@version":"1","message":"Sep 14 11:33:17 honeypot-sgp-1 sshd[13124]: Disconnected from authenticating user root 61.177.173.53 port 10398 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:36:44 honeypot-fra-1 sshd[8839]: Received disconnect from 165.22.45.108 port 38166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T11:36:44.961Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:38:17 honeypot-ams-1 kernel: [84032080.551662] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.205.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47532 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:38:17.574Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:40:02 honeypot-fra-1 sshd[8843]: Disconnected from authenticating user root 61.177.172.114 port 56712 [preauth]","@timestamp":"2022-09-14T11:40:03.041Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:40:30.831Z","@version":"1","message":"Sep 14 11:40:30 honeypot-sgp-1 kernel: [84031739.272767] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=32022 PROTO=TCP SPT=55369 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:41:37 honeypot-ams-1 sshd[24772]: Disconnected from authenticating user root 92.255.85.70 port 23534 [preauth]","@timestamp":"2022-09-14T11:41:38.661Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:47:14 honeypot-ams-1 kernel: [84032617.813744] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.220.205.196 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45174 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:47:14.808Z"}
{"@timestamp":"2022-09-14T11:48:11.027Z","@version":"1","message":"Sep 14 11:48:10 honeypot-sgp-1 sshd[13137]: Disconnected from authenticating user root 187.157.135.152 port 45574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:31 honeypot-fra-1 sshd[8851]: Did not receive identification string from 52.237.82.21 port 60654","@timestamp":"2022-09-14T11:49:32.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8878]: Invalid user admin from 52.237.82.21 port 37936","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8868]: Invalid user oracle from 52.237.82.21 port 37894","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8865]: Invalid user testuser from 52.237.82.21 port 37860","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8867]: Connection closed by invalid user admin 52.237.82.21 port 37912 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8877]: Connection closed by invalid user es 52.237.82.21 port 37878 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8872]: Connection closed by invalid user chia 52.237.82.21 port 37846 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8862]: Connection closed by authenticating user root 52.237.82.21 port 37850 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8861]: Connection closed by authenticating user root 52.237.82.21 port 37874 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:50:32 honeypot-fra-1 sshd[8911]: Invalid user  from 81.17.25.50 port 31160","@timestamp":"2022-09-14T11:50:32.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:51:25.107Z","@version":"1","message":"Sep 14 11:51:24 honeypot-sgp-1 sshd[13143]: Received disconnect from 80.68.7.179 port 36532:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:52:02 honeypot-fra-1 sshd[8917]: Invalid user  from 81.17.25.50 port 52111","@timestamp":"2022-09-14T11:52:02.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:52:57 honeypot-fra-1 sshd[8923]: Invalid user admin from 81.17.25.50 port 20124","@timestamp":"2022-09-14T11:52:58.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:53:08.149Z","@version":"1","message":"Sep 14 11:53:07 honeypot-sgp-1 sshd[13148]: Disconnected from authenticating user root 165.227.84.172 port 50092 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:25 honeypot-fra-1 sshd[8929]: Invalid user manager from 81.17.25.50 port 1130","@timestamp":"2022-09-14T11:53:26.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:54:25 honeypot-fra-1 sshd[8935]: Disconnecting invalid user 1234 81.17.25.50 port 55358: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:54:25.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:00 honeypot-fra-1 sshd[8941]: Disconnecting invalid user  81.17.25.50 port 21989: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:00.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:47 honeypot-fra-1 sshd[8950]: Invalid user blank from 81.17.25.50 port 37698","@timestamp":"2022-09-14T11:55:47.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:50 honeypot-fra-1 sshd[8956]: Invalid user 1234 from 81.17.25.50 port 50997","@timestamp":"2022-09-14T11:55:50.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:07 honeypot-fra-1 sshd[8962]: Disconnecting invalid user Cisco 81.17.25.50 port 13866: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:56:08.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:25 honeypot-fra-1 sshd[8970]: Disconnecting invalid user 1234 81.17.25.50 port 15998: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:56:26.471Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:02 honeypot-fra-1 sshd[8978]: Invalid user adslroot from 81.17.25.50 port 50217","@timestamp":"2022-09-14T11:57:03.488Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:16 honeypot-fra-1 sshd[8985]: Invalid user blank from 81.17.25.50 port 9122","@timestamp":"2022-09-14T11:57:16.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:39 honeypot-fra-1 sshd[8991]: Disconnecting authenticating user root 81.17.25.50 port 64197: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:57:39.506Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:58:33 honeypot-ams-1 sshd[24782]: Invalid user otoniel from 161.18.254.73 port 49980","@timestamp":"2022-09-14T11:58:33.119Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:58:35 honeypot-fra-1 sshd[8999]: Disconnecting invalid user c1@r0 81.17.25.50 port 20350: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:58:35.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:20 honeypot-fra-1 sshd[9006]: Disconnecting invalid user superonline 81.17.25.50 port 26927: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:59:20.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:15 honeypot-fra-1 sshd[9012]: Invalid user Admin from 81.17.25.50 port 5913","@timestamp":"2022-09-14T12:00:16.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:36 honeypot-fra-1 sshd[9020]: Received disconnect from 61.177.173.36 port 56096:11:  [preauth]","@timestamp":"2022-09-14T12:00:37.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:28 honeypot-fra-1 sshd[9025]: Invalid user matrix from 81.17.25.50 port 45322","@timestamp":"2022-09-14T12:01:29.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:57 honeypot-fra-1 sshd[9029]: Disconnecting invalid user admin 81.17.25.50 port 36359: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:01:58.626Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:39 honeypot-fra-1 sshd[9035]: Invalid user blank from 81.17.25.50 port 50143","@timestamp":"2022-09-14T12:02:40.645Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:03:26 honeypot-fra-1 sshd[9041]: Invalid user admin from 81.17.25.50 port 40828","@timestamp":"2022-09-14T12:03:26.667Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:03:49.410Z","@version":"1","message":"Sep 14 12:03:48 honeypot-sgp-1 sshd[13609]: Invalid user tracie from 129.159.63.83 port 50691","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:04:00 honeypot-fra-1 sshd[9045]: Disconnecting invalid user 0 81.17.25.50 port 14596: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:04:00.684Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:05:19 honeypot-ams-1 sshd[24788]: Received disconnect from 190.12.102.58 port 55111:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:05:19.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:05:30 honeypot-fra-1 sshd[9052]: Disconnecting invalid user admin 81.17.25.50 port 51837: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:05:31.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:06:18 honeypot-fra-1 sshd[9059]: Invalid user Broadcom from 81.17.25.50 port 57634","@timestamp":"2022-09-14T12:06:18.747Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:06:44.484Z","@version":"1","message":"Sep 14 12:06:43 honeypot-sgp-1 kernel: [84033312.370700] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.223.115.11 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=3933 PROTO=TCP SPT=56506 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:07:21 honeypot-fra-1 sshd[9065]: Disconnecting invalid user admin 81.17.25.50 port 56459: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:07:21.773Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:07:51.515Z","@version":"1","message":"Sep 14 12:07:50 honeypot-sgp-1 sshd[13618]: Invalid user oracle from 150.107.205.78 port 36324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:07:54 honeypot-fra-1 sshd[9073]: Disconnected from authenticating user root 61.177.172.90 port 37241 [preauth]","@timestamp":"2022-09-14T12:07:54.790Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:25 honeypot-ams-1 sshd[24794]: Invalid user user from 141.255.162.226 port 49508","@timestamp":"2022-09-14T12:08:25.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:29 honeypot-ams-1 sshd[24798]: Invalid user user from 141.255.162.226 port 44150","@timestamp":"2022-09-14T12:08:29.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:31 honeypot-ams-1 sshd[24802]: Invalid user user from 141.255.162.226 port 51780","@timestamp":"2022-09-14T12:08:31.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:08:48 honeypot-fra-1 sshd[9079]: Disconnecting invalid user  81.17.25.50 port 13558: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:08:48.814Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:38 honeypot-fra-1 sshd[9085]: Disconnecting invalid user public 81.17.25.50 port 22825: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:38.836Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:44 honeypot-fra-1 sshd[9093]: Invalid user 123456 from 81.17.25.50 port 19140","@timestamp":"2022-09-14T12:09:44.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:47 honeypot-fra-1 sshd[9099]: Invalid user readwrite from 81.17.25.50 port 35045","@timestamp":"2022-09-14T12:09:47.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:48 honeypot-fra-1 sshd[9105]: Invalid user DZY-W2914NSV2 from 81.17.25.50 port 44864","@timestamp":"2022-09-14T12:09:48.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:58 honeypot-fra-1 sshd[9111]: Invalid user zoomadsl from 81.17.25.50 port 18446","@timestamp":"2022-09-14T12:09:58.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:10:25 honeypot-fra-1 sshd[9116]: Invalid user 1admin0 from 81.17.25.50 port 1931","@timestamp":"2022-09-14T12:10:26.870Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:10:41.586Z","@version":"1","message":"Sep 14 12:10:41 honeypot-sgp-1 kernel: [84033549.979106] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=34401 PROTO=TCP SPT=56803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:12:40.637Z","@version":"1","message":"Sep 14 12:12:40 honeypot-sgp-1 kernel: [84033669.204388] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=18529 DF PROTO=TCP SPT=65390 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:16:51 honeypot-ams-1 kernel: [84034394.726370] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=55990 PROTO=TCP SPT=56803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:16:52.601Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:17:01 honeypot-fra-1 CRON[9129]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T12:17:02.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:01 honeypot-ams-1 sshd[24811]: Disconnected from authenticating user root 179.103.152.130 port 57396 [preauth]","@timestamp":"2022-09-14T12:20:01.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:08 honeypot-ams-1 sshd[24817]: Received disconnect from 179.103.152.130 port 57704:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:08.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:14 honeypot-ams-1 sshd[24823]: Received disconnect from 179.103.152.130 port 58042:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:15.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:21 honeypot-ams-1 sshd[24829]: Received disconnect from 179.103.152.130 port 58436:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:21.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:27 honeypot-ams-1 sshd[24835]: Received disconnect from 179.103.152.130 port 58770:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:28.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:35 honeypot-ams-1 sshd[24841]: Received disconnect from 179.103.152.130 port 59122:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:35.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:42 honeypot-ams-1 sshd[24847]: Received disconnect from 179.103.152.130 port 59502:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:42.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:48 honeypot-ams-1 sshd[24853]: Received disconnect from 179.103.152.130 port 59870:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:49.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:55 honeypot-ams-1 sshd[24859]: Received disconnect from 179.103.152.130 port 60208:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:55.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:02 honeypot-ams-1 sshd[24865]: Received disconnect from 179.103.152.130 port 60594:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:02.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:09 honeypot-ams-1 sshd[24871]: Received disconnect from 179.103.152.130 port 60940:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:09.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:17 honeypot-ams-1 sshd[24877]: Received disconnect from 179.103.152.130 port 33078:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:17.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:21 honeypot-ams-1 sshd[24881]: Disconnected from invalid user admin 179.103.152.130 port 33348 [preauth]","@timestamp":"2022-09-14T12:21:21.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:26 honeypot-ams-1 sshd[24885]: Disconnected from invalid user admin 179.103.152.130 port 33650 [preauth]","@timestamp":"2022-09-14T12:21:27.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:31 honeypot-ams-1 sshd[24889]: Disconnected from invalid user admin 179.103.152.130 port 33868 [preauth]","@timestamp":"2022-09-14T12:21:31.739Z"}
{"@timestamp":"2022-09-14T12:21:33.852Z","@version":"1","message":"Sep 14 12:21:33 honeypot-sgp-1 sshd[13635]: Disconnected from invalid user dedy 200.66.77.178 port 48738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:36 honeypot-ams-1 sshd[24893]: Disconnected from invalid user admin 179.103.152.130 port 34120 [preauth]","@timestamp":"2022-09-14T12:21:36.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:41 honeypot-ams-1 sshd[24897]: Disconnected from invalid user admin 179.103.152.130 port 34402 [preauth]","@timestamp":"2022-09-14T12:21:41.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:45 honeypot-ams-1 sshd[24901]: Disconnected from invalid user user 179.103.152.130 port 34646 [preauth]","@timestamp":"2022-09-14T12:21:46.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:53 honeypot-ams-1 sshd[24907]: Received disconnect from 179.103.152.130 port 35108:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:54.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:59 honeypot-ams-1 sshd[24911]: Received disconnect from 179.103.152.130 port 35344:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:59.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:04 honeypot-ams-1 sshd[24915]: Received disconnect from 179.103.152.130 port 35592:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:04.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:08 honeypot-ams-1 sshd[24919]: Received disconnect from 179.103.152.130 port 35852:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:09.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:13 honeypot-ams-1 sshd[24923]: Received disconnect from 179.103.152.130 port 36088:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:13.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:18 honeypot-ams-1 sshd[24927]: Received disconnect from 179.103.152.130 port 36326:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:18.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:23 honeypot-ams-1 sshd[24931]: Received disconnect from 179.103.152.130 port 36562:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:23.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:29 honeypot-ams-1 sshd[24935]: Received disconnect from 179.103.152.130 port 36894:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:29.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:33 honeypot-ams-1 sshd[24939]: Received disconnect from 179.103.152.130 port 37132:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:34.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:37 honeypot-ams-1 sshd[24943]: Invalid user guest from 179.103.152.130 port 37382","@timestamp":"2022-09-14T12:22:38.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:41 honeypot-ams-1 sshd[24947]: Received disconnect from 179.103.152.130 port 37486:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:41.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:46 honeypot-ams-1 sshd[24951]: Received disconnect from 179.103.152.130 port 37808:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:22:46.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:23:42 honeypot-fra-1 sshd[9138]: Received disconnect from 45.61.186.169 port 40220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:23:43.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:00 honeypot-fra-1 sshd[9143]: Received disconnect from 45.61.186.169 port 35044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T12:24:00.185Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:24:08 honeypot-ams-1 sshd[24955]: Invalid user zhangguoqiang from 137.116.144.39 port 36394","@timestamp":"2022-09-14T12:24:08.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:16 honeypot-fra-1 sshd[9148]: Invalid user user from 45.61.186.169 port 58116","@timestamp":"2022-09-14T12:24:17.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:25 honeypot-fra-1 sshd[9152]: Invalid user user from 45.61.186.169 port 41390","@timestamp":"2022-09-14T12:24:26.198Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:25:53 honeypot-fra-1 sshd[9157]: Received disconnect from 92.255.85.69 port 59010:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:25:54.232Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:25:56.973Z","@version":"1","message":"Sep 14 12:25:56 honeypot-sgp-1 sshd[13642]: Received disconnect from 220.134.113.188 port 48513:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:26:11 honeypot-ams-1 sshd[24960]: Disconnected from invalid user ssh 71.251.220.249 port 55190 [preauth]","@timestamp":"2022-09-14T12:26:11.888Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:05 honeypot-ams-1 sshd[24966]: Received disconnect from 179.151.180.133 port 52324:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:05.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:12 honeypot-ams-1 sshd[24972]: Received disconnect from 179.151.180.133 port 52708:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:12.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:19 honeypot-ams-1 sshd[24978]: Received disconnect from 179.151.180.133 port 53084:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:19.922Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:26 honeypot-ams-1 sshd[24984]: Received disconnect from 179.151.180.133 port 53450:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:26.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:33 honeypot-ams-1 sshd[24990]: Received disconnect from 179.151.180.133 port 53838:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:33.931Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:40 honeypot-ams-1 sshd[24996]: Received disconnect from 179.151.180.133 port 54224:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:40.934Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:48 honeypot-ams-1 sshd[25002]: Received disconnect from 179.151.180.133 port 54598:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:48.939Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:55 honeypot-ams-1 sshd[25008]: Received disconnect from 179.151.180.133 port 54996:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:55.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:03 honeypot-ams-1 sshd[25014]: Received disconnect from 179.151.180.133 port 55390:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:03.948Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:09 honeypot-ams-1 sshd[25020]: Received disconnect from 179.151.180.133 port 55752:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:10.952Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:17 honeypot-ams-1 sshd[25026]: Received disconnect from 179.151.180.133 port 56174:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:18.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:24 honeypot-ams-1 sshd[25032]: Received disconnect from 179.151.180.133 port 56582:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:25.961Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:29 honeypot-ams-1 sshd[25036]: Received disconnect from 179.151.180.133 port 56834:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:29.964Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:34 honeypot-ams-1 sshd[25040]: Received disconnect from 179.151.180.133 port 57092:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:34.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:39 honeypot-ams-1 sshd[25044]: Received disconnect from 179.151.180.133 port 57350:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:39.970Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:44 honeypot-ams-1 sshd[25048]: Received disconnect from 179.151.180.133 port 57638:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:44.973Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:49 honeypot-ams-1 sshd[25052]: Received disconnect from 179.151.180.133 port 57894:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:49.977Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:52 honeypot-ams-1 sshd[25058]: Disconnected from authenticating user root 92.255.85.70 port 30454 [preauth]","@timestamp":"2022-09-14T12:28:52.979Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:58 honeypot-ams-1 sshd[25062]: Received disconnect from 179.151.180.133 port 58412:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:58.982Z"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13650]: Invalid user zabbix from 35.90.115.181 port 54472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13648]: Connection closed by authenticating user root 35.90.115.181 port 54434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13662]: Invalid user admin from 35.90.115.181 port 54494","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13672]: Invalid user www from 35.90.115.181 port 54506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13656]: Connection closed by authenticating user root 35.90.115.181 port 54474 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13658]: Connection closed by invalid user ansible 35.90.115.181 port 54502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13663]: Connection closed by invalid user oracle 35.90.115.181 port 54436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13673]: Connection closed by authenticating user root 35.90.115.181 port 54460 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:02.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13706]: Invalid user testuser from 35.90.115.181 port 54476","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:03 honeypot-ams-1 sshd[25066]: Received disconnect from 179.151.180.133 port 58676:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:03.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:08 honeypot-ams-1 sshd[25070]: Received disconnect from 179.151.180.133 port 58950:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:08.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:13 honeypot-ams-1 sshd[25074]: Received disconnect from 179.151.180.133 port 59188:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:13.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:17 honeypot-ams-1 sshd[25078]: Received disconnect from 179.151.180.133 port 59448:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:17.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:22 honeypot-ams-1 sshd[25082]: Received disconnect from 179.151.180.133 port 59692:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:22.998Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:26 honeypot-ams-1 sshd[25086]: Received disconnect from 179.151.180.133 port 59934:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:27.000Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:31 honeypot-ams-1 sshd[25090]: Received disconnect from 179.151.180.133 port 60188:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:32.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:36 honeypot-ams-1 sshd[25094]: Received disconnect from 179.151.180.133 port 60404:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:37.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:40 honeypot-ams-1 sshd[25098]: Received disconnect from 179.151.180.133 port 60676:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:41.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:46 honeypot-ams-1 sshd[25102]: Received disconnect from 179.151.180.133 port 60928:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:29:47.014Z"}
{"@timestamp":"2022-09-14T12:30:42.097Z","@version":"1","message":"Sep 14 12:30:41 honeypot-sgp-1 kernel: [84034750.305415] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.146.42.196 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=22523 DF PROTO=TCP SPT=10039 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:30:53 honeypot-fra-1 kernel: [84033074.005906] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=14874 PROTO=TCP SPT=56701 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:30:54.348Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:31:25.118Z","@version":"1","message":"Sep 14 12:31:24 honeypot-sgp-1 sshd[13712]: Disconnected from 61.177.173.51 port 12932 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:35:52 honeypot-fra-1 sshd[9164]: Disconnected from authenticating user root 61.177.173.47 port 24886 [preauth]","@timestamp":"2022-09-14T12:35:52.463Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:36:06 honeypot-ams-1 kernel: [84035549.152184] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=13351 PROTO=TCP SPT=50844 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:36:06.177Z"}
{"@timestamp":"2022-09-14T12:38:55.308Z","@version":"1","message":"Sep 14 12:38:55 honeypot-sgp-1 sshd[13721]: Received disconnect from 61.177.172.19 port 12734:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:46:37.509Z","@version":"1","message":"Sep 14 12:46:36 honeypot-sgp-1 sshd[13727]: Received disconnect from 92.255.85.70 port 30104:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:47:19 honeypot-fra-1 sshd[9173]: Received disconnect from 61.177.173.36 port 63816:11:  [preauth]","@timestamp":"2022-09-14T12:47:20.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:49:12 honeypot-fra-1 kernel: [84034173.232830] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.42.204 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=29691 DF PROTO=TCP SPT=14267 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:49:13.772Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:51:05.623Z","@version":"1","message":"Sep 14 12:51:04 honeypot-sgp-1 sshd[13736]: Received disconnect from 91.240.118.222 port 41757:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:52:04.650Z","@version":"1","message":"Sep 14 12:52:04 honeypot-sgp-1 sshd[13742]: Disconnected from authenticating user root 61.177.173.37 port 59275 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:52:14 honeypot-ams-1 sshd[25110]: Received disconnect from 92.255.85.69 port 23578:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:52:15.590Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:54:24 honeypot-fra-1 sshd[9181]: Received disconnect from 118.27.107.40 port 54032:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:54:24.892Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:56:15 honeypot-ams-1 kernel: [84036759.007761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=50.116.48.39 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34346 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:56:16.697Z"}
{"@timestamp":"2022-09-14T12:57:33.789Z","@version":"1","message":"Sep 14 12:57:33 honeypot-sgp-1 sshd[13751]: Invalid user postgres from 182.23.23.42 port 54114","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:31.815Z","@version":"1","message":"Sep 14 12:58:31 honeypot-sgp-1 sshd[13754]: Disconnected from invalid user user 45.61.186.249 port 53534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:52.826Z","@version":"1","message":"Sep 14 12:58:51 honeypot-sgp-1 sshd[13760]: Invalid user user from 45.61.186.249 port 48600","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:11.834Z","@version":"1","message":"Sep 14 12:59:11 honeypot-sgp-1 sshd[13764]: Invalid user user from 45.61.186.249 port 43670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:21.840Z","@version":"1","message":"Sep 14 12:59:21 honeypot-sgp-1 sshd[13766]: Disconnected from invalid user user 45.61.186.249 port 55296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:59:39 honeypot-fra-1 sshd[9188]: Disconnected from authenticating user root 61.177.172.98 port 61402 [preauth]","@timestamp":"2022-09-14T12:59:40.009Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:40 honeypot-ams-1 sshd[25118]: Disconnected from authenticating user root 61.245.162.61 port 56846 [preauth]","@timestamp":"2022-09-14T12:59:40.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:45 honeypot-ams-1 sshd[25124]: Received disconnect from 61.245.162.61 port 57044:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:45.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:49 honeypot-ams-1 sshd[25130]: Received disconnect from 61.245.162.61 port 57334:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:49.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:54 honeypot-ams-1 sshd[25136]: Received disconnect from 61.245.162.61 port 57564:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:54.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:58 honeypot-ams-1 sshd[25142]: Received disconnect from 61.245.162.61 port 57776:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:58.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:03 honeypot-ams-1 sshd[25148]: Received disconnect from 61.245.162.61 port 58076:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:03.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:07 honeypot-ams-1 sshd[25154]: Received disconnect from 61.245.162.61 port 58282:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:08.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:12 honeypot-ams-1 sshd[25160]: Received disconnect from 61.245.162.61 port 58592:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:12.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:17 honeypot-ams-1 sshd[25166]: Received disconnect from 61.245.162.61 port 58788:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:17.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:21 honeypot-ams-1 sshd[25172]: Received disconnect from 61.245.162.61 port 59094:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:21.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:26 honeypot-ams-1 sshd[25178]: Received disconnect from 61.245.162.61 port 59298:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:26.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:31 honeypot-ams-1 sshd[25184]: Received disconnect from 61.245.162.61 port 59644:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:31.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:34 honeypot-ams-1 sshd[25188]: Disconnected from invalid user admin 61.245.162.61 port 59782 [preauth]","@timestamp":"2022-09-14T13:00:34.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:37 honeypot-ams-1 sshd[25192]: Disconnected from invalid user admin 61.245.162.61 port 59936 [preauth]","@timestamp":"2022-09-14T13:00:37.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:40 honeypot-ams-1 sshd[25196]: Disconnected from invalid user admin 61.245.162.61 port 60144 [preauth]","@timestamp":"2022-09-14T13:00:40.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:43 honeypot-ams-1 sshd[25200]: Disconnected from invalid user admin 61.245.162.61 port 60322 [preauth]","@timestamp":"2022-09-14T13:00:43.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:46 honeypot-ams-1 sshd[25204]: Disconnected from invalid user admin 61.245.162.61 port 60452 [preauth]","@timestamp":"2022-09-14T13:00:46.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:49 honeypot-ams-1 sshd[25208]: Disconnected from invalid user user 61.245.162.61 port 60666 [preauth]","@timestamp":"2022-09-14T13:00:49.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:54 honeypot-ams-1 sshd[25214]: Received disconnect from 61.245.162.61 port 60918:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:54.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:57 honeypot-ams-1 sshd[25218]: Received disconnect from 61.245.162.61 port 32820:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:57.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:00 honeypot-ams-1 sshd[25222]: Received disconnect from 61.245.162.61 port 33024:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:00.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:03 honeypot-ams-1 sshd[25226]: Received disconnect from 61.245.162.61 port 33212:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:04.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:07 honeypot-ams-1 sshd[25230]: Received disconnect from 61.245.162.61 port 33358:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:07.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:10 honeypot-ams-1 sshd[25234]: Received disconnect from 61.245.162.61 port 33590:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:10.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:13 honeypot-ams-1 sshd[25238]: Received disconnect from 61.245.162.61 port 33764:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:13.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:16 honeypot-ams-1 sshd[25242]: Received disconnect from 61.245.162.61 port 33918:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:16.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:19 honeypot-ams-1 sshd[25246]: Received disconnect from 61.245.162.61 port 34120:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:20.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:23 honeypot-ams-1 sshd[25250]: Received disconnect from 61.245.162.61 port 34298:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:23.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:26 honeypot-ams-1 sshd[25254]: Received disconnect from 61.245.162.61 port 34452:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:01:26.861Z"}
{"@timestamp":"2022-09-14T13:01:54.902Z","@version":"1","message":"Sep 14 13:01:54 honeypot-sgp-1 sshd[13774]: Invalid user spice from 157.230.183.86 port 34080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:05:13.985Z","@version":"1","message":"Sep 14 13:05:13 honeypot-sgp-1 sshd[13780]: Invalid user koyama from 103.42.57.139 port 33822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:06:42 honeypot-ams-1 kernel: [84037385.997922] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41203 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:06:42.997Z"}
{"@timestamp":"2022-09-14T13:09:27.091Z","@version":"1","message":"Sep 14 13:09:26 honeypot-sgp-1 sshd[13784]: Received disconnect from 37.193.112.180 port 40804:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:12:43 honeypot-fra-1 sshd[9199]: Received disconnect from 92.255.85.70 port 42446:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:12:44.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:13:22.190Z","@version":"1","message":"Sep 14 13:13:21 honeypot-sgp-1 kernel: [84037310.258763] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=42560 DF PROTO=TCP SPT=54032 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:15:35 honeypot-ams-1 sshd[25261]: Disconnected from authenticating user root 92.255.85.69 port 25800 [preauth]","@timestamp":"2022-09-14T13:15:35.227Z"}
{"@timestamp":"2022-09-14T13:17:49.307Z","@version":"1","message":"Sep 14 13:17:48 honeypot-sgp-1 kernel: [84037577.151398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.118.39.86 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=36258 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:19:05 honeypot-fra-1 sshd[9207]: Received disconnect from 61.177.173.50 port 29067:11:  [preauth]","@timestamp":"2022-09-14T13:19:05.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:21:21 honeypot-fra-1 sshd[9212]: Received disconnect from 175.197.233.197 port 44890:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:21:22.497Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:22:02 honeypot-ams-1 sshd[25267]: Disconnected from 161.35.131.133 port 45410 [preauth]","@timestamp":"2022-09-14T13:22:03.400Z"}
{"@timestamp":"2022-09-14T13:22:14.418Z","@version":"1","message":"Sep 14 13:22:13 honeypot-sgp-1 sshd[13801]: Disconnected from authenticating user root 61.177.173.36 port 30722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:26:44 honeypot-ams-1 kernel: [84038587.721425] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=41670 DF PROTO=TCP SPT=40490 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:26:45.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:29:03 honeypot-ams-1 sshd[25275]: Received disconnect from 177.94.199.94 port 48144:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:29:03.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:29:38 honeypot-fra-1 sshd[9654]: Received disconnect from 61.177.172.114 port 26073:11:  [preauth]","@timestamp":"2022-09-14T13:29:39.686Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:30:05.614Z","@version":"1","message":"Sep 14 13:30:05 honeypot-sgp-1 kernel: [84038314.202361] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.32.218.10 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=44593 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:07 honeypot-fra-1 sshd[9660]: Disconnected from invalid user qsvr 115.112.152.114 port 2030 [preauth]","@timestamp":"2022-09-14T13:31:08.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:32 honeypot-fra-1 sshd[9664]: Disconnected from invalid user user 198.98.61.9 port 56932 [preauth]","@timestamp":"2022-09-14T13:31:32.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:50 honeypot-fra-1 sshd[9668]: Disconnected from invalid user user 198.98.61.9 port 51844 [preauth]","@timestamp":"2022-09-14T13:31:50.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:07 honeypot-fra-1 sshd[9672]: Disconnected from invalid user user 198.98.61.9 port 46760 [preauth]","@timestamp":"2022-09-14T13:32:07.782Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:32:13 honeypot-ams-1 sshd[25279]: Received disconnect from 35.202.200.207 port 1944:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:32:13.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:34 honeypot-fra-1 sshd[9678]: Disconnected from invalid user monitor 159.65.98.176 port 58346 [preauth]","@timestamp":"2022-09-14T13:32:35.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:36:44 honeypot-fra-1 sshd[9685]: Received disconnect from 92.255.85.70 port 34278:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:36:44.891Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:38:48 honeypot-ams-1 sshd[25284]: Received disconnect from 92.255.85.69 port 47628:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:38:48.843Z"}
{"@timestamp":"2022-09-14T13:39:44.856Z","@version":"1","message":"Sep 14 13:39:44 honeypot-sgp-1 kernel: [84038893.229027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38902 PROTO=TCP SPT=32737 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:43:31.955Z","@version":"1","message":"Sep 14 13:43:31 honeypot-sgp-1 sshd[13820]: Disconnected from invalid user insideout 139.59.102.10 port 54578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:43:54 honeypot-fra-1 sshd[9689]: Disconnected from authenticating user root 179.43.156.143 port 49788 [preauth]","@timestamp":"2022-09-14T13:43:54.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:53 honeypot-fra-1 sshd[9694]: Disconnected from invalid user user 45.61.186.49 port 43112 [preauth]","@timestamp":"2022-09-14T13:44:53.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:03 honeypot-fra-1 sshd[9698]: Disconnected from invalid user user 45.61.186.49 port 54698 [preauth]","@timestamp":"2022-09-14T13:45:04.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:48 honeypot-fra-1 kernel: [84037569.006532] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=23814 PROTO=TCP SPT=42989 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:45:49.103Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:47:11 honeypot-fra-1 sshd[9710]: Disconnected from authenticating user root 179.43.156.143 port 60908 [preauth]","@timestamp":"2022-09-14T13:47:12.138Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:48:29 honeypot-fra-1 sshd[9715]: Disconnected from invalid user ossuser 179.43.156.143 port 54010 [preauth]","@timestamp":"2022-09-14T13:48:30.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:49:51 honeypot-fra-1 sshd[9721]: Disconnected from authenticating user root 179.43.156.143 port 47186 [preauth]","@timestamp":"2022-09-14T13:49:52.204Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:51:11 honeypot-ams-1 kernel: [84040054.612516] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.248.35.4 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=19888 DF PROTO=TCP SPT=34068 DPT=443 WINDOW=42340 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:51:12.162Z"}
{"@timestamp":"2022-09-14T13:51:21.172Z","@version":"1","message":"Sep 14 13:51:21 honeypot-sgp-1 sshd[13829]: Connection closed by invalid user admin 178.128.125.205 port 63112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:51:21.172Z","@version":"1","message":"Sep 14 13:51:21 honeypot-sgp-1 sshd[13835]: Connection closed by invalid user admin 178.128.125.205 port 63150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:51:58 honeypot-fra-1 sshd[9731]: Disconnected from authenticating user root 179.43.156.143 port 36924 [preauth]","@timestamp":"2022-09-14T13:51:59.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:53:24 honeypot-fra-1 sshd[9735]: Disconnected from authenticating user root 179.43.156.143 port 58324 [preauth]","@timestamp":"2022-09-14T13:53:24.306Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:55:10 honeypot-ams-1 sshd[25293]: Disconnected from 204.48.30.72 port 35452 [preauth]","@timestamp":"2022-09-14T13:55:11.267Z"}
{"@timestamp":"2022-09-14T13:57:29.328Z","@version":"1","message":"Sep 14 13:57:28 honeypot-sgp-1 sshd[13842]: Disconnected from authenticating user root 92.255.85.69 port 58766 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:00:16 honeypot-fra-1 sshd[9746]: Invalid user l4d2 from 165.22.45.108 port 52972","@timestamp":"2022-09-14T14:00:17.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:01:37.437Z","@version":"1","message":"Sep 14 14:01:36 honeypot-sgp-1 kernel: [84040205.040693] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.1.91.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=46461 PROTO=TCP SPT=24453 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:03:51 honeypot-ams-1 sshd[25298]: Did not receive identification string from 45.61.186.49 port 45984","@timestamp":"2022-09-14T14:03:51.499Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:13 honeypot-ams-1 sshd[25301]: Disconnected from invalid user user 45.61.186.49 port 56130 [preauth]","@timestamp":"2022-09-14T14:04:14.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:27 honeypot-ams-1 sshd[25305]: Disconnected from invalid user user 45.61.186.49 port 39672 [preauth]","@timestamp":"2022-09-14T14:04:27.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:05:09 honeypot-fra-1 kernel: [84038730.089804] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.134.114.97 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=47285 DF PROTO=TCP SPT=6311 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:05:10.578Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:11:29 honeypot-fra-1 sshd[9762]: Invalid user test from 62.204.41.222 port 17384","@timestamp":"2022-09-14T14:11:29.722Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:12:16.698Z","@version":"1","message":"Sep 14 14:12:16 honeypot-sgp-1 kernel: [84040844.809293] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.18.88.202 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=16171 PROTO=TCP SPT=52803 DPT=80 WINDOW=60003 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:14:43 honeypot-ams-1 sshd[25313]: Received disconnect from 178.62.81.147 port 44328:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:14:43.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:18:36 honeypot-fra-1 sshd[9770]: Received disconnect from 61.177.172.90 port 64363:11:  [preauth]","@timestamp":"2022-09-14T14:18:37.885Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:18:47.855Z","@version":"1","message":"Sep 14 14:18:47 honeypot-sgp-1 sshd[13865]: Received disconnect from 173.82.235.128 port 49910:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:21:06 honeypot-ams-1 kernel: [84041849.417083] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.184.66.255 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19855 PROTO=TCP SPT=58156 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:21:06.957Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:22:00 honeypot-fra-1 kernel: [84039740.269863] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36685 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:22:00.962Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T14:22:15.939Z","@version":"1","message":"Sep 14 14:22:15 honeypot-sgp-1 sshd[13873]: Connection closed by authenticating user root 103.188.176.251 port 52310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:24:07 honeypot-fra-1 sshd[9779]: Received disconnect from 61.177.173.50 port 36673:11:  [preauth]","@timestamp":"2022-09-14T14:24:08.015Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T14:25:01.031Z","@version":"1","message":"Sep 14 14:25:00 honeypot-sgp-1 sshd[13877]: Disconnected from authenticating user root 61.177.173.51 port 41685 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:10.061Z","@version":"1","message":"Sep 14 14:26:09 honeypot-sgp-1 sshd[13882]: Received disconnect from 45.61.184.204 port 36678:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:28.070Z","@version":"1","message":"Sep 14 14:26:27 honeypot-sgp-1 sshd[13886]: Received disconnect from 45.61.184.204 port 60042:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:49.080Z","@version":"1","message":"Sep 14 14:26:48 honeypot-sgp-1 sshd[13890]: Received disconnect from 45.61.184.204 port 55166:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:27:20 honeypot-ams-1 sshd[25329]: Disconnected from authenticating user root 80.76.51.189 port 41516 [preauth]","@timestamp":"2022-09-14T14:27:21.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:28:39 honeypot-ams-1 sshd[25336]: Disconnected from authenticating user root 80.76.51.189 port 49862 [preauth]","@timestamp":"2022-09-14T14:28:39.159Z"}
{"@timestamp":"2022-09-14T14:29:03.136Z","@version":"1","message":"Sep 14 14:29:02 honeypot-sgp-1 kernel: [84041851.244195] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.4.109 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=61122 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:29:57 honeypot-ams-1 sshd[25343]: Received disconnect from 80.76.51.189 port 58202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:29:58.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:30:51 honeypot-ams-1 sshd[25347]: Disconnected from authenticating user root 80.76.51.189 port 35550 [preauth]","@timestamp":"2022-09-14T14:30:52.224Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:31:39 honeypot-fra-1 kernel: [84040319.660742] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.142.201 DST=165.22.82.222 LEN=60 TOS=0x08 PREC=0x00 TTL=43 ID=63980 DF PROTO=TCP SPT=44220 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:31:40.186Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:32:14 honeypot-ams-1 sshd[25354]: Received disconnect from 80.76.51.189 port 43904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:32:14.262Z"}
{"@timestamp":"2022-09-14T14:32:18.224Z","@version":"1","message":"Sep 14 14:32:17 honeypot-sgp-1 kernel: [84042046.224742] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.128.255.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39495 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:33:11 honeypot-ams-1 sshd[25358]: Received disconnect from 80.76.51.189 port 49458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:33:12.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:33:47 honeypot-fra-1 kernel: [84040447.749207] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.80.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=38682 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:33:48.239Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:34:09 honeypot-ams-1 sshd[25363]: Received disconnect from 80.76.51.189 port 55040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:34:10.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:35:06 honeypot-ams-1 sshd[25367]: Received disconnect from 80.76.51.189 port 60610:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:35:07.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:36:32 honeypot-ams-1 sshd[25374]: Invalid user oracle from 80.76.51.189 port 40726","@timestamp":"2022-09-14T14:36:33.383Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9811]: Invalid user bitwarden from 185.209.179.41 port 58182","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9807]: Invalid user esuser from 185.209.179.41 port 58170","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9803]: Invalid user dev from 185.209.179.41 port 58254","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9805]: Connection closed by invalid user mcserv 185.209.179.41 port 58242 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9807]: Connection closed by invalid user esuser 185.209.179.41 port 58170 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9795]: Connection closed by invalid user es 185.209.179.41 port 58174 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9837]: Invalid user es from 185.209.179.41 port 58192","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9841]: Invalid user cloud from 185.209.179.41 port 58190","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9834]: Connection closed by invalid user oracle 185.209.179.41 port 58168 [preauth]","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9856]: Invalid user esuser from 185.209.179.41 port 58226","@timestamp":"2022-09-14T14:37:07.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9855]: Connection closed by invalid user oracle 185.209.179.41 port 58202 [preauth]","@timestamp":"2022-09-14T14:37:08.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:37:32 honeypot-ams-1 sshd[25378]: Received disconnect from 80.76.51.189 port 46298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:37:32.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:38:33 honeypot-ams-1 sshd[25382]: Disconnected from invalid user odoo 80.76.51.189 port 51866 [preauth]","@timestamp":"2022-09-14T14:38:33.438Z"}
{"@timestamp":"2022-09-14T14:42:18.475Z","@version":"1","message":"Sep 14 14:42:18 honeypot-sgp-1 sshd[13907]: Received disconnect from 61.177.172.108 port 54169:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:42:55 honeypot-ams-1 kernel: [84043158.035635] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.248.6.38 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=72 ID=7219 PROTO=TCP SPT=56372 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:42:55.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:46:02 honeypot-fra-1 sshd[9869]: Received disconnect from 191.251.56.156 port 44293:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:46:02.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:48:00 honeypot-fra-1 sshd[9875]: Received disconnect from 111.67.193.58 port 35044:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:48:01.594Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:49:46 honeypot-ams-1 sshd[25393]: Received disconnect from 92.255.85.70 port 49006:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:49:46.763Z"}
{"@timestamp":"2022-09-14T14:50:01.665Z","@version":"1","message":"Sep 14 14:50:01 honeypot-sgp-1 sshd[13914]: Received disconnect from 61.177.173.36 port 14673:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:50:03 honeypot-fra-1 sshd[9883]: Disconnected from authenticating user root 51.222.116.82 port 47576 [preauth]","@timestamp":"2022-09-14T14:50:04.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:51:23 honeypot-fra-1 sshd[9888]: Invalid user namarte from 201.123.131.103 port 43116","@timestamp":"2022-09-14T14:51:23.695Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:31 honeypot-ams-1 sshd[25400]: Disconnected from authenticating user root 109.205.213.23 port 41494 [preauth]","@timestamp":"2022-09-14T14:52:31.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:54 honeypot-ams-1 sshd[25406]: Disconnected from authenticating user root 109.205.213.23 port 56948 [preauth]","@timestamp":"2022-09-14T14:52:54.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:53:19 honeypot-ams-1 sshd[25412]: Disconnected from authenticating user root 109.205.213.23 port 44170 [preauth]","@timestamp":"2022-09-14T14:53:19.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:34 honeypot-ams-1 sshd[25418]: Received disconnect from 109.205.213.23 port 45954:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:54:34.902Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:54:57 honeypot-ams-1 kernel: [84043880.892910] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=36011 PROTO=TCP SPT=9111 DPT=443 WINDOW=6236 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:54:58.915Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:56:55 honeypot-fra-1 sshd[9895]: Disconnected from authenticating user root 61.177.173.51 port 32817 [preauth]","@timestamp":"2022-09-14T14:56:55.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:03:09 honeypot-fra-1 sshd[9900]: Disconnected from authenticating user root 61.177.172.124 port 18269 [preauth]","@timestamp":"2022-09-14T15:03:09.961Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:04:09.007Z","@version":"1","message":"Sep 14 15:04:08 honeypot-sgp-1 sshd[13930]: Invalid user teste from 86.102.122.148 port 45184","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:06:20 honeypot-ams-1 sshd[25425]: Disconnected from invalid user oyn 104.248.113.173 port 53094 [preauth]","@timestamp":"2022-09-14T15:06:21.209Z"}
{"@timestamp":"2022-09-14T15:08:10.107Z","@version":"1","message":"Sep 14 15:08:09 honeypot-sgp-1 sshd[13934]: Disconnected from authenticating user root 92.255.85.70 port 40250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:10:31 honeypot-fra-1 sshd[9909]: Received disconnect from 92.255.85.70 port 39186:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:10:32.129Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:13:38 honeypot-ams-1 sshd[25431]: Received disconnect from 92.255.85.70 port 52212:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:13:38.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:17:01 honeypot-ams-1 CRON[25433]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T15:17:01.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:19:21 honeypot-fra-1 sshd[9917]: Disconnected from authenticating user root 61.177.173.36 port 21104 [preauth]","@timestamp":"2022-09-14T15:19:22.328Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:19:48.410Z","@version":"1","message":"Sep 14 15:19:48 honeypot-sgp-1 sshd[13947]: Connection reset by 205.210.31.185 port 53211 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:05 honeypot-ams-1 sshd[25438]: Disconnected from invalid user user 45.61.186.49 port 59954 [preauth]","@timestamp":"2022-09-14T15:21:05.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:15 honeypot-ams-1 sshd[25442]: Disconnected from invalid user user 45.61.186.49 port 43358 [preauth]","@timestamp":"2022-09-14T15:21:16.617Z"}
{"@timestamp":"2022-09-14T15:23:47.510Z","@version":"1","message":"Sep 14 15:23:46 honeypot-sgp-1 sshd[13953]: Disconnected from invalid user user 45.61.186.49 port 57326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:23:58.516Z","@version":"1","message":"Sep 14 15:23:57 honeypot-sgp-1 sshd[13959]: Disconnected from invalid user user 45.61.186.49 port 40954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:25:18 honeypot-ams-1 sshd[25446]: Invalid user bpadmin from 204.48.30.77 port 46438","@timestamp":"2022-09-14T15:25:18.741Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:25:43 honeypot-fra-1 sshd[9926]: Invalid user galaxytab18 from 177.73.136.175 port 50930","@timestamp":"2022-09-14T15:25:44.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:14 honeypot-fra-1 sshd[9933]: Did not receive identification string from 193.142.146.50 port 54056","@timestamp":"2022-09-14T15:26:15.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:58 honeypot-fra-1 sshd[9938]: Disconnected from authenticating user root 193.142.146.50 port 47620 [preauth]","@timestamp":"2022-09-14T15:26:58.510Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:28:21 honeypot-fra-1 sshd[9945]: Disconnected from authenticating user root 193.142.146.50 port 45178 [preauth]","@timestamp":"2022-09-14T15:28:22.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:29:01 honeypot-fra-1 sshd[9953]: Disconnected from authenticating user root 193.142.146.50 port 42738 [preauth]","@timestamp":"2022-09-14T15:29:02.567Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:29:50.666Z","@version":"1","message":"Sep 14 15:29:50 honeypot-sgp-1 sshd[13970]: Disconnected from authenticating user root 175.203.61.33 port 33502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:30:19 honeypot-fra-1 sshd[9959]: Received disconnect from 193.142.146.50 port 40298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:30:19.599Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:31:23.707Z","@version":"1","message":"Sep 14 15:31:23 honeypot-sgp-1 sshd[13976]: Received disconnect from 92.255.85.69 port 26190:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:31:23 honeypot-ams-1 sshd[25450]: Invalid user operator from 175.203.23.6 port 40566","@timestamp":"2022-09-14T15:31:24.899Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:33:09 honeypot-fra-1 kernel: [84044009.800293] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60150 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:33:10.664Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:35:00 honeypot-ams-1 sshd[25454]: Received disconnect from 148.72.244.44 port 43904:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:35:00.994Z"}
{"@timestamp":"2022-09-14T15:35:27.805Z","@version":"1","message":"Sep 14 15:35:27 honeypot-sgp-1 sshd[13981]: Received disconnect from 61.177.172.108 port 11478:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:37:12 honeypot-fra-1 sshd[9971]: Invalid user l4d from 165.22.45.108 port 34630","@timestamp":"2022-09-14T15:37:12.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:39 honeypot-ams-1 sshd[25460]: Received disconnect from 141.255.162.226 port 59100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:37:40.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:42 honeypot-ams-1 sshd[25464]: Received disconnect from 141.255.162.226 port 45038:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:37:43.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:44 honeypot-ams-1 sshd[25468]: Received disconnect from 141.255.162.226 port 52120:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:37:45.070Z"}
{"@timestamp":"2022-09-14T15:41:00.940Z","@version":"1","message":"Sep 14 15:41:00 honeypot-sgp-1 kernel: [84046169.051482] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.83.65.232 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=13349 DF PROTO=TCP SPT=52569 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:43:39.024Z","@version":"1","message":"Sep 14 15:43:38 honeypot-sgp-1 sshd[13990]: Disconnected from invalid user aw 37.110.25.185 port 54648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:43:48 honeypot-fra-1 kernel: [84044648.641156] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.89.239.57 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=54813 DF PROTO=TCP SPT=43958 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:43:48.905Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:47:35 honeypot-ams-1 sshd[25472]: Unable to negotiate with 190.124.32.18 port 51929: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-14T15:47:35.325Z"}
{"@timestamp":"2022-09-14T15:51:36.212Z","@version":"1","message":"Sep 14 15:51:36 honeypot-sgp-1 kernel: [84046804.528206] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=56548 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:53:50 honeypot-fra-1 sshd[9986]: Received disconnect from 61.177.173.53 port 50234:11:  [preauth]","@timestamp":"2022-09-14T15:53:51.127Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:57:41.378Z","@version":"1","message":"Sep 14 15:57:40 honeypot-sgp-1 sshd[14007]: Disconnected from authenticating user root 61.177.173.39 port 32650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:59:05 honeypot-fra-1 sshd[9993]: Disconnected from authenticating user root 61.177.172.104 port 42367 [preauth]","@timestamp":"2022-09-14T15:59:06.260Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:00:13 honeypot-ams-1 sshd[25492]: Disconnected from authenticating user root 92.255.85.70 port 27248 [preauth]","@timestamp":"2022-09-14T16:00:14.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:04:48 honeypot-ams-1 sshd[25497]: Received disconnect from 144.24.190.159 port 59634:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:04:48.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:05:24 honeypot-ams-1 sshd[25501]: Received disconnect from 46.23.109.125 port 33416:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:05:24.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:06:54 honeypot-ams-1 sshd[25505]: Received disconnect from 34.231.32.12 port 46544:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:06:54.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:09:05 honeypot-ams-1 sshd[25507]: Disconnected from invalid user test 62.204.41.222 port 26334 [preauth]","@timestamp":"2022-09-14T16:09:05.887Z"}
{"@timestamp":"2022-09-14T16:09:44.667Z","@version":"1","message":"Sep 14 16:09:44 honeypot-sgp-1 sshd[14017]: Invalid user admin from 31.184.198.71 port 48197","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:09.681Z","@version":"1","message":"Sep 14 16:10:08 honeypot-sgp-1 sshd[14021]: Disconnecting invalid user  31.184.198.71 port 26333: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:31.691Z","@version":"1","message":"Sep 14 16:10:31 honeypot-sgp-1 sshd[14027]: Disconnecting invalid user admin 31.184.198.71 port 23405: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:57.705Z","@version":"1","message":"Sep 14 16:10:57 honeypot-sgp-1 sshd[14033]: Disconnecting invalid user manager 31.184.198.71 port 42154: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:11:24 honeypot-fra-1 kernel: [84046304.833260] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=20458 PROTO=TCP SPT=43092 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:11:25.526Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:11:33.723Z","@version":"1","message":"Sep 14 16:11:32 honeypot-sgp-1 sshd[14041]: Invalid user Admin from 31.184.198.71 port 15212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:51.732Z","@version":"1","message":"Sep 14 16:11:51 honeypot-sgp-1 sshd[14046]: Disconnecting invalid user  31.184.198.71 port 16134: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:21.747Z","@version":"1","message":"Sep 14 16:12:20 honeypot-sgp-1 sshd[14055]: Invalid user user from 45.61.184.204 port 44392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:31.753Z","@version":"1","message":"Sep 14 16:12:31 honeypot-sgp-1 sshd[14058]: Received disconnect from 45.61.184.204 port 56050:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:40.758Z","@version":"1","message":"Sep 14 16:12:40 honeypot-sgp-1 sshd[14062]: Disconnected from invalid user user 45.61.184.204 port 39534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:57.767Z","@version":"1","message":"Sep 14 16:12:57 honeypot-sgp-1 sshd[14068]: Invalid user 1234 from 31.184.198.71 port 32735","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:07.772Z","@version":"1","message":"Sep 14 16:13:07 honeypot-sgp-1 sshd[14074]: Invalid user user from 45.61.184.204 port 46238","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:17.778Z","@version":"1","message":"Sep 14 16:13:17 honeypot-sgp-1 sshd[14078]: Received disconnect from 45.61.184.204 port 57912:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:34.787Z","@version":"1","message":"Sep 14 16:13:34 honeypot-sgp-1 sshd[14084]: Invalid user admin from 31.184.198.71 port 45596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:01.801Z","@version":"1","message":"Sep 14 16:14:01 honeypot-sgp-1 sshd[14090]: Disconnecting invalid user Administrator 31.184.198.71 port 48380: Change of username or service not allowed: (Administrator,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:27.815Z","@version":"1","message":"Sep 14 16:14:27 honeypot-sgp-1 sshd[14096]: Disconnecting invalid user sti.admin5 31.184.198.71 port 19323: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:53.828Z","@version":"1","message":"Sep 14 16:14:53 honeypot-sgp-1 sshd[14103]: Disconnecting invalid user zhone 31.184.198.71 port 54242: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:27.846Z","@version":"1","message":"Sep 14 16:15:27 honeypot-sgp-1 sshd[14110]: Disconnecting invalid user default 31.184.198.71 port 33047: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:56 honeypot-ams-1 sshd[25516]: Invalid user ubnt from 191.49.65.97 port 43085","@timestamp":"2022-09-14T16:15:57.062Z"}
{"@timestamp":"2022-09-14T16:15:57.861Z","@version":"1","message":"Sep 14 16:15:57 honeypot-sgp-1 sshd[14116]: Disconnecting invalid user Administrator 31.184.198.71 port 29715: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:02 honeypot-ams-1 sshd[25520]: Disconnected from authenticating user root 191.49.65.97 port 43206 [preauth]","@timestamp":"2022-09-14T16:16:03.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:10 honeypot-ams-1 sshd[25526]: Disconnected from authenticating user root 191.49.65.97 port 43402 [preauth]","@timestamp":"2022-09-14T16:16:11.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:22 honeypot-ams-1 sshd[25532]: Received disconnect from 191.49.65.97 port 43670:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:23.077Z"}
{"@timestamp":"2022-09-14T16:16:25.876Z","@version":"1","message":"Sep 14 16:16:25 honeypot-sgp-1 sshd[14123]: Invalid user admin from 31.184.198.71 port 33274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:35 honeypot-ams-1 sshd[25538]: Received disconnect from 191.49.65.97 port 43961:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:36.085Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:16:47 honeypot-ams-1 kernel: [84048790.606232] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.239.15.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=9872 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:16:48.091Z"}
{"@timestamp":"2022-09-14T16:16:51.889Z","@version":"1","message":"Sep 14 16:16:51 honeypot-sgp-1 sshd[14129]: Invalid user comcast from 31.184.198.71 port 30874","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:17:13.901Z","@version":"1","message":"Sep 14 16:17:13 honeypot-sgp-1 sshd[14136]: Invalid user  from 31.184.198.71 port 16472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:17:39.915Z","@version":"1","message":"Sep 14 16:17:39 honeypot-sgp-1 sshd[14142]: Invalid user  from 31.184.198.71 port 9949","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:11.930Z","@version":"1","message":"Sep 14 16:18:11 honeypot-sgp-1 sshd[14148]: Invalid user admin from 31.184.198.71 port 15942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:28.939Z","@version":"1","message":"Sep 14 16:18:28 honeypot-sgp-1 sshd[14154]: Disconnecting authenticating user root 31.184.198.71 port 52133: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:18:47 honeypot-ams-1 sshd[25549]: Disconnected from invalid user admin 162.241.222.29 port 49682 [preauth]","@timestamp":"2022-09-14T16:18:47.144Z"}
{"@timestamp":"2022-09-14T16:18:57.954Z","@version":"1","message":"Sep 14 16:18:57 honeypot-sgp-1 sshd[14161]: Invalid user 0 from 31.184.198.71 port 62626","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:24.968Z","@version":"1","message":"Sep 14 16:19:23 honeypot-sgp-1 sshd[14167]: Invalid user admin from 31.184.198.71 port 64518","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:44.978Z","@version":"1","message":"Sep 14 16:19:44 honeypot-sgp-1 sshd[14173]: Invalid user Broadcom from 31.184.198.71 port 6475","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:12.993Z","@version":"1","message":"Sep 14 16:20:12 honeypot-sgp-1 sshd[14180]: Invalid user cusadmin from 31.184.198.71 port 58057","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:31.002Z","@version":"1","message":"Sep 14 16:20:30 honeypot-sgp-1 sshd[14184]: Disconnecting invalid user smcadmin 31.184.198.71 port 17402: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:55.015Z","@version":"1","message":"Sep 14 16:20:54 honeypot-sgp-1 sshd[14191]: Invalid user admin from 31.184.198.71 port 24437","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:21.027Z","@version":"1","message":"Sep 14 16:21:20 honeypot-sgp-1 sshd[14197]: Invalid user user from 31.184.198.71 port 34899","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:51.042Z","@version":"1","message":"Sep 14 16:21:50 honeypot-sgp-1 sshd[14204]: Invalid user 123456 from 31.184.198.71 port 12501","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:27.060Z","@version":"1","message":"Sep 14 16:22:26 honeypot-sgp-1 sshd[14210]: Invalid user readwrite from 31.184.198.71 port 25662","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:55.075Z","@version":"1","message":"Sep 14 16:22:54 honeypot-sgp-1 sshd[14216]: Invalid user DZY-W2914NSV2 from 31.184.198.71 port 4005","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:23:27 honeypot-ams-1 sshd[25554]: Disconnected from authenticating user root 92.255.85.70 port 33178 [preauth]","@timestamp":"2022-09-14T16:23:27.264Z"}
{"@timestamp":"2022-09-14T16:23:36.094Z","@version":"1","message":"Sep 14 16:23:35 honeypot-sgp-1 sshd[14223]: Invalid user zoomadsl from 31.184.198.71 port 51036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:24:08.110Z","@version":"1","message":"Sep 14 16:24:07 honeypot-sgp-1 sshd[14229]: Invalid user ltecl4r0 from 31.184.198.71 port 24160","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:26:46 honeypot-fra-1 sshd[10004]: Invalid user l4dserver from 165.22.45.108 port 39606","@timestamp":"2022-09-14T16:26:46.874Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:29:49 honeypot-ams-1 sshd[25561]: Received disconnect from 200.137.5.196 port 44284:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:29:49.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:34:13 honeypot-ams-1 sshd[25566]: Received disconnect from 201.17.133.138 port 39914:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:34:13.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:34:16 honeypot-fra-1 kernel: [84047676.367169] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.136.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=50675 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:34:17.047Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:37:53.454Z","@version":"1","message":"Sep 14 16:37:52 honeypot-sgp-1 sshd[14235]: Invalid user flexit from 104.131.190.193 port 40210","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:44:11.607Z","@version":"1","message":"Sep 14 16:44:11 honeypot-sgp-1 kernel: [84049959.738462] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.116.60.63 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=30846 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:44:31 honeypot-fra-1 sshd[10015]: Received disconnect from 92.255.85.69 port 25598:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:44:32.280Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:47:34 honeypot-ams-1 sshd[25572]: Received disconnect from 92.255.85.70 port 21494:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:47:35.880Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:51:23 honeypot-fra-1 kernel: [84048703.617888] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.219.248.199 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=58744 DF PROTO=TCP SPT=56228 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:51:24.437Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T16:52:41.816Z","@version":"1","message":"Sep 14 16:52:41 honeypot-sgp-1 sshd[14244]: Received disconnect from 193.142.146.50 port 45524:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:53:34.842Z","@version":"1","message":"Sep 14 16:53:33 honeypot-sgp-1 sshd[14250]: Received disconnect from 193.142.146.50 port 41552:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:54:41.872Z","@version":"1","message":"Sep 14 16:54:41 honeypot-sgp-1 sshd[14257]: Received disconnect from 193.142.146.50 port 37580:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:20 honeypot-fra-1 sshd[10022]: Invalid user user from 45.61.186.49 port 60738","@timestamp":"2022-09-14T16:55:20.529Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:55:21.892Z","@version":"1","message":"Sep 14 16:55:21 honeypot-sgp-1 sshd[14263]: Invalid user user1 from 103.188.176.251 port 37776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:30 honeypot-fra-1 sshd[10026]: Invalid user user from 45.61.186.49 port 43788","@timestamp":"2022-09-14T16:55:30.534Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:56:12.914Z","@version":"1","message":"Sep 14 16:56:12 honeypot-sgp-1 sshd[14267]: Disconnected from invalid user test 193.142.146.50 port 51108 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:00:50 honeypot-ams-1 kernel: [84051433.526125] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=56407 PROTO=TCP SPT=54393 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:00:51.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:04:36 honeypot-fra-1 sshd[10029]: Did not receive identification string from 45.61.187.160 port 35168","@timestamp":"2022-09-14T17:04:37.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:30 honeypot-fra-1 sshd[10032]: Disconnected from invalid user user 45.61.187.160 port 52154 [preauth]","@timestamp":"2022-09-14T17:05:30.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:49 honeypot-fra-1 sshd[10036]: Disconnected from invalid user user 45.61.187.160 port 46660 [preauth]","@timestamp":"2022-09-14T17:05:49.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:06:06 honeypot-fra-1 sshd[10041]: Disconnected from invalid user user 45.61.187.160 port 41186 [preauth]","@timestamp":"2022-09-14T17:06:06.798Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:07:33.181Z","@version":"1","message":"Sep 14 17:07:32 honeypot-sgp-1 kernel: [84051361.055377] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=238 ID=17099 PROTO=TCP SPT=55193 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:09:01 honeypot-ams-1 CRON[25577]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T17:09:01.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:09:01 honeypot-fra-1 CRON[10047]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T17:09:01.864Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:09:02.220Z","@version":"1","message":"Sep 14 17:09:01 honeypot-sgp-1 CRON[14280]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:14.226Z","@version":"1","message":"Sep 14 17:09:13 honeypot-sgp-1 kernel: [84051461.973912] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=239 ID=59769 PROTO=TCP SPT=55212 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:36.237Z","@version":"1","message":"Sep 14 17:09:35 honeypot-sgp-1 sshd[14291]: Disconnected from authenticating user root 109.205.213.23 port 40242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:10:15 honeypot-ams-1 sshd[25582]: Disconnected from invalid user odoo 192.241.243.84 port 36810 [preauth]","@timestamp":"2022-09-14T17:10:15.465Z"}
{"@timestamp":"2022-09-14T17:10:53.271Z","@version":"1","message":"Sep 14 17:10:53 honeypot-sgp-1 sshd[14298]: Disconnected from authenticating user root 109.205.213.23 port 42874 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:11:12.280Z","@version":"1","message":"Sep 14 17:11:11 honeypot-sgp-1 sshd[14302]: Disconnected from invalid user admin 109.205.213.23 port 44190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:13:35 honeypot-ams-1 sshd[25587]: Disconnected from invalid user qhsupport 162.19.64.34 port 37500 [preauth]","@timestamp":"2022-09-14T17:13:35.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:14:29 honeypot-fra-1 sshd[10052]: Received disconnect from 165.22.45.108 port 44584:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:14:29.991Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:16:12 honeypot-ams-1 kernel: [84052355.340381] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=56269 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:16:12.620Z"}
{"@timestamp":"2022-09-14T17:18:35.460Z","@version":"1","message":"Sep 14 17:18:35 honeypot-sgp-1 kernel: [84052023.786702] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=26939 PROTO=TCP SPT=56701 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:19:46 honeypot-fra-1 kernel: [84050406.676905] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.154.242.150 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=23254 PROTO=TCP SPT=55509 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:19:47.113Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:21:03 honeypot-ams-1 kernel: [84052645.875323] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.30 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=50487 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:21:03.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:39 honeypot-ams-1 sshd[25601]: Received disconnect from 198.98.61.9 port 44746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:22:39.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:57 honeypot-ams-1 sshd[25605]: Received disconnect from 198.98.61.9 port 39062:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:22:58.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:14 honeypot-ams-1 sshd[25609]: Received disconnect from 198.98.61.9 port 33286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:23:14.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:25:25 honeypot-fra-1 sshd[10061]: Invalid user admin from 199.115.228.186 port 42494","@timestamp":"2022-09-14T17:25:25.244Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:26:53 honeypot-ams-1 sshd[25616]: Received disconnect from 190.128.230.98 port 36030:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:26:53.902Z"}
{"@timestamp":"2022-09-14T17:28:00.682Z","@version":"1","message":"Sep 14 17:28:00 honeypot-sgp-1 sshd[14312]: Disconnected from authenticating user root 92.255.85.69 port 42764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:28:12 honeypot-fra-1 sshd[10067]: Did not receive identification string from 45.61.184.204 port 60406","@timestamp":"2022-09-14T17:28:13.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:28:55 honeypot-fra-1 sshd[10070]: Disconnected from invalid user user 45.61.184.204 port 47670 [preauth]","@timestamp":"2022-09-14T17:28:56.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:14 honeypot-fra-1 sshd[10074]: Disconnected from invalid user user 45.61.184.204 port 42244 [preauth]","@timestamp":"2022-09-14T17:29:14.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:31 honeypot-fra-1 sshd[10080]: Invalid user user from 45.61.184.204 port 36832","@timestamp":"2022-09-14T17:29:32.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:30:43 honeypot-fra-1 kernel: [84051062.751914] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54199 PROTO=TCP SPT=56602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:30:43.375Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:33:42 honeypot-ams-1 sshd[25622]: Received disconnect from 92.255.85.70 port 18082:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:33:43.070Z"}
{"@timestamp":"2022-09-14T17:35:13.855Z","@version":"1","message":"Sep 14 17:35:13 honeypot-sgp-1 kernel: [84053021.412159] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=239 ID=61110 PROTO=TCP SPT=56830 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:40:14 honeypot-ams-1 kernel: [84053797.003616] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.190.153.0 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=8988 DF PROTO=TCP SPT=17103 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:40:14.238Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:40:27 honeypot-fra-1 sshd[10088]: Disconnected from authenticating user root 51.222.13.62 port 35868 [preauth]","@timestamp":"2022-09-14T17:40:27.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:42:08 honeypot-fra-1 sshd[10095]: Received disconnect from 143.198.154.97 port 36444:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:42:09.639Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:45:45 honeypot-fra-1 kernel: [84051964.861797] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=102.134.114.97 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=63081 DF PROTO=TCP SPT=43277 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:45:45.723Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:49:14 honeypot-fra-1 sshd[10102]: Disconnected from invalid user seafile 20.126.126.43 port 41826 [preauth]","@timestamp":"2022-09-14T17:49:14.805Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:51:47.241Z","@version":"1","message":"Sep 14 17:51:46 honeypot-sgp-1 sshd[14322]: Disconnected from authenticating user root 92.255.85.69 port 44418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:53:43 honeypot-ams-1 kernel: [84054606.746047] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.158.113.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=40653 PROTO=TCP SPT=51642 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:53:44.586Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:54:40 honeypot-fra-1 sshd[10107]: Disconnected from authenticating user root 92.255.85.69 port 46036 [preauth]","@timestamp":"2022-09-14T17:54:40.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:02:31 honeypot-fra-1 sshd[10112]: Invalid user la from 165.22.45.108 port 49570","@timestamp":"2022-09-14T18:02:32.108Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T18:02:39.497Z","@version":"1","message":"Sep 14 18:02:38 honeypot-sgp-1 sshd[14327]: Connection closed by 87.236.176.2 port 39063 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:03:54 honeypot-fra-1 sshd[10116]: Invalid user postgres from 82.200.65.218 port 43772","@timestamp":"2022-09-14T18:03:54.141Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:05:08 honeypot-ams-1 sshd[25636]: Invalid user admin from 104.131.13.185 port 44880","@timestamp":"2022-09-14T18:05:08.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:05:36 honeypot-fra-1 sshd[10119]: Connection closed by invalid user pi 78.43.206.165 port 48750 [preauth]","@timestamp":"2022-09-14T18:05:37.181Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:08:12 honeypot-ams-1 sshd[25639]: Received disconnect from 185.118.48.206 port 57724:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:08:12.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:08:36 honeypot-fra-1 sshd[10126]: Invalid user gituser from 164.70.100.221 port 47422","@timestamp":"2022-09-14T18:08:37.253Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:11:27 honeypot-fra-1 sshd[10129]: Received disconnect from 51.38.227.101 port 43050:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:11:28.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:11:52 honeypot-fra-1 sshd[10133]: Disconnected from invalid user oracle 170.210.203.212 port 56870 [preauth]","@timestamp":"2022-09-14T18:11:53.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T18:15:08.219Z","@version":"1","message":"Sep 14 18:15:07 honeypot-sgp-1 sshd[14331]: Disconnected from authenticating user root 92.255.85.70 port 56664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:17:01 honeypot-ams-1 CRON[25642]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T18:17:02.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:19:40 honeypot-fra-1 sshd[10145]: Invalid user ks from 119.28.105.34 port 53788","@timestamp":"2022-09-14T18:19:40.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:23:11 honeypot-fra-1 sshd[10149]: Received disconnect from 31.220.59.91 port 51850:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:23:11.591Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T18:26:57.497Z","@version":"1","message":"Sep 14 18:26:57 honeypot-sgp-1 sshd[14337]: Disconnected from invalid user odoo 185.143.45.150 port 58748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:27:47 honeypot-ams-1 kernel: [84056650.139588] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.54.184.91 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=63310 PROTO=TCP SPT=51599 DPT=80 WINDOW=45393 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:27:47.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:35:03 honeypot-fra-1 kernel: [84054923.375212] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.200.29.77 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=35099 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:35:03.860Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T18:38:33.772Z","@version":"1","message":"Sep 14 18:38:33 honeypot-sgp-1 sshd[14355]: Received disconnect from 92.255.85.69 port 21918:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:00 honeypot-ams-1 sshd[25652]: Disconnected from authenticating user root 80.76.51.45 port 60846 [preauth]","@timestamp":"2022-09-14T18:40:00.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:31 honeypot-ams-1 sshd[25656]: Disconnected from invalid user test 80.76.51.45 port 59330 [preauth]","@timestamp":"2022-09-14T18:40:31.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:14 honeypot-ams-1 sshd[25662]: Disconnected from authenticating user root 80.76.51.45 port 43138 [preauth]","@timestamp":"2022-09-14T18:41:14.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:58 honeypot-ams-1 sshd[25668]: Disconnected from authenticating user root 80.76.51.45 port 55304 [preauth]","@timestamp":"2022-09-14T18:41:58.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:42:06 honeypot-fra-1 kernel: [84055346.179673] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=164.52.24.190 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41713 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:42:07.021Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:40 honeypot-ams-1 sshd[25674]: Received disconnect from 80.76.51.45 port 39094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:42:41.890Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:43:38 honeypot-ams-1 sshd[25678]: Disconnected from authenticating user root 92.255.85.70 port 58376 [preauth]","@timestamp":"2022-09-14T18:43:38.916Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:47:38 honeypot-ams-1 kernel: [84057841.256622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.179.184.132 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=14261 DF PROTO=TCP SPT=59056 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:47:39.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:50:34 honeypot-fra-1 sshd[10162]: Received disconnect from 165.22.45.108 port 54562:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:50:35.216Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:23 honeypot-ams-1 sshd[25685]: Disconnected from authenticating user root 80.76.51.46 port 34674 [preauth]","@timestamp":"2022-09-14T18:53:24.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:52 honeypot-ams-1 sshd[25691]: Disconnected from authenticating user root 80.76.51.46 port 45416 [preauth]","@timestamp":"2022-09-14T18:53:53.224Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:53:58 honeypot-fra-1 sshd[10165]: Received disconnect from 103.19.229.213 port 51576:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:53:59.318Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:15 honeypot-ams-1 sshd[25698]: Invalid user user from 141.255.162.226 port 37894","@timestamp":"2022-09-14T18:54:15.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:17 honeypot-ams-1 sshd[25702]: Invalid user user from 141.255.162.226 port 57790","@timestamp":"2022-09-14T18:54:18.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:21 honeypot-ams-1 sshd[25706]: Invalid user user from 141.255.162.226 port 34676","@timestamp":"2022-09-14T18:54:22.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:22 honeypot-ams-1 sshd[25710]: Received disconnect from 80.76.51.46 port 56070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:23.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:33 honeypot-ams-1 sshd[25714]: Disconnected from authenticating user root 80.76.51.46 port 59630 [preauth]","@timestamp":"2022-09-14T18:54:33.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:04 honeypot-ams-1 sshd[25720]: Disconnected from authenticating user root 80.76.51.46 port 42074 [preauth]","@timestamp":"2022-09-14T18:55:05.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:26 honeypot-ams-1 sshd[25724]: Disconnected from invalid user admin 80.76.51.46 port 49212 [preauth]","@timestamp":"2022-09-14T18:55:27.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:56:06 honeypot-fra-1 sshd[10171]: Invalid user pi from 194.44.139.244 port 49526","@timestamp":"2022-09-14T18:56:06.368Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:58:35 honeypot-ams-1 kernel: [84058498.547884] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=47481 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:58:36.360Z"}
{"@timestamp":"2022-09-14T19:01:46.309Z","@version":"1","message":"Sep 14 19:01:45 honeypot-sgp-1 sshd[14359]: Received disconnect from 92.255.85.70 port 16218:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:01:52 honeypot-fra-1 sshd[10176]: Invalid user user1 from 103.188.176.251 port 50900","@timestamp":"2022-09-14T19:01:53.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:02:19.325Z","@version":"1","message":"Sep 14 19:02:18 honeypot-sgp-1 sshd[14363]: Disconnected from authenticating user root 200.195.162.66 port 48138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:13 honeypot-fra-1 kernel: [84056852.973000] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.93.242 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=62806 PROTO=TCP SPT=42430 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:07:13.625Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10201]: Invalid user elastic from 43.138.12.15 port 44068","@timestamp":"2022-09-14T19:08:00.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10188]: Connection closed by invalid user mcserv 43.138.12.15 port 44072 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10213]: Connection closed by invalid user elastic 43.138.12.15 port 44096 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10189]: Invalid user vagrant from 43.138.12.15 port 44040","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10206]: Invalid user ansible from 43.138.12.15 port 44094","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10200]: Invalid user admin from 43.138.12.15 port 44032","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10184]: Connection closed by invalid user steam 43.138.12.15 port 44050 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10197]: Connection closed by invalid user ftpuser 43.138.12.15 port 44051 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10198]: Connection closed by invalid user hduser 43.138.12.15 port 44080 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10202]: Connection closed by invalid user ansible 43.138.12.15 port 44066 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:09:45 honeypot-ams-1 sshd[25734]: Invalid user admin from 176.15.138.108 port 1716","@timestamp":"2022-09-14T19:09:45.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:14:13 honeypot-fra-1 kernel: [84057272.590082] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=8844 PROTO=TCP SPT=54600 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:14:13.790Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:14:42 honeypot-ams-1 sshd[25737]: Received disconnect from 179.96.150.109 port 49284:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:14:42.779Z"}
{"@timestamp":"2022-09-14T19:17:01.676Z","@version":"1","message":"Sep 14 19:17:01 honeypot-sgp-1 CRON[14369]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:22:56 honeypot-ams-1 sshd[25743]: Disconnected from authenticating user root 187.33.56.200 port 38559 [preauth]","@timestamp":"2022-09-14T19:22:57.013Z"}
{"@timestamp":"2022-09-14T19:24:37.863Z","@version":"1","message":"Sep 14 19:24:37 honeypot-sgp-1 sshd[14375]: Received disconnect from 211.253.27.169 port 40748:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:26:53.937Z","@version":"1","message":"Sep 14 19:26:53 honeypot-sgp-1 sshd[14379]: Disconnected from invalid user zn 47.250.47.151 port 48868 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:29:50 honeypot-fra-1 kernel: [84058210.192301] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=18367 DF PROTO=TCP SPT=56023 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T19:29:51.141Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T19:30:05.015Z","@version":"1","message":"Sep 14 19:30:04 honeypot-sgp-1 sshd[14385]: Disconnected from authenticating user root 68.183.156.109 port 57542 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:31:30 honeypot-ams-1 kernel: [84060473.399758] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18723 PROTO=TCP SPT=42184 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:31:31.237Z"}
{"@timestamp":"2022-09-14T19:35:27.147Z","@version":"1","message":"Sep 14 19:35:26 honeypot-sgp-1 sshd[14391]: Invalid user bianyuzhe from 137.116.144.39 port 48070","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:38:40 honeypot-fra-1 sshd[10356]: Received disconnect from 165.22.45.108 port 59550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T19:38:41.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:44:38 honeypot-ams-1 kernel: [84061261.581889] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=41952 PROTO=TCP SPT=24575 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:44:39.573Z"}
{"@timestamp":"2022-09-14T19:46:13.406Z","@version":"1","message":"Sep 14 19:46:13 honeypot-sgp-1 sshd[14397]: Invalid user oky from 113.200.60.74 port 41933","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:48:41.466Z","@version":"1","message":"Sep 14 19:48:40 honeypot-sgp-1 sshd[14402]: Disconnected from authenticating user root 92.255.85.70 port 32696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:50:01 honeypot-fra-1 sshd[10362]: Disconnected from invalid user den 115.36.144.104 port 40272 [preauth]","@timestamp":"2022-09-14T19:50:01.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:53:42 honeypot-ams-1 sshd[25755]: Disconnected from authenticating user root 92.255.85.69 port 17840 [preauth]","@timestamp":"2022-09-14T19:53:42.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10373]: Invalid user lighthouse from 45.127.108.174 port 54228","@timestamp":"2022-09-14T19:53:53.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10372]: Invalid user oracle from 45.127.108.174 port 54234","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10373]: Connection closed by invalid user lighthouse 45.127.108.174 port 54228 [preauth]","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10394]: Invalid user testuser from 45.127.108.174 port 54242","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10386]: Connection closed by invalid user chia 45.127.108.174 port 54254 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10381]: Connection closed by authenticating user root 45.127.108.174 port 54236 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10393]: Connection closed by invalid user admin 45.127.108.174 port 54196 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10370]: Connection closed by invalid user oracle 45.127.108.174 port 54226 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:54:58 honeypot-fra-1 sshd[10430]: Received disconnect from 198.23.148.137 port 52036:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:54:58.713Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:05:04.859Z","@version":"1","message":"Sep 14 20:05:04 honeypot-sgp-1 sshd[14407]: Invalid user admin from 180.150.31.207 port 46065","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:11:48.021Z","@version":"1","message":"Sep 14 20:11:47 honeypot-sgp-1 kernel: [84062416.087135] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.156.73.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=20913 PROTO=TCP SPT=59192 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:12:56 honeypot-ams-1 kernel: [84062959.418565] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.230.34.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=43885 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:12:57.321Z"}
{"@timestamp":"2022-09-14T20:13:30.063Z","@version":"1","message":"Sep 14 20:13:29 honeypot-sgp-1 sshd[14416]: Received disconnect from 141.255.162.226 port 41582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:35.066Z","@version":"1","message":"Sep 14 20:13:34 honeypot-sgp-1 sshd[14420]: Invalid user user from 141.255.162.226 port 37630","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:36.067Z","@version":"1","message":"Sep 14 20:13:35 honeypot-sgp-1 sshd[14425]: Invalid user user from 141.255.162.226 port 45728","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:48.073Z","@version":"1","message":"Sep 14 20:13:47 honeypot-sgp-1 sshd[14429]: Invalid user user from 45.61.186.49 port 59704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:53.076Z","@version":"1","message":"Sep 14 20:13:52 honeypot-sgp-1 sshd[14433]: Received disconnect from 45.61.186.49 port 37174:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:14:04.081Z","@version":"1","message":"Sep 14 20:14:03 honeypot-sgp-1 sshd[14437]: Connection closed by invalid user user 45.61.186.49 port 48572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:14:11 honeypot-fra-1 sshd[10438]: Received disconnect from 92.255.85.69 port 19188:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:14:12.144Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:15:07 honeypot-fra-1 sshd[10442]: Received disconnect from 217.218.215.101 port 42584:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:15:08.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:17:45.172Z","@version":"1","message":"Sep 14 20:17:45 honeypot-sgp-1 kernel: [84062773.307920] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.175.70.147 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=57447 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:17:50 honeypot-ams-1 kernel: [84063253.115217] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.237 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59258 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:17:50.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:20:29 honeypot-fra-1 sshd[10448]: Connection closed by invalid user tomcat 193.106.191.157 port 55534 [preauth]","@timestamp":"2022-09-14T20:20:30.292Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:25:47.366Z","@version":"1","message":"Sep 14 20:25:46 honeypot-sgp-1 kernel: [84063254.960934] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.178.84.183 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39714 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:28:24 honeypot-ams-1 sshd[25773]: Disconnected from invalid user remnux 128.199.22.126 port 57474 [preauth]","@timestamp":"2022-09-14T20:28:24.733Z"}
{"@timestamp":"2022-09-14T20:30:08.477Z","@version":"1","message":"Sep 14 20:30:08 honeypot-sgp-1 kernel: [84063516.675799] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.200.31.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=24250 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:30:50 honeypot-ams-1 kernel: [84064032.854385] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=53938 PROTO=TCP SPT=47402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:30:50.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:34:32 honeypot-fra-1 kernel: [84062091.975392] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.4.89 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46984 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:34:33.607Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T20:36:38.818Z","@version":"1","message":"Sep 14 20:36:38 honeypot-sgp-1 sshd[14457]: Invalid user user from 141.255.162.226 port 36274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:43.821Z","@version":"1","message":"Sep 14 20:36:42 honeypot-sgp-1 sshd[14461]: Invalid user user from 141.255.162.226 port 53118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:46.822Z","@version":"1","message":"Sep 14 20:36:46 honeypot-sgp-1 sshd[14465]: Invalid user user from 141.255.162.226 port 50182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:38:24 honeypot-fra-1 kernel: [84062323.902466] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42676 PROTO=TCP SPT=54695 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:38:24.698Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:40:37 honeypot-ams-1 sshd[25780]: Received disconnect from 92.255.85.70 port 35990:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:40:38.061Z"}
{"@timestamp":"2022-09-14T20:46:10.037Z","@version":"1","message":"Sep 14 20:46:09 honeypot-sgp-1 kernel: [84064477.729069] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.102.227 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=59510 PROTO=TCP SPT=47992 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:47:41 honeypot-ams-1 sshd[25783]: Disconnected from authenticating user root 72.167.55.58 port 42204 [preauth]","@timestamp":"2022-09-14T20:47:42.248Z"}
{"@timestamp":"2022-09-14T20:55:19.251Z","@version":"1","message":"Sep 14 20:55:18 honeypot-sgp-1 kernel: [84065026.830819] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.105.114.93 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=39881 PROTO=TCP SPT=47469 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:59:51.356Z","@version":"1","message":"Sep 14 20:59:50 honeypot-sgp-1 sshd[14481]: Invalid user dks from 116.92.213.114 port 53358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:00:56 honeypot-fra-1 sshd[10458]: Invalid user bianyuzhe from 137.116.144.39 port 41928","@timestamp":"2022-09-14T21:00:57.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:01:01 honeypot-ams-1 kernel: [84065844.304929] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=43403 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:01:01.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:03:34 honeypot-ams-1 sshd[25791]: Disconnected from authenticating user root 92.255.85.69 port 38216 [preauth]","@timestamp":"2022-09-14T21:03:34.665Z"}
{"@timestamp":"2022-09-14T21:06:19.507Z","@version":"1","message":"Sep 14 21:06:18 honeypot-sgp-1 sshd[14562]: Invalid user pi from 50.45.186.194 port 38322","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:01 honeypot-fra-1 sshd[10471]: Did not receive identification string from 43.138.12.15 port 47778","@timestamp":"2022-09-14T21:08:02.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:03 honeypot-fra-1 sshd[10466]: Invalid user esuser from 43.138.12.15 port 55906","@timestamp":"2022-09-14T21:08:03.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10475]: Invalid user minecraft from 43.138.12.15 port 55958","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10484]: Invalid user admin from 43.138.12.15 port 55946","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10496]: Invalid user mcserv from 43.138.12.15 port 55968","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10481]: Connection closed by invalid user ftpuser 43.138.12.15 port 55956 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10501]: Connection closed by invalid user es 43.138.12.15 port 55966 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10500]: Invalid user hduser from 43.138.12.15 port 55944","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10474]: Connection closed by invalid user ts3srv 43.138.12.15 port 55916 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10494]: Connection closed by invalid user hduser 43.138.12.15 port 55972 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10499]: Connection closed by invalid user guest 43.138.12.15 port 55974 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10498]: Connection closed by invalid user steam 43.138.12.15 port 55918 [preauth]","@timestamp":"2022-09-14T21:08:07.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T21:09:33.581Z","@version":"1","message":"Sep 14 21:09:33 honeypot-sgp-1 kernel: [84065881.534215] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=11328 DF PROTO=TCP SPT=42712 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T21:13:50.682Z","@version":"1","message":"Sep 14 21:13:50 honeypot-sgp-1 sshd[14567]: Received disconnect from 68.183.88.138 port 51056:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:17:01 honeypot-ams-1 CRON[25795]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T21:17:02.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:17:01 honeypot-fra-1 CRON[10533]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T21:17:02.564Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T21:22:24.877Z","@version":"1","message":"Sep 14 21:22:24 honeypot-sgp-1 sshd[14574]: Received disconnect from 92.255.85.69 port 50720:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:26:13 honeypot-fra-1 kernel: [84065193.145609] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.152.52.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16049 PROTO=TCP SPT=50773 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:26:14.769Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:27:20 honeypot-ams-1 sshd[25803]: Received disconnect from 92.255.85.69 port 40724:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:27:20.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:30:10 honeypot-fra-1 kernel: [84065429.581216] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.254.43 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=54382 DF PROTO=TCP SPT=49442 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T21:30:10.860Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:49 honeypot-ams-1 sshd[25809]: Invalid user user from 198.98.61.9 port 43092","@timestamp":"2022-09-14T21:31:50.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:06 honeypot-ams-1 sshd[25813]: Invalid user user from 198.98.61.9 port 38022","@timestamp":"2022-09-14T21:32:07.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:24 honeypot-ams-1 sshd[25817]: Invalid user user from 198.98.61.9 port 32830","@timestamp":"2022-09-14T21:32:25.434Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:34:28 honeypot-ams-1 kernel: [84067851.020740] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=13721 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:34:28.487Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:38:59 honeypot-ams-1 sshd[25824]: Received disconnect from 143.244.134.191 port 35546:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:38:59.632Z"}
{"@timestamp":"2022-09-14T21:46:20.436Z","@version":"1","message":"Sep 14 21:46:20 honeypot-sgp-1 kernel: [84068088.375277] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.194.198 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39679 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:51:09 honeypot-ams-1 kernel: [84068851.956911] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.238.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=28665 PROTO=TCP SPT=28653 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:51:09.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:24 honeypot-ams-1 sshd[25833]: Invalid user user from 45.61.186.249 port 57334","@timestamp":"2022-09-14T21:51:24.959Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:44 honeypot-ams-1 sshd[25837]: Invalid user user from 45.61.186.249 port 51402","@timestamp":"2022-09-14T21:51:44.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:52:01 honeypot-ams-1 sshd[25841]: Invalid user user from 45.61.186.249 port 45470","@timestamp":"2022-09-14T21:52:01.979Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:52:49 honeypot-fra-1 kernel: [84066788.592463] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=63170 PROTO=TCP SPT=50408 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:52:50.375Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T21:55:29.645Z","@version":"1","message":"Sep 14 21:55:29 honeypot-sgp-1 kernel: [84068637.552840] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=12684 PROTO=TCP SPT=52458 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:00:14.756Z","@version":"1","message":"Sep 14 22:00:13 honeypot-sgp-1 sshd[14586]: Disconnected from invalid user ilaria 41.169.26.228 port 44780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:01:38 honeypot-ams-1 kernel: [84069481.223816] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=425 PROTO=TCP SPT=51715 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:01:39.225Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:02:48 honeypot-fra-1 sshd[10550]: Received disconnect from 165.22.45.108 port 46276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:02:48.618Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:05:28.878Z","@version":"1","message":"Sep 14 22:05:28 honeypot-sgp-1 sshd[14593]: Invalid user user from 141.255.162.226 port 34332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:34.880Z","@version":"1","message":"Sep 14 22:05:34 honeypot-sgp-1 sshd[14597]: Invalid user user from 141.255.162.226 port 56832","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:07:04 honeypot-fra-1 kernel: [84067643.495591] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=57082 PROTO=TCP SPT=51715 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:07:04.715Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:07:12.919Z","@version":"1","message":"Sep 14 22:07:12 honeypot-sgp-1 sshd[14599]: Invalid user jb from 128.199.150.171 port 49156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:22 honeypot-ams-1 sshd[25847]: Disconnected from invalid user dlm 101.32.213.77 port 36780 [preauth]","@timestamp":"2022-09-14T22:09:23.423Z"}
{"@timestamp":"2022-09-14T22:09:36.975Z","@version":"1","message":"Sep 14 22:09:36 honeypot-sgp-1 sshd[14603]: Disconnected from authenticating user root 61.177.173.51 port 19799 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:39 honeypot-ams-1 sshd[25851]: Disconnected from invalid user lo 208.184.30.130 port 46884 [preauth]","@timestamp":"2022-09-14T22:09:39.434Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:11:08 honeypot-ams-1 kernel: [84070051.304862] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.91.221.105 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:11:09.474Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:12:16 honeypot-ams-1 sshd[25859]: Disconnected from authenticating user root 61.177.173.35 port 45746 [preauth]","@timestamp":"2022-09-14T22:12:17.505Z"}
{"@timestamp":"2022-09-14T22:12:49.051Z","@version":"1","message":"Sep 14 22:12:48 honeypot-sgp-1 sshd[14608]: Disconnected from invalid user admin 217.165.114.155 port 46177 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:15:13 honeypot-ams-1 sshd[25866]: Bad protocol version identification 'MGLNDD_178.62.254.91_22' from 192.241.206.41 port 56960","@timestamp":"2022-09-14T22:15:14.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:16:13 honeypot-fra-1 sshd[10560]: Invalid user MASTERWIFI from 141.98.10.158 port 53626","@timestamp":"2022-09-14T22:16:13.937Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:17:38 honeypot-ams-1 kernel: [84070441.545053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:17:39.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:18:27 honeypot-fra-1 kernel: [84068326.214266] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.41 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35825 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:18:27.991Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:19:20 honeypot-ams-1 kernel: [84070542.901853] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.10.20.66 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=62949 DF PROTO=TCP SPT=46962 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:19:20.698Z"}
{"@timestamp":"2022-09-14T22:20:26.227Z","@version":"1","message":"Sep 14 22:20:25 honeypot-sgp-1 kernel: [84070133.492325] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38670 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:23:03 honeypot-ams-1 sshd[25879]: Received disconnect from 107.189.10.112 port 33406:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:23:03.799Z"}
{"@timestamp":"2022-09-14T22:24:58.353Z","@version":"1","message":"Sep 14 22:24:57 honeypot-sgp-1 sshd[14620]: Disconnected from invalid user vitastaa 115.75.146.156 port 47450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:24.391Z","@version":"1","message":"Sep 14 22:26:24 honeypot-sgp-1 sshd[14624]: Received disconnect from 223.197.151.55 port 43553:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:46.401Z","@version":"1","message":"Sep 14 22:26:46 honeypot-sgp-1 sshd[14630]: Invalid user pi from 60.221.50.163 port 39822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:28:57.453Z","@version":"1","message":"Sep 14 22:28:57 honeypot-sgp-1 sshd[14634]: Received disconnect from 213.222.20.244 port 43234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:29:43.473Z","@version":"1","message":"Sep 14 22:29:42 honeypot-sgp-1 sshd[14639]: Disconnected from authenticating user root 61.177.173.51 port 60602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:30:45.501Z","@version":"1","message":"Sep 14 22:30:44 honeypot-sgp-1 sshd[14645]: Received disconnect from 103.147.4.202 port 46450:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:31:05 honeypot-ams-1 sshd[25886]: Disconnected from authenticating user root 61.177.173.51 port 11565 [preauth]","@timestamp":"2022-09-14T22:31:06.007Z"}
{"@timestamp":"2022-09-14T22:31:43.528Z","@version":"1","message":"Sep 14 22:31:42 honeypot-sgp-1 kernel: [84070811.015388] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.197.31 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59910 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:33:16.567Z","@version":"1","message":"Sep 14 22:33:16 honeypot-sgp-1 sshd[14653]: Received disconnect from 178.128.28.51 port 33964:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:33:26 honeypot-fra-1 kernel: [84069225.502264] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.106.115.253 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=14655 DF PROTO=TCP SPT=15679 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:33:27.366Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:34:00.586Z","@version":"1","message":"Sep 14 22:33:59 honeypot-sgp-1 sshd[14657]: Received disconnect from 81.16.11.250 port 54256:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:37:02 honeypot-ams-1 sshd[25891]: Received disconnect from 61.177.173.39 port 53695:11:  [preauth]","@timestamp":"2022-09-14T22:37:03.166Z"}
{"@timestamp":"2022-09-14T22:37:26.668Z","@version":"1","message":"Sep 14 22:37:26 honeypot-sgp-1 sshd[14664]: Invalid user user from 141.255.162.226 port 60730","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:30.670Z","@version":"1","message":"Sep 14 22:37:30 honeypot-sgp-1 sshd[14668]: Invalid user user from 141.255.162.226 port 48064","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:35.673Z","@version":"1","message":"Sep 14 22:37:34 honeypot-sgp-1 sshd[14672]: Connection closed by 141.255.162.226 port 55844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:38:35 honeypot-fra-1 sshd[10572]: Received disconnect from 219.240.99.77 port 55354:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:38:36.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:41:09 honeypot-ams-1 sshd[25898]: Received disconnect from 61.177.173.49 port 59963:11:  [preauth]","@timestamp":"2022-09-14T22:41:09.273Z"}
{"@timestamp":"2022-09-14T22:41:11.762Z","@version":"1","message":"Sep 14 22:41:11 honeypot-sgp-1 kernel: [84071379.661634] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:41:26 honeypot-fra-1 sshd[10576]: Received disconnect from 68.183.225.151 port 33992:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:41:27.565Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:45:08.859Z","@version":"1","message":"Sep 14 22:45:08 honeypot-sgp-1 sshd[14681]: Received disconnect from 61.177.173.39 port 20633:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:47:42 honeypot-ams-1 kernel: [84072245.128220] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.38.211 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=52053 PROTO=TCP SPT=54895 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:47:43.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:48:02 honeypot-fra-1 sshd[10581]: Received disconnect from 188.36.125.179 port 39736:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:48:02.714Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:50:15.982Z","@version":"1","message":"Sep 14 22:50:15 honeypot-sgp-1 kernel: [84071923.677465] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=49.143.32.6 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=1160 DF PROTO=TCP SPT=2044 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:50:26 honeypot-ams-1 sshd[25915]: Disconnected from authenticating user root 179.43.156.143 port 50218 [preauth]","@timestamp":"2022-09-14T22:50:26.517Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:50:59 honeypot-fra-1 sshd[10586]: Received disconnect from 143.198.50.154 port 45572:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:50:59.783Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:51:46 honeypot-ams-1 sshd[25922]: Disconnected from authenticating user root 179.43.156.143 port 43274 [preauth]","@timestamp":"2022-09-14T22:51:46.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:53:02 honeypot-ams-1 sshd[25926]: Disconnected from authenticating user root 179.43.156.143 port 36218 [preauth]","@timestamp":"2022-09-14T22:53:02.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:53:41 honeypot-ams-1 sshd[25928]: Connection closed by invalid user tomcat 193.106.191.157 port 34932 [preauth]","@timestamp":"2022-09-14T22:53:41.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:29 honeypot-fra-1 sshd[10591]: Invalid user user from 198.98.61.9 port 45902","@timestamp":"2022-09-14T22:54:29.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:48 honeypot-fra-1 sshd[10595]: Invalid user user from 198.98.61.9 port 39820","@timestamp":"2022-09-14T22:54:48.870Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:54:56 honeypot-ams-1 sshd[25935]: Received disconnect from 179.43.156.143 port 53934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:54:57.641Z"}
{"@timestamp":"2022-09-14T22:55:04.100Z","@version":"1","message":"Sep 14 22:55:04 honeypot-sgp-1 sshd[14693]: Received disconnect from 202.88.244.36 port 60727:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:55:04 honeypot-fra-1 sshd[10599]: Invalid user user from 198.98.61.9 port 33714","@timestamp":"2022-09-14T22:55:04.878Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:56:13.128Z","@version":"1","message":"Sep 14 22:56:13 honeypot-sgp-1 kernel: [84072281.130885] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.81.55 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x20 TTL=115 ID=13824 DF PROTO=TCP SPT=63672 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:56:16 honeypot-ams-1 sshd[25942]: Received disconnect from 179.43.156.143 port 46920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:56:16.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:56:56 honeypot-fra-1 kernel: [84070635.708657] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25838 PROTO=TCP SPT=55929 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:56:56.920Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:57:37 honeypot-ams-1 sshd[25946]: Disconnected from authenticating user root 179.43.156.143 port 39920 [preauth]","@timestamp":"2022-09-14T22:57:37.714Z"}
{"@timestamp":"2022-09-14T22:59:26.206Z","@version":"1","message":"Sep 14 22:59:25 honeypot-sgp-1 kernel: [84072473.605173] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=53610 PROTO=TCP SPT=54634 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:00:44 honeypot-ams-1 sshd[25953]: Received disconnect from 61.177.173.51 port 60481:11:  [preauth]","@timestamp":"2022-09-14T23:00:45.799Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:02:19 honeypot-fra-1 sshd[10607]: Disconnected from invalid user webadmin 45.181.32.42 port 33024 [preauth]","@timestamp":"2022-09-14T23:02:20.058Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:02:20 honeypot-ams-1 kernel: [84073123.133761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.171.59.221 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9578 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:02:20.844Z"}
{"@timestamp":"2022-09-14T23:09:33.445Z","@version":"1","message":"Sep 14 23:09:33 honeypot-sgp-1 sshd[14710]: Received disconnect from 61.177.173.53 port 43856:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:09:48 honeypot-ams-1 sshd[25966]: Disconnected from authenticating user root 61.177.173.35 port 48495 [preauth]","@timestamp":"2022-09-14T23:09:49.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:11:58 honeypot-ams-1 sshd[25971]: Received disconnect from 46.19.141.122 port 33724:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:11:59.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:13:40 honeypot-ams-1 sshd[25975]: Disconnected from authenticating user root 46.19.141.122 port 35242 [preauth]","@timestamp":"2022-09-14T23:13:40.142Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:15 honeypot-ams-1 sshd[25980]: Disconnected from invalid user ubnt 46.19.141.122 port 36220 [preauth]","@timestamp":"2022-09-14T23:14:16.159Z"}
{"@timestamp":"2022-09-14T23:14:48.572Z","@version":"1","message":"Sep 14 23:14:47 honeypot-sgp-1 sshd[14715]: Did not receive identification string from 141.255.162.226 port 34068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:17:01 honeypot-ams-1 CRON[25986]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T23:17:02.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:17:01 honeypot-fra-1 CRON[10618]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T23:17:02.381Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:17:12.632Z","@version":"1","message":"Sep 14 23:17:11 honeypot-sgp-1 kernel: [84073539.953984] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.214.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33571 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:20 honeypot-fra-1 sshd[10622]: Did not receive identification string from 45.61.186.169 port 40524","@timestamp":"2022-09-14T23:18:20.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:51 honeypot-fra-1 sshd[10625]: Disconnected from invalid user user 45.61.186.169 port 38290 [preauth]","@timestamp":"2022-09-14T23:18:51.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:07 honeypot-fra-1 sshd[10629]: Disconnected from invalid user user 45.61.186.169 port 32962 [preauth]","@timestamp":"2022-09-14T23:19:08.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:23 honeypot-fra-1 sshd[10633]: Disconnected from invalid user user 45.61.186.169 port 55862 [preauth]","@timestamp":"2022-09-14T23:19:24.442Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:20:18.707Z","@version":"1","message":"Sep 14 23:20:18 honeypot-sgp-1 sshd[14727]: Received disconnect from 61.177.173.49 port 56717:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:20:59.725Z","@version":"1","message":"Sep 14 23:20:58 honeypot-sgp-1 sshd[14732]: Invalid user user from 45.61.186.169 port 47682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:16.734Z","@version":"1","message":"Sep 14 23:21:16 honeypot-sgp-1 sshd[14736]: Invalid user user from 45.61.186.169 port 42218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:31.742Z","@version":"1","message":"Sep 14 23:21:31 honeypot-sgp-1 sshd[14740]: Received disconnect from 143.244.158.100 port 53664:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:41.746Z","@version":"1","message":"Sep 14 23:21:41 honeypot-sgp-1 sshd[14745]: Received disconnect from 61.177.172.19 port 21313:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:49.750Z","@version":"1","message":"Sep 14 23:21:49 honeypot-sgp-1 sshd[14749]: Disconnected from invalid user user 45.61.186.169 port 59540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:23:25 honeypot-ams-1 sshd[25992]: Disconnected from authenticating user root 61.177.173.47 port 45350 [preauth]","@timestamp":"2022-09-14T23:23:26.396Z"}
{"@timestamp":"2022-09-14T23:24:32.816Z","@version":"1","message":"Sep 14 23:24:32 honeypot-sgp-1 sshd[14755]: Disconnected from authenticating user root 143.244.158.100 port 47786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:25:29 honeypot-ams-1 sshd[25998]: Disconnected from authenticating user root 159.223.79.49 port 60530 [preauth]","@timestamp":"2022-09-14T23:25:30.452Z"}
{"@timestamp":"2022-09-14T23:27:09.881Z","@version":"1","message":"Sep 14 23:27:09 honeypot-sgp-1 sshd[14762]: Disconnected from authenticating user root 37.139.1.197 port 37730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:28:17.911Z","@version":"1","message":"Sep 14 23:28:17 honeypot-sgp-1 sshd[14766]: Disconnected from authenticating user root 143.244.158.100 port 60806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:30:01.954Z","@version":"1","message":"Sep 14 23:30:00 honeypot-sgp-1 sshd[14772]: Disconnected from authenticating user root 61.177.173.46 port 30476 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:30:53 honeypot-fra-1 kernel: [84072671.887279] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=9483 PROTO=TCP SPT=58202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:30:53.700Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T23:31:10.985Z","@version":"1","message":"Sep 14 23:31:10 honeypot-sgp-1 sshd[14779]: Received disconnect from 143.244.158.100 port 55646:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:31:20 honeypot-ams-1 sshd[26003]: Received disconnect from 61.177.173.50 port 53107:11:  [preauth]","@timestamp":"2022-09-14T23:31:20.604Z"}
{"@timestamp":"2022-09-14T23:33:18.039Z","@version":"1","message":"Sep 14 23:33:17 honeypot-sgp-1 sshd[14783]: Disconnected from authenticating user root 143.244.158.100 port 43618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:36:10.107Z","@version":"1","message":"Sep 14 23:36:10 honeypot-sgp-1 sshd[14790]: Disconnected from authenticating user root 143.244.158.100 port 39838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:37:01 honeypot-ams-1 kernel: [84075203.946262] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.212.167.67 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=43494 DF PROTO=TCP SPT=44457 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:37:01.752Z"}
{"@timestamp":"2022-09-14T23:38:03.280Z","@version":"1","message":"Sep 14 23:38:02 honeypot-sgp-1 sshd[14796]: Disconnected from authenticating user root 143.244.158.100 port 56888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:41:07 honeypot-ams-1 sshd[26015]: Disconnected from authenticating user root 12.191.116.182 port 35304 [preauth]","@timestamp":"2022-09-14T23:41:07.859Z"}
{"@timestamp":"2022-09-14T23:41:10.355Z","@version":"1","message":"Sep 14 23:41:09 honeypot-sgp-1 sshd[14804]: Received disconnect from 143.244.158.100 port 53682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:42:57.398Z","@version":"1","message":"Sep 14 23:42:57 honeypot-sgp-1 sshd[14810]: Disconnected from authenticating user root 92.255.85.70 port 51924 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:44:29.436Z","@version":"1","message":"Sep 14 23:44:28 honeypot-sgp-1 sshd[14816]: Disconnected from authenticating user root 61.177.172.124 port 41819 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:45:26 honeypot-fra-1 sshd[10646]: Disconnected from authenticating user root 92.255.85.69 port 42328 [preauth]","@timestamp":"2022-09-14T23:45:27.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:45:51.470Z","@version":"1","message":"Sep 14 23:45:50 honeypot-sgp-1 sshd[14822]: Received disconnect from 143.244.158.100 port 36454:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:46:31 honeypot-ams-1 sshd[26022]: Disconnected from authenticating user root 134.122.8.241 port 50676 [preauth]","@timestamp":"2022-09-14T23:46:32.006Z"}
{"@timestamp":"2022-09-14T23:48:35.536Z","@version":"1","message":"Sep 14 23:48:34 honeypot-sgp-1 sshd[14829]: Received disconnect from 143.244.158.100 port 44152:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:49:38.561Z","@version":"1","message":"Sep 14 23:49:38 honeypot-sgp-1 sshd[14835]: Disconnected from authenticating user root 143.244.158.100 port 56854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:51:04 honeypot-ams-1 sshd[26029]: Disconnected from authenticating user root 61.177.173.50 port 31348 [preauth]","@timestamp":"2022-09-14T23:51:05.130Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:51:57 honeypot-ams-1 sshd[26035]: Disconnected from authenticating user root 51.250.30.155 port 43248 [preauth]","@timestamp":"2022-09-14T23:51:58.156Z"}
{"@timestamp":"2022-09-14T23:52:22.627Z","@version":"1","message":"Sep 14 23:52:21 honeypot-sgp-1 sshd[14843]: Disconnected from authenticating user root 143.244.158.100 port 42614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:53:17 honeypot-ams-1 sshd[26043]: Received disconnect from 61.177.172.108 port 38403:11:  [preauth]","@timestamp":"2022-09-14T23:53:18.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:04 honeypot-ams-1 sshd[26048]: Received disconnect from 187.17.43.167 port 30804:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:54:04.220Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:13 honeypot-ams-1 sshd[26052]: Received disconnect from 45.61.186.249 port 36610:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:54:14.225Z"}
{"@timestamp":"2022-09-14T23:54:16.674Z","@version":"1","message":"Sep 14 23:54:16 honeypot-sgp-1 sshd[14850]: Disconnected from authenticating user root 143.244.158.100 port 35762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:31 honeypot-ams-1 sshd[26056]: Received disconnect from 45.61.186.249 port 59930:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:54:31.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:48 honeypot-ams-1 sshd[26060]: Received disconnect from 45.61.186.249 port 55034:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:54:48.244Z"}
{"@timestamp":"2022-09-14T23:56:57.739Z","@version":"1","message":"Sep 14 23:56:57 honeypot-sgp-1 sshd[14856]: Disconnected from authenticating user root 143.244.158.100 port 56846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:58:43 honeypot-fra-1 sshd[10652]: Did not receive identification string from 45.61.186.169 port 53446","@timestamp":"2022-09-14T23:58:44.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:14 honeypot-fra-1 sshd[10655]: Disconnected from invalid user user 45.61.186.169 port 48708 [preauth]","@timestamp":"2022-09-14T23:59:15.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:32 honeypot-fra-1 sshd[10659]: Disconnected from invalid user user 45.61.186.169 port 43518 [preauth]","@timestamp":"2022-09-14T23:59:32.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:59:46.807Z","@version":"1","message":"Sep 14 23:59:46 honeypot-sgp-1 sshd[14864]: Disconnected from authenticating user root 61.177.173.51 port 16955 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:48 honeypot-fra-1 sshd[10663]: Disconnected from invalid user user 45.61.186.169 port 38328 [preauth]","@timestamp":"2022-09-14T23:59:49.351Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:01:41 honeypot-ams-1 sshd[26065]: Received disconnect from 61.177.172.90 port 38145:11:  [preauth]","@timestamp":"2022-09-15T00:01:42.427Z"}
{"@timestamp":"2022-09-15T00:01:52.859Z","@version":"1","message":"Sep 15 00:01:52 honeypot-sgp-1 sshd[14870]: Disconnected from authenticating user root 143.244.158.100 port 51032 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:04:21.920Z","@version":"1","message":"Sep 15 00:04:21 honeypot-sgp-1 sshd[14877]: Received disconnect from 61.177.173.36 port 21789:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:05:57.961Z","@version":"1","message":"Sep 15 00:05:57 honeypot-sgp-1 sshd[14883]: Received disconnect from 92.255.85.70 port 16492:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:07:49.007Z","@version":"1","message":"Sep 15 00:07:48 honeypot-sgp-1 sshd[14887]: Disconnected from authenticating user root 143.244.158.100 port 58640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:09:44.053Z","@version":"1","message":"Sep 15 00:09:43 honeypot-sgp-1 sshd[14892]: Disconnected from authenticating user root 61.177.173.46 port 12516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:10:47 honeypot-fra-1 kernel: [84075066.665408] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=50641 PROTO=TCP SPT=23680 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:10:48.599Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:11:04 honeypot-ams-1 sshd[26071]: Received disconnect from 61.177.173.53 port 48193:11:  [preauth]","@timestamp":"2022-09-15T00:11:04.672Z"}
{"@timestamp":"2022-09-15T00:12:10.110Z","@version":"1","message":"Sep 15 00:12:09 honeypot-sgp-1 sshd[14900]: Received disconnect from 179.104.53.194 port 58316:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:12:46.127Z","@version":"1","message":"Sep 15 00:12:45 honeypot-sgp-1 sshd[14904]: Disconnected from authenticating user root 143.244.158.100 port 46284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:14:25 honeypot-fra-1 sshd[10672]: Received disconnect from 37.77.105.29 port 47342:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:14:25.685Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:10 honeypot-ams-1 sshd[26077]: Invalid user user from 45.61.186.49 port 40434","@timestamp":"2022-09-15T00:16:10.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:20 honeypot-ams-1 sshd[26081]: Invalid user user from 45.61.186.49 port 52028","@timestamp":"2022-09-15T00:16:21.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:17:01 honeypot-ams-1 CRON[26085]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T00:17:01.837Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:18:09 honeypot-fra-1 sshd[10680]: Received disconnect from 128.199.128.68 port 39298:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:18:10.803Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:19:19.281Z","@version":"1","message":"Sep 15 00:19:19 honeypot-sgp-1 sshd[14916]: Received disconnect from 61.177.173.53 port 48352:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:22:09.350Z","@version":"1","message":"Sep 15 00:22:08 honeypot-sgp-1 sshd[14925]: Invalid user lias from 64.227.185.119 port 38110","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:32 honeypot-ams-1 sshd[26094]: Invalid user user from 141.255.162.226 port 42884","@timestamp":"2022-09-15T00:22:32.984Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:37 honeypot-ams-1 sshd[26098]: Invalid user user from 141.255.162.226 port 51308","@timestamp":"2022-09-15T00:22:37.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:38 honeypot-ams-1 sshd[26101]: Invalid user user from 141.255.162.226 port 59734","@timestamp":"2022-09-15T00:22:39.989Z"}
{"@timestamp":"2022-09-15T00:23:40.387Z","@version":"1","message":"Sep 15 00:23:39 honeypot-sgp-1 sshd[14929]: Invalid user sam from 96.78.175.36 port 40430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:24:29 honeypot-ams-1 kernel: [84078052.542869] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=9805 PROTO=TCP SPT=4561 DPT=80 WINDOW=51473 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:24:30.038Z"}
{"@timestamp":"2022-09-15T00:25:51.440Z","@version":"1","message":"Sep 15 00:25:51 honeypot-sgp-1 kernel: [84077659.111420] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=51270 DF PROTO=TCP SPT=50134 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:30:11.545Z","@version":"1","message":"Sep 15 00:30:11 honeypot-sgp-1 sshd[14936]: Disconnected from authenticating user root 92.255.85.70 port 59236 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:32:49 honeypot-ams-1 sshd[26113]: Received disconnect from 61.177.173.36 port 59926:11:  [preauth]","@timestamp":"2022-09-15T00:32:50.258Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:33:37 honeypot-fra-1 sshd[10690]: Invalid user admin from 181.48.60.50 port 52276","@timestamp":"2022-09-15T00:33:38.150Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:34:07.641Z","@version":"1","message":"Sep 15 00:34:06 honeypot-sgp-1 kernel: [84078154.779907] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.100.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=51469 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:34:39 honeypot-ams-1 sshd[26117]: Received disconnect from 92.255.85.70 port 46596:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:34:40.309Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:35:28 honeypot-fra-1 sshd[10694]: Disconnected from authenticating user landscape 165.22.45.108 port 33136 [preauth]","@timestamp":"2022-09-15T00:35:29.197Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:37:08 honeypot-ams-1 sshd[26124]: Invalid user ubnt from 179.60.147.69 port 39016","@timestamp":"2022-09-15T00:37:09.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:39:58 honeypot-ams-1 sshd[26128]: Disconnected from authenticating user root 61.177.173.49 port 41578 [preauth]","@timestamp":"2022-09-15T00:39:58.452Z"}
{"@timestamp":"2022-09-15T00:42:34.842Z","@version":"1","message":"Sep 15 00:42:33 honeypot-sgp-1 kernel: [84078661.890606] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.251 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59647 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:43:12.857Z","@version":"1","message":"Sep 15 00:43:12 honeypot-sgp-1 sshd[14954]: Connection closed by invalid user admin 128.199.168.83 port 48558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:45:03.903Z","@version":"1","message":"Sep 15 00:45:03 honeypot-sgp-1 sshd[14960]: Disconnected from authenticating user root 61.177.173.36 port 27768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:49:45 honeypot-ams-1 sshd[26133]: Disconnected from authenticating user root 61.177.173.49 port 21007 [preauth]","@timestamp":"2022-09-15T00:49:46.722Z"}
{"@timestamp":"2022-09-15T00:52:41.101Z","@version":"1","message":"Sep 15 00:52:41 honeypot-sgp-1 sshd[14969]: Disconnected from authenticating user root 61.177.172.114 port 15644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:55:27 honeypot-fra-1 sshd[10699]: Disconnected from invalid user admin 111.99.190.118 port 43412 [preauth]","@timestamp":"2022-09-15T00:55:27.659Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:58:57 honeypot-ams-1 sshd[26143]: Disconnected from authenticating user root 92.255.85.70 port 60318 [preauth]","@timestamp":"2022-09-15T00:58:57.962Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:59:58 honeypot-fra-1 sshd[10705]: Received disconnect from 190.210.182.179 port 37244:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:59:58.769Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:03:54.384Z","@version":"1","message":"Sep 15 01:03:53 honeypot-sgp-1 sshd[14978]: Disconnected from authenticating user root 43.154.138.122 port 52176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:05:09 honeypot-ams-1 kernel: [84080492.290634] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.7 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49058 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:05:10.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:09:54 honeypot-fra-1 sshd[10711]: Did not receive identification string from 45.61.186.169 port 48210","@timestamp":"2022-09-15T01:09:55.089Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:33 honeypot-fra-1 sshd[10714]: Disconnected from invalid user user 45.61.186.169 port 40794 [preauth]","@timestamp":"2022-09-15T01:10:34.106Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:10:34 honeypot-ams-1 sshd[26154]: Invalid user paraccel from 218.60.104.104 port 38660","@timestamp":"2022-09-15T01:10:35.273Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:49 honeypot-fra-1 sshd[10718]: Received disconnect from 45.61.186.169 port 35436:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:10:50.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:11:05 honeypot-fra-1 sshd[10723]: Received disconnect from 45.61.186.169 port 58308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:11:06.121Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:11:38 honeypot-fra-1 sshd[10727]: Connection closed by invalid user guest 179.60.147.69 port 42074 [preauth]","@timestamp":"2022-09-15T01:11:39.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:16:34 honeypot-ams-1 sshd[26161]: Connection closed by invalid user tomcat 193.106.191.157 port 37144 [preauth]","@timestamp":"2022-09-15T01:16:35.429Z"}
{"@timestamp":"2022-09-15T01:16:38.700Z","@version":"1","message":"Sep 15 01:16:38 honeypot-sgp-1 sshd[14989]: Received disconnect from 92.255.85.69 port 53714:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:18:03.736Z","@version":"1","message":"Sep 15 01:18:03 honeypot-sgp-1 sshd[14996]: Received disconnect from 61.177.172.98 port 13506:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:20:50.804Z","@version":"1","message":"Sep 15 01:20:49 honeypot-sgp-1 kernel: [84080957.905261] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=56607 DF PROTO=TCP SPT=49153 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:21:50 honeypot-ams-1 sshd[26174]: Disconnected from authenticating user root 92.255.85.69 port 49852 [preauth]","@timestamp":"2022-09-15T01:21:50.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:27:30 honeypot-fra-1 sshd[10740]: Disconnected from authenticating user landscape 165.22.45.108 port 38178 [preauth]","@timestamp":"2022-09-15T01:27:30.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:28:07.978Z","@version":"1","message":"Sep 15 01:28:07 honeypot-sgp-1 sshd[15024]: Disconnected from authenticating user root 152.254.197.149 port 33622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:06 honeypot-fra-1 sshd[10757]: Invalid user user from 45.61.184.204 port 51202","@timestamp":"2022-09-15T01:31:07.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:24 honeypot-fra-1 sshd[10761]: Invalid user user from 45.61.184.204 port 46746","@timestamp":"2022-09-15T01:31:25.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:43 honeypot-fra-1 sshd[10768]: Invalid user user from 45.61.184.204 port 42278","@timestamp":"2022-09-15T01:31:44.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:35:08 honeypot-ams-1 sshd[26185]: Received disconnect from 61.177.172.104 port 18456:11:  [preauth]","@timestamp":"2022-09-15T01:35:08.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:35:54 honeypot-ams-1 sshd[26191]: Disconnected from authenticating user root 61.177.173.36 port 49960 [preauth]","@timestamp":"2022-09-15T01:35:54.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:36:38 honeypot-fra-1 sshd[10776]: Received disconnect from 128.199.225.7 port 46850:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:36:38.711Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:37:28 honeypot-fra-1 sshd[10790]: Received disconnect from 43.134.179.51 port 46254:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:37:28.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:39:49.254Z","@version":"1","message":"Sep 15 01:39:48 honeypot-sgp-1 sshd[15031]: Disconnected from authenticating user root 92.255.85.69 port 38134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:40:03 honeypot-fra-1 sshd[10797]: Invalid user admin from 220.74.55.232 port 51297","@timestamp":"2022-09-15T01:40:03.794Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:45:18 honeypot-ams-1 kernel: [84082901.283247] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64000 PROTO=TCP SPT=59758 DPT=80 WINDOW=47670 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:45:19.185Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:46:01 honeypot-fra-1 sshd[10802]: Connection closed by invalid user tomcat 193.106.191.157 port 53364 [preauth]","@timestamp":"2022-09-15T01:46:01.934Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:46:53.426Z","@version":"1","message":"Sep 15 01:46:52 honeypot-sgp-1 sshd[15037]: Invalid user support from 179.60.147.69 port 37666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:15 honeypot-ams-1 sshd[26206]: Connection closed by invalid user support 179.60.147.69 port 34030 [preauth]","@timestamp":"2022-09-15T01:50:15.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:21 honeypot-ams-1 sshd[26211]: Disconnected from invalid user user 141.255.162.226 port 36324 [preauth]","@timestamp":"2022-09-15T01:50:22.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:24 honeypot-ams-1 sshd[26215]: Disconnected from invalid user user 141.255.162.226 port 44706 [preauth]","@timestamp":"2022-09-15T01:50:25.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:30 honeypot-ams-1 sshd[26219]: Disconnected from invalid user user 141.255.162.226 port 49990 [preauth]","@timestamp":"2022-09-15T01:50:31.325Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:53:23 honeypot-ams-1 kernel: [84083385.998720] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=26337 PROTO=TCP SPT=50424 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:53:24.403Z"}
{"@timestamp":"2022-09-15T01:55:54.640Z","@version":"1","message":"Sep 15 01:55:54 honeypot-sgp-1 sshd[15043]: Invalid user kumari from 202.83.18.224 port 53094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:59:22.725Z","@version":"1","message":"Sep 15 01:59:22 honeypot-sgp-1 kernel: [84083270.491469] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=53337 DF PROTO=TCP SPT=63194 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:01:39.784Z","@version":"1","message":"Sep 15 02:01:38 honeypot-sgp-1 kernel: [84083406.717219] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.6 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=44650 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:01:48 honeypot-fra-1 sshd[10808]: Received disconnect from 206.189.126.211 port 60504:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:01:49.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:05:55 honeypot-fra-1 sshd[10814]: Disconnected from authenticating user root 92.255.85.70 port 48844 [preauth]","@timestamp":"2022-09-15T02:05:55.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:06:09 honeypot-fra-1 sshd[10812]: Disconnected from invalid user johnf 97.64.122.66 port 8350 [preauth]","@timestamp":"2022-09-15T02:06:10.413Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T02:06:38.905Z","@version":"1","message":"Sep 15 02:06:38 honeypot-sgp-1 sshd[15062]: Disconnected from authenticating user root 157.230.254.228 port 54974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:07:29 honeypot-ams-1 sshd[26235]: Disconnected from authenticating user root 61.177.173.46 port 24085 [preauth]","@timestamp":"2022-09-15T02:07:29.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26243]: error: maximum authentication attempts exceeded for root from 89.163.142.195 port 53620 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:14.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26247]: Disconnecting invalid user admin 89.163.142.195 port 53624: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:14.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26251]: Disconnected from invalid user admin 89.163.142.195 port 53630 [preauth]","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26255]: Disconnecting invalid user oracle 89.163.142.195 port 53636: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26259]: Disconnecting invalid user usuario 89.163.142.195 port 53640: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26263]: Disconnected from invalid user usuario 89.163.142.195 port 53644 [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26267]: Disconnecting invalid user test 89.163.142.195 port 53650: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26271]: Disconnecting invalid user user 89.163.142.195 port 53658: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26275]: Disconnected from invalid user user 89.163.142.195 port 53662 [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26279]: Disconnecting invalid user ftpuser 89.163.142.195 port 53668: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26283]: Disconnecting invalid user test1 89.163.142.195 port 53674: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26287]: Disconnected from invalid user test1 89.163.142.195 port 53678 [preauth]","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26291]: Disconnecting invalid user test2 89.163.142.195 port 53686: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26295]: Disconnected from invalid user contador 89.163.142.195 port 53690 [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26299]: Disconnecting invalid user ubuntu 89.163.142.195 port 53694: Too many authentication failures [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26303]: Disconnected from invalid user duni 89.163.142.195 port 53700 [preauth]","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:21 honeypot-ams-1 sshd[26307]: Disconnected from invalid user baikal 89.163.142.195 port 53704 [preauth]","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:12:08 honeypot-ams-1 sshd[26239]: Connection reset by 61.177.173.39 port 23940 [preauth]","@timestamp":"2022-09-15T02:12:08.902Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:13:41 honeypot-ams-1 sshd[26319]: Received disconnect from 193.142.146.50 port 43592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:13:41.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:14:21 honeypot-ams-1 sshd[26325]: Received disconnect from 193.142.146.50 port 39772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:14:21.965Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:15:43 honeypot-ams-1 sshd[26329]: Disconnected from invalid user test 193.142.146.50 port 35950 [preauth]","@timestamp":"2022-09-15T02:15:44.002Z"}
{"@timestamp":"2022-09-15T02:16:02.153Z","@version":"1","message":"Sep 15 02:16:01 honeypot-sgp-1 kernel: [84084269.100183] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.146.72 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=41240 PROTO=TCP SPT=35215 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:17:53 honeypot-ams-1 sshd[26339]: Did not receive identification string from 141.255.162.226 port 38070","@timestamp":"2022-09-15T02:17:54.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:16 honeypot-ams-1 sshd[26345]: Invalid user user from 141.255.162.226 port 54952","@timestamp":"2022-09-15T02:18:17.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:20 honeypot-ams-1 sshd[26349]: Invalid user user from 141.255.162.226 port 43256","@timestamp":"2022-09-15T02:18:21.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:24 honeypot-ams-1 sshd[26353]: Invalid user user from 141.255.162.226 port 59798","@timestamp":"2022-09-15T02:18:25.079Z"}
{"@timestamp":"2022-09-15T02:19:27.241Z","@version":"1","message":"Sep 15 02:19:26 honeypot-sgp-1 kernel: [84084474.562486] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=30185 DF PROTO=TCP SPT=51892 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:20:17 honeypot-fra-1 sshd[10844]: Invalid user la from 165.22.45.108 port 43240","@timestamp":"2022-09-15T02:20:18.736Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:20:34 honeypot-ams-1 sshd[26357]: Invalid user samba from 103.188.176.251 port 49012","@timestamp":"2022-09-15T02:20:35.137Z"}
{"@timestamp":"2022-09-15T02:23:18.337Z","@version":"1","message":"Sep 15 02:23:18 honeypot-sgp-1 sshd[15079]: Invalid user support from 179.60.147.69 port 35038","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:24:51 honeypot-fra-1 sshd[10849]: Invalid user samba from 103.188.176.251 port 45856","@timestamp":"2022-09-15T02:24:51.840Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:27:23 honeypot-ams-1 sshd[26368]: Disconnected from invalid user bitrix 167.99.147.105 port 60550 [preauth]","@timestamp":"2022-09-15T02:27:24.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:29:00 honeypot-fra-1 sshd[10851]: Disconnected from authenticating user root 92.255.85.70 port 22504 [preauth]","@timestamp":"2022-09-15T02:29:00.937Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T02:30:13.509Z","@version":"1","message":"Sep 15 02:30:13 honeypot-sgp-1 sshd[15085]: Received disconnect from 61.177.172.104 port 61919:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:30:34 honeypot-ams-1 kernel: [84085617.064605] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=3818 PROTO=TCP SPT=49002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:30:35.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:32:54 honeypot-ams-1 sshd[26380]: Received disconnect from 61.177.173.52 port 18138:11:  [preauth]","@timestamp":"2022-09-15T02:32:54.468Z"}
{"@timestamp":"2022-09-15T02:33:25.587Z","@version":"1","message":"Sep 15 02:33:24 honeypot-sgp-1 kernel: [84085312.731909] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.216.24.40 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5520 DF PROTO=TCP SPT=22117 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:37:09.681Z","@version":"1","message":"Sep 15 02:37:09 honeypot-sgp-1 kernel: [84085537.098840] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.46.240.87 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=48732 DF PROTO=TCP SPT=59781 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:43:56 honeypot-ams-1 kernel: [84086418.986767] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=17748 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:43:56.752Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:44:44 honeypot-fra-1 kernel: [84084302.727203] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.128.243 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=19929 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:44:44.291Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:47:17 honeypot-ams-1 sshd[26397]: Connection closed by invalid user bianyuzhe 137.116.144.39 port 34286 [preauth]","@timestamp":"2022-09-15T02:47:18.842Z"}
{"@timestamp":"2022-09-15T02:47:31.933Z","@version":"1","message":"Sep 15 02:47:31 honeypot-sgp-1 sshd[15102]: Connection closed by authenticating user root 103.188.176.251 port 50292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:21 honeypot-ams-1 sshd[26407]: Received disconnect from 45.61.184.204 port 57796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:52:21.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:41 honeypot-ams-1 sshd[26411]: Received disconnect from 45.61.184.204 port 52210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:52:41.986Z"}
{"@timestamp":"2022-09-15T02:52:50.066Z","@version":"1","message":"Sep 15 02:52:49 honeypot-sgp-1 sshd[15109]: Received disconnect from 61.177.172.108 port 64683:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:59 honeypot-ams-1 sshd[26415]: Received disconnect from 45.61.184.204 port 46652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:52:59.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:55:05 honeypot-ams-1 sshd[26419]: Received disconnect from 92.255.85.70 port 54798:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:55:05.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:55:50 honeypot-fra-1 sshd[10860]: Invalid user kernelsys from 103.127.224.6 port 50274","@timestamp":"2022-09-15T02:55:51.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:00:45 honeypot-fra-1 sshd[10865]: Connection closed by authenticating user root 179.60.147.69 port 46006 [preauth]","@timestamp":"2022-09-15T03:00:45.655Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:02:21 honeypot-ams-1 kernel: [84087523.812879] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=33556 PROTO=TCP SPT=50803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:02:22.241Z"}
{"@timestamp":"2022-09-15T03:04:09.345Z","@version":"1","message":"Sep 15 03:04:08 honeypot-sgp-1 sshd[15119]: Disconnected from authenticating user root 61.177.172.19 port 11042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:06:49 honeypot-ams-1 sshd[26435]: Invalid user wy from 5.195.211.234 port 41226","@timestamp":"2022-09-15T03:06:50.360Z"}
{"@timestamp":"2022-09-15T03:08:58.469Z","@version":"1","message":"Sep 15 03:08:57 honeypot-sgp-1 sshd[15124]: Received disconnect from 180.250.115.121 port 53045:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:12:12 honeypot-ams-1 sshd[26440]: Received disconnect from 200.192.97.64 port 55382:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:12:13.499Z"}
{"@timestamp":"2022-09-15T03:13:55.595Z","@version":"1","message":"Sep 15 03:13:54 honeypot-sgp-1 sshd[15130]: Received disconnect from 61.177.172.124 port 14613:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:15:18 honeypot-ams-1 sshd[26445]: Disconnected from invalid user admin 68.183.88.186 port 35048 [preauth]","@timestamp":"2022-09-15T03:15:18.576Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:42 honeypot-fra-1 sshd[10870]: Did not receive identification string from 160.86.90.2 port 46118","@timestamp":"2022-09-15T03:15:42.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10877]: Invalid user test from 160.86.90.2 port 46462","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10878]: Connection closed by invalid user ftptest 160.86.90.2 port 46252 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:44 honeypot-fra-1 sshd[10891]: Invalid user steam from 160.86.90.2 port 46404","@timestamp":"2022-09-15T03:15:44.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:44 honeypot-fra-1 sshd[10889]: Connection closed by invalid user ubuntu 160.86.90.2 port 46360 [preauth]","@timestamp":"2022-09-15T03:15:44.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10902]: Invalid user test from 160.86.90.2 port 46458","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10902]: Connection closed by invalid user test 160.86.90.2 port 46458 [preauth]","@timestamp":"2022-09-15T03:15:46.995Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:17:42.689Z","@version":"1","message":"Sep 15 03:17:42 honeypot-sgp-1 sshd[15137]: Disconnected from authenticating user root 61.177.173.39 port 50682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:19:24 honeypot-ams-1 kernel: [84088547.056184] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.105 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=17390 PROTO=TCP SPT=43184 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:19:24.697Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:19:25 honeypot-fra-1 kernel: [84086383.832076] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=55664 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:19:26.080Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T03:21:41.795Z","@version":"1","message":"Sep 15 03:21:41 honeypot-sgp-1 kernel: [84088209.300319] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=64951 PROTO=TCP SPT=50875 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:23 honeypot-fra-1 sshd[10920]: Disconnected from invalid user user 45.61.186.169 port 51792 [preauth]","@timestamp":"2022-09-15T03:22:24.150Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:41 honeypot-fra-1 sshd[10926]: Invalid user user from 45.61.186.169 port 46832","@timestamp":"2022-09-15T03:22:42.159Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:52 honeypot-fra-1 kernel: [84086590.756554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=49900 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:22:53.164Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:09 honeypot-fra-1 sshd[10932]: Disconnected from invalid user user 45.61.186.169 port 53474 [preauth]","@timestamp":"2022-09-15T03:23:10.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:23 honeypot-fra-1 sshd[10937]: Received disconnect from 141.255.162.226 port 51508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:24.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:24 honeypot-fra-1 sshd[10941]: Received disconnect from 141.255.162.226 port 39284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:25.181Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:30 honeypot-fra-1 sshd[10945]: Invalid user user from 141.255.162.226 port 47290","@timestamp":"2022-09-15T03:23:31.184Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:33 honeypot-fra-1 sshd[10949]: Invalid user user from 141.255.162.226 port 43074","@timestamp":"2022-09-15T03:23:34.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:41 honeypot-fra-1 sshd[10953]: Received disconnect from 68.183.78.141 port 54964:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:23:42.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:24:37 honeypot-fra-1 sshd[10958]: Received disconnect from 103.180.95.2 port 60942:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:24:38.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:25:19 honeypot-fra-1 sshd[10962]: Disconnected from authenticating user root 45.240.88.234 port 32904 [preauth]","@timestamp":"2022-09-15T03:25:19.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:26:34 honeypot-fra-1 sshd[10966]: Disconnected from invalid user jonitwiso 157.245.122.58 port 51996 [preauth]","@timestamp":"2022-09-15T03:26:35.260Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:27:30 honeypot-ams-1 kernel: [84089033.299698] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=8840 PROTO=TCP SPT=50875 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:27:30.908Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:28:21 honeypot-fra-1 sshd[10972]: Invalid user cypress from 157.245.122.58 port 50846","@timestamp":"2022-09-15T03:28:21.303Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:29:54.998Z","@version":"1","message":"Sep 15 03:29:54 honeypot-sgp-1 sshd[15148]: Received disconnect from 190.129.60.125 port 38602:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:34:11.104Z","@version":"1","message":"Sep 15 03:34:11 honeypot-sgp-1 sshd[15152]: Disconnected from invalid user cliqruser 104.244.75.159 port 55354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:37:05.178Z","@version":"1","message":"Sep 15 03:37:04 honeypot-sgp-1 sshd[15157]: Received disconnect from 92.255.85.69 port 50948:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:37:45 honeypot-fra-1 kernel: [84087483.555262] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.215.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41422 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:37:45.514Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 03:38:46 honeypot-ams-1 kernel: [84089708.657589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.116.185 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57908 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T03:38:46.190Z"}
{"@timestamp":"2022-09-15T03:39:28.241Z","@version":"1","message":"Sep 15 03:39:27 honeypot-sgp-1 sshd[15162]: Connection closed by invalid user user 179.60.147.69 port 53446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:42:53 honeypot-fra-1 sshd[10981]: Connection closed by invalid user tomcat 193.106.191.157 port 35938 [preauth]","@timestamp":"2022-09-15T03:42:54.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:44:23 honeypot-ams-1 sshd[26478]: Received disconnect from 61.177.173.49 port 53638:11:  [preauth]","@timestamp":"2022-09-15T03:44:24.333Z"}
{"@timestamp":"2022-09-15T03:47:12.431Z","@version":"1","message":"Sep 15 03:47:11 honeypot-sgp-1 sshd[15171]: Disconnected from authenticating user root 61.177.173.37 port 46059 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:09 honeypot-ams-1 sshd[26487]: Invalid user user from 198.98.61.9 port 51812","@timestamp":"2022-09-15T03:52:09.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:30 honeypot-ams-1 sshd[26491]: Invalid user user from 198.98.61.9 port 47140","@timestamp":"2022-09-15T03:52:30.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:50 honeypot-ams-1 sshd[26495]: Invalid user user from 198.98.61.9 port 42464","@timestamp":"2022-09-15T03:52:51.554Z"}
{"@timestamp":"2022-09-15T03:53:13.582Z","@version":"1","message":"Sep 15 03:53:13 honeypot-sgp-1 sshd[15180]: Disconnected from authenticating user root 61.177.173.49 port 18030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:53:42 honeypot-ams-1 sshd[26499]: Received disconnect from 61.177.173.47 port 46369:11:  [preauth]","@timestamp":"2022-09-15T03:53:43.579Z"}
{"@timestamp":"2022-09-15T03:57:15.684Z","@version":"1","message":"Sep 15 03:57:14 honeypot-sgp-1 sshd[15184]: Received disconnect from 220.203.8.38 port 55330:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:00:20 honeypot-ams-1 sshd[26506]: Disconnected from invalid user joisber 60.196.69.234 port 39995 [preauth]","@timestamp":"2022-09-15T04:00:20.749Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:03:26 honeypot-fra-1 sshd[10988]: Invalid user admin from 92.255.85.69 port 26710","@timestamp":"2022-09-15T04:03:27.101Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:04:41 honeypot-ams-1 sshd[26513]: Invalid user odoo from 157.245.122.58 port 39376","@timestamp":"2022-09-15T04:04:41.864Z"}
{"@timestamp":"2022-09-15T04:05:04.879Z","@version":"1","message":"Sep 15 04:05:04 honeypot-sgp-1 kernel: [84090812.528644] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.81 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=15105 PROTO=TCP SPT=5364 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:05:49 honeypot-ams-1 sshd[26517]: Invalid user admin from 92.255.85.70 port 33346","@timestamp":"2022-09-15T04:05:49.896Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:07:38 honeypot-ams-1 sshd[26523]: Invalid user jonitwiso from 157.245.122.58 port 51774","@timestamp":"2022-09-15T04:07:38.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:08:34 honeypot-ams-1 sshd[26527]: Invalid user jonitiso from 157.245.122.58 port 37080","@timestamp":"2022-09-15T04:08:34.970Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:10:53 honeypot-fra-1 kernel: [84089471.667706] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=13472 PROTO=TCP SPT=46318 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:10:54.269Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T04:11:56.050Z","@version":"1","message":"Sep 15 04:11:56 honeypot-sgp-1 sshd[15195]: Received disconnect from 193.142.146.50 port 39836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:12:29.067Z","@version":"1","message":"Sep 15 04:12:28 honeypot-sgp-1 kernel: [84091256.102194] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.98 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=25074 PROTO=TCP SPT=35828 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:13:46.101Z","@version":"1","message":"Sep 15 04:13:45 honeypot-sgp-1 sshd[15206]: Received disconnect from 193.142.146.50 port 42940:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:14:28.121Z","@version":"1","message":"Sep 15 04:14:27 honeypot-sgp-1 sshd[15212]: Received disconnect from 193.142.146.50 port 39154:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:16:05.162Z","@version":"1","message":"Sep 15 04:16:04 honeypot-sgp-1 sshd[15216]: Received disconnect from 193.142.146.50 port 52928:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:17:01 honeypot-ams-1 CRON[26532]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T04:17:02.187Z"}
{"@timestamp":"2022-09-15T04:19:36.256Z","@version":"1","message":"Sep 15 04:19:35 honeypot-sgp-1 sshd[15222]: Connection closed by invalid user default 179.60.147.69 port 4044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:21:06 honeypot-ams-1 kernel: [84092248.930538] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33509 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:21:07.311Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:28 honeypot-fra-1 sshd[10999]: Did not receive identification string from 141.255.162.226 port 51944","@timestamp":"2022-09-15T04:21:29.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:32 honeypot-fra-1 sshd[11002]: Disconnected from invalid user user 141.255.162.226 port 33372 [preauth]","@timestamp":"2022-09-15T04:21:33.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:39 honeypot-fra-1 sshd[11006]: Disconnected from invalid user user 141.255.162.226 port 47652 [preauth]","@timestamp":"2022-09-15T04:21:39.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:40 honeypot-fra-1 sshd[11010]: Disconnected from invalid user user 141.255.162.226 port 40840 [preauth]","@timestamp":"2022-09-15T04:21:40.517Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:27:33 honeypot-ams-1 kernel: [84092635.567356] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=62986 PROTO=TCP SPT=55664 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:27:33.478Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:28:32 honeypot-fra-1 sshd[11015]: Connection closed by invalid user tomcat 193.106.191.157 port 38368 [preauth]","@timestamp":"2022-09-15T04:28:32.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:32:42 honeypot-ams-1 kernel: [84092945.258732] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.6 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=49028 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:32:43.615Z"}
{"@timestamp":"2022-09-15T04:35:38.668Z","@version":"1","message":"Sep 15 04:35:38 honeypot-sgp-1 sshd[15228]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:10 honeypot-fra-1 sshd[11023]: Did not receive identification string from 45.127.108.174 port 35650","@timestamp":"2022-09-15T04:50:11.171Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11031]: Invalid user oracle from 45.127.108.174 port 42406","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11037]: Invalid user admin from 45.127.108.174 port 42368","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11028]: Connection closed by authenticating user root 45.127.108.174 port 42428 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11049]: Invalid user admin from 45.127.108.174 port 42376","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11041]: Connection closed by authenticating user root 45.127.108.174 port 42402 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11036]: Connection closed by invalid user devops 45.127.108.174 port 42364 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11035]: Connection closed by invalid user lighthouse 45.127.108.174 port 42400 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11049]: Connection closed by invalid user admin 45.127.108.174 port 42376 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11060]: Connection closed by authenticating user root 45.127.108.174 port 42396 [preauth]","@timestamp":"2022-09-15T04:50:13.192Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T04:56:09.169Z","@version":"1","message":"Sep 15 04:56:08 honeypot-sgp-1 sshd[15233]: Connection closed by authenticating user root 179.60.147.69 port 28026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:56:34 honeypot-fra-1 sshd[11093]: Invalid user bookhijama from 141.98.10.158 port 47428","@timestamp":"2022-09-15T04:56:34.334Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:59:31 honeypot-ams-1 sshd[26550]: Connection closed by authenticating user root 179.60.147.69 port 6398 [preauth]","@timestamp":"2022-09-15T04:59:32.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:01 honeypot-fra-1 sshd[11100]: Did not receive identification string from 45.61.186.249 port 38336","@timestamp":"2022-09-15T05:02:02.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:02:26.326Z","@version":"1","message":"Sep 15 05:02:25 honeypot-sgp-1 sshd[15236]: Received disconnect from 37.77.105.29 port 33354:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:37 honeypot-fra-1 sshd[11104]: Disconnected from invalid user user 45.61.186.249 port 59668 [preauth]","@timestamp":"2022-09-15T05:02:38.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:56 honeypot-fra-1 sshd[11108]: Disconnected from invalid user user 45.61.186.249 port 54268 [preauth]","@timestamp":"2022-09-15T05:02:57.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:12 honeypot-fra-1 sshd[11112]: Disconnected from invalid user user 45.61.186.249 port 48872 [preauth]","@timestamp":"2022-09-15T05:03:13.511Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:04:39.382Z","@version":"1","message":"Sep 15 05:04:38 honeypot-sgp-1 sshd[15239]: Disconnected from invalid user user 45.61.186.169 port 37270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:04:56.390Z","@version":"1","message":"Sep 15 05:04:56 honeypot-sgp-1 sshd[15243]: Disconnected from invalid user user 45.61.186.169 port 60568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:13.399Z","@version":"1","message":"Sep 15 05:05:12 honeypot-sgp-1 sshd[15247]: Received disconnect from 45.61.186.169 port 55622:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:28.407Z","@version":"1","message":"Sep 15 05:05:28 honeypot-sgp-1 sshd[15251]: Received disconnect from 45.61.186.169 port 50664:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:10:53 honeypot-fra-1 sshd[11118]: Received disconnect from 222.124.177.148 port 50742:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:10:53.685Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:05 honeypot-ams-1 sshd[26993]: Received disconnect from 45.61.186.169 port 42702:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:14:06.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:22 honeypot-ams-1 sshd[26997]: Received disconnect from 45.61.186.169 port 37754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:14:22.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:38 honeypot-ams-1 sshd[27001]: Received disconnect from 45.61.186.169 port 32770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:14:39.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:54 honeypot-ams-1 sshd[27006]: Received disconnect from 45.61.186.169 port 56044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:14:54.705Z"}
{"@timestamp":"2022-09-15T05:15:45.652Z","@version":"1","message":"Sep 15 05:15:45 honeypot-sgp-1 sshd[15257]: Connection closed by invalid user zf 103.188.176.251 port 32884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:17:01 honeypot-ams-1 CRON[27011]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T05:17:01.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:27:35 honeypot-fra-1 kernel: [84094073.666675] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=34830 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:27:36.078Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:30:08 honeypot-ams-1 kernel: [84096391.047150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=1031 PROTO=TCP SPT=59802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:30:09.088Z"}
{"@timestamp":"2022-09-15T05:32:39.079Z","@version":"1","message":"Sep 15 05:32:38 honeypot-sgp-1 kernel: [84096066.484284] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.241 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=903 PROTO=TCP SPT=54491 DPT=389 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:36:13 honeypot-fra-1 kernel: [84094591.332785] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=47.242.107.32 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34301 PROTO=TCP SPT=40096 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:36:14.276Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T05:36:23.190Z","@version":"1","message":"Sep 15 05:36:22 honeypot-sgp-1 kernel: [84096289.914323] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=3098 PROTO=TCP SPT=53217 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:37:32 honeypot-ams-1 sshd[27026]: Invalid user web from 167.172.58.10 port 60126","@timestamp":"2022-09-15T05:37:33.279Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:50:13 honeypot-ams-1 kernel: [84097596.281669] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.66 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45358 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:50:14.593Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:50:58 honeypot-fra-1 kernel: [84095476.568072] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36839 PROTO=TCP SPT=40449 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:50:58.614Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T05:50:59.542Z","@version":"1","message":"Sep 15 05:50:59 honeypot-sgp-1 sshd[15272]: Disconnected from invalid user user 45.61.186.49 port 58488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:09.548Z","@version":"1","message":"Sep 15 05:51:08 honeypot-sgp-1 sshd[15276]: Disconnected from invalid user user 45.61.186.49 port 41858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:56:36.682Z","@version":"1","message":"Sep 15 05:56:35 honeypot-sgp-1 sshd[15281]: Disconnected from invalid user oracle 5.188.36.164 port 57716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:57:36 honeypot-ams-1 sshd[27036]: Received disconnect from 23.88.125.126 port 43502:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:57:37.782Z"}
{"@timestamp":"2022-09-15T05:59:45.760Z","@version":"1","message":"Sep 15 05:59:44 honeypot-sgp-1 sshd[15288]: Invalid user speech-dispatcher from 119.4.210.70 port 47886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:00:49 honeypot-fra-1 sshd[11141]: Received disconnect from 92.255.85.69 port 27204:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:00:49.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:03:05 honeypot-ams-1 sshd[27042]: Received disconnect from 92.255.85.70 port 43556:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:03:05.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:05:57 honeypot-fra-1 sshd[11145]: Disconnected from invalid user user 45.61.184.204 port 38704 [preauth]","@timestamp":"2022-09-15T06:05:57.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:18 honeypot-fra-1 sshd[11149]: Disconnected from invalid user user 45.61.184.204 port 34312 [preauth]","@timestamp":"2022-09-15T06:06:18.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:38 honeypot-fra-1 sshd[11153]: Received disconnect from 45.61.184.204 port 58144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:06:38.972Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:57 honeypot-fra-1 sshd[11157]: Received disconnect from 45.61.184.204 port 53754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:06:57.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:09:22.999Z","@version":"1","message":"Sep 15 06:09:22 honeypot-sgp-1 kernel: [84098270.605225] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=41722 PROTO=TCP SPT=41646 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27053]: Invalid user mysql from 52.237.82.21 port 48832","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27069]: Invalid user guest from 52.237.82.21 port 48776","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27056]: Invalid user www from 52.237.82.21 port 48780","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27046]: Connection closed by invalid user testuser 52.237.82.21 port 48764 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27053]: Connection closed by invalid user mysql 52.237.82.21 port 48832 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27065]: Connection closed by invalid user ubuntu 52.237.82.21 port 48836 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27074]: Connection closed by invalid user es 52.237.82.21 port 48812 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27072]: Connection closed by invalid user deploy 52.237.82.21 port 48814 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:17:01 honeypot-fra-1 CRON[11162]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T06:17:02.226Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:17:01 honeypot-ams-1 CRON[27101]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T06:17:02.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:19:13 honeypot-fra-1 kernel: [84097171.618798] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=14799 PROTO=TCP SPT=42173 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:19:14.279Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:20:24 honeypot-fra-1 sshd[11171]: Disconnected from authenticating user root 193.142.146.50 port 52400 [preauth]","@timestamp":"2022-09-15T06:20:25.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:06 honeypot-fra-1 sshd[11177]: Disconnected from authenticating user root 193.142.146.50 port 42878 [preauth]","@timestamp":"2022-09-15T06:22:07.353Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:22:47.333Z","@version":"1","message":"Sep 15 06:22:46 honeypot-sgp-1 sshd[21007]: Disconnected from authenticating user root 92.255.85.69 port 20206 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:47 honeypot-fra-1 sshd[11183]: Disconnected from authenticating user root 193.142.146.50 port 42796 [preauth]","@timestamp":"2022-09-15T06:22:48.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:24:12 honeypot-fra-1 sshd[11189]: Invalid user test from 193.142.146.50 port 42714","@timestamp":"2022-09-15T06:24:13.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:25:01 honeypot-fra-1 CRON[11193]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T06:25:02.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:25:34 honeypot-ams-1 sshd[27271]: Did not receive identification string from 45.61.187.160 port 39024","@timestamp":"2022-09-15T06:25:34.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:25:46 honeypot-fra-1 sshd[11329]: Connection closed by invalid user tomcat 193.106.191.157 port 49036 [preauth]","@timestamp":"2022-09-15T06:25:46.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:11 honeypot-ams-1 sshd[27274]: Disconnected from invalid user user 45.61.187.160 port 36030 [preauth]","@timestamp":"2022-09-15T06:26:11.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:30 honeypot-ams-1 sshd[27278]: Disconnected from invalid user user 45.61.187.160 port 59220 [preauth]","@timestamp":"2022-09-15T06:26:30.555Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:47 honeypot-ams-1 sshd[27282]: Disconnected from invalid user user 45.61.187.160 port 54176 [preauth]","@timestamp":"2022-09-15T06:26:47.564Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:26:56 honeypot-fra-1 sshd[11336]: Disconnected from invalid user mazzoni 193.70.21.56 port 58596 [preauth]","@timestamp":"2022-09-15T06:26:56.481Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:27:43 honeypot-ams-1 sshd[27286]: Received disconnect from 92.255.85.69 port 63652:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:27:43.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:29:57 honeypot-ams-1 sshd[27291]: Disconnected from invalid user sonja 186.215.70.14 port 55251 [preauth]","@timestamp":"2022-09-15T06:29:57.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:36:37 honeypot-ams-1 sshd[27294]: Received disconnect from 165.22.55.238 port 59538:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:36:37.828Z"}
{"@timestamp":"2022-09-15T06:38:02.714Z","@version":"1","message":"Sep 15 06:38:02 honeypot-sgp-1 sshd[21155]: Invalid user admin from 121.154.34.24 port 44076","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:43:30 honeypot-fra-1 sshd[17475]: Received disconnect from 165.22.45.108 port 40276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:43:30.869Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:46:27.926Z","@version":"1","message":"Sep 15 06:46:27 honeypot-sgp-1 sshd[21161]: Disconnected from authenticating user root 92.255.85.70 port 37256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:46:59 honeypot-fra-1 sshd[17479]: Invalid user centos from 179.60.147.69 port 52108","@timestamp":"2022-09-15T06:46:59.952Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:49:12 honeypot-ams-1 sshd[27301]: Invalid user centos from 179.60.147.69 port 46524","@timestamp":"2022-09-15T06:49:13.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:53:38 honeypot-fra-1 sshd[17486]: Invalid user admin from 139.59.121.188 port 51142","@timestamp":"2022-09-15T06:53:39.108Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:55:34 honeypot-ams-1 sshd[27306]: Did not receive identification string from 192.241.208.82 port 37194","@timestamp":"2022-09-15T06:55:34.315Z"}
{"@timestamp":"2022-09-15T06:57:21.204Z","@version":"1","message":"Sep 15 06:57:20 honeypot-sgp-1 sshd[21167]: Disconnected from authenticating user root 157.245.122.58 port 60020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T06:59:16.256Z","@version":"1","message":"Sep 15 06:59:15 honeypot-sgp-1 sshd[21171]: Received disconnect from 157.245.122.58 port 58872:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:01:13.310Z","@version":"1","message":"Sep 15 07:01:12 honeypot-sgp-1 sshd[21175]: Received disconnect from 157.245.122.58 port 57720:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:02:45.352Z","@version":"1","message":"Sep 15 07:02:44 honeypot-sgp-1 kernel: [84101472.149350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.117.17.214 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=2507 DF PROTO=TCP SPT=55770 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:03:36 honeypot-ams-1 kernel: [84101999.009418] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.156.222.41 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15686 PROTO=TCP SPT=48373 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:03:37.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:36 honeypot-fra-1 sshd[17491]: error: Received disconnect from 103.125.189.140 port 60920:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:04:37.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:44 honeypot-fra-1 sshd[17495]: error: Received disconnect from 103.125.189.140 port 62052:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:04:44.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:54 honeypot-fra-1 sshd[17499]: error: Received disconnect from 103.125.189.140 port 63640:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:04:55.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:00 honeypot-fra-1 sshd[17503]: error: Received disconnect from 103.125.189.140 port 64570:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:00.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:06 honeypot-fra-1 sshd[17507]: error: Received disconnect from 103.125.189.140 port 49374:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:07.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:13 honeypot-fra-1 sshd[17511]: error: Received disconnect from 103.125.189.140 port 50105:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:14.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:18 honeypot-fra-1 sshd[17515]: error: Received disconnect from 103.125.189.140 port 51332:3: com.jcraft.jsch.JSchException: Auth fail [preauth]","@timestamp":"2022-09-15T07:05:19.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:26 honeypot-fra-1 sshd[17519]: Disconnected from authenticating user root 103.125.189.140 port 52331 [preauth]","@timestamp":"2022-09-15T07:05:27.383Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:10:07.539Z","@version":"1","message":"Sep 15 07:10:07 honeypot-sgp-1 sshd[21186]: Disconnected from authenticating user root 92.255.85.69 port 31760 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:12:06 honeypot-fra-1 kernel: [84100343.904630] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.129 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=24193 PROTO=TCP SPT=30845 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:12:06.535Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:12:25 honeypot-ams-1 sshd[27409]: Received disconnect from 175.212.89.108 port 58318:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:12:25.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:15:14 honeypot-ams-1 sshd[27415]: Disconnected from authenticating user root 92.255.85.69 port 41666 [preauth]","@timestamp":"2022-09-15T07:15:14.838Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:15:17 honeypot-fra-1 kernel: [84100535.522263] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=59677 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:15:18.612Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:17:38.752Z","@version":"1","message":"Sep 15 07:17:38 honeypot-sgp-1 sshd[21194]: Did not receive identification string from 152.32.157.116 port 49450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:17:57 honeypot-ams-1 sshd[27421]: Connection closed by invalid user zf 103.188.176.251 port 35822 [preauth]","@timestamp":"2022-09-15T07:17:57.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:20:10 honeypot-ams-1 sshd[27427]: Disconnected from invalid user admin 202.88.244.36 port 37367 [preauth]","@timestamp":"2022-09-15T07:20:10.972Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:22:13 honeypot-fra-1 sshd[17535]: Connection closed by invalid user zf 103.188.176.251 port 60444 [preauth]","@timestamp":"2022-09-15T07:22:13.769Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:24:27 honeypot-ams-1 sshd[27433]: Received disconnect from 222.105.103.72 port 44224:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:24:28.085Z"}
{"@timestamp":"2022-09-15T07:30:59.086Z","@version":"1","message":"Sep 15 07:30:58 honeypot-sgp-1 sshd[21201]: Disconnected from invalid user tft 51.254.101.166 port 60458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:31:46.109Z","@version":"1","message":"Sep 15 07:31:45 honeypot-sgp-1 sshd[21205]: Received disconnect from 187.235.106.121 port 57760:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:32:36 honeypot-fra-1 sshd[17540]: Disconnected from authenticating user root 43.128.106.101 port 44020 [preauth]","@timestamp":"2022-09-15T07:32:37.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:36:10.223Z","@version":"1","message":"Sep 15 07:36:09 honeypot-sgp-1 sshd[21210]: Received disconnect from 161.97.104.148 port 48952:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17552]: Invalid user ftpuser from 101.43.159.25 port 41582","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17549]: Connection closed by authenticating user root 101.43.159.25 port 41592 [preauth]","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17565]: Invalid user es from 101.43.159.25 port 41556","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17557]: Invalid user centos from 101.43.159.25 port 41558","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17546]: Connection closed by invalid user ubuntu 101.43.159.25 port 41534 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17558]: Connection closed by invalid user admin 101.43.159.25 port 41532 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17567]: Connection closed by invalid user user 101.43.159.25 port 41604 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17562]: Connection closed by authenticating user root 101.43.159.25 port 41588 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:43 honeypot-fra-1 sshd[17604]: Invalid user user from 101.43.159.25 port 41538","@timestamp":"2022-09-15T07:36:44.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:37:08 honeypot-fra-1 sshd[17607]: Received disconnect from 165.22.45.108 port 45340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T07:37:09.126Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:37:25 honeypot-ams-1 kernel: [84104027.399978] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=64884 PROTO=TCP SPT=45356 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:37:25.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:42:22 honeypot-fra-1 kernel: [84102160.216057] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=54.241.71.147 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=42059 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:42:23.247Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:42:27.383Z","@version":"1","message":"Sep 15 07:42:26 honeypot-sgp-1 kernel: [84103854.273006] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=54.241.71.147 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52906 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:44:52 honeypot-ams-1 kernel: [84104475.223182] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=27909 PROTO=TCP SPT=13860 DPT=80 WINDOW=32356 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:44:53.637Z"}
{"@timestamp":"2022-09-15T07:45:29.462Z","@version":"1","message":"Sep 15 07:45:29 honeypot-sgp-1 sshd[21220]: Invalid user nvidia from 103.188.176.251 port 34190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:46:36.494Z","@version":"1","message":"Sep 15 07:46:36 honeypot-sgp-1 sshd[21227]: Received disconnect from 179.43.156.143 port 43276:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:47:49.526Z","@version":"1","message":"Sep 15 07:47:49 honeypot-sgp-1 sshd[21231]: Disconnected from invalid user wbz 206.217.131.233 port 39004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:48:59.561Z","@version":"1","message":"Sep 15 07:48:58 honeypot-sgp-1 sshd[21237]: Received disconnect from 179.43.156.143 port 59222:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:49:49 honeypot-ams-1 sshd[27444]: Received disconnect from 159.65.154.92 port 52000:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:49:50.766Z"}
{"@timestamp":"2022-09-15T07:50:13.595Z","@version":"1","message":"Sep 15 07:50:12 honeypot-sgp-1 sshd[21241]: Received disconnect from 179.43.156.143 port 53062:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:52:05.645Z","@version":"1","message":"Sep 15 07:52:05 honeypot-sgp-1 sshd[21248]: Received disconnect from 179.43.156.143 port 43804:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:52:27 honeypot-ams-1 sshd[27448]: Received disconnect from 104.131.185.48 port 36174:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:52:27.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:52:59 honeypot-ams-1 sshd[27452]: Disconnected from authenticating user root 162.215.1.199 port 52930 [preauth]","@timestamp":"2022-09-15T07:53:00.854Z"}
{"@timestamp":"2022-09-15T07:53:36.684Z","@version":"1","message":"Sep 15 07:53:35 honeypot-sgp-1 kernel: [84104523.453484] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=91.191.209.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=8468 PROTO=TCP SPT=48408 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:54:49 honeypot-fra-1 kernel: [84102906.999567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=85.119.151.254 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=8809 PROTO=TCP SPT=48482 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:54:49.532Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:55:30 honeypot-ams-1 sshd[27457]: Invalid user weiguo from 111.95.141.34 port 44976","@timestamp":"2022-09-15T07:55:30.925Z"}
{"@timestamp":"2022-09-15T08:01:25.880Z","@version":"1","message":"Sep 15 08:01:25 honeypot-sgp-1 kernel: [84104993.354194] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=67.211.215.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=635 PROTO=TCP SPT=41571 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:05:10 honeypot-fra-1 sshd[17620]: Invalid user support from 179.60.147.69 port 11570","@timestamp":"2022-09-15T08:05:10.768Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:05:47 honeypot-ams-1 kernel: [84105729.634681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59202 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:05:48.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:06 honeypot-ams-1 sshd[27468]: Disconnected from invalid user user 45.61.186.169 port 60330 [preauth]","@timestamp":"2022-09-15T08:08:07.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:24 honeypot-ams-1 sshd[27472]: Disconnected from invalid user user 45.61.186.169 port 55218 [preauth]","@timestamp":"2022-09-15T08:08:24.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:40 honeypot-ams-1 sshd[27476]: Disconnected from invalid user user 45.61.186.169 port 50110 [preauth]","@timestamp":"2022-09-15T08:08:40.274Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:56 honeypot-ams-1 sshd[27480]: Disconnected from invalid user user 45.61.186.169 port 44998 [preauth]","@timestamp":"2022-09-15T08:08:56.282Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:17:01 honeypot-fra-1 CRON[17649]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T08:17:02.061Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:17:02.269Z","@version":"1","message":"Sep 15 08:17:01 honeypot-sgp-1 CRON[21264]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:18:46 honeypot-ams-1 sshd[27489]: Invalid user admin from 167.71.236.26 port 59312","@timestamp":"2022-09-15T08:18:47.558Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:19:20 honeypot-fra-1 sshd[17655]: Disconnected from authenticating user root 88.169.87.158 port 43948 [preauth]","@timestamp":"2022-09-15T08:19:21.116Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:21:44.388Z","@version":"1","message":"Sep 15 08:21:43 honeypot-sgp-1 kernel: [84106210.985829] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.239.198.69 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=113 ID=22107 DF PROTO=TCP SPT=63868 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:22:40 honeypot-fra-1 sshd[17660]: Disconnected from authenticating user root 92.255.85.70 port 35878 [preauth]","@timestamp":"2022-09-15T08:22:40.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:24:41 honeypot-fra-1 sshd[17667]: Disconnected from invalid user ec2-user 40.70.0.187 port 46836 [preauth]","@timestamp":"2022-09-15T08:24:42.244Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:25:40 honeypot-ams-1 sshd[27494]: Did not receive identification string from 61.177.173.33 port 41271","@timestamp":"2022-09-15T08:25:40.738Z"}
{"@timestamp":"2022-09-15T08:27:55.541Z","@version":"1","message":"Sep 15 08:27:54 honeypot-sgp-1 sshd[21292]: Disconnected from 49.88.112.60 port 43421 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:28:28 honeypot-fra-1 sshd[17671]: Invalid user arya from 160.153.252.142 port 47456","@timestamp":"2022-09-15T08:28:28.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:29:10 honeypot-fra-1 sshd[17675]: Invalid user dell from 137.184.225.163 port 48008","@timestamp":"2022-09-15T08:29:10.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:30:46 honeypot-ams-1 kernel: [84107228.444121] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=50031 PROTO=TCP SPT=50602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:30:46.874Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:30:47 honeypot-fra-1 sshd[17678]: Disconnected from invalid user laura 165.22.45.108 port 50416 [preauth]","@timestamp":"2022-09-15T08:30:48.391Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:35:46.735Z","@version":"1","message":"Sep 15 08:35:45 honeypot-sgp-1 sshd[21306]: Received disconnect from 49.88.112.60 port 36472:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:39:09 honeypot-ams-1 kernel: [84107731.863214] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.49.173.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=58355 PROTO=TCP SPT=37699 DPT=443 WINDOW=42355 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:39:10.095Z"}
{"@timestamp":"2022-09-15T08:40:41.858Z","@version":"1","message":"Sep 15 08:40:41 honeypot-sgp-1 sshd[21312]: Received disconnect from 49.88.112.60 port 61024:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:42:54 honeypot-fra-1 sshd[17683]: Connection closed by invalid user admin 179.60.147.69 port 8144 [preauth]","@timestamp":"2022-09-15T08:42:54.671Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:42:56.917Z","@version":"1","message":"Sep 15 08:42:56 honeypot-sgp-1 sshd[21317]: Disconnected from 49.88.112.60 port 22357 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T08:44:24.958Z","@version":"1","message":"Sep 15 08:44:24 honeypot-sgp-1 kernel: [84107571.921693] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56182 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:57 honeypot-ams-1 sshd[27533]: Invalid user user from 141.255.162.226 port 55284","@timestamp":"2022-09-15T08:45:58.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:58 honeypot-ams-1 sshd[27537]: Invalid user user from 141.255.162.226 port 40182","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:01 honeypot-ams-1 sshd[27541]: Invalid user user from 141.255.162.226 port 42154","@timestamp":"2022-09-15T08:46:02.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:03 honeypot-ams-1 sshd[27545]: Invalid user user from 141.255.162.226 port 49706","@timestamp":"2022-09-15T08:46:04.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:48:04 honeypot-ams-1 sshd[27549]: Received disconnect from 61.177.173.33 port 64081:11:  [preauth]","@timestamp":"2022-09-15T08:48:04.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17694]: Invalid user user from 172.104.240.40 port 43732","@timestamp":"2022-09-15T08:48:36.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17710]: Connection closed by invalid user postgres 172.104.240.40 port 43948 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17700]: Invalid user testuser from 172.104.240.40 port 43818","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17696]: Connection closed by invalid user guest 172.104.240.40 port 43796 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17691]: Invalid user user from 172.104.240.40 port 43702","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17706]: Invalid user guest from 172.104.240.40 port 43864","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17695]: Connection closed by invalid user user 172.104.240.40 port 43766 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17712]: Invalid user admin from 172.104.240.40 port 43984","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17723]: Invalid user postgres from 172.104.240.40 port 44036","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17720]: Invalid user esuser from 172.104.240.40 port 43960","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:50:58 honeypot-ams-1 sshd[27556]: Received disconnect from 61.177.173.33 port 36402:11:  [preauth]","@timestamp":"2022-09-15T08:50:59.424Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:57:33 honeypot-fra-1 sshd[17752]: Invalid user tomcat from 193.106.191.157 port 33756","@timestamp":"2022-09-15T08:57:34.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:02:09 honeypot-ams-1 kernel: [84109111.995252] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.93.194.120 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=61718 PROTO=TCP SPT=51745 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:02:09.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:04:08 honeypot-ams-1 sshd[27570]: Received disconnect from 119.180.97.100 port 35137:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:04:08.768Z"}
{"@timestamp":"2022-09-15T09:04:13.444Z","@version":"1","message":"Sep 15 09:04:13 honeypot-sgp-1 sshd[21325]: Received disconnect from 115.92.154.46 port 17050:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:21 honeypot-fra-1 sshd[17760]: Received disconnect from 141.255.162.226 port 40094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:04:22.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:22 honeypot-fra-1 sshd[17764]: Received disconnect from 141.255.162.226 port 55392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:04:23.176Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:28 honeypot-fra-1 sshd[17768]: Received disconnect from 141.255.162.226 port 34814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:04:28.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:30 honeypot-fra-1 sshd[17772]: Received disconnect from 141.255.162.226 port 57784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:04:31.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:05:28 honeypot-ams-1 sshd[27572]: Received disconnect from 181.129.14.218 port 63267:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:05:28.807Z"}
{"@timestamp":"2022-09-15T09:07:09.520Z","@version":"1","message":"Sep 15 09:07:09 honeypot-sgp-1 sshd[21330]: Received disconnect from 45.61.184.204 port 60216:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:30.531Z","@version":"1","message":"Sep 15 09:07:29 honeypot-sgp-1 sshd[21334]: Received disconnect from 45.61.184.204 port 56048:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:51.542Z","@version":"1","message":"Sep 15 09:07:50 honeypot-sgp-1 sshd[21339]: Received disconnect from 45.61.184.204 port 51868:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:08:09.552Z","@version":"1","message":"Sep 15 09:08:09 honeypot-sgp-1 sshd[21343]: Received disconnect from 45.61.184.204 port 47688:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:08:55 honeypot-ams-1 kernel: [84109517.510064] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=22962 PROTO=TCP SPT=52443 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:08:55.900Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:11:51 honeypot-fra-1 sshd[17777]: Connection closed by 192.241.221.49 port 59866 [preauth]","@timestamp":"2022-09-15T09:11:51.348Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:12:01 honeypot-ams-1 sshd[27584]: Disconnected from authenticating user root 92.255.85.69 port 51826 [preauth]","@timestamp":"2022-09-15T09:12:01.985Z"}
{"@timestamp":"2022-09-15T09:18:22.801Z","@version":"1","message":"Sep 15 09:18:22 honeypot-sgp-1 sshd[21351]: Invalid user ubnt from 179.60.147.69 port 9126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:21 honeypot-ams-1 sshd[27599]: Did not receive identification string from 141.255.162.226 port 47354","@timestamp":"2022-09-15T09:19:22.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:36 honeypot-ams-1 sshd[27602]: Disconnected from invalid user user 141.255.162.226 port 48450 [preauth]","@timestamp":"2022-09-15T09:19:37.185Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:40 honeypot-ams-1 sshd[27606]: Disconnected from invalid user user 141.255.162.226 port 42200 [preauth]","@timestamp":"2022-09-15T09:19:40.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:41 honeypot-ams-1 sshd[27611]: Disconnected from invalid user user 141.255.162.226 port 49526 [preauth]","@timestamp":"2022-09-15T09:19:42.189Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:23:36 honeypot-fra-1 sshd[17787]: Received disconnect from 165.22.45.108 port 55476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:23:36.616Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:28:29 honeypot-ams-1 kernel: [84110692.123676] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.236.109 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59387 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:28:30.435Z"}
{"@timestamp":"2022-09-15T09:30:47.102Z","@version":"1","message":"Sep 15 09:30:46 honeypot-sgp-1 sshd[21357]: Invalid user  from 64.62.197.152 port 32952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:32:21.145Z","@version":"1","message":"Sep 15 09:32:20 honeypot-sgp-1 sshd[21361]: Received disconnect from 154.214.4.199 port 48528:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:32:41 honeypot-ams-1 kernel: [84110944.163625] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=27603 PROTO=TCP SPT=793 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:32:42.549Z"}
{"@timestamp":"2022-09-15T09:33:57.186Z","@version":"1","message":"Sep 15 09:33:57 honeypot-sgp-1 sshd[21367]: Invalid user admin from 126.113.24.98 port 40496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:34:27.201Z","@version":"1","message":"Sep 15 09:34:26 honeypot-sgp-1 sshd[21369]: Disconnected from invalid user alano 182.73.123.118 port 16008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:38:31 honeypot-ams-1 kernel: [84111293.490856] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.175.70.147 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=12081 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:38:31.702Z"}
{"@timestamp":"2022-09-15T09:41:56.384Z","@version":"1","message":"Sep 15 09:41:55 honeypot-sgp-1 sshd[21376]: Received disconnect from 179.43.156.143 port 37076:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:43:04 honeypot-ams-1 sshd[27633]: Received disconnect from 82.196.5.251 port 47294:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:43:04.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:43:19 honeypot-fra-1 sshd[17795]: Connection closed by invalid user tomcat 193.106.191.157 port 36040 [preauth]","@timestamp":"2022-09-15T09:43:19.067Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T09:43:39.428Z","@version":"1","message":"Sep 15 09:43:39 honeypot-sgp-1 sshd[21382]: Received disconnect from 179.43.156.143 port 53880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:44:14.445Z","@version":"1","message":"Sep 15 09:44:14 honeypot-sgp-1 sshd[21386]: Disconnected from authenticating user root 179.43.156.143 port 50024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:45:26.476Z","@version":"1","message":"Sep 15 09:45:26 honeypot-sgp-1 sshd[21392]: Received disconnect from 133.130.103.236 port 43114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:45:27 honeypot-fra-1 sshd[17798]: Connection closed by invalid user  64.62.197.92 port 9310 [preauth]","@timestamp":"2022-09-15T09:45:28.120Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:45:41 honeypot-ams-1 sshd[27640]: Received disconnect from 194.209.191.243 port 47612:11: Bye Bye [preauth]","@timestamp":"2022-09-15T09:45:41.892Z"}
{"@timestamp":"2022-09-15T09:46:34.507Z","@version":"1","message":"Sep 15 09:46:33 honeypot-sgp-1 sshd[21397]: Invalid user nfsnobod from 179.43.156.143 port 34720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:47:43.536Z","@version":"1","message":"Sep 15 09:47:43 honeypot-sgp-1 sshd[21401]: Disconnected from authenticating user root 179.43.156.143 port 55352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:47:43 honeypot-ams-1 sshd[27645]: Connection closed by invalid user nvidia 103.188.176.251 port 48884 [preauth]","@timestamp":"2022-09-15T09:47:43.945Z"}
{"@timestamp":"2022-09-15T09:48:58.570Z","@version":"1","message":"Sep 15 09:48:57 honeypot-sgp-1 sshd[21407]: Disconnected from authenticating user root 179.43.156.143 port 47684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:52:05.647Z","@version":"1","message":"Sep 15 09:52:05 honeypot-sgp-1 sshd[21414]: Disconnected from authenticating user root 47.254.179.224 port 33808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:56:54.765Z","@version":"1","message":"Sep 15 09:56:54 honeypot-sgp-1 sshd[21420]: Invalid user ulia from 181.48.60.50 port 51518","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:01:30 honeypot-fra-1 kernel: [84110508.092795] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.126.12.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38367 PROTO=TCP SPT=56019 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:01:31.486Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:02:09 honeypot-ams-1 sshd[27667]: Did not receive identification string from 61.177.173.33 port 57255","@timestamp":"2022-09-15T10:02:09.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:06:27 honeypot-fra-1 kernel: [84110804.528329] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=60184 DF PROTO=TCP SPT=62526 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:06:27.603Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:06:58 honeypot-ams-1 sshd[27674]: Disconnected from invalid user cf 210.106.108.250 port 38344 [preauth]","@timestamp":"2022-09-15T10:06:59.442Z"}
{"@timestamp":"2022-09-15T10:08:27.047Z","@version":"1","message":"Sep 15 10:08:26 honeypot-sgp-1 sshd[21427]: Received disconnect from 103.138.10.78 port 57194:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:09:10 honeypot-fra-1 kernel: [84110967.769519] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.203.88 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44425 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:09:10.672Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:11:51 honeypot-ams-1 kernel: [84113293.932354] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52466 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:11:52.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:14:22 honeypot-ams-1 sshd[27692]: Received disconnect from 179.43.156.143 port 52244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:14:22.634Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:15:20 honeypot-ams-1 kernel: [84113503.177016] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54786 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:15:21.663Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:15:22 honeypot-fra-1 kernel: [84111340.359597] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.79 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=38392 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:15:23.814Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:16:42 honeypot-ams-1 sshd[27703]: Invalid user nutanix from 179.43.156.143 port 39626","@timestamp":"2022-09-15T10:16:42.701Z"}
{"@timestamp":"2022-09-15T10:17:02.256Z","@version":"1","message":"Sep 15 10:17:01 honeypot-sgp-1 CRON[21432]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:06 honeypot-ams-1 sshd[27709]: Received disconnect from 61.177.173.46 port 26318:11:  [preauth]","@timestamp":"2022-09-15T10:17:06.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:16 honeypot-ams-1 sshd[27713]: Received disconnect from 179.43.156.143 port 36470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:17:16.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:18:26 honeypot-ams-1 sshd[27719]: Disconnected from authenticating user root 179.43.156.143 port 58378 [preauth]","@timestamp":"2022-09-15T10:18:26.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:20:11 honeypot-ams-1 sshd[27726]: Disconnected from authenticating user root 179.43.156.143 port 48932 [preauth]","@timestamp":"2022-09-15T10:20:11.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:21:44 honeypot-ams-1 sshd[27732]: Disconnected from 61.177.173.33 port 46273 [preauth]","@timestamp":"2022-09-15T10:21:45.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:22:05 honeypot-fra-1 kernel: [84111742.742757] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59110 PROTO=TCP SPT=57298 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:22:05.966Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:24:47 honeypot-ams-1 sshd[27742]: Received disconnect from 181.49.17.194 port 39292:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:24:48.929Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:27:18 honeypot-ams-1 kernel: [84114220.644073] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=58434 DF PROTO=TCP SPT=54583 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:27:18.997Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:27:18 honeypot-fra-1 sshd[17825]: Disconnected from authenticating user root 161.132.180.117 port 2461 [preauth]","@timestamp":"2022-09-15T10:27:19.088Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:31:16 honeypot-ams-1 sshd[27756]: Received disconnect from 61.177.172.124 port 43204:11:  [preauth]","@timestamp":"2022-09-15T10:31:17.103Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:31:57 honeypot-fra-1 sshd[17827]: Connection closed by invalid user blank 179.60.147.69 port 37742 [preauth]","@timestamp":"2022-09-15T10:31:58.197Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:34:09 honeypot-ams-1 sshd[27760]: Connection closed by invalid user blank 179.60.147.69 port 65176 [preauth]","@timestamp":"2022-09-15T10:34:10.180Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:35:53 honeypot-fra-1 kernel: [84112571.120289] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=13302 DF PROTO=TCP SPT=64294 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:35:54.290Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:37:15.737Z","@version":"1","message":"Sep 15 10:37:15 honeypot-sgp-1 kernel: [84114342.788735] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=14932 PROTO=TCP SPT=11556 DPT=443 WINDOW=42684 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:39:06 honeypot-ams-1 sshd[27768]: Received disconnect from 178.128.148.229 port 54422:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:39:07.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:40:08 honeypot-ams-1 sshd[27774]: Received disconnect from 43.224.110.21 port 36948:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:40:09.337Z"}
{"@timestamp":"2022-09-15T10:43:50.900Z","@version":"1","message":"Sep 15 10:43:49 honeypot-sgp-1 sshd[21443]: Did not receive identification string from 198.98.61.9 port 45116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:31.918Z","@version":"1","message":"Sep 15 10:44:31 honeypot-sgp-1 sshd[21446]: Disconnected from invalid user user 198.98.61.9 port 35586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:49.927Z","@version":"1","message":"Sep 15 10:44:48 honeypot-sgp-1 sshd[21450]: Disconnected from invalid user user 198.98.61.9 port 58908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:45:05.935Z","@version":"1","message":"Sep 15 10:45:05 honeypot-sgp-1 sshd[21454]: Disconnected from invalid user user 198.98.61.9 port 54006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:18 honeypot-ams-1 sshd[27784]: Did not receive identification string from 141.255.162.226 port 57740","@timestamp":"2022-09-15T10:52:18.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:20 honeypot-ams-1 sshd[27787]: Disconnected from invalid user user 141.255.162.226 port 44970 [preauth]","@timestamp":"2022-09-15T10:52:21.650Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:23 honeypot-ams-1 sshd[27791]: Disconnected from invalid user user 141.255.162.226 port 59582 [preauth]","@timestamp":"2022-09-15T10:52:23.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:27 honeypot-ams-1 sshd[27795]: Disconnected from invalid user user 141.255.162.226 port 37674 [preauth]","@timestamp":"2022-09-15T10:52:27.654Z"}
{"@timestamp":"2022-09-15T10:53:22.134Z","@version":"1","message":"Sep 15 10:53:21 honeypot-sgp-1 sshd[21459]: Invalid user ns1 from 157.245.93.228 port 48018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:58:08 honeypot-ams-1 kernel: [84116070.982555] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.2.240.220 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=11497 DF PROTO=TCP SPT=58339 DPT=80 WINDOW=62720 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:58:08.804Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:02:17 honeypot-fra-1 kernel: [84114154.961359] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=128.1.248.28 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13484 PROTO=TCP SPT=15277 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:02:17.883Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:05:01 honeypot-ams-1 sshd[27813]: Disconnected from authenticating user root 61.177.173.36 port 32239 [preauth]","@timestamp":"2022-09-15T11:05:01.990Z"}
{"@timestamp":"2022-09-15T11:07:07.463Z","@version":"1","message":"Sep 15 11:07:06 honeypot-sgp-1 sshd[21463]: Invalid user test from 179.60.147.69 port 62734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:10:03 honeypot-fra-1 sshd[17837]: Disconnected from invalid user lav 165.22.45.108 port 37370 [preauth]","@timestamp":"2022-09-15T11:10:04.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:13:37 honeypot-ams-1 kernel: [84116999.951228] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=20644 PROTO=TCP SPT=6431 DPT=80 WINDOW=20831 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:13:38.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:17:01 honeypot-ams-1 CRON[27827]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T11:17:02.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:19:26 honeypot-fra-1 sshd[17843]: Disconnected from invalid user admin 43.132.254.141 port 47766 [preauth]","@timestamp":"2022-09-15T11:19:26.270Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:21:09.801Z","@version":"1","message":"Sep 15 11:21:08 honeypot-sgp-1 sshd[21471]: Received disconnect from 103.84.236.242 port 33638:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:28:04.972Z","@version":"1","message":"Sep 15 11:28:04 honeypot-sgp-1 sshd[21474]: Disconnected from invalid user lokesh 43.245.185.66 port 47338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:28:54 honeypot-ams-1 sshd[27836]: Received disconnect from 61.177.172.90 port 24120:11:  [preauth]","@timestamp":"2022-09-15T11:28:54.610Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:31:11 honeypot-fra-1 sshd[17851]: Invalid user pi from 73.100.162.94 port 56204","@timestamp":"2022-09-15T11:31:11.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:34:41 honeypot-ams-1 kernel: [84118263.877484] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.244 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59548 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-15T11:34:41.760Z"}
{"@timestamp":"2022-09-15T11:34:46.142Z","@version":"1","message":"Sep 15 11:34:45 honeypot-sgp-1 sshd[21480]: Received disconnect from 210.97.86.61 port 42294:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:36:25.184Z","@version":"1","message":"Sep 15 11:36:24 honeypot-sgp-1 sshd[21485]: Disconnected from authenticating user root 128.199.80.233 port 52278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:37:51.222Z","@version":"1","message":"Sep 15 11:37:50 honeypot-sgp-1 kernel: [84117978.175581] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.89.119.85 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=28216 PROTO=TCP SPT=46939 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:37:55 honeypot-fra-1 sshd[17854]: Connection closed by invalid user plex 141.98.10.158 port 41204 [preauth]","@timestamp":"2022-09-15T11:37:55.719Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:39:44 honeypot-ams-1 sshd[27848]: Disconnected from invalid user nugie 143.244.190.237 port 54492 [preauth]","@timestamp":"2022-09-15T11:39:44.895Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:40:24 honeypot-fra-1 kernel: [84116441.337246] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57854 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:40:24.778Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:41:40 honeypot-fra-1 sshd[17862]: Received disconnect from 178.176.225.151 port 33690:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:41:40.808Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:15 honeypot-ams-1 sshd[27855]: Invalid user admin from 80.76.51.45 port 57868","@timestamp":"2022-09-15T11:43:16.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:50 honeypot-ams-1 sshd[27859]: Received disconnect from 80.76.51.45 port 36824:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:43:51.023Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:44:40 honeypot-ams-1 sshd[27865]: Received disconnect from 80.76.51.45 port 33434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:44:41.048Z"}
{"@timestamp":"2022-09-15T11:44:47.394Z","@version":"1","message":"Sep 15 11:44:47 honeypot-sgp-1 kernel: [84118394.443807] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.225 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57563 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:45:30 honeypot-ams-1 sshd[27874]: Received disconnect from 80.76.51.45 port 58174:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:45:31.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:45:59 honeypot-ams-1 sshd[27878]: Disconnected from authenticating user root 61.177.173.36 port 55865 [preauth]","@timestamp":"2022-09-15T11:46:00.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:46:19 honeypot-ams-1 sshd[27882]: Disconnected from invalid user git 80.76.51.45 port 54660 [preauth]","@timestamp":"2022-09-15T11:46:20.100Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:48:39 honeypot-fra-1 sshd[17867]: Connection closed by invalid user guest 179.60.147.69 port 15806 [preauth]","@timestamp":"2022-09-15T11:48:39.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:52:48 honeypot-fra-1 sshd[17872]: Disconnected from authenticating user root 142.93.101.157 port 47930 [preauth]","@timestamp":"2022-09-15T11:52:49.064Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:56:16 honeypot-ams-1 kernel: [84119559.144067] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=34140 PROTO=TCP SPT=42973 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:56:17.357Z"}
{"@timestamp":"2022-09-15T11:59:59.763Z","@version":"1","message":"Sep 15 11:59:59 honeypot-sgp-1 sshd[21498]: Did not receive identification string from 193.142.146.50 port 40434","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:00:38 honeypot-fra-1 kernel: [84117655.497433] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.255.196.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58327 DF PROTO=TCP SPT=16436 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:00:39.244Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:00:39.783Z","@version":"1","message":"Sep 15 12:00:38 honeypot-sgp-1 sshd[21503]: Disconnected from authenticating user root 193.142.146.50 port 43924 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:24.828Z","@version":"1","message":"Sep 15 12:02:24 honeypot-sgp-1 sshd[21511]: Received disconnect from 193.142.146.50 port 33786:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:37.835Z","@version":"1","message":"Sep 15 12:02:36 honeypot-sgp-1 sshd[21515]: Disconnected from authenticating user root 193.142.146.50 port 52426 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:46.840Z","@version":"1","message":"Sep 15 12:02:46 honeypot-sgp-1 sshd[21519]: Disconnected from invalid user user 45.61.186.49 port 60710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:03:55.871Z","@version":"1","message":"Sep 15 12:03:55 honeypot-sgp-1 sshd[21525]: Received disconnect from 193.142.146.50 port 33240:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:19.883Z","@version":"1","message":"Sep 15 12:04:19 honeypot-sgp-1 sshd[21529]: Disconnected from invalid user test 193.142.146.50 port 42288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:05:22 honeypot-fra-1 sshd[17880]: Disconnected from invalid user teampspeak 101.255.65.138 port 39088 [preauth]","@timestamp":"2022-09-15T12:05:23.354Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:08:26.984Z","@version":"1","message":"Sep 15 12:08:26 honeypot-sgp-1 sshd[21535]: Disconnected from authenticating user root 134.209.106.124 port 60792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:10:58.049Z","@version":"1","message":"Sep 15 12:10:58 honeypot-sgp-1 sshd[21540]: Received disconnect from 45.61.184.204 port 55902:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:11:02 honeypot-ams-1 sshd[27905]: Disconnected from authenticating user root 61.177.173.46 port 53155 [preauth]","@timestamp":"2022-09-15T12:11:02.744Z"}
{"@timestamp":"2022-09-15T12:11:18.060Z","@version":"1","message":"Sep 15 12:11:17 honeypot-sgp-1 sshd[21544]: Received disconnect from 45.61.184.204 port 50708:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:37.069Z","@version":"1","message":"Sep 15 12:11:36 honeypot-sgp-1 sshd[21549]: Received disconnect from 45.61.184.204 port 45504:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:54.078Z","@version":"1","message":"Sep 15 12:11:53 honeypot-sgp-1 sshd[21553]: Received disconnect from 45.61.184.204 port 40310:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:12:46 honeypot-fra-1 sshd[17885]: Connection closed by invalid user admin 128.199.160.207 port 54912 [preauth]","@timestamp":"2022-09-15T12:12:46.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:12:48 honeypot-fra-1 sshd[17891]: Connection closed by invalid user admin 128.199.160.207 port 54940 [preauth]","@timestamp":"2022-09-15T12:12:49.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:11 honeypot-fra-1 sshd[17896]: Invalid user user from 45.61.187.160 port 42504","@timestamp":"2022-09-15T12:15:12.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:30 honeypot-fra-1 sshd[17900]: Invalid user user from 45.61.187.160 port 36964","@timestamp":"2022-09-15T12:15:31.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:49 honeypot-fra-1 sshd[17904]: Invalid user user from 45.61.187.160 port 59652","@timestamp":"2022-09-15T12:15:49.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:57 honeypot-fra-1 sshd[17908]: Received disconnect from 45.61.187.160 port 42780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:15:58.628Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:17:02.205Z","@version":"1","message":"Sep 15 12:17:01 honeypot-sgp-1 CRON[21558]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:17:02 honeypot-fra-1 CRON[17913]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T12:17:02.654Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:17:09 honeypot-ams-1 sshd[27915]: Invalid user pengfan from 103.188.176.251 port 49786","@timestamp":"2022-09-15T12:17:09.902Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:40 honeypot-ams-1 sshd[27920]: Invalid user user from 45.61.186.249 port 38224","@timestamp":"2022-09-15T12:18:40.944Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:59 honeypot-ams-1 sshd[27924]: Invalid user user from 45.61.186.249 port 60804","@timestamp":"2022-09-15T12:18:59.973Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:17 honeypot-ams-1 sshd[27928]: Invalid user user from 45.61.186.249 port 55150","@timestamp":"2022-09-15T12:19:17.982Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 12:19:42 honeypot-ams-1 kernel: [84120964.456655] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.81.101 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=4824 PROTO=TCP SPT=42475 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:19:42.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:20:40 honeypot-ams-1 sshd[27936]: Disconnected from authenticating user root 61.177.173.39 port 14189 [preauth]","@timestamp":"2022-09-15T12:20:41.024Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:23:37 honeypot-fra-1 sshd[17919]: Disconnected from authenticating user root 42.119.111.155 port 50910 [preauth]","@timestamp":"2022-09-15T12:23:37.826Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:25:29.408Z","@version":"1","message":"Sep 15 12:25:29 honeypot-sgp-1 sshd[21567]: Invalid user admin from 178.128.125.205 port 48456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:25:49 honeypot-fra-1 kernel: [84119166.252434] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.128.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45038 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:25:49.881Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:26:44.440Z","@version":"1","message":"Sep 15 12:26:43 honeypot-sgp-1 sshd[21571]: Disconnected from invalid user Administrator 92.255.85.70 port 55624 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:27:54 honeypot-fra-1 sshd[17927]: Connection closed by invalid user ubnt 179.60.147.69 port 31958 [preauth]","@timestamp":"2022-09-15T12:27:54.931Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:28:30.486Z","@version":"1","message":"Sep 15 12:28:30 honeypot-sgp-1 sshd[21578]: Disconnected from authenticating user root 109.42.178.255 port 31532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:35.488Z","@version":"1","message":"Sep 15 12:28:34 honeypot-sgp-1 sshd[21584]: Received disconnect from 109.42.178.255 port 16091:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:39.490Z","@version":"1","message":"Sep 15 12:28:39 honeypot-sgp-1 sshd[21590]: Received disconnect from 109.42.178.255 port 20494:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:43.492Z","@version":"1","message":"Sep 15 12:28:43 honeypot-sgp-1 sshd[21596]: Received disconnect from 109.42.178.255 port 3398:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:48.496Z","@version":"1","message":"Sep 15 12:28:47 honeypot-sgp-1 sshd[21602]: Received disconnect from 109.42.178.255 port 9886:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:52.498Z","@version":"1","message":"Sep 15 12:28:52 honeypot-sgp-1 sshd[21608]: Received disconnect from 109.42.178.255 port 31177:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:57.501Z","@version":"1","message":"Sep 15 12:28:56 honeypot-sgp-1 sshd[21614]: Received disconnect from 109.42.178.255 port 26730:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:01.505Z","@version":"1","message":"Sep 15 12:29:01 honeypot-sgp-1 sshd[21620]: Received disconnect from 109.42.178.255 port 20584:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:05.507Z","@version":"1","message":"Sep 15 12:29:05 honeypot-sgp-1 sshd[21626]: Received disconnect from 109.42.178.255 port 22352:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:10.510Z","@version":"1","message":"Sep 15 12:29:09 honeypot-sgp-1 sshd[21632]: Received disconnect from 109.42.178.255 port 7360:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:14.512Z","@version":"1","message":"Sep 15 12:29:14 honeypot-sgp-1 sshd[21638]: Received disconnect from 109.42.178.255 port 29223:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:19.516Z","@version":"1","message":"Sep 15 12:29:18 honeypot-sgp-1 sshd[21644]: Received disconnect from 109.42.178.255 port 23529:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:21.517Z","@version":"1","message":"Sep 15 12:29:21 honeypot-sgp-1 sshd[21648]: Disconnected from invalid user admin 109.42.178.255 port 21286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:24.519Z","@version":"1","message":"Sep 15 12:29:24 honeypot-sgp-1 sshd[21652]: Disconnected from invalid user admin 109.42.178.255 port 27407 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:27.521Z","@version":"1","message":"Sep 15 12:29:27 honeypot-sgp-1 sshd[21656]: Disconnected from invalid user admin 109.42.178.255 port 2122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:30.524Z","@version":"1","message":"Sep 15 12:29:29 honeypot-sgp-1 sshd[21660]: Disconnected from invalid user admin 109.42.178.255 port 15075 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:33.525Z","@version":"1","message":"Sep 15 12:29:32 honeypot-sgp-1 sshd[21664]: Disconnected from invalid user admin 109.42.178.255 port 17228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:36.527Z","@version":"1","message":"Sep 15 12:29:35 honeypot-sgp-1 sshd[21668]: Disconnected from invalid user user 109.42.178.255 port 22577 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:40.529Z","@version":"1","message":"Sep 15 12:29:40 honeypot-sgp-1 sshd[21674]: Received disconnect from 109.42.178.255 port 2162:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:43.531Z","@version":"1","message":"Sep 15 12:29:43 honeypot-sgp-1 sshd[21678]: Received disconnect from 109.42.178.255 port 23788:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:46.534Z","@version":"1","message":"Sep 15 12:29:45 honeypot-sgp-1 sshd[21682]: Received disconnect from 109.42.178.255 port 29830:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:49.536Z","@version":"1","message":"Sep 15 12:29:48 honeypot-sgp-1 sshd[21686]: Received disconnect from 109.42.178.255 port 4849:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:52.537Z","@version":"1","message":"Sep 15 12:29:51 honeypot-sgp-1 sshd[21690]: Received disconnect from 109.42.178.255 port 10275:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:55.539Z","@version":"1","message":"Sep 15 12:29:54 honeypot-sgp-1 sshd[21694]: Received disconnect from 109.42.178.255 port 6094:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:58.541Z","@version":"1","message":"Sep 15 12:29:57 honeypot-sgp-1 sshd[21698]: Received disconnect from 109.42.178.255 port 3964:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:00.544Z","@version":"1","message":"Sep 15 12:30:00 honeypot-sgp-1 sshd[21702]: Received disconnect from 109.42.178.255 port 30295:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:03.545Z","@version":"1","message":"Sep 15 12:30:03 honeypot-sgp-1 sshd[21706]: Received disconnect from 109.42.178.255 port 1248:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:30:04 honeypot-ams-1 sshd[27947]: Invalid user ubnt from 179.60.147.69 port 12276","@timestamp":"2022-09-15T12:30:05.267Z"}
{"@timestamp":"2022-09-15T12:30:06.547Z","@version":"1","message":"Sep 15 12:30:06 honeypot-sgp-1 sshd[21710]: Received disconnect from 109.42.178.255 port 28644:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:09.549Z","@version":"1","message":"Sep 15 12:30:08 honeypot-sgp-1 sshd[21714]: Received disconnect from 109.42.178.255 port 16156:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:33:27.631Z","@version":"1","message":"Sep 15 12:33:27 honeypot-sgp-1 sshd[21719]: Received disconnect from 195.14.105.159 port 59046:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:33:37 honeypot-ams-1 sshd[28028]: Invalid user user from 63.222.7.131 port 5957","@timestamp":"2022-09-15T12:33:37.363Z"}
{"@timestamp":"2022-09-15T12:34:44.666Z","@version":"1","message":"Sep 15 12:34:44 honeypot-sgp-1 sshd[21724]: Invalid user user from 141.255.162.226 port 44156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:34:47 honeypot-ams-1 sshd[28030]: Invalid user admin from 81.17.25.50 port 55128","@timestamp":"2022-09-15T12:34:47.396Z"}
{"@timestamp":"2022-09-15T12:34:47.668Z","@version":"1","message":"Sep 15 12:34:47 honeypot-sgp-1 sshd[21728]: Invalid user user from 141.255.162.226 port 58670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:34:51.670Z","@version":"1","message":"Sep 15 12:34:50 honeypot-sgp-1 sshd[21732]: Connection closed by 141.255.162.226 port 44968 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:36:32 honeypot-ams-1 sshd[28038]: Invalid user admin from 81.17.25.50 port 17630","@timestamp":"2022-09-15T12:36:33.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:38:45 honeypot-ams-1 sshd[28045]: Invalid user aerohive from 81.17.25.50 port 45230","@timestamp":"2022-09-15T12:38:46.510Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:40:17 honeypot-ams-1 sshd[28053]: Disconnecting invalid user manager 81.17.25.50 port 63005: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:40:17.556Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:42:32 honeypot-ams-1 sshd[28061]: Invalid user Administrator from 92.255.85.70 port 51188","@timestamp":"2022-09-15T12:42:32.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:43:54 honeypot-ams-1 sshd[28065]: Disconnecting invalid user araknis 81.17.25.50 port 2060: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:43:54.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:44:23 honeypot-fra-1 kernel: [84120280.530270] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.128.115 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24833 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:44:24.309Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:45:39 honeypot-ams-1 sshd[28076]: Invalid user Admin from 81.17.25.50 port 29913","@timestamp":"2022-09-15T12:45:39.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:46:59 honeypot-ams-1 sshd[28086]: Invalid user guest from 81.17.25.50 port 38989","@timestamp":"2022-09-15T12:46:59.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:47:48 honeypot-ams-1 sshd[28092]: Disconnecting invalid user  81.17.25.50 port 9213: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:47:48.780Z"}
{"@timestamp":"2022-09-15T12:47:54.987Z","@version":"1","message":"Sep 15 12:47:54 honeypot-sgp-1 kernel: [84122181.934878] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45012 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:34 honeypot-ams-1 sshd[28098]: Disconnecting invalid user cisco 81.17.25.50 port 13248: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:48:34.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:20 honeypot-ams-1 sshd[28107]: Invalid user Administrator from 81.17.25.50 port 28222","@timestamp":"2022-09-15T12:49:20.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:55 honeypot-ams-1 sshd[28113]: Invalid user sti.admin5 from 81.17.25.50 port 60894","@timestamp":"2022-09-15T12:49:55.848Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:50:14 honeypot-fra-1 sshd[17937]: Received disconnect from 159.65.27.32 port 40038:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:50:15.443Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:50:22 honeypot-ams-1 sshd[28115]: Disconnecting invalid user admin 81.17.25.50 port 31765: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:50:22.864Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 12:51:35 honeypot-ams-1 kernel: [84122877.537604] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.17 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59704 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:51:35.901Z"}
{"@timestamp":"2022-09-15T12:51:55.090Z","@version":"1","message":"Sep 15 12:51:54 honeypot-sgp-1 sshd[21740]: Disconnected from authenticating user root 46.101.231.66 port 43742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:52:22.105Z","@version":"1","message":"Sep 15 12:52:21 honeypot-sgp-1 sshd[21746]: Received disconnect from 92.255.85.69 port 31850:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:52:51 honeypot-fra-1 sshd[17941]: Received disconnect from 138.68.166.112 port 54500:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:52:51.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:53:02 honeypot-ams-1 sshd[28131]: Received disconnect from 61.177.173.36 port 51206:11:  [preauth]","@timestamp":"2022-09-15T12:53:02.944Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 12:53:47 honeypot-ams-1 kernel: [84123009.435306] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=82.131.186.0 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=52552 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:53:47.967Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:54:35 honeypot-ams-1 sshd[28140]: Disconnecting invalid user superonline 81.17.25.50 port 19669: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:54:35.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:57:32 honeypot-ams-1 sshd[28146]: Disconnecting invalid user Admin 81.17.25.50 port 14616: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:57:33.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:57:52 honeypot-ams-1 sshd[28153]: Disconnected from authenticating user root 61.177.173.51 port 38302 [preauth]","@timestamp":"2022-09-15T12:57:53.085Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:58:59 honeypot-fra-1 sshd[17946]: Disconnected from authenticating user root 81.6.41.4 port 53626 [preauth]","@timestamp":"2022-09-15T12:58:59.643Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:59:09 honeypot-ams-1 sshd[28159]: Disconnecting invalid user matrix 81.17.25.50 port 46453: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:59:10.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:16 honeypot-ams-1 sshd[28166]: Disconnecting invalid user motorola 81.17.25.50 port 55245: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:00:16.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:59 honeypot-ams-1 sshd[28174]: Invalid user admin from 81.17.25.50 port 25610","@timestamp":"2022-09-15T13:01:00.182Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:01:25 honeypot-fra-1 sshd[17950]: Disconnected from invalid user sage 138.0.239.70 port 36246 [preauth]","@timestamp":"2022-09-15T13:01:25.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:02:20 honeypot-ams-1 sshd[28180]: Invalid user admin from 81.17.25.50 port 15796","@timestamp":"2022-09-15T13:02:21.223Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:02:48 honeypot-ams-1 sshd[28184]: Disconnecting invalid user admin 81.17.25.50 port 34138: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:02:49.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:03:57 honeypot-ams-1 sshd[28190]: Invalid user Broadcom from 81.17.25.50 port 25659","@timestamp":"2022-09-15T13:03:58.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:04:38 honeypot-ams-1 sshd[28198]: Invalid user cusadmin from 81.17.25.50 port 40251","@timestamp":"2022-09-15T13:04:39.376Z"}
{"@timestamp":"2022-09-15T13:05:37.438Z","@version":"1","message":"Sep 15 13:05:37 honeypot-sgp-1 kernel: [84123244.295074] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.36.168.250 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=4563 PROTO=TCP SPT=43385 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:05:46 honeypot-ams-1 sshd[28204]: Invalid user sweex from 81.17.25.50 port 35485","@timestamp":"2022-09-15T13:05:47.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:19 honeypot-ams-1 sshd[28211]: Disconnected from authenticating user root 61.177.173.39 port 42420 [preauth]","@timestamp":"2022-09-15T13:06:19.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:40 honeypot-ams-1 sshd[28217]: Disconnected from authenticating user root 80.76.51.189 port 60500 [preauth]","@timestamp":"2022-09-15T13:06:40.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:06:45 honeypot-fra-1 sshd[17957]: Disconnected from authenticating user root 34.91.0.68 port 44938 [preauth]","@timestamp":"2022-09-15T13:06:45.823Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:09 honeypot-ams-1 sshd[28225]: Disconnected from authenticating user root 80.76.51.189 port 52654 [preauth]","@timestamp":"2022-09-15T13:07:09.460Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:39 honeypot-ams-1 sshd[28233]: Received disconnect from 80.76.51.189 port 44960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:07:39.477Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:06 honeypot-ams-1 sshd[28237]: Disconnected from invalid user Administrator 92.255.85.69 port 59976 [preauth]","@timestamp":"2022-09-15T13:08:06.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:30 honeypot-ams-1 sshd[28243]: Invalid user amdin from 81.17.25.50 port 37637","@timestamp":"2022-09-15T13:08:31.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:50 honeypot-ams-1 sshd[28249]: Invalid user Admin from 81.17.25.50 port 15428","@timestamp":"2022-09-15T13:08:51.515Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:12 honeypot-ams-1 sshd[28256]: Disconnected from authenticating user root 80.76.51.189 port 49514 [preauth]","@timestamp":"2022-09-15T13:09:12.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:29 honeypot-ams-1 sshd[28262]: Invalid user zoomadsl from 81.17.25.50 port 27695","@timestamp":"2022-09-15T13:09:30.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:44 honeypot-ams-1 sshd[28268]: Disconnected from authenticating user root 80.76.51.189 port 41664 [preauth]","@timestamp":"2022-09-15T13:09:44.544Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:10:15 honeypot-ams-1 sshd[28272]: Disconnected from authenticating user root 80.76.51.189 port 33764 [preauth]","@timestamp":"2022-09-15T13:10:16.561Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:11:50 honeypot-ams-1 sshd[28281]: Disconnected from authenticating user root 80.76.51.189 port 38492 [preauth]","@timestamp":"2022-09-15T13:11:50.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:12:55 honeypot-ams-1 sshd[28285]: Received disconnect from 80.76.51.189 port 51024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:12:55.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:14:02 honeypot-ams-1 sshd[28289]: Received disconnect from 80.76.51.189 port 35330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:14:02.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:15:11 honeypot-ams-1 sshd[28294]: Received disconnect from 80.76.51.189 port 47868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:15:11.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:16:19 honeypot-ams-1 sshd[28298]: Disconnected from authenticating user root 80.76.51.189 port 60402 [preauth]","@timestamp":"2022-09-15T13:16:20.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:02 honeypot-ams-1 sshd[28302]: Disconnected from authenticating user root 61.177.173.50 port 32200 [preauth]","@timestamp":"2022-09-15T13:17:03.750Z"}
{"@timestamp":"2022-09-15T13:17:31.737Z","@version":"1","message":"Sep 15 13:17:31 honeypot-sgp-1 sshd[21760]: Received disconnect from 92.255.85.70 port 41166:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:46 honeypot-ams-1 sshd[28311]: Received disconnect from 198.98.61.9 port 35552:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:17:46.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:01 honeypot-ams-1 sshd[28315]: Received disconnect from 80.76.51.189 port 36844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:18:01.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:12 honeypot-ams-1 sshd[28319]: Received disconnect from 198.98.61.9 port 42500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:18:12.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:23 honeypot-ams-1 sshd[28323]: Disconnected from authenticating user root 61.177.172.114 port 32331 [preauth]","@timestamp":"2022-09-15T13:18:23.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:36 honeypot-ams-1 sshd[28327]: Invalid user user from 198.98.61.9 port 49450","@timestamp":"2022-09-15T13:18:36.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:19:11 honeypot-ams-1 sshd[28333]: Disconnected from authenticating user root 80.76.51.189 port 49384 [preauth]","@timestamp":"2022-09-15T13:19:11.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:20:59 honeypot-ams-1 sshd[28340]: Received disconnect from 80.76.51.189 port 54070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:20:59.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:21:05 honeypot-fra-1 kernel: [84122482.267806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=22596 PROTO=TCP SPT=42393 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:21:06.147Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:29 honeypot-fra-1 sshd[17970]: Received disconnect from 192.174.125.154 port 6209:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:29.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:31 honeypot-fra-1 sshd[17974]: Received disconnect from 192.174.125.154 port 17857:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:31.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:33 honeypot-fra-1 sshd[17978]: Disconnected from authenticating user root 192.174.125.154 port 30561 [preauth]","@timestamp":"2022-09-15T13:23:33.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:35 honeypot-fra-1 sshd[17982]: Disconnected from invalid user user 192.174.125.154 port 42689 [preauth]","@timestamp":"2022-09-15T13:23:35.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:37 honeypot-fra-1 sshd[17988]: Invalid user admin from 192.174.125.154 port 60385","@timestamp":"2022-09-15T13:23:38.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:39 honeypot-fra-1 sshd[17992]: Invalid user user2 from 192.174.125.154 port 8929","@timestamp":"2022-09-15T13:23:40.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:41 honeypot-fra-1 sshd[17996]: Received disconnect from 192.174.125.154 port 19841:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:42.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:43 honeypot-fra-1 sshd[18000]: Received disconnect from 192.174.125.154 port 31457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:44.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:45 honeypot-fra-1 sshd[18004]: Disconnected from invalid user admin 192.174.125.154 port 43297 [preauth]","@timestamp":"2022-09-15T13:23:46.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:47 honeypot-fra-1 sshd[18008]: Disconnected from invalid user user2 192.174.125.154 port 55521 [preauth]","@timestamp":"2022-09-15T13:23:48.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:50 honeypot-fra-1 sshd[18014]: Invalid user user from 192.174.125.154 port 9697","@timestamp":"2022-09-15T13:23:51.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:52 honeypot-fra-1 sshd[18018]: Received disconnect from 192.174.125.154 port 21633:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:53.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:54 honeypot-fra-1 sshd[18022]: Received disconnect from 192.174.125.154 port 33025:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:55.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:56 honeypot-fra-1 sshd[18026]: Disconnected from authenticating user root 192.174.125.154 port 45281 [preauth]","@timestamp":"2022-09-15T13:23:57.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:58 honeypot-fra-1 sshd[18030]: Disconnected from invalid user user 192.174.125.154 port 56801 [preauth]","@timestamp":"2022-09-15T13:23:59.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:01 honeypot-fra-1 sshd[18036]: Invalid user admin from 192.174.125.154 port 13057","@timestamp":"2022-09-15T13:24:02.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:07 honeypot-fra-1 kernel: [84122664.598734] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=15.164.213.142 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=15124 DF PROTO=TCP SPT=16418 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:24:08.227Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:12 honeypot-fra-1 sshd[18044]: Invalid user admin from 192.174.125.154 port 16770","@timestamp":"2022-09-15T13:24:13.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:14 honeypot-fra-1 sshd[18048]: Invalid user user2 from 192.174.125.154 port 27745","@timestamp":"2022-09-15T13:24:15.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:16 honeypot-fra-1 sshd[18052]: Received disconnect from 192.174.125.154 port 39777:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:17.233Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:18 honeypot-fra-1 sshd[18056]: Received disconnect from 192.174.125.154 port 51585:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:19.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:21 honeypot-fra-1 sshd[18060]: Disconnected from invalid user admin 192.174.125.154 port 63777 [preauth]","@timestamp":"2022-09-15T13:24:21.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:23 honeypot-fra-1 sshd[18064]: Disconnected from invalid user user2 192.174.125.154 port 12801 [preauth]","@timestamp":"2022-09-15T13:24:23.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:25 honeypot-fra-1 sshd[18070]: Invalid user user from 192.174.125.154 port 30817","@timestamp":"2022-09-15T13:24:26.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:28 honeypot-fra-1 sshd[18074]: Received disconnect from 192.174.125.154 port 42977:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:28.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:30 honeypot-fra-1 sshd[18078]: Received disconnect from 192.174.125.154 port 55201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:30.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:32 honeypot-fra-1 sshd[18082]: Disconnected from authenticating user root 192.174.125.154 port 4353 [preauth]","@timestamp":"2022-09-15T13:24:32.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:34 honeypot-fra-1 sshd[18086]: Disconnected from invalid user user 192.174.125.154 port 16257 [preauth]","@timestamp":"2022-09-15T13:24:34.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:36 honeypot-fra-1 sshd[18092]: Invalid user admin from 192.174.125.154 port 34306","@timestamp":"2022-09-15T13:24:37.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:38 honeypot-fra-1 sshd[18096]: Invalid user user2 from 192.174.125.154 port 46625","@timestamp":"2022-09-15T13:24:39.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:41 honeypot-fra-1 sshd[18100]: Received disconnect from 192.174.125.154 port 58497:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:41.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:43 honeypot-fra-1 sshd[18104]: Received disconnect from 192.174.125.154 port 7681:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:43.251Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:45 honeypot-fra-1 sshd[18108]: Disconnected from invalid user admin 192.174.125.154 port 19809 [preauth]","@timestamp":"2022-09-15T13:24:45.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:47 honeypot-fra-1 sshd[18112]: Disconnected from invalid user user2 192.174.125.154 port 32225 [preauth]","@timestamp":"2022-09-15T13:24:47.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:49 honeypot-fra-1 sshd[18118]: Invalid user user from 192.174.125.154 port 51169","@timestamp":"2022-09-15T13:24:50.255Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:52 honeypot-fra-1 sshd[18122]: Received disconnect from 192.174.125.154 port 63617:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:52.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:54 honeypot-fra-1 sshd[18126]: Received disconnect from 192.174.125.154 port 12450:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:54.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:56 honeypot-fra-1 sshd[18130]: Disconnected from authenticating user root 192.174.125.154 port 24609 [preauth]","@timestamp":"2022-09-15T13:24:56.259Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:58 honeypot-fra-1 sshd[18134]: Disconnected from invalid user user 192.174.125.154 port 36802 [preauth]","@timestamp":"2022-09-15T13:24:58.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:01 honeypot-fra-1 sshd[18140]: Invalid user admin from 192.174.125.154 port 55873","@timestamp":"2022-09-15T13:25:01.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:03 honeypot-fra-1 sshd[18144]: Invalid user user2 from 192.174.125.154 port 4801","@timestamp":"2022-09-15T13:25:03.265Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:05 honeypot-fra-1 sshd[18148]: Invalid user admin from 192.174.125.154 port 16257","@timestamp":"2022-09-15T13:25:05.266Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:07 honeypot-fra-1 sshd[18152]: Invalid user user2 from 192.174.125.154 port 28161","@timestamp":"2022-09-15T13:25:07.267Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:09 honeypot-fra-1 sshd[18156]: Received disconnect from 192.174.125.154 port 39905:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:09.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:11 honeypot-fra-1 sshd[18160]: Received disconnect from 192.174.125.154 port 51330:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:11.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:13 honeypot-fra-1 sshd[18164]: Disconnected from invalid user admin 192.174.125.154 port 63553 [preauth]","@timestamp":"2022-09-15T13:25:13.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:15 honeypot-fra-1 sshd[18168]: Disconnected from invalid user user2 192.174.125.154 port 12577 [preauth]","@timestamp":"2022-09-15T13:25:15.274Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:17 honeypot-fra-1 sshd[18174]: Invalid user user from 192.174.125.154 port 30658","@timestamp":"2022-09-15T13:25:18.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:20 honeypot-fra-1 sshd[18178]: Received disconnect from 192.174.125.154 port 42114:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:20.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:22 honeypot-fra-1 sshd[18182]: Received disconnect from 192.174.125.154 port 54049:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:22.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:24 honeypot-fra-1 sshd[18186]: Disconnected from authenticating user root 192.174.125.154 port 3073 [preauth]","@timestamp":"2022-09-15T13:25:24.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:26 honeypot-fra-1 sshd[18190]: Disconnected from invalid user user 192.174.125.154 port 15361 [preauth]","@timestamp":"2022-09-15T13:25:26.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:29 honeypot-fra-1 sshd[18196]: Invalid user admin from 192.174.125.154 port 33057","@timestamp":"2022-09-15T13:25:29.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:31 honeypot-fra-1 sshd[18200]: Invalid user user2 from 192.174.125.154 port 44865","@timestamp":"2022-09-15T13:25:31.284Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:33 honeypot-fra-1 sshd[18204]: Received disconnect from 192.174.125.154 port 56193:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:33.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:35 honeypot-fra-1 sshd[18208]: Received disconnect from 192.174.125.154 port 5633:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:36.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:37 honeypot-fra-1 sshd[18212]: Disconnected from invalid user admin 192.174.125.154 port 17154 [preauth]","@timestamp":"2022-09-15T13:25:37.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:39 honeypot-fra-1 sshd[18216]: Disconnected from invalid user user2 192.174.125.154 port 28705 [preauth]","@timestamp":"2022-09-15T13:25:39.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:42 honeypot-fra-1 sshd[18222]: Invalid user user from 192.174.125.154 port 45121","@timestamp":"2022-09-15T13:25:42.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:44 honeypot-fra-1 sshd[18226]: Received disconnect from 192.174.125.154 port 56353:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:44.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:46 honeypot-fra-1 sshd[18230]: Received disconnect from 192.174.125.154 port 5025:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:46.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:48 honeypot-fra-1 sshd[18234]: Disconnected from authenticating user root 192.174.125.154 port 16545 [preauth]","@timestamp":"2022-09-15T13:25:48.296Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:50 honeypot-fra-1 sshd[18238]: Disconnected from invalid user user 192.174.125.154 port 27905 [preauth]","@timestamp":"2022-09-15T13:25:51.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:53 honeypot-fra-1 sshd[18244]: Invalid user admin from 192.174.125.154 port 44737","@timestamp":"2022-09-15T13:25:53.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:55 honeypot-fra-1 sshd[18248]: Invalid user user2 from 192.174.125.154 port 56193","@timestamp":"2022-09-15T13:25:55.300Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:57 honeypot-fra-1 sshd[18252]: Received disconnect from 192.174.125.154 port 4417:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:58.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:59 honeypot-fra-1 sshd[18256]: Received disconnect from 192.174.125.154 port 14529:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:59.304Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:01 honeypot-fra-1 sshd[18260]: Disconnected from invalid user admin 192.174.125.154 port 26081 [preauth]","@timestamp":"2022-09-15T13:26:01.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:03 honeypot-fra-1 sshd[18264]: Disconnected from invalid user user2 192.174.125.154 port 37217 [preauth]","@timestamp":"2022-09-15T13:26:03.307Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:26:03 honeypot-ams-1 kernel: [84124945.883058] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=43864 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:26:03.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:06 honeypot-fra-1 sshd[18271]: Invalid user user from 192.174.125.154 port 53826","@timestamp":"2022-09-15T13:26:06.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:08 honeypot-fra-1 sshd[18275]: Received disconnect from 192.174.125.154 port 64353:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:09.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:10 honeypot-fra-1 sshd[18279]: Received disconnect from 192.174.125.154 port 12449:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:10.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:12 honeypot-fra-1 sshd[18283]: Disconnected from authenticating user root 192.174.125.154 port 22561 [preauth]","@timestamp":"2022-09-15T13:26:12.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:14 honeypot-fra-1 sshd[18287]: Disconnected from invalid user user 192.174.125.154 port 32801 [preauth]","@timestamp":"2022-09-15T13:26:14.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:17 honeypot-fra-1 sshd[18293]: Invalid user admin from 192.174.125.154 port 48897","@timestamp":"2022-09-15T13:26:17.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:19 honeypot-fra-1 sshd[18297]: Invalid user user2 from 192.174.125.154 port 59618","@timestamp":"2022-09-15T13:26:19.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:21 honeypot-fra-1 sshd[18301]: Received disconnect from 192.174.125.154 port 7393:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:21.319Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:23 honeypot-fra-1 sshd[18305]: Received disconnect from 192.174.125.154 port 17921:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:23.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:25 honeypot-fra-1 sshd[18309]: Disconnected from invalid user admin 192.174.125.154 port 28833 [preauth]","@timestamp":"2022-09-15T13:26:25.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:27 honeypot-fra-1 sshd[18313]: Disconnected from invalid user user2 192.174.125.154 port 39489 [preauth]","@timestamp":"2022-09-15T13:26:27.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:30 honeypot-fra-1 sshd[18319]: Invalid user user from 192.174.125.154 port 56129","@timestamp":"2022-09-15T13:26:30.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:32 honeypot-fra-1 sshd[18323]: Received disconnect from 192.174.125.154 port 4033:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:32.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:34 honeypot-fra-1 sshd[18327]: Received disconnect from 192.174.125.154 port 14561:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:34.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:36 honeypot-fra-1 sshd[18331]: Disconnected from authenticating user root 192.174.125.154 port 24385 [preauth]","@timestamp":"2022-09-15T13:26:36.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:38 honeypot-fra-1 sshd[18335]: Disconnected from invalid user user 192.174.125.154 port 34785 [preauth]","@timestamp":"2022-09-15T13:26:38.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:40 honeypot-fra-1 sshd[18341]: Invalid user admin from 192.174.125.154 port 49857","@timestamp":"2022-09-15T13:26:41.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:42 honeypot-fra-1 sshd[18345]: Invalid user user2 from 192.174.125.154 port 59617","@timestamp":"2022-09-15T13:26:43.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:44 honeypot-fra-1 sshd[18349]: Received disconnect from 192.174.125.154 port 6017:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:45.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:46 honeypot-fra-1 sshd[18353]: Received disconnect from 192.174.125.154 port 16065:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:47.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:48 honeypot-fra-1 sshd[18357]: Disconnected from invalid user admin 192.174.125.154 port 26401 [preauth]","@timestamp":"2022-09-15T13:26:49.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:50 honeypot-fra-1 sshd[18361]: Disconnected from invalid user user2 192.174.125.154 port 36257 [preauth]","@timestamp":"2022-09-15T13:26:51.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:53 honeypot-fra-1 sshd[18367]: Invalid user user from 192.174.125.154 port 51521","@timestamp":"2022-09-15T13:26:54.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:55 honeypot-fra-1 sshd[18371]: Received disconnect from 192.174.125.154 port 61185:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:56.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:57 honeypot-fra-1 sshd[18375]: Received disconnect from 192.174.125.154 port 8353:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:58.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:59 honeypot-fra-1 sshd[18379]: Disconnected from authenticating user root 192.174.125.154 port 18498 [preauth]","@timestamp":"2022-09-15T13:27:00.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:01 honeypot-fra-1 sshd[18383]: Disconnected from invalid user user 192.174.125.154 port 28321 [preauth]","@timestamp":"2022-09-15T13:27:02.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:04 honeypot-fra-1 sshd[18389]: Invalid user admin from 192.174.125.154 port 42913","@timestamp":"2022-09-15T13:27:04.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:06 honeypot-fra-1 sshd[18393]: Invalid user user2 from 192.174.125.154 port 52577","@timestamp":"2022-09-15T13:27:06.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:08 honeypot-fra-1 sshd[18397]: Received disconnect from 192.174.125.154 port 62561:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:09.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:10 honeypot-fra-1 sshd[18401]: Received disconnect from 192.174.125.154 port 9089:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:11.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:12 honeypot-fra-1 sshd[18405]: Disconnected from invalid user admin 192.174.125.154 port 19105 [preauth]","@timestamp":"2022-09-15T13:27:13.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:14 honeypot-fra-1 sshd[18409]: Disconnected from invalid user user2 192.174.125.154 port 29121 [preauth]","@timestamp":"2022-09-15T13:27:15.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:17 honeypot-fra-1 sshd[18415]: Invalid user user from 192.174.125.154 port 44577","@timestamp":"2022-09-15T13:27:17.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:19 honeypot-fra-1 sshd[18419]: Received disconnect from 192.174.125.154 port 54177:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:20.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:21 honeypot-fra-1 sshd[18423]: Received disconnect from 192.174.125.154 port 64193:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:21.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:23 honeypot-fra-1 sshd[18427]: Disconnected from authenticating user root 192.174.125.154 port 10785 [preauth]","@timestamp":"2022-09-15T13:27:23.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:25 honeypot-fra-1 sshd[18431]: Disconnected from invalid user user 192.174.125.154 port 20513 [preauth]","@timestamp":"2022-09-15T13:27:25.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:28 honeypot-fra-1 sshd[18437]: Invalid user admin from 192.174.125.154 port 35361","@timestamp":"2022-09-15T13:27:28.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:29 honeypot-fra-1 sshd[18439]: Disconnected from invalid user user 192.174.125.154 port 40321 [preauth]","@timestamp":"2022-09-15T13:27:29.367Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:32 honeypot-fra-1 sshd[18445]: Invalid user admin from 192.174.125.154 port 54593","@timestamp":"2022-09-15T13:27:32.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:41 honeypot-fra-1 sshd[18449]: Invalid user user2 from 192.174.125.154 port 35969","@timestamp":"2022-09-15T13:27:41.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:43 honeypot-fra-1 sshd[18453]: Received disconnect from 192.174.125.154 port 45825:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:43.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:45 honeypot-fra-1 sshd[18457]: Received disconnect from 192.174.125.154 port 56097:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:45.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:47 honeypot-fra-1 sshd[18461]: Disconnected from invalid user admin 192.174.125.154 port 3233 [preauth]","@timestamp":"2022-09-15T13:27:47.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:49 honeypot-fra-1 sshd[18465]: Disconnected from invalid user user2 192.174.125.154 port 12963 [preauth]","@timestamp":"2022-09-15T13:27:49.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:51 honeypot-fra-1 sshd[18471]: Invalid user user from 192.174.125.154 port 27233","@timestamp":"2022-09-15T13:27:52.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:53 honeypot-fra-1 sshd[18475]: Received disconnect from 192.174.125.154 port 37537:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:54.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:55 honeypot-fra-1 sshd[18479]: Received disconnect from 192.174.125.154 port 47777:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:56.384Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:57 honeypot-fra-1 sshd[18483]: Disconnected from authenticating user root 192.174.125.154 port 58017 [preauth]","@timestamp":"2022-09-15T13:27:58.386Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:59 honeypot-fra-1 sshd[18487]: Disconnected from invalid user user 192.174.125.154 port 5409 [preauth]","@timestamp":"2022-09-15T13:28:00.387Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:02 honeypot-fra-1 sshd[18493]: Invalid user admin from 192.174.125.154 port 21409","@timestamp":"2022-09-15T13:28:03.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:04 honeypot-fra-1 sshd[18497]: Invalid user user2 from 192.174.125.154 port 31617","@timestamp":"2022-09-15T13:28:05.391Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:06 honeypot-fra-1 sshd[18501]: Received disconnect from 192.174.125.154 port 42177:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:07.392Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:08 honeypot-fra-1 sshd[18505]: Received disconnect from 192.174.125.154 port 52769:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:09.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:10 honeypot-fra-1 sshd[18509]: Disconnected from invalid user admin 192.174.125.154 port 63361 [preauth]","@timestamp":"2022-09-15T13:28:11.394Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:12 honeypot-fra-1 sshd[18513]: Disconnected from invalid user user2 192.174.125.154 port 11489 [preauth]","@timestamp":"2022-09-15T13:28:13.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:15 honeypot-fra-1 sshd[18519]: Invalid user user from 192.174.125.154 port 27201","@timestamp":"2022-09-15T13:28:15.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:17 honeypot-fra-1 sshd[18523]: Received disconnect from 192.174.125.154 port 37953:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:18.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:19 honeypot-fra-1 sshd[18527]: Received disconnect from 192.174.125.154 port 48737:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:20.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:21 honeypot-fra-1 sshd[18531]: Disconnected from authenticating user root 192.174.125.154 port 59425 [preauth]","@timestamp":"2022-09-15T13:28:22.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:23 honeypot-fra-1 sshd[18535]: Disconnected from invalid user user 192.174.125.154 port 6945 [preauth]","@timestamp":"2022-09-15T13:28:24.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:26 honeypot-fra-1 sshd[18541]: Invalid user admin from 192.174.125.154 port 23041","@timestamp":"2022-09-15T13:28:26.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:28 honeypot-fra-1 sshd[18545]: Invalid user user2 from 192.174.125.154 port 33537","@timestamp":"2022-09-15T13:28:28.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:30 honeypot-fra-1 sshd[18549]: Received disconnect from 192.174.125.154 port 44642:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:30.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:32 honeypot-fra-1 sshd[18553]: Received disconnect from 192.174.125.154 port 55425:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:32.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:34 honeypot-fra-1 sshd[18557]: Disconnected from invalid user admin 192.174.125.154 port 4097 [preauth]","@timestamp":"2022-09-15T13:28:34.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:36 honeypot-fra-1 sshd[18561]: Disconnected from invalid user user2 192.174.125.154 port 15041 [preauth]","@timestamp":"2022-09-15T13:28:36.413Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:38 honeypot-fra-1 sshd[18567]: Invalid user user from 192.174.125.154 port 31489","@timestamp":"2022-09-15T13:28:39.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:40 honeypot-fra-1 sshd[18571]: Received disconnect from 192.174.125.154 port 42945:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:41.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:49 honeypot-fra-1 sshd[18575]: Received disconnect from 192.174.125.154 port 31137:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:50.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:51 honeypot-fra-1 sshd[18579]: Disconnected from authenticating user root 192.174.125.154 port 42337 [preauth]","@timestamp":"2022-09-15T13:28:52.422Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:53 honeypot-fra-1 sshd[18583]: Disconnected from invalid user user 192.174.125.154 port 53634 [preauth]","@timestamp":"2022-09-15T13:28:54.423Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:56 honeypot-fra-1 sshd[18589]: Invalid user admin from 192.174.125.154 port 7586","@timestamp":"2022-09-15T13:28:57.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:58 honeypot-fra-1 sshd[18593]: Invalid user user2 from 192.174.125.154 port 18977","@timestamp":"2022-09-15T13:28:59.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:00 honeypot-fra-1 sshd[18597]: Received disconnect from 192.174.125.154 port 30177:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:01.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:02 honeypot-fra-1 sshd[18601]: Received disconnect from 192.174.125.154 port 41441:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:03.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:04 honeypot-fra-1 sshd[18605]: Disconnected from invalid user admin 192.174.125.154 port 52929 [preauth]","@timestamp":"2022-09-15T13:29:05.431Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:06 honeypot-fra-1 sshd[18609]: Disconnected from invalid user user2 192.174.125.154 port 64289 [preauth]","@timestamp":"2022-09-15T13:29:07.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:09 honeypot-fra-1 sshd[18615]: Invalid user user from 192.174.125.154 port 18081","@timestamp":"2022-09-15T13:29:10.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:11 honeypot-fra-1 sshd[18619]: Received disconnect from 192.174.125.154 port 29569:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:12.436Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:13 honeypot-fra-1 sshd[18623]: Received disconnect from 192.174.125.154 port 40609:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:14.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:15 honeypot-fra-1 sshd[18627]: Disconnected from authenticating user root 192.174.125.154 port 52321 [preauth]","@timestamp":"2022-09-15T13:29:16.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:17 honeypot-fra-1 sshd[18631]: Received disconnect from 192.174.125.154 port 63265:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:18.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:19 honeypot-fra-1 sshd[18635]: Disconnected from authenticating user root 192.174.125.154 port 11873 [preauth]","@timestamp":"2022-09-15T13:29:20.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:21 honeypot-fra-1 sshd[18639]: Disconnected from invalid user user 192.174.125.154 port 22689 [preauth]","@timestamp":"2022-09-15T13:29:21.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:24 honeypot-fra-1 sshd[18645]: Invalid user admin from 192.174.125.154 port 39201","@timestamp":"2022-09-15T13:29:24.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:26 honeypot-fra-1 sshd[18649]: Invalid user user2 from 192.174.125.154 port 50305","@timestamp":"2022-09-15T13:29:26.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:28 honeypot-fra-1 sshd[18653]: Received disconnect from 192.174.125.154 port 62849:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:28.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:30 honeypot-fra-1 sshd[18657]: Received disconnect from 192.174.125.154 port 11425:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:30.449Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:32 honeypot-fra-1 sshd[18661]: Disconnected from invalid user admin 192.174.125.154 port 23841 [preauth]","@timestamp":"2022-09-15T13:29:32.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:33 honeypot-fra-1 sshd[18665]: Disconnected from invalid user user2 192.174.125.154 port 34562 [preauth]","@timestamp":"2022-09-15T13:29:34.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:36 honeypot-fra-1 sshd[18671]: Invalid user user from 192.174.125.154 port 50977","@timestamp":"2022-09-15T13:29:37.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:38 honeypot-fra-1 sshd[18675]: Received disconnect from 192.174.125.154 port 62913:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:39.454Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:40 honeypot-fra-1 sshd[18679]: Received disconnect from 192.174.125.154 port 11873:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:41.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:42 honeypot-fra-1 sshd[18683]: Disconnected from authenticating user root 192.174.125.154 port 23169 [preauth]","@timestamp":"2022-09-15T13:29:43.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:44 honeypot-fra-1 sshd[18687]: Disconnected from invalid user user 192.174.125.154 port 34113 [preauth]","@timestamp":"2022-09-15T13:29:45.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:47 honeypot-fra-1 sshd[18693]: Invalid user admin from 192.174.125.154 port 50689","@timestamp":"2022-09-15T13:29:48.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:49 honeypot-fra-1 sshd[18697]: Invalid user user2 from 192.174.125.154 port 61985","@timestamp":"2022-09-15T13:29:50.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:51 honeypot-fra-1 sshd[18701]: Received disconnect from 192.174.125.154 port 10273:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:52.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:53 honeypot-fra-1 sshd[18705]: Received disconnect from 192.174.125.154 port 21441:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:54.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:55 honeypot-fra-1 sshd[18709]: Disconnected from invalid user admin 192.174.125.154 port 32897 [preauth]","@timestamp":"2022-09-15T13:29:56.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:57 honeypot-fra-1 sshd[18713]: Disconnected from invalid user user2 192.174.125.154 port 44033 [preauth]","@timestamp":"2022-09-15T13:29:58.468Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:00 honeypot-fra-1 sshd[18719]: Invalid user user from 192.174.125.154 port 60673","@timestamp":"2022-09-15T13:30:00.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:02 honeypot-fra-1 sshd[18723]: Received disconnect from 192.174.125.154 port 9025:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:03.471Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:04 honeypot-fra-1 sshd[18727]: Received disconnect from 192.174.125.154 port 20289:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:05.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:06 honeypot-fra-1 sshd[18731]: Disconnected from authenticating user root 192.174.125.154 port 31969 [preauth]","@timestamp":"2022-09-15T13:30:07.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:08 honeypot-fra-1 sshd[18735]: Disconnected from invalid user user 192.174.125.154 port 43169 [preauth]","@timestamp":"2022-09-15T13:30:09.475Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:11 honeypot-fra-1 sshd[18741]: Invalid user admin from 192.174.125.154 port 59905","@timestamp":"2022-09-15T13:30:11.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:13 honeypot-fra-1 sshd[18745]: Invalid user user2 from 192.174.125.154 port 7841","@timestamp":"2022-09-15T13:30:13.478Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:15 honeypot-fra-1 sshd[18749]: Received disconnect from 192.174.125.154 port 18145:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:15.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:17 honeypot-fra-1 sshd[18753]: Received disconnect from 192.174.125.154 port 29121:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:17.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:19 honeypot-fra-1 sshd[18757]: Disconnected from invalid user admin 192.174.125.154 port 40226 [preauth]","@timestamp":"2022-09-15T13:30:19.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:21 honeypot-fra-1 sshd[18761]: Disconnected from invalid user user2 192.174.125.154 port 51649 [preauth]","@timestamp":"2022-09-15T13:30:21.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:24 honeypot-fra-1 sshd[18767]: Invalid user user from 192.174.125.154 port 5569","@timestamp":"2022-09-15T13:30:24.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:26 honeypot-fra-1 sshd[18771]: Received disconnect from 192.174.125.154 port 16642:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:26.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:28 honeypot-fra-1 sshd[18775]: Received disconnect from 192.174.125.154 port 27457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:28.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:30 honeypot-fra-1 sshd[18779]: Disconnected from authenticating user root 192.174.125.154 port 38977 [preauth]","@timestamp":"2022-09-15T13:30:30.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:32 honeypot-fra-1 sshd[18783]: Disconnected from invalid user user 192.174.125.154 port 49633 [preauth]","@timestamp":"2022-09-15T13:30:32.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:34 honeypot-fra-1 sshd[18789]: Invalid user admin from 192.174.125.154 port 3457","@timestamp":"2022-09-15T13:30:35.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:36 honeypot-fra-1 sshd[18793]: Invalid user user2 from 192.174.125.154 port 14561","@timestamp":"2022-09-15T13:30:37.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:39 honeypot-fra-1 sshd[18797]: Received disconnect from 192.174.125.154 port 25953:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:39.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:41 honeypot-fra-1 sshd[18801]: Received disconnect from 192.174.125.154 port 37281:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:41.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:43 honeypot-fra-1 sshd[18805]: Disconnected from invalid user admin 192.174.125.154 port 49377 [preauth]","@timestamp":"2022-09-15T13:30:43.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:45 honeypot-fra-1 sshd[18809]: Disconnected from invalid user user2 192.174.125.154 port 61121 [preauth]","@timestamp":"2022-09-15T13:30:45.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:47 honeypot-fra-1 sshd[18815]: Invalid user user from 192.174.125.154 port 14753","@timestamp":"2022-09-15T13:30:48.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:50 honeypot-fra-1 sshd[18819]: Received disconnect from 192.174.125.154 port 26177:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:50.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:51 honeypot-fra-1 sshd[18823]: Received disconnect from 192.174.125.154 port 37377:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:52.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:53 honeypot-fra-1 sshd[18827]: Disconnected from authenticating user root 192.174.125.154 port 48129 [preauth]","@timestamp":"2022-09-15T13:30:54.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:55 honeypot-fra-1 sshd[18831]: Disconnected from invalid user user 192.174.125.154 port 59105 [preauth]","@timestamp":"2022-09-15T13:30:56.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:58 honeypot-fra-1 sshd[18837]: Invalid user admin from 192.174.125.154 port 12867","@timestamp":"2022-09-15T13:30:59.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:00 honeypot-fra-1 sshd[18841]: Invalid user user2 from 192.174.125.154 port 23457","@timestamp":"2022-09-15T13:31:01.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:02 honeypot-fra-1 sshd[18845]: Received disconnect from 192.174.125.154 port 34369:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:03.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:04 honeypot-fra-1 sshd[18849]: Received disconnect from 192.174.125.154 port 45249:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:05.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:06 honeypot-fra-1 sshd[18854]: Disconnected from invalid user admin 192.174.125.154 port 56545 [preauth]","@timestamp":"2022-09-15T13:31:07.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:08 honeypot-fra-1 sshd[18858]: Disconnected from invalid user user2 192.174.125.154 port 4481 [preauth]","@timestamp":"2022-09-15T13:31:08.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:47 honeypot-fra-1 kernel: [84123124.971400] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=56639 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:31:48.534Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T13:32:23.112Z","@version":"1","message":"Sep 15 13:32:23 honeypot-sgp-1 kernel: [84124850.206690] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=20478 PROTO=TCP SPT=42350 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:36:53 honeypot-fra-1 sshd[18868]: Disconnected from authenticating user root 65.73.231.122 port 48076 [preauth]","@timestamp":"2022-09-15T13:36:54.652Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:39:03 honeypot-fra-1 sshd[18872]: Disconnected from invalid user steam 92.255.85.69 port 37708 [preauth]","@timestamp":"2022-09-15T13:39:03.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:25 honeypot-fra-1 sshd[18877]: Disconnected from invalid user user 45.61.184.204 port 42596 [preauth]","@timestamp":"2022-09-15T13:40:25.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:43 honeypot-fra-1 sshd[18881]: Disconnected from invalid user user 45.61.184.204 port 37418 [preauth]","@timestamp":"2022-09-15T13:40:43.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:02 honeypot-fra-1 sshd[18887]: Received disconnect from 45.61.184.204 port 60372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:41:03.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:19 honeypot-fra-1 sshd[18891]: Received disconnect from 45.61.184.204 port 55142:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:41:20.764Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:42:31.364Z","@version":"1","message":"Sep 15 13:42:30 honeypot-sgp-1 kernel: [84125458.108486] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=32 ID=31003 PROTO=TCP SPT=60561 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:47:38 honeypot-ams-1 kernel: [84126240.513711] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=53985 PROTO=TCP SPT=4062 DPT=80 WINDOW=20118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:47:38.573Z"}
{"@timestamp":"2022-09-15T13:48:31.513Z","@version":"1","message":"Sep 15 13:48:31 honeypot-sgp-1 kernel: [84125818.195461] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.100.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=54916 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:51:16 honeypot-fra-1 sshd[18896]: Invalid user chase from 128.199.177.224 port 58390","@timestamp":"2022-09-15T13:51:16.994Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:54:45 honeypot-ams-1 sshd[28373]: Received disconnect from 61.177.173.36 port 23559:11:  [preauth]","@timestamp":"2022-09-15T13:54:45.757Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:55:29 honeypot-fra-1 sshd[18899]: Disconnected from invalid user admin 165.22.100.115 port 54582 [preauth]","@timestamp":"2022-09-15T13:55:30.091Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:44 honeypot-ams-1 sshd[28379]: Invalid user user from 198.98.61.9 port 57538","@timestamp":"2022-09-15T14:00:44.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:01 honeypot-ams-1 sshd[28383]: Invalid user user from 198.98.61.9 port 52286","@timestamp":"2022-09-15T14:01:01.927Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:16 honeypot-ams-1 sshd[28387]: Invalid user user from 198.98.61.9 port 47040","@timestamp":"2022-09-15T14:01:16.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:01:21 honeypot-fra-1 sshd[18906]: Invalid user user1 from 92.255.85.70 port 39088","@timestamp":"2022-09-15T14:01:22.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:02:51 honeypot-ams-1 sshd[28391]: Received disconnect from 61.177.173.50 port 36344:11:  [preauth]","@timestamp":"2022-09-15T14:02:51.983Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:01 honeypot-ams-1 sshd[28398]: Did not receive identification string from 198.98.61.9 port 41914","@timestamp":"2022-09-15T14:10:01.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:35 honeypot-ams-1 sshd[28401]: Disconnected from invalid user user 198.98.61.9 port 56854 [preauth]","@timestamp":"2022-09-15T14:10:36.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:53 honeypot-ams-1 sshd[28406]: Disconnected from invalid user user 198.98.61.9 port 51970 [preauth]","@timestamp":"2022-09-15T14:10:54.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:10 honeypot-ams-1 sshd[28410]: Disconnected from invalid user user 198.98.61.9 port 47082 [preauth]","@timestamp":"2022-09-15T14:11:11.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:14 honeypot-ams-1 sshd[28418]: Invalid user admin from 112.160.69.124 port 58370","@timestamp":"2022-09-15T14:14:15.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:45 honeypot-ams-1 sshd[28422]: Connection closed by invalid user admin 216.52.136.77 port 32030 [preauth]","@timestamp":"2022-09-15T14:14:46.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:49 honeypot-ams-1 sshd[28428]: Connection closed by invalid user admin 216.52.136.77 port 26772 [preauth]","@timestamp":"2022-09-15T14:14:49.313Z"}
{"@timestamp":"2022-09-15T14:14:54.170Z","@version":"1","message":"Sep 15 14:14:53 honeypot-sgp-1 kernel: [84127400.714027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=15888 PROTO=TCP SPT=50906 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:17:09 honeypot-fra-1 sshd[18912]: Invalid user blank from 179.60.147.69 port 15106","@timestamp":"2022-09-15T14:17:10.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:19:24 honeypot-ams-1 sshd[28435]: Connection closed by invalid user blank 179.60.147.69 port 35150 [preauth]","@timestamp":"2022-09-15T14:19:24.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:22:49 honeypot-fra-1 sshd[18917]: Invalid user tomcat from 193.106.191.157 port 59640","@timestamp":"2022-09-15T14:22:50.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:25:07.427Z","@version":"1","message":"Sep 15 14:25:06 honeypot-sgp-1 kernel: [84128013.880942] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.95.111 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=43098 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:26:22 honeypot-ams-1 kernel: [84128564.861638] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.195.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51983 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:26:23.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:30:05 honeypot-fra-1 kernel: [84126622.810888] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=53642 PROTO=TCP SPT=52202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:30:06.899Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T14:31:20.580Z","@version":"1","message":"Sep 15 14:31:19 honeypot-sgp-1 sshd[22233]: Invalid user user from 45.61.186.249 port 57432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:39.589Z","@version":"1","message":"Sep 15 14:31:39 honeypot-sgp-1 sshd[22237]: Invalid user user from 45.61.186.249 port 51940","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:51.596Z","@version":"1","message":"Sep 15 14:31:50 honeypot-sgp-1 kernel: [84128417.807265] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=27797 DF PROTO=TCP SPT=55032 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:32:04.603Z","@version":"1","message":"Sep 15 14:32:04 honeypot-sgp-1 sshd[22243]: Disconnected from invalid user admin 92.255.85.69 port 58054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:34:47.671Z","@version":"1","message":"Sep 15 14:34:47 honeypot-sgp-1 kernel: [84128594.619883] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49987 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:39:10 honeypot-ams-1 sshd[28454]: Connection closed by invalid user tomcat 193.106.191.157 port 58154 [preauth]","@timestamp":"2022-09-15T14:39:10.956Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:42:36 honeypot-fra-1 sshd[18923]: Received disconnect from 165.22.45.108 port 57608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:42:37.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:44:03 honeypot-ams-1 sshd[28463]: Disconnected from authenticating user root 61.177.172.104 port 53530 [preauth]","@timestamp":"2022-09-15T14:44:04.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:45:21 honeypot-fra-1 sshd[18927]: Invalid user zhaolu from 200.116.195.123 port 55320","@timestamp":"2022-09-15T14:45:22.242Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:47:28 honeypot-ams-1 sshd[28471]: Invalid user yanhao from 103.188.176.251 port 33540","@timestamp":"2022-09-15T14:47:29.171Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:49:52 honeypot-fra-1 sshd[18932]: Disconnected from authenticating user root 62.204.41.222 port 3627 [preauth]","@timestamp":"2022-09-15T14:49:53.344Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:50:38 honeypot-ams-1 sshd[28478]: Invalid user danny from 138.68.27.174 port 57780","@timestamp":"2022-09-15T14:50:39.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:51:53 honeypot-fra-1 sshd[18939]: Received disconnect from 91.240.118.222 port 39167:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-15T14:51:54.393Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:53:28 honeypot-fra-1 sshd[18941]: Invalid user test from 179.60.147.69 port 29270","@timestamp":"2022-09-15T14:53:29.437Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:53:54.140Z","@version":"1","message":"Sep 15 14:53:53 honeypot-sgp-1 sshd[22257]: Received disconnect from 167.71.59.102 port 45544:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:54:53 honeypot-ams-1 sshd[28482]: Received disconnect from 61.177.173.35 port 11860:11:  [preauth]","@timestamp":"2022-09-15T14:54:54.368Z"}
{"@timestamp":"2022-09-15T14:56:40.211Z","@version":"1","message":"Sep 15 14:56:39 honeypot-sgp-1 sshd[22263]: Invalid user carlos from 92.255.85.69 port 62008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:58:43 honeypot-ams-1 sshd[28489]: Connection closed by invalid user tomcat 193.106.191.157 port 43426 [preauth]","@timestamp":"2022-09-15T14:58:43.474Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:21 honeypot-fra-1 sshd[18949]: Did not receive identification string from 137.184.77.246 port 54492","@timestamp":"2022-09-15T15:01:21.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18957]: Invalid user es from 137.184.77.246 port 54548","@timestamp":"2022-09-15T15:01:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18968]: Invalid user admin from 137.184.77.246 port 54534","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18969]: Invalid user ubuntu from 137.184.77.246 port 54510","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18991]: Invalid user deployer from 137.184.77.246 port 54586","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18960]: Connection closed by invalid user user 137.184.77.246 port 54538 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18961]: Connection closed by authenticating user root 137.184.77.246 port 54554 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18985]: Connection closed by invalid user ubuntu 137.184.77.246 port 54566 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18971]: Connection closed by invalid user www 137.184.77.246 port 54532 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:04:08 honeypot-ams-1 kernel: [84130830.987404] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.163.53 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24863 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:04:09.619Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:04:11 honeypot-fra-1 kernel: [84128668.034228] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:04:11.684Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:08:44 honeypot-fra-1 sshd[19013]: Connection closed by invalid user tomcat 193.106.191.157 port 33570 [preauth]","@timestamp":"2022-09-15T15:08:44.788Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:12:16 honeypot-ams-1 kernel: [84131318.549056] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4208 PROTO=TCP SPT=54004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:12:16.832Z"}
{"@timestamp":"2022-09-15T15:15:34.666Z","@version":"1","message":"Sep 15 15:15:33 honeypot-sgp-1 sshd[22268]: Connection closed by invalid user node02 103.188.176.251 port 54434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:16:13 honeypot-fra-1 kernel: [84129389.927224] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.202.145.175 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=51 ID=51229 DF PROTO=TCP SPT=19100 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:16:13.955Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:17:16 honeypot-ams-1 sshd[28509]: Received disconnect from 61.177.173.50 port 60518:11:  [preauth]","@timestamp":"2022-09-15T15:17:16.962Z"}
{"@timestamp":"2022-09-15T15:18:43.743Z","@version":"1","message":"Sep 15 15:18:43 honeypot-sgp-1 sshd[22274]: Disconnected from invalid user admin 92.255.85.70 port 39252 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:26:04 honeypot-ams-1 kernel: [84132146.190668] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.66.73.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=22016 PROTO=TCP SPT=47435 DPT=80 WINDOW=54217 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:26:04.187Z"}
{"@timestamp":"2022-09-15T15:30:15.023Z","@version":"1","message":"Sep 15 15:30:14 honeypot-sgp-1 sshd[22282]: Did not receive identification string from 45.147.178.14 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:31:20 honeypot-ams-1 sshd[28525]: Received disconnect from 61.177.173.39 port 49724:11:  [preauth]","@timestamp":"2022-09-15T15:31:21.324Z"}
{"@timestamp":"2022-09-15T15:31:53.067Z","@version":"1","message":"Sep 15 15:31:52 honeypot-sgp-1 sshd[22289]: Received disconnect from 179.43.156.143 port 40336:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:32:24 honeypot-fra-1 sshd[19023]: Connection closed by authenticating user nobody 179.60.147.69 port 14234 [preauth]","@timestamp":"2022-09-15T15:32:25.317Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:33:27.109Z","@version":"1","message":"Sep 15 15:33:26 honeypot-sgp-1 sshd[22296]: Invalid user nutanix from 179.43.156.143 port 58362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:11 honeypot-fra-1 sshd[19028]: Received disconnect from 45.61.186.169 port 40172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:34:11.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:27 honeypot-fra-1 sshd[19032]: Received disconnect from 45.61.186.169 port 34394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:34:28.368Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:34:31.137Z","@version":"1","message":"Sep 15 15:34:30 honeypot-sgp-1 sshd[22301]: Invalid user nfsnobod from 179.43.156.143 port 51562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:35 honeypot-fra-1 sshd[19036]: Received disconnect from 45.61.186.169 port 45634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:34:36.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:51 honeypot-fra-1 sshd[19040]: Received disconnect from 45.61.186.169 port 39872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:34:51.380Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:35:11 honeypot-ams-1 sshd[28532]: Received disconnect from 165.227.202.89 port 56080:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:35:12.427Z"}
{"@timestamp":"2022-09-15T15:35:36.167Z","@version":"1","message":"Sep 15 15:35:35 honeypot-sgp-1 sshd[22305]: Disconnected from authenticating user root 179.43.156.143 port 44866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:37:19.212Z","@version":"1","message":"Sep 15 15:37:18 honeypot-sgp-1 sshd[22311]: Disconnected from authenticating user root 179.43.156.143 port 34620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:38:40 honeypot-ams-1 kernel: [84132902.753075] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=4848 PROTO=TCP SPT=58791 DPT=80 WINDOW=10346 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:38:41.515Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:39:46 honeypot-fra-1 sshd[19045]: Received disconnect from 197.248.2.229 port 51285:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:39:46.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:43:27 honeypot-ams-1 kernel: [84133189.335287] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.172.40.105 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=15697 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:43:27.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:45:22 honeypot-fra-1 sshd[19054]: Invalid user admin from 14.99.176.210 port 30646","@timestamp":"2022-09-15T15:45:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:45:51 honeypot-fra-1 kernel: [84131168.065045] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.45 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=56237 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:45:51.633Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T15:46:12.433Z","@version":"1","message":"Sep 15 15:46:11 honeypot-sgp-1 kernel: [84132879.046243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=111.85.16.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30914 PROTO=TCP SPT=32700 DPT=80 WINDOW=14332 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:50:56 honeypot-ams-1 sshd[28548]: Received disconnect from 106.53.153.69 port 34556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T15:50:56.830Z"}
{"@timestamp":"2022-09-15T15:52:31.589Z","@version":"1","message":"Sep 15 15:52:30 honeypot-sgp-1 sshd[22322]: Invalid user admin from 103.226.249.239 port 59430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:54:45 honeypot-ams-1 sshd[28560]: Connection closed by invalid user pi 96.48.254.68 port 60030 [preauth]","@timestamp":"2022-09-15T15:54:45.932Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:59:01 honeypot-fra-1 sshd[19080]: Disconnected from authenticating user root 92.255.85.69 port 32364 [preauth]","@timestamp":"2022-09-15T15:59:01.932Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:03:20.853Z","@version":"1","message":"Sep 15 16:03:20 honeypot-sgp-1 sshd[22327]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:07:16 honeypot-fra-1 kernel: [84132452.869961] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.151.125.160 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=7116 PROTO=TCP SPT=42470 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:07:17.121Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:07:47.964Z","@version":"1","message":"Sep 15 16:07:47 honeypot-sgp-1 sshd[22330]: Received disconnect from 128.199.19.74 port 55270:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:09:43 honeypot-ams-1 kernel: [84134765.570764] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53146 PROTO=TCP SPT=57947 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:09:44.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:12:16 honeypot-fra-1 sshd[19086]: Connection closed by invalid user user 179.60.147.69 port 27540 [preauth]","@timestamp":"2022-09-15T16:12:17.238Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:15:05 honeypot-ams-1 kernel: [84135087.882966] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.51.195.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=57323 PROTO=TCP SPT=51700 DPT=443 WINDOW=60884 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:15:06.489Z"}
{"@timestamp":"2022-09-15T16:17:02.215Z","@version":"1","message":"Sep 15 16:17:01 honeypot-sgp-1 CRON[22338]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:17:49 honeypot-ams-1 sshd[28581]: Received disconnect from 188.254.0.160 port 37102:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:17:49.562Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:18:41 honeypot-fra-1 sshd[19096]: Disconnected from 159.223.164.107 port 42280 [preauth]","@timestamp":"2022-09-15T16:18:41.382Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:21:15 honeypot-fra-1 kernel: [84133291.872056] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.142.114.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=39316 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:21:15.464Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:22:51.356Z","@version":"1","message":"Sep 15 16:22:50 honeypot-sgp-1 sshd[22346]: Received disconnect from 134.17.17.35 port 15979:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:23:17 honeypot-fra-1 sshd[19103]: Received disconnect from 61.177.173.49 port 26482:11:  [preauth]","@timestamp":"2022-09-15T16:23:17.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:24:25 honeypot-fra-1 sshd[19107]: Received disconnect from 114.4.110.242 port 41654:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:24:26.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:27:33.470Z","@version":"1","message":"Sep 15 16:27:33 honeypot-sgp-1 sshd[22350]: Received disconnect from 92.255.85.69 port 29744:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:28:03 honeypot-fra-1 sshd[19112]: Received disconnect from 165.22.45.108 port 39482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:28:04.626Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:29:08 honeypot-ams-1 kernel: [84135930.635473] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=48756 PROTO=TCP SPT=10348 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:29:08.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:34:03 honeypot-fra-1 sshd[19121]: Disconnected from authenticating user root 13.67.221.136 port 1024 [preauth]","@timestamp":"2022-09-15T16:34:03.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:37:35 honeypot-ams-1 sshd[28587]: Disconnected from authenticating user root 182.75.139.26 port 53312 [preauth]","@timestamp":"2022-09-15T16:37:36.075Z"}
{"@timestamp":"2022-09-15T16:38:37.738Z","@version":"1","message":"Sep 15 16:38:37 honeypot-sgp-1 sshd[22360]: Received disconnect from 61.177.173.51 port 32807:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:41:53 honeypot-fra-1 sshd[19129]: Disconnected from authenticating user root 61.177.173.36 port 47575 [preauth]","@timestamp":"2022-09-15T16:41:53.954Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:42:41 honeypot-ams-1 sshd[28594]: Invalid user admin from 91.240.118.222 port 33254","@timestamp":"2022-09-15T16:42:41.229Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:40 honeypot-fra-1 sshd[19137]: Invalid user ubnt from 92.255.85.69 port 16948","@timestamp":"2022-09-15T16:46:41.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:49 honeypot-fra-1 sshd[19141]: Received disconnect from 45.61.186.169 port 55294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:46:50.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:08 honeypot-fra-1 sshd[19145]: Received disconnect from 45.61.186.169 port 49908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:47:09.078Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:25 honeypot-fra-1 sshd[19150]: Invalid user user from 45.61.186.169 port 44514","@timestamp":"2022-09-15T16:47:26.086Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:48:12.970Z","@version":"1","message":"Sep 15 16:48:12 honeypot-sgp-1 sshd[22366]: Invalid user user from 179.60.147.69 port 28130","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:49:11 honeypot-fra-1 sshd[19157]: Received disconnect from 61.177.172.98 port 39075:11:  [preauth]","@timestamp":"2022-09-15T16:49:12.129Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:51:33 honeypot-ams-1 sshd[28598]: Connection closed by invalid user user 179.60.147.69 port 39886 [preauth]","@timestamp":"2022-09-15T16:51:33.455Z"}
{"@timestamp":"2022-09-15T16:52:40.083Z","@version":"1","message":"Sep 15 16:52:39 honeypot-sgp-1 sshd[22374]: Received disconnect from 61.177.172.90 port 56924:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:53:38 honeypot-fra-1 sshd[19164]: Received disconnect from 61.177.173.36 port 35418:11:  [preauth]","@timestamp":"2022-09-15T16:53:39.230Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:38 honeypot-ams-1 sshd[28603]: Invalid user user from 45.61.186.169 port 55382","@timestamp":"2022-09-15T16:54:38.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:56 honeypot-ams-1 sshd[28607]: Invalid user user from 45.61.186.169 port 50342","@timestamp":"2022-09-15T16:54:57.545Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:05 honeypot-ams-1 sshd[28611]: Invalid user user from 45.61.186.169 port 33684","@timestamp":"2022-09-15T16:55:06.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:22 honeypot-ams-1 sshd[28615]: Invalid user user from 45.61.186.169 port 56874","@timestamp":"2022-09-15T16:55:23.560Z"}
{"@timestamp":"2022-09-15T16:58:40.230Z","@version":"1","message":"Sep 15 16:58:39 honeypot-sgp-1 kernel: [84137226.898029] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=46186 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:59:25 honeypot-fra-1 sshd[19170]: Disconnected from authenticating user root 179.43.156.143 port 44460 [preauth]","@timestamp":"2022-09-15T16:59:26.362Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:37 honeypot-ams-1 sshd[28618]: Received disconnect from 200.60.92.170 port 34940:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:59:38.670Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:58 honeypot-ams-1 sshd[28622]: Received disconnect from 92.255.85.69 port 49288:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:59:59.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:01:05 honeypot-fra-1 sshd[19176]: Received disconnect from 179.43.156.143 port 33558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:01:06.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:02:14 honeypot-fra-1 sshd[19182]: Received disconnect from 61.177.173.53 port 54713:11:  [preauth]","@timestamp":"2022-09-15T17:02:14.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:03:12 honeypot-fra-1 kernel: [84135809.312612] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60314 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:03:13.459Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:03:51 honeypot-fra-1 sshd[19189]: Disconnected from invalid user nfsnobod 179.43.156.143 port 43678 [preauth]","@timestamp":"2022-09-15T17:03:51.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:04:02 honeypot-ams-1 sshd[28627]: Disconnected from invalid user admin 103.101.125.37 port 52032 [preauth]","@timestamp":"2022-09-15T17:04:02.783Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:05:37 honeypot-fra-1 sshd[19195]: Received disconnect from 179.43.156.143 port 60958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:05:37.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:06:13 honeypot-fra-1 sshd[19201]: Received disconnect from 179.43.156.143 port 57330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:06:13.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:06:54 honeypot-fra-1 sshd[19205]: Disconnected from invalid user pubsub 180.180.123.207 port 51872 [preauth]","@timestamp":"2022-09-15T17:06:54.555Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:07:35.446Z","@version":"1","message":"Sep 15 17:07:35 honeypot-sgp-1 kernel: [84137762.172431] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=113 ID=11159 PROTO=TCP SPT=9111 DPT=443 WINDOW=20707 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:08:12 honeypot-fra-1 sshd[19211]: Invalid user git from 92.255.85.69 port 47742","@timestamp":"2022-09-15T17:08:12.607Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:11:13 honeypot-fra-1 sshd[19217]: Invalid user vinci from 223.255.187.154 port 26038","@timestamp":"2022-09-15T17:11:14.678Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:12:16 honeypot-ams-1 kernel: [84138518.848350] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=22559 PROTO=TCP SPT=43101 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:12:16.999Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:13:12 honeypot-fra-1 sshd[19220]: Disconnected from authenticating user root 61.177.172.104 port 33063 [preauth]","@timestamp":"2022-09-15T17:13:12.723Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:13:22.588Z","@version":"1","message":"Sep 15 17:13:22 honeypot-sgp-1 kernel: [84138109.121130] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.217.196.9 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=15686 PROTO=TCP SPT=43964 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:16:12.657Z","@version":"1","message":"Sep 15 17:16:12 honeypot-sgp-1 sshd[22398]: Disconnected from invalid user kevin 92.255.85.69 port 53856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:17:01 honeypot-fra-1 CRON[19225]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T17:17:01.807Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:17:12 honeypot-ams-1 sshd[28639]: Disconnected from invalid user test5 208.109.32.171 port 47282 [preauth]","@timestamp":"2022-09-15T17:17:13.127Z"}
{"@timestamp":"2022-09-15T17:20:17.759Z","@version":"1","message":"Sep 15 17:20:17 honeypot-sgp-1 sshd[22405]: Received disconnect from 45.61.186.169 port 41396:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:34.769Z","@version":"1","message":"Sep 15 17:20:34 honeypot-sgp-1 sshd[22407]: Disconnected from authenticating user root 61.177.172.19 port 57042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:45.774Z","@version":"1","message":"Sep 15 17:20:45 honeypot-sgp-1 sshd[22413]: Disconnected from invalid user user 45.61.186.169 port 47558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:21:01.782Z","@version":"1","message":"Sep 15 17:21:01 honeypot-sgp-1 sshd[22417]: Disconnected from invalid user user 45.61.186.169 port 42256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:22:27 honeypot-ams-1 sshd[28646]: Disconnected from authenticating user root 117.202.8.55 port 38516 [preauth]","@timestamp":"2022-09-15T17:22:28.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:23:21 honeypot-fra-1 sshd[19236]: Connection closed by invalid user node02 103.188.176.251 port 52530 [preauth]","@timestamp":"2022-09-15T17:23:21.949Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:23:27 honeypot-ams-1 sshd[28653]: Invalid user voice from 147.182.251.31 port 37490","@timestamp":"2022-09-15T17:23:28.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:25:17 honeypot-ams-1 sshd[28655]: Invalid user content from 178.128.88.244 port 40944","@timestamp":"2022-09-15T17:25:18.344Z"}
{"@timestamp":"2022-09-15T17:25:33.895Z","@version":"1","message":"Sep 15 17:25:33 honeypot-sgp-1 sshd[22425]: Received disconnect from 61.177.173.50 port 36159:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:25:54 honeypot-fra-1 sshd[19243]: Connection closed by invalid user guest 179.60.147.69 port 18272 [preauth]","@timestamp":"2022-09-15T17:25:55.010Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:27:38.946Z","@version":"1","message":"Sep 15 17:27:38 honeypot-sgp-1 sshd[22429]: Disconnected from invalid user ela 181.84.108.242 port 57278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:28:05 honeypot-ams-1 sshd[28660]: Connection closed by invalid user guest 179.60.147.69 port 50684 [preauth]","@timestamp":"2022-09-15T17:28:05.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:30:18 honeypot-ams-1 sshd[28666]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-15T17:30:19.475Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:30:38 honeypot-fra-1 kernel: [84137454.487447] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=9216 PROTO=TCP SPT=43002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:30:38.120Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:33:52 honeypot-fra-1 sshd[19254]: Received disconnect from 61.177.173.49 port 21329:11:  [preauth]","@timestamp":"2022-09-15T17:33:52.193Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:35:34.139Z","@version":"1","message":"Sep 15 17:35:34 honeypot-sgp-1 kernel: [84139441.066113] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=120.85.117.251 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=14104 DF PROTO=TCP SPT=28457 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:36:22 honeypot-ams-1 kernel: [84139964.648226] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=57313 PROTO=TCP SPT=52753 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:36:22.633Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:39:16 honeypot-fra-1 kernel: [84137972.651058] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=196.2.8.42 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=242 ID=37806 DF PROTO=TCP SPT=25550 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:39:16.337Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:42:53 honeypot-fra-1 sshd[19284]: Received disconnect from 106.51.3.154 port 18865:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:42:53.422Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:45:37.380Z","@version":"1","message":"Sep 15 17:45:36 honeypot-sgp-1 sshd[22446]: Invalid user user from 103.188.176.251 port 47812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:45:43 honeypot-ams-1 sshd[28674]: Disconnected from invalid user cfs 138.94.193.68 port 42304 [preauth]","@timestamp":"2022-09-15T17:45:44.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:47:51 honeypot-ams-1 sshd[28678]: Disconnected from invalid user admin 92.255.85.70 port 38402 [preauth]","@timestamp":"2022-09-15T17:47:51.927Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:51:46 honeypot-fra-1 sshd[19289]: Connection closed by invalid user tomcat 193.106.191.157 port 46636 [preauth]","@timestamp":"2022-09-15T17:51:46.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:51:59.532Z","@version":"1","message":"Sep 15 17:51:59 honeypot-sgp-1 sshd[22453]: Received disconnect from 61.177.173.35 port 38275:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:54:13 honeypot-fra-1 sshd[19296]: Invalid user admin from 92.255.85.70 port 62374","@timestamp":"2022-09-15T17:54:13.682Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:56:38 honeypot-ams-1 kernel: [84141180.141160] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=50030 PROTO=TCP SPT=43744 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:56:38.149Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:29 honeypot-ams-1 sshd[28690]: Received disconnect from 198.98.61.9 port 57584:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:58:30.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:46 honeypot-ams-1 sshd[28694]: Received disconnect from 198.98.61.9 port 52382:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:58:47.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:59:04 honeypot-ams-1 sshd[28698]: Received disconnect from 198.98.61.9 port 47186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:59:05.220Z"}
{"@timestamp":"2022-09-15T17:59:48.720Z","@version":"1","message":"Sep 15 17:59:48 honeypot-sgp-1 sshd[22461]: Invalid user user from 45.61.186.49 port 58562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:59:58.725Z","@version":"1","message":"Sep 15 17:59:58 honeypot-sgp-1 sshd[22465]: Invalid user user from 45.61.186.49 port 41810","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:00:12.732Z","@version":"1","message":"Sep 15 18:00:12 honeypot-sgp-1 kernel: [84140919.062648] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.180 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=20411 PROTO=TCP SPT=50989 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:01:46.774Z","@version":"1","message":"Sep 15 18:01:46 honeypot-sgp-1 sshd[22471]: Received disconnect from 61.177.172.108 port 62419:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:02:05 honeypot-fra-1 sshd[19302]: Invalid user centos from 179.60.147.69 port 39320","@timestamp":"2022-09-15T18:02:05.861Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:02:43 honeypot-ams-1 kernel: [84141545.887078] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=53547 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:02:44.314Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:02:55 honeypot-fra-1 sshd[19306]: Disconnected from authenticating user root 61.177.172.108 port 58557 [preauth]","@timestamp":"2022-09-15T18:02:55.882Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:03:50.826Z","@version":"1","message":"Sep 15 18:03:50 honeypot-sgp-1 sshd[22475]: Received disconnect from 92.255.85.70 port 46178:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:05:41.872Z","@version":"1","message":"Sep 15 18:05:41 honeypot-sgp-1 sshd[22480]: Disconnected from invalid user florian 198.46.152.24 port 39138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:10:14 honeypot-fra-1 kernel: [84139831.116174] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48628 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:10:15.053Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:12:06 honeypot-ams-1 sshd[28707]: Received disconnect from 92.255.85.69 port 30300:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:12:07.555Z"}
{"@timestamp":"2022-09-15T18:15:55.116Z","@version":"1","message":"Sep 15 18:15:54 honeypot-sgp-1 kernel: [84141861.847652] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=44950 PROTO=TCP SPT=44803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:16:15 honeypot-fra-1 sshd[19321]: Received disconnect from 61.177.173.39 port 29593:11:  [preauth]","@timestamp":"2022-09-15T18:16:16.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:17:28 honeypot-fra-1 kernel: [84140265.047639] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=117.196.63.241 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=24752 DF PROTO=TCP SPT=47097 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:17:29.222Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T18:18:39.185Z","@version":"1","message":"Sep 15 18:18:39 honeypot-sgp-1 kernel: [84142025.940409] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=194.163.175.129 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=4018 PROTO=TCP SPT=40265 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:19:56 honeypot-fra-1 sshd[19331]: Invalid user admin from 141.98.10.158 port 34980","@timestamp":"2022-09-15T18:19:57.282Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:24:12 honeypot-ams-1 kernel: [84142834.336292] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=54.157.239.216 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=11459 PROTO=TCP SPT=58320 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:24:12.863Z"}
{"@timestamp":"2022-09-15T18:25:35.352Z","@version":"1","message":"Sep 15 18:25:35 honeypot-sgp-1 sshd[22498]: Received disconnect from 92.255.85.70 port 57466:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:26:31 honeypot-fra-1 sshd[19338]: Received disconnect from 206.81.0.243 port 34804:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:26:32.433Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:30:08.463Z","@version":"1","message":"Sep 15 18:30:07 honeypot-sgp-1 sshd[22505]: Disconnected from authenticating user root 51.75.224.152 port 45654 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:31:28.516Z","@version":"1","message":"Sep 15 18:31:28 honeypot-sgp-1 sshd[22510]: Disconnected from invalid user user 198.98.61.9 port 49942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:31:49.526Z","@version":"1","message":"Sep 15 18:31:49 honeypot-sgp-1 sshd[22514]: Disconnected from invalid user user 198.98.61.9 port 44806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:32:15 honeypot-ams-1 sshd[28715]: Disconnected from invalid user wpyan 122.165.93.92 port 59612 [preauth]","@timestamp":"2022-09-15T18:32:15.069Z"}
{"@timestamp":"2022-09-15T18:32:15.539Z","@version":"1","message":"Sep 15 18:32:15 honeypot-sgp-1 sshd[22518]: Disconnected from invalid user user 198.98.61.9 port 39684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:31.547Z","@version":"1","message":"Sep 15 18:32:31 honeypot-sgp-1 sshd[22522]: Disconnected from invalid user user 198.98.61.9 port 34568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:33:28 honeypot-fra-1 kernel: [84141224.919436] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=20187 PROTO=TCP SPT=54162 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:33:29.592Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:36:25 honeypot-ams-1 sshd[28722]: Received disconnect from 92.255.85.69 port 34306:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:36:26.181Z"}
{"@timestamp":"2022-09-15T18:41:09.755Z","@version":"1","message":"Sep 15 18:41:09 honeypot-sgp-1 kernel: [84143375.887714] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.11.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=7985 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:41:54 honeypot-fra-1 sshd[19355]: Did not receive identification string from 198.98.61.9 port 52726","@timestamp":"2022-09-15T18:41:54.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:30 honeypot-fra-1 sshd[19358]: Disconnected from invalid user indian 43.154.138.122 port 54624 [preauth]","@timestamp":"2022-09-15T18:42:30.798Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:42:36 honeypot-ams-1 sshd[28728]: Received disconnect from 192.3.134.93 port 36248:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:42:37.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:41 honeypot-fra-1 sshd[19362]: Disconnected from invalid user user 198.98.61.9 port 36094 [preauth]","@timestamp":"2022-09-15T18:42:42.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:50 honeypot-fra-1 sshd[19366]: Disconnected from invalid user user 198.98.61.9 port 47654 [preauth]","@timestamp":"2022-09-15T18:42:50.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:06 honeypot-fra-1 sshd[19372]: Invalid user user from 198.98.61.9 port 42412","@timestamp":"2022-09-15T18:43:06.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:44 honeypot-fra-1 kernel: [84141840.843421] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.11.153 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=62033 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:43:44.833Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:46:36 honeypot-fra-1 sshd[19381]: Disconnected from invalid user teste 188.134.83.209 port 55286 [preauth]","@timestamp":"2022-09-15T18:46:37.916Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:47:48 honeypot-ams-1 sshd[28732]: Connection closed by invalid user pi 121.178.241.243 port 1638 [preauth]","@timestamp":"2022-09-15T18:47:49.474Z"}
{"@timestamp":"2022-09-15T18:49:12.950Z","@version":"1","message":"Sep 15 18:49:12 honeypot-sgp-1 kernel: [84143859.035460] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.145.89 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=36 ID=21289 PROTO=TCP SPT=36534 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:54:08 honeypot-fra-1 sshd[19391]: Invalid user sinusbot from 150.107.149.31 port 14724","@timestamp":"2022-09-15T18:54:08.087Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:55:41.105Z","@version":"1","message":"Sep 15 18:55:40 honeypot-sgp-1 sshd[22539]: Disconnected from authenticating user root 61.177.172.19 port 61579 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:59:28 honeypot-fra-1 sshd[19398]: Received disconnect from 61.177.173.46 port 58940:11:  [preauth]","@timestamp":"2022-09-15T18:59:29.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:00:33 honeypot-fra-1 sshd[19404]: Received disconnect from 66.98.45.242 port 50326:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:00:33.236Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:00:40 honeypot-ams-1 sshd[28737]: Disconnected from authenticating user root 92.255.85.69 port 24770 [preauth]","@timestamp":"2022-09-15T19:00:40.804Z"}
{"@timestamp":"2022-09-15T19:00:42.259Z","@version":"1","message":"Sep 15 19:00:41 honeypot-sgp-1 sshd[22545]: Invalid user user2 from 79.9.37.49 port 57456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:02:06.294Z","@version":"1","message":"Sep 15 19:02:05 honeypot-sgp-1 sshd[22552]: Received disconnect from 61.177.173.47 port 41156:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:06:11 honeypot-fra-1 sshd[19421]: Invalid user misiek from 180.180.123.207 port 60698","@timestamp":"2022-09-15T19:06:12.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:07:17 honeypot-fra-1 sshd[19427]: Received disconnect from 92.255.85.70 port 20594:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:07:17.391Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:08:54 honeypot-ams-1 sshd[28758]: Received disconnect from 103.147.5.1 port 41162:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:08:55.039Z"}
{"@timestamp":"2022-09-15T19:10:12.485Z","@version":"1","message":"Sep 15 19:10:12 honeypot-sgp-1 sshd[22559]: Disconnected from authenticating user root 193.142.146.50 port 47706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:10:21 honeypot-fra-1 sshd[19432]: Disconnected from authenticating user root 61.177.172.124 port 15241 [preauth]","@timestamp":"2022-09-15T19:10:22.465Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:12:03.532Z","@version":"1","message":"Sep 15 19:12:02 honeypot-sgp-1 sshd[22566]: Disconnected from authenticating user root 193.142.146.50 port 34432 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:13:43.575Z","@version":"1","message":"Sep 15 19:13:42 honeypot-sgp-1 sshd[22570]: Disconnected from authenticating user root 61.177.173.48 port 44927 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:14:12.588Z","@version":"1","message":"Sep 15 19:14:12 honeypot-sgp-1 sshd[22576]: Disconnected from authenticating user root 193.142.146.50 port 44966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:38 honeypot-fra-1 sshd[19442]: Disconnected from invalid user user 198.98.61.9 port 51186 [preauth]","@timestamp":"2022-09-15T19:15:38.587Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:16:03.636Z","@version":"1","message":"Sep 15 19:16:03 honeypot-sgp-1 sshd[22583]: Received disconnect from 193.142.146.50 port 59926:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:04 honeypot-fra-1 sshd[19446]: Disconnected from invalid user user 198.98.61.9 port 46778 [preauth]","@timestamp":"2022-09-15T19:16:05.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:26 honeypot-fra-1 sshd[19450]: Disconnected from invalid user user 198.98.61.9 port 42374 [preauth]","@timestamp":"2022-09-15T19:16:27.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:44 honeypot-fra-1 sshd[19454]: Disconnected from invalid user user 198.98.61.9 port 37962 [preauth]","@timestamp":"2022-09-15T19:16:44.620Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:17:01.660Z","@version":"1","message":"Sep 15 19:17:01 honeypot-sgp-1 CRON[22588]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:17:01 honeypot-ams-1 CRON[28764]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T19:17:02.247Z"}
{"@timestamp":"2022-09-15T19:21:23.782Z","@version":"1","message":"Sep 15 19:21:23 honeypot-sgp-1 sshd[22595]: Received disconnect from 61.177.173.53 port 13323:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:21:52 honeypot-fra-1 sshd[19462]: Received disconnect from 61.177.173.51 port 59099:11:  [preauth]","@timestamp":"2022-09-15T19:21:52.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:22:31 honeypot-ams-1 sshd[28770]: Received disconnect from 92.255.85.70 port 41492:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:22:32.415Z"}
{"@timestamp":"2022-09-15T19:25:33.881Z","@version":"1","message":"Sep 15 19:25:33 honeypot-sgp-1 kernel: [84146040.435712] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.99.150 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=25813 DF PROTO=TCP SPT=60103 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:34:05.096Z","@version":"1","message":"Sep 15 19:34:04 honeypot-sgp-1 sshd[22608]: Received disconnect from 157.245.13.253 port 59914:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:36:27 honeypot-fra-1 kernel: [84145003.675732] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.99.150 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=3273 DF PROTO=TCP SPT=55311 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T19:36:28.084Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T19:37:24.175Z","@version":"1","message":"Sep 15 19:37:23 honeypot-sgp-1 sshd[22616]: Disconnected from authenticating user root 61.177.172.124 port 42648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:38:06 honeypot-fra-1 kernel: [84145102.832277] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=62294 PROTO=TCP SPT=43691 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:38:07.126Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T19:42:32.292Z","@version":"1","message":"Sep 15 19:42:31 honeypot-sgp-1 sshd[22623]: Disconnected from authenticating user root 128.199.68.220 port 42624 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:44:52 honeypot-ams-1 sshd[28776]: Received disconnect from 92.255.85.69 port 48034:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:44:52.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:46:59 honeypot-fra-1 kernel: [84145635.945417] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=57418 PROTO=TCP SPT=52613 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:47:00.325Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T19:50:22.474Z","@version":"1","message":"Sep 15 19:50:21 honeypot-sgp-1 kernel: [84147528.642928] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59751 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:51:34.506Z","@version":"1","message":"Sep 15 19:51:34 honeypot-sgp-1 sshd[22634]: Disconnected from authenticating user root 61.177.172.98 port 42534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:53:20 honeypot-fra-1 sshd[19499]: Received disconnect from 92.255.85.69 port 32324:11: Bye Bye [preauth]","@timestamp":"2022-09-15T19:53:21.467Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:53:44 honeypot-ams-1 sshd[28782]: Disconnected from invalid user gambaa 180.179.24.156 port 40404 [preauth]","@timestamp":"2022-09-15T19:53:45.210Z"}
{"@timestamp":"2022-09-15T19:56:43.625Z","@version":"1","message":"Sep 15 19:56:43 honeypot-sgp-1 kernel: [84147910.059399] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.99.150 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=15577 PROTO=TCP SPT=56789 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:56:47 honeypot-ams-1 sshd[28786]: Invalid user steam from 103.99.203.103 port 59414","@timestamp":"2022-09-15T19:56:47.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:57:41 honeypot-ams-1 sshd[28790]: Invalid user test from 179.60.147.69 port 11770","@timestamp":"2022-09-15T19:57:42.316Z"}
{"@timestamp":"2022-09-15T19:59:34.711Z","@version":"1","message":"Sep 15 19:59:34 honeypot-sgp-1 sshd[22646]: Disconnected from authenticating user root 61.177.173.47 port 53183 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:59:40 honeypot-fra-1 sshd[19504]: Received disconnect from 165.22.45.108 port 59720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:59:40.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:00:43 honeypot-fra-1 kernel: [84146459.672787] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.150.212.14 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=35551 PROTO=TCP SPT=51829 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:00:43.634Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T20:02:22.781Z","@version":"1","message":"Sep 15 20:02:22 honeypot-sgp-1 sshd[22650]: Disconnecting invalid user  185.246.130.20 port 34577: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:02:26 honeypot-ams-1 kernel: [84148728.101299] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=42102 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:02:26.442Z"}
{"@timestamp":"2022-09-15T20:02:49.793Z","@version":"1","message":"Sep 15 20:02:49 honeypot-sgp-1 sshd[22657]: Disconnecting invalid user  185.246.130.20 port 11358: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:19.808Z","@version":"1","message":"Sep 15 20:03:19 honeypot-sgp-1 sshd[22664]: Invalid user admin from 185.246.130.20 port 8752","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:45.822Z","@version":"1","message":"Sep 15 20:03:45 honeypot-sgp-1 sshd[22670]: Invalid user manager from 185.246.130.20 port 5377","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:20.839Z","@version":"1","message":"Sep 15 20:04:20 honeypot-sgp-1 sshd[22676]: Disconnecting invalid user 1234 185.246.130.20 port 40661: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:45.851Z","@version":"1","message":"Sep 15 20:04:45 honeypot-sgp-1 sshd[22683]: Disconnecting invalid user  185.246.130.20 port 24478: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:24.870Z","@version":"1","message":"Sep 15 20:05:24 honeypot-sgp-1 sshd[22693]: Invalid user blank from 185.246.130.20 port 8277","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:52.883Z","@version":"1","message":"Sep 15 20:05:52 honeypot-sgp-1 sshd[22699]: Invalid user 1234 from 185.246.130.20 port 28820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:24.899Z","@version":"1","message":"Sep 15 20:06:24 honeypot-sgp-1 sshd[22706]: Invalid user Cisco from 185.246.130.20 port 30749","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:49.911Z","@version":"1","message":"Sep 15 20:06:49 honeypot-sgp-1 sshd[22712]: Invalid user 1234 from 185.246.130.20 port 17939","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:17.925Z","@version":"1","message":"Sep 15 20:07:17 honeypot-sgp-1 sshd[22718]: Disconnecting invalid user  185.246.130.20 port 21402: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:41.937Z","@version":"1","message":"Sep 15 20:07:41 honeypot-sgp-1 sshd[22724]: Disconnecting invalid user admin 185.246.130.20 port 64125: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:58.946Z","@version":"1","message":"Sep 15 20:07:58 honeypot-sgp-1 sshd[22732]: Received disconnect from 61.177.173.51 port 52430:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:26.959Z","@version":"1","message":"Sep 15 20:08:26 honeypot-sgp-1 sshd[22738]: Invalid user default from 185.246.130.20 port 55372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:08:38 honeypot-fra-1 sshd[19514]: Disconnected from authenticating user root 61.177.173.50 port 62890 [preauth]","@timestamp":"2022-09-15T20:08:38.820Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:08:45.973Z","@version":"1","message":"Sep 15 20:08:45 honeypot-sgp-1 sshd[22744]: Invalid user Administrator from 185.246.130.20 port 32128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:04.982Z","@version":"1","message":"Sep 15 20:09:04 honeypot-sgp-1 sshd[22750]: Invalid user admin from 185.246.130.20 port 54925","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:42.000Z","@version":"1","message":"Sep 15 20:09:41 honeypot-sgp-1 sshd[22756]: Invalid user comcast from 185.246.130.20 port 49799","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:12.015Z","@version":"1","message":"Sep 15 20:10:11 honeypot-sgp-1 sshd[22763]: Invalid user admin1234 from 185.246.130.20 port 2316","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:41.029Z","@version":"1","message":"Sep 15 20:10:40 honeypot-sgp-1 sshd[22769]: Invalid user admin from 185.246.130.20 port 38678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:09.042Z","@version":"1","message":"Sep 15 20:11:08 honeypot-sgp-1 sshd[22777]: Invalid user blank from 185.246.130.20 port 51437","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:40.057Z","@version":"1","message":"Sep 15 20:11:39 honeypot-sgp-1 sshd[22783]: Disconnecting invalid user airlive 185.246.130.20 port 23440: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:02.068Z","@version":"1","message":"Sep 15 20:12:01 honeypot-sgp-1 sshd[22789]: Disconnecting invalid user roqos 185.246.130.20 port 18901: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:30.081Z","@version":"1","message":"Sep 15 20:12:29 honeypot-sgp-1 sshd[22795]: Disconnecting invalid user sitecom 185.246.130.20 port 44203: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:54.093Z","@version":"1","message":"Sep 15 20:12:53 honeypot-sgp-1 sshd[22801]: Disconnecting invalid user admin 185.246.130.20 port 31305: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:20.105Z","@version":"1","message":"Sep 15 20:13:19 honeypot-sgp-1 sshd[22807]: Disconnecting invalid user smcadmin 185.246.130.20 port 41076: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:49.120Z","@version":"1","message":"Sep 15 20:13:48 honeypot-sgp-1 sshd[22813]: Disconnecting invalid user admin 185.246.130.20 port 49596: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:02.127Z","@version":"1","message":"Sep 15 20:14:01 honeypot-sgp-1 sshd[22818]: Disconnecting invalid user public 185.246.130.20 port 52049: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:34.143Z","@version":"1","message":"Sep 15 20:14:33 honeypot-sgp-1 sshd[22827]: Invalid user 123456 from 185.246.130.20 port 60712","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:04.157Z","@version":"1","message":"Sep 15 20:15:03 honeypot-sgp-1 sshd[22834]: Invalid user readwrite from 185.246.130.20 port 48186","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:30.171Z","@version":"1","message":"Sep 15 20:15:29 honeypot-sgp-1 sshd[22840]: Invalid user DZY-W2914NSV2 from 185.246.130.20 port 19704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:50.180Z","@version":"1","message":"Sep 15 20:15:50 honeypot-sgp-1 sshd[22846]: Invalid user admin from 185.246.130.20 port 35047","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:16:12.192Z","@version":"1","message":"Sep 15 20:16:11 honeypot-sgp-1 sshd[22850]: Disconnecting invalid user admin 185.246.130.20 port 50872: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:17 honeypot-fra-1 sshd[19523]: Did not receive identification string from 54.163.60.60 port 56174","@timestamp":"2022-09-15T20:16:17.996Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:16:38.206Z","@version":"1","message":"Sep 15 20:16:37 honeypot-sgp-1 sshd[22856]: Connection closed by invalid user ltecl4r0 185.246.130.20 port 4798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:17:01 honeypot-fra-1 CRON[19528]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T20:17:02.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:17:01 honeypot-ams-1 CRON[28801]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T20:17:02.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:27:00 honeypot-fra-1 kernel: [84148036.930500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.215 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59707 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:27:01.243Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T20:27:28.458Z","@version":"1","message":"Sep 15 20:27:27 honeypot-sgp-1 sshd[22868]: Received disconnect from 206.189.157.19 port 35696:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:29:41 honeypot-ams-1 kernel: [84150363.733762] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.113 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55159 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:29:42.136Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:30:45 honeypot-fra-1 kernel: [84148261.318015] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26687 PROTO=TCP SPT=53802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:30:45.330Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T20:32:35.579Z","@version":"1","message":"Sep 15 20:32:34 honeypot-sgp-1 sshd[22873]: Invalid user ubnt from 179.60.147.69 port 42864","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:34:05 honeypot-ams-1 kernel: [84150626.963609] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33668 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:34:05.249Z"}
{"@timestamp":"2022-09-15T20:37:21.694Z","@version":"1","message":"Sep 15 20:37:21 honeypot-sgp-1 kernel: [84150347.789300] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.100.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39855 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:39:19 honeypot-fra-1 sshd[19553]: Received disconnect from 92.255.85.70 port 28924:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:39:20.522Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:39:46.750Z","@version":"1","message":"Sep 15 20:39:46 honeypot-sgp-1 sshd[22882]: Disconnected from invalid user pbx 128.199.91.252 port 50260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:45:50 honeypot-fra-1 sshd[19560]: Invalid user jivov from 106.241.54.211 port 47040","@timestamp":"2022-09-15T20:45:50.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:46:26.909Z","@version":"1","message":"Sep 15 20:46:26 honeypot-sgp-1 kernel: [84150893.004393] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.140.230 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=8541 DF PROTO=TCP SPT=51021 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:46:50.920Z","@version":"1","message":"Sep 15 20:46:50 honeypot-sgp-1 sshd[22890]: Disconnected from authenticating user root 61.177.173.39 port 47051 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:47:45 honeypot-fra-1 sshd[19564]: Disconnected from authenticating user root 61.177.172.108 port 24194 [preauth]","@timestamp":"2022-09-15T20:47:45.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:50:09 honeypot-fra-1 sshd[19570]: Received disconnect from 20.214.104.165 port 57946:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:50:09.772Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:51:37 honeypot-ams-1 kernel: [84151679.731183] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.103.32.192 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=57895 DF PROTO=TCP SPT=53270 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:51:38.694Z"}
{"@timestamp":"2022-09-15T20:53:20.075Z","@version":"1","message":"Sep 15 20:53:19 honeypot-sgp-1 sshd[22900]: Did not receive identification string from 45.61.186.249 port 46476","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:03.093Z","@version":"1","message":"Sep 15 20:54:02 honeypot-sgp-1 sshd[22903]: Disconnected from invalid user user 45.61.186.249 port 50168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:20.101Z","@version":"1","message":"Sep 15 20:54:19 honeypot-sgp-1 sshd[22923]: Invalid user user from 45.61.186.249 port 44376","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:38.109Z","@version":"1","message":"Sep 15 20:54:37 honeypot-sgp-1 sshd[22927]: Invalid user user from 45.61.186.249 port 38602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:54:49 honeypot-fra-1 sshd[19577]: Disconnected from authenticating user root 61.177.173.46 port 52634 [preauth]","@timestamp":"2022-09-15T20:54:49.876Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:54:50.115Z","@version":"1","message":"Sep 15 20:54:49 honeypot-sgp-1 sshd[22931]: Received disconnect from 61.177.173.36 port 27774:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:08 honeypot-fra-1 sshd[19582]: Invalid user user from 198.98.61.9 port 35212","@timestamp":"2022-09-15T20:57:08.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:24 honeypot-fra-1 sshd[19587]: Invalid user user from 198.98.61.9 port 57868","@timestamp":"2022-09-15T20:57:24.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:48 honeypot-fra-1 sshd[19591]: Invalid user user from 198.98.61.9 port 52254","@timestamp":"2022-09-15T20:57:48.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:59:21 honeypot-fra-1 kernel: [84149977.664413] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=21945 PROTO=TCP SPT=49876 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:59:21.984Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:59:40 honeypot-ams-1 sshd[28821]: Received disconnect from 45.64.134.14 port 65320:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:59:40.913Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:01:06 honeypot-ams-1 sshd[28826]: Disconnected from authenticating user root 51.250.5.16 port 54738 [preauth]","@timestamp":"2022-09-15T21:01:06.951Z"}
{"@timestamp":"2022-09-15T21:01:49.279Z","@version":"1","message":"Sep 15 21:01:48 honeypot-sgp-1 sshd[22936]: Received disconnect from 92.9.123.122 port 56332:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:05:07 honeypot-ams-1 kernel: [84152489.868191] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.0.54.49 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=19308 DF PROTO=TCP SPT=60822 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T21:05:08.060Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:06:30 honeypot-fra-1 sshd[19600]: Received disconnect from 61.177.173.35 port 62687:11:  [preauth]","@timestamp":"2022-09-15T21:06:31.148Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:08:20 honeypot-fra-1 sshd[19604]: Received disconnect from 114.108.150.156 port 59324:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:08:21.191Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:08:46.459Z","@version":"1","message":"Sep 15 21:08:46 honeypot-sgp-1 sshd[22945]: Connection closed by invalid user default 179.60.147.69 port 52620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:09:39 honeypot-fra-1 sshd[19608]: Disconnected from authenticating user root 61.177.172.108 port 45682 [preauth]","@timestamp":"2022-09-15T21:09:40.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:10:17 honeypot-fra-1 sshd[19613]: Received disconnect from 185.231.245.49 port 60830:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:10:18.241Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:12:34 honeypot-ams-1 sshd[28834]: Invalid user mago from 34.69.39.31 port 37616","@timestamp":"2022-09-15T21:12:35.256Z"}
{"@timestamp":"2022-09-15T21:12:46.554Z","@version":"1","message":"Sep 15 21:12:46 honeypot-sgp-1 sshd[22951]: Disconnecting invalid user admin 118.21.144.227 port 53642: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:13:11 honeypot-fra-1 sshd[19620]: Invalid user harlan from 77.104.75.106 port 56500","@timestamp":"2022-09-15T21:13:12.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:14:15 honeypot-ams-1 sshd[28840]: Unable to negotiate with 13.56.251.189 port 46520: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]","@timestamp":"2022-09-15T21:14:16.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:17 honeypot-ams-1 sshd[28849]: Invalid user user from 198.98.61.9 port 56690","@timestamp":"2022-09-15T21:15:17.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:31 honeypot-ams-1 sshd[28851]: Invalid user aris9 from 52.160.46.145 port 50830","@timestamp":"2022-09-15T21:15:32.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:38 honeypot-ams-1 sshd[28855]: Disconnected from invalid user user 198.98.61.9 port 51624 [preauth]","@timestamp":"2022-09-15T21:15:39.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:59 honeypot-ams-1 sshd[28859]: Disconnected from invalid user user 198.98.61.9 port 46562 [preauth]","@timestamp":"2022-09-15T21:16:00.356Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:16:01 honeypot-fra-1 kernel: [84150977.308869] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.55.26.211 DST=165.22.82.222 LEN=64 TOS=0x00 PREC=0x00 TTL=52 ID=57338 DF PROTO=TCP SPT=58113 DPT=3389 WINDOW=63443 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:16:02.375Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:15 honeypot-ams-1 sshd[28865]: Invalid user user from 198.98.61.9 port 41494","@timestamp":"2022-09-15T21:16:16.364Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:17:01 honeypot-ams-1 CRON[28869]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T21:17:02.390Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:18:06 honeypot-fra-1 sshd[19630]: Disconnected from authenticating user root 61.177.173.46 port 43753 [preauth]","@timestamp":"2022-09-15T21:18:07.424Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:18:32 honeypot-ams-1 sshd[28873]: Disconnected from invalid user admin 92.255.85.69 port 63140 [preauth]","@timestamp":"2022-09-15T21:18:33.431Z"}
{"@timestamp":"2022-09-15T21:19:17.727Z","@version":"1","message":"Sep 15 21:19:17 honeypot-sgp-1 sshd[22961]: Disconnected from authenticating user root 61.177.173.46 port 17458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:25:42 honeypot-fra-1 sshd[19635]: Received disconnect from 92.255.85.70 port 43006:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:25:42.595Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:26:07.907Z","@version":"1","message":"Sep 15 21:26:07 honeypot-sgp-1 sshd[22966]: Connection reset by 61.177.173.51 port 60337 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:27:41 honeypot-ams-1 sshd[28879]: Received disconnect from 148.72.244.44 port 39282:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:27:42.660Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:31:42 honeypot-ams-1 sshd[28885]: Connection closed by 43.128.231.89 port 34916 [preauth]","@timestamp":"2022-09-15T21:31:42.767Z"}
{"@timestamp":"2022-09-15T21:32:51.065Z","@version":"1","message":"Sep 15 21:32:51 honeypot-sgp-1 sshd[22974]: Disconnected from authenticating user root 61.177.173.35 port 49115 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:33:32 honeypot-fra-1 sshd[19644]: Received disconnect from 61.177.173.51 port 44254:11:  [preauth]","@timestamp":"2022-09-15T21:33:32.772Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:40:47.252Z","@version":"1","message":"Sep 15 21:40:46 honeypot-sgp-1 sshd[22981]: Disconnected from authenticating user root 61.177.173.49 port 29352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:42:38 honeypot-fra-1 sshd[19653]: Disconnected from authenticating user root 61.177.173.35 port 58163 [preauth]","@timestamp":"2022-09-15T21:42:38.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:47:45.414Z","@version":"1","message":"Sep 15 21:47:44 honeypot-sgp-1 kernel: [84154571.308621] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=50969 DF PROTO=TCP SPT=40528 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:48:25 honeypot-ams-1 sshd[28894]: Connection closed by authenticating user nobody 179.60.147.69 port 51488 [preauth]","@timestamp":"2022-09-15T21:48:26.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:49:03 honeypot-fra-1 sshd[19660]: Received disconnect from 61.177.173.51 port 17922:11:  [preauth]","@timestamp":"2022-09-15T21:49:04.120Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:51:58 honeypot-fra-1 sshd[19665]: Disconnected from authenticating user root 61.177.173.47 port 46998 [preauth]","@timestamp":"2022-09-15T21:51:59.204Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:54:38 honeypot-ams-1 sshd[28899]: Disconnected from authenticating user root 211.252.84.133 port 55224 [preauth]","@timestamp":"2022-09-15T21:54:39.352Z"}
{"@timestamp":"2022-09-15T21:54:56.580Z","@version":"1","message":"Sep 15 21:54:55 honeypot-sgp-1 sshd[23063]: Invalid user ftpuser from 92.255.85.70 port 58826","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T22:01:11.721Z","@version":"1","message":"Sep 15 22:01:11 honeypot-sgp-1 sshd[23068]: Disconnected from authenticating user root 61.177.173.36 port 23076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:16 honeypot-fra-1 sshd[19680]: Invalid user user from 162.241.189.135 port 37200","@timestamp":"2022-09-15T22:02:17.436Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:24 honeypot-fra-1 sshd[19684]: Invalid user user from 162.241.189.135 port 46998","@timestamp":"2022-09-15T22:02:24.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:31 honeypot-fra-1 sshd[19688]: Invalid user user from 162.241.189.135 port 45330","@timestamp":"2022-09-15T22:02:32.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:39 honeypot-fra-1 sshd[19692]: Invalid user user from 162.241.189.135 port 58968","@timestamp":"2022-09-15T22:02:39.448Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:48 honeypot-fra-1 sshd[19696]: Invalid user user from 162.241.189.135 port 43070","@timestamp":"2022-09-15T22:02:48.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:59 honeypot-fra-1 sshd[19700]: Invalid user user from 162.241.189.135 port 55642","@timestamp":"2022-09-15T22:02:59.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:04 honeypot-fra-1 sshd[19704]: Invalid user user from 162.241.189.135 port 39840","@timestamp":"2022-09-15T22:03:04.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:11 honeypot-fra-1 sshd[19708]: Invalid user user from 162.241.189.135 port 52210","@timestamp":"2022-09-15T22:03:12.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:15 honeypot-fra-1 sshd[19710]: Disconnected from invalid user user 162.241.189.135 port 44310 [preauth]","@timestamp":"2022-09-15T22:03:16.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:26 honeypot-fra-1 sshd[19714]: Disconnected from invalid user user 162.241.189.135 port 57486 [preauth]","@timestamp":"2022-09-15T22:03:27.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:31 honeypot-fra-1 sshd[19718]: Disconnected from invalid user user 162.241.189.135 port 43534 [preauth]","@timestamp":"2022-09-15T22:03:32.475Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:39 honeypot-fra-1 sshd[19722]: Disconnected from invalid user user 162.241.189.135 port 57430 [preauth]","@timestamp":"2022-09-15T22:03:40.481Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:47 honeypot-fra-1 sshd[19726]: Disconnected from invalid user user 162.241.189.135 port 42648 [preauth]","@timestamp":"2022-09-15T22:03:47.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:55 honeypot-fra-1 sshd[19730]: Received disconnect from 162.241.189.135 port 55314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:55.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:03 honeypot-fra-1 sshd[19734]: Received disconnect from 162.241.189.135 port 42988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:03.493Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:17 honeypot-fra-1 sshd[19738]: Received disconnect from 162.241.189.135 port 47260:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:18.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:25 honeypot-fra-1 sshd[19742]: Received disconnect from 162.241.189.135 port 38578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:25.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:32 honeypot-fra-1 sshd[19746]: Received disconnect from 162.241.189.135 port 49540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:33.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:04:38 honeypot-ams-1 kernel: [84156060.026893] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.194.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54523 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:04:38.615Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:40 honeypot-fra-1 sshd[19750]: Received disconnect from 162.241.189.135 port 36018:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:41.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:48 honeypot-fra-1 sshd[19754]: Received disconnect from 162.241.189.135 port 49328:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:49.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:56 honeypot-fra-1 sshd[19758]: Received disconnect from 162.241.189.135 port 34562:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:04:57.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:04 honeypot-fra-1 sshd[19762]: Received disconnect from 162.241.189.135 port 47972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:05.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:12 honeypot-fra-1 sshd[19766]: Received disconnect from 162.241.189.135 port 33560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:13.529Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:20 honeypot-fra-1 sshd[19770]: Received disconnect from 162.241.189.135 port 49900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:21.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:28 honeypot-fra-1 sshd[19774]: Received disconnect from 162.241.189.135 port 37036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:28.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:35 honeypot-fra-1 sshd[19778]: Received disconnect from 162.241.189.135 port 49416:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:36.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:47 honeypot-fra-1 sshd[19782]: Received disconnect from 162.241.189.135 port 57832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:48.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:51 honeypot-fra-1 sshd[19786]: Received disconnect from 162.241.189.135 port 49718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:05:51.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:02 honeypot-fra-1 sshd[19790]: Received disconnect from 162.241.189.135 port 42016:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:02.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:06 honeypot-fra-1 sshd[19794]: Received disconnect from 162.241.189.135 port 48978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:07.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:16 honeypot-fra-1 sshd[19798]: Received disconnect from 162.241.189.135 port 32794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:17.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:24 honeypot-fra-1 sshd[19802]: Received disconnect from 162.241.189.135 port 45220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:24.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:31 honeypot-fra-1 sshd[19806]: Received disconnect from 162.241.189.135 port 58588:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:32.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:39 honeypot-fra-1 sshd[19810]: Received disconnect from 162.241.189.135 port 43654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:39.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:47 honeypot-fra-1 sshd[19814]: Received disconnect from 162.241.189.135 port 57280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:06:47.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:55 honeypot-fra-1 sshd[19818]: Invalid user user from 162.241.189.135 port 41450","@timestamp":"2022-09-15T22:06:55.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:03 honeypot-fra-1 sshd[19822]: Invalid user user from 162.241.189.135 port 54032","@timestamp":"2022-09-15T22:07:04.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:10 honeypot-fra-1 sshd[19826]: Invalid user user from 162.241.189.135 port 38458","@timestamp":"2022-09-15T22:07:11.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:18 honeypot-fra-1 sshd[19831]: Invalid user user from 162.241.189.135 port 53408","@timestamp":"2022-09-15T22:07:19.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:26 honeypot-fra-1 sshd[19835]: Invalid user user from 162.241.189.135 port 38726","@timestamp":"2022-09-15T22:07:27.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:34 honeypot-fra-1 sshd[19839]: Invalid user user from 162.241.189.135 port 50980","@timestamp":"2022-09-15T22:07:34.601Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:08:01 honeypot-ams-1 kernel: [84156263.692438] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.49.158.145 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=13631 PROTO=TCP SPT=20201 DPT=80 WINDOW=26308 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:08:02.707Z"}
{"@timestamp":"2022-09-15T22:10:35.948Z","@version":"1","message":"Sep 15 22:10:35 honeypot-sgp-1 sshd[23073]: Invalid user e from 157.230.47.60 port 39614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:10:56 honeypot-fra-1 kernel: [84154272.332308] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=59378 PROTO=TCP SPT=56911 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:10:56.691Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:14:01 honeypot-fra-1 sshd[19844]: Disconnected from invalid user ftpuser 92.255.85.70 port 35780 [preauth]","@timestamp":"2022-09-15T22:14:01.764Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:14:32 honeypot-ams-1 sshd[28912]: Invalid user user1 from 103.188.176.251 port 43754","@timestamp":"2022-09-15T22:14:32.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:17:01 honeypot-ams-1 CRON[28916]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T22:17:01.953Z"}
{"@timestamp":"2022-09-15T22:17:02.107Z","@version":"1","message":"Sep 15 22:17:01 honeypot-sgp-1 CRON[23076]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T22:19:11.161Z","@version":"1","message":"Sep 15 22:19:10 honeypot-sgp-1 sshd[23082]: Received disconnect from 92.255.85.70 port 45958:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:19:59 honeypot-fra-1 sshd[19852]: Invalid user monitor from 139.59.112.202 port 55320","@timestamp":"2022-09-15T22:19:59.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:23:09 honeypot-fra-1 sshd[19856]: Invalid user qxk from 184.168.125.40 port 57412","@timestamp":"2022-09-15T22:23:09.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:23:26.265Z","@version":"1","message":"Sep 15 22:23:25 honeypot-sgp-1 sshd[23088]: Invalid user medieval from 159.65.128.16 port 49896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:26:59 honeypot-fra-1 sshd[19859]: Invalid user tomcat from 193.106.191.157 port 41878","@timestamp":"2022-09-15T22:27:00.065Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:28:22 honeypot-ams-1 sshd[28923]: Disconnected from invalid user admin 92.255.85.70 port 40676 [preauth]","@timestamp":"2022-09-15T22:28:22.246Z"}
{"@timestamp":"2022-09-15T22:32:11.470Z","@version":"1","message":"Sep 15 22:32:10 honeypot-sgp-1 kernel: [84157237.192800] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=52996 PROTO=TCP SPT=51578 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:37:30 honeypot-fra-1 sshd[19868]: Received disconnect from 165.22.45.108 port 46662:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:37:31.301Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:37:52 honeypot-ams-1 sshd[28927]: Disconnected from invalid user gituser 27.74.254.115 port 54606 [preauth]","@timestamp":"2022-09-15T22:37:52.497Z"}
{"@timestamp":"2022-09-15T22:42:54.724Z","@version":"1","message":"Sep 15 22:42:53 honeypot-sgp-1 sshd[23098]: Received disconnect from 92.255.85.70 port 58910:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:45:56 honeypot-fra-1 kernel: [84156372.073722] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.26.29.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=33583 PROTO=TCP SPT=50082 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:45:56.507Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:49:12 honeypot-ams-1 kernel: [84158734.128354] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=223.94.32.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=32111 PROTO=TCP SPT=20125 DPT=443 WINDOW=58446 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:49:12.793Z"}
{"@timestamp":"2022-09-15T22:56:04.039Z","@version":"1","message":"Sep 15 22:56:03 honeypot-sgp-1 kernel: [84158669.781805] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=31.214.157.137 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=41849 PROTO=TCP SPT=52860 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19881]: Invalid user chia from 20.13.161.157 port 57028","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19876]: Connection closed by invalid user user 20.13.161.157 port 56970 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19878]: Invalid user ubuntu from 20.13.161.157 port 57038","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19888]: Connection closed by authenticating user root 20.13.161.157 port 57002 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19908]: Invalid user hadoop from 20.13.161.157 port 56976","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19909]: Invalid user es from 20.13.161.157 port 56992","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19905]: Connection closed by invalid user vagrant 20.13.161.157 port 56998 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:58:29 honeypot-fra-1 sshd[19924]: Invalid user default from 179.60.147.69 port 43892","@timestamp":"2022-09-15T22:58:29.790Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:00:43 honeypot-ams-1 sshd[28936]: Connection closed by invalid user default 179.60.147.69 port 27160 [preauth]","@timestamp":"2022-09-15T23:00:44.098Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:01:51 honeypot-fra-1 kernel: [84157327.475325] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.145.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54517 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:01:51.870Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T23:03:30.218Z","@version":"1","message":"Sep 15 23:03:29 honeypot-sgp-1 sshd[23115]: Invalid user wangyu from 118.174.4.5 port 41387","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:03:38 honeypot-ams-1 kernel: [84159599.941311] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.96.246 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=29046 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:03:38.180Z"}
{"@timestamp":"2022-09-15T23:06:37.294Z","@version":"1","message":"Sep 15 23:06:36 honeypot-sgp-1 sshd[23117]: Invalid user adm from 92.255.85.70 port 25546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:10:49 honeypot-fra-1 kernel: [84157865.014029] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.201.31 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58739 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:10:50.076Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T23:11:08.406Z","@version":"1","message":"Sep 15 23:11:07 honeypot-sgp-1 sshd[23120]: Invalid user admin from 178.49.141.172 port 35340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:16:06 honeypot-ams-1 sshd[28942]: Received disconnect from 92.255.85.69 port 63414:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:16:07.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:18:58 honeypot-fra-1 kernel: [84158354.579808] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=28282 PROTO=TCP SPT=49958 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:18:59.263Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T23:21:09.668Z","@version":"1","message":"Sep 15 23:21:08 honeypot-sgp-1 sshd[23126]: Received disconnect from 165.22.202.225 port 52586:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:31 honeypot-ams-1 sshd[28948]: Did not receive identification string from 80.76.51.46 port 38938","@timestamp":"2022-09-15T23:21:31.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:48 honeypot-ams-1 sshd[28953]: Received disconnect from 139.59.92.30 port 44524:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:21:48.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:13 honeypot-ams-1 sshd[28960]: Received disconnect from 80.76.51.46 port 49214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:22:13.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:41 honeypot-ams-1 sshd[28966]: Received disconnect from 80.76.51.46 port 59966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:22:41.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:11 honeypot-ams-1 sshd[28972]: Received disconnect from 80.76.51.46 port 42466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:23:11.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:32 honeypot-ams-1 sshd[28976]: Received disconnect from 80.76.51.46 port 49624:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:23:32.714Z"}
{"@timestamp":"2022-09-15T23:30:31.891Z","@version":"1","message":"Sep 15 23:30:31 honeypot-sgp-1 kernel: [84160737.894268] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=52031 PROTO=TCP SPT=44602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:30:32 honeypot-fra-1 sshd[19943]: Received disconnect from 165.22.45.108 port 51722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:30:32.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:30:36 honeypot-ams-1 sshd[28981]: Received disconnect from 40.124.120.52 port 47660:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:30:36.897Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:37:46 honeypot-fra-1 sshd[19949]: Connection closed by invalid user admin 179.60.147.69 port 10734 [preauth]","@timestamp":"2022-09-15T23:37:46.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:39:57 honeypot-ams-1 sshd[28987]: Disconnected from authenticating user root 92.255.85.70 port 30836 [preauth]","@timestamp":"2022-09-15T23:39:58.143Z"}
{"@timestamp":"2022-09-15T23:44:07.219Z","@version":"1","message":"Sep 15 23:44:06 honeypot-sgp-1 sshd[23138]: Received disconnect from 161.35.113.79 port 40166:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:46:41 honeypot-ams-1 sshd[28992]: Disconnected from authenticating user root 147.182.247.29 port 51196 [preauth]","@timestamp":"2022-09-15T23:46:41.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:47:02 honeypot-fra-1 sshd[19962]: Received disconnect from 92.255.85.69 port 54320:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:47:03.950Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:49:54 honeypot-ams-1 sshd[28998]: Received disconnect from 45.61.186.249 port 44426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:49:55.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:14 honeypot-ams-1 sshd[29002]: Received disconnect from 45.61.186.249 port 38854:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:50:14.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:32 honeypot-ams-1 sshd[29006]: Received disconnect from 45.61.186.249 port 33306:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:50:32.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:35 honeypot-fra-1 sshd[19969]: Protocol major versions differ for 31.192.105.81 port 9467: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Nmap-SSH1-Hostkey","@timestamp":"2022-09-15T23:50:36.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:37 honeypot-fra-1 sshd[19980]: Connection closed by 31.192.105.81 port 38564 [preauth]","@timestamp":"2022-09-15T23:50:38.032Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:52:30 honeypot-ams-1 sshd[29012]: Received disconnect from 80.76.51.45 port 56284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:52:30.483Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:04 honeypot-ams-1 sshd[29016]: Received disconnect from 80.76.51.45 port 36118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:53:05.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:54 honeypot-ams-1 sshd[29022]: Received disconnect from 80.76.51.45 port 33970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:53:54.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:54:42 honeypot-ams-1 sshd[29028]: Received disconnect from 80.76.51.45 port 60170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:54:43.549Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:55:32 honeypot-ams-1 sshd[29034]: Invalid user user from 80.76.51.45 port 58156","@timestamp":"2022-09-15T23:55:32.576Z"}
{"@timestamp":"2022-09-15T23:55:46.494Z","@version":"1","message":"Sep 15 23:55:46 honeypot-sgp-1 sshd[23145]: Invalid user ttf from 181.117.6.49 port 52062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19997]: Invalid user admin from 182.253.81.212 port 33838","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19995]: Connection closed by invalid user teamspeak 182.253.81.212 port 33842 [preauth]","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:26 honeypot-fra-1 sshd[20005]: Connection closed by invalid user admin 182.253.81.212 port 33850 [preauth]","@timestamp":"2022-09-15T23:56:27.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:28 honeypot-fra-1 sshd[20009]: Connection closed by invalid user kafka 182.253.81.212 port 33823 [preauth]","@timestamp":"2022-09-15T23:56:29.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:57:30.537Z","@version":"1","message":"Sep 15 23:57:30 honeypot-sgp-1 sshd[23149]: Did not receive identification string from 45.61.186.49 port 60662","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:57:38 honeypot-ams-1 kernel: [84162840.031405] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.110 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=14366 PROTO=TCP SPT=57473 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:57:38.632Z"}
{"@timestamp":"2022-09-15T23:57:42.543Z","@version":"1","message":"Sep 15 23:57:42 honeypot-sgp-1 sshd[23152]: Disconnected from invalid user ap 190.115.208.250 port 44568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:50.548Z","@version":"1","message":"Sep 15 23:57:50 honeypot-sgp-1 sshd[23156]: Disconnected from invalid user user 45.61.186.49 port 60380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:58:49.572Z","@version":"1","message":"Sep 15 23:58:49 honeypot-sgp-1 sshd[23161]: Received disconnect from 45.61.186.169 port 34190:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:06.581Z","@version":"1","message":"Sep 15 23:59:06 honeypot-sgp-1 sshd[23166]: Received disconnect from 45.61.186.169 port 57106:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:23.589Z","@version":"1","message":"Sep 15 23:59:22 honeypot-sgp-1 sshd[23170]: Received disconnect from 45.61.186.169 port 51764:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:37.596Z","@version":"1","message":"Sep 15 23:59:37 honeypot-sgp-1 sshd[23174]: Received disconnect from 45.61.186.169 port 46424:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:04:42 honeypot-ams-1 kernel: [84163264.459945] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51412 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:04:42.830Z"}
{"@timestamp":"2022-09-16T00:08:32.825Z","@version":"1","message":"Sep 16 00:08:32 honeypot-sgp-1 kernel: [84163018.916907] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=28679 PROTO=TCP SPT=46404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:22.894Z","@version":"1","message":"Sep 16 00:11:22 honeypot-sgp-1 sshd[23183]: Invalid user user from 45.61.186.249 port 58790","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:40.903Z","@version":"1","message":"Sep 16 00:11:39 honeypot-sgp-1 sshd[23187]: Invalid user user from 45.61.186.249 port 53080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:56.940Z","@version":"1","message":"Sep 16 00:11:56 honeypot-sgp-1 sshd[23191]: Invalid user user from 45.61.186.249 port 47386","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:13:33 honeypot-fra-1 kernel: [84161628.960530] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=23568 PROTO=TCP SPT=43102 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:13:33.556Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:16:26.047Z","@version":"1","message":"Sep 16 00:16:25 honeypot-sgp-1 sshd[23196]: Invalid user centos from 179.60.147.69 port 20850","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:17:41 honeypot-fra-1 sshd[20021]: Connection closed by invalid user centos 179.60.147.69 port 9046 [preauth]","@timestamp":"2022-09-16T00:17:41.656Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T00:18:08.090Z","@version":"1","message":"Sep 16 00:18:07 honeypot-sgp-1 kernel: [84163593.845195] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.162.222.29 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=59473 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:20:05 honeypot-ams-1 sshd[29046]: Connection closed by invalid user centos 179.60.147.69 port 24598 [preauth]","@timestamp":"2022-09-16T00:20:06.264Z"}
{"@timestamp":"2022-09-16T00:20:17.145Z","@version":"1","message":"Sep 16 00:20:17 honeypot-sgp-1 sshd[23206]: Invalid user user from 45.61.184.204 port 60892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:36.154Z","@version":"1","message":"Sep 16 00:20:35 honeypot-sgp-1 sshd[23210]: Invalid user user from 45.61.184.204 port 55162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:53.162Z","@version":"1","message":"Sep 16 00:20:52 honeypot-sgp-1 sshd[23214]: Invalid user user from 45.61.184.204 port 49390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:21:41 honeypot-fra-1 kernel: [84162116.812625] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=74.82.47.54 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=38936 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:21:41.751Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:22:15.196Z","@version":"1","message":"Sep 16 00:22:14 honeypot-sgp-1 kernel: [84163841.010937] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=216.218.206.73 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60232 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:23:34 honeypot-ams-1 sshd[29049]: Received disconnect from 73.3.242.105 port 60874:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:23:35.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:34:08 honeypot-fra-1 sshd[20027]: Received disconnect from 92.255.85.69 port 36630:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:34:09.081Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T00:35:33.507Z","@version":"1","message":"Sep 16 00:35:33 honeypot-sgp-1 sshd[23222]: Received disconnect from 138.97.64.134 port 50736:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:39:02.591Z","@version":"1","message":"Sep 16 00:39:02 honeypot-sgp-1 sshd[23226]: Disconnected from invalid user sylvia 20.205.9.176 port 47152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:39:28 honeypot-ams-1 sshd[29056]: Invalid user zipdrive from 147.182.235.17 port 44362","@timestamp":"2022-09-16T00:39:28.817Z"}
{"@timestamp":"2022-09-16T00:41:03.641Z","@version":"1","message":"Sep 16 00:41:02 honeypot-sgp-1 sshd[23232]: Disconnected from invalid user phion 120.88.46.226 port 46092 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:42:07 honeypot-ams-1 sshd[29061]: Received disconnect from 128.199.71.153 port 39408:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:42:07.893Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:43:40 honeypot-ams-1 kernel: [84165602.738339] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=17151 PROTO=TCP SPT=2982 DPT=80 WINDOW=62311 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:43:41.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:43:56 honeypot-fra-1 sshd[20031]: Connection closed by invalid user sftpuser 103.188.176.251 port 51186 [preauth]","@timestamp":"2022-09-16T00:43:57.306Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:50:41 honeypot-ams-1 sshd[29070]: Received disconnect from 92.255.85.70 port 37024:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:50:41.127Z"}
{"@timestamp":"2022-09-16T00:52:01.902Z","@version":"1","message":"Sep 16 00:52:01 honeypot-sgp-1 sshd[23236]: Connection closed by invalid user admin 178.128.125.205 port 63246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:52:01.902Z","@version":"1","message":"Sep 16 00:52:01 honeypot-sgp-1 sshd[23242]: Connection closed by invalid user admin 178.128.125.205 port 63270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:56:08 honeypot-fra-1 sshd[20036]: Received disconnect from 92.255.85.70 port 26836:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:56:08.586Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:59:45 honeypot-ams-1 kernel: [84166567.023461] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=60538 PROTO=TCP SPT=47491 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:59:45.370Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:02:37 honeypot-fra-1 kernel: [84164572.907992] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.100 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=29476 PROTO=TCP SPT=1665 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:02:37.738Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:03:27.169Z","@version":"1","message":"Sep 16 01:03:26 honeypot-sgp-1 sshd[23247]: Disconnected from authenticating user root 92.255.85.69 port 15316 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:09:37 honeypot-ams-1 sshd[29077]: Disconnected from invalid user en 185.74.4.17 port 57076 [preauth]","@timestamp":"2022-09-16T01:09:37.626Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:09:52 honeypot-fra-1 sshd[20045]: Connection closed by invalid user tomcat 193.106.191.157 port 54908 [preauth]","@timestamp":"2022-09-16T01:09:53.906Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:11:02.350Z","@version":"1","message":"Sep 16 01:11:01 honeypot-sgp-1 sshd[23252]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.212.162 port 42794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:11:34 honeypot-ams-1 sshd[29083]: Disconnected from authenticating user root 92.255.85.69 port 36546 [preauth]","@timestamp":"2022-09-16T01:11:34.679Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:11:54 honeypot-fra-1 sshd[20052]: Received disconnect from 116.193.133.36 port 58131:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:11:54.954Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:15:21 honeypot-fra-1 sshd[20055]: Disconnected from invalid user lee 165.22.45.108 port 34114 [preauth]","@timestamp":"2022-09-16T01:15:22.037Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:16 honeypot-fra-1 sshd[20061]: Disconnected from invalid user user 45.61.186.49 port 39558 [preauth]","@timestamp":"2022-09-16T01:17:17.083Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:26 honeypot-fra-1 sshd[20065]: Disconnected from invalid user user 45.61.186.49 port 51506 [preauth]","@timestamp":"2022-09-16T01:17:27.088Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:20:30 honeypot-fra-1 sshd[20070]: Disconnected from authenticating user root 92.255.85.69 port 23374 [preauth]","@timestamp":"2022-09-16T01:20:31.160Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:21:19.593Z","@version":"1","message":"Sep 16 01:21:18 honeypot-sgp-1 sshd[23259]: Disconnected from authenticating user root 75.188.17.172 port 44864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T01:22:09.616Z","@version":"1","message":"Sep 16 01:22:09 honeypot-sgp-1 sshd[23266]: Received disconnect from 167.172.98.89 port 51393:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:25:15 honeypot-ams-1 kernel: [84168097.445922] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34160 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:25:16.048Z"}
{"@timestamp":"2022-09-16T01:25:35.699Z","@version":"1","message":"Sep 16 01:25:35 honeypot-sgp-1 sshd[23270]: Disconnected from invalid user otso 188.166.95.44 port 53714 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:27:17 honeypot-fra-1 kernel: [84166052.935608] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.196.214 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39150 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:27:18.319Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:28:54.780Z","@version":"1","message":"Sep 16 01:28:54 honeypot-sgp-1 kernel: [84167840.555911] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.94.201 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47318 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:51 honeypot-fra-1 sshd[20096]: Did not receive identification string from 121.4.171.88 port 58948","@timestamp":"2022-09-16T01:31:52.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:53 honeypot-fra-1 sshd[20119]: Connection closed by invalid user admin 121.4.171.88 port 45684 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20117]: Invalid user es from 121.4.171.88 port 45626","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20108]: Connection closed by invalid user postgres 121.4.171.88 port 45652 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:32:17 honeypot-fra-1 kernel: [84166353.311745] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=180.149.126.207 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=60120 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:32:18.441Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:32:26.886Z","@version":"1","message":"Sep 16 01:32:25 honeypot-sgp-1 kernel: [84168052.389007] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.96.150 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=60392 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:32:50 honeypot-ams-1 sshd[29098]: Invalid user guest from 179.60.147.69 port 45558","@timestamp":"2022-09-16T01:32:51.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:36:02 honeypot-ams-1 sshd[29102]: Disconnected from invalid user administrador 43.154.230.33 port 44372 [preauth]","@timestamp":"2022-09-16T01:36:03.333Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:18 honeypot-fra-1 sshd[20146]: Received disconnect from 45.61.186.49 port 54592:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:37:19.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:29 honeypot-fra-1 sshd[20150]: Received disconnect from 45.61.186.49 port 37894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:37:29.562Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:38:37 honeypot-ams-1 sshd[29107]: Did not receive identification string from 80.76.51.46 port 41506","@timestamp":"2022-09-16T01:38:37.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:02 honeypot-ams-1 sshd[29112]: Received disconnect from 80.76.51.46 port 37870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:39:03.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:31 honeypot-ams-1 sshd[29118]: Received disconnect from 80.76.51.46 port 48394:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:39:31.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:01 honeypot-ams-1 sshd[29124]: Received disconnect from 80.76.51.46 port 58904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:40:02.450Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:21 honeypot-ams-1 sshd[29130]: Received disconnect from 46.101.23.51 port 44956:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:40:22.461Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:43 honeypot-ams-1 sshd[29134]: Received disconnect from 80.76.51.46 port 44678:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:40:43.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:40 honeypot-ams-1 sshd[29140]: Received disconnect from 111.226.108.58 port 43205:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:41.736Z"}
{"@timestamp":"2022-09-16T01:50:43.323Z","@version":"1","message":"Sep 16 01:50:42 honeypot-sgp-1 kernel: [84169149.127198] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.47.86.119 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=2565 PROTO=TCP SPT=61127 DPT=80 WINDOW=63196 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:43 honeypot-ams-1 sshd[29144]: Disconnected from invalid user ubnt 111.226.108.58 port 43350 [preauth]","@timestamp":"2022-09-16T01:50:44.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:48 honeypot-ams-1 sshd[29150]: Disconnected from authenticating user root 111.226.108.58 port 43593 [preauth]","@timestamp":"2022-09-16T01:50:49.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:53 honeypot-ams-1 sshd[29156]: Disconnected from authenticating user root 111.226.108.58 port 43838 [preauth]","@timestamp":"2022-09-16T01:50:53.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:58 honeypot-ams-1 sshd[29162]: Disconnected from authenticating user root 111.226.108.58 port 44074 [preauth]","@timestamp":"2022-09-16T01:50:58.749Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:02 honeypot-ams-1 sshd[29168]: Disconnected from authenticating user root 111.226.108.58 port 44305 [preauth]","@timestamp":"2022-09-16T01:51:02.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:07 honeypot-ams-1 sshd[29174]: Disconnected from authenticating user root 111.226.108.58 port 44547 [preauth]","@timestamp":"2022-09-16T01:51:07.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:12 honeypot-ams-1 sshd[29180]: Disconnected from authenticating user root 111.226.108.58 port 44796 [preauth]","@timestamp":"2022-09-16T01:51:12.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:16 honeypot-ams-1 sshd[29186]: Disconnected from authenticating user root 111.226.108.58 port 45047 [preauth]","@timestamp":"2022-09-16T01:51:17.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:21 honeypot-ams-1 sshd[29192]: Disconnected from authenticating user root 111.226.108.58 port 45281 [preauth]","@timestamp":"2022-09-16T01:51:21.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:26 honeypot-ams-1 sshd[29198]: Disconnected from authenticating user root 111.226.108.58 port 45547 [preauth]","@timestamp":"2022-09-16T01:51:26.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:31 honeypot-ams-1 sshd[29204]: Disconnected from authenticating user root 111.226.108.58 port 45798 [preauth]","@timestamp":"2022-09-16T01:51:31.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:35 honeypot-ams-1 sshd[29210]: Disconnected from authenticating user root 111.226.108.58 port 46046 [preauth]","@timestamp":"2022-09-16T01:51:35.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:38 honeypot-ams-1 sshd[29214]: Disconnected from invalid user admin 111.226.108.58 port 46222 [preauth]","@timestamp":"2022-09-16T01:51:39.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:42 honeypot-ams-1 sshd[29218]: Disconnected from invalid user admin 111.226.108.58 port 46391 [preauth]","@timestamp":"2022-09-16T01:51:42.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:45 honeypot-ams-1 sshd[29222]: Disconnected from invalid user admin 111.226.108.58 port 46553 [preauth]","@timestamp":"2022-09-16T01:51:45.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:48 honeypot-ams-1 sshd[29226]: Disconnected from invalid user admin 111.226.108.58 port 46731 [preauth]","@timestamp":"2022-09-16T01:51:48.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:51 honeypot-ams-1 sshd[29230]: Disconnected from invalid user admin 111.226.108.58 port 46877 [preauth]","@timestamp":"2022-09-16T01:51:51.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:56 honeypot-ams-1 sshd[29236]: Received disconnect from 111.226.108.58 port 47138:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:56.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:59 honeypot-ams-1 sshd[29240]: Received disconnect from 111.226.108.58 port 47302:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:59.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:02 honeypot-ams-1 sshd[29244]: Received disconnect from 111.226.108.58 port 47456:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:02.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:05 honeypot-ams-1 sshd[29248]: Received disconnect from 111.226.108.58 port 47633:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:05.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:08 honeypot-ams-1 sshd[29252]: Received disconnect from 111.226.108.58 port 47786:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:09.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:12 honeypot-ams-1 sshd[29256]: Received disconnect from 111.226.108.58 port 47957:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:12.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:15 honeypot-ams-1 sshd[29260]: Received disconnect from 111.226.108.58 port 48127:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:15.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:18 honeypot-ams-1 sshd[29264]: Received disconnect from 111.226.108.58 port 48288:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:18.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:21 honeypot-ams-1 sshd[29268]: Received disconnect from 111.226.108.58 port 48438:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:21.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:24 honeypot-ams-1 sshd[29272]: Received disconnect from 111.226.108.58 port 48597:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:24.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:27 honeypot-ams-1 sshd[29276]: Received disconnect from 111.226.108.58 port 48754:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:27.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:30 honeypot-ams-1 sshd[29280]: Received disconnect from 111.226.108.58 port 48919:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:52:31.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:54:27 honeypot-fra-1 sshd[20156]: Received disconnect from 200.108.139.242 port 58125:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:54:27.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:55:12 honeypot-fra-1 sshd[20162]: Invalid user tomcat from 193.106.191.157 port 57082","@timestamp":"2022-09-16T01:55:12.984Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:57:42 honeypot-fra-1 sshd[20166]: Disconnected from authenticating user root 122.117.25.149 port 57176 [preauth]","@timestamp":"2022-09-16T01:57:43.045Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:59:55 honeypot-ams-1 sshd[29285]: Disconnected from authenticating user root 92.255.85.69 port 19114 [preauth]","@timestamp":"2022-09-16T01:59:56.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:28 honeypot-fra-1 sshd[20172]: Invalid user user from 45.61.186.169 port 52892","@timestamp":"2022-09-16T02:05:29.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:46 honeypot-fra-1 sshd[20176]: Invalid user user from 45.61.186.169 port 47812","@timestamp":"2022-09-16T02:05:47.301Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:05:47.685Z","@version":"1","message":"Sep 16 02:05:47 honeypot-sgp-1 sshd[23310]: Invalid user admin from 179.60.147.69 port 43802","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:03 honeypot-fra-1 sshd[20180]: Invalid user user from 45.61.186.169 port 42684","@timestamp":"2022-09-16T02:06:04.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:35 honeypot-fra-1 sshd[20184]: Received disconnect from 92.255.85.69 port 19938:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:06:35.335Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:07:42 honeypot-ams-1 sshd[29288]: Received disconnect from 178.62.97.236 port 41476:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:07:43.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:08:09 honeypot-fra-1 sshd[20188]: Disconnected from invalid user legend 165.22.45.108 port 39164 [preauth]","@timestamp":"2022-09-16T02:08:10.374Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:09:17 honeypot-ams-1 sshd[29294]: Received disconnect from 179.1.85.122 port 34356:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:09:18.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:11:09 honeypot-ams-1 sshd[29298]: Received disconnect from 103.99.203.103 port 40620:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:11:10.317Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:40 honeypot-fra-1 sshd[20194]: Received disconnect from 45.61.186.249 port 54542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:11:41.456Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:59 honeypot-fra-1 sshd[20198]: Received disconnect from 45.61.186.249 port 49154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T02:11:59.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:15 honeypot-fra-1 sshd[20202]: Invalid user user from 45.61.186.249 port 43720","@timestamp":"2022-09-16T02:12:15.473Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:12:33.855Z","@version":"1","message":"Sep 16 02:12:33 honeypot-sgp-1 sshd[23313]: Invalid user ansible from 92.255.85.70 port 49340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:13:09 honeypot-fra-1 kernel: [84168804.861241] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38701 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:13:10.526Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T02:15:15.924Z","@version":"1","message":"Sep 16 02:15:15 honeypot-sgp-1 sshd[23317]: Received disconnect from 119.187.147.110 port 2268:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:16:56 honeypot-ams-1 kernel: [84171198.517856] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.34.27.211 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=56451 PROTO=TCP SPT=33167 DPT=80 WINDOW=1652 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:16:57.470Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:18:45 honeypot-ams-1 sshd[29308]: Received disconnect from 89.22.173.148 port 52754:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:18:45.519Z"}
{"@timestamp":"2022-09-16T02:19:46.034Z","@version":"1","message":"Sep 16 02:19:46 honeypot-sgp-1 sshd[23323]: Received disconnect from 165.227.231.151 port 56604:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:22:55 honeypot-ams-1 sshd[29313]: Received disconnect from 92.255.85.69 port 18194:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:22:55.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:28:23 honeypot-fra-1 kernel: [84169718.262368] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57152 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:28:23.924Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:43:19 honeypot-ams-1 kernel: [84413979.139423] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.80.44.87 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=6220 PROTO=TCP SPT=18235 DPT=80 WINDOW=48816 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:43:20.025Z"}
{"@timestamp":"2022-09-18T21:43:30.444Z","@version":"1","message":"Sep 18 21:43:30 honeypot-sgp-1 sshd[31611]: Disconnected from authenticating user root 179.43.156.143 port 54162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:44:45.475Z","@version":"1","message":"Sep 18 21:44:44 honeypot-sgp-1 sshd[31616]: Disconnected from invalid user nutanix 179.43.156.143 port 49218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:46:00.507Z","@version":"1","message":"Sep 18 21:45:59 honeypot-sgp-1 sshd[31620]: Disconnected from invalid user RPM 92.255.85.69 port 26198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:46:38.523Z","@version":"1","message":"Sep 18 21:46:37 honeypot-sgp-1 sshd[31626]: Disconnected from invalid user esunny 179.43.156.143 port 41814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:47:46 honeypot-fra-1 kernel: [84412072.476228] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18668 PROTO=TCP SPT=44331 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:47:46.877Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T21:48:34.575Z","@version":"1","message":"Sep 18 21:48:34 honeypot-sgp-1 sshd[31635]: Invalid user git from 179.43.156.143 port 34348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:38.601Z","@version":"1","message":"Sep 18 21:49:37 honeypot-sgp-1 sshd[31642]: Invalid user kamiya from 159.65.11.5 port 47908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:50:33.625Z","@version":"1","message":"Sep 18 21:50:32 honeypot-sgp-1 sshd[31646]: Invalid user vagrant from 179.43.156.143 port 55162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:51:07.641Z","@version":"1","message":"Sep 18 21:51:06 honeypot-sgp-1 sshd[31650]: Received disconnect from 159.65.1.92 port 37016:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:51:53.661Z","@version":"1","message":"Sep 18 21:51:52 honeypot-sgp-1 sshd[31654]: Received disconnect from 179.43.156.143 port 50224:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:53:07.691Z","@version":"1","message":"Sep 18 21:53:07 honeypot-sgp-1 sshd[31658]: Disconnected from authenticating user root 61.148.90.118 port 44274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:53:29 honeypot-ams-1 sshd[6569]: Received disconnect from 68.168.142.91 port 48652:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:53:30.289Z"}
{"@timestamp":"2022-09-18T21:53:58.714Z","@version":"1","message":"Sep 18 21:53:58 honeypot-sgp-1 sshd[31662]: Disconnected from invalid user admin 112.28.209.66 port 47504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:54:43.735Z","@version":"1","message":"Sep 18 21:54:42 honeypot-sgp-1 sshd[31669]: Disconnected from authenticating user root 179.43.156.143 port 40308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:56:19 honeypot-fra-1 sshd[29998]: Received disconnect from 61.177.172.19 port 23680:11:  [preauth]","@timestamp":"2022-09-18T21:56:20.067Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:57:00.792Z","@version":"1","message":"Sep 18 21:57:00 honeypot-sgp-1 sshd[31676]: Received disconnect from 179.43.156.143 port 32912:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:58:13.845Z","@version":"1","message":"Sep 18 21:58:12 honeypot-sgp-1 sshd[31681]: Connection closed by invalid user zxd 103.188.176.251 port 49054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:00:00.891Z","@version":"1","message":"Sep 18 22:00:00 honeypot-sgp-1 sshd[31688]: Disconnected from authenticating user root 179.43.156.143 port 51248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:00:40 honeypot-fra-1 sshd[30002]: Received disconnect from 61.177.173.52 port 55944:11:  [preauth]","@timestamp":"2022-09-18T22:00:41.168Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:02:14.945Z","@version":"1","message":"Sep 18 22:02:14 honeypot-sgp-1 sshd[31694]: Received disconnect from 179.43.156.143 port 43850:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:03:46.983Z","@version":"1","message":"Sep 18 22:03:46 honeypot-sgp-1 sshd[31698]: Disconnected from authenticating user root 179.43.156.143 port 38898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:03:54 honeypot-ams-1 sshd[6574]: Did not receive identification string from 45.61.186.169 port 33004","@timestamp":"2022-09-18T22:03:54.563Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:21 honeypot-ams-1 sshd[6577]: Disconnected from invalid user user 45.61.186.169 port 34988 [preauth]","@timestamp":"2022-09-18T22:04:22.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:39 honeypot-ams-1 sshd[6581]: Disconnected from invalid user user 45.61.186.169 port 58440 [preauth]","@timestamp":"2022-09-18T22:04:39.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:56 honeypot-ams-1 sshd[6585]: Disconnected from invalid user user 45.61.186.169 port 53676 [preauth]","@timestamp":"2022-09-18T22:04:56.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:05:05 honeypot-ams-1 sshd[6587]: Disconnected from invalid user user 45.61.186.169 port 37212 [preauth]","@timestamp":"2022-09-18T22:05:05.601Z"}
{"@timestamp":"2022-09-18T22:06:04.040Z","@version":"1","message":"Sep 18 22:06:03 honeypot-sgp-1 sshd[31705]: Disconnected from authenticating user root 179.43.156.143 port 59732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:08:15.094Z","@version":"1","message":"Sep 18 22:08:14 honeypot-sgp-1 sshd[31711]: Invalid user sysgames from 179.43.156.143 port 52284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:08:56 honeypot-fra-1 sshd[30010]: Invalid user support from 92.255.85.70 port 60384","@timestamp":"2022-09-18T22:08:57.370Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:09:41.137Z","@version":"1","message":"Sep 18 22:09:41 honeypot-sgp-1 sshd[31715]: Invalid user init from 179.43.156.143 port 47386","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:12:02.194Z","@version":"1","message":"Sep 18 22:12:01 honeypot-sgp-1 kernel: [84415223.809588] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=48210 PROTO=TCP SPT=42441 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:12:09 honeypot-fra-1 sshd[30014]: Received disconnect from 220.203.8.38 port 43838:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:12:09.445Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:17:02.313Z","@version":"1","message":"Sep 18 22:17:01 honeypot-sgp-1 CRON[31725]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:17:01 honeypot-fra-1 CRON[30019]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T22:17:02.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:17:19 honeypot-ams-1 sshd[6598]: Received disconnect from 92.255.85.70 port 39810:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:17:19.921Z"}
{"@timestamp":"2022-09-18T22:22:42.443Z","@version":"1","message":"Sep 18 22:22:41 honeypot-sgp-1 kernel: [84415863.909025] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=51218 PROTO=TCP SPT=56476 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:27:30 honeypot-fra-1 sshd[30026]: Disconnected from authenticating user root 62.84.124.148 port 55938 [preauth]","@timestamp":"2022-09-18T22:27:31.801Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:29:44 honeypot-ams-1 sshd[6602]: Disconnected from authenticating user root 148.72.244.44 port 52270 [preauth]","@timestamp":"2022-09-18T22:29:45.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:31:20 honeypot-ams-1 sshd[6608]: Received disconnect from 128.199.227.242 port 54440:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:31:21.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:32:52 honeypot-ams-1 sshd[6613]: Disconnected from invalid user openbravo 137.184.28.240 port 33144 [preauth]","@timestamp":"2022-09-18T22:32:53.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30033]: Did not receive identification string from 185.209.179.41 port 51832","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30043]: Invalid user test from 185.209.179.41 port 57062","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30034]: Invalid user esuser from 185.209.179.41 port 57040","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30043]: Connection closed by invalid user test 185.209.179.41 port 57062 [preauth]","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30041]: Connection closed by invalid user deploy 185.209.179.41 port 57128 [preauth]","@timestamp":"2022-09-18T22:36:14.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30065]: Invalid user ts3server from 185.209.179.41 port 57080","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30063]: Connection closed by invalid user oracle 185.209.179.41 port 57078 [preauth]","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30068]: Connection closed by invalid user wordpress 185.209.179.41 port 57084 [preauth]","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30087]: Invalid user postgres from 185.209.179.41 port 57074","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30086]: Connection closed by invalid user esuser 185.209.179.41 port 57066 [preauth]","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:39:24 honeypot-fra-1 sshd[30094]: Invalid user testftp from 195.19.4.22 port 61718","@timestamp":"2022-09-18T22:39:25.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:40:26 honeypot-fra-1 sshd[30099]: Connection reset by 179.227.134.64 port 47981 [preauth]","@timestamp":"2022-09-18T22:40:27.102Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:46:49.016Z","@version":"1","message":"Sep 18 22:46:48 honeypot-sgp-1 kernel: [84417310.544287] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=10627 DF PROTO=TCP SPT=43738 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:46:53 honeypot-ams-1 sshd[6636]: Received disconnect from 92.255.85.70 port 19096:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:46:53.701Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:49:00 honeypot-fra-1 kernel: [84415746.148572] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=36635 DF PROTO=TCP SPT=50908 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:49:00.293Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:49:10.075Z","@version":"1","message":"Sep 18 22:49:09 honeypot-sgp-1 sshd[31737]: Disconnected from authenticating user sshd 92.255.85.69 port 46118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:52:41 honeypot-ams-1 kernel: [84418140.643893] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=3497 PROTO=TCP SPT=25974 DPT=80 WINDOW=11574 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:52:41.851Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:56:26 honeypot-fra-1 kernel: [84416192.469481] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.110 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=33838 PROTO=TCP SPT=43712 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:56:27.462Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:58:07.285Z","@version":"1","message":"Sep 18 22:58:07 honeypot-sgp-1 sshd[31741]: Did not receive identification string from 45.61.186.49 port 38950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:58:27 honeypot-ams-1 sshd[6643]: ssh_dispatch_run_fatal: Connection from 136.52.13.251 port 53910: Connection corrupted [preauth]","@timestamp":"2022-09-18T22:58:28.005Z"}
{"@timestamp":"2022-09-18T22:58:33.298Z","@version":"1","message":"Sep 18 22:58:32 honeypot-sgp-1 sshd[31744]: Disconnected from invalid user user 45.61.186.49 port 45650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:00:51 honeypot-fra-1 sshd[30110]: Disconnected from invalid user tibero 64.135.113.136 port 46228 [preauth]","@timestamp":"2022-09-18T23:00:51.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:01:20 honeypot-ams-1 kernel: [84418659.945208] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30538 PROTO=TCP SPT=42077 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:01:21.085Z"}
{"@timestamp":"2022-09-18T23:03:01.403Z","@version":"1","message":"Sep 18 23:03:01 honeypot-sgp-1 kernel: [84418283.698049] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.76 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49290 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:05:34 honeypot-fra-1 sshd[30118]: Invalid user postgres from 193.106.191.157 port 51556","@timestamp":"2022-09-18T23:05:34.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:08:36 honeypot-ams-1 sshd[6648]: Received disconnect from 117.254.93.186 port 40305:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:08:37.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:11:04 honeypot-fra-1 kernel: [84417070.807370] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28937 PROTO=TCP SPT=42663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:11:05.805Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T23:14:07.689Z","@version":"1","message":"Sep 18 23:14:06 honeypot-sgp-1 sshd[31754]: Invalid user gnl from 142.93.116.249 port 39366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:15:01.712Z","@version":"1","message":"Sep 18 23:15:01 honeypot-sgp-1 sshd[31759]: Invalid user blake from 43.154.7.110 port 55834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:17:01.761Z","@version":"1","message":"Sep 18 23:17:01 honeypot-sgp-1 CRON[31763]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:18:03 honeypot-fra-1 sshd[30128]: Connection closed by 121.157.23.122 port 57072 [preauth]","@timestamp":"2022-09-18T23:18:03.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:18:25 honeypot-ams-1 sshd[6654]: Invalid user postgres from 193.106.191.157 port 44398","@timestamp":"2022-09-18T23:18:26.526Z"}
{"@timestamp":"2022-09-18T23:20:10.838Z","@version":"1","message":"Sep 18 23:20:10 honeypot-sgp-1 sshd[31770]: Bad protocol version identification 'GET / HTTP/1.1' from 134.122.112.12 port 60406","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:04 honeypot-ams-1 sshd[6660]: Did not receive identification string from 45.61.184.204 port 37472","@timestamp":"2022-09-18T23:28:05.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:24 honeypot-ams-1 sshd[6663]: Received disconnect from 45.61.184.204 port 34908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:28:24.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:42 honeypot-ams-1 sshd[6667]: Received disconnect from 45.61.184.204 port 57466:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:28:43.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:59 honeypot-ams-1 sshd[6671]: Received disconnect from 45.61.184.204 port 51726:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:28:59.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:29:45 honeypot-fra-1 sshd[30136]: Disconnected from authenticating user root 60.248.95.231 port 42753 [preauth]","@timestamp":"2022-09-18T23:29:45.220Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:34:03 honeypot-ams-1 sshd[6676]: Invalid user postgres from 193.106.191.157 port 55148","@timestamp":"2022-09-18T23:34:03.942Z"}
{"@timestamp":"2022-09-18T23:36:30.222Z","@version":"1","message":"Sep 18 23:36:29 honeypot-sgp-1 sshd[31782]: Invalid user  from 43.153.10.221 port 51098","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:40:02 honeypot-fra-1 kernel: [84418807.939956] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63091 PROTO=TCP SPT=40225 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:40:02.450Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:40:28 honeypot-ams-1 sshd[6681]: Disconnected from authenticating user root 43.245.185.66 port 53292 [preauth]","@timestamp":"2022-09-18T23:40:29.128Z"}
{"@timestamp":"2022-09-18T23:41:30.336Z","@version":"1","message":"Sep 18 23:41:29 honeypot-sgp-1 sshd[31786]: Invalid user admin from 92.255.85.70 port 44692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:42:28 honeypot-fra-1 sshd[30143]: Disconnected from invalid user gitblit 42.119.111.155 port 47046 [preauth]","@timestamp":"2022-09-18T23:42:28.508Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:44:41 honeypot-ams-1 sshd[6687]: Disconnected from authenticating user root 199.115.228.186 port 57828 [preauth]","@timestamp":"2022-09-18T23:44:42.241Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:46:16 honeypot-fra-1 sshd[30146]: Disconnected from invalid user tty 85.165.43.80 port 45800 [preauth]","@timestamp":"2022-09-18T23:46:16.597Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:46:56.463Z","@version":"1","message":"Sep 18 23:46:55 honeypot-sgp-1 sshd[31793]: Received disconnect from 128.199.71.153 port 54420:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:47:50 honeypot-ams-1 sshd[6692]: Disconnected from invalid user admin 92.255.85.69 port 20408 [preauth]","@timestamp":"2022-09-18T23:47:51.326Z"}
{"@timestamp":"2022-09-18T23:49:38.528Z","@version":"1","message":"Sep 18 23:49:37 honeypot-sgp-1 sshd[31797]: Received disconnect from 88.215.1.25 port 62293:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:00 honeypot-ams-1 sshd[6697]: Received disconnect from 45.61.184.204 port 50014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:50:01.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:20 honeypot-ams-1 sshd[6701]: Received disconnect from 45.61.184.204 port 44562:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:50:20.398Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:37 honeypot-ams-1 sshd[6705]: Received disconnect from 45.61.184.204 port 39094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:50:37.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:51:50 honeypot-ams-1 sshd[6710]: Received disconnect from 187.189.51.115 port 16517:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:51:50.441Z"}
{"@timestamp":"2022-09-18T23:58:33.757Z","@version":"1","message":"Sep 18 23:58:33 honeypot-sgp-1 sshd[31803]: Invalid user oracle from 202.165.17.131 port 56874","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:59:44 honeypot-fra-1 kernel: [84419990.092191] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=50069 PROTO=TCP SPT=52655 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:59:44.896Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T00:02:34.852Z","@version":"1","message":"Sep 19 00:02:34 honeypot-sgp-1 sshd[31823]: Invalid user maduro from 139.59.251.146 port 38704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:01.864Z","@version":"1","message":"Sep 19 00:03:01 honeypot-sgp-1 sshd[31827]: Received disconnect from 20.40.73.192 port 41698:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:27.876Z","@version":"1","message":"Sep 19 00:03:27 honeypot-sgp-1 sshd[31832]: Disconnected from invalid user admin 128.199.225.7 port 50888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:04:33.906Z","@version":"1","message":"Sep 19 00:04:33 honeypot-sgp-1 sshd[31838]: Disconnected from authenticating user root 144.24.178.128 port 48540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:04:46 honeypot-fra-1 sshd[30182]: Did not receive identification string from 43.153.10.221 port 44664","@timestamp":"2022-09-19T00:04:47.012Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:05:06.922Z","@version":"1","message":"Sep 19 00:05:06 honeypot-sgp-1 sshd[31844]: Invalid user uftp from 157.230.47.241 port 57938","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:39.957Z","@version":"1","message":"Sep 19 00:05:38 honeypot-sgp-1 sshd[31848]: Received disconnect from 46.101.29.76 port 38326:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:05:56 honeypot-ams-1 kernel: [84422536.024744] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17379 PROTO=TCP SPT=45603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:05:56.819Z"}
{"@timestamp":"2022-09-19T00:06:12.971Z","@version":"1","message":"Sep 19 00:06:11 honeypot-sgp-1 sshd[31852]: Disconnected from authenticating user root 143.244.134.191 port 45628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:29.004Z","@version":"1","message":"Sep 19 00:07:28 honeypot-sgp-1 sshd[31856]: Disconnected from authenticating user root 54.173.202.75 port 50786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:38.009Z","@version":"1","message":"Sep 19 00:07:37 honeypot-sgp-1 sshd[31860]: Disconnected from invalid user allmighty 20.197.3.90 port 55028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:08:07.023Z","@version":"1","message":"Sep 19 00:08:06 honeypot-sgp-1 sshd[31864]: Received disconnect from 51.75.170.189 port 37792:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:09:15.051Z","@version":"1","message":"Sep 19 00:09:14 honeypot-sgp-1 sshd[31869]: Disconnected from authenticating user root 23.96.83.144 port 57274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:10:23.081Z","@version":"1","message":"Sep 19 00:10:22 honeypot-sgp-1 sshd[31875]: Received disconnect from 80.87.83.58 port 55604:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:14:50.185Z","@version":"1","message":"Sep 19 00:14:49 honeypot-sgp-1 sshd[31882]: Invalid user admin from 165.232.158.22 port 43622","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:15:06 honeypot-fra-1 sshd[30186]: Received disconnect from 92.255.85.70 port 59368:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:15:07.247Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:17:01 honeypot-ams-1 CRON[6736]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T00:17:02.136Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:17:01 honeypot-fra-1 CRON[30191]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T00:17:02.291Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:17:02.238Z","@version":"1","message":"Sep 19 00:17:01 honeypot-sgp-1 CRON[31886]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:24:28 honeypot-ams-1 sshd[6742]: Invalid user admin from 188.117.226.212 port 60884","@timestamp":"2022-09-19T00:24:29.337Z"}
{"@timestamp":"2022-09-19T00:29:47.533Z","@version":"1","message":"Sep 19 00:29:46 honeypot-sgp-1 sshd[31895]: Invalid user pentakill from 97.74.83.174 port 46938","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:31:54 honeypot-ams-1 kernel: [84424093.655124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.69 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=24463 PROTO=TCP SPT=54772 DPT=5432 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:31:54.539Z"}
{"@timestamp":"2022-09-19T00:34:57.655Z","@version":"1","message":"Sep 19 00:34:57 honeypot-sgp-1 sshd[31902]: Connection closed by invalid user pi 79.84.154.45 port 53840 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:35:47 honeypot-fra-1 kernel: [84422153.531070] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=52594 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:35:48.715Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:42:36 honeypot-fra-1 sshd[30202]: Received disconnect from 92.255.85.69 port 45948:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:42:36.867Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:47:17 honeypot-ams-1 sshd[6751]: Disconnected from authenticating user root 104.131.181.4 port 38826 [preauth]","@timestamp":"2022-09-19T00:47:17.943Z"}
{"@timestamp":"2022-09-19T00:47:42.954Z","@version":"1","message":"Sep 19 00:47:42 honeypot-sgp-1 kernel: [84424564.704411] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.47.17.238 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=64147 DF PROTO=TCP SPT=63534 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:53:56 honeypot-ams-1 kernel: [84425416.274440] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.96.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41646 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:53:57.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:56:29 honeypot-ams-1 sshd[6761]: Invalid user comercial from 188.157.24.174 port 60910","@timestamp":"2022-09-19T00:56:30.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6773]: Invalid user user from 195.19.96.168 port 59140","@timestamp":"2022-09-19T01:00:24.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6770]: Connection closed by authenticating user root 195.19.96.168 port 59110 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6779]: Connection closed by invalid user user 195.19.96.168 port 59104 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6794]: Invalid user ubuntu from 195.19.96.168 port 59092","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6781]: Invalid user admin from 195.19.96.168 port 59036","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6792]: Connection closed by authenticating user root 195.19.96.168 port 59124 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6781]: Connection closed by invalid user admin 195.19.96.168 port 59036 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6782]: Connection closed by invalid user oracle 195.19.96.168 port 59034 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:25 honeypot-ams-1 sshd[6819]: Invalid user testuser from 195.19.96.168 port 59038","@timestamp":"2022-09-19T01:00:25.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:00:59 honeypot-fra-1 sshd[30209]: Connection closed by invalid user admin 59.27.20.202 port 33521 [preauth]","@timestamp":"2022-09-19T01:00:59.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:05:43 honeypot-ams-1 kernel: [84426122.708284] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=39061 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:05:43.442Z"}
{"@timestamp":"2022-09-19T01:07:47.419Z","@version":"1","message":"Sep 19 01:07:46 honeypot-sgp-1 sshd[31915]: Invalid user mapr from 165.232.172.31 port 56996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:12:18 honeypot-fra-1 kernel: [84424344.363253] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.101.148.152 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=18196 PROTO=TCP SPT=49937 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:12:19.529Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:14:43.578Z","@version":"1","message":"Sep 19 01:14:42 honeypot-sgp-1 sshd[31920]: Received disconnect from 122.165.132.5 port 55234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:17:09 honeypot-fra-1 sshd[30218]: Invalid user usuario from 92.255.85.70 port 30960","@timestamp":"2022-09-19T01:17:10.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:17:28 honeypot-ams-1 sshd[6833]: Disconnected from invalid user wk 128.199.57.142 port 53750 [preauth]","@timestamp":"2022-09-19T01:17:28.748Z"}
{"@timestamp":"2022-09-19T01:18:36.672Z","@version":"1","message":"Sep 19 01:18:36 honeypot-sgp-1 sshd[31925]: Invalid user usuario from 92.255.85.69 port 52042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:20:29 honeypot-ams-1 kernel: [84427008.503211] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.185.25.168 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=443 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:20:29.847Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:28:08 honeypot-fra-1 sshd[30222]: Invalid user dante from 112.186.86.93 port 57800","@timestamp":"2022-09-19T01:28:08.924Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:30:16 honeypot-ams-1 kernel: [84427595.553081] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=37110 PROTO=TCP SPT=44011 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:30:17.107Z"}
{"@timestamp":"2022-09-19T01:30:24.974Z","@version":"1","message":"Sep 19 01:30:24 honeypot-sgp-1 kernel: [84427127.039692] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=57689 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:43:42 honeypot-fra-1 sshd[30667]: Connection closed by invalid user ftp 193.106.191.157 port 38398 [preauth]","@timestamp":"2022-09-19T01:43:43.271Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:47:48 honeypot-ams-1 kernel: [84428647.487326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30590 PROTO=TCP SPT=51737 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:47:48.567Z"}
{"@timestamp":"2022-09-19T01:49:14.417Z","@version":"1","message":"Sep 19 01:49:14 honeypot-sgp-1 sshd[32373]: Received disconnect from 190.144.139.235 port 60674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:51:26 honeypot-fra-1 kernel: [84426692.484077] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=88.202.190.149 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=80 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:51:27.447Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:53:16.513Z","@version":"1","message":"Sep 19 01:53:16 honeypot-sgp-1 sshd[32376]: Disconnected from invalid user Administrator 92.255.85.70 port 63298 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:59:40.667Z","@version":"1","message":"Sep 19 01:59:40 honeypot-sgp-1 sshd[32383]: Disconnected from invalid user admin 157.230.234.93 port 39446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:59:58 honeypot-fra-1 kernel: [84427204.171661] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=13730 PROTO=TCP SPT=42301 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:59:59.639Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:51 honeypot-fra-1 sshd[30687]: Connection closed by authenticating user root 103.241.181.174 port 47140 [preauth]","@timestamp":"2022-09-19T02:03:51.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:57 honeypot-fra-1 sshd[30699]: Connection closed by authenticating user root 103.241.181.174 port 48190 [preauth]","@timestamp":"2022-09-19T02:03:57.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:03 honeypot-fra-1 sshd[30711]: Connection closed by authenticating user root 103.241.181.174 port 49304 [preauth]","@timestamp":"2022-09-19T02:04:03.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:09 honeypot-fra-1 sshd[30723]: Connection closed by authenticating user root 103.241.181.174 port 50286 [preauth]","@timestamp":"2022-09-19T02:04:09.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:15 honeypot-fra-1 sshd[30735]: Connection closed by authenticating user root 103.241.181.174 port 51394 [preauth]","@timestamp":"2022-09-19T02:04:16.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:21 honeypot-fra-1 sshd[30747]: Connection closed by authenticating user root 103.241.181.174 port 52434 [preauth]","@timestamp":"2022-09-19T02:04:22.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:27 honeypot-fra-1 sshd[30762]: Connection closed by authenticating user root 103.241.181.174 port 53478 [preauth]","@timestamp":"2022-09-19T02:04:28.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:32 honeypot-fra-1 sshd[30772]: Connection closed by authenticating user root 103.241.181.174 port 54312 [preauth]","@timestamp":"2022-09-19T02:04:33.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:38 honeypot-fra-1 sshd[30784]: Connection closed by authenticating user root 103.241.181.174 port 55328 [preauth]","@timestamp":"2022-09-19T02:04:38.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:04:39 honeypot-ams-1 kernel: [84429658.607902] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55727 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:04:40.010Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:44 honeypot-fra-1 sshd[30796]: Connection closed by authenticating user root 103.241.181.174 port 56416 [preauth]","@timestamp":"2022-09-19T02:04:45.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:50 honeypot-fra-1 sshd[30808]: Connection closed by authenticating user root 103.241.181.174 port 57454 [preauth]","@timestamp":"2022-09-19T02:04:51.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:56 honeypot-fra-1 sshd[30820]: Connection closed by authenticating user root 103.241.181.174 port 58444 [preauth]","@timestamp":"2022-09-19T02:04:57.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:03 honeypot-fra-1 sshd[30833]: Connection closed by authenticating user root 103.241.181.174 port 59552 [preauth]","@timestamp":"2022-09-19T02:05:03.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:09 honeypot-fra-1 sshd[30845]: Invalid user user from 103.241.181.174 port 60658","@timestamp":"2022-09-19T02:05:09.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:12 honeypot-fra-1 sshd[30851]: Invalid user user from 103.241.181.174 port 32944","@timestamp":"2022-09-19T02:05:12.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:15 honeypot-fra-1 sshd[30857]: Invalid user user from 103.241.181.174 port 33530","@timestamp":"2022-09-19T02:05:15.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:18 honeypot-fra-1 sshd[30863]: Invalid user user from 103.241.181.174 port 34030","@timestamp":"2022-09-19T02:05:19.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:21 honeypot-fra-1 sshd[30869]: Invalid user user from 103.241.181.174 port 34560","@timestamp":"2022-09-19T02:05:21.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:24 honeypot-fra-1 sshd[30875]: Invalid user user from 103.241.181.174 port 35084","@timestamp":"2022-09-19T02:05:24.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:27 honeypot-fra-1 sshd[30881]: Invalid user user from 103.241.181.174 port 35562","@timestamp":"2022-09-19T02:05:27.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:30 honeypot-fra-1 sshd[30887]: Invalid user user from 103.241.181.174 port 36032","@timestamp":"2022-09-19T02:05:30.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:33 honeypot-fra-1 sshd[30893]: Invalid user user from 103.241.181.174 port 36634","@timestamp":"2022-09-19T02:05:33.796Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:36 honeypot-fra-1 sshd[30899]: Invalid user user from 103.241.181.174 port 37122","@timestamp":"2022-09-19T02:05:36.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:39 honeypot-fra-1 sshd[30905]: Invalid user user from 103.241.181.174 port 37678","@timestamp":"2022-09-19T02:05:39.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:42 honeypot-fra-1 sshd[30911]: Invalid user user from 103.241.181.174 port 38218","@timestamp":"2022-09-19T02:05:42.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:45 honeypot-fra-1 sshd[30917]: Invalid user user from 103.241.181.174 port 38730","@timestamp":"2022-09-19T02:05:45.803Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:48 honeypot-fra-1 sshd[30923]: Invalid user user from 103.241.181.174 port 39198","@timestamp":"2022-09-19T02:05:48.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:51 honeypot-fra-1 sshd[30929]: Invalid user user from 103.241.181.174 port 39774","@timestamp":"2022-09-19T02:05:51.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:54 honeypot-fra-1 sshd[30935]: Invalid user user from 103.241.181.174 port 40266","@timestamp":"2022-09-19T02:05:54.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:57 honeypot-fra-1 sshd[30941]: Invalid user user from 103.241.181.174 port 40768","@timestamp":"2022-09-19T02:05:57.811Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:00 honeypot-fra-1 sshd[30947]: Invalid user user from 103.241.181.174 port 41268","@timestamp":"2022-09-19T02:06:00.813Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:03 honeypot-fra-1 sshd[30953]: Invalid user user from 103.241.181.174 port 41882","@timestamp":"2022-09-19T02:06:04.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:07 honeypot-fra-1 sshd[30959]: Invalid user user from 103.241.181.174 port 42432","@timestamp":"2022-09-19T02:06:07.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:10 honeypot-fra-1 sshd[30965]: Invalid user user from 103.241.181.174 port 43016","@timestamp":"2022-09-19T02:06:10.820Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:13 honeypot-fra-1 sshd[30971]: Invalid user user from 103.241.181.174 port 43570","@timestamp":"2022-09-19T02:06:13.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:16 honeypot-fra-1 sshd[30977]: Invalid user user from 103.241.181.174 port 44086","@timestamp":"2022-09-19T02:06:17.825Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:19 honeypot-fra-1 sshd[30983]: Invalid user user from 103.241.181.174 port 44620","@timestamp":"2022-09-19T02:06:20.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:23 honeypot-fra-1 sshd[30989]: Invalid user user from 103.241.181.174 port 45176","@timestamp":"2022-09-19T02:06:23.829Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:26 honeypot-fra-1 sshd[30995]: Invalid user user from 103.241.181.174 port 45672","@timestamp":"2022-09-19T02:06:26.831Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:29 honeypot-fra-1 sshd[31001]: Invalid user user from 103.241.181.174 port 46230","@timestamp":"2022-09-19T02:06:29.833Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:32 honeypot-fra-1 sshd[31007]: Invalid user user from 103.241.181.174 port 46758","@timestamp":"2022-09-19T02:06:32.836Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:35 honeypot-fra-1 sshd[31013]: Invalid user ubuntu from 103.241.181.174 port 47330","@timestamp":"2022-09-19T02:06:35.838Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:38 honeypot-fra-1 sshd[31019]: Invalid user ubuntu from 103.241.181.174 port 47802","@timestamp":"2022-09-19T02:06:38.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:41 honeypot-fra-1 sshd[31025]: Invalid user ubuntu from 103.241.181.174 port 48308","@timestamp":"2022-09-19T02:06:41.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:44 honeypot-fra-1 sshd[31031]: Invalid user ubuntu from 103.241.181.174 port 48884","@timestamp":"2022-09-19T02:06:44.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:47 honeypot-fra-1 sshd[31037]: Invalid user ubuntu from 103.241.181.174 port 49402","@timestamp":"2022-09-19T02:06:47.846Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:50 honeypot-fra-1 sshd[31043]: Invalid user ubuntu from 103.241.181.174 port 49884","@timestamp":"2022-09-19T02:06:50.848Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:53 honeypot-fra-1 sshd[31049]: Invalid user ubuntu from 103.241.181.174 port 50436","@timestamp":"2022-09-19T02:06:53.850Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:56 honeypot-fra-1 sshd[31055]: Invalid user ubuntu from 103.241.181.174 port 50980","@timestamp":"2022-09-19T02:06:56.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:59 honeypot-fra-1 sshd[31061]: Invalid user ubuntu from 103.241.181.174 port 51466","@timestamp":"2022-09-19T02:06:59.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:02 honeypot-fra-1 sshd[31067]: Invalid user ubuntu from 103.241.181.174 port 52030","@timestamp":"2022-09-19T02:07:03.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:05 honeypot-fra-1 sshd[31073]: Invalid user ubuntu from 103.241.181.174 port 52538","@timestamp":"2022-09-19T02:07:05.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:09 honeypot-fra-1 sshd[31079]: Invalid user ubuntu from 103.241.181.174 port 53134","@timestamp":"2022-09-19T02:07:09.860Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:12 honeypot-fra-1 sshd[31085]: Invalid user ubuntu from 103.241.181.174 port 53624","@timestamp":"2022-09-19T02:07:12.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:15 honeypot-fra-1 sshd[31091]: Invalid user ubuntu from 103.241.181.174 port 54220","@timestamp":"2022-09-19T02:07:15.864Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:18 honeypot-fra-1 sshd[31099]: Invalid user ubuntu from 103.241.181.174 port 54926","@timestamp":"2022-09-19T02:07:18.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:21 honeypot-fra-1 sshd[31105]: Invalid user ubuntu from 103.241.181.174 port 55556","@timestamp":"2022-09-19T02:07:21.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:24 honeypot-fra-1 sshd[31111]: Invalid user ubuntu from 103.241.181.174 port 56222","@timestamp":"2022-09-19T02:07:24.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:26 honeypot-fra-1 sshd[31097]: Connection closed by 192.241.216.50 port 35720 [preauth]","@timestamp":"2022-09-19T02:07:26.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:29 honeypot-fra-1 sshd[31121]: Connection closed by invalid user ubuntu 103.241.181.174 port 57382 [preauth]","@timestamp":"2022-09-19T02:07:29.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:32 honeypot-fra-1 sshd[31127]: Connection closed by invalid user ubuntu 103.241.181.174 port 58066 [preauth]","@timestamp":"2022-09-19T02:07:33.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:36 honeypot-fra-1 sshd[31133]: Connection closed by invalid user ubuntu 103.241.181.174 port 58762 [preauth]","@timestamp":"2022-09-19T02:07:36.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:39 honeypot-fra-1 sshd[31139]: Connection closed by invalid user ubuntu 103.241.181.174 port 59432 [preauth]","@timestamp":"2022-09-19T02:07:39.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:42 honeypot-fra-1 sshd[31145]: Connection closed by invalid user ubuntu 103.241.181.174 port 59978 [preauth]","@timestamp":"2022-09-19T02:07:42.883Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:45 honeypot-fra-1 sshd[31151]: Connection closed by invalid user ubuntu 103.241.181.174 port 60510 [preauth]","@timestamp":"2022-09-19T02:07:45.885Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:48 honeypot-fra-1 sshd[31157]: Connection closed by invalid user ubuntu 103.241.181.174 port 32804 [preauth]","@timestamp":"2022-09-19T02:07:48.888Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:51 honeypot-fra-1 sshd[31163]: Connection closed by invalid user ubuntu 103.241.181.174 port 33394 [preauth]","@timestamp":"2022-09-19T02:07:51.890Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:54 honeypot-fra-1 sshd[31169]: Connection closed by invalid user ubuntu 103.241.181.174 port 33950 [preauth]","@timestamp":"2022-09-19T02:07:54.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:57 honeypot-fra-1 sshd[31175]: Connection closed by invalid user debian 103.241.181.174 port 34556 [preauth]","@timestamp":"2022-09-19T02:07:58.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:00 honeypot-fra-1 sshd[31181]: Connection closed by invalid user debian 103.241.181.174 port 35050 [preauth]","@timestamp":"2022-09-19T02:08:00.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:04 honeypot-fra-1 sshd[31187]: Connection closed by invalid user debian 103.241.181.174 port 35646 [preauth]","@timestamp":"2022-09-19T02:08:04.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:07 honeypot-fra-1 sshd[31193]: Connection closed by invalid user debian 103.241.181.174 port 36212 [preauth]","@timestamp":"2022-09-19T02:08:07.900Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:10 honeypot-fra-1 sshd[31199]: Connection closed by invalid user debian 103.241.181.174 port 36816 [preauth]","@timestamp":"2022-09-19T02:08:10.902Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:13 honeypot-fra-1 sshd[31205]: Connection closed by invalid user debian 103.241.181.174 port 37382 [preauth]","@timestamp":"2022-09-19T02:08:13.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:17 honeypot-fra-1 sshd[31211]: Connection closed by invalid user debian 103.241.181.174 port 38028 [preauth]","@timestamp":"2022-09-19T02:08:17.907Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:19 honeypot-fra-1 sshd[31217]: Connection closed by invalid user debian 103.241.181.174 port 38548 [preauth]","@timestamp":"2022-09-19T02:08:20.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:23 honeypot-fra-1 sshd[31223]: Connection closed by invalid user debian 103.241.181.174 port 39100 [preauth]","@timestamp":"2022-09-19T02:08:23.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:26 honeypot-fra-1 sshd[31229]: Connection closed by invalid user debian 103.241.181.174 port 39720 [preauth]","@timestamp":"2022-09-19T02:08:26.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:29 honeypot-fra-1 sshd[31235]: Connection closed by invalid user debian 103.241.181.174 port 40298 [preauth]","@timestamp":"2022-09-19T02:08:29.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:32 honeypot-fra-1 sshd[31242]: Connection closed by invalid user debian 103.241.181.174 port 40928 [preauth]","@timestamp":"2022-09-19T02:08:32.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:36 honeypot-fra-1 sshd[31248]: Connection closed by invalid user debian 103.241.181.174 port 41490 [preauth]","@timestamp":"2022-09-19T02:08:36.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:39 honeypot-fra-1 sshd[31254]: Connection closed by invalid user debian 103.241.181.174 port 42070 [preauth]","@timestamp":"2022-09-19T02:08:39.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:42 honeypot-fra-1 sshd[31260]: Connection closed by invalid user debian 103.241.181.174 port 42616 [preauth]","@timestamp":"2022-09-19T02:08:42.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:45 honeypot-fra-1 sshd[31266]: Connection closed by invalid user debian 103.241.181.174 port 43194 [preauth]","@timestamp":"2022-09-19T02:08:45.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:48 honeypot-fra-1 sshd[31272]: Connection closed by invalid user debian 103.241.181.174 port 43734 [preauth]","@timestamp":"2022-09-19T02:08:48.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:51 honeypot-fra-1 sshd[31278]: Connection closed by invalid user debian 103.241.181.174 port 44322 [preauth]","@timestamp":"2022-09-19T02:08:51.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:54 honeypot-fra-1 sshd[31284]: Connection closed by invalid user debian 103.241.181.174 port 44894 [preauth]","@timestamp":"2022-09-19T02:08:54.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:57 honeypot-fra-1 sshd[31290]: Connection closed by invalid user debian 103.241.181.174 port 45418 [preauth]","@timestamp":"2022-09-19T02:08:57.933Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:00 honeypot-fra-1 sshd[31296]: Connection closed by invalid user debian 103.241.181.174 port 45976 [preauth]","@timestamp":"2022-09-19T02:09:01.936Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:04 honeypot-fra-1 sshd[31302]: Connection closed by invalid user debian 103.241.181.174 port 46620 [preauth]","@timestamp":"2022-09-19T02:09:04.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:07 honeypot-fra-1 sshd[31308]: Connection closed by invalid user debian 103.241.181.174 port 47178 [preauth]","@timestamp":"2022-09-19T02:09:07.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:10 honeypot-fra-1 sshd[31314]: Connection closed by invalid user debian 103.241.181.174 port 47802 [preauth]","@timestamp":"2022-09-19T02:09:10.942Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:14 honeypot-fra-1 sshd[31320]: Connection closed by invalid user debian 103.241.181.174 port 48312 [preauth]","@timestamp":"2022-09-19T02:09:14.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:17 honeypot-fra-1 sshd[31326]: Connection closed by invalid user debian 103.241.181.174 port 48928 [preauth]","@timestamp":"2022-09-19T02:09:17.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:20 honeypot-fra-1 sshd[31332]: Connection closed by invalid user debian 103.241.181.174 port 49536 [preauth]","@timestamp":"2022-09-19T02:09:20.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:23 honeypot-fra-1 sshd[31338]: Connection closed by invalid user debian 103.241.181.174 port 50100 [preauth]","@timestamp":"2022-09-19T02:09:23.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:27 honeypot-fra-1 sshd[31344]: Connection closed by invalid user admin 103.241.181.174 port 50702 [preauth]","@timestamp":"2022-09-19T02:09:27.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:30 honeypot-fra-1 sshd[31350]: Connection closed by invalid user admin 103.241.181.174 port 51228 [preauth]","@timestamp":"2022-09-19T02:09:30.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:32 honeypot-fra-1 sshd[31356]: Connection closed by invalid user admin 103.241.181.174 port 51598 [preauth]","@timestamp":"2022-09-19T02:09:32.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:34 honeypot-fra-1 sshd[31362]: Connection closed by invalid user admin 103.241.181.174 port 52080 [preauth]","@timestamp":"2022-09-19T02:09:34.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:38 honeypot-fra-1 sshd[31368]: Connection closed by invalid user admin 103.241.181.174 port 52666 [preauth]","@timestamp":"2022-09-19T02:09:38.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:41 honeypot-fra-1 sshd[31374]: Connection closed by invalid user admin 103.241.181.174 port 53200 [preauth]","@timestamp":"2022-09-19T02:09:41.963Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:44 honeypot-fra-1 sshd[31380]: Connection closed by invalid user admin 103.241.181.174 port 53736 [preauth]","@timestamp":"2022-09-19T02:09:44.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:47 honeypot-fra-1 sshd[31386]: Connection closed by invalid user admin 103.241.181.174 port 54320 [preauth]","@timestamp":"2022-09-19T02:09:47.968Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:50 honeypot-fra-1 sshd[31392]: Connection closed by invalid user admin 103.241.181.174 port 54846 [preauth]","@timestamp":"2022-09-19T02:09:50.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:52 honeypot-fra-1 sshd[31398]: Invalid user admin from 103.241.181.174 port 55214","@timestamp":"2022-09-19T02:09:52.971Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:55 honeypot-fra-1 sshd[31404]: Invalid user admin from 103.241.181.174 port 55758","@timestamp":"2022-09-19T02:09:56.973Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:59 honeypot-fra-1 sshd[31410]: Invalid user admin from 103.241.181.174 port 56392","@timestamp":"2022-09-19T02:09:59.975Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:02 honeypot-fra-1 sshd[31417]: Invalid user admin from 103.241.181.174 port 57034","@timestamp":"2022-09-19T02:10:02.978Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:05 honeypot-fra-1 sshd[31423]: Invalid user admin from 103.241.181.174 port 57654","@timestamp":"2022-09-19T02:10:05.980Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:08 honeypot-fra-1 sshd[31429]: Invalid user admin from 103.241.181.174 port 58308","@timestamp":"2022-09-19T02:10:08.982Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:11 honeypot-fra-1 sshd[31435]: Invalid user admin from 103.241.181.174 port 59034","@timestamp":"2022-09-19T02:10:11.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:14 honeypot-fra-1 sshd[31439]: Invalid user idempiere from 202.51.74.123 port 36664","@timestamp":"2022-09-19T02:10:14.985Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:16 honeypot-fra-1 sshd[31445]: Connection closed by invalid user admin 103.241.181.174 port 59902 [preauth]","@timestamp":"2022-09-19T02:10:16.986Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:19 honeypot-fra-1 sshd[31451]: Connection closed by invalid user admin 103.241.181.174 port 60620 [preauth]","@timestamp":"2022-09-19T02:10:19.989Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:22 honeypot-fra-1 sshd[31457]: Connection closed by invalid user admin 103.241.181.174 port 33044 [preauth]","@timestamp":"2022-09-19T02:10:22.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:25 honeypot-fra-1 sshd[31463]: Connection closed by invalid user admin 103.241.181.174 port 33550 [preauth]","@timestamp":"2022-09-19T02:10:25.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:29 honeypot-fra-1 sshd[31469]: Connection closed by invalid user admin 103.241.181.174 port 34140 [preauth]","@timestamp":"2022-09-19T02:10:29.995Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:32 honeypot-fra-1 sshd[31475]: Connection closed by invalid user admin 103.241.181.174 port 34724 [preauth]","@timestamp":"2022-09-19T02:10:32.998Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:35 honeypot-fra-1 sshd[31481]: Connection closed by invalid user admin 103.241.181.174 port 35198 [preauth]","@timestamp":"2022-09-19T02:10:36.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:38 honeypot-fra-1 sshd[31487]: Connection closed by invalid user admin 103.241.181.174 port 35776 [preauth]","@timestamp":"2022-09-19T02:10:39.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:41 honeypot-fra-1 sshd[31493]: Connection closed by invalid user admin 103.241.181.174 port 36336 [preauth]","@timestamp":"2022-09-19T02:10:42.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:44 honeypot-fra-1 sshd[31499]: Connection closed by invalid user admin 103.241.181.174 port 36824 [preauth]","@timestamp":"2022-09-19T02:10:45.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:47 honeypot-fra-1 sshd[31505]: Connection closed by invalid user admin 103.241.181.174 port 37360 [preauth]","@timestamp":"2022-09-19T02:10:48.009Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:50 honeypot-fra-1 sshd[31511]: Connection closed by invalid user pi 103.241.181.174 port 37900 [preauth]","@timestamp":"2022-09-19T02:10:51.011Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:15:30.053Z","@version":"1","message":"Sep 19 02:15:29 honeypot-sgp-1 kernel: [84429831.648981] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=36666 DF PROTO=TCP SPT=2491 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:16:56.093Z","@version":"1","message":"Sep 19 02:16:55 honeypot-sgp-1 sshd[32391]: Disconnected from invalid user postgres 92.255.85.69 port 46116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:17:01 honeypot-fra-1 CRON[31518]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T02:17:02.152Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:17:04 honeypot-ams-1 kernel: [84430403.363549] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=35652 PROTO=TCP SPT=53271 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:17:04.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:55 honeypot-ams-1 sshd[6863]: Received disconnect from 45.61.184.204 port 37156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:17:55.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:12 honeypot-ams-1 sshd[6867]: Received disconnect from 45.61.184.204 port 59650:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:18:13.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:30 honeypot-ams-1 sshd[6871]: Received disconnect from 45.61.184.204 port 53898:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:18:30.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:41 honeypot-ams-1 sshd[6875]: Received disconnect from 92.255.85.69 port 45568:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:18:41.391Z"}
{"@timestamp":"2022-09-19T02:20:28.183Z","@version":"1","message":"Sep 19 02:20:27 honeypot-sgp-1 sshd[32398]: Received disconnect from 45.61.184.204 port 59820:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:20:49.194Z","@version":"1","message":"Sep 19 02:20:48 honeypot-sgp-1 sshd[32402]: Received disconnect from 45.61.184.204 port 54984:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:07.203Z","@version":"1","message":"Sep 19 02:21:06 honeypot-sgp-1 sshd[32406]: Received disconnect from 45.61.184.204 port 50122:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:25.212Z","@version":"1","message":"Sep 19 02:21:24 honeypot-sgp-1 sshd[32410]: Received disconnect from 45.61.184.204 port 45274:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:20 honeypot-fra-1 sshd[31525]: Invalid user user from 45.61.184.204 port 59896","@timestamp":"2022-09-19T02:23:21.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:40 honeypot-fra-1 sshd[31529]: Invalid user user from 45.61.184.204 port 55082","@timestamp":"2022-09-19T02:23:41.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:00 honeypot-fra-1 sshd[31533]: Invalid user user from 45.61.184.204 port 50274","@timestamp":"2022-09-19T02:24:00.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:18 honeypot-fra-1 sshd[31537]: Invalid user user from 45.61.184.204 port 45466","@timestamp":"2022-09-19T02:24:19.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:26 honeypot-fra-1 sshd[31539]: Disconnected from invalid user columb 104.248.1.96 port 55698 [preauth]","@timestamp":"2022-09-19T02:24:27.330Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:27:41.369Z","@version":"1","message":"Sep 19 02:27:40 honeypot-sgp-1 sshd[32415]: Disconnected from invalid user ine 187.86.132.252 port 48750 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:29:44 honeypot-ams-1 sshd[6880]: Received disconnect from 187.51.55.82 port 53892:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:29:44.674Z"}
{"@timestamp":"2022-09-19T02:31:18.461Z","@version":"1","message":"Sep 19 02:31:17 honeypot-sgp-1 sshd[32419]: Disconnected from invalid user jbandox 52.151.65.193 port 44986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:34:43 honeypot-ams-1 sshd[6885]: Disconnected from invalid user eileen 203.223.191.206 port 53436 [preauth]","@timestamp":"2022-09-19T02:34:43.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:35:18 honeypot-fra-1 kernel: [84429323.835477] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.189.210.59 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=57796 PROTO=TCP SPT=40624 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:35:18.574Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T02:35:35.573Z","@version":"1","message":"Sep 19 02:35:34 honeypot-sgp-1 sshd[32426]: Disconnecting invalid user cameras 185.246.130.20 port 8518: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:35:58.585Z","@version":"1","message":"Sep 19 02:35:58 honeypot-sgp-1 sshd[32432]: Disconnecting invalid user  185.246.130.20 port 16249: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:26.600Z","@version":"1","message":"Sep 19 02:36:26 honeypot-sgp-1 sshd[32438]: Disconnecting invalid user admin 185.246.130.20 port 60364: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:02.619Z","@version":"1","message":"Sep 19 02:37:02 honeypot-sgp-1 sshd[32446]: Invalid user 1234 from 185.246.130.20 port 52375","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:30.633Z","@version":"1","message":"Sep 19 02:37:30 honeypot-sgp-1 sshd[32452]: Invalid user  from 185.246.130.20 port 47133","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:54.646Z","@version":"1","message":"Sep 19 02:37:54 honeypot-sgp-1 sshd[32458]: Disconnecting invalid user Admin 185.246.130.20 port 4691: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:16.657Z","@version":"1","message":"Sep 19 02:38:16 honeypot-sgp-1 sshd[32464]: Disconnecting invalid user guest 185.246.130.20 port 33288: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:47.674Z","@version":"1","message":"Sep 19 02:38:47 honeypot-sgp-1 sshd[32472]: Invalid user admin from 176.15.138.108 port 2710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:02.683Z","@version":"1","message":"Sep 19 02:39:02 honeypot-sgp-1 sshd[32476]: Disconnecting invalid user cisco 185.246.130.20 port 59682: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:29.696Z","@version":"1","message":"Sep 19 02:39:29 honeypot-sgp-1 sshd[32484]: Invalid user Administrator from 185.246.130.20 port 41876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:51.709Z","@version":"1","message":"Sep 19 02:39:51 honeypot-sgp-1 sshd[32490]: Invalid user sti.admin5 from 185.246.130.20 port 17193","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:13.721Z","@version":"1","message":"Sep 19 02:40:12 honeypot-sgp-1 sshd[32496]: Invalid user zhone from 185.246.130.20 port 3360","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:42.736Z","@version":"1","message":"Sep 19 02:40:42 honeypot-sgp-1 sshd[32504]: Invalid user default from 185.246.130.20 port 29862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:08.751Z","@version":"1","message":"Sep 19 02:41:08 honeypot-sgp-1 sshd[32510]: Invalid user Administrator from 185.246.130.20 port 62007","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:31.763Z","@version":"1","message":"Sep 19 02:41:30 honeypot-sgp-1 sshd[32516]: Invalid user admin from 185.246.130.20 port 9317","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:51.774Z","@version":"1","message":"Sep 19 02:41:51 honeypot-sgp-1 sshd[32522]: Invalid user comcast from 185.246.130.20 port 4670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:10.784Z","@version":"1","message":"Sep 19 02:42:09 honeypot-sgp-1 sshd[32528]: Invalid user admin1234 from 185.246.130.20 port 12374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:28.793Z","@version":"1","message":"Sep 19 02:42:28 honeypot-sgp-1 sshd[32534]: Invalid user admin from 185.246.130.20 port 18605","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:45.802Z","@version":"1","message":"Sep 19 02:42:44 honeypot-sgp-1 sshd[32540]: Invalid user admin from 185.246.130.20 port 53574","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:08.815Z","@version":"1","message":"Sep 19 02:43:08 honeypot-sgp-1 sshd[32546]: Disconnecting invalid user admin 185.246.130.20 port 17557: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:30.826Z","@version":"1","message":"Sep 19 02:43:30 honeypot-sgp-1 sshd[32552]: Disconnecting invalid user admin 185.246.130.20 port 42643: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:51.838Z","@version":"1","message":"Sep 19 02:43:51 honeypot-sgp-1 sshd[32558]: Disconnecting invalid user Shiko 185.246.130.20 port 32845: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:44:08 honeypot-ams-1 sshd[6890]: Invalid user admin from 197.45.35.19 port 60410","@timestamp":"2022-09-19T02:44:09.065Z"}
{"@timestamp":"2022-09-19T02:44:11.848Z","@version":"1","message":"Sep 19 02:44:10 honeypot-sgp-1 sshd[32564]: Disconnecting invalid user smcadmin 185.246.130.20 port 25432: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:26.856Z","@version":"1","message":"Sep 19 02:44:26 honeypot-sgp-1 sshd[32570]: Disconnecting invalid user highspeed 185.246.130.20 port 36555: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:41.864Z","@version":"1","message":"Sep 19 02:44:41 honeypot-sgp-1 sshd[32576]: Disconnecting invalid user  185.246.130.20 port 14839: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:02.876Z","@version":"1","message":"Sep 19 02:45:02 honeypot-sgp-1 sshd[32582]: Disconnecting invalid user public 185.246.130.20 port 56923: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:27.889Z","@version":"1","message":"Sep 19 02:45:27 honeypot-sgp-1 sshd[32591]: Invalid user 123456 from 185.246.130.20 port 14366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:46.900Z","@version":"1","message":"Sep 19 02:45:46 honeypot-sgp-1 sshd[32596]: Disconnecting invalid user amdin 185.246.130.20 port 10104: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:04.910Z","@version":"1","message":"Sep 19 02:46:03 honeypot-sgp-1 sshd[32602]: Disconnecting invalid user admin 185.246.130.20 port 52051: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:20.919Z","@version":"1","message":"Sep 19 02:46:20 honeypot-sgp-1 sshd[32608]: Disconnecting invalid user admin 185.246.130.20 port 50032: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:34.927Z","@version":"1","message":"Sep 19 02:46:34 honeypot-sgp-1 sshd[32614]: Disconnecting invalid user 1admin0 185.246.130.20 port 15348: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:46:40 honeypot-ams-1 sshd[6895]: Connection closed by invalid user admin 125.229.136.143 port 56638 [preauth]","@timestamp":"2022-09-19T02:46:41.136Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:51:13 honeypot-fra-1 kernel: [84430278.752965] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=35929 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:51:13.932Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T02:52:01.065Z","@version":"1","message":"Sep 19 02:52:00 honeypot-sgp-1 kernel: [84432022.426057] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47744 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:57:07.198Z","@version":"1","message":"Sep 19 02:57:06 honeypot-sgp-1 sshd[32623]: Connection closed by invalid user xhl 103.188.176.251 port 42172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:57:25 honeypot-ams-1 sshd[6900]: Invalid user mortimer from 45.240.88.36 port 60048","@timestamp":"2022-09-19T02:57:25.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:02:13 honeypot-ams-1 sshd[6903]: Disconnected from invalid user asonar 128.199.162.67 port 40596 [preauth]","@timestamp":"2022-09-19T03:02:13.540Z"}
{"@timestamp":"2022-09-19T03:04:44.395Z","@version":"1","message":"Sep 19 03:04:43 honeypot-sgp-1 sshd[32628]: Connection closed by invalid user ftp 179.60.147.69 port 42950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:05:10 honeypot-ams-1 kernel: [84433289.955458] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.152.190.56 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=0 DF PROTO=TCP SPT=6778 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:05:11.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:05:27 honeypot-fra-1 sshd[31557]: Disconnected from invalid user ubnt 92.255.85.70 port 58846 [preauth]","@timestamp":"2022-09-19T03:05:28.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:06:46 honeypot-ams-1 sshd[6910]: Disconnected from invalid user joeflores 103.136.40.93 port 53614 [preauth]","@timestamp":"2022-09-19T03:06:46.666Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:07:49 honeypot-fra-1 sshd[31563]: Invalid user ftp from 193.106.191.157 port 33436","@timestamp":"2022-09-19T03:07:49.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:08:26 honeypot-ams-1 sshd[6913]: Connection closed by invalid user ftp 179.60.147.69 port 15018 [preauth]","@timestamp":"2022-09-19T03:08:27.721Z"}
{"@timestamp":"2022-09-19T03:09:21.512Z","@version":"1","message":"Sep 19 03:09:20 honeypot-sgp-1 kernel: [84433063.055281] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.58 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=52899 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:11:45.575Z","@version":"1","message":"Sep 19 03:11:45 honeypot-sgp-1 kernel: [84433207.438458] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=43721 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:15:20.665Z","@version":"1","message":"Sep 19 03:15:20 honeypot-sgp-1 sshd[32640]: Received disconnect from 160.251.7.97 port 37404:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:17:01.708Z","@version":"1","message":"Sep 19 03:17:01 honeypot-sgp-1 CRON[32644]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:17:01 honeypot-ams-1 CRON[6918]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T03:17:01.951Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:17:01 honeypot-fra-1 CRON[31568]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T03:17:02.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:21:12 honeypot-fra-1 sshd[31574]: Received disconnect from 159.203.85.196 port 50845:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:21:12.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:22:10 honeypot-ams-1 sshd[6924]: Disconnected from invalid user jiangtao 175.118.152.100 port 54027 [preauth]","@timestamp":"2022-09-19T03:22:11.088Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:26:01 honeypot-fra-1 kernel: [84432367.201562] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=37017 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:26:02.716Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T03:28:52.007Z","@version":"1","message":"Sep 19 03:28:51 honeypot-sgp-1 sshd[32651]: Invalid user quan from 119.252.143.6 port 39809","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:32:47 honeypot-fra-1 sshd[31581]: Received disconnect from 92.255.85.70 port 34204:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:32:47.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:34:46 honeypot-ams-1 kernel: [84435066.036398] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49445 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:34:47.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:38:55 honeypot-fra-1 sshd[31588]: Received disconnect from 179.43.156.143 port 42924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:38:56.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:40:44 honeypot-fra-1 sshd[31594]: Received disconnect from 179.43.156.143 port 37128:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:40:45.052Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:41:54.331Z","@version":"1","message":"Sep 19 03:41:53 honeypot-sgp-1 sshd[32655]: Disconnected from invalid user admin 92.255.85.69 port 29754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:41:54 honeypot-fra-1 sshd[31598]: Received disconnect from 179.43.156.143 port 33106:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:41:55.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:43:06 honeypot-fra-1 sshd[31603]: Received disconnect from 179.43.156.143 port 57406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:43:07.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:44:00 honeypot-fra-1 sshd[31607]: Connection closed by invalid user ftp 193.106.191.157 port 57260 [preauth]","@timestamp":"2022-09-19T03:44:01.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:44:24 honeypot-ams-1 sshd[6933]: Invalid user admin from 92.255.85.70 port 63804","@timestamp":"2022-09-19T03:44:25.659Z"}
{"@timestamp":"2022-09-19T03:45:03.413Z","@version":"1","message":"Sep 19 03:45:02 honeypot-sgp-1 sshd[32660]: Received disconnect from 45.61.186.169 port 39066:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:21.422Z","@version":"1","message":"Sep 19 03:45:20 honeypot-sgp-1 sshd[32664]: Received disconnect from 45.61.186.169 port 33770:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:45:34 honeypot-fra-1 sshd[31613]: Invalid user git from 179.43.156.143 port 49556","@timestamp":"2022-09-19T03:45:35.192Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:45:37.431Z","@version":"1","message":"Sep 19 03:45:37 honeypot-sgp-1 sshd[32669]: Received disconnect from 45.61.186.169 port 56620:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:46:50 honeypot-fra-1 sshd[31617]: Invalid user hadoop from 179.43.156.143 port 45616","@timestamp":"2022-09-19T03:46:51.222Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:47:25.478Z","@version":"1","message":"Sep 19 03:47:25 honeypot-sgp-1 kernel: [84435347.298339] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=1237 PROTO=TCP SPT=49406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:47:40 honeypot-fra-1 sshd[31622]: Connection closed by authenticating user root 179.60.147.69 port 45566 [preauth]","@timestamp":"2022-09-19T03:47:41.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:48:45 honeypot-fra-1 sshd[31626]: Disconnected from invalid user drcomadmin 179.43.156.143 port 39720 [preauth]","@timestamp":"2022-09-19T03:48:45.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:49:12 honeypot-ams-1 sshd[6936]: Received disconnect from 34.93.204.90 port 39572:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:49:12.781Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:49:24 honeypot-fra-1 sshd[31630]: Disconnected from invalid user vyos 179.43.156.143 port 37750 [preauth]","@timestamp":"2022-09-19T03:49:25.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:50:44 honeypot-fra-1 sshd[31634]: Disconnected from authenticating user root 179.43.156.143 port 33810 [preauth]","@timestamp":"2022-09-19T03:50:44.321Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:51:54 honeypot-ams-1 kernel: [84436094.161383] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.13.75.66 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=63422 PROTO=TCP SPT=1241 DPT=80 WINDOW=17809 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:51:55.855Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:52:06 honeypot-fra-1 sshd[31640]: Received disconnect from 179.43.156.143 port 58122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:52:07.357Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:53:57 honeypot-ams-1 sshd[6945]: Disconnected from invalid user ocstest1 115.94.79.59 port 43166 [preauth]","@timestamp":"2022-09-19T03:53:57.909Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:54:11 honeypot-fra-1 sshd[31647]: Invalid user centos from 179.43.156.143 port 52212","@timestamp":"2022-09-19T03:54:12.406Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:55:34 honeypot-fra-1 sshd[31651]: Disconnected from authenticating user root 179.43.156.143 port 48284 [preauth]","@timestamp":"2022-09-19T03:55:35.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:57:08 honeypot-ams-1 sshd[6949]: Disconnected from invalid user xe 103.72.4.8 port 50008 [preauth]","@timestamp":"2022-09-19T03:57:08.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:57:44 honeypot-fra-1 sshd[31657]: Disconnected from authenticating user root 179.43.156.143 port 42386 [preauth]","@timestamp":"2022-09-19T03:57:44.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:59:08 honeypot-fra-1 sshd[31662]: Disconnected from invalid user jenkins 179.43.156.143 port 38448 [preauth]","@timestamp":"2022-09-19T03:59:09.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:00:34 honeypot-fra-1 sshd[31669]: Received disconnect from 179.43.156.143 port 34514:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T04:00:34.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:01:02 honeypot-ams-1 sshd[6957]: Received disconnect from 58.230.203.182 port 53744:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:01:03.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:01:58 honeypot-fra-1 sshd[31673]: Disconnected from authenticating user root 179.43.156.143 port 58824 [preauth]","@timestamp":"2022-09-19T04:01:59.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:04:05 honeypot-fra-1 kernel: [84434650.756629] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=43749 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:04:05.643Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:04:52 honeypot-fra-1 sshd[31682]: Disconnected from invalid user vagrant 179.43.156.143 port 50932 [preauth]","@timestamp":"2022-09-19T04:04:52.663Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:05:40.955Z","@version":"1","message":"Sep 19 04:05:40 honeypot-sgp-1 sshd[32677]: Invalid user 1 from 92.255.85.70 port 45860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:08:40 honeypot-ams-1 kernel: [84437099.403255] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=29440 DF PROTO=TCP SPT=45634 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:08:40.298Z"}
{"@timestamp":"2022-09-19T04:10:29.226Z","@version":"1","message":"Sep 19 04:10:28 honeypot-sgp-1 sshd[32688]: Received disconnect from 61.177.173.52 port 20158:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:11:46 honeypot-fra-1 sshd[31687]: Disconnected from invalid user akdcodel 43.154.50.12 port 33272 [preauth]","@timestamp":"2022-09-19T04:11:46.812Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:12:32.280Z","@version":"1","message":"Sep 19 04:12:31 honeypot-sgp-1 sshd[32693]: Connection reset by 61.177.172.124 port 12276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:14:09 honeypot-fra-1 sshd[31693]: Disconnected from authenticating user root 64.225.58.159 port 54368 [preauth]","@timestamp":"2022-09-19T04:14:09.867Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:17:01 honeypot-ams-1 CRON[6963]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T04:17:01.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:19:11 honeypot-fra-1 sshd[31701]: Received disconnect from 137.184.5.49 port 56358:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:19:11.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:19:23.459Z","@version":"1","message":"Sep 19 04:19:23 honeypot-sgp-1 sshd[32702]: Invalid user nx from 206.189.219.241 port 34692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:20:12.483Z","@version":"1","message":"Sep 19 04:20:12 honeypot-sgp-1 sshd[32707]: Received disconnect from 162.218.78.179 port 55026:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:23:06 honeypot-ams-1 sshd[6969]: Disconnected from invalid user monitor 210.211.108.149 port 48364 [preauth]","@timestamp":"2022-09-19T04:23:06.684Z"}
{"@timestamp":"2022-09-19T04:25:49.630Z","@version":"1","message":"Sep 19 04:25:49 honeypot-sgp-1 kernel: [84437651.401949] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=52498 DF PROTO=TCP SPT=63883 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:29:41.735Z","@version":"1","message":"Sep 19 04:29:41 honeypot-sgp-1 kernel: [84437883.628912] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=197.248.10.44 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=60999 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:31:08 honeypot-fra-1 kernel: [84436273.857675] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=38931 DF PROTO=TCP SPT=54657 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:31:09.246Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T04:32:56.824Z","@version":"1","message":"Sep 19 04:32:56 honeypot-sgp-1 kernel: [84438078.108794] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.76.113.158 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=17326 DF PROTO=TCP SPT=58100 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31710]: Invalid user user from 34.71.244.4 port 36090","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31717]: Invalid user web from 34.71.244.4 port 36118","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31728]: Invalid user devops from 34.71.244.4 port 36410","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31713]: Connection closed by invalid user testuser 34.71.244.4 port 36256 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31709]: Connection closed by invalid user test 34.71.244.4 port 36160 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31718]: Connection closed by invalid user oracle 34.71.244.4 port 36246 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:39:07 honeypot-fra-1 kernel: [84436752.976598] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.255.236.36 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37312 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:39:08.421Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T04:41:19.059Z","@version":"1","message":"Sep 19 04:41:19 honeypot-sgp-1 sshd[32725]: Received disconnect from 61.177.173.53 port 45193:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:43:11 honeypot-ams-1 kernel: [84439170.874738] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=984 PROTO=TCP SPT=44294 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:43:12.196Z"}
{"@timestamp":"2022-09-19T04:54:21.382Z","@version":"1","message":"Sep 19 04:54:20 honeypot-sgp-1 sshd[32736]: Received disconnect from 45.61.186.249 port 55074:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:54:40.393Z","@version":"1","message":"Sep 19 04:54:40 honeypot-sgp-1 sshd[32740]: Received disconnect from 45.61.186.249 port 49562:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:54:53 honeypot-ams-1 sshd[6984]: Received disconnect from 92.255.85.70 port 49398:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:54:54.493Z"}
{"@timestamp":"2022-09-19T04:54:58.401Z","@version":"1","message":"Sep 19 04:54:58 honeypot-sgp-1 sshd[32744]: Received disconnect from 45.61.186.249 port 44046:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:55:15.409Z","@version":"1","message":"Sep 19 04:55:14 honeypot-sgp-1 sshd[32748]: Received disconnect from 45.61.186.249 port 38532:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:58:30 honeypot-fra-1 kernel: [84437915.107989] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=74.82.47.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=48840 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:58:30.847Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T04:59:34.518Z","@version":"1","message":"Sep 19 04:59:34 honeypot-sgp-1 sshd[32753]: Disconnected from authenticating user root 61.177.172.19 port 56048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:00:15 honeypot-fra-1 sshd[31766]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-19T05:00:15.889Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:00:40 honeypot-ams-1 kernel: [84440219.238722] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45977 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:00:40.639Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:05:06 honeypot-ams-1 kernel: [84440485.248861] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.80.164.21 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=1476 DF PROTO=TCP SPT=53083 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:05:06.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:06:21 honeypot-fra-1 kernel: [84438386.804278] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60409 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:06:22.027Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T05:07:04.710Z","@version":"1","message":"Sep 19 05:07:04 honeypot-sgp-1 sshd[32760]: Disconnected from authenticating user root 61.177.173.36 port 50141 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:10:56.810Z","@version":"1","message":"Sep 19 05:10:55 honeypot-sgp-1 sshd[32765]: Invalid user user from 45.61.186.249 port 53352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:15.820Z","@version":"1","message":"Sep 19 05:11:15 honeypot-sgp-1 sshd[303]: Invalid user user from 45.61.186.249 port 48366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:28.827Z","@version":"1","message":"Sep 19 05:11:27 honeypot-sgp-1 kernel: [84440389.960951] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.207.116 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59048 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:11:33 honeypot-ams-1 kernel: [84440872.647181] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39279 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:11:33.925Z"}
{"@timestamp":"2022-09-19T05:11:41.834Z","@version":"1","message":"Sep 19 05:11:41 honeypot-sgp-1 sshd[311]: Invalid user user from 45.61.186.249 port 55026","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:13:25 honeypot-fra-1 sshd[31777]: Received disconnect from 165.22.45.108 port 53886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T05:13:26.186Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:13:45.887Z","@version":"1","message":"Sep 19 05:13:45 honeypot-sgp-1 sshd[314]: Received disconnect from 61.177.172.114 port 35531:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:19:12 honeypot-fra-1 sshd[31784]: Disconnected from invalid user admin 92.255.85.70 port 63130 [preauth]","@timestamp":"2022-09-19T05:19:12.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:20:44.065Z","@version":"1","message":"Sep 19 05:20:43 honeypot-sgp-1 sshd[324]: Received disconnect from 61.177.173.51 port 24231:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:21:02 honeypot-ams-1 sshd[7447]: Invalid user ftp from 193.106.191.157 port 52148","@timestamp":"2022-09-19T05:21:03.167Z"}
{"@timestamp":"2022-09-19T05:22:03.101Z","@version":"1","message":"Sep 19 05:22:02 honeypot-sgp-1 sshd[331]: Received disconnect from 61.177.172.98 port 38081:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:25:08 honeypot-ams-1 sshd[7452]: Invalid user admin from 92.255.85.69 port 18786","@timestamp":"2022-09-19T05:25:09.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:25:21 honeypot-ams-1 sshd[7456]: Received disconnect from 128.199.142.208 port 57646:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:25:22.284Z"}
{"@timestamp":"2022-09-19T05:26:30.215Z","@version":"1","message":"Sep 19 05:26:30 honeypot-sgp-1 sshd[336]: Invalid user losts from 20.101.129.212 port 1024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:28:52 honeypot-fra-1 sshd[31788]: Received disconnect from 45.61.186.169 port 45328:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T05:28:52.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:10 honeypot-fra-1 sshd[31792]: Received disconnect from 45.61.186.169 port 40434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T05:29:10.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:28 honeypot-fra-1 sshd[31796]: Received disconnect from 45.61.186.169 port 35536:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T05:29:28.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:44 honeypot-fra-1 sshd[31800]: Received disconnect from 45.61.186.169 port 58872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T05:29:44.556Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:30:28.318Z","@version":"1","message":"Sep 19 05:30:27 honeypot-sgp-1 sshd[338]: Disconnected from authenticating user root 61.177.173.50 port 26496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:36:42 honeypot-ams-1 sshd[7462]: Connection closed by invalid user ftp 193.106.191.157 port 34544 [preauth]","@timestamp":"2022-09-19T05:36:42.572Z"}
{"@timestamp":"2022-09-19T05:36:47.479Z","@version":"1","message":"Sep 19 05:36:47 honeypot-sgp-1 sshd[343]: Received disconnect from 49.247.34.252 port 44395:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:40:25 honeypot-ams-1 sshd[7466]: Disconnected from invalid user zi 196.216.73.90 port 21193 [preauth]","@timestamp":"2022-09-19T05:40:25.668Z"}
{"@timestamp":"2022-09-19T05:42:01.613Z","@version":"1","message":"Sep 19 05:42:00 honeypot-sgp-1 sshd[352]: Invalid user febrio from 189.254.172.114 port 14658","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:42:10 honeypot-fra-1 sshd[31805]: Invalid user musicbot1 from 46.41.142.93 port 53916","@timestamp":"2022-09-19T05:42:11.835Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:43:33 honeypot-fra-1 sshd[31809]: Disconnected from authenticating user root 104.131.129.113 port 35368 [preauth]","@timestamp":"2022-09-19T05:43:33.867Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:51:03 honeypot-ams-1 kernel: [84443243.107708] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=854 PROTO=TCP SPT=40988 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:51:03.943Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:51:53 honeypot-fra-1 sshd[31814]: Invalid user user from 92.255.85.70 port 22206","@timestamp":"2022-09-19T05:51:54.054Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:52:52.884Z","@version":"1","message":"Sep 19 05:52:52 honeypot-sgp-1 sshd[360]: Invalid user sesimagotag from 89.22.165.187 port 43042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:55:14.948Z","@version":"1","message":"Sep 19 05:55:14 honeypot-sgp-1 sshd[364]: Received disconnect from 61.177.172.108 port 17203:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:56:03 honeypot-fra-1 sshd[31818]: Invalid user admin from 121.154.34.24 port 38911","@timestamp":"2022-09-19T05:56:04.151Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:59:45 honeypot-ams-1 kernel: [84443765.119033] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=36565 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:59:46.167Z"}
{"@timestamp":"2022-09-19T06:01:49.114Z","@version":"1","message":"Sep 19 06:01:48 honeypot-sgp-1 sshd[374]: Invalid user user from 45.61.186.249 port 49336","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:08.125Z","@version":"1","message":"Sep 19 06:02:07 honeypot-sgp-1 sshd[378]: Invalid user user from 45.61.186.249 port 44058","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:26.133Z","@version":"1","message":"Sep 19 06:02:25 honeypot-sgp-1 sshd[382]: Invalid user user from 45.61.186.249 port 38768","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:38.140Z","@version":"1","message":"Sep 19 06:02:37 honeypot-sgp-1 kernel: [84443459.822717] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=13.52.238.12 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=12159 PROTO=TCP SPT=47356 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:03:53.173Z","@version":"1","message":"Sep 19 06:03:52 honeypot-sgp-1 sshd[388]: Disconnected from 61.177.173.47 port 64549 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:05:03 honeypot-fra-1 sshd[31822]: Disconnected from invalid user admin 20.126.126.43 port 60318 [preauth]","@timestamp":"2022-09-19T06:05:04.353Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:09:19.310Z","@version":"1","message":"Sep 19 06:09:18 honeypot-sgp-1 kernel: [84443860.897910] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=57536 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:13:53 honeypot-ams-1 kernel: [84444612.496687] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=46587 DF PROTO=TCP SPT=62882 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:13:53.523Z"}
{"@timestamp":"2022-09-19T06:14:17.435Z","@version":"1","message":"Sep 19 06:14:17 honeypot-sgp-1 sshd[401]: Received disconnect from 61.177.172.114 port 50292:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:15 honeypot-fra-1 sshd[31902]: Received disconnect from 45.61.187.160 port 36718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:15:16.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:33 honeypot-fra-1 sshd[31906]: Received disconnect from 45.61.187.160 port 60180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:15:34.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:50 honeypot-fra-1 sshd[31910]: Received disconnect from 45.61.187.160 port 55380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:15:50.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:16:06 honeypot-fra-1 sshd[31914]: Received disconnect from 45.61.187.160 port 50580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:16:07.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:17:55 honeypot-fra-1 sshd[31919]: Disconnected from authenticating user root 92.255.85.69 port 32862 [preauth]","@timestamp":"2022-09-19T06:17:55.657Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:18:32 honeypot-ams-1 kernel: [84444891.326181] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=33047 PROTO=TCP SPT=52650 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:18:32.643Z"}
{"@timestamp":"2022-09-19T06:18:55.551Z","@version":"1","message":"Sep 19 06:18:55 honeypot-sgp-1 sshd[497]: Received disconnect from 61.177.173.46 port 32831:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:25:01.706Z","@version":"1","message":"Sep 19 06:25:01 honeypot-sgp-1 CRON[504]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:26:20 honeypot-ams-1 sshd[7746]: Received disconnect from 92.255.85.69 port 62770:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:26:20.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:27 honeypot-ams-1 sshd[7752]: Invalid user user from 45.61.186.169 port 39364","@timestamp":"2022-09-19T06:34:28.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:45 honeypot-ams-1 sshd[7756]: Invalid user user from 45.61.186.169 port 34576","@timestamp":"2022-09-19T06:34:45.103Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:53 honeypot-ams-1 sshd[7758]: Disconnected from invalid user user 45.61.186.169 port 46286 [preauth]","@timestamp":"2022-09-19T06:34:54.107Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:34:56 honeypot-fra-1 kernel: [84443701.787114] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.240.236.109 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41418 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:34:57.048Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:10 honeypot-ams-1 sshd[7762]: Disconnected from invalid user user 45.61.186.169 port 41490 [preauth]","@timestamp":"2022-09-19T06:35:11.116Z"}
{"@timestamp":"2022-09-19T06:35:40.001Z","@version":"1","message":"Sep 19 06:35:39 honeypot-sgp-1 sshd[744]: Disconnected from 61.177.173.37 port 16937 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:39:41 honeypot-ams-1 sshd[7767]: Received disconnect from 35.236.14.147 port 49962:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:39:42.233Z"}
{"@timestamp":"2022-09-19T06:40:28.124Z","@version":"1","message":"Sep 19 06:40:27 honeypot-sgp-1 kernel: [84445729.325929] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=245 ID=36153 PROTO=TCP SPT=17531 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:43:19 honeypot-fra-1 sshd[32165]: Disconnected from invalid user ubnt 167.172.58.10 port 46536 [preauth]","@timestamp":"2022-09-19T06:43:20.232Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:45:17 honeypot-ams-1 sshd[7774]: Invalid user minato from 209.97.183.120 port 52276","@timestamp":"2022-09-19T06:45:18.380Z"}
{"@timestamp":"2022-09-19T06:46:21.271Z","@version":"1","message":"Sep 19 06:46:20 honeypot-sgp-1 sshd[757]: Invalid user vpn from 92.255.85.70 port 46798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:48:08 honeypot-fra-1 kernel: [84444493.135550] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.197.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58650 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:48:08.338Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:50:41 honeypot-ams-1 sshd[7777]: Invalid user admin from 2.238.74.118 port 56098","@timestamp":"2022-09-19T06:50:42.520Z"}
{"@timestamp":"2022-09-19T06:53:17.445Z","@version":"1","message":"Sep 19 06:53:16 honeypot-sgp-1 kernel: [84446498.348889] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=82 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=14322 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:55:02 honeypot-fra-1 kernel: [84444907.192172] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=134.122.134.162 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=34665 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:55:02.494Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:55:22 honeypot-ams-1 sshd[7779]: Disconnected from invalid user medieval 58.27.134.52 port 47002 [preauth]","@timestamp":"2022-09-19T06:55:22.641Z"}
{"@timestamp":"2022-09-19T06:56:42.533Z","@version":"1","message":"Sep 19 06:56:41 honeypot-sgp-1 sshd[766]: Connection closed by invalid user demo 179.60.147.69 port 24154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:00:22 honeypot-ams-1 sshd[7784]: Connection closed by invalid user demo 179.60.147.69 port 13250 [preauth]","@timestamp":"2022-09-19T07:00:22.774Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:04:50 honeypot-fra-1 sshd[32180]: Received disconnect from 49.146.247.32 port 39778:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:04:50.727Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:06:30.793Z","@version":"1","message":"Sep 19 07:06:29 honeypot-sgp-1 sshd[776]: Received disconnect from 139.59.102.170 port 38176:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:07:48 honeypot-fra-1 sshd[32184]: Disconnected from invalid user monitor 177.144.160.220 port 21281 [preauth]","@timestamp":"2022-09-19T07:07:48.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:11:17 honeypot-fra-1 kernel: [84445882.095291] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=83 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=22480 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:11:17.875Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:12:11.937Z","@version":"1","message":"Sep 19 07:12:11 honeypot-sgp-1 kernel: [84447633.157367] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.146.23.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=24506 PROTO=TCP SPT=51279 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:15:31 honeypot-ams-1 kernel: [84448310.130710] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40222 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:15:31.165Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:17:01 honeypot-fra-1 CRON[32197]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T07:17:02.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:21:34 honeypot-ams-1 sshd[7796]: Connection closed by invalid user ftp 193.106.191.157 port 45046 [preauth]","@timestamp":"2022-09-19T07:21:34.323Z"}
{"@timestamp":"2022-09-19T07:22:00.180Z","@version":"1","message":"Sep 19 07:21:59 honeypot-sgp-1 kernel: [84448221.749066] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=81 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=6140 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:22:26 honeypot-ams-1 sshd[7803]: Received disconnect from 175.193.13.3 port 44076:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:22:27.349Z"}
{"@timestamp":"2022-09-19T07:24:22.241Z","@version":"1","message":"Sep 19 07:24:21 honeypot-sgp-1 sshd[800]: Received disconnect from 61.177.173.46 port 18415:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:28:05 honeypot-fra-1 kernel: [84446889.797612] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61648 PROTO=TCP SPT=51552 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:28:05.252Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:28:37 honeypot-ams-1 kernel: [84449096.586449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=47644 PROTO=TCP SPT=50250 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:28:37.510Z"}
{"@timestamp":"2022-09-19T07:34:34.520Z","@version":"1","message":"Sep 19 07:34:34 honeypot-sgp-1 sshd[806]: Disconnected from authenticating user root 61.177.172.108 port 44279 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:36:00 honeypot-fra-1 sshd[32213]: Received disconnect from 159.65.1.92 port 34316:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:36:01.425Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:36:20.565Z","@version":"1","message":"Sep 19 07:36:20 honeypot-sgp-1 sshd[815]: Disconnected from authenticating user root 61.177.173.39 port 61603 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:39:19 honeypot-fra-1 kernel: [84447564.330819] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60160 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:39:20.499Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:40:19 honeypot-ams-1 kernel: [84449798.389017] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=86 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=30710 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:40:19.811Z"}
{"@timestamp":"2022-09-19T07:41:47.701Z","@version":"1","message":"Sep 19 07:41:47 honeypot-sgp-1 kernel: [84449409.237060] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=51874 DF PROTO=TCP SPT=39002 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:44:53 honeypot-fra-1 kernel: [84447898.397645] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=37920 DF PROTO=TCP SPT=32918 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:44:54.624Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:48:27.867Z","@version":"1","message":"Sep 19 07:48:27 honeypot-sgp-1 sshd[832]: Invalid user oot from 103.188.176.251 port 57544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:49:21 honeypot-fra-1 kernel: [84448166.223141] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=84 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=24536 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:49:21.726Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:50:19 honeypot-ams-1 kernel: [84450398.927969] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=84 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=24564 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:50:20.069Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:53:19 honeypot-ams-1 kernel: [84450578.671012] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=15569 PROTO=TCP SPT=53701 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:53:20.151Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:56:48 honeypot-fra-1 kernel: [84448612.984615] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.31 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47342 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:56:48.892Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:58:30.115Z","@version":"1","message":"Sep 19 07:58:29 honeypot-sgp-1 kernel: [84450411.446528] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.58 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54847 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:03:18 honeypot-fra-1 sshd[32234]: Disconnected from authenticating user root 191.34.74.55 port 37727 [preauth]","@timestamp":"2022-09-19T08:03:19.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:10:53 honeypot-fra-1 kernel: [84449458.535898] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=6110 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:10:54.214Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:11:14.450Z","@version":"1","message":"Sep 19 08:11:13 honeypot-sgp-1 sshd[851]: Invalid user plexuser from 179.60.147.69 port 28338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:14:31 honeypot-ams-1 sshd[7832]: Invalid user plexuser from 179.60.147.69 port 49036","@timestamp":"2022-09-19T08:14:32.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:17:13 honeypot-fra-1 sshd[32264]: Received disconnect from 92.255.85.69 port 47900:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:17:13.359Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:17:41 honeypot-ams-1 sshd[7839]: Received disconnect from 174.138.24.231 port 60694:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:17:41.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:18:58 honeypot-fra-1 sshd[32269]: Invalid user user from 45.61.186.249 port 36548","@timestamp":"2022-09-19T08:18:59.400Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:18 honeypot-fra-1 sshd[32273]: Invalid user user from 45.61.186.249 port 59810","@timestamp":"2022-09-19T08:19:19.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:37 honeypot-fra-1 sshd[32277]: Invalid user user from 45.61.186.249 port 54852","@timestamp":"2022-09-19T08:19:38.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:50 honeypot-fra-1 sshd[32281]: Invalid user 165.22.135.127 from 86.107.199.172 port 44206","@timestamp":"2022-09-19T08:19:50.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:20:52 honeypot-fra-1 sshd[32285]: Invalid user 165.154.226.135 from 86.107.199.172 port 47508","@timestamp":"2022-09-19T08:20:53.451Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:20:54.688Z","@version":"1","message":"Sep 19 08:20:53 honeypot-sgp-1 sshd[862]: Received disconnect from 92.255.85.70 port 55382:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:21:54 honeypot-fra-1 sshd[32287]: Disconnected from invalid user 165.232.153.38 86.107.199.172 port 50814 [preauth]","@timestamp":"2022-09-19T08:21:54.477Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:23:41.761Z","@version":"1","message":"Sep 19 08:23:41 honeypot-sgp-1 kernel: [84451923.096220] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=78 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=6104 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:23:56 honeypot-fra-1 sshd[32292]: Received disconnect from 86.107.199.172 port 57432:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:23:56.526Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:24:24 honeypot-ams-1 kernel: [84452444.013726] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=10884 PROTO=TCP SPT=20165 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:24:24.970Z"}
{"@timestamp":"2022-09-19T08:24:58.794Z","@version":"1","message":"Sep 19 08:24:58 honeypot-sgp-1 sshd[892]: Disconnected from authenticating user root 61.177.173.47 port 24411 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T08:25:52.819Z","@version":"1","message":"Sep 19 08:25:52 honeypot-sgp-1 kernel: [84452054.420245] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.102 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60156 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:25:57 honeypot-fra-1 sshd[32296]: Invalid user 165.154.69.89 from 86.107.199.172 port 35818","@timestamp":"2022-09-19T08:25:57.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:27:43 honeypot-fra-1 kernel: [84450468.171280] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=82 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=32762 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:27:43.616Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:29:05 honeypot-fra-1 sshd[32304]: Disconnected from invalid user 165.227.179.39 86.107.199.172 port 45752 [preauth]","@timestamp":"2022-09-19T08:29:05.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:31:17 honeypot-fra-1 sshd[32309]: Received disconnect from 86.107.199.172 port 52372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:31:17.699Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:31:30.961Z","@version":"1","message":"Sep 19 08:31:30 honeypot-sgp-1 kernel: [84452391.915958] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=65095 PROTO=TCP SPT=56241 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:31:34 honeypot-ams-1 kernel: [84452873.971050] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=16411 PROTO=TCP SPT=56241 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:31:35.164Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:32:21 honeypot-fra-1 sshd[32313]: Disconnected from invalid user 165.227.48.20 86.107.199.172 port 55682 [preauth]","@timestamp":"2022-09-19T08:32:21.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:33:27 honeypot-fra-1 sshd[32318]: Invalid user 165.232.155.109 from 86.107.199.172 port 58998","@timestamp":"2022-09-19T08:33:27.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:34:45 honeypot-fra-1 kernel: [84450890.083565] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.244 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=18946 PROTO=TCP SPT=56454 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:34:45.784Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:36:44 honeypot-fra-1 sshd[32324]: Invalid user 165.22.180.94 from 86.107.199.172 port 40704","@timestamp":"2022-09-19T08:36:44.834Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:37:27.112Z","@version":"1","message":"Sep 19 08:37:26 honeypot-sgp-1 sshd[902]: Received disconnect from 61.177.173.48 port 39910:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:38:15 honeypot-ams-1 sshd[7864]: Connection closed by 20.89.48.208 port 58976 [preauth]","@timestamp":"2022-09-19T08:38:16.339Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:38:16 honeypot-fra-1 sshd[32328]: Received disconnect from 159.65.41.104 port 58278:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:38:16.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:39:33 honeypot-fra-1 kernel: [84451177.927988] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=12242 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:39:33.902Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:40:05 honeypot-ams-1 sshd[7869]: Disconnected from invalid user monitor 210.245.34.243 port 52093 [preauth]","@timestamp":"2022-09-19T08:40:06.389Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:41:02 honeypot-fra-1 sshd[32335]: Disconnected from invalid user 165.227.229.97 86.107.199.172 port 53942 [preauth]","@timestamp":"2022-09-19T08:41:02.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:43:17 honeypot-fra-1 sshd[32340]: Received disconnect from 86.107.199.172 port 60558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:43:17.991Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:44:04.277Z","@version":"1","message":"Sep 19 08:44:03 honeypot-sgp-1 sshd[909]: Received disconnect from 61.177.173.52 port 64152:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:44:21 honeypot-fra-1 sshd[32345]: Invalid user 165.227.162.174 from 86.107.199.172 port 35638","@timestamp":"2022-09-19T08:44:22.021Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:44:24 honeypot-ams-1 sshd[7873]: Invalid user college from 178.128.51.153 port 37624","@timestamp":"2022-09-19T08:44:25.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:45:27 honeypot-fra-1 sshd[32349]: Received disconnect from 86.107.199.172 port 38950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:45:28.048Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:46:37 honeypot-fra-1 sshd[32351]: Received disconnect from 86.107.199.172 port 42254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:46:38.079Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:48:30 honeypot-ams-1 sshd[7876]: Received disconnect from 103.228.112.138 port 60962:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:48:30.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:48:51 honeypot-fra-1 sshd[32357]: Invalid user 165.227.206.68 from 86.107.199.172 port 48890","@timestamp":"2022-09-19T08:48:52.133Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:49:42.420Z","@version":"1","message":"Sep 19 08:49:42 honeypot-sgp-1 sshd[914]: Disconnected from 61.177.173.47 port 55304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:49:58 honeypot-fra-1 sshd[32361]: Disconnected from invalid user 165.22.216.117 86.107.199.172 port 52206 [preauth]","@timestamp":"2022-09-19T08:49:59.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:51:56 honeypot-ams-1 sshd[7881]: Disconnected from invalid user zimbra 101.231.146.36 port 36862 [preauth]","@timestamp":"2022-09-19T08:51:56.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:52:32 honeypot-fra-1 sshd[32365]: Received disconnect from 86.107.199.172 port 58884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:52:33.221Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:55:01 honeypot-fra-1 sshd[32370]: Received disconnect from 86.107.199.172 port 37216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:55:02.277Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:56:58.598Z","@version":"1","message":"Sep 19 08:56:58 honeypot-sgp-1 sshd[923]: Disconnected from authenticating user root 159.223.223.94 port 33140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:57:21 honeypot-ams-1 kernel: [84454421.018160] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.105 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=31785 PROTO=TCP SPT=3343 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:57:22.854Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:58:35 honeypot-fra-1 sshd[32374]: Invalid user 165.227.81.81 from 86.107.199.172 port 43832","@timestamp":"2022-09-19T08:58:35.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:09 honeypot-fra-1 sshd[32377]: Disconnected from invalid user user 45.61.186.49 port 40402 [preauth]","@timestamp":"2022-09-19T08:59:10.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:17 honeypot-fra-1 sshd[32381]: Disconnected from invalid user user 45.61.186.49 port 51836 [preauth]","@timestamp":"2022-09-19T08:59:18.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:00:15 honeypot-fra-1 sshd[32386]: Disconnected from invalid user 165.227.62.90 86.107.199.172 port 47140 [preauth]","@timestamp":"2022-09-19T09:00:16.404Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:01:54.722Z","@version":"1","message":"Sep 19 09:01:53 honeypot-sgp-1 sshd[928]: Received disconnect from 61.177.173.47 port 49328:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:03:16 honeypot-fra-1 sshd[32390]: Connection closed by invalid user marcel 141.98.10.158 port 37242 [preauth]","@timestamp":"2022-09-19T09:03:17.475Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:04:15.784Z","@version":"1","message":"Sep 19 09:04:15 honeypot-sgp-1 sshd[936]: Invalid user user from 45.61.187.160 port 46086","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:33.793Z","@version":"1","message":"Sep 19 09:04:33 honeypot-sgp-1 sshd[940]: Invalid user user from 45.61.187.160 port 41346","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:50.802Z","@version":"1","message":"Sep 19 09:04:50 honeypot-sgp-1 sshd[944]: Invalid user user from 45.61.187.160 port 36556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:05:06.811Z","@version":"1","message":"Sep 19 09:05:06 honeypot-sgp-1 sshd[948]: Invalid user user from 45.61.187.160 port 60044","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:05:06 honeypot-ams-1 kernel: [84454885.522954] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.130.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44117 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:05:07.058Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:06:28 honeypot-fra-1 sshd[32395]: Invalid user 165.227.198.78 from 86.107.199.172 port 57078","@timestamp":"2022-09-19T09:06:28.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:09:23 honeypot-fra-1 sshd[32399]: Invalid user tuxedo from 193.106.191.157 port 34264","@timestamp":"2022-09-19T09:09:23.619Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:11:09.961Z","@version":"1","message":"Sep 19 09:11:09 honeypot-sgp-1 kernel: [84454771.415774] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=81 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=22518 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:11:22 honeypot-fra-1 sshd[32403]: Invalid user liuxk from 165.22.45.108 port 37542","@timestamp":"2022-09-19T09:11:22.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:12:58 honeypot-fra-1 sshd[32406]: Disconnected from invalid user 165.22.54.7 86.107.199.172 port 38784 [preauth]","@timestamp":"2022-09-19T09:12:59.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:14:09 honeypot-ams-1 kernel: [84455428.599311] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54740 PROTO=TCP SPT=44788 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:14:10.292Z"}
{"@timestamp":"2022-09-19T09:16:20.089Z","@version":"1","message":"Sep 19 09:16:19 honeypot-sgp-1 sshd[961]: Disconnected from authenticating user root 147.182.179.237 port 37608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:16:34 honeypot-fra-1 sshd[32410]: Received disconnect from 92.255.85.69 port 54782:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:16:34.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:17:02.109Z","@version":"1","message":"Sep 19 09:17:01 honeypot-sgp-1 CRON[967]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:17:42 honeypot-fra-1 sshd[32415]: Invalid user kumi from 95.91.233.236 port 19190","@timestamp":"2022-09-19T09:17:42.817Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:17:59.135Z","@version":"1","message":"Sep 19 09:17:59 honeypot-sgp-1 sshd[976]: Invalid user lw from 111.95.141.34 port 57408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:18:29.149Z","@version":"1","message":"Sep 19 09:18:28 honeypot-sgp-1 kernel: [84455210.056053] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39965 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:19:51 honeypot-ams-1 sshd[7970]: Connection closed by invalid user admin 112.160.69.124 port 36139 [preauth]","@timestamp":"2022-09-19T09:19:51.441Z"}
{"@timestamp":"2022-09-19T09:20:35.202Z","@version":"1","message":"Sep 19 09:20:34 honeypot-sgp-1 sshd[984]: Received disconnect from 92.255.85.70 port 33628:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:22:05.240Z","@version":"1","message":"Sep 19 09:22:05 honeypot-sgp-1 sshd[989]: Disconnected from authenticating user root 117.52.173.97 port 47438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:22:17 honeypot-ams-1 sshd[7974]: Invalid user tuxedo from 193.106.191.157 port 38354","@timestamp":"2022-09-19T09:22:18.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:23:44 honeypot-fra-1 sshd[32418]: Disconnected from authenticating user root 20.239.69.124 port 41414 [preauth]","@timestamp":"2022-09-19T09:23:44.952Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:26:22.346Z","@version":"1","message":"Sep 19 09:26:21 honeypot-sgp-1 sshd[996]: Received disconnect from 159.65.224.135 port 44238:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:29:19 honeypot-ams-1 kernel: [84456338.437729] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=13.57.206.196 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=55367 PROTO=TCP SPT=59758 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:29:19.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:30:01 honeypot-fra-1 kernel: [84454206.413026] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.6.232.7 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35837 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:30:02.096Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:33:32 honeypot-ams-1 kernel: [84456591.729055] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=79 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=16382 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:33:32.809Z"}
{"@timestamp":"2022-09-19T09:34:17.540Z","@version":"1","message":"Sep 19 09:34:16 honeypot-sgp-1 sshd[1004]: Invalid user sienna from 164.163.96.253 port 49456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:35:43 honeypot-fra-1 sshd[32426]: Received disconnect from 41.93.31.73 port 43232:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:35:44.223Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:36:13.588Z","@version":"1","message":"Sep 19 09:36:13 honeypot-sgp-1 sshd[1010]: Did not receive identification string from 201.219.232.9 port 51966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:38:15 honeypot-ams-1 sshd[7984]: Connection closed by invalid user tuxedo 193.106.191.157 port 49154 [preauth]","@timestamp":"2022-09-19T09:38:15.937Z"}
{"@timestamp":"2022-09-19T09:40:40.699Z","@version":"1","message":"Sep 19 09:40:40 honeypot-sgp-1 sshd[1016]: Did not receive identification string from 201.219.232.9 port 56418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:44:11 honeypot-fra-1 sshd[32430]: Invalid user ftp from 92.255.85.69 port 19938","@timestamp":"2022-09-19T09:44:11.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:46:03 honeypot-fra-1 sshd[32434]: Invalid user tuxedo from 193.106.191.157 port 58394","@timestamp":"2022-09-19T09:46:03.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:46:11 honeypot-ams-1 sshd[7988]: Connection closed by invalid user oot 103.188.176.251 port 55986 [preauth]","@timestamp":"2022-09-19T09:46:11.143Z"}
{"@timestamp":"2022-09-19T09:46:44.847Z","@version":"1","message":"Sep 19 09:46:44 honeypot-sgp-1 sshd[1026]: Invalid user ftp from 92.255.85.69 port 29530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:48:55.905Z","@version":"1","message":"Sep 19 09:48:54 honeypot-sgp-1 sshd[1029]: Did not receive identification string from 201.219.232.9 port 43532","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:50:23 honeypot-fra-1 sshd[32439]: Disconnecting authenticating user root 2.182.71.61 port 50495: Too many authentication failures [preauth]","@timestamp":"2022-09-19T09:50:23.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:24 honeypot-ams-1 sshd[7993]: Received disconnect from 45.61.186.249 port 42838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:50:25.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:46 honeypot-ams-1 sshd[7997]: Received disconnect from 45.61.186.249 port 37470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:50:47.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:04 honeypot-ams-1 sshd[8001]: Received disconnect from 45.61.186.249 port 60322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:51:04.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:20 honeypot-ams-1 sshd[8006]: Received disconnect from 45.61.186.249 port 54948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:51:21.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:51 honeypot-ams-1 sshd[8010]: Received disconnect from 201.17.133.138 port 53534:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:51:52.301Z"}
{"@timestamp":"2022-09-19T09:54:35.048Z","@version":"1","message":"Sep 19 09:54:34 honeypot-sgp-1 sshd[1036]: Connection closed by 201.219.232.9 port 34184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:55:56 honeypot-fra-1 sshd[32446]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.213.35 port 59270","@timestamp":"2022-09-19T09:55:56.694Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:59:39.173Z","@version":"1","message":"Sep 19 09:59:39 honeypot-sgp-1 sshd[1047]: Connection closed by invalid user hxeadm 179.60.147.69 port 5134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:01:57 honeypot-ams-1 sshd[8016]: Received disconnect from 175.29.122.43 port 33880:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:01:57.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:03 honeypot-ams-1 sshd[8020]: Disconnected from invalid user ubnt 175.29.122.43 port 34006 [preauth]","@timestamp":"2022-09-19T10:02:03.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:08 honeypot-ams-1 sshd[8026]: Disconnected from authenticating user root 175.29.122.43 port 34458 [preauth]","@timestamp":"2022-09-19T10:02:08.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:13 honeypot-ams-1 sshd[8033]: Disconnected from authenticating user root 175.29.122.43 port 34504 [preauth]","@timestamp":"2022-09-19T10:02:13.575Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:18 honeypot-ams-1 sshd[8039]: Disconnected from authenticating user root 175.29.122.43 port 34946 [preauth]","@timestamp":"2022-09-19T10:02:19.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:23 honeypot-ams-1 sshd[8045]: Disconnected from authenticating user root 175.29.122.43 port 34994 [preauth]","@timestamp":"2022-09-19T10:02:23.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:27 honeypot-ams-1 sshd[8051]: Disconnected from authenticating user root 175.29.122.43 port 35428 [preauth]","@timestamp":"2022-09-19T10:02:28.585Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:32 honeypot-ams-1 sshd[8057]: Disconnected from authenticating user root 175.29.122.43 port 35476 [preauth]","@timestamp":"2022-09-19T10:02:33.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:38 honeypot-ams-1 sshd[8063]: Disconnected from authenticating user root 175.29.122.43 port 35908 [preauth]","@timestamp":"2022-09-19T10:02:38.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:42 honeypot-ams-1 sshd[8069]: Disconnected from authenticating user root 175.29.122.43 port 35964 [preauth]","@timestamp":"2022-09-19T10:02:43.594Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:47 honeypot-ams-1 sshd[8075]: Disconnected from authenticating user root 175.29.122.43 port 36396 [preauth]","@timestamp":"2022-09-19T10:02:48.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:52 honeypot-ams-1 sshd[8081]: Disconnected from authenticating user root 175.29.122.43 port 36452 [preauth]","@timestamp":"2022-09-19T10:02:52.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:57 honeypot-ams-1 sshd[8089]: Received disconnect from 175.29.122.43 port 36872:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:57.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:00 honeypot-ams-1 sshd[8093]: Invalid user admin from 175.29.122.43 port 36918","@timestamp":"2022-09-19T10:03:00.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:03 honeypot-ams-1 sshd[8097]: Invalid user admin from 175.29.122.43 port 36970","@timestamp":"2022-09-19T10:03:03.608Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:06 honeypot-ams-1 sshd[8102]: Invalid user admin from 175.29.122.43 port 37412","@timestamp":"2022-09-19T10:03:06.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:08 honeypot-ams-1 sshd[8104]: Disconnected from invalid user admin 175.29.122.43 port 37448 [preauth]","@timestamp":"2022-09-19T10:03:08.611Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:11 honeypot-ams-1 sshd[8108]: Disconnected from invalid user admin 175.29.122.43 port 37510 [preauth]","@timestamp":"2022-09-19T10:03:11.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:14 honeypot-ams-1 sshd[8112]: Disconnected from invalid user user 175.29.122.43 port 37884 [preauth]","@timestamp":"2022-09-19T10:03:15.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:20 honeypot-ams-1 sshd[8118]: Received disconnect from 175.29.122.43 port 38052:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:21.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:24 honeypot-ams-1 sshd[8122]: Received disconnect from 175.29.122.43 port 38382:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:24.623Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:27 honeypot-ams-1 sshd[8126]: Received disconnect from 175.29.122.43 port 38548:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:27.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:30 honeypot-ams-1 sshd[8130]: Received disconnect from 175.29.122.43 port 38618:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:30.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:34 honeypot-ams-1 sshd[8134]: Received disconnect from 175.29.122.43 port 38758:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:34.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:36 honeypot-ams-1 sshd[8138]: Received disconnect from 175.29.122.43 port 39120:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:37.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:41 honeypot-ams-1 sshd[8142]: Received disconnect from 175.29.122.43 port 39226:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:41.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:44 honeypot-ams-1 sshd[8146]: Received disconnect from 175.29.122.43 port 39542:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:44.637Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:47 honeypot-ams-1 sshd[8150]: Received disconnect from 175.29.122.43 port 39726:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:47.639Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:03:51 honeypot-ams-1 kernel: [84458410.283209] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=62824 PROTO=TCP SPT=55274 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:03:51.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:53 honeypot-ams-1 sshd[8158]: Invalid user cirros from 175.29.122.43 port 39920","@timestamp":"2022-09-19T10:03:53.642Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:04:43 honeypot-fra-1 kernel: [84456287.701723] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=22218 PROTO=TCP SPT=40817 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:04:43.895Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:09:45 honeypot-fra-1 sshd[32457]: Received disconnect from 92.255.85.69 port 51554:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:09:46.011Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:10:59.450Z","@version":"1","message":"Sep 19 10:10:58 honeypot-sgp-1 sshd[1055]: Received disconnect from 186.215.100.34 port 62213:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:12:57 honeypot-ams-1 kernel: [84458956.722580] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=84 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=16346 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:12:57.877Z"}
{"@timestamp":"2022-09-19T10:13:28.517Z","@version":"1","message":"Sep 19 10:13:28 honeypot-sgp-1 sshd[1059]: Received disconnect from 92.255.85.70 port 21094:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:14:29 honeypot-fra-1 sshd[32462]: Disconnected from invalid user qye 143.110.179.172 port 42498 [preauth]","@timestamp":"2022-09-19T10:14:30.118Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:17:02.605Z","@version":"1","message":"Sep 19 10:17:01 honeypot-sgp-1 CRON[1064]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:18:10 honeypot-ams-1 sshd[8167]: Disconnected from invalid user ubuntu 92.255.85.70 port 15738 [preauth]","@timestamp":"2022-09-19T10:18:11.013Z"}
{"@timestamp":"2022-09-19T10:19:52.675Z","@version":"1","message":"Sep 19 10:19:52 honeypot-sgp-1 sshd[1071]: Disconnected from authenticating user root 143.244.158.100 port 46786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:20:58.706Z","@version":"1","message":"Sep 19 10:20:58 honeypot-sgp-1 kernel: [84458960.009950] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.189.31.234 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=44109 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:22:23.743Z","@version":"1","message":"Sep 19 10:22:22 honeypot-sgp-1 sshd[1082]: Disconnected from authenticating user root 143.244.158.100 port 57232 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:23:55.784Z","@version":"1","message":"Sep 19 10:23:55 honeypot-sgp-1 sshd[1089]: Invalid user user from 45.61.187.160 port 50894","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:03.789Z","@version":"1","message":"Sep 19 10:24:03 honeypot-sgp-1 sshd[1093]: Received disconnect from 45.61.187.160 port 34182:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:21.798Z","@version":"1","message":"Sep 19 10:24:21 honeypot-sgp-1 sshd[1097]: Received disconnect from 45.61.187.160 port 57198:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:37.805Z","@version":"1","message":"Sep 19 10:24:37 honeypot-sgp-1 sshd[1101]: Received disconnect from 45.61.187.160 port 51984:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:48.811Z","@version":"1","message":"Sep 19 10:24:48 honeypot-sgp-1 sshd[1105]: Disconnected from authenticating user root 143.244.158.100 port 59324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:25:40.835Z","@version":"1","message":"Sep 19 10:25:40 honeypot-sgp-1 sshd[1111]: Received disconnect from 111.202.249.76 port 2620:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:26:03 honeypot-fra-1 sshd[32468]: ssh_dispatch_run_fatal: Connection from 136.52.13.251 port 60927: Connection corrupted [preauth]","@timestamp":"2022-09-19T10:26:04.393Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:28:01.893Z","@version":"1","message":"Sep 19 10:28:01 honeypot-sgp-1 sshd[1118]: Received disconnect from 143.244.158.100 port 33234:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:29:17.927Z","@version":"1","message":"Sep 19 10:29:17 honeypot-sgp-1 sshd[1122]: Connection reset by 61.177.173.51 port 58446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:31:19.001Z","@version":"1","message":"Sep 19 10:31:18 honeypot-sgp-1 sshd[1131]: Received disconnect from 143.244.158.100 port 36192:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:33:39.061Z","@version":"1","message":"Sep 19 10:33:38 honeypot-sgp-1 kernel: [84459720.601364] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=56857 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:35:30.109Z","@version":"1","message":"Sep 19 10:35:29 honeypot-sgp-1 sshd[1145]: Disconnected from authenticating user root 143.244.158.100 port 52160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:36:29 honeypot-fra-1 sshd[32472]: Received disconnect from 92.255.85.70 port 16084:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:36:29.624Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:37:56.171Z","@version":"1","message":"Sep 19 10:37:55 honeypot-sgp-1 sshd[1151]: Received disconnect from 143.244.158.100 port 49310:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:38:33 honeypot-ams-1 kernel: [84460492.028942] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=2786 PROTO=TCP SPT=57874 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:38:33.538Z"}
{"@timestamp":"2022-09-19T10:39:08.203Z","@version":"1","message":"Sep 19 10:39:07 honeypot-sgp-1 kernel: [84460049.631075] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=37392 PROTO=TCP SPT=43909 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:40:25.238Z","@version":"1","message":"Sep 19 10:40:24 honeypot-sgp-1 sshd[1162]: Disconnected from authenticating user root 143.244.158.100 port 38310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:42:23.289Z","@version":"1","message":"Sep 19 10:42:22 honeypot-sgp-1 sshd[1169]: Invalid user admin from 92.255.85.69 port 42856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:42:57.305Z","@version":"1","message":"Sep 19 10:42:56 honeypot-sgp-1 sshd[1173]: Received disconnect from 143.244.158.100 port 56020:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:44:03 honeypot-ams-1 sshd[8177]: Invalid user admin from 92.255.85.69 port 60222","@timestamp":"2022-09-19T10:44:03.682Z"}
{"@timestamp":"2022-09-19T10:44:39.348Z","@version":"1","message":"Sep 19 10:44:38 honeypot-sgp-1 sshd[1178]: Received disconnect from 143.244.158.100 port 49810:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32494]: Did not receive identification string from 20.16.187.32 port 58662","@timestamp":"2022-09-19T10:46:02.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32497]: Connection closed by invalid user es 20.16.187.32 port 35832 [preauth]","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32501]: Connection closed by invalid user mcserv 20.16.187.32 port 35886 [preauth]","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32511]: Invalid user ts3srv from 20.16.187.32 port 35890","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32512]: Connection closed by invalid user oracle 20.16.187.32 port 35848 [preauth]","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32517]: Invalid user esuser from 20.16.187.32 port 35856","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:46:19.390Z","@version":"1","message":"Sep 19 10:46:19 honeypot-sgp-1 sshd[1183]: Disconnected from authenticating user root 143.244.158.100 port 50710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:48:48.453Z","@version":"1","message":"Sep 19 10:48:47 honeypot-sgp-1 sshd[1189]: Disconnected from authenticating user root 143.244.158.100 port 41758 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:49:38 honeypot-fra-1 sshd[32531]: Received disconnect from 172.79.124.130 port 11483:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:49:38.935Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:50:05.485Z","@version":"1","message":"Sep 19 10:50:05 honeypot-sgp-1 sshd[1209]: Received disconnect from 61.177.173.46 port 13986:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:50:44 honeypot-ams-1 kernel: [84461223.075966] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.2 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59647 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:50:44.870Z"}
{"@timestamp":"2022-09-19T10:52:04.536Z","@version":"1","message":"Sep 19 10:52:03 honeypot-sgp-1 sshd[1218]: Received disconnect from 143.244.158.100 port 53022:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:53:44.578Z","@version":"1","message":"Sep 19 10:53:44 honeypot-sgp-1 sshd[1223]: Disconnected from authenticating user root 143.244.158.100 port 54702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:55:33 honeypot-fra-1 kernel: [84459337.358743] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42895 PROTO=TCP SPT=44875 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:55:34.065Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:56:17.697Z","@version":"1","message":"Sep 19 10:56:16 honeypot-sgp-1 sshd[1231]: Received disconnect from 143.244.158.100 port 33106:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:57:59.742Z","@version":"1","message":"Sep 19 10:57:58 honeypot-sgp-1 sshd[1235]: Received disconnect from 143.244.158.100 port 42392:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32553]: Invalid user ubuntu from 121.4.171.124 port 54130","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32542]: Invalid user admin from 121.4.171.124 port 54124","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:37 honeypot-fra-1 sshd[32544]: Connection closed by invalid user testuser 121.4.171.124 port 54082 [preauth]","@timestamp":"2022-09-19T10:59:38.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:00:28.808Z","@version":"1","message":"Sep 19 11:00:28 honeypot-sgp-1 sshd[1243]: Received disconnect from 143.244.158.100 port 45242:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:00:42 honeypot-ams-1 kernel: [84461821.592797] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42123 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:00:43.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:00:42 honeypot-fra-1 kernel: [84459646.839514] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.194.90 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52670 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:00:43.186Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:02:11.852Z","@version":"1","message":"Sep 19 11:02:11 honeypot-sgp-1 sshd[1248]: Disconnected from authenticating user root 143.244.158.100 port 49034 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:06:50.965Z","@version":"1","message":"Sep 19 11:06:50 honeypot-sgp-1 kernel: [84461711.881656] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=72.68.192.9 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=21964 PROTO=TCP SPT=45247 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:08:07 honeypot-fra-1 sshd[32573]: Disconnected from invalid user ubnt 92.255.85.70 port 58102 [preauth]","@timestamp":"2022-09-19T11:08:07.350Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:09:04.021Z","@version":"1","message":"Sep 19 11:09:03 honeypot-sgp-1 kernel: [84461844.899337] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=31508 DF PROTO=TCP SPT=8334 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:09:32 honeypot-ams-1 kernel: [84462351.199736] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.166 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40952 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-19T11:09:32.365Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:12:34 honeypot-fra-1 sshd[32578]: Connection closed by invalid user tuxedo 193.106.191.157 port 54188 [preauth]","@timestamp":"2022-09-19T11:12:34.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:12:37.110Z","@version":"1","message":"Sep 19 11:12:36 honeypot-sgp-1 kernel: [84462057.932429] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=3980 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:13:59 honeypot-ams-1 kernel: [84462618.207858] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.64.89 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=27123 DF PROTO=TCP SPT=52049 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T11:13:59.483Z"}
{"@timestamp":"2022-09-19T11:17:02.219Z","@version":"1","message":"Sep 19 11:17:01 honeypot-sgp-1 CRON[1265]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:17:01 honeypot-ams-1 CRON[8192]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T11:17:02.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:17:35 honeypot-fra-1 kernel: [84460660.169562] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.96 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57812 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-19T11:17:36.565Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:19:23.278Z","@version":"1","message":"Sep 19 11:19:22 honeypot-sgp-1 sshd[1271]: Disconnected from authenticating user root 61.177.173.37 port 45159 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:20:55 honeypot-ams-1 kernel: [84463034.429434] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=53766 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:20:55.673Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:00 honeypot-ams-1 sshd[8200]: Received disconnect from 179.86.56.96 port 48123:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:00.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:03 honeypot-ams-1 sshd[8204]: Disconnected from authenticating user root 179.86.56.96 port 48222 [preauth]","@timestamp":"2022-09-19T11:25:03.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:09 honeypot-ams-1 sshd[8211]: Disconnected from authenticating user root 179.86.56.96 port 48385 [preauth]","@timestamp":"2022-09-19T11:25:09.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:14 honeypot-ams-1 sshd[8217]: Disconnected from authenticating user root 179.86.56.96 port 48534 [preauth]","@timestamp":"2022-09-19T11:25:14.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:19 honeypot-ams-1 sshd[8225]: Received disconnect from 179.86.56.96 port 48679:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:20.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:25 honeypot-ams-1 sshd[8231]: Received disconnect from 179.86.56.96 port 48822:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:25.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:30 honeypot-ams-1 sshd[8219]: Connection closed by invalid user tuxedo 193.106.191.157 port 60508 [preauth]","@timestamp":"2022-09-19T11:25:30.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:34 honeypot-ams-1 sshd[8241]: Disconnected from authenticating user root 179.86.56.96 port 49058 [preauth]","@timestamp":"2022-09-19T11:25:34.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:39 honeypot-ams-1 sshd[8247]: Disconnected from authenticating user root 179.86.56.96 port 49210 [preauth]","@timestamp":"2022-09-19T11:25:39.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:44 honeypot-ams-1 sshd[8253]: Disconnected from authenticating user root 179.86.56.96 port 49359 [preauth]","@timestamp":"2022-09-19T11:25:44.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:50 honeypot-ams-1 sshd[8259]: Disconnected from authenticating user root 179.86.56.96 port 49507 [preauth]","@timestamp":"2022-09-19T11:25:50.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:55 honeypot-ams-1 sshd[8265]: Disconnected from authenticating user root 179.86.56.96 port 49650 [preauth]","@timestamp":"2022-09-19T11:25:55.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:00 honeypot-ams-1 sshd[8271]: Disconnected from authenticating user root 179.86.56.96 port 49807 [preauth]","@timestamp":"2022-09-19T11:26:00.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:04 honeypot-ams-1 sshd[8275]: Disconnected from invalid user admin 179.86.56.96 port 49912 [preauth]","@timestamp":"2022-09-19T11:26:04.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:07 honeypot-ams-1 sshd[8279]: Disconnected from invalid user admin 179.86.56.96 port 50024 [preauth]","@timestamp":"2022-09-19T11:26:08.830Z"}
{"@timestamp":"2022-09-19T11:26:09.440Z","@version":"1","message":"Sep 19 11:26:08 honeypot-sgp-1 sshd[1282]: Received disconnect from 206.189.197.134 port 59444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:11 honeypot-ams-1 sshd[8283]: Disconnected from invalid user admin 179.86.56.96 port 50116 [preauth]","@timestamp":"2022-09-19T11:26:11.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:14 honeypot-ams-1 sshd[8287]: Disconnected from invalid user admin 179.86.56.96 port 50228 [preauth]","@timestamp":"2022-09-19T11:26:15.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:18 honeypot-ams-1 sshd[8291]: Disconnected from invalid user admin 179.86.56.96 port 50326 [preauth]","@timestamp":"2022-09-19T11:26:18.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:23 honeypot-ams-1 sshd[8297]: Received disconnect from 179.86.56.96 port 50478:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:23.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:27 honeypot-ams-1 sshd[8301]: Received disconnect from 179.86.56.96 port 50595:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:27.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:30 honeypot-ams-1 sshd[8305]: Received disconnect from 179.86.56.96 port 50698:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:31.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:34 honeypot-ams-1 sshd[8309]: Received disconnect from 179.86.56.96 port 50802:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:34.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:38 honeypot-ams-1 sshd[8313]: Received disconnect from 179.86.56.96 port 50910:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:38.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:41 honeypot-ams-1 sshd[8317]: Received disconnect from 179.86.56.96 port 51007:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:42.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:45 honeypot-ams-1 sshd[8321]: Received disconnect from 179.86.56.96 port 51111:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:45.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:49 honeypot-ams-1 sshd[8325]: Received disconnect from 179.86.56.96 port 51226:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:49.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:52 honeypot-ams-1 sshd[8329]: Received disconnect from 179.86.56.96 port 51321:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:52.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:56 honeypot-ams-1 sshd[8333]: Received disconnect from 179.86.56.96 port 51428:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:56.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:59 honeypot-ams-1 sshd[8337]: Invalid user test from 179.86.56.96 port 51515","@timestamp":"2022-09-19T11:26:59.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:27:02 honeypot-ams-1 sshd[8341]: Invalid user cirros from 179.86.56.96 port 51612","@timestamp":"2022-09-19T11:27:03.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:30:18 honeypot-fra-1 kernel: [84461423.039889] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58819 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:30:19.840Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:36:42.692Z","@version":"1","message":"Sep 19 11:36:42 honeypot-sgp-1 kernel: [84463504.170111] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.199.78.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1886 PROTO=TCP SPT=45899 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:36:44 honeypot-fra-1 sshd[32593]: Received disconnect from 171.244.139.236 port 28365:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:36:44.984Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:36:55 honeypot-ams-1 sshd[8346]: Received disconnect from 103.92.26.252 port 34450:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:36:56.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:40:59 honeypot-ams-1 sshd[8352]: Invalid user tuxedo from 193.106.191.157 port 43074","@timestamp":"2022-09-19T11:41:00.245Z"}
{"@timestamp":"2022-09-19T11:41:17.803Z","@version":"1","message":"Sep 19 11:41:17 honeypot-sgp-1 kernel: [84463778.797803] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.133 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=51493 PROTO=TCP SPT=17416 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:42:59 honeypot-fra-1 sshd[32598]: Received disconnect from 167.172.246.83 port 55554:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:43:00.123Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:44:00 honeypot-ams-1 kernel: [84464419.035518] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.7 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=44003 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:44:00.337Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:46:36 honeypot-fra-1 kernel: [84462400.553453] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=42794 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:46:37.206Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:46:49 honeypot-ams-1 sshd[8359]: Received disconnect from 92.255.85.70 port 63810:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:46:49.414Z"}
{"@timestamp":"2022-09-19T11:48:17.972Z","@version":"1","message":"Sep 19 11:48:17 honeypot-sgp-1 sshd[1308]: Received disconnect from 218.92.0.221 port 12456:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:49:42 honeypot-ams-1 sshd[8364]: Disconnected from authenticating user root 196.219.43.242 port 33990 [preauth]","@timestamp":"2022-09-19T11:49:43.492Z"}
{"@timestamp":"2022-09-19T11:54:32.124Z","@version":"1","message":"Sep 19 11:54:31 honeypot-sgp-1 sshd[1315]: Connection closed by invalid user apc 179.60.147.69 port 38614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:55:25 honeypot-ams-1 kernel: [84465104.064142] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.122.108.112 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=44730 PROTO=TCP SPT=28654 DPT=80 WINDOW=36913 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:55:25.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:55:36 honeypot-fra-1 sshd[32608]: Invalid user apc from 179.60.147.69 port 13266","@timestamp":"2022-09-19T11:55:36.420Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:56:04.163Z","@version":"1","message":"Sep 19 11:56:03 honeypot-sgp-1 sshd[1323]: Invalid user pi from 88.162.54.93 port 14776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:57:29.199Z","@version":"1","message":"Sep 19 11:57:28 honeypot-sgp-1 sshd[1327]: Received disconnect from 165.154.233.87 port 35498:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:00:50 honeypot-ams-1 sshd[8374]: Invalid user martin from 104.236.237.117 port 35171","@timestamp":"2022-09-19T12:00:51.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:04:03 honeypot-fra-1 sshd[32614]: Received disconnect from 137.184.225.163 port 44716:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:04:03.604Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:04:38.373Z","@version":"1","message":"Sep 19 12:04:38 honeypot-sgp-1 kernel: [84465179.829466] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.172.166.5 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=12883 DF PROTO=TCP SPT=56310 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:09:20.488Z","@version":"1","message":"Sep 19 12:09:19 honeypot-sgp-1 sshd[1337]: Invalid user alex from 103.221.223.252 port 48288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:10:18.515Z","@version":"1","message":"Sep 19 12:10:17 honeypot-sgp-1 sshd[1339]: Disconnected from invalid user cn 165.227.101.226 port 51002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:10:58 honeypot-ams-1 sshd[8377]: Connection closed by invalid user zxc 103.188.176.251 port 51912 [preauth]","@timestamp":"2022-09-19T12:10:59.055Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:12:25 honeypot-fra-1 sshd[32618]: Received disconnect from 92.255.85.70 port 44518:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:12:25.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:15:10.635Z","@version":"1","message":"Sep 19 12:15:09 honeypot-sgp-1 sshd[1346]: Disconnected from authenticating user root 61.177.173.47 port 27199 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:16:33 honeypot-ams-1 kernel: [84466371.969868] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23706 PROTO=TCP SPT=18431 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:16:33.204Z"}
{"@timestamp":"2022-09-19T12:17:39.698Z","@version":"1","message":"Sep 19 12:17:39 honeypot-sgp-1 sshd[1354]: Received disconnect from 61.177.172.104 port 17800:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:18:42.725Z","@version":"1","message":"Sep 19 12:18:42 honeypot-sgp-1 sshd[1358]: Disconnected from invalid user vm 161.82.233.179 port 52170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:19:42 honeypot-fra-1 kernel: [84464386.867357] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47669 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:19:42.957Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:22:52 honeypot-ams-1 sshd[8390]: Invalid user adminftp from 167.99.241.178 port 42088","@timestamp":"2022-09-19T12:22:53.392Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:23:52 honeypot-fra-1 sshd[32628]: Disconnected from authenticating user root 159.223.92.205 port 36548 [preauth]","@timestamp":"2022-09-19T12:23:53.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:29:56 honeypot-ams-1 kernel: [84467175.581716] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=39025 PROTO=TCP SPT=56430 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:29:57.576Z"}
{"@timestamp":"2022-09-19T12:30:27.007Z","@version":"1","message":"Sep 19 12:30:26 honeypot-sgp-1 sshd[1368]: Connection closed by authenticating user root 179.60.147.69 port 19824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:33:45 honeypot-ams-1 sshd[8400]: Connection closed by authenticating user root 179.60.147.69 port 30830 [preauth]","@timestamp":"2022-09-19T12:33:45.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:40:49 honeypot-fra-1 sshd[32636]: Invalid user ubnt from 92.255.85.69 port 26164","@timestamp":"2022-09-19T12:40:50.449Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:23 honeypot-fra-1 sshd[32641]: Did not receive identification string from 45.61.184.204 port 52778","@timestamp":"2022-09-19T12:46:23.575Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:46:27.395Z","@version":"1","message":"Sep 19 12:46:27 honeypot-sgp-1 sshd[1383]: Received disconnect from 218.92.0.221 port 23179:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:48 honeypot-fra-1 sshd[32644]: Disconnected from invalid user user 45.61.184.204 port 58670 [preauth]","@timestamp":"2022-09-19T12:46:48.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:07 honeypot-fra-1 sshd[32648]: Disconnected from invalid user user 45.61.184.204 port 53772 [preauth]","@timestamp":"2022-09-19T12:47:08.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:26 honeypot-fra-1 sshd[32652]: Disconnected from invalid user user 45.61.184.204 port 48918 [preauth]","@timestamp":"2022-09-19T12:47:26.606Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:47:49.431Z","@version":"1","message":"Sep 19 12:47:48 honeypot-sgp-1 sshd[1389]: Disconnected from invalid user ubnt 92.255.85.70 port 60062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:52:27 honeypot-ams-1 sshd[8417]: Did not receive identification string from 92.255.85.183 port 62155","@timestamp":"2022-09-19T12:52:28.164Z"}
{"@timestamp":"2022-09-19T12:57:15.661Z","@version":"1","message":"Sep 19 12:57:15 honeypot-sgp-1 sshd[1395]: Received disconnect from 61.177.173.47 port 24088:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:58:53 honeypot-fra-1 kernel: [84466737.889837] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.119 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=49496 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:58:54.858Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:59:38 honeypot-ams-1 kernel: [84468957.815150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44916 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:59:39.353Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:03:38 honeypot-ams-1 kernel: [84469197.152257] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38939 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:03:38.464Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:04:18 honeypot-fra-1 sshd[32661]: Invalid user liuzhe from 165.22.45.108 port 49356","@timestamp":"2022-09-19T13:04:18.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:06:32 honeypot-fra-1 kernel: [84467196.857287] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51982 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:06:33.047Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T13:06:48.890Z","@version":"1","message":"Sep 19 13:06:48 honeypot-sgp-1 sshd[1403]: Connection closed by authenticating user root 179.60.147.69 port 60278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:10:06 honeypot-ams-1 sshd[8425]: Connection closed by authenticating user root 179.60.147.69 port 47838 [preauth]","@timestamp":"2022-09-19T13:10:07.638Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:12:24 honeypot-fra-1 sshd[32670]: Received disconnect from 92.255.85.69 port 39772:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:12:25.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:17:01 honeypot-ams-1 CRON[8433]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T13:17:01.821Z"}
{"@timestamp":"2022-09-19T13:17:02.134Z","@version":"1","message":"Sep 19 13:17:01 honeypot-sgp-1 CRON[1412]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:18:30 honeypot-ams-1 sshd[8439]: Disconnected from invalid user oracle 137.184.113.110 port 60088 [preauth]","@timestamp":"2022-09-19T13:18:30.887Z"}
{"@timestamp":"2022-09-19T13:20:50.248Z","@version":"1","message":"Sep 19 13:20:49 honeypot-sgp-1 sshd[1421]: Received disconnect from 104.131.45.150 port 53352:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T13:23:20.313Z","@version":"1","message":"Sep 19 13:23:19 honeypot-sgp-1 kernel: [84469901.155753] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=47124 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:41 honeypot-fra-1 sshd[32677]: Invalid user admin from 128.199.160.207 port 54692","@timestamp":"2022-09-19T13:26:42.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:45 honeypot-fra-1 sshd[32683]: Invalid user admin from 128.199.160.207 port 54704","@timestamp":"2022-09-19T13:26:45.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:28:52 honeypot-fra-1 kernel: [84468536.152841] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=248 ID=17179 PROTO=TCP SPT=32027 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:28:52.549Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:30:08 honeypot-ams-1 sshd[8446]: Connection closed by invalid user admin 112.186.242.154 port 40164 [preauth]","@timestamp":"2022-09-19T13:30:09.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:02 honeypot-ams-1 sshd[8453]: Received disconnect from 95.251.178.212 port 60416:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:03.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:03 honeypot-ams-1 sshd[8457]: Disconnected from authenticating user root 95.251.178.212 port 60460 [preauth]","@timestamp":"2022-09-19T13:32:04.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:04 honeypot-ams-1 sshd[8463]: Disconnected from authenticating user root 95.251.178.212 port 60508 [preauth]","@timestamp":"2022-09-19T13:32:05.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:05 honeypot-ams-1 sshd[8469]: Disconnected from authenticating user root 95.251.178.212 port 60578 [preauth]","@timestamp":"2022-09-19T13:32:06.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:06 honeypot-ams-1 sshd[8475]: Disconnected from authenticating user root 95.251.178.212 port 60624 [preauth]","@timestamp":"2022-09-19T13:32:07.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:08 honeypot-ams-1 sshd[8481]: Disconnected from authenticating user root 95.251.178.212 port 60658 [preauth]","@timestamp":"2022-09-19T13:32:08.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:09 honeypot-ams-1 sshd[8487]: Disconnected from authenticating user root 95.251.178.212 port 60698 [preauth]","@timestamp":"2022-09-19T13:32:09.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:10 honeypot-ams-1 sshd[8493]: Disconnected from authenticating user root 95.251.178.212 port 60734 [preauth]","@timestamp":"2022-09-19T13:32:10.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:11 honeypot-ams-1 sshd[8499]: Disconnected from authenticating user root 95.251.178.212 port 60760 [preauth]","@timestamp":"2022-09-19T13:32:12.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:12 honeypot-ams-1 sshd[8505]: Disconnected from authenticating user root 95.251.178.212 port 60794 [preauth]","@timestamp":"2022-09-19T13:32:13.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:13 honeypot-ams-1 sshd[8511]: Disconnected from authenticating user root 95.251.178.212 port 32872 [preauth]","@timestamp":"2022-09-19T13:32:14.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:14 honeypot-ams-1 sshd[8517]: Disconnected from authenticating user root 95.251.178.212 port 32930 [preauth]","@timestamp":"2022-09-19T13:32:15.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:15 honeypot-ams-1 sshd[8523]: Received disconnect from 95.251.178.212 port 32972:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:16.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:16 honeypot-ams-1 sshd[8527]: Received disconnect from 95.251.178.212 port 33030:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:17.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8531]: Received disconnect from 95.251.178.212 port 33046:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:17.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8535]: Received disconnect from 95.251.178.212 port 33068:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8539]: Received disconnect from 95.251.178.212 port 33090:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:19 honeypot-ams-1 sshd[8543]: Received disconnect from 95.251.178.212 port 33126:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:20 honeypot-ams-1 sshd[8549]: Invalid user pi from 95.251.178.212 port 33154","@timestamp":"2022-09-19T13:32:21.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8554]: Invalid user user from 95.251.178.212 port 33170","@timestamp":"2022-09-19T13:32:21.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8553]: Invalid user leila from 178.128.217.58 port 58946","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8561]: Invalid user miner from 95.251.178.212 port 33208","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8565]: Invalid user volumio from 95.251.178.212 port 33482","@timestamp":"2022-09-19T13:32:23.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:23 honeypot-ams-1 sshd[8569]: Invalid user nagios from 95.251.178.212 port 33518","@timestamp":"2022-09-19T13:32:24.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:24 honeypot-ams-1 sshd[8573]: Invalid user vagrant from 95.251.178.212 port 33554","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8577]: Invalid user debian from 95.251.178.212 port 33572","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8581]: Invalid user debian from 95.251.178.212 port 33636","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8585]: Invalid user alarm from 95.251.178.212 port 33660","@timestamp":"2022-09-19T13:32:27.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:27 honeypot-ams-1 sshd[8589]: Invalid user test from 95.251.178.212 port 33674","@timestamp":"2022-09-19T13:32:28.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:28 honeypot-ams-1 sshd[8593]: Invalid user cirros from 95.251.178.212 port 33688","@timestamp":"2022-09-19T13:32:28.263Z"}
{"@timestamp":"2022-09-19T13:36:01.630Z","@version":"1","message":"Sep 19 13:36:01 honeypot-sgp-1 sshd[1436]: Did not receive identification string from 117.173.165.22 port 63362","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:36:52 honeypot-fra-1 sshd[32691]: Invalid user user from 45.61.187.160 port 60146","@timestamp":"2022-09-19T13:36:53.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:15 honeypot-fra-1 sshd[32695]: Invalid user user from 45.61.187.160 port 55316","@timestamp":"2022-09-19T13:37:15.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:26 honeypot-fra-1 sshd[32698]: Disconnected from invalid user user 45.61.187.160 port 38800 [preauth]","@timestamp":"2022-09-19T13:37:26.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:37 honeypot-fra-1 sshd[32702]: Disconnected from invalid user user 45.61.186.49 port 34992 [preauth]","@timestamp":"2022-09-19T13:37:37.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:41 honeypot-fra-1 sshd[32706]: Disconnected from invalid user user 45.61.186.49 port 40632 [preauth]","@timestamp":"2022-09-19T13:37:42.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:47 honeypot-fra-1 sshd[32710]: Disconnected from invalid user user 45.61.187.160 port 33974 [preauth]","@timestamp":"2022-09-19T13:37:47.757Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:42:48.798Z","@version":"1","message":"Sep 19 13:42:47 honeypot-sgp-1 sshd[1443]: Connection closed by authenticating user root 179.60.147.69 port 50906 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:45:23 honeypot-fra-1 kernel: [84469527.790925] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47917 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:45:23.929Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:46:09 honeypot-ams-1 sshd[8598]: Connection closed by authenticating user root 179.60.147.69 port 1766 [preauth]","@timestamp":"2022-09-19T13:46:10.616Z"}
{"@timestamp":"2022-09-19T13:49:36.968Z","@version":"1","message":"Sep 19 13:49:36 honeypot-sgp-1 sshd[1450]: Received disconnect from 61.177.173.53 port 57015:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:55:30 honeypot-ams-1 kernel: [84472309.900187] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=52187 PROTO=TCP SPT=13663 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:55:31.886Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:01:03 honeypot-fra-1 kernel: [84470467.041478] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=15174 PROTO=TCP SPT=53829 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:01:03.281Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T14:04:48.392Z","@version":"1","message":"Sep 19 14:04:47 honeypot-sgp-1 kernel: [84472389.285983] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.8.68.70 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=30812 DF PROTO=TCP SPT=53153 DPT=3389 WINDOW=65500 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:07:41 honeypot-ams-1 kernel: [84473040.146538] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=8550 PROTO=TCP SPT=55956 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:07:42.224Z"}
{"@timestamp":"2022-09-19T14:10:35.535Z","@version":"1","message":"Sep 19 14:10:35 honeypot-sgp-1 sshd[1464]: Received disconnect from 161.35.131.133 port 43410:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:11:57.573Z","@version":"1","message":"Sep 19 14:11:56 honeypot-sgp-1 sshd[1468]: Received disconnect from 83.56.9.96 port 59164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:43 honeypot-fra-1 sshd[32728]: Disconnecting authenticating user root 89.109.32.143 port 5182: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:12:43.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:47 honeypot-fra-1 sshd[32734]: error: maximum authentication attempts exceeded for invalid user admin from 89.109.32.143 port 6018 ssh2 [preauth]","@timestamp":"2022-09-19T14:12:47.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:50 honeypot-fra-1 sshd[32738]: Received disconnect from 89.109.32.143 port 6779:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:12:51.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:53 honeypot-fra-1 sshd[32742]: error: maximum authentication attempts exceeded for invalid user oracle from 89.109.32.143 port 7470 ssh2 [preauth]","@timestamp":"2022-09-19T14:12:54.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:56 honeypot-fra-1 sshd[32746]: error: maximum authentication attempts exceeded for invalid user usuario from 89.109.32.143 port 8190 ssh2 [preauth]","@timestamp":"2022-09-19T14:12:57.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:59 honeypot-fra-1 sshd[32750]: Received disconnect from 89.109.32.143 port 8966:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:00.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:02 honeypot-fra-1 sshd[32754]: error: maximum authentication attempts exceeded for invalid user test from 89.109.32.143 port 9620 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:03.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:05 honeypot-fra-1 sshd[32758]: error: maximum authentication attempts exceeded for invalid user user from 89.109.32.143 port 10233 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:06.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:09 honeypot-fra-1 sshd[32762]: Received disconnect from 89.109.32.143 port 11029:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:09.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:12 honeypot-fra-1 sshd[32766]: error: maximum authentication attempts exceeded for invalid user ftpuser from 89.109.32.143 port 11809 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:12.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:15 honeypot-fra-1 sshd[302]: error: maximum authentication attempts exceeded for invalid user test1 from 89.109.32.143 port 12485 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:15.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:16 honeypot-fra-1 sshd[304]: error: maximum authentication attempts exceeded for invalid user test1 from 89.109.32.143 port 12825 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:16.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:19 honeypot-fra-1 sshd[310]: error: maximum authentication attempts exceeded for invalid user test2 from 89.109.32.143 port 13372 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:19.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:22 honeypot-fra-1 sshd[314]: Received disconnect from 89.109.32.143 port 14181:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:22.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:25 honeypot-fra-1 sshd[318]: error: maximum authentication attempts exceeded for invalid user ubuntu from 89.109.32.143 port 14811 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:25.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:27 honeypot-fra-1 kernel: [84471211.515405] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.8.68.70 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=54424 DF PROTO=TCP SPT=62007 DPT=3389 WINDOW=65500 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:13:28.604Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:29 honeypot-fra-1 sshd[324]: Disconnected from invalid user duni 89.109.32.143 port 15729 [preauth]","@timestamp":"2022-09-19T14:13:29.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:32 honeypot-fra-1 sshd[328]: Disconnected from invalid user baikal 89.109.32.143 port 16370 [preauth]","@timestamp":"2022-09-19T14:13:32.608Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:15:58.672Z","@version":"1","message":"Sep 19 14:15:58 honeypot-sgp-1 sshd[1475]: Disconnected from invalid user tf 144.24.116.174 port 33768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:17:29 honeypot-ams-1 sshd[8611]: Invalid user backupadmin from 164.92.85.159 port 32978","@timestamp":"2022-09-19T14:17:30.481Z"}
{"@timestamp":"2022-09-19T14:19:01.750Z","@version":"1","message":"Sep 19 14:19:00 honeypot-sgp-1 sshd[1483]: Connection closed by authenticating user root 179.60.147.69 port 25838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:20:50 honeypot-fra-1 sshd[339]: Invalid user rancid from 36.68.78.46 port 14734","@timestamp":"2022-09-19T14:20:50.769Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:21:56 honeypot-ams-1 sshd[8616]: Invalid user ftpuser from 92.255.85.69 port 35506","@timestamp":"2022-09-19T14:21:56.595Z"}
{"@timestamp":"2022-09-19T14:22:55.850Z","@version":"1","message":"Sep 19 14:22:55 honeypot-sgp-1 sshd[1489]: Did not receive identification string from 45.61.186.49 port 43642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:23:18.862Z","@version":"1","message":"Sep 19 14:23:18 honeypot-sgp-1 sshd[1492]: Disconnected from invalid user user 45.61.186.49 port 54652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:23:30.869Z","@version":"1","message":"Sep 19 14:23:29 honeypot-sgp-1 sshd[1496]: Disconnected from invalid user user 45.61.186.49 port 37912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:27:14.964Z","@version":"1","message":"Sep 19 14:27:14 honeypot-sgp-1 sshd[1503]: Received disconnect from 61.177.173.50 port 62014:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:28:47 honeypot-fra-1 sshd[342]: Disconnected from authenticating user root 202.73.11.37 port 58332 [preauth]","@timestamp":"2022-09-19T14:28:47.946Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:31:24 honeypot-fra-1 kernel: [84472288.232678] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=40629 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:31:25.138Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:31:48 honeypot-ams-1 sshd[8621]: Did not receive identification string from 46.19.141.122 port 52044","@timestamp":"2022-09-19T14:31:48.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:32:20 honeypot-ams-1 sshd[8626]: Invalid user admin from 46.19.141.122 port 46204","@timestamp":"2022-09-19T14:32:20.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:33:13 honeypot-ams-1 sshd[8630]: Received disconnect from 46.19.141.122 port 40030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:33:13.925Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:01 honeypot-ams-1 sshd[8634]: Received disconnect from 46.19.141.122 port 56692:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:34:01.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:50 honeypot-ams-1 sshd[8638]: Received disconnect from 46.19.141.122 port 47008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:34:50.972Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:35:45 honeypot-ams-1 sshd[8645]: Invalid user ubnt from 46.19.141.122 port 39076","@timestamp":"2022-09-19T14:35:45.999Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:36:14 honeypot-ams-1 sshd[8647]: Disconnected from invalid user usuario 46.19.141.122 port 36302 [preauth]","@timestamp":"2022-09-19T14:36:15.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:37:14 honeypot-ams-1 sshd[8651]: Disconnected from invalid user 1234 46.19.141.122 port 58884 [preauth]","@timestamp":"2022-09-19T14:37:15.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:38:51 honeypot-ams-1 sshd[8657]: Invalid user telnet from 46.19.141.122 port 51498","@timestamp":"2022-09-19T14:38:52.094Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:39:59 honeypot-ams-1 sshd[8661]: Disconnected from authenticating user root 46.19.141.122 port 44922 [preauth]","@timestamp":"2022-09-19T14:40:00.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:41:55 honeypot-ams-1 sshd[8670]: Received disconnect from 119.159.226.149 port 51892:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:41:56.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:42:36 honeypot-fra-1 sshd[353]: Received disconnect from 92.255.85.69 port 35888:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:42:37.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:42:39 honeypot-ams-1 sshd[8674]: Disconnected from invalid user admin 46.19.141.122 port 35444 [preauth]","@timestamp":"2022-09-19T14:42:40.201Z"}
{"@timestamp":"2022-09-19T14:43:43.366Z","@version":"1","message":"Sep 19 14:43:42 honeypot-sgp-1 kernel: [84474724.102954] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=55731 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[358]: Invalid user ubuntu from 101.100.242.83 port 53518","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[365]: Invalid user admin from 101.100.242.83 port 53500","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[378]: Invalid user ftptest from 101.100.242.83 port 53572","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[377]: Invalid user elastic from 101.100.242.83 port 53502","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[358]: Connection closed by invalid user ubuntu 101.100.242.83 port 53518 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[367]: Connection closed by invalid user oracle 101.100.242.83 port 53516 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[359]: Connection closed by invalid user testuser 101.100.242.83 port 53534 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[374]: Connection closed by invalid user ftpuser 101.100.242.83 port 53544 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:39 honeypot-fra-1 sshd[384]: Connection closed by invalid user ubuntu 101.100.242.83 port 53530 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:49:41.515Z","@version":"1","message":"Sep 19 14:49:41 honeypot-sgp-1 kernel: [84475082.725181] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=238 ID=37694 PROTO=TCP SPT=43128 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:51:26 honeypot-ams-1 sshd[8680]: Received disconnect from 92.255.85.70 port 59416:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:51:26.433Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:54:01 honeypot-fra-1 sshd[422]: Invalid user pi from 91.160.19.34 port 5864","@timestamp":"2022-09-19T14:54:01.673Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:56:47.708Z","@version":"1","message":"Sep 19 14:56:47 honeypot-sgp-1 sshd[1523]: Disconnected from authenticating user root 61.177.173.46 port 10786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:57:12 honeypot-ams-1 kernel: [84476011.159262] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.95 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23257 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:57:12.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:59:07 honeypot-ams-1 sshd[8687]: Received disconnect from 46.101.207.32 port 33670:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:59:08.631Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:59:12 honeypot-fra-1 sshd[427]: Received disconnect from 165.22.45.108 port 55242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:59:13.797Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:00:59.815Z","@version":"1","message":"Sep 19 15:00:58 honeypot-sgp-1 sshd[1530]: Received disconnect from 61.177.173.47 port 38349:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:04:42.908Z","@version":"1","message":"Sep 19 15:04:42 honeypot-sgp-1 kernel: [84475983.482974] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=51958 PROTO=TCP SPT=59603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:05:07 honeypot-fra-1 sshd[432]: Disconnected from invalid user tsai 105.174.16.46 port 39269 [preauth]","@timestamp":"2022-09-19T15:05:07.932Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:12:06.089Z","@version":"1","message":"Sep 19 15:12:05 honeypot-sgp-1 sshd[1543]: Disconnected from authenticating user root 218.92.0.221 port 21087 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:13:33 honeypot-ams-1 kernel: [84476992.591063] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35450 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:13:34.007Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:15:41 honeypot-fra-1 sshd[438]: Disconnected from authenticating user root 159.203.113.193 port 40932 [preauth]","@timestamp":"2022-09-19T15:15:41.184Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:17:02.215Z","@version":"1","message":"Sep 19 15:17:01 honeypot-sgp-1 CRON[1548]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:18:55.264Z","@version":"1","message":"Sep 19 15:18:54 honeypot-sgp-1 sshd[1557]: Invalid user samba from 118.27.25.96 port 56210","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:20:43 honeypot-ams-1 sshd[8695]: Disconnected from invalid user squid 92.255.85.70 port 61684 [preauth]","@timestamp":"2022-09-19T15:20:43.189Z"}
{"@timestamp":"2022-09-19T15:24:33.401Z","@version":"1","message":"Sep 19 15:24:32 honeypot-sgp-1 sshd[1562]: Received disconnect from 61.177.173.53 port 44479:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:30:22.545Z","@version":"1","message":"Sep 19 15:30:21 honeypot-sgp-1 kernel: [84477523.036416] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.86.202.226 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=56106 DF PROTO=TCP SPT=27805 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:32:25.599Z","@version":"1","message":"Sep 19 15:32:24 honeypot-sgp-1 sshd[1573]: Received disconnect from 112.65.128.90 port 42562:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:32:48 honeypot-fra-1 sshd[447]: Connection closed by invalid user cloudera 179.60.147.69 port 4186 [preauth]","@timestamp":"2022-09-19T15:32:49.581Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:34:51.679Z","@version":"1","message":"Sep 19 15:34:51 honeypot-sgp-1 sshd[1577]: Received disconnect from 41.85.251.8 port 52152:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:41:35 honeypot-ams-1 kernel: [84478674.015397] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=45543 PROTO=TCP SPT=61003 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:41:35.743Z"}
{"@timestamp":"2022-09-19T15:43:18.880Z","@version":"1","message":"Sep 19 15:43:18 honeypot-sgp-1 kernel: [84478299.682267] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=42395 PROTO=TCP SPT=13026 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:44:14 honeypot-fra-1 sshd[450]: Invalid user admin from 141.98.10.158 port 58836","@timestamp":"2022-09-19T15:44:14.840Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:45:20.931Z","@version":"1","message":"Sep 19 15:45:19 honeypot-sgp-1 sshd[1589]: Received disconnect from 128.199.82.76 port 60784:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:47:46 honeypot-ams-1 kernel: [84479045.827178] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:47:47.915Z"}
{"@timestamp":"2022-09-19T15:48:10.001Z","@version":"1","message":"Sep 19 15:48:09 honeypot-sgp-1 sshd[1596]: Invalid user user from 45.61.186.249 port 52260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:30.012Z","@version":"1","message":"Sep 19 15:48:29 honeypot-sgp-1 sshd[1601]: Invalid user user from 45.61.186.249 port 46560","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:49.022Z","@version":"1","message":"Sep 19 15:48:48 honeypot-sgp-1 sshd[1605]: Invalid user user from 45.61.186.249 port 40944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:58.026Z","@version":"1","message":"Sep 19 15:48:57 honeypot-sgp-1 sshd[1609]: Received disconnect from 45.61.186.249 port 52232:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:49:30.041Z","@version":"1","message":"Sep 19 15:49:29 honeypot-sgp-1 sshd[1615]: Disconnected from invalid user monitor 203.172.41.149 port 6170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:52:07.108Z","@version":"1","message":"Sep 19 15:52:06 honeypot-sgp-1 sshd[1620]: Invalid user glassfish from 139.59.248.243 port 56828","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:52:08 honeypot-ams-1 sshd[8706]: Disconnected from authenticating user root 92.255.85.70 port 15484 [preauth]","@timestamp":"2022-09-19T15:52:09.032Z"}
{"@timestamp":"2022-09-19T15:52:57.130Z","@version":"1","message":"Sep 19 15:52:56 honeypot-sgp-1 sshd[1624]: Received disconnect from 61.177.173.51 port 50701:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:53:02 honeypot-fra-1 sshd[456]: Received disconnect from 13.76.166.169 port 35824:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:53:02.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:55:47.219Z","@version":"1","message":"Sep 19 15:55:46 honeypot-sgp-1 sshd[1630]: Received disconnect from 118.101.192.62 port 60656:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:56:21 honeypot-fra-1 sshd[460]: Received disconnect from 154.92.18.35 port 55323:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:56:22.110Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:59:38 honeypot-ams-1 sshd[8709]: Disconnected from invalid user nxautomation 103.139.186.58 port 47366 [preauth]","@timestamp":"2022-09-19T15:59:39.237Z"}
{"@timestamp":"2022-09-19T16:01:39.361Z","@version":"1","message":"Sep 19 16:01:38 honeypot-sgp-1 sshd[1641]: Invalid user admin from 188.157.24.174 port 42290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:04:38.434Z","@version":"1","message":"Sep 19 16:04:38 honeypot-sgp-1 kernel: [84479579.387614] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41451 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:06:09 honeypot-ams-1 kernel: [84480148.006769] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.207.202.227 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=38034 PROTO=TCP SPT=58615 DPT=443 WINDOW=38025 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:06:09.408Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:08:10 honeypot-fra-1 kernel: [84478093.620144] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.172.184.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=57440 PROTO=TCP SPT=42207 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:08:10.373Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:12:13 honeypot-ams-1 sshd[8722]: Received disconnect from 61.177.173.52 port 23030:11:  [preauth]","@timestamp":"2022-09-19T16:12:13.572Z"}
{"@timestamp":"2022-09-19T16:16:44.723Z","@version":"1","message":"Sep 19 16:16:44 honeypot-sgp-1 sshd[1651]: Did not receive identification string from 45.61.187.160 port 58722","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:17:01 honeypot-fra-1 CRON[473]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T16:17:02.574Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:17:21.742Z","@version":"1","message":"Sep 19 16:17:20 honeypot-sgp-1 sshd[1657]: Invalid user user from 45.61.187.160 port 44828","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:40.751Z","@version":"1","message":"Sep 19 16:17:39 honeypot-sgp-1 sshd[1661]: Invalid user user from 45.61.187.160 port 39328","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:59.761Z","@version":"1","message":"Sep 19 16:17:58 honeypot-sgp-1 sshd[1665]: Invalid user user from 45.61.187.160 port 33820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:18:34 honeypot-fra-1 sshd[499]: Connection closed by authenticating user root 221.2.93.118 port 42047 [preauth]","@timestamp":"2022-09-19T16:18:34.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:19:09 honeypot-ams-1 sshd[8728]: Disconnected from authenticating user root 61.177.173.51 port 64051 [preauth]","@timestamp":"2022-09-19T16:19:10.754Z"}
{"@timestamp":"2022-09-19T16:21:15.840Z","@version":"1","message":"Sep 19 16:21:14 honeypot-sgp-1 kernel: [84480576.186981] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.20 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33589 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:24:54 honeypot-fra-1 sshd[507]: Disconnected from authenticating user root 121.136.39.210 port 58754 [preauth]","@timestamp":"2022-09-19T16:24:54.767Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:25:43 honeypot-ams-1 kernel: [84481321.992166] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.224.71.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=10270 DF PROTO=TCP SPT=8089 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:25:43.932Z"}
{"@timestamp":"2022-09-19T16:27:56.000Z","@version":"1","message":"Sep 19 16:27:55 honeypot-sgp-1 sshd[1674]: Received disconnect from 222.117.98.91 port 46954:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:49 honeypot-ams-1 sshd[8743]: Disconnected from authenticating user root 98.40.14.28 port 37080 [preauth]","@timestamp":"2022-09-19T16:29:50.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:53 honeypot-ams-1 sshd[8749]: Received disconnect from 98.40.14.28 port 37260:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:54.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:56 honeypot-ams-1 sshd[8755]: Received disconnect from 98.40.14.28 port 37480:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:57.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:59 honeypot-ams-1 sshd[8761]: Received disconnect from 98.40.14.28 port 37692:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:00.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:02 honeypot-ams-1 sshd[8767]: Received disconnect from 98.40.14.28 port 37874:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:03.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:05 honeypot-ams-1 sshd[8773]: Received disconnect from 98.40.14.28 port 38124:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:06.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:08 honeypot-ams-1 sshd[8779]: Received disconnect from 98.40.14.28 port 38372:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:09.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:11 honeypot-ams-1 sshd[8785]: Received disconnect from 98.40.14.28 port 38542:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:12.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:14 honeypot-ams-1 sshd[8791]: Received disconnect from 98.40.14.28 port 38710:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:15.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:18 honeypot-ams-1 sshd[8797]: Received disconnect from 98.40.14.28 port 38896:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:19.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:21 honeypot-ams-1 sshd[8803]: Invalid user admin from 98.40.14.28 port 39132","@timestamp":"2022-09-19T16:30:21.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:23 honeypot-ams-1 sshd[8807]: Invalid user admin from 98.40.14.28 port 39240","@timestamp":"2022-09-19T16:30:23.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:24 honeypot-ams-1 sshd[8811]: Invalid user admin from 98.40.14.28 port 39376","@timestamp":"2022-09-19T16:30:25.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:26 honeypot-ams-1 sshd[8815]: Invalid user admin from 98.40.14.28 port 39458","@timestamp":"2022-09-19T16:30:27.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:28 honeypot-ams-1 sshd[8819]: Invalid user admin from 98.40.14.28 port 39626","@timestamp":"2022-09-19T16:30:29.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:30 honeypot-ams-1 sshd[8823]: Invalid user user from 98.40.14.28 port 39786","@timestamp":"2022-09-19T16:30:31.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:33 honeypot-ams-1 sshd[8827]: Disconnected from authenticating user root 98.40.14.28 port 39958 [preauth]","@timestamp":"2022-09-19T16:30:34.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:35 honeypot-ams-1 sshd[8831]: Disconnected from invalid user pi 98.40.14.28 port 40106 [preauth]","@timestamp":"2022-09-19T16:30:35.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:36 honeypot-ams-1 sshd[8835]: Disconnected from invalid user ethos 98.40.14.28 port 40206 [preauth]","@timestamp":"2022-09-19T16:30:37.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:38 honeypot-ams-1 sshd[8839]: Disconnected from invalid user volumio 98.40.14.28 port 40332 [preauth]","@timestamp":"2022-09-19T16:30:39.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:40 honeypot-ams-1 sshd[8843]: Disconnected from invalid user nagios 98.40.14.28 port 40430 [preauth]","@timestamp":"2022-09-19T16:30:41.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:44 honeypot-ams-1 sshd[8847]: Disconnected from invalid user vagrant 98.40.14.28 port 40558 [preauth]","@timestamp":"2022-09-19T16:30:44.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:45 honeypot-ams-1 sshd[8852]: Disconnected from invalid user debian 98.40.14.28 port 40742 [preauth]","@timestamp":"2022-09-19T16:30:46.084Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:47 honeypot-ams-1 sshd[8856]: Disconnected from invalid user debian 98.40.14.28 port 40844 [preauth]","@timestamp":"2022-09-19T16:30:48.086Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:49 honeypot-ams-1 sshd[8860]: Disconnected from invalid user alarm 98.40.14.28 port 40972 [preauth]","@timestamp":"2022-09-19T16:30:50.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:51 honeypot-ams-1 sshd[8864]: Disconnected from invalid user test 98.40.14.28 port 41096 [preauth]","@timestamp":"2022-09-19T16:30:52.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:53 honeypot-ams-1 sshd[8868]: Disconnected from invalid user cirros 98.40.14.28 port 41198 [preauth]","@timestamp":"2022-09-19T16:30:54.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:36:14 honeypot-fra-1 kernel: [84479778.425288] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47446 PROTO=TCP SPT=45141 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:36:15.030Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:38:38 honeypot-ams-1 kernel: [84482097.074957] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.25.108.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=18610 PROTO=TCP SPT=24432 DPT=80 WINDOW=48297 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:38:38.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:38:51 honeypot-fra-1 kernel: [84479934.821948] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40887 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:38:52.092Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T16:39:12.269Z","@version":"1","message":"Sep 19 16:39:11 honeypot-sgp-1 kernel: [84481652.576087] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.181.112.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=65362 PROTO=TCP SPT=53307 DPT=80 WINDOW=51232 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:45:04 honeypot-fra-1 sshd[518]: Invalid user sheetal from 186.109.86.184 port 41722","@timestamp":"2022-09-19T16:45:04.231Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:45:08 honeypot-ams-1 sshd[8882]: Disconnected from authenticating user root 61.177.172.114 port 15467 [preauth]","@timestamp":"2022-09-19T16:45:09.463Z"}
{"@timestamp":"2022-09-19T16:47:05.459Z","@version":"1","message":"Sep 19 16:47:05 honeypot-sgp-1 sshd[1683]: Invalid user deploy from 47.181.159.172 port 40294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:47:15 honeypot-ams-1 sshd[8888]: Connection closed by authenticating user root 179.60.147.69 port 27838 [preauth]","@timestamp":"2022-09-19T16:47:15.523Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:48:40 honeypot-fra-1 kernel: [84480523.912209] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=65530 PROTO=TCP SPT=61003 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:48:41.315Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T16:50:46.549Z","@version":"1","message":"Sep 19 16:50:45 honeypot-sgp-1 sshd[1686]: Disconnected from authenticating user root 129.146.247.68 port 53528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:52:41.597Z","@version":"1","message":"Sep 19 16:52:41 honeypot-sgp-1 sshd[1690]: Invalid user joey from 162.19.64.25 port 43564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:53:41 honeypot-ams-1 sshd[8895]: Disconnected from invalid user postgres 177.91.250.132 port 35496 [preauth]","@timestamp":"2022-09-19T16:53:41.695Z"}
{"@timestamp":"2022-09-19T16:54:43.647Z","@version":"1","message":"Sep 19 16:54:43 honeypot-sgp-1 sshd[1694]: Invalid user mango from 89.250.148.154 port 56232","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:58:25.734Z","@version":"1","message":"Sep 19 16:58:25 honeypot-sgp-1 kernel: [84482806.611676] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=194.169.217.240 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=1392 DF PROTO=TCP SPT=12847 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:01:10 honeypot-fra-1 kernel: [84481273.691882] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.58 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=51130 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:01:10.592Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:01:31 honeypot-ams-1 sshd[8906]: Invalid user pradeep from 103.188.176.251 port 34220","@timestamp":"2022-09-19T17:01:31.907Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:02:14 honeypot-ams-1 sshd[8911]: Disconnected from authenticating user root 61.177.173.50 port 39894 [preauth]","@timestamp":"2022-09-19T17:02:14.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:07:37 honeypot-fra-1 kernel: [84481660.595999] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.102.95 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=51675 DF PROTO=TCP SPT=56306 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:07:37.734Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T17:09:02.009Z","@version":"1","message":"Sep 19 17:09:01 honeypot-sgp-1 CRON[1700]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:10:28 honeypot-ams-1 sshd[8919]: Received disconnect from 61.177.173.49 port 24195:11:  [preauth]","@timestamp":"2022-09-19T17:10:29.168Z"}
{"@timestamp":"2022-09-19T17:12:18.090Z","@version":"1","message":"Sep 19 17:12:17 honeypot-sgp-1 sshd[1706]: Connection closed by invalid user admin 137.184.48.78 port 42044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:12:22.092Z","@version":"1","message":"Sep 19 17:12:21 honeypot-sgp-1 sshd[1712]: Connection closed by invalid user admin 137.184.48.78 port 57124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:14:38 honeypot-fra-1 kernel: [84482082.027805] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.68 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=4590 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:14:38.889Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:15:58 honeypot-ams-1 sshd[8926]: Received disconnect from 61.177.173.37 port 45462:11:  [preauth]","@timestamp":"2022-09-19T17:15:59.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:17:16 honeypot-ams-1 sshd[8931]: Disconnected from invalid user system 110.49.17.95 port 35294 [preauth]","@timestamp":"2022-09-19T17:17:17.348Z"}
{"@timestamp":"2022-09-19T17:19:26.262Z","@version":"1","message":"Sep 19 17:19:25 honeypot-sgp-1 sshd[1718]: Received disconnect from 5.195.211.234 port 53438:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:23:13 honeypot-ams-1 sshd[8938]: Connection closed by authenticating user root 179.60.147.69 port 59388 [preauth]","@timestamp":"2022-09-19T17:23:14.503Z"}
{"@timestamp":"2022-09-19T17:27:49.461Z","@version":"1","message":"Sep 19 17:27:48 honeypot-sgp-1 sshd[1723]: Connection closed by authenticating user root 103.188.176.251 port 40042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:30:46 honeypot-ams-1 kernel: [84485225.228848] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=21789 PROTO=TCP SPT=48605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:30:46.699Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:31:01 honeypot-fra-1 kernel: [84483065.271173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.250.215.159 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15686 PROTO=TCP SPT=51870 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:31:02.249Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:36:08 honeypot-fra-1 sshd[546]: Disconnected from invalid user ouc 103.63.212.91 port 41284 [preauth]","@timestamp":"2022-09-19T17:36:09.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:37:56.719Z","@version":"1","message":"Sep 19 17:37:56 honeypot-sgp-1 sshd[1730]: Invalid user user from 45.61.184.204 port 53684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:16.729Z","@version":"1","message":"Sep 19 17:38:15 honeypot-sgp-1 sshd[1734]: Invalid user user from 45.61.184.204 port 48944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:33.736Z","@version":"1","message":"Sep 19 17:38:33 honeypot-sgp-1 sshd[1738]: Invalid user user from 45.61.184.204 port 44202","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:50.744Z","@version":"1","message":"Sep 19 17:38:50 honeypot-sgp-1 sshd[1742]: Connection closed by 45.61.184.204 port 39466 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:39:01 honeypot-ams-1 sshd[8952]: Received disconnect from 61.177.173.36 port 25536:11:  [preauth]","@timestamp":"2022-09-19T17:39:01.914Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:40:41 honeypot-ams-1 sshd[8957]: Received disconnect from 41.85.251.8 port 59898:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:40:41.960Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:45:22 honeypot-fra-1 sshd[551]: Invalid user cyrille from 36.91.119.221 port 52488","@timestamp":"2022-09-19T17:45:22.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:45:51 honeypot-ams-1 sshd[8964]: Disconnected from invalid user es 192.18.136.28 port 45042 [preauth]","@timestamp":"2022-09-19T17:45:52.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:46:40 honeypot-fra-1 sshd[553]: Disconnected from invalid user testuser 167.172.159.73 port 46100 [preauth]","@timestamp":"2022-09-19T17:46:40.594Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:46:51.931Z","@version":"1","message":"Sep 19 17:46:51 honeypot-sgp-1 kernel: [84485712.641543] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=50562 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:48:15 honeypot-fra-1 sshd[558]: Received disconnect from 129.205.124.253 port 40168:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:48:15.631Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[576]: Invalid user admin from 57.128.11.39 port 33688","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[574]: Invalid user ubuntu from 57.128.11.39 port 33692","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[585]: Invalid user ubuntu from 57.128.11.39 port 33770","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[569]: Connection closed by authenticating user root 57.128.11.39 port 33776 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[581]: Connection closed by invalid user hadoop 57.128.11.39 port 33732 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[583]: Connection closed by invalid user admin 57.128.11.39 port 33748 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[586]: Invalid user admin from 57.128.11.39 port 33760","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[615]: Connection closed by invalid user elastic 57.128.11.39 port 33678 [preauth]","@timestamp":"2022-09-19T17:49:52.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:50:08 honeypot-ams-1 sshd[8971]: Received disconnect from 134.122.123.117 port 52868:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:50:09.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:50:58 honeypot-ams-1 sshd[8976]: Disconnected from authenticating user root 134.122.123.117 port 60244 [preauth]","@timestamp":"2022-09-19T17:50:59.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:51:46 honeypot-ams-1 sshd[8982]: Disconnected from authenticating user root 61.177.173.36 port 24007 [preauth]","@timestamp":"2022-09-19T17:51:47.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:52:26 honeypot-ams-1 sshd[8988]: Disconnected from authenticating user root 61.177.172.108 port 38741 [preauth]","@timestamp":"2022-09-19T17:52:27.281Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:53:20 honeypot-ams-1 sshd[8994]: Received disconnect from 134.122.123.117 port 52082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:53:21.308Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:07 honeypot-ams-1 sshd[8998]: Received disconnect from 134.122.123.117 port 58818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:54:07.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:53 honeypot-ams-1 sshd[9002]: Received disconnect from 134.122.123.117 port 37330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:54:54.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:55:40 honeypot-ams-1 sshd[9006]: Received disconnect from 134.122.123.117 port 43918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:55:40.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:26 honeypot-ams-1 sshd[9011]: Received disconnect from 134.122.123.117 port 50564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:56:26.396Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:11 honeypot-ams-1 sshd[9015]: Received disconnect from 134.122.123.117 port 57332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:57:12.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:57 honeypot-ams-1 sshd[9019]: Disconnected from authenticating user root 217.237.114.97 port 17947 [preauth]","@timestamp":"2022-09-19T17:57:57.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:58:20 honeypot-ams-1 sshd[9024]: Received disconnect from 134.122.123.117 port 38984:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:58:20.452Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:06 honeypot-ams-1 sshd[9028]: Invalid user ftpadmin from 134.122.123.117 port 45762","@timestamp":"2022-09-19T17:59:06.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:15 honeypot-ams-1 sshd[9032]: Invalid user USERID from 179.60.147.69 port 52962","@timestamp":"2022-09-19T17:59:16.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:59:33 honeypot-fra-1 sshd[624]: Invalid user rescue from 92.255.85.70 port 41824","@timestamp":"2022-09-19T17:59:33.883Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:52 honeypot-ams-1 sshd[9038]: Received disconnect from 134.122.123.117 port 52312:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:59:53.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:20 honeypot-ams-1 sshd[9042]: Received disconnect from 43.133.6.150 port 49718:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:00:20.515Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:01:02 honeypot-ams-1 sshd[9046]: Invalid user weblogic from 134.122.123.117 port 34098","@timestamp":"2022-09-19T18:01:03.537Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:03:50 honeypot-ams-1 kernel: [84487209.406326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.108.124.79 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=38529 PROTO=TCP SPT=30725 DPT=80 WINDOW=8070 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:03:51.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:05:35 honeypot-ams-1 sshd[9055]: Connection closed by invalid user newftpuser 137.116.144.39 port 42886 [preauth]","@timestamp":"2022-09-19T18:05:36.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:06:22 honeypot-fra-1 sshd[627]: Disconnected from authenticating user root 161.35.138.131 port 37200 [preauth]","@timestamp":"2022-09-19T18:06:23.032Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:08:11.425Z","@version":"1","message":"Sep 19 18:08:10 honeypot-sgp-1 sshd[1825]: Invalid user rescue from 92.255.85.69 port 42144","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:08:43 honeypot-ams-1 sshd[9069]: Received disconnect from 143.110.236.239 port 47914:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:08:43.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:13:15 honeypot-fra-1 kernel: [84485598.728345] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.31 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39526 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:13:16.179Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T18:15:18.592Z","@version":"1","message":"Sep 19 18:15:17 honeypot-sgp-1 kernel: [84487419.137426] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.50 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59092 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:16:01 honeypot-ams-1 sshd[9074]: Disconnected from authenticating user root 61.177.173.46 port 27768 [preauth]","@timestamp":"2022-09-19T18:16:01.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:17:22 honeypot-ams-1 sshd[9079]: Disconnected from authenticating user root 61.177.173.35 port 29729 [preauth]","@timestamp":"2022-09-19T18:17:22.975Z"}
{"@timestamp":"2022-09-19T18:19:12.685Z","@version":"1","message":"Sep 19 18:19:12 honeypot-sgp-1 sshd[1835]: Received disconnect from 45.61.184.204 port 40560:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:31.695Z","@version":"1","message":"Sep 19 18:19:31 honeypot-sgp-1 sshd[1839]: Received disconnect from 45.61.184.204 port 35390:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:50.704Z","@version":"1","message":"Sep 19 18:19:50 honeypot-sgp-1 sshd[1843]: Received disconnect from 45.61.184.204 port 58512:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:20:07.712Z","@version":"1","message":"Sep 19 18:20:07 honeypot-sgp-1 sshd[1847]: Received disconnect from 45.61.184.204 port 53332:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:21:34 honeypot-fra-1 sshd[636]: Did not receive identification string from 14.45.86.179 port 6251","@timestamp":"2022-09-19T18:21:35.361Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:23:38 honeypot-ams-1 sshd[9084]: Disconnected from authenticating user root 218.92.0.221 port 63424 [preauth]","@timestamp":"2022-09-19T18:23:39.157Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:26:38 honeypot-fra-1 sshd[642]: Did not receive identification string from 218.57.73.174 port 41542","@timestamp":"2022-09-19T18:26:39.472Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:28:43.914Z","@version":"1","message":"Sep 19 18:28:43 honeypot-sgp-1 kernel: [84488225.068062] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=45126 PROTO=TCP SPT=52114 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:31:18 honeypot-fra-1 kernel: [84486681.667167] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=16374 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:31:18.575Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:35:16 honeypot-ams-1 sshd[9094]: Connection closed by authenticating user root 179.60.147.69 port 35278 [preauth]","@timestamp":"2022-09-19T18:35:16.482Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:35:30 honeypot-fra-1 sshd[662]: Invalid user pi from 101.33.218.153 port 10518","@timestamp":"2022-09-19T18:35:30.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:39:19 honeypot-ams-1 sshd[9100]: Did not receive identification string from 45.61.186.249 port 55708","@timestamp":"2022-09-19T18:39:19.591Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:39:35 honeypot-fra-1 sshd[684]: Invalid user jugo from 51.91.35.137 port 41198","@timestamp":"2022-09-19T18:39:35.759Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:39:53 honeypot-ams-1 sshd[9103]: Received disconnect from 45.61.186.249 port 44034:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:39:53.608Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:12 honeypot-ams-1 sshd[9109]: Received disconnect from 45.61.186.249 port 39012:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:40:12.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:29 honeypot-ams-1 sshd[9114]: Invalid user user from 45.61.186.249 port 34004","@timestamp":"2022-09-19T18:40:30.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:38 honeypot-ams-1 sshd[9118]: Received disconnect from 45.61.186.249 port 45614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:40:39.633Z"}
{"@timestamp":"2022-09-19T18:40:52.197Z","@version":"1","message":"Sep 19 18:40:51 honeypot-sgp-1 sshd[1858]: Invalid user amane from 82.196.113.78 port 26016","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:42:17 honeypot-fra-1 kernel: [84487341.014575] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=58937 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:42:18.820Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T18:45:17.301Z","@version":"1","message":"Sep 19 18:45:16 honeypot-sgp-1 sshd[1861]: Invalid user bn from 161.35.112.155 port 49344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:49:11 honeypot-ams-1 sshd[9126]: Received disconnect from 180.250.248.169 port 49266:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:49:11.859Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:49:58 honeypot-fra-1 kernel: [84487801.840740] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.218.114.197 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=9609 PROTO=TCP SPT=58617 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:49:58.991Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T18:50:24.418Z","@version":"1","message":"Sep 19 18:50:23 honeypot-sgp-1 sshd[1865]: Received disconnect from 92.255.85.70 port 44790:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:50:45 honeypot-ams-1 sshd[9135]: Invalid user backups from 92.255.85.70 port 41690","@timestamp":"2022-09-19T18:50:45.902Z"}
{"@timestamp":"2022-09-19T18:51:52.477Z","@version":"1","message":"Sep 19 18:51:52 honeypot-sgp-1 sshd[1869]: Disconnected from authenticating user root 206.42.39.53 port 40692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:53:14 honeypot-ams-1 kernel: [84490172.831730] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.183.58.121 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=25674 PROTO=TCP SPT=62353 DPT=443 WINDOW=41931 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:53:14.969Z"}
{"@timestamp":"2022-09-19T18:55:38.565Z","@version":"1","message":"Sep 19 18:55:38 honeypot-sgp-1 sshd[1874]: Connection closed by 66.240.236.116 port 60928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:57:12 honeypot-ams-1 sshd[9142]: Disconnected from authenticating user root 61.177.173.37 port 64926 [preauth]","@timestamp":"2022-09-19T18:57:13.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:58:05 honeypot-fra-1 kernel: [84488288.999020] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.114.105.206 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=34739 PROTO=TCP SPT=48209 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:58:06.180Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:02:48 honeypot-fra-1 kernel: [84488571.267624] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.69.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27144 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:02:48.285Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T19:04:20.763Z","@version":"1","message":"Sep 19 19:04:20 honeypot-sgp-1 sshd[1881]: Received disconnect from 102.219.33.70 port 33382:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:04:29 honeypot-ams-1 sshd[9147]: Disconnected from authenticating user root 154.72.194.207 port 51508 [preauth]","@timestamp":"2022-09-19T19:04:30.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:06:52 honeypot-fra-1 sshd[703]: Connection closed by 66.240.236.109 port 45604 [preauth]","@timestamp":"2022-09-19T19:06:53.376Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:09:14.878Z","@version":"1","message":"Sep 19 19:09:14 honeypot-sgp-1 sshd[1887]: Invalid user user from 45.61.184.204 port 42256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:33.888Z","@version":"1","message":"Sep 19 19:09:32 honeypot-sgp-1 kernel: [84490674.075583] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=18430 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:43.892Z","@version":"1","message":"Sep 19 19:09:43 honeypot-sgp-1 sshd[1893]: Received disconnect from 45.61.184.204 port 48794:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:10:01.901Z","@version":"1","message":"Sep 19 19:10:01 honeypot-sgp-1 sshd[1897]: Received disconnect from 45.61.184.204 port 43748:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:11:10.929Z","@version":"1","message":"Sep 19 19:11:10 honeypot-sgp-1 kernel: [84490772.046021] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.59.45.164 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=42814 PROTO=TCP SPT=61953 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:11:38 honeypot-ams-1 sshd[9157]: Connection closed by authenticating user root 179.60.147.69 port 53572 [preauth]","@timestamp":"2022-09-19T19:11:39.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:17:01 honeypot-ams-1 CRON[9162]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T19:17:02.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:17:01 honeypot-fra-1 CRON[712]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T19:17:02.608Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:18:54.107Z","@version":"1","message":"Sep 19 19:18:53 honeypot-sgp-1 sshd[1908]: Disconnected from invalid user ppp 92.255.85.69 port 49358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:20:47 honeypot-ams-1 kernel: [84491825.989210] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.74.60.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30098 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:20:47.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:21:12 honeypot-fra-1 sshd[731]: Received disconnect from 179.218.198.83 port 11498:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:21:12.702Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:24:26 honeypot-ams-1 sshd[9176]: Received disconnect from 46.101.47.30 port 60854:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:24:26.805Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:25:28 honeypot-fra-1 sshd[736]: Connection closed by invalid user pi 212.5.153.79 port 34124 [preauth]","@timestamp":"2022-09-19T19:25:29.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:29:23 honeypot-ams-1 kernel: [84492342.653920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.191.50.31 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=51753 DF PROTO=TCP SPT=38648 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:29:23.940Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:34:37 honeypot-fra-1 sshd[743]: Disconnected from authenticating user root 223.197.125.110 port 40642 [preauth]","@timestamp":"2022-09-19T19:34:38.004Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:36:39.508Z","@version":"1","message":"Sep 19 19:36:39 honeypot-sgp-1 sshd[1918]: Invalid user hoshii from 167.71.48.136 port 36958","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:37:46 honeypot-fra-1 sshd[750]: Received disconnect from 107.172.219.107 port 42906:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:37:47.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:39:22 honeypot-fra-1 sshd[754]: Received disconnect from 167.71.136.141 port 34282:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:39:23.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:41:12 honeypot-ams-1 kernel: [84493051.368371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=45655 PROTO=TCP SPT=44924 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:41:13.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:41:30 honeypot-fra-1 sshd[758]: Received disconnect from 196.223.153.253 port 45064:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:41:31.162Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:45:24 honeypot-fra-1 sshd[763]: Connection closed by authenticating user root 179.60.147.69 port 2332 [preauth]","@timestamp":"2022-09-19T19:45:25.247Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:46:37.735Z","@version":"1","message":"Sep 19 19:46:37 honeypot-sgp-1 sshd[1925]: Connection closed by 167.248.133.120 port 33434 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[772]: Invalid user elastic from 103.164.34.122 port 56674","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[774]: Invalid user ubuntu from 103.164.34.122 port 56662","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[781]: Connection closed by authenticating user root 103.164.34.122 port 56696 [preauth]","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[777]: Connection closed by invalid user postgres 103.164.34.122 port 56640 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[776]: Connection closed by authenticating user root 103.164.34.122 port 56692 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[778]: Connection closed by authenticating user root 103.164.34.122 port 56708 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[786]: Connection closed by invalid user testuser 103.164.34.122 port 56642 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[797]: Connection closed by authenticating user root 103.164.34.122 port 56694 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:51:31 honeypot-ams-1 sshd[9208]: Received disconnect from 61.177.173.50 port 48889:11:  [preauth]","@timestamp":"2022-09-19T19:51:32.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:52:19 honeypot-fra-1 kernel: [84491542.320819] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=42746 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:52:19.403Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:53:15 honeypot-ams-1 kernel: [84493774.303021] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=142.93.245.175 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=42423 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:53:16.560Z"}
{"@timestamp":"2022-09-19T19:56:54.970Z","@version":"1","message":"Sep 19 19:56:54 honeypot-sgp-1 kernel: [84493515.596501] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=245 ID=7221 PROTO=TCP SPT=19159 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:04:10 honeypot-ams-1 sshd[9220]: Disconnected from authenticating user root 61.177.172.104 port 19427 [preauth]","@timestamp":"2022-09-19T20:04:10.845Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:05:52 honeypot-fra-1 sshd[836]: Received disconnect from 45.61.186.49 port 56302:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T20:05:52.714Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:06:02 honeypot-fra-1 sshd[840]: Received disconnect from 45.61.186.49 port 39622:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T20:06:03.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:07:22 honeypot-fra-1 kernel: [84492445.612286] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.218.114.197 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=63244 PROTO=TCP SPT=58617 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:07:22.749Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:13:42 honeypot-ams-1 kernel: [84495000.776101] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=13.76.185.127 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=38670 PROTO=TCP SPT=18486 DPT=443 WINDOW=9302 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:13:42.093Z"}
{"@timestamp":"2022-09-19T20:14:41.386Z","@version":"1","message":"Sep 19 20:14:41 honeypot-sgp-1 sshd[1935]: Disconnected from authenticating user root 92.255.85.70 port 35372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:17:01 honeypot-fra-1 CRON[849]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T20:17:01.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:18:16 honeypot-ams-1 kernel: [84495275.176512] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=65064 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:18:17.217Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:23:38 honeypot-ams-1 sshd[9242]: Connection closed by invalid user admin 179.60.147.69 port 39338 [preauth]","@timestamp":"2022-09-19T20:23:38.360Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[868]: Invalid user test from 178.89.108.11 port 60198","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[866]: Invalid user testuser from 178.89.108.11 port 60126","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[867]: Connection closed by invalid user admin 178.89.108.11 port 60142 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[890]: Invalid user admin from 178.89.108.11 port 60190","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[891]: Invalid user test from 178.89.108.11 port 60124","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[861]: Connection closed by invalid user admin 178.89.108.11 port 60206 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[877]: Connection closed by authenticating user root 178.89.108.11 port 60138 [preauth]","@timestamp":"2022-09-19T20:26:02.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[889]: Connection closed by invalid user ubuntu 178.89.108.11 port 60208 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[881]: Connection closed by authenticating user root 178.89.108.11 port 60152 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:31:03 honeypot-fra-1 sshd[923]: Received disconnect from 45.55.44.110 port 54514:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:31:04.293Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:31:32 honeypot-ams-1 sshd[9248]: Disconnected from authenticating user root 61.177.173.50 port 19929 [preauth]","@timestamp":"2022-09-19T20:31:32.564Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:38:49 honeypot-fra-1 kernel: [84494332.798261] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=61546 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:38:50.462Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:39:46 honeypot-ams-1 sshd[9258]: Received disconnect from 61.177.173.47 port 17117:11:  [preauth]","@timestamp":"2022-09-19T20:39:46.778Z"}
{"@timestamp":"2022-09-19T20:40:44.992Z","@version":"1","message":"Sep 19 20:40:44 honeypot-sgp-1 kernel: [84496145.746221] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=165.232.136.15 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46787 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:45:06 honeypot-ams-1 sshd[9265]: Invalid user admin from 92.255.85.70 port 62670","@timestamp":"2022-09-19T20:45:06.922Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:53:01 honeypot-ams-1 sshd[9276]: Invalid user webin from 202.83.17.205 port 58478","@timestamp":"2022-09-19T20:53:02.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:54:17 honeypot-ams-1 sshd[9280]: Received disconnect from 37.139.15.214 port 46374:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:54:18.163Z"}
{"@timestamp":"2022-09-19T20:55:31.330Z","@version":"1","message":"Sep 19 20:55:30 honeypot-sgp-1 sshd[1950]: Invalid user dbuser from 161.35.112.155 port 60436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:58:57 honeypot-ams-1 sshd[9285]: Disconnected from invalid user vhost 128.199.52.45 port 36256 [preauth]","@timestamp":"2022-09-19T20:58:58.284Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:02:08 honeypot-fra-1 kernel: [84495731.254661] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.79.226 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=35740 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T21:02:08.970Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:05:00 honeypot-ams-1 sshd[9297]: Received disconnect from 110.164.133.148 port 47160:11: Bye Bye [preauth]","@timestamp":"2022-09-19T21:05:00.443Z"}
{"@timestamp":"2022-09-19T21:06:08.574Z","@version":"1","message":"Sep 19 21:06:08 honeypot-sgp-1 kernel: [84497669.062639] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=226 ID=58895 PROTO=TCP SPT=41203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:18 honeypot-fra-1 sshd[938]: Invalid user mouzj from 95.217.159.3 port 40042","@timestamp":"2022-09-19T21:07:19.090Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:11 honeypot-fra-1 sshd[4651]: Received disconnect from 45.61.187.160 port 49084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:16:11.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:34 honeypot-fra-1 sshd[4655]: Received disconnect from 45.61.187.160 port 43944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:16:34.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:16:53 honeypot-fra-1 sshd[4659]: Received disconnect from 45.61.187.160 port 38798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:16:54.611Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:17:01.602Z","@version":"1","message":"Sep 13 00:17:01 honeypot-sgp-1 CRON[9276]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:17:02 honeypot-fra-1 sshd[4664]: Disconnected from invalid user user 45.61.187.160 port 50346 [preauth]","@timestamp":"2022-09-13T00:17:03.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:18:17 honeypot-fra-1 sshd[4668]: Invalid user ps from 103.188.176.251 port 57822","@timestamp":"2022-09-13T00:18:17.647Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:23:32 honeypot-ams-1 sshd[14028]: Disconnected from authenticating user root 61.177.173.51 port 41623 [preauth]","@timestamp":"2022-09-13T00:23:32.244Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:29:09 honeypot-fra-1 sshd[4676]: Invalid user user from 65.34.131.66 port 57140","@timestamp":"2022-09-13T00:29:09.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:30:58 honeypot-fra-1 sshd[4679]: Connection closed by 192.241.216.10 port 55574 [preauth]","@timestamp":"2022-09-13T00:30:58.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:10 honeypot-fra-1 sshd[4685]: Disconnected from invalid user user 45.61.186.249 port 45784 [preauth]","@timestamp":"2022-09-13T00:31:10.957Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:31:14 honeypot-ams-1 sshd[14036]: Received disconnect from 92.255.85.70 port 31258:11: Bye Bye [preauth]","@timestamp":"2022-09-13T00:31:14.449Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:26 honeypot-fra-1 sshd[4689]: Disconnected from invalid user user 45.61.186.249 port 40212 [preauth]","@timestamp":"2022-09-13T00:31:26.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:31:42 honeypot-fra-1 sshd[4693]: Disconnected from invalid user user 45.61.186.249 port 34668 [preauth]","@timestamp":"2022-09-13T00:31:42.973Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T00:33:39.990Z","@version":"1","message":"Sep 13 00:33:39 honeypot-sgp-1 sshd[9285]: Invalid user tobin from 103.38.4.238 port 39288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T00:34:46.019Z","@version":"1","message":"Sep 13 00:34:45 honeypot-sgp-1 sshd[9289]: Received disconnect from 142.93.8.99 port 47722:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 00:38:49 honeypot-ams-1 kernel: [83906113.898749] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.39 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=53040 PROTO=TCP SPT=34065 DPT=389 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:38:49.647Z"}
{"@timestamp":"2022-09-13T00:39:18.148Z","@version":"1","message":"Sep 13 00:39:17 honeypot-sgp-1 kernel: [83905668.321127] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.16.149.255 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=52490 DF PROTO=TCP SPT=41012 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:41:35 honeypot-fra-1 sshd[4699]: Received disconnect from 165.22.45.108 port 48716:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T00:41:36.202Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 00:49:00 honeypot-fra-1 kernel: [83904565.663279] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=49407 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T00:49:01.376Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T00:49:34.393Z","@version":"1","message":"Sep 13 00:49:33 honeypot-sgp-1 sshd[9300]: Received disconnect from 92.255.85.69 port 30442:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:50:58 honeypot-ams-1 sshd[14064]: Received disconnect from 61.177.173.50 port 62131:11:  [preauth]","@timestamp":"2022-09-13T00:50:58.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:55:47 honeypot-ams-1 sshd[14072]: Did not receive identification string from 141.255.162.226 port 34262","@timestamp":"2022-09-13T00:55:48.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:06 honeypot-ams-1 sshd[14077]: Disconnected from invalid user user 141.255.162.226 port 51726 [preauth]","@timestamp":"2022-09-13T00:56:07.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:56:11 honeypot-ams-1 sshd[14081]: Disconnected from invalid user user 141.255.162.226 port 58224 [preauth]","@timestamp":"2022-09-13T00:56:12.109Z"}
{"@timestamp":"2022-09-13T00:58:47.613Z","@version":"1","message":"Sep 13 00:58:47 honeypot-sgp-1 sshd[9307]: Disconnected from authenticating user root 103.9.36.69 port 35302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 00:59:15 honeypot-ams-1 sshd[14085]: Disconnected from authenticating user root 61.177.172.124 port 15344 [preauth]","@timestamp":"2022-09-13T00:59:16.191Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:03:38 honeypot-fra-1 sshd[4709]: Did not receive identification string from 45.61.187.160 port 43108","@timestamp":"2022-09-13T01:03:38.711Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:10 honeypot-fra-1 sshd[4712]: Disconnected from invalid user user 45.61.187.160 port 38480 [preauth]","@timestamp":"2022-09-13T01:04:10.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:28 honeypot-fra-1 sshd[4716]: Disconnected from invalid user user 45.61.187.160 port 33236 [preauth]","@timestamp":"2022-09-13T01:04:29.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:04:46 honeypot-fra-1 sshd[4720]: Disconnected from invalid user user 45.61.187.160 port 56222 [preauth]","@timestamp":"2022-09-13T01:04:46.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:06:36 honeypot-ams-1 sshd[14092]: Disconnected from invalid user hadoop 117.102.82.42 port 48942 [preauth]","@timestamp":"2022-09-13T01:06:36.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:08:14 honeypot-fra-1 kernel: [83905719.664248] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=40871 PROTO=TCP SPT=40581 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:08:14.824Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:09:45 honeypot-ams-1 sshd[14098]: Disconnected from authenticating user root 61.177.173.49 port 17205 [preauth]","@timestamp":"2022-09-13T01:09:45.478Z"}
{"@timestamp":"2022-09-13T01:10:46.897Z","@version":"1","message":"Sep 13 01:10:46 honeypot-sgp-1 sshd[9314]: Received disconnect from 182.50.65.146 port 50576:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:11:35 honeypot-ams-1 sshd[14103]: Disconnected from invalid user test 95.71.91.87 port 48602 [preauth]","@timestamp":"2022-09-13T01:11:35.537Z"}
{"@timestamp":"2022-09-13T01:12:49.947Z","@version":"1","message":"Sep 13 01:12:49 honeypot-sgp-1 sshd[9319]: Disconnected from authenticating user root 92.255.85.70 port 26158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:14:20 honeypot-ams-1 sshd[14109]: Disconnected from authenticating user root 134.0.193.138 port 35880 [preauth]","@timestamp":"2022-09-13T01:14:20.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:15:09 honeypot-ams-1 sshd[14113]: Disconnected from invalid user undernet 137.184.183.159 port 51140 [preauth]","@timestamp":"2022-09-13T01:15:09.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:18:08 honeypot-ams-1 sshd[14121]: Received disconnect from 92.255.85.70 port 39616:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:18:09.711Z"}
{"@timestamp":"2022-09-13T01:21:22.172Z","@version":"1","message":"Sep 13 01:21:21 honeypot-sgp-1 sshd[9326]: Received disconnect from 95.161.97.113 port 50594:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:21:59 honeypot-fra-1 sshd[4733]: Invalid user kmrr from 165.22.45.108 port 53682","@timestamp":"2022-09-13T01:22:00.133Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T01:23:32.227Z","@version":"1","message":"Sep 13 01:23:31 honeypot-sgp-1 sshd[9332]: Disconnected from authenticating user root 178.128.19.209 port 60782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:28:29 honeypot-ams-1 sshd[14130]: Received disconnect from 61.177.173.51 port 37694:11:  [preauth]","@timestamp":"2022-09-13T01:28:30.637Z"}
{"@timestamp":"2022-09-13T01:29:05.361Z","@version":"1","message":"Sep 13 01:29:04 honeypot-sgp-1 sshd[9335]: Disconnected from invalid user eddie 168.232.123.171 port 51505 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:31:47 honeypot-ams-1 sshd[14137]: Received disconnect from 61.177.172.108 port 20222:11:  [preauth]","@timestamp":"2022-09-13T01:31:47.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:32:36 honeypot-ams-1 sshd[14142]: Disconnected from invalid user adlina 31.27.35.138 port 42268 [preauth]","@timestamp":"2022-09-13T01:32:36.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:35:16 honeypot-fra-1 sshd[4741]: Received disconnect from 178.128.5.231 port 38726:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:35:17.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:38:31 honeypot-fra-1 sshd[4745]: Disconnected from authenticating user root 92.255.85.70 port 41684 [preauth]","@timestamp":"2022-09-13T01:38:32.502Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:42:48 honeypot-ams-1 kernel: [83909952.564383] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.86.37.37 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=29445 PROTO=TCP SPT=55091 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:42:49.021Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:44:33 honeypot-fra-1 sshd[4750]: Connection closed by invalid user support 95.173.1.112 port 41358 [preauth]","@timestamp":"2022-09-13T01:44:33.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 01:46:06 honeypot-ams-1 sshd[14158]: Received disconnect from 207.154.244.110 port 51656:11: Bye Bye [preauth]","@timestamp":"2022-09-13T01:46:07.114Z"}
{"@timestamp":"2022-09-13T01:46:55.784Z","@version":"1","message":"Sep 13 01:46:55 honeypot-sgp-1 sshd[9343]: Received disconnect from 187.59.198.249 port 36199:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 01:50:40 honeypot-ams-1 kernel: [83910424.342097] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=35986 PROTO=TCP SPT=52814 DPT=80 WINDOW=34318 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T01:50:40.238Z"}
{"@timestamp":"2022-09-13T01:59:13.085Z","@version":"1","message":"Sep 13 01:59:13 honeypot-sgp-1 sshd[9353]: Disconnected from authenticating user root 92.255.85.70 port 27286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 01:59:22 honeypot-fra-1 sshd[4754]: Connection closed by invalid user blank 179.60.147.69 port 65124 [preauth]","@timestamp":"2022-09-13T01:59:22.963Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T02:00:13.114Z","@version":"1","message":"Sep 13 02:00:12 honeypot-sgp-1 sshd[9359]: Received disconnect from 45.61.184.204 port 43000:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:32.123Z","@version":"1","message":"Sep 13 02:00:31 honeypot-sgp-1 sshd[9363]: Received disconnect from 45.61.184.204 port 37324:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:00:49.132Z","@version":"1","message":"Sep 13 02:00:48 honeypot-sgp-1 sshd[9367]: Received disconnect from 45.61.184.204 port 59898:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:01:33 honeypot-ams-1 sshd[14173]: Received disconnect from 61.177.173.35 port 43601:11:  [preauth]","@timestamp":"2022-09-13T02:01:34.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:02:00 honeypot-fra-1 sshd[4760]: Received disconnect from 165.22.45.108 port 58604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:02:01.024Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:04:46 honeypot-ams-1 sshd[14177]: Disconnected from authenticating user root 61.177.173.49 port 39770 [preauth]","@timestamp":"2022-09-13T02:04:46.615Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:09:27 honeypot-fra-1 sshd[4768]: Received disconnect from 187.109.253.246 port 52262:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:09:28.194Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:10:42 honeypot-ams-1 kernel: [83911626.735221] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.11.57.48 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=15212 PROTO=TCP SPT=59886 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:10:42.775Z"}
{"@timestamp":"2022-09-13T02:13:38.470Z","@version":"1","message":"Sep 13 02:13:38 honeypot-sgp-1 kernel: [83911328.795295] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=40068 PROTO=TCP SPT=55206 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:17:01 honeypot-ams-1 CRON[14189]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T02:17:01.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:17:01 honeypot-fra-1 CRON[4773]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T02:17:02.362Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T02:22:13.676Z","@version":"1","message":"Sep 13 02:22:13 honeypot-sgp-1 sshd[9376]: Disconnected from authenticating user root 92.255.85.70 port 46214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:23:55 honeypot-ams-1 sshd[14201]: Disconnected from 206.189.197.134 port 43332 [preauth]","@timestamp":"2022-09-13T02:23:55.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:10 honeypot-ams-1 sshd[14206]: Invalid user user from 45.61.187.160 port 36566","@timestamp":"2022-09-13T02:25:11.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:29 honeypot-ams-1 sshd[14210]: Invalid user user from 45.61.187.160 port 59388","@timestamp":"2022-09-13T02:25:30.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:25:51 honeypot-ams-1 sshd[14214]: Invalid user user from 45.61.187.160 port 53972","@timestamp":"2022-09-13T02:25:51.189Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:27:31 honeypot-ams-1 kernel: [83912635.949766] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=21725 PROTO=TCP SPT=53573 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:27:32.235Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:28:01 honeypot-fra-1 kernel: [83910506.208604] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.171.1.102 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=30101 DF PROTO=TCP SPT=59641 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T02:28:01.626Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:29:15 honeypot-ams-1 sshd[14223]: Received disconnect from 139.59.186.183 port 39318:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:29:15.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:32:05 honeypot-ams-1 sshd[14229]: Invalid user teamspeak from 164.92.129.174 port 35714","@timestamp":"2022-09-13T02:32:06.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:32:34 honeypot-ams-1 sshd[14235]: Received disconnect from 160.251.19.178 port 49080:11: Bye Bye [preauth]","@timestamp":"2022-09-13T02:32:34.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:36:03 honeypot-fra-1 sshd[4788]: Connection closed by invalid user centos 179.60.147.69 port 12662 [preauth]","@timestamp":"2022-09-13T02:36:03.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:37:53 honeypot-ams-1 sshd[14240]: Disconnected from authenticating user root 203.95.222.26 port 50976 [preauth]","@timestamp":"2022-09-13T02:37:53.539Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:39:46 honeypot-ams-1 sshd[14247]: Received disconnect from 80.76.51.46 port 36602:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:39:46.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:40:30 honeypot-ams-1 sshd[14253]: Received disconnect from 80.76.51.46 port 54870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:40:30.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:12 honeypot-ams-1 sshd[14260]: Received disconnect from 80.76.51.46 port 44738:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:41:12.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:41:40 honeypot-ams-1 sshd[14266]: Received disconnect from 80.76.51.46 port 38096:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:41:40.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:07 honeypot-ams-1 sshd[14270]: Disconnected from invalid user test 80.76.51.46 port 59660 [preauth]","@timestamp":"2022-09-13T02:42:08.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:42:17 honeypot-fra-1 sshd[4793]: Invalid user knight from 165.22.45.108 port 35282","@timestamp":"2022-09-13T02:42:17.949Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T02:42:18.199Z","@version":"1","message":"Sep 13 02:42:17 honeypot-sgp-1 sshd[9383]: Invalid user hug from 178.62.200.235 port 38702","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:42:35 honeypot-ams-1 sshd[14274]: Disconnected from invalid user testuser 80.76.51.46 port 53016 [preauth]","@timestamp":"2022-09-13T02:42:36.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:03 honeypot-ams-1 sshd[14278]: Disconnected from invalid user ubuntu 80.76.51.46 port 46548 [preauth]","@timestamp":"2022-09-13T02:43:04.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:43:31 honeypot-ams-1 sshd[14282]: Disconnected from invalid user ubuntu 80.76.51.46 port 39664 [preauth]","@timestamp":"2022-09-13T02:43:31.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:13 honeypot-ams-1 sshd[14288]: Received disconnect from 80.76.51.46 port 57870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:44:13.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:44:40 honeypot-ams-1 sshd[14292]: Disconnected from authenticating user root 80.76.51.46 port 51314 [preauth]","@timestamp":"2022-09-13T02:44:40.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:22 honeypot-ams-1 sshd[14298]: Received disconnect from 80.76.51.46 port 41360:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T02:45:22.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:45:35 honeypot-ams-1 sshd[14304]: Disconnected from authenticating user root 80.76.51.46 port 37896 [preauth]","@timestamp":"2022-09-13T02:45:36.782Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:46:19 honeypot-fra-1 sshd[4796]: Connection closed by invalid user user 201.166.225.131 port 38496 [preauth]","@timestamp":"2022-09-13T02:46:20.042Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T02:51:47.437Z","@version":"1","message":"Sep 13 02:51:46 honeypot-sgp-1 sshd[9390]: Invalid user user from 45.61.186.169 port 55256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:05.448Z","@version":"1","message":"Sep 13 02:52:04 honeypot-sgp-1 sshd[9394]: Invalid user user from 45.61.186.169 port 49982","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:21.456Z","@version":"1","message":"Sep 13 02:52:20 honeypot-sgp-1 sshd[9398]: Invalid user user from 45.61.186.169 port 44720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T02:52:36.465Z","@version":"1","message":"Sep 13 02:52:36 honeypot-sgp-1 sshd[9402]: Invalid user user from 45.61.186.169 port 39426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:52:58 honeypot-fra-1 kernel: [83912003.545448] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.92.32.99 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5129 PROTO=TCP SPT=57577 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:52:59.191Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 02:54:41 honeypot-ams-1 sshd[14312]: Received disconnect from 61.177.172.104 port 20156:11:  [preauth]","@timestamp":"2022-09-13T02:54:42.023Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:23 honeypot-fra-1 sshd[4808]: Invalid user user from 45.61.186.49 port 45636","@timestamp":"2022-09-13T02:55:23.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 02:55:32 honeypot-fra-1 sshd[4812]: Invalid user user from 45.61.186.49 port 57194","@timestamp":"2022-09-13T02:55:32.253Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 02:56:21 honeypot-ams-1 kernel: [83914366.158533] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=50606 PROTO=TCP SPT=10788 DPT=80 WINDOW=40580 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T02:56:22.069Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:00:29 honeypot-fra-1 sshd[4815]: Disconnected from invalid user zhup 161.35.102.143 port 53408 [preauth]","@timestamp":"2022-09-13T03:00:29.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:01:05.683Z","@version":"1","message":"Sep 13 03:01:05 honeypot-sgp-1 kernel: [83914176.017400] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.221 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33308 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:03:39 honeypot-ams-1 sshd[14322]: Received disconnect from 189.46.157.37 port 49886:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:03:39.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:05:55 honeypot-ams-1 sshd[14327]: Disconnected from authenticating user root 46.101.224.69 port 52000 [preauth]","@timestamp":"2022-09-13T03:05:56.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:07:14 honeypot-ams-1 sshd[14331]: Disconnected from authenticating user root 61.177.173.36 port 33667 [preauth]","@timestamp":"2022-09-13T03:07:15.357Z"}
{"@timestamp":"2022-09-13T03:11:52.956Z","@version":"1","message":"Sep 13 03:11:52 honeypot-sgp-1 sshd[9408]: Invalid user debian from 179.60.147.69 port 14818","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:08 honeypot-fra-1 sshd[4822]: Did not receive identification string from 198.98.61.9 port 46856","@timestamp":"2022-09-13T03:12:08.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:35 honeypot-fra-1 sshd[4827]: Connection closed by invalid user ipko 141.98.10.158 port 51454 [preauth]","@timestamp":"2022-09-13T03:12:35.640Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:12:42 honeypot-ams-1 sshd[14340]: Received disconnect from 103.2.135.19 port 46464:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:12:43.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:12:55 honeypot-fra-1 sshd[4831]: Invalid user user from 198.98.61.9 port 53850","@timestamp":"2022-09-13T03:12:56.650Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:04 honeypot-fra-1 sshd[4835]: Received disconnect from 198.98.61.9 port 37186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:13:04.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:13:19 honeypot-fra-1 sshd[4839]: Received disconnect from 198.98.61.9 port 60348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:13:19.662Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:15:16 honeypot-ams-1 sshd[14346]: Invalid user debian from 179.60.147.69 port 55270","@timestamp":"2022-09-13T03:15:16.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:17:01 honeypot-fra-1 CRON[4842]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T03:17:01.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:20:30.168Z","@version":"1","message":"Sep 13 03:20:29 honeypot-sgp-1 kernel: [83915340.460292] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.126 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60434 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:25:46 honeypot-ams-1 sshd[14354]: Disconnecting invalid user admin 108.41.8.142 port 63672: Too many authentication failures [preauth]","@timestamp":"2022-09-13T03:25:46.835Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:26:42 honeypot-fra-1 sshd[4874]: Connection closed by invalid user ubnt 185.106.45.162 port 41616 [preauth]","@timestamp":"2022-09-13T03:26:42.964Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:26:48.346Z","@version":"1","message":"Sep 13 03:26:47 honeypot-sgp-1 sshd[9425]: Did not receive identification string from 141.105.66.148 port 41724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:26:54.350Z","@version":"1","message":"Sep 13 03:26:53 honeypot-sgp-1 sshd[9432]: Connection closed by 141.105.66.148 port 65413 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:27:22 honeypot-ams-1 sshd[14359]: Disconnected from authenticating user root 61.177.173.50 port 32103 [preauth]","@timestamp":"2022-09-13T03:27:22.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:28:29 honeypot-fra-1 sshd[4878]: Disconnected from invalid user vcsh 161.35.59.177 port 38938 [preauth]","@timestamp":"2022-09-13T03:28:30.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:28:47 honeypot-ams-1 sshd[14367]: Disconnected from authenticating user root 61.177.173.35 port 29125 [preauth]","@timestamp":"2022-09-13T03:28:47.918Z"}
{"@timestamp":"2022-09-13T03:31:14.458Z","@version":"1","message":"Sep 13 03:31:13 honeypot-sgp-1 sshd[9440]: Disconnected from invalid user default 164.92.186.90 port 37308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:33:22 honeypot-fra-1 sshd[4883]: Received disconnect from 134.0.193.138 port 51944:11: Bye Bye [preauth]","@timestamp":"2022-09-13T03:33:22.117Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:35:25.560Z","@version":"1","message":"Sep 13 03:35:24 honeypot-sgp-1 sshd[9447]: Invalid user faridah from 60.196.69.234 port 34435","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:34 honeypot-fra-1 sshd[4904]: Invalid user vagrant from 120.199.82.50 port 2941","@timestamp":"2022-09-13T03:35:34.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:38 honeypot-fra-1 sshd[4913]: Connection closed by invalid user testuser 120.199.82.50 port 58181 [preauth]","@timestamp":"2022-09-13T03:35:39.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:44 honeypot-fra-1 sshd[4915]: Invalid user es from 120.199.82.50 port 1922","@timestamp":"2022-09-13T03:35:45.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:35:59 honeypot-fra-1 sshd[4921]: Invalid user elastic from 120.199.82.50 port 33862","@timestamp":"2022-09-13T03:36:00.181Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:06 honeypot-fra-1 sshd[4932]: Connection closed by invalid user oracle 120.199.82.50 port 9926 [preauth]","@timestamp":"2022-09-13T03:36:07.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:36:16 honeypot-ams-1 sshd[14375]: Disconnected from authenticating user root 61.177.173.46 port 42919 [preauth]","@timestamp":"2022-09-13T03:36:17.108Z"}
{"@timestamp":"2022-09-13T03:36:17.583Z","@version":"1","message":"Sep 13 03:36:17 honeypot-sgp-1 sshd[9451]: Received disconnect from 41.60.236.6 port 41972:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:26 honeypot-fra-1 sshd[4931]: Invalid user ec2user from 120.199.82.50 port 14022","@timestamp":"2022-09-13T03:36:27.195Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:36:59 honeypot-fra-1 sshd[4942]: Invalid user ftpuser from 120.199.82.50 port 40211","@timestamp":"2022-09-13T03:37:00.210Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:37:45 honeypot-ams-1 sshd[14380]: Disconnected from authenticating user root 92.255.85.69 port 59108 [preauth]","@timestamp":"2022-09-13T03:37:46.149Z"}
{"@timestamp":"2022-09-13T03:42:35.758Z","@version":"1","message":"Sep 13 03:42:35 honeypot-sgp-1 sshd[9456]: Received disconnect from 31.186.48.216 port 41728:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:39.787Z","@version":"1","message":"Sep 13 03:43:38 honeypot-sgp-1 sshd[9462]: Invalid user user from 116.98.167.15 port 54044","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:43:51.792Z","@version":"1","message":"Sep 13 03:43:51 honeypot-sgp-1 sshd[9468]: Connection closed by invalid user test 116.98.167.15 port 42160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:00.798Z","@version":"1","message":"Sep 13 03:44:00 honeypot-sgp-1 sshd[9478]: Invalid user admin from 116.98.167.15 port 40644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:44:06 honeypot-ams-1 kernel: [83917230.807580] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.160.167.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=27075 PROTO=TCP SPT=24479 DPT=80 WINDOW=26435 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:44:07.314Z"}
{"@timestamp":"2022-09-13T03:44:18.806Z","@version":"1","message":"Sep 13 03:44:18 honeypot-sgp-1 sshd[9484]: Invalid user ftpuser from 116.98.167.15 port 58620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:44:44.820Z","@version":"1","message":"Sep 13 03:44:44 honeypot-sgp-1 sshd[9490]: Invalid user admin from 116.98.167.15 port 43140","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:45:08.832Z","@version":"1","message":"Sep 13 03:45:08 honeypot-sgp-1 sshd[9496]: Invalid user admin from 116.98.167.15 port 55352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:46:00.878Z","@version":"1","message":"Sep 13 03:46:00 honeypot-sgp-1 sshd[9502]: Connection closed by authenticating user root 116.98.167.15 port 44560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:46:59.906Z","@version":"1","message":"Sep 13 03:46:59 honeypot-sgp-1 sshd[9508]: Received disconnect from 223.197.188.206 port 54832:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:47:36.924Z","@version":"1","message":"Sep 13 03:47:36 honeypot-sgp-1 sshd[9512]: Disconnected from invalid user ww 52.151.65.193 port 32902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:48:31.951Z","@version":"1","message":"Sep 13 03:48:31 honeypot-sgp-1 sshd[9519]: Connection closed by invalid user debian 179.60.147.69 port 9010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 03:49:39 honeypot-fra-1 sshd[4951]: Invalid user debian from 179.60.147.69 port 32798","@timestamp":"2022-09-13T03:49:40.489Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T03:50:42.007Z","@version":"1","message":"Sep 13 03:50:41 honeypot-sgp-1 sshd[9527]: Invalid user upport from 116.98.167.15 port 39274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T03:51:36.033Z","@version":"1","message":"Sep 13 03:51:35 honeypot-sgp-1 sshd[9533]: Connection closed by invalid user mailman 116.98.167.15 port 56352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:51:36 honeypot-ams-1 sshd[14393]: Disconnected from authenticating user root 46.19.141.122 port 42024 [preauth]","@timestamp":"2022-09-13T03:51:36.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:52:13 honeypot-ams-1 sshd[14399]: Received disconnect from 46.19.141.122 port 47310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:52:13.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:03 honeypot-ams-1 sshd[14403]: Received disconnect from 46.19.141.122 port 57916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:53:04.550Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:53:40 honeypot-ams-1 sshd[14407]: Disconnected from authenticating user root 46.19.141.122 port 40252 [preauth]","@timestamp":"2022-09-13T03:53:41.567Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:54:26 honeypot-ams-1 sshd[14412]: Disconnected from authenticating user root 61.177.173.46 port 49860 [preauth]","@timestamp":"2022-09-13T03:54:27.591Z"}
{"@timestamp":"2022-09-13T03:54:58.119Z","@version":"1","message":"Sep 13 03:54:57 honeypot-sgp-1 sshd[9539]: Received disconnect from 45.61.186.49 port 37266:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 03:55:06 honeypot-ams-1 sshd[14416]: Received disconnect from 46.19.141.122 port 56132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T03:55:06.612Z"}
{"@timestamp":"2022-09-13T03:55:07.123Z","@version":"1","message":"Sep 13 03:55:07 honeypot-sgp-1 sshd[9543]: Received disconnect from 45.61.186.49 port 48950:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 03:55:40 honeypot-ams-1 kernel: [83917924.309100] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=26440 PROTO=TCP SPT=41264 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T03:55:40.629Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:02:43 honeypot-fra-1 kernel: [83916187.851125] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=221.124.118.47 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=26733 PROTO=TCP SPT=25021 DPT=80 WINDOW=40285 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:02:43.782Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:04:14 honeypot-fra-1 sshd[4959]: Connection closed by invalid user admin 137.119.104.173 port 35976 [preauth]","@timestamp":"2022-09-13T04:04:15.820Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:10 honeypot-fra-1 sshd[4964]: Received disconnect from 141.255.162.226 port 41594:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T04:06:10.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:13 honeypot-fra-1 sshd[4968]: Received disconnect from 141.255.162.226 port 54912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T04:06:13.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:06:18 honeypot-fra-1 sshd[4972]: Received disconnect from 141.255.162.226 port 33336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T04:06:18.869Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 04:10:24 honeypot-ams-1 kernel: [83918808.691784] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.4.36 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12559 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T04:10:25.012Z"}
{"@timestamp":"2022-09-13T04:14:39.607Z","@version":"1","message":"Sep 13 04:14:39 honeypot-sgp-1 kernel: [83918590.108169] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.68 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=53844 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:15:05 honeypot-fra-1 sshd[4976]: Disconnected from invalid user breeanna 189.112.0.11 port 54386 [preauth]","@timestamp":"2022-09-13T04:15:06.065Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:17:01 honeypot-ams-1 CRON[14434]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T04:17:02.183Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:18:23 honeypot-fra-1 sshd[4983]: Connection closed by 133.110.237.169 port 59786 [preauth]","@timestamp":"2022-09-13T04:18:24.140Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:24:10 honeypot-fra-1 sshd[4990]: Connection closed by authenticating user root 203.147.89.26 port 44230 [preauth]","@timestamp":"2022-09-13T04:24:11.271Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:25:21.892Z","@version":"1","message":"Sep 13 04:25:20 honeypot-sgp-1 sshd[9555]: Invalid user unknown from 179.60.147.69 port 59716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:27:26 honeypot-fra-1 sshd[4995]: Invalid user admin from 14.50.131.36 port 54809","@timestamp":"2022-09-13T04:27:26.348Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:28:42.977Z","@version":"1","message":"Sep 13 04:28:42 honeypot-sgp-1 sshd[9561]: Received disconnect from 143.244.158.100 port 49016:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:28:42 honeypot-ams-1 sshd[14441]: Connection closed by invalid user unknown 179.60.147.69 port 10324 [preauth]","@timestamp":"2022-09-13T04:28:43.519Z"}
{"@timestamp":"2022-09-13T04:29:36.002Z","@version":"1","message":"Sep 13 04:29:35 honeypot-sgp-1 sshd[9566]: Received disconnect from 185.62.193.24 port 36412:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:30:23.025Z","@version":"1","message":"Sep 13 04:30:22 honeypot-sgp-1 sshd[9570]: Disconnected from authenticating user root 143.244.158.100 port 45028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:32:48.088Z","@version":"1","message":"Sep 13 04:32:47 honeypot-sgp-1 sshd[9576]: Disconnected from authenticating user root 143.244.158.100 port 59022 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:35:12.172Z","@version":"1","message":"Sep 13 04:35:11 honeypot-sgp-1 sshd[9583]: Disconnected from authenticating user root 143.244.158.100 port 50558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:36:34 honeypot-ams-1 sshd[14444]: Did not receive identification string from 167.99.220.160 port 40622","@timestamp":"2022-09-13T04:36:34.721Z"}
{"@timestamp":"2022-09-13T04:37:19.230Z","@version":"1","message":"Sep 13 04:37:19 honeypot-sgp-1 sshd[9589]: Received disconnect from 188.166.91.139 port 57390:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:39:12.278Z","@version":"1","message":"Sep 13 04:39:11 honeypot-sgp-1 sshd[9595]: Received disconnect from 143.244.158.100 port 52896:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:40:00 honeypot-ams-1 sshd[14448]: Received disconnect from 187.189.221.198 port 33208:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:40:00.812Z"}
{"@timestamp":"2022-09-13T04:41:41.343Z","@version":"1","message":"Sep 13 04:41:40 honeypot-sgp-1 sshd[9602]: Received disconnect from 143.244.158.100 port 39704:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:43:17.386Z","@version":"1","message":"Sep 13 04:43:16 honeypot-sgp-1 sshd[9608]: Received disconnect from 143.244.158.100 port 47590:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:43:29 honeypot-fra-1 sshd[4998]: Disconnected from invalid user konakova 165.22.45.108 port 50044 [preauth]","@timestamp":"2022-09-13T04:43:30.708Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 04:45:07 honeypot-fra-1 sshd[5005]: Received disconnect from 92.255.85.69 port 26212:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:45:07.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T04:45:56.454Z","@version":"1","message":"Sep 13 04:45:55 honeypot-sgp-1 sshd[9615]: Received disconnect from 143.244.158.100 port 42872:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 04:47:36 honeypot-ams-1 sshd[14453]: Received disconnect from 92.255.85.69 port 48972:11: Bye Bye [preauth]","@timestamp":"2022-09-13T04:47:37.009Z"}
{"@timestamp":"2022-09-13T04:48:24.516Z","@version":"1","message":"Sep 13 04:48:24 honeypot-sgp-1 sshd[9621]: Received disconnect from 143.244.158.100 port 37072:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:50:54.579Z","@version":"1","message":"Sep 13 04:50:53 honeypot-sgp-1 sshd[9628]: Received disconnect from 143.244.158.100 port 43426:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:53:23.643Z","@version":"1","message":"Sep 13 04:53:23 honeypot-sgp-1 sshd[9634]: Received disconnect from 143.244.158.100 port 42124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:55:00.686Z","@version":"1","message":"Sep 13 04:55:00 honeypot-sgp-1 sshd[9638]: Received disconnect from 143.244.158.100 port 48124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T04:57:31.750Z","@version":"1","message":"Sep 13 04:57:30 honeypot-sgp-1 sshd[9645]: Received disconnect from 143.244.158.100 port 55466:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:00:00.814Z","@version":"1","message":"Sep 13 04:59:59 honeypot-sgp-1 sshd[9651]: Received disconnect from 143.244.158.100 port 43374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:00:43 honeypot-ams-1 sshd[14458]: Received disconnect from 45.61.187.160 port 46614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:00:44.336Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:00 honeypot-fra-1 sshd[5010]: Did not receive identification string from 45.61.186.49 port 56852","@timestamp":"2022-09-13T05:01:01.104Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:03 honeypot-ams-1 sshd[14462]: Received disconnect from 45.61.187.160 port 41618:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:04.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:13 honeypot-fra-1 sshd[5013]: Disconnected from invalid user user 45.61.186.49 port 55306 [preauth]","@timestamp":"2022-09-13T05:01:14.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:01:22 honeypot-fra-1 sshd[5017]: Disconnected from invalid user user 45.61.186.49 port 38760 [preauth]","@timestamp":"2022-09-13T05:01:23.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:22 honeypot-ams-1 sshd[14466]: Received disconnect from 45.61.187.160 port 36634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:23.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:01:39 honeypot-ams-1 sshd[14470]: Received disconnect from 45.61.187.160 port 59886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T05:01:40.367Z"}
{"@timestamp":"2022-09-13T05:02:04.867Z","@version":"1","message":"Sep 13 05:02:04 honeypot-sgp-1 sshd[9659]: Invalid user centos from 179.60.147.69 port 27682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:03:15 honeypot-fra-1 sshd[5024]: Connection closed by invalid user centos 179.60.147.69 port 31874 [preauth]","@timestamp":"2022-09-13T05:03:16.160Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:04:27.929Z","@version":"1","message":"Sep 13 05:04:27 honeypot-sgp-1 sshd[9665]: Received disconnect from 143.244.158.100 port 42800:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:06:20.978Z","@version":"1","message":"Sep 13 05:06:20 honeypot-sgp-1 sshd[9671]: Received disconnect from 143.244.158.100 port 33782:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:06:29 honeypot-fra-1 sshd[5030]: Invalid user rufus from 52.160.46.145 port 40206","@timestamp":"2022-09-13T05:06:29.249Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:08:51.042Z","@version":"1","message":"Sep 13 05:08:50 honeypot-sgp-1 sshd[9678]: Received disconnect from 143.244.158.100 port 54368:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:10:19 honeypot-fra-1 kernel: [83920244.002835] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.118.131.195 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=18533 PROTO=TCP SPT=45570 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:10:20.336Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:11:21 honeypot-ams-1 sshd[14476]: Received disconnect from 92.255.85.70 port 38526:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:11:21.615Z"}
{"@timestamp":"2022-09-13T05:11:28.108Z","@version":"1","message":"Sep 13 05:11:28 honeypot-sgp-1 sshd[9684]: Received disconnect from 143.244.158.100 port 34952:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:13:04.149Z","@version":"1","message":"Sep 13 05:13:03 honeypot-sgp-1 sshd[9689]: Disconnected from invalid user mmm 104.236.237.117 port 34114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:54 honeypot-ams-1 sshd[14481]: Invalid user user from 141.255.162.226 port 51348","@timestamp":"2022-09-13T05:13:54.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:13:59 honeypot-ams-1 sshd[14485]: Invalid user user from 141.255.162.226 port 36738","@timestamp":"2022-09-13T05:13:59.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:14:01 honeypot-ams-1 sshd[14489]: Invalid user user from 141.255.162.226 port 44544","@timestamp":"2022-09-13T05:14:01.684Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:14:31 honeypot-ams-1 kernel: [83922655.274573] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=61657 PROTO=TCP SPT=46053 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:14:31.698Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:17:01 honeypot-fra-1 CRON[5038]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T05:17:02.490Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:20:04 honeypot-ams-1 sshd[14499]: Connection reset by 198.235.24.54 port 32771 [preauth]","@timestamp":"2022-09-13T05:20:04.842Z"}
{"@timestamp":"2022-09-13T05:21:06.343Z","@version":"1","message":"Sep 13 05:21:05 honeypot-sgp-1 kernel: [83922576.440368] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.96.157.114 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=53047 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:23:04 honeypot-ams-1 sshd[14504]: Received disconnect from 112.5.88.63 port 36381:11: Bye Bye [preauth]","@timestamp":"2022-09-13T05:23:04.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:23:45 honeypot-fra-1 sshd[5044]: Connection closed by invalid user user 187.62.214.147 port 38373 [preauth]","@timestamp":"2022-09-13T05:23:45.646Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T05:29:52.557Z","@version":"1","message":"Sep 13 05:29:52 honeypot-sgp-1 sshd[9701]: Received disconnect from 45.61.186.49 port 59536:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:30:02.562Z","@version":"1","message":"Sep 13 05:30:02 honeypot-sgp-1 sshd[9705]: Received disconnect from 45.61.186.49 port 43118:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:30:36 honeypot-fra-1 kernel: [83921460.785481] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=43040 PROTO=TCP SPT=47002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T05:30:36.803Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T05:32:02.612Z","@version":"1","message":"Sep 13 05:32:02 honeypot-sgp-1 kernel: [83923232.999198] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=46741 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:19.670Z","@version":"1","message":"Sep 13 05:34:19 honeypot-sgp-1 sshd[9712]: Disconnected from invalid user jonatan 190.104.2.46 port 58158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:34:31 honeypot-ams-1 sshd[14508]: Disconnected from authenticating user root 92.255.85.69 port 22324 [preauth]","@timestamp":"2022-09-13T05:34:32.212Z"}
{"@timestamp":"2022-09-13T05:34:50.685Z","@version":"1","message":"Sep 13 05:34:50 honeypot-sgp-1 sshd[9718]: Received disconnect from 185.180.29.203 port 13418:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:34:56.688Z","@version":"1","message":"Sep 13 05:34:56 honeypot-sgp-1 sshd[9724]: Received disconnect from 185.180.29.203 port 13452:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:03.692Z","@version":"1","message":"Sep 13 05:35:02 honeypot-sgp-1 sshd[9730]: Received disconnect from 185.180.29.203 port 13482:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:09.696Z","@version":"1","message":"Sep 13 05:35:09 honeypot-sgp-1 sshd[9736]: Received disconnect from 185.180.29.203 port 13516:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:16.700Z","@version":"1","message":"Sep 13 05:35:15 honeypot-sgp-1 sshd[9742]: Received disconnect from 185.180.29.203 port 13573:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:22.703Z","@version":"1","message":"Sep 13 05:35:22 honeypot-sgp-1 sshd[9748]: Received disconnect from 185.180.29.203 port 13594:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:28.706Z","@version":"1","message":"Sep 13 05:35:28 honeypot-sgp-1 sshd[9754]: Received disconnect from 185.180.29.203 port 13616:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:35.711Z","@version":"1","message":"Sep 13 05:35:35 honeypot-sgp-1 sshd[9760]: Received disconnect from 185.180.29.203 port 13641:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:41.713Z","@version":"1","message":"Sep 13 05:35:41 honeypot-sgp-1 sshd[9766]: Invalid user fukai from 70.35.202.246 port 34254","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:43.714Z","@version":"1","message":"Sep 13 05:35:43 honeypot-sgp-1 sshd[9770]: Disconnected from authenticating user root 185.180.29.203 port 13688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:35:49 honeypot-ams-1 sshd[14514]: Invalid user demo from 118.27.35.131 port 39954","@timestamp":"2022-09-13T05:35:50.249Z"}
{"@timestamp":"2022-09-13T05:35:50.719Z","@version":"1","message":"Sep 13 05:35:49 honeypot-sgp-1 sshd[9776]: Disconnected from authenticating user root 185.180.29.203 port 13730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:35:56.722Z","@version":"1","message":"Sep 13 05:35:56 honeypot-sgp-1 sshd[9782]: Disconnected from authenticating user root 185.180.29.203 port 13764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:03.727Z","@version":"1","message":"Sep 13 05:36:02 honeypot-sgp-1 sshd[9788]: Received disconnect from 185.180.29.203 port 13813:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:07.729Z","@version":"1","message":"Sep 13 05:36:07 honeypot-sgp-1 sshd[9792]: Received disconnect from 185.180.29.203 port 13828:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:11.731Z","@version":"1","message":"Sep 13 05:36:11 honeypot-sgp-1 sshd[9796]: Received disconnect from 185.180.29.203 port 13860:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:15.733Z","@version":"1","message":"Sep 13 05:36:15 honeypot-sgp-1 sshd[9800]: Received disconnect from 185.180.29.203 port 13895:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:20.737Z","@version":"1","message":"Sep 13 05:36:19 honeypot-sgp-1 sshd[9804]: Received disconnect from 185.180.29.203 port 13923:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:24.739Z","@version":"1","message":"Sep 13 05:36:24 honeypot-sgp-1 sshd[9808]: Received disconnect from 185.180.29.203 port 13980:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:30.742Z","@version":"1","message":"Sep 13 05:36:30 honeypot-sgp-1 sshd[9814]: Invalid user pi from 185.180.29.203 port 14011","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:34.745Z","@version":"1","message":"Sep 13 05:36:34 honeypot-sgp-1 sshd[9818]: Invalid user user from 185.180.29.203 port 14039","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:39.748Z","@version":"1","message":"Sep 13 05:36:38 honeypot-sgp-1 sshd[9822]: Invalid user mine from 185.180.29.203 port 14055","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:43.750Z","@version":"1","message":"Sep 13 05:36:43 honeypot-sgp-1 sshd[9826]: Invalid user xbmc from 185.180.29.203 port 14093","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:47.753Z","@version":"1","message":"Sep 13 05:36:47 honeypot-sgp-1 sshd[9830]: Invalid user oracle from 185.180.29.203 port 14122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:51.755Z","@version":"1","message":"Sep 13 05:36:51 honeypot-sgp-1 sshd[9834]: Invalid user postgres from 185.180.29.203 port 14139","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:36:56.758Z","@version":"1","message":"Sep 13 05:36:56 honeypot-sgp-1 sshd[9838]: Invalid user support from 185.180.29.203 port 14164","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:00.760Z","@version":"1","message":"Sep 13 05:37:00 honeypot-sgp-1 sshd[9842]: Invalid user ubuntu from 185.180.29.203 port 14193","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:04.763Z","@version":"1","message":"Sep 13 05:37:04 honeypot-sgp-1 sshd[9847]: Invalid user ubuntu from 185.180.29.203 port 14223","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:08.766Z","@version":"1","message":"Sep 13 05:37:08 honeypot-sgp-1 sshd[9851]: Received disconnect from 211.45.162.52 port 45506:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:11.768Z","@version":"1","message":"Sep 13 05:37:11 honeypot-sgp-1 sshd[9855]: Received disconnect from 185.180.29.203 port 14263:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T05:37:16.772Z","@version":"1","message":"Sep 13 05:37:15 honeypot-sgp-1 sshd[9859]: Received disconnect from 185.180.29.203 port 14283:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:38:58 honeypot-ams-1 sshd[14518]: Invalid user anonymous from 210.196.250.246 port 36692","@timestamp":"2022-09-13T05:38:59.330Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:40:17 honeypot-fra-1 sshd[5053]: Connection closed by invalid user user 179.60.147.69 port 57844 [preauth]","@timestamp":"2022-09-13T05:40:18.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:41:58 honeypot-ams-1 sshd[14523]: Invalid user nicholas from 106.245.234.10 port 39602","@timestamp":"2022-09-13T05:41:58.408Z"}
{"@timestamp":"2022-09-13T05:44:07.938Z","@version":"1","message":"Sep 13 05:44:07 honeypot-sgp-1 kernel: [83923957.617532] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.146.79 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=29359 PROTO=TCP SPT=42408 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:31 honeypot-ams-1 sshd[14528]: Invalid user user from 141.255.162.226 port 35454","@timestamp":"2022-09-13T05:45:31.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:36 honeypot-ams-1 sshd[14532]: Invalid user user from 141.255.162.226 port 55058","@timestamp":"2022-09-13T05:45:36.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 05:45:38 honeypot-ams-1 sshd[14536]: Invalid user user from 141.255.162.226 port 50614","@timestamp":"2022-09-13T05:45:38.507Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 05:45:59 honeypot-ams-1 kernel: [83924543.595893] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.163.104.128 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=37032 DF PROTO=TCP SPT=56150 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-13T05:46:00.518Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 05:56:33 honeypot-fra-1 sshd[5061]: Did not receive identification string from 92.255.85.113 port 36429","@timestamp":"2022-09-13T05:56:33.385Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:00:51.338Z","@version":"1","message":"Sep 13 06:00:51 honeypot-sgp-1 kernel: [83924961.664854] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.68.129 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=20287 PROTO=TCP SPT=48845 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:04:40 honeypot-fra-1 sshd[5065]: Disconnected from invalid user kongxx 165.22.45.108 port 60772 [preauth]","@timestamp":"2022-09-13T06:04:40.569Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:05:46 honeypot-ams-1 sshd[14544]: Received disconnect from 51.79.64.173 port 47868:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:05:47.100Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:12:21 honeypot-ams-1 kernel: [83926125.529718] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=30075 PROTO=TCP SPT=48803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:12:22.270Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5176]: Invalid user teamspeak from 20.13.161.157 port 53546","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5181]: Connection closed by authenticating user root 20.13.161.157 port 53522 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5168]: Invalid user devops from 20.13.161.157 port 53578","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5165]: Connection closed by invalid user docker 20.13.161.157 port 53532 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:27 honeypot-fra-1 sshd[5168]: Connection closed by invalid user devops 20.13.161.157 port 53578 [preauth]","@timestamp":"2022-09-13T06:15:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:15:31 honeypot-fra-1 sshd[5204]: Connection closed by invalid user dev 20.13.161.157 port 53524 [preauth]","@timestamp":"2022-09-13T06:15:31.835Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:16:12.717Z","@version":"1","message":"Sep 13 06:16:12 honeypot-sgp-1 sshd[9877]: Received disconnect from 92.255.85.69 port 19958:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:18:47 honeypot-fra-1 sshd[5214]: Disconnected from authenticating user root 92.255.85.69 port 17014 [preauth]","@timestamp":"2022-09-13T06:18:47.913Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:21:41 honeypot-ams-1 sshd[14555]: Disconnected from authenticating user root 92.255.85.70 port 34122 [preauth]","@timestamp":"2022-09-13T06:21:42.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:24:22 honeypot-fra-1 sshd[5219]: Disconnected from authenticating user root 129.146.247.68 port 44906 [preauth]","@timestamp":"2022-09-13T06:24:23.063Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:24:53.938Z","@version":"1","message":"Sep 13 06:24:53 honeypot-sgp-1 sshd[9886]: Disconnected from authenticating user root 46.101.135.232 port 48980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:27:20.004Z","@version":"1","message":"Sep 13 06:27:19 honeypot-sgp-1 sshd[10100]: Did not receive identification string from 45.61.186.249 port 51358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:27:25 honeypot-ams-1 kernel: [83927029.412306] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.182.129.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=50490 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:27:25.667Z"}
{"@timestamp":"2022-09-13T06:28:09.026Z","@version":"1","message":"Sep 13 06:28:08 honeypot-sgp-1 sshd[10142]: Disconnected from invalid user user 45.61.186.249 port 56310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:28:23 honeypot-fra-1 sshd[5356]: Received disconnect from 179.67.89.142 port 51884:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:28:24.159Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:28:27.035Z","@version":"1","message":"Sep 13 06:28:26 honeypot-sgp-1 sshd[10146]: Disconnected from invalid user user 45.61.186.249 port 51152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:28:43.043Z","@version":"1","message":"Sep 13 06:28:42 honeypot-sgp-1 sshd[10150]: Disconnected from invalid user user 45.61.186.249 port 45998 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:30:02 honeypot-fra-1 sshd[5363]: Invalid user admin from 210.245.34.243 port 55109","@timestamp":"2022-09-13T06:30:03.201Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:31:16 honeypot-fra-1 sshd[5369]: Invalid user scottdaugherty from 141.98.10.158 port 34256","@timestamp":"2022-09-13T06:31:17.233Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:31:33.115Z","@version":"1","message":"Sep 13 06:31:32 honeypot-sgp-1 sshd[10155]: Disconnected from invalid user allsportsmetroworkers 157.245.204.50 port 33028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 06:32:10 honeypot-ams-1 kernel: [83927314.052166] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=43154 PROTO=TCP SPT=49977 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T06:32:10.794Z"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10187]: Invalid user test from 189.8.29.5 port 60662","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10179]: Invalid user steam from 189.8.29.5 port 60624","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10189]: Invalid user admin from 189.8.29.5 port 60636","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10170]: Invalid user devops from 189.8.29.5 port 60606","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10175]: Connection closed by invalid user pi 189.8.29.5 port 60632 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10169]: Connection closed by authenticating user root 189.8.29.5 port 60598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.153Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10172]: Connection closed by invalid user ansible 189.8.29.5 port 60620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10188]: Connection closed by authenticating user root 189.8.29.5 port 60650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10191]: Connection closed by invalid user centos 189.8.29.5 port 60648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:33:01.154Z","@version":"1","message":"Sep 13 06:33:00 honeypot-sgp-1 sshd[10174]: Connection closed by invalid user deploy 189.8.29.5 port 60608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:35:51 honeypot-fra-1 sshd[5376]: Received disconnect from 182.23.23.42 port 42970:11: Bye Bye [preauth]","@timestamp":"2022-09-13T06:35:51.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:41:33 honeypot-ams-1 sshd[14837]: Did not receive identification string from 80.76.51.43 port 37138","@timestamp":"2022-09-13T06:41:34.038Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:17 honeypot-ams-1 sshd[14842]: Invalid user support from 80.76.51.43 port 40536","@timestamp":"2022-09-13T06:42:18.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:42:46 honeypot-ams-1 sshd[14846]: Connection closed by 80.76.51.43 port 41490 [preauth]","@timestamp":"2022-09-13T06:42:47.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:42:53 honeypot-fra-1 sshd[5382]: Disconnected from authenticating user root 92.255.85.69 port 62034 [preauth]","@timestamp":"2022-09-13T06:42:54.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:47:47 honeypot-fra-1 sshd[5388]: Invalid user leo from 144.126.215.161 port 58282","@timestamp":"2022-09-13T06:47:47.611Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T06:48:19.536Z","@version":"1","message":"Sep 13 06:48:19 honeypot-sgp-1 kernel: [83927809.946548] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.134.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=4565 PROTO=TCP SPT=24858 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5396]: Invalid user hadoop from 20.254.57.199 port 53938","@timestamp":"2022-09-13T06:51:12.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5404]: Invalid user testuser from 20.254.57.199 port 53996","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5407]: Invalid user oracle from 20.254.57.199 port 53978","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5398]: Connection closed by invalid user admin 20.254.57.199 port 53934 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5393]: Invalid user mc from 20.254.57.199 port 53936","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:12 honeypot-fra-1 sshd[5392]: Connection closed by authenticating user root 20.254.57.199 port 53952 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5440]: Invalid user www from 20.254.57.199 port 53944","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5444]: Connection closed by authenticating user root 20.254.57.199 port 53946 [preauth]","@timestamp":"2022-09-13T06:51:13.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:51:13 honeypot-fra-1 sshd[5441]: Connection closed by invalid user devops 20.254.57.199 port 53932 [preauth]","@timestamp":"2022-09-13T06:51:13.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 06:53:40 honeypot-fra-1 sshd[5459]: Invalid user debian from 179.60.147.69 port 16460","@timestamp":"2022-09-13T06:53:41.747Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 06:53:48 honeypot-ams-1 sshd[14852]: Invalid user celery from 24.166.23.99 port 35618","@timestamp":"2022-09-13T06:53:49.361Z"}
{"@timestamp":"2022-09-13T06:54:42.700Z","@version":"1","message":"Sep 13 06:54:42 honeypot-sgp-1 sshd[10231]: Did not receive identification string from 141.255.162.226 port 55758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:49.704Z","@version":"1","message":"Sep 13 06:54:48 honeypot-sgp-1 sshd[10234]: Disconnected from invalid user user 141.255.162.226 port 52410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:54:52.707Z","@version":"1","message":"Sep 13 06:54:52 honeypot-sgp-1 sshd[10238]: Disconnected from invalid user user 141.255.162.226 port 44688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T06:58:52.807Z","@version":"1","message":"Sep 13 06:58:52 honeypot-sgp-1 kernel: [83928442.720409] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.99.175.189 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=12792 DF PROTO=TCP SPT=42368 DPT=5432 WINDOW=5840 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:00:19 honeypot-ams-1 sshd[15290]: Received disconnect from 207.154.244.110 port 45302:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:00:20.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:01:16 honeypot-ams-1 sshd[15295]: Disconnected from invalid user majidi 51.79.70.102 port 54204 [preauth]","@timestamp":"2022-09-13T07:01:16.555Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:02:41 honeypot-ams-1 sshd[15300]: Received disconnect from 45.61.184.204 port 48098:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:02:42.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:00 honeypot-ams-1 sshd[15304]: Invalid user user from 45.61.184.204 port 42958","@timestamp":"2022-09-13T07:03:00.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:03:17 honeypot-ams-1 sshd[15308]: Invalid user user from 45.61.184.204 port 37816","@timestamp":"2022-09-13T07:03:17.614Z"}
{"@timestamp":"2022-09-13T07:05:21.970Z","@version":"1","message":"Sep 13 07:05:21 honeypot-sgp-1 sshd[10247]: Disconnected from invalid user avis 102.219.33.70 port 60594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:06:10 honeypot-ams-1 sshd[15312]: Did not receive identification string from 45.61.186.249 port 42018","@timestamp":"2022-09-13T07:06:11.691Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:06:27 honeypot-fra-1 sshd[5467]: Received disconnect from 92.255.85.69 port 28482:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:06:28.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:06:53 honeypot-ams-1 sshd[15316]: Disconnected from invalid user user 45.61.186.249 port 44976 [preauth]","@timestamp":"2022-09-13T07:06:54.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:12 honeypot-ams-1 sshd[15320]: Disconnected from invalid user user 45.61.186.249 port 39726 [preauth]","@timestamp":"2022-09-13T07:07:12.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:07:28 honeypot-ams-1 sshd[15324]: Disconnected from invalid user user 45.61.186.249 port 34470 [preauth]","@timestamp":"2022-09-13T07:07:28.730Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 07:08:22 honeypot-ams-1 kernel: [83929486.347922] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=153.134.157.66 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=52554 PROTO=TCP SPT=57828 DPT=80 WINDOW=6699 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:08:22.758Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:17:30 honeypot-fra-1 sshd[5474]: Did not receive identification string from 45.61.187.160 port 53862","@timestamp":"2022-09-13T07:17:31.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:06 honeypot-fra-1 sshd[5477]: Disconnected from invalid user user 45.61.187.160 port 39068 [preauth]","@timestamp":"2022-09-13T07:18:07.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:24 honeypot-fra-1 sshd[5481]: Received disconnect from 45.61.187.160 port 34134:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:18:25.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:18:42 honeypot-fra-1 sshd[5485]: Received disconnect from 45.61.187.160 port 57434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T07:18:43.323Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:19:51.332Z","@version":"1","message":"Sep 13 07:19:51 honeypot-sgp-1 kernel: [83929701.439146] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52960 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:23:39 honeypot-fra-1 sshd[5490]: Invalid user admin from 111.70.17.151 port 59814","@timestamp":"2022-09-13T07:23:40.437Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 07:25:57 honeypot-ams-1 kernel: [83930541.384793] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=52.187.171.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=15795 PROTO=TCP SPT=53669 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:25:58.210Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:29:19 honeypot-fra-1 sshd[5495]: Disconnected from authenticating user root 92.255.85.69 port 20864 [preauth]","@timestamp":"2022-09-13T07:29:19.566Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T07:29:41.576Z","@version":"1","message":"Sep 13 07:29:40 honeypot-sgp-1 sshd[10261]: Invalid user test from 179.60.147.69 port 49344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:31:43 honeypot-fra-1 kernel: [83928727.864128] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.156.72.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=64404 PROTO=TCP SPT=53876 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T07:31:43.623Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:33:04 honeypot-ams-1 sshd[15343]: Connection closed by invalid user test 179.60.147.69 port 25496 [preauth]","@timestamp":"2022-09-13T07:33:05.408Z"}
{"@timestamp":"2022-09-13T07:39:18.848Z","@version":"1","message":"Sep 13 07:39:18 honeypot-sgp-1 kernel: [83930868.958466] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.27.31.27 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=25056 DF PROTO=TCP SPT=16558 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:30.910Z","@version":"1","message":"Sep 13 07:41:29 honeypot-sgp-1 sshd[10269]: Received disconnect from 45.61.186.49 port 48390:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:41:38.914Z","@version":"1","message":"Sep 13 07:41:38 honeypot-sgp-1 sshd[10273]: Received disconnect from 45.61.186.49 port 60186:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T07:47:28.068Z","@version":"1","message":"Sep 13 07:47:27 honeypot-sgp-1 kernel: [83931357.777984] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.67.234.39 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55195 DF PROTO=TCP SPT=60621 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 07:51:07 honeypot-fra-1 sshd[5505]: Disconnected from authenticating user root 41.60.236.6 port 55540 [preauth]","@timestamp":"2022-09-13T07:51:08.061Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 07:55:49 honeypot-ams-1 sshd[15351]: Received disconnect from 92.255.85.70 port 21586:11: Bye Bye [preauth]","@timestamp":"2022-09-13T07:55:50.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:00:28 honeypot-fra-1 kernel: [83930452.395257] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=8768 PROTO=TCP SPT=46857 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:00:28.272Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:02:34 honeypot-ams-1 sshd[15356]: Invalid user admin from 207.180.211.196 port 35094","@timestamp":"2022-09-13T08:02:35.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:03:58 honeypot-ams-1 sshd[15358]: Disconnected from invalid user admin 159.65.46.55 port 33268 [preauth]","@timestamp":"2022-09-13T08:03:59.226Z"}
{"@timestamp":"2022-09-13T08:04:01.515Z","@version":"1","message":"Sep 13 08:04:01 honeypot-sgp-1 sshd[10280]: Disconnected from authenticating user root 185.130.54.109 port 55591 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:06:07 honeypot-fra-1 sshd[5517]: Disconnected from invalid user kosokowsky 165.22.45.108 port 47782 [preauth]","@timestamp":"2022-09-13T08:06:07.451Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:51 honeypot-ams-1 sshd[15364]: Disconnected from authenticating user root 83.228.83.95 port 10320 [preauth]","@timestamp":"2022-09-13T08:07:52.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:52 honeypot-ams-1 sshd[15370]: Received disconnect from 83.228.83.95 port 10078:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:53.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:53 honeypot-ams-1 sshd[15376]: Received disconnect from 83.228.83.95 port 10344:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:54.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:54 honeypot-ams-1 sshd[15382]: Received disconnect from 83.228.83.95 port 10716:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:55.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:56 honeypot-ams-1 sshd[15388]: Received disconnect from 83.228.83.95 port 10806:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:56.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:57 honeypot-ams-1 sshd[15394]: Received disconnect from 83.228.83.95 port 10390:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:57.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:58 honeypot-ams-1 sshd[15400]: Received disconnect from 83.228.83.95 port 10258:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:07:59.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:07:59 honeypot-ams-1 sshd[15406]: Received disconnect from 83.228.83.95 port 10946:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:00.335Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:00 honeypot-ams-1 sshd[15412]: Received disconnect from 83.228.83.95 port 10274:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:01.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:01 honeypot-ams-1 sshd[15418]: Received disconnect from 83.228.83.95 port 10840:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:02.337Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:03 honeypot-ams-1 sshd[15424]: Received disconnect from 83.228.83.95 port 10822:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:03.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:04 honeypot-ams-1 sshd[15430]: Received disconnect from 83.228.83.95 port 10056:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:04.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:04 honeypot-ams-1 sshd[15434]: Disconnected from invalid user admin 83.228.83.95 port 10832 [preauth]","@timestamp":"2022-09-13T08:08:05.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:05 honeypot-ams-1 sshd[15438]: Disconnected from invalid user admin 83.228.83.95 port 10388 [preauth]","@timestamp":"2022-09-13T08:08:06.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:06 honeypot-ams-1 sshd[15442]: Disconnected from invalid user admin 83.228.83.95 port 10944 [preauth]","@timestamp":"2022-09-13T08:08:07.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15446]: Disconnected from invalid user admin 83.228.83.95 port 10300 [preauth]","@timestamp":"2022-09-13T08:08:07.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:07 honeypot-ams-1 sshd[15450]: Disconnected from invalid user admin 83.228.83.95 port 10582 [preauth]","@timestamp":"2022-09-13T08:08:08.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:08 honeypot-ams-1 sshd[15454]: Disconnected from invalid user user 83.228.83.95 port 10754 [preauth]","@timestamp":"2022-09-13T08:08:09.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:09 honeypot-ams-1 sshd[15460]: Received disconnect from 83.228.83.95 port 10412:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:10.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:10 honeypot-ams-1 sshd[15464]: Received disconnect from 83.228.83.95 port 11020:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:11.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:11 honeypot-ams-1 sshd[15468]: Received disconnect from 83.228.83.95 port 10920:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:12.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15472]: Received disconnect from 83.228.83.95 port 10464:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:12.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:12 honeypot-ams-1 sshd[15476]: Received disconnect from 83.228.83.95 port 10068:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:13.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:13 honeypot-ams-1 sshd[15480]: Received disconnect from 83.228.83.95 port 11012:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:14.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:14 honeypot-ams-1 sshd[15484]: Received disconnect from 83.228.83.95 port 10084:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15488]: Received disconnect from 83.228.83.95 port 10724:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:15.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:15 honeypot-ams-1 sshd[15492]: Received disconnect from 83.228.83.95 port 10810:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:16.348Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:16 honeypot-ams-1 sshd[15496]: Received disconnect from 83.228.83.95 port 10220:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:17.349Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:08:17 honeypot-ams-1 sshd[15500]: Received disconnect from 83.228.83.95 port 10166:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:08:18.350Z"}
{"@timestamp":"2022-09-13T08:09:04.648Z","@version":"1","message":"Sep 13 08:09:03 honeypot-sgp-1 kernel: [83932654.301964] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63370 PROTO=TCP SPT=47004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:09:47 honeypot-ams-1 sshd[15504]: Connection closed by invalid user user 179.60.147.69 port 38292 [preauth]","@timestamp":"2022-09-13T08:09:48.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:14:23 honeypot-ams-1 sshd[15509]: Connection closed by invalid user pi 82.66.77.8 port 49022 [preauth]","@timestamp":"2022-09-13T08:14:24.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:15:31 honeypot-fra-1 sshd[5542]: Disconnected from authenticating user root 92.255.85.69 port 16468 [preauth]","@timestamp":"2022-09-13T08:15:31.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:15:41 honeypot-ams-1 sshd[15517]: Received disconnect from 120.48.37.84 port 50196:11: disconnected by user [preauth]","@timestamp":"2022-09-13T08:15:41.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:38 honeypot-fra-1 sshd[5547]: Received disconnect from 45.61.186.169 port 38548:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:16:38.699Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:16:54 honeypot-fra-1 sshd[5551]: Received disconnect from 45.61.186.169 port 33504:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:16:55.707Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:17:01.854Z","@version":"1","message":"Sep 13 08:17:01 honeypot-sgp-1 CRON[10292]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:02 honeypot-fra-1 sshd[5557]: Disconnected from invalid user user 45.61.186.169 port 45094 [preauth]","@timestamp":"2022-09-13T08:17:03.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:17:19 honeypot-fra-1 sshd[5561]: Disconnected from invalid user user 45.61.186.169 port 40066 [preauth]","@timestamp":"2022-09-13T08:17:19.719Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:19:47 honeypot-fra-1 sshd[5565]: Connection closed by invalid user pi 220.71.14.93 port 34096 [preauth]","@timestamp":"2022-09-13T08:19:47.780Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:24:11 honeypot-ams-1 kernel: [83934035.320405] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=48120 PROTO=TCP SPT=53441 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:24:11.762Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:24:50 honeypot-fra-1 kernel: [83931914.652198] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30969 PROTO=TCP SPT=47534 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:24:50.897Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T08:30:33.222Z","@version":"1","message":"Sep 13 08:30:32 honeypot-sgp-1 sshd[10319]: Did not receive identification string from 198.235.24.152 port 56275","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:37:52 honeypot-fra-1 sshd[5578]: Received disconnect from 217.182.253.249 port 50274:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:37:53.214Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:38:59.439Z","@version":"1","message":"Sep 13 08:38:59 honeypot-sgp-1 sshd[10325]: Invalid user admin from 121.151.75.159 port 56908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:39:27 honeypot-ams-1 sshd[15549]: Received disconnect from 221.150.94.24 port 41180:11: Bye Bye [preauth]","@timestamp":"2022-09-13T08:39:28.156Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:39:35 honeypot-fra-1 sshd[5582]: Disconnected from authenticating user root 92.255.85.70 port 62582 [preauth]","@timestamp":"2022-09-13T08:39:36.259Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:44:33 honeypot-fra-1 sshd[5590]: Invalid user pi from 182.253.81.212 port 33688","@timestamp":"2022-09-13T08:44:33.373Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:45:13.603Z","@version":"1","message":"Sep 13 08:45:12 honeypot-sgp-1 sshd[10330]: Invalid user ftp from 86.102.122.148 port 41782","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:45:18 honeypot-fra-1 sshd[5594]: Connection closed by invalid user username 181.209.148.169 port 47615 [preauth]","@timestamp":"2022-09-13T08:45:18.394Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T08:46:23.635Z","@version":"1","message":"Sep 13 08:46:23 honeypot-sgp-1 kernel: [83934893.671191] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=39290 PROTO=TCP SPT=58207 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:46:27 honeypot-ams-1 sshd[15554]: Connection closed by invalid user test 179.60.147.69 port 19452 [preauth]","@timestamp":"2022-09-13T08:46:28.340Z"}
{"@timestamp":"2022-09-13T08:47:32.667Z","@version":"1","message":"Sep 13 08:47:31 honeypot-sgp-1 sshd[10337]: Invalid user ansible from 103.147.4.202 port 44702","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:48:49 honeypot-fra-1 sshd[5599]: Received disconnect from 45.61.187.160 port 53244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:48:50.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:06 honeypot-fra-1 sshd[5603]: Received disconnect from 45.61.187.160 port 47834:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:49:07.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:22 honeypot-fra-1 sshd[5608]: Received disconnect from 45.61.187.160 port 42420:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:49:23.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:49:38 honeypot-fra-1 sshd[5612]: Received disconnect from 45.61.187.160 port 37022:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T08:49:39.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:49:56 honeypot-ams-1 sshd[15558]: Invalid user user from 198.98.61.9 port 56778","@timestamp":"2022-09-13T08:49:56.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:22 honeypot-ams-1 sshd[15564]: Invalid user user from 198.98.61.9 port 35148","@timestamp":"2022-09-13T08:50:23.447Z"}
{"@timestamp":"2022-09-13T08:50:33.745Z","@version":"1","message":"Sep 13 08:50:32 honeypot-sgp-1 sshd[10343]: Disconnected from authenticating user root 179.127.181.235 port 57966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:50:45 honeypot-ams-1 sshd[15568]: Invalid user user from 198.98.61.9 port 58366","@timestamp":"2022-09-13T08:50:45.457Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 08:51:15 honeypot-ams-1 kernel: [83935659.004386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.44.108.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=7826 PROTO=TCP SPT=18890 DPT=80 WINDOW=31111 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T08:51:15.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 08:59:05 honeypot-ams-1 sshd[15577]: Invalid user mckey from 185.13.235.204 port 58574","@timestamp":"2022-09-13T08:59:06.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 08:59:40 honeypot-fra-1 sshd[5615]: Disconnected from authenticating user root 157.245.195.132 port 42044 [preauth]","@timestamp":"2022-09-13T08:59:40.733Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:17 honeypot-ams-1 sshd[15580]: Disconnected from invalid user user 141.255.162.226 port 52354 [preauth]","@timestamp":"2022-09-13T09:00:17.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:22 honeypot-ams-1 sshd[15584]: Disconnected from invalid user user 141.255.162.226 port 50582 [preauth]","@timestamp":"2022-09-13T09:00:22.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:00:24 honeypot-ams-1 sshd[15588]: Disconnected from invalid user user 141.255.162.226 port 57194 [preauth]","@timestamp":"2022-09-13T09:00:25.711Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:02:58 honeypot-fra-1 sshd[5623]: Invalid user deploy from 68.183.87.50 port 54704","@timestamp":"2022-09-13T09:02:58.813Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:04:11.091Z","@version":"1","message":"Sep 13 09:04:11 honeypot-sgp-1 kernel: [83935961.374334] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.156.91.6 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=21285 PROTO=TCP SPT=53735 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:04:38 honeypot-ams-1 sshd[15594]: Disconnected from authenticating user root 92.255.85.70 port 25474 [preauth]","@timestamp":"2022-09-13T09:04:38.818Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:07:22 honeypot-fra-1 sshd[5635]: Connection closed by invalid user oracle 82.157.251.34 port 55340 [preauth]","@timestamp":"2022-09-13T09:07:22.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:13:24 honeypot-fra-1 sshd[5643]: Connection closed by invalid user admin 148.153.82.133 port 59300 [preauth]","@timestamp":"2022-09-13T09:13:25.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:13:47 honeypot-ams-1 sshd[15600]: Disconnected from authenticating user root 52.227.167.147 port 53734 [preauth]","@timestamp":"2022-09-13T09:13:48.065Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:17:01 honeypot-fra-1 CRON[5649]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T09:17:02.137Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:19:11 honeypot-ams-1 kernel: [83937335.111889] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.99.135.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=28187 PROTO=TCP SPT=40552 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:19:11.213Z"}
{"@timestamp":"2022-09-13T09:19:54.483Z","@version":"1","message":"Sep 13 09:19:54 honeypot-sgp-1 sshd[10355]: Invalid user config from 179.60.147.69 port 28812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5669]: Invalid user steam from 92.205.165.95 port 40808","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5665]: Invalid user oracle from 92.205.165.95 port 40790","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5673]: Invalid user postgres from 92.205.165.95 port 40830","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5684]: Invalid user ubuntu from 92.205.165.95 port 40850","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5659]: Connection closed by invalid user devops 92.205.165.95 port 40780 [preauth]","@timestamp":"2022-09-13T09:21:35.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5678]: Connection closed by invalid user ubuntu 92.205.165.95 port 40844 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5657]: Connection closed by invalid user jenkins 92.205.165.95 port 40786 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5683]: Connection closed by invalid user test 92.205.165.95 port 40840 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:21:34 honeypot-fra-1 sshd[5680]: Connection closed by authenticating user root 92.205.165.95 port 40848 [preauth]","@timestamp":"2022-09-13T09:21:35.241Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:22:41 honeypot-fra-1 sshd[5715]: Disconnected from authenticating user root 194.150.69.207 port 35606 [preauth]","@timestamp":"2022-09-13T09:22:42.266Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:25:48.634Z","@version":"1","message":"Sep 13 09:25:48 honeypot-sgp-1 kernel: [83937258.632168] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.59.47.251 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=20224 DF PROTO=TCP SPT=38088 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:25:58 honeypot-fra-1 sshd[5720]: Disconnected from authenticating user root 92.255.85.69 port 37976 [preauth]","@timestamp":"2022-09-13T09:25:58.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:28:14 honeypot-fra-1 sshd[5727]: Received disconnect from 20.198.109.140 port 38434:11: Bye Bye [preauth]","@timestamp":"2022-09-13T09:28:15.399Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:28:37 honeypot-ams-1 sshd[15611]: Disconnected from authenticating user root 92.255.85.69 port 47308 [preauth]","@timestamp":"2022-09-13T09:28:37.466Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:29:44 honeypot-ams-1 kernel: [83937968.838005] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.13.3.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=54006 PROTO=TCP SPT=4787 DPT=443 WINDOW=27843 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:29:45.500Z"}
{"@timestamp":"2022-09-13T09:29:58.739Z","@version":"1","message":"Sep 13 09:29:57 honeypot-sgp-1 sshd[10366]: Disconnected from invalid user huawei 139.59.224.111 port 35108 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:39:32 honeypot-fra-1 kernel: [83936396.494503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=49093 PROTO=TCP SPT=49275 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:39:32.654Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:42:12 honeypot-ams-1 kernel: [83938716.288468] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40029 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:42:12.827Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5736]: Disconnected from invalid user user 141.255.162.226 port 51426 [preauth]","@timestamp":"2022-09-13T09:46:41.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:41 honeypot-fra-1 sshd[5740]: Disconnected from invalid user user 141.255.162.226 port 36322 [preauth]","@timestamp":"2022-09-13T09:46:42.816Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:45 honeypot-fra-1 sshd[5744]: Disconnected from invalid user user 141.255.162.226 port 49444 [preauth]","@timestamp":"2022-09-13T09:46:46.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:46:48 honeypot-fra-1 sshd[5748]: Disconnected from invalid user user 141.255.162.226 port 34340 [preauth]","@timestamp":"2022-09-13T09:46:48.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T09:47:17.162Z","@version":"1","message":"Sep 13 09:47:16 honeypot-sgp-1 sshd[10374]: Invalid user sfukaya from 60.50.99.134 port 60404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:19 honeypot-fra-1 sshd[5751]: Disconnected from invalid user user 45.61.186.169 port 58138 [preauth]","@timestamp":"2022-09-13T09:49:19.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:36 honeypot-fra-1 sshd[5755]: Disconnected from invalid user user 45.61.186.169 port 52818 [preauth]","@timestamp":"2022-09-13T09:49:36.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:49:52 honeypot-fra-1 sshd[5761]: Invalid user user from 45.61.186.169 port 47500","@timestamp":"2022-09-13T09:49:52.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:50:07 honeypot-fra-1 sshd[5765]: Invalid user user from 45.61.186.169 port 42176","@timestamp":"2022-09-13T09:50:07.904Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 09:52:28 honeypot-ams-1 kernel: [83939332.542246] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=186.218.37.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=39553 PROTO=TCP SPT=37401 DPT=80 WINDOW=21984 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T09:52:29.107Z"}
{"@timestamp":"2022-09-13T09:56:27.385Z","@version":"1","message":"Sep 13 09:56:27 honeypot-sgp-1 sshd[10380]: Invalid user support from 179.60.147.69 port 26880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:01 honeypot-ams-1 sshd[15628]: Received disconnect from 198.98.61.9 port 48246:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:57:02.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:28 honeypot-ams-1 sshd[15632]: Received disconnect from 198.98.61.9 port 43324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:57:29.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 09:57:35 honeypot-fra-1 sshd[5770]: Invalid user support from 179.60.147.69 port 27122","@timestamp":"2022-09-13T09:57:36.073Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:57:57 honeypot-ams-1 sshd[15636]: Received disconnect from 198.98.61.9 port 38402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T09:57:57.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 09:59:48 honeypot-ams-1 sshd[15640]: Connection closed by invalid user support 179.60.147.69 port 30526 [preauth]","@timestamp":"2022-09-13T09:59:49.302Z"}
{"@timestamp":"2022-09-13T10:04:32.581Z","@version":"1","message":"Sep 13 10:04:31 honeypot-sgp-1 sshd[10385]: Received disconnect from 139.59.140.207 port 50710:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:07:06.645Z","@version":"1","message":"Sep 13 10:07:06 honeypot-sgp-1 sshd[10391]: Disconnected from authenticating user root 89.40.72.166 port 36706 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:07:21 honeypot-fra-1 sshd[5775]: Disconnected from invalid user kramer 165.22.45.108 port 35914 [preauth]","@timestamp":"2022-09-13T10:07:21.294Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:09:00.693Z","@version":"1","message":"Sep 13 10:09:00 honeypot-sgp-1 sshd[10396]: Received disconnect from 45.61.184.204 port 41766:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:19.704Z","@version":"1","message":"Sep 13 10:09:19 honeypot-sgp-1 sshd[10400]: Received disconnect from 45.61.184.204 port 36362:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:36.713Z","@version":"1","message":"Sep 13 10:09:36 honeypot-sgp-1 sshd[10404]: Received disconnect from 45.61.184.204 port 59204:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T10:09:54.721Z","@version":"1","message":"Sep 13 10:09:53 honeypot-sgp-1 sshd[10408]: Received disconnect from 45.61.184.204 port 53806:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:10:05 honeypot-fra-1 sshd[5784]: Connection closed by authenticating user root 117.86.103.243 port 48222 [preauth]","@timestamp":"2022-09-13T10:10:06.358Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:11:47.769Z","@version":"1","message":"Sep 13 10:11:47 honeypot-sgp-1 sshd[10412]: Disconnected from invalid user so360 159.192.99.12 port 48756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:12:48 honeypot-ams-1 sshd[15645]: Connection closed by invalid user  64.62.197.107 port 17646 [preauth]","@timestamp":"2022-09-13T10:12:48.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:15:09 honeypot-ams-1 sshd[15650]: Disconnected from authenticating user root 92.255.85.69 port 19464 [preauth]","@timestamp":"2022-09-13T10:15:09.704Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:17:01 honeypot-fra-1 CRON[5791]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T10:17:01.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:19:17.954Z","@version":"1","message":"Sep 13 10:19:17 honeypot-sgp-1 kernel: [83940467.306526] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=41174 PROTO=TCP SPT=47534 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:21:15 honeypot-fra-1 sshd[5798]: Bad protocol version identification '\\003' from 80.66.76.134 port 63390","@timestamp":"2022-09-13T10:21:15.612Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:22:14 honeypot-ams-1 kernel: [83941117.933736] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.141.37 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54230 PROTO=TCP SPT=29425 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:22:14.891Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:22:28 honeypot-fra-1 sshd[5803]: Connection closed by invalid user pi 70.175.251.169 port 53056 [preauth]","@timestamp":"2022-09-13T10:22:28.643Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T10:33:00.290Z","@version":"1","message":"Sep 13 10:33:00 honeypot-sgp-1 sshd[10439]: Invalid user support from 179.60.147.69 port 26098","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:34:10 honeypot-fra-1 sshd[6251]: Connection closed by invalid user support 179.60.147.69 port 5324 [preauth]","@timestamp":"2022-09-13T10:34:10.908Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:35:08 honeypot-ams-1 sshd[15660]: Disconnected from invalid user admin 68.183.170.149 port 51034 [preauth]","@timestamp":"2022-09-13T10:35:08.226Z"}
{"@timestamp":"2022-09-13T10:36:15.374Z","@version":"1","message":"Sep 13 10:36:14 honeypot-sgp-1 sshd[10445]: Invalid user zdu from 181.49.50.202 port 32908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:23 honeypot-ams-1 sshd[15667]: Invalid user admin from 112.166.144.105 port 35660","@timestamp":"2022-09-13T10:36:24.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:36:47 honeypot-ams-1 sshd[15671]: Invalid user user8 from 222.128.10.105 port 44361","@timestamp":"2022-09-13T10:36:48.275Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:37:19 honeypot-ams-1 sshd[15675]: Received disconnect from 147.182.179.237 port 45662:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:37:19.292Z"}
{"@timestamp":"2022-09-13T10:38:11.423Z","@version":"1","message":"Sep 13 10:38:11 honeypot-sgp-1 sshd[10449]: Received disconnect from 139.198.120.226 port 42160:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 10:39:20 honeypot-ams-1 sshd[15680]: Disconnected from authenticating user root 92.255.85.69 port 47612 [preauth]","@timestamp":"2022-09-13T10:39:20.347Z"}
{"@timestamp":"2022-09-13T10:47:00.640Z","@version":"1","message":"Sep 13 10:47:00 honeypot-sgp-1 sshd[10453]: Connection closed by invalid user user1 103.188.176.251 port 56974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:48:07 honeypot-fra-1 sshd[6258]: Invalid user kraydashenko from 165.22.45.108 port 40924","@timestamp":"2022-09-13T10:48:07.220Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 10:52:07 honeypot-ams-1 kernel: [83942911.138081] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19209 PROTO=TCP SPT=47534 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T10:52:07.679Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:52:57 honeypot-fra-1 sshd[6261]: Disconnected from invalid user tripsle 137.184.150.119 port 38364 [preauth]","@timestamp":"2022-09-13T10:52:57.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6275]: Invalid user mysql from 137.184.227.149 port 55082","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6286]: Invalid user cloud from 137.184.227.149 port 55100","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6283]: Invalid user esuser from 137.184.227.149 port 55096","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6269]: Connection closed by authenticating user root 137.184.227.149 port 55076 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6282]: Connection closed by authenticating user root 137.184.227.149 port 55094 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6286]: Connection closed by invalid user cloud 137.184.227.149 port 55100 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:55:49 honeypot-fra-1 sshd[6283]: Connection closed by invalid user esuser 137.184.227.149 port 55096 [preauth]","@timestamp":"2022-09-13T10:55:50.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 10:57:58 honeypot-fra-1 sshd[6317]: Received disconnect from 43.154.50.12 port 59932:11: Bye Bye [preauth]","@timestamp":"2022-09-13T10:57:59.448Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:00:10.988Z","@version":"1","message":"Sep 13 11:00:10 honeypot-sgp-1 sshd[10893]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 46922: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:06:48 honeypot-fra-1 sshd[6322]: Invalid user admin from 201.251.127.123 port 51952","@timestamp":"2022-09-13T11:06:48.674Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:08:48 honeypot-ams-1 sshd[15691]: Invalid user bzrx1098ui from 92.255.85.113 port 6040","@timestamp":"2022-09-13T11:08:49.108Z"}
{"@timestamp":"2022-09-13T11:11:20.267Z","@version":"1","message":"Sep 13 11:11:19 honeypot-sgp-1 kernel: [83943589.800455] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=60.251.218.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=64214 PROTO=TCP SPT=46375 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:16:43.403Z","@version":"1","message":"Sep 13 11:16:42 honeypot-sgp-1 sshd[10908]: Invalid user kong from 138.68.91.192 port 38716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:17:01 honeypot-fra-1 CRON[6328]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T11:17:01.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:17:01 honeypot-ams-1 CRON[15696]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T11:17:02.319Z"}
{"@timestamp":"2022-09-13T11:17:02.414Z","@version":"1","message":"Sep 13 11:17:01 honeypot-sgp-1 CRON[10912]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:47 honeypot-fra-1 sshd[6345]: Invalid user ansible from 36.99.192.209 port 60794","@timestamp":"2022-09-13T11:18:47.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:18:51 honeypot-fra-1 sshd[6352]: Invalid user ansible from 36.99.192.209 port 60754","@timestamp":"2022-09-13T11:18:51.942Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:19:05.468Z","@version":"1","message":"Sep 13 11:19:04 honeypot-sgp-1 sshd[10919]: Received disconnect from 45.61.184.204 port 44716:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:16.473Z","@version":"1","message":"Sep 13 11:19:16 honeypot-sgp-1 sshd[10923]: Received disconnect from 92.255.85.69 port 55854:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:19:18 honeypot-ams-1 kernel: [83944541.990311] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6486 PROTO=TCP SPT=47663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:19:18.384Z"}
{"@timestamp":"2022-09-13T11:19:32.481Z","@version":"1","message":"Sep 13 11:19:32 honeypot-sgp-1 sshd[10929]: Invalid user user from 45.61.184.204 port 51460","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:19:42.487Z","@version":"1","message":"Sep 13 11:19:41 honeypot-sgp-1 sshd[10933]: Received disconnect from 45.61.184.204 port 34886:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:20:00.496Z","@version":"1","message":"Sep 13 11:20:00 honeypot-sgp-1 sshd[10937]: Received disconnect from 45.61.184.204 port 58258:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:21:59 honeypot-fra-1 sshd[6358]: Disconnected from authenticating user root 92.255.85.70 port 62188 [preauth]","@timestamp":"2022-09-13T11:22:00.014Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:25:47 honeypot-ams-1 sshd[15706]: Did not receive identification string from 45.61.186.169 port 46800","@timestamp":"2022-09-13T11:25:48.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:16 honeypot-ams-1 sshd[15709]: Received disconnect from 45.61.186.169 port 48408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:26:16.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:33 honeypot-ams-1 sshd[15713]: Received disconnect from 45.61.186.169 port 43518:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:26:33.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:26:49 honeypot-ams-1 sshd[15717]: Received disconnect from 45.61.186.169 port 38652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:26:49.590Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:27:08 honeypot-ams-1 kernel: [83945012.317957] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.71 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36728 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-13T11:27:08.600Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:28:23 honeypot-fra-1 sshd[6366]: Received disconnect from 165.22.45.108 port 45818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:28:24.157Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:31:20.771Z","@version":"1","message":"Sep 13 11:31:20 honeypot-sgp-1 sshd[10940]: Did not receive identification string from 45.61.187.160 port 33554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:31:57.789Z","@version":"1","message":"Sep 13 11:31:57 honeypot-sgp-1 sshd[10943]: Disconnected from invalid user user 45.61.187.160 port 50340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:32:02 honeypot-ams-1 sshd[15725]: Disconnected from authenticating user root 101.36.102.8 port 54642 [preauth]","@timestamp":"2022-09-13T11:32:02.728Z"}
{"@timestamp":"2022-09-13T11:32:16.799Z","@version":"1","message":"Sep 13 11:32:16 honeypot-sgp-1 sshd[10947]: Disconnected from invalid user user 45.61.187.160 port 45254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:32:37.810Z","@version":"1","message":"Sep 13 11:32:36 honeypot-sgp-1 sshd[10951]: Disconnected from invalid user user 45.61.187.160 port 40198 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 11:35:16 honeypot-ams-1 kernel: [83945500.438366] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=144.48.243.57 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=245 ID=4510 PROTO=TCP SPT=48314 DPT=3389 WINDOW=63443 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:35:16.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:22 honeypot-fra-1 sshd[6370]: Received disconnect from 45.61.184.204 port 33836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:35:23.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:40 honeypot-fra-1 sshd[6374]: Received disconnect from 45.61.184.204 port 56444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:35:41.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:35:57 honeypot-fra-1 sshd[6378]: Received disconnect from 45.61.184.204 port 50860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:35:58.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:36:13 honeypot-fra-1 sshd[6382]: Received disconnect from 45.61.184.204 port 45276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:36:14.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T11:39:38.982Z","@version":"1","message":"Sep 13 11:39:38 honeypot-sgp-1 kernel: [83945288.839756] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=144.48.243.57 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=244 ID=38367 PROTO=TCP SPT=48314 DPT=3389 WINDOW=63443 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T11:42:27.055Z","@version":"1","message":"Sep 13 11:42:26 honeypot-sgp-1 sshd[10957]: Received disconnect from 92.255.85.69 port 21750:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:44:13 honeypot-fra-1 kernel: [83943876.769443] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=48876 DF PROTO=TCP SPT=33834 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:44:13.539Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:44:31 honeypot-ams-1 sshd[15730]: Invalid user tester from 20.36.182.53 port 56566","@timestamp":"2022-09-13T11:44:31.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:47:45 honeypot-ams-1 sshd[15733]: Received disconnect from 92.255.85.70 port 45220:11: Bye Bye [preauth]","@timestamp":"2022-09-13T11:47:46.150Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:48:24 honeypot-fra-1 sshd[6392]: Invalid user admin from 209.14.71.239 port 49306","@timestamp":"2022-09-13T11:48:25.637Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:26 honeypot-ams-1 sshd[15737]: Did not receive identification string from 80.76.51.45 port 47884","@timestamp":"2022-09-13T11:49:27.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:49:54 honeypot-ams-1 sshd[15744]: Invalid user admin from 80.76.51.45 port 52962","@timestamp":"2022-09-13T11:49:55.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:25 honeypot-ams-1 sshd[15748]: Received disconnect from 80.76.51.45 port 47780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:50:26.228Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:50:34 honeypot-fra-1 sshd[6397]: Disconnected from invalid user intraswitch 167.99.147.105 port 42422 [preauth]","@timestamp":"2022-09-13T11:50:35.690Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:50:40 honeypot-ams-1 sshd[15750]: Disconnected from authenticating user root 80.76.51.45 port 59418 [preauth]","@timestamp":"2022-09-13T11:50:41.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:51:25 honeypot-ams-1 sshd[15756]: Disconnected from authenticating user root 80.76.51.45 port 37768 [preauth]","@timestamp":"2022-09-13T11:51:26.261Z"}
{"@timestamp":"2022-09-13T11:51:53.305Z","@version":"1","message":"Sep 13 11:51:52 honeypot-sgp-1 sshd[10964]: Disconnected from invalid user user4 68.183.142.49 port 55058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:52:10 honeypot-ams-1 sshd[15762]: Received disconnect from 80.76.51.45 port 44308:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:52:10.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 11:52:39 honeypot-ams-1 sshd[15767]: Received disconnect from 80.76.51.45 port 39164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T11:52:40.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 11:57:20 honeypot-fra-1 kernel: [83944664.552187] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.156.155.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47101 PROTO=TCP SPT=53102 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T11:57:20.842Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:01:59 honeypot-fra-1 sshd[6407]: Received disconnect from 45.61.186.249 port 44038:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:01:59.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:16 honeypot-fra-1 sshd[6411]: Received disconnect from 45.61.186.249 port 38668:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:02:16.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:02:34 honeypot-fra-1 sshd[6415]: Received disconnect from 45.61.186.249 port 33272:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T12:02:34.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:04:52 honeypot-fra-1 kernel: [83945115.999127] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24767 PROTO=TCP SPT=50403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:04:53.019Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T12:05:01.625Z","@version":"1","message":"Sep 13 12:05:01 honeypot-sgp-1 sshd[10970]: Invalid user user from 45.61.186.49 port 41230","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:05:11.631Z","@version":"1","message":"Sep 13 12:05:10 honeypot-sgp-1 sshd[10974]: Invalid user user from 45.61.186.49 port 52860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:08:52 honeypot-fra-1 sshd[6427]: Invalid user admin from 85.132.106.113 port 40928","@timestamp":"2022-09-13T12:08:53.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:10:28 honeypot-ams-1 kernel: [83947611.899797] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.144.135.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=15249 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:10:28.752Z"}
{"@timestamp":"2022-09-13T12:12:28.809Z","@version":"1","message":"Sep 13 12:12:27 honeypot-sgp-1 kernel: [83947258.114361] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=175.140.162.98 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=47209 PROTO=TCP SPT=28323 DPT=80 WINDOW=29913 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:14:12 honeypot-ams-1 kernel: [83947836.286456] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23686 PROTO=TCP SPT=50403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:14:12.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:17:56 honeypot-ams-1 sshd[15786]: Received disconnect from 112.65.128.90 port 38760:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:17:56.950Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:17:57 honeypot-fra-1 sshd[6434]: Received disconnect from 134.122.30.242 port 52170:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:17:58.321Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:20:10 honeypot-ams-1 sshd[15790]: Disconnected from authenticating user root 125.143.2.73 port 51870 [preauth]","@timestamp":"2022-09-13T12:20:11.009Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:27:54 honeypot-fra-1 kernel: [83946498.016708] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=39756 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:27:54.547Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:28:14 honeypot-ams-1 sshd[15796]: Received disconnect from 161.35.131.133 port 38964:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:28:15.217Z"}
{"@timestamp":"2022-09-13T12:29:21.228Z","@version":"1","message":"Sep 13 12:29:21 honeypot-sgp-1 sshd[10987]: Received disconnect from 92.255.85.69 port 21124:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T12:33:54.343Z","@version":"1","message":"Sep 13 12:33:54 honeypot-sgp-1 kernel: [83948544.154397] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22003 PROTO=TCP SPT=45851 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:34:52 honeypot-ams-1 kernel: [83949076.191076] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=35390 PROTO=TCP SPT=53087 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:34:52.390Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:36:11 honeypot-fra-1 kernel: [83946995.245046] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.55 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=31595 PROTO=TCP SPT=54273 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:36:11.735Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:43:23 honeypot-ams-1 sshd[15802]: Received disconnect from 161.230.125.183 port 40612:11: Bye Bye [preauth]","@timestamp":"2022-09-13T12:43:23.607Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:45:14 honeypot-fra-1 sshd[6457]: Invalid user test from 193.106.191.157 port 58694","@timestamp":"2022-09-13T12:45:14.942Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6462]: Invalid user postgres from 94.156.175.57 port 60688","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6470]: Invalid user elasticsearch from 94.156.175.57 port 60739","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6481]: Invalid user oracle from 94.156.175.57 port 60767","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6474]: Connection closed by invalid user elastic 94.156.175.57 port 60750 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6482]: Invalid user ubuntu from 94.156.175.57 port 60759","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6468]: Connection closed by invalid user oracle 94.156.175.57 port 60733 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6486]: Invalid user elastic from 94.156.175.57 port 60772","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6473]: Connection closed by invalid user ftpadmin 94.156.175.57 port 60737 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:09 honeypot-fra-1 sshd[6466]: Connection closed by invalid user postgres 94.156.175.57 port 60692 [preauth]","@timestamp":"2022-09-13T12:46:09.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:46:27 honeypot-fra-1 sshd[6516]: Disconnected from authenticating user root 36.66.188.183 port 36484 [preauth]","@timestamp":"2022-09-13T12:46:27.975Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 12:48:20 honeypot-ams-1 kernel: [83949884.411140] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=55897 PROTO=TCP SPT=55076 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:48:20.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:49:31 honeypot-fra-1 kernel: [83947794.872580] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=61.0.13.222 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=16958 DF PROTO=TCP SPT=57216 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:49:32.047Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T12:50:04.745Z","@version":"1","message":"Sep 13 12:50:04 honeypot-sgp-1 kernel: [83949514.145760] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=49065 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 12:55:14 honeypot-ams-1 sshd[15813]: Disconnected from authenticating user root 220.88.1.208 port 52898 [preauth]","@timestamp":"2022-09-13T12:55:14.918Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:56:33 honeypot-fra-1 sshd[6527]: Disconnected from authenticating user root 92.255.85.69 port 47172 [preauth]","@timestamp":"2022-09-13T12:56:34.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 12:58:51 honeypot-fra-1 kernel: [83948354.661500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26562 PROTO=TCP SPT=39448 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T12:58:51.260Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T13:00:54.012Z","@version":"1","message":"Sep 13 13:00:53 honeypot-sgp-1 kernel: [83950164.048071] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=44963 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:01:48 honeypot-fra-1 kernel: [83948532.325220] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=50316 PROTO=TCP SPT=51854 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:01:49.328Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:02:43 honeypot-ams-1 sshd[15823]: Connection closed by invalid user admin 179.60.147.69 port 38618 [preauth]","@timestamp":"2022-09-13T13:02:44.113Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:03:52 honeypot-fra-1 sshd[6541]: Did not receive identification string from 179.43.156.143 port 59174","@timestamp":"2022-09-13T13:03:53.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:05:18 honeypot-fra-1 sshd[6546]: Received disconnect from 179.43.156.143 port 37934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:05:19.413Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:05:46.134Z","@version":"1","message":"Sep 13 13:05:45 honeypot-sgp-1 kernel: [83950456.060914] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.151.91.94 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=4873 PROTO=TCP SPT=52848 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:07:16 honeypot-fra-1 sshd[6553]: Received disconnect from 179.43.156.143 port 52538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:07:16.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:08:31 honeypot-fra-1 sshd[6559]: Invalid user nutanix from 179.43.156.143 port 43414","@timestamp":"2022-09-13T13:08:31.488Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:09:33 honeypot-ams-1 sshd[15830]: Disconnected from authenticating user root 159.65.77.254 port 60372 [preauth]","@timestamp":"2022-09-13T13:09:33.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:09:40 honeypot-fra-1 sshd[6563]: Did not receive identification string from 45.61.186.169 port 44416","@timestamp":"2022-09-13T13:09:40.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:17 honeypot-fra-1 sshd[6566]: Received disconnect from 45.61.186.169 port 54516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T13:10:18.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:27 honeypot-fra-1 sshd[6570]: Disconnected from invalid user user 45.61.186.169 port 38090 [preauth]","@timestamp":"2022-09-13T13:10:28.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:10:46 honeypot-fra-1 sshd[6574]: Disconnected from invalid user user 45.61.186.169 port 33466 [preauth]","@timestamp":"2022-09-13T13:10:46.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:03 honeypot-fra-1 sshd[6578]: Disconnected from invalid user user 45.61.186.169 port 57078 [preauth]","@timestamp":"2022-09-13T13:11:03.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:11:29 honeypot-fra-1 sshd[6584]: Connection closed by authenticating user uucp 190.182.194.137 port 52613 [preauth]","@timestamp":"2022-09-13T13:11:29.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:12:57 honeypot-fra-1 sshd[6591]: Disconnected from authenticating user root 179.43.156.143 port 39880 [preauth]","@timestamp":"2022-09-13T13:12:58.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:17:01 honeypot-fra-1 CRON[6595]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T13:17:01.690Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:17:01 honeypot-ams-1 CRON[15838]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T13:17:02.483Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:17:56 honeypot-ams-1 sshd[15844]: Invalid user dye from 24.188.213.50 port 59132","@timestamp":"2022-09-13T13:17:56.508Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:18:54 honeypot-ams-1 kernel: [83951718.787901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=53396 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:18:55.537Z"}
{"@timestamp":"2022-09-13T13:19:40.493Z","@version":"1","message":"Sep 13 13:19:40 honeypot-sgp-1 sshd[11012]: Connection closed by authenticating user root 103.188.176.251 port 60656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:20:04 honeypot-ams-1 sshd[15851]: Invalid user ftpuser from 37.24.207.203 port 44548","@timestamp":"2022-09-13T13:20:04.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:21:21 honeypot-ams-1 sshd[15856]: Received disconnect from 92.255.85.69 port 15386:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:21:22.608Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:28:03 honeypot-fra-1 sshd[6602]: Invalid user admin from 220.74.55.232 port 58859","@timestamp":"2022-09-13T13:28:03.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:29:58 honeypot-fra-1 sshd[6607]: Invalid user user from 45.61.186.169 port 39690","@timestamp":"2022-09-13T13:29:58.987Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:17 honeypot-fra-1 sshd[6611]: Invalid user user from 45.61.186.169 port 34678","@timestamp":"2022-09-13T13:30:17.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:34 honeypot-fra-1 sshd[6615]: Invalid user user from 45.61.186.169 port 57920","@timestamp":"2022-09-13T13:30:35.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:30:50 honeypot-fra-1 sshd[6619]: Invalid user user from 45.61.186.169 port 52908","@timestamp":"2022-09-13T13:30:51.009Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:31:09 honeypot-ams-1 kernel: [83952453.526538] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.46.68.217 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=45899 PROTO=TCP SPT=11917 DPT=80 WINDOW=22585 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:31:09.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:32:18 honeypot-fra-1 sshd[6624]: Invalid user test from 193.106.191.157 port 33158","@timestamp":"2022-09-13T13:32:19.129Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:40:19.991Z","@version":"1","message":"Sep 13 13:40:19 honeypot-sgp-1 sshd[11018]: Invalid user henrietta from 79.225.76.143 port 37348","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:40:31.998Z","@version":"1","message":"Sep 13 13:40:31 honeypot-sgp-1 sshd[11022]: Disconnected from authenticating user root 51.124.254.31 port 44222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:42:03 honeypot-fra-1 sshd[6635]: Received disconnect from 92.255.85.69 port 43310:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:42:03.350Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:42:34.052Z","@version":"1","message":"Sep 13 13:42:33 honeypot-sgp-1 kernel: [83952663.764619] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.121.154 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26814 PROTO=TCP SPT=56206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:44:13 honeypot-fra-1 sshd[6640]: Invalid user ftpuser from 134.209.102.211 port 42716","@timestamp":"2022-09-13T13:44:14.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 13:45:47 honeypot-ams-1 sshd[15870]: Received disconnect from 92.255.85.69 port 36174:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:45:48.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:47:02 honeypot-fra-1 sshd[6642]: Received disconnect from 177.33.46.250 port 57570:11: Bye Bye [preauth]","@timestamp":"2022-09-13T13:47:02.466Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T13:51:01.261Z","@version":"1","message":"Sep 13 13:51:00 honeypot-sgp-1 kernel: [83953170.654122] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.38 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=52166 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:53.382Z","@version":"1","message":"Sep 13 13:55:52 honeypot-sgp-1 sshd[11037]: Disconnected from invalid user user 141.255.162.226 port 33162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:55:58.386Z","@version":"1","message":"Sep 13 13:55:57 honeypot-sgp-1 sshd[11041]: Disconnected from invalid user user 141.255.162.226 port 46180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T13:56:00.387Z","@version":"1","message":"Sep 13 13:56:00 honeypot-sgp-1 sshd[11047]: Connection closed by 141.255.162.226 port 59204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 13:56:53 honeypot-ams-1 kernel: [83953997.235860] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.16.28.136 DST=178.62.254.91 LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=52953 DF PROTO=TCP SPT=26630 DPT=80 WINDOW=35902 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:56:53.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 13:58:28 honeypot-fra-1 kernel: [83951931.824828] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=38434 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T13:58:28.737Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T14:08:22.694Z","@version":"1","message":"Sep 13 14:08:22 honeypot-sgp-1 kernel: [83954212.139838] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.143.207.200 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=5127 PROTO=TCP SPT=58039 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:09:39 honeypot-fra-1 sshd[6659]: Invalid user krister from 165.22.45.108 port 37266","@timestamp":"2022-09-13T14:09:39.984Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:14:07 honeypot-fra-1 sshd[6665]: Connection closed by invalid user unknown 179.60.147.69 port 34120 [preauth]","@timestamp":"2022-09-13T14:14:08.086Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:15:27.867Z","@version":"1","message":"Sep 13 14:15:27 honeypot-sgp-1 sshd[11059]: Disconnected from invalid user user 45.61.187.160 port 51522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:15:27 honeypot-ams-1 kernel: [83955111.710739] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=49490 PROTO=TCP SPT=13692 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:15:28.027Z"}
{"@timestamp":"2022-09-13T14:15:46.878Z","@version":"1","message":"Sep 13 14:15:46 honeypot-sgp-1 sshd[11063]: Disconnected from invalid user user 45.61.187.160 port 46222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:04.887Z","@version":"1","message":"Sep 13 14:16:04 honeypot-sgp-1 sshd[11067]: Disconnected from invalid user user 45.61.187.160 port 40942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:16:21.896Z","@version":"1","message":"Sep 13 14:16:21 honeypot-sgp-1 sshd[11071]: Disconnected from invalid user user 45.61.187.160 port 35642 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T14:20:05.993Z","@version":"1","message":"Sep 13 14:20:05 honeypot-sgp-1 kernel: [83954915.666420] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64722 PROTO=TCP SPT=58321 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:21:13 honeypot-ams-1 kernel: [83955457.448283] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=34942 PROTO=TCP SPT=51619 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:21:14.200Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:21 honeypot-fra-1 sshd[6671]: Invalid user neel from 187.75.209.161 port 54272","@timestamp":"2022-09-13T14:24:22.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:24:29 honeypot-fra-1 kernel: [83953492.580186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=71.167.53.101 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=4058 PROTO=TCP SPT=62945 DPT=80 WINDOW=20965 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:24:29.319Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T14:25:49.139Z","@version":"1","message":"Sep 13 14:25:48 honeypot-sgp-1 sshd[11082]: Disconnected from authenticating user root 92.255.85.69 port 54526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:25:59 honeypot-fra-1 sshd[6679]: Invalid user user from 198.98.61.9 port 42376","@timestamp":"2022-09-13T14:26:00.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:17 honeypot-fra-1 sshd[6683]: Invalid user user from 198.98.61.9 port 37010","@timestamp":"2022-09-13T14:26:18.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:30 honeypot-fra-1 kernel: [83953614.068755] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.109 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=16461 PROTO=TCP SPT=25431 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:26:31.373Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:26:43 honeypot-fra-1 sshd[6689]: Disconnected from invalid user user 198.98.61.9 port 43086 [preauth]","@timestamp":"2022-09-13T14:26:44.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:28:45 honeypot-fra-1 sshd[6693]: Received disconnect from 92.255.85.70 port 41924:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:28:45.426Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:30:54 honeypot-ams-1 sshd[15887]: Received disconnect from 92.255.85.70 port 28916:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:30:54.473Z"}
{"@timestamp":"2022-09-13T14:36:10.402Z","@version":"1","message":"Sep 13 14:36:09 honeypot-sgp-1 sshd[11088]: Invalid user alexandr from 172.79.124.130 port 11849","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:39:41 honeypot-fra-1 sshd[6699]: Received disconnect from 139.59.27.36 port 60586:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:39:41.693Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:44:19.605Z","@version":"1","message":"Sep 13 14:44:18 honeypot-sgp-1 kernel: [83956368.948700] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.128.220 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=42961 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 14:44:53 honeypot-ams-1 kernel: [83956877.089553] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.237.145.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8299 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:44:53.832Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:48:26 honeypot-fra-1 kernel: [83954929.504913] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=36190 PROTO=TCP SPT=59802 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T14:48:26.894Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:50:57 honeypot-fra-1 sshd[6711]: Received disconnect from 187.210.226.222 port 52662:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:50:57.979Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:52:19 honeypot-fra-1 sshd[6718]: Received disconnect from 92.255.85.70 port 59196:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:52:20.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 14:53:17 honeypot-fra-1 sshd[6722]: Disconnected from invalid user krut 165.22.45.108 port 42240 [preauth]","@timestamp":"2022-09-13T14:53:18.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T14:53:47.841Z","@version":"1","message":"Sep 13 14:53:47 honeypot-sgp-1 kernel: [83956937.169245] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.149.126.156 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=51754 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 14:54:20 honeypot-ams-1 sshd[15901]: Received disconnect from 92.255.85.70 port 46166:11: Bye Bye [preauth]","@timestamp":"2022-09-13T14:54:21.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:03:01 honeypot-fra-1 kernel: [83955804.584638] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=36269 PROTO=TCP SPT=51407 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:03:02.254Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:04:06 honeypot-ams-1 kernel: [83958030.673572] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=202.95.12.14 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=35757 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:04:07.337Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:11:34 honeypot-fra-1 sshd[6731]: Invalid user <empty> from 178.219.115.231 port 32806","@timestamp":"2022-09-13T15:11:35.447Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:12:59.311Z","@version":"1","message":"Sep 13 15:12:58 honeypot-sgp-1 sshd[11107]: Received disconnect from 92.255.85.70 port 30360:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:13:22 honeypot-fra-1 sshd[6733]: Disconnected from invalid user 22 180.250.248.169 port 58850 [preauth]","@timestamp":"2022-09-13T15:13:23.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:16:24 honeypot-fra-1 sshd[6739]: Received disconnect from 134.209.175.24 port 50492:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:16:25.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:18:01 honeypot-ams-1 sshd[15912]: Disconnected from authenticating user root 92.255.85.70 port 29714 [preauth]","@timestamp":"2022-09-13T15:18:01.689Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:19:43 honeypot-fra-1 sshd[6745]: Received disconnect from 192.116.113.246 port 33760:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:19:43.640Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:20:14.489Z","@version":"1","message":"Sep 13 15:20:13 honeypot-sgp-1 sshd[11113]: Disconnected from authenticating user root 165.227.202.89 port 49530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:24:24.592Z","@version":"1","message":"Sep 13 15:24:24 honeypot-sgp-1 sshd[11121]: Received disconnect from 40.118.226.96 port 33120:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:25:37.625Z","@version":"1","message":"Sep 13 15:25:37 honeypot-sgp-1 kernel: [83958846.952336] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.69.219.250 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=65149 DF PROTO=TCP SPT=32765 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:27:33 honeypot-fra-1 sshd[6750]: Invalid user default from 179.60.147.69 port 61588","@timestamp":"2022-09-13T15:27:33.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:32:05 honeypot-fra-1 sshd[6757]: Connection closed by invalid user user 189.57.3.90 port 44468 [preauth]","@timestamp":"2022-09-13T15:32:05.943Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:34:22.842Z","@version":"1","message":"Sep 13 15:34:22 honeypot-sgp-1 kernel: [83959372.665183] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=39057 PROTO=TCP SPT=31606 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 15:35:44 honeypot-ams-1 kernel: [83959928.611854] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.19.118 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=1973 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T15:35:45.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:36:51 honeypot-fra-1 sshd[6762]: Received disconnect from 165.22.45.108 port 48616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:36:52.046Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T15:41:31.015Z","@version":"1","message":"Sep 13 15:41:30 honeypot-sgp-1 sshd[11138]: Received disconnect from 102.132.237.232 port 44076:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T15:43:07.056Z","@version":"1","message":"Sep 13 15:43:07 honeypot-sgp-1 sshd[11142]: Disconnected from authenticating user root 165.232.173.191 port 50148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:06 honeypot-fra-1 sshd[6768]: Invalid user user from 45.61.186.169 port 45456","@timestamp":"2022-09-13T15:43:07.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:24 honeypot-fra-1 sshd[6772]: Invalid user user from 45.61.186.169 port 40324","@timestamp":"2022-09-13T15:43:24.199Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:40 honeypot-fra-1 sshd[6776]: Invalid user user from 45.61.186.169 port 35186","@timestamp":"2022-09-13T15:43:41.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:43:56 honeypot-fra-1 sshd[6780]: Invalid user user from 45.61.186.169 port 58280","@timestamp":"2022-09-13T15:43:56.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:45:56 honeypot-fra-1 sshd[6784]: Received disconnect from 133.130.101.23 port 47668:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:45:57.264Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:47:15 honeypot-ams-1 sshd[15934]: Invalid user test from 193.106.191.157 port 35538","@timestamp":"2022-09-13T15:47:16.477Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:49:11 honeypot-ams-1 sshd[15939]: Disconnected from authenticating user root 80.76.51.189 port 51000 [preauth]","@timestamp":"2022-09-13T15:49:12.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:50:43 honeypot-ams-1 sshd[15945]: Received disconnect from 80.76.51.189 port 52562:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:50:44.574Z"}
{"@timestamp":"2022-09-13T15:52:11.277Z","@version":"1","message":"Sep 13 15:52:11 honeypot-sgp-1 sshd[11149]: Received disconnect from 157.230.155.135 port 58501:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:52:18 honeypot-ams-1 sshd[15952]: Received disconnect from 80.76.51.189 port 54126:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:52:18.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:52:19 honeypot-fra-1 sshd[6790]: Invalid user Sujan from 189.56.184.189 port 49363","@timestamp":"2022-09-13T15:52:20.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:53:52 honeypot-ams-1 sshd[15958]: Received disconnect from 80.76.51.189 port 55684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:53:52.660Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 15:53:54 honeypot-fra-1 sshd[6795]: Received disconnect from 178.154.201.126 port 56490:11: Bye Bye [preauth]","@timestamp":"2022-09-13T15:53:54.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:54:55 honeypot-ams-1 sshd[15962]: Received disconnect from 80.76.51.189 port 37930:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:54:55.689Z"}
{"@timestamp":"2022-09-13T15:55:24.384Z","@version":"1","message":"Sep 13 15:55:23 honeypot-sgp-1 sshd[11153]: Received disconnect from 91.240.118.222 port 37741:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:56:02 honeypot-ams-1 sshd[15967]: Received disconnect from 80.76.51.189 port 48372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:56:02.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:57:12 honeypot-ams-1 sshd[15971]: Received disconnect from 80.76.51.189 port 58826:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T15:57:13.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 15:58:23 honeypot-ams-1 sshd[15976]: Disconnected from authenticating user root 80.76.51.189 port 41048 [preauth]","@timestamp":"2022-09-13T15:58:24.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:00:10 honeypot-ams-1 sshd[15982]: Invalid user postgres from 80.76.51.189 port 42636","@timestamp":"2022-09-13T16:00:10.898Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:01:22 honeypot-ams-1 sshd[15986]: Disconnected from authenticating user root 80.76.51.189 port 53078 [preauth]","@timestamp":"2022-09-13T16:01:22.931Z"}
{"@timestamp":"2022-09-13T16:02:56.568Z","@version":"1","message":"Sep 13 16:02:56 honeypot-sgp-1 sshd[11158]: Invalid user ubnt from 179.60.147.69 port 41668","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:13.577Z","@version":"1","message":"Sep 13 16:03:13 honeypot-sgp-1 sshd[11165]: Invalid user user from 141.255.162.226 port 32778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:03:15.578Z","@version":"1","message":"Sep 13 16:03:15 honeypot-sgp-1 sshd[11169]: Invalid user user from 141.255.162.226 port 40116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:03:15 honeypot-ams-1 sshd[15993]: Received disconnect from 80.76.51.189 port 54628:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T16:03:15.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:04:04 honeypot-fra-1 sshd[6801]: Invalid user ubnt from 179.60.147.69 port 63488","@timestamp":"2022-09-13T16:04:04.683Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:05:48.640Z","@version":"1","message":"Sep 13 16:05:47 honeypot-sgp-1 kernel: [83961257.719393] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22876 PROTO=TCP SPT=40279 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:06:18 honeypot-ams-1 sshd[15997]: Connection closed by invalid user ubnt 179.60.147.69 port 36762 [preauth]","@timestamp":"2022-09-13T16:06:19.066Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:11:58 honeypot-ams-1 kernel: [83962102.501268] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.192.118 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38976 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:11:59.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:12:25 honeypot-fra-1 sshd[6804]: Invalid user ubnt from 116.232.145.34 port 57373","@timestamp":"2022-09-13T16:12:25.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:17:01 honeypot-fra-1 CRON[6810]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T16:17:01.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:17:34 honeypot-fra-1 kernel: [83960278.066261] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=8408 PROTO=TCP SPT=45437 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:17:35.027Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:20:34 honeypot-fra-1 sshd[6818]: Received disconnect from 165.22.45.108 port 53672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T16:20:35.096Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:23:48.071Z","@version":"1","message":"Sep 13 16:23:47 honeypot-sgp-1 kernel: [83962337.386135] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=111 ID=33786 PROTO=TCP SPT=34810 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:25:06 honeypot-ams-1 kernel: [83962889.952210] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=56736 PROTO=TCP SPT=45437 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:25:06.573Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:25:38 honeypot-fra-1 sshd[6823]: Disconnected from authenticating user root 92.255.85.69 port 50612 [preauth]","@timestamp":"2022-09-13T16:25:39.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:31:12 honeypot-fra-1 sshd[6830]: Received disconnect from 164.177.31.66 port 39700:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:31:13.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:32:48.286Z","@version":"1","message":"Sep 13 16:32:47 honeypot-sgp-1 sshd[11184]: Received disconnect from 45.61.186.169 port 50566:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:07.296Z","@version":"1","message":"Sep 13 16:33:06 honeypot-sgp-1 sshd[11188]: Invalid user user from 45.61.186.169 port 45304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:25.304Z","@version":"1","message":"Sep 13 16:33:24 honeypot-sgp-1 sshd[11192]: Invalid user user from 45.61.186.169 port 39996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T16:33:41.312Z","@version":"1","message":"Sep 13 16:33:41 honeypot-sgp-1 sshd[11196]: Invalid user user from 45.61.186.169 port 34748","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:36:03 honeypot-fra-1 sshd[6836]: Invalid user mrc from 175.97.136.186 port 60460","@timestamp":"2022-09-13T16:36:03.437Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:37:02 honeypot-ams-1 sshd[16012]: Connection closed by invalid user admin 121.154.69.21 port 52300 [preauth]","@timestamp":"2022-09-13T16:37:03.901Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:41:18 honeypot-ams-1 sshd[16017]: Disconnected from invalid user student 202.53.175.28 port 39170 [preauth]","@timestamp":"2022-09-13T16:41:19.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:42:32 honeypot-fra-1 kernel: [83961775.316006] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=201.102.251.63 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=47 ID=39931 PROTO=TCP SPT=41775 DPT=80 WINDOW=35538 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:42:32.589Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T16:45:35.601Z","@version":"1","message":"Sep 13 16:45:34 honeypot-sgp-1 kernel: [83963644.780609] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:47:25 honeypot-ams-1 sshd[16025]: Disconnected from authenticating user root 51.250.85.165 port 60446 [preauth]","@timestamp":"2022-09-13T16:47:26.188Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:49:49 honeypot-fra-1 sshd[6846]: Received disconnect from 192.241.243.84 port 57160:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:49:49.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:50:24 honeypot-fra-1 sshd[6850]: Received disconnect from 103.176.21.200 port 48288:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:50:24.771Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T16:51:17.742Z","@version":"1","message":"Sep 13 16:51:17 honeypot-sgp-1 sshd[11207]: Received disconnect from 93.108.242.140 port 20318:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 16:52:31 honeypot-fra-1 sshd[6854]: Connection closed by invalid user ubnt 125.12.198.38 port 57846 [preauth]","@timestamp":"2022-09-13T16:52:31.822Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 16:52:48 honeypot-ams-1 sshd[16030]: Received disconnect from 92.255.85.69 port 25412:11: Bye Bye [preauth]","@timestamp":"2022-09-13T16:52:49.350Z"}
{"@timestamp":"2022-09-13T16:52:55.784Z","@version":"1","message":"Sep 13 16:52:55 honeypot-sgp-1 sshd[11213]: Invalid user admin from 59.127.48.5 port 34207","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 16:59:19 honeypot-ams-1 kernel: [83964942.906539] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55061 PROTO=TCP SPT=25974 DPT=80 WINDOW=11574 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T16:59:19.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:46 honeypot-ams-1 sshd[16038]: Received disconnect from 141.255.162.226 port 51212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:00:46.562Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:00:52 honeypot-ams-1 sshd[16042]: Received disconnect from 141.255.162.226 port 45618:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:00:53.565Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:04:16 honeypot-fra-1 sshd[6859]: Received disconnect from 165.22.45.108 port 58718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:04:17.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:06:48 honeypot-fra-1 kernel: [83963231.035503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=47.52.27.84 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=47729 PROTO=TCP SPT=48610 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:06:48.167Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:09:02.177Z","@version":"1","message":"Sep 13 17:09:01 honeypot-sgp-1 CRON[11233]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:09:01 honeypot-ams-1 CRON[16047]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T17:09:02.776Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:10:42 honeypot-fra-1 sshd[6867]: Disconnected from authenticating user root 92.255.85.69 port 19304 [preauth]","@timestamp":"2022-09-13T17:10:43.256Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:15:30.335Z","@version":"1","message":"Sep 13 17:15:30 honeypot-sgp-1 sshd[11239]: Received disconnect from 175.126.146.170 port 35580:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:16:56 honeypot-ams-1 kernel: [83965999.999065] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59741 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:16:56.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:16:56 honeypot-fra-1 sshd[6872]: Invalid user admin from 179.60.147.69 port 21458","@timestamp":"2022-09-13T17:16:57.401Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:17:02.376Z","@version":"1","message":"Sep 13 17:17:01 honeypot-sgp-1 CRON[11246]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:36 honeypot-ams-1 sshd[16060]: Did not receive identification string from 141.255.162.226 port 53848","@timestamp":"2022-09-13T17:17:37.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:39 honeypot-ams-1 sshd[16063]: Disconnected from invalid user user 141.255.162.226 port 52016 [preauth]","@timestamp":"2022-09-13T17:17:40.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:41 honeypot-ams-1 sshd[16067]: Disconnected from invalid user user 141.255.162.226 port 44988 [preauth]","@timestamp":"2022-09-13T17:17:42.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:17:46 honeypot-ams-1 sshd[16071]: Disconnected from invalid user user 141.255.162.226 port 51918 [preauth]","@timestamp":"2022-09-13T17:17:47.011Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:19:23 honeypot-ams-1 sshd[16078]: Invalid user test from 46.101.29.76 port 38840","@timestamp":"2022-09-13T17:19:24.059Z"}
{"@timestamp":"2022-09-13T17:19:26.438Z","@version":"1","message":"Sep 13 17:19:25 honeypot-sgp-1 sshd[11249]: Disconnected from invalid user ftpguest 52.184.91.79 port 50202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:20:42 honeypot-ams-1 sshd[16083]: Disconnected from authenticating user root 179.43.145.74 port 34252 [preauth]","@timestamp":"2022-09-13T17:20:43.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:21:45 honeypot-ams-1 sshd[16089]: Disconnected from authenticating user root 179.43.145.74 port 37918 [preauth]","@timestamp":"2022-09-13T17:21:46.128Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:23:06 honeypot-ams-1 kernel: [83966370.349558] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=27.71.238.124 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=5357 PROTO=TCP SPT=46098 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:23:07.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:24:35 honeypot-ams-1 sshd[16098]: Disconnected from invalid user admin 179.43.145.74 port 48940 [preauth]","@timestamp":"2022-09-13T17:24:36.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:26:32 honeypot-ams-1 sshd[16102]: Disconnected from invalid user ansible 179.43.145.74 port 56284 [preauth]","@timestamp":"2022-09-13T17:26:32.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:28:23 honeypot-ams-1 sshd[16109]: Invalid user oracle from 179.43.145.74 port 35404","@timestamp":"2022-09-13T17:28:24.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:28:46 honeypot-ams-1 sshd[16111]: Disconnected from invalid user postgres 179.43.145.74 port 37242 [preauth]","@timestamp":"2022-09-13T17:28:47.325Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:30:38 honeypot-ams-1 kernel: [83966821.941955] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=19957 PROTO=TCP SPT=50203 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:30:38.375Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:30:41 honeypot-fra-1 kernel: [83964664.360850] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=62120 PROTO=TCP SPT=50203 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:30:41.712Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T17:30:50.718Z","@version":"1","message":"Sep 13 17:30:50 honeypot-sgp-1 sshd[11252]: Disconnected from authenticating user root 92.255.85.70 port 15460 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:33:16 honeypot-fra-1 sshd[6881]: Invalid user admin from 138.19.49.207 port 52066","@timestamp":"2022-09-13T17:33:16.772Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:08 honeypot-ams-1 sshd[16121]: Disconnected from invalid user user 45.61.184.204 port 57758 [preauth]","@timestamp":"2022-09-13T17:34:09.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:27 honeypot-ams-1 sshd[16125]: Disconnected from invalid user user 45.61.184.204 port 52442 [preauth]","@timestamp":"2022-09-13T17:34:28.476Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:34:46 honeypot-ams-1 sshd[16129]: Disconnected from invalid user user 45.61.184.204 port 47144 [preauth]","@timestamp":"2022-09-13T17:34:47.486Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:35:04 honeypot-ams-1 sshd[16133]: Disconnected from invalid user user 45.61.184.204 port 41842 [preauth]","@timestamp":"2022-09-13T17:35:04.495Z"}
{"@timestamp":"2022-09-13T17:40:00.943Z","@version":"1","message":"Sep 13 17:40:00 honeypot-sgp-1 sshd[11258]: Received disconnect from 141.94.203.31 port 39184:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:40:19 honeypot-fra-1 sshd[6887]: Disconnected from invalid user docker 137.184.103.103 port 58852 [preauth]","@timestamp":"2022-09-13T17:40:19.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:42:34 honeypot-fra-1 sshd[6891]: Received disconnect from 177.3.130.63 port 48042:11: Bye Bye [preauth]","@timestamp":"2022-09-13T17:42:34.985Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:47:06 honeypot-ams-1 kernel: [83967810.366277] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.224.186.213 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=35757 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:47:06.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:48:01 honeypot-fra-1 sshd[6894]: Disconnected from invalid user ksb 165.22.45.108 port 35502 [preauth]","@timestamp":"2022-09-13T17:48:02.107Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:48:17.145Z","@version":"1","message":"Sep 13 17:48:17 honeypot-sgp-1 kernel: [83967406.919189] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40466 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:42 honeypot-ams-1 sshd[16144]: Did not receive identification string from 104.156.155.31 port 16201","@timestamp":"2022-09-13T17:50:42.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:50:44 honeypot-ams-1 sshd[16146]: Connection closed by 104.156.155.31 port 28892 [preauth]","@timestamp":"2022-09-13T17:50:44.919Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6908]: Connection closed by invalid user odoo 94.156.175.57 port 42636 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6905]: Invalid user vagrant from 94.156.175.57 port 42627","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6922]: Invalid user elasticsearch from 94.156.175.57 port 42696","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6906]: Invalid user ftpadmin from 94.156.175.57 port 42644","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6923]: Invalid user ts3sv from 94.156.175.57 port 42699","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6918]: Connection closed by invalid user ubuntu 94.156.175.57 port 42684 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6901]: Connection closed by invalid user user 94.156.175.57 port 42635 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6900]: Connection closed by invalid user hadoop 94.156.175.57 port 42634 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:36 honeypot-fra-1 sshd[6922]: Connection closed by invalid user elasticsearch 94.156.175.57 port 42696 [preauth]","@timestamp":"2022-09-13T17:52:37.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:52:48 honeypot-fra-1 sshd[6955]: Invalid user user from 45.61.184.204 port 54294","@timestamp":"2022-09-13T17:52:48.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:07 honeypot-fra-1 sshd[6960]: Invalid user user from 45.61.184.204 port 48454","@timestamp":"2022-09-13T17:53:07.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:15 honeypot-fra-1 sshd[6962]: Received disconnect from 45.61.184.204 port 59650:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T17:53:16.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:25 honeypot-fra-1 sshd[6966]: Connection closed by invalid user admin 112.118.128.135 port 39890 [preauth]","@timestamp":"2022-09-13T17:53:25.235Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T17:53:35.276Z","@version":"1","message":"Sep 13 17:53:34 honeypot-sgp-1 sshd[11266]: Disconnected from authenticating user root 92.255.85.70 port 29856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:53:38 honeypot-fra-1 sshd[6970]: Disconnected from invalid user user 45.61.184.204 port 36766 [preauth]","@timestamp":"2022-09-13T17:53:39.242Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:55:58 honeypot-ams-1 sshd[16165]: Invalid user default from 179.60.147.69 port 63736","@timestamp":"2022-09-13T17:55:59.056Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:28 honeypot-fra-1 sshd[6977]: Did not receive identification string from 141.255.162.226 port 37676","@timestamp":"2022-09-13T17:57:29.329Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:38 honeypot-fra-1 sshd[6980]: Disconnected from invalid user user 141.255.162.226 port 46376 [preauth]","@timestamp":"2022-09-13T17:57:39.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:41 honeypot-fra-1 sshd[6984]: Disconnected from invalid user user 141.255.162.226 port 47166 [preauth]","@timestamp":"2022-09-13T17:57:42.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 17:57:45 honeypot-fra-1 sshd[6988]: Disconnected from invalid user user 141.255.162.226 port 33446 [preauth]","@timestamp":"2022-09-13T17:57:46.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:31 honeypot-ams-1 sshd[16170]: Invalid user user from 45.61.186.249 port 35896","@timestamp":"2022-09-13T17:58:32.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:58:55 honeypot-ams-1 sshd[16174]: Invalid user user from 45.61.186.249 port 33752","@timestamp":"2022-09-13T17:58:55.139Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 17:59:16 honeypot-ams-1 sshd[16178]: Invalid user user from 45.61.186.249 port 59834","@timestamp":"2022-09-13T17:59:17.151Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 17:59:30 honeypot-ams-1 kernel: [83968554.231914] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=121.178.19.28 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=53403 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T17:59:31.159Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:01:31 honeypot-fra-1 sshd[6994]: Received disconnect from 178.128.43.209 port 50592:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:01:32.426Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:06:05 honeypot-ams-1 kernel: [83968948.900584] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.230.103.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=35513 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:06:05.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:08:20 honeypot-ams-1 sshd[16189]: Disconnected from invalid user openfiler 91.240.118.222 port 6435 [preauth]","@timestamp":"2022-09-13T18:08:20.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:08:32 honeypot-fra-1 sshd[7000]: Invalid user dilza from 171.244.139.236 port 35928","@timestamp":"2022-09-13T18:08:33.579Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:09:27 honeypot-ams-1 sshd[16193]: Received disconnect from 197.5.145.87 port 46792:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:09:28.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:11:26 honeypot-fra-1 kernel: [83967109.694152] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=61790 PROTO=TCP SPT=29209 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:11:27.647Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T18:11:38.706Z","@version":"1","message":"Sep 13 18:11:38 honeypot-sgp-1 kernel: [83968807.860334] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=32466 PROTO=TCP SPT=45437 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:17:49 honeypot-fra-1 sshd[7008]: Received disconnect from 92.255.85.69 port 35354:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:17:49.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:17:54 honeypot-ams-1 kernel: [83969658.434211] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=33067 PROTO=TCP SPT=18798 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:17:55.662Z"}
{"@timestamp":"2022-09-13T18:18:59.883Z","@version":"1","message":"Sep 13 18:18:59 honeypot-sgp-1 kernel: [83969249.468900] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=35541 PROTO=TCP SPT=44726 DPT=443 WINDOW=49878 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:31:38 honeypot-fra-1 sshd[7014]: Invalid user ksb from 165.22.45.108 port 40476","@timestamp":"2022-09-13T18:31:39.114Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 18:32:12 honeypot-ams-1 kernel: [83970516.502810] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=23832 PROTO=TCP SPT=42183 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T18:32:13.031Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:33:33 honeypot-fra-1 sshd[7018]: Invalid user admin from 221.120.207.107 port 41142","@timestamp":"2022-09-13T18:33:34.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:22 honeypot-ams-1 sshd[16208]: Invalid user user from 45.61.186.169 port 50418","@timestamp":"2022-09-13T18:36:23.158Z"}
{"@timestamp":"2022-09-13T18:36:29.309Z","@version":"1","message":"Sep 13 18:36:28 honeypot-sgp-1 sshd[11284]: Received disconnect from 92.255.85.69 port 16164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:40 honeypot-ams-1 sshd[16212]: Invalid user user from 45.61.186.169 port 47388","@timestamp":"2022-09-13T18:36:40.166Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:36:57 honeypot-ams-1 sshd[16216]: Invalid user user from 45.61.186.169 port 44368","@timestamp":"2022-09-13T18:36:58.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:37:06 honeypot-ams-1 sshd[16218]: Disconnected from invalid user user 45.61.186.169 port 57002 [preauth]","@timestamp":"2022-09-13T18:37:07.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:38:10 honeypot-fra-1 sshd[7023]: Received disconnect from 202.29.236.130 port 58488:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:38:11.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:25 honeypot-fra-1 sshd[7027]: Disconnected from authenticating user root 200.7.168.217 port 36048 [preauth]","@timestamp":"2022-09-13T18:39:25.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:39:41 honeypot-fra-1 sshd[7033]: Received disconnect from 92.255.85.70 port 19550:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:39:42.320Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:40:26 honeypot-fra-1 sshd[7037]: Disconnected from authenticating user root 167.172.144.144 port 60480 [preauth]","@timestamp":"2022-09-13T18:40:26.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:41:46 honeypot-fra-1 sshd[7042]: Disconnected from invalid user odoo 157.245.122.58 port 45224 [preauth]","@timestamp":"2022-09-13T18:41:47.371Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T18:42:33.460Z","@version":"1","message":"Sep 13 18:42:33 honeypot-sgp-1 kernel: [83970662.882615] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37643 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:43:46 honeypot-fra-1 sshd[7046]: Disconnected from invalid user data.user 157.245.122.58 port 44066 [preauth]","@timestamp":"2022-09-13T18:43:47.440Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:44:08 honeypot-ams-1 sshd[16226]: Did not receive identification string from 80.76.51.189 port 44954","@timestamp":"2022-09-13T18:44:09.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:45:20 honeypot-ams-1 sshd[16232]: Disconnected from authenticating user root 80.76.51.189 port 55554 [preauth]","@timestamp":"2022-09-13T18:45:21.400Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:45:38 honeypot-fra-1 sshd[7051]: Disconnected from invalid user jonitiso 157.245.122.58 port 42894 [preauth]","@timestamp":"2022-09-13T18:45:38.483Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:46:49 honeypot-ams-1 sshd[16238]: Disconnected from authenticating user root 80.76.51.189 port 58632 [preauth]","@timestamp":"2022-09-13T18:46:50.440Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:48:23 honeypot-ams-1 sshd[16245]: Disconnected from authenticating user root 80.76.51.189 port 33476 [preauth]","@timestamp":"2022-09-13T18:48:23.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:50:01 honeypot-ams-1 sshd[16251]: Received disconnect from 80.76.51.189 port 36552:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:50:02.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:50:34 honeypot-ams-1 sshd[16255]: Disconnected from invalid user test 80.76.51.189 port 56396 [preauth]","@timestamp":"2022-09-13T18:50:34.546Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:51:40 honeypot-ams-1 sshd[16259]: Disconnected from invalid user testuser 80.76.51.189 port 39614 [preauth]","@timestamp":"2022-09-13T18:51:40.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:52:45 honeypot-ams-1 sshd[16265]: Invalid user ubuntu from 80.76.51.189 port 51068","@timestamp":"2022-09-13T18:52:46.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:53:53 honeypot-ams-1 sshd[16270]: Invalid user ubuntu from 80.76.51.189 port 34300","@timestamp":"2022-09-13T18:53:53.640Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:54:00 honeypot-fra-1 sshd[7056]: Connection closed by invalid user ftp 81.191.131.184 port 39981 [preauth]","@timestamp":"2022-09-13T18:54:00.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:55:03 honeypot-ams-1 sshd[16274]: Disconnected from authenticating user root 80.76.51.189 port 45766 [preauth]","@timestamp":"2022-09-13T18:55:03.672Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:56:16 honeypot-ams-1 sshd[16278]: Received disconnect from 80.76.51.189 port 57216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T18:56:16.707Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:57:26 honeypot-fra-1 sshd[7062]: Invalid user csgoserver from 202.70.87.193 port 55706","@timestamp":"2022-09-13T18:57:26.752Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:58:05 honeypot-ams-1 sshd[16284]: Invalid user odoo from 80.76.51.189 port 60286","@timestamp":"2022-09-13T18:58:05.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 18:58:53 honeypot-ams-1 sshd[16288]: Received disconnect from 202.53.1.114 port 38954:11: Bye Bye [preauth]","@timestamp":"2022-09-13T18:58:53.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 18:59:25 honeypot-fra-1 sshd[7067]: Connection closed by 175.160.111.4 port 42356 [preauth]","@timestamp":"2022-09-13T18:59:25.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:03:37 honeypot-ams-1 kernel: [83972401.537616] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=203.135.97.86 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=222 ID=14643 PROTO=TCP SPT=49970 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:03:38.904Z"}
{"@timestamp":"2022-09-13T19:05:55.010Z","@version":"1","message":"Sep 13 19:05:54 honeypot-sgp-1 sshd[11293]: Invalid user blank from 179.60.147.69 port 61896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:07:02 honeypot-fra-1 sshd[7074]: Invalid user blank from 179.60.147.69 port 41938","@timestamp":"2022-09-13T19:07:02.972Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:09:16.092Z","@version":"1","message":"Sep 13 19:09:15 honeypot-sgp-1 sshd[11297]: Received disconnect from 20.25.38.254 port 41276:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:09:42 honeypot-ams-1 sshd[16298]: Received disconnect from 64.64.226.195 port 47504:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:09:43.065Z"}
{"@timestamp":"2022-09-13T19:14:56.227Z","@version":"1","message":"Sep 13 19:14:55 honeypot-sgp-1 sshd[11302]: Invalid user mat from 137.184.25.247 port 36382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:15:06 honeypot-fra-1 sshd[7079]: Received disconnect from 165.22.45.108 port 45446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:15:07.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:16:07 honeypot-ams-1 sshd[16303]: Bad protocol version identification 'MGLNDD_178.62.254.91_22' from 192.241.192.43 port 48860","@timestamp":"2022-09-13T19:16:07.247Z"}
{"@timestamp":"2022-09-13T19:17:33.289Z","@version":"1","message":"Sep 13 19:17:33 honeypot-sgp-1 sshd[11309]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.205.202 port 48304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:20:23 honeypot-fra-1 sshd[7086]: Received disconnect from 180.167.207.234 port 49497:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:20:24.270Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:20:27 honeypot-ams-1 sshd[16310]: Received disconnect from 37.152.177.179 port 38198:11: Bye Bye [preauth]","@timestamp":"2022-09-13T19:20:28.361Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:21:23 honeypot-ams-1 sshd[16314]: Disconnected from invalid user wqs 73.204.6.32 port 48594 [preauth]","@timestamp":"2022-09-13T19:21:23.390Z"}
{"@timestamp":"2022-09-13T19:21:48.393Z","@version":"1","message":"Sep 13 19:21:47 honeypot-sgp-1 kernel: [83973017.373968] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.31 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=55056 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:22:50 honeypot-ams-1 kernel: [83973553.862081] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.168.28.81 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=26845 DF PROTO=TCP SPT=59194 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:22:50.431Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:17 honeypot-ams-1 sshd[16321]: Invalid user data.user from 157.245.122.58 port 43558","@timestamp":"2022-09-13T19:24:17.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:24:43 honeypot-ams-1 sshd[16325]: Invalid user user from 45.61.186.169 port 50582","@timestamp":"2022-09-13T19:24:43.487Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:00 honeypot-ams-1 sshd[16329]: Invalid user user from 45.61.186.169 port 44696","@timestamp":"2022-09-13T19:25:00.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:13 honeypot-ams-1 sshd[16333]: Invalid user jonitwiso from 157.245.122.58 port 57086","@timestamp":"2022-09-13T19:25:14.503Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:25:22 honeypot-ams-1 kernel: [83973706.389477] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.44 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42772 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:25:23.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:25:50 honeypot-ams-1 sshd[16340]: Disconnected from authenticating user root 92.255.85.69 port 60054 [preauth]","@timestamp":"2022-09-13T19:25:50.523Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:26:34 honeypot-fra-1 sshd[7092]: Invalid user monitor from 162.243.172.239 port 40034","@timestamp":"2022-09-13T19:26:35.409Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:26:35.507Z","@version":"1","message":"Sep 13 19:26:35 honeypot-sgp-1 sshd[11315]: Received disconnect from 167.99.68.65 port 52034:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:27:00 honeypot-ams-1 sshd[16344]: Received disconnect from 157.245.122.58 port 55930:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T19:27:00.558Z"}
{"@timestamp":"2022-09-13T19:28:20.551Z","@version":"1","message":"Sep 13 19:28:20 honeypot-sgp-1 sshd[11321]: Received disconnect from 179.60.150.118 port 50200:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:37:16 honeypot-fra-1 kernel: [83972259.308707] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:37:16.648Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T19:40:03.844Z","@version":"1","message":"Sep 13 19:40:03 honeypot-sgp-1 sshd[11326]: Invalid user user from 45.61.186.49 port 39432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T19:40:12.849Z","@version":"1","message":"Sep 13 19:40:12 honeypot-sgp-1 sshd[11330]: Invalid user user from 45.61.186.49 port 51080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:41:31 honeypot-fra-1 sshd[7102]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 60190: Connection corrupted [preauth]","@timestamp":"2022-09-13T19:41:31.744Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T19:41:37.882Z","@version":"1","message":"Sep 13 19:41:37 honeypot-sgp-1 sshd[11334]: Connection closed by 40.89.134.252 port 35320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:45:18 honeypot-fra-1 kernel: [83972741.261811] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.89.255.201 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24128 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:45:18.832Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T19:45:24.973Z","@version":"1","message":"Sep 13 19:45:24 honeypot-sgp-1 kernel: [83974434.615864] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=57656 DF PROTO=TCP SPT=58968 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 19:46:09 honeypot-ams-1 sshd[16348]: Invalid user guest from 179.60.147.69 port 16196","@timestamp":"2022-09-13T19:46:10.059Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:48:11 honeypot-fra-1 kernel: [83972914.327223] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=51470 DF PROTO=TCP SPT=44282 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:48:11.900Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:52:13 honeypot-ams-1 kernel: [83975316.938039] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.206.139.51 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=58432 PROTO=TCP SPT=51165 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:52:14.217Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:53:47 honeypot-fra-1 sshd[7114]: Invalid user admin from 81.174.23.66 port 36752","@timestamp":"2022-09-13T19:53:48.029Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 19:53:52 honeypot-ams-1 kernel: [83975416.574299] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=26177 DF PROTO=TCP SPT=44220 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:53:53.279Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 19:58:02 honeypot-fra-1 kernel: [83973505.593165] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.196.214 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33303 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T19:58:03.130Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T19:58:45.288Z","@version":"1","message":"Sep 13 19:58:44 honeypot-sgp-1 sshd[11343]: Received disconnect from 123.100.226.242 port 42362:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:03:17 honeypot-ams-1 sshd[16358]: Did not receive identification string from 85.31.46.45 port 38586","@timestamp":"2022-09-13T20:03:17.512Z"}
{"@timestamp":"2022-09-13T20:03:21.400Z","@version":"1","message":"Sep 13 20:03:21 honeypot-sgp-1 sshd[11348]: Did not receive identification string from 45.61.186.169 port 43166","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:03.420Z","@version":"1","message":"Sep 13 20:04:02 honeypot-sgp-1 sshd[11351]: Disconnected from invalid user user 45.61.186.169 port 37802 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:02 honeypot-ams-1 sshd[16364]: Invalid user test from 85.31.46.45 port 56516","@timestamp":"2022-09-13T20:04:03.536Z"}
{"@timestamp":"2022-09-13T20:04:20.429Z","@version":"1","message":"Sep 13 20:04:19 honeypot-sgp-1 sshd[11357]: Invalid user user from 45.61.186.169 port 60910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:04:36.436Z","@version":"1","message":"Sep 13 20:04:35 honeypot-sgp-1 sshd[11361]: Invalid user user from 45.61.186.169 port 55788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:04:36 honeypot-ams-1 sshd[16369]: Disconnected from authenticating user root 85.31.46.45 port 47894 [preauth]","@timestamp":"2022-09-13T20:04:36.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:05:18 honeypot-ams-1 sshd[16375]: Disconnected from authenticating user root 85.31.46.45 port 49178 [preauth]","@timestamp":"2022-09-13T20:05:18.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:01 honeypot-ams-1 sshd[16381]: Disconnected from authenticating user root 85.31.46.45 port 50466 [preauth]","@timestamp":"2022-09-13T20:06:02.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:06:30 honeypot-ams-1 sshd[16386]: Received disconnect from 85.31.46.45 port 41764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T20:06:30.612Z"}
{"@timestamp":"2022-09-13T20:06:51.492Z","@version":"1","message":"Sep 13 20:06:50 honeypot-sgp-1 sshd[11366]: Received disconnect from 92.255.85.70 port 31974:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:10:23 honeypot-fra-1 sshd[7123]: Received disconnect from 92.255.85.69 port 23436:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:10:24.409Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:10:48.586Z","@version":"1","message":"Sep 13 20:10:47 honeypot-sgp-1 sshd[11370]: Received disconnect from 143.110.236.239 port 34346:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:12:44 honeypot-ams-1 sshd[16391]: Received disconnect from 92.255.85.70 port 57566:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:12:44.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:13:56 honeypot-fra-1 sshd[7127]: Invalid user user from 165.90.109.198 port 52700","@timestamp":"2022-09-13T20:13:57.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:15:11 honeypot-fra-1 sshd[7131]: Disconnected from authenticating user root 164.92.183.3 port 45424 [preauth]","@timestamp":"2022-09-13T20:15:11.522Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:19:20.789Z","@version":"1","message":"Sep 13 20:19:20 honeypot-sgp-1 sshd[11380]: Connection closed by invalid user guest 179.60.147.69 port 16820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:20:25 honeypot-fra-1 sshd[7139]: Invalid user guest from 179.60.147.69 port 63604","@timestamp":"2022-09-13T20:20:25.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:21:42 honeypot-ams-1 kernel: [83977086.499370] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54555 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:21:43.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:25:51 honeypot-ams-1 sshd[16400]: Connection closed by authenticating user root 103.188.176.251 port 43300 [preauth]","@timestamp":"2022-09-13T20:25:52.117Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:30:54 honeypot-fra-1 kernel: [83975476.565712] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=57556 PROTO=TCP SPT=41003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:30:54.882Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:30:56 honeypot-ams-1 kernel: [83977640.187471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=15484 PROTO=TCP SPT=41003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:30:57.254Z"}
{"@timestamp":"2022-09-13T20:31:11.072Z","@version":"1","message":"Sep 13 20:31:10 honeypot-sgp-1 sshd[11384]: Disconnected from authenticating user root 92.255.85.69 port 40378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:35:45.184Z","@version":"1","message":"Sep 13 20:35:44 honeypot-sgp-1 kernel: [83977454.489172] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=58501 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:36:26 honeypot-ams-1 sshd[16410]: Received disconnect from 104.131.39.193 port 55950:11: Bye Bye [preauth]","@timestamp":"2022-09-13T20:36:26.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:37:50 honeypot-fra-1 sshd[7150]: Invalid user user from 198.98.61.9 port 36920","@timestamp":"2022-09-13T20:37:51.040Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:07 honeypot-fra-1 sshd[7154]: Invalid user user from 198.98.61.9 port 59994","@timestamp":"2022-09-13T20:38:08.048Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:29 honeypot-fra-1 sshd[7159]: Invalid user user from 198.98.61.9 port 54838","@timestamp":"2022-09-13T20:38:30.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:38:45 honeypot-fra-1 sshd[7163]: Invalid user user from 198.98.61.9 port 49680","@timestamp":"2022-09-13T20:38:46.066Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:41:05 honeypot-fra-1 sshd[7166]: Did not receive identification string from 45.61.187.160 port 37256","@timestamp":"2022-09-13T20:41:05.122Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 20:41:19 honeypot-ams-1 kernel: [83978262.600459] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.205.34 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=52054 PROTO=TCP SPT=16847 DPT=80 WINDOW=49111 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T20:41:19.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:06 honeypot-fra-1 sshd[7171]: Disconnected from invalid user user 45.61.187.160 port 50316 [preauth]","@timestamp":"2022-09-13T20:42:07.148Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:15 honeypot-fra-1 sshd[7175]: Disconnected from invalid user user 45.61.187.160 port 33530 [preauth]","@timestamp":"2022-09-13T20:42:16.152Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:35 honeypot-fra-1 sshd[7179]: Disconnected from invalid user user 45.61.187.160 port 56434 [preauth]","@timestamp":"2022-09-13T20:42:36.161Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:42:54 honeypot-fra-1 sshd[7185]: Disconnected from invalid user user 45.61.187.160 port 51102 [preauth]","@timestamp":"2022-09-13T20:42:55.171Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:44:05 honeypot-ams-1 sshd[16417]: Disconnected from invalid user statd 85.114.98.146 port 55536 [preauth]","@timestamp":"2022-09-13T20:44:06.598Z"}
{"@timestamp":"2022-09-13T20:45:55.454Z","@version":"1","message":"Sep 13 20:45:55 honeypot-sgp-1 sshd[11394]: Invalid user db from 185.53.229.86 port 59164","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:52:22 honeypot-fra-1 sshd[7191]: Connection closed by invalid user test 193.106.191.157 port 42896 [preauth]","@timestamp":"2022-09-13T20:52:23.381Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:53:51.648Z","@version":"1","message":"Sep 13 20:53:51 honeypot-sgp-1 sshd[11400]: Received disconnect from 179.43.156.143 port 41686:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:55:06.681Z","@version":"1","message":"Sep 13 20:55:06 honeypot-sgp-1 sshd[11406]: Received disconnect from 179.43.156.143 port 32936:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:56:10 honeypot-fra-1 sshd[7198]: Disconnected from authenticating user root 186.154.4.20 port 59848 [preauth]","@timestamp":"2022-09-13T20:56:10.465Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:56:19.714Z","@version":"1","message":"Sep 13 20:56:19 honeypot-sgp-1 sshd[11412]: Received disconnect from 179.43.156.143 port 52354:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T20:57:30.745Z","@version":"1","message":"Sep 13 20:57:30 honeypot-sgp-1 sshd[11416]: Disconnected from invalid user nutanix 179.43.156.143 port 43554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:40 honeypot-fra-1 sshd[7205]: Did not receive identification string from 45.61.186.49 port 48190","@timestamp":"2022-09-13T20:58:41.526Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T20:58:48.777Z","@version":"1","message":"Sep 13 20:58:48 honeypot-sgp-1 sshd[11421]: Disconnected from invalid user nfsnobod 179.43.156.143 port 34792 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:58:54 honeypot-fra-1 sshd[7208]: Disconnected from invalid user user 45.61.186.49 port 35460 [preauth]","@timestamp":"2022-09-13T20:58:54.532Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 20:59:01 honeypot-ams-1 sshd[16421]: Connection closed by invalid user support 179.60.147.69 port 49764 [preauth]","@timestamp":"2022-09-13T20:59:01.998Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 20:59:04 honeypot-fra-1 sshd[7214]: Invalid user user from 45.61.186.49 port 48478","@timestamp":"2022-09-13T20:59:05.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:00:55.831Z","@version":"1","message":"Sep 13 21:00:55 honeypot-sgp-1 sshd[11427]: Received disconnect from 179.43.156.143 port 49830:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:33 honeypot-fra-1 sshd[7219]: Disconnected from invalid user user 45.61.186.169 port 45526 [preauth]","@timestamp":"2022-09-13T21:02:33.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:02:52 honeypot-fra-1 sshd[7223]: Disconnected from invalid user user 45.61.186.169 port 41430 [preauth]","@timestamp":"2022-09-13T21:02:53.623Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:03:04.885Z","@version":"1","message":"Sep 13 21:03:04 honeypot-sgp-1 sshd[11433]: Received disconnect from 179.43.156.143 port 36668:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:11 honeypot-fra-1 sshd[7227]: Disconnected from invalid user user 45.61.186.169 port 37354 [preauth]","@timestamp":"2022-09-13T21:03:11.632Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:03:27 honeypot-fra-1 sshd[7231]: Disconnected from invalid user user 45.61.186.169 port 33252 [preauth]","@timestamp":"2022-09-13T21:03:28.639Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:08:09 honeypot-ams-1 sshd[16426]: Invalid user test from 193.106.191.157 port 39548","@timestamp":"2022-09-13T21:08:09.233Z"}
{"@timestamp":"2022-09-13T21:08:35.016Z","@version":"1","message":"Sep 13 21:08:34 honeypot-sgp-1 kernel: [83979424.460126] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.46.215.90 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=27988 DF PROTO=TCP SPT=41434 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:10:51.072Z","@version":"1","message":"Sep 13 21:10:50 honeypot-sgp-1 sshd[11439]: Received disconnect from 89.189.188.33 port 40842:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:36.118Z","@version":"1","message":"Sep 13 21:12:35 honeypot-sgp-1 sshd[11444]: Invalid user user from 141.255.162.226 port 57120","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:39.120Z","@version":"1","message":"Sep 13 21:12:38 honeypot-sgp-1 sshd[11448]: Invalid user user from 141.255.162.226 port 41724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:12:43.122Z","@version":"1","message":"Sep 13 21:12:42 honeypot-sgp-1 sshd[11452]: Invalid user user from 141.255.162.226 port 48148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:13:28 honeypot-ams-1 sshd[16429]: Received disconnect from 209.141.52.250 port 56956:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T21:13:29.374Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:15:57 honeypot-fra-1 sshd[7236]: Received disconnect from 210.105.193.6 port 37176:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:15:57.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:16:27 honeypot-fra-1 sshd[7238]: Disconnected from invalid user bf1942server 101.32.10.55 port 54292 [preauth]","@timestamp":"2022-09-13T21:16:27.938Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:17:02.226Z","@version":"1","message":"Sep 13 21:17:01 honeypot-sgp-1 CRON[11457]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:17:55.249Z","@version":"1","message":"Sep 13 21:17:54 honeypot-sgp-1 kernel: [83979984.166724] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.204.42.89 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55836 DF PROTO=TCP SPT=55663 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:18:37 honeypot-fra-1 sshd[7246]: Disconnected from authenticating user root 92.255.85.70 port 19448 [preauth]","@timestamp":"2022-09-13T21:18:37.990Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:18:42 honeypot-ams-1 sshd[16435]: Received disconnect from 90.176.158.210 port 58541:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:18:43.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:21:20 honeypot-ams-1 sshd[16439]: Received disconnect from 92.255.85.69 port 31832:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:21:21.582Z"}
{"@timestamp":"2022-09-13T21:24:09.399Z","@version":"1","message":"Sep 13 21:24:09 honeypot-sgp-1 sshd[11463]: Received disconnect from 85.237.57.253 port 45498:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:28:00.492Z","@version":"1","message":"Sep 13 21:28:00 honeypot-sgp-1 sshd[11466]: Invalid user ftpadmin from 201.21.236.19 port 41554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:28:06 honeypot-ams-1 kernel: [83981070.383178] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5095 PROTO=TCP SPT=44159 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:28:07.762Z"}
{"@timestamp":"2022-09-13T21:28:38.509Z","@version":"1","message":"Sep 13 21:28:37 honeypot-sgp-1 sshd[11470]: Invalid user user from 198.98.61.9 port 41094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:28:55.516Z","@version":"1","message":"Sep 13 21:28:54 honeypot-sgp-1 sshd[11474]: Invalid user user from 198.98.61.9 port 36672","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:08.522Z","@version":"1","message":"Sep 13 21:29:08 honeypot-sgp-1 sshd[11478]: Invalid user shj from 177.33.46.250 port 39732","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:29:17.526Z","@version":"1","message":"Sep 13 21:29:17 honeypot-sgp-1 sshd[11483]: Invalid user user from 198.98.61.9 port 44148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:30:04 honeypot-ams-1 sshd[16450]: Disconnected from authenticating user root 219.91.140.43 port 37832 [preauth]","@timestamp":"2022-09-13T21:30:04.815Z"}
{"@timestamp":"2022-09-13T21:32:48.610Z","@version":"1","message":"Sep 13 21:32:47 honeypot-sgp-1 sshd[11488]: Invalid user chandler from 52.172.168.56 port 42196","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:33:24 honeypot-fra-1 sshd[7255]: Connection closed by authenticating user root 41.74.128.242 port 46133 [preauth]","@timestamp":"2022-09-13T21:33:25.321Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:37:23.720Z","@version":"1","message":"Sep 13 21:37:22 honeypot-sgp-1 sshd[11492]: Received disconnect from 92.255.85.70 port 57474:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:38:05 honeypot-fra-1 kernel: [83979507.478897] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=13401 PROTO=TCP SPT=57590 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:38:05.432Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T21:40:54.808Z","@version":"1","message":"Sep 13 21:40:54 honeypot-sgp-1 sshd[11497]: Disconnecting invalid user admin 185.246.130.20 port 5194: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:41:11.816Z","@version":"1","message":"Sep 13 21:41:11 honeypot-sgp-1 sshd[11501]: Disconnecting invalid user  185.246.130.20 port 54545: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:41:25 honeypot-ams-1 sshd[16459]: Received disconnect from 92.255.85.69 port 36592:11: Bye Bye [preauth]","@timestamp":"2022-09-13T21:41:26.109Z"}
{"@timestamp":"2022-09-13T21:41:45.833Z","@version":"1","message":"Sep 13 21:41:44 honeypot-sgp-1 sshd[11507]: Disconnecting invalid user admin 185.246.130.20 port 62339: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:15.848Z","@version":"1","message":"Sep 13 21:42:15 honeypot-sgp-1 sshd[11513]: Disconnecting invalid user manager 185.246.130.20 port 35088: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:42:46.864Z","@version":"1","message":"Sep 13 21:42:45 honeypot-sgp-1 sshd[11521]: Invalid user Admin from 185.246.130.20 port 30792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:43:03.872Z","@version":"1","message":"Sep 13 21:43:03 honeypot-sgp-1 sshd[11527]: Invalid user user from 185.246.130.20 port 9556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:43:57.897Z","@version":"1","message":"Sep 13 21:43:57 honeypot-sgp-1 sshd[11533]: Disconnecting invalid user blank 185.246.130.20 port 4939: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:31.913Z","@version":"1","message":"Sep 13 21:44:31 honeypot-sgp-1 sshd[11539]: Disconnecting invalid user 1234 185.246.130.20 port 33936: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:44:59.926Z","@version":"1","message":"Sep 13 21:44:59 honeypot-sgp-1 sshd[11547]: Invalid user cisco from 185.246.130.20 port 33486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:19.949Z","@version":"1","message":"Sep 13 21:45:19 honeypot-sgp-1 sshd[11553]: Disconnecting authenticating user root 185.246.130.20 port 45916: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:45:49.963Z","@version":"1","message":"Sep 13 21:45:49 honeypot-sgp-1 sshd[11559]: Disconnecting invalid user adslroot 185.246.130.20 port 22063: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:23.979Z","@version":"1","message":"Sep 13 21:46:23 honeypot-sgp-1 sshd[11567]: Invalid user blank from 185.246.130.20 port 11080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:46:51.992Z","@version":"1","message":"Sep 13 21:46:51 honeypot-sgp-1 sshd[11574]: Disconnecting authenticating user root 185.246.130.20 port 7091: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:18.007Z","@version":"1","message":"Sep 13 21:47:17 honeypot-sgp-1 sshd[11580]: Disconnecting invalid user c1@r0 185.246.130.20 port 35521: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:47:29 honeypot-ams-1 sshd[16463]: Disconnected from invalid user git 35.205.118.1 port 54179 [preauth]","@timestamp":"2022-09-13T21:47:30.264Z"}
{"@timestamp":"2022-09-13T21:47:45.019Z","@version":"1","message":"Sep 13 21:47:44 honeypot-sgp-1 sshd[11586]: Disconnecting invalid user superonline 185.246.130.20 port 40743: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:47:56.024Z","@version":"1","message":"Sep 13 21:47:55 honeypot-sgp-1 sshd[11594]: Connection closed by invalid user pi 183.82.107.151 port 42148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 21:48:14 honeypot-ams-1 sshd[16467]: Disconnected from invalid user mapred 156.254.125.106 port 46622 [preauth]","@timestamp":"2022-09-13T21:48:14.284Z"}
{"@timestamp":"2022-09-13T21:48:25.037Z","@version":"1","message":"Sep 13 21:48:24 honeypot-sgp-1 sshd[11598]: Disconnecting invalid user comcast 185.246.130.20 port 19279: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:48:44.046Z","@version":"1","message":"Sep 13 21:48:43 honeypot-sgp-1 sshd[11604]: Disconnected from invalid user admin 197.159.66.211 port 56394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:11.058Z","@version":"1","message":"Sep 13 21:49:10 honeypot-sgp-1 kernel: [83981859.874119] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.137.178 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=46120 PROTO=TCP SPT=41254 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:49:40.072Z","@version":"1","message":"Sep 13 21:49:39 honeypot-sgp-1 sshd[11615]: Disconnecting invalid user motorola 185.246.130.20 port 19559: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:50:09 honeypot-fra-1 sshd[7265]: Invalid user rodriguez from 103.248.60.70 port 55747","@timestamp":"2022-09-13T21:50:09.706Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:50:16.090Z","@version":"1","message":"Sep 13 21:50:15 honeypot-sgp-1 sshd[11623]: Invalid user admin from 185.246.130.20 port 50364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:50:43.101Z","@version":"1","message":"Sep 13 21:50:42 honeypot-sgp-1 kernel: [83981952.533443] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54346 PROTO=TCP SPT=41861 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:15.117Z","@version":"1","message":"Sep 13 21:51:14 honeypot-sgp-1 sshd[11635]: Disconnecting invalid user admin 185.246.130.20 port 5305: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:51:42.130Z","@version":"1","message":"Sep 13 21:51:42 honeypot-sgp-1 sshd[11641]: Disconnecting invalid user Broadcom 185.246.130.20 port 42433: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:13.144Z","@version":"1","message":"Sep 13 21:52:12 honeypot-sgp-1 sshd[11647]: Invalid user cusadmin from 185.246.130.20 port 40280","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:52:45.160Z","@version":"1","message":"Sep 13 21:52:44 honeypot-sgp-1 sshd[11653]: Invalid user sweex from 185.246.130.20 port 15529","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 21:53:09 honeypot-fra-1 sshd[7270]: Connection closed by authenticating user root 177.36.70.251 port 55380 [preauth]","@timestamp":"2022-09-13T21:53:09.773Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T21:53:21.177Z","@version":"1","message":"Sep 13 21:53:20 honeypot-sgp-1 sshd[11659]: Invalid user  from 185.246.130.20 port 36380","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:53:54.192Z","@version":"1","message":"Sep 13 21:53:53 honeypot-sgp-1 sshd[11665]: Invalid user ubnt from 185.246.130.20 port 23869","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:54:26.208Z","@version":"1","message":"Sep 13 21:54:25 honeypot-sgp-1 sshd[11671]: Disconnecting invalid user user 185.246.130.20 port 21437: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:55:17.233Z","@version":"1","message":"Sep 13 21:55:16 honeypot-sgp-1 sshd[11678]: Disconnecting invalid user Admin 185.246.130.20 port 29080: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:56:04.254Z","@version":"1","message":"Sep 13 21:56:03 honeypot-sgp-1 sshd[11684]: Disconnecting invalid user 0 185.246.130.20 port 31396: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:56:47.275Z","@version":"1","message":"Sep 13 21:56:46 honeypot-sgp-1 sshd[11691]: Disconnecting invalid user admin 185.246.130.20 port 19256: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T21:58:44.322Z","@version":"1","message":"Sep 13 21:58:43 honeypot-sgp-1 sshd[11697]: Disconnected from authenticating user root 92.255.85.69 port 16854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 21:58:44 honeypot-ams-1 kernel: [83982907.615279] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=50.17.105.85 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=17695 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T21:58:44.554Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:03:27 honeypot-ams-1 sshd[16477]: Received disconnect from 92.255.85.70 port 42968:11: Bye Bye [preauth]","@timestamp":"2022-09-13T22:03:27.683Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:07:56 honeypot-fra-1 sshd[7276]: Invalid user admin from 128.53.5.55 port 62671","@timestamp":"2022-09-13T22:07:57.106Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:08:33 honeypot-fra-1 kernel: [83981335.914348] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.39.220.40 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=7113 PROTO=TCP SPT=46743 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:08:34.122Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:09:52 honeypot-ams-1 kernel: [83983576.332365] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.103.181.180 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=24462 PROTO=TCP SPT=7669 DPT=80 WINDOW=4069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:09:52.858Z"}
{"@timestamp":"2022-09-13T22:11:27.614Z","@version":"1","message":"Sep 13 22:11:26 honeypot-sgp-1 kernel: [83983196.299602] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45405 PROTO=TCP SPT=41135 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:13:05 honeypot-fra-1 sshd[7286]: Invalid user ubnt from 189.56.217.183 port 60665","@timestamp":"2022-09-13T22:13:06.228Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:13:19 honeypot-ams-1 sshd[16485]: Invalid user fi from 62.231.21.18 port 45106","@timestamp":"2022-09-13T22:13:19.965Z"}
{"@timestamp":"2022-09-13T22:14:17.687Z","@version":"1","message":"Sep 13 22:14:16 honeypot-sgp-1 sshd[11713]: Received disconnect from 61.177.172.124 port 18043:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:15:08.709Z","@version":"1","message":"Sep 13 22:15:08 honeypot-sgp-1 sshd[11717]: Disconnected from authenticating user root 61.177.173.37 port 63110 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:15:35 honeypot-ams-1 kernel: [83983919.360539] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39146 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:15:36.024Z"}
{"@timestamp":"2022-09-13T22:16:56.754Z","@version":"1","message":"Sep 13 22:16:56 honeypot-sgp-1 sshd[11723]: Invalid user data.user from 157.245.122.58 port 48782","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:17:40.774Z","@version":"1","message":"Sep 13 22:17:39 honeypot-sgp-1 kernel: [83983569.490916] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.211.60.49 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=62655 DF PROTO=TCP SPT=56286 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:18:51.804Z","@version":"1","message":"Sep 13 22:18:50 honeypot-sgp-1 sshd[11731]: Received disconnect from 157.245.122.58 port 47654:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T22:19:45.828Z","@version":"1","message":"Sep 13 22:19:45 honeypot-sgp-1 sshd[11735]: Received disconnect from 157.245.122.58 port 32954:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:19:52 honeypot-fra-1 kernel: [83982015.261050] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.128.139 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=25025 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:19:53.382Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:21:05 honeypot-ams-1 kernel: [83984248.892788] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.152.37.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=36130 PROTO=TCP SPT=58953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:21:06.163Z"}
{"@timestamp":"2022-09-13T22:23:35.920Z","@version":"1","message":"Sep 13 22:23:35 honeypot-sgp-1 kernel: [83983925.417222] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=5542 DF PROTO=TCP SPT=57188 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:25:00 honeypot-fra-1 kernel: [83982322.676973] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=58647 DF PROTO=TCP SPT=36882 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:25:00.499Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:25:37 honeypot-ams-1 sshd[16508]: Disconnected from authenticating user root 202.88.244.36 port 11562 [preauth]","@timestamp":"2022-09-13T22:25:38.284Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:29:29 honeypot-ams-1 kernel: [83984753.288227] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=31513 DF PROTO=TCP SPT=39918 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:29:30.388Z"}
{"@timestamp":"2022-09-13T22:30:47.090Z","@version":"1","message":"Sep 13 22:30:46 honeypot-sgp-1 sshd[11820]: Received disconnect from 103.20.188.28 port 43028:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:33:04 honeypot-fra-1 sshd[7373]: Connection closed by invalid user r00t 162.219.253.27 port 47468 [preauth]","@timestamp":"2022-09-13T22:33:04.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7378]: Invalid user es from 52.183.129.64 port 49400","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7379]: Invalid user ftpuser from 52.183.129.64 port 49412","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:43 honeypot-fra-1 sshd[7377]: Invalid user ansible from 52.183.129.64 port 49390","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7382]: Connection closed by invalid user ec2-user 52.183.129.64 port 49416 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7390]: Connection closed by invalid user web 52.183.129.64 port 49460 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7412]: Invalid user oracle from 52.183.129.64 port 49398","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:44 honeypot-fra-1 sshd[7412]: Connection closed by invalid user oracle 52.183.129.64 port 49398 [preauth]","@timestamp":"2022-09-13T22:36:44.764Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:36:46.233Z","@version":"1","message":"Sep 13 22:36:45 honeypot-sgp-1 sshd[11826]: Received disconnect from 61.177.173.47 port 53721:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7426]: Invalid user user from 52.183.129.64 port 49432","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7421]: Invalid user chia from 52.183.129.64 port 49420","@timestamp":"2022-09-13T22:36:46.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:46 honeypot-fra-1 sshd[7422]: Connection closed by invalid user ubuntu 52.183.129.64 port 49444 [preauth]","@timestamp":"2022-09-13T22:36:46.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:36:49 honeypot-fra-1 sshd[7441]: Invalid user ubuntu from 52.183.129.64 port 49414","@timestamp":"2022-09-13T22:36:49.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T22:37:08.244Z","@version":"1","message":"Sep 13 22:37:07 honeypot-sgp-1 sshd[11830]: Disconnected from authenticating user root 77.20.117.212 port 41194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:37:17 honeypot-ams-1 kernel: [83985220.919093] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.74.61.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=38742 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:37:17.592Z"}
{"@timestamp":"2022-09-13T22:41:40.353Z","@version":"1","message":"Sep 13 22:41:39 honeypot-sgp-1 kernel: [83985009.027629] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.150.230.254 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=18017 PROTO=TCP SPT=31329 DPT=80 WINDOW=24953 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:43:11 honeypot-ams-1 sshd[16526]: Disconnected from authenticating user root 61.177.173.37 port 44830 [preauth]","@timestamp":"2022-09-13T22:43:12.768Z"}
{"@timestamp":"2022-09-13T22:43:57.411Z","@version":"1","message":"Sep 13 22:43:56 honeypot-sgp-1 kernel: [83985145.996760] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.236.158 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=28550 DF PROTO=TCP SPT=51584 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:45:24 honeypot-ams-1 sshd[16533]: Received disconnect from 80.76.51.46 port 37278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:45:24.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:05 honeypot-ams-1 sshd[16539]: Received disconnect from 80.76.51.46 port 51056:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:46:06.847Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:46:12 honeypot-fra-1 sshd[7446]: Invalid user config from 179.60.147.69 port 6216","@timestamp":"2022-09-13T22:46:12.979Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:46:46 honeypot-ams-1 sshd[16545]: Received disconnect from 80.76.51.46 port 36542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:46:46.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:26 honeypot-ams-1 sshd[16552]: Invalid user test from 80.76.51.46 port 50242","@timestamp":"2022-09-13T22:47:26.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:47:39 honeypot-ams-1 sshd[16554]: Received disconnect from 80.76.51.46 port 45332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:47:39.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:06 honeypot-ams-1 sshd[16559]: Received disconnect from 80.76.51.46 port 35770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:48:06.907Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:24 honeypot-ams-1 sshd[16563]: Connection closed by invalid user config 179.60.147.69 port 10894 [preauth]","@timestamp":"2022-09-13T22:48:24.916Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:48:47 honeypot-ams-1 sshd[16569]: Invalid user ubuntu from 80.76.51.46 port 49422","@timestamp":"2022-09-13T22:48:47.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:14 honeypot-ams-1 sshd[16573]: Disconnected from authenticating user root 80.76.51.46 port 39620 [preauth]","@timestamp":"2022-09-13T22:49:14.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:49:42 honeypot-ams-1 sshd[16577]: Disconnected from invalid user postgres 80.76.51.46 port 58182 [preauth]","@timestamp":"2022-09-13T22:49:42.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 22:50:23 honeypot-ams-1 sshd[16583]: Received disconnect from 80.76.51.46 port 43728:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:50:23.978Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:51:50 honeypot-fra-1 kernel: [83983932.384339] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.29.10.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17468 PROTO=TCP SPT=52627 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:51:51.108Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:53:19 honeypot-fra-1 sshd[7453]: Received disconnect from 165.22.45.108 port 43328:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T22:53:20.145Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 22:53:25 honeypot-ams-1 kernel: [83986189.070755] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.99.176.144 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=20503 PROTO=TCP SPT=50178 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T22:53:26.056Z"}
{"@timestamp":"2022-09-13T22:54:51.670Z","@version":"1","message":"Sep 13 22:54:51 honeypot-sgp-1 sshd[11847]: Received disconnect from 61.177.172.98 port 35669:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 22:55:53 honeypot-fra-1 sshd[7460]: Invalid user simsadmin from 54.36.19.17 port 53990","@timestamp":"2022-09-13T22:55:53.207Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:02:57 honeypot-ams-1 sshd[16601]: Received disconnect from 61.177.173.36 port 29615:11:  [preauth]","@timestamp":"2022-09-13T23:02:58.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:27 honeypot-fra-1 sshd[7470]: Invalid user user from 198.98.61.9 port 48634","@timestamp":"2022-09-13T23:03:28.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:03:46 honeypot-fra-1 sshd[7474]: Invalid user user from 198.98.61.9 port 45368","@timestamp":"2022-09-13T23:03:47.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:05 honeypot-fra-1 sshd[7478]: Invalid user user from 198.98.61.9 port 42160","@timestamp":"2022-09-13T23:04:05.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:04:22 honeypot-fra-1 sshd[7482]: Invalid user user from 198.98.61.9 port 38848","@timestamp":"2022-09-13T23:04:23.407Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:06:06.936Z","@version":"1","message":"Sep 13 23:06:06 honeypot-sgp-1 sshd[11857]: Disconnected from authenticating user root 92.255.85.70 port 25398 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:07:43 honeypot-fra-1 kernel: [83984885.413230] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=44884 PROTO=TCP SPT=50448 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:07:43.484Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:03 honeypot-fra-1 sshd[7492]: Invalid user user from 45.61.186.249 port 38524","@timestamp":"2022-09-13T23:10:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:21 honeypot-fra-1 sshd[7496]: Invalid user user from 45.61.186.249 port 33570","@timestamp":"2022-09-13T23:10:22.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:31 honeypot-fra-1 sshd[7498]: Disconnected from invalid user user 45.61.186.249 port 45186 [preauth]","@timestamp":"2022-09-13T23:10:31.554Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:10:40 honeypot-ams-1 sshd[16609]: Disconnected from authenticating user root 92.255.85.70 port 24576 [preauth]","@timestamp":"2022-09-13T23:10:40.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:10:50 honeypot-fra-1 sshd[7502]: Disconnected from invalid user user 45.61.186.249 port 40214 [preauth]","@timestamp":"2022-09-13T23:10:50.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:51 honeypot-fra-1 sshd[7509]: Did not receive identification string from 141.255.162.226 port 41100","@timestamp":"2022-09-13T23:15:51.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:15:58 honeypot-fra-1 sshd[7512]: Received disconnect from 141.255.162.226 port 40494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:15:59.683Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:16:01 honeypot-fra-1 sshd[7516]: Received disconnect from 141.255.162.226 port 54838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:16:02.685Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-13T23:16:38.186Z","@version":"1","message":"Sep 13 23:16:37 honeypot-sgp-1 kernel: [83987106.710585] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.142.115.61 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29120 DF PROTO=TCP SPT=33858 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:17:01 honeypot-ams-1 CRON[16618]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-13T23:17:01.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:17:01 honeypot-fra-1 CRON[7520]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-13T23:17:01.709Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:20:44 honeypot-ams-1 sshd[16623]: Disconnected from invalid user temp 187.188.11.222 port 41898 [preauth]","@timestamp":"2022-09-13T23:20:45.769Z"}
{"@timestamp":"2022-09-13T23:22:54.339Z","@version":"1","message":"Sep 13 23:22:54 honeypot-sgp-1 kernel: [83987483.471048] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.56 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=52520 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:25:42 honeypot-ams-1 sshd[16629]: Invalid user default from 179.60.147.69 port 24030","@timestamp":"2022-09-13T23:25:42.905Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:26:45 honeypot-fra-1 kernel: [83986027.485719] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.152.37.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=21861 PROTO=TCP SPT=58953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:26:45.926Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-13T23:29:33.499Z","@version":"1","message":"Sep 13 23:29:32 honeypot-sgp-1 sshd[11883]: Received disconnect from 92.255.85.69 port 15828:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:30:35 honeypot-ams-1 sshd[16636]: Disconnected from invalid user rou 68.183.25.174 port 50476 [preauth]","@timestamp":"2022-09-13T23:30:36.034Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:30:43 honeypot-fra-1 kernel: [83986266.043769] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=23853 PROTO=TCP SPT=51802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:30:44.020Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:24 honeypot-fra-1 sshd[7536]: Invalid user user from 198.98.61.9 port 38902","@timestamp":"2022-09-13T23:32:25.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:32:43 honeypot-fra-1 sshd[7540]: Invalid user user from 198.98.61.9 port 33668","@timestamp":"2022-09-13T23:32:44.072Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:00 honeypot-fra-1 sshd[7544]: Invalid user user from 198.98.61.9 port 56704","@timestamp":"2022-09-13T23:33:01.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:33:08 honeypot-fra-1 sshd[7548]: Received disconnect from 198.98.61.9 port 39990:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:33:09.085Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:33:09 honeypot-ams-1 sshd[16640]: Disconnected from invalid user siska 213.194.132.143 port 38144 [preauth]","@timestamp":"2022-09-13T23:33:10.102Z"}
{"@timestamp":"2022-09-13T23:36:44.671Z","@version":"1","message":"Sep 13 23:36:43 honeypot-sgp-1 sshd[11891]: Received disconnect from 61.177.173.47 port 44165:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:38:16 honeypot-ams-1 sshd[16647]: Received disconnect from 61.177.173.51 port 21438:11:  [preauth]","@timestamp":"2022-09-13T23:38:17.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:40:21 honeypot-fra-1 sshd[7554]: Received disconnect from 165.22.45.108 port 48354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-13T23:40:22.247Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:41:30 honeypot-ams-1 kernel: [83989073.565456] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=18467 PROTO=TCP SPT=10019 DPT=80 WINDOW=65507 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:41:30.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:47:36 honeypot-ams-1 sshd[16661]: Connection closed by invalid user pi 201.137.106.75 port 55262 [preauth]","@timestamp":"2022-09-13T23:47:36.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:49:34 honeypot-fra-1 kernel: [83987396.993698] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.204.42 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35869 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:49:35.471Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 13 23:50:03 honeypot-ams-1 sshd[16666]: Disconnected from authenticating user root 128.199.52.45 port 50178 [preauth]","@timestamp":"2022-09-13T23:50:04.552Z"}
{"@timestamp":"2022-09-13T23:51:54.022Z","@version":"1","message":"Sep 13 23:51:53 honeypot-sgp-1 sshd[11903]: Disconnected from authenticating user root 92.255.85.70 port 54154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 13 23:52:37 honeypot-fra-1 sshd[7565]: Invalid user admin from 193.248.170.133 port 53430","@timestamp":"2022-09-13T23:52:38.542Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 13 23:56:03 honeypot-ams-1 kernel: [83989946.898217] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.20.104.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=46048 PROTO=TCP SPT=63152 DPT=80 WINDOW=7374 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-13T23:56:03.713Z"}
{"@timestamp":"2022-09-13T23:58:18.173Z","@version":"1","message":"Sep 13 23:58:17 honeypot-sgp-1 sshd[11908]: Invalid user  from 81.17.25.50 port 33914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:23.202Z","@version":"1","message":"Sep 13 23:59:22 honeypot-sgp-1 sshd[11914]: Invalid user  from 81.17.25.50 port 31340","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-13T23:59:58.219Z","@version":"1","message":"Sep 13 23:59:57 honeypot-sgp-1 sshd[11922]: Received disconnect from 61.177.173.35 port 56639:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:00:43.241Z","@version":"1","message":"Sep 14 00:00:42 honeypot-sgp-1 sshd[11927]: Received disconnect from 61.177.173.50 port 53136:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:01:24 honeypot-fra-1 sshd[7570]: Connection closed by invalid user centos 179.60.147.69 port 16866 [preauth]","@timestamp":"2022-09-14T00:01:25.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:01:54 honeypot-ams-1 kernel: [83990298.098919] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.38 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=52681 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:01:54.877Z"}
{"@timestamp":"2022-09-14T00:02:57.298Z","@version":"1","message":"Sep 14 00:02:56 honeypot-sgp-1 sshd[11933]: Invalid user manager from 81.17.25.50 port 16339","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:05:19.358Z","@version":"1","message":"Sep 14 00:05:19 honeypot-sgp-1 sshd[11939]: Disconnecting invalid user 1234 81.17.25.50 port 29555: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:06:53.401Z","@version":"1","message":"Sep 14 00:06:53 honeypot-sgp-1 sshd[11947]: Invalid user  from 81.17.25.50 port 22541","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:08:35 honeypot-ams-1 kernel: [83990699.310620] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=45235 PROTO=TCP SPT=53603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:08:36.061Z"}
{"@timestamp":"2022-09-14T00:09:12.460Z","@version":"1","message":"Sep 14 00:09:12 honeypot-sgp-1 sshd[11953]: Connection reset by 81.17.25.50 port 62435 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:10:32.497Z","@version":"1","message":"Sep 14 00:10:32 honeypot-sgp-1 sshd[11961]: Disconnecting invalid user Admin 81.17.25.50 port 20118: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:12:29.548Z","@version":"1","message":"Sep 14 00:12:28 honeypot-sgp-1 sshd[11969]: Disconnecting invalid user admin 81.17.25.50 port 35448: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:12:31 honeypot-fra-1 sshd[7578]: Connection closed by invalid user admin 124.223.54.132 port 58298 [preauth]","@timestamp":"2022-09-14T00:12:32.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:14:08 honeypot-ams-1 sshd[16693]: Disconnected from authenticating user root 61.177.173.37 port 53713 [preauth]","@timestamp":"2022-09-14T00:14:09.212Z"}
{"@timestamp":"2022-09-14T00:14:54.610Z","@version":"1","message":"Sep 14 00:14:54 honeypot-sgp-1 sshd[11975]: Disconnecting authenticating user root 81.17.25.50 port 16383: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:15:01.614Z","@version":"1","message":"Sep 14 00:15:01 honeypot-sgp-1 sshd[11983]: Disconnected from authenticating user root 92.255.85.69 port 47776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:16:23.651Z","@version":"1","message":"Sep 14 00:16:23 honeypot-sgp-1 sshd[11988]: Disconnected from authenticating user root 61.177.172.98 port 46182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:17:45.688Z","@version":"1","message":"Sep 14 00:17:44 honeypot-sgp-1 sshd[11999]: Connection closed by 192.241.205.227 port 52552 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:17:49 honeypot-fra-1 sshd[7587]: Disconnected from authenticating user root 92.255.85.69 port 25318 [preauth]","@timestamp":"2022-09-14T00:17:50.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:18:20 honeypot-ams-1 sshd[16700]: Disconnected from authenticating user root 61.177.173.46 port 61952 [preauth]","@timestamp":"2022-09-14T00:18:21.326Z"}
{"@timestamp":"2022-09-14T00:18:26.708Z","@version":"1","message":"Sep 14 00:18:25 honeypot-sgp-1 sshd[12005]: Disconnecting invalid user  81.17.25.50 port 32862: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:18:53.721Z","@version":"1","message":"Sep 14 00:18:52 honeypot-sgp-1 sshd[12011]: Disconnecting invalid user admin 81.17.25.50 port 11579: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:11.729Z","@version":"1","message":"Sep 14 00:19:11 honeypot-sgp-1 sshd[12017]: Received disconnect from 143.198.11.227 port 45374:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:19:36.742Z","@version":"1","message":"Sep 14 00:19:36 honeypot-sgp-1 sshd[12023]: Disconnected from authenticating user root 217.79.178.122 port 59598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:20:38.771Z","@version":"1","message":"Sep 14 00:20:38 honeypot-sgp-1 sshd[12029]: Disconnecting invalid user default 81.17.25.50 port 64360: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:21:40.800Z","@version":"1","message":"Sep 14 00:21:40 honeypot-sgp-1 sshd[12035]: Disconnecting invalid user Administrator 81.17.25.50 port 40655: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:22:11 honeypot-fra-1 sshd[7591]: Connection closed by invalid user pi 143.92.181.171 port 37346 [preauth]","@timestamp":"2022-09-14T00:22:12.225Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:22:33 honeypot-ams-1 sshd[16707]: Received disconnect from 103.25.209.110 port 37176:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:22:34.439Z"}
{"@timestamp":"2022-09-14T00:22:39.827Z","@version":"1","message":"Sep 14 00:22:39 honeypot-sgp-1 sshd[12041]: Invalid user admin from 81.17.25.50 port 21169","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:23:33.851Z","@version":"1","message":"Sep 14 00:23:33 honeypot-sgp-1 sshd[12048]: Invalid user comcast from 81.17.25.50 port 20218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:24:31.879Z","@version":"1","message":"Sep 14 00:24:31 honeypot-sgp-1 sshd[12054]: Invalid user admin1234 from 81.17.25.50 port 43904","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:25:51.914Z","@version":"1","message":"Sep 14 00:25:51 honeypot-sgp-1 sshd[12061]: Invalid user admin from 81.17.25.50 port 47978","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:26:00.920Z","@version":"1","message":"Sep 14 00:26:00 honeypot-sgp-1 sshd[12067]: Invalid user blank from 81.17.25.50 port 2264","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:26:25 honeypot-ams-1 sshd[16712]: Disconnected from authenticating user root 221.165.250.44 port 35960 [preauth]","@timestamp":"2022-09-14T00:26:26.541Z"}
{"@timestamp":"2022-09-14T00:26:52.945Z","@version":"1","message":"Sep 14 00:26:51 honeypot-sgp-1 sshd[12073]: Disconnecting invalid user airlive 81.17.25.50 port 15531: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:15.956Z","@version":"1","message":"Sep 14 00:27:15 honeypot-sgp-1 sshd[12079]: Disconnecting invalid user roqos 81.17.25.50 port 50327: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:21.960Z","@version":"1","message":"Sep 14 00:27:21 honeypot-sgp-1 sshd[12085]: Disconnecting invalid user sitecom 81.17.25.50 port 18007: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:27:27.964Z","@version":"1","message":"Sep 14 00:27:27 honeypot-sgp-1 sshd[12091]: Disconnecting invalid user admin 81.17.25.50 port 11255: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:27:57 honeypot-fra-1 sshd[7598]: Received disconnect from 165.22.45.108 port 53378:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T00:27:57.356Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:28:03.981Z","@version":"1","message":"Sep 14 00:28:03 honeypot-sgp-1 sshd[12095]: Invalid user highspeed from 81.17.25.50 port 41642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:28:31.995Z","@version":"1","message":"Sep 14 00:28:31 honeypot-sgp-1 sshd[12102]: Disconnecting invalid user smcadmin 81.17.25.50 port 44613: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:29:10.014Z","@version":"1","message":"Sep 14 00:29:09 honeypot-sgp-1 sshd[12108]: Disconnecting invalid user admin 81.17.25.50 port 58546: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:29:26.021Z","@version":"1","message":"Sep 14 00:29:25 honeypot-sgp-1 sshd[12114]: Disconnecting invalid user user 81.17.25.50 port 60254: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:34 honeypot-ams-1 sshd[16720]: Received disconnect from 177.24.46.4 port 35260:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:29:35.639Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:38 honeypot-ams-1 sshd[16724]: Disconnected from invalid user ubnt 177.24.46.4 port 35395 [preauth]","@timestamp":"2022-09-14T00:29:38.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:44 honeypot-ams-1 sshd[16730]: Disconnected from authenticating user root 177.24.46.4 port 35509 [preauth]","@timestamp":"2022-09-14T00:29:45.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:50 honeypot-ams-1 sshd[16736]: Disconnected from authenticating user root 177.24.46.4 port 35703 [preauth]","@timestamp":"2022-09-14T00:29:50.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:29:57 honeypot-ams-1 sshd[16742]: Disconnected from authenticating user root 177.24.46.4 port 35891 [preauth]","@timestamp":"2022-09-14T00:29:57.654Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:04 honeypot-ams-1 sshd[16748]: Disconnected from authenticating user root 177.24.46.4 port 36018 [preauth]","@timestamp":"2022-09-14T00:30:04.658Z"}
{"@timestamp":"2022-09-14T00:30:06.038Z","@version":"1","message":"Sep 14 00:30:05 honeypot-sgp-1 sshd[12122]: Invalid user user from 81.17.25.50 port 31205","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:09 honeypot-ams-1 sshd[16754]: Disconnected from authenticating user root 177.24.46.4 port 36198 [preauth]","@timestamp":"2022-09-14T00:30:10.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:15 honeypot-ams-1 sshd[16760]: Disconnected from authenticating user root 177.24.46.4 port 36327 [preauth]","@timestamp":"2022-09-14T00:30:15.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:21 honeypot-ams-1 sshd[16766]: Disconnected from authenticating user root 177.24.46.4 port 36484 [preauth]","@timestamp":"2022-09-14T00:30:21.670Z"}
{"@timestamp":"2022-09-14T00:30:28.050Z","@version":"1","message":"Sep 14 00:30:27 honeypot-sgp-1 sshd[12128]: Invalid user Admin from 81.17.25.50 port 56291","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:32 honeypot-ams-1 sshd[16773]: Disconnected from authenticating user root 177.24.46.4 port 36674 [preauth]","@timestamp":"2022-09-14T00:30:32.676Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:48 honeypot-ams-1 sshd[16779]: Received disconnect from 177.24.46.4 port 36966:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:49.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:30:56 honeypot-ams-1 sshd[16785]: Received disconnect from 177.24.46.4 port 37318:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:30:57.693Z"}
{"@timestamp":"2022-09-14T00:31:01.065Z","@version":"1","message":"Sep 14 00:31:00 honeypot-sgp-1 sshd[12134]: Invalid user 0 from 81.17.25.50 port 1433","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:06 honeypot-ams-1 sshd[16791]: Received disconnect from 177.24.46.4 port 37454:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:06.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:10 honeypot-ams-1 sshd[16795]: Received disconnect from 177.24.46.4 port 37615:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:10.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:13 honeypot-ams-1 sshd[16799]: Received disconnect from 177.24.46.4 port 37682:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:14.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:17 honeypot-ams-1 sshd[16803]: Received disconnect from 177.24.46.4 port 37797:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:17.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:21 honeypot-ams-1 sshd[16807]: Received disconnect from 177.24.46.4 port 37876:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:21.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:25 honeypot-ams-1 sshd[16811]: Received disconnect from 177.24.46.4 port 37964:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:25.712Z"}
{"@timestamp":"2022-09-14T00:31:26.078Z","@version":"1","message":"Sep 14 00:31:25 honeypot-sgp-1 sshd[12140]: Invalid user admin from 81.17.25.50 port 34407","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:29 honeypot-ams-1 sshd[16815]: Received disconnect from 177.24.46.4 port 38082:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:29.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:33 honeypot-ams-1 sshd[16819]: Disconnected from invalid user pi 177.24.46.4 port 38153 [preauth]","@timestamp":"2022-09-14T00:31:33.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:37 honeypot-ams-1 sshd[16823]: Disconnected from invalid user user 177.24.46.4 port 38264 [preauth]","@timestamp":"2022-09-14T00:31:37.720Z"}
{"@timestamp":"2022-09-14T00:31:38.084Z","@version":"1","message":"Sep 14 00:31:37 honeypot-sgp-1 sshd[12146]: Invalid user ltecl4r0 from 81.17.25.50 port 8955","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:40 honeypot-ams-1 sshd[16827]: Disconnected from invalid user mine 177.24.46.4 port 38346 [preauth]","@timestamp":"2022-09-14T00:31:41.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:45 honeypot-ams-1 sshd[16831]: Received disconnect from 177.24.46.4 port 38447:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:31:45.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:48 honeypot-ams-1 sshd[16835]: Invalid user oracle from 177.24.46.4 port 38555","@timestamp":"2022-09-14T00:31:49.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:52 honeypot-ams-1 sshd[16839]: Invalid user postgres from 177.24.46.4 port 38635","@timestamp":"2022-09-14T00:31:52.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:56 honeypot-ams-1 sshd[16843]: Invalid user support from 177.24.46.4 port 38735","@timestamp":"2022-09-14T00:31:56.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:31:59 honeypot-ams-1 sshd[16847]: Invalid user ubuntu from 177.24.46.4 port 38836","@timestamp":"2022-09-14T00:32:00.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:03 honeypot-ams-1 sshd[16851]: Invalid user ubuntu from 177.24.46.4 port 38911","@timestamp":"2022-09-14T00:32:03.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:07 honeypot-ams-1 sshd[16855]: Invalid user guest from 177.24.46.4 port 39013","@timestamp":"2022-09-14T00:32:07.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:32:11 honeypot-ams-1 sshd[16859]: Invalid user cirros from 177.24.46.4 port 39097","@timestamp":"2022-09-14T00:32:11.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:32:19 honeypot-fra-1 sshd[7602]: Connection closed by invalid user admin 144.217.162.95 port 55797 [preauth]","@timestamp":"2022-09-14T00:32:19.454Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:33:49 honeypot-ams-1 sshd[16863]: Received disconnect from 178.128.34.59 port 48892:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:33:49.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:34:58 honeypot-fra-1 sshd[7609]: Received disconnect from 157.230.254.228 port 53544:11: Bye Bye [preauth]","@timestamp":"2022-09-14T00:34:58.519Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:35:37.177Z","@version":"1","message":"Sep 14 00:35:36 honeypot-sgp-1 sshd[12156]: Disconnected from authenticating user root 61.177.172.114 port 36378 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:09 honeypot-fra-1 sshd[7614]: Invalid user user from 141.255.162.226 port 42968","@timestamp":"2022-09-14T00:36:09.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:13 honeypot-fra-1 sshd[7618]: Invalid user user from 141.255.162.226 port 41378","@timestamp":"2022-09-14T00:36:13.549Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:36:17 honeypot-fra-1 sshd[7622]: Connection reset by 141.255.162.226 port 54698 [preauth]","@timestamp":"2022-09-14T00:36:17.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:38:49 honeypot-fra-1 sshd[7629]: Invalid user guest from 179.60.147.69 port 62820","@timestamp":"2022-09-14T00:38:50.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T00:38:52.256Z","@version":"1","message":"Sep 14 00:38:51 honeypot-sgp-1 kernel: [83992040.971983] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=32643 PROTO=TCP SPT=55877 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:40:46 honeypot-ams-1 sshd[16872]: Invalid user  from 64.62.197.62 port 29778","@timestamp":"2022-09-14T00:40:46.981Z"}
{"@timestamp":"2022-09-14T00:42:14.338Z","@version":"1","message":"Sep 14 00:42:13 honeypot-sgp-1 sshd[12170]: Received disconnect from 61.177.173.52 port 25795:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:43:49 honeypot-ams-1 kernel: [83992812.498162] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=14873 PROTO=TCP SPT=45288 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:43:50.065Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:43:58 honeypot-fra-1 kernel: [83990660.466275] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=25678 DF PROTO=TCP SPT=35805 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:43:58.731Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16902]: Invalid user web from 193.176.239.126 port 48288","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16886]: Invalid user web from 193.176.239.126 port 48290","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16897]: Connection closed by authenticating user root 193.176.239.126 port 48302 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:55 honeypot-ams-1 sshd[16917]: Invalid user es from 193.176.239.126 port 48334","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16888]: Connection closed by invalid user guest 193.176.239.126 port 48276 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16900]: Connection closed by invalid user demo 193.176.239.126 port 48304 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16899]: Connection closed by invalid user testuser 193.176.239.126 port 48308 [preauth]","@timestamp":"2022-09-14T00:44:56.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16905]: Connection closed by invalid user ms 193.176.239.126 port 48350 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 00:44:56 honeypot-ams-1 sshd[16922]: Connection closed by authenticating user root 193.176.239.126 port 48386 [preauth]","@timestamp":"2022-09-14T00:44:57.097Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:46:05 honeypot-ams-1 kernel: [83992948.814606] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.232.8 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=42456 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:46:06.126Z"}
{"@timestamp":"2022-09-14T00:49:50.515Z","@version":"1","message":"Sep 14 00:49:49 honeypot-sgp-1 sshd[12179]: Disconnected from invalid user samura 201.116.3.194 port 57480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T00:51:41.562Z","@version":"1","message":"Sep 14 00:51:40 honeypot-sgp-1 sshd[12185]: Disconnected from invalid user mssql 128.199.118.93 port 46798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 00:56:03 honeypot-ams-1 kernel: [83993547.298355] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=17955 PROTO=TCP SPT=27113 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T00:56:04.391Z"}
{"@timestamp":"2022-09-14T00:57:17.692Z","@version":"1","message":"Sep 14 00:57:17 honeypot-sgp-1 sshd[12196]: Received disconnect from 159.223.65.243 port 34994:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 00:59:36 honeypot-fra-1 sshd[7639]: Disconnected from 143.110.236.239 port 57758 [preauth]","@timestamp":"2022-09-14T00:59:37.081Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:37 honeypot-ams-1 sshd[16969]: Disconnected from authenticating user root 61.177.172.19 port 58536 [preauth]","@timestamp":"2022-09-14T01:02:37.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:02:53 honeypot-ams-1 sshd[16973]: Disconnected from invalid user user 45.61.186.249 port 37900 [preauth]","@timestamp":"2022-09-14T01:02:53.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:11 honeypot-ams-1 sshd[16977]: Disconnected from invalid user user 45.61.186.249 port 60502 [preauth]","@timestamp":"2022-09-14T01:03:12.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:03:30 honeypot-ams-1 sshd[16981]: Disconnected from invalid user user 45.61.186.249 port 54884 [preauth]","@timestamp":"2022-09-14T01:03:31.591Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:04:11 honeypot-fra-1 sshd[7646]: Disconnected from authenticating user root 92.255.85.70 port 59496 [preauth]","@timestamp":"2022-09-14T01:04:12.184Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:04:36.864Z","@version":"1","message":"Sep 14 01:04:36 honeypot-sgp-1 sshd[12205]: Invalid user cloudadmin from 185.231.245.49 port 49496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:05:03 honeypot-ams-1 kernel: [83994086.784405] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=1.4.167.159 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=57420 PROTO=TCP SPT=55781 DPT=443 WINDOW=61397 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:05:03.636Z"}
{"@timestamp":"2022-09-14T01:05:04.878Z","@version":"1","message":"Sep 14 01:05:04 honeypot-sgp-1 sshd[12209]: Disconnected from authenticating user root 61.177.173.46 port 34195 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:52 honeypot-ams-1 sshd[16992]: Disconnected from authenticating user root 175.4.209.29 port 32009 [preauth]","@timestamp":"2022-09-14T01:09:53.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:09:58 honeypot-ams-1 sshd[16998]: Received disconnect from 175.4.209.29 port 32195:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:09:58.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:04 honeypot-ams-1 sshd[17004]: Received disconnect from 175.4.209.29 port 32374:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:04.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:10 honeypot-ams-1 sshd[17011]: Received disconnect from 175.4.209.29 port 32547:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:10.778Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:16 honeypot-ams-1 sshd[17017]: Received disconnect from 175.4.209.29 port 32770:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:16.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:22 honeypot-ams-1 sshd[17023]: Received disconnect from 175.4.209.29 port 32931:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:23.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:29 honeypot-ams-1 sshd[17029]: Received disconnect from 175.4.209.29 port 33141:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:29.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:35 honeypot-ams-1 sshd[17035]: Received disconnect from 175.4.209.29 port 33331:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:35.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:41 honeypot-ams-1 sshd[17041]: Received disconnect from 175.4.209.29 port 33503:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:41.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:10:47 honeypot-ams-1 sshd[17047]: Received disconnect from 175.4.209.29 port 33714:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:10:47.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:20 honeypot-ams-1 sshd[17059]: Received disconnect from 175.4.209.29 port 30504:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:20.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:24 honeypot-ams-1 sshd[17065]: Received disconnect from 175.4.209.29 port 30752:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:24.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:28 honeypot-ams-1 sshd[17069]: Received disconnect from 175.4.209.29 port 30891:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:28.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:32 honeypot-ams-1 sshd[17073]: Received disconnect from 175.4.209.29 port 31003:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:32.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:36 honeypot-ams-1 sshd[17077]: Received disconnect from 175.4.209.29 port 31142:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:36.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:40 honeypot-ams-1 sshd[17081]: Received disconnect from 175.4.209.29 port 31258:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:40.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:44 honeypot-ams-1 sshd[17085]: Received disconnect from 175.4.209.29 port 31383:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:11:44.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:48 honeypot-ams-1 sshd[17089]: Disconnected from authenticating user root 175.4.209.29 port 31500 [preauth]","@timestamp":"2022-09-14T01:11:48.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:54 honeypot-ams-1 sshd[17095]: Invalid user pi from 175.4.209.29 port 31719","@timestamp":"2022-09-14T01:11:54.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:11:59 honeypot-ams-1 sshd[17099]: Invalid user ethos from 175.4.209.29 port 31848","@timestamp":"2022-09-14T01:11:59.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:03 honeypot-ams-1 sshd[17103]: Invalid user miner from 175.4.209.29 port 32035","@timestamp":"2022-09-14T01:12:03.851Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:07 honeypot-ams-1 sshd[17107]: Invalid user volumio from 175.4.209.29 port 32180","@timestamp":"2022-09-14T01:12:07.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:14 honeypot-ams-1 sshd[17111]: Invalid user nagios from 175.4.209.29 port 32292","@timestamp":"2022-09-14T01:12:14.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:18 honeypot-ams-1 sshd[17115]: Invalid user vagrant from 175.4.209.29 port 32526","@timestamp":"2022-09-14T01:12:18.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:22 honeypot-ams-1 sshd[17119]: Invalid user debian from 175.4.209.29 port 32640","@timestamp":"2022-09-14T01:12:22.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:26 honeypot-ams-1 sshd[17123]: Invalid user debian from 175.4.209.29 port 32801","@timestamp":"2022-09-14T01:12:26.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:30 honeypot-ams-1 sshd[17127]: Invalid user alarm from 175.4.209.29 port 32923","@timestamp":"2022-09-14T01:12:30.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:34 honeypot-ams-1 sshd[17131]: Invalid user test from 175.4.209.29 port 33078","@timestamp":"2022-09-14T01:12:34.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:12:38 honeypot-ams-1 sshd[17135]: Invalid user cirros from 175.4.209.29 port 33202","@timestamp":"2022-09-14T01:12:38.875Z"}
{"@timestamp":"2022-09-14T01:12:43.063Z","@version":"1","message":"Sep 14 01:12:42 honeypot-sgp-1 kernel: [83994071.893005] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=22107 DF PROTO=TCP SPT=56044 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:14:37 honeypot-fra-1 sshd[7651]: Received disconnect from 165.22.45.108 port 58358:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:14:37.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:14:58.121Z","@version":"1","message":"Sep 14 01:14:57 honeypot-sgp-1 kernel: [83994206.541914] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=38.70.11.13 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=64112 DF PROTO=TCP SPT=60711 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:17:01 honeypot-ams-1 CRON[17140]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T01:17:01.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:17:48 honeypot-fra-1 sshd[7660]: Invalid user bbu from 31.47.192.98 port 56506","@timestamp":"2022-09-14T01:17:49.495Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:17:49 honeypot-ams-1 sshd[17145]: Received disconnect from 61.177.172.104 port 39680:11:  [preauth]","@timestamp":"2022-09-14T01:17:50.014Z"}
{"@timestamp":"2022-09-14T01:18:55.224Z","@version":"1","message":"Sep 14 01:18:54 honeypot-sgp-1 sshd[12229]: Received disconnect from 61.177.173.48 port 22467:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:20:20 honeypot-ams-1 kernel: [83995003.944550] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.142.236.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=120 ID=32038 PROTO=TCP SPT=20012 DPT=443 WINDOW=29989 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:20:21.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:00 honeypot-fra-1 sshd[7663]: Invalid user jimmy from 80.91.223.118 port 33486","@timestamp":"2022-09-14T01:21:00.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:21:12 honeypot-fra-1 sshd[7667]: Connection closed by invalid user admin 128.199.160.207 port 58606 [preauth]","@timestamp":"2022-09-14T01:21:12.573Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:25:22 honeypot-ams-1 sshd[17159]: Connection closed by authenticating user root 103.188.176.251 port 38880 [preauth]","@timestamp":"2022-09-14T01:25:23.217Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:27:57 honeypot-fra-1 sshd[7674]: Received disconnect from 92.255.85.69 port 48052:11: Bye Bye [preauth]","@timestamp":"2022-09-14T01:27:58.729Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:28:21.466Z","@version":"1","message":"Sep 14 01:28:20 honeypot-sgp-1 kernel: [83995010.250841] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.96.13.144 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=14430 DF PROTO=TCP SPT=54271 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:29:17.491Z","@version":"1","message":"Sep 14 01:29:17 honeypot-sgp-1 sshd[12238]: Received disconnect from 61.177.173.51 port 64332:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:34:39 honeypot-ams-1 kernel: [83995862.872712] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=119 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:34:40.460Z"}
{"@timestamp":"2022-09-14T01:37:16.682Z","@version":"1","message":"Sep 14 01:37:16 honeypot-sgp-1 sshd[12245]: Invalid user admin from 178.128.125.205 port 43560","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:37:16.682Z","@version":"1","message":"Sep 14 01:37:16 honeypot-sgp-1 sshd[12251]: Invalid user admin from 178.128.125.205 port 43586","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:39:31 honeypot-fra-1 kernel: [83993993.046335] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=131.159.24.205 DST=165.22.82.222 LEN=64 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=54574 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:39:32.001Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:39:49 honeypot-ams-1 sshd[17175]: Disconnected from authenticating user root 61.177.173.36 port 36577 [preauth]","@timestamp":"2022-09-14T01:39:49.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:41:59 honeypot-ams-1 sshd[17183]: Invalid user admin from 80.76.51.45 port 37760","@timestamp":"2022-09-14T01:42:00.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:42:30 honeypot-ams-1 sshd[17187]: Received disconnect from 80.76.51.45 port 60724:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:42:30.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:43:14 honeypot-ams-1 sshd[17193]: Received disconnect from 80.76.51.45 port 38556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:43:15.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:43:59 honeypot-ams-1 sshd[17199]: Received disconnect from 80.76.51.45 port 44626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T01:43:59.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:44:28 honeypot-ams-1 sshd[17203]: Disconnected from invalid user user 80.76.51.45 port 39430 [preauth]","@timestamp":"2022-09-14T01:44:28.771Z"}
{"@timestamp":"2022-09-14T01:45:26.878Z","@version":"1","message":"Sep 14 01:45:26 honeypot-sgp-1 sshd[12256]: Disconnected from authenticating user root 61.177.173.46 port 23259 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 01:47:31 honeypot-ams-1 kernel: [83996635.079207] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.132.2.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=14599 PROTO=TCP SPT=33935 DPT=80 WINDOW=55255 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T01:47:31.854Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 01:51:44 honeypot-fra-1 sshd[7683]: Connection closed by authenticating user nobody 179.60.147.69 port 29568 [preauth]","@timestamp":"2022-09-14T01:51:45.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T01:52:19.045Z","@version":"1","message":"Sep 14 01:52:18 honeypot-sgp-1 sshd[12268]: Invalid user user from 103.188.176.251 port 48104","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:53:34.078Z","@version":"1","message":"Sep 14 01:53:33 honeypot-sgp-1 sshd[12275]: Invalid user user from 45.61.186.49 port 52670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T01:53:44.083Z","@version":"1","message":"Sep 14 01:53:43 honeypot-sgp-1 sshd[12279]: Invalid user user from 45.61.186.49 port 36084","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 01:56:25 honeypot-ams-1 sshd[17220]: Invalid user timemachine from 89.22.165.187 port 26752","@timestamp":"2022-09-14T01:56:26.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:01:25 honeypot-ams-1 sshd[17224]: Received disconnect from 114.7.195.180 port 35598:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:01:25.219Z"}
{"@timestamp":"2022-09-14T02:01:44.295Z","@version":"1","message":"Sep 14 02:01:43 honeypot-sgp-1 sshd[12288]: Disconnected from 61.177.173.50 port 14203 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:01:59 honeypot-fra-1 sshd[7688]: Received disconnect from 165.22.45.108 port 35078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:02:00.518Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:20 honeypot-fra-1 sshd[7694]: Disconnected from authenticating user root 179.43.145.74 port 53178 [preauth]","@timestamp":"2022-09-14T02:04:20.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:04:33 honeypot-fra-1 sshd[7700]: Disconnected from authenticating user root 179.43.145.74 port 34072 [preauth]","@timestamp":"2022-09-14T02:04:34.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:05:44 honeypot-fra-1 sshd[7706]: Received disconnect from 186.84.174.241 port 44036:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:05:45.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:06:18 honeypot-fra-1 sshd[7710]: Disconnected from invalid user admin 179.43.145.74 port 58406 [preauth]","@timestamp":"2022-09-14T02:06:19.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:09:06 honeypot-ams-1 sshd[17233]: Disconnected from authenticating user root 61.177.173.47 port 35894 [preauth]","@timestamp":"2022-09-14T02:09:07.422Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:09:18 honeypot-fra-1 sshd[7717]: Received disconnect from 143.244.158.100 port 57194:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:09:18.701Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:09:49.495Z","@version":"1","message":"Sep 14 02:09:48 honeypot-sgp-1 sshd[12296]: Received disconnect from 61.177.173.51 port 36254:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:10:17 honeypot-fra-1 sshd[7721]: Received disconnect from 143.244.158.100 port 44188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:10:17.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:11:41 honeypot-fra-1 sshd[7727]: Invalid user user1 from 135.125.10.56 port 35552","@timestamp":"2022-09-14T02:11:42.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:19 honeypot-fra-1 sshd[7731]: Connection closed by invalid user test 193.106.191.157 port 41370 [preauth]","@timestamp":"2022-09-14T02:12:20.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:12:47 honeypot-fra-1 sshd[7736]: Disconnected from invalid user user 45.61.184.204 port 39294 [preauth]","@timestamp":"2022-09-14T02:12:47.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:05 honeypot-fra-1 sshd[7740]: Disconnected from invalid user user 45.61.184.204 port 34162 [preauth]","@timestamp":"2022-09-14T02:13:05.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:23 honeypot-fra-1 sshd[7744]: Disconnected from invalid user user 45.61.184.204 port 57262 [preauth]","@timestamp":"2022-09-14T02:13:23.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:13:41 honeypot-fra-1 sshd[7751]: Invalid user user from 45.61.184.204 port 52170","@timestamp":"2022-09-14T02:13:41.818Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:14:31 honeypot-fra-1 sshd[7755]: Disconnected from authenticating user root 92.255.85.69 port 59576 [preauth]","@timestamp":"2022-09-14T02:14:31.837Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:15:50.641Z","@version":"1","message":"Sep 14 02:15:49 honeypot-sgp-1 sshd[12301]: Disconnected from authenticating user root 61.177.172.98 port 30608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:16:08 honeypot-fra-1 sshd[7759]: Disconnected from authenticating user root 143.244.158.100 port 57220 [preauth]","@timestamp":"2022-09-14T02:16:08.875Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:17:01 honeypot-ams-1 CRON[17670]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T02:17:01.625Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:17:47 honeypot-fra-1 sshd[7768]: Disconnected from authenticating user root 143.244.158.100 port 33208 [preauth]","@timestamp":"2022-09-14T02:17:47.916Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:18:54 honeypot-ams-1 sshd[17675]: error: maximum authentication attempts exceeded for invalid user admin from 58.77.199.182 port 51584 ssh2 [preauth]","@timestamp":"2022-09-14T02:18:55.679Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:29 honeypot-fra-1 sshd[7776]: Invalid user user from 141.255.162.226 port 55004","@timestamp":"2022-09-14T02:19:29.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:31 honeypot-fra-1 sshd[7780]: Invalid user user from 141.255.162.226 port 39800","@timestamp":"2022-09-14T02:19:31.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:33 honeypot-fra-1 sshd[7784]: Invalid user user from 141.255.162.226 port 46318","@timestamp":"2022-09-14T02:19:33.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:19:37 honeypot-fra-1 sshd[7788]: Invalid user user from 141.255.162.226 port 33286","@timestamp":"2022-09-14T02:19:37.964Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:03 honeypot-ams-1 sshd[17683]: Received disconnect from 109.205.213.23 port 60496:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:20:03.712Z"}
{"@timestamp":"2022-09-14T02:20:18.749Z","@version":"1","message":"Sep 14 02:20:18 honeypot-sgp-1 sshd[12310]: Disconnected from authenticating user root 61.177.173.52 port 33454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:26 honeypot-ams-1 sshd[17689]: Received disconnect from 109.205.213.23 port 47334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:20:26.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:20:28 honeypot-fra-1 kernel: [83996449.901740] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.93.144.180 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=41715 PROTO=TCP SPT=41942 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:20:28.987Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:20:51 honeypot-ams-1 sshd[17695]: Received disconnect from 109.205.213.23 port 34170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:20:51.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:21:49 honeypot-ams-1 sshd[17699]: Received disconnect from 109.205.213.23 port 49240:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:21:49.768Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:22:01 honeypot-fra-1 sshd[7796]: Received disconnect from 143.244.158.100 port 44462:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:22:02.027Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:22:07 honeypot-ams-1 sshd[17704]: Disconnected from invalid user test 109.205.213.23 port 49876 [preauth]","@timestamp":"2022-09-14T02:22:08.778Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:23:09 honeypot-fra-1 sshd[7800]: Disconnected from invalid user md 112.146.205.124 port 34210 [preauth]","@timestamp":"2022-09-14T02:23:10.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:25:26 honeypot-fra-1 sshd[7807]: Disconnected from authenticating user root 143.244.158.100 port 52492 [preauth]","@timestamp":"2022-09-14T02:25:27.111Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:26:04.892Z","@version":"1","message":"Sep 14 02:26:04 honeypot-sgp-1 sshd[12316]: Received disconnect from 61.177.173.53 port 25712:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:27:45 honeypot-ams-1 kernel: [83999048.944930] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=55631 PROTO=TCP SPT=43563 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:27:45.926Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:27:59 honeypot-fra-1 sshd[7813]: Disconnected from authenticating user root 143.244.158.100 port 39818 [preauth]","@timestamp":"2022-09-14T02:28:00.172Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:05 honeypot-ams-1 sshd[17718]: Invalid user user from 45.61.186.169 port 60972","@timestamp":"2022-09-14T02:29:05.966Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:22 honeypot-ams-1 sshd[17722]: Invalid user user from 45.61.186.169 port 55812","@timestamp":"2022-09-14T02:29:22.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:30 honeypot-ams-1 sshd[17724]: Received disconnect from 45.61.186.169 port 39128:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:29:31.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:29:47 honeypot-ams-1 sshd[17728]: Received disconnect from 45.61.186.169 port 33988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:29:47.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:29:47 honeypot-fra-1 sshd[7820]: Disconnected from authenticating user root 143.244.158.100 port 49742 [preauth]","@timestamp":"2022-09-14T02:29:48.216Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:31:26 honeypot-fra-1 sshd[7825]: Disconnected from authenticating user root 143.244.158.100 port 40610 [preauth]","@timestamp":"2022-09-14T02:31:27.258Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:31:36.028Z","@version":"1","message":"Sep 14 02:31:35 honeypot-sgp-1 kernel: [83998805.023131] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.126 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40508 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:32:51 honeypot-ams-1 kernel: [83999354.891613] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.96.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39564 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:32:52.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:34:01 honeypot-fra-1 sshd[7832]: Received disconnect from 143.244.158.100 port 44080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:34:02.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:34:57 honeypot-fra-1 kernel: [83997319.067552] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=3372 DF PROTO=TCP SPT=39996 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:34:57.345Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:36:39 honeypot-fra-1 sshd[7841]: Disconnected from authenticating user root 143.244.158.100 port 59606 [preauth]","@timestamp":"2022-09-14T02:36:40.390Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:38:18 honeypot-fra-1 sshd[7847]: Disconnected from authenticating user root 143.244.158.100 port 34586 [preauth]","@timestamp":"2022-09-14T02:38:19.429Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:39:41 honeypot-ams-1 sshd[17740]: Received disconnect from 157.245.9.6 port 60570:11: Bye Bye [preauth]","@timestamp":"2022-09-14T02:39:42.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:40:28 honeypot-ams-1 sshd[17744]: Disconnected from invalid user ubuntu 95.79.31.128 port 51895 [preauth]","@timestamp":"2022-09-14T02:40:28.273Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:40:49 honeypot-fra-1 sshd[7854]: Received disconnect from 143.244.158.100 port 33534:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:40:50.489Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:40:53.254Z","@version":"1","message":"Sep 14 02:40:52 honeypot-sgp-1 sshd[12330]: Invalid user reginaldo from 200.7.168.217 port 35224","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:05 honeypot-ams-1 sshd[17749]: Disconnected from authenticating user root 109.205.213.23 port 42774 [preauth]","@timestamp":"2022-09-14T02:41:06.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:24 honeypot-ams-1 sshd[17755]: Disconnected from authenticating user root 92.255.85.70 port 23652 [preauth]","@timestamp":"2022-09-14T02:41:24.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:41:44 honeypot-ams-1 sshd[17761]: Disconnected from authenticating user root 109.205.213.23 port 55668 [preauth]","@timestamp":"2022-09-14T02:41:44.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:42:09 honeypot-ams-1 sshd[17767]: Disconnected from authenticating user root 109.205.213.23 port 40818 [preauth]","@timestamp":"2022-09-14T02:42:09.353Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:43:07 honeypot-ams-1 sshd[17773]: Received disconnect from 109.205.213.23 port 54202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:43:08.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:43:18 honeypot-fra-1 sshd[7860]: Received disconnect from 143.244.158.100 port 57362:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:43:18.547Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:44:56 honeypot-ams-1 kernel: [84000079.670494] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.146.66 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=53842 PROTO=TCP SPT=60672 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:44:56.437Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:45:01 honeypot-fra-1 sshd[7865]: Disconnected from authenticating user root 143.244.158.100 port 38090 [preauth]","@timestamp":"2022-09-14T02:45:01.589Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:46:19.388Z","@version":"1","message":"Sep 14 02:46:19 honeypot-sgp-1 sshd[12337]: Received disconnect from 61.177.173.36 port 17652:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:47:38 honeypot-fra-1 sshd[7871]: Received disconnect from 143.244.158.100 port 39412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T02:47:38.652Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:49:39 honeypot-fra-1 sshd[7878]: Invalid user kundert from 165.22.45.108 port 40058","@timestamp":"2022-09-14T02:49:39.700Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 02:50:45 honeypot-ams-1 kernel: [84000428.726627] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=50183 PROTO=TCP SPT=40339 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T02:50:45.599Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:50:58 honeypot-fra-1 sshd[7882]: Disconnected from authenticating user root 143.244.158.100 port 33354 [preauth]","@timestamp":"2022-09-14T02:50:58.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:52:43 honeypot-fra-1 sshd[7886]: Disconnected from authenticating user root 143.244.158.100 port 57330 [preauth]","@timestamp":"2022-09-14T02:52:44.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:53:10.558Z","@version":"1","message":"Sep 14 02:53:10 honeypot-sgp-1 sshd[12344]: Invalid user aldin from 159.223.225.146 port 34666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 02:57:50 honeypot-ams-1 sshd[17794]: Received disconnect from 61.177.173.39 port 53247:11:  [preauth]","@timestamp":"2022-09-14T02:57:50.801Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 02:57:52 honeypot-fra-1 sshd[7891]: Connection closed by invalid user test 193.106.191.157 port 43758 [preauth]","@timestamp":"2022-09-14T02:57:52.899Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T02:58:16.708Z","@version":"1","message":"Sep 14 02:58:16 honeypot-sgp-1 sshd[12349]: Disconnected from authenticating user root 61.177.173.50 port 19229 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T02:58:53.727Z","@version":"1","message":"Sep 14 02:58:53 honeypot-sgp-1 kernel: [84000442.566756] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.104.20.135 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=57091 DF PROTO=TCP SPT=58772 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:04:03 honeypot-fra-1 kernel: [83999064.847840] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.158.171.29 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=3025 DF PROTO=TCP SPT=58823 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:04:04.046Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T03:05:39.897Z","@version":"1","message":"Sep 14 03:05:39 honeypot-sgp-1 sshd[12359]: Received disconnect from 61.177.173.39 port 63311:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:06:09 honeypot-ams-1 kernel: [84001353.006056] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.131.181.99 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=45677 DF PROTO=TCP SPT=42608 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:06:10.033Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:08:52 honeypot-fra-1 sshd[7901]: Disconnected from invalid user joyoudata 174.138.24.231 port 51556 [preauth]","@timestamp":"2022-09-14T03:08:53.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:12:14 honeypot-ams-1 kernel: [84001717.731313] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.161.54.57 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=37477 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:12:15.201Z"}
{"@timestamp":"2022-09-14T03:13:35.089Z","@version":"1","message":"Sep 14 03:13:34 honeypot-sgp-1 sshd[12366]: Disconnected from invalid user user 45.61.186.49 port 47900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:13:47.095Z","@version":"1","message":"Sep 14 03:13:46 honeypot-sgp-1 sshd[12370]: Disconnected from invalid user user 45.61.186.49 port 59488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:12 honeypot-fra-1 sshd[7906]: Did not receive identification string from 45.61.184.204 port 44356","@timestamp":"2022-09-14T03:14:13.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:39 honeypot-fra-1 sshd[7910]: Received disconnect from 45.61.184.204 port 52364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:14:40.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:14:56 honeypot-fra-1 sshd[7914]: Received disconnect from 45.61.184.204 port 47482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:14:57.300Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:13 honeypot-fra-1 sshd[7920]: Disconnected from authenticating user root 179.43.156.143 port 38688 [preauth]","@timestamp":"2022-09-14T03:15:13.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:15:21 honeypot-fra-1 sshd[7922]: Disconnected from invalid user user 45.61.184.204 port 54282 [preauth]","@timestamp":"2022-09-14T03:15:21.313Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:15:38.145Z","@version":"1","message":"Sep 14 03:15:37 honeypot-sgp-1 sshd[12376]: Received disconnect from 61.177.173.48 port 25403:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:17:01 honeypot-ams-1 CRON[17820]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T03:17:01.330Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:17:01 honeypot-fra-1 CRON[7928]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T03:17:02.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:18:37 honeypot-fra-1 sshd[7935]: Received disconnect from 179.43.156.143 port 47284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:18:38.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:19:59 honeypot-fra-1 sshd[7940]: Invalid user ossuser from 179.43.156.143 port 39412","@timestamp":"2022-09-14T03:20:00.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:21:14.282Z","@version":"1","message":"Sep 14 03:21:13 honeypot-sgp-1 sshd[12382]: Disconnected from authenticating user root 87.245.184.58 port 38084 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:21:21 honeypot-fra-1 sshd[7944]: Received disconnect from 179.43.156.143 port 59940:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:21:22.475Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:21:28 honeypot-ams-1 sshd[17828]: Disconnected from authenticating user root 61.177.172.114 port 46469 [preauth]","@timestamp":"2022-09-14T03:21:28.448Z"}
{"@timestamp":"2022-09-14T03:23:06.331Z","@version":"1","message":"Sep 14 03:23:06 honeypot-sgp-1 sshd[12388]: Disconnected from authenticating user root 61.177.173.49 port 43423 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:23:19 honeypot-fra-1 kernel: [84000220.945491] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=49.143.32.6 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=26763 DF PROTO=TCP SPT=1659 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:23:19.520Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:24:43 honeypot-fra-1 sshd[7956]: Disconnected from authenticating user root 179.43.156.143 port 40236 [preauth]","@timestamp":"2022-09-14T03:24:43.554Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:28:17.461Z","@version":"1","message":"Sep 14 03:28:17 honeypot-sgp-1 sshd[12393]: Disconnected from authenticating user root 61.177.172.104 port 23512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T03:30:54.527Z","@version":"1","message":"Sep 14 03:30:54 honeypot-sgp-1 sshd[12399]: Disconnected from invalid user zhangw 165.22.16.134 port 36294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:31:21 honeypot-ams-1 sshd[17837]: Disconnected from authenticating user root 61.177.173.52 port 19682 [preauth]","@timestamp":"2022-09-14T03:31:21.704Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:32:08 honeypot-fra-1 sshd[7963]: Invalid user developer from 80.87.83.58 port 46384","@timestamp":"2022-09-14T03:32:08.711Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:33:36 honeypot-ams-1 sshd[17842]: Disconnected from authenticating user root 61.177.172.98 port 12409 [preauth]","@timestamp":"2022-09-14T03:33:36.765Z"}
{"@timestamp":"2022-09-14T03:35:13.635Z","@version":"1","message":"Sep 14 03:35:13 honeypot-sgp-1 sshd[12405]: Received disconnect from 61.177.173.36 port 35433:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:36:56 honeypot-fra-1 sshd[7965]: Received disconnect from 165.22.45.108 port 45028:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T03:36:56.823Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:37:35 honeypot-ams-1 kernel: [84003239.318547] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=34279 PROTO=TCP SPT=23145 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:37:36.873Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:37:47 honeypot-fra-1 kernel: [84001088.802789] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=52280 PROTO=TCP SPT=14601 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:37:47.846Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T03:40:12.759Z","@version":"1","message":"Sep 14 03:40:12 honeypot-sgp-1 sshd[12412]: Received disconnect from 61.177.172.108 port 54845:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:13 honeypot-fra-1 sshd[7971]: Disconnected from invalid user user 198.98.61.9 port 45362 [preauth]","@timestamp":"2022-09-14T03:40:13.906Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:30 honeypot-fra-1 sshd[7975]: Disconnected from invalid user user 198.98.61.9 port 39894 [preauth]","@timestamp":"2022-09-14T03:40:30.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:40:52 honeypot-fra-1 sshd[7979]: Disconnected from invalid user user 198.98.61.9 port 34410 [preauth]","@timestamp":"2022-09-14T03:40:52.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:41:08 honeypot-fra-1 sshd[7983]: Disconnected from invalid user user 198.98.61.9 port 57222 [preauth]","@timestamp":"2022-09-14T03:41:08.931Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T03:45:45.900Z","@version":"1","message":"Sep 14 03:45:45 honeypot-sgp-1 sshd[12417]: Disconnected from authenticating user root 92.255.85.69 port 28976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 03:48:03 honeypot-ams-1 kernel: [84003866.936573] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.37.185.75 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=28326 DF PROTO=TCP SPT=42572 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:48:04.141Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:48:23 honeypot-fra-1 sshd[8009]: Disconnected from authenticating user root 92.255.85.70 port 44152 [preauth]","@timestamp":"2022-09-14T03:48:24.109Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:51:15 honeypot-fra-1 sshd[8014]: Disconnected from invalid user malik 157.230.155.135 port 33887 [preauth]","@timestamp":"2022-09-14T03:51:16.176Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 03:54:02 honeypot-ams-1 sshd[17860]: Did not receive identification string from 77.39.160.144 port 59872","@timestamp":"2022-09-14T03:54:02.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 03:58:00 honeypot-fra-1 kernel: [84002302.428902] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=40015 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T03:58:01.329Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T04:02:47.319Z","@version":"1","message":"Sep 14 04:02:46 honeypot-sgp-1 sshd[12429]: Disconnecting invalid user admin 79.79.21.253 port 38324: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:03:54 honeypot-ams-1 kernel: [84004817.638784] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.240.118.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=61917 PROTO=TCP SPT=49800 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:03:54.554Z"}
{"@timestamp":"2022-09-14T04:05:34.389Z","@version":"1","message":"Sep 14 04:05:34 honeypot-sgp-1 sshd[12436]: Received disconnect from 46.151.137.136 port 41524:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T04:08:02.452Z","@version":"1","message":"Sep 14 04:08:02 honeypot-sgp-1 kernel: [84004591.459909] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.170 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=46135 PROTO=TCP SPT=49506 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:08:07 honeypot-fra-1 sshd[8027]: Disconnected from authenticating user root 67.243.72.138 port 51194 [preauth]","@timestamp":"2022-09-14T04:08:08.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:12:26 honeypot-fra-1 sshd[8034]: Invalid user kalista from 167.99.55.86 port 60482","@timestamp":"2022-09-14T04:12:27.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:13:20 honeypot-fra-1 kernel: [84003221.540843] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.240.118.77 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40520 PROTO=TCP SPT=49800 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:13:20.689Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:14:35 honeypot-ams-1 sshd[17873]: Received disconnect from 92.255.85.69 port 59838:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:14:35.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:15:32 honeypot-fra-1 sshd[8040]: Disconnected from invalid user postgres 143.198.11.227 port 57184 [preauth]","@timestamp":"2022-09-14T04:15:33.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:21:00 honeypot-fra-1 sshd[8048]: Disconnected from authenticating user uucp 146.190.227.169 port 58034 [preauth]","@timestamp":"2022-09-14T04:21:00.863Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T04:22:13.799Z","@version":"1","message":"Sep 14 04:22:13 honeypot-sgp-1 sshd[12449]: Invalid user user1 from 103.188.176.251 port 39048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T04:25:30.881Z","@version":"1","message":"Sep 14 04:25:30 honeypot-sgp-1 sshd[12453]: Received disconnect from 139.59.26.97 port 33914:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:34 honeypot-ams-1 sshd[17881]: Received disconnect from 121.25.250.163 port 46056:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:25:34.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:37 honeypot-ams-1 sshd[17885]: Disconnected from invalid user ubnt 121.25.250.163 port 47914 [preauth]","@timestamp":"2022-09-14T04:25:38.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:43 honeypot-ams-1 sshd[17891]: Disconnected from authenticating user root 121.25.250.163 port 45518 [preauth]","@timestamp":"2022-09-14T04:25:44.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:49 honeypot-ams-1 sshd[17897]: Disconnected from authenticating user root 121.25.250.163 port 36618 [preauth]","@timestamp":"2022-09-14T04:25:49.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:25:54 honeypot-ams-1 sshd[17903]: Disconnected from authenticating user root 121.25.250.163 port 49192 [preauth]","@timestamp":"2022-09-14T04:25:55.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:02 honeypot-ams-1 sshd[17909]: Disconnected from authenticating user root 121.25.250.163 port 58534 [preauth]","@timestamp":"2022-09-14T04:26:03.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:16 honeypot-ams-1 sshd[17915]: Disconnected from authenticating user root 121.25.250.163 port 43132 [preauth]","@timestamp":"2022-09-14T04:26:17.140Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:23 honeypot-ams-1 sshd[17921]: Disconnected from authenticating user root 121.25.250.163 port 47692 [preauth]","@timestamp":"2022-09-14T04:26:24.145Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:28 honeypot-ams-1 sshd[17927]: Disconnected from authenticating user root 121.25.250.163 port 41916 [preauth]","@timestamp":"2022-09-14T04:26:29.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:38 honeypot-ams-1 sshd[17933]: Disconnected from authenticating user root 121.25.250.163 port 47212 [preauth]","@timestamp":"2022-09-14T04:26:38.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:45 honeypot-ams-1 sshd[17939]: Disconnected from authenticating user root 121.25.250.163 port 40196 [preauth]","@timestamp":"2022-09-14T04:26:46.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:26:53 honeypot-ams-1 sshd[17945]: Disconnected from authenticating user root 121.25.250.163 port 48864 [preauth]","@timestamp":"2022-09-14T04:26:54.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:00 honeypot-ams-1 sshd[17951]: Disconnected from authenticating user root 121.25.250.163 port 56694 [preauth]","@timestamp":"2022-09-14T04:27:01.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:03 honeypot-ams-1 sshd[17955]: Disconnected from invalid user admin 121.25.250.163 port 34480 [preauth]","@timestamp":"2022-09-14T04:27:04.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:08 honeypot-ams-1 sshd[17959]: Disconnected from invalid user admin 121.25.250.163 port 35030 [preauth]","@timestamp":"2022-09-14T04:27:09.173Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:13 honeypot-ams-1 sshd[17963]: Disconnected from invalid user admin 121.25.250.163 port 47018 [preauth]","@timestamp":"2022-09-14T04:27:14.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:18 honeypot-ams-1 sshd[17967]: Disconnected from invalid user admin 121.25.250.163 port 37206 [preauth]","@timestamp":"2022-09-14T04:27:19.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:24 honeypot-ams-1 sshd[17971]: Disconnected from invalid user admin 121.25.250.163 port 44404 [preauth]","@timestamp":"2022-09-14T04:27:25.183Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:34 honeypot-ams-1 sshd[17977]: Received disconnect from 121.25.250.163 port 57424:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:34.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:37 honeypot-ams-1 sshd[17981]: Received disconnect from 121.25.250.163 port 41460:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:38.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:41 honeypot-ams-1 sshd[17985]: Received disconnect from 121.25.250.163 port 41732:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:41.194Z"}
{"@timestamp":"2022-09-14T04:27:44.938Z","@version":"1","message":"Sep 14 04:27:44 honeypot-sgp-1 sshd[12458]: Received disconnect from 143.198.75.234 port 40950:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:45 honeypot-ams-1 sshd[17989]: Received disconnect from 121.25.250.163 port 42432:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:46.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:51 honeypot-ams-1 sshd[17993]: Received disconnect from 121.25.250.163 port 39002:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:52.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:27:58 honeypot-ams-1 sshd[17997]: Received disconnect from 121.25.250.163 port 41100:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:27:59.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:05 honeypot-ams-1 sshd[18001]: Received disconnect from 121.25.250.163 port 36614:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:06.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:12 honeypot-ams-1 sshd[18005]: Received disconnect from 121.25.250.163 port 43634:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:13.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:16 honeypot-ams-1 sshd[18009]: Received disconnect from 121.25.250.163 port 48934:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:17.217Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:21 honeypot-ams-1 sshd[18013]: Received disconnect from 121.25.250.163 port 37580:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:21.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:26 honeypot-ams-1 sshd[18017]: Received disconnect from 121.25.250.163 port 59870:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:27.225Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:28:31 honeypot-ams-1 sshd[18021]: Received disconnect from 121.25.250.163 port 50926:11: Bye Bye [preauth]","@timestamp":"2022-09-14T04:28:32.228Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:32:44 honeypot-fra-1 kernel: [84004386.456370] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.6.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39850 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:32:45.125Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T04:34:44.114Z","@version":"1","message":"Sep 14 04:34:43 honeypot-sgp-1 kernel: [84006192.997881] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59917 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:36:15 honeypot-ams-1 sshd[18024]: Disconnected from invalid user ecd 151.0.165.235 port 49054 [preauth]","@timestamp":"2022-09-14T04:36:16.425Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 04:44:11 honeypot-ams-1 kernel: [84007234.949174] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=6695 PROTO=TCP SPT=36038 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T04:44:12.630Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 04:44:40 honeypot-ams-1 sshd[18033]: Connection closed by invalid user admin 148.153.82.141 port 35606 [preauth]","@timestamp":"2022-09-14T04:44:41.645Z"}
{"@timestamp":"2022-09-14T04:45:39.380Z","@version":"1","message":"Sep 14 04:45:38 honeypot-sgp-1 sshd[12468]: Invalid user zhangguoqiang from 137.116.144.39 port 49694","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T04:46:47.409Z","@version":"1","message":"Sep 14 04:46:47 honeypot-sgp-1 sshd[12472]: Received disconnect from 210.245.26.43 port 54194:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:47:42 honeypot-fra-1 sshd[8064]: Received disconnect from 45.61.186.249 port 44448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T04:47:43.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:01 honeypot-fra-1 sshd[8068]: Received disconnect from 45.61.186.249 port 39098:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T04:48:02.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:20 honeypot-fra-1 sshd[8072]: Received disconnect from 45.61.186.249 port 33764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T04:48:21.478Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:48:36 honeypot-fra-1 sshd[8077]: Invalid user user from 45.61.186.249 port 56666","@timestamp":"2022-09-14T04:48:37.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 04:55:06 honeypot-fra-1 sshd[8083]: Connection closed by invalid user test 193.106.191.157 port 54812 [preauth]","@timestamp":"2022-09-14T04:55:07.634Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:01:30 honeypot-ams-1 sshd[18039]: Disconnected from authenticating user root 92.255.85.69 port 54116 [preauth]","@timestamp":"2022-09-14T05:01:31.071Z"}
{"@timestamp":"2022-09-14T05:07:31.908Z","@version":"1","message":"Sep 14 05:07:31 honeypot-sgp-1 kernel: [84008160.466677] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=1602 DF PROTO=TCP SPT=63284 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:11:57 honeypot-fra-1 kernel: [84006739.362081] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.204.100 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45214 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:11:58.009Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:17:01 honeypot-fra-1 CRON[8094]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T05:17:02.125Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:18:13 honeypot-ams-1 kernel: [84009276.895195] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=47753 DF PROTO=TCP SPT=49407 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T05:18:14.493Z"}
{"@timestamp":"2022-09-14T05:20:16.214Z","@version":"1","message":"Sep 14 05:20:15 honeypot-sgp-1 sshd[12483]: Received disconnect from 92.255.85.69 port 31448:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:24:44 honeypot-ams-1 sshd[18051]: Invalid user pi from 164.177.68.149 port 52686","@timestamp":"2022-09-14T05:24:45.664Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:26:40 honeypot-ams-1 kernel: [84009783.343563] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.125.34.196 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x40 TTL=113 ID=17813 DF PROTO=TCP SPT=51901 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:26:40.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:27:07 honeypot-fra-1 kernel: [84007648.566099] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25996 PROTO=TCP SPT=52857 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:27:07.350Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T05:30:55.469Z","@version":"1","message":"Sep 14 05:30:54 honeypot-sgp-1 sshd[12487]: Invalid user user from 45.61.184.204 port 50248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:15.480Z","@version":"1","message":"Sep 14 05:31:14 honeypot-sgp-1 sshd[12491]: Invalid user user from 45.61.184.204 port 45318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:33.488Z","@version":"1","message":"Sep 14 05:31:32 honeypot-sgp-1 sshd[12495]: Invalid user user from 45.61.184.204 port 40392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:31:49.496Z","@version":"1","message":"Sep 14 05:31:49 honeypot-sgp-1 sshd[12499]: Invalid user user from 45.61.184.204 port 35466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:35:20 honeypot-fra-1 sshd[8104]: Invalid user matex from 141.98.10.158 port 55038","@timestamp":"2022-09-14T05:35:20.536Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T05:36:26.626Z","@version":"1","message":"Sep 14 05:36:26 honeypot-sgp-1 sshd[12504]: Received disconnect from 204.48.30.77 port 58150:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:41:18 honeypot-ams-1 sshd[18060]: Invalid user napoleon from 157.52.184.32 port 35910","@timestamp":"2022-09-14T05:41:19.087Z"}
{"@timestamp":"2022-09-14T05:43:03.786Z","@version":"1","message":"Sep 14 05:43:03 honeypot-sgp-1 sshd[12508]: Disconnected from invalid user user 45.61.187.160 port 47368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:22.796Z","@version":"1","message":"Sep 14 05:43:22 honeypot-sgp-1 sshd[12512]: Disconnected from invalid user user 45.61.187.160 port 42036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:40.805Z","@version":"1","message":"Sep 14 05:43:40 honeypot-sgp-1 sshd[12518]: Invalid user user from 45.61.187.160 port 36700","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T05:43:56.813Z","@version":"1","message":"Sep 14 05:43:56 honeypot-sgp-1 sshd[12522]: Invalid user user from 45.61.187.160 port 59596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:46:12 honeypot-fra-1 sshd[8110]: Disconnected from authenticating user root 92.255.85.69 port 31464 [preauth]","@timestamp":"2022-09-14T05:46:12.778Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 05:48:05 honeypot-ams-1 kernel: [84011068.925725] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=50597 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T05:48:06.264Z"}
{"@timestamp":"2022-09-14T05:48:17.920Z","@version":"1","message":"Sep 14 05:48:16 honeypot-sgp-1 sshd[12525]: Disconnected from invalid user hl2dm 128.199.118.93 port 49266 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 05:53:30 honeypot-ams-1 sshd[18068]: Received disconnect from 104.248.153.95 port 36808:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:53:30.417Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 05:58:47 honeypot-fra-1 sshd[8120]: Received disconnect from 94.153.212.78 port 53606:11: Bye Bye [preauth]","@timestamp":"2022-09-14T05:58:48.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:01:10 honeypot-fra-1 kernel: [84009691.611793] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.15.60.133 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=65056 DF PROTO=TCP SPT=34702 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:01:11.135Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:03:32 honeypot-ams-1 sshd[18074]: Received disconnect from 143.244.158.100 port 53054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:03:33.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:05:16 honeypot-ams-1 sshd[18080]: Disconnected from authenticating user root 143.244.158.100 port 39596 [preauth]","@timestamp":"2022-09-14T06:05:17.722Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:06:45 honeypot-fra-1 sshd[8131]: Invalid user user from 45.61.186.249 port 51086","@timestamp":"2022-09-14T06:06:46.264Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:06:59.413Z","@version":"1","message":"Sep 14 06:06:58 honeypot-sgp-1 sshd[12529]: Received disconnect from 92.255.85.70 port 56082:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:04 honeypot-fra-1 sshd[8233]: Invalid user user from 45.61.186.249 port 45804","@timestamp":"2022-09-14T06:07:05.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:21 honeypot-fra-1 sshd[8237]: Invalid user user from 45.61.186.249 port 40512","@timestamp":"2022-09-14T06:07:22.281Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:07:34 honeypot-ams-1 sshd[18087]: Disconnected from authenticating user root 175.126.38.54 port 51586 [preauth]","@timestamp":"2022-09-14T06:07:35.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:07:39 honeypot-fra-1 sshd[8241]: Invalid user user from 45.61.186.249 port 35224","@timestamp":"2022-09-14T06:07:39.289Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:09:27 honeypot-ams-1 sshd[18093]: Disconnected from authenticating user root 143.244.158.100 port 54204 [preauth]","@timestamp":"2022-09-14T06:09:27.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:11:05 honeypot-ams-1 sshd[18153]: Received disconnect from 161.35.131.133 port 34144:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:11:05.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:12:04 honeypot-fra-1 sshd[8246]: Invalid user zhangguoqiang from 137.116.144.39 port 50308","@timestamp":"2022-09-14T06:12:05.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:12:43 honeypot-ams-1 sshd[23801]: Received disconnect from 143.244.158.100 port 46224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:12:43.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:14:02 honeypot-ams-1 sshd[23806]: Disconnected from invalid user data 35.222.227.227 port 41288 [preauth]","@timestamp":"2022-09-14T06:14:03.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:14:27 honeypot-fra-1 kernel: [84010488.271631] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=11757 PROTO=TCP SPT=40966 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:14:27.470Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T06:15:36.624Z","@version":"1","message":"Sep 14 06:15:36 honeypot-sgp-1 kernel: [84012245.423667] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.73 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=25903 PROTO=TCP SPT=12789 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:15:36 honeypot-ams-1 kernel: [84012719.694449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.185.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55907 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:15:37.009Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:17:01 honeypot-ams-1 CRON[23818]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T06:17:02.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:19:19 honeypot-ams-1 sshd[23825]: Disconnected from authenticating user root 143.244.158.100 port 57504 [preauth]","@timestamp":"2022-09-14T06:19:20.111Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:21:26 honeypot-ams-1 kernel: [84013069.365580] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.138 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=27009 PROTO=TCP SPT=47741 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:21:26.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:22:34 honeypot-ams-1 sshd[23836]: Received disconnect from 143.244.158.100 port 42274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:22:35.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:25:01 honeypot-ams-1 CRON[23842]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T06:25:01.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:25:01 honeypot-fra-1 CRON[8255]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T06:25:02.709Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:25:52 honeypot-ams-1 sshd[24017]: Disconnected from authenticating user root 143.244.158.100 port 38218 [preauth]","@timestamp":"2022-09-14T06:25:53.294Z"}
{"@timestamp":"2022-09-14T06:25:55.886Z","@version":"1","message":"Sep 14 06:25:54 honeypot-sgp-1 kernel: [84012864.105284] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.122 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49773 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:27:31 honeypot-ams-1 sshd[24023]: Disconnected from authenticating user root 143.244.158.100 port 42134 [preauth]","@timestamp":"2022-09-14T06:27:31.341Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:29:18 honeypot-ams-1 kernel: [84013542.171099] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=27088 DF PROTO=TCP SPT=53870 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T06:29:19.391Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:30:09 honeypot-ams-1 sshd[24032]: Disconnected from authenticating user root 143.244.158.100 port 47272 [preauth]","@timestamp":"2022-09-14T06:30:10.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:32:21 honeypot-fra-1 kernel: [84011562.921080] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.204.28 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49312 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:32:21.877Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T06:32:40.060Z","@version":"1","message":"Sep 14 06:32:39 honeypot-sgp-1 kernel: [84013268.614087] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=55833 PROTO=TCP SPT=41459 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:32:40 honeypot-ams-1 sshd[24038]: Disconnected from authenticating user root 143.244.158.100 port 47204 [preauth]","@timestamp":"2022-09-14T06:32:41.483Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:35:12 honeypot-ams-1 sshd[24045]: Received disconnect from 143.244.158.100 port 39942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:35:12.551Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 06:36:22 honeypot-ams-1 kernel: [84013965.596054] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=26918 PROTO=TCP SPT=56378 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T06:36:22.585Z"}
{"@timestamp":"2022-09-14T06:37:58.191Z","@version":"1","message":"Sep 14 06:37:57 honeypot-sgp-1 sshd[12693]: Received disconnect from 45.61.186.49 port 46866:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:38:01 honeypot-fra-1 sshd[8396]: Invalid user devops from 202.29.13.51 port 44614","@timestamp":"2022-09-14T06:38:02.007Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:38:27 honeypot-ams-1 sshd[24057]: Received disconnect from 143.244.158.100 port 50040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T06:38:27.644Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:39:18 honeypot-ams-1 sshd[24062]: Disconnected from authenticating user root 143.244.158.100 port 37764 [preauth]","@timestamp":"2022-09-14T06:39:18.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:39:45 honeypot-fra-1 sshd[8398]: Received disconnect from 178.62.29.96 port 47832:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:39:46.048Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T06:40:59.266Z","@version":"1","message":"Sep 14 06:40:58 honeypot-sgp-1 sshd[12699]: Did not receive identification string from 45.61.186.49 port 36698","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:41:12.273Z","@version":"1","message":"Sep 14 06:41:12 honeypot-sgp-1 sshd[12702]: Disconnected from invalid user user 45.61.186.49 port 45898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:41:22.279Z","@version":"1","message":"Sep 14 06:41:21 honeypot-sgp-1 sshd[12706]: Disconnected from invalid user user 45.61.186.49 port 57488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:41:46 honeypot-ams-1 sshd[24068]: Disconnected from authenticating user root 143.244.158.100 port 42880 [preauth]","@timestamp":"2022-09-14T06:41:46.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:44:14 honeypot-ams-1 sshd[24075]: Disconnected from authenticating user root 143.244.158.100 port 54462 [preauth]","@timestamp":"2022-09-14T06:44:14.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:46:39 honeypot-ams-1 sshd[24081]: Disconnected from authenticating user root 143.244.158.100 port 50372 [preauth]","@timestamp":"2022-09-14T06:46:39.868Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:47:38 honeypot-fra-1 sshd[8403]: Disconnected from invalid user kundert 165.22.45.108 port 36730 [preauth]","@timestamp":"2022-09-14T06:47:38.222Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:48:18 honeypot-ams-1 sshd[24085]: Disconnected from authenticating user root 143.244.158.100 port 42888 [preauth]","@timestamp":"2022-09-14T06:48:18.913Z"}
{"@timestamp":"2022-09-14T06:54:11.600Z","@version":"1","message":"Sep 14 06:54:11 honeypot-sgp-1 sshd[12719]: Received disconnect from 134.19.150.174 port 55442:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:55:40.639Z","@version":"1","message":"Sep 14 06:55:39 honeypot-sgp-1 sshd[12723]: Disconnected from invalid user hamlet 164.90.195.134 port 54836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T06:59:17.729Z","@version":"1","message":"Sep 14 06:59:17 honeypot-sgp-1 sshd[12823]: Received disconnect from 51.83.44.100 port 39440:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 06:59:18 honeypot-ams-1 sshd[24089]: Disconnected from authenticating user root 92.255.85.69 port 40862 [preauth]","@timestamp":"2022-09-14T06:59:19.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 06:59:51 honeypot-fra-1 sshd[8410]: Received disconnect from 89.190.84.6 port 40810:11: Bye Bye [preauth]","@timestamp":"2022-09-14T06:59:52.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:07:46 honeypot-fra-1 sshd[8416]: Received disconnect from 203.193.135.44 port 57486:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:07:47.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:12 honeypot-fra-1 sshd[8421]: Invalid user user from 141.255.162.226 port 41606","@timestamp":"2022-09-14T07:12:12.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:16 honeypot-fra-1 sshd[8425]: Invalid user user from 141.255.162.226 port 38666","@timestamp":"2022-09-14T07:12:16.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:18 honeypot-fra-1 sshd[8429]: Invalid user user from 141.255.162.226 port 44990","@timestamp":"2022-09-14T07:12:18.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:12:53 honeypot-fra-1 sshd[8434]: Invalid user intel from 87.245.17.229 port 45558","@timestamp":"2022-09-14T07:12:53.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:16:05.141Z","@version":"1","message":"Sep 14 07:16:04 honeypot-sgp-1 kernel: [84015873.271398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.141.30.50 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=23303 DF PROTO=TCP SPT=9448 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:16:59 honeypot-fra-1 sshd[8436]: Disconnected from authenticating user root 178.128.116.50 port 42470 [preauth]","@timestamp":"2022-09-14T07:16:59.894Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:17:03.168Z","@version":"1","message":"Sep 14 07:17:02 honeypot-sgp-1 sshd[12831]: Disconnected from invalid user user 45.61.186.49 port 42294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:17:11.171Z","@version":"1","message":"Sep 14 07:17:10 honeypot-sgp-1 sshd[12838]: Disconnected from invalid user user 45.61.186.49 port 53492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 07:17:19 honeypot-ams-1 kernel: [84016422.793098] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.189.38.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=31461 PROTO=TCP SPT=22234 DPT=80 WINDOW=36377 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T07:17:19.654Z"}
{"@timestamp":"2022-09-14T07:17:41.186Z","@version":"1","message":"Sep 14 07:17:40 honeypot-sgp-1 sshd[12842]: Disconnected from authenticating user root 92.255.85.69 port 51462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:18:34 honeypot-fra-1 sshd[8444]: Connection closed by invalid user  152.32.249.159 port 41148 [preauth]","@timestamp":"2022-09-14T07:18:34.935Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:20:22 honeypot-fra-1 sshd[8448]: Disconnected from authenticating user root 92.255.85.69 port 34424 [preauth]","@timestamp":"2022-09-14T07:20:22.977Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:28 honeypot-ams-1 sshd[24101]: Did not receive identification string from 198.98.61.9 port 52678","@timestamp":"2022-09-14T07:21:28.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:46 honeypot-ams-1 sshd[24104]: Disconnected from invalid user admin 46.19.141.122 port 51526 [preauth]","@timestamp":"2022-09-14T07:21:46.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:21:56 honeypot-ams-1 sshd[24108]: Disconnected from invalid user user 198.98.61.9 port 34994 [preauth]","@timestamp":"2022-09-14T07:21:56.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:07 honeypot-ams-1 sshd[24113]: Disconnected from invalid user ubuntu 46.19.141.122 port 55170 [preauth]","@timestamp":"2022-09-14T07:22:07.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:22 honeypot-ams-1 sshd[24117]: Disconnected from invalid user user 198.98.61.9 port 42002 [preauth]","@timestamp":"2022-09-14T07:22:22.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:22:38 honeypot-ams-1 sshd[24121]: Received disconnect from 198.98.61.9 port 37262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:22:38.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:30 honeypot-ams-1 sshd[24127]: Invalid user user from 46.19.141.122 port 34230","@timestamp":"2022-09-14T07:23:30.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:23:49 honeypot-ams-1 sshd[24131]: Received disconnect from 46.101.47.30 port 48282:11: Bye Bye [preauth]","@timestamp":"2022-09-14T07:23:49.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:24:47 honeypot-ams-1 sshd[24135]: Disconnected from authenticating user root 46.19.141.122 port 45174 [preauth]","@timestamp":"2022-09-14T07:24:48.869Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:35:27 honeypot-fra-1 sshd[8451]: Disconnected from invalid user isabelle 167.99.55.86 port 54236 [preauth]","@timestamp":"2022-09-14T07:35:27.309Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:36:39.646Z","@version":"1","message":"Sep 14 07:36:39 honeypot-sgp-1 kernel: [84017107.948783] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.240.236.116 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=57967 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:41.697Z","@version":"1","message":"Sep 14 07:38:40 honeypot-sgp-1 sshd[12851]: Received disconnect from 141.255.162.226 port 52838:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T07:38:48.702Z","@version":"1","message":"Sep 14 07:38:48 honeypot-sgp-1 sshd[12855]: Received disconnect from 141.255.162.226 port 56048:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:40:24 honeypot-ams-1 sshd[24141]: Disconnected from invalid user admin 59.3.76.218 port 37880 [preauth]","@timestamp":"2022-09-14T07:40:25.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:40:25 honeypot-fra-1 sshd[8458]: Unable to negotiate with 113.5.234.18 port 56313: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-14T07:40:25.424Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T07:41:12.761Z","@version":"1","message":"Sep 14 07:41:11 honeypot-sgp-1 sshd[12861]: Disconnected from authenticating user root 92.255.85.70 port 26580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:46:38 honeypot-ams-1 sshd[24146]: Disconnected from authenticating user root 92.255.85.69 port 42028 [preauth]","@timestamp":"2022-09-14T07:46:39.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:47:42 honeypot-fra-1 sshd[8465]: Invalid user gesi from 206.189.189.7 port 36378","@timestamp":"2022-09-14T07:47:42.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 07:49:42 honeypot-fra-1 sshd[8468]: Disconnected from authenticating user root 161.35.109.221 port 42444 [preauth]","@timestamp":"2022-09-14T07:49:42.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:10 honeypot-ams-1 sshd[24221]: Received disconnect from 45.61.184.204 port 52324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:53:10.597Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:31 honeypot-ams-1 sshd[24226]: Received disconnect from 45.61.184.204 port 48304:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:53:31.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:53:51 honeypot-ams-1 sshd[24230]: Received disconnect from 45.61.184.204 port 44156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:53:51.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:54:09 honeypot-ams-1 sshd[24234]: Received disconnect from 45.61.184.204 port 40104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T07:54:09.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 07:57:19 honeypot-ams-1 sshd[24238]: Disconnected from 204.48.30.72 port 54870 [preauth]","@timestamp":"2022-09-14T07:57:19.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:01:38 honeypot-fra-1 kernel: [84016919.460207] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.222 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55447 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:01:38.909Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T08:04:57.332Z","@version":"1","message":"Sep 14 08:04:56 honeypot-sgp-1 kernel: [84018805.885914] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=45865 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:05:15 honeypot-fra-1 sshd[8476]: Disconnected from invalid user ryder 103.176.21.55 port 36904 [preauth]","@timestamp":"2022-09-14T08:05:15.995Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:06:26 honeypot-ams-1 kernel: [84019369.287657] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.8 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=50662 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:06:26.953Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:14:41 honeypot-ams-1 kernel: [84019864.612659] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.136.105 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=5051 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:14:42.172Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:14:55 honeypot-ams-1 sshd[24251]: Disconnected from invalid user user 45.61.186.49 port 38672 [preauth]","@timestamp":"2022-09-14T08:14:56.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:15:04 honeypot-ams-1 sshd[24255]: Disconnected from invalid user user 45.61.186.49 port 49980 [preauth]","@timestamp":"2022-09-14T08:15:05.183Z"}
{"@timestamp":"2022-09-14T08:16:51.624Z","@version":"1","message":"Sep 14 08:16:51 honeypot-sgp-1 kernel: [84019520.316047] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.14.134.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=32802 PROTO=TCP SPT=40637 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:46 honeypot-ams-1 sshd[24263]: Did not receive identification string from 141.255.162.226 port 56884","@timestamp":"2022-09-14T08:18:46.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:55 honeypot-ams-1 sshd[24266]: Disconnected from invalid user user 141.255.162.226 port 46052 [preauth]","@timestamp":"2022-09-14T08:18:56.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:18:59 honeypot-ams-1 sshd[24270]: Disconnected from invalid user user 141.255.162.226 port 33562 [preauth]","@timestamp":"2022-09-14T08:18:59.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:19:02 honeypot-ams-1 sshd[24274]: Disconnected from invalid user user 141.255.162.226 port 49300 [preauth]","@timestamp":"2022-09-14T08:19:03.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:06 honeypot-ams-1 sshd[24280]: Received disconnect from 45.61.186.169 port 56258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:21:06.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:22 honeypot-ams-1 sshd[24284]: Received disconnect from 45.61.186.169 port 50974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:21:23.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:21:38 honeypot-ams-1 sshd[24288]: Received disconnect from 45.61.186.169 port 45696:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:21:39.369Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:23:19 honeypot-fra-1 sshd[8502]: Received disconnect from 165.22.45.108 port 46616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T08:23:19.400Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T08:24:45.818Z","@version":"1","message":"Sep 14 08:24:45 honeypot-sgp-1 sshd[12918]: Invalid user marlon from 138.68.9.83 port 48554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:27:44.893Z","@version":"1","message":"Sep 14 08:27:44 honeypot-sgp-1 sshd[12923]: Invalid user standard from 125.235.240.165 port 45928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:28:28.914Z","@version":"1","message":"Sep 14 08:28:28 honeypot-sgp-1 sshd[12927]: Received disconnect from 155.0.68.5 port 41466:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:30:28 honeypot-ams-1 kernel: [84020811.612245] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=56471 PROTO=TCP SPT=44202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:30:28.595Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:30:38 honeypot-fra-1 kernel: [84018659.043620] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=51742 PROTO=TCP SPT=44202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:30:38.571Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:36:16 honeypot-ams-1 sshd[24318]: Invalid user info from 23.95.164.237 port 46978","@timestamp":"2022-09-14T08:36:16.746Z"}
{"@timestamp":"2022-09-14T08:37:25.139Z","@version":"1","message":"Sep 14 08:37:24 honeypot-sgp-1 kernel: [84020753.828202] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.106 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=13786 PROTO=TCP SPT=34659 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:30 honeypot-ams-1 sshd[24322]: Did not receive identification string from 141.255.162.226 port 54354","@timestamp":"2022-09-14T08:38:30.805Z"}
{"@timestamp":"2022-09-14T08:38:36.172Z","@version":"1","message":"Sep 14 08:38:36 honeypot-sgp-1 sshd[12935]: Disconnected from invalid user user 141.255.162.226 port 34880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:36 honeypot-ams-1 sshd[24325]: Disconnected from invalid user user 141.255.162.226 port 33528 [preauth]","@timestamp":"2022-09-14T08:38:37.809Z"}
{"@timestamp":"2022-09-14T08:38:40.175Z","@version":"1","message":"Sep 14 08:38:40 honeypot-sgp-1 sshd[12937]: Disconnected from invalid user user 141.255.162.226 port 50480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:38:39 honeypot-ams-1 sshd[24329]: Disconnected from invalid user user 141.255.162.226 port 56928 [preauth]","@timestamp":"2022-09-14T08:38:40.812Z"}
{"@timestamp":"2022-09-14T08:38:42.176Z","@version":"1","message":"Sep 14 08:38:41 honeypot-sgp-1 sshd[12943]: Invalid user user from 141.255.162.226 port 55314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:38:56 honeypot-fra-1 kernel: [84019157.333515] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.79.139 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=3646 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:38:56.760Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 08:42:28 honeypot-ams-1 kernel: [84021531.455917] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.41.159.244 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=4218 PROTO=TCP SPT=62489 DPT=443 WINDOW=17823 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T08:42:28.910Z"}
{"@timestamp":"2022-09-14T08:48:24.419Z","@version":"1","message":"Sep 14 08:48:23 honeypot-sgp-1 kernel: [84021412.574393] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=34262 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T08:52:13.519Z","@version":"1","message":"Sep 14 08:52:12 honeypot-sgp-1 sshd[12954]: Received disconnect from 92.255.85.70 port 40246:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 08:54:45 honeypot-fra-1 sshd[8517]: Disconnected from authenticating user root 92.255.85.70 port 49816 [preauth]","@timestamp":"2022-09-14T08:54:46.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 08:57:04 honeypot-ams-1 sshd[24341]: Received disconnect from 92.255.85.70 port 27286:11: Bye Bye [preauth]","@timestamp":"2022-09-14T08:57:05.287Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:10:28 honeypot-fra-1 sshd[8523]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-14T09:10:29.493Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:11:01.992Z","@version":"1","message":"Sep 14 09:11:01 honeypot-sgp-1 sshd[12959]: Received disconnect from 222.122.82.135 port 37561:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:13:11 honeypot-ams-1 sshd[24347]: Disconnected from 204.48.30.72 port 47376 [preauth]","@timestamp":"2022-09-14T09:13:11.694Z"}
{"@timestamp":"2022-09-14T09:15:50.113Z","@version":"1","message":"Sep 14 09:15:49 honeypot-sgp-1 sshd[12964]: Disconnected from authenticating user root 197.248.2.229 port 57156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:17:01 honeypot-fra-1 CRON[8527]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T09:17:01.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:21:10 honeypot-ams-1 sshd[24354]: Disconnected from authenticating user root 92.255.85.69 port 45700 [preauth]","@timestamp":"2022-09-14T09:21:10.902Z"}
{"@timestamp":"2022-09-14T09:23:14.300Z","@version":"1","message":"Sep 14 09:23:14 honeypot-sgp-1 kernel: [84023502.889327] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.254 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35730 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:23:56 honeypot-fra-1 kernel: [84021857.145405] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=28193 PROTO=TCP SPT=31084 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:23:56.802Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:25:57 honeypot-ams-1 sshd[24356]: Invalid user admin from 159.65.65.135 port 35078","@timestamp":"2022-09-14T09:25:58.029Z"}
{"@timestamp":"2022-09-14T09:26:58.401Z","@version":"1","message":"Sep 14 09:26:58 honeypot-sgp-1 kernel: [84023727.177102] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=102.67.229.64 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=55320 DF PROTO=TCP SPT=50274 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T09:29:23.461Z","@version":"1","message":"Sep 14 09:29:22 honeypot-sgp-1 sshd[12979]: Invalid user admin from 178.128.125.205 port 46948","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:29:37 honeypot-ams-1 sshd[24360]: Disconnected from authenticating user root 80.76.51.189 port 57780 [preauth]","@timestamp":"2022-09-14T09:29:38.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:30:53 honeypot-ams-1 sshd[24366]: Received disconnect from 80.76.51.189 port 39192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:30:54.163Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:31:58 honeypot-ams-1 kernel: [84024502.002940] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.83.64.49 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=59 ID=3947 DF PROTO=TCP SPT=49233 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:31:59.195Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:32:18 honeypot-fra-1 sshd[8537]: Disconnected from authenticating user root 165.227.195.34 port 53358 [preauth]","@timestamp":"2022-09-14T09:32:18.990Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:33:05 honeypot-ams-1 sshd[24376]: Disconnected from authenticating user root 80.76.51.189 port 55392 [preauth]","@timestamp":"2022-09-14T09:33:06.226Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:34:29 honeypot-ams-1 sshd[24383]: Invalid user test from 80.76.51.189 port 36894","@timestamp":"2022-09-14T09:34:30.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:35:25 honeypot-ams-1 sshd[24387]: Invalid user testuser from 80.76.51.189 port 43380","@timestamp":"2022-09-14T09:35:25.292Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:36:20 honeypot-ams-1 sshd[24391]: Invalid user ubuntu from 80.76.51.189 port 49870","@timestamp":"2022-09-14T09:36:21.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:37:16 honeypot-ams-1 sshd[24395]: Invalid user ubuntu from 80.76.51.189 port 56360","@timestamp":"2022-09-14T09:37:17.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:38:13 honeypot-ams-1 sshd[24399]: Disconnected from authenticating user root 80.76.51.189 port 34624 [preauth]","@timestamp":"2022-09-14T09:38:14.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:39:12 honeypot-ams-1 sshd[24403]: Disconnected from invalid user postgres 80.76.51.189 port 41104 [preauth]","@timestamp":"2022-09-14T09:39:12.397Z"}
{"@timestamp":"2022-09-14T09:39:17.707Z","@version":"1","message":"Sep 14 09:39:16 honeypot-sgp-1 sshd[12986]: Received disconnect from 92.255.85.69 port 45798:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:40:43 honeypot-ams-1 sshd[24410]: Received disconnect from 80.76.51.189 port 50836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T09:40:43.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:41:44 honeypot-ams-1 sshd[24414]: Disconnected from authenticating user root 80.76.51.189 port 57340 [preauth]","@timestamp":"2022-09-14T09:41:44.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:43:18 honeypot-fra-1 sshd[8542]: Disconnected from invalid user charles 159.223.22.132 port 40026 [preauth]","@timestamp":"2022-09-14T09:43:19.237Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T09:44:54.850Z","@version":"1","message":"Sep 14 09:44:54 honeypot-sgp-1 sshd[12991]: Received disconnect from 159.89.29.240 port 39126:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 09:47:24 honeypot-ams-1 kernel: [84025427.837269] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.219.127.202 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T09:47:25.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:49:09 honeypot-fra-1 sshd[8549]: Disconnected from authenticating user root 103.221.223.250 port 33152 [preauth]","@timestamp":"2022-09-14T09:49:10.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:51:02 honeypot-ams-1 sshd[24420]: Disconnected from invalid user affleck 64.227.126.250 port 53942 [preauth]","@timestamp":"2022-09-14T09:51:02.709Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:53:57 honeypot-fra-1 sshd[8555]: Received disconnect from 161.35.102.143 port 53314:11: Bye Bye [preauth]","@timestamp":"2022-09-14T09:53:58.505Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 09:57:06 honeypot-ams-1 sshd[24428]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-14T09:57:07.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 09:59:28 honeypot-fra-1 sshd[8560]: Disconnected from invalid user kundert 165.22.45.108 port 56492 [preauth]","@timestamp":"2022-09-14T09:59:29.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:01:23 honeypot-fra-1 sshd[8569]: Received disconnect from 179.43.145.74 port 57826:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:01:24.703Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:02:07.279Z","@version":"1","message":"Sep 14 10:02:06 honeypot-sgp-1 sshd[12997]: Invalid user dummy from 198.12.85.199 port 53004","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:02:57.302Z","@version":"1","message":"Sep 14 10:02:57 honeypot-sgp-1 sshd[13001]: Received disconnect from 189.50.97.12 port 20374:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:03:21 honeypot-fra-1 sshd[8575]: Received disconnect from 179.43.145.74 port 36310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T10:03:22.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:10:30 honeypot-fra-1 sshd[8580]: Received disconnect from 24.194.231.208 port 38776:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:10:30.910Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:10:46 honeypot-ams-1 sshd[24432]: Disconnected from authenticating user root 146.190.60.149 port 48764 [preauth]","@timestamp":"2022-09-14T10:10:46.229Z"}
{"@timestamp":"2022-09-14T10:11:29.522Z","@version":"1","message":"Sep 14 10:11:29 honeypot-sgp-1 kernel: [84026397.909398] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=77.32.109.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=42875 DF PROTO=TCP SPT=17625 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:15:08.616Z","@version":"1","message":"Sep 14 10:15:07 honeypot-sgp-1 sshd[13010]: Disconnected from authenticating user root 61.177.173.37 port 53625 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:16:04 honeypot-fra-1 kernel: [84024984.845415] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.116.48.39 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45631 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:16:05.040Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T10:18:44.711Z","@version":"1","message":"Sep 14 10:18:44 honeypot-sgp-1 kernel: [84026832.997381] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=39523 DF PROTO=TCP SPT=52565 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:19:39 honeypot-fra-1 sshd[8594]: Disconnected from authenticating user root 61.177.173.50 port 51453 [preauth]","@timestamp":"2022-09-14T10:19:40.124Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:24:52 honeypot-fra-1 sshd[8601]: Received disconnect from 61.177.173.36 port 62588:11:  [preauth]","@timestamp":"2022-09-14T10:24:53.246Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:25:49 honeypot-ams-1 kernel: [84027732.433857] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=57473 PROTO=TCP SPT=16647 DPT=80 WINDOW=42751 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:25:49.615Z"}
{"@timestamp":"2022-09-14T10:25:49.896Z","@version":"1","message":"Sep 14 10:25:49 honeypot-sgp-1 sshd[13025]: Received disconnect from 92.255.85.70 port 41020:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T10:28:29.970Z","@version":"1","message":"Sep 14 10:28:29 honeypot-sgp-1 kernel: [84027418.029437] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.4.100 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=16808 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:28:41 honeypot-fra-1 sshd[8607]: Connection closed by invalid user admin 183.107.114.23 port 47855 [preauth]","@timestamp":"2022-09-14T10:28:42.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:31:15 honeypot-ams-1 sshd[24441]: Disconnected from authenticating user root 92.255.85.70 port 48300 [preauth]","@timestamp":"2022-09-14T10:31:15.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:33:08 honeypot-fra-1 kernel: [84026009.506845] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.161.98 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=60047 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:33:09.437Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T10:38:06.237Z","@version":"1","message":"Sep 14 10:38:06 honeypot-sgp-1 kernel: [84027994.885987] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=59154 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:39:42 honeypot-ams-1 sshd[24444]: Received disconnect from 206.189.233.82 port 57092:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:39:42.997Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:41:44 honeypot-fra-1 kernel: [84026525.486265] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=23288 PROTO=TCP SPT=50670 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:41:45.635Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:41:59 honeypot-ams-1 kernel: [84028702.940652] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.49.120 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=4577 DF PROTO=TCP SPT=62067 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:42:00.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:06 honeypot-ams-1 sshd[24451]: Disconnected from authenticating user root 171.110.164.56 port 50952 [preauth]","@timestamp":"2022-09-14T10:49:06.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:12 honeypot-ams-1 sshd[24457]: Received disconnect from 171.110.164.56 port 50078:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:12.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:17 honeypot-ams-1 sshd[24463]: Received disconnect from 171.110.164.56 port 52116:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:18.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:23 honeypot-ams-1 sshd[24469]: Received disconnect from 171.110.164.56 port 52148:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:24.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:29 honeypot-ams-1 sshd[24475]: Received disconnect from 171.110.164.56 port 56160:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:30.262Z"}
{"@timestamp":"2022-09-14T10:49:30.530Z","@version":"1","message":"Sep 14 10:49:30 honeypot-sgp-1 sshd[13047]: Received disconnect from 92.255.85.69 port 34902:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:35 honeypot-ams-1 sshd[24481]: Received disconnect from 171.110.164.56 port 56172:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:36.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:41 honeypot-ams-1 sshd[24487]: Received disconnect from 171.110.164.56 port 59726:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:42.270Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:47 honeypot-ams-1 sshd[24493]: Received disconnect from 171.110.164.56 port 57770:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:48.274Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:49:53 honeypot-ams-1 sshd[24499]: Received disconnect from 171.110.164.56 port 57802:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:49:54.278Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:00 honeypot-ams-1 sshd[24505]: Received disconnect from 171.110.164.56 port 43866:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:01.283Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:06 honeypot-ams-1 sshd[24511]: Received disconnect from 171.110.164.56 port 43886:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:07.287Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:12 honeypot-ams-1 sshd[24517]: Received disconnect from 171.110.164.56 port 34196:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:13.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:16 honeypot-ams-1 sshd[24521]: Disconnected from invalid user admin 171.110.164.56 port 34218 [preauth]","@timestamp":"2022-09-14T10:50:17.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:20 honeypot-ams-1 sshd[24525]: Disconnected from invalid user admin 171.110.164.56 port 39464 [preauth]","@timestamp":"2022-09-14T10:50:21.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:50:22 honeypot-fra-1 kernel: [84027043.193111] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=34341 PROTO=TCP SPT=52508 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:50:22.849Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:24 honeypot-ams-1 sshd[24529]: Disconnected from invalid user admin 171.110.164.56 port 39490 [preauth]","@timestamp":"2022-09-14T10:50:25.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:28 honeypot-ams-1 sshd[24533]: Disconnected from invalid user admin 171.110.164.56 port 37634 [preauth]","@timestamp":"2022-09-14T10:50:29.301Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:32 honeypot-ams-1 sshd[24537]: Disconnected from invalid user admin 171.110.164.56 port 37646 [preauth]","@timestamp":"2022-09-14T10:50:33.303Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:36 honeypot-ams-1 sshd[24541]: Disconnected from invalid user user 171.110.164.56 port 37662 [preauth]","@timestamp":"2022-09-14T10:50:37.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:42 honeypot-ams-1 sshd[24547]: Received disconnect from 171.110.164.56 port 60848:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:43.309Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:46 honeypot-ams-1 sshd[24551]: Received disconnect from 171.110.164.56 port 60880:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:47.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:51 honeypot-ams-1 sshd[24555]: Received disconnect from 171.110.164.56 port 49906:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:52.315Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:55 honeypot-ams-1 sshd[24559]: Received disconnect from 171.110.164.56 port 49926:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:55.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:50:59 honeypot-ams-1 sshd[24563]: Received disconnect from 171.110.164.56 port 58928:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:50:59.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:03 honeypot-ams-1 sshd[24567]: Received disconnect from 171.110.164.56 port 58944:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:03.321Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:07 honeypot-ams-1 sshd[24571]: Received disconnect from 171.110.164.56 port 58958:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:07.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:11 honeypot-ams-1 sshd[24575]: Received disconnect from 171.110.164.56 port 51524:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:11.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:15 honeypot-ams-1 sshd[24579]: Received disconnect from 171.110.164.56 port 51536:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:51:15.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:18 honeypot-ams-1 sshd[24583]: Invalid user guest from 171.110.164.56 port 53692","@timestamp":"2022-09-14T10:51:19.331Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:51:22 honeypot-ams-1 sshd[24587]: Invalid user cirros from 171.110.164.56 port 53710","@timestamp":"2022-09-14T10:51:23.334Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 10:51:47 honeypot-ams-1 kernel: [84029290.572345] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=38983 DF PROTO=TCP SPT=44171 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T10:51:48.346Z"}
{"@timestamp":"2022-09-14T10:57:47.738Z","@version":"1","message":"Sep 14 10:57:47 honeypot-sgp-1 sshd[13052]: Did not receive identification string from 45.61.184.204 port 34912","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:57:57 honeypot-ams-1 sshd[24594]: Disconnected from authenticating user root 183.144.121.209 port 48370 [preauth]","@timestamp":"2022-09-14T10:57:58.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:03 honeypot-ams-1 sshd[24600]: Received disconnect from 183.144.121.209 port 48724:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:04.507Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:09 honeypot-ams-1 sshd[24606]: Received disconnect from 183.144.121.209 port 49062:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:10.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:15 honeypot-ams-1 sshd[24612]: Received disconnect from 183.144.121.209 port 49396:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:15.515Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:21 honeypot-ams-1 sshd[24618]: Received disconnect from 183.144.121.209 port 49752:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:21.519Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:26 honeypot-ams-1 sshd[24624]: Received disconnect from 183.144.121.209 port 50054:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:27.522Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:32 honeypot-ams-1 sshd[24630]: Received disconnect from 183.144.121.209 port 50376:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:33.525Z"}
{"@timestamp":"2022-09-14T10:58:34.778Z","@version":"1","message":"Sep 14 10:58:33 honeypot-sgp-1 sshd[13055]: Disconnected from invalid user user 45.61.184.204 port 48382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:38 honeypot-ams-1 sshd[24636]: Received disconnect from 183.144.121.209 port 50674:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:38.529Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:44 honeypot-ams-1 sshd[24642]: Did not receive identification string from 87.236.176.55 port 49807","@timestamp":"2022-09-14T10:58:44.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:48 honeypot-ams-1 sshd[24649]: Received disconnect from 183.144.121.209 port 51218:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:48.534Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:58:50 honeypot-fra-1 sshd[8628]: Did not receive identification string from 141.255.162.226 port 38358","@timestamp":"2022-09-14T10:58:51.046Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:53 honeypot-ams-1 sshd[24655]: Received disconnect from 183.144.121.209 port 51546:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:54.538Z"}
{"@timestamp":"2022-09-14T10:58:54.788Z","@version":"1","message":"Sep 14 10:58:53 honeypot-sgp-1 sshd[13059]: Disconnected from invalid user user 45.61.184.204 port 43384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:58:59 honeypot-ams-1 sshd[24661]: Received disconnect from 183.144.121.209 port 51852:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:58:59.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:05 honeypot-ams-1 sshd[24667]: Received disconnect from 183.144.121.209 port 52180:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:05.546Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:07 honeypot-fra-1 sshd[8631]: Disconnected from invalid user user 141.255.162.226 port 60656 [preauth]","@timestamp":"2022-09-14T10:59:08.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:08 honeypot-ams-1 sshd[24671]: Received disconnect from 183.144.121.209 port 52390:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:09.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:11 honeypot-fra-1 sshd[8635]: Disconnected from invalid user user 141.255.162.226 port 52554 [preauth]","@timestamp":"2022-09-14T10:59:12.058Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T10:59:12.798Z","@version":"1","message":"Sep 14 10:59:12 honeypot-sgp-1 sshd[13063]: Disconnected from invalid user user 45.61.184.204 port 38376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:12 honeypot-ams-1 sshd[24675]: Received disconnect from 183.144.121.209 port 52604:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:13.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 10:59:13 honeypot-fra-1 sshd[8639]: Disconnected from invalid user user 141.255.162.226 port 59266 [preauth]","@timestamp":"2022-09-14T10:59:14.059Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:16 honeypot-ams-1 sshd[24679]: Received disconnect from 183.144.121.209 port 52812:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:17.552Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:20 honeypot-ams-1 sshd[24683]: Received disconnect from 183.144.121.209 port 53022:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:20.556Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:24 honeypot-ams-1 sshd[24687]: Received disconnect from 183.144.121.209 port 53226:11: Bye Bye [preauth]","@timestamp":"2022-09-14T10:59:24.558Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:28 honeypot-ams-1 sshd[24691]: Disconnected from authenticating user root 183.144.121.209 port 53436 [preauth]","@timestamp":"2022-09-14T10:59:28.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:33 honeypot-ams-1 sshd[24697]: Invalid user pi from 183.144.121.209 port 53746","@timestamp":"2022-09-14T10:59:34.564Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:37 honeypot-ams-1 sshd[24701]: Invalid user ethos from 183.144.121.209 port 53936","@timestamp":"2022-09-14T10:59:38.567Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:41 honeypot-ams-1 sshd[24705]: Invalid user miner from 183.144.121.209 port 54152","@timestamp":"2022-09-14T10:59:41.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:45 honeypot-ams-1 sshd[24710]: Invalid user volumio from 183.144.121.209 port 54332","@timestamp":"2022-09-14T10:59:45.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:49 honeypot-ams-1 sshd[24714]: Invalid user nagios from 183.144.121.209 port 54532","@timestamp":"2022-09-14T10:59:49.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:52 honeypot-ams-1 sshd[24718]: Invalid user vagrant from 183.144.121.209 port 54752","@timestamp":"2022-09-14T10:59:53.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 10:59:56 honeypot-ams-1 sshd[24722]: Invalid user debian from 183.144.121.209 port 54948","@timestamp":"2022-09-14T10:59:57.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:00 honeypot-ams-1 sshd[24726]: Invalid user debian from 183.144.121.209 port 55166","@timestamp":"2022-09-14T11:00:01.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:04 honeypot-ams-1 sshd[24730]: Invalid user alarm from 183.144.121.209 port 55356","@timestamp":"2022-09-14T11:00:04.584Z"}
{"@timestamp":"2022-09-14T11:00:04.821Z","@version":"1","message":"Sep 14 11:00:04 honeypot-sgp-1 sshd[13069]: Disconnected from authenticating user root 61.177.173.51 port 61586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:08 honeypot-ams-1 sshd[24734]: Invalid user test from 183.144.121.209 port 55550","@timestamp":"2022-09-14T11:00:08.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:00:11 honeypot-ams-1 sshd[24738]: Invalid user cirros from 183.144.121.209 port 55750","@timestamp":"2022-09-14T11:00:12.590Z"}
{"@timestamp":"2022-09-14T11:00:17.828Z","@version":"1","message":"Sep 14 11:00:17 honeypot-sgp-1 sshd[13075]: Disconnected from invalid user user 45.61.186.249 port 36832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:36.839Z","@version":"1","message":"Sep 14 11:00:35 honeypot-sgp-1 sshd[13079]: Disconnected from invalid user user 45.61.186.249 port 60016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:00:54.847Z","@version":"1","message":"Sep 14 11:00:54 honeypot-sgp-1 sshd[13083]: Disconnected from invalid user user 45.61.186.249 port 54958 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:01:34 honeypot-fra-1 sshd[8650]: Received disconnect from 188.166.23.215 port 46494:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:01:35.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:03:21.910Z","@version":"1","message":"Sep 14 11:03:21 honeypot-sgp-1 sshd[13089]: Disconnected from authenticating user root 85.154.238.58 port 42950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8670]: Invalid user www from 34.71.244.4 port 41372","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8662]: Connection closed by invalid user test 34.71.244.4 port 41316 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8688]: Invalid user oracle from 34.71.244.4 port 41486","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8665]: Invalid user oracle from 34.71.244.4 port 41360","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:43 honeypot-fra-1 sshd[8673]: Connection closed by invalid user momo 34.71.244.4 port 41342 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8671]: Connection closed by authenticating user root 34.71.244.4 port 41234 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8687]: Connection closed by invalid user chia 34.71.244.4 port 41468 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8663]: Connection closed by invalid user oracle 34.71.244.4 port 41180 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:05:44 honeypot-fra-1 sshd[8672]: Connection closed by authenticating user root 34.71.244.4 port 41400 [preauth]","@timestamp":"2022-09-14T11:05:44.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8728]: Invalid user mysql from 197.5.145.54 port 55381","@timestamp":"2022-09-14T11:11:10.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8737]: Invalid user mysql from 197.5.145.54 port 55377","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8731]: Connection closed by authenticating user root 197.5.145.54 port 55371 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:11:10 honeypot-fra-1 sshd[8737]: Connection closed by invalid user mysql 197.5.145.54 port 55377 [preauth]","@timestamp":"2022-09-14T11:11:11.342Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:13:02.146Z","@version":"1","message":"Sep 14 11:13:01 honeypot-sgp-1 sshd[13097]: Received disconnect from 45.61.186.249 port 42734:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:21.155Z","@version":"1","message":"Sep 14 11:13:20 honeypot-sgp-1 sshd[13101]: Received disconnect from 45.61.186.249 port 37942:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:38.164Z","@version":"1","message":"Sep 14 11:13:37 honeypot-sgp-1 sshd[13105]: Received disconnect from 45.61.186.249 port 33140:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T11:13:55.179Z","@version":"1","message":"Sep 14 11:13:54 honeypot-sgp-1 sshd[13109]: Invalid user user from 45.61.186.249 port 56586","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:14:26 honeypot-fra-1 kernel: [84028486.674913] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17587 PROTO=TCP SPT=11642 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:14:26.425Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:16:54 honeypot-ams-1 sshd[24744]: Invalid user gmodserver from 114.247.103.218 port 15405","@timestamp":"2022-09-14T11:16:55.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:17:01 honeypot-fra-1 CRON[8762]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T11:17:01.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:27 honeypot-ams-1 sshd[24750]: Received disconnect from 74.94.234.151 port 47908:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:17:28.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:46 honeypot-ams-1 sshd[24754]: Received disconnect from 141.255.162.226 port 44496:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T11:17:47.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:48 honeypot-ams-1 sshd[24758]: Received disconnect from 141.255.162.226 port 58960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T11:17:49.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:17:50 honeypot-ams-1 sshd[24762]: Invalid user user from 141.255.162.226 port 37954","@timestamp":"2022-09-14T11:17:51.043Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8768]: Invalid user guest from 175.24.188.217 port 34436","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8778]: Invalid user elasticsearch from 175.24.188.217 port 34464","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:03 honeypot-fra-1 sshd[8789]: Invalid user ts3 from 175.24.188.217 port 34426","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8772]: Connection closed by authenticating user root 175.24.188.217 port 34482 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8771]: Connection closed by invalid user test 175.24.188.217 port 34494 [preauth]","@timestamp":"2022-09-14T11:19:04.540Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8784]: Connection closed by invalid user admin 175.24.188.217 port 34478 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8783]: Connection closed by invalid user admin 175.24.188.217 port 34480 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:19:04 honeypot-fra-1 sshd[8796]: Connection closed by invalid user admin 175.24.188.217 port 34466 [preauth]","@timestamp":"2022-09-14T11:19:04.541Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:21:47 honeypot-ams-1 kernel: [84031090.853852] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.178.86.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=249 ID=3212 PROTO=TCP SPT=54257 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:21:48.145Z"}
{"@timestamp":"2022-09-14T11:23:50.420Z","@version":"1","message":"Sep 14 11:23:50 honeypot-sgp-1 kernel: [84030738.884211] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=47174 DF PROTO=TCP SPT=53493 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:26:32 honeypot-fra-1 sshd[8829]: Received disconnect from 104.225.250.174 port 43986:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:26:32.716Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:30:34.585Z","@version":"1","message":"Sep 14 11:30:33 honeypot-sgp-1 kernel: [84031142.655182] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=60171 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:30:44 honeypot-ams-1 kernel: [84031627.501333] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=59088 PROTO=TCP SPT=55002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:30:45.377Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:30:50 honeypot-fra-1 kernel: [84029471.053489] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24345 PROTO=TCP SPT=55002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:30:50.818Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T11:36:30.732Z","@version":"1","message":"Sep 14 11:36:29 honeypot-sgp-1 sshd[13129]: Disconnected from authenticating user root 92.255.85.70 port 26258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:36:58 honeypot-fra-1 kernel: [84029838.682955] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.53.170.243 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27076 PROTO=TCP SPT=20792 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:36:58.968Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 11:39:54 honeypot-ams-1 kernel: [84032177.552789] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.67.66.107 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=17438 DF PROTO=TCP SPT=18427 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:39:54.617Z"}
{"@timestamp":"2022-09-14T11:40:50.842Z","@version":"1","message":"Sep 14 11:40:50 honeypot-sgp-1 kernel: [84031758.880691] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=176.209.94.77 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=5745 PROTO=TCP SPT=27092 DPT=443 WINDOW=56692 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:40:55 honeypot-fra-1 kernel: [84030076.237914] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59780 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T11:40:56.064Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:44:04 honeypot-ams-1 sshd[24775]: Received disconnect from 195.36.209.129 port 42414:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:44:05.724Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8857]: Invalid user test from 52.237.82.21 port 37832","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8876]: Invalid user guest from 52.237.82.21 port 37836","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8866]: Invalid user user from 52.237.82.21 port 37810","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8857]: Connection closed by invalid user test 52.237.82.21 port 37832 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8855]: Connection closed by invalid user www 52.237.82.21 port 37842 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8876]: Connection closed by invalid user guest 52.237.82.21 port 37836 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8878]: Connection closed by invalid user admin 52.237.82.21 port 37936 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8865]: Connection closed by invalid user testuser 52.237.82.21 port 37860 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:49:32 honeypot-fra-1 sshd[8870]: Connection closed by invalid user testuser 52.237.82.21 port 37904 [preauth]","@timestamp":"2022-09-14T11:49:33.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:49:55.069Z","@version":"1","message":"Sep 14 11:49:54 honeypot-sgp-1 sshd[13139]: Disconnected from authenticating user root 61.177.173.36 port 64166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:50:49 honeypot-fra-1 sshd[8913]: Invalid user admin from 81.17.25.50 port 45173","@timestamp":"2022-09-14T11:50:50.317Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T11:51:46.116Z","@version":"1","message":"Sep 14 11:51:45 honeypot-sgp-1 sshd[13145]: Invalid user tbi from 164.92.142.65 port 35102","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:52:19 honeypot-fra-1 sshd[8919]: Invalid user admin from 81.17.25.50 port 8555","@timestamp":"2022-09-14T11:52:20.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:05 honeypot-fra-1 sshd[8925]: Invalid user aerohive from 81.17.25.50 port 22411","@timestamp":"2022-09-14T11:53:06.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:53:26 honeypot-fra-1 sshd[8931]: Invalid user private from 81.17.25.50 port 24702","@timestamp":"2022-09-14T11:53:26.388Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:53:34 honeypot-ams-1 sshd[24778]: Received disconnect from 164.92.212.181 port 57576:11: Bye Bye [preauth]","@timestamp":"2022-09-14T11:53:34.970Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:54:32 honeypot-fra-1 sshd[8937]: Disconnecting invalid user Admin 81.17.25.50 port 40951: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:54:32.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:05 honeypot-fra-1 sshd[8943]: Disconnecting invalid user user 81.17.25.50 port 23764: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:05.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:48 honeypot-fra-1 sshd[8952]: Invalid user admin from 81.17.25.50 port 33979","@timestamp":"2022-09-14T11:55:48.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:55:58 honeypot-fra-1 sshd[8958]: Disconnecting authenticating user root 81.17.25.50 port 3689: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:55:59.457Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:12 honeypot-fra-1 sshd[8964]: Disconnecting invalid user cisco 81.17.25.50 port 21074: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:56:12.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:56:38 honeypot-fra-1 sshd[8974]: Invalid user Administrator from 81.17.25.50 port 59282","@timestamp":"2022-09-14T11:56:38.477Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:15 honeypot-fra-1 sshd[8981]: Invalid user sti.admin5 from 81.17.25.50 port 2271","@timestamp":"2022-09-14T11:57:16.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:17 honeypot-fra-1 sshd[8987]: Invalid user zhone from 81.17.25.50 port 11576","@timestamp":"2022-09-14T11:57:17.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:57:50 honeypot-fra-1 sshd[8993]: Disconnecting invalid user default 81.17.25.50 port 27992: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T11:57:50.511Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 11:58:33 honeypot-ams-1 sshd[24782]: Disconnected from invalid user otoniel 161.18.254.73 port 49980 [preauth]","@timestamp":"2022-09-14T11:58:34.120Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:58:50 honeypot-fra-1 sshd[9001]: Disconnecting invalid user Administrator 81.17.25.50 port 57432: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","@timestamp":"2022-09-14T11:58:51.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 11:59:35 honeypot-fra-1 sshd[9008]: Invalid user admin from 81.17.25.50 port 5098","@timestamp":"2022-09-14T11:59:35.558Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:00:08.318Z","@version":"1","message":"Sep 14 12:00:07 honeypot-sgp-1 sshd[13605]: Received disconnect from 92.255.85.70 port 52540:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:17 honeypot-fra-1 sshd[9014]: Invalid user comcast from 81.17.25.50 port 28749","@timestamp":"2022-09-14T12:00:17.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:00:56 honeypot-fra-1 sshd[9018]: Invalid user  from 81.17.25.50 port 32333","@timestamp":"2022-09-14T12:00:57.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:01:49 honeypot-fra-1 kernel: [84031330.363334] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1775 PROTO=TCP SPT=56067 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:01:50.621Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:00 honeypot-fra-1 sshd[9031]: Disconnecting invalid user motorola 81.17.25.50 port 26031: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:02:01.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:02:45 honeypot-fra-1 sshd[9037]: Disconnected from authenticating user root 92.255.85.70 port 27642 [preauth]","@timestamp":"2022-09-14T12:02:45.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:03:26 honeypot-fra-1 sshd[9041]: Disconnecting invalid user admin 81.17.25.50 port 40828: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:03:27.669Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:03:49.410Z","@version":"1","message":"Sep 14 12:03:49 honeypot-sgp-1 sshd[13609]: Disconnected from invalid user tracie 129.159.63.83 port 50691 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:04:35 honeypot-fra-1 sshd[9047]: Disconnecting invalid user admin 81.17.25.50 port 53411: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:04:36.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:05:44 honeypot-fra-1 sshd[9054]: Invalid user Shiko from 81.17.25.50 port 7102","@timestamp":"2022-09-14T12:05:45.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:06:25 honeypot-fra-1 kernel: [84031605.867014] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42069 PROTO=TCP SPT=56057 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:06:25.750Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T12:06:46.486Z","@version":"1","message":"Sep 14 12:06:45 honeypot-sgp-1 sshd[13614]: Received disconnect from 148.240.122.192 port 33168:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:07:35 honeypot-fra-1 sshd[9069]: Disconnecting invalid user cusadmin 81.17.25.50 port 5290: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:07:35.780Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:07:51.515Z","@version":"1","message":"Sep 14 12:07:51 honeypot-sgp-1 sshd[13618]: Disconnected from invalid user oracle 150.107.205.78 port 36324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:04 honeypot-ams-1 sshd[24791]: Did not receive identification string from 141.255.162.226 port 47824","@timestamp":"2022-09-14T12:08:05.372Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:08:24 honeypot-fra-1 sshd[9075]: Disconnecting invalid user smcadmin 81.17.25.50 port 2898: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:08:24.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:25 honeypot-ams-1 sshd[24794]: Disconnected from invalid user user 141.255.162.226 port 49508 [preauth]","@timestamp":"2022-09-14T12:08:25.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:29 honeypot-ams-1 sshd[24798]: Disconnected from invalid user user 141.255.162.226 port 44150 [preauth]","@timestamp":"2022-09-14T12:08:29.384Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:08:31 honeypot-ams-1 sshd[24802]: Disconnected from invalid user user 141.255.162.226 port 51780 [preauth]","@timestamp":"2022-09-14T12:08:31.385Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:08:54 honeypot-fra-1 sshd[9081]: Disconnecting invalid user admin 81.17.25.50 port 27379: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:08:54.817Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:39 honeypot-fra-1 sshd[9087]: Disconnecting invalid user user 81.17.25.50 port 14433: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","@timestamp":"2022-09-14T12:09:39.838Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:45 honeypot-fra-1 sshd[9095]: Invalid user user from 81.17.25.50 port 26606","@timestamp":"2022-09-14T12:09:45.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:47 honeypot-fra-1 sshd[9101]: Invalid user Admin from 81.17.25.50 port 38346","@timestamp":"2022-09-14T12:09:47.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:09:49 honeypot-fra-1 sshd[9107]: Invalid user 0 from 81.17.25.50 port 19849","@timestamp":"2022-09-14T12:09:49.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:10:16 honeypot-fra-1 kernel: [84031837.388564] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=54316 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:10:17.865Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:10:27 honeypot-fra-1 sshd[9118]: Invalid user ltecl4r0 from 81.17.25.50 port 9289","@timestamp":"2022-09-14T12:10:27.871Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:11:45.612Z","@version":"1","message":"Sep 14 12:11:45 honeypot-sgp-1 sshd[13625]: Disconnected from authenticating user root 64.227.126.207 port 43998 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:17:01 honeypot-ams-1 CRON[24805]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T12:17:01.606Z"}
{"@timestamp":"2022-09-14T12:17:01.741Z","@version":"1","message":"Sep 14 12:17:01 honeypot-sgp-1 CRON[13632]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:03 honeypot-ams-1 sshd[24813]: Received disconnect from 179.103.152.130 port 57452:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:03.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:10 honeypot-ams-1 sshd[24819]: Received disconnect from 179.103.152.130 port 57856:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:10.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:16 honeypot-ams-1 sshd[24825]: Received disconnect from 179.103.152.130 port 58176:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:17.692Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:23 honeypot-ams-1 sshd[24831]: Received disconnect from 179.103.152.130 port 58532:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:23.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:20:27 honeypot-fra-1 kernel: [84032448.347107] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=24169 PROTO=TCP SPT=56064 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:20:28.100Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:29 honeypot-ams-1 sshd[24837]: Received disconnect from 179.103.152.130 port 58898:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:30.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:37 honeypot-ams-1 sshd[24843]: Received disconnect from 179.103.152.130 port 59254:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:37.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:44 honeypot-ams-1 sshd[24849]: Received disconnect from 179.103.152.130 port 59648:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:44.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:51 honeypot-ams-1 sshd[24855]: Received disconnect from 179.103.152.130 port 59986:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:51.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:20:57 honeypot-ams-1 sshd[24861]: Received disconnect from 179.103.152.130 port 60330:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:20:57.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:04 honeypot-ams-1 sshd[24867]: Received disconnect from 179.103.152.130 port 60710:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:05.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:11 honeypot-ams-1 sshd[24873]: Received disconnect from 179.103.152.130 port 32822:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:12.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:19 honeypot-ams-1 sshd[24879]: Received disconnect from 179.103.152.130 port 33210:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:19.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:24 honeypot-ams-1 sshd[24883]: Received disconnect from 179.103.152.130 port 33482:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:24.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:29 honeypot-ams-1 sshd[24887]: Received disconnect from 179.103.152.130 port 33744:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:29.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:34 honeypot-ams-1 sshd[24891]: Received disconnect from 179.103.152.130 port 34010:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:34.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:39 honeypot-ams-1 sshd[24895]: Received disconnect from 179.103.152.130 port 34254:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:39.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:43 honeypot-ams-1 sshd[24899]: Received disconnect from 179.103.152.130 port 34542:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:21:43.748Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:49 honeypot-ams-1 sshd[24903]: Disconnected from authenticating user root 179.103.152.130 port 34758 [preauth]","@timestamp":"2022-09-14T12:21:49.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:21:56 honeypot-ams-1 sshd[24909]: Invalid user pi from 179.103.152.130 port 35200","@timestamp":"2022-09-14T12:21:56.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:01 honeypot-ams-1 sshd[24913]: Invalid user ethos from 179.103.152.130 port 35466","@timestamp":"2022-09-14T12:22:01.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:06 honeypot-ams-1 sshd[24917]: Invalid user miner from 179.103.152.130 port 35736","@timestamp":"2022-09-14T12:22:06.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:11 honeypot-ams-1 sshd[24921]: Invalid user volumio from 179.103.152.130 port 35954","@timestamp":"2022-09-14T12:22:11.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:15 honeypot-ams-1 sshd[24925]: Invalid user nagios from 179.103.152.130 port 36204","@timestamp":"2022-09-14T12:22:15.769Z"}
{"@timestamp":"2022-09-14T12:22:17.870Z","@version":"1","message":"Sep 14 12:22:17 honeypot-sgp-1 sshd[13638]: Disconnected from authenticating user root 61.177.173.51 port 10613 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:20 honeypot-ams-1 sshd[24929]: Invalid user vagrant from 179.103.152.130 port 36446","@timestamp":"2022-09-14T12:22:20.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:26 honeypot-ams-1 sshd[24933]: Invalid user debian from 179.103.152.130 port 36720","@timestamp":"2022-09-14T12:22:26.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:31 honeypot-ams-1 sshd[24937]: Invalid user debian from 179.103.152.130 port 37026","@timestamp":"2022-09-14T12:22:31.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:35 honeypot-ams-1 sshd[24941]: Invalid user alarm from 179.103.152.130 port 37260","@timestamp":"2022-09-14T12:22:36.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:38 honeypot-ams-1 sshd[24943]: Disconnected from invalid user guest 179.103.152.130 port 37382 [preauth]","@timestamp":"2022-09-14T12:22:38.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:22:43 honeypot-ams-1 sshd[24949]: Invalid user cirros from 179.103.152.130 port 37632","@timestamp":"2022-09-14T12:22:44.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:23:02 honeypot-ams-1 sshd[24953]: Received disconnect from 122.248.43.71 port 48304:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:23:03.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:23:51 honeypot-fra-1 sshd[9140]: Invalid user user from 45.61.186.169 port 51748","@timestamp":"2022-09-14T12:23:52.181Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:08 honeypot-fra-1 sshd[9146]: Invalid user user from 45.61.186.169 port 46566","@timestamp":"2022-09-14T12:24:09.189Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:16 honeypot-fra-1 sshd[9148]: Disconnected from invalid user user 45.61.186.169 port 58116 [preauth]","@timestamp":"2022-09-14T12:24:17.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:24:25 honeypot-fra-1 sshd[9152]: Disconnected from invalid user user 45.61.186.169 port 41390 [preauth]","@timestamp":"2022-09-14T12:24:26.198Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:25:38 honeypot-ams-1 sshd[24958]: Received disconnect from 186.121.202.130 port 51272:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:25:38.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:00 honeypot-ams-1 sshd[24962]: Disconnected from authenticating user root 179.151.180.133 port 52054 [preauth]","@timestamp":"2022-09-14T12:27:00.909Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:07 honeypot-ams-1 sshd[24968]: Received disconnect from 179.151.180.133 port 52458:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:07.915Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:15 honeypot-ams-1 sshd[24974]: Received disconnect from 179.151.180.133 port 52838:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:15.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:21 honeypot-ams-1 sshd[24980]: Received disconnect from 179.151.180.133 port 53202:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:21.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:27:21 honeypot-fra-1 kernel: [84032862.315505] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36444 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:27:22.265Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:29 honeypot-ams-1 sshd[24986]: Received disconnect from 179.151.180.133 port 53576:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:29.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:36 honeypot-ams-1 sshd[24992]: Received disconnect from 179.151.180.133 port 53980:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:36.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:43 honeypot-ams-1 sshd[24998]: Received disconnect from 179.151.180.133 port 54364:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:43.935Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:50 honeypot-ams-1 sshd[25004]: Received disconnect from 179.151.180.133 port 54734:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:50.941Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:27:58 honeypot-ams-1 sshd[25010]: Received disconnect from 179.151.180.133 port 55124:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:27:58.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:05 honeypot-ams-1 sshd[25016]: Received disconnect from 179.151.180.133 port 55516:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:05.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:12 honeypot-ams-1 sshd[25022]: Received disconnect from 179.151.180.133 port 55902:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:12.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:20 honeypot-ams-1 sshd[25028]: Received disconnect from 179.151.180.133 port 56326:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:28:20.959Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:27 honeypot-ams-1 sshd[25034]: Invalid user admin from 179.151.180.133 port 56704","@timestamp":"2022-09-14T12:28:27.962Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:31 honeypot-ams-1 sshd[25038]: Invalid user admin from 179.151.180.133 port 56974","@timestamp":"2022-09-14T12:28:31.966Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:36 honeypot-ams-1 sshd[25042]: Invalid user admin from 179.151.180.133 port 57220","@timestamp":"2022-09-14T12:28:36.969Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:41 honeypot-ams-1 sshd[25046]: Invalid user admin from 179.151.180.133 port 57492","@timestamp":"2022-09-14T12:28:41.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:46 honeypot-ams-1 sshd[25050]: Invalid user admin from 179.151.180.133 port 57756","@timestamp":"2022-09-14T12:28:46.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:51 honeypot-ams-1 sshd[25054]: Invalid user user from 179.151.180.133 port 58030","@timestamp":"2022-09-14T12:28:51.978Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:28:54 honeypot-ams-1 sshd[25056]: Disconnected from authenticating user root 179.151.180.133 port 58172 [preauth]","@timestamp":"2022-09-14T12:28:54.980Z"}
{"@timestamp":"2022-09-14T12:28:58.050Z","@version":"1","message":"Sep 14 12:28:57 honeypot-sgp-1 kernel: [84034646.507898] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.255.235.215 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=42797 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13659]: Invalid user testuser from 35.90.115.181 port 54498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13664]: Invalid user oracle from 35.90.115.181 port 54510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13665]: Invalid user ubuntu from 35.90.115.181 port 54466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13674]: Invalid user ubuntu from 35.90.115.181 port 54452","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.053Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13653]: Connection closed by invalid user oracle 35.90.115.181 port 54462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13666]: Connection closed by invalid user user 35.90.115.181 port 54444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:00 honeypot-sgp-1 sshd[13667]: Connection closed by invalid user test 35.90.115.181 port 54442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:29:01.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13675]: Connection closed by authenticating user root 35.90.115.181 port 54470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:01 honeypot-ams-1 sshd[25064]: Invalid user pi from 179.151.180.133 port 58530","@timestamp":"2022-09-14T12:29:01.985Z"}
{"@timestamp":"2022-09-14T12:29:02.054Z","@version":"1","message":"Sep 14 12:29:01 honeypot-sgp-1 sshd[13704]: Connection closed by invalid user test 35.90.115.181 port 54478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:05 honeypot-ams-1 sshd[25068]: Invalid user ethos from 179.151.180.133 port 58816","@timestamp":"2022-09-14T12:29:05.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:10 honeypot-ams-1 sshd[25072]: Invalid user miner from 179.151.180.133 port 59062","@timestamp":"2022-09-14T12:29:10.990Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:15 honeypot-ams-1 sshd[25076]: Invalid user volumio from 179.151.180.133 port 59302","@timestamp":"2022-09-14T12:29:15.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:19 honeypot-ams-1 sshd[25080]: Invalid user nagios from 179.151.180.133 port 59596","@timestamp":"2022-09-14T12:29:19.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:24 honeypot-ams-1 sshd[25084]: Invalid user vagrant from 179.151.180.133 port 59802","@timestamp":"2022-09-14T12:29:24.999Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:28 honeypot-ams-1 sshd[25088]: Invalid user debian from 179.151.180.133 port 60070","@timestamp":"2022-09-14T12:29:29.001Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:33 honeypot-ams-1 sshd[25092]: Invalid user debian from 179.151.180.133 port 60298","@timestamp":"2022-09-14T12:29:34.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:37 honeypot-ams-1 sshd[25096]: Invalid user alarm from 179.151.180.133 port 60546","@timestamp":"2022-09-14T12:29:38.008Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:42 honeypot-ams-1 sshd[25100]: Invalid user test from 179.151.180.133 port 60812","@timestamp":"2022-09-14T12:29:43.010Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:29:48 honeypot-ams-1 sshd[25104]: Invalid user cirros from 179.151.180.133 port 32842","@timestamp":"2022-09-14T12:29:49.015Z"}
{"@timestamp":"2022-09-14T12:30:59.106Z","@version":"1","message":"Sep 14 12:30:58 honeypot-sgp-1 sshd[13708]: Disconnected from authenticating user root 61.177.172.104 port 40679 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:31:42.126Z","@version":"1","message":"Sep 14 12:31:41 honeypot-sgp-1 sshd[13714]: Disconnected from authenticating user root 201.217.194.126 port 44746 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:33:58 honeypot-fra-1 kernel: [84033258.401596] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.180.73 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=11950 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:33:58.418Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:38:23 honeypot-fra-1 kernel: [84033524.053764] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=11568 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:38:24.522Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:38:45 honeypot-ams-1 kernel: [84035708.321867] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=22818 PROTO=TCP SPT=13478 DPT=80 WINDOW=2974 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:38:46.245Z"}
{"@timestamp":"2022-09-14T12:39:37.327Z","@version":"1","message":"Sep 14 12:39:37 honeypot-sgp-1 kernel: [84035285.832392] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.188.210.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64792 PROTO=TCP SPT=57674 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:46:43.512Z","@version":"1","message":"Sep 14 12:46:43 honeypot-sgp-1 kernel: [84035711.689022] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.141.25.177 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=22015 PROTO=TCP SPT=58120 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:47:57 honeypot-fra-1 kernel: [84034097.788055] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.41.2 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=39746 DF PROTO=TCP SPT=47313 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:47:57.740Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:49:27 honeypot-fra-1 sshd[9176]: Disconnected from authenticating user root 92.255.85.70 port 57154 [preauth]","@timestamp":"2022-09-14T12:49:27.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:51:44.640Z","@version":"1","message":"Sep 14 12:51:43 honeypot-sgp-1 sshd[13739]: Invalid user test from 62.204.41.222 port 35607","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:53:20 honeypot-ams-1 sshd[25113]: Received disconnect from 159.223.172.195 port 45496:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:53:20.619Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 12:54:43 honeypot-fra-1 sshd[9183]: Received disconnect from 61.177.173.50 port 38742:11:  [preauth]","@timestamp":"2022-09-14T12:54:43.900Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T12:55:28.736Z","@version":"1","message":"Sep 14 12:55:27 honeypot-sgp-1 kernel: [84036236.652111] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.108 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39083 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 12:57:24 honeypot-ams-1 kernel: [84036827.327355] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.209.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=18679 PROTO=TCP SPT=30700 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T12:57:24.727Z"}
{"@timestamp":"2022-09-14T12:57:33.790Z","@version":"1","message":"Sep 14 12:57:33 honeypot-sgp-1 sshd[13751]: Disconnected from invalid user postgres 182.23.23.42 port 54114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:41.820Z","@version":"1","message":"Sep 14 12:58:41 honeypot-sgp-1 sshd[13756]: Received disconnect from 45.61.186.249 port 36950:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:58:52.826Z","@version":"1","message":"Sep 14 12:58:52 honeypot-sgp-1 sshd[13760]: Disconnected from invalid user user 45.61.186.249 port 48600 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:11.834Z","@version":"1","message":"Sep 14 12:59:11 honeypot-sgp-1 sshd[13764]: Disconnected from invalid user user 45.61.186.249 port 43670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T12:59:31.844Z","@version":"1","message":"Sep 14 12:59:30 honeypot-sgp-1 sshd[13768]: Received disconnect from 45.61.186.249 port 38720:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:42 honeypot-ams-1 sshd[25120]: Received disconnect from 61.245.162.61 port 56932:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:42.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:46 honeypot-ams-1 sshd[25126]: Received disconnect from 61.245.162.61 port 57110:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:46.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:51 honeypot-ams-1 sshd[25132]: Received disconnect from 61.245.162.61 port 57424:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:51.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 12:59:55 honeypot-ams-1 sshd[25138]: Received disconnect from 61.245.162.61 port 57602:11: Bye Bye [preauth]","@timestamp":"2022-09-14T12:59:55.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:00 honeypot-ams-1 sshd[25144]: Received disconnect from 61.245.162.61 port 57922:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:00.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:04 honeypot-ams-1 sshd[25150]: Received disconnect from 61.245.162.61 port 58152:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:05.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:09 honeypot-ams-1 sshd[25156]: Received disconnect from 61.245.162.61 port 58426:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:09.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:14 honeypot-ams-1 sshd[25162]: Received disconnect from 61.245.162.61 port 58650:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:14.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:18 honeypot-ams-1 sshd[25168]: Received disconnect from 61.245.162.61 port 58898:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:18.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:23 honeypot-ams-1 sshd[25174]: Received disconnect from 61.245.162.61 port 59178:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:23.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:27 honeypot-ams-1 sshd[25180]: Received disconnect from 61.245.162.61 port 59376:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:28.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:32 honeypot-ams-1 sshd[25186]: Received disconnect from 61.245.162.61 port 59738:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:32.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:35 honeypot-ams-1 sshd[25190]: Received disconnect from 61.245.162.61 port 59852:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:35.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:38 honeypot-ams-1 sshd[25194]: Received disconnect from 61.245.162.61 port 60036:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:38.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:41 honeypot-ams-1 sshd[25198]: Received disconnect from 61.245.162.61 port 60250:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:42.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:45 honeypot-ams-1 sshd[25202]: Received disconnect from 61.245.162.61 port 60392:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:45.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:48 honeypot-ams-1 sshd[25206]: Received disconnect from 61.245.162.61 port 60544:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:00:48.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:51 honeypot-ams-1 sshd[25210]: Disconnected from authenticating user root 61.245.162.61 port 60776 [preauth]","@timestamp":"2022-09-14T13:00:51.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:55 honeypot-ams-1 sshd[25216]: Invalid user pi from 61.245.162.61 port 60988","@timestamp":"2022-09-14T13:00:55.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:00:58 honeypot-ams-1 sshd[25220]: Invalid user ethos from 61.245.162.61 port 32926","@timestamp":"2022-09-14T13:00:58.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:02 honeypot-ams-1 sshd[25224]: Invalid user miner from 61.245.162.61 port 33150","@timestamp":"2022-09-14T13:01:02.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:05 honeypot-ams-1 sshd[25228]: Invalid user volumio from 61.245.162.61 port 33294","@timestamp":"2022-09-14T13:01:05.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:08 honeypot-ams-1 sshd[25232]: Invalid user nagios from 61.245.162.61 port 33472","@timestamp":"2022-09-14T13:01:08.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:11 honeypot-ams-1 sshd[25236]: Invalid user vagrant from 61.245.162.61 port 33682","@timestamp":"2022-09-14T13:01:11.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:14 honeypot-ams-1 sshd[25240]: Invalid user debian from 61.245.162.61 port 33846","@timestamp":"2022-09-14T13:01:15.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:18 honeypot-ams-1 sshd[25244]: Invalid user debian from 61.245.162.61 port 33980","@timestamp":"2022-09-14T13:01:18.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:21 honeypot-ams-1 sshd[25248]: Invalid user alarm from 61.245.162.61 port 34210","@timestamp":"2022-09-14T13:01:21.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:24 honeypot-ams-1 sshd[25252]: Invalid user test from 61.245.162.61 port 34380","@timestamp":"2022-09-14T13:01:24.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:01:27 honeypot-ams-1 sshd[25256]: Invalid user cirros from 61.245.162.61 port 34514","@timestamp":"2022-09-14T13:01:27.861Z"}
{"@timestamp":"2022-09-14T13:01:54.902Z","@version":"1","message":"Sep 14 13:01:54 honeypot-sgp-1 sshd[13774]: Disconnected from invalid user spice 157.230.183.86 port 34080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:05:13.985Z","@version":"1","message":"Sep 14 13:05:13 honeypot-sgp-1 sshd[13780]: Disconnected from invalid user koyama 103.42.57.139 port 33822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:08:53 honeypot-ams-1 kernel: [84037516.430460] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.21.72.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=48905 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:08:54.055Z"}
{"@timestamp":"2022-09-14T13:10:04.107Z","@version":"1","message":"Sep 14 13:10:03 honeypot-sgp-1 sshd[13786]: Received disconnect from 92.255.85.70 port 21372:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:12:12 honeypot-fra-1 sshd[9197]: Invalid user l4d from 165.22.45.108 port 48030","@timestamp":"2022-09-14T13:12:12.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:14:09 honeypot-fra-1 sshd[9202]: Received disconnect from 137.184.150.119 port 48698:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:14:10.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:14:26.219Z","@version":"1","message":"Sep 14 13:14:25 honeypot-sgp-1 kernel: [84037373.875089] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=53682 DF PROTO=TCP SPT=58339 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:17:01 honeypot-ams-1 CRON[25263]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T13:17:01.264Z"}
{"@timestamp":"2022-09-14T13:19:49.357Z","@version":"1","message":"Sep 14 13:19:48 honeypot-sgp-1 sshd[13798]: Disconnected from authenticating user root 61.177.172.98 port 25115 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:20:12 honeypot-fra-1 sshd[9210]: Received disconnect from 61.177.172.124 port 11951:11:  [preauth]","@timestamp":"2022-09-14T13:20:12.468Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:22:11 honeypot-fra-1 kernel: [84036151.281428] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=39769 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:22:11.516Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:23:16 honeypot-ams-1 kernel: [84038379.365798] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=26206 PROTO=TCP SPT=53276 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:23:16.434Z"}
{"@timestamp":"2022-09-14T13:26:54.533Z","@version":"1","message":"Sep 14 13:26:54 honeypot-sgp-1 sshd[13803]: Received disconnect from 61.177.173.46 port 29782:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:27:28 honeypot-ams-1 sshd[25273]: Received disconnect from 182.16.245.85 port 40944:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:27:28.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:30:32 honeypot-fra-1 kernel: [84036652.328674] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42076 PROTO=TCP SPT=46099 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:30:32.706Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:30:57 honeypot-ams-1 kernel: [84038840.497082] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.180.10.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=13228 PROTO=TCP SPT=15180 DPT=80 WINDOW=51116 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:30:57.638Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:18 honeypot-fra-1 sshd[9662]: Received disconnect from 198.98.61.9 port 45354:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:31:18.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:31:38.655Z","@version":"1","message":"Sep 14 13:31:38 honeypot-sgp-1 kernel: [84038407.173278] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.249.106 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=56811 PROTO=TCP SPT=56228 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:41 honeypot-fra-1 sshd[9666]: Received disconnect from 198.98.61.9 port 40274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:31:41.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:31:59 honeypot-fra-1 sshd[9670]: Received disconnect from 198.98.61.9 port 35178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:31:59.777Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:17 honeypot-fra-1 sshd[9676]: Received disconnect from 198.98.61.9 port 58330:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:32:17.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:32:38 honeypot-fra-1 sshd[9680]: Disconnected from authenticating user root 43.224.110.14 port 44386 [preauth]","@timestamp":"2022-09-14T13:32:38.797Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:35:30 honeypot-ams-1 kernel: [84039113.046478] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=10615 PROTO=TCP SPT=52804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:35:30.755Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:37:29 honeypot-fra-1 kernel: [84037069.566799] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61905 PROTO=TCP SPT=56067 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:37:29.909Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:38:54 honeypot-ams-1 kernel: [84039317.058632] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=9259 DF PROTO=TCP SPT=57994 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:38:54.846Z"}
{"@timestamp":"2022-09-14T13:41:47.910Z","@version":"1","message":"Sep 14 13:41:47 honeypot-sgp-1 kernel: [84039015.778693] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=47481 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:32 honeypot-fra-1 sshd[9691]: Disconnected from authenticating user root 179.43.156.143 port 46352 [preauth]","@timestamp":"2022-09-14T13:44:32.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:44:58 honeypot-fra-1 sshd[9696]: Received disconnect from 45.61.186.49 port 48926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:44:59.081Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:08 honeypot-fra-1 sshd[9700]: Received disconnect from 45.61.186.49 port 60494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:45:09.087Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:45:52 honeypot-fra-1 sshd[9704]: Disconnected from authenticating user root 179.43.156.143 port 39508 [preauth]","@timestamp":"2022-09-14T13:45:53.106Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:47:49 honeypot-fra-1 sshd[9712]: Received disconnect from 179.43.156.143 port 57434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:47:50.153Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:48:34.100Z","@version":"1","message":"Sep 14 13:48:33 honeypot-sgp-1 kernel: [84039422.195434] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=44371 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:49:09 honeypot-fra-1 sshd[9719]: Received disconnect from 179.43.156.143 port 50636:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T13:49:10.186Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:50:36 honeypot-fra-1 sshd[9723]: Disconnected from authenticating user root 179.43.156.143 port 43754 [preauth]","@timestamp":"2022-09-14T13:50:36.238Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:51:21.172Z","@version":"1","message":"Sep 14 13:51:21 honeypot-sgp-1 sshd[13831]: Connection closed by invalid user admin 178.128.125.205 port 63122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 13:51:38 honeypot-ams-1 sshd[25288]: Received disconnect from 51.250.89.156 port 49962:11: Bye Bye [preauth]","@timestamp":"2022-09-14T13:51:39.175Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:52:39 honeypot-fra-1 sshd[9733]: Disconnected from authenticating user root 179.43.156.143 port 33504 [preauth]","@timestamp":"2022-09-14T13:52:40.287Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T13:54:40.258Z","@version":"1","message":"Sep 14 13:54:39 honeypot-sgp-1 sshd[13838]: Invalid user ek from 195.36.209.129 port 60788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T13:58:50.366Z","@version":"1","message":"Sep 14 13:58:49 honeypot-sgp-1 sshd[13844]: Invalid user admin from 138.197.97.211 port 55990","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 13:59:26 honeypot-ams-1 kernel: [84040549.846772] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47317 PROTO=TCP SPT=57384 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T13:59:27.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 13:59:28 honeypot-fra-1 sshd[9742]: Received disconnect from 61.177.173.49 port 61922:11:  [preauth]","@timestamp":"2022-09-14T13:59:29.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:00:16 honeypot-fra-1 sshd[9746]: Disconnected from invalid user l4d2 165.22.45.108 port 52972 [preauth]","@timestamp":"2022-09-14T14:00:17.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:05 honeypot-ams-1 sshd[25299]: Received disconnect from 45.61.186.49 port 50238:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:04:05.506Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:04:21 honeypot-ams-1 sshd[25303]: Received disconnect from 45.61.186.49 port 33784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:04:21.515Z"}
{"@timestamp":"2022-09-14T14:05:09.526Z","@version":"1","message":"Sep 14 14:05:09 honeypot-sgp-1 kernel: [84040417.796585] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.158.215.27 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x60 TTL=245 ID=54321 PROTO=TCP SPT=58351 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:09:26 honeypot-fra-1 sshd[9757]: Invalid user admin from 91.240.118.222 port 7735","@timestamp":"2022-09-14T14:09:26.674Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:11:07 honeypot-ams-1 sshd[25308]: Received disconnect from 188.226.207.26 port 44384:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:11:08.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:11:29 honeypot-fra-1 sshd[9762]: Disconnected from invalid user test 62.204.41.222 port 17384 [preauth]","@timestamp":"2022-09-14T14:11:29.722Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:15:12 honeypot-ams-1 kernel: [84041495.312282] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.4.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57383 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:15:12.804Z"}
{"@timestamp":"2022-09-14T14:17:01.812Z","@version":"1","message":"Sep 14 14:17:01 honeypot-sgp-1 CRON[13858]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:19:06 honeypot-fra-1 kernel: [84039566.651737] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.93.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=43750 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:19:06.896Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T14:20:23.893Z","@version":"1","message":"Sep 14 14:20:22 honeypot-sgp-1 sshd[13867]: Received disconnect from 180.179.114.44 port 60030:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:22:51 honeypot-fra-1 kernel: [84039791.341320] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26418 PROTO=TCP SPT=56701 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:22:51.984Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T14:24:01.004Z","@version":"1","message":"Sep 14 14:24:00 honeypot-sgp-1 sshd[13875]: Disconnected from authenticating user root 85.18.236.229 port 52796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:25:30.043Z","@version":"1","message":"Sep 14 14:25:29 honeypot-sgp-1 sshd[13879]: Received disconnect from 96.78.175.36 port 55398:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:26:08 honeypot-ams-1 sshd[25326]: Received disconnect from 92.255.85.70 port 49220:11: Bye Bye [preauth]","@timestamp":"2022-09-14T14:26:09.089Z"}
{"@timestamp":"2022-09-14T14:26:19.065Z","@version":"1","message":"Sep 14 14:26:18 honeypot-sgp-1 sshd[13884]: Invalid user user from 45.61.184.204 port 48344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T14:26:38.074Z","@version":"1","message":"Sep 14 14:26:38 honeypot-sgp-1 sshd[13888]: Invalid user user from 45.61.184.204 port 43480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:26:53 honeypot-fra-1 kernel: [84040033.929784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.198.183.97 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=41039 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:26:54.078Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T14:26:57.084Z","@version":"1","message":"Sep 14 14:26:56 honeypot-sgp-1 sshd[13892]: Invalid user user from 45.61.184.204 port 38614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:27:46 honeypot-ams-1 sshd[25332]: Disconnected from authenticating user root 80.76.51.189 port 44214 [preauth]","@timestamp":"2022-09-14T14:27:47.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:29:05 honeypot-ams-1 sshd[25338]: Received disconnect from 80.76.51.189 port 52744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:29:06.173Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 14:30:13 honeypot-ams-1 kernel: [84042396.074733] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=59491 PROTO=TCP SPT=45802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:30:13.205Z"}
{"@timestamp":"2022-09-14T14:30:27.172Z","@version":"1","message":"Sep 14 14:30:26 honeypot-sgp-1 sshd[13897]: Disconnected from authenticating user root 61.177.173.39 port 34979 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:31:18 honeypot-ams-1 sshd[25350]: Disconnected from authenticating user root 80.76.51.189 port 38324 [preauth]","@timestamp":"2022-09-14T14:31:19.236Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:32:39 honeypot-fra-1 sshd[9786]: Disconnected from authenticating user root 61.177.172.19 port 48441 [preauth]","@timestamp":"2022-09-14T14:32:40.210Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:32:42 honeypot-ams-1 sshd[25356]: Invalid user admin from 80.76.51.189 port 46686","@timestamp":"2022-09-14T14:32:43.275Z"}
{"@timestamp":"2022-09-14T14:33:16.250Z","@version":"1","message":"Sep 14 14:33:15 honeypot-sgp-1 sshd[13901]: Disconnected from authenticating user root 61.177.173.53 port 60097 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:33:40 honeypot-ams-1 sshd[25361]: Invalid user ansible from 80.76.51.189 port 52258","@timestamp":"2022-09-14T14:33:41.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:34:38 honeypot-ams-1 sshd[25365]: Invalid user ansible from 80.76.51.189 port 57818","@timestamp":"2022-09-14T14:34:38.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:35:35 honeypot-ams-1 sshd[25369]: Received disconnect from 80.76.51.189 port 35168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:35:35.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:36:32 honeypot-ams-1 sshd[25374]: Disconnected from invalid user oracle 80.76.51.189 port 40726 [preauth]","@timestamp":"2022-09-14T14:36:33.383Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9797]: Invalid user ts3server from 185.209.179.41 port 58196","@timestamp":"2022-09-14T14:37:04.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9796]: Invalid user ubuntu from 185.209.179.41 port 58210","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9810]: Invalid user postgres from 185.209.179.41 port 58214","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9797]: Connection closed by invalid user ts3server 185.209.179.41 port 58196 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9796]: Connection closed by invalid user ubuntu 185.209.179.41 port 58210 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9812]: Connection closed by invalid user admin 185.209.179.41 port 58206 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:04 honeypot-fra-1 sshd[9798]: Connection closed by authenticating user root 185.209.179.41 port 58172 [preauth]","@timestamp":"2022-09-14T14:37:05.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9836]: Invalid user devops from 185.209.179.41 port 58252","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9839]: Connection closed by invalid user nguser 185.209.179.41 port 58222 [preauth]","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:05 honeypot-fra-1 sshd[9841]: Connection closed by invalid user cloud 185.209.179.41 port 58190 [preauth]","@timestamp":"2022-09-14T14:37:06.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:37:07 honeypot-fra-1 sshd[9854]: Invalid user linkxess from 185.209.179.41 port 58160","@timestamp":"2022-09-14T14:37:07.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:38:02 honeypot-ams-1 sshd[25380]: Received disconnect from 80.76.51.189 port 49082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T14:38:02.424Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:38:31 honeypot-fra-1 kernel: [84040731.253606] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.79.155 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53850 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:38:31.348Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:39:04 honeypot-ams-1 sshd[25384]: Disconnected from authenticating user root 80.76.51.189 port 54650 [preauth]","@timestamp":"2022-09-14T14:39:05.453Z"}
{"@timestamp":"2022-09-14T14:42:46.487Z","@version":"1","message":"Sep 14 14:42:45 honeypot-sgp-1 kernel: [84042674.548493] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.80.220 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=36909 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:46:18 honeypot-fra-1 kernel: [84041199.061628] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.207 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=577 PROTO=TCP SPT=59810 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T14:46:19.553Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:47:58 honeypot-ams-1 sshd[25391]: Invalid user  from 152.32.142.133 port 32086","@timestamp":"2022-09-14T14:47:58.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:48:02 honeypot-fra-1 sshd[9877]: Invalid user l4d2server from 165.22.45.108 port 57906","@timestamp":"2022-09-14T14:48:02.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:50:06 honeypot-fra-1 sshd[9881]: Disconnected from authenticating user root 61.177.173.39 port 17113 [preauth]","@timestamp":"2022-09-14T14:50:06.661Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 14:51:23 honeypot-fra-1 sshd[9888]: Disconnected from invalid user namarte 201.123.131.103 port 43116 [preauth]","@timestamp":"2022-09-14T14:51:23.695Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:21 honeypot-ams-1 sshd[25397]: Did not receive identification string from 109.205.213.23 port 45514","@timestamp":"2022-09-14T14:52:21.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:52:38 honeypot-ams-1 sshd[25402]: Disconnected from authenticating user root 109.205.213.23 port 56056 [preauth]","@timestamp":"2022-09-14T14:52:38.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:53:02 honeypot-ams-1 sshd[25408]: Disconnected from authenticating user root 109.205.213.23 port 43278 [preauth]","@timestamp":"2022-09-14T14:53:02.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:17 honeypot-ams-1 sshd[25414]: Disconnected from authenticating user root 109.205.213.23 port 45062 [preauth]","@timestamp":"2022-09-14T14:54:17.888Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 14:54:42 honeypot-ams-1 sshd[25420]: Invalid user admin from 109.205.213.23 port 60516","@timestamp":"2022-09-14T14:54:42.906Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:00:01 honeypot-fra-1 sshd[9897]: Received disconnect from 61.177.173.35 port 14576:11:  [preauth]","@timestamp":"2022-09-14T15:00:02.890Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:03:43.994Z","@version":"1","message":"Sep 14 15:03:43 honeypot-sgp-1 kernel: [84043931.715491] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=49533 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:04:09.007Z","@version":"1","message":"Sep 14 15:04:08 honeypot-sgp-1 sshd[13930]: Disconnected from invalid user teste 86.102.122.148 port 45184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:05:57 honeypot-ams-1 kernel: [84044540.138958] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=83.229.82.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55368 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:05:58.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:07:01 honeypot-ams-1 sshd[25428]: Received disconnect from 103.180.120.160 port 51606:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:07:02.228Z"}
{"@timestamp":"2022-09-14T15:09:06.130Z","@version":"1","message":"Sep 14 15:09:05 honeypot-sgp-1 sshd[13937]: Disconnected from authenticating user root 61.177.173.37 port 38029 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:09:27 honeypot-fra-1 sshd[9905]: Received disconnect from 61.177.172.90 port 52733:11:  [preauth]","@timestamp":"2022-09-14T15:09:28.103Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:12:29 honeypot-fra-1 kernel: [84042769.981529] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=19720 PROTO=TCP SPT=47603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:12:30.174Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:13:38 honeypot-ams-1 kernel: [84045001.029841] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=62.68.179.216 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=23232 DF PROTO=TCP SPT=64230 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:13:38.414Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:20:33 honeypot-ams-1 kernel: [84045416.056245] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=51163 PROTO=TCP SPT=48765 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:20:33.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:11 honeypot-ams-1 sshd[25440]: Received disconnect from 45.61.186.49 port 37552:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:21:11.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:21:20 honeypot-ams-1 sshd[25444]: Received disconnect from 45.61.186.49 port 49156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T15:21:20.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:21:44 honeypot-fra-1 sshd[9920]: Disconnected from authenticating user root 61.177.173.51 port 37829 [preauth]","@timestamp":"2022-09-14T15:21:45.389Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:23:14.494Z","@version":"1","message":"Sep 14 15:23:13 honeypot-sgp-1 kernel: [84045102.172965] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=113.31.163.84 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=23004 DF PROTO=TCP SPT=47261 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:23:53.514Z","@version":"1","message":"Sep 14 15:23:52 honeypot-sgp-1 sshd[13957]: Received disconnect from 45.61.186.49 port 35024:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T15:24:03.519Z","@version":"1","message":"Sep 14 15:24:02 honeypot-sgp-1 sshd[13961]: Received disconnect from 45.61.186.49 port 46878:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:25:18 honeypot-ams-1 sshd[25446]: Disconnected from invalid user bpadmin 204.48.30.77 port 46438 [preauth]","@timestamp":"2022-09-14T15:25:18.741Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:25:43 honeypot-fra-1 sshd[9926]: Disconnected from invalid user galaxytab18 177.73.136.175 port 50930 [preauth]","@timestamp":"2022-09-14T15:25:44.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:26:36 honeypot-fra-1 sshd[9934]: Disconnected from authenticating user root 193.142.146.50 port 39836 [preauth]","@timestamp":"2022-09-14T15:26:36.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:27:10 honeypot-fra-1 sshd[9940]: Disconnected from authenticating user root 193.142.146.50 port 37396 [preauth]","@timestamp":"2022-09-14T15:27:10.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:28:35 honeypot-fra-1 sshd[9947]: Disconnected from authenticating user root 193.142.146.50 port 34954 [preauth]","@timestamp":"2022-09-14T15:28:35.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:29:15 honeypot-fra-1 sshd[9955]: Disconnected from authenticating user root 193.142.146.50 port 60746 [preauth]","@timestamp":"2022-09-14T15:29:15.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:30:33 honeypot-fra-1 sshd[9961]: Invalid user admin from 193.142.146.50 port 58306","@timestamp":"2022-09-14T15:30:33.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:30:49.691Z","@version":"1","message":"Sep 14 15:30:49 honeypot-sgp-1 sshd[13972]: Disconnected from authenticating user root 200.241.46.178 port 32994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:31:24 honeypot-ams-1 sshd[25450]: Disconnected from invalid user operator 175.203.23.6 port 40566 [preauth]","@timestamp":"2022-09-14T15:31:24.899Z"}
{"@timestamp":"2022-09-14T15:33:35.758Z","@version":"1","message":"Sep 14 15:33:35 honeypot-sgp-1 sshd[13978]: Invalid user friend from 189.174.32.32 port 48600","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:33:49 honeypot-fra-1 sshd[9965]: Disconnected from authenticating user root 61.177.172.124 port 63740 [preauth]","@timestamp":"2022-09-14T15:33:49.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:36:55 honeypot-ams-1 sshd[25457]: Received disconnect from 92.255.85.70 port 63336:11: Bye Bye [preauth]","@timestamp":"2022-09-14T15:36:56.044Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:37:12 honeypot-fra-1 sshd[9971]: Disconnected from invalid user l4d 165.22.45.108 port 34630 [preauth]","@timestamp":"2022-09-14T15:37:12.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:41 honeypot-ams-1 sshd[25462]: Invalid user user from 141.255.162.226 port 52024","@timestamp":"2022-09-14T15:37:42.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 15:37:43 honeypot-ams-1 sshd[25466]: Invalid user user from 141.255.162.226 port 37952","@timestamp":"2022-09-14T15:37:44.069Z"}
{"@timestamp":"2022-09-14T15:37:51.863Z","@version":"1","message":"Sep 14 15:37:50 honeypot-sgp-1 sshd[13983]: Received disconnect from 61.177.173.53 port 15867:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:40:43 honeypot-ams-1 kernel: [84046626.719063] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.155 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=252 ID=6071 PROTO=TCP SPT=56863 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:40:44.146Z"}
{"@timestamp":"2022-09-14T15:43:19.014Z","@version":"1","message":"Sep 14 15:43:18 honeypot-sgp-1 sshd[13988]: Received disconnect from 196.30.23.194 port 55341:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:45:56 honeypot-fra-1 sshd[9979]: Disconnected from authenticating user root 61.177.173.50 port 34350 [preauth]","@timestamp":"2022-09-14T15:45:56.952Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T15:47:15.108Z","@version":"1","message":"Sep 14 15:47:14 honeypot-sgp-1 sshd[13996]: Received disconnect from 114.205.54.184 port 55214:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 15:51:27 honeypot-ams-1 kernel: [84047270.494215] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.251.102.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54832 PROTO=TCP SPT=35990 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:51:28.427Z"}
{"@timestamp":"2022-09-14T15:54:09.293Z","@version":"1","message":"Sep 14 15:54:08 honeypot-sgp-1 sshd[14003]: Disconnected from 61.177.173.49 port 16172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 15:55:58 honeypot-fra-1 kernel: [84045377.984599] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=7893 PROTO=TCP SPT=50424 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T15:55:58.173Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:01:14 honeypot-ams-1 sshd[25494]: Invalid user admin from 91.240.118.222 port 51422","@timestamp":"2022-09-14T16:01:14.679Z"}
{"@timestamp":"2022-09-14T16:01:46.478Z","@version":"1","message":"Sep 14 16:01:46 honeypot-sgp-1 sshd[14012]: Received disconnect from 61.177.173.39 port 35116:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:04:30 honeypot-fra-1 kernel: [84045890.471678] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.168.16.46 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=7242 DF PROTO=TCP SPT=52727 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T16:04:31.376Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:05:16 honeypot-ams-1 sshd[25499]: Invalid user iz from 196.30.23.194 port 50680","@timestamp":"2022-09-14T16:05:17.783Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:05:52 honeypot-ams-1 kernel: [84048135.888481] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.172.148.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=63470 PROTO=TCP SPT=51179 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:05:53.801Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:07:08 honeypot-ams-1 kernel: [84048211.848611] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=53282 PROTO=TCP SPT=25974 DPT=80 WINDOW=11574 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:07:09.836Z"}
{"@timestamp":"2022-09-14T16:09:48.669Z","@version":"1","message":"Sep 14 16:09:47 honeypot-sgp-1 sshd[14017]: Disconnecting invalid user admin 31.184.198.71 port 48197: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:16.684Z","@version":"1","message":"Sep 14 16:10:15 honeypot-sgp-1 sshd[14023]: Disconnecting invalid user admin 31.184.198.71 port 2437: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:10:39.696Z","@version":"1","message":"Sep 14 16:10:39 honeypot-sgp-1 sshd[14029]: Disconnecting invalid user aerohive 31.184.198.71 port 42804: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:03.707Z","@version":"1","message":"Sep 14 16:11:02 honeypot-sgp-1 sshd[14035]: Disconnecting invalid user private 31.184.198.71 port 58775: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:11:40.727Z","@version":"1","message":"Sep 14 16:11:40 honeypot-sgp-1 sshd[14045]: Did not receive identification string from 45.61.184.204 port 50390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:03.738Z","@version":"1","message":"Sep 14 16:12:03 honeypot-sgp-1 sshd[14048]: Disconnecting invalid user user 31.184.198.71 port 39872: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:21.747Z","@version":"1","message":"Sep 14 16:12:21 honeypot-sgp-1 sshd[14055]: Disconnected from invalid user user 45.61.184.204 port 44392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:34.754Z","@version":"1","message":"Sep 14 16:12:33 honeypot-sgp-1 sshd[14060]: Invalid user admin from 31.184.198.71 port 64633","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:47.761Z","@version":"1","message":"Sep 14 16:12:47 honeypot-sgp-1 sshd[14064]: Disconnecting invalid user guest 31.184.198.71 port 46989: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:12:59.768Z","@version":"1","message":"Sep 14 16:12:59 honeypot-sgp-1 sshd[14070]: Invalid user user from 45.61.184.204 port 34582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:08.772Z","@version":"1","message":"Sep 14 16:13:07 honeypot-sgp-1 sshd[14074]: Disconnected from invalid user user 45.61.184.204 port 46238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:19.779Z","@version":"1","message":"Sep 14 16:13:19 honeypot-sgp-1 sshd[14080]: Invalid user Cisco from 31.184.198.71 port 14983","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:13:44.792Z","@version":"1","message":"Sep 14 16:13:44 honeypot-sgp-1 sshd[14086]: Invalid user 1234 from 31.184.198.71 port 25458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:08.804Z","@version":"1","message":"Sep 14 16:14:08 honeypot-sgp-1 sshd[14092]: Disconnecting invalid user  31.184.198.71 port 24821: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:14:35.819Z","@version":"1","message":"Sep 14 16:14:34 honeypot-sgp-1 sshd[14098]: Disconnecting invalid user admin 31.184.198.71 port 38125: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:04.834Z","@version":"1","message":"Sep 14 16:15:04 honeypot-sgp-1 sshd[14105]: Disconnecting invalid user  31.184.198.71 port 2958: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:15:38.851Z","@version":"1","message":"Sep 14 16:15:38 honeypot-sgp-1 sshd[14112]: Disconnecting invalid user admin 31.184.198.71 port 40525: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:48 honeypot-ams-1 sshd[25512]: Received disconnect from 191.49.65.97 port 42792:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:15:49.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:15:56 honeypot-ams-1 sshd[25516]: Disconnected from invalid user ubnt 191.49.65.97 port 43085 [preauth]","@timestamp":"2022-09-14T16:15:57.062Z"}
{"@timestamp":"2022-09-14T16:16:02.864Z","@version":"1","message":"Sep 14 16:16:02 honeypot-sgp-1 sshd[14118]: Disconnecting invalid user cusadmin 31.184.198.71 port 23869: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:05 honeypot-ams-1 sshd[25522]: Disconnected from authenticating user root 191.49.65.97 port 43271 [preauth]","@timestamp":"2022-09-14T16:16:06.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:17 honeypot-ams-1 sshd[25528]: Received disconnect from 191.49.65.97 port 43471:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:18.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:26 honeypot-ams-1 sshd[25534]: Received disconnect from 191.49.65.97 port 43751:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:27.079Z"}
{"@timestamp":"2022-09-14T16:16:33.880Z","@version":"1","message":"Sep 14 16:16:33 honeypot-sgp-1 sshd[14125]: Invalid user lgnortel from 31.184.198.71 port 37179","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:16:39 honeypot-ams-1 sshd[25540]: Received disconnect from 191.49.65.97 port 44045:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:16:40.087Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:17:01 honeypot-fra-1 CRON[9998]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T16:17:01.654Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:17:01.895Z","@version":"1","message":"Sep 14 16:17:01 honeypot-sgp-1 CRON[14133]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:17:01 honeypot-ams-1 CRON[25546]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T16:17:02.099Z"}
{"@timestamp":"2022-09-14T16:17:22.905Z","@version":"1","message":"Sep 14 16:17:22 honeypot-sgp-1 sshd[14138]: Invalid user admin1234 from 31.184.198.71 port 64451","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:17:50.919Z","@version":"1","message":"Sep 14 16:17:50 honeypot-sgp-1 sshd[14144]: Invalid user admin from 31.184.198.71 port 7063","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:19.934Z","@version":"1","message":"Sep 14 16:18:19 honeypot-sgp-1 sshd[14152]: Received disconnect from 92.255.85.69 port 39702:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:18:38.943Z","@version":"1","message":"Sep 14 16:18:38 honeypot-sgp-1 sshd[14157]: Invalid user admin from 31.184.198.71 port 8477","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:09.960Z","@version":"1","message":"Sep 14 16:19:09 honeypot-sgp-1 sshd[14163]: Invalid user admin from 31.184.198.71 port 42055","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:31.971Z","@version":"1","message":"Sep 14 16:19:31 honeypot-sgp-1 sshd[14169]: Invalid user Shiko from 31.184.198.71 port 3295","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:19:52.982Z","@version":"1","message":"Sep 14 16:19:52 honeypot-sgp-1 sshd[14176]: Invalid user smcadmin from 31.184.198.71 port 9853","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:22.997Z","@version":"1","message":"Sep 14 16:20:22 honeypot-sgp-1 kernel: [84048530.723020] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.197.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=54321 PROTO=TCP SPT=54696 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:20:40.007Z","@version":"1","message":"Sep 14 16:20:39 honeypot-sgp-1 sshd[14186]: Disconnecting invalid user sweex 31.184.198.71 port 8821: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:20:58 honeypot-ams-1 sshd[25552]: Received disconnect from 68.183.145.59 port 34564:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:20:59.201Z"}
{"@timestamp":"2022-09-14T16:21:06.019Z","@version":"1","message":"Sep 14 16:21:05 honeypot-sgp-1 sshd[14193]: Invalid user  from 31.184.198.71 port 47696","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:21:31.032Z","@version":"1","message":"Sep 14 16:21:30 honeypot-sgp-1 sshd[14199]: Invalid user ubnt from 31.184.198.71 port 53602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:02.048Z","@version":"1","message":"Sep 14 16:22:01 honeypot-sgp-1 sshd[14206]: Invalid user user from 31.184.198.71 port 51005","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:22:39.067Z","@version":"1","message":"Sep 14 16:22:38 honeypot-sgp-1 sshd[14212]: Invalid user Admin from 31.184.198.71 port 24559","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:23:07.080Z","@version":"1","message":"Sep 14 16:23:06 honeypot-sgp-1 sshd[14218]: Invalid user 0 from 31.184.198.71 port 62820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:23:48.100Z","@version":"1","message":"Sep 14 16:23:47 honeypot-sgp-1 sshd[14225]: Invalid user admin from 31.184.198.71 port 20538","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:26:46 honeypot-fra-1 sshd[10004]: Disconnected from invalid user l4dserver 165.22.45.108 port 39606 [preauth]","@timestamp":"2022-09-14T16:26:47.876Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:28:18 honeypot-ams-1 sshd[25559]: Invalid user admin from 161.35.127.34 port 48130","@timestamp":"2022-09-14T16:28:19.388Z"}
{"@timestamp":"2022-09-14T16:28:30.215Z","@version":"1","message":"Sep 14 16:28:29 honeypot-sgp-1 sshd[14232]: Received disconnect from 103.153.141.55 port 50216:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:33:42 honeypot-ams-1 sshd[25564]: Invalid user worker from 14.225.198.182 port 36892","@timestamp":"2022-09-14T16:33:43.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 16:35:24 honeypot-ams-1 sshd[25568]: Received disconnect from 103.164.221.210 port 33286:11: Bye Bye [preauth]","@timestamp":"2022-09-14T16:35:24.571Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:35:50 honeypot-fra-1 sshd[10010]: error: maximum authentication attempts exceeded for invalid user admin from 114.35.235.34 port 33395 ssh2 [preauth]","@timestamp":"2022-09-14T16:35:51.084Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:37:53.454Z","@version":"1","message":"Sep 14 16:37:52 honeypot-sgp-1 sshd[14235]: Disconnected from invalid user flexit 104.131.190.193 port 40210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:47:28 honeypot-fra-1 kernel: [84048468.348858] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=51286 PROTO=TCP SPT=52949 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:47:29.347Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 16:48:37 honeypot-ams-1 kernel: [84050700.378827] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40593 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T16:48:37.907Z"}
{"@timestamp":"2022-09-14T16:51:20.780Z","@version":"1","message":"Sep 14 16:51:20 honeypot-sgp-1 kernel: [84050388.744022] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7358 PROTO=TCP SPT=52949 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:52:53.822Z","@version":"1","message":"Sep 14 16:52:52 honeypot-sgp-1 sshd[14246]: Received disconnect from 193.142.146.50 port 34790:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T16:54:15.859Z","@version":"1","message":"Sep 14 16:54:15 honeypot-sgp-1 sshd[14252]: Received disconnect from 193.142.146.50 port 59050:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:54:52 honeypot-fra-1 sshd[10018]: Did not receive identification string from 45.61.186.49 port 49570","@timestamp":"2022-09-14T16:54:52.516Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:54:55.879Z","@version":"1","message":"Sep 14 16:54:55 honeypot-sgp-1 sshd[14259]: Received disconnect from 193.142.146.50 port 55078:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:20 honeypot-fra-1 sshd[10022]: Disconnected from invalid user user 45.61.186.49 port 60738 [preauth]","@timestamp":"2022-09-14T16:55:21.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:55:27.895Z","@version":"1","message":"Sep 14 16:55:27 honeypot-sgp-1 sshd[14265]: Received disconnect from 193.142.146.50 port 33610:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 16:55:30 honeypot-fra-1 sshd[10026]: Disconnected from invalid user user 45.61.186.49 port 43788 [preauth]","@timestamp":"2022-09-14T16:55:30.534Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T16:56:27.921Z","@version":"1","message":"Sep 14 16:56:27 honeypot-sgp-1 sshd[14269]: Received disconnect from 193.142.146.50 port 40374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:05:10 honeypot-ams-1 kernel: [84051693.509506] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.183.121.234 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=1461 DF PROTO=TCP SPT=22312 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:05:11.331Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:19 honeypot-fra-1 sshd[10030]: Received disconnect from 45.61.187.160 port 40734:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:05:20.776Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:39 honeypot-fra-1 sshd[10034]: Received disconnect from 45.61.187.160 port 35270:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:05:40.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:05:58 honeypot-fra-1 sshd[10039]: Received disconnect from 45.61.187.160 port 58048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:05:58.793Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:06:15 honeypot-fra-1 sshd[10043]: Received disconnect from 45.61.187.160 port 52556:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:06:15.802Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T17:08:49.213Z","@version":"1","message":"Sep 14 17:08:48 honeypot-sgp-1 sshd[14276]: Received disconnect from 109.205.213.23 port 36294:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:04.221Z","@version":"1","message":"Sep 14 17:09:03 honeypot-sgp-1 sshd[14283]: Received disconnect from 109.205.213.23 port 37610:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T17:09:19.229Z","@version":"1","message":"Sep 14 17:09:18 honeypot-sgp-1 sshd[14287]: Disconnected from authenticating user root 109.205.213.23 port 38926 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:09:50 honeypot-fra-1 kernel: [84049810.580215] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.158.113.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46111 PROTO=TCP SPT=51642 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:09:50.884Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T17:09:52.244Z","@version":"1","message":"Sep 14 17:09:51 honeypot-sgp-1 sshd[14293]: Disconnected from authenticating user root 109.205.213.23 port 55014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:09:55 honeypot-ams-1 sshd[25580]: Received disconnect from 92.255.85.70 port 43678:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:09:56.456Z"}
{"@timestamp":"2022-09-14T17:11:03.276Z","@version":"1","message":"Sep 14 17:11:02 honeypot-sgp-1 sshd[14300]: Received disconnect from 109.205.213.23 port 57648:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:12:19 honeypot-ams-1 sshd[25584]: Received disconnect from 187.32.8.50 port 51168:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:12:19.517Z"}
{"@timestamp":"2022-09-14T17:13:12.331Z","@version":"1","message":"Sep 14 17:13:12 honeypot-sgp-1 kernel: [84051700.593330] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=239 ID=44428 PROTO=TCP SPT=55486 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:13:44 honeypot-ams-1 sshd[25589]: Received disconnect from 203.151.83.7 port 32848:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:13:45.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:15:28 honeypot-fra-1 kernel: [84050148.185503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=243 ID=56462 PROTO=TCP SPT=55486 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:15:29.014Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:17:01 honeypot-ams-1 CRON[25593]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T17:17:01.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:30 honeypot-ams-1 sshd[25599]: Invalid user user from 198.98.61.9 port 33496","@timestamp":"2022-09-14T17:22:30.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:22:32 honeypot-fra-1 kernel: [84050572.343084] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=109.248.6.38 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x20 TTL=74 ID=17908 PROTO=TCP SPT=56372 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:22:33.177Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:22:48 honeypot-ams-1 sshd[25603]: Invalid user user from 198.98.61.9 port 56010","@timestamp":"2022-09-14T17:22:48.794Z"}
{"@timestamp":"2022-09-14T17:22:52.562Z","@version":"1","message":"Sep 14 17:22:52 honeypot-sgp-1 kernel: [84052280.686138] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=29539 DF PROTO=TCP SPT=30563 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:06 honeypot-ams-1 sshd[25607]: Invalid user user from 198.98.61.9 port 50276","@timestamp":"2022-09-14T17:23:06.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:23:23 honeypot-ams-1 sshd[25611]: Invalid user user from 198.98.61.9 port 44546","@timestamp":"2022-09-14T17:23:23.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:25:25 honeypot-fra-1 sshd[10061]: Disconnected from invalid user admin 199.115.228.186 port 42494 [preauth]","@timestamp":"2022-09-14T17:25:26.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:28:46 honeypot-fra-1 sshd[10068]: Received disconnect from 45.61.184.204 port 36266:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:28:47.326Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:04 honeypot-fra-1 sshd[10072]: Received disconnect from 45.61.184.204 port 59078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:29:05.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:23 honeypot-fra-1 sshd[10076]: Received disconnect from 45.61.184.204 port 53654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T17:29:24.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:29:31 honeypot-fra-1 sshd[10080]: Disconnected from invalid user user 45.61.184.204 port 36832 [preauth]","@timestamp":"2022-09-14T17:29:32.347Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:30:07 honeypot-ams-1 kernel: [84053190.076048] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=47021 PROTO=TCP SPT=56602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:30:07.980Z"}
{"@timestamp":"2022-09-14T17:30:56.754Z","@version":"1","message":"Sep 14 17:30:55 honeypot-sgp-1 kernel: [84052764.384992] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=50905 PROTO=TCP SPT=56602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:31:17 honeypot-fra-1 sshd[10084]: Disconnected from authenticating user root 92.255.85.69 port 42276 [preauth]","@timestamp":"2022-09-14T17:31:17.388Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:34:54 honeypot-ams-1 sshd[25624]: Invalid user monitor from 152.32.229.160 port 64096","@timestamp":"2022-09-14T17:34:55.100Z"}
{"@timestamp":"2022-09-14T17:40:49.984Z","@version":"1","message":"Sep 14 17:40:49 honeypot-sgp-1 kernel: [84053358.196649] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.123.78.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=238 ID=39446 PROTO=TCP SPT=57137 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:41:04 honeypot-fra-1 sshd[10090]: Disconnected from authenticating user root 139.59.233.124 port 44004 [preauth]","@timestamp":"2022-09-14T17:41:05.613Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 17:42:22 honeypot-ams-1 kernel: [84053925.480898] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.2.9.178 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=242 ID=464 DF PROTO=TCP SPT=32567 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T17:42:23.296Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:42:25 honeypot-fra-1 sshd[10097]: Received disconnect from 212.112.98.98 port 41522:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:42:25.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:48:36 honeypot-fra-1 sshd[10100]: Received disconnect from 178.128.243.6 port 38876:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:48:36.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:50:36 honeypot-fra-1 sshd[10104]: Received disconnect from 162.215.1.193 port 52342:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:50:36.836Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 17:55:57 honeypot-fra-1 sshd[10109]: Received disconnect from 36.66.151.17 port 49291:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:55:57.959Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 17:56:35 honeypot-ams-1 sshd[25633]: Received disconnect from 92.255.85.69 port 55298:11: Bye Bye [preauth]","@timestamp":"2022-09-14T17:56:35.659Z"}
{"@timestamp":"2022-09-14T17:58:55.407Z","@version":"1","message":"Sep 14 17:58:54 honeypot-sgp-1 kernel: [84054443.222918] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=54.185.167.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=59149 PROTO=TCP SPT=58316 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:02:31 honeypot-fra-1 sshd[10112]: Disconnected from invalid user la 165.22.45.108 port 49570 [preauth]","@timestamp":"2022-09-14T18:02:32.108Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:03:54 honeypot-fra-1 sshd[10116]: Disconnected from invalid user postgres 82.200.65.218 port 43772 [preauth]","@timestamp":"2022-09-14T18:03:55.143Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:05:08 honeypot-ams-1 sshd[25636]: Disconnected from invalid user admin 104.131.13.185 port 44880 [preauth]","@timestamp":"2022-09-14T18:05:08.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:07:20 honeypot-fra-1 kernel: [84053259.963203] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=55730 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:07:21.221Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T18:08:04.052Z","@version":"1","message":"Sep 14 18:08:03 honeypot-sgp-1 kernel: [84054991.715935] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=42010 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:08:37 honeypot-fra-1 sshd[10126]: Disconnected from invalid user gituser 164.70.100.221 port 47422 [preauth]","@timestamp":"2022-09-14T18:08:37.253Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:11:35 honeypot-fra-1 kernel: [84053514.726108] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17925 PROTO=TCP SPT=58403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:11:35.325Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:11:42 honeypot-ams-1 kernel: [84055685.071734] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=45831 PROTO=TCP SPT=58403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:11:43.054Z"}
{"@timestamp":"2022-09-14T18:17:02.264Z","@version":"1","message":"Sep 14 18:17:01 honeypot-sgp-1 CRON[14333]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:17:01 honeypot-fra-1 CRON[10139]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T18:17:02.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:19:40 honeypot-fra-1 sshd[10145]: Disconnected from invalid user ks 119.28.105.34 port 53788 [preauth]","@timestamp":"2022-09-14T18:19:40.511Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:20:15 honeypot-ams-1 sshd[25645]: Disconnected from authenticating user root 92.255.85.70 port 26770 [preauth]","@timestamp":"2022-09-14T18:20:16.274Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:24:09 honeypot-fra-1 kernel: [84054269.377921] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=29066 PROTO=TCP SPT=54499 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:24:10.614Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T18:30:31.582Z","@version":"1","message":"Sep 14 18:30:30 honeypot-sgp-1 kernel: [84056338.969774] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.88.209.6 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=12721 DF PROTO=TCP SPT=34304 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:33:20 honeypot-ams-1 kernel: [84056983.092275] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.95.160.119 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=24291 PROTO=TCP SPT=53929 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:33:20.621Z"}
{"@timestamp":"2022-09-14T18:40:09.811Z","@version":"1","message":"Sep 14 18:40:09 honeypot-sgp-1 kernel: [84056917.784500] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=117.222.164.9 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=9365 DF PROTO=TCP SPT=47518 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:16 honeypot-ams-1 sshd[25654]: Received disconnect from 80.76.51.45 port 45866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:40:16.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:40:45 honeypot-ams-1 sshd[25658]: Disconnected from authenticating user root 80.76.51.45 port 44536 [preauth]","@timestamp":"2022-09-14T18:40:46.832Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:41:13 honeypot-fra-1 sshd[10155]: Received disconnect from 92.255.85.70 port 41236:11: Bye Bye [preauth]","@timestamp":"2022-09-14T18:41:13.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:41:29 honeypot-ams-1 sshd[25664]: Disconnected from authenticating user root 80.76.51.45 port 56666 [preauth]","@timestamp":"2022-09-14T18:41:29.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:12 honeypot-ams-1 sshd[25670]: Disconnected from authenticating user root 80.76.51.45 port 40580 [preauth]","@timestamp":"2022-09-14T18:42:12.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:42:55 honeypot-ams-1 sshd[25676]: Invalid user git from 80.76.51.45 port 52664","@timestamp":"2022-09-14T18:42:55.897Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:44:41 honeypot-ams-1 sshd[25680]: Connection closed by invalid user admin 175.203.31.86 port 32932 [preauth]","@timestamp":"2022-09-14T18:44:41.946Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 18:47:41 honeypot-ams-1 kernel: [84057844.261638] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.179.184.132 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=14263 DF PROTO=TCP SPT=59056 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:47:42.029Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:47:56 honeypot-fra-1 kernel: [84055695.664525] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=129.226.40.165 DST=165.22.82.222 LEN=60 TOS=0x0A PREC=0x60 TTL=53 ID=17133 DF PROTO=TCP SPT=50661 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T18:47:56.152Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:51:55 honeypot-fra-1 kernel: [84055934.517089] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.130.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63796 PROTO=TCP SPT=51187 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T18:51:55.246Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:53:33 honeypot-ams-1 sshd[25687]: Disconnected from authenticating user root 80.76.51.46 port 38224 [preauth]","@timestamp":"2022-09-14T18:53:33.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:02 honeypot-ams-1 sshd[25694]: Received disconnect from 80.76.51.46 port 48978:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:54:02.228Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:15 honeypot-ams-1 sshd[25698]: Disconnected from invalid user user 141.255.162.226 port 37894 [preauth]","@timestamp":"2022-09-14T18:54:15.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:17 honeypot-ams-1 sshd[25702]: Disconnected from invalid user user 141.255.162.226 port 57790 [preauth]","@timestamp":"2022-09-14T18:54:18.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:21 honeypot-ams-1 sshd[25706]: Disconnected from invalid user user 141.255.162.226 port 34676 [preauth]","@timestamp":"2022-09-14T18:54:22.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:24 honeypot-ams-1 sshd[25712]: Invalid user user from 141.255.162.226 port 51358","@timestamp":"2022-09-14T18:54:24.241Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:54:28 honeypot-fra-1 sshd[10167]: Connection closed by authenticating user www-data 141.98.10.158 port 42622 [preauth]","@timestamp":"2022-09-14T18:54:29.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:54:43 honeypot-ams-1 sshd[25716]: Disconnected from authenticating user root 80.76.51.46 port 34950 [preauth]","@timestamp":"2022-09-14T18:54:44.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:15 honeypot-ams-1 sshd[25722]: Received disconnect from 80.76.51.46 port 45654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T18:55:16.270Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 18:55:54 honeypot-ams-1 sshd[25726]: Disconnected from authenticating user root 187.157.153.167 port 56144 [preauth]","@timestamp":"2022-09-14T18:55:55.288Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 18:56:07 honeypot-fra-1 sshd[10173]: Invalid user pi from 194.44.139.244 port 49542","@timestamp":"2022-09-14T18:56:07.370Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:00:30 honeypot-ams-1 kernel: [84058612.852534] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=47481 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:00:30.411Z"}
{"@timestamp":"2022-09-14T19:01:50.312Z","@version":"1","message":"Sep 14 19:01:50 honeypot-sgp-1 sshd[14361]: Invalid user qq from 112.137.140.40 port 46294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:02:06 honeypot-fra-1 kernel: [84056545.983005] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.197.151.29 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=58882 PROTO=TCP SPT=42114 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:02:06.509Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:58 honeypot-fra-1 sshd[10183]: Did not receive identification string from 43.138.12.15 port 41194","@timestamp":"2022-09-14T19:07:58.644Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10212]: Invalid user esuser from 43.138.12.15 port 44082","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:07:59 honeypot-fra-1 sshd[10196]: Connection closed by invalid user es 43.138.12.15 port 44070 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10217]: Connection closed by invalid user admin 43.138.12.15 port 44084 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10193]: Invalid user esuser from 43.138.12.15 port 44024","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10205]: Invalid user admin from 43.138.12.15 port 44090","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10209]: Invalid user postgres from 43.138.12.15 port 44044","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10190]: Connection closed by invalid user centos 43.138.12.15 port 44088 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10195]: Connection closed by invalid user user 43.138.12.15 port 44100 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10199]: Connection closed by invalid user mcserv 43.138.12.15 port 44034 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:08:00 honeypot-fra-1 sshd[10215]: Connection closed by invalid user ec2-user 43.138.12.15 port 44102 [preauth]","@timestamp":"2022-09-14T19:08:00.647Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:09:12.490Z","@version":"1","message":"Sep 14 19:09:12 honeypot-sgp-1 sshd[14366]: Invalid user dmz from 139.99.88.110 port 55962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:09:46 honeypot-ams-1 sshd[25734]: Disconnecting invalid user admin 176.15.138.108 port 1716: Too many authentication failures [preauth]","@timestamp":"2022-09-14T19:09:47.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:17:01 honeypot-ams-1 CRON[25739]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T19:17:01.840Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:17:01 honeypot-fra-1 CRON[10255]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-14T19:17:01.853Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:21:29.785Z","@version":"1","message":"Sep 14 19:21:28 honeypot-sgp-1 kernel: [84059397.216708] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=1919 DF PROTO=TCP SPT=28971 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:25:08.877Z","@version":"1","message":"Sep 14 19:25:08 honeypot-sgp-1 sshd[14377]: Received disconnect from 92.255.85.69 port 40848:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:27:27 honeypot-ams-1 kernel: [84060229.805096] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.57.122.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=4025 PROTO=TCP SPT=43098 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:27:27.132Z"}
{"@timestamp":"2022-09-14T19:28:41.980Z","@version":"1","message":"Sep 14 19:28:41 honeypot-sgp-1 sshd[14382]: Received disconnect from 186.233.210.86 port 56888:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T19:30:24.024Z","@version":"1","message":"Sep 14 19:30:23 honeypot-sgp-1 sshd[14387]: Disconnected from authenticating user root 45.181.32.41 port 37596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:32:13 honeypot-fra-1 kernel: [84058352.777856] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.246.253.24 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=40387 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T19:32:14.198Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T19:39:42.249Z","@version":"1","message":"Sep 14 19:39:41 honeypot-sgp-1 kernel: [84060489.974326] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=44.204.176.173 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=104 ID=39122 DF PROTO=TCP SPT=56382 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 19:39:43 honeypot-ams-1 kernel: [84060965.813002] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=87.251.64.35 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=122 ID=403 DF PROTO=TCP SPT=46672 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T19:39:43.440Z"}
{"@timestamp":"2022-09-14T19:46:14.406Z","@version":"1","message":"Sep 14 19:46:13 honeypot-sgp-1 sshd[14397]: Disconnected from invalid user oky 113.200.60.74 port 41933 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:49:46 honeypot-fra-1 sshd[10360]: Received disconnect from 60.249.82.125 port 34598:11: Bye Bye [preauth]","@timestamp":"2022-09-14T19:49:46.589Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 19:50:12 honeypot-ams-1 sshd[25752]: Invalid user tomcat from 193.106.191.157 port 33872","@timestamp":"2022-09-14T19:50:12.717Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:51:10 honeypot-fra-1 sshd[10364]: Disconnected from authenticating user root 92.255.85.69 port 58242 [preauth]","@timestamp":"2022-09-14T19:51:10.623Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T19:51:13.527Z","@version":"1","message":"Sep 14 19:51:13 honeypot-sgp-1 sshd[14404]: Received disconnect from 13.76.164.123 port 34374:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10371]: Invalid user appuser from 45.127.108.174 port 54246","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10396]: Invalid user vnc from 45.127.108.174 port 54238","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10369]: Invalid user devops from 45.127.108.174 port 54192","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10384]: Connection closed by invalid user testuser 45.127.108.174 port 54262 [preauth]","@timestamp":"2022-09-14T19:53:54.687Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10383]: Connection closed by authenticating user root 45.127.108.174 port 54224 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10377]: Connection closed by invalid user ubuntu 45.127.108.174 port 54218 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:53 honeypot-fra-1 sshd[10396]: Connection closed by invalid user vnc 45.127.108.174 port 54238 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 19:53:54 honeypot-fra-1 sshd[10398]: Connection closed by invalid user mysql 45.127.108.174 port 54252 [preauth]","@timestamp":"2022-09-14T19:53:54.688Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:03:16 honeypot-ams-1 kernel: [84062378.906376] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=56942 PROTO=TCP SPT=45258 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:03:17.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:04:23 honeypot-fra-1 kernel: [84060282.460049] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=22719 PROTO=TCP SPT=45258 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:04:23.923Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T20:05:05.861Z","@version":"1","message":"Sep 14 20:05:05 honeypot-sgp-1 sshd[14407]: Disconnecting invalid user admin 180.150.31.207 port 46065: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:30.063Z","@version":"1","message":"Sep 14 20:13:29 honeypot-sgp-1 sshd[14414]: Invalid user user from 141.255.162.226 port 33494","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:30.063Z","@version":"1","message":"Sep 14 20:13:30 honeypot-sgp-1 sshd[14418]: Invalid user user from 141.255.162.226 port 49670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:35.066Z","@version":"1","message":"Sep 14 20:13:34 honeypot-sgp-1 sshd[14420]: Received disconnect from 141.255.162.226 port 37630:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:36.067Z","@version":"1","message":"Sep 14 20:13:35 honeypot-sgp-1 sshd[14425]: Disconnected from invalid user user 141.255.162.226 port 45728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:49.074Z","@version":"1","message":"Sep 14 20:13:48 honeypot-sgp-1 sshd[14429]: Disconnected from invalid user user 45.61.186.49 port 59704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:13:58.078Z","@version":"1","message":"Sep 14 20:13:57 honeypot-sgp-1 sshd[14435]: Invalid user user from 45.61.186.49 port 42876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:14:44 honeypot-fra-1 sshd[10440]: Invalid user chase from 103.2.135.19 port 39428","@timestamp":"2022-09-14T20:14:45.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:16:04 honeypot-fra-1 kernel: [84060984.212807] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.203.17 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55741 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:16:05.190Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T20:16:50.148Z","@version":"1","message":"Sep 14 20:16:49 honeypot-sgp-1 sshd[14439]: Received disconnect from 110.141.33.146 port 51796:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:17:01 honeypot-ams-1 CRON[25765]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T20:17:01.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:18:18 honeypot-ams-1 sshd[25770]: Connection closed by invalid user admin 110.149.184.98 port 56041 [preauth]","@timestamp":"2022-09-14T20:18:18.470Z"}
{"@timestamp":"2022-09-14T20:21:45.268Z","@version":"1","message":"Sep 14 20:21:44 honeypot-sgp-1 sshd[14445]: Received disconnect from 43.154.18.2 port 41061:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:26:37 honeypot-fra-1 sshd[10451]: Received disconnect from 165.22.45.108 port 36298:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T20:26:38.430Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T20:27:12.403Z","@version":"1","message":"Sep 14 20:27:11 honeypot-sgp-1 sshd[14450]: Received disconnect from 103.225.124.210 port 51480:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:29:40 honeypot-ams-1 sshd[25775]: Received disconnect from 164.163.96.253 port 44304:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:29:40.767Z"}
{"@timestamp":"2022-09-14T20:33:39.563Z","@version":"1","message":"Sep 14 20:33:38 honeypot-sgp-1 kernel: [84063727.111664] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=247 ID=14690 PROTO=TCP SPT=46289 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:35:23 honeypot-fra-1 kernel: [84062142.378508] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=20448 PROTO=TCP SPT=29406 DPT=443 WINDOW=42621 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:35:23.628Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T20:36:39.819Z","@version":"1","message":"Sep 14 20:36:38 honeypot-sgp-1 sshd[14457]: Disconnected from invalid user user 141.255.162.226 port 36274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:43.821Z","@version":"1","message":"Sep 14 20:36:43 honeypot-sgp-1 sshd[14461]: Disconnected from invalid user user 141.255.162.226 port 53118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:36:47.823Z","@version":"1","message":"Sep 14 20:36:46 honeypot-sgp-1 sshd[14465]: Disconnected from invalid user user 141.255.162.226 port 50182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:37:27 honeypot-ams-1 kernel: [84064430.374624] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.240.55.81 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=9404 DF PROTO=TCP SPT=50068 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:37:27.973Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 20:42:03 honeypot-fra-1 kernel: [84062542.709399] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=17069 PROTO=TCP SPT=48028 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:42:03.778Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 20:43:43 honeypot-ams-1 kernel: [84064806.332931] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.23.222.167 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=53124 PROTO=TCP SPT=48018 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T20:43:44.144Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 20:48:34 honeypot-ams-1 sshd[25785]: Received disconnect from 202.88.244.36 port 38098:11: Bye Bye [preauth]","@timestamp":"2022-09-14T20:48:34.270Z"}
{"@timestamp":"2022-09-14T20:54:17.224Z","@version":"1","message":"Sep 14 20:54:17 honeypot-sgp-1 kernel: [84064965.233384] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.109 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=10237 PROTO=TCP SPT=36435 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:58:33.325Z","@version":"1","message":"Sep 14 20:58:33 honeypot-sgp-1 sshd[14476]: Disconnected from authenticating user root 92.255.85.70 port 32480 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T20:59:51.357Z","@version":"1","message":"Sep 14 20:59:50 honeypot-sgp-1 sshd[14481]: Disconnected from invalid user dks 116.92.213.114 port 53358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:01:41 honeypot-fra-1 sshd[10460]: Received disconnect from 92.255.85.70 port 29190:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:01:42.219Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:02:21 honeypot-ams-1 sshd[25789]: Received disconnect from 45.175.18.29 port 44634:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:02:21.632Z"}
{"@timestamp":"2022-09-14T21:06:19.507Z","@version":"1","message":"Sep 14 21:06:19 honeypot-sgp-1 sshd[14562]: Connection closed by invalid user pi 50.45.186.194 port 38322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:02 honeypot-fra-1 sshd[10469]: Invalid user elasticsearch from 43.138.12.15 port 55904","@timestamp":"2022-09-14T21:08:02.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:03 honeypot-fra-1 sshd[10466]: Connection closed by invalid user esuser 43.138.12.15 port 55906 [preauth]","@timestamp":"2022-09-14T21:08:03.362Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:08:03 honeypot-ams-1 kernel: [84066265.891893] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=62.108.40.120 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=8528 PROTO=TCP SPT=11410 DPT=80 WINDOW=33578 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:08:03.785Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10474]: Invalid user ts3srv from 43.138.12.15 port 55916","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10487]: Invalid user esuser from 43.138.12.15 port 55932","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10499]: Invalid user guest from 43.138.12.15 port 55974","@timestamp":"2022-09-14T21:08:05.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10473]: Connection closed by invalid user elastic 43.138.12.15 port 55940 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10485]: Invalid user ts3server from 43.138.12.15 port 55922","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:05 honeypot-fra-1 sshd[10485]: Connection closed by invalid user ts3server 43.138.12.15 port 55922 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10483]: Connection closed by invalid user elasticsearch 43.138.12.15 port 55920 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10495]: Connection closed by invalid user elastic 43.138.12.15 port 55926 [preauth]","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:08:06 honeypot-fra-1 sshd[10493]: Invalid user ec2 from 43.138.12.15 port 55930","@timestamp":"2022-09-14T21:08:06.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T21:09:38.583Z","@version":"1","message":"Sep 14 21:09:37 honeypot-sgp-1 kernel: [84065885.780214] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=33073 DF PROTO=TCP SPT=43850 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T21:13:50.683Z","@version":"1","message":"Sep 14 21:13:50 honeypot-sgp-1 kernel: [84066138.228698] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.172.249.199 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=21240 DF PROTO=TCP SPT=64931 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:14:36 honeypot-fra-1 sshd[10531]: Received disconnect from 165.22.45.108 port 41286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T21:14:37.510Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:25:05 honeypot-ams-1 sshd[25799]: Received disconnect from 138.68.162.6 port 36450:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:25:06.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:25:08 honeypot-fra-1 sshd[10537]: Received disconnect from 92.255.85.69 port 53434:11: Bye Bye [preauth]","@timestamp":"2022-09-14T21:25:08.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:26:14 honeypot-fra-1 kernel: [84065193.201428] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.152.52.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3250 PROTO=TCP SPT=50773 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:26:14.769Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:31:01 honeypot-fra-1 sshd[10543]: Did not receive identification string from 49.77.1.40 port 50210","@timestamp":"2022-09-14T21:31:02.880Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:08 honeypot-ams-1 sshd[25806]: Did not receive identification string from 198.98.61.9 port 39548","@timestamp":"2022-09-14T21:31:09.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:31:49 honeypot-ams-1 sshd[25809]: Disconnected from invalid user user 198.98.61.9 port 43092 [preauth]","@timestamp":"2022-09-14T21:31:50.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:06 honeypot-ams-1 sshd[25813]: Disconnected from invalid user user 198.98.61.9 port 38022 [preauth]","@timestamp":"2022-09-14T21:32:07.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:32:24 honeypot-ams-1 sshd[25817]: Disconnected from invalid user user 198.98.61.9 port 32830 [preauth]","@timestamp":"2022-09-14T21:32:25.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:37:36 honeypot-ams-1 sshd[25822]: Invalid user saber from 3.110.215.200 port 59348","@timestamp":"2022-09-14T21:37:36.595Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 21:42:57 honeypot-ams-1 kernel: [84068360.167276] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44332 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:42:57.734Z"}
{"@timestamp":"2022-09-14T21:44:02.380Z","@version":"1","message":"Sep 14 21:44:01 honeypot-sgp-1 kernel: [84067950.064406] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.194.196 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57086 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:10 honeypot-ams-1 sshd[25829]: Disconnected from authenticating user root 92.255.85.69 port 20584 [preauth]","@timestamp":"2022-09-14T21:51:10.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:24 honeypot-ams-1 sshd[25833]: Disconnected from invalid user user 45.61.186.249 port 57334 [preauth]","@timestamp":"2022-09-14T21:51:24.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:51:44 honeypot-ams-1 sshd[25837]: Disconnected from invalid user user 45.61.186.249 port 51402 [preauth]","@timestamp":"2022-09-14T21:51:44.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 21:52:01 honeypot-ams-1 sshd[25841]: Disconnected from invalid user user 45.61.186.249 port 45470 [preauth]","@timestamp":"2022-09-14T21:52:01.979Z"}
{"@timestamp":"2022-09-14T21:52:55.584Z","@version":"1","message":"Sep 14 21:52:54 honeypot-sgp-1 sshd[14581]: Invalid user user from 103.188.176.251 port 52078","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 21:53:42 honeypot-fra-1 kernel: [84066841.816111] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.91.221.105 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T21:53:43.395Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T21:59:45.742Z","@version":"1","message":"Sep 14 21:59:44 honeypot-sgp-1 kernel: [84068892.855463] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.140 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=30620 PROTO=TCP SPT=21711 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:03:25 honeypot-fra-1 sshd[10552]: Did not receive identification string from 188.166.127.59 port 44270","@timestamp":"2022-09-14T22:03:25.633Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:05:22.874Z","@version":"1","message":"Sep 14 22:05:22 honeypot-sgp-1 sshd[14590]: Did not receive identification string from 141.255.162.226 port 51850","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:29.878Z","@version":"1","message":"Sep 14 22:05:28 honeypot-sgp-1 sshd[14593]: Disconnected from invalid user user 141.255.162.226 port 34332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:05:34.880Z","@version":"1","message":"Sep 14 22:05:34 honeypot-sgp-1 sshd[14597]: Disconnected from invalid user user 141.255.162.226 port 56832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:06:17 honeypot-ams-1 kernel: [84069760.329532] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=51379 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:06:18.344Z"}
{"@timestamp":"2022-09-14T22:07:12.919Z","@version":"1","message":"Sep 14 22:07:12 honeypot-sgp-1 sshd[14599]: Disconnected from invalid user jb 128.199.150.171 port 49156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:27 honeypot-ams-1 sshd[25849]: Received disconnect from 46.101.135.232 port 55410:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:09:28.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:09:49 honeypot-ams-1 sshd[25853]: Disconnected from authenticating user root 103.119.144.75 port 41852 [preauth]","@timestamp":"2022-09-14T22:09:49.438Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:11:10 honeypot-ams-1 sshd[25857]: Invalid user http from 162.19.26.39 port 44774","@timestamp":"2022-09-14T22:11:11.476Z"}
{"@timestamp":"2022-09-14T22:11:44.026Z","@version":"1","message":"Sep 14 22:11:43 honeypot-sgp-1 sshd[14606]: Received disconnect from 61.177.172.124 port 23580:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:11:44 honeypot-fra-1 sshd[10556]: Received disconnect from 92.255.85.69 port 18328:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:11:44.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:14:30 honeypot-ams-1 sshd[25862]: Received disconnect from 92.255.85.69 port 44384:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:14:30.562Z"}
{"@timestamp":"2022-09-14T22:14:58.102Z","@version":"1","message":"Sep 14 22:14:57 honeypot-sgp-1 kernel: [84069805.781015] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=147.75.47.189 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=39926 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:15:58 honeypot-ams-1 sshd[25867]: Disconnected from authenticating user root 61.177.172.104 port 26746 [preauth]","@timestamp":"2022-09-14T22:15:58.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:17:01 honeypot-fra-1 CRON[10562]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-14T22:17:01.956Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:17:38 honeypot-ams-1 kernel: [84070441.545124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=123 ID=5188 PROTO=TCP SPT=4164 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:17:39.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:22:10 honeypot-ams-1 sshd[25875]: Received disconnect from 134.122.8.241 port 51768:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:22:10.774Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:23:20 honeypot-fra-1 kernel: [84068619.238868] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.194.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37120 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:23:21.122Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T22:24:28.340Z","@version":"1","message":"Sep 14 22:24:27 honeypot-sgp-1 sshd[14616]: Disconnected from authenticating user root 61.177.173.39 port 44195 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:25:48 honeypot-ams-1 kernel: [84070930.699216] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.166.145.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=33954 PROTO=TCP SPT=16315 DPT=80 WINDOW=32755 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:25:48.870Z"}
{"@timestamp":"2022-09-14T22:26:09.383Z","@version":"1","message":"Sep 14 22:26:09 honeypot-sgp-1 sshd[14622]: Invalid user murilo from 46.101.2.4 port 57634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:26:45.400Z","@version":"1","message":"Sep 14 22:26:44 honeypot-sgp-1 sshd[14626]: Received disconnect from 61.177.173.35 port 47662:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:27:43.423Z","@version":"1","message":"Sep 14 22:27:42 honeypot-sgp-1 sshd[14632]: Invalid user lxs from 62.84.124.238 port 40526","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:29:03.457Z","@version":"1","message":"Sep 14 22:29:03 honeypot-sgp-1 sshd[14636]: Invalid user lhd from 180.130.116.221 port 58042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:29:45.476Z","@version":"1","message":"Sep 14 22:29:45 honeypot-sgp-1 sshd[14641]: Disconnected from authenticating user root 89.203.192.113 port 32878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:30:46.503Z","@version":"1","message":"Sep 14 22:30:45 honeypot-sgp-1 kernel: [84070753.954745] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.141.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=24172 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:32:12.540Z","@version":"1","message":"Sep 14 22:32:11 honeypot-sgp-1 sshd[14649]: Received disconnect from 43.132.253.90 port 53590:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:33:48.580Z","@version":"1","message":"Sep 14 22:33:47 honeypot-sgp-1 sshd[14655]: Invalid user database from 217.13.211.152 port 41522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:33:57 honeypot-ams-1 sshd[25889]: Invalid user tomcat from 193.106.191.157 port 49694","@timestamp":"2022-09-14T22:33:58.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:35:36 honeypot-fra-1 sshd[10569]: Received disconnect from 92.255.85.70 port 28052:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:35:36.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:37:16.663Z","@version":"1","message":"Sep 14 22:37:16 honeypot-sgp-1 sshd[14661]: Did not receive identification string from 141.255.162.226 port 40128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:26.668Z","@version":"1","message":"Sep 14 22:37:26 honeypot-sgp-1 sshd[14664]: Disconnected from invalid user user 141.255.162.226 port 60730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:37:30.670Z","@version":"1","message":"Sep 14 22:37:30 honeypot-sgp-1 sshd[14668]: Disconnected from invalid user user 141.255.162.226 port 48064 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:37:48 honeypot-ams-1 sshd[25893]: Received disconnect from 92.255.85.70 port 34596:11: Bye Bye [preauth]","@timestamp":"2022-09-14T22:37:49.187Z"}
{"@timestamp":"2022-09-14T22:37:51.680Z","@version":"1","message":"Sep 14 22:37:51 honeypot-sgp-1 sshd[14674]: Received disconnect from 117.202.18.5 port 44372:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:39:57 honeypot-fra-1 sshd[10574]: Invalid user fei from 164.92.210.129 port 45878","@timestamp":"2022-09-14T22:39:57.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T22:41:11.762Z","@version":"1","message":"Sep 14 22:41:11 honeypot-sgp-1 kernel: [84071379.661704] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=13709 PROTO=TCP SPT=12685 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:41:43 honeypot-fra-1 kernel: [84069722.167210] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=88.214.43.215 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=38493 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:41:43.572Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:41:51 honeypot-ams-1 sshd[25902]: Received disconnect from 61.177.172.104 port 36948:11:  [preauth]","@timestamp":"2022-09-14T22:41:52.294Z"}
{"@timestamp":"2022-09-14T22:47:30.915Z","@version":"1","message":"Sep 14 22:47:30 honeypot-sgp-1 sshd[14683]: Received disconnect from 61.177.172.114 port 36643:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:49:02 honeypot-fra-1 kernel: [84070161.813185] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39042 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:49:03.738Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:49:38 honeypot-ams-1 sshd[25909]: Did not receive identification string from 179.43.156.143 port 34688","@timestamp":"2022-09-14T22:49:39.494Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:50:57 honeypot-ams-1 sshd[25918]: Disconnected from authenticating user root 61.177.173.49 port 52986 [preauth]","@timestamp":"2022-09-14T22:50:57.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:52:24 honeypot-ams-1 sshd[25924]: Disconnected from authenticating user root 179.43.156.143 port 39724 [preauth]","@timestamp":"2022-09-14T22:52:24.570Z"}
{"@timestamp":"2022-09-14T22:53:24.059Z","@version":"1","message":"Sep 14 22:53:23 honeypot-sgp-1 kernel: [84072111.396988] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60231 PROTO=TCP SPT=55929 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:53:30 honeypot-ams-1 kernel: [84072592.866998] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47305 PROTO=TCP SPT=55929 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:53:30.602Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:53:44 honeypot-fra-1 sshd[10588]: Did not receive identification string from 198.98.61.9 port 33364","@timestamp":"2022-09-14T22:53:45.844Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:54:18 honeypot-ams-1 sshd[25933]: Received disconnect from 179.43.156.143 port 57452:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T22:54:18.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:29 honeypot-fra-1 sshd[10591]: Disconnected from invalid user user 198.98.61.9 port 45902 [preauth]","@timestamp":"2022-09-14T22:54:29.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:54:48 honeypot-fra-1 sshd[10595]: Disconnected from invalid user user 198.98.61.9 port 39820 [preauth]","@timestamp":"2022-09-14T22:54:48.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:55:04 honeypot-fra-1 sshd[10599]: Disconnected from invalid user user 198.98.61.9 port 33714 [preauth]","@timestamp":"2022-09-14T22:55:04.878Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:55:11 honeypot-ams-1 sshd[25937]: Received disconnect from 61.177.173.47 port 41086:11:  [preauth]","@timestamp":"2022-09-14T22:55:12.648Z"}
{"@timestamp":"2022-09-14T22:55:26.108Z","@version":"1","message":"Sep 14 22:55:25 honeypot-sgp-1 sshd[14695]: Invalid user kernoops from 123.120.1.239 port 57338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T22:56:27.134Z","@version":"1","message":"Sep 14 22:56:26 honeypot-sgp-1 sshd[14698]: Disconnected from authenticating user root 92.255.85.70 port 30816 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 22:56:34 honeypot-ams-1 kernel: [84072776.713132] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47337 PROTO=TCP SPT=29265 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T22:56:34.685Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 22:58:18 honeypot-ams-1 sshd[25948]: Disconnected from authenticating user root 179.43.156.143 port 36408 [preauth]","@timestamp":"2022-09-14T22:58:18.733Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 22:58:51 honeypot-fra-1 sshd[10604]: Disconnected from authenticating user root 92.255.85.70 port 52096 [preauth]","@timestamp":"2022-09-14T22:58:51.979Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:00:54.242Z","@version":"1","message":"Sep 14 23:00:53 honeypot-sgp-1 sshd[14704]: Invalid user centos from 179.60.147.69 port 10522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:01:05 honeypot-ams-1 sshd[25955]: Received disconnect from 92.255.85.69 port 38424:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:01:05.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:02:25 honeypot-fra-1 sshd[10609]: Connection closed by invalid user centos 179.60.147.69 port 24686 [preauth]","@timestamp":"2022-09-14T23:02:26.061Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:05:07 honeypot-ams-1 sshd[25959]: Connection closed by invalid user centos 179.60.147.69 port 65240 [preauth]","@timestamp":"2022-09-14T23:05:08.917Z"}
{"@timestamp":"2022-09-14T23:10:03.458Z","@version":"1","message":"Sep 14 23:10:03 honeypot-sgp-1 kernel: [84073111.402504] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.203.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41460 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:10:10 honeypot-ams-1 sshd[25969]: Received disconnect from 46.19.141.122 port 60418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:10:11.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:12:11 honeypot-ams-1 sshd[25973]: Invalid user admin from 46.19.141.122 port 34228","@timestamp":"2022-09-14T23:12:12.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:00 honeypot-ams-1 sshd[25978]: Received disconnect from 46.19.141.122 port 35734:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:14:01.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:14:49 honeypot-ams-1 sshd[25982]: Received disconnect from 46.19.141.122 port 36716:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:14:50.174Z"}
{"@timestamp":"2022-09-14T23:16:39.617Z","@version":"1","message":"Sep 14 23:16:38 honeypot-sgp-1 sshd[14716]: Received disconnect from 178.128.28.51 port 32850:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:17:08 honeypot-fra-1 kernel: [84071847.323358] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=68.183.81.55 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x20 TTL=118 ID=20276 DF PROTO=TCP SPT=56035 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-14T23:17:09.385Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-14T23:17:58.651Z","@version":"1","message":"Sep 14 23:17:58 honeypot-sgp-1 sshd[14721]: Disconnected from authenticating user root 40.115.18.231 port 49452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:42 honeypot-fra-1 sshd[10623]: Received disconnect from 45.61.186.169 port 55076:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:18:43.423Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:18:53 honeypot-ams-1 kernel: [84074116.578446] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.194.168 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51789 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:18:54.280Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:18:59 honeypot-fra-1 sshd[10627]: Received disconnect from 45.61.186.169 port 49758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:19:00.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:15 honeypot-fra-1 sshd[10631]: Received disconnect from 45.61.186.169 port 44412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:19:16.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:19:31 honeypot-fra-1 sshd[10635]: Received disconnect from 45.61.186.169 port 39086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:19:31.447Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:20:24.711Z","@version":"1","message":"Sep 14 23:20:24 honeypot-sgp-1 sshd[14729]: Invalid user admin from 51.15.225.183 port 37808","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:20:59.725Z","@version":"1","message":"Sep 14 23:20:59 honeypot-sgp-1 sshd[14732]: Disconnected from invalid user user 45.61.186.169 port 47682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:17.735Z","@version":"1","message":"Sep 14 23:21:16 honeypot-sgp-1 sshd[14736]: Disconnected from invalid user user 45.61.186.169 port 42218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:33.743Z","@version":"1","message":"Sep 14 23:21:33 honeypot-sgp-1 sshd[14743]: Invalid user user from 45.61.186.169 port 36770","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:21:41.746Z","@version":"1","message":"Sep 14 23:21:41 honeypot-sgp-1 sshd[14746]: Received disconnect from 45.61.186.169 port 48144:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:22:35.769Z","@version":"1","message":"Sep 14 23:22:35 honeypot-sgp-1 sshd[14751]: Disconnected from authenticating user root 143.244.158.100 port 54284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:23:53 honeypot-ams-1 sshd[25994]: Disconnected from authenticating user root 61.177.173.39 port 11869 [preauth]","@timestamp":"2022-09-14T23:23:54.409Z"}
{"@timestamp":"2022-09-14T23:25:28.839Z","@version":"1","message":"Sep 14 23:25:28 honeypot-sgp-1 sshd[14758]: Disconnected from authenticating user root 143.244.158.100 port 37574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:27:21.887Z","@version":"1","message":"Sep 14 23:27:20 honeypot-sgp-1 sshd[14764]: Disconnected from authenticating user root 143.244.158.100 port 48270 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:29:18.935Z","@version":"1","message":"Sep 14 23:29:18 honeypot-sgp-1 sshd[14768]: Disconnected from authenticating user root 143.244.158.100 port 60526 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:29:36 honeypot-ams-1 sshd[26001]: Received disconnect from 20.187.88.167 port 40236:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:29:37.558Z"}
{"@timestamp":"2022-09-14T23:30:17.962Z","@version":"1","message":"Sep 14 23:30:17 honeypot-sgp-1 sshd[14774]: Disconnected from authenticating user root 143.244.158.100 port 50586 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:31:44.999Z","@version":"1","message":"Sep 14 23:31:44 honeypot-sgp-1 kernel: [84074412.427126] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.142 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=7550 PROTO=TCP SPT=50659 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:34:16.062Z","@version":"1","message":"Sep 14 23:34:15 honeypot-sgp-1 sshd[14785]: Disconnected from authenticating user root 143.244.158.100 port 35368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:36:20.112Z","@version":"1","message":"Sep 14 23:36:19 honeypot-sgp-1 sshd[14792]: Disconnected from authenticating user root 61.177.173.35 port 28406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:36:39 honeypot-ams-1 sshd[26008]: Invalid user booking from 94.159.31.10 port 54265","@timestamp":"2022-09-14T23:36:39.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:37:24 honeypot-ams-1 sshd[26010]: Disconnected from authenticating user root 61.177.173.48 port 16909 [preauth]","@timestamp":"2022-09-14T23:37:25.763Z"}
{"@timestamp":"2022-09-14T23:39:03.303Z","@version":"1","message":"Sep 14 23:39:02 honeypot-sgp-1 sshd[14798]: Disconnected from authenticating user root 143.244.158.100 port 37920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:42:07.377Z","@version":"1","message":"Sep 14 23:42:06 honeypot-sgp-1 sshd[14808]: Received disconnect from 143.244.158.100 port 53776:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:43:04.402Z","@version":"1","message":"Sep 14 23:43:03 honeypot-sgp-1 sshd[14812]: Disconnected from authenticating user root 143.244.158.100 port 55722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:43:09 honeypot-fra-1 sshd[10643]: Received disconnect from 165.22.45.108 port 56322:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:43:09.966Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:44:54.447Z","@version":"1","message":"Sep 14 23:44:53 honeypot-sgp-1 sshd[14818]: Disconnected from authenticating user root 143.244.158.100 port 54546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:45:19 honeypot-ams-1 kernel: [84075702.002054] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.194.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60093 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:45:19.969Z"}
{"@timestamp":"2022-09-14T23:46:47.493Z","@version":"1","message":"Sep 14 23:46:46 honeypot-sgp-1 sshd[14824]: Received disconnect from 143.244.158.100 port 37456:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:47:34 honeypot-ams-1 sshd[26024]: Disconnected from authenticating user root 61.177.173.52 port 44395 [preauth]","@timestamp":"2022-09-14T23:47:35.037Z"}
{"@timestamp":"2022-09-14T23:48:47.542Z","@version":"1","message":"Sep 14 23:48:47 honeypot-sgp-1 sshd[14831]: Invalid user boxer from 138.2.245.103 port 41972","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-14T23:50:35.585Z","@version":"1","message":"Sep 14 23:50:35 honeypot-sgp-1 sshd[14839]: Disconnected from authenticating user root 143.244.158.100 port 54622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:51:09 honeypot-ams-1 sshd[26031]: Disconnected from authenticating user root 61.177.173.36 port 19107 [preauth]","@timestamp":"2022-09-14T23:51:10.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:52:08 honeypot-ams-1 sshd[26037]: Received disconnect from 222.253.43.62 port 63195:11: Bye Bye [preauth]","@timestamp":"2022-09-14T23:52:09.163Z"}
{"@timestamp":"2022-09-14T23:53:21.651Z","@version":"1","message":"Sep 14 23:53:21 honeypot-sgp-1 sshd[14846]: Disconnected from authenticating user root 143.244.158.100 port 54406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:53:41 honeypot-ams-1 sshd[26045]: Did not receive identification string from 45.61.186.249 port 40618","@timestamp":"2022-09-14T23:53:42.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:04 honeypot-ams-1 sshd[26050]: Invalid user user from 45.61.186.249 port 53144","@timestamp":"2022-09-14T23:54:05.221Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:21 honeypot-ams-1 sshd[26054]: Invalid user user from 45.61.186.249 port 48282","@timestamp":"2022-09-14T23:54:22.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 14 23:54:39 honeypot-ams-1 sshd[26058]: Invalid user user from 45.61.186.249 port 43366","@timestamp":"2022-09-14T23:54:40.239Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 14 23:55:02 honeypot-ams-1 kernel: [84076285.482696] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.54.184.91 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=50955 PROTO=TCP SPT=38791 DPT=80 WINDOW=227 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-14T23:55:03.252Z"}
{"@timestamp":"2022-09-14T23:55:07.695Z","@version":"1","message":"Sep 14 23:55:07 honeypot-sgp-1 sshd[14852]: Disconnected from authenticating user root 143.244.158.100 port 60734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:57:16 honeypot-fra-1 sshd[10650]: Invalid user user from 103.188.176.251 port 50724","@timestamp":"2022-09-14T23:57:17.286Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:57:51.761Z","@version":"1","message":"Sep 14 23:57:51 honeypot-sgp-1 sshd[14859]: Disconnected from authenticating user root 143.244.158.100 port 42796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:05 honeypot-fra-1 sshd[10653]: Received disconnect from 45.61.186.169 port 37192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:59:06.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:24 honeypot-fra-1 sshd[10657]: Received disconnect from 45.61.186.169 port 60226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:59:24.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:40 honeypot-fra-1 sshd[10661]: Received disconnect from 45.61.186.169 port 55040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:59:40.347Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-14T23:59:50.810Z","@version":"1","message":"Sep 14 23:59:50 honeypot-sgp-1 sshd[14866]: Disconnected from authenticating user root 143.244.158.100 port 34894 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 14 23:59:56 honeypot-fra-1 sshd[10665]: Received disconnect from 45.61.186.169 port 49842:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-14T23:59:57.355Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:02:52.884Z","@version":"1","message":"Sep 15 00:02:52 honeypot-sgp-1 sshd[14872]: Received disconnect from 143.244.158.100 port 57260:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:04:27 honeypot-ams-1 kernel: [84076850.343411] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=16021 PROTO=TCP SPT=28352 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:04:28.500Z"}
{"@timestamp":"2022-09-15T00:04:43.930Z","@version":"1","message":"Sep 15 00:04:43 honeypot-sgp-1 sshd[14879]: Received disconnect from 143.244.158.100 port 33590:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:06:46.982Z","@version":"1","message":"Sep 15 00:06:46 honeypot-sgp-1 kernel: [84076514.771157] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.83 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=28523 PROTO=TCP SPT=44029 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:08:49.031Z","@version":"1","message":"Sep 15 00:08:48 honeypot-sgp-1 sshd[14889]: Disconnected from authenticating user root 143.244.158.100 port 36886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:10:48.077Z","@version":"1","message":"Sep 15 00:10:47 honeypot-sgp-1 sshd[14896]: Disconnected from authenticating user root 143.244.158.100 port 57074 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:11:32 honeypot-ams-1 sshd[26073]: Received disconnect from 92.255.85.70 port 51132:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:11:32.686Z"}
{"@timestamp":"2022-09-15T00:12:18.114Z","@version":"1","message":"Sep 15 00:12:18 honeypot-sgp-1 kernel: [84076846.063666] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.247.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=47274 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:12:28 honeypot-fra-1 sshd[10670]: Received disconnect from 137.184.100.90 port 40288:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:12:29.639Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T00:13:48.151Z","@version":"1","message":"Sep 15 00:13:47 honeypot-sgp-1 sshd[14908]: Disconnected from authenticating user root 143.244.158.100 port 43290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:15:49 honeypot-fra-1 kernel: [84075368.136413] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.156.73.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=1435 PROTO=TCP SPT=59192 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:15:49.748Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:10 honeypot-ams-1 sshd[26077]: Disconnected from invalid user user 45.61.186.49 port 40434 [preauth]","@timestamp":"2022-09-15T00:16:10.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:16:20 honeypot-ams-1 sshd[26081]: Disconnected from invalid user user 45.61.186.49 port 52028 [preauth]","@timestamp":"2022-09-15T00:16:21.816Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:18:48 honeypot-ams-1 kernel: [84077710.923886] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.173 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=50775 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:18:48.883Z"}
{"@timestamp":"2022-09-15T00:19:53.295Z","@version":"1","message":"Sep 15 00:19:52 honeypot-sgp-1 sshd[14918]: Invalid user samba from 103.188.176.251 port 56644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:22:09.350Z","@version":"1","message":"Sep 15 00:22:08 honeypot-sgp-1 sshd[14925]: Disconnected from invalid user lias 64.227.185.119 port 38110 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:32 honeypot-ams-1 sshd[26094]: Disconnected from invalid user user 141.255.162.226 port 42884 [preauth]","@timestamp":"2022-09-15T00:22:32.984Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:37 honeypot-ams-1 sshd[26098]: Disconnected from invalid user user 141.255.162.226 port 51308 [preauth]","@timestamp":"2022-09-15T00:22:37.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:22:39 honeypot-ams-1 sshd[26101]: Disconnected from invalid user user 141.255.162.226 port 59734 [preauth]","@timestamp":"2022-09-15T00:22:39.989Z"}
{"@timestamp":"2022-09-15T00:23:40.387Z","@version":"1","message":"Sep 15 00:23:39 honeypot-sgp-1 sshd[14929]: Disconnected from invalid user sam 96.78.175.36 port 40430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:26:18.453Z","@version":"1","message":"Sep 15 00:26:17 honeypot-sgp-1 kernel: [84077685.913724] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=34764 PROTO=TCP SPT=55978 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:26:29 honeypot-fra-1 sshd[10685]: Received disconnect from 222.113.84.214 port 45126:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:26:29.985Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:27:21 honeypot-ams-1 sshd[26108]: Received disconnect from 61.177.173.37 port 49950:11:  [preauth]","@timestamp":"2022-09-15T00:27:22.114Z"}
{"@timestamp":"2022-09-15T00:30:53.562Z","@version":"1","message":"Sep 15 00:30:52 honeypot-sgp-1 sshd[14940]: Disconnected from authenticating user root 61.177.173.36 port 59279 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 00:33:09 honeypot-ams-1 kernel: [84078571.806017] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=33023 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:33:09.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:33:37 honeypot-fra-1 sshd[10690]: Disconnected from invalid user admin 181.48.60.50 port 52276 [preauth]","@timestamp":"2022-09-15T00:33:38.150Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:36:29 honeypot-ams-1 sshd[26120]: Received disconnect from 159.65.129.227 port 32918:11: Bye Bye [preauth]","@timestamp":"2022-09-15T00:36:30.357Z"}
{"@timestamp":"2022-09-15T00:38:43.750Z","@version":"1","message":"Sep 15 00:38:43 honeypot-sgp-1 kernel: [84078431.487367] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=164.52.24.190 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46748 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:39:43 honeypot-ams-1 sshd[26126]: Invalid user colord from 13.83.41.0 port 35150","@timestamp":"2022-09-15T00:39:43.443Z"}
{"@timestamp":"2022-09-15T00:43:12.857Z","@version":"1","message":"Sep 15 00:43:11 honeypot-sgp-1 sshd[14950]: Connection closed by invalid user admin 128.199.168.83 port 48552 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T00:43:12.857Z","@version":"1","message":"Sep 15 00:43:12 honeypot-sgp-1 sshd[14956]: Connection closed by invalid user admin 128.199.168.83 port 48572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:44:00 honeypot-fra-1 kernel: [84077059.338695] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.169 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=55360 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T00:44:01.395Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T00:45:42.919Z","@version":"1","message":"Sep 15 00:45:42 honeypot-sgp-1 sshd[14963]: Disconnected from authenticating user root 203.218.247.74 port 45038 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:46:50 honeypot-ams-1 sshd[26131]: Received disconnect from 61.177.173.36 port 44229:11:  [preauth]","@timestamp":"2022-09-15T00:46:50.643Z"}
{"@timestamp":"2022-09-15T00:53:09.112Z","@version":"1","message":"Sep 15 00:53:08 honeypot-sgp-1 sshd[14971]: Disconnected from authenticating user root 92.255.85.69 port 45962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:53:35 honeypot-ams-1 sshd[26136]: Disconnected from authenticating user root 61.177.173.37 port 62901 [preauth]","@timestamp":"2022-09-15T00:53:35.822Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 00:55:57 honeypot-fra-1 sshd[10701]: Disconnected from authenticating user root 92.255.85.70 port 39300 [preauth]","@timestamp":"2022-09-15T00:55:57.672Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 00:59:22 honeypot-ams-1 sshd[26145]: Disconnected from authenticating user root 61.177.173.53 port 23148 [preauth]","@timestamp":"2022-09-15T00:59:22.974Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:00:17 honeypot-fra-1 sshd[10707]: Invalid user tomcat from 193.106.191.157 port 51104","@timestamp":"2022-09-15T01:00:17.777Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:08:20 honeypot-ams-1 sshd[26149]: Received disconnect from 143.110.236.239 port 60374:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:08:21.213Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:24 honeypot-fra-1 sshd[10712]: Received disconnect from 45.61.186.169 port 57588:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:10:25.102Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:10:32.555Z","@version":"1","message":"Sep 15 01:10:31 honeypot-sgp-1 sshd[14982]: Connection closed by invalid user guest 179.60.147.69 port 54516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:10:35 honeypot-ams-1 sshd[26154]: Disconnected from invalid user paraccel 218.60.104.104 port 38660 [preauth]","@timestamp":"2022-09-15T01:10:35.273Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:41 honeypot-fra-1 sshd[10716]: Invalid user user from 45.61.186.169 port 52232","@timestamp":"2022-09-15T01:10:42.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:10:57 honeypot-fra-1 sshd[10721]: Invalid user user from 45.61.186.169 port 46870","@timestamp":"2022-09-15T01:10:58.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:11:13 honeypot-fra-1 sshd[10725]: Invalid user user from 45.61.186.169 port 41520","@timestamp":"2022-09-15T01:11:14.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:17:01 honeypot-fra-1 CRON[10732]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T01:17:02.255Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:17:01 honeypot-ams-1 CRON[26166]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T01:17:02.443Z"}
{"@timestamp":"2022-09-15T01:17:02.710Z","@version":"1","message":"Sep 15 01:17:01 honeypot-sgp-1 CRON[14991]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:19:55.780Z","@version":"1","message":"Sep 15 01:19:55 honeypot-sgp-1 sshd[14998]: Invalid user long from 113.203.237.139 port 54270","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T01:20:51.805Z","@version":"1","message":"Sep 15 01:20:51 honeypot-sgp-1 sshd[15000]: Disconnected from authenticating user root 105.174.43.194 port 34535 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:30:43 honeypot-fra-1 kernel: [84079862.161588] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.97.247.109 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=15724 DF PROTO=TCP SPT=58417 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:30:43.569Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:06 honeypot-fra-1 sshd[10757]: Disconnected from invalid user user 45.61.184.204 port 51202 [preauth]","@timestamp":"2022-09-15T01:31:07.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:24 honeypot-fra-1 sshd[10761]: Disconnected from invalid user user 45.61.184.204 port 46746 [preauth]","@timestamp":"2022-09-15T01:31:25.590Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:31:28 honeypot-ams-1 sshd[26183]: Received disconnect from 152.67.45.125 port 44544:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:31:28.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:31:43 honeypot-fra-1 sshd[10768]: Disconnected from invalid user user 45.61.184.204 port 42278 [preauth]","@timestamp":"2022-09-15T01:31:44.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:35:29 honeypot-ams-1 sshd[26187]: Received disconnect from 43.134.40.253 port 46796:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:35:29.926Z"}
{"@timestamp":"2022-09-15T01:35:57.163Z","@version":"1","message":"Sep 15 01:35:56 honeypot-sgp-1 sshd[15028]: Invalid user admin from 183.107.195.8 port 56588","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:36:50 honeypot-fra-1 sshd[10778]: Received disconnect from 188.254.0.2 port 43718:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:36:50.716Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:37:50 honeypot-ams-1 sshd[26194]: Received disconnect from 161.35.113.79 port 41762:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:37:50.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:39:24 honeypot-fra-1 sshd[10793]: Invalid user  from 152.32.154.27 port 56846","@timestamp":"2022-09-15T01:39:24.776Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:41:27.295Z","@version":"1","message":"Sep 15 01:41:27 honeypot-sgp-1 kernel: [84082194.908136] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.136 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=45128 PROTO=TCP SPT=36665 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:42:59 honeypot-fra-1 sshd[10800]: Received disconnect from 92.255.85.69 port 61648:11: Bye Bye [preauth]","@timestamp":"2022-09-15T01:42:59.862Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:45:19 honeypot-ams-1 sshd[26201]: Disconnected from authenticating user root 92.255.85.70 port 35954 [preauth]","@timestamp":"2022-09-15T01:45:19.186Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 01:48:01 honeypot-fra-1 sshd[10804]: Invalid user support from 179.60.147.69 port 5046","@timestamp":"2022-09-15T01:48:01.981Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T01:48:45.470Z","@version":"1","message":"Sep 15 01:48:44 honeypot-sgp-1 kernel: [84082632.786111] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.47 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44459 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:21 honeypot-ams-1 sshd[26209]: Received disconnect from 141.255.162.226 port 56178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:50:21.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:23 honeypot-ams-1 sshd[26213]: Received disconnect from 141.255.162.226 port 53084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:50:24.320Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:25 honeypot-ams-1 sshd[26217]: Received disconnect from 141.255.162.226 port 33234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:50:26.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 01:50:30 honeypot-ams-1 sshd[26221]: Received disconnect from 141.255.162.226 port 41608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T01:50:31.325Z"}
{"@timestamp":"2022-09-15T01:55:55.641Z","@version":"1","message":"Sep 15 01:55:54 honeypot-sgp-1 sshd[15043]: Disconnected from invalid user kumari 202.83.18.224 port 53094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 01:56:59 honeypot-ams-1 kernel: [84083602.507304] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.82.147.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=28752 PROTO=TCP SPT=45096 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T01:57:00.498Z"}
{"@timestamp":"2022-09-15T01:59:43.735Z","@version":"1","message":"Sep 15 01:59:43 honeypot-sgp-1 sshd[15052]: Received disconnect from 118.70.180.174 port 35353:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:03:39.833Z","@version":"1","message":"Sep 15 02:03:38 honeypot-sgp-1 sshd[15056]: Received disconnect from 92.255.85.69 port 18476:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:03:44 honeypot-fra-1 sshd[10810]: Invalid user webmail from 190.128.230.98 port 35494","@timestamp":"2022-09-15T02:03:44.337Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:06:01 honeypot-fra-1 sshd[10816]: Invalid user gy from 192.3.253.15 port 33442","@timestamp":"2022-09-15T02:06:01.409Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T02:08:21.966Z","@version":"1","message":"Sep 15 02:08:21 honeypot-sgp-1 sshd[15064]: Disconnected from authenticating user root 23.83.239.130 port 55972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:08:31 honeypot-ams-1 sshd[26237]: Disconnected from authenticating user root 92.255.85.69 port 38440 [preauth]","@timestamp":"2022-09-15T02:08:31.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26245]: Received disconnect from 89.163.142.195 port 53622:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:14.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:14 honeypot-ams-1 sshd[26249]: error: maximum authentication attempts exceeded for invalid user admin from 89.163.142.195 port 53628 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26253]: error: maximum authentication attempts exceeded for invalid user oracle from 89.163.142.195 port 53632 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:15.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:15 honeypot-ams-1 sshd[26257]: Received disconnect from 89.163.142.195 port 53638:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26261]: error: maximum authentication attempts exceeded for invalid user usuario from 89.163.142.195 port 53642 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:16 honeypot-ams-1 sshd[26265]: error: maximum authentication attempts exceeded for invalid user test from 89.163.142.195 port 53646 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:16.872Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26269]: Received disconnect from 89.163.142.195 port 53656:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:17 honeypot-ams-1 sshd[26273]: error: maximum authentication attempts exceeded for invalid user user from 89.163.142.195 port 53660 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:17.873Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26277]: error: maximum authentication attempts exceeded for invalid user ftpuser from 89.163.142.195 port 53666 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:18 honeypot-ams-1 sshd[26281]: Received disconnect from 89.163.142.195 port 53670:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:18.874Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26285]: error: maximum authentication attempts exceeded for invalid user test1 from 89.163.142.195 port 53676 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26289]: error: maximum authentication attempts exceeded for invalid user test2 from 89.163.142.195 port 53680 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:19 honeypot-ams-1 sshd[26293]: Received disconnect from 89.163.142.195 port 53688:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26297]: error: maximum authentication attempts exceeded for invalid user ubuntu from 89.163.142.195 port 53692 ssh2 [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:20 honeypot-ams-1 sshd[26301]: Received disconnect from 89.163.142.195 port 53698:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:20.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:21 honeypot-ams-1 sshd[26305]: Received disconnect from 89.163.142.195 port 53702:11: disconnected by user [preauth]","@timestamp":"2022-09-15T02:11:21.877Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:11:50 honeypot-ams-1 sshd[26310]: Received disconnect from 193.142.146.50 port 40548:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:11:50.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:12:13 honeypot-ams-1 sshd[26314]: Disconnected from authenticating user root 193.142.146.50 port 47412 [preauth]","@timestamp":"2022-09-15T02:12:13.905Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:12:54 honeypot-fra-1 kernel: [84082392.601003] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=181.214.231.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=1462 PROTO=TCP SPT=46167 DPT=443 WINDOW=43184 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:12:54.567Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:13:54 honeypot-ams-1 sshd[26321]: Received disconnect from 193.142.146.50 port 32908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:13:54.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:15:30 honeypot-ams-1 sshd[26327]: Received disconnect from 193.142.146.50 port 46634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:15:30.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:15:57 honeypot-ams-1 sshd[26331]: Received disconnect from 193.142.146.50 port 53498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T02:15:58.010Z"}
{"@timestamp":"2022-09-15T02:16:30.166Z","@version":"1","message":"Sep 15 02:16:29 honeypot-sgp-1 sshd[15069]: Disconnected from authenticating user root 61.177.173.51 port 18796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:07 honeypot-ams-1 sshd[26341]: Disconnected from authenticating user root 43.225.158.223 port 60469 [preauth]","@timestamp":"2022-09-15T02:18:08.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:16 honeypot-ams-1 sshd[26345]: Disconnected from invalid user user 141.255.162.226 port 54952 [preauth]","@timestamp":"2022-09-15T02:18:17.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:20 honeypot-ams-1 sshd[26349]: Disconnected from invalid user user 141.255.162.226 port 43256 [preauth]","@timestamp":"2022-09-15T02:18:21.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:18:24 honeypot-ams-1 sshd[26353]: Disconnected from invalid user user 141.255.162.226 port 59798 [preauth]","@timestamp":"2022-09-15T02:18:25.080Z"}
{"@timestamp":"2022-09-15T02:20:06.258Z","@version":"1","message":"Sep 15 02:20:05 honeypot-sgp-1 sshd[15075]: Disconnected from authenticating user root 61.177.173.36 port 18104 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:20:17 honeypot-fra-1 sshd[10844]: Disconnected from invalid user la 165.22.45.108 port 43240 [preauth]","@timestamp":"2022-09-15T02:20:18.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:26:07 honeypot-fra-1 kernel: [84083185.746145] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=176.111.173.99 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=15294 DF PROTO=TCP SPT=2333 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T02:26:07.870Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T02:26:33.418Z","@version":"1","message":"Sep 15 02:26:32 honeypot-sgp-1 sshd[15083]: Received disconnect from 92.255.85.70 port 30272:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:26:40 honeypot-ams-1 sshd[26364]: Invalid user support from 179.60.147.69 port 63392","@timestamp":"2022-09-15T02:26:40.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:27:58 honeypot-ams-1 sshd[26370]: Received disconnect from 43.129.237.211 port 39546:11: Bye Bye [preauth]","@timestamp":"2022-09-15T02:27:59.333Z"}
{"@timestamp":"2022-09-15T02:30:29.516Z","@version":"1","message":"Sep 15 02:30:29 honeypot-sgp-1 kernel: [84085137.193716] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=419 PROTO=TCP SPT=49002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:30:35 honeypot-fra-1 kernel: [84083453.736056] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=49073 PROTO=TCP SPT=49002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:30:35.974Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:31:47 honeypot-ams-1 sshd[26375]: Disconnected from authenticating user root 203.106.164.74 port 48564 [preauth]","@timestamp":"2022-09-15T02:31:48.436Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:33:12 honeypot-ams-1 sshd[26382]: Received disconnect from 61.177.173.39 port 63089:11:  [preauth]","@timestamp":"2022-09-15T02:33:12.477Z"}
{"@timestamp":"2022-09-15T02:34:38.618Z","@version":"1","message":"Sep 15 02:34:38 honeypot-sgp-1 sshd[15092]: Invalid user medeia from 103.99.203.103 port 33116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T02:39:17.732Z","@version":"1","message":"Sep 15 02:39:17 honeypot-sgp-1 sshd[15096]: Disconnected from authenticating user root 61.177.172.114 port 42225 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:44:39 honeypot-ams-1 sshd[26391]: Disconnected from authenticating user root 61.177.173.48 port 16112 [preauth]","@timestamp":"2022-09-15T02:44:39.771Z"}
{"@timestamp":"2022-09-15T02:49:24.980Z","@version":"1","message":"Sep 15 02:49:24 honeypot-sgp-1 sshd[15105]: Received disconnect from 61.177.172.104 port 63805:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:51:53 honeypot-fra-1 kernel: [84084731.910773] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.224.186.219 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=60489 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:51:54.452Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:12 honeypot-ams-1 sshd[26405]: Invalid user user from 45.61.184.204 port 46464","@timestamp":"2022-09-15T02:52:12.971Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:31 honeypot-ams-1 sshd[26409]: Invalid user user from 45.61.184.204 port 40894","@timestamp":"2022-09-15T02:52:32.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:52:51 honeypot-ams-1 sshd[26413]: Invalid user user from 45.61.184.204 port 35318","@timestamp":"2022-09-15T02:52:51.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 02:53:07 honeypot-ams-1 sshd[26417]: Invalid user user from 45.61.184.204 port 57974","@timestamp":"2022-09-15T02:53:08.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 02:55:51 honeypot-fra-1 sshd[10860]: Disconnected from invalid user kernelsys 103.127.224.6 port 50274 [preauth]","@timestamp":"2022-09-15T02:55:51.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 02:56:23 honeypot-ams-1 kernel: [84087165.646083] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=49103 PROTO=TCP SPT=45856 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T02:56:24.088Z"}
{"@timestamp":"2022-09-15T02:56:32.155Z","@version":"1","message":"Sep 15 02:56:31 honeypot-sgp-1 kernel: [84086699.590158] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.144.135.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=16856 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:02:57 honeypot-ams-1 sshd[26431]: Connection closed by authenticating user root 179.60.147.69 port 31852 [preauth]","@timestamp":"2022-09-15T03:02:58.259Z"}
{"@timestamp":"2022-09-15T03:04:22.352Z","@version":"1","message":"Sep 15 03:04:22 honeypot-sgp-1 sshd[15121]: Disconnected from authenticating user root 61.177.173.49 port 29991 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:06:49 honeypot-ams-1 sshd[26435]: Disconnected from invalid user wy 5.195.211.234 port 41226 [preauth]","@timestamp":"2022-09-15T03:06:50.360Z"}
{"@timestamp":"2022-09-15T03:11:58.544Z","@version":"1","message":"Sep 15 03:11:57 honeypot-sgp-1 sshd[15126]: Received disconnect from 61.177.172.90 port 10081:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:12:26 honeypot-ams-1 sshd[26442]: Received disconnect from 177.93.51.98 port 54120:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:12:26.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:12:32 honeypot-fra-1 sshd[10868]: Received disconnect from 165.22.45.108 port 48284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:12:32.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:13:58.597Z","@version":"1","message":"Sep 15 03:13:58 honeypot-sgp-1 kernel: [84087746.008927] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.203.56.0 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46178 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10873]: Invalid user guest from 160.86.90.2 port 46416","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10872]: Connection closed by invalid user nexus 160.86.90.2 port 46170 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:43 honeypot-fra-1 sshd[10879]: Connection closed by invalid user testuser 160.86.90.2 port 46306 [preauth]","@timestamp":"2022-09-15T03:15:43.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:44 honeypot-fra-1 sshd[10889]: Invalid user ubuntu from 160.86.90.2 port 46360","@timestamp":"2022-09-15T03:15:44.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10899]: Invalid user devops from 160.86.90.2 port 46138","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:15:46 honeypot-fra-1 sshd[10899]: Connection closed by invalid user devops 160.86.90.2 port 46138 [preauth]","@timestamp":"2022-09-15T03:15:46.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:16:19 honeypot-fra-1 sshd[10911]: Received disconnect from 92.255.85.69 port 24154:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:16:20.009Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:17:01 honeypot-ams-1 CRON[26449]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T03:17:01.619Z"}
{"@timestamp":"2022-09-15T03:18:20.707Z","@version":"1","message":"Sep 15 03:18:20 honeypot-sgp-1 sshd[15140]: Connection closed by 111.90.147.18 port 56742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:19:37 honeypot-ams-1 sshd[26456]: Received disconnect from 41.169.26.228 port 36656:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:19:38.704Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:21:36 honeypot-fra-1 sshd[10917]: Disconnected from authenticating user root 157.245.122.58 port 40762 [preauth]","@timestamp":"2022-09-15T03:21:36.129Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:32 honeypot-fra-1 sshd[10922]: Received disconnect from 45.61.186.169 port 35210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:22:33.155Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:22:42 honeypot-fra-1 sshd[10926]: Disconnected from invalid user user 45.61.186.169 port 46832 [preauth]","@timestamp":"2022-09-15T03:22:42.159Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:00 honeypot-fra-1 sshd[10930]: Received disconnect from 45.61.186.169 port 41852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:00.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:18 honeypot-fra-1 sshd[10934]: Received disconnect from 45.61.186.169 port 36862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:23:19.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:24 honeypot-fra-1 sshd[10939]: Invalid user user from 141.255.162.226 port 59508","@timestamp":"2022-09-15T03:23:24.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:29 honeypot-fra-1 sshd[10943]: Invalid user user from 141.255.162.226 port 55296","@timestamp":"2022-09-15T03:23:30.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:30 honeypot-fra-1 sshd[10945]: Disconnected from invalid user user 141.255.162.226 port 47290 [preauth]","@timestamp":"2022-09-15T03:23:31.184Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:33 honeypot-fra-1 sshd[10949]: Disconnected from invalid user user 141.255.162.226 port 43074 [preauth]","@timestamp":"2022-09-15T03:23:34.185Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:23:45 honeypot-fra-1 sshd[10955]: Invalid user cvs from 165.227.110.188 port 60622","@timestamp":"2022-09-15T03:23:46.192Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:24:31.864Z","@version":"1","message":"Sep 15 03:24:30 honeypot-sgp-1 sshd[15143]: Disconnected from 61.177.173.53 port 33867 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:24:39 honeypot-fra-1 sshd[10960]: Invalid user tenancy from 157.245.122.58 port 53166","@timestamp":"2022-09-15T03:24:40.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:25:39 honeypot-fra-1 sshd[10964]: Received disconnect from 157.245.122.58 port 38484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T03:25:40.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:26:55 honeypot-fra-1 sshd[10968]: Disconnected from authenticating user root 94.188.177.110 port 58744 [preauth]","@timestamp":"2022-09-15T03:26:56.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:28:21 honeypot-fra-1 sshd[10972]: Disconnected from invalid user cypress 157.245.122.58 port 50846 [preauth]","@timestamp":"2022-09-15T03:28:21.303Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:30:42 honeypot-ams-1 sshd[26462]: Disconnected from authenticating user root 61.177.173.36 port 33130 [preauth]","@timestamp":"2022-09-15T03:30:42.989Z"}
{"@timestamp":"2022-09-15T03:31:20.034Z","@version":"1","message":"Sep 15 03:31:19 honeypot-sgp-1 sshd[15150]: Received disconnect from 61.177.172.114 port 62408:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:34:31.114Z","@version":"1","message":"Sep 15 03:34:30 honeypot-sgp-1 sshd[15155]: Received disconnect from 61.177.173.53 port 54814:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T03:38:35.216Z","@version":"1","message":"Sep 15 03:38:34 honeypot-sgp-1 kernel: [84089222.784055] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.73 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=50027 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:39:58 honeypot-fra-1 sshd[10977]: Disconnected from authenticating user root 92.255.85.70 port 36366 [preauth]","@timestamp":"2022-09-15T03:39:59.565Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:40:54.277Z","@version":"1","message":"Sep 15 03:40:53 honeypot-sgp-1 sshd[15164]: Disconnected from authenticating user root 61.177.173.36 port 16394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:41:54 honeypot-ams-1 sshd[26471]: Received disconnect from 92.255.85.69 port 28790:11: Bye Bye [preauth]","@timestamp":"2022-09-15T03:41:55.268Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 03:43:06 honeypot-fra-1 sshd[10983]: Connection closed by invalid user admin 185.61.92.143 port 34592 [preauth]","@timestamp":"2022-09-15T03:43:06.641Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T03:49:20.484Z","@version":"1","message":"Sep 15 03:49:19 honeypot-sgp-1 sshd[15175]: Received disconnect from 20.126.126.43 port 53180:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:51:42 honeypot-ams-1 sshd[26484]: Did not receive identification string from 198.98.61.9 port 45014","@timestamp":"2022-09-15T03:51:42.518Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:09 honeypot-ams-1 sshd[26487]: Disconnected from invalid user user 198.98.61.9 port 51812 [preauth]","@timestamp":"2022-09-15T03:52:09.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:30 honeypot-ams-1 sshd[26491]: Disconnected from invalid user user 198.98.61.9 port 47140 [preauth]","@timestamp":"2022-09-15T03:52:30.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:52:50 honeypot-ams-1 sshd[26495]: Disconnected from invalid user user 198.98.61.9 port 42464 [preauth]","@timestamp":"2022-09-15T03:52:51.554Z"}
{"@timestamp":"2022-09-15T03:54:07.604Z","@version":"1","message":"Sep 15 03:54:07 honeypot-sgp-1 sshd[15182]: Disconnected from 61.177.172.108 port 43467 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 03:58:41 honeypot-ams-1 sshd[26504]: Invalid user tomcat from 193.106.191.157 port 52626","@timestamp":"2022-09-15T03:58:41.704Z"}
{"@timestamp":"2022-09-15T04:00:47.771Z","@version":"1","message":"Sep 15 04:00:47 honeypot-sgp-1 sshd[15187]: Invalid user admin from 92.255.85.69 port 58764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:02:34 honeypot-ams-1 sshd[26508]: Received disconnect from 157.245.122.58 port 40534:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:02:34.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:03:26 honeypot-fra-1 sshd[10988]: Disconnected from invalid user admin 92.255.85.69 port 26710 [preauth]","@timestamp":"2022-09-15T04:03:27.101Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:04:41 honeypot-ams-1 sshd[26513]: Disconnected from invalid user odoo 157.245.122.58 port 39376 [preauth]","@timestamp":"2022-09-15T04:04:41.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:05:49 honeypot-ams-1 sshd[26517]: Disconnected from invalid user admin 92.255.85.70 port 33346 [preauth]","@timestamp":"2022-09-15T04:05:49.896Z"}
{"@timestamp":"2022-09-15T04:07:37.942Z","@version":"1","message":"Sep 15 04:07:37 honeypot-sgp-1 sshd[15190]: Disconnected from authenticating user root 197.248.95.31 port 45354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:07:38 honeypot-ams-1 sshd[26523]: Disconnected from invalid user jonitwiso 157.245.122.58 port 51774 [preauth]","@timestamp":"2022-09-15T04:07:38.945Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:08:34 honeypot-ams-1 sshd[26527]: Disconnected from invalid user jonitiso 157.245.122.58 port 37080 [preauth]","@timestamp":"2022-09-15T04:08:34.970Z"}
{"@timestamp":"2022-09-15T04:12:07.056Z","@version":"1","message":"Sep 15 04:12:06 honeypot-sgp-1 sshd[15197]: Received disconnect from 193.142.146.50 port 57396:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:12:31.068Z","@version":"1","message":"Sep 15 04:12:30 honeypot-sgp-1 sshd[15201]: Disconnected from authenticating user root 193.142.146.50 port 36052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:14:01.108Z","@version":"1","message":"Sep 15 04:14:00 honeypot-sgp-1 sshd[15208]: Received disconnect from 193.142.146.50 port 60500:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:15:50.155Z","@version":"1","message":"Sep 15 04:15:49 honeypot-sgp-1 sshd[15214]: Invalid user test from 193.142.146.50 port 35368","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T04:17:02.186Z","@version":"1","message":"Sep 15 04:17:01 honeypot-sgp-1 CRON[15218]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:17:01 honeypot-fra-1 CRON[10994]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T04:17:02.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:18:08 honeypot-ams-1 kernel: [84092071.350040] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=84.21.170.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57239 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:18:09.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:32 honeypot-fra-1 sshd[11000]: Received disconnect from 141.255.162.226 port 54470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:21:33.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:38 honeypot-fra-1 sshd[11004]: Received disconnect from 141.255.162.226 port 33706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:21:39.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:21:39 honeypot-fra-1 sshd[11008]: Received disconnect from 141.255.162.226 port 54790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T04:21:40.517Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 04:23:07 honeypot-ams-1 sshd[26538]: Connection closed by invalid user default 179.60.147.69 port 51864 [preauth]","@timestamp":"2022-09-15T04:23:07.362Z"}
{"@timestamp":"2022-09-15T04:24:14.371Z","@version":"1","message":"Sep 15 04:24:13 honeypot-sgp-1 sshd[15224]: Received disconnect from 92.255.85.70 port 60760:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:26:33 honeypot-fra-1 kernel: [84090411.504528] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.108 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20569 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:26:33.629Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:29:27 honeypot-ams-1 kernel: [84092750.463674] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36435 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:29:28.529Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:29:37 honeypot-fra-1 sshd[11018]: Disconnected from authenticating user root 209.141.57.23 port 46504 [preauth]","@timestamp":"2022-09-15T04:29:37.703Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 04:36:18 honeypot-ams-1 kernel: [84093161.302564] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.197.205.241 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=37583 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T04:36:19.707Z"}
{"@timestamp":"2022-09-15T04:43:32.860Z","@version":"1","message":"Sep 15 04:43:32 honeypot-sgp-1 kernel: [84093120.434543] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.68 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=45526 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11032]: Invalid user test from 45.127.108.174 port 42412","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11047]: Invalid user appuser from 45.127.108.174 port 42418","@timestamp":"2022-09-15T04:50:12.190Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11029]: Invalid user es from 45.127.108.174 port 42374","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:11 honeypot-fra-1 sshd[11026]: Connection closed by invalid user testuser 45.127.108.174 port 42422 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11031]: Connection closed by invalid user oracle 45.127.108.174 port 42406 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11045]: Connection closed by authenticating user root 45.127.108.174 port 42366 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11044]: Connection closed by invalid user vnc 45.127.108.174 port 42410 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11038]: Connection closed by invalid user testuser 45.127.108.174 port 42394 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:12 honeypot-fra-1 sshd[11051]: Connection closed by invalid user dev 45.127.108.174 port 42420 [preauth]","@timestamp":"2022-09-15T04:50:12.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:50:32 honeypot-fra-1 sshd[11088]: Disconnected from authenticating user root 92.255.85.69 port 37220 [preauth]","@timestamp":"2022-09-15T04:50:33.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 04:57:17 honeypot-fra-1 sshd[11095]: Connection closed by authenticating user root 179.60.147.69 port 35486 [preauth]","@timestamp":"2022-09-15T04:57:18.351Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T04:59:03.240Z","@version":"1","message":"Sep 15 04:59:02 honeypot-sgp-1 kernel: [84094050.616737] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.190.29.253 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=15586 PROTO=TCP SPT=57915 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:27 honeypot-fra-1 sshd[11102]: Received disconnect from 45.61.186.249 port 48244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:02:28.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:02:47 honeypot-fra-1 sshd[11106]: Received disconnect from 45.61.186.249 port 42852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:02:48.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:04 honeypot-fra-1 sshd[11110]: Received disconnect from 45.61.186.249 port 37452:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:03:05.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:03:21 honeypot-fra-1 sshd[11114]: Received disconnect from 45.61.186.249 port 60300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:03:21.515Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T05:04:19.371Z","@version":"1","message":"Sep 15 05:04:18 honeypot-sgp-1 kernel: [84094366.586155] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.100.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=38830 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:04:47.386Z","@version":"1","message":"Sep 15 05:04:47 honeypot-sgp-1 sshd[15241]: Received disconnect from 45.61.186.169 port 48914:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:05.396Z","@version":"1","message":"Sep 15 05:05:04 honeypot-sgp-1 sshd[15245]: Received disconnect from 45.61.186.169 port 43970:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:05:21.404Z","@version":"1","message":"Sep 15 05:05:20 honeypot-sgp-1 sshd[15249]: Invalid user user from 45.61.186.169 port 39028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:07:14.450Z","@version":"1","message":"Sep 15 05:07:14 honeypot-sgp-1 kernel: [84094541.799260] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=157.245.245.240 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=59487 PROTO=TCP SPT=58409 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:09:06 honeypot-ams-1 kernel: [84095129.018875] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=194.50.15.71 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=40015 DF PROTO=TCP SPT=4956 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:09:07.552Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:13:29 honeypot-fra-1 sshd[11121]: Received disconnect from 92.255.85.69 port 46122:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:13:29.743Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:14 honeypot-ams-1 sshd[26995]: Invalid user user from 45.61.186.169 port 54336","@timestamp":"2022-09-15T05:14:14.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:30 honeypot-ams-1 sshd[26999]: Invalid user user from 45.61.186.169 port 49398","@timestamp":"2022-09-15T05:14:30.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:14:46 honeypot-ams-1 sshd[27004]: Invalid user user from 45.61.186.169 port 44402","@timestamp":"2022-09-15T05:14:46.701Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 05:15:18 honeypot-ams-1 kernel: [84095500.978754] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36466 PROTO=TCP SPT=40449 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T05:15:18.717Z"}
{"@timestamp":"2022-09-15T05:17:02.684Z","@version":"1","message":"Sep 15 05:17:01 honeypot-sgp-1 CRON[15259]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:25:57 honeypot-ams-1 sshd[27016]: Received disconnect from 142.93.8.99 port 49960:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:25:57.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:28:27 honeypot-fra-1 sshd[11127]: Connection closed by invalid user admin 218.250.188.244 port 34345 [preauth]","@timestamp":"2022-09-15T05:28:28.100Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:30:52 honeypot-ams-1 sshd[27021]: Disconnected from authenticating user root 23.224.121.241 port 49258 [preauth]","@timestamp":"2022-09-15T05:30:53.107Z"}
{"@timestamp":"2022-09-15T05:32:54.086Z","@version":"1","message":"Sep 15 05:32:54 honeypot-sgp-1 sshd[15264]: Connection closed by invalid user user 179.60.147.69 port 18400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:37:10 honeypot-fra-1 sshd[11132]: Received disconnect from 92.255.85.70 port 19976:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:37:11.300Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:37:32 honeypot-ams-1 sshd[27026]: Disconnected from invalid user web 167.172.58.10 port 60126 [preauth]","@timestamp":"2022-09-15T05:37:33.279Z"}
{"@timestamp":"2022-09-15T05:47:03.446Z","@version":"1","message":"Sep 15 05:47:03 honeypot-sgp-1 kernel: [84096930.686274] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.56.104.49 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=62276 PROTO=TCP SPT=40812 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:04.545Z","@version":"1","message":"Sep 15 05:51:03 honeypot-sgp-1 sshd[15274]: Received disconnect from 45.61.186.49 port 36050:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T05:51:14.550Z","@version":"1","message":"Sep 15 05:51:13 honeypot-sgp-1 sshd[15278]: Received disconnect from 45.61.186.49 port 47654:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 05:51:25 honeypot-fra-1 sshd[11138]: Received disconnect from 165.22.45.108 port 35226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T05:51:25.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:53:52 honeypot-ams-1 sshd[27032]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-15T05:53:52.686Z"}
{"@timestamp":"2022-09-15T05:57:36.706Z","@version":"1","message":"Sep 15 05:57:36 honeypot-sgp-1 sshd[15284]: Received disconnect from 134.0.193.138 port 52870:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 05:58:36 honeypot-ams-1 sshd[27039]: Received disconnect from 186.96.22.59 port 54384:11: Bye Bye [preauth]","@timestamp":"2022-09-15T05:58:36.812Z"}
{"@timestamp":"2022-09-15T05:59:45.760Z","@version":"1","message":"Sep 15 05:59:45 honeypot-sgp-1 sshd[15288]: Disconnected from invalid user speech-dispatcher 119.4.210.70 port 47886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:01:33 honeypot-fra-1 kernel: [84096111.859363] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3433 PROTO=TCP SPT=41603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:01:34.853Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:05:59 honeypot-ams-1 kernel: [84098541.541298] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=40711 PROTO=TCP SPT=32118 DPT=80 WINDOW=60918 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:06:00.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:08 honeypot-fra-1 sshd[11147]: Received disconnect from 45.61.184.204 port 50628:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:06:08.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:28 honeypot-fra-1 sshd[11151]: Invalid user user from 45.61.184.204 port 46272","@timestamp":"2022-09-15T06:06:28.967Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:06:47 honeypot-fra-1 sshd[11155]: Invalid user user from 45.61.184.204 port 41848","@timestamp":"2022-09-15T06:06:47.976Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:09:18 honeypot-fra-1 kernel: [84096576.610764] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.200.29.15 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=49584 PROTO=TCP SPT=42153 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:09:19.050Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27063]: Invalid user admin from 52.237.82.21 port 48834","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27064]: Invalid user testuser from 52.237.82.21 port 48756","@timestamp":"2022-09-15T06:09:58.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27071]: Invalid user ansible from 52.237.82.21 port 48848","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27054]: Connection closed by authenticating user root 52.237.82.21 port 48800 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27057]: Connection closed by invalid user user 52.237.82.21 port 48752 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27069]: Connection closed by invalid user guest 52.237.82.21 port 48776 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:09:58 honeypot-ams-1 sshd[27056]: Connection closed by invalid user www 52.237.82.21 port 48780 [preauth]","@timestamp":"2022-09-15T06:09:59.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:12:42 honeypot-ams-1 sshd[27098]: Invalid user admin from 179.60.147.69 port 21066","@timestamp":"2022-09-15T06:12:42.176Z"}
{"@timestamp":"2022-09-15T06:17:02.191Z","@version":"1","message":"Sep 15 06:17:01 honeypot-sgp-1 CRON[21003]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:18:07 honeypot-fra-1 sshd[11165]: Invalid user 137.220.212.237 from 189.141.65.234 port 41580","@timestamp":"2022-09-15T06:18:08.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:20:12 honeypot-fra-1 sshd[11168]: Received disconnect from 193.142.146.50 port 33606:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:20:13.304Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:20:36 honeypot-fra-1 sshd[11173]: Disconnected from authenticating user root 193.142.146.50 port 42962 [preauth]","@timestamp":"2022-09-15T06:20:37.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:22:19 honeypot-fra-1 sshd[11179]: Disconnected from authenticating user root 193.142.146.50 port 33440 [preauth]","@timestamp":"2022-09-15T06:22:20.359Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:22:54 honeypot-ams-1 kernel: [84099557.067518] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=25600 PROTO=TCP SPT=53086 DPT=80 WINDOW=3206 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:22:55.456Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:23:50 honeypot-fra-1 sshd[11185]: Received disconnect from 158.69.111.17 port 34370:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:23:51.397Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:24:12 honeypot-fra-1 sshd[11189]: Disconnected from invalid user test 193.142.146.50 port 42714 [preauth]","@timestamp":"2022-09-15T06:24:13.408Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:25:08.395Z","@version":"1","message":"Sep 15 06:25:08 honeypot-sgp-1 CRON[21009]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:25:09 honeypot-fra-1 kernel: [84097527.671657] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.145.86 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=25782 PROTO=TCP SPT=47303 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:25:10.435Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:01 honeypot-ams-1 sshd[27272]: Received disconnect from 45.61.187.160 port 52680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:26:02.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:20 honeypot-ams-1 sshd[27276]: Received disconnect from 45.61.187.160 port 47612:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:26:21.551Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:26:34 honeypot-fra-1 sshd[11334]: Received disconnect from 137.184.225.163 port 37638:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:26:34.472Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:38 honeypot-ams-1 sshd[27280]: Received disconnect from 45.61.187.160 port 42590:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:26:39.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:26:55 honeypot-ams-1 sshd[27284]: Received disconnect from 45.61.187.160 port 37546:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T06:26:56.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:29:09 honeypot-ams-1 sshd[27289]: Received disconnect from 162.19.64.34 port 56898:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:29:10.631Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:30:37 honeypot-ams-1 kernel: [84100019.842699] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.163.48 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=59394 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:30:37.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:36:45 honeypot-fra-1 kernel: [84098223.320911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.54 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45817 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:36:45.718Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:39:28 honeypot-ams-1 kernel: [84100551.401816] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.86.113.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=216 ID=54321 PROTO=TCP SPT=60166 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:39:29.902Z"}
{"@timestamp":"2022-09-15T06:41:04.791Z","@version":"1","message":"Sep 15 06:41:04 honeypot-sgp-1 kernel: [84100171.681366] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.233 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=33898 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:44:38 honeypot-fra-1 kernel: [84098696.564402] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.254 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65216 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:44:38.895Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:49:20 honeypot-fra-1 sshd[17482]: Received disconnect from 92.255.85.69 port 29780:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:49:21.008Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:51:25.053Z","@version":"1","message":"Sep 15 06:51:24 honeypot-sgp-1 kernel: [84100791.812242] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51263 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 06:51:32 honeypot-ams-1 sshd[27303]: Received disconnect from 92.255.85.70 port 57836:11: Bye Bye [preauth]","@timestamp":"2022-09-15T06:51:33.209Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 06:53:38 honeypot-fra-1 sshd[17486]: Disconnected from invalid user admin 139.59.121.188 port 51142 [preauth]","@timestamp":"2022-09-15T06:53:39.109Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T06:58:20.231Z","@version":"1","message":"Sep 15 06:58:19 honeypot-sgp-1 sshd[21169]: Invalid user odoo from 157.245.122.58 port 45322","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 06:58:51 honeypot-ams-1 kernel: [84101714.069887] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=17604 PROTO=TCP SPT=6431 DPT=80 WINDOW=20831 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T06:58:52.401Z"}
{"@timestamp":"2022-09-15T07:00:14.281Z","@version":"1","message":"Sep 15 07:00:14 honeypot-sgp-1 sshd[21173]: Invalid user data.user from 157.245.122.58 port 44184","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:01:53.328Z","@version":"1","message":"Sep 15 07:01:53 honeypot-sgp-1 sshd[21177]: Did not receive identification string from 192.241.220.119 port 44448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:03:04.363Z","@version":"1","message":"Sep 15 07:03:03 honeypot-sgp-1 sshd[21181]: Invalid user cypress from 157.245.122.58 port 56582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:04:00 honeypot-ams-1 kernel: [84102023.111977] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=38.146.70.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=21704 PROTO=TCP SPT=43378 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:04:01.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:39 honeypot-fra-1 sshd[17493]: Invalid user tester from 103.125.189.140 port 61371","@timestamp":"2022-09-15T07:04:39.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:49 honeypot-fra-1 sshd[17497]: Invalid user ubnt from 103.125.189.140 port 62548","@timestamp":"2022-09-15T07:04:50.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:04:57 honeypot-fra-1 sshd[17501]: Invalid user ftpuser from 103.125.189.140 port 64270","@timestamp":"2022-09-15T07:04:57.367Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:04 honeypot-fra-1 sshd[17505]: Invalid user user from 103.125.189.140 port 64912","@timestamp":"2022-09-15T07:05:04.370Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:10 honeypot-fra-1 sshd[17509]: Invalid user service from 103.125.189.140 port 49768","@timestamp":"2022-09-15T07:05:10.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:15 honeypot-fra-1 sshd[17513]: Invalid user guest from 103.125.189.140 port 50803","@timestamp":"2022-09-15T07:05:16.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:05:22 honeypot-fra-1 sshd[17517]: Invalid user admin from 103.125.189.140 port 51594","@timestamp":"2022-09-15T07:05:23.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:07:42 honeypot-fra-1 sshd[17521]: Received disconnect from 102.223.173.17 port 45738:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:07:42.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:12:48 honeypot-fra-1 sshd[17526]: Disconnected from authenticating user root 92.255.85.69 port 36590 [preauth]","@timestamp":"2022-09-15T07:12:48.552Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:13:31 honeypot-ams-1 sshd[27413]: Invalid user webmaster from 152.32.145.211 port 58854","@timestamp":"2022-09-15T07:13:31.792Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:16:41 honeypot-ams-1 kernel: [84102784.119200] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.1.91.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=4177 PROTO=TCP SPT=17054 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:16:41.877Z"}
{"@timestamp":"2022-09-15T07:17:01.734Z","@version":"1","message":"Sep 15 07:17:01 honeypot-sgp-1 CRON[21191]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:17:01 honeypot-fra-1 CRON[17530]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T07:17:02.653Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:19:14 honeypot-ams-1 sshd[27425]: Received disconnect from 73.203.127.7 port 41284:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:19:14.947Z"}
{"@timestamp":"2022-09-15T07:24:02.910Z","@version":"1","message":"Sep 15 07:24:02 honeypot-sgp-1 sshd[21198]: Connection closed by invalid user blank 179.60.147.69 port 10548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:24:20 honeypot-ams-1 sshd[27431]: Invalid user gargy from 112.23.2.254 port 40475","@timestamp":"2022-09-15T07:24:21.080Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:24:27 honeypot-fra-1 kernel: [84101085.701173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=24526 PROTO=TCP SPT=46258 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:24:28.821Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:25:33 honeypot-ams-1 kernel: [84103315.672889] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1871 PROTO=TCP SPT=40184 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:25:34.114Z"}
{"@timestamp":"2022-09-15T07:31:18.096Z","@version":"1","message":"Sep 15 07:31:17 honeypot-sgp-1 kernel: [84103185.255726] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=85.119.151.254 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45571 PROTO=TCP SPT=47066 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:33:40.158Z","@version":"1","message":"Sep 15 07:33:39 honeypot-sgp-1 sshd[21207]: Received disconnect from 92.255.85.70 port 59676:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:18 honeypot-fra-1 sshd[17542]: Disconnected from authenticating user root 92.255.85.70 port 18950 [preauth]","@timestamp":"2022-09-15T07:36:19.101Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T07:36:36.235Z","@version":"1","message":"Sep 15 07:36:35 honeypot-sgp-1 sshd[21212]: Received disconnect from 128.199.71.153 port 54986:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:40 honeypot-fra-1 sshd[17554]: Invalid user vnc from 101.43.159.25 port 41522","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17554]: Connection closed by invalid user vnc 101.43.159.25 port 41522 [preauth]","@timestamp":"2022-09-15T07:36:41.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17547]: Connection closed by invalid user zabbix 101.43.159.25 port 41530 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17561]: Invalid user devops from 101.43.159.25 port 41552","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17594]: Invalid user admin from 101.43.159.25 port 41524","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17561]: Connection closed by invalid user devops 101.43.159.25 port 41552 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17593]: Invalid user test from 101.43.159.25 port 41574","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:41 honeypot-fra-1 sshd[17591]: Connection closed by invalid user mysql 101.43.159.25 port 41576 [preauth]","@timestamp":"2022-09-15T07:36:42.113Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:36:44 honeypot-fra-1 sshd[17603]: Invalid user oracle from 101.43.159.25 port 41568","@timestamp":"2022-09-15T07:36:45.115Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:39:03 honeypot-ams-1 sshd[27438]: Received disconnect from 92.255.85.70 port 54622:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:39:04.487Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:39:30 honeypot-fra-1 kernel: [84101988.708791] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59601 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:39:31.179Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:44:10.426Z","@version":"1","message":"Sep 15 07:44:09 honeypot-sgp-1 sshd[21215]: Disconnected from authenticating user root 73.52.12.202 port 54266 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:44:35 honeypot-fra-1 kernel: [84102293.565680] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=10468 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:44:36.299Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T07:45:58.476Z","@version":"1","message":"Sep 15 07:45:58 honeypot-sgp-1 sshd[21222]: Received disconnect from 179.43.156.143 port 46356:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:47:13.510Z","@version":"1","message":"Sep 15 07:47:13 honeypot-sgp-1 sshd[21229]: Received disconnect from 179.43.156.143 port 40208:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T07:47:50.528Z","@version":"1","message":"Sep 15 07:47:50 honeypot-sgp-1 sshd[21233]: Disconnected from authenticating user root 179.43.156.143 port 37102 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:48:15 honeypot-ams-1 sshd[27441]: Invalid user vhe from 36.95.55.131 port 57620","@timestamp":"2022-09-15T07:48:16.725Z"}
{"@timestamp":"2022-09-15T07:49:35.576Z","@version":"1","message":"Sep 15 07:49:35 honeypot-sgp-1 sshd[21239]: Invalid user ossuser from 179.43.156.143 port 56144","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:50:18 honeypot-ams-1 sshd[27446]: Received disconnect from 144.24.74.213 port 48394:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:50:18.779Z"}
{"@timestamp":"2022-09-15T07:50:50.611Z","@version":"1","message":"Sep 15 07:50:49 honeypot-sgp-1 sshd[21243]: Received disconnect from 179.43.156.143 port 49960:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:52:39 honeypot-ams-1 sshd[27450]: Invalid user acs from 37.32.29.44 port 46564","@timestamp":"2022-09-15T07:52:39.844Z"}
{"@timestamp":"2022-09-15T07:52:42.661Z","@version":"1","message":"Sep 15 07:52:41 honeypot-sgp-1 sshd[21250]: Received disconnect from 179.43.156.143 port 40742:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 07:53:41 honeypot-ams-1 kernel: [84105004.087304] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=21321 PROTO=TCP SPT=64048 DPT=80 WINDOW=4056 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T07:53:41.875Z"}
{"@timestamp":"2022-09-15T07:54:00.696Z","@version":"1","message":"Sep 15 07:54:00 honeypot-sgp-1 sshd[21254]: Disconnected from authenticating user root 179.43.156.143 port 34598 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 07:55:30 honeypot-ams-1 sshd[27457]: Disconnected from invalid user weiguo 111.95.141.34 port 44976 [preauth]","@timestamp":"2022-09-15T07:55:30.925Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 07:56:47 honeypot-fra-1 sshd[17614]: Received disconnect from 178.128.103.172 port 45872:11: Bye Bye [preauth]","@timestamp":"2022-09-15T07:56:47.579Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:03:54.943Z","@version":"1","message":"Sep 15 08:03:54 honeypot-sgp-1 sshd[21260]: Connection closed by invalid user support 179.60.147.69 port 33154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:05:47 honeypot-fra-1 kernel: [84103565.518996] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49915 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:05:48.804Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:07:35 honeypot-ams-1 sshd[27465]: Invalid user support from 179.60.147.69 port 40612","@timestamp":"2022-09-15T08:07:36.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:15 honeypot-ams-1 sshd[27470]: Received disconnect from 45.61.186.169 port 43658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:08:16.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:32 honeypot-ams-1 sshd[27474]: Received disconnect from 45.61.186.169 port 38540:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:08:32.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:08:48 honeypot-ams-1 sshd[27478]: Received disconnect from 45.61.186.169 port 33438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T08:08:48.277Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 08:16:05 honeypot-ams-1 kernel: [84106347.470453] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.129 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=8305 PROTO=TCP SPT=19121 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:16:05.486Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:17:35 honeypot-fra-1 kernel: [84104272.943692] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.117.195.73 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=19102 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:17:36.074Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:18:46 honeypot-ams-1 sshd[27489]: Disconnected from invalid user admin 167.71.236.26 port 59312 [preauth]","@timestamp":"2022-09-15T08:18:47.558Z"}
{"@timestamp":"2022-09-15T08:20:01.342Z","@version":"1","message":"Sep 15 08:20:01 honeypot-sgp-1 sshd[21267]: Received disconnect from 92.255.85.69 port 21850:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:21:18 honeypot-fra-1 sshd[17658]: Received disconnect from 179.60.150.118 port 36674:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:21:19.162Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:23:05.422Z","@version":"1","message":"Sep 15 08:23:05 honeypot-sgp-1 sshd[21290]: Received disconnect from 49.88.112.60 port 47687:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:23:31 honeypot-fra-1 sshd[17662]: Received disconnect from 62.197.194.60 port 60782:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:23:32.216Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:25:45 honeypot-ams-1 sshd[27495]: Disconnected from authenticating user root 92.255.85.70 port 35608 [preauth]","@timestamp":"2022-09-15T08:25:46.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:26:37 honeypot-fra-1 kernel: [84104814.846134] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.116.58.94 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13143 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:26:37.290Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:28:28 honeypot-fra-1 sshd[17671]: Disconnected from invalid user arya 160.153.252.142 port 47456 [preauth]","@timestamp":"2022-09-15T08:28:28.333Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:29:10 honeypot-fra-1 sshd[17675]: Disconnected from invalid user dell 137.184.225.163 port 48008 [preauth]","@timestamp":"2022-09-15T08:29:10.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T08:30:52.613Z","@version":"1","message":"Sep 15 08:30:52 honeypot-sgp-1 kernel: [84106759.679592] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=62834 PROTO=TCP SPT=50602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T08:36:18.749Z","@version":"1","message":"Sep 15 08:36:17 honeypot-sgp-1 kernel: [84107085.368979] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.59.120.211 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16896 PROTO=TCP SPT=50138 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:36:43 honeypot-ams-1 sshd[27523]: Received disconnect from 61.177.173.33 port 64844:11:  [preauth]","@timestamp":"2022-09-15T08:36:44.030Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:37:30 honeypot-fra-1 kernel: [84105467.769718] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.59.120.211 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=60280 PROTO=TCP SPT=50138 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:37:30.544Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T08:41:44.885Z","@version":"1","message":"Sep 15 08:41:44 honeypot-sgp-1 sshd[21315]: Invalid user admin from 179.60.147.69 port 34142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T08:43:21.929Z","@version":"1","message":"Sep 15 08:43:21 honeypot-sgp-1 sshd[21319]: Disconnected from authenticating user root 92.255.85.70 port 37070 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:43:52 honeypot-fra-1 kernel: [84105850.142022] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.116.58.152 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8244 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:43:52.694Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:05 honeypot-ams-1 sshd[27530]: Invalid user admin from 179.60.147.69 port 45230","@timestamp":"2022-09-15T08:45:05.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:57 honeypot-ams-1 sshd[27533]: Disconnected from invalid user user 141.255.162.226 port 55284 [preauth]","@timestamp":"2022-09-15T08:45:58.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:45:58 honeypot-ams-1 sshd[27537]: Disconnected from invalid user user 141.255.162.226 port 40182 [preauth]","@timestamp":"2022-09-15T08:45:59.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:01 honeypot-ams-1 sshd[27541]: Disconnected from invalid user user 141.255.162.226 port 42154 [preauth]","@timestamp":"2022-09-15T08:46:02.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:46:03 honeypot-ams-1 sshd[27545]: Disconnected from invalid user user 141.255.162.226 port 49706 [preauth]","@timestamp":"2022-09-15T08:46:04.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17707]: Invalid user spark from 172.104.240.40 port 43908","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17708]: Connection closed by invalid user mysql 172.104.240.40 port 43932 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17693]: Invalid user git from 172.104.240.40 port 43720","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:35 honeypot-fra-1 sshd[17700]: Connection closed by invalid user testuser 172.104.240.40 port 43818 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17705]: Connection closed by invalid user devops 172.104.240.40 port 43860 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17704]: Connection closed by invalid user ansible 172.104.240.40 port 43852 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17698]: Invalid user oracle from 172.104.240.40 port 43746","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17730]: Invalid user devops from 172.104.240.40 port 44046","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:48:36 honeypot-fra-1 sshd[17730]: Connection closed by invalid user devops 172.104.240.40 port 44046 [preauth]","@timestamp":"2022-09-15T08:48:36.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:48:53 honeypot-ams-1 sshd[27551]: Received disconnect from 92.255.85.70 port 59964:11: Bye Bye [preauth]","@timestamp":"2022-09-15T08:48:54.369Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 08:52:19 honeypot-fra-1 kernel: [84106356.687018] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.209.125.68 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=10920 PROTO=TCP SPT=6157 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T08:52:19.887Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T08:55:54.240Z","@version":"1","message":"Sep 15 08:55:53 honeypot-sgp-1 kernel: [84108260.903119] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=36959 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 08:56:32 honeypot-ams-1 sshd[27560]: Did not receive identification string from 61.177.173.33 port 50624","@timestamp":"2022-09-15T08:56:33.565Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:02:39 honeypot-ams-1 sshd[27566]: Disconnected from authenticating user root 23.94.194.177 port 46786 [preauth]","@timestamp":"2022-09-15T09:02:40.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:02:53 honeypot-fra-1 kernel: [84106991.192342] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.191.209.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49458 PROTO=TCP SPT=48408 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:02:54.131Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:21 honeypot-fra-1 sshd[17762]: Invalid user user from 141.255.162.226 port 47740","@timestamp":"2022-09-15T09:04:22.174Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:26 honeypot-fra-1 sshd[17766]: Invalid user user from 141.255.162.226 port 42466","@timestamp":"2022-09-15T09:04:27.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:04:28 honeypot-fra-1 sshd[17770]: Invalid user user from 141.255.162.226 port 50122","@timestamp":"2022-09-15T09:04:29.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:04:42 honeypot-ams-1 kernel: [84109264.852066] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=35165 PROTO=TCP SPT=36055 DPT=80 WINDOW=29718 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:04:42.784Z"}
{"@timestamp":"2022-09-15T09:06:38.505Z","@version":"1","message":"Sep 15 09:06:37 honeypot-sgp-1 sshd[21327]: Did not receive identification string from 45.61.184.204 port 58382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:19.526Z","@version":"1","message":"Sep 15 09:07:19 honeypot-sgp-1 sshd[21332]: Invalid user user from 45.61.184.204 port 44010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:07:39.536Z","@version":"1","message":"Sep 15 09:07:39 honeypot-sgp-1 sshd[21336]: Invalid user user from 45.61.184.204 port 39840","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:07:44 honeypot-ams-1 kernel: [84109446.907857] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=7421 PROTO=TCP SPT=58473 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:07:44.867Z"}
{"@timestamp":"2022-09-15T09:08:00.546Z","@version":"1","message":"Sep 15 09:07:59 honeypot-sgp-1 sshd[21341]: Invalid user user from 45.61.184.204 port 35658","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:08:10 honeypot-fra-1 kernel: [84107308.558982] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.72 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55032 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:08:11.263Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T09:08:22.558Z","@version":"1","message":"Sep 15 09:08:22 honeypot-sgp-1 kernel: [84109009.653444] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=59740 PROTO=TCP SPT=52404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:10:07 honeypot-ams-1 sshd[27580]: Disconnected from 61.177.173.33 port 20591 [preauth]","@timestamp":"2022-09-15T09:10:07.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:13:34 honeypot-ams-1 sshd[27591]: Invalid user tomcat from 193.106.191.157 port 55482","@timestamp":"2022-09-15T09:13:35.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:17:01 honeypot-fra-1 CRON[17780]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T09:17:02.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:36 honeypot-ams-1 sshd[27600]: Received disconnect from 141.255.162.226 port 55776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:19:36.184Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:38 honeypot-ams-1 sshd[27604]: Received disconnect from 141.255.162.226 port 41118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:19:39.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:41 honeypot-ams-1 sshd[27608]: Received disconnect from 141.255.162.226 port 34872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T09:19:42.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:19:47 honeypot-ams-1 sshd[27610]: Disconnected from 61.177.173.33 port 57647 [preauth]","@timestamp":"2022-09-15T09:19:48.192Z"}
{"@timestamp":"2022-09-15T09:21:06.869Z","@version":"1","message":"Sep 15 09:21:06 honeypot-sgp-1 kernel: [84109773.502222] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=31790 PROTO=TCP SPT=45703 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:29:11 honeypot-fra-1 sshd[17790]: Connection closed by 193.169.255.16 port 55276 [preauth]","@timestamp":"2022-09-15T09:29:11.737Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:30:12 honeypot-ams-1 sshd[27619]: Connection closed by invalid user  64.62.197.32 port 56664 [preauth]","@timestamp":"2022-09-15T09:30:12.480Z"}
{"@timestamp":"2022-09-15T09:31:36.124Z","@version":"1","message":"Sep 15 09:31:35 honeypot-sgp-1 sshd[21359]: Invalid user sammy from 190.12.102.58 port 47372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:33:19 honeypot-ams-1 sshd[27625]: Connection closed by invalid user tomcat 193.106.191.157 port 40748 [preauth]","@timestamp":"2022-09-15T09:33:20.568Z"}
{"@timestamp":"2022-09-15T09:33:22.170Z","@version":"1","message":"Sep 15 09:33:21 honeypot-sgp-1 sshd[21363]: Received disconnect from 103.161.236.5 port 33148:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:33:58.188Z","@version":"1","message":"Sep 15 09:33:57 honeypot-sgp-1 sshd[21367]: Disconnected from invalid user admin 126.113.24.98 port 40496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:36:06.241Z","@version":"1","message":"Sep 15 09:36:06 honeypot-sgp-1 sshd[21372]: Disconnected from authenticating user root 105.28.108.165 port 59140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:41:37 honeypot-ams-1 kernel: [84111479.542165] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=33115 PROTO=TCP SPT=64773 DPT=80 WINDOW=57050 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:41:37.781Z"}
{"@timestamp":"2022-09-15T09:42:30.399Z","@version":"1","message":"Sep 15 09:42:30 honeypot-sgp-1 sshd[21378]: Received disconnect from 179.43.156.143 port 33260:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:43:17 honeypot-ams-1 sshd[27636]: Invalid user uk from 86.110.184.234 port 53788","@timestamp":"2022-09-15T09:43:17.828Z"}
{"@timestamp":"2022-09-15T09:43:58.437Z","@version":"1","message":"Sep 15 09:43:58 honeypot-sgp-1 sshd[21384]: Invalid user ts3 from 20.214.244.148 port 35154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:44:48.459Z","@version":"1","message":"Sep 15 09:44:48 honeypot-sgp-1 sshd[21388]: Disconnected from authenticating user root 179.43.156.143 port 46204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:45:00 honeypot-fra-1 kernel: [84109517.530229] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.117.17.214 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=19326 DF PROTO=TCP SPT=54383 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:45:00.107Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T09:45:59.491Z","@version":"1","message":"Sep 15 09:45:59 honeypot-sgp-1 sshd[21394]: Invalid user ossuser from 179.43.156.143 port 38560","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:46:34.507Z","@version":"1","message":"Sep 15 09:46:33 honeypot-sgp-1 sshd[21397]: Disconnected from invalid user nfsnobod 179.43.156.143 port 34720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 09:47:29 honeypot-ams-1 sshd[27643]: Invalid user sebastian from 185.230.138.117 port 43166","@timestamp":"2022-09-15T09:47:30.939Z"}
{"@timestamp":"2022-09-15T09:48:16.551Z","@version":"1","message":"Sep 15 09:48:15 honeypot-sgp-1 sshd[21403]: Disconnected from authenticating user root 200.42.148.168 port 55518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:49:35.585Z","@version":"1","message":"Sep 15 09:49:35 honeypot-sgp-1 sshd[21409]: Disconnected from authenticating user root 179.43.156.143 port 43886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 09:51:04 honeypot-ams-1 kernel: [84112046.984871] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=45580 PROTO=TCP SPT=44982 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T09:51:05.036Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 09:52:12 honeypot-fra-1 sshd[17802]: Invalid user nvidia from 103.188.176.251 port 45100","@timestamp":"2022-09-15T09:52:12.275Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T09:52:36.660Z","@version":"1","message":"Sep 15 09:52:36 honeypot-sgp-1 sshd[21416]: Received disconnect from 104.248.251.225 port 50152:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T09:56:54.765Z","@version":"1","message":"Sep 15 09:56:54 honeypot-sgp-1 sshd[21420]: Disconnected from invalid user ulia 181.48.60.50 port 51518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:03:04 honeypot-fra-1 sshd[17808]: Disconnected from authenticating user root 102.223.173.17 port 57990 [preauth]","@timestamp":"2022-09-15T10:03:04.523Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:03:11 honeypot-ams-1 sshd[27669]: Disconnected from authenticating user root 108.171.92.54 port 39150 [preauth]","@timestamp":"2022-09-15T10:03:12.344Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:07:13 honeypot-fra-1 kernel: [84110850.505241] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=60186 DF PROTO=TCP SPT=59474 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:07:13.623Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:09:20 honeypot-ams-1 sshd[27679]: Received disconnect from 61.177.173.36 port 21114:11:  [preauth]","@timestamp":"2022-09-15T10:09:20.502Z"}
{"@timestamp":"2022-09-15T10:09:21.070Z","@version":"1","message":"Sep 15 10:09:20 honeypot-sgp-1 kernel: [84112668.331282] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.44 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47071 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:09:53 honeypot-fra-1 kernel: [84111010.468884] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=44173 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:09:53.690Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:13:09 honeypot-ams-1 sshd[27686]: Received disconnect from 179.43.156.143 port 58554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:13:10.602Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:14:50 honeypot-ams-1 kernel: [84113472.603751] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=42338 PROTO=TCP SPT=41939 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:14:50.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:15:33 honeypot-ams-1 sshd[27698]: Disconnected from authenticating user root 179.43.156.143 port 45926 [preauth]","@timestamp":"2022-09-15T10:15:33.669Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:16:03 honeypot-fra-1 sshd[17816]: Received disconnect from 165.22.45.108 port 60524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:16:03.830Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:16:42 honeypot-ams-1 sshd[27703]: Disconnected from invalid user nutanix 179.43.156.143 port 39626 [preauth]","@timestamp":"2022-09-15T10:16:42.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:13 honeypot-ams-1 sshd[27711]: Invalid user voq from 45.228.19.1 port 57674","@timestamp":"2022-09-15T10:17:13.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:17:50 honeypot-ams-1 sshd[27715]: Invalid user nfsnobod from 179.43.156.143 port 33322","@timestamp":"2022-09-15T10:17:51.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:19:00 honeypot-ams-1 sshd[27722]: Disconnected from authenticating user root 179.43.156.143 port 55224 [preauth]","@timestamp":"2022-09-15T10:19:01.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:20:48 honeypot-ams-1 sshd[27728]: Disconnected from authenticating user root 179.43.156.143 port 45762 [preauth]","@timestamp":"2022-09-15T10:20:48.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:23:05 honeypot-ams-1 sshd[27737]: Received disconnect from 203.240.232.56 port 39328:11: Bye Bye [preauth]","@timestamp":"2022-09-15T10:23:05.883Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:25:11 honeypot-ams-1 sshd[27744]: Connection reset by 61.177.173.33 port 10212 [preauth]","@timestamp":"2022-09-15T10:25:11.940Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:25:28 honeypot-fra-1 kernel: [84111946.013588] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=50.116.60.230 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42081 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:25:29.043Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:25:39.460Z","@version":"1","message":"Sep 15 10:25:38 honeypot-sgp-1 kernel: [84113646.316059] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=38795 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:28:47 honeypot-fra-1 kernel: [84112144.988285] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=108 ID=6996 DF PROTO=TCP SPT=56724 DPT=443 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:28:48.123Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:28:48 honeypot-ams-1 sshd[27750]: Did not receive identification string from 61.177.173.33 port 18905","@timestamp":"2022-09-15T10:28:49.037Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:31:37 honeypot-ams-1 kernel: [84114479.863685] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=46 PROTO=TCP SPT=57298 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:31:38.113Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:33:47 honeypot-fra-1 kernel: [84112444.993540] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=20291 DF PROTO=TCP SPT=58238 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:33:48.239Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 10:35:21 honeypot-ams-1 kernel: [84114704.011516] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.224.186.215 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=52162 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T10:35:22.212Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:39:43 honeypot-ams-1 sshd[27772]: Invalid user admin from 103.176.179.185 port 45482","@timestamp":"2022-09-15T10:39:44.326Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 10:41:19 honeypot-fra-1 kernel: [84112897.170231] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.214.177.62 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=107 ID=32871 DF PROTO=TCP SPT=53436 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T10:41:20.414Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T10:41:32.842Z","@version":"1","message":"Sep 15 10:41:31 honeypot-sgp-1 sshd[21440]: Invalid user web from 138.197.195.123 port 46068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:42:32 honeypot-ams-1 sshd[27777]: Received disconnect from 61.177.172.108 port 29870:11:  [preauth]","@timestamp":"2022-09-15T10:42:33.398Z"}
{"@timestamp":"2022-09-15T10:44:22.914Z","@version":"1","message":"Sep 15 10:44:22 honeypot-sgp-1 sshd[21444]: Received disconnect from 198.98.61.9 port 52168:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:40.923Z","@version":"1","message":"Sep 15 10:44:40 honeypot-sgp-1 sshd[21448]: Received disconnect from 198.98.61.9 port 47250:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:44:57.931Z","@version":"1","message":"Sep 15 10:44:57 honeypot-sgp-1 sshd[21452]: Received disconnect from 198.98.61.9 port 42342:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T10:45:13.939Z","@version":"1","message":"Sep 15 10:45:13 honeypot-sgp-1 sshd[21456]: Received disconnect from 198.98.61.9 port 37436:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:19 honeypot-ams-1 sshd[27785]: Received disconnect from 141.255.162.226 port 58608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:52:20.649Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:22 honeypot-ams-1 sshd[27789]: Received disconnect from 141.255.162.226 port 52270:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:52:22.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:25 honeypot-ams-1 sshd[27793]: Received disconnect from 141.255.162.226 port 38648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:52:25.653Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 10:52:28 honeypot-ams-1 sshd[27797]: Received disconnect from 141.255.162.226 port 45946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T10:52:28.655Z"}
{"@timestamp":"2022-09-15T10:53:22.134Z","@version":"1","message":"Sep 15 10:53:22 honeypot-sgp-1 sshd[21459]: Disconnected from invalid user ns1 157.245.93.228 port 48018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:01:24 honeypot-ams-1 sshd[27806]: Received disconnect from 49.70.82.59 port 60782:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:01:24.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:05:24 honeypot-ams-1 sshd[27815]: Disconnected from authenticating user root 61.177.173.53 port 32513 [preauth]","@timestamp":"2022-09-15T11:05:25.002Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:08:24 honeypot-fra-1 sshd[17835]: Invalid user test from 179.60.147.69 port 48074","@timestamp":"2022-09-15T11:08:25.020Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:10:44.551Z","@version":"1","message":"Sep 15 11:10:43 honeypot-sgp-1 sshd[21465]: Received disconnect from 190.12.102.58 port 37057:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:14:30 honeypot-ams-1 sshd[27822]: Disconnected from authenticating user root 61.177.173.39 port 40994 [preauth]","@timestamp":"2022-09-15T11:14:31.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:17:01 honeypot-fra-1 CRON[17840]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T11:17:02.214Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:18:50 honeypot-ams-1 sshd[27830]: Disconnected from authenticating user root 61.177.173.36 port 40334 [preauth]","@timestamp":"2022-09-15T11:18:51.353Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:24:29 honeypot-fra-1 kernel: [84115487.054162] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=36075 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:24:30.386Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T11:24:36.887Z","@version":"1","message":"Sep 15 11:24:36 honeypot-sgp-1 kernel: [84117183.473220] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=47206 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:30:48 honeypot-ams-1 kernel: [84118030.578338] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=14386 PROTO=TCP SPT=41402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:30:48.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:31:11 honeypot-fra-1 sshd[17851]: Connection closed by invalid user pi 73.100.162.94 port 56204 [preauth]","@timestamp":"2022-09-15T11:31:11.573Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:32:54.090Z","@version":"1","message":"Sep 15 11:32:53 honeypot-sgp-1 sshd[21477]: Received disconnect from 209.141.52.250 port 32920:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:34:53 honeypot-ams-1 sshd[27843]: Disconnected from authenticating user root 154.209.4.128 port 49484 [preauth]","@timestamp":"2022-09-15T11:34:53.767Z"}
{"@timestamp":"2022-09-15T11:35:26.159Z","@version":"1","message":"Sep 15 11:35:25 honeypot-sgp-1 sshd[21483]: Invalid user tam from 159.89.40.119 port 54338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T11:37:01.200Z","@version":"1","message":"Sep 15 11:37:00 honeypot-sgp-1 sshd[21487]: Received disconnect from 103.161.236.11 port 58896:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:38:08 honeypot-fra-1 sshd[17856]: Disconnected from authenticating user root 190.153.249.99 port 50442 [preauth]","@timestamp":"2022-09-15T11:38:08.725Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T11:38:56.249Z","@version":"1","message":"Sep 15 11:38:56 honeypot-sgp-1 sshd[21491]: Disconnected from authenticating user root 122.176.119.202 port 40530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:40:51 honeypot-fra-1 sshd[17860]: Received disconnect from 137.184.73.220 port 44202:11: Bye Bye [preauth]","@timestamp":"2022-09-15T11:40:51.789Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:42:57 honeypot-ams-1 sshd[27851]: Received disconnect from 80.76.51.45 port 40252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:42:57.994Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:43:15 honeypot-ams-1 sshd[27855]: Disconnected from invalid user admin 80.76.51.45 port 57868 [preauth]","@timestamp":"2022-09-15T11:43:16.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:44:07 honeypot-ams-1 sshd[27861]: Received disconnect from 80.76.51.45 port 54418:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:44:08.031Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:44:57 honeypot-ams-1 sshd[27868]: Received disconnect from 80.76.51.45 port 50926:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:44:58.055Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 11:45:44 honeypot-ams-1 kernel: [84118926.977044] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60264 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:45:45.080Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:45:47 honeypot-fra-1 kernel: [84116764.839358] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=24276 PROTO=TCP SPT=44336 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T11:45:47.900Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:46:03 honeypot-ams-1 sshd[27880]: Received disconnect from 80.76.51.45 port 37030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T11:46:04.091Z"}
{"@timestamp":"2022-09-15T11:47:22.458Z","@version":"1","message":"Sep 15 11:47:22 honeypot-sgp-1 sshd[21495]: Invalid user guest from 179.60.147.69 port 31608","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 11:51:02 honeypot-ams-1 sshd[27885]: Connection closed by invalid user guest 179.60.147.69 port 49002 [preauth]","@timestamp":"2022-09-15T11:51:03.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:52:05 honeypot-fra-1 sshd[17870]: Invalid user rp1999a from 178.62.233.100 port 47698","@timestamp":"2022-09-15T11:52:06.047Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 11:55:40 honeypot-fra-1 sshd[17874]: Disconnected from authenticating user root 147.182.205.245 port 49530 [preauth]","@timestamp":"2022-09-15T11:55:41.129Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:00:16.772Z","@version":"1","message":"Sep 15 12:00:16 honeypot-sgp-1 sshd[21499]: Disconnected from authenticating user root 193.142.146.50 port 34876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:01:44 honeypot-ams-1 sshd[27901]: Received disconnect from 61.177.173.53 port 60796:11:  [preauth]","@timestamp":"2022-09-15T12:01:45.497Z"}
{"@timestamp":"2022-09-15T12:01:58.816Z","@version":"1","message":"Sep 15 12:01:58 honeypot-sgp-1 sshd[21505]: Disconnected from authenticating user root 193.142.146.50 port 52970 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:35.834Z","@version":"1","message":"Sep 15 12:02:35 honeypot-sgp-1 sshd[21513]: Invalid user user from 45.61.186.49 port 49218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:41.837Z","@version":"1","message":"Sep 15 12:02:41 honeypot-sgp-1 sshd[21517]: Received disconnect from 45.61.186.49 port 54966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:02:52.843Z","@version":"1","message":"Sep 15 12:02:52 honeypot-sgp-1 sshd[21521]: Received disconnect from 45.61.186.49 port 38234:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:05.876Z","@version":"1","message":"Sep 15 12:04:05 honeypot-sgp-1 sshd[21527]: Received disconnect from 193.142.146.50 port 51880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:04:34.890Z","@version":"1","message":"Sep 15 12:04:34 honeypot-sgp-1 sshd[21531]: Invalid user admin from 193.142.146.50 port 60928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:04:35 honeypot-fra-1 sshd[17878]: Received disconnect from 122.176.52.13 port 14367:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:04:36.335Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:05:38 honeypot-fra-1 sshd[17882]: Received disconnect from 165.22.45.108 port 42464:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T12:05:39.362Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:08:43.993Z","@version":"1","message":"Sep 15 12:08:43 honeypot-sgp-1 sshd[21537]: Received disconnect from 128.199.19.74 port 51748:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:08.054Z","@version":"1","message":"Sep 15 12:11:07 honeypot-sgp-1 sshd[21542]: Invalid user user from 45.61.184.204 port 39190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:27.064Z","@version":"1","message":"Sep 15 12:11:26 honeypot-sgp-1 sshd[21547]: Invalid user user from 45.61.184.204 port 33990","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:11:46.074Z","@version":"1","message":"Sep 15 12:11:45 honeypot-sgp-1 sshd[21551]: Invalid user user from 45.61.184.204 port 57022","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:12:29.093Z","@version":"1","message":"Sep 15 12:12:28 honeypot-sgp-1 kernel: [84120056.197017] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.251.102.78 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20313 PROTO=TCP SPT=30210 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:12:47 honeypot-fra-1 sshd[17887]: Connection closed by invalid user admin 128.199.160.207 port 54918 [preauth]","@timestamp":"2022-09-15T12:12:47.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:14:51 honeypot-fra-1 sshd[17893]: Did not receive identification string from 45.61.187.160 port 45348","@timestamp":"2022-09-15T12:14:51.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:12 honeypot-fra-1 sshd[17896]: Disconnected from invalid user user 45.61.187.160 port 42504 [preauth]","@timestamp":"2022-09-15T12:15:12.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:30 honeypot-fra-1 sshd[17900]: Disconnected from invalid user user 45.61.187.160 port 36964 [preauth]","@timestamp":"2022-09-15T12:15:31.612Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:15:31 honeypot-ams-1 sshd[27909]: Invalid user tomcat from 193.106.191.157 port 56144","@timestamp":"2022-09-15T12:15:31.858Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:15:49 honeypot-fra-1 sshd[17904]: Disconnected from invalid user user 45.61.187.160 port 59652 [preauth]","@timestamp":"2022-09-15T12:15:49.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:16:58 honeypot-fra-1 sshd[17911]: Invalid user prueb from 139.59.78.156 port 40958","@timestamp":"2022-09-15T12:16:59.652Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:02 honeypot-ams-1 sshd[27917]: Did not receive identification string from 45.61.186.249 port 58252","@timestamp":"2022-09-15T12:18:02.926Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:40 honeypot-ams-1 sshd[27920]: Disconnected from invalid user user 45.61.186.249 port 38224 [preauth]","@timestamp":"2022-09-15T12:18:40.944Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:18:59 honeypot-ams-1 sshd[27924]: Disconnected from invalid user user 45.61.186.249 port 60804 [preauth]","@timestamp":"2022-09-15T12:18:59.973Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:19:17 honeypot-ams-1 sshd[27928]: Disconnected from invalid user user 45.61.186.249 port 55150 [preauth]","@timestamp":"2022-09-15T12:19:17.983Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:20:04 honeypot-ams-1 sshd[27932]: Disconnected from authenticating user root 61.177.173.51 port 44632 [preauth]","@timestamp":"2022-09-15T12:20:05.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:20:48 honeypot-ams-1 sshd[27938]: Disconnected from authenticating user root 61.177.172.90 port 37221 [preauth]","@timestamp":"2022-09-15T12:20:49.029Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:21:21 honeypot-fra-1 sshd[17916]: Invalid user pengfan from 103.188.176.251 port 44456","@timestamp":"2022-09-15T12:21:21.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:25:28 honeypot-fra-1 kernel: [84119145.204394] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=2872 PROTO=TCP SPT=39964 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:25:28.870Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T12:25:29.407Z","@version":"1","message":"Sep 15 12:25:29 honeypot-sgp-1 sshd[21563]: Invalid user admin from 178.128.125.205 port 48424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:25:29.408Z","@version":"1","message":"Sep 15 12:25:29 honeypot-sgp-1 sshd[21569]: Invalid user admin from 178.128.125.205 port 48464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:26:46.442Z","@version":"1","message":"Sep 15 12:26:45 honeypot-sgp-1 sshd[21573]: Connection closed by invalid user ubnt 179.60.147.69 port 59708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:27:02 honeypot-fra-1 sshd[17925]: Invalid user yd from 89.28.92.118 port 49518","@timestamp":"2022-09-15T12:27:02.910Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T12:28:32.487Z","@version":"1","message":"Sep 15 12:28:31 honeypot-sgp-1 sshd[21580]: Received disconnect from 109.42.178.255 port 29744:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:36.489Z","@version":"1","message":"Sep 15 12:28:36 honeypot-sgp-1 sshd[21586]: Received disconnect from 109.42.178.255 port 1685:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:41.491Z","@version":"1","message":"Sep 15 12:28:40 honeypot-sgp-1 sshd[21592]: Received disconnect from 109.42.178.255 port 12291:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:45.495Z","@version":"1","message":"Sep 15 12:28:44 honeypot-sgp-1 sshd[21598]: Received disconnect from 109.42.178.255 port 15149:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:49.497Z","@version":"1","message":"Sep 15 12:28:49 honeypot-sgp-1 sshd[21604]: Received disconnect from 109.42.178.255 port 6315:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:54.499Z","@version":"1","message":"Sep 15 12:28:53 honeypot-sgp-1 sshd[21610]: Received disconnect from 109.42.178.255 port 20293:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:28:58.502Z","@version":"1","message":"Sep 15 12:28:58 honeypot-sgp-1 sshd[21616]: Received disconnect from 109.42.178.255 port 4203:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:02.505Z","@version":"1","message":"Sep 15 12:29:02 honeypot-sgp-1 sshd[21622]: Received disconnect from 109.42.178.255 port 3565:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:07.508Z","@version":"1","message":"Sep 15 12:29:06 honeypot-sgp-1 sshd[21628]: Received disconnect from 109.42.178.255 port 2800:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:11.510Z","@version":"1","message":"Sep 15 12:29:11 honeypot-sgp-1 sshd[21634]: Received disconnect from 109.42.178.255 port 30509:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:16.514Z","@version":"1","message":"Sep 15 12:29:15 honeypot-sgp-1 sshd[21640]: Received disconnect from 109.42.178.255 port 27501:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:20.517Z","@version":"1","message":"Sep 15 12:29:19 honeypot-sgp-1 sshd[21646]: Received disconnect from 109.42.178.255 port 5144:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:23.518Z","@version":"1","message":"Sep 15 12:29:22 honeypot-sgp-1 sshd[21650]: Received disconnect from 109.42.178.255 port 13735:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:26.520Z","@version":"1","message":"Sep 15 12:29:25 honeypot-sgp-1 sshd[21654]: Received disconnect from 109.42.178.255 port 5371:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:28.522Z","@version":"1","message":"Sep 15 12:29:28 honeypot-sgp-1 sshd[21658]: Received disconnect from 109.42.178.255 port 29674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:31.524Z","@version":"1","message":"Sep 15 12:29:31 honeypot-sgp-1 sshd[21662]: Received disconnect from 109.42.178.255 port 14227:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:34.526Z","@version":"1","message":"Sep 15 12:29:34 honeypot-sgp-1 sshd[21666]: Received disconnect from 109.42.178.255 port 13033:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:37.528Z","@version":"1","message":"Sep 15 12:29:37 honeypot-sgp-1 sshd[21670]: Disconnected from authenticating user root 109.42.178.255 port 18477 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:41.530Z","@version":"1","message":"Sep 15 12:29:41 honeypot-sgp-1 sshd[21676]: Invalid user pi from 109.42.178.255 port 23053","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:44.532Z","@version":"1","message":"Sep 15 12:29:44 honeypot-sgp-1 sshd[21680]: Invalid user ethos from 109.42.178.255 port 9105","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:47.535Z","@version":"1","message":"Sep 15 12:29:47 honeypot-sgp-1 sshd[21684]: Invalid user miner from 109.42.178.255 port 17539","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:50.536Z","@version":"1","message":"Sep 15 12:29:50 honeypot-sgp-1 sshd[21688]: Invalid user volumio from 109.42.178.255 port 19400","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:53.538Z","@version":"1","message":"Sep 15 12:29:53 honeypot-sgp-1 sshd[21692]: Invalid user nagios from 109.42.178.255 port 4853","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:56.540Z","@version":"1","message":"Sep 15 12:29:55 honeypot-sgp-1 sshd[21696]: Invalid user vagrant from 109.42.178.255 port 13877","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:29:59.542Z","@version":"1","message":"Sep 15 12:29:58 honeypot-sgp-1 sshd[21700]: Invalid user debian from 109.42.178.255 port 31205","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:02.545Z","@version":"1","message":"Sep 15 12:30:01 honeypot-sgp-1 sshd[21704]: Invalid user debian from 109.42.178.255 port 5852","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:05.546Z","@version":"1","message":"Sep 15 12:30:04 honeypot-sgp-1 sshd[21708]: Invalid user alarm from 109.42.178.255 port 25641","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:07.548Z","@version":"1","message":"Sep 15 12:30:07 honeypot-sgp-1 sshd[21712]: Invalid user test from 109.42.178.255 port 4351","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:30:10.550Z","@version":"1","message":"Sep 15 12:30:10 honeypot-sgp-1 sshd[21716]: Invalid user cirros from 109.42.178.255 port 25475","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:31:17 honeypot-ams-1 sshd[28023]: Received disconnect from 185.149.120.47 port 44286:11: Bye Bye [preauth]","@timestamp":"2022-09-15T12:31:18.300Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:33:01 honeypot-fra-1 kernel: [84119598.186560] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41516 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T12:33:02.050Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:33:37 honeypot-ams-1 sshd[28028]: Disconnected from invalid user user 63.222.7.131 port 5957 [preauth]","@timestamp":"2022-09-15T12:33:38.363Z"}
{"@timestamp":"2022-09-15T12:34:28.657Z","@version":"1","message":"Sep 15 12:34:28 honeypot-sgp-1 sshd[21721]: Did not receive identification string from 141.255.162.226 port 60610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:34:44.667Z","@version":"1","message":"Sep 15 12:34:44 honeypot-sgp-1 sshd[21724]: Disconnected from invalid user user 141.255.162.226 port 44156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T12:34:47.668Z","@version":"1","message":"Sep 15 12:34:47 honeypot-sgp-1 sshd[21728]: Disconnected from invalid user user 141.255.162.226 port 58670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:35:31 honeypot-ams-1 sshd[28034]: Invalid user cameras from 81.17.25.50 port 13128","@timestamp":"2022-09-15T12:35:31.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:37:26 honeypot-ams-1 sshd[28040]: Invalid user  from 81.17.25.50 port 64481","@timestamp":"2022-09-15T12:37:26.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:39:30 honeypot-ams-1 sshd[28049]: Invalid user admin from 81.17.25.50 port 9724","@timestamp":"2022-09-15T12:39:31.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:40:36 honeypot-ams-1 sshd[28055]: Disconnecting invalid user private 81.17.25.50 port 1823: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:40:36.567Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:42:32 honeypot-ams-1 sshd[28061]: Disconnected from invalid user Administrator 92.255.85.70 port 51188 [preauth]","@timestamp":"2022-09-15T12:42:32.620Z"}
{"@timestamp":"2022-09-15T12:43:53.887Z","@version":"1","message":"Sep 15 12:43:53 honeypot-sgp-1 kernel: [84121940.492299] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.71.195.136 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=253 ID=19713 PROTO=TCP SPT=45807 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:44:23 honeypot-ams-1 sshd[28068]: Disconnecting invalid user  81.17.25.50 port 51224: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:44:23.673Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:46:07 honeypot-ams-1 sshd[28078]: Invalid user blank from 81.17.25.50 port 26404","@timestamp":"2022-09-15T12:46:07.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:47:17 honeypot-ams-1 sshd[28088]: Invalid user 1234 from 81.17.25.50 port 23413","@timestamp":"2022-09-15T12:47:18.764Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:07 honeypot-ams-1 sshd[28096]: Received disconnect from 61.177.173.50 port 64914:11:  [preauth]","@timestamp":"2022-09-15T12:48:07.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:48:39 honeypot-ams-1 sshd[28100]: Disconnecting invalid user admin 81.17.25.50 port 34555: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:48:39.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:49:04 honeypot-fra-1 sshd[17934]: Invalid user th from 190.153.249.99 port 35721","@timestamp":"2022-09-15T12:49:05.416Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:49:21 honeypot-ams-1 sshd[28109]: Invalid user  from 81.17.25.50 port 7922","@timestamp":"2022-09-15T12:49:21.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:50:02 honeypot-ams-1 sshd[28117]: Invalid user ubnt from 150.136.132.142 port 26095","@timestamp":"2022-09-15T12:50:02.853Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:50:24 honeypot-fra-1 sshd[17939]: Invalid user Administrator from 92.255.85.70 port 17804","@timestamp":"2022-09-15T12:50:25.449Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:50:52 honeypot-ams-1 sshd[28119]: Disconnecting invalid user blank 81.17.25.50 port 27897: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:50:52.880Z"}
{"@timestamp":"2022-09-15T12:50:59.066Z","@version":"1","message":"Sep 15 12:50:58 honeypot-sgp-1 sshd[21738]: Invalid user cloud from 143.198.140.38 port 51366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:51:49 honeypot-ams-1 sshd[28123]: Disconnecting invalid user  81.17.25.50 port 10991: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:51:50.909Z"}
{"@timestamp":"2022-09-15T12:52:19.102Z","@version":"1","message":"Sep 15 12:52:18 honeypot-sgp-1 sshd[21744]: Invalid user pi from 79.232.100.20 port 38138","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:53:17 honeypot-ams-1 sshd[28129]: Invalid user admin from 81.17.25.50 port 28449","@timestamp":"2022-09-15T12:53:17.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:54:03 honeypot-ams-1 sshd[28136]: Disconnecting invalid user Administrator 81.17.25.50 port 44138: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","@timestamp":"2022-09-15T12:54:03.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:55:27 honeypot-ams-1 sshd[28142]: Disconnecting invalid user admin 81.17.25.50 port 50783: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:55:28.017Z"}
{"@timestamp":"2022-09-15T12:55:37.186Z","@version":"1","message":"Sep 15 12:55:36 honeypot-sgp-1 kernel: [84122643.518587] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=6835 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:57:47 honeypot-ams-1 sshd[28148]: Disconnecting invalid user comcast 81.17.25.50 port 25430: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:57:47.081Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 12:58:00 honeypot-fra-1 sshd[17944]: Invalid user law from 165.22.45.108 port 47516","@timestamp":"2022-09-15T12:58:00.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:58:21 honeypot-ams-1 sshd[28152]: Disconnecting invalid user  81.17.25.50 port 56150: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:58:22.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 12:59:49 honeypot-ams-1 sshd[28162]: Disconnecting invalid user  81.17.25.50 port 9426: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","@timestamp":"2022-09-15T12:59:50.144Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:00:28 honeypot-ams-1 sshd[28168]: Disconnecting invalid user admin 81.17.25.50 port 44841: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:00:29.166Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:01:03 honeypot-fra-1 sshd[17948]: Received disconnect from 67.207.94.180 port 35348:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:01:03.691Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:01:26 honeypot-ams-1 sshd[28176]: Invalid user airlive from 81.17.25.50 port 22914","@timestamp":"2022-09-15T13:01:27.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:02:28 honeypot-ams-1 sshd[28182]: Invalid user roqos from 81.17.25.50 port 29712","@timestamp":"2022-09-15T13:02:29.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:03:19 honeypot-ams-1 sshd[28186]: Disconnecting invalid user Shiko 81.17.25.50 port 14789: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:03:20.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:04:01 honeypot-ams-1 sshd[28192]: Invalid user smcadmin from 81.17.25.50 port 5389","@timestamp":"2022-09-15T13:04:02.340Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:04:11 honeypot-fra-1 sshd[17953]: Connection closed by invalid user debian 179.60.147.69 port 48528 [preauth]","@timestamp":"2022-09-15T13:04:11.763Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:04:58 honeypot-ams-1 sshd[28200]: Invalid user highspeed from 81.17.25.50 port 16982","@timestamp":"2022-09-15T13:04:59.387Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:03 honeypot-ams-1 sshd[28206]: Invalid user  from 81.17.25.50 port 21522","@timestamp":"2022-09-15T13:06:04.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:22 honeypot-ams-1 sshd[28213]: Invalid user debian from 179.60.147.69 port 12438","@timestamp":"2022-09-15T13:06:23.435Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:06:43 honeypot-ams-1 sshd[28215]: Disconnecting invalid user  81.17.25.50 port 27538: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:06:43.446Z"}
{"@timestamp":"2022-09-15T13:07:05.475Z","@version":"1","message":"Sep 15 13:07:05 honeypot-sgp-1 sshd[21754]: Disconnected from authenticating user root 190.13.81.218 port 39655 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:15 honeypot-ams-1 sshd[28223]: Disconnecting invalid user user 81.17.25.50 port 34858: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:07:16.464Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:07:57 honeypot-ams-1 sshd[28231]: Disconnecting authenticating user root 81.17.25.50 port 57510: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:07:57.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:09 honeypot-ams-1 sshd[28239]: Received disconnect from 80.76.51.189 port 37078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:08:10.493Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:08:40 honeypot-ams-1 sshd[28247]: Received disconnect from 80.76.51.189 port 57350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:08:41.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:00 honeypot-ams-1 sshd[28251]: Invalid user admin from 81.17.25.50 port 43811","@timestamp":"2022-09-15T13:09:00.519Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:22 honeypot-ams-1 sshd[28258]: Invalid user 0 from 81.17.25.50 port 55628","@timestamp":"2022-09-15T13:09:22.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:36 honeypot-ams-1 sshd[28264]: Invalid user admin from 81.17.25.50 port 17114","@timestamp":"2022-09-15T13:09:36.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:09:47 honeypot-ams-1 sshd[28266]: Disconnecting invalid user 1admin0 81.17.25.50 port 43548: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","@timestamp":"2022-09-15T13:09:48.547Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:10:47 honeypot-ams-1 sshd[28276]: Disconnected from authenticating user root 80.76.51.189 port 54184 [preauth]","@timestamp":"2022-09-15T13:10:47.576Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:12:22 honeypot-ams-1 sshd[28283]: Invalid user test from 80.76.51.189 port 58872","@timestamp":"2022-09-15T13:12:22.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:13:28 honeypot-ams-1 sshd[28287]: Invalid user testuser from 80.76.51.189 port 43176","@timestamp":"2022-09-15T13:13:28.651Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:14:36 honeypot-ams-1 sshd[28292]: Invalid user ubuntu from 80.76.51.189 port 55712","@timestamp":"2022-09-15T13:14:36.681Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:15:43 honeypot-fra-1 sshd[17960]: Received disconnect from 92.255.85.69 port 51366:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:15:44.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:15:45 honeypot-ams-1 sshd[28296]: Invalid user ubuntu from 80.76.51.189 port 40018","@timestamp":"2022-09-15T13:15:45.713Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:16:53 honeypot-ams-1 sshd[28300]: Disconnected from authenticating user root 80.76.51.189 port 52552 [preauth]","@timestamp":"2022-09-15T13:16:53.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:27 honeypot-ams-1 sshd[28309]: Invalid user oracle from 80.76.51.189 port 44676","@timestamp":"2022-09-15T13:17:27.763Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:17:55 honeypot-ams-1 sshd[28313]: Invalid user user from 198.98.61.9 port 47278","@timestamp":"2022-09-15T13:17:55.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:03 honeypot-ams-1 sshd[28317]: Invalid user user from 198.98.61.9 port 59008","@timestamp":"2022-09-15T13:18:04.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:20 honeypot-ams-1 sshd[28321]: Invalid user user from 198.98.61.9 port 54230","@timestamp":"2022-09-15T13:18:20.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:28 honeypot-ams-1 sshd[28325]: Received disconnect from 198.98.61.9 port 37728:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:18:29.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:18:36 honeypot-ams-1 sshd[28327]: Disconnected from invalid user user 198.98.61.9 port 49450 [preauth]","@timestamp":"2022-09-15T13:18:37.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:19:47 honeypot-ams-1 sshd[28336]: Received disconnect from 80.76.51.189 port 41530:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:19:47.834Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:22:21 honeypot-ams-1 kernel: [84124723.823900] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10993 PROTO=TCP SPT=42270 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:22:21.903Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:26 honeypot-fra-1 kernel: [84122623.689942] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.174.125.154 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=14970 DF PROTO=TCP SPT=59873 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T13:23:27.201Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:29 honeypot-fra-1 sshd[17972]: Invalid user admin from 192.174.125.154 port 11937","@timestamp":"2022-09-15T13:23:30.203Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:31 honeypot-fra-1 sshd[17976]: Invalid user user2 from 192.174.125.154 port 24193","@timestamp":"2022-09-15T13:23:32.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:33 honeypot-fra-1 sshd[17980]: Received disconnect from 192.174.125.154 port 36577:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:34.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:36 honeypot-fra-1 sshd[17984]: Received disconnect from 192.174.125.154 port 48641:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:36.206Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:38 honeypot-fra-1 sshd[17988]: Disconnected from invalid user admin 192.174.125.154 port 60385 [preauth]","@timestamp":"2022-09-15T13:23:38.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:40 honeypot-fra-1 sshd[17992]: Disconnected from invalid user user2 192.174.125.154 port 8929 [preauth]","@timestamp":"2022-09-15T13:23:40.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:42 honeypot-fra-1 sshd[17998]: Invalid user user from 192.174.125.154 port 25537","@timestamp":"2022-09-15T13:23:43.212Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:44 honeypot-fra-1 sshd[18002]: Received disconnect from 192.174.125.154 port 37377:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:45.213Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:46 honeypot-fra-1 sshd[18006]: Received disconnect from 192.174.125.154 port 49377:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:47.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:48 honeypot-fra-1 sshd[18010]: Disconnected from authenticating user root 192.174.125.154 port 61057 [preauth]","@timestamp":"2022-09-15T13:23:49.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:50 honeypot-fra-1 sshd[18014]: Disconnected from invalid user user 192.174.125.154 port 9697 [preauth]","@timestamp":"2022-09-15T13:23:51.217Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:53 honeypot-fra-1 sshd[18020]: Invalid user admin from 192.174.125.154 port 27745","@timestamp":"2022-09-15T13:23:54.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:55 honeypot-fra-1 sshd[18024]: Invalid user user2 from 192.174.125.154 port 39329","@timestamp":"2022-09-15T13:23:56.219Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:57 honeypot-fra-1 sshd[18028]: Received disconnect from 192.174.125.154 port 51425:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:23:58.222Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:23:59 honeypot-fra-1 sshd[18032]: Received disconnect from 192.174.125.154 port 62913:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:00.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:01 honeypot-fra-1 sshd[18036]: Disconnected from invalid user admin 192.174.125.154 port 13057 [preauth]","@timestamp":"2022-09-15T13:24:02.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:10 honeypot-fra-1 sshd[18040]: Received disconnect from 192.174.125.154 port 4961:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:11.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:12 honeypot-fra-1 sshd[18044]: Disconnected from invalid user admin 192.174.125.154 port 16770 [preauth]","@timestamp":"2022-09-15T13:24:13.231Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:14 honeypot-fra-1 sshd[18048]: Disconnected from invalid user user2 192.174.125.154 port 27745 [preauth]","@timestamp":"2022-09-15T13:24:15.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:17 honeypot-fra-1 sshd[18054]: Invalid user user from 192.174.125.154 port 45474","@timestamp":"2022-09-15T13:24:18.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:19 honeypot-fra-1 sshd[18058]: Received disconnect from 192.174.125.154 port 57313:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:20.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:22 honeypot-fra-1 sshd[18062]: Received disconnect from 192.174.125.154 port 7233:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:22.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:24 honeypot-fra-1 sshd[18066]: Disconnected from authenticating user root 192.174.125.154 port 19042 [preauth]","@timestamp":"2022-09-15T13:24:24.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:26 honeypot-fra-1 sshd[18070]: Disconnected from invalid user user 192.174.125.154 port 30817 [preauth]","@timestamp":"2022-09-15T13:24:26.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:28 honeypot-fra-1 sshd[18076]: Invalid user admin from 192.174.125.154 port 49089","@timestamp":"2022-09-15T13:24:29.242Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:30 honeypot-fra-1 sshd[18080]: Invalid user user2 from 192.174.125.154 port 61186","@timestamp":"2022-09-15T13:24:31.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:33 honeypot-fra-1 sshd[18084]: Received disconnect from 192.174.125.154 port 10177:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:33.244Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:35 honeypot-fra-1 sshd[18088]: Received disconnect from 192.174.125.154 port 22113:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:35.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:37 honeypot-fra-1 sshd[18092]: Disconnected from invalid user admin 192.174.125.154 port 34306 [preauth]","@timestamp":"2022-09-15T13:24:37.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:39 honeypot-fra-1 sshd[18096]: Disconnected from invalid user user2 192.174.125.154 port 46625 [preauth]","@timestamp":"2022-09-15T13:24:39.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:41 honeypot-fra-1 sshd[18102]: Invalid user user from 192.174.125.154 port 64354","@timestamp":"2022-09-15T13:24:42.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:44 honeypot-fra-1 sshd[18106]: Received disconnect from 192.174.125.154 port 13634:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:44.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:46 honeypot-fra-1 sshd[18110]: Received disconnect from 192.174.125.154 port 25633:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:46.253Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:48 honeypot-fra-1 sshd[18114]: Disconnected from authenticating user root 192.174.125.154 port 38529 [preauth]","@timestamp":"2022-09-15T13:24:48.254Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:50 honeypot-fra-1 sshd[18118]: Disconnected from invalid user user 192.174.125.154 port 51169 [preauth]","@timestamp":"2022-09-15T13:24:50.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:52 honeypot-fra-1 sshd[18124]: Invalid user admin from 192.174.125.154 port 6402","@timestamp":"2022-09-15T13:24:53.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:54 honeypot-fra-1 sshd[18128]: Invalid user user2 from 192.174.125.154 port 18913","@timestamp":"2022-09-15T13:24:55.258Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:57 honeypot-fra-1 sshd[18132]: Received disconnect from 192.174.125.154 port 30977:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:57.260Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:24:59 honeypot-fra-1 sshd[18136]: Received disconnect from 192.174.125.154 port 43265:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:24:59.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:01 honeypot-fra-1 sshd[18140]: Disconnected from invalid user admin 192.174.125.154 port 55873 [preauth]","@timestamp":"2022-09-15T13:25:01.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:03 honeypot-fra-1 sshd[18144]: Disconnected from invalid user user2 192.174.125.154 port 4801 [preauth]","@timestamp":"2022-09-15T13:25:03.265Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:05 honeypot-fra-1 sshd[18148]: Disconnected from invalid user admin 192.174.125.154 port 16257 [preauth]","@timestamp":"2022-09-15T13:25:05.266Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:07 honeypot-fra-1 sshd[18152]: Disconnected from invalid user user2 192.174.125.154 port 28161 [preauth]","@timestamp":"2022-09-15T13:25:07.267Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:10 honeypot-fra-1 sshd[18158]: Invalid user user from 192.174.125.154 port 45409","@timestamp":"2022-09-15T13:25:10.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:12 honeypot-fra-1 sshd[18162]: Received disconnect from 192.174.125.154 port 57441:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:12.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:14 honeypot-fra-1 sshd[18166]: Received disconnect from 192.174.125.154 port 6785:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:14.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:16 honeypot-fra-1 sshd[18170]: Disconnected from authenticating user root 192.174.125.154 port 19009 [preauth]","@timestamp":"2022-09-15T13:25:16.275Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:18 honeypot-fra-1 sshd[18174]: Disconnected from invalid user user 192.174.125.154 port 30658 [preauth]","@timestamp":"2022-09-15T13:25:18.276Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:21 honeypot-fra-1 sshd[18180]: Invalid user admin from 192.174.125.154 port 48033","@timestamp":"2022-09-15T13:25:21.277Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:23 honeypot-fra-1 sshd[18184]: Invalid user user2 from 192.174.125.154 port 60321","@timestamp":"2022-09-15T13:25:23.278Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:25 honeypot-fra-1 sshd[18188]: Received disconnect from 192.174.125.154 port 9249:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:25.280Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:27 honeypot-fra-1 sshd[18192]: Received disconnect from 192.174.125.154 port 21281:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:27.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:29 honeypot-fra-1 sshd[18196]: Disconnected from invalid user admin 192.174.125.154 port 33057 [preauth]","@timestamp":"2022-09-15T13:25:29.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:31 honeypot-fra-1 sshd[18200]: Disconnected from invalid user user2 192.174.125.154 port 44865 [preauth]","@timestamp":"2022-09-15T13:25:31.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:34 honeypot-fra-1 sshd[18206]: Invalid user user from 192.174.125.154 port 62337","@timestamp":"2022-09-15T13:25:34.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:36 honeypot-fra-1 sshd[18210]: Received disconnect from 192.174.125.154 port 11426:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:36.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:38 honeypot-fra-1 sshd[18214]: Received disconnect from 192.174.125.154 port 23009:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:39.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:40 honeypot-fra-1 sshd[18218]: Disconnected from authenticating user root 192.174.125.154 port 34081 [preauth]","@timestamp":"2022-09-15T13:25:40.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:42 honeypot-fra-1 sshd[18222]: Disconnected from invalid user user 192.174.125.154 port 45121 [preauth]","@timestamp":"2022-09-15T13:25:42.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:45 honeypot-fra-1 sshd[18228]: Invalid user admin from 192.174.125.154 port 62657","@timestamp":"2022-09-15T13:25:45.294Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:47 honeypot-fra-1 sshd[18232]: Invalid user user2 from 192.174.125.154 port 10945","@timestamp":"2022-09-15T13:25:47.295Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:49 honeypot-fra-1 sshd[18236]: Received disconnect from 192.174.125.154 port 22273:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:50.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:51 honeypot-fra-1 sshd[18240]: Received disconnect from 192.174.125.154 port 33921:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:25:52.298Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:53 honeypot-fra-1 sshd[18244]: Disconnected from invalid user admin 192.174.125.154 port 44737 [preauth]","@timestamp":"2022-09-15T13:25:53.299Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:55 honeypot-fra-1 sshd[18248]: Disconnected from invalid user user2 192.174.125.154 port 56193 [preauth]","@timestamp":"2022-09-15T13:25:56.301Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:25:58 honeypot-fra-1 sshd[18254]: Invalid user user from 192.174.125.154 port 9697","@timestamp":"2022-09-15T13:25:58.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:00 honeypot-fra-1 sshd[18258]: Received disconnect from 192.174.125.154 port 20737:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:00.305Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:02 honeypot-fra-1 sshd[18262]: Received disconnect from 192.174.125.154 port 32097:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:02.306Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:04 honeypot-fra-1 sshd[18266]: Disconnected from authenticating user root 192.174.125.154 port 42817 [preauth]","@timestamp":"2022-09-15T13:26:04.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:26:05.950Z","@version":"1","message":"Sep 15 13:26:05 honeypot-sgp-1 kernel: [84124472.627998] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=137.184.54.242 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=21103 PROTO=TCP SPT=48354 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:06 honeypot-fra-1 sshd[18271]: Disconnected from invalid user user 192.174.125.154 port 53826 [preauth]","@timestamp":"2022-09-15T13:26:06.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:09 honeypot-fra-1 sshd[18277]: Invalid user admin from 192.174.125.154 port 6689","@timestamp":"2022-09-15T13:26:09.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:11 honeypot-fra-1 sshd[18281]: Invalid user user2 from 192.174.125.154 port 17121","@timestamp":"2022-09-15T13:26:11.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:13 honeypot-fra-1 sshd[18285]: Received disconnect from 192.174.125.154 port 27777:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:13.314Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:15 honeypot-fra-1 sshd[18289]: Received disconnect from 192.174.125.154 port 38498:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:15.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:17 honeypot-fra-1 sshd[18293]: Disconnected from invalid user admin 192.174.125.154 port 48897 [preauth]","@timestamp":"2022-09-15T13:26:17.316Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:19 honeypot-fra-1 sshd[18297]: Disconnected from invalid user user2 192.174.125.154 port 59618 [preauth]","@timestamp":"2022-09-15T13:26:19.318Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:22 honeypot-fra-1 sshd[18303]: Invalid user user from 192.174.125.154 port 12963","@timestamp":"2022-09-15T13:26:22.319Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:24 honeypot-fra-1 sshd[18307]: Received disconnect from 192.174.125.154 port 23393:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:24.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:26 honeypot-fra-1 sshd[18311]: Received disconnect from 192.174.125.154 port 34241:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:26.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:28 honeypot-fra-1 sshd[18315]: Disconnected from authenticating user root 192.174.125.154 port 45313 [preauth]","@timestamp":"2022-09-15T13:26:28.324Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:30 honeypot-fra-1 sshd[18319]: Disconnected from invalid user user 192.174.125.154 port 56129 [preauth]","@timestamp":"2022-09-15T13:26:30.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:33 honeypot-fra-1 sshd[18325]: Invalid user admin from 192.174.125.154 port 9185","@timestamp":"2022-09-15T13:26:33.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:35 honeypot-fra-1 sshd[18329]: Invalid user user2 from 192.174.125.154 port 19649","@timestamp":"2022-09-15T13:26:35.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:37 honeypot-fra-1 sshd[18333]: Received disconnect from 192.174.125.154 port 29377:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:37.330Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:39 honeypot-fra-1 sshd[18337]: Received disconnect from 192.174.125.154 port 39489:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:39.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:41 honeypot-fra-1 sshd[18341]: Disconnected from invalid user admin 192.174.125.154 port 49857 [preauth]","@timestamp":"2022-09-15T13:26:41.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:43 honeypot-fra-1 sshd[18345]: Disconnected from invalid user user2 192.174.125.154 port 59617 [preauth]","@timestamp":"2022-09-15T13:26:43.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:45 honeypot-fra-1 sshd[18351]: Invalid user user from 192.174.125.154 port 10914","@timestamp":"2022-09-15T13:26:46.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:47 honeypot-fra-1 sshd[18355]: Received disconnect from 192.174.125.154 port 21089:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:48.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:49 honeypot-fra-1 sshd[18359]: Received disconnect from 192.174.125.154 port 31425:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:26:50.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:51 honeypot-fra-1 sshd[18363]: Disconnected from authenticating user root 192.174.125.154 port 41314 [preauth]","@timestamp":"2022-09-15T13:26:52.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:53 honeypot-fra-1 sshd[18367]: Disconnected from invalid user user 192.174.125.154 port 51521 [preauth]","@timestamp":"2022-09-15T13:26:54.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:56 honeypot-fra-1 sshd[18373]: Invalid user admin from 192.174.125.154 port 3201","@timestamp":"2022-09-15T13:26:57.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:26:58 honeypot-fra-1 sshd[18377]: Invalid user user2 from 192.174.125.154 port 13665","@timestamp":"2022-09-15T13:26:59.346Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:00 honeypot-fra-1 sshd[18381]: Received disconnect from 192.174.125.154 port 23425:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:01.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:02 honeypot-fra-1 sshd[18385]: Received disconnect from 192.174.125.154 port 32994:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:03.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:04 honeypot-fra-1 sshd[18389]: Disconnected from invalid user admin 192.174.125.154 port 42913 [preauth]","@timestamp":"2022-09-15T13:27:05.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:06 honeypot-fra-1 sshd[18393]: Disconnected from invalid user user2 192.174.125.154 port 52577 [preauth]","@timestamp":"2022-09-15T13:27:07.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:09 honeypot-fra-1 sshd[18399]: Invalid user user from 192.174.125.154 port 4641","@timestamp":"2022-09-15T13:27:09.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:11 honeypot-fra-1 sshd[18403]: Received disconnect from 192.174.125.154 port 14465:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:12.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:13 honeypot-fra-1 sshd[18407]: Received disconnect from 192.174.125.154 port 24417:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:14.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:15 honeypot-fra-1 sshd[18411]: Disconnected from authenticating user root 192.174.125.154 port 34241 [preauth]","@timestamp":"2022-09-15T13:27:16.358Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:17 honeypot-fra-1 sshd[18415]: Disconnected from invalid user user 192.174.125.154 port 44577 [preauth]","@timestamp":"2022-09-15T13:27:18.359Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:20 honeypot-fra-1 sshd[18421]: Invalid user admin from 192.174.125.154 port 59041","@timestamp":"2022-09-15T13:27:20.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:22 honeypot-fra-1 sshd[18425]: Invalid user user2 from 192.174.125.154 port 5697","@timestamp":"2022-09-15T13:27:22.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:24 honeypot-fra-1 sshd[18429]: Received disconnect from 192.174.125.154 port 15457:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:24.362Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:26 honeypot-fra-1 sshd[18433]: Received disconnect from 192.174.125.154 port 25314:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:26.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:28 honeypot-fra-1 sshd[18437]: Disconnected from invalid user admin 192.174.125.154 port 35361 [preauth]","@timestamp":"2022-09-15T13:27:28.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:30 honeypot-fra-1 sshd[18441]: Received disconnect from 192.174.125.154 port 45249:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:30.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:32 honeypot-fra-1 sshd[18445]: Disconnected from invalid user admin 192.174.125.154 port 54593 [preauth]","@timestamp":"2022-09-15T13:27:32.369Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:41 honeypot-fra-1 sshd[18449]: Disconnected from invalid user user2 192.174.125.154 port 35969 [preauth]","@timestamp":"2022-09-15T13:27:41.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:44 honeypot-fra-1 sshd[18455]: Invalid user user from 192.174.125.154 port 51009","@timestamp":"2022-09-15T13:27:44.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:46 honeypot-fra-1 sshd[18459]: Received disconnect from 192.174.125.154 port 61345:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:46.377Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:48 honeypot-fra-1 sshd[18463]: Received disconnect from 192.174.125.154 port 7873:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:48.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:50 honeypot-fra-1 sshd[18467]: Disconnected from authenticating user root 192.174.125.154 port 17730 [preauth]","@timestamp":"2022-09-15T13:27:50.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:51 honeypot-fra-1 sshd[18471]: Disconnected from invalid user user 192.174.125.154 port 27233 [preauth]","@timestamp":"2022-09-15T13:27:52.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:54 honeypot-fra-1 sshd[18477]: Invalid user admin from 192.174.125.154 port 42593","@timestamp":"2022-09-15T13:27:55.383Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:56 honeypot-fra-1 sshd[18481]: Invalid user user2 from 192.174.125.154 port 52737","@timestamp":"2022-09-15T13:27:57.384Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:27:58 honeypot-fra-1 sshd[18485]: Received disconnect from 192.174.125.154 port 63201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:27:59.387Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:00 honeypot-fra-1 sshd[18489]: Received disconnect from 192.174.125.154 port 11009:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:01.388Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:02 honeypot-fra-1 sshd[18493]: Disconnected from invalid user admin 192.174.125.154 port 21409 [preauth]","@timestamp":"2022-09-15T13:28:03.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:04 honeypot-fra-1 sshd[18497]: Disconnected from invalid user user2 192.174.125.154 port 31617 [preauth]","@timestamp":"2022-09-15T13:28:05.391Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:07 honeypot-fra-1 sshd[18503]: Invalid user user from 192.174.125.154 port 47457","@timestamp":"2022-09-15T13:28:08.392Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:09 honeypot-fra-1 sshd[18507]: Received disconnect from 192.174.125.154 port 57793:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:10.394Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:11 honeypot-fra-1 sshd[18511]: Received disconnect from 192.174.125.154 port 5825:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:12.396Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:13 honeypot-fra-1 sshd[18515]: Disconnected from authenticating user root 192.174.125.154 port 16642 [preauth]","@timestamp":"2022-09-15T13:28:14.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:15 honeypot-fra-1 sshd[18519]: Disconnected from invalid user user 192.174.125.154 port 27201 [preauth]","@timestamp":"2022-09-15T13:28:16.399Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:18 honeypot-fra-1 sshd[18525]: Invalid user admin from 192.174.125.154 port 43201","@timestamp":"2022-09-15T13:28:18.401Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:20 honeypot-fra-1 sshd[18529]: Invalid user user2 from 192.174.125.154 port 54305","@timestamp":"2022-09-15T13:28:20.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:22 honeypot-fra-1 sshd[18533]: Received disconnect from 192.174.125.154 port 64961:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:23.403Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:24 honeypot-fra-1 sshd[18537]: Received disconnect from 192.174.125.154 port 12545:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:25.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:26 honeypot-fra-1 sshd[18541]: Disconnected from invalid user admin 192.174.125.154 port 23041 [preauth]","@timestamp":"2022-09-15T13:28:26.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:28 honeypot-fra-1 sshd[18545]: Disconnected from invalid user user2 192.174.125.154 port 33537 [preauth]","@timestamp":"2022-09-15T13:28:28.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:31 honeypot-fra-1 sshd[18551]: Invalid user user from 192.174.125.154 port 50209","@timestamp":"2022-09-15T13:28:31.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:33 honeypot-fra-1 sshd[18555]: Received disconnect from 192.174.125.154 port 60833:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:33.411Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:35 honeypot-fra-1 sshd[18559]: Received disconnect from 192.174.125.154 port 9633:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:35.412Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:37 honeypot-fra-1 sshd[18563]: Disconnected from authenticating user root 192.174.125.154 port 20449 [preauth]","@timestamp":"2022-09-15T13:28:37.413Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:38 honeypot-fra-1 sshd[18567]: Disconnected from invalid user user 192.174.125.154 port 31489 [preauth]","@timestamp":"2022-09-15T13:28:39.414Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:41 honeypot-fra-1 sshd[18573]: Invalid user admin from 192.174.125.154 port 48545","@timestamp":"2022-09-15T13:28:42.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:50 honeypot-fra-1 sshd[18577]: Invalid user user2 from 192.174.125.154 port 36769","@timestamp":"2022-09-15T13:28:51.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:52 honeypot-fra-1 sshd[18581]: Received disconnect from 192.174.125.154 port 47713:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:53.422Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:54 honeypot-fra-1 sshd[18585]: Received disconnect from 192.174.125.154 port 59617:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:28:55.424Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:56 honeypot-fra-1 sshd[18589]: Disconnected from invalid user admin 192.174.125.154 port 7586 [preauth]","@timestamp":"2022-09-15T13:28:57.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:28:58 honeypot-fra-1 sshd[18593]: Disconnected from invalid user user2 192.174.125.154 port 18977 [preauth]","@timestamp":"2022-09-15T13:28:59.427Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:01 honeypot-fra-1 sshd[18599]: Invalid user user from 192.174.125.154 port 35617","@timestamp":"2022-09-15T13:29:02.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:03 honeypot-fra-1 sshd[18603]: Received disconnect from 192.174.125.154 port 46785:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:04.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:05 honeypot-fra-1 sshd[18607]: Received disconnect from 192.174.125.154 port 58209:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:06.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:07 honeypot-fra-1 sshd[18611]: Disconnected from authenticating user root 192.174.125.154 port 6881 [preauth]","@timestamp":"2022-09-15T13:29:08.433Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:09 honeypot-fra-1 sshd[18615]: Disconnected from invalid user user 192.174.125.154 port 18081 [preauth]","@timestamp":"2022-09-15T13:29:10.434Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:12 honeypot-fra-1 sshd[18621]: Invalid user admin from 192.174.125.154 port 35201","@timestamp":"2022-09-15T13:29:13.437Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:14 honeypot-fra-1 sshd[18625]: Invalid user user2 from 192.174.125.154 port 46529","@timestamp":"2022-09-15T13:29:15.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:16 honeypot-fra-1 sshd[18629]: Received disconnect from 192.174.125.154 port 57889:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:17.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:18 honeypot-fra-1 sshd[18633]: Invalid user user2 from 192.174.125.154 port 5921","@timestamp":"2022-09-15T13:29:19.441Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:20 honeypot-fra-1 sshd[18637]: Received disconnect from 192.174.125.154 port 17634:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:21.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:22 honeypot-fra-1 sshd[18641]: Received disconnect from 192.174.125.154 port 28545:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:22.443Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:24 honeypot-fra-1 sshd[18645]: Disconnected from invalid user admin 192.174.125.154 port 39201 [preauth]","@timestamp":"2022-09-15T13:29:24.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:26 honeypot-fra-1 sshd[18649]: Disconnected from invalid user user2 192.174.125.154 port 50305 [preauth]","@timestamp":"2022-09-15T13:29:26.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:29 honeypot-fra-1 sshd[18655]: Invalid user user from 192.174.125.154 port 5377","@timestamp":"2022-09-15T13:29:29.448Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:31 honeypot-fra-1 sshd[18659]: Received disconnect from 192.174.125.154 port 18306:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:31.449Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:32 honeypot-fra-1 sshd[18663]: Received disconnect from 192.174.125.154 port 29058:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:33.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:34 honeypot-fra-1 sshd[18667]: Disconnected from authenticating user root 192.174.125.154 port 39617 [preauth]","@timestamp":"2022-09-15T13:29:35.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:36 honeypot-fra-1 sshd[18671]: Disconnected from invalid user user 192.174.125.154 port 50977 [preauth]","@timestamp":"2022-09-15T13:29:37.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:39 honeypot-fra-1 sshd[18677]: Invalid user admin from 192.174.125.154 port 5857","@timestamp":"2022-09-15T13:29:40.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:41 honeypot-fra-1 sshd[18681]: Invalid user user2 from 192.174.125.154 port 17506","@timestamp":"2022-09-15T13:29:42.456Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:43 honeypot-fra-1 sshd[18685]: Received disconnect from 192.174.125.154 port 28769:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:44.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:45 honeypot-fra-1 sshd[18689]: Received disconnect from 192.174.125.154 port 39713:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:46.459Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:47 honeypot-fra-1 sshd[18693]: Disconnected from invalid user admin 192.174.125.154 port 50689 [preauth]","@timestamp":"2022-09-15T13:29:48.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:49 honeypot-fra-1 sshd[18697]: Disconnected from invalid user user2 192.174.125.154 port 61985 [preauth]","@timestamp":"2022-09-15T13:29:50.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:52 honeypot-fra-1 sshd[18703]: Invalid user user from 192.174.125.154 port 16033","@timestamp":"2022-09-15T13:29:53.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:54 honeypot-fra-1 sshd[18707]: Received disconnect from 192.174.125.154 port 27201:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:55.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:56 honeypot-fra-1 sshd[18711]: Received disconnect from 192.174.125.154 port 38498:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:29:57.466Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:29:58 honeypot-fra-1 sshd[18715]: Disconnected from authenticating user root 192.174.125.154 port 49633 [preauth]","@timestamp":"2022-09-15T13:29:59.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:00 honeypot-fra-1 sshd[18719]: Disconnected from invalid user user 192.174.125.154 port 60673 [preauth]","@timestamp":"2022-09-15T13:30:01.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:03 honeypot-fra-1 sshd[18725]: Invalid user admin from 192.174.125.154 port 14754","@timestamp":"2022-09-15T13:30:04.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:05 honeypot-fra-1 sshd[18729]: Invalid user user2 from 192.174.125.154 port 26049","@timestamp":"2022-09-15T13:30:06.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:07 honeypot-fra-1 sshd[18733]: Received disconnect from 192.174.125.154 port 37569:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:08.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:09 honeypot-fra-1 sshd[18737]: Received disconnect from 192.174.125.154 port 48801:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:10.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:11 honeypot-fra-1 sshd[18741]: Disconnected from invalid user admin 192.174.125.154 port 59905 [preauth]","@timestamp":"2022-09-15T13:30:11.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:13 honeypot-fra-1 sshd[18745]: Disconnected from invalid user user2 192.174.125.154 port 7841 [preauth]","@timestamp":"2022-09-15T13:30:13.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:16 honeypot-fra-1 sshd[18751]: Invalid user user from 192.174.125.154 port 23297","@timestamp":"2022-09-15T13:30:16.480Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:18 honeypot-fra-1 sshd[18755]: Received disconnect from 192.174.125.154 port 34497:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:18.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:20 honeypot-fra-1 sshd[18759]: Received disconnect from 192.174.125.154 port 45857:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:20.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:22 honeypot-fra-1 sshd[18763]: Disconnected from authenticating user root 192.174.125.154 port 57569 [preauth]","@timestamp":"2022-09-15T13:30:22.485Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:24 honeypot-fra-1 sshd[18767]: Disconnected from invalid user user 192.174.125.154 port 5569 [preauth]","@timestamp":"2022-09-15T13:30:24.486Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:26 honeypot-fra-1 sshd[18773]: Invalid user admin from 192.174.125.154 port 22049","@timestamp":"2022-09-15T13:30:27.488Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:28 honeypot-fra-1 sshd[18777]: Invalid user user2 from 192.174.125.154 port 33249","@timestamp":"2022-09-15T13:30:29.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:31 honeypot-fra-1 sshd[18781]: Received disconnect from 192.174.125.154 port 44417:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:31.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:33 honeypot-fra-1 sshd[18785]: Received disconnect from 192.174.125.154 port 55265:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:33.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:35 honeypot-fra-1 sshd[18789]: Disconnected from invalid user admin 192.174.125.154 port 3457 [preauth]","@timestamp":"2022-09-15T13:30:35.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:37 honeypot-fra-1 sshd[18793]: Disconnected from invalid user user2 192.174.125.154 port 14561 [preauth]","@timestamp":"2022-09-15T13:30:37.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:39 honeypot-fra-1 sshd[18799]: Invalid user user from 192.174.125.154 port 31329","@timestamp":"2022-09-15T13:30:40.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:42 honeypot-fra-1 sshd[18803]: Received disconnect from 192.174.125.154 port 43425:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:42.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:44 honeypot-fra-1 sshd[18807]: Received disconnect from 192.174.125.154 port 55425:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:44.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:46 honeypot-fra-1 sshd[18811]: Disconnected from authenticating user root 192.174.125.154 port 3553 [preauth]","@timestamp":"2022-09-15T13:30:46.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:48 honeypot-fra-1 sshd[18815]: Disconnected from invalid user user 192.174.125.154 port 14753 [preauth]","@timestamp":"2022-09-15T13:30:48.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:50 honeypot-fra-1 sshd[18821]: Invalid user admin from 192.174.125.154 port 31905","@timestamp":"2022-09-15T13:30:51.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:52 honeypot-fra-1 sshd[18825]: Invalid user user2 from 192.174.125.154 port 43009","@timestamp":"2022-09-15T13:30:53.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:54 honeypot-fra-1 sshd[18829]: Received disconnect from 192.174.125.154 port 53665:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:55.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:56 honeypot-fra-1 sshd[18833]: Received disconnect from 192.174.125.154 port 64481:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:30:57.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:30:58 honeypot-fra-1 sshd[18837]: Disconnected from invalid user admin 192.174.125.154 port 12867 [preauth]","@timestamp":"2022-09-15T13:30:59.512Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:00 honeypot-fra-1 sshd[18841]: Disconnected from invalid user user2 192.174.125.154 port 23457 [preauth]","@timestamp":"2022-09-15T13:31:01.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:03 honeypot-fra-1 sshd[18847]: Invalid user user from 192.174.125.154 port 39585","@timestamp":"2022-09-15T13:31:04.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:05 honeypot-fra-1 sshd[18851]: Received disconnect from 192.174.125.154 port 50913:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:06.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:07 honeypot-fra-1 sshd[18856]: Received disconnect from 192.174.125.154 port 62018:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:08.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:31:09 honeypot-fra-1 sshd[18860]: Received disconnect from 192.174.125.154 port 10081:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:31:09.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:32:39.119Z","@version":"1","message":"Sep 15 13:32:38 honeypot-sgp-1 sshd[21766]: Received disconnect from 91.240.118.222 port 25023:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 13:32:59 honeypot-ams-1 kernel: [84125361.589257] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.134.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35883 PROTO=TCP SPT=11483 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:33:00.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:36:24 honeypot-fra-1 sshd[18866]: Invalid user deploy from 188.166.247.82 port 44214","@timestamp":"2022-09-15T13:36:24.640Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:37:35 honeypot-fra-1 sshd[18870]: Received disconnect from 189.126.202.121 port 42050:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:37:36.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:16 honeypot-fra-1 sshd[18875]: Received disconnect from 112.219.161.51 port 42286:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:40:16.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:34 honeypot-fra-1 sshd[18879]: Received disconnect from 45.61.184.204 port 54098:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T13:40:34.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:40:53 honeypot-fra-1 sshd[18885]: Invalid user user from 45.61.184.204 port 48868","@timestamp":"2022-09-15T13:40:53.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:41:11 honeypot-fra-1 sshd[18889]: Invalid user user from 45.61.184.204 port 43636","@timestamp":"2022-09-15T13:41:11.759Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T13:42:37.368Z","@version":"1","message":"Sep 15 13:42:36 honeypot-sgp-1 kernel: [84125463.962342] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.218.147 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=65018 PROTO=TCP SPT=38011 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:48:39 honeypot-fra-1 kernel: [84124135.945841] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.128.123.95 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55517 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T13:48:39.932Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 13:49:33 honeypot-ams-1 sshd[28366]: Invalid user user1 from 92.255.85.70 port 49804","@timestamp":"2022-09-15T13:49:34.624Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:51:16 honeypot-fra-1 sshd[18896]: Disconnected from invalid user chase 128.199.177.224 port 58390 [preauth]","@timestamp":"2022-09-15T13:51:16.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 13:57:35 honeypot-fra-1 sshd[18901]: Received disconnect from 117.103.2.146 port 59534:11: Bye Bye [preauth]","@timestamp":"2022-09-15T13:57:36.139Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:23 honeypot-ams-1 sshd[28376]: Did not receive identification string from 198.98.61.9 port 39886","@timestamp":"2022-09-15T14:00:23.906Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:00:44 honeypot-ams-1 sshd[28379]: Disconnected from invalid user user 198.98.61.9 port 57538 [preauth]","@timestamp":"2022-09-15T14:00:44.918Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:01 honeypot-ams-1 sshd[28383]: Disconnected from invalid user user 198.98.61.9 port 52286 [preauth]","@timestamp":"2022-09-15T14:01:02.928Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:01:16 honeypot-ams-1 sshd[28387]: Disconnected from invalid user user 198.98.61.9 port 47040 [preauth]","@timestamp":"2022-09-15T14:01:17.939Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:01:21 honeypot-fra-1 sshd[18906]: Disconnected from invalid user user1 92.255.85.70 port 39088 [preauth]","@timestamp":"2022-09-15T14:01:22.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 14:03:51 honeypot-ams-1 kernel: [84127213.649513] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.138.221.25 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=432 DF PROTO=TCP SPT=9053 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:03:52.009Z"}
{"@timestamp":"2022-09-15T14:07:45.991Z","@version":"1","message":"Sep 15 14:07:45 honeypot-sgp-1 sshd[22220]: Invalid user admin from 92.255.85.69 port 15380","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:26 honeypot-ams-1 sshd[28399]: Received disconnect from 198.98.61.9 port 45180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:10:27.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:10:45 honeypot-ams-1 sshd[28404]: Received disconnect from 198.98.61.9 port 40300:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:10:45.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:02 honeypot-ams-1 sshd[28408]: Received disconnect from 198.98.61.9 port 35406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:11:02.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:11:18 honeypot-ams-1 sshd[28412]: Received disconnect from 198.98.61.9 port 58772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T14:11:19.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:33 honeypot-ams-1 sshd[28420]: Invalid user admin from 92.255.85.69 port 33568","@timestamp":"2022-09-15T14:14:34.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:14:46 honeypot-ams-1 sshd[28424]: Connection closed by invalid user admin 216.52.136.77 port 32034 [preauth]","@timestamp":"2022-09-15T14:14:47.312Z"}
{"@timestamp":"2022-09-15T14:16:02.200Z","@version":"1","message":"Sep 15 14:16:01 honeypot-sgp-1 sshd[22223]: Connection closed by invalid user blank 179.60.147.69 port 57344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:17:01 honeypot-ams-1 CRON[28431]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T14:17:02.369Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:18:03 honeypot-fra-1 kernel: [84125900.169502] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.230.254.43 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44494 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:18:03.621Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:22:02 honeypot-ams-1 sshd[28439]: Received disconnect from 118.70.170.120 port 36674:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:22:03.502Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:23:35 honeypot-fra-1 kernel: [84126232.199800] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49437 PROTO=TCP SPT=52613 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:23:35.751Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:30:18 honeypot-ams-1 sshd[28447]: Received disconnect from 61.177.173.50 port 41618:11:  [preauth]","@timestamp":"2022-09-15T14:30:18.714Z"}
{"@timestamp":"2022-09-15T14:30:53.567Z","@version":"1","message":"Sep 15 14:30:53 honeypot-sgp-1 kernel: [84128360.600210] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=11470 PROTO=TCP SPT=52202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:20.580Z","@version":"1","message":"Sep 15 14:31:20 honeypot-sgp-1 sshd[22233]: Disconnected from invalid user user 45.61.186.249 port 57432 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:40.590Z","@version":"1","message":"Sep 15 14:31:39 honeypot-sgp-1 sshd[22237]: Disconnected from invalid user user 45.61.186.249 port 51940 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:31:59.599Z","@version":"1","message":"Sep 15 14:31:58 honeypot-sgp-1 sshd[22241]: Received disconnect from 45.61.186.249 port 46450:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T14:32:07.604Z","@version":"1","message":"Sep 15 14:32:06 honeypot-sgp-1 sshd[22245]: Received disconnect from 45.61.186.249 port 57812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:39:25 honeypot-ams-1 sshd[28456]: Received disconnect from 92.255.85.70 port 45660:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:39:25.963Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:41:03 honeypot-fra-1 sshd[18921]: Invalid user admin from 206.189.138.174 port 44220","@timestamp":"2022-09-15T14:41:04.144Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:41:55.848Z","@version":"1","message":"Sep 15 14:41:54 honeypot-sgp-1 kernel: [84129021.971022] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.158.69 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=3721 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:43:33 honeypot-fra-1 sshd[18925]: Invalid user admin from 92.255.85.69 port 47182","@timestamp":"2022-09-15T14:43:34.201Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:44:06 honeypot-ams-1 sshd[28465]: Disconnected from authenticating user root 159.223.179.50 port 47454 [preauth]","@timestamp":"2022-09-15T14:44:07.086Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:45:21 honeypot-fra-1 sshd[18927]: Disconnected from invalid user zhaolu 200.116.195.123 port 55320 [preauth]","@timestamp":"2022-09-15T14:45:22.243Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:48:25 honeypot-ams-1 sshd[28473]: Received disconnect from 164.160.40.186 port 54110:11: Bye Bye [preauth]","@timestamp":"2022-09-15T14:48:26.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:50:38 honeypot-ams-1 sshd[28478]: Disconnected from invalid user danny 138.68.27.174 port 57780 [preauth]","@timestamp":"2022-09-15T14:50:39.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:50:43 honeypot-fra-1 kernel: [84127860.298781] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.2.240.220 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=119 ID=32736 DF PROTO=TCP SPT=63229 DPT=80 WINDOW=62720 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-15T14:50:44.364Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:51:54 honeypot-fra-1 sshd[18935]: Connection closed by 167.94.138.47 port 33812 [preauth]","@timestamp":"2022-09-15T14:51:55.394Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T14:54:11.148Z","@version":"1","message":"Sep 15 14:54:10 honeypot-sgp-1 sshd[22259]: Invalid user admin from 190.104.245.41 port 62078","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 14:55:08 honeypot-fra-1 kernel: [84128125.713529] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.140.166.222 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=30110 PROTO=TCP SPT=41063 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T14:55:09.476Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 14:55:39 honeypot-ams-1 sshd[28484]: Invalid user test from 179.60.147.69 port 21982","@timestamp":"2022-09-15T14:55:40.389Z"}
{"@timestamp":"2022-09-15T14:56:40.211Z","@version":"1","message":"Sep 15 14:56:40 honeypot-sgp-1 sshd[22263]: Disconnected from invalid user carlos 92.255.85.69 port 62008 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18950]: Invalid user user from 137.184.77.246 port 54508","@timestamp":"2022-09-15T15:01:22.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18963]: Invalid user devops from 137.184.77.246 port 54550","@timestamp":"2022-09-15T15:01:22.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18962]: Invalid user chia from 137.184.77.246 port 54564","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18985]: Invalid user ubuntu from 137.184.77.246 port 54566","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18957]: Connection closed by invalid user es 137.184.77.246 port 54548 [preauth]","@timestamp":"2022-09-15T15:01:23.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18974]: Invalid user admin from 137.184.77.246 port 54582","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18967]: Connection closed by invalid user mc 137.184.77.246 port 54574 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18969]: Connection closed by invalid user ubuntu 137.184.77.246 port 54510 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:01:22 honeypot-fra-1 sshd[18994]: Connection closed by invalid user es 137.184.77.246 port 54578 [preauth]","@timestamp":"2022-09-15T15:01:23.620Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:03:04 honeypot-ams-1 sshd[28494]: Disconnected from authenticating user root 61.177.173.37 port 48111 [preauth]","@timestamp":"2022-09-15T15:03:04.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:04:11 honeypot-fra-1 kernel: [84128668.034302] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:04:11.684Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:06:02 honeypot-ams-1 sshd[28498]: Connection closed by invalid user admin 211.75.30.180 port 50384 [preauth]","@timestamp":"2022-09-15T15:06:02.670Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:10:09 honeypot-fra-1 sshd[19015]: Received disconnect from 92.255.85.70 port 61458:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:10:10.820Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:15:18 honeypot-ams-1 kernel: [84131500.221761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.154.15.226 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=58741 DF PROTO=TCP SPT=59264 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:15:18.910Z"}
{"@timestamp":"2022-09-15T15:17:01.701Z","@version":"1","message":"Sep 15 15:17:01 honeypot-sgp-1 CRON[22271]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:17:01 honeypot-fra-1 CRON[19018]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T15:17:01.974Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:18:43 honeypot-ams-1 kernel: [84131705.182684] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=59027 PROTO=TCP SPT=54675 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:18:43.999Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:26:53 honeypot-ams-1 kernel: [84132195.523364] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=62.8.79.2 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=58808 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:26:54.211Z"}
{"@timestamp":"2022-09-15T15:27:03.943Z","@version":"1","message":"Sep 15 15:27:02 honeypot-sgp-1 kernel: [84131730.065551] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16378 PROTO=TCP SPT=56012 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:30:47.038Z","@version":"1","message":"Sep 15 15:30:46 honeypot-sgp-1 sshd[22283]: Disconnected from authenticating user root 179.43.156.143 port 47072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:32:23.080Z","@version":"1","message":"Sep 15 15:32:22 honeypot-sgp-1 sshd[22292]: Received disconnect from 179.43.156.143 port 36910:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:33:27.109Z","@version":"1","message":"Sep 15 15:33:26 honeypot-sgp-1 sshd[22296]: Disconnected from invalid user nutanix 179.43.156.143 port 58362 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:33:55 honeypot-ams-1 kernel: [84132617.480089] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.149.192.191 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=52868 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:33:55.391Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:01 honeypot-fra-1 sshd[19026]: Invalid user user from 45.61.186.169 port 57164","@timestamp":"2022-09-15T15:34:02.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:19 honeypot-fra-1 sshd[19030]: Invalid user user from 45.61.186.169 port 51396","@timestamp":"2022-09-15T15:34:19.364Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:34:31.137Z","@version":"1","message":"Sep 15 15:34:30 honeypot-sgp-1 sshd[22301]: Disconnected from invalid user nfsnobod 179.43.156.143 port 51562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:33 honeypot-fra-1 sshd[19034]: Invalid user admin from 92.255.85.70 port 28008","@timestamp":"2022-09-15T15:34:33.371Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:34:43 honeypot-fra-1 sshd[19038]: Invalid user user from 45.61.186.169 port 56870","@timestamp":"2022-09-15T15:34:43.375Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:35:14 honeypot-ams-1 kernel: [84132697.086342] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.153.85.217 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=27628 PROTO=TCP SPT=61481 DPT=443 WINDOW=41309 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:35:15.429Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:35:33 honeypot-fra-1 sshd[19042]: Invalid user lbruce from 165.22.45.108 port 34428","@timestamp":"2022-09-15T15:35:34.397Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:36:09.181Z","@version":"1","message":"Sep 15 15:36:08 honeypot-sgp-1 sshd[22307]: Disconnected from authenticating user root 179.43.156.143 port 41414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T15:37:44.223Z","@version":"1","message":"Sep 15 15:37:43 honeypot-sgp-1 sshd[22314]: Disconnected from authenticating user root 92.255.85.70 port 32604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:40:08 honeypot-fra-1 sshd[19047]: Invalid user admin from 191.7.28.155 port 37750","@timestamp":"2022-09-15T15:40:08.501Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:40:48 honeypot-ams-1 kernel: [84133030.345406] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.189.8.92 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:40:48.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:45:22 honeypot-fra-1 sshd[19054]: Disconnected from invalid user admin 14.99.176.210 port 30646 [preauth]","@timestamp":"2022-09-15T15:45:23.620Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T15:48:31.492Z","@version":"1","message":"Sep 15 15:48:31 honeypot-sgp-1 kernel: [84133018.119180] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24643 PROTO=TCP SPT=40303 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 15:48:48 honeypot-ams-1 kernel: [84133511.022550] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=11426 PROTO=TCP SPT=42267 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:48:49.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:52:22 honeypot-ams-1 sshd[28552]: Received disconnect from 92.255.85.69 port 63544:11: Bye Bye [preauth]","@timestamp":"2022-09-15T15:52:22.869Z"}
{"@timestamp":"2022-09-15T15:52:31.589Z","@version":"1","message":"Sep 15 15:52:30 honeypot-sgp-1 sshd[22322]: Disconnected from invalid user admin 103.226.249.239 port 59430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 15:53:29 honeypot-fra-1 kernel: [84131625.909827] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=36772 PROTO=TCP SPT=30100 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T15:53:29.806Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 15:54:45 honeypot-ams-1 sshd[28562]: Connection closed by invalid user pi 96.48.254.68 port 60058 [preauth]","@timestamp":"2022-09-15T15:54:45.932Z"}
{"@timestamp":"2022-09-15T16:03:39.862Z","@version":"1","message":"Sep 15 16:03:39 honeypot-sgp-1 sshd[22328]: Disconnected from authenticating user root 103.54.85.180 port 48558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:04:31 honeypot-fra-1 kernel: [84132288.339050] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.136 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=19064 PROTO=TCP SPT=58717 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:04:32.058Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T16:07:56.969Z","@version":"1","message":"Sep 15 16:07:56 honeypot-sgp-1 sshd[22333]: ssh_dispatch_run_fatal: Connection from 99.46.3.41 port 53605: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:09:12 honeypot-fra-1 kernel: [84132569.311121] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25785 PROTO=TCP SPT=57947 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:09:13.166Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:11:43 honeypot-ams-1 sshd[28571]: Received disconnect from 31.27.35.138 port 47332:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:11:44.396Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:15:11 honeypot-fra-1 sshd[19088]: Disconnected from authenticating user root 61.177.173.46 port 60868 [preauth]","@timestamp":"2022-09-15T16:15:11.302Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:15:44 honeypot-ams-1 sshd[28576]: Received disconnect from 92.255.85.69 port 48588:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:15:44.506Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:19:17 honeypot-fra-1 sshd[19094]: Invalid user intaller from 144.34.164.27 port 48506","@timestamp":"2022-09-15T16:19:18.399Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:19:22.272Z","@version":"1","message":"Sep 15 16:19:22 honeypot-sgp-1 sshd[22341]: Disconnected from authenticating user root 61.177.173.36 port 27410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:22:51 honeypot-fra-1 sshd[19099]: Received disconnect from 3.219.88.227 port 16486:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:22:51.502Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:23:17.368Z","@version":"1","message":"Sep 15 16:23:17 honeypot-sgp-1 sshd[22348]: Invalid user admin from 125.212.237.41 port 45544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:23:20 honeypot-fra-1 sshd[19105]: Invalid user 02 from 92.255.85.70 port 40946","@timestamp":"2022-09-15T16:23:21.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:24:35 honeypot-fra-1 sshd[19109]: Received disconnect from 103.176.21.101 port 34406:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:24:35.545Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:27:54.480Z","@version":"1","message":"Sep 15 16:27:53 honeypot-sgp-1 kernel: [84135380.796746] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.172.166.5 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=26867 DF PROTO=TCP SPT=40780 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 16:28:24 honeypot-ams-1 kernel: [84135887.034877] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.147.17.76 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=5167 PROTO=TCP SPT=16461 DPT=443 WINDOW=43676 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T16:28:25.837Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:31:08 honeypot-fra-1 sshd[19116]: Received disconnect from 61.177.173.50 port 45159:11:  [preauth]","@timestamp":"2022-09-15T16:31:09.710Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:34:45 honeypot-ams-1 sshd[28585]: Invalid user ubnt from 92.255.85.70 port 17288","@timestamp":"2022-09-15T16:34:46.004Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:36:06 honeypot-fra-1 sshd[19123]: Disconnected from authenticating user root 217.160.53.52 port 50372 [preauth]","@timestamp":"2022-09-15T16:36:06.823Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:39:59 honeypot-ams-1 sshd[28590]: Received disconnect from 79.59.251.230 port 48418:11: Bye Bye [preauth]","@timestamp":"2022-09-15T16:40:00.161Z"}
{"@timestamp":"2022-09-15T16:41:35.809Z","@version":"1","message":"Sep 15 16:41:34 honeypot-sgp-1 kernel: [84136201.919401] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.239.15.198 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=32154 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:42:41 honeypot-ams-1 sshd[28594]: Disconnected from invalid user admin 91.240.118.222 port 33254 [preauth]","@timestamp":"2022-09-15T16:42:42.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:25 honeypot-fra-1 sshd[19134]: Did not receive identification string from 45.61.186.169 port 57820","@timestamp":"2022-09-15T16:46:26.057Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:40 honeypot-fra-1 sshd[19137]: Disconnected from invalid user ubnt 92.255.85.69 port 16948 [preauth]","@timestamp":"2022-09-15T16:46:41.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:46:59 honeypot-fra-1 sshd[19143]: Invalid user user from 45.61.186.169 port 38484","@timestamp":"2022-09-15T16:47:00.074Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:10 honeypot-fra-1 sshd[19147]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-15T16:47:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:47:25 honeypot-fra-1 sshd[19150]: Disconnected from invalid user user 45.61.186.169 port 44514 [preauth]","@timestamp":"2022-09-15T16:47:26.087Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:48:26.978Z","@version":"1","message":"Sep 15 16:48:26 honeypot-sgp-1 kernel: [84136613.519006] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.189.47.246 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15686 PROTO=TCP SPT=46603 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:49:19 honeypot-fra-1 sshd[19159]: Invalid user user from 179.60.147.69 port 59574","@timestamp":"2022-09-15T16:49:20.133Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T16:54:10.119Z","@version":"1","message":"Sep 15 16:54:09 honeypot-sgp-1 sshd[22378]: Received disconnect from 61.177.173.51 port 23712:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:14 honeypot-ams-1 sshd[28600]: Did not receive identification string from 45.61.186.169 port 42678","@timestamp":"2022-09-15T16:54:14.523Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:54:32 honeypot-fra-1 sshd[19166]: Received disconnect from 61.177.173.46 port 20809:11:  [preauth]","@timestamp":"2022-09-15T16:54:33.252Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:38 honeypot-ams-1 sshd[28603]: Disconnected from invalid user user 45.61.186.169 port 55382 [preauth]","@timestamp":"2022-09-15T16:54:39.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:54:56 honeypot-ams-1 sshd[28607]: Disconnected from invalid user user 45.61.186.169 port 50342 [preauth]","@timestamp":"2022-09-15T16:54:57.546Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:05 honeypot-ams-1 sshd[28611]: Disconnected from invalid user user 45.61.186.169 port 33684 [preauth]","@timestamp":"2022-09-15T16:55:06.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:55:22 honeypot-ams-1 sshd[28615]: Disconnected from invalid user user 45.61.186.169 port 56874 [preauth]","@timestamp":"2022-09-15T16:55:23.560Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 16:59:45 honeypot-ams-1 sshd[28620]: Invalid user gitlab from 123.142.3.137 port 34976","@timestamp":"2022-09-15T16:59:45.673Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 16:59:58 honeypot-fra-1 sshd[19172]: Received disconnect from 179.43.156.143 port 40818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T16:59:59.376Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:00:11.267Z","@version":"1","message":"Sep 15 17:00:10 honeypot-sgp-1 sshd[22382]: Disconnected from 206.81.15.128 port 48930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:01:38 honeypot-fra-1 sshd[19178]: Received disconnect from 179.43.156.143 port 58150:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:01:39.417Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:02:33 honeypot-ams-1 sshd[28625]: Received disconnect from 204.152.210.184 port 47076:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:02:33.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:02:37 honeypot-fra-1 kernel: [84135773.953772] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.143 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=6591 PROTO=TCP SPT=19145 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:02:38.444Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:03:17 honeypot-fra-1 sshd[19186]: Received disconnect from 179.43.156.143 port 47256:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:03:18.463Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:04:25 honeypot-fra-1 sshd[19191]: Disconnected from authenticating user root 179.43.156.143 port 39976 [preauth]","@timestamp":"2022-09-15T17:04:26.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:05:44 honeypot-fra-1 sshd[19197]: Received disconnect from 61.177.173.36 port 48703:11:  [preauth]","@timestamp":"2022-09-15T17:05:45.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:06:49 honeypot-fra-1 sshd[19203]: Received disconnect from 179.43.156.143 port 53698:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:06:49.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:07:24 honeypot-fra-1 sshd[19207]: Disconnected from authenticating user root 179.43.156.143 port 50076 [preauth]","@timestamp":"2022-09-15T17:07:25.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:08:12 honeypot-fra-1 sshd[19211]: Disconnected from invalid user git 92.255.85.69 port 47742 [preauth]","@timestamp":"2022-09-15T17:08:12.608Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:08:51 honeypot-ams-1 kernel: [84138313.458636] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=31300 PROTO=TCP SPT=58489 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:08:51.909Z"}
{"@timestamp":"2022-09-15T17:09:02.482Z","@version":"1","message":"Sep 15 17:09:01 honeypot-sgp-1 CRON[22387]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:11:13 honeypot-fra-1 sshd[19217]: Disconnected from invalid user vinci 223.255.187.154 port 26038 [preauth]","@timestamp":"2022-09-15T17:11:14.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:14:23 honeypot-fra-1 sshd[19223]: Received disconnect from 103.211.217.103 port 40004:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:14:23.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:14:42.620Z","@version":"1","message":"Sep 15 17:14:41 honeypot-sgp-1 sshd[22395]: Received disconnect from 143.110.179.172 port 60556:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:17:01.677Z","@version":"1","message":"Sep 15 17:17:01 honeypot-sgp-1 CRON[22400]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:17:01 honeypot-ams-1 CRON[28636]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T17:17:02.121Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:19:00 honeypot-ams-1 sshd[28641]: Connection closed by invalid user node02 103.188.176.251 port 57950 [preauth]","@timestamp":"2022-09-15T17:19:01.175Z"}
{"@timestamp":"2022-09-15T17:20:27.765Z","@version":"1","message":"Sep 15 17:20:27 honeypot-sgp-1 sshd[22408]: Invalid user user from 45.61.186.169 port 52876","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:20:37.771Z","@version":"1","message":"Sep 15 17:20:36 honeypot-sgp-1 sshd[22411]: Received disconnect from 45.61.186.169 port 36112:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:20:50 honeypot-fra-1 sshd[19231]: Received disconnect from 165.22.45.108 port 44538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T17:20:50.890Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:20:53.779Z","@version":"1","message":"Sep 15 17:20:53 honeypot-sgp-1 sshd[22415]: Received disconnect from 45.61.186.169 port 59024:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:21:09.787Z","@version":"1","message":"Sep 15 17:21:09 honeypot-sgp-1 sshd[22419]: Received disconnect from 45.61.186.169 port 53716:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:22:34 honeypot-ams-1 sshd[28648]: Disconnected from authenticating user root 94.200.206.6 port 51282 [preauth]","@timestamp":"2022-09-15T17:22:34.270Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:23:27 honeypot-ams-1 sshd[28653]: Disconnected from invalid user voice 147.182.251.31 port 37490 [preauth]","@timestamp":"2022-09-15T17:23:28.295Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:23:36 honeypot-fra-1 sshd[19238]: Disconnected from authenticating user root 212.109.207.62 port 39930 [preauth]","@timestamp":"2022-09-15T17:23:36.956Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:25:17 honeypot-ams-1 sshd[28655]: Disconnected from invalid user content 178.128.88.244 port 40944 [preauth]","@timestamp":"2022-09-15T17:25:18.344Z"}
{"@timestamp":"2022-09-15T17:26:45.924Z","@version":"1","message":"Sep 15 17:26:45 honeypot-sgp-1 sshd[22427]: Received disconnect from 20.126.126.43 port 53740:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:26:58 honeypot-fra-1 sshd[19245]: Received disconnect from 197.45.35.19 port 55350:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:26:59.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:28:06 honeypot-ams-1 sshd[28662]: Received disconnect from 154.211.12.170 port 56708:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:28:07.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:30:47 honeypot-fra-1 sshd[19249]: Received disconnect from 92.255.85.69 port 32004:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:30:48.125Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 17:31:13 honeypot-ams-1 kernel: [84139655.810938] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=28628 PROTO=TCP SPT=43121 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:31:14.501Z"}
{"@timestamp":"2022-09-15T17:33:17.083Z","@version":"1","message":"Sep 15 17:33:16 honeypot-sgp-1 sshd[22436]: Received disconnect from 61.177.173.46 port 50547:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:33:53 honeypot-fra-1 sshd[19256]: Invalid user  from 2.57.122.233 port 59248","@timestamp":"2022-09-15T17:33:54.195Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:36:37.166Z","@version":"1","message":"Sep 15 17:36:37 honeypot-sgp-1 kernel: [84139504.067152] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.3.136.82 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=44603 PROTO=TCP SPT=43370 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:40:42 honeypot-fra-1 sshd[19277]: Invalid user teamspeak from 222.87.110.49 port 21351","@timestamp":"2022-09-15T17:40:43.370Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:41:26 honeypot-ams-1 sshd[28671]: Invalid user tomcat from 193.106.191.157 port 58962","@timestamp":"2022-09-15T17:41:26.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:46:16 honeypot-ams-1 sshd[28676]: Disconnected from 159.223.164.107 port 36098 [preauth]","@timestamp":"2022-09-15T17:46:17.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:47:12 honeypot-fra-1 kernel: [84138448.414232] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=26673 PROTO=TCP SPT=54050 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T17:47:12.520Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T17:47:42.431Z","@version":"1","message":"Sep 15 17:47:41 honeypot-sgp-1 sshd[22448]: Received disconnect from 61.177.172.114 port 48480:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:48:28 honeypot-ams-1 sshd[28681]: Disconnected from authenticating user root 201.17.133.138 port 59150 [preauth]","@timestamp":"2022-09-15T17:48:28.944Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:52:29 honeypot-fra-1 sshd[19292]: Received disconnect from 123.30.212.86 port 48426:11: Bye Bye [preauth]","@timestamp":"2022-09-15T17:52:29.641Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 17:54:13 honeypot-fra-1 sshd[19296]: Disconnected from invalid user admin 92.255.85.70 port 62374 [preauth]","@timestamp":"2022-09-15T17:54:14.684Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T17:56:33.640Z","@version":"1","message":"Sep 15 17:56:32 honeypot-sgp-1 sshd[22457]: Received disconnect from 61.177.173.50 port 35843:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:16 honeypot-ams-1 sshd[28688]: Invalid user user from 198.98.61.9 port 46066","@timestamp":"2022-09-15T17:58:17.194Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:37 honeypot-ams-1 sshd[28692]: Invalid user user from 198.98.61.9 port 40860","@timestamp":"2022-09-15T17:58:38.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:58:55 honeypot-ams-1 sshd[28696]: Invalid user user from 198.98.61.9 port 35672","@timestamp":"2022-09-15T17:58:55.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 17:59:11 honeypot-ams-1 sshd[28700]: Invalid user user from 198.98.61.9 port 58716","@timestamp":"2022-09-15T17:59:12.223Z"}
{"@timestamp":"2022-09-15T17:59:48.720Z","@version":"1","message":"Sep 15 17:59:48 honeypot-sgp-1 sshd[22461]: Disconnected from invalid user user 45.61.186.49 port 58562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T17:59:58.725Z","@version":"1","message":"Sep 15 17:59:58 honeypot-sgp-1 sshd[22465]: Disconnected from invalid user user 45.61.186.49 port 41810 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:00:15.734Z","@version":"1","message":"Sep 15 18:00:15 honeypot-sgp-1 kernel: [84140922.529214] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=168.63.40.51 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=20540 DF PROTO=TCP SPT=61834 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:02:06 honeypot-fra-1 sshd[19302]: Connection closed by invalid user centos 179.60.147.69 port 39320 [preauth]","@timestamp":"2022-09-15T18:02:06.863Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:03:07.807Z","@version":"1","message":"Sep 15 18:03:07 honeypot-sgp-1 kernel: [84141094.667111] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.182.58.144 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=61156 DF PROTO=TCP SPT=821 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:04:13 honeypot-fra-1 sshd[19309]: Received disconnect from 61.177.173.36 port 48459:11:  [preauth]","@timestamp":"2022-09-15T18:04:14.915Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:04:17 honeypot-ams-1 sshd[28704]: Invalid user centos from 179.60.147.69 port 13078","@timestamp":"2022-09-15T18:04:17.356Z"}
{"@timestamp":"2022-09-15T18:04:32.844Z","@version":"1","message":"Sep 15 18:04:32 honeypot-sgp-1 sshd[22477]: Received disconnect from 61.177.173.53 port 41082:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:12:21.029Z","@version":"1","message":"Sep 15 18:12:21 honeypot-sgp-1 sshd[22483]: Received disconnect from 61.177.173.50 port 37096:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:13:12 honeypot-ams-1 kernel: [84142174.410845] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.203.80.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54178 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:13:12.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:13:53 honeypot-fra-1 sshd[19315]: Received disconnect from 165.22.45.108 port 49598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T18:13:54.136Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:15:55.118Z","@version":"1","message":"Sep 15 18:15:54 honeypot-sgp-1 sshd[22489]: Disconnected from authenticating user root 61.177.173.37 port 48520 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:17:01 honeypot-fra-1 CRON[19325]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T18:17:01.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:18:58 honeypot-fra-1 kernel: [84140354.861720] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.87.17.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21807 PROTO=TCP SPT=40383 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:18:59.258Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T18:22:40.281Z","@version":"1","message":"Sep 15 18:22:40 honeypot-sgp-1 sshd[22496]: Invalid user nq from 134.17.16.196 port 45551","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:23:59 honeypot-fra-1 sshd[19336]: Received disconnect from 197.5.145.93 port 60307:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:23:59.374Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:26:53.384Z","@version":"1","message":"Sep 15 18:26:52 honeypot-sgp-1 kernel: [84142519.633797] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=112.46.68.164 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=19736 PROTO=TCP SPT=14477 DPT=80 WINDOW=43486 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:27:35 honeypot-ams-1 kernel: [84143037.535827] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.234.220.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29018 DF PROTO=TCP SPT=48739 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:27:35.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:28:09 honeypot-fra-1 sshd[19340]: Received disconnect from 61.177.173.50 port 62431:11:  [preauth]","@timestamp":"2022-09-15T18:28:10.471Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:30:28.490Z","@version":"1","message":"Sep 15 18:30:27 honeypot-sgp-1 sshd[22507]: Disconnected from authenticating user root 34.69.148.77 port 56752 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:31:39.521Z","@version":"1","message":"Sep 15 18:31:38 honeypot-sgp-1 sshd[22512]: Received disconnect from 198.98.61.9 port 33248:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:03.533Z","@version":"1","message":"Sep 15 18:32:02 honeypot-sgp-1 sshd[22516]: Received disconnect from 198.98.61.9 port 56374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T18:32:24.543Z","@version":"1","message":"Sep 15 18:32:23 honeypot-sgp-1 sshd[22520]: Received disconnect from 198.98.61.9 port 51228:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:32:41 honeypot-ams-1 sshd[28717]: Disconnected from authenticating user root 95.182.122.92 port 58634 [preauth]","@timestamp":"2022-09-15T18:32:41.080Z"}
{"@timestamp":"2022-09-15T18:35:15.613Z","@version":"1","message":"Sep 15 18:35:15 honeypot-sgp-1 sshd[22525]: Received disconnect from 61.177.173.51 port 23639:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:38:14 honeypot-fra-1 sshd[19348]: Connection closed by invalid user default 179.60.147.69 port 64662 [preauth]","@timestamp":"2022-09-15T18:38:15.698Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:39:01 honeypot-ams-1 sshd[28724]: Did not receive identification string from 205.210.31.49 port 52058","@timestamp":"2022-09-15T18:39:02.248Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:24 honeypot-fra-1 sshd[19356]: Received disconnect from 198.98.61.9 port 41290:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T18:42:24.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:33 honeypot-fra-1 sshd[19360]: Received disconnect from 198.98.61.9 port 52808:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T18:42:33.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:42:48.795Z","@version":"1","message":"Sep 15 18:42:48 honeypot-sgp-1 sshd[22530]: Disconnected from authenticating user root 61.177.173.49 port 35485 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:49 honeypot-fra-1 sshd[19364]: Received disconnect from 92.255.85.69 port 27498:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:42:49.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:42:58 honeypot-fra-1 sshd[19368]: Received disconnect from 198.98.61.9 port 59128:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T18:42:58.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:43:06 honeypot-fra-1 sshd[19372]: Disconnected from invalid user user 198.98.61.9 port 42412 [preauth]","@timestamp":"2022-09-15T18:43:06.816Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 18:44:25 honeypot-ams-1 sshd[28730]: Did not receive identification string from 45.147.178.14 port 61000","@timestamp":"2022-09-15T18:44:26.388Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:44:49 honeypot-fra-1 sshd[19379]: Received disconnect from 165.22.3.41 port 55120:11: Bye Bye [preauth]","@timestamp":"2022-09-15T18:44:49.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:47:26 honeypot-fra-1 sshd[19383]: Disconnected from authenticating user root 43.254.240.202 port 36415 [preauth]","@timestamp":"2022-09-15T18:47:26.935Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 18:48:55 honeypot-ams-1 kernel: [84144317.222020] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=7862 PROTO=TCP SPT=59020 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T18:48:55.503Z"}
{"@timestamp":"2022-09-15T18:50:11.975Z","@version":"1","message":"Sep 15 18:50:10 honeypot-sgp-1 sshd[22536]: Received disconnect from 61.177.173.46 port 47976:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 18:54:08 honeypot-fra-1 sshd[19391]: Disconnected from invalid user sinusbot 150.107.149.31 port 14724 [preauth]","@timestamp":"2022-09-15T18:54:09.089Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T18:58:42.177Z","@version":"1","message":"Sep 15 18:58:41 honeypot-sgp-1 sshd[22541]: Received disconnect from 61.177.173.50 port 35386:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:00:08 honeypot-fra-1 sshd[19401]: Received disconnect from 61.177.173.52 port 18411:11:  [preauth]","@timestamp":"2022-09-15T19:00:09.226Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:00:42.259Z","@version":"1","message":"Sep 15 19:00:42 honeypot-sgp-1 sshd[22545]: Disconnected from invalid user user2 79.9.37.49 port 57456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:02:25 honeypot-fra-1 sshd[19406]: Received disconnect from 61.177.173.39 port 17112:11:  [preauth]","@timestamp":"2022-09-15T19:02:25.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:03:56 honeypot-ams-1 kernel: [84145217.993049] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.163.55 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=28706 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:03:56.890Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:06:11 honeypot-fra-1 sshd[19421]: Disconnected from invalid user misiek 180.180.123.207 port 60698 [preauth]","@timestamp":"2022-09-15T19:06:12.364Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:08:42 honeypot-fra-1 sshd[19429]: Invalid user person from 195.158.18.237 port 49914","@timestamp":"2022-09-15T19:08:43.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:09:29.466Z","@version":"1","message":"Sep 15 19:09:29 honeypot-sgp-1 sshd[22556]: Received disconnect from 61.177.172.124 port 46582:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:09:36 honeypot-ams-1 sshd[28761]: Invalid user admin from 222.114.154.132 port 59166","@timestamp":"2022-09-15T19:09:37.056Z"}
{"@timestamp":"2022-09-15T19:11:21.513Z","@version":"1","message":"Sep 15 19:11:21 honeypot-sgp-1 sshd[22561]: Disconnected from authenticating user root 92.255.85.69 port 51048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:12:22.541Z","@version":"1","message":"Sep 15 19:12:21 honeypot-sgp-1 sshd[22568]: Disconnected from authenticating user root 193.142.146.50 port 58240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:13:52.579Z","@version":"1","message":"Sep 15 19:13:51 honeypot-sgp-1 sshd[22572]: Disconnected from authenticating user root 193.142.146.50 port 49390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:14:34.599Z","@version":"1","message":"Sep 15 19:14:34 honeypot-sgp-1 sshd[22579]: Received disconnect from 193.142.146.50 port 40542:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:15 honeypot-fra-1 sshd[19439]: Invalid user ubnt from 179.60.147.69 port 9430","@timestamp":"2022-09-15T19:15:15.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:15:51 honeypot-fra-1 sshd[19444]: Received disconnect from 198.98.61.9 port 34860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:15:52.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:18 honeypot-fra-1 sshd[19448]: Received disconnect from 198.98.61.9 port 58680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:16:19.607Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:16:27.646Z","@version":"1","message":"Sep 15 19:16:26 honeypot-sgp-1 sshd[22586]: Invalid user test from 193.142.146.50 port 55502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:16:36 honeypot-fra-1 sshd[19452]: Received disconnect from 198.98.61.9 port 54276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T19:16:36.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:17:01 honeypot-fra-1 CRON[19456]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-15T19:17:01.628Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:17:21 honeypot-ams-1 kernel: [84146023.348798] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.58.124.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=43804 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:17:22.282Z"}
{"@timestamp":"2022-09-15T19:17:58.684Z","@version":"1","message":"Sep 15 19:17:57 honeypot-sgp-1 kernel: [84145584.700982] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.140.230 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=23438 DF PROTO=TCP SPT=52691 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:23:28 honeypot-ams-1 kernel: [84146390.464960] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=47385 PROTO=TCP SPT=48363 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:23:29.440Z"}
{"@timestamp":"2022-09-15T19:23:31.831Z","@version":"1","message":"Sep 15 19:23:30 honeypot-sgp-1 sshd[22598]: Received disconnect from 61.177.172.108 port 50284:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:27:23 honeypot-fra-1 sshd[19469]: Received disconnect from 61.177.173.48 port 34147:11:  [preauth]","@timestamp":"2022-09-15T19:27:23.880Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:29:17.985Z","@version":"1","message":"Sep 15 19:29:17 honeypot-sgp-1 sshd[22605]: Received disconnect from 61.177.173.51 port 35973:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:36:01.142Z","@version":"1","message":"Sep 15 19:36:00 honeypot-sgp-1 sshd[22612]: Invalid user manager from 92.255.85.70 port 29078","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:37:36 honeypot-fra-1 sshd[19475]: Received disconnect from 61.177.173.51 port 62697:11:  [preauth]","@timestamp":"2022-09-15T19:37:37.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:40:15 honeypot-fra-1 kernel: [84145231.936414] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=49806 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:40:16.176Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T19:42:03.280Z","@version":"1","message":"Sep 15 19:42:02 honeypot-sgp-1 sshd[22621]: Invalid user install from 35.246.83.56 port 54146","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:47:03 honeypot-ams-1 sshd[28778]: Invalid user user from 103.188.176.251 port 39174","@timestamp":"2022-09-15T19:47:04.038Z"}
{"@timestamp":"2022-09-15T19:48:22.426Z","@version":"1","message":"Sep 15 19:48:22 honeypot-sgp-1 sshd[22628]: Received disconnect from 61.177.173.36 port 51394:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:49:05 honeypot-fra-1 sshd[19491]: Disconnected from authenticating user root 61.177.173.36 port 31188 [preauth]","@timestamp":"2022-09-15T19:49:05.371Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T19:50:51.487Z","@version":"1","message":"Sep 15 19:50:50 honeypot-sgp-1 sshd[22632]: Received disconnect from 89.109.36.61 port 36558:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T19:54:00.561Z","@version":"1","message":"Sep 15 19:54:00 honeypot-sgp-1 sshd[22639]: Connection closed by invalid user test 179.60.147.69 port 21340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 19:54:45 honeypot-ams-1 kernel: [84148267.541287] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=6219 PROTO=TCP SPT=43102 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T19:54:46.238Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 19:55:14 honeypot-fra-1 sshd[19502]: Invalid user test from 179.60.147.69 port 54562","@timestamp":"2022-09-15T19:55:15.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:56:47 honeypot-ams-1 sshd[28786]: Disconnected from invalid user steam 103.99.203.103 port 59414 [preauth]","@timestamp":"2022-09-15T19:56:47.291Z"}
{"@timestamp":"2022-09-15T19:56:48.628Z","@version":"1","message":"Sep 15 19:56:48 honeypot-sgp-1 sshd[22643]: Received disconnect from 2.139.220.58 port 32926:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 19:59:47 honeypot-ams-1 sshd[28793]: Invalid user tomcat from 193.106.191.157 port 60966","@timestamp":"2022-09-15T19:59:47.371Z"}
{"@timestamp":"2022-09-15T20:00:00.722Z","@version":"1","message":"Sep 15 19:59:59 honeypot-sgp-1 sshd[22648]: Received disconnect from 92.255.85.69 port 45884:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:00:23 honeypot-fra-1 sshd[19507]: Received disconnect from 61.177.173.39 port 61325:11:  [preauth]","@timestamp":"2022-09-15T20:00:24.625Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:02:31.785Z","@version":"1","message":"Sep 15 20:02:31 honeypot-sgp-1 sshd[22652]: Disconnecting invalid user admin 185.246.130.20 port 10815: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:02:55.797Z","@version":"1","message":"Sep 15 20:02:55 honeypot-sgp-1 sshd[22659]: Disconnecting invalid user admin 185.246.130.20 port 24904: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:25.812Z","@version":"1","message":"Sep 15 20:03:25 honeypot-sgp-1 sshd[22666]: Invalid user aerohive from 185.246.130.20 port 9241","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:03:55.827Z","@version":"1","message":"Sep 15 20:03:55 honeypot-sgp-1 sshd[22672]: Invalid user private from 185.246.130.20 port 16442","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:25.842Z","@version":"1","message":"Sep 15 20:04:25 honeypot-sgp-1 sshd[22678]: Disconnecting invalid user Admin 185.246.130.20 port 13251: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:04:53.855Z","@version":"1","message":"Sep 15 20:04:53 honeypot-sgp-1 sshd[22685]: Disconnecting invalid user user 185.246.130.20 port 23364: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:05:32 honeypot-fra-1 kernel: [84146748.922019] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.140 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=46117 PROTO=TCP SPT=58795 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:05:33.746Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T20:05:34.874Z","@version":"1","message":"Sep 15 20:05:34 honeypot-sgp-1 sshd[22695]: Invalid user admin from 185.246.130.20 port 1372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:05:57.886Z","@version":"1","message":"Sep 15 20:05:57 honeypot-sgp-1 sshd[22701]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 12788","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:32.903Z","@version":"1","message":"Sep 15 20:06:32 honeypot-sgp-1 sshd[22708]: Invalid user cisco from 185.246.130.20 port 20391","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:06:57.915Z","@version":"1","message":"Sep 15 20:06:57 honeypot-sgp-1 sshd[22714]: Disconnecting authenticating user root 185.246.130.20 port 38144: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:25.929Z","@version":"1","message":"Sep 15 20:07:25 honeypot-sgp-1 sshd[22720]: Disconnecting invalid user adslroot 185.246.130.20 port 46796: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:53.943Z","@version":"1","message":"Sep 15 20:07:53 honeypot-sgp-1 sshd[22728]: Received disconnect from 115.113.80.162 port 55058:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:07:59.946Z","@version":"1","message":"Sep 15 20:07:59 honeypot-sgp-1 sshd[22730]: Disconnecting invalid user zhone 185.246.130.20 port 16408: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:08:27 honeypot-ams-1 sshd[28798]: Received disconnect from 92.255.85.69 port 52358:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:08:28.594Z"}
{"@timestamp":"2022-09-15T20:08:33.967Z","@version":"1","message":"Sep 15 20:08:33 honeypot-sgp-1 sshd[22740]: Invalid user admin from 185.246.130.20 port 3982","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:08:53.977Z","@version":"1","message":"Sep 15 20:08:53 honeypot-sgp-1 sshd[22746]: Invalid user cusadmin from 185.246.130.20 port 21424","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:19.989Z","@version":"1","message":"Sep 15 20:09:19 honeypot-sgp-1 sshd[22752]: Invalid user lgnortel from 185.246.130.20 port 19800","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:09:53.005Z","@version":"1","message":"Sep 15 20:09:52 honeypot-sgp-1 sshd[22759]: Invalid user admin from 185.246.130.20 port 34709","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:20.018Z","@version":"1","message":"Sep 15 20:10:19 honeypot-sgp-1 sshd[22765]: Invalid user matrix from 185.246.130.20 port 6033","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:10:50.033Z","@version":"1","message":"Sep 15 20:10:49 honeypot-sgp-1 sshd[22771]: Invalid user motorola from 185.246.130.20 port 7988","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:22.049Z","@version":"1","message":"Sep 15 20:11:21 honeypot-sgp-1 sshd[22779]: Disconnecting authenticating user root 185.246.130.20 port 42918: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:11:46.060Z","@version":"1","message":"Sep 15 20:11:45 honeypot-sgp-1 sshd[22785]: Disconnecting invalid user 0 185.246.130.20 port 33057: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:15.074Z","@version":"1","message":"Sep 15 20:12:14 honeypot-sgp-1 sshd[22791]: Disconnecting invalid user admin 185.246.130.20 port 34497: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:12:38.086Z","@version":"1","message":"Sep 15 20:12:37 honeypot-sgp-1 sshd[22797]: Disconnecting invalid user Broadcom 185.246.130.20 port 44067: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:04.097Z","@version":"1","message":"Sep 15 20:13:03 honeypot-sgp-1 sshd[22803]: Disconnecting invalid user cusadmin 185.246.130.20 port 57087: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:30.111Z","@version":"1","message":"Sep 15 20:13:29 honeypot-sgp-1 sshd[22809]: Disconnecting invalid user sweex 185.246.130.20 port 32147: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:13:55.124Z","@version":"1","message":"Sep 15 20:13:54 honeypot-sgp-1 sshd[22815]: Disconnecting invalid user  185.246.130.20 port 9532: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:09.131Z","@version":"1","message":"Sep 15 20:14:08 honeypot-sgp-1 sshd[22821]: Disconnecting invalid user user 185.246.130.20 port 63417: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:14:42.147Z","@version":"1","message":"Sep 15 20:14:41 honeypot-sgp-1 sshd[22829]: Invalid user user from 185.246.130.20 port 57629","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:13.162Z","@version":"1","message":"Sep 15 20:15:12 honeypot-sgp-1 sshd[22836]: Invalid user Admin from 185.246.130.20 port 1840","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:15:39.175Z","@version":"1","message":"Sep 15 20:15:39 honeypot-sgp-1 sshd[22844]: Received disconnect from 61.177.173.50 port 13986:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:15:40 honeypot-fra-1 sshd[19519]: Disconnected from 143.110.236.239 port 53460 [preauth]","@timestamp":"2022-09-15T20:15:40.980Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:15:52.182Z","@version":"1","message":"Sep 15 20:15:51 honeypot-sgp-1 sshd[22846]: Disconnecting invalid user admin 185.246.130.20 port 35047: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:16:20 honeypot-fra-1 sshd[19525]: Invalid user guest from 54.163.60.60 port 60610","@timestamp":"2022-09-15T20:16:20.999Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:16:24.198Z","@version":"1","message":"Sep 15 20:16:23 honeypot-sgp-1 sshd[22854]: Disconnected from authenticating user root 61.177.172.108 port 19431 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:17:02.216Z","@version":"1","message":"Sep 15 20:17:01 honeypot-sgp-1 CRON[22858]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:17:15 honeypot-fra-1 sshd[19531]: Received disconnect from 61.177.172.108 port 41287:11:  [preauth]","@timestamp":"2022-09-15T20:17:16.023Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:19:42 honeypot-ams-1 sshd[28804]: Connection closed by invalid user tomcat 193.106.191.157 port 46242 [preauth]","@timestamp":"2022-09-15T20:19:42.882Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:27:28 honeypot-fra-1 sshd[19540]: Disconnected from authenticating user root 61.177.172.104 port 58420 [preauth]","@timestamp":"2022-09-15T20:27:29.255Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:29:24.503Z","@version":"1","message":"Sep 15 20:29:23 honeypot-sgp-1 kernel: [84149870.310738] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.187.105.14 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=2423 PROTO=TCP SPT=52306 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 20:30:37 honeypot-ams-1 kernel: [84150419.248887] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=34521 PROTO=TCP SPT=53802 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T20:30:38.161Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:32:21 honeypot-fra-1 sshd[19546]: Disconnected from authenticating user root 61.177.173.49 port 45018 [preauth]","@timestamp":"2022-09-15T20:32:22.367Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:35:05.637Z","@version":"1","message":"Sep 15 20:35:05 honeypot-sgp-1 kernel: [84150211.978033] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=43148 PROTO=TCP SPT=44158 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:35:57 honeypot-ams-1 sshd[28815]: Connection closed by invalid user ubnt 179.60.147.69 port 16132 [preauth]","@timestamp":"2022-09-15T20:35:58.299Z"}
{"@timestamp":"2022-09-15T20:39:03.733Z","@version":"1","message":"Sep 15 20:39:03 honeypot-sgp-1 sshd[22880]: Received disconnect from 216.137.185.113 port 41922:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:39:55 honeypot-fra-1 sshd[19555]: Received disconnect from 61.177.173.53 port 57229:11:  [preauth]","@timestamp":"2022-09-15T20:39:56.537Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:40:35.770Z","@version":"1","message":"Sep 15 20:40:34 honeypot-sgp-1 sshd[22884]: Disconnected from authenticating user root 223.197.186.7 port 42834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:45:50 honeypot-fra-1 sshd[19560]: Disconnected from invalid user jivov 106.241.54.211 port 47040 [preauth]","@timestamp":"2022-09-15T20:45:50.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:46:40.916Z","@version":"1","message":"Sep 15 20:46:40 honeypot-sgp-1 sshd[22888]: Invalid user wendy from 143.198.123.124 port 37556","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:47:48.945Z","@version":"1","message":"Sep 15 20:47:48 honeypot-sgp-1 sshd[22895]: Received disconnect from 92.255.85.69 port 48464:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:47:50 honeypot-fra-1 sshd[19566]: Disconnected from authenticating user root 128.199.144.93 port 60658 [preauth]","@timestamp":"2022-09-15T20:47:51.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:52:20 honeypot-fra-1 sshd[19575]: Invalid user ldanko from 165.22.45.108 port 36544","@timestamp":"2022-09-15T20:52:20.819Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T20:53:54.089Z","@version":"1","message":"Sep 15 20:53:53 honeypot-sgp-1 sshd[22901]: Received disconnect from 45.61.186.249 port 38930:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:11.097Z","@version":"1","message":"Sep 15 20:54:10 honeypot-sgp-1 sshd[22919]: Disconnected from authenticating user root 61.177.173.51 port 16406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:20.101Z","@version":"1","message":"Sep 15 20:54:19 honeypot-sgp-1 sshd[22923]: Disconnected from invalid user user 45.61.186.249 port 44376 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:39.110Z","@version":"1","message":"Sep 15 20:54:38 honeypot-sgp-1 sshd[22927]: Disconnected from invalid user user 45.61.186.249 port 38602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T20:54:57.119Z","@version":"1","message":"Sep 15 20:54:57 honeypot-sgp-1 kernel: [84151403.789805] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=14590 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:55:49 honeypot-ams-1 sshd[28819]: Received disconnect from 92.255.85.70 port 57318:11: Bye Bye [preauth]","@timestamp":"2022-09-15T20:55:49.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:56:59 honeypot-fra-1 sshd[19580]: Invalid user user from 198.98.61.9 port 52130","@timestamp":"2022-09-15T20:56:59.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:08 honeypot-fra-1 sshd[19582]: Disconnected from invalid user user 198.98.61.9 port 35212 [preauth]","@timestamp":"2022-09-15T20:57:08.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:24 honeypot-fra-1 sshd[19587]: Disconnected from invalid user user 198.98.61.9 port 57868 [preauth]","@timestamp":"2022-09-15T20:57:24.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 20:57:48 honeypot-fra-1 sshd[19591]: Disconnected from invalid user user 198.98.61.9 port 52254 [preauth]","@timestamp":"2022-09-15T20:57:48.949Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 20:59:48 honeypot-ams-1 sshd[28823]: Invalid user azure from 52.178.155.67 port 1024","@timestamp":"2022-09-15T20:59:48.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:01:36 honeypot-ams-1 sshd[28828]: Received disconnect from 138.197.195.123 port 36260:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:01:36.966Z"}
{"@timestamp":"2022-09-15T21:02:08.287Z","@version":"1","message":"Sep 15 21:02:08 honeypot-sgp-1 sshd[22940]: Received disconnect from 139.59.82.2 port 42400:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:02:23 honeypot-fra-1 sshd[19595]: Invalid user anonymous from 92.255.85.70 port 36752","@timestamp":"2022-09-15T21:02:24.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:07:17 honeypot-fra-1 sshd[19602]: Invalid user htp from 200.10.192.5 port 39833","@timestamp":"2022-09-15T21:07:18.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:08:28 honeypot-fra-1 sshd[19606]: Invalid user admin from 185.149.120.61 port 48958","@timestamp":"2022-09-15T21:08:29.195Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:09:29.477Z","@version":"1","message":"Sep 15 21:09:28 honeypot-sgp-1 sshd[22947]: Received disconnect from 92.255.85.70 port 31196:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:09:51 honeypot-fra-1 sshd[19610]: Invalid user default from 179.60.147.69 port 16772","@timestamp":"2022-09-15T21:09:52.229Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:10:29 honeypot-fra-1 sshd[19615]: Received disconnect from 61.177.173.49 port 29602:11:  [preauth]","@timestamp":"2022-09-15T21:10:30.247Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:10:49 honeypot-ams-1 kernel: [84152831.588971] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58305 PROTO=TCP SPT=55604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:10:50.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:12:34 honeypot-ams-1 sshd[28834]: Disconnected from invalid user mago 34.69.39.31 port 37616 [preauth]","@timestamp":"2022-09-15T21:12:35.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:13:11 honeypot-fra-1 sshd[19620]: Disconnected from invalid user harlan 77.104.75.106 port 56500 [preauth]","@timestamp":"2022-09-15T21:13:12.308Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:14:18 honeypot-ams-1 sshd[28844]: Unable to negotiate with 13.56.251.189 port 44314: no matching host key type found. Their offer: ssh-dss [preauth]","@timestamp":"2022-09-15T21:14:19.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:17 honeypot-ams-1 sshd[28849]: Disconnected from invalid user user 198.98.61.9 port 56690 [preauth]","@timestamp":"2022-09-15T21:15:17.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:31 honeypot-ams-1 sshd[28851]: Disconnected from invalid user aris9 52.160.46.145 port 50830 [preauth]","@timestamp":"2022-09-15T21:15:32.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:15:47 honeypot-ams-1 sshd[28857]: Received disconnect from 198.98.61.9 port 34976:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T21:15:47.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:16:04 honeypot-fra-1 sshd[19624]: Connection closed by authenticating user root 103.55.26.211 port 38943 [preauth]","@timestamp":"2022-09-15T21:16:04.376Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:08 honeypot-ams-1 sshd[28861]: Received disconnect from 198.98.61.9 port 58140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T21:16:08.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:16:15 honeypot-ams-1 sshd[28865]: Disconnected from invalid user user 198.98.61.9 port 41494 [preauth]","@timestamp":"2022-09-15T21:16:16.364Z"}
{"@timestamp":"2022-09-15T21:16:35.662Z","@version":"1","message":"Sep 15 21:16:35 honeypot-sgp-1 kernel: [84152702.179602] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3531 PROTO=TCP SPT=56078 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:17:09 honeypot-ams-1 kernel: [84153211.250011] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=57189 PROTO=TCP SPT=10545 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:17:09.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:18:09 honeypot-fra-1 sshd[19632]: Disconnected from authenticating user root 221.130.59.248 port 2062 [preauth]","@timestamp":"2022-09-15T21:18:09.426Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:20:45.763Z","@version":"1","message":"Sep 15 21:20:45 honeypot-sgp-1 sshd[22963]: Received disconnect from 194.113.237.49 port 49432:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:21:30 honeypot-ams-1 sshd[28875]: Invalid user wdw from 185.211.4.43 port 46298","@timestamp":"2022-09-15T21:21:30.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:25:58 honeypot-fra-1 sshd[19637]: Received disconnect from 61.177.173.53 port 39193:11:  [preauth]","@timestamp":"2022-09-15T21:25:58.602Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:27:53 honeypot-ams-1 kernel: [84153855.715768] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33983 PROTO=TCP SPT=54794 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:27:54.666Z"}
{"@timestamp":"2022-09-15T21:30:32.010Z","@version":"1","message":"Sep 15 21:30:31 honeypot-sgp-1 sshd[22969]: Disconnected from authenticating user root 61.177.172.98 port 47211 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T21:33:02.071Z","@version":"1","message":"Sep 15 21:33:01 honeypot-sgp-1 sshd[22976]: Disconnected from authenticating user root 61.177.173.46 port 19055 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:39:00 honeypot-ams-1 kernel: [84154522.575235] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.145.91 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=41051 PROTO=TCP SPT=8825 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:39:00.954Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:39:43 honeypot-fra-1 sshd[19647]: Connection closed by authenticating user root 141.98.10.158 port 46008 [preauth]","@timestamp":"2022-09-15T21:39:43.908Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:42:05.283Z","@version":"1","message":"Sep 15 21:42:04 honeypot-sgp-1 sshd[22983]: Disconnected from authenticating user root 61.177.173.48 port 56985 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:44:43 honeypot-fra-1 sshd[19655]: Received disconnect from 165.22.45.108 port 41600:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T21:44:44.020Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T21:47:51.417Z","@version":"1","message":"Sep 15 21:47:50 honeypot-sgp-1 kernel: [84154577.124766] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=59914 DF PROTO=TCP SPT=42408 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:49:21 honeypot-fra-1 sshd[19662]: Received disconnect from 92.255.85.70 port 24548:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:49:22.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 21:49:30 honeypot-ams-1 sshd[28896]: Received disconnect from 92.205.19.152 port 59946:11: Bye Bye [preauth]","@timestamp":"2022-09-15T21:49:30.216Z"}
{"@timestamp":"2022-09-15T21:54:56.581Z","@version":"1","message":"Sep 15 21:54:55 honeypot-sgp-1 sshd[23063]: Disconnected from invalid user ftpuser 92.255.85.70 port 58826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 21:57:31 honeypot-fra-1 sshd[19672]: Received disconnect from 61.177.173.50 port 47106:11:  [preauth]","@timestamp":"2022-09-15T21:57:31.326Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 21:58:46 honeypot-ams-1 kernel: [84155708.815120] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54362 PROTO=TCP SPT=58790 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T21:58:47.460Z"}
{"@timestamp":"2022-09-15T22:01:47.737Z","@version":"1","message":"Sep 15 22:01:47 honeypot-sgp-1 sshd[23070]: Disconnected from 159.223.172.195 port 36140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:16 honeypot-fra-1 sshd[19680]: Disconnected from invalid user user 162.241.189.135 port 37200 [preauth]","@timestamp":"2022-09-15T22:02:17.436Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:24 honeypot-fra-1 sshd[19684]: Disconnected from invalid user user 162.241.189.135 port 46998 [preauth]","@timestamp":"2022-09-15T22:02:24.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:31 honeypot-fra-1 sshd[19688]: Disconnected from invalid user user 162.241.189.135 port 45330 [preauth]","@timestamp":"2022-09-15T22:02:32.444Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:39 honeypot-fra-1 sshd[19692]: Disconnected from invalid user user 162.241.189.135 port 58968 [preauth]","@timestamp":"2022-09-15T22:02:40.449Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:48 honeypot-fra-1 sshd[19696]: Disconnected from invalid user user 162.241.189.135 port 43070 [preauth]","@timestamp":"2022-09-15T22:02:48.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:02:59 honeypot-fra-1 sshd[19700]: Disconnected from invalid user user 162.241.189.135 port 55642 [preauth]","@timestamp":"2022-09-15T22:02:59.458Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:04 honeypot-fra-1 sshd[19704]: Disconnected from invalid user user 162.241.189.135 port 39840 [preauth]","@timestamp":"2022-09-15T22:03:04.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:12 honeypot-fra-1 sshd[19708]: Disconnected from invalid user user 162.241.189.135 port 52210 [preauth]","@timestamp":"2022-09-15T22:03:12.465Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:19 honeypot-fra-1 sshd[19712]: Received disconnect from 162.241.189.135 port 36212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:20.470Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:28 honeypot-fra-1 sshd[19716]: Received disconnect from 162.241.189.135 port 51148:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:29.474Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:35 honeypot-fra-1 sshd[19720]: Received disconnect from 162.241.189.135 port 35792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:36.479Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:43 honeypot-fra-1 sshd[19724]: Received disconnect from 162.241.189.135 port 50672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T22:03:43.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:51 honeypot-fra-1 sshd[19728]: Invalid user user from 162.241.189.135 port 34902","@timestamp":"2022-09-15T22:03:51.487Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:03:59 honeypot-fra-1 sshd[19732]: Invalid user user from 162.241.189.135 port 50776","@timestamp":"2022-09-15T22:03:59.490Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:06 honeypot-fra-1 sshd[19736]: Invalid user user from 162.241.189.135 port 35196","@timestamp":"2022-09-15T22:04:07.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:21 honeypot-fra-1 sshd[19740]: Invalid user user from 162.241.189.135 port 41910","@timestamp":"2022-09-15T22:04:21.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:28 honeypot-fra-1 sshd[19744]: Invalid user user from 162.241.189.135 port 53744","@timestamp":"2022-09-15T22:04:29.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:36 honeypot-fra-1 sshd[19748]: Invalid user user from 162.241.189.135 port 42038","@timestamp":"2022-09-15T22:04:37.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:44 honeypot-fra-1 sshd[19752]: Invalid user user from 162.241.189.135 port 56920","@timestamp":"2022-09-15T22:04:45.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:04:52 honeypot-fra-1 sshd[19756]: Invalid user user from 162.241.189.135 port 42184","@timestamp":"2022-09-15T22:04:53.519Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:00 honeypot-fra-1 sshd[19760]: Invalid user user from 162.241.189.135 port 55434","@timestamp":"2022-09-15T22:05:01.522Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:08 honeypot-fra-1 sshd[19764]: Invalid user user from 162.241.189.135 port 40642","@timestamp":"2022-09-15T22:05:08.526Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:16 honeypot-fra-1 sshd[19768]: Invalid user user from 162.241.189.135 port 55010","@timestamp":"2022-09-15T22:05:16.530Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:24 honeypot-fra-1 sshd[19772]: Invalid user user from 162.241.189.135 port 42606","@timestamp":"2022-09-15T22:05:24.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:31 honeypot-fra-1 sshd[19776]: Invalid user user from 162.241.189.135 port 57354","@timestamp":"2022-09-15T22:05:32.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:39 honeypot-fra-1 sshd[19780]: Invalid user user from 162.241.189.135 port 45014","@timestamp":"2022-09-15T22:05:40.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:50 honeypot-fra-1 sshd[19784]: Invalid user user from 162.241.189.135 port 37334","@timestamp":"2022-09-15T22:05:51.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:05:58 honeypot-fra-1 sshd[19788]: Invalid user user from 162.241.189.135 port 35270","@timestamp":"2022-09-15T22:05:59.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:02 honeypot-fra-1 sshd[19792]: Invalid user user from 162.241.189.135 port 55928","@timestamp":"2022-09-15T22:06:03.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:10 honeypot-fra-1 sshd[19796]: Invalid user user from 162.241.189.135 port 40900","@timestamp":"2022-09-15T22:06:10.558Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:20 honeypot-fra-1 sshd[19800]: Invalid user user from 162.241.189.135 port 53238","@timestamp":"2022-09-15T22:06:20.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:28 honeypot-fra-1 sshd[19804]: Invalid user user from 162.241.189.135 port 37944","@timestamp":"2022-09-15T22:06:29.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:35 honeypot-fra-1 sshd[19808]: Invalid user user from 162.241.189.135 port 50566","@timestamp":"2022-09-15T22:06:35.572Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:43 honeypot-fra-1 sshd[19812]: Invalid user user from 162.241.189.135 port 36624","@timestamp":"2022-09-15T22:06:43.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:51 honeypot-fra-1 sshd[19816]: Invalid user user from 162.241.189.135 port 49264","@timestamp":"2022-09-15T22:06:51.580Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:06:53 honeypot-ams-1 sshd[28905]: Invalid user ftpuser from 92.255.85.70 port 54174","@timestamp":"2022-09-15T22:06:53.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:06:55 honeypot-fra-1 sshd[19818]: Disconnected from invalid user user 162.241.189.135 port 41450 [preauth]","@timestamp":"2022-09-15T22:06:55.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:04 honeypot-fra-1 sshd[19822]: Disconnected from invalid user user 162.241.189.135 port 54032 [preauth]","@timestamp":"2022-09-15T22:07:04.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:11 honeypot-fra-1 sshd[19826]: Disconnected from invalid user user 162.241.189.135 port 38458 [preauth]","@timestamp":"2022-09-15T22:07:11.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:19 honeypot-fra-1 sshd[19831]: Disconnected from invalid user user 162.241.189.135 port 53408 [preauth]","@timestamp":"2022-09-15T22:07:19.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:26 honeypot-fra-1 sshd[19835]: Disconnected from invalid user user 162.241.189.135 port 38726 [preauth]","@timestamp":"2022-09-15T22:07:27.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:07:34 honeypot-fra-1 sshd[19839]: Disconnected from invalid user user 162.241.189.135 port 50980 [preauth]","@timestamp":"2022-09-15T22:07:35.602Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:10:35.948Z","@version":"1","message":"Sep 15 22:10:35 honeypot-sgp-1 sshd[23073]: Disconnected from invalid user e 157.230.47.60 port 39614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:11:26 honeypot-ams-1 sshd[28907]: Received disconnect from 188.165.78.53 port 34448:11: Bye Bye [preauth]","@timestamp":"2022-09-15T22:11:26.796Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:13:10 honeypot-fra-1 kernel: [84154406.380215] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=217.11.182.151 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=12056 DF PROTO=TCP SPT=18187 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:13:10.743Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:14:57 honeypot-ams-1 sshd[28914]: Invalid user lke from 103.68.183.202 port 53274","@timestamp":"2022-09-15T22:14:57.893Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:17:01 honeypot-fra-1 CRON[19846]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T22:17:01.832Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:19:00.156Z","@version":"1","message":"Sep 15 22:19:00 honeypot-sgp-1 sshd[23080]: Invalid user guyoef5 from 138.68.230.183 port 33680","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:19:59 honeypot-fra-1 sshd[19852]: Disconnected from invalid user monitor 139.59.112.202 port 55320 [preauth]","@timestamp":"2022-09-15T22:19:59.900Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:20:31.193Z","@version":"1","message":"Sep 15 22:20:30 honeypot-sgp-1 sshd[23084]: Received disconnect from 189.8.68.56 port 34558:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:23:09 honeypot-fra-1 sshd[19856]: Disconnected from invalid user qxk 184.168.125.40 port 57412 [preauth]","@timestamp":"2022-09-15T22:23:09.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:23:26.265Z","@version":"1","message":"Sep 15 22:23:25 honeypot-sgp-1 sshd[23088]: Disconnected from invalid user medieval 159.65.128.16 port 49896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:24:36 honeypot-ams-1 sshd[28921]: Invalid user default from 179.60.147.69 port 17448","@timestamp":"2022-09-15T22:24:37.146Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:31:15 honeypot-ams-1 kernel: [84157657.111045] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=55555 PROTO=TCP SPT=56911 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:31:15.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:33:43 honeypot-fra-1 kernel: [84155639.679953] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40065 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:33:44.213Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:37:49 honeypot-fra-1 sshd[19870]: Invalid user admin from 92.255.85.70 port 59582","@timestamp":"2022-09-15T22:37:50.326Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T22:41:15.681Z","@version":"1","message":"Sep 15 22:41:15 honeypot-sgp-1 sshd[23095]: Invalid user sftpuser from 103.188.176.251 port 52976","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 22:42:28 honeypot-ams-1 kernel: [84158330.387147] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=58998 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T22:42:28.616Z"}
{"@timestamp":"2022-09-15T22:47:01.824Z","@version":"1","message":"Sep 15 22:47:00 honeypot-sgp-1 kernel: [84158127.560023] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=139.84.131.120 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48012 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 22:52:22 honeypot-ams-1 sshd[28933]: Invalid user jenkins from 92.255.85.69 port 53894","@timestamp":"2022-09-15T22:52:22.879Z"}
{"@timestamp":"2022-09-15T22:57:23.070Z","@version":"1","message":"Sep 15 22:57:22 honeypot-sgp-1 sshd[23109]: Connection closed by invalid user default 179.60.147.69 port 56704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19876]: Invalid user user from 20.13.161.157 port 56970","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19879]: Invalid user steam from 20.13.161.157 port 56994","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19884]: Connection closed by invalid user user 20.13.161.157 port 56990 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19887]: Connection closed by invalid user test 20.13.161.157 port 56996 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:36 honeypot-fra-1 sshd[19877]: Connection closed by invalid user hadoop 20.13.161.157 port 57024 [preauth]","@timestamp":"2022-09-15T22:57:36.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19906]: Invalid user linkxess from 20.13.161.157 port 56988","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19906]: Connection closed by invalid user linkxess 20.13.161.157 port 56988 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:57:39 honeypot-fra-1 sshd[19912]: Connection closed by invalid user ec2-user 20.13.161.157 port 57020 [preauth]","@timestamp":"2022-09-15T22:57:39.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 22:59:07 honeypot-fra-1 sshd[19926]: Invalid user jenkins from 92.255.85.70 port 63480","@timestamp":"2022-09-15T22:59:08.807Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:01:24 honeypot-ams-1 kernel: [84159466.623025] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.219.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40896 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:01:25.119Z"}
{"@timestamp":"2022-09-15T23:03:30.218Z","@version":"1","message":"Sep 15 23:03:29 honeypot-sgp-1 sshd[23115]: Disconnected from invalid user wangyu 118.174.4.5 port 41387 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:06:03 honeypot-fra-1 sshd[19929]: Disconnected from authenticating user root 139.59.18.217 port 47684 [preauth]","@timestamp":"2022-09-15T23:06:03.964Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:06:37.294Z","@version":"1","message":"Sep 15 23:06:36 honeypot-sgp-1 sshd[23117]: Disconnected from invalid user adm 92.255.85.70 port 25546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 15 23:08:57 honeypot-ams-1 kernel: [84159919.063830] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=45064 PROTO=TCP SPT=54689 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:08:57.321Z"}
{"@timestamp":"2022-09-15T23:11:08.406Z","@version":"1","message":"Sep 15 23:11:08 honeypot-sgp-1 sshd[23120]: Disconnected from invalid user admin 178.49.141.172 port 35340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:12:49 honeypot-fra-1 sshd[19934]: Connection closed by invalid user tomcat 193.106.191.157 port 44202 [preauth]","@timestamp":"2022-09-15T23:12:50.124Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:17:01 honeypot-ams-1 CRON[28945]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-15T23:17:01.534Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:38 honeypot-ams-1 sshd[28949]: Disconnected from authenticating user root 80.76.51.46 port 35020 [preauth]","@timestamp":"2022-09-15T23:21:38.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:21:55 honeypot-ams-1 sshd[28955]: Received disconnect from 80.76.51.46 port 42078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:21:55.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:22 honeypot-ams-1 sshd[28962]: Received disconnect from 80.76.51.46 port 52832:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:22:22.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:22:51 honeypot-ams-1 sshd[28968]: Received disconnect from 80.76.51.46 port 35338:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:22:51.692Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:23:05 honeypot-fra-1 sshd[19940]: Received disconnect from 92.255.85.70 port 59458:11: Bye Bye [preauth]","@timestamp":"2022-09-15T23:23:06.354Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:23:21 honeypot-ams-1 sshd[28974]: Invalid user test from 80.76.51.46 port 46040","@timestamp":"2022-09-15T23:23:22.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:24:21 honeypot-ams-1 sshd[28978]: Connection closed by 162.142.125.8 port 44388 [preauth]","@timestamp":"2022-09-15T23:24:21.735Z"}
{"@timestamp":"2022-09-15T23:24:55.757Z","@version":"1","message":"Sep 15 23:24:55 honeypot-sgp-1 sshd[23129]: Invalid user celia from 190.11.80.188 port 43750","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:30:49 honeypot-fra-1 kernel: [84159064.845926] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=21145 PROTO=TCP SPT=44602 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-15T23:30:49.551Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-15T23:31:16.910Z","@version":"1","message":"Sep 15 23:31:16 honeypot-sgp-1 sshd[23132]: Disconnected from authenticating user root 92.255.85.70 port 38610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:33:23 honeypot-ams-1 sshd[28983]: Invalid user nominatim from 159.223.95.166 port 35628","@timestamp":"2022-09-15T23:33:23.972Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:38:32 honeypot-fra-1 sshd[19953]: Unable to negotiate with 100.20.101.213 port 47976: no matching host key type found. Their offer: ecdsa-sha2-nistp384 [preauth]","@timestamp":"2022-09-15T23:38:32.746Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:40:15 honeypot-ams-1 sshd[28989]: Connection closed by invalid user admin 179.60.147.69 port 25962 [preauth]","@timestamp":"2022-09-15T23:40:15.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:49:44 honeypot-ams-1 sshd[28996]: Invalid user user from 45.61.186.249 port 33076","@timestamp":"2022-09-15T23:49:45.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:04 honeypot-ams-1 sshd[29000]: Invalid user user from 45.61.186.249 port 55728","@timestamp":"2022-09-15T23:50:04.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:23 honeypot-ams-1 sshd[29004]: Invalid user user from 45.61.186.249 port 50196","@timestamp":"2022-09-15T23:50:24.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:35 honeypot-fra-1 sshd[19965]: Did not receive identification string from 31.192.105.81 port 35084","@timestamp":"2022-09-15T23:50:36.030Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:36 honeypot-fra-1 sshd[19972]: Invalid user crcin from 31.192.105.81 port 50318","@timestamp":"2022-09-15T23:50:37.032Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:50:37 honeypot-fra-1 sshd[19970]: Connection closed by 31.192.105.81 port 9368 [preauth]","@timestamp":"2022-09-15T23:50:38.032Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:50:40 honeypot-ams-1 sshd[29008]: Invalid user user from 45.61.186.249 port 44650","@timestamp":"2022-09-15T23:50:41.435Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:52:47 honeypot-ams-1 sshd[29014]: Invalid user admin from 80.76.51.45 port 46174","@timestamp":"2022-09-15T23:52:47.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:53:21 honeypot-ams-1 sshd[29018]: Received disconnect from 80.76.51.45 port 54112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:53:22.508Z"}
{"@timestamp":"2022-09-15T23:53:53.449Z","@version":"1","message":"Sep 15 23:53:52 honeypot-sgp-1 sshd[23141]: Received disconnect from 206.189.153.63 port 59844:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:54:10 honeypot-ams-1 sshd[29024]: Received disconnect from 80.76.51.45 port 52078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:54:11.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:54:59 honeypot-ams-1 sshd[29030]: Received disconnect from 80.76.51.45 port 50074:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-15T23:54:59.557Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 15 23:55:32 honeypot-ams-1 sshd[29034]: Disconnected from invalid user user 80.76.51.45 port 58156 [preauth]","@timestamp":"2022-09-15T23:55:32.576Z"}
{"@timestamp":"2022-09-15T23:55:47.496Z","@version":"1","message":"Sep 15 23:55:46 honeypot-sgp-1 sshd[23145]: Disconnected from invalid user ttf 181.117.6.49 port 52062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19995]: Invalid user teamspeak from 182.253.81.212 port 33842","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:25 honeypot-fra-1 sshd[19997]: Connection closed by invalid user admin 182.253.81.212 port 33838 [preauth]","@timestamp":"2022-09-15T23:56:26.166Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 15 23:56:28 honeypot-fra-1 sshd[20007]: Invalid user admin from 182.253.81.212 port 33834","@timestamp":"2022-09-15T23:56:29.167Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-15T23:57:38.542Z","@version":"1","message":"Sep 15 23:57:38 honeypot-sgp-1 sshd[23150]: Received disconnect from 45.61.186.49 port 48736:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:45.545Z","@version":"1","message":"Sep 15 23:57:45 honeypot-sgp-1 sshd[23154]: Received disconnect from 45.61.186.49 port 54564:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:57:55.550Z","@version":"1","message":"Sep 15 23:57:55 honeypot-sgp-1 sshd[23158]: Received disconnect from 45.61.186.49 port 37962:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:58:58.577Z","@version":"1","message":"Sep 15 23:58:57 honeypot-sgp-1 sshd[23164]: Invalid user user from 45.61.186.169 port 45648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:14.584Z","@version":"1","message":"Sep 15 23:59:14 honeypot-sgp-1 sshd[23168]: Invalid user user from 45.61.186.169 port 40304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-15T23:59:30.592Z","@version":"1","message":"Sep 15 23:59:30 honeypot-sgp-1 sshd[23172]: Invalid user user from 45.61.186.169 port 34978","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:00:07 honeypot-ams-1 kernel: [84162989.039188] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=8654 PROTO=TCP SPT=46404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:00:07.702Z"}
{"@timestamp":"2022-09-16T00:02:18.679Z","@version":"1","message":"Sep 16 00:02:17 honeypot-sgp-1 kernel: [84162644.441704] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51902 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:03:55 honeypot-fra-1 kernel: [84161050.901051] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.71.232.148 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52888 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:03:56.336Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:10:53.880Z","@version":"1","message":"Sep 16 00:10:53 honeypot-sgp-1 sshd[23180]: Did not receive identification string from 45.61.186.249 port 45718","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:22.894Z","@version":"1","message":"Sep 16 00:11:22 honeypot-sgp-1 sshd[23183]: Disconnected from invalid user user 45.61.186.249 port 58790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:40.903Z","@version":"1","message":"Sep 16 00:11:40 honeypot-sgp-1 sshd[23187]: Disconnected from invalid user user 45.61.186.249 port 53080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:11:56.940Z","@version":"1","message":"Sep 16 00:11:56 honeypot-sgp-1 sshd[23191]: Disconnected from invalid user user 45.61.186.249 port 47386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:16:33.051Z","@version":"1","message":"Sep 16 00:16:32 honeypot-sgp-1 sshd[23198]: Received disconnect from 92.255.85.69 port 28848:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:17:01 honeypot-ams-1 CRON[29043]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T00:17:01.178Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:17:01 honeypot-fra-1 CRON[20018]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T00:17:01.636Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:18:19 honeypot-fra-1 kernel: [84161915.267535] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=56155 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:18:20.672Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:19:57.135Z","@version":"1","message":"Sep 16 00:19:56 honeypot-sgp-1 sshd[23203]: Did not receive identification string from 45.61.184.204 port 59756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:18.146Z","@version":"1","message":"Sep 16 00:20:17 honeypot-sgp-1 sshd[23206]: Disconnected from invalid user user 45.61.184.204 port 60892 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:36.154Z","@version":"1","message":"Sep 16 00:20:35 honeypot-sgp-1 sshd[23210]: Disconnected from invalid user user 45.61.184.204 port 55162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:20:53.162Z","@version":"1","message":"Sep 16 00:20:52 honeypot-sgp-1 sshd[23214]: Disconnected from invalid user user 45.61.184.204 port 49390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:21:28 honeypot-ams-1 kernel: [84164270.640078] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.156.73.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=21250 PROTO=TCP SPT=41732 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:21:29.304Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:23:08 honeypot-fra-1 sshd[20024]: Received disconnect from 165.22.45.108 port 57084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T00:23:08.786Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:24:57 honeypot-ams-1 kernel: [84164479.049044] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59072 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:24:57.399Z"}
{"@timestamp":"2022-09-16T00:34:28.479Z","@version":"1","message":"Sep 16 00:34:28 honeypot-sgp-1 kernel: [84164574.618922] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.149.126.207 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=55267 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:35:56.517Z","@version":"1","message":"Sep 16 00:35:56 honeypot-sgp-1 sshd[23224]: Received disconnect from 51.250.90.116 port 51426:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:38:39 honeypot-fra-1 kernel: [84163134.868344] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=14.204.44.43 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=11817 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:38:40.183Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:39:28 honeypot-ams-1 sshd[29056]: Disconnected from invalid user zipdrive 147.182.235.17 port 44362 [preauth]","@timestamp":"2022-09-16T00:39:28.817Z"}
{"@timestamp":"2022-09-16T00:40:05.618Z","@version":"1","message":"Sep 16 00:40:04 honeypot-sgp-1 sshd[23229]: Received disconnect from 92.255.85.69 port 25036:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:42:34 honeypot-ams-1 sshd[29063]: Received disconnect from 103.146.202.151 port 58470:11: Bye Bye [preauth]","@timestamp":"2022-09-16T00:42:34.906Z"}
{"@timestamp":"2022-09-16T00:44:40.727Z","@version":"1","message":"Sep 16 00:44:39 honeypot-sgp-1 kernel: [84165186.345307] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.196.214 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49905 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 00:45:56 honeypot-ams-1 sshd[29068]: Disconnected from authenticating user root 159.65.89.121 port 56118 [preauth]","@timestamp":"2022-09-16T00:45:56.997Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:51:28 honeypot-fra-1 kernel: [84163904.222009] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=38756 PROTO=TCP SPT=46346 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:51:29.479Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T00:52:01.902Z","@version":"1","message":"Sep 16 00:52:01 honeypot-sgp-1 sshd[23238]: Connection closed by invalid user admin 178.128.125.205 port 63262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T00:53:00.926Z","@version":"1","message":"Sep 16 00:53:00 honeypot-sgp-1 sshd[23244]: Connection closed by invalid user debian 179.60.147.69 port 44152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 00:53:02 honeypot-ams-1 kernel: [84166164.160951] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=59283 PROTO=TCP SPT=18396 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:53:03.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 00:58:28 honeypot-fra-1 kernel: [84164324.346738] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.80 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=62757 PROTO=TCP SPT=13543 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T00:58:29.641Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 01:06:19 honeypot-ams-1 kernel: [84166961.273944] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.5.6.131 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=32976 PROTO=TCP SPT=39886 DPT=443 WINDOW=45337 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:06:19.539Z"}
{"@timestamp":"2022-09-16T01:07:39.268Z","@version":"1","message":"Sep 16 01:07:38 honeypot-sgp-1 kernel: [84166565.468031] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=3718 PROTO=TCP SPT=52613 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:08:23 honeypot-fra-1 sshd[20042]: Received disconnect from 90.176.240.32 port 33616:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:08:23.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:10:57 honeypot-ams-1 sshd[29080]: Invalid user view from 164.92.212.181 port 42164","@timestamp":"2022-09-16T01:10:57.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:10:58 honeypot-fra-1 sshd[20048]: Received disconnect from 121.126.224.151 port 53210:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:10:58.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:12:51 honeypot-fra-1 kernel: [84165187.287728] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=180.149.126.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=49984 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:12:51.977Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:17:01 honeypot-ams-1 CRON[29086]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T01:17:01.834Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:01 honeypot-fra-1 CRON[20057]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T01:17:02.075Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:17:02.492Z","@version":"1","message":"Sep 16 01:17:01 honeypot-sgp-1 CRON[23256]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:21 honeypot-fra-1 sshd[20063]: Received disconnect from 45.61.186.49 port 45532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:17:22.086Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:17:31 honeypot-fra-1 sshd[20067]: Received disconnect from 45.61.186.49 port 57494:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:17:32.090Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:21:23.596Z","@version":"1","message":"Sep 16 01:21:22 honeypot-sgp-1 sshd[23261]: Disconnected from authenticating user root 196.3.164.45 port 52066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:23:31 honeypot-fra-1 kernel: [84165826.718463] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.194.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42079 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T01:23:32.230Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T01:25:03.685Z","@version":"1","message":"Sep 16 01:25:03 honeypot-sgp-1 sshd[23268]: Received disconnect from 145.239.90.216 port 44992:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:25:54 honeypot-ams-1 sshd[29093]: Connection closed by invalid user tomcat 193.106.191.157 port 35432 [preauth]","@timestamp":"2022-09-16T01:25:55.067Z"}
{"@timestamp":"2022-09-16T01:25:58.708Z","@version":"1","message":"Sep 16 01:25:57 honeypot-sgp-1 sshd[23272]: Disconnected from authenticating user root 92.255.85.70 port 15410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:28:59 honeypot-fra-1 sshd[20089]: Connection closed by authenticating user root 137.116.144.39 port 38886 [preauth]","@timestamp":"2022-09-16T01:29:00.359Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:29:27.795Z","@version":"1","message":"Sep 16 01:29:27 honeypot-sgp-1 sshd[23296]: Connection closed by invalid user guest 179.60.147.69 port 61922 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:53 honeypot-fra-1 sshd[20118]: Invalid user oracle from 121.4.171.88 port 45712","@timestamp":"2022-09-16T01:31:53.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:53 honeypot-fra-1 sshd[20101]: Invalid user www from 121.4.171.88 port 45634","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20125]: Invalid user devops from 121.4.171.88 port 45640","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:31:54 honeypot-fra-1 sshd[20114]: Connection closed by invalid user momo 121.4.171.88 port 45628 [preauth]","@timestamp":"2022-09-16T01:31:54.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:35:49 honeypot-ams-1 sshd[29100]: Received disconnect from 92.255.85.69 port 52954:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:35:49.326Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:13 honeypot-fra-1 sshd[20143]: Invalid user user from 45.61.186.49 port 48798","@timestamp":"2022-09-16T01:37:13.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:37:23 honeypot-fra-1 sshd[20148]: Invalid user user from 45.61.186.49 port 60350","@timestamp":"2022-09-16T01:37:24.559Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:37:39.008Z","@version":"1","message":"Sep 16 01:37:38 honeypot-sgp-1 kernel: [84168364.753645] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=180.149.126.215 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=61153 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:38:07 honeypot-ams-1 sshd[29105]: Invalid user operador from 180.69.254.177 port 50870","@timestamp":"2022-09-16T01:38:08.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:38:44 honeypot-ams-1 sshd[29108]: Disconnected from authenticating user root 80.76.51.46 port 59138 [preauth]","@timestamp":"2022-09-16T01:38:44.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:12 honeypot-ams-1 sshd[29114]: Received disconnect from 80.76.51.46 port 41348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:39:12.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:39:41 honeypot-ams-1 sshd[29120]: Received disconnect from 80.76.51.46 port 51892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:39:41.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:11 honeypot-ams-1 sshd[29126]: Received disconnect from 80.76.51.46 port 34178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T01:40:12.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:40:32 honeypot-ams-1 sshd[29132]: Invalid user test from 80.76.51.46 port 41190","@timestamp":"2022-09-16T01:40:33.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:42:21 honeypot-fra-1 sshd[20153]: Received disconnect from 92.255.85.70 port 48444:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:42:22.672Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:45:09 honeypot-ams-1 sshd[29137]: Invalid user tomcat from 193.106.191.157 port 49000","@timestamp":"2022-09-16T01:45:10.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:42 honeypot-ams-1 sshd[29142]: Received disconnect from 111.226.108.58 port 43282:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:50:42.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:45 honeypot-ams-1 sshd[29146]: Disconnected from authenticating user root 111.226.108.58 port 43444 [preauth]","@timestamp":"2022-09-16T01:50:45.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:50 honeypot-ams-1 sshd[29152]: Disconnected from authenticating user root 111.226.108.58 port 43674 [preauth]","@timestamp":"2022-09-16T01:50:50.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:54 honeypot-ams-1 sshd[29158]: Disconnected from authenticating user root 111.226.108.58 port 43901 [preauth]","@timestamp":"2022-09-16T01:50:55.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:50:59 honeypot-ams-1 sshd[29164]: Disconnected from authenticating user root 111.226.108.58 port 44141 [preauth]","@timestamp":"2022-09-16T01:50:59.749Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:04 honeypot-ams-1 sshd[29170]: Disconnected from authenticating user root 111.226.108.58 port 44386 [preauth]","@timestamp":"2022-09-16T01:51:04.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:09 honeypot-ams-1 sshd[29176]: Disconnected from authenticating user root 111.226.108.58 port 44637 [preauth]","@timestamp":"2022-09-16T01:51:09.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:13 honeypot-ams-1 sshd[29182]: Disconnected from authenticating user root 111.226.108.58 port 44871 [preauth]","@timestamp":"2022-09-16T01:51:13.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:18 honeypot-ams-1 sshd[29188]: Disconnected from authenticating user root 111.226.108.58 port 45120 [preauth]","@timestamp":"2022-09-16T01:51:18.762Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:23 honeypot-ams-1 sshd[29194]: Disconnected from authenticating user root 111.226.108.58 port 45364 [preauth]","@timestamp":"2022-09-16T01:51:23.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:27 honeypot-ams-1 sshd[29200]: Disconnected from authenticating user root 111.226.108.58 port 45631 [preauth]","@timestamp":"2022-09-16T01:51:28.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:32 honeypot-ams-1 sshd[29206]: Disconnected from authenticating user root 111.226.108.58 port 45888 [preauth]","@timestamp":"2022-09-16T01:51:32.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:37 honeypot-ams-1 sshd[29212]: Received disconnect from 111.226.108.58 port 46146:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:37.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:40 honeypot-ams-1 sshd[29216]: Received disconnect from 111.226.108.58 port 46307:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:40.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:43 honeypot-ams-1 sshd[29220]: Received disconnect from 111.226.108.58 port 46477:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:43.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:46 honeypot-ams-1 sshd[29224]: Received disconnect from 111.226.108.58 port 46639:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:46.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:49 honeypot-ams-1 sshd[29228]: Received disconnect from 111.226.108.58 port 46804:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:50.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:53 honeypot-ams-1 sshd[29232]: Received disconnect from 111.226.108.58 port 46974:11: Bye Bye [preauth]","@timestamp":"2022-09-16T01:51:53.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:51:57 honeypot-ams-1 sshd[29238]: Invalid user pi from 111.226.108.58 port 47218","@timestamp":"2022-09-16T01:51:57.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:00 honeypot-ams-1 sshd[29242]: Invalid user user from 111.226.108.58 port 47374","@timestamp":"2022-09-16T01:52:00.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:03 honeypot-ams-1 sshd[29246]: Invalid user mine from 111.226.108.58 port 47552","@timestamp":"2022-09-16T01:52:04.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:07 honeypot-ams-1 sshd[29250]: Invalid user xbmc from 111.226.108.58 port 47717","@timestamp":"2022-09-16T01:52:07.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:10 honeypot-ams-1 sshd[29254]: Invalid user oracle from 111.226.108.58 port 47872","@timestamp":"2022-09-16T01:52:10.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:13 honeypot-ams-1 sshd[29258]: Invalid user postgres from 111.226.108.58 port 48030","@timestamp":"2022-09-16T01:52:13.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:16 honeypot-ams-1 sshd[29262]: Invalid user support from 111.226.108.58 port 48195","@timestamp":"2022-09-16T01:52:16.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:19 honeypot-ams-1 sshd[29266]: Invalid user ubuntu from 111.226.108.58 port 48366","@timestamp":"2022-09-16T01:52:19.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:22 honeypot-ams-1 sshd[29270]: Invalid user ubuntu from 111.226.108.58 port 48516","@timestamp":"2022-09-16T01:52:22.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:25 honeypot-ams-1 sshd[29274]: Invalid user guest from 111.226.108.58 port 48676","@timestamp":"2022-09-16T01:52:26.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:52:28 honeypot-ams-1 sshd[29278]: Invalid user cirros from 111.226.108.58 port 48843","@timestamp":"2022-09-16T01:52:29.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:54:55 honeypot-fra-1 sshd[20158]: Invalid user admin from 217.42.70.30 port 55320","@timestamp":"2022-09-16T01:54:55.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T01:54:57.424Z","@version":"1","message":"Sep 16 01:54:56 honeypot-sgp-1 sshd[23305]: Invalid user bitnami from 211.193.31.52 port 57800","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 01:56:09 honeypot-fra-1 sshd[20164]: Invalid user http from 139.59.176.155 port 47850","@timestamp":"2022-09-16T01:56:10.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 01:59:46 honeypot-ams-1 sshd[29283]: Invalid user whq from 46.101.169.25 port 54468","@timestamp":"2022-09-16T01:59:47.003Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:03:00 honeypot-ams-1 kernel: [84170362.129947] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56331 PROTO=TCP SPT=53699 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:03:01.093Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:08 honeypot-fra-1 kernel: [84168324.239702] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.16 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35948 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:05:09.215Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:29 honeypot-fra-1 sshd[20172]: Disconnected from invalid user user 45.61.186.169 port 52892 [preauth]","@timestamp":"2022-09-16T02:05:29.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:05:46 honeypot-fra-1 sshd[20176]: Disconnected from invalid user user 45.61.186.169 port 47812 [preauth]","@timestamp":"2022-09-16T02:05:47.301Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:03 honeypot-fra-1 sshd[20180]: Disconnected from invalid user user 45.61.186.169 port 42684 [preauth]","@timestamp":"2022-09-16T02:06:04.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:06:55 honeypot-fra-1 sshd[20186]: Invalid user admin from 179.60.147.69 port 20170","@timestamp":"2022-09-16T02:06:56.345Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:07:55.738Z","@version":"1","message":"Sep 16 02:07:54 honeypot-sgp-1 kernel: [84170181.228020] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63337 PROTO=TCP SPT=18032 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:09:01 honeypot-ams-1 sshd[29290]: Received disconnect from 178.62.34.139 port 50318:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:09:02.254Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:10:07 honeypot-ams-1 kernel: [84170789.314546] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=39706 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:10:08.288Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:30 honeypot-fra-1 sshd[20192]: Invalid user user from 45.61.186.249 port 43132","@timestamp":"2022-09-16T02:11:30.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:11:50 honeypot-fra-1 sshd[20196]: Invalid user user from 45.61.186.249 port 37718","@timestamp":"2022-09-16T02:11:50.461Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:07 honeypot-fra-1 sshd[20200]: Invalid user user from 45.61.186.249 port 60542","@timestamp":"2022-09-16T02:12:07.469Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:12:15 honeypot-fra-1 sshd[20202]: Disconnected from invalid user user 45.61.186.249 port 43720 [preauth]","@timestamp":"2022-09-16T02:12:16.475Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:12:33.855Z","@version":"1","message":"Sep 16 02:12:33 honeypot-sgp-1 sshd[23313]: Disconnected from invalid user ansible 92.255.85.70 port 49340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:13:46 honeypot-ams-1 kernel: [84171007.959400] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.213.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59523 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:13:46.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:17:01 honeypot-ams-1 CRON[29303]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T02:17:01.473Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:17:01 honeypot-fra-1 CRON[20208]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T02:17:01.614Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:17:01.967Z","@version":"1","message":"Sep 16 02:17:01 honeypot-sgp-1 CRON[23320]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:20:09 honeypot-ams-1 sshd[29311]: Received disconnect from 193.123.118.70 port 58422:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:20:09.557Z"}
{"@timestamp":"2022-09-16T02:23:31.124Z","@version":"1","message":"Sep 16 02:23:30 honeypot-sgp-1 kernel: [84171116.601073] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.219 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=43658 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:26:41 honeypot-ams-1 sshd[29316]: Invalid user raisa from 209.97.162.46 port 42330","@timestamp":"2022-09-16T02:26:42.728Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:30:32 honeypot-fra-1 kernel: [84169847.362284] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=46070 PROTO=TCP SPT=55402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:30:32.975Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:31:45 honeypot-ams-1 sshd[29319]: Disconnected from authenticating user root 82.200.65.218 port 48264 [preauth]","@timestamp":"2022-09-16T02:31:45.860Z"}
{"@timestamp":"2022-09-16T02:32:40.350Z","@version":"1","message":"Sep 16 02:32:39 honeypot-sgp-1 kernel: [84171666.317118] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=147.124.212.214 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=46099 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:01.361Z","@version":"1","message":"Sep 16 02:33:01 honeypot-sgp-1 sshd[23332]: Received disconnect from 45.61.186.249 port 56552:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:20.371Z","@version":"1","message":"Sep 16 02:33:19 honeypot-sgp-1 sshd[23336]: Received disconnect from 45.61.186.249 port 51304:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:38.379Z","@version":"1","message":"Sep 16 02:33:38 honeypot-sgp-1 sshd[23340]: Received disconnect from 45.61.186.249 port 46108:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:37:23.471Z","@version":"1","message":"Sep 16 02:37:22 honeypot-sgp-1 sshd[23345]: Received disconnect from 92.255.85.70 port 35130:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:42:57 honeypot-fra-1 kernel: [84170592.589658] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1557 PROTO=TCP SPT=50681 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:42:58.253Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:44:05 honeypot-ams-1 kernel: [84172827.430974] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.196.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38932 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:44:06.184Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:47:31 honeypot-ams-1 sshd[29327]: Invalid user test from 52.140.103.80 port 49960","@timestamp":"2022-09-16T02:47:32.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:50:53 honeypot-ams-1 sshd[29331]: Disconnected from invalid user user1 43.154.230.33 port 35832 [preauth]","@timestamp":"2022-09-16T02:50:53.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:52:49 honeypot-ams-1 sshd[29335]: Disconnected from authenticating user root 2.44.166.148 port 42496 [preauth]","@timestamp":"2022-09-16T02:52:50.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:53:53 honeypot-fra-1 sshd[20222]: Invalid user admin from 92.255.85.70 port 20726","@timestamp":"2022-09-16T02:53:53.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:58:11 honeypot-fra-1 sshd[20225]: Disconnected from authenticating user root 210.74.128.186 port 55480 [preauth]","@timestamp":"2022-09-16T02:58:12.602Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:59:32.012Z","@version":"1","message":"Sep 16 02:59:31 honeypot-sgp-1 sshd[23350]: Received disconnect from 92.255.85.70 port 52522:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:00:21 honeypot-ams-1 sshd[29339]: Disconnected from invalid user temp1 134.19.146.45 port 51762 [preauth]","@timestamp":"2022-09-16T03:00:21.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:00:33 honeypot-fra-1 sshd[20228]: Disconnected from invalid user lemonsj 165.22.45.108 port 44222 [preauth]","@timestamp":"2022-09-16T03:00:34.660Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:04:28 honeypot-ams-1 sshd[29341]: Disconnected from invalid user kelwin 170.210.46.4 port 59294 [preauth]","@timestamp":"2022-09-16T03:04:28.724Z"}
{"@timestamp":"2022-09-16T03:07:38.212Z","@version":"1","message":"Sep 16 03:07:38 honeypot-sgp-1 kernel: [84173764.450538] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17916 PROTO=TCP SPT=57654 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:08:29 honeypot-ams-1 kernel: [84174290.820180] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36914 PROTO=TCP SPT=57423 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:08:29.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:11:30 honeypot-fra-1 kernel: [84172305.425573] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48208 PROTO=TCP SPT=57204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:11:30.908Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:16:50 honeypot-ams-1 sshd[29352]: Did not receive identification string from 80.76.51.46 port 42182","@timestamp":"2022-09-16T03:16:51.053Z"}
{"@timestamp":"2022-09-16T03:17:02.448Z","@version":"1","message":"Sep 16 03:17:01 honeypot-sgp-1 CRON[23360]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:04 honeypot-ams-1 sshd[29358]: Disconnected from authenticating user root 80.76.51.46 port 36874 [preauth]","@timestamp":"2022-09-16T03:17:05.060Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:17:15 honeypot-fra-1 sshd[20240]: Disconnected from authenticating user root 92.255.85.70 port 18980 [preauth]","@timestamp":"2022-09-16T03:17:16.042Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:32 honeypot-ams-1 sshd[29365]: Received disconnect from 80.76.51.46 port 49150:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:17:33.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:47 honeypot-ams-1 sshd[29369]: Disconnected from invalid user user 45.61.186.169 port 42070 [preauth]","@timestamp":"2022-09-16T03:17:48.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:00 honeypot-ams-1 sshd[29375]: Received disconnect from 80.76.51.46 port 33234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:01.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:09 honeypot-ams-1 sshd[29379]: Disconnected from authenticating user root 80.76.51.46 port 37286 [preauth]","@timestamp":"2022-09-16T03:18:10.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:22 honeypot-ams-1 sshd[29385]: Invalid user user from 45.61.186.169 port 60560","@timestamp":"2022-09-16T03:18:23.102Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:31 honeypot-ams-1 sshd[29389]: Received disconnect from 45.61.186.169 port 43996:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:31.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:38 honeypot-ams-1 sshd[29393]: Received disconnect from 45.61.186.169 port 55664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:39.111Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:22:34 honeypot-ams-1 kernel: [84175135.854168] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.154.172.117 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=18744 PROTO=TCP SPT=18087 DPT=443 WINDOW=7415 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:22:34.213Z"}
{"@timestamp":"2022-09-16T03:23:52.619Z","@version":"1","message":"Sep 16 03:23:51 honeypot-sgp-1 sshd[23370]: Received disconnect from 211.115.68.105 port 42739:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:25:06.651Z","@version":"1","message":"Sep 16 03:25:06 honeypot-sgp-1 sshd[23374]: Received disconnect from 139.198.14.22 port 33926:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:27:41 honeypot-ams-1 sshd[29403]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-16T03:27:42.343Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:29:58 honeypot-fra-1 sshd[20246]: Connection closed by invalid user admin 185.61.92.143 port 40670 [preauth]","@timestamp":"2022-09-16T03:29:58.474Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:33:39 honeypot-ams-1 sshd[29407]: Disconnected from invalid user admin 92.255.85.69 port 54262 [preauth]","@timestamp":"2022-09-16T03:33:40.510Z"}
{"@timestamp":"2022-09-16T03:35:16.905Z","@version":"1","message":"Sep 16 03:35:15 honeypot-sgp-1 sshd[23382]: Invalid user zabbix from 103.188.176.251 port 42248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:41:01 honeypot-fra-1 sshd[20252]: Disconnected from invalid user admin 92.255.85.70 port 16156 [preauth]","@timestamp":"2022-09-16T03:41:02.739Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:42:31.086Z","@version":"1","message":"Sep 16 03:42:30 honeypot-sgp-1 sshd[23388]: Received disconnect from 206.189.219.241 port 58382:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:40 honeypot-fra-1 sshd[20257]: Received disconnect from 45.61.186.169 port 34580:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:42:40.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:56 honeypot-fra-1 sshd[20261]: Received disconnect from 45.61.186.169 port 57620:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:42:57.787Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:42:59 honeypot-ams-1 sshd[29410]: Did not receive identification string from 91.90.181.116 port 54868","@timestamp":"2022-09-16T03:42:59.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:12 honeypot-fra-1 sshd[20266]: Received disconnect from 45.61.186.169 port 52424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:43:13.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:44:36.142Z","@version":"1","message":"Sep 16 03:44:35 honeypot-sgp-1 sshd[23393]: Disconnected from authenticating user root 103.236.201.117 port 51044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:45:49 honeypot-ams-1 sshd[29416]: Disconnected from authenticating user root 80.76.51.46 port 48246 [preauth]","@timestamp":"2022-09-16T03:45:50.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:19 honeypot-ams-1 sshd[29422]: Disconnected from authenticating user root 80.76.51.46 port 33414 [preauth]","@timestamp":"2022-09-16T03:46:19.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:50 honeypot-ams-1 sshd[29428]: Disconnected from authenticating user root 80.76.51.46 port 46762 [preauth]","@timestamp":"2022-09-16T03:46:50.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:22 honeypot-ams-1 sshd[29434]: Disconnected from authenticating user root 80.76.51.46 port 60162 [preauth]","@timestamp":"2022-09-16T03:47:22.877Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:47:27 honeypot-fra-1 kernel: [84174462.900996] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=11055 PROTO=TCP SPT=43691 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:47:27.890Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:44 honeypot-ams-1 sshd[29438]: Disconnected from invalid user admin 80.76.51.46 port 40848 [preauth]","@timestamp":"2022-09-16T03:47:44.888Z"}
{"@timestamp":"2022-09-16T03:48:14.236Z","@version":"1","message":"Sep 16 03:48:13 honeypot-sgp-1 sshd[23397]: Disconnected from authenticating user root 92.255.85.70 port 39928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:49:24.268Z","@version":"1","message":"Sep 16 03:49:23 honeypot-sgp-1 kernel: [84176269.651467] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=37470 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:53:17 honeypot-fra-1 sshd[20274]: Disconnected from invalid user leni 165.22.45.108 port 49280 [preauth]","@timestamp":"2022-09-16T03:53:18.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:55:55.431Z","@version":"1","message":"Sep 16 03:55:54 honeypot-sgp-1 kernel: [84176661.143887] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.166.87.67 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=15212 PROTO=TCP SPT=52535 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:00:47 honeypot-ams-1 sshd[29443]: Connection closed by invalid user support 179.60.147.69 port 45400 [preauth]","@timestamp":"2022-09-16T04:00:48.221Z"}
{"@timestamp":"2022-09-16T04:03:26.624Z","@version":"1","message":"Sep 16 04:03:25 honeypot-sgp-1 sshd[23414]: Invalid user edoardo from 159.89.173.162 port 33304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:04:32 honeypot-fra-1 sshd[20282]: Received disconnect from 92.255.85.69 port 57468:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:04:33.277Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:07:14 honeypot-ams-1 sshd[29448]: Disconnected from authenticating user root 35.237.244.47 port 49428 [preauth]","@timestamp":"2022-09-16T04:07:14.390Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:09:46 honeypot-fra-1 sshd[20286]: Disconnected from invalid user user 45.61.186.249 port 34406 [preauth]","@timestamp":"2022-09-16T04:09:47.398Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:04 honeypot-fra-1 sshd[20290]: Disconnected from invalid user user 45.61.186.249 port 57256 [preauth]","@timestamp":"2022-09-16T04:10:05.408Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:23 honeypot-fra-1 sshd[20294]: Disconnected from invalid user user 45.61.186.249 port 51890 [preauth]","@timestamp":"2022-09-16T04:10:24.417Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:40 honeypot-fra-1 sshd[20298]: Disconnected from invalid user user 45.61.186.249 port 46488 [preauth]","@timestamp":"2022-09-16T04:10:40.424Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:11:14 honeypot-ams-1 sshd[29453]: Disconnected from invalid user admin 148.240.122.192 port 42690 [preauth]","@timestamp":"2022-09-16T04:11:15.496Z"}
{"@timestamp":"2022-09-16T04:11:16.824Z","@version":"1","message":"Sep 16 04:11:16 honeypot-sgp-1 sshd[23418]: Received disconnect from 92.255.85.69 port 44712:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:29.963Z","@version":"1","message":"Sep 16 04:16:29 honeypot-sgp-1 sshd[23424]: Received disconnect from 45.61.184.204 port 33754:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:49.974Z","@version":"1","message":"Sep 16 04:16:49 honeypot-sgp-1 sshd[23428]: Received disconnect from 45.61.184.204 port 57516:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:17:01 honeypot-ams-1 CRON[29458]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T04:17:01.649Z"}
{"@timestamp":"2022-09-16T04:17:01.980Z","@version":"1","message":"Sep 16 04:17:01 honeypot-sgp-1 CRON[23432]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:17.989Z","@version":"1","message":"Sep 16 04:17:17 honeypot-sgp-1 sshd[23438]: Disconnected from invalid user user 45.61.184.204 port 36690 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:50.004Z","@version":"1","message":"Sep 16 04:17:49 honeypot-sgp-1 kernel: [84177975.588288] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.231.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57239 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:26 honeypot-ams-1 sshd[29464]: Invalid user user from 45.61.184.204 port 39576","@timestamp":"2022-09-16T04:19:26.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:43 honeypot-ams-1 sshd[29468]: Invalid user user from 45.61.184.204 port 34522","@timestamp":"2022-09-16T04:19:44.725Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:19:49 honeypot-fra-1 sshd[20306]: Connection closed by invalid user admin 141.98.10.158 port 39748 [preauth]","@timestamp":"2022-09-16T04:19:49.632Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:20:01 honeypot-ams-1 sshd[29472]: Invalid user user from 45.61.184.204 port 57750","@timestamp":"2022-09-16T04:20:01.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:20:09 honeypot-ams-1 sshd[29476]: Received disconnect from 45.61.184.204 port 41068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:20:09.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:20:52 honeypot-fra-1 sshd[20310]: Received disconnect from 188.170.13.225 port 41866:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:20:53.661Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:21:46 honeypot-ams-1 sshd[29481]: Disconnected from authenticating user root 61.177.172.98 port 10079 [preauth]","@timestamp":"2022-09-16T04:21:46.786Z"}
{"@timestamp":"2022-09-16T04:25:19.198Z","@version":"1","message":"Sep 16 04:25:18 honeypot-sgp-1 sshd[23449]: error: maximum authentication attempts exceeded for invalid user admin from 61.115.72.251 port 59554 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:27:54 honeypot-fra-1 sshd[20313]: Disconnected from invalid user admin 92.255.85.70 port 36988 [preauth]","@timestamp":"2022-09-16T04:27:54.819Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:29:44 honeypot-ams-1 kernel: [84179165.975156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=1010 PROTO=TCP SPT=45871 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:29:44.995Z"}
{"@timestamp":"2022-09-16T04:32:08.371Z","@version":"1","message":"Sep 16 04:32:08 honeypot-sgp-1 sshd[23456]: Received disconnect from 61.177.173.36 port 12624:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:34:54.444Z","@version":"1","message":"Sep 16 04:34:54 honeypot-sgp-1 sshd[23460]: Disconnected from invalid user administrator 92.255.85.69 port 45066 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:36:42 honeypot-ams-1 kernel: [84179584.238843] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=9985 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:36:43.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:38:39 honeypot-fra-1 sshd[20319]: Connection closed by invalid user tomcat 193.106.191.157 port 41812 [preauth]","@timestamp":"2022-09-16T04:38:40.083Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:42:52.650Z","@version":"1","message":"Sep 16 04:42:52 honeypot-sgp-1 sshd[23465]: Disconnected from authenticating user root 61.177.173.51 port 52325 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:44:15 honeypot-ams-1 sshd[29932]: Received disconnect from 61.177.173.51 port 41530:11:  [preauth]","@timestamp":"2022-09-16T04:44:16.375Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:45:58 honeypot-fra-1 sshd[20764]: Received disconnect from 165.22.45.108 port 54328:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:45:59.250Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:46:22.740Z","@version":"1","message":"Sep 16 04:46:22 honeypot-sgp-1 sshd[23472]: Received disconnect from 61.177.173.47 port 10013:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:47:21.767Z","@version":"1","message":"Sep 16 04:47:21 honeypot-sgp-1 sshd[23476]: Disconnected from invalid user ljx 115.94.79.59 port 52136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 04:50:51 honeypot-ams-1 kernel: [84180433.075925] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=21606 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:50:51.543Z"}
{"@timestamp":"2022-09-16T04:51:19.869Z","@version":"1","message":"Sep 16 04:51:19 honeypot-sgp-1 sshd[23483]: Received disconnect from 167.71.233.59 port 48030:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:51:50 honeypot-fra-1 sshd[20767]: Invalid user administrator from 92.255.85.70 port 51068","@timestamp":"2022-09-16T04:51:51.384Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:52:21.898Z","@version":"1","message":"Sep 16 04:52:20 honeypot-sgp-1 sshd[23487]: Received disconnect from 138.197.152.128 port 60132:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:53:39 honeypot-fra-1 sshd[20769]: Received disconnect from 162.19.26.39 port 33934:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:53:39.428Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:54:17.950Z","@version":"1","message":"Sep 16 04:54:17 honeypot-sgp-1 sshd[23497]: Disconnected from authenticating user root 61.177.172.124 port 42504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:55:29 honeypot-fra-1 sshd[20773]: Received disconnect from 52.183.159.83 port 53522:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:55:30.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:57:17 honeypot-fra-1 sshd[20780]: Invalid user admin from 85.237.57.193 port 35110","@timestamp":"2022-09-16T04:57:17.515Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:58:28 honeypot-fra-1 sshd[20784]: Received disconnect from 139.59.102.10 port 50754:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:58:28.545Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:59:33.084Z","@version":"1","message":"Sep 16 04:59:32 honeypot-sgp-1 kernel: [84180478.649140] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.9.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=41481 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:02:22.158Z","@version":"1","message":"Sep 16 05:02:21 honeypot-sgp-1 sshd[23509]: Disconnected from authenticating user root 107.152.37.185 port 57962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:02:27 honeypot-fra-1 sshd[20791]: Invalid user admin from 206.189.213.126 port 48392","@timestamp":"2022-09-16T05:02:27.639Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:03:17 honeypot-ams-1 sshd[29950]: Received disconnect from 61.177.173.49 port 26360:11:  [preauth]","@timestamp":"2022-09-16T05:03:17.867Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:05:36 honeypot-fra-1 sshd[20794]: Received disconnect from 115.247.30.162 port 49814:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:05:36.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:09:27 honeypot-ams-1 kernel: [84181549.407771] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28277 PROTO=TCP SPT=50479 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:09:28.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:14:07 honeypot-fra-1 sshd[20802]: Invalid user admin from 201.63.97.218 port 38054","@timestamp":"2022-09-16T05:14:07.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:15:20.480Z","@version":"1","message":"Sep 16 05:15:20 honeypot-sgp-1 sshd[23518]: Disconnected from authenticating user root 61.177.173.36 port 47229 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:16:13 honeypot-fra-1 sshd[20807]: Received disconnect from 41.77.186.96 port 58802:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:16:13.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:17:30 honeypot-ams-1 sshd[29970]: Disconnected from authenticating user root 61.177.173.36 port 36334 [preauth]","@timestamp":"2022-09-16T05:17:31.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:19:36 honeypot-fra-1 sshd[20812]: Disconnected from invalid user msda 41.93.31.73 port 40042 [preauth]","@timestamp":"2022-09-16T05:19:37.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:19:43.594Z","@version":"1","message":"Sep 16 05:19:43 honeypot-sgp-1 sshd[23527]: Received disconnect from 159.223.164.107 port 52326:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:26:00.752Z","@version":"1","message":"Sep 16 05:25:59 honeypot-sgp-1 sshd[23533]: Disconnected from authenticating user root 61.177.172.108 port 17095 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:27:47 honeypot-fra-1 kernel: [84180482.430116] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57658 PROTO=TCP SPT=46006 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:27:48.225Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:27:49 honeypot-ams-1 sshd[29978]: Received disconnect from 61.177.172.114 port 50421:11:  [preauth]","@timestamp":"2022-09-16T05:27:49.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:30:24 honeypot-fra-1 kernel: [84180639.658374] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54115 PROTO=TCP SPT=46202 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:30:25.287Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T05:31:33.893Z","@version":"1","message":"Sep 16 05:31:33 honeypot-sgp-1 sshd[23541]: Disconnected from authenticating user root 193.142.146.50 port 44838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:32:01 honeypot-ams-1 kernel: [84182903.111148] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=32696 PROTO=TCP SPT=46006 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:32:01.606Z"}
{"@timestamp":"2022-09-16T05:33:28.943Z","@version":"1","message":"Sep 16 05:33:28 honeypot-sgp-1 sshd[23547]: Received disconnect from 43.154.227.169 port 54480:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:34:38.975Z","@version":"1","message":"Sep 16 05:34:38 honeypot-sgp-1 sshd[23551]: Disconnected from authenticating user root 193.142.146.50 port 52858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:37:15.043Z","@version":"1","message":"Sep 16 05:37:14 honeypot-sgp-1 sshd[23558]: Disconnected from authenticating user root 193.142.146.50 port 36690 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:37:29 honeypot-ams-1 sshd[29987]: Connection closed by invalid user zabbix 103.188.176.251 port 36734 [preauth]","@timestamp":"2022-09-16T05:37:29.750Z"}
{"@timestamp":"2022-09-16T05:38:58.088Z","@version":"1","message":"Sep 16 05:38:57 honeypot-sgp-1 sshd[23564]: Invalid user admin from 193.142.146.50 port 52796","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:39:04 honeypot-fra-1 sshd[20827]: Received disconnect from 92.255.85.70 port 53114:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:39:04.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:42:03.169Z","@version":"1","message":"Sep 16 05:42:03 honeypot-sgp-1 sshd[23569]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 39040: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:44:08 honeypot-ams-1 sshd[29992]: Received disconnect from 186.226.37.45 port 52863:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:44:08.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:46:39 honeypot-fra-1 kernel: [84181613.877743] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.205.5.248 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=41479 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:46:39.660Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:46:45 honeypot-ams-1 sshd[29997]: Disconnected from invalid user user 45.61.187.160 port 33310 [preauth]","@timestamp":"2022-09-16T05:46:45.992Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:05 honeypot-ams-1 sshd[30003]: Disconnected from invalid user user 45.61.187.160 port 55986 [preauth]","@timestamp":"2022-09-16T05:47:06.004Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:23 honeypot-ams-1 sshd[30007]: Disconnected from invalid user user 45.61.187.160 port 50418 [preauth]","@timestamp":"2022-09-16T05:47:24.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:40 honeypot-ams-1 sshd[30011]: Disconnected from invalid user user 45.61.187.160 port 44862 [preauth]","@timestamp":"2022-09-16T05:47:41.022Z"}
{"@timestamp":"2022-09-16T05:48:29.326Z","@version":"1","message":"Sep 16 05:48:28 honeypot-sgp-1 sshd[23579]: Invalid user ubnt from 179.60.147.69 port 5964","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:49:35 honeypot-fra-1 sshd[20839]: Invalid user ubnt from 179.60.147.69 port 13874","@timestamp":"2022-09-16T05:49:36.730Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:57:19 honeypot-ams-1 kernel: [84184420.731563] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.238.68.96 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=29476 PROTO=TCP SPT=63586 DPT=443 WINDOW=49245 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:57:19.269Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:03:50 honeypot-fra-1 sshd[20846]: Invalid user ws from 189.195.123.28 port 47139","@timestamp":"2022-09-16T06:03:51.052Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:08:41.821Z","@version":"1","message":"Sep 16 06:08:41 honeypot-sgp-1 kernel: [84184627.454339] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52928 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:08:50 honeypot-fra-1 sshd[20851]: Received disconnect from 81.16.11.250 port 42468:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:08:51.167Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:13:14 honeypot-fra-1 sshd[20855]: Invalid user admin from 147.182.235.17 port 38194","@timestamp":"2022-09-16T06:13:15.269Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:13:38.946Z","@version":"1","message":"Sep 16 06:13:38 honeypot-sgp-1 sshd[23592]: Disconnected from 61.177.173.47 port 48806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:14:38 honeypot-ams-1 kernel: [84185459.664203] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=9604 PROTO=TCP SPT=46868 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:14:38.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:18:31 honeypot-ams-1 sshd[30039]: Received disconnect from 92.255.85.69 port 38474:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:18:31.828Z"}
{"@timestamp":"2022-09-16T06:23:04.182Z","@version":"1","message":"Sep 16 06:23:03 honeypot-sgp-1 kernel: [84185490.005118] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.138 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20026 PROTO=TCP SPT=33148 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:23:09 honeypot-fra-1 kernel: [84183804.575987] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=27219 PROTO=TCP SPT=48572 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:23:10.491Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:25:34 honeypot-ams-1 kernel: [84186116.010996] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=62578 PROTO=TCP SPT=58791 DPT=80 WINDOW=10346 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:25:35.038Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:54 honeypot-fra-1 sshd[20998]: Received disconnect from 92.255.85.69 port 40268:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:25:55.558Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:27:39.322Z","@version":"1","message":"Sep 16 06:27:38 honeypot-sgp-1 kernel: [84185764.777724] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.158 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36374 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:29:39.375Z","@version":"1","message":"Sep 16 06:29:39 honeypot-sgp-1 sshd[23762]: Invalid user user from 38.143.137.90 port 19628","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:30:15.392Z","@version":"1","message":"Sep 16 06:30:15 honeypot-sgp-1 kernel: [84185921.446221] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=43569 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:30:57 honeypot-ams-1 sshd[30840]: Did not receive identification string from 80.76.51.46 port 34370","@timestamp":"2022-09-16T06:30:58.177Z"}
{"@timestamp":"2022-09-16T06:31:08.417Z","@version":"1","message":"Sep 16 06:31:07 honeypot-sgp-1 sshd[24303]: Disconnected from invalid user user 38.143.137.90 port 38880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:31:09 honeypot-fra-1 sshd[21617]: Received disconnect from 165.22.45.108 port 36204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:31:09.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:28 honeypot-ams-1 sshd[30845]: Disconnected from authenticating user root 80.76.51.46 port 54630 [preauth]","@timestamp":"2022-09-16T06:31:29.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:47 honeypot-ams-1 sshd[30851]: Disconnected from authenticating user root 80.76.51.46 port 34446 [preauth]","@timestamp":"2022-09-16T06:31:48.204Z"}
{"@timestamp":"2022-09-16T06:32:07.442Z","@version":"1","message":"Sep 16 06:32:07 honeypot-sgp-1 sshd[24311]: Disconnected from invalid user user 38.143.137.90 port 4826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:17 honeypot-ams-1 sshd[30857]: Received disconnect from 80.76.51.46 port 46276:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:32:18.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:38 honeypot-ams-1 sshd[30861]: Disconnected from authenticating user root 80.76.51.46 port 54202 [preauth]","@timestamp":"2022-09-16T06:32:39.233Z"}
{"@timestamp":"2022-09-16T06:33:07.470Z","@version":"1","message":"Sep 16 06:33:07 honeypot-sgp-1 sshd[24317]: Invalid user user from 38.143.137.90 port 44844","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:33:10 honeypot-ams-1 sshd[30868]: Invalid user admin from 80.76.51.46 port 37842","@timestamp":"2022-09-16T06:33:10.248Z"}
{"@timestamp":"2022-09-16T06:34:07.496Z","@version":"1","message":"Sep 16 06:34:06 honeypot-sgp-1 sshd[24322]: Invalid user user from 38.143.137.90 port 64484","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:35:07.526Z","@version":"1","message":"Sep 16 06:35:07 honeypot-sgp-1 sshd[24327]: Invalid user user from 38.143.137.90 port 23374","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:36:08.554Z","@version":"1","message":"Sep 16 06:36:08 honeypot-sgp-1 sshd[24331]: Invalid user user from 38.143.137.90 port 21214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:37:09.582Z","@version":"1","message":"Sep 16 06:37:08 honeypot-sgp-1 sshd[24335]: Invalid user user from 38.143.137.90 port 30118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:38:10.610Z","@version":"1","message":"Sep 16 06:38:10 honeypot-sgp-1 sshd[24339]: Invalid user chia from 38.143.137.90 port 32730","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:38:42.627Z","@version":"1","message":"Sep 16 06:38:42 honeypot-sgp-1 sshd[24341]: Disconnected from invalid user xiongbo 38.143.137.90 port 2686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:39:09 honeypot-ams-1 kernel: [84186931.033994] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.91.47.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=20022 PROTO=TCP SPT=4153 DPT=80 WINDOW=9737 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:39:10.402Z"}
{"@timestamp":"2022-09-16T06:40:17.669Z","@version":"1","message":"Sep 16 06:40:16 honeypot-sgp-1 sshd[24350]: Invalid user yangbing from 38.143.137.90 port 63008","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:41:19 honeypot-ams-1 kernel: [84187060.643417] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.163.149 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=3851 PROTO=TCP SPT=49613 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:41:19.458Z"}
{"@timestamp":"2022-09-16T06:41:20.697Z","@version":"1","message":"Sep 16 06:41:20 honeypot-sgp-1 sshd[24354]: Received disconnect from 38.143.137.90 port 50028:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:42:24.727Z","@version":"1","message":"Sep 16 06:42:24 honeypot-sgp-1 sshd[24360]: Invalid user liuxing from 38.143.137.90 port 16682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:43:29.755Z","@version":"1","message":"Sep 16 06:43:29 honeypot-sgp-1 sshd[24364]: Received disconnect from 38.143.137.90 port 63586:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:45:07.798Z","@version":"1","message":"Sep 16 06:45:07 honeypot-sgp-1 sshd[24371]: Invalid user bestlol from 38.143.137.90 port 49922","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:45:58.822Z","@version":"1","message":"Sep 16 06:45:58 honeypot-sgp-1 sshd[24375]: Invalid user admin from 43.155.83.218 port 44052","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:46:44.844Z","@version":"1","message":"Sep 16 06:46:43 honeypot-sgp-1 sshd[24379]: Disconnected from authenticating user root 38.143.137.90 port 5498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:48:20.890Z","@version":"1","message":"Sep 16 06:48:20 honeypot-sgp-1 sshd[24385]: Received disconnect from 38.143.137.90 port 5488:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:49:25 honeypot-fra-1 sshd[21623]: Received disconnect from 92.255.85.69 port 49158:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:49:26.103Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:49:29.921Z","@version":"1","message":"Sep 16 06:49:29 honeypot-sgp-1 sshd[24392]: Invalid user murka from 190.115.208.250 port 38474","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:50:09.940Z","@version":"1","message":"Sep 16 06:50:09 honeypot-sgp-1 sshd[24397]: Received disconnect from 61.177.173.50 port 30596:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:51:09.969Z","@version":"1","message":"Sep 16 06:51:09 honeypot-sgp-1 sshd[24401]: Disconnected from invalid user amax 38.143.137.90 port 19682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:52:13 honeypot-ams-1 sshd[30889]: Connection closed by invalid user guest 193.106.191.157 port 38188 [preauth]","@timestamp":"2022-09-16T06:52:14.735Z"}
{"@timestamp":"2022-09-16T06:52:50.014Z","@version":"1","message":"Sep 16 06:52:49 honeypot-sgp-1 sshd[24407]: Received disconnect from 38.143.137.90 port 12068:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21651]: Invalid user ftpadmin from 101.33.218.153 port 36279","@timestamp":"2022-09-16T06:53:53.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21634]: Invalid user minecraft from 101.33.218.153 port 36339","@timestamp":"2022-09-16T06:53:54.208Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:53:57.062Z","@version":"1","message":"Sep 16 06:53:56 honeypot-sgp-1 sshd[24411]: Disconnected from authenticating user root 38.143.137.90 port 41692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:54:04 honeypot-ams-1 sshd[30891]: Disconnected from invalid user statd 139.59.231.120 port 36012 [preauth]","@timestamp":"2022-09-16T06:54:04.786Z"}
{"@timestamp":"2022-09-16T06:55:36.105Z","@version":"1","message":"Sep 16 06:55:35 honeypot-sgp-1 sshd[24418]: Received disconnect from 38.143.137.90 port 21658:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:19.126Z","@version":"1","message":"Sep 16 06:56:18 honeypot-sgp-1 sshd[24422]: Received disconnect from 92.255.85.70 port 44692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:43.138Z","@version":"1","message":"Sep 16 06:56:42 honeypot-sgp-1 sshd[24426]: Disconnected from authenticating user root 38.143.137.90 port 25628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:57:50.168Z","@version":"1","message":"Sep 16 06:57:49 honeypot-sgp-1 sshd[24432]: Invalid user lk from 38.143.137.90 port 59306","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:58:24.187Z","@version":"1","message":"Sep 16 06:58:23 honeypot-sgp-1 sshd[24437]: Disconnected from authenticating user root 38.143.137.90 port 9492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:00:06.234Z","@version":"1","message":"Sep 16 07:00:06 honeypot-sgp-1 sshd[24445]: Invalid user admin from 38.143.137.90 port 22708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:00:46.254Z","@version":"1","message":"Sep 16 07:00:45 honeypot-sgp-1 kernel: [84187751.903396] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=222.94.163.99 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=12562 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:01:19 honeypot-ams-1 sshd[30902]: Received disconnect from 61.177.173.51 port 31807:11:  [preauth]","@timestamp":"2022-09-16T07:01:19.973Z"}
{"@timestamp":"2022-09-16T07:01:47.283Z","@version":"1","message":"Sep 16 07:01:46 honeypot-sgp-1 sshd[24455]: Disconnected from authenticating user root 38.143.137.90 port 15164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:02:11 honeypot-fra-1 sshd[21667]: Invalid user admin from 179.60.147.69 port 57636","@timestamp":"2022-09-16T07:02:12.395Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:03:30.329Z","@version":"1","message":"Sep 16 07:03:29 honeypot-sgp-1 sshd[24462]: Received disconnect from 38.143.137.90 port 18376:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:04:37.358Z","@version":"1","message":"Sep 16 07:04:36 honeypot-sgp-1 sshd[24466]: Disconnected from authenticating user root 38.143.137.90 port 57124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:05:29 honeypot-ams-1 kernel: [84188510.897067] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59794 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:05:30.079Z"}
{"@timestamp":"2022-09-16T07:06:18.403Z","@version":"1","message":"Sep 16 07:06:17 honeypot-sgp-1 sshd[24474]: Received disconnect from 38.143.137.90 port 53212:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:07:56.446Z","@version":"1","message":"Sep 16 07:07:56 honeypot-sgp-1 sshd[24480]: Invalid user xdp from 38.143.137.90 port 19738","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:08:07 honeypot-fra-1 sshd[21672]: ssh_dispatch_run_fatal: Connection from 59.126.178.69 port 48551: message authentication code incorrect [preauth]","@timestamp":"2022-09-16T07:08:07.555Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:09:03.476Z","@version":"1","message":"Sep 16 07:09:03 honeypot-sgp-1 sshd[24485]: Invalid user xdp from 38.143.137.90 port 20740","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:10:10.506Z","@version":"1","message":"Sep 16 07:10:10 honeypot-sgp-1 sshd[24491]: Disconnected from authenticating user root 38.143.137.90 port 49850 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:11:16.537Z","@version":"1","message":"Sep 16 07:11:15 honeypot-sgp-1 sshd[24498]: Received disconnect from 38.143.137.90 port 17710:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:11:18 honeypot-ams-1 sshd[30915]: Disconnected from authenticating user root 61.177.173.50 port 47733 [preauth]","@timestamp":"2022-09-16T07:11:19.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:12:15 honeypot-ams-1 sshd[30919]: Disconnected from invalid user tech 170.106.113.73 port 50242 [preauth]","@timestamp":"2022-09-16T07:12:16.266Z"}
{"@timestamp":"2022-09-16T07:12:55.579Z","@version":"1","message":"Sep 16 07:12:54 honeypot-sgp-1 sshd[24505]: Invalid user dell from 38.143.137.90 port 32852","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:14:01.609Z","@version":"1","message":"Sep 16 07:14:01 honeypot-sgp-1 sshd[24509]: Invalid user Chaolei1984 from 38.143.137.90 port 15056","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:14:40 honeypot-ams-1 kernel: [84189062.342208] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=47626 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:14:41.333Z"}
{"@timestamp":"2022-09-16T07:15:07.639Z","@version":"1","message":"Sep 16 07:15:07 honeypot-sgp-1 sshd[24513]: Received disconnect from 38.143.137.90 port 61438:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:16:46.681Z","@version":"1","message":"Sep 16 07:16:46 honeypot-sgp-1 sshd[24523]: Received disconnect from 38.143.137.90 port 36214:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:17:01 honeypot-fra-1 CRON[21679]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T07:17:02.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:17:28 honeypot-ams-1 sshd[30932]: Did not receive identification string from 152.32.249.159 port 33402","@timestamp":"2022-09-16T07:17:29.409Z"}
{"@timestamp":"2022-09-16T07:17:53.712Z","@version":"1","message":"Sep 16 07:17:53 honeypot-sgp-1 sshd[24533]: Invalid user admin from 119.203.63.201 port 39670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:18:28.728Z","@version":"1","message":"Sep 16 07:18:28 honeypot-sgp-1 kernel: [84188814.527330] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.172.44.162 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=18197 DF PROTO=TCP SPT=53555 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:19:32.756Z","@version":"1","message":"Sep 16 07:19:32 honeypot-sgp-1 sshd[24539]: Received disconnect from 38.143.137.90 port 51208:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:20:15.776Z","@version":"1","message":"Sep 16 07:20:15 honeypot-sgp-1 sshd[24545]: Invalid user 123 from 92.255.85.69 port 39778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:21:10.801Z","@version":"1","message":"Sep 16 07:21:10 honeypot-sgp-1 sshd[24550]: Received disconnect from 38.143.137.90 port 4416:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:22:00 honeypot-fra-1 sshd[21683]: Connection closed by invalid user guest 193.106.191.157 port 54778 [preauth]","@timestamp":"2022-09-16T07:22:00.874Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:22:50.844Z","@version":"1","message":"Sep 16 07:22:50 honeypot-sgp-1 sshd[24556]: Invalid user ysxk from 38.143.137.90 port 8512","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:23:42.868Z","@version":"1","message":"Sep 16 07:23:42 honeypot-sgp-1 sshd[24560]: Disconnected from authenticating user root 61.177.172.114 port 32749 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:24:32.892Z","@version":"1","message":"Sep 16 07:24:32 honeypot-sgp-1 sshd[24566]: Disconnected from authenticating user root 38.143.137.90 port 59394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:25:34.920Z","@version":"1","message":"Sep 16 07:25:34 honeypot-sgp-1 kernel: [84189240.165592] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=45734 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:26:00 honeypot-ams-1 sshd[30954]: Disconnected from authenticating user root 61.177.173.52 port 40242 [preauth]","@timestamp":"2022-09-16T07:26:01.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:34:33 honeypot-fra-1 sshd[21689]: Received disconnect from 201.14.44.230 port 57800:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:34:34.221Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:37:51.221Z","@version":"1","message":"Sep 16 07:37:50 honeypot-sgp-1 sshd[24578]: Invalid user debian from 179.60.147.69 port 26948","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:38:58 honeypot-fra-1 sshd[21693]: Invalid user debian from 179.60.147.69 port 4054","@timestamp":"2022-09-16T07:38:59.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:39:46 honeypot-fra-1 sshd[21698]: Disconnected from authenticating user root 34.75.26.147 port 58678 [preauth]","@timestamp":"2022-09-16T07:39:46.348Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:41:10 honeypot-ams-1 sshd[30972]: Invalid user debian from 179.60.147.69 port 18126","@timestamp":"2022-09-16T07:41:11.020Z"}
{"@timestamp":"2022-09-16T07:43:34.359Z","@version":"1","message":"Sep 16 07:43:34 honeypot-sgp-1 sshd[24586]: Invalid user admin from 92.255.85.69 port 53646","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:45:04 honeypot-fra-1 sshd[21705]: Received disconnect from 94.23.27.28 port 51822:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:45:04.481Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:45:38 honeypot-ams-1 sshd[30976]: Disconnected from invalid user deva 190.187.240.86 port 49288 [preauth]","@timestamp":"2022-09-16T07:45:39.134Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:52:48 honeypot-ams-1 sshd[30982]: Invalid user admin from 92.255.85.69 port 48858","@timestamp":"2022-09-16T07:52:49.322Z"}
{"@timestamp":"2022-09-16T07:54:22.621Z","@version":"1","message":"Sep 16 07:54:22 honeypot-sgp-1 kernel: [84190968.320081] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=2.179.141.104 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=63757 DF PROTO=TCP SPT=21044 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:54:40 honeypot-fra-1 kernel: [84189295.186231] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.98 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39088 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:54:41.704Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:55:23 honeypot-ams-1 sshd[30986]: Disconnected from authenticating user root 61.177.173.39 port 28354 [preauth]","@timestamp":"2022-09-16T07:55:24.391Z"}
{"@timestamp":"2022-09-16T07:56:51.685Z","@version":"1","message":"Sep 16 07:56:50 honeypot-sgp-1 sshd[24598]: Invalid user user from 45.61.184.204 port 41322","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:09.694Z","@version":"1","message":"Sep 16 07:57:09 honeypot-sgp-1 sshd[24602]: Invalid user user from 45.61.184.204 port 36188","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:27.702Z","@version":"1","message":"Sep 16 07:57:26 honeypot-sgp-1 sshd[24607]: Invalid user user from 45.61.184.204 port 59272","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:58:15.724Z","@version":"1","message":"Sep 16 07:58:15 honeypot-sgp-1 kernel: [84191201.122787] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=12302 PROTO=TCP SPT=55085 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:02:22 honeypot-fra-1 kernel: [84189756.551549] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=110.138.22.17 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=50874 DF PROTO=TCP SPT=57012 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:02:22.877Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:04:37 honeypot-ams-1 kernel: [84192059.037865] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.209.51.57 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=42740 PROTO=TCP SPT=29908 DPT=80 WINDOW=13724 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:04:37.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:06:41 honeypot-ams-1 sshd[30998]: Disconnected from authenticating user root 61.177.173.36 port 10058 [preauth]","@timestamp":"2022-09-16T08:06:41.688Z"}
{"@timestamp":"2022-09-16T08:07:12.965Z","@version":"1","message":"Sep 16 08:07:12 honeypot-sgp-1 sshd[24617]: Invalid user a from 92.255.85.69 port 25754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:10:30 honeypot-fra-1 sshd[21715]: Invalid user dell from 103.188.176.251 port 44414","@timestamp":"2022-09-16T08:10:31.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:11:01 honeypot-ams-1 kernel: [84192443.040804] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.82.47.61 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40066 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-16T08:11:01.804Z"}
{"@timestamp":"2022-09-16T08:13:06.113Z","@version":"1","message":"Sep 16 08:13:05 honeypot-sgp-1 sshd[24620]: Invalid user deathrun from 43.154.50.195 port 37226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:14:08.140Z","@version":"1","message":"Sep 16 08:14:07 honeypot-sgp-1 sshd[24624]: Connection closed by invalid user guest 179.60.147.69 port 15872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:17:01 honeypot-ams-1 CRON[31009]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T08:17:01.977Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:17:01 honeypot-fra-1 CRON[21741]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T08:17:02.217Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:17:28 honeypot-ams-1 sshd[31014]: Connection closed by invalid user guest 179.60.147.69 port 23624 [preauth]","@timestamp":"2022-09-16T08:17:28.990Z"}
{"@timestamp":"2022-09-16T08:18:54.259Z","@version":"1","message":"Sep 16 08:18:54 honeypot-sgp-1 sshd[24633]: Invalid user claroc from 218.60.104.104 port 56108","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:19:54 honeypot-fra-1 kernel: [84190808.936554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15583 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:19:55.285Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T08:20:22.298Z","@version":"1","message":"Sep 16 08:20:21 honeypot-sgp-1 kernel: [84192527.833849] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=59807 PROTO=TCP SPT=51265 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:22:33 honeypot-ams-1 sshd[31021]: Disconnected from authenticating user root 61.177.172.104 port 59894 [preauth]","@timestamp":"2022-09-16T08:22:33.124Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:26:42 honeypot-ams-1 sshd[31025]: Invalid user murai1 from 209.141.35.242 port 59486","@timestamp":"2022-09-16T08:26:43.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:29:18 honeypot-ams-1 sshd[31028]: Received disconnect from 45.135.165.165 port 44878:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:29:19.307Z"}
{"@timestamp":"2022-09-16T08:30:05.539Z","@version":"1","message":"Sep 16 08:30:05 honeypot-sgp-1 kernel: [84193111.262022] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=47128 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:30:39 honeypot-fra-1 kernel: [84191454.151338] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=45071 PROTO=TCP SPT=57003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:30:40.535Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:31:06 honeypot-ams-1 sshd[31032]: Disconnected from invalid user ubnt 27.254.149.199 port 34050 [preauth]","@timestamp":"2022-09-16T08:31:07.359Z"}
{"@timestamp":"2022-09-16T08:33:18.622Z","@version":"1","message":"Sep 16 08:33:18 honeypot-sgp-1 sshd[24667]: Invalid user numbonsouvr from 59.162.182.20 port 42332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:34:06 honeypot-ams-1 kernel: [84193828.125746] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.132.51.83 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=15533 PROTO=TCP SPT=42174 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:34:07.440Z"}
{"@timestamp":"2022-09-16T08:34:08.645Z","@version":"1","message":"Sep 16 08:34:08 honeypot-sgp-1 sshd[24671]: Disconnected from authenticating user root 95.85.39.74 port 59938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:37:18.726Z","@version":"1","message":"Sep 16 08:37:17 honeypot-sgp-1 sshd[24678]: Received disconnect from 61.177.173.49 port 39122:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:40:47 honeypot-ams-1 sshd[31061]: Disconnected from authenticating user root 92.255.85.70 port 19186 [preauth]","@timestamp":"2022-09-16T08:40:47.609Z"}
{"@timestamp":"2022-09-16T08:44:40.931Z","@version":"1","message":"Sep 16 08:44:40 honeypot-sgp-1 sshd[24685]: Received disconnect from 61.177.172.114 port 32376:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:49:01 honeypot-fra-1 kernel: [84192555.912687] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.195 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=46035 PROTO=TCP SPT=24130 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:49:01.961Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:52:45 honeypot-ams-1 kernel: [84194947.149110] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.44.108.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=41111 PROTO=TCP SPT=36872 DPT=80 WINDOW=59248 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:52:45.922Z"}
{"@timestamp":"2022-09-16T08:57:00.237Z","@version":"1","message":"Sep 16 08:56:59 honeypot-sgp-1 sshd[24696]: Received disconnect from 61.177.173.48 port 38855:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:58:40 honeypot-ams-1 sshd[31079]: Disconnected from authenticating user root 61.177.173.36 port 15367 [preauth]","@timestamp":"2022-09-16T08:58:41.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:59:14 honeypot-fra-1 kernel: [84193168.888840] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33531 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:59:15.195Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T08:59:40.309Z","@version":"1","message":"Sep 16 08:59:40 honeypot-sgp-1 kernel: [84194886.274280] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.107 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51060 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:02:54 honeypot-ams-1 sshd[31086]: Invalid user web from 124.82.111.218 port 59334","@timestamp":"2022-09-16T09:02:55.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:03:44 honeypot-ams-1 sshd[31089]: Disconnected from invalid user user 45.61.184.204 port 40006 [preauth]","@timestamp":"2022-09-16T09:03:45.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:04 honeypot-ams-1 sshd[31093]: Disconnected from invalid user user 45.61.184.204 port 35564 [preauth]","@timestamp":"2022-09-16T09:04:05.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:22 honeypot-ams-1 sshd[31099]: Invalid user user from 45.61.184.204 port 59344","@timestamp":"2022-09-16T09:04:23.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:40 honeypot-ams-1 sshd[31103]: Invalid user user from 45.61.184.204 port 54892","@timestamp":"2022-09-16T09:04:41.254Z"}
{"@timestamp":"2022-09-16T09:05:27.462Z","@version":"1","message":"Sep 16 09:05:26 honeypot-sgp-1 kernel: [84195233.001803] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=61191 PROTO=TCP SPT=56765 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:10:14 honeypot-fra-1 sshd[21761]: Received disconnect from 165.22.45.108 port 51380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T09:10:14.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:12:02 honeypot-ams-1 kernel: [84196104.360306] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.201 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64073 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:12:03.446Z"}
{"@timestamp":"2022-09-16T09:16:58.745Z","@version":"1","message":"Sep 16 09:16:57 honeypot-sgp-1 sshd[24711]: Disconnected from invalid user odoo 92.255.85.69 port 54472 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:17:01 honeypot-fra-1 CRON[21766]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T09:17:02.600Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:17:28 honeypot-ams-1 kernel: [84196429.761375] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=53532 PROTO=TCP SPT=49501 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:17:28.587Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:22:48 honeypot-fra-1 sshd[21774]: Invalid user es from 85.154.238.58 port 42342","@timestamp":"2022-09-16T09:22:49.731Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:26:44.984Z","@version":"1","message":"Sep 16 09:26:44 honeypot-sgp-1 sshd[24722]: Invalid user blank from 179.60.147.69 port 44120","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:26:47 honeypot-ams-1 kernel: [84196989.465602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=13.125.127.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=39 ID=6405 PROTO=TCP SPT=56651 DPT=80 WINDOW=1419 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:26:48.828Z"}
{"@timestamp":"2022-09-16T09:27:21.002Z","@version":"1","message":"Sep 16 09:27:20 honeypot-sgp-1 sshd[24726]: Disconnected from authenticating user root 49.88.112.76 port 52605 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:27:52 honeypot-fra-1 sshd[21779]: Invalid user blank from 179.60.147.69 port 58524","@timestamp":"2022-09-16T09:27:52.849Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:30:05 honeypot-ams-1 sshd[31133]: Connection closed by invalid user blank 179.60.147.69 port 19858 [preauth]","@timestamp":"2022-09-16T09:30:05.916Z"}
{"@timestamp":"2022-09-16T09:31:25.105Z","@version":"1","message":"Sep 16 09:31:24 honeypot-sgp-1 sshd[24732]: Did not receive identification string from 45.61.186.169 port 45358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:31:54.119Z","@version":"1","message":"Sep 16 09:31:53 honeypot-sgp-1 sshd[24733]: Disconnected from authenticating user root 61.177.173.52 port 18614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:07.126Z","@version":"1","message":"Sep 16 09:32:07 honeypot-sgp-1 sshd[24740]: Disconnected from invalid user user 45.61.186.169 port 48990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:23.134Z","@version":"1","message":"Sep 16 09:32:22 honeypot-sgp-1 sshd[24744]: Disconnected from invalid user user 45.61.186.169 port 43422 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:38.142Z","@version":"1","message":"Sep 16 09:32:37 honeypot-sgp-1 sshd[24748]: Disconnected from invalid user user 45.61.186.169 port 37836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:34:12 honeypot-fra-1 sshd[21786]: Received disconnect from 218.92.0.200 port 10692:11:  [preauth]","@timestamp":"2022-09-16T09:34:12.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:36:20 honeypot-ams-1 kernel: [84197561.812013] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.163 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=54508 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:36:21.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:38:54 honeypot-fra-1 kernel: [84195548.719192] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.232.46.222 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=59791 PROTO=TCP SPT=41038 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:38:55.107Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T09:39:47.322Z","@version":"1","message":"Sep 16 09:39:46 honeypot-sgp-1 sshd[24756]: Did not receive identification string from 45.61.186.49 port 55548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:40:09.333Z","@version":"1","message":"Sep 16 09:40:08 honeypot-sgp-1 sshd[24759]: Disconnected from invalid user user 45.61.186.49 port 59234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:40:27.342Z","@version":"1","message":"Sep 16 09:40:27 honeypot-sgp-1 sshd[24765]: Received disconnect from 92.255.85.69 port 18858:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:42:40 honeypot-ams-1 sshd[31148]: Received disconnect from 61.177.172.124 port 61005:11:  [preauth]","@timestamp":"2022-09-16T09:42:41.242Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:45:51 honeypot-ams-1 kernel: [84198132.556663] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.212.61.17 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=8464 PROTO=TCP SPT=24505 DPT=443 WINDOW=38760 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:45:51.328Z"}
{"@timestamp":"2022-09-16T09:50:58.600Z","@version":"1","message":"Sep 16 09:50:57 honeypot-sgp-1 kernel: [84197963.696628] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=144.202.28.222 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=27695 PROTO=TCP SPT=41780 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:50:59 honeypot-ams-1 kernel: [84198441.292759] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.230.103.247 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=50988 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:51:00.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:56:08 honeypot-ams-1 sshd[31166]: Invalid user admin from 180.250.115.121 port 35171","@timestamp":"2022-09-16T09:56:09.604Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:57:56 honeypot-fra-1 sshd[21795]: Received disconnect from 92.255.85.70 port 46580:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:57:56.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:00:28.857Z","@version":"1","message":"Sep 16 10:00:27 honeypot-sgp-1 sshd[24778]: Disconnected from 159.223.172.195 port 38272 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:01:32 honeypot-fra-1 kernel: [84196906.749033] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.97.98.117 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=29223 DF PROTO=TCP SPT=55856 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T10:01:32.638Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:01:41 honeypot-ams-1 sshd[31171]: Disconnected from 206.189.197.134 port 39374 [preauth]","@timestamp":"2022-09-16T10:01:42.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:03:25 honeypot-ams-1 sshd[31177]: Invalid user dev from 96.78.175.36 port 56018","@timestamp":"2022-09-16T10:03:25.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:04:14 honeypot-fra-1 sshd[21800]: Connection closed by invalid user support 179.60.147.69 port 37388 [preauth]","@timestamp":"2022-09-16T10:04:15.704Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:04:26.957Z","@version":"1","message":"Sep 16 10:04:26 honeypot-sgp-1 sshd[24784]: Received disconnect from 92.255.85.70 port 61262:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:06:25 honeypot-ams-1 sshd[31180]: Invalid user support from 179.60.147.69 port 32404","@timestamp":"2022-09-16T10:06:25.877Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:12:01 honeypot-fra-1 kernel: [84197535.538067] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.67 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=36333 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:12:01.883Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:13:51 honeypot-ams-1 sshd[31183]: Disconnected from invalid user admin 92.255.85.70 port 38606 [preauth]","@timestamp":"2022-09-16T10:13:52.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21821]: Invalid user pi from 137.184.77.246 port 42048","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21813]: Invalid user deployer from 137.184.77.246 port 42072","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21824]: Invalid user chia from 137.184.77.246 port 42004","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21812]: Connection closed by invalid user admin 137.184.77.246 port 42068 [preauth]","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21806]: Connection closed by invalid user ubuntu 137.184.77.246 port 41994 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21810]: Connection closed by invalid user elasticsearch 137.184.77.246 port 42058 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21829]: Connection closed by invalid user es 137.184.77.246 port 42000 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21841]: Invalid user www from 137.184.77.246 port 42078","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21835]: Connection closed by authenticating user root 137.184.77.246 port 42042 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21840]: Connection closed by invalid user steam 137.184.77.246 port 42074 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:17:01.266Z","@version":"1","message":"Sep 16 10:17:01 honeypot-sgp-1 CRON[24790]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:21:12 honeypot-fra-1 sshd[21879]: Received disconnect from 92.255.85.69 port 33540:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:21:13.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:21:40.383Z","@version":"1","message":"Sep 16 10:21:39 honeypot-sgp-1 sshd[24795]: Disconnected from invalid user mts 91.240.118.222 port 29450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:24:57 honeypot-ams-1 sshd[31190]: Invalid user coke from 165.227.196.229 port 58826","@timestamp":"2022-09-16T10:24:57.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:25:24 honeypot-fra-1 sshd[21882]: Disconnected from invalid user monitor 167.172.152.29 port 58474 [preauth]","@timestamp":"2022-09-16T10:25:25.197Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:29:04 honeypot-ams-1 sshd[31192]: Disconnected from invalid user q3 165.232.173.191 port 48416 [preauth]","@timestamp":"2022-09-16T10:29:05.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:31:07 honeypot-fra-1 kernel: [84198681.264500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:31:07.328Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21912]: Invalid user admin from 137.184.77.246 port 37830","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21920]: Invalid user ubuntu from 137.184.77.246 port 37828","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21892]: Invalid user esuser from 137.184.77.246 port 37896","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21895]: Invalid user elasticsearch from 137.184.77.246 port 37888","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21919]: Connection closed by invalid user pi 137.184.77.246 port 37878 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21911]: Connection closed by invalid user steam 137.184.77.246 port 37904 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21891]: Connection closed by authenticating user root 137.184.77.246 port 37886 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21894]: Connection closed by invalid user es 137.184.77.246 port 37894 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:34:08.684Z","@version":"1","message":"Sep 16 10:34:08 honeypot-sgp-1 kernel: [84200554.524554] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.144.216 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=6819 PROTO=TCP SPT=60000 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:34:33 honeypot-ams-1 sshd[31201]: Disconnected from authenticating user root 134.122.123.117 port 54198 [preauth]","@timestamp":"2022-09-16T10:34:33.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:35:42 honeypot-ams-1 sshd[31205]: Disconnected from authenticating user root 134.122.123.117 port 50598 [preauth]","@timestamp":"2022-09-16T10:35:42.673Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:37:12 honeypot-ams-1 sshd[31212]: Received disconnect from 92.255.85.70 port 56098:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:37:12.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:37:53 honeypot-ams-1 sshd[31216]: Disconnected from authenticating user root 134.122.123.117 port 43334 [preauth]","@timestamp":"2022-09-16T10:37:54.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:38:12 honeypot-fra-1 sshd[21950]: Disconnected from invalid user tester 211.200.178.178 port 52552 [preauth]","@timestamp":"2022-09-16T10:38:12.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:39:32 honeypot-ams-1 sshd[31222]: Invalid user git from 134.122.123.117 port 38016","@timestamp":"2022-09-16T10:39:32.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:40:22 honeypot-fra-1 sshd[21957]: Connection closed by invalid user test 179.60.147.69 port 27046 [preauth]","@timestamp":"2022-09-16T10:40:22.547Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:40:38 honeypot-ams-1 sshd[31226]: Invalid user oracle from 134.122.123.117 port 34250","@timestamp":"2022-09-16T10:40:38.810Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:41:13 honeypot-ams-1 kernel: [84201454.680829] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.39 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40443 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:41:13.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:42:17 honeypot-ams-1 sshd[31233]: Disconnected from invalid user ansible 134.122.123.117 port 57036 [preauth]","@timestamp":"2022-09-16T10:42:17.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:43:21 honeypot-ams-1 sshd[31239]: Invalid user test from 134.122.123.117 port 53398","@timestamp":"2022-09-16T10:43:21.893Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:44:26 honeypot-ams-1 sshd[31243]: Invalid user demo from 134.122.123.117 port 49794","@timestamp":"2022-09-16T10:44:26.924Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:45:30 honeypot-ams-1 sshd[31247]: Invalid user jenkins from 134.122.123.117 port 46148","@timestamp":"2022-09-16T10:45:30.957Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:46:06 honeypot-ams-1 kernel: [84201748.257920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.166.87.67 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=254 ID=15212 PROTO=TCP SPT=43680 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:46:06.975Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:46:55 honeypot-fra-1 kernel: [84199629.452965] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.196 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49242 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:46:55.697Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:47:09 honeypot-ams-1 sshd[31253]: Disconnected from invalid user webadmin 134.122.123.117 port 40648 [preauth]","@timestamp":"2022-09-16T10:47:10.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:48:15 honeypot-ams-1 sshd[31258]: Received disconnect from 134.122.123.117 port 36996:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:48:16.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:49:20 honeypot-ams-1 sshd[31262]: Received disconnect from 134.122.123.117 port 33406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:49:21.068Z"}
{"@timestamp":"2022-09-16T10:50:31.084Z","@version":"1","message":"Sep 16 10:50:30 honeypot-sgp-1 kernel: [84201536.155800] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=24379 DF PROTO=TCP SPT=25403 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:50:31 honeypot-ams-1 kernel: [84202013.200974] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=112.47.127.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=19039 PROTO=TCP SPT=3107 DPT=443 WINDOW=29267 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:50:32.102Z"}
{"@timestamp":"2022-09-16T10:56:22.229Z","@version":"1","message":"Sep 16 10:56:22 honeypot-sgp-1 kernel: [84201888.068651] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=54.37.242.67 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=51905 PROTO=TCP SPT=42104 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:58:35 honeypot-fra-1 sshd[21966]: Disconnected from invalid user levchenko 165.22.45.108 port 33316 [preauth]","@timestamp":"2022-09-16T10:58:35.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:00:31 honeypot-ams-1 sshd[31270]: Received disconnect from 92.255.85.69 port 52986:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:00:31.360Z"}
{"@timestamp":"2022-09-16T11:04:50.440Z","@version":"1","message":"Sep 16 11:04:49 honeypot-sgp-1 sshd[24818]: Invalid user blueeyes from 20.44.152.59 port 36338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:06:34 honeypot-fra-1 kernel: [84200808.368472] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.14.190.128 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=39945 DF PROTO=TCP SPT=42064 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:06:35.144Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:11:50 honeypot-ams-1 sshd[31274]: Disconnected from invalid user sb 143.202.209.20 port 40519 [preauth]","@timestamp":"2022-09-16T11:11:50.645Z"}
{"@timestamp":"2022-09-16T11:14:43.677Z","@version":"1","message":"Sep 16 11:14:42 honeypot-sgp-1 sshd[24823]: Received disconnect from 92.255.85.69 port 56418:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:16:27 honeypot-fra-1 sshd[21974]: Connection closed by authenticating user root 179.60.147.69 port 49564 [preauth]","@timestamp":"2022-09-16T11:16:27.368Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:18:39 honeypot-ams-1 sshd[31280]: Connection closed by authenticating user root 179.60.147.69 port 2932 [preauth]","@timestamp":"2022-09-16T11:18:39.824Z"}
{"@timestamp":"2022-09-16T11:18:48.778Z","@version":"1","message":"Sep 16 11:18:48 honeypot-sgp-1 kernel: [84203234.308791] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=53610 PROTO=TCP SPT=54634 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:23:32 honeypot-fra-1 sshd[21980]: Disconnected from invalid user sophie 23.126.62.36 port 51620 [preauth]","@timestamp":"2022-09-16T11:23:33.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:27:33 honeypot-ams-1 kernel: [84204235.143741] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=203.122.46.42 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=14647 PROTO=TCP SPT=37756 DPT=80 WINDOW=4588 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:27:34.073Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:29:07 honeypot-fra-1 sshd[21986]: Received disconnect from 144.34.133.122 port 50626:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:29:08.664Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:29:48 honeypot-ams-1 kernel: [84204370.375464] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.146.75 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=43 ID=22571 PROTO=TCP SPT=44859 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:29:49.139Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:30:14 honeypot-fra-1 sshd[21990]: Disconnected from invalid user bunnyts 64.227.126.207 port 41180 [preauth]","@timestamp":"2022-09-16T11:30:14.692Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:30:23.057Z","@version":"1","message":"Sep 16 11:30:22 honeypot-sgp-1 kernel: [84203928.721032] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=49391 PROTO=TCP SPT=47803 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:33:00 honeypot-fra-1 sshd[21995]: Disconnected from invalid user super 62.204.41.222 port 29072 [preauth]","@timestamp":"2022-09-16T11:33:00.757Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:38:21.253Z","@version":"1","message":"Sep 16 11:38:20 honeypot-sgp-1 kernel: [84204406.171649] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.230.103.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=54750 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:38:41 honeypot-ams-1 sshd[31363]: Disconnected from invalid user kafka 128.199.179.36 port 41496 [preauth]","@timestamp":"2022-09-16T11:38:41.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:41:49 honeypot-fra-1 sshd[22000]: Invalid user cecil from 113.200.81.41 port 2411","@timestamp":"2022-09-16T11:41:49.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:48:08 honeypot-ams-1 sshd[31369]: Received disconnect from 92.255.85.70 port 43376:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:48:09.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:49:49 honeypot-fra-1 kernel: [84203403.252639] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=31024 PROTO=TCP SPT=45169 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:49:50.145Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:32 honeypot-fra-1 sshd[22006]: Received disconnect from 45.61.186.169 port 42694:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T11:51:33.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:50 honeypot-fra-1 sshd[22010]: Invalid user user from 45.61.186.169 port 37488","@timestamp":"2022-09-16T11:51:50.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:52:06 honeypot-fra-1 sshd[22014]: Invalid user user from 45.61.186.169 port 60410","@timestamp":"2022-09-16T11:52:07.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:52:32.594Z","@version":"1","message":"Sep 16 11:52:32 honeypot-sgp-1 sshd[24844]: Invalid user user from 179.60.147.69 port 64418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:53:43 honeypot-fra-1 sshd[22019]: Invalid user user from 179.60.147.69 port 10138","@timestamp":"2022-09-16T11:53:44.244Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:56:01 honeypot-ams-1 sshd[31372]: Invalid user user from 179.60.147.69 port 34756","@timestamp":"2022-09-16T11:56:01.854Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:57:31 honeypot-fra-1 sshd[22025]: Invalid user levina from 165.22.45.108 port 38462","@timestamp":"2022-09-16T11:57:32.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:59:04.755Z","@version":"1","message":"Sep 16 11:59:04 honeypot-sgp-1 kernel: [84205649.921921] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.204 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45587 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:01:42 honeypot-fra-1 sshd[22028]: Connection closed by invalid user guest 193.106.191.157 port 50172 [preauth]","@timestamp":"2022-09-16T12:01:43.433Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:04:00.875Z","@version":"1","message":"Sep 16 12:04:00 honeypot-sgp-1 sshd[24854]: Invalid user dq from 20.230.177.106 port 48430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:05:53 honeypot-ams-1 sshd[31375]: Did not receive identification string from 45.61.187.160 port 59136","@timestamp":"2022-09-16T12:05:53.118Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:05:59 honeypot-fra-1 sshd[22033]: Connection closed by invalid user admin 159.203.178.0 port 48118 [preauth]","@timestamp":"2022-09-16T12:06:00.535Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:22 honeypot-ams-1 sshd[31378]: Disconnected from invalid user user 45.61.187.160 port 39066 [preauth]","@timestamp":"2022-09-16T12:06:23.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:43 honeypot-ams-1 sshd[31382]: Disconnected from invalid user user 45.61.187.160 port 33046 [preauth]","@timestamp":"2022-09-16T12:06:44.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:07:01 honeypot-ams-1 sshd[31386]: Disconnected from invalid user user 45.61.187.160 port 55282 [preauth]","@timestamp":"2022-09-16T12:07:02.156Z"}
{"@timestamp":"2022-09-16T12:08:38.986Z","@version":"1","message":"Sep 16 12:08:38 honeypot-sgp-1 sshd[24859]: Invalid user apache from 207.154.229.107 port 43372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:10:31.035Z","@version":"1","message":"Sep 16 12:10:30 honeypot-sgp-1 sshd[24863]: Disconnected from invalid user administrator 94.240.180.92 port 41604 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:12:07 honeypot-ams-1 kernel: [84206909.213838] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.20.104.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=34015 PROTO=TCP SPT=36814 DPT=80 WINDOW=18854 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:12:08.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:14:33 honeypot-fra-1 kernel: [84204887.754297] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=3871 PROTO=TCP SPT=49604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:14:34.730Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:17:01.193Z","@version":"1","message":"Sep 16 12:17:01 honeypot-sgp-1 CRON[24869]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:19:06 honeypot-ams-1 kernel: [84207328.313291] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.184.32.42 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=33466 PROTO=TCP SPT=25396 DPT=80 WINDOW=45820 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:19:07.470Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:19:33 honeypot-fra-1 sshd[22046]: Received disconnect from 190.247.112.114 port 47860:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:19:34.847Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:23:19 honeypot-ams-1 sshd[31402]: Invalid user kumar from 103.27.236.73 port 52216","@timestamp":"2022-09-16T12:23:20.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:23:33 honeypot-fra-1 sshd[22050]: Invalid user danielo from 165.227.166.247 port 44602","@timestamp":"2022-09-16T12:23:33.940Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:25:02.392Z","@version":"1","message":"Sep 16 12:25:01 honeypot-sgp-1 sshd[24876]: Disconnected from authenticating user root 92.255.85.69 port 26240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:27:46 honeypot-fra-1 sshd[22053]: Disconnected from invalid user centos 200.29.109.224 port 43324 [preauth]","@timestamp":"2022-09-16T12:27:47.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:31:08.564Z","@version":"1","message":"Sep 16 12:31:08 honeypot-sgp-1 sshd[24882]: Disconnected from authenticating user root 178.22.168.219 port 56798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:31:28 honeypot-fra-1 sshd[22057]: Connection closed by invalid user test 179.60.147.69 port 53910 [preauth]","@timestamp":"2022-09-16T12:31:29.121Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:31:58 honeypot-ams-1 kernel: [84208100.236921] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:31:59.804Z"}
{"@timestamp":"2022-09-16T12:33:09.615Z","@version":"1","message":"Sep 16 12:33:08 honeypot-sgp-1 sshd[24888]: Invalid user admin from 128.199.160.207 port 21302","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:33:09.616Z","@version":"1","message":"Sep 16 12:33:08 honeypot-sgp-1 sshd[24894]: Invalid user admin from 128.199.160.207 port 21334","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:33:59 honeypot-fra-1 sshd[22062]: Disconnected from invalid user belea 144.24.116.174 port 51188 [preauth]","@timestamp":"2022-09-16T12:34:00.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:37:00 honeypot-ams-1 sshd[31410]: Invalid user guest from 193.106.191.157 port 54306","@timestamp":"2022-09-16T12:37:00.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:38:25 honeypot-fra-1 sshd[22067]: Received disconnect from 103.133.36.6 port 54000:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:38:26.282Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:42:33 honeypot-fra-1 kernel: [84206567.618681] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=43166 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:42:34.378Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:47:02.956Z","@version":"1","message":"Sep 16 12:47:02 honeypot-sgp-1 sshd[24902]: Invalid user user from 45.61.186.249 port 45176","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:22.967Z","@version":"1","message":"Sep 16 12:47:22 honeypot-sgp-1 sshd[24906]: Invalid user user from 45.61.186.249 port 39304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:40.975Z","@version":"1","message":"Sep 16 12:47:40 honeypot-sgp-1 sshd[24910]: Invalid user user from 45.61.186.249 port 33442","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:50.981Z","@version":"1","message":"Sep 16 12:47:50 honeypot-sgp-1 sshd[24912]: Disconnected from invalid user user 45.61.186.249 port 44620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:48:49 honeypot-fra-1 kernel: [84206943.052214] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=41598 PROTO=TCP SPT=45166 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:48:49.525Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:49:16.017Z","@version":"1","message":"Sep 16 12:49:15 honeypot-sgp-1 kernel: [84208661.761787] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=53535 PROTO=TCP SPT=52383 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:50:45 honeypot-ams-1 kernel: [84209226.493977] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.22.30.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=1363 PROTO=TCP SPT=27960 DPT=80 WINDOW=15968 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:50:45.303Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:59:59 honeypot-fra-1 kernel: [84207613.286336] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.248.101.148 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=54547 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:59:59.779Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:04:00 honeypot-ams-1 sshd[31418]: Connection closed by invalid user wangfei 103.188.176.251 port 45848 [preauth]","@timestamp":"2022-09-16T13:04:00.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22092]: Connection closed by invalid user chia 57.128.11.39 port 57444 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22093]: Connection closed by invalid user ftpuser 57.128.11.39 port 57432 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22088]: Connection closed by invalid user user 57.128.11.39 port 57384 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22096]: Invalid user devops from 57.128.11.39 port 57472","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22103]: Invalid user oracle from 57.128.11.39 port 57392","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22107]: Invalid user ubuntu from 57.128.11.39 port 57372","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22102]: Connection closed by invalid user user 57.128.11.39 port 57378 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22115]: Connection closed by invalid user ubuntu 57.128.11.39 port 57458 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22118]: Invalid user guest from 57.128.11.39 port 57452","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:03 honeypot-fra-1 sshd[22149]: Invalid user centos from 57.128.11.39 port 57434","@timestamp":"2022-09-16T13:05:03.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:05:19.416Z","@version":"1","message":"Sep 16 13:05:19 honeypot-sgp-1 kernel: [84209624.947095] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.14.114.187 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=59846 DF PROTO=TCP SPT=45002 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:08:49 honeypot-fra-1 sshd[22156]: Connection closed by authenticating user nobody 179.60.147.69 port 32822 [preauth]","@timestamp":"2022-09-16T13:08:50.984Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:10:38.551Z","@version":"1","message":"Sep 16 13:10:37 honeypot-sgp-1 sshd[24925]: Disconnected from 159.223.164.107 port 42562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:14:56.659Z","@version":"1","message":"Sep 16 13:14:56 honeypot-sgp-1 kernel: [84210201.972899] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.139 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=7835 PROTO=TCP SPT=32548 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:17:01 honeypot-ams-1 CRON[31424]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T13:17:01.966Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:20:58 honeypot-ams-1 sshd[31429]: Invalid user mts from 91.240.118.222 port 27492","@timestamp":"2022-09-16T13:20:59.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:21:54 honeypot-fra-1 sshd[22163]: Invalid user wilmerding from 185.126.8.102 port 51344","@timestamp":"2022-09-16T13:21:55.298Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:23:19 honeypot-ams-1 kernel: [84211181.243964] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=48673 PROTO=TCP SPT=53215 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:23:20.134Z"}
{"@timestamp":"2022-09-16T13:24:16.892Z","@version":"1","message":"Sep 16 13:24:16 honeypot-sgp-1 sshd[24934]: Disconnected from authenticating user root 143.244.137.54 port 58368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:30:11.041Z","@version":"1","message":"Sep 16 13:30:10 honeypot-sgp-1 sshd[24942]: Received disconnect from 193.142.146.50 port 34842:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:30:44 honeypot-ams-1 sshd[31437]: Invalid user student from 203.218.247.74 port 52102","@timestamp":"2022-09-16T13:30:45.326Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:30:50 honeypot-fra-1 kernel: [84209464.051601] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42302 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:30:50.499Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T13:31:07.068Z","@version":"1","message":"Sep 16 13:31:06 honeypot-sgp-1 kernel: [84211172.438752] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=233 ID=6719 PROTO=TCP SPT=61004 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:31:50 honeypot-ams-1 sshd[31441]: Received disconnect from 202.88.244.36 port 45496:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:31:50.356Z"}
{"@timestamp":"2022-09-16T13:34:00.145Z","@version":"1","message":"Sep 16 13:34:00 honeypot-sgp-1 sshd[24952]: Received disconnect from 193.142.146.50 port 33166:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:35:48.208Z","@version":"1","message":"Sep 16 13:35:47 honeypot-sgp-1 sshd[24959]: Invalid user remote from 92.255.85.70 port 45166","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:42:27 honeypot-ams-1 kernel: [84212329.326784] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=6545 PROTO=TCP SPT=56732 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:42:28.629Z"}
{"@timestamp":"2022-09-16T13:43:12.391Z","@version":"1","message":"Sep 16 13:43:12 honeypot-sgp-1 kernel: [84211897.836834] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63260 PROTO=TCP SPT=48891 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:44:46 honeypot-ams-1 sshd[31447]: Disconnected from invalid user remote 92.255.85.69 port 51472 [preauth]","@timestamp":"2022-09-16T13:44:46.689Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:47:31 honeypot-ams-1 sshd[31452]: Connection closed by invalid user guest 179.60.147.69 port 64060 [preauth]","@timestamp":"2022-09-16T13:47:31.764Z"}
{"@timestamp":"2022-09-16T13:50:11.603Z","@version":"1","message":"Sep 16 13:50:11 honeypot-sgp-1 kernel: [84212317.139809] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=108.51.55.240 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=64634 PROTO=TCP SPT=43507 DPT=80 WINDOW=39843 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:51:51 honeypot-ams-1 sshd[31456]: Disconnected from invalid user mdnsd 104.236.244.98 port 53710 [preauth]","@timestamp":"2022-09-16T13:51:51.877Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:52:00 honeypot-fra-1 kernel: [84210734.513779] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.107 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=731 PROTO=TCP SPT=51580 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:52:00.979Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:53:57 honeypot-fra-1 sshd[22176]: Disconnected from invalid user lff 165.22.45.108 port 48740 [preauth]","@timestamp":"2022-09-16T13:53:58.026Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:55:34 honeypot-ams-1 sshd[31462]: Invalid user pi from 73.173.30.173 port 58072","@timestamp":"2022-09-16T13:55:34.982Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:56:11 honeypot-ams-1 sshd[31466]: Disconnected from invalid user zck 143.110.212.213 port 52928 [preauth]","@timestamp":"2022-09-16T13:56:12.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:57:19 honeypot-fra-1 sshd[22181]: Received disconnect from 137.184.1.35 port 33682:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:57:20.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:58:23 honeypot-ams-1 sshd[31471]: Received disconnect from 49.2.90.24 port 41408:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:58:24.063Z"}
{"@timestamp":"2022-09-16T13:59:09.826Z","@version":"1","message":"Sep 16 13:59:08 honeypot-sgp-1 sshd[24969]: Received disconnect from 92.255.85.69 port 27804:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:01:28 honeypot-ams-1 sshd[31475]: Received disconnect from 45.7.119.3 port 11234:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:01:29.146Z"}
{"@timestamp":"2022-09-16T14:02:09.905Z","@version":"1","message":"Sep 16 14:02:09 honeypot-sgp-1 sshd[24974]: Received disconnect from 45.61.184.204 port 40652:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:28.916Z","@version":"1","message":"Sep 16 14:02:28 honeypot-sgp-1 sshd[24980]: Invalid user user from 45.61.184.204 port 35476","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:47.926Z","@version":"1","message":"Sep 16 14:02:47 honeypot-sgp-1 sshd[24984]: Invalid user user from 45.61.184.204 port 58538","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:03:04.935Z","@version":"1","message":"Sep 16 14:03:04 honeypot-sgp-1 sshd[24988]: Invalid user user from 45.61.184.204 port 53404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:04:47 honeypot-fra-1 sshd[22253]: Received disconnect from 31.186.48.216 port 39480:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:04:48.272Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:04:56 honeypot-ams-1 sshd[31480]: Invalid user admin from 59.27.98.103 port 41118","@timestamp":"2022-09-16T14:04:56.236Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:07:23 honeypot-fra-1 sshd[22257]: Received disconnect from 203.190.55.203 port 56852:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:07:24.334Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:08:14 honeypot-ams-1 sshd[31484]: Received disconnect from 92.255.85.69 port 17820:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:08:15.327Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:12:32 honeypot-ams-1 sshd[31489]: Received disconnect from 70.35.202.246 port 37958:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:12:33.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:17:01 honeypot-fra-1 CRON[22265]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T14:17:02.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:17:01.299Z","@version":"1","message":"Sep 16 14:17:01 honeypot-sgp-1 CRON[25428]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:20:09 honeypot-ams-1 sshd[31495]: ssh_dispatch_run_fatal: Connection from 136.52.13.251 port 44904: Connection corrupted [preauth]","@timestamp":"2022-09-16T14:20:10.629Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:22:15 honeypot-fra-1 kernel: [84212548.927394] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.110.203.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=19735 PROTO=TCP SPT=57785 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:22:15.690Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T14:22:22.437Z","@version":"1","message":"Sep 16 14:22:22 honeypot-sgp-1 sshd[25434]: Disconnected from invalid user admin 92.255.85.69 port 54920 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:27:34 honeypot-ams-1 sshd[31502]: Connection closed by invalid user admin 121.185.123.67 port 41446 [preauth]","@timestamp":"2022-09-16T14:27:34.828Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:33:04 honeypot-fra-1 sshd[22277]: Connection closed by invalid user guest 193.106.191.157 port 34918 [preauth]","@timestamp":"2022-09-16T14:33:04.936Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:33:27 honeypot-ams-1 kernel: [84215388.464243] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.116.224.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=41670 DF PROTO=TCP SPT=27369 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:33:27.985Z"}
{"@timestamp":"2022-09-16T14:43:50.972Z","@version":"1","message":"Sep 16 14:43:50 honeypot-sgp-1 kernel: [84215535.734362] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.100 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=60676 PROTO=TCP SPT=9729 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:44:04 honeypot-fra-1 kernel: [84213857.987104] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.245.80.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57339 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:44:05.203Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:48:22 honeypot-ams-1 kernel: [84216283.475167] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=129.153.51.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=63705 PROTO=TCP SPT=9171 DPT=80 WINDOW=35947 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:48:22.373Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:48:56 honeypot-fra-1 sshd[22286]: Disconnected from authenticating user root 210.245.92.136 port 41691 [preauth]","@timestamp":"2022-09-16T14:48:57.327Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:55:13 honeypot-ams-1 kernel: [84216695.162386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28365 PROTO=TCP SPT=58324 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:55:14.553Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:55:49 honeypot-fra-1 kernel: [84214562.885299] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.253.93.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=10116 PROTO=TCP SPT=52066 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:55:49.483Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T14:56:43.302Z","@version":"1","message":"Sep 16 14:56:43 honeypot-sgp-1 sshd[25444]: Connection closed by authenticating user root 179.60.147.69 port 8858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:59:09.364Z","@version":"1","message":"Sep 16 14:59:08 honeypot-sgp-1 sshd[25451]: Connection closed by invalid user admin 157.230.47.155 port 57116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:04:26.495Z","@version":"1","message":"Sep 16 15:04:26 honeypot-sgp-1 sshd[25456]: Disconnected from invalid user developer 113.160.226.178 port 40731 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:05:40 honeypot-fra-1 kernel: [84215153.882411] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.200.118.90 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53633 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:05:40.706Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:07:08.565Z","@version":"1","message":"Sep 16 15:07:08 honeypot-sgp-1 sshd[25460]: Disconnected from authenticating user root 92.27.140.155 port 59876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:09:37 honeypot-ams-1 kernel: [84217558.798679] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.200.118.90 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=58519 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:09:37.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:10:48 honeypot-fra-1 kernel: [84215462.267742] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:10:48.822Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:11:48.682Z","@version":"1","message":"Sep 16 15:11:48 honeypot-sgp-1 sshd[25465]: Disconnecting invalid user  31.184.198.71 port 7953: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:15.696Z","@version":"1","message":"Sep 16 15:12:15 honeypot-sgp-1 sshd[25471]: Disconnecting invalid user  31.184.198.71 port 38629: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:39.709Z","@version":"1","message":"Sep 16 15:12:39 honeypot-sgp-1 sshd[25477]: Disconnecting invalid user admin 31.184.198.71 port 54775: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:06.723Z","@version":"1","message":"Sep 16 15:13:06 honeypot-sgp-1 sshd[25483]: Disconnecting invalid user manager 31.184.198.71 port 45950: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:36.738Z","@version":"1","message":"Sep 16 15:13:36 honeypot-sgp-1 sshd[25491]: Invalid user Admin from 31.184.198.71 port 42448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:01.751Z","@version":"1","message":"Sep 16 15:14:01 honeypot-sgp-1 sshd[25497]: Invalid user user from 31.184.198.71 port 5639","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:32.767Z","@version":"1","message":"Sep 16 15:14:32 honeypot-sgp-1 sshd[25503]: Disconnecting invalid user blank 31.184.198.71 port 30543: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:56.779Z","@version":"1","message":"Sep 16 15:14:55 honeypot-sgp-1 sshd[25510]: Disconnecting invalid user 1234 31.184.198.71 port 11673: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:37.800Z","@version":"1","message":"Sep 16 15:15:37 honeypot-sgp-1 sshd[25518]: Invalid user cisco from 31.184.198.71 port 8156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:07.816Z","@version":"1","message":"Sep 16 15:16:07 honeypot-sgp-1 sshd[25524]: Disconnecting authenticating user root 31.184.198.71 port 14626: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:36.833Z","@version":"1","message":"Sep 16 15:16:36 honeypot-sgp-1 sshd[25530]: Disconnecting invalid user adslroot 31.184.198.71 port 37443: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:59.844Z","@version":"1","message":"Sep 16 15:16:59 honeypot-sgp-1 sshd[25534]: Received disconnect from 20.27.34.22 port 56260:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:11.851Z","@version":"1","message":"Sep 16 15:17:11 honeypot-sgp-1 sshd[25543]: Invalid user zhone from 31.184.198.71 port 63545","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:39.865Z","@version":"1","message":"Sep 16 15:17:39 honeypot-sgp-1 sshd[25549]: Disconnecting invalid user default 31.184.198.71 port 55610: Change of username or service not allowed: (default,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:18:03 honeypot-ams-1 kernel: [84218064.684757] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.175.192.43 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=39904 PROTO=TCP SPT=10523 DPT=80 WINDOW=1075 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:18:04.145Z"}
{"@timestamp":"2022-09-16T15:18:09.880Z","@version":"1","message":"Sep 16 15:18:09 honeypot-sgp-1 sshd[25555]: Disconnecting invalid user Administrator 31.184.198.71 port 54737: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:18:33 honeypot-fra-1 sshd[22308]: Invalid user guest from 193.106.191.157 port 37168","@timestamp":"2022-09-16T15:18:33.998Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:18:38.895Z","@version":"1","message":"Sep 16 15:18:38 honeypot-sgp-1 sshd[25561]: Disconnecting invalid user admin 31.184.198.71 port 61465: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:10.911Z","@version":"1","message":"Sep 16 15:19:10 honeypot-sgp-1 sshd[25567]: Disconnecting invalid user comcast 31.184.198.71 port 35593: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:31.922Z","@version":"1","message":"Sep 16 15:19:31 honeypot-sgp-1 sshd[25573]: Disconnecting invalid user admin1234 31.184.198.71 port 5699: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:02.937Z","@version":"1","message":"Sep 16 15:20:02 honeypot-sgp-1 sshd[25580]: Disconnecting invalid user admin 31.184.198.71 port 51660: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:25.950Z","@version":"1","message":"Sep 16 15:20:25 honeypot-sgp-1 sshd[25586]: Disconnecting invalid user blank 31.184.198.71 port 64291: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:55.965Z","@version":"1","message":"Sep 16 15:20:55 honeypot-sgp-1 sshd[25594]: Invalid user 0 from 31.184.198.71 port 5702","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:17.976Z","@version":"1","message":"Sep 16 15:21:17 honeypot-sgp-1 sshd[25600]: Invalid user admin from 31.184.198.71 port 45156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:43.989Z","@version":"1","message":"Sep 16 15:21:43 honeypot-sgp-1 sshd[25606]: Invalid user Broadcom from 31.184.198.71 port 51744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:15.006Z","@version":"1","message":"Sep 16 15:22:14 honeypot-sgp-1 sshd[25612]: Invalid user cusadmin from 31.184.198.71 port 37828","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:41.018Z","@version":"1","message":"Sep 16 15:22:40 honeypot-sgp-1 sshd[25618]: Invalid user sweex from 31.184.198.71 port 54125","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:08.033Z","@version":"1","message":"Sep 16 15:23:07 honeypot-sgp-1 sshd[25624]: Invalid user  from 31.184.198.71 port 17575","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:32.044Z","@version":"1","message":"Sep 16 15:23:32 honeypot-sgp-1 sshd[25630]: Invalid user ubnt from 31.184.198.71 port 5270","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:06.062Z","@version":"1","message":"Sep 16 15:24:05 honeypot-sgp-1 sshd[25636]: Disconnecting invalid user user 31.184.198.71 port 46614: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:36.078Z","@version":"1","message":"Sep 16 15:24:35 honeypot-sgp-1 sshd[25642]: Disconnecting invalid user Admin 31.184.198.71 port 46632: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:02.091Z","@version":"1","message":"Sep 16 15:25:01 honeypot-sgp-1 sshd[25649]: Disconnecting invalid user 0 31.184.198.71 port 44439: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:33.107Z","@version":"1","message":"Sep 16 15:25:32 honeypot-sgp-1 sshd[25655]: Disconnecting invalid user admin 31.184.198.71 port 27473: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:26:30 honeypot-ams-1 kernel: [84218572.145622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=16924 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:26:31.360Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:26:47 honeypot-fra-1 sshd[22316]: Received disconnect from 92.255.85.70 port 26148:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:26:48.183Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:27:55 honeypot-fra-1 sshd[22322]: Invalid user user from 45.61.187.160 port 54348","@timestamp":"2022-09-16T15:27:56.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:19 honeypot-fra-1 sshd[22326]: Invalid user user from 45.61.187.160 port 48712","@timestamp":"2022-09-16T15:28:20.220Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:29 honeypot-fra-1 kernel: [84216522.961150] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41687 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:28:30.224Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:45 honeypot-fra-1 sshd[22332]: Disconnected from invalid user user 45.61.187.160 port 54388 [preauth]","@timestamp":"2022-09-16T15:28:45.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:32:31.278Z","@version":"1","message":"Sep 16 15:32:30 honeypot-sgp-1 sshd[25662]: Disconnected from authenticating user root 92.255.85.70 port 57582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:36:22 honeypot-ams-1 sshd[31540]: Connection closed by invalid user debian 179.60.147.69 port 24500 [preauth]","@timestamp":"2022-09-16T15:36:22.611Z"}
{"@timestamp":"2022-09-16T15:38:33.426Z","@version":"1","message":"Sep 16 15:38:32 honeypot-sgp-1 kernel: [84218818.506599] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=54321 PROTO=TCP SPT=38445 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22343]: Did not receive identification string from 139.59.152.202 port 58816","@timestamp":"2022-09-16T15:38:54.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22350]: Invalid user cloud from 139.59.152.202 port 36136","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22354]: Invalid user spark from 139.59.152.202 port 36142","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22360]: Invalid user user from 139.59.152.202 port 36162","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22351]: Connection closed by invalid user centos 139.59.152.202 port 36128 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22357]: Connection closed by invalid user test 139.59.152.202 port 36146 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22348]: Connection closed by invalid user oracle 139.59.152.202 port 36130 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22364]: Connection closed by invalid user es 139.59.152.202 port 36166 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22370]: Invalid user test from 139.59.152.202 port 36190","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:13 honeypot-ams-1 sshd[31545]: Received disconnect from 60.181.19.237 port 25575:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:14.763Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:42:14 honeypot-fra-1 kernel: [84217348.304736] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=43788 PROTO=TCP SPT=49501 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:42:15.543Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:18 honeypot-ams-1 sshd[31549]: Disconnected from authenticating user root 60.181.19.237 port 21617 [preauth]","@timestamp":"2022-09-16T15:42:18.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:25 honeypot-ams-1 sshd[31555]: Disconnected from authenticating user root 60.181.19.237 port 21796 [preauth]","@timestamp":"2022-09-16T15:42:25.770Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:30 honeypot-ams-1 sshd[31559]: Disconnected from authenticating user root 60.181.19.237 port 21947 [preauth]","@timestamp":"2022-09-16T15:42:30.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:37 honeypot-ams-1 sshd[31567]: Disconnected from authenticating user root 60.181.19.237 port 22137 [preauth]","@timestamp":"2022-09-16T15:42:37.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:44 honeypot-ams-1 sshd[31573]: Received disconnect from 60.181.19.237 port 22322:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:44.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:51 honeypot-ams-1 sshd[31579]: Received disconnect from 60.181.19.237 port 22508:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:51.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:57 honeypot-ams-1 sshd[31585]: Received disconnect from 60.181.19.237 port 22686:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:57.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:04 honeypot-ams-1 sshd[31591]: Received disconnect from 60.181.19.237 port 22863:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:04.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:11 honeypot-ams-1 sshd[31597]: Received disconnect from 60.181.19.237 port 23067:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:11.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:18 honeypot-ams-1 sshd[31603]: Received disconnect from 60.181.19.237 port 23266:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:19.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:26 honeypot-ams-1 sshd[31609]: Received disconnect from 60.181.19.237 port 23478:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:26.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:33 honeypot-ams-1 sshd[31615]: Received disconnect from 60.181.19.237 port 23660:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:33.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:37 honeypot-ams-1 sshd[31619]: Received disconnect from 60.181.19.237 port 23774:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:37.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:42 honeypot-ams-1 sshd[31623]: Received disconnect from 60.181.19.237 port 23913:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:42.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:47 honeypot-ams-1 sshd[31627]: Received disconnect from 60.181.19.237 port 24041:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:47.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:51 honeypot-ams-1 sshd[31631]: Received disconnect from 60.181.19.237 port 24683:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:51.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:56 honeypot-ams-1 sshd[31635]: Received disconnect from 60.181.19.237 port 24884:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:56.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:00 honeypot-ams-1 sshd[31639]: Disconnected from authenticating user root 60.181.19.237 port 25004 [preauth]","@timestamp":"2022-09-16T15:44:00.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:07 honeypot-ams-1 sshd[31645]: Invalid user pi from 60.181.19.237 port 25589","@timestamp":"2022-09-16T15:44:07.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:12 honeypot-ams-1 sshd[31649]: Invalid user ethos from 60.181.19.237 port 21634","@timestamp":"2022-09-16T15:44:12.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:17 honeypot-ams-1 sshd[31653]: Invalid user miner from 60.181.19.237 port 21852","@timestamp":"2022-09-16T15:44:17.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:22 honeypot-ams-1 sshd[31657]: Invalid user volumio from 60.181.19.237 port 21995","@timestamp":"2022-09-16T15:44:22.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:26 honeypot-ams-1 sshd[31662]: Invalid user nagios from 60.181.19.237 port 22112","@timestamp":"2022-09-16T15:44:26.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:32 honeypot-ams-1 sshd[31666]: Invalid user vagrant from 60.181.19.237 port 22404","@timestamp":"2022-09-16T15:44:32.876Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:38 honeypot-ams-1 sshd[31670]: Invalid user debian from 60.181.19.237 port 22696","@timestamp":"2022-09-16T15:44:38.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:43 honeypot-ams-1 sshd[31674]: Invalid user debian from 60.181.19.237 port 22834","@timestamp":"2022-09-16T15:44:43.883Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:48 honeypot-ams-1 sshd[31678]: Invalid user alarm from 60.181.19.237 port 23028","@timestamp":"2022-09-16T15:44:48.886Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:53 honeypot-ams-1 sshd[31682]: Invalid user test from 60.181.19.237 port 23175","@timestamp":"2022-09-16T15:44:53.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:58 honeypot-ams-1 sshd[31686]: Invalid user cirros from 60.181.19.237 port 23314","@timestamp":"2022-09-16T15:44:58.893Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:51:20 honeypot-ams-1 kernel: [84220061.475624] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.216.78.126 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=63183 PROTO=TCP SPT=30102 DPT=443 WINDOW=3046 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:51:21.057Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:52:33 honeypot-fra-1 sshd[22406]: Received disconnect from 165.22.45.108 port 59046:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T15:52:34.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:52:38.786Z","@version":"1","message":"Sep 16 15:52:38 honeypot-sgp-1 sshd[25673]: Received disconnect from 138.68.10.182 port 50522:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:55:57 honeypot-ams-1 sshd[31693]: Disconnected from invalid user omega 123.108.59.148 port 23507 [preauth]","@timestamp":"2022-09-16T15:55:58.179Z"}
{"@timestamp":"2022-09-16T15:56:59.895Z","@version":"1","message":"Sep 16 15:56:59 honeypot-sgp-1 kernel: [84219925.089632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=45794 PROTO=TCP SPT=59968 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:36.081Z","@version":"1","message":"Sep 16 16:04:35 honeypot-sgp-1 sshd[25684]: Received disconnect from 45.61.186.49 port 38622:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:46.087Z","@version":"1","message":"Sep 16 16:04:45 honeypot-sgp-1 sshd[25688]: Received disconnect from 45.61.186.49 port 49956:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:07:23.151Z","@version":"1","message":"Sep 16 16:07:22 honeypot-sgp-1 kernel: [84220548.199593] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.8 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=50625 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:10:36 honeypot-fra-1 sshd[22410]: Invalid user user from 179.60.147.69 port 12264","@timestamp":"2022-09-16T16:10:37.174Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:12:07 honeypot-ams-1 kernel: [84221309.219913] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=115.153.84.50 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=3626 PROTO=TCP SPT=51127 DPT=80 WINDOW=63631 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:12:08.590Z"}
{"@timestamp":"2022-09-16T16:14:37.367Z","@version":"1","message":"Sep 16 16:14:37 honeypot-sgp-1 sshd[25696]: Disconnected from invalid user 888g 68.183.225.151 port 59650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:17:01 honeypot-fra-1 CRON[22415]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T16:17:02.319Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T16:17:15.434Z","@version":"1","message":"Sep 16 16:17:15 honeypot-sgp-1 sshd[25703]: Received disconnect from 196.0.120.211 port 49580:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:18:28.465Z","@version":"1","message":"Sep 16 16:18:28 honeypot-sgp-1 sshd[25707]: Received disconnect from 198.23.148.137 port 33060:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:19:31 honeypot-fra-1 sshd[22421]: Disconnected from authenticating user root 43.155.86.244 port 33918 [preauth]","@timestamp":"2022-09-16T16:19:31.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:32 honeypot-fra-1 sshd[22425]: Received disconnect from 187.116.49.64 port 47062:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:33.496Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:37 honeypot-fra-1 sshd[22430]: Disconnected from authenticating user root 187.116.49.64 port 47064 [preauth]","@timestamp":"2022-09-16T16:24:37.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:43 honeypot-fra-1 sshd[22436]: Disconnected from authenticating user root 187.116.49.64 port 47067 [preauth]","@timestamp":"2022-09-16T16:24:44.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:50 honeypot-fra-1 sshd[22442]: Disconnected from authenticating user root 187.116.49.64 port 47070 [preauth]","@timestamp":"2022-09-16T16:24:50.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:56 honeypot-fra-1 sshd[22448]: Disconnected from authenticating user root 187.116.49.64 port 47073 [preauth]","@timestamp":"2022-09-16T16:24:57.509Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:25:01 honeypot-ams-1 kernel: [84222083.141330] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=114.225.3.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=7525 PROTO=TCP SPT=64005 DPT=443 WINDOW=59106 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:25:01.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:02 honeypot-fra-1 sshd[22454]: Disconnected from authenticating user root 187.116.49.64 port 47076 [preauth]","@timestamp":"2022-09-16T16:25:03.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:09 honeypot-fra-1 sshd[22460]: Disconnected from authenticating user root 187.116.49.64 port 47079 [preauth]","@timestamp":"2022-09-16T16:25:09.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:15 honeypot-fra-1 sshd[22466]: Disconnected from authenticating user root 187.116.49.64 port 47082 [preauth]","@timestamp":"2022-09-16T16:25:16.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:22 honeypot-fra-1 sshd[22472]: Disconnected from authenticating user root 187.116.49.64 port 47085 [preauth]","@timestamp":"2022-09-16T16:25:22.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:28 honeypot-fra-1 sshd[22478]: Disconnected from authenticating user root 187.116.49.64 port 47088 [preauth]","@timestamp":"2022-09-16T16:25:29.579Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:35 honeypot-fra-1 sshd[22484]: Disconnected from authenticating user root 187.116.49.64 port 47091 [preauth]","@timestamp":"2022-09-16T16:25:36.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:42 honeypot-fra-1 sshd[22490]: Disconnected from authenticating user root 187.116.49.64 port 47094 [preauth]","@timestamp":"2022-09-16T16:25:42.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:48 honeypot-fra-1 sshd[22496]: Received disconnect from 187.116.49.64 port 47097:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:49.590Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T16:25:49.643Z","@version":"1","message":"Sep 16 16:25:49 honeypot-sgp-1 kernel: [84221654.852615] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.236 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56702 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:53 honeypot-fra-1 sshd[22500]: Received disconnect from 187.116.49.64 port 47099:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:53.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:57 honeypot-fra-1 sshd[22504]: Received disconnect from 187.116.49.64 port 47101:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:57.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:01 honeypot-fra-1 sshd[22508]: Received disconnect from 187.116.49.64 port 47103:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:01.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:05 honeypot-fra-1 sshd[22512]: Received disconnect from 187.116.49.64 port 47105:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:06.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:09 honeypot-fra-1 sshd[22516]: Received disconnect from 187.116.49.64 port 47107:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:10.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:15 honeypot-fra-1 sshd[22522]: Invalid user pi from 187.116.49.64 port 47110","@timestamp":"2022-09-16T16:26:16.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:20 honeypot-fra-1 sshd[22526]: Invalid user user from 187.116.49.64 port 47112","@timestamp":"2022-09-16T16:26:20.609Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:24 honeypot-fra-1 sshd[22530]: Invalid user mine from 187.116.49.64 port 47114","@timestamp":"2022-09-16T16:26:25.611Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:28 honeypot-fra-1 sshd[22534]: Invalid user xbmc from 187.116.49.64 port 47116","@timestamp":"2022-09-16T16:26:29.613Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:33 honeypot-fra-1 sshd[22538]: Invalid user oracle from 187.116.49.64 port 47061","@timestamp":"2022-09-16T16:26:33.616Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:37 honeypot-fra-1 sshd[22542]: Invalid user postgres from 187.116.49.64 port 47063","@timestamp":"2022-09-16T16:26:38.619Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:42 honeypot-fra-1 sshd[22546]: Invalid user support from 187.116.49.64 port 47065","@timestamp":"2022-09-16T16:26:42.621Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:46 honeypot-fra-1 sshd[22550]: Invalid user ubuntu from 187.116.49.64 port 47067","@timestamp":"2022-09-16T16:26:46.623Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:50 honeypot-fra-1 sshd[22554]: Invalid user ubuntu from 187.116.49.64 port 47069","@timestamp":"2022-09-16T16:26:51.626Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:54 honeypot-fra-1 sshd[22558]: Invalid user guest from 187.116.49.64 port 47071","@timestamp":"2022-09-16T16:26:55.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:59 honeypot-fra-1 sshd[22562]: Invalid user cirros from 187.116.49.64 port 47073","@timestamp":"2022-09-16T16:26:59.630Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:31:19 honeypot-fra-1 kernel: [84220292.501789] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=42044 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:31:19.727Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:37:27 honeypot-ams-1 kernel: [84222829.095660] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.36.19.166 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=33297 DF PROTO=TCP SPT=12829 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:37:28.243Z"}
{"@timestamp":"2022-09-16T16:40:25.018Z","@version":"1","message":"Sep 16 16:40:24 honeypot-sgp-1 sshd[25717]: Invalid user wp from 165.22.101.75 port 55068","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:42:02 honeypot-ams-1 sshd[31712]: Disconnected from invalid user sambit 186.206.144.34 port 54328 [preauth]","@timestamp":"2022-09-16T16:42:02.365Z"}
{"@timestamp":"2022-09-16T16:42:16.066Z","@version":"1","message":"Sep 16 16:42:15 honeypot-sgp-1 sshd[25721]: Received disconnect from 43.155.100.37 port 35956:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:44:50 honeypot-ams-1 sshd[31717]: Disconnected from authenticating user root 167.99.241.178 port 40828 [preauth]","@timestamp":"2022-09-16T16:44:51.440Z"}
{"@timestamp":"2022-09-16T16:45:49.155Z","@version":"1","message":"Sep 16 16:45:48 honeypot-sgp-1 sshd[25728]: Invalid user uploader from 43.154.142.229 port 38574","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:46:58.185Z","@version":"1","message":"Sep 16 16:46:57 honeypot-sgp-1 sshd[25732]: Disconnected from authenticating user root 176.102.38.41 port 59478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:47:32 honeypot-fra-1 sshd[22588]: Disconnected from authenticating user root 80.253.31.232 port 40830 [preauth]","@timestamp":"2022-09-16T16:47:33.088Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:47:41 honeypot-ams-1 sshd[31723]: Received disconnect from 209.65.66.239 port 47000:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:47:42.515Z"}
{"@timestamp":"2022-09-16T16:50:11.265Z","@version":"1","message":"Sep 16 16:50:10 honeypot-sgp-1 sshd[25737]: Disconnected from invalid user admin 210.105.193.6 port 45528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:50:33 honeypot-ams-1 sshd[31730]: Disconnected from authenticating user root 92.255.85.70 port 61540 [preauth]","@timestamp":"2022-09-16T16:50:33.592Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:50:58 honeypot-fra-1 kernel: [84221471.582633] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=59861 PROTO=TCP SPT=47116 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:50:59.167Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:56:49 honeypot-fra-1 sshd[22596]: Disconnected from invalid user user 45.61.184.204 port 45226 [preauth]","@timestamp":"2022-09-16T16:56:49.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:09 honeypot-fra-1 sshd[22600]: Disconnected from invalid user user 45.61.184.204 port 39908 [preauth]","@timestamp":"2022-09-16T16:57:09.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:27 honeypot-fra-1 sshd[22604]: Disconnected from invalid user user 45.61.184.204 port 34578 [preauth]","@timestamp":"2022-09-16T16:57:28.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:46 honeypot-fra-1 sshd[22610]: Disconnected from invalid user user 45.61.184.204 port 57500 [preauth]","@timestamp":"2022-09-16T16:57:46.363Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:00:45 honeypot-ams-1 sshd[31735]: Did not receive identification string from 45.61.187.160 port 43862","@timestamp":"2022-09-16T17:00:45.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:23 honeypot-ams-1 sshd[31738]: Disconnected from invalid user user 45.61.187.160 port 38212 [preauth]","@timestamp":"2022-09-16T17:01:23.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:42 honeypot-ams-1 sshd[31742]: Disconnected from invalid user user 45.61.187.160 port 60756 [preauth]","@timestamp":"2022-09-16T17:01:42.910Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:02:00 honeypot-ams-1 sshd[31746]: Disconnected from invalid user user 45.61.187.160 port 55052 [preauth]","@timestamp":"2022-09-16T17:02:00.920Z"}
{"@timestamp":"2022-09-16T17:04:07.602Z","@version":"1","message":"Sep 16 17:04:07 honeypot-sgp-1 kernel: [84223952.754050] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=81.45.139.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=10913 PROTO=TCP SPT=56529 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:06:21 honeypot-fra-1 sshd[22618]: Received disconnect from 23.224.98.194 port 45194:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:06:22.563Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:08:01 honeypot-ams-1 kernel: [84224662.458445] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26824 PROTO=TCP SPT=53315 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:08:02.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:08:26 honeypot-fra-1 sshd[22622]: Disconnected from authenticating user root 103.124.94.169 port 49626 [preauth]","@timestamp":"2022-09-16T17:08:26.613Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:12:02.793Z","@version":"1","message":"Sep 16 17:12:02 honeypot-sgp-1 kernel: [84224428.227859] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=208.67.105.124 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=14604 PROTO=TCP SPT=46424 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:15:56 honeypot-ams-1 kernel: [84225137.706284] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35682 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:15:57.280Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:17:46 honeypot-fra-1 sshd[22632]: Received disconnect from 103.147.35.60 port 49570:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:17:47.133Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:21:21 honeypot-fra-1 sshd[22636]: Received disconnect from 92.255.85.69 port 48674:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:21:22.217Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:21:27 honeypot-ams-1 kernel: [84225469.209709] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.107.107.252 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=56416 PROTO=TCP SPT=24501 DPT=80 WINDOW=61054 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:21:28.425Z"}
{"@timestamp":"2022-09-16T17:21:54.032Z","@version":"1","message":"Sep 16 17:21:53 honeypot-sgp-1 sshd[25754]: Invalid user user from 179.60.147.69 port 45432","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T17:26:58.158Z","@version":"1","message":"Sep 16 17:26:58 honeypot-sgp-1 kernel: [84225323.568294] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.37 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35063 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:09 honeypot-fra-1 sshd[22641]: Invalid user jenkins from 165.227.85.21 port 59464","@timestamp":"2022-09-16T17:27:09.350Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:26 honeypot-fra-1 sshd[22643]: Disconnected from invalid user uftp 167.172.152.29 port 53952 [preauth]","@timestamp":"2022-09-16T17:27:27.359Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:29:08 honeypot-ams-1 kernel: [84225930.011224] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.150 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52796 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:29:09.620Z"}
{"@timestamp":"2022-09-16T17:32:59.304Z","@version":"1","message":"Sep 16 17:32:58 honeypot-sgp-1 sshd[25763]: Received disconnect from 203.151.83.7 port 37486:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:33:27 honeypot-fra-1 sshd[22648]: Received disconnect from 64.227.39.120 port 57724:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:33:28.517Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:34:39 honeypot-ams-1 sshd[31770]: Invalid user control from 195.19.105.13 port 17911","@timestamp":"2022-09-16T17:34:39.766Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:40:21 honeypot-ams-1 kernel: [84226603.129351] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.116.246.140 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=31426 PROTO=TCP SPT=18046 DPT=443 WINDOW=31046 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:40:22.912Z"}
{"@timestamp":"2022-09-16T17:40:52.491Z","@version":"1","message":"Sep 16 17:40:52 honeypot-sgp-1 sshd[25766]: Did not receive identification string from 108.179.252.145 port 37040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:44:30 honeypot-fra-1 sshd[22654]: Received disconnect from 92.255.85.70 port 41442:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:44:31.758Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:46:49.635Z","@version":"1","message":"Sep 16 17:46:49 honeypot-sgp-1 sshd[25770]: Invalid user admin from 161.82.233.183 port 41080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T17:47:26.652Z","@version":"1","message":"Sep 16 17:47:26 honeypot-sgp-1 sshd[25774]: Disconnected from 108.179.252.145 port 28042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:48:57 honeypot-fra-1 kernel: [84224950.135857] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.203.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=41330 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:48:57.861Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:50:50 honeypot-ams-1 sshd[31779]: Received disconnect from 147.182.205.245 port 52594:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:50:51.184Z"}
{"@timestamp":"2022-09-16T17:52:48.781Z","@version":"1","message":"Sep 16 17:52:48 honeypot-sgp-1 sshd[25781]: Invalid user test from 182.23.23.42 port 49744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T18:00:36.989Z","@version":"1","message":"Sep 16 18:00:36 honeypot-sgp-1 kernel: [84227341.738643] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=227 ID=2874 PROTO=TCP SPT=51203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:18:31 honeypot-ams-1 sshd[30039]: Invalid user ftpuser from 92.255.85.69 port 38474","@timestamp":"2022-09-16T06:18:31.828Z"}
{"@timestamp":"2022-09-16T06:20:30.118Z","@version":"1","message":"Sep 16 06:20:30 honeypot-sgp-1 sshd[23599]: Disconnected from authenticating user root 61.177.173.53 port 12086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:20:42 honeypot-fra-1 kernel: [84183657.628803] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.240 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54558 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:20:43.435Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:25:05 honeypot-ams-1 CRON[30661]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T06:25:06.003Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:54 honeypot-fra-1 sshd[20998]: Invalid user ftpuser from 92.255.85.69 port 40268","@timestamp":"2022-09-16T06:25:55.558Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:26:24.291Z","@version":"1","message":"Sep 16 06:26:23 honeypot-sgp-1 kernel: [84185690.140783] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.233 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=35291 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:29:09.361Z","@version":"1","message":"Sep 16 06:29:09 honeypot-sgp-1 sshd[23760]: Disconnected from invalid user install 38.143.137.90 port 28928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:30:02 honeypot-ams-1 kernel: [84186383.696115] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=48636 PROTO=TCP SPT=49165 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:30:02.152Z"}
{"@timestamp":"2022-09-16T06:30:09.388Z","@version":"1","message":"Sep 16 06:30:08 honeypot-sgp-1 sshd[23764]: Disconnected from invalid user user 38.143.137.90 port 17938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:31:08.417Z","@version":"1","message":"Sep 16 06:31:07 honeypot-sgp-1 sshd[24303]: Received disconnect from 38.143.137.90 port 38880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:31:08 honeypot-fra-1 sshd[21617]: Invalid user leona from 165.22.45.108 port 36204","@timestamp":"2022-09-16T06:31:09.676Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:28 honeypot-ams-1 sshd[30845]: Received disconnect from 80.76.51.46 port 54630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:31:29.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:47 honeypot-ams-1 sshd[30851]: Received disconnect from 80.76.51.46 port 34446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:31:48.204Z"}
{"@timestamp":"2022-09-16T06:32:07.442Z","@version":"1","message":"Sep 16 06:32:07 honeypot-sgp-1 sshd[24311]: Received disconnect from 38.143.137.90 port 4826:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:07 honeypot-ams-1 sshd[30855]: Disconnected from authenticating user root 80.76.51.46 port 42326 [preauth]","@timestamp":"2022-09-16T06:32:08.214Z"}
{"@timestamp":"2022-09-16T06:32:38.457Z","@version":"1","message":"Sep 16 06:32:37 honeypot-sgp-1 sshd[24315]: Disconnected from invalid user user 38.143.137.90 port 15992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:38 honeypot-ams-1 sshd[30861]: Received disconnect from 80.76.51.46 port 54202:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:32:39.233Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:59 honeypot-ams-1 sshd[30865]: Disconnected from invalid user test 80.76.51.46 port 33902 [preauth]","@timestamp":"2022-09-16T06:33:00.244Z"}
{"@timestamp":"2022-09-16T06:33:37.483Z","@version":"1","message":"Sep 16 06:33:37 honeypot-sgp-1 sshd[24319]: Disconnected from invalid user user 38.143.137.90 port 31820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:34:38.512Z","@version":"1","message":"Sep 16 06:34:37 honeypot-sgp-1 sshd[24324]: Disconnected from invalid user user 38.143.137.90 port 3474 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:35:38.540Z","@version":"1","message":"Sep 16 06:35:37 honeypot-sgp-1 sshd[24329]: Disconnected from invalid user user 38.143.137.90 port 26042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:36:39.569Z","@version":"1","message":"Sep 16 06:36:38 honeypot-sgp-1 sshd[24333]: Disconnected from invalid user user 38.143.137.90 port 56318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:37:40.596Z","@version":"1","message":"Sep 16 06:37:40 honeypot-sgp-1 sshd[24337]: Disconnected from invalid user chia 38.143.137.90 port 15670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:38:08 honeypot-ams-1 sshd[30870]: Disconnected from invalid user monitor 103.94.168.42 port 3147 [preauth]","@timestamp":"2022-09-16T06:38:09.375Z"}
{"@timestamp":"2022-09-16T06:38:42.627Z","@version":"1","message":"Sep 16 06:38:42 honeypot-sgp-1 sshd[24341]: Received disconnect from 38.143.137.90 port 2686:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:39:31 honeypot-ams-1 sshd[30877]: Disconnected from authenticating user root 159.89.205.198 port 44488 [preauth]","@timestamp":"2022-09-16T06:39:32.414Z"}
{"@timestamp":"2022-09-16T06:39:45.656Z","@version":"1","message":"Sep 16 06:39:44 honeypot-sgp-1 sshd[24346]: Disconnected from invalid user wangbing 38.143.137.90 port 58310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:40:49.684Z","@version":"1","message":"Sep 16 06:40:49 honeypot-sgp-1 sshd[24352]: Disconnected from invalid user wangxiong 38.143.137.90 port 50140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:42:16.722Z","@version":"1","message":"Sep 16 06:42:16 honeypot-sgp-1 sshd[24358]: Disconnected from authenticating user root 61.177.173.36 port 12340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:43:29.755Z","@version":"1","message":"Sep 16 06:43:28 honeypot-sgp-1 sshd[24364]: Invalid user zkti from 38.143.137.90 port 63586","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:44:35.784Z","@version":"1","message":"Sep 16 06:44:34 honeypot-sgp-1 sshd[24369]: Disconnected from authenticating user root 38.143.137.90 port 12936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:45:40.814Z","@version":"1","message":"Sep 16 06:45:40 honeypot-sgp-1 sshd[24373]: Disconnected from invalid user dev 38.143.137.90 port 10628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:46:44.844Z","@version":"1","message":"Sep 16 06:46:43 honeypot-sgp-1 sshd[24379]: Received disconnect from 38.143.137.90 port 5498:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:47:48.874Z","@version":"1","message":"Sep 16 06:47:48 honeypot-sgp-1 sshd[24383]: Disconnected from invalid user gaodongsheng 38.143.137.90 port 18992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:48:57 honeypot-fra-1 kernel: [84185352.037605] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54748 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:48:58.091Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T06:49:26.919Z","@version":"1","message":"Sep 16 06:49:26 honeypot-sgp-1 sshd[24389]: Disconnected from authenticating user root 38.143.137.90 port 56916 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:50:01.937Z","@version":"1","message":"Sep 16 06:50:00 honeypot-sgp-1 sshd[24395]: Disconnected from invalid user xdp 38.143.137.90 port 34018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:51:09.969Z","@version":"1","message":"Sep 16 06:51:09 honeypot-sgp-1 sshd[24401]: Received disconnect from 38.143.137.90 port 19682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:51:58 honeypot-ams-1 sshd[30889]: Invalid user guest from 193.106.191.157 port 38188","@timestamp":"2022-09-16T06:51:58.728Z"}
{"@timestamp":"2022-09-16T06:52:17.000Z","@version":"1","message":"Sep 16 06:52:16 honeypot-sgp-1 sshd[24405]: Disconnected from authenticating user root 38.143.137.90 port 5972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21640]: Invalid user ansible from 101.33.218.153 port 36307","@timestamp":"2022-09-16T06:53:53.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21641]: Invalid user dev from 101.33.218.153 port 36263","@timestamp":"2022-09-16T06:53:54.208Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:53:57.062Z","@version":"1","message":"Sep 16 06:53:56 honeypot-sgp-1 sshd[24411]: Received disconnect from 38.143.137.90 port 41692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:54:04 honeypot-ams-1 sshd[30891]: Received disconnect from 139.59.231.120 port 36012:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:54:04.786Z"}
{"@timestamp":"2022-09-16T06:55:03.091Z","@version":"1","message":"Sep 16 06:55:02 honeypot-sgp-1 sshd[24415]: Disconnected from authenticating user root 38.143.137.90 port 26842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:18.125Z","@version":"1","message":"Sep 16 06:56:18 honeypot-sgp-1 sshd[24422]: Invalid user tomcat from 92.255.85.70 port 44692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:43.138Z","@version":"1","message":"Sep 16 06:56:42 honeypot-sgp-1 sshd[24426]: Received disconnect from 38.143.137.90 port 25628:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:57:16.154Z","@version":"1","message":"Sep 16 06:57:15 honeypot-sgp-1 sshd[24430]: Disconnected from invalid user omnisky 38.143.137.90 port 23596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:58:24.187Z","@version":"1","message":"Sep 16 06:58:23 honeypot-sgp-1 sshd[24437]: Received disconnect from 38.143.137.90 port 9492:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:59:32.218Z","@version":"1","message":"Sep 16 06:59:32 honeypot-sgp-1 sshd[24442]: Disconnected from authenticating user root 38.143.137.90 port 57580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:00:17 honeypot-ams-1 sshd[30900]: Disconnected from authenticating user root 61.177.172.108 port 51408 [preauth]","@timestamp":"2022-09-16T07:00:17.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:00:38 honeypot-fra-1 sshd[21664]: Disconnected from authenticating user root 45.188.54.82 port 43782 [preauth]","@timestamp":"2022-09-16T07:00:39.359Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:00:40.251Z","@version":"1","message":"Sep 16 07:00:39 honeypot-sgp-1 sshd[24449]: Disconnected from invalid user user 38.143.137.90 port 38150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:01:47.283Z","@version":"1","message":"Sep 16 07:01:46 honeypot-sgp-1 sshd[24455]: Received disconnect from 38.143.137.90 port 15164:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:03:29.327Z","@version":"1","message":"Sep 16 07:03:29 honeypot-sgp-1 sshd[24462]: Invalid user jenkins from 38.143.137.90 port 18376","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:04:26 honeypot-ams-1 sshd[30908]: Connection closed by invalid user admin 179.60.147.69 port 51140 [preauth]","@timestamp":"2022-09-16T07:04:27.053Z"}
{"@timestamp":"2022-09-16T07:04:37.358Z","@version":"1","message":"Sep 16 07:04:36 honeypot-sgp-1 sshd[24466]: Received disconnect from 38.143.137.90 port 57124:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:06:17.401Z","@version":"1","message":"Sep 16 07:06:17 honeypot-sgp-1 sshd[24474]: Invalid user smartmore from 38.143.137.90 port 53212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:07:24.432Z","@version":"1","message":"Sep 16 07:07:23 honeypot-sgp-1 sshd[24478]: Disconnected from authenticating user root 38.143.137.90 port 56252 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:08:07 honeypot-fra-1 sshd[21672]: Corrupted MAC on input. [preauth]","@timestamp":"2022-09-16T07:08:07.555Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:08:30.462Z","@version":"1","message":"Sep 16 07:08:29 honeypot-sgp-1 sshd[24483]: Disconnected from invalid user xdp 38.143.137.90 port 14306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:10:10.506Z","@version":"1","message":"Sep 16 07:10:10 honeypot-sgp-1 sshd[24491]: Received disconnect from 38.143.137.90 port 49850:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:11:15.535Z","@version":"1","message":"Sep 16 07:11:15 honeypot-sgp-1 sshd[24498]: Invalid user hczh from 38.143.137.90 port 17710","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:11:18 honeypot-ams-1 sshd[30915]: Received disconnect from 61.177.173.50 port 47733:11:  [preauth]","@timestamp":"2022-09-16T07:11:19.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:12:15 honeypot-ams-1 sshd[30919]: Received disconnect from 170.106.113.73 port 50242:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:12:16.265Z"}
{"@timestamp":"2022-09-16T07:12:21.564Z","@version":"1","message":"Sep 16 07:12:21 honeypot-sgp-1 sshd[24503]: Disconnected from authenticating user root 38.143.137.90 port 50374 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:13:06 honeypot-fra-1 sshd[21677]: Disconnected from invalid user tomcat 92.255.85.69 port 25746 [preauth]","@timestamp":"2022-09-16T07:13:06.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:13:28 honeypot-ams-1 sshd[30923]: Disconnected from authenticating user root 20.239.69.124 port 55580 [preauth]","@timestamp":"2022-09-16T07:13:28.301Z"}
{"@timestamp":"2022-09-16T07:13:28.595Z","@version":"1","message":"Sep 16 07:13:28 honeypot-sgp-1 sshd[24507]: Disconnected from authenticating user root 38.143.137.90 port 54428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:14:34.624Z","@version":"1","message":"Sep 16 07:14:34 honeypot-sgp-1 sshd[24511]: Disconnected from invalid user zhengchaolei 38.143.137.90 port 30462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:16:12.667Z","@version":"1","message":"Sep 16 07:16:12 honeypot-sgp-1 sshd[24521]: Disconnected from authenticating user root 38.143.137.90 port 23288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:17:20.698Z","@version":"1","message":"Sep 16 07:17:20 honeypot-sgp-1 sshd[24528]: Disconnected from authenticating user root 38.143.137.90 port 28556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:17:28 honeypot-ams-1 sshd[30933]: Connection closed by invalid user  152.32.249.159 port 33724 [preauth]","@timestamp":"2022-09-16T07:17:29.409Z"}
{"@timestamp":"2022-09-16T07:18:27.727Z","@version":"1","message":"Sep 16 07:18:26 honeypot-sgp-1 sshd[24535]: Disconnected from authenticating user root 38.143.137.90 port 6614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:19:32.756Z","@version":"1","message":"Sep 16 07:19:32 honeypot-sgp-1 sshd[24539]: Invalid user dami_ftp from 38.143.137.90 port 51208","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:20:05.772Z","@version":"1","message":"Sep 16 07:20:05 honeypot-sgp-1 sshd[24543]: Disconnected from invalid user eduinfo 38.143.137.90 port 13290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:21:10.801Z","@version":"1","message":"Sep 16 07:21:10 honeypot-sgp-1 sshd[24550]: Invalid user ystxiaojia from 38.143.137.90 port 4416","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:21:44 honeypot-fra-1 sshd[21683]: Invalid user guest from 193.106.191.157 port 54778","@timestamp":"2022-09-16T07:21:45.867Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:22:17.830Z","@version":"1","message":"Sep 16 07:22:17 honeypot-sgp-1 sshd[24554]: Disconnected from authenticating user root 38.143.137.90 port 7002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:23:42.868Z","@version":"1","message":"Sep 16 07:23:42 honeypot-sgp-1 sshd[24560]: Received disconnect from 61.177.172.114 port 32749:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:24:32.892Z","@version":"1","message":"Sep 16 07:24:32 honeypot-sgp-1 sshd[24566]: Received disconnect from 38.143.137.90 port 59394:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:25:06.908Z","@version":"1","message":"Sep 16 07:25:06 honeypot-sgp-1 sshd[24570]: Disconnected from invalid user luguoliang 38.143.137.90 port 16126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:25:15 honeypot-fra-1 sshd[21686]: Disconnected from invalid user leonardo 165.22.45.108 port 41286 [preauth]","@timestamp":"2022-09-16T07:25:15.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:26:00 honeypot-ams-1 sshd[30954]: Received disconnect from 61.177.173.52 port 40242:11:  [preauth]","@timestamp":"2022-09-16T07:26:01.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:29:16 honeypot-ams-1 sshd[30961]: Disconnected from invalid user 123 92.255.85.69 port 43504 [preauth]","@timestamp":"2022-09-16T07:29:16.716Z"}
{"@timestamp":"2022-09-16T07:36:00.176Z","@version":"1","message":"Sep 16 07:35:59 honeypot-sgp-1 kernel: [84189865.816289] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=41324 PROTO=TCP SPT=56206 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:38:45 honeypot-fra-1 kernel: [84188339.751340] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.96.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45060 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:38:45.318Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T07:39:20.258Z","@version":"1","message":"Sep 16 07:39:19 honeypot-sgp-1 sshd[24582]: Disconnected from 61.177.173.51 port 33733 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:39:46 honeypot-fra-1 sshd[21698]: Received disconnect from 34.75.26.147 port 58678:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:39:46.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:40:58 honeypot-fra-1 sshd[21702]: Disconnected from invalid user sherrill 5.101.1.20 port 52758 [preauth]","@timestamp":"2022-09-16T07:40:58.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:45:38 honeypot-ams-1 sshd[30976]: Received disconnect from 190.187.240.86 port 49288:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:45:39.134Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:51:45 honeypot-ams-1 kernel: [84191286.913668] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=37826 PROTO=TCP SPT=10166 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:51:46.294Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:53:22 honeypot-fra-1 kernel: [84189217.115373] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60372 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:53:22.673Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T07:54:15.617Z","@version":"1","message":"Sep 16 07:54:14 honeypot-sgp-1 kernel: [84190960.729748] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57229 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:55:23 honeypot-ams-1 sshd[30986]: Received disconnect from 61.177.173.39 port 28354:11:  [preauth]","@timestamp":"2022-09-16T07:55:24.391Z"}
{"@timestamp":"2022-09-16T07:56:40.679Z","@version":"1","message":"Sep 16 07:56:40 honeypot-sgp-1 sshd[24596]: Disconnected from invalid user user 45.61.184.204 port 58012 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:01.689Z","@version":"1","message":"Sep 16 07:57:00 honeypot-sgp-1 sshd[24600]: Disconnected from invalid user user 45.61.184.204 port 52878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:18.698Z","@version":"1","message":"Sep 16 07:57:18 honeypot-sgp-1 sshd[24605]: Disconnected from invalid user user 45.61.184.204 port 47718 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:37.708Z","@version":"1","message":"Sep 16 07:57:36 honeypot-sgp-1 sshd[24609]: Disconnected from invalid user user 45.61.184.204 port 42580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:59:25 honeypot-ams-1 kernel: [84191747.182150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.137.89.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=48721 DF PROTO=TCP SPT=25177 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:59:26.495Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:02:22 honeypot-fra-1 kernel: [84189756.545667] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=110.138.22.17 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=47653 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 ","@timestamp":"2022-09-16T08:02:22.877Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:05:22 honeypot-fra-1 sshd[21712]: Connection reset by 138.68.94.5 port 28391 [preauth]","@timestamp":"2022-09-16T08:05:22.948Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T08:05:31.922Z","@version":"1","message":"Sep 16 08:05:31 honeypot-sgp-1 kernel: [84191637.397025] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=117.212.165.187 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=54494 DF PROTO=TCP SPT=56098 DPT=80 WINDOW=5680 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:06:41 honeypot-ams-1 sshd[30998]: Received disconnect from 61.177.173.36 port 10058:11:  [preauth]","@timestamp":"2022-09-16T08:06:41.688Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:11:01 honeypot-ams-1 kernel: [84192443.040736] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.82.47.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40066 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:11:01.804Z"}
{"@timestamp":"2022-09-16T08:12:59.109Z","@version":"1","message":"Sep 16 08:12:58 honeypot-sgp-1 kernel: [84192084.829399] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.226 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54041 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:14:07.139Z","@version":"1","message":"Sep 16 08:14:07 honeypot-sgp-1 sshd[24624]: Invalid user guest from 179.60.147.69 port 15872","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:16:33 honeypot-fra-1 kernel: [84190608.232049] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=74.82.47.48 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=33908 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-16T08:16:34.205Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:16:45 honeypot-ams-1 sshd[31007]: Disconnected from invalid user a 92.255.85.70 port 37524 [preauth]","@timestamp":"2022-09-16T08:16:45.969Z"}
{"@timestamp":"2022-09-16T08:17:01.212Z","@version":"1","message":"Sep 16 08:17:01 honeypot-sgp-1 CRON[24628]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:17:28 honeypot-ams-1 sshd[31014]: Invalid user guest from 179.60.147.69 port 23624","@timestamp":"2022-09-16T08:17:28.990Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:17:48 honeypot-fra-1 kernel: [84190682.425451] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.230 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=42414 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:17:48.236Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T08:19:42.281Z","@version":"1","message":"Sep 16 08:19:41 honeypot-sgp-1 kernel: [84192487.476592] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34960 PROTO=TCP SPT=10166 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:22:33 honeypot-ams-1 sshd[31021]: Received disconnect from 61.177.172.104 port 59894:11:  [preauth]","@timestamp":"2022-09-16T08:22:33.124Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:24:49 honeypot-fra-1 kernel: [84191103.667253] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=57834 PROTO=TCP SPT=44726 DPT=443 WINDOW=49878 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:24:49.403Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:26:20 honeypot-ams-1 kernel: [84193361.566171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=15591 PROTO=TCP SPT=36567 DPT=80 WINDOW=25606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:26:20.227Z"}
{"@timestamp":"2022-09-16T08:27:14.468Z","@version":"1","message":"Sep 16 08:27:14 honeypot-sgp-1 sshd[24658]: Disconnected from invalid user koellner 165.227.118.71 port 38502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:29:18 honeypot-ams-1 sshd[31028]: Invalid user roseline from 45.135.165.165 port 44878","@timestamp":"2022-09-16T08:29:19.307Z"}
{"@timestamp":"2022-09-16T08:30:54.563Z","@version":"1","message":"Sep 16 08:30:54 honeypot-sgp-1 sshd[24665]: Disconnected from authenticating user root 61.177.173.36 port 51117 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:31:06 honeypot-ams-1 sshd[31032]: Received disconnect from 27.254.149.199 port 34050:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:31:07.359Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:33:52 honeypot-ams-1 kernel: [84193813.798557] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.166.117.97 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=254 ID=54321 PROTO=TCP SPT=25014 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:33:52.432Z"}
{"@timestamp":"2022-09-16T08:34:08.645Z","@version":"1","message":"Sep 16 08:34:08 honeypot-sgp-1 sshd[24671]: Received disconnect from 95.85.39.74 port 59938:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:36:17.700Z","@version":"1","message":"Sep 16 08:36:17 honeypot-sgp-1 sshd[24676]: Disconnected from authenticating user root 159.65.103.250 port 52314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:40:47 honeypot-ams-1 sshd[31061]: Received disconnect from 92.255.85.70 port 19186:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:40:47.609Z"}
{"@timestamp":"2022-09-16T08:43:45.907Z","@version":"1","message":"Sep 16 08:43:45 honeypot-sgp-1 sshd[24683]: Disconnected from authenticating user root 61.177.173.36 port 14234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:48:45 honeypot-fra-1 kernel: [84192540.168833] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.200 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10666 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:48:45.954Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:51:57 honeypot-ams-1 kernel: [84194898.851272] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=21606 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:51:57.900Z"}
{"@timestamp":"2022-09-16T08:53:33.151Z","@version":"1","message":"Sep 16 08:53:32 honeypot-sgp-1 sshd[24693]: Disconnected from authenticating user root 92.255.85.70 port 39400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:58:40 honeypot-ams-1 sshd[31079]: Received disconnect from 61.177.173.36 port 15367:11:  [preauth]","@timestamp":"2022-09-16T08:58:41.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:58:53 honeypot-fra-1 kernel: [84193148.134357] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=45485 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:58:54.186Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T08:59:17.299Z","@version":"1","message":"Sep 16 08:59:16 honeypot-sgp-1 kernel: [84194862.748926] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.134.93 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9240 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:01:06.352Z","@version":"1","message":"Sep 16 09:01:05 honeypot-sgp-1 sshd[24698]: Disconnected from invalid user fjh 177.137.87.209 port 34220 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:01:10 honeypot-ams-1 sshd[31083]: Disconnected from authenticating user root 51.178.137.178 port 52444 [preauth]","@timestamp":"2022-09-16T09:01:11.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:03:44 honeypot-ams-1 sshd[31089]: Received disconnect from 45.61.184.204 port 40006:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T09:03:45.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:04 honeypot-ams-1 sshd[31093]: Received disconnect from 45.61.184.204 port 35564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T09:04:05.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:13 honeypot-ams-1 sshd[31097]: Disconnected from invalid user user 45.61.184.204 port 47458 [preauth]","@timestamp":"2022-09-16T09:04:14.239Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:31 honeypot-ams-1 sshd[31101]: Disconnected from invalid user user 45.61.184.204 port 43008 [preauth]","@timestamp":"2022-09-16T09:04:32.250Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:10:14 honeypot-fra-1 sshd[21761]: Invalid user leslie from 165.22.45.108 port 51380","@timestamp":"2022-09-16T09:10:14.444Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:11:28 honeypot-ams-1 sshd[31111]: Disconnected from authenticating user root 61.177.173.36 port 16060 [preauth]","@timestamp":"2022-09-16T09:11:28.431Z"}
{"@timestamp":"2022-09-16T09:16:58.745Z","@version":"1","message":"Sep 16 09:16:57 honeypot-sgp-1 sshd[24711]: Received disconnect from 92.255.85.69 port 54472:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:17:01 honeypot-ams-1 CRON[31118]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T09:17:02.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:17:01 honeypot-fra-1 CRON[21766]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T09:17:02.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:19:23 honeypot-fra-1 sshd[21769]: Connection closed by invalid user guest 193.106.191.157 port 37232 [preauth]","@timestamp":"2022-09-16T09:19:23.654Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:22:34.883Z","@version":"1","message":"Sep 16 09:22:33 honeypot-sgp-1 sshd[24717]: Disconnected from authenticating user root 61.177.173.39 port 49632 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:23:58 honeypot-fra-1 sshd[21776]: Disconnected from 218.92.0.200 port 39103 [preauth]","@timestamp":"2022-09-16T09:23:58.760Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:26:36 honeypot-ams-1 sshd[31128]: Disconnected from authenticating user root 61.177.173.46 port 49529 [preauth]","@timestamp":"2022-09-16T09:26:36.822Z"}
{"@timestamp":"2022-09-16T09:27:21.002Z","@version":"1","message":"Sep 16 09:27:20 honeypot-sgp-1 sshd[24726]: Received disconnect from 49.88.112.76 port 52605:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:30:05 honeypot-ams-1 sshd[31133]: Invalid user blank from 179.60.147.69 port 19858","@timestamp":"2022-09-16T09:30:05.915Z"}
{"@timestamp":"2022-09-16T09:30:30.082Z","@version":"1","message":"Sep 16 09:30:29 honeypot-sgp-1 sshd[24730]: Disconnected from invalid user hadoop 187.37.77.251 port 38541 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:31:54.119Z","@version":"1","message":"Sep 16 09:31:53 honeypot-sgp-1 sshd[24733]: Received disconnect from 61.177.173.52 port 18614:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:07.126Z","@version":"1","message":"Sep 16 09:32:07 honeypot-sgp-1 sshd[24740]: Received disconnect from 45.61.186.169 port 48990:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:23.134Z","@version":"1","message":"Sep 16 09:32:22 honeypot-sgp-1 sshd[24744]: Received disconnect from 45.61.186.169 port 43422:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:38.142Z","@version":"1","message":"Sep 16 09:32:37 honeypot-sgp-1 sshd[24748]: Received disconnect from 45.61.186.169 port 37836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:32:44 honeypot-fra-1 kernel: [84195178.952930] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=18514 PROTO=TCP SPT=40602 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:32:44.964Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:35:21 honeypot-ams-1 sshd[31136]: Connection closed by invalid user guest 193.106.191.157 port 53736 [preauth]","@timestamp":"2022-09-16T09:35:22.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:36:00 honeypot-fra-1 kernel: [84195374.445664] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=4331 PROTO=TCP SPT=40900 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:36:01.041Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T09:36:54.251Z","@version":"1","message":"Sep 16 09:36:53 honeypot-sgp-1 kernel: [84197119.276942] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.191 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=55704 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:38:49 honeypot-ams-1 kernel: [84197710.851338] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=144.126.130.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=14180 PROTO=TCP SPT=41080 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:38:50.144Z"}
{"@timestamp":"2022-09-16T09:40:09.333Z","@version":"1","message":"Sep 16 09:40:08 honeypot-sgp-1 sshd[24759]: Received disconnect from 45.61.186.49 port 59234:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:40:27.342Z","@version":"1","message":"Sep 16 09:40:27 honeypot-sgp-1 sshd[24765]: Invalid user testuser from 92.255.85.69 port 18858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:45:49 honeypot-ams-1 kernel: [84198130.547086] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=12720 PROTO=TCP SPT=4062 DPT=80 WINDOW=20118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:45:49.326Z"}
{"@timestamp":"2022-09-16T09:50:19.583Z","@version":"1","message":"Sep 16 09:50:18 honeypot-sgp-1 kernel: [84197924.612048] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57793 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:50:26 honeypot-ams-1 sshd[31157]: Disconnected from invalid user testuser 92.255.85.69 port 54322 [preauth]","@timestamp":"2022-09-16T09:50:27.451Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:54:49 honeypot-ams-1 sshd[31161]: Connection closed by invalid user guest 193.106.191.157 port 38918 [preauth]","@timestamp":"2022-09-16T09:54:49.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:57:56 honeypot-fra-1 sshd[21795]: Invalid user testuser from 92.255.85.70 port 46580","@timestamp":"2022-09-16T09:57:56.552Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:00:28.857Z","@version":"1","message":"Sep 16 10:00:27 honeypot-sgp-1 sshd[24778]: Received disconnect from 159.223.172.195 port 38272:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:01:29 honeypot-fra-1 kernel: [84196903.734754] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.97.98.117 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=28474 DF PROTO=TCP SPT=55856 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T10:01:29.636Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:01:41 honeypot-ams-1 sshd[31171]: Received disconnect from 206.189.197.134 port 39374:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:01:42.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:02:34 honeypot-ams-1 sshd[31175]: Disconnected from authenticating user root 68.183.88.186 port 36246 [preauth]","@timestamp":"2022-09-16T10:02:34.771Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:04:14 honeypot-fra-1 sshd[21800]: Invalid user support from 179.60.147.69 port 37388","@timestamp":"2022-09-16T10:04:14.702Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:04:26.957Z","@version":"1","message":"Sep 16 10:04:25 honeypot-sgp-1 sshd[24784]: Invalid user admin from 92.255.85.70 port 61262","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:06:02 honeypot-fra-1 kernel: [84197177.163419] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.143.133.224 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=52427 PROTO=TCP SPT=59711 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:06:03.749Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:06:06 honeypot-ams-1 kernel: [84199347.769596] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.5 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54206 PROTO=TCP SPT=34098 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:06:06.868Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:13:51 honeypot-ams-1 sshd[31183]: Received disconnect from 92.255.85.70 port 38606:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:13:52.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21812]: Invalid user admin from 137.184.77.246 port 42068","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21822]: Invalid user esuser from 137.184.77.246 port 42066","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21829]: Invalid user es from 137.184.77.246 port 42000","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21807]: Connection closed by invalid user www 137.184.77.246 port 42006 [preauth]","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21817]: Connection closed by authenticating user root 137.184.77.246 port 42026 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21815]: Connection closed by invalid user elasticsearch 137.184.77.246 port 41998 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21824]: Connection closed by invalid user chia 137.184.77.246 port 42004 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21832]: Connection closed by invalid user devops 137.184.77.246 port 42034 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21838]: Connection closed by authenticating user root 137.184.77.246 port 42056 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21841]: Connection closed by invalid user www 137.184.77.246 port 42078 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:17:01.266Z","@version":"1","message":"Sep 16 10:17:01 honeypot-sgp-1 CRON[24790]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:18:54 honeypot-ams-1 kernel: [84200115.964307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.49.93 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=22294 DF PROTO=TCP SPT=56610 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:18:55.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:21:12 honeypot-fra-1 sshd[21879]: Invalid user admin from 92.255.85.69 port 33540","@timestamp":"2022-09-16T10:21:13.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:21:40.383Z","@version":"1","message":"Sep 16 10:21:39 honeypot-sgp-1 sshd[24795]: Received disconnect from 91.240.118.222 port 29450:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:25:24 honeypot-fra-1 sshd[21882]: Received disconnect from 167.172.152.29 port 58474:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:25:25.197Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:28:25.546Z","@version":"1","message":"Sep 16 10:28:25 honeypot-sgp-1 sshd[24800]: Disconnected from authenticating user root 92.255.85.69 port 48788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:29:04 honeypot-ams-1 sshd[31192]: Received disconnect from 165.232.173.191 port 48416:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:29:05.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:31:07 honeypot-fra-1 kernel: [84198681.264481] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:31:07.328Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21890]: Connection closed by authenticating user root 137.184.77.246 port 37868 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21903]: Invalid user es from 137.184.77.246 port 37864","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21923]: Invalid user steam from 137.184.77.246 port 37884","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21900]: Invalid user devops from 137.184.77.246 port 37866","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21896]: Connection closed by invalid user user 137.184.77.246 port 37826 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21922]: Connection closed by authenticating user root 137.184.77.246 port 37854 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21892]: Connection closed by invalid user esuser 137.184.77.246 port 37896 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21901]: Connection closed by invalid user www 137.184.77.246 port 37840 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:34:33 honeypot-ams-1 sshd[31201]: Received disconnect from 134.122.123.117 port 54198:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:34:33.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:35:42 honeypot-ams-1 sshd[31205]: Received disconnect from 134.122.123.117 port 50598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:35:42.673Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:37:05 honeypot-ams-1 kernel: [84201207.178687] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.221.100.37 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=39130 DF PROTO=TCP SPT=12554 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:37:06.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:37:53 honeypot-ams-1 sshd[31216]: Received disconnect from 134.122.123.117 port 43334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:37:54.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:38:12 honeypot-fra-1 sshd[21950]: Received disconnect from 211.200.178.178 port 52552:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:38:12.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:38:59 honeypot-ams-1 sshd[31220]: Disconnected from invalid user user 134.122.123.117 port 39696 [preauth]","@timestamp":"2022-09-16T10:38:59.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:40:05 honeypot-ams-1 sshd[31224]: Disconnected from invalid user postgres 134.122.123.117 port 36130 [preauth]","@timestamp":"2022-09-16T10:40:05.794Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:40:21 honeypot-fra-1 sshd[21957]: Invalid user test from 179.60.147.69 port 27046","@timestamp":"2022-09-16T10:40:21.545Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:41:11 honeypot-ams-1 sshd[31228]: Disconnected from invalid user gituser 134.122.123.117 port 60658 [preauth]","@timestamp":"2022-09-16T10:41:12.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:42:17 honeypot-ams-1 sshd[31233]: Received disconnect from 134.122.123.117 port 57036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:42:17.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:42:49 honeypot-ams-1 sshd[31237]: Disconnected from invalid user ec2-user 134.122.123.117 port 55214 [preauth]","@timestamp":"2022-09-16T10:42:49.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:43:53 honeypot-ams-1 sshd[31241]: Disconnected from invalid user ubuntu 134.122.123.117 port 51568 [preauth]","@timestamp":"2022-09-16T10:43:54.909Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:44:35 honeypot-fra-1 sshd[21962]: Disconnected from authenticating user root 92.255.85.70 port 22694 [preauth]","@timestamp":"2022-09-16T10:44:36.644Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:44:58 honeypot-ams-1 sshd[31245]: Disconnected from invalid user spark 134.122.123.117 port 47950 [preauth]","@timestamp":"2022-09-16T10:44:58.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:46:03 honeypot-ams-1 sshd[31249]: Disconnected from invalid user debian 134.122.123.117 port 44280 [preauth]","@timestamp":"2022-09-16T10:46:03.972Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:47:09 honeypot-ams-1 sshd[31253]: Received disconnect from 134.122.123.117 port 40648:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:47:10.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:48:15 honeypot-ams-1 sshd[31258]: Invalid user student from 134.122.123.117 port 36996","@timestamp":"2022-09-16T10:48:16.037Z"}
{"@timestamp":"2022-09-16T10:48:40.038Z","@version":"1","message":"Sep 16 10:48:39 honeypot-sgp-1 kernel: [84201425.528294] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.204.100 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34216 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:49:20 honeypot-ams-1 sshd[31262]: Invalid user weblogic from 134.122.123.117 port 33406","@timestamp":"2022-09-16T10:49:21.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:49:53 honeypot-ams-1 sshd[31264]: Disconnected from invalid user db2inst1 134.122.123.117 port 59772 [preauth]","@timestamp":"2022-09-16T10:49:54.085Z"}
{"@timestamp":"2022-09-16T10:56:13.224Z","@version":"1","message":"Sep 16 10:56:13 honeypot-sgp-1 sshd[24811]: Connection closed by 167.94.138.117 port 49156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:58:35 honeypot-fra-1 sshd[21966]: Received disconnect from 165.22.45.108 port 33316:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:58:35.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:59:54 honeypot-ams-1 sshd[31268]: Disconnected from invalid user vcsa 98.252.188.193 port 59598 [preauth]","@timestamp":"2022-09-16T10:59:55.343Z"}
{"@timestamp":"2022-09-16T11:01:45.365Z","@version":"1","message":"Sep 16 11:01:45 honeypot-sgp-1 kernel: [84202211.000712] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=256 PROTO=TCP SPT=60944 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:03:21 honeypot-fra-1 kernel: [84200615.765256] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=47456 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:03:22.071Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:11:50 honeypot-ams-1 sshd[31274]: Received disconnect from 143.202.209.20 port 40519:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:11:50.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:12:09 honeypot-fra-1 kernel: [84201143.674440] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=35641 PROTO=TCP SPT=46652 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:12:10.272Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T11:12:14.618Z","@version":"1","message":"Sep 16 11:12:14 honeypot-sgp-1 kernel: [84202840.148273] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=38166 PROTO=TCP SPT=46370 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:17:01 honeypot-ams-1 CRON[31277]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T11:17:01.782Z"}
{"@timestamp":"2022-09-16T11:18:48.778Z","@version":"1","message":"Sep 16 11:18:48 honeypot-sgp-1 kernel: [84203234.308728] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=159.89.202.188 LEN=80 TOS=0x00 PREC=0x00 TTL=115 ID=53610 PROTO=TCP SPT=54634 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:23:32 honeypot-fra-1 sshd[21980]: Received disconnect from 23.126.62.36 port 51620:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:23:33.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:24:20 honeypot-ams-1 sshd[31283]: Disconnected from authenticating user root 92.255.85.69 port 20478 [preauth]","@timestamp":"2022-09-16T11:24:20.989Z"}
{"@timestamp":"2022-09-16T11:24:46.924Z","@version":"1","message":"Sep 16 11:24:46 honeypot-sgp-1 kernel: [84203592.524678] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.169.113.70 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=34126 PROTO=TCP SPT=47440 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:29:07 honeypot-fra-1 sshd[21986]: Invalid user winmateltd from 144.34.133.122 port 50626","@timestamp":"2022-09-16T11:29:07.662Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:29:13 honeypot-ams-1 sshd[31288]: Disconnected from authenticating user root 159.65.224.135 port 37896 [preauth]","@timestamp":"2022-09-16T11:29:14.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:30:14 honeypot-fra-1 sshd[21990]: Received disconnect from 64.227.126.207 port 41180:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:30:14.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:33:00 honeypot-fra-1 sshd[21995]: Received disconnect from 62.204.41.222 port 29072:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-16T11:33:00.757Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:38:06.246Z","@version":"1","message":"Sep 16 11:38:06 honeypot-sgp-1 sshd[24837]: Disconnected from authenticating user root 92.255.85.70 port 27950 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:38:41 honeypot-ams-1 sshd[31363]: Received disconnect from 128.199.179.36 port 41496:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:38:41.379Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:41:06 honeypot-fra-1 kernel: [84202879.983313] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.169.113.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=13696 PROTO=TCP SPT=47916 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:41:06.943Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:46:44 honeypot-ams-1 kernel: [84205386.101510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60433 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:46:45.600Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:48:55 honeypot-fra-1 kernel: [84203349.235141] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56838 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:48:56.124Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T11:51:30.568Z","@version":"1","message":"Sep 16 11:51:29 honeypot-sgp-1 sshd[24842]: Disconnected from invalid user aid 213.158.29.179 port 41784 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:32 honeypot-fra-1 sshd[22006]: Invalid user user from 45.61.186.169 port 42694","@timestamp":"2022-09-16T11:51:33.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:42 honeypot-fra-1 kernel: [84203516.471048] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=50671 PROTO=TCP SPT=47639 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:51:43.193Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:58 honeypot-fra-1 sshd[22012]: Disconnected from invalid user user 45.61.186.169 port 48920 [preauth]","@timestamp":"2022-09-16T11:51:59.201Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:52:14 honeypot-fra-1 sshd[22016]: Disconnected from invalid user user 45.61.186.169 port 43662 [preauth]","@timestamp":"2022-09-16T11:52:15.209Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:53:42 honeypot-ams-1 kernel: [84205803.541049] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.178.113.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=36569 DF PROTO=TCP SPT=7050 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:53:42.791Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:57:22 honeypot-fra-1 sshd[22023]: ssh_dispatch_run_fatal: Connection from 65.36.37.216 port 54530: Connection corrupted [preauth]","@timestamp":"2022-09-16T11:57:23.329Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:58:45.746Z","@version":"1","message":"Sep 16 11:58:45 honeypot-sgp-1 kernel: [84205631.490433] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=38295 PROTO=TCP SPT=47639 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:01:27 honeypot-fra-1 sshd[22028]: Invalid user guest from 193.106.191.157 port 50172","@timestamp":"2022-09-16T12:01:28.426Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:01:31.816Z","@version":"1","message":"Sep 16 12:01:31 honeypot-sgp-1 sshd[24851]: Disconnected from authenticating user root 92.255.85.69 port 56346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:04:28.888Z","@version":"1","message":"Sep 16 12:04:28 honeypot-sgp-1 sshd[24857]: Disconnected from invalid user fmw 60.50.99.134 port 48904 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:05:40 honeypot-ams-1 kernel: [84206521.804734] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=55821 PROTO=TCP SPT=49604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:05:41.112Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:05:59 honeypot-fra-1 sshd[22033]: Invalid user admin from 159.203.178.0 port 48118","@timestamp":"2022-09-16T12:06:00.535Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:22 honeypot-ams-1 sshd[31378]: Received disconnect from 45.61.187.160 port 39066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T12:06:23.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:43 honeypot-ams-1 sshd[31382]: Received disconnect from 45.61.187.160 port 33046:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T12:06:44.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:07:01 honeypot-ams-1 sshd[31386]: Received disconnect from 45.61.187.160 port 55282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T12:07:02.156Z"}
{"@timestamp":"2022-09-16T12:10:31.035Z","@version":"1","message":"Sep 16 12:10:30 honeypot-sgp-1 sshd[24863]: Received disconnect from 94.240.180.92 port 41604:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:11:28 honeypot-ams-1 sshd[31391]: Disconnected from authenticating user root 92.255.85.69 port 52732 [preauth]","@timestamp":"2022-09-16T12:11:29.272Z"}
{"@timestamp":"2022-09-16T12:11:56.074Z","@version":"1","message":"Sep 16 12:11:55 honeypot-sgp-1 kernel: [84206421.211527] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=58890 PROTO=TCP SPT=49604 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:13:55 honeypot-fra-1 kernel: [84204849.786128] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.230.103.243 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=60513 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:13:56.714Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:18:06 honeypot-ams-1 kernel: [84207267.606559] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=51208 PROTO=TCP SPT=59192 DPT=80 WINDOW=42608 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:18:06.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:18:53 honeypot-fra-1 sshd[22043]: Disconnected from authenticating user root 92.255.85.69 port 24142 [preauth]","@timestamp":"2022-09-16T12:18:53.831Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:20:56 honeypot-ams-1 kernel: [84207437.637938] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=46299 PROTO=TCP SPT=44726 DPT=443 WINDOW=49878 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:20:56.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:22:19 honeypot-fra-1 kernel: [84205353.855897] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.247 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15583 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:22:20.912Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:25:02.392Z","@version":"1","message":"Sep 16 12:25:01 honeypot-sgp-1 sshd[24876]: Received disconnect from 92.255.85.69 port 26240:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:27:46 honeypot-fra-1 sshd[22053]: Received disconnect from 200.29.109.224 port 43324:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:27:47.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:31:08.564Z","@version":"1","message":"Sep 16 12:31:08 honeypot-sgp-1 sshd[24882]: Received disconnect from 178.22.168.219 port 56798:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:31:27 honeypot-fra-1 sshd[22057]: Invalid user test from 179.60.147.69 port 53910","@timestamp":"2022-09-16T12:31:28.119Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:31:58 honeypot-ams-1 kernel: [84208100.236827] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x20 TTL=127 ID=25268 PROTO=TCP SPT=26292 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:31:59.804Z"}
{"@timestamp":"2022-09-16T12:32:23.596Z","@version":"1","message":"Sep 16 12:32:23 honeypot-sgp-1 sshd[24886]: Disconnected from invalid user admin 43.154.77.244 port 45976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:33:09.616Z","@version":"1","message":"Sep 16 12:33:08 honeypot-sgp-1 sshd[24892]: Connection closed by invalid user admin 128.199.160.207 port 21322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:33:59 honeypot-fra-1 sshd[22062]: Received disconnect from 144.24.116.174 port 51188:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:34:00.179Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:34:43 honeypot-ams-1 sshd[31407]: Disconnected from authenticating user root 92.255.85.69 port 33224 [preauth]","@timestamp":"2022-09-16T12:34:43.877Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:38:25 honeypot-fra-1 sshd[22067]: Invalid user trajano from 103.133.36.6 port 54000","@timestamp":"2022-09-16T12:38:26.282Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:42:01 honeypot-fra-1 sshd[22069]: Disconnected from authenticating user root 92.255.85.69 port 30968 [preauth]","@timestamp":"2022-09-16T12:42:01.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:46:44.947Z","@version":"1","message":"Sep 16 12:46:44 honeypot-sgp-1 sshd[24900]: Did not receive identification string from 45.61.186.249 port 39140","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:13.962Z","@version":"1","message":"Sep 16 12:47:13 honeypot-sgp-1 sshd[24904]: Disconnected from invalid user user 45.61.186.249 port 56356 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:32.971Z","@version":"1","message":"Sep 16 12:47:32 honeypot-sgp-1 sshd[24908]: Disconnected from invalid user user 45.61.186.249 port 50488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:50.981Z","@version":"1","message":"Sep 16 12:47:50 honeypot-sgp-1 sshd[24912]: Received disconnect from 45.61.186.249 port 44620:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:48:06.989Z","@version":"1","message":"Sep 16 12:48:06 honeypot-sgp-1 sshd[24916]: Disconnected from authenticating user root 92.255.85.69 port 61540 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:48:37 honeypot-fra-1 kernel: [84206931.649768] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.200 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10666 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:48:38.520Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:50:29 honeypot-ams-1 kernel: [84209210.925107] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31321 PROTO=TCP SPT=46763 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:50:30.296Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:57:09 honeypot-fra-1 kernel: [84207443.757683] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=919 PROTO=TCP SPT=52383 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:57:10.715Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T13:02:42.351Z","@version":"1","message":"Sep 16 13:02:42 honeypot-sgp-1 kernel: [84209467.926817] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.230.113.51 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=43981 PROTO=TCP SPT=53359 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:03:59 honeypot-ams-1 sshd[31418]: Invalid user wangfei from 103.188.176.251 port 45848","@timestamp":"2022-09-16T13:04:00.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22089]: Invalid user admin from 57.128.11.39 port 57388","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22088]: Invalid user user from 57.128.11.39 port 57384","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22087]: Connection closed by invalid user admin 57.128.11.39 port 57362 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22090]: Connection closed by invalid user ms 57.128.11.39 port 57442 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22100]: Invalid user admin from 57.128.11.39 port 57478","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22103]: Connection closed by invalid user oracle 57.128.11.39 port 57392 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22107]: Connection closed by invalid user ubuntu 57.128.11.39 port 57372 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22112]: Connection closed by invalid user kafka 57.128.11.39 port 57420 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22117]: Connection closed by invalid user oracle 57.128.11.39 port 57462 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22118]: Connection closed by invalid user guest 57.128.11.39 port 57452 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:08:07 honeypot-fra-1 sshd[22153]: Connection closed by invalid user wangfei 103.188.176.251 port 37072 [preauth]","@timestamp":"2022-09-16T13:08:07.967Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:10:38.551Z","@version":"1","message":"Sep 16 13:10:37 honeypot-sgp-1 sshd[24925]: Received disconnect from 159.223.164.107 port 42562:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:12:26.597Z","@version":"1","message":"Sep 16 13:12:26 honeypot-sgp-1 kernel: [84210051.931115] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.109 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51130 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:17:01 honeypot-ams-1 CRON[31424]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T13:17:01.966Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:20:19 honeypot-ams-1 sshd[31427]: Disconnected from invalid user super 62.204.41.222 port 31528 [preauth]","@timestamp":"2022-09-16T13:20:20.054Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:20:29 honeypot-fra-1 kernel: [84208843.488757] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=19332 PROTO=TCP SPT=53638 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:20:30.265Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:21:27 honeypot-ams-1 sshd[31431]: Disconnected from invalid user sysroot 92.255.85.69 port 57784 [preauth]","@timestamp":"2022-09-16T13:21:28.085Z"}
{"@timestamp":"2022-09-16T13:24:16.892Z","@version":"1","message":"Sep 16 13:24:16 honeypot-sgp-1 sshd[24934]: Received disconnect from 143.244.137.54 port 58368:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:28:34.000Z","@version":"1","message":"Sep 16 13:28:33 honeypot-sgp-1 sshd[24939]: Disconnected from authenticating user root 193.142.146.50 port 44812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:28:47 honeypot-fra-1 sshd[22166]: Disconnected from invalid user sysroot 92.255.85.70 port 53222 [preauth]","@timestamp":"2022-09-16T13:28:48.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:30:02 honeypot-ams-1 sshd[31435]: Disconnected from invalid user watanabe 61.135.214.124 port 46757 [preauth]","@timestamp":"2022-09-16T13:30:02.306Z"}
{"@timestamp":"2022-09-16T13:30:54.061Z","@version":"1","message":"Sep 16 13:30:53 honeypot-sgp-1 sshd[24946]: Connection closed by invalid user zookeeper 103.188.176.251 port 45044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:31:43 honeypot-ams-1 sshd[31439]: Disconnected from invalid user tose 178.128.238.19 port 41936 [preauth]","@timestamp":"2022-09-16T13:31:44.352Z"}
{"@timestamp":"2022-09-16T13:32:26.103Z","@version":"1","message":"Sep 16 13:32:25 honeypot-sgp-1 sshd[24950]: Disconnected from authenticating user root 193.142.146.50 port 43134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:34:42.181Z","@version":"1","message":"Sep 16 13:34:41 honeypot-sgp-1 sshd[24956]: Disconnected from authenticating user root 193.142.146.50 port 51428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:36:15.220Z","@version":"1","message":"Sep 16 13:36:14 honeypot-sgp-1 sshd[24961]: Disconnected from invalid user admin 193.142.146.50 port 41450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:37:36 honeypot-ams-1 kernel: [84212037.995831] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34283 PROTO=TCP SPT=5278 DPT=80 WINDOW=52318 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:37:37.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:44:46 honeypot-ams-1 sshd[31447]: Received disconnect from 92.255.85.69 port 51472:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:44:46.689Z"}
{"@timestamp":"2022-09-16T13:46:49.512Z","@version":"1","message":"Sep 16 13:46:49 honeypot-sgp-1 kernel: [84212115.122483] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.150.106.42 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=5729 DF PROTO=TCP SPT=40454 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:47:31 honeypot-ams-1 sshd[31452]: Invalid user guest from 179.60.147.69 port 64060","@timestamp":"2022-09-16T13:47:31.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:50:40 honeypot-fra-1 kernel: [84210654.555796] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54918 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:50:40.949Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:51:51 honeypot-ams-1 sshd[31456]: Received disconnect from 104.236.244.98 port 53710:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:51:51.877Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:53:57 honeypot-fra-1 sshd[22176]: Received disconnect from 165.22.45.108 port 48740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T13:53:58.026Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:55:14 honeypot-ams-1 sshd[31460]: Disconnected from authenticating user root 128.199.4.167 port 44488 [preauth]","@timestamp":"2022-09-16T13:55:14.967Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:56:11 honeypot-ams-1 sshd[31466]: Received disconnect from 143.110.212.213 port 52928:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:56:12.000Z"}
{"@timestamp":"2022-09-16T13:56:47.768Z","@version":"1","message":"Sep 16 13:56:47 honeypot-sgp-1 kernel: [84212712.753659] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=203.172.109.165 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12629 PROTO=TCP SPT=55874 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:57:19 honeypot-fra-1 sshd[22181]: Invalid user adeline from 137.184.1.35 port 33682","@timestamp":"2022-09-16T13:57:19.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:58:23 honeypot-ams-1 sshd[31471]: Invalid user tomaso from 49.2.90.24 port 41408","@timestamp":"2022-09-16T13:58:24.063Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:01:28 honeypot-ams-1 sshd[31475]: Invalid user shandi from 45.7.119.3 port 11234","@timestamp":"2022-09-16T14:01:29.146Z"}
{"@timestamp":"2022-09-16T14:02:09.905Z","@version":"1","message":"Sep 16 14:02:08 honeypot-sgp-1 sshd[24974]: Invalid user user from 45.61.184.204 port 40652","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:19.911Z","@version":"1","message":"Sep 16 14:02:18 honeypot-sgp-1 sshd[24978]: Disconnected from invalid user user 45.61.184.204 port 52180 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:39.921Z","@version":"1","message":"Sep 16 14:02:38 honeypot-sgp-1 sshd[24982]: Disconnected from invalid user user 45.61.184.204 port 47010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:56.931Z","@version":"1","message":"Sep 16 14:02:56 honeypot-sgp-1 sshd[24986]: Disconnected from invalid user user 45.61.184.204 port 41830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:04:16 honeypot-ams-1 kernel: [84213638.075816] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.225.159 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12217 PROTO=TCP SPT=51503 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:04:17.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:04:47 honeypot-fra-1 sshd[22253]: Invalid user wangjianxiong from 31.186.48.216 port 39480","@timestamp":"2022-09-16T14:04:48.272Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:05:54 honeypot-ams-1 kernel: [84213736.198469] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=44973 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:05:55.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:07:23 honeypot-fra-1 sshd[22257]: Invalid user stefan from 203.190.55.203 port 56852","@timestamp":"2022-09-16T14:07:23.333Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:12:32 honeypot-ams-1 sshd[31489]: Invalid user wss from 70.35.202.246 port 37958","@timestamp":"2022-09-16T14:12:33.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:16:36 honeypot-fra-1 kernel: [84212210.121367] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=7995 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:16:36.542Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T14:17:01.299Z","@version":"1","message":"Sep 16 14:17:01 honeypot-sgp-1 CRON[25428]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:18:50 honeypot-ams-1 kernel: [84214512.279050] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=129.153.51.70 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=64676 PROTO=TCP SPT=16339 DPT=80 WINDOW=27787 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:18:51.597Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:21:38 honeypot-fra-1 sshd[22272]: Connection closed by invalid user centos 179.60.147.69 port 32232 [preauth]","@timestamp":"2022-09-16T14:21:38.676Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:22:22.437Z","@version":"1","message":"Sep 16 14:22:22 honeypot-sgp-1 sshd[25434]: Received disconnect from 92.255.85.69 port 54920:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:27:34 honeypot-ams-1 sshd[31502]: Invalid user admin from 121.185.123.67 port 41446","@timestamp":"2022-09-16T14:27:34.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:31:57 honeypot-ams-1 sshd[31505]: Disconnected from invalid user admin 92.255.85.69 port 51488 [preauth]","@timestamp":"2022-09-16T14:31:57.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:32:49 honeypot-fra-1 sshd[22277]: Invalid user guest from 193.106.191.157 port 34918","@timestamp":"2022-09-16T14:32:49.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:38:52 honeypot-fra-1 sshd[22281]: Disconnected from invalid user admin 92.255.85.70 port 53288 [preauth]","@timestamp":"2022-09-16T14:38:52.086Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:43:07.954Z","@version":"1","message":"Sep 16 14:43:07 honeypot-sgp-1 sshd[25438]: Connection closed by invalid user admin 59.26.219.154 port 41486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:47:38 honeypot-ams-1 sshd[31511]: Connection closed by invalid user pi 92.89.85.54 port 47034 [preauth]","@timestamp":"2022-09-16T14:47:38.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:48:56 honeypot-fra-1 sshd[22286]: Received disconnect from 210.245.92.136 port 41691:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:48:57.327Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:53:33.217Z","@version":"1","message":"Sep 16 14:53:32 honeypot-sgp-1 kernel: [84216118.142113] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.167.108.222 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=6086 DF PROTO=TCP SPT=51094 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:53:59 honeypot-fra-1 kernel: [84214453.120289] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.66.178.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=57021 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:54:00.442Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:54:02 honeypot-ams-1 sshd[31517]: Disconnected from authenticating user root 92.255.85.69 port 38010 [preauth]","@timestamp":"2022-09-16T14:54:03.522Z"}
{"@timestamp":"2022-09-16T14:59:09.364Z","@version":"1","message":"Sep 16 14:59:08 honeypot-sgp-1 sshd[25451]: Invalid user admin from 157.230.47.155 port 57116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:02:42 honeypot-fra-1 sshd[22295]: Disconnected from authenticating user root 92.255.85.69 port 40230 [preauth]","@timestamp":"2022-09-16T15:02:43.639Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:04:26.495Z","@version":"1","message":"Sep 16 15:04:26 honeypot-sgp-1 sshd[25456]: Received disconnect from 113.160.226.178 port 40731:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:07:08.565Z","@version":"1","message":"Sep 16 15:07:08 honeypot-sgp-1 sshd[25460]: Received disconnect from 92.27.140.155 port 59876:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:08:46 honeypot-ams-1 sshd[31523]: Connection closed by invalid user guest 193.106.191.157 port 41520 [preauth]","@timestamp":"2022-09-16T15:08:46.907Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:10:48 honeypot-fra-1 kernel: [84215462.244458] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:10:48.821Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:11:48.682Z","@version":"1","message":"Sep 16 15:11:47 honeypot-sgp-1 sshd[25465]: Invalid user  from 31.184.198.71 port 7953","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:13.695Z","@version":"1","message":"Sep 16 15:12:13 honeypot-sgp-1 sshd[25471]: Invalid user  from 31.184.198.71 port 38629","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:38.708Z","@version":"1","message":"Sep 16 15:12:37 honeypot-sgp-1 sshd[25477]: Invalid user admin from 31.184.198.71 port 54775","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:06.723Z","@version":"1","message":"Sep 16 15:13:06 honeypot-sgp-1 sshd[25483]: Invalid user manager from 31.184.198.71 port 45950","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:32.736Z","@version":"1","message":"Sep 16 15:13:31 honeypot-sgp-1 sshd[25489]: Disconnecting invalid user 1234 31.184.198.71 port 54158: Change of username or service not allowed: (1234,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:56.748Z","@version":"1","message":"Sep 16 15:13:56 honeypot-sgp-1 sshd[25495]: Disconnecting invalid user  31.184.198.71 port 34125: Change of username or service not allowed: (,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:30.766Z","@version":"1","message":"Sep 16 15:14:30 honeypot-sgp-1 sshd[25503]: Invalid user blank from 31.184.198.71 port 30543","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:52.778Z","@version":"1","message":"Sep 16 15:14:52 honeypot-sgp-1 sshd[25510]: Invalid user 1234 from 31.184.198.71 port 11673","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:28.795Z","@version":"1","message":"Sep 16 15:15:28 honeypot-sgp-1 sshd[25516]: Disconnecting invalid user Cisco 31.184.198.71 port 33898: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:58.811Z","@version":"1","message":"Sep 16 15:15:58 honeypot-sgp-1 sshd[25522]: Disconnecting invalid user 1234 31.184.198.71 port 45794: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:34.832Z","@version":"1","message":"Sep 16 15:16:34 honeypot-sgp-1 sshd[25530]: Invalid user adslroot from 31.184.198.71 port 37443","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:59.844Z","@version":"1","message":"Sep 16 15:16:59 honeypot-sgp-1 sshd[25534]: Invalid user glavbuh from 20.27.34.22 port 56260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:17:01 honeypot-fra-1 CRON[22304]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T15:17:01.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:17:01 honeypot-ams-1 CRON[31528]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T15:17:02.118Z"}
{"@timestamp":"2022-09-16T15:17:03.846Z","@version":"1","message":"Sep 16 15:17:03 honeypot-sgp-1 sshd[25538]: Disconnecting invalid user blank 31.184.198.71 port 63829: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:38.864Z","@version":"1","message":"Sep 16 15:17:38 honeypot-sgp-1 sshd[25549]: Invalid user default from 31.184.198.71 port 55610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:18:06.879Z","@version":"1","message":"Sep 16 15:18:06 honeypot-sgp-1 sshd[25555]: Invalid user Administrator from 31.184.198.71 port 54737","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:18:34.893Z","@version":"1","message":"Sep 16 15:18:34 honeypot-sgp-1 sshd[25561]: Invalid user admin from 31.184.198.71 port 61465","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:09.910Z","@version":"1","message":"Sep 16 15:19:09 honeypot-sgp-1 sshd[25567]: Invalid user comcast from 31.184.198.71 port 35593","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:30.921Z","@version":"1","message":"Sep 16 15:19:30 honeypot-sgp-1 sshd[25573]: Invalid user admin1234 from 31.184.198.71 port 5699","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:01.937Z","@version":"1","message":"Sep 16 15:20:01 honeypot-sgp-1 sshd[25580]: Invalid user admin from 31.184.198.71 port 51660","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:24.949Z","@version":"1","message":"Sep 16 15:20:24 honeypot-sgp-1 sshd[25586]: Invalid user blank from 31.184.198.71 port 64291","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:48.961Z","@version":"1","message":"Sep 16 15:20:48 honeypot-sgp-1 sshd[25592]: Disconnecting invalid user airlive 31.184.198.71 port 34557: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:11.974Z","@version":"1","message":"Sep 16 15:21:11 honeypot-sgp-1 sshd[25598]: Disconnecting invalid user roqos 31.184.198.71 port 42903: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:38.987Z","@version":"1","message":"Sep 16 15:21:38 honeypot-sgp-1 sshd[25604]: Disconnecting invalid user sitecom 31.184.198.71 port 24100: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:05.001Z","@version":"1","message":"Sep 16 15:22:04 honeypot-sgp-1 sshd[25610]: Disconnecting invalid user admin 31.184.198.71 port 1450: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:22:07 honeypot-fra-1 sshd[22312]: Connection closed by invalid user pi 188.2.132.158 port 43678 [preauth]","@timestamp":"2022-09-16T15:22:07.080Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:22:28 honeypot-ams-1 kernel: [84218329.902432] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56898 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:22:29.260Z"}
{"@timestamp":"2022-09-16T15:22:33.015Z","@version":"1","message":"Sep 16 15:22:32 honeypot-sgp-1 sshd[25616]: Disconnecting invalid user smcadmin 31.184.198.71 port 24548: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:00.028Z","@version":"1","message":"Sep 16 15:22:59 honeypot-sgp-1 sshd[25622]: Disconnecting invalid user admin 31.184.198.71 port 62413: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:24.041Z","@version":"1","message":"Sep 16 15:23:23 honeypot-sgp-1 sshd[25628]: Disconnecting invalid user user 31.184.198.71 port 2678: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:05.062Z","@version":"1","message":"Sep 16 15:24:04 honeypot-sgp-1 sshd[25636]: Invalid user user from 31.184.198.71 port 46614","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:34.077Z","@version":"1","message":"Sep 16 15:24:33 honeypot-sgp-1 sshd[25642]: Invalid user Admin from 31.184.198.71 port 46632","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:57.088Z","@version":"1","message":"Sep 16 15:24:56 honeypot-sgp-1 sshd[25649]: Invalid user 0 from 31.184.198.71 port 44439","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:31.106Z","@version":"1","message":"Sep 16 15:25:30 honeypot-sgp-1 sshd[25655]: Invalid user admin from 31.184.198.71 port 27473","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:27:42 honeypot-fra-1 sshd[22320]: Disconnected from invalid user user 45.61.187.160 port 43044 [preauth]","@timestamp":"2022-09-16T15:27:43.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:08 honeypot-fra-1 sshd[22324]: Disconnected from invalid user user 45.61.187.160 port 37402 [preauth]","@timestamp":"2022-09-16T15:28:08.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:28 honeypot-fra-1 sshd[22328]: Disconnected from invalid user user 45.61.187.160 port 60024 [preauth]","@timestamp":"2022-09-16T15:28:29.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:45 honeypot-fra-1 sshd[22332]: Received disconnect from 45.61.187.160 port 54388:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T15:28:45.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:32:31.278Z","@version":"1","message":"Sep 16 15:32:30 honeypot-sgp-1 sshd[25662]: Received disconnect from 92.255.85.70 port 57582:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:36:21 honeypot-ams-1 sshd[31540]: Invalid user debian from 179.60.147.69 port 24500","@timestamp":"2022-09-16T15:36:22.610Z"}
{"@timestamp":"2022-09-16T15:37:23.397Z","@version":"1","message":"Sep 16 15:37:22 honeypot-sgp-1 kernel: [84218748.525778] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=8545 PROTO=TCP SPT=40483 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:37:53 honeypot-fra-1 sshd[22340]: Connection closed by invalid user zookeeper 103.188.176.251 port 42340 [preauth]","@timestamp":"2022-09-16T15:37:54.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22357]: Invalid user test from 139.59.152.202 port 36146","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22355]: Invalid user admin from 139.59.152.202 port 36140","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22362]: Invalid user test from 139.59.152.202 port 36168","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22352]: Connection closed by invalid user steam 139.59.152.202 port 36134 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22360]: Connection closed by invalid user user 139.59.152.202 port 36162 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22367]: Connection closed by invalid user ubuntu 139.59.152.202 port 36180 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22363]: Connection closed by authenticating user root 139.59.152.202 port 36170 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22372]: Connection closed by authenticating user root 139.59.152.202 port 36198 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:41:55 honeypot-fra-1 kernel: [84217328.985708] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=118.123.105.85 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29197 PROTO=TCP SPT=56779 DPT=443 WINDOW=63540 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:41:56.535Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:11 honeypot-ams-1 sshd[31543]: Disconnected from authenticating user root 60.181.19.237 port 25512 [preauth]","@timestamp":"2022-09-16T15:42:11.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:18 honeypot-ams-1 sshd[31549]: Received disconnect from 60.181.19.237 port 21617:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:18.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:25 honeypot-ams-1 sshd[31555]: Received disconnect from 60.181.19.237 port 21796:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:25.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:30 honeypot-ams-1 sshd[31559]: Received disconnect from 60.181.19.237 port 21947:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:30.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:37 honeypot-ams-1 sshd[31567]: Received disconnect from 60.181.19.237 port 22137:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:37.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:42 honeypot-ams-1 sshd[31571]: Disconnected from authenticating user root 60.181.19.237 port 22261 [preauth]","@timestamp":"2022-09-16T15:42:42.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:48 honeypot-ams-1 sshd[31577]: Disconnected from authenticating user root 60.181.19.237 port 22454 [preauth]","@timestamp":"2022-09-16T15:42:49.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:55 honeypot-ams-1 sshd[31583]: Disconnected from authenticating user root 60.181.19.237 port 22631 [preauth]","@timestamp":"2022-09-16T15:42:55.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:02 honeypot-ams-1 sshd[31589]: Disconnected from authenticating user root 60.181.19.237 port 22818 [preauth]","@timestamp":"2022-09-16T15:43:02.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:09 honeypot-ams-1 sshd[31595]: Disconnected from authenticating user root 60.181.19.237 port 22994 [preauth]","@timestamp":"2022-09-16T15:43:09.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:16 honeypot-ams-1 sshd[31601]: Disconnected from authenticating user root 60.181.19.237 port 23177 [preauth]","@timestamp":"2022-09-16T15:43:16.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:24 honeypot-ams-1 sshd[31607]: Disconnected from authenticating user root 60.181.19.237 port 23390 [preauth]","@timestamp":"2022-09-16T15:43:24.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:31 honeypot-ams-1 sshd[31613]: Disconnected from authenticating user root 60.181.19.237 port 23603 [preauth]","@timestamp":"2022-09-16T15:43:31.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:37 honeypot-ams-1 sshd[31619]: Invalid user admin from 60.181.19.237 port 23774","@timestamp":"2022-09-16T15:43:37.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:41 honeypot-ams-1 sshd[31623]: Invalid user admin from 60.181.19.237 port 23913","@timestamp":"2022-09-16T15:43:41.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:46 honeypot-ams-1 sshd[31627]: Invalid user admin from 60.181.19.237 port 24041","@timestamp":"2022-09-16T15:43:46.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:51 honeypot-ams-1 sshd[31631]: Invalid user admin from 60.181.19.237 port 24683","@timestamp":"2022-09-16T15:43:51.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:55 honeypot-ams-1 sshd[31635]: Invalid user admin from 60.181.19.237 port 24884","@timestamp":"2022-09-16T15:43:55.849Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:00 honeypot-ams-1 sshd[31639]: Received disconnect from 60.181.19.237 port 25004:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:00.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:05 honeypot-ams-1 sshd[31643]: Disconnected from invalid user pi 60.181.19.237 port 25120 [preauth]","@timestamp":"2022-09-16T15:44:05.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:09 honeypot-ams-1 sshd[31647]: Disconnected from invalid user user 60.181.19.237 port 21565 [preauth]","@timestamp":"2022-09-16T15:44:10.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:15 honeypot-ams-1 sshd[31651]: Disconnected from invalid user mine 60.181.19.237 port 21757 [preauth]","@timestamp":"2022-09-16T15:44:16.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:20 honeypot-ams-1 sshd[31655]: Disconnected from invalid user xbmc 60.181.19.237 port 21922 [preauth]","@timestamp":"2022-09-16T15:44:20.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:24 honeypot-ams-1 sshd[31660]: Disconnected from invalid user oracle 60.181.19.237 port 22057 [preauth]","@timestamp":"2022-09-16T15:44:25.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:31 honeypot-ams-1 sshd[31664]: Disconnected from invalid user postgres 60.181.19.237 port 22198 [preauth]","@timestamp":"2022-09-16T15:44:31.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:36 honeypot-ams-1 sshd[31668]: Disconnected from invalid user support 60.181.19.237 port 22532 [preauth]","@timestamp":"2022-09-16T15:44:36.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:41 honeypot-ams-1 sshd[31672]: Disconnected from invalid user ubuntu 60.181.19.237 port 22757 [preauth]","@timestamp":"2022-09-16T15:44:41.881Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:46 honeypot-ams-1 sshd[31676]: Disconnected from invalid user ubuntu 60.181.19.237 port 22957 [preauth]","@timestamp":"2022-09-16T15:44:46.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:51 honeypot-ams-1 sshd[31680]: Disconnected from invalid user guest 60.181.19.237 port 23113 [preauth]","@timestamp":"2022-09-16T15:44:51.888Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:55 honeypot-ams-1 sshd[31684]: Disconnected from invalid user cirros 60.181.19.237 port 23253 [preauth]","@timestamp":"2022-09-16T15:44:55.891Z"}
{"@timestamp":"2022-09-16T15:46:34.641Z","@version":"1","message":"Sep 16 15:46:34 honeypot-sgp-1 kernel: [84219300.074752] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=58500 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:47:49 honeypot-ams-1 sshd[31688]: Disconnected from invalid user farid 134.209.244.230 port 58858 [preauth]","@timestamp":"2022-09-16T15:47:49.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:52:33 honeypot-fra-1 sshd[22406]: Invalid user lgsm from 165.22.45.108 port 59046","@timestamp":"2022-09-16T15:52:34.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:55:12.853Z","@version":"1","message":"Sep 16 15:55:12 honeypot-sgp-1 sshd[25675]: Disconnected from authenticating user daemon 92.255.85.70 port 37294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:55:57 honeypot-ams-1 sshd[31693]: Received disconnect from 123.108.59.148 port 23507:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:55:58.179Z"}
{"@timestamp":"2022-09-16T16:04:36.081Z","@version":"1","message":"Sep 16 16:04:35 honeypot-sgp-1 sshd[25684]: Invalid user user from 45.61.186.49 port 38622","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:46.087Z","@version":"1","message":"Sep 16 16:04:45 honeypot-sgp-1 sshd[25688]: Invalid user user from 45.61.186.49 port 49956","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:05:09.098Z","@version":"1","message":"Sep 16 16:05:09 honeypot-sgp-1 kernel: [84220414.635962] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.156.91.6 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54121 PROTO=TCP SPT=52545 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:07:19 honeypot-ams-1 kernel: [84221021.177145] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.184.235.125 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=38179 PROTO=TCP SPT=43909 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:07:20.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:09:11 honeypot-fra-1 kernel: [84218965.284232] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.129 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=18753 PROTO=TCP SPT=51408 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:09:12.143Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T16:14:37.367Z","@version":"1","message":"Sep 16 16:14:37 honeypot-sgp-1 sshd[25696]: Received disconnect from 68.183.225.151 port 59650:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:17:01 honeypot-fra-1 CRON[22415]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T16:17:02.319Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:17:01 honeypot-ams-1 CRON[31705]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T16:17:02.718Z"}
{"@timestamp":"2022-09-16T16:17:15.434Z","@version":"1","message":"Sep 16 16:17:14 honeypot-sgp-1 sshd[25703]: Invalid user ekp from 196.0.120.211 port 49580","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:18:28.465Z","@version":"1","message":"Sep 16 16:18:28 honeypot-sgp-1 sshd[25707]: Invalid user lorena from 198.23.148.137 port 33060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:19:31 honeypot-fra-1 sshd[22421]: Received disconnect from 43.155.86.244 port 33918:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:19:31.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:30 honeypot-fra-1 sshd[22423]: Disconnected from authenticating user root 187.116.49.64 port 47061 [preauth]","@timestamp":"2022-09-16T16:24:31.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:37 honeypot-fra-1 sshd[22430]: Received disconnect from 187.116.49.64 port 47064:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:37.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:43 honeypot-fra-1 sshd[22436]: Received disconnect from 187.116.49.64 port 47067:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:44.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:50 honeypot-fra-1 sshd[22442]: Received disconnect from 187.116.49.64 port 47070:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:50.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:56 honeypot-fra-1 sshd[22448]: Received disconnect from 187.116.49.64 port 47073:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:57.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T16:24:57.621Z","@version":"1","message":"Sep 16 16:24:56 honeypot-sgp-1 kernel: [84221602.517404] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=110.16.41.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=7172 PROTO=TCP SPT=8502 DPT=80 WINDOW=3102 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:02 honeypot-fra-1 sshd[22454]: Received disconnect from 187.116.49.64 port 47076:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:03.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:09 honeypot-fra-1 sshd[22460]: Received disconnect from 187.116.49.64 port 47079:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:09.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:15 honeypot-fra-1 sshd[22466]: Received disconnect from 187.116.49.64 port 47082:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:16.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:22 honeypot-fra-1 sshd[22472]: Received disconnect from 187.116.49.64 port 47085:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:22.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:28 honeypot-fra-1 sshd[22478]: Received disconnect from 187.116.49.64 port 47088:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:29.579Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:35 honeypot-fra-1 sshd[22484]: Received disconnect from 187.116.49.64 port 47091:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:36.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:42 honeypot-fra-1 sshd[22490]: Received disconnect from 187.116.49.64 port 47094:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:25:42.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:48 honeypot-fra-1 sshd[22496]: Invalid user admin from 187.116.49.64 port 47097","@timestamp":"2022-09-16T16:25:48.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:52 honeypot-fra-1 sshd[22500]: Invalid user admin from 187.116.49.64 port 47099","@timestamp":"2022-09-16T16:25:53.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:56 honeypot-fra-1 sshd[22504]: Invalid user admin from 187.116.49.64 port 47101","@timestamp":"2022-09-16T16:25:57.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:01 honeypot-fra-1 sshd[22508]: Invalid user admin from 187.116.49.64 port 47103","@timestamp":"2022-09-16T16:26:01.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:05 honeypot-fra-1 sshd[22512]: Invalid user admin from 187.116.49.64 port 47105","@timestamp":"2022-09-16T16:26:05.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:09 honeypot-fra-1 sshd[22516]: Invalid user user from 187.116.49.64 port 47107","@timestamp":"2022-09-16T16:26:10.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:14 honeypot-fra-1 sshd[22520]: Disconnected from authenticating user root 187.116.49.64 port 47109 [preauth]","@timestamp":"2022-09-16T16:26:14.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:18 honeypot-fra-1 sshd[22524]: Disconnected from invalid user pi 187.116.49.64 port 47111 [preauth]","@timestamp":"2022-09-16T16:26:18.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:22 honeypot-fra-1 sshd[22528]: Disconnected from invalid user ethos 187.116.49.64 port 47113 [preauth]","@timestamp":"2022-09-16T16:26:23.610Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:27 honeypot-fra-1 sshd[22532]: Disconnected from invalid user miner 187.116.49.64 port 47115 [preauth]","@timestamp":"2022-09-16T16:26:27.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:31 honeypot-fra-1 sshd[22536]: Disconnected from invalid user volumio 187.116.49.64 port 47117 [preauth]","@timestamp":"2022-09-16T16:26:31.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:35 honeypot-fra-1 sshd[22540]: Disconnected from invalid user nagios 187.116.49.64 port 47062 [preauth]","@timestamp":"2022-09-16T16:26:36.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:40 honeypot-fra-1 sshd[22544]: Disconnected from invalid user vagrant 187.116.49.64 port 47064 [preauth]","@timestamp":"2022-09-16T16:26:40.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:44 honeypot-fra-1 sshd[22548]: Disconnected from invalid user debian 187.116.49.64 port 47066 [preauth]","@timestamp":"2022-09-16T16:26:44.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:48 honeypot-fra-1 sshd[22552]: Disconnected from invalid user debian 187.116.49.64 port 47068 [preauth]","@timestamp":"2022-09-16T16:26:49.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:53 honeypot-fra-1 sshd[22556]: Disconnected from invalid user alarm 187.116.49.64 port 47070 [preauth]","@timestamp":"2022-09-16T16:26:53.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:57 honeypot-fra-1 sshd[22560]: Disconnected from invalid user test 187.116.49.64 port 47072 [preauth]","@timestamp":"2022-09-16T16:26:57.629Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:27:01 honeypot-fra-1 sshd[22564]: Disconnected from invalid user cirros 187.116.49.64 port 47074 [preauth]","@timestamp":"2022-09-16T16:27:01.631Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:27:38 honeypot-ams-1 kernel: [84222240.023016] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.104 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=45672 PROTO=TCP SPT=32713 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:27:38.990Z"}
{"@timestamp":"2022-09-16T16:39:34.996Z","@version":"1","message":"Sep 16 16:39:34 honeypot-sgp-1 sshd[25715]: Disconnected from invalid user frosty 144.217.4.123 port 52470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:41:35.049Z","@version":"1","message":"Sep 16 16:41:34 honeypot-sgp-1 sshd[25719]: Disconnected from authenticating user root 92.255.85.70 port 43268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:42:02 honeypot-ams-1 sshd[31712]: Received disconnect from 186.206.144.34 port 54328:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:42:02.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:44:50 honeypot-ams-1 sshd[31717]: Received disconnect from 167.99.241.178 port 40828:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:44:51.440Z"}
{"@timestamp":"2022-09-16T16:45:42.151Z","@version":"1","message":"Sep 16 16:45:41 honeypot-sgp-1 sshd[25726]: Connection closed by authenticating user root 179.60.147.69 port 5628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:46:58.185Z","@version":"1","message":"Sep 16 16:46:57 honeypot-sgp-1 sshd[25732]: Received disconnect from 176.102.38.41 port 59478:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:47:32 honeypot-fra-1 sshd[22588]: Received disconnect from 80.253.31.232 port 40830:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:47:33.088Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:47:41 honeypot-ams-1 sshd[31723]: Invalid user ttf from 209.65.66.239 port 47000","@timestamp":"2022-09-16T16:47:42.515Z"}
{"@timestamp":"2022-09-16T16:50:11.265Z","@version":"1","message":"Sep 16 16:50:10 honeypot-sgp-1 sshd[25737]: Received disconnect from 210.105.193.6 port 45528:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:50:33 honeypot-ams-1 sshd[31730]: Received disconnect from 92.255.85.70 port 61540:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:50:33.592Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:50:48 honeypot-fra-1 sshd[22590]: Disconnected from invalid user lhdong 165.22.45.108 port 35952 [preauth]","@timestamp":"2022-09-16T16:50:49.162Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:56:49 honeypot-fra-1 sshd[22596]: Received disconnect from 45.61.184.204 port 45226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T16:56:49.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:09 honeypot-fra-1 sshd[22600]: Received disconnect from 45.61.184.204 port 39908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T16:57:09.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:27 honeypot-fra-1 sshd[22604]: Received disconnect from 45.61.184.204 port 34578:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T16:57:28.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:46 honeypot-fra-1 sshd[22610]: Received disconnect from 45.61.184.204 port 57500:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T16:57:46.363Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:00:40 honeypot-ams-1 sshd[31734]: Did not receive identification string from 134.209.155.186 port 61000","@timestamp":"2022-09-16T17:00:40.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:23 honeypot-ams-1 sshd[31738]: Received disconnect from 45.61.187.160 port 38212:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T17:01:23.900Z"}
{"@timestamp":"2022-09-16T17:01:24.537Z","@version":"1","message":"Sep 16 17:01:23 honeypot-sgp-1 sshd[25741]: Disconnected from invalid user win 220.203.8.38 port 49788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:42 honeypot-ams-1 sshd[31742]: Received disconnect from 45.61.187.160 port 60756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T17:01:42.910Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:02:00 honeypot-ams-1 sshd[31746]: Received disconnect from 45.61.187.160 port 55052:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T17:02:00.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:05:15 honeypot-fra-1 sshd[22616]: Connection closed by invalid user guest 193.106.191.157 port 47868 [preauth]","@timestamp":"2022-09-16T17:05:16.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:05:27 honeypot-ams-1 kernel: [84224508.241292] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.42.38.99 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=18854 PROTO=TCP SPT=21900 DPT=443 WINDOW=48550 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:05:27.008Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:08:26 honeypot-fra-1 sshd[22622]: Received disconnect from 103.124.94.169 port 49626:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:08:26.613Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:11:59.790Z","@version":"1","message":"Sep 16 17:11:58 honeypot-sgp-1 kernel: [84224424.468938] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.34 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=25276 PROTO=TCP SPT=53021 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:13:54 honeypot-ams-1 sshd[31755]: Disconnected from authenticating user root 92.255.85.69 port 56696 [preauth]","@timestamp":"2022-09-16T17:13:55.227Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:17:01 honeypot-fra-1 CRON[22629]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T17:17:02.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:18:08.942Z","@version":"1","message":"Sep 16 17:18:08 honeypot-sgp-1 kernel: [84224793.579678] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.203 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=35823 PROTO=TCP SPT=48133 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:21:05 honeypot-fra-1 sshd[22634]: Disconnected from authenticating user root 5.51.84.107 port 35036 [preauth]","@timestamp":"2022-09-16T17:21:06.210Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:21:16 honeypot-ams-1 sshd[31761]: Connection closed by invalid user guest 193.106.191.157 port 43502 [preauth]","@timestamp":"2022-09-16T17:21:16.419Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:24:03 honeypot-fra-1 kernel: [84223456.909946] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=46362 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:24:04.281Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:26:10 honeypot-ams-1 kernel: [84225752.011061] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=16407 PROTO=TCP SPT=49868 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:26:11.547Z"}
{"@timestamp":"2022-09-16T17:26:21.143Z","@version":"1","message":"Sep 16 17:26:20 honeypot-sgp-1 sshd[25758]: Disconnected from authenticating user root 46.101.132.159 port 37570 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:26 honeypot-fra-1 sshd[22643]: Received disconnect from 167.172.152.29 port 53952:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:27:27.359Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:31:09 honeypot-ams-1 kernel: [84226051.008327] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.44.94.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=35190 PROTO=TCP SPT=5751 DPT=443 WINDOW=20004 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:31:10.676Z"}
{"@timestamp":"2022-09-16T17:32:59.304Z","@version":"1","message":"Sep 16 17:32:58 honeypot-sgp-1 sshd[25763]: Invalid user dbuser from 203.151.83.7 port 37486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:33:27 honeypot-fra-1 sshd[22648]: Invalid user skynet from 64.227.39.120 port 57724","@timestamp":"2022-09-16T17:33:28.517Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:36:18 honeypot-ams-1 sshd[31772]: Disconnected from invalid user service 92.255.85.70 port 62484 [preauth]","@timestamp":"2022-09-16T17:36:18.809Z"}
{"@timestamp":"2022-09-16T17:40:51.490Z","@version":"1","message":"Sep 16 17:40:50 honeypot-sgp-1 kernel: [84226156.017488] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=202.95.12.44 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=58636 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:44:30 honeypot-fra-1 sshd[22654]: Invalid user service from 92.255.85.70 port 41442","@timestamp":"2022-09-16T17:44:31.758Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:46:22.623Z","@version":"1","message":"Sep 16 17:46:21 honeypot-sgp-1 kernel: [84226487.375862] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.203.99 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51874 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T17:47:26.652Z","@version":"1","message":"Sep 16 17:47:26 honeypot-sgp-1 sshd[25774]: Received disconnect from 108.179.252.145 port 28042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:48:42 honeypot-fra-1 sshd[22656]: Disconnected from invalid user liams 165.22.45.108 port 41094 [preauth]","@timestamp":"2022-09-16T17:48:43.855Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:50:00 honeypot-ams-1 kernel: [84227181.421032] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34451 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:50:01.161Z"}
{"@timestamp":"2022-09-16T17:51:13.742Z","@version":"1","message":"Sep 16 17:51:13 honeypot-sgp-1 sshd[25778]: Disconnected from authenticating user nobody 92.255.85.70 port 15132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:55:52 honeypot-ams-1 sshd[31782]: Disconnected from invalid user hc 181.30.99.114 port 50892 [preauth]","@timestamp":"2022-09-16T17:55:53.313Z"}
{"@timestamp":"2022-09-16T18:00:19.981Z","@version":"1","message":"Sep 16 18:00:19 honeypot-sgp-1 sshd[25786]: Did not receive identification string from 178.79.177.104 port 44824","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:09 honeypot-fra-1 kernel: [84225743.008513] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=62.233.50.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=55975 PROTO=TCP SPT=40340 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:02:10.160Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:42 honeypot-fra-1 sshd[22667]: Disconnected from invalid user user 45.61.186.249 port 59068 [preauth]","@timestamp":"2022-09-16T18:02:43.175Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:01 honeypot-fra-1 sshd[22671]: Disconnected from invalid user user 45.61.186.249 port 53506 [preauth]","@timestamp":"2022-09-16T18:03:02.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:20 honeypot-fra-1 sshd[22675]: Disconnected from invalid user user 45.61.186.249 port 47934 [preauth]","@timestamp":"2022-09-16T18:03:20.209Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:04:58 honeypot-ams-1 sshd[31791]: Invalid user developer from 103.188.176.251 port 39126","@timestamp":"2022-09-16T18:04:58.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:06:02 honeypot-ams-1 sshd[31795]: Connection closed by invalid user admin 165.232.158.22 port 37844 [preauth]","@timestamp":"2022-09-16T18:06:02.571Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:08:36 honeypot-ams-1 sshd[31802]: Invalid user precisiongluser from 14.225.204.210 port 39390","@timestamp":"2022-09-16T18:08:36.638Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:09:01 honeypot-fra-1 sshd[22680]: Invalid user developer from 103.188.176.251 port 57672","@timestamp":"2022-09-16T18:09:02.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:13:04 honeypot-fra-1 kernel: [84226397.096107] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40268 PROTO=TCP SPT=51203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:13:04.434Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:13:47 honeypot-ams-1 kernel: [84228609.073229] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.14.134.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=43507 PROTO=TCP SPT=41207 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:13:48.774Z"}
{"@timestamp":"2022-09-16T18:14:33.318Z","@version":"1","message":"Sep 16 18:14:32 honeypot-sgp-1 sshd[25789]: Disconnected from invalid user test 92.255.85.69 port 53964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:22:37 honeypot-fra-1 kernel: [84226970.369705] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.248 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=10675 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:22:37.653Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:22:50 honeypot-ams-1 sshd[31810]: Received disconnect from 128.199.4.167 port 41372:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:22:51.006Z"}
{"@timestamp":"2022-09-16T18:25:24.578Z","@version":"1","message":"Sep 16 18:25:24 honeypot-sgp-1 kernel: [84228830.003175] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.128.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=35534 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:25:41 honeypot-ams-1 sshd[31814]: Received disconnect from 211.45.162.52 port 50842:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:25:42.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:30:21 honeypot-ams-1 sshd[31819]: Disconnected from authenticating user root 95.161.97.113 port 47006 [preauth]","@timestamp":"2022-09-16T18:30:22.202Z"}
{"@timestamp":"2022-09-16T18:35:38.828Z","@version":"1","message":"Sep 16 18:35:37 honeypot-sgp-1 kernel: [84229443.420875] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=18851 PROTO=TCP SPT=50040 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:36:12 honeypot-ams-1 sshd[31824]: Received disconnect from 46.19.141.122 port 52124:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:36:13.370Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:36:49 honeypot-fra-1 kernel: [84227822.233256] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=57465 PROTO=TCP SPT=59040 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:36:49.968Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:37:41 honeypot-ams-1 sshd[31830]: Invalid user admin from 46.19.141.122 port 39764","@timestamp":"2022-09-16T18:37:41.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:38:04 honeypot-ams-1 sshd[31834]: Disconnected from invalid user admin 46.19.141.122 port 45050 [preauth]","@timestamp":"2022-09-16T18:38:05.425Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:39:10 honeypot-ams-1 kernel: [84230131.225222] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=51480 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:39:10.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:39:40 honeypot-ams-1 sshd[31842]: Disconnected from invalid user ubnt 46.19.141.122 port 37966 [preauth]","@timestamp":"2022-09-16T18:39:41.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:40:19 honeypot-ams-1 sshd[31846]: Disconnected from authenticating user root 46.19.141.122 port 48538 [preauth]","@timestamp":"2022-09-16T18:40:20.491Z"}
{"@timestamp":"2022-09-16T18:46:14.078Z","@version":"1","message":"Sep 16 18:46:13 honeypot-sgp-1 sshd[25805]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:46:31 honeypot-fra-1 sshd[22697]: Disconnected from invalid user liang 165.22.45.108 port 46220 [preauth]","@timestamp":"2022-09-16T18:46:31.217Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:47:50 honeypot-ams-1 sshd[31849]: Disconnected from invalid user sftpuser 92.255.85.70 port 51604 [preauth]","@timestamp":"2022-09-16T18:47:51.686Z"}
{"@timestamp":"2022-09-16T18:49:50.166Z","@version":"1","message":"Sep 16 18:49:49 honeypot-sgp-1 kernel: [84230295.187017] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.151.215 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=41203 DF PROTO=TCP SPT=42364 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:55:39 honeypot-fra-1 sshd[22700]: Received disconnect from 92.255.85.70 port 47186:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:55:39.440Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:01:22 honeypot-ams-1 kernel: [84231463.306518] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.72.186.151 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=49 ID=24998 PROTO=TCP SPT=64048 DPT=80 WINDOW=4056 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:01:23.039Z"}
{"@timestamp":"2022-09-16T19:01:31.441Z","@version":"1","message":"Sep 16 19:01:30 honeypot-sgp-1 sshd[25809]: Invalid user vagrant from 92.255.85.69 port 60528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:04:51.520Z","@version":"1","message":"Sep 16 19:04:50 honeypot-sgp-1 sshd[25814]: Did not receive identification string from 45.61.186.249 port 41962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:05:17 honeypot-fra-1 sshd[22706]: Received disconnect from 78.128.127.224 port 44116:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:05:17.657Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:05:26.536Z","@version":"1","message":"Sep 16 19:05:26 honeypot-sgp-1 sshd[25817]: Disconnected from invalid user user 45.61.186.249 port 49612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:46.545Z","@version":"1","message":"Sep 16 19:05:46 honeypot-sgp-1 sshd[25821]: Disconnected from invalid user user 45.61.186.249 port 43978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:06:05.554Z","@version":"1","message":"Sep 16 19:06:05 honeypot-sgp-1 sshd[25825]: Disconnected from invalid user user 45.61.186.249 port 38300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:35 honeypot-ams-1 sshd[31931]: Disconnected from invalid user user 45.61.184.204 port 34268 [preauth]","@timestamp":"2022-09-16T19:06:35.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:53 honeypot-ams-1 sshd[31935]: Disconnected from invalid user user 45.61.184.204 port 56750 [preauth]","@timestamp":"2022-09-16T19:06:54.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:12 honeypot-ams-1 sshd[31939]: Disconnected from invalid user user 45.61.184.204 port 50998 [preauth]","@timestamp":"2022-09-16T19:07:12.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:26 honeypot-ams-1 sshd[31943]: Disconnected from invalid user zaida 159.223.195.196 port 50512 [preauth]","@timestamp":"2022-09-16T19:07:26.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:11:16 honeypot-ams-1 sshd[31947]: Received disconnect from 92.255.85.70 port 40184:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:11:17.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:32 honeypot-fra-1 sshd[22711]: Received disconnect from 45.119.85.97 port 58584:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:11:32.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:13:43 honeypot-fra-1 sshd[22717]: Received disconnect from 112.133.218.125 port 47240:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:13:43.854Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:17:01 honeypot-ams-1 kernel: [84232402.455501] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.75.35.124 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=64801 PROTO=TCP SPT=63691 DPT=443 WINDOW=10241 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:17:01.459Z"}
{"@timestamp":"2022-09-16T19:17:01.808Z","@version":"1","message":"Sep 16 19:17:01 honeypot-sgp-1 CRON[25833]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:18:23 honeypot-fra-1 sshd[22724]: Invalid user vagrant from 92.255.85.70 port 37350","@timestamp":"2022-09-16T19:18:23.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:21:57 honeypot-ams-1 kernel: [84232698.902122] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=90 TOS=0x00 PREC=0x00 TTL=252 ID=19476 PROTO=TCP SPT=12011 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:21:58.594Z"}
{"@timestamp":"2022-09-16T19:25:50.013Z","@version":"1","message":"Sep 16 19:25:49 honeypot-sgp-1 sshd[25839]: Disconnected from invalid user admin1 92.255.85.69 port 51392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:29:52 honeypot-fra-1 sshd[22730]: Connection closed by authenticating user root 194.163.190.53 port 38668 [preauth]","@timestamp":"2022-09-16T19:29:53.219Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:34:32 honeypot-ams-1 sshd[31960]: Received disconnect from 92.255.85.69 port 53030:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:34:32.922Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:37:42 honeypot-fra-1 sshd[22734]: Invalid user guest from 193.106.191.157 port 60568","@timestamp":"2022-09-16T19:37:43.399Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:39:19.330Z","@version":"1","message":"Sep 16 19:39:18 honeypot-sgp-1 sshd[25844]: Received disconnect from 185.74.4.20 port 51782:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:44:52 honeypot-fra-1 sshd[22741]: Invalid user liang from 165.22.45.108 port 51366","@timestamp":"2022-09-16T19:44:53.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:47:52 honeypot-ams-1 sshd[31965]: Disconnected from invalid user tony 94.75.123.43 port 33444 [preauth]","@timestamp":"2022-09-16T19:47:52.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:48:13 honeypot-fra-1 sshd[22746]: Connection closed by invalid user test 179.60.147.69 port 56952 [preauth]","@timestamp":"2022-09-16T19:48:14.637Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:49:04.556Z","@version":"1","message":"Sep 16 19:49:03 honeypot-sgp-1 kernel: [84233849.150953] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=2147 PROTO=TCP SPT=55581 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:50:11 honeypot-ams-1 sshd[31973]: Received disconnect from 46.19.141.122 port 38776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:50:12.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:50:42 honeypot-ams-1 sshd[31977]: Disconnected from invalid user admin 46.19.141.122 port 45872 [preauth]","@timestamp":"2022-09-16T19:50:43.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:16 honeypot-ams-1 sshd[31981]: Disconnected from invalid user ubuntu 46.19.141.122 port 60030 [preauth]","@timestamp":"2022-09-16T19:51:17.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31995]: Invalid user chia from 176.31.240.226 port 44172","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[32000]: Invalid user www from 176.31.240.226 port 44170","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31988]: Connection closed by authenticating user root 176.31.240.226 port 44116 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31998]: Connection closed by invalid user admin 176.31.240.226 port 44178 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31986]: Connection closed by invalid user devops 176.31.240.226 port 44114 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32026]: Invalid user test from 176.31.240.226 port 44122","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32020]: Connection closed by invalid user es 176.31.240.226 port 44186 [preauth]","@timestamp":"2022-09-16T19:51:45.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32040]: Invalid user esuser from 176.31.240.226 port 44128","@timestamp":"2022-09-16T19:51:47.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32038]: Invalid user testuser from 176.31.240.226 port 44134","@timestamp":"2022-09-16T19:51:47.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:51:53 honeypot-fra-1 sshd[22752]: Invalid user admin from 159.223.70.83 port 38953","@timestamp":"2022-09-16T19:51:53.723Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:52:06 honeypot-ams-1 kernel: [84234507.782247] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27711 PROTO=TCP SPT=49391 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:52:07.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:52:45 honeypot-ams-1 sshd[32054]: Disconnected from invalid user ubnt 46.19.141.122 port 53058 [preauth]","@timestamp":"2022-09-16T19:52:45.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:53:46 honeypot-ams-1 sshd[32060]: Invalid user guest from 193.106.191.157 port 58946","@timestamp":"2022-09-16T19:53:46.436Z"}
{"@timestamp":"2022-09-16T19:56:00.717Z","@version":"1","message":"Sep 16 19:56:00 honeypot-sgp-1 kernel: [84234265.476873] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.230.103.242 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=34003 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:57:17 honeypot-fra-1 kernel: [84232650.677540] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54302 PROTO=TCP SPT=49501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:57:18.846Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:58:03 honeypot-ams-1 sshd[32065]: Received disconnect from 92.255.85.69 port 22500:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:58:03.549Z"}
{"@timestamp":"2022-09-16T20:01:11.838Z","@version":"1","message":"Sep 16 20:01:11 honeypot-sgp-1 sshd[25856]: Disconnected from invalid user admin 137.184.225.34 port 48854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:03:22.892Z","@version":"1","message":"Sep 16 20:03:22 honeypot-sgp-1 kernel: [84234708.172017] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.128.58 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=29082 DF PROTO=TCP SPT=51460 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:08:49.020Z","@version":"1","message":"Sep 16 20:08:48 honeypot-sgp-1 kernel: [84235034.365320] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=52193 DF PROTO=TCP SPT=62716 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:08:51 honeypot-fra-1 kernel: [84233344.085931] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=12868 PROTO=TCP SPT=49868 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:08:52.099Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:13:18 honeypot-ams-1 sshd[32071]: Invalid user guest from 193.106.191.157 port 44172","@timestamp":"2022-09-16T20:13:18.949Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:15:33 honeypot-fra-1 sshd[22773]: Invalid user tasha from 40.118.190.19 port 52532","@timestamp":"2022-09-16T20:15:34.248Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:17:02.213Z","@version":"1","message":"Sep 16 20:17:01 honeypot-sgp-1 CRON[25869]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:17:36 honeypot-ams-1 kernel: [84236037.273413] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=20208 DF PROTO=TCP SPT=63632 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T20:17:37.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:26 honeypot-ams-1 sshd[32080]: Received disconnect from 45.61.186.169 port 57010:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:19:27.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:42 honeypot-ams-1 sshd[32084]: Received disconnect from 45.61.186.169 port 51440:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:19:43.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:57 honeypot-ams-1 sshd[32088]: Received disconnect from 45.61.186.169 port 45862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:19:58.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:21:35 honeypot-ams-1 sshd[32092]: Invalid user mysql from 92.255.85.70 port 54294","@timestamp":"2022-09-16T20:21:35.177Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:22:56 honeypot-fra-1 kernel: [84234189.428082] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.35 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28552 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:22:57.410Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:25:17.410Z","@version":"1","message":"Sep 16 20:25:17 honeypot-sgp-1 kernel: [84236022.665378] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.133 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=41887 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:25:57 honeypot-fra-1 sshd[22785]: Connection closed by authenticating user root 194.163.190.53 port 49884 [preauth]","@timestamp":"2022-09-16T20:25:58.484Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:27:10 honeypot-ams-1 kernel: [84236611.640992] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=86 TOS=0x00 PREC=0x00 TTL=252 ID=54896 PROTO=TCP SPT=191 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:27:11.325Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:32:45 honeypot-ams-1 sshd[32101]: Disconnected from authenticating user root 221.165.227.155 port 44720 [preauth]","@timestamp":"2022-09-16T20:32:46.470Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:33:56 honeypot-fra-1 sshd[22791]: Connection closed by authenticating user root 194.163.190.53 port 58730 [preauth]","@timestamp":"2022-09-16T20:33:56.669Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:40:13.759Z","@version":"1","message":"Sep 16 20:40:13 honeypot-sgp-1 sshd[25880]: Invalid user installer from 116.98.174.154 port 49776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:40:34.770Z","@version":"1","message":"Sep 16 20:40:33 honeypot-sgp-1 sshd[25886]: Connection closed by invalid user admin 116.98.174.154 port 46214 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:00.783Z","@version":"1","message":"Sep 16 20:41:00 honeypot-sgp-1 kernel: [84236965.841758] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.211 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=57483 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:07.786Z","@version":"1","message":"Sep 16 20:41:07 honeypot-sgp-1 sshd[25898]: Connection closed by invalid user admin 116.98.174.154 port 33098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:12.789Z","@version":"1","message":"Sep 16 20:41:12 honeypot-sgp-1 sshd[25904]: Connection closed by invalid user centos 116.98.174.154 port 58642 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:26.796Z","@version":"1","message":"Sep 16 20:41:26 honeypot-sgp-1 sshd[25912]: Invalid user ftp from 116.98.174.154 port 39594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:32.800Z","@version":"1","message":"Sep 16 20:41:32 honeypot-sgp-1 kernel: [84236997.516050] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=27993 DF PROTO=TCP SPT=55484 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:39.804Z","@version":"1","message":"Sep 16 20:41:39 honeypot-sgp-1 sshd[25922]: Connection closed by invalid user user 116.98.174.154 port 55408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:41:54 honeypot-fra-1 sshd[22799]: Connection closed by authenticating user root 194.163.190.53 port 39944 [preauth]","@timestamp":"2022-09-16T20:41:54.847Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:42:05.817Z","@version":"1","message":"Sep 16 20:42:05 honeypot-sgp-1 sshd[25928]: Connection closed by invalid user is 116.98.174.154 port 36128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:10.819Z","@version":"1","message":"Sep 16 20:42:10 honeypot-sgp-1 sshd[25936]: Invalid user carl from 116.98.174.154 port 40296","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:13.821Z","@version":"1","message":"Sep 16 20:42:13 honeypot-sgp-1 sshd[25942]: Invalid user ftpuser from 116.98.174.154 port 56106","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:35.832Z","@version":"1","message":"Sep 16 20:42:35 honeypot-sgp-1 sshd[25946]: Invalid user music from 116.98.174.154 port 55608","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:39.834Z","@version":"1","message":"Sep 16 20:42:38 honeypot-sgp-1 sshd[25954]: Invalid user 1502 from 116.98.174.154 port 42302","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:47.839Z","@version":"1","message":"Sep 16 20:42:47 honeypot-sgp-1 sshd[25962]: Invalid user financeiro from 116.98.174.154 port 51100","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:52.842Z","@version":"1","message":"Sep 16 20:42:52 honeypot-sgp-1 sshd[25966]: Connection closed by authenticating user proxy 116.98.174.154 port 33670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:57.844Z","@version":"1","message":"Sep 16 20:42:57 honeypot-sgp-1 sshd[25974]: Invalid user ethos from 116.98.174.154 port 40386","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:06.849Z","@version":"1","message":"Sep 16 20:43:05 honeypot-sgp-1 sshd[25980]: Invalid user ubnt from 116.98.174.154 port 42094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:13.853Z","@version":"1","message":"Sep 16 20:43:13 honeypot-sgp-1 sshd[25986]: Connection closed by invalid user mobile 116.98.174.154 port 59190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:19.857Z","@version":"1","message":"Sep 16 20:43:19 honeypot-sgp-1 sshd[25994]: Invalid user support from 116.98.174.154 port 49200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:28.860Z","@version":"1","message":"Sep 16 20:43:28 honeypot-sgp-1 sshd[26001]: Connection closed by authenticating user root 116.98.174.154 port 57588 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:30.863Z","@version":"1","message":"Sep 16 20:43:30 honeypot-sgp-1 sshd[26000]: Connection closed by invalid user install 116.98.174.154 port 56592 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:39.867Z","@version":"1","message":"Sep 16 20:43:39 honeypot-sgp-1 sshd[26012]: Connection closed by invalid user ino 116.98.174.154 port 50490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:51.873Z","@version":"1","message":"Sep 16 20:43:50 honeypot-sgp-1 sshd[26018]: Connection closed by invalid user deploy 116.98.174.154 port 35304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:01.878Z","@version":"1","message":"Sep 16 20:44:00 honeypot-sgp-1 kernel: [84237146.222155] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34940 PROTO=TCP SPT=47936 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:07.882Z","@version":"1","message":"Sep 16 20:44:06 honeypot-sgp-1 sshd[26032]: Connection closed by invalid user admin 116.98.174.154 port 52262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:09.883Z","@version":"1","message":"Sep 16 20:44:09 honeypot-sgp-1 sshd[26036]: Connection closed by invalid user play 116.98.174.154 port 57312 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:16.887Z","@version":"1","message":"Sep 16 20:44:16 honeypot-sgp-1 sshd[26044]: Invalid user bill from 116.98.174.154 port 48568","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:22.890Z","@version":"1","message":"Sep 16 20:44:22 honeypot-sgp-1 sshd[26050]: Invalid user sanritu-m from 116.98.174.154 port 51210","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:40.898Z","@version":"1","message":"Sep 16 20:44:40 honeypot-sgp-1 sshd[26055]: Connection closed by invalid user support 116.98.174.154 port 57132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:56.906Z","@version":"1","message":"Sep 16 20:44:56 honeypot-sgp-1 sshd[26061]: Connection closed by invalid user shell 116.98.174.154 port 51384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:58.907Z","@version":"1","message":"Sep 16 20:44:58 honeypot-sgp-1 sshd[26067]: Connection closed by invalid user user2 116.98.174.154 port 49806 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:07.912Z","@version":"1","message":"Sep 16 20:45:07 honeypot-sgp-1 sshd[26071]: Received disconnect from 45.61.186.169 port 34836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:14.916Z","@version":"1","message":"Sep 16 20:45:14 honeypot-sgp-1 sshd[26080]: Invalid user payroll from 116.98.174.154 port 45118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:16.918Z","@version":"1","message":"Sep 16 20:45:16 honeypot-sgp-1 sshd[26084]: Connection closed by invalid user teamspeak 116.98.174.154 port 39564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:20.920Z","@version":"1","message":"Sep 16 20:45:20 honeypot-sgp-1 sshd[26094]: Invalid user user from 116.98.174.154 port 54792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:23.921Z","@version":"1","message":"Sep 16 20:45:23 honeypot-sgp-1 sshd[26098]: Received disconnect from 45.61.186.169 port 57430:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:31.926Z","@version":"1","message":"Sep 16 20:45:30 honeypot-sgp-1 sshd[26106]: Invalid user admin from 116.98.174.154 port 42166","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:31.926Z","@version":"1","message":"Sep 16 20:45:31 honeypot-sgp-1 sshd[26104]: Disconnected from invalid user user 45.61.186.169 port 40516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:37.929Z","@version":"1","message":"Sep 16 20:45:37 honeypot-sgp-1 sshd[26116]: Invalid user ftpuser from 116.98.174.154 port 60302","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:45:40 honeypot-ams-1 sshd[32107]: Received disconnect from 92.255.85.70 port 39412:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:45:40.800Z"}
{"@timestamp":"2022-09-16T20:45:43.932Z","@version":"1","message":"Sep 16 20:45:43 honeypot-sgp-1 sshd[26122]: Invalid user guest from 116.98.174.154 port 43158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:47.935Z","@version":"1","message":"Sep 16 20:45:47 honeypot-sgp-1 sshd[26130]: Invalid user test from 116.98.174.154 port 56610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:50.936Z","@version":"1","message":"Sep 16 20:45:50 honeypot-sgp-1 sshd[26134]: Invalid user sergey from 116.98.174.154 port 40572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:54.938Z","@version":"1","message":"Sep 16 20:45:54 honeypot-sgp-1 sshd[26138]: Disconnected from invalid user user 45.61.186.169 port 46194 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:57.940Z","@version":"1","message":"Sep 16 20:45:56 honeypot-sgp-1 sshd[26144]: Invalid user admin from 116.98.174.154 port 33956","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:08.946Z","@version":"1","message":"Sep 16 20:46:08 honeypot-sgp-1 sshd[26150]: Invalid user customer from 116.98.174.154 port 58418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:10.948Z","@version":"1","message":"Sep 16 20:46:10 honeypot-sgp-1 sshd[26156]: Invalid user db2inst2 from 116.98.174.154 port 57886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:18.952Z","@version":"1","message":"Sep 16 20:46:18 honeypot-sgp-1 sshd[26162]: Invalid user testing from 116.98.174.154 port 53048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:20.953Z","@version":"1","message":"Sep 16 20:46:20 honeypot-sgp-1 sshd[26168]: Invalid user laura from 116.98.174.154 port 45428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:31.959Z","@version":"1","message":"Sep 16 20:46:31 honeypot-sgp-1 sshd[26174]: Connection closed by authenticating user root 116.98.174.154 port 46564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:35.961Z","@version":"1","message":"Sep 16 20:46:35 honeypot-sgp-1 sshd[26180]: Connection closed by invalid user admin 116.98.174.154 port 38942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:03.975Z","@version":"1","message":"Sep 16 20:47:03 honeypot-sgp-1 sshd[26190]: Invalid user user1 from 116.98.174.154 port 60512","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:17.982Z","@version":"1","message":"Sep 16 20:47:17 honeypot-sgp-1 sshd[26196]: Invalid user scan from 116.98.174.154 port 39300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:33.990Z","@version":"1","message":"Sep 16 20:47:33 honeypot-sgp-1 sshd[26202]: Invalid user oracle from 116.98.174.154 port 35740","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:35.991Z","@version":"1","message":"Sep 16 20:47:35 honeypot-sgp-1 sshd[26208]: Invalid user sharon from 116.98.174.154 port 57324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:42.994Z","@version":"1","message":"Sep 16 20:47:42 honeypot-sgp-1 sshd[26214]: Invalid user ftpuser from 116.98.174.154 port 51190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:45.997Z","@version":"1","message":"Sep 16 20:47:45 honeypot-sgp-1 sshd[26220]: Connection closed by authenticating user root 116.98.174.154 port 48836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:52.000Z","@version":"1","message":"Sep 16 20:47:51 honeypot-sgp-1 sshd[26226]: Connection closed by invalid user admin 116.98.174.154 port 42458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:00.005Z","@version":"1","message":"Sep 16 20:47:59 honeypot-sgp-1 sshd[26234]: Invalid user security from 116.98.174.154 port 43840","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:06.008Z","@version":"1","message":"Sep 16 20:48:05 honeypot-sgp-1 sshd[26242]: Invalid user philippe from 116.98.174.154 port 36156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:08.009Z","@version":"1","message":"Sep 16 20:48:07 honeypot-sgp-1 sshd[26248]: Connection closed by invalid user admin 116.98.174.154 port 33400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:11.011Z","@version":"1","message":"Sep 16 20:48:10 honeypot-sgp-1 sshd[26254]: Connection closed by invalid user a 116.98.174.154 port 46040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:14.014Z","@version":"1","message":"Sep 16 20:48:13 honeypot-sgp-1 sshd[26260]: Connection closed by invalid user webuser 116.98.174.154 port 42310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:37.025Z","@version":"1","message":"Sep 16 20:48:36 honeypot-sgp-1 sshd[26268]: Invalid user git1 from 116.98.174.154 port 43062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:47.030Z","@version":"1","message":"Sep 16 20:48:46 honeypot-sgp-1 kernel: [84237431.632672] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=27272 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:55.033Z","@version":"1","message":"Sep 16 20:48:54 honeypot-sgp-1 sshd[26278]: Connection closed by invalid user pos 116.98.174.154 port 39786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:01.038Z","@version":"1","message":"Sep 16 20:49:00 honeypot-sgp-1 sshd[26286]: Invalid user admin from 116.98.174.154 port 46444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:15.045Z","@version":"1","message":"Sep 16 20:49:14 honeypot-sgp-1 sshd[26292]: Invalid user new from 116.98.174.154 port 48106","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:25.049Z","@version":"1","message":"Sep 16 20:49:24 honeypot-sgp-1 sshd[26298]: Invalid user notjoin from 116.98.174.154 port 53814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:39.056Z","@version":"1","message":"Sep 16 20:49:39 honeypot-sgp-1 sshd[26304]: Connection closed by authenticating user root 116.98.174.154 port 38478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:42.058Z","@version":"1","message":"Sep 16 20:49:41 honeypot-sgp-1 sshd[26310]: Connection closed by invalid user frank 116.98.174.154 port 38866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:44.060Z","@version":"1","message":"Sep 16 20:49:43 honeypot-sgp-1 sshd[26316]: Connection closed by invalid user webftp 116.98.174.154 port 59416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:45.061Z","@version":"1","message":"Sep 16 20:49:45 honeypot-sgp-1 sshd[26322]: Connection closed by invalid user ftp 116.98.174.154 port 55486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:51.064Z","@version":"1","message":"Sep 16 20:49:50 honeypot-sgp-1 sshd[26328]: Connection closed by authenticating user backup 116.98.174.154 port 35954 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:05.071Z","@version":"1","message":"Sep 16 20:50:05 honeypot-sgp-1 sshd[26334]: Connection closed by invalid user admin 116.98.174.154 port 42684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:21.079Z","@version":"1","message":"Sep 16 20:50:20 honeypot-sgp-1 sshd[26343]: Connection closed by authenticating user root 116.98.174.154 port 40832 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:28.082Z","@version":"1","message":"Sep 16 20:50:27 honeypot-sgp-1 sshd[26349]: Connection closed by invalid user student4 116.98.174.154 port 56588 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:34.086Z","@version":"1","message":"Sep 16 20:50:33 honeypot-sgp-1 sshd[26357]: Invalid user bob from 116.98.174.154 port 37714","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:36.087Z","@version":"1","message":"Sep 16 20:50:35 honeypot-sgp-1 sshd[26363]: Connection closed by invalid user teste 116.98.174.154 port 41764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:07.101Z","@version":"1","message":"Sep 16 20:51:06 honeypot-sgp-1 sshd[26371]: Connection closed by invalid user daniel 116.98.174.154 port 48216 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:17.107Z","@version":"1","message":"Sep 16 20:51:16 honeypot-sgp-1 sshd[26379]: Invalid user sakura from 116.98.174.154 port 44238","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:23.110Z","@version":"1","message":"Sep 16 20:51:22 honeypot-sgp-1 sshd[26385]: Invalid user shagrath from 116.98.174.154 port 42394","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:35.115Z","@version":"1","message":"Sep 16 20:51:34 honeypot-sgp-1 sshd[26391]: Connection closed by invalid user operator 116.98.174.154 port 41334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:37.117Z","@version":"1","message":"Sep 16 20:51:36 honeypot-sgp-1 sshd[26397]: Connection closed by invalid user support 116.98.174.154 port 37284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:51:40 honeypot-fra-1 kernel: [84235913.598784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.195 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28371 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:51:41.065Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:51:49.123Z","@version":"1","message":"Sep 16 20:51:48 honeypot-sgp-1 sshd[26405]: Connection closed by authenticating user root 116.98.174.154 port 36150 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:01.129Z","@version":"1","message":"Sep 16 20:52:00 honeypot-sgp-1 sshd[26413]: Connection closed by authenticating user backup 116.98.174.154 port 60686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:10.133Z","@version":"1","message":"Sep 16 20:52:09 honeypot-sgp-1 sshd[26419]: Connection closed by invalid user activesolutions 116.98.174.154 port 51338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:20.139Z","@version":"1","message":"Sep 16 20:52:19 honeypot-sgp-1 sshd[26425]: Connection closed by invalid user image 116.98.174.154 port 32860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:27.142Z","@version":"1","message":"Sep 16 20:52:26 honeypot-sgp-1 sshd[26433]: Invalid user jennifer from 116.98.174.154 port 53946","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:52:33 honeypot-ams-1 sshd[32111]: Disconnected from authenticating user root 80.76.51.189 port 46614 [preauth]","@timestamp":"2022-09-16T20:52:33.981Z"}
{"@timestamp":"2022-09-16T20:52:37.147Z","@version":"1","message":"Sep 16 20:52:36 honeypot-sgp-1 sshd[26439]: Connection closed by invalid user test2 116.98.174.154 port 57338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:41.150Z","@version":"1","message":"Sep 16 20:52:41 honeypot-sgp-1 sshd[26443]: Connection closed by invalid user fedora 116.98.174.154 port 39546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:57.158Z","@version":"1","message":"Sep 16 20:52:56 honeypot-sgp-1 sshd[26451]: Invalid user emilie from 116.98.174.154 port 36394","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:09.164Z","@version":"1","message":"Sep 16 20:53:08 honeypot-sgp-1 sshd[26457]: Invalid user client from 116.98.174.154 port 47976","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:24.171Z","@version":"1","message":"Sep 16 20:53:23 honeypot-sgp-1 sshd[26463]: Invalid user webadmin from 116.98.174.154 port 51122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:24 honeypot-ams-1 sshd[32117]: Did not receive identification string from 45.61.186.49 port 54150","@timestamp":"2022-09-16T20:53:25.007Z"}
{"@timestamp":"2022-09-16T20:53:38.178Z","@version":"1","message":"Sep 16 20:53:37 honeypot-sgp-1 sshd[26469]: Invalid user ashish from 116.98.174.154 port 36470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:44.182Z","@version":"1","message":"Sep 16 20:53:44 honeypot-sgp-1 sshd[26475]: Invalid user admin from 116.98.174.154 port 42944","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:47.184Z","@version":"1","message":"Sep 16 20:53:46 honeypot-sgp-1 kernel: [84237731.882410] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=49.143.32.6 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=13915 DF PROTO=TCP SPT=2119 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:47 honeypot-ams-1 sshd[32122]: Invalid user user from 45.61.186.49 port 37970","@timestamp":"2022-09-16T20:53:48.019Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:56 honeypot-ams-1 sshd[32126]: Received disconnect from 80.76.51.189 port 56216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:53:57.025Z"}
{"@timestamp":"2022-09-16T20:53:58.188Z","@version":"1","message":"Sep 16 20:53:57 honeypot-sgp-1 sshd[26485]: Connection closed by invalid user ghost 116.98.174.154 port 56896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:12.195Z","@version":"1","message":"Sep 16 20:54:11 honeypot-sgp-1 sshd[26491]: Connection closed by invalid user byte 116.98.174.154 port 33856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:20.200Z","@version":"1","message":"Sep 16 20:54:19 honeypot-sgp-1 sshd[26497]: Connection closed by invalid user omega 116.98.174.154 port 50310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:54:23 honeypot-ams-1 sshd[32130]: Disconnected from authenticating user root 80.76.51.189 port 40598 [preauth]","@timestamp":"2022-09-16T20:54:24.037Z"}
{"@timestamp":"2022-09-16T20:54:25.202Z","@version":"1","message":"Sep 16 20:54:24 honeypot-sgp-1 sshd[26505]: Invalid user mailtest from 116.98.174.154 port 38204","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:36.208Z","@version":"1","message":"Sep 16 20:54:35 honeypot-sgp-1 sshd[26513]: Invalid user free from 116.98.174.154 port 50278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:41.210Z","@version":"1","message":"Sep 16 20:54:40 honeypot-sgp-1 sshd[26519]: Invalid user downloads from 116.98.174.154 port 48882","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:45.213Z","@version":"1","message":"Sep 16 20:54:44 honeypot-sgp-1 kernel: [84237789.800908] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=245 ID=20938 PROTO=TCP SPT=5005 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:57.218Z","@version":"1","message":"Sep 16 20:54:56 honeypot-sgp-1 sshd[26531]: Connection closed by authenticating user root 116.98.174.154 port 57342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:12.226Z","@version":"1","message":"Sep 16 20:55:11 honeypot-sgp-1 sshd[26537]: Connection closed by invalid user sales 116.98.174.154 port 54498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:33.237Z","@version":"1","message":"Sep 16 20:55:32 honeypot-sgp-1 sshd[26546]: Invalid user chris from 116.98.174.154 port 57972","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:38.239Z","@version":"1","message":"Sep 16 20:55:37 honeypot-sgp-1 sshd[26552]: Invalid user prueba from 116.98.174.154 port 38930","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:45.244Z","@version":"1","message":"Sep 16 20:55:44 honeypot-sgp-1 sshd[26560]: Invalid user jacob from 116.98.174.154 port 33318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:48.246Z","@version":"1","message":"Sep 16 20:55:48 honeypot-sgp-1 sshd[26566]: Connection closed by invalid user ubuntu 116.98.174.154 port 33502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:55:50 honeypot-ams-1 sshd[32137]: Disconnected from authenticating user root 80.76.51.189 port 50224 [preauth]","@timestamp":"2022-09-16T20:55:51.080Z"}
{"@timestamp":"2022-09-16T20:55:54.248Z","@version":"1","message":"Sep 16 20:55:53 honeypot-sgp-1 sshd[26572]: Connection closed by invalid user mysql 116.98.174.154 port 56882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:00.253Z","@version":"1","message":"Sep 16 20:56:00 honeypot-sgp-1 sshd[26580]: Invalid user staff from 116.98.174.154 port 50984","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:17.261Z","@version":"1","message":"Sep 16 20:56:16 honeypot-sgp-1 sshd[26586]: Invalid user changup7 from 116.98.174.154 port 40158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:23.264Z","@version":"1","message":"Sep 16 20:56:22 honeypot-sgp-1 sshd[26590]: Invalid user user100 from 116.98.174.154 port 40436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:37.271Z","@version":"1","message":"Sep 16 20:56:37 honeypot-sgp-1 sshd[26598]: Connection closed by invalid user elemental 116.98.174.154 port 55968 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:43.274Z","@version":"1","message":"Sep 16 20:56:43 honeypot-sgp-1 sshd[26606]: Invalid user ryan from 116.98.174.154 port 34450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:48.277Z","@version":"1","message":"Sep 16 20:56:47 honeypot-sgp-1 sshd[26612]: Connection closed by invalid user support 116.98.174.154 port 36264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:57:00.283Z","@version":"1","message":"Sep 16 20:56:59 honeypot-sgp-1 sshd[26620]: Invalid user rui from 116.98.174.154 port 40834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:57:13.289Z","@version":"1","message":"Sep 16 20:57:12 honeypot-sgp-1 sshd[26626]: Connection closed by invalid user camera 116.98.174.154 port 51222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:57:21 honeypot-ams-1 sshd[32144]: Received disconnect from 80.76.51.189 port 59862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:57:22.123Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:58:24 honeypot-ams-1 sshd[32148]: Received disconnect from 80.76.51.189 port 56866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:58:25.152Z"}
{"@timestamp":"2022-09-16T20:58:47.329Z","@version":"1","message":"Sep 16 20:58:46 honeypot-sgp-1 kernel: [84238032.168325] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.157 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29314 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:59:26 honeypot-ams-1 sshd[32152]: Received disconnect from 80.76.51.189 port 53884:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:59:27.180Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:00:22 honeypot-fra-1 sshd[22811]: Connection closed by invalid user blank 179.60.147.69 port 44200 [preauth]","@timestamp":"2022-09-16T21:00:23.260Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:00:30 honeypot-ams-1 sshd[32157]: Received disconnect from 80.76.51.189 port 50894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:00:30.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:34 honeypot-ams-1 sshd[32161]: Received disconnect from 80.76.51.189 port 47908:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:01:34.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:47 honeypot-ams-1 sshd[32167]: Invalid user ubnt from 179.171.158.147 port 59480","@timestamp":"2022-09-16T21:01:48.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:51 honeypot-ams-1 sshd[32171]: Disconnected from authenticating user root 179.171.158.147 port 59658 [preauth]","@timestamp":"2022-09-16T21:01:51.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:58 honeypot-ams-1 sshd[32177]: Disconnected from authenticating user root 179.171.158.147 port 60050 [preauth]","@timestamp":"2022-09-16T21:01:59.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:06 honeypot-ams-1 sshd[32185]: Disconnected from authenticating user root 80.76.51.189 port 60524 [preauth]","@timestamp":"2022-09-16T21:02:07.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:13 honeypot-ams-1 sshd[32189]: Disconnected from authenticating user root 179.171.158.147 port 60740 [preauth]","@timestamp":"2022-09-16T21:02:14.267Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:21 honeypot-ams-1 sshd[32195]: Disconnected from authenticating user root 179.171.158.147 port 32928 [preauth]","@timestamp":"2022-09-16T21:02:21.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:27 honeypot-ams-1 sshd[32201]: Disconnected from authenticating user root 179.171.158.147 port 33262 [preauth]","@timestamp":"2022-09-16T21:02:28.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:33 honeypot-ams-1 sshd[32207]: Disconnected from authenticating user root 179.171.158.147 port 33530 [preauth]","@timestamp":"2022-09-16T21:02:34.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:39 honeypot-ams-1 sshd[32213]: Disconnected from authenticating user root 179.171.158.147 port 33898 [preauth]","@timestamp":"2022-09-16T21:02:40.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:44 honeypot-ams-1 sshd[32219]: Received disconnect from 179.171.158.147 port 34104:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:45.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:52 honeypot-ams-1 sshd[32225]: Received disconnect from 179.171.158.147 port 34516:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:53.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:58 honeypot-ams-1 sshd[32231]: Received disconnect from 179.171.158.147 port 34888:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:59.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:05 honeypot-ams-1 sshd[32237]: Received disconnect from 179.171.158.147 port 35194:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:06.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:10 honeypot-ams-1 sshd[32241]: Disconnected from invalid user admin 179.171.158.147 port 35528 [preauth]","@timestamp":"2022-09-16T21:03:11.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:13 honeypot-ams-1 sshd[32247]: Disconnected from invalid user postgres 80.76.51.189 port 57544 [preauth]","@timestamp":"2022-09-16T21:03:14.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:17 honeypot-ams-1 sshd[32249]: Disconnected from invalid user admin 179.171.158.147 port 35910 [preauth]","@timestamp":"2022-09-16T21:03:18.392Z"}
{"@timestamp":"2022-09-16T21:03:22.437Z","@version":"1","message":"Sep 16 21:03:21 honeypot-sgp-1 sshd[26637]: Disconnected from invalid user cmd 81.16.121.206 port 5812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:22 honeypot-ams-1 sshd[32253]: Disconnected from invalid user admin 179.171.158.147 port 36140 [preauth]","@timestamp":"2022-09-16T21:03:23.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:27 honeypot-ams-1 sshd[32257]: Disconnected from invalid user admin 179.171.158.147 port 36408 [preauth]","@timestamp":"2022-09-16T21:03:28.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:03:28 honeypot-fra-1 sshd[22817]: Disconnected from invalid user admin 194.226.49.130 port 46096 [preauth]","@timestamp":"2022-09-16T21:03:29.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:33 honeypot-ams-1 sshd[32261]: Disconnected from invalid user admin 179.171.158.147 port 36672 [preauth]","@timestamp":"2022-09-16T21:03:33.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:40 honeypot-ams-1 sshd[32267]: Received disconnect from 179.171.158.147 port 37062:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:40.406Z"}
{"@timestamp":"2022-09-16T21:03:42.446Z","@version":"1","message":"Sep 16 21:03:42 honeypot-sgp-1 sshd[26641]: Disconnected from invalid user ubnt 71.206.128.118 port 48104 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:44 honeypot-ams-1 sshd[32271]: Received disconnect from 179.171.158.147 port 37342:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:45.409Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:48 honeypot-ams-1 sshd[32275]: Invalid user ethos from 179.171.158.147 port 37548","@timestamp":"2022-09-16T21:03:49.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:51 honeypot-ams-1 sshd[32279]: Received disconnect from 179.171.158.147 port 37672:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:52.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:57 honeypot-ams-1 sshd[32283]: Received disconnect from 179.171.158.147 port 37942:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:57.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:00 honeypot-ams-1 sshd[32287]: Received disconnect from 179.171.158.147 port 38192:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:01.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:05 honeypot-ams-1 sshd[32291]: Invalid user postgres from 179.171.158.147 port 38434","@timestamp":"2022-09-16T21:04:05.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:10 honeypot-ams-1 sshd[32295]: Invalid user support from 179.171.158.147 port 38690","@timestamp":"2022-09-16T21:04:11.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:14 honeypot-ams-1 sshd[32299]: Invalid user ubuntu from 179.171.158.147 port 38916","@timestamp":"2022-09-16T21:04:15.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:20 honeypot-ams-1 sshd[32303]: Invalid user ubuntu from 179.171.158.147 port 39144","@timestamp":"2022-09-16T21:04:20.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:24 honeypot-ams-1 sshd[32307]: Invalid user guest from 179.171.158.147 port 39460","@timestamp":"2022-09-16T21:04:24.435Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:26 honeypot-ams-1 sshd[32311]: Received disconnect from 179.171.158.147 port 39554:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:26.437Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:30 honeypot-ams-1 sshd[32315]: Received disconnect from 179.171.158.147 port 39756:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:31.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:35 honeypot-ams-1 sshd[32324]: Received disconnect from 80.76.51.189 port 51574:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:05:35.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:06:09 honeypot-ams-1 sshd[32326]: Disconnected from authenticating user root 80.76.51.189 port 35962 [preauth]","@timestamp":"2022-09-16T21:06:10.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:08:11 honeypot-fra-1 sshd[22822]: Disconnected from invalid user music 64.227.178.106 port 46428 [preauth]","@timestamp":"2022-09-16T21:08:11.442Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:10:51.609Z","@version":"1","message":"Sep 16 21:10:51 honeypot-sgp-1 kernel: [84238756.738320] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=27162 PROTO=TCP SPT=42003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:11:35.630Z","@version":"1","message":"Sep 16 21:11:35 honeypot-sgp-1 sshd[26650]: Disconnected from invalid user ubuntu 66.76.55.84 port 52800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:11:46.635Z","@version":"1","message":"Sep 16 21:11:46 honeypot-sgp-1 sshd[26654]: Received disconnect from 71.206.128.118 port 48427:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:13:06.669Z","@version":"1","message":"Sep 16 21:13:06 honeypot-sgp-1 sshd[26658]: Disconnected from authenticating user root 193.114.115.146 port 40406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:17:01 honeypot-fra-1 CRON[22829]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T21:17:01.650Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:17:01 honeypot-ams-1 CRON[32331]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T21:17:02.796Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22855]: Invalid user guest from 134.209.151.21 port 49408","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22852]: Invalid user oracle from 134.209.151.21 port 49368","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22843]: Invalid user mysql from 134.209.151.21 port 49382","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22847]: Connection closed by authenticating user root 134.209.151.21 port 49376 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22846]: Connection closed by invalid user cloud 134.209.151.21 port 49340 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22842]: Connection closed by authenticating user root 134.209.151.21 port 49358 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22843]: Connection closed by invalid user mysql 134.209.151.21 port 49382 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:20:14.834Z","@version":"1","message":"Sep 16 21:20:14 honeypot-sgp-1 sshd[26667]: Disconnected from authenticating user root 41.79.235.35 port 34284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:22:52 honeypot-ams-1 sshd[32337]: Invalid user job from 103.186.100.72 port 60220","@timestamp":"2022-09-16T21:22:52.952Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:24:03 honeypot-fra-1 sshd[22886]: Connection closed by authenticating user root 194.163.190.53 port 35988 [preauth]","@timestamp":"2022-09-16T21:24:03.813Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:26:55 honeypot-ams-1 kernel: [84240196.308597] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=21725 PROTO=TCP SPT=13818 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:26:56.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:31:51 honeypot-ams-1 sshd[32344]: Invalid user user from 92.255.85.69 port 32134","@timestamp":"2022-09-16T21:31:52.188Z"}
{"@timestamp":"2022-09-16T21:35:20.182Z","@version":"1","message":"Sep 16 21:35:19 honeypot-sgp-1 sshd[26674]: Invalid user ubnt from 179.60.147.69 port 5994","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:35:41 honeypot-ams-1 kernel: [84240722.241314] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=26822 DF PROTO=TCP SPT=59183 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:35:41.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:39:25 honeypot-fra-1 sshd[22897]: Invalid user user from 92.255.85.70 port 18086","@timestamp":"2022-09-16T21:39:26.159Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:20 honeypot-fra-1 sshd[22901]: Invalid user admin from 153.198.160.41 port 48673","@timestamp":"2022-09-16T21:40:20.182Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:49 honeypot-fra-1 sshd[22905]: Received disconnect from 190.210.37.246 port 60065:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:40:50.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:43:19 honeypot-fra-1 sshd[22910]: Connection closed by authenticating user root 194.163.190.53 port 58374 [preauth]","@timestamp":"2022-09-16T21:43:20.254Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:44:05 honeypot-ams-1 kernel: [84241226.291411] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.230.103.249 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=47354 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:44:05.523Z"}
{"@timestamp":"2022-09-16T21:53:26.594Z","@version":"1","message":"Sep 16 21:53:25 honeypot-sgp-1 kernel: [84241311.097104] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.118.53.196 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=49144 PROTO=TCP SPT=28503 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:54:34 honeypot-fra-1 sshd[22915]: Received disconnect from 137.184.40.32 port 36998:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:54:34.504Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:55:10 honeypot-ams-1 sshd[32372]: Received disconnect from 92.255.85.69 port 43678:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:55:11.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:02:04 honeypot-fra-1 sshd[22922]: Invalid user system from 142.93.163.183 port 54332","@timestamp":"2022-09-16T22:02:04.674Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:04:22.847Z","@version":"1","message":"Sep 16 22:04:21 honeypot-sgp-1 sshd[26699]: Invalid user newyork from 203.150.102.162 port 60378","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:05:01 honeypot-fra-1 sshd[22926]: Received disconnect from 144.24.131.170 port 47472:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:05:01.739Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:05:58 honeypot-ams-1 kernel: [84242539.834137] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=6848 PROTO=TCP SPT=39458 DPT=80 WINDOW=17122 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:05:59.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:06:51 honeypot-fra-1 kernel: [84240423.869784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.23.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=64842 PROTO=TCP SPT=54321 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:06:51.784Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T22:08:12.937Z","@version":"1","message":"Sep 16 22:08:12 honeypot-sgp-1 kernel: [84242197.613548] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=2669 DF PROTO=TCP SPT=53720 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:08:44 honeypot-fra-1 sshd[22935]: Disconnected from invalid user aj 89.22.67.66 port 51118 [preauth]","@timestamp":"2022-09-16T22:08:44.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:10:38.997Z","@version":"1","message":"Sep 16 22:10:38 honeypot-sgp-1 sshd[26705]: Invalid user user from 45.61.184.204 port 33108","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:10:58.007Z","@version":"1","message":"Sep 16 22:10:57 honeypot-sgp-1 sshd[26709]: Invalid user user from 45.61.184.204 port 55744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:15.014Z","@version":"1","message":"Sep 16 22:11:14 honeypot-sgp-1 sshd[26713]: Invalid user user from 45.61.184.204 port 50170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:32.022Z","@version":"1","message":"Sep 16 22:11:31 honeypot-sgp-1 sshd[26717]: Invalid user user from 45.61.184.204 port 44610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:12:35 honeypot-fra-1 kernel: [84240767.717156] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34902 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:12:35.948Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:17:01 honeypot-ams-1 CRON[32379]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T22:17:01.380Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:17:01 honeypot-fra-1 CRON[22948]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T22:17:02.053Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:19:58 honeypot-ams-1 sshd[32385]: Disconnected from invalid user ubnt 46.101.23.51 port 56416 [preauth]","@timestamp":"2022-09-16T22:19:59.458Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:23:28 honeypot-ams-1 kernel: [84243589.779084] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=82.53.98.196 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=20281 PROTO=TCP SPT=18288 DPT=443 WINDOW=18823 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:23:29.552Z"}
{"@timestamp":"2022-09-16T22:24:47.328Z","@version":"1","message":"Sep 16 22:24:46 honeypot-sgp-1 kernel: [84243192.034691] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.239.14.251 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=39012 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:25:28 honeypot-fra-1 sshd[22955]: Invalid user theforest from 212.109.207.62 port 37652","@timestamp":"2022-09-16T22:25:29.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:26:36 honeypot-fra-1 kernel: [84241608.838102] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=59585 DF PROTO=TCP SPT=49494 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T22:26:37.274Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T22:29:09.435Z","@version":"1","message":"Sep 16 22:29:09 honeypot-sgp-1 sshd[26728]: Invalid user dan from 116.177.233.76 port 33030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:30:41.474Z","@version":"1","message":"Sep 16 22:30:40 honeypot-sgp-1 sshd[26733]: Invalid user builduser from 24.62.135.19 port 35862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:30:46 honeypot-ams-1 sshd[32392]: Disconnected from invalid user admin 210.183.21.48 port 24588 [preauth]","@timestamp":"2022-09-16T22:30:46.743Z"}
{"@timestamp":"2022-09-16T22:34:04.573Z","@version":"1","message":"Sep 16 22:34:04 honeypot-sgp-1 kernel: [84243749.348834] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=86.18.184.177 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=108 ID=64364 DF PROTO=TCP SPT=48733 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:37:12 honeypot-fra-1 sshd[22969]: Connection closed by authenticating user root 194.163.190.53 port 36156 [preauth]","@timestamp":"2022-09-16T22:37:13.512Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:38:23 honeypot-ams-1 kernel: [84244484.405499] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=7916 PROTO=TCP SPT=14617 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:38:23.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:34 honeypot-fra-1 sshd[22974]: Connection closed by invalid user admin 128.199.168.83 port 32268 [preauth]","@timestamp":"2022-09-16T22:44:34.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:37 honeypot-fra-1 sshd[22980]: Connection closed by invalid user admin 128.199.168.83 port 58060 [preauth]","@timestamp":"2022-09-16T22:44:37.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:16 honeypot-ams-1 sshd[32404]: Invalid user user from 45.61.184.204 port 57974","@timestamp":"2022-09-16T22:45:17.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:25 honeypot-ams-1 sshd[32406]: Disconnected from invalid user user 45.61.184.204 port 40960 [preauth]","@timestamp":"2022-09-16T22:45:26.138Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:44 honeypot-ams-1 sshd[32412]: Invalid user user from 45.61.184.204 port 35140","@timestamp":"2022-09-16T22:45:45.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:46:03 honeypot-ams-1 sshd[32416]: Invalid user user from 45.61.184.204 port 57558","@timestamp":"2022-09-16T22:46:03.158Z"}
{"@timestamp":"2022-09-16T22:48:55.940Z","@version":"1","message":"Sep 16 22:48:54 honeypot-sgp-1 sshd[26740]: Invalid user support from 179.60.147.69 port 16644","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:49:49 honeypot-fra-1 kernel: [84243001.639697] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=30403 PROTO=TCP SPT=45144 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:49:49.802Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:51:08 honeypot-ams-1 kernel: [84245250.039431] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.163.44 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=18020 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:51:09.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:52:58 honeypot-ams-1 sshd[32425]: Invalid user pi from 220.71.14.93 port 36316","@timestamp":"2022-09-16T22:52:59.343Z"}
{"@timestamp":"2022-09-16T22:57:01.133Z","@version":"1","message":"Sep 16 22:57:00 honeypot-sgp-1 sshd[26746]: Connection closed by 154.89.5.109 port 33246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:57:30 honeypot-fra-1 sshd[22992]: Connection closed by authenticating user root 194.163.190.53 port 60304 [preauth]","@timestamp":"2022-09-16T22:57:30.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:03:00 honeypot-ams-1 kernel: [84245961.219390] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=10415 DF PROTO=TCP SPT=50739 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T23:03:00.594Z"}
{"@timestamp":"2022-09-16T23:05:56.339Z","@version":"1","message":"Sep 16 23:05:56 honeypot-sgp-1 sshd[26753]: Connection closed by invalid user admin 128.199.160.207 port 45924 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:08:37 honeypot-fra-1 kernel: [84244129.741440] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=222.186.21.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=57480 DPT=443 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:08:38.251Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T23:08:40.403Z","@version":"1","message":"Sep 16 23:08:40 honeypot-sgp-1 kernel: [84245825.485601] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=36078 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:21.422Z","@version":"1","message":"Sep 16 23:09:20 honeypot-sgp-1 sshd[26762]: Received disconnect from 45.61.184.204 port 55172:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:40.430Z","@version":"1","message":"Sep 16 23:09:39 honeypot-sgp-1 sshd[26766]: Received disconnect from 45.61.184.204 port 49798:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:58.440Z","@version":"1","message":"Sep 16 23:09:57 honeypot-sgp-1 sshd[26770]: Received disconnect from 45.61.184.204 port 44402:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:11:32 honeypot-ams-1 kernel: [84246473.357727] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.8.240 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33252 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:11:32.807Z"}
{"@timestamp":"2022-09-16T23:14:45.551Z","@version":"1","message":"Sep 16 23:14:45 honeypot-sgp-1 sshd[26776]: Invalid user user from 45.61.186.49 port 52692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:14:59.558Z","@version":"1","message":"Sep 16 23:14:59 honeypot-sgp-1 sshd[26780]: Invalid user user from 45.61.186.49 port 35704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:17:01 honeypot-fra-1 CRON[23003]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T23:17:01.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:17:01.605Z","@version":"1","message":"Sep 16 23:17:01 honeypot-sgp-1 CRON[26784]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:19:17 honeypot-ams-1 kernel: [84246938.230667] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10071 PROTO=TCP SPT=50037 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:19:18.004Z"}
{"@timestamp":"2022-09-16T23:19:34.665Z","@version":"1","message":"Sep 16 23:19:33 honeypot-sgp-1 sshd[26789]: Disconnected from invalid user admin 92.255.85.69 port 47636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:23:19 honeypot-fra-1 sshd[23011]: Received disconnect from 171.244.140.174 port 11909:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:23:19.583Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32445]: Invalid user ubnt from 185.172.77.242 port 59758","@timestamp":"2022-09-16T23:25:09.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32449]: Disconnected from authenticating user root 185.172.77.242 port 59778 [preauth]","@timestamp":"2022-09-16T23:25:10.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:10 honeypot-ams-1 sshd[32455]: Disconnected from authenticating user root 185.172.77.242 port 59808 [preauth]","@timestamp":"2022-09-16T23:25:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:11 honeypot-ams-1 sshd[32461]: Disconnected from authenticating user root 185.172.77.242 port 59846 [preauth]","@timestamp":"2022-09-16T23:25:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:11 honeypot-ams-1 sshd[32467]: Disconnected from authenticating user root 185.172.77.242 port 59882 [preauth]","@timestamp":"2022-09-16T23:25:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:12 honeypot-ams-1 sshd[32473]: Disconnected from authenticating user root 185.172.77.242 port 59930 [preauth]","@timestamp":"2022-09-16T23:25:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:13 honeypot-ams-1 sshd[32479]: Disconnected from authenticating user root 185.172.77.242 port 60066 [preauth]","@timestamp":"2022-09-16T23:25:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:14 honeypot-ams-1 sshd[32485]: Disconnected from authenticating user root 185.172.77.242 port 60122 [preauth]","@timestamp":"2022-09-16T23:25:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:15 honeypot-ams-1 sshd[32491]: Disconnected from authenticating user root 185.172.77.242 port 60174 [preauth]","@timestamp":"2022-09-16T23:25:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:15 honeypot-ams-1 sshd[32497]: Disconnected from authenticating user root 185.172.77.242 port 60224 [preauth]","@timestamp":"2022-09-16T23:25:16.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:16 honeypot-ams-1 sshd[32503]: Disconnected from authenticating user root 185.172.77.242 port 60286 [preauth]","@timestamp":"2022-09-16T23:25:17.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:17 honeypot-ams-1 sshd[32509]: Disconnected from authenticating user root 185.172.77.242 port 60318 [preauth]","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32515]: Invalid user admin from 185.172.77.242 port 60364","@timestamp":"2022-09-16T23:25:19.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32519]: Invalid user admin from 185.172.77.242 port 60380","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32523]: Invalid user admin from 185.172.77.242 port 60426","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32527]: Invalid user admin from 185.172.77.242 port 60442","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32531]: Invalid user admin from 185.172.77.242 port 60462","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32535]: Received disconnect from 185.172.77.242 port 60494:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32539]: Disconnected from invalid user pi 185.172.77.242 port 60518 [preauth]","@timestamp":"2022-09-16T23:25:22.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32543]: Disconnected from invalid user user 185.172.77.242 port 60552 [preauth]","@timestamp":"2022-09-16T23:25:22.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32547]: Disconnected from invalid user mine 185.172.77.242 port 60582 [preauth]","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32551]: Disconnected from invalid user xbmc 185.172.77.242 port 60672 [preauth]","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32555]: Disconnected from invalid user oracle 185.172.77.242 port 60732 [preauth]","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32559]: Disconnected from invalid user postgres 185.172.77.242 port 60760 [preauth]","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32563]: Disconnected from invalid user support 185.172.77.242 port 60806 [preauth]","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32567]: Disconnected from invalid user ubuntu 185.172.77.242 port 60842 [preauth]","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32571]: Disconnected from invalid user ubuntu 185.172.77.242 port 60866 [preauth]","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32575]: Disconnected from invalid user guest 185.172.77.242 port 60920 [preauth]","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32579]: Disconnected from invalid user cirros 185.172.77.242 port 60954 [preauth]","@timestamp":"2022-09-16T23:25:27.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:28:06 honeypot-fra-1 sshd[23016]: Connection closed by authenticating user root 194.163.190.53 port 41834 [preauth]","@timestamp":"2022-09-16T23:28:06.691Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:28:52 honeypot-ams-1 sshd[32583]: Connection closed by invalid user test 179.60.147.69 port 4718 [preauth]","@timestamp":"2022-09-16T23:28:53.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:34 honeypot-fra-1 sshd[23033]: Invalid user ftpuser from 125.88.226.4 port 41686","@timestamp":"2022-09-16T23:29:35.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:35 honeypot-fra-1 sshd[23022]: Invalid user steam from 125.88.226.4 port 41674","@timestamp":"2022-09-16T23:29:36.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:36 honeypot-fra-1 sshd[23037]: Connection closed by invalid user web 125.88.226.4 port 41690 [preauth]","@timestamp":"2022-09-16T23:29:37.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:39 honeypot-fra-1 sshd[23031]: Invalid user guest from 125.88.226.4 port 41700","@timestamp":"2022-09-16T23:29:39.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:41 honeypot-fra-1 sshd[23031]: Connection closed by invalid user guest 125.88.226.4 port 41700 [preauth]","@timestamp":"2022-09-16T23:29:42.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:06 honeypot-fra-1 sshd[23020]: Connection closed by invalid user esuser 125.88.226.4 port 41684 [preauth]","@timestamp":"2022-09-16T23:30:06.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:10 honeypot-fra-1 sshd[23036]: Invalid user hadoop from 125.88.226.4 port 41672","@timestamp":"2022-09-16T23:30:10.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:16 honeypot-fra-1 sshd[23041]: Connection closed by invalid user postgres 125.88.226.4 port 41656 [preauth]","@timestamp":"2022-09-16T23:30:16.749Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:30:21.939Z","@version":"1","message":"Sep 16 23:30:20 honeypot-sgp-1 kernel: [84247126.137731] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=4824 PROTO=TCP SPT=51006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:22 honeypot-fra-1 sshd[23043]: Connection closed by invalid user devops 125.88.226.4 port 41704 [preauth]","@timestamp":"2022-09-16T23:30:23.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:31:03 honeypot-ams-1 kernel: [84247644.553336] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=35565 PROTO=TCP SPT=51006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:31:04.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:35:19 honeypot-ams-1 sshd[32592]: Disconnected from invalid user test4 157.230.228.27 port 39718 [preauth]","@timestamp":"2022-09-16T23:35:20.477Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:36:29 honeypot-fra-1 sshd[23079]: Invalid user libsys from 165.22.45.108 port 43676","@timestamp":"2022-09-16T23:36:29.891Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:43:09.235Z","@version":"1","message":"Sep 16 23:43:08 honeypot-sgp-1 sshd[26803]: Invalid user init from 92.255.85.70 port 58598","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:49:22 honeypot-fra-1 kernel: [84246574.586990] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=144.202.57.248 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=14025 PROTO=TCP SPT=50078 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:49:23.181Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:53:19 honeypot-ams-1 sshd[32599]: Disconnected from invalid user init 92.255.85.69 port 27018 [preauth]","@timestamp":"2022-09-16T23:53:19.945Z"}
{"@timestamp":"2022-09-16T23:56:55.554Z","@version":"1","message":"Sep 16 23:56:54 honeypot-sgp-1 kernel: [84248720.029228] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=237 ID=19746 PROTO=TCP SPT=59040 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:58:00 honeypot-fra-1 kernel: [84247093.224478] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.198 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56986 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:58:01.379Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:00:02 honeypot-fra-1 sshd[23098]: Disconnected from invalid user amy 196.132.38.47 port 53771 [preauth]","@timestamp":"2022-09-17T00:00:02.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:03:02 honeypot-fra-1 sshd[23104]: Invalid user support from 179.60.147.69 port 32966","@timestamp":"2022-09-17T00:03:03.499Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:03:13.723Z","@version":"1","message":"Sep 17 00:03:13 honeypot-sgp-1 kernel: [84249098.270706] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=34941 PROTO=TCP SPT=52804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:05:15 honeypot-ams-1 sshd[32603]: Invalid user support from 179.60.147.69 port 34688","@timestamp":"2022-09-17T00:05:16.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:07:29 honeypot-fra-1 kernel: [84247661.667868] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=61.157.226.70 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=6058 DF PROTO=TCP SPT=64989 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:07:29.603Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:14:05 honeypot-fra-1 sshd[23115]: Received disconnect from 179.43.156.143 port 59718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:14:06.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:15:52 honeypot-fra-1 sshd[23121]: Received disconnect from 179.43.156.143 port 49348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:15:53.817Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:16:34 honeypot-ams-1 sshd[32607]: Received disconnect from 92.255.85.69 port 27702:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:16:35.573Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:01 honeypot-fra-1 CRON[23125]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T00:17:01.848Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:17:02.042Z","@version":"1","message":"Sep 17 00:17:01 honeypot-sgp-1 CRON[26814]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:34 honeypot-fra-1 sshd[23132]: Disconnected from authenticating user root 27.77.249.10 port 48480 [preauth]","@timestamp":"2022-09-17T00:17:34.862Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:36 honeypot-ams-1 sshd[32613]: Received disconnect from 187.235.106.121 port 37360:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:37.603Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:37 honeypot-fra-1 sshd[23136]: Invalid user ubnt from 27.77.249.10 port 48558","@timestamp":"2022-09-17T00:17:37.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:40 honeypot-fra-1 sshd[23142]: Disconnected from authenticating user root 27.77.249.10 port 48800 [preauth]","@timestamp":"2022-09-17T00:17:40.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:44 honeypot-fra-1 sshd[23148]: Disconnected from authenticating user root 27.77.249.10 port 49006 [preauth]","@timestamp":"2022-09-17T00:17:44.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:45 honeypot-ams-1 sshd[32617]: Disconnected from invalid user user 45.61.186.249 port 39544 [preauth]","@timestamp":"2022-09-17T00:17:46.608Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:48 honeypot-fra-1 sshd[23154]: Disconnected from authenticating user root 27.77.249.10 port 49146 [preauth]","@timestamp":"2022-09-17T00:17:48.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:53 honeypot-fra-1 sshd[23160]: Disconnected from authenticating user root 27.77.249.10 port 49490 [preauth]","@timestamp":"2022-09-17T00:17:53.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:57 honeypot-fra-1 sshd[23166]: Disconnected from authenticating user root 27.77.249.10 port 49622 [preauth]","@timestamp":"2022-09-17T00:17:57.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:01 honeypot-fra-1 sshd[23172]: Disconnected from authenticating user root 27.77.249.10 port 49894 [preauth]","@timestamp":"2022-09-17T00:18:01.878Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:04 honeypot-ams-1 sshd[32621]: Disconnected from invalid user user 45.61.186.249 port 33746 [preauth]","@timestamp":"2022-09-17T00:18:05.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:05 honeypot-fra-1 sshd[23179]: Disconnected from authenticating user root 27.77.249.10 port 50044 [preauth]","@timestamp":"2022-09-17T00:18:05.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:09 honeypot-fra-1 sshd[23185]: Disconnected from authenticating user root 27.77.249.10 port 50240 [preauth]","@timestamp":"2022-09-17T00:18:09.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:13 honeypot-fra-1 sshd[23193]: Received disconnect from 179.43.156.143 port 35568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:18:13.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:16 honeypot-fra-1 sshd[23197]: Received disconnect from 27.77.249.10 port 50552:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:16.887Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:20 honeypot-fra-1 sshd[23203]: Received disconnect from 27.77.249.10 port 50818:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:20.891Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:22 honeypot-ams-1 sshd[32625]: Disconnected from invalid user user 45.61.186.249 port 56168 [preauth]","@timestamp":"2022-09-17T00:18:23.627Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:24 honeypot-fra-1 sshd[23209]: Invalid user admin from 27.77.249.10 port 50978","@timestamp":"2022-09-17T00:18:24.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:27 honeypot-fra-1 sshd[23213]: Invalid user admin from 27.77.249.10 port 51052","@timestamp":"2022-09-17T00:18:27.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:30 honeypot-fra-1 sshd[23217]: Invalid user admin from 27.77.249.10 port 51278","@timestamp":"2022-09-17T00:18:30.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:33 honeypot-fra-1 sshd[23221]: Invalid user admin from 27.77.249.10 port 51422","@timestamp":"2022-09-17T00:18:33.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:35 honeypot-fra-1 sshd[23225]: Invalid user admin from 27.77.249.10 port 51482","@timestamp":"2022-09-17T00:18:36.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:38 honeypot-fra-1 sshd[23229]: Invalid user user from 27.77.249.10 port 51550","@timestamp":"2022-09-17T00:18:38.902Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:39 honeypot-ams-1 sshd[32629]: Disconnected from invalid user user 45.61.186.249 port 50366 [preauth]","@timestamp":"2022-09-17T00:18:39.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:41 honeypot-fra-1 sshd[23233]: Disconnected from authenticating user root 27.77.249.10 port 51792 [preauth]","@timestamp":"2022-09-17T00:18:41.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:44 honeypot-fra-1 sshd[23237]: Disconnected from invalid user pi 27.77.249.10 port 51906 [preauth]","@timestamp":"2022-09-17T00:18:44.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:47 honeypot-fra-1 sshd[23241]: Disconnected from invalid user ethos 27.77.249.10 port 51990 [preauth]","@timestamp":"2022-09-17T00:18:47.907Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:50 honeypot-fra-1 sshd[23245]: Disconnected from invalid user miner 27.77.249.10 port 52198 [preauth]","@timestamp":"2022-09-17T00:18:50.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:52 honeypot-fra-1 sshd[23251]: Invalid user volumio from 27.77.249.10 port 52338","@timestamp":"2022-09-17T00:18:52.911Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:55 honeypot-fra-1 sshd[23255]: Invalid user nagios from 27.77.249.10 port 52412","@timestamp":"2022-09-17T00:18:55.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:58 honeypot-fra-1 sshd[23259]: Invalid user vagrant from 27.77.249.10 port 52494","@timestamp":"2022-09-17T00:18:58.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:00 honeypot-fra-1 sshd[23263]: Invalid user debian from 27.77.249.10 port 52718","@timestamp":"2022-09-17T00:19:01.916Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:03 honeypot-fra-1 sshd[23267]: Invalid user debian from 27.77.249.10 port 52860","@timestamp":"2022-09-17T00:19:03.917Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:06 honeypot-fra-1 sshd[23271]: Invalid user alarm from 27.77.249.10 port 52946","@timestamp":"2022-09-17T00:19:06.920Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:09 honeypot-fra-1 sshd[23275]: Invalid user test from 27.77.249.10 port 53110","@timestamp":"2022-09-17T00:19:09.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:12 honeypot-fra-1 sshd[23279]: Invalid user cirros from 27.77.249.10 port 53266","@timestamp":"2022-09-17T00:19:12.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:20:06 honeypot-fra-1 sshd[23283]: Disconnected from authenticating user root 179.43.156.143 port 53412 [preauth]","@timestamp":"2022-09-17T00:20:06.944Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:20:52 honeypot-ams-1 sshd[32635]: Invalid user ullar from 43.128.228.34 port 57522","@timestamp":"2022-09-17T00:20:52.698Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:21:25 honeypot-fra-1 sshd[23289]: Disconnected from authenticating user root 179.43.156.143 port 46502 [preauth]","@timestamp":"2022-09-17T00:21:25.978Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:21:32 honeypot-ams-1 kernel: [84250673.481910] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=147.182.199.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=27851 PROTO=TCP SPT=53929 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:21:32.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:23:53 honeypot-fra-1 sshd[23297]: Received disconnect from 92.255.85.69 port 20388:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:23:54.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:24:03.207Z","@version":"1","message":"Sep 17 00:24:02 honeypot-sgp-1 sshd[26820]: Disconnected from authenticating user root 220.130.164.120 port 36128 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:29 honeypot-ams-1 sshd[32643]: Invalid user test from 36.93.83.5 port 43162","@timestamp":"2022-09-17T00:26:29.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32645]: Connection closed by invalid user admin 36.93.83.5 port 43174 [preauth]","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32654]: Invalid user ansible from 36.93.83.5 port 43258","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32654]: Connection closed by invalid user ansible 36.93.83.5 port 43258 [preauth]","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32652]: Connection closed by invalid user admin 36.93.83.5 port 43178 [preauth]","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32657]: Connection closed by invalid user oracle 36.93.83.5 port 43286 [preauth]","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32686]: Connection closed by invalid user steam 36.93.83.5 port 43282 [preauth]","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:32 honeypot-ams-1 sshd[32666]: Connection closed by invalid user testuser 36.93.83.5 port 43318 [preauth]","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:33 honeypot-ams-1 sshd[32660]: Connection closed by authenticating user root 36.93.83.5 port 43224 [preauth]","@timestamp":"2022-09-17T00:26:33.857Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:34:06 honeypot-fra-1 sshd[23304]: Connection closed by 154.89.5.117 port 53498 [preauth]","@timestamp":"2022-09-17T00:34:06.272Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:34:33 honeypot-ams-1 sshd[32705]: Invalid user weng from 96.252.118.195 port 51026","@timestamp":"2022-09-17T00:34:34.071Z"}
{"@timestamp":"2022-09-17T00:36:05.492Z","@version":"1","message":"Sep 17 00:36:04 honeypot-sgp-1 kernel: [84251069.637686] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=20016 PROTO=TCP SPT=54916 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:37:13 honeypot-fra-1 kernel: [84249445.307465] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54461 PROTO=TCP SPT=54945 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:37:13.349Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:38:10 honeypot-ams-1 sshd[32707]: Disconnected from invalid user admin 128.199.42.242 port 35766 [preauth]","@timestamp":"2022-09-17T00:38:11.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:39:44 honeypot-ams-1 sshd[32712]: Disconnected from authenticating user root 92.255.85.70 port 30218 [preauth]","@timestamp":"2022-09-17T00:39:45.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:41:26 honeypot-ams-1 sshd[32718]: Connection closed by invalid user guest 179.60.147.69 port 36154 [preauth]","@timestamp":"2022-09-17T00:41:27.259Z"}
{"@timestamp":"2022-09-17T00:45:47.722Z","@version":"1","message":"Sep 17 00:45:46 honeypot-sgp-1 kernel: [84251651.818405] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.117 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38877 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:46:43 honeypot-fra-1 sshd[23319]: Received disconnect from 209.141.52.250 port 39462:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:46:43.568Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:54:20 honeypot-ams-1 kernel: [84252641.383475] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.95.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=43690 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:54:20.613Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:55:41 honeypot-fra-1 kernel: [84250553.505806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.254.155 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=44154 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:55:41.770Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T00:56:47.984Z","@version":"1","message":"Sep 17 00:56:47 honeypot-sgp-1 sshd[26834]: Disconnected from invalid user silver 206.81.9.31 port 19168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:58:35 honeypot-ams-1 sshd[32725]: Did not receive identification string from 45.61.187.160 port 59574","@timestamp":"2022-09-17T00:58:35.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:21 honeypot-ams-1 sshd[32726]: Disconnected from invalid user user 45.61.187.160 port 42538 [preauth]","@timestamp":"2022-09-17T00:59:21.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:46 honeypot-ams-1 sshd[32730]: Disconnected from invalid user user 45.61.187.160 port 37038 [preauth]","@timestamp":"2022-09-17T00:59:46.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:05 honeypot-ams-1 sshd[32734]: Disconnected from invalid user user 45.61.187.160 port 59788 [preauth]","@timestamp":"2022-09-17T01:00:05.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:23 honeypot-ams-1 sshd[32738]: Disconnected from invalid user user 45.61.187.160 port 54294 [preauth]","@timestamp":"2022-09-17T01:00:23.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:04:00 honeypot-ams-1 sshd[32743]: Disconnected from invalid user hadoop 81.192.87.130 port 37757 [preauth]","@timestamp":"2022-09-17T01:04:00.889Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:05:27 honeypot-fra-1 sshd[23329]: Connection closed by authenticating user root 194.163.190.53 port 49048 [preauth]","@timestamp":"2022-09-17T01:05:27.993Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:05:36.191Z","@version":"1","message":"Sep 17 01:05:35 honeypot-sgp-1 sshd[26842]: Received disconnect from 8.213.131.34 port 60322:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:20 honeypot-ams-1 sshd[32749]: Received disconnect from 116.70.238.244 port 58466:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:20.952Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:27 honeypot-ams-1 sshd[32755]: Received disconnect from 116.70.238.244 port 58660:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:27.956Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:34 honeypot-ams-1 sshd[32761]: Received disconnect from 116.70.238.244 port 58814:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:34.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:41 honeypot-ams-1 sshd[32767]: Received disconnect from 116.70.238.244 port 59013:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:41.964Z"}
{"@timestamp":"2022-09-17T01:07:33.238Z","@version":"1","message":"Sep 17 01:07:33 honeypot-sgp-1 sshd[26846]: Disconnected from authenticating user root 94.188.177.110 port 39648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:09:27 honeypot-fra-1 sshd[23334]: Disconnected from invalid user admin 159.223.92.205 port 55956 [preauth]","@timestamp":"2022-09-17T01:09:28.086Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:11:33 honeypot-ams-1 kernel: [84253674.635286] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.22.30.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=16644 PROTO=TCP SPT=50479 DPT=80 WINDOW=5365 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:11:34.095Z"}
{"@timestamp":"2022-09-17T01:11:48.341Z","@version":"1","message":"Sep 17 01:11:48 honeypot-sgp-1 sshd[26851]: Received disconnect from 218.255.245.10 port 49086:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:14:51 honeypot-fra-1 sshd[23341]: Connection closed by authenticating user root 194.163.190.53 port 33364 [preauth]","@timestamp":"2022-09-17T01:14:52.209Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:15:00.418Z","@version":"1","message":"Sep 17 01:14:59 honeypot-sgp-1 kernel: [84253404.628618] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.169.5.75 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=23500 PROTO=TCP SPT=42938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:17:32 honeypot-ams-1 sshd[312]: Connection closed by invalid user user 179.60.147.69 port 31054 [preauth]","@timestamp":"2022-09-17T01:17:32.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:22:21 honeypot-fra-1 kernel: [84252153.444996] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=42883 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:22:21.382Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:27:18 honeypot-fra-1 sshd[23356]: Disconnected from authenticating user root 161.35.45.62 port 47654 [preauth]","@timestamp":"2022-09-17T01:27:18.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:28:31.733Z","@version":"1","message":"Sep 17 01:28:30 honeypot-sgp-1 kernel: [84254215.938688] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=33361 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:29:35 honeypot-ams-1 kernel: [84254756.521533] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.254.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59481 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:29:35.573Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:31:52 honeypot-fra-1 sshd[23361]: Received disconnect from 165.22.45.108 port 53946:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T01:31:52.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:33:44.858Z","@version":"1","message":"Sep 17 01:33:44 honeypot-sgp-1 sshd[26866]: Disconnected from invalid user kyivstar 62.204.41.222 port 56479 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:33:48 honeypot-fra-1 sshd[23367]: Received disconnect from 111.21.99.227 port 52432:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:33:49.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:38:53 honeypot-fra-1 sshd[23372]: Disconnected from authenticating user root 159.65.141.28 port 38584 [preauth]","@timestamp":"2022-09-17T01:38:53.771Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:39:46 honeypot-ams-1 sshd[338]: Disconnected from authenticating user root 223.171.46.146 port 48650 [preauth]","@timestamp":"2022-09-17T01:39:46.853Z"}
{"@timestamp":"2022-09-17T01:44:18.110Z","@version":"1","message":"Sep 17 01:44:17 honeypot-sgp-1 sshd[26875]: Received disconnect from 206.189.153.63 port 37794:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:44:56 honeypot-ams-1 sshd[344]: Invalid user nagios from 209.212.45.102 port 47984","@timestamp":"2022-09-17T01:44:56.996Z"}
{"@timestamp":"2022-09-17T01:45:55.147Z","@version":"1","message":"Sep 17 01:45:54 honeypot-sgp-1 sshd[26880]: Received disconnect from 197.5.145.81 port 47682:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:46:32 honeypot-ams-1 sshd[347]: Disconnected from invalid user publish 185.53.170.6 port 44494 [preauth]","@timestamp":"2022-09-17T01:46:33.041Z"}
{"@timestamp":"2022-09-17T01:50:27.265Z","@version":"1","message":"Sep 17 01:50:26 honeypot-sgp-1 sshd[26886]: Connection closed by invalid user test 179.60.147.69 port 62020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:51:54 honeypot-ams-1 sshd[352]: Disconnecting invalid user admin 123.194.235.54 port 47843: Too many authentication failures [preauth]","@timestamp":"2022-09-17T01:51:54.186Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:52:04 honeypot-fra-1 kernel: [84253936.493501] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=63269 PROTO=TCP SPT=59489 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:52:05.071Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:56:55 honeypot-ams-1 kernel: [84256396.031968] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=87 TOS=0x00 PREC=0x00 TTL=252 ID=6385 PROTO=TCP SPT=26917 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:56:55.326Z"}
{"@timestamp":"2022-09-17T02:00:19.510Z","@version":"1","message":"Sep 17 02:00:18 honeypot-sgp-1 kernel: [84256123.805749] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.169.168.147 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=26 ID=63694 PROTO=TCP SPT=38543 DPT=3389 WINDOW=3072 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23395]: Invalid user ubuntu from 168.167.72.179 port 3139","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23390]: Invalid user oracle from 168.167.72.179 port 3145","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23406]: Invalid user es from 168.167.72.179 port 3159","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23394]: Connection closed by authenticating user root 168.167.72.179 port 3157 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23397]: Connection closed by invalid user michael 168.167.72.179 port 3134 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23398]: Connection closed by invalid user testuser 168.167.72.179 port 3138 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23407]: Connection closed by authenticating user root 168.167.72.179 port 3136 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23410]: Connection closed by invalid user www 168.167.72.179 port 3230 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:04:53 honeypot-ams-1 kernel: [84256874.666131] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.11.91.190 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=62312 PROTO=TCP SPT=18489 DPT=80 WINDOW=2417 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:04:54.545Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:07:54 honeypot-ams-1 kernel: [84257055.135122] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=50409 PROTO=TCP SPT=59489 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:07:54.631Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:10:36 honeypot-ams-1 kernel: [84257217.863079] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.56.100.216 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=30083 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:10:37.708Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:15:14 honeypot-fra-1 sshd[23442]: Disconnected from authenticating user root 147.135.219.202 port 56364 [preauth]","@timestamp":"2022-09-17T02:15:15.596Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:16:03.917Z","@version":"1","message":"Sep 17 02:16:03 honeypot-sgp-1 kernel: [84257068.289741] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23114 PROTO=TCP SPT=40322 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:16:06 honeypot-ams-1 sshd[371]: Received disconnect from 138.68.79.195 port 40504:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:16:06.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:17:59 honeypot-ams-1 sshd[376]: Disconnected from invalid user onfroy 103.117.220.24 port 46324 [preauth]","@timestamp":"2022-09-17T02:18:00.912Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:19:15 honeypot-fra-1 sshd[23449]: Connection closed by authenticating user root 194.163.190.53 port 56842 [preauth]","@timestamp":"2022-09-17T02:19:15.689Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:21:21 honeypot-ams-1 sshd[383]: Invalid user asj from 183.82.96.133 port 42476","@timestamp":"2022-09-17T02:21:22.031Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:25:37 honeypot-ams-1 kernel: [84258118.171969] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=222.186.21.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=111 ID=256 PROTO=TCP SPT=63245 DPT=443 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:25:38.149Z"}
{"@timestamp":"2022-09-17T02:26:00.167Z","@version":"1","message":"Sep 17 02:25:59 honeypot-sgp-1 kernel: [84257664.726028] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.226.17.248 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=21822 DF PROTO=TCP SPT=62887 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:26:54.192Z","@version":"1","message":"Sep 17 02:26:53 honeypot-sgp-1 sshd[26908]: Received disconnect from 45.61.186.49 port 47702:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:03.198Z","@version":"1","message":"Sep 17 02:27:02 honeypot-sgp-1 sshd[26912]: Received disconnect from 45.61.186.49 port 58688:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:40.214Z","@version":"1","message":"Sep 17 02:27:40 honeypot-sgp-1 sshd[26916]: Received disconnect from 92.255.85.69 port 48854:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:29:37 honeypot-fra-1 sshd[23459]: Invalid user licongcong from 165.22.45.108 port 59072","@timestamp":"2022-09-17T02:29:38.925Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:30:33 honeypot-fra-1 sshd[23461]: Disconnected from invalid user global 107.204.170.133 port 40894 [preauth]","@timestamp":"2022-09-17T02:30:33.948Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:31:23.309Z","@version":"1","message":"Sep 17 02:31:22 honeypot-sgp-1 sshd[26921]: Received disconnect from 161.35.177.39 port 56470:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:32:18 honeypot-ams-1 sshd[392]: Did not receive identification string from 85.31.46.45 port 49634","@timestamp":"2022-09-17T02:32:19.329Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:11 honeypot-ams-1 sshd[397]: Invalid user test from 85.31.46.45 port 42480","@timestamp":"2022-09-17T02:33:12.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:39 honeypot-ams-1 sshd[401]: Disconnected from authenticating user root 85.31.46.45 port 51158 [preauth]","@timestamp":"2022-09-17T02:33:40.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:34:21 honeypot-ams-1 sshd[409]: Disconnected from authenticating user root 85.31.46.45 port 50086 [preauth]","@timestamp":"2022-09-17T02:34:22.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:35:04 honeypot-ams-1 sshd[415]: Received disconnect from 85.31.46.45 port 48770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:35:04.416Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:35:32 honeypot-ams-1 sshd[420]: Received disconnect from 85.31.46.45 port 57248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:35:33.431Z"}
{"@timestamp":"2022-09-17T02:36:47.445Z","@version":"1","message":"Sep 17 02:36:47 honeypot-sgp-1 sshd[26928]: Received disconnect from 181.30.129.31 port 47478:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:40:02 honeypot-ams-1 kernel: [84258983.264666] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.3.151.2 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=19713 PROTO=TCP SPT=23581 DPT=80 WINDOW=63182 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:40:02.549Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:08 honeypot-fra-1 sshd[23467]: Connection closed by authenticating user root 194.163.190.53 port 50320 [preauth]","@timestamp":"2022-09-17T02:41:09.184Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:34 honeypot-fra-1 sshd[23472]: Invalid user user from 45.61.186.169 port 49348","@timestamp":"2022-09-17T02:41:35.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:51 honeypot-fra-1 sshd[23476]: Invalid user user from 45.61.186.169 port 43870","@timestamp":"2022-09-17T02:41:52.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:42:07 honeypot-fra-1 sshd[23480]: Invalid user user from 45.61.186.169 port 38408","@timestamp":"2022-09-17T02:42:08.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:44:02 honeypot-fra-1 sshd[23484]: Invalid user operator from 92.255.85.69 port 52258","@timestamp":"2022-09-17T02:44:03.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:09 honeypot-ams-1 sshd[431]: Disconnected from authenticating user root 60.179.177.78 port 54124 [preauth]","@timestamp":"2022-09-17T02:44:10.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:15 honeypot-ams-1 sshd[437]: Received disconnect from 60.179.177.78 port 54438:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:16.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:21 honeypot-ams-1 sshd[443]: Received disconnect from 60.179.177.78 port 54762:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:21.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:26 honeypot-ams-1 sshd[449]: Received disconnect from 60.179.177.78 port 55096:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:27.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:32 honeypot-ams-1 sshd[455]: Received disconnect from 60.179.177.78 port 55406:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:32.677Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:38 honeypot-ams-1 sshd[461]: Received disconnect from 60.179.177.78 port 55740:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:38.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:44 honeypot-ams-1 sshd[467]: Received disconnect from 60.179.177.78 port 56068:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:44.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:49 honeypot-ams-1 sshd[473]: Received disconnect from 60.179.177.78 port 56376:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:49.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:55 honeypot-ams-1 sshd[479]: Received disconnect from 60.179.177.78 port 56698:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:55.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:00 honeypot-ams-1 sshd[485]: Received disconnect from 60.179.177.78 port 57042:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:01.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:06 honeypot-ams-1 sshd[491]: Received disconnect from 60.179.177.78 port 57368:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:07.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:12 honeypot-ams-1 sshd[497]: Received disconnect from 60.179.177.78 port 57714:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:12.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:16 honeypot-ams-1 sshd[501]: Disconnected from invalid user admin 60.179.177.78 port 57934 [preauth]","@timestamp":"2022-09-17T02:45:16.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:20 honeypot-ams-1 sshd[505]: Disconnected from invalid user admin 60.179.177.78 port 58150 [preauth]","@timestamp":"2022-09-17T02:45:20.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:24 honeypot-ams-1 sshd[509]: Disconnected from invalid user admin 60.179.177.78 port 58426 [preauth]","@timestamp":"2022-09-17T02:45:24.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:28 honeypot-ams-1 sshd[513]: Disconnected from invalid user admin 60.179.177.78 port 58632 [preauth]","@timestamp":"2022-09-17T02:45:28.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:32 honeypot-ams-1 sshd[517]: Disconnected from invalid user admin 60.179.177.78 port 58868 [preauth]","@timestamp":"2022-09-17T02:45:32.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:35 honeypot-ams-1 sshd[521]: Disconnected from invalid user user 60.179.177.78 port 59074 [preauth]","@timestamp":"2022-09-17T02:45:36.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:41 honeypot-ams-1 sshd[527]: Received disconnect from 60.179.177.78 port 59418:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:41.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:45 honeypot-ams-1 sshd[531]: Received disconnect from 60.179.177.78 port 59622:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:45.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:49 honeypot-ams-1 sshd[535]: Received disconnect from 60.179.177.78 port 59838:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:49.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:53 honeypot-ams-1 sshd[539]: Received disconnect from 60.179.177.78 port 60068:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:53.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:56 honeypot-ams-1 sshd[543]: Received disconnect from 60.179.177.78 port 60304:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:57.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:00 honeypot-ams-1 sshd[547]: Received disconnect from 60.179.177.78 port 60542:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:00.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:04 honeypot-ams-1 sshd[551]: Received disconnect from 60.179.177.78 port 60764:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:04.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:08 honeypot-ams-1 sshd[555]: Received disconnect from 60.179.177.78 port 60970:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:08.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:12 honeypot-ams-1 sshd[559]: Received disconnect from 60.179.177.78 port 32986:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:12.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:15 honeypot-ams-1 sshd[563]: Received disconnect from 60.179.177.78 port 33212:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:16.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:19 honeypot-ams-1 sshd[567]: Received disconnect from 60.179.177.78 port 33444:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:46:20.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:47:48 honeypot-fra-1 sshd[23489]: Disconnected from invalid user kyivstar 62.204.41.222 port 15139 [preauth]","@timestamp":"2022-09-17T02:47:49.339Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:50:07 honeypot-ams-1 kernel: [84259588.681853] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.42 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=2164 PROTO=TCP SPT=51146 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:50:07.846Z"}
{"@timestamp":"2022-09-17T02:50:59.793Z","@version":"1","message":"Sep 17 02:50:59 honeypot-sgp-1 sshd[26933]: Received disconnect from 92.255.85.69 port 32044:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:53:10 honeypot-fra-1 kernel: [84257601.899167] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.254.155 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46365 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:53:10.460Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:00:15 honeypot-fra-1 sshd[23504]: Received disconnect from 164.88.188.134 port 56018:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:00:15.621Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:02:44.086Z","@version":"1","message":"Sep 17 03:02:43 honeypot-sgp-1 sshd[26937]: Invalid user support from 179.60.147.69 port 55914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:03:46 honeypot-ams-1 kernel: [84260406.936536] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=57608 PROTO=TCP SPT=49501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:03:46.202Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:04:06 honeypot-fra-1 sshd[23510]: Invalid user thanks from 104.131.186.38 port 41498","@timestamp":"2022-09-17T03:04:06.716Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:08:18.229Z","@version":"1","message":"Sep 17 03:08:17 honeypot-sgp-1 kernel: [84260202.359240] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45883 PROTO=TCP SPT=44044 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:08:38 honeypot-fra-1 sshd[23515]: Connection closed by authenticating user root 194.163.190.53 port 47128 [preauth]","@timestamp":"2022-09-17T03:08:38.820Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:14:10 honeypot-fra-1 sshd[23520]: Received disconnect from 157.245.9.6 port 43846:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:14:10.946Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:17:01.454Z","@version":"1","message":"Sep 17 03:17:01 honeypot-sgp-1 CRON[26943]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:17:01 honeypot-ams-1 CRON[579]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T03:17:01.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:17:05 honeypot-fra-1 sshd[23527]: Received disconnect from 107.204.170.133 port 60960:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:17:06.015Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:18:50 honeypot-ams-1 sshd[584]: Disconnected from invalid user wc 123.30.157.54 port 32776 [preauth]","@timestamp":"2022-09-17T03:18:50.605Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:25:11 honeypot-fra-1 kernel: [84259523.349326] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=53763 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:25:12.192Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:01 honeypot-fra-1 sshd[23538]: Received disconnect from 45.61.186.49 port 37486:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:27:02.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:11 honeypot-fra-1 sshd[23542]: Received disconnect from 45.61.186.49 port 49084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:27:12.238Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:29:12 honeypot-ams-1 sshd[590]: Invalid user user from 193.106.191.157 port 48948","@timestamp":"2022-09-17T03:29:13.876Z"}
{"@timestamp":"2022-09-17T03:29:19.756Z","@version":"1","message":"Sep 17 03:29:18 honeypot-sgp-1 kernel: [84261463.799574] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49346 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:29:24 honeypot-fra-1 kernel: [84259776.268484] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=142.147.97.169 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=37739 PROTO=TCP SPT=45502 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:29:25.291Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:11 honeypot-ams-1 sshd[596]: Invalid user user from 45.61.186.49 port 58168","@timestamp":"2022-09-17T03:36:12.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:21 honeypot-ams-1 sshd[600]: Invalid user user from 45.61.186.49 port 41604","@timestamp":"2022-09-17T03:36:22.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:38:38 honeypot-ams-1 sshd[604]: Invalid user lucy1 from 176.102.38.42 port 56024","@timestamp":"2022-09-17T03:38:39.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:39:57 honeypot-fra-1 sshd[23552]: Connection closed by authenticating user root 179.60.147.69 port 51320 [preauth]","@timestamp":"2022-09-17T03:39:57.533Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:41:34.052Z","@version":"1","message":"Sep 17 03:41:34 honeypot-sgp-1 sshd[26959]: Received disconnect from 190.144.141.210 port 41672:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T03:45:01.138Z","@version":"1","message":"Sep 17 03:45:00 honeypot-sgp-1 sshd[26964]: Invalid user hj from 138.68.79.195 port 57356","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:45:45 honeypot-ams-1 kernel: [84262926.637845] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.224.71.213 DST=178.62.254.91 LEN=40 TOS=0x14 PREC=0x00 TTL=43 ID=40864 DF PROTO=TCP SPT=46269 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:45:46.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:46:18 honeypot-fra-1 sshd[23559]: Connection closed by authenticating user root 194.163.190.53 port 55204 [preauth]","@timestamp":"2022-09-17T03:46:18.680Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:50:28.269Z","@version":"1","message":"Sep 17 03:50:27 honeypot-sgp-1 sshd[26969]: Invalid user xuwenhua from 137.116.144.39 port 46926","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:52:11 honeypot-fra-1 sshd[23566]: Disconnected from authenticating user root 27.118.22.221 port 36126 [preauth]","@timestamp":"2022-09-17T03:52:11.829Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:56:22 honeypot-ams-1 kernel: [84263563.814609] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.26.49.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=53634 PROTO=TCP SPT=5928 DPT=443 WINDOW=8472 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:56:23.586Z"}
{"@timestamp":"2022-09-17T03:57:35.444Z","@version":"1","message":"Sep 17 03:57:34 honeypot-sgp-1 kernel: [84263159.564161] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.161.27.89 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=43665 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:57:43 honeypot-fra-1 kernel: [84261474.818550] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=87.166.27.179 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=15533 PROTO=TCP SPT=45152 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:57:43.950Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:02:14 honeypot-ams-1 kernel: [84263915.815251] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=216.218.206.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36750 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:02:15.743Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:05:58 honeypot-fra-1 kernel: [84261969.986209] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.55 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53458 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:05:59.180Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:09:18 honeypot-ams-1 kernel: [84264339.105150] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=36054 PROTO=TCP SPT=18169 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:09:18.932Z"}
{"@timestamp":"2022-09-17T04:14:15.846Z","@version":"1","message":"Sep 17 04:14:15 honeypot-sgp-1 sshd[26991]: Connection closed by invalid user songjiazhi 103.188.176.251 port 53294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:14:29 honeypot-fra-1 sshd[23585]: Received disconnect from 61.177.173.47 port 23638:11:  [preauth]","@timestamp":"2022-09-17T04:14:29.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:17:24 honeypot-fra-1 sshd[23594]: Received disconnect from 61.177.172.98 port 34173:11:  [preauth]","@timestamp":"2022-09-17T04:17:24.450Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:18:40 honeypot-ams-1 sshd[626]: Invalid user default from 179.60.147.69 port 19034","@timestamp":"2022-09-17T04:18:41.184Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:20:23 honeypot-fra-1 sshd[23601]: Bad protocol version identification '\\003' from 194.165.16.10 port 40104","@timestamp":"2022-09-17T04:20:23.520Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:21:01.014Z","@version":"1","message":"Sep 17 04:21:00 honeypot-sgp-1 sshd[27001]: Received disconnect from 196.1.97.206 port 38602:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:26:09 honeypot-fra-1 sshd[23609]: Disconnected from invalid user licongcong 165.22.45.108 port 41130 [preauth]","@timestamp":"2022-09-17T04:26:09.654Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:00 honeypot-ams-1 sshd[630]: Received disconnect from 45.61.186.49 port 45190:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:27:00.410Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:10 honeypot-ams-1 sshd[634]: Received disconnect from 45.61.186.49 port 56918:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:27:11.416Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:29:41 honeypot-ams-1 kernel: [84265562.493344] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=60.171.177.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=33755 PROTO=TCP SPT=57596 DPT=80 WINDOW=41140 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:29:42.482Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:04 honeypot-fra-1 sshd[23621]: Invalid user user from 45.61.186.169 port 39748","@timestamp":"2022-09-17T04:32:04.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:22 honeypot-fra-1 sshd[23627]: Invalid user user from 45.61.186.169 port 34702","@timestamp":"2022-09-17T04:32:23.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:40 honeypot-fra-1 sshd[23631]: Invalid user user from 45.61.186.169 port 57872","@timestamp":"2022-09-17T04:32:40.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:56 honeypot-fra-1 sshd[23635]: Invalid user user from 45.61.186.169 port 52838","@timestamp":"2022-09-17T04:32:57.816Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:35:02.350Z","@version":"1","message":"Sep 17 04:35:02 honeypot-sgp-1 kernel: [84265407.081939] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=26580 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:35:32 honeypot-ams-1 sshd[641]: Invalid user superadmin from 91.240.118.222 port 7112","@timestamp":"2022-09-17T04:35:33.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:36:53 honeypot-fra-1 kernel: [84263825.578461] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=82.156.189.237 DST=165.22.82.222 LEN=60 TOS=0x08 PREC=0x00 TTL=45 ID=7551 DF PROTO=TCP SPT=53541 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:36:54.907Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:39:09.454Z","@version":"1","message":"Sep 17 04:39:08 honeypot-sgp-1 sshd[27012]: Disconnected from invalid user labs 159.203.177.51 port 49278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:41:22 honeypot-ams-1 kernel: [84266263.028616] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.164.128 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42907 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:41:22.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:43:44 honeypot-fra-1 kernel: [84264235.858593] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=78.188.101.126 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=55039 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:43:45.063Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:45:18 honeypot-fra-1 sshd[23653]: Disconnected from invalid user servidor 143.198.154.97 port 39322 [preauth]","@timestamp":"2022-09-17T04:45:19.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:49:18 honeypot-fra-1 sshd[23658]: Disconnected from authenticating user root 122.170.105.253 port 55158 [preauth]","@timestamp":"2022-09-17T04:49:19.197Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:49:48.716Z","@version":"1","message":"Sep 17 04:49:48 honeypot-sgp-1 sshd[27019]: Disconnected from authenticating user root 61.177.172.114 port 51141 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:51:09 honeypot-ams-1 kernel: [84266850.127966] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.193.63.117 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=358 PROTO=TCP SPT=48541 DPT=443 WINDOW=62940 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:51:10.063Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:51:25 honeypot-fra-1 sshd[23661]: Disconnected from invalid user kedma 206.189.146.112 port 39946 [preauth]","@timestamp":"2022-09-17T04:51:26.249Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:51:31.763Z","@version":"1","message":"Sep 17 04:51:31 honeypot-sgp-1 sshd[27023]: Invalid user user from 179.60.147.69 port 36276","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23673]: Invalid user oracle from 185.209.179.41 port 40872","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23688]: Invalid user esuser from 185.209.179.41 port 40938","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23682]: Invalid user ubuntu from 185.209.179.41 port 40930","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23680]: Connection closed by invalid user admin 185.209.179.41 port 40888 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23686]: Connection closed by invalid user postgres 185.209.179.41 port 40880 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23679]: Connection closed by invalid user bitwarden 185.209.179.41 port 40896 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23677]: Connection closed by invalid user wordpress 185.209.179.41 port 40862 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23715]: Invalid user deploy from 185.209.179.41 port 40932","@timestamp":"2022-09-17T04:52:19.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:19 honeypot-fra-1 sshd[23718]: Connection closed by authenticating user root 185.209.179.41 port 40858 [preauth]","@timestamp":"2022-09-17T04:52:19.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23730]: Invalid user esuser from 185.209.179.41 port 40854","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23725]: Connection closed by authenticating user root 185.209.179.41 port 40940 [preauth]","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:53:15.808Z","@version":"1","message":"Sep 17 04:53:15 honeypot-sgp-1 sshd[27027]: Disconnected from authenticating user root 2.234.152.80 port 60250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:54:22 honeypot-fra-1 kernel: [84264874.471381] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.155.90.105 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=35838 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:54:23.319Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:57:51.923Z","@version":"1","message":"Sep 17 04:57:51 honeypot-sgp-1 kernel: [84266775.973205] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34060 PROTO=TCP SPT=50103 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:00:16 honeypot-ams-1 kernel: [84267397.643581] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.204.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42953 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:00:17.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:00:21 honeypot-fra-1 sshd[23747]: Disconnected from authenticating user root 61.177.172.19 port 43265 [preauth]","@timestamp":"2022-09-17T05:00:21.459Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:02:51.047Z","@version":"1","message":"Sep 17 05:02:50 honeypot-sgp-1 sshd[27041]: Received disconnect from 194.87.206.52 port 58500:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:49.071Z","@version":"1","message":"Sep 17 05:03:48 honeypot-sgp-1 sshd[27046]: Invalid user user from 45.61.186.49 port 53506","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:57.076Z","@version":"1","message":"Sep 17 05:03:56 honeypot-sgp-1 sshd[27050]: Invalid user user from 45.61.186.49 port 36900","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:06:09.131Z","@version":"1","message":"Sep 17 05:06:09 honeypot-sgp-1 sshd[27055]: Received disconnect from 61.177.173.53 port 15757:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:09:36.214Z","@version":"1","message":"Sep 17 05:09:35 honeypot-sgp-1 sshd[27059]: Disconnected from authenticating user root 61.177.173.36 port 26957 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:13:45 honeypot-fra-1 sshd[23763]: Invalid user xuwenhua from 137.116.144.39 port 54352","@timestamp":"2022-09-17T05:13:45.758Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:15:45 honeypot-ams-1 kernel: [84268325.971908] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55942 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:15:45.702Z"}
{"@timestamp":"2022-09-17T05:17:02.395Z","@version":"1","message":"Sep 17 05:17:01 honeypot-sgp-1 CRON[27066]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:20:31 honeypot-fra-1 sshd[23771]: Disconnected from invalid user admin 168.121.105.25 port 22704 [preauth]","@timestamp":"2022-09-17T05:20:31.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:21:41.509Z","@version":"1","message":"Sep 17 05:21:40 honeypot-sgp-1 sshd[27074]: Received disconnect from 89.22.165.187 port 27637:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:22:30 honeypot-ams-1 kernel: [84268731.795833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.207.248.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=39534 PROTO=TCP SPT=50814 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:22:31.880Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:22:52 honeypot-fra-1 sshd[23778]: Connection closed by authenticating user root 194.163.190.53 port 53720 [preauth]","@timestamp":"2022-09-17T05:22:52.967Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:24:22 honeypot-fra-1 sshd[23786]: Received disconnect from 61.177.173.39 port 38786:11:  [preauth]","@timestamp":"2022-09-17T05:24:23.005Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:04 honeypot-ams-1 sshd[665]: Received disconnect from 45.61.187.160 port 50208:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T05:26:04.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:23 honeypot-ams-1 sshd[669]: Received disconnect from 45.61.187.160 port 44598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T05:26:23.984Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:40 honeypot-ams-1 sshd[673]: Received disconnect from 45.61.187.160 port 38890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T05:26:40.993Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:57 honeypot-ams-1 sshd[677]: Received disconnect from 45.61.187.160 port 33220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T05:26:58.002Z"}
{"@timestamp":"2022-09-17T05:27:24.645Z","@version":"1","message":"Sep 17 05:27:23 honeypot-sgp-1 kernel: [84268548.588067] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=26210 DF PROTO=TCP SPT=64763 DPT=3389 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:28:51 honeypot-fra-1 sshd[23793]: Invalid user debian from 179.60.147.69 port 39448","@timestamp":"2022-09-17T05:28:52.108Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:31:03 honeypot-ams-1 sshd[680]: Connection closed by invalid user debian 179.60.147.69 port 40150 [preauth]","@timestamp":"2022-09-17T05:31:03.111Z"}
{"@timestamp":"2022-09-17T05:32:43.776Z","@version":"1","message":"Sep 17 05:32:42 honeypot-sgp-1 kernel: [84268867.799167] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35135 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:33:10 honeypot-fra-1 sshd[24230]: Connection closed by authenticating user root 194.163.190.53 port 37360 [preauth]","@timestamp":"2022-09-17T05:33:10.207Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:33:52.806Z","@version":"1","message":"Sep 17 05:33:52 honeypot-sgp-1 sshd[27524]: Received disconnect from 45.61.184.204 port 41168:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:11.816Z","@version":"1","message":"Sep 17 05:34:11 honeypot-sgp-1 sshd[27528]: Received disconnect from 45.61.184.204 port 35630:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:30.826Z","@version":"1","message":"Sep 17 05:34:30 honeypot-sgp-1 sshd[27532]: Invalid user user from 45.61.184.204 port 58336","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:36:15.869Z","@version":"1","message":"Sep 17 05:36:15 honeypot-sgp-1 sshd[27536]: Received disconnect from 61.177.172.108 port 24240:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:38:38 honeypot-fra-1 sshd[24241]: Invalid user user4 from 64.225.22.216 port 52502","@timestamp":"2022-09-17T05:38:39.332Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:42:04.011Z","@version":"1","message":"Sep 17 05:42:03 honeypot-sgp-1 sshd[27542]: Disconnected from 61.177.173.51 port 53569 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:43:04 honeypot-fra-1 sshd[24246]: Connection closed by authenticating user root 194.163.190.53 port 49656 [preauth]","@timestamp":"2022-09-17T05:43:05.435Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:44:45 honeypot-ams-1 sshd[686]: ssh_dispatch_run_fatal: Connection from 88.88.97.30 port 36259: Connection corrupted [preauth]","@timestamp":"2022-09-17T05:44:45.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:49:17 honeypot-fra-1 kernel: [84268169.067074] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.170.93.12 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=55 ID=2844 DF PROTO=TCP SPT=41509 DPT=80 WINDOW=5808 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:49:18.579Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:53:44 honeypot-ams-1 sshd[694]: Invalid user austin from 134.209.127.189 port 53014","@timestamp":"2022-09-17T05:53:45.694Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:54:40 honeypot-fra-1 kernel: [84268491.488977] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=34.89.254.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=38821 PROTO=TCP SPT=53865 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:54:40.706Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:57:09 honeypot-ams-1 kernel: [84270810.710812] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.96.238.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=52341 PROTO=TCP SPT=49366 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:57:10.785Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:58:36 honeypot-fra-1 kernel: [84268727.910503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.109.205.92 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=11855 DF PROTO=TCP SPT=60241 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T05:58:36.798Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T05:59:51.439Z","@version":"1","message":"Sep 17 05:59:50 honeypot-sgp-1 sshd[27553]: Received disconnect from 61.177.173.53 port 24733:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:04:06 honeypot-fra-1 kernel: [84269057.589741] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=46406 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:04:06.925Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:05:46 honeypot-fra-1 sshd[24277]: Disconnected from invalid user marcel 23.94.194.115 port 60302 [preauth]","@timestamp":"2022-09-17T06:05:46.966Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:06:21.599Z","@version":"1","message":"Sep 17 06:06:21 honeypot-sgp-1 sshd[27560]: Invalid user cron from 61.76.169.138 port 21474","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:07:34 honeypot-ams-1 sshd[702]: Connection closed by authenticating user nobody 179.60.147.69 port 12376 [preauth]","@timestamp":"2022-09-17T06:07:35.062Z"}
{"@timestamp":"2022-09-17T06:07:35.632Z","@version":"1","message":"Sep 17 06:07:35 honeypot-sgp-1 sshd[27566]: Connection closed by invalid user pi 210.125.97.225 port 37212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:08:23 honeypot-ams-1 sshd[706]: Disconnected from invalid user user 116.177.233.76 port 7934 [preauth]","@timestamp":"2022-09-17T06:08:23.085Z"}
{"@timestamp":"2022-09-17T06:08:51.664Z","@version":"1","message":"Sep 17 06:08:50 honeypot-sgp-1 sshd[27569]: Disconnected from invalid user mi 123.30.187.208 port 47124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:11:45 honeypot-ams-1 sshd[710]: Received disconnect from 103.88.240.2 port 39380:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:11:45.175Z"}
{"@timestamp":"2022-09-17T06:14:47.933Z","@version":"1","message":"Sep 17 06:14:47 honeypot-sgp-1 kernel: [84271391.783409] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=44987 PROTO=TCP SPT=52014 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:17:01 honeypot-fra-1 CRON[24289]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T06:17:01.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:20:53 honeypot-ams-1 sshd[720]: Invalid user user from 193.106.191.157 port 49380","@timestamp":"2022-09-17T06:20:54.452Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:21:11 honeypot-fra-1 sshd[24295]: Disconnected from authenticating user root 61.177.173.37 port 54125 [preauth]","@timestamp":"2022-09-17T06:21:12.319Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:23:36.151Z","@version":"1","message":"Sep 17 06:23:36 honeypot-sgp-1 sshd[27585]: Disconnected from authenticating user root 61.177.172.19 port 40479 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:23:58 honeypot-ams-1 sshd[722]: Disconnected from invalid user ts3 221.165.227.155 port 38870 [preauth]","@timestamp":"2022-09-17T06:23:58.535Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:24:17 honeypot-fra-1 sshd[24301]: Connection closed by authenticating user root 194.163.190.53 port 43138 [preauth]","@timestamp":"2022-09-17T06:24:18.391Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:27:20.251Z","@version":"1","message":"Sep 17 06:27:19 honeypot-sgp-1 kernel: [84272144.359701] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.220.224 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58324 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:28:45 honeypot-fra-1 sshd[24463]: Connection closed by 87.236.176.129 port 35455 [preauth]","@timestamp":"2022-09-17T06:28:46.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:29:07 honeypot-ams-1 kernel: [84272728.328602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=43772 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:29:07.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:32:16 honeypot-fra-1 kernel: [84270748.349660] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.8 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37587 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:32:17.585Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T06:36:09.468Z","@version":"1","message":"Sep 17 06:36:08 honeypot-sgp-1 sshd[27748]: Invalid user images from 64.135.113.136 port 60744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:37:25 honeypot-fra-1 sshd[24568]: Received disconnect from 103.168.183.91 port 61219:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:37:25.727Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:39:19.548Z","@version":"1","message":"Sep 17 06:39:19 honeypot-sgp-1 sshd[27750]: Disconnected from 61.177.172.124 port 53229 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:39:45 honeypot-fra-1 sshd[24572]: Received disconnect from 61.177.172.19 port 30456:11:  [preauth]","@timestamp":"2022-09-17T06:39:45.781Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:41:55.613Z","@version":"1","message":"Sep 17 06:41:55 honeypot-sgp-1 sshd[27757]: Invalid user kf from 81.183.222.181 port 49558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:42:29.631Z","@version":"1","message":"Sep 17 06:42:29 honeypot-sgp-1 sshd[27761]: Connection closed by invalid user nodeproxy 103.188.176.251 port 60226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:43:35 honeypot-fra-1 sshd[24579]: Connection closed by authenticating user root 194.163.190.53 port 39900 [preauth]","@timestamp":"2022-09-17T06:43:35.870Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:43:49 honeypot-ams-1 sshd[988]: Invalid user support from 179.60.147.69 port 52590","@timestamp":"2022-09-17T06:43:50.053Z"}
{"@timestamp":"2022-09-17T06:49:38.806Z","@version":"1","message":"Sep 17 06:49:38 honeypot-sgp-1 kernel: [84273483.336272] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.33.132.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31246 PROTO=TCP SPT=57216 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:53:38 honeypot-fra-1 sshd[24586]: Disconnected from authenticating user root 61.177.173.52 port 32637 [preauth]","@timestamp":"2022-09-17T06:53:39.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:54:56.940Z","@version":"1","message":"Sep 17 06:54:56 honeypot-sgp-1 sshd[27953]: Received disconnect from 61.177.173.48 port 56077:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:00:43 honeypot-fra-1 sshd[24598]: Connection closed by invalid user castle 141.98.10.158 port 42902 [preauth]","@timestamp":"2022-09-17T07:00:44.259Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:07:03 honeypot-fra-1 sshd[24605]: Disconnected from authenticating user root 129.226.165.250 port 47952 [preauth]","@timestamp":"2022-09-17T07:07:03.406Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:07:52.253Z","@version":"1","message":"Sep 17 07:07:51 honeypot-sgp-1 sshd[27963]: Received disconnect from 61.177.173.35 port 51692:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:10:21 honeypot-ams-1 kernel: [84275202.218584] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.156.155.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=47555 PROTO=TCP SPT=45326 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:10:21.730Z"}
{"@timestamp":"2022-09-17T07:16:44.472Z","@version":"1","message":"Sep 17 07:16:43 honeypot-sgp-1 sshd[27974]: Invalid user ubnt from 179.60.147.69 port 35542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:09 honeypot-fra-1 sshd[24619]: Did not receive identification string from 45.61.186.169 port 37110","@timestamp":"2022-09-17T07:17:09.635Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:51 honeypot-fra-1 sshd[24622]: Connection closed by invalid user ubnt 179.60.147.69 port 21650 [preauth]","@timestamp":"2022-09-17T07:17:52.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:03 honeypot-fra-1 sshd[24626]: Disconnected from invalid user user 45.61.186.169 port 41162 [preauth]","@timestamp":"2022-09-17T07:18:03.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:19 honeypot-fra-1 sshd[24630]: Disconnected from invalid user user 45.61.186.169 port 36156 [preauth]","@timestamp":"2022-09-17T07:18:20.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:35 honeypot-fra-1 sshd[24634]: Disconnected from invalid user user 45.61.186.169 port 59370 [preauth]","@timestamp":"2022-09-17T07:18:35.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:21:31 honeypot-ams-1 kernel: [84275872.577240] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.22.30.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=13499 PROTO=TCP SPT=58157 DPT=80 WINDOW=9428 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:21:32.022Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:21:34 honeypot-fra-1 sshd[24642]: Disconnected from authenticating user root 61.177.173.49 port 25092 [preauth]","@timestamp":"2022-09-17T07:21:34.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:28:08 honeypot-ams-1 kernel: [84276269.207867] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=21515 PROTO=TCP SPT=18695 DPT=80 WINDOW=59071 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:28:09.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:24 honeypot-ams-1 sshd[1011]: Disconnected from invalid user oracle 193.142.146.50 port 44154 [preauth]","@timestamp":"2022-09-17T07:28:25.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:01 honeypot-ams-1 sshd[1015]: Disconnected from authenticating user root 193.142.146.50 port 42454 [preauth]","@timestamp":"2022-09-17T07:30:02.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:26 honeypot-ams-1 sshd[1019]: Disconnected from invalid user test 193.142.146.50 port 41320 [preauth]","@timestamp":"2022-09-17T07:30:27.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:31:16 honeypot-ams-1 sshd[1023]: Disconnected from invalid user centos 193.142.146.50 port 40188 [preauth]","@timestamp":"2022-09-17T07:31:17.289Z"}
{"@timestamp":"2022-09-17T07:31:33.843Z","@version":"1","message":"Sep 17 07:31:33 honeypot-sgp-1 kernel: [84275998.011190] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.95.91 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35885 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:31:48 honeypot-fra-1 kernel: [84274319.480740] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.199.191 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48779 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:31:48.978Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:08 honeypot-ams-1 sshd[1465]: Disconnected from invalid user mysql 193.142.146.50 port 39056 [preauth]","@timestamp":"2022-09-17T07:32:08.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:36 honeypot-ams-1 sshd[1469]: Received disconnect from 193.142.146.50 port 37922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:32:36.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:33:47 honeypot-ams-1 sshd[1475]: Received disconnect from 193.142.146.50 port 36790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:33:48.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:37:30 honeypot-fra-1 sshd[24664]: Did not receive identification string from 200.54.15.172 port 33464","@timestamp":"2022-09-17T07:37:31.112Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:40:32.057Z","@version":"1","message":"Sep 17 07:40:31 honeypot-sgp-1 kernel: [84276536.658070] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46160 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T07:42:54.116Z","@version":"1","message":"Sep 17 07:42:53 honeypot-sgp-1 sshd[28004]: Received disconnect from 45.95.235.77 port 50256:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:43:06 honeypot-ams-1 kernel: [84277167.682242] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37421 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:43:07.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:48 honeypot-ams-1 sshd[1485]: Received disconnect from 39.90.161.165 port 38356:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:43:48.618Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:54 honeypot-ams-1 sshd[1491]: Received disconnect from 39.90.161.165 port 38454:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:43:54.621Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:59 honeypot-ams-1 sshd[1497]: Received disconnect from 39.90.161.165 port 38922:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:00.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:05 honeypot-ams-1 sshd[1503]: Received disconnect from 39.90.161.165 port 39354:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:05.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:10 honeypot-ams-1 sshd[1509]: Received disconnect from 39.90.161.165 port 39512:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:11.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:17 honeypot-ams-1 sshd[1515]: Received disconnect from 39.90.161.165 port 39946:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:17.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:22 honeypot-ams-1 sshd[1521]: Received disconnect from 39.90.161.165 port 40076:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:23.639Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:28 honeypot-ams-1 sshd[1527]: Received disconnect from 39.90.161.165 port 40532:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:28.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:33 honeypot-ams-1 sshd[1533]: Received disconnect from 39.90.161.165 port 40660:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:34.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:39 honeypot-ams-1 sshd[1539]: Received disconnect from 39.90.161.165 port 41148:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:39.650Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:45 honeypot-ams-1 sshd[1545]: Received disconnect from 39.90.161.165 port 41512:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:44:45.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:44:59 honeypot-fra-1 sshd[24673]: Received disconnect from 61.177.172.124 port 64284:11:  [preauth]","@timestamp":"2022-09-17T07:44:59.284Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:12 honeypot-ams-1 sshd[1552]: Received disconnect from 45.61.186.49 port 52666:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:45:13.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:20 honeypot-ams-1 sshd[1556]: Received disconnect from 45.61.186.49 port 36036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:45:21.674Z"}
{"@timestamp":"2022-09-17T07:45:34.182Z","@version":"1","message":"Sep 17 07:45:33 honeypot-sgp-1 sshd[28011]: Received disconnect from 61.177.173.36 port 53338:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:46:14 honeypot-ams-1 kernel: [84277354.875661] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.222.102.95 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=112 ID=52850 DF PROTO=TCP SPT=44001 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:46:14.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:48:39 honeypot-ams-1 sshd[1566]: Received disconnect from 202.125.94.212 port 35255:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:48:39.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:49:28 honeypot-fra-1 sshd[24684]: Disconnected from authenticating user root 61.177.173.50 port 64884 [preauth]","@timestamp":"2022-09-17T07:49:29.387Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:50:55 honeypot-ams-1 kernel: [84277636.734410] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38190 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:50:56.822Z"}
{"@timestamp":"2022-09-17T07:52:55.359Z","@version":"1","message":"Sep 17 07:52:54 honeypot-sgp-1 sshd[28016]: Invalid user blank from 179.60.147.69 port 6056","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T07:56:15.441Z","@version":"1","message":"Sep 17 07:56:14 honeypot-sgp-1 sshd[28021]: Disconnected from authenticating user root 14.161.27.163 port 45626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:58:20 honeypot-fra-1 sshd[24693]: Received disconnect from 61.177.173.53 port 61069:11:  [preauth]","@timestamp":"2022-09-17T07:58:20.591Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:04:06.628Z","@version":"1","message":"Sep 17 08:04:06 honeypot-sgp-1 sshd[28030]: Invalid user nx from 188.138.138.176 port 40496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T08:07:55.721Z","@version":"1","message":"Sep 17 08:07:55 honeypot-sgp-1 sshd[28034]: Disconnected from authenticating user root 211.220.47.138 port 54898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:08:18 honeypot-ams-1 sshd[1579]: Invalid user master from 51.178.56.85 port 50772","@timestamp":"2022-09-17T08:08:19.271Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:09:52 honeypot-fra-1 sshd[24723]: Invalid user redhat from 137.184.135.135 port 59442","@timestamp":"2022-09-17T08:09:52.852Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:10:09 honeypot-ams-1 sshd[1584]: Received disconnect from 133.130.101.23 port 53040:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:10:10.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:13:07 honeypot-fra-1 sshd[24731]: Connection closed by authenticating user root 194.163.190.53 port 36740 [preauth]","@timestamp":"2022-09-17T08:13:07.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:01 honeypot-fra-1 CRON[24761]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T08:17:02.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:17:01 honeypot-ams-1 CRON[1587]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T08:17:02.501Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:55 honeypot-fra-1 sshd[24768]: Invalid user oracle from 178.128.72.150 port 51108","@timestamp":"2022-09-17T08:17:56.047Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:18:21 honeypot-fra-1 sshd[24771]: Disconnected from invalid user minecraft 178.128.72.150 port 36458 [preauth]","@timestamp":"2022-09-17T08:18:22.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:09 honeypot-fra-1 sshd[24775]: Disconnected from invalid user oracle 178.128.72.150 port 35376 [preauth]","@timestamp":"2022-09-17T08:19:10.079Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:19:23.995Z","@version":"1","message":"Sep 17 08:19:23 honeypot-sgp-1 kernel: [84278868.494783] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=60391 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:57 honeypot-fra-1 sshd[24779]: Disconnected from invalid user test 178.128.72.150 port 34340 [preauth]","@timestamp":"2022-09-17T08:19:58.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:29 honeypot-fra-1 sshd[24783]: Disconnected from invalid user lifferay 165.22.45.108 port 33476 [preauth]","@timestamp":"2022-09-17T08:20:29.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:07 honeypot-fra-1 sshd[24787]: Disconnected from invalid user ftpuser 178.128.72.150 port 46806 [preauth]","@timestamp":"2022-09-17T08:21:08.132Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:55 honeypot-fra-1 sshd[24793]: Received disconnect from 178.128.72.150 port 45724:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:21:56.155Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:22:40 honeypot-fra-1 sshd[24797]: Disconnected from authenticating user root 61.177.173.35 port 33336 [preauth]","@timestamp":"2022-09-17T08:22:41.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:25:25 honeypot-fra-1 sshd[24802]: Disconnected from authenticating user root 61.177.173.46 port 31062 [preauth]","@timestamp":"2022-09-17T08:25:25.238Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:29:24.240Z","@version":"1","message":"Sep 17 08:29:23 honeypot-sgp-1 sshd[28068]: Connection closed by invalid user guest 179.60.147.69 port 48602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:20 honeypot-fra-1 sshd[24811]: Did not receive identification string from 43.138.78.204 port 39684","@timestamp":"2022-09-17T08:31:20.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24824]: Invalid user xinyi from 43.138.78.204 port 49896","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24813]: Connection closed by invalid user systems 43.138.78.204 port 49884 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24824]: Connection closed by invalid user xinyi 43.138.78.204 port 49896 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24834]: Connection closed by invalid user alem 43.138.78.204 port 49830 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:23 honeypot-fra-1 sshd[24837]: Connection closed by invalid user suhelper 43.138.78.204 port 49834 [preauth]","@timestamp":"2022-09-17T08:31:23.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24847]: Invalid user linkl from 43.138.78.204 port 49848","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24857]: Invalid user opc from 43.138.78.204 port 49890","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24848]: Connection closed by invalid user contributor 43.138.78.204 port 49838 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24855]: Connection closed by invalid user testuser 43.138.78.204 port 49854 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:42 honeypot-fra-1 kernel: [84277913.572239] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.76 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48404 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:31:43.389Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:32:44 honeypot-ams-1 sshd[1610]: Connection closed by invalid user guest 179.60.147.69 port 50418 [preauth]","@timestamp":"2022-09-17T08:32:45.914Z"}
{"@timestamp":"2022-09-17T08:37:27.438Z","@version":"1","message":"Sep 17 08:37:26 honeypot-sgp-1 sshd[28074]: Disconnected from 61.177.173.37 port 45345 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:40:31 honeypot-ams-1 kernel: [84280611.901892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.138.160 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=65088 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:40:32.122Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:43:19 honeypot-fra-1 sshd[24886]: Connection closed by invalid user  152.32.154.27 port 58696 [preauth]","@timestamp":"2022-09-17T08:43:19.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:24 honeypot-fra-1 sshd[24894]: Received disconnect from 45.61.186.49 port 33196:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:46:24.718Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:29 honeypot-fra-1 sshd[24896]: Disconnected from invalid user user 45.61.186.49 port 38948 [preauth]","@timestamp":"2022-09-17T08:46:29.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:36 honeypot-fra-1 sshd[24900]: Disconnected from invalid user user 45.61.186.49 port 50454 [preauth]","@timestamp":"2022-09-17T08:46:37.725Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:48:04 honeypot-ams-1 kernel: [84281064.955885] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.16.28.136 DST=178.62.254.91 LEN=64 TOS=0x00 PREC=0x00 TTL=48 ID=11186 DF PROTO=TCP SPT=36318 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:48:04.324Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:49:43 honeypot-ams-1 sshd[1627]: Disconnected from invalid user zx 203.223.191.206 port 37808 [preauth]","@timestamp":"2022-09-17T08:49:44.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:52:35 honeypot-ams-1 sshd[1632]: Disconnected from authenticating user root 138.68.2.22 port 50242 [preauth]","@timestamp":"2022-09-17T08:52:35.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:52:35 honeypot-fra-1 kernel: [84279166.348530] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.109 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=43541 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:52:35.868Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T08:56:25.895Z","@version":"1","message":"Sep 17 08:56:25 honeypot-sgp-1 kernel: [84281090.295823] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=42607 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:57:26 honeypot-fra-1 sshd[24912]: Received disconnect from 81.192.87.130 port 33287:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:57:26.982Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:57:39 honeypot-ams-1 sshd[1640]: Received disconnect from 207.249.96.168 port 43528:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:57:39.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:01:10 honeypot-fra-1 sshd[24918]: Connection closed by invalid user  64.62.197.2 port 39398 [preauth]","@timestamp":"2022-09-17T09:01:11.094Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:05:18.117Z","@version":"1","message":"Sep 17 09:05:18 honeypot-sgp-1 sshd[28095]: Received disconnect from 103.54.85.180 port 34094:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T09:05:38.126Z","@version":"1","message":"Sep 17 09:05:37 honeypot-sgp-1 sshd[28099]: Connection closed by invalid user admin 179.60.147.69 port 1486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:06:22 honeypot-fra-1 sshd[24927]: Connection closed by authenticating user root 194.163.190.53 port 41570 [preauth]","@timestamp":"2022-09-17T09:06:22.214Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:08:54 honeypot-ams-1 sshd[1646]: Invalid user admin from 179.60.147.69 port 64280","@timestamp":"2022-09-17T09:08:54.877Z"}
{"@timestamp":"2022-09-17T09:08:55.209Z","@version":"1","message":"Sep 17 09:08:54 honeypot-sgp-1 sshd[28104]: Received disconnect from 138.68.166.112 port 36876:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:09:17 honeypot-fra-1 kernel: [84280168.540885] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=26056 PROTO=TCP SPT=44076 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:09:18.284Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:14:40 honeypot-fra-1 sshd[24938]: Received disconnect from 103.219.112.63 port 49598:11: Bye Bye [preauth]","@timestamp":"2022-09-17T09:14:40.406Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:15:58 honeypot-ams-1 sshd[1650]: Did not receive identification string from 178.128.72.150 port 40846","@timestamp":"2022-09-17T09:15:59.063Z"}
{"@timestamp":"2022-09-17T09:16:47.406Z","@version":"1","message":"Sep 17 09:16:46 honeypot-sgp-1 kernel: [84282311.235213] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.216.71.23 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=34077 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:16:57 honeypot-ams-1 sshd[1653]: Invalid user oracle from 178.128.72.150 port 43170","@timestamp":"2022-09-17T09:16:58.092Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:17:01 honeypot-fra-1 CRON[24943]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T09:17:01.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:17:24 honeypot-ams-1 sshd[1658]: Received disconnect from 178.128.72.150 port 58336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:17:25.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:18:17 honeypot-ams-1 sshd[1663]: Received disconnect from 178.128.72.150 port 60426:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:18:18.131Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:18:49 honeypot-fra-1 sshd[24948]: Disconnected from authenticating user root 61.177.173.53 port 30233 [preauth]","@timestamp":"2022-09-17T09:18:49.506Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:19:09 honeypot-ams-1 sshd[1667]: Received disconnect from 178.128.72.150 port 34286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:19:10.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:01 honeypot-ams-1 sshd[1671]: Received disconnect from 178.128.72.150 port 36382:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:02.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:08 honeypot-fra-1 sshd[24953]: Received disconnect from 45.61.186.169 port 55898:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:08.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:25 honeypot-fra-1 sshd[24958]: Received disconnect from 45.61.186.169 port 51102:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:26.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:34 honeypot-fra-1 kernel: [84280845.566962] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=24790 PROTO=TCP SPT=57217 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:20:35.554Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:49 honeypot-fra-1 sshd[24964]: Disconnected from invalid user user 45.61.186.169 port 58024 [preauth]","@timestamp":"2022-09-17T09:20:50.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:54 honeypot-ams-1 sshd[1675]: Received disconnect from 178.128.72.150 port 38486:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:55.208Z"}
{"@timestamp":"2022-09-17T09:21:31.524Z","@version":"1","message":"Sep 17 09:21:31 honeypot-sgp-1 sshd[28119]: Received disconnect from 61.177.173.35 port 23334:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:21:47 honeypot-ams-1 sshd[1679]: Received disconnect from 178.128.72.150 port 40582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:21:48.234Z"}
{"@timestamp":"2022-09-17T09:30:05.730Z","@version":"1","message":"Sep 17 09:30:05 honeypot-sgp-1 kernel: [84283109.690428] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=41559 PROTO=TCP SPT=46968 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:31:46 honeypot-ams-1 kernel: [84283687.309171] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.184.32.42 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=35713 PROTO=TCP SPT=62442 DPT=80 WINDOW=38530 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:31:47.492Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:38:32 honeypot-ams-1 sshd[1687]: Disconnected from invalid user stats 152.179.67.70 port 3707 [preauth]","@timestamp":"2022-09-17T09:38:32.669Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:39:51 honeypot-ams-1 kernel: [84284172.258485] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=26507 PROTO=TCP SPT=42045 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:39:51.707Z"}
{"@timestamp":"2022-09-17T09:40:15.997Z","@version":"1","message":"Sep 17 09:40:15 honeypot-sgp-1 kernel: [84283720.491569] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.101.5.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1413 PROTO=TCP SPT=47484 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:22 honeypot-fra-1 sshd[24986]: Invalid user ftpuser from 193.142.146.50 port 40318","@timestamp":"2022-09-17T09:40:23.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:33 honeypot-fra-1 sshd[24988]: Disconnected from invalid user git 193.142.146.50 port 39560 [preauth]","@timestamp":"2022-09-17T09:40:34.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:41:44 honeypot-fra-1 kernel: [84282115.559145] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=38371 PROTO=TCP SPT=47408 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:41:45.051Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:33 honeypot-fra-1 sshd[24999]: Received disconnect from 193.142.146.50 port 35766:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:42:34.073Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:59 honeypot-fra-1 sshd[25003]: Received disconnect from 193.142.146.50 port 34250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:43:00.085Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:43:17 honeypot-fra-1 sshd[25007]: Disconnected from invalid user centos 193.142.146.50 port 33490 [preauth]","@timestamp":"2022-09-17T09:43:18.093Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:23 honeypot-fra-1 kernel: [84282274.906088] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.231.7.107 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=4960 PROTO=TCP SPT=44814 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:44:24.121Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:41 honeypot-fra-1 sshd[25015]: Disconnected from invalid user admin 193.142.146.50 port 59446 [preauth]","@timestamp":"2022-09-17T09:44:41.128Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:44:57.116Z","@version":"1","message":"Sep 17 09:44:56 honeypot-sgp-1 sshd[28138]: Did not receive identification string from 193.3.19.178 port 64001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:45:09 honeypot-fra-1 sshd[25021]: Invalid user hadoop from 193.142.146.50 port 57930","@timestamp":"2022-09-17T09:45:10.142Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:50:38.257Z","@version":"1","message":"Sep 17 09:50:37 honeypot-sgp-1 kernel: [84284342.113873] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=41.112.169.248 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=62809 PROTO=TCP SPT=3488 DPT=443 WINDOW=55555 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:39 honeypot-ams-1 sshd[1696]: Invalid user user from 45.61.186.249 port 35288","@timestamp":"2022-09-17T09:50:39.984Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:50:50 honeypot-ams-1 kernel: [84284830.754322] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.36.168.250 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=55671 PROTO=TCP SPT=56122 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:50:50.991Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:51:03 honeypot-fra-1 sshd[25030]: Invalid user cdiptv from 194.163.190.53 port 39612","@timestamp":"2022-09-17T09:51:04.274Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:08 honeypot-ams-1 sshd[1702]: Disconnected from invalid user user 45.61.186.249 port 42654 [preauth]","@timestamp":"2022-09-17T09:51:09.001Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:27 honeypot-ams-1 sshd[1706]: Disconnected from invalid user user 45.61.186.249 port 38162 [preauth]","@timestamp":"2022-09-17T09:51:28.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:54:10 honeypot-fra-1 sshd[25039]: Invalid user osmc from 167.71.74.3 port 46598","@timestamp":"2022-09-17T09:54:11.347Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:56:11 honeypot-ams-1 sshd[1714]: Disconnected from authenticating user root 46.19.141.122 port 33766 [preauth]","@timestamp":"2022-09-17T09:56:12.131Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:56:31 honeypot-fra-1 sshd[25046]: Disconnected from authenticating user root 61.177.173.47 port 38934 [preauth]","@timestamp":"2022-09-17T09:56:31.402Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:56:46 honeypot-ams-1 sshd[1718]: Disconnected from authenticating user root 46.19.141.122 port 52176 [preauth]","@timestamp":"2022-09-17T09:56:47.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:57:55 honeypot-ams-1 sshd[1722]: Disconnected from authenticating user root 46.101.169.25 port 46392 [preauth]","@timestamp":"2022-09-17T09:57:56.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:29 honeypot-ams-1 sshd[1726]: Disconnected from invalid user admin 46.19.141.122 port 60794 [preauth]","@timestamp":"2022-09-17T09:58:30.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:10 honeypot-ams-1 sshd[1731]: Disconnected from invalid user raspberry 46.19.141.122 port 50904 [preauth]","@timestamp":"2022-09-17T09:59:10.216Z"}
{"@timestamp":"2022-09-17T09:59:32.476Z","@version":"1","message":"Sep 17 09:59:32 honeypot-sgp-1 kernel: [84284876.907885] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=95.158.44.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=29764 DF PROTO=TCP SPT=44324 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:59:40 honeypot-fra-1 sshd[25052]: Connection closed by invalid user cdiptv 194.163.190.53 port 50006 [preauth]","@timestamp":"2022-09-17T09:59:41.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:55 honeypot-ams-1 sshd[1735]: Disconnected from invalid user usuario 46.19.141.122 port 41070 [preauth]","@timestamp":"2022-09-17T09:59:56.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:00:41 honeypot-ams-1 sshd[1739]: Disconnected from invalid user 1234 46.19.141.122 port 59446 [preauth]","@timestamp":"2022-09-17T10:00:41.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:01:53 honeypot-ams-1 sshd[1746]: Received disconnect from 46.19.141.122 port 44638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:01:54.294Z"}
{"@timestamp":"2022-09-17T10:02:29.554Z","@version":"1","message":"Sep 17 10:02:29 honeypot-sgp-1 sshd[28158]: Did not receive identification string from 87.236.176.154 port 41779","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:02:45 honeypot-ams-1 sshd[1750]: Disconnected from authenticating user root 46.19.141.122 port 34772 [preauth]","@timestamp":"2022-09-17T10:02:45.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:04:06 honeypot-ams-1 sshd[1756]: Disconnected from authenticating user root 46.19.141.122 port 48210 [preauth]","@timestamp":"2022-09-17T10:04:07.358Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:05:33 honeypot-fra-1 sshd[25057]: Disconnected from authenticating user root 217.67.121.75 port 44534 [preauth]","@timestamp":"2022-09-17T10:05:33.610Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:15:22 honeypot-ams-1 sshd[1766]: Received disconnect from 190.226.244.9 port 55614:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:15:23.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:16:16 honeypot-fra-1 sshd[25062]: Disconnected from invalid user lifferay 165.22.45.108 port 43740 [preauth]","@timestamp":"2022-09-17T10:16:17.853Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:17:35 honeypot-ams-1 sshd[1772]: Received disconnect from 79.0.207.126 port 46316:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:17:35.700Z"}
{"@timestamp":"2022-09-17T10:18:04.937Z","@version":"1","message":"Sep 17 10:18:03 honeypot-sgp-1 kernel: [84285988.514317] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.30.10.5 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=9168 PROTO=TCP SPT=42164 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:19:29 honeypot-fra-1 sshd[25070]: Invalid user blank from 179.60.147.69 port 52178","@timestamp":"2022-09-17T10:19:29.930Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:22:00 honeypot-ams-1 kernel: [84286700.795161] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=19177 PROTO=TCP SPT=51610 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:22:00.817Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:22:42 honeypot-fra-1 kernel: [84284573.720485] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=31318 DF PROTO=TCP SPT=59456 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:22:43.008Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25076]: Invalid user ubuntu from 196.216.253.24 port 38532","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25078]: Connection closed by invalid user postgres 196.216.253.24 port 38514 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:15 honeypot-fra-1 sshd[25095]: Invalid user ubuntu from 196.216.253.24 port 38558","@timestamp":"2022-09-17T10:24:16.046Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:27:55 honeypot-ams-1 kernel: [84287056.021622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27631 PROTO=TCP SPT=52014 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:27:55.972Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:29:01 honeypot-fra-1 sshd[25100]: Disconnected from invalid user lk 45.80.64.246 port 41072 [preauth]","@timestamp":"2022-09-17T10:29:02.155Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:31:01 honeypot-ams-1 kernel: [84287242.312661] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=53914 PROTO=TCP SPT=49586 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:31:02.055Z"}
{"@timestamp":"2022-09-17T10:31:09.259Z","@version":"1","message":"Sep 17 10:31:08 honeypot-sgp-1 sshd[28239]: Invalid user desenv from 190.153.249.99 port 50469","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T10:31:36.274Z","@version":"1","message":"Sep 17 10:31:36 honeypot-sgp-1 sshd[28242]: Received disconnect from 123.122.162.24 port 59815:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T10:34:26.346Z","@version":"1","message":"Sep 17 10:34:25 honeypot-sgp-1 sshd[28246]: Disconnected from invalid user discord 157.245.252.34 port 34506 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:34:45 honeypot-ams-1 sshd[1793]: Corrupted MAC on input. [preauth]","@timestamp":"2022-09-17T10:34:46.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:35:18 honeypot-fra-1 sshd[25105]: Connection closed by invalid user juzici 194.163.190.53 port 39972 [preauth]","@timestamp":"2022-09-17T10:35:19.299Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:36:21.397Z","@version":"1","message":"Sep 17 10:36:20 honeypot-sgp-1 kernel: [84287085.321632] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=8529 PROTO=TCP SPT=50783 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:40:47 honeypot-fra-1 kernel: [84285658.715608] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.194.227.133 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=12692 PROTO=TCP SPT=40432 DPT=80 WINDOW=46557 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:40:48.427Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:41:47 honeypot-ams-1 kernel: [84287888.260571] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=2950 DF PROTO=TCP SPT=63977 DPT=3389 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T10:41:48.349Z"}
{"@timestamp":"2022-09-17T10:43:23.569Z","@version":"1","message":"Sep 17 10:43:23 honeypot-sgp-1 sshd[28255]: Received disconnect from 46.41.142.93 port 40454:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:46:32 honeypot-fra-1 kernel: [84286003.449483] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13010 PROTO=TCP SPT=49586 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:46:33.559Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:46:44 honeypot-ams-1 sshd[1803]: Invalid user user from 45.61.184.204 port 46614","@timestamp":"2022-09-17T10:46:44.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:05 honeypot-ams-1 sshd[1807]: Invalid user user from 45.61.184.204 port 41896","@timestamp":"2022-09-17T10:47:05.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:24 honeypot-ams-1 sshd[1811]: Invalid user user from 45.61.184.204 port 37176","@timestamp":"2022-09-17T10:47:24.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:41 honeypot-ams-1 sshd[1815]: Invalid user user from 45.61.184.204 port 60686","@timestamp":"2022-09-17T10:47:41.509Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:52:38 honeypot-fra-1 sshd[25121]: Invalid user cdh from 194.163.190.53 port 32840","@timestamp":"2022-09-17T10:52:38.700Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:54:29.840Z","@version":"1","message":"Sep 17 10:54:28 honeypot-sgp-1 sshd[28261]: Invalid user admin from 179.60.147.69 port 25388","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:55:37 honeypot-fra-1 sshd[25126]: Connection closed by invalid user admin 179.60.147.69 port 23298 [preauth]","@timestamp":"2022-09-17T10:55:37.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:57:49 honeypot-ams-1 sshd[1818]: Connection closed by invalid user admin 179.60.147.69 port 59566 [preauth]","@timestamp":"2022-09-17T10:57:49.769Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:03:40 honeypot-fra-1 kernel: [84287031.677615] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=45484 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:03:40.955Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T11:04:34.110Z","@version":"1","message":"Sep 17 11:04:33 honeypot-sgp-1 kernel: [84288777.625310] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=16547 DF PROTO=TCP SPT=21156 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:05:43 honeypot-ams-1 sshd[1824]: Connection closed by invalid user user 193.106.191.157 port 38644 [preauth]","@timestamp":"2022-09-17T11:05:43.976Z"}
{"@timestamp":"2022-09-17T11:11:47.293Z","@version":"1","message":"Sep 17 11:11:46 honeypot-sgp-1 kernel: [84289210.808824] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=42.81.157.50 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=64694 PROTO=TCP SPT=51760 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:13:43.343Z","@version":"1","message":"Sep 17 11:13:43 honeypot-sgp-1 sshd[28270]: Received disconnect from 189.56.100.42 port 47471:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:15:06 honeypot-fra-1 sshd[25137]: Disconnected from invalid user lifferay 165.22.45.108 port 48894 [preauth]","@timestamp":"2022-09-17T11:15:06.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:16:03.401Z","@version":"1","message":"Sep 17 11:16:02 honeypot-sgp-1 sshd[28275]: Invalid user gitlab-runner from 20.91.212.97 port 45598","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:16:36 honeypot-fra-1 sshd[25141]: Disconnected from invalid user mang 112.132.249.164 port 45216 [preauth]","@timestamp":"2022-09-17T11:16:37.248Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:17:01 honeypot-ams-1 CRON[1829]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T11:17:02.267Z"}
{"@timestamp":"2022-09-17T11:18:16.459Z","@version":"1","message":"Sep 17 11:18:15 honeypot-sgp-1 sshd[28281]: Received disconnect from 143.198.57.67 port 34456:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:19:18 honeypot-fra-1 sshd[25149]: Invalid user meta from 194.163.190.53 port 35534","@timestamp":"2022-09-17T11:19:19.314Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:25:26.637Z","@version":"1","message":"Sep 17 11:25:26 honeypot-sgp-1 kernel: [84290030.730805] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.246.184.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=14028 PROTO=TCP SPT=59004 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:27:36 honeypot-fra-1 kernel: [84288467.552747] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49288 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:27:37.502Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:29:06 honeypot-ams-1 sshd[1836]: Disconnected from authenticating user root 45.163.144.2 port 47494 [preauth]","@timestamp":"2022-09-17T11:29:06.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:31:52 honeypot-fra-1 sshd[25159]: Invalid user ubnt from 179.60.147.69 port 27028","@timestamp":"2022-09-17T11:31:52.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:32:34 honeypot-fra-1 sshd[25163]: Received disconnect from 112.28.209.67 port 34779:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:32:34.618Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:32:35.816Z","@version":"1","message":"Sep 17 11:32:35 honeypot-sgp-1 kernel: [84290460.112014] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53964 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:33:08 honeypot-ams-1 sshd[1841]: Invalid user heyang from 199.188.203.210 port 41534","@timestamp":"2022-09-17T11:33:08.695Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:36:33 honeypot-ams-1 kernel: [84291173.843033] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=209.97.141.112 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=44721 DF PROTO=TCP SPT=44208 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:36:33.786Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:37:08 honeypot-fra-1 sshd[25170]: Invalid user meta from 194.163.190.53 port 58228","@timestamp":"2022-09-17T11:37:08.720Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:39:39.992Z","@version":"1","message":"Sep 17 11:39:39 honeypot-sgp-1 sshd[28289]: Connection closed by authenticating user root 103.188.176.251 port 46364 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:43:00.081Z","@version":"1","message":"Sep 17 11:42:59 honeypot-sgp-1 sshd[28294]: Disconnected from invalid user fhv 51.83.45.72 port 45016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:43:57 honeypot-fra-1 sshd[25175]: Invalid user  from 119.237.81.139 port 45643","@timestamp":"2022-09-17T11:43:57.878Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:43:58.111Z","@version":"1","message":"Sep 17 11:43:57 honeypot-sgp-1 sshd[28298]: Disconnected from invalid user nagios 217.79.178.122 port 42722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:53:15 honeypot-fra-1 kernel: [84290005.725001] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=43919 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:53:15.110Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T11:54:13.358Z","@version":"1","message":"Sep 17 11:54:12 honeypot-sgp-1 kernel: [84291757.410488] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37511 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:54:47 honeypot-ams-1 kernel: [84292267.901867] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.203.56.0 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=38781 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:54:48.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:57:03 honeypot-fra-1 sshd[25184]: Received disconnect from 37.139.15.214 port 58503:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:57:04.197Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:03:06 honeypot-fra-1 sshd[25190]: Invalid user user from 162.215.1.203 port 52058","@timestamp":"2022-09-17T12:03:07.339Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:03:39 honeypot-fra-1 sshd[25194]: Connection closed by invalid user rna 194.163.190.53 port 37414 [preauth]","@timestamp":"2022-09-17T12:03:40.353Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:03:55 honeypot-ams-1 sshd[1849]: Invalid user firebird from 181.49.53.26 port 43538","@timestamp":"2022-09-17T12:03:55.518Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:06:12 honeypot-ams-1 kernel: [84292953.039770] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.49.20.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46976 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:06:12.581Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:07:29 honeypot-fra-1 sshd[25200]: Disconnected from invalid user weng 106.251.237.178 port 38358 [preauth]","@timestamp":"2022-09-17T12:07:30.445Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:07:42.692Z","@version":"1","message":"Sep 17 12:07:42 honeypot-sgp-1 sshd[28308]: Connection closed by 94.102.61.20 port 35930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:13:16 honeypot-fra-1 kernel: [84291206.865804] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=11342 PROTO=TCP SPT=56004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:13:16.577Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:16:12 honeypot-fra-1 kernel: [84291383.530096] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49513 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:16:13.650Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:17:01 honeypot-ams-1 CRON[1858]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T12:17:01.872Z"}
{"@timestamp":"2022-09-17T12:17:01.924Z","@version":"1","message":"Sep 17 12:17:01 honeypot-sgp-1 CRON[28316]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:21:28 honeypot-fra-1 sshd[25213]: Connection closed by invalid user rna 194.163.190.53 port 60128 [preauth]","@timestamp":"2022-09-17T12:21:28.777Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:30:13.250Z","@version":"1","message":"Sep 17 12:30:13 honeypot-sgp-1 kernel: [84293917.443643] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=44256 DF PROTO=TCP SPT=33937 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:31:22 honeypot-ams-1 sshd[1866]: Disconnected from 159.223.172.195 port 33668 [preauth]","@timestamp":"2022-09-17T12:31:23.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:33:13 honeypot-ams-1 sshd[1871]: Disconnected from invalid user machiko 134.209.212.125 port 58944 [preauth]","@timestamp":"2022-09-17T12:33:13.312Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:36:57 honeypot-fra-1 kernel: [84292627.732508] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=2937 PROTO=TCP SPT=53090 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:36:58.136Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:39:32.481Z","@version":"1","message":"Sep 17 12:39:31 honeypot-sgp-1 sshd[28328]: Invalid user admin from 211.107.213.219 port 55744","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:40:52 honeypot-ams-1 kernel: [84295033.527555] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.7.39 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=21508 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:40:53.514Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:42:17 honeypot-fra-1 kernel: [84292947.872691] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=57115 PROTO=TCP SPT=47435 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:42:18.264Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:45:54 honeypot-fra-1 sshd[25228]: Disconnected from invalid user had 211.21.113.128 port 1392 [preauth]","@timestamp":"2022-09-17T12:45:55.350Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:48:10 honeypot-ams-1 kernel: [84295470.885059] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=40605 PROTO=TCP SPT=56890 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:48:10.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:52:57 honeypot-fra-1 sshd[25235]: Invalid user nologin from 52.231.92.23 port 58808","@timestamp":"2022-09-17T12:52:57.512Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:54:49.861Z","@version":"1","message":"Sep 17 12:54:48 honeypot-sgp-1 kernel: [84295393.365992] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=38897 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:54:51 honeypot-fra-1 kernel: [84293701.798276] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=52722 PROTO=TCP SPT=53126 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:54:51.558Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:56:14.899Z","@version":"1","message":"Sep 17 12:56:14 honeypot-sgp-1 sshd[28344]: Invalid user admin from 128.199.168.83 port 35030","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:59:12 honeypot-fra-1 kernel: [84293962.712797] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=10848 PROTO=TCP SPT=54411 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:59:12.658Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:01:48.036Z","@version":"1","message":"Sep 17 13:01:47 honeypot-sgp-1 kernel: [84295811.638091] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.143 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54956 PROTO=TCP SPT=55858 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:05:34.131Z","@version":"1","message":"Sep 17 13:05:33 honeypot-sgp-1 kernel: [84296037.634347] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.49.193 DST=159.89.202.188 LEN=44 TOS=0x10 PREC=0x00 TTL=118 ID=36526 PROTO=TCP SPT=17340 DPT=80 WINDOW=53264 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:05:36 honeypot-fra-1 sshd[25251]: Received disconnect from 159.65.64.70 port 60586:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:05:36.805Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:05:46.138Z","@version":"1","message":"Sep 17 13:05:45 honeypot-sgp-1 sshd[28359]: Disconnected from invalid user user 45.61.187.160 port 60796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:05.147Z","@version":"1","message":"Sep 17 13:06:04 honeypot-sgp-1 sshd[28364]: Disconnected from invalid user user 45.61.187.160 port 55828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:22.155Z","@version":"1","message":"Sep 17 13:06:21 honeypot-sgp-1 sshd[28368]: Received disconnect from 45.61.187.160 port 50858:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:16.230Z","@version":"1","message":"Sep 17 13:09:15 honeypot-sgp-1 sshd[28373]: Disconnected from invalid user user 45.61.186.169 port 38020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:34.348Z","@version":"1","message":"Sep 17 13:09:33 honeypot-sgp-1 sshd[28377]: Disconnected from invalid user user 45.61.186.169 port 32956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:51.356Z","@version":"1","message":"Sep 17 13:09:50 honeypot-sgp-1 sshd[28381]: Disconnected from invalid user user 45.61.186.169 port 56116 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:10:06.364Z","@version":"1","message":"Sep 17 13:10:06 honeypot-sgp-1 sshd[28385]: Disconnected from invalid user user 45.61.186.169 port 51036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:11:41 honeypot-ams-1 sshd[1883]: Received disconnect from 147.135.219.202 port 41622:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:11:41.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:11:59 honeypot-fra-1 sshd[25255]: Disconnected from invalid user lifferay 165.22.45.108 port 59184 [preauth]","@timestamp":"2022-09-17T13:11:59.951Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:13:04.441Z","@version":"1","message":"Sep 17 13:13:04 honeypot-sgp-1 sshd[28390]: Received disconnect from 45.61.186.249 port 49854:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:13:22.451Z","@version":"1","message":"Sep 17 13:13:21 honeypot-sgp-1 sshd[28394]: Received disconnect from 45.61.186.249 port 44498:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:30 honeypot-ams-1 sshd[1886]: Disconnected from invalid user user 45.61.184.204 port 53326 [preauth]","@timestamp":"2022-09-17T13:13:31.394Z"}
{"@timestamp":"2022-09-17T13:13:39.460Z","@version":"1","message":"Sep 17 13:13:38 honeypot-sgp-1 sshd[28399]: Received disconnect from 45.61.186.249 port 39160:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:50 honeypot-ams-1 sshd[1890]: Disconnected from invalid user user 45.61.184.204 port 47930 [preauth]","@timestamp":"2022-09-17T13:13:50.405Z"}
{"@timestamp":"2022-09-17T13:13:55.468Z","@version":"1","message":"Sep 17 13:13:55 honeypot-sgp-1 sshd[28403]: Received disconnect from 45.61.186.249 port 33796:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:14:04 honeypot-fra-1 sshd[25261]: Connection closed by invalid user yangjy 194.163.190.53 port 42698 [preauth]","@timestamp":"2022-09-17T13:14:05.004Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:07 honeypot-ams-1 sshd[1896]: Received disconnect from 45.61.184.204 port 42544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T13:14:07.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:15 honeypot-ams-1 sshd[1898]: Disconnected from invalid user user 45.61.184.204 port 53964 [preauth]","@timestamp":"2022-09-17T13:14:15.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:15:19 honeypot-fra-1 sshd[25267]: Invalid user haha from 213.108.241.222 port 42236","@timestamp":"2022-09-17T13:15:20.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:16:23.532Z","@version":"1","message":"Sep 17 13:16:22 honeypot-sgp-1 sshd[28408]: Invalid user pi from 70.175.251.169 port 36156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:17:01 honeypot-ams-1 CRON[1903]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T13:17:02.495Z"}
{"@timestamp":"2022-09-17T13:19:50.619Z","@version":"1","message":"Sep 17 13:19:50 honeypot-sgp-1 sshd[28416]: Connection closed by invalid user default 179.60.147.69 port 45726 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:20:56 honeypot-fra-1 sshd[25273]: Connection closed by invalid user default 179.60.147.69 port 53786 [preauth]","@timestamp":"2022-09-17T13:20:57.166Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:23:08 honeypot-ams-1 sshd[1911]: Invalid user default from 179.60.147.69 port 21658","@timestamp":"2022-09-17T13:23:08.658Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:32:11 honeypot-fra-1 sshd[25281]: Connection closed by invalid user yangjy 194.163.190.53 port 39384 [preauth]","@timestamp":"2022-09-17T13:32:11.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:33:16.949Z","@version":"1","message":"Sep 17 13:33:16 honeypot-sgp-1 sshd[28424]: Did not receive identification string from 45.61.186.169 port 44256","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:33:46.964Z","@version":"1","message":"Sep 17 13:33:45 honeypot-sgp-1 sshd[28428]: Disconnected from invalid user user 45.61.186.169 port 53352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:04.973Z","@version":"1","message":"Sep 17 13:34:04 honeypot-sgp-1 sshd[28432]: Disconnected from invalid user user 45.61.186.169 port 47894 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:21.981Z","@version":"1","message":"Sep 17 13:34:21 honeypot-sgp-1 sshd[28436]: Disconnected from invalid user user 45.61.186.169 port 42428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:37:52 honeypot-ams-1 sshd[1917]: Invalid user user from 193.106.191.157 port 54060","@timestamp":"2022-09-17T13:37:53.056Z"}
{"@timestamp":"2022-09-17T13:40:58.145Z","@version":"1","message":"Sep 17 13:40:57 honeypot-sgp-1 sshd[28445]: Invalid user user from 45.61.186.169 port 37544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:16.155Z","@version":"1","message":"Sep 17 13:41:16 honeypot-sgp-1 sshd[28449]: Invalid user user from 45.61.186.169 port 32836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:41:23 honeypot-fra-1 sshd[25286]: Connection closed by invalid user admin 141.98.10.158 port 36620 [preauth]","@timestamp":"2022-09-17T13:41:24.646Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:41:25.160Z","@version":"1","message":"Sep 17 13:41:24 honeypot-sgp-1 sshd[28451]: Disconnected from invalid user user 45.61.186.169 port 44642 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:42.172Z","@version":"1","message":"Sep 17 13:41:42 honeypot-sgp-1 sshd[28455]: Disconnected from invalid user user 45.61.186.169 port 39966 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:47:55.324Z","@version":"1","message":"Sep 17 13:47:54 honeypot-sgp-1 sshd[28463]: Invalid user admin from 62.204.41.222 port 2541","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:48:29 honeypot-fra-1 sshd[25293]: Invalid user wangyi from 194.163.190.53 port 58478","@timestamp":"2022-09-17T13:48:30.810Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:56:02.519Z","@version":"1","message":"Sep 17 13:56:02 honeypot-sgp-1 sshd[28468]: Connection closed by invalid user admin 179.60.147.69 port 31280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:56:05 honeypot-fra-1 sshd[25296]: Connection closed by invalid user wangyi 194.163.190.53 port 37050 [preauth]","@timestamp":"2022-09-17T13:56:05.983Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:57:50 honeypot-ams-1 sshd[1924]: Connection closed by invalid user user 193.106.191.157 port 39338 [preauth]","@timestamp":"2022-09-17T13:57:50.587Z"}
{"@timestamp":"2022-09-17T14:05:44.775Z","@version":"1","message":"Sep 17 14:05:44 honeypot-sgp-1 sshd[28471]: Invalid user admin from 61.199.47.58 port 63480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:06:29 honeypot-fra-1 kernel: [84297999.657647] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=5430 DF PROTO=TCP SPT=65388 DPT=3389 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T14:06:30.216Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T14:07:48.828Z","@version":"1","message":"Sep 17 14:07:48 honeypot-sgp-1 sshd[28474]: Connection closed by invalid user ops 103.188.176.251 port 54094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:10:34 honeypot-fra-1 sshd[25306]: Received disconnect from 165.22.45.108 port 36096:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T14:10:35.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:11:03 honeypot-ams-1 sshd[1930]: Connection closed by invalid user admin 121.171.55.115 port 43270 [preauth]","@timestamp":"2022-09-17T14:11:03.942Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:16:44 honeypot-ams-1 sshd[1933]: Disconnected from authenticating user root 43.154.5.246 port 53406 [preauth]","@timestamp":"2022-09-17T14:16:45.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:17:01 honeypot-fra-1 CRON[25311]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T14:17:01.457Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:18:43.096Z","@version":"1","message":"Sep 17 14:18:42 honeypot-sgp-1 sshd[28480]: Disconnected from invalid user wwsi 178.128.187.192 port 42282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:20:58 honeypot-ams-1 sshd[1939]: Disconnected from invalid user user 45.61.184.204 port 60060 [preauth]","@timestamp":"2022-09-17T14:20:59.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:17 honeypot-ams-1 sshd[1943]: Disconnected from invalid user user 45.61.184.204 port 54914 [preauth]","@timestamp":"2022-09-17T14:21:17.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:35 honeypot-ams-1 sshd[1947]: Disconnected from invalid user user 45.61.184.204 port 49796 [preauth]","@timestamp":"2022-09-17T14:21:35.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:51 honeypot-ams-1 sshd[1952]: Disconnected from invalid user user 45.61.184.204 port 44664 [preauth]","@timestamp":"2022-09-17T14:21:52.268Z"}
{"@timestamp":"2022-09-17T14:24:15.234Z","@version":"1","message":"Sep 17 14:24:15 honeypot-sgp-1 sshd[28487]: Received disconnect from 146.59.87.96 port 45164:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:28:29 honeypot-fra-1 sshd[25318]: Invalid user aaai2020 from 194.163.190.53 port 41848","@timestamp":"2022-09-17T14:28:29.712Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:31:18.411Z","@version":"1","message":"Sep 17 14:31:17 honeypot-sgp-1 kernel: [84301181.946544] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=197.40.160.207 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=41851 PROTO=TCP SPT=39578 DPT=80 WINDOW=58093 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:33:48 honeypot-fra-1 sshd[25321]: Invalid user user from 179.60.147.69 port 30752","@timestamp":"2022-09-17T14:33:48.837Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25327]: Invalid user git from 20.243.201.105 port 60788","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25333]: Invalid user testuser from 20.243.201.105 port 60790","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25326]: Invalid user oracle from 20.243.201.105 port 60782","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25330]: Connection closed by invalid user test 20.243.201.105 port 60774 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25336]: Connection closed by invalid user test 20.243.201.105 port 60802 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25329]: Connection closed by invalid user admin 20.243.201.105 port 60780 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25337]: Connection closed by authenticating user root 20.243.201.105 port 60808 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25338]: Connection closed by invalid user cloud 20.243.201.105 port 60798 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:35:58.530Z","@version":"1","message":"Sep 17 14:35:57 honeypot-sgp-1 kernel: [84301461.917151] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=13246 DF PROTO=TCP SPT=57828 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:36:01 honeypot-ams-1 sshd[1956]: Connection closed by invalid user user 179.60.147.69 port 1260 [preauth]","@timestamp":"2022-09-17T14:36:02.635Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:36:18 honeypot-fra-1 sshd[25380]: Invalid user aaai2020 from 194.163.190.53 port 49352","@timestamp":"2022-09-17T14:36:18.896Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:37:03.561Z","@version":"1","message":"Sep 17 14:37:03 honeypot-sgp-1 kernel: [84301527.800083] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.139 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=21905 PROTO=TCP SPT=51891 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:42:02 honeypot-fra-1 sshd[25385]: Invalid user admin from 128.199.160.207 port 60542","@timestamp":"2022-09-17T14:42:03.028Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:42:53 honeypot-ams-1 kernel: [84302353.543326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.124.70.143 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=61956 PROTO=TCP SPT=4441 DPT=80 WINDOW=2096 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:42:53.817Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:44:29 honeypot-fra-1 sshd[25392]: Invalid user chenlei from 194.163.190.53 port 56550","@timestamp":"2022-09-17T14:44:30.084Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:50:39.899Z","@version":"1","message":"Sep 17 14:50:39 honeypot-sgp-1 kernel: [84302343.432420] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.163.48 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=6063 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:52:37 honeypot-fra-1 sshd[25397]: Invalid user chenlei from 194.163.190.53 port 34636","@timestamp":"2022-09-17T14:52:37.284Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:00:13 honeypot-ams-1 kernel: [84303394.471386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58744 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:00:14.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:00:56 honeypot-fra-1 sshd[25402]: Invalid user chenlei from 194.163.190.53 port 43244","@timestamp":"2022-09-17T15:00:56.473Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:04:17 honeypot-fra-1 kernel: [84301468.215761] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.16 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=55301 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:04:18.551Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T15:06:41.316Z","@version":"1","message":"Sep 17 15:06:40 honeypot-sgp-1 sshd[28516]: Invalid user admin from 118.42.115.145 port 46769","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:09:59 honeypot-fra-1 sshd[25412]: Invalid user debian from 179.60.147.69 port 47352","@timestamp":"2022-09-17T15:09:59.681Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:11:33.439Z","@version":"1","message":"Sep 17 15:11:32 honeypot-sgp-1 sshd[28521]: Received disconnect from 178.128.51.153 port 42202:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:12:20 honeypot-fra-1 kernel: [84301950.938581] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.30 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=53590 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:12:20.737Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:12:46 honeypot-ams-1 kernel: [84304146.842630] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.211.215.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=21616 PROTO=TCP SPT=59702 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:12:46.598Z"}
{"@timestamp":"2022-09-17T15:15:23.537Z","@version":"1","message":"Sep 17 15:15:23 honeypot-sgp-1 sshd[28526]: Disconnected from authenticating user root 74.208.18.237 port 57614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:16:53.577Z","@version":"1","message":"Sep 17 15:16:53 honeypot-sgp-1 sshd[28530]: Disconnected from invalid user ankesh 187.188.240.7 port 53854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:18:44 honeypot-fra-1 sshd[25424]: Invalid user yd from 31.187.72.39 port 56344","@timestamp":"2022-09-17T15:18:45.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:21:13 honeypot-fra-1 sshd[25428]: Invalid user xbmc from 207.154.208.193 port 45182","@timestamp":"2022-09-17T15:21:13.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:23:32 honeypot-fra-1 sshd[25431]: Disconnected from authenticating user root 201.119.37.191 port 46100 [preauth]","@timestamp":"2022-09-17T15:23:32.993Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:24:07.761Z","@version":"1","message":"Sep 17 15:24:07 honeypot-sgp-1 kernel: [84304351.243599] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56591 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:26:13.842Z","@version":"1","message":"Sep 17 15:26:12 honeypot-sgp-1 sshd[28543]: Received disconnect from 188.166.252.132 port 60132:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:27:14 honeypot-fra-1 sshd[25435]: Connection closed by invalid user admin 119.203.63.201 port 48529 [preauth]","@timestamp":"2022-09-17T15:27:15.082Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:28:23 honeypot-ams-1 sshd[1972]: Received disconnect from 185.118.48.206 port 53704:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:28:24.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:52 honeypot-fra-1 sshd[25440]: Disconnected from authenticating user root 148.66.132.190 port 42528 [preauth]","@timestamp":"2022-09-17T15:32:53.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:35:42 honeypot-fra-1 sshd[25448]: Invalid user vui from 51.250.80.38 port 42402","@timestamp":"2022-09-17T15:35:43.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:35:57 honeypot-fra-1 sshd[25452]: Received disconnect from 104.248.146.84 port 52774:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:35:58.278Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:36:56.107Z","@version":"1","message":"Sep 17 15:36:55 honeypot-sgp-1 kernel: [84305119.954934] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.56 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=56214 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:37:16 honeypot-ams-1 sshd[1977]: Received disconnect from 198.46.235.250 port 53940:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:37:17.254Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:38:52 honeypot-fra-1 kernel: [84303542.233795] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.139 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=57908 PROTO=TCP SPT=49979 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:38:52.344Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:46:27 honeypot-fra-1 kernel: [84303998.008065] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.82.65.186 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=47660 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:46:28.551Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T15:48:14.387Z","@version":"1","message":"Sep 17 15:48:13 honeypot-sgp-1 sshd[28556]: Invalid user user from 45.61.184.204 port 49568","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:48:27 honeypot-ams-1 sshd[1983]: Invalid user ubnt from 179.60.147.69 port 56218","@timestamp":"2022-09-17T15:48:28.543Z"}
{"@timestamp":"2022-09-17T15:48:34.397Z","@version":"1","message":"Sep 17 15:48:34 honeypot-sgp-1 sshd[28560]: Invalid user user from 45.61.184.204 port 44856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:48:53.406Z","@version":"1","message":"Sep 17 15:48:52 honeypot-sgp-1 sshd[28564]: Invalid user user from 45.61.184.204 port 40138","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:49:11.415Z","@version":"1","message":"Sep 17 15:49:10 honeypot-sgp-1 sshd[28568]: Invalid user user from 45.61.184.204 port 35418","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:50:03 honeypot-fra-1 sshd[25464]: Disconnected from invalid user benoit 111.93.214.67 port 45430 [preauth]","@timestamp":"2022-09-17T15:50:04.633Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:53:59.535Z","@version":"1","message":"Sep 17 15:53:58 honeypot-sgp-1 sshd[28574]: Connection closed by invalid user pi 173.17.219.96 port 38302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:54:27 honeypot-fra-1 sshd[25467]: Connection closed by invalid user user 193.106.191.157 port 50482 [preauth]","@timestamp":"2022-09-17T15:54:27.735Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:56:47.606Z","@version":"1","message":"Sep 17 15:56:47 honeypot-sgp-1 sshd[28580]: Invalid user 115.146.93.242 from 36.80.48.9 port 63585","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:03:04.763Z","@version":"1","message":"Sep 17 16:03:04 honeypot-sgp-1 sshd[28584]: Connection closed by invalid user pi 47.208.246.201 port 46224 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:04:15 honeypot-fra-1 sshd[25476]: Invalid user hejun from 194.163.190.53 port 55202","@timestamp":"2022-09-17T16:04:15.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:05:50 honeypot-ams-1 kernel: [84307330.563547] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35988 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:05:50.994Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:11:30 honeypot-ams-1 kernel: [84307670.677257] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1450 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:11:31.144Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:12:05 honeypot-fra-1 sshd[25482]: Invalid user hejun from 194.163.190.53 port 33812","@timestamp":"2022-09-17T16:12:06.136Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:17:02.105Z","@version":"1","message":"Sep 17 16:17:01 honeypot-sgp-1 CRON[28594]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:17:29 honeypot-fra-1 sshd[25490]: Received disconnect from 165.227.133.23 port 45866:11: Bye Bye [preauth]","@timestamp":"2022-09-17T16:17:30.261Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:17:58 honeypot-ams-1 kernel: [84308059.171545] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=23020 PROTO=TCP SPT=4431 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:17:59.339Z"}
{"@timestamp":"2022-09-17T16:18:26.142Z","@version":"1","message":"Sep 17 16:18:25 honeypot-sgp-1 sshd[28601]: Invalid user ubuntu from 190.64.68.178 port 4339","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:22:09.234Z","@version":"1","message":"Sep 17 16:22:08 honeypot-sgp-1 sshd[28606]: Received disconnect from 209.97.149.37 port 59994:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:22:46 honeypot-fra-1 sshd[25495]: Invalid user default from 179.60.147.69 port 43286","@timestamp":"2022-09-17T16:22:47.383Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:25:36.320Z","@version":"1","message":"Sep 17 16:25:35 honeypot-sgp-1 sshd[28612]: Received disconnect from 61.177.173.36 port 34290:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:30:50 honeypot-ams-1 kernel: [84308831.109474] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.81.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46928 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:30:50.673Z"}
{"@timestamp":"2022-09-17T16:31:02.456Z","@version":"1","message":"Sep 17 16:31:01 honeypot-sgp-1 sshd[28617]: Received disconnect from 191.190.153.8 port 41834:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:36:19 honeypot-fra-1 sshd[25502]: Invalid user huzhou from 194.163.190.53 port 32808","@timestamp":"2022-09-17T16:36:19.691Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:37:09.610Z","@version":"1","message":"Sep 17 16:37:08 honeypot-sgp-1 sshd[28622]: Disconnected from invalid user admin 144.24.131.170 port 60496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:39:04 honeypot-fra-1 kernel: [84307154.812231] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=21271 PROTO=TCP SPT=53186 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:39:05.756Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:40:52 honeypot-fra-1 kernel: [84307262.467065] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=32792 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:40:52.802Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T16:46:25.839Z","@version":"1","message":"Sep 17 16:46:25 honeypot-sgp-1 kernel: [84309289.480689] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=14137 PROTO=TCP SPT=9505 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:47:20 honeypot-ams-1 kernel: [84309820.574135] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=1089 PROTO=TCP SPT=50094 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:47:21.099Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:51:20 honeypot-fra-1 kernel: [84307890.266657] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=17310 PROTO=TCP SPT=52241 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:51:21.037Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:52:48 honeypot-ams-1 kernel: [84310149.221834] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.155.216.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=46574 PROTO=TCP SPT=9084 DPT=80 WINDOW=26464 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:52:49.246Z"}
{"@timestamp":"2022-09-17T16:54:04.029Z","@version":"1","message":"Sep 17 16:54:03 honeypot-sgp-1 sshd[28638]: Received disconnect from 61.177.173.50 port 62819:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:57:20 honeypot-ams-1 sshd[2016]: Disconnected from authenticating user root 95.161.129.20 port 46316 [preauth]","@timestamp":"2022-09-17T16:57:21.367Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:58:28 honeypot-fra-1 kernel: [84308318.738489] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=93 TOS=0x00 PREC=0x00 TTL=250 ID=40571 PROTO=TCP SPT=30817 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:58:29.200Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:00:17 honeypot-fra-1 sshd[25529]: Invalid user luosuchang from 194.163.190.53 port 34000","@timestamp":"2022-09-17T17:00:18.243Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:01:03.201Z","@version":"1","message":"Sep 17 17:01:02 honeypot-sgp-1 sshd[28643]: Invalid user pi from 95.131.147.215 port 40724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:01:07 honeypot-ams-1 sshd[2022]: Connection closed by invalid user centos 179.60.147.69 port 3904 [preauth]","@timestamp":"2022-09-17T17:01:07.467Z"}
{"@timestamp":"2022-09-17T17:03:35.266Z","@version":"1","message":"Sep 17 17:03:34 honeypot-sgp-1 sshd[28649]: Connection closed by invalid user admin 121.154.69.21 port 56524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:10 honeypot-fra-1 sshd[25534]: Invalid user charlie from 111.67.193.58 port 47486","@timestamp":"2022-09-17T17:05:10.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:17 honeypot-fra-1 sshd[25537]: Disconnected from invalid user ligh 165.22.45.108 port 51516 [preauth]","@timestamp":"2022-09-17T17:05:18.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:43 honeypot-fra-1 sshd[25541]: Disconnected from invalid user user 45.61.186.169 port 57718 [preauth]","@timestamp":"2022-09-17T17:05:44.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:02 honeypot-fra-1 sshd[25546]: Disconnected from invalid user user 45.61.186.169 port 53012 [preauth]","@timestamp":"2022-09-17T17:06:02.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:19 honeypot-fra-1 sshd[25550]: Disconnected from invalid user user 45.61.186.169 port 48336 [preauth]","@timestamp":"2022-09-17T17:06:20.389Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:07:57.376Z","@version":"1","message":"Sep 17 17:07:57 honeypot-sgp-1 sshd[28654]: Invalid user dan from 1.217.139.30 port 60888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:08:20 honeypot-fra-1 sshd[25554]: Invalid user luosuchang from 194.163.190.53 port 41606","@timestamp":"2022-09-17T17:08:20.528Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:09:56 honeypot-fra-1 sshd[25560]: Disconnected from authenticating user root 134.122.44.93 port 49560 [preauth]","@timestamp":"2022-09-17T17:09:57.569Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:10:37.442Z","@version":"1","message":"Sep 17 17:10:36 honeypot-sgp-1 sshd[28659]: Received disconnect from 50.192.223.205 port 32838:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:13:39.517Z","@version":"1","message":"Sep 17 17:13:38 honeypot-sgp-1 sshd[28669]: Received disconnect from 61.177.172.98 port 51228:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:15:59.575Z","@version":"1","message":"Sep 17 17:15:59 honeypot-sgp-1 sshd[28674]: Disconnected from authenticating user root 61.177.173.36 port 28044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:16:11 honeypot-ams-1 kernel: [84311551.967777] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=57286 PROTO=TCP SPT=5736 DPT=80 WINDOW=24104 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:16:11.856Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:17:01 honeypot-fra-1 CRON[25568]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T17:17:01.730Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:20:22.684Z","@version":"1","message":"Sep 17 17:20:22 honeypot-sgp-1 kernel: [84311326.683038] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=50387 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:23:18 honeypot-fra-1 kernel: [84309808.525811] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.87.10 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13915 PROTO=TCP SPT=55351 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:23:18.875Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:30:01.918Z","@version":"1","message":"Sep 17 17:30:01 honeypot-sgp-1 sshd[28686]: Received disconnect from 103.12.199.14 port 50412:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:27.932Z","@version":"1","message":"Sep 17 17:30:27 honeypot-sgp-1 sshd[28690]: Received disconnect from 61.177.173.52 port 49469:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:30.934Z","@version":"1","message":"Sep 17 17:30:30 honeypot-sgp-1 sshd[28694]: Disconnected from authenticating user root 43.154.56.85 port 47112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:31:26.960Z","@version":"1","message":"Sep 17 17:31:26 honeypot-sgp-1 sshd[28698]: Disconnected from invalid user shares 45.89.26.119 port 60554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:31:53 honeypot-fra-1 sshd[25578]: Connection closed by authenticating user root 130.93.55.107 port 50341 [preauth]","@timestamp":"2022-09-17T17:31:54.074Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:32:14 honeypot-fra-1 sshd[25584]: Invalid user admin from 221.161.74.247 port 46709","@timestamp":"2022-09-17T17:32:15.085Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:33:07 honeypot-ams-1 sshd[2035]: Disconnected from authenticating user root 144.126.210.207 port 36210 [preauth]","@timestamp":"2022-09-17T17:33:07.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:33:56 honeypot-fra-1 sshd[25589]: Disconnected from authenticating user root 76.237.101.224 port 60556 [preauth]","@timestamp":"2022-09-17T17:33:57.125Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:35:48.069Z","@version":"1","message":"Sep 17 17:35:47 honeypot-sgp-1 sshd[28705]: Invalid user fjx from 84.139.96.147 port 55918","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:38:15.130Z","@version":"1","message":"Sep 17 17:38:14 honeypot-sgp-1 sshd[28710]: Received disconnect from 142.93.59.227 port 58640:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:39:52 honeypot-fra-1 sshd[25596]: Invalid user qianbiao from 194.163.190.53 port 49138","@timestamp":"2022-09-17T17:39:53.260Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:46:51 honeypot-ams-1 kernel: [84313391.899023] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=86.97.109.189 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=6783 DF PROTO=TCP SPT=59097 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T17:46:51.649Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:47:30 honeypot-fra-1 sshd[25599]: Connection closed by invalid user qianbiao 194.163.190.53 port 57466 [preauth]","@timestamp":"2022-09-17T17:47:30.459Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:53:00.828Z","@version":"1","message":"Sep 17 17:53:00 honeypot-sgp-1 sshd[28721]: Received disconnect from 61.177.173.46 port 58249:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:56:10.910Z","@version":"1","message":"Sep 17 17:56:10 honeypot-sgp-1 kernel: [84313474.620770] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=29905 DF PROTO=TCP SPT=53208 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:59:31 honeypot-fra-1 sshd[25675]: Received disconnect from 68.183.212.10 port 47028:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:59:31.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:00:48 honeypot-ams-1 kernel: [84314228.639594] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16342 PROTO=TCP SPT=46084 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:00:49.012Z"}
{"@timestamp":"2022-09-17T18:02:15.062Z","@version":"1","message":"Sep 17 18:02:14 honeypot-sgp-1 kernel: [84313838.186162] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=34422 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:03:11 honeypot-fra-1 sshd[25679]: Invalid user light from 165.22.45.108 port 56644","@timestamp":"2022-09-17T18:03:12.820Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:06:12 honeypot-fra-1 kernel: [84312382.229435] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=27660 PROTO=TCP SPT=3079 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:06:12.890Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:14:41 honeypot-fra-1 kernel: [84312890.950660] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=45159 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:14:42.087Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:17:01 honeypot-ams-1 CRON[2064]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T18:17:02.432Z"}
{"@timestamp":"2022-09-17T18:17:02.426Z","@version":"1","message":"Sep 17 18:17:01 honeypot-sgp-1 CRON[28742]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:24:59 honeypot-fra-1 sshd[25696]: Unable to negotiate with 118.68.171.196 port 54097: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-17T18:25:00.321Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:25:10.625Z","@version":"1","message":"Sep 17 18:25:10 honeypot-sgp-1 sshd[28754]: Disconnected from authenticating user root 61.177.173.50 port 42550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:26:40 honeypot-fra-1 sshd[25702]: Invalid user admin from 193.106.191.157 port 35224","@timestamp":"2022-09-17T18:26:41.360Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:27:33.687Z","@version":"1","message":"Sep 17 18:27:33 honeypot-sgp-1 sshd[28760]: Invalid user admin from 185.246.130.20 port 43448","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:04.703Z","@version":"1","message":"Sep 17 18:28:04 honeypot-sgp-1 sshd[28766]: Invalid user admin from 185.246.130.20 port 22998","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:18.710Z","@version":"1","message":"Sep 17 18:28:18 honeypot-sgp-1 sshd[28770]: Invalid user  from 185.246.130.20 port 9874","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:28:36 honeypot-ams-1 sshd[2069]: Disconnected from invalid user admin 80.68.7.179 port 56938 [preauth]","@timestamp":"2022-09-17T18:28:36.756Z"}
{"@timestamp":"2022-09-17T18:28:46.725Z","@version":"1","message":"Sep 17 18:28:46 honeypot-sgp-1 sshd[28776]: Invalid user admin from 185.246.130.20 port 64505","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:19.741Z","@version":"1","message":"Sep 17 18:29:19 honeypot-sgp-1 sshd[28782]: Disconnecting authenticating user root 185.246.130.20 port 18749: Change of username or service not allowed: (root,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:42.754Z","@version":"1","message":"Sep 17 18:29:42 honeypot-sgp-1 sshd[28789]: Disconnecting invalid user araknis 185.246.130.20 port 40361: Change of username or service not allowed: (araknis,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:17.773Z","@version":"1","message":"Sep 17 18:30:17 honeypot-sgp-1 sshd[28797]: Invalid user Admin from 185.246.130.20 port 13061","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:44.786Z","@version":"1","message":"Sep 17 18:30:44 honeypot-sgp-1 sshd[28801]: Disconnecting invalid user admin 185.246.130.20 port 57640: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:58.792Z","@version":"1","message":"Sep 17 18:30:57 honeypot-sgp-1 sshd[28810]: Invalid user user from 45.61.184.204 port 36800","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:07.797Z","@version":"1","message":"Sep 17 18:31:07 honeypot-sgp-1 sshd[28814]: Received disconnect from 45.61.184.204 port 48148:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:18.802Z","@version":"1","message":"Sep 17 18:31:18 honeypot-sgp-1 sshd[28816]: Invalid user  from 185.246.130.20 port 39401","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:30.808Z","@version":"1","message":"Sep 17 18:31:30 honeypot-sgp-1 sshd[28822]: Disconnecting invalid user Cisco 185.246.130.20 port 51277: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:41.813Z","@version":"1","message":"Sep 17 18:31:41 honeypot-sgp-1 sshd[28829]: Invalid user user from 45.61.184.204 port 37086","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:52.820Z","@version":"1","message":"Sep 17 18:31:52 honeypot-sgp-1 sshd[28832]: Disconnecting invalid user 1234 185.246.130.20 port 21005: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:12 honeypot-fra-1 sshd[25780]: Invalid user user from 45.61.187.160 port 58558","@timestamp":"2022-09-17T18:32:12.488Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:32:17.833Z","@version":"1","message":"Sep 17 18:32:16 honeypot-sgp-1 sshd[28838]: Invalid user  from 185.246.130.20 port 60946","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:32:20 honeypot-ams-1 kernel: [84316120.874371] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=55318 PROTO=TCP SPT=15211 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:32:20.857Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:35 honeypot-fra-1 sshd[25784]: Invalid user user from 45.61.187.160 port 53564","@timestamp":"2022-09-17T18:32:36.499Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:32:49.849Z","@version":"1","message":"Sep 17 18:32:49 honeypot-sgp-1 sshd[28846]: Invalid user admin from 185.246.130.20 port 1235","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:55 honeypot-fra-1 sshd[25788]: Invalid user user from 45.61.187.160 port 48558","@timestamp":"2022-09-17T18:32:55.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:33:13 honeypot-fra-1 sshd[25792]: Invalid user user from 45.61.187.160 port 43584","@timestamp":"2022-09-17T18:33:13.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:33:19.864Z","@version":"1","message":"Sep 17 18:33:18 honeypot-sgp-1 sshd[28852]: Invalid user  from 185.246.130.20 port 60455","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:38.874Z","@version":"1","message":"Sep 17 18:33:38 honeypot-sgp-1 sshd[28856]: Disconnected from 61.177.173.53 port 53405 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:57.884Z","@version":"1","message":"Sep 17 18:33:57 honeypot-sgp-1 sshd[28864]: Disconnecting invalid user Administrator 185.246.130.20 port 28772: Change of username or service not allowed: (Administrator,ssh-connection) -> (cusadmin,ssh-connectio [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:34:24.897Z","@version":"1","message":"Sep 17 18:34:24 honeypot-sgp-1 sshd[28870]: Disconnecting invalid user admin 185.246.130.20 port 31344: Change of username or service not allowed: (admin,ssh-connection) -> (lgnortel,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:34:50.911Z","@version":"1","message":"Sep 17 18:34:50 honeypot-sgp-1 sshd[28877]: Disconnecting invalid user comcast 185.246.130.20 port 12436: Change of username or service not allowed: (comcast,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:34:55 honeypot-fra-1 sshd[25796]: Unable to negotiate with 190.124.32.18 port 62881: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-17T18:34:56.560Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:35:28.930Z","@version":"1","message":"Sep 17 18:35:28 honeypot-sgp-1 sshd[28883]: Disconnecting invalid user admin1234 185.246.130.20 port 30486: Change of username or service not allowed: (admin1234,ssh-connection) -> (matrix,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:36:02.946Z","@version":"1","message":"Sep 17 18:36:01 honeypot-sgp-1 sshd[28889]: Disconnecting invalid user admin 185.246.130.20 port 34392: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:36:34.967Z","@version":"1","message":"Sep 17 18:36:34 honeypot-sgp-1 sshd[28895]: Disconnecting invalid user blank 185.246.130.20 port 58345: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:02.980Z","@version":"1","message":"Sep 17 18:37:02 honeypot-sgp-1 sshd[28901]: Invalid user airlive from 185.246.130.20 port 19905","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:36.996Z","@version":"1","message":"Sep 17 18:37:36 honeypot-sgp-1 sshd[28909]: Invalid user roqos from 185.246.130.20 port 25698","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:05.011Z","@version":"1","message":"Sep 17 18:38:04 honeypot-sgp-1 sshd[28915]: Invalid user sitecom from 185.246.130.20 port 33087","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:38:31 honeypot-ams-1 sshd[2076]: Invalid user user from 103.188.176.251 port 37994","@timestamp":"2022-09-17T18:38:32.028Z"}
{"@timestamp":"2022-09-17T18:38:33.025Z","@version":"1","message":"Sep 17 18:38:32 honeypot-sgp-1 sshd[28921]: Invalid user admin from 185.246.130.20 port 12501","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:59.038Z","@version":"1","message":"Sep 17 18:38:58 honeypot-sgp-1 sshd[28927]: Invalid user smcadmin from 185.246.130.20 port 2495","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:34.056Z","@version":"1","message":"Sep 17 18:39:33 honeypot-sgp-1 sshd[28933]: Invalid user admin from 185.246.130.20 port 11284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:58.069Z","@version":"1","message":"Sep 17 18:39:57 honeypot-sgp-1 sshd[28940]: Invalid user user from 185.246.130.20 port 32786","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:26.082Z","@version":"1","message":"Sep 17 18:40:25 honeypot-sgp-1 sshd[28946]: Disconnecting invalid user 123456 185.246.130.20 port 44443: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:49.095Z","@version":"1","message":"Sep 17 18:40:48 honeypot-sgp-1 sshd[28952]: Disconnecting invalid user readwrite 185.246.130.20 port 48354: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:24.112Z","@version":"1","message":"Sep 17 18:41:23 honeypot-sgp-1 sshd[28959]: Disconnecting invalid user DZY-W2914NSV2 185.246.130.20 port 59853: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:50.125Z","@version":"1","message":"Sep 17 18:41:50 honeypot-sgp-1 sshd[28965]: Disconnecting invalid user admin 185.246.130.20 port 33932: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:41:57 honeypot-fra-1 sshd[25802]: Connection closed by invalid user share 194.163.190.53 port 54078 [preauth]","@timestamp":"2022-09-17T18:41:58.721Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:41:59 honeypot-ams-1 sshd[2082]: Disconnected from authenticating user root 167.172.152.18 port 38976 [preauth]","@timestamp":"2022-09-17T18:42:00.124Z"}
{"@timestamp":"2022-09-17T18:42:22.141Z","@version":"1","message":"Sep 17 18:42:21 honeypot-sgp-1 sshd[28971]: Disconnecting invalid user 1admin0 185.246.130.20 port 41386: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:42:57 honeypot-ams-1 sshd[2088]: Disconnected from authenticating user root 167.172.152.18 port 36076 [preauth]","@timestamp":"2022-09-17T18:42:58.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:44:22 honeypot-ams-1 sshd[2094]: Received disconnect from 167.172.152.18 port 60142:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:44:23.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:45:46 honeypot-ams-1 sshd[2101]: Invalid user user from 167.172.152.18 port 55936","@timestamp":"2022-09-17T18:45:46.234Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:46:41 honeypot-ams-1 sshd[2105]: Invalid user postgres from 167.172.152.18 port 53082","@timestamp":"2022-09-17T18:46:42.263Z"}
{"@timestamp":"2022-09-17T18:47:04.256Z","@version":"1","message":"Sep 17 18:47:04 honeypot-sgp-1 sshd[28978]: Disconnected from authenticating user root 103.242.117.234 port 49884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:47:37 honeypot-ams-1 sshd[2109]: Invalid user gituser from 167.172.152.18 port 50350","@timestamp":"2022-09-17T18:47:38.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:47:46 honeypot-fra-1 sshd[25809]: Invalid user default from 179.60.147.69 port 47982","@timestamp":"2022-09-17T18:47:46.855Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:32 honeypot-ams-1 sshd[2113]: Invalid user ansible from 167.172.152.18 port 47510","@timestamp":"2022-09-17T18:48:32.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:49:26 honeypot-ams-1 sshd[2117]: Invalid user test from 167.172.152.18 port 44706","@timestamp":"2022-09-17T18:49:27.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:49:58 honeypot-ams-1 sshd[2121]: Invalid user default from 179.60.147.69 port 33092","@timestamp":"2022-09-17T18:49:59.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:50:49 honeypot-ams-1 sshd[2126]: Received disconnect from 167.172.152.18 port 40630:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:50:49.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:51:43 honeypot-ams-1 sshd[2130]: Received disconnect from 167.172.152.18 port 37652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:51:44.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:52:38 honeypot-ams-1 sshd[2134]: Invalid user webadmin from 167.172.152.18 port 34782","@timestamp":"2022-09-17T18:52:39.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:53:34 honeypot-ams-1 sshd[2138]: Invalid user student from 167.172.152.18 port 60242","@timestamp":"2022-09-17T18:53:35.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:53:48 honeypot-fra-1 sshd[25816]: Did not receive identification string from 202.143.111.26 port 63246","@timestamp":"2022-09-17T18:53:48.992Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:30 honeypot-ams-1 sshd[2142]: Invalid user weblogic from 167.172.152.18 port 57356","@timestamp":"2022-09-17T18:54:31.505Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:55:45 honeypot-ams-1 kernel: [84317526.275478] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.185.227.59 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59471 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:55:46.539Z"}
{"@timestamp":"2022-09-17T18:57:06.491Z","@version":"1","message":"Sep 17 18:57:05 honeypot-sgp-1 sshd[28987]: Disconnected from authenticating user root 61.177.173.50 port 32282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:57:10 honeypot-ams-1 sshd[2149]: Disconnected from invalid user pum 96.79.228.114 port 58228 [preauth]","@timestamp":"2022-09-17T18:57:10.580Z"}
{"@timestamp":"2022-09-17T18:59:48.557Z","@version":"1","message":"Sep 17 18:59:48 honeypot-sgp-1 kernel: [84317292.452227] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:59:51 honeypot-fra-1 kernel: [84315601.448341] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48063 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:59:52.130Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:00:47 honeypot-ams-1 sshd[2155]: Disconnected from authenticating user root 43.154.211.62 port 56046 [preauth]","@timestamp":"2022-09-17T19:00:47.682Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:02:01 honeypot-fra-1 sshd[25827]: Received disconnect from 181.48.99.155 port 36660:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:02:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:04:45 honeypot-ams-1 kernel: [84318065.387242] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=53432 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:04:45.795Z"}
{"@timestamp":"2022-09-17T19:07:04.727Z","@version":"1","message":"Sep 17 19:07:04 honeypot-sgp-1 kernel: [84317728.645952] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.7.188 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29565 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:11:21 honeypot-fra-1 kernel: [84316290.806478] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=1593 DF PROTO=TCP SPT=56383 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T19:11:21.391Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:12:50 honeypot-fra-1 sshd[25840]: Connection closed by invalid user songzijie 194.163.190.53 port 56356 [preauth]","@timestamp":"2022-09-17T19:12:51.429Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:13:08.875Z","@version":"1","message":"Sep 17 19:13:08 honeypot-sgp-1 kernel: [84318092.634758] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.125.168 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=12622 PROTO=TCP SPT=53163 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:14:52 honeypot-ams-1 sshd[2167]: Received disconnect from 124.221.41.109 port 57860:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:14:53.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:17:01 honeypot-ams-1 CRON[2171]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T19:17:01.131Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:17:01 honeypot-fra-1 CRON[25847]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T19:17:01.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:17:01.972Z","@version":"1","message":"Sep 17 19:17:01 honeypot-sgp-1 CRON[29008]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:19:30.034Z","@version":"1","message":"Sep 17 19:19:29 honeypot-sgp-1 sshd[29013]: Received disconnect from 180.69.254.177 port 57247:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:20:49 honeypot-ams-1 kernel: [84319029.834061] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.93.16.71 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=34954 PROTO=TCP SPT=42354 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:20:50.232Z"}
{"@timestamp":"2022-09-17T19:21:00.089Z","@version":"1","message":"Sep 17 19:20:59 honeypot-sgp-1 sshd[29019]: Received disconnect from 61.177.173.50 port 54494:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:23:00 honeypot-ams-1 sshd[2183]: Invalid user em from 115.248.153.89 port 27460","@timestamp":"2022-09-17T19:23:00.293Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:23:57 honeypot-fra-1 sshd[25855]: Invalid user centos from 179.60.147.69 port 32946","@timestamp":"2022-09-17T19:23:58.682Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:25:35.202Z","@version":"1","message":"Sep 17 19:25:34 honeypot-sgp-1 sshd[29028]: Invalid user admin from 180.189.99.199 port 63919","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:25:54 honeypot-ams-1 sshd[2188]: Disconnected from authenticating user root 124.221.41.109 port 36712 [preauth]","@timestamp":"2022-09-17T19:25:55.373Z"}
{"@timestamp":"2022-09-17T19:27:22.249Z","@version":"1","message":"Sep 17 19:27:21 honeypot-sgp-1 sshd[29030]: Invalid user iceman from 167.71.238.89 port 50102","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:29:11 honeypot-ams-1 sshd[2195]: Disconnected from authenticating user root 124.221.41.109 port 55154 [preauth]","@timestamp":"2022-09-17T19:29:11.462Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:30:45 honeypot-fra-1 kernel: [84317455.084379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.8 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=36668 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:30:45.837Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:31:40 honeypot-fra-1 sshd[25864]: Disconnected from authenticating user root 147.182.174.55 port 37082 [preauth]","@timestamp":"2022-09-17T19:31:40.862Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:33:21 honeypot-ams-1 kernel: [84319781.844298] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=44736 PROTO=TCP SPT=40620 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:33:21.577Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:36:22 honeypot-fra-1 sshd[25872]: Invalid user sunpeijie from 194.163.190.53 port 53268","@timestamp":"2022-09-17T19:36:22.971Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:37:17 honeypot-ams-1 sshd[2209]: Received disconnect from 124.221.41.109 port 44024:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:37:17.684Z"}
{"@timestamp":"2022-09-17T19:40:04.544Z","@version":"1","message":"Sep 17 19:40:04 honeypot-sgp-1 sshd[29041]: Disconnected from authenticating user root 61.177.172.98 port 64549 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:40:30 honeypot-ams-1 sshd[2216]: Received disconnect from 124.221.41.109 port 33780:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:40:30.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:43:38 honeypot-ams-1 sshd[2224]: Disconnected from authenticating user root 124.221.41.109 port 51480 [preauth]","@timestamp":"2022-09-17T19:43:38.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:44:14 honeypot-fra-1 sshd[25875]: Connection closed by invalid user sunpeijie 194.163.190.53 port 32962 [preauth]","@timestamp":"2022-09-17T19:44:15.150Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:45:36.676Z","@version":"1","message":"Sep 17 19:45:36 honeypot-sgp-1 sshd[29046]: Disconnected from authenticating user root 61.177.173.51 port 25410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:46:47 honeypot-ams-1 sshd[2228]: Received disconnect from 124.221.41.109 port 40886:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:46:47.948Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:49:56 honeypot-ams-1 sshd[2234]: Disconnected from authenticating user root 124.221.41.109 port 58464 [preauth]","@timestamp":"2022-09-17T19:49:57.033Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:52:07 honeypot-fra-1 sshd[25882]: Invalid user sunpeijie from 194.163.190.53 port 41474","@timestamp":"2022-09-17T19:52:07.327Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:53:02 honeypot-ams-1 sshd[2240]: Received disconnect from 124.221.41.109 port 47758:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:53:03.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:54:36 honeypot-ams-1 sshd[2244]: Received disconnect from 124.221.41.109 port 56504:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:54:36.159Z"}
{"@timestamp":"2022-09-17T19:55:04.895Z","@version":"1","message":"Sep 17 19:55:04 honeypot-sgp-1 sshd[29055]: Did not receive identification string from 45.61.186.169 port 45138","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:55:42.913Z","@version":"1","message":"Sep 17 19:55:42 honeypot-sgp-1 sshd[29058]: Invalid user user from 45.61.186.169 port 49836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:00.921Z","@version":"1","message":"Sep 17 19:56:00 honeypot-sgp-1 sshd[29062]: Invalid user user from 45.61.186.169 port 45086","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:17.929Z","@version":"1","message":"Sep 17 19:56:17 honeypot-sgp-1 sshd[29066]: Invalid user user from 45.61.186.169 port 40346","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:56:27 honeypot-ams-1 sshd[2251]: Did not receive identification string from 45.140.141.188 port 47208","@timestamp":"2022-09-17T19:56:27.228Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:56:40 honeypot-ams-1 kernel: [84321180.483536] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=17236 PROTO=TCP SPT=42127 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:56:40.235Z"}
{"@timestamp":"2022-09-17T19:57:12.952Z","@version":"1","message":"Sep 17 19:57:12 honeypot-sgp-1 kernel: [84320736.895225] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=54999 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:58:02 honeypot-fra-1 sshd[25893]: Connection closed by authenticating user root 34.168.2.103 port 54966 [preauth]","@timestamp":"2022-09-17T19:58:03.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:59:42 honeypot-fra-1 sshd[25905]: Connection closed by invalid user wanghao 194.163.190.53 port 47614 [preauth]","@timestamp":"2022-09-17T19:59:43.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:00:27 honeypot-fra-1 sshd[25909]: Connection closed by authenticating user root 34.168.2.103 port 55238 [preauth]","@timestamp":"2022-09-17T20:00:27.530Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:37 honeypot-ams-1 sshd[2261]: Received disconnect from 198.46.152.24 port 47610:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:00:38.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:55 honeypot-ams-1 sshd[2266]: Received disconnect from 45.61.186.249 port 34234:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:00:56.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:13 honeypot-ams-1 sshd[2270]: Received disconnect from 45.61.186.249 port 57282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:01:14.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:31 honeypot-ams-1 sshd[2274]: Received disconnect from 45.61.186.249 port 52114:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:01:31.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:48 honeypot-ams-1 sshd[2278]: Received disconnect from 45.61.186.249 port 46942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:01:49.384Z"}
{"@timestamp":"2022-09-17T20:02:07.069Z","@version":"1","message":"Sep 17 20:02:06 honeypot-sgp-1 sshd[29075]: Disconnected from authenticating user root 61.177.173.50 port 38893 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:02:45 honeypot-fra-1 sshd[25924]: Connection closed by authenticating user root 34.168.2.103 port 38566 [preauth]","@timestamp":"2022-09-17T20:02:45.610Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:03:43 honeypot-fra-1 sshd[25932]: Connection closed by authenticating user root 34.168.2.103 port 48766 [preauth]","@timestamp":"2022-09-17T20:03:44.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:03:55 honeypot-ams-1 sshd[2284]: Received disconnect from 124.221.41.109 port 52248:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:03:56.441Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:06:23 honeypot-fra-1 sshd[25944]: Connection closed by authenticating user root 34.168.2.103 port 38842 [preauth]","@timestamp":"2022-09-17T20:06:23.703Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:07:47 honeypot-fra-1 sshd[25955]: Connection closed by authenticating user root 34.168.2.103 port 38856 [preauth]","@timestamp":"2022-09-17T20:07:48.741Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:08:23 honeypot-ams-1 kernel: [84321883.545053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=43500 PROTO=TCP SPT=41338 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:08:23.562Z"}
{"@timestamp":"2022-09-17T20:09:24.239Z","@version":"1","message":"Sep 17 20:09:23 honeypot-sgp-1 sshd[29082]: Invalid user plexcloud from 203.130.255.2 port 55444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:09:54 honeypot-fra-1 sshd[25967]: Connection closed by authenticating user root 34.168.2.103 port 45596 [preauth]","@timestamp":"2022-09-17T20:09:54.793Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:10:40 honeypot-ams-1 kernel: [84322020.802599] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=51120 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:10:40.626Z"}
{"@timestamp":"2022-09-17T20:11:09.281Z","@version":"1","message":"Sep 17 20:11:08 honeypot-sgp-1 sshd[29089]: Disconnected from authenticating user root 143.198.179.96 port 36140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:11:33 honeypot-fra-1 sshd[25977]: Connection closed by authenticating user root 34.168.2.103 port 55620 [preauth]","@timestamp":"2022-09-17T20:11:33.838Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:13:11 honeypot-fra-1 sshd[25990]: Connection closed by authenticating user root 34.168.2.103 port 33772 [preauth]","@timestamp":"2022-09-17T20:13:11.882Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:14:40 honeypot-ams-1 sshd[2301]: Disconnected from authenticating user root 124.221.41.109 port 56012 [preauth]","@timestamp":"2022-09-17T20:14:40.758Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:14:46 honeypot-fra-1 sshd[26000]: Connection closed by authenticating user root 34.168.2.103 port 42804 [preauth]","@timestamp":"2022-09-17T20:14:46.924Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:15:54.395Z","@version":"1","message":"Sep 17 20:15:53 honeypot-sgp-1 sshd[29094]: Received disconnect from 61.177.173.48 port 51755:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:16:00 honeypot-fra-1 sshd[26010]: Connection closed by authenticating user root 34.168.2.103 port 37264 [preauth]","@timestamp":"2022-09-17T20:16:00.958Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:17:02.423Z","@version":"1","message":"Sep 17 20:17:01 honeypot-sgp-1 CRON[29100]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:17:36 honeypot-fra-1 sshd[26022]: Connection closed by authenticating user root 34.168.2.103 port 39594 [preauth]","@timestamp":"2022-09-17T20:17:37.000Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:17:43 honeypot-ams-1 sshd[2308]: Disconnected from authenticating user root 124.221.41.109 port 44880 [preauth]","@timestamp":"2022-09-17T20:17:43.844Z"}
{"@timestamp":"2022-09-17T20:17:46.443Z","@version":"1","message":"Sep 17 20:17:46 honeypot-sgp-1 kernel: [84321970.264364] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=61.0.180.74 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=25804 DF PROTO=TCP SPT=19601 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:19:10 honeypot-fra-1 sshd[26032]: Connection closed by authenticating user root 34.168.2.103 port 53784 [preauth]","@timestamp":"2022-09-17T20:19:11.042Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:20:08 honeypot-fra-1 sshd[26040]: Connection closed by authenticating user root 34.168.2.103 port 60572 [preauth]","@timestamp":"2022-09-17T20:20:09.068Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:20:57 honeypot-ams-1 kernel: [84322637.518227] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=38059 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:20:57.936Z"}
{"@timestamp":"2022-09-17T20:21:56.543Z","@version":"1","message":"Sep 17 20:21:56 honeypot-sgp-1 sshd[29113]: Received disconnect from 209.212.45.102 port 55244:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:24:19.603Z","@version":"1","message":"Sep 17 20:24:18 honeypot-sgp-1 sshd[29119]: ssh_dispatch_run_fatal: Connection from 136.52.29.5 port 58474: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:25:19 honeypot-ams-1 sshd[2321]: Disconnected from authenticating user root 124.221.41.109 port 59234 [preauth]","@timestamp":"2022-09-17T20:25:20.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:28:21 honeypot-ams-1 sshd[2327]: Received disconnect from 124.221.41.109 port 47968:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:28:22.142Z"}
{"@timestamp":"2022-09-17T20:28:34.705Z","@version":"1","message":"Sep 17 20:28:33 honeypot-sgp-1 sshd[29128]: Invalid user ubuntu from 161.82.233.179 port 43860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:30:16 honeypot-fra-1 kernel: [84321025.565407] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:30:16.292Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:30:21 honeypot-ams-1 sshd[2333]: Invalid user admin from 112.186.242.154 port 60423","@timestamp":"2022-09-17T20:30:21.200Z"}
{"@timestamp":"2022-09-17T20:31:07.783Z","@version":"1","message":"Sep 17 20:31:07 honeypot-sgp-1 sshd[29130]: Disconnected from invalid user new 182.253.117.100 port 48714 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:32:53 honeypot-ams-1 sshd[2338]: Received disconnect from 124.221.41.109 port 45102:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:32:53.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:35:54 honeypot-ams-1 sshd[2344]: Disconnected from authenticating user root 124.221.41.109 port 33696 [preauth]","@timestamp":"2022-09-17T20:35:54.614Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:36:37 honeypot-fra-1 sshd[26048]: Invalid user guest from 179.60.147.69 port 52534","@timestamp":"2022-09-17T20:36:37.435Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:38:54 honeypot-ams-1 sshd[2350]: Disconnected from authenticating user root 124.221.41.109 port 50460 [preauth]","@timestamp":"2022-09-17T20:38:54.698Z"}
{"@timestamp":"2022-09-17T20:39:30.978Z","@version":"1","message":"Sep 17 20:39:30 honeypot-sgp-1 sshd[29141]: Invalid user kae from 128.199.97.155 port 56088","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:29.003Z","@version":"1","message":"Sep 17 20:40:28 honeypot-sgp-1 sshd[29144]: Received disconnect from 45.61.186.249 port 57290:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:49.013Z","@version":"1","message":"Sep 17 20:40:48 honeypot-sgp-1 sshd[29149]: Received disconnect from 45.61.186.249 port 52364:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:41:07.022Z","@version":"1","message":"Sep 17 20:41:06 honeypot-sgp-1 sshd[29153]: Received disconnect from 45.61.186.249 port 47420:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26067]: Invalid user git from 212.87.251.118 port 35420","@timestamp":"2022-09-17T20:41:10.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26055]: Invalid user vagrant from 212.87.251.118 port 35388","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26071]: Invalid user guest from 212.87.251.118 port 35442","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26062]: Invalid user esuser from 212.87.251.118 port 35400","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26064]: Connection closed by invalid user user 212.87.251.118 port 35410 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26053]: Connection closed by invalid user elasticsearch 212.87.251.118 port 35382 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26063]: Connection closed by invalid user vagrant 212.87.251.118 port 35404 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26060]: Connection closed by invalid user ubuntu 212.87.251.118 port 35396 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:41:24.031Z","@version":"1","message":"Sep 17 20:41:23 honeypot-sgp-1 sshd[29157]: Received disconnect from 45.61.186.249 port 42536:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:42:19 honeypot-ams-1 kernel: [84323919.794584] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.132 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51423 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:42:19.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:46:22 honeypot-ams-1 sshd[2361]: Received disconnect from 124.221.41.109 port 35718:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:46:22.905Z"}
{"@timestamp":"2022-09-17T20:47:49.180Z","@version":"1","message":"Sep 17 20:47:48 honeypot-sgp-1 sshd[29165]: Received disconnect from 61.177.173.39 port 62571:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:50:29 honeypot-ams-1 kernel: [84324409.866057] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.39.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=30462 PROTO=TCP SPT=47689 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:50:30.017Z"}
{"@timestamp":"2022-09-17T20:50:40.247Z","@version":"1","message":"Sep 17 20:50:40 honeypot-sgp-1 sshd[29170]: Received disconnect from 142.93.163.183 port 36338:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:00 honeypot-fra-1 sshd[26103]: Invalid user user from 45.61.186.249 port 59702","@timestamp":"2022-09-17T20:51:01.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:20 honeypot-fra-1 sshd[26107]: Invalid user user from 45.61.186.249 port 54782","@timestamp":"2022-09-17T20:51:20.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:37 honeypot-fra-1 sshd[26111]: Invalid user user from 45.61.186.249 port 49862","@timestamp":"2022-09-17T20:51:38.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:54 honeypot-fra-1 sshd[26115]: Invalid user user from 45.61.186.249 port 44936","@timestamp":"2022-09-17T20:51:55.778Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:53:46 honeypot-ams-1 sshd[2373]: Disconnected from authenticating user root 124.221.41.109 port 48928 [preauth]","@timestamp":"2022-09-17T20:53:47.105Z"}
{"@timestamp":"2022-09-17T20:54:07.327Z","@version":"1","message":"Sep 17 20:54:07 honeypot-sgp-1 sshd[29176]: Received disconnect from 157.245.103.207 port 37274:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:55:15.355Z","@version":"1","message":"Sep 17 20:55:14 honeypot-sgp-1 sshd[29180]: Received disconnect from 159.89.8.45 port 43372:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:57:20.405Z","@version":"1","message":"Sep 17 20:57:20 honeypot-sgp-1 sshd[29185]: Received disconnect from 75.188.17.172 port 39328:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:58:11 honeypot-ams-1 sshd[2379]: Disconnected from authenticating user root 124.221.41.109 port 45436 [preauth]","@timestamp":"2022-09-17T20:58:12.222Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:58:54 honeypot-fra-1 sshd[26120]: Invalid user admin from 193.106.191.157 port 47840","@timestamp":"2022-09-17T20:58:54.936Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:02:36 honeypot-ams-1 sshd[2387]: Received disconnect from 124.221.41.109 port 41880:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:02:36.343Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:04:40 honeypot-fra-1 sshd[26125]: Did not receive identification string from 81.169.137.181 port 54472","@timestamp":"2022-09-17T21:04:41.066Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:05:27.593Z","@version":"1","message":"Sep 17 21:05:27 honeypot-sgp-1 kernel: [84324831.201690] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.162.64 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=7442 PROTO=TCP SPT=48247 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:05:52 honeypot-ams-1 sshd[2394]: Invalid user beo from 43.130.3.44 port 54528","@timestamp":"2022-09-17T21:05:53.431Z"}
{"@timestamp":"2022-09-17T21:06:42.624Z","@version":"1","message":"Sep 17 21:06:42 honeypot-sgp-1 sshd[29197]: Disconnected from invalid user admin 92.255.85.69 port 59606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:06:59 honeypot-ams-1 sshd[2398]: Received disconnect from 159.65.127.239 port 39106:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:07:00.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:07:10 honeypot-fra-1 sshd[26129]: Received disconnect from 81.169.137.181 port 40684:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:07:10.124Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:08:36 honeypot-fra-1 sshd[26133]: Received disconnect from 81.169.137.181 port 39790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:08:37.158Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:09:36 honeypot-ams-1 sshd[2404]: Invalid user csgo from 186.84.174.241 port 59654","@timestamp":"2022-09-17T21:09:37.535Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:09:58 honeypot-fra-1 sshd[26138]: Invalid user enver from 81.169.137.181 port 38828","@timestamp":"2022-09-17T21:09:59.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:10:07 honeypot-ams-1 sshd[2408]: Disconnected from authenticating user root 164.92.210.129 port 57752 [preauth]","@timestamp":"2022-09-17T21:10:07.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:37 honeypot-fra-1 sshd[26142]: Invalid user enzo from 81.169.137.181 port 52482","@timestamp":"2022-09-17T21:10:38.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:52 honeypot-fra-1 sshd[26146]: Invalid user user from 45.61.184.204 port 48086","@timestamp":"2022-09-17T21:10:53.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:10 honeypot-fra-1 sshd[26150]: Invalid user user from 45.61.184.204 port 42960","@timestamp":"2022-09-17T21:11:11.247Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:19 honeypot-fra-1 sshd[26155]: Invalid user user from 45.61.184.204 port 54538","@timestamp":"2022-09-17T21:11:20.252Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:28 honeypot-fra-1 sshd[26158]: Received disconnect from 45.61.184.204 port 37838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:11:28.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:54 honeypot-fra-1 sshd[26162]: Received disconnect from 81.169.137.181 port 51538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:11:55.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:12:33 honeypot-fra-1 sshd[26165]: Received disconnect from 81.169.137.181 port 36960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:12:34.286Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:12:34.763Z","@version":"1","message":"Sep 17 21:12:34 honeypot-sgp-1 sshd[29206]: Received disconnect from 61.177.173.39 port 47499:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:13:12 honeypot-fra-1 sshd[26169]: Disconnected from invalid user erna 81.169.137.181 port 50658 [preauth]","@timestamp":"2022-09-17T21:13:13.303Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:14:16 honeypot-ams-1 sshd[2416]: Disconnected from authenticating user root 124.221.41.109 port 50790 [preauth]","@timestamp":"2022-09-17T21:14:17.660Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:14:30 honeypot-fra-1 sshd[26173]: Received disconnect from 81.169.137.181 port 49680:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:14:30.335Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:15:43 honeypot-ams-1 sshd[2422]: Disconnected from authenticating user root 124.221.41.109 port 58932 [preauth]","@timestamp":"2022-09-17T21:15:44.703Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:15:48 honeypot-fra-1 sshd[26177]: Received disconnect from 81.169.137.181 port 48720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:15:48.367Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:17:01.870Z","@version":"1","message":"Sep 17 21:17:01 honeypot-sgp-1 CRON[29214]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:01 honeypot-fra-1 CRON[26181]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T21:17:02.397Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:17:09 honeypot-ams-1 sshd[2430]: Received disconnect from 124.221.41.109 port 38842:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:17:09.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:46 honeypot-fra-1 sshd[26187]: Disconnected from invalid user fabienne 81.169.137.181 port 33208 [preauth]","@timestamp":"2022-09-17T21:17:47.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:19:08 honeypot-fra-1 sshd[26192]: Invalid user fedora from 81.169.137.181 port 60502","@timestamp":"2022-09-17T21:19:08.451Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:20:30 honeypot-fra-1 sshd[26196]: Invalid user felix from 81.169.137.181 port 59566","@timestamp":"2022-09-17T21:20:30.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:21:23 honeypot-ams-1 kernel: [84326264.251092] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47662 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:21:24.857Z"}
{"@timestamp":"2022-09-17T21:21:42.977Z","@version":"1","message":"Sep 17 21:21:42 honeypot-sgp-1 kernel: [84325805.988526] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=26785 DF PROTO=TCP SPT=59176 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:21:53 honeypot-fra-1 sshd[26200]: Invalid user fifi from 81.169.137.181 port 58720","@timestamp":"2022-09-17T21:21:53.519Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:24:01 honeypot-fra-1 kernel: [84324251.292558] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=19684 PROTO=TCP SPT=17487 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:24:02.571Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:24:25 honeypot-ams-1 sshd[2441]: Disconnected from authenticating user root 124.221.41.109 port 51172 [preauth]","@timestamp":"2022-09-17T21:24:25.940Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:26:55 honeypot-ams-1 kernel: [84326595.477236] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=34782 PROTO=TCP SPT=36567 DPT=80 WINDOW=25606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:26:56.007Z"}
{"@timestamp":"2022-09-17T21:29:39.188Z","@version":"1","message":"Sep 17 21:29:38 honeypot-sgp-1 sshd[29297]: Disconnected from authenticating user root 61.177.173.39 port 22987 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:30:12 honeypot-ams-1 sshd[2452]: Received disconnect from 124.221.41.109 port 55246:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:30:12.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:31:37 honeypot-ams-1 sshd[2456]: Received disconnect from 124.221.41.109 port 35072:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:31:38.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:34:29 honeypot-ams-1 sshd[2461]: Disconnected from authenticating user root 124.221.41.109 port 51158 [preauth]","@timestamp":"2022-09-17T21:34:30.210Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:36:16 honeypot-ams-1 kernel: [84327156.927924] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=180.163.225.13 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=57761 PROTO=TCP SPT=55245 DPT=80 WINDOW=27237 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:36:17.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:38:47 honeypot-ams-1 sshd[2472]: Received disconnect from 124.221.41.109 port 47004:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:38:48.330Z"}
{"@timestamp":"2022-09-17T21:38:51.400Z","@version":"1","message":"Sep 17 21:38:51 honeypot-sgp-1 sshd[29310]: Disconnected from authenticating user root 61.177.173.37 port 63548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:40:24 honeypot-ams-1 sshd[2478]: Disconnected from authenticating user root 210.22.111.77 port 44729 [preauth]","@timestamp":"2022-09-17T21:40:24.376Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:41:46 honeypot-fra-1 kernel: [84325315.870843] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=43992 DF PROTO=TCP SPT=57769 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T21:41:46.967Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T21:43:44.515Z","@version":"1","message":"Sep 17 21:43:43 honeypot-sgp-1 kernel: [84327127.678485] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26025 PROTO=TCP SPT=49999 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:44:05 honeypot-fra-1 sshd[26209]: Disconnected from invalid user telecomadmin 92.255.85.70 port 18302 [preauth]","@timestamp":"2022-09-17T21:44:06.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:44:16 honeypot-ams-1 sshd[2484]: Received disconnect from 43.132.121.97 port 49992:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:44:16.483Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:45:57 honeypot-ams-1 sshd[2489]: Disconnected from authenticating user root 124.221.41.109 port 58732 [preauth]","@timestamp":"2022-09-17T21:45:57.530Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:45:59 honeypot-fra-1 kernel: [84325568.314676] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=41.79.234.173 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=47330 PROTO=TCP SPT=32768 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:45:59.069Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:47:26 honeypot-ams-1 sshd[2493]: Disconnected from invalid user nichole 206.189.233.163 port 43266 [preauth]","@timestamp":"2022-09-17T21:47:26.572Z"}
{"@timestamp":"2022-09-17T21:49:05.644Z","@version":"1","message":"Sep 17 21:49:05 honeypot-sgp-1 kernel: [84327449.473224] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.129 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=49841 PROTO=TCP SPT=54674 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:50:11 honeypot-ams-1 sshd[2499]: Received disconnect from 124.221.41.109 port 54358:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:50:12.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:51:00 honeypot-fra-1 sshd[26220]: Invalid user admin from 157.230.10.173 port 41554","@timestamp":"2022-09-17T21:51:01.185Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:51:37 honeypot-ams-1 sshd[2504]: Disconnected from authenticating user root 124.221.41.109 port 34062 [preauth]","@timestamp":"2022-09-17T21:51:37.688Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:54:22 honeypot-ams-1 kernel: [84328243.081267] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18468 PROTO=TCP SPT=42603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:54:23.765Z"}
{"@timestamp":"2022-09-17T21:56:49.824Z","@version":"1","message":"Sep 17 21:56:49 honeypot-sgp-1 kernel: [84327913.485379] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=53078 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:56:51 honeypot-ams-1 sshd[2516]: Connection closed by 87.236.176.217 port 47255 [preauth]","@timestamp":"2022-09-17T21:56:52.835Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:58:39 honeypot-fra-1 kernel: [84326328.531065] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=16234 PROTO=TCP SPT=47873 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:58:39.352Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:00:03 honeypot-ams-1 sshd[2522]: Received disconnect from 124.221.41.109 port 53170:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:00:03.920Z"}
{"@timestamp":"2022-09-17T22:01:01.923Z","@version":"1","message":"Sep 17 22:01:01 honeypot-sgp-1 sshd[29334]: Connection reset by 61.177.173.47 port 31845 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:01:12 honeypot-fra-1 sshd[26229]: Received disconnect from 196.191.116.209 port 2074:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:01:13.412Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:02:53 honeypot-ams-1 sshd[2527]: Disconnected from authenticating user root 124.221.41.109 port 40644 [preauth]","@timestamp":"2022-09-17T22:02:54.012Z"}
{"@timestamp":"2022-09-17T22:03:51.992Z","@version":"1","message":"Sep 17 22:03:51 honeypot-sgp-1 sshd[29340]: Invalid user admin from 159.203.178.0 port 54548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:05:16 honeypot-ams-1 sshd[2531]: Disconnected from invalid user admin 123.31.29.131 port 49058 [preauth]","@timestamp":"2022-09-17T22:05:17.078Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:05:31 honeypot-fra-1 sshd[26234]: Received disconnect from 146.185.137.240 port 50592:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:05:31.513Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:08:27 honeypot-ams-1 sshd[2539]: Received disconnect from 124.221.41.109 port 43718:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:08:28.164Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:10:00 honeypot-ams-1 kernel: [84329180.635341] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5592 PROTO=TCP SPT=52308 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:10:01.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:49 honeypot-ams-1 sshd[2548]: Received disconnect from 45.61.186.249 port 51286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T22:11:49.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:07 honeypot-ams-1 sshd[2552]: Invalid user user from 45.61.186.249 port 45860","@timestamp":"2022-09-17T22:12:08.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:24 honeypot-ams-1 sshd[2556]: Invalid user user from 45.61.186.249 port 40430","@timestamp":"2022-09-17T22:12:25.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:38 honeypot-ams-1 sshd[2560]: Received disconnect from 124.221.41.109 port 38924:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:12:39.302Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:13:53 honeypot-fra-1 kernel: [84327242.491287] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=3174 PROTO=TCP SPT=44868 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:13:53.718Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:14:01 honeypot-ams-1 sshd[2565]: Received disconnect from 124.221.41.109 port 46720:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:14:02.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:17:01 honeypot-ams-1 CRON[2571]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T22:17:01.420Z"}
{"@timestamp":"2022-09-17T22:17:02.293Z","@version":"1","message":"Sep 17 22:17:01 honeypot-sgp-1 CRON[29347]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:19:36 honeypot-ams-1 sshd[2577]: Disconnected from authenticating user root 124.221.41.109 port 49604 [preauth]","@timestamp":"2022-09-17T22:19:37.489Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:23:43 honeypot-ams-1 sshd[2583]: Received disconnect from 124.221.41.109 port 44640:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:23:44.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:25:06 honeypot-ams-1 sshd[2589]: Disconnected from authenticating user root 124.221.41.109 port 52376 [preauth]","@timestamp":"2022-09-17T22:25:06.650Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:26:48 honeypot-fra-1 sshd[26245]: Disconnected from 159.223.164.107 port 33606 [preauth]","@timestamp":"2022-09-17T22:26:49.028Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:27:52 honeypot-ams-1 sshd[2595]: Received disconnect from 124.221.41.109 port 39586:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:27:52.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:29:13 honeypot-ams-1 sshd[2599]: Disconnected from invalid user testftp 43.130.3.44 port 37328 [preauth]","@timestamp":"2022-09-17T22:29:13.764Z"}
{"@timestamp":"2022-09-17T22:33:04.660Z","@version":"1","message":"Sep 17 22:33:04 honeypot-sgp-1 kernel: [84330088.049046] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=60890 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:33:06 honeypot-fra-1 sshd[26268]: Invalid user ubnt from 92.255.85.69 port 17776","@timestamp":"2022-09-17T22:33:07.168Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:33:19 honeypot-ams-1 sshd[2606]: Disconnected from authenticating user root 124.221.41.109 port 42144 [preauth]","@timestamp":"2022-09-17T22:33:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:37:24 honeypot-ams-1 sshd[2613]: Disconnected from authenticating user root 124.221.41.109 port 36896 [preauth]","@timestamp":"2022-09-17T22:37:24.983Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:41:28 honeypot-ams-1 sshd[2621]: Received disconnect from 124.221.41.109 port 59778:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:41:29.091Z"}
{"@timestamp":"2022-09-17T22:43:06.890Z","@version":"1","message":"Sep 17 22:43:06 honeypot-sgp-1 sshd[29356]: Invalid user ubnt from 92.255.85.70 port 34936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T22:43:55.911Z","@version":"1","message":"Sep 17 22:43:55 honeypot-sgp-1 sshd[29360]: Invalid user blank from 203.66.168.81 port 51265","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:44:13 honeypot-ams-1 sshd[2628]: Received disconnect from 124.221.41.109 port 46744:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:44:14.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:48:13 honeypot-ams-1 sshd[2635]: Received disconnect from 124.221.41.109 port 41256:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:48:14.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:50:55 honeypot-ams-1 sshd[2639]: Disconnected from authenticating user root 124.221.41.109 port 56382 [preauth]","@timestamp":"2022-09-17T22:50:55.341Z"}
{"@timestamp":"2022-09-17T22:51:22.082Z","@version":"1","message":"Sep 17 22:51:21 honeypot-sgp-1 kernel: [84331185.014875] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48864 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:53:33 honeypot-ams-1 sshd[2645]: Received disconnect from 200.116.167.188 port 57354:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:53:33.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:53:32 honeypot-fra-1 kernel: [84329621.879693] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.92 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38975 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:53:33.624Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:54:56 honeypot-ams-1 sshd[2649]: Disconnected from authenticating user root 124.221.41.109 port 50812 [preauth]","@timestamp":"2022-09-17T22:54:57.450Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:57:39 honeypot-ams-1 sshd[2657]: Received disconnect from 124.221.41.109 port 37650:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:57:39.521Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:59:21 honeypot-ams-1 kernel: [84332141.986233] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.97 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=47665 PROTO=TCP SPT=51085 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:59:22.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:02:58 honeypot-ams-1 sshd[2666]: Received disconnect from 124.221.41.109 port 39450:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:02:59.666Z"}
{"@timestamp":"2022-09-17T23:04:31.384Z","@version":"1","message":"Sep 17 23:04:30 honeypot-sgp-1 sshd[29369]: Received disconnect from 45.61.184.204 port 36886:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:04:52.395Z","@version":"1","message":"Sep 17 23:04:51 honeypot-sgp-1 sshd[29373]: Received disconnect from 45.61.184.204 port 60558:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:10.404Z","@version":"1","message":"Sep 17 23:05:09 honeypot-sgp-1 sshd[29377]: Received disconnect from 45.61.184.204 port 55990:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:27.412Z","@version":"1","message":"Sep 17 23:05:26 honeypot-sgp-1 sshd[29382]: Received disconnect from 45.61.184.204 port 51428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:05:43 honeypot-ams-1 sshd[2672]: Received disconnect from 124.221.41.109 port 54404:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:05:44.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:09:40 honeypot-ams-1 sshd[2680]: Received disconnect from 124.221.41.109 port 48448:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:09:41.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:12:19 honeypot-ams-1 sshd[2685]: Disconnected from authenticating user root 124.221.41.109 port 35018 [preauth]","@timestamp":"2022-09-17T23:12:19.917Z"}
{"@timestamp":"2022-09-17T23:13:47.602Z","@version":"1","message":"Sep 17 23:13:47 honeypot-sgp-1 sshd[29386]: Disconnected from invalid user rsbcmon 64.227.13.125 port 36646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:14:39 honeypot-fra-1 kernel: [84330888.863803] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=87.107.68.183 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19646 DF PROTO=TCP SPT=11702 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:14:40.098Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:16:14 honeypot-ams-1 sshd[2692]: Received disconnect from 124.221.41.109 port 57134:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:16:15.022Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:17:33 honeypot-ams-1 sshd[2699]: Received disconnect from 124.221.41.109 port 36262:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:17:34.059Z"}
{"@timestamp":"2022-09-17T23:20:29.757Z","@version":"1","message":"Sep 17 23:20:29 honeypot-sgp-1 sshd[29394]: Invalid user fix from 152.179.67.70 port 3490","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:20:44 honeypot-ams-1 kernel: [84333424.536379] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.34.230.42 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=61 PROTO=TCP SPT=42086 DPT=443 WINDOW=52227 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:20:45.144Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:24:06 honeypot-ams-1 sshd[2711]: Disconnected from authenticating user root 124.221.41.109 port 44680 [preauth]","@timestamp":"2022-09-17T23:24:06.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:24:32 honeypot-fra-1 sshd[26283]: Received disconnect from 92.255.85.69 port 27498:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:24:32.320Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:25:49 honeypot-ams-1 sshd[2716]: Disconnected from invalid user ellen 81.169.137.181 port 32772 [preauth]","@timestamp":"2022-09-17T23:25:50.281Z"}
{"@timestamp":"2022-09-17T23:26:02.885Z","@version":"1","message":"Sep 17 23:26:02 honeypot-sgp-1 kernel: [84333266.430816] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52960 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:26:41 honeypot-ams-1 sshd[2721]: Received disconnect from 124.221.41.109 port 59296:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:26:41.307Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:28:00 honeypot-ams-1 sshd[2726]: Disconnected from authenticating user root 124.221.41.109 port 38364 [preauth]","@timestamp":"2022-09-17T23:28:00.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:28:46 honeypot-ams-1 sshd[2730]: Disconnected from invalid user emily 81.169.137.181 port 36878 [preauth]","@timestamp":"2022-09-17T23:28:46.365Z"}
{"@timestamp":"2022-09-17T23:29:02.954Z","@version":"1","message":"Sep 17 23:29:02 honeypot-sgp-1 kernel: [84333446.195999] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.204.144.160 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=22581 PROTO=TCP SPT=51396 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:30:03 honeypot-ams-1 sshd[2737]: Invalid user enzo from 81.169.137.181 port 38916","@timestamp":"2022-09-17T23:30:03.402Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:30:41 honeypot-ams-1 sshd[2741]: Invalid user equistat from 81.169.137.181 port 54058","@timestamp":"2022-09-17T23:30:42.423Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:31:03 honeypot-ams-1 kernel: [84334043.641913] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:31:04.435Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:33 honeypot-fra-1 sshd[26289]: Did not receive identification string from 45.61.186.49 port 58692","@timestamp":"2022-09-17T23:31:34.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:48 honeypot-fra-1 sshd[26292]: Received disconnect from 45.61.186.49 port 41036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:31:48.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:31:52 honeypot-ams-1 sshd[2746]: Disconnected from authenticating user root 124.221.41.109 port 60220 [preauth]","@timestamp":"2022-09-17T23:31:52.459Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:59 honeypot-fra-1 sshd[26296]: Received disconnect from 45.61.186.49 port 52744:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:31:59.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:32:36 honeypot-ams-1 sshd[2750]: Disconnected from invalid user erna 81.169.137.181 port 43044 [preauth]","@timestamp":"2022-09-17T23:32:37.482Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:33:33 honeypot-ams-1 kernel: [84334193.857294] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.61.183.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=35480 PROTO=TCP SPT=22453 DPT=80 WINDOW=44606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:33:34.510Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:34:25 honeypot-ams-1 sshd[2761]: Received disconnect from 124.221.41.109 port 46516:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:34:26.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:35:11 honeypot-ams-1 sshd[2765]: Invalid user estee from 81.169.137.181 port 47122","@timestamp":"2022-09-17T23:35:11.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:35:50 honeypot-ams-1 sshd[2769]: Received disconnect from 81.169.137.181 port 34026:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:35:50.579Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:36:41 honeypot-ams-1 kernel: [84334381.715273] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.163 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=56927 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:36:41.603Z"}
{"@timestamp":"2022-09-17T23:36:53.134Z","@version":"1","message":"Sep 17 23:36:52 honeypot-sgp-1 kernel: [84333915.960247] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=54321 PROTO=TCP SPT=40078 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:37:44 honeypot-ams-1 kernel: [84334444.361941] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.97.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35318 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:37:44.633Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:38:13 honeypot-fra-1 sshd[26301]: Invalid user guest from 103.188.176.251 port 43912","@timestamp":"2022-09-17T23:38:13.640Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:38:26 honeypot-ams-1 kernel: [84334486.251246] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.96.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56328 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:38:26.671Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:36 honeypot-ams-1 sshd[2785]: Received disconnect from 39.71.48.53 port 31675:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:36.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:39 honeypot-ams-1 sshd[2789]: Disconnected from authenticating user root 39.71.48.53 port 31728 [preauth]","@timestamp":"2022-09-17T23:38:40.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:45 honeypot-ams-1 sshd[2795]: Disconnected from authenticating user root 39.71.48.53 port 29884 [preauth]","@timestamp":"2022-09-17T23:38:45.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:50 honeypot-ams-1 sshd[2801]: Disconnected from authenticating user root 39.71.48.53 port 29964 [preauth]","@timestamp":"2022-09-17T23:38:50.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:55 honeypot-ams-1 sshd[2807]: Disconnected from authenticating user root 39.71.48.53 port 30169 [preauth]","@timestamp":"2022-09-17T23:38:55.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:00 honeypot-ams-1 sshd[2813]: Disconnected from authenticating user root 39.71.48.53 port 30249 [preauth]","@timestamp":"2022-09-17T23:39:01.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:06 honeypot-ams-1 sshd[2819]: Disconnected from authenticating user root 39.71.48.53 port 30450 [preauth]","@timestamp":"2022-09-17T23:39:06.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:10 honeypot-ams-1 sshd[2827]: Received disconnect from 81.169.137.181 port 53278:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:39:11.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:14 honeypot-ams-1 sshd[2831]: Received disconnect from 39.71.48.53 port 30712:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:14.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:19 honeypot-ams-1 sshd[2837]: Received disconnect from 39.71.48.53 port 30815:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:20.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:24 honeypot-ams-1 sshd[2845]: Invalid user rt from 159.89.163.158 port 59814","@timestamp":"2022-09-17T23:39:24.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:26 honeypot-ams-1 sshd[2847]: Disconnected from authenticating user root 39.71.48.53 port 31070 [preauth]","@timestamp":"2022-09-17T23:39:27.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:31 honeypot-ams-1 sshd[2854]: Disconnected from authenticating user root 39.71.48.53 port 31169 [preauth]","@timestamp":"2022-09-17T23:39:32.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:36 honeypot-ams-1 sshd[2856]: Disconnected from authenticating user root 124.221.41.109 port 47234 [preauth]","@timestamp":"2022-09-17T23:39:36.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:38 honeypot-ams-1 sshd[2864]: Disconnected from invalid user admin 39.71.48.53 port 31421 [preauth]","@timestamp":"2022-09-17T23:39:39.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:42 honeypot-ams-1 sshd[2868]: Disconnected from invalid user admin 39.71.48.53 port 31469 [preauth]","@timestamp":"2022-09-17T23:39:42.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:45 honeypot-ams-1 sshd[2872]: Disconnected from invalid user admin 39.71.48.53 port 30120 [preauth]","@timestamp":"2022-09-17T23:39:45.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:49 honeypot-ams-1 sshd[2878]: Disconnected from invalid user admin 39.71.48.53 port 31703 [preauth]","@timestamp":"2022-09-17T23:39:49.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:52 honeypot-ams-1 sshd[2884]: Invalid user felix from 81.169.137.181 port 40204","@timestamp":"2022-09-17T23:39:52.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:54 honeypot-ams-1 sshd[2886]: Received disconnect from 39.71.48.53 port 29831:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:54.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:59 honeypot-ams-1 sshd[2892]: Invalid user pi from 39.71.48.53 port 29928","@timestamp":"2022-09-17T23:39:59.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:02 honeypot-ams-1 sshd[2896]: Invalid user user from 39.71.48.53 port 29990","@timestamp":"2022-09-17T23:40:03.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:06 honeypot-ams-1 sshd[2900]: Invalid user mine from 39.71.48.53 port 30157","@timestamp":"2022-09-17T23:40:06.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:09 honeypot-ams-1 sshd[2904]: Invalid user xbmc from 39.71.48.53 port 30230","@timestamp":"2022-09-17T23:40:09.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:13 honeypot-ams-1 sshd[2908]: Invalid user oracle from 39.71.48.53 port 30323","@timestamp":"2022-09-17T23:40:13.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:14 honeypot-ams-1 sshd[2912]: Invalid user nagios from 39.71.48.53 port 30407","@timestamp":"2022-09-17T23:40:15.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:18 honeypot-ams-1 sshd[2916]: Invalid user vagrant from 39.71.48.53 port 30486","@timestamp":"2022-09-17T23:40:18.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:21 honeypot-ams-1 sshd[2920]: Invalid user debian from 39.71.48.53 port 30539","@timestamp":"2022-09-17T23:40:21.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:25 honeypot-ams-1 sshd[2924]: Invalid user debian from 39.71.48.53 port 30703","@timestamp":"2022-09-17T23:40:25.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:28 honeypot-ams-1 sshd[2928]: Invalid user alarm from 39.71.48.53 port 30814","@timestamp":"2022-09-17T23:40:28.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:32 honeypot-ams-1 sshd[2932]: Invalid user test from 39.71.48.53 port 30870","@timestamp":"2022-09-17T23:40:32.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:34 honeypot-ams-1 sshd[2936]: Invalid user ferlin from 81.169.137.181 port 55340","@timestamp":"2022-09-17T23:40:34.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:53 honeypot-ams-1 sshd[2940]: Received disconnect from 124.221.41.109 port 54454:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:53.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:41:57 honeypot-ams-1 sshd[2944]: Received disconnect from 81.169.137.181 port 57374:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:41:57.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:42:57 honeypot-ams-1 sshd[2948]: Received disconnect from 68.183.232.27 port 35086:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:42:57.829Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:44:32 honeypot-fra-1 kernel: [84332681.417503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.43.95.84 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15686 PROTO=TCP SPT=49855 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:44:32.785Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:44:43 honeypot-ams-1 sshd[2953]: Disconnected from authenticating user root 124.221.41.109 port 47856 [preauth]","@timestamp":"2022-09-17T23:44:43.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:45:38 honeypot-ams-1 sshd[2957]: Disconnected from invalid user admin 36.92.143.137 port 56244 [preauth]","@timestamp":"2022-09-17T23:45:38.907Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:47:29 honeypot-ams-1 sshd[2963]: Invalid user admin from 193.106.191.157 port 58940","@timestamp":"2022-09-17T23:47:29.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:32 honeypot-ams-1 sshd[2972]: Did not receive identification string from 212.192.246.174 port 36100","@timestamp":"2022-09-17T23:48:32.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:49:50 honeypot-ams-1 sshd[2976]: Received disconnect from 124.221.41.109 port 48330:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:49:51.028Z"}
{"@timestamp":"2022-09-17T23:50:51.453Z","@version":"1","message":"Sep 17 23:50:51 honeypot-sgp-1 sshd[29426]: Received disconnect from 124.82.111.218 port 57178:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:53:39 honeypot-ams-1 sshd[2982]: Received disconnect from 124.221.41.109 port 41512:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:53:40.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:56:30 honeypot-fra-1 sshd[26311]: Received disconnect from 64.225.17.240 port 45970:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:56:31.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:56:45 honeypot-ams-1 sshd[2989]: Invalid user subrat from 199.255.98.39 port 51710","@timestamp":"2022-09-17T23:56:45.215Z"}
{"@timestamp":"2022-09-17T23:57:36.608Z","@version":"1","message":"Sep 17 23:57:36 honeypot-sgp-1 sshd[29431]: Invalid user majordom from 27.118.22.221 port 35472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:58:42 honeypot-ams-1 sshd[2993]: Disconnected from authenticating user root 124.221.41.109 port 41724 [preauth]","@timestamp":"2022-09-17T23:58:42.273Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:01:32 honeypot-fra-1 sshd[26317]: Received disconnect from 147.182.179.237 port 34636:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:01:33.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:02:26 honeypot-fra-1 sshd[26322]: Received disconnect from 103.141.149.29 port 54950:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:02:27.192Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:02:28 honeypot-ams-1 sshd[3000]: Received disconnect from 124.221.41.109 port 34758:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:02:29.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:04:59 honeypot-ams-1 sshd[3004]: Disconnected from authenticating user root 124.221.41.109 port 48888 [preauth]","@timestamp":"2022-09-18T00:05:00.454Z"}
{"@timestamp":"2022-09-18T00:07:27.837Z","@version":"1","message":"Sep 18 00:07:27 honeypot-sgp-1 sshd[29436]: Invalid user rx from 103.145.106.247 port 56338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:07:30 honeypot-fra-1 sshd[26327]: Received disconnect from 212.33.250.241 port 37576:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:07:30.333Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:07:29 honeypot-ams-1 sshd[3011]: Received disconnect from 124.221.41.109 port 34752:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:07:30.528Z"}
{"@timestamp":"2022-09-18T00:09:37.889Z","@version":"1","message":"Sep 18 00:09:37 honeypot-sgp-1 kernel: [84335881.287577] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54893 PROTO=TCP SPT=59309 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:09:58 honeypot-ams-1 sshd[3017]: Received disconnect from 124.221.41.109 port 48786:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:09:58.603Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:11:12 honeypot-fra-1 sshd[26332]: Received disconnect from 45.157.150.162 port 55424:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:11:13.420Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:12:18 honeypot-ams-1 sshd[3022]: Disconnected from invalid user user 92.255.85.70 port 24266 [preauth]","@timestamp":"2022-09-18T00:12:19.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:13:53 honeypot-fra-1 sshd[26336]: Received disconnect from 103.119.144.75 port 46842:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:13:53.484Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:14:17 honeypot-ams-1 kernel: [84336637.614308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=54223 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:14:17.718Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26347]: Invalid user chia from 139.59.152.202 port 34752","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26350]: Invalid user cloud from 139.59.152.202 port 34756","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26346]: Invalid user oracle from 139.59.152.202 port 34750","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26377]: Connection closed by invalid user testuser 139.59.152.202 port 34814 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26378]: Connection closed by authenticating user root 139.59.152.202 port 34818 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26356]: Connection closed by invalid user admin 139.59.152.202 port 34774 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26366]: Connection closed by authenticating user root 139.59.152.202 port 34796 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26360]: Connection closed by invalid user test 139.59.152.202 port 34788 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26367]: Connection closed by invalid user michael 139.59.152.202 port 34802 [preauth]","@timestamp":"2022-09-18T00:14:23.499Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:14:58.017Z","@version":"1","message":"Sep 18 00:14:57 honeypot-sgp-1 kernel: [84336201.382715] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=26446 DF PROTO=TCP SPT=64826 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:16:09 honeypot-ams-1 sshd[3030]: Disconnected from authenticating user root 124.221.41.109 port 55194 [preauth]","@timestamp":"2022-09-18T00:16:09.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:16:17 honeypot-fra-1 sshd[26404]: Received disconnect from 173.186.116.37 port 57096:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:16:17.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:17:01 honeypot-ams-1 CRON[3035]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T00:17:01.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:19:49 honeypot-ams-1 sshd[3043]: Disconnected from authenticating user root 124.221.41.109 port 47516 [preauth]","@timestamp":"2022-09-18T00:19:49.881Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:20:31 honeypot-fra-1 sshd[26411]: Invalid user user from 65.34.131.66 port 45114","@timestamp":"2022-09-18T00:20:31.644Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:23:30 honeypot-ams-1 sshd[3050]: Received disconnect from 124.221.41.109 port 39772:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:23:30.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:25:57 honeypot-ams-1 sshd[3054]: Received disconnect from 124.221.41.109 port 53398:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:25:58.059Z"}
{"@timestamp":"2022-09-18T00:27:59.334Z","@version":"1","message":"Sep 18 00:27:59 honeypot-sgp-1 kernel: [84336982.785700] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=19139 PROTO=TCP SPT=45995 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:28:23 honeypot-ams-1 sshd[3059]: Disconnected from authenticating user root 124.221.41.109 port 38750 [preauth]","@timestamp":"2022-09-18T00:28:24.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:30:49 honeypot-ams-1 sshd[3065]: Disconnected from authenticating user root 124.221.41.109 port 52310 [preauth]","@timestamp":"2022-09-18T00:30:50.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:34:27 honeypot-ams-1 sshd[3072]: Disconnected from authenticating user root 124.221.41.109 port 44370 [preauth]","@timestamp":"2022-09-18T00:34:28.300Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:36:18 honeypot-ams-1 sshd[3078]: Disconnected from authenticating user root 191.191.12.169 port 49260 [preauth]","@timestamp":"2022-09-18T00:36:18.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:39:17 honeypot-ams-1 sshd[3085]: Received disconnect from 124.221.41.109 port 43100:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:39:18.438Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:41:08 honeypot-fra-1 kernel: [84336077.848616] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=65137 DF PROTO=TCP SPT=59494 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T00:41:09.110Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:42:53 honeypot-ams-1 sshd[3091]: Received disconnect from 124.221.41.109 port 35006:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:42:53.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:46:30 honeypot-ams-1 sshd[3098]: Received disconnect from 124.221.41.109 port 55092:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:46:30.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:47:55 honeypot-ams-1 sshd[3104]: Invalid user pcmc from 198.12.255.244 port 56974","@timestamp":"2022-09-18T00:47:55.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:48:55 honeypot-ams-1 sshd[3106]: Received disconnect from 124.221.41.109 port 40224:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:48:55.707Z"}
{"@timestamp":"2022-09-18T00:49:14.829Z","@version":"1","message":"Sep 18 00:49:14 honeypot-sgp-1 sshd[29452]: Connection closed by invalid user debian 179.60.147.69 port 52974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:50:07 honeypot-ams-1 sshd[3110]: Disconnected from authenticating user root 124.221.41.109 port 46900 [preauth]","@timestamp":"2022-09-18T00:50:07.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:50:19 honeypot-fra-1 sshd[26418]: Invalid user debian from 179.60.147.69 port 29008","@timestamp":"2022-09-18T00:50:20.320Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:52:33 honeypot-ams-1 sshd[3117]: Connection closed by invalid user debian 179.60.147.69 port 2110 [preauth]","@timestamp":"2022-09-18T00:52:33.809Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:54:48 honeypot-ams-1 kernel: [84339069.060735] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=3160 PROTO=TCP SPT=55561 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:54:49.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:55:34 honeypot-fra-1 sshd[26423]: Connection closed by invalid user admin 41.215.219.194 port 49061 [preauth]","@timestamp":"2022-09-18T00:55:35.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:57:01 honeypot-ams-1 CRON[3128]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T00:57:01.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:59:37 honeypot-ams-1 sshd[3136]: Received disconnect from 124.221.41.109 port 43634:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:59:38.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:02:28 honeypot-ams-1 sshd[3143]: Received disconnect from 51.250.65.201 port 47242:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:02:28.098Z"}
{"@timestamp":"2022-09-18T01:03:07.155Z","@version":"1","message":"Sep 18 01:03:06 honeypot-sgp-1 kernel: [84339090.047341] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.226.17.248 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=33680 DF PROTO=TCP SPT=59526 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:03:10 honeypot-ams-1 sshd[3147]: Disconnected from authenticating user root 124.221.41.109 port 35182 [preauth]","@timestamp":"2022-09-18T01:03:11.120Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:04:40 honeypot-ams-1 kernel: [84339660.413264] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.129.188.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=21100 PROTO=TCP SPT=55656 DPT=443 WINDOW=35485 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:04:41.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:06:43 honeypot-ams-1 sshd[3157]: Disconnected from authenticating user root 124.221.41.109 port 54886 [preauth]","@timestamp":"2022-09-18T01:06:44.223Z"}
{"@timestamp":"2022-09-18T01:06:52.246Z","@version":"1","message":"Sep 18 01:06:51 honeypot-sgp-1 sshd[29461]: Received disconnect from 66.98.127.52 port 33704:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:07:11.254Z","@version":"1","message":"Sep 18 01:07:11 honeypot-sgp-1 sshd[29465]: Received disconnect from 43.132.183.192 port 54638:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:07:50 honeypot-fra-1 kernel: [84337678.940258] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=40427 PROTO=TCP SPT=42667 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:07:50.717Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:08:43 honeypot-ams-1 sshd[3162]: Received disconnect from 13.81.254.185 port 52866:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:08:44.283Z"}
{"@timestamp":"2022-09-18T01:09:06.299Z","@version":"1","message":"Sep 18 01:09:06 honeypot-sgp-1 sshd[29470]: Disconnected from invalid user jomar 49.205.179.22 port 43358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:09:43.316Z","@version":"1","message":"Sep 18 01:09:42 honeypot-sgp-1 sshd[29474]: Disconnected from invalid user user 186.215.70.14 port 36569 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:10:14 honeypot-ams-1 sshd[3166]: Received disconnect from 124.221.41.109 port 46276:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:10:15.325Z"}
{"@timestamp":"2022-09-18T01:11:18.355Z","@version":"1","message":"Sep 18 01:11:18 honeypot-sgp-1 sshd[29479]: Disconnected from authenticating user root 45.240.88.20 port 51412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:13:17 honeypot-fra-1 sshd[26437]: Connection closed by authenticating user root 178.219.115.217 port 33650 [preauth]","@timestamp":"2022-09-18T01:13:17.844Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:13:45 honeypot-ams-1 sshd[3173]: Received disconnect from 124.221.41.109 port 37594:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:13:46.442Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:36 honeypot-ams-1 sshd[3176]: Disconnected from invalid user user 45.61.186.49 port 37550 [preauth]","@timestamp":"2022-09-18T01:14:36.466Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:49 honeypot-ams-1 sshd[3180]: Disconnected from invalid user user 45.61.186.49 port 49314 [preauth]","@timestamp":"2022-09-18T01:14:49.473Z"}
{"@timestamp":"2022-09-18T01:15:03.445Z","@version":"1","message":"Sep 18 01:15:02 honeypot-sgp-1 sshd[29488]: Invalid user iyz from 143.244.137.54 port 41600","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:16:06 honeypot-ams-1 sshd[3187]: Received disconnect from 124.221.41.109 port 50602:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:16:06.507Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:16:39 honeypot-fra-1 sshd[26442]: Disconnected from invalid user lincoln 165.22.45.108 port 60550 [preauth]","@timestamp":"2022-09-18T01:16:39.923Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:18:08 honeypot-ams-1 sshd[3194]: Connection closed by 192.241.209.16 port 34032 [preauth]","@timestamp":"2022-09-18T01:18:09.565Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:19:55 honeypot-ams-1 kernel: [84340575.851380] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=57350 DF PROTO=TCP SPT=51706 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T01:19:56.619Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:19:57 honeypot-fra-1 sshd[26449]: Received disconnect from 211.254.215.197 port 35024:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:19:58.003Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:23:03 honeypot-ams-1 sshd[3205]: Disconnected from authenticating user root 124.221.41.109 port 33054 [preauth]","@timestamp":"2022-09-18T01:23:04.706Z"}
{"@timestamp":"2022-09-18T01:25:21.683Z","@version":"1","message":"Sep 18 01:25:21 honeypot-sgp-1 sshd[29494]: Connection closed by invalid user user 179.60.147.69 port 56696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:26:04 honeypot-ams-1 kernel: [84340944.163681] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.214.142.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=34648 PROTO=TCP SPT=44167 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:26:04.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:26:27 honeypot-fra-1 sshd[26453]: Invalid user user from 179.60.147.69 port 6804","@timestamp":"2022-09-18T01:26:28.152Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:28:38 honeypot-ams-1 sshd[3216]: Invalid user user from 179.60.147.69 port 44074","@timestamp":"2022-09-18T01:28:38.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:30:00 honeypot-ams-1 sshd[3220]: Received disconnect from 124.221.41.109 port 43462:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:30:00.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:32:19 honeypot-ams-1 sshd[3225]: Disconnected from authenticating user root 124.221.41.109 port 56308 [preauth]","@timestamp":"2022-09-18T01:32:19.964Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:39 honeypot-ams-1 sshd[3231]: Connection closed by invalid user admin 143.198.135.228 port 45632 [preauth]","@timestamp":"2022-09-18T01:35:40.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:42 honeypot-ams-1 sshd[3239]: Connection closed by invalid user admin 143.198.135.228 port 45660 [preauth]","@timestamp":"2022-09-18T01:35:43.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:37:01 honeypot-ams-1 sshd[3244]: Disconnected from authenticating user root 69.49.245.238 port 58932 [preauth]","@timestamp":"2022-09-18T01:37:02.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:38:28 honeypot-ams-1 sshd[3250]: Received disconnect from 128.116.154.5 port 35506:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:38:29.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:40:21 honeypot-ams-1 sshd[3254]: Received disconnect from 124.221.41.109 port 44646:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:40:22.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:43:45 honeypot-ams-1 sshd[3261]: Received disconnect from 124.221.41.109 port 35510:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:43:46.286Z"}
{"@timestamp":"2022-09-18T01:45:28.148Z","@version":"1","message":"Sep 18 01:45:27 honeypot-sgp-1 kernel: [84341631.477854] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=41.76.246.2 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=4349 DF PROTO=TCP SPT=2847 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:46:03 honeypot-ams-1 sshd[3265]: Disconnected from authenticating user root 124.221.41.109 port 48202 [preauth]","@timestamp":"2022-09-18T01:46:04.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:49:27 honeypot-ams-1 sshd[3272]: Received disconnect from 124.221.41.109 port 38964:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:49:27.446Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:49:43 honeypot-fra-1 kernel: [84340191.861229] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=90 TOS=0x00 PREC=0x00 TTL=250 ID=15915 PROTO=TCP SPT=24273 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:49:43.672Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:52:21 honeypot-ams-1 kernel: [84342521.896713] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=14891 DF PROTO=TCP SPT=63452 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T01:52:22.529Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:53:58 honeypot-ams-1 sshd[3281]: Disconnected from authenticating user root 124.221.41.109 port 35928 [preauth]","@timestamp":"2022-09-18T01:53:58.577Z"}
{"@timestamp":"2022-09-18T01:54:25.376Z","@version":"1","message":"Sep 18 01:54:25 honeypot-sgp-1 sshd[29506]: Invalid user admin from 85.51.33.209 port 64951","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:57:14.445Z","@version":"1","message":"Sep 18 01:57:13 honeypot-sgp-1 sshd[29508]: Invalid user monitor from 51.222.116.82 port 46014","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:57:20 honeypot-ams-1 sshd[3287]: Disconnected from authenticating user root 124.221.41.109 port 54764 [preauth]","@timestamp":"2022-09-18T01:57:21.672Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:59:38 honeypot-ams-1 sshd[3294]: Received disconnect from 124.221.41.109 port 39060:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:59:38.740Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:13 honeypot-fra-1 sshd[26465]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 42607","@timestamp":"2022-09-18T02:00:13.911Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:18 honeypot-fra-1 sshd[26468]: Disconnected from invalid user user 45.61.186.49 port 58048 [preauth]","@timestamp":"2022-09-18T02:00:18.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:01:25.547Z","@version":"1","message":"Sep 18 02:01:25 honeypot-sgp-1 sshd[29511]: Connection closed by invalid user guest 179.60.147.69 port 26830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:02:09 honeypot-ams-1 kernel: [84343109.698975] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=12285 PROTO=TCP SPT=36567 DPT=80 WINDOW=25606 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:02:09.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:02:32 honeypot-fra-1 sshd[26475]: Invalid user guest from 179.60.147.69 port 16112","@timestamp":"2022-09-18T02:02:32.966Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:04:44 honeypot-ams-1 sshd[3306]: Connection closed by invalid user guest 179.60.147.69 port 29960 [preauth]","@timestamp":"2022-09-18T02:04:44.887Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:07:26 honeypot-ams-1 sshd[3312]: Received disconnect from 124.221.41.109 port 54484:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:07:27.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:07:30 honeypot-fra-1 kernel: [84341259.048079] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.179.187.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=13038 PROTO=TCP SPT=51972 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:07:31.086Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:09:10 honeypot-fra-1 sshd[26488]: Received disconnect from 206.189.86.91 port 34188:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:09:11.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:09:54 honeypot-ams-1 kernel: [84343575.021801] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=11604 PROTO=TCP SPT=49999 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:09:55.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:11:53 honeypot-ams-1 sshd[3323]: Received disconnect from 124.221.41.109 port 51060:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:11:54.094Z"}
{"@timestamp":"2022-09-18T02:12:34.811Z","@version":"1","message":"Sep 18 02:12:34 honeypot-sgp-1 kernel: [84343257.862920] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=109 ID=14681 DF PROTO=TCP SPT=54317 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:14:06 honeypot-ams-1 sshd[3327]: Disconnected from authenticating user root 124.221.41.109 port 35196 [preauth]","@timestamp":"2022-09-18T02:14:06.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:14:26 honeypot-fra-1 kernel: [84341675.683183] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=56175 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:14:27.250Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:15:12 honeypot-ams-1 sshd[3334]: Received disconnect from 124.221.41.109 port 41372:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:15:13.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:16:39 honeypot-ams-1 sshd[3338]: Received disconnect from 92.255.85.70 port 62516:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:16:39.230Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:17:01 honeypot-fra-1 CRON[26497]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T02:17:02.315Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:19 honeypot-ams-1 sshd[3345]: error: maximum authentication attempts exceeded for root from 124.79.243.92 port 18681 ssh2 [preauth]","@timestamp":"2022-09-18T02:18:19.278Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:33 honeypot-ams-1 sshd[3353]: Invalid user admin from 124.79.243.92 port 21911","@timestamp":"2022-09-18T02:18:34.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:37 honeypot-ams-1 sshd[3355]: error: maximum authentication attempts exceeded for invalid user admin from 124.79.243.92 port 22667 ssh2 [preauth]","@timestamp":"2022-09-18T02:18:38.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:43 honeypot-ams-1 sshd[3359]: error: maximum authentication attempts exceeded for invalid user oracle from 124.79.243.92 port 23880 ssh2 [preauth]","@timestamp":"2022-09-18T02:18:44.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:19:22 honeypot-ams-1 sshd[3365]: Invalid user admin from 193.106.191.157 port 46000","@timestamp":"2022-09-18T02:19:23.311Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:20:44 honeypot-ams-1 sshd[3370]: Disconnected from authenticating user root 124.221.41.109 port 43972 [preauth]","@timestamp":"2022-09-18T02:20:45.351Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:04 honeypot-fra-1 sshd[26504]: Invalid user user from 45.61.186.249 port 42032","@timestamp":"2022-09-18T02:22:04.436Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:22 honeypot-fra-1 sshd[26508]: Invalid user user from 45.61.186.249 port 36780","@timestamp":"2022-09-18T02:22:23.445Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:22:24 honeypot-ams-1 kernel: [84344324.689469] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59237 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:22:25.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:41 honeypot-fra-1 sshd[26512]: Invalid user user from 45.61.186.249 port 59800","@timestamp":"2022-09-18T02:22:42.455Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:24:10.083Z","@version":"1","message":"Sep 18 02:24:09 honeypot-sgp-1 sshd[29520]: Invalid user elk from 103.188.176.251 port 57562","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:25:09 honeypot-ams-1 sshd[3382]: Received disconnect from 124.221.41.109 port 40328:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:25:09.488Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:25:59 honeypot-fra-1 kernel: [84342367.759042] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:25:59.528Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:26:49 honeypot-ams-1 kernel: [84344589.667635] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.187.28.8 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=15533 PROTO=TCP SPT=55312 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:26:50.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:28:26 honeypot-ams-1 sshd[3389]: Disconnected from authenticating user root 124.221.41.109 port 58694 [preauth]","@timestamp":"2022-09-18T02:28:26.580Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:31:22 honeypot-ams-1 kernel: [84344862.655622] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=33239 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:31:22.789Z"}
{"@timestamp":"2022-09-18T02:32:35.282Z","@version":"1","message":"Sep 18 02:32:34 honeypot-sgp-1 kernel: [84344458.119818] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=38244 PROTO=TCP SPT=47825 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:32:46 honeypot-fra-1 sshd[26520]: Disconnected from authenticating user root 179.43.156.143 port 41156 [preauth]","@timestamp":"2022-09-18T02:32:46.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:33:55 honeypot-ams-1 sshd[3400]: Received disconnect from 124.221.41.109 port 60884:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:33:55.865Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:34:30 honeypot-fra-1 sshd[26526]: Received disconnect from 218.241.132.133 port 34618:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:34:30.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:35:40 honeypot-fra-1 sshd[26533]: Invalid user nutanix from 179.43.156.143 port 56414","@timestamp":"2022-09-18T02:35:40.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:35:43 honeypot-ams-1 sshd[3404]: Received disconnect from 64.227.39.120 port 55658:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:35:43.916Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:36:49 honeypot-fra-1 sshd[26537]: Invalid user nfsnobod from 179.43.156.143 port 51176","@timestamp":"2022-09-18T02:36:49.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:37:07 honeypot-ams-1 sshd[3411]: Disconnected from invalid user test 45.183.192.14 port 54598 [preauth]","@timestamp":"2022-09-18T02:37:07.956Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:38:01 honeypot-fra-1 sshd[26541]: Received disconnect from 179.43.156.143 port 46000:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:38:01.849Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:38:12 honeypot-ams-1 sshd[3413]: Disconnected from authenticating user root 124.221.41.109 port 56830 [preauth]","@timestamp":"2022-09-18T02:38:12.988Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:14 honeypot-fra-1 sshd[26548]: Invalid user git from 179.43.156.143 port 40810","@timestamp":"2022-09-18T02:39:15.879Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:45 honeypot-ams-1 sshd[3422]: Disconnected from authenticating user root 84.122.178.78 port 34628 [preauth]","@timestamp":"2022-09-18T02:39:46.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:46 honeypot-ams-1 sshd[3428]: Received disconnect from 84.122.178.78 port 34828:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:47.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:47 honeypot-ams-1 sshd[3434]: Received disconnect from 84.122.178.78 port 34886:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:48.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:48 honeypot-ams-1 sshd[3440]: Received disconnect from 84.122.178.78 port 34982:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:49.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:50 honeypot-ams-1 sshd[3446]: Received disconnect from 84.122.178.78 port 35038:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:51.038Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:50 honeypot-fra-1 sshd[26552]: Invalid user testuser from 179.43.156.143 port 38198","@timestamp":"2022-09-18T02:39:51.895Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:51 honeypot-ams-1 sshd[3452]: Received disconnect from 84.122.178.78 port 35098:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:52.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:52 honeypot-ams-1 sshd[3458]: Received disconnect from 84.122.178.78 port 35150:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:53.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:54 honeypot-ams-1 sshd[3464]: Received disconnect from 84.122.178.78 port 35194:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:55.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:55 honeypot-ams-1 sshd[3470]: Received disconnect from 84.122.178.78 port 35402:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:56.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:56 honeypot-ams-1 sshd[3476]: Received disconnect from 84.122.178.78 port 35504:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:57.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:58 honeypot-ams-1 sshd[3482]: Received disconnect from 84.122.178.78 port 35570:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:59.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:59 honeypot-ams-1 sshd[3488]: Received disconnect from 84.122.178.78 port 35674:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:00.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:00 honeypot-ams-1 sshd[3494]: Invalid user admin from 84.122.178.78 port 35750","@timestamp":"2022-09-18T02:40:01.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:01 honeypot-ams-1 sshd[3498]: Invalid user admin from 84.122.178.78 port 35798","@timestamp":"2022-09-18T02:40:02.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:02 honeypot-ams-1 sshd[3502]: Invalid user admin from 84.122.178.78 port 35834","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:03 honeypot-ams-1 sshd[3506]: Invalid user admin from 84.122.178.78 port 35862","@timestamp":"2022-09-18T02:40:04.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:04 honeypot-ams-1 sshd[3510]: Invalid user admin from 84.122.178.78 port 35904","@timestamp":"2022-09-18T02:40:05.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:05 honeypot-ams-1 sshd[3514]: Invalid user user from 84.122.178.78 port 36016","@timestamp":"2022-09-18T02:40:06.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:06 honeypot-ams-1 sshd[3518]: Disconnected from authenticating user root 84.122.178.78 port 36166 [preauth]","@timestamp":"2022-09-18T02:40:07.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:06 honeypot-ams-1 sshd[3522]: Disconnected from invalid user pi 84.122.178.78 port 36238 [preauth]","@timestamp":"2022-09-18T02:40:07.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:07 honeypot-ams-1 sshd[3526]: Disconnected from invalid user ethos 84.122.178.78 port 36286 [preauth]","@timestamp":"2022-09-18T02:40:08.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:08 honeypot-ams-1 sshd[3530]: Disconnected from invalid user miner 84.122.178.78 port 36366 [preauth]","@timestamp":"2022-09-18T02:40:09.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:09 honeypot-ams-1 sshd[3534]: Disconnected from invalid user volumio 84.122.178.78 port 36420 [preauth]","@timestamp":"2022-09-18T02:40:10.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:10 honeypot-ams-1 sshd[3538]: Disconnected from invalid user nagios 84.122.178.78 port 36464 [preauth]","@timestamp":"2022-09-18T02:40:11.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:11 honeypot-ams-1 sshd[3542]: Disconnected from invalid user vagrant 84.122.178.78 port 36516 [preauth]","@timestamp":"2022-09-18T02:40:12.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:12 honeypot-ams-1 sshd[3546]: Disconnected from invalid user debian 84.122.178.78 port 36552 [preauth]","@timestamp":"2022-09-18T02:40:13.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:13 honeypot-ams-1 sshd[3550]: Disconnected from invalid user debian 84.122.178.78 port 36606 [preauth]","@timestamp":"2022-09-18T02:40:14.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:14 honeypot-ams-1 sshd[3554]: Disconnected from invalid user alarm 84.122.178.78 port 36638 [preauth]","@timestamp":"2022-09-18T02:40:15.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3558]: Disconnected from invalid user test 84.122.178.78 port 36722 [preauth]","@timestamp":"2022-09-18T02:40:16.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3562]: Disconnected from invalid user cirros 84.122.178.78 port 36872 [preauth]","@timestamp":"2022-09-18T02:40:16.059Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:40:26 honeypot-fra-1 sshd[26554]: Disconnected from invalid user hadoop 179.43.156.143 port 35574 [preauth]","@timestamp":"2022-09-18T02:40:26.911Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:41:05 honeypot-ams-1 kernel: [84345445.866614] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.82.47.7 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35379 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:41:06.085Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:41:31 honeypot-ams-1 sshd[3572]: Disconnected from authenticating user root 124.221.41.109 port 46648 [preauth]","@timestamp":"2022-09-18T02:41:31.099Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:41:41 honeypot-fra-1 sshd[26559]: Disconnected from invalid user drcomadmin 179.43.156.143 port 58618 [preauth]","@timestamp":"2022-09-18T02:41:41.941Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:24 honeypot-ams-1 sshd[3579]: Invalid user ubnt from 18.179.32.110 port 2993","@timestamp":"2022-09-18T02:42:25.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:28 honeypot-ams-1 sshd[3583]: Disconnected from authenticating user root 18.179.32.110 port 25799 [preauth]","@timestamp":"2022-09-18T02:42:29.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:33 honeypot-ams-1 sshd[3587]: Disconnected from authenticating user root 124.221.41.109 port 52648 [preauth]","@timestamp":"2022-09-18T02:42:34.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:38 honeypot-ams-1 sshd[3595]: Disconnected from authenticating user root 18.179.32.110 port 3659 [preauth]","@timestamp":"2022-09-18T02:42:39.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:44 honeypot-ams-1 sshd[3601]: Disconnected from authenticating user root 18.179.32.110 port 17027 [preauth]","@timestamp":"2022-09-18T02:42:44.138Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:49 honeypot-ams-1 sshd[3607]: Disconnected from authenticating user root 18.179.32.110 port 2119 [preauth]","@timestamp":"2022-09-18T02:42:50.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:55 honeypot-ams-1 sshd[3613]: Disconnected from authenticating user root 18.179.32.110 port 10253 [preauth]","@timestamp":"2022-09-18T02:42:56.146Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:42:59 honeypot-fra-1 sshd[26565]: Invalid user vyos from 179.43.156.143 port 53432","@timestamp":"2022-09-18T02:42:59.976Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:01 honeypot-ams-1 sshd[3619]: Disconnected from authenticating user root 18.179.32.110 port 22737 [preauth]","@timestamp":"2022-09-18T02:43:01.149Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:06 honeypot-ams-1 sshd[3625]: Disconnected from authenticating user root 18.179.32.110 port 21891 [preauth]","@timestamp":"2022-09-18T02:43:07.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:12 honeypot-ams-1 sshd[3631]: Disconnected from authenticating user root 18.179.32.110 port 17229 [preauth]","@timestamp":"2022-09-18T02:43:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:18 honeypot-ams-1 sshd[3637]: Disconnected from authenticating user root 18.179.32.110 port 13261 [preauth]","@timestamp":"2022-09-18T02:43:19.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:23 honeypot-ams-1 sshd[3643]: Disconnected from authenticating user root 18.179.32.110 port 12825 [preauth]","@timestamp":"2022-09-18T02:43:24.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:29 honeypot-ams-1 sshd[3649]: Received disconnect from 18.179.32.110 port 26853:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:30.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:33 honeypot-ams-1 sshd[3653]: Received disconnect from 18.179.32.110 port 18699:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:34.170Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:43:37 honeypot-fra-1 sshd[26567]: Disconnected from invalid user oracle 179.43.156.143 port 50812 [preauth]","@timestamp":"2022-09-18T02:43:37.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:37 honeypot-ams-1 sshd[3659]: Received disconnect from 18.179.32.110 port 10801:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:38.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:39 honeypot-ams-1 sshd[3657]: Disconnected from authenticating user root 124.221.41.109 port 58646 [preauth]","@timestamp":"2022-09-18T02:43:40.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:43 honeypot-ams-1 sshd[3665]: Disconnected from invalid user admin 18.179.32.110 port 8049 [preauth]","@timestamp":"2022-09-18T02:43:43.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:46 honeypot-ams-1 sshd[3669]: Disconnected from invalid user admin 18.179.32.110 port 20515 [preauth]","@timestamp":"2022-09-18T02:43:47.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:52 honeypot-ams-1 sshd[3675]: Received disconnect from 18.179.32.110 port 19555:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:53.184Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:56 honeypot-ams-1 sshd[3679]: Received disconnect from 18.179.32.110 port 20071:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:57.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:00 honeypot-ams-1 sshd[3683]: Received disconnect from 18.179.32.110 port 13547:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:00.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:03 honeypot-ams-1 sshd[3687]: Received disconnect from 18.179.32.110 port 26355:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:04.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:07 honeypot-ams-1 sshd[3691]: Received disconnect from 18.179.32.110 port 8361:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:08.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:11 honeypot-ams-1 sshd[3695]: Received disconnect from 18.179.32.110 port 14439:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:12.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:15 honeypot-ams-1 sshd[3699]: Received disconnect from 18.179.32.110 port 17731:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:16.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:19 honeypot-ams-1 sshd[3703]: Received disconnect from 18.179.32.110 port 30513:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:20.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:23 honeypot-ams-1 sshd[3707]: Received disconnect from 18.179.32.110 port 28149:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:23.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:26 honeypot-ams-1 sshd[3711]: Received disconnect from 18.179.32.110 port 21203:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:27.210Z"}
{"@timestamp":"2022-09-18T02:44:29.561Z","@version":"1","message":"Sep 18 02:44:29 honeypot-sgp-1 kernel: [84345172.648429] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.25.67.180 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=51267 PROTO=TCP SPT=47889 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:30 honeypot-ams-1 sshd[3715]: Received disconnect from 18.179.32.110 port 30153:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:31.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:34 honeypot-ams-1 sshd[3719]: Received disconnect from 18.179.32.110 port 8723:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:44:35.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:45:02 honeypot-fra-1 sshd[26573]: Received disconnect from 187.235.106.121 port 39552:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:45:03.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:03 honeypot-fra-1 sshd[26579]: Invalid user nagios from 134.209.240.217 port 35928","@timestamp":"2022-09-18T02:46:04.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:18 honeypot-fra-1 sshd[26584]: Disconnected from authenticating user root 167.86.117.132 port 43074 [preauth]","@timestamp":"2022-09-18T02:46:19.063Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:46:50 honeypot-ams-1 sshd[3725]: Received disconnect from 124.221.41.109 port 48328:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:46:51.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:47:42 honeypot-fra-1 sshd[26590]: Invalid user admin from 78.198.111.128 port 54026","@timestamp":"2022-09-18T02:47:43.098Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:48:59 honeypot-ams-1 sshd[3730]: Disconnected from authenticating user root 124.221.41.109 port 60244 [preauth]","@timestamp":"2022-09-18T02:49:00.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:49:01 honeypot-fra-1 sshd[26594]: Invalid user admin from 193.106.191.157 port 47340","@timestamp":"2022-09-18T02:49:02.132Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:50:26 honeypot-ams-1 sshd[3738]: Protocol major versions differ for 156.251.172.207 port 36644: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Server","@timestamp":"2022-09-18T02:50:27.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:50:28 honeypot-fra-1 sshd[26600]: Received disconnect from 179.43.156.143 port 53032:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:50:29.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:09 honeypot-fra-1 sshd[26605]: Disconnected from authenticating user root 179.43.156.143 port 50452 [preauth]","@timestamp":"2022-09-18T02:51:10.188Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:50 honeypot-fra-1 sshd[26609]: Received disconnect from 179.43.156.143 port 47818:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:51:51.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:53:00 honeypot-fra-1 sshd[26613]: Received disconnect from 157.230.6.213 port 49310:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:53:01.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:53:15 honeypot-ams-1 sshd[4185]: Disconnected from authenticating user root 124.221.41.109 port 55764 [preauth]","@timestamp":"2022-09-18T02:53:15.455Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:53:51 honeypot-fra-1 kernel: [84344040.351940] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40515 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:53:52.259Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:55:49 honeypot-fra-1 sshd[26623]: Disconnected from authenticating user root 179.43.156.143 port 60460 [preauth]","@timestamp":"2022-09-18T02:55:50.307Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:56:24 honeypot-ams-1 sshd[4191]: Disconnected from authenticating user root 124.221.41.109 port 45248 [preauth]","@timestamp":"2022-09-18T02:56:24.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:57:30 honeypot-ams-1 sshd[4193]: Disconnected from authenticating user root 124.221.41.109 port 51138 [preauth]","@timestamp":"2022-09-18T02:57:30.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:57:38 honeypot-fra-1 kernel: [84344267.475703] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=31.15.201.44 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15533 PROTO=TCP SPT=51968 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:57:39.351Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:58:14 honeypot-fra-1 sshd[26632]: Disconnected from authenticating user root 128.199.118.93 port 38060 [preauth]","@timestamp":"2022-09-18T02:58:15.369Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:00:24.940Z","@version":"1","message":"Sep 18 03:00:24 honeypot-sgp-1 sshd[29555]: ssh_dispatch_run_fatal: Connection from 65.36.37.216 port 43355: Connection corrupted [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:00:39 honeypot-ams-1 sshd[4200]: Received disconnect from 124.221.41.109 port 40528:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:00:39.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:01:58 honeypot-ams-1 sshd[4204]: Did not receive identification string from 118.193.59.59 port 40504","@timestamp":"2022-09-18T03:01:59.703Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:02:16 honeypot-fra-1 sshd[26638]: Connection closed by authenticating user root 141.98.10.158 port 52256 [preauth]","@timestamp":"2022-09-18T03:02:16.463Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:03:48 honeypot-ams-1 sshd[4212]: Received disconnect from 124.221.41.109 port 58090:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:03:48.757Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:04:31 honeypot-fra-1 sshd[26642]: Invalid user sampless from 92.9.123.122 port 59978","@timestamp":"2022-09-18T03:04:32.517Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:05:54 honeypot-ams-1 sshd[4216]: Disconnected from authenticating user root 124.221.41.109 port 41538 [preauth]","@timestamp":"2022-09-18T03:05:54.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:08:00 honeypot-ams-1 sshd[4220]: Disconnected from authenticating user root 124.221.41.109 port 53178 [preauth]","@timestamp":"2022-09-18T03:08:00.892Z"}
{"@timestamp":"2022-09-18T03:09:36.163Z","@version":"1","message":"Sep 18 03:09:36 honeypot-sgp-1 kernel: [84346679.632946] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.138.103 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=6567 PROTO=TCP SPT=1656 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:11:07 honeypot-ams-1 sshd[4227]: Disconnected from authenticating user root 124.221.41.109 port 42350 [preauth]","@timestamp":"2022-09-18T03:11:07.976Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:13:11 honeypot-ams-1 sshd[4233]: Received disconnect from 124.221.41.109 port 53928:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:13:12.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:14:15 honeypot-ams-1 sshd[4238]: Disconnected from authenticating user root 124.221.41.109 port 59702 [preauth]","@timestamp":"2022-09-18T03:14:16.064Z"}
{"@timestamp":"2022-09-18T03:14:44.292Z","@version":"1","message":"Sep 18 03:14:43 honeypot-sgp-1 kernel: [84346987.200327] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.237.145.167 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=13453 PROTO=TCP SPT=50878 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:17:01 honeypot-fra-1 CRON[26648]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T03:17:01.795Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:17:01 honeypot-ams-1 CRON[4244]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T03:17:02.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:18:24 honeypot-ams-1 sshd[4251]: Disconnected from authenticating user root 124.221.41.109 port 54496 [preauth]","@timestamp":"2022-09-18T03:18:25.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:20:52 honeypot-ams-1 sshd[4258]: Connection closed by 157.245.252.5 port 52946 [preauth]","@timestamp":"2022-09-18T03:20:53.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:23:31 honeypot-ams-1 sshd[4264]: Disconnected from authenticating user root 124.221.41.109 port 54906 [preauth]","@timestamp":"2022-09-18T03:23:31.316Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:24:34 honeypot-fra-1 sshd[26654]: Received disconnect from 193.46.199.36 port 46832:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:24:34.978Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:25:53 honeypot-ams-1 kernel: [84348133.271369] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.61.183.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=58 ID=28921 PROTO=TCP SPT=24501 DPT=80 WINDOW=61054 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:25:53.382Z"}
{"@timestamp":"2022-09-18T03:27:08.589Z","@version":"1","message":"Sep 18 03:27:07 honeypot-sgp-1 sshd[29570]: Invalid user office from 86.101.142.1 port 43412","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:27:52 honeypot-fra-1 kernel: [84346081.162644] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=202.164.136.147 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=6361 DF PROTO=TCP SPT=47860 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:27:53.054Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:28:37 honeypot-ams-1 sshd[4275]: Received disconnect from 124.221.41.109 port 55134:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:28:38.472Z"}
{"@timestamp":"2022-09-18T03:30:32.672Z","@version":"1","message":"Sep 18 03:30:31 honeypot-sgp-1 sshd[29574]: Received disconnect from 206.217.131.233 port 55550:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:30:52 honeypot-fra-1 sshd[26661]: Invalid user monitor from 177.73.2.57 port 58829","@timestamp":"2022-09-18T03:30:53.125Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:31:17.692Z","@version":"1","message":"Sep 18 03:31:17 honeypot-sgp-1 sshd[29578]: Received disconnect from 50.16.104.72 port 47728:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:31:40 honeypot-ams-1 sshd[4282]: Received disconnect from 124.221.41.109 port 43880:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:31:41.553Z"}
{"@timestamp":"2022-09-18T03:33:10.739Z","@version":"1","message":"Sep 18 03:33:10 honeypot-sgp-1 sshd[29584]: Disconnected from invalid user steam 159.223.41.136 port 49432 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:33:42 honeypot-ams-1 sshd[4286]: Disconnected from authenticating user root 124.221.41.109 port 55166 [preauth]","@timestamp":"2022-09-18T03:33:42.607Z"}
{"@timestamp":"2022-09-18T03:34:07.764Z","@version":"1","message":"Sep 18 03:34:07 honeypot-sgp-1 sshd[29590]: Disconnected from authenticating user root 103.163.21.24 port 35627 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:09.765Z","@version":"1","message":"Sep 18 03:34:08 honeypot-sgp-1 sshd[29596]: Received disconnect from 103.163.21.24 port 35691:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:11.767Z","@version":"1","message":"Sep 18 03:34:10 honeypot-sgp-1 sshd[29602]: Received disconnect from 103.163.21.24 port 35754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:13.768Z","@version":"1","message":"Sep 18 03:34:12 honeypot-sgp-1 sshd[29608]: Received disconnect from 103.163.21.24 port 35817:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:14.769Z","@version":"1","message":"Sep 18 03:34:14 honeypot-sgp-1 sshd[29614]: Received disconnect from 103.163.21.24 port 35878:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:16.770Z","@version":"1","message":"Sep 18 03:34:16 honeypot-sgp-1 sshd[29620]: Received disconnect from 103.163.21.24 port 35945:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:18.771Z","@version":"1","message":"Sep 18 03:34:18 honeypot-sgp-1 sshd[29627]: Received disconnect from 103.163.21.24 port 36004:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:19.772Z","@version":"1","message":"Sep 18 03:34:19 honeypot-sgp-1 sshd[29632]: Received disconnect from 103.163.21.24 port 36043:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:21.773Z","@version":"1","message":"Sep 18 03:34:21 honeypot-sgp-1 sshd[29638]: Received disconnect from 103.163.21.24 port 36109:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:23.775Z","@version":"1","message":"Sep 18 03:34:23 honeypot-sgp-1 sshd[29644]: Received disconnect from 103.163.21.24 port 36169:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:25.777Z","@version":"1","message":"Sep 18 03:34:25 honeypot-sgp-1 sshd[29650]: Received disconnect from 103.163.21.24 port 36233:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:27.778Z","@version":"1","message":"Sep 18 03:34:27 honeypot-sgp-1 sshd[29656]: Received disconnect from 103.163.21.24 port 36299:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:29.779Z","@version":"1","message":"Sep 18 03:34:29 honeypot-sgp-1 sshd[29662]: Invalid user admin from 103.163.21.24 port 36360","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:30.780Z","@version":"1","message":"Sep 18 03:34:30 honeypot-sgp-1 sshd[29666]: Invalid user admin from 103.163.21.24 port 36403","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:31.781Z","@version":"1","message":"Sep 18 03:34:31 honeypot-sgp-1 sshd[29670]: Invalid user admin from 103.163.21.24 port 36443","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:33.782Z","@version":"1","message":"Sep 18 03:34:33 honeypot-sgp-1 sshd[29674]: Invalid user admin from 103.163.21.24 port 36486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:34.782Z","@version":"1","message":"Sep 18 03:34:34 honeypot-sgp-1 sshd[29678]: Invalid user admin from 103.163.21.24 port 36528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:35.783Z","@version":"1","message":"Sep 18 03:34:35 honeypot-sgp-1 sshd[29682]: Invalid user user from 103.163.21.24 port 36569","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:37.786Z","@version":"1","message":"Sep 18 03:34:36 honeypot-sgp-1 sshd[29686]: Disconnected from authenticating user root 103.163.21.24 port 36606 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:38.787Z","@version":"1","message":"Sep 18 03:34:38 honeypot-sgp-1 sshd[29690]: Disconnected from invalid user pi 103.163.21.24 port 36652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:39.788Z","@version":"1","message":"Sep 18 03:34:39 honeypot-sgp-1 sshd[29694]: Disconnected from invalid user ethos 103.163.21.24 port 36694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:40.788Z","@version":"1","message":"Sep 18 03:34:40 honeypot-sgp-1 sshd[29698]: Disconnected from invalid user miner 103.163.21.24 port 36738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:42.790Z","@version":"1","message":"Sep 18 03:34:42 honeypot-sgp-1 sshd[29702]: Disconnected from invalid user volumio 103.163.21.24 port 36778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:43.790Z","@version":"1","message":"Sep 18 03:34:43 honeypot-sgp-1 sshd[29706]: Disconnected from invalid user nagios 103.163.21.24 port 36822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:44.791Z","@version":"1","message":"Sep 18 03:34:44 honeypot-sgp-1 sshd[29710]: Disconnected from invalid user vagrant 103.163.21.24 port 36865 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:46.792Z","@version":"1","message":"Sep 18 03:34:45 honeypot-sgp-1 sshd[29714]: Disconnected from invalid user debian 103.163.21.24 port 36905 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:47.793Z","@version":"1","message":"Sep 18 03:34:47 honeypot-sgp-1 sshd[29718]: Disconnected from invalid user debian 103.163.21.24 port 36942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:48.793Z","@version":"1","message":"Sep 18 03:34:48 honeypot-sgp-1 sshd[29722]: Disconnected from invalid user alarm 103.163.21.24 port 36981 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:49.794Z","@version":"1","message":"Sep 18 03:34:49 honeypot-sgp-1 sshd[29726]: Disconnected from invalid user test 103.163.21.24 port 37021 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:51.795Z","@version":"1","message":"Sep 18 03:34:50 honeypot-sgp-1 sshd[29730]: Disconnected from invalid user cirros 103.163.21.24 port 37062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:36:29.835Z","@version":"1","message":"Sep 18 03:36:29 honeypot-sgp-1 sshd[29734]: Disconnected from authenticating user root 128.199.105.162 port 38280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:36:43 honeypot-ams-1 sshd[4293]: Disconnected from authenticating user root 124.221.41.109 port 43828 [preauth]","@timestamp":"2022-09-18T03:36:43.688Z"}
{"@timestamp":"2022-09-18T03:39:15.903Z","@version":"1","message":"Sep 18 03:39:15 honeypot-sgp-1 sshd[29739]: Disconnected from authenticating user root 211.43.12.240 port 38720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:39:47 honeypot-ams-1 sshd[4299]: Disconnected from authenticating user root 124.221.41.109 port 60692 [preauth]","@timestamp":"2022-09-18T03:39:47.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:39:51 honeypot-fra-1 kernel: [84346799.982391] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=59066 PROTO=TCP SPT=54589 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:39:52.325Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:40:52 honeypot-ams-1 kernel: [84349032.362160] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.29 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=53916 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:40:52.803Z"}
{"@timestamp":"2022-09-18T03:43:06.996Z","@version":"1","message":"Sep 18 03:43:06 honeypot-sgp-1 sshd[29744]: Disconnected from invalid user devuser 139.59.102.10 port 55306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:43:48 honeypot-ams-1 sshd[4310]: Received disconnect from 124.221.41.109 port 54890:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:43:48.884Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:46:49 honeypot-ams-1 sshd[4317]: Received disconnect from 124.221.41.109 port 43434:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:46:49.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:48:45 honeypot-fra-1 kernel: [84347333.875504] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.92.87.63 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=43328 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:48:45.527Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:48:50 honeypot-ams-1 sshd[4321]: Disconnected from authenticating user root 124.221.41.109 port 54606 [preauth]","@timestamp":"2022-09-18T03:48:51.020Z"}
{"@timestamp":"2022-09-18T03:50:17.170Z","@version":"1","message":"Sep 18 03:50:16 honeypot-sgp-1 sshd[29749]: Connection closed by invalid user default 179.60.147.69 port 35522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:51:49 honeypot-ams-1 sshd[4328]: Disconnected from authenticating user root 124.221.41.109 port 43074 [preauth]","@timestamp":"2022-09-18T03:51:50.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:53:49 honeypot-ams-1 sshd[4334]: Disconnected from authenticating user root 124.221.41.109 port 54180 [preauth]","@timestamp":"2022-09-18T03:53:50.153Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:55:07 honeypot-fra-1 sshd[26673]: Disconnecting invalid user admin 119.240.188.148 port 62200: Too many authentication failures [preauth]","@timestamp":"2022-09-18T03:55:08.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:56:48 honeypot-ams-1 sshd[4341]: Received disconnect from 124.221.41.109 port 42570:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:56:49.233Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:58:48 honeypot-ams-1 sshd[4345]: Disconnected from authenticating user root 124.221.41.109 port 53636 [preauth]","@timestamp":"2022-09-18T03:58:48.288Z"}
{"@timestamp":"2022-09-18T04:01:19.432Z","@version":"1","message":"Sep 18 04:01:18 honeypot-sgp-1 sshd[29753]: Disconnected from invalid user hack 103.225.124.210 port 47754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:01:34 honeypot-fra-1 sshd[26678]: Received disconnect from 165.22.45.108 port 43332:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T04:01:35.839Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:01:47 honeypot-ams-1 sshd[4352]: Received disconnect from 124.221.41.109 port 41950:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:01:47.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:04:43 honeypot-ams-1 sshd[4358]: Received disconnect from 124.221.41.109 port 58450:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:04:44.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:07:40 honeypot-ams-1 sshd[4365]: Received disconnect from 124.221.41.109 port 46630:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:07:40.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:09:42 honeypot-ams-1 sshd[4371]: Invalid user distccd from 81.200.212.13 port 60840","@timestamp":"2022-09-18T04:09:42.580Z"}
{"@timestamp":"2022-09-18T04:09:44.632Z","@version":"1","message":"Sep 18 04:09:44 honeypot-sgp-1 sshd[29760]: Disconnected from authenticating user root 92.255.85.70 port 35978 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:10:35 honeypot-ams-1 sshd[4375]: Disconnected from authenticating user root 124.221.41.109 port 34736 [preauth]","@timestamp":"2022-09-18T04:10:36.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:12:34 honeypot-ams-1 sshd[4380]: Disconnected from authenticating user root 124.221.41.109 port 45614 [preauth]","@timestamp":"2022-09-18T04:12:34.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:14:30 honeypot-ams-1 sshd[4388]: Disconnected from authenticating user root 124.221.41.109 port 56448 [preauth]","@timestamp":"2022-09-18T04:14:30.710Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:15:40 honeypot-fra-1 kernel: [84348948.813444] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=53796 DF PROTO=TCP SPT=44701 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:15:41.164Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:17:01 honeypot-ams-1 CRON[4394]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T04:17:01.779Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:18:34 honeypot-ams-1 kernel: [84351294.686578] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=49528 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:18:34.824Z"}
{"@timestamp":"2022-09-18T04:20:14.881Z","@version":"1","message":"Sep 18 04:20:14 honeypot-sgp-1 sshd[29766]: Disconnected from authenticating user root 165.227.133.23 port 56252 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:21:18 honeypot-ams-1 sshd[4408]: Disconnected from authenticating user root 124.221.41.109 port 37700 [preauth]","@timestamp":"2022-09-18T04:21:18.899Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:22:58 honeypot-fra-1 sshd[26707]: Invalid user admin from 74.204.129.194 port 53264","@timestamp":"2022-09-18T04:22:59.333Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:24:09 honeypot-ams-1 sshd[4417]: Disconnected from authenticating user root 124.221.41.109 port 53782 [preauth]","@timestamp":"2022-09-18T04:24:09.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:26:04 honeypot-ams-1 sshd[4424]: Disconnected from authenticating user root 124.221.41.109 port 36222 [preauth]","@timestamp":"2022-09-18T04:26:05.028Z"}
{"@timestamp":"2022-09-18T04:26:46.039Z","@version":"1","message":"Sep 18 04:26:45 honeypot-sgp-1 sshd[29771]: Connection closed by invalid user ubnt 179.60.147.69 port 31910 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:28:44 honeypot-ams-1 sshd[4431]: Disconnected from authenticating user root 128.199.208.187 port 53224 [preauth]","@timestamp":"2022-09-18T04:28:45.100Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:29:02 honeypot-fra-1 sshd[26712]: Invalid user elk from 103.188.176.251 port 36872","@timestamp":"2022-09-18T04:29:03.475Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:29:47 honeypot-ams-1 sshd[4439]: Received disconnect from 61.177.173.39 port 47222:11:  [preauth]","@timestamp":"2022-09-18T04:29:48.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:30:06 honeypot-ams-1 sshd[4443]: Connection closed by invalid user ubnt 179.60.147.69 port 29330 [preauth]","@timestamp":"2022-09-18T04:30:07.142Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:31:21 honeypot-ams-1 kernel: [84352061.390620] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.153.208.98 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57085 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:31:22.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:32:36 honeypot-ams-1 sshd[4449]: Invalid user laboratory from 123.41.0.20 port 27553","@timestamp":"2022-09-18T04:32:36.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:33:43 honeypot-ams-1 sshd[4453]: Disconnected from authenticating user root 124.221.41.109 port 50482 [preauth]","@timestamp":"2022-09-18T04:33:44.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:35:36 honeypot-ams-1 sshd[4460]: Received disconnect from 124.221.41.109 port 32804:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:35:37.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:36:25 honeypot-ams-1 sshd[4464]: Disconnected from authenticating user root 61.177.172.19 port 15362 [preauth]","@timestamp":"2022-09-18T04:36:26.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:37:57 honeypot-ams-1 sshd[4478]: Received disconnect from 1.224.37.98 port 46748:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:37:57.360Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:02 honeypot-fra-1 sshd[26719]: Invalid user user from 45.61.186.169 port 44758","@timestamp":"2022-09-18T04:39:02.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:11 honeypot-fra-1 sshd[26721]: Disconnected from invalid user user 45.61.186.169 port 56296 [preauth]","@timestamp":"2022-09-18T04:39:12.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:39:23 honeypot-ams-1 sshd[4484]: Disconnected from authenticating user root 124.221.41.109 port 53844 [preauth]","@timestamp":"2022-09-18T04:39:23.401Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:29 honeypot-fra-1 sshd[26725]: Disconnected from invalid user user 45.61.186.169 port 51154 [preauth]","@timestamp":"2022-09-18T04:39:29.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:45 honeypot-fra-1 sshd[26729]: Disconnected from invalid user user 45.61.186.169 port 46002 [preauth]","@timestamp":"2022-09-18T04:39:45.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:40:03 honeypot-ams-1 kernel: [84352583.638368] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=40098 PROTO=TCP SPT=55928 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:40:04.422Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:40:51 honeypot-ams-1 sshd[4493]: Disconnected from invalid user squid 185.149.120.61 port 51412 [preauth]","@timestamp":"2022-09-18T04:40:52.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:41:58 honeypot-ams-1 sshd[4499]: Received disconnect from 178.128.34.59 port 53582:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:41:58.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:42:46 honeypot-fra-1 sshd[26734]: Disconnected from invalid user eden 34.102.23.246 port 59996 [preauth]","@timestamp":"2022-09-18T04:42:47.799Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:43:10 honeypot-ams-1 sshd[4505]: Received disconnect from 124.221.41.109 port 46510:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:43:11.513Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:44:04 honeypot-ams-1 sshd[4509]: Disconnected from invalid user fz 45.119.215.150 port 43710 [preauth]","@timestamp":"2022-09-18T04:44:05.537Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:46:51 honeypot-ams-1 kernel: [84352991.306255] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.33.38.0 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=47778 PROTO=TCP SPT=20724 DPT=443 WINDOW=10371 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:46:51.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:47:50 honeypot-ams-1 sshd[4521]: Disconnected from authenticating user root 124.221.41.109 port 44220 [preauth]","@timestamp":"2022-09-18T04:47:50.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:50:37 honeypot-ams-1 sshd[4528]: Received disconnect from 124.221.41.109 port 59688:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:50:37.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:51:22 honeypot-ams-1 sshd[4530]: Connection closed by invalid user admin 193.106.191.157 port 32796 [preauth]","@timestamp":"2022-09-18T04:51:22.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:53:22 honeypot-ams-1 sshd[4540]: Received disconnect from 124.221.41.109 port 46890:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:53:23.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:54:55 honeypot-ams-1 sshd[4545]: Disconnected from authenticating user root 61.177.172.124 port 31919 [preauth]","@timestamp":"2022-09-18T04:54:55.839Z"}
{"@timestamp":"2022-09-18T04:55:51.745Z","@version":"1","message":"Sep 18 04:55:51 honeypot-sgp-1 sshd[29777]: Received disconnect from 92.255.85.69 port 30090:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:56:08 honeypot-ams-1 sshd[4550]: Received disconnect from 124.221.41.109 port 34048:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:56:08.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:57:58 honeypot-ams-1 sshd[4555]: Received disconnect from 124.221.41.109 port 44278:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:57:58.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:58:38 honeypot-fra-1 sshd[26742]: Received disconnect from 178.22.168.219 port 52362:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:58:39.160Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:59:22 honeypot-ams-1 sshd[4560]: Received disconnect from 103.37.83.26 port 54470:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:59:22.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:00:44 honeypot-ams-1 sshd[4567]: Received disconnect from 124.221.41.109 port 59572:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:00:45.008Z"}
{"@timestamp":"2022-09-18T05:02:20.903Z","@version":"1","message":"Sep 18 05:02:20 honeypot-sgp-1 sshd[29782]: Invalid user wen from 45.181.32.41 port 40204","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:02:34 honeypot-ams-1 sshd[4572]: Disconnected from authenticating user root 124.221.41.109 port 41504 [preauth]","@timestamp":"2022-09-18T05:02:35.058Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:03:08 honeypot-fra-1 kernel: [84351796.333469] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.95.251 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34196 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:03:08.263Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:04:23 honeypot-ams-1 sshd[4581]: Disconnected from authenticating user root 124.221.41.109 port 51636 [preauth]","@timestamp":"2022-09-18T05:04:24.107Z"}
{"@timestamp":"2022-09-18T05:05:42.991Z","@version":"1","message":"Sep 18 05:05:42 honeypot-sgp-1 sshd[29786]: Received disconnect from 159.65.77.254 port 50712:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:06:11 honeypot-ams-1 sshd[4587]: Connection closed by invalid user ubnt 179.60.147.69 port 21980 [preauth]","@timestamp":"2022-09-18T05:06:11.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:07:20 honeypot-fra-1 kernel: [84352048.702723] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.156.73.58 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=24705 PROTO=TCP SPT=51774 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:07:21.361Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:08:18 honeypot-ams-1 sshd[4594]: Disconnected from authenticating user root 61.177.173.51 port 54584 [preauth]","@timestamp":"2022-09-18T05:08:18.212Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:09:48 honeypot-ams-1 sshd[4600]: Received disconnect from 124.221.41.109 port 53668:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:09:49.257Z"}
{"@timestamp":"2022-09-18T05:10:40.113Z","@version":"1","message":"Sep 18 05:10:39 honeypot-sgp-1 sshd[29791]: Invalid user fzc from 41.209.43.93 port 34670","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:10:43 honeypot-ams-1 sshd[4604]: Disconnected from authenticating user root 124.221.41.109 port 58694 [preauth]","@timestamp":"2022-09-18T05:10:44.283Z"}
{"@timestamp":"2022-09-18T05:11:43.142Z","@version":"1","message":"Sep 18 05:11:42 honeypot-sgp-1 kernel: [84354005.654555] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=8180 DF PROTO=TCP SPT=58301 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:12:30 honeypot-ams-1 sshd[4611]: Disconnected from authenticating user root 124.221.41.109 port 40502 [preauth]","@timestamp":"2022-09-18T05:12:31.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:14:17 honeypot-ams-1 sshd[4617]: Disconnected from authenticating user root 124.221.41.109 port 50514 [preauth]","@timestamp":"2022-09-18T05:14:17.383Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:15:28 honeypot-fra-1 kernel: [84352536.989284] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=11591 PROTO=TCP SPT=18973 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:15:29.547Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:16:05 honeypot-ams-1 sshd[4625]: Received disconnect from 124.221.41.109 port 60496:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:16:06.433Z"}
{"@timestamp":"2022-09-18T05:17:02.269Z","@version":"1","message":"Sep 18 05:17:02 honeypot-sgp-1 CRON[29800]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:15 honeypot-ams-1 sshd[4636]: Received disconnect from 201.186.40.35 port 34894:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:17:15.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:58 honeypot-ams-1 sshd[4641]: Disconnected from invalid user tushar 196.223.151.194 port 49886 [preauth]","@timestamp":"2022-09-18T05:17:58.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:20:34 honeypot-ams-1 sshd[4647]: Disconnected from authenticating user root 124.221.41.109 port 57152 [preauth]","@timestamp":"2022-09-18T05:20:34.556Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:22:23 honeypot-ams-1 sshd[4651]: Received disconnect from 124.221.41.109 port 38852:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:22:23.608Z"}
{"@timestamp":"2022-09-18T05:23:32.425Z","@version":"1","message":"Sep 18 05:23:31 honeypot-sgp-1 sshd[29807]: Disconnected from invalid user daniel 181.48.60.50 port 45576 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:24:09 honeypot-ams-1 sshd[4657]: Disconnected from authenticating user root 124.221.41.109 port 48772 [preauth]","@timestamp":"2022-09-18T05:24:09.657Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:24:16 honeypot-fra-1 sshd[26761]: Invalid user lindsey from 165.22.45.108 port 48844","@timestamp":"2022-09-18T05:24:16.772Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:25:21 honeypot-ams-1 sshd[4664]: Received disconnect from 61.177.173.36 port 15970:11:  [preauth]","@timestamp":"2022-09-18T05:25:22.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:26:01 honeypot-fra-1 sshd[26765]: Disconnected from invalid user bash 45.249.247.148 port 34720 [preauth]","@timestamp":"2022-09-18T05:26:01.815Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:27:32 honeypot-ams-1 sshd[4670]: Invalid user nexus from 159.89.236.71 port 36696","@timestamp":"2022-09-18T05:27:33.755Z"}
{"@timestamp":"2022-09-18T05:28:27.564Z","@version":"1","message":"Sep 18 05:28:27 honeypot-sgp-1 kernel: [84355010.936528] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47290 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:28:35 honeypot-ams-1 sshd[4675]: Disconnected from authenticating user root 124.221.41.109 port 45244 [preauth]","@timestamp":"2022-09-18T05:28:35.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:29:37 honeypot-ams-1 sshd[4681]: Disconnected from authenticating user root 61.177.172.114 port 37860 [preauth]","@timestamp":"2022-09-18T05:29:37.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:31:13 honeypot-ams-1 sshd[4685]: Disconnected from authenticating user root 124.221.41.109 port 60022 [preauth]","@timestamp":"2022-09-18T05:31:14.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:34:21 honeypot-ams-1 sshd[4694]: Received disconnect from 190.128.169.130 port 58440:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:34:21.951Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:39:33 honeypot-fra-1 sshd[26770]: Received disconnect from 180.250.115.121 port 35252:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:39:34.120Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T05:39:53.840Z","@version":"1","message":"Sep 18 05:39:53 honeypot-sgp-1 sshd[29817]: Invalid user admin from 92.255.85.69 port 45818","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:41:29 honeypot-fra-1 sshd[26775]: Received disconnect from 159.89.163.217 port 54936:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:41:30.166Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:42:16 honeypot-ams-1 sshd[4699]: Invalid user test from 179.60.147.69 port 50784","@timestamp":"2022-09-18T05:42:17.159Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:49:34 honeypot-ams-1 kernel: [84356753.998791] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=191.37.129.50 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=60025 DF PROTO=TCP SPT=53663 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:49:34.349Z"}
{"@timestamp":"2022-09-18T05:52:52.153Z","@version":"1","message":"Sep 18 05:52:52 honeypot-sgp-1 sshd[29820]: Received disconnect from 196.223.151.194 port 38330:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:57:38 honeypot-ams-1 sshd[4717]: Invalid user luuk from 89.22.67.66 port 34606","@timestamp":"2022-09-18T05:57:38.565Z"}
{"@timestamp":"2022-09-18T05:58:16.304Z","@version":"1","message":"Sep 18 05:58:15 honeypot-sgp-1 kernel: [84356798.815170] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=114.254.21.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=25391 DF PROTO=TCP SPT=35456 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:58:17 honeypot-ams-1 kernel: [84357277.754487] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=31872 PROTO=TCP SPT=48203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:58:18.584Z"}
{"@timestamp":"2022-09-18T06:03:44.439Z","@version":"1","message":"Sep 18 06:03:43 honeypot-sgp-1 sshd[29824]: Received disconnect from 164.90.224.134 port 51776:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:09:02.569Z","@version":"1","message":"Sep 18 06:09:01 honeypot-sgp-1 kernel: [84357445.246608] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=59301 DF PROTO=TCP SPT=59437 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:10:02 honeypot-ams-1 sshd[4726]: Received disconnect from 61.177.172.19 port 33366:11:  [preauth]","@timestamp":"2022-09-18T06:10:03.894Z"}
{"@timestamp":"2022-09-18T06:15:07.717Z","@version":"1","message":"Sep 18 06:15:06 honeypot-sgp-1 sshd[29831]: Invalid user guest from 179.60.147.69 port 39094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:16:15 honeypot-fra-1 sshd[26874]: Invalid user guest from 179.60.147.69 port 50662","@timestamp":"2022-09-18T06:16:15.950Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:16:36 honeypot-ams-1 kernel: [84358376.808389] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.228.114.142 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=60 ID=18282 PROTO=TCP SPT=59827 DPT=80 WINDOW=54923 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:16:37.069Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:22:06 honeypot-fra-1 sshd[26880]: Received disconnect from 92.255.85.69 port 42200:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:22:07.084Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:23:36 honeypot-ams-1 sshd[4833]: Invalid user test from 92.255.85.69 port 29374","@timestamp":"2022-09-18T06:23:37.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:23:40 honeypot-fra-1 kernel: [84356628.216427] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.99.210.35 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=24196 DF PROTO=TCP SPT=43954 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:23:40.121Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T06:23:54.932Z","@version":"1","message":"Sep 18 06:23:54 honeypot-sgp-1 sshd[29837]: Received disconnect from 167.172.187.120 port 40080:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:27:15 honeypot-ams-1 kernel: [84359015.099071] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10511 PROTO=TCP SPT=42069 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:27:15.467Z"}
{"@timestamp":"2022-09-18T06:28:25.052Z","@version":"1","message":"Sep 18 06:28:24 honeypot-sgp-1 sshd[29980]: Invalid user test from 92.255.85.69 port 23858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:30:33 honeypot-fra-1 kernel: [84357041.215547] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18049 PROTO=TCP SPT=8456 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:30:33.282Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:35 honeypot-ams-1 sshd[5021]: Received disconnect from 46.19.141.122 port 59210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:31:35.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:58 honeypot-ams-1 sshd[5025]: Disconnected from invalid user admin 46.19.141.122 port 47688 [preauth]","@timestamp":"2022-09-18T06:31:58.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:24 honeypot-ams-1 sshd[5029]: Disconnected from invalid user user 46.19.141.122 port 41652 [preauth]","@timestamp":"2022-09-18T06:32:24.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:16 honeypot-ams-1 sshd[5033]: Disconnected from invalid user pi 46.19.141.122 port 40520 [preauth]","@timestamp":"2022-09-18T06:33:16.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:42 honeypot-ams-1 sshd[5037]: Disconnected from invalid user ubnt 46.19.141.122 port 48362 [preauth]","@timestamp":"2022-09-18T06:33:43.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:11 honeypot-ams-1 sshd[5041]: Disconnected from invalid user support 46.19.141.122 port 41872 [preauth]","@timestamp":"2022-09-18T06:34:11.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:39 honeypot-ams-1 sshd[5045]: Disconnected from authenticating user root 46.19.141.122 port 55824 [preauth]","@timestamp":"2022-09-18T06:34:40.676Z"}
{"@timestamp":"2022-09-18T06:34:51.210Z","@version":"1","message":"Sep 18 06:34:50 honeypot-sgp-1 sshd[29984]: Disconnected from invalid user user 45.61.186.249 port 59658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:10.219Z","@version":"1","message":"Sep 18 06:35:09 honeypot-sgp-1 sshd[29988]: Disconnected from invalid user user 45.61.186.249 port 55016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:22 honeypot-ams-1 sshd[5054]: Received disconnect from 46.19.141.122 port 57254:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:35:22.697Z"}
{"@timestamp":"2022-09-18T06:35:27.227Z","@version":"1","message":"Sep 18 06:35:26 honeypot-sgp-1 sshd[29992]: Disconnected from invalid user user 45.61.186.249 port 50314 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:43.236Z","@version":"1","message":"Sep 18 06:35:43 honeypot-sgp-1 sshd[29996]: Disconnected from invalid user user 45.61.186.249 port 45650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:57 honeypot-ams-1 sshd[5062]: Received disconnect from 46.19.141.122 port 33140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:35:57.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:36:22 honeypot-ams-1 sshd[5066]: Disconnected from invalid user admin 46.19.141.122 port 37144 [preauth]","@timestamp":"2022-09-18T06:36:22.730Z"}
{"@timestamp":"2022-09-18T06:38:15.300Z","@version":"1","message":"Sep 18 06:38:14 honeypot-sgp-1 sshd[30000]: Invalid user hatton from 104.131.249.57 port 40286","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:38:59 honeypot-ams-1 kernel: [84359719.245920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.60.15.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=34578 PROTO=TCP SPT=58123 DPT=80 WINDOW=40315 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:38:59.801Z"}
{"@timestamp":"2022-09-18T06:39:41.338Z","@version":"1","message":"Sep 18 06:39:41 honeypot-sgp-1 sshd[30002]: Received disconnect from 217.237.123.135 port 18754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:40:07 honeypot-fra-1 kernel: [84357615.180913] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=53067 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:40:07.501Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T06:42:08.402Z","@version":"1","message":"Sep 18 06:42:08 honeypot-sgp-1 sshd[30005]: Received disconnect from 128.199.42.242 port 33170:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:43:46 honeypot-fra-1 sshd[27026]: Disconnected from invalid user wpyan 58.246.187.126 port 28627 [preauth]","@timestamp":"2022-09-18T06:43:46.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:18 honeypot-fra-1 sshd[27031]: Received disconnect from 68.183.20.198 port 47566:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:44:19.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:33 honeypot-fra-1 sshd[27035]: Received disconnect from 45.61.187.160 port 47136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:44:33.609Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:51 honeypot-fra-1 sshd[27039]: Received disconnect from 45.61.187.160 port 42456:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:44:51.617Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:44:54.470Z","@version":"1","message":"Sep 18 06:44:53 honeypot-sgp-1 sshd[30009]: Disconnected from authenticating user root 210.183.21.48 port 6772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:45:07 honeypot-fra-1 sshd[27043]: Received disconnect from 45.61.187.160 port 37814:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:45:08.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:46:01 honeypot-fra-1 kernel: [84357969.666806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.197.34.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=50774 PROTO=TCP SPT=47894 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:46:01.648Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:47:01 honeypot-fra-1 CRON[27052]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T06:47:02.673Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:48:44 honeypot-fra-1 sshd[27078]: Disconnected from invalid user admin 107.173.156.165 port 57136 [preauth]","@timestamp":"2022-09-18T06:48:44.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:51:25.629Z","@version":"1","message":"Sep 18 06:51:24 honeypot-sgp-1 sshd[30034]: Connection closed by invalid user blank 179.60.147.69 port 12488 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:52:32 honeypot-fra-1 sshd[27085]: Invalid user blank from 179.60.147.69 port 14008","@timestamp":"2022-09-18T06:52:32.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:52:45 honeypot-ams-1 sshd[5173]: Received disconnect from 61.177.173.51 port 37342:11:  [preauth]","@timestamp":"2022-09-18T06:52:45.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:54:45 honeypot-ams-1 sshd[5177]: Connection closed by invalid user blank 179.60.147.69 port 31700 [preauth]","@timestamp":"2022-09-18T06:54:46.217Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:17 honeypot-ams-1 sshd[5183]: Invalid user user from 45.61.184.204 port 56822","@timestamp":"2022-09-18T06:56:18.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:26 honeypot-ams-1 sshd[5185]: Disconnected from invalid user user 45.61.184.204 port 40398 [preauth]","@timestamp":"2022-09-18T06:56:27.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:45 honeypot-ams-1 sshd[5191]: Invalid user user from 45.61.184.204 port 35768","@timestamp":"2022-09-18T06:56:46.278Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:57:03 honeypot-ams-1 sshd[5203]: Invalid user user from 45.61.184.204 port 59408","@timestamp":"2022-09-18T06:57:04.287Z"}
{"@timestamp":"2022-09-18T07:00:47.856Z","@version":"1","message":"Sep 18 07:00:47 honeypot-sgp-1 sshd[30136]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.200.104 port 32806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:01:05 honeypot-ams-1 sshd[5207]: Did not receive identification string from 192.241.219.209 port 32998","@timestamp":"2022-09-18T07:01:06.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:01:59 honeypot-fra-1 sshd[27092]: Invalid user mysql from 193.106.191.157 port 38824","@timestamp":"2022-09-18T07:02:00.017Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:04:08.941Z","@version":"1","message":"Sep 18 07:04:08 honeypot-sgp-1 sshd[30139]: Received disconnect from 219.249.140.30 port 60494:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:09:07.064Z","@version":"1","message":"Sep 18 07:09:06 honeypot-sgp-1 kernel: [84361049.741978] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.205.235 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45331 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:10:01 honeypot-ams-1 sshd[5219]: Connection closed by 92.255.85.70 port 58130 [preauth]","@timestamp":"2022-09-18T07:10:01.756Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:11:41 honeypot-fra-1 kernel: [84359509.463462] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.70.5.250 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=9880 DF PROTO=TCP SPT=43444 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:11:42.237Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T07:13:40.177Z","@version":"1","message":"Sep 18 07:13:39 honeypot-sgp-1 sshd[30148]: Received disconnect from 31.24.200.23 port 25500:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:07 honeypot-fra-1 sshd[27102]: Received disconnect from 45.61.187.160 port 40774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:16:07.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:24 honeypot-fra-1 sshd[27106]: Received disconnect from 45.61.187.160 port 36460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:16:24.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:40 honeypot-fra-1 sshd[27110]: Received disconnect from 45.61.187.160 port 60398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:16:41.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:17:01 honeypot-fra-1 CRON[27114]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T07:17:02.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:17:45.278Z","@version":"1","message":"Sep 18 07:17:45 honeypot-sgp-1 sshd[30155]: Connection closed by 27.124.5.116 port 57942 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:18:41 honeypot-ams-1 sshd[5233]: Received disconnect from 61.177.172.19 port 63011:11:  [preauth]","@timestamp":"2022-09-18T07:18:41.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:23:01 honeypot-fra-1 sshd[27122]: Invalid user admin from 135.129.133.147 port 38411","@timestamp":"2022-09-18T07:23:02.498Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:26:42 honeypot-ams-1 sshd[5239]: Invalid user user from 45.61.184.204 port 53178","@timestamp":"2022-09-18T07:26:43.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:26:53 honeypot-ams-1 sshd[5243]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-18T07:26:54.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:10 honeypot-ams-1 sshd[5246]: Disconnected from invalid user user 45.61.184.204 port 60554 [preauth]","@timestamp":"2022-09-18T07:27:11.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:28 honeypot-ams-1 sshd[5252]: Invalid user user from 45.61.184.204 port 56118","@timestamp":"2022-09-18T07:27:29.222Z"}
{"@timestamp":"2022-09-18T07:27:35.516Z","@version":"1","message":"Sep 18 07:27:35 honeypot-sgp-1 sshd[30162]: Invalid user centos from 179.60.147.69 port 44060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:28:42 honeypot-fra-1 sshd[27129]: Connection closed by invalid user centos 179.60.147.69 port 7726 [preauth]","@timestamp":"2022-09-18T07:28:42.631Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:29:40 honeypot-ams-1 sshd[5258]: Invalid user mysql from 193.106.191.157 port 52670","@timestamp":"2022-09-18T07:29:41.280Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:31:23 honeypot-ams-1 sshd[5265]: Did not receive identification string from 159.223.82.54 port 47318","@timestamp":"2022-09-18T07:31:24.330Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:38:10 honeypot-ams-1 sshd[5271]: Did not receive identification string from 134.122.123.117 port 53622","@timestamp":"2022-09-18T07:38:10.509Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:40:07 honeypot-ams-1 sshd[5276]: Disconnected from authenticating user root 134.122.123.117 port 55746 [preauth]","@timestamp":"2022-09-18T07:40:08.563Z"}
{"@timestamp":"2022-09-18T07:49:07.025Z","@version":"1","message":"Sep 18 07:49:06 honeypot-sgp-1 sshd[30168]: Invalid user user from 45.61.186.249 port 42908","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:27.035Z","@version":"1","message":"Sep 18 07:49:26 honeypot-sgp-1 sshd[30172]: Invalid user user from 45.61.186.249 port 38518","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:45.043Z","@version":"1","message":"Sep 18 07:49:44 honeypot-sgp-1 sshd[30176]: Invalid user user from 45.61.186.249 port 34096","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:49:56 honeypot-fra-1 sshd[27136]: Invalid user zlq from 206.189.151.245 port 52366","@timestamp":"2022-09-18T07:49:57.104Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:50:24.061Z","@version":"1","message":"Sep 18 07:50:23 honeypot-sgp-1 kernel: [84363526.566893] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=35929 PROTO=TCP SPT=39444 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:50:53 honeypot-ams-1 kernel: [84364033.364841] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.196.214 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54817 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:50:53.845Z"}
{"@timestamp":"2022-09-18T07:58:15.248Z","@version":"1","message":"Sep 18 07:58:14 honeypot-sgp-1 kernel: [84363997.507628] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=49244 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:59:56 honeypot-fra-1 kernel: [84362404.717384] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40518 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:59:57.331Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:00:23 honeypot-ams-1 kernel: [84364603.873222] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=51834 PROTO=TCP SPT=55918 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:00:24.098Z"}
{"@timestamp":"2022-09-18T08:04:23.396Z","@version":"1","message":"Sep 18 08:04:23 honeypot-sgp-1 kernel: [84364366.571919] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=120.48.83.197 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=17525 PROTO=TCP SPT=47798 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:04:48 honeypot-fra-1 sshd[27147]: Invalid user support from 179.60.147.69 port 45008","@timestamp":"2022-09-18T08:04:49.443Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:07:00 honeypot-ams-1 sshd[5299]: Connection closed by invalid user support 179.60.147.69 port 2494 [preauth]","@timestamp":"2022-09-18T08:07:01.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:11:31 honeypot-fra-1 sshd[27150]: Disconnected from invalid user linlzx 165.22.45.108 port 59898 [preauth]","@timestamp":"2022-09-18T08:11:31.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:18:17 honeypot-fra-1 kernel: [84363505.562842] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=178.220.6.199 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=9496 DF PROTO=TCP SPT=29282 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:18:17.753Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T08:19:57.768Z","@version":"1","message":"Sep 18 08:19:56 honeypot-sgp-1 kernel: [84365300.081029] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.39.208 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=49135 PROTO=TCP SPT=49175 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:21:29 honeypot-ams-1 kernel: [84365869.082010] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37558 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:21:29.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:27:56 honeypot-ams-1 sshd[5322]: Disconnected from invalid user admin 64.225.65.224 port 55150 [preauth]","@timestamp":"2022-09-18T08:27:56.859Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:28:23 honeypot-fra-1 sshd[27181]: Received disconnect from 203.95.222.26 port 47346:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:28:23.981Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:30:27.017Z","@version":"1","message":"Sep 18 08:30:26 honeypot-sgp-1 kernel: [84365929.242493] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.203.124.127 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56682 PROTO=TCP SPT=49699 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:30:42 honeypot-ams-1 sshd[5326]: Invalid user ubnt from 134.209.175.24 port 47800","@timestamp":"2022-09-18T08:30:42.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:35:05 honeypot-fra-1 kernel: [84364513.240582] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.124.127 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=62349 PROTO=TCP SPT=49699 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:35:06.134Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T08:40:09.248Z","@version":"1","message":"Sep 18 08:40:08 honeypot-sgp-1 sshd[30226]: Connection closed by invalid user blank 179.60.147.69 port 63318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:03.296Z","@version":"1","message":"Sep 18 08:42:03 honeypot-sgp-1 sshd[30231]: Received disconnect from 45.61.186.249 port 57410:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:22.305Z","@version":"1","message":"Sep 18 08:42:21 honeypot-sgp-1 sshd[30235]: Received disconnect from 45.61.186.249 port 52948:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:40.315Z","@version":"1","message":"Sep 18 08:42:39 honeypot-sgp-1 sshd[30239]: Received disconnect from 45.61.186.249 port 48484:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:42:58 honeypot-fra-1 sshd[27636]: Disconnected from invalid user admin 92.255.85.70 port 27136 [preauth]","@timestamp":"2022-09-18T08:42:58.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:43:28 honeypot-ams-1 sshd[5359]: Connection closed by invalid user blank 179.60.147.69 port 20070 [preauth]","@timestamp":"2022-09-18T08:43:29.289Z"}
{"@timestamp":"2022-09-18T08:45:21.379Z","@version":"1","message":"Sep 18 08:45:21 honeypot-sgp-1 kernel: [84366824.449306] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:46:19.403Z","@version":"1","message":"Sep 18 08:46:19 honeypot-sgp-1 sshd[30244]: Disconnected from invalid user admin 92.255.85.70 port 42356 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:52:41 honeypot-ams-1 kernel: [84367740.931780] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=39.101.142.214 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=58633 PROTO=TCP SPT=51707 DPT=80 WINDOW=63171 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:52:41.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:54:16 honeypot-ams-1 sshd[5372]: Disconnected from authenticating user root 157.230.47.60 port 34892 [preauth]","@timestamp":"2022-09-18T08:54:17.572Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:57:04 honeypot-ams-1 kernel: [84368003.908024] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.37.187.152 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=20103 PROTO=TCP SPT=16762 DPT=443 WINDOW=31045 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:57:04.647Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:04 honeypot-fra-1 sshd[27644]: Invalid user user from 45.61.186.249 port 42764","@timestamp":"2022-09-18T09:01:04.718Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:01:11.759Z","@version":"1","message":"Sep 18 09:01:11 honeypot-sgp-1 sshd[30249]: Invalid user jm from 201.186.40.35 port 34286","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:17 honeypot-fra-1 sshd[27642]: Connection closed by invalid user mysql 193.106.191.157 port 57744 [preauth]","@timestamp":"2022-09-18T09:01:17.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:33 honeypot-fra-1 sshd[27650]: Disconnected from invalid user user 45.61.186.249 port 49372 [preauth]","@timestamp":"2022-09-18T09:01:33.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:52 honeypot-fra-1 sshd[27654]: Received disconnect from 45.61.186.249 port 44364:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:01:52.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:03:01 honeypot-fra-1 kernel: [84366189.360213] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=96.126.107.79 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16808 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:03:01.799Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:09 honeypot-ams-1 sshd[5383]: Disconnected from authenticating user root 61.177.173.48 port 37611 [preauth]","@timestamp":"2022-09-18T09:03:09.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:17 honeypot-ams-1 sshd[5389]: Received disconnect from 149.74.230.97 port 52529:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:17.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:18 honeypot-ams-1 sshd[5395]: Received disconnect from 149.74.230.97 port 52591:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:18.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:19 honeypot-ams-1 sshd[5401]: Received disconnect from 149.74.230.97 port 52643:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:20.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:21 honeypot-ams-1 sshd[5407]: Received disconnect from 149.74.230.97 port 52690:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:21.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:22 honeypot-ams-1 sshd[5413]: Received disconnect from 149.74.230.97 port 52740:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:23.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:24 honeypot-ams-1 sshd[5419]: Received disconnect from 149.74.230.97 port 52790:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:24.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:25 honeypot-ams-1 sshd[5425]: Received disconnect from 149.74.230.97 port 52843:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:25.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:26 honeypot-ams-1 sshd[5431]: Received disconnect from 149.74.230.97 port 52895:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:27.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:28 honeypot-ams-1 sshd[5437]: Received disconnect from 149.74.230.97 port 52945:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:28.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:30 honeypot-ams-1 sshd[5443]: Received disconnect from 149.74.230.97 port 52999:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:30.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:31 honeypot-ams-1 sshd[5449]: Received disconnect from 149.74.230.97 port 53053:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:31.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:32 honeypot-ams-1 sshd[5455]: Received disconnect from 149.74.230.97 port 53102:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:32.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:33 honeypot-ams-1 sshd[5459]: Received disconnect from 149.74.230.97 port 53129:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:33.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:34 honeypot-ams-1 sshd[5464]: Received disconnect from 149.74.230.97 port 53167:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:34.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:35 honeypot-ams-1 sshd[5468]: Received disconnect from 149.74.230.97 port 53199:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:35.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:36 honeypot-ams-1 sshd[5472]: Received disconnect from 149.74.230.97 port 53225:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:36.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:37 honeypot-ams-1 sshd[5476]: Received disconnect from 149.74.230.97 port 53254:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:37.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:38 honeypot-ams-1 sshd[5480]: Disconnected from authenticating user root 149.74.230.97 port 53293 [preauth]","@timestamp":"2022-09-18T09:03:38.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:39 honeypot-ams-1 sshd[5486]: Invalid user pi from 149.74.230.97 port 53338","@timestamp":"2022-09-18T09:03:39.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:40 honeypot-ams-1 sshd[5490]: Invalid user ethos from 149.74.230.97 port 53387","@timestamp":"2022-09-18T09:03:41.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:42 honeypot-ams-1 sshd[5494]: Invalid user miner from 149.74.230.97 port 53431","@timestamp":"2022-09-18T09:03:42.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:43 honeypot-ams-1 sshd[5498]: Invalid user volumio from 149.74.230.97 port 53460","@timestamp":"2022-09-18T09:03:43.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:43 honeypot-ams-1 sshd[5502]: Invalid user nagios from 149.74.230.97 port 53497","@timestamp":"2022-09-18T09:03:44.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5506]: Invalid user vagrant from 149.74.230.97 port 53531","@timestamp":"2022-09-18T09:03:45.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5510]: Invalid user debian from 149.74.230.97 port 53574","@timestamp":"2022-09-18T09:03:46.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:46 honeypot-ams-1 sshd[5514]: Invalid user debian from 149.74.230.97 port 53593","@timestamp":"2022-09-18T09:03:46.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:47 honeypot-ams-1 sshd[5518]: Invalid user alarm from 149.74.230.97 port 53635","@timestamp":"2022-09-18T09:03:47.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:48 honeypot-ams-1 sshd[5522]: Invalid user test from 149.74.230.97 port 53657","@timestamp":"2022-09-18T09:03:48.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:49 honeypot-ams-1 sshd[5526]: Invalid user cirros from 149.74.230.97 port 53704","@timestamp":"2022-09-18T09:03:49.846Z"}
{"@timestamp":"2022-09-18T09:05:09.855Z","@version":"1","message":"Sep 18 09:05:09 honeypot-sgp-1 kernel: [84368012.634723] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=188.247.102.94 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=57068 DF PROTO=TCP SPT=25229 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:05:31 honeypot-fra-1 sshd[27662]: Disconnected from authenticating user root 161.35.177.39 port 42568 [preauth]","@timestamp":"2022-09-18T09:05:32.858Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:08:11.942Z","@version":"1","message":"Sep 18 09:08:11 honeypot-sgp-1 sshd[30258]: Received disconnect from 167.172.79.233 port 56594:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:49 honeypot-fra-1 sshd[27672]: Invalid user user from 45.61.187.160 port 45758","@timestamp":"2022-09-18T09:11:50.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:05 honeypot-fra-1 sshd[27676]: Invalid user user from 45.61.187.160 port 40484","@timestamp":"2022-09-18T09:12:06.011Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:20 honeypot-fra-1 sshd[27680]: Invalid user user from 45.61.187.160 port 35216","@timestamp":"2022-09-18T09:12:21.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:13:18.068Z","@version":"1","message":"Sep 18 09:13:17 honeypot-sgp-1 kernel: [84368501.036198] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.68.252.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=52982 PROTO=TCP SPT=52396 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:14:21 honeypot-ams-1 kernel: [84369041.024910] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39830 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:14:22.126Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:15:04 honeypot-fra-1 kernel: [84366911.874607] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.201.220.176 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=60966 PROTO=TCP SPT=49460 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:15:05.080Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:15:59 honeypot-fra-1 sshd[27688]: Received disconnect from 45.61.184.204 port 58902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:16:00.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:19 honeypot-fra-1 sshd[27700]: Invalid user user from 45.61.184.204 port 54348","@timestamp":"2022-09-18T09:16:20.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:39 honeypot-fra-1 sshd[27704]: Invalid user user from 45.61.184.204 port 49798","@timestamp":"2022-09-18T09:16:40.136Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:17:01 honeypot-fra-1 CRON[27709]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T09:17:02.146Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:17:02.159Z","@version":"1","message":"Sep 18 09:17:01 honeypot-sgp-1 CRON[30264]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:19:22 honeypot-ams-1 kernel: [84369342.860121] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.59.85.184 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=11706 DF PROTO=TCP SPT=63219 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:19:23.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:21:11 honeypot-ams-1 sshd[5546]: Invalid user apache from 223.255.187.154 port 47197","@timestamp":"2022-09-18T09:21:12.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:23:24 honeypot-ams-1 sshd[5552]: Disconnected from authenticating user root 61.177.173.36 port 28566 [preauth]","@timestamp":"2022-09-18T09:23:24.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:24:26 honeypot-fra-1 sshd[27717]: Invalid user admin from 92.255.85.69 port 19244","@timestamp":"2022-09-18T09:24:26.314Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:13 honeypot-ams-1 sshd[5559]: Did not receive identification string from 45.61.187.160 port 48392","@timestamp":"2022-09-18T09:25:14.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:36 honeypot-ams-1 sshd[5562]: Disconnected from invalid user user 45.61.187.160 port 43798 [preauth]","@timestamp":"2022-09-18T09:25:37.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:37 honeypot-fra-1 sshd[27722]: Invalid user user from 45.61.187.160 port 54378","@timestamp":"2022-09-18T09:25:38.347Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:53 honeypot-ams-1 sshd[5566]: Disconnected from invalid user user 45.61.187.160 port 38476 [preauth]","@timestamp":"2022-09-18T09:25:54.452Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:54 honeypot-fra-1 sshd[27727]: Invalid user user from 45.61.187.160 port 49048","@timestamp":"2022-09-18T09:25:55.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:10 honeypot-ams-1 sshd[5570]: Disconnected from invalid user user 45.61.187.160 port 33132 [preauth]","@timestamp":"2022-09-18T09:26:10.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:11 honeypot-fra-1 sshd[27731]: Invalid user user from 45.61.187.160 port 43746","@timestamp":"2022-09-18T09:26:12.365Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:26 honeypot-ams-1 sshd[5574]: Disconnected from invalid user user 45.61.187.160 port 56040 [preauth]","@timestamp":"2022-09-18T09:26:26.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:27 honeypot-fra-1 sshd[27735]: Invalid user user from 45.61.187.160 port 38406","@timestamp":"2022-09-18T09:26:27.373Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:28:16.426Z","@version":"1","message":"Sep 18 09:28:15 honeypot-sgp-1 kernel: [84369399.140212] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51525 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:28:24 honeypot-ams-1 sshd[5578]: Disconnected from invalid user mattl 206.217.131.233 port 42204 [preauth]","@timestamp":"2022-09-18T09:28:25.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:29:31 honeypot-ams-1 sshd[5584]: Invalid user r from 103.253.175.10 port 42506","@timestamp":"2022-09-18T09:29:32.558Z"}
{"@timestamp":"2022-09-18T09:31:45.512Z","@version":"1","message":"Sep 18 09:31:45 honeypot-sgp-1 sshd[30706]: Received disconnect from 182.59.139.27 port 36748:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:32:32 honeypot-fra-1 sshd[27738]: Received disconnect from 89.218.80.61 port 57946:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:32:32.508Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:33:35 honeypot-ams-1 sshd[5589]: Disconnected from authenticating user root 61.177.173.39 port 17869 [preauth]","@timestamp":"2022-09-18T09:33:35.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:38 honeypot-fra-1 sshd[27743]: Invalid user user from 45.61.186.249 port 41374","@timestamp":"2022-09-18T09:33:38.536Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:33:47.562Z","@version":"1","message":"Sep 18 09:33:47 honeypot-sgp-1 sshd[30711]: Disconnected from authenticating user root 172.105.37.138 port 36648 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:49 honeypot-fra-1 sshd[27746]: Received disconnect from 34.81.150.245 port 40954:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:33:50.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:08 honeypot-fra-1 sshd[27752]: Received disconnect from 45.61.186.249 port 48268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:34:08.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:16 honeypot-fra-1 sshd[27756]: Received disconnect from 45.61.186.249 port 59948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:34:17.556Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:24 honeypot-fra-1 sshd[27758]: Disconnected from authenticating user root 45.228.19.1 port 46022 [preauth]","@timestamp":"2022-09-18T09:34:25.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:41:51 honeypot-ams-1 sshd[5599]: Disconnected from authenticating user root 194.152.206.17 port 43216 [preauth]","@timestamp":"2022-09-18T09:41:51.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:42:11 honeypot-fra-1 sshd[27767]: Invalid user at4400 from 143.244.189.18 port 37126","@timestamp":"2022-09-18T09:42:12.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:44:57 honeypot-fra-1 sshd[27773]: Invalid user gpadmin from 202.29.13.51 port 51730","@timestamp":"2022-09-18T09:44:57.800Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:46:49 honeypot-ams-1 sshd[5606]: Disconnected from authenticating user root 61.177.173.53 port 48904 [preauth]","@timestamp":"2022-09-18T09:46:50.035Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:48:18 honeypot-fra-1 sshd[27778]: Disconnected from authenticating user root 92.205.19.152 port 47470 [preauth]","@timestamp":"2022-09-18T09:48:18.875Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:49:47.941Z","@version":"1","message":"Sep 18 09:49:47 honeypot-sgp-1 sshd[30720]: Disconnected from invalid user ubnt 189.213.210.132 port 36309 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:28 honeypot-fra-1 sshd[27783]: Invalid user user from 45.61.184.204 port 48204","@timestamp":"2022-09-18T09:50:28.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:49 honeypot-fra-1 sshd[27787]: Invalid user user from 45.61.184.204 port 43538","@timestamp":"2022-09-18T09:50:49.937Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:51:07 honeypot-fra-1 sshd[27791]: Invalid user user from 45.61.184.204 port 38876","@timestamp":"2022-09-18T09:51:07.945Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:52:15.002Z","@version":"1","message":"Sep 18 09:52:14 honeypot-sgp-1 sshd[30727]: Invalid user admin from 179.60.147.69 port 53208","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:53:23 honeypot-fra-1 sshd[27796]: Invalid user admin from 179.60.147.69 port 63508","@timestamp":"2022-09-18T09:53:23.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:54:23 honeypot-ams-1 kernel: [84371443.373368] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=211.44.108.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=34510 PROTO=TCP SPT=36872 DPT=80 WINDOW=59248 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:54:24.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27803]: Invalid user devops from 140.246.118.203 port 41918","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27803]: Connection closed by invalid user devops 140.246.118.203 port 41918 [preauth]","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:58 honeypot-fra-1 sshd[27811]: Connection closed by invalid user oracle 140.246.118.203 port 41932 [preauth]","@timestamp":"2022-09-18T09:55:59.058Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:56:59 honeypot-ams-1 sshd[5617]: Received disconnect from 61.177.173.46 port 28042:11:  [preauth]","@timestamp":"2022-09-18T09:57:00.308Z"}
{"@timestamp":"2022-09-18T10:01:28.223Z","@version":"1","message":"Sep 18 10:01:27 honeypot-sgp-1 sshd[30730]: Invalid user  from 64.62.197.212 port 52528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:03:38 honeypot-fra-1 kernel: [84369825.653078] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40338 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:03:38.234Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:13:15 honeypot-fra-1 sshd[27825]: Invalid user lichengzhang from 51.250.65.57 port 40634","@timestamp":"2022-09-18T10:13:15.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:15:00 honeypot-ams-1 kernel: [84372680.449959] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.34.248.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=33866 PROTO=TCP SPT=50042 DPT=443 WINDOW=15037 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:15:00.774Z"}
{"@timestamp":"2022-09-18T10:17:01.592Z","@version":"1","message":"Sep 18 10:17:01 honeypot-sgp-1 CRON[30737]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:17:01 honeypot-fra-1 CRON[27830]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T10:17:02.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:21:34.700Z","@version":"1","message":"Sep 18 10:21:34 honeypot-sgp-1 sshd[30742]: Received disconnect from 92.255.85.69 port 36530:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:22:46.732Z","@version":"1","message":"Sep 18 10:22:46 honeypot-sgp-1 sshd[30747]: Invalid user huanglu from 111.22.49.59 port 60036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:24:05 honeypot-ams-1 sshd[5634]: Received disconnect from 92.255.85.70 port 36382:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:24:06.013Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:24:27 honeypot-fra-1 kernel: [84371075.116018] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.97.234.8 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=22221 DF PROTO=TCP SPT=57266 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T10:24:27.705Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:39 honeypot-fra-1 sshd[27839]: Received disconnect from 179.86.94.249 port 5852:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:39.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:44 honeypot-fra-1 sshd[27845]: Received disconnect from 179.86.94.249 port 5855:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:44.736Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:25:49.811Z","@version":"1","message":"Sep 18 10:25:49 honeypot-sgp-1 sshd[30751]: Disconnected from authenticating user root 128.199.103.239 port 54500 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:50 honeypot-fra-1 sshd[27851]: Received disconnect from 179.86.94.249 port 5858:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:50.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:56 honeypot-fra-1 sshd[27857]: Received disconnect from 179.86.94.249 port 5861:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:56.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:01 honeypot-fra-1 sshd[27863]: Received disconnect from 179.86.94.249 port 5864:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:01.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:07 honeypot-fra-1 sshd[27869]: Received disconnect from 179.86.94.249 port 5867:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:07.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:12 honeypot-fra-1 sshd[27875]: Received disconnect from 179.86.94.249 port 5870:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:13.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:16 honeypot-fra-1 sshd[27879]: Disconnected from authenticating user root 179.86.94.249 port 5872 [preauth]","@timestamp":"2022-09-18T10:26:16.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:22 honeypot-fra-1 sshd[27885]: Disconnected from authenticating user root 179.86.94.249 port 5875 [preauth]","@timestamp":"2022-09-18T10:26:22.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:27 honeypot-fra-1 sshd[27891]: Disconnected from authenticating user root 179.86.94.249 port 5878 [preauth]","@timestamp":"2022-09-18T10:26:28.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:33 honeypot-fra-1 sshd[27897]: Disconnected from authenticating user root 179.86.94.249 port 5881 [preauth]","@timestamp":"2022-09-18T10:26:33.763Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:39 honeypot-fra-1 sshd[27903]: Disconnected from authenticating user root 179.86.94.249 port 5884 [preauth]","@timestamp":"2022-09-18T10:26:39.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:44 honeypot-fra-1 sshd[27909]: Invalid user admin from 179.86.94.249 port 5887","@timestamp":"2022-09-18T10:26:44.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:48 honeypot-fra-1 sshd[27913]: Invalid user admin from 179.86.94.249 port 5889","@timestamp":"2022-09-18T10:26:48.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:52 honeypot-fra-1 sshd[27917]: Invalid user admin from 179.86.94.249 port 5891","@timestamp":"2022-09-18T10:26:52.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:55 honeypot-fra-1 sshd[27921]: Invalid user admin from 179.86.94.249 port 5893","@timestamp":"2022-09-18T10:26:56.776Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:59 honeypot-fra-1 sshd[27925]: Invalid user admin from 179.86.94.249 port 5895","@timestamp":"2022-09-18T10:26:59.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:03 honeypot-fra-1 sshd[27929]: Received disconnect from 179.86.94.249 port 5897:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:03.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:07 honeypot-fra-1 sshd[27933]: Disconnected from invalid user pi 179.86.94.249 port 5899 [preauth]","@timestamp":"2022-09-18T10:27:07.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:11 honeypot-fra-1 sshd[27937]: Received disconnect from 179.86.94.249 port 5901:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:11.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:14 honeypot-fra-1 sshd[27941]: Received disconnect from 179.86.94.249 port 5903:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:15.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:18 honeypot-fra-1 sshd[27945]: Received disconnect from 179.86.94.249 port 5905:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:18.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:22 honeypot-fra-1 sshd[27949]: Received disconnect from 179.86.94.249 port 5907:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:22.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:26 honeypot-fra-1 sshd[27953]: Received disconnect from 179.86.94.249 port 5909:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:26.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:29 honeypot-fra-1 sshd[27957]: Received disconnect from 179.86.94.249 port 5911:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:30.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:33 honeypot-fra-1 sshd[27961]: Received disconnect from 179.86.94.249 port 5913:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:33.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:37 honeypot-fra-1 sshd[27965]: Received disconnect from 179.86.94.249 port 5915:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:37.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:40 honeypot-fra-1 sshd[27969]: Received disconnect from 179.86.94.249 port 5851:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:41.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:44 honeypot-fra-1 sshd[27973]: Received disconnect from 179.86.94.249 port 5853:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:44.808Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:29:45.909Z","@version":"1","message":"Sep 18 10:29:45 honeypot-sgp-1 kernel: [84373088.476030] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.175 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=38256 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:29:53 honeypot-fra-1 sshd[27977]: Connection closed by invalid user centos 179.60.147.69 port 8724 [preauth]","@timestamp":"2022-09-18T10:29:53.858Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:32:26 honeypot-ams-1 kernel: [84373726.829672] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56801 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:32:27.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:34:29 honeypot-ams-1 sshd[5639]: Disconnected from invalid user sftp 115.178.76.24 port 34984 [preauth]","@timestamp":"2022-09-18T10:34:30.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:39:32 honeypot-fra-1 kernel: [84371979.649201] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.161.27.47 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36488 PROTO=TCP SPT=59654 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:39:33.097Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:42:39.222Z","@version":"1","message":"Sep 18 10:42:38 honeypot-sgp-1 sshd[30761]: Invalid user admin from 178.128.125.205 port 51590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:06 honeypot-ams-1 sshd[5646]: Invalid user ubuntu from 110.235.243.121 port 41568","@timestamp":"2022-09-18T10:43:07.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:08 honeypot-ams-1 sshd[5648]: Disconnected from invalid user monitor 179.218.198.83 port 43191 [preauth]","@timestamp":"2022-09-18T10:43:09.553Z"}
{"@timestamp":"2022-09-18T10:45:15.285Z","@version":"1","message":"Sep 18 10:45:14 honeypot-sgp-1 kernel: [84374017.394812] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.2.240.220 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=43514 DF PROTO=TCP SPT=53159 DPT=80 WINDOW=62720 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:49:59 honeypot-ams-1 sshd[5655]: Received disconnect from 161.35.113.79 port 48814:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:49:59.729Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:56:56 honeypot-fra-1 sshd[27984]: Received disconnect from 92.255.85.70 port 63554:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:56:56.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:59:53 honeypot-fra-1 sshd[27987]: Received disconnect from 45.61.184.204 port 42858:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T10:59:54.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:13 honeypot-fra-1 sshd[27994]: Invalid user user from 45.61.184.204 port 37880","@timestamp":"2022-09-18T11:00:13.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:22 honeypot-fra-1 sshd[27996]: Disconnected from invalid user user 45.61.184.204 port 49510 [preauth]","@timestamp":"2022-09-18T11:00:22.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:39 honeypot-fra-1 sshd[28000]: Disconnected from invalid user user 45.61.184.204 port 44532 [preauth]","@timestamp":"2022-09-18T11:00:39.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:05:55 honeypot-fra-1 sshd[28005]: Invalid user user from 179.60.147.69 port 3012","@timestamp":"2022-09-18T11:05:55.697Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:05:56 honeypot-ams-1 kernel: [84375736.350119] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.244.213.30 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=16656 PROTO=TCP SPT=56052 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:05:57.148Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:09:42 honeypot-ams-1 kernel: [84375962.333978] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.233 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=25595 PROTO=TCP SPT=59346 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:09:43.254Z"}
{"@timestamp":"2022-09-18T11:09:47.874Z","@version":"1","message":"Sep 18 11:09:47 honeypot-sgp-1 kernel: [84375490.814463] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.16 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56035 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:16:31 honeypot-ams-1 kernel: [84376371.772532] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.43.118.243 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=23530 PROTO=TCP SPT=41894 DPT=80 WINDOW=35723 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:16:32.800Z"}
{"@timestamp":"2022-09-18T11:17:02.067Z","@version":"1","message":"Sep 18 11:17:01 honeypot-sgp-1 CRON[30775]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:18:30 honeypot-fra-1 kernel: [84374317.659011] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=122.116.99.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=53021 PROTO=TCP SPT=19927 DPT=80 WINDOW=8631 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:18:30.982Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:21:06 honeypot-ams-1 sshd[5675]: Invalid user teste from 92.255.85.70 port 18394","@timestamp":"2022-09-18T11:21:06.924Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:23:27 honeypot-ams-1 sshd[5678]: Disconnected from invalid user ftpuser 189.7.129.60 port 33318 [preauth]","@timestamp":"2022-09-18T11:23:27.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:28:39 honeypot-fra-1 kernel: [84374927.050005] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=28588 DF PROTO=TCP SPT=55283 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:28:40.212Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:30:50 honeypot-ams-1 kernel: [84377230.562246] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.41.64.206 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=49644 PROTO=TCP SPT=35560 DPT=443 WINDOW=31238 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:30:51.187Z"}
{"@timestamp":"2022-09-18T11:30:54.420Z","@version":"1","message":"Sep 18 11:30:53 honeypot-sgp-1 kernel: [84376756.650964] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=52958 PROTO=TCP SPT=40607 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:36:28 honeypot-fra-1 kernel: [84375395.908735] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.178.37.233 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15332 PROTO=TCP SPT=58829 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:36:29.388Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:37:37 honeypot-ams-1 sshd[5686]: Received disconnect from 159.203.102.122 port 58604:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:37:38.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:41:54 honeypot-ams-1 sshd[5689]: Disconnected from invalid user user 45.61.186.249 port 52672 [preauth]","@timestamp":"2022-09-18T11:41:55.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:14 honeypot-ams-1 sshd[5693]: Received disconnect from 45.61.186.249 port 47770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:42:15.493Z"}
{"@timestamp":"2022-09-18T11:42:18.697Z","@version":"1","message":"Sep 18 11:42:17 honeypot-sgp-1 sshd[30789]: Invalid user osmc from 202.163.109.35 port 35376","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:24 honeypot-ams-1 sshd[5698]: Received disconnect from 45.61.186.249 port 59474:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:42:24.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:33 honeypot-ams-1 sshd[5702]: Received disconnect from 45.61.186.249 port 42860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:42:33.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:51 honeypot-ams-1 sshd[5706]: Received disconnect from 45.61.186.249 port 37950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:42:52.513Z"}
{"@timestamp":"2022-09-18T11:44:05.743Z","@version":"1","message":"Sep 18 11:44:04 honeypot-sgp-1 sshd[30793]: Received disconnect from 152.32.236.12 port 57042:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:45:03 honeypot-fra-1 sshd[28030]: Received disconnect from 92.255.85.69 port 57864:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:45:03.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:45:19 honeypot-ams-1 sshd[5710]: Disconnected from authenticating user root 24.188.213.50 port 37670 [preauth]","@timestamp":"2022-09-18T11:45:19.582Z"}
{"@timestamp":"2022-09-18T11:48:38.857Z","@version":"1","message":"Sep 18 11:48:38 honeypot-sgp-1 sshd[30796]: Invalid user prueba from 92.255.85.70 port 57840","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:48:38 honeypot-ams-1 sshd[5715]: Connection closed by invalid user user1 103.188.176.251 port 41468 [preauth]","@timestamp":"2022-09-18T11:48:39.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:50:04 honeypot-fra-1 sshd[28037]: Received disconnect from 137.184.113.110 port 33662:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:50:04.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:35 honeypot-fra-1 sshd[28045]: Invalid user user from 45.61.186.169 port 49246","@timestamp":"2022-09-18T11:53:35.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:52 honeypot-fra-1 sshd[28049]: Invalid user user from 45.61.186.169 port 43896","@timestamp":"2022-09-18T11:53:52.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:09 honeypot-fra-1 sshd[28053]: Invalid user user from 45.61.186.169 port 38544","@timestamp":"2022-09-18T11:54:09.796Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:25 honeypot-fra-1 sshd[28057]: Invalid user user from 45.61.186.169 port 33192","@timestamp":"2022-09-18T11:54:25.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:00:02 honeypot-ams-1 kernel: [84378981.940914] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=53006 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:00:02.981Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:05:54 honeypot-ams-1 sshd[5725]: Invalid user user from 45.61.187.160 port 42484","@timestamp":"2022-09-18T12:05:55.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:12 honeypot-ams-1 sshd[5729]: Invalid user user from 45.61.187.160 port 37204","@timestamp":"2022-09-18T12:06:13.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:29 honeypot-ams-1 sshd[5733]: Invalid user user from 45.61.187.160 port 60122","@timestamp":"2022-09-18T12:06:30.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:45 honeypot-ams-1 sshd[5737]: Invalid user user from 45.61.187.160 port 54826","@timestamp":"2022-09-18T12:06:46.167Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:07:43 honeypot-fra-1 sshd[28061]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 39061","@timestamp":"2022-09-18T12:07:44.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:07:46 honeypot-ams-1 sshd[5741]: Received disconnect from 181.46.124.28 port 59372:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:07:47.190Z"}
{"@timestamp":"2022-09-18T12:08:20.331Z","@version":"1","message":"Sep 18 12:08:19 honeypot-sgp-1 kernel: [84379002.930250] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.92 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=61135 PROTO=TCP SPT=58914 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:10:33 honeypot-ams-1 sshd[5744]: Disconnected from invalid user jkg 59.98.83.57 port 58586 [preauth]","@timestamp":"2022-09-18T12:10:33.266Z"}
{"@timestamp":"2022-09-18T12:15:09.504Z","@version":"1","message":"Sep 18 12:15:08 honeypot-sgp-1 sshd[30803]: Connection closed by authenticating user root 103.188.176.251 port 35090 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:15:18 honeypot-fra-1 kernel: [84377725.821957] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=39101 PROTO=TCP SPT=43083 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:15:19.281Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:15:39 honeypot-ams-1 sshd[5749]: Received disconnect from 195.29.51.133 port 35705:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:15:40.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:02 honeypot-ams-1 sshd[5755]: Received disconnect from 45.61.186.249 port 51960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:18:03.468Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:21 honeypot-ams-1 sshd[5759]: Received disconnect from 45.61.186.249 port 47048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:18:22.479Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:40 honeypot-ams-1 sshd[5763]: Received disconnect from 45.61.186.249 port 42136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:18:40.488Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:56 honeypot-ams-1 sshd[5767]: Received disconnect from 45.61.186.249 port 37258:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:18:57.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:05 honeypot-ams-1 sshd[5792]: Invalid user git from 130.193.40.11 port 52664","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5792]: Connection closed by invalid user git 130.193.40.11 port 52664 [preauth]","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5771]: Connection closed by invalid user pi 130.193.40.11 port 52654 [preauth]","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5790]: Connection closed by invalid user postgres 130.193.40.11 port 52656 [preauth]","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5775]: Connection closed by invalid user ftp 130.193.40.11 port 52674 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5794]: Invalid user mysql from 130.193.40.11 port 52684","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5785]: Connection closed by invalid user rustserver 130.193.40.11 port 52602 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5782]: Connection closed by invalid user test 130.193.40.11 port 52678 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:08 honeypot-ams-1 sshd[5825]: Invalid user oracle from 130.193.40.11 port 52694","@timestamp":"2022-09-18T12:20:08.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:11 honeypot-ams-1 sshd[5829]: Connection closed by authenticating user root 130.193.40.11 port 52698 [preauth]","@timestamp":"2022-09-18T12:20:11.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:20:58 honeypot-fra-1 kernel: [84378065.818277] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.146.74 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=64170 PROTO=TCP SPT=28406 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:20:59.409Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:21:38 honeypot-ams-1 sshd[5842]: Disconnected from invalid user marvel 213.27.189.252 port 53302 [preauth]","@timestamp":"2022-09-18T12:21:39.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:26:32 honeypot-fra-1 sshd[28072]: Disconnected from authenticating user root 143.244.158.100 port 36974 [preauth]","@timestamp":"2022-09-18T12:26:32.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:28:35 honeypot-fra-1 sshd[28078]: Disconnected from authenticating user root 178.128.88.244 port 59750 [preauth]","@timestamp":"2022-09-18T12:28:35.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:30:51 honeypot-fra-1 sshd[28084]: Disconnected from authenticating user root 143.244.158.100 port 60382 [preauth]","@timestamp":"2022-09-18T12:30:51.643Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:32:00 honeypot-ams-1 kernel: [84380900.759254] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=48194 PROTO=TCP SPT=44240 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:32:01.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:33:18 honeypot-fra-1 kernel: [84378806.078521] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.48 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=35232 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:33:19.703Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:35:01 honeypot-fra-1 sshd[28095]: Disconnected from authenticating user root 143.244.158.100 port 52836 [preauth]","@timestamp":"2022-09-18T12:35:01.744Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:37:22.043Z","@version":"1","message":"Sep 18 12:37:21 honeypot-sgp-1 sshd[30812]: Invalid user rodica from 51.255.204.101 port 41314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:37:33 honeypot-fra-1 sshd[28102]: Disconnected from authenticating user root 143.244.158.100 port 52760 [preauth]","@timestamp":"2022-09-18T12:37:34.805Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:38:11 honeypot-ams-1 sshd[5852]: Invalid user 12345 from 92.255.85.69 port 44224","@timestamp":"2022-09-18T12:38:12.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:29 honeypot-fra-1 sshd[28110]: Invalid user admin from 137.184.48.78 port 60456","@timestamp":"2022-09-18T12:39:29.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:31 honeypot-fra-1 sshd[28116]: Invalid user admin from 137.184.48.78 port 34040","@timestamp":"2022-09-18T12:39:31.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:41:00 honeypot-fra-1 sshd[28120]: Disconnected from authenticating user root 143.244.158.100 port 48488 [preauth]","@timestamp":"2022-09-18T12:41:00.889Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:42:37.172Z","@version":"1","message":"Sep 18 12:42:36 honeypot-sgp-1 sshd[30817]: Received disconnect from 20.212.109.250 port 54862:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:42:42 honeypot-fra-1 sshd[28127]: Received disconnect from 143.244.158.100 port 50384:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:42:42.931Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:44:05.210Z","@version":"1","message":"Sep 18 12:44:04 honeypot-sgp-1 sshd[30822]: Invalid user xnm from 59.103.236.85 port 9024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:45:16 honeypot-fra-1 sshd[28134]: Received disconnect from 143.244.158.100 port 53164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:45:17.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:47:46 honeypot-fra-1 sshd[28141]: Received disconnect from 143.244.158.100 port 41596:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:47:47.062Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:48:38.323Z","@version":"1","message":"Sep 18 12:48:37 honeypot-sgp-1 sshd[30827]: Invalid user mc2 from 165.22.111.185 port 44060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:49:44 honeypot-fra-1 kernel: [84379792.244431] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.151.215 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=44421 DF PROTO=TCP SPT=42882 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:49:45.108Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:51:48 honeypot-ams-1 kernel: [84382088.128065] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=65033 PROTO=TCP SPT=47153 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:51:49.375Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:52:17 honeypot-fra-1 sshd[28152]: Received disconnect from 143.244.158.100 port 36792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:52:17.174Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:53:31.444Z","@version":"1","message":"Sep 18 12:53:30 honeypot-sgp-1 sshd[30832]: Disconnected from authenticating user root 89.208.104.47 port 52596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:54:47 honeypot-fra-1 sshd[28158]: Received disconnect from 143.244.158.100 port 43812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:54:48.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:56:30 honeypot-fra-1 sshd[28163]: Disconnected from authenticating user root 143.244.158.100 port 50024 [preauth]","@timestamp":"2022-09-18T12:56:31.278Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:58:41.573Z","@version":"1","message":"Sep 18 12:58:41 honeypot-sgp-1 sshd[30837]: Invalid user ftpuser from 77.82.90.234 port 43886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:41 honeypot-fra-1 sshd[28170]: Did not receive identification string from 45.61.184.204 port 50382","@timestamp":"2022-09-18T12:58:42.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:56 honeypot-fra-1 sshd[28173]: Disconnected from invalid user user 45.61.184.204 port 44754 [preauth]","@timestamp":"2022-09-18T12:58:57.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:15 honeypot-fra-1 sshd[28179]: Invalid user user from 45.61.184.204 port 39666","@timestamp":"2022-09-18T12:59:16.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:30 honeypot-fra-1 sshd[28183]: Invalid user mysql from 193.106.191.157 port 39194","@timestamp":"2022-09-18T12:59:30.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:42 honeypot-fra-1 sshd[28187]: Disconnected from invalid user user 45.61.184.204 port 46144 [preauth]","@timestamp":"2022-09-18T12:59:43.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:54 honeypot-fra-1 sshd[28191]: Received disconnect from 143.244.158.100 port 55614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:59:55.367Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:01:37 honeypot-fra-1 sshd[28197]: Received disconnect from 143.244.158.100 port 55748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:01:37.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:02:45 honeypot-fra-1 sshd[28202]: Connection closed by invalid user ubuntu 141.98.10.158 port 57090 [preauth]","@timestamp":"2022-09-18T13:02:46.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:05:07 honeypot-fra-1 sshd[28208]: Received disconnect from 143.244.158.100 port 45966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:05:07.529Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:05:58 honeypot-fra-1 sshd[28212]: Received disconnect from 143.244.158.100 port 49356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:05:58.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:07:50 honeypot-fra-1 sshd[28220]: Received disconnect from 189.7.129.60 port 52423:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:07:50.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:09:25 honeypot-fra-1 sshd[28226]: Received disconnect from 143.244.158.100 port 43066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:09:25.637Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T13:09:35.857Z","@version":"1","message":"Sep 18 13:09:34 honeypot-sgp-1 kernel: [84382677.831488] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=97.107.131.125 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54776 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:11:08 honeypot-fra-1 sshd[28232]: Received disconnect from 143.244.158.100 port 38874:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:11:08.680Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:12:02 honeypot-ams-1 sshd[5866]: Invalid user mysql from 193.106.191.157 port 48770","@timestamp":"2022-09-18T13:12:02.915Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:14:01 honeypot-fra-1 sshd[28237]: Received disconnect from 68.183.212.10 port 38790:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:14:01.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:17:01 honeypot-fra-1 CRON[28243]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T13:17:01.840Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:21:40 honeypot-ams-1 sshd[5872]: Received disconnect from 103.105.130.83 port 37368:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:21:41.173Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:26:14 honeypot-fra-1 kernel: [84381981.823764] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=18501 PROTO=TCP SPT=47153 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:26:15.053Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T13:28:08.299Z","@version":"1","message":"Sep 18 13:28:08 honeypot-sgp-1 sshd[30846]: Disconnected from invalid user guest 92.255.85.70 port 16756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:29:58.346Z","@version":"1","message":"Sep 18 13:29:58 honeypot-sgp-1 sshd[30852]: Received disconnect from 109.234.36.47 port 56538:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:35:01 honeypot-ams-1 sshd[5881]: Received disconnect from 134.17.16.72 port 19089:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:35:02.526Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:35:57 honeypot-ams-1 sshd[5886]: Received disconnect from 42.117.5.13 port 51150:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:35:58.553Z"}
{"@timestamp":"2022-09-18T13:38:19.551Z","@version":"1","message":"Sep 18 13:38:19 honeypot-sgp-1 sshd[30855]: Received disconnect from 190.138.132.235 port 38510:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:41:42 honeypot-fra-1 sshd[28253]: Disconnected from invalid user lirm 165.22.45.108 port 53712 [preauth]","@timestamp":"2022-09-18T13:41:43.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:48:05 honeypot-ams-1 sshd[5892]: Received disconnect from 146.185.137.240 port 43328:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:48:05.878Z"}
{"@timestamp":"2022-09-18T13:48:12.790Z","@version":"1","message":"Sep 18 13:48:12 honeypot-sgp-1 sshd[30864]: Invalid user  from 43.153.10.221 port 32696","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:31.799Z","@version":"1","message":"Sep 18 13:48:31 honeypot-sgp-1 sshd[30868]: Received disconnect from 45.61.186.249 port 48952:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:52.809Z","@version":"1","message":"Sep 18 13:48:52 honeypot-sgp-1 sshd[30872]: Received disconnect from 45.61.186.249 port 44110:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:11.819Z","@version":"1","message":"Sep 18 13:49:10 honeypot-sgp-1 sshd[30876]: Received disconnect from 45.61.186.249 port 39272:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:28.827Z","@version":"1","message":"Sep 18 13:49:28 honeypot-sgp-1 sshd[30880]: Received disconnect from 45.61.186.249 port 34430:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:15.877Z","@version":"1","message":"Sep 18 13:51:15 honeypot-sgp-1 sshd[30883]: Received disconnect from 45.61.186.249 port 46722:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:33.886Z","@version":"1","message":"Sep 18 13:51:33 honeypot-sgp-1 sshd[30887]: Received disconnect from 45.61.186.249 port 41368:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:51:38 honeypot-ams-1 kernel: [84385678.047902] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.99.137.144 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=23936 DF PROTO=TCP SPT=2140 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:51:38.974Z"}
{"@timestamp":"2022-09-18T13:51:51.895Z","@version":"1","message":"Sep 18 13:51:51 honeypot-sgp-1 sshd[30892]: Received disconnect from 45.61.186.249 port 36018:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:52:08.904Z","@version":"1","message":"Sep 18 13:52:07 honeypot-sgp-1 sshd[30896]: Invalid user user from 45.61.186.249 port 58886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:53:32 honeypot-ams-1 kernel: [84385792.484488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52241 PROTO=TCP SPT=48719 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:53:33.029Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:57:10 honeypot-ams-1 sshd[5904]: Received disconnect from 217.178.32.251 port 48272:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:57:11.130Z"}
{"@timestamp":"2022-09-18T13:59:38.084Z","@version":"1","message":"Sep 18 13:59:37 honeypot-sgp-1 kernel: [84385680.425219] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=40121 PROTO=TCP SPT=58380 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:03:49 honeypot-ams-1 kernel: [84386408.867146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57972 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:03:49.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:04:13 honeypot-fra-1 sshd[28257]: Disconnecting invalid user admin 220.111.163.229 port 51805: Too many authentication failures [preauth]","@timestamp":"2022-09-18T14:04:13.908Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:04:38.208Z","@version":"1","message":"Sep 18 14:04:37 honeypot-sgp-1 sshd[30905]: Disconnecting invalid user admin 31.184.198.71 port 53720: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:11.226Z","@version":"1","message":"Sep 18 14:05:10 honeypot-sgp-1 sshd[30911]: Disconnecting invalid user admin 31.184.198.71 port 27001: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:38.240Z","@version":"1","message":"Sep 18 14:05:37 honeypot-sgp-1 sshd[30917]: Disconnecting invalid user aerohive 31.184.198.71 port 55427: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:14.258Z","@version":"1","message":"Sep 18 14:06:13 honeypot-sgp-1 sshd[30924]: Invalid user private from 31.184.198.71 port 10277","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:38.271Z","@version":"1","message":"Sep 18 14:06:37 honeypot-sgp-1 sshd[30930]: Disconnecting invalid user Admin 31.184.198.71 port 47897: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:04.286Z","@version":"1","message":"Sep 18 14:07:03 honeypot-sgp-1 sshd[30936]: Disconnecting invalid user user 31.184.198.71 port 6191: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:38.303Z","@version":"1","message":"Sep 18 14:07:37 honeypot-sgp-1 sshd[30944]: Invalid user admin from 31.184.198.71 port 59013","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:07.318Z","@version":"1","message":"Sep 18 14:08:06 honeypot-sgp-1 kernel: [84386189.741898] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=40185 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:34.333Z","@version":"1","message":"Sep 18 14:08:33 honeypot-sgp-1 sshd[30956]: Invalid user cisco from 31.184.198.71 port 47831","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:09.350Z","@version":"1","message":"Sep 18 14:09:08 honeypot-sgp-1 sshd[30962]: Disconnecting authenticating user root 31.184.198.71 port 41007: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:37.365Z","@version":"1","message":"Sep 18 14:09:36 honeypot-sgp-1 sshd[30969]: Disconnecting invalid user adslroot 31.184.198.71 port 56473: Change of username or service not allowed: (adslroot,ssh-connection) -> (sti.admin5,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:56.375Z","@version":"1","message":"Sep 18 14:09:56 honeypot-sgp-1 sshd[30975]: Disconnecting invalid user blank 31.184.198.71 port 6559: Change of username or service not allowed: (blank,ssh-connection) -> (zhone,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:24.390Z","@version":"1","message":"Sep 18 14:10:24 honeypot-sgp-1 sshd[30981]: Received disconnect from 92.255.85.69 port 53470:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:43.400Z","@version":"1","message":"Sep 18 14:10:43 honeypot-sgp-1 sshd[30987]: Disconnecting invalid user admin 31.184.198.71 port 44236: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:07.414Z","@version":"1","message":"Sep 18 14:11:07 honeypot-sgp-1 sshd[30993]: Disconnecting invalid user cusadmin 31.184.198.71 port 41032: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:36.429Z","@version":"1","message":"Sep 18 14:11:35 honeypot-sgp-1 sshd[30999]: Disconnecting invalid user lgnortel 31.184.198.71 port 27073: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:15.448Z","@version":"1","message":"Sep 18 14:12:14 honeypot-sgp-1 sshd[31005]: Disconnecting invalid user admin 31.184.198.71 port 20022: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:42.462Z","@version":"1","message":"Sep 18 14:12:41 honeypot-sgp-1 sshd[31011]: Disconnecting invalid user matrix 31.184.198.71 port 8753: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:12.477Z","@version":"1","message":"Sep 18 14:13:12 honeypot-sgp-1 sshd[31017]: Disconnecting invalid user motorola 31.184.198.71 port 41995: Change of username or service not allowed: (motorola,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:43.495Z","@version":"1","message":"Sep 18 14:13:42 honeypot-sgp-1 sshd[31025]: Invalid user admin from 31.184.198.71 port 14712","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:09.508Z","@version":"1","message":"Sep 18 14:14:09 honeypot-sgp-1 sshd[31031]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 7143","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:38.523Z","@version":"1","message":"Sep 18 14:14:38 honeypot-sgp-1 sshd[31038]: Invalid user admin from 31.184.198.71 port 61545","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:09.539Z","@version":"1","message":"Sep 18 14:15:08 honeypot-sgp-1 sshd[31044]: Invalid user Broadcom from 31.184.198.71 port 24498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:37.553Z","@version":"1","message":"Sep 18 14:15:36 honeypot-sgp-1 sshd[31050]: Invalid user cusadmin from 31.184.198.71 port 19837","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:55.563Z","@version":"1","message":"Sep 18 14:15:54 honeypot-sgp-1 sshd[31055]: Disconnecting invalid user smcadmin 31.184.198.71 port 30021: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:13.573Z","@version":"1","message":"Sep 18 14:16:13 honeypot-sgp-1 sshd[31061]: Disconnecting invalid user admin 31.184.198.71 port 1816: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:40.611Z","@version":"1","message":"Sep 18 14:16:39 honeypot-sgp-1 sshd[31067]: Disconnecting invalid user user 31.184.198.71 port 56895: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:17:01 honeypot-fra-1 CRON[28266]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T14:17:02.196Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:17:01 honeypot-ams-1 CRON[5915]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T14:17:02.664Z"}
{"@timestamp":"2022-09-18T14:17:09.626Z","@version":"1","message":"Sep 18 14:17:09 honeypot-sgp-1 sshd[31076]: Invalid user 123456 from 31.184.198.71 port 49883","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:40.642Z","@version":"1","message":"Sep 18 14:17:40 honeypot-sgp-1 sshd[31082]: Invalid user readwrite from 31.184.198.71 port 30153","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:17:53 honeypot-fra-1 kernel: [84385080.771440] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=5873 PROTO=TCP SPT=21345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:17:54.219Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:18:07.657Z","@version":"1","message":"Sep 18 14:18:06 honeypot-sgp-1 sshd[31089]: Invalid user DZY-W2914NSV2 from 31.184.198.71 port 43174","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:37.672Z","@version":"1","message":"Sep 18 14:18:36 honeypot-sgp-1 sshd[31095]: Invalid user zoomadsl from 31.184.198.71 port 38260","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:19:14.689Z","@version":"1","message":"Sep 18 14:19:14 honeypot-sgp-1 sshd[31101]: Invalid user ltecl4r0 from 31.184.198.71 port 19277","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:20:46.729Z","@version":"1","message":"Sep 18 14:20:45 honeypot-sgp-1 sshd[31106]: Disconnected from authenticating user root 2.139.220.58 port 46014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:22:16 honeypot-fra-1 sshd[28277]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:22:17.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:23:54 honeypot-fra-1 kernel: [84385441.411522] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:23:55.362Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:26:27 honeypot-ams-1 kernel: [84387767.504950] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=37982 PROTO=TCP SPT=42301 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:26:27.915Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:26:44 honeypot-fra-1 kernel: [84385611.918997] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=5873 PROTO=TCP SPT=21345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:26:45.431Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:31:33 honeypot-fra-1 sshd[28285]: Disconnected from invalid user ovo 103.141.149.29 port 37286 [preauth]","@timestamp":"2022-09-18T14:31:33.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:33:11 honeypot-fra-1 kernel: [84385998.676406] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:12.584Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:36:00 honeypot-fra-1 kernel: [84386167.073571] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:36:00.649Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:39:49 honeypot-fra-1 sshd[28291]: Disconnected from 204.48.30.72 port 41992 [preauth]","@timestamp":"2022-09-18T14:39:49.740Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:39:50 honeypot-ams-1 kernel: [84388569.969434] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.218.159.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=891 PROTO=TCP SPT=1660 DPT=443 WINDOW=15939 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:39:51.267Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:41:21 honeypot-fra-1 sshd[28299]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:41:21.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:42:12 honeypot-fra-1 sshd[28303]: Disconnected from authenticating user root 107.173.146.242 port 50656 [preauth]","@timestamp":"2022-09-18T14:42:13.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:43:40 honeypot-fra-1 sshd[28305]: Received disconnect from 18.216.21.202 port 63413:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:43:40.839Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:45:02 honeypot-ams-1 sshd[5929]: Invalid user admin from 54.65.189.147 port 57886","@timestamp":"2022-09-18T14:45:03.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:45:30 honeypot-fra-1 kernel: [84386737.701871] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:45:30.882Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:45:46 honeypot-ams-1 sshd[5933]: Did not receive identification string from 202.143.111.26 port 65421","@timestamp":"2022-09-18T14:45:46.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:46:49 honeypot-ams-1 sshd[5936]: Disconnected from authenticating user root 157.230.250.192 port 38804 [preauth]","@timestamp":"2022-09-18T14:46:49.460Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:47:54 honeypot-fra-1 sshd[28310]: Did not receive identification string from 45.61.187.160 port 34628","@timestamp":"2022-09-18T14:47:54.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:10 honeypot-fra-1 sshd[28313]: Disconnected from invalid user user 45.61.187.160 port 37896 [preauth]","@timestamp":"2022-09-18T14:48:10.947Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:30 honeypot-fra-1 sshd[28317]: Received disconnect from 45.61.187.160 port 60784:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T14:48:30.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:49 honeypot-fra-1 sshd[28321]: Received disconnect from 45.61.187.160 port 55472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T14:48:49.966Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:48:57.416Z","@version":"1","message":"Sep 18 14:48:56 honeypot-sgp-1 kernel: [84388639.617425] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1150 PROTO=TCP SPT=52381 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:49:07 honeypot-fra-1 sshd[28325]: Received disconnect from 45.61.187.160 port 50162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T14:49:07.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:49:13 honeypot-ams-1 sshd[5940]: Disconnected from invalid user www 161.35.127.34 port 51208 [preauth]","@timestamp":"2022-09-18T14:49:13.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:50:46 honeypot-fra-1 sshd[28330]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:50:47.034Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:51:28 honeypot-ams-1 sshd[5945]: Disconnected from invalid user anushach 177.12.2.53 port 33572 [preauth]","@timestamp":"2022-09-18T14:51:29.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:52:29 honeypot-fra-1 kernel: [84387156.693891] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:52:30.077Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:55:16 honeypot-fra-1 kernel: [84387323.731510] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:55:17.144Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:56:25 honeypot-ams-1 kernel: [84389565.375126] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=52861 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:56:25.720Z"}
{"@timestamp":"2022-09-18T14:56:44.608Z","@version":"1","message":"Sep 18 14:56:44 honeypot-sgp-1 sshd[31120]: Received disconnect from 114.204.218.154 port 42442:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:59:12.668Z","@version":"1","message":"Sep 18 14:59:12 honeypot-sgp-1 sshd[31124]: Received disconnect from 180.130.116.155 port 34492:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:00:13 honeypot-fra-1 sshd[28338]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T15:00:13.279Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:00:29 honeypot-fra-1 sshd[28343]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T15:00:29.288Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:02:04 honeypot-fra-1 kernel: [84387731.778065] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:02:05.328Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T15:03:33.774Z","@version":"1","message":"Sep 18 15:03:33 honeypot-sgp-1 sshd[31129]: Received disconnect from 92.255.85.69 port 58192:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:04:35 honeypot-fra-1 kernel: [84387881.994576] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:04:35.389Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:07:04 honeypot-ams-1 kernel: [84390203.872055] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=27328 PROTO=TCP SPT=43318 DPT=80 WINDOW=29174 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:07:05.009Z"}
{"@timestamp":"2022-09-18T15:08:32.895Z","@version":"1","message":"Sep 18 15:08:32 honeypot-sgp-1 kernel: [84389815.157906] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=228 ID=56463 PROTO=TCP SPT=53203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:38 honeypot-fra-1 sshd[28350]: Invalid user user from 45.61.186.169 port 51334","@timestamp":"2022-09-18T15:09:39.508Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:09:39 honeypot-ams-1 sshd[5958]: Disconnected from invalid user ubnt 92.255.85.70 port 37076 [preauth]","@timestamp":"2022-09-18T15:09:40.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:57 honeypot-fra-1 sshd[28355]: Invalid user user from 45.61.186.169 port 46188","@timestamp":"2022-09-18T15:09:58.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:15 honeypot-fra-1 sshd[28359]: Invalid user user from 45.61.186.169 port 41040","@timestamp":"2022-09-18T15:10:15.526Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:31 honeypot-fra-1 sshd[28363]: Invalid user user from 45.61.186.169 port 35882","@timestamp":"2022-09-18T15:10:32.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:11:42 honeypot-ams-1 kernel: [84390482.468651] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=46.62.170.169 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=2410 DF PROTO=TCP SPT=2921 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:11:43.141Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28371]: Invalid user admin from 103.90.177.102 port 40978","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28381]: Invalid user www from 103.90.177.102 port 40974","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28373]: Connection closed by invalid user es 103.90.177.102 port 40964 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28382]: Connection closed by invalid user user 103.90.177.102 port 40982 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:20:15 honeypot-ams-1 kernel: [84390995.451464] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.71 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23739 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:20:16.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:21:16 honeypot-ams-1 sshd[5976]: Received disconnect from 100.1.167.124 port 33004:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:21:16.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:09 honeypot-ams-1 sshd[5980]: Did not receive identification string from 45.61.186.49 port 44158","@timestamp":"2022-09-18T15:24:10.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:32 honeypot-ams-1 sshd[5983]: Disconnected from invalid user user 45.61.186.49 port 53262 [preauth]","@timestamp":"2022-09-18T15:24:32.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:45 honeypot-ams-1 sshd[5987]: Disconnected from invalid user user 45.61.186.49 port 37226 [preauth]","@timestamp":"2022-09-18T15:24:45.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:24:52 honeypot-fra-1 sshd[28396]: Disconnected from invalid user admin 185.149.120.23 port 33640 [preauth]","@timestamp":"2022-09-18T15:24:52.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:26:59 honeypot-ams-1 sshd[5994]: Invalid user teamspeak2 from 213.215.140.6 port 60506","@timestamp":"2022-09-18T15:26:59.550Z"}
{"@timestamp":"2022-09-18T15:27:01.340Z","@version":"1","message":"Sep 18 15:27:01 honeypot-sgp-1 sshd[31137]: Invalid user toto from 110.141.212.12 port 46928","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:27:46.361Z","@version":"1","message":"Sep 18 15:27:46 honeypot-sgp-1 sshd[31143]: Disconnected from authenticating user root 159.223.76.57 port 56914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:27:54 honeypot-fra-1 sshd[28403]: Invalid user dayday from 51.142.141.199 port 55554","@timestamp":"2022-09-18T15:27:54.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:29:32.407Z","@version":"1","message":"Sep 18 15:29:32 honeypot-sgp-1 sshd[31147]: Invalid user lin from 104.248.153.95 port 52754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:31:17 honeypot-fra-1 sshd[28407]: Received disconnect from 92.255.85.70 port 63368:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:31:18.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:34:27 honeypot-fra-1 sshd[28412]: Connection closed by invalid user mysql 193.106.191.157 port 53592 [preauth]","@timestamp":"2022-09-18T15:34:27.076Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:38:39 honeypot-fra-1 sshd[28416]: Invalid user sham from 187.190.40.6 port 53829","@timestamp":"2022-09-18T15:38:40.187Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:39:21 honeypot-ams-1 sshd[5998]: Did not receive identification string from 45.61.187.160 port 46702","@timestamp":"2022-09-18T15:39:21.876Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:39:31 honeypot-fra-1 sshd[28420]: Disconnected from invalid user admin 167.172.58.10 port 44752 [preauth]","@timestamp":"2022-09-18T15:39:32.208Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:39:50 honeypot-ams-1 sshd[6001]: Disconnected from invalid user user 45.61.187.160 port 51172 [preauth]","@timestamp":"2022-09-18T15:39:50.891Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:09 honeypot-ams-1 sshd[6005]: Received disconnect from 45.61.187.160 port 46310:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:40:09.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:26 honeypot-ams-1 sshd[6009]: Received disconnect from 45.61.187.160 port 41448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:40:27.910Z"}
{"@timestamp":"2022-09-18T15:45:16.780Z","@version":"1","message":"Sep 18 15:45:15 honeypot-sgp-1 sshd[31151]: Received disconnect from 92.255.85.70 port 48204:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:45:51.796Z","@version":"1","message":"Sep 18 15:45:51 honeypot-sgp-1 sshd[31156]: Invalid user user from 45.61.186.169 port 57960","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:46:08 honeypot-ams-1 sshd[6014]: Invalid user admin from 92.255.85.69 port 17320","@timestamp":"2022-09-18T15:46:09.057Z"}
{"@timestamp":"2022-09-18T15:46:09.805Z","@version":"1","message":"Sep 18 15:46:08 honeypot-sgp-1 sshd[31160]: Invalid user user from 45.61.186.169 port 52966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:25.813Z","@version":"1","message":"Sep 18 15:46:25 honeypot-sgp-1 sshd[31164]: Invalid user user from 45.61.186.169 port 47966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:50:29.911Z","@version":"1","message":"Sep 18 15:50:29 honeypot-sgp-1 sshd[31169]: Invalid user casaaroma from 212.29.234.241 port 37514","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:51:43 honeypot-fra-1 kernel: [84390710.756479] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.142.125.130 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=48082 PROTO=TCP SPT=48547 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:51:44.480Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:55:26 honeypot-ams-1 sshd[6017]: Received disconnect from 197.155.234.157 port 47954:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:55:26.302Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28435]: Invalid user testuser from 45.127.108.132 port 23766","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28443]: Invalid user vnc from 45.127.108.132 port 49110","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28442]: Invalid user testuser from 45.127.108.132 port 45499","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28437]: Connection closed by authenticating user root 45.127.108.132 port 55553 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28430]: Connection closed by authenticating user root 45.127.108.132 port 52646 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28444]: Connection closed by authenticating user root 45.127.108.132 port 4541 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28446]: Connection closed by invalid user ubuntu 45.127.108.132 port 40002 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28447]: Connection closed by invalid user dev 45.127.108.132 port 56181 [preauth]","@timestamp":"2022-09-18T15:56:15.581Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:01:08 honeypot-ams-1 sshd[6022]: Disconnected from authenticating user root 20.228.201.118 port 56802 [preauth]","@timestamp":"2022-09-18T16:01:09.454Z"}
{"@timestamp":"2022-09-18T16:02:09.183Z","@version":"1","message":"Sep 18 16:02:08 honeypot-sgp-1 kernel: [84393031.508223] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.94.146.75 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=35 ID=55131 PROTO=TCP SPT=61199 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:02:46 honeypot-ams-1 sshd[6026]: Disconnected from authenticating user root 143.110.253.215 port 53454 [preauth]","@timestamp":"2022-09-18T16:02:47.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:04:46 honeypot-fra-1 kernel: [84391493.509227] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=1772 PROTO=TCP SPT=58364 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:04:46.785Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T16:09:15.355Z","@version":"1","message":"Sep 18 16:09:14 honeypot-sgp-1 sshd[31180]: Received disconnect from 45.61.187.160 port 33126:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:35.366Z","@version":"1","message":"Sep 18 16:09:35 honeypot-sgp-1 sshd[31185]: Received disconnect from 45.61.187.160 port 56812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:55.375Z","@version":"1","message":"Sep 18 16:09:54 honeypot-sgp-1 sshd[31189]: Received disconnect from 45.61.187.160 port 52272:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:10:14.384Z","@version":"1","message":"Sep 18 16:10:14 honeypot-sgp-1 sshd[31193]: Received disconnect from 45.61.187.160 port 47724:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:15 honeypot-ams-1 sshd[6034]: Received disconnect from 182.117.131.146 port 33688:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:15.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:21 honeypot-ams-1 sshd[6040]: Invalid user divya from 104.248.155.136 port 52332","@timestamp":"2022-09-18T16:10:22.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:26 honeypot-ams-1 sshd[6044]: Disconnected from authenticating user root 182.117.131.146 port 34308 [preauth]","@timestamp":"2022-09-18T16:10:26.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:35 honeypot-ams-1 sshd[6050]: Disconnected from authenticating user root 182.117.131.146 port 34794 [preauth]","@timestamp":"2022-09-18T16:10:35.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:43 honeypot-ams-1 sshd[6056]: Disconnected from authenticating user root 182.117.131.146 port 35186 [preauth]","@timestamp":"2022-09-18T16:10:44.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:51 honeypot-ams-1 sshd[6062]: Disconnected from authenticating user root 182.117.131.146 port 35748 [preauth]","@timestamp":"2022-09-18T16:10:51.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:59 honeypot-ams-1 sshd[6068]: Disconnected from authenticating user root 182.117.131.146 port 36236 [preauth]","@timestamp":"2022-09-18T16:10:59.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:08 honeypot-ams-1 sshd[6074]: Disconnected from authenticating user root 182.117.131.146 port 36760 [preauth]","@timestamp":"2022-09-18T16:11:08.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:17 honeypot-ams-1 sshd[6080]: Disconnected from authenticating user root 182.117.131.146 port 37298 [preauth]","@timestamp":"2022-09-18T16:11:17.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:26 honeypot-ams-1 sshd[6086]: Disconnected from authenticating user root 182.117.131.146 port 37848 [preauth]","@timestamp":"2022-09-18T16:11:26.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:34 honeypot-ams-1 sshd[6092]: Disconnected from authenticating user root 182.117.131.146 port 38270 [preauth]","@timestamp":"2022-09-18T16:11:34.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:43 honeypot-ams-1 sshd[6098]: Disconnected from authenticating user root 182.117.131.146 port 38762 [preauth]","@timestamp":"2022-09-18T16:11:43.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:51 honeypot-ams-1 sshd[6104]: Received disconnect from 182.117.131.146 port 39328:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:52.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:57 honeypot-ams-1 sshd[6108]: Received disconnect from 182.117.131.146 port 39696:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:57.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:03 honeypot-ams-1 sshd[6112]: Received disconnect from 182.117.131.146 port 39982:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:03.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:10 honeypot-ams-1 sshd[6116]: Received disconnect from 182.117.131.146 port 40476:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:10.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:17 honeypot-ams-1 sshd[6120]: Received disconnect from 182.117.131.146 port 40830:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:17.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:22 honeypot-ams-1 sshd[6124]: Received disconnect from 182.117.131.146 port 41184:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:22.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:34 honeypot-ams-1 sshd[6130]: Invalid user pi from 182.117.131.146 port 41928","@timestamp":"2022-09-18T16:12:34.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:39 honeypot-ams-1 sshd[6134]: Invalid user user from 182.117.131.146 port 42274","@timestamp":"2022-09-18T16:12:40.778Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:46 honeypot-ams-1 sshd[6138]: Invalid user mine from 182.117.131.146 port 42628","@timestamp":"2022-09-18T16:12:46.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:51 honeypot-ams-1 sshd[6142]: Invalid user xbmc from 182.117.131.146 port 42992","@timestamp":"2022-09-18T16:12:51.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:59 honeypot-ams-1 sshd[6146]: Invalid user oracle from 182.117.131.146 port 43446","@timestamp":"2022-09-18T16:12:59.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:05 honeypot-ams-1 sshd[6150]: Invalid user postgres from 182.117.131.146 port 43774","@timestamp":"2022-09-18T16:13:05.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:10 honeypot-ams-1 sshd[6154]: Invalid user support from 182.117.131.146 port 44088","@timestamp":"2022-09-18T16:13:10.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:16 honeypot-ams-1 sshd[6158]: Invalid user ubuntu from 182.117.131.146 port 44404","@timestamp":"2022-09-18T16:13:16.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:22 honeypot-ams-1 sshd[6162]: Invalid user ubuntu from 182.117.131.146 port 44754","@timestamp":"2022-09-18T16:13:22.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:29 honeypot-ams-1 sshd[6166]: Invalid user guest from 182.117.131.146 port 45190","@timestamp":"2022-09-18T16:13:29.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:35 honeypot-ams-1 sshd[6170]: Invalid user cirros from 182.117.131.146 port 45504","@timestamp":"2022-09-18T16:13:35.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:14:41 honeypot-ams-1 sshd[6174]: Invalid user pi from 76.28.20.79 port 50134","@timestamp":"2022-09-18T16:14:41.843Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:14:41 honeypot-fra-1 kernel: [84392088.657862] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43359 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:14:42.025Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:15:29 honeypot-ams-1 kernel: [84394309.332474] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.248.207.141 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=254 ID=54321 PROTO=TCP SPT=36577 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:15:29.866Z"}
{"@timestamp":"2022-09-18T16:17:47.569Z","@version":"1","message":"Sep 18 16:17:47 honeypot-sgp-1 kernel: [84393970.067659] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.16 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=46946 PROTO=TCP SPT=54696 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:20:10 honeypot-ams-1 sshd[6184]: Disconnected from authenticating user root 61.80.179.118 port 43189 [preauth]","@timestamp":"2022-09-18T16:20:11.006Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:24:44 honeypot-fra-1 sshd[28507]: Disconnected from authenticating user root 61.177.173.39 port 54584 [preauth]","@timestamp":"2022-09-18T16:24:44.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:25:07 honeypot-fra-1 sshd[28513]: Disconnecting invalid user admin 58.182.93.100 port 35593: Too many authentication failures [preauth]","@timestamp":"2022-09-18T16:25:08.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:27:50 honeypot-fra-1 sshd[28523]: Invalid user litecoin from 165.22.45.108 port 36506","@timestamp":"2022-09-18T16:27:51.320Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T16:28:10.821Z","@version":"1","message":"Sep 18 16:28:10 honeypot-sgp-1 kernel: [84394592.833639] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=53075 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:28:57 honeypot-ams-1 sshd[6192]: Received disconnect from 143.244.158.100 port 49850:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:28:58.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:30:44 honeypot-ams-1 sshd[6196]: Disconnected from authenticating user root 143.244.158.100 port 45924 [preauth]","@timestamp":"2022-09-18T16:30:44.286Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:31:52 honeypot-fra-1 sshd[28526]: Disconnected from authenticating user root 61.177.172.104 port 12675 [preauth]","@timestamp":"2022-09-18T16:31:53.412Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:33:20 honeypot-ams-1 sshd[6203]: Disconnected from authenticating user root 143.244.158.100 port 60792 [preauth]","@timestamp":"2022-09-18T16:33:21.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:35:54 honeypot-ams-1 sshd[6211]: Received disconnect from 143.244.158.100 port 40164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:35:54.423Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:37:46 honeypot-ams-1 kernel: [84395645.806787] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=26040 PROTO=TCP SPT=58744 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:37:46.473Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:39:34 honeypot-fra-1 kernel: [84393580.778668] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.28.101 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=63537 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:39:34.586Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:40:09 honeypot-ams-1 sshd[6222]: Disconnected from authenticating user root 143.244.158.100 port 34064 [preauth]","@timestamp":"2022-09-18T16:40:10.534Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:41:03 honeypot-ams-1 sshd[6228]: Received disconnect from 143.244.158.100 port 50716:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:41:03.560Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:41:39 honeypot-fra-1 sshd[28536]: Connection closed by invalid user admin 121.154.38.73 port 42305 [preauth]","@timestamp":"2022-09-18T16:41:40.637Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T16:42:34.167Z","@version":"1","message":"Sep 18 16:42:34 honeypot-sgp-1 sshd[31217]: Received disconnect from 61.177.173.36 port 62786:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:42:35 honeypot-ams-1 sshd[6232]: Disconnected from 159.223.164.107 port 39054 [preauth]","@timestamp":"2022-09-18T16:42:35.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:44:30 honeypot-ams-1 sshd[6239]: Disconnected from authenticating user root 143.244.158.100 port 37554 [preauth]","@timestamp":"2022-09-18T16:44:31.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:29 honeypot-ams-1 sshd[6246]: Invalid user user from 45.61.184.204 port 55760","@timestamp":"2022-09-18T16:46:29.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:48 honeypot-ams-1 sshd[6250]: Invalid user user from 45.61.184.204 port 51018","@timestamp":"2022-09-18T16:46:49.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:07 honeypot-ams-1 sshd[6254]: Invalid user user from 45.61.184.204 port 46156","@timestamp":"2022-09-18T16:47:07.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:24 honeypot-ams-1 sshd[6258]: Invalid user user from 45.61.184.204 port 41370","@timestamp":"2022-09-18T16:47:24.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:48:17 honeypot-ams-1 sshd[6262]: Disconnected from authenticating user root 143.244.158.100 port 36582 [preauth]","@timestamp":"2022-09-18T16:48:17.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28555]: Invalid user www from 139.59.152.202 port 44006","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28561]: Invalid user testuser from 139.59.152.202 port 44022","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28550]: Invalid user user from 139.59.152.202 port 43998","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28567]: Connection closed by authenticating user root 139.59.152.202 port 44054 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28560]: Connection closed by invalid user web 139.59.152.202 port 44018 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28547]: Connection closed by invalid user admin 139.59.152.202 port 43988 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28562]: Connection closed by invalid user admin 139.59.152.202 port 44024 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:50:57 honeypot-ams-1 sshd[6269]: Disconnected from authenticating user root 143.244.158.100 port 52882 [preauth]","@timestamp":"2022-09-18T16:50:57.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:52 honeypot-ams-1 sshd[6274]: Disconnected from authenticating user root 143.244.158.100 port 38262 [preauth]","@timestamp":"2022-09-18T16:51:52.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:08 honeypot-ams-1 sshd[6278]: Disconnected from invalid user user 45.61.186.249 port 38274 [preauth]","@timestamp":"2022-09-18T16:52:08.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:26 honeypot-ams-1 sshd[6282]: Disconnected from invalid user user 45.61.186.249 port 33482 [preauth]","@timestamp":"2022-09-18T16:52:26.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:43 honeypot-ams-1 sshd[6286]: Disconnected from invalid user user 45.61.186.249 port 56912 [preauth]","@timestamp":"2022-09-18T16:52:43.880Z"}
{"@timestamp":"2022-09-18T16:53:02.421Z","@version":"1","message":"Sep 18 16:53:02 honeypot-sgp-1 sshd[31227]: Connection closed by invalid user admin 119.201.180.229 port 39028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:54:34 honeypot-ams-1 sshd[6293]: Disconnected from authenticating user root 143.244.158.100 port 44380 [preauth]","@timestamp":"2022-09-18T16:54:34.932Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:56:29 honeypot-ams-1 sshd[6299]: Received disconnect from 143.244.158.100 port 33068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:56:29.985Z"}
{"@timestamp":"2022-09-18T16:56:54.516Z","@version":"1","message":"Sep 18 16:56:53 honeypot-sgp-1 sshd[31236]: Invalid user d6nw5v1x2pc7st9m from 91.240.118.222 port 32317","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:58:24 honeypot-fra-1 sshd[28598]: Invalid user postgres from 193.106.191.157 port 48784","@timestamp":"2022-09-18T16:58:25.031Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:58:25 honeypot-ams-1 sshd[6303]: Disconnected from authenticating user root 143.244.158.100 port 51052 [preauth]","@timestamp":"2022-09-18T16:58:26.039Z"}
{"@timestamp":"2022-09-18T17:00:21.602Z","@version":"1","message":"Sep 18 17:00:20 honeypot-sgp-1 kernel: [84396523.323659] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2861 PROTO=TCP SPT=57265 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:01:09 honeypot-ams-1 sshd[6310]: Disconnected from authenticating user root 143.244.158.100 port 46538 [preauth]","@timestamp":"2022-09-18T17:01:10.115Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:03:52 honeypot-ams-1 sshd[6316]: Received disconnect from 143.244.158.100 port 47742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:03:53.192Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:04:12 honeypot-fra-1 sshd[28603]: Invalid user kt from 164.90.203.79 port 55456","@timestamp":"2022-09-18T17:04:13.163Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:05:42.731Z","@version":"1","message":"Sep 18 17:05:42 honeypot-sgp-1 sshd[31248]: Invalid user user1!2@3#4$ from 62.204.41.222 port 8951","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:06:41 honeypot-ams-1 sshd[6323]: Received disconnect from 143.244.158.100 port 49688:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:06:42.271Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:06:54 honeypot-fra-1 sshd[28609]: Received disconnect from 143.198.39.132 port 51252:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:06:55.225Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:08:03 honeypot-fra-1 sshd[28614]: Disconnected from invalid user kx 45.183.192.14 port 54074 [preauth]","@timestamp":"2022-09-18T17:08:04.253Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:09:01.811Z","@version":"1","message":"Sep 18 17:09:01 honeypot-sgp-1 CRON[31253]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:09:01 honeypot-ams-1 CRON[6329]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T17:09:02.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:11:03 honeypot-ams-1 sshd[6337]: Received disconnect from 143.244.158.100 port 56776:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:11:04.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:11:55 honeypot-ams-1 sshd[6343]: Received disconnect from 143.244.158.100 port 36508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:11:56.419Z"}
{"@timestamp":"2022-09-18T17:13:19.915Z","@version":"1","message":"Sep 18 17:13:19 honeypot-sgp-1 sshd[31259]: Did not receive identification string from 159.223.82.54 port 35138","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:14:32 honeypot-ams-1 sshd[6349]: Received disconnect from 143.244.158.100 port 58146:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:14:33.492Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:12 honeypot-fra-1 sshd[28626]: Did not receive identification string from 24.213.148.68 port 36820","@timestamp":"2022-09-18T17:16:13.437Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28646]: Invalid user oracle from 24.213.148.68 port 38034","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28631]: Invalid user postgres from 24.213.148.68 port 37996","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28640]: Invalid user deploy from 24.213.148.68 port 37998","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28630]: Invalid user admin from 24.213.148.68 port 37966","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28632]: Connection closed by invalid user ansible 24.213.148.68 port 37980 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28647]: Connection closed by invalid user chia 24.213.148.68 port 38002 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28627]: Connection closed by invalid user testuser 24.213.148.68 port 37970 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28635]: Connection closed by invalid user chia 24.213.148.68 port 37992 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28657]: Invalid user es from 24.213.148.68 port 38004","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:17:01 honeypot-fra-1 CRON[28689]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T17:17:02.460Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:17:59.029Z","@version":"1","message":"Sep 18 17:17:58 honeypot-sgp-1 sshd[31265]: Received disconnect from 61.177.172.124 port 53203:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:18:05 honeypot-fra-1 sshd[28695]: Disconnected from authenticating user root 61.177.172.124 port 56278 [preauth]","@timestamp":"2022-09-18T17:18:06.485Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:18:18 honeypot-ams-1 sshd[6357]: Invalid user haldaemon from 61.2.243.254 port 45912","@timestamp":"2022-09-18T17:18:18.589Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:20:33 honeypot-ams-1 sshd[6360]: Disconnected from invalid user admin 23.225.191.123 port 51538 [preauth]","@timestamp":"2022-09-18T17:20:33.648Z"}
{"@timestamp":"2022-09-18T17:27:18.252Z","@version":"1","message":"Sep 18 17:27:17 honeypot-sgp-1 sshd[31272]: Connection closed by 118.70.81.109 port 5777 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:27:47 honeypot-fra-1 sshd[28703]: Connection reset by 61.177.173.39 port 23895 [preauth]","@timestamp":"2022-09-18T17:27:47.704Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:30:44 honeypot-ams-1 kernel: [84398823.858015] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=18139 PROTO=TCP SPT=42206 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:30:44.916Z"}
{"@timestamp":"2022-09-18T17:32:13.374Z","@version":"1","message":"Sep 18 17:32:13 honeypot-sgp-1 sshd[31279]: Received disconnect from 61.177.173.52 port 28865:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:38:51 honeypot-fra-1 kernel: [84397138.570540] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=32038 PROTO=TCP SPT=42072 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:38:52.952Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T17:45:09.711Z","@version":"1","message":"Sep 18 17:45:09 honeypot-sgp-1 kernel: [84399212.147080] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.104.20.135 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=48340 DF PROTO=TCP SPT=58668 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:48:57.799Z","@version":"1","message":"Sep 18 17:48:57 honeypot-sgp-1 sshd[31290]: Connection closed by invalid user admin 179.43.145.98 port 54558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:51:56 honeypot-fra-1 sshd[28722]: Received disconnect from 61.177.172.98 port 51073:11:  [preauth]","@timestamp":"2022-09-18T17:51:57.241Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:53:04 honeypot-ams-1 kernel: [84400163.879793] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.199.101.90 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48733 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:53:04.489Z"}
{"@timestamp":"2022-09-18T17:53:24.908Z","@version":"1","message":"Sep 18 17:53:24 honeypot-sgp-1 kernel: [84399707.172735] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51850 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:03:10.141Z","@version":"1","message":"Sep 18 18:03:10 honeypot-sgp-1 sshd[31304]: Disconnected from authenticating user root 61.177.173.51 port 64303 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:03:59 honeypot-ams-1 kernel: [84400818.770852] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57685 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:03:59.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:10:04 honeypot-fra-1 sshd[28734]: Received disconnect from 92.255.85.69 port 46070:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:10:04.666Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:10:04 honeypot-ams-1 sshd[6376]: Invalid user admin from 209.97.146.150 port 36376","@timestamp":"2022-09-18T18:10:04.937Z"}
{"@timestamp":"2022-09-18T18:13:25.392Z","@version":"1","message":"Sep 18 18:13:24 honeypot-sgp-1 sshd[31312]: Disconnected from authenticating user root 61.177.173.46 port 18902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:14:06.411Z","@version":"1","message":"Sep 18 18:14:06 honeypot-sgp-1 sshd[31319]: Connection closed by invalid user admin 165.232.158.22 port 36594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:14:10 honeypot-ams-1 sshd[6381]: Invalid user gf from 47.180.212.134 port 54091","@timestamp":"2022-09-18T18:14:11.045Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:14:12 honeypot-fra-1 kernel: [84399259.520775] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=41150 PROTO=TCP SPT=44004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:14:13.762Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:17:01.482Z","@version":"1","message":"Sep 18 18:17:01 honeypot-sgp-1 CRON[31325]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:17:01 honeypot-fra-1 CRON[28741]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T18:17:01.832Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:17:21 honeypot-ams-1 kernel: [84401620.662428] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.184.10.96 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=21019 PROTO=TCP SPT=61953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:17:21.130Z"}
{"@timestamp":"2022-09-18T18:18:32.520Z","@version":"1","message":"Sep 18 18:18:31 honeypot-sgp-1 sshd[31330]: Disconnected from authenticating user root 167.99.126.215 port 34464 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:19:31 honeypot-fra-1 sshd[28746]: Received disconnect from 96.78.175.36 port 58216:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:19:31.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:21:40 honeypot-fra-1 sshd[28753]: Received disconnect from 164.92.151.127 port 33464:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:21:40.944Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:34 honeypot-fra-1 sshd[28764]: Invalid user devops from 183.146.30.163 port 33540","@timestamp":"2022-09-18T18:24:35.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:34 honeypot-fra-1 sshd[28768]: Invalid user demo from 183.146.30.163 port 33492","@timestamp":"2022-09-18T18:24:35.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28783]: Connection closed by invalid user www 183.146.30.163 port 33481 [preauth]","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28773]: Connection closed by invalid user elastic 183.146.30.163 port 33528 [preauth]","@timestamp":"2022-09-18T18:24:37.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28775]: Connection closed by invalid user mysql 183.146.30.163 port 33552 [preauth]","@timestamp":"2022-09-18T18:24:37.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:43 honeypot-fra-1 sshd[28764]: Connection closed by invalid user devops 183.146.30.163 port 33540 [preauth]","@timestamp":"2022-09-18T18:24:44.019Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28811]: Invalid user testuser from 130.193.40.11 port 32952","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28823]: Connection closed by invalid user admin 130.193.40.11 port 33190 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28818]: Invalid user admin from 130.193.40.11 port 32968","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28828]: Invalid user ftp from 130.193.40.11 port 33024","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28831]: Connection closed by authenticating user root 130.193.40.11 port 33058 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28824]: Connection closed by invalid user test 130.193.40.11 port 32950 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:15 honeypot-fra-1 sshd[28826]: Connection closed by authenticating user root 130.193.40.11 port 33060 [preauth]","@timestamp":"2022-09-18T18:25:16.035Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28857]: Invalid user postgres from 130.193.40.11 port 33094","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28860]: Connection closed by invalid user es 130.193.40.11 port 32958 [preauth]","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:29:21 honeypot-ams-1 sshd[6390]: Received disconnect from 190.144.139.235 port 46808:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:29:21.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:32:49 honeypot-fra-1 sshd[28877]: Received disconnect from 61.177.173.46 port 40970:11:  [preauth]","@timestamp":"2022-09-18T18:32:49.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:32:53.878Z","@version":"1","message":"Sep 18 18:32:53 honeypot-sgp-1 sshd[31348]: Received disconnect from 61.177.173.53 port 53773:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:33:51 honeypot-fra-1 sshd[28881]: Disconnected from authenticating user root 61.177.173.35 port 27091 [preauth]","@timestamp":"2022-09-18T18:33:51.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:41:18 honeypot-fra-1 kernel: [84400884.742005] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54849 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:41:18.411Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:42:45.129Z","@version":"1","message":"Sep 18 18:42:44 honeypot-sgp-1 sshd[31358]: Disconnected from 20.171.106.5 port 54400 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:44:02 honeypot-ams-1 kernel: [84403222.202176] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44667 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:44:02.856Z"}
{"@timestamp":"2022-09-18T18:47:25.241Z","@version":"1","message":"Sep 18 18:47:24 honeypot-sgp-1 sshd[31366]: Received disconnect from 121.65.121.149 port 42881:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:50:24.313Z","@version":"1","message":"Sep 18 18:50:23 honeypot-sgp-1 sshd[31371]: Received disconnect from 34.126.71.110 port 56520:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:51:57 honeypot-fra-1 kernel: [84401523.688144] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=14643 PROTO=TCP SPT=44472 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:51:57.671Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:53:25.410Z","@version":"1","message":"Sep 18 18:53:25 honeypot-sgp-1 sshd[31376]: Received disconnect from 152.32.229.160 port 17238:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:54:32.439Z","@version":"1","message":"Sep 18 18:54:31 honeypot-sgp-1 sshd[31380]: Disconnected from invalid user administrator 180.218.224.139 port 55764 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:21 honeypot-fra-1 sshd[28896]: Disconnected from invalid user user 45.61.184.204 port 45252 [preauth]","@timestamp":"2022-09-18T18:56:21.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:31 honeypot-fra-1 sshd[28898]: Disconnected from invalid user user 45.61.184.204 port 57128 [preauth]","@timestamp":"2022-09-18T18:56:31.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:51 honeypot-fra-1 sshd[28902]: Disconnected from invalid user user 45.61.184.204 port 52652 [preauth]","@timestamp":"2022-09-18T18:56:52.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:11 honeypot-fra-1 sshd[28906]: Disconnected from invalid user user 45.61.184.204 port 48170 [preauth]","@timestamp":"2022-09-18T18:57:11.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:57:20.507Z","@version":"1","message":"Sep 18 18:57:20 honeypot-sgp-1 sshd[31387]: Invalid user admin from 92.255.85.70 port 20388","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:58:49 honeypot-ams-1 sshd[6398]: Received disconnect from 43.128.104.254 port 51318:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:58:50.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:00:27 honeypot-fra-1 sshd[28912]: Disconnected from authenticating user root 61.177.173.36 port 29677 [preauth]","@timestamp":"2022-09-18T19:00:27.873Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:01:18 honeypot-ams-1 sshd[6401]: Disconnected from invalid user yhr 80.253.31.232 port 41978 [preauth]","@timestamp":"2022-09-18T19:01:19.316Z"}
{"@timestamp":"2022-09-18T19:02:44.636Z","@version":"1","message":"Sep 18 19:02:44 honeypot-sgp-1 kernel: [84403866.915614] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=20483 PROTO=TCP SPT=43305 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:05:54 honeypot-ams-1 sshd[6408]: Received disconnect from 157.245.154.129 port 39836:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:05:55.441Z"}
{"@timestamp":"2022-09-18T19:08:06.761Z","@version":"1","message":"Sep 18 19:08:06 honeypot-sgp-1 sshd[31401]: Disconnected from authenticating user root 189.4.149.140 port 58296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:10:04 honeypot-fra-1 sshd[28923]: Invalid user dev from 103.188.176.251 port 49000","@timestamp":"2022-09-18T19:10:05.095Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:10:47 honeypot-ams-1 sshd[6410]: Disconnected from invalid user admin 92.255.85.69 port 32402 [preauth]","@timestamp":"2022-09-18T19:10:47.572Z"}
{"@timestamp":"2022-09-18T19:16:45.978Z","@version":"1","message":"Sep 18 19:16:45 honeypot-sgp-1 sshd[31406]: Disconnected from authenticating user root 61.177.172.124 port 18963 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:17:02 honeypot-ams-1 sshd[6419]: Received disconnect from 107.170.102.171 port 59666:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:17:02.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:18:15 honeypot-ams-1 sshd[6423]: Disconnected from authenticating user root 206.189.159.9 port 55334 [preauth]","@timestamp":"2022-09-18T19:18:16.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:18:54 honeypot-ams-1 sshd[6428]: Disconnected from invalid user yuanwd 20.57.113.125 port 60308 [preauth]","@timestamp":"2022-09-18T19:18:54.792Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:19:58 honeypot-fra-1 sshd[28937]: Received disconnect from 20.92.94.177 port 41128:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:19:59.322Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:23:23.134Z","@version":"1","message":"Sep 18 19:23:22 honeypot-sgp-1 sshd[31413]: Disconnected from authenticating user root 61.177.173.53 port 33578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:25:26 honeypot-ams-1 kernel: [84405706.121324] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=50.4.46.46 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=46205 DF PROTO=TCP SPT=47198 DPT=80 WINDOW=62720 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:25:27.310Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:22 honeypot-fra-1 sshd[28948]: Connection closed by authenticating user root 13.126.217.41 port 58948 [preauth]","@timestamp":"2022-09-18T19:27:22.491Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:27 honeypot-fra-1 sshd[28960]: Connection closed by authenticating user root 13.126.217.41 port 36888 [preauth]","@timestamp":"2022-09-18T19:27:28.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:33 honeypot-fra-1 sshd[28972]: Connection closed by authenticating user root 13.126.217.41 port 43196 [preauth]","@timestamp":"2022-09-18T19:27:33.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:39 honeypot-fra-1 sshd[28984]: Connection closed by authenticating user root 13.126.217.41 port 49904 [preauth]","@timestamp":"2022-09-18T19:27:39.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:44 honeypot-fra-1 sshd[28996]: Connection closed by authenticating user root 13.126.217.41 port 56654 [preauth]","@timestamp":"2022-09-18T19:27:45.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:50 honeypot-fra-1 sshd[29008]: Connection closed by authenticating user root 13.126.217.41 port 34658 [preauth]","@timestamp":"2022-09-18T19:27:50.509Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:27:55.239Z","@version":"1","message":"Sep 18 19:27:54 honeypot-sgp-1 sshd[31418]: Disconnected from invalid user iug 109.115.187.31 port 50578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:56 honeypot-fra-1 sshd[29020]: Connection closed by authenticating user root 13.126.217.41 port 41160 [preauth]","@timestamp":"2022-09-18T19:27:56.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:01 honeypot-fra-1 sshd[29032]: Connection closed by authenticating user root 13.126.217.41 port 47414 [preauth]","@timestamp":"2022-09-18T19:28:02.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:07 honeypot-fra-1 sshd[29044]: Connection closed by authenticating user root 13.126.217.41 port 53646 [preauth]","@timestamp":"2022-09-18T19:28:07.521Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:13 honeypot-fra-1 sshd[29056]: Connection closed by authenticating user root 13.126.217.41 port 60160 [preauth]","@timestamp":"2022-09-18T19:28:13.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:18 honeypot-fra-1 sshd[29068]: Connection closed by authenticating user root 13.126.217.41 port 38080 [preauth]","@timestamp":"2022-09-18T19:28:19.528Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:24 honeypot-fra-1 sshd[29080]: Connection closed by authenticating user root 13.126.217.41 port 44488 [preauth]","@timestamp":"2022-09-18T19:28:24.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:29 honeypot-fra-1 sshd[29090]: Connection closed by authenticating user root 13.126.217.41 port 49806 [preauth]","@timestamp":"2022-09-18T19:28:29.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:34 honeypot-fra-1 sshd[29102]: Connection closed by authenticating user root 13.126.217.41 port 56026 [preauth]","@timestamp":"2022-09-18T19:28:35.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:39 honeypot-fra-1 sshd[29112]: Invalid user user from 13.126.217.41 port 33198","@timestamp":"2022-09-18T19:28:39.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:41 honeypot-fra-1 sshd[29118]: Invalid user user from 13.126.217.41 port 36232","@timestamp":"2022-09-18T19:28:42.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:44 honeypot-fra-1 sshd[29124]: Invalid user user from 13.126.217.41 port 39334","@timestamp":"2022-09-18T19:28:45.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:47 honeypot-fra-1 sshd[29130]: Invalid user user from 13.126.217.41 port 42332","@timestamp":"2022-09-18T19:28:48.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:50 honeypot-fra-1 sshd[29136]: Invalid user user from 13.126.217.41 port 45532","@timestamp":"2022-09-18T19:28:50.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:53 honeypot-fra-1 sshd[29142]: Invalid user user from 13.126.217.41 port 48636","@timestamp":"2022-09-18T19:28:53.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:55 honeypot-fra-1 sshd[29148]: Invalid user user from 13.126.217.41 port 51714","@timestamp":"2022-09-18T19:28:56.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:58 honeypot-fra-1 sshd[29154]: Invalid user user from 13.126.217.41 port 54554","@timestamp":"2022-09-18T19:28:59.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:01 honeypot-fra-1 sshd[29160]: Invalid user user from 13.126.217.41 port 57794","@timestamp":"2022-09-18T19:29:01.556Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:04 honeypot-fra-1 sshd[29166]: Invalid user user from 13.126.217.41 port 60768","@timestamp":"2022-09-18T19:29:04.558Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:06 honeypot-fra-1 sshd[29172]: Invalid user user from 13.126.217.41 port 35790","@timestamp":"2022-09-18T19:29:07.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:09 honeypot-fra-1 sshd[29178]: Invalid user user from 13.126.217.41 port 38606","@timestamp":"2022-09-18T19:29:10.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:12 honeypot-fra-1 sshd[29184]: Invalid user user from 13.126.217.41 port 41770","@timestamp":"2022-09-18T19:29:12.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:15 honeypot-fra-1 sshd[29190]: Invalid user user from 13.126.217.41 port 45006","@timestamp":"2022-09-18T19:29:15.565Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:29:17 honeypot-ams-1 kernel: [84405937.115675] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.97.234.8 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=10335 DF PROTO=TCP SPT=64429 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T19:29:18.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:18 honeypot-fra-1 sshd[29196]: Invalid user user from 13.126.217.41 port 48002","@timestamp":"2022-09-18T19:29:18.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:20 honeypot-fra-1 sshd[29202]: Invalid user user from 13.126.217.41 port 51106","@timestamp":"2022-09-18T19:29:21.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:23 honeypot-fra-1 sshd[29208]: Invalid user user from 13.126.217.41 port 54198","@timestamp":"2022-09-18T19:29:23.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:26 honeypot-fra-1 sshd[29214]: Invalid user user from 13.126.217.41 port 57224","@timestamp":"2022-09-18T19:29:26.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:28 honeypot-fra-1 sshd[29220]: Invalid user user from 13.126.217.41 port 60034","@timestamp":"2022-09-18T19:29:29.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:31 honeypot-fra-1 sshd[29226]: Invalid user user from 13.126.217.41 port 35068","@timestamp":"2022-09-18T19:29:32.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:34 honeypot-fra-1 sshd[29232]: Invalid user user from 13.126.217.41 port 38046","@timestamp":"2022-09-18T19:29:35.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:37 honeypot-fra-1 sshd[29238]: Invalid user user from 13.126.217.41 port 41156","@timestamp":"2022-09-18T19:29:37.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:40 honeypot-fra-1 sshd[29244]: Invalid user user from 13.126.217.41 port 43934","@timestamp":"2022-09-18T19:29:40.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:42 honeypot-fra-1 sshd[29250]: Invalid user user from 13.126.217.41 port 47006","@timestamp":"2022-09-18T19:29:43.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:45 honeypot-fra-1 sshd[29256]: Invalid user user from 13.126.217.41 port 49980","@timestamp":"2022-09-18T19:29:46.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:48 honeypot-fra-1 sshd[29262]: Invalid user user from 13.126.217.41 port 53108","@timestamp":"2022-09-18T19:29:48.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:51 honeypot-fra-1 sshd[29268]: Invalid user user from 13.126.217.41 port 56002","@timestamp":"2022-09-18T19:29:51.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:53 honeypot-fra-1 sshd[29274]: Invalid user ubuntu from 13.126.217.41 port 58962","@timestamp":"2022-09-18T19:29:54.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:56 honeypot-fra-1 sshd[29280]: Invalid user ubuntu from 13.126.217.41 port 33784","@timestamp":"2022-09-18T19:29:57.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:59 honeypot-fra-1 sshd[29286]: Invalid user ubuntu from 13.126.217.41 port 36652","@timestamp":"2022-09-18T19:29:59.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:02 honeypot-fra-1 sshd[29292]: Invalid user ubuntu from 13.126.217.41 port 39540","@timestamp":"2022-09-18T19:30:02.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:04 honeypot-fra-1 sshd[29298]: Invalid user ubuntu from 13.126.217.41 port 42376","@timestamp":"2022-09-18T19:30:05.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:07 honeypot-fra-1 sshd[29304]: Invalid user ubuntu from 13.126.217.41 port 45572","@timestamp":"2022-09-18T19:30:08.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:10 honeypot-fra-1 sshd[29310]: Invalid user ubuntu from 13.126.217.41 port 48476","@timestamp":"2022-09-18T19:30:10.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:13 honeypot-fra-1 sshd[29316]: Invalid user ubuntu from 13.126.217.41 port 51390","@timestamp":"2022-09-18T19:30:13.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:15 honeypot-fra-1 sshd[29322]: Invalid user ubuntu from 13.126.217.41 port 54158","@timestamp":"2022-09-18T19:30:16.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:18 honeypot-fra-1 sshd[29328]: Invalid user ubuntu from 13.126.217.41 port 57044","@timestamp":"2022-09-18T19:30:18.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:21 honeypot-fra-1 sshd[29334]: Invalid user ubuntu from 13.126.217.41 port 60116","@timestamp":"2022-09-18T19:30:21.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:23 honeypot-fra-1 sshd[29340]: Invalid user ubuntu from 13.126.217.41 port 34804","@timestamp":"2022-09-18T19:30:24.649Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:26 honeypot-fra-1 sshd[29346]: Invalid user ubuntu from 13.126.217.41 port 37638","@timestamp":"2022-09-18T19:30:26.650Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:29 honeypot-fra-1 sshd[29352]: Invalid user ubuntu from 13.126.217.41 port 40502","@timestamp":"2022-09-18T19:30:29.652Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:31 honeypot-fra-1 sshd[29358]: Invalid user ubuntu from 13.126.217.41 port 43486","@timestamp":"2022-09-18T19:30:32.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:34 honeypot-fra-1 sshd[29365]: Invalid user ubuntu from 13.126.217.41 port 46200","@timestamp":"2022-09-18T19:30:34.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:37 honeypot-fra-1 sshd[29371]: Invalid user ubuntu from 13.126.217.41 port 49158","@timestamp":"2022-09-18T19:30:37.658Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:39 honeypot-fra-1 sshd[29377]: Invalid user ubuntu from 13.126.217.41 port 52032","@timestamp":"2022-09-18T19:30:40.660Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:42 honeypot-fra-1 sshd[29383]: Invalid user ubuntu from 13.126.217.41 port 55010","@timestamp":"2022-09-18T19:30:43.662Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:45 honeypot-fra-1 sshd[29389]: Invalid user ubuntu from 13.126.217.41 port 57746","@timestamp":"2022-09-18T19:30:45.663Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:48 honeypot-fra-1 sshd[29395]: Invalid user ubuntu from 13.126.217.41 port 60730","@timestamp":"2022-09-18T19:30:48.665Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:50 honeypot-fra-1 sshd[29401]: Invalid user ubuntu from 13.126.217.41 port 35406","@timestamp":"2022-09-18T19:30:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:53 honeypot-fra-1 sshd[29407]: Invalid user ubuntu from 13.126.217.41 port 38380","@timestamp":"2022-09-18T19:30:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:56 honeypot-fra-1 sshd[29413]: Invalid user ubuntu from 13.126.217.41 port 41256","@timestamp":"2022-09-18T19:30:56.671Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:58 honeypot-fra-1 sshd[29419]: Invalid user ubuntu from 13.126.217.41 port 44006","@timestamp":"2022-09-18T19:30:59.673Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:01 honeypot-fra-1 sshd[29425]: Invalid user ubuntu from 13.126.217.41 port 46962","@timestamp":"2022-09-18T19:31:01.674Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:04 honeypot-fra-1 sshd[29431]: Invalid user ubuntu from 13.126.217.41 port 49782","@timestamp":"2022-09-18T19:31:04.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:06 honeypot-fra-1 sshd[29437]: Invalid user ubuntu from 13.126.217.41 port 52650","@timestamp":"2022-09-18T19:31:07.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:09 honeypot-fra-1 sshd[29443]: Invalid user debian from 13.126.217.41 port 55478","@timestamp":"2022-09-18T19:31:09.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:12 honeypot-fra-1 sshd[29449]: Invalid user debian from 13.126.217.41 port 58292","@timestamp":"2022-09-18T19:31:12.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:14 honeypot-fra-1 sshd[29455]: Invalid user debian from 13.126.217.41 port 32966","@timestamp":"2022-09-18T19:31:15.683Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:17 honeypot-fra-1 sshd[29461]: Invalid user debian from 13.126.217.41 port 36208","@timestamp":"2022-09-18T19:31:17.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:20 honeypot-fra-1 sshd[29467]: Invalid user debian from 13.126.217.41 port 39262","@timestamp":"2022-09-18T19:31:20.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:22 honeypot-fra-1 sshd[29473]: Invalid user debian from 13.126.217.41 port 42416","@timestamp":"2022-09-18T19:31:23.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:25 honeypot-fra-1 sshd[29479]: Invalid user debian from 13.126.217.41 port 45574","@timestamp":"2022-09-18T19:31:25.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:28 honeypot-fra-1 sshd[29486]: Invalid user debian from 13.126.217.41 port 48994","@timestamp":"2022-09-18T19:31:28.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:31 honeypot-fra-1 sshd[29492]: Invalid user debian from 13.126.217.41 port 51944","@timestamp":"2022-09-18T19:31:31.693Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:33 honeypot-fra-1 sshd[29498]: Invalid user debian from 13.126.217.41 port 55062","@timestamp":"2022-09-18T19:31:33.695Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:36 honeypot-fra-1 sshd[29504]: Invalid user debian from 13.126.217.41 port 58032","@timestamp":"2022-09-18T19:31:36.696Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:31:39.328Z","@version":"1","message":"Sep 18 19:31:38 honeypot-sgp-1 sshd[31424]: Disconnected from authenticating user root 61.177.173.53 port 58905 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:39 honeypot-fra-1 sshd[29510]: Invalid user debian from 13.126.217.41 port 32800","@timestamp":"2022-09-18T19:31:39.699Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:41 honeypot-fra-1 sshd[29516]: Invalid user debian from 13.126.217.41 port 35646","@timestamp":"2022-09-18T19:31:42.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:44 honeypot-fra-1 sshd[29522]: Invalid user debian from 13.126.217.41 port 38784","@timestamp":"2022-09-18T19:31:44.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:47 honeypot-fra-1 sshd[29528]: Invalid user debian from 13.126.217.41 port 41616","@timestamp":"2022-09-18T19:31:47.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:50 honeypot-fra-1 sshd[29534]: Invalid user debian from 13.126.217.41 port 44632","@timestamp":"2022-09-18T19:31:50.705Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:52 honeypot-fra-1 sshd[29540]: Invalid user debian from 13.126.217.41 port 47630","@timestamp":"2022-09-18T19:31:52.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:55 honeypot-fra-1 sshd[29546]: Invalid user debian from 13.126.217.41 port 50340","@timestamp":"2022-09-18T19:31:55.709Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:58 honeypot-fra-1 sshd[29552]: Invalid user debian from 13.126.217.41 port 53426","@timestamp":"2022-09-18T19:31:58.711Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:00 honeypot-fra-1 sshd[29558]: Invalid user debian from 13.126.217.41 port 56586","@timestamp":"2022-09-18T19:32:01.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:03 honeypot-fra-1 sshd[29566]: Invalid user debian from 13.126.217.41 port 59834","@timestamp":"2022-09-18T19:32:03.714Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:06 honeypot-fra-1 sshd[29572]: Invalid user debian from 13.126.217.41 port 34640","@timestamp":"2022-09-18T19:32:06.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:09 honeypot-fra-1 sshd[29578]: Invalid user debian from 13.126.217.41 port 37778","@timestamp":"2022-09-18T19:32:09.718Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:32:11.343Z","@version":"1","message":"Sep 18 19:32:10 honeypot-sgp-1 sshd[31430]: Received disconnect from 61.177.173.37 port 14086:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:11 honeypot-fra-1 sshd[29584]: Invalid user debian from 13.126.217.41 port 40806","@timestamp":"2022-09-18T19:32:12.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:14 honeypot-fra-1 sshd[29590]: Invalid user debian from 13.126.217.41 port 43956","@timestamp":"2022-09-18T19:32:14.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:17 honeypot-fra-1 sshd[29596]: Invalid user debian from 13.126.217.41 port 46928","@timestamp":"2022-09-18T19:32:17.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:19 honeypot-fra-1 sshd[29602]: Invalid user debian from 13.126.217.41 port 49856","@timestamp":"2022-09-18T19:32:20.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:22 honeypot-fra-1 sshd[29608]: Invalid user admin from 13.126.217.41 port 52772","@timestamp":"2022-09-18T19:32:22.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:25 honeypot-fra-1 sshd[29614]: Invalid user admin from 13.126.217.41 port 55824","@timestamp":"2022-09-18T19:32:25.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:28 honeypot-fra-1 sshd[29620]: Invalid user admin from 13.126.217.41 port 58988","@timestamp":"2022-09-18T19:32:28.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:31 honeypot-fra-1 sshd[29626]: Invalid user admin from 13.126.217.41 port 33866","@timestamp":"2022-09-18T19:32:31.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:33 honeypot-fra-1 sshd[29632]: Invalid user admin from 13.126.217.41 port 36742","@timestamp":"2022-09-18T19:32:34.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:36 honeypot-fra-1 sshd[29638]: Invalid user admin from 13.126.217.41 port 39930","@timestamp":"2022-09-18T19:32:36.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:39 honeypot-fra-1 sshd[29644]: Invalid user admin from 13.126.217.41 port 42766","@timestamp":"2022-09-18T19:32:39.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:42 honeypot-fra-1 sshd[29650]: Invalid user admin from 13.126.217.41 port 45578","@timestamp":"2022-09-18T19:32:42.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:44 honeypot-fra-1 sshd[29656]: Invalid user admin from 13.126.217.41 port 48304","@timestamp":"2022-09-18T19:32:44.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:47 honeypot-fra-1 sshd[29662]: Invalid user admin from 13.126.217.41 port 51314","@timestamp":"2022-09-18T19:32:47.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:50 honeypot-fra-1 sshd[29668]: Invalid user admin from 13.126.217.41 port 54452","@timestamp":"2022-09-18T19:32:50.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:52 honeypot-fra-1 sshd[29674]: Invalid user admin from 13.126.217.41 port 57304","@timestamp":"2022-09-18T19:32:53.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:55 honeypot-fra-1 sshd[29680]: Invalid user admin from 13.126.217.41 port 60172","@timestamp":"2022-09-18T19:32:55.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:58 honeypot-fra-1 sshd[29686]: Invalid user admin from 13.126.217.41 port 34908","@timestamp":"2022-09-18T19:32:58.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:00 honeypot-fra-1 sshd[29692]: Invalid user admin from 13.126.217.41 port 37940","@timestamp":"2022-09-18T19:33:01.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:03 honeypot-fra-1 sshd[29698]: Invalid user admin from 13.126.217.41 port 40844","@timestamp":"2022-09-18T19:33:03.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:06 honeypot-fra-1 sshd[29704]: Invalid user admin from 13.126.217.41 port 43734","@timestamp":"2022-09-18T19:33:06.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:08 honeypot-fra-1 sshd[29710]: Invalid user admin from 13.126.217.41 port 46734","@timestamp":"2022-09-18T19:33:09.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:11 honeypot-fra-1 sshd[29716]: Invalid user admin from 13.126.217.41 port 49886","@timestamp":"2022-09-18T19:33:11.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:14 honeypot-fra-1 sshd[29722]: Invalid user admin from 13.126.217.41 port 52894","@timestamp":"2022-09-18T19:33:14.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:16 honeypot-fra-1 sshd[29728]: Invalid user admin from 13.126.217.41 port 55792","@timestamp":"2022-09-18T19:33:17.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:19 honeypot-fra-1 sshd[29734]: Invalid user admin from 13.126.217.41 port 59014","@timestamp":"2022-09-18T19:33:19.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:22 honeypot-fra-1 sshd[29742]: Invalid user admin from 13.126.217.41 port 33964","@timestamp":"2022-09-18T19:33:22.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:25 honeypot-fra-1 sshd[29748]: Invalid user admin from 13.126.217.41 port 37104","@timestamp":"2022-09-18T19:33:25.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:27 honeypot-fra-1 sshd[29754]: Invalid user admin from 13.126.217.41 port 40068","@timestamp":"2022-09-18T19:33:28.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:30 honeypot-fra-1 sshd[29760]: Invalid user admin from 13.126.217.41 port 43298","@timestamp":"2022-09-18T19:33:30.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:33 honeypot-fra-1 sshd[29766]: Invalid user admin from 13.126.217.41 port 46360","@timestamp":"2022-09-18T19:33:33.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:36 honeypot-fra-1 sshd[29772]: Invalid user pi from 13.126.217.41 port 49684","@timestamp":"2022-09-18T19:33:36.776Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:35:03.413Z","@version":"1","message":"Sep 18 19:35:03 honeypot-sgp-1 sshd[31435]: Disconnected from authenticating user root 61.177.172.114 port 62305 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:36:33 honeypot-ams-1 sshd[6444]: Invalid user oracle from 103.6.137.42 port 38566","@timestamp":"2022-09-18T19:36:33.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:37:50 honeypot-fra-1 sshd[29779]: Received disconnect from 61.177.172.104 port 35473:11:  [preauth]","@timestamp":"2022-09-18T19:37:50.873Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:38:56.506Z","@version":"1","message":"Sep 18 19:38:55 honeypot-sgp-1 sshd[31440]: Disconnected from invalid user apache 167.99.147.105 port 59268 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:41:50.576Z","@version":"1","message":"Sep 18 19:41:49 honeypot-sgp-1 sshd[31450]: Received disconnect from 165.22.245.238 port 53280:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:41:57 honeypot-fra-1 sshd[29786]: Received disconnect from 92.255.85.70 port 28088:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:41:57.968Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:42:14.588Z","@version":"1","message":"Sep 18 19:42:14 honeypot-sgp-1 sshd[31455]: Invalid user user from 45.61.186.49 port 34816","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:24.593Z","@version":"1","message":"Sep 18 19:42:23 honeypot-sgp-1 sshd[31459]: Invalid user user from 45.61.186.49 port 46168","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:44:02.633Z","@version":"1","message":"Sep 18 19:44:02 honeypot-sgp-1 sshd[31464]: Disconnected from authenticating user root 61.177.173.52 port 14632 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:45:50 honeypot-ams-1 sshd[6449]: Did not receive identification string from 31.52.230.39 port 49200","@timestamp":"2022-09-18T19:45:50.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:45:59 honeypot-fra-1 sshd[29791]: Disconnected from authenticating user root 61.177.173.52 port 62047 [preauth]","@timestamp":"2022-09-18T19:46:00.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:00 honeypot-ams-1 sshd[6454]: Invalid user user from 45.61.184.204 port 55762","@timestamp":"2022-09-18T19:48:01.923Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:19 honeypot-ams-1 sshd[6458]: Invalid user user from 45.61.184.204 port 50366","@timestamp":"2022-09-18T19:48:19.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:35 honeypot-ams-1 sshd[6462]: Invalid user user from 45.61.184.204 port 44988","@timestamp":"2022-09-18T19:48:35.942Z"}
{"@timestamp":"2022-09-18T19:49:56.775Z","@version":"1","message":"Sep 18 19:49:56 honeypot-sgp-1 sshd[31469]: Invalid user admin from 143.198.75.234 port 46792","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:51:08 honeypot-fra-1 sshd[29800]: Did not receive identification string from 178.128.72.150 port 50226","@timestamp":"2022-09-18T19:51:09.178Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:52:03 honeypot-ams-1 kernel: [84407303.085759] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.171.78.121 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=42092 DF PROTO=TCP SPT=59178 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:52:04.036Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:52:45 honeypot-fra-1 sshd[29803]: Disconnected from invalid user ftpuser 178.128.72.150 port 51404 [preauth]","@timestamp":"2022-09-18T19:52:46.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:53:36 honeypot-fra-1 sshd[29807]: Disconnected from invalid user oracle 178.128.72.150 port 50752 [preauth]","@timestamp":"2022-09-18T19:53:37.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:25 honeypot-fra-1 sshd[29812]: Disconnected from invalid user postgres 178.128.72.150 port 50096 [preauth]","@timestamp":"2022-09-18T19:54:26.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:55:13 honeypot-fra-1 sshd[29816]: Disconnected from invalid user mysql 178.128.72.150 port 49438 [preauth]","@timestamp":"2022-09-18T19:55:14.302Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:01 honeypot-fra-1 sshd[29820]: Disconnected from invalid user teamspeak 178.128.72.150 port 48770 [preauth]","@timestamp":"2022-09-18T19:56:01.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:49 honeypot-fra-1 sshd[29824]: Disconnected from invalid user ftpuser 178.128.72.150 port 48118 [preauth]","@timestamp":"2022-09-18T19:56:49.341Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:57:36 honeypot-fra-1 sshd[29830]: Invalid user postgres from 178.128.72.150 port 47460","@timestamp":"2022-09-18T19:57:37.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:58:03 honeypot-fra-1 sshd[29834]: Invalid user weiwei from 186.195.230.242 port 40297","@timestamp":"2022-09-18T19:58:04.375Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:58:42 honeypot-ams-1 sshd[6470]: Invalid user atlas from 152.32.214.226 port 39866","@timestamp":"2022-09-18T19:58:43.214Z"}
{"@timestamp":"2022-09-18T19:58:46.978Z","@version":"1","message":"Sep 18 19:58:46 honeypot-sgp-1 sshd[31478]: Received disconnect from 92.255.85.70 port 34050:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T20:01:00.034Z","@version":"1","message":"Sep 18 20:00:59 honeypot-sgp-1 sshd[31484]: Received disconnect from 61.177.173.49 port 44101:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:01:15 honeypot-fra-1 kernel: [84405681.405442] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=39827 PROTO=TCP SPT=42441 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:01:15.453Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:04:54 honeypot-ams-1 kernel: [84408073.980900] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=65124 PROTO=TCP SPT=51411 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:04:55.378Z"}
{"@timestamp":"2022-09-18T20:05:32.146Z","@version":"1","message":"Sep 18 20:05:32 honeypot-sgp-1 sshd[31489]: Received disconnect from 61.177.173.39 port 54125:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:06:18 honeypot-ams-1 sshd[6476]: Disconnected from invalid user nvivek 43.154.13.15 port 39468 [preauth]","@timestamp":"2022-09-18T20:06:18.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:08:20 honeypot-ams-1 sshd[6480]: Disconnected from invalid user monitor 188.166.176.236 port 38332 [preauth]","@timestamp":"2022-09-18T20:08:21.472Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:17:01 honeypot-fra-1 CRON[29849]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T20:17:01.801Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:17:01 honeypot-ams-1 CRON[6487]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T20:17:02.702Z"}
{"@timestamp":"2022-09-18T20:18:18.444Z","@version":"1","message":"Sep 18 20:18:17 honeypot-sgp-1 sshd[31497]: Received disconnect from 218.92.0.221 port 24902:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:39 honeypot-fra-1 sshd[29859]: Disconnected from invalid user jolly 40.89.190.3 port 1024 [preauth]","@timestamp":"2022-09-18T20:19:39.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:20:58 honeypot-fra-1 sshd[29865]: Disconnected from invalid user admin 103.25.208.148 port 44214 [preauth]","@timestamp":"2022-09-18T20:20:58.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:22:54 honeypot-fra-1 sshd[29871]: Received disconnect from 190.129.60.125 port 34164:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:22:54.953Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:23:27.564Z","@version":"1","message":"Sep 18 20:23:27 honeypot-sgp-1 sshd[31507]: Disconnected from invalid user bobinas 23.247.33.61 port 33524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:26:45 honeypot-ams-1 kernel: [84409384.825191] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=20159 PROTO=TCP SPT=40145 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:26:45.959Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:28:32 honeypot-fra-1 sshd[29878]: Invalid user xl from 185.74.4.20 port 58104","@timestamp":"2022-09-18T20:28:33.103Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:29:08 honeypot-fra-1 sshd[29882]: Received disconnect from 61.177.173.49 port 46613:11:  [preauth]","@timestamp":"2022-09-18T20:29:08.119Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:37:37.891Z","@version":"1","message":"Sep 18 20:37:37 honeypot-sgp-1 kernel: [84409559.657633] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.230.3 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=47557 DF PROTO=TCP SPT=34514 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:39:08 honeypot-fra-1 sshd[29889]: Disconnected from invalid user admin 92.255.85.69 port 41434 [preauth]","@timestamp":"2022-09-18T20:39:09.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:41:38 honeypot-ams-1 sshd[6498]: Disconnected from invalid user oracle 121.126.7.30 port 62865 [preauth]","@timestamp":"2022-09-18T20:41:39.348Z"}
{"@timestamp":"2022-09-18T20:42:00.992Z","@version":"1","message":"Sep 18 20:42:00 honeypot-sgp-1 sshd[31537]: Received disconnect from 61.177.173.48 port 22980:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:45:55 honeypot-fra-1 kernel: [84408361.829384] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45090 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:45:56.492Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:47:58 honeypot-ams-1 sshd[6503]: Received disconnect from 92.255.85.70 port 47970:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:47:59.522Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:52:22 honeypot-ams-1 sshd[6508]: Invalid user test from 178.128.72.150 port 41944","@timestamp":"2022-09-18T20:52:22.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:52:48 honeypot-ams-1 sshd[6511]: Disconnected from invalid user oracle 178.128.72.150 port 57158 [preauth]","@timestamp":"2022-09-18T20:52:49.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:53:42 honeypot-ams-1 sshd[6515]: Disconnected from invalid user postgres 178.128.72.150 port 59346 [preauth]","@timestamp":"2022-09-18T20:53:42.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:54:35 honeypot-ams-1 sshd[6519]: Disconnected from invalid user mysql 178.128.72.150 port 33314 [preauth]","@timestamp":"2022-09-18T20:54:35.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:27 honeypot-ams-1 sshd[6523]: Disconnected from invalid user teamspeak 178.128.72.150 port 35506 [preauth]","@timestamp":"2022-09-18T20:55:27.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:56:19 honeypot-ams-1 sshd[6527]: Disconnected from invalid user ftpuser 178.128.72.150 port 37682 [preauth]","@timestamp":"2022-09-18T20:56:19.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:57:11 honeypot-ams-1 sshd[6531]: Received disconnect from 178.128.72.150 port 39856:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:57:11.786Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:00:03 honeypot-ams-1 kernel: [84411383.408602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=48183 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:00:04.869Z"}
{"@timestamp":"2022-09-18T21:00:49.420Z","@version":"1","message":"Sep 18 21:00:49 honeypot-sgp-1 sshd[31549]: Connection closed by invalid user que 137.116.144.39 port 38790 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:03:01 honeypot-fra-1 sshd[29923]: Disconnected from invalid user liufangchen 165.22.45.108 port 53444 [preauth]","@timestamp":"2022-09-18T21:03:01.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:04:17 honeypot-fra-1 sshd[29929]: Received disconnect from 206.81.9.31 port 40420:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:04:17.904Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:06:24.548Z","@version":"1","message":"Sep 18 21:06:23 honeypot-sgp-1 sshd[31554]: Disconnected from authenticating user root 68.183.233.64 port 33232 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:08:14.594Z","@version":"1","message":"Sep 18 21:08:13 honeypot-sgp-1 sshd[31560]: Received disconnect from 159.223.22.132 port 37222:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:09:50 honeypot-fra-1 sshd[29938]: Invalid user admin from 2.42.138.122 port 52339","@timestamp":"2022-09-18T21:09:51.029Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:11:03 honeypot-ams-1 kernel: [84412042.670290] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26353 PROTO=TCP SPT=54804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:11:04.164Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:12:36 honeypot-fra-1 sshd[29945]: Disconnected from invalid user ccx 112.28.209.251 port 44098 [preauth]","@timestamp":"2022-09-18T21:12:37.091Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:12:54.704Z","@version":"1","message":"Sep 18 21:12:54 honeypot-sgp-1 sshd[31566]: Disconnected from invalid user ljh 176.102.38.42 port 60338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:17:22 honeypot-fra-1 sshd[29952]: Received disconnect from 92.255.85.69 port 53476:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:17:23.200Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:17:49.823Z","@version":"1","message":"Sep 18 21:17:49 honeypot-sgp-1 sshd[31576]: Disconnected from authenticating user root 61.177.172.124 port 31202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:20:07 honeypot-ams-1 kernel: [84412587.380188] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.228.34.63 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=60044 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:20:08.405Z"}
{"@timestamp":"2022-09-18T21:25:03.013Z","@version":"1","message":"Sep 18 21:25:02 honeypot-sgp-1 sshd[31587]: Disconnected from authenticating user root 61.177.172.108 port 32355 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:26:25 honeypot-fra-1 sshd[29961]: Connection closed by invalid user admin 220.90.156.4 port 42891 [preauth]","@timestamp":"2022-09-18T21:26:25.399Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:28:03 honeypot-ams-1 sshd[6550]: Received disconnect from 161.49.118.82 port 39218:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:28:03.615Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:30:48 honeypot-fra-1 sshd[29970]: Received disconnect from 218.92.0.221 port 54918:11:  [preauth]","@timestamp":"2022-09-18T21:30:49.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:31:17 honeypot-ams-1 kernel: [84413256.834109] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=56857 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:31:17.704Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:35:48 honeypot-fra-1 sshd[29976]: Invalid user system from 103.188.176.251 port 41320","@timestamp":"2022-09-18T21:35:49.611Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:37:58 honeypot-ams-1 kernel: [84413657.501233] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.159.103.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=55268 PROTO=TCP SPT=16568 DPT=80 WINDOW=37232 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:37:58.885Z"}
{"@timestamp":"2022-09-18T21:38:33.321Z","@version":"1","message":"Sep 18 21:38:32 honeypot-sgp-1 kernel: [84413214.832146] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=56857 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:39:58 honeypot-fra-1 sshd[29983]: Invalid user postgres from 193.106.191.157 port 55878","@timestamp":"2022-09-18T21:39:58.704Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:40:58.382Z","@version":"1","message":"Sep 18 21:40:57 honeypot-sgp-1 sshd[31601]: Received disconnect from 179.43.156.143 port 35762:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:42:52.428Z","@version":"1","message":"Sep 18 21:42:52 honeypot-sgp-1 sshd[31609]: Received disconnect from 179.43.156.143 port 56638:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:44:08.461Z","@version":"1","message":"Sep 18 21:44:07 honeypot-sgp-1 sshd[31614]: Disconnected from authenticating user root 179.43.156.143 port 51684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:45:23.492Z","@version":"1","message":"Sep 18 21:45:22 honeypot-sgp-1 sshd[31618]: Disconnected from invalid user ossuser 179.43.156.143 port 46738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:45:42 honeypot-fra-1 sshd[29988]: Received disconnect from 61.177.173.51 port 48796:11:  [preauth]","@timestamp":"2022-09-18T21:45:42.833Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:46:00.507Z","@version":"1","message":"Sep 18 21:46:00 honeypot-sgp-1 sshd[31622]: Disconnected from invalid user nfsnobod 179.43.156.143 port 44272 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:47:55.555Z","@version":"1","message":"Sep 18 21:47:54 honeypot-sgp-1 sshd[31631]: Invalid user git from 179.43.156.143 port 36836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:15.591Z","@version":"1","message":"Sep 18 21:49:14 honeypot-sgp-1 sshd[31638]: Invalid user testuser from 179.43.156.143 port 60118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:54.609Z","@version":"1","message":"Sep 18 21:49:53 honeypot-sgp-1 sshd[31644]: Invalid user hadoop from 179.43.156.143 port 57666","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:50:37 honeypot-fra-1 kernel: [84412243.595496] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=131.159.24.205 DST=165.22.82.222 LEN=64 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=58975 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:50:37.938Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:50:51 honeypot-ams-1 sshd[6566]: Received disconnect from 92.255.85.69 port 24312:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:50:52.220Z"}
{"@timestamp":"2022-09-18T21:50:56.635Z","@version":"1","message":"Sep 18 21:50:56 honeypot-sgp-1 sshd[31648]: Invalid user gitlab_ci from 188.166.208.174 port 47942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:51:13.644Z","@version":"1","message":"Sep 18 21:51:13 honeypot-sgp-1 sshd[31652]: Received disconnect from 179.43.156.143 port 52682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:52:33.677Z","@version":"1","message":"Sep 18 21:52:33 honeypot-sgp-1 sshd[31656]: Received disconnect from 179.43.156.143 port 47776:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:53:16.696Z","@version":"1","message":"Sep 18 21:53:16 honeypot-sgp-1 sshd[31660]: Disconnected from invalid user oracle 179.43.156.143 port 45282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:54:33.730Z","@version":"1","message":"Sep 18 21:54:33 honeypot-sgp-1 sshd[31667]: Received disconnect from 61.177.173.36 port 26012:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:56:13.772Z","@version":"1","message":"Sep 18 21:56:13 honeypot-sgp-1 sshd[31673]: Received disconnect from 179.43.156.143 port 35386:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:56:13 honeypot-ams-1 kernel: [84414752.973488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=194.169.217.218 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=53114 DF PROTO=TCP SPT=19801 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:56:14.363Z"}
{"@timestamp":"2022-09-18T21:57:45.811Z","@version":"1","message":"Sep 18 21:57:45 honeypot-sgp-1 sshd[31679]: Received disconnect from 179.43.156.143 port 58692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:59:14.872Z","@version":"1","message":"Sep 18 21:59:14 honeypot-sgp-1 sshd[31685]: Received disconnect from 179.43.156.143 port 53742:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:00:09 honeypot-fra-1 sshd[30000]: Connection closed by 174.138.61.44 port 46022 [preauth]","@timestamp":"2022-09-18T22:00:10.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:01:30.928Z","@version":"1","message":"Sep 18 22:01:29 honeypot-sgp-1 sshd[31692]: Received disconnect from 179.43.156.143 port 46322:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:02:03 honeypot-fra-1 sshd[30005]: Disconnecting authenticating user root 47.187.239.95 port 56603: Too many authentication failures [preauth]","@timestamp":"2022-09-18T22:02:04.199Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:02:59.965Z","@version":"1","message":"Sep 18 22:02:59 honeypot-sgp-1 sshd[31696]: Received disconnect from 179.43.156.143 port 41352:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:11 honeypot-ams-1 sshd[6575]: Disconnected from invalid user user 45.61.186.169 port 51498 [preauth]","@timestamp":"2022-09-18T22:04:12.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:31 honeypot-ams-1 sshd[6579]: Disconnected from invalid user user 45.61.186.169 port 46714 [preauth]","@timestamp":"2022-09-18T22:04:31.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:47 honeypot-ams-1 sshd[6583]: Disconnected from invalid user user 45.61.186.169 port 41922 [preauth]","@timestamp":"2022-09-18T22:04:48.591Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:05:03 honeypot-ams-1 kernel: [84415282.828502] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.77.96.135 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=44251 DF PROTO=TCP SPT=60443 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:05:03.600Z"}
{"@timestamp":"2022-09-18T22:05:18.022Z","@version":"1","message":"Sep 18 22:05:17 honeypot-sgp-1 sshd[31703]: Received disconnect from 179.43.156.143 port 33956:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:07:32.076Z","@version":"1","message":"Sep 18 22:07:31 honeypot-sgp-1 sshd[31709]: Invalid user dmdba from 179.43.156.143 port 54778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:08:58.118Z","@version":"1","message":"Sep 18 22:08:58 honeypot-sgp-1 sshd[31713]: Invalid user vagrant from 179.43.156.143 port 49834","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:09:52 honeypot-fra-1 sshd[30012]: Invalid user amssys from 107.172.219.107 port 58382","@timestamp":"2022-09-18T22:09:52.392Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:10:07.149Z","@version":"1","message":"Sep 18 22:10:06 honeypot-sgp-1 sshd[31717]: Invalid user ceo from 179.218.198.83 port 47359","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:15:50 honeypot-fra-1 sshd[30017]: Connection closed by invalid user que 137.116.144.39 port 55510 [preauth]","@timestamp":"2022-09-18T22:15:51.532Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:15:55.286Z","@version":"1","message":"Sep 18 22:15:54 honeypot-sgp-1 sshd[31722]: Received disconnect from 94.200.206.6 port 47542:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:17:01 honeypot-ams-1 CRON[6595]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T22:17:01.912Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:20:03 honeypot-ams-1 kernel: [84416182.542496] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=38588 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:20:03.995Z"}
{"@timestamp":"2022-09-18T22:20:05.384Z","@version":"1","message":"Sep 18 22:20:05 honeypot-sgp-1 sshd[31728]: Received disconnect from 92.255.85.70 port 23332:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:25:46 honeypot-fra-1 sshd[30023]: Received disconnect from 203.129.220.82 port 55556:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:25:47.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:27:35 honeypot-fra-1 sshd[30028]: Disconnected from invalid user pro3 157.230.9.57 port 47768 [preauth]","@timestamp":"2022-09-18T22:27:35.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:31:19 honeypot-ams-1 sshd[6606]: Invalid user tw from 114.108.150.156 port 37758","@timestamp":"2022-09-18T22:31:19.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:31:48 honeypot-ams-1 sshd[6610]: Disconnected from authenticating user root 192.116.113.246 port 39428 [preauth]","@timestamp":"2022-09-18T22:31:49.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30042]: Invalid user ansible from 185.209.179.41 port 57102","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30040]: Invalid user es from 185.209.179.41 port 57076","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30038]: Connection closed by authenticating user root 185.209.179.41 port 57130 [preauth]","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30039]: Connection closed by invalid user admin 185.209.179.41 port 57116 [preauth]","@timestamp":"2022-09-18T22:36:14.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30063]: Invalid user oracle from 185.209.179.41 port 57078","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30068]: Invalid user wordpress from 185.209.179.41 port 57084","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30065]: Connection closed by invalid user ts3server 185.209.179.41 port 57080 [preauth]","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30080]: Invalid user postgres from 185.209.179.41 port 57100","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30082]: Invalid user esuser from 185.209.179.41 port 57064","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30087]: Connection closed by invalid user postgres 185.209.179.41 port 57074 [preauth]","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:39:09 honeypot-ams-1 kernel: [84417328.501050] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=52770 PROTO=TCP SPT=30686 DPT=80 WINDOW=36437 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:39:09.500Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:40:07 honeypot-fra-1 sshd[30097]: Invalid user liuhuijie from 165.22.45.108 port 59186","@timestamp":"2022-09-18T22:40:08.094Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:43:00 honeypot-fra-1 sshd[30101]: Disconnected from authenticating user sshd 92.255.85.70 port 25848 [preauth]","@timestamp":"2022-09-18T22:43:01.161Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:44:51.967Z","@version":"1","message":"Sep 18 22:44:51 honeypot-sgp-1 kernel: [84417194.051865] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.141.136.197 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=9401 PROTO=TCP SPT=40872 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:47:43.039Z","@version":"1","message":"Sep 18 22:47:42 honeypot-sgp-1 sshd[31736]: Did not receive identification string from 104.152.52.243 port 41261","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:49:03 honeypot-fra-1 kernel: [84415748.958580] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=45421 DF PROTO=TCP SPT=44818 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:49:03.296Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:51:16.126Z","@version":"1","message":"Sep 18 22:51:16 honeypot-sgp-1 kernel: [84417578.413695] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.88.48 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=6924 DF PROTO=TCP SPT=37212 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:52:40 honeypot-ams-1 kernel: [84418139.563008] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=5608 DF PROTO=TCP SPT=44568 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:52:40.849Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:54:52 honeypot-ams-1 kernel: [84418272.119384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x18 PREC=0x00 TTL=239 ID=24476 PROTO=TCP SPT=40060 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:54:52.910Z"}
{"@timestamp":"2022-09-18T22:58:29.296Z","@version":"1","message":"Sep 18 22:58:28 honeypot-sgp-1 sshd[31742]: Disconnected from invalid user user 45.61.186.49 port 39804 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:58:38.300Z","@version":"1","message":"Sep 18 22:58:37 honeypot-sgp-1 sshd[31746]: Disconnected from invalid user user 45.61.186.49 port 51490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:59:00 honeypot-fra-1 sshd[30108]: Disconnected from invalid user a 187.102.40.150 port 53352 [preauth]","@timestamp":"2022-09-18T22:59:00.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:01:19 honeypot-ams-1 kernel: [84418658.911509] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30538 PROTO=TCP SPT=42077 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:01:20.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:02:51 honeypot-fra-1 kernel: [84416577.020597] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.13 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37131 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:02:51.612Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:06:04 honeypot-ams-1 sshd[6646]: Received disconnect from 51.15.204.199 port 55737:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:06:05.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:11:04 honeypot-fra-1 kernel: [84417070.510024] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28937 PROTO=TCP SPT=42663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:11:04.803Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T23:11:38.628Z","@version":"1","message":"Sep 18 23:11:38 honeypot-sgp-1 kernel: [84418800.452392] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.88 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30195 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:12:39 honeypot-fra-1 sshd[30122]: Disconnected from authenticating user root 92.255.85.70 port 18004 [preauth]","@timestamp":"2022-09-18T23:12:39.840Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:14:15.693Z","@version":"1","message":"Sep 18 23:14:15 honeypot-sgp-1 sshd[31757]: Invalid user ppacoc from 27.118.22.221 port 44902","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:15:42.730Z","@version":"1","message":"Sep 18 23:15:41 honeypot-sgp-1 sshd[31761]: Received disconnect from 92.255.85.69 port 16896:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:17:01 honeypot-ams-1 CRON[6651]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T23:17:02.489Z"}
{"@timestamp":"2022-09-18T23:17:40.778Z","@version":"1","message":"Sep 18 23:17:40 honeypot-sgp-1 sshd[31766]: Disconnected from invalid user frankr 201.14.44.230 port 57442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:19:47 honeypot-ams-1 sshd[6657]: Disconnected from authenticating user root 92.255.85.69 port 63212 [preauth]","@timestamp":"2022-09-18T23:19:47.563Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:15 honeypot-ams-1 sshd[6661]: Disconnected from invalid user user 45.61.184.204 port 51876 [preauth]","@timestamp":"2022-09-18T23:28:15.782Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:33 honeypot-ams-1 sshd[6665]: Received disconnect from 45.61.184.204 port 46172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:28:33.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:51 honeypot-ams-1 sshd[6669]: Received disconnect from 45.61.184.204 port 40472:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:28:51.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:29:07 honeypot-ams-1 sshd[6673]: Received disconnect from 45.61.184.204 port 34756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:29:07.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:29:09 honeypot-fra-1 sshd[30134]: Received disconnect from 46.101.254.194 port 43302:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:29:10.206Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:30:27.082Z","@version":"1","message":"Sep 18 23:30:26 honeypot-sgp-1 kernel: [84419928.394164] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=30414 PROTO=TCP SPT=43804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:38:32 honeypot-fra-1 sshd[30139]: Received disconnect from 92.255.85.70 port 61058:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:38:32.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:39:18.285Z","@version":"1","message":"Sep 18 23:39:18 honeypot-sgp-1 sshd[31784]: Invalid user akasaka from 20.187.88.167 port 59800","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:40:04 honeypot-ams-1 sshd[6679]: Received disconnect from 218.248.16.73 port 50320:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:40:05.117Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:42:20 honeypot-fra-1 sshd[30141]: Connection closed by invalid user postgres 193.106.191.157 port 47344 [preauth]","@timestamp":"2022-09-18T23:42:20.504Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:43:06.373Z","@version":"1","message":"Sep 18 23:43:05 honeypot-sgp-1 sshd[31789]: Invalid user configure from 144.48.240.59 port 54692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:44:24 honeypot-ams-1 sshd[6685]: Received disconnect from 68.183.225.151 port 57790:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:44:25.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:46:15 honeypot-fra-1 kernel: [84419181.116218] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=56354 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:46:15.596Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:46:36 honeypot-ams-1 sshd[6690]: Disconnected from invalid user extension 83.41.7.44 port 56910 [preauth]","@timestamp":"2022-09-18T23:46:37.293Z"}
{"@timestamp":"2022-09-18T23:47:45.483Z","@version":"1","message":"Sep 18 23:47:45 honeypot-sgp-1 sshd[31795]: Received disconnect from 14.225.198.182 port 43010:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:47:58 honeypot-fra-1 sshd[30151]: Connection reset by authenticating user root 161.35.86.181 port 49320 [preauth]","@timestamp":"2022-09-18T23:47:58.637Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:49:51 honeypot-ams-1 sshd[6695]: Received disconnect from 45.61.184.204 port 38626:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:49:52.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:10 honeypot-ams-1 sshd[6699]: Received disconnect from 45.61.184.204 port 33164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:50:11.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:28 honeypot-ams-1 sshd[6703]: Received disconnect from 45.61.184.204 port 55948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:50:29.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:45 honeypot-ams-1 sshd[6707]: Received disconnect from 45.61.184.204 port 50488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:50:45.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:56:44 honeypot-ams-1 sshd[6712]: Invalid user zxd from 103.188.176.251 port 48340","@timestamp":"2022-09-18T23:56:45.571Z"}
{"@timestamp":"2022-09-18T23:58:07.746Z","@version":"1","message":"Sep 18 23:58:07 honeypot-sgp-1 sshd[31801]: Invalid user zs from 203.106.164.74 port 47486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:58:58.768Z","@version":"1","message":"Sep 18 23:58:57 honeypot-sgp-1 sshd[31805]: Invalid user monitor from 68.183.92.26 port 40588","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:00:39 honeypot-fra-1 sshd[30179]: Invalid user zxd from 103.188.176.251 port 57690","@timestamp":"2022-09-19T00:00:39.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:02:53.860Z","@version":"1","message":"Sep 19 00:02:53 honeypot-sgp-1 sshd[31825]: Received disconnect from 159.65.180.64 port 41912:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:24.874Z","@version":"1","message":"Sep 19 00:03:24 honeypot-sgp-1 sshd[31830]: Disconnected from authenticating user root 103.147.5.1 port 53992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:04:08.895Z","@version":"1","message":"Sep 19 00:04:08 honeypot-sgp-1 sshd[31836]: Received disconnect from 46.101.157.187 port 43996:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:04:56.917Z","@version":"1","message":"Sep 19 00:04:56 honeypot-sgp-1 sshd[31842]: Invalid user tekbaseftp from 164.92.159.65 port 46156","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:33.953Z","@version":"1","message":"Sep 19 00:05:33 honeypot-sgp-1 sshd[31846]: Invalid user bridget from 209.97.149.37 port 38140","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:59.965Z","@version":"1","message":"Sep 19 00:05:59 honeypot-sgp-1 sshd[31850]: Received disconnect from 128.199.249.246 port 36036:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:14.997Z","@version":"1","message":"Sep 19 00:07:14 honeypot-sgp-1 sshd[31854]: Received disconnect from 20.187.78.220 port 42062:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:32.006Z","@version":"1","message":"Sep 19 00:07:31 honeypot-sgp-1 sshd[31858]: Disconnected from invalid user admin 35.209.160.244 port 56408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:08:01.020Z","@version":"1","message":"Sep 19 00:08:00 honeypot-sgp-1 sshd[31862]: Received disconnect from 64.227.190.199 port 37014:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:08:02 honeypot-ams-1 sshd[6733]: Disconnected from invalid user arcs 177.22.35.126 port 49924 [preauth]","@timestamp":"2022-09-19T00:08:02.878Z"}
{"@timestamp":"2022-09-19T00:08:14.026Z","@version":"1","message":"Sep 19 00:08:13 honeypot-sgp-1 sshd[31866]: Received disconnect from 192.227.166.144 port 35366:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:09:27.057Z","@version":"1","message":"Sep 19 00:09:26 honeypot-sgp-1 sshd[31871]: Disconnected from invalid user joomla 143.110.177.216 port 55822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:09:36 honeypot-fra-1 kernel: [84420581.741969] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28021 PROTO=TCP SPT=45603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:09:36.122Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T00:14:48.183Z","@version":"1","message":"Sep 19 00:14:47 honeypot-sgp-1 sshd[31878]: Connection closed by invalid user admin 165.232.158.22 port 36444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:14:51.186Z","@version":"1","message":"Sep 19 00:14:50 honeypot-sgp-1 sshd[31884]: Connection closed by invalid user admin 165.232.158.22 port 43634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:16:14 honeypot-fra-1 sshd[30188]: Received disconnect from 165.22.45.108 port 36664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T00:16:15.273Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:19:16 honeypot-ams-1 sshd[6739]: Disconnected from invalid user Administrator 92.255.85.70 port 50558 [preauth]","@timestamp":"2022-09-19T00:19:17.196Z"}
{"@timestamp":"2022-09-19T00:20:19.318Z","@version":"1","message":"Sep 19 00:20:18 honeypot-sgp-1 sshd[31890]: Received disconnect from 92.255.85.70 port 50246:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:27:53 honeypot-ams-1 sshd[6745]: Invalid user admin from 180.33.111.29 port 60861","@timestamp":"2022-09-19T00:27:53.428Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:31:51 honeypot-fra-1 kernel: [84421917.388320] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.229.61.193 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=32291 PROTO=TCP SPT=55785 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:31:52.624Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T00:34:04.633Z","@version":"1","message":"Sep 19 00:34:04 honeypot-sgp-1 sshd[31899]: Connection closed by 174.138.61.44 port 40800 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:36:22 honeypot-fra-1 sshd[30197]: Disconnected from invalid user pou 143.198.154.97 port 39868 [preauth]","@timestamp":"2022-09-19T00:36:22.729Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:37:05.706Z","@version":"1","message":"Sep 19 00:37:05 honeypot-sgp-1 kernel: [84423927.830958] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=48976 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:39:50 honeypot-ams-1 kernel: [84424569.876022] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.129.238.75 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=58826 PROTO=TCP SPT=32436 DPT=80 WINDOW=44924 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:39:50.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:48:05 honeypot-ams-1 sshd[6753]: Disconnected from invalid user rpm 139.59.122.125 port 34802 [preauth]","@timestamp":"2022-09-19T00:48:05.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:49:24 honeypot-fra-1 kernel: [84422970.429043] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=181.16.110.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=15533 PROTO=TCP SPT=52650 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:49:25.020Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:55:44 honeypot-ams-1 sshd[6759]: Invalid user demos from 45.126.184.170 port 39901","@timestamp":"2022-09-19T00:55:45.171Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:00:18 honeypot-ams-1 kernel: [84425797.713726] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=39061 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:00:19.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6778]: Invalid user ubuntu from 195.19.96.168 port 59120","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6766]: Connection closed by invalid user admin 195.19.96.168 port 59146 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6767]: Invalid user steam from 195.19.96.168 port 59108","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6776]: Invalid user mc from 195.19.96.168 port 59098","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6791]: Invalid user testuser from 195.19.96.168 port 59126","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6785]: Connection closed by invalid user admin 195.19.96.168 port 59048 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6768]: Connection closed by invalid user ubuntu 195.19.96.168 port 59062 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6816]: Connection closed by authenticating user root 195.19.96.168 port 59028 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:42 honeypot-ams-1 sshd[6824]: Disconnected from authenticating user root 63.41.9.210 port 54263 [preauth]","@timestamp":"2022-09-19T01:00:43.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:06:07 honeypot-fra-1 kernel: [84423972.941559] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.237.241.206 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=15533 PROTO=TCP SPT=46050 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:06:07.393Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:07:37.414Z","@version":"1","message":"Sep 19 01:07:36 honeypot-sgp-1 sshd[31913]: Invalid user hadoop from 144.24.72.43 port 43150","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:13:52.558Z","@version":"1","message":"Sep 19 01:13:52 honeypot-sgp-1 sshd[31918]: Invalid user postgres from 96.84.149.98 port 45440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:16:02 honeypot-fra-1 kernel: [84424568.328403] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=124.222.18.77 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=10556 DF PROTO=TCP SPT=24023 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:16:03.614Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:17:01.633Z","@version":"1","message":"Sep 19 01:17:01 honeypot-sgp-1 CRON[31922]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:17:01 honeypot-ams-1 CRON[6830]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T01:17:02.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:18:09 honeypot-ams-1 sshd[6835]: Disconnected from invalid user gry 178.154.205.230 port 48932 [preauth]","@timestamp":"2022-09-19T01:18:09.767Z"}
{"@timestamp":"2022-09-19T01:21:05.730Z","@version":"1","message":"Sep 19 01:21:05 honeypot-sgp-1 kernel: [84426567.318436] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=77.77.131.178 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=31157 DF PROTO=TCP SPT=51209 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:21:37 honeypot-fra-1 kernel: [84424903.046434] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.142 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=51934 PROTO=TCP SPT=58348 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:21:37.740Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:24:46 honeypot-ams-1 sshd[6840]: Received disconnect from 92.255.85.69 port 23450:11: Bye Bye [preauth]","@timestamp":"2022-09-19T01:24:46.963Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:37:01 honeypot-ams-1 kernel: [84428000.693512] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=41237 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:37:02.286Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:40:30 honeypot-fra-1 kernel: [84426036.000054] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.61.184.125 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52610 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:40:31.198Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:46:00 honeypot-fra-1 sshd[30670]: Invalid user Administrator from 92.255.85.70 port 29930","@timestamp":"2022-09-19T01:46:00.325Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T01:46:47.359Z","@version":"1","message":"Sep 19 01:46:46 honeypot-sgp-1 kernel: [84428108.565744] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.204.132.65 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=830 PROTO=TCP SPT=50014 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:51:16.466Z","@version":"1","message":"Sep 19 01:51:15 honeypot-sgp-1 kernel: [84428378.102028] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.196 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=65388 PROTO=TCP SPT=38091 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:53:23 honeypot-ams-1 sshd[6850]: Received disconnect from 92.255.85.69 port 32360:11: Bye Bye [preauth]","@timestamp":"2022-09-19T01:53:23.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:55:37 honeypot-fra-1 sshd[30673]: Invalid user liuqi from 165.22.45.108 port 42432","@timestamp":"2022-09-19T01:55:37.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T01:58:43.643Z","@version":"1","message":"Sep 19 01:58:43 honeypot-sgp-1 sshd[32381]: Connection closed by 167.99.107.57 port 53210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:48 honeypot-fra-1 sshd[30681]: Connection closed by authenticating user root 103.241.181.174 port 46554 [preauth]","@timestamp":"2022-09-19T02:03:48.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:54 honeypot-fra-1 sshd[30693]: Connection closed by authenticating user root 103.241.181.174 port 47692 [preauth]","@timestamp":"2022-09-19T02:03:54.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:00 honeypot-fra-1 sshd[30705]: Connection closed by authenticating user root 103.241.181.174 port 48750 [preauth]","@timestamp":"2022-09-19T02:04:00.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:06 honeypot-fra-1 sshd[30717]: Connection closed by authenticating user root 103.241.181.174 port 49776 [preauth]","@timestamp":"2022-09-19T02:04:06.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:12 honeypot-fra-1 sshd[30729]: Connection closed by authenticating user root 103.241.181.174 port 50874 [preauth]","@timestamp":"2022-09-19T02:04:12.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:18 honeypot-fra-1 sshd[30741]: Connection closed by authenticating user root 103.241.181.174 port 51896 [preauth]","@timestamp":"2022-09-19T02:04:19.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:25 honeypot-fra-1 sshd[30755]: Connection closed by authenticating user root 103.241.181.174 port 52998 [preauth]","@timestamp":"2022-09-19T02:04:25.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:30 honeypot-fra-1 sshd[30766]: Connection closed by authenticating user root 103.241.181.174 port 53768 [preauth]","@timestamp":"2022-09-19T02:04:30.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:35 honeypot-fra-1 sshd[30778]: Connection closed by authenticating user root 103.241.181.174 port 54826 [preauth]","@timestamp":"2022-09-19T02:04:35.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:41 honeypot-fra-1 sshd[30790]: Connection closed by authenticating user root 103.241.181.174 port 55860 [preauth]","@timestamp":"2022-09-19T02:04:42.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:48 honeypot-fra-1 sshd[30802]: Connection closed by authenticating user root 103.241.181.174 port 56926 [preauth]","@timestamp":"2022-09-19T02:04:48.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:53 honeypot-fra-1 sshd[30814]: Connection closed by authenticating user root 103.241.181.174 port 57958 [preauth]","@timestamp":"2022-09-19T02:04:54.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:59 honeypot-fra-1 sshd[30827]: Connection closed by authenticating user root 103.241.181.174 port 58970 [preauth]","@timestamp":"2022-09-19T02:05:00.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:06 honeypot-fra-1 sshd[30839]: Connection closed by authenticating user root 103.241.181.174 port 60034 [preauth]","@timestamp":"2022-09-19T02:05:06.777Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:10 honeypot-fra-1 sshd[30847]: Connection closed by invalid user user 103.241.181.174 port 60832 [preauth]","@timestamp":"2022-09-19T02:05:10.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:13 honeypot-fra-1 sshd[30853]: Connection closed by invalid user user 103.241.181.174 port 33136 [preauth]","@timestamp":"2022-09-19T02:05:13.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:16 honeypot-fra-1 sshd[30859]: Connection closed by invalid user user 103.241.181.174 port 33662 [preauth]","@timestamp":"2022-09-19T02:05:17.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:20 honeypot-fra-1 sshd[30865]: Connection closed by invalid user user 103.241.181.174 port 34184 [preauth]","@timestamp":"2022-09-19T02:05:20.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:23 honeypot-fra-1 sshd[30871]: Connection closed by invalid user user 103.241.181.174 port 34734 [preauth]","@timestamp":"2022-09-19T02:05:23.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:25 honeypot-fra-1 sshd[30877]: Connection closed by invalid user user 103.241.181.174 port 35254 [preauth]","@timestamp":"2022-09-19T02:05:26.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:28 honeypot-fra-1 sshd[30883]: Connection closed by invalid user user 103.241.181.174 port 35740 [preauth]","@timestamp":"2022-09-19T02:05:28.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:31 honeypot-fra-1 sshd[30889]: Connection closed by invalid user user 103.241.181.174 port 36236 [preauth]","@timestamp":"2022-09-19T02:05:31.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:34 honeypot-fra-1 sshd[30895]: Connection closed by invalid user user 103.241.181.174 port 36806 [preauth]","@timestamp":"2022-09-19T02:05:34.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:37 honeypot-fra-1 sshd[30901]: Connection closed by invalid user user 103.241.181.174 port 37326 [preauth]","@timestamp":"2022-09-19T02:05:37.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:40 honeypot-fra-1 sshd[30907]: Connection closed by invalid user user 103.241.181.174 port 37808 [preauth]","@timestamp":"2022-09-19T02:05:41.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:43 honeypot-fra-1 sshd[30913]: Connection closed by invalid user user 103.241.181.174 port 38376 [preauth]","@timestamp":"2022-09-19T02:05:44.803Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:46 honeypot-fra-1 sshd[30919]: Connection closed by invalid user user 103.241.181.174 port 38872 [preauth]","@timestamp":"2022-09-19T02:05:46.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:49 honeypot-fra-1 sshd[30925]: Connection closed by invalid user user 103.241.181.174 port 39366 [preauth]","@timestamp":"2022-09-19T02:05:50.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:52 honeypot-fra-1 sshd[30931]: Connection closed by invalid user user 103.241.181.174 port 39904 [preauth]","@timestamp":"2022-09-19T02:05:53.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:55 honeypot-fra-1 sshd[30937]: Connection closed by invalid user user 103.241.181.174 port 40454 [preauth]","@timestamp":"2022-09-19T02:05:56.811Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:58 honeypot-fra-1 sshd[30943]: Connection closed by invalid user user 103.241.181.174 port 40938 [preauth]","@timestamp":"2022-09-19T02:05:58.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:01 honeypot-fra-1 sshd[30949]: Connection closed by invalid user user 103.241.181.174 port 41418 [preauth]","@timestamp":"2022-09-19T02:06:02.815Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:05 honeypot-fra-1 sshd[30955]: Connection closed by invalid user user 103.241.181.174 port 42076 [preauth]","@timestamp":"2022-09-19T02:06:05.817Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:08 honeypot-fra-1 sshd[30961]: Connection closed by invalid user user 103.241.181.174 port 42622 [preauth]","@timestamp":"2022-09-19T02:06:08.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:11 honeypot-fra-1 sshd[30967]: Connection closed by invalid user user 103.241.181.174 port 43232 [preauth]","@timestamp":"2022-09-19T02:06:11.820Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:14 honeypot-fra-1 sshd[30973]: Connection closed by invalid user user 103.241.181.174 port 43778 [preauth]","@timestamp":"2022-09-19T02:06:15.823Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:18 honeypot-fra-1 sshd[30979]: Connection closed by invalid user user 103.241.181.174 port 44280 [preauth]","@timestamp":"2022-09-19T02:06:18.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:21 honeypot-fra-1 sshd[30985]: Connection closed by invalid user user 103.241.181.174 port 44778 [preauth]","@timestamp":"2022-09-19T02:06:21.828Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:24 honeypot-fra-1 sshd[30991]: Connection closed by invalid user user 103.241.181.174 port 45314 [preauth]","@timestamp":"2022-09-19T02:06:24.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:27 honeypot-fra-1 sshd[30997]: Connection closed by invalid user user 103.241.181.174 port 45866 [preauth]","@timestamp":"2022-09-19T02:06:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:30 honeypot-fra-1 sshd[31003]: Connection closed by invalid user user 103.241.181.174 port 46424 [preauth]","@timestamp":"2022-09-19T02:06:30.833Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:33 honeypot-fra-1 sshd[31009]: Connection closed by invalid user ubuntu 103.241.181.174 port 47016 [preauth]","@timestamp":"2022-09-19T02:06:33.837Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:36 honeypot-fra-1 sshd[31015]: Connection closed by invalid user ubuntu 103.241.181.174 port 47510 [preauth]","@timestamp":"2022-09-19T02:06:36.838Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:39 honeypot-fra-1 sshd[31021]: Connection closed by invalid user ubuntu 103.241.181.174 port 47956 [preauth]","@timestamp":"2022-09-19T02:06:39.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:42 honeypot-fra-1 sshd[31027]: Connection closed by invalid user ubuntu 103.241.181.174 port 48510 [preauth]","@timestamp":"2022-09-19T02:06:42.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:45 honeypot-fra-1 sshd[31033]: Connection closed by invalid user ubuntu 103.241.181.174 port 49076 [preauth]","@timestamp":"2022-09-19T02:06:45.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:48 honeypot-fra-1 sshd[31039]: Connection closed by invalid user ubuntu 103.241.181.174 port 49550 [preauth]","@timestamp":"2022-09-19T02:06:48.847Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:51 honeypot-fra-1 sshd[31045]: Connection closed by invalid user ubuntu 103.241.181.174 port 50060 [preauth]","@timestamp":"2022-09-19T02:06:51.849Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:54 honeypot-fra-1 sshd[31051]: Connection closed by invalid user ubuntu 103.241.181.174 port 50622 [preauth]","@timestamp":"2022-09-19T02:06:54.850Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:57 honeypot-fra-1 sshd[31057]: Connection closed by invalid user ubuntu 103.241.181.174 port 51160 [preauth]","@timestamp":"2022-09-19T02:06:57.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:00 honeypot-fra-1 sshd[31063]: Connection closed by invalid user ubuntu 103.241.181.174 port 51628 [preauth]","@timestamp":"2022-09-19T02:07:00.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:04 honeypot-fra-1 sshd[31069]: Connection closed by invalid user ubuntu 103.241.181.174 port 52218 [preauth]","@timestamp":"2022-09-19T02:07:04.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:07 honeypot-fra-1 sshd[31075]: Connection closed by invalid user ubuntu 103.241.181.174 port 52774 [preauth]","@timestamp":"2022-09-19T02:07:07.859Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:10 honeypot-fra-1 sshd[31081]: Connection closed by invalid user ubuntu 103.241.181.174 port 53316 [preauth]","@timestamp":"2022-09-19T02:07:10.861Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:13 honeypot-fra-1 sshd[31087]: Connection closed by invalid user ubuntu 103.241.181.174 port 53842 [preauth]","@timestamp":"2022-09-19T02:07:13.863Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:16 honeypot-fra-1 sshd[31093]: Connection closed by invalid user ubuntu 103.241.181.174 port 54448 [preauth]","@timestamp":"2022-09-19T02:07:16.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:19 honeypot-fra-1 sshd[31101]: Connection closed by invalid user ubuntu 103.241.181.174 port 55142 [preauth]","@timestamp":"2022-09-19T02:07:19.868Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:22 honeypot-fra-1 sshd[31107]: Connection closed by invalid user ubuntu 103.241.181.174 port 55780 [preauth]","@timestamp":"2022-09-19T02:07:22.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:25 honeypot-fra-1 sshd[31113]: Connection closed by invalid user ubuntu 103.241.181.174 port 56452 [preauth]","@timestamp":"2022-09-19T02:07:25.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:28 honeypot-fra-1 sshd[31119]: Invalid user ubuntu from 103.241.181.174 port 57174","@timestamp":"2022-09-19T02:07:28.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:31 honeypot-fra-1 sshd[31125]: Invalid user ubuntu from 103.241.181.174 port 57814","@timestamp":"2022-09-19T02:07:31.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:34 honeypot-fra-1 sshd[31131]: Invalid user ubuntu from 103.241.181.174 port 58532","@timestamp":"2022-09-19T02:07:35.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:38 honeypot-fra-1 sshd[31137]: Invalid user ubuntu from 103.241.181.174 port 59190","@timestamp":"2022-09-19T02:07:38.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:41 honeypot-fra-1 sshd[31143]: Invalid user ubuntu from 103.241.181.174 port 59780","@timestamp":"2022-09-19T02:07:41.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:44 honeypot-fra-1 sshd[31149]: Invalid user ubuntu from 103.241.181.174 port 60354","@timestamp":"2022-09-19T02:07:44.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:47 honeypot-fra-1 sshd[31155]: Invalid user ubuntu from 103.241.181.174 port 60892","@timestamp":"2022-09-19T02:07:47.887Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:50 honeypot-fra-1 sshd[31161]: Invalid user ubuntu from 103.241.181.174 port 33180","@timestamp":"2022-09-19T02:07:50.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:53 honeypot-fra-1 sshd[31167]: Invalid user ubuntu from 103.241.181.174 port 33728","@timestamp":"2022-09-19T02:07:53.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:56 honeypot-fra-1 sshd[31173]: Invalid user ubuntu from 103.241.181.174 port 34318","@timestamp":"2022-09-19T02:07:56.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:59 honeypot-fra-1 sshd[31179]: Invalid user debian from 103.241.181.174 port 34878","@timestamp":"2022-09-19T02:07:59.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:03 honeypot-fra-1 sshd[31185]: Invalid user debian from 103.241.181.174 port 35430","@timestamp":"2022-09-19T02:08:03.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:06 honeypot-fra-1 sshd[31191]: Invalid user debian from 103.241.181.174 port 36044","@timestamp":"2022-09-19T02:08:06.900Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:09 honeypot-fra-1 sshd[31197]: Invalid user debian from 103.241.181.174 port 36616","@timestamp":"2022-09-19T02:08:09.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:12 honeypot-fra-1 sshd[31203]: Invalid user debian from 103.241.181.174 port 37182","@timestamp":"2022-09-19T02:08:12.903Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:15 honeypot-fra-1 sshd[31209]: Invalid user debian from 103.241.181.174 port 37798","@timestamp":"2022-09-19T02:08:15.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:18 honeypot-fra-1 sshd[31215]: Invalid user debian from 103.241.181.174 port 38378","@timestamp":"2022-09-19T02:08:19.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:21 honeypot-fra-1 sshd[31221]: Invalid user debian from 103.241.181.174 port 38910","@timestamp":"2022-09-19T02:08:21.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:24 honeypot-fra-1 sshd[31227]: Invalid user debian from 103.241.181.174 port 39478","@timestamp":"2022-09-19T02:08:25.912Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:08:26 honeypot-ams-1 sshd[6854]: Connection closed by invalid user  118.193.59.59 port 59968 [preauth]","@timestamp":"2022-09-19T02:08:27.111Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:28 honeypot-fra-1 sshd[31233]: Invalid user debian from 103.241.181.174 port 40130","@timestamp":"2022-09-19T02:08:28.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:31 honeypot-fra-1 sshd[31239]: Invalid user debian from 103.241.181.174 port 40730","@timestamp":"2022-09-19T02:08:31.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:34 honeypot-fra-1 sshd[31246]: Invalid user debian from 103.241.181.174 port 41266","@timestamp":"2022-09-19T02:08:34.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:38 honeypot-fra-1 sshd[31252]: Invalid user debian from 103.241.181.174 port 41896","@timestamp":"2022-09-19T02:08:38.920Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:41 honeypot-fra-1 sshd[31258]: Invalid user debian from 103.241.181.174 port 42440","@timestamp":"2022-09-19T02:08:41.922Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:44 honeypot-fra-1 sshd[31264]: Invalid user debian from 103.241.181.174 port 43006","@timestamp":"2022-09-19T02:08:44.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:47 honeypot-fra-1 sshd[31270]: Invalid user debian from 103.241.181.174 port 43550","@timestamp":"2022-09-19T02:08:47.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:50 honeypot-fra-1 sshd[31276]: Invalid user debian from 103.241.181.174 port 44128","@timestamp":"2022-09-19T02:08:50.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:53 honeypot-fra-1 sshd[31282]: Invalid user debian from 103.241.181.174 port 44698","@timestamp":"2022-09-19T02:08:53.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:56 honeypot-fra-1 sshd[31288]: Invalid user debian from 103.241.181.174 port 45276","@timestamp":"2022-09-19T02:08:56.933Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:59 honeypot-fra-1 sshd[31294]: Invalid user debian from 103.241.181.174 port 45776","@timestamp":"2022-09-19T02:08:59.934Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:03 honeypot-fra-1 sshd[31300]: Invalid user debian from 103.241.181.174 port 46420","@timestamp":"2022-09-19T02:09:03.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:06 honeypot-fra-1 sshd[31306]: Invalid user debian from 103.241.181.174 port 47004","@timestamp":"2022-09-19T02:09:06.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:09 honeypot-fra-1 sshd[31312]: Invalid user debian from 103.241.181.174 port 47590","@timestamp":"2022-09-19T02:09:09.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:12 honeypot-fra-1 sshd[31318]: Invalid user debian from 103.241.181.174 port 48162","@timestamp":"2022-09-19T02:09:12.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:16 honeypot-fra-1 sshd[31324]: Invalid user debian from 103.241.181.174 port 48760","@timestamp":"2022-09-19T02:09:16.946Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:19 honeypot-fra-1 sshd[31330]: Invalid user debian from 103.241.181.174 port 49302","@timestamp":"2022-09-19T02:09:19.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:22 honeypot-fra-1 sshd[31336]: Invalid user debian from 103.241.181.174 port 49918","@timestamp":"2022-09-19T02:09:22.950Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:25 honeypot-fra-1 sshd[31342]: Invalid user admin from 103.241.181.174 port 50514","@timestamp":"2022-09-19T02:09:25.952Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:29 honeypot-fra-1 sshd[31348]: Invalid user admin from 103.241.181.174 port 51050","@timestamp":"2022-09-19T02:09:29.954Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:30 honeypot-fra-1 sshd[31354]: Invalid user admin from 103.241.181.174 port 51416","@timestamp":"2022-09-19T02:09:31.956Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:33 honeypot-fra-1 sshd[31360]: Invalid user admin from 103.241.181.174 port 51926","@timestamp":"2022-09-19T02:09:33.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:36 honeypot-fra-1 sshd[31366]: Invalid user admin from 103.241.181.174 port 52452","@timestamp":"2022-09-19T02:09:36.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:40 honeypot-fra-1 sshd[31372]: Invalid user admin from 103.241.181.174 port 53004","@timestamp":"2022-09-19T02:09:40.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:43 honeypot-fra-1 sshd[31378]: Invalid user admin from 103.241.181.174 port 53598","@timestamp":"2022-09-19T02:09:43.964Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:46 honeypot-fra-1 sshd[31384]: Invalid user admin from 103.241.181.174 port 54168","@timestamp":"2022-09-19T02:09:46.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:49 honeypot-fra-1 sshd[31390]: Invalid user admin from 103.241.181.174 port 54678","@timestamp":"2022-09-19T02:09:49.969Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:51 honeypot-fra-1 sshd[31396]: Disconnected from invalid user postgres 92.255.85.69 port 33964 [preauth]","@timestamp":"2022-09-19T02:09:51.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:54 honeypot-fra-1 sshd[31400]: Connection closed by invalid user admin 103.241.181.174 port 55412 [preauth]","@timestamp":"2022-09-19T02:09:54.972Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:57 honeypot-fra-1 sshd[31406]: Connection closed by invalid user admin 103.241.181.174 port 55958 [preauth]","@timestamp":"2022-09-19T02:09:57.974Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:00 honeypot-fra-1 sshd[31413]: Connection closed by invalid user admin 103.241.181.174 port 56580 [preauth]","@timestamp":"2022-09-19T02:10:00.976Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:03 honeypot-fra-1 sshd[31419]: Connection closed by invalid user admin 103.241.181.174 port 57236 [preauth]","@timestamp":"2022-09-19T02:10:03.979Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:06 honeypot-fra-1 sshd[31425]: Connection closed by invalid user admin 103.241.181.174 port 57878 [preauth]","@timestamp":"2022-09-19T02:10:06.980Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:09 honeypot-fra-1 sshd[31431]: Connection closed by invalid user admin 103.241.181.174 port 58534 [preauth]","@timestamp":"2022-09-19T02:10:09.982Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:12 honeypot-fra-1 sshd[31437]: Connection closed by invalid user admin 103.241.181.174 port 59224 [preauth]","@timestamp":"2022-09-19T02:10:12.984Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:14 honeypot-fra-1 sshd[31443]: Invalid user admin from 103.241.181.174 port 59660","@timestamp":"2022-09-19T02:10:14.985Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:18 honeypot-fra-1 sshd[31449]: Invalid user admin from 103.241.181.174 port 60406","@timestamp":"2022-09-19T02:10:18.988Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:21 honeypot-fra-1 sshd[31455]: Invalid user admin from 103.241.181.174 port 32834","@timestamp":"2022-09-19T02:10:21.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:24 honeypot-fra-1 sshd[31461]: Invalid user admin from 103.241.181.174 port 33364","@timestamp":"2022-09-19T02:10:24.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:27 honeypot-fra-1 sshd[31467]: Invalid user admin from 103.241.181.174 port 33968","@timestamp":"2022-09-19T02:10:27.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:31 honeypot-fra-1 sshd[31473]: Invalid user admin from 103.241.181.174 port 34502","@timestamp":"2022-09-19T02:10:31.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:34 honeypot-fra-1 sshd[31479]: Invalid user admin from 103.241.181.174 port 35064","@timestamp":"2022-09-19T02:10:35.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:37 honeypot-fra-1 sshd[31485]: Invalid user admin from 103.241.181.174 port 35620","@timestamp":"2022-09-19T02:10:38.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:40 honeypot-fra-1 sshd[31491]: Invalid user admin from 103.241.181.174 port 36160","@timestamp":"2022-09-19T02:10:41.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:43 honeypot-fra-1 sshd[31497]: Invalid user admin from 103.241.181.174 port 36642","@timestamp":"2022-09-19T02:10:44.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:46 honeypot-fra-1 sshd[31503]: Invalid user admin from 103.241.181.174 port 37184","@timestamp":"2022-09-19T02:10:47.008Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:49 honeypot-fra-1 sshd[31509]: Invalid user admin from 103.241.181.174 port 37702","@timestamp":"2022-09-19T02:10:50.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:11:08 honeypot-fra-1 sshd[31515]: Received disconnect from 59.19.54.171 port 33220:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:11:09.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:15:23.049Z","@version":"1","message":"Sep 19 02:15:22 honeypot-sgp-1 kernel: [84429824.416120] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=36663 DF PROTO=TCP SPT=2491 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:16:23.078Z","@version":"1","message":"Sep 19 02:16:22 honeypot-sgp-1 kernel: [84429884.662105] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=36689 DF PROTO=TCP SPT=5218 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:45 honeypot-ams-1 sshd[6861]: Received disconnect from 45.61.184.204 port 54198:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:17:46.360Z"}
{"@timestamp":"2022-09-19T02:17:49.117Z","@version":"1","message":"Sep 19 02:17:48 honeypot-sgp-1 kernel: [84429970.555989] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=36695 DF PROTO=TCP SPT=11457 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:04 honeypot-ams-1 sshd[6865]: Received disconnect from 45.61.184.204 port 48398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:18:05.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:21 honeypot-ams-1 sshd[6869]: Received disconnect from 45.61.184.204 port 42658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:18:22.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:39 honeypot-ams-1 sshd[6873]: Received disconnect from 45.61.184.204 port 36912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:18:40.390Z"}
{"@timestamp":"2022-09-19T02:20:38.189Z","@version":"1","message":"Sep 19 02:20:37 honeypot-sgp-1 sshd[32400]: Received disconnect from 45.61.184.204 port 43278:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:20:58.198Z","@version":"1","message":"Sep 19 02:20:57 honeypot-sgp-1 sshd[32404]: Received disconnect from 45.61.184.204 port 38428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:16.208Z","@version":"1","message":"Sep 19 02:21:15 honeypot-sgp-1 sshd[32408]: Received disconnect from 45.61.184.204 port 33582:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:22:48 honeypot-fra-1 sshd[31522]: Did not receive identification string from 45.61.184.204 port 45706","@timestamp":"2022-09-19T02:22:49.283Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:30 honeypot-fra-1 sshd[31527]: Invalid user user from 45.61.184.204 port 43372","@timestamp":"2022-09-19T02:23:31.302Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:50 honeypot-fra-1 sshd[31531]: Invalid user user from 45.61.184.204 port 38560","@timestamp":"2022-09-19T02:23:50.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:09 honeypot-fra-1 sshd[31535]: Invalid user user from 45.61.184.204 port 33756","@timestamp":"2022-09-19T02:24:10.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:23 honeypot-fra-1 kernel: [84428669.303968] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=60311 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:24:24.327Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T02:24:53.298Z","@version":"1","message":"Sep 19 02:24:52 honeypot-sgp-1 sshd[32412]: Connection closed by invalid user hunter 179.60.147.69 port 35310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:28:52 honeypot-fra-1 kernel: [84428938.242843] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=90 TOS=0x00 PREC=0x00 TTL=250 ID=31161 PROTO=TCP SPT=13207 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:28:53.431Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:29:17 honeypot-ams-1 sshd[6878]: Invalid user hunter from 179.60.147.69 port 39374","@timestamp":"2022-09-19T02:29:18.662Z"}
{"@timestamp":"2022-09-19T02:30:56.451Z","@version":"1","message":"Sep 19 02:30:56 honeypot-sgp-1 sshd[32417]: Disconnected from authenticating user root 177.170.20.12 port 58634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:31:08 honeypot-ams-1 kernel: [84431247.639159] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=22994 PROTO=TCP SPT=54606 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:31:08.714Z"}
{"@timestamp":"2022-09-19T02:35:26.567Z","@version":"1","message":"Sep 19 02:35:25 honeypot-sgp-1 sshd[32424]: Invalid user admin from 185.246.130.20 port 18567","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:35:49.580Z","@version":"1","message":"Sep 19 02:35:49 honeypot-sgp-1 sshd[32430]: Invalid user admin from 185.246.130.20 port 56195","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:15.593Z","@version":"1","message":"Sep 19 02:36:14 honeypot-sgp-1 sshd[32436]: Invalid user aerohive from 185.246.130.20 port 42681","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:46.610Z","@version":"1","message":"Sep 19 02:36:45 honeypot-sgp-1 sshd[32442]: Invalid user private from 185.246.130.20 port 33153","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:16.625Z","@version":"1","message":"Sep 19 02:37:15 honeypot-sgp-1 sshd[32448]: Disconnecting invalid user Admin 185.246.130.20 port 60936: Change of username or service not allowed: (Admin,ssh-connection) -> (araknis,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:39.638Z","@version":"1","message":"Sep 19 02:37:39 honeypot-sgp-1 sshd[32454]: Disconnecting invalid user user 185.246.130.20 port 8958: Change of username or service not allowed: (user,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:07.653Z","@version":"1","message":"Sep 19 02:38:06 honeypot-sgp-1 sshd[32462]: Invalid user admin from 185.246.130.20 port 41018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:30.665Z","@version":"1","message":"Sep 19 02:38:30 honeypot-sgp-1 sshd[32468]: Disconnecting authenticating user root 185.246.130.20 port 10903: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:50.676Z","@version":"1","message":"Sep 19 02:38:50 honeypot-sgp-1 sshd[32474]: Invalid user Cisco from 185.246.130.20 port 38592","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:39:03 honeypot-fra-1 kernel: [84429548.767788] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.129.68 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=17138 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:39:03.659Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T02:39:17.691Z","@version":"1","message":"Sep 19 02:39:17 honeypot-sgp-1 sshd[32480]: Invalid user 1234 from 185.246.130.20 port 25882","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:38.702Z","@version":"1","message":"Sep 19 02:39:38 honeypot-sgp-1 sshd[32486]: Disconnecting invalid user  185.246.130.20 port 36314: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:00.713Z","@version":"1","message":"Sep 19 02:39:59 honeypot-sgp-1 sshd[32492]: Disconnecting invalid user admin 185.246.130.20 port 1637: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:20.726Z","@version":"1","message":"Sep 19 02:40:20 honeypot-sgp-1 sshd[32499]: Disconnecting invalid user  185.246.130.20 port 40236: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:49.741Z","@version":"1","message":"Sep 19 02:40:49 honeypot-sgp-1 sshd[32506]: Disconnecting invalid user admin 185.246.130.20 port 10833: Change of username or service not allowed: (admin,ssh-connection) -> (c1@r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:19.757Z","@version":"1","message":"Sep 19 02:41:18 honeypot-sgp-1 sshd[32512]: Disconnecting invalid user cusadmin 185.246.130.20 port 33342: Change of username or service not allowed: (cusadmin,ssh-connection) -> (superonline,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:40.768Z","@version":"1","message":"Sep 19 02:41:40 honeypot-sgp-1 sshd[32518]: Disconnecting invalid user lgnortel 185.246.130.20 port 23748: Change of username or service not allowed: (lgnortel,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:41:43 honeypot-ams-1 sshd[6888]: Received disconnect from 80.19.204.177 port 48624:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:41:43.999Z"}
{"@timestamp":"2022-09-19T02:42:00.778Z","@version":"1","message":"Sep 19 02:42:00 honeypot-sgp-1 sshd[32524]: Disconnecting invalid user admin 185.246.130.20 port 1186: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:18.789Z","@version":"1","message":"Sep 19 02:42:18 honeypot-sgp-1 sshd[32530]: Disconnecting invalid user matrix 185.246.130.20 port 12029: Change of username or service not allowed: (matrix,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:29.794Z","@version":"1","message":"Sep 19 02:42:29 honeypot-sgp-1 sshd[32534]: Disconnecting invalid user admin 185.246.130.20 port 18605: Change of username or service not allowed: (admin,ssh-connection) -> (motorola,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:55.808Z","@version":"1","message":"Sep 19 02:42:54 honeypot-sgp-1 sshd[32542]: Disconnecting invalid user blank 185.246.130.20 port 55536: Change of username or service not allowed: (blank,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:22.822Z","@version":"1","message":"Sep 19 02:43:22 honeypot-sgp-1 sshd[32550]: Invalid user 0 from 185.246.130.20 port 40859","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:43.833Z","@version":"1","message":"Sep 19 02:43:43 honeypot-sgp-1 sshd[32556]: Invalid user admin from 185.246.130.20 port 30404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:04.844Z","@version":"1","message":"Sep 19 02:44:04 honeypot-sgp-1 sshd[32562]: Invalid user Broadcom from 185.246.130.20 port 42678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:20.853Z","@version":"1","message":"Sep 19 02:44:20 honeypot-sgp-1 sshd[32568]: Invalid user cusadmin from 185.246.130.20 port 56299","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:44:28 honeypot-ams-1 sshd[6892]: Received disconnect from 92.255.85.69 port 53798:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:44:29.076Z"}
{"@timestamp":"2022-09-19T02:44:35.861Z","@version":"1","message":"Sep 19 02:44:34 honeypot-sgp-1 sshd[32574]: Invalid user sweex from 185.246.130.20 port 42862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:54.871Z","@version":"1","message":"Sep 19 02:44:54 honeypot-sgp-1 sshd[32580]: Invalid user  from 185.246.130.20 port 13040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:12.881Z","@version":"1","message":"Sep 19 02:45:12 honeypot-sgp-1 sshd[32586]: Invalid user ubnt from 185.246.130.20 port 55036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:36.894Z","@version":"1","message":"Sep 19 02:45:36 honeypot-sgp-1 sshd[32594]: Invalid user user from 185.246.130.20 port 11979","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:57.906Z","@version":"1","message":"Sep 19 02:45:57 honeypot-sgp-1 sshd[32600]: Invalid user Admin from 185.246.130.20 port 30812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:15.916Z","@version":"1","message":"Sep 19 02:46:15 honeypot-sgp-1 sshd[32606]: Invalid user 0 from 185.246.130.20 port 45747","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:29.923Z","@version":"1","message":"Sep 19 02:46:29 honeypot-sgp-1 sshd[32612]: Invalid user admin from 185.246.130.20 port 29740","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:47:44.957Z","@version":"1","message":"Sep 19 02:47:44 honeypot-sgp-1 kernel: [84431766.963799] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=175.107.203.41 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=11135 DF PROTO=TCP SPT=60339 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:52:35.082Z","@version":"1","message":"Sep 19 02:52:34 honeypot-sgp-1 sshd[32620]: Disconnected from invalid user admin 64.119.29.152 port 33290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:57:18 honeypot-ams-1 kernel: [84432817.447226] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.48 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=41979 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:57:18.409Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:59:23 honeypot-ams-1 kernel: [84432942.705255] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.58.118.141 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=33748 PROTO=TCP SPT=61445 DPT=80 WINDOW=13277 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:59:23.464Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:02:48 honeypot-ams-1 sshd[6905]: Disconnected from invalid user admin 164.90.191.216 port 33124 [preauth]","@timestamp":"2022-09-19T03:02:49.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:03:14 honeypot-fra-1 kernel: [84430999.528480] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=44122 PROTO=TCP SPT=56403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:03:15.202Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T03:03:34.364Z","@version":"1","message":"Sep 19 03:03:33 honeypot-sgp-1 sshd[32626]: Received disconnect from 139.59.226.220 port 54242:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:05:46 honeypot-ams-1 sshd[6908]: Disconnected from invalid user angus 182.50.252.90 port 41494 [preauth]","@timestamp":"2022-09-19T03:05:46.639Z"}
{"@timestamp":"2022-09-19T03:06:38.442Z","@version":"1","message":"Sep 19 03:06:37 honeypot-sgp-1 sshd[32630]: Disconnected from invalid user ll 185.191.205.93 port 48612 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:06:53 honeypot-fra-1 sshd[31561]: Invalid user teamspeak from 159.89.40.119 port 36328","@timestamp":"2022-09-19T03:06:54.287Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:07:34 honeypot-ams-1 kernel: [84433433.422241] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.236.147.154 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=115 ID=59915 PROTO=TCP SPT=20012 DPT=443 WINDOW=10739 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:07:34.691Z"}
{"@timestamp":"2022-09-19T03:09:59.528Z","@version":"1","message":"Sep 19 03:09:59 honeypot-sgp-1 sshd[32633]: Disconnected from invalid user ubnt 92.255.85.69 port 16830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:13:24 honeypot-ams-1 sshd[6916]: Received disconnect from 92.255.85.70 port 26348:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:13:25.855Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:14:50 honeypot-fra-1 sshd[31566]: Received disconnect from 52.140.206.1 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:14:50.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:15:06.658Z","@version":"1","message":"Sep 19 03:15:06 honeypot-sgp-1 sshd[32638]: Invalid user teamspeak from 128.199.147.56 port 41704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:15:34.672Z","@version":"1","message":"Sep 19 03:15:33 honeypot-sgp-1 sshd[32642]: Received disconnect from 210.245.26.43 port 46352:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:18:42 honeypot-fra-1 sshd[31571]: Received disconnect from 112.196.54.35 port 51600:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:18:43.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:19:44.779Z","@version":"1","message":"Sep 19 03:19:44 honeypot-sgp-1 sshd[32648]: Received disconnect from 202.61.105.17 port 51568:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:20:43 honeypot-ams-1 sshd[6922]: Connection closed by invalid user ftp 193.106.191.157 port 59212 [preauth]","@timestamp":"2022-09-19T03:20:44.049Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:25:08 honeypot-fra-1 sshd[31576]: Invalid user test from 93.113.61.126 port 33272","@timestamp":"2022-09-19T03:25:08.696Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:25:59 honeypot-ams-1 kernel: [84434538.462984] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46322 PROTO=TCP SPT=31574 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:26:00.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:32:13 honeypot-fra-1 sshd[31579]: Received disconnect from 165.22.45.108 port 48152:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:32:13.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:37:26 honeypot-fra-1 sshd[31585]: Did not receive identification string from 179.43.156.143 port 49070","@timestamp":"2022-09-19T03:37:26.974Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:39:32 honeypot-fra-1 sshd[31590]: Disconnected from authenticating user root 179.43.156.143 port 40996 [preauth]","@timestamp":"2022-09-19T03:39:33.025Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:40:11 honeypot-ams-1 kernel: [84435390.549126] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=20571 PROTO=TCP SPT=57376 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:40:11.552Z"}
{"@timestamp":"2022-09-19T03:40:25.294Z","@version":"1","message":"Sep 19 03:40:24 honeypot-sgp-1 kernel: [84434926.953072] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.56.83.212 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=55859 PROTO=TCP SPT=53044 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:41:18 honeypot-fra-1 sshd[31596]: Received disconnect from 179.43.156.143 port 35084:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:41:19.067Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:42:28 honeypot-fra-1 sshd[31601]: Received disconnect from 179.43.156.143 port 59368:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:42:29.096Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:43:43 honeypot-fra-1 sshd[31605]: Received disconnect from 179.43.156.143 port 55460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:43:43.126Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:44:54.408Z","@version":"1","message":"Sep 19 03:44:53 honeypot-sgp-1 sshd[32658]: Received disconnect from 45.61.186.169 port 55836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:44:57 honeypot-fra-1 sshd[31611]: Invalid user git from 179.43.156.143 port 51516","@timestamp":"2022-09-19T03:44:58.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:45:12.418Z","@version":"1","message":"Sep 19 03:45:12 honeypot-sgp-1 sshd[32662]: Received disconnect from 45.61.186.169 port 50508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:29.426Z","@version":"1","message":"Sep 19 03:45:29 honeypot-sgp-1 sshd[32667]: Received disconnect from 45.61.186.169 port 45182:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:46.436Z","@version":"1","message":"Sep 19 03:45:45 honeypot-sgp-1 sshd[32671]: Received disconnect from 45.61.186.169 port 39880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:46:13 honeypot-fra-1 sshd[31615]: Invalid user testuser from 179.43.156.143 port 47588","@timestamp":"2022-09-19T03:46:13.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:47:28 honeypot-fra-1 sshd[31619]: Invalid user vagrant from 179.43.156.143 port 43652","@timestamp":"2022-09-19T03:47:28.237Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:48:07 honeypot-fra-1 sshd[31624]: Disconnected from invalid user drcomadmin 179.43.156.143 port 41672 [preauth]","@timestamp":"2022-09-19T03:48:07.253Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:48:36 honeypot-ams-1 kernel: [84435896.063769] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.216.93 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33929 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:48:37.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:49:04 honeypot-fra-1 sshd[31628]: Disconnected from invalid user db 189.90.255.173 port 53004 [preauth]","@timestamp":"2022-09-19T03:49:05.279Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:49:23 honeypot-ams-1 sshd[6938]: Received disconnect from 35.246.83.56 port 59276:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:49:24.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:50:03 honeypot-fra-1 sshd[31632]: Disconnected from invalid user oracle 179.43.156.143 port 35798 [preauth]","@timestamp":"2022-09-19T03:50:03.303Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:50:08.550Z","@version":"1","message":"Sep 19 03:50:07 honeypot-sgp-1 kernel: [84435510.016819] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=49908 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:51:44 honeypot-fra-1 sshd[31638]: Invalid user debian from 115.88.38.58 port 57894","@timestamp":"2022-09-19T03:51:45.347Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:52:10 honeypot-ams-1 sshd[6942]: Disconnected from invalid user file 94.127.213.154 port 1144 [preauth]","@timestamp":"2022-09-19T03:52:10.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:52:48 honeypot-fra-1 sshd[31643]: Disconnected from authenticating user root 179.43.156.143 port 56164 [preauth]","@timestamp":"2022-09-19T03:52:49.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:54:52 honeypot-fra-1 sshd[31649]: Received disconnect from 179.43.156.143 port 50250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:54:52.423Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:55:52 honeypot-ams-1 kernel: [84436331.647582] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35519 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:55:52.958Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:57:01 honeypot-fra-1 sshd[31655]: Received disconnect from 179.43.156.143 port 44344:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:57:01.472Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:58:26 honeypot-fra-1 sshd[31660]: Disconnected from invalid user ansible 179.43.156.143 port 40414 [preauth]","@timestamp":"2022-09-19T03:58:27.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:00:11 honeypot-fra-1 sshd[31666]: Invalid user admin from 121.168.197.214 port 35260","@timestamp":"2022-09-19T04:00:12.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:00:38 honeypot-ams-1 sshd[6954]: Bad protocol version identification 'GET / HTTP/1.1' from 152.70.213.42 port 32826","@timestamp":"2022-09-19T04:00:39.083Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:01:16 honeypot-fra-1 sshd[31671]: Disconnected from authenticating user root 179.43.156.143 port 60780 [preauth]","@timestamp":"2022-09-19T04:01:17.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:03:25 honeypot-fra-1 sshd[31677]: Invalid user dmdba from 179.43.156.143 port 54876","@timestamp":"2022-09-19T04:03:25.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:04:08 honeypot-fra-1 sshd[31680]: Disconnected from invalid user sysgames 179.43.156.143 port 52904 [preauth]","@timestamp":"2022-09-19T04:04:08.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:05:37 honeypot-fra-1 sshd[31684]: Disconnected from invalid user init 179.43.156.143 port 48972 [preauth]","@timestamp":"2022-09-19T04:05:37.680Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:07:53.011Z","@version":"1","message":"Sep 19 04:07:52 honeypot-sgp-1 kernel: [84436574.378373] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=45032 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:08:10 honeypot-ams-1 sshd[6960]: Invalid user karasawa from 143.198.123.124 port 57190","@timestamp":"2022-09-19T04:08:11.285Z"}
{"@timestamp":"2022-09-19T04:10:30.227Z","@version":"1","message":"Sep 19 04:10:29 honeypot-sgp-1 sshd[32686]: Disconnected from 61.177.172.114 port 62858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:11:32 honeypot-ams-1 kernel: [84437271.964859] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.160.167.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=56939 PROTO=TCP SPT=24479 DPT=80 WINDOW=26435 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:11:33.373Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:13:43 honeypot-fra-1 sshd[31691]: Received disconnect from 111.67.197.239 port 52580:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:13:43.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:16:33 honeypot-fra-1 kernel: [84435398.221061] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18630 PROTO=TCP SPT=55677 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:16:33.921Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T04:16:51.392Z","@version":"1","message":"Sep 19 04:16:50 honeypot-sgp-1 sshd[32697]: Disconnected from invalid user darek 138.68.72.245 port 44244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:19:28 honeypot-fra-1 sshd[31703]: Received disconnect from 92.255.85.69 port 44588:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:19:28.988Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:20:02.477Z","@version":"1","message":"Sep 19 04:20:02 honeypot-sgp-1 sshd[32705]: Invalid user cy from 41.93.33.2 port 43602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:22:05 honeypot-ams-1 sshd[6967]: Disconnected from authenticating user root 54.233.118.215 port 32792 [preauth]","@timestamp":"2022-09-19T04:22:05.657Z"}
{"@timestamp":"2022-09-19T04:22:38.547Z","@version":"1","message":"Sep 19 04:22:38 honeypot-sgp-1 sshd[32710]: Disconnected from authenticating user root 61.177.173.36 port 39047 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:25:24 honeypot-ams-1 sshd[6971]: Disconnected from invalid user 1 92.255.85.69 port 36306 [preauth]","@timestamp":"2022-09-19T04:25:24.745Z"}
{"@timestamp":"2022-09-19T04:27:55.687Z","@version":"1","message":"Sep 19 04:27:54 honeypot-sgp-1 kernel: [84437777.002295] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=245 ID=5529 PROTO=TCP SPT=16229 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:32:53.821Z","@version":"1","message":"Sep 19 04:32:52 honeypot-sgp-1 kernel: [84438074.959201] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.76.113.158 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=42749 DF PROTO=TCP SPT=58100 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31724]: Invalid user docker from 34.71.244.4 port 36366","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31716]: Invalid user oracle from 34.71.244.4 port 36144","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31709]: Invalid user test from 34.71.244.4 port 36160","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31714]: Connection closed by authenticating user root 34.71.244.4 port 36284 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31726]: Connection closed by invalid user hadoop 34.71.244.4 port 36222 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31712]: Connection closed by invalid user ansible 34.71.244.4 port 36198 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31731]: Connection closed by authenticating user root 34.71.244.4 port 36270 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:36:10.908Z","@version":"1","message":"Sep 19 04:36:10 honeypot-sgp-1 sshd[32721]: Disconnected from authenticating user root 61.177.172.19 port 39138 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:44:17.134Z","@version":"1","message":"Sep 19 04:44:16 honeypot-sgp-1 sshd[32730]: Connection closed by invalid user  65.49.20.66 port 22622 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:49:40 honeypot-ams-1 kernel: [84439559.892230] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=182.139.135.66 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=46 ID=14200 DF PROTO=TCP SPT=8089 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:49:41.362Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:50:45 honeypot-fra-1 sshd[31761]: Received disconnect from 92.255.85.70 port 17748:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:50:45.677Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:54:31.388Z","@version":"1","message":"Sep 19 04:54:30 honeypot-sgp-1 sshd[32738]: Received disconnect from 45.61.186.249 port 38244:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:54:50.397Z","@version":"1","message":"Sep 19 04:54:49 honeypot-sgp-1 sshd[32742]: Received disconnect from 45.61.186.249 port 60924:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:55:07.406Z","@version":"1","message":"Sep 19 04:55:06 honeypot-sgp-1 sshd[32746]: Received disconnect from 45.61.186.249 port 55420:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:55:08 honeypot-ams-1 sshd[6986]: Connection closed by invalid user xhl 103.188.176.251 port 55520 [preauth]","@timestamp":"2022-09-19T04:55:08.500Z"}
{"@timestamp":"2022-09-19T04:56:18.435Z","@version":"1","message":"Sep 19 04:56:18 honeypot-sgp-1 sshd[32750]: Received disconnect from 92.255.85.69 port 25060:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:59:16 honeypot-fra-1 kernel: [84437961.192711] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=22082 DF PROTO=TCP SPT=57117 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:59:16.866Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:02:47 honeypot-fra-1 kernel: [84438172.215725] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.191.132 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13262 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:02:47.947Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T05:03:34.621Z","@version":"1","message":"Sep 19 05:03:34 honeypot-sgp-1 sshd[32757]: Connection closed by invalid user myshake 179.60.147.69 port 8388 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:04:13 honeypot-ams-1 sshd[7437]: Connection closed by invalid user  64.62.197.77 port 50808 [preauth]","@timestamp":"2022-09-19T05:04:13.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:06:53 honeypot-ams-1 sshd[7440]: Invalid user myshake from 179.60.147.69 port 42908","@timestamp":"2022-09-19T05:06:53.803Z"}
{"@timestamp":"2022-09-19T05:10:46.805Z","@version":"1","message":"Sep 19 05:10:45 honeypot-sgp-1 sshd[32763]: Invalid user user from 45.61.186.249 port 41726","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:05.815Z","@version":"1","message":"Sep 19 05:11:05 honeypot-sgp-1 sshd[301]: Invalid user user from 45.61.186.249 port 36746","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:24.825Z","@version":"1","message":"Sep 19 05:11:24 honeypot-sgp-1 sshd[305]: Invalid user user from 45.61.186.249 port 60010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:33.830Z","@version":"1","message":"Sep 19 05:11:33 honeypot-sgp-1 sshd[307]: Disconnected from authenticating user root 190.224.88.94 port 34754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:11:37 honeypot-fra-1 kernel: [84438702.396031] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=42669 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:11:38.145Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T05:12:09.846Z","@version":"1","message":"Sep 19 05:12:09 honeypot-sgp-1 kernel: [84440431.531046] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=13632 PROTO=TCP SPT=58914 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:17:01 honeypot-ams-1 CRON[7444]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T05:17:01.064Z"}
{"@timestamp":"2022-09-19T05:17:01.969Z","@version":"1","message":"Sep 19 05:17:01 honeypot-sgp-1 CRON[316]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:17:01 honeypot-fra-1 CRON[31781]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T05:17:02.263Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:21:18.081Z","@version":"1","message":"Sep 19 05:21:17 honeypot-sgp-1 sshd[326]: Connection closed by invalid user www 103.188.176.251 port 39046 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:21:34 honeypot-ams-1 sshd[7449]: Disconnected from authenticating user root 35.199.146.114 port 46088 [preauth]","@timestamp":"2022-09-19T05:21:35.183Z"}
{"@timestamp":"2022-09-19T05:23:21.135Z","@version":"1","message":"Sep 19 05:23:21 honeypot-sgp-1 sshd[333]: Received disconnect from 92.255.85.70 port 60040:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:25:19 honeypot-ams-1 sshd[7454]: Invalid user reggie from 43.133.196.188 port 53452","@timestamp":"2022-09-19T05:25:20.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:28:29 honeypot-fra-1 sshd[31787]: Did not receive identification string from 45.61.186.169 port 44194","@timestamp":"2022-09-19T05:28:29.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:01 honeypot-fra-1 sshd[31790]: Received disconnect from 45.61.186.169 port 56992:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T05:29:01.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:19 honeypot-fra-1 sshd[31794]: Received disconnect from 45.61.186.169 port 52132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T05:29:19.545Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:29:33.293Z","@version":"1","message":"Sep 19 05:29:33 honeypot-sgp-1 kernel: [84441475.040798] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.212 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43423 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:36 honeypot-fra-1 sshd[31798]: Received disconnect from 45.61.186.169 port 47214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T05:29:37.553Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:34:08 honeypot-ams-1 sshd[7459]: Received disconnect from 37.230.139.44 port 10105:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:34:09.506Z"}
{"@timestamp":"2022-09-19T05:35:39.450Z","@version":"1","message":"Sep 19 05:35:39 honeypot-sgp-1 sshd[341]: Received disconnect from 61.177.173.36 port 60294:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:37:19 honeypot-ams-1 sshd[7464]: Disconnected from invalid user monitor 103.242.199.118 port 57192 [preauth]","@timestamp":"2022-09-19T05:37:20.589Z"}
{"@timestamp":"2022-09-19T05:39:41.551Z","@version":"1","message":"Sep 19 05:39:40 honeypot-sgp-1 sshd[347]: Connection closed by invalid user pyimagesearch 179.60.147.69 port 57220 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:40:48 honeypot-fra-1 sshd[31803]: Invalid user pyimagesearch from 179.60.147.69 port 25528","@timestamp":"2022-09-19T05:40:48.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:43:21 honeypot-fra-1 sshd[31807]: Invalid user katerina from 141.98.10.158 port 54656","@timestamp":"2022-09-19T05:43:21.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:44:35 honeypot-fra-1 sshd[31811]: Connection closed by invalid user ftp 193.106.191.157 port 48118 [preauth]","@timestamp":"2022-09-19T05:44:35.893Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:44:37 honeypot-ams-1 kernel: [84442856.691734] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=109.96.184.220 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=55 ID=45255 PROTO=TCP SPT=12837 DPT=443 WINDOW=19541 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:44:37.776Z"}
{"@timestamp":"2022-09-19T05:45:41.705Z","@version":"1","message":"Sep 19 05:45:41 honeypot-sgp-1 kernel: [84442443.606066] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=85.106.8.221 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=229 ID=15686 PROTO=TCP SPT=56060 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:54:28 honeypot-fra-1 kernel: [84441273.088249] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=1342 PROTO=TCP SPT=28112 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:54:29.114Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T05:54:35.929Z","@version":"1","message":"Sep 19 05:54:35 honeypot-sgp-1 sshd[362]: Invalid user user from 92.255.85.70 port 16274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:56:13 honeypot-ams-1 kernel: [84443552.568962] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.40.94.83 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=13257 PROTO=TCP SPT=36347 DPT=443 WINDOW=54696 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:56:14.077Z"}
{"@timestamp":"2022-09-19T05:56:39.984Z","@version":"1","message":"Sep 19 05:56:39 honeypot-sgp-1 sshd[366]: Received disconnect from 142.93.117.15 port 42996:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:01:10 honeypot-ams-1 sshd[7475]: Disconnected from invalid user user 92.255.85.69 port 25522 [preauth]","@timestamp":"2022-09-19T06:01:11.204Z"}
{"@timestamp":"2022-09-19T06:01:58.119Z","@version":"1","message":"Sep 19 06:01:57 honeypot-sgp-1 sshd[376]: Invalid user user from 45.61.186.249 port 60812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:16.128Z","@version":"1","message":"Sep 19 06:02:15 honeypot-sgp-1 sshd[380]: Invalid user user from 45.61.186.249 port 55538","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:34.137Z","@version":"1","message":"Sep 19 06:02:33 honeypot-sgp-1 sshd[384]: Invalid user user from 45.61.186.249 port 50252","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:42.141Z","@version":"1","message":"Sep 19 06:02:42 honeypot-sgp-1 sshd[386]: Disconnected from invalid user user 45.61.186.249 port 33512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:03:00 honeypot-fra-1 kernel: [84441785.315906] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=621 PROTO=TCP SPT=47204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:03:01.306Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T06:06:25.237Z","@version":"1","message":"Sep 19 06:06:25 honeypot-sgp-1 sshd[391]: Disconnected from invalid user postgres 34.78.205.135 port 33893 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:08:09 honeypot-fra-1 sshd[31898]: Disconnected from invalid user akim 186.121.204.10 port 42964 [preauth]","@timestamp":"2022-09-19T06:08:10.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:12:17.384Z","@version":"1","message":"Sep 19 06:12:17 honeypot-sgp-1 kernel: [84444039.268954] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=36232 PROTO=TCP SPT=47204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:14:19 honeypot-ams-1 kernel: [84444638.650597] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=37877 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:14:19.537Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:24 honeypot-fra-1 sshd[31904]: Received disconnect from 45.61.187.160 port 48452:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:15:25.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:42 honeypot-fra-1 sshd[31908]: Received disconnect from 45.61.187.160 port 43656:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:15:42.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:58 honeypot-fra-1 sshd[31912]: Received disconnect from 45.61.187.160 port 38894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:15:59.609Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:16:48.497Z","@version":"1","message":"Sep 19 06:16:47 honeypot-sgp-1 sshd[489]: Connection closed by invalid user device 179.60.147.69 port 45898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:17:01 honeypot-fra-1 CRON[31916]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T06:17:02.637Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:20:55.603Z","@version":"1","message":"Sep 19 06:20:55 honeypot-sgp-1 sshd[499]: Disconnected from authenticating user root 92.255.85.69 port 27652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:25:01 honeypot-ams-1 CRON[7578]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T06:25:01.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:25:06 honeypot-fra-1 CRON[31924]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T06:25:06.817Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:27:00.790Z","@version":"1","message":"Sep 19 06:27:00 honeypot-sgp-1 sshd[646]: Received disconnect from 143.198.53.72 port 44754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:27:59 honeypot-ams-1 sshd[7748]: Received disconnect from 42.200.78.78 port 52672:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:27:59.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:36 honeypot-ams-1 sshd[7754]: Invalid user user from 45.61.186.169 port 51080","@timestamp":"2022-09-19T06:34:37.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:45 honeypot-ams-1 sshd[7756]: Disconnected from invalid user user 45.61.186.169 port 34576 [preauth]","@timestamp":"2022-09-19T06:34:46.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:01 honeypot-ams-1 sshd[7760]: Disconnected from invalid user user 45.61.186.169 port 58012 [preauth]","@timestamp":"2022-09-19T06:35:02.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:18 honeypot-ams-1 sshd[7764]: Disconnected from invalid user user 45.61.186.169 port 53216 [preauth]","@timestamp":"2022-09-19T06:35:18.121Z"}
{"@timestamp":"2022-09-19T06:37:49.057Z","@version":"1","message":"Sep 19 06:37:48 honeypot-sgp-1 sshd[748]: Received disconnect from 35.219.62.194 port 41946:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:40:39 honeypot-fra-1 kernel: [84444044.383278] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36213 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:40:40.173Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:41:06 honeypot-ams-1 sshd[7769]: Received disconnect from 154.221.23.144 port 34508:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:41:07.272Z"}
{"@timestamp":"2022-09-19T06:42:42.181Z","@version":"1","message":"Sep 19 06:42:41 honeypot-sgp-1 sshd[750]: Disconnected from authenticating user root 165.227.133.23 port 45736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:43:31 honeypot-fra-1 sshd[32167]: Disconnected from invalid user vpn 92.255.85.69 port 28604 [preauth]","@timestamp":"2022-09-19T06:43:32.238Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:46:44.282Z","@version":"1","message":"Sep 19 06:46:43 honeypot-sgp-1 kernel: [84446105.369554] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.119.144.59 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=22952 PROTO=TCP SPT=58788 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:47:36 honeypot-ams-1 kernel: [84446635.167646] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.250.201.87 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=58129 PROTO=TCP SPT=27281 DPT=443 WINDOW=1777 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:47:36.439Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:50:37 honeypot-fra-1 sshd[32173]: Disconnected from invalid user yn 128.199.74.173 port 37418 [preauth]","@timestamp":"2022-09-19T06:50:38.395Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:52:46 honeypot-ams-1 kernel: [84446945.383830] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=82 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=30716 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:52:46.574Z"}
{"@timestamp":"2022-09-19T06:54:06.467Z","@version":"1","message":"Sep 19 06:54:05 honeypot-sgp-1 kernel: [84446547.745321] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=12191 PROTO=TCP SPT=50250 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:56:31 honeypot-ams-1 sshd[7782]: Disconnected from invalid user vpn 92.255.85.70 port 58586 [preauth]","@timestamp":"2022-09-19T06:56:32.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:59:42 honeypot-fra-1 kernel: [84445187.030558] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=27210 PROTO=TCP SPT=50250 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:59:42.596Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:04:50 honeypot-ams-1 kernel: [84447669.446645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=157.230.63.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=41417 PROTO=TCP SPT=61953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:04:50.889Z"}
{"@timestamp":"2022-09-19T07:06:20.769Z","@version":"1","message":"Sep 19 07:06:20 honeypot-sgp-1 sshd[774]: Disconnected from authenticating user root 121.7.31.13 port 19731 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:06:35 honeypot-fra-1 sshd[32182]: Connection closed by 43.128.227.146 port 43430 [preauth]","@timestamp":"2022-09-19T07:06:35.767Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:06:41.798Z","@version":"1","message":"Sep 19 07:06:41 honeypot-sgp-1 sshd[778]: Disconnected from authenticating user root 67.164.27.145 port 47656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:09:37 honeypot-fra-1 sshd[32188]: Invalid user liuwei from 165.22.45.108 port 59790","@timestamp":"2022-09-19T07:09:37.838Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:11:57 honeypot-fra-1 kernel: [84445922.479529] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.146.23.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=5614 PROTO=TCP SPT=51279 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:11:57.892Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:16:23.041Z","@version":"1","message":"Sep 19 07:16:23 honeypot-sgp-1 sshd[786]: Disconnected from authenticating user root 92.255.85.69 port 23450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:18:03 honeypot-ams-1 kernel: [84448463.029153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=88 TOS=0x00 PREC=0x00 TTL=252 ID=29440 PROTO=TCP SPT=17525 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:18:04.231Z"}
{"@timestamp":"2022-09-19T07:22:13.186Z","@version":"1","message":"Sep 19 07:22:12 honeypot-sgp-1 sshd[796]: Disconnected from invalid user finexa 104.248.181.156 port 35452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:22:18 honeypot-ams-1 sshd[7801]: Received disconnect from 92.255.85.70 port 40774:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:22:18.344Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:25:09 honeypot-fra-1 sshd[32203]: Connection closed by 162.142.125.212 port 48410 [preauth]","@timestamp":"2022-09-19T07:25:10.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:25:40 honeypot-ams-1 sshd[7806]: Invalid user ob from 51.75.143.42 port 34766","@timestamp":"2022-09-19T07:25:40.432Z"}
{"@timestamp":"2022-09-19T07:25:49.278Z","@version":"1","message":"Sep 19 07:25:48 honeypot-sgp-1 kernel: [84448450.824817] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=27298 PROTO=TCP SPT=40147 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:30:35 honeypot-fra-1 sshd[32209]: Received disconnect from 211.253.133.48 port 47126:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:30:36.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:35:04.533Z","@version":"1","message":"Sep 19 07:35:04 honeypot-sgp-1 sshd[811]: Received disconnect from 61.177.173.36 port 53392:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:36:13 honeypot-fra-1 sshd[32215]: Connection closed by invalid user admin 179.60.147.69 port 8408 [preauth]","@timestamp":"2022-09-19T07:36:13.431Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:36:57 honeypot-ams-1 sshd[7811]: Connection closed by invalid user ftp 193.106.191.157 port 55758 [preauth]","@timestamp":"2022-09-19T07:36:57.724Z"}
{"@timestamp":"2022-09-19T07:41:44.699Z","@version":"1","message":"Sep 19 07:41:44 honeypot-sgp-1 kernel: [84449406.005925] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=42618 DF PROTO=TCP SPT=41840 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:44:50 honeypot-fra-1 kernel: [84447895.381573] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=37918 DF PROTO=TCP SPT=32918 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:44:51.621Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:46:01 honeypot-fra-1 sshd[32222]: Received disconnect from 61.177.172.13 port 46407:11:  [preauth]","@timestamp":"2022-09-19T07:46:02.651Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:46:59.829Z","@version":"1","message":"Sep 19 07:46:59 honeypot-sgp-1 sshd[824]: Disconnected from authenticating user root 49.88.112.113 port 27996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:48:17 honeypot-ams-1 sshd[7819]: Disconnected from authenticating user root 92.255.85.70 port 53648 [preauth]","@timestamp":"2022-09-19T07:48:18.012Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:50:27 honeypot-ams-1 kernel: [84450406.426096] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44538 DF PROTO=TCP SPT=41522 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:50:28.074Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:51:48 honeypot-fra-1 sshd[32230]: Received disconnect from 45.89.26.196 port 46622:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:51:48.781Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:53:10.985Z","@version":"1","message":"Sep 19 07:53:10 honeypot-sgp-1 sshd[838]: Received disconnect from 61.177.173.49 port 21556:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:00:11 honeypot-fra-1 kernel: [84448816.426352] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.214 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38668 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:00:11.970Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:03:48.247Z","@version":"1","message":"Sep 19 08:03:47 honeypot-sgp-1 kernel: [84450729.452712] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=84 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=4060 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:04:17 honeypot-ams-1 sshd[7829]: Received disconnect from 167.172.141.86 port 57184:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:04:18.441Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:05:11 honeypot-fra-1 sshd[32236]: Disconnected from authenticating user root 139.59.121.221 port 40436 [preauth]","@timestamp":"2022-09-19T08:05:12.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:15:15 honeypot-fra-1 sshd[32241]: Did not receive identification string from 86.107.199.172 port 42502","@timestamp":"2022-09-19T08:15:16.313Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:17:01 honeypot-ams-1 CRON[7835]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T08:17:01.772Z"}
{"@timestamp":"2022-09-19T08:17:02.593Z","@version":"1","message":"Sep 19 08:17:01 honeypot-sgp-1 CRON[858]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:18:48 honeypot-fra-1 sshd[32267]: Invalid user 165.227.153.84 from 86.107.199.172 port 40900","@timestamp":"2022-09-19T08:18:48.395Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:08 honeypot-fra-1 sshd[32271]: Invalid user user from 45.61.186.249 port 48180","@timestamp":"2022-09-19T08:19:09.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:28 honeypot-fra-1 sshd[32275]: Invalid user user from 45.61.186.249 port 43208","@timestamp":"2022-09-19T08:19:28.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:46 honeypot-fra-1 sshd[32279]: Invalid user user from 45.61.186.249 port 38250","@timestamp":"2022-09-19T08:19:46.423Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:54 honeypot-fra-1 sshd[32283]: Invalid user user from 45.61.186.249 port 49890","@timestamp":"2022-09-19T08:19:55.428Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:20:53 honeypot-ams-1 sshd[7841]: Received disconnect from 92.255.85.69 port 26136:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:20:53.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:21:11 honeypot-fra-1 kernel: [84450076.311557] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=32515 PROTO=TCP SPT=56430 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:21:12.460Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:22:53.739Z","@version":"1","message":"Sep 19 08:22:52 honeypot-sgp-1 sshd[867]: Disconnected from authenticating user root 24.69.190.84 port 57446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:22:55 honeypot-fra-1 sshd[32290]: Received disconnect from 86.107.199.172 port 54122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:22:56.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:24:52.792Z","@version":"1","message":"Sep 19 08:24:52 honeypot-sgp-1 sshd[889]: Received disconnect from 77.48.148.79 port 55660:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:24:56 honeypot-fra-1 sshd[32294]: Received disconnect from 86.107.199.172 port 60742:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:24:56.550Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:25:03.797Z","@version":"1","message":"Sep 19 08:25:03 honeypot-sgp-1 sshd[894]: Disconnected from invalid user admin 128.199.66.208 port 45470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:26:59 honeypot-fra-1 sshd[32299]: Invalid user 165.22.235.61 from 86.107.199.172 port 39126","@timestamp":"2022-09-19T08:27:00.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:28:02 honeypot-fra-1 sshd[32302]: Disconnected from invalid user 165.227.195.88 86.107.199.172 port 42442 [preauth]","@timestamp":"2022-09-19T08:28:03.624Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:28:04 honeypot-ams-1 kernel: [84452664.028397] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=25995 PROTO=TCP SPT=56848 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:28:05.070Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:30:11 honeypot-fra-1 sshd[32306]: Disconnected from invalid user 165.227.172.187 86.107.199.172 port 49050 [preauth]","@timestamp":"2022-09-19T08:30:11.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:30:35.935Z","@version":"1","message":"Sep 19 08:30:35 honeypot-sgp-1 kernel: [84452337.496074] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=209.141.40.123 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=48292 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:31:59 honeypot-fra-1 sshd[32311]: Disconnected from authenticating user root 181.117.6.49 port 11886 [preauth]","@timestamp":"2022-09-19T08:32:00.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:32:31 honeypot-fra-1 sshd[32315]: Disconnected from invalid user monitor 193.8.210.136 port 34642 [preauth]","@timestamp":"2022-09-19T08:32:31.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:34:33 honeypot-fra-1 sshd[32320]: Invalid user 165.22.197.199 from 86.107.199.172 port 34078","@timestamp":"2022-09-19T08:34:33.779Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:34:41.042Z","@version":"1","message":"Sep 19 08:34:40 honeypot-sgp-1 kernel: [84452581.898043] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.164.20.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=33677 PROTO=TCP SPT=21165 DPT=80 WINDOW=52996 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:35:38 honeypot-fra-1 sshd[32322]: Invalid user 165.227.125.46 from 86.107.199.172 port 37402","@timestamp":"2022-09-19T08:35:39.808Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:36:31 honeypot-ams-1 sshd[7862]: Invalid user intrastack from 42.119.111.155 port 55478","@timestamp":"2022-09-19T08:36:32.294Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:37:48 honeypot-fra-1 sshd[32326]: Invalid user 165.232.81.205 from 86.107.199.172 port 44014","@timestamp":"2022-09-19T08:37:48.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:38:52 honeypot-fra-1 sshd[32331]: Invalid user 165.84.180.62 from 86.107.199.172 port 47324","@timestamp":"2022-09-19T08:38:52.885Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:39:43 honeypot-ams-1 sshd[7867]: Disconnected from invalid user musikbot 189.182.176.231 port 54922 [preauth]","@timestamp":"2022-09-19T08:39:43.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:39:57 honeypot-fra-1 sshd[32333]: Disconnected from invalid user 165.227.199.226 86.107.199.172 port 50634 [preauth]","@timestamp":"2022-09-19T08:39:58.914Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:40:30.188Z","@version":"1","message":"Sep 19 08:40:29 honeypot-sgp-1 kernel: [84452931.144474] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=81 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=24534 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:41:36 honeypot-ams-1 sshd[7871]: Received disconnect from 143.110.254.115 port 59034:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:41:36.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:42:09 honeypot-fra-1 sshd[32337]: Disconnected from invalid user 165.227.138.98 86.107.199.172 port 57248 [preauth]","@timestamp":"2022-09-19T08:42:09.964Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:44:06 honeypot-fra-1 sshd[32343]: Received disconnect from 134.122.30.242 port 59456:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:44:07.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:44:50 honeypot-fra-1 sshd[32347]: Received disconnect from 92.255.85.69 port 40272:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:44:51.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:44:58 honeypot-ams-1 kernel: [84453677.220748] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=31370 PROTO=TCP SPT=56212 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:44:58.520Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:45:58 honeypot-fra-1 kernel: [84451562.816574] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=32856 PROTO=TCP SPT=56212 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:45:59.062Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:47:30.364Z","@version":"1","message":"Sep 19 08:47:29 honeypot-sgp-1 sshd[912]: Connection closed by authenticating user root 179.60.147.69 port 52032 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:47:44 honeypot-fra-1 sshd[32353]: Received disconnect from 86.107.199.172 port 45560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:47:45.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:49:18 honeypot-fra-1 kernel: [84451763.091648] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=83 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=10232 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:49:19.144Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:50:15.435Z","@version":"1","message":"Sep 19 08:50:15 honeypot-sgp-1 kernel: [84453516.983358] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=83 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=18396 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:50:45 honeypot-ams-1 sshd[7879]: Connection closed by authenticating user root 179.60.147.69 port 62028 [preauth]","@timestamp":"2022-09-19T08:50:46.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:51:05 honeypot-fra-1 sshd[32363]: Disconnected from invalid user 165.22.96.179 86.107.199.172 port 55502 [preauth]","@timestamp":"2022-09-19T08:51:06.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:53:32 honeypot-ams-1 kernel: [84454191.970716] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.163.125.107 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=34336 PROTO=TCP SPT=38147 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:53:33.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:53:47 honeypot-fra-1 sshd[32367]: Received disconnect from 86.107.199.172 port 33900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:53:48.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:56:22 honeypot-fra-1 sshd[32372]: Invalid user 165.22.221.25 from 86.107.199.172 port 40520","@timestamp":"2022-09-19T08:56:23.309Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:58:56 honeypot-fra-1 sshd[32376]: Did not receive identification string from 45.61.186.49 port 50718","@timestamp":"2022-09-19T08:58:57.370Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:59:01.650Z","@version":"1","message":"Sep 19 08:59:01 honeypot-sgp-1 sshd[926]: Received disconnect from 179.127.204.48 port 40536:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:13 honeypot-fra-1 sshd[32379]: Disconnected from invalid user user 45.61.186.49 port 46124 [preauth]","@timestamp":"2022-09-19T08:59:14.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:21 honeypot-fra-1 sshd[32383]: Disconnected from invalid user user 45.61.186.49 port 57554 [preauth]","@timestamp":"2022-09-19T08:59:22.383Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:01:51 honeypot-fra-1 sshd[32388]: Disconnected from invalid user 165.22.107.5 86.107.199.172 port 50450 [preauth]","@timestamp":"2022-09-19T09:01:51.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:02:40.742Z","@version":"1","message":"Sep 19 09:02:40 honeypot-sgp-1 sshd[930]: Disconnected from 61.177.172.114 port 24091 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:03:33 honeypot-ams-1 kernel: [84454792.564599] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=30674 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:03:34.016Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:04:23 honeypot-fra-1 sshd[32392]: Invalid user 165.22.43.217 from 86.107.199.172 port 53764","@timestamp":"2022-09-19T09:04:24.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:04:24.789Z","@version":"1","message":"Sep 19 09:04:24 honeypot-sgp-1 sshd[938]: Invalid user user from 45.61.187.160 port 57822","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:41.797Z","@version":"1","message":"Sep 19 09:04:41 honeypot-sgp-1 sshd[942]: Invalid user user from 45.61.187.160 port 53060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:58.806Z","@version":"1","message":"Sep 19 09:04:58 honeypot-sgp-1 sshd[946]: Invalid user user from 45.61.187.160 port 48304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:05:47 honeypot-ams-1 sshd[7962]: Disconnected from invalid user admin 192.3.134.187 port 39622 [preauth]","@timestamp":"2022-09-19T09:05:47.076Z"}
{"@timestamp":"2022-09-19T09:07:05.860Z","@version":"1","message":"Sep 19 09:07:05 honeypot-sgp-1 kernel: [84454526.824934] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=14790 PROTO=TCP SPT=44788 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:08:50 honeypot-fra-1 sshd[32397]: Invalid user 165.22.54.186 from 86.107.199.172 port 60392","@timestamp":"2022-09-19T09:08:50.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:10:53 honeypot-fra-1 sshd[32401]: Invalid user 165.227.129.128 from 86.107.199.172 port 35470","@timestamp":"2022-09-19T09:10:53.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:11:28 honeypot-fra-1 kernel: [84453092.506353] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=15281 PROTO=TCP SPT=58004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:11:28.671Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:15:00 honeypot-fra-1 sshd[32408]: Invalid user 165.22.19.188 from 86.107.199.172 port 42094","@timestamp":"2022-09-19T09:15:00.754Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:15:55.078Z","@version":"1","message":"Sep 19 09:15:54 honeypot-sgp-1 sshd[959]: Received disconnect from 61.177.172.108 port 55425:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:16:28.094Z","@version":"1","message":"Sep 19 09:16:27 honeypot-sgp-1 sshd[965]: Invalid user pi from 46.160.140.238 port 50818","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:17:01 honeypot-fra-1 CRON[32412]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T09:17:01.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:17:40.127Z","@version":"1","message":"Sep 19 09:17:39 honeypot-sgp-1 sshd[972]: Invalid user webapp from 168.61.44.109 port 1024","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:17:59 honeypot-ams-1 kernel: [84455658.890875] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=77 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=30708 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:18:00.392Z"}
{"@timestamp":"2022-09-19T09:18:02.138Z","@version":"1","message":"Sep 19 09:18:01 honeypot-sgp-1 sshd[978]: Received disconnect from 136.232.236.6 port 33071:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:19:24.172Z","@version":"1","message":"Sep 19 09:19:24 honeypot-sgp-1 sshd[980]: Disconnected from invalid user angel 114.7.200.107 port 59496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:19:57 honeypot-fra-1 kernel: [84453601.914037] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.9.71.118 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=5940 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:19:57.867Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:21:24 honeypot-ams-1 kernel: [84455863.280027] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=4000 PROTO=TCP SPT=40817 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:21:24.486Z"}
{"@timestamp":"2022-09-19T09:21:25.223Z","@version":"1","message":"Sep 19 09:21:24 honeypot-sgp-1 sshd[987]: Received disconnect from 140.86.12.31 port 53319:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:23:33.276Z","@version":"1","message":"Sep 19 09:23:32 honeypot-sgp-1 sshd[993]: Connection closed by authenticating user root 179.60.147.69 port 13088 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:23:52 honeypot-ams-1 kernel: [84456011.399883] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.219.193.122 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=6932 DF PROTO=TCP SPT=51111 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:23:52.553Z"}
{"@timestamp":"2022-09-19T09:26:55.360Z","@version":"1","message":"Sep 19 09:26:54 honeypot-sgp-1 sshd[999]: Disconnected from authenticating user root 61.177.173.46 port 17976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:28:19 honeypot-fra-1 kernel: [84454103.569811] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.204.64.44 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=59724 DF PROTO=TCP SPT=63175 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:28:20.055Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:33:02 honeypot-fra-1 sshd[32424]: Received disconnect from 35.219.62.194 port 54394:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:33:03.164Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:33:07 honeypot-ams-1 sshd[7980]: Invalid user hayden from 207.154.220.75 port 60448","@timestamp":"2022-09-19T09:33:07.796Z"}
{"@timestamp":"2022-09-19T09:35:26.568Z","@version":"1","message":"Sep 19 09:35:26 honeypot-sgp-1 sshd[1006]: Invalid user admin from 201.47.5.123 port 44988","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:36:23 honeypot-ams-1 sshd[7982]: Disconnected from authenticating user root 68.224.161.96 port 58674 [preauth]","@timestamp":"2022-09-19T09:36:23.886Z"}
{"@timestamp":"2022-09-19T09:38:37.647Z","@version":"1","message":"Sep 19 09:38:37 honeypot-sgp-1 sshd[1013]: Did not receive identification string from 201.219.232.9 port 34630","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:38:48 honeypot-fra-1 kernel: [84454733.143737] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.217.181.127 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=56182 PROTO=TCP SPT=58931 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:38:49.290Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:41:31 honeypot-ams-1 kernel: [84457070.966818] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=209.222.252.92 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=17293 DF PROTO=TCP SPT=58511 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:41:32.023Z"}
{"@timestamp":"2022-09-19T09:42:57.755Z","@version":"1","message":"Sep 19 09:42:57 honeypot-sgp-1 sshd[1019]: Did not receive identification string from 201.219.232.9 port 39078","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:45:49 honeypot-fra-1 sshd[32432]: Invalid user volkmar from 159.223.134.241 port 41822","@timestamp":"2022-09-19T09:45:49.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:47:10.859Z","@version":"1","message":"Sep 19 09:47:10 honeypot-sgp-1 sshd[1021]: Connection reset by 61.177.173.49 port 13281 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:00 honeypot-ams-1 sshd[7991]: Received disconnect from 183.82.5.29 port 49708:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:50:01.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:50:07 honeypot-fra-1 sshd[32437]: Invalid user oot from 103.188.176.251 port 35972","@timestamp":"2022-09-19T09:50:07.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:35 honeypot-ams-1 sshd[7995]: Received disconnect from 45.61.186.249 port 54272:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:50:36.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:55 honeypot-ams-1 sshd[7999]: Received disconnect from 45.61.186.249 port 48900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:50:56.273Z"}
{"@timestamp":"2022-09-19T09:51:10.963Z","@version":"1","message":"Sep 19 09:51:10 honeypot-sgp-1 kernel: [84457172.240338] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36852 PROTO=TCP SPT=40817 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:12 honeypot-ams-1 sshd[8004]: Received disconnect from 45.61.186.249 port 43522:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:51:13.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:44 honeypot-ams-1 sshd[8008]: Received disconnect from 92.255.85.70 port 26956:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:51:45.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:52:00 honeypot-fra-1 sshd[32443]: Received disconnect from 103.147.3.81 port 51242:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:52:00.605Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:54:08 honeypot-ams-1 sshd[8012]: ssh_dispatch_run_fatal: Connection from 162.252.88.150 port 50268: Connection corrupted [preauth]","@timestamp":"2022-09-19T09:54:09.363Z"}
{"@timestamp":"2022-09-19T09:57:45.125Z","@version":"1","message":"Sep 19 09:57:44 honeypot-sgp-1 kernel: [84457566.562432] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=87 TOS=0x00 PREC=0x00 TTL=245 ID=30896 PROTO=TCP SPT=2305 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:01:01.208Z","@version":"1","message":"Sep 19 10:01:01 honeypot-sgp-1 sshd[1052]: Connection closed by 201.219.232.9 port 34992 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:01:58 honeypot-ams-1 sshd[8018]: Disconnected from authenticating user root 175.29.122.43 port 33990 [preauth]","@timestamp":"2022-09-19T10:01:59.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:06 honeypot-ams-1 sshd[8024]: Received disconnect from 175.29.122.43 port 34430:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:07.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:11 honeypot-ams-1 sshd[8031]: Received disconnect from 175.29.122.43 port 34486:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:11.573Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:02:15 honeypot-fra-1 kernel: [84456140.042369] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=79 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=2044 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:02:15.836Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:16 honeypot-ams-1 sshd[8037]: Received disconnect from 175.29.122.43 port 34924:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:17.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:21 honeypot-ams-1 sshd[8043]: Received disconnect from 175.29.122.43 port 34980:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:22.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:26 honeypot-ams-1 sshd[8049]: Received disconnect from 175.29.122.43 port 35402:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:26.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:31 honeypot-ams-1 sshd[8055]: Received disconnect from 175.29.122.43 port 35462:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:31.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:36 honeypot-ams-1 sshd[8061]: Received disconnect from 175.29.122.43 port 35878:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:37.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:41 honeypot-ams-1 sshd[8067]: Received disconnect from 175.29.122.43 port 35938:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:41.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:46 honeypot-ams-1 sshd[8073]: Received disconnect from 175.29.122.43 port 36364:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:46.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:51 honeypot-ams-1 sshd[8079]: Received disconnect from 175.29.122.43 port 36434:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:51.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:55 honeypot-ams-1 sshd[8086]: Received disconnect from 175.29.122.43 port 36842:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:56.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:58 honeypot-ams-1 sshd[8091]: Invalid user admin from 175.29.122.43 port 36894","@timestamp":"2022-09-19T10:02:58.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:01 honeypot-ams-1 sshd[8095]: Invalid user admin from 175.29.122.43 port 36948","@timestamp":"2022-09-19T10:03:01.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:04 honeypot-ams-1 sshd[8100]: Invalid user admin from 175.29.122.43 port 37336","@timestamp":"2022-09-19T10:03:05.609Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:03:07 honeypot-ams-1 kernel: [84458366.542890] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=79 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=8156 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:03:07.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:09 honeypot-ams-1 sshd[8106]: Disconnected from invalid user admin 175.29.122.43 port 37478 [preauth]","@timestamp":"2022-09-19T10:03:10.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:12 honeypot-ams-1 sshd[8110]: Disconnected from invalid user admin 175.29.122.43 port 37542 [preauth]","@timestamp":"2022-09-19T10:03:13.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:18 honeypot-ams-1 sshd[8116]: Received disconnect from 175.29.122.43 port 38024:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:18.618Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:22 honeypot-ams-1 sshd[8120]: Received disconnect from 175.29.122.43 port 38092:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:23.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:25 honeypot-ams-1 sshd[8124]: Received disconnect from 175.29.122.43 port 38504:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:26.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:28 honeypot-ams-1 sshd[8128]: Received disconnect from 175.29.122.43 port 38584:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:29.627Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:32 honeypot-ams-1 sshd[8132]: Received disconnect from 175.29.122.43 port 38664:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:32.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:35 honeypot-ams-1 sshd[8136]: Received disconnect from 175.29.122.43 port 39068:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:35.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:39 honeypot-ams-1 sshd[8140]: Received disconnect from 175.29.122.43 port 39164:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:39.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:42 honeypot-ams-1 sshd[8144]: Received disconnect from 175.29.122.43 port 39266:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:42.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:46 honeypot-ams-1 sshd[8148]: Received disconnect from 175.29.122.43 port 39682:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:46.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:49 honeypot-ams-1 sshd[8152]: Received disconnect from 175.29.122.43 port 39758:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:49.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:51 honeypot-ams-1 sshd[8156]: Invalid user test from 175.29.122.43 port 39816","@timestamp":"2022-09-19T10:03:52.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:54 honeypot-ams-1 sshd[8160]: Invalid user cirros from 175.29.122.43 port 40190","@timestamp":"2022-09-19T10:03:55.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:08:14 honeypot-fra-1 sshd[32455]: Disconnected from 137.184.118.54 port 43832 [preauth]","@timestamp":"2022-09-19T10:08:14.975Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:11:37.470Z","@version":"1","message":"Sep 19 10:11:36 honeypot-sgp-1 sshd[1057]: Connection closed by invalid user zxc 103.188.176.251 port 36016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:13:35 honeypot-fra-1 sshd[32460]: Connection closed by 5.228.88.136 port 44849 [preauth]","@timestamp":"2022-09-19T10:13:36.097Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:14:30.543Z","@version":"1","message":"Sep 19 10:14:30 honeypot-sgp-1 sshd[1061]: Disconnected from authenticating user root 61.177.173.51 port 60662 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:17:01 honeypot-ams-1 CRON[8163]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T10:17:01.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:17:01 honeypot-fra-1 CRON[32464]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T10:17:02.177Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:19:02.654Z","@version":"1","message":"Sep 19 10:19:01 honeypot-sgp-1 sshd[1069]: Received disconnect from 143.244.158.100 port 45508:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:20:25.690Z","@version":"1","message":"Sep 19 10:20:24 honeypot-sgp-1 sshd[1073]: Disconnected from authenticating user root 218.92.0.221 port 36574 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:21:34.722Z","@version":"1","message":"Sep 19 10:21:34 honeypot-sgp-1 sshd[1077]: Received disconnect from 61.177.173.50 port 52678:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:23:14.765Z","@version":"1","message":"Sep 19 10:23:14 honeypot-sgp-1 sshd[1084]: Received disconnect from 61.177.172.19 port 49936:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:23:59.787Z","@version":"1","message":"Sep 19 10:23:59 honeypot-sgp-1 sshd[1091]: Received disconnect from 143.244.158.100 port 37226:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:12.793Z","@version":"1","message":"Sep 19 10:24:12 honeypot-sgp-1 sshd[1095]: Received disconnect from 45.61.187.160 port 45734:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:29.802Z","@version":"1","message":"Sep 19 10:24:29 honeypot-sgp-1 sshd[1099]: Received disconnect from 45.61.187.160 port 40484:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:45.810Z","@version":"1","message":"Sep 19 10:24:45 honeypot-sgp-1 sshd[1103]: Received disconnect from 45.61.187.160 port 35264:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:52.813Z","@version":"1","message":"Sep 19 10:24:52 honeypot-sgp-1 sshd[1107]: Disconnected from invalid user ruut 159.203.108.158 port 34692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:26:24.853Z","@version":"1","message":"Sep 19 10:26:24 honeypot-sgp-1 sshd[1113]: Disconnected from authenticating user root 143.244.158.100 port 58914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:28:20.902Z","@version":"1","message":"Sep 19 10:28:20 honeypot-sgp-1 sshd[1120]: Disconnected from authenticating user root 61.177.173.47 port 23015 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:29:47 honeypot-ams-1 kernel: [84459966.565457] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42961 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:29:48.314Z"}
{"@timestamp":"2022-09-19T10:30:19.955Z","@version":"1","message":"Sep 19 10:30:19 honeypot-sgp-1 sshd[1126]: Did not receive identification string from 61.177.172.114 port 27708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:32:10.023Z","@version":"1","message":"Sep 19 10:32:09 honeypot-sgp-1 sshd[1133]: Disconnected from authenticating user root 143.244.158.100 port 39682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:32:26 honeypot-fra-1 kernel: [84457950.631401] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=31174 DF PROTO=TCP SPT=56121 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:32:26.536Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:34:40.087Z","@version":"1","message":"Sep 19 10:34:39 honeypot-sgp-1 sshd[1140]: Received disconnect from 143.244.158.100 port 56384:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:36:29.134Z","@version":"1","message":"Sep 19 10:36:28 honeypot-sgp-1 kernel: [84459890.090319] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=39351 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:38:44.192Z","@version":"1","message":"Sep 19 10:38:43 honeypot-sgp-1 sshd[1153]: Connection closed by invalid user enisa 179.60.147.69 port 52656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:39:21 honeypot-fra-1 kernel: [84458366.101212] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.164.36 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=19122 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:39:22.690Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:39:35.217Z","@version":"1","message":"Sep 19 10:39:34 honeypot-sgp-1 sshd[1160]: Received disconnect from 143.244.158.100 port 45006:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:41:16.260Z","@version":"1","message":"Sep 19 10:41:15 honeypot-sgp-1 sshd[1165]: Disconnected from authenticating user root 143.244.158.100 port 47368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:42:02 honeypot-ams-1 sshd[8173]: Disconnected from authenticating user root 134.209.193.165 port 47952 [preauth]","@timestamp":"2022-09-19T10:42:03.630Z"}
{"@timestamp":"2022-09-19T10:42:46.299Z","@version":"1","message":"Sep 19 10:42:45 honeypot-sgp-1 sshd[1171]: Received disconnect from 61.177.173.51 port 38352:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:42:58.305Z","@version":"1","message":"Sep 19 10:42:57 honeypot-sgp-1 kernel: [84460279.480106] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.64.89 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=25048 DF PROTO=TCP SPT=63099 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:45:29.368Z","@version":"1","message":"Sep 19 10:45:28 honeypot-sgp-1 sshd[1180]: Disconnected from authenticating user root 143.244.158.100 port 48504 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32495]: Invalid user centos from 20.16.187.32 port 35820","@timestamp":"2022-09-19T10:46:02.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32499]: Invalid user ts3server from 20.16.187.32 port 35858","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32510]: Invalid user elastic from 20.16.187.32 port 35838","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32513]: Connection closed by invalid user devops 20.16.187.32 port 35854 [preauth]","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32516]: Invalid user ec2 from 20.16.187.32 port 35850","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32518]: Connection closed by invalid user ec2 20.16.187.32 port 35852 [preauth]","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:47:04 honeypot-ams-1 sshd[8181]: Received disconnect from 129.213.100.212 port 45032:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:47:04.759Z"}
{"@timestamp":"2022-09-19T10:47:58.432Z","@version":"1","message":"Sep 19 10:47:58 honeypot-sgp-1 sshd[1187]: Received disconnect from 143.244.158.100 port 38884:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:48:54.456Z","@version":"1","message":"Sep 19 10:48:53 honeypot-sgp-1 sshd[1192]: Disconnected from invalid user tomcat8 114.205.54.184 port 44324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:50:26.495Z","@version":"1","message":"Sep 19 10:50:26 honeypot-sgp-1 sshd[1214]: Disconnected from authenticating user root 143.244.158.100 port 53898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:51:10 honeypot-fra-1 sshd[32534]: Received disconnect from 178.128.35.197 port 33156:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:51:10.969Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:52:53.557Z","@version":"1","message":"Sep 19 10:52:53 honeypot-sgp-1 sshd[1221]: Received disconnect from 143.244.158.100 port 39524:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:55:12.615Z","@version":"1","message":"Sep 19 10:55:12 honeypot-sgp-1 kernel: [84461013.873025] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.10 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37877 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:56:58.716Z","@version":"1","message":"Sep 19 10:56:58 honeypot-sgp-1 kernel: [84461119.824546] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.146.226.12 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=28620 PROTO=TCP SPT=50068 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:57:22 honeypot-ams-1 kernel: [84461621.841588] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.168.28.237 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=46594 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:57:23.042Z"}
{"@timestamp":"2022-09-19T10:58:49.766Z","@version":"1","message":"Sep 19 10:58:49 honeypot-sgp-1 sshd[1238]: Disconnected from authenticating user root 143.244.158.100 port 34280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:34 honeypot-fra-1 sshd[32537]: Did not receive identification string from 121.4.171.124 port 49682","@timestamp":"2022-09-19T10:59:35.155Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32561]: Invalid user admin from 121.4.171.124 port 54116","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:37 honeypot-fra-1 sshd[32551]: Invalid user es from 121.4.171.124 port 54074","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:37 honeypot-fra-1 sshd[32551]: Connection closed by invalid user es 121.4.171.124 port 54074 [preauth]","@timestamp":"2022-09-19T10:59:38.159Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:01:19.830Z","@version":"1","message":"Sep 19 11:01:19 honeypot-sgp-1 sshd[1246]: Received disconnect from 143.244.158.100 port 36254:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:03:33 honeypot-ams-1 kernel: [84461992.309535] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=2867 PROTO=TCP SPT=49389 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:03:34.207Z"}
{"@timestamp":"2022-09-19T11:03:50.893Z","@version":"1","message":"Sep 19 11:03:50 honeypot-sgp-1 sshd[1252]: Received disconnect from 143.244.158.100 port 60554:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:06:40 honeypot-fra-1 kernel: [84460004.281419] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=53875 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:06:40.317Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:08:37.009Z","@version":"1","message":"Sep 19 11:08:36 honeypot-sgp-1 kernel: [84461817.703575] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=31500 DF PROTO=TCP SPT=7031 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:08:40 honeypot-fra-1 sshd[32575]: Disconnected from invalid user liuyufan 165.22.45.108 port 43460 [preauth]","@timestamp":"2022-09-19T11:08:41.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:11:08.073Z","@version":"1","message":"Sep 19 11:11:07 honeypot-sgp-1 kernel: [84461968.930786] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=31531 DF PROTO=TCP SPT=1975 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:12:48 honeypot-ams-1 sshd[8187]: Disconnected from authenticating user root 164.92.158.12 port 55332 [preauth]","@timestamp":"2022-09-19T11:12:49.451Z"}
{"@timestamp":"2022-09-19T11:14:39.161Z","@version":"1","message":"Sep 19 11:14:39 honeypot-sgp-1 sshd[1262]: Invalid user ubnt from 92.255.85.69 port 21122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:15:21 honeypot-ams-1 sshd[8190]: Invalid user ubnt from 92.255.85.70 port 31694","@timestamp":"2022-09-19T11:15:21.522Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:17:01 honeypot-fra-1 CRON[32580]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T11:17:01.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:18:02 honeypot-fra-1 kernel: [84460686.375908] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=4598 PROTO=TCP SPT=45887 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:18:02.577Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:18:04.245Z","@version":"1","message":"Sep 19 11:18:03 honeypot-sgp-1 sshd[1268]: Connection closed by invalid user eurek 179.60.147.69 port 15482 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:19:25 honeypot-ams-1 kernel: [84462944.076991] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.224.50.142 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24292 PROTO=TCP SPT=58653 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:19:25.630Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:22:11 honeypot-ams-1 kernel: [84463110.383031] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=82.59.232.75 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=63519 PROTO=TCP SPT=32483 DPT=443 WINDOW=13987 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:22:11.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:01 honeypot-ams-1 sshd[8202]: Received disconnect from 179.86.56.96 port 48174:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:02.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:07 honeypot-ams-1 sshd[8209]: Received disconnect from 179.86.56.96 port 48336:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:07.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:12 honeypot-ams-1 sshd[8215]: Received disconnect from 179.86.56.96 port 48475:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:12.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:16 honeypot-ams-1 sshd[8221]: Disconnected from authenticating user root 179.86.56.96 port 48577 [preauth]","@timestamp":"2022-09-19T11:25:16.793Z"}
{"@timestamp":"2022-09-19T11:25:19.419Z","@version":"1","message":"Sep 19 11:25:19 honeypot-sgp-1 sshd[1278]: Connection closed by invalid user newftpuser 137.116.144.39 port 52636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:21 honeypot-ams-1 sshd[8227]: Disconnected from authenticating user root 179.86.56.96 port 48718 [preauth]","@timestamp":"2022-09-19T11:25:21.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:26 honeypot-ams-1 sshd[8233]: Disconnected from authenticating user root 179.86.56.96 port 48872 [preauth]","@timestamp":"2022-09-19T11:25:27.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:32 honeypot-ams-1 sshd[8239]: Received disconnect from 179.86.56.96 port 49003:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:32.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:37 honeypot-ams-1 sshd[8245]: Received disconnect from 179.86.56.96 port 49167:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:37.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:42 honeypot-ams-1 sshd[8251]: Received disconnect from 179.86.56.96 port 49294:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:43.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:48 honeypot-ams-1 sshd[8257]: Received disconnect from 179.86.56.96 port 49468:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:48.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:53 honeypot-ams-1 sshd[8263]: Received disconnect from 179.86.56.96 port 49595:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:53.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:58 honeypot-ams-1 sshd[8269]: Received disconnect from 179.86.56.96 port 49762:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:59.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:02 honeypot-ams-1 sshd[8273]: Disconnected from invalid user admin 179.86.56.96 port 49852 [preauth]","@timestamp":"2022-09-19T11:26:02.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:06 honeypot-ams-1 sshd[8277]: Disconnected from invalid user admin 179.86.56.96 port 49963 [preauth]","@timestamp":"2022-09-19T11:26:06.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:09 honeypot-ams-1 sshd[8281]: Disconnected from invalid user admin 179.86.56.96 port 50070 [preauth]","@timestamp":"2022-09-19T11:26:09.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:13 honeypot-ams-1 sshd[8285]: Disconnected from invalid user admin 179.86.56.96 port 50165 [preauth]","@timestamp":"2022-09-19T11:26:13.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:16 honeypot-ams-1 sshd[8289]: Disconnected from invalid user admin 179.86.56.96 port 50277 [preauth]","@timestamp":"2022-09-19T11:26:16.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:20 honeypot-ams-1 sshd[8293]: Disconnected from invalid user user 179.86.56.96 port 50380 [preauth]","@timestamp":"2022-09-19T11:26:20.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:25 honeypot-ams-1 sshd[8299]: Received disconnect from 179.86.56.96 port 50536:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:25.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:29 honeypot-ams-1 sshd[8303]: Received disconnect from 179.86.56.96 port 50648:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:29.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:32 honeypot-ams-1 sshd[8307]: Received disconnect from 179.86.56.96 port 50742:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:32.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:36 honeypot-ams-1 sshd[8311]: Received disconnect from 179.86.56.96 port 50853:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:36.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:40 honeypot-ams-1 sshd[8315]: Received disconnect from 179.86.56.96 port 50954:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:40.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:43 honeypot-ams-1 sshd[8319]: Received disconnect from 179.86.56.96 port 51057:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:43.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:47 honeypot-ams-1 sshd[8323]: Received disconnect from 179.86.56.96 port 51167:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:47.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:50 honeypot-ams-1 sshd[8327]: Received disconnect from 179.86.56.96 port 51272:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:51.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:54 honeypot-ams-1 sshd[8331]: Received disconnect from 179.86.56.96 port 51376:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:54.860Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:26:58 honeypot-ams-1 kernel: [84463397.220740] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=47100 PROTO=TCP SPT=48844 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:26:58.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:27:01 honeypot-ams-1 sshd[8339]: Invalid user cirros from 179.86.56.96 port 51575","@timestamp":"2022-09-19T11:27:01.865Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:29:08 honeypot-ams-1 kernel: [84463527.281439] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.227.97.195 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=26506 DF PROTO=TCP SPT=37450 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:29:08.936Z"}
{"@timestamp":"2022-09-19T11:36:00.675Z","@version":"1","message":"Sep 19 11:35:59 honeypot-sgp-1 sshd[1292]: Invalid user carter from 45.64.134.14 port 16747","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:36:01 honeypot-fra-1 sshd[32590]: Invalid user agg from 188.166.231.119 port 58889","@timestamp":"2022-09-19T11:36:01.966Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:38:29.735Z","@version":"1","message":"Sep 19 11:38:29 honeypot-sgp-1 sshd[1294]: Disconnected from invalid user lancelot 119.159.226.140 port 39610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:38:52 honeypot-fra-1 sshd[32595]: Invalid user support from 92.255.85.69 port 49944","@timestamp":"2022-09-19T11:38:53.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:39:52 honeypot-ams-1 sshd[8348]: Disconnected from authenticating user root 34.75.26.147 port 33180 [preauth]","@timestamp":"2022-09-19T11:39:53.214Z"}
{"@timestamp":"2022-09-19T11:41:44.815Z","@version":"1","message":"Sep 19 11:41:44 honeypot-sgp-1 sshd[1299]: Disconnected from invalid user support 92.255.85.70 port 60856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:42:18 honeypot-ams-1 sshd[8355]: Received disconnect from 167.172.50.255 port 54014:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:42:18.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:44:26 honeypot-ams-1 sshd[8357]: Disconnected from invalid user continuum 207.254.224.220 port 45660 [preauth]","@timestamp":"2022-09-19T11:44:26.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:45:49 honeypot-fra-1 sshd[32600]: Invalid user qhsupport from 51.250.12.51 port 59954","@timestamp":"2022-09-19T11:45:50.188Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:47:08 honeypot-fra-1 sshd[32602]: Disconnected from authenticating user root 210.3.92.14 port 48846 [preauth]","@timestamp":"2022-09-19T11:47:08.220Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:49:14 honeypot-ams-1 sshd[8362]: Disconnected from authenticating user root 111.57.0.90 port 39670 [preauth]","@timestamp":"2022-09-19T11:49:15.478Z"}
{"@timestamp":"2022-09-19T11:53:08.087Z","@version":"1","message":"Sep 19 11:53:07 honeypot-sgp-1 sshd[1312]: Received disconnect from 37.139.1.197 port 43329:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:53:17 honeypot-ams-1 sshd[8366]: Received disconnect from 2.36.249.18 port 49872:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:53:18.586Z"}
{"@timestamp":"2022-09-19T11:55:23.145Z","@version":"1","message":"Sep 19 11:55:22 honeypot-sgp-1 sshd[1319]: Disconnected from invalid user teamspeak 107.173.156.9 port 46126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:56:48 honeypot-fra-1 kernel: [84463012.149666] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.172.166.5 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=50867 DF PROTO=TCP SPT=36960 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:56:48.448Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:57:18.193Z","@version":"1","message":"Sep 19 11:57:17 honeypot-sgp-1 kernel: [84464739.512904] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=35690 PROTO=TCP SPT=47965 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:59:45 honeypot-ams-1 sshd[8371]: Received disconnect from 157.245.9.6 port 44076:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:59:46.757Z"}
{"@timestamp":"2022-09-19T12:00:48.280Z","@version":"1","message":"Sep 19 12:00:47 honeypot-sgp-1 kernel: [84464949.268869] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=61427 DF PROTO=TCP SPT=55734 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:03:57 honeypot-ams-1 kernel: [84465616.237061] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=9009 PROTO=TCP SPT=49025 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:03:57.870Z"}
{"@timestamp":"2022-09-19T12:06:40.423Z","@version":"1","message":"Sep 19 12:06:40 honeypot-sgp-1 sshd[1332]: Disconnected from authenticating user root 61.177.172.108 port 21788 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:06:49 honeypot-fra-1 kernel: [84463613.296601] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=2224 PROTO=TCP SPT=48804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:06:49.667Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T12:09:44.499Z","@version":"1","message":"Sep 19 12:09:43 honeypot-sgp-1 sshd[1336]: Did not receive identification string from 92.255.85.183 port 62835","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:10:44.527Z","@version":"1","message":"Sep 19 12:10:43 honeypot-sgp-1 sshd[1341]: Disconnected from 61.177.173.50 port 58886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:14:58 honeypot-fra-1 sshd[32620]: Connection closed by invalid user zxc 103.188.176.251 port 59702 [preauth]","@timestamp":"2022-09-19T12:14:58.851Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:15:38 honeypot-ams-1 sshd[8380]: ssh_dispatch_run_fatal: Connection from 88.88.97.30 port 42025: Connection corrupted [preauth]","@timestamp":"2022-09-19T12:15:39.178Z"}
{"@timestamp":"2022-09-19T12:16:57.680Z","@version":"1","message":"Sep 19 12:16:56 honeypot-sgp-1 sshd[1349]: Disconnected from invalid user array 92.255.85.70 port 28352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:18:38.722Z","@version":"1","message":"Sep 19 12:18:37 honeypot-sgp-1 sshd[1356]: Disconnected from authenticating user root 72.255.10.16 port 59700 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:21:10 honeypot-ams-1 sshd[8388]: Invalid user array from 92.255.85.70 port 29134","@timestamp":"2022-09-19T12:21:11.347Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:23:39 honeypot-fra-1 sshd[32626]: Invalid user admin from 141.98.10.158 port 48036","@timestamp":"2022-09-19T12:23:40.048Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:24:11 honeypot-ams-1 kernel: [84466830.947025] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.204.35.22 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=9196 PROTO=TCP SPT=57813 DPT=443 WINDOW=55786 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:24:12.427Z"}
{"@timestamp":"2022-09-19T12:25:53.897Z","@version":"1","message":"Sep 19 12:25:53 honeypot-sgp-1 sshd[1363]: Received disconnect from 61.177.173.36 port 20410:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:31:22 honeypot-fra-1 sshd[32631]: Disconnected from invalid user virl 188.166.153.99 port 34858 [preauth]","@timestamp":"2022-09-19T12:31:23.221Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:32:23 honeypot-ams-1 sshd[8398]: Invalid user oracle from 159.89.8.45 port 51962","@timestamp":"2022-09-19T12:32:23.640Z"}
{"@timestamp":"2022-09-19T12:36:53.162Z","@version":"1","message":"Sep 19 12:36:52 honeypot-sgp-1 sshd[1374]: Connection closed by authenticating user root 103.188.176.251 port 59980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:40:52 honeypot-fra-1 sshd[32638]: Invalid user newftpuser from 137.116.144.39 port 36346","@timestamp":"2022-09-19T12:40:53.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:46:35.400Z","@version":"1","message":"Sep 19 12:46:34 honeypot-sgp-1 sshd[1385]: Disconnected from authenticating user root 61.177.173.36 port 36111 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:38 honeypot-fra-1 sshd[32642]: Disconnected from invalid user user 45.61.184.204 port 47066 [preauth]","@timestamp":"2022-09-19T12:46:38.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:57 honeypot-fra-1 sshd[32646]: Disconnected from invalid user user 45.61.184.204 port 42112 [preauth]","@timestamp":"2022-09-19T12:46:58.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:16 honeypot-fra-1 sshd[32650]: Disconnected from invalid user user 45.61.184.204 port 37210 [preauth]","@timestamp":"2022-09-19T12:47:17.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:36 honeypot-fra-1 sshd[32654]: Disconnected from invalid user user 45.61.184.204 port 60568 [preauth]","@timestamp":"2022-09-19T12:47:36.609Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:48:42 honeypot-ams-1 sshd[8415]: Received disconnect from 92.255.85.69 port 19650:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:48:43.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:54:20 honeypot-ams-1 sshd[8419]: Disconnected from invalid user chiaping 128.199.71.153 port 43782 [preauth]","@timestamp":"2022-09-19T12:54:21.214Z"}
{"@timestamp":"2022-09-19T12:55:51.625Z","@version":"1","message":"Sep 19 12:55:51 honeypot-sgp-1 kernel: [84468253.082660] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=40680 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:59:51.724Z","@version":"1","message":"Sep 19 12:59:51 honeypot-sgp-1 sshd[1398]: Disconnected from authenticating user root 61.177.173.46 port 17679 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:01:41 honeypot-ams-1 kernel: [84469080.294359] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.187.205.166 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=47662 PROTO=TCP SPT=55603 DPT=80 WINDOW=52003 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:01:41.410Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:01:53 honeypot-fra-1 sshd[32658]: Received disconnect from 194.163.158.45 port 47586:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:01:53.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:05:17 honeypot-fra-1 sshd[32663]: Invalid user sftp from 118.27.26.17 port 58702","@timestamp":"2022-09-19T13:05:18.018Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:10:05 honeypot-ams-1 sshd[8427]: Invalid user test from 187.190.252.164 port 54616","@timestamp":"2022-09-19T13:10:06.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:11:26 honeypot-fra-1 sshd[32668]: Received disconnect from 181.209.159.166 port 38212:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:11:27.151Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:13:05.039Z","@version":"1","message":"Sep 19 13:13:04 honeypot-sgp-1 kernel: [84469285.737385] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.89 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=52264 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:14:35 honeypot-ams-1 kernel: [84469854.056642] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.163.104.128 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=111 ID=36733 DF PROTO=TCP SPT=53695 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T13:14:35.756Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:17:01 honeypot-fra-1 CRON[32673]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T13:17:02.278Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:17:28.168Z","@version":"1","message":"Sep 19 13:17:27 honeypot-sgp-1 sshd[1415]: Received disconnect from 189.56.100.42 port 59225:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:18:01 honeypot-ams-1 kernel: [84470060.271049] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.35.236.158 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=57460 DF PROTO=TCP SPT=45372 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:18:01.873Z"}
{"@timestamp":"2022-09-19T13:21:53.275Z","@version":"1","message":"Sep 19 13:21:53 honeypot-sgp-1 sshd[1425]: Invalid user teamspeakserver from 66.29.130.103 port 59674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:43 honeypot-fra-1 sshd[32679]: Connection closed by invalid user admin 128.199.160.207 port 54694 [preauth]","@timestamp":"2022-09-19T13:26:43.498Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:26:57 honeypot-ams-1 kernel: [84470596.807177] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.195.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57643 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:26:58.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:27:46 honeypot-fra-1 sshd[32685]: Received disconnect from 209.141.34.233 port 35448:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:27:46.523Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:29:53.475Z","@version":"1","message":"Sep 19 13:29:53 honeypot-sgp-1 sshd[1431]: Disconnected from authenticating user root 137.184.104.77 port 47632 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:30:58 honeypot-ams-1 sshd[8448]: Disconnected from invalid user doydoy 200.42.176.235 port 43642 [preauth]","@timestamp":"2022-09-19T13:30:59.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:03 honeypot-ams-1 sshd[8455]: Received disconnect from 95.251.178.212 port 60434:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:04.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:04 honeypot-ams-1 sshd[8461]: Received disconnect from 95.251.178.212 port 60494:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:05.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:05 honeypot-ams-1 sshd[8467]: Received disconnect from 95.251.178.212 port 60534:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:06.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:06 honeypot-ams-1 sshd[8473]: Received disconnect from 95.251.178.212 port 60610:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:07.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:07 honeypot-ams-1 sshd[8479]: Received disconnect from 95.251.178.212 port 60644:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:08.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:08 honeypot-ams-1 sshd[8485]: Received disconnect from 95.251.178.212 port 60686:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:09.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:09 honeypot-ams-1 sshd[8491]: Received disconnect from 95.251.178.212 port 60722:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:10.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:10 honeypot-ams-1 sshd[8497]: Received disconnect from 95.251.178.212 port 60750:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:11.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:11 honeypot-ams-1 sshd[8503]: Received disconnect from 95.251.178.212 port 60778:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:12.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:13 honeypot-ams-1 sshd[8509]: Received disconnect from 95.251.178.212 port 32856:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:13.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:14 honeypot-ams-1 sshd[8515]: Received disconnect from 95.251.178.212 port 32920:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:14.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:15 honeypot-ams-1 sshd[8521]: Received disconnect from 95.251.178.212 port 32956:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:15.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:15 honeypot-ams-1 sshd[8525]: Received disconnect from 95.251.178.212 port 33010:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:16.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:16 honeypot-ams-1 sshd[8529]: Received disconnect from 95.251.178.212 port 33040:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:17.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8533]: Received disconnect from 95.251.178.212 port 33060:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8537]: Received disconnect from 95.251.178.212 port 33076:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8541]: Received disconnect from 95.251.178.212 port 33112:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:19 honeypot-ams-1 sshd[8545]: Disconnected from authenticating user root 95.251.178.212 port 33134 [preauth]","@timestamp":"2022-09-19T13:32:20.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:20 honeypot-ams-1 sshd[8551]: Invalid user pi from 95.251.178.212 port 33162","@timestamp":"2022-09-19T13:32:21.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8557]: Invalid user ethos from 95.251.178.212 port 33182","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8559]: Disconnected from invalid user mine 95.251.178.212 port 33194 [preauth]","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8563]: Invalid user xbmc from 95.251.178.212 port 33356","@timestamp":"2022-09-19T13:32:23.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:23 honeypot-ams-1 sshd[8567]: Invalid user oracle from 95.251.178.212 port 33496","@timestamp":"2022-09-19T13:32:23.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:23 honeypot-ams-1 sshd[8571]: Invalid user postgres from 95.251.178.212 port 33534","@timestamp":"2022-09-19T13:32:24.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:24 honeypot-ams-1 sshd[8575]: Invalid user support from 95.251.178.212 port 33564","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8579]: Invalid user ubuntu from 95.251.178.212 port 33584","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8583]: Invalid user ubuntu from 95.251.178.212 port 33650","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8587]: Invalid user guest from 95.251.178.212 port 33666","@timestamp":"2022-09-19T13:32:27.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:27 honeypot-ams-1 sshd[8591]: Invalid user cirros from 95.251.178.212 port 33682","@timestamp":"2022-09-19T13:32:28.263Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:34:44 honeypot-ams-1 kernel: [84471063.076269] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.60.15.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=24604 PROTO=TCP SPT=17189 DPT=80 WINDOW=44501 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:34:44.323Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:36:41 honeypot-fra-1 sshd[32689]: Invalid user user from 45.61.187.160 port 48438","@timestamp":"2022-09-19T13:36:41.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:04 honeypot-fra-1 sshd[32693]: Invalid user user from 45.61.187.160 port 43618","@timestamp":"2022-09-19T13:37:05.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:23 honeypot-fra-1 sshd[32697]: Did not receive identification string from 45.61.186.49 port 59228","@timestamp":"2022-09-19T13:37:24.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:31 honeypot-fra-1 sshd[32700]: Disconnected from invalid user user 45.61.186.49 port 57570 [preauth]","@timestamp":"2022-09-19T13:37:31.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:37 honeypot-fra-1 sshd[32704]: Disconnected from invalid user user 45.61.187.160 port 50506 [preauth]","@timestamp":"2022-09-19T13:37:37.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:46 honeypot-fra-1 sshd[32708]: Disconnected from invalid user user 45.61.186.49 port 46282 [preauth]","@timestamp":"2022-09-19T13:37:46.756Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:38:43.697Z","@version":"1","message":"Sep 19 13:38:43 honeypot-sgp-1 kernel: [84470824.663160] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.216.34.247 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=40783 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:42:31 honeypot-fra-1 sshd[32714]: Received disconnect from 92.255.85.70 port 20160:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:42:31.863Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:43:44.824Z","@version":"1","message":"Sep 19 13:43:43 honeypot-sgp-1 sshd[1446]: Received disconnect from 61.177.172.108 port 12689:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:50:13 honeypot-fra-1 sshd[32719]: Disconnected from invalid user 67890 128.199.184.157 port 33956 [preauth]","@timestamp":"2022-09-19T13:50:14.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:50:22.988Z","@version":"1","message":"Sep 19 13:50:22 honeypot-sgp-1 sshd[1452]: Disconnected from authenticating user root 92.255.85.70 port 62652 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:51:16 honeypot-ams-1 sshd[8601]: Received disconnect from 92.255.85.69 port 32284:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:51:17.775Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:58:49 honeypot-ams-1 sshd[8604]: Received disconnect from 160.251.73.96 port 48184:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:58:49.992Z"}
{"@timestamp":"2022-09-19T14:09:26.505Z","@version":"1","message":"Sep 19 14:09:25 honeypot-sgp-1 sshd[1462]: Received disconnect from 189.4.149.140 port 50864:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:09:39 honeypot-fra-1 kernel: [84470983.738800] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.230.63.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=58354 PROTO=TCP SPT=61953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:09:40.507Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T14:11:09.551Z","@version":"1","message":"Sep 19 14:11:09 honeypot-sgp-1 sshd[1466]: Received disconnect from 61.177.173.36 port 37241:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:45 honeypot-fra-1 sshd[32732]: Received disconnect from 89.109.32.143 port 5696:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:12:46.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:48 honeypot-fra-1 sshd[32736]: error: maximum authentication attempts exceeded for invalid user admin from 89.109.32.143 port 6340 ssh2 [preauth]","@timestamp":"2022-09-19T14:12:49.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:52 honeypot-fra-1 sshd[32740]: error: maximum authentication attempts exceeded for invalid user oracle from 89.109.32.143 port 7148 ssh2 [preauth]","@timestamp":"2022-09-19T14:12:52.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:55 honeypot-fra-1 sshd[32744]: Received disconnect from 89.109.32.143 port 7886:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:12:55.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:58 honeypot-fra-1 sshd[32748]: error: maximum authentication attempts exceeded for invalid user usuario from 89.109.32.143 port 8588 ssh2 [preauth]","@timestamp":"2022-09-19T14:12:58.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:01 honeypot-fra-1 sshd[32752]: error: maximum authentication attempts exceeded for invalid user test from 89.109.32.143 port 9210 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:01.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:04 honeypot-fra-1 sshd[32756]: Received disconnect from 89.109.32.143 port 9980:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:04.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:07 honeypot-fra-1 sshd[32760]: error: maximum authentication attempts exceeded for invalid user user from 89.109.32.143 port 10639 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:07.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:10 honeypot-fra-1 sshd[32764]: error: maximum authentication attempts exceeded for invalid user ftpuser from 89.109.32.143 port 11423 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:11.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:13 honeypot-fra-1 sshd[300]: Received disconnect from 89.109.32.143 port 12072:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:14.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:16 honeypot-fra-1 sshd[306]: Invalid user ftpuser from 92.255.85.69 port 55138","@timestamp":"2022-09-19T14:13:16.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:17 honeypot-fra-1 sshd[308]: Received disconnect from 89.109.32.143 port 13108:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:18.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:21 honeypot-fra-1 sshd[312]: error: maximum authentication attempts exceeded for invalid user test2 from 89.109.32.143 port 13784 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:21.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:24 honeypot-fra-1 sshd[316]: Received disconnect from 89.109.32.143 port 14475:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:24.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:26 honeypot-fra-1 sshd[320]: error: maximum authentication attempts exceeded for invalid user ubuntu from 89.109.32.143 port 15148 ssh2 [preauth]","@timestamp":"2022-09-19T14:13:27.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:28 honeypot-fra-1 sshd[324]: Invalid user duni from 89.109.32.143 port 15729","@timestamp":"2022-09-19T14:13:28.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:30 honeypot-fra-1 sshd[326]: Disconnected from invalid user pi 89.109.32.143 port 16082 [preauth]","@timestamp":"2022-09-19T14:13:31.607Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:13:34.614Z","@version":"1","message":"Sep 19 14:13:34 honeypot-sgp-1 sshd[1473]: Disconnected from authenticating user root 61.177.173.37 port 52836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:16:24 honeypot-ams-1 kernel: [84473563.056213] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=60880 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:16:24.451Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:17:01 honeypot-fra-1 CRON[333]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T14:17:01.683Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:17:33.713Z","@version":"1","message":"Sep 19 14:17:32 honeypot-sgp-1 sshd[1480]: Invalid user ftpuser from 92.255.85.69 port 24622","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:19:09 honeypot-ams-1 sshd[8613]: Invalid user n from 103.140.181.14 port 48284","@timestamp":"2022-09-19T14:19:09.524Z"}
{"@timestamp":"2022-09-19T14:19:45.771Z","@version":"1","message":"Sep 19 14:19:45 honeypot-sgp-1 kernel: [84473286.924390] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.134 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=26214 PROTO=TCP SPT=37876 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:21:40 honeypot-fra-1 kernel: [84471704.381082] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=957 PROTO=TCP SPT=51973 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:21:40.789Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:22:01 honeypot-ams-1 kernel: [84473900.465218] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.41.8.104 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=63256 DF PROTO=TCP SPT=52791 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:22:01.599Z"}
{"@timestamp":"2022-09-19T14:23:12.858Z","@version":"1","message":"Sep 19 14:23:12 honeypot-sgp-1 sshd[1490]: Disconnected from invalid user user 45.61.186.49 port 48914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:23:24.865Z","@version":"1","message":"Sep 19 14:23:24 honeypot-sgp-1 sshd[1494]: Disconnected from invalid user user 45.61.186.49 port 60398 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:25:27.919Z","@version":"1","message":"Sep 19 14:25:27 honeypot-sgp-1 sshd[1499]: Disconnected from 61.177.172.124 port 25631 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:30:42 honeypot-fra-1 kernel: [84472245.946560] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=8931 PROTO=TCP SPT=57806 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:30:43.120Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:32:16 honeypot-ams-1 sshd[8624]: Invalid user lionel from 129.150.50.94 port 38336","@timestamp":"2022-09-19T14:32:16.896Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:32:44 honeypot-ams-1 sshd[8628]: Received disconnect from 46.19.141.122 port 43232:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:32:44.911Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:33:37 honeypot-ams-1 sshd[8632]: Received disconnect from 46.19.141.122 port 34718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:33:37.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:25 honeypot-ams-1 sshd[8636]: Received disconnect from 46.19.141.122 port 51242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:34:25.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:35:17 honeypot-ams-1 sshd[8640]: Received disconnect from 46.19.141.122 port 42658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:35:17.985Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:36:00 honeypot-ams-1 kernel: [84474739.800213] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=14120 PROTO=TCP SPT=41436 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:36:01.007Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:36:43 honeypot-ams-1 sshd[8649]: Disconnected from invalid user support 46.19.141.122 port 32892 [preauth]","@timestamp":"2022-09-19T14:36:44.032Z"}
{"@timestamp":"2022-09-19T14:36:47.197Z","@version":"1","message":"Sep 19 14:36:46 honeypot-sgp-1 kernel: [84474307.792852] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=36827 DF PROTO=TCP SPT=52044 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:38:13 honeypot-ams-1 kernel: [84474871.903449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.255.10.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=51325 PROTO=TCP SPT=47752 DPT=443 WINDOW=36024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:38:13.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:39:25 honeypot-ams-1 sshd[8659]: Received disconnect from 46.19.141.122 port 47852:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:39:26.109Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:39:40 honeypot-fra-1 kernel: [84472784.521893] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=36469 PROTO=TCP SPT=51973 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:39:41.352Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:41:14 honeypot-ams-1 sshd[8666]: Received disconnect from 46.19.141.122 port 37602:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:41:15.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:41:55 honeypot-ams-1 sshd[8672]: Disconnected from authenticating user root 46.19.141.122 port 37748 [preauth]","@timestamp":"2022-09-19T14:41:56.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[370]: Invalid user hadoop from 101.100.242.83 port 53536","@timestamp":"2022-09-19T14:45:39.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[361]: Invalid user es from 101.100.242.83 port 53550","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[369]: Invalid user admin from 101.100.242.83 port 53508","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[383]: Invalid user admin from 101.100.242.83 port 53528","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[376]: Invalid user git from 101.100.242.83 port 53556","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[371]: Connection closed by invalid user git 101.100.242.83 port 53542 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[368]: Connection closed by invalid user admin 101.100.242.83 port 53510 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[372]: Connection closed by invalid user testuser 101.100.242.83 port 53548 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[381]: Connection closed by invalid user oracle 101.100.242.83 port 53504 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:45:43.416Z","@version":"1","message":"Sep 19 14:45:42 honeypot-sgp-1 sshd[1512]: Disconnected from authenticating user root 92.255.85.69 port 31658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:47:30 honeypot-ams-1 sshd[8677]: Disconnected from 206.81.0.243 port 33048 [preauth]","@timestamp":"2022-09-19T14:47:30.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:49:33 honeypot-fra-1 kernel: [84473376.742595] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46216 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:49:33.571Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:54:58 honeypot-ams-1 sshd[8683]: Received disconnect from 37.221.207.194 port 46380:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:54:58.521Z"}
{"@timestamp":"2022-09-19T14:55:26.657Z","@version":"1","message":"Sep 19 14:55:25 honeypot-sgp-1 sshd[1521]: Invalid user admin from 179.60.147.69 port 62406","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:56:33 honeypot-fra-1 sshd[425]: Invalid user admin from 179.60.147.69 port 41442","@timestamp":"2022-09-19T14:56:33.730Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:58:46 honeypot-ams-1 sshd[8685]: Connection closed by invalid user admin 179.60.147.69 port 63174 [preauth]","@timestamp":"2022-09-19T14:58:46.621Z"}
{"@timestamp":"2022-09-19T14:59:29.776Z","@version":"1","message":"Sep 19 14:59:29 honeypot-sgp-1 sshd[1526]: Disconnected from authenticating user root 61.177.172.108 port 24419 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:01:32.830Z","@version":"1","message":"Sep 19 15:01:32 honeypot-sgp-1 sshd[1532]: Connection closed by invalid user pradeep 103.188.176.251 port 42404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:03:30 honeypot-fra-1 kernel: [84474213.889594] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.228.36.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=23705 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:03:30.893Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:03:33 honeypot-ams-1 kernel: [84476392.808046] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.156 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=55037 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:03:34.748Z"}
{"@timestamp":"2022-09-19T15:10:26.047Z","@version":"1","message":"Sep 19 15:10:25 honeypot-sgp-1 kernel: [84476326.765137] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.165.98 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=42205 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:15:21 honeypot-fra-1 sshd[436]: Disconnected from invalid user squid 92.255.85.70 port 35072 [preauth]","@timestamp":"2022-09-19T15:15:22.175Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:15:34.178Z","@version":"1","message":"Sep 19 15:15:33 honeypot-sgp-1 sshd[1546]: Received disconnect from 207.154.208.193 port 34002:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:17:20.224Z","@version":"1","message":"Sep 19 15:17:20 honeypot-sgp-1 sshd[1551]: Disconnected from authenticating user root 61.177.173.53 port 39581 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:19:03.269Z","@version":"1","message":"Sep 19 15:19:02 honeypot-sgp-1 sshd[1559]: Invalid user squid from 92.255.85.70 port 34546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:19:48 honeypot-ams-1 kernel: [84477367.764637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.107.134.253 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49938 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:19:49.166Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:20:21 honeypot-fra-1 kernel: [84475224.912097] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:20:21.286Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:26:24.446Z","@version":"1","message":"Sep 19 15:26:24 honeypot-sgp-1 sshd[1565]: Disconnected from authenticating user root 61.177.173.36 port 12900 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:31:42.578Z","@version":"1","message":"Sep 19 15:31:42 honeypot-sgp-1 sshd[1570]: Connection closed by invalid user cloudera 179.60.147.69 port 48144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:33:16.621Z","@version":"1","message":"Sep 19 15:33:15 honeypot-sgp-1 sshd[1575]: Received disconnect from 178.128.103.172 port 56470:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:35:00 honeypot-ams-1 sshd[8700]: Invalid user cloudera from 179.60.147.69 port 6484","@timestamp":"2022-09-19T15:35:01.567Z"}
{"@timestamp":"2022-09-19T15:37:48.749Z","@version":"1","message":"Sep 19 15:37:48 honeypot-sgp-1 kernel: [84477969.594042] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=10134 PROTO=TCP SPT=29733 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:39:42 honeypot-fra-1 kernel: [84476386.568192] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34259 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:39:43.737Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:43:36.889Z","@version":"1","message":"Sep 19 15:43:36 honeypot-sgp-1 sshd[1587]: Received disconnect from 167.172.253.42 port 43556:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:45:14 honeypot-ams-1 kernel: [84478893.402858] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=31396 PROTO=TCP SPT=48784 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:45:14.845Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:45:32 honeypot-fra-1 sshd[453]: Disconnected from authenticating user root 92.255.85.70 port 42448 [preauth]","@timestamp":"2022-09-19T15:45:32.869Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:47:47 honeypot-ams-1 kernel: [84479045.994820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=0 DF PROTO=TCP SPT=54953 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:47:47.915Z"}
{"@timestamp":"2022-09-19T15:48:00.996Z","@version":"1","message":"Sep 19 15:48:00 honeypot-sgp-1 sshd[1594]: Invalid user user from 45.61.186.249 port 40904","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:20.007Z","@version":"1","message":"Sep 19 15:48:19 honeypot-sgp-1 sshd[1599]: Invalid user user from 45.61.186.249 port 35274","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:40.017Z","@version":"1","message":"Sep 19 15:48:39 honeypot-sgp-1 sshd[1603]: Invalid user user from 45.61.186.249 port 57880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:57.026Z","@version":"1","message":"Sep 19 15:48:56 honeypot-sgp-1 sshd[1607]: Received disconnect from 92.255.85.69 port 60338:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:49:05.030Z","@version":"1","message":"Sep 19 15:49:04 honeypot-sgp-1 sshd[1611]: Disconnected from authenticating user root 40.81.244.251 port 38944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:50:49.076Z","@version":"1","message":"Sep 19 15:50:48 honeypot-sgp-1 sshd[1617]: Invalid user ds from 104.131.12.184 port 45072","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:52:35.120Z","@version":"1","message":"Sep 19 15:52:34 honeypot-sgp-1 sshd[1622]: Invalid user influxdb from 165.232.176.114 port 45402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:53:07 honeypot-fra-1 sshd[458]: Received disconnect from 43.242.247.141 port 53902:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:53:08.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:54:50.195Z","@version":"1","message":"Sep 19 15:54:49 honeypot-sgp-1 sshd[1628]: Received disconnect from 114.7.195.180 port 57548:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:56:36 honeypot-ams-1 kernel: [84479575.507754] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.108.124.79 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=27639 PROTO=TCP SPT=15373 DPT=80 WINDOW=32484 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:56:37.151Z"}
{"@timestamp":"2022-09-19T15:57:54.270Z","@version":"1","message":"Sep 19 15:57:54 honeypot-sgp-1 sshd[1633]: Disconnected from authenticating user root 61.177.173.47 port 52347 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:58:30 honeypot-fra-1 sshd[463]: Disconnected from authenticating user root 95.86.165.90 port 35152 [preauth]","@timestamp":"2022-09-19T15:58:31.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:02:05 honeypot-ams-1 sshd[8714]: Invalid user administrator from 80.99.176.199 port 41734","@timestamp":"2022-09-19T16:02:06.302Z"}
{"@timestamp":"2022-09-19T16:04:16.424Z","@version":"1","message":"Sep 19 16:04:16 honeypot-sgp-1 sshd[1643]: Invalid user oracle from 39.109.127.242 port 45684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:08:48 honeypot-ams-1 sshd[8717]: Disconnected from authenticating user root 61.177.173.51 port 63283 [preauth]","@timestamp":"2022-09-19T16:08:48.480Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:11:47 honeypot-fra-1 sshd[470]: Received disconnect from 92.255.85.69 port 58556:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:11:48.456Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:11:58.610Z","@version":"1","message":"Sep 19 16:11:57 honeypot-sgp-1 kernel: [84480019.285785] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=169.228.66.212 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=52789 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:17:01 honeypot-ams-1 CRON[8724]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T16:17:02.700Z"}
{"@timestamp":"2022-09-19T16:17:10.736Z","@version":"1","message":"Sep 19 16:17:09 honeypot-sgp-1 sshd[1655]: Invalid user user from 45.61.187.160 port 33466","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:30.746Z","@version":"1","message":"Sep 19 16:17:30 honeypot-sgp-1 sshd[1659]: Invalid user user from 45.61.187.160 port 56188","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:49.755Z","@version":"1","message":"Sep 19 16:17:49 honeypot-sgp-1 sshd[1663]: Invalid user user from 45.61.187.160 port 50692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:18:08.765Z","@version":"1","message":"Sep 19 16:18:08 honeypot-sgp-1 sshd[1667]: Invalid user user from 45.61.187.160 port 45186","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:18:34 honeypot-fra-1 sshd[492]: Connection closed by authenticating user root 221.2.93.118 port 42056 [preauth]","@timestamp":"2022-09-19T16:18:34.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:21:35 honeypot-ams-1 sshd[8732]: Received disconnect from 61.177.173.36 port 25980:11:  [preauth]","@timestamp":"2022-09-19T16:21:36.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:24:25 honeypot-fra-1 sshd[505]: Received disconnect from 45.126.184.170 port 50144:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:24:25.755Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:27:32.989Z","@version":"1","message":"Sep 19 16:27:32 honeypot-sgp-1 sshd[1672]: Invalid user admin from 222.117.123.95 port 43846","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:29:27 honeypot-fra-1 kernel: [84479371.478773] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=15.197.142.173 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:29:28.883Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:48 honeypot-ams-1 sshd[8741]: Received disconnect from 98.40.14.28 port 37020:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:49.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:50 honeypot-ams-1 sshd[8745]: Disconnected from invalid user ubnt 98.40.14.28 port 37134 [preauth]","@timestamp":"2022-09-19T16:29:51.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:54 honeypot-ams-1 sshd[8751]: Disconnected from authenticating user root 98.40.14.28 port 37366 [preauth]","@timestamp":"2022-09-19T16:29:55.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:57 honeypot-ams-1 sshd[8757]: Disconnected from authenticating user root 98.40.14.28 port 37554 [preauth]","@timestamp":"2022-09-19T16:29:58.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:00 honeypot-ams-1 sshd[8763]: Disconnected from authenticating user root 98.40.14.28 port 37740 [preauth]","@timestamp":"2022-09-19T16:30:01.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:03 honeypot-ams-1 sshd[8769]: Disconnected from authenticating user root 98.40.14.28 port 37924 [preauth]","@timestamp":"2022-09-19T16:30:04.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:06 honeypot-ams-1 sshd[8775]: Disconnected from authenticating user root 98.40.14.28 port 38204 [preauth]","@timestamp":"2022-09-19T16:30:07.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:09 honeypot-ams-1 sshd[8781]: Disconnected from authenticating user root 98.40.14.28 port 38432 [preauth]","@timestamp":"2022-09-19T16:30:10.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:12 honeypot-ams-1 sshd[8787]: Disconnected from authenticating user root 98.40.14.28 port 38606 [preauth]","@timestamp":"2022-09-19T16:30:13.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:15 honeypot-ams-1 sshd[8793]: Disconnected from authenticating user root 98.40.14.28 port 38798 [preauth]","@timestamp":"2022-09-19T16:30:16.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:19 honeypot-ams-1 sshd[8799]: Disconnected from authenticating user root 98.40.14.28 port 39022 [preauth]","@timestamp":"2022-09-19T16:30:20.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:22 honeypot-ams-1 sshd[8805]: Invalid user admin from 98.40.14.28 port 39192","@timestamp":"2022-09-19T16:30:22.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:24 honeypot-ams-1 sshd[8809]: Invalid user admin from 98.40.14.28 port 39292","@timestamp":"2022-09-19T16:30:24.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:25 honeypot-ams-1 sshd[8813]: Invalid user admin from 98.40.14.28 port 39418","@timestamp":"2022-09-19T16:30:26.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:27 honeypot-ams-1 sshd[8817]: Invalid user admin from 98.40.14.28 port 39538","@timestamp":"2022-09-19T16:30:28.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:29 honeypot-ams-1 sshd[8821]: Invalid user admin from 98.40.14.28 port 39714","@timestamp":"2022-09-19T16:30:30.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:32 honeypot-ams-1 sshd[8825]: Received disconnect from 98.40.14.28 port 39886:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:33.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:34 honeypot-ams-1 sshd[8829]: Disconnected from invalid user pi 98.40.14.28 port 40044 [preauth]","@timestamp":"2022-09-19T16:30:34.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:35 honeypot-ams-1 sshd[8833]: Disconnected from invalid user baikal 98.40.14.28 port 40160 [preauth]","@timestamp":"2022-09-19T16:30:36.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:37 honeypot-ams-1 sshd[8837]: Disconnected from invalid user xbmc 98.40.14.28 port 40270 [preauth]","@timestamp":"2022-09-19T16:30:38.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:39 honeypot-ams-1 sshd[8841]: Disconnected from invalid user oracle 98.40.14.28 port 40386 [preauth]","@timestamp":"2022-09-19T16:30:40.080Z"}
{"@timestamp":"2022-09-19T16:30:41.067Z","@version":"1","message":"Sep 19 16:30:40 honeypot-sgp-1 kernel: [84481141.575964] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.179 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=49257 PROTO=TCP SPT=55355 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:41 honeypot-ams-1 sshd[8845]: Disconnected from invalid user postgres 98.40.14.28 port 40502 [preauth]","@timestamp":"2022-09-19T16:30:42.081Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:44 honeypot-ams-1 sshd[8850]: Disconnected from invalid user support 98.40.14.28 port 40604 [preauth]","@timestamp":"2022-09-19T16:30:45.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:46 honeypot-ams-1 sshd[8854]: Disconnected from invalid user ubuntu 98.40.14.28 port 40788 [preauth]","@timestamp":"2022-09-19T16:30:47.085Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:48 honeypot-ams-1 sshd[8858]: Disconnected from invalid user ubuntu 98.40.14.28 port 40914 [preauth]","@timestamp":"2022-09-19T16:30:49.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:50 honeypot-ams-1 sshd[8862]: Disconnected from invalid user guest 98.40.14.28 port 41018 [preauth]","@timestamp":"2022-09-19T16:30:51.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:52 honeypot-ams-1 sshd[8866]: Disconnected from invalid user cirros 98.40.14.28 port 41150 [preauth]","@timestamp":"2022-09-19T16:30:53.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:36:40 honeypot-fra-1 kernel: [84479804.146138] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=15.197.142.173 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=132 ID=32720 PROTO=TCP SPT=31696 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:36:41.043Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:36:51 honeypot-ams-1 sshd[8874]: Received disconnect from 61.177.173.51 port 48818:11:  [preauth]","@timestamp":"2022-09-19T16:36:51.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:39:21 honeypot-fra-1 sshd[513]: Received disconnect from 92.255.85.69 port 33836:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:39:22.106Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:42:31 honeypot-ams-1 sshd[8880]: Received disconnect from 61.177.172.90 port 33266:11:  [preauth]","@timestamp":"2022-09-19T16:42:31.393Z"}
{"@timestamp":"2022-09-19T16:43:07.361Z","@version":"1","message":"Sep 19 16:43:06 honeypot-sgp-1 sshd[1678]: Disconnected from invalid user hacluster 92.255.85.70 port 39678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:45:04 honeypot-fra-1 sshd[516]: Connection closed by authenticating user root 179.60.147.69 port 36052 [preauth]","@timestamp":"2022-09-19T16:45:05.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:45:55 honeypot-ams-1 sshd[8886]: Invalid user hacluster from 92.255.85.70 port 51788","@timestamp":"2022-09-19T16:45:56.486Z"}
{"@timestamp":"2022-09-19T16:47:53.479Z","@version":"1","message":"Sep 19 16:47:53 honeypot-sgp-1 kernel: [84482174.733150] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.56 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43958 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:52:23.589Z","@version":"1","message":"Sep 19 16:52:22 honeypot-sgp-1 sshd[1688]: Invalid user alexandre from 182.253.113.140 port 52364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:53:36 honeypot-ams-1 kernel: [84482995.254487] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.197.29.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=20002 PROTO=TCP SPT=14620 DPT=443 WINDOW=24911 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:53:36.692Z"}
{"@timestamp":"2022-09-19T16:54:29.641Z","@version":"1","message":"Sep 19 16:54:29 honeypot-sgp-1 sshd[1692]: Invalid user admin from 20.244.1.170 port 42526","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:54:30 honeypot-fra-1 sshd[521]: Disconnected from invalid user liwei 165.22.45.108 port 32898 [preauth]","@timestamp":"2022-09-19T16:54:31.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:56:44.695Z","@version":"1","message":"Sep 19 16:56:44 honeypot-sgp-1 sshd[1697]: Invalid user adva from 207.154.205.34 port 55526","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:00:32 honeypot-ams-1 sshd[8902]: Invalid user newadmin from 159.65.163.176 port 40102","@timestamp":"2022-09-19T17:00:32.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:01:49 honeypot-ams-1 sshd[8909]: Received disconnect from 5.200.70.148 port 54424:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:01:49.917Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:05:53 honeypot-fra-1 sshd[527]: Invalid user admin from 92.255.85.69 port 56724","@timestamp":"2022-09-19T17:05:54.695Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:06:31.949Z","@version":"1","message":"Sep 19 17:06:31 honeypot-sgp-1 kernel: [84483292.734166] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.83.129.82 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=45781 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:09:01 honeypot-fra-1 CRON[529]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T17:09:01.766Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:09:01 honeypot-ams-1 CRON[8916]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T17:09:02.127Z"}
{"@timestamp":"2022-09-19T17:09:34.023Z","@version":"1","message":"Sep 19 17:09:33 honeypot-sgp-1 sshd[1703]: Disconnected from invalid user admin 92.255.85.70 port 15732 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:12:20.091Z","@version":"1","message":"Sep 19 17:12:19 honeypot-sgp-1 sshd[1710]: Invalid user admin from 137.184.48.78 port 42062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:13:34 honeypot-ams-1 sshd[8923]: Received disconnect from 92.255.85.69 port 51968:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:13:35.248Z"}
{"@timestamp":"2022-09-19T17:17:02.205Z","@version":"1","message":"Sep 19 17:17:01 honeypot-sgp-1 CRON[1714]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:17:01 honeypot-ams-1 CRON[8928]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T17:17:02.340Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:18:40 honeypot-ams-1 kernel: [84484499.720020] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.218.170.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=29444 PROTO=TCP SPT=50176 DPT=443 WINDOW=37978 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:18:41.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:21:02 honeypot-fra-1 sshd[537]: Connection closed by authenticating user root 179.60.147.69 port 21932 [preauth]","@timestamp":"2022-09-19T17:21:03.030Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:21:23.308Z","@version":"1","message":"Sep 19 17:21:22 honeypot-sgp-1 kernel: [84484183.717128] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=7142 PROTO=TCP SPT=38287 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:26:13 honeypot-ams-1 sshd[8942]: Disconnected from authenticating user root 61.177.173.48 port 30649 [preauth]","@timestamp":"2022-09-19T17:26:14.581Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:33:49 honeypot-fra-1 sshd[542]: Disconnected from authenticating user root 92.255.85.69 port 36740 [preauth]","@timestamp":"2022-09-19T17:33:49.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:35:08 honeypot-ams-1 sshd[8950]: Received disconnect from 61.177.173.51 port 60318:11:  [preauth]","@timestamp":"2022-09-19T17:35:09.813Z"}
{"@timestamp":"2022-09-19T17:36:45.689Z","@version":"1","message":"Sep 19 17:36:45 honeypot-sgp-1 sshd[1727]: Received disconnect from 92.255.85.70 port 63824:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:06.724Z","@version":"1","message":"Sep 19 17:38:06 honeypot-sgp-1 sshd[1732]: Invalid user user from 45.61.184.204 port 37200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:24.732Z","@version":"1","message":"Sep 19 17:38:24 honeypot-sgp-1 sshd[1736]: Invalid user user from 45.61.184.204 port 60692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:41.739Z","@version":"1","message":"Sep 19 17:38:41 honeypot-sgp-1 sshd[1740]: Invalid user user from 45.61.184.204 port 55952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:40:18 honeypot-ams-1 sshd[8955]: Disconnected from authenticating user root 188.166.252.132 port 54102 [preauth]","@timestamp":"2022-09-19T17:40:18.948Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:41:03 honeypot-ams-1 sshd[8959]: Disconnected from authenticating user root 92.255.85.69 port 56782 [preauth]","@timestamp":"2022-09-19T17:41:03.971Z"}
{"@timestamp":"2022-09-19T17:42:27.830Z","@version":"1","message":"Sep 19 17:42:27 honeypot-sgp-1 sshd[1745]: Received disconnect from 34.102.23.246 port 59524:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:43:08 honeypot-fra-1 sshd[549]: Received disconnect from 43.155.96.81 port 60914:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:43:08.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:46:36 honeypot-fra-1 kernel: [84484000.014155] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=169.228.66.212 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56989 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:46:37.592Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:47:57 honeypot-ams-1 sshd[8966]: Disconnected from authenticating user root 61.177.173.39 port 19990 [preauth]","@timestamp":"2022-09-19T17:47:58.153Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:48:00 honeypot-fra-1 sshd[555]: Received disconnect from 157.245.135.240 port 57282:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:48:01.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:50 honeypot-fra-1 sshd[560]: Did not receive identification string from 57.128.11.39 port 59032","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[572]: Invalid user admin from 57.128.11.39 port 33738","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[564]: Invalid user admin from 57.128.11.39 port 33666","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[577]: Connection closed by authenticating user root 57.128.11.39 port 33684 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[574]: Connection closed by invalid user ubuntu 57.128.11.39 port 33692 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[564]: Connection closed by invalid user admin 57.128.11.39 port 33666 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[582]: Connection closed by invalid user kibana 57.128.11.39 port 33750 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[586]: Connection closed by invalid user admin 57.128.11.39 port 33760 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:50:34 honeypot-ams-1 sshd[8973]: Received disconnect from 134.122.123.117 port 56942:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:50:34.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:51:29 honeypot-ams-1 sshd[8980]: Received disconnect from 61.177.173.51 port 35066:11:  [preauth]","@timestamp":"2022-09-19T17:51:30.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:52:10 honeypot-ams-1 sshd[8986]: Received disconnect from 134.122.123.117 port 42036:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:52:11.272Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:52:40 honeypot-ams-1 kernel: [84486539.111814] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40517 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:52:41.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:53:43 honeypot-ams-1 sshd[8996]: Received disconnect from 134.122.123.117 port 55542:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:53:44.319Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:54:09 honeypot-fra-1 kernel: [84484452.632622] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=14529 PROTO=TCP SPT=5231 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:54:09.763Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:30 honeypot-ams-1 sshd[9000]: Received disconnect from 134.122.123.117 port 34004:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:54:31.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:55:17 honeypot-ams-1 sshd[9004]: Received disconnect from 134.122.123.117 port 40532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:55:17.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:03 honeypot-ams-1 sshd[9009]: Received disconnect from 134.122.123.117 port 47356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:56:03.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:48 honeypot-ams-1 sshd[9013]: Received disconnect from 134.122.123.117 port 53948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:56:49.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:34 honeypot-ams-1 sshd[9017]: Received disconnect from 134.122.123.117 port 60550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:57:35.429Z"}
{"@timestamp":"2022-09-19T17:57:50.184Z","@version":"1","message":"Sep 19 17:57:49 honeypot-sgp-1 kernel: [84486370.630335] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.243.162.25 DST=159.89.202.188 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=29109 PROTO=TCP SPT=37436 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:57 honeypot-ams-1 sshd[9021]: Disconnected from invalid user spark 134.122.123.117 port 35672 [preauth]","@timestamp":"2022-09-19T17:57:58.441Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:58:43 honeypot-ams-1 sshd[9026]: Received disconnect from 134.122.123.117 port 42434:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:58:44.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:13 honeypot-ams-1 sshd[9030]: Invalid user color from 104.209.150.176 port 1664","@timestamp":"2022-09-19T17:59:14.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:29 honeypot-ams-1 sshd[9034]: Received disconnect from 134.122.123.117 port 49104:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:59:30.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:59:35 honeypot-fra-1 kernel: [84484778.565142] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=139.59.45.164 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=52157 PROTO=TCP SPT=61953 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:59:35.885Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:16 honeypot-ams-1 sshd[9040]: Received disconnect from 134.122.123.117 port 55646:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:00:16.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:39 honeypot-ams-1 sshd[9044]: Received disconnect from 134.122.123.117 port 59068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:00:39.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:01:26 honeypot-ams-1 sshd[9049]: Invalid user db2inst1 from 134.122.123.117 port 37448","@timestamp":"2022-09-19T18:01:27.548Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:04:53 honeypot-ams-1 sshd[9053]: Received disconnect from 41.63.0.132 port 45094:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:04:53.638Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:06:58 honeypot-ams-1 kernel: [84487396.972635] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54580 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:06:58.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:07:17 honeypot-fra-1 sshd[629]: Invalid user admin from 185.18.214.162 port 58258","@timestamp":"2022-09-19T18:07:18.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:08:26.432Z","@version":"1","message":"Sep 19 18:08:26 honeypot-sgp-1 kernel: [84487007.456745] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=20442 PROTO=TCP SPT=50403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:08:59 honeypot-ams-1 sshd[9071]: Received disconnect from 92.255.85.70 port 61500:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:08:59.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:17:01 honeypot-ams-1 CRON[9076]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T18:17:01.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:17:01 honeypot-fra-1 CRON[632]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T18:17:02.261Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:18:45.673Z","@version":"1","message":"Sep 19 18:18:45 honeypot-sgp-1 kernel: [84487626.326287] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.203.57.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=47479 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:22.690Z","@version":"1","message":"Sep 19 18:19:22 honeypot-sgp-1 sshd[1837]: Received disconnect from 45.61.184.204 port 52080:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:41.699Z","@version":"1","message":"Sep 19 18:19:40 honeypot-sgp-1 sshd[1841]: Received disconnect from 45.61.184.204 port 46930:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:59.708Z","@version":"1","message":"Sep 19 18:19:58 honeypot-sgp-1 sshd[1845]: Received disconnect from 45.61.184.204 port 41778:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:21:22.742Z","@version":"1","message":"Sep 19 18:21:22 honeypot-sgp-1 sshd[1849]: Disconnected from authenticating user root 101.128.68.195 port 50990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:21:39 honeypot-ams-1 sshd[9082]: Disconnected from authenticating user root 61.177.172.19 port 13840 [preauth]","@timestamp":"2022-09-19T18:21:40.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:24:44 honeypot-fra-1 kernel: [84486287.551425] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.209.88 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=34581 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:24:44.430Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:27:16 honeypot-fra-1 sshd[643]: Disconnected from invalid user pot1 144.64.1.83 port 55446 [preauth]","@timestamp":"2022-09-19T18:27:17.488Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:29:59 honeypot-ams-1 sshd[9089]: Received disconnect from 61.177.173.35 port 54360:11:  [preauth]","@timestamp":"2022-09-19T18:30:00.325Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:35:22 honeypot-fra-1 kernel: [84486925.775324] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.42 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=54537 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:35:22.664Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:35:30 honeypot-fra-1 sshd[662]: Connection closed by invalid user pi 101.33.218.153 port 10518 [preauth]","@timestamp":"2022-09-19T18:35:30.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:36:57 honeypot-ams-1 sshd[9098]: Disconnected from authenticating user root 61.177.173.39 port 39848 [preauth]","@timestamp":"2022-09-19T18:36:57.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:39:42 honeypot-ams-1 sshd[9101]: Received disconnect from 45.61.186.249 port 60638:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:39:42.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:03 honeypot-ams-1 sshd[9107]: Received disconnect from 45.61.186.249 port 55632:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:40:03.614Z"}
{"@timestamp":"2022-09-19T18:40:09.179Z","@version":"1","message":"Sep 19 18:40:09 honeypot-sgp-1 sshd[1856]: Invalid user test from 202.61.105.17 port 46248","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:20 honeypot-ams-1 sshd[9112]: Invalid user user from 45.61.186.249 port 50658","@timestamp":"2022-09-19T18:40:21.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:40:27 honeypot-fra-1 sshd[686]: Invalid user backups from 92.255.85.70 port 51094","@timestamp":"2022-09-19T18:40:27.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:38 honeypot-ams-1 sshd[9116]: Received disconnect from 61.177.172.104 port 30527:11:  [preauth]","@timestamp":"2022-09-19T18:40:38.632Z"}
{"@timestamp":"2022-09-19T18:41:06.203Z","@version":"1","message":"Sep 19 18:41:05 honeypot-sgp-1 kernel: [84488966.510509] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.105.206 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=61537 PROTO=TCP SPT=48209 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:47:36 honeypot-ams-1 sshd[9124]: Received disconnect from 61.177.173.49 port 64313:11:  [preauth]","@timestamp":"2022-09-19T18:47:36.815Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:48:03 honeypot-fra-1 kernel: [84487686.281613] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=56504 PROTO=TCP SPT=13301 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:48:03.949Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T18:49:18.391Z","@version":"1","message":"Sep 19 18:49:17 honeypot-sgp-1 kernel: [84489458.945032] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=11267 PROTO=TCP SPT=5331 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:49:46 honeypot-ams-1 sshd[9129]: Disconnected from authenticating user root 69.250.26.126 port 56926 [preauth]","@timestamp":"2022-09-19T18:49:46.875Z"}
{"@timestamp":"2022-09-19T18:50:39.424Z","@version":"1","message":"Sep 19 18:50:39 honeypot-sgp-1 sshd[1867]: Received disconnect from 188.81.133.7 port 55487:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:51:24 honeypot-fra-1 sshd[691]: Disconnected from invalid user lixiaona 165.22.45.108 port 38812 [preauth]","@timestamp":"2022-09-19T18:51:25.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:51:51 honeypot-ams-1 kernel: [84490090.439262] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=8190 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:51:51.931Z"}
{"@timestamp":"2022-09-19T18:53:06.506Z","@version":"1","message":"Sep 19 18:53:06 honeypot-sgp-1 sshd[1871]: Disconnected from authenticating user root 207.138.39.234 port 60880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:55:20 honeypot-ams-1 sshd[9140]: Received disconnect from 61.177.173.53 port 64611:11:  [preauth]","@timestamp":"2022-09-19T18:55:21.026Z"}
{"@timestamp":"2022-09-19T18:58:26.629Z","@version":"1","message":"Sep 19 18:58:26 honeypot-sgp-1 kernel: [84490007.202803] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.199.101.90 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36290 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:01:13 honeypot-fra-1 kernel: [84488476.300874] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=61995 PROTO=TCP SPT=14501 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:01:13.249Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:02:21 honeypot-ams-1 kernel: [84490720.388149] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.221.11 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47881 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:02:22.211Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:03:31 honeypot-fra-1 sshd[698]: Disconnected from invalid user ubuntu 46.101.123.135 port 45542 [preauth]","@timestamp":"2022-09-19T19:03:32.301Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:06:31 honeypot-ams-1 kernel: [84490970.364992] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.239.50.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=13230 PROTO=TCP SPT=18099 DPT=443 WINDOW=32396 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:06:32.320Z"}
{"@timestamp":"2022-09-19T19:06:55.823Z","@version":"1","message":"Sep 19 19:06:55 honeypot-sgp-1 kernel: [84490516.656652] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=61375 PROTO=TCP SPT=56986 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:23.883Z","@version":"1","message":"Sep 19 19:09:23 honeypot-sgp-1 sshd[1889]: Invalid user user from 45.61.184.204 port 53866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:33.888Z","@version":"1","message":"Sep 19 19:09:33 honeypot-sgp-1 sshd[1891]: Received disconnect from 45.61.184.204 port 37208:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:53.897Z","@version":"1","message":"Sep 19 19:09:53 honeypot-sgp-1 sshd[1895]: Received disconnect from 45.61.184.204 port 60390:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:10:10.905Z","@version":"1","message":"Sep 19 19:10:10 honeypot-sgp-1 sshd[1899]: Received disconnect from 45.61.184.204 port 55334:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:13:17 honeypot-fra-1 sshd[708]: Received disconnect from 92.255.85.70 port 50442:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:13:18.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:14:31 honeypot-ams-1 kernel: [84491450.371107] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=79 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=10194 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-19T19:14:32.523Z"}
{"@timestamp":"2022-09-19T19:17:02.063Z","@version":"1","message":"Sep 19 19:17:02 honeypot-sgp-1 CRON[1904]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:19:12 honeypot-ams-1 sshd[9167]: Disconnected from invalid user ppp 92.255.85.70 port 16056 [preauth]","@timestamp":"2022-09-19T19:19:12.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:20:39 honeypot-fra-1 sshd[729]: Received disconnect from 103.98.119.63 port 50560:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:20:39.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:22:20 honeypot-ams-1 sshd[9174]: Disconnected from invalid user tlh 167.99.66.74 port 59301 [preauth]","@timestamp":"2022-09-19T19:22:21.749Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:24:21 honeypot-fra-1 sshd[734]: Disconnected from authenticating user www-data 165.227.103.128 port 48520 [preauth]","@timestamp":"2022-09-19T19:24:21.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:25:36 honeypot-fra-1 kernel: [84489939.702082] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.245.203.107 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=45192 PROTO=TCP SPT=64082 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:25:36.804Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T19:27:33.302Z","@version":"1","message":"Sep 19 19:27:32 honeypot-sgp-1 sshd[1912]: Invalid user teamspeak from 80.28.245.5 port 42704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:28:02 honeypot-ams-1 kernel: [84492261.529243] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=32694 PROTO=TCP SPT=5317 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:28:02.901Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:30:18 honeypot-ams-1 sshd[9183]: Disconnected from authenticating user root 61.177.173.36 port 35387 [preauth]","@timestamp":"2022-09-19T19:30:18.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:37:23 honeypot-fra-1 sshd[748]: Invalid user fe from 178.128.43.209 port 57636","@timestamp":"2022-09-19T19:37:24.070Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:39:19 honeypot-fra-1 sshd[752]: Received disconnect from 103.150.227.6 port 48918:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:39:20.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:40:27 honeypot-fra-1 sshd[756]: Received disconnect from 117.4.252.243 port 55826:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:40:28.139Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:40:49.602Z","@version":"1","message":"Sep 19 19:40:48 honeypot-sgp-1 kernel: [84492550.027373] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16149 PROTO=TCP SPT=37245 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:42:20 honeypot-ams-1 kernel: [84493119.438086] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64072 PROTO=TCP SPT=56187 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:42:21.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:42:23 honeypot-fra-1 sshd[761]: Invalid user default from 92.255.85.70 port 20758","@timestamp":"2022-09-19T19:42:24.183Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:47:08.747Z","@version":"1","message":"Sep 19 19:47:08 honeypot-sgp-1 sshd[1927]: Disconnected from invalid user default 92.255.85.70 port 42550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:32 honeypot-fra-1 kernel: [84491375.991754] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=6426 PROTO=TCP SPT=56527 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:49:33.340Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[771]: Invalid user admin from 103.164.34.122 port 56638","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[784]: Invalid user test from 103.164.34.122 port 56670","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[775]: Connection closed by invalid user testuser 103.164.34.122 port 56648 [preauth]","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[795]: Invalid user dev from 103.164.34.122 port 56716","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[782]: Connection closed by invalid user appuser 103.164.34.122 port 56656 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[785]: Connection closed by invalid user ftptest 103.164.34.122 port 56636 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[793]: Connection closed by invalid user test 103.164.34.122 port 56700 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[787]: Connection closed by authenticating user root 103.164.34.122 port 56666 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:52:04 honeypot-ams-1 sshd[9210]: Invalid user default from 92.255.85.70 port 36822","@timestamp":"2022-09-19T19:52:04.529Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:58:43 honeypot-ams-1 kernel: [84494101.989654] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=57732 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:58:43.702Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:03:16 honeypot-fra-1 kernel: [84492199.500858] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.57.121.141 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=2254 PROTO=TCP SPT=55892 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:03:16.651Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:05:57 honeypot-fra-1 sshd[838]: Received disconnect from 45.61.186.49 port 33844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T20:05:57.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:06:07 honeypot-fra-1 sshd[843]: Received disconnect from 45.61.186.49 port 45396:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T20:06:08.722Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:06:20 honeypot-ams-1 kernel: [84494559.137716] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=108.61.87.181 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=55107 PROTO=TCP SPT=57872 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:06:20.902Z"}
{"@timestamp":"2022-09-19T20:09:20.259Z","@version":"1","message":"Sep 19 20:09:20 honeypot-sgp-1 kernel: [84494261.205011] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=108.61.87.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=35597 PROTO=TCP SPT=57872 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:10:50 honeypot-fra-1 sshd[846]: Disconnected from authenticating user root 92.255.85.69 port 59974 [preauth]","@timestamp":"2022-09-19T20:10:50.822Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:17:54 honeypot-ams-1 sshd[9234]: Received disconnect from 61.177.172.124 port 58253:11:  [preauth]","@timestamp":"2022-09-19T20:17:54.204Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:18:27 honeypot-ams-1 kernel: [84495285.812895] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.62.191.231 DST=178.62.254.91 LEN=52 TOS=0x08 PREC=0x60 TTL=55 ID=55497 DF PROTO=TCP SPT=56521 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:18:27.222Z"}
{"@timestamp":"2022-09-19T20:20:19.521Z","@version":"1","message":"Sep 19 20:20:18 honeypot-sgp-1 sshd[1941]: Invalid user admin from 179.60.147.69 port 22318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:00 honeypot-fra-1 sshd[855]: Did not receive identification string from 178.89.108.11 port 60096","@timestamp":"2022-09-19T20:26:01.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[861]: Invalid user admin from 178.89.108.11 port 60206","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[857]: Invalid user user from 178.89.108.11 port 60116","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[878]: Invalid user admin from 178.89.108.11 port 60144","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[883]: Invalid user mysql from 178.89.108.11 port 60148","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[882]: Invalid user ubuntu from 178.89.108.11 port 60178","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[866]: Connection closed by invalid user testuser 178.89.108.11 port 60126 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[876]: Connection closed by authenticating user root 178.89.108.11 port 60180 [preauth]","@timestamp":"2022-09-19T20:26:02.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[887]: Connection closed by invalid user admin 178.89.108.11 port 60204 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:28:20 honeypot-ams-1 sshd[9246]: Disconnected from authenticating user root 61.177.173.35 port 44703 [preauth]","@timestamp":"2022-09-19T20:28:20.481Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:30:31 honeypot-fra-1 sshd[920]: Received disconnect from 197.155.234.157 port 34206:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:30:32.279Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:32:14 honeypot-ams-1 sshd[9251]: Disconnected from invalid user ky 185.17.229.65 port 36922 [preauth]","@timestamp":"2022-09-19T20:32:14.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:37:23 honeypot-fra-1 sshd[926]: Invalid user admin from 92.255.85.70 port 52780","@timestamp":"2022-09-19T20:37:24.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:41:15 honeypot-ams-1 sshd[9260]: Disconnected from authenticating user root 61.177.172.114 port 22606 [preauth]","@timestamp":"2022-09-19T20:41:15.818Z"}
{"@timestamp":"2022-09-19T20:41:42.015Z","@version":"1","message":"Sep 19 20:41:41 honeypot-sgp-1 sshd[1945]: Disconnected from invalid user admin 92.255.85.70 port 17634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:46:07 honeypot-fra-1 sshd[929]: Disconnected from invalid user lixy 165.22.45.108 port 44694 [preauth]","@timestamp":"2022-09-19T20:46:08.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:50:59 honeypot-ams-1 sshd[9270]: Received disconnect from 61.177.173.39 port 28574:11:  [preauth]","@timestamp":"2022-09-19T20:51:00.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:53:45 honeypot-ams-1 sshd[9278]: Received disconnect from 61.177.173.37 port 45510:11:  [preauth]","@timestamp":"2022-09-19T20:53:46.148Z"}
{"@timestamp":"2022-09-19T20:56:38.357Z","@version":"1","message":"Sep 19 20:56:37 honeypot-sgp-1 sshd[1953]: Invalid user sans from 179.60.147.69 port 50730","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:56:55 honeypot-ams-1 kernel: [84497594.348441] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52861 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:56:56.232Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:03:53 honeypot-ams-1 sshd[9292]: Received disconnect from 61.177.173.46 port 53027:11:  [preauth]","@timestamp":"2022-09-19T21:03:54.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:05:03 honeypot-fra-1 sshd[935]: Disconnected from invalid user 1111 92.255.85.69 port 39050 [preauth]","@timestamp":"2022-09-19T21:05:04.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:30:30.295Z","@version":"1","message":"Sep 16 02:30:29 honeypot-sgp-1 kernel: [84171535.911381] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=1435 PROTO=TCP SPT=55402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:31:01 honeypot-ams-1 kernel: [84172043.208266] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=17410 PROTO=TCP SPT=55402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:31:01.839Z"}
{"@timestamp":"2022-09-16T02:32:52.356Z","@version":"1","message":"Sep 16 02:32:51 honeypot-sgp-1 sshd[23330]: Disconnected from invalid user user 45.61.186.249 port 44980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:11.367Z","@version":"1","message":"Sep 16 02:33:10 honeypot-sgp-1 sshd[23334]: Disconnected from invalid user user 45.61.186.249 port 39782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:28.375Z","@version":"1","message":"Sep 16 02:33:28 honeypot-sgp-1 sshd[23338]: Disconnected from invalid user user 45.61.186.249 port 34590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T02:33:48.385Z","@version":"1","message":"Sep 16 02:33:47 honeypot-sgp-1 sshd[23342]: Disconnected from invalid user user 45.61.186.249 port 57626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:38:17 honeypot-fra-1 kernel: [84170312.295732] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=119.243.76.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=33935 PROTO=TCP SPT=55890 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:38:17.149Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:39:45 honeypot-ams-1 kernel: [84172567.353237] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43833 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:39:46.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:46:22 honeypot-ams-1 sshd[29325]: Received disconnect from 92.255.85.70 port 44432:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:46:23.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 02:50:53 honeypot-ams-1 sshd[29331]: Invalid user user1 from 43.154.230.33 port 35832","@timestamp":"2022-09-16T02:50:53.365Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 02:51:47 honeypot-ams-1 kernel: [84173289.491665] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=52088 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:51:48.391Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:53:25 honeypot-fra-1 sshd[20220]: Received disconnect from 43.159.49.47 port 45844:11: Bye Bye [preauth]","@timestamp":"2022-09-16T02:53:25.489Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T02:54:40.892Z","@version":"1","message":"Sep 16 02:54:40 honeypot-sgp-1 kernel: [84172986.418211] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=57667 PROTO=TCP SPT=56865 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 02:55:18 honeypot-fra-1 kernel: [84171333.905292] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28522 PROTO=TCP SPT=56865 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T02:55:19.536Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:00:21 honeypot-ams-1 sshd[29339]: Invalid user temp1 from 134.19.146.45 port 51762","@timestamp":"2022-09-16T03:00:21.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:00:33 honeypot-fra-1 sshd[20228]: Invalid user lemonsj from 165.22.45.108 port 44222","@timestamp":"2022-09-16T03:00:33.660Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:04:27 honeypot-ams-1 sshd[29341]: Invalid user kelwin from 170.210.46.4 port 59294","@timestamp":"2022-09-16T03:04:27.722Z"}
{"@timestamp":"2022-09-16T03:04:48.143Z","@version":"1","message":"Sep 16 03:04:47 honeypot-sgp-1 kernel: [84173593.980990] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.89.101.47 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=27450 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:07:58 honeypot-ams-1 sshd[29346]: Connection closed by authenticating user root 103.188.176.251 port 39960 [preauth]","@timestamp":"2022-09-16T03:07:58.820Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:11:24 honeypot-fra-1 sshd[20232]: Received disconnect from 188.166.23.215 port 47222:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:11:24.905Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:12:07 honeypot-ams-1 kernel: [84174508.867979] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.201 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64073 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:12:07.932Z"}
{"@timestamp":"2022-09-16T03:15:26.408Z","@version":"1","message":"Sep 16 03:15:25 honeypot-sgp-1 sshd[23358]: Connection closed by 195.144.21.56 port 40018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:17:01 honeypot-fra-1 CRON[20237]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T03:17:02.035Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:01 honeypot-ams-1 CRON[29355]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T03:17:02.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:23 honeypot-ams-1 sshd[29362]: Disconnected from authenticating user root 80.76.51.46 port 45072 [preauth]","@timestamp":"2022-09-16T03:17:24.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:47 honeypot-ams-1 sshd[29369]: Invalid user user from 45.61.186.169 port 42070","@timestamp":"2022-09-16T03:17:48.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:17:57 honeypot-ams-1 sshd[29373]: Received disconnect from 45.61.186.169 port 53758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:17:57.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:06 honeypot-ams-1 sshd[29377]: Disconnected from invalid user user 45.61.186.169 port 37198 [preauth]","@timestamp":"2022-09-16T03:18:07.093Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:19 honeypot-ams-1 sshd[29383]: Received disconnect from 80.76.51.46 port 41400:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T03:18:19.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:28 honeypot-ams-1 sshd[29387]: Disconnected from authenticating user root 80.76.51.46 port 45518 [preauth]","@timestamp":"2022-09-16T03:18:29.105Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:38 honeypot-ams-1 sshd[29391]: Disconnected from invalid user test 80.76.51.46 port 49616 [preauth]","@timestamp":"2022-09-16T03:18:38.111Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:18:47 honeypot-ams-1 sshd[29395]: Disconnected from invalid user admin 80.76.51.46 port 53706 [preauth]","@timestamp":"2022-09-16T03:18:48.115Z"}
{"@timestamp":"2022-09-16T03:22:21.580Z","@version":"1","message":"Sep 16 03:22:20 honeypot-sgp-1 sshd[23368]: Received disconnect from 123.30.157.54 port 59114:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:23:59.623Z","@version":"1","message":"Sep 16 03:23:59 honeypot-sgp-1 sshd[23372]: Disconnected from invalid user admin 92.255.85.69 port 36518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:26:27 honeypot-ams-1 sshd[29400]: Received disconnect from 217.182.253.249 port 48592:11: Bye Bye [preauth]","@timestamp":"2022-09-16T03:26:27.311Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:29:32 honeypot-fra-1 kernel: [84173387.791868] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35163 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:29:33.463Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T03:31:53.820Z","@version":"1","message":"Sep 16 03:31:52 honeypot-sgp-1 sshd[23380]: Received disconnect from 206.81.15.128 port 51244:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:33:39 honeypot-ams-1 sshd[29407]: Invalid user admin from 92.255.85.69 port 54262","@timestamp":"2022-09-16T03:33:40.510Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:39:50 honeypot-ams-1 kernel: [84176172.291179] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.88 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52500 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:39:50.668Z"}
{"@timestamp":"2022-09-16T03:40:01.024Z","@version":"1","message":"Sep 16 03:40:00 honeypot-sgp-1 sshd[23385]: Received disconnect from 35.221.82.156 port 46830:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:41:01 honeypot-fra-1 sshd[20252]: Invalid user admin from 92.255.85.70 port 16156","@timestamp":"2022-09-16T03:41:02.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:31 honeypot-fra-1 sshd[20255]: Disconnected from invalid user user 45.61.186.169 port 51286 [preauth]","@timestamp":"2022-09-16T03:42:31.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:42:48 honeypot-fra-1 sshd[20259]: Disconnected from invalid user user 45.61.186.169 port 46094 [preauth]","@timestamp":"2022-09-16T03:42:48.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:04 honeypot-fra-1 sshd[20264]: Disconnected from invalid user user 45.61.186.169 port 40908 [preauth]","@timestamp":"2022-09-16T03:43:05.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:43:20 honeypot-fra-1 sshd[20268]: Disconnected from invalid user user 45.61.186.169 port 35718 [preauth]","@timestamp":"2022-09-16T03:43:20.798Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:44:20.134Z","@version":"1","message":"Sep 16 03:44:19 honeypot-sgp-1 sshd[23391]: Disconnected from authenticating user root 134.17.95.120 port 26290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:45:40 honeypot-ams-1 sshd[29414]: Disconnected from authenticating user root 80.76.51.46 port 43886 [preauth]","@timestamp":"2022-09-16T03:45:40.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:09 honeypot-ams-1 sshd[29420]: Disconnected from authenticating user root 80.76.51.46 port 57080 [preauth]","@timestamp":"2022-09-16T03:46:09.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:46:39 honeypot-ams-1 sshd[29426]: Disconnected from authenticating user root 80.76.51.46 port 42326 [preauth]","@timestamp":"2022-09-16T03:46:39.854Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:11 honeypot-ams-1 sshd[29432]: Disconnected from authenticating user root 80.76.51.46 port 55698 [preauth]","@timestamp":"2022-09-16T03:47:11.871Z"}
{"@timestamp":"2022-09-16T03:47:24.214Z","@version":"1","message":"Sep 16 03:47:24 honeypot-sgp-1 kernel: [84176150.491970] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60351 PROTO=TCP SPT=59669 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 03:47:44 honeypot-ams-1 sshd[29438]: Invalid user admin from 80.76.51.46 port 40848","@timestamp":"2022-09-16T03:47:44.888Z"}
{"@timestamp":"2022-09-16T03:49:16.263Z","@version":"1","message":"Sep 16 03:49:15 honeypot-sgp-1 sshd[23401]: Received disconnect from 133.130.99.35 port 47872:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T03:53:13.363Z","@version":"1","message":"Sep 16 03:53:13 honeypot-sgp-1 sshd[23406]: Received disconnect from 72.203.210.19 port 41698:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 03:53:17 honeypot-fra-1 sshd[20274]: Invalid user leni from 165.22.45.108 port 49280","@timestamp":"2022-09-16T03:53:18.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T03:57:45.481Z","@version":"1","message":"Sep 16 03:57:45 honeypot-sgp-1 sshd[23411]: Disconnected from authenticating user root 165.22.202.225 port 43628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 03:58:46 honeypot-ams-1 kernel: [84177308.408934] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=42014 PROTO=TCP SPT=65011 DPT=80 WINDOW=46515 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T03:58:47.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:01:28 honeypot-fra-1 sshd[20279]: error: maximum authentication attempts exceeded for invalid user admin from 125.4.158.186 port 58878 ssh2 [preauth]","@timestamp":"2022-09-16T04:01:28.209Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:05:24.676Z","@version":"1","message":"Sep 16 04:05:23 honeypot-sgp-1 kernel: [84177230.277846] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.163.149 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5517 PROTO=TCP SPT=46553 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:07:07 honeypot-ams-1 sshd[29446]: Disconnected from invalid user htf 125.209.85.186 port 51772 [preauth]","@timestamp":"2022-09-16T04:07:08.386Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:09:46 honeypot-fra-1 sshd[20286]: Invalid user user from 45.61.186.249 port 34406","@timestamp":"2022-09-16T04:09:46.397Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:04 honeypot-fra-1 sshd[20290]: Invalid user user from 45.61.186.249 port 57256","@timestamp":"2022-09-16T04:10:05.407Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:23 honeypot-fra-1 sshd[20294]: Invalid user user from 45.61.186.249 port 51890","@timestamp":"2022-09-16T04:10:23.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:10:40 honeypot-fra-1 sshd[20298]: Invalid user user from 45.61.186.249 port 46488","@timestamp":"2022-09-16T04:10:40.424Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:11:14 honeypot-ams-1 sshd[29453]: Invalid user admin from 148.240.122.192 port 42690","@timestamp":"2022-09-16T04:11:15.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:15:48 honeypot-ams-1 sshd[29456]: Disconnected from authenticating user root 61.177.173.51 port 63156 [preauth]","@timestamp":"2022-09-16T04:15:48.618Z"}
{"@timestamp":"2022-09-16T04:16:11.954Z","@version":"1","message":"Sep 16 04:16:11 honeypot-sgp-1 sshd[23422]: Did not receive identification string from 45.61.184.204 port 37754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:39.969Z","@version":"1","message":"Sep 16 04:16:39 honeypot-sgp-1 sshd[23426]: Disconnected from invalid user user 45.61.184.204 port 45634 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:16:58.978Z","@version":"1","message":"Sep 16 04:16:58 honeypot-sgp-1 sshd[23430]: Disconnected from invalid user user 45.61.184.204 port 41166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:17:01 honeypot-fra-1 CRON[20301]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T04:17:01.570Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:17:17.989Z","@version":"1","message":"Sep 16 04:17:17 honeypot-sgp-1 sshd[23438]: Invalid user user from 45.61.184.204 port 36690","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:17:29.994Z","@version":"1","message":"Sep 16 04:17:29 honeypot-sgp-1 sshd[23442]: Received disconnect from 61.177.173.36 port 21742:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:16 honeypot-ams-1 sshd[29462]: Received disconnect from 45.61.184.204 port 56204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:19:16.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:35 honeypot-ams-1 sshd[29466]: Received disconnect from 45.61.184.204 port 51166:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:19:35.719Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:19:53 honeypot-ams-1 sshd[29470]: Received disconnect from 45.61.184.204 port 46136:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T04:19:53.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:20:06 honeypot-ams-1 sshd[29474]: Disconnected from authenticating user root 61.177.173.35 port 31736 [preauth]","@timestamp":"2022-09-16T04:20:06.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:20:34 honeypot-fra-1 sshd[20308]: Disconnected from invalid user kennedy 37.59.120.179 port 50924 [preauth]","@timestamp":"2022-09-16T04:20:35.652Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:21:06 honeypot-ams-1 sshd[29479]: Disconnected from invalid user admin 92.255.85.69 port 43934 [preauth]","@timestamp":"2022-09-16T04:21:07.768Z"}
{"@timestamp":"2022-09-16T04:24:10.167Z","@version":"1","message":"Sep 16 04:24:10 honeypot-sgp-1 sshd[23447]: Disconnected from authenticating user root 61.177.173.46 port 24720 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:25:48.210Z","@version":"1","message":"Sep 16 04:25:47 honeypot-sgp-1 sshd[23453]: Disconnected from authenticating user root 61.177.173.37 port 51962 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:27:54 honeypot-fra-1 sshd[20313]: Invalid user admin from 92.255.85.70 port 36988","@timestamp":"2022-09-16T04:27:54.819Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:28:18 honeypot-ams-1 sshd[29486]: Invalid user tomcat from 193.106.191.157 port 36118","@timestamp":"2022-09-16T04:28:18.957Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:34:46 honeypot-ams-1 sshd[29925]: Received disconnect from 61.177.173.51 port 14836:11:  [preauth]","@timestamp":"2022-09-16T04:34:47.127Z"}
{"@timestamp":"2022-09-16T04:34:54.444Z","@version":"1","message":"Sep 16 04:34:53 honeypot-sgp-1 sshd[23460]: Invalid user administrator from 92.255.85.69 port 45066","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:36:36 honeypot-fra-1 sshd[20317]: Connection closed by invalid user blank 179.60.147.69 port 48592 [preauth]","@timestamp":"2022-09-16T04:36:37.035Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:39:17 honeypot-ams-1 sshd[29930]: Disconnected from authenticating user root 61.177.172.114 port 37642 [preauth]","@timestamp":"2022-09-16T04:39:18.245Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:39:31 honeypot-fra-1 sshd[20321]: Disconnected from invalid user support 87.245.17.229 port 43525 [preauth]","@timestamp":"2022-09-16T04:39:32.105Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:39:38.568Z","@version":"1","message":"Sep 16 04:39:37 honeypot-sgp-1 kernel: [84179283.904146] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.228.80 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=1232 PROTO=TCP SPT=25575 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 04:44:27 honeypot-ams-1 sshd[29935]: Disconnected from invalid user administrator 92.255.85.69 port 16098 [preauth]","@timestamp":"2022-09-16T04:44:27.381Z"}
{"@timestamp":"2022-09-16T04:45:19.713Z","@version":"1","message":"Sep 16 04:45:18 honeypot-sgp-1 sshd[23470]: Received disconnect from 61.177.173.39 port 40288:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:47:21.767Z","@version":"1","message":"Sep 16 04:47:21 honeypot-sgp-1 sshd[23476]: Invalid user ljx from 115.94.79.59 port 52136","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T04:49:08.814Z","@version":"1","message":"Sep 16 04:49:07 honeypot-sgp-1 sshd[23480]: Disconnected from authenticating user root 61.177.172.108 port 30664 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:50:23 honeypot-fra-1 kernel: [84178238.667554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.200 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=10666 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:50:24.350Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:52:18.896Z","@version":"1","message":"Sep 16 04:52:18 honeypot-sgp-1 kernel: [84180044.758343] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=56793 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:52:33 honeypot-fra-1 kernel: [84178368.200557] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.36 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15133 PROTO=TCP SPT=20232 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T04:52:33.402Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T04:53:14.923Z","@version":"1","message":"Sep 16 04:53:14 honeypot-sgp-1 sshd[23495]: Unable to negotiate with 100.20.101.213 port 33944: no matching host key type found. Their offer: ecdsa-sha2-nistp521 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:54:26 honeypot-fra-1 sshd[20771]: Disconnected from invalid user murai1 68.183.156.109 port 33554 [preauth]","@timestamp":"2022-09-16T04:54:27.447Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:56:19 honeypot-fra-1 sshd[20777]: Received disconnect from 203.101.126.19 port 60476:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:56:19.492Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T04:58:16.051Z","@version":"1","message":"Sep 16 04:58:15 honeypot-sgp-1 sshd[23502]: Received disconnect from 92.255.85.70 port 50096:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 04:58:17 honeypot-fra-1 sshd[20782]: Received disconnect from 162.215.1.198 port 55670:11: Bye Bye [preauth]","@timestamp":"2022-09-16T04:58:18.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:01:09 honeypot-ams-1 sshd[29947]: Invalid user  from 65.49.20.68 port 15890","@timestamp":"2022-09-16T05:01:10.810Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:01:45 honeypot-fra-1 sshd[20788]: Received disconnect from 43.156.237.102 port 35276:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:01:46.622Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:01:54.145Z","@version":"1","message":"Sep 16 05:01:53 honeypot-sgp-1 sshd[23507]: Disconnected from authenticating user root 61.177.173.50 port 20830 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:04:34 honeypot-fra-1 kernel: [84179089.013996] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=106.55.34.148 DST=165.22.82.222 LEN=60 TOS=0x08 PREC=0x00 TTL=43 ID=52449 DF PROTO=TCP SPT=38890 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:04:34.689Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:08:14 honeypot-ams-1 sshd[29956]: Received disconnect from 92.255.85.69 port 58660:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:08:14.994Z"}
{"@timestamp":"2022-09-16T05:12:21.406Z","@version":"1","message":"Sep 16 05:12:20 honeypot-sgp-1 kernel: [84181247.194477] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.82 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=34548 PROTO=TCP SPT=13264 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:12:55 honeypot-fra-1 sshd[20800]: Connection closed by authenticating user nobody 179.60.147.69 port 36194 [preauth]","@timestamp":"2022-09-16T05:12:55.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:15:18 honeypot-fra-1 sshd[20805]: Disconnected from authenticating user backup 92.255.85.70 port 63956 [preauth]","@timestamp":"2022-09-16T05:15:18.938Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:17:01 honeypot-ams-1 CRON[29967]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T05:17:01.218Z"}
{"@timestamp":"2022-09-16T05:18:43.567Z","@version":"1","message":"Sep 16 05:18:43 honeypot-sgp-1 sshd[23525]: Received disconnect from 172.247.194.147 port 40888:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:19:36 honeypot-fra-1 sshd[20812]: Invalid user msda from 41.93.31.73 port 40042","@timestamp":"2022-09-16T05:19:37.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:21:57.651Z","@version":"1","message":"Sep 16 05:21:57 honeypot-sgp-1 sshd[23530]: Disconnected from invalid user ubuntu 92.255.85.70 port 52382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:23:06 honeypot-ams-1 sshd[29975]: Received disconnect from 61.177.173.50 port 50218:11:  [preauth]","@timestamp":"2022-09-16T05:23:07.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:25:15 honeypot-fra-1 sshd[20817]: Received disconnect from 107.175.150.83 port 37249:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:25:16.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:30:12 honeypot-fra-1 sshd[20822]: Received disconnect from 202.74.243.26 port 64062:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:30:13.282Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T05:31:06.881Z","@version":"1","message":"Sep 16 05:31:06 honeypot-sgp-1 sshd[23538]: Did not receive identification string from 193.142.146.50 port 45508","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:32:01 honeypot-ams-1 sshd[29980]: Received disconnect from 92.255.85.69 port 58636:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:32:01.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:32:53 honeypot-ams-1 sshd[29985]: Disconnected from authenticating user root 61.177.173.53 port 64839 [preauth]","@timestamp":"2022-09-16T05:32:53.630Z"}
{"@timestamp":"2022-09-16T05:33:26.942Z","@version":"1","message":"Sep 16 05:33:26 honeypot-sgp-1 sshd[23545]: Received disconnect from 193.142.146.50 port 60942:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:34:37.973Z","@version":"1","message":"Sep 16 05:34:37 honeypot-sgp-1 kernel: [84182583.582230] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=117.214.221.139 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=48122 DF PROTO=TCP SPT=50831 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:35:43.004Z","@version":"1","message":"Sep 16 05:35:42 honeypot-sgp-1 sshd[23555]: Disconnected from authenticating user root 193.142.146.50 port 44774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T05:38:00.063Z","@version":"1","message":"Sep 16 05:37:59 honeypot-sgp-1 sshd[23562]: Received disconnect from 193.142.146.50 port 56838:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:38:46 honeypot-fra-1 kernel: [84181141.135036] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.67 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=59931 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:38:46.476Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T05:40:08.121Z","@version":"1","message":"Sep 16 05:40:08 honeypot-sgp-1 sshd[23566]: Received disconnect from 61.177.173.39 port 55781:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:41:42 honeypot-fra-1 sshd[20829]: Connection closed by invalid user zabbix 103.188.176.251 port 56462 [preauth]","@timestamp":"2022-09-16T05:41:43.547Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 05:44:00 honeypot-ams-1 kernel: [84183622.531599] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=35494 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T05:44:00.918Z"}
{"@timestamp":"2022-09-16T05:45:18.249Z","@version":"1","message":"Sep 16 05:45:17 honeypot-sgp-1 sshd[23577]: Received disconnect from 92.255.85.70 port 50854:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:46:45 honeypot-ams-1 sshd[29997]: Invalid user user from 45.61.187.160 port 33310","@timestamp":"2022-09-16T05:46:45.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 05:46:54 honeypot-fra-1 sshd[20836]: Received disconnect from 81.28.167.30 port 33798:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:46:54.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:05 honeypot-ams-1 sshd[30003]: Invalid user user from 45.61.187.160 port 55986","@timestamp":"2022-09-16T05:47:06.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:23 honeypot-ams-1 sshd[30007]: Invalid user user from 45.61.187.160 port 50418","@timestamp":"2022-09-16T05:47:24.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:47:40 honeypot-ams-1 sshd[30011]: Invalid user user from 45.61.187.160 port 44862","@timestamp":"2022-09-16T05:47:41.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 05:55:03 honeypot-ams-1 sshd[30021]: Received disconnect from 92.255.85.69 port 23262:11: Bye Bye [preauth]","@timestamp":"2022-09-16T05:55:04.210Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:02:52 honeypot-fra-1 sshd[20844]: Received disconnect from 92.255.85.69 port 43030:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:02:53.029Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:04:27.716Z","@version":"1","message":"Sep 16 06:04:27 honeypot-sgp-1 sshd[23583]: Connection closed by invalid user dell 103.188.176.251 port 38496 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:07:41 honeypot-ams-1 sshd[30029]: Disconnected from authenticating user root 61.177.172.114 port 63437 [preauth]","@timestamp":"2022-09-16T06:07:41.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:08:26 honeypot-fra-1 sshd[20849]: Received disconnect from 97.112.107.231 port 49730:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:08:27.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:09:25.842Z","@version":"1","message":"Sep 16 06:09:25 honeypot-sgp-1 kernel: [84184671.502920] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=55401 PROTO=TCP SPT=48044 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:11:51 honeypot-fra-1 sshd[20853]: Disconnected from invalid user rr 121.6.175.44 port 59568 [preauth]","@timestamp":"2022-09-16T06:11:51.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:17:01 honeypot-fra-1 CRON[20858]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T06:17:01.353Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:17:01 honeypot-ams-1 CRON[30036]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T06:17:01.788Z"}
{"@timestamp":"2022-09-16T06:20:30.118Z","@version":"1","message":"Sep 16 06:20:30 honeypot-sgp-1 sshd[23599]: Received disconnect from 61.177.173.53 port 12086:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:25:01 honeypot-ams-1 CRON[30661]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T06:25:01.996Z"}
{"@timestamp":"2022-09-16T06:25:06.239Z","@version":"1","message":"Sep 16 06:25:05 honeypot-sgp-1 CRON[23604]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:25:31 honeypot-fra-1 sshd[20995]: Disconnected from authenticating user root 60.249.82.125 port 57094 [preauth]","@timestamp":"2022-09-16T06:25:31.548Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T06:29:09.361Z","@version":"1","message":"Sep 16 06:29:09 honeypot-sgp-1 sshd[23760]: Received disconnect from 38.143.137.90 port 28928:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:29:59 honeypot-ams-1 sshd[30838]: Disconnected from authenticating user root 61.177.173.36 port 60642 [preauth]","@timestamp":"2022-09-16T06:30:00.150Z"}
{"@timestamp":"2022-09-16T06:30:09.388Z","@version":"1","message":"Sep 16 06:30:08 honeypot-sgp-1 sshd[23764]: Received disconnect from 38.143.137.90 port 17938:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:31:07.415Z","@version":"1","message":"Sep 16 06:31:07 honeypot-sgp-1 sshd[24303]: Invalid user user from 38.143.137.90 port 38880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:31:09 honeypot-fra-1 kernel: [84184284.166687] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.72 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=43564 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:31:09.675Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:19 honeypot-ams-1 sshd[30843]: Disconnected from authenticating user root 80.76.51.46 port 50756 [preauth]","@timestamp":"2022-09-16T06:31:19.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:31:41 honeypot-ams-1 sshd[30849]: Disconnected from authenticating user root 61.177.173.50 port 62684 [preauth]","@timestamp":"2022-09-16T06:31:42.201Z"}
{"@timestamp":"2022-09-16T06:32:07.442Z","@version":"1","message":"Sep 16 06:32:06 honeypot-sgp-1 sshd[24311]: Invalid user user from 38.143.137.90 port 4826","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:07 honeypot-ams-1 sshd[30855]: Received disconnect from 80.76.51.46 port 42326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:32:08.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:28 honeypot-ams-1 sshd[30859]: Disconnected from authenticating user root 80.76.51.46 port 50238 [preauth]","@timestamp":"2022-09-16T06:32:29.228Z"}
{"@timestamp":"2022-09-16T06:32:38.457Z","@version":"1","message":"Sep 16 06:32:37 honeypot-sgp-1 sshd[24315]: Received disconnect from 38.143.137.90 port 15992:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:32:59 honeypot-ams-1 sshd[30865]: Received disconnect from 80.76.51.46 port 33902:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T06:33:00.244Z"}
{"@timestamp":"2022-09-16T06:33:37.483Z","@version":"1","message":"Sep 16 06:33:37 honeypot-sgp-1 sshd[24319]: Received disconnect from 38.143.137.90 port 31820:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:34:38.512Z","@version":"1","message":"Sep 16 06:34:37 honeypot-sgp-1 sshd[24324]: Received disconnect from 38.143.137.90 port 3474:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:35:38.540Z","@version":"1","message":"Sep 16 06:35:37 honeypot-sgp-1 sshd[24329]: Received disconnect from 38.143.137.90 port 26042:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:36:39.569Z","@version":"1","message":"Sep 16 06:36:38 honeypot-sgp-1 sshd[24333]: Received disconnect from 38.143.137.90 port 56318:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:37:40.596Z","@version":"1","message":"Sep 16 06:37:40 honeypot-sgp-1 sshd[24337]: Received disconnect from 38.143.137.90 port 15670:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:38:08 honeypot-ams-1 sshd[30870]: Received disconnect from 103.94.168.42 port 3147:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:38:09.375Z"}
{"@timestamp":"2022-09-16T06:38:42.627Z","@version":"1","message":"Sep 16 06:38:42 honeypot-sgp-1 sshd[24341]: Invalid user xiongbo from 38.143.137.90 port 2686","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:39:31 honeypot-ams-1 sshd[30877]: Received disconnect from 159.89.205.198 port 44488:11: Bye Bye [preauth]","@timestamp":"2022-09-16T06:39:32.414Z"}
{"@timestamp":"2022-09-16T06:39:45.656Z","@version":"1","message":"Sep 16 06:39:44 honeypot-sgp-1 sshd[24346]: Received disconnect from 38.143.137.90 port 58310:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:40:49.684Z","@version":"1","message":"Sep 16 06:40:49 honeypot-sgp-1 sshd[24352]: Received disconnect from 38.143.137.90 port 50140:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:42:16.722Z","@version":"1","message":"Sep 16 06:42:16 honeypot-sgp-1 sshd[24358]: Received disconnect from 61.177.173.36 port 12340:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:42:56.741Z","@version":"1","message":"Sep 16 06:42:56 honeypot-sgp-1 sshd[24362]: Disconnected from authenticating user root 38.143.137.90 port 15316 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:44:35.784Z","@version":"1","message":"Sep 16 06:44:34 honeypot-sgp-1 sshd[24369]: Received disconnect from 38.143.137.90 port 12936:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:45:40.813Z","@version":"1","message":"Sep 16 06:45:40 honeypot-sgp-1 sshd[24373]: Received disconnect from 38.143.137.90 port 10628:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:46:11.829Z","@version":"1","message":"Sep 16 06:46:11 honeypot-sgp-1 sshd[24377]: Disconnected from authenticating user root 38.143.137.90 port 25562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:46:33 honeypot-fra-1 kernel: [84185208.493797] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=38458 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:46:34.019Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T06:47:48.874Z","@version":"1","message":"Sep 16 06:47:48 honeypot-sgp-1 sshd[24383]: Received disconnect from 38.143.137.90 port 18992:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 06:48:40 honeypot-ams-1 kernel: [84187501.770738] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.55 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=56326 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T06:48:40.644Z"}
{"@timestamp":"2022-09-16T06:49:26.919Z","@version":"1","message":"Sep 16 06:49:26 honeypot-sgp-1 sshd[24389]: Received disconnect from 38.143.137.90 port 56916:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:50:01.937Z","@version":"1","message":"Sep 16 06:50:00 honeypot-sgp-1 sshd[24395]: Received disconnect from 38.143.137.90 port 34018:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:51:08.967Z","@version":"1","message":"Sep 16 06:51:08 honeypot-sgp-1 sshd[24401]: Invalid user amax from 38.143.137.90 port 19682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:52:16.999Z","@version":"1","message":"Sep 16 06:52:16 honeypot-sgp-1 sshd[24405]: Received disconnect from 38.143.137.90 port 5972:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:53:23.029Z","@version":"1","message":"Sep 16 06:53:23 honeypot-sgp-1 sshd[24409]: Disconnected from invalid user zkti 38.143.137.90 port 8682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21636]: Invalid user deployer from 101.33.218.153 port 36331","@timestamp":"2022-09-16T06:53:53.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 06:53:53 honeypot-fra-1 sshd[21637]: Invalid user esuser from 101.33.218.153 port 36291","@timestamp":"2022-09-16T06:53:54.208Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 06:54:04 honeypot-ams-1 sshd[30891]: Invalid user statd from 139.59.231.120 port 36012","@timestamp":"2022-09-16T06:54:04.786Z"}
{"@timestamp":"2022-09-16T06:55:03.091Z","@version":"1","message":"Sep 16 06:55:02 honeypot-sgp-1 sshd[24415]: Received disconnect from 38.143.137.90 port 26842:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:09.120Z","@version":"1","message":"Sep 16 06:56:08 honeypot-sgp-1 sshd[24420]: Disconnected from invalid user admin 38.143.137.90 port 14094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:56:32.132Z","@version":"1","message":"Sep 16 06:56:31 honeypot-sgp-1 sshd[24424]: Disconnected from authenticating user root 61.177.173.35 port 63054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:57:16.154Z","@version":"1","message":"Sep 16 06:57:15 honeypot-sgp-1 sshd[24430]: Received disconnect from 38.143.137.90 port 23596:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:58:16.182Z","@version":"1","message":"Sep 16 06:58:15 honeypot-sgp-1 sshd[24434]: Disconnected from authenticating user root 134.209.236.191 port 53416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T06:59:32.218Z","@version":"1","message":"Sep 16 06:59:32 honeypot-sgp-1 sshd[24442]: Received disconnect from 38.143.137.90 port 57580:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:00:17 honeypot-ams-1 sshd[30900]: Received disconnect from 61.177.172.108 port 51408:11:  [preauth]","@timestamp":"2022-09-16T07:00:17.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:00:38 honeypot-fra-1 sshd[21664]: Received disconnect from 45.188.54.82 port 43782:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:00:39.359Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:00:40.251Z","@version":"1","message":"Sep 16 07:00:39 honeypot-sgp-1 sshd[24449]: Received disconnect from 38.143.137.90 port 38150:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:01:13.268Z","@version":"1","message":"Sep 16 07:01:13 honeypot-sgp-1 sshd[24453]: Disconnected from authenticating user root 38.143.137.90 port 6868 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:02:55.312Z","@version":"1","message":"Sep 16 07:02:55 honeypot-sgp-1 sshd[24460]: Disconnected from authenticating user root 38.143.137.90 port 17218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:04:03.343Z","@version":"1","message":"Sep 16 07:04:03 honeypot-sgp-1 sshd[24464]: Disconnected from invalid user data 38.143.137.90 port 61686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:04:26 honeypot-ams-1 sshd[30908]: Invalid user admin from 179.60.147.69 port 51140","@timestamp":"2022-09-16T07:04:27.053Z"}
{"@timestamp":"2022-09-16T07:05:44.387Z","@version":"1","message":"Sep 16 07:05:44 honeypot-sgp-1 sshd[24472]: Disconnected from authenticating user root 38.143.137.90 port 36602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:07:24.432Z","@version":"1","message":"Sep 16 07:07:23 honeypot-sgp-1 sshd[24478]: Received disconnect from 38.143.137.90 port 56252:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:08:05 honeypot-fra-1 sshd[21670]: Disconnecting invalid user admin 59.126.178.69 port 48532: Too many authentication failures [preauth]","@timestamp":"2022-09-16T07:08:06.554Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:08:30.462Z","@version":"1","message":"Sep 16 07:08:29 honeypot-sgp-1 sshd[24483]: Received disconnect from 38.143.137.90 port 14306:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:08:50 honeypot-ams-1 kernel: [84188711.747841] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.137 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=50025 PROTO=TCP SPT=30795 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:08:51.168Z"}
{"@timestamp":"2022-09-16T07:09:37.492Z","@version":"1","message":"Sep 16 07:09:36 honeypot-sgp-1 sshd[24487]: Disconnected from authenticating user root 38.143.137.90 port 20944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:10:43.521Z","@version":"1","message":"Sep 16 07:10:43 honeypot-sgp-1 sshd[24496]: Disconnected from authenticating user root 38.143.137.90 port 63202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:12:15 honeypot-ams-1 sshd[30919]: Invalid user tech from 170.106.113.73 port 50242","@timestamp":"2022-09-16T07:12:15.264Z"}
{"@timestamp":"2022-09-16T07:12:21.564Z","@version":"1","message":"Sep 16 07:12:21 honeypot-sgp-1 sshd[24503]: Received disconnect from 38.143.137.90 port 50374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:13:06 honeypot-fra-1 sshd[21677]: Received disconnect from 92.255.85.69 port 25746:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:13:06.669Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:13:28 honeypot-ams-1 sshd[30923]: Received disconnect from 20.239.69.124 port 55580:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:13:28.301Z"}
{"@timestamp":"2022-09-16T07:13:28.595Z","@version":"1","message":"Sep 16 07:13:28 honeypot-sgp-1 sshd[24507]: Received disconnect from 38.143.137.90 port 54428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:14:34.624Z","@version":"1","message":"Sep 16 07:14:34 honeypot-sgp-1 sshd[24511]: Received disconnect from 38.143.137.90 port 30462:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:16:12.667Z","@version":"1","message":"Sep 16 07:16:12 honeypot-sgp-1 sshd[24521]: Received disconnect from 38.143.137.90 port 23288:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:17:20.698Z","@version":"1","message":"Sep 16 07:17:20 honeypot-sgp-1 sshd[24528]: Received disconnect from 38.143.137.90 port 28556:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:17:28 honeypot-ams-1 sshd[30933]: Invalid user  from 152.32.249.159 port 33724","@timestamp":"2022-09-16T07:17:29.409Z"}
{"@timestamp":"2022-09-16T07:18:27.726Z","@version":"1","message":"Sep 16 07:18:26 honeypot-sgp-1 sshd[24535]: Received disconnect from 38.143.137.90 port 6614:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:19:00.742Z","@version":"1","message":"Sep 16 07:19:00 honeypot-sgp-1 sshd[24537]: Disconnected from authenticating user root 38.143.137.90 port 29518 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:20:05.772Z","@version":"1","message":"Sep 16 07:20:05 honeypot-sgp-1 sshd[24543]: Received disconnect from 38.143.137.90 port 13290:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:20:38.787Z","@version":"1","message":"Sep 16 07:20:37 honeypot-sgp-1 sshd[24547]: Disconnected from authenticating user root 38.143.137.90 port 2260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:21:23 honeypot-fra-1 kernel: [84187298.305379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.204.179.252 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=14001 PROTO=TCP SPT=57221 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:21:23.859Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T07:22:17.830Z","@version":"1","message":"Sep 16 07:22:17 honeypot-sgp-1 sshd[24554]: Received disconnect from 38.143.137.90 port 7002:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:23:24.860Z","@version":"1","message":"Sep 16 07:23:24 honeypot-sgp-1 sshd[24558]: Disconnected from authenticating user root 38.143.137.90 port 48358 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:24:20.886Z","@version":"1","message":"Sep 16 07:24:20 honeypot-sgp-1 sshd[24564]: Disconnected from authenticating user root 61.177.173.36 port 21353 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:25:06.908Z","@version":"1","message":"Sep 16 07:25:06 honeypot-sgp-1 sshd[24570]: Received disconnect from 38.143.137.90 port 16126:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:25:15 honeypot-fra-1 sshd[21686]: Received disconnect from 165.22.45.108 port 41286:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T07:25:15.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:25:54 honeypot-ams-1 sshd[30952]: Disconnected from authenticating user root 157.245.230.64 port 57458 [preauth]","@timestamp":"2022-09-16T07:25:55.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:29:16 honeypot-ams-1 sshd[30961]: Received disconnect from 92.255.85.69 port 43504:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:29:16.716Z"}
{"@timestamp":"2022-09-16T07:33:15.109Z","@version":"1","message":"Sep 16 07:33:15 honeypot-sgp-1 sshd[24575]: Disconnected from invalid user cooper 52.172.225.142 port 58532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:36:25 honeypot-fra-1 sshd[21691]: Disconnected from invalid user 123 92.255.85.70 port 51812 [preauth]","@timestamp":"2022-09-16T07:36:26.265Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T07:39:20.258Z","@version":"1","message":"Sep 16 07:39:19 honeypot-sgp-1 sshd[24582]: Received disconnect from 61.177.173.51 port 33733:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:39:21 honeypot-fra-1 sshd[21695]: Disconnected from invalid user ubnt 43.155.86.244 port 49274 [preauth]","@timestamp":"2022-09-16T07:39:22.336Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:40:58 honeypot-fra-1 sshd[21702]: Received disconnect from 5.101.1.20 port 52758:11: Bye Bye [preauth]","@timestamp":"2022-09-16T07:40:58.389Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:45:38 honeypot-ams-1 sshd[30976]: Invalid user deva from 190.187.240.86 port 49288","@timestamp":"2022-09-16T07:45:39.134Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 07:50:39 honeypot-ams-1 kernel: [84191221.211123] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41418 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:50:40.265Z"}
{"@timestamp":"2022-09-16T07:52:21.571Z","@version":"1","message":"Sep 16 07:52:21 honeypot-sgp-1 kernel: [84190847.597729] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.2 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54284 PROTO=TCP SPT=49577 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 07:53:03 honeypot-fra-1 kernel: [84189198.304781] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=216.218.206.117 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=39223 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T07:53:04.665Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:53:10 honeypot-ams-1 sshd[30984]: Disconnected from authenticating user root 61.177.173.36 port 15879 [preauth]","@timestamp":"2022-09-16T07:53:11.333Z"}
{"@timestamp":"2022-09-16T07:56:40.679Z","@version":"1","message":"Sep 16 07:56:40 honeypot-sgp-1 sshd[24596]: Received disconnect from 45.61.184.204 port 58012:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 07:56:52 honeypot-ams-1 sshd[30988]: Disconnected from authenticating user root 61.177.172.104 port 39651 [preauth]","@timestamp":"2022-09-16T07:56:52.431Z"}
{"@timestamp":"2022-09-16T07:57:01.689Z","@version":"1","message":"Sep 16 07:57:00 honeypot-sgp-1 sshd[24600]: Received disconnect from 45.61.184.204 port 52878:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:18.698Z","@version":"1","message":"Sep 16 07:57:18 honeypot-sgp-1 sshd[24605]: Received disconnect from 45.61.184.204 port 47718:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T07:57:37.708Z","@version":"1","message":"Sep 16 07:57:36 honeypot-sgp-1 sshd[24609]: Received disconnect from 45.61.184.204 port 42580:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:00:05 honeypot-fra-1 sshd[21709]: Disconnected from invalid user admin 92.255.85.70 port 61974 [preauth]","@timestamp":"2022-09-16T08:00:05.824Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:03:09 honeypot-fra-1 kernel: [84189803.452670] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=33307 PROTO=TCP SPT=55085 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:03:09.897Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T08:05:27.920Z","@version":"1","message":"Sep 16 08:05:27 honeypot-sgp-1 kernel: [84191633.531231] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=60382 PROTO=TCP SPT=52769 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:06:24 honeypot-ams-1 kernel: [84192165.707173] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.205.5.248 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=50167 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:06:24.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:10:05 honeypot-ams-1 sshd[31003]: Disconnected from authenticating user root 61.177.173.51 port 61520 [preauth]","@timestamp":"2022-09-16T08:10:05.779Z"}
{"@timestamp":"2022-09-16T08:12:14.089Z","@version":"1","message":"Sep 16 08:12:13 honeypot-sgp-1 kernel: [84192039.950926] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=184.105.139.115 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40932 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T08:13:50.131Z","@version":"1","message":"Sep 16 08:13:49 honeypot-sgp-1 sshd[24622]: Disconnected from authenticating user root 178.176.228.45 port 53546 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:16:33 honeypot-fra-1 kernel: [84190608.231998] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=74.82.47.48 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=33908 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:16:34.205Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:16:45 honeypot-ams-1 sshd[31007]: Received disconnect from 92.255.85.70 port 37524:11: Bye Bye [preauth]","@timestamp":"2022-09-16T08:16:45.969Z"}
{"@timestamp":"2022-09-16T08:17:01.212Z","@version":"1","message":"Sep 16 08:17:01 honeypot-sgp-1 CRON[24628]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:17:08 honeypot-ams-1 sshd[31012]: Disconnected from invalid user arrezo 159.223.95.166 port 53078 [preauth]","@timestamp":"2022-09-16T08:17:08.981Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:17:35 honeypot-fra-1 sshd[21744]: Disconnected from invalid user leon 165.22.45.108 port 46326 [preauth]","@timestamp":"2022-09-16T08:17:36.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T08:19:13.268Z","@version":"1","message":"Sep 16 08:19:12 honeypot-sgp-1 sshd[24637]: Disconnected from authenticating user root 61.177.172.98 port 47738 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:22:09 honeypot-ams-1 kernel: [84193110.749239] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=14659 PROTO=TCP SPT=17262 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:22:10.113Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:23:26 honeypot-fra-1 sshd[21747]: Disconnected from invalid user a 92.255.85.70 port 19324 [preauth]","@timestamp":"2022-09-16T08:23:27.370Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:25:49 honeypot-ams-1 kernel: [84193331.432057] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.191.136.69 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=10302 DF PROTO=TCP SPT=48404 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:25:50.212Z"}
{"@timestamp":"2022-09-16T08:27:14.468Z","@version":"1","message":"Sep 16 08:27:14 honeypot-sgp-1 sshd[24658]: Received disconnect from 165.227.118.71 port 38502:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 08:29:11 honeypot-ams-1 kernel: [84193532.701066] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.14.51.134 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=54808 DF PROTO=TCP SPT=49820 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:29:11.303Z"}
{"@timestamp":"2022-09-16T08:30:54.563Z","@version":"1","message":"Sep 16 08:30:54 honeypot-sgp-1 sshd[24665]: Received disconnect from 61.177.173.36 port 51117:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:31:06 honeypot-ams-1 sshd[31032]: Invalid user ubnt from 27.254.149.199 port 34050","@timestamp":"2022-09-16T08:31:06.357Z"}
{"@timestamp":"2022-09-16T08:33:29.628Z","@version":"1","message":"Sep 16 08:33:28 honeypot-sgp-1 sshd[24669]: Connection closed by invalid user user1 103.188.176.251 port 53304 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:33:37 honeypot-ams-1 sshd[31056]: Disconnected from authenticating user root 61.177.172.108 port 61667 [preauth]","@timestamp":"2022-09-16T08:33:38.425Z"}
{"@timestamp":"2022-09-16T08:36:17.700Z","@version":"1","message":"Sep 16 08:36:17 honeypot-sgp-1 sshd[24676]: Received disconnect from 159.65.103.250 port 52314:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:40:45 honeypot-ams-1 sshd[31059]: Disconnected from authenticating user root 95.85.15.86 port 55464 [preauth]","@timestamp":"2022-09-16T08:40:46.608Z"}
{"@timestamp":"2022-09-16T08:43:45.907Z","@version":"1","message":"Sep 16 08:43:45 honeypot-sgp-1 sshd[24683]: Received disconnect from 61.177.173.36 port 14234:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:46:39 honeypot-ams-1 sshd[31067]: Disconnected from authenticating user root 61.177.172.98 port 50047 [preauth]","@timestamp":"2022-09-16T08:46:39.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:47:26 honeypot-fra-1 sshd[21751]: Disconnected from authenticating user root 92.255.85.70 port 45442 [preauth]","@timestamp":"2022-09-16T08:47:26.923Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T08:53:33.151Z","@version":"1","message":"Sep 16 08:53:32 honeypot-sgp-1 sshd[24693]: Received disconnect from 92.255.85.70 port 39400:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 08:54:16 honeypot-fra-1 kernel: [84192870.498910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=122.189.38.5 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=20004 PROTO=TCP SPT=11556 DPT=443 WINDOW=42684 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T08:54:17.081Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 08:57:18 honeypot-ams-1 sshd[31077]: Disconnected from authenticating user root 61.177.173.46 port 50694 [preauth]","@timestamp":"2022-09-16T08:57:19.042Z"}
{"@timestamp":"2022-09-16T08:59:09.294Z","@version":"1","message":"Sep 16 08:59:09 honeypot-sgp-1 kernel: [84194855.124630] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=58567 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:01:06.352Z","@version":"1","message":"Sep 16 09:01:05 honeypot-sgp-1 sshd[24698]: Received disconnect from 177.137.87.209 port 34220:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:01:10 honeypot-ams-1 sshd[31083]: Received disconnect from 51.178.137.178 port 52444:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:01:11.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:03:44 honeypot-ams-1 sshd[31089]: Invalid user user from 45.61.184.204 port 40006","@timestamp":"2022-09-16T09:03:44.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:04 honeypot-ams-1 sshd[31093]: Invalid user user from 45.61.184.204 port 35564","@timestamp":"2022-09-16T09:04:04.234Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:13 honeypot-ams-1 sshd[31097]: Received disconnect from 45.61.184.204 port 47458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T09:04:14.239Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:04:31 honeypot-ams-1 sshd[31101]: Received disconnect from 45.61.184.204 port 43008:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T09:04:32.250Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:04:34 honeypot-fra-1 kernel: [84193488.986747] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=32826 PROTO=TCP SPT=58560 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:04:35.318Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:11:28 honeypot-ams-1 sshd[31111]: Received disconnect from 61.177.173.36 port 16060:11:  [preauth]","@timestamp":"2022-09-16T09:11:28.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:13:22 honeypot-fra-1 kernel: [84194016.673776] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=8388 PROTO=TCP SPT=57672 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:13:22.515Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T09:16:58.744Z","@version":"1","message":"Sep 16 09:16:57 honeypot-sgp-1 sshd[24711]: Invalid user odoo from 92.255.85.69 port 54472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:17:01 honeypot-ams-1 CRON[31118]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T09:17:02.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:19:09 honeypot-fra-1 sshd[21771]: Disconnected from invalid user robbin.shahani 43.154.190.157 port 46722 [preauth]","@timestamp":"2022-09-16T09:19:09.649Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:22:34.883Z","@version":"1","message":"Sep 16 09:22:33 honeypot-sgp-1 sshd[24717]: Received disconnect from 61.177.173.39 port 49632:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:23:58 honeypot-fra-1 sshd[21776]: Received disconnect from 218.92.0.200 port 39103:11:  [preauth]","@timestamp":"2022-09-16T09:23:58.760Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:26:36 honeypot-ams-1 sshd[31128]: Received disconnect from 61.177.173.46 port 49529:11:  [preauth]","@timestamp":"2022-09-16T09:26:36.822Z"}
{"@timestamp":"2022-09-16T09:26:51.989Z","@version":"1","message":"Sep 16 09:26:51 honeypot-sgp-1 sshd[24724]: Disconnected from invalid user wksys 112.25.135.51 port 38236 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 09:29:16 honeypot-ams-1 kernel: [84197138.206992] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.79.195.180 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=62143 PROTO=TCP SPT=10270 DPT=80 WINDOW=36841 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:29:16.894Z"}
{"@timestamp":"2022-09-16T09:30:30.082Z","@version":"1","message":"Sep 16 09:30:29 honeypot-sgp-1 sshd[24730]: Received disconnect from 187.37.77.251 port 38541:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:31:50.118Z","@version":"1","message":"Sep 16 09:31:49 honeypot-sgp-1 sshd[24735]: Disconnected from invalid user user 45.61.186.169 port 54564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:32:04 honeypot-fra-1 kernel: [84195138.863138] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=182.254.225.35 DST=165.22.82.222 LEN=60 TOS=0x08 PREC=0x00 TTL=43 ID=55693 DF PROTO=TCP SPT=33040 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:32:04.947Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T09:32:07.126Z","@version":"1","message":"Sep 16 09:32:06 honeypot-sgp-1 sshd[24740]: Invalid user user from 45.61.186.169 port 48990","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:23.134Z","@version":"1","message":"Sep 16 09:32:22 honeypot-sgp-1 sshd[24744]: Invalid user user from 45.61.186.169 port 43422","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:32:38.142Z","@version":"1","message":"Sep 16 09:32:37 honeypot-sgp-1 sshd[24748]: Invalid user user from 45.61.186.169 port 37836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:34:51 honeypot-fra-1 sshd[21788]: Disconnected from invalid user odoo 92.255.85.69 port 36492 [preauth]","@timestamp":"2022-09-16T09:34:52.014Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T09:35:05.205Z","@version":"1","message":"Sep 16 09:35:05 honeypot-sgp-1 sshd[24751]: Disconnected from authenticating user root 61.177.173.35 port 60870 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:35:06 honeypot-ams-1 sshd[31136]: Invalid user guest from 193.106.191.157 port 53736","@timestamp":"2022-09-16T09:35:07.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:37:34 honeypot-ams-1 sshd[31143]: Disconnected from authenticating user root 61.177.173.51 port 56667 [preauth]","@timestamp":"2022-09-16T09:37:35.111Z"}
{"@timestamp":"2022-09-16T09:40:09.333Z","@version":"1","message":"Sep 16 09:40:08 honeypot-sgp-1 sshd[24759]: Invalid user user from 45.61.186.49 port 59234","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T09:40:16.336Z","@version":"1","message":"Sep 16 09:40:16 honeypot-sgp-1 sshd[24763]: Connection closed by 45.61.186.49 port 42406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:45:35 honeypot-ams-1 sshd[31152]: Disconnected from authenticating user root 61.177.173.50 port 47094 [preauth]","@timestamp":"2022-09-16T09:45:35.319Z"}
{"@timestamp":"2022-09-16T09:47:47.521Z","@version":"1","message":"Sep 16 09:47:46 honeypot-sgp-1 sshd[24770]: Disconnected from authenticating user root 61.177.173.35 port 50005 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:50:26 honeypot-ams-1 sshd[31157]: Received disconnect from 92.255.85.69 port 54322:11: Bye Bye [preauth]","@timestamp":"2022-09-16T09:50:27.451Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 09:51:58 honeypot-fra-1 kernel: [84196332.491686] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=144.202.28.222 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=58981 PROTO=TCP SPT=41780 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T09:51:58.417Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 09:54:33 honeypot-ams-1 sshd[31161]: Invalid user guest from 193.106.191.157 port 38918","@timestamp":"2022-09-16T09:54:34.562Z"}
{"@timestamp":"2022-09-16T09:59:08.824Z","@version":"1","message":"Sep 16 09:59:07 honeypot-sgp-1 kernel: [84198453.954477] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.232.46.222 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45472 PROTO=TCP SPT=41038 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:00:07 honeypot-ams-1 sshd[31169]: Disconnected from authenticating user root 51.161.96.65 port 54625 [preauth]","@timestamp":"2022-09-16T10:00:07.705Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:01:27 honeypot-fra-1 kernel: [84196901.749075] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.97.98.117 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=120 ID=27949 DF PROTO=TCP SPT=55228 DPT=443 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T10:01:27.635Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:02:34 honeypot-ams-1 sshd[31175]: Received disconnect from 68.183.88.186 port 36246:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:02:34.771Z"}
{"@timestamp":"2022-09-16T10:03:06.923Z","@version":"1","message":"Sep 16 10:03:06 honeypot-sgp-1 sshd[24782]: Connection closed by invalid user support 179.60.147.69 port 52822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:03:29 honeypot-fra-1 kernel: [84197024.100439] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.251.102.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=48865 PROTO=TCP SPT=23402 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:03:30.684Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:04:56 honeypot-ams-1 kernel: [84199278.285344] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.19.176.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=15911 PROTO=TCP SPT=24787 DPT=80 WINDOW=10387 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:04:56.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:05:11 honeypot-fra-1 kernel: [84197125.606954] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36743 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:05:11.729Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T10:12:50.163Z","@version":"1","message":"Sep 16 10:12:49 honeypot-sgp-1 kernel: [84199275.746512] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.130 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=28146 PROTO=TCP SPT=61829 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:13:51 honeypot-ams-1 sshd[31183]: Invalid user admin from 92.255.85.70 port 38606","@timestamp":"2022-09-16T10:13:52.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21807]: Invalid user www from 137.184.77.246 port 42006","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21816]: Invalid user testuser from 137.184.77.246 port 42002","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21833]: Invalid user test from 137.184.77.246 port 42076","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21809]: Connection closed by invalid user ubuntu 137.184.77.246 port 42052 [preauth]","@timestamp":"2022-09-16T10:16:45.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21818]: Connection closed by authenticating user root 137.184.77.246 port 42018 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21816]: Connection closed by invalid user testuser 137.184.77.246 port 42002 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21823]: Connection closed by invalid user cloud 137.184.77.246 port 42008 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21830]: Connection closed by authenticating user root 137.184.77.246 port 42030 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21840]: Invalid user steam from 137.184.77.246 port 42074","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:16:45 honeypot-fra-1 sshd[21837]: Connection closed by invalid user es 137.184.77.246 port 42064 [preauth]","@timestamp":"2022-09-16T10:16:45.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:18:51 honeypot-ams-1 kernel: [84200113.092528] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.49.93 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=22284 DF PROTO=TCP SPT=56610 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:18:52.205Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:20:38 honeypot-fra-1 kernel: [84198052.293910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.29.240 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54558 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:20:39.084Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T10:21:40.383Z","@version":"1","message":"Sep 16 10:21:39 honeypot-sgp-1 sshd[24795]: Invalid user mts from 91.240.118.222 port 29450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:25:24 honeypot-fra-1 sshd[21882]: Invalid user monitor from 167.172.152.29 port 58474","@timestamp":"2022-09-16T10:25:24.196Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T10:28:25.545Z","@version":"1","message":"Sep 16 10:28:25 honeypot-sgp-1 sshd[24800]: Received disconnect from 92.255.85.69 port 48788:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:29:04 honeypot-ams-1 sshd[31192]: Invalid user q3 from 165.232.173.191 port 48416","@timestamp":"2022-09-16T10:29:04.469Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:31:07 honeypot-fra-1 kernel: [84198681.264415] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.211.249.8 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:31:07.328Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21888]: Connection closed by authenticating user root 137.184.77.246 port 37874 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21919]: Invalid user pi from 137.184.77.246 port 37878","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21898]: Invalid user elasticsearch from 137.184.77.246 port 37832","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21894]: Invalid user es from 137.184.77.246 port 37894","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21908]: Connection closed by invalid user cloud 137.184.77.246 port 37842 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21917]: Connection closed by authenticating user root 137.184.77.246 port 37858 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21923]: Connection closed by invalid user steam 137.184.77.246 port 37884 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:32:30 honeypot-fra-1 sshd[21909]: Connection closed by authenticating user root 137.184.77.246 port 37846 [preauth]","@timestamp":"2022-09-16T10:32:30.360Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:33:58 honeypot-ams-1 sshd[31197]: Disconnected from authenticating user root 134.122.123.117 port 56214 [preauth]","@timestamp":"2022-09-16T10:33:59.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:35:08 honeypot-ams-1 sshd[31203]: Disconnected from authenticating user root 134.122.123.117 port 52354 [preauth]","@timestamp":"2022-09-16T10:35:08.658Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:36:48 honeypot-ams-1 sshd[31210]: Disconnected from authenticating user root 134.122.123.117 port 46934 [preauth]","@timestamp":"2022-09-16T10:36:48.703Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:37:33 honeypot-ams-1 kernel: [84201234.599867] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.40.183.240 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=891 PROTO=TCP SPT=1660 DPT=443 WINDOW=15939 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:37:33.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:38:11 honeypot-fra-1 sshd[21950]: Invalid user tester from 211.200.178.178 port 52552","@timestamp":"2022-09-16T10:38:12.491Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:38:59 honeypot-ams-1 sshd[31220]: Received disconnect from 134.122.123.117 port 39696:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:38:59.765Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:39:42 honeypot-fra-1 sshd[21955]: Disconnected from authenticating user root 103.133.57.242 port 57302 [preauth]","@timestamp":"2022-09-16T10:39:42.529Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:40:05 honeypot-ams-1 sshd[31224]: Received disconnect from 134.122.123.117 port 36130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:40:05.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:41:11 honeypot-ams-1 sshd[31228]: Received disconnect from 134.122.123.117 port 60658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:41:12.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:42:17 honeypot-ams-1 sshd[31233]: Invalid user ansible from 134.122.123.117 port 57036","@timestamp":"2022-09-16T10:42:17.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:42:49 honeypot-ams-1 sshd[31237]: Received disconnect from 134.122.123.117 port 55214:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:42:49.878Z"}
{"@timestamp":"2022-09-16T10:43:39.918Z","@version":"1","message":"Sep 16 10:43:39 honeypot-sgp-1 kernel: [84201125.612529] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54749 PROTO=TCP SPT=44104 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:43:53 honeypot-ams-1 sshd[31241]: Received disconnect from 134.122.123.117 port 51568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:43:54.909Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:44:35 honeypot-fra-1 sshd[21962]: Received disconnect from 92.255.85.70 port 22694:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:44:35.642Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:44:58 honeypot-ams-1 sshd[31245]: Received disconnect from 134.122.123.117 port 47950:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:44:58.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:46:03 honeypot-ams-1 sshd[31249]: Received disconnect from 134.122.123.117 port 44280:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:46:03.972Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:47:09 honeypot-ams-1 sshd[31253]: Invalid user webadmin from 134.122.123.117 port 40648","@timestamp":"2022-09-16T10:47:10.005Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 10:47:51 honeypot-ams-1 kernel: [84201852.493761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.206 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39960 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T10:47:52.026Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:48:48 honeypot-ams-1 sshd[31260]: Disconnected from invalid user www 134.122.123.117 port 35182 [preauth]","@timestamp":"2022-09-16T10:48:49.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:49:53 honeypot-ams-1 sshd[31264]: Received disconnect from 134.122.123.117 port 59772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T10:49:54.085Z"}
{"@timestamp":"2022-09-16T10:51:33.110Z","@version":"1","message":"Sep 16 10:51:32 honeypot-sgp-1 sshd[24808]: Disconnected from authenticating user root 92.255.85.70 port 40364 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 10:58:35 honeypot-fra-1 sshd[21966]: Invalid user levchenko from 165.22.45.108 port 33316","@timestamp":"2022-09-16T10:58:35.962Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 10:59:54 honeypot-ams-1 sshd[31268]: Received disconnect from 98.252.188.193 port 59598:11: Bye Bye [preauth]","@timestamp":"2022-09-16T10:59:55.343Z"}
{"@timestamp":"2022-09-16T11:01:41.362Z","@version":"1","message":"Sep 16 11:01:40 honeypot-sgp-1 sshd[24816]: Connection closed by invalid user wangfei 103.188.176.251 port 54492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:03:09 honeypot-fra-1 kernel: [84200603.951184] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.132.180.113 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=9719 PROTO=TCP SPT=59078 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:03:10.066Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T11:09:18.548Z","@version":"1","message":"Sep 16 11:09:17 honeypot-sgp-1 kernel: [84202663.657009] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.26.249.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26143 PROTO=TCP SPT=28889 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:09:52 honeypot-fra-1 kernel: [84201006.713861] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=27443 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:09:53.221Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:11:49 honeypot-ams-1 sshd[31274]: Invalid user sb from 143.202.209.20 port 40519","@timestamp":"2022-09-16T11:11:50.645Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:17:01 honeypot-ams-1 CRON[31277]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T11:17:01.782Z"}
{"@timestamp":"2022-09-16T11:17:01.734Z","@version":"1","message":"Sep 16 11:17:01 honeypot-sgp-1 CRON[24827]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T11:22:31.870Z","@version":"1","message":"Sep 16 11:22:31 honeypot-sgp-1 kernel: [84203457.064139] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.169 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=46001 PROTO=TCP SPT=47211 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:23:32 honeypot-fra-1 sshd[21980]: Invalid user sophie from 23.126.62.36 port 51620","@timestamp":"2022-09-16T11:23:32.533Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:24:20 honeypot-ams-1 sshd[31283]: Received disconnect from 92.255.85.69 port 20478:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:24:20.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:27:56 honeypot-fra-1 kernel: [84202090.723507] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.169.113.70 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=1432 PROTO=TCP SPT=47440 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:27:57.635Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:29:13 honeypot-ams-1 sshd[31288]: Received disconnect from 159.65.224.135 port 37896:11: Bye Bye [preauth]","@timestamp":"2022-09-16T11:29:14.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:30:14 honeypot-fra-1 sshd[21990]: Invalid user bunnyts from 64.227.126.207 port 41180","@timestamp":"2022-09-16T11:30:14.692Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:33:00 honeypot-fra-1 sshd[21995]: Invalid user super from 62.204.41.222 port 29072","@timestamp":"2022-09-16T11:33:00.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:36:18 honeypot-fra-1 kernel: [84202592.782404] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.223.31.125 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=60 ID=28587 DF PROTO=TCP SPT=36384 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:36:18.834Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T11:38:06.246Z","@version":"1","message":"Sep 16 11:38:06 honeypot-sgp-1 sshd[24837]: Received disconnect from 92.255.85.70 port 27950:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 11:38:41 honeypot-ams-1 sshd[31363]: Invalid user kafka from 128.199.179.36 port 41496","@timestamp":"2022-09-16T11:38:41.379Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:46:32 honeypot-ams-1 kernel: [84205373.987008] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.63.192.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=18412 PROTO=TCP SPT=25589 DPT=443 WINDOW=21443 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:46:32.593Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:48:01 honeypot-fra-1 kernel: [84203295.269668] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.169.179 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=40066 PROTO=TCP SPT=48290 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:48:02.102Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:24 honeypot-fra-1 sshd[22004]: Disconnected from invalid user user 45.61.186.169 port 59428 [preauth]","@timestamp":"2022-09-16T11:51:25.183Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T11:51:30.568Z","@version":"1","message":"Sep 16 11:51:29 honeypot-sgp-1 sshd[24842]: Received disconnect from 213.158.29.179 port 41784:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:41 honeypot-fra-1 sshd[22008]: Disconnected from invalid user user 45.61.186.169 port 54176 [preauth]","@timestamp":"2022-09-16T11:51:42.191Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:51:58 honeypot-fra-1 sshd[22012]: Received disconnect from 45.61.186.169 port 48920:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T11:51:59.201Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:52:14 honeypot-fra-1 sshd[22016]: Received disconnect from 45.61.186.169 port 43662:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T11:52:15.209Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:53:41 honeypot-ams-1 kernel: [84205802.538461] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.178.113.94 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=36568 DF PROTO=TCP SPT=7050 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:53:41.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:55:02 honeypot-fra-1 kernel: [84203716.046379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=188.166.87.67 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=15212 PROTO=TCP SPT=57942 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:55:02.275Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 11:57:20 honeypot-ams-1 kernel: [84206022.320482] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.169.179 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=26458 PROTO=TCP SPT=48290 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:57:21.895Z"}
{"@timestamp":"2022-09-16T11:58:19.735Z","@version":"1","message":"Sep 16 11:58:19 honeypot-sgp-1 kernel: [84205605.375877] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.169.179 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22235 PROTO=TCP SPT=48290 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 11:59:52 honeypot-fra-1 kernel: [84204006.204004] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54138 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T11:59:52.388Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:01:31.816Z","@version":"1","message":"Sep 16 12:01:31 honeypot-sgp-1 sshd[24851]: Received disconnect from 92.255.85.69 port 56346:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:04:28.888Z","@version":"1","message":"Sep 16 12:04:28 honeypot-sgp-1 sshd[24857]: Received disconnect from 60.50.99.134 port 48904:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:05:59 honeypot-fra-1 sshd[22031]: Connection closed by invalid user admin 159.203.178.0 port 48116 [preauth]","@timestamp":"2022-09-16T12:05:59.534Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:06:01 honeypot-fra-1 sshd[22037]: Connection closed by invalid user admin 159.203.178.0 port 48140 [preauth]","@timestamp":"2022-09-16T12:06:01.536Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:22 honeypot-ams-1 sshd[31378]: Invalid user user from 45.61.187.160 port 39066","@timestamp":"2022-09-16T12:06:23.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:06:43 honeypot-ams-1 sshd[31382]: Invalid user user from 45.61.187.160 port 33046","@timestamp":"2022-09-16T12:06:44.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:07:01 honeypot-ams-1 sshd[31386]: Invalid user user from 45.61.187.160 port 55282","@timestamp":"2022-09-16T12:07:02.156Z"}
{"@timestamp":"2022-09-16T12:10:31.035Z","@version":"1","message":"Sep 16 12:10:30 honeypot-sgp-1 sshd[24863]: Invalid user administrator from 94.240.180.92 port 41604","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:11:28 honeypot-ams-1 sshd[31391]: Received disconnect from 92.255.85.69 port 52732:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:11:29.272Z"}
{"@timestamp":"2022-09-16T12:11:52.071Z","@version":"1","message":"Sep 16 12:11:51 honeypot-sgp-1 kernel: [84206417.484867] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=82.77.156.59 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=24951 DF PROTO=TCP SPT=20223 DPT=3389 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:17:47 honeypot-ams-1 sshd[31397]: Connection closed by invalid user guest 193.106.191.157 port 40800 [preauth]","@timestamp":"2022-09-16T12:17:47.435Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:18:53 honeypot-fra-1 sshd[22043]: Received disconnect from 92.255.85.69 port 24142:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:18:53.831Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:19:33 honeypot-ams-1 sshd[31399]: Disconnected from invalid user fafuli 45.119.215.150 port 39056 [preauth]","@timestamp":"2022-09-16T12:19:34.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:19:48 honeypot-fra-1 sshd[22048]: Disconnected from invalid user adrianus 174.138.28.154 port 39218 [preauth]","@timestamp":"2022-09-16T12:19:48.854Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:25:00.390Z","@version":"1","message":"Sep 16 12:24:59 honeypot-sgp-1 kernel: [84207205.437819] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=235 ID=39521 PROTO=TCP SPT=59040 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:26:54 honeypot-ams-1 kernel: [84207795.819495] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48322 PROTO=TCP SPT=42554 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:26:54.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:27:46 honeypot-fra-1 sshd[22053]: Invalid user centos from 200.29.109.224 port 43324","@timestamp":"2022-09-16T12:27:47.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:29:54 honeypot-fra-1 kernel: [84205808.198880] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=108 ID=256 PROTO=TCP SPT=1032 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:29:55.085Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T12:30:17.542Z","@version":"1","message":"Sep 16 12:30:17 honeypot-sgp-1 sshd[24880]: Connection closed by invalid user test 179.60.147.69 port 59176 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:32:23.596Z","@version":"1","message":"Sep 16 12:32:23 honeypot-sgp-1 sshd[24886]: Received disconnect from 43.154.77.244 port 45976:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:33:09.616Z","@version":"1","message":"Sep 16 12:33:08 honeypot-sgp-1 sshd[24892]: Invalid user admin from 128.199.160.207 port 21322","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:33:59 honeypot-fra-1 sshd[22062]: Invalid user belea from 144.24.116.174 port 51188","@timestamp":"2022-09-16T12:34:00.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:34:43 honeypot-fra-1 sshd[22064]: Disconnected from invalid user nagios 43.134.240.234 port 34488 [preauth]","@timestamp":"2022-09-16T12:34:43.198Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 12:34:43 honeypot-ams-1 sshd[31407]: Received disconnect from 92.255.85.69 port 33224:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:34:43.877Z"}
{"@timestamp":"2022-09-16T12:41:47.824Z","@version":"1","message":"Sep 16 12:41:47 honeypot-sgp-1 kernel: [84208213.010326] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=109.245.241.93 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54777 DF PROTO=TCP SPT=45782 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:42:01 honeypot-fra-1 sshd[22069]: Received disconnect from 92.255.85.69 port 30968:11: Bye Bye [preauth]","@timestamp":"2022-09-16T12:42:01.365Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:47:13.962Z","@version":"1","message":"Sep 16 12:47:13 honeypot-sgp-1 sshd[24904]: Received disconnect from 45.61.186.249 port 56356:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:47:16 honeypot-fra-1 sshd[22072]: Connection closed by invalid user guest 193.106.191.157 port 52524 [preauth]","@timestamp":"2022-09-16T12:47:17.488Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T12:47:32.971Z","@version":"1","message":"Sep 16 12:47:32 honeypot-sgp-1 sshd[24908]: Received disconnect from 45.61.186.249 port 50488:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:47:49.980Z","@version":"1","message":"Sep 16 12:47:49 honeypot-sgp-1 sshd[24912]: Invalid user user from 45.61.186.249 port 44620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T12:48:06.989Z","@version":"1","message":"Sep 16 12:48:06 honeypot-sgp-1 sshd[24916]: Received disconnect from 92.255.85.69 port 61540:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 12:50:18 honeypot-ams-1 kernel: [84209200.378613] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=10327 PROTO=TCP SPT=52383 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T12:50:19.290Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 12:55:57 honeypot-fra-1 sshd[22079]: Disconnected from invalid user lexx 165.22.45.108 port 43606 [preauth]","@timestamp":"2022-09-16T12:55:58.686Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:00:42 honeypot-ams-1 kernel: [84209823.990609] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.248.101.148 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=59865 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:00:43.554Z"}
{"@timestamp":"2022-09-16T13:02:41.349Z","@version":"1","message":"Sep 16 13:02:40 honeypot-sgp-1 kernel: [84209466.449055] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.230.113.51 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=235 ID=48801 PROTO=TCP SPT=53359 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22092]: Invalid user chia from 57.128.11.39 port 57444","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22089]: Connection closed by invalid user admin 57.128.11.39 port 57388 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22095]: Connection closed by authenticating user root 57.128.11.39 port 57438 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22097]: Connection closed by invalid user admin 57.128.11.39 port 57450 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22099]: Connection closed by authenticating user root 57.128.11.39 port 57484 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22105]: Invalid user oracle from 57.128.11.39 port 57400","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22102]: Invalid user user from 57.128.11.39 port 57378","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22114]: Invalid user test from 57.128.11.39 port 57398","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22114]: Connection closed by invalid user test 57.128.11.39 port 57398 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:05:02 honeypot-fra-1 sshd[22116]: Connection closed by invalid user esuser 57.128.11.39 port 57464 [preauth]","@timestamp":"2022-09-16T13:05:02.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:08:07 honeypot-fra-1 sshd[22153]: Invalid user wangfei from 103.188.176.251 port 37072","@timestamp":"2022-09-16T13:08:07.967Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T13:09:35.525Z","@version":"1","message":"Sep 16 13:09:35 honeypot-sgp-1 kernel: [84209881.245745] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5000 PROTO=TCP SPT=53215 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:11:57.584Z","@version":"1","message":"Sep 16 13:11:57 honeypot-sgp-1 sshd[24927]: Disconnected from invalid user sysroot 92.255.85.70 port 59678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:12:24 honeypot-ams-1 kernel: [84210525.427710] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.29.201 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=64073 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:12:24.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:17:33 honeypot-fra-1 kernel: [84208667.389726] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=39551 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:17:34.199Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:20:19 honeypot-ams-1 sshd[31427]: Received disconnect from 62.204.41.222 port 31528:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-16T13:20:20.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:21:27 honeypot-ams-1 sshd[31431]: Received disconnect from 92.255.85.69 port 57784:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:21:28.085Z"}
{"@timestamp":"2022-09-16T13:23:38.876Z","@version":"1","message":"Sep 16 13:23:38 honeypot-sgp-1 kernel: [84210723.943827] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56750 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:28:34.000Z","@version":"1","message":"Sep 16 13:28:33 honeypot-sgp-1 sshd[24939]: Received disconnect from 193.142.146.50 port 44812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:28:47 honeypot-fra-1 sshd[22166]: Received disconnect from 92.255.85.70 port 53222:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:28:48.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:30:02 honeypot-ams-1 sshd[31435]: Received disconnect from 61.135.214.124 port 46757:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:30:02.306Z"}
{"@timestamp":"2022-09-16T13:30:54.061Z","@version":"1","message":"Sep 16 13:30:53 honeypot-sgp-1 sshd[24946]: Invalid user zookeeper from 103.188.176.251 port 45044","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:31:43 honeypot-ams-1 sshd[31439]: Received disconnect from 178.128.238.19 port 41936:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:31:44.352Z"}
{"@timestamp":"2022-09-16T13:32:26.103Z","@version":"1","message":"Sep 16 13:32:25 honeypot-sgp-1 sshd[24950]: Received disconnect from 193.142.146.50 port 43134:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:34:19 honeypot-ams-1 kernel: [84211840.991986] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.196.54.17 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=35119 PROTO=TCP SPT=26661 DPT=443 WINDOW=48911 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:34:20.421Z"}
{"@timestamp":"2022-09-16T13:34:42.181Z","@version":"1","message":"Sep 16 13:34:41 honeypot-sgp-1 sshd[24956]: Received disconnect from 193.142.146.50 port 51428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T13:36:15.220Z","@version":"1","message":"Sep 16 13:36:14 honeypot-sgp-1 sshd[24961]: Received disconnect from 193.142.146.50 port 41450:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:44:46 honeypot-ams-1 sshd[31447]: Invalid user remote from 92.255.85.69 port 51472","@timestamp":"2022-09-16T13:44:46.689Z"}
{"@timestamp":"2022-09-16T13:46:21.500Z","@version":"1","message":"Sep 16 13:46:21 honeypot-sgp-1 kernel: [84212087.220847] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=39549 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 13:47:01 honeypot-ams-1 kernel: [84212602.750281] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.49.93 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=9481 DF PROTO=TCP SPT=55640 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:47:01.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:49:54 honeypot-fra-1 kernel: [84210607.740671] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.15 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=51108 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T13:49:54.930Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:51:51 honeypot-ams-1 sshd[31456]: Invalid user mdnsd from 104.236.244.98 port 53710","@timestamp":"2022-09-16T13:51:51.877Z"}
{"@timestamp":"2022-09-16T13:53:06.677Z","@version":"1","message":"Sep 16 13:53:06 honeypot-sgp-1 kernel: [84212492.353789] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.109.190 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=15296 PROTO=TCP SPT=33768 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:53:57 honeypot-fra-1 sshd[22176]: Invalid user lff from 165.22.45.108 port 48740","@timestamp":"2022-09-16T13:53:58.026Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:55:14 honeypot-ams-1 sshd[31460]: Received disconnect from 128.199.4.167 port 44488:11: Bye Bye [preauth]","@timestamp":"2022-09-16T13:55:14.967Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:56:11 honeypot-ams-1 sshd[31466]: Invalid user zck from 143.110.212.213 port 52928","@timestamp":"2022-09-16T13:56:12.000Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 13:57:04 honeypot-fra-1 sshd[22179]: Disconnected from authenticating user root 206.81.5.191 port 48630 [preauth]","@timestamp":"2022-09-16T13:57:05.098Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 13:58:18 honeypot-ams-1 sshd[31468]: Disconnected from invalid user cocoon 140.238.167.51 port 52056 [preauth]","@timestamp":"2022-09-16T13:58:19.060Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:00:23 honeypot-fra-1 sshd[22183]: Disconnected from invalid user osanna 59.26.216.102 port 48964 [preauth]","@timestamp":"2022-09-16T14:00:24.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:01:19 honeypot-ams-1 kernel: [84213461.011740] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.110.62.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=34041 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:01:20.141Z"}
{"@timestamp":"2022-09-16T14:01:48.895Z","@version":"1","message":"Sep 16 14:01:48 honeypot-sgp-1 sshd[24973]: Did not receive identification string from 45.61.184.204 port 42794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:19.911Z","@version":"1","message":"Sep 16 14:02:18 honeypot-sgp-1 sshd[24978]: Received disconnect from 45.61.184.204 port 52180:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:39.921Z","@version":"1","message":"Sep 16 14:02:38 honeypot-sgp-1 sshd[24982]: Received disconnect from 45.61.184.204 port 47010:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T14:02:56.931Z","@version":"1","message":"Sep 16 14:02:56 honeypot-sgp-1 sshd[24986]: Received disconnect from 45.61.184.204 port 41830:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:03:03 honeypot-ams-1 sshd[31477]: Disconnected from authenticating user root 64.227.36.9 port 60030 [preauth]","@timestamp":"2022-09-16T14:03:04.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:05:34 honeypot-ams-1 sshd[31482]: Disconnected from invalid user blank 81.1.219.10 port 50640 [preauth]","@timestamp":"2022-09-16T14:05:35.256Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:06:14 honeypot-fra-1 kernel: [84211587.943329] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.225.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=60122 PROTO=TCP SPT=51503 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:06:15.306Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T14:06:53.030Z","@version":"1","message":"Sep 16 14:06:52 honeypot-sgp-1 sshd[24991]: Disconnected from authenticating user root 110.39.147.66 port 16076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:10:58 honeypot-ams-1 kernel: [84214039.658617] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=46698 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:10:58.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:16:33 honeypot-fra-1 kernel: [84212207.317141] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=140.228.29.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=62537 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:16:34.540Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:17:01 honeypot-ams-1 CRON[31492]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T14:17:02.551Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:21:37 honeypot-fra-1 sshd[22272]: Invalid user centos from 179.60.147.69 port 32232","@timestamp":"2022-09-16T14:21:37.675Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:22:22.437Z","@version":"1","message":"Sep 16 14:22:21 honeypot-sgp-1 sshd[25434]: Invalid user admin from 92.255.85.69 port 54920","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 14:27:26 honeypot-ams-1 kernel: [84215027.945481] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.228.114.142 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=54722 PROTO=TCP SPT=59827 DPT=80 WINDOW=54923 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:27:26.823Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:30:54 honeypot-fra-1 kernel: [84213068.498868] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=52368 PROTO=TCP SPT=58608 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T14:30:55.886Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:31:57 honeypot-ams-1 sshd[31505]: Received disconnect from 92.255.85.69 port 51488:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:31:57.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:38:52 honeypot-fra-1 sshd[22281]: Received disconnect from 92.255.85.70 port 53288:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:38:52.086Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:43:05.951Z","@version":"1","message":"Sep 16 14:43:05 honeypot-sgp-1 sshd[25438]: Invalid user admin from 59.26.219.154 port 41486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:47:38 honeypot-ams-1 sshd[31511]: Invalid user pi from 92.89.85.54 port 47034","@timestamp":"2022-09-16T14:47:38.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:48:45 honeypot-fra-1 sshd[22284]: Disconnected from invalid user admin 167.99.236.74 port 50352 [preauth]","@timestamp":"2022-09-16T14:48:46.322Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T14:51:39.167Z","@version":"1","message":"Sep 16 14:51:38 honeypot-sgp-1 kernel: [84216004.392694] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=3361 PROTO=TCP SPT=49501 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 14:53:27 honeypot-fra-1 sshd[22290]: Disconnected from invalid user lfz 165.22.45.108 port 53896 [preauth]","@timestamp":"2022-09-16T14:53:27.429Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 14:54:02 honeypot-ams-1 sshd[31517]: Received disconnect from 92.255.85.69 port 38010:11: Bye Bye [preauth]","@timestamp":"2022-09-16T14:54:03.522Z"}
{"@timestamp":"2022-09-16T14:59:09.364Z","@version":"1","message":"Sep 16 14:59:08 honeypot-sgp-1 sshd[25449]: Connection closed by invalid user admin 157.230.47.155 port 57108 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:02:42 honeypot-fra-1 sshd[22295]: Received disconnect from 92.255.85.69 port 40230:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:02:43.639Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:04:26.495Z","@version":"1","message":"Sep 16 15:04:26 honeypot-sgp-1 sshd[25456]: Invalid user developer from 113.160.226.178 port 40731","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:05:05.514Z","@version":"1","message":"Sep 16 15:05:05 honeypot-sgp-1 kernel: [84216811.096467] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=16979 PROTO=TCP SPT=40403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:08:31 honeypot-ams-1 sshd[31523]: Invalid user guest from 193.106.191.157 port 41520","@timestamp":"2022-09-16T15:08:31.900Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:10:48 honeypot-fra-1 kernel: [84215462.242232] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:10:48.821Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T15:10:58.661Z","@version":"1","message":"Sep 16 15:10:58 honeypot-sgp-1 kernel: [84217164.047706] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.68.74 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=57871 PROTO=TCP SPT=41050 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:05.692Z","@version":"1","message":"Sep 16 15:12:04 honeypot-sgp-1 sshd[25469]: Disconnecting invalid user cameras 31.184.198.71 port 26373: Change of username or service not allowed: (cameras,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:12:30.704Z","@version":"1","message":"Sep 16 15:12:30 honeypot-sgp-1 sshd[25475]: Disconnecting invalid user  31.184.198.71 port 51785: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:00.719Z","@version":"1","message":"Sep 16 15:13:00 honeypot-sgp-1 sshd[25481]: Disconnecting invalid user admin 31.184.198.71 port 40697: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:31.735Z","@version":"1","message":"Sep 16 15:13:30 honeypot-sgp-1 sshd[25489]: Invalid user 1234 from 31.184.198.71 port 54158","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:13:54.748Z","@version":"1","message":"Sep 16 15:13:54 honeypot-sgp-1 sshd[25495]: Invalid user  from 31.184.198.71 port 34125","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:22.762Z","@version":"1","message":"Sep 16 15:14:22 honeypot-sgp-1 sshd[25501]: Disconnecting invalid user Admin 31.184.198.71 port 1804: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:14:48.775Z","@version":"1","message":"Sep 16 15:14:48 honeypot-sgp-1 sshd[25508]: Disconnecting invalid user guest 31.184.198.71 port 14944: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:26.794Z","@version":"1","message":"Sep 16 15:15:26 honeypot-sgp-1 sshd[25516]: Invalid user Cisco from 31.184.198.71 port 33898","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:15:57.810Z","@version":"1","message":"Sep 16 15:15:57 honeypot-sgp-1 sshd[25522]: Invalid user 1234 from 31.184.198.71 port 45794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:25.827Z","@version":"1","message":"Sep 16 15:16:25 honeypot-sgp-1 sshd[25528]: Disconnecting invalid user  31.184.198.71 port 43211: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:16:54.842Z","@version":"1","message":"Sep 16 15:16:54 honeypot-sgp-1 sshd[25536]: Disconnecting invalid user admin 31.184.198.71 port 20112: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:01.845Z","@version":"1","message":"Sep 16 15:17:01 honeypot-sgp-1 sshd[25538]: Invalid user blank from 31.184.198.71 port 63829","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:17:01 honeypot-fra-1 CRON[22304]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T15:17:01.961Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:17:01 honeypot-ams-1 CRON[31528]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T15:17:02.118Z"}
{"@timestamp":"2022-09-16T15:17:31.860Z","@version":"1","message":"Sep 16 15:17:31 honeypot-sgp-1 sshd[25547]: Disconnecting authenticating user root 31.184.198.71 port 63337: Change of username or service not allowed: (root,ssh-connection) -> (default,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:17:59.874Z","@version":"1","message":"Sep 16 15:17:59 honeypot-sgp-1 sshd[25553]: Disconnecting invalid user c1@r0 31.184.198.71 port 48307: Change of username or service not allowed: (c1@r0,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:18:29.890Z","@version":"1","message":"Sep 16 15:18:29 honeypot-sgp-1 sshd[25559]: Disconnecting invalid user superonline 31.184.198.71 port 23493: Change of username or service not allowed: (superonline,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:03.907Z","@version":"1","message":"Sep 16 15:19:03 honeypot-sgp-1 sshd[25565]: Disconnecting invalid user Admin 31.184.198.71 port 48754: Change of username or service not allowed: (Admin,ssh-connection) -> (comcast,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:19:06 honeypot-ams-1 sshd[31534]: Disconnected from authenticating user root 92.255.85.69 port 51564 [preauth]","@timestamp":"2022-09-16T15:19:07.174Z"}
{"@timestamp":"2022-09-16T15:19:26.919Z","@version":"1","message":"Sep 16 15:19:26 honeypot-sgp-1 sshd[25571]: Disconnecting invalid user  31.184.198.71 port 22728: Change of username or service not allowed: (,ssh-connection) -> (admin1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:19:54.934Z","@version":"1","message":"Sep 16 15:19:54 honeypot-sgp-1 sshd[25578]: Disconnecting invalid user  31.184.198.71 port 43822: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:17.945Z","@version":"1","message":"Sep 16 15:20:17 honeypot-sgp-1 sshd[25584]: Disconnecting invalid user admin 31.184.198.71 port 46167: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:20:47.960Z","@version":"1","message":"Sep 16 15:20:47 honeypot-sgp-1 sshd[25592]: Invalid user airlive from 31.184.198.71 port 34557","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:10.973Z","@version":"1","message":"Sep 16 15:21:10 honeypot-sgp-1 sshd[25598]: Invalid user roqos from 31.184.198.71 port 42903","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:21:36.986Z","@version":"1","message":"Sep 16 15:21:36 honeypot-sgp-1 sshd[25604]: Invalid user sitecom from 31.184.198.71 port 24100","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:03.999Z","@version":"1","message":"Sep 16 15:22:03 honeypot-sgp-1 sshd[25610]: Invalid user admin from 31.184.198.71 port 1450","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:22:07 honeypot-fra-1 sshd[22313]: Connection closed by invalid user pi 188.2.132.158 port 43676 [preauth]","@timestamp":"2022-09-16T15:22:07.080Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:22:33.014Z","@version":"1","message":"Sep 16 15:22:32 honeypot-sgp-1 sshd[25616]: Invalid user smcadmin from 31.184.198.71 port 24548","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:22:58.027Z","@version":"1","message":"Sep 16 15:22:57 honeypot-sgp-1 sshd[25622]: Invalid user admin from 31.184.198.71 port 62413","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:23.041Z","@version":"1","message":"Sep 16 15:23:22 honeypot-sgp-1 sshd[25628]: Invalid user user from 31.184.198.71 port 2678","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:23:52.055Z","@version":"1","message":"Sep 16 15:23:51 honeypot-sgp-1 sshd[25634]: Disconnecting invalid user 123456 31.184.198.71 port 22245: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:24.072Z","@version":"1","message":"Sep 16 15:24:23 honeypot-sgp-1 sshd[25640]: Disconnecting invalid user readwrite 31.184.198.71 port 45445: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:24:51.086Z","@version":"1","message":"Sep 16 15:24:50 honeypot-sgp-1 sshd[25647]: Disconnecting invalid user DZY-W2914NSV2 31.184.198.71 port 24654: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:25.103Z","@version":"1","message":"Sep 16 15:25:24 honeypot-sgp-1 sshd[25653]: Disconnecting invalid user zoomadsl 31.184.198.71 port 11615: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T15:25:53.118Z","@version":"1","message":"Sep 16 15:25:53 honeypot-sgp-1 sshd[25659]: Connection closed by invalid user ltecl4r0 31.184.198.71 port 12286 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:27:42 honeypot-fra-1 sshd[22320]: Received disconnect from 45.61.187.160 port 43044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T15:27:43.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:08 honeypot-fra-1 sshd[22324]: Received disconnect from 45.61.187.160 port 37402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T15:28:08.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:28 honeypot-fra-1 sshd[22328]: Received disconnect from 45.61.187.160 port 60024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T15:28:29.224Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:28:45 honeypot-fra-1 sshd[22332]: Invalid user user from 45.61.187.160 port 54388","@timestamp":"2022-09-16T15:28:45.231Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 15:34:40 honeypot-ams-1 kernel: [84219061.391895] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.114.215.110 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=55064 PROTO=TCP SPT=14902 DPT=443 WINDOW=61670 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:34:40.566Z"}
{"@timestamp":"2022-09-16T15:36:46.381Z","@version":"1","message":"Sep 16 15:36:46 honeypot-sgp-1 kernel: [84218712.011401] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.94 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=62126 PROTO=TCP SPT=58914 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:37:53 honeypot-fra-1 sshd[22340]: Invalid user zookeeper from 103.188.176.251 port 42340","@timestamp":"2022-09-16T15:37:53.437Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22349]: Invalid user chia from 139.59.152.202 port 36132","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22352]: Invalid user steam from 139.59.152.202 port 36134","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22366]: Invalid user chia from 139.59.152.202 port 36178","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22362]: Connection closed by invalid user test 139.59.152.202 port 36168 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22358]: Connection closed by invalid user oracle 139.59.152.202 port 36148 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22366]: Connection closed by invalid user chia 139.59.152.202 port 36178 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22365]: Connection closed by authenticating user root 139.59.152.202 port 36176 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:38:54 honeypot-fra-1 sshd[22371]: Connection closed by invalid user testuser 139.59.152.202 port 36196 [preauth]","@timestamp":"2022-09-16T15:38:55.464Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:39:47 honeypot-fra-1 kernel: [84217200.571543] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=32824 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T15:39:47.485Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:11 honeypot-ams-1 sshd[31543]: Received disconnect from 60.181.19.237 port 25512:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:11.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:16 honeypot-ams-1 sshd[31547]: Disconnected from invalid user ubnt 60.181.19.237 port 21542 [preauth]","@timestamp":"2022-09-16T15:42:16.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:22 honeypot-ams-1 sshd[31553]: Disconnected from authenticating user root 60.181.19.237 port 21736 [preauth]","@timestamp":"2022-09-16T15:42:22.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:29 honeypot-ams-1 sshd[31561]: Disconnected from authenticating user root 92.255.85.70 port 37266 [preauth]","@timestamp":"2022-09-16T15:42:30.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:35 honeypot-ams-1 sshd[31565]: Disconnected from authenticating user root 60.181.19.237 port 22054 [preauth]","@timestamp":"2022-09-16T15:42:35.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:42 honeypot-ams-1 sshd[31571]: Received disconnect from 60.181.19.237 port 22261:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:42.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:48 honeypot-ams-1 sshd[31577]: Received disconnect from 60.181.19.237 port 22454:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:49.785Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:42:55 honeypot-ams-1 sshd[31583]: Received disconnect from 60.181.19.237 port 22631:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:42:55.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:02 honeypot-ams-1 sshd[31589]: Received disconnect from 60.181.19.237 port 22818:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:02.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:09 honeypot-ams-1 sshd[31595]: Received disconnect from 60.181.19.237 port 22994:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:09.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:16 honeypot-ams-1 sshd[31601]: Received disconnect from 60.181.19.237 port 23177:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:16.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:24 honeypot-ams-1 sshd[31607]: Received disconnect from 60.181.19.237 port 23390:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:24.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:31 honeypot-ams-1 sshd[31613]: Received disconnect from 60.181.19.237 port 23603:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:43:31.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:35 honeypot-ams-1 sshd[31617]: Disconnected from invalid user admin 60.181.19.237 port 23718 [preauth]","@timestamp":"2022-09-16T15:43:35.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:39 honeypot-ams-1 sshd[31621]: Disconnected from invalid user admin 60.181.19.237 port 23848 [preauth]","@timestamp":"2022-09-16T15:43:40.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:45 honeypot-ams-1 sshd[31625]: Disconnected from invalid user admin 60.181.19.237 port 23957 [preauth]","@timestamp":"2022-09-16T15:43:45.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:49 honeypot-ams-1 sshd[31629]: Disconnected from invalid user admin 60.181.19.237 port 23994 [preauth]","@timestamp":"2022-09-16T15:43:49.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:54 honeypot-ams-1 sshd[31633]: Disconnected from invalid user admin 60.181.19.237 port 24814 [preauth]","@timestamp":"2022-09-16T15:43:54.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:43:58 honeypot-ams-1 sshd[31637]: Disconnected from invalid user user 60.181.19.237 port 24944 [preauth]","@timestamp":"2022-09-16T15:43:58.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:05 honeypot-ams-1 sshd[31643]: Received disconnect from 60.181.19.237 port 25120:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:05.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:09 honeypot-ams-1 sshd[31647]: Received disconnect from 60.181.19.237 port 21565:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:10.859Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:15 honeypot-ams-1 sshd[31651]: Received disconnect from 60.181.19.237 port 21757:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:16.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:20 honeypot-ams-1 sshd[31655]: Received disconnect from 60.181.19.237 port 21922:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:20.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:24 honeypot-ams-1 sshd[31660]: Received disconnect from 60.181.19.237 port 22057:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:25.870Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:31 honeypot-ams-1 sshd[31664]: Received disconnect from 60.181.19.237 port 22198:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:31.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:36 honeypot-ams-1 sshd[31668]: Received disconnect from 60.181.19.237 port 22532:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:36.878Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:41 honeypot-ams-1 sshd[31672]: Received disconnect from 60.181.19.237 port 22757:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:41.881Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:46 honeypot-ams-1 sshd[31676]: Received disconnect from 60.181.19.237 port 22957:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:46.885Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:51 honeypot-ams-1 sshd[31680]: Received disconnect from 60.181.19.237 port 23113:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:51.888Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:44:55 honeypot-ams-1 sshd[31684]: Received disconnect from 60.181.19.237 port 23253:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:44:55.891Z"}
{"@timestamp":"2022-09-16T15:45:31.616Z","@version":"1","message":"Sep 16 15:45:31 honeypot-sgp-1 sshd[25670]: Did not receive identification string from 58.72.18.130 port 24682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:47:49 honeypot-ams-1 sshd[31688]: Received disconnect from 134.209.244.230 port 58858:11: Bye Bye [preauth]","@timestamp":"2022-09-16T15:47:49.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 15:49:44 honeypot-fra-1 sshd[22403]: Disconnected from authenticating user root 92.255.85.69 port 61744 [preauth]","@timestamp":"2022-09-16T15:49:44.706Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T15:55:12.853Z","@version":"1","message":"Sep 16 15:55:12 honeypot-sgp-1 sshd[25675]: Received disconnect from 92.255.85.70 port 37294:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 15:55:57 honeypot-ams-1 sshd[31693]: Invalid user omega from 123.108.59.148 port 23507","@timestamp":"2022-09-16T15:55:58.179Z"}
{"@timestamp":"2022-09-16T16:04:14.072Z","@version":"1","message":"Sep 16 16:04:13 honeypot-sgp-1 sshd[25683]: Did not receive identification string from 45.61.186.49 port 52654","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:04:41.085Z","@version":"1","message":"Sep 16 16:04:40 honeypot-sgp-1 sshd[25686]: Disconnected from invalid user user 45.61.186.49 port 44288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:04:44 honeypot-ams-1 sshd[31697]: Disconnected from authenticating user daemon 92.255.85.69 port 51586 [preauth]","@timestamp":"2022-09-16T16:04:44.403Z"}
{"@timestamp":"2022-09-16T16:04:51.089Z","@version":"1","message":"Sep 16 16:04:50 honeypot-sgp-1 sshd[25690]: Disconnected from invalid user user 45.61.186.49 port 55672 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:08:57 honeypot-fra-1 kernel: [84218951.292608] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.178.120.159 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=59855 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:08:58.136Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:14:29 honeypot-fra-1 kernel: [84219282.831340] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61364 PROTO=TCP SPT=53378 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:14:30.262Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T16:14:37.367Z","@version":"1","message":"Sep 16 16:14:37 honeypot-sgp-1 sshd[25696]: Invalid user 888g from 68.183.225.151 port 59650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:17:01.427Z","@version":"1","message":"Sep 16 16:17:01 honeypot-sgp-1 CRON[25700]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:17:01 honeypot-ams-1 CRON[31705]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T16:17:02.718Z"}
{"@timestamp":"2022-09-16T16:18:09.457Z","@version":"1","message":"Sep 16 16:18:08 honeypot-sgp-1 sshd[25705]: Disconnected from invalid user gabriel 103.221.221.247 port 45590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:18:47.474Z","@version":"1","message":"Sep 16 16:18:47 honeypot-sgp-1 sshd[25709]: Disconnected from invalid user adrian 92.255.85.70 port 16112 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:19:00 honeypot-fra-1 sshd[22418]: Disconnected from 104.236.122.193 port 59650 [preauth]","@timestamp":"2022-09-16T16:19:01.366Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:30 honeypot-fra-1 sshd[22423]: Received disconnect from 187.116.49.64 port 47061:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:24:31.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:34 honeypot-fra-1 sshd[22428]: Disconnected from invalid user ubnt 187.116.49.64 port 47063 [preauth]","@timestamp":"2022-09-16T16:24:35.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:41 honeypot-fra-1 sshd[22434]: Disconnected from authenticating user root 187.116.49.64 port 47066 [preauth]","@timestamp":"2022-09-16T16:24:41.500Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:47 honeypot-fra-1 sshd[22440]: Disconnected from authenticating user root 187.116.49.64 port 47069 [preauth]","@timestamp":"2022-09-16T16:24:48.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:24:54 honeypot-fra-1 sshd[22446]: Disconnected from authenticating user root 187.116.49.64 port 47072 [preauth]","@timestamp":"2022-09-16T16:24:54.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:00 honeypot-fra-1 sshd[22452]: Disconnected from authenticating user root 187.116.49.64 port 47075 [preauth]","@timestamp":"2022-09-16T16:25:01.511Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:07 honeypot-fra-1 sshd[22458]: Disconnected from authenticating user root 187.116.49.64 port 47078 [preauth]","@timestamp":"2022-09-16T16:25:07.516Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:13 honeypot-fra-1 sshd[22464]: Disconnected from authenticating user root 187.116.49.64 port 47081 [preauth]","@timestamp":"2022-09-16T16:25:14.519Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:20 honeypot-fra-1 sshd[22470]: Disconnected from authenticating user root 187.116.49.64 port 47084 [preauth]","@timestamp":"2022-09-16T16:25:20.523Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:26 honeypot-fra-1 sshd[22476]: Disconnected from authenticating user root 187.116.49.64 port 47087 [preauth]","@timestamp":"2022-09-16T16:25:27.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:33 honeypot-fra-1 sshd[22482]: Disconnected from authenticating user root 187.116.49.64 port 47090 [preauth]","@timestamp":"2022-09-16T16:25:34.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:40 honeypot-fra-1 sshd[22488]: Disconnected from authenticating user root 187.116.49.64 port 47093 [preauth]","@timestamp":"2022-09-16T16:25:40.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:46 honeypot-fra-1 sshd[22494]: Disconnected from authenticating user root 187.116.49.64 port 47096 [preauth]","@timestamp":"2022-09-16T16:25:46.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:50 honeypot-fra-1 sshd[22498]: Disconnected from invalid user admin 187.116.49.64 port 47098 [preauth]","@timestamp":"2022-09-16T16:25:51.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:55 honeypot-fra-1 sshd[22502]: Disconnected from invalid user admin 187.116.49.64 port 47100 [preauth]","@timestamp":"2022-09-16T16:25:55.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:25:59 honeypot-fra-1 sshd[22506]: Disconnected from invalid user admin 187.116.49.64 port 47102 [preauth]","@timestamp":"2022-09-16T16:25:59.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:03 honeypot-fra-1 sshd[22510]: Disconnected from invalid user admin 187.116.49.64 port 47104 [preauth]","@timestamp":"2022-09-16T16:26:03.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:07 honeypot-fra-1 sshd[22514]: Disconnected from invalid user admin 187.116.49.64 port 47106 [preauth]","@timestamp":"2022-09-16T16:26:08.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:14 honeypot-fra-1 sshd[22520]: Received disconnect from 187.116.49.64 port 47109:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:14.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:18 honeypot-fra-1 sshd[22524]: Received disconnect from 187.116.49.64 port 47111:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:18.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:22 honeypot-fra-1 sshd[22528]: Received disconnect from 187.116.49.64 port 47113:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:23.610Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:27 honeypot-fra-1 sshd[22532]: Received disconnect from 187.116.49.64 port 47115:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:27.612Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:31 honeypot-fra-1 sshd[22536]: Received disconnect from 187.116.49.64 port 47117:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:31.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:35 honeypot-fra-1 sshd[22540]: Received disconnect from 187.116.49.64 port 47062:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:36.618Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:40 honeypot-fra-1 sshd[22544]: Received disconnect from 187.116.49.64 port 47064:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:40.620Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:44 honeypot-fra-1 sshd[22548]: Received disconnect from 187.116.49.64 port 47066:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:44.622Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:48 honeypot-fra-1 sshd[22552]: Received disconnect from 187.116.49.64 port 47068:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:49.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:53 honeypot-fra-1 sshd[22556]: Received disconnect from 187.116.49.64 port 47070:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:53.627Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:26:57 honeypot-fra-1 sshd[22560]: Received disconnect from 187.116.49.64 port 47072:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:26:57.629Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:27:01 honeypot-fra-1 sshd[22564]: Received disconnect from 187.116.49.64 port 47074:11: Bye Bye [preauth]","@timestamp":"2022-09-16T16:27:01.631Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:27:17 honeypot-ams-1 sshd[31709]: Disconnected from invalid user adrian 92.255.85.69 port 24236 [preauth]","@timestamp":"2022-09-16T16:27:17.980Z"}
{"@timestamp":"2022-09-16T16:39:34.996Z","@version":"1","message":"Sep 16 16:39:34 honeypot-sgp-1 sshd[25715]: Received disconnect from 144.217.4.123 port 52470:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T16:41:35.049Z","@version":"1","message":"Sep 16 16:41:34 honeypot-sgp-1 sshd[25719]: Received disconnect from 92.255.85.70 port 43268:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:42:01 honeypot-ams-1 sshd[31712]: Invalid user sambit from 186.206.144.34 port 54328","@timestamp":"2022-09-16T16:42:02.364Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 16:44:23 honeypot-ams-1 kernel: [84223244.945853] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=220.133.75.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=23951 PROTO=TCP SPT=61522 DPT=443 WINDOW=38202 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T16:44:24.427Z"}
{"@timestamp":"2022-09-16T16:45:09.136Z","@version":"1","message":"Sep 16 16:45:09 honeypot-sgp-1 sshd[25724]: Disconnected from invalid user gozone 69.10.39.91 port 47158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:45:59 honeypot-ams-1 sshd[31721]: Disconnected from authenticating user root 206.189.42.104 port 41662 [preauth]","@timestamp":"2022-09-16T16:46:00.471Z"}
{"@timestamp":"2022-09-16T16:46:25.171Z","@version":"1","message":"Sep 16 16:46:24 honeypot-sgp-1 sshd[25730]: Disconnected from authenticating user root 157.230.245.64 port 38626 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:46:46 honeypot-fra-1 sshd[22570]: Connection closed by authenticating user root 179.60.147.69 port 18594 [preauth]","@timestamp":"2022-09-16T16:46:47.070Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 16:48:59 honeypot-ams-1 sshd[31728]: Connection closed by authenticating user root 179.60.147.69 port 30506 [preauth]","@timestamp":"2022-09-16T16:48:59.550Z"}
{"@timestamp":"2022-09-16T16:50:11.265Z","@version":"1","message":"Sep 16 16:50:10 honeypot-sgp-1 sshd[25737]: Invalid user admin from 210.105.193.6 port 45528","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:50:48 honeypot-fra-1 sshd[22590]: Received disconnect from 165.22.45.108 port 35952:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T16:50:49.162Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:56:49 honeypot-fra-1 sshd[22596]: Invalid user user from 45.61.184.204 port 45226","@timestamp":"2022-09-16T16:56:49.315Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:08 honeypot-fra-1 sshd[22600]: Invalid user user from 45.61.184.204 port 39908","@timestamp":"2022-09-16T16:57:09.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:27 honeypot-fra-1 sshd[22604]: Invalid user user from 45.61.184.204 port 34578","@timestamp":"2022-09-16T16:57:28.354Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 16:57:46 honeypot-fra-1 sshd[22610]: Invalid user user from 45.61.184.204 port 57500","@timestamp":"2022-09-16T16:57:46.362Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:00:24 honeypot-ams-1 kernel: [84224205.501480] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=21088 PROTO=TCP SPT=4062 DPT=80 WINDOW=20118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:00:24.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:23 honeypot-ams-1 sshd[31738]: Invalid user user from 45.61.187.160 port 38212","@timestamp":"2022-09-16T17:01:23.900Z"}
{"@timestamp":"2022-09-16T17:01:24.537Z","@version":"1","message":"Sep 16 17:01:23 honeypot-sgp-1 sshd[25741]: Received disconnect from 220.203.8.38 port 49788:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:42 honeypot-ams-1 sshd[31742]: Invalid user user from 45.61.187.160 port 60756","@timestamp":"2022-09-16T17:01:42.910Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:01:59 honeypot-ams-1 sshd[31746]: Invalid user user from 45.61.187.160 port 55052","@timestamp":"2022-09-16T17:02:00.919Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:04:56 honeypot-ams-1 kernel: [84224477.763646] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=56737 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:04:56.994Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:05:00 honeypot-fra-1 sshd[22616]: Invalid user guest from 193.106.191.157 port 47868","@timestamp":"2022-09-16T17:05:00.526Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:07:36 honeypot-fra-1 sshd[22620]: Disconnected from invalid user users 183.194.1.194 port 39666 [preauth]","@timestamp":"2022-09-16T17:07:37.593Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:09:01.719Z","@version":"1","message":"Sep 16 17:09:01 honeypot-sgp-1 CRON[25746]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:13:54 honeypot-ams-1 sshd[31755]: Received disconnect from 92.255.85.69 port 56696:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:13:55.227Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:17:01 honeypot-fra-1 CRON[22629]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T17:17:02.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:17:55.935Z","@version":"1","message":"Sep 16 17:17:55 honeypot-sgp-1 kernel: [84224781.257227] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=50393 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:21:01 honeypot-ams-1 sshd[31761]: Invalid user guest from 193.106.191.157 port 43502","@timestamp":"2022-09-16T17:21:01.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:21:05 honeypot-fra-1 sshd[22634]: Received disconnect from 5.51.84.107 port 35036:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:21:06.210Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:23:13 honeypot-fra-1 kernel: [84223407.114278] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47105 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:23:14.261Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:25:11 honeypot-ams-1 sshd[31764]: Connection closed by invalid user user 179.60.147.69 port 12556 [preauth]","@timestamp":"2022-09-16T17:25:12.520Z"}
{"@timestamp":"2022-09-16T17:26:21.142Z","@version":"1","message":"Sep 16 17:26:20 honeypot-sgp-1 sshd[25758]: Received disconnect from 46.101.132.159 port 37570:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:27:26 honeypot-fra-1 sshd[22643]: Invalid user uftp from 167.172.152.29 port 53952","@timestamp":"2022-09-16T17:27:27.359Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:30:29.243Z","@version":"1","message":"Sep 16 17:30:29 honeypot-sgp-1 kernel: [84225534.528718] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=27062 PROTO=TCP SPT=49406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:30:47 honeypot-fra-1 kernel: [84223860.275724] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=17902 PROTO=TCP SPT=49406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:30:47.438Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:31:01 honeypot-ams-1 kernel: [84226042.552079] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=8802 PROTO=TCP SPT=49406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:31:01.672Z"}
{"@timestamp":"2022-09-16T17:34:56.353Z","@version":"1","message":"Sep 16 17:34:55 honeypot-sgp-1 kernel: [84225801.434910] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=42690 PROTO=TCP SPT=49640 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:36:18 honeypot-ams-1 sshd[31772]: Received disconnect from 92.255.85.70 port 62484:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:36:18.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:41:33 honeypot-fra-1 sshd[22651]: Connection closed by invalid user admin 141.98.10.158 port 55494 [preauth]","@timestamp":"2022-09-16T17:41:34.694Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 17:43:19 honeypot-ams-1 kernel: [84226781.187108] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.128 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=49840 PROTO=TCP SPT=54819 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T17:43:19.992Z"}
{"@timestamp":"2022-09-16T17:45:07.593Z","@version":"1","message":"Sep 16 17:45:07 honeypot-sgp-1 sshd[25767]: Disconnected from invalid user buradrc 34.93.204.90 port 37068 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T17:47:19.648Z","@version":"1","message":"Sep 16 17:47:19 honeypot-sgp-1 sshd[25772]: Disconnected from authenticating user root 41.77.186.96 port 56438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 17:48:42 honeypot-fra-1 sshd[22656]: Received disconnect from 165.22.45.108 port 41094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T17:48:43.855Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T17:51:13.742Z","@version":"1","message":"Sep 16 17:51:13 honeypot-sgp-1 sshd[25778]: Received disconnect from 92.255.85.70 port 15132:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 17:55:52 honeypot-ams-1 sshd[31782]: Received disconnect from 181.30.99.114 port 50892:11: Bye Bye [preauth]","@timestamp":"2022-09-16T17:55:53.313Z"}
{"@timestamp":"2022-09-16T17:58:18.910Z","@version":"1","message":"Sep 16 17:58:18 honeypot-sgp-1 sshd[25784]: Connection closed by authenticating user nobody 179.60.147.69 port 40264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:02 honeypot-fra-1 sshd[22664]: Did not receive identification string from 45.61.186.249 port 41766","@timestamp":"2022-09-16T18:02:02.156Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:42 honeypot-fra-1 sshd[22667]: Received disconnect from 45.61.186.249 port 59068:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:02:43.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:02:45 honeypot-ams-1 sshd[31789]: Disconnected from authenticating user root 52.183.141.32 port 58246 [preauth]","@timestamp":"2022-09-16T18:02:46.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:01 honeypot-fra-1 sshd[22671]: Received disconnect from 45.61.186.249 port 53506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:03:02.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:20 honeypot-fra-1 sshd[22675]: Received disconnect from 45.61.186.249 port 47934:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:03:20.209Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:05:50 honeypot-fra-1 kernel: [84225963.371843] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.81.157.128 DST=165.22.82.222 LEN=52 TOS=0x0A PREC=0x20 TTL=119 ID=25722 DF PROTO=TCP SPT=49946 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T18:05:51.267Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:06:02 honeypot-ams-1 sshd[31795]: Invalid user admin from 165.232.158.22 port 37844","@timestamp":"2022-09-16T18:06:02.571Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:06:45 honeypot-ams-1 kernel: [84228186.761585] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=42258 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:06:45.592Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:10:20 honeypot-ams-1 kernel: [84228401.756555] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.230.103.246 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=56105 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:10:20.687Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:12:57 honeypot-fra-1 kernel: [84226390.497554] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=16549 PROTO=TCP SPT=51874 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:12:58.430Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T18:14:33.318Z","@version":"1","message":"Sep 16 18:14:32 honeypot-sgp-1 sshd[25789]: Received disconnect from 92.255.85.69 port 53964:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:17:01 honeypot-fra-1 CRON[22685]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T18:17:01.527Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T18:21:42.490Z","@version":"1","message":"Sep 16 18:21:41 honeypot-sgp-1 kernel: [84228607.332741] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=42573 PROTO=TCP SPT=49501 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:22:50 honeypot-ams-1 sshd[31810]: Invalid user rg from 128.199.4.167 port 41372","@timestamp":"2022-09-16T18:22:51.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:25:41 honeypot-ams-1 sshd[31814]: Invalid user bike from 211.45.162.52 port 50842","@timestamp":"2022-09-16T18:25:42.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:30:21 honeypot-ams-1 sshd[31819]: Received disconnect from 95.161.97.113 port 47006:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:30:22.201Z"}
{"@timestamp":"2022-09-16T18:34:25.798Z","@version":"1","message":"Sep 16 18:34:24 honeypot-sgp-1 sshd[25799]: Connection closed by authenticating user nobody 179.60.147.69 port 54722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:35:32 honeypot-fra-1 sshd[22693]: Connection closed by authenticating user nobody 179.60.147.69 port 9934 [preauth]","@timestamp":"2022-09-16T18:35:32.938Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:36:12 honeypot-ams-1 kernel: [84229953.757082] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.156.155.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9618 PROTO=TCP SPT=45326 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:36:13.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:37:17 honeypot-ams-1 sshd[31828]: Disconnected from authenticating user root 46.19.141.122 port 34466 [preauth]","@timestamp":"2022-09-16T18:37:18.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:38:04 honeypot-ams-1 sshd[31834]: Received disconnect from 46.19.141.122 port 45050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:38:05.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:38:34 honeypot-ams-1 sshd[31838]: Disconnected from authenticating user root 46.19.141.122 port 55618 [preauth]","@timestamp":"2022-09-16T18:38:35.440Z"}
{"@timestamp":"2022-09-16T18:39:28.921Z","@version":"1","message":"Sep 16 18:39:28 honeypot-sgp-1 kernel: [84229673.705742] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.172.44.162 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=8591 DF PROTO=TCP SPT=58487 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:39:40 honeypot-ams-1 sshd[31842]: Received disconnect from 46.19.141.122 port 37966:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:39:41.472Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:40:19 honeypot-ams-1 sshd[31846]: Received disconnect from 46.19.141.122 port 48538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:40:20.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:46:31 honeypot-fra-1 sshd[22697]: Received disconnect from 165.22.45.108 port 46220:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:46:31.217Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:47:50 honeypot-ams-1 sshd[31849]: Received disconnect from 92.255.85.70 port 51604:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:47:51.686Z"}
{"@timestamp":"2022-09-16T18:48:11.127Z","@version":"1","message":"Sep 16 18:48:10 honeypot-sgp-1 sshd[25806]: Disconnected from invalid user ghost 122.155.169.49 port 46959 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:53:03 honeypot-ams-1 sshd[31852]: Disconnected from authenticating user root 43.154.99.157 port 33092 [preauth]","@timestamp":"2022-09-16T18:53:03.825Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:55:39 honeypot-fra-1 sshd[22700]: Invalid user sftpuser from 92.255.85.70 port 47186","@timestamp":"2022-09-16T18:55:39.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:00:14.411Z","@version":"1","message":"Sep 16 19:00:13 honeypot-sgp-1 kernel: [84230918.915182] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.128.66 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=56400 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:04:38.514Z","@version":"1","message":"Sep 16 19:04:37 honeypot-sgp-1 sshd[25812]: Disconnected from invalid user http 178.128.159.1 port 56530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:05:17 honeypot-fra-1 sshd[22706]: Invalid user wilmes from 78.128.127.224 port 44116","@timestamp":"2022-09-16T19:05:17.657Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:05:26.535Z","@version":"1","message":"Sep 16 19:05:26 honeypot-sgp-1 sshd[25817]: Received disconnect from 45.61.186.249 port 49612:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:46.545Z","@version":"1","message":"Sep 16 19:05:46 honeypot-sgp-1 sshd[25821]: Received disconnect from 45.61.186.249 port 43978:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:06:05.554Z","@version":"1","message":"Sep 16 19:06:05 honeypot-sgp-1 sshd[25825]: Received disconnect from 45.61.186.249 port 38300:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:35 honeypot-ams-1 sshd[31931]: Received disconnect from 45.61.184.204 port 34268:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:06:35.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:53 honeypot-ams-1 sshd[31935]: Received disconnect from 45.61.184.204 port 56750:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:06:54.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:12 honeypot-ams-1 sshd[31939]: Received disconnect from 45.61.184.204 port 50998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:07:12.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:26 honeypot-ams-1 sshd[31943]: Received disconnect from 159.223.195.196 port 50512:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:07:26.204Z"}
{"@timestamp":"2022-09-16T19:10:38.660Z","@version":"1","message":"Sep 16 19:10:38 honeypot-sgp-1 sshd[25830]: Connection closed by invalid user debian 179.60.147.69 port 54944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:11:16 honeypot-ams-1 sshd[31947]: Invalid user vagrant from 92.255.85.70 port 40184","@timestamp":"2022-09-16T19:11:17.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:31 honeypot-fra-1 sshd[22711]: Invalid user packer from 45.119.85.97 port 58584","@timestamp":"2022-09-16T19:11:32.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:56 honeypot-fra-1 sshd[22715]: Disconnected from authenticating user root 170.106.75.162 port 55020 [preauth]","@timestamp":"2022-09-16T19:11:56.813Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:13:58 honeypot-ams-1 sshd[31952]: Connection closed by invalid user debian 179.60.147.69 port 48346 [preauth]","@timestamp":"2022-09-16T19:13:59.380Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:17:09 honeypot-fra-1 kernel: [84230242.673942] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=35973 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:17:09.932Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:21:51 honeypot-ams-1 kernel: [84232692.982846] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.212.65.122 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=12821 DF PROTO=TCP SPT=64801 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:21:52.591Z"}
{"@timestamp":"2022-09-16T19:25:50.013Z","@version":"1","message":"Sep 16 19:25:49 honeypot-sgp-1 sshd[25839]: Received disconnect from 92.255.85.69 port 51392:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:28:15 honeypot-fra-1 kernel: [84230908.229763] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.221.108 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44907 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:28:16.182Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:34:32 honeypot-ams-1 sshd[31960]: Invalid user admin1 from 92.255.85.69 port 53030","@timestamp":"2022-09-16T19:34:32.922Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:37:42 honeypot-fra-1 sshd[22733]: Did not receive identification string from 120.48.34.231 port 46766","@timestamp":"2022-09-16T19:37:42.398Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:39:18.328Z","@version":"1","message":"Sep 16 19:39:18 honeypot-sgp-1 sshd[25844]: Invalid user teamspeak from 185.74.4.20 port 51782","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:41:59 honeypot-fra-1 sshd[22739]: Disconnected from invalid user admin1 92.255.85.70 port 58120 [preauth]","@timestamp":"2022-09-16T19:42:00.496Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:47:02.510Z","@version":"1","message":"Sep 16 19:47:01 honeypot-sgp-1 sshd[25847]: Connection closed by invalid user test 179.60.147.69 port 54542 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:47:52 honeypot-ams-1 sshd[31965]: Received disconnect from 94.75.123.43 port 33444:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:47:52.265Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:48:13 honeypot-fra-1 sshd[22746]: Invalid user test from 179.60.147.69 port 56952","@timestamp":"2022-09-16T19:48:13.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:49:35 honeypot-ams-1 sshd[31971]: Disconnected from authenticating user root 46.19.141.122 port 59916 [preauth]","@timestamp":"2022-09-16T19:49:35.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:50:42 honeypot-ams-1 sshd[31977]: Received disconnect from 46.19.141.122 port 45872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:50:43.345Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:16 honeypot-ams-1 sshd[31981]: Received disconnect from 46.19.141.122 port 60030:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:51:17.362Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:51:28 honeypot-fra-1 sshd[22750]: Disconnected from invalid user niang 45.191.91.45 port 40732 [preauth]","@timestamp":"2022-09-16T19:51:29.713Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31991]: Invalid user admin from 176.31.240.226 port 44142","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31998]: Invalid user admin from 176.31.240.226 port 44178","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31992]: Connection closed by invalid user ubuntu 176.31.240.226 port 44158 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31995]: Connection closed by invalid user chia 176.31.240.226 port 44172 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[32001]: Connection closed by invalid user git 176.31.240.226 port 44190 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32024]: Invalid user support from 176.31.240.226 port 44126","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32024]: Connection closed by invalid user support 176.31.240.226 port 44126 [preauth]","@timestamp":"2022-09-16T19:51:45.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:45 honeypot-ams-1 sshd[32036]: Connection closed by invalid user www 176.31.240.226 port 44156 [preauth]","@timestamp":"2022-09-16T19:51:46.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32041]: Connection closed by invalid user ubuntu 176.31.240.226 port 44176 [preauth]","@timestamp":"2022-09-16T19:51:47.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:47 honeypot-ams-1 sshd[32050]: Connection closed by invalid user testuser 176.31.240.226 port 44168 [preauth]","@timestamp":"2022-09-16T19:51:48.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:52:45 honeypot-ams-1 sshd[32054]: Received disconnect from 46.19.141.122 port 53058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:52:45.408Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:53:20 honeypot-ams-1 sshd[32058]: Disconnected from authenticating user root 46.19.141.122 port 39004 [preauth]","@timestamp":"2022-09-16T19:53:21.425Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:55:25 honeypot-fra-1 kernel: [84232538.725524] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.65.32 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=64696 PROTO=TCP SPT=20000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:55:26.804Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T19:55:37.707Z","@version":"1","message":"Sep 16 19:55:37 honeypot-sgp-1 kernel: [84234242.698391] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=118.123.105.87 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=43000 PROTO=TCP SPT=60404 DPT=80 WINDOW=63540 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:57:32 honeypot-ams-1 kernel: [84234833.587469] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=8000 PROTO=TCP SPT=25974 DPT=80 WINDOW=11574 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:57:32.535Z"}
{"@timestamp":"2022-09-16T20:01:11.838Z","@version":"1","message":"Sep 16 20:01:11 honeypot-sgp-1 sshd[25856]: Received disconnect from 137.184.225.34 port 48854:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:03:12.888Z","@version":"1","message":"Sep 16 20:03:12 honeypot-sgp-1 sshd[25860]: Connection closed by 3.84.50.76 port 38636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:06:01 honeypot-fra-1 kernel: [84233174.258246] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.118.53.195 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=38394 PROTO=TCP SPT=35483 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:06:02.037Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:06:23.964Z","@version":"1","message":"Sep 16 20:06:23 honeypot-sgp-1 sshd[25865]: Did not receive identification string from 120.48.34.231 port 46766","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:11:54 honeypot-ams-1 kernel: [84235696.088955] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=39346 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:11:55.911Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:12:49 honeypot-fra-1 sshd[22770]: Connection closed by invalid user admin 118.42.18.46 port 53440 [preauth]","@timestamp":"2022-09-16T20:12:50.189Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:17:02.213Z","@version":"1","message":"Sep 16 20:17:01 honeypot-sgp-1 CRON[25869]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:17:35 honeypot-ams-1 kernel: [84236036.258288] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=20207 DF PROTO=TCP SPT=51704 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T20:17:36.065Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:17:51 honeypot-fra-1 sshd[22778]: Connection closed by authenticating user root 194.163.190.53 port 41004 [preauth]","@timestamp":"2022-09-16T20:17:52.298Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:26 honeypot-ams-1 sshd[32080]: Invalid user user from 45.61.186.169 port 57010","@timestamp":"2022-09-16T20:19:27.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:42 honeypot-ams-1 sshd[32084]: Invalid user user from 45.61.186.169 port 51440","@timestamp":"2022-09-16T20:19:43.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:57 honeypot-ams-1 sshd[32088]: Invalid user user from 45.61.186.169 port 45862","@timestamp":"2022-09-16T20:19:58.133Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:20:42 honeypot-ams-1 kernel: [84236223.916187] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2350 PROTO=TCP SPT=55011 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:20:43.154Z"}
{"@timestamp":"2022-09-16T20:23:11.360Z","@version":"1","message":"Sep 16 20:23:10 honeypot-sgp-1 sshd[25873]: Connection closed by invalid user guest 179.60.147.69 port 27510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:24:17 honeypot-fra-1 sshd[22783]: Connection closed by invalid user guest 179.60.147.69 port 19088 [preauth]","@timestamp":"2022-09-16T20:24:17.446Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:26:29 honeypot-ams-1 sshd[32095]: Connection closed by invalid user guest 179.60.147.69 port 47212 [preauth]","@timestamp":"2022-09-16T20:26:30.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:31:21 honeypot-fra-1 kernel: [84234694.118371] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.221.192.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=6426 PROTO=TCP SPT=23849 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:31:21.611Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:32:45 honeypot-ams-1 sshd[32101]: Received disconnect from 221.165.227.155 port 44720:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:32:46.470Z"}
{"@timestamp":"2022-09-16T20:35:03.638Z","@version":"1","message":"Sep 16 20:35:03 honeypot-sgp-1 sshd[25877]: Disconnected from authenticating user root 92.255.85.69 port 63614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:40:16 honeypot-fra-1 kernel: [84235229.520373] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56880 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:40:16.810Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:40:34.770Z","@version":"1","message":"Sep 16 20:40:33 honeypot-sgp-1 sshd[25886]: Invalid user admin from 116.98.174.154 port 46214","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:40:59.782Z","@version":"1","message":"Sep 16 20:40:59 honeypot-sgp-1 sshd[25892]: Connection closed by authenticating user root 116.98.174.154 port 43430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:07.786Z","@version":"1","message":"Sep 16 20:41:07 honeypot-sgp-1 sshd[25898]: Invalid user admin from 116.98.174.154 port 33098","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:12.789Z","@version":"1","message":"Sep 16 20:41:12 honeypot-sgp-1 sshd[25904]: Invalid user centos from 116.98.174.154 port 58642","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:22.795Z","@version":"1","message":"Sep 16 20:41:22 honeypot-sgp-1 sshd[25910]: Connection closed by invalid user username 116.98.174.154 port 56134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:31.800Z","@version":"1","message":"Sep 16 20:41:30 honeypot-sgp-1 sshd[25916]: Connection closed by invalid user listd 116.98.174.154 port 33994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:39.804Z","@version":"1","message":"Sep 16 20:41:39 honeypot-sgp-1 sshd[25922]: Invalid user user from 116.98.174.154 port 55408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:05.817Z","@version":"1","message":"Sep 16 20:42:05 honeypot-sgp-1 sshd[25928]: Invalid user is from 116.98.174.154 port 36128","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:09.819Z","@version":"1","message":"Sep 16 20:42:09 honeypot-sgp-1 sshd[25934]: Connection closed by invalid user ftpuser 116.98.174.154 port 34646 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:12.820Z","@version":"1","message":"Sep 16 20:42:11 honeypot-sgp-1 sshd[25940]: Connection closed by invalid user admin 116.98.174.154 port 48124 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:35.832Z","@version":"1","message":"Sep 16 20:42:34 honeypot-sgp-1 sshd[25948]: Connection closed by invalid user ron 116.98.174.154 port 43742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:36.833Z","@version":"1","message":"Sep 16 20:42:36 honeypot-sgp-1 sshd[25952]: Connection closed by invalid user kelly 116.98.174.154 port 55142 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:45.838Z","@version":"1","message":"Sep 16 20:42:45 honeypot-sgp-1 sshd[25958]: Connection closed by invalid user user1 116.98.174.154 port 59858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:49.840Z","@version":"1","message":"Sep 16 20:42:49 honeypot-sgp-1 sshd[25964]: Connection closed by invalid user informix 116.98.174.154 port 35164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:55.843Z","@version":"1","message":"Sep 16 20:42:55 honeypot-sgp-1 sshd[25972]: Connection closed by invalid user guest 116.98.174.154 port 51414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:00.847Z","@version":"1","message":"Sep 16 20:43:00 honeypot-sgp-1 sshd[25978]: Connection closed by invalid user amosdev 116.98.174.154 port 36278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:13.852Z","@version":"1","message":"Sep 16 20:43:13 honeypot-sgp-1 sshd[25986]: Invalid user mobile from 116.98.174.154 port 59190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:19.856Z","@version":"1","message":"Sep 16 20:43:19 honeypot-sgp-1 sshd[25992]: Invalid user sejong79 from 116.98.174.154 port 48716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:24.859Z","@version":"1","message":"Sep 16 20:43:24 honeypot-sgp-1 sshd[25998]: Connection closed by authenticating user games 116.98.174.154 port 45502 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:30.863Z","@version":"1","message":"Sep 16 20:43:30 honeypot-sgp-1 sshd[26000]: Invalid user install from 116.98.174.154 port 56592","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:39.867Z","@version":"1","message":"Sep 16 20:43:39 honeypot-sgp-1 sshd[26012]: Invalid user ino from 116.98.174.154 port 50490","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:51.873Z","@version":"1","message":"Sep 16 20:43:50 honeypot-sgp-1 sshd[26018]: Invalid user deploy from 116.98.174.154 port 35304","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:00.878Z","@version":"1","message":"Sep 16 20:44:00 honeypot-sgp-1 sshd[26024]: Connection closed by invalid user dc5151 116.98.174.154 port 44326 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:06.881Z","@version":"1","message":"Sep 16 20:44:06 honeypot-sgp-1 sshd[26032]: Invalid user admin from 116.98.174.154 port 52262","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:09.883Z","@version":"1","message":"Sep 16 20:44:09 honeypot-sgp-1 sshd[26036]: Invalid user play from 116.98.174.154 port 57312","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:15.887Z","@version":"1","message":"Sep 16 20:44:15 honeypot-sgp-1 sshd[26042]: Connection closed by authenticating user root 116.98.174.154 port 41820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:18.888Z","@version":"1","message":"Sep 16 20:44:18 honeypot-sgp-1 sshd[26048]: Connection closed by invalid user test 116.98.174.154 port 60824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:40.898Z","@version":"1","message":"Sep 16 20:44:39 honeypot-sgp-1 sshd[26055]: Invalid user support from 116.98.174.154 port 57132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:56.906Z","@version":"1","message":"Sep 16 20:44:55 honeypot-sgp-1 sshd[26061]: Invalid user shell from 116.98.174.154 port 51384","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:44:58 honeypot-ams-1 kernel: [84237679.376779] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=190.18.10.117 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=15686 PROTO=TCP SPT=48231 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:44:58.782Z"}
{"@timestamp":"2022-09-16T20:44:58.907Z","@version":"1","message":"Sep 16 20:44:58 honeypot-sgp-1 sshd[26067]: Invalid user user2 from 116.98.174.154 port 49806","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:07.912Z","@version":"1","message":"Sep 16 20:45:07 honeypot-sgp-1 sshd[26073]: Connection closed by invalid user customs 116.98.174.154 port 59558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:11.914Z","@version":"1","message":"Sep 16 20:45:11 honeypot-sgp-1 sshd[26077]: Connection closed by invalid user service 116.98.174.154 port 44756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:16.917Z","@version":"1","message":"Sep 16 20:45:16 honeypot-sgp-1 sshd[26084]: Invalid user teamspeak from 116.98.174.154 port 39564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:20.920Z","@version":"1","message":"Sep 16 20:45:20 honeypot-sgp-1 sshd[26092]: Invalid user pal from 116.98.174.154 port 54498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:23.921Z","@version":"1","message":"Sep 16 20:45:23 honeypot-sgp-1 sshd[26098]: Invalid user user from 45.61.186.169 port 57430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:27.923Z","@version":"1","message":"Sep 16 20:45:27 honeypot-sgp-1 sshd[26102]: Connection closed by invalid user www 116.98.174.154 port 55836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:31.926Z","@version":"1","message":"Sep 16 20:45:31 honeypot-sgp-1 sshd[26104]: Received disconnect from 45.61.186.169 port 40516:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:37.929Z","@version":"1","message":"Sep 16 20:45:37 honeypot-sgp-1 sshd[26114]: Connection closed by invalid user alpha 116.98.174.154 port 51520 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:43.932Z","@version":"1","message":"Sep 16 20:45:43 honeypot-sgp-1 sshd[26120]: Connection closed by authenticating user root 116.98.174.154 port 60282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:47.935Z","@version":"1","message":"Sep 16 20:45:47 honeypot-sgp-1 sshd[26128]: Invalid user user from 45.61.186.169 port 34892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:49.936Z","@version":"1","message":"Sep 16 20:45:49 honeypot-sgp-1 sshd[26132]: Connection closed by invalid user upload 116.98.174.154 port 52722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:54.938Z","@version":"1","message":"Sep 16 20:45:54 honeypot-sgp-1 sshd[26138]: Received disconnect from 45.61.186.169 port 46194:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:56.940Z","@version":"1","message":"Sep 16 20:45:56 honeypot-sgp-1 sshd[26142]: Connection closed by invalid user jay 116.98.174.154 port 53354 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:02.944Z","@version":"1","message":"Sep 16 20:46:02 honeypot-sgp-1 sshd[26148]: Connection closed by invalid user client 116.98.174.154 port 39218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:10.948Z","@version":"1","message":"Sep 16 20:46:10 honeypot-sgp-1 sshd[26152]: Connection closed by invalid user sms 116.98.174.154 port 53736 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:16.951Z","@version":"1","message":"Sep 16 20:46:16 honeypot-sgp-1 sshd[26160]: Connection closed by invalid user steve 116.98.174.154 port 37040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:19.953Z","@version":"1","message":"Sep 16 20:46:19 honeypot-sgp-1 sshd[26166]: Connection closed by invalid user yang 116.98.174.154 port 38490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:30.958Z","@version":"1","message":"Sep 16 20:46:30 honeypot-sgp-1 sshd[26172]: Connection closed by invalid user oracle 116.98.174.154 port 41152 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:35.961Z","@version":"1","message":"Sep 16 20:46:34 honeypot-sgp-1 sshd[26180]: Invalid user admin from 116.98.174.154 port 38942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:55.971Z","@version":"1","message":"Sep 16 20:46:55 honeypot-sgp-1 sshd[26188]: Connection closed by authenticating user root 116.98.174.154 port 55524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:08.977Z","@version":"1","message":"Sep 16 20:47:08 honeypot-sgp-1 sshd[26194]: Connection closed by invalid user webmaster 116.98.174.154 port 38866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:23.985Z","@version":"1","message":"Sep 16 20:47:23 honeypot-sgp-1 sshd[26200]: Connection closed by invalid user admin 116.98.174.154 port 41342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:34.991Z","@version":"1","message":"Sep 16 20:47:34 honeypot-sgp-1 sshd[26206]: Connection closed by invalid user admin 116.98.174.154 port 46868 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:40.993Z","@version":"1","message":"Sep 16 20:47:40 honeypot-sgp-1 sshd[26212]: Connection closed by invalid user admin 116.98.174.154 port 57854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:44.996Z","@version":"1","message":"Sep 16 20:47:44 honeypot-sgp-1 sshd[26218]: Connection closed by invalid user keaton 116.98.174.154 port 41324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:52.000Z","@version":"1","message":"Sep 16 20:47:51 honeypot-sgp-1 sshd[26226]: Invalid user admin from 116.98.174.154 port 42458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:58.003Z","@version":"1","message":"Sep 16 20:47:57 honeypot-sgp-1 sshd[26232]: Connection closed by invalid user webmaster 116.98.174.154 port 53372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:05.007Z","@version":"1","message":"Sep 16 20:48:04 honeypot-sgp-1 sshd[26240]: Connection closed by authenticating user root 116.98.174.154 port 54294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:08.009Z","@version":"1","message":"Sep 16 20:48:07 honeypot-sgp-1 sshd[26248]: Invalid user admin from 116.98.174.154 port 33400","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:11.011Z","@version":"1","message":"Sep 16 20:48:10 honeypot-sgp-1 sshd[26254]: Invalid user a from 116.98.174.154 port 46040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:14.013Z","@version":"1","message":"Sep 16 20:48:13 honeypot-sgp-1 sshd[26260]: Invalid user webuser from 116.98.174.154 port 42310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:26.019Z","@version":"1","message":"Sep 16 20:48:25 honeypot-sgp-1 sshd[26266]: Connection closed by authenticating user root 116.98.174.154 port 37486 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:45.029Z","@version":"1","message":"Sep 16 20:48:44 honeypot-sgp-1 sshd[26272]: Connection closed by invalid user test 116.98.174.154 port 48896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:55.033Z","@version":"1","message":"Sep 16 20:48:54 honeypot-sgp-1 sshd[26278]: Invalid user pos from 116.98.174.154 port 39786","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:00.037Z","@version":"1","message":"Sep 16 20:48:59 honeypot-sgp-1 sshd[26284]: Connection closed by invalid user carlos 116.98.174.154 port 38916 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:11.042Z","@version":"1","message":"Sep 16 20:49:10 honeypot-sgp-1 sshd[26290]: Connection closed by invalid user admi 116.98.174.154 port 43822 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:19.047Z","@version":"1","message":"Sep 16 20:49:18 honeypot-sgp-1 sshd[26296]: Connection closed by invalid user michael 116.98.174.154 port 55628 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:38.056Z","@version":"1","message":"Sep 16 20:49:37 honeypot-sgp-1 sshd[26302]: Connection closed by invalid user sandesh 116.98.174.154 port 47534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:42.058Z","@version":"1","message":"Sep 16 20:49:41 honeypot-sgp-1 sshd[26310]: Invalid user frank from 116.98.174.154 port 38866","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:44.060Z","@version":"1","message":"Sep 16 20:49:43 honeypot-sgp-1 sshd[26316]: Invalid user webftp from 116.98.174.154 port 59416","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:45.061Z","@version":"1","message":"Sep 16 20:49:45 honeypot-sgp-1 sshd[26320]: Connection closed by invalid user adnmin 116.98.174.154 port 55232 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:51.064Z","@version":"1","message":"Sep 16 20:49:50 honeypot-sgp-1 sshd[26326]: Connection closed by invalid user abe 116.98.174.154 port 59266 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:49:53 honeypot-fra-1 sshd[22804]: Connection closed by authenticating user root 194.163.190.53 port 50076 [preauth]","@timestamp":"2022-09-16T20:49:54.024Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:50:05.071Z","@version":"1","message":"Sep 16 20:50:04 honeypot-sgp-1 sshd[26334]: Invalid user admin from 116.98.174.154 port 42684","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:17.077Z","@version":"1","message":"Sep 16 20:50:17 honeypot-sgp-1 sshd[26341]: Connection closed by invalid user a1 116.98.174.154 port 34282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:28.082Z","@version":"1","message":"Sep 16 20:50:27 honeypot-sgp-1 sshd[26349]: Invalid user student4 from 116.98.174.154 port 56588","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:30.084Z","@version":"1","message":"Sep 16 20:50:29 honeypot-sgp-1 sshd[26355]: Connection closed by authenticating user root 116.98.174.154 port 57248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:36.087Z","@version":"1","message":"Sep 16 20:50:35 honeypot-sgp-1 sshd[26363]: Invalid user teste from 116.98.174.154 port 41764","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:07.101Z","@version":"1","message":"Sep 16 20:51:06 honeypot-sgp-1 sshd[26371]: Invalid user daniel from 116.98.174.154 port 48216","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:16.106Z","@version":"1","message":"Sep 16 20:51:15 honeypot-sgp-1 sshd[26377]: Connection closed by invalid user nicole 116.98.174.154 port 35282 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:21.109Z","@version":"1","message":"Sep 16 20:51:20 honeypot-sgp-1 sshd[26383]: Connection closed by invalid user admin 116.98.174.154 port 50780 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:35.115Z","@version":"1","message":"Sep 16 20:51:34 honeypot-sgp-1 sshd[26391]: Invalid user operator from 116.98.174.154 port 41334","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:37.117Z","@version":"1","message":"Sep 16 20:51:36 honeypot-sgp-1 sshd[26397]: Invalid user support from 116.98.174.154 port 37284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:42.119Z","@version":"1","message":"Sep 16 20:51:41 honeypot-sgp-1 sshd[26403]: Connection closed by authenticating user root 116.98.174.154 port 56234 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:58.127Z","@version":"1","message":"Sep 16 20:51:58 honeypot-sgp-1 sshd[26409]: Connection closed by authenticating user root 116.98.174.154 port 43774 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:10.133Z","@version":"1","message":"Sep 16 20:52:09 honeypot-sgp-1 sshd[26419]: Invalid user activesolutions from 116.98.174.154 port 51338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:20.139Z","@version":"1","message":"Sep 16 20:52:19 honeypot-sgp-1 sshd[26425]: Invalid user image from 116.98.174.154 port 32860","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:23.140Z","@version":"1","message":"Sep 16 20:52:22 honeypot-sgp-1 sshd[26431]: Connection closed by invalid user dummy 116.98.174.154 port 60844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:52:33 honeypot-ams-1 sshd[32111]: Received disconnect from 80.76.51.189 port 46614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:52:33.981Z"}
{"@timestamp":"2022-09-16T20:52:37.147Z","@version":"1","message":"Sep 16 20:52:36 honeypot-sgp-1 sshd[26439]: Invalid user test2 from 116.98.174.154 port 57338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:41.150Z","@version":"1","message":"Sep 16 20:52:40 honeypot-sgp-1 sshd[26443]: Invalid user fedora from 116.98.174.154 port 39546","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:55.157Z","@version":"1","message":"Sep 16 20:52:54 honeypot-sgp-1 sshd[26449]: Connection closed by authenticating user root 116.98.174.154 port 55126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:00 honeypot-ams-1 sshd[32115]: Disconnected from authenticating user root 80.76.51.189 port 59168 [preauth]","@timestamp":"2022-09-16T20:53:00.995Z"}
{"@timestamp":"2022-09-16T20:53:03.162Z","@version":"1","message":"Sep 16 20:53:02 honeypot-sgp-1 sshd[26455]: Connection closed by invalid user ncuser 116.98.174.154 port 37416 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:23.171Z","@version":"1","message":"Sep 16 20:53:22 honeypot-sgp-1 sshd[26461]: Connection closed by invalid user user1 116.98.174.154 port 47040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:36.177Z","@version":"1","message":"Sep 16 20:53:36 honeypot-sgp-1 sshd[26467]: Connection closed by invalid user valerie 116.98.174.154 port 49028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:40 honeypot-ams-1 sshd[32120]: Disconnected from invalid user user 45.61.186.49 port 60554 [preauth]","@timestamp":"2022-09-16T20:53:41.016Z"}
{"@timestamp":"2022-09-16T20:53:42.180Z","@version":"1","message":"Sep 16 20:53:42 honeypot-sgp-1 sshd[26473]: Connection closed by invalid user help 116.98.174.154 port 48174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:46.183Z","@version":"1","message":"Sep 16 20:53:45 honeypot-sgp-1 sshd[26478]: Connection closed by invalid user english 116.98.174.154 port 54874 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:54 honeypot-ams-1 sshd[32124]: Disconnected from invalid user user 45.61.186.49 port 43606 [preauth]","@timestamp":"2022-09-16T20:53:55.022Z"}
{"@timestamp":"2022-09-16T20:53:57.188Z","@version":"1","message":"Sep 16 20:53:57 honeypot-sgp-1 sshd[26485]: Invalid user ghost from 116.98.174.154 port 56896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:12.195Z","@version":"1","message":"Sep 16 20:54:11 honeypot-sgp-1 sshd[26491]: Invalid user byte from 116.98.174.154 port 33856","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:20.200Z","@version":"1","message":"Sep 16 20:54:19 honeypot-sgp-1 sshd[26497]: Invalid user omega from 116.98.174.154 port 50310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:54:23 honeypot-ams-1 sshd[32130]: Received disconnect from 80.76.51.189 port 40598:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:54:24.037Z"}
{"@timestamp":"2022-09-16T20:54:25.202Z","@version":"1","message":"Sep 16 20:54:24 honeypot-sgp-1 sshd[26503]: Connection closed by invalid user anthony 116.98.174.154 port 35964 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:31.206Z","@version":"1","message":"Sep 16 20:54:30 honeypot-sgp-1 sshd[26511]: Connection closed by authenticating user root 116.98.174.154 port 50522 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:39.209Z","@version":"1","message":"Sep 16 20:54:39 honeypot-sgp-1 sshd[26517]: Connection closed by invalid user admin 116.98.174.154 port 35836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:43.211Z","@version":"1","message":"Sep 16 20:54:43 honeypot-sgp-1 sshd[26523]: Connection closed by invalid user geral 116.98.174.154 port 44218 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:50.216Z","@version":"1","message":"Sep 16 20:54:50 honeypot-sgp-1 sshd[26529]: Connection closed by invalid user ubnt 116.98.174.154 port 40320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:12.226Z","@version":"1","message":"Sep 16 20:55:11 honeypot-sgp-1 sshd[26537]: Invalid user sales from 116.98.174.154 port 54498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:31.236Z","@version":"1","message":"Sep 16 20:55:30 honeypot-sgp-1 sshd[26544]: Connection closed by invalid user baba 116.98.174.154 port 38114 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:36.238Z","@version":"1","message":"Sep 16 20:55:35 honeypot-sgp-1 sshd[26550]: Connection closed by invalid user admin 116.98.174.154 port 34888 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:42.241Z","@version":"1","message":"Sep 16 20:55:41 honeypot-sgp-1 sshd[26558]: Connection closed by invalid user production 116.98.174.154 port 58002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:48.245Z","@version":"1","message":"Sep 16 20:55:47 honeypot-sgp-1 sshd[26566]: Invalid user ubuntu from 116.98.174.154 port 33502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:55:50 honeypot-ams-1 sshd[32137]: Received disconnect from 80.76.51.189 port 50224:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:55:51.080Z"}
{"@timestamp":"2022-09-16T20:55:53.248Z","@version":"1","message":"Sep 16 20:55:53 honeypot-sgp-1 sshd[26572]: Invalid user mysql from 116.98.174.154 port 56882","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:00.253Z","@version":"1","message":"Sep 16 20:55:59 honeypot-sgp-1 sshd[26578]: Connection closed by invalid user david 116.98.174.154 port 57310 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:13.258Z","@version":"1","message":"Sep 16 20:56:12 honeypot-sgp-1 sshd[26584]: Connection closed by invalid user bananapi 116.98.174.154 port 38004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:22.264Z","@version":"1","message":"Sep 16 20:56:22 honeypot-sgp-1 sshd[26592]: Connection closed by invalid user weblogic 116.98.174.154 port 48934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:37.271Z","@version":"1","message":"Sep 16 20:56:37 honeypot-sgp-1 sshd[26598]: Invalid user elemental from 116.98.174.154 port 55968","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:40.272Z","@version":"1","message":"Sep 16 20:56:39 honeypot-sgp-1 sshd[26604]: Connection closed by invalid user admin 116.98.174.154 port 58462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:48.277Z","@version":"1","message":"Sep 16 20:56:47 honeypot-sgp-1 sshd[26612]: Invalid user support from 116.98.174.154 port 36264","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:59.283Z","@version":"1","message":"Sep 16 20:56:58 honeypot-sgp-1 sshd[26618]: Connection closed by invalid user dan 116.98.174.154 port 59710 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:57:07 honeypot-ams-1 kernel: [84238408.365754] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.129.188.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=39384 PROTO=TCP SPT=55656 DPT=443 WINDOW=35485 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:57:08.116Z"}
{"@timestamp":"2022-09-16T20:57:13.289Z","@version":"1","message":"Sep 16 20:57:12 honeypot-sgp-1 sshd[26626]: Invalid user camera from 116.98.174.154 port 51222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:58:24 honeypot-ams-1 sshd[32148]: Invalid user admin from 80.76.51.189 port 56866","@timestamp":"2022-09-16T20:58:25.152Z"}
{"@timestamp":"2022-09-16T20:58:46.328Z","@version":"1","message":"Sep 16 20:58:45 honeypot-sgp-1 sshd[26632]: Disconnected from authenticating user root 92.255.85.69 port 45742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:59:26 honeypot-ams-1 sshd[32152]: Invalid user ansible from 80.76.51.189 port 53884","@timestamp":"2022-09-16T20:59:27.180Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:00:21 honeypot-fra-1 sshd[22811]: Invalid user blank from 179.60.147.69 port 44200","@timestamp":"2022-09-16T21:00:22.258Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:00:30 honeypot-ams-1 sshd[32157]: Invalid user ansible from 80.76.51.189 port 50894","@timestamp":"2022-09-16T21:00:30.210Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:01:05 honeypot-ams-1 kernel: [84238646.432458] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.207.166.173 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=53952 PROTO=TCP SPT=43095 DPT=443 WINDOW=49202 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:01:06.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:45 honeypot-ams-1 sshd[32165]: Disconnected from authenticating user root 179.171.158.147 port 59342 [preauth]","@timestamp":"2022-09-16T21:01:46.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:51 honeypot-ams-1 sshd[32171]: Received disconnect from 179.171.158.147 port 59658:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:01:51.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:58 honeypot-ams-1 sshd[32177]: Received disconnect from 179.171.158.147 port 60050:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:01:59.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:06 honeypot-ams-1 sshd[32185]: Received disconnect from 80.76.51.189 port 60524:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:02:07.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:13 honeypot-ams-1 sshd[32189]: Received disconnect from 179.171.158.147 port 60740:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:14.266Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:21 honeypot-ams-1 sshd[32195]: Received disconnect from 179.171.158.147 port 32928:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:21.356Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:27 honeypot-ams-1 sshd[32201]: Received disconnect from 179.171.158.147 port 33262:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:28.362Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:33 honeypot-ams-1 sshd[32207]: Received disconnect from 179.171.158.147 port 33530:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:34.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:39 honeypot-ams-1 sshd[32213]: Received disconnect from 179.171.158.147 port 33898:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:40.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:42 honeypot-ams-1 sshd[32217]: Disconnected from authenticating user root 179.171.158.147 port 34014 [preauth]","@timestamp":"2022-09-16T21:02:42.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:49 honeypot-ams-1 sshd[32223]: Disconnected from authenticating user root 179.171.158.147 port 34402 [preauth]","@timestamp":"2022-09-16T21:02:50.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:56 honeypot-ams-1 sshd[32229]: Disconnected from authenticating user root 179.171.158.147 port 34786 [preauth]","@timestamp":"2022-09-16T21:02:57.379Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:02 honeypot-ams-1 sshd[32235]: Disconnected from authenticating user root 179.171.158.147 port 35114 [preauth]","@timestamp":"2022-09-16T21:03:03.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:10 honeypot-ams-1 sshd[32241]: Received disconnect from 179.171.158.147 port 35528:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:11.388Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:13 honeypot-ams-1 sshd[32247]: Received disconnect from 80.76.51.189 port 57544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:03:14.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:17 honeypot-ams-1 sshd[32249]: Received disconnect from 179.171.158.147 port 35910:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:18.392Z"}
{"@timestamp":"2022-09-16T21:03:22.437Z","@version":"1","message":"Sep 16 21:03:21 honeypot-sgp-1 sshd[26637]: Received disconnect from 81.16.121.206 port 5812:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:22 honeypot-ams-1 sshd[32253]: Received disconnect from 179.171.158.147 port 36140:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:23.395Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:27 honeypot-ams-1 sshd[32257]: Received disconnect from 179.171.158.147 port 36408:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:28.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:03:28 honeypot-fra-1 sshd[22817]: Received disconnect from 194.226.49.130 port 46096:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:29.332Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:33 honeypot-ams-1 sshd[32261]: Received disconnect from 179.171.158.147 port 36672:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:33.401Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:37 honeypot-ams-1 sshd[32265]: Disconnected from authenticating user root 179.171.158.147 port 36940 [preauth]","@timestamp":"2022-09-16T21:03:37.404Z"}
{"@timestamp":"2022-09-16T21:03:42.446Z","@version":"1","message":"Sep 16 21:03:42 honeypot-sgp-1 sshd[26641]: Received disconnect from 71.206.128.118 port 48104:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:44 honeypot-ams-1 sshd[32271]: Invalid user pi from 179.171.158.147 port 37342","@timestamp":"2022-09-16T21:03:44.408Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:03:48 honeypot-ams-1 kernel: [84238809.616105] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38528 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:03:49.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:50 honeypot-ams-1 sshd[32279]: Invalid user mine from 179.171.158.147 port 37672","@timestamp":"2022-09-16T21:03:51.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:56 honeypot-ams-1 sshd[32283]: Invalid user xbmc from 179.171.158.147 port 37942","@timestamp":"2022-09-16T21:03:57.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:00 honeypot-ams-1 sshd[32287]: Invalid user oracle from 179.171.158.147 port 38192","@timestamp":"2022-09-16T21:04:01.420Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:04:04 honeypot-ams-1 kernel: [84238825.898311] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=63363 PROTO=TCP SPT=42003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:04:05.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:08 honeypot-ams-1 sshd[32293]: Disconnected from invalid user vagrant 179.171.158.147 port 38538 [preauth]","@timestamp":"2022-09-16T21:04:08.425Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:12 honeypot-ams-1 sshd[32297]: Disconnected from invalid user debian 179.171.158.147 port 38818 [preauth]","@timestamp":"2022-09-16T21:04:13.428Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:16 honeypot-ams-1 sshd[32301]: Disconnected from invalid user debian 179.171.158.147 port 39044 [preauth]","@timestamp":"2022-09-16T21:04:17.430Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:22 honeypot-ams-1 sshd[32305]: Disconnected from invalid user alarm 179.171.158.147 port 39352 [preauth]","@timestamp":"2022-09-16T21:04:23.434Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:26 honeypot-ams-1 sshd[32311]: Invalid user test from 179.171.158.147 port 39554","@timestamp":"2022-09-16T21:04:26.437Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:30 honeypot-ams-1 sshd[32315]: Invalid user cirros from 179.171.158.147 port 39756","@timestamp":"2022-09-16T21:04:30.439Z"}
{"@timestamp":"2022-09-16T21:04:53.475Z","@version":"1","message":"Sep 16 21:04:53 honeypot-sgp-1 sshd[26645]: Disconnected from authenticating user root 193.114.115.146 port 39808 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:19 honeypot-ams-1 sshd[32319]: Connection closed by authenticating user root 137.116.144.39 port 55912 [preauth]","@timestamp":"2022-09-16T21:05:19.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:06:09 honeypot-ams-1 sshd[32326]: Received disconnect from 80.76.51.189 port 35962:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T21:06:10.513Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:08:11 honeypot-fra-1 sshd[22822]: Received disconnect from 64.227.178.106 port 46428:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:08:11.442Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:11:35.630Z","@version":"1","message":"Sep 16 21:11:35 honeypot-sgp-1 sshd[26650]: Received disconnect from 66.76.55.84 port 52800:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:11:46.635Z","@version":"1","message":"Sep 16 21:11:46 honeypot-sgp-1 sshd[26654]: Invalid user ubnt from 71.206.128.118 port 48427","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:13:06.669Z","@version":"1","message":"Sep 16 21:13:06 honeypot-sgp-1 sshd[26658]: Received disconnect from 193.114.115.146 port 40406:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:16:16 honeypot-fra-1 sshd[22827]: Disconnected from authenticating user root 92.255.85.70 port 45038 [preauth]","@timestamp":"2022-09-16T21:16:17.632Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:17:01 honeypot-ams-1 CRON[32331]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T21:17:02.796Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22835]: Invalid user postgres from 134.209.151.21 port 49346","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22851]: Invalid user postgres from 134.209.151.21 port 49392","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22836]: Invalid user ubuntu from 134.209.151.21 port 49372","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22835]: Connection closed by invalid user postgres 134.209.151.21 port 49346 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22844]: Connection closed by invalid user kibana 134.209.151.21 port 49416 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22853]: Connection closed by invalid user admin 134.209.151.21 port 49348 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22836]: Connection closed by invalid user ubuntu 134.209.151.21 port 49372 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:19:30 honeypot-ams-1 kernel: [84239752.051505] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=40888 DF PROTO=TCP SPT=64230 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:19:31.866Z"}
{"@timestamp":"2022-09-16T21:20:14.834Z","@version":"1","message":"Sep 16 21:20:14 honeypot-sgp-1 sshd[26667]: Received disconnect from 41.79.235.35 port 34284:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:23:12 honeypot-fra-1 kernel: [84237804.829798] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=32135 DF PROTO=TCP SPT=50952 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:23:12.793Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:24:20 honeypot-ams-1 kernel: [84240042.089708] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=60037 PROTO=TCP SPT=37178 DPT=80 WINDOW=55674 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:24:21.993Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:29:22 honeypot-ams-1 kernel: [84240343.932941] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=37426 PROTO=TCP SPT=59801 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:29:23.125Z"}
{"@timestamp":"2022-09-16T21:33:17.134Z","@version":"1","message":"Sep 16 21:33:17 honeypot-sgp-1 sshd[26673]: Did not receive identification string from 109.248.6.112 port 57768","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:35:40 honeypot-ams-1 kernel: [84240721.262166] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=26821 DF PROTO=TCP SPT=57194 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:35:40.304Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:36:29 honeypot-fra-1 sshd[22895]: Connection closed by invalid user ubnt 179.60.147.69 port 29908 [preauth]","@timestamp":"2022-09-16T21:36:30.093Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:12 honeypot-fra-1 sshd[22899]: Disconnected from invalid user user15 122.53.86.126 port 51520 [preauth]","@timestamp":"2022-09-16T21:40:13.178Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:40:32 honeypot-ams-1 kernel: [84241013.121119] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=39157 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:40:32.433Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:49 honeypot-fra-1 sshd[22905]: Invalid user uc from 190.210.37.246 port 60065","@timestamp":"2022-09-16T21:40:50.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:42:13 honeypot-fra-1 kernel: [84238946.007769] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43519 PROTO=TCP SPT=49862 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:42:14.228Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T21:48:46.487Z","@version":"1","message":"Sep 16 21:48:45 honeypot-sgp-1 kernel: [84241030.928733] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=144.202.57.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60881 PROTO=TCP SPT=44572 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:54:33 honeypot-fra-1 sshd[22915]: Invalid user ubuntu from 137.184.40.32 port 36998","@timestamp":"2022-09-16T21:54:34.504Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:55:10 honeypot-ams-1 sshd[32372]: Invalid user admin from 92.255.85.69 port 43678","@timestamp":"2022-09-16T21:55:11.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:57:12 honeypot-fra-1 sshd[22919]: Disconnected from invalid user samba 138.197.19.166 port 59074 [preauth]","@timestamp":"2022-09-16T21:57:13.567Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:58:33 honeypot-ams-1 kernel: [84242094.417114] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=44911 PROTO=TCP SPT=2231 DPT=80 WINDOW=16631 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:58:33.905Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:02:30 honeypot-fra-1 sshd[22924]: Disconnected from invalid user admin 92.255.85.69 port 48954 [preauth]","@timestamp":"2022-09-16T22:02:30.684Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:03:26.825Z","@version":"1","message":"Sep 16 22:03:26 honeypot-sgp-1 sshd[26697]: Disconnected from authenticating user root 43.155.70.28 port 59042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:06:11 honeypot-fra-1 sshd[22930]: Connection closed by authenticating user root 194.163.190.53 port 55546 [preauth]","@timestamp":"2022-09-16T22:06:11.768Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:08:10.936Z","@version":"1","message":"Sep 16 22:08:10 honeypot-sgp-1 kernel: [84242196.156760] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=15334 DF PROTO=TCP SPT=53098 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:08:44 honeypot-fra-1 sshd[22935]: Received disconnect from 89.22.67.66 port 51118:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:08:44.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:10:20.989Z","@version":"1","message":"Sep 16 22:10:20 honeypot-sgp-1 sshd[26704]: Did not receive identification string from 45.61.184.204 port 45564","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:10:49.002Z","@version":"1","message":"Sep 16 22:10:48 honeypot-sgp-1 sshd[26707]: Disconnected from invalid user user 45.61.184.204 port 44404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:06.010Z","@version":"1","message":"Sep 16 22:11:05 honeypot-sgp-1 sshd[26711]: Disconnected from invalid user user 45.61.184.204 port 38844 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:23.018Z","@version":"1","message":"Sep 16 22:11:22 honeypot-sgp-1 sshd[26715]: Disconnected from invalid user user 45.61.184.204 port 33284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:11:30 honeypot-fra-1 kernel: [84240702.622343] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=35083 PROTO=TCP SPT=19005 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:11:30.923Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:15:01 honeypot-ams-1 sshd[32377]: Connection closed by authenticating user nobody 179.60.147.69 port 10276 [preauth]","@timestamp":"2022-09-16T22:15:01.330Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:17:01 honeypot-fra-1 CRON[22948]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T22:17:02.053Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:17:02.151Z","@version":"1","message":"Sep 16 22:17:01 honeypot-sgp-1 CRON[26722]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:19:58 honeypot-ams-1 sshd[32385]: Received disconnect from 46.101.23.51 port 56416:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:19:59.458Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:22:42 honeypot-ams-1 sshd[32387]: Disconnected from invalid user sanjay 45.120.69.82 port 47054 [preauth]","@timestamp":"2022-09-16T22:22:42.532Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:25:00 honeypot-fra-1 kernel: [84241512.534317] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=59584 DF PROTO=TCP SPT=61265 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T22:25:00.235Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:26:29 honeypot-fra-1 kernel: [84241601.623632] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=55972 PROTO=TCP SPT=47084 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:26:29.270Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T22:28:33.420Z","@version":"1","message":"Sep 16 22:28:32 honeypot-sgp-1 sshd[26726]: Disconnected from invalid user postgres 71.128.32.24 port 47356 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:30:09.460Z","@version":"1","message":"Sep 16 22:30:08 honeypot-sgp-1 sshd[26731]: Disconnected from invalid user duci 143.198.209.48 port 37570 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:30:46 honeypot-ams-1 sshd[32392]: Received disconnect from 210.183.21.48 port 24588:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:30:46.743Z"}
{"@timestamp":"2022-09-16T22:33:27.539Z","@version":"1","message":"Sep 16 22:33:26 honeypot-sgp-1 sshd[26735]: Disconnected from invalid user mysql 92.255.85.69 port 23638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:34:33 honeypot-fra-1 sshd[22967]: Disconnected from invalid user ogp_agent 159.65.218.99 port 58524 [preauth]","@timestamp":"2022-09-16T22:34:33.451Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:35:36 honeypot-ams-1 sshd[32397]: Disconnected from invalid user oop@123 62.84.124.148 port 53124 [preauth]","@timestamp":"2022-09-16T22:35:36.867Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:34 honeypot-fra-1 sshd[22974]: Invalid user admin from 128.199.168.83 port 32268","@timestamp":"2022-09-16T22:44:34.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:37 honeypot-fra-1 sshd[22980]: Invalid user admin from 128.199.168.83 port 58060","@timestamp":"2022-09-16T22:44:37.679Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:44:53 honeypot-ams-1 sshd[32403]: Did not receive identification string from 45.61.184.204 port 57400","@timestamp":"2022-09-16T22:44:54.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:25 honeypot-ams-1 sshd[32406]: Received disconnect from 45.61.184.204 port 40960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T22:45:26.138Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:43 honeypot-ams-1 sshd[32408]: Connection closed by invalid user guest 193.106.191.157 port 59574 [preauth]","@timestamp":"2022-09-16T22:45:43.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:54 honeypot-ams-1 sshd[32414]: Disconnected from invalid user user 45.61.184.204 port 46348 [preauth]","@timestamp":"2022-09-16T22:45:55.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:46:11 honeypot-ams-1 sshd[32418]: Disconnected from invalid user user 45.61.184.204 port 40528 [preauth]","@timestamp":"2022-09-16T22:46:12.162Z"}
{"@timestamp":"2022-09-16T22:48:28.929Z","@version":"1","message":"Sep 16 22:48:28 honeypot-sgp-1 sshd[26738]: Disconnected from invalid user vhost 31.3.91.99 port 34866 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:48:58 honeypot-fra-1 sshd[22985]: Disconnected from invalid user mysql 92.255.85.70 port 42342 [preauth]","@timestamp":"2022-09-16T22:48:58.783Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:52:58 honeypot-ams-1 sshd[32423]: Connection closed by invalid user pi 220.71.14.93 port 36306 [preauth]","@timestamp":"2022-09-16T22:52:58.341Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:55:44 honeypot-fra-1 sshd[22990]: Connection closed by invalid user guest 193.106.191.157 port 47546 [preauth]","@timestamp":"2022-09-16T22:55:44.938Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:56:46.126Z","@version":"1","message":"Sep 16 22:56:45 honeypot-sgp-1 sshd[26745]: Did not receive identification string from 154.89.5.109 port 33210","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:02:59 honeypot-ams-1 kernel: [84245960.200154] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=10414 DF PROTO=TCP SPT=50935 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T23:02:59.592Z"}
{"@timestamp":"2022-09-16T23:05:56.339Z","@version":"1","message":"Sep 16 23:05:56 honeypot-sgp-1 sshd[26753]: Invalid user admin from 128.199.160.207 port 45924","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:06:58.363Z","@version":"1","message":"Sep 16 23:06:57 honeypot-sgp-1 kernel: [84245722.837394] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=245 ID=47414 PROTO=TCP SPT=18837 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:06:59 honeypot-ams-1 kernel: [84246200.481049] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45148 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:06:59.695Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:07:28 honeypot-fra-1 sshd[22998]: Connection closed by authenticating user root 194.163.190.53 port 44132 [preauth]","@timestamp":"2022-09-16T23:07:29.225Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:09:20.421Z","@version":"1","message":"Sep 16 23:09:20 honeypot-sgp-1 sshd[26762]: Invalid user user from 45.61.184.204 port 55172","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:39.430Z","@version":"1","message":"Sep 16 23:09:39 honeypot-sgp-1 sshd[26766]: Invalid user user from 45.61.184.204 port 49798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:57.439Z","@version":"1","message":"Sep 16 23:09:57 honeypot-sgp-1 sshd[26770]: Invalid user user from 45.61.184.204 port 44402","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:14:37.547Z","@version":"1","message":"Sep 16 23:14:37 honeypot-sgp-1 sshd[26775]: Did not receive identification string from 45.61.186.49 port 36266","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:14:53.555Z","@version":"1","message":"Sep 16 23:14:52 honeypot-sgp-1 sshd[26778]: Disconnected from invalid user user 45.61.186.49 port 58300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:15:06.561Z","@version":"1","message":"Sep 16 23:15:06 honeypot-sgp-1 sshd[26782]: Disconnected from invalid user user 45.61.186.49 port 41330 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:15:47 honeypot-fra-1 kernel: [84244560.033262] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=197.49.222.133 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=12351 PROTO=TCP SPT=44150 DPT=80 WINDOW=20458 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:15:48.412Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:17:01 honeypot-ams-1 CRON[32437]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T23:17:01.948Z"}
{"@timestamp":"2022-09-16T23:19:34.665Z","@version":"1","message":"Sep 16 23:19:33 honeypot-sgp-1 sshd[26789]: Received disconnect from 92.255.85.69 port 47636:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:23:19 honeypot-fra-1 sshd[23011]: Invalid user esadmin from 171.244.140.174 port 11909","@timestamp":"2022-09-16T23:23:19.583Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:08 honeypot-ams-1 sshd[32443]: Disconnected from authenticating user root 185.172.77.242 port 59742 [preauth]","@timestamp":"2022-09-16T23:25:09.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32449]: Received disconnect from 185.172.77.242 port 59778:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:10.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:10 honeypot-ams-1 sshd[32455]: Received disconnect from 185.172.77.242 port 59808:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:11 honeypot-ams-1 sshd[32461]: Received disconnect from 185.172.77.242 port 59846:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:11 honeypot-ams-1 sshd[32467]: Received disconnect from 185.172.77.242 port 59882:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:12 honeypot-ams-1 sshd[32473]: Received disconnect from 185.172.77.242 port 59930:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:13 honeypot-ams-1 sshd[32479]: Received disconnect from 185.172.77.242 port 60066:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:14 honeypot-ams-1 sshd[32485]: Received disconnect from 185.172.77.242 port 60122:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:15 honeypot-ams-1 sshd[32491]: Received disconnect from 185.172.77.242 port 60174:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:15 honeypot-ams-1 sshd[32497]: Received disconnect from 185.172.77.242 port 60224:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:16.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:16 honeypot-ams-1 sshd[32503]: Received disconnect from 185.172.77.242 port 60286:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:17.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:17 honeypot-ams-1 sshd[32509]: Received disconnect from 185.172.77.242 port 60318:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32513]: Disconnected from invalid user admin 185.172.77.242 port 60346 [preauth]","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32517]: Disconnected from invalid user admin 185.172.77.242 port 60370 [preauth]","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32521]: Disconnected from invalid user admin 185.172.77.242 port 60408 [preauth]","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32525]: Disconnected from invalid user admin 185.172.77.242 port 60428 [preauth]","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32529]: Disconnected from invalid user admin 185.172.77.242 port 60448 [preauth]","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32533]: Disconnected from invalid user user 185.172.77.242 port 60476 [preauth]","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32539]: Received disconnect from 185.172.77.242 port 60518:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:22.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32543]: Received disconnect from 185.172.77.242 port 60552:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:22.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32547]: Received disconnect from 185.172.77.242 port 60582:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32551]: Received disconnect from 185.172.77.242 port 60672:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32555]: Received disconnect from 185.172.77.242 port 60732:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32559]: Received disconnect from 185.172.77.242 port 60760:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32563]: Received disconnect from 185.172.77.242 port 60806:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32567]: Received disconnect from 185.172.77.242 port 60842:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32571]: Received disconnect from 185.172.77.242 port 60866:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32575]: Received disconnect from 185.172.77.242 port 60920:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32579]: Received disconnect from 185.172.77.242 port 60954:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:27.168Z"}
{"@timestamp":"2022-09-16T23:25:36.831Z","@version":"1","message":"Sep 16 23:25:36 honeypot-sgp-1 sshd[26794]: Connection closed by invalid user test 179.60.147.69 port 3458 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:26:43 honeypot-fra-1 sshd[23014]: Connection closed by invalid user test 179.60.147.69 port 9872 [preauth]","@timestamp":"2022-09-16T23:26:43.660Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:28:52 honeypot-ams-1 sshd[32583]: Invalid user test from 179.60.147.69 port 4718","@timestamp":"2022-09-16T23:28:53.257Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:34 honeypot-fra-1 sshd[23035]: Invalid user vagrant from 125.88.226.4 port 41716","@timestamp":"2022-09-16T23:29:34.726Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:35 honeypot-fra-1 sshd[23027]: Connection closed by invalid user esuser 125.88.226.4 port 41688 [preauth]","@timestamp":"2022-09-16T23:29:35.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:36 honeypot-fra-1 sshd[23028]: Connection closed by invalid user nagios 125.88.226.4 port 41722 [preauth]","@timestamp":"2022-09-16T23:29:37.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:39 honeypot-fra-1 sshd[23030]: Invalid user vagrant from 125.88.226.4 port 41682","@timestamp":"2022-09-16T23:29:39.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:41 honeypot-fra-1 sshd[23034]: Connection closed by invalid user chia 125.88.226.4 port 41698 [preauth]","@timestamp":"2022-09-16T23:29:41.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:05 honeypot-fra-1 sshd[23026]: Invalid user ec2-user from 125.88.226.4 port 41676","@timestamp":"2022-09-16T23:30:06.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:09 honeypot-fra-1 sshd[23038]: Connection closed by invalid user steam 125.88.226.4 port 41720 [preauth]","@timestamp":"2022-09-16T23:30:09.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:16 honeypot-fra-1 sshd[23041]: Invalid user postgres from 125.88.226.4 port 41656","@timestamp":"2022-09-16T23:30:16.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:22 honeypot-fra-1 sshd[23039]: Connection closed by invalid user hadoop 125.88.226.4 port 41706 [preauth]","@timestamp":"2022-09-16T23:30:23.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:30:51 honeypot-ams-1 kernel: [84247632.447340] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=9433 DF PROTO=TCP SPT=64717 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T23:30:52.366Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:35:19 honeypot-ams-1 sshd[32592]: Received disconnect from 157.230.228.27 port 39718:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:35:20.477Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:36:14 honeypot-fra-1 sshd[23077]: Disconnected from invalid user admin 92.255.85.69 port 57706 [preauth]","@timestamp":"2022-09-16T23:36:14.884Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:38:25.125Z","@version":"1","message":"Sep 16 23:38:24 honeypot-sgp-1 kernel: [84247609.832595] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=106.75.93.241 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=57547 PROTO=TCP SPT=58914 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:48:05 honeypot-fra-1 sshd[23086]: Connection closed by authenticating user root 194.163.190.53 port 37668 [preauth]","@timestamp":"2022-09-16T23:48:06.152Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:48:08.352Z","@version":"1","message":"Sep 16 23:48:08 honeypot-sgp-1 kernel: [84248193.421373] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=4789 PROTO=TCP SPT=58509 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:53:19 honeypot-ams-1 sshd[32599]: Received disconnect from 92.255.85.69 port 27018:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:53:19.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:57:48 honeypot-fra-1 sshd[23093]: Connection closed by invalid user  213.108.170.34 port 42776 [preauth]","@timestamp":"2022-09-16T23:57:48.373Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:00:02 honeypot-fra-1 sshd[23098]: Received disconnect from 196.132.38.47 port 53771:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:00:02.428Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:02:11 honeypot-fra-1 sshd[23102]: Disconnected from invalid user ripple 186.117.165.67 port 48022 [preauth]","@timestamp":"2022-09-17T00:02:12.479Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:02:35.689Z","@version":"1","message":"Sep 17 00:02:35 honeypot-sgp-1 kernel: [84249060.773504] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=195.230.103.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=33744 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:04:10 honeypot-ams-1 kernel: [84249631.817218] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.199.23 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=65137 PROTO=TCP SPT=20012 DPT=443 WINDOW=48783 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:04:11.237Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:07:10 honeypot-fra-1 sshd[23109]: Connection closed by authenticating user root 194.163.190.53 port 33180 [preauth]","@timestamp":"2022-09-17T00:07:11.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:13:29 honeypot-fra-1 sshd[23113]: Disconnected from authenticating user root 179.43.156.143 port 34974 [preauth]","@timestamp":"2022-09-17T00:13:30.741Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:13:35 honeypot-ams-1 kernel: [84250196.373274] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=193.46.254.155 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=42518 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:13:35.494Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:15:17 honeypot-fra-1 sshd[23119]: Disconnected from authenticating user root 179.43.156.143 port 52834 [preauth]","@timestamp":"2022-09-17T00:15:17.803Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:01 honeypot-fra-1 CRON[23125]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T00:17:01.848Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:17:02.042Z","@version":"1","message":"Sep 17 00:17:01 honeypot-sgp-1 CRON[26814]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:34 honeypot-fra-1 sshd[23132]: Received disconnect from 27.77.249.10 port 48480:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:34.862Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:36 honeypot-ams-1 sshd[32613]: Invalid user elastic from 187.235.106.121 port 37360","@timestamp":"2022-09-17T00:17:36.602Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:36 honeypot-fra-1 sshd[23138]: Disconnected from invalid user ossuser 179.43.156.143 port 39000 [preauth]","@timestamp":"2022-09-17T00:17:37.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:40 honeypot-fra-1 sshd[23142]: Received disconnect from 27.77.249.10 port 48800:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:40.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:44 honeypot-fra-1 sshd[23148]: Received disconnect from 27.77.249.10 port 49006:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:44.868Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:45 honeypot-ams-1 sshd[32617]: Received disconnect from 45.61.186.249 port 39544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:17:46.608Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:48 honeypot-fra-1 sshd[23154]: Received disconnect from 27.77.249.10 port 49146:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:48.871Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:53 honeypot-fra-1 sshd[23160]: Received disconnect from 27.77.249.10 port 49490:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:53.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:57 honeypot-fra-1 sshd[23166]: Received disconnect from 27.77.249.10 port 49622:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:57.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:01 honeypot-fra-1 sshd[23172]: Received disconnect from 27.77.249.10 port 49894:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:01.878Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:04 honeypot-ams-1 sshd[32621]: Received disconnect from 45.61.186.249 port 33746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:18:05.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:05 honeypot-fra-1 sshd[23179]: Received disconnect from 27.77.249.10 port 50044:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:05.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:09 honeypot-fra-1 sshd[23185]: Received disconnect from 27.77.249.10 port 50240:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:09.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:13 honeypot-fra-1 sshd[23193]: Invalid user nfsnobod from 179.43.156.143 port 35568","@timestamp":"2022-09-17T00:18:13.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:15 honeypot-fra-1 sshd[23195]: Disconnected from authenticating user root 27.77.249.10 port 50516 [preauth]","@timestamp":"2022-09-17T00:18:15.887Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:19 honeypot-fra-1 sshd[23201]: Disconnected from authenticating user root 27.77.249.10 port 50660 [preauth]","@timestamp":"2022-09-17T00:18:19.889Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:22 honeypot-ams-1 sshd[32625]: Received disconnect from 45.61.186.249 port 56168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:18:23.627Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:23 honeypot-fra-1 sshd[23207]: Disconnected from authenticating user root 27.77.249.10 port 50946 [preauth]","@timestamp":"2022-09-17T00:18:23.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:26 honeypot-fra-1 sshd[23211]: Disconnected from invalid user admin 27.77.249.10 port 51016 [preauth]","@timestamp":"2022-09-17T00:18:26.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:29 honeypot-fra-1 sshd[23215]: Disconnected from invalid user admin 27.77.249.10 port 51110 [preauth]","@timestamp":"2022-09-17T00:18:29.896Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:31 honeypot-fra-1 sshd[23219]: Disconnected from invalid user admin 27.77.249.10 port 51328 [preauth]","@timestamp":"2022-09-17T00:18:32.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:34 honeypot-fra-1 sshd[23223]: Disconnected from invalid user admin 27.77.249.10 port 51452 [preauth]","@timestamp":"2022-09-17T00:18:34.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:37 honeypot-fra-1 sshd[23227]: Disconnected from invalid user admin 27.77.249.10 port 51526 [preauth]","@timestamp":"2022-09-17T00:18:37.902Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:39 honeypot-ams-1 sshd[32629]: Received disconnect from 45.61.186.249 port 50366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:18:39.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:41 honeypot-fra-1 sshd[23233]: Received disconnect from 27.77.249.10 port 51792:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:41.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:44 honeypot-fra-1 sshd[23237]: Received disconnect from 27.77.249.10 port 51906:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:44.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:47 honeypot-fra-1 sshd[23241]: Received disconnect from 27.77.249.10 port 51990:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:47.907Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:50 honeypot-fra-1 sshd[23245]: Received disconnect from 27.77.249.10 port 52198:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:50.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:51 honeypot-fra-1 sshd[23247]: Disconnected from invalid user xbmc 27.77.249.10 port 52256 [preauth]","@timestamp":"2022-09-17T00:18:51.911Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:54 honeypot-fra-1 sshd[23253]: Disconnected from invalid user oracle 27.77.249.10 port 52382 [preauth]","@timestamp":"2022-09-17T00:18:54.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:56 honeypot-fra-1 sshd[23257]: Disconnected from invalid user postgres 27.77.249.10 port 52456 [preauth]","@timestamp":"2022-09-17T00:18:56.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:59 honeypot-fra-1 sshd[23261]: Disconnected from invalid user support 27.77.249.10 port 52650 [preauth]","@timestamp":"2022-09-17T00:18:59.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:02 honeypot-fra-1 sshd[23265]: Disconnected from invalid user ubuntu 27.77.249.10 port 52798 [preauth]","@timestamp":"2022-09-17T00:19:02.916Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:05 honeypot-fra-1 sshd[23269]: Disconnected from invalid user ubuntu 27.77.249.10 port 52900 [preauth]","@timestamp":"2022-09-17T00:19:05.919Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:08 honeypot-fra-1 sshd[23273]: Disconnected from invalid user guest 27.77.249.10 port 52982 [preauth]","@timestamp":"2022-09-17T00:19:08.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:10 honeypot-fra-1 sshd[23277]: Disconnected from invalid user cirros 27.77.249.10 port 53208 [preauth]","@timestamp":"2022-09-17T00:19:10.922Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:20:06 honeypot-fra-1 sshd[23283]: Received disconnect from 179.43.156.143 port 53412:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:20:06.944Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:20:28 honeypot-ams-1 kernel: [84250609.534312] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49312 PROTO=TCP SPT=53544 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:20:28.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:21:21 honeypot-ams-1 sshd[32637]: Disconnected from invalid user pufferd 202.47.117.222 port 60820 [preauth]","@timestamp":"2022-09-17T00:21:21.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:21:25 honeypot-fra-1 sshd[23289]: Received disconnect from 179.43.156.143 port 46502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:21:25.978Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:22:29 honeypot-fra-1 kernel: [84248562.081330] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=147.182.199.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=7006 PROTO=TCP SPT=53929 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:22:30.006Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T00:24:03.207Z","@version":"1","message":"Sep 17 00:24:02 honeypot-sgp-1 sshd[26820]: Received disconnect from 220.130.164.120 port 36128:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:28 honeypot-ams-1 sshd[32642]: Did not receive identification string from 36.93.83.5 port 43150","@timestamp":"2022-09-17T00:26:28.853Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32664]: Invalid user mysql from 36.93.83.5 port 43468","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32651]: Connection closed by authenticating user root 36.93.83.5 port 43402 [preauth]","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32663]: Connection closed by authenticating user root 36.93.83.5 port 43496 [preauth]","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32650]: Connection closed by invalid user admin 36.93.83.5 port 43392 [preauth]","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32686]: Invalid user steam from 36.93.83.5 port 43282","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32687]: Connection closed by invalid user chia 36.93.83.5 port 43448 [preauth]","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:32 honeypot-ams-1 sshd[32694]: Connection closed by invalid user steam 36.93.83.5 port 43432 [preauth]","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:33 honeypot-ams-1 sshd[32665]: Connection closed by authenticating user root 36.93.83.5 port 43400 [preauth]","@timestamp":"2022-09-17T00:26:33.857Z"}
{"@timestamp":"2022-09-17T00:29:47.344Z","@version":"1","message":"Sep 17 00:29:47 honeypot-sgp-1 sshd[26823]: Disconnected from authenticating user root 92.255.85.69 port 47004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:29:47 honeypot-ams-1 kernel: [84251168.650189] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41715 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:29:47.945Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:33:51 honeypot-fra-1 sshd[23303]: Did not receive identification string from 154.89.5.117 port 53378","@timestamp":"2022-09-17T00:33:52.266Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:36:54 honeypot-fra-1 sshd[23309]: Connection closed by authenticating user root 194.163.190.53 port 40630 [preauth]","@timestamp":"2022-09-17T00:36:54.340Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:38:10 honeypot-ams-1 sshd[32707]: Received disconnect from 128.199.42.242 port 35766:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:38:11.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:39:44 honeypot-ams-1 sshd[32712]: Received disconnect from 92.255.85.70 port 30218:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:39:45.209Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:41:26 honeypot-ams-1 sshd[32718]: Invalid user guest from 179.60.147.69 port 36154","@timestamp":"2022-09-17T00:41:26.257Z"}
{"@timestamp":"2022-09-17T00:44:22.688Z","@version":"1","message":"Sep 17 00:44:21 honeypot-sgp-1 sshd[26829]: Connection closed by 192.241.220.25 port 60072 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:46:36 honeypot-fra-1 sshd[23317]: Connection closed by authenticating user root 194.163.190.53 port 52716 [preauth]","@timestamp":"2022-09-17T00:46:36.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:50:28 honeypot-fra-1 kernel: [84250240.549783] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.71 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=17016 PROTO=TCP SPT=59821 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:50:28.654Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:53:51 honeypot-ams-1 kernel: [84252612.580255] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=123.178.22.213 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=30156 PROTO=TCP SPT=39277 DPT=443 WINDOW=27781 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:53:52.600Z"}
{"@timestamp":"2022-09-17T00:56:47.984Z","@version":"1","message":"Sep 17 00:56:47 honeypot-sgp-1 sshd[26834]: Received disconnect from 206.81.9.31 port 19168:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:57:46 honeypot-ams-1 sshd[32723]: Connection closed by invalid user user 193.106.191.157 port 33444 [preauth]","@timestamp":"2022-09-17T00:57:46.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:21 honeypot-ams-1 sshd[32726]: Received disconnect from 45.61.187.160 port 42538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:59:21.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:46 honeypot-ams-1 sshd[32730]: Received disconnect from 45.61.187.160 port 37038:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:59:46.766Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:05 honeypot-ams-1 sshd[32734]: Received disconnect from 45.61.187.160 port 59788:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T01:00:05.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:23 honeypot-ams-1 sshd[32738]: Received disconnect from 45.61.187.160 port 54294:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T01:00:23.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:01:10 honeypot-fra-1 sshd[23327]: Disconnected from 161.35.131.133 port 48492 [preauth]","@timestamp":"2022-09-17T01:01:10.897Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:02:24.118Z","@version":"1","message":"Sep 17 01:02:23 honeypot-sgp-1 sshd[26839]: Disconnected from invalid user wwwrocket 194.67.27.30 port 41914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:04:00 honeypot-ams-1 sshd[32743]: Received disconnect from 81.192.87.130 port 37757:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:04:00.889Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:20 honeypot-ams-1 sshd[32749]: Invalid user ubnt from 116.70.238.244 port 58466","@timestamp":"2022-09-17T01:06:20.952Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:25 honeypot-ams-1 sshd[32753]: Disconnected from authenticating user root 116.70.238.244 port 58561 [preauth]","@timestamp":"2022-09-17T01:06:25.955Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:31 honeypot-ams-1 sshd[32759]: Disconnected from authenticating user root 116.70.238.244 port 58758 [preauth]","@timestamp":"2022-09-17T01:06:31.958Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:39 honeypot-ams-1 sshd[32765]: Disconnected from authenticating user root 116.70.238.244 port 58965 [preauth]","@timestamp":"2022-09-17T01:06:39.963Z"}
{"@timestamp":"2022-09-17T01:07:33.238Z","@version":"1","message":"Sep 17 01:07:33 honeypot-sgp-1 sshd[26846]: Received disconnect from 94.188.177.110 port 39648:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:08:44 honeypot-ams-1 kernel: [84253505.494515] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.159.103.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=43027 PROTO=TCP SPT=18616 DPT=80 WINDOW=53552 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:08:45.021Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:09:27 honeypot-fra-1 sshd[23334]: Received disconnect from 159.223.92.205 port 55956:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:09:28.086Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:11:48.341Z","@version":"1","message":"Sep 17 01:11:47 honeypot-sgp-1 sshd[26851]: Invalid user lai from 218.255.245.10 port 49086","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T01:14:13.399Z","@version":"1","message":"Sep 17 01:14:13 honeypot-sgp-1 sshd[26853]: Connection closed by invalid user user 179.60.147.69 port 28004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:14:47 honeypot-fra-1 sshd[23339]: Disconnected from invalid user morgan 128.199.238.70 port 48438 [preauth]","@timestamp":"2022-09-17T01:14:48.207Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:17:31 honeypot-ams-1 sshd[312]: Invalid user user from 179.60.147.69 port 31054","@timestamp":"2022-09-17T01:17:32.249Z"}
{"@timestamp":"2022-09-17T01:19:29.525Z","@version":"1","message":"Sep 17 01:19:29 honeypot-sgp-1 kernel: [84253674.110938] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=8139 PROTO=TCP SPT=12073 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:20:43 honeypot-fra-1 kernel: [84252055.657392] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=75.140.175.86 DST=165.22.82.222 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=8357 DF PROTO=TCP SPT=55059 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:20:44.344Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:27:18 honeypot-fra-1 sshd[23356]: Received disconnect from 161.35.45.62 port 47654:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:27:18.495Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:29:27 honeypot-ams-1 kernel: [84254748.003690] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=1761 DF PROTO=TCP SPT=54583 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T01:29:27.570Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:31:52 honeypot-fra-1 sshd[23361]: Invalid user libvirt from 165.22.45.108 port 53946","@timestamp":"2022-09-17T01:31:52.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:33:44.858Z","@version":"1","message":"Sep 17 01:33:44 honeypot-sgp-1 sshd[26866]: Received disconnect from 62.204.41.222 port 56479:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:33:48 honeypot-fra-1 sshd[23367]: Invalid user mobile from 111.21.99.227 port 52432","@timestamp":"2022-09-17T01:33:49.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:38:53 honeypot-fra-1 sshd[23372]: Received disconnect from 159.65.141.28 port 38584:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:38:53.771Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:39:46 honeypot-ams-1 sshd[338]: Received disconnect from 223.171.46.146 port 48650:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:39:46.852Z"}
{"@timestamp":"2022-09-17T01:40:47.028Z","@version":"1","message":"Sep 17 01:40:47 honeypot-sgp-1 sshd[26873]: Disconnected from authenticating user root 92.255.85.70 port 26172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:41:08 honeypot-ams-1 sshd[342]: Disconnected from invalid user admin 177.74.124.101 port 45454 [preauth]","@timestamp":"2022-09-17T01:41:08.894Z"}
{"@timestamp":"2022-09-17T01:45:55.147Z","@version":"1","message":"Sep 17 01:45:54 honeypot-sgp-1 sshd[26880]: Invalid user wilfrid from 197.5.145.81 port 47682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:46:32 honeypot-ams-1 sshd[347]: Received disconnect from 185.53.170.6 port 44494:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:46:33.041Z"}
{"@timestamp":"2022-09-17T01:50:26.263Z","@version":"1","message":"Sep 17 01:50:25 honeypot-sgp-1 sshd[26886]: Invalid user test from 179.60.147.69 port 62020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:51:50 honeypot-fra-1 sshd[23379]: Connection closed by authenticating user root 194.163.190.53 port 52360 [preauth]","@timestamp":"2022-09-17T01:51:50.064Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:51:54 honeypot-ams-1 sshd[352]: error: maximum authentication attempts exceeded for invalid user admin from 123.194.235.54 port 47843 ssh2 [preauth]","@timestamp":"2022-09-17T01:51:54.186Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:56:09 honeypot-ams-1 kernel: [84256349.991403] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=52898 DF PROTO=TCP SPT=51196 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T01:56:09.304Z"}
{"@timestamp":"2022-09-17T02:00:18.508Z","@version":"1","message":"Sep 17 02:00:18 honeypot-sgp-1 kernel: [84256123.487475] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.169.168.147 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=31 ID=56249 PROTO=TCP SPT=38542 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:02:42 honeypot-ams-1 kernel: [84256743.204204] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=36382 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:02:42.485Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:19 honeypot-fra-1 sshd[23387]: Did not receive identification string from 168.167.72.179 port 3128","@timestamp":"2022-09-17T02:03:19.325Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23389]: Invalid user momo from 168.167.72.179 port 3142","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23388]: Invalid user mysql from 168.167.72.179 port 3130","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23410]: Invalid user www from 168.167.72.179 port 3230","@timestamp":"2022-09-17T02:03:21.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23389]: Connection closed by invalid user momo 168.167.72.179 port 3142 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23400]: Connection closed by invalid user admin 168.167.72.179 port 3227 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23405]: Connection closed by authenticating user root 168.167.72.179 port 3140 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23409]: Connection closed by invalid user es 168.167.72.179 port 3158 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:06:49 honeypot-ams-1 kernel: [84256990.465540] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.194.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40771 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:06:49.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:08:58 honeypot-ams-1 sshd[364]: Disconnected from invalid user autonavi 52.178.155.67 port 1024 [preauth]","@timestamp":"2022-09-17T02:08:59.663Z"}
{"@timestamp":"2022-09-17T02:09:50.747Z","@version":"1","message":"Sep 17 02:09:50 honeypot-sgp-1 kernel: [84256695.703861] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.63.197.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=5020 PROTO=TCP SPT=59489 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:15:14 honeypot-fra-1 sshd[23442]: Received disconnect from 147.135.219.202 port 56364:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:15:15.596Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:16:06 honeypot-ams-1 sshd[371]: Invalid user arai from 138.68.79.195 port 40504","@timestamp":"2022-09-17T02:16:06.859Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:17:01 honeypot-fra-1 CRON[23446]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T02:17:01.638Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:17:59 honeypot-ams-1 sshd[376]: Received disconnect from 103.117.220.24 port 46324:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:18:00.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:20:28 honeypot-ams-1 sshd[381]: Disconnected from invalid user sys_admin 159.65.151.241 port 37794 [preauth]","@timestamp":"2022-09-17T02:20:29.005Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:21:28 honeypot-ams-1 sshd[385]: Disconnected from invalid user oex 107.170.113.190 port 34040 [preauth]","@timestamp":"2022-09-17T02:21:29.035Z"}
{"@timestamp":"2022-09-17T02:25:59.165Z","@version":"1","message":"Sep 17 02:25:58 honeypot-sgp-1 kernel: [84257663.714987] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.226.17.248 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=21821 DF PROTO=TCP SPT=62887 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:26:54.192Z","@version":"1","message":"Sep 17 02:26:53 honeypot-sgp-1 sshd[26908]: Invalid user user from 45.61.186.49 port 47702","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:03.197Z","@version":"1","message":"Sep 17 02:27:02 honeypot-sgp-1 sshd[26912]: Invalid user user from 45.61.186.49 port 58688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:40.214Z","@version":"1","message":"Sep 17 02:27:40 honeypot-sgp-1 sshd[26916]: Invalid user operator from 92.255.85.69 port 48854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:28:39 honeypot-fra-1 sshd[23457]: Connection closed by authenticating user root 194.163.190.53 port 39160 [preauth]","@timestamp":"2022-09-17T02:28:39.902Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:30:33 honeypot-fra-1 sshd[23461]: Received disconnect from 107.204.170.133 port 40894:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:30:33.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:30:56 honeypot-ams-1 kernel: [84258437.516774] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=46014 PROTO=TCP SPT=41804 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:30:57.293Z"}
{"@timestamp":"2022-09-17T02:31:23.309Z","@version":"1","message":"Sep 17 02:31:22 honeypot-sgp-1 sshd[26921]: Invalid user ig from 161.35.177.39 port 56470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:32:57 honeypot-ams-1 sshd[395]: Disconnected from invalid user admin 85.31.46.45 port 52332 [preauth]","@timestamp":"2022-09-17T02:32:57.350Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:39 honeypot-ams-1 sshd[401]: Received disconnect from 85.31.46.45 port 51158:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:33:40.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:34:21 honeypot-ams-1 sshd[409]: Received disconnect from 85.31.46.45 port 50086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:34:22.395Z"}
{"@timestamp":"2022-09-17T02:34:24.385Z","@version":"1","message":"Sep 17 02:34:23 honeypot-sgp-1 sshd[26925]: Disconnected from authenticating user root 114.33.239.231 port 49972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:34:49 honeypot-ams-1 sshd[413]: Disconnected from authenticating user root 85.31.46.45 port 58540 [preauth]","@timestamp":"2022-09-17T02:34:50.409Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:35:32 honeypot-ams-1 sshd[420]: Invalid user git from 85.31.46.45 port 57248","@timestamp":"2022-09-17T02:35:33.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:36:45 honeypot-fra-1 kernel: [84256616.979900] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=37459 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:36:45.087Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:37:31 honeypot-ams-1 kernel: [84258832.395278] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.128 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=63536 PROTO=TCP SPT=17386 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:37:31.482Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:25 honeypot-fra-1 sshd[23470]: Disconnected from invalid user user 45.61.186.169 port 37968 [preauth]","@timestamp":"2022-09-17T02:41:26.193Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:43 honeypot-fra-1 sshd[23474]: Disconnected from invalid user user 45.61.186.169 port 60720 [preauth]","@timestamp":"2022-09-17T02:41:43.200Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:59 honeypot-fra-1 sshd[23478]: Disconnected from invalid user user 45.61.186.169 port 55242 [preauth]","@timestamp":"2022-09-17T02:42:00.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:42:15 honeypot-fra-1 sshd[23482]: Disconnected from invalid user user 45.61.186.169 port 49774 [preauth]","@timestamp":"2022-09-17T02:42:16.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:09 honeypot-ams-1 sshd[431]: Received disconnect from 60.179.177.78 port 54124:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:10.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:13 honeypot-ams-1 sshd[435]: Disconnected from authenticating user root 60.179.177.78 port 54344 [preauth]","@timestamp":"2022-09-17T02:44:14.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:19 honeypot-ams-1 sshd[441]: Disconnected from authenticating user root 60.179.177.78 port 54652 [preauth]","@timestamp":"2022-09-17T02:44:19.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:25 honeypot-ams-1 sshd[447]: Disconnected from authenticating user root 60.179.177.78 port 54962 [preauth]","@timestamp":"2022-09-17T02:44:25.673Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:30 honeypot-ams-1 sshd[453]: Disconnected from authenticating user root 60.179.177.78 port 55296 [preauth]","@timestamp":"2022-09-17T02:44:30.675Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:36 honeypot-ams-1 sshd[459]: Disconnected from authenticating user root 60.179.177.78 port 55634 [preauth]","@timestamp":"2022-09-17T02:44:36.679Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:42 honeypot-ams-1 sshd[465]: Disconnected from authenticating user root 60.179.177.78 port 55972 [preauth]","@timestamp":"2022-09-17T02:44:42.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:47 honeypot-ams-1 sshd[471]: Disconnected from authenticating user root 60.179.177.78 port 56274 [preauth]","@timestamp":"2022-09-17T02:44:48.686Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:53 honeypot-ams-1 sshd[477]: Disconnected from authenticating user root 60.179.177.78 port 56600 [preauth]","@timestamp":"2022-09-17T02:44:53.689Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:59 honeypot-ams-1 sshd[483]: Disconnected from authenticating user root 60.179.177.78 port 56912 [preauth]","@timestamp":"2022-09-17T02:44:59.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:04 honeypot-ams-1 sshd[489]: Disconnected from authenticating user root 60.179.177.78 port 57246 [preauth]","@timestamp":"2022-09-17T02:45:04.696Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:10 honeypot-ams-1 sshd[495]: Disconnected from authenticating user root 60.179.177.78 port 57592 [preauth]","@timestamp":"2022-09-17T02:45:10.700Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:16 honeypot-ams-1 sshd[501]: Received disconnect from 60.179.177.78 port 57934:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:16.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:20 honeypot-ams-1 sshd[505]: Received disconnect from 60.179.177.78 port 58150:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:20.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:24 honeypot-ams-1 sshd[509]: Received disconnect from 60.179.177.78 port 58426:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:24.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:28 honeypot-ams-1 sshd[513]: Received disconnect from 60.179.177.78 port 58632:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:28.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:32 honeypot-ams-1 sshd[517]: Received disconnect from 60.179.177.78 port 58868:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:32.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:35 honeypot-ams-1 sshd[521]: Received disconnect from 60.179.177.78 port 59074:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:36.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:41 honeypot-ams-1 sshd[527]: Invalid user pi from 60.179.177.78 port 59418","@timestamp":"2022-09-17T02:45:41.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:45 honeypot-ams-1 sshd[531]: Invalid user user from 60.179.177.78 port 59622","@timestamp":"2022-09-17T02:45:45.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:48 honeypot-ams-1 sshd[535]: Invalid user mine from 60.179.177.78 port 59838","@timestamp":"2022-09-17T02:45:49.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:52 honeypot-ams-1 sshd[539]: Invalid user xbmc from 60.179.177.78 port 60068","@timestamp":"2022-09-17T02:45:53.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:56 honeypot-ams-1 sshd[543]: Invalid user oracle from 60.179.177.78 port 60304","@timestamp":"2022-09-17T02:45:56.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:00 honeypot-ams-1 sshd[547]: Invalid user postgres from 60.179.177.78 port 60542","@timestamp":"2022-09-17T02:46:00.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:04 honeypot-ams-1 sshd[551]: Invalid user support from 60.179.177.78 port 60764","@timestamp":"2022-09-17T02:46:04.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:07 honeypot-ams-1 sshd[555]: Invalid user ubuntu from 60.179.177.78 port 60970","@timestamp":"2022-09-17T02:46:08.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:11 honeypot-ams-1 sshd[559]: Invalid user ubuntu from 60.179.177.78 port 32986","@timestamp":"2022-09-17T02:46:12.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:15 honeypot-ams-1 sshd[563]: Invalid user guest from 60.179.177.78 port 33212","@timestamp":"2022-09-17T02:46:15.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:19 honeypot-ams-1 sshd[567]: Invalid user cirros from 60.179.177.78 port 33444","@timestamp":"2022-09-17T02:46:19.746Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:47:48 honeypot-fra-1 sshd[23489]: Received disconnect from 62.204.41.222 port 15139:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-17T02:47:49.339Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:49:08.746Z","@version":"1","message":"Sep 17 02:49:08 honeypot-sgp-1 kernel: [84259053.177749] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.95.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=31504 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:49:49 honeypot-ams-1 kernel: [84259569.936958] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=53745 PROTO=TCP SPT=43117 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:49:49.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:52:57 honeypot-fra-1 kernel: [84257589.879623] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=66.228.40.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=55646 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:52:58.454Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:59:28 honeypot-fra-1 sshd[23501]: Disconnected from invalid user www 213.74.115.162 port 36714 [preauth]","@timestamp":"2022-09-17T02:59:28.603Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:00:14.023Z","@version":"1","message":"Sep 17 03:00:14 honeypot-sgp-1 kernel: [84259718.963491] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=223.71.167.164 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=111 ID=58202 PROTO=TCP SPT=51232 DPT=636 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:02:54 honeypot-ams-1 kernel: [84260355.185199] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=53892 PROTO=TCP SPT=19191 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:02:55.179Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:03:50 honeypot-fra-1 sshd[23508]: Connection closed by invalid user support 179.60.147.69 port 20840 [preauth]","@timestamp":"2022-09-17T03:03:51.709Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:07:13.201Z","@version":"1","message":"Sep 17 03:07:13 honeypot-sgp-1 kernel: [84260137.954307] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.95.209 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=33894 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:07:34 honeypot-fra-1 sshd[23513]: Disconnected from authenticating user root 92.255.85.70 port 57192 [preauth]","@timestamp":"2022-09-17T03:07:34.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:14:03 honeypot-fra-1 kernel: [84258855.608175] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.248.45.9 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=37731 PROTO=TCP SPT=44313 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:14:03.943Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T03:17:01.454Z","@version":"1","message":"Sep 17 03:17:01 honeypot-sgp-1 CRON[26943]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:17:01 honeypot-ams-1 CRON[579]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T03:17:01.555Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:17:01 honeypot-fra-1 CRON[23524]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T03:17:02.012Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:18:50 honeypot-ams-1 sshd[584]: Received disconnect from 123.30.157.54 port 32776:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:18:50.605Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:25:08 honeypot-fra-1 sshd[23532]: Disconnected from invalid user chaunte 219.78.72.195 port 43230 [preauth]","@timestamp":"2022-09-17T03:25:08.190Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:26:51.696Z","@version":"1","message":"Sep 17 03:26:50 honeypot-sgp-1 sshd[26952]: Connection reset by 124.71.209.98 port 55196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:01 honeypot-fra-1 sshd[23538]: Invalid user user from 45.61.186.49 port 37486","@timestamp":"2022-09-17T03:27:02.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:11 honeypot-fra-1 sshd[23542]: Invalid user user from 45.61.186.49 port 49084","@timestamp":"2022-09-17T03:27:12.238Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:28:12 honeypot-ams-1 kernel: [84261873.083360] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.145.61.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=49112 PROTO=TCP SPT=48178 DPT=80 WINDOW=62579 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:28:12.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:29:04 honeypot-fra-1 kernel: [84259756.226954] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=63111 DF PROTO=TCP SPT=53496 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:29:05.282Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:05 honeypot-ams-1 sshd[594]: Disconnected from invalid user user 45.61.186.49 port 52342 [preauth]","@timestamp":"2022-09-17T03:36:06.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:16 honeypot-ams-1 sshd[598]: Disconnected from invalid user user 45.61.186.49 port 35762 [preauth]","@timestamp":"2022-09-17T03:36:17.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:37:37 honeypot-ams-1 sshd[602]: Disconnected from invalid user graal 93.153.192.254 port 33800 [preauth]","@timestamp":"2022-09-17T03:37:38.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:39:26 honeypot-fra-1 sshd[23550]: Connection closed by invalid user  101.78.172.126 port 50122 [preauth]","@timestamp":"2022-09-17T03:39:27.520Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:41:34.052Z","@version":"1","message":"Sep 17 03:41:33 honeypot-sgp-1 sshd[26959]: Invalid user allison from 190.144.141.210 port 41672","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:42:09 honeypot-ams-1 sshd[607]: Connection closed by authenticating user root 179.60.147.69 port 24404 [preauth]","@timestamp":"2022-09-17T03:42:09.216Z"}
{"@timestamp":"2022-09-17T03:43:30.100Z","@version":"1","message":"Sep 17 03:43:29 honeypot-sgp-1 kernel: [84262314.365219] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=40848 PROTO=TCP SPT=40221 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:43:53 honeypot-fra-1 sshd[23556]: Disconnected from authenticating user root 103.139.186.58 port 54652 [preauth]","@timestamp":"2022-09-17T03:43:53.626Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:48:53.231Z","@version":"1","message":"Sep 17 03:48:52 honeypot-sgp-1 sshd[26966]: Disconnected from invalid user ze 137.184.123.69 port 40872 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:52:11 honeypot-fra-1 sshd[23566]: Received disconnect from 27.118.22.221 port 36126:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:52:11.829Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:53:44.351Z","@version":"1","message":"Sep 17 03:53:44 honeypot-sgp-1 kernel: [84262929.166776] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=34455 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 03:55:15 honeypot-ams-1 kernel: [84263496.469229] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.250.133 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=48778 PROTO=TCP SPT=26220 DPT=443 WINDOW=10020 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:55:16.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:56:35 honeypot-fra-1 sshd[23570]: Connection closed by invalid user admin 118.42.18.46 port 47038 [preauth]","@timestamp":"2022-09-17T03:56:35.923Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:00:17 honeypot-ams-1 kernel: [84263798.778022] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.216.14.40 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=7005 PROTO=TCP SPT=50405 DPT=443 WINDOW=64730 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:00:18.689Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:02:44 honeypot-fra-1 kernel: [84261776.451553] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=55411 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:02:45.105Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:07:48 honeypot-ams-1 kernel: [84264249.865252] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.234.133.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=64058 PROTO=TCP SPT=11264 DPT=443 WINDOW=1069 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:07:49.893Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:14:01 honeypot-fra-1 kernel: [84262452.957244] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.96.138 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41040 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:14:01.367Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:14:15.846Z","@version":"1","message":"Sep 17 04:14:15 honeypot-sgp-1 sshd[26991]: Invalid user songjiazhi from 103.188.176.251 port 53294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:17:01 honeypot-fra-1 CRON[23591]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T04:17:01.440Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:17:03 honeypot-ams-1 kernel: [84264804.507211] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=50763 PROTO=TCP SPT=40221 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:17:04.140Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:20:23 honeypot-fra-1 sshd[23600]: Bad protocol version identification '\\003' from 194.165.16.10 port 39659","@timestamp":"2022-09-17T04:20:23.520Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:21:01.014Z","@version":"1","message":"Sep 17 04:21:00 honeypot-sgp-1 sshd[27001]: Invalid user monitor from 196.1.97.206 port 38602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T04:22:04.041Z","@version":"1","message":"Sep 17 04:22:03 honeypot-sgp-1 kernel: [84264628.243053] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.120 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35275 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:26:09 honeypot-fra-1 sshd[23609]: Received disconnect from 165.22.45.108 port 41130:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:26:09.654Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:00 honeypot-ams-1 sshd[630]: Invalid user user from 45.61.186.49 port 45190","@timestamp":"2022-09-17T04:27:00.410Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:10 honeypot-ams-1 sshd[634]: Invalid user user from 45.61.186.49 port 56918","@timestamp":"2022-09-17T04:27:11.416Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:28:14 honeypot-ams-1 kernel: [84265475.690783] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.156.73.178 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=34909 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:28:15.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:31:33 honeypot-fra-1 sshd[23620]: Did not receive identification string from 45.61.186.169 port 53948","@timestamp":"2022-09-17T04:31:33.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:13 honeypot-fra-1 sshd[23625]: Disconnected from invalid user user 45.61.186.169 port 51332 [preauth]","@timestamp":"2022-09-17T04:32:13.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:31 honeypot-fra-1 sshd[23629]: Disconnected from invalid user user 45.61.186.169 port 46294 [preauth]","@timestamp":"2022-09-17T04:32:31.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:48 honeypot-fra-1 sshd[23633]: Disconnected from invalid user user 45.61.186.169 port 41236 [preauth]","@timestamp":"2022-09-17T04:32:49.812Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:34:56 honeypot-ams-1 sshd[639]: Disconnected from invalid user kyivstar 62.204.41.222 port 38288 [preauth]","@timestamp":"2022-09-17T04:34:56.620Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:35:01 honeypot-fra-1 kernel: [84263713.492983] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40476 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:35:01.865Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:39:09.454Z","@version":"1","message":"Sep 17 04:39:08 honeypot-sgp-1 sshd[27012]: Received disconnect from 159.203.177.51 port 49278:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:40:17 honeypot-ams-1 sshd[646]: Did not receive identification string from 120.48.34.231 port 46766","@timestamp":"2022-09-17T04:40:17.758Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:41:37 honeypot-fra-1 sshd[23646]: Disconnected from authenticating user root 61.177.173.52 port 30943 [preauth]","@timestamp":"2022-09-17T04:41:38.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:45:18 honeypot-fra-1 sshd[23653]: Received disconnect from 143.198.154.97 port 39322:11: Bye Bye [preauth]","@timestamp":"2022-09-17T04:45:19.102Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:49:18 honeypot-fra-1 sshd[23658]: Received disconnect from 122.170.105.253 port 55158:11: Bye Bye [preauth]","@timestamp":"2022-09-17T04:49:19.196Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:49:48.716Z","@version":"1","message":"Sep 17 04:49:48 honeypot-sgp-1 sshd[27019]: Received disconnect from 61.177.172.114 port 51141:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:50:23 honeypot-ams-1 kernel: [84266804.706439] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=4788 PROTO=TCP SPT=46042 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:50:24.042Z"}
{"@timestamp":"2022-09-17T04:50:41.742Z","@version":"1","message":"Sep 17 04:50:41 honeypot-sgp-1 kernel: [84266346.200243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.156.73.178 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=39511 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:51:25 honeypot-fra-1 sshd[23661]: Received disconnect from 206.189.146.112 port 39946:11: Bye Bye [preauth]","@timestamp":"2022-09-17T04:51:26.249Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23671]: Invalid user linkxess from 185.209.179.41 port 40866","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23689]: Invalid user devops from 185.209.179.41 port 40898","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23669]: Invalid user es from 185.209.179.41 port 40852","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23683]: Invalid user esuser from 185.209.179.41 port 40886","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23684]: Connection closed by invalid user ts3server 185.209.179.41 port 40906 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23687]: Connection closed by invalid user admin 185.209.179.41 port 40914 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23682]: Connection closed by invalid user ubuntu 185.209.179.41 port 40930 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23685]: Connection closed by invalid user cloud 185.209.179.41 port 40860 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:19 honeypot-fra-1 sshd[23716]: Connection closed by invalid user ansible 185.209.179.41 port 40948 [preauth]","@timestamp":"2022-09-17T04:52:19.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23726]: Invalid user nguser from 185.209.179.41 port 40908","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23726]: Connection closed by invalid user nguser 185.209.179.41 port 40908 [preauth]","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:40 honeypot-fra-1 sshd[23739]: Connection closed by invalid user user 179.60.147.69 port 9090 [preauth]","@timestamp":"2022-09-17T04:52:40.281Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:53:15.808Z","@version":"1","message":"Sep 17 04:53:15 honeypot-sgp-1 sshd[27027]: Received disconnect from 2.234.152.80 port 60250:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T04:57:46.920Z","@version":"1","message":"Sep 17 04:57:46 honeypot-sgp-1 kernel: [84266770.974466] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.204.163 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36607 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:00:04 honeypot-ams-1 kernel: [84267385.209572] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.156.155.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=18242 PROTO=TCP SPT=45326 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:00:05.299Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:00:21 honeypot-fra-1 sshd[23747]: Received disconnect from 61.177.172.19 port 43265:11:  [preauth]","@timestamp":"2022-09-17T05:00:21.459Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:00:48.996Z","@version":"1","message":"Sep 17 05:00:48 honeypot-sgp-1 sshd[27039]: Disconnected from authenticating user root 41.138.54.13 port 49886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:44.069Z","@version":"1","message":"Sep 17 05:03:43 honeypot-sgp-1 sshd[27044]: Disconnected from invalid user user 45.61.186.49 port 47702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:53.075Z","@version":"1","message":"Sep 17 05:03:53 honeypot-sgp-1 sshd[27048]: Disconnected from invalid user user 45.61.186.49 port 59320 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:05:52.123Z","@version":"1","message":"Sep 17 05:05:51 honeypot-sgp-1 kernel: [84267256.829096] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.194.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41068 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:09:36.214Z","@version":"1","message":"Sep 17 05:09:35 honeypot-sgp-1 sshd[27059]: Received disconnect from 61.177.173.36 port 26957:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:12:49 honeypot-fra-1 sshd[23761]: Connection closed by authenticating user root 194.163.190.53 port 41458 [preauth]","@timestamp":"2022-09-17T05:12:49.737Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:14:49.340Z","@version":"1","message":"Sep 17 05:14:49 honeypot-sgp-1 sshd[27064]: Disconnected from authenticating user root 61.177.173.46 port 44230 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:15:32 honeypot-ams-1 kernel: [84268313.294915] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=90 TOS=0x00 PREC=0x00 TTL=252 ID=17805 PROTO=TCP SPT=31093 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:15:32.694Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:18:59 honeypot-ams-1 kernel: [84268520.102440] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=175.178.232.121 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=55167 PROTO=TCP SPT=53813 DPT=80 WINDOW=34917 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:18:59.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:20:31 honeypot-fra-1 sshd[23771]: Received disconnect from 168.121.105.25 port 22704:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:20:31.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:21:40.507Z","@version":"1","message":"Sep 17 05:21:40 honeypot-sgp-1 sshd[27074]: Invalid user energy from 89.22.165.187 port 27637","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:22:18 honeypot-fra-1 sshd[23776]: Disconnected from invalid user dev 103.92.26.252 port 53800 [preauth]","@timestamp":"2022-09-17T05:22:18.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:23:58 honeypot-fra-1 sshd[23782]: Disconnected from authenticating user root 61.177.173.39 port 11555 [preauth]","@timestamp":"2022-09-17T05:23:58.994Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:04 honeypot-ams-1 sshd[665]: Invalid user user from 45.61.187.160 port 50208","@timestamp":"2022-09-17T05:26:04.975Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:26:09 honeypot-fra-1 sshd[23788]: Disconnected from invalid user ghost 15.235.140.144 port 50624 [preauth]","@timestamp":"2022-09-17T05:26:10.047Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:23 honeypot-ams-1 sshd[669]: Invalid user user from 45.61.187.160 port 44598","@timestamp":"2022-09-17T05:26:23.984Z"}
{"@timestamp":"2022-09-17T05:26:26.622Z","@version":"1","message":"Sep 17 05:26:26 honeypot-sgp-1 kernel: [84268491.253058] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=110 ID=14089 DF PROTO=TCP SPT=57677 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:40 honeypot-ams-1 sshd[673]: Invalid user user from 45.61.187.160 port 38890","@timestamp":"2022-09-17T05:26:40.993Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:57 honeypot-ams-1 sshd[677]: Invalid user user from 45.61.187.160 port 33220","@timestamp":"2022-09-17T05:26:58.002Z"}
{"@timestamp":"2022-09-17T05:30:46.729Z","@version":"1","message":"Sep 17 05:30:46 honeypot-sgp-1 kernel: [84268751.047350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=15351 PROTO=TCP SPT=52605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:30:52 honeypot-fra-1 kernel: [84267063.571038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=12183 PROTO=TCP SPT=52605 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:30:52.156Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:31:02 honeypot-ams-1 sshd[680]: Invalid user debian from 179.60.147.69 port 40150","@timestamp":"2022-09-17T05:31:03.111Z"}
{"@timestamp":"2022-09-17T05:33:52.806Z","@version":"1","message":"Sep 17 05:33:52 honeypot-sgp-1 sshd[27524]: Invalid user user from 45.61.184.204 port 41168","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:11.816Z","@version":"1","message":"Sep 17 05:34:11 honeypot-sgp-1 sshd[27528]: Invalid user user from 45.61.184.204 port 35630","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:21.821Z","@version":"1","message":"Sep 17 05:34:21 honeypot-sgp-1 sshd[27530]: Disconnected from invalid user user 45.61.184.204 port 46986 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:40.830Z","@version":"1","message":"Sep 17 05:34:40 honeypot-sgp-1 sshd[27534]: Disconnected from invalid user user 45.61.184.204 port 41446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:38:38 honeypot-fra-1 sshd[24239]: Disconnected from authenticating user root 183.83.49.121 port 51340 [preauth]","@timestamp":"2022-09-17T05:38:38.330Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:41:40 honeypot-ams-1 kernel: [84269881.267768] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54857 PROTO=TCP SPT=52948 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:41:41.386Z"}
{"@timestamp":"2022-09-17T05:42:04.011Z","@version":"1","message":"Sep 17 05:42:03 honeypot-sgp-1 sshd[27542]: Received disconnect from 61.177.173.51 port 53569:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:42:58 honeypot-fra-1 sshd[24244]: Disconnected from authenticating user root 61.177.172.114 port 35462 [preauth]","@timestamp":"2022-09-17T05:42:59.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:45:44 honeypot-fra-1 sshd[24252]: Disconnected from authenticating user root 61.177.172.104 port 54713 [preauth]","@timestamp":"2022-09-17T05:45:44.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:53:24 honeypot-fra-1 kernel: [84268416.270894] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.99 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=52003 PROTO=TCP SPT=62738 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:53:25.676Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:53:29 honeypot-ams-1 sshd[692]: Disconnected from authenticating user root 159.65.11.5 port 33764 [preauth]","@timestamp":"2022-09-17T05:53:29.686Z"}
{"@timestamp":"2022-09-17T05:53:55.299Z","@version":"1","message":"Sep 17 05:53:54 honeypot-sgp-1 sshd[27550]: Connection reset by 61.177.172.124 port 27512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:55:41 honeypot-fra-1 kernel: [84268553.144995] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=42882 PROTO=TCP SPT=19805 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:55:41.732Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:57:02 honeypot-ams-1 kernel: [84270803.252068] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=161.22.53.207 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=24567 PROTO=TCP SPT=39598 DPT=80 WINDOW=56294 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:57:02.780Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:03:40 honeypot-fra-1 sshd[24269]: Connection closed by authenticating user root 194.163.190.53 port 45404 [preauth]","@timestamp":"2022-09-17T06:03:40.915Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:04:12.547Z","@version":"1","message":"Sep 17 06:04:12 honeypot-sgp-1 sshd[27557]: Connection closed by authenticating user nobody 179.60.147.69 port 62516 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:05:46 honeypot-fra-1 sshd[24277]: Received disconnect from 23.94.194.115 port 60302:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:05:46.966Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:06:04 honeypot-ams-1 kernel: [84271345.716745] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=67.150.37.58 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=43491 PROTO=TCP SPT=45407 DPT=80 WINDOW=25399 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:06:05.024Z"}
{"@timestamp":"2022-09-17T06:07:35.632Z","@version":"1","message":"Sep 17 06:07:35 honeypot-sgp-1 sshd[27566]: Invalid user pi from 210.125.97.225 port 37212","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:08:23 honeypot-ams-1 sshd[706]: Received disconnect from 116.177.233.76 port 7934:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:08:23.085Z"}
{"@timestamp":"2022-09-17T06:08:51.664Z","@version":"1","message":"Sep 17 06:08:50 honeypot-sgp-1 sshd[27569]: Received disconnect from 123.30.187.208 port 47124:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:11:20 honeypot-ams-1 sshd[708]: Disconnected from invalid user r 164.92.233.93 port 52232 [preauth]","@timestamp":"2022-09-17T06:11:21.163Z"}
{"@timestamp":"2022-09-17T06:14:38.928Z","@version":"1","message":"Sep 17 06:14:38 honeypot-sgp-1 kernel: [84271382.939287] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.163.125.230 DST=159.89.202.188 LEN=44 TOS=0x08 PREC=0x00 TTL=238 ID=37918 PROTO=TCP SPT=40937 DPT=443 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:16:57 honeypot-fra-1 sshd[24287]: Disconnected from authenticating user root 61.177.173.36 port 43644 [preauth]","@timestamp":"2022-09-17T06:16:58.221Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:17:01 honeypot-ams-1 CRON[715]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T06:17:01.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:21:11 honeypot-fra-1 sshd[24295]: Received disconnect from 61.177.173.37 port 54125:11:  [preauth]","@timestamp":"2022-09-17T06:21:12.319Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:23:36.151Z","@version":"1","message":"Sep 17 06:23:36 honeypot-sgp-1 sshd[27585]: Received disconnect from 61.177.172.19 port 40479:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:23:40 honeypot-fra-1 sshd[24299]: Disconnected from authenticating user root 61.177.173.39 port 58905 [preauth]","@timestamp":"2022-09-17T06:23:41.376Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:23:58 honeypot-ams-1 sshd[722]: Received disconnect from 221.165.227.155 port 38870:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:23:58.535Z"}
{"@timestamp":"2022-09-17T06:25:08.196Z","@version":"1","message":"Sep 17 06:25:07 honeypot-sgp-1 CRON[27589]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:26:02 honeypot-ams-1 kernel: [84272543.683400] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.46.249 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=52715 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:26:03.596Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:28:45 honeypot-fra-1 sshd[24462]: Did not receive identification string from 87.236.176.129 port 43229","@timestamp":"2022-09-17T06:28:46.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:31:13 honeypot-fra-1 sshd[24468]: Connection closed by invalid user user 193.106.191.157 port 57914 [preauth]","@timestamp":"2022-09-17T06:31:14.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:35:15 honeypot-fra-1 sshd[24566]: Disconnected from authenticating user root 103.170.246.22 port 56964 [preauth]","@timestamp":"2022-09-17T06:35:16.677Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:35:33.452Z","@version":"1","message":"Sep 17 06:35:32 honeypot-sgp-1 sshd[27746]: Disconnected from 61.177.173.46 port 24250 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:38:32 honeypot-fra-1 sshd[24570]: Disconnected from invalid user testtest 115.75.142.7 port 51206 [preauth]","@timestamp":"2022-09-17T06:38:32.753Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:39:19.548Z","@version":"1","message":"Sep 17 06:39:19 honeypot-sgp-1 sshd[27750]: Received disconnect from 61.177.172.124 port 53229:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:40:27.578Z","@version":"1","message":"Sep 17 06:40:27 honeypot-sgp-1 sshd[27754]: Connection closed by invalid user support 179.60.147.69 port 16018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:42:29.631Z","@version":"1","message":"Sep 17 06:42:28 honeypot-sgp-1 sshd[27761]: Invalid user nodeproxy from 103.188.176.251 port 60226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:42:42 honeypot-ams-1 kernel: [84273543.498079] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.90.148.15 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=4327 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:42:43.025Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:42:57 honeypot-fra-1 sshd[24577]: Disconnected from authenticating user root 61.177.173.35 port 21755 [preauth]","@timestamp":"2022-09-17T06:42:57.855Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:49:38.805Z","@version":"1","message":"Sep 17 06:49:38 honeypot-sgp-1 sshd[27948]: Disconnected from 61.177.173.52 port 58181 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:53:38 honeypot-fra-1 sshd[24586]: Received disconnect from 61.177.173.52 port 32637:11:  [preauth]","@timestamp":"2022-09-17T06:53:39.098Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:54:53.938Z","@version":"1","message":"Sep 17 06:54:53 honeypot-sgp-1 sshd[27955]: Disconnected from authenticating user root 61.177.172.98 port 17821 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:00:43 honeypot-fra-1 sshd[24598]: Invalid user castle from 141.98.10.158 port 42902","@timestamp":"2022-09-17T07:00:44.259Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:06:25 honeypot-ams-1 sshd[992]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-17T07:06:25.628Z"}
{"@timestamp":"2022-09-17T07:06:36.222Z","@version":"1","message":"Sep 17 07:06:35 honeypot-sgp-1 kernel: [84274500.618133] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=50.116.49.164 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=61382 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:07:03 honeypot-fra-1 sshd[24605]: Received disconnect from 129.226.165.250 port 47952:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:07:03.406Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:14:22.415Z","@version":"1","message":"Sep 17 07:14:22 honeypot-sgp-1 sshd[27972]: Disconnected from authenticating user root 218.92.0.221 port 41299 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:01 honeypot-fra-1 CRON[24616]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T07:17:01.631Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:51 honeypot-fra-1 sshd[24622]: Invalid user ubnt from 179.60.147.69 port 21650","@timestamp":"2022-09-17T07:17:51.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:03 honeypot-fra-1 sshd[24626]: Received disconnect from 45.61.186.169 port 41162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:18:03.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:19 honeypot-fra-1 sshd[24630]: Received disconnect from 45.61.186.169 port 36156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:18:20.668Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:35 honeypot-fra-1 sshd[24634]: Received disconnect from 45.61.186.169 port 59370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:18:35.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:20:03 honeypot-ams-1 sshd[1000]: Connection closed by invalid user ubnt 179.60.147.69 port 37358 [preauth]","@timestamp":"2022-09-17T07:20:03.983Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:21:34 honeypot-fra-1 sshd[24642]: Received disconnect from 61.177.173.49 port 25092:11:  [preauth]","@timestamp":"2022-09-17T07:21:34.745Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:27:45.754Z","@version":"1","message":"Sep 17 07:27:45 honeypot-sgp-1 sshd[27983]: Disconnected from authenticating user root 61.177.172.19 port 31280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:01 honeypot-ams-1 sshd[1007]: Disconnected from invalid user ftpuser 193.142.146.50 port 45286 [preauth]","@timestamp":"2022-09-17T07:28:02.193Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:24 honeypot-ams-1 sshd[1011]: Received disconnect from 193.142.146.50 port 44154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:28:25.206Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:29:07 honeypot-fra-1 sshd[24652]: Connection closed by authenticating user root 194.163.190.53 port 40224 [preauth]","@timestamp":"2022-09-17T07:29:07.917Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:01 honeypot-ams-1 sshd[1015]: Received disconnect from 193.142.146.50 port 42454:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:30:02.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:26 honeypot-ams-1 sshd[1019]: Received disconnect from 193.142.146.50 port 41320:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:30:27.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:31:16 honeypot-ams-1 sshd[1023]: Received disconnect from 193.142.146.50 port 40188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:31:17.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:08 honeypot-ams-1 sshd[1465]: Received disconnect from 193.142.146.50 port 39056:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T07:32:08.313Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:36 honeypot-ams-1 sshd[1469]: Invalid user postgres from 193.142.146.50 port 37922","@timestamp":"2022-09-17T07:32:36.328Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:33:47 honeypot-ams-1 sshd[1475]: Invalid user test from 193.142.146.50 port 36790","@timestamp":"2022-09-17T07:33:48.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:36:40 honeypot-fra-1 kernel: [84274612.214511] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.37.190.250 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57100 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:36:41.089Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T07:40:25.053Z","@version":"1","message":"Sep 17 07:40:24 honeypot-sgp-1 kernel: [84276529.183354] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=33858 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:41:57 honeypot-ams-1 kernel: [84277098.480153] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.35.128.6 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=15533 PROTO=TCP SPT=41123 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:41:58.568Z"}
{"@timestamp":"2022-09-17T07:42:29.106Z","@version":"1","message":"Sep 17 07:42:28 honeypot-sgp-1 sshd[28002]: Disconnected from invalid user monitor 1.224.37.98 port 39196 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:48 honeypot-ams-1 sshd[1485]: Invalid user ubnt from 39.90.161.165 port 38356","@timestamp":"2022-09-17T07:43:48.618Z"}
{"@timestamp":"2022-09-17T07:43:52.142Z","@version":"1","message":"Sep 17 07:43:51 honeypot-sgp-1 kernel: [84276736.486204] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.37.190.250 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=33348 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:52 honeypot-ams-1 sshd[1489]: Disconnected from authenticating user root 39.90.161.165 port 38422 [preauth]","@timestamp":"2022-09-17T07:43:52.620Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:57 honeypot-ams-1 sshd[1495]: Disconnected from authenticating user root 39.90.161.165 port 38880 [preauth]","@timestamp":"2022-09-17T07:43:58.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:03 honeypot-ams-1 sshd[1501]: Disconnected from authenticating user root 39.90.161.165 port 39000 [preauth]","@timestamp":"2022-09-17T07:44:03.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:09 honeypot-ams-1 sshd[1507]: Disconnected from authenticating user root 39.90.161.165 port 39470 [preauth]","@timestamp":"2022-09-17T07:44:09.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:15 honeypot-ams-1 sshd[1513]: Disconnected from authenticating user root 39.90.161.165 port 39830 [preauth]","@timestamp":"2022-09-17T07:44:15.634Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:20 honeypot-ams-1 sshd[1519]: Disconnected from authenticating user root 39.90.161.165 port 40052 [preauth]","@timestamp":"2022-09-17T07:44:21.639Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:26 honeypot-ams-1 sshd[1525]: Disconnected from authenticating user root 39.90.161.165 port 40476 [preauth]","@timestamp":"2022-09-17T07:44:26.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:31 honeypot-ams-1 sshd[1531]: Disconnected from authenticating user root 39.90.161.165 port 40624 [preauth]","@timestamp":"2022-09-17T07:44:32.646Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:37 honeypot-ams-1 sshd[1537]: Disconnected from authenticating user root 39.90.161.165 port 41068 [preauth]","@timestamp":"2022-09-17T07:44:38.650Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:44:39 honeypot-fra-1 kernel: [84275090.303436] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=65.49.20.119 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=45002 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:44:39.275Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:43 honeypot-ams-1 sshd[1543]: Disconnected from authenticating user root 39.90.161.165 port 41224 [preauth]","@timestamp":"2022-09-17T07:44:43.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:12 honeypot-ams-1 sshd[1552]: Invalid user user from 45.61.186.49 port 52666","@timestamp":"2022-09-17T07:45:13.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:20 honeypot-ams-1 sshd[1556]: Invalid user user from 45.61.186.49 port 36036","@timestamp":"2022-09-17T07:45:21.674Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:45:26 honeypot-ams-1 kernel: [84277307.088820] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.100.87.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=15212 PROTO=TCP SPT=57373 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:45:26.676Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:48:39 honeypot-ams-1 sshd[1566]: Invalid user gr from 202.125.94.212 port 35255","@timestamp":"2022-09-17T07:48:39.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:49:28 honeypot-fra-1 sshd[24684]: Received disconnect from 61.177.173.50 port 64884:11:  [preauth]","@timestamp":"2022-09-17T07:49:29.387Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:49:56 honeypot-ams-1 sshd[1569]: Disconnected from invalid user vpnguardbot 161.35.229.78 port 58504 [preauth]","@timestamp":"2022-09-17T07:49:56.796Z"}
{"@timestamp":"2022-09-17T07:52:33.349Z","@version":"1","message":"Sep 17 07:52:32 honeypot-sgp-1 kernel: [84277257.590363] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=118.123.105.87 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=24631 PROTO=TCP SPT=32988 DPT=443 WINDOW=63540 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:55:39 honeypot-fra-1 sshd[24691]: Connection closed by authenticating user root 194.163.190.53 port 43042 [preauth]","@timestamp":"2022-09-17T07:55:40.531Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:56:15.441Z","@version":"1","message":"Sep 17 07:56:14 honeypot-sgp-1 sshd[28021]: Received disconnect from 14.161.27.163 port 45626:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:56:20 honeypot-ams-1 sshd[1574]: Connection closed by invalid user blank 179.60.147.69 port 38108 [preauth]","@timestamp":"2022-09-17T07:56:20.963Z"}
{"@timestamp":"2022-09-17T08:00:35.545Z","@version":"1","message":"Sep 17 08:00:35 honeypot-sgp-1 sshd[28027]: Disconnected from authenticating user root 61.177.172.98 port 32280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T08:07:55.721Z","@version":"1","message":"Sep 17 08:07:55 honeypot-sgp-1 sshd[28034]: Received disconnect from 211.220.47.138 port 54898:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:09:05 honeypot-ams-1 sshd[1581]: Disconnected from invalid user zu 189.100.73.39 port 51177 [preauth]","@timestamp":"2022-09-17T08:09:06.292Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:09:17 honeypot-fra-1 kernel: [84276568.434954] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=85 TOS=0x00 PREC=0x00 TTL=250 ID=13880 PROTO=TCP SPT=31587 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:09:17.838Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:11:39 honeypot-fra-1 sshd[24727]: Unable to negotiate with 190.124.32.18 port 55607: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-17T08:11:39.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:01 honeypot-fra-1 CRON[24761]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T08:17:02.022Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:17:01 honeypot-ams-1 CRON[1587]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T08:17:02.501Z"}
{"@timestamp":"2022-09-17T08:17:24.947Z","@version":"1","message":"Sep 17 08:17:24 honeypot-sgp-1 kernel: [84278748.898684] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=34424 PROTO=TCP SPT=25119 DPT=443 WINDOW=35204 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:30 honeypot-fra-1 sshd[24766]: Disconnected from invalid user ftpuser 178.128.72.150 port 37532 [preauth]","@timestamp":"2022-09-17T08:17:31.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:18:21 honeypot-fra-1 sshd[24771]: Received disconnect from 178.128.72.150 port 36458:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:18:22.059Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:09 honeypot-fra-1 sshd[24775]: Received disconnect from 178.128.72.150 port 35376:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:19:10.079Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:57 honeypot-fra-1 sshd[24779]: Received disconnect from 178.128.72.150 port 34340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:19:58.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:29 honeypot-fra-1 sshd[24783]: Received disconnect from 165.22.45.108 port 33476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:20:29.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:07 honeypot-fra-1 sshd[24787]: Received disconnect from 178.128.72.150 port 46806:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:21:08.132Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:55 honeypot-fra-1 sshd[24793]: Invalid user ts3 from 178.128.72.150 port 45724","@timestamp":"2022-09-17T08:21:55.154Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:22:40 honeypot-fra-1 sshd[24797]: Received disconnect from 61.177.173.35 port 33336:11:  [preauth]","@timestamp":"2022-09-17T08:22:41.173Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:25:25 honeypot-fra-1 sshd[24802]: Received disconnect from 61.177.173.46 port 31062:11:  [preauth]","@timestamp":"2022-09-17T08:25:25.238Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:29:23.240Z","@version":"1","message":"Sep 17 08:29:23 honeypot-sgp-1 sshd[28068]: Invalid user guest from 179.60.147.69 port 48602","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:30:53 honeypot-fra-1 sshd[24809]: Connection closed by authenticating user root 194.163.190.53 port 59744 [preauth]","@timestamp":"2022-09-17T08:30:53.365Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24820]: Invalid user amanda from 43.138.78.204 port 49922","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24827]: Invalid user mysql from 43.138.78.204 port 49850","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24820]: Connection closed by invalid user amanda 43.138.78.204 port 49922 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24827]: Connection closed by invalid user mysql 43.138.78.204 port 49850 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:22 honeypot-fra-1 sshd[24836]: Connection closed by invalid user elastic 43.138.78.204 port 49820 [preauth]","@timestamp":"2022-09-17T08:31:23.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24851]: Invalid user systemx from 43.138.78.204 port 49876","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24854]: Invalid user blackvoid from 43.138.78.204 port 49842","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24845]: Connection closed by invalid user zerotier-one 43.138.78.204 port 49926 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24852]: Connection closed by invalid user linkxess 43.138.78.204 port 49844 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24859]: Connection closed by invalid user pvm 43.138.78.204 port 49908 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:32:44 honeypot-ams-1 sshd[1610]: Invalid user guest from 179.60.147.69 port 50418","@timestamp":"2022-09-17T08:32:44.912Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:35:19 honeypot-ams-1 kernel: [84280300.460157] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=34327 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:35:19.984Z"}
{"@timestamp":"2022-09-17T08:37:27.438Z","@version":"1","message":"Sep 17 08:37:26 honeypot-sgp-1 sshd[28074]: Received disconnect from 61.177.173.37 port 45345:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:43:18 honeypot-fra-1 sshd[24886]: Invalid user  from 152.32.154.27 port 58696","@timestamp":"2022-09-17T08:43:19.648Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:43:45 honeypot-ams-1 sshd[1620]: Connection closed by invalid user nodeproxy 103.188.176.251 port 49254 [preauth]","@timestamp":"2022-09-17T08:43:46.212Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:24 honeypot-fra-1 sshd[24894]: Invalid user user from 45.61.186.49 port 33196","@timestamp":"2022-09-17T08:46:24.718Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:29 honeypot-fra-1 sshd[24896]: Received disconnect from 45.61.186.49 port 38948:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:46:29.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:36 honeypot-fra-1 sshd[24900]: Received disconnect from 45.61.186.49 port 50454:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:46:37.725Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:49:43 honeypot-ams-1 sshd[1627]: Received disconnect from 203.223.191.206 port 37808:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:49:44.370Z"}
{"@timestamp":"2022-09-17T08:50:20.747Z","@version":"1","message":"Sep 17 08:50:20 honeypot-sgp-1 kernel: [84280725.327424] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.159.210 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=4433 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:51:07 honeypot-fra-1 kernel: [84279078.849210] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.176 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=32815 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:51:07.834Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:52:35 honeypot-ams-1 sshd[1632]: Received disconnect from 138.68.2.22 port 50242:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:52:35.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:54:24 honeypot-ams-1 sshd[1637]: Connection closed by invalid user  64.62.197.92 port 3020 [preauth]","@timestamp":"2022-09-17T08:54:24.498Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:57:09 honeypot-fra-1 sshd[24910]: Connection closed by invalid user admin 194.163.190.53 port 58488 [preauth]","@timestamp":"2022-09-17T08:57:09.975Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:01:07 honeypot-fra-1 sshd[24918]: Invalid user  from 64.62.197.2 port 39398","@timestamp":"2022-09-17T09:01:08.091Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:04:22 honeypot-fra-1 kernel: [84279873.908133] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=5301 PROTO=TCP SPT=56902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:04:23.169Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T09:05:10.112Z","@version":"1","message":"Sep 17 09:05:09 honeypot-sgp-1 sshd[28093]: Disconnected from authenticating user root 61.177.172.19 port 49798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T09:05:37.125Z","@version":"1","message":"Sep 17 09:05:36 honeypot-sgp-1 sshd[28099]: Invalid user admin from 179.60.147.69 port 1486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:07:08 honeypot-fra-1 sshd[24931]: Disconnected from authenticating user root 61.177.173.52 port 51099 [preauth]","@timestamp":"2022-09-17T09:07:09.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:07:10 honeypot-ams-1 kernel: [84282211.517219] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=62041 PROTO=TCP SPT=46772 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:07:10.832Z"}
{"@timestamp":"2022-09-17T09:08:48.205Z","@version":"1","message":"Sep 17 09:08:47 honeypot-sgp-1 kernel: [84281832.132779] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.128.75 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=45774 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:13:01 honeypot-ams-1 kernel: [84282562.526703] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.216.191.54 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=53321 DF PROTO=TCP SPT=51102 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:13:01.987Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:13:59 honeypot-fra-1 kernel: [84280450.786963] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.248.41.54 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=34799 DF PROTO=TCP SPT=49430 DPT=443 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:14:00.391Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T09:14:48.355Z","@version":"1","message":"Sep 17 09:14:47 honeypot-sgp-1 kernel: [84282192.475665] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=6354 PROTO=TCP SPT=44499 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:16:29 honeypot-ams-1 sshd[1651]: Disconnected from invalid user ftpuser 178.128.72.150 port 56238 [preauth]","@timestamp":"2022-09-17T09:16:30.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:17:01 honeypot-fra-1 CRON[24943]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T09:17:01.462Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:17:24 honeypot-ams-1 sshd[1658]: Invalid user minecraft from 178.128.72.150 port 58336","@timestamp":"2022-09-17T09:17:25.106Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:18:17 honeypot-ams-1 sshd[1663]: Invalid user oracle from 178.128.72.150 port 60426","@timestamp":"2022-09-17T09:18:18.131Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:18:49 honeypot-fra-1 sshd[24948]: Received disconnect from 61.177.173.53 port 30233:11:  [preauth]","@timestamp":"2022-09-17T09:18:49.506Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:19:09 honeypot-ams-1 sshd[1667]: Invalid user test from 178.128.72.150 port 34286","@timestamp":"2022-09-17T09:19:10.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:01 honeypot-ams-1 sshd[1671]: Invalid user ftpuser from 178.128.72.150 port 36382","@timestamp":"2022-09-17T09:20:02.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:08 honeypot-fra-1 sshd[24953]: Invalid user user from 45.61.186.169 port 55898","@timestamp":"2022-09-17T09:20:08.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:25 honeypot-fra-1 sshd[24958]: Invalid user user from 45.61.186.169 port 51102","@timestamp":"2022-09-17T09:20:26.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:33 honeypot-fra-1 sshd[24960]: Disconnected from invalid user user 45.61.186.169 port 34580 [preauth]","@timestamp":"2022-09-17T09:20:34.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:20:42.503Z","@version":"1","message":"Sep 17 09:20:41 honeypot-sgp-1 kernel: [84282546.347414] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=9225 PROTO=TCP SPT=44499 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:49 honeypot-fra-1 sshd[24964]: Received disconnect from 45.61.186.169 port 58024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:20:50.561Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:54 honeypot-ams-1 sshd[1675]: Invalid user es from 178.128.72.150 port 38486","@timestamp":"2022-09-17T09:20:54.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:21:47 honeypot-ams-1 sshd[1679]: Invalid user postgres from 178.128.72.150 port 40582","@timestamp":"2022-09-17T09:21:47.232Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:22:35 honeypot-ams-1 kernel: [84283136.445265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.55.100.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=20202 PROTO=TCP SPT=19603 DPT=443 WINDOW=38256 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:22:36.256Z"}
{"@timestamp":"2022-09-17T09:27:18.662Z","@version":"1","message":"Sep 17 09:27:18 honeypot-sgp-1 sshd[28124]: Disconnected from authenticating user root 61.177.173.51 port 52515 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T09:37:32.912Z","@version":"1","message":"Sep 17 09:37:32 honeypot-sgp-1 kernel: [84283557.041691] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40771 PROTO=TCP SPT=47066 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:38:32 honeypot-ams-1 sshd[1687]: Received disconnect from 152.179.67.70 port 3707:11: Bye Bye [preauth]","@timestamp":"2022-09-17T09:38:32.669Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:38:59 honeypot-ams-1 kernel: [84284119.944526] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.207.248.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=37696 PROTO=TCP SPT=45531 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:38:59.684Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:11 honeypot-fra-1 sshd[24985]: Did not receive identification string from 193.142.146.50 port 46954","@timestamp":"2022-09-17T09:40:12.011Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:33 honeypot-fra-1 sshd[24988]: Received disconnect from 193.142.146.50 port 39560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:40:34.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:56 honeypot-fra-1 sshd[24993]: Disconnected from authenticating user root 193.142.146.50 port 38042 [preauth]","@timestamp":"2022-09-17T09:40:57.033Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:33 honeypot-fra-1 sshd[24999]: Invalid user oracle from 193.142.146.50 port 35766","@timestamp":"2022-09-17T09:42:34.073Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:59 honeypot-fra-1 sshd[25003]: Invalid user ubuntu from 193.142.146.50 port 34250","@timestamp":"2022-09-17T09:42:59.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:43:17 honeypot-fra-1 sshd[25007]: Received disconnect from 193.142.146.50 port 33490:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:43:18.093Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:12 honeypot-fra-1 sshd[25011]: Disconnected from invalid user redis 193.142.146.50 port 60964 [preauth]","@timestamp":"2022-09-17T09:44:13.115Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:44:34.106Z","@version":"1","message":"Sep 17 09:44:33 honeypot-sgp-1 sshd[28136]: Disconnected from authenticating user root 61.177.173.36 port 50308 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:41 honeypot-fra-1 sshd[25015]: Received disconnect from 193.142.146.50 port 59446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:44:41.128Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:57 honeypot-fra-1 sshd[25019]: Disconnected from authenticating user root 61.177.173.36 port 31743 [preauth]","@timestamp":"2022-09-17T09:44:58.137Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:46:21 honeypot-fra-1 sshd[25026]: Disconnected from authenticating user root 193.142.146.50 port 56414 [preauth]","@timestamp":"2022-09-17T09:46:22.171Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:11 honeypot-ams-1 sshd[1695]: Did not receive identification string from 45.61.186.249 port 39774","@timestamp":"2022-09-17T09:50:11.971Z"}
{"@timestamp":"2022-09-17T09:50:28.252Z","@version":"1","message":"Sep 17 09:50:28 honeypot-sgp-1 sshd[28144]: Disconnected from authenticating user root 61.177.172.104 port 52620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:49 honeypot-ams-1 sshd[1698]: Disconnected from invalid user user 45.61.186.249 port 47152 [preauth]","@timestamp":"2022-09-17T09:50:49.991Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:08 honeypot-ams-1 sshd[1702]: Received disconnect from 45.61.186.249 port 42654:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:51:09.001Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:27 honeypot-ams-1 sshd[1706]: Received disconnect from 45.61.186.249 port 38162:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:51:28.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:51:49 honeypot-fra-1 sshd[25036]: Disconnected from authenticating user root 104.248.131.9 port 46190 [preauth]","@timestamp":"2022-09-17T09:51:50.294Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:56:11 honeypot-ams-1 sshd[1714]: Received disconnect from 46.19.141.122 port 33766:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:56:12.131Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:56:31 honeypot-fra-1 sshd[25046]: Received disconnect from 61.177.173.47 port 38934:11:  [preauth]","@timestamp":"2022-09-17T09:56:31.402Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:56:46 honeypot-ams-1 sshd[1718]: Received disconnect from 46.19.141.122 port 52176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:56:47.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:57:55 honeypot-ams-1 sshd[1722]: Received disconnect from 46.101.169.25 port 46392:11: Bye Bye [preauth]","@timestamp":"2022-09-17T09:57:56.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:29 honeypot-ams-1 sshd[1726]: Received disconnect from 46.19.141.122 port 60794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:58:30.197Z"}
{"@timestamp":"2022-09-17T09:58:40.454Z","@version":"1","message":"Sep 17 09:58:40 honeypot-sgp-1 sshd[28153]: Disconnected from invalid user hv 62.231.21.18 port 37742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:10 honeypot-ams-1 sshd[1731]: Received disconnect from 46.19.141.122 port 50904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:59:10.216Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:59:40 honeypot-fra-1 sshd[25052]: Invalid user cdiptv from 194.163.190.53 port 50006","@timestamp":"2022-09-17T09:59:41.476Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:55 honeypot-ams-1 sshd[1735]: Received disconnect from 46.19.141.122 port 41070:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:59:56.238Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:00:41 honeypot-ams-1 sshd[1739]: Received disconnect from 46.19.141.122 port 59446:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:00:41.260Z"}
{"@timestamp":"2022-09-17T10:01:30.529Z","@version":"1","message":"Sep 17 10:01:29 honeypot-sgp-1 kernel: [84284994.426926] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.109 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60368 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:01:53 honeypot-ams-1 sshd[1746]: Invalid user telnet from 46.19.141.122 port 44638","@timestamp":"2022-09-17T10:01:54.294Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:02:45 honeypot-ams-1 sshd[1750]: Received disconnect from 46.19.141.122 port 34772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:02:45.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:04:06 honeypot-ams-1 sshd[1756]: Received disconnect from 46.19.141.122 port 48210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:04:07.358Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:05:32 honeypot-fra-1 sshd[25057]: Received disconnect from 217.67.121.75 port 44534:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:05:33.610Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:13:59 honeypot-ams-1 kernel: [84286220.461446] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=145.40.96.68 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=11326 PROTO=TCP SPT=47724 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:14:00.610Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:16:16 honeypot-fra-1 sshd[25062]: Received disconnect from 165.22.45.108 port 43740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:16:17.853Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:17:01.910Z","@version":"1","message":"Sep 17 10:17:01 honeypot-sgp-1 CRON[28163]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:17:35 honeypot-ams-1 sshd[1772]: Invalid user customer from 79.0.207.126 port 46316","@timestamp":"2022-09-17T10:17:35.700Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:17:38 honeypot-fra-1 kernel: [84284269.815644] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=33178 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:17:39.888Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:21:41 honeypot-ams-1 sshd[1778]: Connection closed by invalid user blank 179.60.147.69 port 20392 [preauth]","@timestamp":"2022-09-17T10:21:41.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:22:42 honeypot-fra-1 kernel: [84284573.581505] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=1565 DF PROTO=TCP SPT=35588 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:22:43.008Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25078]: Invalid user postgres from 196.216.253.24 port 38514","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25083]: Connection closed by authenticating user root 196.216.253.24 port 38560 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25075]: Connection closed by invalid user dev 196.216.253.24 port 38524 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:25:39 honeypot-ams-1 kernel: [84286920.335639] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.165.190.17 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=117 ID=58989 PROTO=TCP SPT=7349 DPT=636 WINDOW=46856 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:25:39.916Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:29:01 honeypot-fra-1 sshd[25100]: Received disconnect from 45.80.64.246 port 41072:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:29:02.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:29:36.222Z","@version":"1","message":"Sep 17 10:29:35 honeypot-sgp-1 kernel: [84286680.355714] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.161.50.189 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=51102 DF PROTO=TCP SPT=31505 DPT=3389 WINDOW=5840 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:30:31 honeypot-ams-1 kernel: [84287212.003592] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=9805 DF PROTO=TCP SPT=55763 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:30:32.042Z"}
{"@timestamp":"2022-09-17T10:31:36.274Z","@version":"1","message":"Sep 17 10:31:35 honeypot-sgp-1 sshd[28242]: Invalid user yong from 123.122.162.24 port 59815","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T10:34:26.346Z","@version":"1","message":"Sep 17 10:34:25 honeypot-sgp-1 sshd[28246]: Received disconnect from 157.245.252.34 port 34506:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:34:43 honeypot-ams-1 sshd[1791]: Disconnecting invalid user admin 222.228.6.98 port 43943: Too many authentication failures [preauth]","@timestamp":"2022-09-17T10:34:44.151Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:35:18 honeypot-fra-1 sshd[25105]: Invalid user juzici from 194.163.190.53 port 39972","@timestamp":"2022-09-17T10:35:19.299Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:36:04.389Z","@version":"1","message":"Sep 17 10:36:03 honeypot-sgp-1 sshd[28250]: Disconnected from authenticating user root 220.80.223.144 port 54136 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:40:39 honeypot-fra-1 kernel: [84285649.926567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56440 PROTO=TCP SPT=50783 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:40:39.422Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:41:44 honeypot-ams-1 kernel: [84287885.264834] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=2949 DF PROTO=TCP SPT=63977 DPT=3389 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T10:41:45.347Z"}
{"@timestamp":"2022-09-17T10:43:23.569Z","@version":"1","message":"Sep 17 10:43:23 honeypot-sgp-1 sshd[28255]: Invalid user publog from 46.41.142.93 port 40454","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:45:58 honeypot-fra-1 kernel: [84285969.795673] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35296 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:45:59.546Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:46:29 honeypot-ams-1 sshd[1801]: Did not receive identification string from 45.61.184.204 port 52076","@timestamp":"2022-09-17T10:46:29.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:46:55 honeypot-ams-1 sshd[1805]: Disconnected from invalid user user 45.61.184.204 port 58372 [preauth]","@timestamp":"2022-09-17T10:46:55.485Z"}
{"@timestamp":"2022-09-17T10:47:00.659Z","@version":"1","message":"Sep 17 10:46:59 honeypot-sgp-1 kernel: [84287724.373309] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=41830 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:14 honeypot-ams-1 sshd[1809]: Disconnected from invalid user user 45.61.184.204 port 53648 [preauth]","@timestamp":"2022-09-17T10:47:15.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:32 honeypot-ams-1 sshd[1813]: Disconnected from invalid user user 45.61.184.204 port 48936 [preauth]","@timestamp":"2022-09-17T10:47:33.506Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:50:59 honeypot-fra-1 sshd[25119]: Disconnected from authenticating user root 159.65.171.230 port 44346 [preauth]","@timestamp":"2022-09-17T10:51:00.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:55:36 honeypot-fra-1 sshd[25126]: Invalid user admin from 179.60.147.69 port 23298","@timestamp":"2022-09-17T10:55:36.769Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:57:49 honeypot-ams-1 sshd[1818]: Invalid user admin from 179.60.147.69 port 59566","@timestamp":"2022-09-17T10:57:49.769Z"}
{"@timestamp":"2022-09-17T11:00:58.025Z","@version":"1","message":"Sep 17 11:00:57 honeypot-sgp-1 kernel: [84288561.836075] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.225.111.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=48056 PROTO=TCP SPT=49586 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:02:30 honeypot-fra-1 kernel: [84286961.125325] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=35272 PROTO=TCP SPT=51610 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:02:30.928Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:05:28 honeypot-ams-1 sshd[1824]: Invalid user user from 193.106.191.157 port 38644","@timestamp":"2022-09-17T11:05:28.968Z"}
{"@timestamp":"2022-09-17T11:10:02.250Z","@version":"1","message":"Sep 17 11:10:01 honeypot-sgp-1 kernel: [84289105.789188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.185.227.59 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=19202 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:13:43.343Z","@version":"1","message":"Sep 17 11:13:42 honeypot-sgp-1 sshd[28270]: Invalid user lu from 189.56.100.42 port 47471","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:15:06 honeypot-fra-1 sshd[25137]: Received disconnect from 165.22.45.108 port 48894:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T11:15:06.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:15:49.394Z","@version":"1","message":"Sep 17 11:15:48 honeypot-sgp-1 sshd[28274]: Did not receive identification string from 205.210.31.140 port 49619","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:16:36 honeypot-fra-1 sshd[25141]: Received disconnect from 112.132.249.164 port 45216:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:16:37.248Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:17:01 honeypot-ams-1 CRON[1829]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T11:17:02.267Z"}
{"@timestamp":"2022-09-17T11:17:02.428Z","@version":"1","message":"Sep 17 11:17:01 honeypot-sgp-1 CRON[28277]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:18:56 honeypot-fra-1 sshd[25148]: Did not receive identification string from 185.216.71.77 port 56018","@timestamp":"2022-09-17T11:18:57.304Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:23:23.587Z","@version":"1","message":"Sep 17 11:23:22 honeypot-sgp-1 kernel: [84289907.424285] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:27:33 honeypot-fra-1 sshd[25152]: Disconnected from authenticating user root 60.10.72.203 port 44826 [preauth]","@timestamp":"2022-09-17T11:27:33.500Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:29:06 honeypot-ams-1 sshd[1836]: Received disconnect from 45.163.144.2 port 47494:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:29:06.588Z"}
{"@timestamp":"2022-09-17T11:30:47.771Z","@version":"1","message":"Sep 17 11:30:47 honeypot-sgp-1 sshd[28286]: Connection closed by invalid user ubnt 179.60.147.69 port 10468 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:30:56 honeypot-fra-1 kernel: [84288667.005795] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25185 PROTO=TCP SPT=54205 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:30:56.579Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:32:23 honeypot-ams-1 kernel: [84290923.884282] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.37.199.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=31607 PROTO=TCP SPT=39529 DPT=443 WINDOW=17066 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:32:23.674Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:32:34 honeypot-fra-1 sshd[25163]: Invalid user scanner from 112.28.209.67 port 34779","@timestamp":"2022-09-17T11:32:34.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:35:26 honeypot-ams-1 kernel: [84291107.524386] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.134.144.80 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=38332 PROTO=TCP SPT=54525 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:35:27.756Z"}
{"@timestamp":"2022-09-17T11:36:50.923Z","@version":"1","message":"Sep 17 11:36:50 honeypot-sgp-1 kernel: [84290714.707686] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24978 PROTO=TCP SPT=59801 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:36:57 honeypot-fra-1 kernel: [84289028.374672] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=82.65.210.106 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=38752 DF PROTO=TCP SPT=50608 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:36:57.715Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:40:29 honeypot-fra-1 sshd[25172]: Disconnected from invalid user user 103.129.221.188 port 58954 [preauth]","@timestamp":"2022-09-17T11:40:29.798Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:43:00.081Z","@version":"1","message":"Sep 17 11:42:59 honeypot-sgp-1 sshd[28294]: Received disconnect from 51.83.45.72 port 45016:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:43:58.111Z","@version":"1","message":"Sep 17 11:43:57 honeypot-sgp-1 sshd[28298]: Received disconnect from 217.79.178.122 port 42722:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:45:03.140Z","@version":"1","message":"Sep 17 11:45:02 honeypot-sgp-1 sshd[28302]: Disconnected from authenticating user root 157.245.148.189 port 43842 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:46:05 honeypot-fra-1 sshd[25179]: Connection closed by invalid user meta 194.163.190.53 port 43030 [preauth]","@timestamp":"2022-09-17T11:46:05.955Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:54:41 honeypot-ams-1 kernel: [84292261.624796] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=37.104.179.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=25586 PROTO=TCP SPT=54155 DPT=80 WINDOW=27138 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:54:41.252Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:57:03 honeypot-fra-1 sshd[25184]: Invalid user admin from 37.139.15.214 port 58503","@timestamp":"2022-09-17T11:57:04.197Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:01:51 honeypot-fra-1 kernel: [84290521.944517] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=33289 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:01:52.309Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:02:54 honeypot-ams-1 kernel: [84292755.165062] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.171 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=18092 PROTO=TCP SPT=50629 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:02:55.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:03:39 honeypot-fra-1 sshd[25194]: Invalid user rna from 194.163.190.53 port 37414","@timestamp":"2022-09-17T12:03:40.353Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:04:41 honeypot-ams-1 sshd[1851]: Disconnected from invalid user ubuntu 5.200.70.148 port 55414 [preauth]","@timestamp":"2022-09-17T12:04:41.540Z"}
{"@timestamp":"2022-09-17T12:07:09.677Z","@version":"1","message":"Sep 17 12:07:09 honeypot-sgp-1 sshd[28306]: Connection closed by invalid user admin 179.60.147.69 port 2934 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:07:29 honeypot-fra-1 sshd[25200]: Received disconnect from 106.251.237.178 port 38358:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:07:30.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:13:03 honeypot-fra-1 kernel: [84291193.811293] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.46.249 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=44303 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:13:03.571Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:13:52 honeypot-ams-1 sshd[1857]: Did not receive identification string from 66.23.232.139 port 37566","@timestamp":"2022-09-17T12:13:52.787Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:15:46 honeypot-fra-1 kernel: [84291356.883500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.78 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=31325 PROTO=TCP SPT=54418 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:15:46.639Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:17:01.924Z","@version":"1","message":"Sep 17 12:17:01 honeypot-sgp-1 CRON[28316]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:21:28 honeypot-fra-1 sshd[25213]: Invalid user rna from 194.163.190.53 port 60128","@timestamp":"2022-09-17T12:21:28.777Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:27:45.188Z","@version":"1","message":"Sep 17 12:27:44 honeypot-sgp-1 kernel: [84293769.098772] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=6894 PROTO=TCP SPT=47435 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:31:22 honeypot-ams-1 sshd[1866]: Received disconnect from 159.223.172.195 port 33668:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:31:23.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:33:13 honeypot-ams-1 sshd[1871]: Received disconnect from 134.209.212.125 port 58944:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:33:13.312Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:35:28 honeypot-fra-1 kernel: [84292538.807552] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.33.81.185 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39174 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:35:29.100Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:37:34.434Z","@version":"1","message":"Sep 17 12:37:33 honeypot-sgp-1 kernel: [84294358.246097] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.66.41.76 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=62852 DF PROTO=TCP SPT=9761 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:38:45 honeypot-fra-1 sshd[25221]: Connection closed by invalid user sunp 194.163.190.53 port 53170 [preauth]","@timestamp":"2022-09-17T12:38:46.182Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:40:40 honeypot-ams-1 kernel: [84295020.811670] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.212.208.77 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=41354 PROTO=TCP SPT=29163 DPT=443 WINDOW=47418 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:40:40.507Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:45:54 honeypot-fra-1 sshd[25228]: Received disconnect from 211.21.113.128 port 1392:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:45:55.350Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:46:52 honeypot-ams-1 sshd[1879]: Connection closed by authenticating user root 179.60.147.69 port 22888 [preauth]","@timestamp":"2022-09-17T12:46:52.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:49:29 honeypot-fra-1 sshd[25233]: Disconnected from authenticating user root 190.217.69.202 port 60888 [preauth]","@timestamp":"2022-09-17T12:49:29.434Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:50:21.750Z","@version":"1","message":"Sep 17 12:50:21 honeypot-sgp-1 kernel: [84295125.984080] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.81.150 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=37441 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:53:43 honeypot-fra-1 kernel: [84293634.490153] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.11.63 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42144 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:53:44.532Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:56:14.899Z","@version":"1","message":"Sep 17 12:56:14 honeypot-sgp-1 sshd[28342]: Connection closed by invalid user admin 128.199.168.83 port 35028 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T12:56:14.899Z","@version":"1","message":"Sep 17 12:56:14 honeypot-sgp-1 sshd[28348]: Connection closed by invalid user admin 128.199.168.83 port 35058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:58:55 honeypot-fra-1 kernel: [84293946.064053] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.41.137.71 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=30985 DF PROTO=TCP SPT=40221 DPT=80 WINDOW=29040 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:58:55.651Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:05:26.127Z","@version":"1","message":"Sep 17 13:05:25 honeypot-sgp-1 sshd[28355]: Disconnected from invalid user user 45.61.187.160 port 37562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:05:36 honeypot-fra-1 sshd[25251]: Invalid user shimomaki from 159.65.64.70 port 60586","@timestamp":"2022-09-17T13:05:36.805Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:05:46.138Z","@version":"1","message":"Sep 17 13:05:45 honeypot-sgp-1 sshd[28359]: Received disconnect from 45.61.187.160 port 60796:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:05.147Z","@version":"1","message":"Sep 17 13:06:04 honeypot-sgp-1 sshd[28364]: Received disconnect from 45.61.187.160 port 55828:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:22.155Z","@version":"1","message":"Sep 17 13:06:21 honeypot-sgp-1 sshd[28368]: Invalid user user from 45.61.187.160 port 50858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:16.230Z","@version":"1","message":"Sep 17 13:09:15 honeypot-sgp-1 sshd[28373]: Received disconnect from 45.61.186.169 port 38020:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:34.348Z","@version":"1","message":"Sep 17 13:09:33 honeypot-sgp-1 sshd[28377]: Received disconnect from 45.61.186.169 port 32956:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:51.356Z","@version":"1","message":"Sep 17 13:09:50 honeypot-sgp-1 sshd[28381]: Received disconnect from 45.61.186.169 port 56116:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:10:06.364Z","@version":"1","message":"Sep 17 13:10:06 honeypot-sgp-1 sshd[28385]: Received disconnect from 45.61.186.169 port 51036:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:11:41 honeypot-ams-1 sshd[1883]: Invalid user ts2 from 147.135.219.202 port 41622","@timestamp":"2022-09-17T13:11:41.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:11:59 honeypot-fra-1 sshd[25255]: Received disconnect from 165.22.45.108 port 59184:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T13:11:59.951Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:13:04.441Z","@version":"1","message":"Sep 17 13:13:03 honeypot-sgp-1 sshd[28390]: Invalid user user from 45.61.186.249 port 49854","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:13:22.451Z","@version":"1","message":"Sep 17 13:13:21 honeypot-sgp-1 sshd[28394]: Invalid user user from 45.61.186.249 port 44498","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:30 honeypot-ams-1 sshd[1886]: Received disconnect from 45.61.184.204 port 53326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T13:13:31.394Z"}
{"@timestamp":"2022-09-17T13:13:39.460Z","@version":"1","message":"Sep 17 13:13:38 honeypot-sgp-1 sshd[28399]: Invalid user user from 45.61.186.249 port 39160","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:50 honeypot-ams-1 sshd[1890]: Received disconnect from 45.61.184.204 port 47930:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T13:13:50.405Z"}
{"@timestamp":"2022-09-17T13:13:55.468Z","@version":"1","message":"Sep 17 13:13:54 honeypot-sgp-1 sshd[28403]: Invalid user user from 45.61.186.249 port 33796","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:14:04 honeypot-fra-1 sshd[25261]: Invalid user yangjy from 194.163.190.53 port 42698","@timestamp":"2022-09-17T13:14:05.003Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:07 honeypot-ams-1 sshd[1896]: Invalid user user from 45.61.184.204 port 42544","@timestamp":"2022-09-17T13:14:07.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:15 honeypot-ams-1 sshd[1898]: Received disconnect from 45.61.184.204 port 53964:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T13:14:15.418Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:14:54 honeypot-fra-1 sshd[25265]: Disconnected from authenticating user root 51.83.71.70 port 37574 [preauth]","@timestamp":"2022-09-17T13:14:55.025Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:16:22.530Z","@version":"1","message":"Sep 17 13:16:22 honeypot-sgp-1 sshd[28407]: Invalid user pi from 70.175.251.169 port 36154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:17:01 honeypot-ams-1 CRON[1903]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T13:17:02.495Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:19:15 honeypot-ams-1 kernel: [84297335.560767] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=223.98.219.79 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=1689 PROTO=TCP SPT=4411 DPT=80 WINDOW=3943 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:19:15.557Z"}
{"@timestamp":"2022-09-17T13:19:49.617Z","@version":"1","message":"Sep 17 13:19:49 honeypot-sgp-1 sshd[28416]: Invalid user default from 179.60.147.69 port 45726","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:20:55 honeypot-fra-1 sshd[25273]: Invalid user default from 179.60.147.69 port 53786","@timestamp":"2022-09-17T13:20:56.164Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:30:00.870Z","@version":"1","message":"Sep 17 13:30:00 honeypot-sgp-1 kernel: [84297505.017408] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=358 PROTO=TCP SPT=55901 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:32:11 honeypot-fra-1 sshd[25281]: Invalid user yangjy from 194.163.190.53 port 39384","@timestamp":"2022-09-17T13:32:11.436Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:33:46.963Z","@version":"1","message":"Sep 17 13:33:45 honeypot-sgp-1 sshd[28428]: Received disconnect from 45.61.186.169 port 53352:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:04.973Z","@version":"1","message":"Sep 17 13:34:04 honeypot-sgp-1 sshd[28432]: Received disconnect from 45.61.186.169 port 47894:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:21.981Z","@version":"1","message":"Sep 17 13:34:21 honeypot-sgp-1 sshd[28436]: Received disconnect from 45.61.186.169 port 42428:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:34:57 honeypot-ams-1 sshd[1915]: Disconnected from 159.223.164.107 port 34324 [preauth]","@timestamp":"2022-09-17T13:34:57.977Z"}
{"@timestamp":"2022-09-17T13:40:45.139Z","@version":"1","message":"Sep 17 13:40:44 honeypot-sgp-1 sshd[28443]: Did not receive identification string from 45.61.186.169 port 56388","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:08.151Z","@version":"1","message":"Sep 17 13:41:07 honeypot-sgp-1 sshd[28447]: Disconnected from invalid user user 45.61.186.169 port 49272 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:41:23 honeypot-fra-1 sshd[25286]: Invalid user admin from 141.98.10.158 port 36620","@timestamp":"2022-09-17T13:41:23.644Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:41:25.160Z","@version":"1","message":"Sep 17 13:41:24 honeypot-sgp-1 sshd[28451]: Received disconnect from 45.61.186.169 port 44642:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:42.172Z","@version":"1","message":"Sep 17 13:41:42 honeypot-sgp-1 sshd[28455]: Received disconnect from 45.61.186.169 port 39966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:44:33 honeypot-fra-1 sshd[25290]: Connection closed by authenticating user root 103.188.176.251 port 59490 [preauth]","@timestamp":"2022-09-17T13:44:33.721Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:47:27.312Z","@version":"1","message":"Sep 17 13:47:27 honeypot-sgp-1 kernel: [84298551.379428] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.14.114.125 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=25358 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:56:02.519Z","@version":"1","message":"Sep 17 13:56:01 honeypot-sgp-1 sshd[28468]: Invalid user admin from 179.60.147.69 port 31280","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:56:05 honeypot-fra-1 sshd[25296]: Invalid user wangyi from 194.163.190.53 port 37050","@timestamp":"2022-09-17T13:56:05.983Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:57:35 honeypot-ams-1 sshd[1924]: Invalid user user from 193.106.191.157 port 39338","@timestamp":"2022-09-17T13:57:35.580Z"}
{"@timestamp":"2022-09-17T13:59:06.598Z","@version":"1","message":"Sep 17 13:59:06 honeypot-sgp-1 kernel: [84299250.621592] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=27051 PROTO=TCP SPT=40006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:05:06 honeypot-fra-1 kernel: [84297917.030381] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.103 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54930 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:05:07.186Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T14:07:48.828Z","@version":"1","message":"Sep 17 14:07:48 honeypot-sgp-1 sshd[28474]: Invalid user ops from 103.188.176.251 port 54094","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:10:34 honeypot-fra-1 sshd[25306]: Invalid user lifferay from 165.22.45.108 port 36096","@timestamp":"2022-09-17T14:10:35.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:11:01 honeypot-ams-1 sshd[1930]: Invalid user admin from 121.171.55.115 port 43270","@timestamp":"2022-09-17T14:11:01.940Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:16:44 honeypot-ams-1 sshd[1933]: Received disconnect from 43.154.5.246 port 53406:11: Bye Bye [preauth]","@timestamp":"2022-09-17T14:16:45.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:17:01 honeypot-fra-1 CRON[25311]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T14:17:01.457Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:18:43.096Z","@version":"1","message":"Sep 17 14:18:42 honeypot-sgp-1 sshd[28480]: Received disconnect from 178.128.187.192 port 42282:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:20:58 honeypot-ams-1 sshd[1939]: Received disconnect from 45.61.184.204 port 60060:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T14:20:59.240Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:17 honeypot-ams-1 sshd[1943]: Received disconnect from 45.61.184.204 port 54914:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T14:21:17.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:35 honeypot-ams-1 sshd[1947]: Received disconnect from 45.61.184.204 port 49796:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T14:21:35.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:51 honeypot-ams-1 sshd[1952]: Received disconnect from 45.61.184.204 port 44664:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T14:21:52.268Z"}
{"@timestamp":"2022-09-17T14:24:15.234Z","@version":"1","message":"Sep 17 14:24:14 honeypot-sgp-1 sshd[28487]: Invalid user orion from 146.59.87.96 port 45164","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:27:08 honeypot-fra-1 kernel: [84299239.280745] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=67.211.215.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=22083 PROTO=TCP SPT=59702 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:27:09.683Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:30:17 honeypot-fra-1 kernel: [84299428.016778] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=40414 PROTO=TCP SPT=45006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:30:17.757Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T14:30:48.397Z","@version":"1","message":"Sep 17 14:30:47 honeypot-sgp-1 sshd[28492]: Disconnected from authenticating user root 202.21.123.124 port 45602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25336]: Invalid user test from 20.243.201.105 port 60802","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25352]: Invalid user elastic from 20.243.201.105 port 60844","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25346]: Invalid user hadoop from 20.243.201.105 port 60836","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25331]: Invalid user hadoop from 20.243.201.105 port 60826","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25335]: Connection closed by invalid user oracle 20.243.201.105 port 60794 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25333]: Connection closed by invalid user testuser 20.243.201.105 port 60790 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25346]: Connection closed by invalid user hadoop 20.243.201.105 port 60836 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25334]: Connection closed by invalid user admin 20.243.201.105 port 60792 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:34:07.484Z","@version":"1","message":"Sep 17 14:34:06 honeypot-sgp-1 kernel: [84301351.004991] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=245 ID=50963 PROTO=TCP SPT=21621 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:35:26 honeypot-fra-1 kernel: [84299736.646466] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.231.174 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=36369 PROTO=TCP SPT=60000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:35:26.876Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:36:01 honeypot-ams-1 sshd[1956]: Invalid user user from 179.60.147.69 port 1260","@timestamp":"2022-09-17T14:36:01.632Z"}
{"@timestamp":"2022-09-17T14:36:32.547Z","@version":"1","message":"Sep 17 14:36:31 honeypot-sgp-1 kernel: [84301496.137833] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=13252 DF PROTO=TCP SPT=60739 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:40:46 honeypot-ams-1 kernel: [84302226.541028] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.79.183 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=30232 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:40:46.762Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:42:01 honeypot-fra-1 sshd[25383]: Connection closed by invalid user admin 128.199.160.207 port 60532 [preauth]","@timestamp":"2022-09-17T14:42:02.026Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:42:04 honeypot-fra-1 sshd[25389]: Connection closed by invalid user admin 128.199.160.207 port 60562 [preauth]","@timestamp":"2022-09-17T14:42:05.029Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:49:48.877Z","@version":"1","message":"Sep 17 14:49:48 honeypot-sgp-1 sshd[28506]: Disconnected from invalid user monitor 107.173.111.206 port 49170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:51:47 honeypot-fra-1 sshd[25395]: Disconnected from invalid user kodi 159.65.1.92 port 41388 [preauth]","@timestamp":"2022-09-17T14:51:48.264Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:58:11 honeypot-fra-1 kernel: [84301102.053594] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=40428 PROTO=TCP SPT=46277 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:58:12.411Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:59:44 honeypot-ams-1 kernel: [84303364.570461] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=176.112.128.93 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x20 TTL=249 ID=17277 DF PROTO=TCP SPT=49428 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:59:44.257Z"}
{"@timestamp":"2022-09-17T15:01:36.191Z","@version":"1","message":"Sep 17 15:01:36 honeypot-sgp-1 kernel: [84303000.340230] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56389 PROTO=TCP SPT=46277 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:03:19 honeypot-fra-1 kernel: [84301409.700079] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=29114 PROTO=TCP SPT=46803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:03:19.528Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:08:45 honeypot-fra-1 sshd[25410]: Connection closed by invalid user chenlei 194.163.190.53 port 52318 [preauth]","@timestamp":"2022-09-17T15:08:45.651Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:10:21.409Z","@version":"1","message":"Sep 17 15:10:20 honeypot-sgp-1 kernel: [84303524.745351] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.144.238 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=37340 PROTO=TCP SPT=47405 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:11:43 honeypot-fra-1 sshd[25416]: Disconnected from authenticating user root 91.240.118.222 port 11758 [preauth]","@timestamp":"2022-09-17T15:11:43.723Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:12:12 honeypot-ams-1 sshd[1964]: Connection closed by invalid user debian 179.60.147.69 port 49898 [preauth]","@timestamp":"2022-09-17T15:12:13.584Z"}
{"@timestamp":"2022-09-17T15:15:23.537Z","@version":"1","message":"Sep 17 15:15:23 honeypot-sgp-1 sshd[28526]: Received disconnect from 74.208.18.237 port 57614:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:16:53.577Z","@version":"1","message":"Sep 17 15:16:53 honeypot-sgp-1 sshd[28530]: Received disconnect from 187.188.240.7 port 53854:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:17:01 honeypot-fra-1 CRON[25421]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T15:17:01.845Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:19:44 honeypot-fra-1 sshd[25426]: Disconnected from invalid user worker 103.235.170.195 port 57792 [preauth]","@timestamp":"2022-09-17T15:19:45.907Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:22:50.728Z","@version":"1","message":"Sep 17 15:22:49 honeypot-sgp-1 kernel: [84304274.017929] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=81 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=10202 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:23:32 honeypot-fra-1 sshd[25431]: Received disconnect from 201.119.37.191 port 46100:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:23:32.993Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:26:13.842Z","@version":"1","message":"Sep 17 15:26:12 honeypot-sgp-1 sshd[28543]: Invalid user admin from 188.166.252.132 port 60132","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:27:14 honeypot-fra-1 sshd[25435]: Invalid user admin from 119.203.63.201 port 48529","@timestamp":"2022-09-17T15:27:15.082Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:27:37.880Z","@version":"1","message":"Sep 17 15:27:37 honeypot-sgp-1 kernel: [84304561.262134] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=55980 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:28:23 honeypot-ams-1 sshd[1972]: Invalid user var from 185.118.48.206 port 53704","@timestamp":"2022-09-17T15:28:24.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:52 honeypot-fra-1 sshd[25440]: Received disconnect from 148.66.132.190 port 42528:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:32:53.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:33:21 honeypot-fra-1 sshd[25446]: Disconnected from authenticating user root 139.59.26.97 port 40698 [preauth]","@timestamp":"2022-09-17T15:33:21.218Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:01:12 honeypot-ams-1 sshd[31785]: Received disconnect from 92.255.85.70 port 52302:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:01:12.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:33 honeypot-fra-1 sshd[22665]: Invalid user user from 45.61.186.249 port 47754","@timestamp":"2022-09-16T18:02:33.170Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:02:51 honeypot-fra-1 sshd[22669]: Invalid user user from 45.61.186.249 port 42178","@timestamp":"2022-09-16T18:02:52.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:11 honeypot-fra-1 sshd[22673]: Invalid user user from 45.61.186.249 port 36598","@timestamp":"2022-09-16T18:03:12.205Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:03:28 honeypot-fra-1 sshd[22677]: Invalid user user from 45.61.186.249 port 59278","@timestamp":"2022-09-16T18:03:29.213Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:04:59 honeypot-ams-1 sshd[31791]: Connection closed by invalid user developer 103.188.176.251 port 39126 [preauth]","@timestamp":"2022-09-16T18:04:59.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:06:03 honeypot-ams-1 sshd[31797]: Invalid user admin from 165.232.158.22 port 37846","@timestamp":"2022-09-16T18:06:03.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:08:36 honeypot-ams-1 sshd[31802]: Received disconnect from 14.225.204.210 port 39390:11: Bye Bye [preauth]","@timestamp":"2022-09-16T18:08:36.638Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:09:02 honeypot-fra-1 sshd[22680]: Connection closed by invalid user developer 103.188.176.251 port 57672 [preauth]","@timestamp":"2022-09-16T18:09:03.340Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:13:16 honeypot-fra-1 kernel: [84226409.998365] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=32385 PROTO=TCP SPT=4548 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:13:17.440Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:14:23 honeypot-ams-1 kernel: [84228644.201541] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.89.210.222 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=36686 PROTO=TCP SPT=45585 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:14:23.789Z"}
{"@timestamp":"2022-09-16T18:16:28.364Z","@version":"1","message":"Sep 16 18:16:28 honeypot-sgp-1 kernel: [84228293.604714] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.248.133.129 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=54321 PROTO=TCP SPT=61797 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:22:50 honeypot-ams-1 sshd[31810]: Disconnected from invalid user rg 128.199.4.167 port 41372 [preauth]","@timestamp":"2022-09-16T18:22:51.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:25:41 honeypot-ams-1 sshd[31814]: Disconnected from invalid user bike 211.45.162.52 port 50842 [preauth]","@timestamp":"2022-09-16T18:25:42.079Z"}
{"@timestamp":"2022-09-16T18:29:11.668Z","@version":"1","message":"Sep 16 18:29:10 honeypot-sgp-1 kernel: [84229056.184147] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=59283 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:29:53 honeypot-fra-1 kernel: [84227406.686290] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=45825 PROTO=TCP SPT=43488 DPT=3389 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:29:53.812Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:31:01 honeypot-ams-1 sshd[31821]: Did not receive identification string from 58.72.18.130 port 51811","@timestamp":"2022-09-16T18:31:02.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:36:12 honeypot-ams-1 sshd[31824]: Disconnected from authenticating user root 46.19.141.122 port 52124 [preauth]","@timestamp":"2022-09-16T18:36:13.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:37:41 honeypot-ams-1 sshd[31830]: Received disconnect from 46.19.141.122 port 39764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T18:37:41.412Z"}
{"@timestamp":"2022-09-16T18:38:04.886Z","@version":"1","message":"Sep 16 18:38:04 honeypot-sgp-1 sshd[25801]: Invalid user sftpuser from 92.255.85.69 port 32202","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:38:18 honeypot-ams-1 sshd[31836]: Invalid user ubuntu from 46.19.141.122 port 50340","@timestamp":"2022-09-16T18:38:19.432Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 18:39:16 honeypot-ams-1 sshd[31840]: Invalid user user from 46.19.141.122 port 60914","@timestamp":"2022-09-16T18:39:17.460Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:39:45 honeypot-ams-1 kernel: [84230166.625987] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=218.54.56.108 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=26281 PROTO=TCP SPT=1658 DPT=80 WINDOW=31687 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:39:45.474Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:40:54 honeypot-fra-1 kernel: [84228067.473878] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=19453 PROTO=TCP SPT=49490 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:40:55.059Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:44:33 honeypot-ams-1 kernel: [84230454.603538] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=43683 PROTO=TCP SPT=53827 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:44:33.599Z"}
{"@timestamp":"2022-09-16T18:47:33.110Z","@version":"1","message":"Sep 16 18:47:32 honeypot-sgp-1 kernel: [84230157.819742] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=50805 PROTO=TCP SPT=49862 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:48:13 honeypot-fra-1 kernel: [84228506.295945] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.181 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=6625 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:48:14.254Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 18:49:31 honeypot-ams-1 kernel: [84230752.617165] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.47.18.96 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=32687 PROTO=TCP SPT=22273 DPT=443 WINDOW=32556 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T18:49:31.732Z"}
{"@timestamp":"2022-09-16T18:49:50.166Z","@version":"1","message":"Sep 16 18:49:49 honeypot-sgp-1 kernel: [84230295.227147] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.151.215 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=53612 DF PROTO=TCP SPT=41810 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 18:55:39 honeypot-fra-1 sshd[22700]: Disconnected from invalid user sftpuser 92.255.85.70 port 47186 [preauth]","@timestamp":"2022-09-16T18:55:39.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:01:31.441Z","@version":"1","message":"Sep 16 19:01:31 honeypot-sgp-1 sshd[25809]: Received disconnect from 92.255.85.69 port 60528:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:04:26 honeypot-ams-1 sshd[31927]: Received disconnect from 46.101.169.25 port 46268:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:04:27.116Z"}
{"@timestamp":"2022-09-16T19:05:17.531Z","@version":"1","message":"Sep 16 19:05:16 honeypot-sgp-1 sshd[25815]: Invalid user user from 45.61.186.249 port 38324","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:05:17 honeypot-fra-1 sshd[22706]: Disconnected from invalid user wilmes 78.128.127.224 port 44116 [preauth]","@timestamp":"2022-09-16T19:05:17.657Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:05:36.541Z","@version":"1","message":"Sep 16 19:05:35 honeypot-sgp-1 sshd[25819]: Invalid user user from 45.61.186.249 port 60892","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:05:56.550Z","@version":"1","message":"Sep 16 19:05:55 honeypot-sgp-1 sshd[25823]: Invalid user user from 45.61.186.249 port 55238","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T19:06:14.558Z","@version":"1","message":"Sep 16 19:06:13 honeypot-sgp-1 sshd[25827]: Invalid user user from 45.61.186.249 port 49590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:06:44 honeypot-ams-1 sshd[31933]: Invalid user user from 45.61.184.204 port 45506","@timestamp":"2022-09-16T19:06:45.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:02 honeypot-ams-1 sshd[31937]: Invalid user user from 45.61.184.204 port 39756","@timestamp":"2022-09-16T19:07:03.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:20 honeypot-ams-1 sshd[31941]: Invalid user user from 45.61.184.204 port 34010","@timestamp":"2022-09-16T19:07:21.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:07:29 honeypot-ams-1 sshd[31945]: Invalid user user from 45.61.184.204 port 45256","@timestamp":"2022-09-16T19:07:30.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:11:16 honeypot-ams-1 sshd[31947]: Disconnected from invalid user vagrant 92.255.85.70 port 40184 [preauth]","@timestamp":"2022-09-16T19:11:17.307Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:11:32 honeypot-fra-1 sshd[22711]: Disconnected from invalid user packer 45.119.85.97 port 58584 [preauth]","@timestamp":"2022-09-16T19:11:32.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:13:43 honeypot-fra-1 sshd[22717]: Disconnected from authenticating user root 112.133.218.125 port 47240 [preauth]","@timestamp":"2022-09-16T19:13:43.854Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:17:01.808Z","@version":"1","message":"Sep 16 19:17:01 honeypot-sgp-1 CRON[25833]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:17:01 honeypot-ams-1 CRON[31955]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-16T19:17:02.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:18:23 honeypot-fra-1 sshd[22724]: Received disconnect from 92.255.85.70 port 37350:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:18:23.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 19:23:22 honeypot-ams-1 kernel: [84232784.087482] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=36296 PROTO=TCP SPT=34163 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:23:23.631Z"}
{"@timestamp":"2022-09-16T19:28:36.078Z","@version":"1","message":"Sep 16 19:28:35 honeypot-sgp-1 kernel: [84232621.192171] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.98 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=33386 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:33:15 honeypot-fra-1 kernel: [84231208.761109] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.141 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=43581 PROTO=TCP SPT=56886 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T19:33:16.295Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:34:32 honeypot-ams-1 sshd[31960]: Disconnected from invalid user admin1 92.255.85.69 port 53030 [preauth]","@timestamp":"2022-09-16T19:34:32.922Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:37:57 honeypot-fra-1 sshd[22734]: Connection closed by invalid user guest 193.106.191.157 port 60568 [preauth]","@timestamp":"2022-09-16T19:37:58.407Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T19:39:19.330Z","@version":"1","message":"Sep 16 19:39:18 honeypot-sgp-1 sshd[25844]: Disconnected from invalid user teamspeak 185.74.4.20 port 51782 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:44:52 honeypot-fra-1 sshd[22741]: Received disconnect from 165.22.45.108 port 51366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:44:53.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:48:58 honeypot-ams-1 sshd[31967]: Did not receive identification string from 46.19.141.122 port 54842","@timestamp":"2022-09-16T19:48:59.294Z"}
{"@timestamp":"2022-09-16T19:49:04.557Z","@version":"1","message":"Sep 16 19:49:04 honeypot-sgp-1 sshd[25849]: Received disconnect from 92.255.85.69 port 55434:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:50:11 honeypot-ams-1 sshd[31973]: Disconnected from authenticating user root 46.19.141.122 port 38776 [preauth]","@timestamp":"2022-09-16T19:50:12.329Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:50:54 honeypot-fra-1 sshd[22748]: Received disconnect from 212.179.12.206 port 54402:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:50:54.698Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:01 honeypot-ams-1 sshd[31979]: Invalid user admin from 46.19.141.122 port 52952","@timestamp":"2022-09-16T19:51:02.354Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:38 honeypot-ams-1 sshd[31983]: Received disconnect from 46.19.141.122 port 38878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T19:51:39.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31996]: Connection closed by authenticating user root 176.31.240.226 port 44166 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31991]: Connection closed by invalid user admin 176.31.240.226 port 44142 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[31993]: Connection closed by authenticating user root 176.31.240.226 port 44164 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[32000]: Connection closed by invalid user www 176.31.240.226 port 44170 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:43 honeypot-ams-1 sshd[32002]: Connection closed by invalid user teamspeak 176.31.240.226 port 44182 [preauth]","@timestamp":"2022-09-16T19:51:44.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32027]: Invalid user ubuntu from 176.31.240.226 port 44136","@timestamp":"2022-09-16T19:51:45.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:44 honeypot-ams-1 sshd[32022]: Connection closed by invalid user ubuntu 176.31.240.226 port 44150 [preauth]","@timestamp":"2022-09-16T19:51:45.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32041]: Invalid user ubuntu from 176.31.240.226 port 44176","@timestamp":"2022-09-16T19:51:47.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:51:46 honeypot-ams-1 sshd[32042]: Connection closed by authenticating user root 176.31.240.226 port 44152 [preauth]","@timestamp":"2022-09-16T19:51:47.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 19:51:53 honeypot-fra-1 sshd[22752]: Received disconnect from 159.223.70.83 port 38953:11: Bye Bye [preauth]","@timestamp":"2022-09-16T19:51:53.724Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:52:16 honeypot-ams-1 sshd[32052]: Invalid user user from 46.19.141.122 port 45972","@timestamp":"2022-09-16T19:52:17.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:53:04 honeypot-ams-1 sshd[32056]: Invalid user support from 46.19.141.122 port 60142","@timestamp":"2022-09-16T19:53:05.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:54:01 honeypot-ams-1 sshd[32060]: Connection closed by invalid user guest 193.106.191.157 port 58946 [preauth]","@timestamp":"2022-09-16T19:54:02.444Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 19:58:03 honeypot-ams-1 sshd[32065]: Disconnected from authenticating user root 92.255.85.69 port 22500 [preauth]","@timestamp":"2022-09-16T19:58:03.549Z"}
{"@timestamp":"2022-09-16T19:59:51.805Z","@version":"1","message":"Sep 16 19:59:51 honeypot-sgp-1 sshd[25853]: Invalid user git from 196.191.116.209 port 2130","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:01:23.844Z","@version":"1","message":"Sep 16 20:01:23 honeypot-sgp-1 sshd[25858]: Invalid user andreia from 178.128.114.244 port 39660","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:01:38 honeypot-fra-1 kernel: [84232910.846503] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=86 TOS=0x00 PREC=0x00 TTL=250 ID=23484 PROTO=TCP SPT=9867 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:01:38.939Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T20:05:15.936Z","@version":"1","message":"Sep 16 20:05:15 honeypot-sgp-1 sshd[25862]: Invalid user git from 43.154.5.246 port 33708","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:08:50.022Z","@version":"1","message":"Sep 16 20:08:49 honeypot-sgp-1 kernel: [84235035.369845] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=52194 DF PROTO=TCP SPT=63846 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:09:55 honeypot-fra-1 sshd[22766]: Connection closed by authenticating user root 194.163.190.53 port 60524 [preauth]","@timestamp":"2022-09-16T20:09:56.123Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:13:33 honeypot-ams-1 sshd[32071]: Connection closed by invalid user guest 193.106.191.157 port 44172 [preauth]","@timestamp":"2022-09-16T20:13:33.958Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:15:33 honeypot-fra-1 sshd[22773]: Received disconnect from 40.118.190.19 port 52532:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:15:34.248Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:18:33.249Z","@version":"1","message":"Sep 16 20:18:33 honeypot-sgp-1 kernel: [84235618.525903] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=51708 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:18:53 honeypot-ams-1 sshd[32077]: Did not receive identification string from 45.61.186.169 port 32918","@timestamp":"2022-09-16T20:18:53.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:26 honeypot-ams-1 sshd[32080]: Disconnected from invalid user user 45.61.186.169 port 57010 [preauth]","@timestamp":"2022-09-16T20:19:27.117Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:42 honeypot-ams-1 sshd[32084]: Disconnected from invalid user user 45.61.186.169 port 51440 [preauth]","@timestamp":"2022-09-16T20:19:43.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:19:57 honeypot-ams-1 sshd[32088]: Disconnected from invalid user user 45.61.186.169 port 45862 [preauth]","@timestamp":"2022-09-16T20:19:58.133Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:21:35 honeypot-ams-1 sshd[32092]: Received disconnect from 92.255.85.70 port 54294:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:21:36.179Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:23:21 honeypot-fra-1 sshd[22781]: Invalid user guest from 193.106.191.157 port 34592","@timestamp":"2022-09-16T20:23:22.421Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:28:29 honeypot-fra-1 sshd[22788]: Invalid user mysql from 92.255.85.70 port 31496","@timestamp":"2022-09-16T20:28:29.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 20:30:10 honeypot-ams-1 kernel: [84236791.236132] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.156.155.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=33203 PROTO=TCP SPT=45326 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T20:30:10.400Z"}
{"@timestamp":"2022-09-16T20:30:30.531Z","@version":"1","message":"Sep 16 20:30:30 honeypot-sgp-1 kernel: [84236335.827782] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=49592 PROTO=TCP SPT=40204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:33:57 honeypot-fra-1 sshd[22793]: Received disconnect from 161.35.131.133 port 57498:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:33:57.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:34:13 honeypot-ams-1 sshd[32103]: Received disconnect from 181.191.9.163 port 27844:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:34:14.508Z"}
{"@timestamp":"2022-09-16T20:40:13.759Z","@version":"1","message":"Sep 16 20:40:13 honeypot-sgp-1 sshd[25880]: Connection closed by invalid user installer 116.98.174.154 port 49776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:40:35.771Z","@version":"1","message":"Sep 16 20:40:35 honeypot-sgp-1 sshd[25888]: Invalid user tomcat from 116.98.174.154 port 60870","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:02.784Z","@version":"1","message":"Sep 16 20:41:02 honeypot-sgp-1 sshd[25894]: Invalid user test from 116.98.174.154 port 43346","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:07.786Z","@version":"1","message":"Sep 16 20:41:07 honeypot-sgp-1 sshd[25900]: Invalid user test from 116.98.174.154 port 34576","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:15.791Z","@version":"1","message":"Sep 16 20:41:15 honeypot-sgp-1 sshd[25906]: Connection closed by authenticating user root 116.98.174.154 port 59948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:26.796Z","@version":"1","message":"Sep 16 20:41:26 honeypot-sgp-1 sshd[25912]: Connection closed by invalid user ftp 116.98.174.154 port 39594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:33.801Z","@version":"1","message":"Sep 16 20:41:33 honeypot-sgp-1 kernel: [84236998.516493] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=27994 DF PROTO=TCP SPT=55294 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:41:46.808Z","@version":"1","message":"Sep 16 20:41:45 honeypot-sgp-1 sshd[25924]: Invalid user lily from 116.98.174.154 port 53862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:06.817Z","@version":"1","message":"Sep 16 20:42:05 honeypot-sgp-1 sshd[25930]: Invalid user admin from 116.98.174.154 port 39862","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:10.819Z","@version":"1","message":"Sep 16 20:42:10 honeypot-sgp-1 sshd[25936]: Connection closed by invalid user carl 116.98.174.154 port 40296 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:13.821Z","@version":"1","message":"Sep 16 20:42:13 honeypot-sgp-1 sshd[25942]: Connection closed by invalid user ftpuser 116.98.174.154 port 56106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:35.832Z","@version":"1","message":"Sep 16 20:42:35 honeypot-sgp-1 sshd[25946]: Connection closed by invalid user music 116.98.174.154 port 55608 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:39.834Z","@version":"1","message":"Sep 16 20:42:38 honeypot-sgp-1 sshd[25954]: Connection closed by invalid user 1502 116.98.174.154 port 42302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:47.839Z","@version":"1","message":"Sep 16 20:42:47 honeypot-sgp-1 sshd[25962]: Connection closed by invalid user financeiro 116.98.174.154 port 51100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:52.842Z","@version":"1","message":"Sep 16 20:42:52 honeypot-sgp-1 sshd[25968]: Invalid user miner from 116.98.174.154 port 38504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:42:57.844Z","@version":"1","message":"Sep 16 20:42:57 honeypot-sgp-1 sshd[25974]: Connection closed by invalid user ethos 116.98.174.154 port 40386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:43:05 honeypot-fra-1 sshd[22801]: Invalid user liberty from 165.22.45.108 port 56498","@timestamp":"2022-09-16T20:43:05.875Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:43:06.849Z","@version":"1","message":"Sep 16 20:43:05 honeypot-sgp-1 sshd[25980]: Connection closed by invalid user ubnt 116.98.174.154 port 42094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:13.853Z","@version":"1","message":"Sep 16 20:43:13 honeypot-sgp-1 sshd[25988]: Invalid user phil from 116.98.174.154 port 36962","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:19.857Z","@version":"1","message":"Sep 16 20:43:19 honeypot-sgp-1 sshd[25992]: Connection closed by invalid user sejong79 116.98.174.154 port 48716 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:29.862Z","@version":"1","message":"Sep 16 20:43:28 honeypot-sgp-1 sshd[26003]: Invalid user ssh from 116.98.174.154 port 37936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:30.863Z","@version":"1","message":"Sep 16 20:43:30 honeypot-sgp-1 sshd[26008]: Invalid user ftpuser from 116.98.174.154 port 59344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:40.867Z","@version":"1","message":"Sep 16 20:43:40 honeypot-sgp-1 sshd[26014]: Invalid user joro from 116.98.174.154 port 54148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:43:51.873Z","@version":"1","message":"Sep 16 20:43:51 honeypot-sgp-1 sshd[26020]: Connection closed by authenticating user bin 116.98.174.154 port 43484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:02.879Z","@version":"1","message":"Sep 16 20:44:02 honeypot-sgp-1 sshd[26026]: Invalid user sales1 from 116.98.174.154 port 40936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:07.882Z","@version":"1","message":"Sep 16 20:44:07 honeypot-sgp-1 sshd[26030]: Invalid user admin from 116.98.174.154 port 56278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:10.883Z","@version":"1","message":"Sep 16 20:44:10 honeypot-sgp-1 sshd[26040]: Invalid user sales from 116.98.174.154 port 36000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:16.887Z","@version":"1","message":"Sep 16 20:44:16 honeypot-sgp-1 sshd[26044]: Connection closed by invalid user bill 116.98.174.154 port 48568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:22.890Z","@version":"1","message":"Sep 16 20:44:22 honeypot-sgp-1 sshd[26050]: Connection closed by invalid user sanritu-m 116.98.174.154 port 51210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:41.899Z","@version":"1","message":"Sep 16 20:44:41 honeypot-sgp-1 sshd[26057]: Invalid user testuser from 116.98.174.154 port 35180","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:44:58.907Z","@version":"1","message":"Sep 16 20:44:58 honeypot-sgp-1 sshd[26063]: Invalid user internet from 116.98.174.154 port 46496","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:03.910Z","@version":"1","message":"Sep 16 20:45:02 honeypot-sgp-1 sshd[26069]: Invalid user teste from 116.98.174.154 port 56492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:07.912Z","@version":"1","message":"Sep 16 20:45:07 honeypot-sgp-1 sshd[26071]: Disconnected from invalid user user 45.61.186.169 port 34836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:14.916Z","@version":"1","message":"Sep 16 20:45:14 honeypot-sgp-1 sshd[26080]: Connection closed by invalid user payroll 116.98.174.154 port 45118 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:17.918Z","@version":"1","message":"Sep 16 20:45:17 honeypot-sgp-1 sshd[26086]: Connection closed by authenticating user root 116.98.174.154 port 49076 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:20.920Z","@version":"1","message":"Sep 16 20:45:20 honeypot-sgp-1 sshd[26092]: Connection closed by invalid user pal 116.98.174.154 port 54498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:23.921Z","@version":"1","message":"Sep 16 20:45:23 honeypot-sgp-1 sshd[26098]: Disconnected from invalid user user 45.61.186.169 port 57430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:31.926Z","@version":"1","message":"Sep 16 20:45:31 honeypot-sgp-1 sshd[26106]: Connection closed by invalid user admin 116.98.174.154 port 42166 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:33.927Z","@version":"1","message":"Sep 16 20:45:33 honeypot-sgp-1 sshd[26110]: Invalid user kiccuser from 116.98.174.154 port 42852","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:38.930Z","@version":"1","message":"Sep 16 20:45:37 honeypot-sgp-1 sshd[26116]: Connection closed by invalid user ftpuser 116.98.174.154 port 60302 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:45:40 honeypot-ams-1 sshd[32107]: Disconnected from authenticating user root 92.255.85.70 port 39412 [preauth]","@timestamp":"2022-09-16T20:45:40.801Z"}
{"@timestamp":"2022-09-16T20:45:44.934Z","@version":"1","message":"Sep 16 20:45:43 honeypot-sgp-1 sshd[26122]: Connection closed by invalid user guest 116.98.174.154 port 43158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:47.935Z","@version":"1","message":"Sep 16 20:45:47 honeypot-sgp-1 sshd[26130]: Connection closed by invalid user test 116.98.174.154 port 56610 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:50.936Z","@version":"1","message":"Sep 16 20:45:50 honeypot-sgp-1 sshd[26134]: Connection closed by invalid user sergey 116.98.174.154 port 40572 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:55.939Z","@version":"1","message":"Sep 16 20:45:55 honeypot-sgp-1 kernel: [84237260.622188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=46790 PROTO=TCP SPT=54254 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:45:57.940Z","@version":"1","message":"Sep 16 20:45:57 honeypot-sgp-1 sshd[26144]: Connection closed by invalid user admin 116.98.174.154 port 33956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:08.946Z","@version":"1","message":"Sep 16 20:46:08 honeypot-sgp-1 sshd[26150]: Connection closed by invalid user customer 116.98.174.154 port 58418 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:10.948Z","@version":"1","message":"Sep 16 20:46:10 honeypot-sgp-1 sshd[26156]: Connection closed by invalid user db2inst2 116.98.174.154 port 57886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:18.952Z","@version":"1","message":"Sep 16 20:46:18 honeypot-sgp-1 sshd[26162]: Connection closed by invalid user testing 116.98.174.154 port 53048 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:20.953Z","@version":"1","message":"Sep 16 20:46:20 honeypot-sgp-1 sshd[26168]: Connection closed by invalid user laura 116.98.174.154 port 45428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:33.960Z","@version":"1","message":"Sep 16 20:46:33 honeypot-sgp-1 sshd[26176]: Invalid user upport from 116.98.174.154 port 53478","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:46:48.968Z","@version":"1","message":"Sep 16 20:46:48 honeypot-sgp-1 sshd[26182]: Connection closed by authenticating user root 116.98.174.154 port 57880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:03.975Z","@version":"1","message":"Sep 16 20:47:03 honeypot-sgp-1 sshd[26190]: Connection closed by invalid user user1 116.98.174.154 port 60512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:17.982Z","@version":"1","message":"Sep 16 20:47:17 honeypot-sgp-1 sshd[26196]: Connection closed by invalid user scan 116.98.174.154 port 39300 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:33.990Z","@version":"1","message":"Sep 16 20:47:33 honeypot-sgp-1 sshd[26202]: Connection closed by invalid user oracle 116.98.174.154 port 35740 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:35.991Z","@version":"1","message":"Sep 16 20:47:35 honeypot-sgp-1 sshd[26208]: Connection closed by invalid user sharon 116.98.174.154 port 57324 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:42.994Z","@version":"1","message":"Sep 16 20:47:42 honeypot-sgp-1 sshd[26214]: Connection closed by invalid user ftpuser 116.98.174.154 port 51190 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:49.999Z","@version":"1","message":"Sep 16 20:47:49 honeypot-sgp-1 sshd[26222]: Invalid user account from 116.98.174.154 port 43288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:47:53.000Z","@version":"1","message":"Sep 16 20:47:52 honeypot-sgp-1 sshd[26228]: Invalid user user7 from 116.98.174.154 port 50648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:00.005Z","@version":"1","message":"Sep 16 20:47:59 honeypot-sgp-1 sshd[26234]: Connection closed by invalid user security 116.98.174.154 port 43840 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:06.008Z","@version":"1","message":"Sep 16 20:48:05 honeypot-sgp-1 sshd[26242]: Connection closed by invalid user philippe 116.98.174.154 port 36156 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:10.010Z","@version":"1","message":"Sep 16 20:48:09 honeypot-sgp-1 sshd[26250]: Invalid user anna from 116.98.174.154 port 55522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:12.011Z","@version":"1","message":"Sep 16 20:48:11 honeypot-sgp-1 sshd[26256]: Invalid user cmsftp from 116.98.174.154 port 52192","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:17.015Z","@version":"1","message":"Sep 16 20:48:16 honeypot-sgp-1 sshd[26262]: Invalid user dean from 116.98.174.154 port 43768","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:37.025Z","@version":"1","message":"Sep 16 20:48:36 honeypot-sgp-1 sshd[26268]: Connection closed by invalid user git1 116.98.174.154 port 43062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:54.033Z","@version":"1","message":"Sep 16 20:48:53 honeypot-sgp-1 sshd[26274]: Invalid user enrique from 116.98.174.154 port 35772","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:48:56.034Z","@version":"1","message":"Sep 16 20:48:55 honeypot-sgp-1 sshd[26280]: Connection closed by authenticating user root 116.98.174.154 port 44338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:01.038Z","@version":"1","message":"Sep 16 20:49:00 honeypot-sgp-1 sshd[26286]: Connection closed by invalid user admin 116.98.174.154 port 46444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:15.045Z","@version":"1","message":"Sep 16 20:49:14 honeypot-sgp-1 sshd[26292]: Connection closed by invalid user new 116.98.174.154 port 48106 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:25.049Z","@version":"1","message":"Sep 16 20:49:24 honeypot-sgp-1 sshd[26298]: Connection closed by invalid user notjoin 116.98.174.154 port 53814 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:40.057Z","@version":"1","message":"Sep 16 20:49:39 honeypot-sgp-1 sshd[26306]: Invalid user admin from 116.98.174.154 port 44288","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:42.058Z","@version":"1","message":"Sep 16 20:49:41 honeypot-sgp-1 sshd[26312]: Invalid user php5 from 116.98.174.154 port 40246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:45.061Z","@version":"1","message":"Sep 16 20:49:44 honeypot-sgp-1 sshd[26318]: Invalid user server from 116.98.174.154 port 48300","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:49.063Z","@version":"1","message":"Sep 16 20:49:48 honeypot-sgp-1 sshd[26324]: Invalid user operator from 116.98.174.154 port 37638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:49:52.064Z","@version":"1","message":"Sep 16 20:49:51 honeypot-sgp-1 sshd[26330]: Invalid user lpa from 116.98.174.154 port 50332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:09.073Z","@version":"1","message":"Sep 16 20:50:08 honeypot-sgp-1 sshd[26336]: Invalid user judy from 116.98.174.154 port 54312","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:25.081Z","@version":"1","message":"Sep 16 20:50:24 honeypot-sgp-1 sshd[26345]: Invalid user cisco from 116.98.174.154 port 44918","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:28.082Z","@version":"1","message":"Sep 16 20:50:27 honeypot-sgp-1 sshd[26351]: Invalid user linux from 116.98.174.154 port 38942","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:34.086Z","@version":"1","message":"Sep 16 20:50:33 honeypot-sgp-1 sshd[26357]: Connection closed by invalid user bob 116.98.174.154 port 37714 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:50:39.088Z","@version":"1","message":"Sep 16 20:50:38 honeypot-sgp-1 sshd[26365]: Connection closed by authenticating user root 116.98.174.154 port 57446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:07.101Z","@version":"1","message":"Sep 16 20:51:06 honeypot-sgp-1 sshd[26373]: Connection closed by authenticating user syslog 116.98.174.154 port 48772 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:17.107Z","@version":"1","message":"Sep 16 20:51:16 honeypot-sgp-1 sshd[26379]: Connection closed by invalid user sakura 116.98.174.154 port 44238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:23.110Z","@version":"1","message":"Sep 16 20:51:22 honeypot-sgp-1 sshd[26385]: Connection closed by invalid user shagrath 116.98.174.154 port 42394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:36.116Z","@version":"1","message":"Sep 16 20:51:35 honeypot-sgp-1 sshd[26393]: Invalid user admIndian from 116.98.174.154 port 50230","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:37.117Z","@version":"1","message":"Sep 16 20:51:37 honeypot-sgp-1 sshd[26399]: Invalid user guest from 116.98.174.154 port 39554","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:51:54.125Z","@version":"1","message":"Sep 16 20:51:53 honeypot-sgp-1 sshd[26407]: Invalid user vpn from 116.98.174.154 port 59294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:03.130Z","@version":"1","message":"Sep 16 20:52:02 honeypot-sgp-1 sshd[26415]: Invalid user test from 116.98.174.154 port 58026","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 20:52:12 honeypot-fra-1 sshd[22806]: Received disconnect from 92.255.85.69 port 17858:11: Bye Bye [preauth]","@timestamp":"2022-09-16T20:52:13.077Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T20:52:17.137Z","@version":"1","message":"Sep 16 20:52:16 honeypot-sgp-1 sshd[26421]: Invalid user intermec from 116.98.174.154 port 57118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:20.139Z","@version":"1","message":"Sep 16 20:52:19 honeypot-sgp-1 sshd[26427]: Invalid user ftp from 116.98.174.154 port 39480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:27.142Z","@version":"1","message":"Sep 16 20:52:26 honeypot-sgp-1 sshd[26433]: Connection closed by invalid user jennifer 116.98.174.154 port 53946 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:39.148Z","@version":"1","message":"Sep 16 20:52:38 honeypot-sgp-1 kernel: [84237663.524281] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=116 ID=44020 DF PROTO=TCP SPT=55221 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:52:41 honeypot-ams-1 sshd[32113]: Invalid user uqs from 190.104.25.210 port 54100","@timestamp":"2022-09-16T20:52:41.986Z"}
{"@timestamp":"2022-09-16T20:52:49.154Z","@version":"1","message":"Sep 16 20:52:48 honeypot-sgp-1 sshd[26445]: Invalid user transfer from 116.98.174.154 port 58640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:52:57.158Z","@version":"1","message":"Sep 16 20:52:56 honeypot-sgp-1 sshd[26451]: Connection closed by invalid user emilie 116.98.174.154 port 36394 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:09.164Z","@version":"1","message":"Sep 16 20:53:08 honeypot-sgp-1 sshd[26457]: Connection closed by invalid user client 116.98.174.154 port 47976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:24.172Z","@version":"1","message":"Sep 16 20:53:23 honeypot-sgp-1 sshd[26463]: Connection closed by invalid user webadmin 116.98.174.154 port 51122 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:28 honeypot-ams-1 sshd[32118]: Received disconnect from 80.76.51.189 port 43526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:53:29.010Z"}
{"@timestamp":"2022-09-16T20:53:38.178Z","@version":"1","message":"Sep 16 20:53:37 honeypot-sgp-1 sshd[26469]: Connection closed by invalid user ashish 116.98.174.154 port 36470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:53:44.182Z","@version":"1","message":"Sep 16 20:53:44 honeypot-sgp-1 sshd[26475]: Connection closed by invalid user admin 116.98.174.154 port 42944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:47 honeypot-ams-1 sshd[32122]: Received disconnect from 45.61.186.49 port 37970:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:53:48.019Z"}
{"@timestamp":"2022-09-16T20:53:52.186Z","@version":"1","message":"Sep 16 20:53:52 honeypot-sgp-1 sshd[26481]: Invalid user admin from 116.98.174.154 port 37746","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:53:56 honeypot-ams-1 sshd[32126]: Disconnected from authenticating user root 80.76.51.189 port 56216 [preauth]","@timestamp":"2022-09-16T20:53:57.025Z"}
{"@timestamp":"2022-09-16T20:54:01.191Z","@version":"1","message":"Sep 16 20:54:00 honeypot-sgp-1 sshd[26487]: Invalid user 123456789 from 116.98.174.154 port 35146","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:12.195Z","@version":"1","message":"Sep 16 20:54:11 honeypot-sgp-1 sshd[26493]: Invalid user nagios from 116.98.174.154 port 38440","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:24.202Z","@version":"1","message":"Sep 16 20:54:23 honeypot-sgp-1 sshd[26499]: Connection closed by authenticating user root 116.98.174.154 port 41140 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:25.202Z","@version":"1","message":"Sep 16 20:54:24 honeypot-sgp-1 sshd[26505]: Connection closed by invalid user mailtest 116.98.174.154 port 38204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:36.208Z","@version":"1","message":"Sep 16 20:54:35 honeypot-sgp-1 sshd[26513]: Connection closed by invalid user free 116.98.174.154 port 50278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:41.210Z","@version":"1","message":"Sep 16 20:54:40 honeypot-sgp-1 sshd[26519]: Connection closed by invalid user downloads 116.98.174.154 port 48882 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:54:48.215Z","@version":"1","message":"Sep 16 20:54:47 honeypot-sgp-1 sshd[26525]: Invalid user admin from 116.98.174.154 port 47852","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:54:52 honeypot-ams-1 sshd[32132]: Received disconnect from 80.76.51.189 port 53218:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:54:53.054Z"}
{"@timestamp":"2022-09-16T20:55:00.221Z","@version":"1","message":"Sep 16 20:54:59 honeypot-sgp-1 sshd[26533]: Invalid user public from 116.98.174.154 port 45988","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:20.230Z","@version":"1","message":"Sep 16 20:55:19 honeypot-sgp-1 sshd[26540]: Connection closed by 66.76.55.84 port 51636 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:33.237Z","@version":"1","message":"Sep 16 20:55:32 honeypot-sgp-1 sshd[26546]: Connection closed by invalid user chris 116.98.174.154 port 57972 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:38.239Z","@version":"1","message":"Sep 16 20:55:37 honeypot-sgp-1 sshd[26552]: Connection closed by invalid user prueba 116.98.174.154 port 38930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:45.244Z","@version":"1","message":"Sep 16 20:55:44 honeypot-sgp-1 sshd[26560]: Connection closed by invalid user jacob 116.98.174.154 port 33318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:51.247Z","@version":"1","message":"Sep 16 20:55:51 honeypot-sgp-1 sshd[26568]: Invalid user user1 from 116.98.174.154 port 35858","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:55:55.249Z","@version":"1","message":"Sep 16 20:55:54 honeypot-sgp-1 sshd[26574]: Invalid user webconfig from 116.98.174.154 port 54700","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:00.253Z","@version":"1","message":"Sep 16 20:56:00 honeypot-sgp-1 sshd[26580]: Connection closed by invalid user staff 116.98.174.154 port 50984 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:17.261Z","@version":"1","message":"Sep 16 20:56:16 honeypot-sgp-1 sshd[26586]: Connection closed by invalid user changup7 116.98.174.154 port 40158 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:56:20 honeypot-ams-1 sshd[32140]: Received disconnect from 80.76.51.189 port 34616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T20:56:21.094Z"}
{"@timestamp":"2022-09-16T20:56:23.264Z","@version":"1","message":"Sep 16 20:56:22 honeypot-sgp-1 sshd[26594]: Connection closed by 82.112.131.162 port 37292 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:39.272Z","@version":"1","message":"Sep 16 20:56:38 honeypot-sgp-1 sshd[26600]: Invalid user test from 116.98.174.154 port 44034","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:43.274Z","@version":"1","message":"Sep 16 20:56:43 honeypot-sgp-1 sshd[26606]: Connection closed by invalid user ryan 116.98.174.154 port 34450 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:56:48.277Z","@version":"1","message":"Sep 16 20:56:48 honeypot-sgp-1 sshd[26614]: Invalid user edwin from 116.98.174.154 port 44226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T20:57:00.283Z","@version":"1","message":"Sep 16 20:56:59 honeypot-sgp-1 sshd[26620]: Connection closed by invalid user rui 116.98.174.154 port 40834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:57:21 honeypot-ams-1 sshd[32144]: Disconnected from authenticating user root 80.76.51.189 port 59862 [preauth]","@timestamp":"2022-09-16T20:57:22.123Z"}
{"@timestamp":"2022-09-16T20:57:25.295Z","@version":"1","message":"Sep 16 20:57:24 honeypot-sgp-1 sshd[26628]: Connection closed by authenticating user root 116.98.174.154 port 45596 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:58:24 honeypot-ams-1 sshd[32148]: Disconnected from invalid user admin 80.76.51.189 port 56866 [preauth]","@timestamp":"2022-09-16T20:58:25.152Z"}
{"@timestamp":"2022-09-16T20:59:14.341Z","@version":"1","message":"Sep 16 20:59:13 honeypot-sgp-1 sshd[26634]: Invalid user blank from 179.60.147.69 port 14354","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 20:59:26 honeypot-ams-1 sshd[32152]: Disconnected from invalid user ansible 80.76.51.189 port 53884 [preauth]","@timestamp":"2022-09-16T20:59:27.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:00:30 honeypot-ams-1 sshd[32157]: Disconnected from invalid user ansible 80.76.51.189 port 50894 [preauth]","@timestamp":"2022-09-16T21:00:30.210Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:01:16 honeypot-fra-1 sshd[22813]: Invalid user henry from 141.98.10.158 port 38240","@timestamp":"2022-09-16T21:01:16.280Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:34 honeypot-ams-1 sshd[32161]: Disconnected from authenticating user root 80.76.51.189 port 47908 [preauth]","@timestamp":"2022-09-16T21:01:34.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:47 honeypot-ams-1 sshd[32167]: Received disconnect from 179.171.158.147 port 59480:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:01:48.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:01:53 honeypot-ams-1 sshd[32173]: Received disconnect from 179.171.158.147 port 59704:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:01:54.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:02 honeypot-ams-1 sshd[32179]: Received disconnect from 179.171.158.147 port 60170:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:02.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:08 honeypot-ams-1 sshd[32183]: Received disconnect from 179.171.158.147 port 60458:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:09.264Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:15 honeypot-ams-1 sshd[32191]: Received disconnect from 179.171.158.147 port 60862:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:16.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:23 honeypot-ams-1 sshd[32197]: Received disconnect from 179.171.158.147 port 32994:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:24.358Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:31 honeypot-ams-1 sshd[32203]: Received disconnect from 179.171.158.147 port 33374:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:32.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:35 honeypot-ams-1 sshd[32209]: Received disconnect from 179.171.158.147 port 33658:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:02:36.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:39 honeypot-ams-1 sshd[32215]: Invalid user oracle from 80.76.51.189 port 44924","@timestamp":"2022-09-16T21:02:40.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:44 honeypot-ams-1 sshd[32219]: Disconnected from authenticating user root 179.171.158.147 port 34104 [preauth]","@timestamp":"2022-09-16T21:02:45.372Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:52 honeypot-ams-1 sshd[32225]: Disconnected from authenticating user root 179.171.158.147 port 34516 [preauth]","@timestamp":"2022-09-16T21:02:53.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:02:58 honeypot-ams-1 sshd[32231]: Disconnected from authenticating user root 179.171.158.147 port 34888 [preauth]","@timestamp":"2022-09-16T21:02:59.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:05 honeypot-ams-1 sshd[32237]: Disconnected from authenticating user root 179.171.158.147 port 35194 [preauth]","@timestamp":"2022-09-16T21:03:06.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:12 honeypot-ams-1 sshd[32243]: Invalid user admin from 179.171.158.147 port 35668","@timestamp":"2022-09-16T21:03:13.389Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:15 honeypot-ams-1 sshd[32245]: Invalid user admin from 179.171.158.147 port 35746","@timestamp":"2022-09-16T21:03:15.390Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:19 honeypot-ams-1 sshd[32251]: Invalid user admin from 179.171.158.147 port 36008","@timestamp":"2022-09-16T21:03:20.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:25 honeypot-ams-1 sshd[32255]: Invalid user admin from 179.171.158.147 port 36270","@timestamp":"2022-09-16T21:03:25.396Z"}
{"@timestamp":"2022-09-16T21:03:27.439Z","@version":"1","message":"Sep 16 21:03:27 honeypot-sgp-1 sshd[26639]: Invalid user ubuntu from 66.76.55.84 port 52210","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:30 honeypot-ams-1 sshd[32259]: Invalid user admin from 179.171.158.147 port 36522","@timestamp":"2022-09-16T21:03:30.399Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:35 honeypot-ams-1 sshd[32263]: Invalid user user from 179.171.158.147 port 36836","@timestamp":"2022-09-16T21:03:35.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:40 honeypot-ams-1 sshd[32267]: Disconnected from authenticating user root 179.171.158.147 port 37062 [preauth]","@timestamp":"2022-09-16T21:03:40.406Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:44 honeypot-ams-1 sshd[32271]: Disconnected from invalid user pi 179.171.158.147 port 37342 [preauth]","@timestamp":"2022-09-16T21:03:45.409Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:48 honeypot-ams-1 sshd[32275]: Received disconnect from 179.171.158.147 port 37548:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:03:49.412Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:51 honeypot-ams-1 sshd[32279]: Disconnected from invalid user mine 179.171.158.147 port 37672 [preauth]","@timestamp":"2022-09-16T21:03:52.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:03:57 honeypot-ams-1 sshd[32283]: Disconnected from invalid user xbmc 179.171.158.147 port 37942 [preauth]","@timestamp":"2022-09-16T21:03:57.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:00 honeypot-ams-1 sshd[32287]: Disconnected from invalid user oracle 179.171.158.147 port 38192 [preauth]","@timestamp":"2022-09-16T21:04:01.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:05 honeypot-ams-1 sshd[32291]: Received disconnect from 179.171.158.147 port 38434:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:06.424Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:10 honeypot-ams-1 sshd[32295]: Received disconnect from 179.171.158.147 port 38690:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:11.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:15 honeypot-ams-1 sshd[32299]: Received disconnect from 179.171.158.147 port 38916:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:15.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:20 honeypot-ams-1 sshd[32303]: Received disconnect from 179.171.158.147 port 39144:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:21.433Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:24 honeypot-ams-1 sshd[32307]: Received disconnect from 179.171.158.147 port 39460:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:04:25.436Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:26 honeypot-ams-1 sshd[32311]: Disconnected from invalid user test 179.171.158.147 port 39554 [preauth]","@timestamp":"2022-09-16T21:04:26.437Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:04:30 honeypot-ams-1 sshd[32315]: Disconnected from invalid user cirros 179.171.158.147 port 39756 [preauth]","@timestamp":"2022-09-16T21:04:31.440Z"}
{"@timestamp":"2022-09-16T21:04:32.466Z","@version":"1","message":"Sep 16 21:04:32 honeypot-sgp-1 sshd[26643]: Invalid user pi from 82.112.131.162 port 37597","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:05:35 honeypot-ams-1 sshd[32324]: Disconnected from authenticating user root 80.76.51.189 port 51574 [preauth]","@timestamp":"2022-09-16T21:05:35.471Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:06:10 honeypot-fra-1 kernel: [84236783.456336] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=87 TOS=0x00 PREC=0x00 TTL=250 ID=57915 PROTO=TCP SPT=30583 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:06:11.394Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:06:33 honeypot-ams-1 sshd[32328]: Received disconnect from 92.255.85.69 port 58072:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:06:33.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:08:28 honeypot-fra-1 kernel: [84236920.823037] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22860 PROTO=TCP SPT=42003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:08:28.449Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T21:11:18.621Z","@version":"1","message":"Sep 16 21:11:18 honeypot-sgp-1 sshd[26648]: Invalid user ubnt from 46.101.132.159 port 59510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:11:40.632Z","@version":"1","message":"Sep 16 21:11:39 honeypot-sgp-1 sshd[26652]: Received disconnect from 137.184.118.54 port 52048:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T21:11:46.635Z","@version":"1","message":"Sep 16 21:11:46 honeypot-sgp-1 sshd[26654]: Disconnected from invalid user ubnt 71.206.128.118 port 48427 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:17:01 honeypot-fra-1 CRON[22829]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T21:17:01.650Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:17:01.759Z","@version":"1","message":"Sep 16 21:17:01 honeypot-sgp-1 CRON[26661]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:17:25 honeypot-ams-1 sshd[32334]: Invalid user job from 157.230.47.123 port 33958","@timestamp":"2022-09-16T21:17:25.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22850]: Invalid user oracle from 134.209.151.21 port 49412","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22834]: Invalid user ubuntu from 134.209.151.21 port 49354","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22857]: Invalid user hadoop from 134.209.151.21 port 49384","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22849]: Connection closed by invalid user mysql 134.209.151.21 port 49394 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22854]: Connection closed by authenticating user root 134.209.151.21 port 49366 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22839]: Connection closed by authenticating user root 134.209.151.21 port 49378 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:18:15 honeypot-fra-1 sshd[22856]: Connection closed by authenticating user root 134.209.151.21 port 49352 [preauth]","@timestamp":"2022-09-16T21:18:15.681Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T21:21:36.867Z","@version":"1","message":"Sep 16 21:21:36 honeypot-sgp-1 sshd[26669]: Invalid user user from 92.255.85.69 port 35426","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:22:52 honeypot-ams-1 sshd[32337]: Received disconnect from 103.186.100.72 port 60220:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:22:52.952Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:26:56 honeypot-ams-1 kernel: [84240197.876218] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=3033 PROTO=TCP SPT=4548 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:26:57.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:31:18 honeypot-fra-1 kernel: [84238290.974108] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57077 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:31:18.974Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:31:51 honeypot-ams-1 sshd[32344]: Received disconnect from 92.255.85.69 port 32134:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:31:52.188Z"}
{"@timestamp":"2022-09-16T21:35:21.183Z","@version":"1","message":"Sep 16 21:35:20 honeypot-sgp-1 sshd[26674]: Connection closed by invalid user ubnt 179.60.147.69 port 5994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:37:01 honeypot-ams-1 sshd[32348]: Connection closed by 167.248.133.63 port 44310 [preauth]","@timestamp":"2022-09-16T21:37:02.341Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:39:26 honeypot-fra-1 sshd[22897]: Received disconnect from 92.255.85.70 port 18086:11: Bye Bye [preauth]","@timestamp":"2022-09-16T21:39:26.159Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:20 honeypot-fra-1 sshd[22901]: Connection closed by invalid user admin 153.198.160.41 port 48673 [preauth]","@timestamp":"2022-09-16T21:40:21.182Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:40:49 honeypot-fra-1 sshd[22905]: Disconnected from invalid user uc 190.210.37.246 port 60065 [preauth]","@timestamp":"2022-09-16T21:40:50.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:43:54 honeypot-fra-1 kernel: [84239046.989077] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.163.5.77 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=13938 PROTO=TCP SPT=44291 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T21:43:55.268Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 21:44:27 honeypot-ams-1 kernel: [84241248.335184] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=64517 DF PROTO=TCP SPT=53829 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T21:44:27.534Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 21:54:34 honeypot-fra-1 sshd[22915]: Disconnected from invalid user ubuntu 137.184.40.32 port 36998 [preauth]","@timestamp":"2022-09-16T21:54:34.504Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 21:55:10 honeypot-ams-1 sshd[32372]: Disconnected from invalid user admin 92.255.85.69 port 43678 [preauth]","@timestamp":"2022-09-16T21:55:11.812Z"}
{"@timestamp":"2022-09-16T21:59:45.739Z","@version":"1","message":"Sep 16 21:59:44 honeypot-sgp-1 kernel: [84241690.211833] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=87 TOS=0x00 PREC=0x00 TTL=245 ID=63035 PROTO=TCP SPT=15825 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:02:04 honeypot-fra-1 sshd[22922]: Received disconnect from 142.93.163.183 port 54332:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:02:04.674Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:04:22.848Z","@version":"1","message":"Sep 16 22:04:21 honeypot-sgp-1 sshd[26699]: Received disconnect from 203.150.102.162 port 60378:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:05:01 honeypot-fra-1 sshd[22926]: Disconnected from authenticating user root 144.24.131.170 port 47472 [preauth]","@timestamp":"2022-09-16T22:05:01.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:07:58 honeypot-fra-1 sshd[22933]: Invalid user gi from 104.236.237.117 port 35127","@timestamp":"2022-09-16T22:07:58.840Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:08:14.938Z","@version":"1","message":"Sep 16 22:08:14 honeypot-sgp-1 kernel: [84242199.314766] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=42389 DF PROTO=TCP SPT=54078 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:08:49 honeypot-ams-1 kernel: [84242710.199919] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.52.83.176 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=14759 PROTO=TCP SPT=2913 DPT=443 WINDOW=50096 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:08:49.169Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:09:34 honeypot-fra-1 sshd[22937]: Received disconnect from 46.101.187.234 port 44162:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:09:34.877Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T22:10:38.997Z","@version":"1","message":"Sep 16 22:10:38 honeypot-sgp-1 sshd[26705]: Received disconnect from 45.61.184.204 port 33108:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:10:58.007Z","@version":"1","message":"Sep 16 22:10:57 honeypot-sgp-1 sshd[26709]: Received disconnect from 45.61.184.204 port 55744:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:15.014Z","@version":"1","message":"Sep 16 22:11:14 honeypot-sgp-1 sshd[26713]: Received disconnect from 45.61.184.204 port 50170:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:11:32.023Z","@version":"1","message":"Sep 16 22:11:31 honeypot-sgp-1 sshd[26717]: Received disconnect from 45.61.184.204 port 44610:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:12:47 honeypot-fra-1 sshd[22941]: Connection closed by authenticating user nobody 179.60.147.69 port 36772 [preauth]","@timestamp":"2022-09-16T22:12:48.954Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:17:01 honeypot-ams-1 CRON[32379]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T22:17:01.380Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:20:53 honeypot-fra-1 kernel: [84241265.644587] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.186.39 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23632 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:20:54.139Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:21:20 honeypot-ams-1 kernel: [84243461.836930] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.22.30.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=19422 PROTO=TCP SPT=50479 DPT=80 WINDOW=5365 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:21:21.495Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:24:14 honeypot-ams-1 kernel: [84243635.424398] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=26218 PROTO=TCP SPT=6431 DPT=80 WINDOW=20831 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:24:14.573Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:25:28 honeypot-fra-1 sshd[22955]: Received disconnect from 212.109.207.62 port 37652:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:25:29.246Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:26:37 honeypot-fra-1 kernel: [84241609.992941] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.146.46.143 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=59586 DF PROTO=TCP SPT=58936 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-16T22:26:38.275Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T22:27:11.385Z","@version":"1","message":"Sep 16 22:27:11 honeypot-sgp-1 kernel: [84243336.471958] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=51591 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:29:10.436Z","@version":"1","message":"Sep 16 22:29:09 honeypot-sgp-1 sshd[26728]: Received disconnect from 116.177.233.76 port 33030:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T22:30:41.474Z","@version":"1","message":"Sep 16 22:30:41 honeypot-sgp-1 sshd[26733]: Received disconnect from 24.62.135.19 port 35862:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:30:56 honeypot-ams-1 sshd[32395]: Received disconnect from 165.227.83.174 port 38562:11: Bye Bye [preauth]","@timestamp":"2022-09-16T22:30:57.749Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:38:37 honeypot-fra-1 sshd[22971]: Invalid user library from 165.22.45.108 port 38542","@timestamp":"2022-09-16T22:38:38.543Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:40:39 honeypot-ams-1 kernel: [84244620.989732] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1790 PROTO=TCP SPT=49862 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:40:39.996Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:35 honeypot-fra-1 sshd[22976]: Invalid user admin from 128.199.168.83 port 32276","@timestamp":"2022-09-16T22:44:35.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:44:52 honeypot-fra-1 kernel: [84242704.600734] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=47128 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:44:52.687Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:16 honeypot-ams-1 sshd[32404]: Received disconnect from 45.61.184.204 port 57974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T22:45:17.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:27 honeypot-ams-1 sshd[32408]: Invalid user guest from 193.106.191.157 port 59574","@timestamp":"2022-09-16T22:45:28.138Z"}
{"@timestamp":"2022-09-16T22:45:36.861Z","@version":"1","message":"Sep 16 22:45:36 honeypot-sgp-1 kernel: [84244441.261626] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.146.23.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=17934 PROTO=TCP SPT=54321 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:45:45 honeypot-ams-1 sshd[32412]: Received disconnect from 45.61.184.204 port 35140:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T22:45:45.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:46:03 honeypot-ams-1 sshd[32416]: Received disconnect from 45.61.184.204 port 57558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T22:46:04.158Z"}
{"@timestamp":"2022-09-16T22:48:56.942Z","@version":"1","message":"Sep 16 22:48:56 honeypot-sgp-1 sshd[26740]: Connection closed by invalid user support 179.60.147.69 port 16644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 22:49:49 honeypot-fra-1 kernel: [84243001.853255] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.8.20 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=19184 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:49:49.802Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 22:52:04 honeypot-ams-1 kernel: [84245305.544433] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28374 PROTO=TCP SPT=53674 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T22:52:05.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 22:52:58 honeypot-ams-1 sshd[32425]: Connection closed by invalid user pi 220.71.14.93 port 36316 [preauth]","@timestamp":"2022-09-16T22:52:59.343Z"}
{"@timestamp":"2022-09-16T22:59:15.185Z","@version":"1","message":"Sep 16 22:59:14 honeypot-sgp-1 kernel: [84245259.520971] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.163.185 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20682 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:01:12 honeypot-fra-1 sshd[22995]: Invalid user nginx from 103.188.176.251 port 49044","@timestamp":"2022-09-16T23:01:13.081Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:04:45 honeypot-ams-1 kernel: [84246066.347126] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=209.97.141.112 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=33789 DF PROTO=TCP SPT=52236 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:04:45.637Z"}
{"@timestamp":"2022-09-16T23:05:56.339Z","@version":"1","message":"Sep 16 23:05:56 honeypot-sgp-1 sshd[26755]: Invalid user admin from 128.199.160.207 port 45930","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:08:45 honeypot-fra-1 kernel: [84244137.420066] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.230.103.245 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=41405 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:08:45.255Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-16T23:08:46.406Z","@version":"1","message":"Sep 16 23:08:46 honeypot-sgp-1 sshd[26759]: Did not receive identification string from 45.61.184.204 port 36284","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:21.422Z","@version":"1","message":"Sep 16 23:09:20 honeypot-sgp-1 sshd[26762]: Disconnected from invalid user user 45.61.184.204 port 55172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:40.430Z","@version":"1","message":"Sep 16 23:09:39 honeypot-sgp-1 sshd[26766]: Disconnected from invalid user user 45.61.184.204 port 49798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:09:58.440Z","@version":"1","message":"Sep 16 23:09:57 honeypot-sgp-1 sshd[26770]: Disconnected from invalid user user 45.61.184.204 port 44402 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:14:46.551Z","@version":"1","message":"Sep 16 23:14:45 honeypot-sgp-1 sshd[26776]: Received disconnect from 45.61.186.49 port 52692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:15:00.558Z","@version":"1","message":"Sep 16 23:14:59 honeypot-sgp-1 sshd[26780]: Received disconnect from 45.61.186.49 port 35704:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:15:14 honeypot-ams-1 kernel: [84246696.021109] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.208.96.16 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=37801 PROTO=TCP SPT=4080 DPT=443 WINDOW=26517 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:15:15.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:17:01 honeypot-fra-1 CRON[23003]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-16T23:17:01.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:17:01.605Z","@version":"1","message":"Sep 16 23:17:01 honeypot-sgp-1 CRON[26784]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-16T23:21:09.702Z","@version":"1","message":"Sep 16 23:21:08 honeypot-sgp-1 kernel: [84246573.963768] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=12310 PROTO=TCP SPT=50037 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:21:15 honeypot-ams-1 kernel: [84247056.028942] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.15.141.72 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=34831 PROTO=TCP SPT=63614 DPT=80 WINDOW=45118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:21:15.053Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:23:19 honeypot-fra-1 sshd[23011]: Disconnected from invalid user esadmin 171.244.140.174 port 11909 [preauth]","@timestamp":"2022-09-16T23:23:19.583Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32445]: Received disconnect from 185.172.77.242 port 59758:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:09.153Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:09 honeypot-ams-1 sshd[32451]: Received disconnect from 185.172.77.242 port 59786:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:10.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:10 honeypot-ams-1 sshd[32457]: Received disconnect from 185.172.77.242 port 59822:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:11.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:11 honeypot-ams-1 sshd[32463]: Received disconnect from 185.172.77.242 port 59858:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:12.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:12 honeypot-ams-1 sshd[32469]: Received disconnect from 185.172.77.242 port 59892:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:13 honeypot-ams-1 sshd[32475]: Received disconnect from 185.172.77.242 port 60018:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:13.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:13 honeypot-ams-1 sshd[32481]: Received disconnect from 185.172.77.242 port 60080:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:14.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:14 honeypot-ams-1 sshd[32487]: Received disconnect from 185.172.77.242 port 60142:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:15.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:15 honeypot-ams-1 sshd[32493]: Received disconnect from 185.172.77.242 port 60182:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:16.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:16 honeypot-ams-1 sshd[32499]: Received disconnect from 185.172.77.242 port 60248:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:17.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:16 honeypot-ams-1 sshd[32505]: Received disconnect from 185.172.77.242 port 60300:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:17.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:17 honeypot-ams-1 sshd[32511]: Received disconnect from 185.172.77.242 port 60334:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:18.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32515]: Received disconnect from 185.172.77.242 port 60364:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:19.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:18 honeypot-ams-1 sshd[32519]: Received disconnect from 185.172.77.242 port 60380:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:19.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32523]: Received disconnect from 185.172.77.242 port 60426:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:19 honeypot-ams-1 sshd[32527]: Received disconnect from 185.172.77.242 port 60442:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:20.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32531]: Received disconnect from 185.172.77.242 port 60462:11: Bye Bye [preauth]","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:20 honeypot-ams-1 sshd[32535]: Disconnected from authenticating user root 185.172.77.242 port 60494 [preauth]","@timestamp":"2022-09-16T23:25:21.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:21 honeypot-ams-1 sshd[32541]: Invalid user pi from 185.172.77.242 port 60536","@timestamp":"2022-09-16T23:25:22.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32545]: Invalid user ethos from 185.172.77.242 port 60560","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:22 honeypot-ams-1 sshd[32549]: Invalid user miner from 185.172.77.242 port 60600","@timestamp":"2022-09-16T23:25:23.164Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32553]: Invalid user volumio from 185.172.77.242 port 60710","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:23 honeypot-ams-1 sshd[32557]: Invalid user nagios from 185.172.77.242 port 60746","@timestamp":"2022-09-16T23:25:24.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32561]: Invalid user vagrant from 185.172.77.242 port 60790","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:24 honeypot-ams-1 sshd[32565]: Invalid user debian from 185.172.77.242 port 60826","@timestamp":"2022-09-16T23:25:25.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32569]: Invalid user debian from 185.172.77.242 port 60854","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:25 honeypot-ams-1 sshd[32573]: Invalid user alarm from 185.172.77.242 port 60888","@timestamp":"2022-09-16T23:25:26.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32577]: Invalid user test from 185.172.77.242 port 60938","@timestamp":"2022-09-16T23:25:27.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:25:26 honeypot-ams-1 sshd[32581]: Invalid user cirros from 185.172.77.242 port 60976","@timestamp":"2022-09-16T23:25:27.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:29:06 honeypot-ams-1 sshd[32585]: Invalid user admin from 92.255.85.69 port 15274","@timestamp":"2022-09-16T23:29:07.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:22 honeypot-fra-1 sshd[23019]: Did not receive identification string from 125.88.226.4 port 40412","@timestamp":"2022-09-16T23:29:23.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:34 honeypot-fra-1 sshd[23035]: Connection closed by invalid user vagrant 125.88.226.4 port 41716 [preauth]","@timestamp":"2022-09-16T23:29:35.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:35 honeypot-fra-1 sshd[23028]: Invalid user nagios from 125.88.226.4 port 41722","@timestamp":"2022-09-16T23:29:36.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:37 honeypot-fra-1 sshd[23029]: Invalid user es from 125.88.226.4 port 41650","@timestamp":"2022-09-16T23:29:37.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:39 honeypot-fra-1 sshd[23030]: Connection closed by invalid user vagrant 125.88.226.4 port 41682 [preauth]","@timestamp":"2022-09-16T23:29:39.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:29:46 honeypot-fra-1 sshd[23032]: Invalid user oracle from 125.88.226.4 port 41678","@timestamp":"2022-09-16T23:29:46.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:07 honeypot-fra-1 sshd[23026]: Connection closed by invalid user ec2-user 125.88.226.4 port 41676 [preauth]","@timestamp":"2022-09-16T23:30:07.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:10 honeypot-fra-1 sshd[23024]: Invalid user guest from 125.88.226.4 port 41692","@timestamp":"2022-09-16T23:30:11.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:22 honeypot-fra-1 sshd[23039]: Invalid user hadoop from 125.88.226.4 port 41706","@timestamp":"2022-09-16T23:30:22.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:30:22 honeypot-fra-1 sshd[23042]: Connection closed by invalid user ubuntu 125.88.226.4 port 41648 [preauth]","@timestamp":"2022-09-16T23:30:23.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 16 23:34:12 honeypot-ams-1 sshd[32590]: Invalid user surat from 161.97.104.148 port 45922","@timestamp":"2022-09-16T23:34:12.448Z"}
{"@timestamp":"2022-09-16T23:36:02.070Z","@version":"1","message":"Sep 16 23:36:01 honeypot-sgp-1 sshd[26799]: Invalid user admin from 207.65.145.87 port 45072","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:36:29 honeypot-fra-1 sshd[23079]: Received disconnect from 165.22.45.108 port 43676:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-16T23:36:29.891Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-16T23:43:09.235Z","@version":"1","message":"Sep 16 23:43:08 honeypot-sgp-1 sshd[26803]: Received disconnect from 92.255.85.70 port 58598:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:44:35 honeypot-ams-1 kernel: [84248456.144986] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=88 TOS=0x00 PREC=0x00 TTL=252 ID=52465 PROTO=TCP SPT=31691 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:44:35.715Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:50:00 honeypot-fra-1 sshd[23088]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-16T23:50:01.196Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 16 23:59:05 honeypot-ams-1 kernel: [84249326.313452] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51294 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-16T23:59:06.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 16 23:59:47 honeypot-fra-1 sshd[23096]: Invalid user init from 92.255.85.70 port 40854","@timestamp":"2022-09-16T23:59:48.421Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:00:15.632Z","@version":"1","message":"Sep 17 00:00:14 honeypot-sgp-1 kernel: [84248919.918583] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=193.46.254.155 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=57358 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:01:31 honeypot-fra-1 sshd[23100]: Received disconnect from 190.103.202.12 port 43750:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:01:31.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:03:03 honeypot-fra-1 sshd[23104]: Connection closed by invalid user support 179.60.147.69 port 32966 [preauth]","@timestamp":"2022-09-17T00:03:03.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:05:16 honeypot-ams-1 sshd[32603]: Connection closed by invalid user support 179.60.147.69 port 34688 [preauth]","@timestamp":"2022-09-17T00:05:17.269Z"}
{"@timestamp":"2022-09-17T00:06:12.792Z","@version":"1","message":"Sep 17 00:06:12 honeypot-sgp-1 sshd[26811]: Received disconnect from 92.255.85.69 port 21010:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:08:34 honeypot-fra-1 kernel: [84247726.628480] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=48128 PROTO=TCP SPT=49868 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:08:34.628Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:14:05 honeypot-fra-1 sshd[23115]: Disconnected from authenticating user root 179.43.156.143 port 59718 [preauth]","@timestamp":"2022-09-17T00:14:06.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:15:52 honeypot-fra-1 sshd[23121]: Disconnected from authenticating user root 179.43.156.143 port 49348 [preauth]","@timestamp":"2022-09-17T00:15:53.817Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:16:34 honeypot-ams-1 sshd[32607]: Disconnected from authenticating user root 92.255.85.69 port 27702 [preauth]","@timestamp":"2022-09-17T00:16:35.573Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:01 honeypot-fra-1 sshd[23128]: Invalid user nutanix from 179.43.156.143 port 42462","@timestamp":"2022-09-17T00:17:01.848Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:17:08.046Z","@version":"1","message":"Sep 17 00:17:07 honeypot-sgp-1 kernel: [84249932.882104] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58079 PROTO=TCP SPT=53544 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:36 honeypot-fra-1 sshd[23134]: Received disconnect from 27.77.249.10 port 48516:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:36.864Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:36 honeypot-ams-1 sshd[32613]: Disconnected from invalid user elastic 187.235.106.121 port 37360 [preauth]","@timestamp":"2022-09-17T00:17:37.603Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:37 honeypot-fra-1 sshd[23136]: Received disconnect from 27.77.249.10 port 48558:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:37.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:41 honeypot-fra-1 sshd[23144]: Received disconnect from 27.77.249.10 port 48860:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:41.867Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:45 honeypot-fra-1 sshd[23150]: Received disconnect from 27.77.249.10 port 49056:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:46.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:50 honeypot-fra-1 sshd[23156]: Received disconnect from 27.77.249.10 port 49356:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:50.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:54 honeypot-fra-1 sshd[23162]: Received disconnect from 27.77.249.10 port 49538:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:54.875Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:17:55 honeypot-ams-1 sshd[32619]: Invalid user user from 45.61.186.249 port 50758","@timestamp":"2022-09-17T00:17:55.612Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:17:58 honeypot-fra-1 sshd[23168]: Received disconnect from 27.77.249.10 port 49652:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:17:58.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:02 honeypot-fra-1 sshd[23175]: Received disconnect from 27.77.249.10 port 49970:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:02.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:06 honeypot-fra-1 sshd[23181]: Received disconnect from 27.77.249.10 port 50080:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:06.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:10 honeypot-fra-1 sshd[23187]: Received disconnect from 27.77.249.10 port 50356:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:11.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:13 honeypot-fra-1 sshd[23193]: Disconnected from invalid user nfsnobod 179.43.156.143 port 35568 [preauth]","@timestamp":"2022-09-17T00:18:13.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:13 honeypot-ams-1 sshd[32623]: Invalid user user from 45.61.186.249 port 44958","@timestamp":"2022-09-17T00:18:14.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:16 honeypot-fra-1 sshd[23197]: Disconnected from authenticating user root 27.77.249.10 port 50552 [preauth]","@timestamp":"2022-09-17T00:18:16.887Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:20 honeypot-fra-1 sshd[23203]: Disconnected from authenticating user root 27.77.249.10 port 50818 [preauth]","@timestamp":"2022-09-17T00:18:20.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:24 honeypot-fra-1 sshd[23209]: Received disconnect from 27.77.249.10 port 50978:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:25.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:27 honeypot-fra-1 sshd[23213]: Received disconnect from 27.77.249.10 port 51052:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:27.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:30 honeypot-fra-1 sshd[23217]: Received disconnect from 27.77.249.10 port 51278:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:30.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:18:31 honeypot-ams-1 sshd[32627]: Invalid user user from 45.61.186.249 port 39158","@timestamp":"2022-09-17T00:18:31.632Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:33 honeypot-fra-1 sshd[23221]: Received disconnect from 27.77.249.10 port 51422:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:33.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:36 honeypot-fra-1 sshd[23225]: Received disconnect from 27.77.249.10 port 51482:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:36.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:38 honeypot-fra-1 sshd[23229]: Received disconnect from 27.77.249.10 port 51550:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:38.902Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:42 honeypot-fra-1 sshd[23235]: Invalid user pi from 27.77.249.10 port 51878","@timestamp":"2022-09-17T00:18:43.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:45 honeypot-fra-1 sshd[23239]: Invalid user user from 27.77.249.10 port 51940","@timestamp":"2022-09-17T00:18:45.906Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:48 honeypot-fra-1 sshd[23243]: Invalid user mine from 27.77.249.10 port 52010","@timestamp":"2022-09-17T00:18:48.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:51 honeypot-fra-1 sshd[23249]: Received disconnect from 179.43.156.143 port 60284:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:18:51.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:52 honeypot-fra-1 sshd[23251]: Received disconnect from 27.77.249.10 port 52338:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:52.911Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:55 honeypot-fra-1 sshd[23255]: Received disconnect from 27.77.249.10 port 52412:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:55.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:18:58 honeypot-fra-1 sshd[23259]: Received disconnect from 27.77.249.10 port 52494:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:18:58.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:01 honeypot-fra-1 sshd[23263]: Received disconnect from 27.77.249.10 port 52718:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:01.916Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:03 honeypot-fra-1 sshd[23267]: Received disconnect from 27.77.249.10 port 52860:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:04.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:06 honeypot-fra-1 sshd[23271]: Received disconnect from 27.77.249.10 port 52946:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:06.920Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:09 honeypot-fra-1 sshd[23275]: Received disconnect from 27.77.249.10 port 53110:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:09.921Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:19:12 honeypot-fra-1 sshd[23279]: Received disconnect from 27.77.249.10 port 53266:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:19:12.923Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:20:07 honeypot-ams-1 sshd[32631]: Invalid user pi from 95.91.249.69 port 41061","@timestamp":"2022-09-17T00:20:08.677Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:20:47 honeypot-fra-1 sshd[23285]: Received disconnect from 179.43.156.143 port 49958:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T00:20:47.961Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:20:52 honeypot-ams-1 sshd[32635]: Received disconnect from 43.128.228.34 port 57522:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:20:52.698Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:21:26 honeypot-fra-1 sshd[23291]: Received disconnect from 206.81.18.182 port 41790:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:21:26.980Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:22:12 honeypot-ams-1 kernel: [84250713.986167] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=109 ID=17674 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:22:13.737Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:23:53 honeypot-fra-1 sshd[23297]: Disconnected from authenticating user root 92.255.85.69 port 20388 [preauth]","@timestamp":"2022-09-17T00:23:54.039Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32643]: Connection closed by invalid user test 36.93.83.5 port 43162 [preauth]","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32650]: Invalid user admin from 36.93.83.5 port 43392","@timestamp":"2022-09-17T00:26:30.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:30 honeypot-ams-1 sshd[32655]: Connection closed by invalid user oracle 36.93.83.5 port 43382 [preauth]","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32662]: Invalid user admin from 36.93.83.5 port 43184","@timestamp":"2022-09-17T00:26:31.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32659]: Connection closed by invalid user test 36.93.83.5 port 43500 [preauth]","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32658]: Invalid user oracle from 36.93.83.5 port 43348","@timestamp":"2022-09-17T00:26:31.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:31 honeypot-ams-1 sshd[32694]: Invalid user steam from 36.93.83.5 port 43432","@timestamp":"2022-09-17T00:26:32.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:32 honeypot-ams-1 sshd[32656]: Invalid user chia from 36.93.83.5 port 43334","@timestamp":"2022-09-17T00:26:32.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:26:33 honeypot-ams-1 sshd[32695]: Invalid user testuser from 36.93.83.5 port 43350","@timestamp":"2022-09-17T00:26:33.857Z"}
{"@timestamp":"2022-09-17T00:27:47.295Z","@version":"1","message":"Sep 17 00:27:46 honeypot-sgp-1 kernel: [84250572.082017] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.5 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=53944 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:34:17 honeypot-fra-1 sshd[23307]: Invalid user libsys from 165.22.45.108 port 48816","@timestamp":"2022-09-17T00:34:18.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:34:33 honeypot-ams-1 sshd[32705]: Received disconnect from 96.252.118.195 port 51026:11: Bye Bye [preauth]","@timestamp":"2022-09-17T00:34:34.071Z"}
{"@timestamp":"2022-09-17T00:38:05.540Z","@version":"1","message":"Sep 17 00:38:04 honeypot-sgp-1 sshd[26826]: Invalid user guest from 179.60.147.69 port 28544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:38:15 honeypot-ams-1 sshd[32709]: Invalid user er from 202.77.105.98 port 40330","@timestamp":"2022-09-17T00:38:15.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:39:12 honeypot-fra-1 sshd[23312]: Invalid user guest from 179.60.147.69 port 24822","@timestamp":"2022-09-17T00:39:13.396Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:40:51 honeypot-ams-1 sshd[32716]: Invalid user celery from 51.15.221.3 port 59436","@timestamp":"2022-09-17T00:40:52.240Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:41:41 honeypot-ams-1 kernel: [84251882.492045] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=13416 PROTO=TCP SPT=55203 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:41:42.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:46:43 honeypot-fra-1 sshd[23319]: Disconnected from authenticating user root 209.141.52.250 port 39462 [preauth]","@timestamp":"2022-09-17T00:46:43.568Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T00:53:33.905Z","@version":"1","message":"Sep 17 00:53:33 honeypot-sgp-1 sshd[26832]: Received disconnect from 92.255.85.69 port 63544:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:54:33 honeypot-ams-1 kernel: [84252654.770082] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=65.108.50.40 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=2015 DF PROTO=TCP SPT=52854 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T00:54:34.621Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 00:55:53 honeypot-fra-1 kernel: [84250566.043485] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.197.123 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54239 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T00:55:54.777Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 00:58:48 honeypot-ams-1 kernel: [84252909.453108] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=29329 DF PROTO=TCP SPT=63617 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T00:58:48.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:36 honeypot-ams-1 sshd[32728]: Invalid user user from 45.61.187.160 port 53908","@timestamp":"2022-09-17T00:59:36.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 00:59:55 honeypot-ams-1 sshd[32732]: Invalid user user from 45.61.187.160 port 48484","@timestamp":"2022-09-17T00:59:55.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:14 honeypot-ams-1 sshd[32736]: Invalid user user from 45.61.187.160 port 42926","@timestamp":"2022-09-17T01:00:14.782Z"}
{"@timestamp":"2022-09-17T01:00:32.072Z","@version":"1","message":"Sep 17 01:00:31 honeypot-sgp-1 sshd[26837]: Received disconnect from 23.101.72.99 port 52418:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:00:48 honeypot-ams-1 sshd[32740]: Received disconnect from 92.255.85.69 port 31864:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:00:48.800Z"}
{"@timestamp":"2022-09-17T01:05:36.191Z","@version":"1","message":"Sep 17 01:05:35 honeypot-sgp-1 sshd[26842]: Disconnected from authenticating user root 8.213.131.34 port 60322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:16 honeypot-ams-1 sshd[32745]: Received disconnect from 116.70.238.244 port 58318:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:06:16.949Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:20 honeypot-ams-1 sshd[32749]: Disconnected from invalid user ubnt 116.70.238.244 port 58466 [preauth]","@timestamp":"2022-09-17T01:06:20.952Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:27 honeypot-ams-1 sshd[32755]: Disconnected from authenticating user root 116.70.238.244 port 58660 [preauth]","@timestamp":"2022-09-17T01:06:27.956Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:34 honeypot-ams-1 sshd[32761]: Disconnected from authenticating user root 116.70.238.244 port 58814 [preauth]","@timestamp":"2022-09-17T01:06:34.961Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:06:41 honeypot-ams-1 sshd[32767]: Disconnected from authenticating user root 116.70.238.244 port 59013 [preauth]","@timestamp":"2022-09-17T01:06:41.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:07:57 honeypot-fra-1 kernel: [84251289.178406] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.117 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=50699 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:07:58.051Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T01:08:00.250Z","@version":"1","message":"Sep 17 01:07:59 honeypot-sgp-1 kernel: [84252984.934368] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.16 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=51132 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:10:30 honeypot-fra-1 sshd[23336]: Received disconnect from 92.255.85.70 port 48920:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:10:31.111Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:11:48.341Z","@version":"1","message":"Sep 17 01:11:48 honeypot-sgp-1 sshd[26851]: Disconnected from invalid user lai 218.255.245.10 port 49086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:15:19 honeypot-fra-1 sshd[23343]: Invalid user user from 179.60.147.69 port 48690","@timestamp":"2022-09-17T01:15:20.221Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:16:41.459Z","@version":"1","message":"Sep 17 01:16:41 honeypot-sgp-1 sshd[26856]: Received disconnect from 92.255.85.69 port 35992:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:17:01 honeypot-ams-1 CRON[307]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T01:17:01.233Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:21:34 honeypot-ams-1 sshd[327]: Connection closed by authenticating user root 103.188.176.251 port 55848 [preauth]","@timestamp":"2022-09-17T01:21:35.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:22:38 honeypot-fra-1 kernel: [84252170.341283] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50196 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:22:38.389Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:27:27 honeypot-fra-1 sshd[23354]: Connection closed by invalid user user 193.106.191.157 port 60516 [preauth]","@timestamp":"2022-09-17T01:27:27.499Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:31:52 honeypot-fra-1 sshd[23361]: Disconnected from invalid user libvirt 165.22.45.108 port 53946 [preauth]","@timestamp":"2022-09-17T01:31:52.612Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T01:33:17.846Z","@version":"1","message":"Sep 17 01:33:17 honeypot-sgp-1 sshd[26863]: Invalid user superadmin from 91.240.118.222 port 38896","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:33:48 honeypot-fra-1 sshd[23367]: Disconnected from invalid user mobile 111.21.99.227 port 52432 [preauth]","@timestamp":"2022-09-17T01:33:49.657Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:35:11 honeypot-ams-1 sshd[335]: Received disconnect from 198.199.93.112 port 53966:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:35:11.726Z"}
{"@timestamp":"2022-09-17T01:37:28.947Z","@version":"1","message":"Sep 17 01:37:28 honeypot-sgp-1 sshd[26868]: Connection reset by 205.210.31.142 port 42879 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:39:46 honeypot-ams-1 kernel: [84255367.652515] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.133.20.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=62088 PROTO=TCP SPT=48662 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:39:46.854Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:40:55 honeypot-fra-1 kernel: [84253267.227848] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=58835 PROTO=TCP SPT=59040 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:40:55.818Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T01:44:18.110Z","@version":"1","message":"Sep 17 01:44:17 honeypot-sgp-1 sshd[26875]: Disconnected from authenticating user root 206.189.153.63 port 37794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:44:56 honeypot-ams-1 sshd[344]: Received disconnect from 209.212.45.102 port 47984:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:44:56.996Z"}
{"@timestamp":"2022-09-17T01:45:55.147Z","@version":"1","message":"Sep 17 01:45:54 honeypot-sgp-1 sshd[26880]: Disconnected from invalid user wilfrid 197.5.145.81 port 47682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:47:47 honeypot-ams-1 kernel: [84255848.034988] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.203.62.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=17834 PROTO=TCP SPT=57391 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:47:48.075Z"}
{"@timestamp":"2022-09-17T01:51:56.300Z","@version":"1","message":"Sep 17 01:51:55 honeypot-sgp-1 sshd[26889]: Received disconnect from 45.170.82.93 port 52852:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 01:53:26 honeypot-ams-1 kernel: [84256187.932156] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=51536 PROTO=TCP SPT=2231 DPT=80 WINDOW=16631 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T01:53:27.227Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 01:56:53 honeypot-fra-1 sshd[23382]: Received disconnect from 92.255.85.70 port 22624:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:56:54.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 01:59:06 honeypot-ams-1 sshd[357]: Received disconnect from 177.73.2.57 port 35562:11: Bye Bye [preauth]","@timestamp":"2022-09-17T01:59:06.384Z"}
{"@timestamp":"2022-09-17T02:02:07.555Z","@version":"1","message":"Sep 17 02:02:06 honeypot-sgp-1 kernel: [84256231.894623] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.203.147 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37426 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23391]: Invalid user docker from 168.167.72.179 port 3133","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23399]: Invalid user testuser from 168.167.72.179 port 3135","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23409]: Invalid user es from 168.167.72.179 port 3158","@timestamp":"2022-09-17T02:03:21.327Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23391]: Connection closed by invalid user docker 168.167.72.179 port 3133 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23392]: Connection closed by authenticating user root 168.167.72.179 port 3129 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23388]: Connection closed by invalid user mysql 168.167.72.179 port 3130 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:03:21 honeypot-fra-1 sshd[23412]: Connection closed by invalid user postgres 168.167.72.179 port 3146 [preauth]","@timestamp":"2022-09-17T02:03:22.328Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:04:54 honeypot-ams-1 kernel: [84256875.043265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=59464 DF PROTO=TCP SPT=53289 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T02:04:54.545Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:05:17 honeypot-fra-1 kernel: [84254729.260261] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=88.247.30.245 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=42689 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:05:17.371Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:07:55 honeypot-ams-1 kernel: [84257056.378571] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6956 PROTO=TCP SPT=40322 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:07:55.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:13:28 honeypot-ams-1 sshd[367]: Received disconnect from 92.255.85.70 port 50042:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:13:28.785Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:15:45 honeypot-fra-1 kernel: [84255357.436697] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.60 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46324 PROTO=TCP SPT=58509 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:15:45.608Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:16:06 honeypot-ams-1 sshd[371]: Disconnected from invalid user arai 138.68.79.195 port 40504 [preauth]","@timestamp":"2022-09-17T02:16:06.859Z"}
{"@timestamp":"2022-09-17T02:16:12.922Z","@version":"1","message":"Sep 17 02:16:12 honeypot-sgp-1 sshd[26899]: Unable to negotiate with 118.68.171.196 port 49456: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:19:44 honeypot-ams-1 sshd[379]: Received disconnect from 188.166.247.82 port 55656:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:19:44.983Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:20:13 honeypot-fra-1 sshd[23451]: Received disconnect from 92.255.85.70 port 35530:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:20:13.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:21:21 honeypot-ams-1 sshd[383]: Received disconnect from 183.82.96.133 port 42476:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:21:22.031Z"}
{"@timestamp":"2022-09-17T02:26:02.168Z","@version":"1","message":"Sep 17 02:26:01 honeypot-sgp-1 kernel: [84257666.725911] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.226.17.248 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=106 ID=21823 DF PROTO=TCP SPT=62887 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:26:27 honeypot-ams-1 kernel: [84258168.203326] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.17.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=25049 PROTO=TCP SPT=45832 DPT=80 WINDOW=59736 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:26:28.171Z"}
{"@timestamp":"2022-09-17T02:26:54.192Z","@version":"1","message":"Sep 17 02:26:53 honeypot-sgp-1 sshd[26908]: Disconnected from invalid user user 45.61.186.49 port 47702 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:03.198Z","@version":"1","message":"Sep 17 02:27:02 honeypot-sgp-1 sshd[26912]: Disconnected from invalid user user 45.61.186.49 port 58688 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T02:27:40.214Z","@version":"1","message":"Sep 17 02:27:40 honeypot-sgp-1 sshd[26916]: Disconnected from invalid user operator 92.255.85.69 port 48854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:29:38 honeypot-fra-1 sshd[23459]: Received disconnect from 165.22.45.108 port 59072:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:29:38.925Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:31:23.309Z","@version":"1","message":"Sep 17 02:31:22 honeypot-sgp-1 sshd[26921]: Disconnected from invalid user ig 161.35.177.39 port 56470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:32:42 honeypot-ams-1 sshd[393]: Received disconnect from 85.31.46.45 port 33804:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:32:42.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:11 honeypot-ams-1 sshd[397]: Received disconnect from 85.31.46.45 port 42480:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:33:12.357Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:33:53 honeypot-ams-1 sshd[404]: Received disconnect from 85.31.46.45 port 41274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:33:53.379Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:34:23 honeypot-ams-1 kernel: [84258644.101769] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=1.116.64.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=8353 PROTO=TCP SPT=61146 DPT=80 WINDOW=16146 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:34:23.395Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:34:45 honeypot-fra-1 sshd[23464]: Received disconnect from 209.97.183.120 port 56636:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:34:46.040Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:35:04 honeypot-ams-1 sshd[415]: Disconnected from authenticating user root 85.31.46.45 port 48770 [preauth]","@timestamp":"2022-09-17T02:35:04.417Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:35:32 honeypot-ams-1 sshd[420]: Disconnected from invalid user git 85.31.46.45 port 57248 [preauth]","@timestamp":"2022-09-17T02:35:33.431Z"}
{"@timestamp":"2022-09-17T02:36:47.445Z","@version":"1","message":"Sep 17 02:36:47 honeypot-sgp-1 sshd[26928]: Disconnected from authenticating user root 181.30.129.31 port 47478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:40:09 honeypot-ams-1 kernel: [84258990.339646] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52735 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:40:09.554Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:11 honeypot-fra-1 sshd[23469]: Did not receive identification string from 45.61.186.169 port 47274","@timestamp":"2022-09-17T02:41:12.186Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:34 honeypot-fra-1 sshd[23472]: Received disconnect from 45.61.186.169 port 49348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:41:35.196Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:41:51 honeypot-fra-1 sshd[23476]: Received disconnect from 45.61.186.169 port 43870:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:41:52.204Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:42:07 honeypot-fra-1 sshd[23480]: Received disconnect from 45.61.186.169 port 38408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T02:42:08.211Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:44:02 honeypot-fra-1 sshd[23484]: Received disconnect from 92.255.85.69 port 52258:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:44:03.256Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:11 honeypot-ams-1 sshd[433]: Invalid user ubnt from 60.179.177.78 port 54232","@timestamp":"2022-09-17T02:44:11.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:15 honeypot-ams-1 sshd[437]: Disconnected from authenticating user root 60.179.177.78 port 54438 [preauth]","@timestamp":"2022-09-17T02:44:16.666Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:21 honeypot-ams-1 sshd[443]: Disconnected from authenticating user root 60.179.177.78 port 54762 [preauth]","@timestamp":"2022-09-17T02:44:21.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:26 honeypot-ams-1 sshd[449]: Disconnected from authenticating user root 60.179.177.78 port 55096 [preauth]","@timestamp":"2022-09-17T02:44:27.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:32 honeypot-ams-1 sshd[455]: Disconnected from authenticating user root 60.179.177.78 port 55406 [preauth]","@timestamp":"2022-09-17T02:44:32.677Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:38 honeypot-ams-1 sshd[461]: Disconnected from authenticating user root 60.179.177.78 port 55740 [preauth]","@timestamp":"2022-09-17T02:44:38.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:44 honeypot-ams-1 sshd[467]: Disconnected from authenticating user root 60.179.177.78 port 56068 [preauth]","@timestamp":"2022-09-17T02:44:44.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:49 honeypot-ams-1 sshd[473]: Disconnected from authenticating user root 60.179.177.78 port 56376 [preauth]","@timestamp":"2022-09-17T02:44:49.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:44:55 honeypot-ams-1 sshd[479]: Disconnected from authenticating user root 60.179.177.78 port 56698 [preauth]","@timestamp":"2022-09-17T02:44:55.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:00 honeypot-ams-1 sshd[485]: Disconnected from authenticating user root 60.179.177.78 port 57042 [preauth]","@timestamp":"2022-09-17T02:45:01.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:06 honeypot-ams-1 sshd[491]: Disconnected from authenticating user root 60.179.177.78 port 57368 [preauth]","@timestamp":"2022-09-17T02:45:07.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:12 honeypot-ams-1 sshd[497]: Disconnected from authenticating user root 60.179.177.78 port 57714 [preauth]","@timestamp":"2022-09-17T02:45:12.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:17 honeypot-ams-1 sshd[503]: Invalid user admin from 60.179.177.78 port 58044","@timestamp":"2022-09-17T02:45:18.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:22 honeypot-ams-1 sshd[507]: Invalid user admin from 60.179.177.78 port 58312","@timestamp":"2022-09-17T02:45:22.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:26 honeypot-ams-1 sshd[511]: Invalid user admin from 60.179.177.78 port 58532","@timestamp":"2022-09-17T02:45:26.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:29 honeypot-ams-1 sshd[515]: Invalid user admin from 60.179.177.78 port 58750","@timestamp":"2022-09-17T02:45:30.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:33 honeypot-ams-1 sshd[519]: Invalid user admin from 60.179.177.78 port 58976","@timestamp":"2022-09-17T02:45:33.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:37 honeypot-ams-1 sshd[523]: Received disconnect from 60.179.177.78 port 59188:11: Bye Bye [preauth]","@timestamp":"2022-09-17T02:45:38.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:41 honeypot-ams-1 sshd[527]: Disconnected from invalid user pi 60.179.177.78 port 59418 [preauth]","@timestamp":"2022-09-17T02:45:41.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:45 honeypot-ams-1 sshd[531]: Disconnected from invalid user user 60.179.177.78 port 59622 [preauth]","@timestamp":"2022-09-17T02:45:45.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:49 honeypot-ams-1 sshd[535]: Disconnected from invalid user mine 60.179.177.78 port 59838 [preauth]","@timestamp":"2022-09-17T02:45:49.724Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:53 honeypot-ams-1 sshd[539]: Disconnected from invalid user xbmc 60.179.177.78 port 60068 [preauth]","@timestamp":"2022-09-17T02:45:53.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:45:56 honeypot-ams-1 sshd[543]: Disconnected from invalid user oracle 60.179.177.78 port 60304 [preauth]","@timestamp":"2022-09-17T02:45:57.731Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:00 honeypot-ams-1 sshd[547]: Disconnected from invalid user postgres 60.179.177.78 port 60542 [preauth]","@timestamp":"2022-09-17T02:46:00.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:04 honeypot-ams-1 sshd[551]: Disconnected from invalid user support 60.179.177.78 port 60764 [preauth]","@timestamp":"2022-09-17T02:46:04.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:08 honeypot-ams-1 sshd[555]: Disconnected from invalid user ubuntu 60.179.177.78 port 60970 [preauth]","@timestamp":"2022-09-17T02:46:08.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:12 honeypot-ams-1 sshd[559]: Disconnected from invalid user ubuntu 60.179.177.78 port 32986 [preauth]","@timestamp":"2022-09-17T02:46:12.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:15 honeypot-ams-1 sshd[563]: Disconnected from invalid user guest 60.179.177.78 port 33212 [preauth]","@timestamp":"2022-09-17T02:46:16.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 02:46:19 honeypot-ams-1 sshd[567]: Disconnected from invalid user cirros 60.179.177.78 port 33444 [preauth]","@timestamp":"2022-09-17T02:46:20.747Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:48:18 honeypot-fra-1 sshd[23491]: Invalid user superadmin from 91.240.118.222 port 49834","@timestamp":"2022-09-17T02:48:19.351Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T02:50:59.793Z","@version":"1","message":"Sep 17 02:50:59 honeypot-sgp-1 sshd[26933]: Disconnected from authenticating user root 92.255.85.69 port 32044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 02:54:19 honeypot-ams-1 kernel: [84259840.776158] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=39339 DF PROTO=TCP SPT=33651 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T02:54:19.953Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 02:54:58 honeypot-fra-1 sshd[23496]: Connection closed by authenticating user root 194.163.190.53 port 34762 [preauth]","@timestamp":"2022-09-17T02:54:59.501Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:00:15 honeypot-fra-1 sshd[23504]: Disconnected from authenticating user root 164.88.188.134 port 56018 [preauth]","@timestamp":"2022-09-17T03:00:15.621Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:02:44.086Z","@version":"1","message":"Sep 17 03:02:43 honeypot-sgp-1 sshd[26937]: Connection closed by invalid user support 179.60.147.69 port 55914 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:04:06 honeypot-fra-1 sshd[23510]: Received disconnect from 104.131.186.38 port 41498:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:04:06.716Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:06:03 honeypot-ams-1 sshd[576]: Invalid user support from 179.60.147.69 port 32504","@timestamp":"2022-09-17T03:06:04.267Z"}
{"@timestamp":"2022-09-17T03:11:38.313Z","@version":"1","message":"Sep 17 03:11:37 honeypot-sgp-1 kernel: [84260402.737561] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=82.157.53.252 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=16726 DF PROTO=TCP SPT=46232 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:12:15 honeypot-fra-1 kernel: [84258747.093805] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=20732 PROTO=TCP SPT=55015 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:12:15.900Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:14:10 honeypot-fra-1 sshd[23520]: Disconnected from 157.245.9.6 port 43846 [preauth]","@timestamp":"2022-09-17T03:14:10.946Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:17:05 honeypot-fra-1 sshd[23527]: Disconnected from authenticating user root 107.204.170.133 port 60960 [preauth]","@timestamp":"2022-09-17T03:17:06.015Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:17:09 honeypot-ams-1 sshd[582]: Invalid user zes from 160.251.83.115 port 60856","@timestamp":"2022-09-17T03:17:10.561Z"}
{"@timestamp":"2022-09-17T03:19:48.523Z","@version":"1","message":"Sep 17 03:19:47 honeypot-sgp-1 sshd[26946]: Did not receive identification string from 159.89.24.69 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:21:24 honeypot-ams-1 sshd[586]: Invalid user lico from 46.101.82.89 port 59630","@timestamp":"2022-09-17T03:21:25.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:26:44 honeypot-fra-1 sshd[23535]: Did not receive identification string from 45.61.186.49 port 46396","@timestamp":"2022-09-17T03:26:45.226Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:01 honeypot-fra-1 sshd[23538]: Disconnected from invalid user user 45.61.186.49 port 37486 [preauth]","@timestamp":"2022-09-17T03:27:02.234Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:27:11 honeypot-fra-1 sshd[23542]: Disconnected from invalid user user 45.61.186.49 port 49084 [preauth]","@timestamp":"2022-09-17T03:27:12.238Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:29:28 honeypot-ams-1 sshd[590]: Connection closed by invalid user user 193.106.191.157 port 48948 [preauth]","@timestamp":"2022-09-17T03:29:28.884Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:29:58 honeypot-fra-1 kernel: [84259809.993745] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.222.125.3 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=23204 DF PROTO=TCP SPT=2888 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T03:29:58.303Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T03:31:04.799Z","@version":"1","message":"Sep 17 03:31:04 honeypot-sgp-1 kernel: [84261569.587458] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.196.63 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55719 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:11 honeypot-ams-1 sshd[596]: Received disconnect from 45.61.186.49 port 58168:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:36:12.064Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:36:21 honeypot-ams-1 sshd[600]: Received disconnect from 45.61.186.49 port 41604:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T03:36:22.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:38:38 honeypot-ams-1 sshd[604]: Received disconnect from 176.102.38.42 port 56024:11: Bye Bye [preauth]","@timestamp":"2022-09-17T03:38:39.130Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:40:43 honeypot-fra-1 sshd[23554]: Invalid user admin from 141.98.10.158 port 60164","@timestamp":"2022-09-17T03:40:43.551Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T03:41:34.052Z","@version":"1","message":"Sep 17 03:41:34 honeypot-sgp-1 sshd[26959]: Disconnected from invalid user allison 190.144.141.210 port 41672 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T03:45:02.139Z","@version":"1","message":"Sep 17 03:45:01 honeypot-sgp-1 sshd[26964]: Received disconnect from 138.68.79.195 port 57356:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:47:37 honeypot-ams-1 sshd[610]: Connection closed by authenticating user root 103.188.176.251 port 42240 [preauth]","@timestamp":"2022-09-17T03:47:38.354Z"}
{"@timestamp":"2022-09-17T03:50:28.269Z","@version":"1","message":"Sep 17 03:50:28 honeypot-sgp-1 sshd[26969]: Connection closed by invalid user xuwenhua 137.116.144.39 port 46926 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:51:38 honeypot-fra-1 sshd[23562]: Connection closed by authenticating user root 103.188.176.251 port 60352 [preauth]","@timestamp":"2022-09-17T03:51:39.815Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:55:34 honeypot-fra-1 sshd[23568]: Invalid user ansible from 104.248.123.197 port 41624","@timestamp":"2022-09-17T03:55:34.899Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 03:57:33 honeypot-ams-1 sshd[615]: Invalid user ftpuser from 43.155.83.218 port 35724","@timestamp":"2022-09-17T03:57:33.616Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 03:58:10 honeypot-fra-1 sshd[23573]: Connection closed by authenticating user root 194.163.190.53 port 39826 [preauth]","@timestamp":"2022-09-17T03:58:10.996Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:02:12.555Z","@version":"1","message":"Sep 17 04:02:11 honeypot-sgp-1 sshd[26985]: Bad protocol version identification 'MGLNDD_159.89.202.188_22' from 192.241.212.204 port 57080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:02:57 honeypot-ams-1 sshd[618]: Bad protocol version identification 'MGLNDD_178.62.254.91_22' from 192.241.213.240 port 33078","@timestamp":"2022-09-17T04:02:57.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:07:38 honeypot-fra-1 kernel: [84262070.572234] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.197.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48320 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:07:39.219Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:11:00 honeypot-ams-1 kernel: [84264441.043748] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.164.187 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23889 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:11:00.978Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:14:29 honeypot-fra-1 sshd[23585]: Disconnected from authenticating user root 61.177.173.47 port 23638 [preauth]","@timestamp":"2022-09-17T04:14:29.379Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:15:19.872Z","@version":"1","message":"Sep 17 04:15:19 honeypot-sgp-1 sshd[26993]: Invalid user default from 179.60.147.69 port 5706","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:17:24 honeypot-fra-1 sshd[23594]: Disconnected from authenticating user root 61.177.172.98 port 34173 [preauth]","@timestamp":"2022-09-17T04:17:24.450Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:18:41 honeypot-ams-1 sshd[626]: Connection closed by invalid user default 179.60.147.69 port 19034 [preauth]","@timestamp":"2022-09-17T04:18:42.186Z"}
{"@timestamp":"2022-09-17T04:21:01.014Z","@version":"1","message":"Sep 17 04:21:00 honeypot-sgp-1 sshd[27001]: Disconnected from invalid user monitor 196.1.97.206 port 38602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:21:11 honeypot-fra-1 sshd[23602]: Received disconnect from 61.177.172.108 port 38405:11:  [preauth]","@timestamp":"2022-09-17T04:21:11.539Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:00 honeypot-ams-1 sshd[630]: Disconnected from invalid user user 45.61.186.49 port 45190 [preauth]","@timestamp":"2022-09-17T04:27:00.410Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:27:10 honeypot-ams-1 sshd[634]: Disconnected from invalid user user 45.61.186.49 port 56918 [preauth]","@timestamp":"2022-09-17T04:27:11.416Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:29:25 honeypot-fra-1 sshd[23613]: Invalid user kadri from 103.140.181.14 port 36662","@timestamp":"2022-09-17T04:29:25.727Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:31:10 honeypot-ams-1 kernel: [84265651.619667] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=62866 PROTO=TCP SPT=59780 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:31:11.520Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:04 honeypot-fra-1 sshd[23621]: Received disconnect from 45.61.186.169 port 39748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:32:04.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:23 honeypot-fra-1 sshd[23627]: Received disconnect from 45.61.186.169 port 34702:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:32:23.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:40 honeypot-fra-1 sshd[23631]: Received disconnect from 45.61.186.169 port 57872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:32:40.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:32:57 honeypot-fra-1 sshd[23635]: Received disconnect from 45.61.186.169 port 52838:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T04:32:57.816Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 04:35:33 honeypot-ams-1 sshd[641]: Received disconnect from 91.240.118.222 port 7112:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-17T04:35:33.637Z"}
{"@timestamp":"2022-09-17T04:37:24.408Z","@version":"1","message":"Sep 17 04:37:24 honeypot-sgp-1 kernel: [84265549.210814] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=245 ID=21521 PROTO=TCP SPT=18911 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:38:46 honeypot-fra-1 sshd[23640]: Received disconnect from 61.177.172.124 port 17461:11:  [preauth]","@timestamp":"2022-09-17T04:38:46.950Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:39:23.461Z","@version":"1","message":"Sep 17 04:39:22 honeypot-sgp-1 kernel: [84265667.702777] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.196.220.81 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=59977 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:43:34 honeypot-ams-1 kernel: [84266395.483449] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.248.133.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=22072 PROTO=TCP SPT=62341 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:43:34.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:44:28 honeypot-fra-1 kernel: [84264279.874425] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.156.73.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=39263 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:44:29.081Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:48:17 honeypot-fra-1 kernel: [84264508.755020] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.172.88.107 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=28685 DF PROTO=TCP SPT=17183 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:48:17.169Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:49:53.719Z","@version":"1","message":"Sep 17 04:49:53 honeypot-sgp-1 kernel: [84266298.004812] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=21659 DF PROTO=TCP SPT=58917 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:50:18 honeypot-fra-1 kernel: [84264629.643489] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=2506 DF PROTO=TCP SPT=52614 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T04:50:18.219Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T04:51:32.765Z","@version":"1","message":"Sep 17 04:51:32 honeypot-sgp-1 sshd[27023]: Connection closed by invalid user user 179.60.147.69 port 36276 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 04:51:59 honeypot-ams-1 kernel: [84266900.142572] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9209 PROTO=TCP SPT=50103 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T04:52:00.086Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:05 honeypot-fra-1 sshd[23666]: Connection closed by authenticating user root 194.163.190.53 port 44908 [preauth]","@timestamp":"2022-09-17T04:52:06.265Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23684]: Invalid user ts3server from 185.209.179.41 port 40906","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23691]: Invalid user mcserv from 185.209.179.41 port 40922","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23677]: Invalid user wordpress from 185.209.179.41 port 40862","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23685]: Invalid user cloud from 185.209.179.41 port 40860","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23690]: Connection closed by invalid user es 185.209.179.41 port 40928 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23673]: Connection closed by invalid user oracle 185.209.179.41 port 40872 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23675]: Connection closed by invalid user postgres 185.209.179.41 port 40876 [preauth]","@timestamp":"2022-09-17T04:52:18.271Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:18 honeypot-fra-1 sshd[23716]: Invalid user ansible from 185.209.179.41 port 40948","@timestamp":"2022-09-17T04:52:19.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:20 honeypot-fra-1 sshd[23723]: Invalid user mcserv from 185.209.179.41 port 40910","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23723]: Connection closed by invalid user mcserv 185.209.179.41 port 40910 [preauth]","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:52:21 honeypot-fra-1 sshd[23730]: Connection closed by invalid user esuser 185.209.179.41 port 40854 [preauth]","@timestamp":"2022-09-17T04:52:21.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:55:04.853Z","@version":"1","message":"Sep 17 04:55:04 honeypot-sgp-1 sshd[27030]: Received disconnect from 217.79.42.236 port 53824:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 04:57:36 honeypot-fra-1 sshd[23744]: Received disconnect from 61.177.173.51 port 55659:11:  [preauth]","@timestamp":"2022-09-17T04:57:36.392Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T04:58:54.949Z","@version":"1","message":"Sep 17 04:58:54 honeypot-sgp-1 sshd[27036]: Received disconnect from 61.177.172.124 port 26485:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:00:37 honeypot-fra-1 kernel: [84265248.634161] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=42080 PROTO=TCP SPT=41944 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:00:37.466Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:01:00 honeypot-ams-1 kernel: [84267441.032076] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=40225 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:01:00.324Z"}
{"@timestamp":"2022-09-17T05:02:51.047Z","@version":"1","message":"Sep 17 05:02:50 honeypot-sgp-1 sshd[27041]: Disconnected from authenticating user root 194.87.206.52 port 58500 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:49.072Z","@version":"1","message":"Sep 17 05:03:48 honeypot-sgp-1 sshd[27046]: Received disconnect from 45.61.186.49 port 53506:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:03:58.077Z","@version":"1","message":"Sep 17 05:03:57 honeypot-sgp-1 sshd[27050]: Received disconnect from 45.61.186.49 port 36900:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:06:09.131Z","@version":"1","message":"Sep 17 05:06:09 honeypot-sgp-1 sshd[27055]: Disconnected from authenticating user root 61.177.173.53 port 15757 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:09:58.223Z","@version":"1","message":"Sep 17 05:09:57 honeypot-sgp-1 sshd[27061]: Received disconnect from 181.235.99.59 port 44726:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:13:46 honeypot-fra-1 sshd[23763]: Connection closed by invalid user xuwenhua 137.116.144.39 port 54352 [preauth]","@timestamp":"2022-09-17T05:13:46.759Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:15:46 honeypot-ams-1 kernel: [84268326.862924] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=41619 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:15:46.702Z"}
{"@timestamp":"2022-09-17T05:17:02.395Z","@version":"1","message":"Sep 17 05:17:01 honeypot-sgp-1 CRON[27066]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:21:03 honeypot-fra-1 sshd[23773]: Received disconnect from 61.177.172.108 port 15777:11:  [preauth]","@timestamp":"2022-09-17T05:21:03.923Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:21:41.509Z","@version":"1","message":"Sep 17 05:21:40 honeypot-sgp-1 sshd[27074]: Disconnected from invalid user energy 89.22.165.187 port 27637 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:23:27 honeypot-ams-1 kernel: [84268788.684732] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.159.102.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=57441 PROTO=TCP SPT=52153 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:23:27.904Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:23:53 honeypot-fra-1 sshd[23780]: Invalid user lidl from 165.22.45.108 port 46256","@timestamp":"2022-09-17T05:23:53.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:24:22 honeypot-fra-1 sshd[23786]: Disconnected from authenticating user root 61.177.173.39 port 38786 [preauth]","@timestamp":"2022-09-17T05:24:23.005Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:04 honeypot-ams-1 sshd[665]: Disconnected from invalid user user 45.61.187.160 port 50208 [preauth]","@timestamp":"2022-09-17T05:26:04.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:23 honeypot-ams-1 sshd[669]: Disconnected from invalid user user 45.61.187.160 port 44598 [preauth]","@timestamp":"2022-09-17T05:26:23.984Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:40 honeypot-ams-1 sshd[673]: Disconnected from invalid user user 45.61.187.160 port 38890 [preauth]","@timestamp":"2022-09-17T05:26:40.993Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:26:57 honeypot-ams-1 sshd[677]: Disconnected from invalid user user 45.61.187.160 port 33220 [preauth]","@timestamp":"2022-09-17T05:26:58.002Z"}
{"@timestamp":"2022-09-17T05:27:27.648Z","@version":"1","message":"Sep 17 05:27:26 honeypot-sgp-1 kernel: [84268551.599932] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=112 ID=26211 DF PROTO=TCP SPT=64763 DPT=3389 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:28:52 honeypot-fra-1 sshd[23793]: Connection closed by invalid user debian 179.60.147.69 port 39448 [preauth]","@timestamp":"2022-09-17T05:28:52.108Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:32:31 honeypot-ams-1 kernel: [84269331.937725] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.159.103.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=60295 PROTO=TCP SPT=16568 DPT=80 WINDOW=37232 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:32:31.149Z"}
{"@timestamp":"2022-09-17T05:33:10.787Z","@version":"1","message":"Sep 17 05:33:10 honeypot-sgp-1 sshd[27521]: Did not receive identification string from 45.61.184.204 port 32910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:33:52.806Z","@version":"1","message":"Sep 17 05:33:52 honeypot-sgp-1 sshd[27524]: Disconnected from invalid user user 45.61.184.204 port 41168 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:33:55 honeypot-fra-1 sshd[24233]: Received disconnect from 189.203.101.105 port 23715:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:33:56.226Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T05:34:11.816Z","@version":"1","message":"Sep 17 05:34:11 honeypot-sgp-1 sshd[27528]: Disconnected from invalid user user 45.61.184.204 port 35630 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:34:30.826Z","@version":"1","message":"Sep 17 05:34:30 honeypot-sgp-1 sshd[27532]: Received disconnect from 45.61.184.204 port 58336:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T05:36:15.869Z","@version":"1","message":"Sep 17 05:36:15 honeypot-sgp-1 sshd[27536]: Disconnected from authenticating user root 61.177.172.108 port 24240 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:38:38 honeypot-fra-1 sshd[24241]: Received disconnect from 64.225.22.216 port 52502:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:38:39.332Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:43:06 honeypot-fra-1 kernel: [84267798.207806] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=26775 PROTO=TCP SPT=52948 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:43:07.436Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T05:43:56.057Z","@version":"1","message":"Sep 17 05:43:55 honeypot-sgp-1 kernel: [84269540.680966] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=90 TOS=0x00 PREC=0x00 TTL=245 ID=2855 PROTO=TCP SPT=15431 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 05:46:56 honeypot-ams-1 kernel: [84270197.308018] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=64032 PROTO=TCP SPT=41944 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T05:46:56.519Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:51:12 honeypot-fra-1 sshd[24256]: Received disconnect from 61.177.173.36 port 23162:11:  [preauth]","@timestamp":"2022-09-17T05:51:13.623Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 05:53:44 honeypot-ams-1 sshd[694]: Received disconnect from 134.209.127.189 port 53014:11: Bye Bye [preauth]","@timestamp":"2022-09-17T05:53:45.694Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:55:02 honeypot-fra-1 sshd[24262]: Invalid user tsbot from 87.148.116.106 port 42300","@timestamp":"2022-09-17T05:55:02.715Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 05:58:37 honeypot-fra-1 kernel: [84268728.904528] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.109.205.92 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=13233 DF PROTO=TCP SPT=61414 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T05:58:37.799Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T05:59:51.439Z","@version":"1","message":"Sep 17 05:59:50 honeypot-sgp-1 sshd[27553]: Disconnected from 61.177.173.53 port 24733 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:01:03 honeypot-ams-1 kernel: [84271044.093685] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=28363 PROTO=TCP SPT=49491 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:01:03.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:04:08 honeypot-fra-1 sshd[24271]: Received disconnect from 61.177.172.90 port 41755:11:  [preauth]","@timestamp":"2022-09-17T06:04:08.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:06:22.601Z","@version":"1","message":"Sep 17 06:06:21 honeypot-sgp-1 sshd[27560]: Received disconnect from 61.76.169.138 port 21474:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:07:36.633Z","@version":"1","message":"Sep 17 06:07:35 honeypot-sgp-1 sshd[27562]: Invalid user saugata from 162.243.237.90 port 40847","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:08:12 honeypot-ams-1 sshd[704]: Invalid user webmin from 178.128.217.58 port 37536","@timestamp":"2022-09-17T06:08:13.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:08:40 honeypot-fra-1 kernel: [84269332.119080] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=39262 PROTO=TCP SPT=54309 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:08:41.032Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:10:08 honeypot-ams-1 kernel: [84271589.170994] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58376 PROTO=TCP SPT=54403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:10:09.130Z"}
{"@timestamp":"2022-09-17T06:10:17.817Z","@version":"1","message":"Sep 17 06:10:17 honeypot-sgp-1 kernel: [84271122.575847] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=59444 PROTO=TCP SPT=54403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:11:45 honeypot-ams-1 sshd[710]: Disconnected from authenticating user root 103.88.240.2 port 39380 [preauth]","@timestamp":"2022-09-17T06:11:45.175Z"}
{"@timestamp":"2022-09-17T06:16:22.973Z","@version":"1","message":"Sep 17 06:16:22 honeypot-sgp-1 sshd[27574]: Received disconnect from 61.177.173.36 port 58244:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:17:01 honeypot-fra-1 CRON[24289]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T06:17:01.223Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:21:08 honeypot-ams-1 sshd[720]: Connection closed by invalid user user 193.106.191.157 port 49380 [preauth]","@timestamp":"2022-09-17T06:21:09.460Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:21:50 honeypot-fra-1 sshd[24297]: Invalid user lieke from 165.22.45.108 port 51390","@timestamp":"2022-09-17T06:21:50.334Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:24:03.162Z","@version":"1","message":"Sep 17 06:24:03 honeypot-sgp-1 sshd[27587]: Invalid user tomcat from 64.69.36.42 port 33436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:24:19 honeypot-fra-1 kernel: [84270271.319874] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=11702 PROTO=TCP SPT=54974 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:24:20.393Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:24:22 honeypot-ams-1 sshd[724]: Received disconnect from 105.159.249.53 port 52070:11: Bye Bye [preauth]","@timestamp":"2022-09-17T06:24:23.547Z"}
{"@timestamp":"2022-09-17T06:29:27.304Z","@version":"1","message":"Sep 17 06:29:26 honeypot-sgp-1 sshd[27743]: Received disconnect from 61.177.173.36 port 33012:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:29:59 honeypot-fra-1 kernel: [84270610.717021] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=31959 PROTO=TCP SPT=41023 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:29:59.528Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:32:26 honeypot-fra-1 kernel: [84270758.173690] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=45360 PROTO=TCP SPT=52014 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:32:27.590Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 06:33:21 honeypot-ams-1 kernel: [84272982.469594] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=44832 PROTO=TCP SPT=55562 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:33:21.781Z"}
{"@timestamp":"2022-09-17T06:36:09.468Z","@version":"1","message":"Sep 17 06:36:09 honeypot-sgp-1 sshd[27748]: Received disconnect from 64.135.113.136 port 60744:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:37:25 honeypot-fra-1 sshd[24568]: Disconnected from authenticating user root 103.168.183.91 port 61219 [preauth]","@timestamp":"2022-09-17T06:37:25.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:39:45 honeypot-fra-1 sshd[24572]: Disconnected from authenticating user root 61.177.172.19 port 30456 [preauth]","@timestamp":"2022-09-17T06:39:45.781Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T06:40:22.574Z","@version":"1","message":"Sep 17 06:40:22 honeypot-sgp-1 sshd[27752]: Received disconnect from 91.185.86.229 port 25641:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T06:41:56.615Z","@version":"1","message":"Sep 17 06:41:55 honeypot-sgp-1 sshd[27757]: Received disconnect from 81.183.222.181 port 49558:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 06:43:49 honeypot-ams-1 sshd[988]: Connection closed by invalid user support 179.60.147.69 port 52590 [preauth]","@timestamp":"2022-09-17T06:43:50.053Z"}
{"@timestamp":"2022-09-17T06:44:29.679Z","@version":"1","message":"Sep 17 06:44:29 honeypot-sgp-1 sshd[27763]: Received disconnect from 61.177.173.49 port 36145:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:48:59 honeypot-fra-1 kernel: [84271750.867133] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=3061 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:48:59.991Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T06:50:39.833Z","@version":"1","message":"Sep 17 06:50:39 honeypot-sgp-1 kernel: [84273543.799962] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=30942 PROTO=TCP SPT=41944 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 06:54:29 honeypot-fra-1 kernel: [84272080.528154] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=3526 PROTO=TCP SPT=57209 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T06:54:30.119Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T06:54:56.940Z","@version":"1","message":"Sep 17 06:54:56 honeypot-sgp-1 sshd[27953]: Disconnected from 61.177.173.48 port 56077 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:00:44 honeypot-fra-1 kernel: [84272455.954294] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.244.62.73 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=17280 PROTO=TCP SPT=42382 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:00:45.260Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T07:07:52.253Z","@version":"1","message":"Sep 17 07:07:51 honeypot-sgp-1 sshd[27963]: Disconnected from authenticating user root 61.177.173.35 port 51692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:08:41 honeypot-fra-1 sshd[24607]: Received disconnect from 61.177.173.47 port 20891:11:  [preauth]","@timestamp":"2022-09-17T07:08:42.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:16:45.474Z","@version":"1","message":"Sep 17 07:16:44 honeypot-sgp-1 sshd[27974]: Connection closed by invalid user ubnt 179.60.147.69 port 35542 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:17:01 honeypot-ams-1 CRON[997]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T07:17:01.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:35 honeypot-fra-1 kernel: [84273466.894593] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.97.191 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=55271 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:17:35.645Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:17:54 honeypot-fra-1 sshd[24624]: Invalid user user from 45.61.186.169 port 57776","@timestamp":"2022-09-17T07:17:55.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:11 honeypot-fra-1 sshd[24628]: Invalid user user from 45.61.186.169 port 52774","@timestamp":"2022-09-17T07:18:11.664Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:18:27 honeypot-fra-1 sshd[24632]: Invalid user user from 45.61.186.169 port 47764","@timestamp":"2022-09-17T07:18:27.671Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:20:07 honeypot-fra-1 sshd[24636]: Connection closed by authenticating user root 194.163.190.53 port 56948 [preauth]","@timestamp":"2022-09-17T07:20:07.711Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:22:53 honeypot-ams-1 kernel: [84275954.686811] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.207.248.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=21622 PROTO=TCP SPT=55885 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:22:54.057Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:23:03 honeypot-fra-1 sshd[24645]: Invalid user  from 203.186.184.138 port 42752","@timestamp":"2022-09-17T07:23:03.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:28:12 honeypot-ams-1 sshd[1009]: Invalid user git from 193.142.146.50 port 44720","@timestamp":"2022-09-17T07:28:13.199Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:29:21 honeypot-ams-1 kernel: [84276342.439234] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=53997 PROTO=TCP SPT=10443 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:29:22.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:13 honeypot-ams-1 sshd[1017]: Invalid user oracle from 193.142.146.50 port 41886","@timestamp":"2022-09-17T07:30:14.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:30:39 honeypot-ams-1 sshd[1021]: Invalid user ubuntu from 193.142.146.50 port 40754","@timestamp":"2022-09-17T07:30:39.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:31:54 honeypot-ams-1 sshd[1463]: Invalid user redis from 193.142.146.50 port 39622","@timestamp":"2022-09-17T07:31:55.306Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 07:32:10 honeypot-ams-1 kernel: [84276511.510119] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.46 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54316 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:32:11.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:32:36 honeypot-ams-1 sshd[1469]: Disconnected from invalid user postgres 193.142.146.50 port 37922 [preauth]","@timestamp":"2022-09-17T07:32:36.328Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:32:37 honeypot-fra-1 sshd[24656]: Received disconnect from 119.82.135.226 port 43470:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:32:37.997Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:33:24.888Z","@version":"1","message":"Sep 17 07:33:24 honeypot-sgp-1 sshd[27991]: Connection reset by 61.177.173.35 port 23380 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:33:47 honeypot-ams-1 sshd[1475]: Disconnected from invalid user test 193.142.146.50 port 36790 [preauth]","@timestamp":"2022-09-17T07:33:48.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:37:55 honeypot-fra-1 sshd[24665]: Connection closed by authenticating user root 194.163.190.53 port 49594 [preauth]","@timestamp":"2022-09-17T07:37:56.123Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T07:40:57.068Z","@version":"1","message":"Sep 17 07:40:56 honeypot-sgp-1 kernel: [84276560.923434] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=81.215.212.168 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=231 ID=15686 PROTO=TCP SPT=42258 DPT=80 WINDOW=1300 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T07:42:54.117Z","@version":"1","message":"Sep 17 07:42:53 honeypot-sgp-1 sshd[28004]: Disconnected from authenticating user root 45.95.235.77 port 50256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:44 honeypot-ams-1 sshd[1481]: Received disconnect from 39.90.161.165 port 38218:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:43:45.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:48 honeypot-ams-1 sshd[1485]: Disconnected from invalid user ubnt 39.90.161.165 port 38356 [preauth]","@timestamp":"2022-09-17T07:43:48.618Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:54 honeypot-ams-1 sshd[1491]: Disconnected from authenticating user root 39.90.161.165 port 38454 [preauth]","@timestamp":"2022-09-17T07:43:54.621Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:43:59 honeypot-ams-1 sshd[1497]: Disconnected from authenticating user root 39.90.161.165 port 38922 [preauth]","@timestamp":"2022-09-17T07:44:00.625Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:05 honeypot-ams-1 sshd[1503]: Disconnected from authenticating user root 39.90.161.165 port 39354 [preauth]","@timestamp":"2022-09-17T07:44:05.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:10 honeypot-ams-1 sshd[1509]: Disconnected from authenticating user root 39.90.161.165 port 39512 [preauth]","@timestamp":"2022-09-17T07:44:11.632Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:17 honeypot-ams-1 sshd[1515]: Disconnected from authenticating user root 39.90.161.165 port 39946 [preauth]","@timestamp":"2022-09-17T07:44:17.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:22 honeypot-ams-1 sshd[1521]: Disconnected from authenticating user root 39.90.161.165 port 40076 [preauth]","@timestamp":"2022-09-17T07:44:23.639Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:28 honeypot-ams-1 sshd[1527]: Disconnected from authenticating user root 39.90.161.165 port 40532 [preauth]","@timestamp":"2022-09-17T07:44:28.643Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:33 honeypot-ams-1 sshd[1533]: Disconnected from authenticating user root 39.90.161.165 port 40660 [preauth]","@timestamp":"2022-09-17T07:44:34.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:39 honeypot-ams-1 sshd[1539]: Disconnected from authenticating user root 39.90.161.165 port 41148 [preauth]","@timestamp":"2022-09-17T07:44:39.650Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:44:45 honeypot-ams-1 sshd[1545]: Disconnected from authenticating user root 39.90.161.165 port 41512 [preauth]","@timestamp":"2022-09-17T07:44:45.654Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:44:59 honeypot-fra-1 sshd[24673]: Disconnected from authenticating user root 61.177.172.124 port 64284 [preauth]","@timestamp":"2022-09-17T07:44:59.284Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:12 honeypot-ams-1 sshd[1552]: Disconnected from invalid user user 45.61.186.49 port 52666 [preauth]","@timestamp":"2022-09-17T07:45:13.668Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:45:20 honeypot-ams-1 sshd[1556]: Disconnected from invalid user user 45.61.186.49 port 36036 [preauth]","@timestamp":"2022-09-17T07:45:21.674Z"}
{"@timestamp":"2022-09-17T07:45:34.183Z","@version":"1","message":"Sep 17 07:45:33 honeypot-sgp-1 sshd[28011]: Disconnected from authenticating user root 61.177.173.36 port 53338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:46:45 honeypot-ams-1 sshd[1561]: Invalid user admin from 14.63.59.146 port 52297","@timestamp":"2022-09-17T07:46:45.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:48:39 honeypot-ams-1 sshd[1566]: Disconnected from invalid user gr 202.125.94.212 port 35255 [preauth]","@timestamp":"2022-09-17T07:48:39.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:49:46 honeypot-fra-1 kernel: [84275398.155799] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47279 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T07:49:47.394Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 07:52:08 honeypot-ams-1 sshd[1572]: Received disconnect from 121.243.17.150 port 40090:11: Bye Bye [preauth]","@timestamp":"2022-09-17T07:52:08.854Z"}
{"@timestamp":"2022-09-17T07:52:56.361Z","@version":"1","message":"Sep 17 07:52:55 honeypot-sgp-1 sshd[28016]: Connection closed by invalid user blank 179.60.147.69 port 6056 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T07:57:45.477Z","@version":"1","message":"Sep 17 07:57:44 honeypot-sgp-1 sshd[28023]: Received disconnect from 61.177.173.52 port 55289:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 07:58:20 honeypot-fra-1 sshd[24693]: Disconnected from authenticating user root 61.177.173.53 port 61069 [preauth]","@timestamp":"2022-09-17T07:58:20.591Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:04:06.628Z","@version":"1","message":"Sep 17 08:04:06 honeypot-sgp-1 sshd[28030]: Received disconnect from 188.138.138.176 port 40496:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:08:18 honeypot-ams-1 sshd[1579]: Received disconnect from 51.178.56.85 port 50772:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:08:19.271Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:09:52 honeypot-fra-1 sshd[24723]: Received disconnect from 137.184.135.135 port 59442:11: Bye Bye [preauth]","@timestamp":"2022-09-17T08:09:52.852Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:10:09 honeypot-ams-1 sshd[1584]: Disconnected from authenticating user root 133.130.101.23 port 53040 [preauth]","@timestamp":"2022-09-17T08:10:10.321Z"}
{"@timestamp":"2022-09-17T08:12:29.830Z","@version":"1","message":"Sep 17 08:12:29 honeypot-sgp-1 sshd[28037]: Received disconnect from 61.177.173.35 port 18377:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:13:20 honeypot-fra-1 kernel: [84276811.268899] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.219.188.229 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=49863 PROTO=TCP SPT=41933 DPT=80 WINDOW=35808 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:13:20.934Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:10 honeypot-fra-1 sshd[24764]: Invalid user user from 193.106.191.157 port 40250","@timestamp":"2022-09-17T08:17:11.027Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:17:56 honeypot-fra-1 sshd[24768]: Received disconnect from 178.128.72.150 port 51108:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T08:17:56.047Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:18:45 honeypot-fra-1 sshd[24773]: Invalid user postgres from 178.128.72.150 port 50024","@timestamp":"2022-09-17T08:18:46.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:19:33 honeypot-fra-1 sshd[24777]: Invalid user mysql from 178.128.72.150 port 48968","@timestamp":"2022-09-17T08:19:34.090Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:20 honeypot-fra-1 sshd[24781]: Invalid user teamspeak from 178.128.72.150 port 47886","@timestamp":"2022-09-17T08:20:21.111Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:20:44 honeypot-fra-1 sshd[24785]: Invalid user ftpuser from 178.128.72.150 port 33232","@timestamp":"2022-09-17T08:20:45.123Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:31 honeypot-fra-1 sshd[24789]: Invalid user es from 178.128.72.150 port 60376","@timestamp":"2022-09-17T08:21:32.143Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:21:55 honeypot-fra-1 sshd[24793]: Disconnected from invalid user ts3 178.128.72.150 port 45724 [preauth]","@timestamp":"2022-09-17T08:21:56.155Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T08:22:36.074Z","@version":"1","message":"Sep 17 08:22:35 honeypot-sgp-1 sshd[28064]: Received disconnect from 61.177.173.48 port 58975:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:22:42 honeypot-fra-1 sshd[24799]: Invalid user postgres from 178.128.72.150 port 44646","@timestamp":"2022-09-17T08:22:43.175Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:23:39 honeypot-ams-1 kernel: [84279600.195646] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.31 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33130 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:23:39.670Z"}
{"@timestamp":"2022-09-17T08:30:07.257Z","@version":"1","message":"Sep 17 08:30:06 honeypot-sgp-1 kernel: [84279511.508022] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.237 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47973 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:30:26 honeypot-fra-1 kernel: [84277837.216409] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3927 PROTO=TCP SPT=43411 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:30:26.351Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24813]: Invalid user systems from 43.138.78.204 port 49884","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24822]: Invalid user momo from 43.138.78.204 port 49928","@timestamp":"2022-09-17T08:31:21.378Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24812]: Connection closed by invalid user bilbomeakine 43.138.78.204 port 49826 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:21 honeypot-fra-1 sshd[24821]: Connection closed by invalid user hostmetrics 43.138.78.204 port 49894 [preauth]","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:22 honeypot-fra-1 sshd[24837]: Invalid user suhelper from 43.138.78.204 port 49834","@timestamp":"2022-09-17T08:31:22.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24842]: Invalid user secscan from 43.138.78.204 port 49886","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24849]: Invalid user kibana from 43.138.78.204 port 49864","@timestamp":"2022-09-17T08:31:24.380Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24858]: Invalid user chinochan from 43.138.78.204 port 49932","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24847]: Connection closed by invalid user linkl 43.138.78.204 port 49848 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:31:24 honeypot-fra-1 sshd[24856]: Connection closed by authenticating user mail 43.138.78.204 port 49858 [preauth]","@timestamp":"2022-09-17T08:31:25.381Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:33:19 honeypot-ams-1 sshd[1613]: Invalid user user from 193.106.191.157 port 51394","@timestamp":"2022-09-17T08:33:19.930Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:35:25 honeypot-fra-1 kernel: [84278136.833951] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.159.235 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51308 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:35:26.472Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:40:59 honeypot-ams-1 kernel: [84280640.121283] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.206 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=58852 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:41:00.135Z"}
{"@timestamp":"2022-09-17T08:41:03.524Z","@version":"1","message":"Sep 17 08:41:03 honeypot-sgp-1 kernel: [84280168.076661] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.125 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=34780 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:43:19 honeypot-fra-1 sshd[24885]: Did not receive identification string from 152.32.154.27 port 58388","@timestamp":"2022-09-17T08:43:19.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:24 honeypot-fra-1 sshd[24894]: Disconnected from invalid user user 45.61.186.49 port 33196 [preauth]","@timestamp":"2022-09-17T08:46:24.718Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:46:32 honeypot-fra-1 sshd[24898]: Invalid user user from 45.61.186.49 port 44708","@timestamp":"2022-09-17T08:46:33.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:47:57 honeypot-fra-1 sshd[24902]: Invalid user nodeproxy from 103.188.176.251 port 34150","@timestamp":"2022-09-17T08:47:57.756Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:49:11 honeypot-ams-1 sshd[1624]: Invalid user visitor from 114.7.162.198 port 35578","@timestamp":"2022-09-17T08:49:12.354Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 08:49:59 honeypot-ams-1 kernel: [84281179.980146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.191.197 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=5949 PROTO=TCP SPT=44347 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:49:59.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:52:54 honeypot-ams-1 sshd[1634]: Invalid user user from 193.106.191.157 port 36620","@timestamp":"2022-09-17T08:52:54.456Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:53:17 honeypot-fra-1 kernel: [84279208.980823] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.180.87 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=25377 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T08:53:18.885Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 08:57:26 honeypot-fra-1 sshd[24912]: Disconnected from authenticating user root 81.192.87.130 port 33287 [preauth]","@timestamp":"2022-09-17T08:57:26.982Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 08:57:39 honeypot-ams-1 sshd[1640]: Disconnected from authenticating user root 207.249.96.168 port 43528 [preauth]","@timestamp":"2022-09-17T08:57:39.582Z"}
{"@timestamp":"2022-09-17T09:00:14.988Z","@version":"1","message":"Sep 17 09:00:14 honeypot-sgp-1 sshd[28089]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 42607","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:01:14 honeypot-fra-1 sshd[24920]: Received disconnect from 61.177.173.50 port 22986:11:  [preauth]","@timestamp":"2022-09-17T09:01:14.095Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:05:18.117Z","@version":"1","message":"Sep 17 09:05:18 honeypot-sgp-1 sshd[28095]: Disconnected from authenticating user root 103.54.85.180 port 34094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T09:05:55.132Z","@version":"1","message":"Sep 17 09:05:54 honeypot-sgp-1 kernel: [84281658.865594] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=41358 PROTO=TCP SPT=44076 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:06:41 honeypot-fra-1 kernel: [84280012.500406] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=38811 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:06:42.223Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T09:08:55.209Z","@version":"1","message":"Sep 17 09:08:54 honeypot-sgp-1 sshd[28104]: Disconnected from authenticating user root 138.68.166.112 port 36876 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:08:55 honeypot-ams-1 sshd[1646]: Connection closed by invalid user admin 179.60.147.69 port 64280 [preauth]","@timestamp":"2022-09-17T09:08:55.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:09:47 honeypot-fra-1 kernel: [84280198.573581] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=15392 PROTO=TCP SPT=45204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:09:48.295Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:14:40 honeypot-fra-1 sshd[24938]: Disconnected from authenticating user root 103.219.112.63 port 49598 [preauth]","@timestamp":"2022-09-17T09:14:40.406Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:16:02 honeypot-ams-1 kernel: [84282743.418995] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.216.71.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=35541 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:16:03.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:16:57 honeypot-ams-1 sshd[1653]: Received disconnect from 178.128.72.150 port 43170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:16:58.092Z"}
{"@timestamp":"2022-09-17T09:17:02.412Z","@version":"1","message":"Sep 17 09:17:01 honeypot-sgp-1 CRON[28112]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:17:24 honeypot-ams-1 sshd[1658]: Disconnected from invalid user minecraft 178.128.72.150 port 58336 [preauth]","@timestamp":"2022-09-17T09:17:25.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:17:38 honeypot-fra-1 kernel: [84280669.095576] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=52424 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:17:38.476Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:18:17 honeypot-ams-1 sshd[1663]: Disconnected from invalid user oracle 178.128.72.150 port 60426 [preauth]","@timestamp":"2022-09-17T09:18:18.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:19:09 honeypot-ams-1 sshd[1667]: Disconnected from invalid user test 178.128.72.150 port 34286 [preauth]","@timestamp":"2022-09-17T09:19:10.155Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:19:27 honeypot-fra-1 sshd[24950]: Did not receive identification string from 45.61.186.169 port 56076","@timestamp":"2022-09-17T09:19:27.521Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:01 honeypot-ams-1 sshd[1671]: Disconnected from invalid user ftpuser 178.128.72.150 port 36382 [preauth]","@timestamp":"2022-09-17T09:20:02.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:08 honeypot-fra-1 sshd[24953]: Disconnected from invalid user user 45.61.186.169 port 55898 [preauth]","@timestamp":"2022-09-17T09:20:08.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:25 honeypot-fra-1 sshd[24958]: Disconnected from invalid user user 45.61.186.169 port 51102 [preauth]","@timestamp":"2022-09-17T09:20:26.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:20:41 honeypot-fra-1 sshd[24962]: Invalid user user from 45.61.186.169 port 46292","@timestamp":"2022-09-17T09:20:42.557Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:20:54 honeypot-ams-1 sshd[1675]: Disconnected from invalid user es 178.128.72.150 port 38486 [preauth]","@timestamp":"2022-09-17T09:20:55.208Z"}
{"@timestamp":"2022-09-17T09:21:31.524Z","@version":"1","message":"Sep 17 09:21:31 honeypot-sgp-1 sshd[28119]: Disconnected from 61.177.173.35 port 23334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:21:47 honeypot-ams-1 sshd[1679]: Disconnected from invalid user postgres 178.128.72.150 port 40582 [preauth]","@timestamp":"2022-09-17T09:21:48.234Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:24:12 honeypot-fra-1 sshd[24968]: Connection closed by authenticating user root 194.163.190.53 port 33636 [preauth]","@timestamp":"2022-09-17T09:24:12.637Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:34:15.832Z","@version":"1","message":"Sep 17 09:34:14 honeypot-sgp-1 kernel: [84283359.553300] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.71 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=49880 PROTO=TCP SPT=59821 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:37:30 honeypot-ams-1 sshd[1685]: Invalid user mrx from 133.130.89.4 port 40080","@timestamp":"2022-09-17T09:37:30.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:38:43 honeypot-ams-1 sshd[1689]: Invalid user admin from 186.206.144.34 port 36673","@timestamp":"2022-09-17T09:38:44.676Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:22 honeypot-fra-1 sshd[24986]: Received disconnect from 193.142.146.50 port 40318:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:40:23.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:40:33 honeypot-ams-1 kernel: [84284214.311721] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=9082 PROTO=TCP SPT=16115 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:40:33.726Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:40:44 honeypot-fra-1 sshd[24990]: Invalid user oracle from 193.142.146.50 port 38800","@timestamp":"2022-09-17T09:40:45.028Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:41:55 honeypot-fra-1 sshd[24995]: Invalid user cdiptv from 194.163.190.53 port 55840","@timestamp":"2022-09-17T09:41:56.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:41:58.040Z","@version":"1","message":"Sep 17 09:41:57 honeypot-sgp-1 sshd[28132]: Invalid user centos from 179.60.147.69 port 55058","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:33 honeypot-fra-1 sshd[24999]: Disconnected from invalid user oracle 193.142.146.50 port 35766 [preauth]","@timestamp":"2022-09-17T09:42:34.073Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:42:59 honeypot-fra-1 sshd[25003]: Disconnected from invalid user ubuntu 193.142.146.50 port 34250 [preauth]","@timestamp":"2022-09-17T09:43:00.085Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:43:47 honeypot-fra-1 sshd[25009]: Received disconnect from 61.177.172.98 port 57733:11:  [preauth]","@timestamp":"2022-09-17T09:43:48.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:27 honeypot-fra-1 sshd[25013]: Invalid user mysql from 193.142.146.50 port 60204","@timestamp":"2022-09-17T09:44:28.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:44:55 honeypot-fra-1 sshd[25017]: Invalid user postgres from 193.142.146.50 port 58688","@timestamp":"2022-09-17T09:44:56.135Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:45:09 honeypot-fra-1 sshd[25021]: Received disconnect from 193.142.146.50 port 57930:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:45:10.142Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T09:45:48.137Z","@version":"1","message":"Sep 17 09:45:47 honeypot-sgp-1 sshd[28140]: Received disconnect from 61.177.173.49 port 18471:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:40 honeypot-ams-1 sshd[1696]: Received disconnect from 45.61.186.249 port 35288:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T09:50:40.987Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:50:58 honeypot-ams-1 sshd[1700]: Invalid user user from 45.61.186.249 port 59022","@timestamp":"2022-09-17T09:50:58.996Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:51:03 honeypot-fra-1 sshd[25030]: Connection closed by invalid user cdiptv 194.163.190.53 port 39612 [preauth]","@timestamp":"2022-09-17T09:51:04.274Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:18 honeypot-ams-1 sshd[1704]: Invalid user user from 45.61.186.249 port 54524","@timestamp":"2022-09-17T09:51:19.006Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:51:35 honeypot-ams-1 sshd[1708]: Invalid user user from 45.61.186.249 port 50014","@timestamp":"2022-09-17T09:51:36.015Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:54:10 honeypot-fra-1 sshd[25039]: Received disconnect from 167.71.74.3 port 46598:11: Bye Bye [preauth]","@timestamp":"2022-09-17T09:54:11.347Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 09:56:13 honeypot-ams-1 kernel: [84285153.794378] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.133 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=13157 PROTO=TCP SPT=24916 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:56:13.132Z"}
{"@timestamp":"2022-09-17T09:56:14.395Z","@version":"1","message":"Sep 17 09:56:14 honeypot-sgp-1 sshd[28151]: Received disconnect from 61.177.173.48 port 64648:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 09:56:54 honeypot-fra-1 kernel: [84283025.561466] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63241 PROTO=TCP SPT=48573 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T09:56:55.411Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:57:06 honeypot-ams-1 sshd[1720]: Invalid user admin from 46.19.141.122 port 47300","@timestamp":"2022-09-17T09:57:07.158Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:09 honeypot-ams-1 sshd[1724]: Invalid user user from 46.19.141.122 port 37504","@timestamp":"2022-09-17T09:58:10.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:58:49 honeypot-ams-1 sshd[1729]: Invalid user pi from 46.19.141.122 port 55860","@timestamp":"2022-09-17T09:58:50.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 09:59:31 honeypot-ams-1 sshd[1733]: Invalid user ubnt from 46.19.141.122 port 45994","@timestamp":"2022-09-17T09:59:32.227Z"}
{"@timestamp":"2022-09-17T09:59:35.478Z","@version":"1","message":"Sep 17 09:59:35 honeypot-sgp-1 kernel: [84284879.770467] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=118.123.105.85 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=65034 PROTO=TCP SPT=58367 DPT=3389 WINDOW=63540 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:00:18 honeypot-ams-1 sshd[1737]: Invalid user support from 46.19.141.122 port 36144","@timestamp":"2022-09-17T10:00:19.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:00:32 honeypot-fra-1 kernel: [84283243.448982] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=37581 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:00:33.497Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:01:04 honeypot-ams-1 sshd[1742]: Received disconnect from 46.19.141.122 port 54492:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:01:05.271Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:01:53 honeypot-ams-1 sshd[1746]: Disconnected from invalid user telnet 46.19.141.122 port 44638 [preauth]","@timestamp":"2022-09-17T10:01:54.294Z"}
{"@timestamp":"2022-09-17T10:02:30.556Z","@version":"1","message":"Sep 17 10:02:30 honeypot-sgp-1 sshd[28159]: Connection closed by 87.236.176.154 port 59689 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:03:11 honeypot-ams-1 sshd[1752]: Received disconnect from 46.19.141.122 port 58100:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:03:12.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:04:36 honeypot-ams-1 sshd[1758]: Invalid user admin from 46.19.141.122 port 43310","@timestamp":"2022-09-17T10:04:36.371Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:08:14 honeypot-fra-1 sshd[25059]: Invalid user juzici from 194.163.190.53 port 60542","@timestamp":"2022-09-17T10:08:14.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:15:22 honeypot-ams-1 sshd[1766]: Disconnected from authenticating user root 190.226.244.9 port 55614 [preauth]","@timestamp":"2022-09-17T10:15:23.645Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:17:01 honeypot-fra-1 CRON[25064]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T10:17:01.871Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:17:35 honeypot-ams-1 sshd[1772]: Disconnected from invalid user customer 79.0.207.126 port 46316 [preauth]","@timestamp":"2022-09-17T10:17:35.700Z"}
{"@timestamp":"2022-09-17T10:18:20.944Z","@version":"1","message":"Sep 17 10:18:20 honeypot-sgp-1 sshd[28234]: Invalid user blank from 179.60.147.69 port 38162","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:19:30 honeypot-fra-1 sshd[25070]: Connection closed by invalid user blank 179.60.147.69 port 52178 [preauth]","@timestamp":"2022-09-17T10:19:30.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25074]: Did not receive identification string from 196.216.253.24 port 37748","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25075]: Invalid user dev from 196.216.253.24 port 38524","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:14 honeypot-fra-1 sshd[25079]: Connection closed by invalid user oracle 196.216.253.24 port 38536 [preauth]","@timestamp":"2022-09-17T10:24:15.044Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:24:15 honeypot-fra-1 sshd[25095]: Connection closed by invalid user ubuntu 196.216.253.24 port 38558 [preauth]","@timestamp":"2022-09-17T10:24:16.046Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:24:20 honeypot-ams-1 sshd[1781]: Invalid user mother from 43.156.32.144 port 58692","@timestamp":"2022-09-17T10:24:20.881Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:28:57 honeypot-ams-1 kernel: [84287117.807124] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=12413 PROTO=TCP SPT=11090 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:28:57.999Z"}
{"@timestamp":"2022-09-17T10:31:09.259Z","@version":"1","message":"Sep 17 10:31:09 honeypot-sgp-1 sshd[28239]: Received disconnect from 190.153.249.99 port 50469:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T10:31:36.274Z","@version":"1","message":"Sep 17 10:31:36 honeypot-sgp-1 sshd[28242]: Disconnected from invalid user yong 123.122.162.24 port 59815 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:31:49 honeypot-fra-1 kernel: [84285120.176239] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=33766 PROTO=TCP SPT=47066 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:31:50.218Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:33:59 honeypot-ams-1 kernel: [84287419.751350] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=47773 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:33:59.130Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:34:45 honeypot-ams-1 sshd[1793]: ssh_dispatch_run_fatal: Connection from 222.228.6.98 port 43957: message authentication code incorrect [preauth]","@timestamp":"2022-09-17T10:34:46.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:35:40 honeypot-fra-1 sshd[25107]: Received disconnect from 104.177.34.102 port 37160:11: Bye Bye [preauth]","@timestamp":"2022-09-17T10:35:41.309Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:35:54.384Z","@version":"1","message":"Sep 17 10:35:53 honeypot-sgp-1 sshd[28248]: Invalid user test from 89.190.84.6 port 35952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T10:38:22.446Z","@version":"1","message":"Sep 17 10:38:22 honeypot-sgp-1 sshd[28253]: Invalid user user3 from 187.109.253.246 port 39778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:41:11 honeypot-fra-1 sshd[25110]: Did not receive identification string from 42.245.192.12 port 41797","@timestamp":"2022-09-17T10:41:11.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:41:53 honeypot-ams-1 kernel: [84287894.260724] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=2951 DF PROTO=TCP SPT=63977 DPT=3389 WINDOW=200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:41:54.352Z"}
{"@timestamp":"2022-09-17T10:43:23.569Z","@version":"1","message":"Sep 17 10:43:23 honeypot-sgp-1 sshd[28255]: Disconnected from invalid user publog 46.41.142.93 port 40454 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:46:44 honeypot-ams-1 sshd[1803]: Received disconnect from 45.61.184.204 port 46614:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:46:45.480Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:05 honeypot-ams-1 sshd[1807]: Received disconnect from 45.61.184.204 port 41896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:47:05.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:24 honeypot-ams-1 sshd[1811]: Received disconnect from 45.61.184.204 port 37176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:47:24.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 10:47:41 honeypot-ams-1 sshd[1815]: Received disconnect from 45.61.184.204 port 60686:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T10:47:42.510Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:49:00 honeypot-fra-1 kernel: [84286151.110095] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=24368 PROTO=TCP SPT=50279 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:49:00.616Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:52:38 honeypot-fra-1 sshd[25121]: Connection closed by invalid user cdh 194.163.190.53 port 32840 [preauth]","@timestamp":"2022-09-17T10:52:38.700Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T10:54:29.840Z","@version":"1","message":"Sep 17 10:54:29 honeypot-sgp-1 sshd[28261]: Connection closed by invalid user admin 179.60.147.69 port 25388 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 10:56:31 honeypot-fra-1 kernel: [84286602.137675] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.130 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=55437 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:56:31.792Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 10:58:47 honeypot-ams-1 kernel: [84288908.259819] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=113.207.248.6 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=40594 PROTO=TCP SPT=50237 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T10:58:47.794Z"}
{"@timestamp":"2022-09-17T11:04:37.112Z","@version":"1","message":"Sep 17 11:04:36 honeypot-sgp-1 kernel: [84288780.656253] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.71.137.142 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=21419 DF PROTO=TCP SPT=21156 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:06:49 honeypot-fra-1 sshd[25132]: Connection closed by 192.241.219.66 port 33876 [preauth]","@timestamp":"2022-09-17T11:06:50.026Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:07:53 honeypot-ams-1 kernel: [84289454.434823] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.44.65.107 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=18305 PROTO=TCP SPT=24263 DPT=443 WINDOW=13986 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:07:54.033Z"}
{"@timestamp":"2022-09-17T11:12:42.316Z","@version":"1","message":"Sep 17 11:12:42 honeypot-sgp-1 kernel: [84289266.655040] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.170.246.176 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=53566 PROTO=TCP SPT=45957 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:13:43.343Z","@version":"1","message":"Sep 17 11:13:43 honeypot-sgp-1 sshd[28270]: Disconnected from invalid user lu 189.56.100.42 port 47471 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:15:54 honeypot-fra-1 sshd[25139]: Invalid user benutzer from 165.227.160.124 port 40362","@timestamp":"2022-09-17T11:15:55.231Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:16:03.401Z","@version":"1","message":"Sep 17 11:16:03 honeypot-sgp-1 sshd[28275]: Received disconnect from 20.91.212.97 port 45598:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:16:49 honeypot-fra-1 sshd[25143]: Invalid user user1 from 103.188.176.251 port 53328","@timestamp":"2022-09-17T11:16:50.254Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:18:09 honeypot-ams-1 kernel: [84290070.074533] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=11145 PROTO=TCP SPT=4000 DPT=80 WINDOW=48929 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:18:10.298Z"}
{"@timestamp":"2022-09-17T11:18:16.459Z","@version":"1","message":"Sep 17 11:18:15 honeypot-sgp-1 sshd[28281]: Disconnected from authenticating user root 143.198.57.67 port 34456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:19:18 honeypot-fra-1 sshd[25149]: Connection closed by invalid user meta 194.163.190.53 port 35534 [preauth]","@timestamp":"2022-09-17T11:19:19.314Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:27:16.681Z","@version":"1","message":"Sep 17 11:27:16 honeypot-sgp-1 kernel: [84290140.530271] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=29246 PROTO=TCP SPT=53675 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:28:11 honeypot-fra-1 kernel: [84288502.083884] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=15370 PROTO=TCP SPT=2381 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:28:11.516Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:30:39 honeypot-ams-1 kernel: [84290820.474804] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=26689 PROTO=TCP SPT=54205 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:30:40.629Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:31:52 honeypot-fra-1 sshd[25159]: Connection closed by invalid user ubnt 179.60.147.69 port 27028 [preauth]","@timestamp":"2022-09-17T11:31:53.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:32:34 honeypot-fra-1 sshd[25163]: Disconnected from invalid user scanner 112.28.209.67 port 34779 [preauth]","@timestamp":"2022-09-17T11:32:34.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 11:33:08 honeypot-ams-1 sshd[1841]: Received disconnect from 199.188.203.210 port 41534:11: Bye Bye [preauth]","@timestamp":"2022-09-17T11:33:08.695Z"}
{"@timestamp":"2022-09-17T11:33:21.836Z","@version":"1","message":"Sep 17 11:33:21 honeypot-sgp-1 kernel: [84290505.720965] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=60510 DF PROTO=TCP SPT=57442 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:37:08 honeypot-fra-1 sshd[25170]: Connection closed by invalid user meta 194.163.190.53 port 58228 [preauth]","@timestamp":"2022-09-17T11:37:08.720Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:39:44 honeypot-ams-1 kernel: [84291364.883308] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=12117 PROTO=TCP SPT=59040 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:39:44.866Z"}
{"@timestamp":"2022-09-17T11:40:28.014Z","@version":"1","message":"Sep 17 11:40:27 honeypot-sgp-1 sshd[28291]: Invalid user info2 from 64.225.111.207 port 53226","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T11:43:48.105Z","@version":"1","message":"Sep 17 11:43:47 honeypot-sgp-1 sshd[28296]: Invalid user helpdesk from 89.177.128.164 port 37310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:43:57 honeypot-fra-1 sshd[25175]: Connection closed by invalid user  119.237.81.139 port 45643 [preauth]","@timestamp":"2022-09-17T11:43:57.879Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T11:44:58.136Z","@version":"1","message":"Sep 17 11:44:57 honeypot-sgp-1 sshd[28300]: Invalid user jova from 104.248.181.156 port 47514","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:53:17 honeypot-fra-1 kernel: [84290008.576824] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.86 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=44735 PROTO=TCP SPT=54414 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:53:18.112Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 11:55:05 honeypot-ams-1 kernel: [84292285.656013] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=57965 PROTO=TCP SPT=12113 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T11:55:05.266Z"}
{"@timestamp":"2022-09-17T11:56:22.411Z","@version":"1","message":"Sep 17 11:56:21 honeypot-sgp-1 kernel: [84291886.389256] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=20525 PROTO=TCP SPT=51683 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 11:57:03 honeypot-fra-1 sshd[25184]: Disconnected from invalid user admin 37.139.15.214 port 58503 [preauth]","@timestamp":"2022-09-17T11:57:04.197Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:03:07 honeypot-fra-1 sshd[25190]: Received disconnect from 162.215.1.203 port 52058:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:03:07.339Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:03:55 honeypot-ams-1 sshd[1849]: Received disconnect from 181.49.53.26 port 43538:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:03:55.518Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:04:10 honeypot-fra-1 sshd[25198]: Received disconnect from 178.176.225.151 port 53528:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:04:10.366Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:07:05 honeypot-ams-1 kernel: [84293006.003766] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52711 PROTO=TCP SPT=56004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:07:05.605Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:08:16 honeypot-fra-1 sshd[25202]: Invalid user admin from 179.60.147.69 port 10300","@timestamp":"2022-09-17T12:08:16.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:08:34.714Z","@version":"1","message":"Sep 17 12:08:34 honeypot-sgp-1 sshd[28310]: Bad protocol version identification 'GET / HTTP/1.1' from 117.36.196.122 port 18993","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:13:58 honeypot-fra-1 sshd[25207]: Invalid user lifferay from 165.22.45.108 port 54048","@timestamp":"2022-09-17T12:13:58.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:17:01 honeypot-fra-1 CRON[25209]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T12:17:01.670Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:17:01 honeypot-ams-1 CRON[1858]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T12:17:01.872Z"}
{"@timestamp":"2022-09-17T12:20:48.016Z","@version":"1","message":"Sep 17 12:20:47 honeypot-sgp-1 kernel: [84293351.902673] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.167.53.101 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=44 ID=64801 PROTO=TCP SPT=9114 DPT=80 WINDOW=13862 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:30:11 honeypot-fra-1 sshd[25216]: Invalid user sunp from 194.163.190.53 port 42960","@timestamp":"2022-09-17T12:30:11.975Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:31:37 honeypot-ams-1 sshd[1868]: Invalid user xbot from 46.101.254.194 port 60050","@timestamp":"2022-09-17T12:31:37.267Z"}
{"@timestamp":"2022-09-17T12:32:13.299Z","@version":"1","message":"Sep 17 12:32:13 honeypot-sgp-1 kernel: [84294037.420073] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=475 PROTO=TCP SPT=50279 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 12:35:01 honeypot-ams-1 kernel: [84294682.188076] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=620 DF PROTO=TCP SPT=35731 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:35:02.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:36:57 honeypot-fra-1 kernel: [84292628.364379] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=26480 PROTO=TCP SPT=23013 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T12:36:58.136Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T12:39:34.483Z","@version":"1","message":"Sep 17 12:39:34 honeypot-sgp-1 sshd[28328]: Connection closed by invalid user admin 211.107.213.219 port 55744 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:44:38 honeypot-fra-1 sshd[25224]: Connection closed by authenticating user root 179.60.147.69 port 60014 [preauth]","@timestamp":"2022-09-17T12:44:39.317Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 12:44:52 honeypot-ams-1 sshd[1876]: Invalid user guest from 187.157.153.167 port 38280","@timestamp":"2022-09-17T12:44:53.618Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:48:08 honeypot-fra-1 sshd[25231]: Invalid user sunp from 194.163.190.53 port 37146","@timestamp":"2022-09-17T12:48:09.402Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:52:57 honeypot-fra-1 sshd[25235]: Received disconnect from 52.231.92.23 port 58808:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:52:57.512Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T12:55:58.891Z","@version":"1","message":"Sep 17 12:55:58 honeypot-sgp-1 sshd[28340]: Invalid user musli from 159.65.41.104 port 49758","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T12:56:14.899Z","@version":"1","message":"Sep 17 12:56:14 honeypot-sgp-1 sshd[28344]: Connection closed by invalid user admin 128.199.168.83 port 35030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 12:56:25 honeypot-fra-1 sshd[25241]: Received disconnect from 202.4.119.45 port 44990:11: Bye Bye [preauth]","@timestamp":"2022-09-17T12:56:26.594Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:00:51 honeypot-ams-1 kernel: [84296231.945089] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=86 TOS=0x00 PREC=0x00 TTL=252 ID=34047 PROTO=TCP SPT=26071 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:00:52.053Z"}
{"@timestamp":"2022-09-17T13:03:12.071Z","@version":"1","message":"Sep 17 13:03:11 honeypot-sgp-1 kernel: [84295895.806305] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=41949 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:05:00 honeypot-fra-1 sshd[25247]: Received disconnect from 1.63.226.147 port 36428:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:05:00.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:05:36.132Z","@version":"1","message":"Sep 17 13:05:35 honeypot-sgp-1 sshd[28357]: Invalid user user from 45.61.187.160 port 49192","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:05:36 honeypot-fra-1 sshd[25251]: Disconnected from invalid user shimomaki 159.65.64.70 port 60586 [preauth]","@timestamp":"2022-09-17T13:05:36.805Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:05:55.142Z","@version":"1","message":"Sep 17 13:05:54 honeypot-sgp-1 sshd[28362]: Invalid user user from 45.61.187.160 port 44200","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:13.151Z","@version":"1","message":"Sep 17 13:06:12 honeypot-sgp-1 kernel: [84296076.764677] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.11.91.190 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=51149 PROTO=TCP SPT=21817 DPT=443 WINDOW=57753 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:06:22.155Z","@version":"1","message":"Sep 17 13:06:21 honeypot-sgp-1 sshd[28368]: Disconnected from invalid user user 45.61.187.160 port 50858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:25.343Z","@version":"1","message":"Sep 17 13:09:24 honeypot-sgp-1 sshd[28375]: Invalid user user from 45.61.186.169 port 49606","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:42.352Z","@version":"1","message":"Sep 17 13:09:41 honeypot-sgp-1 sshd[28379]: Invalid user user from 45.61.186.169 port 44536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:09:58.359Z","@version":"1","message":"Sep 17 13:09:57 honeypot-sgp-1 sshd[28383]: Invalid user user from 45.61.186.169 port 39458","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:10:58.385Z","@version":"1","message":"Sep 17 13:10:57 honeypot-sgp-1 sshd[28387]: Received disconnect from 198.211.109.66 port 47910:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:11:41 honeypot-ams-1 sshd[1883]: Disconnected from invalid user ts2 147.135.219.202 port 41622 [preauth]","@timestamp":"2022-09-17T13:11:41.342Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:12:10 honeypot-fra-1 sshd[25257]: Received disconnect from 168.167.72.96 port 3435:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:12:10.957Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:13:04.441Z","@version":"1","message":"Sep 17 13:13:04 honeypot-sgp-1 sshd[28390]: Disconnected from invalid user user 45.61.186.249 port 49854 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:13:22.451Z","@version":"1","message":"Sep 17 13:13:21 honeypot-sgp-1 sshd[28394]: Disconnected from invalid user user 45.61.186.249 port 44498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:13:39.460Z","@version":"1","message":"Sep 17 13:13:38 honeypot-sgp-1 sshd[28399]: Disconnected from invalid user user 45.61.186.249 port 39160 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:13:40 honeypot-ams-1 sshd[1888]: Invalid user user from 45.61.184.204 port 36510","@timestamp":"2022-09-17T13:13:40.400Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 13:13:51 honeypot-ams-1 kernel: [84297012.190542] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15787 PROTO=TCP SPT=40083 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:13:52.406Z"}
{"@timestamp":"2022-09-17T13:13:55.468Z","@version":"1","message":"Sep 17 13:13:55 honeypot-sgp-1 sshd[28403]: Disconnected from invalid user user 45.61.186.249 port 33796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:14:06 honeypot-fra-1 sshd[25263]: Invalid user nagios from 13.80.7.122 port 43284","@timestamp":"2022-09-17T13:14:07.006Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:07 honeypot-ams-1 sshd[1896]: Disconnected from invalid user user 45.61.184.204 port 42544 [preauth]","@timestamp":"2022-09-17T13:14:07.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:14:23 honeypot-ams-1 sshd[1900]: Invalid user user from 45.61.184.204 port 37182","@timestamp":"2022-09-17T13:14:24.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:15:19 honeypot-fra-1 sshd[25267]: Received disconnect from 213.108.241.222 port 42236:11: Bye Bye [preauth]","@timestamp":"2022-09-17T13:15:20.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:16:23.532Z","@version":"1","message":"Sep 17 13:16:22 honeypot-sgp-1 sshd[28407]: Connection closed by invalid user pi 70.175.251.169 port 36154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:17:37 honeypot-ams-1 sshd[1906]: Invalid user vinoth from 13.67.201.190 port 33698","@timestamp":"2022-09-17T13:17:37.511Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:21:41 honeypot-fra-1 sshd[25275]: Invalid user user from 193.106.191.157 port 37538","@timestamp":"2022-09-17T13:21:42.184Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:22:06.675Z","@version":"1","message":"Sep 17 13:22:06 honeypot-sgp-1 sshd[28419]: Received disconnect from 190.107.22.235 port 54478:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:23:08 honeypot-ams-1 sshd[1911]: Connection closed by invalid user default 179.60.147.69 port 21658 [preauth]","@timestamp":"2022-09-17T13:23:09.660Z"}
{"@timestamp":"2022-09-17T13:33:36.958Z","@version":"1","message":"Sep 17 13:33:36 honeypot-sgp-1 sshd[28426]: Invalid user user from 45.61.186.169 port 41970","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:33:55.968Z","@version":"1","message":"Sep 17 13:33:55 honeypot-sgp-1 sshd[28430]: Invalid user user from 45.61.186.169 port 36502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:12.977Z","@version":"1","message":"Sep 17 13:34:12 honeypot-sgp-1 sshd[28434]: Invalid user user from 45.61.186.169 port 59326","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:34:26.984Z","@version":"1","message":"Sep 17 13:34:26 honeypot-sgp-1 kernel: [84297771.258254] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.151.122.22 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=35799 PROTO=TCP SPT=49353 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:36:10 honeypot-fra-1 kernel: [84296180.468208] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=58616 PROTO=TCP SPT=55901 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:36:10.525Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:38:08 honeypot-ams-1 sshd[1917]: Connection closed by invalid user user 193.106.191.157 port 54060 [preauth]","@timestamp":"2022-09-17T13:38:09.064Z"}
{"@timestamp":"2022-09-17T13:40:59.146Z","@version":"1","message":"Sep 17 13:40:58 honeypot-sgp-1 sshd[28445]: Received disconnect from 45.61.186.169 port 37544:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:17.156Z","@version":"1","message":"Sep 17 13:41:16 honeypot-sgp-1 sshd[28449]: Received disconnect from 45.61.186.169 port 32836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:34.169Z","@version":"1","message":"Sep 17 13:41:33 honeypot-sgp-1 sshd[28453]: Invalid user user from 45.61.186.169 port 56456","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T13:41:50.176Z","@version":"1","message":"Sep 17 13:41:49 honeypot-sgp-1 sshd[28457]: Invalid user user from 45.61.186.169 port 51746","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:43:59 honeypot-fra-1 kernel: [84296650.163142] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.38.41.5 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=11044 DF PROTO=TCP SPT=49964 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T13:44:00.705Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T13:47:55.324Z","@version":"1","message":"Sep 17 13:47:55 honeypot-sgp-1 sshd[28463]: Received disconnect from 62.204.41.222 port 2541:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:48:29 honeypot-fra-1 sshd[25293]: Connection closed by invalid user wangyi 194.163.190.53 port 58478 [preauth]","@timestamp":"2022-09-17T13:48:30.810Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T13:56:59.542Z","@version":"1","message":"Sep 17 13:56:58 honeypot-sgp-1 kernel: [84299123.164618] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.53.171.56 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=42748 PROTO=TCP SPT=52319 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 13:57:10 honeypot-fra-1 sshd[25298]: Invalid user admin from 179.60.147.69 port 60820","@timestamp":"2022-09-17T13:57:11.008Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 13:59:22 honeypot-ams-1 sshd[1926]: Invalid user admin from 179.60.147.69 port 18302","@timestamp":"2022-09-17T13:59:23.640Z"}
{"@timestamp":"2022-09-17T14:05:44.775Z","@version":"1","message":"Sep 17 14:05:44 honeypot-sgp-1 sshd[28471]: error: maximum authentication attempts exceeded for invalid user admin from 61.199.47.58 port 63480 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:06:32 honeypot-fra-1 kernel: [84298002.657737] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.106 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=121 ID=5431 DF PROTO=TCP SPT=65388 DPT=3389 WINDOW=200 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T14:06:33.219Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T14:08:20.843Z","@version":"1","message":"Sep 17 14:08:20 honeypot-sgp-1 kernel: [84299804.439058] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=124.106.92.226 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=31127 PROTO=TCP SPT=44726 DPT=443 WINDOW=49878 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:10:34 honeypot-fra-1 sshd[25306]: Disconnected from invalid user lifferay 165.22.45.108 port 36096 [preauth]","@timestamp":"2022-09-17T14:10:35.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:11:19 honeypot-ams-1 kernel: [84300459.827702] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.79.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=21196 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:11:19.951Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:17:01 honeypot-ams-1 CRON[1935]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T14:17:02.105Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:20:31 honeypot-fra-1 sshd[25314]: Invalid user aaai2020 from 194.163.190.53 port 33542","@timestamp":"2022-09-17T14:20:31.535Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:07 honeypot-ams-1 sshd[1941]: Invalid user user from 45.61.184.204 port 43382","@timestamp":"2022-09-17T14:21:08.246Z"}
{"@timestamp":"2022-09-17T14:21:18.159Z","@version":"1","message":"Sep 17 14:21:17 honeypot-sgp-1 sshd[28483]: Invalid user  from 128.14.232.100 port 20220","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:26 honeypot-ams-1 sshd[1945]: Invalid user user from 45.61.184.204 port 38282","@timestamp":"2022-09-17T14:21:26.255Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:21:43 honeypot-ams-1 sshd[1949]: Invalid user user from 45.61.184.204 port 33118","@timestamp":"2022-09-17T14:21:44.263Z"}
{"@timestamp":"2022-09-17T14:24:15.234Z","@version":"1","message":"Sep 17 14:24:15 honeypot-sgp-1 sshd[28487]: Disconnected from invalid user orion 146.59.87.96 port 45164 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:28:29 honeypot-fra-1 sshd[25318]: Connection closed by invalid user aaai2020 194.163.190.53 port 41848 [preauth]","@timestamp":"2022-09-17T14:28:29.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:30:31 honeypot-ams-1 kernel: [84301611.652637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=13888 PROTO=TCP SPT=45006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:30:31.489Z"}
{"@timestamp":"2022-09-17T14:32:41.446Z","@version":"1","message":"Sep 17 14:32:40 honeypot-sgp-1 sshd[28496]: Invalid user user from 179.60.147.69 port 55150","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:33:48 honeypot-fra-1 sshd[25321]: Connection closed by invalid user user 179.60.147.69 port 30752 [preauth]","@timestamp":"2022-09-17T14:33:48.837Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25332]: Invalid user user from 20.243.201.105 port 60804","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25325]: Invalid user test from 20.243.201.105 port 60778","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25340]: Invalid user oracle from 20.243.201.105 port 60816","@timestamp":"2022-09-17T14:34:02.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25324]: Invalid user test from 20.243.201.105 port 60776","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25327]: Connection closed by invalid user git 20.243.201.105 port 60788 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25325]: Connection closed by invalid user test 20.243.201.105 port 60778 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25332]: Connection closed by invalid user user 20.243.201.105 port 60804 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:34:02 honeypot-fra-1 sshd[25331]: Connection closed by invalid user hadoop 20.243.201.105 port 60826 [preauth]","@timestamp":"2022-09-17T14:34:02.844Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:36:01.533Z","@version":"1","message":"Sep 17 14:36:00 honeypot-sgp-1 kernel: [84301464.916235] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.243.98.193 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=113 ID=13247 DF PROTO=TCP SPT=57828 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:36:18 honeypot-fra-1 sshd[25380]: Connection closed by invalid user aaai2020 194.163.190.53 port 49352 [preauth]","@timestamp":"2022-09-17T14:36:18.896Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 14:37:32 honeypot-ams-1 kernel: [84302033.464941] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=19002 PROTO=TCP SPT=4062 DPT=80 WINDOW=20118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T14:37:33.675Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:42:02 honeypot-fra-1 sshd[25385]: Connection closed by invalid user admin 128.199.160.207 port 60542 [preauth]","@timestamp":"2022-09-17T14:42:03.028Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:43:25.718Z","@version":"1","message":"Sep 17 14:43:24 honeypot-sgp-1 kernel: [84301909.173681] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=67.211.215.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=55971 PROTO=TCP SPT=59702 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 14:44:03 honeypot-ams-1 sshd[1960]: Bad protocol version identification '' from 103.107.8.55 port 54084","@timestamp":"2022-09-17T14:44:04.849Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:44:29 honeypot-fra-1 sshd[25392]: Connection closed by invalid user chenlei 194.163.190.53 port 56550 [preauth]","@timestamp":"2022-09-17T14:44:30.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 14:52:37 honeypot-fra-1 sshd[25397]: Connection closed by invalid user chenlei 194.163.190.53 port 34636 [preauth]","@timestamp":"2022-09-17T14:52:37.284Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T14:57:32.088Z","@version":"1","message":"Sep 17 14:57:31 honeypot-sgp-1 sshd[28510]: Invalid user linuxacademy from 143.110.176.216 port 40542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:00:18 honeypot-ams-1 kernel: [84303399.326928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=17910 PROTO=TCP SPT=46803 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:00:19.276Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:00:56 honeypot-fra-1 sshd[25402]: Connection closed by invalid user chenlei 194.163.190.53 port 43244 [preauth]","@timestamp":"2022-09-17T15:00:56.473Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:06:41.316Z","@version":"1","message":"Sep 17 15:06:40 honeypot-sgp-1 sshd[28516]: Connection closed by invalid user admin 118.42.115.145 port 46769 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:08:11 honeypot-fra-1 sshd[25407]: Invalid user lifferay from 165.22.45.108 port 41228","@timestamp":"2022-09-17T15:08:12.638Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:10:00 honeypot-fra-1 sshd[25412]: Connection closed by invalid user debian 179.60.147.69 port 47352 [preauth]","@timestamp":"2022-09-17T15:10:00.682Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:11:33.440Z","@version":"1","message":"Sep 17 15:11:32 honeypot-sgp-1 sshd[28521]: Disconnected from authenticating user root 178.128.51.153 port 42202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:13:07 honeypot-fra-1 kernel: [84301997.238135] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=52839 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:13:07.756Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T15:16:15.560Z","@version":"1","message":"Sep 17 15:16:14 honeypot-sgp-1 sshd[28528]: Invalid user developer from 140.238.255.101 port 59244","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:17:02.581Z","@version":"1","message":"Sep 17 15:17:01 honeypot-sgp-1 CRON[28533]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:17:01 honeypot-ams-1 CRON[1967]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T15:17:02.708Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:18:44 honeypot-fra-1 sshd[25424]: Received disconnect from 31.187.72.39 port 56344:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:18:45.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:21:13 honeypot-fra-1 sshd[25428]: Received disconnect from 207.154.208.193 port 45182:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:21:13.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:24:48 honeypot-fra-1 sshd[25433]: Invalid user fuweijie from 194.163.190.53 port 42768","@timestamp":"2022-09-17T15:24:49.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:25:26.820Z","@version":"1","message":"Sep 17 15:25:25 honeypot-sgp-1 sshd[28539]: Received disconnect from 61.76.169.138 port 13278:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:26:13.842Z","@version":"1","message":"Sep 17 15:26:12 honeypot-sgp-1 sshd[28543]: Disconnected from invalid user admin 188.166.252.132 port 60132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:28:23 honeypot-ams-1 sshd[1972]: Disconnected from invalid user var 185.118.48.206 port 53704 [preauth]","@timestamp":"2022-09-17T15:28:24.026Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:01 honeypot-fra-1 sshd[25438]: Received disconnect from 61.19.127.228 port 40608:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:32:02.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:32:56 honeypot-fra-1 sshd[25444]: Invalid user mprima from 62.74.208.58 port 39072","@timestamp":"2022-09-17T15:32:57.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:35:43 honeypot-fra-1 sshd[25448]: Received disconnect from 51.250.80.38 port 42402:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:35:43.270Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:35:57 honeypot-fra-1 sshd[25452]: Disconnected from invalid user sinusbot 104.248.146.84 port 52774 [preauth]","@timestamp":"2022-09-17T15:35:58.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:37:16 honeypot-ams-1 sshd[1977]: Disconnected from invalid user ts3 198.46.235.250 port 53940 [preauth]","@timestamp":"2022-09-17T15:37:17.254Z"}
{"@timestamp":"2022-09-17T15:39:35.172Z","@version":"1","message":"Sep 17 15:39:34 honeypot-sgp-1 kernel: [84305278.823130] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=88 TOS=0x00 PREC=0x00 TTL=245 ID=27589 PROTO=TCP SPT=19019 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:41:00 honeypot-fra-1 sshd[25457]: Invalid user fuweijie from 194.163.190.53 port 58252","@timestamp":"2022-09-17T15:41:00.393Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:48:14.387Z","@version":"1","message":"Sep 17 15:48:13 honeypot-sgp-1 sshd[28556]: Received disconnect from 45.61.184.204 port 49568:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:48:28 honeypot-ams-1 sshd[1983]: Connection closed by invalid user ubnt 179.60.147.69 port 56218 [preauth]","@timestamp":"2022-09-17T15:48:28.543Z"}
{"@timestamp":"2022-09-17T15:48:35.398Z","@version":"1","message":"Sep 17 15:48:34 honeypot-sgp-1 sshd[28560]: Received disconnect from 45.61.184.204 port 44856:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:48:44 honeypot-fra-1 sshd[25462]: Invalid user hejun from 194.163.190.53 port 37178","@timestamp":"2022-09-17T15:48:44.602Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:48:53.406Z","@version":"1","message":"Sep 17 15:48:53 honeypot-sgp-1 sshd[28564]: Received disconnect from 45.61.184.204 port 40138:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:49:11.415Z","@version":"1","message":"Sep 17 15:49:10 honeypot-sgp-1 sshd[28568]: Received disconnect from 45.61.184.204 port 35418:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:51:19 honeypot-fra-1 kernel: [84304289.637991] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=51542 PROTO=TCP SPT=1381 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:51:19.662Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T15:54:11.540Z","@version":"1","message":"Sep 17 15:54:11 honeypot-sgp-1 sshd[28576]: Invalid user pi from 79.232.97.97 port 39100","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:56:17 honeypot-fra-1 sshd[25471]: Invalid user hejun from 194.163.190.53 port 46506","@timestamp":"2022-09-17T15:56:18.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:56:47.606Z","@version":"1","message":"Sep 17 15:56:47 honeypot-sgp-1 sshd[28580]: Received disconnect from 36.80.48.9 port 63585:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:03:04.763Z","@version":"1","message":"Sep 17 16:03:04 honeypot-sgp-1 sshd[28583]: Connection closed by invalid user pi 47.208.246.201 port 46222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:04:15 honeypot-fra-1 sshd[25476]: Connection closed by invalid user hejun 194.163.190.53 port 55202 [preauth]","@timestamp":"2022-09-17T16:04:15.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:10:21 honeypot-ams-1 sshd[1992]: Invalid user ops from 103.188.176.251 port 47000","@timestamp":"2022-09-17T16:10:22.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:12:06 honeypot-fra-1 sshd[25482]: Connection closed by invalid user hejun 194.163.190.53 port 33812 [preauth]","@timestamp":"2022-09-17T16:12:06.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:12:22 honeypot-ams-1 kernel: [84307723.363864] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=12852 PROTO=TCP SPT=53186 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:12:23.165Z"}
{"@timestamp":"2022-09-17T16:17:02.105Z","@version":"1","message":"Sep 17 16:17:01 honeypot-sgp-1 CRON[28594]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:17:29 honeypot-fra-1 sshd[25490]: Disconnected from authenticating user root 165.227.133.23 port 45866 [preauth]","@timestamp":"2022-09-17T16:17:30.261Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:18:26.142Z","@version":"1","message":"Sep 17 16:18:25 honeypot-sgp-1 sshd[28601]: Received disconnect from 190.64.68.178 port 4339:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:22:09.234Z","@version":"1","message":"Sep 17 16:22:08 honeypot-sgp-1 sshd[28606]: Disconnected from invalid user webadmin 209.97.149.37 port 59994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:22:47 honeypot-fra-1 sshd[25495]: Connection closed by invalid user default 179.60.147.69 port 43286 [preauth]","@timestamp":"2022-09-17T16:22:47.383Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:24:40 honeypot-ams-1 kernel: [84308461.413190] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=47191 PROTO=TCP SPT=50094 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:24:41.513Z"}
{"@timestamp":"2022-09-17T16:25:36.320Z","@version":"1","message":"Sep 17 16:25:35 honeypot-sgp-1 sshd[28612]: Disconnected from authenticating user root 61.177.173.36 port 34290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:31:02.456Z","@version":"1","message":"Sep 17 16:31:01 honeypot-sgp-1 sshd[28617]: Disconnected from authenticating user root 191.190.153.8 port 41834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:36:19 honeypot-fra-1 sshd[25502]: Connection closed by invalid user huzhou 194.163.190.53 port 32808 [preauth]","@timestamp":"2022-09-17T16:36:19.691Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:37:26.618Z","@version":"1","message":"Sep 17 16:37:26 honeypot-sgp-1 sshd[28624]: Invalid user user from 103.188.176.251 port 49882","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:39:54 honeypot-ams-1 kernel: [84309375.194146] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25663 PROTO=TCP SPT=52241 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:39:54.905Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:40:09 honeypot-fra-1 sshd[25506]: Invalid user user from 193.106.191.157 port 52804","@timestamp":"2022-09-17T16:40:10.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:41:22 honeypot-fra-1 sshd[25512]: Received disconnect from 128.199.62.182 port 51826:11: Bye Bye [preauth]","@timestamp":"2022-09-17T16:41:22.814Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:48:29 honeypot-ams-1 sshd[2009]: Invalid user admin from 62.204.41.222 port 24938","@timestamp":"2022-09-17T16:48:30.129Z"}
{"@timestamp":"2022-09-17T16:49:35.917Z","@version":"1","message":"Sep 17 16:49:35 honeypot-sgp-1 kernel: [84309479.267338] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.157 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=32962 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:52:34 honeypot-fra-1 sshd[25519]: Invalid user luosuchang from 194.163.190.53 port 54270","@timestamp":"2022-09-17T16:52:34.066Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:54:04.029Z","@version":"1","message":"Sep 17 16:54:03 honeypot-sgp-1 sshd[28638]: Disconnected from authenticating user root 61.177.173.50 port 62819 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:56:57 honeypot-ams-1 sshd[2014]: Invalid user gituser from 186.147.129.110 port 48236","@timestamp":"2022-09-17T16:56:58.354Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:58:54 honeypot-fra-1 sshd[25525]: Invalid user centos from 179.60.147.69 port 58112","@timestamp":"2022-09-17T16:58:55.211Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:59:10 honeypot-ams-1 sshd[2018]: Received disconnect from 91.240.118.222 port 58445:11: Client disconnecting normally [preauth]","@timestamp":"2022-09-17T16:59:11.415Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:00:17 honeypot-fra-1 sshd[25529]: Connection closed by invalid user luosuchang 194.163.190.53 port 34000 [preauth]","@timestamp":"2022-09-17T17:00:18.244Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:01:03.201Z","@version":"1","message":"Sep 17 17:01:03 honeypot-sgp-1 sshd[28643]: Connection closed by invalid user pi 95.131.147.215 port 40724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:04:29.289Z","@version":"1","message":"Sep 17 17:04:28 honeypot-sgp-1 kernel: [84310373.093581] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.210.216.111 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=239 ID=11030 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:10 honeypot-fra-1 sshd[25534]: Received disconnect from 111.67.193.58 port 47486:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:05:11.357Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:34 honeypot-fra-1 sshd[25539]: Invalid user user from 45.61.186.169 port 45924","@timestamp":"2022-09-17T17:05:35.368Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:52 honeypot-fra-1 sshd[25544]: Invalid user user from 45.61.186.169 port 41230","@timestamp":"2022-09-17T17:05:53.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:10 honeypot-fra-1 sshd[25548]: Invalid user user from 45.61.186.169 port 36560","@timestamp":"2022-09-17T17:06:11.385Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:27 honeypot-fra-1 sshd[25552]: Invalid user user from 45.61.186.169 port 60114","@timestamp":"2022-09-17T17:06:27.402Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:07:57.376Z","@version":"1","message":"Sep 17 17:07:57 honeypot-sgp-1 sshd[28654]: Received disconnect from 1.217.139.30 port 60888:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:08:20 honeypot-fra-1 sshd[25554]: Connection closed by invalid user luosuchang 194.163.190.53 port 41606 [preauth]","@timestamp":"2022-09-17T17:08:20.528Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:08:41 honeypot-ams-1 kernel: [84311101.962589] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=24140 PROTO=TCP SPT=25974 DPT=80 WINDOW=11574 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:08:41.660Z"}
{"@timestamp":"2022-09-17T17:10:37.442Z","@version":"1","message":"Sep 17 17:10:36 honeypot-sgp-1 sshd[28659]: Disconnected from invalid user nick 50.192.223.205 port 32838 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:12:31 honeypot-fra-1 sshd[25563]: Received disconnect from 206.189.197.134 port 46942:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:12:31.628Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:13:39.517Z","@version":"1","message":"Sep 17 17:13:38 honeypot-sgp-1 sshd[28669]: Disconnected from authenticating user root 61.177.172.98 port 51228 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:16:19.584Z","@version":"1","message":"Sep 17 17:16:19 honeypot-sgp-1 kernel: [84311083.393822] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.101.5.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62374 PROTO=TCP SPT=49482 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:17:01 honeypot-ams-1 CRON[2029]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T17:17:02.879Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:17:21 honeypot-fra-1 kernel: [84309451.477757] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=52719 PROTO=TCP SPT=54962 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:17:21.739Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:22:12.728Z","@version":"1","message":"Sep 17 17:22:12 honeypot-sgp-1 kernel: [84311436.119768] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.99.150 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63229 PROTO=TCP SPT=40249 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:24:20 honeypot-fra-1 sshd[25574]: Invalid user qianbiao from 194.163.190.53 port 59988","@timestamp":"2022-09-17T17:24:21.900Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:30:01.918Z","@version":"1","message":"Sep 17 17:30:01 honeypot-sgp-1 sshd[28686]: Disconnected from invalid user jenkins 103.12.199.14 port 50412 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:27.932Z","@version":"1","message":"Sep 17 17:30:27 honeypot-sgp-1 sshd[28690]: Disconnected from authenticating user root 61.177.173.52 port 49469 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:56.945Z","@version":"1","message":"Sep 17 17:30:56 honeypot-sgp-1 sshd[28696]: Invalid user archive from 160.251.47.176 port 41066","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:31:31.963Z","@version":"1","message":"Sep 17 17:31:30 honeypot-sgp-1 sshd[28700]: Invalid user redis from 104.131.186.38 port 50674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:31:57 honeypot-fra-1 sshd[25580]: Invalid user qianbiao from 194.163.190.53 port 38950","@timestamp":"2022-09-17T17:31:58.077Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:32:14 honeypot-fra-1 sshd[25584]: Connection closed by invalid user admin 221.161.74.247 port 46709 [preauth]","@timestamp":"2022-09-17T17:32:15.085Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:34:46 honeypot-fra-1 sshd[25591]: Invalid user sublink from 167.71.77.9 port 60104","@timestamp":"2022-09-17T17:34:47.144Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:34:52 honeypot-ams-1 kernel: [84312673.073107] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.77.28.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=27992 PROTO=TCP SPT=52787 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:34:53.339Z"}
{"@timestamp":"2022-09-17T17:35:48.069Z","@version":"1","message":"Sep 17 17:35:47 honeypot-sgp-1 sshd[28705]: Received disconnect from 84.139.96.147 port 55918:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:38:15.130Z","@version":"1","message":"Sep 17 17:38:14 honeypot-sgp-1 sshd[28710]: Disconnected from invalid user llama 142.93.59.227 port 58640 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:39:52 honeypot-fra-1 sshd[25596]: Connection closed by invalid user qianbiao 194.163.190.53 port 49138 [preauth]","@timestamp":"2022-09-17T17:39:53.260Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:50:18 honeypot-ams-1 kernel: [84313599.209139] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.189.89.251 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=29381 PROTO=TCP SPT=1850 DPT=80 WINDOW=63074 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:50:19.738Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:50:53 honeypot-fra-1 kernel: [84311463.399360] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=38.54.37.140 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=8927 PROTO=TCP SPT=56972 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:50:54.536Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:53:00.828Z","@version":"1","message":"Sep 17 17:53:00 honeypot-sgp-1 sshd[28721]: Disconnected from authenticating user root 61.177.173.46 port 58249 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:56:10.910Z","@version":"1","message":"Sep 17 17:56:10 honeypot-sgp-1 kernel: [84313474.889592] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=15394 DF PROTO=TCP SPT=53326 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:59:31 honeypot-fra-1 sshd[25675]: Disconnected from invalid user steamm 68.183.212.10 port 47028 [preauth]","@timestamp":"2022-09-17T17:59:31.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:02:15.062Z","@version":"1","message":"Sep 17 18:02:14 honeypot-sgp-1 kernel: [84313838.205481] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.8 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47495 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:03:11 honeypot-fra-1 sshd[25679]: Received disconnect from 165.22.45.108 port 56644:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:03:12.820Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:06:02 honeypot-ams-1 kernel: [84314542.571222] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56586 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:06:03.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:10:39 honeypot-fra-1 kernel: [84312648.898406] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48969 PROTO=TCP SPT=57603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:10:39.992Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:17:01 honeypot-fra-1 CRON[25690]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T18:17:02.140Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:17:01 honeypot-ams-1 CRON[2064]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T18:17:02.432Z"}
{"@timestamp":"2022-09-17T18:17:02.427Z","@version":"1","message":"Sep 17 18:17:01 honeypot-sgp-1 CRON[28742]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:25:37.637Z","@version":"1","message":"Sep 17 18:25:36 honeypot-sgp-1 sshd[28756]: Received disconnect from 61.177.173.36 port 55922:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:26:00 honeypot-fra-1 sshd[25698]: Invalid user jim from 213.215.140.6 port 51408","@timestamp":"2022-09-17T18:26:00.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:26:55 honeypot-fra-1 sshd[25702]: Connection closed by invalid user admin 193.106.191.157 port 35224 [preauth]","@timestamp":"2022-09-17T18:26:56.367Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:27:39.690Z","@version":"1","message":"Sep 17 18:27:39 honeypot-sgp-1 sshd[28760]: Disconnecting invalid user admin 185.246.130.20 port 43448: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:08.705Z","@version":"1","message":"Sep 17 18:28:07 honeypot-sgp-1 sshd[28768]: Invalid user meng from 118.172.198.216 port 47142","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:19.711Z","@version":"1","message":"Sep 17 18:28:18 honeypot-sgp-1 sshd[28770]: Disconnecting invalid user  185.246.130.20 port 9874: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:50.727Z","@version":"1","message":"Sep 17 18:28:50 honeypot-sgp-1 sshd[28776]: Disconnecting invalid user admin 185.246.130.20 port 64505: Change of username or service not allowed: (admin,ssh-connection) -> (manager,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:29:09 honeypot-ams-1 sshd[2071]: Invalid user tms from 109.62.195.23 port 58866","@timestamp":"2022-09-17T18:29:09.771Z"}
{"@timestamp":"2022-09-17T18:29:27.746Z","@version":"1","message":"Sep 17 18:29:27 honeypot-sgp-1 sshd[28784]: Invalid user 1234 from 185.246.130.20 port 60820","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:46.757Z","@version":"1","message":"Sep 17 18:29:46 honeypot-sgp-1 sshd[28791]: Invalid user  from 185.246.130.20 port 36202","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:22.775Z","@version":"1","message":"Sep 17 18:30:22 honeypot-sgp-1 sshd[28797]: Disconnecting invalid user Admin 185.246.130.20 port 13061: Change of username or service not allowed: (Admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:49.788Z","@version":"1","message":"Sep 17 18:30:48 honeypot-sgp-1 sshd[28806]: Invalid user user from 45.61.184.204 port 53674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:58.792Z","@version":"1","message":"Sep 17 18:30:58 honeypot-sgp-1 sshd[28810]: Received disconnect from 45.61.184.204 port 36800:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:07.797Z","@version":"1","message":"Sep 17 18:31:07 honeypot-sgp-1 sshd[28814]: Disconnected from invalid user user 45.61.184.204 port 48148 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:22.804Z","@version":"1","message":"Sep 17 18:31:22 honeypot-sgp-1 sshd[28816]: Disconnecting invalid user  185.246.130.20 port 39401: Change of username or service not allowed: (,ssh-connection) -> (Cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:33.810Z","@version":"1","message":"Sep 17 18:31:32 honeypot-sgp-1 sshd[28824]: Invalid user user from 45.61.184.204 port 53966","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:42.814Z","@version":"1","message":"Sep 17 18:31:41 honeypot-sgp-1 sshd[28829]: Received disconnect from 45.61.184.204 port 37086:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:59.824Z","@version":"1","message":"Sep 17 18:31:58 honeypot-sgp-1 sshd[28834]: Disconnecting authenticating user root 185.246.130.20 port 57404: Change of username or service not allowed: (root,ssh-connection) -> (Administrator,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:12 honeypot-fra-1 sshd[25780]: Received disconnect from 45.61.187.160 port 58558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:32:12.488Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:32:20.834Z","@version":"1","message":"Sep 17 18:32:20 honeypot-sgp-1 sshd[28838]: Disconnecting invalid user  185.246.130.20 port 60946: Change of username or service not allowed: (,ssh-connection) -> (adslroot,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:36 honeypot-fra-1 sshd[25784]: Received disconnect from 45.61.187.160 port 53564:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:32:36.500Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:32:51.850Z","@version":"1","message":"Sep 17 18:32:51 honeypot-sgp-1 sshd[28846]: Disconnecting invalid user admin 185.246.130.20 port 1235: Change of username or service not allowed: (admin,ssh-connection) -> (blank,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:55 honeypot-fra-1 sshd[25788]: Received disconnect from 45.61.187.160 port 48558:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:32:55.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:33:13 honeypot-fra-1 sshd[25792]: Received disconnect from 45.61.187.160 port 43584:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:33:13.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:33:20.865Z","@version":"1","message":"Sep 17 18:33:19 honeypot-sgp-1 sshd[28852]: Disconnecting invalid user  185.246.130.20 port 60455: Change of username or service not allowed: (,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:42.875Z","@version":"1","message":"Sep 17 18:33:42 honeypot-sgp-1 sshd[28859]: Invalid user admin from 185.246.130.20 port 28464","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:34:03.887Z","@version":"1","message":"Sep 17 18:34:02 honeypot-sgp-1 sshd[28866]: Invalid user cusadmin from 185.246.130.20 port 41606","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:34:12 honeypot-ams-1 kernel: [84316232.632175] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.194.193.3 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=6889 PROTO=TCP SPT=22630 DPT=443 WINDOW=28246 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:34:12.907Z"}
{"@timestamp":"2022-09-17T18:34:30.900Z","@version":"1","message":"Sep 17 18:34:30 honeypot-sgp-1 sshd[28872]: Invalid user lgnortel from 185.246.130.20 port 36779","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:35:01.916Z","@version":"1","message":"Sep 17 18:35:01 honeypot-sgp-1 sshd[28879]: Invalid user admin from 185.246.130.20 port 2794","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:35:28 honeypot-fra-1 kernel: [84314137.777007] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.238.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=63131 PROTO=TCP SPT=28653 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:35:28.573Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T18:35:37.934Z","@version":"1","message":"Sep 17 18:35:37 honeypot-sgp-1 sshd[28885]: Invalid user matrix from 185.246.130.20 port 23311","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:36:09.949Z","@version":"1","message":"Sep 17 18:36:09 honeypot-sgp-1 sshd[28891]: Invalid user motorola from 185.246.130.20 port 21652","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:36:44.971Z","@version":"1","message":"Sep 17 18:36:44 honeypot-sgp-1 sshd[28897]: Disconnecting authenticating user root 185.246.130.20 port 6551: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:05.982Z","@version":"1","message":"Sep 17 18:37:05 honeypot-sgp-1 sshd[28901]: Disconnecting invalid user airlive 185.246.130.20 port 19905: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:38.997Z","@version":"1","message":"Sep 17 18:37:38 honeypot-sgp-1 sshd[28909]: Disconnecting invalid user roqos 185.246.130.20 port 25698: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:07.012Z","@version":"1","message":"Sep 17 18:38:07 honeypot-sgp-1 sshd[28915]: Disconnecting invalid user sitecom 185.246.130.20 port 33087: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:38:32 honeypot-ams-1 sshd[2076]: Connection closed by invalid user user 103.188.176.251 port 37994 [preauth]","@timestamp":"2022-09-17T18:38:33.030Z"}
{"@timestamp":"2022-09-17T18:38:36.026Z","@version":"1","message":"Sep 17 18:38:35 honeypot-sgp-1 sshd[28921]: Disconnecting invalid user admin 185.246.130.20 port 12501: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:01.039Z","@version":"1","message":"Sep 17 18:39:01 honeypot-sgp-1 sshd[28927]: Disconnecting invalid user smcadmin 185.246.130.20 port 2495: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:35.056Z","@version":"1","message":"Sep 17 18:39:34 honeypot-sgp-1 sshd[28933]: Disconnecting invalid user admin 185.246.130.20 port 11284: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:00.070Z","@version":"1","message":"Sep 17 18:39:59 honeypot-sgp-1 sshd[28940]: Disconnecting invalid user user 185.246.130.20 port 32786: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:31.085Z","@version":"1","message":"Sep 17 18:40:31 honeypot-sgp-1 sshd[28948]: Invalid user user from 185.246.130.20 port 24035","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:00.100Z","@version":"1","message":"Sep 17 18:40:59 honeypot-sgp-1 sshd[28954]: Invalid user Admin from 185.246.130.20 port 38735","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:37.118Z","@version":"1","message":"Sep 17 18:41:36 honeypot-sgp-1 sshd[28961]: Invalid user 0 from 185.246.130.20 port 60368","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:57.128Z","@version":"1","message":"Sep 17 18:41:57 honeypot-sgp-1 sshd[28967]: Invalid user zoomadsl from 185.246.130.20 port 17221","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:42:12 honeypot-ams-1 kernel: [84316712.508541] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.82.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60071 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:42:13.131Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:42:29 honeypot-fra-1 sshd[25804]: Invalid user user from 103.188.176.251 port 49910","@timestamp":"2022-09-17T18:42:29.733Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:42:36.147Z","@version":"1","message":"Sep 17 18:42:35 honeypot-sgp-1 sshd[28973]: Invalid user ltecl4r0 from 185.246.130.20 port 25685","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:43:06 honeypot-ams-1 sshd[2086]: Connection closed by invalid user admin 193.106.191.157 port 56756 [preauth]","@timestamp":"2022-09-17T18:43:07.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:44:22 honeypot-ams-1 sshd[2094]: Disconnected from authenticating user root 167.172.152.18 port 60142 [preauth]","@timestamp":"2022-09-17T18:44:23.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:45:46 honeypot-ams-1 sshd[2101]: Received disconnect from 167.172.152.18 port 55936:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:45:47.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:46:41 honeypot-ams-1 sshd[2105]: Received disconnect from 167.172.152.18 port 53082:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:46:42.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:47:37 honeypot-ams-1 sshd[2109]: Received disconnect from 167.172.152.18 port 50350:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:47:38.305Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:47:46 honeypot-fra-1 sshd[25809]: Connection closed by invalid user default 179.60.147.69 port 47982 [preauth]","@timestamp":"2022-09-17T18:47:46.855Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:48:23.287Z","@version":"1","message":"Sep 17 18:48:22 honeypot-sgp-1 kernel: [84316606.634606] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.127.71.168 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=4436 PROTO=TCP SPT=40443 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:32 honeypot-ams-1 sshd[2113]: Received disconnect from 167.172.152.18 port 47510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:48:33.332Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:49:26 honeypot-ams-1 sshd[2117]: Received disconnect from 167.172.152.18 port 44706:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:49:27.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:49:59 honeypot-ams-1 sshd[2121]: Connection closed by invalid user default 179.60.147.69 port 33092 [preauth]","@timestamp":"2022-09-17T18:49:59.376Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:50:49 honeypot-ams-1 sshd[2126]: Disconnected from invalid user spark 167.172.152.18 port 40630 [preauth]","@timestamp":"2022-09-17T18:50:49.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:51:43 honeypot-ams-1 sshd[2130]: Disconnected from invalid user debian 167.172.152.18 port 37652 [preauth]","@timestamp":"2022-09-17T18:51:44.426Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:52:38 honeypot-ams-1 sshd[2134]: Received disconnect from 167.172.152.18 port 34782:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:52:39.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:53:34 honeypot-ams-1 sshd[2138]: Received disconnect from 167.172.152.18 port 60242:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:53:35.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:54:18 honeypot-fra-1 sshd[25818]: Invalid user thumvass from 137.116.144.39 port 32998","@timestamp":"2022-09-17T18:54:19.004Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:30 honeypot-ams-1 sshd[2142]: Received disconnect from 167.172.152.18 port 57356:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:54:31.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:55:51 honeypot-ams-1 sshd[2147]: Received disconnect from 143.198.75.234 port 44484:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:55:52.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:57:34 honeypot-ams-1 sshd[2151]: Received disconnect from 185.149.120.47 port 49578:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:57:34.592Z"}
{"@timestamp":"2022-09-17T18:59:40.552Z","@version":"1","message":"Sep 17 18:59:40 honeypot-sgp-1 sshd[28989]: Received disconnect from 61.177.173.39 port 14775:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:59:48.557Z","@version":"1","message":"Sep 17 18:59:48 honeypot-sgp-1 kernel: [84317292.460293] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:01:00 honeypot-fra-1 kernel: [84315670.008346] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=34120 PROTO=TCP SPT=40993 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:01:01.157Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:02:01 honeypot-fra-1 sshd[25827]: Disconnected from invalid user yamada 181.48.99.155 port 36660 [preauth]","@timestamp":"2022-09-17T19:02:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:02:26 honeypot-ams-1 sshd[2158]: Invalid user admin from 193.106.191.157 port 41966","@timestamp":"2022-09-17T19:02:27.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:05:44 honeypot-ams-1 sshd[2162]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 42607","@timestamp":"2022-09-17T19:05:44.823Z"}
{"@timestamp":"2022-09-17T19:10:43.815Z","@version":"1","message":"Sep 17 19:10:43 honeypot-sgp-1 sshd[28997]: Received disconnect from 61.177.173.48 port 15626:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:11:22 honeypot-fra-1 kernel: [84316291.807495] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=1594 DF PROTO=TCP SPT=63240 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T19:11:22.393Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T19:13:12.877Z","@version":"1","message":"Sep 17 19:13:12 honeypot-sgp-1 sshd[29001]: Received disconnect from 61.177.173.46 port 17692:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:13:41 honeypot-fra-1 sshd[25842]: Received disconnect from 104.236.72.182 port 38220:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:13:42.448Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:14:52 honeypot-ams-1 sshd[2167]: Disconnected from authenticating user root 124.221.41.109 port 57860 [preauth]","@timestamp":"2022-09-17T19:14:53.073Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:17:01 honeypot-fra-1 CRON[25847]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T19:17:01.524Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:17:39.988Z","@version":"1","message":"Sep 17 19:17:39 honeypot-sgp-1 sshd[29011]: Invalid user fofserver from 8.213.17.47 port 58044","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:18:45 honeypot-ams-1 sshd[2174]: Received disconnect from 124.221.41.109 port 52150:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:18:46.177Z"}
{"@timestamp":"2022-09-17T19:19:30.034Z","@version":"1","message":"Sep 17 19:19:29 honeypot-sgp-1 sshd[29013]: Disconnected from invalid user applsys 180.69.254.177 port 57247 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:21:00.089Z","@version":"1","message":"Sep 17 19:20:59 honeypot-sgp-1 sshd[29019]: Disconnected from authenticating user root 61.177.173.50 port 54494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:21:56 honeypot-ams-1 sshd[2179]: Invalid user ier from 186.122.149.6 port 34858","@timestamp":"2022-09-17T19:21:57.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:23:00 honeypot-ams-1 sshd[2183]: Received disconnect from 115.248.153.89 port 27460:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:23:01.295Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:23:58 honeypot-fra-1 sshd[25855]: Connection closed by invalid user centos 179.60.147.69 port 32946 [preauth]","@timestamp":"2022-09-17T19:23:58.682Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:25:35.202Z","@version":"1","message":"Sep 17 19:25:35 honeypot-sgp-1 sshd[29028]: error: maximum authentication attempts exceeded for invalid user admin from 180.189.99.199 port 63919 ssh2 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:26:09 honeypot-ams-1 sshd[2190]: Invalid user centos from 179.60.147.69 port 14704","@timestamp":"2022-09-17T19:26:09.380Z"}
{"@timestamp":"2022-09-17T19:27:22.249Z","@version":"1","message":"Sep 17 19:27:21 honeypot-sgp-1 sshd[29030]: Received disconnect from 167.71.238.89 port 50102:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:30:33 honeypot-ams-1 sshd[2197]: Unable to negotiate with 118.68.171.196 port 54448: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-17T19:30:33.499Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:31:16 honeypot-fra-1 sshd[25862]: Received disconnect from 104.248.143.226 port 60670:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:31:16.850Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:34:05 honeypot-ams-1 sshd[2205]: Received disconnect from 124.221.41.109 port 54158:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:34:05.597Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:35:55 honeypot-fra-1 sshd[25868]: Invalid user admin from 180.49.192.10 port 62848","@timestamp":"2022-09-17T19:35:55.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:36:22 honeypot-fra-1 sshd[25872]: Connection closed by invalid user sunpeijie 194.163.190.53 port 53268 [preauth]","@timestamp":"2022-09-17T19:36:22.971Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:37:17 honeypot-ams-1 sshd[2209]: Disconnected from authenticating user root 124.221.41.109 port 44024 [preauth]","@timestamp":"2022-09-17T19:37:17.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:40:30 honeypot-ams-1 sshd[2216]: Disconnected from authenticating user root 124.221.41.109 port 33780 [preauth]","@timestamp":"2022-09-17T19:40:30.773Z"}
{"@timestamp":"2022-09-17T19:40:33.557Z","@version":"1","message":"Sep 17 19:40:32 honeypot-sgp-1 kernel: [84319736.697318] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=35.205.241.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=58221 PROTO=TCP SPT=42175 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:45:03 honeypot-ams-1 kernel: [84320484.192439] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=6820 PROTO=TCP SPT=41338 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:45:03.897Z"}
{"@timestamp":"2022-09-17T19:45:44.680Z","@version":"1","message":"Sep 17 19:45:44 honeypot-sgp-1 kernel: [84320048.299593] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=16833 PROTO=TCP SPT=43807 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:46:47 honeypot-ams-1 sshd[2228]: Disconnected from authenticating user root 124.221.41.109 port 40886 [preauth]","@timestamp":"2022-09-17T19:46:47.948Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:48:59 honeypot-fra-1 sshd[25878]: Invalid user electrical from 104.131.93.177 port 58393","@timestamp":"2022-09-17T19:48:59.255Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:51:29 honeypot-ams-1 sshd[2236]: Received disconnect from 124.221.41.109 port 39000:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:51:30.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:52:07 honeypot-fra-1 sshd[25882]: Connection closed by invalid user sunpeijie 194.163.190.53 port 41474 [preauth]","@timestamp":"2022-09-17T19:52:07.327Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:53:02 honeypot-ams-1 sshd[2240]: Disconnected from authenticating user root 124.221.41.109 port 47758 [preauth]","@timestamp":"2022-09-17T19:53:03.116Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:54:36 honeypot-ams-1 sshd[2244]: Disconnected from authenticating user root 124.221.41.109 port 56504 [preauth]","@timestamp":"2022-09-17T19:54:36.159Z"}
{"@timestamp":"2022-09-17T19:55:04.896Z","@version":"1","message":"Sep 17 19:55:04 honeypot-sgp-1 sshd[29053]: Received disconnect from 61.177.172.19 port 22544:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:55:43.913Z","@version":"1","message":"Sep 17 19:55:42 honeypot-sgp-1 sshd[29058]: Received disconnect from 45.61.186.169 port 49836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:00.921Z","@version":"1","message":"Sep 17 19:56:00 honeypot-sgp-1 sshd[29062]: Received disconnect from 45.61.186.169 port 45086:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:17.929Z","@version":"1","message":"Sep 17 19:56:17 honeypot-sgp-1 sshd[29066]: Received disconnect from 45.61.186.169 port 40346:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:56:29 honeypot-ams-1 sshd[2252]: Received disconnect from 45.140.141.188 port 33616:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T19:56:30.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:57:43 honeypot-ams-1 sshd[2256]: Received disconnect from 124.221.41.109 port 45726:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:57:44.264Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:58:23 honeypot-fra-1 sshd[25895]: Connection closed by authenticating user root 34.168.2.103 port 57768 [preauth]","@timestamp":"2022-09-17T19:58:23.473Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:58:58.994Z","@version":"1","message":"Sep 17 19:58:58 honeypot-sgp-1 sshd[29071]: Invalid user blank from 179.60.147.69 port 19508","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:59:44 honeypot-fra-1 sshd[25903]: Connection closed by authenticating user root 34.168.2.103 port 58080 [preauth]","@timestamp":"2022-09-17T19:59:44.510Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:37 honeypot-ams-1 sshd[2261]: Disconnected from invalid user ftpuser 198.46.152.24 port 47610 [preauth]","@timestamp":"2022-09-17T20:00:38.345Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:00:47 honeypot-fra-1 sshd[25913]: Connection closed by authenticating user root 34.168.2.103 port 33220 [preauth]","@timestamp":"2022-09-17T20:00:47.538Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:55 honeypot-ams-1 sshd[2266]: Disconnected from invalid user user 45.61.186.249 port 34234 [preauth]","@timestamp":"2022-09-17T20:00:56.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:13 honeypot-ams-1 sshd[2270]: Disconnected from invalid user user 45.61.186.249 port 57282 [preauth]","@timestamp":"2022-09-17T20:01:14.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:31 honeypot-ams-1 sshd[2274]: Disconnected from invalid user user 45.61.186.249 port 52114 [preauth]","@timestamp":"2022-09-17T20:01:31.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:48 honeypot-ams-1 sshd[2278]: Disconnected from invalid user user 45.61.186.249 port 46942 [preauth]","@timestamp":"2022-09-17T20:01:49.384Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:02:56 honeypot-fra-1 sshd[25928]: Invalid user like from 165.22.45.108 port 38746","@timestamp":"2022-09-17T20:02:56.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:03:55 honeypot-ams-1 sshd[2284]: Disconnected from authenticating user root 124.221.41.109 port 52248 [preauth]","@timestamp":"2022-09-17T20:03:56.441Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:04:16 honeypot-fra-1 sshd[25934]: Connection closed by authenticating user root 34.168.2.103 port 53298 [preauth]","@timestamp":"2022-09-17T20:04:17.649Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:05:18.143Z","@version":"1","message":"Sep 17 20:05:17 honeypot-sgp-1 sshd[29079]: Received disconnect from 61.177.173.36 port 42547:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:06:46 honeypot-fra-1 sshd[25946]: Connection closed by authenticating user root 34.168.2.103 port 58030 [preauth]","@timestamp":"2022-09-17T20:06:47.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:08:07 honeypot-fra-1 sshd[25957]: Connection closed by authenticating user root 34.168.2.103 port 36000 [preauth]","@timestamp":"2022-09-17T20:08:07.749Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:08:32 honeypot-ams-1 sshd[2291]: Received disconnect from 124.221.41.109 port 49890:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:08:32.567Z"}
{"@timestamp":"2022-09-17T20:09:24.239Z","@version":"1","message":"Sep 17 20:09:23 honeypot-sgp-1 sshd[29082]: Received disconnect from 203.130.255.2 port 55444:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:10:10 honeypot-fra-1 sshd[25969]: Connection closed by authenticating user root 34.168.2.103 port 33824 [preauth]","@timestamp":"2022-09-17T20:10:11.801Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:11:37 honeypot-ams-1 sshd[2296]: Received disconnect from 124.221.41.109 port 38854:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:11:37.652Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:11:49 honeypot-fra-1 sshd[25979]: Connection closed by authenticating user root 34.168.2.103 port 50872 [preauth]","@timestamp":"2022-09-17T20:11:49.845Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:11:55.300Z","@version":"1","message":"Sep 17 20:11:54 honeypot-sgp-1 kernel: [84321618.908169] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=58458 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:13:37 honeypot-fra-1 sshd[25992]: Connection closed by authenticating user root 34.168.2.103 port 48566 [preauth]","@timestamp":"2022-09-17T20:13:37.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:15:04 honeypot-fra-1 sshd[26004]: Invalid user wanghao from 194.163.190.53 port 36592","@timestamp":"2022-09-17T20:15:04.932Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:15:54.395Z","@version":"1","message":"Sep 17 20:15:53 honeypot-sgp-1 sshd[29094]: Disconnected from authenticating user root 61.177.173.48 port 51755 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:16:10 honeypot-ams-1 sshd[2303]: Received disconnect from 124.221.41.109 port 36334:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:16:10.798Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:16:23 honeypot-fra-1 sshd[26012]: Connection closed by authenticating user root 34.168.2.103 port 39018 [preauth]","@timestamp":"2022-09-17T20:16:23.968Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:17:06.426Z","@version":"1","message":"Sep 17 20:17:05 honeypot-sgp-1 sshd[29103]: Received disconnect from 140.238.255.101 port 58754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:18:01 honeypot-ams-1 kernel: [84322461.459474] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=24730 PROTO=TCP SPT=10019 DPT=80 WINDOW=65507 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:18:01.854Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:18:08 honeypot-fra-1 sshd[26024]: Connection closed by authenticating user root 34.168.2.103 port 58090 [preauth]","@timestamp":"2022-09-17T20:18:09.014Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:18:12.454Z","@version":"1","message":"Sep 17 20:18:12 honeypot-sgp-1 sshd[29107]: Received disconnect from 92.255.85.70 port 19798:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:19:11 honeypot-fra-1 kernel: [84320361.345317] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=86 TOS=0x00 PREC=0x00 TTL=250 ID=54036 PROTO=TCP SPT=16443 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:19:12.043Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:20:26 honeypot-fra-1 sshd[26042]: Did not receive identification string from 34.168.2.103 port 60916","@timestamp":"2022-09-17T20:20:27.077Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:21:56.543Z","@version":"1","message":"Sep 17 20:21:56 honeypot-sgp-1 sshd[29113]: Disconnected from invalid user ve 209.212.45.102 port 55244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:22:19 honeypot-ams-1 sshd[2316]: Received disconnect from 124.221.41.109 port 42230:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:22:19.974Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:25:50 honeypot-ams-1 sshd[2323]: Received disconnect from 92.255.85.70 port 62934:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:25:51.073Z"}
{"@timestamp":"2022-09-17T20:26:35.658Z","@version":"1","message":"Sep 17 20:26:35 honeypot-sgp-1 sshd[29124]: Received disconnect from 61.177.173.36 port 34776:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:28:21 honeypot-ams-1 sshd[2327]: Disconnected from authenticating user root 124.221.41.109 port 47968 [preauth]","@timestamp":"2022-09-17T20:28:22.142Z"}
{"@timestamp":"2022-09-17T20:28:34.705Z","@version":"1","message":"Sep 17 20:28:33 honeypot-sgp-1 sshd[29128]: Received disconnect from 161.82.233.179 port 43860:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:30:16 honeypot-fra-1 kernel: [84321025.565784] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:30:16.292Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:30:22 honeypot-ams-1 sshd[2333]: Connection closed by invalid user admin 112.186.242.154 port 60423 [preauth]","@timestamp":"2022-09-17T20:30:22.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:32:53 honeypot-ams-1 sshd[2338]: Disconnected from authenticating user root 124.221.41.109 port 45102 [preauth]","@timestamp":"2022-09-17T20:32:53.273Z"}
{"@timestamp":"2022-09-17T20:35:29.880Z","@version":"1","message":"Sep 17 20:35:29 honeypot-sgp-1 sshd[29137]: Invalid user guest from 179.60.147.69 port 19724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:36:37 honeypot-fra-1 sshd[26048]: Connection closed by invalid user guest 179.60.147.69 port 52534 [preauth]","@timestamp":"2022-09-17T20:36:38.436Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:37:25 honeypot-ams-1 sshd[2346]: Received disconnect from 124.221.41.109 port 42084:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:37:25.656Z"}
{"@timestamp":"2022-09-17T20:39:30.978Z","@version":"1","message":"Sep 17 20:39:30 honeypot-sgp-1 sshd[29141]: Received disconnect from 128.199.97.155 port 56088:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:40:25 honeypot-ams-1 sshd[2352]: Received disconnect from 124.221.41.109 port 58820:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:40:25.738Z"}
{"@timestamp":"2022-09-17T20:40:29.003Z","@version":"1","message":"Sep 17 20:40:28 honeypot-sgp-1 sshd[29144]: Disconnected from invalid user user 45.61.186.249 port 57290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:49.013Z","@version":"1","message":"Sep 17 20:40:48 honeypot-sgp-1 sshd[29149]: Disconnected from invalid user user 45.61.186.249 port 52364 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:41:07.023Z","@version":"1","message":"Sep 17 20:41:06 honeypot-sgp-1 sshd[29153]: Disconnected from invalid user user 45.61.186.249 port 47420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26058]: Invalid user www from 212.87.251.118 port 35394","@timestamp":"2022-09-17T20:41:10.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26068]: Invalid user ubuntu from 212.87.251.118 port 35422","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26051]: Invalid user steam from 212.87.251.118 port 35380","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26074]: Invalid user test from 212.87.251.118 port 35448","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26058]: Connection closed by invalid user www 212.87.251.118 port 35394 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26069]: Connection closed by invalid user user 212.87.251.118 port 35418 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26070]: Connection closed by invalid user user 212.87.251.118 port 35432 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26066]: Connection closed by invalid user esuser 212.87.251.118 port 35416 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:41:24.031Z","@version":"1","message":"Sep 17 20:41:23 honeypot-sgp-1 sshd[29157]: Disconnected from invalid user user 45.61.186.249 port 42536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:43:24 honeypot-ams-1 sshd[2357]: Received disconnect from 124.221.41.109 port 47296:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:43:24.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:46:22 honeypot-ams-1 sshd[2361]: Disconnected from authenticating user root 124.221.41.109 port 35718 [preauth]","@timestamp":"2022-09-17T20:46:22.905Z"}
{"@timestamp":"2022-09-17T20:47:49.180Z","@version":"1","message":"Sep 17 20:47:48 honeypot-sgp-1 sshd[29165]: Disconnected from authenticating user root 61.177.173.39 port 62571 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:50:40.247Z","@version":"1","message":"Sep 17 20:50:40 honeypot-sgp-1 sshd[29170]: Disconnected from invalid user luc 142.93.163.183 port 36338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:50:49 honeypot-ams-1 sshd[2368]: Received disconnect from 124.221.41.109 port 60612:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:50:50.027Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:00 honeypot-fra-1 sshd[26103]: Received disconnect from 45.61.186.249 port 59702:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:51:01.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:20 honeypot-fra-1 sshd[26107]: Received disconnect from 45.61.186.249 port 54782:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:51:20.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:37 honeypot-fra-1 sshd[26111]: Received disconnect from 45.61.186.249 port 49862:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:51:38.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:54 honeypot-fra-1 sshd[26115]: Received disconnect from 45.61.186.249 port 44936:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T20:51:55.778Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:54:07.327Z","@version":"1","message":"Sep 17 20:54:07 honeypot-sgp-1 sshd[29176]: Disconnected from authenticating user root 157.245.103.207 port 37274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:55:14 honeypot-ams-1 sshd[2375]: Received disconnect from 124.221.41.109 port 57182:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:55:15.144Z"}
{"@timestamp":"2022-09-17T20:55:15.355Z","@version":"1","message":"Sep 17 20:55:14 honeypot-sgp-1 sshd[29180]: Disconnected from invalid user admin 159.89.8.45 port 43372 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:57:20.405Z","@version":"1","message":"Sep 17 20:57:20 honeypot-sgp-1 sshd[29185]: Disconnected from invalid user biba 75.188.17.172 port 39328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:59:09 honeypot-fra-1 sshd[26120]: Connection closed by invalid user admin 193.106.191.157 port 47840 [preauth]","@timestamp":"2022-09-17T20:59:09.943Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:59:39 honeypot-ams-1 sshd[2382]: Received disconnect from 124.221.41.109 port 53668:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:59:40.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:02:36 honeypot-ams-1 sshd[2387]: Disconnected from authenticating user root 124.221.41.109 port 41880 [preauth]","@timestamp":"2022-09-17T21:02:36.343Z"}
{"@timestamp":"2022-09-17T21:05:50.602Z","@version":"1","message":"Sep 17 21:05:50 honeypot-sgp-1 kernel: [84324854.450905] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.162.64 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54692 PROTO=TCP SPT=48247 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:05:52 honeypot-ams-1 sshd[2394]: Received disconnect from 43.130.3.44 port 54528:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:05:53.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:06:24 honeypot-fra-1 sshd[26126]: Invalid user ellen from 81.169.137.181 port 55290","@timestamp":"2022-09-17T21:06:25.105Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:06:59 honeypot-ams-1 sshd[2398]: Disconnected from invalid user atul 159.65.127.239 port 39106 [preauth]","@timestamp":"2022-09-17T21:07:00.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:07:10 honeypot-fra-1 sshd[26129]: Disconnected from invalid user elvin 81.169.137.181 port 40684 [preauth]","@timestamp":"2022-09-17T21:07:10.124Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:08:31.666Z","@version":"1","message":"Sep 17 21:08:31 honeypot-sgp-1 kernel: [84325015.505842] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.159 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=2804 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:08:36 honeypot-fra-1 sshd[26133]: Disconnected from invalid user emil 81.169.137.181 port 39790 [preauth]","@timestamp":"2022-09-17T21:08:37.158Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:09:36 honeypot-ams-1 sshd[2404]: Received disconnect from 186.84.174.241 port 59654:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:09:37.535Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:09:58 honeypot-fra-1 sshd[26138]: Received disconnect from 81.169.137.181 port 38828:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:09:59.215Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:37 honeypot-fra-1 sshd[26142]: Received disconnect from 81.169.137.181 port 52482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:10:38.232Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:52 honeypot-fra-1 sshd[26146]: Received disconnect from 45.61.184.204 port 48086:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:10:53.239Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:10 honeypot-fra-1 sshd[26150]: Received disconnect from 45.61.184.204 port 42960:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:11:11.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:19 honeypot-fra-1 sshd[26155]: Received disconnect from 45.61.184.204 port 54538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:11:20.252Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:11:22 honeypot-ams-1 sshd[2411]: Received disconnect from 124.221.41.109 port 34488:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:11:22.583Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:28 honeypot-fra-1 sshd[26158]: Disconnected from invalid user user 45.61.184.204 port 37838 [preauth]","@timestamp":"2022-09-17T21:11:28.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:54 honeypot-fra-1 sshd[26162]: Disconnected from invalid user eric 81.169.137.181 port 51538 [preauth]","@timestamp":"2022-09-17T21:11:55.269Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:12:33 honeypot-fra-1 sshd[26165]: Disconnected from invalid user ericka 81.169.137.181 port 36960 [preauth]","@timestamp":"2022-09-17T21:12:34.286Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:12:34.763Z","@version":"1","message":"Sep 17 21:12:34 honeypot-sgp-1 sshd[29206]: Disconnected from authenticating user root 61.177.173.39 port 47499 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:13:51 honeypot-fra-1 sshd[26171]: Invalid user es from 81.169.137.181 port 36034","@timestamp":"2022-09-17T21:13:51.319Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:14:30 honeypot-fra-1 sshd[26173]: Disconnected from invalid user este 81.169.137.181 port 49680 [preauth]","@timestamp":"2022-09-17T21:14:30.335Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:15:00 honeypot-ams-1 sshd[2418]: Invalid user test from 179.60.147.69 port 45260","@timestamp":"2022-09-17T21:15:00.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:15:48 honeypot-fra-1 sshd[26177]: Disconnected from invalid user estee 81.169.137.181 port 48720 [preauth]","@timestamp":"2022-09-17T21:15:48.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:16:05 honeypot-ams-1 sshd[2424]: Invalid user admin from 92.255.85.69 port 31686","@timestamp":"2022-09-17T21:16:05.714Z"}
{"@timestamp":"2022-09-17T21:17:01.870Z","@version":"1","message":"Sep 17 21:17:01 honeypot-sgp-1 CRON[29214]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:07 honeypot-fra-1 sshd[26184]: Invalid user exit from 81.169.137.181 port 47770","@timestamp":"2022-09-17T21:17:07.400Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:17:09 honeypot-ams-1 sshd[2430]: Disconnected from authenticating user root 124.221.41.109 port 38842 [preauth]","@timestamp":"2022-09-17T21:17:09.745Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:50 honeypot-fra-1 kernel: [84323880.333698] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59008 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:17:51.418Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:19:08 honeypot-fra-1 sshd[26192]: Received disconnect from 81.169.137.181 port 60502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:19:09.453Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:20:30 honeypot-fra-1 sshd[26196]: Received disconnect from 81.169.137.181 port 59566:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:20:30.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:21:31 honeypot-ams-1 sshd[2436]: Received disconnect from 124.221.41.109 port 34982:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:21:31.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:21:53 honeypot-fra-1 sshd[26200]: Received disconnect from 81.169.137.181 port 58720:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:21:53.519Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:22:38.999Z","@version":"1","message":"Sep 17 21:22:38 honeypot-sgp-1 sshd[29221]: Received disconnect from 61.177.173.46 port 24743:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:24:45 honeypot-fra-1 kernel: [84324294.526834] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.216.29 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=47776 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:24:45.589Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:25:51 honeypot-ams-1 sshd[2443]: Received disconnect from 124.221.41.109 port 59258:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:25:52.978Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:27:04 honeypot-ams-1 kernel: [84326604.330220] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56899 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:27:05.013Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:30:12 honeypot-ams-1 sshd[2452]: Disconnected from authenticating user root 124.221.41.109 port 55246 [preauth]","@timestamp":"2022-09-17T21:30:12.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:31:37 honeypot-ams-1 sshd[2456]: Disconnected from authenticating user root 124.221.41.109 port 35072 [preauth]","@timestamp":"2022-09-17T21:31:38.135Z"}
{"@timestamp":"2022-09-17T21:33:46.282Z","@version":"1","message":"Sep 17 21:33:45 honeypot-sgp-1 sshd[29304]: Invalid user guest from 103.188.176.251 port 53438","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:34:40 honeypot-ams-1 sshd[2463]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-17T21:34:41.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:37:21 honeypot-ams-1 sshd[2468]: Received disconnect from 124.221.41.109 port 38986:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:37:22.291Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:38:47 honeypot-ams-1 sshd[2472]: Disconnected from authenticating user root 124.221.41.109 port 47004 [preauth]","@timestamp":"2022-09-17T21:38:48.330Z"}
{"@timestamp":"2022-09-17T21:39:03.406Z","@version":"1","message":"Sep 17 21:39:03 honeypot-sgp-1 sshd[29312]: Received disconnect from 159.65.65.135 port 43000:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:41:39 honeypot-ams-1 sshd[2480]: Received disconnect from 124.221.41.109 port 34786:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:41:39.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:41:47 honeypot-fra-1 kernel: [84325317.062459] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=43993 DF PROTO=TCP SPT=51435 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-17T21:41:47.968Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:44:16 honeypot-ams-1 sshd[2484]: Disconnected from authenticating user root 43.132.121.97 port 49992 [preauth]","@timestamp":"2022-09-17T21:44:16.483Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:44:16 honeypot-fra-1 sshd[26211]: Invalid user michaels from 159.65.249.79 port 52106","@timestamp":"2022-09-17T21:44:17.028Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:46:03 honeypot-ams-1 kernel: [84327743.475637] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=60655 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:46:03.534Z"}
{"@timestamp":"2022-09-17T21:46:20.575Z","@version":"1","message":"Sep 17 21:46:20 honeypot-sgp-1 sshd[29319]: Received disconnect from 61.177.173.51 port 28407:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:48:46 honeypot-ams-1 sshd[2495]: Received disconnect from 124.221.41.109 port 46416:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:48:46.606Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:48:59 honeypot-fra-1 sshd[26216]: Invalid user admin from 179.60.147.69 port 16460","@timestamp":"2022-09-17T21:48:59.136Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:50:11 honeypot-ams-1 sshd[2499]: Disconnected from authenticating user root 124.221.41.109 port 54358 [preauth]","@timestamp":"2022-09-17T21:50:12.645Z"}
{"@timestamp":"2022-09-17T21:50:20.672Z","@version":"1","message":"Sep 17 21:50:19 honeypot-sgp-1 sshd[29324]: Received disconnect from 61.177.173.48 port 57967:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:51:00 honeypot-fra-1 sshd[26220]: Connection closed by invalid user admin 157.230.10.173 port 41554 [preauth]","@timestamp":"2022-09-17T21:51:01.185Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:52:00 honeypot-ams-1 sshd[2506]: Received disconnect from 217.10.103.163 port 49854:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:52:01.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:54:25 honeypot-ams-1 sshd[2510]: Received disconnect from 124.221.41.109 port 49884:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:54:25.767Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:57:15 honeypot-ams-1 sshd[2518]: Received disconnect from 124.221.41.109 port 37428:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:57:15.847Z"}
{"@timestamp":"2022-09-17T21:57:15.835Z","@version":"1","message":"Sep 17 21:57:15 honeypot-sgp-1 kernel: [84327939.361255] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=27.124.32.169 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=53822 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:00:03 honeypot-ams-1 sshd[2522]: Disconnected from authenticating user root 124.221.41.109 port 53170 [preauth]","@timestamp":"2022-09-17T22:00:03.920Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:00:07 honeypot-fra-1 sshd[26227]: Invalid user ilyse from 20.108.156.65 port 37322","@timestamp":"2022-09-17T22:00:08.384Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:01:12 honeypot-fra-1 sshd[26229]: Disconnected from invalid user hugo 196.191.116.209 port 2074 [preauth]","@timestamp":"2022-09-17T22:01:13.412Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T22:01:48.942Z","@version":"1","message":"Sep 17 22:01:48 honeypot-sgp-1 sshd[29336]: Received disconnect from 206.189.31.90 port 55048:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T22:03:51.992Z","@version":"1","message":"Sep 17 22:03:51 honeypot-sgp-1 sshd[29340]: Connection closed by invalid user admin 159.203.178.0 port 54548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:03:57 honeypot-ams-1 kernel: [84328817.425917] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57882 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:03:58.041Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:05:31 honeypot-fra-1 sshd[26234]: Disconnected from authenticating user root 146.185.137.240 port 50592 [preauth]","@timestamp":"2022-09-17T22:05:31.513Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:05:39 honeypot-ams-1 sshd[2533]: Received disconnect from 124.221.41.109 port 56310:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:05:40.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:08:27 honeypot-ams-1 sshd[2539]: Disconnected from authenticating user root 124.221.41.109 port 43718 [preauth]","@timestamp":"2022-09-17T22:08:28.164Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:10:45 honeypot-ams-1 kernel: [84329225.542821] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.105.183.68 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=46563 PROTO=TCP SPT=8528 DPT=80 WINDOW=50856 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:10:46.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:49 honeypot-ams-1 sshd[2548]: Disconnected from invalid user user 45.61.186.249 port 51286 [preauth]","@timestamp":"2022-09-17T22:11:49.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:07 honeypot-ams-1 sshd[2552]: Received disconnect from 45.61.186.249 port 45860:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T22:12:08.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:24 honeypot-ams-1 sshd[2556]: Received disconnect from 45.61.186.249 port 40430:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T22:12:25.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:38 honeypot-ams-1 sshd[2560]: Disconnected from authenticating user root 124.221.41.109 port 38924 [preauth]","@timestamp":"2022-09-17T22:12:39.302Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:14:02 honeypot-ams-1 sshd[2565]: Disconnected from authenticating user root 124.221.41.109 port 46720 [preauth]","@timestamp":"2022-09-17T22:14:02.339Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:17:01 honeypot-ams-1 CRON[2571]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T22:17:01.420Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:17:01 honeypot-fra-1 CRON[26239]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T22:17:01.788Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T22:17:02.293Z","@version":"1","message":"Sep 17 22:17:01 honeypot-sgp-1 CRON[29347]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:20:08 honeypot-ams-1 kernel: [84329788.625708] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.91.47.43 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=1214 PROTO=TCP SPT=64366 DPT=80 WINDOW=48622 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:20:08.503Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:23:43 honeypot-ams-1 sshd[2583]: Disconnected from authenticating user root 124.221.41.109 port 44640 [preauth]","@timestamp":"2022-09-17T22:23:44.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:26:28 honeypot-ams-1 sshd[2591]: Received disconnect from 124.221.41.109 port 60100:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:26:28.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:27:52 honeypot-ams-1 sshd[2595]: Disconnected from authenticating user root 124.221.41.109 port 39586 [preauth]","@timestamp":"2022-09-17T22:27:52.727Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:29:51 honeypot-fra-1 kernel: [84328200.790040] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.41 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=54048 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:29:52.095Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:30:35 honeypot-ams-1 sshd[2602]: Received disconnect from 124.221.41.109 port 55004:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:30:35.801Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:33:06 honeypot-fra-1 sshd[26268]: Received disconnect from 92.255.85.69 port 17776:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:33:07.168Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:34:40 honeypot-ams-1 sshd[2608]: Received disconnect from 124.221.41.109 port 49814:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:34:40.911Z"}
{"@timestamp":"2022-09-17T22:37:34.762Z","@version":"1","message":"Sep 17 22:37:33 honeypot-sgp-1 kernel: [84330357.770315] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=60717 PROTO=TCP SPT=58032 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:38:46 honeypot-ams-1 sshd[2615]: Received disconnect from 124.221.41.109 port 44534:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:38:47.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:41:28 honeypot-ams-1 sshd[2621]: Disconnected from authenticating user root 124.221.41.109 port 59778 [preauth]","@timestamp":"2022-09-17T22:41:29.091Z"}
{"@timestamp":"2022-09-17T22:43:06.890Z","@version":"1","message":"Sep 17 22:43:06 honeypot-sgp-1 sshd[29356]: Received disconnect from 92.255.85.70 port 34936:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T22:43:55.911Z","@version":"1","message":"Sep 17 22:43:55 honeypot-sgp-1 sshd[29360]: Received disconnect from 203.66.168.81 port 51265:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:44:13 honeypot-ams-1 sshd[2628]: Disconnected from authenticating user root 124.221.41.109 port 46744 [preauth]","@timestamp":"2022-09-17T22:44:14.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:48:13 honeypot-ams-1 sshd[2635]: Disconnected from authenticating user root 124.221.41.109 port 41256 [preauth]","@timestamp":"2022-09-17T22:48:14.271Z"}
{"@timestamp":"2022-09-17T22:51:54.095Z","@version":"1","message":"Sep 17 22:51:53 honeypot-sgp-1 kernel: [84331217.049320] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=66.228.44.220 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=7203 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:52:17 honeypot-ams-1 sshd[2642]: Received disconnect from 124.221.41.109 port 35710:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:52:17.377Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:53:33 honeypot-ams-1 sshd[2645]: Disconnected from invalid user admin 200.116.167.188 port 57354 [preauth]","@timestamp":"2022-09-17T22:53:33.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:53:43 honeypot-fra-1 kernel: [84329632.663849] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.239 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=43590 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:53:43.628Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:55:51 honeypot-ams-1 sshd[2651]: Received disconnect from 43.154.228.228 port 41930:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:55:51.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:57:39 honeypot-ams-1 sshd[2657]: Disconnected from authenticating user root 124.221.41.109 port 37650 [preauth]","@timestamp":"2022-09-17T22:57:39.521Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:59:31 honeypot-ams-1 kernel: [84332151.973660] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:59:32.574Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:02:58 honeypot-ams-1 sshd[2666]: Disconnected from authenticating user root 124.221.41.109 port 39450 [preauth]","@timestamp":"2022-09-17T23:02:59.666Z"}
{"@timestamp":"2022-09-17T23:04:31.384Z","@version":"1","message":"Sep 17 23:04:30 honeypot-sgp-1 sshd[29369]: Disconnected from invalid user user 45.61.184.204 port 36886 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:04:52.395Z","@version":"1","message":"Sep 17 23:04:51 honeypot-sgp-1 sshd[29373]: Disconnected from invalid user user 45.61.184.204 port 60558 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:10.404Z","@version":"1","message":"Sep 17 23:05:09 honeypot-sgp-1 sshd[29377]: Disconnected from invalid user user 45.61.184.204 port 55990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:27.412Z","@version":"1","message":"Sep 17 23:05:26 honeypot-sgp-1 sshd[29382]: Disconnected from invalid user user 45.61.184.204 port 51428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:05:43 honeypot-ams-1 sshd[2672]: Disconnected from authenticating user root 124.221.41.109 port 54404 [preauth]","@timestamp":"2022-09-17T23:05:44.740Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:09:40 honeypot-ams-1 sshd[2680]: Disconnected from authenticating user root 124.221.41.109 port 48448 [preauth]","@timestamp":"2022-09-17T23:09:41.847Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:13:37 honeypot-ams-1 sshd[2688]: Received disconnect from 124.221.41.109 port 42402:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:13:37.950Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:16:14 honeypot-ams-1 sshd[2692]: Disconnected from authenticating user root 124.221.41.109 port 57134 [preauth]","@timestamp":"2022-09-17T23:16:15.022Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:17:01 honeypot-fra-1 CRON[26277]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T23:17:02.151Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T23:17:02.676Z","@version":"1","message":"Sep 17 23:17:01 honeypot-sgp-1 CRON[29388]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:17:33 honeypot-ams-1 sshd[2699]: Disconnected from authenticating user root 124.221.41.109 port 36262 [preauth]","@timestamp":"2022-09-17T23:17:34.059Z"}
{"@timestamp":"2022-09-17T23:20:29.757Z","@version":"1","message":"Sep 17 23:20:29 honeypot-sgp-1 sshd[29394]: Received disconnect from 152.179.67.70 port 3490:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:21:28 honeypot-ams-1 sshd[2706]: Received disconnect from 124.221.41.109 port 58274:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:21:29.163Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:24:32 honeypot-fra-1 sshd[26283]: Disconnected from authenticating user sshd 92.255.85.69 port 27498 [preauth]","@timestamp":"2022-09-17T23:24:32.320Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:24:55 honeypot-ams-1 sshd[2713]: Did not receive identification string from 81.169.137.181 port 45574","@timestamp":"2022-09-17T23:24:55.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:26:05 honeypot-ams-1 sshd[2718]: Received disconnect from 92.255.85.69 port 37090:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:26:05.289Z"}
{"@timestamp":"2022-09-17T23:26:14.891Z","@version":"1","message":"Sep 17 23:26:14 honeypot-sgp-1 sshd[29413]: Invalid user usuario from 195.206.60.116 port 36382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:26:41 honeypot-ams-1 sshd[2721]: Disconnected from authenticating user root 124.221.41.109 port 59296 [preauth]","@timestamp":"2022-09-17T23:26:41.307Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:28:03 honeypot-ams-1 sshd[2728]: Invalid user emil from 81.169.137.181 port 49970","@timestamp":"2022-09-17T23:28:04.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:29:17 honeypot-ams-1 sshd[2733]: Received disconnect from 124.221.41.109 port 45658:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:29:18.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:30:03 honeypot-ams-1 sshd[2737]: Received disconnect from 81.169.137.181 port 38916:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:30:03.402Z"}
{"@timestamp":"2022-09-17T23:30:11.981Z","@version":"1","message":"Sep 17 23:30:11 honeypot-sgp-1 kernel: [84333514.744473] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=44978 PROTO=TCP SPT=57408 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:30:41 honeypot-ams-1 sshd[2741]: Received disconnect from 81.169.137.181 port 54058:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:30:42.423Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:31:03 honeypot-ams-1 kernel: [84334043.646948] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:31:04.435Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:37 honeypot-fra-1 sshd[26287]: Connection closed by invalid user admin 193.106.191.157 port 60476 [preauth]","@timestamp":"2022-09-17T23:31:38.483Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:48 honeypot-fra-1 sshd[26292]: Disconnected from invalid user user 45.61.186.49 port 41036 [preauth]","@timestamp":"2022-09-17T23:31:48.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:31:58 honeypot-ams-1 sshd[2748]: Invalid user ericka from 81.169.137.181 port 56104","@timestamp":"2022-09-17T23:31:58.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:59 honeypot-fra-1 sshd[26296]: Disconnected from invalid user user 45.61.186.49 port 52744 [preauth]","@timestamp":"2022-09-17T23:31:59.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:33:10 honeypot-ams-1 sshd[2752]: Received disconnect from 124.221.41.109 port 39256:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:33:11.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:33:54 honeypot-ams-1 sshd[2756]: Invalid user este from 81.169.137.181 port 45070","@timestamp":"2022-09-17T23:33:54.520Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:34:25 honeypot-ams-1 sshd[2761]: Disconnected from authenticating user root 124.221.41.109 port 46516 [preauth]","@timestamp":"2022-09-17T23:34:26.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:35:11 honeypot-ams-1 sshd[2765]: Received disconnect from 81.169.137.181 port 47122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:35:11.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:35:50 honeypot-ams-1 sshd[2769]: Disconnected from invalid user euis 81.169.137.181 port 34026 [preauth]","@timestamp":"2022-09-17T23:35:50.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:37:02 honeypot-ams-1 sshd[2773]: Received disconnect from 124.221.41.109 port 32778:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:37:03.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:37:49 honeypot-ams-1 sshd[2777]: Invalid user farheen from 81.169.137.181 port 51210","@timestamp":"2022-09-17T23:37:49.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:38:14 honeypot-fra-1 sshd[26301]: Connection closed by invalid user guest 103.188.176.251 port 43912 [preauth]","@timestamp":"2022-09-17T23:38:14.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:28 honeypot-ams-1 sshd[2781]: Invalid user fedora from 81.169.137.181 port 38130","@timestamp":"2022-09-17T23:38:29.673Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:36 honeypot-ams-1 sshd[2785]: Disconnected from authenticating user root 39.71.48.53 port 31675 [preauth]","@timestamp":"2022-09-17T23:38:36.678Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:41 honeypot-ams-1 sshd[2791]: Received disconnect from 39.71.48.53 port 29699:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:41.681Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:46 honeypot-ams-1 sshd[2797]: Received disconnect from 39.71.48.53 port 29921:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:47.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:52 honeypot-ams-1 sshd[2803]: Received disconnect from 39.71.48.53 port 29989:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:52.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:57 honeypot-ams-1 sshd[2809]: Received disconnect from 39.71.48.53 port 30200:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:57.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:02 honeypot-ams-1 sshd[2815]: Received disconnect from 39.71.48.53 port 30270:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:02.694Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:07 honeypot-ams-1 sshd[2821]: Received disconnect from 39.71.48.53 port 30487:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:08.698Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:10 honeypot-ams-1 sshd[2827]: Disconnected from invalid user feel 81.169.137.181 port 53278 [preauth]","@timestamp":"2022-09-17T23:39:11.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:14 honeypot-ams-1 sshd[2831]: Disconnected from authenticating user root 39.71.48.53 port 30712 [preauth]","@timestamp":"2022-09-17T23:39:14.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:19 honeypot-ams-1 sshd[2837]: Disconnected from authenticating user root 39.71.48.53 port 30815 [preauth]","@timestamp":"2022-09-17T23:39:20.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:24 honeypot-ams-1 sshd[2845]: Received disconnect from 159.89.163.158 port 59814:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:25.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:28 honeypot-ams-1 sshd[2850]: Received disconnect from 39.71.48.53 port 31124:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:28.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:33 honeypot-ams-1 sshd[2858]: Received disconnect from 39.71.48.53 port 31298:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:33.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:36 honeypot-ams-1 sshd[2862]: Invalid user admin from 39.71.48.53 port 31394","@timestamp":"2022-09-17T23:39:37.718Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:40 honeypot-ams-1 sshd[2866]: Invalid user admin from 39.71.48.53 port 31447","@timestamp":"2022-09-17T23:39:40.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:43 honeypot-ams-1 sshd[2870]: Invalid user admin from 39.71.48.53 port 31601","@timestamp":"2022-09-17T23:39:44.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:47 honeypot-ams-1 sshd[2874]: Invalid user admin from 39.71.48.53 port 31671","@timestamp":"2022-09-17T23:39:47.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:50 honeypot-ams-1 sshd[2876]: Connection closed by authenticating user root 179.60.147.69 port 49708 [preauth]","@timestamp":"2022-09-17T23:39:50.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:52 honeypot-ams-1 sshd[2884]: Received disconnect from 81.169.137.181 port 40204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:39:52.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:54 honeypot-ams-1 sshd[2886]: Disconnected from invalid user user 39.71.48.53 port 29831 [preauth]","@timestamp":"2022-09-17T23:39:54.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:59 honeypot-ams-1 sshd[2892]: Received disconnect from 39.71.48.53 port 29928:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:59.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:03 honeypot-ams-1 sshd[2896]: Received disconnect from 39.71.48.53 port 29990:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:03.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:06 honeypot-ams-1 sshd[2900]: Received disconnect from 39.71.48.53 port 30157:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:06.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:09 honeypot-ams-1 sshd[2904]: Received disconnect from 39.71.48.53 port 30230:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:10.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:13 honeypot-ams-1 sshd[2908]: Received disconnect from 39.71.48.53 port 30323:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:13.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:15 honeypot-ams-1 sshd[2912]: Received disconnect from 39.71.48.53 port 30407:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:15.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:18 honeypot-ams-1 sshd[2916]: Received disconnect from 39.71.48.53 port 30486:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:18.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:21 honeypot-ams-1 sshd[2920]: Received disconnect from 39.71.48.53 port 30539:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:22.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:25 honeypot-ams-1 sshd[2924]: Received disconnect from 39.71.48.53 port 30703:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:25.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:28 honeypot-ams-1 sshd[2928]: Received disconnect from 39.71.48.53 port 30814:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:29.755Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:32 honeypot-ams-1 sshd[2932]: Received disconnect from 39.71.48.53 port 30870:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:40:32.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:34 honeypot-ams-1 sshd[2936]: Received disconnect from 81.169.137.181 port 55340:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:40:34.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:53 honeypot-ams-1 sshd[2940]: Disconnected from authenticating user root 124.221.41.109 port 54454 [preauth]","@timestamp":"2022-09-17T23:40:53.769Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:41:57 honeypot-ams-1 sshd[2944]: Disconnected from invalid user finsa 81.169.137.181 port 57374 [preauth]","@timestamp":"2022-09-17T23:41:57.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:42:57 honeypot-ams-1 sshd[2948]: Disconnected from invalid user webpop 68.183.232.27 port 35086 [preauth]","@timestamp":"2022-09-17T23:42:57.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:45:07 honeypot-ams-1 sshd[2955]: Received disconnect from 188.128.39.113 port 51410:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:45:07.891Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:46:00 honeypot-ams-1 sshd[2959]: Received disconnect from 124.221.41.109 port 55048:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:46:00.918Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:46:26 honeypot-fra-1 kernel: [84332795.358625] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=49424 PROTO=TCP SPT=58430 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:46:26.830Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:47:44 honeypot-ams-1 sshd[2963]: Connection closed by invalid user admin 193.106.191.157 port 58940 [preauth]","@timestamp":"2022-09-17T23:47:44.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:32 honeypot-ams-1 sshd[2971]: Did not receive identification string from 212.192.246.174 port 36092","@timestamp":"2022-09-17T23:48:32.991Z"}
{"@timestamp":"2022-09-17T23:49:46.425Z","@version":"1","message":"Sep 17 23:49:45 honeypot-sgp-1 kernel: [84334689.202204] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.209.217.119 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=109 ID=8627 DF PROTO=TCP SPT=60219 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:49:50 honeypot-ams-1 sshd[2976]: Disconnected from authenticating user root 124.221.41.109 port 48330 [preauth]","@timestamp":"2022-09-17T23:49:51.028Z"}
{"@timestamp":"2022-09-17T23:50:51.453Z","@version":"1","message":"Sep 17 23:50:51 honeypot-sgp-1 sshd[29426]: Disconnected from invalid user cesar 124.82.111.218 port 57178 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:53:39 honeypot-ams-1 sshd[2982]: Disconnected from authenticating user root 124.221.41.109 port 41512 [preauth]","@timestamp":"2022-09-17T23:53:40.131Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:56:30 honeypot-fra-1 sshd[26311]: Disconnected from invalid user nma 64.225.17.240 port 45970 [preauth]","@timestamp":"2022-09-17T23:56:31.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:56:45 honeypot-ams-1 sshd[2989]: Received disconnect from 199.255.98.39 port 51710:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:56:45.215Z"}
{"@timestamp":"2022-09-17T23:57:36.608Z","@version":"1","message":"Sep 17 23:57:36 honeypot-sgp-1 sshd[29431]: Received disconnect from 27.118.22.221 port 35472:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:59:12 honeypot-ams-1 kernel: [84335732.648307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=178.62.254.91 LEN=40 TOS=0x18 PREC=0x00 TTL=239 ID=4645 PROTO=TCP SPT=45995 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:59:13.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:01:32 honeypot-fra-1 sshd[26317]: Disconnected from invalid user newtest 147.182.179.237 port 34636 [preauth]","@timestamp":"2022-09-18T00:01:33.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:02:26 honeypot-fra-1 sshd[26322]: Disconnected from invalid user testmail 103.141.149.29 port 54950 [preauth]","@timestamp":"2022-09-18T00:02:27.192Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:02:28 honeypot-ams-1 sshd[3000]: Disconnected from authenticating user root 124.221.41.109 port 34758 [preauth]","@timestamp":"2022-09-18T00:02:29.383Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:05:20 honeypot-ams-1 kernel: [84336100.283155] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=155 PROTO=TCP SPT=59309 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:05:20.464Z"}
{"@timestamp":"2022-09-18T00:07:27.838Z","@version":"1","message":"Sep 18 00:07:27 honeypot-sgp-1 sshd[29436]: Received disconnect from 103.145.106.247 port 56338:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:07:30 honeypot-fra-1 sshd[26327]: Disconnected from invalid user joe 212.33.250.241 port 37576 [preauth]","@timestamp":"2022-09-18T00:07:30.333Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:07:29 honeypot-ams-1 sshd[3011]: Disconnected from authenticating user root 124.221.41.109 port 34752 [preauth]","@timestamp":"2022-09-18T00:07:30.528Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:09:58 honeypot-ams-1 sshd[3017]: Disconnected from authenticating user root 124.221.41.109 port 48786 [preauth]","@timestamp":"2022-09-18T00:09:58.603Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:11:12 honeypot-fra-1 sshd[26332]: Disconnected from authenticating user root 45.157.150.162 port 55424 [preauth]","@timestamp":"2022-09-18T00:11:13.420Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:12:27 honeypot-ams-1 sshd[3024]: Received disconnect from 124.221.41.109 port 34520:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:12:27.668Z"}
{"@timestamp":"2022-09-18T00:12:47.962Z","@version":"1","message":"Sep 18 00:12:47 honeypot-sgp-1 sshd[29441]: Invalid user default from 179.60.147.69 port 58122","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:13:53 honeypot-fra-1 sshd[26336]: Disconnected from authenticating user root 103.119.144.75 port 46842 [preauth]","@timestamp":"2022-09-18T00:13:53.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26351]: Invalid user hadoop from 139.59.152.202 port 34764","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26349]: Invalid user oracle from 139.59.152.202 port 34758","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26351]: Connection closed by invalid user hadoop 139.59.152.202 port 34764 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26370]: Connection closed by invalid user kibana 139.59.152.202 port 34806 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26353]: Invalid user test from 139.59.152.202 port 34766","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26352]: Connection closed by invalid user spark 139.59.152.202 port 34762 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26362]: Invalid user steam from 139.59.152.202 port 34792","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26369]: Connection closed by invalid user www 139.59.152.202 port 34808 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26357]: Connection closed by invalid user devops 139.59.152.202 port 34776 [preauth]","@timestamp":"2022-09-18T00:14:23.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:14:54 honeypot-ams-1 sshd[3028]: Received disconnect from 124.221.41.109 port 48324:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:14:54.736Z"}
{"@timestamp":"2022-09-18T00:15:12.022Z","@version":"1","message":"Sep 18 00:15:11 honeypot-sgp-1 sshd[29443]: Invalid user user from 92.255.85.70 port 49390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:16:17 honeypot-fra-1 sshd[26404]: Disconnected from invalid user monitor 173.186.116.37 port 57096 [preauth]","@timestamp":"2022-09-18T00:16:17.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:16:18 honeypot-ams-1 sshd[3033]: Invalid user default from 179.60.147.69 port 12996","@timestamp":"2022-09-18T00:16:19.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:17:23 honeypot-ams-1 sshd[3039]: Received disconnect from 124.221.41.109 port 33824:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:17:23.813Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:19:50 honeypot-ams-1 kernel: [84336970.912427] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=59843 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:19:50.883Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:20:31 honeypot-fra-1 sshd[26411]: Connection closed by invalid user user 65.34.131.66 port 45114 [preauth]","@timestamp":"2022-09-18T00:20:31.644Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:23:30 honeypot-ams-1 sshd[3050]: Disconnected from authenticating user root 124.221.41.109 port 39772 [preauth]","@timestamp":"2022-09-18T00:23:30.986Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:25:57 honeypot-ams-1 sshd[3054]: Disconnected from authenticating user root 124.221.41.109 port 53398 [preauth]","@timestamp":"2022-09-18T00:25:58.059Z"}
{"@timestamp":"2022-09-18T00:29:13.364Z","@version":"1","message":"Sep 18 00:29:12 honeypot-sgp-1 kernel: [84337056.497346] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=58064 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:29:37 honeypot-ams-1 sshd[3061]: Received disconnect from 124.221.41.109 port 45534:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:29:38.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:32:01 honeypot-ams-1 sshd[3067]: Received disconnect from 124.221.41.109 port 59084:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:32:02.231Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:35:41 honeypot-ams-1 sshd[3074]: Received disconnect from 124.221.41.109 port 51124:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:35:41.333Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:36:53 honeypot-ams-1 sshd[3080]: Received disconnect from 124.221.41.109 port 57870:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:36:53.369Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:39:17 honeypot-ams-1 sshd[3085]: Disconnected from authenticating user root 124.221.41.109 port 43100 [preauth]","@timestamp":"2022-09-18T00:39:18.438Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:41:20 honeypot-fra-1 kernel: [84336089.307859] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=39288 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:41:21.115Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:42:53 honeypot-ams-1 sshd[3091]: Disconnected from authenticating user root 124.221.41.109 port 35006 [preauth]","@timestamp":"2022-09-18T00:42:53.540Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:46:30 honeypot-ams-1 sshd[3098]: Disconnected from authenticating user root 124.221.41.109 port 55092 [preauth]","@timestamp":"2022-09-18T00:46:30.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:47:55 honeypot-ams-1 sshd[3104]: Received disconnect from 198.12.255.244 port 56974:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:47:55.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:48:55 honeypot-ams-1 sshd[3106]: Disconnected from authenticating user root 124.221.41.109 port 40224 [preauth]","@timestamp":"2022-09-18T00:48:55.707Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:50:20 honeypot-fra-1 sshd[26418]: Connection closed by invalid user debian 179.60.147.69 port 29008 [preauth]","@timestamp":"2022-09-18T00:50:21.321Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:51:18 honeypot-ams-1 sshd[3113]: Received disconnect from 124.221.41.109 port 53574:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:51:18.774Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:52:39 honeypot-ams-1 kernel: [84338940.155166] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.89.30.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=64074 PROTO=TCP SPT=61613 DPT=80 WINDOW=60334 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:52:40.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:54:51 honeypot-ams-1 sshd[3123]: Received disconnect from 124.221.41.109 port 45340:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:54:52.881Z"}
{"@timestamp":"2022-09-18T00:55:22.975Z","@version":"1","message":"Sep 18 00:55:22 honeypot-sgp-1 sshd[29455]: Invalid user mysql from 92.255.85.69 port 51946","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:56:17 honeypot-fra-1 sshd[26425]: Received disconnect from 170.210.71.10 port 51411:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:56:18.456Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:57:01 honeypot-ams-1 CRON[3128]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T00:57:01.943Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:59:37 honeypot-ams-1 sshd[3136]: Disconnected from authenticating user root 124.221.41.109 port 43634 [preauth]","@timestamp":"2022-09-18T00:59:38.018Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:02:28 honeypot-ams-1 sshd[3143]: Disconnected from authenticating user root 51.250.65.201 port 47242 [preauth]","@timestamp":"2022-09-18T01:02:28.099Z"}
{"@timestamp":"2022-09-18T01:03:08.156Z","@version":"1","message":"Sep 18 01:03:07 honeypot-sgp-1 kernel: [84339091.049267] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.226.17.248 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=105 ID=33681 DF PROTO=TCP SPT=59526 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:04:09 honeypot-ams-1 sshd[3149]: Invalid user mysql from 92.255.85.69 port 41486","@timestamp":"2022-09-18T01:04:10.148Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:05:26 honeypot-ams-1 sshd[3153]: Received disconnect from 124.152.76.180 port 49840:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:05:27.186Z"}
{"@timestamp":"2022-09-18T01:06:52.246Z","@version":"1","message":"Sep 18 01:06:51 honeypot-sgp-1 sshd[29461]: Disconnected from invalid user wup 66.98.127.52 port 33704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:07:07 honeypot-ams-1 kernel: [84339807.980773] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.74.24.20 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=64922 PROTO=TCP SPT=62999 DPT=443 WINDOW=7366 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:07:08.234Z"}
{"@timestamp":"2022-09-18T01:07:11.254Z","@version":"1","message":"Sep 18 01:07:11 honeypot-sgp-1 sshd[29465]: Disconnected from invalid user rudisill 43.132.183.192 port 54638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:08:27 honeypot-fra-1 kernel: [84337716.398985] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=52014 PROTO=TCP SPT=40765 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:08:27.732Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:08:43 honeypot-ams-1 sshd[3162]: Disconnected from authenticating user root 13.81.254.185 port 52866 [preauth]","@timestamp":"2022-09-18T01:08:44.283Z"}
{"@timestamp":"2022-09-18T01:09:18.305Z","@version":"1","message":"Sep 18 01:09:18 honeypot-sgp-1 sshd[29472]: Invalid user kw from 139.59.189.130 port 47648","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:10:14 honeypot-ams-1 sshd[3166]: Disconnected from authenticating user root 124.221.41.109 port 46276 [preauth]","@timestamp":"2022-09-18T01:10:15.325Z"}
{"@timestamp":"2022-09-18T01:10:20.331Z","@version":"1","message":"Sep 18 01:10:20 honeypot-sgp-1 kernel: [84339523.693995] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=44.204.93.237 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=55101 DF PROTO=TCP SPT=54468 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:11:25.359Z","@version":"1","message":"Sep 18 01:11:24 honeypot-sgp-1 sshd[29481]: Received disconnect from 137.184.1.35 port 39066:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:13:45 honeypot-ams-1 sshd[3173]: Disconnected from authenticating user root 124.221.41.109 port 37594 [preauth]","@timestamp":"2022-09-18T01:13:46.442Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:42 honeypot-ams-1 sshd[3178]: Invalid user user from 45.61.186.49 port 43424","@timestamp":"2022-09-18T01:14:43.471Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:54 honeypot-ams-1 sshd[3184]: Invalid user user from 45.61.186.49 port 55218","@timestamp":"2022-09-18T01:14:55.476Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:15:00 honeypot-fra-1 sshd[26440]: Invalid user gioia from 34.229.206.8 port 60030","@timestamp":"2022-09-18T01:15:00.883Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T01:15:03.445Z","@version":"1","message":"Sep 18 01:15:02 honeypot-sgp-1 sshd[29488]: Received disconnect from 143.244.137.54 port 41600:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:16:06 honeypot-ams-1 sshd[3187]: Disconnected from authenticating user root 124.221.41.109 port 50602 [preauth]","@timestamp":"2022-09-18T01:16:06.507Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:17:01 honeypot-fra-1 CRON[26444]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T01:17:01.932Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:18:25 honeypot-ams-1 sshd[3196]: Received disconnect from 124.221.41.109 port 35364:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:18:26.574Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:19:57 honeypot-fra-1 sshd[26449]: Disconnected from invalid user if 211.254.215.197 port 35024 [preauth]","@timestamp":"2022-09-18T01:19:58.003Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:20:45 honeypot-ams-1 sshd[3201]: Received disconnect from 124.221.41.109 port 48342:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:20:45.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:24:15 honeypot-ams-1 sshd[3207]: Received disconnect from 124.221.41.109 port 39508:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:24:16.739Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:26:27 honeypot-fra-1 sshd[26453]: Connection closed by invalid user user 179.60.147.69 port 6804 [preauth]","@timestamp":"2022-09-18T01:26:28.152Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:26:32 honeypot-ams-1 sshd[3212]: Received disconnect from 124.221.41.109 port 52402:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:26:32.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:28:38 honeypot-ams-1 sshd[3216]: Connection closed by invalid user user 179.60.147.69 port 44074 [preauth]","@timestamp":"2022-09-18T01:28:38.862Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:30:00 honeypot-ams-1 sshd[3220]: Disconnected from authenticating user root 124.221.41.109 port 43462 [preauth]","@timestamp":"2022-09-18T01:30:00.900Z"}
{"@timestamp":"2022-09-18T01:30:02.791Z","@version":"1","message":"Sep 18 01:30:02 honeypot-sgp-1 sshd[29496]: Received disconnect from 145.239.90.141 port 44234:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:33:26 honeypot-ams-1 sshd[3227]: Received disconnect from 124.221.41.109 port 34488:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:33:26.993Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:40 honeypot-ams-1 sshd[3233]: Invalid user admin from 143.198.135.228 port 45648","@timestamp":"2022-09-18T01:35:41.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:44 honeypot-ams-1 sshd[3235]: Received disconnect from 124.221.41.109 port 47300:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:35:45.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:38:02 honeypot-ams-1 sshd[3248]: Invalid user tickets from 137.184.50.19 port 39486","@timestamp":"2022-09-18T01:38:03.122Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:38:28 honeypot-ams-1 sshd[3250]: Disconnected from authenticating user root 128.116.154.5 port 35506 [preauth]","@timestamp":"2022-09-18T01:38:29.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:40:21 honeypot-ams-1 sshd[3254]: Disconnected from authenticating user root 124.221.41.109 port 44646 [preauth]","@timestamp":"2022-09-18T01:40:22.190Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:43:45 honeypot-ams-1 sshd[3261]: Disconnected from authenticating user root 124.221.41.109 port 35510 [preauth]","@timestamp":"2022-09-18T01:43:46.286Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:46:06 honeypot-ams-1 kernel: [84342146.578384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=71.6.135.131 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=29116 PROTO=TCP SPT=30378 DPT=389 WINDOW=62150 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:46:07.353Z"}
{"@timestamp":"2022-09-18T01:48:38.240Z","@version":"1","message":"Sep 18 01:48:38 honeypot-sgp-1 sshd[29503]: Invalid user admin from 92.255.85.70 port 36190","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:49:27 honeypot-ams-1 sshd[3272]: Disconnected from authenticating user root 124.221.41.109 port 38964 [preauth]","@timestamp":"2022-09-18T01:49:27.446Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:52:22 honeypot-ams-1 kernel: [84342522.894949] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=14892 DF PROTO=TCP SPT=49228 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T01:52:23.531Z"}
{"@timestamp":"2022-09-18T01:54:25.376Z","@version":"1","message":"Sep 18 01:54:25 honeypot-sgp-1 sshd[29506]: Received disconnect from 85.51.33.209 port 64951:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:55:05 honeypot-ams-1 sshd[3283]: Received disconnect from 124.221.41.109 port 42212:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:55:06.609Z"}
{"@timestamp":"2022-09-18T01:57:14.445Z","@version":"1","message":"Sep 18 01:57:14 honeypot-sgp-1 sshd[29508]: Received disconnect from 51.222.116.82 port 46014:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:57:45 honeypot-ams-1 kernel: [84342845.439928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=147.182.199.146 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=52880 PROTO=TCP SPT=46231 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:57:45.684Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:58:18 honeypot-fra-1 kernel: [84340707.495911] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=42607 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:58:18.863Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:59:38 honeypot-ams-1 sshd[3294]: Disconnected from authenticating user root 124.221.41.109 port 39060 [preauth]","@timestamp":"2022-09-18T01:59:38.740Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:13 honeypot-fra-1 sshd[26466]: Invalid user user from 45.61.186.49 port 52372","@timestamp":"2022-09-18T02:00:13.911Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:23 honeypot-fra-1 sshd[26470]: Invalid user user from 45.61.186.49 port 35500","@timestamp":"2022-09-18T02:00:23.916Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:02:32 honeypot-fra-1 sshd[26475]: Connection closed by invalid user guest 179.60.147.69 port 16112 [preauth]","@timestamp":"2022-09-18T02:02:32.967Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:02:58 honeypot-ams-1 sshd[3301]: Received disconnect from 124.221.41.109 port 57806:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:02:59.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:05:12 honeypot-ams-1 sshd[3308]: Received disconnect from 124.221.41.109 port 42038:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:05:12.901Z"}
{"@timestamp":"2022-09-18T02:07:22.686Z","@version":"1","message":"Sep 18 02:07:22 honeypot-sgp-1 kernel: [84342946.009971] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=51856 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:07:26 honeypot-ams-1 sshd[3312]: Disconnected from authenticating user root 124.221.41.109 port 54484 [preauth]","@timestamp":"2022-09-18T02:07:27.967Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:08:03 honeypot-fra-1 sshd[26482]: Received disconnect from 193.95.228.126 port 9654:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:08:04.099Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:09:10 honeypot-fra-1 sshd[26488]: Disconnected from authenticating user root 206.189.86.91 port 34188 [preauth]","@timestamp":"2022-09-18T02:09:11.128Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:10:47 honeypot-ams-1 sshd[3319]: Received disconnect from 124.221.41.109 port 44868:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:10:48.062Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:11:53 honeypot-ams-1 sshd[3323]: Disconnected from authenticating user root 124.221.41.109 port 51060 [preauth]","@timestamp":"2022-09-18T02:11:54.094Z"}
{"@timestamp":"2022-09-18T02:12:35.812Z","@version":"1","message":"Sep 18 02:12:35 honeypot-sgp-1 kernel: [84343258.852620] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=14682 DF PROTO=TCP SPT=58970 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:14:10 honeypot-ams-1 sshd[3329]: Received disconnect from 123.41.0.20 port 46440:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:14:11.159Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:15:02 honeypot-fra-1 kernel: [84341711.085944] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35210 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:15:03.265Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:15:12 honeypot-ams-1 sshd[3334]: Disconnected from authenticating user root 124.221.41.109 port 41372 [preauth]","@timestamp":"2022-09-18T02:15:13.188Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:16:39 honeypot-ams-1 sshd[3338]: Disconnected from invalid user admin 92.255.85.70 port 62516 [preauth]","@timestamp":"2022-09-18T02:16:39.230Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:19 honeypot-ams-1 sshd[3345]: Disconnecting authenticating user root 124.79.243.92 port 18681: Too many authentication failures [preauth]","@timestamp":"2022-09-18T02:18:19.278Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:18:18 honeypot-fra-1 kernel: [84341907.609159] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.13.128.188 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=15533 PROTO=TCP SPT=42399 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:18:19.348Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:33 honeypot-ams-1 sshd[3349]: Received disconnect from 124.221.41.109 port 59884:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:18:34.286Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:37 honeypot-ams-1 sshd[3355]: Disconnecting invalid user admin 124.79.243.92 port 22667: Too many authentication failures [preauth]","@timestamp":"2022-09-18T02:18:38.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:43 honeypot-ams-1 sshd[3359]: Disconnecting invalid user oracle 124.79.243.92 port 23880: Too many authentication failures [preauth]","@timestamp":"2022-09-18T02:18:44.293Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:19:35 honeypot-ams-1 kernel: [84344155.988099] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.86.238.168 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=5928 DF PROTO=TCP SPT=18827 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:19:36.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:20:50 honeypot-ams-1 sshd[3372]: Invalid user abc from 139.59.248.243 port 55366","@timestamp":"2022-09-18T02:20:51.370Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:04 honeypot-fra-1 sshd[26504]: Received disconnect from 45.61.186.249 port 42032:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:22:04.437Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:22 honeypot-fra-1 sshd[26508]: Received disconnect from 45.61.186.249 port 36780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:22:23.445Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:41 honeypot-fra-1 sshd[26512]: Received disconnect from 45.61.186.249 port 59800:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:22:42.455Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:22:56 honeypot-ams-1 sshd[3376]: Received disconnect from 124.221.41.109 port 56276:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:22:57.428Z"}
{"@timestamp":"2022-09-18T02:24:10.083Z","@version":"1","message":"Sep 18 02:24:09 honeypot-sgp-1 sshd[29520]: Connection closed by invalid user elk 103.188.176.251 port 57562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:25:09 honeypot-ams-1 sshd[3382]: Disconnected from authenticating user root 124.221.41.109 port 40328 [preauth]","@timestamp":"2022-09-18T02:25:09.488Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:27:01 honeypot-ams-1 kernel: [84344602.064122] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.99.9.236 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=7709 DF PROTO=TCP SPT=58415 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:27:02.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:29:32 honeypot-ams-1 sshd[3391]: Received disconnect from 124.221.41.109 port 36560:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:29:33.739Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:30:15 honeypot-fra-1 kernel: [84342623.744794] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=8184 PROTO=TCP SPT=48204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:30:15.624Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:31:44 honeypot-ams-1 sshd[3396]: Received disconnect from 124.221.41.109 port 48738:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:31:44.800Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:33:21 honeypot-fra-1 sshd[26522]: Received disconnect from 179.43.156.143 port 38526:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:33:21.715Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:33:55 honeypot-ams-1 sshd[3400]: Disconnected from authenticating user root 124.221.41.109 port 60884 [preauth]","@timestamp":"2022-09-18T02:33:55.865Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:34:30 honeypot-fra-1 sshd[26526]: Disconnected from invalid user fourjs 218.241.132.133 port 34618 [preauth]","@timestamp":"2022-09-18T02:34:30.743Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:35:00.340Z","@version":"1","message":"Sep 18 02:35:00 honeypot-sgp-1 sshd[29525]: Invalid user ramesh from 104.248.155.120 port 51620","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:35:40 honeypot-fra-1 sshd[26533]: Received disconnect from 179.43.156.143 port 56414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:35:40.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:35:43 honeypot-ams-1 sshd[3404]: Disconnected from invalid user zhuanzhi 64.227.39.120 port 55658 [preauth]","@timestamp":"2022-09-18T02:35:43.916Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:36:49 honeypot-fra-1 sshd[26537]: Received disconnect from 179.43.156.143 port 51176:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:36:49.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:37:08 honeypot-ams-1 sshd[3409]: Received disconnect from 124.221.41.109 port 50798:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:37:08.957Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:38:01 honeypot-fra-1 sshd[26541]: Disconnected from authenticating user root 179.43.156.143 port 46000 [preauth]","@timestamp":"2022-09-18T02:38:01.849Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:38:58 honeypot-ams-1 sshd[3418]: Invalid user admin from 193.106.191.157 port 59368","@timestamp":"2022-09-18T02:38:59.009Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:14 honeypot-fra-1 sshd[26548]: Received disconnect from 179.43.156.143 port 40810:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:39:15.879Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:45 honeypot-ams-1 sshd[3424]: Received disconnect from 84.122.178.78 port 34756:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:46.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:46 honeypot-ams-1 sshd[3428]: Disconnected from authenticating user root 84.122.178.78 port 34828 [preauth]","@timestamp":"2022-09-18T02:39:47.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:47 honeypot-ams-1 sshd[3434]: Disconnected from authenticating user root 84.122.178.78 port 34886 [preauth]","@timestamp":"2022-09-18T02:39:48.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:48 honeypot-ams-1 sshd[3440]: Disconnected from authenticating user root 84.122.178.78 port 34982 [preauth]","@timestamp":"2022-09-18T02:39:49.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:50 honeypot-ams-1 sshd[3446]: Disconnected from authenticating user root 84.122.178.78 port 35038 [preauth]","@timestamp":"2022-09-18T02:39:51.038Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:50 honeypot-fra-1 sshd[26552]: Received disconnect from 179.43.156.143 port 38198:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:39:51.895Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:51 honeypot-ams-1 sshd[3452]: Disconnected from authenticating user root 84.122.178.78 port 35098 [preauth]","@timestamp":"2022-09-18T02:39:52.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:52 honeypot-ams-1 sshd[3458]: Disconnected from authenticating user root 84.122.178.78 port 35150 [preauth]","@timestamp":"2022-09-18T02:39:53.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:54 honeypot-ams-1 sshd[3464]: Disconnected from authenticating user root 84.122.178.78 port 35194 [preauth]","@timestamp":"2022-09-18T02:39:55.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:55 honeypot-ams-1 sshd[3470]: Disconnected from authenticating user root 84.122.178.78 port 35402 [preauth]","@timestamp":"2022-09-18T02:39:56.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:56 honeypot-ams-1 sshd[3476]: Disconnected from authenticating user root 84.122.178.78 port 35504 [preauth]","@timestamp":"2022-09-18T02:39:57.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:58 honeypot-ams-1 sshd[3482]: Disconnected from authenticating user root 84.122.178.78 port 35570 [preauth]","@timestamp":"2022-09-18T02:39:59.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:59 honeypot-ams-1 sshd[3488]: Disconnected from authenticating user root 84.122.178.78 port 35674 [preauth]","@timestamp":"2022-09-18T02:40:00.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:00 honeypot-ams-1 sshd[3494]: Received disconnect from 84.122.178.78 port 35750:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:01.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:01 honeypot-ams-1 sshd[3498]: Received disconnect from 84.122.178.78 port 35798:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:02.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:02 honeypot-ams-1 sshd[3502]: Received disconnect from 84.122.178.78 port 35834:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:03 honeypot-ams-1 sshd[3506]: Received disconnect from 84.122.178.78 port 35862:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:04.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:04 honeypot-ams-1 sshd[3510]: Received disconnect from 84.122.178.78 port 35904:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:05.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:05 honeypot-ams-1 sshd[3514]: Received disconnect from 84.122.178.78 port 36016:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:06.051Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:06 honeypot-ams-1 sshd[3520]: Invalid user pi from 84.122.178.78 port 36214","@timestamp":"2022-09-18T02:40:07.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:07 honeypot-ams-1 sshd[3524]: Invalid user user from 84.122.178.78 port 36250","@timestamp":"2022-09-18T02:40:08.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:08 honeypot-ams-1 sshd[3528]: Invalid user mine from 84.122.178.78 port 36326","@timestamp":"2022-09-18T02:40:09.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:09 honeypot-ams-1 sshd[3532]: Invalid user xbmc from 84.122.178.78 port 36400","@timestamp":"2022-09-18T02:40:09.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:09 honeypot-ams-1 sshd[3536]: Invalid user oracle from 84.122.178.78 port 36446","@timestamp":"2022-09-18T02:40:10.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:10 honeypot-ams-1 sshd[3540]: Invalid user postgres from 84.122.178.78 port 36482","@timestamp":"2022-09-18T02:40:11.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:11 honeypot-ams-1 sshd[3544]: Invalid user support from 84.122.178.78 port 36536","@timestamp":"2022-09-18T02:40:12.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:12 honeypot-ams-1 sshd[3548]: Invalid user ubuntu from 84.122.178.78 port 36580","@timestamp":"2022-09-18T02:40:13.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:13 honeypot-ams-1 sshd[3552]: Invalid user ubuntu from 84.122.178.78 port 36624","@timestamp":"2022-09-18T02:40:14.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:14 honeypot-ams-1 sshd[3556]: Invalid user guest from 84.122.178.78 port 36652","@timestamp":"2022-09-18T02:40:15.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3560]: Invalid user cirros from 84.122.178.78 port 36834","@timestamp":"2022-09-18T02:40:16.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:23 honeypot-ams-1 sshd[3564]: Received disconnect from 124.221.41.109 port 40638:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:24.064Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:41:03 honeypot-fra-1 sshd[26557]: Invalid user vagrant from 179.43.156.143 port 33042","@timestamp":"2022-09-18T02:41:03.925Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:41:12 honeypot-ams-1 sshd[3569]: Invalid user tester from 222.252.243.104 port 58541","@timestamp":"2022-09-18T02:41:13.089Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:41:55 honeypot-ams-1 kernel: [84345495.536697] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36265 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:41:56.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:42:05 honeypot-fra-1 sshd[26561]: Received disconnect from 92.255.85.69 port 18778:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:05.952Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:25 honeypot-ams-1 sshd[3579]: Received disconnect from 18.179.32.110 port 2993:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:26.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:30 honeypot-ams-1 sshd[3585]: Received disconnect from 18.179.32.110 port 27909:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:31.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:34 honeypot-ams-1 sshd[3591]: Received disconnect from 18.179.32.110 port 23149:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:35.132Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:40 honeypot-ams-1 sshd[3597]: Received disconnect from 18.179.32.110 port 7491:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:41.136Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:46 honeypot-ams-1 sshd[3603]: Received disconnect from 18.179.32.110 port 23671:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:47.139Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:51 honeypot-ams-1 sshd[3609]: Received disconnect from 18.179.32.110 port 7119:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:52.142Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:57 honeypot-ams-1 sshd[3615]: Received disconnect from 18.179.32.110 port 1663:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:58.147Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:42:59 honeypot-fra-1 sshd[26565]: Received disconnect from 179.43.156.143 port 53432:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:42:59.976Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:03 honeypot-ams-1 sshd[3621]: Received disconnect from 18.179.32.110 port 23945:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:03.150Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:08 honeypot-ams-1 sshd[3627]: Received disconnect from 18.179.32.110 port 16675:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:09.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:14 honeypot-ams-1 sshd[3633]: Received disconnect from 18.179.32.110 port 11711:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:15.157Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:20 honeypot-ams-1 sshd[3639]: Received disconnect from 18.179.32.110 port 20395:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:20.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:25 honeypot-ams-1 sshd[3645]: Received disconnect from 18.179.32.110 port 30249:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:26.165Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:29 honeypot-ams-1 sshd[3649]: Disconnected from invalid user admin 18.179.32.110 port 26853 [preauth]","@timestamp":"2022-09-18T02:43:30.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:33 honeypot-ams-1 sshd[3653]: Disconnected from invalid user admin 18.179.32.110 port 18699 [preauth]","@timestamp":"2022-09-18T02:43:34.170Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:37 honeypot-ams-1 sshd[3659]: Disconnected from invalid user admin 18.179.32.110 port 10801 [preauth]","@timestamp":"2022-09-18T02:43:38.174Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:40 honeypot-ams-1 sshd[3663]: Invalid user admin from 18.179.32.110 port 24233","@timestamp":"2022-09-18T02:43:41.176Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:44 honeypot-ams-1 sshd[3667]: Invalid user admin from 18.179.32.110 port 3053","@timestamp":"2022-09-18T02:43:45.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:48 honeypot-ams-1 sshd[3671]: Invalid user user from 18.179.32.110 port 25889","@timestamp":"2022-09-18T02:43:49.181Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:52 honeypot-ams-1 sshd[3675]: Disconnected from authenticating user root 18.179.32.110 port 19555 [preauth]","@timestamp":"2022-09-18T02:43:53.184Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:56 honeypot-ams-1 sshd[3679]: Disconnected from invalid user pi 18.179.32.110 port 20071 [preauth]","@timestamp":"2022-09-18T02:43:57.187Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:00 honeypot-ams-1 sshd[3683]: Disconnected from invalid user ethos 18.179.32.110 port 13547 [preauth]","@timestamp":"2022-09-18T02:44:00.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:03 honeypot-ams-1 sshd[3687]: Disconnected from invalid user miner 18.179.32.110 port 26355 [preauth]","@timestamp":"2022-09-18T02:44:04.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:07 honeypot-ams-1 sshd[3691]: Disconnected from invalid user volumio 18.179.32.110 port 8361 [preauth]","@timestamp":"2022-09-18T02:44:08.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:11 honeypot-ams-1 sshd[3695]: Disconnected from invalid user nagios 18.179.32.110 port 14439 [preauth]","@timestamp":"2022-09-18T02:44:12.198Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:44:15 honeypot-fra-1 sshd[26569]: Received disconnect from 179.43.156.143 port 48204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:44:16.009Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:15 honeypot-ams-1 sshd[3699]: Disconnected from invalid user vagrant 18.179.32.110 port 17731 [preauth]","@timestamp":"2022-09-18T02:44:16.201Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:19 honeypot-ams-1 sshd[3703]: Disconnected from invalid user debian 18.179.32.110 port 30513 [preauth]","@timestamp":"2022-09-18T02:44:20.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:23 honeypot-ams-1 sshd[3707]: Disconnected from invalid user debian 18.179.32.110 port 28149 [preauth]","@timestamp":"2022-09-18T02:44:23.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:26 honeypot-ams-1 sshd[3711]: Disconnected from invalid user alarm 18.179.32.110 port 21203 [preauth]","@timestamp":"2022-09-18T02:44:27.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:30 honeypot-ams-1 sshd[3715]: Disconnected from invalid user test 18.179.32.110 port 30153 [preauth]","@timestamp":"2022-09-18T02:44:31.213Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:34 honeypot-ams-1 sshd[3719]: Disconnected from invalid user cirros 18.179.32.110 port 8723 [preauth]","@timestamp":"2022-09-18T02:44:35.215Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:45:02 honeypot-fra-1 sshd[26573]: Disconnected from invalid user lucike 187.235.106.121 port 39552 [preauth]","@timestamp":"2022-09-18T02:45:03.029Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:45:15.580Z","@version":"1","message":"Sep 18 02:45:15 honeypot-sgp-1 kernel: [84345218.803795] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=90 TOS=0x00 PREC=0x00 TTL=245 ID=52286 PROTO=TCP SPT=30577 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:03 honeypot-fra-1 sshd[26579]: Received disconnect from 134.209.240.217 port 35928:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:46:04.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:46:50 honeypot-ams-1 sshd[3725]: Disconnected from authenticating user root 124.221.41.109 port 48328 [preauth]","@timestamp":"2022-09-18T02:46:51.277Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:58 honeypot-fra-1 sshd[26586]: Received disconnect from 179.43.156.143 port 37794:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:46:59.080Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:47:42 honeypot-fra-1 sshd[26590]: Received disconnect from 78.198.111.128 port 54026:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:47:43.098Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:49:03 honeypot-fra-1 sshd[26596]: Received disconnect from 179.43.156.143 port 58236:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:49:04.134Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:50:04 honeypot-ams-1 sshd[3732]: Received disconnect from 124.221.41.109 port 37958:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:50:04.364Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:50:28 honeypot-fra-1 sshd[26600]: Disconnected from authenticating user root 179.43.156.143 port 53032 [preauth]","@timestamp":"2022-09-18T02:50:29.168Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:51:07 honeypot-ams-1 sshd[3739]: Received disconnect from 124.221.41.109 port 43898:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:51:08.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:21 honeypot-fra-1 kernel: [84343890.254753] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.25.67.180 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=47299 PROTO=TCP SPT=47889 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:51:22.193Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:50 honeypot-fra-1 sshd[26609]: Disconnected from invalid user ansible 179.43.156.143 port 47818 [preauth]","@timestamp":"2022-09-18T02:51:51.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:53:00 honeypot-fra-1 sshd[26613]: Disconnected from invalid user yc 157.230.6.213 port 49310 [preauth]","@timestamp":"2022-09-18T02:53:01.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:54:17 honeypot-ams-1 sshd[4187]: Received disconnect from 124.221.41.109 port 33446:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:54:18.484Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:54:27 honeypot-fra-1 sshd[26619]: Received disconnect from 179.43.156.143 port 37420:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:54:28.274Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:56:28 honeypot-fra-1 sshd[26626]: Received disconnect from 179.43.156.143 port 57866:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:56:29.323Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:56:34 honeypot-ams-1 kernel: [84346374.612778] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=32780 DF PROTO=TCP SPT=56031 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T02:56:34.546Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:57:45 honeypot-fra-1 sshd[26630]: Invalid user prasad from 179.43.156.143 port 52672","@timestamp":"2022-09-18T02:57:45.355Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:58:19 honeypot-fra-1 kernel: [84344308.135802] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=27121 PROTO=TCP SPT=10059 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:58:20.371Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:58:33 honeypot-ams-1 sshd[4196]: Received disconnect from 124.221.41.109 port 57020:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:58:33.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:00:39 honeypot-ams-1 sshd[4200]: Disconnected from authenticating user root 124.221.41.109 port 40528 [preauth]","@timestamp":"2022-09-18T03:00:39.663Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:01:58 honeypot-ams-1 sshd[4205]: Connection closed by invalid user  118.193.59.59 port 40778 [preauth]","@timestamp":"2022-09-18T03:01:59.703Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:02:25 honeypot-fra-1 sshd[26640]: Invalid user devstaff from 181.65.186.50 port 56267","@timestamp":"2022-09-18T03:02:25.467Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:03:48 honeypot-ams-1 sshd[4212]: Disconnected from authenticating user root 124.221.41.109 port 58090 [preauth]","@timestamp":"2022-09-18T03:03:48.757Z"}
{"@timestamp":"2022-09-18T03:04:23.035Z","@version":"1","message":"Sep 18 03:04:22 honeypot-sgp-1 kernel: [84346365.692517] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=228 ID=44046 PROTO=TCP SPT=50003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:04:31 honeypot-fra-1 sshd[26642]: Received disconnect from 92.9.123.122 port 59978:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:04:32.517Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:06:16 honeypot-ams-1 kernel: [84346957.079157] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.92.236.179 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=15533 PROTO=TCP SPT=52438 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:06:17.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:09:01 honeypot-ams-1 sshd[4223]: Received disconnect from 124.221.41.109 port 58986:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:09:02.920Z"}
{"@timestamp":"2022-09-18T03:10:07.177Z","@version":"1","message":"Sep 18 03:10:06 honeypot-sgp-1 kernel: [84346710.222918] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.130 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=1922 PROTO=TCP SPT=60436 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:12:10 honeypot-ams-1 sshd[4229]: Received disconnect from 124.221.41.109 port 48142:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:12:11.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:13:11 honeypot-ams-1 sshd[4233]: Disconnected from authenticating user root 124.221.41.109 port 53928 [preauth]","@timestamp":"2022-09-18T03:13:12.035Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:15:16 honeypot-ams-1 sshd[4240]: Received disconnect from 124.221.41.109 port 37236:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:15:17.090Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:17:01 honeypot-fra-1 CRON[26648]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T03:17:01.795Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:17:02.348Z","@version":"1","message":"Sep 18 03:17:01 honeypot-sgp-1 CRON[29563]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:17:20 honeypot-ams-1 sshd[4247]: Received disconnect from 124.221.41.109 port 48752:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:17:21.147Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:19:25 honeypot-ams-1 sshd[4254]: Received disconnect from 124.221.41.109 port 60234:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:19:26.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:21:27 honeypot-ams-1 sshd[4260]: Received disconnect from 124.221.41.109 port 43460:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:21:28.262Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:23:40 honeypot-ams-1 kernel: [84348000.734747] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=50449 PROTO=TCP SPT=21839 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:23:41.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:24:34 honeypot-fra-1 sshd[26654]: Disconnected from authenticating user root 193.46.199.36 port 46832 [preauth]","@timestamp":"2022-09-18T03:24:34.978Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:26:36 honeypot-ams-1 sshd[4271]: Received disconnect from 124.221.41.109 port 43768:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:26:36.401Z"}
{"@timestamp":"2022-09-18T03:27:08.589Z","@version":"1","message":"Sep 18 03:27:07 honeypot-sgp-1 sshd[29570]: Received disconnect from 86.101.142.1 port 43412:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:27:58 honeypot-fra-1 kernel: [84346087.172347] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=202.164.136.147 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=6362 DF PROTO=TCP SPT=47860 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:27:59.057Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:28:37 honeypot-ams-1 sshd[4275]: Disconnected from authenticating user root 124.221.41.109 port 55134 [preauth]","@timestamp":"2022-09-18T03:28:38.472Z"}
{"@timestamp":"2022-09-18T03:30:32.672Z","@version":"1","message":"Sep 18 03:30:31 honeypot-sgp-1 sshd[29574]: Disconnected from authenticating user root 206.217.131.233 port 55550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:30:52 honeypot-fra-1 sshd[26661]: Received disconnect from 177.73.2.57 port 58829:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:30:53.125Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:31:17.692Z","@version":"1","message":"Sep 18 03:31:17 honeypot-sgp-1 sshd[29578]: Disconnected from invalid user sherri 50.16.104.72 port 47728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:31:40 honeypot-ams-1 sshd[4282]: Disconnected from authenticating user root 124.221.41.109 port 43880 [preauth]","@timestamp":"2022-09-18T03:31:41.553Z"}
{"@timestamp":"2022-09-18T03:33:35.749Z","@version":"1","message":"Sep 18 03:33:35 honeypot-sgp-1 sshd[29586]: Received disconnect from 66.98.127.52 port 52290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:07.764Z","@version":"1","message":"Sep 18 03:34:07 honeypot-sgp-1 sshd[29592]: Invalid user ubnt from 103.163.21.24 port 35650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:09.765Z","@version":"1","message":"Sep 18 03:34:08 honeypot-sgp-1 sshd[29596]: Disconnected from authenticating user root 103.163.21.24 port 35691 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:11.767Z","@version":"1","message":"Sep 18 03:34:10 honeypot-sgp-1 sshd[29602]: Disconnected from authenticating user root 103.163.21.24 port 35754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:13.768Z","@version":"1","message":"Sep 18 03:34:12 honeypot-sgp-1 sshd[29608]: Disconnected from authenticating user root 103.163.21.24 port 35817 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:14.769Z","@version":"1","message":"Sep 18 03:34:14 honeypot-sgp-1 sshd[29614]: Disconnected from authenticating user root 103.163.21.24 port 35878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:16.770Z","@version":"1","message":"Sep 18 03:34:16 honeypot-sgp-1 sshd[29620]: Disconnected from authenticating user root 103.163.21.24 port 35945 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:18.771Z","@version":"1","message":"Sep 18 03:34:18 honeypot-sgp-1 sshd[29627]: Disconnected from authenticating user root 103.163.21.24 port 36004 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:19.772Z","@version":"1","message":"Sep 18 03:34:19 honeypot-sgp-1 sshd[29632]: Disconnected from authenticating user root 103.163.21.24 port 36043 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:21.773Z","@version":"1","message":"Sep 18 03:34:21 honeypot-sgp-1 sshd[29638]: Disconnected from authenticating user root 103.163.21.24 port 36109 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:23.775Z","@version":"1","message":"Sep 18 03:34:23 honeypot-sgp-1 sshd[29644]: Disconnected from authenticating user root 103.163.21.24 port 36169 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:25.777Z","@version":"1","message":"Sep 18 03:34:25 honeypot-sgp-1 sshd[29650]: Disconnected from authenticating user root 103.163.21.24 port 36233 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:27.778Z","@version":"1","message":"Sep 18 03:34:27 honeypot-sgp-1 sshd[29656]: Disconnected from authenticating user root 103.163.21.24 port 36299 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:29.779Z","@version":"1","message":"Sep 18 03:34:29 honeypot-sgp-1 sshd[29662]: Received disconnect from 103.163.21.24 port 36360:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:30.780Z","@version":"1","message":"Sep 18 03:34:30 honeypot-sgp-1 sshd[29666]: Received disconnect from 103.163.21.24 port 36403:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:32.781Z","@version":"1","message":"Sep 18 03:34:31 honeypot-sgp-1 sshd[29670]: Received disconnect from 103.163.21.24 port 36443:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:33.782Z","@version":"1","message":"Sep 18 03:34:33 honeypot-sgp-1 sshd[29674]: Received disconnect from 103.163.21.24 port 36486:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:34.782Z","@version":"1","message":"Sep 18 03:34:34 honeypot-sgp-1 sshd[29678]: Received disconnect from 103.163.21.24 port 36528:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:35.783Z","@version":"1","message":"Sep 18 03:34:35 honeypot-sgp-1 sshd[29682]: Received disconnect from 103.163.21.24 port 36569:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:37.786Z","@version":"1","message":"Sep 18 03:34:37 honeypot-sgp-1 sshd[29688]: Invalid user pi from 103.163.21.24 port 36627","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:38.787Z","@version":"1","message":"Sep 18 03:34:38 honeypot-sgp-1 sshd[29692]: Invalid user user from 103.163.21.24 port 36674","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:40.788Z","@version":"1","message":"Sep 18 03:34:40 honeypot-sgp-1 sshd[29696]: Invalid user mine from 103.163.21.24 port 36716","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:41.789Z","@version":"1","message":"Sep 18 03:34:41 honeypot-sgp-1 sshd[29700]: Invalid user xbmc from 103.163.21.24 port 36756","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:34:42 honeypot-ams-1 sshd[4289]: Received disconnect from 124.221.41.109 port 60802:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:34:42.633Z"}
{"@timestamp":"2022-09-18T03:34:42.790Z","@version":"1","message":"Sep 18 03:34:42 honeypot-sgp-1 sshd[29704]: Invalid user oracle from 103.163.21.24 port 36797","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:44.791Z","@version":"1","message":"Sep 18 03:34:43 honeypot-sgp-1 sshd[29708]: Invalid user postgres from 103.163.21.24 port 36844","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:45.791Z","@version":"1","message":"Sep 18 03:34:45 honeypot-sgp-1 sshd[29712]: Invalid user support from 103.163.21.24 port 36887","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:46.792Z","@version":"1","message":"Sep 18 03:34:46 honeypot-sgp-1 sshd[29716]: Invalid user ubuntu from 103.163.21.24 port 36920","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:47.793Z","@version":"1","message":"Sep 18 03:34:47 honeypot-sgp-1 sshd[29720]: Invalid user ubuntu from 103.163.21.24 port 36964","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:49.794Z","@version":"1","message":"Sep 18 03:34:48 honeypot-sgp-1 sshd[29724]: Invalid user guest from 103.163.21.24 port 37003","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:50.795Z","@version":"1","message":"Sep 18 03:34:50 honeypot-sgp-1 sshd[29728]: Invalid user cirros from 103.163.21.24 port 37042","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:51.795Z","@version":"1","message":"Sep 18 03:34:51 honeypot-sgp-1 sshd[29732]: Invalid user santiago from 43.156.32.144 port 60798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:37:46 honeypot-ams-1 sshd[4295]: Received disconnect from 124.221.41.109 port 49454:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:37:46.716Z"}
{"@timestamp":"2022-09-18T03:38:05.874Z","@version":"1","message":"Sep 18 03:38:05 honeypot-sgp-1 sshd[29737]: Invalid user centos from 52.172.225.142 port 47354","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:39:33.912Z","@version":"1","message":"Sep 18 03:39:33 honeypot-sgp-1 sshd[29741]: Invalid user 1234 from 92.255.85.70 port 31480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:40:21 honeypot-fra-1 kernel: [84346830.371551] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.61 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=43516 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:40:22.337Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:40:22 honeypot-ams-1 sshd[4302]: Invalid user 1234 from 92.255.85.69 port 44312","@timestamp":"2022-09-18T03:40:22.788Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:41:47 honeypot-ams-1 sshd[4306]: Received disconnect from 124.221.41.109 port 43684:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:41:47.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:43:48 honeypot-ams-1 sshd[4310]: Disconnected from authenticating user root 124.221.41.109 port 54890 [preauth]","@timestamp":"2022-09-18T03:43:48.885Z"}
{"@timestamp":"2022-09-18T03:45:09.046Z","@version":"1","message":"Sep 18 03:45:08 honeypot-sgp-1 sshd[29746]: Invalid user admin from 220.74.55.232 port 45502","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:46:49 honeypot-ams-1 sshd[4317]: Disconnected from authenticating user root 124.221.41.109 port 43434 [preauth]","@timestamp":"2022-09-18T03:46:49.964Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:49:50 honeypot-ams-1 sshd[4323]: Received disconnect from 124.221.41.109 port 60180:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:49:51.046Z"}
{"@timestamp":"2022-09-18T03:50:32.177Z","@version":"1","message":"Sep 18 03:50:31 honeypot-sgp-1 kernel: [84349135.097365] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=245 ID=33551 PROTO=TCP SPT=8609 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:51:24 honeypot-fra-1 sshd[26670]: Invalid user default from 179.60.147.69 port 13324","@timestamp":"2022-09-18T03:51:25.588Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:52:51 honeypot-ams-1 sshd[4330]: Received disconnect from 124.221.41.109 port 48632:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:52:52.126Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:54:47 honeypot-ams-1 sshd[4336]: Received disconnect from 124.221.41.109 port 59726:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:54:48.178Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:55:19 honeypot-fra-1 kernel: [84347728.428313] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.214.114 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52386 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:55:20.680Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:56:48 honeypot-ams-1 sshd[4341]: Disconnected from authenticating user root 124.221.41.109 port 42570 [preauth]","@timestamp":"2022-09-18T03:56:49.233Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:59:16 honeypot-ams-1 kernel: [84350136.765833] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.168.141.104 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=60 ID=23096 PROTO=TCP SPT=20047 DPT=80 WINDOW=22619 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:59:17.302Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:01:34 honeypot-fra-1 sshd[26678]: Disconnected from invalid user lindsay 165.22.45.108 port 43332 [preauth]","@timestamp":"2022-09-18T04:01:35.839Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:01:47 honeypot-ams-1 sshd[4352]: Disconnected from authenticating user root 124.221.41.109 port 41950 [preauth]","@timestamp":"2022-09-18T04:01:47.370Z"}
{"@timestamp":"2022-09-18T04:02:15.455Z","@version":"1","message":"Sep 18 04:02:14 honeypot-sgp-1 sshd[29755]: Received disconnect from 51.38.237.164 port 57622:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:04:43 honeypot-ams-1 sshd[4358]: Disconnected from authenticating user root 124.221.41.109 port 58450 [preauth]","@timestamp":"2022-09-18T04:04:44.448Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:07:40 honeypot-ams-1 sshd[4365]: Disconnected from authenticating user root 124.221.41.109 port 46630 [preauth]","@timestamp":"2022-09-18T04:07:40.525Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:09:42 honeypot-ams-1 sshd[4371]: Received disconnect from 81.200.212.13 port 60840:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:09:42.580Z"}
{"@timestamp":"2022-09-18T04:11:28.674Z","@version":"1","message":"Sep 18 04:11:28 honeypot-sgp-1 kernel: [84350391.832944] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=178.187.186.44 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=42 ID=14820 PROTO=TCP SPT=53257 DPT=443 WINDOW=34215 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:11:35 honeypot-ams-1 sshd[4377]: Received disconnect from 124.221.41.109 port 40176:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:11:36.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:13:32 honeypot-ams-1 sshd[4384]: Received disconnect from 124.221.41.109 port 51034:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:13:33.684Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:15:28 honeypot-ams-1 sshd[4390]: Received disconnect from 124.221.41.109 port 33632:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:15:29.737Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:17:01 honeypot-fra-1 CRON[26701]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T04:17:02.195Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:17:24 honeypot-ams-1 sshd[4397]: Received disconnect from 124.221.41.109 port 44424:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:17:24.790Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:19:21 honeypot-ams-1 sshd[4404]: Received disconnect from 124.221.41.109 port 55188:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:19:22.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:22:16 honeypot-ams-1 sshd[4412]: Received disconnect from 124.221.41.109 port 43066:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:22:16.925Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:22:58 honeypot-fra-1 sshd[26707]: Received disconnect from 74.204.129.194 port 53264:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:22:59.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T04:23:43.963Z","@version":"1","message":"Sep 18 04:23:43 honeypot-sgp-1 kernel: [84351126.666575] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.156.73.58 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=25547 PROTO=TCP SPT=51774 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:24:38 honeypot-ams-1 sshd[4419]: Invalid user elk from 103.188.176.251 port 52788","@timestamp":"2022-09-18T04:24:38.988Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:27:02 honeypot-ams-1 sshd[4426]: Received disconnect from 124.221.41.109 port 41548:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:27:03.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:28:58 honeypot-ams-1 sshd[4433]: Received disconnect from 124.221.41.109 port 52190:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:28:58.106Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:29:03 honeypot-fra-1 sshd[26712]: Connection closed by invalid user elk 103.188.176.251 port 36872 [preauth]","@timestamp":"2022-09-18T04:29:04.477Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:29:47 honeypot-ams-1 sshd[4439]: Disconnected from authenticating user root 61.177.173.39 port 47222 [preauth]","@timestamp":"2022-09-18T04:29:48.131Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:30:09 honeypot-ams-1 kernel: [84351989.757934] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.89.30.115 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=48299 PROTO=TCP SPT=38037 DPT=80 WINDOW=3148 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:30:10.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:31:47 honeypot-ams-1 sshd[4447]: Received disconnect from 124.221.41.109 port 39890:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:31:48.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:32:36 honeypot-ams-1 sshd[4449]: Received disconnect from 123.41.0.20 port 27553:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:32:37.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:34:41 honeypot-ams-1 sshd[4456]: Received disconnect from 124.221.41.109 port 55766:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:34:41.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:35:36 honeypot-ams-1 sshd[4460]: Disconnected from authenticating user root 124.221.41.109 port 32804 [preauth]","@timestamp":"2022-09-18T04:35:37.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:36:34 honeypot-ams-1 sshd[4466]: Received disconnect from 124.221.41.109 port 38072:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:36:34.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:37:57 honeypot-ams-1 sshd[4478]: Disconnected from invalid user vy 1.224.37.98 port 46748 [preauth]","@timestamp":"2022-09-18T04:37:57.360Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:02 honeypot-fra-1 sshd[26719]: Received disconnect from 45.61.186.169 port 44758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T04:39:02.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:20 honeypot-fra-1 sshd[26723]: Invalid user user from 45.61.186.169 port 39612","@timestamp":"2022-09-18T04:39:21.715Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:39:33 honeypot-ams-1 sshd[4486]: Invalid user vncserver from 24.188.213.50 port 60094","@timestamp":"2022-09-18T04:39:34.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:37 honeypot-fra-1 sshd[26727]: Invalid user user from 45.61.186.169 port 34464","@timestamp":"2022-09-18T04:39:37.724Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:53 honeypot-fra-1 sshd[26731]: Invalid user user from 45.61.186.169 port 57536","@timestamp":"2022-09-18T04:39:53.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:40:15 honeypot-ams-1 kernel: [84352595.104654] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.4.80.223 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=57102 PROTO=TCP SPT=55705 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:40:15.428Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:41:07 honeypot-ams-1 kernel: [84352647.851835] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=128.116.131.60 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=56999 PROTO=TCP SPT=32374 DPT=443 WINDOW=62958 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:41:08.455Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:41:58 honeypot-ams-1 sshd[4499]: Disconnected from authenticating user root 178.128.34.59 port 53582 [preauth]","@timestamp":"2022-09-18T04:41:58.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:43:09 honeypot-fra-1 sshd[26736]: Invalid user fz from 45.119.215.150 port 33624","@timestamp":"2022-09-18T04:43:09.809Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:43:10 honeypot-ams-1 sshd[4505]: Disconnected from authenticating user root 124.221.41.109 port 46510 [preauth]","@timestamp":"2022-09-18T04:43:11.513Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:44:14 honeypot-ams-1 kernel: [84352834.230981] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.4.80.223 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=18722 PROTO=TCP SPT=55705 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:44:14.541Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:46:53 honeypot-ams-1 sshd[4519]: Received disconnect from 124.221.41.109 port 39052:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:46:54.613Z"}
{"@timestamp":"2022-09-18T04:48:18.545Z","@version":"1","message":"Sep 18 04:48:17 honeypot-sgp-1 kernel: [84352601.414430] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=56654 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:48:45 honeypot-ams-1 sshd[4523]: Received disconnect from 124.221.41.109 port 49380:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:48:45.665Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:50:37 honeypot-ams-1 sshd[4528]: Disconnected from authenticating user root 124.221.41.109 port 59688 [preauth]","@timestamp":"2022-09-18T04:50:37.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:51:31 honeypot-ams-1 sshd[4534]: Received disconnect from 124.221.41.109 port 36604:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:51:31.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:53:22 honeypot-ams-1 sshd[4540]: Disconnected from authenticating user root 124.221.41.109 port 46890 [preauth]","@timestamp":"2022-09-18T04:53:23.795Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:55:14 honeypot-ams-1 sshd[4547]: Received disconnect from 124.221.41.109 port 57156:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:55:14.850Z"}
{"@timestamp":"2022-09-18T04:55:51.745Z","@version":"1","message":"Sep 18 04:55:51 honeypot-sgp-1 sshd[29777]: Disconnected from invalid user username 92.255.85.69 port 30090 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:56:08 honeypot-ams-1 sshd[4550]: Disconnected from authenticating user root 124.221.41.109 port 34048 [preauth]","@timestamp":"2022-09-18T04:56:08.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:57:58 honeypot-ams-1 sshd[4555]: Disconnected from authenticating user root 124.221.41.109 port 44278 [preauth]","@timestamp":"2022-09-18T04:57:58.929Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:58:38 honeypot-fra-1 sshd[26742]: Disconnected from authenticating user root 178.22.168.219 port 52362 [preauth]","@timestamp":"2022-09-18T04:58:39.160Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:59:22 honeypot-ams-1 sshd[4560]: Disconnected from invalid user zeng 103.37.83.26 port 54470 [preauth]","@timestamp":"2022-09-18T04:59:22.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:00:44 honeypot-ams-1 sshd[4567]: Disconnected from authenticating user root 124.221.41.109 port 59572 [preauth]","@timestamp":"2022-09-18T05:00:45.008Z"}
{"@timestamp":"2022-09-18T05:02:21.905Z","@version":"1","message":"Sep 18 05:02:21 honeypot-sgp-1 sshd[29782]: Received disconnect from 45.181.32.41 port 40204:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:03:29 honeypot-ams-1 sshd[4577]: Received disconnect from 124.221.41.109 port 46574:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:03:30.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:03:57 honeypot-fra-1 sshd[26747]: Invalid user ubnt from 179.60.147.69 port 11504","@timestamp":"2022-09-18T05:03:58.283Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:05:18 honeypot-ams-1 sshd[4583]: Received disconnect from 124.221.41.109 port 56696:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:05:18.132Z"}
{"@timestamp":"2022-09-18T05:05:42.991Z","@version":"1","message":"Sep 18 05:05:42 honeypot-sgp-1 sshd[29786]: Disconnected from authenticating user root 159.65.77.254 port 50712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:07:05 honeypot-ams-1 sshd[4590]: Received disconnect from 124.221.41.109 port 38564:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:07:06.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:08:27 honeypot-ams-1 sshd[4596]: Invalid user username from 92.255.85.70 port 17840","@timestamp":"2022-09-18T05:08:28.218Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:09:48 honeypot-ams-1 sshd[4600]: Disconnected from authenticating user root 124.221.41.109 port 53668 [preauth]","@timestamp":"2022-09-18T05:09:49.257Z"}
{"@timestamp":"2022-09-18T05:10:41.114Z","@version":"1","message":"Sep 18 05:10:40 honeypot-sgp-1 sshd[29791]: Received disconnect from 41.209.43.93 port 34670:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:10:54 honeypot-ams-1 sshd[4602]: Connection closed by invalid user admin 193.106.191.157 port 46296 [preauth]","@timestamp":"2022-09-18T05:10:55.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:11:27 honeypot-fra-1 kernel: [84352296.020543] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=39592 PROTO=TCP SPT=52051 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:11:28.453Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T05:11:44.142Z","@version":"1","message":"Sep 18 05:11:43 honeypot-sgp-1 kernel: [84354006.651578] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=8181 DF PROTO=TCP SPT=53228 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:13:25 honeypot-ams-1 sshd[4613]: Received disconnect from 124.221.41.109 port 45514:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:13:26.359Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:15:13 honeypot-ams-1 sshd[4621]: Received disconnect from 124.221.41.109 port 55506:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:15:14.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:16:05 honeypot-ams-1 sshd[4625]: Disconnected from authenticating user root 124.221.41.109 port 60496 [preauth]","@timestamp":"2022-09-18T05:16:06.433Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:17:01 honeypot-fra-1 CRON[26755]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T05:17:01.608Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T05:17:02.269Z","@version":"1","message":"Sep 18 05:17:02 honeypot-sgp-1 CRON[29800]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:15 honeypot-ams-1 sshd[4636]: Disconnected from authenticating user root 201.186.40.35 port 34894 [preauth]","@timestamp":"2022-09-18T05:17:15.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:18:48 honeypot-ams-1 sshd[4643]: Received disconnect from 124.221.41.109 port 47212:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:18:49.509Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:20:37 honeypot-ams-1 kernel: [84355017.316232] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.160.177 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=6979 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:20:37.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:22:23 honeypot-ams-1 sshd[4651]: Disconnected from authenticating user root 124.221.41.109 port 38852 [preauth]","@timestamp":"2022-09-18T05:22:23.608Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:24:16 honeypot-fra-1 sshd[26761]: Received disconnect from 165.22.45.108 port 48844:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T05:24:16.772Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:24:16 honeypot-ams-1 sshd[4660]: Invalid user tushar from 159.65.235.114 port 53584","@timestamp":"2022-09-18T05:24:17.662Z"}
{"@timestamp":"2022-09-18T05:24:22.466Z","@version":"1","message":"Sep 18 05:24:21 honeypot-sgp-1 sshd[29809]: Invalid user radius from 210.4.123.219 port 15855","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:25:21 honeypot-ams-1 sshd[4664]: Disconnected from authenticating user root 61.177.173.36 port 15970 [preauth]","@timestamp":"2022-09-18T05:25:22.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:27:32 honeypot-ams-1 sshd[4670]: Received disconnect from 159.89.236.71 port 36696:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:27:33.755Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:28:57 honeypot-ams-1 kernel: [84355517.633359] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54583 PROTO=TCP SPT=54097 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:28:57.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:30:21 honeypot-ams-1 sshd[4683]: Received disconnect from 124.221.41.109 port 55098:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:30:21.835Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:30:42 honeypot-fra-1 kernel: [84353450.837520] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=38359 PROTO=TCP SPT=59006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:30:42.920Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T05:30:45.619Z","@version":"1","message":"Sep 18 05:30:44 honeypot-sgp-1 kernel: [84355148.060030] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=16435 PROTO=TCP SPT=59006 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:32:06 honeypot-ams-1 sshd[4687]: Received disconnect from 124.221.41.109 port 36712:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:32:07.892Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:34:21 honeypot-ams-1 sshd[4694]: Disconnected from authenticating user mail 190.128.169.130 port 58440 [preauth]","@timestamp":"2022-09-18T05:34:21.951Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:39:33 honeypot-fra-1 sshd[26770]: Disconnected from authenticating user root 180.250.115.121 port 35252 [preauth]","@timestamp":"2022-09-18T05:39:34.121Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T05:39:53.841Z","@version":"1","message":"Sep 18 05:39:53 honeypot-sgp-1 sshd[29817]: Received disconnect from 92.255.85.69 port 45818:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:41:29 honeypot-fra-1 sshd[26775]: Disconnected from invalid user botong 159.89.163.217 port 54936 [preauth]","@timestamp":"2022-09-18T05:41:30.166Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:42:17 honeypot-ams-1 sshd[4699]: Connection closed by invalid user test 179.60.147.69 port 50784 [preauth]","@timestamp":"2022-09-18T05:42:17.159Z"}
{"@timestamp":"2022-09-18T05:52:52.153Z","@version":"1","message":"Sep 18 05:52:52 honeypot-sgp-1 sshd[29820]: Disconnected from authenticating user root 196.223.151.194 port 38330 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:53:16 honeypot-ams-1 kernel: [84356976.521222] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=195.154.61.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=57145 PROTO=TCP SPT=59952 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:53:17.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:57:38 honeypot-ams-1 sshd[4717]: Received disconnect from 89.22.67.66 port 34606:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:57:38.565Z"}
{"@timestamp":"2022-09-18T05:58:16.304Z","@version":"1","message":"Sep 18 05:58:15 honeypot-sgp-1 kernel: [84356798.963825] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=114.254.21.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=8630 DF PROTO=TCP SPT=35470 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:01:05 honeypot-ams-1 kernel: [84357445.766796] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35073 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:01:06.657Z"}
{"@timestamp":"2022-09-18T06:03:44.439Z","@version":"1","message":"Sep 18 06:03:43 honeypot-sgp-1 sshd[29824]: Disconnected from invalid user team3 164.90.224.134 port 51776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:09:03.569Z","@version":"1","message":"Sep 18 06:09:02 honeypot-sgp-1 kernel: [84357446.249795] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=59302 DF PROTO=TCP SPT=59459 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:10:02 honeypot-ams-1 sshd[4726]: Disconnected from authenticating user root 61.177.172.19 port 33366 [preauth]","@timestamp":"2022-09-18T06:10:03.894Z"}
{"@timestamp":"2022-09-18T06:15:08.718Z","@version":"1","message":"Sep 18 06:15:07 honeypot-sgp-1 sshd[29831]: Connection closed by invalid user guest 179.60.147.69 port 39094 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:16:16 honeypot-fra-1 sshd[26874]: Connection closed by invalid user guest 179.60.147.69 port 50662 [preauth]","@timestamp":"2022-09-18T06:16:16.950Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:17:01 honeypot-ams-1 CRON[4825]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T06:17:02.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:22:06 honeypot-fra-1 sshd[26880]: Disconnected from invalid user test 92.255.85.69 port 42200 [preauth]","@timestamp":"2022-09-18T06:22:07.084Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:23:36 honeypot-ams-1 sshd[4833]: Received disconnect from 92.255.85.69 port 29374:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:23:37.256Z"}
{"@timestamp":"2022-09-18T06:23:54.932Z","@version":"1","message":"Sep 18 06:23:54 honeypot-sgp-1 sshd[29837]: Disconnected from invalid user lisha 167.172.187.120 port 40080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:25:01 honeypot-fra-1 CRON[26884]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T06:25:02.154Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:28:26.054Z","@version":"1","message":"Sep 18 06:28:25 honeypot-sgp-1 sshd[29980]: Received disconnect from 92.255.85.69 port 23858:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:29:51 honeypot-ams-1 kernel: [84359171.296591] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.98 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=45938 PROTO=TCP SPT=28341 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:29:51.536Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:31:20 honeypot-fra-1 kernel: [84357088.360858] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.199.93.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53322 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:31:20.300Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:35 honeypot-ams-1 sshd[5021]: Disconnected from invalid user admin 46.19.141.122 port 59210 [preauth]","@timestamp":"2022-09-18T06:31:35.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:10 honeypot-ams-1 sshd[5027]: Invalid user user from 46.19.141.122 port 53278","@timestamp":"2022-09-18T06:32:10.600Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:54 honeypot-ams-1 sshd[5031]: Invalid user admin from 46.19.141.122 port 48808","@timestamp":"2022-09-18T06:32:55.622Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:29 honeypot-ams-1 sshd[5035]: Invalid user raspberry from 46.19.141.122 port 58748","@timestamp":"2022-09-18T06:33:29.639Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:57 honeypot-ams-1 sshd[5039]: Invalid user usuario from 46.19.141.122 port 33210","@timestamp":"2022-09-18T06:33:57.654Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:25 honeypot-ams-1 sshd[5043]: Invalid user 1234 from 46.19.141.122 port 48990","@timestamp":"2022-09-18T06:34:25.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:55 honeypot-ams-1 sshd[5049]: Received disconnect from 46.19.141.122 port 57532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:34:55.683Z"}
{"@timestamp":"2022-09-18T06:35:00.215Z","@version":"1","message":"Sep 18 06:34:59 honeypot-sgp-1 sshd[29986]: Invalid user user from 45.61.186.249 port 43262","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:18.224Z","@version":"1","message":"Sep 18 06:35:17 honeypot-sgp-1 sshd[29990]: Invalid user user from 45.61.186.249 port 38530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:22 honeypot-ams-1 sshd[5054]: Disconnected from authenticating user root 46.19.141.122 port 57254 [preauth]","@timestamp":"2022-09-18T06:35:22.698Z"}
{"@timestamp":"2022-09-18T06:35:35.232Z","@version":"1","message":"Sep 18 06:35:35 honeypot-sgp-1 sshd[29994]: Invalid user user from 45.61.186.249 port 33848","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:57 honeypot-ams-1 sshd[5062]: Disconnected from authenticating user root 46.19.141.122 port 33140 [preauth]","@timestamp":"2022-09-18T06:35:57.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:36:27 honeypot-ams-1 sshd[5068]: Received disconnect from 61.177.173.36 port 45968:11:  [preauth]","@timestamp":"2022-09-18T06:36:27.732Z"}
{"@timestamp":"2022-09-18T06:37:26.277Z","@version":"1","message":"Sep 18 06:37:25 honeypot-sgp-1 sshd[29998]: Invalid user admin from 76.95.32.130 port 57480","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:38:15.300Z","@version":"1","message":"Sep 18 06:38:14 honeypot-sgp-1 sshd[30000]: Received disconnect from 104.131.249.57 port 40286:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:39:10 honeypot-ams-1 kernel: [84359730.883463] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=77.83.89.210 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=28232 DF PROTO=TCP SPT=46481 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:39:11.807Z"}
{"@timestamp":"2022-09-18T06:39:41.338Z","@version":"1","message":"Sep 18 06:39:41 honeypot-sgp-1 sshd[30002]: Disconnected from invalid user frolov 217.237.123.135 port 18754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:42:08.402Z","@version":"1","message":"Sep 18 06:42:08 honeypot-sgp-1 sshd[30005]: Disconnected from invalid user mysql 128.199.42.242 port 33170 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:43:35 honeypot-fra-1 sshd[27024]: Invalid user c_sarda from 221.213.129.46 port 45272","@timestamp":"2022-09-18T06:43:35.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:08 honeypot-fra-1 sshd[27028]: Did not receive identification string from 45.61.187.160 port 58152","@timestamp":"2022-09-18T06:44:08.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:18 honeypot-fra-1 sshd[27031]: Disconnected from invalid user manager 68.183.20.198 port 47566 [preauth]","@timestamp":"2022-09-18T06:44:19.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:33 honeypot-fra-1 sshd[27035]: Disconnected from invalid user user 45.61.187.160 port 47136 [preauth]","@timestamp":"2022-09-18T06:44:33.609Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:51 honeypot-fra-1 sshd[27039]: Disconnected from invalid user user 45.61.187.160 port 42456 [preauth]","@timestamp":"2022-09-18T06:44:51.617Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:45:07 honeypot-fra-1 sshd[27043]: Disconnected from invalid user user 45.61.187.160 port 37814 [preauth]","@timestamp":"2022-09-18T06:45:08.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:46:19 honeypot-fra-1 sshd[27048]: Received disconnect from 218.49.184.67 port 37820:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:46:20.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:47:02.522Z","@version":"1","message":"Sep 18 06:47:01 honeypot-sgp-1 CRON[30012]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:47:02 honeypot-fra-1 CRON[27052]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T06:47:02.673Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:52:05 honeypot-fra-1 sshd[27081]: Invalid user josefina from 43.154.211.62 port 42978","@timestamp":"2022-09-18T06:52:05.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:52:33 honeypot-fra-1 sshd[27085]: Connection closed by invalid user blank 179.60.147.69 port 14008 [preauth]","@timestamp":"2022-09-18T06:52:33.803Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:52:45 honeypot-ams-1 sshd[5173]: Disconnected from authenticating user root 61.177.173.51 port 37342 [preauth]","@timestamp":"2022-09-18T06:52:45.159Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:54:49 honeypot-ams-1 kernel: [84360669.599761] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.205.220 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35091 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:54:50.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:17 honeypot-ams-1 sshd[5183]: Received disconnect from 45.61.184.204 port 56822:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:56:18.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:36 honeypot-ams-1 sshd[5187]: Invalid user user from 45.61.184.204 port 52204","@timestamp":"2022-09-18T06:56:36.272Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:45 honeypot-ams-1 sshd[5191]: Received disconnect from 45.61.184.204 port 35768:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:56:46.278Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:57:03 honeypot-ams-1 sshd[5203]: Received disconnect from 45.61.184.204 port 59408:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:57:04.287Z"}
{"@timestamp":"2022-09-18T06:59:37.825Z","@version":"1","message":"Sep 18 06:59:37 honeypot-sgp-1 sshd[30037]: Invalid user admin from 221.185.76.103 port 33435","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:02:03 honeypot-fra-1 sshd[27094]: Bad protocol version identification 'MGLNDD_165.22.82.222_22' from 192.241.206.47 port 38220","@timestamp":"2022-09-18T07:02:04.020Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:02:39 honeypot-ams-1 kernel: [84361139.109020] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38863 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:02:39.435Z"}
{"@timestamp":"2022-09-18T07:03:01.912Z","@version":"1","message":"Sep 18 07:03:01 honeypot-sgp-1 sshd[30137]: Invalid user plex from 88.142.46.185 port 55472","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:04:08.941Z","@version":"1","message":"Sep 18 07:04:08 honeypot-sgp-1 sshd[30139]: Disconnected from invalid user oracle 219.249.140.30 port 60494 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:10:01.087Z","@version":"1","message":"Sep 18 07:10:00 honeypot-sgp-1 sshd[30144]: Invalid user xq from 137.116.144.39 port 54774","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:11:39 honeypot-ams-1 kernel: [84361678.997628] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53958 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:11:39.796Z"}
{"@timestamp":"2022-09-18T07:13:40.177Z","@version":"1","message":"Sep 18 07:13:39 honeypot-sgp-1 sshd[30148]: Disconnected from invalid user cloud-user 31.24.200.23 port 25500 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:15:45 honeypot-fra-1 sshd[27098]: Did not receive identification string from 45.61.187.160 port 56946","@timestamp":"2022-09-18T07:15:46.328Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:07 honeypot-fra-1 sshd[27102]: Disconnected from invalid user user 45.61.187.160 port 40774 [preauth]","@timestamp":"2022-09-18T07:16:07.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:24 honeypot-fra-1 sshd[27106]: Disconnected from invalid user user 45.61.187.160 port 36460 [preauth]","@timestamp":"2022-09-18T07:16:24.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:40 honeypot-fra-1 sshd[27110]: Disconnected from invalid user user 45.61.187.160 port 60398 [preauth]","@timestamp":"2022-09-18T07:16:41.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:17:12 honeypot-fra-1 kernel: [84359840.951997] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=62600 PROTO=TCP SPT=34173 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:17:13.366Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T07:17:46.280Z","@version":"1","message":"Sep 18 07:17:46 honeypot-sgp-1 sshd[30157]: Protocol major versions differ for 27.124.5.116 port 58194: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Server","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:18:41 honeypot-ams-1 sshd[5233]: Disconnected from authenticating user root 61.177.172.19 port 63011 [preauth]","@timestamp":"2022-09-18T07:18:41.982Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:23:01 honeypot-fra-1 sshd[27122]: Disconnecting invalid user admin 135.129.133.147 port 38411: Change of username or service not allowed: (admin,ssh-connection) -> (root,ssh-connection) [preauth]","@timestamp":"2022-09-18T07:23:02.498Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:26:42 honeypot-ams-1 sshd[5239]: Received disconnect from 45.61.184.204 port 53178:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:26:43.196Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:01 honeypot-ams-1 sshd[5244]: Invalid user user from 45.61.184.204 port 48678","@timestamp":"2022-09-18T07:27:02.207Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:20 honeypot-ams-1 sshd[5248]: Invalid user user from 45.61.184.204 port 44172","@timestamp":"2022-09-18T07:27:20.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:28 honeypot-ams-1 sshd[5252]: Received disconnect from 45.61.184.204 port 56118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:27:29.222Z"}
{"@timestamp":"2022-09-18T07:27:36.518Z","@version":"1","message":"Sep 18 07:27:35 honeypot-sgp-1 sshd[30162]: Connection closed by invalid user centos 179.60.147.69 port 44060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:29:55 honeypot-ams-1 sshd[5258]: Connection closed by invalid user mysql 193.106.191.157 port 52670 [preauth]","@timestamp":"2022-09-18T07:29:56.287Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:31:26 honeypot-ams-1 sshd[5256]: Connection reset by 61.177.173.47 port 55791 [preauth]","@timestamp":"2022-09-18T07:31:26.332Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:35:13 honeypot-fra-1 kernel: [84360921.149496] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=61388 PROTO=TCP SPT=52051 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:35:13.775Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:38:55 honeypot-ams-1 sshd[5272]: Received disconnect from 134.122.123.117 port 53508:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:38:55.529Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:40:42 honeypot-ams-1 sshd[5282]: Received disconnect from 134.122.123.117 port 56450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:40:43.579Z"}
{"@timestamp":"2022-09-18T07:49:07.025Z","@version":"1","message":"Sep 18 07:49:06 honeypot-sgp-1 sshd[30168]: Received disconnect from 45.61.186.249 port 42908:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:27.035Z","@version":"1","message":"Sep 18 07:49:26 honeypot-sgp-1 sshd[30172]: Received disconnect from 45.61.186.249 port 38518:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:45.043Z","@version":"1","message":"Sep 18 07:49:45 honeypot-sgp-1 sshd[30176]: Received disconnect from 45.61.186.249 port 34096:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:49:56 honeypot-fra-1 sshd[27136]: Received disconnect from 206.189.151.245 port 52366:11: Bye Bye [preauth]","@timestamp":"2022-09-18T07:49:57.104Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:51:33 honeypot-ams-1 sshd[5287]: Connection reset by 61.177.173.48 port 59436 [preauth]","@timestamp":"2022-09-18T07:51:33.864Z"}
{"@timestamp":"2022-09-18T07:55:30.181Z","@version":"1","message":"Sep 18 07:55:29 honeypot-sgp-1 kernel: [84363832.518304] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.208.129 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56810 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:00:34.302Z","@version":"1","message":"Sep 18 08:00:33 honeypot-sgp-1 sshd[30186]: Received disconnect from 92.255.85.70 port 29376:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:01:28 honeypot-fra-1 sshd[27142]: Received disconnect from 52.151.65.193 port 44184:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:01:29.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:01:56 honeypot-ams-1 sshd[5294]: Received disconnect from 65.182.3.163 port 43636:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:01:57.139Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:04:49 honeypot-fra-1 sshd[27147]: Connection closed by invalid user support 179.60.147.69 port 45008 [preauth]","@timestamp":"2022-09-18T08:04:49.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:05:49.431Z","@version":"1","message":"Sep 18 08:05:48 honeypot-sgp-1 kernel: [84364451.955689] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.212.119 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=48555 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:07:45 honeypot-ams-1 sshd[5302]: Received disconnect from 92.255.85.69 port 48384:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:07:46.324Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:17:01 honeypot-fra-1 CRON[27171]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T08:17:01.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:18:39 honeypot-fra-1 sshd[27176]: Received disconnect from 148.66.132.190 port 36396:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:18:39.762Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:23:13.845Z","@version":"1","message":"Sep 18 08:23:13 honeypot-sgp-1 kernel: [84365496.353003] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=120.48.123.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=36291 PROTO=TCP SPT=44740 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:25:23 honeypot-ams-1 kernel: [84366103.082226] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.89 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45208 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:25:23.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:28:23 honeypot-fra-1 sshd[27181]: Disconnected from authenticating user root 203.95.222.26 port 47346 [preauth]","@timestamp":"2022-09-18T08:28:23.981Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:28:34 honeypot-ams-1 sshd[5324]: Invalid user toor from 49.247.31.104 port 15843","@timestamp":"2022-09-18T08:28:34.877Z"}
{"@timestamp":"2022-09-18T08:30:27.017Z","@version":"1","message":"Sep 18 08:30:26 honeypot-sgp-1 kernel: [84365929.747048] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=9715 PROTO=TCP SPT=49809 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:30:42 honeypot-ams-1 sshd[5326]: Received disconnect from 134.209.175.24 port 47800:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:30:42.937Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:40:42 honeypot-fra-1 kernel: [84364850.368268] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.15.27 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5109 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:40:43.260Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T08:41:14.274Z","@version":"1","message":"Sep 18 08:41:13 honeypot-sgp-1 sshd[30228]: Did not receive identification string from 45.61.186.249 port 54516","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:03.296Z","@version":"1","message":"Sep 18 08:42:03 honeypot-sgp-1 sshd[30231]: Disconnected from invalid user user 45.61.186.249 port 57410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:22.305Z","@version":"1","message":"Sep 18 08:42:21 honeypot-sgp-1 sshd[30235]: Disconnected from invalid user user 45.61.186.249 port 52948 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:40.315Z","@version":"1","message":"Sep 18 08:42:39 honeypot-sgp-1 sshd[30239]: Disconnected from invalid user user 45.61.186.249 port 48484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:45:21.379Z","@version":"1","message":"Sep 18 08:45:21 honeypot-sgp-1 kernel: [84366824.449406] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:47:47.438Z","@version":"1","message":"Sep 18 08:47:47 honeypot-sgp-1 sshd[30246]: Did not receive identification string from 134.209.155.186 port 61000","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:47:52 honeypot-ams-1 kernel: [84367452.475098] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45235 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:47:53.402Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:49:55 honeypot-fra-1 kernel: [84365403.389297] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=152 PROTO=TCP SPT=56657 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:49:56.465Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:52:45 honeypot-ams-1 sshd[5367]: Received disconnect from 61.177.173.47 port 36315:11:  [preauth]","@timestamp":"2022-09-18T08:52:45.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:54:54 honeypot-ams-1 sshd[5374]: Invalid user admin from 92.255.85.69 port 36230","@timestamp":"2022-09-18T08:54:54.588Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:57:30 honeypot-ams-1 kernel: [84368030.832678] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=58720 PROTO=TCP SPT=4062 DPT=80 WINDOW=20118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:57:31.660Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:04 honeypot-fra-1 sshd[27644]: Received disconnect from 45.61.186.249 port 42764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:01:04.718Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:01:11.760Z","@version":"1","message":"Sep 18 09:01:11 honeypot-sgp-1 sshd[30249]: Received disconnect from 201.186.40.35 port 34286:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:23 honeypot-fra-1 sshd[27648]: Invalid user user from 45.61.186.249 port 37756","@timestamp":"2022-09-18T09:01:24.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:35 honeypot-fra-1 kernel: [84366103.756729] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40778 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:01:36.733Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:52 honeypot-fra-1 sshd[27654]: Disconnected from invalid user user 45.61.186.249 port 44364 [preauth]","@timestamp":"2022-09-18T09:01:52.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:15 honeypot-ams-1 sshd[5385]: Received disconnect from 149.74.230.97 port 52493:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:16.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:17 honeypot-ams-1 sshd[5389]: Disconnected from invalid user ubnt 149.74.230.97 port 52529 [preauth]","@timestamp":"2022-09-18T09:03:17.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:18 honeypot-ams-1 sshd[5395]: Disconnected from authenticating user root 149.74.230.97 port 52591 [preauth]","@timestamp":"2022-09-18T09:03:18.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:19 honeypot-ams-1 sshd[5401]: Disconnected from authenticating user root 149.74.230.97 port 52643 [preauth]","@timestamp":"2022-09-18T09:03:20.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:21 honeypot-ams-1 sshd[5407]: Disconnected from authenticating user root 149.74.230.97 port 52690 [preauth]","@timestamp":"2022-09-18T09:03:21.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:22 honeypot-ams-1 sshd[5413]: Disconnected from authenticating user root 149.74.230.97 port 52740 [preauth]","@timestamp":"2022-09-18T09:03:23.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:24 honeypot-ams-1 sshd[5419]: Disconnected from authenticating user root 149.74.230.97 port 52790 [preauth]","@timestamp":"2022-09-18T09:03:24.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:25 honeypot-ams-1 sshd[5425]: Disconnected from authenticating user root 149.74.230.97 port 52843 [preauth]","@timestamp":"2022-09-18T09:03:25.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:26 honeypot-ams-1 sshd[5431]: Disconnected from authenticating user root 149.74.230.97 port 52895 [preauth]","@timestamp":"2022-09-18T09:03:27.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:28 honeypot-ams-1 sshd[5437]: Disconnected from authenticating user root 149.74.230.97 port 52945 [preauth]","@timestamp":"2022-09-18T09:03:28.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:30 honeypot-ams-1 sshd[5443]: Disconnected from authenticating user root 149.74.230.97 port 52999 [preauth]","@timestamp":"2022-09-18T09:03:30.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:31 honeypot-ams-1 sshd[5449]: Disconnected from authenticating user root 149.74.230.97 port 53053 [preauth]","@timestamp":"2022-09-18T09:03:31.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:32 honeypot-ams-1 sshd[5455]: Disconnected from authenticating user root 149.74.230.97 port 53102 [preauth]","@timestamp":"2022-09-18T09:03:32.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:33 honeypot-ams-1 sshd[5459]: Disconnected from invalid user admin 149.74.230.97 port 53129 [preauth]","@timestamp":"2022-09-18T09:03:33.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:34 honeypot-ams-1 sshd[5464]: Disconnected from invalid user admin 149.74.230.97 port 53167 [preauth]","@timestamp":"2022-09-18T09:03:34.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:35 honeypot-ams-1 sshd[5468]: Disconnected from invalid user admin 149.74.230.97 port 53199 [preauth]","@timestamp":"2022-09-18T09:03:35.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:36 honeypot-ams-1 sshd[5472]: Disconnected from invalid user admin 149.74.230.97 port 53225 [preauth]","@timestamp":"2022-09-18T09:03:36.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:37 honeypot-ams-1 sshd[5476]: Disconnected from invalid user admin 149.74.230.97 port 53254 [preauth]","@timestamp":"2022-09-18T09:03:37.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:38 honeypot-ams-1 sshd[5482]: Received disconnect from 149.74.230.97 port 53309:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:38.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:39 honeypot-ams-1 sshd[5486]: Received disconnect from 149.74.230.97 port 53338:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:39.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:40 honeypot-ams-1 sshd[5490]: Received disconnect from 149.74.230.97 port 53387:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:41.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:42 honeypot-ams-1 sshd[5494]: Received disconnect from 149.74.230.97 port 53431:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:42.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:43 honeypot-ams-1 sshd[5498]: Received disconnect from 149.74.230.97 port 53460:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:43.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:44 honeypot-ams-1 sshd[5502]: Received disconnect from 149.74.230.97 port 53497:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:44.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5506]: Received disconnect from 149.74.230.97 port 53531:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:45.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5510]: Received disconnect from 149.74.230.97 port 53574:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:46.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:46 honeypot-ams-1 sshd[5514]: Received disconnect from 149.74.230.97 port 53593:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:47.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:47 honeypot-ams-1 sshd[5518]: Received disconnect from 149.74.230.97 port 53635:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:47.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:48 honeypot-ams-1 sshd[5522]: Received disconnect from 149.74.230.97 port 53657:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:48.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:49 honeypot-ams-1 sshd[5526]: Received disconnect from 149.74.230.97 port 53704:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:49.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:04:10 honeypot-fra-1 kernel: [84366257.832920] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=45156 PROTO=TCP SPT=43247 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:04:10.825Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T09:05:44.870Z","@version":"1","message":"Sep 18 09:05:44 honeypot-sgp-1 sshd[30254]: Received disconnect from 193.43.134.46 port 46912:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T09:08:11.942Z","@version":"1","message":"Sep 18 09:08:11 honeypot-sgp-1 sshd[30258]: Disconnected from authenticating user root 167.172.79.233 port 56594 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:10:05 honeypot-fra-1 kernel: [84366613.621276] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=163.123.143.250 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54449 PROTO=TCP SPT=47785 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:10:05.961Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:49 honeypot-fra-1 sshd[27672]: Received disconnect from 45.61.187.160 port 45758:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:11:50.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:05 honeypot-fra-1 sshd[27676]: Received disconnect from 45.61.187.160 port 40484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:12:06.011Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:20 honeypot-fra-1 sshd[27680]: Received disconnect from 45.61.187.160 port 35216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:12:21.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:13:18.068Z","@version":"1","message":"Sep 18 09:13:17 honeypot-sgp-1 kernel: [84368501.092652] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.68.252.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=52982 PROTO=TCP SPT=52396 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:15:03 honeypot-ams-1 sshd[5537]: Received disconnect from 61.177.173.36 port 43453:11:  [preauth]","@timestamp":"2022-09-18T09:15:04.146Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:15:26 honeypot-fra-1 sshd[27685]: Did not receive identification string from 45.61.184.204 port 53070","@timestamp":"2022-09-18T09:15:27.090Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:15:59 honeypot-fra-1 sshd[27688]: Disconnected from invalid user user 45.61.184.204 port 58902 [preauth]","@timestamp":"2022-09-18T09:16:00.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:19 honeypot-fra-1 sshd[27700]: Received disconnect from 45.61.184.204 port 54348:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:16:20.114Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:39 honeypot-fra-1 sshd[27704]: Received disconnect from 45.61.184.204 port 49798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:16:40.136Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:17:01 honeypot-fra-1 CRON[27709]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T09:17:02.146Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:17:02.159Z","@version":"1","message":"Sep 18 09:17:01 honeypot-sgp-1 CRON[30264]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:19:28 honeypot-ams-1 kernel: [84369348.866749] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.59.85.184 DST=178.62.254.91 LEN=48 TOS=0x00 PREC=0x00 TTL=49 ID=11811 DF PROTO=TCP SPT=63219 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:19:29.265Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:21:12 honeypot-ams-1 sshd[5546]: Received disconnect from 223.255.187.154 port 47197:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:21:12.317Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:24:26 honeypot-fra-1 sshd[27717]: Received disconnect from 92.255.85.69 port 19244:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:24:27.316Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:24:58 honeypot-ams-1 sshd[5555]: Received disconnect from 115.68.220.85 port 47518:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:24:59.420Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:15 honeypot-ams-1 sshd[5560]: Received disconnect from 61.177.173.37 port 19843:11:  [preauth]","@timestamp":"2022-09-18T09:25:16.431Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:37 honeypot-fra-1 sshd[27722]: Received disconnect from 45.61.187.160 port 54378:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:25:38.347Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:45 honeypot-ams-1 sshd[5564]: Invalid user user from 45.61.187.160 port 55250","@timestamp":"2022-09-18T09:25:45.447Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:54 honeypot-fra-1 sshd[27727]: Received disconnect from 45.61.187.160 port 49048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:25:55.356Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:01 honeypot-ams-1 sshd[5568]: Invalid user user from 45.61.187.160 port 49916","@timestamp":"2022-09-18T09:26:02.457Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:11 honeypot-fra-1 sshd[27731]: Received disconnect from 45.61.187.160 port 43746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:26:12.365Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:18 honeypot-ams-1 sshd[5572]: Invalid user user from 45.61.187.160 port 44592","@timestamp":"2022-09-18T09:26:18.465Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:27 honeypot-fra-1 sshd[27735]: Received disconnect from 45.61.187.160 port 38406:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:26:28.373Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:27:19 honeypot-ams-1 sshd[5576]: Invalid user isauro from 192.227.166.144 port 41028","@timestamp":"2022-09-18T09:27:19.492Z"}
{"@timestamp":"2022-09-18T09:28:21.429Z","@version":"1","message":"Sep 18 09:28:20 honeypot-sgp-1 sshd[30704]: Invalid user admin from 92.255.85.70 port 51940","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:28:44 honeypot-ams-1 sshd[5580]: Invalid user mysql from 193.106.191.157 port 45468","@timestamp":"2022-09-18T09:28:44.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:29:32 honeypot-ams-1 sshd[5584]: Received disconnect from 103.253.175.10 port 42506:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:29:32.559Z"}
{"@timestamp":"2022-09-18T09:31:45.512Z","@version":"1","message":"Sep 18 09:31:45 honeypot-sgp-1 sshd[30706]: Disconnected from authenticating user root 182.59.139.27 port 36748 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:32:32 honeypot-fra-1 sshd[27738]: Disconnected from invalid user admin 89.218.80.61 port 57946 [preauth]","@timestamp":"2022-09-18T09:32:32.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:38 honeypot-fra-1 sshd[27743]: Received disconnect from 45.61.186.249 port 41374:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:33:39.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:49 honeypot-fra-1 sshd[27746]: Disconnected from authenticating user root 34.81.150.245 port 40954 [preauth]","@timestamp":"2022-09-18T09:33:50.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:08 honeypot-fra-1 sshd[27752]: Disconnected from invalid user user 45.61.186.249 port 48268 [preauth]","@timestamp":"2022-09-18T09:34:08.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:16 honeypot-fra-1 sshd[27756]: Disconnected from invalid user user 45.61.186.249 port 59948 [preauth]","@timestamp":"2022-09-18T09:34:17.556Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:35:17 honeypot-fra-1 kernel: [84368125.521829] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=197.248.10.44 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=60999 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:35:18.580Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:38:07 honeypot-ams-1 kernel: [84370466.894805] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=49191 PROTO=TCP SPT=43262 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:38:07.802Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:42:11 honeypot-fra-1 sshd[27767]: Received disconnect from 143.244.189.18 port 37126:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:42:12.736Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:43:46 honeypot-ams-1 sshd[5602]: Received disconnect from 61.177.173.36 port 62266:11:  [preauth]","@timestamp":"2022-09-18T09:43:46.954Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:44:57 honeypot-fra-1 sshd[27773]: Received disconnect from 202.29.13.51 port 51730:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:44:57.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:47:20.881Z","@version":"1","message":"Sep 18 09:47:20 honeypot-sgp-1 kernel: [84370543.549885] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.168.28.237 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=26945 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:47:32 honeypot-ams-1 sshd[5608]: Invalid user admin from 92.255.85.69 port 48066","@timestamp":"2022-09-18T09:47:33.059Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:48:52 honeypot-fra-1 kernel: [84368940.613715] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43443 PROTO=TCP SPT=43262 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:48:53.889Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T09:50:09.950Z","@version":"1","message":"Sep 18 09:50:09 honeypot-sgp-1 sshd[30722]: Received disconnect from 124.194.123.242 port 55580:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:28 honeypot-fra-1 sshd[27783]: Received disconnect from 45.61.184.204 port 48204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:50:28.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:49 honeypot-fra-1 sshd[27787]: Received disconnect from 45.61.184.204 port 43538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:50:49.937Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:51:07 honeypot-fra-1 sshd[27791]: Received disconnect from 45.61.184.204 port 38876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:51:07.945Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:52:17.004Z","@version":"1","message":"Sep 18 09:52:16 honeypot-sgp-1 sshd[30727]: Connection closed by invalid user admin 179.60.147.69 port 53208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:53:23 honeypot-fra-1 sshd[27796]: Connection closed by invalid user admin 179.60.147.69 port 63508 [preauth]","@timestamp":"2022-09-18T09:53:23.998Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:55:25 honeypot-ams-1 sshd[5613]: Received disconnect from 61.177.173.36 port 55072:11:  [preauth]","@timestamp":"2022-09-18T09:55:26.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27806]: Invalid user postgres from 140.246.118.203 port 41926","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27806]: Connection closed by invalid user postgres 140.246.118.203 port 41926 [preauth]","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:56:02 honeypot-fra-1 sshd[27807]: Invalid user odoo from 140.246.118.203 port 41930","@timestamp":"2022-09-18T09:56:03.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:56:59 honeypot-ams-1 sshd[5617]: Disconnected from authenticating user root 61.177.173.46 port 28042 [preauth]","@timestamp":"2022-09-18T09:57:00.308Z"}
{"@timestamp":"2022-09-18T10:01:31.226Z","@version":"1","message":"Sep 18 10:01:30 honeypot-sgp-1 sshd[30730]: Connection closed by invalid user  64.62.197.212 port 52528 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:07:10 honeypot-fra-1 sshd[27820]: Invalid user  from 64.62.197.77 port 46618","@timestamp":"2022-09-18T10:07:11.313Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:13:15 honeypot-fra-1 sshd[27825]: Received disconnect from 51.250.65.57 port 40634:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:13:15.452Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:15:16 honeypot-ams-1 kernel: [84372696.462342] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52396 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:15:16.783Z"}
{"@timestamp":"2022-09-18T10:17:01.592Z","@version":"1","message":"Sep 18 10:17:01 honeypot-sgp-1 CRON[30737]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:17:01 honeypot-fra-1 CRON[27830]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T10:17:02.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:21:34.700Z","@version":"1","message":"Sep 18 10:21:34 honeypot-sgp-1 sshd[30742]: Disconnected from invalid user admin 92.255.85.69 port 36530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:22:47.734Z","@version":"1","message":"Sep 18 10:22:46 honeypot-sgp-1 sshd[30747]: Received disconnect from 111.22.49.59 port 60036:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:24:05 honeypot-ams-1 sshd[5634]: Disconnected from invalid user admin 92.255.85.70 port 36382 [preauth]","@timestamp":"2022-09-18T10:24:06.013Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:35 honeypot-fra-1 sshd[27835]: Received disconnect from 179.86.94.249 port 5850:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:25:35.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:39 honeypot-fra-1 sshd[27839]: Disconnected from invalid user ubnt 179.86.94.249 port 5852 [preauth]","@timestamp":"2022-09-18T10:25:39.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:44 honeypot-fra-1 sshd[27845]: Disconnected from authenticating user root 179.86.94.249 port 5855 [preauth]","@timestamp":"2022-09-18T10:25:44.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:50 honeypot-fra-1 sshd[27851]: Disconnected from authenticating user root 179.86.94.249 port 5858 [preauth]","@timestamp":"2022-09-18T10:25:50.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:56 honeypot-fra-1 sshd[27857]: Disconnected from authenticating user root 179.86.94.249 port 5861 [preauth]","@timestamp":"2022-09-18T10:25:56.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:01 honeypot-fra-1 sshd[27863]: Disconnected from authenticating user root 179.86.94.249 port 5864 [preauth]","@timestamp":"2022-09-18T10:26:01.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:07 honeypot-fra-1 sshd[27869]: Disconnected from authenticating user root 179.86.94.249 port 5867 [preauth]","@timestamp":"2022-09-18T10:26:07.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:12 honeypot-fra-1 sshd[27875]: Disconnected from authenticating user root 179.86.94.249 port 5870 [preauth]","@timestamp":"2022-09-18T10:26:13.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:18 honeypot-fra-1 sshd[27881]: Received disconnect from 179.86.94.249 port 5873:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:18.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:24 honeypot-fra-1 sshd[27887]: Received disconnect from 179.86.94.249 port 5876:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:24.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:29 honeypot-fra-1 sshd[27893]: Received disconnect from 179.86.94.249 port 5879:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:30.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:35 honeypot-fra-1 sshd[27899]: Received disconnect from 179.86.94.249 port 5882:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:35.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:41 honeypot-fra-1 sshd[27905]: Received disconnect from 179.86.94.249 port 5885:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:41.768Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:26:43.834Z","@version":"1","message":"Sep 18 10:26:43 honeypot-sgp-1 sshd[30753]: Invalid user ubuntu from 121.165.140.242 port 42072","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:44 honeypot-fra-1 sshd[27909]: Received disconnect from 179.86.94.249 port 5887:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:45.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:48 honeypot-fra-1 sshd[27913]: Received disconnect from 179.86.94.249 port 5889:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:48.772Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:52 honeypot-fra-1 sshd[27917]: Received disconnect from 179.86.94.249 port 5891:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:52.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:56 honeypot-fra-1 sshd[27921]: Received disconnect from 179.86.94.249 port 5893:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:56.776Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:59 honeypot-fra-1 sshd[27925]: Received disconnect from 179.86.94.249 port 5895:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:00.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:03 honeypot-fra-1 sshd[27929]: Disconnected from authenticating user root 179.86.94.249 port 5897 [preauth]","@timestamp":"2022-09-18T10:27:03.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:09 honeypot-fra-1 sshd[27935]: Invalid user pi from 179.86.94.249 port 5900","@timestamp":"2022-09-18T10:27:09.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:11 honeypot-fra-1 sshd[27937]: Disconnected from invalid user user 179.86.94.249 port 5901 [preauth]","@timestamp":"2022-09-18T10:27:11.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:14 honeypot-fra-1 sshd[27941]: Disconnected from invalid user mine 179.86.94.249 port 5903 [preauth]","@timestamp":"2022-09-18T10:27:15.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:18 honeypot-fra-1 sshd[27945]: Disconnected from invalid user xbmc 179.86.94.249 port 5905 [preauth]","@timestamp":"2022-09-18T10:27:18.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:22 honeypot-fra-1 sshd[27949]: Disconnected from invalid user oracle 179.86.94.249 port 5907 [preauth]","@timestamp":"2022-09-18T10:27:22.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:26 honeypot-fra-1 sshd[27953]: Disconnected from invalid user postgres 179.86.94.249 port 5909 [preauth]","@timestamp":"2022-09-18T10:27:26.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:29 honeypot-fra-1 sshd[27957]: Disconnected from invalid user support 179.86.94.249 port 5911 [preauth]","@timestamp":"2022-09-18T10:27:30.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:33 honeypot-fra-1 sshd[27961]: Disconnected from invalid user ubuntu 179.86.94.249 port 5913 [preauth]","@timestamp":"2022-09-18T10:27:33.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:37 honeypot-fra-1 sshd[27965]: Disconnected from invalid user ubuntu 179.86.94.249 port 5915 [preauth]","@timestamp":"2022-09-18T10:27:37.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:40 honeypot-fra-1 sshd[27969]: Disconnected from invalid user guest 179.86.94.249 port 5851 [preauth]","@timestamp":"2022-09-18T10:27:41.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:44 honeypot-fra-1 sshd[27973]: Disconnected from invalid user cirros 179.86.94.249 port 5853 [preauth]","@timestamp":"2022-09-18T10:27:44.808Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:30:31.928Z","@version":"1","message":"Sep 18 10:30:31 honeypot-sgp-1 kernel: [84373134.452042] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.209.39 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55290 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:31:56 honeypot-fra-1 kernel: [84371523.944254] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.204.84 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=52970 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:31:56.905Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 10:32:26 honeypot-ams-1 kernel: [84373726.829746] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.238 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=56801 DPT=80 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-18T10:32:27.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:34:55 honeypot-ams-1 sshd[5641]: Received disconnect from 45.119.215.150 port 45250:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:34:55.335Z"}
{"@timestamp":"2022-09-18T10:42:39.222Z","@version":"1","message":"Sep 18 10:42:38 honeypot-sgp-1 sshd[30761]: Connection closed by invalid user admin 178.128.125.205 port 51590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:06 honeypot-ams-1 sshd[5646]: Received disconnect from 110.235.243.121 port 41568:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:43:07.551Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:57 honeypot-ams-1 sshd[5650]: Invalid user redis from 143.244.178.40 port 34376","@timestamp":"2022-09-18T10:43:57.575Z"}
{"@timestamp":"2022-09-18T10:45:18.288Z","@version":"1","message":"Sep 18 10:45:17 honeypot-sgp-1 kernel: [84374020.400824] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.2.240.220 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=43515 DF PROTO=TCP SPT=53159 DPT=80 WINDOW=62720 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:49:59 honeypot-ams-1 sshd[5655]: Disconnected from 161.35.113.79 port 48814 [preauth]","@timestamp":"2022-09-18T10:49:59.729Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:55:06 honeypot-fra-1 kernel: [84372913.813714] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=30903 PROTO=TCP SPT=52553 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:55:06.441Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:56:56 honeypot-fra-1 sshd[27984]: Disconnected from invalid user teste 92.255.85.70 port 63554 [preauth]","@timestamp":"2022-09-18T10:56:56.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:59:53 honeypot-fra-1 sshd[27987]: Disconnected from invalid user user 45.61.184.204 port 42858 [preauth]","@timestamp":"2022-09-18T10:59:54.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:13 honeypot-fra-1 sshd[27994]: Received disconnect from 45.61.184.204 port 37880:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:00:13.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:30 honeypot-fra-1 sshd[27998]: Invalid user user from 45.61.184.204 port 32958","@timestamp":"2022-09-18T11:00:30.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:47 honeypot-fra-1 sshd[28002]: Invalid user user from 45.61.184.204 port 56162","@timestamp":"2022-09-18T11:00:47.579Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:05:55 honeypot-fra-1 sshd[28005]: Connection closed by invalid user user 179.60.147.69 port 3012 [preauth]","@timestamp":"2022-09-18T11:05:56.699Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:08:06 honeypot-ams-1 sshd[5664]: Invalid user user from 179.60.147.69 port 39342","@timestamp":"2022-09-18T11:08:07.206Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:09:42 honeypot-ams-1 kernel: [84375962.594583] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.233 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=21986 PROTO=TCP SPT=59346 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:09:43.255Z"}
{"@timestamp":"2022-09-18T11:11:13.928Z","@version":"1","message":"Sep 18 11:11:13 honeypot-sgp-1 sshd[30772]: Invalid user teste from 92.255.85.69 port 21312","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:17:01 honeypot-ams-1 CRON[5670]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T11:17:01.814Z"}
{"@timestamp":"2022-09-18T11:17:02.067Z","@version":"1","message":"Sep 18 11:17:01 honeypot-sgp-1 CRON[30775]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:21:06 honeypot-ams-1 sshd[5675]: Received disconnect from 92.255.85.70 port 18394:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:21:06.924Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:21:06 honeypot-fra-1 kernel: [84374474.313093] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=61209 PROTO=TCP SPT=59154 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:21:07.042Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:27:44 honeypot-ams-1 sshd[5680]: Invalid user mysql from 193.106.191.157 port 38350","@timestamp":"2022-09-18T11:27:45.102Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:31:02 honeypot-fra-1 kernel: [84375070.304186] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44004 PROTO=TCP SPT=40607 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:31:03.263Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:31:04 honeypot-ams-1 kernel: [84377244.211212] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30463 PROTO=TCP SPT=40607 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:31:05.194Z"}
{"@timestamp":"2022-09-18T11:32:28.459Z","@version":"1","message":"Sep 18 11:32:27 honeypot-sgp-1 kernel: [84376850.571890] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59209 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:37:37 honeypot-ams-1 sshd[5686]: Disconnected from invalid user zai 159.203.102.122 port 58604 [preauth]","@timestamp":"2022-09-18T11:37:38.365Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:38:07 honeypot-fra-1 kernel: [84375494.931427] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=60646 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:38:08.426Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:04 honeypot-ams-1 sshd[5691]: Invalid user user from 45.61.186.249 port 36110","@timestamp":"2022-09-18T11:42:05.488Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:14 honeypot-ams-1 sshd[5693]: Disconnected from invalid user user 45.61.186.249 port 47770 [preauth]","@timestamp":"2022-09-18T11:42:15.493Z"}
{"@timestamp":"2022-09-18T11:42:18.697Z","@version":"1","message":"Sep 18 11:42:17 honeypot-sgp-1 sshd[30789]: Received disconnect from 202.163.109.35 port 35376:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:24 honeypot-ams-1 sshd[5698]: Disconnected from invalid user user 45.61.186.249 port 59474 [preauth]","@timestamp":"2022-09-18T11:42:24.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:33 honeypot-ams-1 sshd[5702]: Disconnected from invalid user user 45.61.186.249 port 42860 [preauth]","@timestamp":"2022-09-18T11:42:33.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:51 honeypot-ams-1 sshd[5706]: Disconnected from invalid user user 45.61.186.249 port 37950 [preauth]","@timestamp":"2022-09-18T11:42:52.513Z"}
{"@timestamp":"2022-09-18T11:44:05.743Z","@version":"1","message":"Sep 18 11:44:04 honeypot-sgp-1 sshd[30793]: Disconnected from authenticating user root 152.32.236.12 port 57042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:45:03 honeypot-fra-1 sshd[28030]: Disconnected from invalid user prueba 92.255.85.69 port 57864 [preauth]","@timestamp":"2022-09-18T11:45:03.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:47:19 honeypot-ams-1 kernel: [84378219.679220] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=60807 PROTO=TCP SPT=41222 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:47:20.637Z"}
{"@timestamp":"2022-09-18T11:48:38.857Z","@version":"1","message":"Sep 18 11:48:38 honeypot-sgp-1 sshd[30796]: Received disconnect from 92.255.85.70 port 57840:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:49:07 honeypot-ams-1 sshd[5717]: Invalid user nh from 43.155.100.37 port 34076","@timestamp":"2022-09-18T11:49:08.689Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:50:04 honeypot-fra-1 sshd[28037]: Disconnected from authenticating user root 137.184.113.110 port 33662 [preauth]","@timestamp":"2022-09-18T11:50:04.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:35 honeypot-fra-1 sshd[28045]: Received disconnect from 45.61.186.169 port 49246:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:53:35.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:52 honeypot-fra-1 sshd[28049]: Received disconnect from 45.61.186.169 port 43896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:53:53.788Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:09 honeypot-fra-1 sshd[28053]: Received disconnect from 45.61.186.169 port 38544:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:54:09.796Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:25 honeypot-fra-1 sshd[28057]: Received disconnect from 45.61.186.169 port 33192:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:54:25.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:00:29 honeypot-ams-1 kernel: [84379008.894102] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.37.202.99 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=25258 PROTO=TCP SPT=58711 DPT=443 WINDOW=56680 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:00:29.995Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:05:54 honeypot-ams-1 sshd[5725]: Received disconnect from 45.61.187.160 port 42484:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:05:55.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:12 honeypot-ams-1 sshd[5729]: Received disconnect from 45.61.187.160 port 37204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:06:13.151Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:29 honeypot-ams-1 sshd[5733]: Received disconnect from 45.61.187.160 port 60122:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:06:30.159Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:45 honeypot-ams-1 sshd[5737]: Received disconnect from 45.61.187.160 port 54826:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:06:46.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:07:46 honeypot-ams-1 sshd[5741]: Disconnected from authenticating user root 181.46.124.28 port 59372 [preauth]","@timestamp":"2022-09-18T12:07:47.190Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:07:47 honeypot-fra-1 kernel: [84377274.557964] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=39061 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:07:48.108Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T12:08:55.346Z","@version":"1","message":"Sep 18 12:08:54 honeypot-sgp-1 kernel: [84379037.598044] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=230 ID=7161 PROTO=TCP SPT=42404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:13:13 honeypot-ams-1 sshd[5746]: Invalid user test from 154.61.72.164 port 53106","@timestamp":"2022-09-18T12:13:14.338Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:15:39 honeypot-ams-1 sshd[5749]: Disconnected from invalid user user0 195.29.51.133 port 35705 [preauth]","@timestamp":"2022-09-18T12:15:40.404Z"}
{"@timestamp":"2022-09-18T12:17:01.550Z","@version":"1","message":"Sep 18 12:17:01 honeypot-sgp-1 CRON[30806]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:17:01 honeypot-fra-1 CRON[28063]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T12:17:02.320Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:02 honeypot-ams-1 sshd[5755]: Disconnected from invalid user user 45.61.186.249 port 51960 [preauth]","@timestamp":"2022-09-18T12:18:03.468Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:21 honeypot-ams-1 sshd[5759]: Disconnected from invalid user user 45.61.186.249 port 47048 [preauth]","@timestamp":"2022-09-18T12:18:22.479Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:40 honeypot-ams-1 sshd[5763]: Disconnected from invalid user user 45.61.186.249 port 42136 [preauth]","@timestamp":"2022-09-18T12:18:40.488Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:56 honeypot-ams-1 sshd[5767]: Disconnected from invalid user user 45.61.186.249 port 37258 [preauth]","@timestamp":"2022-09-18T12:18:57.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:05 honeypot-ams-1 sshd[5771]: Invalid user pi from 130.193.40.11 port 52654","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5779]: Invalid user postgres from 130.193.40.11 port 52692","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5778]: Connection closed by invalid user pi 130.193.40.11 port 52652 [preauth]","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5787]: Invalid user admin from 130.193.40.11 port 52658","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5779]: Connection closed by invalid user postgres 130.193.40.11 port 52692 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5780]: Connection closed by authenticating user root 130.193.40.11 port 52696 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5803]: Connection closed by authenticating user root 130.193.40.11 port 52590 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5773]: Connection closed by invalid user ubuntu 130.193.40.11 port 52650 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:08 honeypot-ams-1 sshd[5826]: Connection closed by authenticating user root 130.193.40.11 port 52688 [preauth]","@timestamp":"2022-09-18T12:20:09.532Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:21 honeypot-ams-1 sshd[5839]: Invalid user mongo from 45.20.209.253 port 57784","@timestamp":"2022-09-18T12:20:21.539Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:22:47 honeypot-fra-1 kernel: [84378174.542934] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=16113 PROTO=TCP SPT=43732 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:22:47.451Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:27:23 honeypot-fra-1 sshd[28074]: Received disconnect from 143.244.158.100 port 42608:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:27:24.560Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:27:57 honeypot-ams-1 kernel: [84380657.055732] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49387 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:27:57.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:29:08 honeypot-fra-1 sshd[28080]: Received disconnect from 143.244.158.100 port 59774:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:29:08.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:31:41 honeypot-fra-1 sshd[28087]: Received disconnect from 143.244.158.100 port 40014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:31:42.663Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:33:22 honeypot-fra-1 sshd[28091]: Received disconnect from 143.244.158.100 port 55040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:33:23.706Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 12:34:28 honeypot-ams-1 kernel: [84381048.343135] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.229.61.193 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=34909 PROTO=TCP SPT=55785 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:34:28.914Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:35:52 honeypot-fra-1 sshd[28097]: Received disconnect from 143.244.158.100 port 36928:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:35:53.765Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:37:22.043Z","@version":"1","message":"Sep 18 12:37:21 honeypot-sgp-1 sshd[30812]: Received disconnect from 51.255.204.101 port 41314:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:38:11 honeypot-ams-1 sshd[5852]: Received disconnect from 92.255.85.69 port 44224:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:38:12.014Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:38:15 honeypot-fra-1 sshd[28104]: Connection closed by 192.241.207.186 port 40460 [preauth]","@timestamp":"2022-09-18T12:38:15.821Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:29 honeypot-fra-1 sshd[28110]: Connection closed by invalid user admin 137.184.48.78 port 60456 [preauth]","@timestamp":"2022-09-18T12:39:29.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:31 honeypot-fra-1 sshd[28116]: Connection closed by invalid user admin 137.184.48.78 port 34040 [preauth]","@timestamp":"2022-09-18T12:39:32.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:41:50 honeypot-fra-1 sshd[28123]: Received disconnect from 143.244.158.100 port 53054:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:41:50.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:42:37.172Z","@version":"1","message":"Sep 18 12:42:36 honeypot-sgp-1 sshd[30817]: Disconnected from authenticating user root 20.212.109.250 port 54862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:42:42 honeypot-fra-1 sshd[28127]: Disconnected from authenticating user root 143.244.158.100 port 50384 [preauth]","@timestamp":"2022-09-18T12:42:42.931Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:44:05.210Z","@version":"1","message":"Sep 18 12:44:04 honeypot-sgp-1 sshd[30822]: Received disconnect from 59.103.236.85 port 9024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:45:16 honeypot-fra-1 sshd[28134]: Disconnected from authenticating user root 143.244.158.100 port 53164 [preauth]","@timestamp":"2022-09-18T12:45:17.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:47:46 honeypot-fra-1 sshd[28141]: Disconnected from authenticating user root 143.244.158.100 port 41596 [preauth]","@timestamp":"2022-09-18T12:47:47.062Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:48:38.323Z","@version":"1","message":"Sep 18 12:48:37 honeypot-sgp-1 sshd[30827]: Received disconnect from 165.22.111.185 port 44060:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:49:45 honeypot-fra-1 kernel: [84379792.383039] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.151.215 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=14818 DF PROTO=TCP SPT=39680 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:49:46.109Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:52:17 honeypot-fra-1 sshd[28152]: Disconnected from authenticating user root 143.244.158.100 port 36792 [preauth]","@timestamp":"2022-09-18T12:52:18.176Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:54:07.459Z","@version":"1","message":"Sep 18 12:54:07 honeypot-sgp-1 sshd[30835]: Invalid user ubuntu from 52.151.24.212 port 52884","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:54:47 honeypot-fra-1 sshd[28158]: Disconnected from authenticating user root 143.244.158.100 port 43812 [preauth]","@timestamp":"2022-09-18T12:54:48.236Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:57:24 honeypot-fra-1 sshd[28166]: Received disconnect from 143.244.158.100 port 51900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:57:25.298Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:58:41.573Z","@version":"1","message":"Sep 18 12:58:41 honeypot-sgp-1 sshd[30837]: Received disconnect from 77.82.90.234 port 43886:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:46 honeypot-fra-1 sshd[28171]: Invalid user user from 45.61.184.204 port 33192","@timestamp":"2022-09-18T12:58:47.334Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:04 honeypot-fra-1 sshd[28175]: Received disconnect from 143.244.158.100 port 45740:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:59:05.342Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:15 honeypot-fra-1 sshd[28179]: Received disconnect from 45.61.184.204 port 39666:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:59:16.348Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:34 honeypot-fra-1 sshd[28185]: Invalid user user from 45.61.184.204 port 34578","@timestamp":"2022-09-18T12:59:34.356Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:45 honeypot-fra-1 sshd[28183]: Connection closed by invalid user mysql 193.106.191.157 port 39194 [preauth]","@timestamp":"2022-09-18T12:59:46.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:54 honeypot-fra-1 sshd[28191]: Disconnected from authenticating user root 143.244.158.100 port 55614 [preauth]","@timestamp":"2022-09-18T12:59:55.367Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:01:37 honeypot-fra-1 sshd[28197]: Disconnected from authenticating user root 143.244.158.100 port 55748 [preauth]","@timestamp":"2022-09-18T13:01:37.438Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:03:23 honeypot-fra-1 sshd[28204]: Received disconnect from 143.244.158.100 port 34144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:03:24.486Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:04:02 honeypot-ams-1 kernel: [84382821.798377] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.95 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=23257 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:04:02.696Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:05:07 honeypot-fra-1 sshd[28208]: Disconnected from authenticating user root 143.244.158.100 port 45966 [preauth]","@timestamp":"2022-09-18T13:05:07.529Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:05:58 honeypot-fra-1 sshd[28212]: Disconnected from authenticating user root 143.244.158.100 port 49356 [preauth]","@timestamp":"2022-09-18T13:05:58.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:07:50 honeypot-fra-1 sshd[28220]: Disconnected from authenticating user root 189.7.129.60 port 52423 [preauth]","@timestamp":"2022-09-18T13:07:50.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:09:25 honeypot-fra-1 sshd[28226]: Disconnected from authenticating user root 143.244.158.100 port 43066 [preauth]","@timestamp":"2022-09-18T13:09:25.638Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:11:08 honeypot-fra-1 sshd[28232]: Disconnected from authenticating user root 143.244.158.100 port 38874 [preauth]","@timestamp":"2022-09-18T13:11:08.680Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:12:17 honeypot-ams-1 sshd[5866]: Connection closed by invalid user mysql 193.106.191.157 port 48770 [preauth]","@timestamp":"2022-09-18T13:12:17.923Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:14:01 honeypot-fra-1 sshd[28237]: Disconnected from invalid user admin 68.183.212.10 port 38790 [preauth]","@timestamp":"2022-09-18T13:14:01.768Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T13:16:53.031Z","@version":"1","message":"Sep 18 13:16:52 honeypot-sgp-1 kernel: [84383115.170950] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.90 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5149 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:17:01 honeypot-fra-1 CRON[28243]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T13:17:01.840Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:21:40 honeypot-ams-1 sshd[5872]: Disconnected from authenticating user root 103.105.130.83 port 37368 [preauth]","@timestamp":"2022-09-18T13:21:41.173Z"}
{"@timestamp":"2022-09-18T13:29:17.327Z","@version":"1","message":"Sep 18 13:29:17 honeypot-sgp-1 sshd[30848]: Invalid user edv from 178.128.123.42 port 39114","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:29:58.346Z","@version":"1","message":"Sep 18 13:29:58 honeypot-sgp-1 sshd[30852]: Disconnected from authenticating user root 109.234.36.47 port 56538 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:35:01 honeypot-ams-1 sshd[5881]: Disconnected from authenticating user root 134.17.16.72 port 19089 [preauth]","@timestamp":"2022-09-18T13:35:02.526Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:35:02 honeypot-fra-1 sshd[28250]: Invalid user mysql from 193.106.191.157 port 34778","@timestamp":"2022-09-18T13:35:03.250Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:35:57 honeypot-ams-1 sshd[5886]: Disconnected from authenticating user root 42.117.5.13 port 51150 [preauth]","@timestamp":"2022-09-18T13:35:58.553Z"}
{"@timestamp":"2022-09-18T13:38:19.551Z","@version":"1","message":"Sep 18 13:38:19 honeypot-sgp-1 sshd[30855]: Disconnected from invalid user temp 190.138.132.235 port 38510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:44:24 honeypot-fra-1 kernel: [84383071.963860] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.227.76.114 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=59009 DF PROTO=TCP SPT=48484 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:44:25.462Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:48:05 honeypot-ams-1 sshd[5892]: Disconnected from invalid user guest 146.185.137.240 port 43328 [preauth]","@timestamp":"2022-09-18T13:48:05.878Z"}
{"@timestamp":"2022-09-18T13:48:12.790Z","@version":"1","message":"Sep 18 13:48:12 honeypot-sgp-1 sshd[30864]: Connection closed by invalid user  43.153.10.221 port 32696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:31.799Z","@version":"1","message":"Sep 18 13:48:31 honeypot-sgp-1 sshd[30868]: Disconnected from invalid user user 45.61.186.249 port 48952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:52.809Z","@version":"1","message":"Sep 18 13:48:52 honeypot-sgp-1 sshd[30872]: Disconnected from invalid user user 45.61.186.249 port 44110 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:11.819Z","@version":"1","message":"Sep 18 13:49:10 honeypot-sgp-1 sshd[30876]: Disconnected from invalid user user 45.61.186.249 port 39272 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:28.827Z","@version":"1","message":"Sep 18 13:49:28 honeypot-sgp-1 sshd[30880]: Disconnected from invalid user user 45.61.186.249 port 34430 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:15.877Z","@version":"1","message":"Sep 18 13:51:15 honeypot-sgp-1 sshd[30883]: Disconnected from invalid user user 45.61.186.249 port 46722 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:33.886Z","@version":"1","message":"Sep 18 13:51:33 honeypot-sgp-1 sshd[30887]: Disconnected from invalid user user 45.61.186.249 port 41368 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:51:50 honeypot-ams-1 kernel: [84385690.099845] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.99.137.144 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=24249 DF PROTO=TCP SPT=2112 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:51:50.981Z"}
{"@timestamp":"2022-09-18T13:51:51.895Z","@version":"1","message":"Sep 18 13:51:51 honeypot-sgp-1 sshd[30892]: Disconnected from invalid user user 45.61.186.249 port 36018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:52:08.904Z","@version":"1","message":"Sep 18 13:52:08 honeypot-sgp-1 sshd[30896]: Received disconnect from 45.61.186.249 port 58886:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:53:59 honeypot-ams-1 sshd[5900]: Received disconnect from 178.176.224.148 port 49668:11: Bye Bye [preauth]","@timestamp":"2022-09-18T13:54:00.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:57:10 honeypot-ams-1 sshd[5904]: Disconnected from authenticating user root 217.178.32.251 port 48272 [preauth]","@timestamp":"2022-09-18T13:57:11.130Z"}
{"@timestamp":"2022-09-18T13:59:38.084Z","@version":"1","message":"Sep 18 13:59:37 honeypot-sgp-1 kernel: [84385680.707674] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=96.126.112.220 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=38 ID=41142 PROTO=TCP SPT=37855 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:04:13 honeypot-fra-1 sshd[28259]: Connection closed by 220.111.163.229 port 51828 [preauth]","@timestamp":"2022-09-18T14:04:14.909Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:04:47.213Z","@version":"1","message":"Sep 18 14:04:46 honeypot-sgp-1 sshd[30907]: Invalid user cameras from 31.184.198.71 port 18451","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:19.230Z","@version":"1","message":"Sep 18 14:05:18 honeypot-sgp-1 sshd[30913]: Invalid user  from 31.184.198.71 port 54417","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:40.241Z","@version":"1","message":"Sep 18 14:05:40 honeypot-sgp-1 sshd[30919]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 31.184.198.71 port 47294","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:16.260Z","@version":"1","message":"Sep 18 14:06:15 honeypot-sgp-1 sshd[30924]: Disconnecting invalid user private 31.184.198.71 port 10277: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:46.275Z","@version":"1","message":"Sep 18 14:06:45 honeypot-sgp-1 sshd[30932]: Invalid user araknis from 31.184.198.71 port 33914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:15.291Z","@version":"1","message":"Sep 18 14:07:14 honeypot-sgp-1 sshd[30938]: Disconnecting authenticating user root 31.184.198.71 port 41192: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:07:36 honeypot-ams-1 sshd[5910]: Invalid user xq from 137.116.144.39 port 56016","@timestamp":"2022-09-18T14:07:37.405Z"}
{"@timestamp":"2022-09-18T14:07:40.304Z","@version":"1","message":"Sep 18 14:07:40 honeypot-sgp-1 sshd[30944]: Disconnecting invalid user admin 31.184.198.71 port 59013: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:09.319Z","@version":"1","message":"Sep 18 14:08:09 honeypot-sgp-1 sshd[30950]: Disconnecting authenticating user root 31.184.198.71 port 62789: Change of username or service not allowed: (root,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:36.334Z","@version":"1","message":"Sep 18 14:08:35 honeypot-sgp-1 sshd[30956]: Disconnecting invalid user cisco 31.184.198.71 port 47831: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:15.353Z","@version":"1","message":"Sep 18 14:09:14 honeypot-sgp-1 sshd[30964]: Invalid user Administrator from 31.184.198.71 port 3020","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:41.367Z","@version":"1","message":"Sep 18 14:09:40 honeypot-sgp-1 sshd[30971]: Invalid user sti.admin5 from 31.184.198.71 port 52956","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:06.380Z","@version":"1","message":"Sep 18 14:10:05 honeypot-sgp-1 sshd[30977]: Invalid user zhone from 31.184.198.71 port 50803","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:24.390Z","@version":"1","message":"Sep 18 14:10:24 honeypot-sgp-1 sshd[30981]: Disconnected from invalid user admin 92.255.85.69 port 53470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:49.404Z","@version":"1","message":"Sep 18 14:10:49 honeypot-sgp-1 sshd[30989]: Invalid user c1@r0 from 31.184.198.71 port 41533","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:11.415Z","@version":"1","message":"Sep 18 14:11:11 honeypot-sgp-1 sshd[30995]: Invalid user superonline from 31.184.198.71 port 45798","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:53.437Z","@version":"1","message":"Sep 18 14:11:52 honeypot-sgp-1 sshd[31001]: Invalid user Admin from 31.184.198.71 port 1742","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:24.453Z","@version":"1","message":"Sep 18 14:12:23 honeypot-sgp-1 sshd[31007]: Invalid user  from 31.184.198.71 port 13914","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:48.466Z","@version":"1","message":"Sep 18 14:12:47 honeypot-sgp-1 sshd[31013]: Invalid user  from 31.184.198.71 port 35550","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:17.481Z","@version":"1","message":"Sep 18 14:13:17 honeypot-sgp-1 sshd[31019]: Invalid user admin from 31.184.198.71 port 2777","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:44.495Z","@version":"1","message":"Sep 18 14:13:44 honeypot-sgp-1 sshd[31025]: Disconnecting invalid user admin 31.184.198.71 port 14712: Change of username or service not allowed: (admin,ssh-connection) -> (airlive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:19.513Z","@version":"1","message":"Sep 18 14:14:18 honeypot-sgp-1 sshd[31032]: Invalid user admin from 31.184.198.71 port 18633","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:39.524Z","@version":"1","message":"Sep 18 14:14:39 honeypot-sgp-1 sshd[31038]: Disconnecting invalid user admin 31.184.198.71 port 61545: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:10.540Z","@version":"1","message":"Sep 18 14:15:09 honeypot-sgp-1 sshd[31044]: Disconnecting invalid user Broadcom 31.184.198.71 port 24498: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:38.554Z","@version":"1","message":"Sep 18 14:15:38 honeypot-sgp-1 sshd[31050]: Disconnecting invalid user cusadmin 31.184.198.71 port 19837: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:57.564Z","@version":"1","message":"Sep 18 14:15:57 honeypot-sgp-1 sshd[31057]: Invalid user sweex from 31.184.198.71 port 55441","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:20.577Z","@version":"1","message":"Sep 18 14:16:20 honeypot-sgp-1 sshd[31063]: Invalid user  from 31.184.198.71 port 28438","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:49.616Z","@version":"1","message":"Sep 18 14:16:49 honeypot-sgp-1 sshd[31069]: Invalid user ubnt from 31.184.198.71 port 45688","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:17:01 honeypot-fra-1 CRON[28266]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T14:17:02.196Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:17:01 honeypot-ams-1 CRON[5915]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T14:17:02.665Z"}
{"@timestamp":"2022-09-18T14:17:11.627Z","@version":"1","message":"Sep 18 14:17:11 honeypot-sgp-1 sshd[31076]: Disconnecting invalid user 123456 31.184.198.71 port 49883: Change of username or service not allowed: (123456,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:41.642Z","@version":"1","message":"Sep 18 14:17:41 honeypot-sgp-1 sshd[31082]: Disconnecting invalid user readwrite 31.184.198.71 port 30153: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:09.658Z","@version":"1","message":"Sep 18 14:18:08 honeypot-sgp-1 sshd[31089]: Disconnecting invalid user DZY-W2914NSV2 31.184.198.71 port 43174: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:40.673Z","@version":"1","message":"Sep 18 14:18:39 honeypot-sgp-1 sshd[31095]: Disconnecting invalid user zoomadsl 31.184.198.71 port 38260: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:19:14.690Z","@version":"1","message":"Sep 18 14:19:14 honeypot-sgp-1 sshd[31101]: Connection closed by invalid user ltecl4r0 31.184.198.71 port 19277 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:19:46 honeypot-fra-1 sshd[28270]: Connection closed by authenticating user root 103.188.176.251 port 38300 [preauth]","@timestamp":"2022-09-18T14:19:47.261Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:22:23 honeypot-fra-1 sshd[28278]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:22:24.324Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:26:09 honeypot-fra-1 kernel: [84385576.634477] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:26:10.413Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:30:33 honeypot-fra-1 kernel: [84385840.038921] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=23164 PROTO=TCP SPT=51404 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:30:33.517Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:30:42 honeypot-ams-1 kernel: [84388022.600671] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=16431 PROTO=TCP SPT=51404 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:30:43.025Z"}
{"@timestamp":"2022-09-18T14:30:52.974Z","@version":"1","message":"Sep 18 14:30:52 honeypot-sgp-1 kernel: [84387555.701203] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=21568 PROTO=TCP SPT=51404 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:31:36 honeypot-fra-1 sshd[28287]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:31:36.543Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:33:17 honeypot-fra-1 kernel: [84386004.169376] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:17.586Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:36:05 honeypot-fra-1 kernel: [84386172.340114] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:36:05.653Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:40:53 honeypot-fra-1 sshd[28294]: Received disconnect from 167.99.241.178 port 58466:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:40:53.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:41:26 honeypot-fra-1 sshd[28300]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:41:27.782Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:41:53 honeypot-ams-1 sshd[5924]: Invalid user ubnt from 128.199.105.99 port 57786","@timestamp":"2022-09-18T14:41:54.321Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:42:44 honeypot-fra-1 kernel: [84386571.790537] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:42:44.814Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:43:40 honeypot-fra-1 sshd[28305]: Disconnected from authenticating user root 18.216.21.202 port 63413 [preauth]","@timestamp":"2022-09-18T14:43:40.839Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:45:02 honeypot-ams-1 sshd[5929]: Received disconnect from 54.65.189.147 port 57886:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:45:03.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:45:36 honeypot-fra-1 kernel: [84386743.134624] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:45:36.884Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:46:19 honeypot-ams-1 kernel: [84388959.539241] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.200.25.61 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=33414 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:46:20.445Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:46:59 honeypot-ams-1 sshd[5938]: Invalid user testserver from 43.154.7.110 port 42572","@timestamp":"2022-09-18T14:47:00.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:06 honeypot-fra-1 sshd[28311]: Invalid user emiliojose from 143.198.200.168 port 51892","@timestamp":"2022-09-18T14:48:06.944Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:20 honeypot-fra-1 sshd[28315]: Invalid user user from 45.61.187.160 port 49326","@timestamp":"2022-09-18T14:48:20.951Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:30 honeypot-fra-1 sshd[28317]: Disconnected from invalid user user 45.61.187.160 port 60784 [preauth]","@timestamp":"2022-09-18T14:48:30.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:49 honeypot-fra-1 sshd[28321]: Disconnected from invalid user user 45.61.187.160 port 55472 [preauth]","@timestamp":"2022-09-18T14:48:49.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:49:07 honeypot-fra-1 sshd[28325]: Disconnected from invalid user user 45.61.187.160 port 50162 [preauth]","@timestamp":"2022-09-18T14:49:07.993Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:50:52 honeypot-fra-1 sshd[28331]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:50:53.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:51:24 honeypot-ams-1 sshd[5943]: Invalid user mmmm from 89.22.180.184 port 18051","@timestamp":"2022-09-18T14:51:24.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:52:34 honeypot-fra-1 kernel: [84387161.979059] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:52:35.079Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:54:33 honeypot-ams-1 kernel: [84389452.945159] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=177.223.16.61 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=36480 DF PROTO=TCP SPT=15848 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:54:33.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:55:22 honeypot-fra-1 kernel: [84387329.025551] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:55:22.147Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:55:38.578Z","@version":"1","message":"Sep 18 14:55:37 honeypot-sgp-1 sshd[31116]: Invalid user admin from 60.10.160.77 port 40902","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:56:44.608Z","@version":"1","message":"Sep 18 14:56:44 honeypot-sgp-1 sshd[31120]: Disconnected from authenticating user root 114.204.218.154 port 42442 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:57:00 honeypot-ams-1 sshd[5950]: Invalid user admin from 200.195.162.66 port 56736","@timestamp":"2022-09-18T14:57:00.737Z"}
{"@timestamp":"2022-09-18T14:59:12.668Z","@version":"1","message":"Sep 18 14:59:12 honeypot-sgp-1 sshd[31124]: Disconnected from invalid user yugi 180.130.116.155 port 34492 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:00:15 honeypot-fra-1 sshd[28339]: Invalid user ubnt from 92.255.85.70 port 44610","@timestamp":"2022-09-18T15:00:16.281Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:00:34 honeypot-fra-1 sshd[28344]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T15:00:35.291Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:02:09 honeypot-fra-1 kernel: [84387736.906048] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:02:10.331Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T15:03:33.774Z","@version":"1","message":"Sep 18 15:03:33 honeypot-sgp-1 sshd[31129]: Disconnected from invalid user ubnt 92.255.85.69 port 58192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:04:40 honeypot-fra-1 kernel: [84387887.285460] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:04:40.392Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:07:04 honeypot-ams-1 sshd[5955]: Invalid user admin from 75.72.187.36 port 59313","@timestamp":"2022-09-18T15:07:05.011Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:38 honeypot-fra-1 sshd[28350]: Received disconnect from 45.61.186.169 port 51334:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:09:39.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:57 honeypot-fra-1 sshd[28355]: Received disconnect from 45.61.186.169 port 46188:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:09:58.517Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:10:00.932Z","@version":"1","message":"Sep 18 15:10:00 honeypot-sgp-1 kernel: [84389902.967533] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.21 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=35923 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:15 honeypot-fra-1 sshd[28359]: Received disconnect from 45.61.186.169 port 41040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:10:16.527Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:31 honeypot-fra-1 sshd[28363]: Received disconnect from 45.61.186.169 port 35882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:10:32.534Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:11:11 honeypot-ams-1 sshd[5960]: Invalid user mysql from 193.106.191.157 port 41568","@timestamp":"2022-09-18T15:11:12.123Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:15:25 honeypot-ams-1 kernel: [84390705.153787] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=47696 PROTO=TCP SPT=53203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:15:26.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28372]: Invalid user ubuntu from 103.90.177.102 port 40976","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28382]: Invalid user user from 103.90.177.102 port 40982","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28378]: Connection closed by invalid user mc 103.90.177.102 port 40966 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28383]: Connection closed by authenticating user root 103.90.177.102 port 40984 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:20:46 honeypot-ams-1 sshd[5972]: Received disconnect from 73.203.127.7 port 42332:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:20:47.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:21:16 honeypot-ams-1 sshd[5976]: Disconnected from invalid user no1 100.1.167.124 port 33004 [preauth]","@timestamp":"2022-09-18T15:21:16.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:26 honeypot-ams-1 sshd[5981]: Invalid user user from 45.61.186.49 port 47162","@timestamp":"2022-09-18T15:24:26.481Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:39 honeypot-ams-1 sshd[5985]: Invalid user user from 45.61.186.49 port 59370","@timestamp":"2022-09-18T15:24:39.488Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:25:13 honeypot-fra-1 sshd[28398]: Invalid user admin from 145.239.90.216 port 49608","@timestamp":"2022-09-18T15:25:13.865Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:26:14 honeypot-ams-1 sshd[5990]: Invalid user web from 79.188.52.121 port 53730","@timestamp":"2022-09-18T15:26:15.529Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:26:59 honeypot-ams-1 sshd[5994]: Received disconnect from 213.215.140.6 port 60506:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:26:59.550Z"}
{"@timestamp":"2022-09-18T15:27:01.340Z","@version":"1","message":"Sep 18 15:27:01 honeypot-sgp-1 sshd[31137]: Received disconnect from 110.141.212.12 port 46928:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:27:46.361Z","@version":"1","message":"Sep 18 15:27:46 honeypot-sgp-1 sshd[31141]: Invalid user nac from 41.72.219.102 port 56154","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:27:54 honeypot-fra-1 sshd[28403]: Received disconnect from 51.142.141.199 port 55554:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:27:54.927Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:29:32.407Z","@version":"1","message":"Sep 18 15:29:32 honeypot-sgp-1 sshd[31147]: Received disconnect from 104.248.153.95 port 52754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:31:17 honeypot-fra-1 sshd[28407]: Disconnected from invalid user admin 92.255.85.70 port 63368 [preauth]","@timestamp":"2022-09-18T15:31:18.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:35:10 honeypot-fra-1 sshd[28414]: Invalid user admin from 200.29.109.224 port 51724","@timestamp":"2022-09-18T15:35:11.093Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:38:39 honeypot-fra-1 sshd[28416]: Received disconnect from 187.190.40.6 port 53829:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:38:40.187Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:39:40 honeypot-ams-1 sshd[5999]: Invalid user user from 45.61.187.160 port 39486","@timestamp":"2022-09-18T15:39:40.885Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:39:57 honeypot-ams-1 kernel: [84392177.252945] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.180.149.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=26622 PROTO=TCP SPT=56397 DPT=80 WINDOW=37901 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:39:57.895Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:09 honeypot-ams-1 sshd[6005]: Disconnected from invalid user user 45.61.187.160 port 46310 [preauth]","@timestamp":"2022-09-18T15:40:09.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:26 honeypot-ams-1 sshd[6009]: Disconnected from invalid user user 45.61.187.160 port 41448 [preauth]","@timestamp":"2022-09-18T15:40:27.910Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:44:30 honeypot-fra-1 sshd[28423]: Invalid user test from 103.149.158.241 port 3277","@timestamp":"2022-09-18T15:44:30.319Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:45:16.780Z","@version":"1","message":"Sep 18 15:45:15 honeypot-sgp-1 sshd[31151]: Disconnected from invalid user admin 92.255.85.70 port 48204 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:45:52.797Z","@version":"1","message":"Sep 18 15:45:51 honeypot-sgp-1 sshd[31156]: Received disconnect from 45.61.186.169 port 57960:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:46:08 honeypot-ams-1 sshd[6014]: Received disconnect from 92.255.85.69 port 17320:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:46:09.057Z"}
{"@timestamp":"2022-09-18T15:46:09.805Z","@version":"1","message":"Sep 18 15:46:09 honeypot-sgp-1 sshd[31160]: Received disconnect from 45.61.186.169 port 52966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:25.813Z","@version":"1","message":"Sep 18 15:46:25 honeypot-sgp-1 sshd[31164]: Received disconnect from 45.61.186.169 port 47966:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:50:29.911Z","@version":"1","message":"Sep 18 15:50:29 honeypot-sgp-1 sshd[31169]: Received disconnect from 212.29.234.241 port 37514:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:55:26 honeypot-ams-1 sshd[6017]: Disconnected from invalid user webmaster 197.155.234.157 port 47954 [preauth]","@timestamp":"2022-09-18T15:55:26.302Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:13 honeypot-fra-1 sshd[28427]: Did not receive identification string from 45.127.108.132 port 50704","@timestamp":"2022-09-18T15:56:13.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28433]: Invalid user testuser from 45.127.108.132 port 4524","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28454]: Invalid user hadoop from 45.127.108.132 port 62827","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28459]: Invalid user lighthouse from 45.127.108.132 port 37262","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28438]: Connection closed by invalid user devops 45.127.108.132 port 45326 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28433]: Connection closed by invalid user testuser 45.127.108.132 port 4524 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28445]: Connection closed by invalid user steam 45.127.108.132 port 3555 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28443]: Connection closed by invalid user vnc 45.127.108.132 port 49110 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28441]: Connection closed by invalid user mysql 45.127.108.132 port 23512 [preauth]","@timestamp":"2022-09-18T15:56:15.581Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:01:47 honeypot-ams-1 kernel: [84393486.821265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=2.226.225.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=27289 PROTO=TCP SPT=1952 DPT=80 WINDOW=65377 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:01:47.472Z"}
{"@timestamp":"2022-09-18T16:02:53.201Z","@version":"1","message":"Sep 18 16:02:52 honeypot-sgp-1 sshd[31175]: Did not receive identification string from 194.163.169.7 port 31292","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:15.355Z","@version":"1","message":"Sep 18 16:09:14 honeypot-sgp-1 sshd[31180]: Disconnected from invalid user user 45.61.187.160 port 33126 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:35.366Z","@version":"1","message":"Sep 18 16:09:35 honeypot-sgp-1 sshd[31185]: Disconnected from invalid user user 45.61.187.160 port 56812 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:55.375Z","@version":"1","message":"Sep 18 16:09:54 honeypot-sgp-1 sshd[31189]: Disconnected from invalid user user 45.61.187.160 port 52272 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:10 honeypot-ams-1 sshd[6030]: Received disconnect from 182.117.131.146 port 33324:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:10.692Z"}
{"@timestamp":"2022-09-18T16:10:14.384Z","@version":"1","message":"Sep 18 16:10:14 honeypot-sgp-1 sshd[31193]: Disconnected from invalid user user 45.61.187.160 port 47724 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:15 honeypot-ams-1 sshd[6034]: Disconnected from invalid user ubnt 182.117.131.146 port 33688 [preauth]","@timestamp":"2022-09-18T16:10:15.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:22 honeypot-ams-1 sshd[6040]: Received disconnect from 104.248.155.136 port 52332:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:22.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:29 honeypot-ams-1 sshd[6046]: Received disconnect from 182.117.131.146 port 34444:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:30.704Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:37 honeypot-ams-1 sshd[6052]: Received disconnect from 182.117.131.146 port 34958:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:37.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:46 honeypot-ams-1 sshd[6058]: Received disconnect from 182.117.131.146 port 35496:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:46.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:54 honeypot-ams-1 sshd[6064]: Received disconnect from 182.117.131.146 port 35866:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:54.716Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:03 honeypot-ams-1 sshd[6070]: Received disconnect from 182.117.131.146 port 36344:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:03.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:11 honeypot-ams-1 sshd[6076]: Received disconnect from 182.117.131.146 port 36906:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:11.727Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:21 honeypot-ams-1 sshd[6082]: Received disconnect from 182.117.131.146 port 37464:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:21.732Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:29 honeypot-ams-1 sshd[6088]: Received disconnect from 182.117.131.146 port 38006:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:29.737Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:37 honeypot-ams-1 sshd[6094]: Received disconnect from 182.117.131.146 port 38476:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:37.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:46 honeypot-ams-1 sshd[6100]: Received disconnect from 182.117.131.146 port 39024:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:46.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:51 honeypot-ams-1 sshd[6104]: Disconnected from invalid user admin 182.117.131.146 port 39328 [preauth]","@timestamp":"2022-09-18T16:11:52.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:57 honeypot-ams-1 sshd[6108]: Disconnected from invalid user admin 182.117.131.146 port 39696 [preauth]","@timestamp":"2022-09-18T16:11:57.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:03 honeypot-ams-1 sshd[6112]: Disconnected from invalid user admin 182.117.131.146 port 39982 [preauth]","@timestamp":"2022-09-18T16:12:03.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:10 honeypot-ams-1 sshd[6116]: Disconnected from invalid user admin 182.117.131.146 port 40476 [preauth]","@timestamp":"2022-09-18T16:12:10.761Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:17 honeypot-ams-1 sshd[6120]: Disconnected from invalid user admin 182.117.131.146 port 40830 [preauth]","@timestamp":"2022-09-18T16:12:17.765Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:12:21 honeypot-fra-1 sshd[28494]: Received disconnect from 61.177.173.36 port 33181:11:  [preauth]","@timestamp":"2022-09-18T16:12:21.970Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:22 honeypot-ams-1 sshd[6124]: Disconnected from invalid user user 182.117.131.146 port 41184 [preauth]","@timestamp":"2022-09-18T16:12:22.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:34 honeypot-ams-1 sshd[6130]: Received disconnect from 182.117.131.146 port 41928:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:34.776Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:40 honeypot-ams-1 sshd[6134]: Received disconnect from 182.117.131.146 port 42274:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:40.778Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:46 honeypot-ams-1 sshd[6138]: Received disconnect from 182.117.131.146 port 42628:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:46.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:52 honeypot-ams-1 sshd[6142]: Received disconnect from 182.117.131.146 port 42992:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:12:52.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:59 honeypot-ams-1 sshd[6146]: Received disconnect from 182.117.131.146 port 43446:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:00.791Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:05 honeypot-ams-1 sshd[6150]: Received disconnect from 182.117.131.146 port 43774:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:05.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:10 honeypot-ams-1 sshd[6154]: Received disconnect from 182.117.131.146 port 44088:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:10.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:16 honeypot-ams-1 sshd[6158]: Received disconnect from 182.117.131.146 port 44404:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:17.801Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:22 honeypot-ams-1 sshd[6162]: Received disconnect from 182.117.131.146 port 44754:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:22.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:30 honeypot-ams-1 sshd[6166]: Received disconnect from 182.117.131.146 port 45190:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:30.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:35 honeypot-ams-1 sshd[6170]: Received disconnect from 182.117.131.146 port 45504:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:13:35.812Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:14:41 honeypot-ams-1 sshd[6174]: Connection closed by invalid user pi 76.28.20.79 port 50134 [preauth]","@timestamp":"2022-09-18T16:14:41.843Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:16:13 honeypot-ams-1 kernel: [84394353.454004] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.122.108.112 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=25903 PROTO=TCP SPT=27841 DPT=80 WINDOW=61009 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:16:13.885Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:17:01 honeypot-fra-1 CRON[28501]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T16:17:02.076Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T16:20:26.634Z","@version":"1","message":"Sep 18 16:20:25 honeypot-sgp-1 sshd[31204]: Did not receive identification string from 117.173.165.22 port 62544","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 16:22:41 honeypot-ams-1 kernel: [84394741.180402] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=48502 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:22:42.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:24:47 honeypot-fra-1 sshd[28509]: Invalid user admin from 92.255.85.70 port 58960","@timestamp":"2022-09-18T16:24:47.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:25:08 honeypot-fra-1 sshd[28515]: Connection closed by 58.182.93.100 port 35615 [preauth]","@timestamp":"2022-09-18T16:25:09.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:27:50 honeypot-fra-1 sshd[28523]: Received disconnect from 165.22.45.108 port 36506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:27:51.320Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T16:28:51.839Z","@version":"1","message":"Sep 18 16:28:51 honeypot-sgp-1 kernel: [84394634.310249] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38187 PROTO=TCP SPT=52051 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:28:57 honeypot-ams-1 sshd[6192]: Disconnected from authenticating user root 143.244.158.100 port 49850 [preauth]","@timestamp":"2022-09-18T16:28:58.236Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:31:35 honeypot-ams-1 sshd[6198]: Received disconnect from 143.244.158.100 port 43410:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:31:36.309Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:33:42 honeypot-fra-1 kernel: [84393229.651859] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.82.77.33 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=123 ID=61759 PROTO=TCP SPT=7349 DPT=636 WINDOW=21240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:33:43.452Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:34:11 honeypot-ams-1 sshd[6206]: Received disconnect from 143.244.158.100 port 57858:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:34:12.378Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:35:54 honeypot-ams-1 sshd[6211]: Disconnected from authenticating user root 143.244.158.100 port 40164 [preauth]","@timestamp":"2022-09-18T16:35:54.423Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:38:24 honeypot-ams-1 sshd[6218]: Received disconnect from 143.244.158.100 port 34326:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:38:25.489Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:40:15 honeypot-ams-1 sshd[6224]: Invalid user test from 103.188.176.251 port 37266","@timestamp":"2022-09-18T16:40:15.537Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:40:58 honeypot-fra-1 sshd[28533]: Invalid user administrator from 147.182.169.107 port 34514","@timestamp":"2022-09-18T16:40:58.618Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:41:03 honeypot-ams-1 sshd[6228]: Disconnected from authenticating user root 143.244.158.100 port 50716 [preauth]","@timestamp":"2022-09-18T16:41:03.561Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:41:54 honeypot-fra-1 kernel: [84393721.533229] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=25394 PROTO=TCP SPT=57265 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:41:55.644Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T16:42:34.168Z","@version":"1","message":"Sep 18 16:42:34 honeypot-sgp-1 sshd[31217]: Disconnected from authenticating user root 61.177.173.36 port 62786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:42:47 honeypot-ams-1 sshd[6234]: Received disconnect from 143.244.158.100 port 50660:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:42:48.608Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:45:24 honeypot-ams-1 sshd[6241]: Received disconnect from 143.244.158.100 port 59424:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:45:24.674Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:29 honeypot-ams-1 sshd[6246]: Received disconnect from 45.61.184.204 port 55760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:46:29.703Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:49 honeypot-ams-1 sshd[6250]: Received disconnect from 45.61.184.204 port 51018:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:46:49.712Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:07 honeypot-ams-1 sshd[6254]: Received disconnect from 45.61.184.204 port 46156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:47:07.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:24 honeypot-ams-1 sshd[6258]: Received disconnect from 45.61.184.204 port 41370:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:47:24.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:49:11 honeypot-ams-1 sshd[6265]: Received disconnect from 143.244.158.100 port 57872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:49:11.774Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28556]: Connection closed by authenticating user root 139.59.152.202 port 43992 [preauth]","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28553]: Invalid user mysql from 139.59.152.202 port 44002","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28562]: Invalid user admin from 139.59.152.202 port 44024","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28559]: Connection closed by invalid user pi 139.59.152.202 port 44016 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28549]: Connection closed by invalid user oracle 139.59.152.202 port 43990 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28550]: Connection closed by invalid user user 139.59.152.202 port 43998 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28568]: Connection closed by invalid user oracle 139.59.152.202 port 44058 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:08 honeypot-ams-1 sshd[6271]: Did not receive identification string from 45.61.186.249 port 49246","@timestamp":"2022-09-18T16:51:09.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:59 honeypot-ams-1 sshd[6276]: Invalid user user from 45.61.186.249 port 54786","@timestamp":"2022-09-18T16:51:59.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:17 honeypot-ams-1 sshd[6280]: Invalid user user from 45.61.186.249 port 49990","@timestamp":"2022-09-18T16:52:17.865Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:35 honeypot-ams-1 sshd[6284]: Invalid user user from 45.61.186.249 port 45190","@timestamp":"2022-09-18T16:52:35.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:48 honeypot-ams-1 sshd[6288]: Received disconnect from 143.244.158.100 port 37886:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:52:48.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:54:45 honeypot-ams-1 sshd[6295]: Invalid user wt from 200.166.96.4 port 41496","@timestamp":"2022-09-18T16:54:45.938Z"}
{"@timestamp":"2022-09-18T16:56:07.495Z","@version":"1","message":"Sep 18 16:56:06 honeypot-sgp-1 sshd[31229]: Invalid user my from 202.58.205.75 port 47408","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:56:29 honeypot-ams-1 sshd[6299]: Disconnected from authenticating user root 143.244.158.100 port 33068 [preauth]","@timestamp":"2022-09-18T16:56:29.985Z"}
{"@timestamp":"2022-09-18T16:56:54.516Z","@version":"1","message":"Sep 18 16:56:54 honeypot-sgp-1 sshd[31236]: Received disconnect from 91.240.118.222 port 32317:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:58:37 honeypot-fra-1 kernel: [84394724.031420] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=47309 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:58:38.037Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:59:20 honeypot-ams-1 sshd[6305]: Received disconnect from 143.244.158.100 port 46622:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:59:21.065Z"}
{"@timestamp":"2022-09-18T17:01:56.641Z","@version":"1","message":"Sep 18 17:01:56 honeypot-sgp-1 sshd[31241]: Invalid user admin from 146.190.31.94 port 34406","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:02:06 honeypot-ams-1 sshd[6312]: Received disconnect from 143.244.158.100 port 47244:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:02:07.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:03:52 honeypot-ams-1 sshd[6316]: Disconnected from authenticating user root 143.244.158.100 port 47742 [preauth]","@timestamp":"2022-09-18T17:03:53.192Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:04:12 honeypot-fra-1 sshd[28603]: Received disconnect from 164.90.203.79 port 55456:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:04:13.163Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:05:42.731Z","@version":"1","message":"Sep 18 17:05:42 honeypot-sgp-1 sshd[31248]: Received disconnect from 62.204.41.222 port 8951:11: Client disconnecting normally [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:06:41 honeypot-ams-1 sshd[6323]: Disconnected from authenticating user root 143.244.158.100 port 49688 [preauth]","@timestamp":"2022-09-18T17:06:42.271Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:06:54 honeypot-fra-1 sshd[28609]: Disconnected from authenticating user root 143.198.39.132 port 51252 [preauth]","@timestamp":"2022-09-18T17:06:55.225Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:09:01.811Z","@version":"1","message":"Sep 18 17:09:01 honeypot-sgp-1 CRON[31253]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:09:01 honeypot-fra-1 CRON[28618]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T17:09:02.274Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:09:01 honeypot-ams-1 CRON[6329]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T17:09:02.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:11:03 honeypot-ams-1 sshd[6337]: Disconnected from authenticating user root 143.244.158.100 port 56776 [preauth]","@timestamp":"2022-09-18T17:11:04.392Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:11:55 honeypot-ams-1 sshd[6343]: Disconnected from authenticating user root 143.244.158.100 port 36508 [preauth]","@timestamp":"2022-09-18T17:11:56.419Z"}
{"@timestamp":"2022-09-18T17:14:27.942Z","@version":"1","message":"Sep 18 17:14:26 honeypot-sgp-1 kernel: [84397369.676609] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.20 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=49963 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:14:32 honeypot-ams-1 sshd[6349]: Disconnected from authenticating user root 143.244.158.100 port 58146 [preauth]","@timestamp":"2022-09-18T17:14:33.492Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28642]: Invalid user ansible from 24.213.148.68 port 38032","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28633]: Invalid user a from 24.213.148.68 port 37994","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28632]: Invalid user ansible from 24.213.148.68 port 37980","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28658]: Invalid user admin from 24.213.148.68 port 38006","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28633]: Connection closed by invalid user a 24.213.148.68 port 37994 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28631]: Connection closed by invalid user postgres 24.213.148.68 port 37996 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28646]: Connection closed by invalid user oracle 24.213.148.68 port 38034 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28658]: Connection closed by invalid user admin 24.213.148.68 port 38006 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28656]: Connection closed by invalid user testuser 24.213.148.68 port 38024 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28655]: Connection closed by invalid user elasticsearch 24.213.148.68 port 38016 [preauth]","@timestamp":"2022-09-18T17:16:14.440Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:17:01 honeypot-fra-1 CRON[28689]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T17:17:02.460Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:17:59.029Z","@version":"1","message":"Sep 18 17:17:58 honeypot-sgp-1 sshd[31265]: Disconnected from authenticating user root 61.177.172.124 port 53203 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:18:18 honeypot-ams-1 sshd[6357]: Received disconnect from 61.2.243.254 port 45912:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:18:18.589Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:21:20 honeypot-fra-1 sshd[28697]: Received disconnect from 61.177.173.39 port 64252:11:  [preauth]","@timestamp":"2022-09-18T17:21:20.559Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:21:55 honeypot-ams-1 kernel: [84398295.280851] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.78.236 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=4186 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:21:55.685Z"}
{"@timestamp":"2022-09-18T17:27:27.256Z","@version":"1","message":"Sep 18 17:27:26 honeypot-sgp-1 sshd[31268]: Connection reset by 61.177.173.35 port 51661 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:30:44 honeypot-fra-1 kernel: [84396651.008828] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=41445 PROTO=TCP SPT=42206 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:30:44.769Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:32:01 honeypot-ams-1 kernel: [84398900.667576] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.50.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=55379 PROTO=TCP SPT=42317 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:32:01.951Z"}
{"@timestamp":"2022-09-18T17:32:13.374Z","@version":"1","message":"Sep 18 17:32:13 honeypot-sgp-1 sshd[31279]: Disconnected from authenticating user root 61.177.173.52 port 28865 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:45:53 honeypot-fra-1 sshd[28717]: Connection reset by 61.177.173.50 port 24150 [preauth]","@timestamp":"2022-09-18T17:45:54.107Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:48:57.799Z","@version":"1","message":"Sep 18 17:48:57 honeypot-sgp-1 sshd[31290]: Invalid user admin from 179.43.145.98 port 54558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:48:57.799Z","@version":"1","message":"Sep 18 17:48:57 honeypot-sgp-1 sshd[31295]: Connection closed by authenticating user root 179.43.145.98 port 54556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:51:56 honeypot-fra-1 sshd[28722]: Disconnected from authenticating user root 61.177.172.98 port 51073 [preauth]","@timestamp":"2022-09-18T17:51:57.241Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:53:53 honeypot-ams-1 kernel: [84400212.988814] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.112.169.248 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=18718 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:53:53.511Z"}
{"@timestamp":"2022-09-18T17:54:00.923Z","@version":"1","message":"Sep 18 17:54:00 honeypot-sgp-1 kernel: [84399742.723966] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=1366 PROTO=TCP SPT=47370 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:03:47.157Z","@version":"1","message":"Sep 18 18:03:46 honeypot-sgp-1 kernel: [84400329.459315] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=14787 PROTO=TCP SPT=44004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:04:23 honeypot-ams-1 kernel: [84400842.766091] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=13291 PROTO=TCP SPT=44004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:04:23.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:10:04 honeypot-fra-1 sshd[28734]: Disconnected from invalid user pi 92.255.85.69 port 46070 [preauth]","@timestamp":"2022-09-18T18:10:04.666Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:10:04 honeypot-ams-1 sshd[6376]: Received disconnect from 209.97.146.150 port 36376:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:10:04.937Z"}
{"@timestamp":"2022-09-18T18:14:04.408Z","@version":"1","message":"Sep 18 18:14:03 honeypot-sgp-1 sshd[31315]: Invalid user admin from 165.232.158.22 port 36572","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:14:07.411Z","@version":"1","message":"Sep 18 18:14:06 honeypot-sgp-1 sshd[31321]: Invalid user admin from 165.232.158.22 port 36610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:14:10 honeypot-ams-1 sshd[6381]: Received disconnect from 47.180.212.134 port 54091:11: Bye Bye [preauth]","@timestamp":"2022-09-18T18:14:11.045Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:14:18 honeypot-fra-1 kernel: [84399264.564461] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=31631 PROTO=TCP SPT=44507 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:14:18.765Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:17:02.483Z","@version":"1","message":"Sep 18 18:17:02 honeypot-sgp-1 kernel: [84401124.836573] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=38896 PROTO=TCP SPT=44963 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:17:20 honeypot-fra-1 kernel: [84399446.854457] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=12672 PROTO=TCP SPT=44981 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:17:20.841Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:18:12 honeypot-ams-1 sshd[6386]: Invalid user pi from 92.255.85.69 port 44198","@timestamp":"2022-09-18T18:18:12.154Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:19:31 honeypot-fra-1 sshd[28746]: Disconnected from invalid user oz 96.78.175.36 port 58216 [preauth]","@timestamp":"2022-09-18T18:19:31.894Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:21:12.583Z","@version":"1","message":"Sep 18 18:21:12 honeypot-sgp-1 sshd[31335]: Received disconnect from 67.216.221.59 port 57886:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:21:40 honeypot-fra-1 sshd[28753]: Disconnected from invalid user kt 164.92.151.127 port 33464 [preauth]","@timestamp":"2022-09-18T18:21:40.944Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:34 honeypot-fra-1 sshd[28774]: Connection closed by invalid user esuser 183.146.30.163 port 33504 [preauth]","@timestamp":"2022-09-18T18:24:35.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:34 honeypot-fra-1 sshd[28771]: Invalid user ansible from 183.146.30.163 port 33533","@timestamp":"2022-09-18T18:24:35.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28787]: Connection closed by invalid user user 183.146.30.163 port 33522 [preauth]","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28768]: Connection closed by invalid user demo 183.146.30.163 port 33492 [preauth]","@timestamp":"2022-09-18T18:24:37.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28772]: Connection closed by invalid user mysql 183.146.30.163 port 33505 [preauth]","@timestamp":"2022-09-18T18:24:37.016Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:46 honeypot-fra-1 sshd[28806]: Invalid user appuser from 183.146.30.163 port 33542","@timestamp":"2022-09-18T18:24:47.020Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28809]: Connection closed by authenticating user root 130.193.40.11 port 32948 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28811]: Connection closed by invalid user testuser 130.193.40.11 port 32952 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28824]: Invalid user test from 130.193.40.11 port 32950","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28829]: Connection closed by authenticating user root 130.193.40.11 port 33020 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28827]: Connection closed by invalid user ubuntu 130.193.40.11 port 32960 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28813]: Connection closed by invalid user es 130.193.40.11 port 32944 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:15 honeypot-fra-1 sshd[28832]: Connection closed by invalid user mysql 130.193.40.11 port 33076 [preauth]","@timestamp":"2022-09-18T18:25:16.035Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28863]: Invalid user testuser from 130.193.40.11 port 33084","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:37 honeypot-fra-1 sshd[28867]: Invalid user oracle from 183.146.30.163 port 33530","@timestamp":"2022-09-18T18:25:38.044Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:29:21 honeypot-ams-1 sshd[6390]: Disconnected from authenticating user root 190.144.139.235 port 46808 [preauth]","@timestamp":"2022-09-18T18:29:21.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:32:49 honeypot-fra-1 sshd[28877]: Disconnected from authenticating user root 61.177.173.46 port 40970 [preauth]","@timestamp":"2022-09-18T18:32:49.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:32:53.878Z","@version":"1","message":"Sep 18 18:32:53 honeypot-sgp-1 sshd[31348]: Disconnected from authenticating user root 61.177.173.53 port 53773 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:34:58 honeypot-fra-1 kernel: [84400505.218208] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.106.121.27 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=26059 PROTO=TCP SPT=59195 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:34:59.266Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:44:23 honeypot-ams-1 kernel: [84403243.358119] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45074 PROTO=TCP SPT=52051 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:44:23.866Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:44:44 honeypot-fra-1 kernel: [84401090.559428] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=59226 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:44:44.504Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:46:31.218Z","@version":"1","message":"Sep 18 18:46:30 honeypot-sgp-1 sshd[31362]: Invalid user admin from 160.251.55.50 port 60596","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:47:25.241Z","@version":"1","message":"Sep 18 18:47:24 honeypot-sgp-1 sshd[31366]: Disconnected from authenticating user root 121.65.121.149 port 42881 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:50:24.313Z","@version":"1","message":"Sep 18 18:50:23 honeypot-sgp-1 sshd[31371]: Disconnected from authenticating user root 34.126.71.110 port 56520 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:53:14 honeypot-fra-1 kernel: [84401600.618739] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63675 PROTO=TCP SPT=47122 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:53:14.700Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:53:25.410Z","@version":"1","message":"Sep 18 18:53:25 honeypot-sgp-1 sshd[31376]: Disconnected from authenticating user games 152.32.229.160 port 17238 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:25 honeypot-fra-1 sshd[28894]: Invalid user admin from 92.255.85.69 port 63608","@timestamp":"2022-09-18T18:56:25.776Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:56:33.487Z","@version":"1","message":"Sep 18 18:56:33 honeypot-sgp-1 sshd[31383]: Invalid user liangbin from 59.19.54.171 port 51118","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:41 honeypot-fra-1 sshd[28900]: Invalid user user from 45.61.184.204 port 40770","@timestamp":"2022-09-18T18:56:41.784Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:01 honeypot-fra-1 sshd[28904]: Invalid user user from 45.61.184.204 port 36294","@timestamp":"2022-09-18T18:57:01.794Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:57:20.507Z","@version":"1","message":"Sep 18 18:57:20 honeypot-sgp-1 sshd[31387]: Received disconnect from 92.255.85.70 port 20388:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:20 honeypot-fra-1 sshd[28908]: Invalid user user from 45.61.184.204 port 60056","@timestamp":"2022-09-18T18:57:20.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:58:49 honeypot-ams-1 sshd[6398]: Disconnected from invalid user test2 43.128.104.254 port 51318 [preauth]","@timestamp":"2022-09-18T18:58:50.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:01:03 honeypot-fra-1 sshd[28917]: Invalid user postgres from 193.106.191.157 port 40268","@timestamp":"2022-09-18T19:01:03.887Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:01:30 honeypot-ams-1 sshd[6403]: Received disconnect from 197.159.66.211 port 36642:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:01:31.322Z"}
{"@timestamp":"2022-09-18T19:03:41.658Z","@version":"1","message":"Sep 18 19:03:41 honeypot-sgp-1 sshd[31394]: Invalid user oracle from 118.34.14.126 port 50636","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:05:54 honeypot-ams-1 sshd[6408]: Disconnected from invalid user oikawa 157.245.154.129 port 39836 [preauth]","@timestamp":"2022-09-18T19:05:55.441Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:10:04 honeypot-fra-1 sshd[28923]: Connection closed by invalid user dev 103.188.176.251 port 49000 [preauth]","@timestamp":"2022-09-18T19:10:05.095Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:11:45.844Z","@version":"1","message":"Sep 18 19:11:45 honeypot-sgp-1 kernel: [84404408.250518] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.89 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=52264 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:13:46 honeypot-ams-1 sshd[6413]: Did not receive identification string from 103.6.137.42 port 47402","@timestamp":"2022-09-18T19:13:47.650Z"}
{"@timestamp":"2022-09-18T19:17:01.985Z","@version":"1","message":"Sep 18 19:17:01 honeypot-sgp-1 CRON[31409]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:17:02 honeypot-ams-1 sshd[6419]: Disconnected from authenticating user root 107.170.102.171 port 59666 [preauth]","@timestamp":"2022-09-18T19:17:02.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:18:29 honeypot-ams-1 sshd[6425]: Invalid user loice from 34.64.215.4 port 43162","@timestamp":"2022-09-18T19:18:30.780Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:19:29 honeypot-ams-1 kernel: [84405349.498639] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1099 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:19:30.807Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:19:58 honeypot-fra-1 sshd[28937]: Disconnected from authenticating user root 20.92.94.177 port 41128 [preauth]","@timestamp":"2022-09-18T19:19:59.322Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:25:27 honeypot-ams-1 kernel: [84405707.198568] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=50.4.46.46 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=46206 DF PROTO=TCP SPT=47198 DPT=80 WINDOW=62720 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:25:28.312Z"}
{"@timestamp":"2022-09-18T19:26:42.209Z","@version":"1","message":"Sep 18 19:26:42 honeypot-sgp-1 sshd[31415]: Received disconnect from 61.177.173.35 port 25199:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:23 honeypot-fra-1 sshd[28950]: Connection closed by authenticating user root 13.126.217.41 port 60152 [preauth]","@timestamp":"2022-09-18T19:27:23.492Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:28 honeypot-fra-1 sshd[28962]: Connection closed by authenticating user root 13.126.217.41 port 37842 [preauth]","@timestamp":"2022-09-18T19:27:29.495Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:34 honeypot-fra-1 sshd[28974]: Connection closed by authenticating user root 13.126.217.41 port 44228 [preauth]","@timestamp":"2022-09-18T19:27:34.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:39 honeypot-fra-1 sshd[28986]: Connection closed by authenticating user root 13.126.217.41 port 50930 [preauth]","@timestamp":"2022-09-18T19:27:40.503Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:45 honeypot-fra-1 sshd[28998]: Connection closed by authenticating user root 13.126.217.41 port 57728 [preauth]","@timestamp":"2022-09-18T19:27:46.506Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:51 honeypot-fra-1 sshd[29010]: Connection closed by authenticating user root 13.126.217.41 port 35846 [preauth]","@timestamp":"2022-09-18T19:27:51.509Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:57 honeypot-fra-1 sshd[29022]: Connection closed by authenticating user root 13.126.217.41 port 42312 [preauth]","@timestamp":"2022-09-18T19:27:57.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:02 honeypot-fra-1 sshd[29034]: Connection closed by authenticating user root 13.126.217.41 port 48312 [preauth]","@timestamp":"2022-09-18T19:28:03.518Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:28:05.244Z","@version":"1","message":"Sep 18 19:28:05 honeypot-sgp-1 sshd[31420]: Invalid user rizon from 43.130.40.251 port 54698","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:08 honeypot-fra-1 sshd[29046]: Connection closed by authenticating user root 13.126.217.41 port 54812 [preauth]","@timestamp":"2022-09-18T19:28:08.522Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:14 honeypot-fra-1 sshd[29058]: Connection closed by authenticating user root 13.126.217.41 port 32928 [preauth]","@timestamp":"2022-09-18T19:28:14.525Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:19 honeypot-fra-1 sshd[29070]: Connection closed by authenticating user root 13.126.217.41 port 39214 [preauth]","@timestamp":"2022-09-18T19:28:20.529Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:25 honeypot-fra-1 sshd[29082]: Connection closed by authenticating user root 13.126.217.41 port 45454 [preauth]","@timestamp":"2022-09-18T19:28:25.533Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:29 honeypot-fra-1 sshd[29092]: Connection closed by authenticating user root 13.126.217.41 port 50916 [preauth]","@timestamp":"2022-09-18T19:28:30.536Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:35 honeypot-fra-1 sshd[29104]: Connection closed by authenticating user root 13.126.217.41 port 57228 [preauth]","@timestamp":"2022-09-18T19:28:36.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:39 honeypot-fra-1 sshd[29112]: Connection closed by invalid user user 13.126.217.41 port 33198 [preauth]","@timestamp":"2022-09-18T19:28:39.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:42 honeypot-fra-1 sshd[29118]: Connection closed by invalid user user 13.126.217.41 port 36232 [preauth]","@timestamp":"2022-09-18T19:28:42.544Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:44 honeypot-fra-1 sshd[29124]: Connection closed by invalid user user 13.126.217.41 port 39334 [preauth]","@timestamp":"2022-09-18T19:28:45.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:47 honeypot-fra-1 sshd[29130]: Connection closed by invalid user user 13.126.217.41 port 42332 [preauth]","@timestamp":"2022-09-18T19:28:48.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:50 honeypot-fra-1 sshd[29136]: Connection closed by invalid user user 13.126.217.41 port 45532 [preauth]","@timestamp":"2022-09-18T19:28:50.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:53 honeypot-fra-1 sshd[29142]: Connection closed by invalid user user 13.126.217.41 port 48636 [preauth]","@timestamp":"2022-09-18T19:28:53.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:55 honeypot-fra-1 sshd[29148]: Connection closed by invalid user user 13.126.217.41 port 51714 [preauth]","@timestamp":"2022-09-18T19:28:56.553Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:58 honeypot-fra-1 sshd[29154]: Connection closed by invalid user user 13.126.217.41 port 54554 [preauth]","@timestamp":"2022-09-18T19:28:59.555Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:01 honeypot-fra-1 sshd[29160]: Connection closed by invalid user user 13.126.217.41 port 57794 [preauth]","@timestamp":"2022-09-18T19:29:02.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:04 honeypot-fra-1 sshd[29166]: Connection closed by invalid user user 13.126.217.41 port 60768 [preauth]","@timestamp":"2022-09-18T19:29:04.558Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:07 honeypot-fra-1 sshd[29172]: Connection closed by invalid user user 13.126.217.41 port 35790 [preauth]","@timestamp":"2022-09-18T19:29:07.561Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:09 honeypot-fra-1 sshd[29178]: Connection closed by invalid user user 13.126.217.41 port 38606 [preauth]","@timestamp":"2022-09-18T19:29:10.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:12 honeypot-fra-1 sshd[29184]: Connection closed by invalid user user 13.126.217.41 port 41770 [preauth]","@timestamp":"2022-09-18T19:29:13.564Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:15 honeypot-fra-1 sshd[29190]: Connection closed by invalid user user 13.126.217.41 port 45006 [preauth]","@timestamp":"2022-09-18T19:29:15.565Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:18 honeypot-fra-1 sshd[29196]: Connection closed by invalid user user 13.126.217.41 port 48002 [preauth]","@timestamp":"2022-09-18T19:29:18.567Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:21 honeypot-fra-1 sshd[29202]: Connection closed by invalid user user 13.126.217.41 port 51106 [preauth]","@timestamp":"2022-09-18T19:29:21.569Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:23 honeypot-fra-1 sshd[29208]: Connection closed by invalid user user 13.126.217.41 port 54198 [preauth]","@timestamp":"2022-09-18T19:29:24.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:26 honeypot-fra-1 sshd[29214]: Connection closed by invalid user user 13.126.217.41 port 57224 [preauth]","@timestamp":"2022-09-18T19:29:26.573Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:29 honeypot-fra-1 sshd[29220]: Connection closed by invalid user user 13.126.217.41 port 60034 [preauth]","@timestamp":"2022-09-18T19:29:29.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:32 honeypot-fra-1 sshd[29226]: Connection closed by invalid user user 13.126.217.41 port 35068 [preauth]","@timestamp":"2022-09-18T19:29:32.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:34 honeypot-fra-1 sshd[29232]: Connection closed by invalid user user 13.126.217.41 port 38046 [preauth]","@timestamp":"2022-09-18T19:29:35.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:37 honeypot-fra-1 sshd[29238]: Connection closed by invalid user user 13.126.217.41 port 41156 [preauth]","@timestamp":"2022-09-18T19:29:38.581Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:29:38 honeypot-ams-1 sshd[6439]: Invalid user postgres from 193.106.191.157 port 39280","@timestamp":"2022-09-18T19:29:39.427Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:40 honeypot-fra-1 sshd[29244]: Connection closed by invalid user user 13.126.217.41 port 43934 [preauth]","@timestamp":"2022-09-18T19:29:40.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:43 honeypot-fra-1 sshd[29250]: Connection closed by invalid user user 13.126.217.41 port 47006 [preauth]","@timestamp":"2022-09-18T19:29:43.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:45 honeypot-fra-1 sshd[29256]: Connection closed by invalid user user 13.126.217.41 port 49980 [preauth]","@timestamp":"2022-09-18T19:29:46.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:48 honeypot-fra-1 sshd[29262]: Connection closed by invalid user user 13.126.217.41 port 53108 [preauth]","@timestamp":"2022-09-18T19:29:49.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:51 honeypot-fra-1 sshd[29268]: Connection closed by invalid user user 13.126.217.41 port 56002 [preauth]","@timestamp":"2022-09-18T19:29:51.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:53 honeypot-fra-1 sshd[29274]: Connection closed by invalid user ubuntu 13.126.217.41 port 58962 [preauth]","@timestamp":"2022-09-18T19:29:54.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:56 honeypot-fra-1 sshd[29280]: Connection closed by invalid user ubuntu 13.126.217.41 port 33784 [preauth]","@timestamp":"2022-09-18T19:29:57.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:59 honeypot-fra-1 sshd[29286]: Connection closed by invalid user ubuntu 13.126.217.41 port 36652 [preauth]","@timestamp":"2022-09-18T19:29:59.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:02 honeypot-fra-1 sshd[29292]: Connection closed by invalid user ubuntu 13.126.217.41 port 39540 [preauth]","@timestamp":"2022-09-18T19:30:02.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:04 honeypot-fra-1 sshd[29298]: Connection closed by invalid user ubuntu 13.126.217.41 port 42376 [preauth]","@timestamp":"2022-09-18T19:30:05.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:07 honeypot-fra-1 sshd[29304]: Connection closed by invalid user ubuntu 13.126.217.41 port 45572 [preauth]","@timestamp":"2022-09-18T19:30:08.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:10 honeypot-fra-1 sshd[29310]: Connection closed by invalid user ubuntu 13.126.217.41 port 48476 [preauth]","@timestamp":"2022-09-18T19:30:10.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:13 honeypot-fra-1 sshd[29316]: Connection closed by invalid user ubuntu 13.126.217.41 port 51390 [preauth]","@timestamp":"2022-09-18T19:30:13.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:15 honeypot-fra-1 sshd[29322]: Connection closed by invalid user ubuntu 13.126.217.41 port 54158 [preauth]","@timestamp":"2022-09-18T19:30:16.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:18 honeypot-fra-1 sshd[29328]: Connection closed by invalid user ubuntu 13.126.217.41 port 57044 [preauth]","@timestamp":"2022-09-18T19:30:18.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:21 honeypot-fra-1 sshd[29334]: Connection closed by invalid user ubuntu 13.126.217.41 port 60116 [preauth]","@timestamp":"2022-09-18T19:30:21.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:23 honeypot-fra-1 sshd[29340]: Connection closed by invalid user ubuntu 13.126.217.41 port 34804 [preauth]","@timestamp":"2022-09-18T19:30:24.649Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:26 honeypot-fra-1 sshd[29346]: Connection closed by invalid user ubuntu 13.126.217.41 port 37638 [preauth]","@timestamp":"2022-09-18T19:30:26.650Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:29 honeypot-fra-1 sshd[29352]: Connection closed by invalid user ubuntu 13.126.217.41 port 40502 [preauth]","@timestamp":"2022-09-18T19:30:29.652Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:32 honeypot-fra-1 sshd[29358]: Connection closed by invalid user ubuntu 13.126.217.41 port 43486 [preauth]","@timestamp":"2022-09-18T19:30:32.654Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:34 honeypot-fra-1 sshd[29365]: Connection closed by invalid user ubuntu 13.126.217.41 port 46200 [preauth]","@timestamp":"2022-09-18T19:30:35.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:37 honeypot-fra-1 sshd[29371]: Connection closed by invalid user ubuntu 13.126.217.41 port 49158 [preauth]","@timestamp":"2022-09-18T19:30:37.658Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:40 honeypot-fra-1 sshd[29377]: Connection closed by invalid user ubuntu 13.126.217.41 port 52032 [preauth]","@timestamp":"2022-09-18T19:30:40.660Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:42 honeypot-fra-1 sshd[29383]: Connection closed by invalid user ubuntu 13.126.217.41 port 55010 [preauth]","@timestamp":"2022-09-18T19:30:43.662Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:45 honeypot-fra-1 sshd[29389]: Connection closed by invalid user ubuntu 13.126.217.41 port 57746 [preauth]","@timestamp":"2022-09-18T19:30:45.663Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:48 honeypot-fra-1 sshd[29395]: Connection closed by invalid user ubuntu 13.126.217.41 port 60730 [preauth]","@timestamp":"2022-09-18T19:30:48.665Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:50 honeypot-fra-1 sshd[29401]: Connection closed by invalid user ubuntu 13.126.217.41 port 35406 [preauth]","@timestamp":"2022-09-18T19:30:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:53 honeypot-fra-1 sshd[29407]: Connection closed by invalid user ubuntu 13.126.217.41 port 38380 [preauth]","@timestamp":"2022-09-18T19:30:54.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:56 honeypot-fra-1 sshd[29413]: Connection closed by invalid user ubuntu 13.126.217.41 port 41256 [preauth]","@timestamp":"2022-09-18T19:30:56.671Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:59 honeypot-fra-1 sshd[29419]: Connection closed by invalid user ubuntu 13.126.217.41 port 44006 [preauth]","@timestamp":"2022-09-18T19:30:59.673Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:01 honeypot-fra-1 sshd[29425]: Connection closed by invalid user ubuntu 13.126.217.41 port 46962 [preauth]","@timestamp":"2022-09-18T19:31:02.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:04 honeypot-fra-1 sshd[29431]: Connection closed by invalid user ubuntu 13.126.217.41 port 49782 [preauth]","@timestamp":"2022-09-18T19:31:04.676Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:07 honeypot-fra-1 sshd[29437]: Connection closed by invalid user ubuntu 13.126.217.41 port 52650 [preauth]","@timestamp":"2022-09-18T19:31:07.678Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:09 honeypot-fra-1 sshd[29443]: Connection closed by invalid user debian 13.126.217.41 port 55478 [preauth]","@timestamp":"2022-09-18T19:31:09.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:12 honeypot-fra-1 sshd[29449]: Connection closed by invalid user debian 13.126.217.41 port 58292 [preauth]","@timestamp":"2022-09-18T19:31:12.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:14 honeypot-fra-1 sshd[29455]: Connection closed by invalid user debian 13.126.217.41 port 32966 [preauth]","@timestamp":"2022-09-18T19:31:15.683Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:17 honeypot-fra-1 sshd[29461]: Connection closed by invalid user debian 13.126.217.41 port 36208 [preauth]","@timestamp":"2022-09-18T19:31:17.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:20 honeypot-fra-1 sshd[29467]: Connection closed by invalid user debian 13.126.217.41 port 39262 [preauth]","@timestamp":"2022-09-18T19:31:20.686Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:23 honeypot-fra-1 sshd[29473]: Connection closed by invalid user debian 13.126.217.41 port 42416 [preauth]","@timestamp":"2022-09-18T19:31:23.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:25 honeypot-fra-1 sshd[29479]: Connection closed by invalid user debian 13.126.217.41 port 45574 [preauth]","@timestamp":"2022-09-18T19:31:26.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:28 honeypot-fra-1 sshd[29486]: Connection closed by invalid user debian 13.126.217.41 port 48994 [preauth]","@timestamp":"2022-09-18T19:31:28.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:31 honeypot-fra-1 sshd[29492]: Connection closed by invalid user debian 13.126.217.41 port 51944 [preauth]","@timestamp":"2022-09-18T19:31:31.693Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:33 honeypot-fra-1 sshd[29498]: Connection closed by invalid user debian 13.126.217.41 port 55062 [preauth]","@timestamp":"2022-09-18T19:31:34.695Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:36 honeypot-fra-1 sshd[29504]: Connection closed by invalid user debian 13.126.217.41 port 58032 [preauth]","@timestamp":"2022-09-18T19:31:36.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:39 honeypot-fra-1 sshd[29510]: Connection closed by invalid user debian 13.126.217.41 port 32800 [preauth]","@timestamp":"2022-09-18T19:31:39.699Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:41 honeypot-fra-1 sshd[29516]: Connection closed by invalid user debian 13.126.217.41 port 35646 [preauth]","@timestamp":"2022-09-18T19:31:42.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:44 honeypot-fra-1 sshd[29522]: Connection closed by invalid user debian 13.126.217.41 port 38784 [preauth]","@timestamp":"2022-09-18T19:31:45.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:47 honeypot-fra-1 sshd[29528]: Connection closed by invalid user debian 13.126.217.41 port 41616 [preauth]","@timestamp":"2022-09-18T19:31:47.704Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:50 honeypot-fra-1 sshd[29534]: Connection closed by invalid user debian 13.126.217.41 port 44632 [preauth]","@timestamp":"2022-09-18T19:31:50.705Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:52 honeypot-fra-1 sshd[29540]: Connection closed by invalid user debian 13.126.217.41 port 47630 [preauth]","@timestamp":"2022-09-18T19:31:53.708Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:55 honeypot-fra-1 sshd[29546]: Connection closed by invalid user debian 13.126.217.41 port 50340 [preauth]","@timestamp":"2022-09-18T19:31:55.709Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:58 honeypot-fra-1 sshd[29552]: Connection closed by invalid user debian 13.126.217.41 port 53426 [preauth]","@timestamp":"2022-09-18T19:31:58.711Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:01 honeypot-fra-1 sshd[29558]: Connection closed by invalid user debian 13.126.217.41 port 56586 [preauth]","@timestamp":"2022-09-18T19:32:01.713Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:03 honeypot-fra-1 sshd[29566]: Connection closed by invalid user debian 13.126.217.41 port 59834 [preauth]","@timestamp":"2022-09-18T19:32:04.714Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:32:05.339Z","@version":"1","message":"Sep 18 19:32:04 honeypot-sgp-1 sshd[31426]: Invalid user system from 103.188.176.251 port 56050","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:06 honeypot-fra-1 sshd[29572]: Connection closed by invalid user debian 13.126.217.41 port 34640 [preauth]","@timestamp":"2022-09-18T19:32:06.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:09 honeypot-fra-1 sshd[29578]: Connection closed by invalid user debian 13.126.217.41 port 37778 [preauth]","@timestamp":"2022-09-18T19:32:09.719Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:32:11.343Z","@version":"1","message":"Sep 18 19:32:10 honeypot-sgp-1 sshd[31430]: Disconnected from authenticating user root 61.177.173.37 port 14086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:11 honeypot-fra-1 sshd[29584]: Connection closed by invalid user debian 13.126.217.41 port 40806 [preauth]","@timestamp":"2022-09-18T19:32:12.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:14 honeypot-fra-1 sshd[29590]: Connection closed by invalid user debian 13.126.217.41 port 43956 [preauth]","@timestamp":"2022-09-18T19:32:15.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:17 honeypot-fra-1 sshd[29596]: Connection closed by invalid user debian 13.126.217.41 port 46928 [preauth]","@timestamp":"2022-09-18T19:32:17.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:20 honeypot-fra-1 sshd[29602]: Connection closed by invalid user debian 13.126.217.41 port 49856 [preauth]","@timestamp":"2022-09-18T19:32:20.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:22 honeypot-fra-1 sshd[29608]: Connection closed by invalid user admin 13.126.217.41 port 52772 [preauth]","@timestamp":"2022-09-18T19:32:23.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:25 honeypot-fra-1 sshd[29614]: Connection closed by invalid user admin 13.126.217.41 port 55824 [preauth]","@timestamp":"2022-09-18T19:32:25.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:28 honeypot-fra-1 sshd[29620]: Connection closed by invalid user admin 13.126.217.41 port 58988 [preauth]","@timestamp":"2022-09-18T19:32:28.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:31 honeypot-fra-1 sshd[29626]: Connection closed by invalid user admin 13.126.217.41 port 33866 [preauth]","@timestamp":"2022-09-18T19:32:31.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:34 honeypot-fra-1 sshd[29632]: Connection closed by invalid user admin 13.126.217.41 port 36742 [preauth]","@timestamp":"2022-09-18T19:32:34.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:36 honeypot-fra-1 sshd[29638]: Connection closed by invalid user admin 13.126.217.41 port 39930 [preauth]","@timestamp":"2022-09-18T19:32:37.737Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:39 honeypot-fra-1 sshd[29644]: Connection closed by invalid user admin 13.126.217.41 port 42766 [preauth]","@timestamp":"2022-09-18T19:32:39.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:42 honeypot-fra-1 sshd[29650]: Connection closed by invalid user admin 13.126.217.41 port 45578 [preauth]","@timestamp":"2022-09-18T19:32:42.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:44 honeypot-fra-1 sshd[29656]: Connection closed by invalid user admin 13.126.217.41 port 48304 [preauth]","@timestamp":"2022-09-18T19:32:45.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:47 honeypot-fra-1 sshd[29662]: Connection closed by invalid user admin 13.126.217.41 port 51314 [preauth]","@timestamp":"2022-09-18T19:32:47.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:50 honeypot-fra-1 sshd[29668]: Connection closed by invalid user admin 13.126.217.41 port 54452 [preauth]","@timestamp":"2022-09-18T19:32:50.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:53 honeypot-fra-1 sshd[29674]: Connection closed by invalid user admin 13.126.217.41 port 57304 [preauth]","@timestamp":"2022-09-18T19:32:53.748Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:55 honeypot-fra-1 sshd[29680]: Connection closed by invalid user admin 13.126.217.41 port 60172 [preauth]","@timestamp":"2022-09-18T19:32:56.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:58 honeypot-fra-1 sshd[29686]: Connection closed by invalid user admin 13.126.217.41 port 34908 [preauth]","@timestamp":"2022-09-18T19:32:58.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:01 honeypot-fra-1 sshd[29692]: Connection closed by invalid user admin 13.126.217.41 port 37940 [preauth]","@timestamp":"2022-09-18T19:33:01.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:03 honeypot-fra-1 sshd[29698]: Connection closed by invalid user admin 13.126.217.41 port 40844 [preauth]","@timestamp":"2022-09-18T19:33:03.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:06 honeypot-fra-1 sshd[29704]: Connection closed by invalid user admin 13.126.217.41 port 43734 [preauth]","@timestamp":"2022-09-18T19:33:06.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:09 honeypot-fra-1 sshd[29710]: Connection closed by invalid user admin 13.126.217.41 port 46734 [preauth]","@timestamp":"2022-09-18T19:33:09.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:11 honeypot-fra-1 sshd[29716]: Connection closed by invalid user admin 13.126.217.41 port 49886 [preauth]","@timestamp":"2022-09-18T19:33:12.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:14 honeypot-fra-1 sshd[29722]: Connection closed by invalid user admin 13.126.217.41 port 52894 [preauth]","@timestamp":"2022-09-18T19:33:14.762Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:17 honeypot-fra-1 sshd[29728]: Connection closed by invalid user admin 13.126.217.41 port 55792 [preauth]","@timestamp":"2022-09-18T19:33:17.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:19 honeypot-fra-1 sshd[29734]: Connection closed by invalid user admin 13.126.217.41 port 59014 [preauth]","@timestamp":"2022-09-18T19:33:20.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:22 honeypot-fra-1 sshd[29742]: Connection closed by invalid user admin 13.126.217.41 port 33964 [preauth]","@timestamp":"2022-09-18T19:33:22.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:25 honeypot-fra-1 sshd[29748]: Connection closed by invalid user admin 13.126.217.41 port 37104 [preauth]","@timestamp":"2022-09-18T19:33:25.770Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:27 honeypot-fra-1 sshd[29754]: Connection closed by invalid user admin 13.126.217.41 port 40068 [preauth]","@timestamp":"2022-09-18T19:33:28.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:30 honeypot-fra-1 sshd[29760]: Connection closed by invalid user admin 13.126.217.41 port 43298 [preauth]","@timestamp":"2022-09-18T19:33:30.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:33 honeypot-fra-1 sshd[29766]: Connection closed by invalid user admin 13.126.217.41 port 46360 [preauth]","@timestamp":"2022-09-18T19:33:33.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:36 honeypot-fra-1 sshd[29772]: Connection closed by invalid user pi 13.126.217.41 port 49684 [preauth]","@timestamp":"2022-09-18T19:33:36.776Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:36:33 honeypot-ams-1 sshd[6444]: Connection closed by invalid user oracle 103.6.137.42 port 38566 [preauth]","@timestamp":"2022-09-18T19:36:34.614Z"}
{"@timestamp":"2022-09-18T19:37:42.475Z","@version":"1","message":"Sep 18 19:37:41 honeypot-sgp-1 kernel: [84405964.284657] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=24591 PROTO=TCP SPT=52051 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:37:50 honeypot-fra-1 sshd[29779]: Disconnected from authenticating user root 61.177.172.104 port 35473 [preauth]","@timestamp":"2022-09-18T19:37:50.873Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:39:00.509Z","@version":"1","message":"Sep 18 19:39:00 honeypot-sgp-1 sshd[31442]: Received disconnect from 140.238.255.101 port 38012:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:41:50.576Z","@version":"1","message":"Sep 18 19:41:49 honeypot-sgp-1 sshd[31450]: Disconnected from authenticating user root 165.22.245.238 port 53280 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:41:57 honeypot-fra-1 sshd[29786]: Disconnected from invalid user teste 92.255.85.70 port 28088 [preauth]","@timestamp":"2022-09-18T19:41:57.968Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:42:15.588Z","@version":"1","message":"Sep 18 19:42:14 honeypot-sgp-1 sshd[31455]: Received disconnect from 45.61.186.49 port 34816:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:24.593Z","@version":"1","message":"Sep 18 19:42:23 honeypot-sgp-1 sshd[31459]: Received disconnect from 45.61.186.49 port 46168:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:44:34.647Z","@version":"1","message":"Sep 18 19:44:33 honeypot-sgp-1 kernel: [84406376.403725] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.230.3 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=17459 DF PROTO=TCP SPT=41182 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:47:11 honeypot-ams-1 kernel: [84407010.711964] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55768 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:47:11.897Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:01 honeypot-ams-1 sshd[6454]: Received disconnect from 45.61.184.204 port 55762:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:48:01.923Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:19 honeypot-ams-1 sshd[6458]: Received disconnect from 45.61.184.204 port 50366:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:48:19.933Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:35 honeypot-ams-1 sshd[6462]: Received disconnect from 45.61.184.204 port 44988:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:48:35.942Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:49:08 honeypot-fra-1 sshd[29794]: Received disconnect from 92.81.222.217 port 49968:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:49:09.130Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:49:56.775Z","@version":"1","message":"Sep 18 19:49:56 honeypot-sgp-1 sshd[31469]: Received disconnect from 143.198.75.234 port 46792:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:51:19 honeypot-fra-1 kernel: [84405085.805411] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28799 PROTO=TCP SPT=50214 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:51:20.184Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:52:32 honeypot-ams-1 kernel: [84407332.135922] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12307 PROTO=TCP SPT=50214 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:52:33.049Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:53:10 honeypot-fra-1 sshd[29805]: Invalid user test from 178.128.72.150 port 36972","@timestamp":"2022-09-18T19:53:11.228Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:00 honeypot-fra-1 sshd[29809]: Invalid user minecraft from 178.128.72.150 port 36308","@timestamp":"2022-09-18T19:54:01.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:49 honeypot-fra-1 sshd[29814]: Invalid user oracle from 178.128.72.150 port 35654","@timestamp":"2022-09-18T19:54:50.272Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:55:37 honeypot-fra-1 sshd[29818]: Invalid user test from 178.128.72.150 port 34992","@timestamp":"2022-09-18T19:55:37.311Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:24 honeypot-fra-1 sshd[29822]: Invalid user ftpuser from 178.128.72.150 port 34334","@timestamp":"2022-09-18T19:56:25.331Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:57:07 honeypot-fra-1 sshd[29826]: Received disconnect from 103.86.180.10 port 42947:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:57:08.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:57:37 honeypot-fra-1 sshd[29830]: Received disconnect from 178.128.72.150 port 47460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:57:37.363Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:58:03 honeypot-fra-1 sshd[29834]: Received disconnect from 186.195.230.242 port 40297:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:58:04.375Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:58:42 honeypot-ams-1 sshd[6470]: Received disconnect from 152.32.214.226 port 39866:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:58:43.214Z"}
{"@timestamp":"2022-09-18T19:58:46.978Z","@version":"1","message":"Sep 18 19:58:46 honeypot-sgp-1 sshd[31478]: Disconnected from invalid user teste 92.255.85.70 port 34050 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T20:01:00.034Z","@version":"1","message":"Sep 18 20:00:59 honeypot-sgp-1 sshd[31484]: Disconnected from authenticating user root 61.177.173.49 port 44101 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:04:55 honeypot-ams-1 sshd[6473]: Invalid user d6nw5v1x2pc7st9m from 91.240.118.222 port 27689","@timestamp":"2022-09-18T20:04:56.380Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:05:04 honeypot-fra-1 sshd[29839]: Received disconnect from 61.177.173.39 port 54363:11:  [preauth]","@timestamp":"2022-09-18T20:05:04.539Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:05:33.148Z","@version":"1","message":"Sep 18 20:05:32 honeypot-sgp-1 sshd[31489]: Disconnected from authenticating user root 61.177.173.39 port 54125 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:07:47 honeypot-ams-1 sshd[6478]: Invalid user user1!2@3#4$ from 62.204.41.222 port 14849","@timestamp":"2022-09-18T20:07:47.456Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:10:31 honeypot-ams-1 sshd[6483]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-18T20:10:31.529Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:17:01 honeypot-ams-1 CRON[6487]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T20:17:02.702Z"}
{"@timestamp":"2022-09-18T20:18:18.444Z","@version":"1","message":"Sep 18 20:18:17 honeypot-sgp-1 sshd[31497]: Disconnected from authenticating user root 218.92.0.221 port 24902 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:18 honeypot-fra-1 sshd[29854]: Invalid user rot from 178.62.81.147 port 52484","@timestamp":"2022-09-18T20:19:18.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:46 honeypot-fra-1 sshd[29862]: Invalid user admin from 220.225.126.55 port 42356","@timestamp":"2022-09-18T20:19:47.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:22:11 honeypot-fra-1 kernel: [84406937.748519] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.69 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=47016 PROTO=TCP SPT=50573 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:22:11.935Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:22:54 honeypot-fra-1 sshd[29871]: Disconnected from invalid user miner 190.129.60.125 port 34164 [preauth]","@timestamp":"2022-09-18T20:22:54.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:28:32 honeypot-fra-1 sshd[29878]: Received disconnect from 185.74.4.20 port 58104:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:28:33.103Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:29:08 honeypot-fra-1 sshd[29882]: Disconnected from authenticating user root 61.177.173.49 port 46613 [preauth]","@timestamp":"2022-09-18T20:29:08.119Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:29:30.702Z","@version":"1","message":"Sep 18 20:29:30 honeypot-sgp-1 sshd[31523]: Received disconnect from 61.177.173.53 port 20774:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:30:36 honeypot-ams-1 kernel: [84409615.548488] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=48073 PROTO=TCP SPT=53008 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:30:37.057Z"}
{"@timestamp":"2022-09-18T20:38:25.911Z","@version":"1","message":"Sep 18 20:38:25 honeypot-sgp-1 sshd[31532]: Received disconnect from 61.177.173.46 port 63615:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:39:42 honeypot-fra-1 kernel: [84407989.132496] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.105.53.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15538 PROTO=TCP SPT=1984 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:39:43.350Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T20:42:00.992Z","@version":"1","message":"Sep 18 20:42:00 honeypot-sgp-1 sshd[31537]: Disconnected from authenticating user root 61.177.173.48 port 22980 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:42:55 honeypot-ams-1 kernel: [84410354.667363] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57444 PROTO=TCP SPT=53690 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:42:55.383Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:47:58 honeypot-ams-1 sshd[6503]: Disconnected from authenticating user root 92.255.85.70 port 47970 [preauth]","@timestamp":"2022-09-18T20:47:59.522Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:52:22 honeypot-ams-1 sshd[6508]: Received disconnect from 178.128.72.150 port 41944:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:52:22.641Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:53:08 honeypot-fra-1 sshd[29914]: Received disconnect from 61.177.173.37 port 38469:11:  [preauth]","@timestamp":"2022-09-18T20:53:08.651Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:53:15 honeypot-ams-1 sshd[6513]: Invalid user minecraft from 178.128.72.150 port 44136","@timestamp":"2022-09-18T20:53:15.669Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:54:08 honeypot-ams-1 sshd[6517]: Invalid user oracle from 178.128.72.150 port 46366","@timestamp":"2022-09-18T20:54:09.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:00 honeypot-ams-1 sshd[6521]: Invalid user test from 178.128.72.150 port 48532","@timestamp":"2022-09-18T20:55:01.721Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:53 honeypot-ams-1 sshd[6525]: Invalid user ftpuser from 178.128.72.150 port 50710","@timestamp":"2022-09-18T20:55:53.746Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:56:45 honeypot-ams-1 sshd[6529]: Invalid user admin from 178.128.72.150 port 52904","@timestamp":"2022-09-18T20:56:45.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:57:11 honeypot-ams-1 sshd[6531]: Disconnected from invalid user postgres 178.128.72.150 port 39856 [preauth]","@timestamp":"2022-09-18T20:57:11.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:00:43 honeypot-ams-1 sshd[6536]: Invalid user admin from 92.255.85.70 port 54698","@timestamp":"2022-09-18T21:00:43.888Z"}
{"@timestamp":"2022-09-18T21:03:08.472Z","@version":"1","message":"Sep 18 21:03:08 honeypot-sgp-1 kernel: [84411090.715734] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=45808 PROTO=TCP SPT=54804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:03:28 honeypot-fra-1 sshd[29925]: Invalid user postgres from 193.106.191.157 port 59958","@timestamp":"2022-09-18T21:03:28.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:04:17 honeypot-fra-1 sshd[29929]: Disconnected from authenticating user root 206.81.9.31 port 40420 [preauth]","@timestamp":"2022-09-18T21:04:17.904Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:06:32.552Z","@version":"1","message":"Sep 18 21:06:31 honeypot-sgp-1 sshd[31556]: Received disconnect from 61.177.173.48 port 43345:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:08:14.594Z","@version":"1","message":"Sep 18 21:08:13 honeypot-sgp-1 sshd[31560]: Disconnected from authenticating user root 159.223.22.132 port 37222 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:09:50 honeypot-fra-1 sshd[29938]: Received disconnect from 2.42.138.122 port 52339:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:09:51.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:12:36 honeypot-fra-1 sshd[29943]: Connection reset by 61.177.172.104 port 19043 [preauth]","@timestamp":"2022-09-18T21:12:37.091Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:13:21.716Z","@version":"1","message":"Sep 18 21:13:21 honeypot-sgp-1 sshd[31568]: Received disconnect from 61.177.173.46 port 63245:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:15:45 honeypot-ams-1 kernel: [84412325.277778] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=171.122.206.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=9582 PROTO=TCP SPT=34148 DPT=443 WINDOW=18108 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:15:46.289Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:17:22 honeypot-fra-1 sshd[29952]: Disconnected from invalid user admin 92.255.85.69 port 53476 [preauth]","@timestamp":"2022-09-18T21:17:23.200Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:19:19.858Z","@version":"1","message":"Sep 18 21:19:19 honeypot-sgp-1 sshd[31582]: Connection closed by 162.142.125.212 port 39512 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:25:41 honeypot-ams-1 kernel: [84412921.230065] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=17548 PROTO=TCP SPT=42441 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:25:42.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:27:16 honeypot-fra-1 sshd[29964]: Received disconnect from 61.177.172.124 port 45086:11:  [preauth]","@timestamp":"2022-09-18T21:27:17.421Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:27:47.073Z","@version":"1","message":"Sep 18 21:27:46 honeypot-sgp-1 kernel: [84412568.773711] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=35995 PROTO=TCP SPT=42301 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:28:03 honeypot-ams-1 sshd[6550]: Disconnected from authenticating user root 161.49.118.82 port 39218 [preauth]","@timestamp":"2022-09-18T21:28:03.615Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:30:48 honeypot-fra-1 sshd[29970]: Disconnected from authenticating user root 218.92.0.221 port 54918 [preauth]","@timestamp":"2022-09-18T21:30:49.499Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:31:23 honeypot-ams-1 kernel: [84413263.034317] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=56857 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:31:23.708Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:35:48 honeypot-fra-1 sshd[29978]: Received disconnect from 61.177.173.50 port 51941:11:  [preauth]","@timestamp":"2022-09-18T21:35:49.611Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:39:00 honeypot-ams-1 kernel: [84413719.928703] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.105.53.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=5334 PROTO=TCP SPT=1984 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:39:00.912Z"}
{"@timestamp":"2022-09-18T21:39:21.340Z","@version":"1","message":"Sep 18 21:39:20 honeypot-sgp-1 sshd[31598]: Received disconnect from 61.177.172.19 port 21304:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:40:13 honeypot-fra-1 sshd[29983]: Connection closed by invalid user postgres 193.106.191.157 port 55878 [preauth]","@timestamp":"2022-09-18T21:40:14.711Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:40:58.382Z","@version":"1","message":"Sep 18 21:40:57 honeypot-sgp-1 sshd[31601]: Disconnected from authenticating user root 179.43.156.143 port 35762 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:42:52.428Z","@version":"1","message":"Sep 18 21:42:52 honeypot-sgp-1 sshd[31609]: Disconnected from authenticating user root 179.43.156.143 port 56638 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:44:45.475Z","@version":"1","message":"Sep 18 21:44:44 honeypot-sgp-1 sshd[31616]: Invalid user nutanix from 179.43.156.143 port 49218","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:45:42 honeypot-fra-1 sshd[29988]: Disconnected from authenticating user root 61.177.173.51 port 48796 [preauth]","@timestamp":"2022-09-18T21:45:42.833Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:46:00.507Z","@version":"1","message":"Sep 18 21:45:59 honeypot-sgp-1 sshd[31620]: Invalid user RPM from 92.255.85.69 port 26198","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:46:37.522Z","@version":"1","message":"Sep 18 21:46:37 honeypot-sgp-1 sshd[31626]: Invalid user esunny from 179.43.156.143 port 41814","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:47:55.555Z","@version":"1","message":"Sep 18 21:47:54 honeypot-sgp-1 sshd[31631]: Received disconnect from 179.43.156.143 port 36836:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:15.591Z","@version":"1","message":"Sep 18 21:49:14 honeypot-sgp-1 sshd[31638]: Received disconnect from 179.43.156.143 port 60118:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:54.609Z","@version":"1","message":"Sep 18 21:49:53 honeypot-sgp-1 sshd[31644]: Received disconnect from 179.43.156.143 port 57666:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:50:51 honeypot-ams-1 sshd[6566]: Disconnected from invalid user RPM 92.255.85.69 port 24312 [preauth]","@timestamp":"2022-09-18T21:50:52.220Z"}
{"@timestamp":"2022-09-18T21:50:57.636Z","@version":"1","message":"Sep 18 21:50:56 honeypot-sgp-1 sshd[31648]: Received disconnect from 188.166.208.174 port 47942:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:51:13.644Z","@version":"1","message":"Sep 18 21:51:13 honeypot-sgp-1 sshd[31652]: Disconnected from invalid user drcomadmin 179.43.156.143 port 52682 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:52:33.677Z","@version":"1","message":"Sep 18 21:52:33 honeypot-sgp-1 sshd[31656]: Disconnected from invalid user vyos 179.43.156.143 port 47776 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:53:58.714Z","@version":"1","message":"Sep 18 21:53:58 honeypot-sgp-1 sshd[31662]: Invalid user admin from 112.28.209.66 port 47504","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:54:33.730Z","@version":"1","message":"Sep 18 21:54:33 honeypot-sgp-1 sshd[31667]: Disconnected from authenticating user root 61.177.173.36 port 26012 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:54:53 honeypot-fra-1 sshd[29993]: Received disconnect from 61.177.173.36 port 35168:11:  [preauth]","@timestamp":"2022-09-18T21:54:54.033Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:56:13.772Z","@version":"1","message":"Sep 18 21:56:13 honeypot-sgp-1 sshd[31673]: Disconnected from authenticating user root 179.43.156.143 port 35386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:56:13 honeypot-ams-1 kernel: [84414753.073809] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=194.169.217.218 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=43761 DF PROTO=TCP SPT=27275 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:56:14.363Z"}
{"@timestamp":"2022-09-18T21:57:45.811Z","@version":"1","message":"Sep 18 21:57:45 honeypot-sgp-1 sshd[31679]: Disconnected from invalid user centos 179.43.156.143 port 58692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:59:14.872Z","@version":"1","message":"Sep 18 21:59:14 honeypot-sgp-1 sshd[31685]: Disconnected from authenticating user root 179.43.156.143 port 53742 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:00:16 honeypot-fra-1 kernel: [84412822.428429] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=95.217.181.127 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=64191 PROTO=TCP SPT=56308 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:00:17.159Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:01:30.928Z","@version":"1","message":"Sep 18 22:01:29 honeypot-sgp-1 sshd[31692]: Disconnected from authenticating user root 179.43.156.143 port 46322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:02:15 honeypot-fra-1 sshd[30007]: Connection closed by 47.187.239.95 port 56623 [preauth]","@timestamp":"2022-09-18T22:02:16.204Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:02:59.965Z","@version":"1","message":"Sep 18 22:02:59 honeypot-sgp-1 sshd[31696]: Disconnected from invalid user jenkins 179.43.156.143 port 41352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:21 honeypot-ams-1 sshd[6577]: Invalid user user from 45.61.186.169 port 34988","@timestamp":"2022-09-18T22:04:22.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:39 honeypot-ams-1 sshd[6581]: Invalid user user from 45.61.186.169 port 58440","@timestamp":"2022-09-18T22:04:39.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:56 honeypot-ams-1 sshd[6585]: Invalid user user from 45.61.186.169 port 53676","@timestamp":"2022-09-18T22:04:56.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:05:05 honeypot-ams-1 sshd[6587]: Invalid user user from 45.61.186.169 port 37212","@timestamp":"2022-09-18T22:05:05.601Z"}
{"@timestamp":"2022-09-18T22:05:18.022Z","@version":"1","message":"Sep 18 22:05:17 honeypot-sgp-1 sshd[31703]: Disconnected from authenticating user root 179.43.156.143 port 33956 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:07:32.076Z","@version":"1","message":"Sep 18 22:07:31 honeypot-sgp-1 sshd[31709]: Received disconnect from 179.43.156.143 port 54778:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:08:59.119Z","@version":"1","message":"Sep 18 22:08:58 honeypot-sgp-1 sshd[31713]: Received disconnect from 179.43.156.143 port 49834:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:09:52 honeypot-fra-1 sshd[30012]: Received disconnect from 107.172.219.107 port 58382:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:09:52.392Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:10:08.150Z","@version":"1","message":"Sep 18 22:10:07 honeypot-sgp-1 sshd[31717]: Received disconnect from 179.218.198.83 port 47359:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:15:55.286Z","@version":"1","message":"Sep 18 22:15:54 honeypot-sgp-1 sshd[31722]: Disconnected from invalid user admin 94.200.206.6 port 47542 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:15:54 honeypot-fra-1 kernel: [84413760.953796] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.203.118.3 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=10723 PROTO=TCP SPT=20000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:15:55.534Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:17:01 honeypot-ams-1 CRON[6595]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T22:17:01.912Z"}
{"@timestamp":"2022-09-18T22:20:05.384Z","@version":"1","message":"Sep 18 22:20:05 honeypot-sgp-1 sshd[31728]: Disconnected from invalid user support 92.255.85.70 port 23332 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:24:30 honeypot-ams-1 kernel: [84416449.844309] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.13.75.66 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=63218 PROTO=TCP SPT=38579 DPT=443 WINDOW=64211 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:24:31.114Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:25:46 honeypot-fra-1 sshd[30023]: Disconnected from invalid user craig2 203.129.220.82 port 55556 [preauth]","@timestamp":"2022-09-18T22:25:47.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:30:40 honeypot-fra-1 kernel: [84414646.474814] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=10110 PROTO=TCP SPT=56476 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:30:40.875Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:31:19 honeypot-ams-1 sshd[6606]: Received disconnect from 114.108.150.156 port 37758:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:31:20.293Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:32:52 honeypot-ams-1 sshd[6613]: Invalid user openbravo from 137.184.28.240 port 33144","@timestamp":"2022-09-18T22:32:53.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30044]: Invalid user dev from 185.209.179.41 port 57086","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30036]: Invalid user es from 185.209.179.41 port 57106","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30044]: Connection closed by invalid user dev 185.209.179.41 port 57086 [preauth]","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30040]: Connection closed by invalid user es 185.209.179.41 port 57076 [preauth]","@timestamp":"2022-09-18T22:36:14.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30062]: Invalid user admin from 185.209.179.41 port 57090","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30070]: Invalid user oracle from 185.209.179.41 port 57046","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30064]: Connection closed by invalid user mcserv 185.209.179.41 port 57114 [preauth]","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30083]: Invalid user bitwarden from 185.209.179.41 port 57070","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30080]: Connection closed by invalid user postgres 185.209.179.41 port 57100 [preauth]","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30082]: Connection closed by invalid user esuser 185.209.179.41 port 57064 [preauth]","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:40:07 honeypot-fra-1 sshd[30097]: Received disconnect from 165.22.45.108 port 59186:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T22:40:08.094Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:41:33 honeypot-ams-1 kernel: [84417472.623824] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.253.93.158 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=57994 PROTO=TCP SPT=52899 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:41:33.562Z"}
{"@timestamp":"2022-09-18T22:46:47.013Z","@version":"1","message":"Sep 18 22:46:46 honeypot-sgp-1 kernel: [84417309.232430] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=44873 DF PROTO=TCP SPT=57964 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:47:43.040Z","@version":"1","message":"Sep 18 22:47:42 honeypot-sgp-1 kernel: [84417364.511830] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=104.152.52.243 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=30918 PROTO=TCP SPT=41261 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:48:30 honeypot-fra-1 sshd[30104]: Did not receive identification string from 107.174.244.122 port 51178","@timestamp":"2022-09-18T22:48:31.281Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:51:17.128Z","@version":"1","message":"Sep 18 22:51:16 honeypot-sgp-1 kernel: [84417579.270185] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.88.48 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=6904 DF PROTO=TCP SPT=37758 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:52:24 honeypot-fra-1 sshd[30105]: Received disconnect from 107.174.244.122 port 51992:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:52:25.372Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:52:40 honeypot-ams-1 kernel: [84418140.082151] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=40397 DF PROTO=TCP SPT=57506 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:52:40.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:55:17 honeypot-ams-1 sshd[6639]: Connection closed by 174.138.61.44 port 53704 [preauth]","@timestamp":"2022-09-18T22:55:17.922Z"}
{"@timestamp":"2022-09-18T22:58:33.298Z","@version":"1","message":"Sep 18 22:58:32 honeypot-sgp-1 sshd[31744]: Invalid user user from 45.61.186.49 port 45650","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:58:42.301Z","@version":"1","message":"Sep 18 22:58:42 honeypot-sgp-1 sshd[31748]: Invalid user user from 45.61.186.49 port 57336","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:00:50 honeypot-fra-1 sshd[30110]: Invalid user tibero from 64.135.113.136 port 46228","@timestamp":"2022-09-18T23:00:51.564Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:01:19 honeypot-ams-1 kernel: [84418659.213509] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30538 PROTO=TCP SPT=42077 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:01:20.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:02:57 honeypot-fra-1 sshd[30115]: Invalid user cyrus from 141.98.10.158 port 33066","@timestamp":"2022-09-18T23:02:58.616Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:06:04 honeypot-ams-1 sshd[6646]: Disconnected from invalid user down 51.15.204.199 port 55737 [preauth]","@timestamp":"2022-09-18T23:06:05.208Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:11:04 honeypot-fra-1 kernel: [84417070.616290] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=28937 PROTO=TCP SPT=42663 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:11:04.803Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T23:13:57.683Z","@version":"1","message":"Sep 18 23:13:57 honeypot-sgp-1 sshd[31752]: Invalid user admin from 112.167.228.121 port 40434","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:14:15.693Z","@version":"1","message":"Sep 18 23:14:15 honeypot-sgp-1 sshd[31757]: Received disconnect from 27.118.22.221 port 44902:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:15:42.730Z","@version":"1","message":"Sep 18 23:15:41 honeypot-sgp-1 sshd[31761]: Disconnected from authenticating user root 92.255.85.69 port 16896 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:17:01 honeypot-fra-1 CRON[30125]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T23:17:01.938Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:17:01 honeypot-ams-1 CRON[6651]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T23:17:02.489Z"}
{"@timestamp":"2022-09-18T23:18:26.796Z","@version":"1","message":"Sep 18 23:18:26 honeypot-sgp-1 kernel: [84419208.690124] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.66.22.54 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=39 ID=18455 PROTO=TCP SPT=45500 DPT=80 WINDOW=43684 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:19:49 honeypot-ams-1 kernel: [84419768.431895] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1099 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:19:49.564Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:28:17 honeypot-ams-1 kernel: [84420277.133936] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.52.24.202 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=45 ID=23561 PROTO=TCP SPT=36667 DPT=80 WINDOW=56419 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:28:17.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:33 honeypot-ams-1 sshd[6665]: Disconnected from invalid user user 45.61.184.204 port 46172 [preauth]","@timestamp":"2022-09-18T23:28:33.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:51 honeypot-ams-1 sshd[6669]: Disconnected from invalid user user 45.61.184.204 port 40472 [preauth]","@timestamp":"2022-09-18T23:28:51.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:29:07 honeypot-ams-1 sshd[6673]: Disconnected from invalid user user 45.61.184.204 port 34756 [preauth]","@timestamp":"2022-09-18T23:29:07.812Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:29:09 honeypot-fra-1 sshd[30134]: Disconnected from authenticating user root 46.101.254.194 port 43302 [preauth]","@timestamp":"2022-09-18T23:29:10.206Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:33:58.163Z","@version":"1","message":"Sep 18 23:33:57 honeypot-sgp-1 sshd[31778]: Received disconnect from 165.22.14.77 port 48674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:38:32 honeypot-fra-1 sshd[30139]: Disconnected from invalid user admin 92.255.85.70 port 61058 [preauth]","@timestamp":"2022-09-18T23:38:32.415Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:39:18.285Z","@version":"1","message":"Sep 18 23:39:18 honeypot-sgp-1 sshd[31784]: Received disconnect from 20.187.88.167 port 59800:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:40:04 honeypot-ams-1 sshd[6679]: Disconnected from invalid user wlse 218.248.16.73 port 50320 [preauth]","@timestamp":"2022-09-18T23:40:05.117Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:42:28 honeypot-fra-1 sshd[30143]: Invalid user gitblit from 42.119.111.155 port 47046","@timestamp":"2022-09-18T23:42:28.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:43:06.373Z","@version":"1","message":"Sep 18 23:43:05 honeypot-sgp-1 sshd[31789]: Received disconnect from 144.48.240.59 port 54692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:44:24 honeypot-ams-1 sshd[6685]: Disconnected from authenticating user root 68.183.225.151 port 57790 [preauth]","@timestamp":"2022-09-18T23:44:25.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:46:16 honeypot-fra-1 sshd[30146]: Invalid user tty from 85.165.43.80 port 45800","@timestamp":"2022-09-18T23:46:16.597Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T23:47:45.483Z","@version":"1","message":"Sep 18 23:47:45 honeypot-sgp-1 sshd[31795]: Disconnected from invalid user dev 14.225.198.182 port 43010 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:47:50 honeypot-ams-1 sshd[6692]: Invalid user admin from 92.255.85.69 port 20408","@timestamp":"2022-09-18T23:47:51.326Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:49:51 honeypot-ams-1 sshd[6695]: Disconnected from invalid user user 45.61.184.204 port 38626 [preauth]","@timestamp":"2022-09-18T23:49:52.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:10 honeypot-ams-1 sshd[6699]: Disconnected from invalid user user 45.61.184.204 port 33164 [preauth]","@timestamp":"2022-09-18T23:50:11.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:28 honeypot-ams-1 sshd[6703]: Disconnected from invalid user user 45.61.184.204 port 55948 [preauth]","@timestamp":"2022-09-18T23:50:29.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:45 honeypot-ams-1 sshd[6707]: Disconnected from invalid user user 45.61.184.204 port 50488 [preauth]","@timestamp":"2022-09-18T23:50:45.412Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:51:40 honeypot-fra-1 kernel: [84419505.822316] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.43.54.41 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=58033 DF PROTO=TCP SPT=57056 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:51:40.719Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:56:45 honeypot-ams-1 sshd[6712]: Connection closed by invalid user zxd 103.188.176.251 port 48340 [preauth]","@timestamp":"2022-09-18T23:56:45.571Z"}
{"@timestamp":"2022-09-18T23:58:07.746Z","@version":"1","message":"Sep 18 23:58:07 honeypot-sgp-1 sshd[31801]: Received disconnect from 203.106.164.74 port 47486:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:58:58.768Z","@version":"1","message":"Sep 18 23:58:57 honeypot-sgp-1 sshd[31805]: Received disconnect from 68.183.92.26 port 40588:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:00:39 honeypot-fra-1 sshd[30179]: Connection closed by invalid user zxd 103.188.176.251 port 57690 [preauth]","@timestamp":"2022-09-19T00:00:40.920Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:02:53.860Z","@version":"1","message":"Sep 19 00:02:53 honeypot-sgp-1 sshd[31825]: Disconnected from authenticating user root 159.65.180.64 port 41912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:27.876Z","@version":"1","message":"Sep 19 00:03:27 honeypot-sgp-1 sshd[31832]: Invalid user admin from 128.199.225.7 port 50888","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:04:08.895Z","@version":"1","message":"Sep 19 00:04:08 honeypot-sgp-1 sshd[31836]: Disconnected from authenticating user root 46.101.157.187 port 43996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:04:57.918Z","@version":"1","message":"Sep 19 00:04:56 honeypot-sgp-1 sshd[31842]: Received disconnect from 164.92.159.65 port 46156:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:34.955Z","@version":"1","message":"Sep 19 00:05:33 honeypot-sgp-1 sshd[31846]: Received disconnect from 209.97.149.37 port 38140:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:59.965Z","@version":"1","message":"Sep 19 00:05:59 honeypot-sgp-1 sshd[31850]: Disconnected from invalid user cassiopeia 128.199.249.246 port 36036 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:14.997Z","@version":"1","message":"Sep 19 00:07:14 honeypot-sgp-1 sshd[31854]: Disconnected from invalid user qy 20.187.78.220 port 42062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:38.009Z","@version":"1","message":"Sep 19 00:07:37 honeypot-sgp-1 sshd[31860]: Invalid user allmighty from 20.197.3.90 port 55028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:08:01.020Z","@version":"1","message":"Sep 19 00:08:00 honeypot-sgp-1 sshd[31862]: Disconnected from invalid user hadoop 64.227.190.199 port 37014 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:08:14.026Z","@version":"1","message":"Sep 19 00:08:13 honeypot-sgp-1 sshd[31866]: Disconnected from invalid user hadoop 192.227.166.144 port 35366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:09:46.065Z","@version":"1","message":"Sep 19 00:09:45 honeypot-sgp-1 sshd[31873]: Received disconnect from 178.128.108.91 port 45322:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:11:15 honeypot-fra-1 kernel: [84420681.431342] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.247.244 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=56437 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:11:16.160Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T00:14:48.183Z","@version":"1","message":"Sep 19 00:14:48 honeypot-sgp-1 sshd[31880]: Invalid user admin from 165.232.158.22 port 43610","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:15:26.200Z","@version":"1","message":"Sep 19 00:15:25 honeypot-sgp-1 kernel: [84422627.886590] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=227 ID=61506 PROTO=TCP SPT=45603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:15:33 honeypot-ams-1 kernel: [84423113.086160] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=156.221.247.224 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=59579 PROTO=TCP SPT=54585 DPT=80 WINDOW=11742 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:15:34.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:16:14 honeypot-fra-1 sshd[30188]: Disconnected from invalid user liumy 165.22.45.108 port 36664 [preauth]","@timestamp":"2022-09-19T00:16:15.273Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:20:19.318Z","@version":"1","message":"Sep 19 00:20:18 honeypot-sgp-1 sshd[31890]: Disconnected from invalid user Administrator 92.255.85.70 port 50246 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:20:40 honeypot-ams-1 kernel: [84423419.730559] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=61763 PROTO=TCP SPT=5736 DPT=80 WINDOW=24104 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:20:41.234Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:27:54 honeypot-ams-1 sshd[6745]: error: maximum authentication attempts exceeded for invalid user admin from 180.33.111.29 port 60861 ssh2 [preauth]","@timestamp":"2022-09-19T00:27:55.430Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:33:18 honeypot-fra-1 sshd[30196]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-19T00:33:19.657Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:34:57.654Z","@version":"1","message":"Sep 19 00:34:57 honeypot-sgp-1 sshd[31902]: Invalid user pi from 79.84.154.45 port 53840","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:36:31 honeypot-fra-1 sshd[30199]: Received disconnect from 117.28.245.18 port 54612:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:36:31.733Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 00:41:51 honeypot-ams-1 kernel: [84424690.454482] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.188.59.165 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=49970 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:41:51.799Z"}
{"@timestamp":"2022-09-19T00:45:49.909Z","@version":"1","message":"Sep 19 00:45:48 honeypot-sgp-1 sshd[31909]: Received disconnect from 92.255.85.70 port 28490:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:53:36 honeypot-ams-1 sshd[6756]: Received disconnect from 92.255.85.69 port 48620:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:53:37.111Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:54:02 honeypot-fra-1 kernel: [84423247.647551] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.235.24.59 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x60 TTL=250 ID=54321 PROTO=TCP SPT=54011 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:54:02.122Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:55:44 honeypot-ams-1 sshd[6759]: Received disconnect from 45.126.184.170 port 39901:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:55:45.171Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:23 honeypot-ams-1 sshd[6765]: Did not receive identification string from 195.19.96.168 port 56742","@timestamp":"2022-09-19T01:00:24.295Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6772]: Invalid user es from 195.19.96.168 port 59074","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6775]: Connection closed by invalid user oracle 195.19.96.168 port 59142 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6771]: Invalid user bot from 195.19.96.168 port 59136","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6780]: Invalid user devops from 195.19.96.168 port 59070","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6777]: Connection closed by invalid user nexus 195.19.96.168 port 59076 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6771]: Connection closed by invalid user bot 195.19.96.168 port 59136 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6767]: Connection closed by invalid user steam 195.19.96.168 port 59108 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:25 honeypot-ams-1 sshd[6818]: Connection closed by invalid user testuser 195.19.96.168 port 59088 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:01:43 honeypot-ams-1 sshd[6826]: Bad protocol version identification '\\272\\253d\\241EZC\\333M\\207\\356^\\375\\277\\0259 X\\324>\\022\\230\\304<\\340\\023\\317' from 172.105.89.161 port 39061","@timestamp":"2022-09-19T01:01:44.334Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:07:30 honeypot-fra-1 sshd[30212]: Invalid user ftp from 193.106.191.157 port 42792","@timestamp":"2022-09-19T01:07:31.425Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T01:07:37.414Z","@version":"1","message":"Sep 19 01:07:37 honeypot-sgp-1 sshd[31913]: Received disconnect from 144.24.72.43 port 43150:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:13:52.558Z","@version":"1","message":"Sep 19 01:13:52 honeypot-sgp-1 sshd[31918]: Received disconnect from 96.84.149.98 port 45440:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:17:01.633Z","@version":"1","message":"Sep 19 01:17:01 honeypot-sgp-1 CRON[31922]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:17:01 honeypot-fra-1 CRON[30215]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T01:17:02.637Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:17:28 honeypot-ams-1 sshd[6833]: Invalid user wk from 128.199.57.142 port 53750","@timestamp":"2022-09-19T01:17:28.748Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:20:09 honeypot-ams-1 sshd[6837]: Invalid user ftp from 193.106.191.157 port 37960","@timestamp":"2022-09-19T01:20:09.836Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:22:48 honeypot-fra-1 kernel: [84424974.083928] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.63.151.100 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=443 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:22:48.806Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:24:46 honeypot-ams-1 sshd[6840]: Disconnected from invalid user usuario 92.255.85.69 port 23450 [preauth]","@timestamp":"2022-09-19T01:24:46.963Z"}
{"@timestamp":"2022-09-19T01:26:45.889Z","@version":"1","message":"Sep 19 01:26:45 honeypot-sgp-1 kernel: [84426907.565628] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48767 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 01:38:17 honeypot-ams-1 kernel: [84428076.590189] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.159.103.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=28038 PROTO=TCP SPT=16568 DPT=80 WINDOW=37232 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:38:17.319Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:42:12 honeypot-fra-1 kernel: [84426138.173456] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=162.244.33.16 DST=165.22.82.222 LEN=40 TOS=0x08 PREC=0x00 TTL=242 ID=37487 PROTO=TCP SPT=46674 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:42:13.236Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:46:00 honeypot-fra-1 sshd[30670]: Received disconnect from 92.255.85.70 port 29930:11: Bye Bye [preauth]","@timestamp":"2022-09-19T01:46:00.325Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T01:48:36.401Z","@version":"1","message":"Sep 19 01:48:35 honeypot-sgp-1 kernel: [84428217.911117] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.233.155 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=80 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:53:16.513Z","@version":"1","message":"Sep 19 01:53:16 honeypot-sgp-1 sshd[32376]: Invalid user Administrator from 92.255.85.70 port 63298","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:53:23 honeypot-ams-1 sshd[6850]: Disconnected from invalid user Administrator 92.255.85.69 port 32360 [preauth]","@timestamp":"2022-09-19T01:53:23.714Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:55:37 honeypot-fra-1 sshd[30673]: Received disconnect from 165.22.45.108 port 42432:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T01:55:37.541Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T01:59:40.667Z","@version":"1","message":"Sep 19 01:59:40 honeypot-sgp-1 sshd[32383]: Invalid user admin from 157.230.234.93 port 39446","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:49 honeypot-fra-1 sshd[30683]: Connection closed by authenticating user root 103.241.181.174 port 46774 [preauth]","@timestamp":"2022-09-19T02:03:49.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:55 honeypot-fra-1 sshd[30695]: Connection closed by authenticating user root 103.241.181.174 port 47830 [preauth]","@timestamp":"2022-09-19T02:03:55.731Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:01 honeypot-fra-1 sshd[30707]: Connection closed by authenticating user root 103.241.181.174 port 48896 [preauth]","@timestamp":"2022-09-19T02:04:01.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:07 honeypot-fra-1 sshd[30719]: Connection closed by authenticating user root 103.241.181.174 port 49938 [preauth]","@timestamp":"2022-09-19T02:04:07.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:13 honeypot-fra-1 sshd[30731]: Connection closed by authenticating user root 103.241.181.174 port 51010 [preauth]","@timestamp":"2022-09-19T02:04:13.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:19 honeypot-fra-1 sshd[30743]: Connection closed by authenticating user root 103.241.181.174 port 52072 [preauth]","@timestamp":"2022-09-19T02:04:20.747Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:26 honeypot-fra-1 sshd[30758]: Connection closed by authenticating user root 103.241.181.174 port 53136 [preauth]","@timestamp":"2022-09-19T02:04:26.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:31 honeypot-fra-1 sshd[30768]: Connection closed by authenticating user root 103.241.181.174 port 53974 [preauth]","@timestamp":"2022-09-19T02:04:31.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:36 honeypot-fra-1 sshd[30780]: Connection closed by authenticating user root 103.241.181.174 port 54986 [preauth]","@timestamp":"2022-09-19T02:04:37.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:42 honeypot-fra-1 sshd[30792]: Connection closed by authenticating user root 103.241.181.174 port 56080 [preauth]","@timestamp":"2022-09-19T02:04:43.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:48 honeypot-fra-1 sshd[30804]: Connection closed by authenticating user root 103.241.181.174 port 57090 [preauth]","@timestamp":"2022-09-19T02:04:49.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:54 honeypot-fra-1 sshd[30816]: Connection closed by authenticating user root 103.241.181.174 port 58114 [preauth]","@timestamp":"2022-09-19T02:04:54.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:01 honeypot-fra-1 sshd[30829]: Connection closed by authenticating user root 103.241.181.174 port 59122 [preauth]","@timestamp":"2022-09-19T02:05:01.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:07 honeypot-fra-1 sshd[30841]: Connection closed by authenticating user root 103.241.181.174 port 60182 [preauth]","@timestamp":"2022-09-19T02:05:07.778Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:11 honeypot-fra-1 sshd[30849]: Invalid user user from 103.241.181.174 port 32776","@timestamp":"2022-09-19T02:05:11.780Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:14 honeypot-fra-1 sshd[30855]: Invalid user user from 103.241.181.174 port 33316","@timestamp":"2022-09-19T02:05:14.782Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:17 honeypot-fra-1 sshd[30861]: Invalid user user from 103.241.181.174 port 33846","@timestamp":"2022-09-19T02:05:17.785Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:20 honeypot-fra-1 sshd[30867]: Invalid user user from 103.241.181.174 port 34356","@timestamp":"2022-09-19T02:05:20.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:23 honeypot-fra-1 sshd[30873]: Invalid user user from 103.241.181.174 port 34910","@timestamp":"2022-09-19T02:05:24.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:26 honeypot-fra-1 sshd[30879]: Invalid user user from 103.241.181.174 port 35386","@timestamp":"2022-09-19T02:05:26.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:29 honeypot-fra-1 sshd[30885]: Invalid user user from 103.241.181.174 port 35886","@timestamp":"2022-09-19T02:05:29.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:32 honeypot-fra-1 sshd[30891]: Invalid user user from 103.241.181.174 port 36450","@timestamp":"2022-09-19T02:05:32.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:35 honeypot-fra-1 sshd[30897]: Invalid user user from 103.241.181.174 port 36982","@timestamp":"2022-09-19T02:05:35.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:38 honeypot-fra-1 sshd[30903]: Invalid user user from 103.241.181.174 port 37480","@timestamp":"2022-09-19T02:05:38.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:41 honeypot-fra-1 sshd[30909]: Invalid user user from 103.241.181.174 port 38026","@timestamp":"2022-09-19T02:05:42.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:44 honeypot-fra-1 sshd[30915]: Invalid user user from 103.241.181.174 port 38544","@timestamp":"2022-09-19T02:05:44.803Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:47 honeypot-fra-1 sshd[30921]: Invalid user user from 103.241.181.174 port 39048","@timestamp":"2022-09-19T02:05:47.805Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:50 honeypot-fra-1 sshd[30927]: Invalid user user from 103.241.181.174 port 39540","@timestamp":"2022-09-19T02:05:50.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:53 honeypot-fra-1 sshd[30933]: Invalid user user from 103.241.181.174 port 40092","@timestamp":"2022-09-19T02:05:53.809Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:56 honeypot-fra-1 sshd[30939]: Invalid user user from 103.241.181.174 port 40594","@timestamp":"2022-09-19T02:05:56.811Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:59 honeypot-fra-1 sshd[30945]: Invalid user user from 103.241.181.174 port 41102","@timestamp":"2022-09-19T02:05:59.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:02 honeypot-fra-1 sshd[30951]: Invalid user user from 103.241.181.174 port 41686","@timestamp":"2022-09-19T02:06:02.815Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:06 honeypot-fra-1 sshd[30957]: Invalid user user from 103.241.181.174 port 42268","@timestamp":"2022-09-19T02:06:06.817Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:09 honeypot-fra-1 sshd[30963]: Invalid user user from 103.241.181.174 port 42826","@timestamp":"2022-09-19T02:06:09.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:12 honeypot-fra-1 sshd[30969]: Invalid user user from 103.241.181.174 port 43392","@timestamp":"2022-09-19T02:06:12.821Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:15 honeypot-fra-1 sshd[30975]: Invalid user user from 103.241.181.174 port 43910","@timestamp":"2022-09-19T02:06:15.823Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:18 honeypot-fra-1 sshd[30981]: Invalid user user from 103.241.181.174 port 44464","@timestamp":"2022-09-19T02:06:19.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:22 honeypot-fra-1 sshd[30987]: Invalid user user from 103.241.181.174 port 45006","@timestamp":"2022-09-19T02:06:22.828Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:25 honeypot-fra-1 sshd[30993]: Invalid user user from 103.241.181.174 port 45484","@timestamp":"2022-09-19T02:06:25.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:28 honeypot-fra-1 sshd[30999]: Invalid user user from 103.241.181.174 port 46050","@timestamp":"2022-09-19T02:06:28.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:31 honeypot-fra-1 sshd[31005]: Invalid user user from 103.241.181.174 port 46560","@timestamp":"2022-09-19T02:06:31.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:34 honeypot-fra-1 sshd[31011]: Invalid user ubuntu from 103.241.181.174 port 47202","@timestamp":"2022-09-19T02:06:34.837Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:37 honeypot-fra-1 sshd[31017]: Invalid user ubuntu from 103.241.181.174 port 47634","@timestamp":"2022-09-19T02:06:37.839Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:40 honeypot-fra-1 sshd[31023]: Invalid user ubuntu from 103.241.181.174 port 48152","@timestamp":"2022-09-19T02:06:40.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:43 honeypot-fra-1 sshd[31029]: Invalid user ubuntu from 103.241.181.174 port 48684","@timestamp":"2022-09-19T02:06:43.843Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:46 honeypot-fra-1 sshd[31035]: Invalid user ubuntu from 103.241.181.174 port 49258","@timestamp":"2022-09-19T02:06:46.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:49 honeypot-fra-1 sshd[31041]: Invalid user ubuntu from 103.241.181.174 port 49692","@timestamp":"2022-09-19T02:06:49.847Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:52 honeypot-fra-1 sshd[31047]: Invalid user ubuntu from 103.241.181.174 port 50264","@timestamp":"2022-09-19T02:06:52.849Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:55 honeypot-fra-1 sshd[31053]: Invalid user ubuntu from 103.241.181.174 port 50762","@timestamp":"2022-09-19T02:06:55.851Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:58 honeypot-fra-1 sshd[31059]: Invalid user ubuntu from 103.241.181.174 port 51300","@timestamp":"2022-09-19T02:06:58.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:01 honeypot-fra-1 sshd[31065]: Invalid user ubuntu from 103.241.181.174 port 51798","@timestamp":"2022-09-19T02:07:01.855Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:04 honeypot-fra-1 sshd[31071]: Invalid user ubuntu from 103.241.181.174 port 52390","@timestamp":"2022-09-19T02:07:04.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:08 honeypot-fra-1 sshd[31077]: Invalid user ubuntu from 103.241.181.174 port 52974","@timestamp":"2022-09-19T02:07:08.860Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:10 honeypot-fra-1 sshd[31083]: Invalid user ubuntu from 103.241.181.174 port 53458","@timestamp":"2022-09-19T02:07:11.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:14 honeypot-fra-1 sshd[31089]: Invalid user ubuntu from 103.241.181.174 port 54016","@timestamp":"2022-09-19T02:07:14.864Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:17 honeypot-fra-1 sshd[31095]: Invalid user ubuntu from 103.241.181.174 port 54700","@timestamp":"2022-09-19T02:07:17.866Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:20 honeypot-fra-1 sshd[31103]: Invalid user ubuntu from 103.241.181.174 port 55354","@timestamp":"2022-09-19T02:07:20.869Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:23 honeypot-fra-1 sshd[31109]: Invalid user ubuntu from 103.241.181.174 port 55994","@timestamp":"2022-09-19T02:07:23.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:26 honeypot-fra-1 sshd[31115]: Invalid user ubuntu from 103.241.181.174 port 56690","@timestamp":"2022-09-19T02:07:26.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:28 honeypot-fra-1 sshd[31119]: Connection closed by invalid user ubuntu 103.241.181.174 port 57174 [preauth]","@timestamp":"2022-09-19T02:07:28.874Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:31 honeypot-fra-1 sshd[31125]: Connection closed by invalid user ubuntu 103.241.181.174 port 57814 [preauth]","@timestamp":"2022-09-19T02:07:32.877Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:35 honeypot-fra-1 sshd[31131]: Connection closed by invalid user ubuntu 103.241.181.174 port 58532 [preauth]","@timestamp":"2022-09-19T02:07:35.879Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:38 honeypot-fra-1 sshd[31137]: Connection closed by invalid user ubuntu 103.241.181.174 port 59190 [preauth]","@timestamp":"2022-09-19T02:07:38.881Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:41 honeypot-fra-1 sshd[31143]: Connection closed by invalid user ubuntu 103.241.181.174 port 59780 [preauth]","@timestamp":"2022-09-19T02:07:41.883Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:44 honeypot-fra-1 sshd[31149]: Connection closed by invalid user ubuntu 103.241.181.174 port 60354 [preauth]","@timestamp":"2022-09-19T02:07:44.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:47 honeypot-fra-1 sshd[31155]: Connection closed by invalid user ubuntu 103.241.181.174 port 60892 [preauth]","@timestamp":"2022-09-19T02:07:47.887Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:50 honeypot-fra-1 sshd[31161]: Connection closed by invalid user ubuntu 103.241.181.174 port 33180 [preauth]","@timestamp":"2022-09-19T02:07:50.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:53 honeypot-fra-1 sshd[31167]: Connection closed by invalid user ubuntu 103.241.181.174 port 33728 [preauth]","@timestamp":"2022-09-19T02:07:53.891Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:56 honeypot-fra-1 sshd[31173]: Connection closed by invalid user ubuntu 103.241.181.174 port 34318 [preauth]","@timestamp":"2022-09-19T02:07:56.893Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:59 honeypot-fra-1 sshd[31179]: Connection closed by invalid user debian 103.241.181.174 port 34878 [preauth]","@timestamp":"2022-09-19T02:07:59.895Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:03 honeypot-fra-1 sshd[31185]: Connection closed by invalid user debian 103.241.181.174 port 35430 [preauth]","@timestamp":"2022-09-19T02:08:03.898Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:06 honeypot-fra-1 sshd[31191]: Connection closed by invalid user debian 103.241.181.174 port 36044 [preauth]","@timestamp":"2022-09-19T02:08:06.900Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:09 honeypot-fra-1 sshd[31197]: Connection closed by invalid user debian 103.241.181.174 port 36616 [preauth]","@timestamp":"2022-09-19T02:08:09.901Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:12 honeypot-fra-1 sshd[31203]: Connection closed by invalid user debian 103.241.181.174 port 37182 [preauth]","@timestamp":"2022-09-19T02:08:12.903Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:16 honeypot-fra-1 sshd[31209]: Connection closed by invalid user debian 103.241.181.174 port 37798 [preauth]","@timestamp":"2022-09-19T02:08:16.905Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:19 honeypot-fra-1 sshd[31215]: Connection closed by invalid user debian 103.241.181.174 port 38378 [preauth]","@timestamp":"2022-09-19T02:08:19.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:21 honeypot-fra-1 sshd[31221]: Connection closed by invalid user debian 103.241.181.174 port 38910 [preauth]","@timestamp":"2022-09-19T02:08:22.910Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:25 honeypot-fra-1 sshd[31227]: Connection closed by invalid user debian 103.241.181.174 port 39478 [preauth]","@timestamp":"2022-09-19T02:08:25.912Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:28 honeypot-fra-1 sshd[31233]: Connection closed by invalid user debian 103.241.181.174 port 40130 [preauth]","@timestamp":"2022-09-19T02:08:28.914Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:31 honeypot-fra-1 sshd[31239]: Connection closed by invalid user debian 103.241.181.174 port 40730 [preauth]","@timestamp":"2022-09-19T02:08:31.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:34 honeypot-fra-1 sshd[31246]: Connection closed by invalid user debian 103.241.181.174 port 41266 [preauth]","@timestamp":"2022-09-19T02:08:34.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:38 honeypot-fra-1 sshd[31252]: Connection closed by invalid user debian 103.241.181.174 port 41896 [preauth]","@timestamp":"2022-09-19T02:08:38.920Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:41 honeypot-fra-1 sshd[31258]: Connection closed by invalid user debian 103.241.181.174 port 42440 [preauth]","@timestamp":"2022-09-19T02:08:41.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:44 honeypot-fra-1 sshd[31264]: Connection closed by invalid user debian 103.241.181.174 port 43006 [preauth]","@timestamp":"2022-09-19T02:08:44.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:47 honeypot-fra-1 sshd[31270]: Connection closed by invalid user debian 103.241.181.174 port 43550 [preauth]","@timestamp":"2022-09-19T02:08:47.927Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:50 honeypot-fra-1 sshd[31276]: Connection closed by invalid user debian 103.241.181.174 port 44128 [preauth]","@timestamp":"2022-09-19T02:08:50.929Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:53 honeypot-fra-1 sshd[31282]: Connection closed by invalid user debian 103.241.181.174 port 44698 [preauth]","@timestamp":"2022-09-19T02:08:53.931Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:56 honeypot-fra-1 sshd[31288]: Connection closed by invalid user debian 103.241.181.174 port 45276 [preauth]","@timestamp":"2022-09-19T02:08:56.933Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:59 honeypot-fra-1 sshd[31294]: Connection closed by invalid user debian 103.241.181.174 port 45776 [preauth]","@timestamp":"2022-09-19T02:08:59.934Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:03 honeypot-fra-1 sshd[31300]: Connection closed by invalid user debian 103.241.181.174 port 46420 [preauth]","@timestamp":"2022-09-19T02:09:03.938Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:06 honeypot-fra-1 sshd[31306]: Connection closed by invalid user debian 103.241.181.174 port 47004 [preauth]","@timestamp":"2022-09-19T02:09:06.940Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:09 honeypot-fra-1 sshd[31312]: Connection closed by invalid user debian 103.241.181.174 port 47590 [preauth]","@timestamp":"2022-09-19T02:09:09.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:12 honeypot-fra-1 sshd[31318]: Connection closed by invalid user debian 103.241.181.174 port 48162 [preauth]","@timestamp":"2022-09-19T02:09:12.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:16 honeypot-fra-1 sshd[31324]: Connection closed by invalid user debian 103.241.181.174 port 48760 [preauth]","@timestamp":"2022-09-19T02:09:16.946Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:19 honeypot-fra-1 sshd[31330]: Connection closed by invalid user debian 103.241.181.174 port 49302 [preauth]","@timestamp":"2022-09-19T02:09:19.949Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:22 honeypot-fra-1 sshd[31336]: Connection closed by invalid user debian 103.241.181.174 port 49918 [preauth]","@timestamp":"2022-09-19T02:09:22.950Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:25 honeypot-fra-1 sshd[31342]: Connection closed by invalid user admin 103.241.181.174 port 50514 [preauth]","@timestamp":"2022-09-19T02:09:26.953Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:29 honeypot-fra-1 sshd[31348]: Connection closed by invalid user admin 103.241.181.174 port 51050 [preauth]","@timestamp":"2022-09-19T02:09:29.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:31 honeypot-fra-1 sshd[31354]: Connection closed by invalid user admin 103.241.181.174 port 51416 [preauth]","@timestamp":"2022-09-19T02:09:31.956Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:33 honeypot-fra-1 sshd[31360]: Connection closed by invalid user admin 103.241.181.174 port 51926 [preauth]","@timestamp":"2022-09-19T02:09:33.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:37 honeypot-fra-1 sshd[31366]: Connection closed by invalid user admin 103.241.181.174 port 52452 [preauth]","@timestamp":"2022-09-19T02:09:37.960Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:40 honeypot-fra-1 sshd[31372]: Connection closed by invalid user admin 103.241.181.174 port 53004 [preauth]","@timestamp":"2022-09-19T02:09:40.962Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:43 honeypot-fra-1 sshd[31378]: Connection closed by invalid user admin 103.241.181.174 port 53598 [preauth]","@timestamp":"2022-09-19T02:09:43.964Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:46 honeypot-fra-1 sshd[31384]: Connection closed by invalid user admin 103.241.181.174 port 54168 [preauth]","@timestamp":"2022-09-19T02:09:46.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:49 honeypot-fra-1 sshd[31390]: Connection closed by invalid user admin 103.241.181.174 port 54678 [preauth]","@timestamp":"2022-09-19T02:09:49.969Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:51 honeypot-fra-1 sshd[31394]: Invalid user admin from 103.241.181.174 port 55032","@timestamp":"2022-09-19T02:09:51.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:55 honeypot-fra-1 sshd[31402]: Invalid user admin from 103.241.181.174 port 55586","@timestamp":"2022-09-19T02:09:55.973Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:58 honeypot-fra-1 sshd[31408]: Invalid user admin from 103.241.181.174 port 56166","@timestamp":"2022-09-19T02:09:58.975Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:01 honeypot-fra-1 sshd[31415]: Invalid user admin from 103.241.181.174 port 56814","@timestamp":"2022-09-19T02:10:01.976Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:04 honeypot-fra-1 sshd[31421]: Invalid user admin from 103.241.181.174 port 57408","@timestamp":"2022-09-19T02:10:04.979Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:07 honeypot-fra-1 sshd[31427]: Invalid user admin from 103.241.181.174 port 58084","@timestamp":"2022-09-19T02:10:07.981Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:10 honeypot-fra-1 sshd[31433]: Invalid user admin from 103.241.181.174 port 58764","@timestamp":"2022-09-19T02:10:10.983Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:13 honeypot-fra-1 sshd[31441]: Invalid user admin from 103.241.181.174 port 59428","@timestamp":"2022-09-19T02:10:13.984Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:15 honeypot-fra-1 sshd[31443]: Connection closed by invalid user admin 103.241.181.174 port 59660 [preauth]","@timestamp":"2022-09-19T02:10:15.986Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:18 honeypot-fra-1 sshd[31449]: Connection closed by invalid user admin 103.241.181.174 port 60406 [preauth]","@timestamp":"2022-09-19T02:10:18.988Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:21 honeypot-fra-1 sshd[31455]: Connection closed by invalid user admin 103.241.181.174 port 32834 [preauth]","@timestamp":"2022-09-19T02:10:21.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:24 honeypot-fra-1 sshd[31461]: Connection closed by invalid user admin 103.241.181.174 port 33364 [preauth]","@timestamp":"2022-09-19T02:10:24.992Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:28 honeypot-fra-1 sshd[31467]: Connection closed by invalid user admin 103.241.181.174 port 33968 [preauth]","@timestamp":"2022-09-19T02:10:28.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:31 honeypot-fra-1 sshd[31473]: Connection closed by invalid user admin 103.241.181.174 port 34502 [preauth]","@timestamp":"2022-09-19T02:10:31.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:34 honeypot-fra-1 sshd[31479]: Connection closed by invalid user admin 103.241.181.174 port 35064 [preauth]","@timestamp":"2022-09-19T02:10:35.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:37 honeypot-fra-1 sshd[31485]: Connection closed by invalid user admin 103.241.181.174 port 35620 [preauth]","@timestamp":"2022-09-19T02:10:38.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:40 honeypot-fra-1 sshd[31491]: Connection closed by invalid user admin 103.241.181.174 port 36160 [preauth]","@timestamp":"2022-09-19T02:10:41.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:43 honeypot-fra-1 sshd[31497]: Connection closed by invalid user admin 103.241.181.174 port 36642 [preauth]","@timestamp":"2022-09-19T02:10:44.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:46 honeypot-fra-1 sshd[31503]: Connection closed by invalid user admin 103.241.181.174 port 37184 [preauth]","@timestamp":"2022-09-19T02:10:47.008Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:49 honeypot-fra-1 sshd[31509]: Connection closed by invalid user admin 103.241.181.174 port 37702 [preauth]","@timestamp":"2022-09-19T02:10:50.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:11:08 honeypot-fra-1 sshd[31515]: Disconnected from authenticating user root 59.19.54.171 port 33220 [preauth]","@timestamp":"2022-09-19T02:11:09.019Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:15:24.051Z","@version":"1","message":"Sep 19 02:15:23 honeypot-sgp-1 kernel: [84429825.456537] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=36664 DF PROTO=TCP SPT=2491 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:16:56.093Z","@version":"1","message":"Sep 19 02:16:55 honeypot-sgp-1 sshd[32391]: Invalid user postgres from 92.255.85.69 port 46116","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:01 honeypot-ams-1 CRON[6857]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T02:17:02.336Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:45 honeypot-ams-1 sshd[6861]: Disconnected from invalid user user 45.61.184.204 port 54198 [preauth]","@timestamp":"2022-09-19T02:17:46.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:04 honeypot-ams-1 sshd[6865]: Disconnected from invalid user user 45.61.184.204 port 48398 [preauth]","@timestamp":"2022-09-19T02:18:05.371Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:21 honeypot-ams-1 sshd[6869]: Disconnected from invalid user user 45.61.184.204 port 42658 [preauth]","@timestamp":"2022-09-19T02:18:22.381Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:39 honeypot-ams-1 sshd[6873]: Disconnected from invalid user user 45.61.184.204 port 36912 [preauth]","@timestamp":"2022-09-19T02:18:40.390Z"}
{"@timestamp":"2022-09-19T02:19:56.169Z","@version":"1","message":"Sep 19 02:19:55 honeypot-sgp-1 sshd[32396]: Did not receive identification string from 45.61.184.204 port 37364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:20:38.189Z","@version":"1","message":"Sep 19 02:20:37 honeypot-sgp-1 sshd[32400]: Disconnected from invalid user user 45.61.184.204 port 43278 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:20:58.198Z","@version":"1","message":"Sep 19 02:20:57 honeypot-sgp-1 sshd[32404]: Disconnected from invalid user user 45.61.184.204 port 38428 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:16.208Z","@version":"1","message":"Sep 19 02:21:15 honeypot-sgp-1 sshd[32408]: Disconnected from invalid user user 45.61.184.204 port 33582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:08 honeypot-fra-1 sshd[31523]: Invalid user sd from 141.98.10.158 port 43872","@timestamp":"2022-09-19T02:23:09.292Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:31 honeypot-fra-1 sshd[31527]: Received disconnect from 45.61.184.204 port 43372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:23:31.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:50 honeypot-fra-1 sshd[31531]: Received disconnect from 45.61.184.204 port 38560:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:23:51.312Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:09 honeypot-fra-1 sshd[31535]: Received disconnect from 45.61.184.204 port 33756:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T02:24:10.322Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:26 honeypot-fra-1 sshd[31539]: Invalid user columb from 104.248.1.96 port 55698","@timestamp":"2022-09-19T02:24:27.330Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:27:40.367Z","@version":"1","message":"Sep 19 02:27:40 honeypot-sgp-1 sshd[32415]: Invalid user ine from 187.86.132.252 port 48750","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:29:18 honeypot-ams-1 sshd[6878]: Connection closed by invalid user hunter 179.60.147.69 port 39374 [preauth]","@timestamp":"2022-09-19T02:29:18.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:30:57 honeypot-fra-1 kernel: [84429063.394781] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=46649 PROTO=TCP SPT=54606 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:30:58.477Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T02:31:18.461Z","@version":"1","message":"Sep 19 02:31:17 honeypot-sgp-1 sshd[32419]: Invalid user jbandox from 52.151.65.193 port 44986","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:34:43 honeypot-ams-1 sshd[6885]: Invalid user eileen from 203.223.191.206 port 53436","@timestamp":"2022-09-19T02:34:43.809Z"}
{"@timestamp":"2022-09-19T02:35:28.568Z","@version":"1","message":"Sep 19 02:35:28 honeypot-sgp-1 sshd[32424]: Disconnecting invalid user admin 185.246.130.20 port 18567: Change of username or service not allowed: (admin,ssh-connection) -> (cameras,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:35:52.582Z","@version":"1","message":"Sep 19 02:35:52 honeypot-sgp-1 sshd[32430]: Disconnecting invalid user admin 185.246.130.20 port 56195: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:16.594Z","@version":"1","message":"Sep 19 02:36:15 honeypot-sgp-1 sshd[32436]: Disconnecting invalid user aerohive 185.246.130.20 port 42681: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:46.610Z","@version":"1","message":"Sep 19 02:36:46 honeypot-sgp-1 sshd[32442]: Disconnecting invalid user private 185.246.130.20 port 33153: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:22.629Z","@version":"1","message":"Sep 19 02:37:21 honeypot-sgp-1 sshd[32450]: Invalid user araknis from 185.246.130.20 port 44793","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:44.640Z","@version":"1","message":"Sep 19 02:37:44 honeypot-sgp-1 sshd[32456]: Disconnecting authenticating user root 185.246.130.20 port 8958: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:10.654Z","@version":"1","message":"Sep 19 02:38:10 honeypot-sgp-1 sshd[32462]: Disconnecting invalid user admin 185.246.130.20 port 41018: Change of username or service not allowed: (admin,ssh-connection) -> (guest,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:38.669Z","@version":"1","message":"Sep 19 02:38:37 honeypot-sgp-1 sshd[32470]: Invalid user  from 185.246.130.20 port 61031","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:51.676Z","@version":"1","message":"Sep 19 02:38:50 honeypot-sgp-1 sshd[32474]: Disconnecting invalid user Cisco 185.246.130.20 port 38592: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:18.691Z","@version":"1","message":"Sep 19 02:39:17 honeypot-sgp-1 sshd[32480]: Disconnecting invalid user 1234 185.246.130.20 port 25882: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:44.704Z","@version":"1","message":"Sep 19 02:39:43 honeypot-sgp-1 sshd[32488]: Invalid user adslroot from 185.246.130.20 port 50063","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:05.717Z","@version":"1","message":"Sep 19 02:40:05 honeypot-sgp-1 sshd[32494]: Invalid user blank from 185.246.130.20 port 27597","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:23.727Z","@version":"1","message":"Sep 19 02:40:23 honeypot-sgp-1 sshd[32501]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 18048","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:58.745Z","@version":"1","message":"Sep 19 02:40:58 honeypot-sgp-1 sshd[32508]: Invalid user c1@r0 from 185.246.130.20 port 19621","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:24.759Z","@version":"1","message":"Sep 19 02:41:24 honeypot-sgp-1 sshd[32514]: Invalid user superonline from 185.246.130.20 port 64015","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:41:43 honeypot-ams-1 sshd[6888]: Disconnected from invalid user kdn 80.19.204.177 port 48624 [preauth]","@timestamp":"2022-09-19T02:41:43.999Z"}
{"@timestamp":"2022-09-19T02:41:45.770Z","@version":"1","message":"Sep 19 02:41:44 honeypot-sgp-1 sshd[32520]: Invalid user Admin from 185.246.130.20 port 28968","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:04.781Z","@version":"1","message":"Sep 19 02:42:04 honeypot-sgp-1 sshd[32526]: Invalid user  from 185.246.130.20 port 34018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:23.791Z","@version":"1","message":"Sep 19 02:42:23 honeypot-sgp-1 sshd[32532]: Invalid user  from 185.246.130.20 port 12161","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:42:28 honeypot-fra-1 kernel: [84429753.530536] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=13269 PROTO=TCP SPT=41500 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:42:28.737Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T02:42:34.797Z","@version":"1","message":"Sep 19 02:42:34 honeypot-sgp-1 sshd[32538]: Invalid user motorola from 185.246.130.20 port 29345","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:02.812Z","@version":"1","message":"Sep 19 02:43:02 honeypot-sgp-1 sshd[32544]: Disconnecting authenticating user root 185.246.130.20 port 19555: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:25.823Z","@version":"1","message":"Sep 19 02:43:24 honeypot-sgp-1 sshd[32550]: Disconnecting invalid user 0 185.246.130.20 port 40859: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:44.833Z","@version":"1","message":"Sep 19 02:43:44 honeypot-sgp-1 sshd[32556]: Disconnecting invalid user admin 185.246.130.20 port 30404: Change of username or service not allowed: (admin,ssh-connection) -> (Shiko,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:05.845Z","@version":"1","message":"Sep 19 02:44:05 honeypot-sgp-1 sshd[32562]: Disconnecting invalid user Broadcom 185.246.130.20 port 42678: Change of username or service not allowed: (Broadcom,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:21.854Z","@version":"1","message":"Sep 19 02:44:21 honeypot-sgp-1 sshd[32568]: Disconnecting invalid user cusadmin 185.246.130.20 port 56299: Change of username or service not allowed: (cusadmin,ssh-connection) -> (highspeed,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:44:28 honeypot-ams-1 sshd[6892]: Disconnected from authenticating user root 92.255.85.69 port 53798 [preauth]","@timestamp":"2022-09-19T02:44:29.076Z"}
{"@timestamp":"2022-09-19T02:44:35.862Z","@version":"1","message":"Sep 19 02:44:35 honeypot-sgp-1 sshd[32574]: Disconnecting invalid user sweex 185.246.130.20 port 42862: Change of username or service not allowed: (sweex,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:56.872Z","@version":"1","message":"Sep 19 02:44:56 honeypot-sgp-1 sshd[32580]: Disconnecting invalid user  185.246.130.20 port 13040: Change of username or service not allowed: (,ssh-connection) -> (public,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:12.881Z","@version":"1","message":"Sep 19 02:45:12 honeypot-sgp-1 sshd[32586]: Disconnecting invalid user ubnt 185.246.130.20 port 55036: Change of username or service not allowed: (ubnt,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:37.895Z","@version":"1","message":"Sep 19 02:45:37 honeypot-sgp-1 sshd[32594]: Disconnecting invalid user user 185.246.130.20 port 11979: Change of username or service not allowed: (user,ssh-connection) -> (amdin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:59.907Z","@version":"1","message":"Sep 19 02:45:59 honeypot-sgp-1 sshd[32600]: Disconnecting invalid user Admin 185.246.130.20 port 30812: Change of username or service not allowed: (Admin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:15.916Z","@version":"1","message":"Sep 19 02:46:15 honeypot-sgp-1 sshd[32606]: Disconnecting invalid user 0 185.246.130.20 port 45747: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:30.924Z","@version":"1","message":"Sep 19 02:46:30 honeypot-sgp-1 sshd[32612]: Disconnecting invalid user admin 185.246.130.20 port 29740: Change of username or service not allowed: (admin,ssh-connection) -> (1admin0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:47:45.959Z","@version":"1","message":"Sep 19 02:47:45 honeypot-sgp-1 kernel: [84431767.975219] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=175.107.203.41 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=11136 DF PROTO=TCP SPT=37079 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:54:49.138Z","@version":"1","message":"Sep 19 02:54:48 honeypot-sgp-1 kernel: [84432190.415354] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.91.116.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=59709 DF PROTO=TCP SPT=39841 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:57:21 honeypot-ams-1 sshd[6898]: Received disconnect from 128.199.208.187 port 42002:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:57:21.411Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:02:12 honeypot-ams-1 sshd[6903]: Invalid user asonar from 128.199.162.67 port 40596","@timestamp":"2022-09-19T03:02:13.540Z"}
{"@timestamp":"2022-09-19T03:03:34.364Z","@version":"1","message":"Sep 19 03:03:33 honeypot-sgp-1 sshd[32626]: Disconnected from authenticating user root 139.59.226.220 port 54242 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:05:01 honeypot-ams-1 kernel: [84433280.549104] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.233.190.151 DST=178.62.254.91 LEN=40 TOS=0x08 PREC=0x00 TTL=47 ID=39963 PROTO=TCP SPT=51192 DPT=443 WINDOW=3368 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:05:01.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:05:27 honeypot-fra-1 sshd[31557]: Invalid user ubnt from 92.255.85.70 port 58846","@timestamp":"2022-09-19T03:05:28.251Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:06:46 honeypot-ams-1 sshd[6910]: Invalid user joeflores from 103.136.40.93 port 53614","@timestamp":"2022-09-19T03:06:46.666Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:06:53 honeypot-fra-1 sshd[31561]: Received disconnect from 159.89.40.119 port 36328:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:06:54.287Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:07:36.466Z","@version":"1","message":"Sep 19 03:07:35 honeypot-sgp-1 kernel: [84432957.593235] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=3763 PROTO=TCP SPT=56842 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:07:43 honeypot-ams-1 kernel: [84433442.970591] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.80.189.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=60488 PROTO=TCP SPT=56842 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:07:44.697Z"}
{"@timestamp":"2022-09-19T03:10:13.535Z","@version":"1","message":"Sep 19 03:10:12 honeypot-sgp-1 kernel: [84433114.851713] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.68.74 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=27812 PROTO=TCP SPT=57002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:13:24 honeypot-ams-1 sshd[6916]: Disconnected from invalid user ubnt 92.255.85.70 port 26348 [preauth]","@timestamp":"2022-09-19T03:13:25.855Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:14:50 honeypot-fra-1 sshd[31566]: Disconnected from invalid user spam 52.140.206.1 port 1024 [preauth]","@timestamp":"2022-09-19T03:14:50.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:15:06.658Z","@version":"1","message":"Sep 19 03:15:06 honeypot-sgp-1 sshd[32638]: Received disconnect from 128.199.147.56 port 41704:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:15:34.672Z","@version":"1","message":"Sep 19 03:15:33 honeypot-sgp-1 sshd[32642]: Disconnected from invalid user wra 210.245.26.43 port 46352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:18:42 honeypot-fra-1 sshd[31571]: Disconnected from invalid user fabrice 112.196.54.35 port 51600 [preauth]","@timestamp":"2022-09-19T03:18:43.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:19:44.779Z","@version":"1","message":"Sep 19 03:19:44 honeypot-sgp-1 sshd[32648]: Disconnected from invalid user monitor 202.61.105.17 port 51568 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:22:09 honeypot-ams-1 sshd[6924]: Invalid user jiangtao from 175.118.152.100 port 54027","@timestamp":"2022-09-19T03:22:10.086Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:25:08 honeypot-fra-1 sshd[31576]: Received disconnect from 93.113.61.126 port 33272:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:25:08.696Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:28:29 honeypot-ams-1 kernel: [84434689.023602] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.112.169.248 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=9745 PROTO=TCP SPT=7096 DPT=80 WINDOW=43635 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:28:30.250Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:32:13 honeypot-fra-1 sshd[31579]: Disconnected from invalid user liuqi 165.22.45.108 port 48152 [preauth]","@timestamp":"2022-09-19T03:32:13.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:38:16 honeypot-fra-1 sshd[31586]: Received disconnect from 179.43.156.143 port 44922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:38:16.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:40:08 honeypot-fra-1 sshd[31592]: Received disconnect from 179.43.156.143 port 38998:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:40:09.039Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:41:18 honeypot-fra-1 sshd[31596]: Disconnected from authenticating user root 179.43.156.143 port 35084 [preauth]","@timestamp":"2022-09-19T03:41:19.067Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:41:39 honeypot-ams-1 kernel: [84435479.177783] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=61141 PROTO=TCP SPT=37178 DPT=80 WINDOW=55674 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:41:40.589Z"}
{"@timestamp":"2022-09-19T03:41:54.331Z","@version":"1","message":"Sep 19 03:41:53 honeypot-sgp-1 sshd[32655]: Invalid user admin from 92.255.85.69 port 29754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:42:28 honeypot-fra-1 sshd[31601]: Disconnected from invalid user ossuser 179.43.156.143 port 59368 [preauth]","@timestamp":"2022-09-19T03:42:29.096Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:43:43 honeypot-fra-1 sshd[31605]: Disconnected from invalid user esunny 179.43.156.143 port 55460 [preauth]","@timestamp":"2022-09-19T03:43:43.126Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:44:54.408Z","@version":"1","message":"Sep 19 03:44:53 honeypot-sgp-1 sshd[32658]: Disconnected from invalid user user 45.61.186.169 port 55836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:44:57 honeypot-fra-1 sshd[31611]: Received disconnect from 179.43.156.143 port 51516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:44:58.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:45:12.418Z","@version":"1","message":"Sep 19 03:45:12 honeypot-sgp-1 sshd[32662]: Disconnected from invalid user user 45.61.186.169 port 50508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:29.426Z","@version":"1","message":"Sep 19 03:45:29 honeypot-sgp-1 sshd[32667]: Disconnected from invalid user user 45.61.186.169 port 45182 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:46.436Z","@version":"1","message":"Sep 19 03:45:45 honeypot-sgp-1 sshd[32671]: Disconnected from invalid user user 45.61.186.169 port 39880 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:46:13 honeypot-fra-1 sshd[31615]: Received disconnect from 179.43.156.143 port 47588:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:46:13.208Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:47:28 honeypot-fra-1 sshd[31619]: Received disconnect from 179.43.156.143 port 43652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:47:28.237Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:48:40 honeypot-ams-1 kernel: [84435899.320629] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=41.239.229.136 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=49991 PROTO=TCP SPT=63102 DPT=443 WINDOW=47363 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:48:40.766Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:48:45 honeypot-fra-1 sshd[31626]: Invalid user drcomadmin from 179.43.156.143 port 39720","@timestamp":"2022-09-19T03:48:45.269Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:49:23 honeypot-ams-1 sshd[6938]: Disconnected from invalid user ik 35.246.83.56 port 59276 [preauth]","@timestamp":"2022-09-19T03:49:24.788Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:49:24 honeypot-fra-1 sshd[31630]: Invalid user vyos from 179.43.156.143 port 37750","@timestamp":"2022-09-19T03:49:25.287Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:50:36 honeypot-fra-1 kernel: [84433841.534001] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.82 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=47966 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:50:37.317Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:51:45 honeypot-fra-1 sshd[31638]: Received disconnect from 115.88.38.58 port 57894:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:51:45.347Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:53:29 honeypot-fra-1 sshd[31645]: Received disconnect from 179.43.156.143 port 54180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:53:30.390Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:53:57 honeypot-ams-1 sshd[6945]: Invalid user ocstest1 from 115.94.79.59 port 43166","@timestamp":"2022-09-19T03:53:57.908Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:54:52 honeypot-fra-1 sshd[31649]: Disconnected from authenticating user root 179.43.156.143 port 50250 [preauth]","@timestamp":"2022-09-19T03:54:52.423Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:55:12.698Z","@version":"1","message":"Sep 19 03:55:11 honeypot-sgp-1 kernel: [84435814.005518] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=63513 PROTO=TCP SPT=57376 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:57:01 honeypot-fra-1 sshd[31655]: Disconnected from authenticating user root 179.43.156.143 port 44344 [preauth]","@timestamp":"2022-09-19T03:57:01.472Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:57:08 honeypot-ams-1 sshd[6949]: Invalid user xe from 103.72.4.8 port 50008","@timestamp":"2022-09-19T03:57:08.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:59:08 honeypot-fra-1 sshd[31662]: Invalid user jenkins from 179.43.156.143 port 38448","@timestamp":"2022-09-19T03:59:09.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:00:12 honeypot-fra-1 sshd[31666]: Connection closed by invalid user admin 121.168.197.214 port 35260 [preauth]","@timestamp":"2022-09-19T04:00:12.549Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:00:40 honeypot-ams-1 sshd[6955]: Connection closed by authenticating user root 152.70.213.42 port 33412 [preauth]","@timestamp":"2022-09-19T04:00:41.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:01:25 honeypot-fra-1 kernel: [84434490.437216] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=31442 PROTO=TCP SPT=57376 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:01:25.581Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:03:25 honeypot-fra-1 sshd[31677]: Received disconnect from 179.43.156.143 port 54876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T04:03:25.628Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:04:52 honeypot-fra-1 sshd[31682]: Invalid user vagrant from 179.43.156.143 port 50932","@timestamp":"2022-09-19T04:04:52.663Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:08:10 honeypot-ams-1 sshd[6960]: Received disconnect from 143.198.123.124 port 57190:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:08:11.285Z"}
{"@timestamp":"2022-09-19T04:09:22.048Z","@version":"1","message":"Sep 19 04:09:21 honeypot-sgp-1 sshd[32681]: Received disconnect from 61.177.173.39 port 60667:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:10:54.238Z","@version":"1","message":"Sep 19 04:10:53 honeypot-sgp-1 sshd[32691]: Received disconnect from 61.177.173.36 port 11235:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:11:46 honeypot-fra-1 sshd[31687]: Invalid user akdcodel from 43.154.50.12 port 33272","@timestamp":"2022-09-19T04:11:46.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:13:43 honeypot-fra-1 sshd[31691]: Disconnected from invalid user oracle 111.67.197.239 port 52580 [preauth]","@timestamp":"2022-09-19T04:13:43.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:13:55 honeypot-ams-1 kernel: [84437414.273890] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=107.173.159.85 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=6224 PROTO=TCP SPT=16647 DPT=80 WINDOW=42751 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:13:55.433Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:17:01 honeypot-fra-1 CRON[31698]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T04:17:01.933Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:17:02.398Z","@version":"1","message":"Sep 19 04:17:01 honeypot-sgp-1 CRON[32699]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:19:28 honeypot-fra-1 sshd[31703]: Disconnected from invalid user 1 92.255.85.69 port 44588 [preauth]","@timestamp":"2022-09-19T04:19:28.988Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:20:03.479Z","@version":"1","message":"Sep 19 04:20:02 honeypot-sgp-1 sshd[32705]: Received disconnect from 41.93.33.2 port 43602:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:23:05 honeypot-ams-1 sshd[6969]: Invalid user monitor from 210.211.108.149 port 48364","@timestamp":"2022-09-19T04:23:06.684Z"}
{"@timestamp":"2022-09-19T04:25:46.627Z","@version":"1","message":"Sep 19 04:25:46 honeypot-sgp-1 kernel: [84437648.380188] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=52496 DF PROTO=TCP SPT=63883 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:28:22.700Z","@version":"1","message":"Sep 19 04:28:21 honeypot-sgp-1 sshd[32718]: Received disconnect from 206.81.0.243 port 46554:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:30:36 honeypot-ams-1 sshd[6974]: Connection closed by authenticating user root 179.60.147.69 port 25062 [preauth]","@timestamp":"2022-09-19T04:30:36.880Z"}
{"@timestamp":"2022-09-19T04:32:54.822Z","@version":"1","message":"Sep 19 04:32:53 honeypot-sgp-1 kernel: [84438075.958150] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.76.113.158 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=52470 DF PROTO=TCP SPT=58100 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31719]: Invalid user admin from 34.71.244.4 port 36176","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31713]: Invalid user testuser from 34.71.244.4 port 36256","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31721]: Invalid user nexus from 34.71.244.4 port 36070","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31727]: Connection closed by authenticating user root 34.71.244.4 port 36280 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31716]: Connection closed by invalid user oracle 34.71.244.4 port 36144 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31722]: Connection closed by invalid user chia 34.71.244.4 port 36290 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31729]: Connection closed by authenticating user root 34.71.244.4 port 36208 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:38:15.961Z","@version":"1","message":"Sep 19 04:38:15 honeypot-sgp-1 kernel: [84438397.592790] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=41.73.132.4 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=62704 DF PROTO=TCP SPT=54630 DPT=3389 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:50:45 honeypot-fra-1 sshd[31761]: Disconnected from invalid user system 92.255.85.70 port 17748 [preauth]","@timestamp":"2022-09-19T04:50:45.677Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:51:25 honeypot-ams-1 kernel: [84439664.645762] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=8625 PROTO=TCP SPT=12997 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:51:26.406Z"}
{"@timestamp":"2022-09-19T04:53:47.366Z","@version":"1","message":"Sep 19 04:53:46 honeypot-sgp-1 sshd[32735]: Did not receive identification string from 45.61.186.249 port 35748","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:54:31.388Z","@version":"1","message":"Sep 19 04:54:30 honeypot-sgp-1 sshd[32738]: Disconnected from invalid user user 45.61.186.249 port 38244 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:54:50.397Z","@version":"1","message":"Sep 19 04:54:49 honeypot-sgp-1 sshd[32742]: Disconnected from invalid user user 45.61.186.249 port 60924 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:55:07.406Z","@version":"1","message":"Sep 19 04:55:06 honeypot-sgp-1 sshd[32746]: Disconnected from invalid user user 45.61.186.249 port 55420 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:56:18.435Z","@version":"1","message":"Sep 19 04:56:18 honeypot-sgp-1 sshd[32750]: Disconnected from invalid user system 92.255.85.69 port 25060 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:56:51 honeypot-ams-1 kernel: [84439991.009299] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=38575 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:56:52.544Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:59:17 honeypot-fra-1 sshd[31764]: Invalid user xhl from 103.188.176.251 port 36030","@timestamp":"2022-09-19T04:59:17.867Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:03:36.622Z","@version":"1","message":"Sep 19 05:03:36 honeypot-sgp-1 kernel: [84439917.980353] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=40498 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:04:41 honeypot-fra-1 sshd[31770]: Invalid user myshake from 179.60.147.69 port 1610","@timestamp":"2022-09-19T05:04:41.989Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:05:02 honeypot-ams-1 kernel: [84440482.112139] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.80.164.21 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=113 ID=1474 DF PROTO=TCP SPT=53083 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:05:03.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:06:53 honeypot-ams-1 sshd[7440]: Connection closed by invalid user myshake 179.60.147.69 port 42908 [preauth]","@timestamp":"2022-09-19T05:06:54.804Z"}
{"@timestamp":"2022-09-19T05:10:46.805Z","@version":"1","message":"Sep 19 05:10:46 honeypot-sgp-1 sshd[32763]: Received disconnect from 45.61.186.249 port 41726:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:05.815Z","@version":"1","message":"Sep 19 05:11:05 honeypot-sgp-1 sshd[301]: Received disconnect from 45.61.186.249 port 36746:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:24.825Z","@version":"1","message":"Sep 19 05:11:24 honeypot-sgp-1 sshd[305]: Received disconnect from 45.61.186.249 port 60010:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:33.830Z","@version":"1","message":"Sep 19 05:11:33 honeypot-sgp-1 sshd[309]: Received disconnect from 45.61.186.249 port 43392:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:12:09.846Z","@version":"1","message":"Sep 19 05:12:09 honeypot-sgp-1 kernel: [84440431.698955] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.58 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=63945 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:12:28 honeypot-fra-1 kernel: [84438753.503948] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.206.25 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55323 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:12:29.165Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:17:01 honeypot-ams-1 CRON[7444]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T05:17:01.064Z"}
{"@timestamp":"2022-09-19T05:17:08.974Z","@version":"1","message":"Sep 19 05:17:08 honeypot-sgp-1 sshd[319]: Received disconnect from 61.177.173.52 port 23692:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:19:12 honeypot-fra-1 sshd[31784]: Invalid user admin from 92.255.85.70 port 63130","@timestamp":"2022-09-19T05:19:12.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:21:25.084Z","@version":"1","message":"Sep 19 05:21:24 honeypot-sgp-1 sshd[328]: Received disconnect from 61.177.173.36 port 40553:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:23:21.135Z","@version":"1","message":"Sep 19 05:23:21 honeypot-sgp-1 sshd[333]: Disconnected from invalid user admin 92.255.85.70 port 60040 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:24:05 honeypot-ams-1 kernel: [84441624.621952] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=110.241.40.253 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=42683 PROTO=TCP SPT=61914 DPT=80 WINDOW=45202 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:24:06.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:25:20 honeypot-ams-1 sshd[7454]: Received disconnect from 43.133.196.188 port 53452:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:25:20.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:28:47 honeypot-fra-1 kernel: [84439732.893753] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40731 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:28:48.529Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:01 honeypot-fra-1 sshd[31790]: Disconnected from invalid user user 45.61.186.169 port 56992 [preauth]","@timestamp":"2022-09-19T05:29:01.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:19 honeypot-fra-1 sshd[31794]: Disconnected from invalid user user 45.61.186.169 port 52132 [preauth]","@timestamp":"2022-09-19T05:29:19.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:36 honeypot-fra-1 sshd[31798]: Disconnected from invalid user user 45.61.186.169 port 47214 [preauth]","@timestamp":"2022-09-19T05:29:37.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:30:27.316Z","@version":"1","message":"Sep 19 05:30:27 honeypot-sgp-1 kernel: [84441529.229182] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=17918 PROTO=TCP SPT=45405 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:34:08 honeypot-ams-1 sshd[7459]: Disconnected from authenticating user root 37.230.139.44 port 10105 [preauth]","@timestamp":"2022-09-19T05:34:09.506Z"}
{"@timestamp":"2022-09-19T05:35:39.450Z","@version":"1","message":"Sep 19 05:35:39 honeypot-sgp-1 sshd[341]: Disconnected from authenticating user root 61.177.173.36 port 60294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:40:13.566Z","@version":"1","message":"Sep 19 05:40:13 honeypot-sgp-1 sshd[349]: Received disconnect from 61.177.173.46 port 39996:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:40:25 honeypot-ams-1 sshd[7466]: Invalid user zi from 196.216.73.90 port 21193","@timestamp":"2022-09-19T05:40:25.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:40:48 honeypot-fra-1 sshd[31803]: Connection closed by invalid user pyimagesearch 179.60.147.69 port 25528 [preauth]","@timestamp":"2022-09-19T05:40:48.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:43:21 honeypot-fra-1 sshd[31807]: Connection closed by invalid user katerina 141.98.10.158 port 54656 [preauth]","@timestamp":"2022-09-19T05:43:21.862Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:44:49 honeypot-fra-1 kernel: [84440694.594090] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=17234 PROTO=TCP SPT=21363 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:44:49.900Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:46:09 honeypot-ams-1 kernel: [84442949.117784] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=221.176.116.78 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=1032 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:46:10.817Z"}
{"@timestamp":"2022-09-19T05:49:50.809Z","@version":"1","message":"Sep 19 05:49:50 honeypot-sgp-1 sshd[355]: Received disconnect from 61.177.173.46 port 63586:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:35:57 honeypot-fra-1 sshd[25452]: Invalid user sinusbot from 104.248.146.84 port 52774","@timestamp":"2022-09-17T15:35:58.278Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 15:37:16 honeypot-ams-1 sshd[1977]: Invalid user ts3 from 198.46.235.250 port 53940","@timestamp":"2022-09-17T15:37:17.254Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:37:20 honeypot-fra-1 sshd[25455]: Disconnected from invalid user terrariaserver 103.226.248.61 port 48346 [preauth]","@timestamp":"2022-09-17T15:37:21.310Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:46:17 honeypot-fra-1 sshd[25460]: Connection closed by invalid user ubnt 179.60.147.69 port 10306 [preauth]","@timestamp":"2022-09-17T15:46:18.547Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:47:44.373Z","@version":"1","message":"Sep 17 15:47:44 honeypot-sgp-1 sshd[28555]: Did not receive identification string from 45.61.184.204 port 60588","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 15:48:23 honeypot-ams-1 kernel: [84306284.086735] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.108.124.79 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=46163 PROTO=TCP SPT=30725 DPT=80 WINDOW=8070 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T15:48:24.540Z"}
{"@timestamp":"2022-09-17T15:48:25.392Z","@version":"1","message":"Sep 17 15:48:24 honeypot-sgp-1 sshd[28558]: Disconnected from invalid user user 45.61.184.204 port 33098 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:48:44.401Z","@version":"1","message":"Sep 17 15:48:44 honeypot-sgp-1 sshd[28562]: Disconnected from invalid user user 45.61.184.204 port 56614 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T15:49:02.412Z","@version":"1","message":"Sep 17 15:49:01 honeypot-sgp-1 sshd[28566]: Disconnected from invalid user user 45.61.184.204 port 51898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:50:03 honeypot-fra-1 sshd[25464]: Received disconnect from 111.93.214.67 port 45430:11: Bye Bye [preauth]","@timestamp":"2022-09-17T15:50:04.633Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:53:59.535Z","@version":"1","message":"Sep 17 15:53:58 honeypot-sgp-1 sshd[28574]: Invalid user pi from 173.17.219.96 port 38302","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 15:54:15 honeypot-fra-1 sshd[25469]: Disconnected from invalid user admin 134.209.210.254 port 50480 [preauth]","@timestamp":"2022-09-17T15:54:16.731Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T15:54:55.559Z","@version":"1","message":"Sep 17 15:54:54 honeypot-sgp-1 kernel: [84306199.181472] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57085 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:00:12 honeypot-fra-1 kernel: [84304822.402536] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.163.125.6 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=16856 PROTO=TCP SPT=48697 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:00:12.866Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:00:21 honeypot-ams-1 kernel: [84307002.260295] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.82.65.186 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=38824 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:00:21.853Z"}
{"@timestamp":"2022-09-17T16:03:04.763Z","@version":"1","message":"Sep 17 16:03:03 honeypot-sgp-1 sshd[28583]: Invalid user pi from 47.208.246.201 port 46222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:06:43 honeypot-fra-1 sshd[25479]: Disconnected from invalid user lifferay 165.22.45.108 port 46368 [preauth]","@timestamp":"2022-09-17T16:06:44.016Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:10:40 honeypot-ams-1 sshd[1994]: Connection closed by invalid user user 193.106.191.157 port 41386 [preauth]","@timestamp":"2022-09-17T16:10:41.121Z"}
{"@timestamp":"2022-09-17T16:14:50.050Z","@version":"1","message":"Sep 17 16:14:49 honeypot-sgp-1 sshd[28592]: Disconnected from authenticating user root 61.177.172.124 port 35824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:17:01 honeypot-fra-1 CRON[25486]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T16:17:02.249Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:17:01 honeypot-ams-1 CRON[1998]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T16:17:02.289Z"}
{"@timestamp":"2022-09-17T16:18:18.138Z","@version":"1","message":"Sep 17 16:18:17 honeypot-sgp-1 sshd[28599]: Disconnected from authenticating user root 61.177.173.37 port 38298 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:21:40 honeypot-fra-1 kernel: [84306110.161663] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=101.35.161.133 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=29420 DF PROTO=TCP SPT=41502 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:21:40.358Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T16:22:09.234Z","@version":"1","message":"Sep 17 16:22:08 honeypot-sgp-1 sshd[28606]: Invalid user webadmin from 209.97.149.37 port 59994","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:24:02.281Z","@version":"1","message":"Sep 17 16:24:01 honeypot-sgp-1 kernel: [84307945.637502] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=51794 PROTO=TCP SPT=51754 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T16:29:13.411Z","@version":"1","message":"Sep 17 16:29:13 honeypot-sgp-1 kernel: [84308257.463288] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=143.244.138.190 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=16245 PROTO=TCP SPT=51797 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:30:20 honeypot-ams-1 sshd[2005]: Connection closed by invalid user user 193.106.191.157 port 54810 [preauth]","@timestamp":"2022-09-17T16:30:20.660Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:35:40 honeypot-fra-1 kernel: [84306950.064207] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.160.165 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=53011 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:35:40.675Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T16:37:09.610Z","@version":"1","message":"Sep 17 16:37:08 honeypot-sgp-1 sshd[28622]: Received disconnect from 144.24.131.170 port 60496:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:37:23 honeypot-fra-1 sshd[25504]: Disconnected from invalid user tester 103.246.240.30 port 45084 [preauth]","@timestamp":"2022-09-17T16:37:24.719Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T16:38:45.652Z","@version":"1","message":"Sep 17 16:38:45 honeypot-sgp-1 sshd[28620]: Connection reset by 61.177.173.51 port 59947 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:40:47 honeypot-fra-1 sshd[25510]: Disconnected from invalid user test 43.154.143.45 port 60874 [preauth]","@timestamp":"2022-09-17T16:40:48.801Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:46:03 honeypot-ams-1 kernel: [84309743.524173] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.81.210.211 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=24596 PROTO=TCP SPT=44800 DPT=443 WINDOW=61000 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:46:04.065Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:47:17 honeypot-fra-1 kernel: [84307647.110463] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.100 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=48540 PROTO=TCP SPT=59801 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:47:17.946Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 16:52:03 honeypot-ams-1 kernel: [84310103.886384] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.135 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=55477 PROTO=TCP SPT=52146 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T16:52:04.225Z"}
{"@timestamp":"2022-09-17T16:53:10.006Z","@version":"1","message":"Sep 17 16:53:09 honeypot-sgp-1 kernel: [84309693.350725] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36551 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:56:23 honeypot-fra-1 sshd[25522]: Disconnected from authenticating user root 196.3.164.45 port 45116 [preauth]","@timestamp":"2022-09-17T16:56:24.153Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 16:57:20 honeypot-ams-1 sshd[2016]: Received disconnect from 95.161.129.20 port 46316:11: Bye Bye [preauth]","@timestamp":"2022-09-17T16:57:21.367Z"}
{"@timestamp":"2022-09-17T16:58:03.128Z","@version":"1","message":"Sep 17 16:58:02 honeypot-sgp-1 kernel: [84309986.281581] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=205.210.31.178 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=37658 PROTO=TCP SPT=52104 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 16:59:00 honeypot-fra-1 sshd[25527]: Disconnected from invalid user mjuma 190.35.38.226 port 53620 [preauth]","@timestamp":"2022-09-17T16:59:00.214Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:01:06 honeypot-ams-1 sshd[2022]: Invalid user centos from 179.60.147.69 port 3904","@timestamp":"2022-09-17T17:01:06.466Z"}
{"@timestamp":"2022-09-17T17:03:34.264Z","@version":"1","message":"Sep 17 17:03:33 honeypot-sgp-1 sshd[28649]: Invalid user admin from 121.154.69.21 port 56524","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:04:44 honeypot-fra-1 kernel: [84308694.122063] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=40698 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:04:44.345Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:17 honeypot-fra-1 sshd[25537]: Received disconnect from 165.22.45.108 port 51516:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T17:05:18.360Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:05:43 honeypot-fra-1 sshd[25541]: Received disconnect from 45.61.186.169 port 57718:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T17:05:44.372Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:02 honeypot-fra-1 sshd[25546]: Received disconnect from 45.61.186.169 port 53012:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T17:06:02.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:06:19 honeypot-fra-1 sshd[25550]: Received disconnect from 45.61.186.169 port 48336:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T17:06:20.389Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:07:24 honeypot-fra-1 kernel: [84308854.373755] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=195.144.21.56 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=118 ID=21276 PROTO=TCP SPT=30378 DPT=389 WINDOW=10151 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:07:24.506Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:07:25.362Z","@version":"1","message":"Sep 17 17:07:24 honeypot-sgp-1 sshd[28652]: Disconnected from authenticating user root 139.59.14.70 port 50650 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:09:56 honeypot-fra-1 sshd[25560]: Received disconnect from 134.122.44.93 port 49560:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:09:57.569Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:10:37.442Z","@version":"1","message":"Sep 17 17:10:36 honeypot-sgp-1 sshd[28659]: Invalid user nick from 50.192.223.205 port 32838","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:13:24.510Z","@version":"1","message":"Sep 17 17:13:23 honeypot-sgp-1 sshd[28666]: Connection closed by 200.89.174.158 port 50132 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:15:56 honeypot-ams-1 kernel: [84311537.247011] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=38741 PROTO=TCP SPT=50279 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:15:56.849Z"}
{"@timestamp":"2022-09-17T17:15:59.575Z","@version":"1","message":"Sep 17 17:15:59 honeypot-sgp-1 sshd[28674]: Received disconnect from 61.177.173.36 port 28044:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:17:01 honeypot-fra-1 CRON[25568]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T17:17:01.730Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:17:24.612Z","@version":"1","message":"Sep 17 17:17:23 honeypot-sgp-1 sshd[28680]: Disconnected from authenticating user root 190.89.12.2 port 39944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:19:31 honeypot-fra-1 sshd[25571]: Disconnected from invalid user angerine 189.112.251.33 port 56593 [preauth]","@timestamp":"2022-09-17T17:19:31.789Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:30:01.918Z","@version":"1","message":"Sep 17 17:30:01 honeypot-sgp-1 sshd[28686]: Invalid user jenkins from 103.12.199.14 port 50412","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:27.932Z","@version":"1","message":"Sep 17 17:30:27 honeypot-sgp-1 kernel: [84311931.399895] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=64354 PROTO=TCP SPT=55805 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:30:30.934Z","@version":"1","message":"Sep 17 17:30:30 honeypot-sgp-1 sshd[28694]: Received disconnect from 43.154.56.85 port 47112:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:31:03 honeypot-fra-1 kernel: [84310273.041813] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=37368 PROTO=TCP SPT=55805 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:31:04.054Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T17:31:26.960Z","@version":"1","message":"Sep 17 17:31:26 honeypot-sgp-1 sshd[28698]: Received disconnect from 45.89.26.119 port 60554:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:32:12 honeypot-fra-1 sshd[25582]: Disconnected from invalid user tomcat02 60.249.82.125 port 51466 [preauth]","@timestamp":"2022-09-17T17:32:13.084Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 17:33:07 honeypot-ams-1 sshd[2035]: Received disconnect from 144.126.210.207 port 36210:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:33:07.293Z"}
{"@timestamp":"2022-09-17T17:33:57.023Z","@version":"1","message":"Sep 17 17:33:56 honeypot-sgp-1 sshd[28702]: Connection closed by invalid user centos 179.60.147.69 port 64878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:33:56 honeypot-fra-1 sshd[25589]: Received disconnect from 76.237.101.224 port 60556:11: Bye Bye [preauth]","@timestamp":"2022-09-17T17:33:57.125Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:35:05 honeypot-fra-1 sshd[25593]: Connection closed by invalid user centos 179.60.147.69 port 27646 [preauth]","@timestamp":"2022-09-17T17:35:06.154Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:38:15.130Z","@version":"1","message":"Sep 17 17:38:14 honeypot-sgp-1 sshd[28710]: Invalid user llama from 142.93.59.227 port 58640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:43:20 honeypot-ams-1 kernel: [84313181.362333] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=52283 PROTO=TCP SPT=43353 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:43:21.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:47:30 honeypot-fra-1 sshd[25599]: Invalid user qianbiao from 194.163.190.53 port 57466","@timestamp":"2022-09-17T17:47:30.459Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T17:51:28.447Z","@version":"1","message":"Sep 17 17:51:27 honeypot-sgp-1 sshd[28718]: Disconnected from authenticating user root 61.177.173.37 port 42281 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T17:56:10.910Z","@version":"1","message":"Sep 17 17:56:10 honeypot-sgp-1 kernel: [84313474.323242] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=39549 DF PROTO=TCP SPT=53070 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 17:59:00 honeypot-ams-1 kernel: [84314120.485770] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6454 PROTO=TCP SPT=57509 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T17:59:00.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 17:59:31 honeypot-fra-1 sshd[25675]: Invalid user steamm from 68.183.212.10 port 47028","@timestamp":"2022-09-17T17:59:31.732Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:00:01.004Z","@version":"1","message":"Sep 17 18:00:00 honeypot-sgp-1 kernel: [84313704.860148] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6361 PROTO=TCP SPT=57509 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:02:38 honeypot-fra-1 sshd[25677]: Disconnected from invalid user terraria 118.70.170.120 port 45970 [preauth]","@timestamp":"2022-09-17T18:02:38.807Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:05:35 honeypot-fra-1 kernel: [84312344.995205] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=42566 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:05:35.875Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T18:10:27.264Z","@version":"1","message":"Sep 17 18:10:26 honeypot-sgp-1 sshd[28737]: Connection closed by authenticating user root 179.60.147.69 port 19408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:13:43 honeypot-ams-1 sshd[2062]: Connection closed by authenticating user root 179.60.147.69 port 55128 [preauth]","@timestamp":"2022-09-17T18:13:44.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:13:49 honeypot-fra-1 kernel: [84312839.717319] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=41491 PROTO=TCP SPT=55902 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:13:50.068Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:19:10 honeypot-fra-1 sshd[25693]: Connection closed by invalid user shaopengyang 194.163.190.53 port 34046 [preauth]","@timestamp":"2022-09-17T18:19:11.191Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:25:10.625Z","@version":"1","message":"Sep 17 18:25:10 honeypot-sgp-1 sshd[28754]: Received disconnect from 61.177.173.50 port 42550:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:26:40 honeypot-fra-1 sshd[25700]: Connection closed by invalid user share 194.163.190.53 port 40290 [preauth]","@timestamp":"2022-09-17T18:26:40.359Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:27:28.685Z","@version":"1","message":"Sep 17 18:27:28 honeypot-sgp-1 sshd[28758]: Disconnecting invalid user  185.246.130.20 port 28487: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:27:58.700Z","@version":"1","message":"Sep 17 18:27:58 honeypot-sgp-1 sshd[28764]: Disconnecting invalid user  185.246.130.20 port 25319: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:28:17.710Z","@version":"1","message":"Sep 17 18:28:17 honeypot-sgp-1 kernel: [84315401.287389] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=53124 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:28:36 honeypot-ams-1 sshd[2069]: Received disconnect from 80.68.7.179 port 56938:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:28:36.756Z"}
{"@timestamp":"2022-09-17T18:28:38.720Z","@version":"1","message":"Sep 17 18:28:37 honeypot-sgp-1 sshd[28774]: Disconnecting invalid user aerohive 185.246.130.20 port 1720: Change of username or service not allowed: (aerohive,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:12.737Z","@version":"1","message":"Sep 17 18:29:12 honeypot-sgp-1 sshd[28780]: Disconnecting invalid user private 185.246.130.20 port 25940: Change of username or service not allowed: (private,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:29:41.754Z","@version":"1","message":"Sep 17 18:29:41 honeypot-sgp-1 sshd[28789]: Invalid user araknis from 185.246.130.20 port 40361","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:08.768Z","@version":"1","message":"Sep 17 18:30:08 honeypot-sgp-1 sshd[28795]: Disconnecting authenticating user root 185.246.130.20 port 37070: Change of username or service not allowed: (root,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:40.783Z","@version":"1","message":"Sep 17 18:30:40 honeypot-sgp-1 sshd[28801]: Invalid user admin from 185.246.130.20 port 57640","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:30:50.788Z","@version":"1","message":"Sep 17 18:30:50 honeypot-sgp-1 sshd[28804]: Disconnecting invalid user guest 185.246.130.20 port 23073: Change of username or service not allowed: (guest,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:07.797Z","@version":"1","message":"Sep 17 18:31:07 honeypot-sgp-1 sshd[28814]: Invalid user user from 45.61.184.204 port 48148","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:16.801Z","@version":"1","message":"Sep 17 18:31:16 honeypot-sgp-1 sshd[28817]: Disconnected from invalid user user 45.61.184.204 port 59498 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:29.808Z","@version":"1","message":"Sep 17 18:31:29 honeypot-sgp-1 sshd[28822]: Invalid user Cisco from 185.246.130.20 port 51277","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:31:38.812Z","@version":"1","message":"Sep 17 18:31:38 honeypot-sgp-1 sshd[28826]: Disconnecting invalid user cisco 185.246.130.20 port 55292: Change of username or service not allowed: (cisco,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:31:39 honeypot-fra-1 sshd[25779]: Did not receive identification string from 45.61.187.160 port 56112","@timestamp":"2022-09-17T18:31:39.475Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:31:50.819Z","@version":"1","message":"Sep 17 18:31:50 honeypot-sgp-1 sshd[28832]: Invalid user 1234 from 185.246.130.20 port 21005","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:31:53 honeypot-ams-1 kernel: [84316093.610186] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.155.216.175 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=59 ID=29861 PROTO=TCP SPT=17019 DPT=80 WINDOW=28499 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:31:53.844Z"}
{"@timestamp":"2022-09-17T18:32:16.832Z","@version":"1","message":"Sep 17 18:32:16 honeypot-sgp-1 sshd[28839]: Disconnected from authenticating user root 61.177.173.52 port 27030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:24 honeypot-fra-1 sshd[25782]: Disconnected from invalid user user 45.61.187.160 port 41942 [preauth]","@timestamp":"2022-09-17T18:32:25.494Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:32:45.847Z","@version":"1","message":"Sep 17 18:32:45 honeypot-sgp-1 sshd[28844]: Disconnecting invalid user sti.admin5 185.246.130.20 port 31399: Change of username or service not allowed: (sti.admin5,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:32:46 honeypot-fra-1 sshd[25786]: Disconnected from invalid user user 45.61.187.160 port 36960 [preauth]","@timestamp":"2022-09-17T18:32:46.504Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:33:04 honeypot-fra-1 sshd[25790]: Disconnected from invalid user user 45.61.187.160 port 60170 [preauth]","@timestamp":"2022-09-17T18:33:04.513Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:33:11.860Z","@version":"1","message":"Sep 17 18:33:11 honeypot-sgp-1 sshd[28850]: Disconnecting invalid user zhone 185.246.130.20 port 4812: Change of username or service not allowed: (zhone,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:38.874Z","@version":"1","message":"Sep 17 18:33:38 honeypot-sgp-1 sshd[28856]: Received disconnect from 61.177.173.53 port 53405:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:33:56.883Z","@version":"1","message":"Sep 17 18:33:56 honeypot-sgp-1 sshd[28864]: Invalid user Administrator from 185.246.130.20 port 28772","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:34:11 honeypot-fra-1 sshd[25794]: Connection closed by invalid user share 194.163.190.53 port 46780 [preauth]","@timestamp":"2022-09-17T18:34:12.542Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:34:19.895Z","@version":"1","message":"Sep 17 18:34:19 honeypot-sgp-1 sshd[28870]: Invalid user admin from 185.246.130.20 port 31344","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:34:47.909Z","@version":"1","message":"Sep 17 18:34:47 honeypot-sgp-1 sshd[28877]: Invalid user comcast from 185.246.130.20 port 12436","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:35:24.927Z","@version":"1","message":"Sep 17 18:35:24 honeypot-sgp-1 sshd[28883]: Invalid user admin1234 from 185.246.130.20 port 30486","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:35:59.945Z","@version":"1","message":"Sep 17 18:35:59 honeypot-sgp-1 sshd[28889]: Invalid user admin from 185.246.130.20 port 34392","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:36:32.965Z","@version":"1","message":"Sep 17 18:36:32 honeypot-sgp-1 sshd[28895]: Invalid user blank from 185.246.130.20 port 58345","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:02.980Z","@version":"1","message":"Sep 17 18:37:02 honeypot-sgp-1 sshd[28903]: Disconnected from authenticating user root 61.177.173.35 port 19967 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:37:26 honeypot-ams-1 kernel: [84316426.758152] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=135.180.85.140 DST=178.62.254.91 LEN=44 TOS=0x08 PREC=0x00 TTL=46 ID=22480 PROTO=TCP SPT=31006 DPT=80 WINDOW=209 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:37:26.998Z"}
{"@timestamp":"2022-09-17T18:37:27.992Z","@version":"1","message":"Sep 17 18:37:27 honeypot-sgp-1 sshd[28907]: Disconnecting invalid user admin 185.246.130.20 port 44378: Change of username or service not allowed: (admin,ssh-connection) -> (roqos,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:37:55.005Z","@version":"1","message":"Sep 17 18:37:54 honeypot-sgp-1 sshd[28913]: Disconnecting invalid user Shiko 185.246.130.20 port 59852: Change of username or service not allowed: (Shiko,ssh-connection) -> (sitecom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:26.021Z","@version":"1","message":"Sep 17 18:38:25 honeypot-sgp-1 sshd[28919]: Disconnecting invalid user smcadmin 185.246.130.20 port 4362: Change of username or service not allowed: (smcadmin,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:38:53.035Z","@version":"1","message":"Sep 17 18:38:52 honeypot-sgp-1 sshd[28925]: Disconnecting invalid user highspeed 185.246.130.20 port 4288: Change of username or service not allowed: (highspeed,ssh-connection) -> (smcadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:26.051Z","@version":"1","message":"Sep 17 18:39:25 honeypot-sgp-1 sshd[28931]: Disconnecting invalid user  185.246.130.20 port 30026: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:39:53.066Z","@version":"1","message":"Sep 17 18:39:52 honeypot-sgp-1 sshd[28938]: Disconnecting invalid user public 185.246.130.20 port 4226: Change of username or service not allowed: (public,ssh-connection) -> (user,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:24.081Z","@version":"1","message":"Sep 17 18:40:23 honeypot-sgp-1 sshd[28946]: Invalid user 123456 from 185.246.130.20 port 44443","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:40:48.094Z","@version":"1","message":"Sep 17 18:40:47 honeypot-sgp-1 sshd[28952]: Invalid user readwrite from 185.246.130.20 port 48354","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:22.111Z","@version":"1","message":"Sep 17 18:41:21 honeypot-sgp-1 sshd[28959]: Invalid user DZY-W2914NSV2 from 185.246.130.20 port 59853","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T18:41:47.123Z","@version":"1","message":"Sep 17 18:41:46 honeypot-sgp-1 sshd[28965]: Invalid user admin from 185.246.130.20 port 33932","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:41:57 honeypot-fra-1 sshd[25802]: Invalid user share from 194.163.190.53 port 54078","@timestamp":"2022-09-17T18:41:58.721Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:41:59 honeypot-ams-1 sshd[2082]: Received disconnect from 167.172.152.18 port 38976:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:42:00.123Z"}
{"@timestamp":"2022-09-17T18:42:20.140Z","@version":"1","message":"Sep 17 18:42:19 honeypot-sgp-1 sshd[28971]: Invalid user 1admin0 from 185.246.130.20 port 41386","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:42:54 honeypot-fra-1 sshd[25806]: Disconnecting invalid user admin 14.241.100.188 port 49577: Too many authentication failures [preauth]","@timestamp":"2022-09-17T18:42:54.745Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:42:57 honeypot-ams-1 sshd[2088]: Received disconnect from 167.172.152.18 port 36076:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T18:42:58.154Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:43:54 honeypot-ams-1 sshd[2092]: Disconnected from authenticating user root 167.172.152.18 port 33348 [preauth]","@timestamp":"2022-09-17T18:43:55.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:45:18 honeypot-ams-1 sshd[2098]: Disconnected from authenticating user root 167.172.152.18 port 57364 [preauth]","@timestamp":"2022-09-17T18:45:19.222Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:46:14 honeypot-ams-1 sshd[2103]: Disconnected from invalid user git 167.172.152.18 port 54660 [preauth]","@timestamp":"2022-09-17T18:46:15.250Z"}
{"@timestamp":"2022-09-17T18:47:04.255Z","@version":"1","message":"Sep 17 18:47:04 honeypot-sgp-1 sshd[28978]: Received disconnect from 103.242.117.234 port 49884:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:47:09 honeypot-ams-1 sshd[2107]: Disconnected from invalid user oracle 167.172.152.18 port 51762 [preauth]","@timestamp":"2022-09-17T18:47:10.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:04 honeypot-ams-1 sshd[2111]: Disconnected from invalid user odoo 167.172.152.18 port 48926 [preauth]","@timestamp":"2022-09-17T18:48:05.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:48:59 honeypot-ams-1 sshd[2115]: Disconnected from invalid user ec2-user 167.172.152.18 port 46068 [preauth]","@timestamp":"2022-09-17T18:49:00.346Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:49:54 honeypot-ams-1 sshd[2119]: Disconnected from invalid user ubuntu 167.172.152.18 port 43588 [preauth]","@timestamp":"2022-09-17T18:49:55.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:50:48 honeypot-ams-1 sshd[2126]: Invalid user spark from 167.172.152.18 port 40630","@timestamp":"2022-09-17T18:50:49.400Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:51:43 honeypot-ams-1 sshd[2130]: Invalid user debian from 167.172.152.18 port 37652","@timestamp":"2022-09-17T18:51:43.424Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 18:52:11 honeypot-ams-1 kernel: [84317312.115778] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=48421 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T18:52:12.439Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:53:06 honeypot-ams-1 sshd[2136]: Disconnected from invalid user svn 167.172.152.18 port 33412 [preauth]","@timestamp":"2022-09-17T18:53:07.466Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:53:16 honeypot-fra-1 sshd[25814]: Did not receive identification string from 112.44.228.193 port 59281","@timestamp":"2022-09-17T18:53:16.980Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:02 honeypot-ams-1 sshd[2140]: Disconnected from invalid user www 167.172.152.18 port 58920 [preauth]","@timestamp":"2022-09-17T18:54:03.491Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:54:58 honeypot-ams-1 sshd[2144]: Disconnected from invalid user db2inst1 167.172.152.18 port 56036 [preauth]","@timestamp":"2022-09-17T18:54:58.518Z"}
{"@timestamp":"2022-09-17T18:57:06.491Z","@version":"1","message":"Sep 17 18:57:05 honeypot-sgp-1 sshd[28987]: Received disconnect from 61.177.173.50 port 32282:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 18:57:10 honeypot-ams-1 sshd[2149]: Received disconnect from 96.79.228.114 port 58228:11: Bye Bye [preauth]","@timestamp":"2022-09-17T18:57:10.580Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 18:58:10 honeypot-fra-1 sshd[25825]: Did not receive identification string from 36.56.155.150 port 64888","@timestamp":"2022-09-17T18:58:11.093Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T18:59:48.557Z","@version":"1","message":"Sep 17 18:59:48 honeypot-sgp-1 kernel: [84317292.450146] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:00:47 honeypot-ams-1 sshd[2155]: Received disconnect from 43.154.211.62 port 56046:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:00:47.682Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:02:01 honeypot-fra-1 sshd[25829]: Disconnected from invalid user lijing 165.22.45.108 port 33568 [preauth]","@timestamp":"2022-09-17T19:02:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:03:58 honeypot-ams-1 sshd[2160]: Connection closed by 102.152.181.34 port 38787 [preauth]","@timestamp":"2022-09-17T19:03:59.774Z"}
{"@timestamp":"2022-09-17T19:05:20.684Z","@version":"1","message":"Sep 17 19:05:20 honeypot-sgp-1 sshd[28992]: Connection closed by invalid user liu 103.188.176.251 port 40728 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:09:12 honeypot-fra-1 sshd[25835]: Connection closed by 162.142.125.212 port 37076 [preauth]","@timestamp":"2022-09-17T19:09:12.343Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:12:13.852Z","@version":"1","message":"Sep 17 19:12:13 honeypot-sgp-1 sshd[28999]: Disconnected from authenticating user root 61.177.172.104 port 44044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:12:50 honeypot-fra-1 sshd[25840]: Invalid user songzijie from 194.163.190.53 port 56356","@timestamp":"2022-09-17T19:12:51.429Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:12:52 honeypot-ams-1 sshd[2164]: Disconnected from authenticating user root 124.221.41.109 port 46154 [preauth]","@timestamp":"2022-09-17T19:12:53.019Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:14:33 honeypot-fra-1 sshd[25845]: Disconnected from authenticating user root 34.151.215.28 port 37108 [preauth]","@timestamp":"2022-09-17T19:14:33.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:17:01 honeypot-ams-1 CRON[2171]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T19:17:01.131Z"}
{"@timestamp":"2022-09-17T19:17:01.972Z","@version":"1","message":"Sep 17 19:17:01 honeypot-sgp-1 CRON[29008]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:19:29.032Z","@version":"1","message":"Sep 17 19:19:28 honeypot-sgp-1 sshd[29013]: Invalid user applsys from 180.69.254.177 port 57247","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:20:36 honeypot-ams-1 sshd[2177]: Disconnected from authenticating user root 124.221.41.109 port 34800 [preauth]","@timestamp":"2022-09-17T19:20:37.226Z"}
{"@timestamp":"2022-09-17T19:20:43.081Z","@version":"1","message":"Sep 17 19:20:42 honeypot-sgp-1 sshd[29017]: Disconnected from authenticating user root 61.177.173.39 port 41645 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:20:57 honeypot-fra-1 sshd[25853]: Connection closed by invalid user songzijie 194.163.190.53 port 36920 [preauth]","@timestamp":"2022-09-17T19:20:58.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:22:24 honeypot-ams-1 sshd[2181]: Disconnected from authenticating user root 124.221.41.109 port 45058 [preauth]","@timestamp":"2022-09-17T19:22:25.277Z"}
{"@timestamp":"2022-09-17T19:22:54.138Z","@version":"1","message":"Sep 17 19:22:53 honeypot-sgp-1 sshd[29024]: Connection closed by invalid user centos 179.60.147.69 port 44424 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:25:54 honeypot-ams-1 sshd[2188]: Received disconnect from 124.221.41.109 port 36712:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:25:55.373Z"}
{"@timestamp":"2022-09-17T19:26:58.238Z","@version":"1","message":"Sep 17 19:26:58 honeypot-sgp-1 kernel: [84318922.126490] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=47466 DF PROTO=TCP SPT=61453 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:28:38 honeypot-fra-1 sshd[25860]: Connection closed by invalid user sunpeijie 194.163.190.53 port 44676 [preauth]","@timestamp":"2022-09-17T19:28:38.790Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:29:11 honeypot-ams-1 sshd[2195]: Received disconnect from 124.221.41.109 port 55154:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:29:11.462Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:31:40 honeypot-fra-1 sshd[25864]: Received disconnect from 147.182.174.55 port 37082:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:31:40.862Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:32:27 honeypot-ams-1 sshd[2202]: Disconnected from authenticating user root 124.221.41.109 port 45096 [preauth]","@timestamp":"2022-09-17T19:32:27.553Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:35:42 honeypot-ams-1 kernel: [84319923.038382] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=51189 PROTO=TCP SPT=42894 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:35:43.641Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:36:18 honeypot-fra-1 kernel: [84317788.034410] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=26706 PROTO=TCP SPT=42499 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:36:18.969Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:39:17 honeypot-ams-1 kernel: [84320137.504373] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=38964 PROTO=TCP SPT=11203 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:39:17.739Z"}
{"@timestamp":"2022-09-17T19:40:04.544Z","@version":"1","message":"Sep 17 19:40:04 honeypot-sgp-1 sshd[29041]: Received disconnect from 61.177.172.98 port 64549:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:43:38 honeypot-ams-1 sshd[2224]: Received disconnect from 124.221.41.109 port 51480:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:43:38.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:44:14 honeypot-fra-1 sshd[25875]: Invalid user sunpeijie from 194.163.190.53 port 32962","@timestamp":"2022-09-17T19:44:15.150Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T19:45:36.676Z","@version":"1","message":"Sep 17 19:45:36 honeypot-sgp-1 sshd[29046]: Received disconnect from 61.177.173.51 port 25410:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:46:23 honeypot-ams-1 kernel: [84320563.469087] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=45880 PROTO=TCP SPT=2231 DPT=80 WINDOW=16631 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:46:23.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:49:56 honeypot-ams-1 sshd[2234]: Received disconnect from 124.221.41.109 port 58464:11: Bye Bye [preauth]","@timestamp":"2022-09-17T19:49:57.033Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:50:08 honeypot-fra-1 sshd[25880]: Disconnected from authenticating user root 67.205.132.113 port 43686 [preauth]","@timestamp":"2022-09-17T19:50:09.282Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:52:14 honeypot-ams-1 sshd[2238]: Disconnected from invalid user aart 147.182.179.237 port 36652 [preauth]","@timestamp":"2022-09-17T19:52:15.096Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 19:53:51 honeypot-ams-1 kernel: [84321011.615758] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=208.115.115.103 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=18347 PROTO=TCP SPT=4062 DPT=80 WINDOW=20118 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T19:53:52.139Z"}
{"@timestamp":"2022-09-17T19:54:27.880Z","@version":"1","message":"Sep 17 19:54:27 honeypot-sgp-1 sshd[29051]: Disconnected from authenticating user root 61.177.173.36 port 30403 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:55:33.908Z","@version":"1","message":"Sep 17 19:55:33 honeypot-sgp-1 sshd[29056]: Disconnected from invalid user user 45.61.186.169 port 38100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:55:51.917Z","@version":"1","message":"Sep 17 19:55:51 honeypot-sgp-1 sshd[29060]: Disconnected from invalid user user 45.61.186.169 port 33340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T19:56:09.926Z","@version":"1","message":"Sep 17 19:56:09 honeypot-sgp-1 sshd[29064]: Disconnected from invalid user user 45.61.186.169 port 56846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:56:09 honeypot-ams-1 sshd[2249]: Disconnected from authenticating user root 124.221.41.109 port 37006 [preauth]","@timestamp":"2022-09-17T19:56:10.219Z"}
{"@timestamp":"2022-09-17T19:56:25.934Z","@version":"1","message":"Sep 17 19:56:25 honeypot-sgp-1 sshd[29068]: Disconnected from invalid user user 45.61.186.169 port 52074 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 19:56:30 honeypot-ams-1 sshd[2254]: Disconnected from invalid user admin 45.140.141.188 port 42438 [preauth]","@timestamp":"2022-09-17T19:56:30.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:57:53 honeypot-fra-1 sshd[25891]: Connection closed by authenticating user root 34.168.2.103 port 60554 [preauth]","@timestamp":"2022-09-17T19:57:54.460Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 19:59:42 honeypot-fra-1 sshd[25905]: Invalid user wanghao from 194.163.190.53 port 47614","@timestamp":"2022-09-17T19:59:43.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:00:13 honeypot-fra-1 kernel: [84319223.191515] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.201.9.213 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=14996 PROTO=TCP SPT=56599 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:00:14.524Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:37 honeypot-ams-1 sshd[2261]: Invalid user ftpuser from 198.46.152.24 port 47610","@timestamp":"2022-09-17T20:00:37.343Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:00:55 honeypot-ams-1 sshd[2266]: Invalid user user from 45.61.186.249 port 34234","@timestamp":"2022-09-17T20:00:56.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:13 honeypot-ams-1 sshd[2270]: Invalid user user from 45.61.186.249 port 57282","@timestamp":"2022-09-17T20:01:14.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:31 honeypot-ams-1 sshd[2274]: Invalid user user from 45.61.186.249 port 52114","@timestamp":"2022-09-17T20:01:31.374Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:01:48 honeypot-ams-1 sshd[2278]: Invalid user user from 45.61.186.249 port 46942","@timestamp":"2022-09-17T20:01:48.383Z"}
{"@timestamp":"2022-09-17T20:02:07.069Z","@version":"1","message":"Sep 17 20:02:06 honeypot-sgp-1 sshd[29075]: Received disconnect from 61.177.173.50 port 38893:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:02:08 honeypot-fra-1 sshd[25922]: Connection closed by authenticating user root 34.168.2.103 port 59394 [preauth]","@timestamp":"2022-09-17T20:02:08.572Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:02:22 honeypot-ams-1 sshd[2282]: Disconnected from authenticating user root 124.221.41.109 port 43582 [preauth]","@timestamp":"2022-09-17T20:02:23.401Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:03:28 honeypot-fra-1 sshd[25930]: Connection closed by authenticating user root 34.168.2.103 port 33614 [preauth]","@timestamp":"2022-09-17T20:03:29.629Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:05:53 honeypot-fra-1 sshd[25942]: Connection closed by authenticating user root 34.168.2.103 port 41308 [preauth]","@timestamp":"2022-09-17T20:05:53.690Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:07:00 honeypot-ams-1 sshd[2289]: Disconnected from authenticating user root 124.221.41.109 port 41274 [preauth]","@timestamp":"2022-09-17T20:07:01.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:07:32 honeypot-fra-1 sshd[25951]: Connection closed by authenticating user root 34.168.2.103 port 43644 [preauth]","@timestamp":"2022-09-17T20:07:33.734Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:08:32.219Z","@version":"1","message":"Sep 17 20:08:31 honeypot-sgp-1 sshd[29081]: Did not receive identification string from 36.56.155.150 port 57193","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:09:31 honeypot-fra-1 sshd[25965]: Connection closed by authenticating user root 34.168.2.103 port 45312 [preauth]","@timestamp":"2022-09-17T20:09:31.784Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:10:04 honeypot-ams-1 sshd[2293]: Disconnected from authenticating user root 124.221.41.109 port 58494 [preauth]","@timestamp":"2022-09-17T20:10:05.609Z"}
{"@timestamp":"2022-09-17T20:11:09.281Z","@version":"1","message":"Sep 17 20:11:08 honeypot-sgp-1 sshd[29089]: Received disconnect from 143.198.179.96 port 36140:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:11:09 honeypot-fra-1 sshd[25975]: Connection closed by authenticating user root 34.168.2.103 port 39280 [preauth]","@timestamp":"2022-09-17T20:11:09.827Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:12:58 honeypot-fra-1 sshd[25988]: Connection closed by authenticating user root 34.168.2.103 port 48018 [preauth]","@timestamp":"2022-09-17T20:12:58.876Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:14:30 honeypot-fra-1 sshd[25998]: Connection closed by authenticating user root 34.168.2.103 port 38052 [preauth]","@timestamp":"2022-09-17T20:14:31.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:14:35.364Z","@version":"1","message":"Sep 17 20:14:34 honeypot-sgp-1 sshd[29093]: Did not receive identification string from 202.143.111.26 port 55349","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:14:40 honeypot-ams-1 sshd[2301]: Received disconnect from 124.221.41.109 port 56012:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:14:40.757Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:15:47 honeypot-fra-1 sshd[26008]: Connection closed by authenticating user root 34.168.2.103 port 40566 [preauth]","@timestamp":"2022-09-17T20:15:47.952Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:17:01 honeypot-fra-1 CRON[26019]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T20:17:01.986Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:17:02.423Z","@version":"1","message":"Sep 17 20:17:01 honeypot-sgp-1 CRON[29100]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:17:21.433Z","@version":"1","message":"Sep 17 20:17:21 honeypot-sgp-1 sshd[29105]: Disconnected from invalid user stan 198.46.152.24 port 55174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:17:43 honeypot-ams-1 sshd[2308]: Received disconnect from 124.221.41.109 port 44880:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:17:43.844Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:18:53 honeypot-fra-1 sshd[26030]: Connection closed by authenticating user root 34.168.2.103 port 45626 [preauth]","@timestamp":"2022-09-17T20:18:54.035Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:19:52 honeypot-fra-1 sshd[26038]: Connection closed by authenticating user root 34.168.2.103 port 51188 [preauth]","@timestamp":"2022-09-17T20:19:53.061Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:20:45 honeypot-ams-1 sshd[2314]: Disconnected from authenticating user root 124.221.41.109 port 33708 [preauth]","@timestamp":"2022-09-17T20:20:45.929Z"}
{"@timestamp":"2022-09-17T20:21:56.543Z","@version":"1","message":"Sep 17 20:21:55 honeypot-sgp-1 sshd[29113]: Invalid user ve from 209.212.45.102 port 55244","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:23:37.585Z","@version":"1","message":"Sep 17 20:23:37 honeypot-sgp-1 sshd[29117]: Disconnected from authenticating user root 61.177.172.108 port 37248 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:25:19 honeypot-ams-1 sshd[2321]: Received disconnect from 124.221.41.109 port 59234:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:25:20.058Z"}
{"@timestamp":"2022-09-17T20:27:26.678Z","@version":"1","message":"Sep 17 20:27:26 honeypot-sgp-1 sshd[29126]: Disconnected from invalid user smbuser 13.76.166.169 port 46018 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 20:27:43 honeypot-ams-1 kernel: [84323043.615323] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=51041 PROTO=TCP SPT=46406 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:27:44.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:29:52 honeypot-ams-1 sshd[2331]: Disconnected from authenticating user root 124.221.41.109 port 56440 [preauth]","@timestamp":"2022-09-17T20:29:53.187Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:30:16 honeypot-fra-1 kernel: [84321025.565328] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:30:16.292Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T20:31:07.783Z","@version":"1","message":"Sep 17 20:31:07 honeypot-sgp-1 sshd[29130]: Received disconnect from 182.253.117.100 port 48714:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:32:51 honeypot-ams-1 sshd[2340]: Bad protocol version identification 'GET / HTTP/1.1' from 89.248.163.219 port 44098","@timestamp":"2022-09-17T20:32:52.271Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:34:41 honeypot-fra-1 kernel: [84321290.820216] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.129.131 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=39001 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T20:34:41.391Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:35:54 honeypot-ams-1 sshd[2344]: Received disconnect from 124.221.41.109 port 33696:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:35:54.614Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:38:54 honeypot-ams-1 sshd[2350]: Received disconnect from 124.221.41.109 port 50460:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:38:54.698Z"}
{"@timestamp":"2022-09-17T20:39:02.966Z","@version":"1","message":"Sep 17 20:39:02 honeypot-sgp-1 kernel: [84323246.656661] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=3142 DF PROTO=TCP SPT=52381 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:29.003Z","@version":"1","message":"Sep 17 20:40:28 honeypot-sgp-1 sshd[29144]: Invalid user user from 45.61.186.249 port 57290","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:40:49.013Z","@version":"1","message":"Sep 17 20:40:48 honeypot-sgp-1 sshd[29149]: Invalid user user from 45.61.186.249 port 52364","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:41:06.022Z","@version":"1","message":"Sep 17 20:41:05 honeypot-sgp-1 sshd[29153]: Invalid user user from 45.61.186.249 port 47420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26056]: Invalid user dev from 212.87.251.118 port 35390","@timestamp":"2022-09-17T20:41:10.537Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26059]: Invalid user oracle from 212.87.251.118 port 35398","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26063]: Invalid user vagrant from 212.87.251.118 port 35404","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26070]: Invalid user user from 212.87.251.118 port 35432","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26065]: Connection closed by invalid user guest 212.87.251.118 port 35408 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26068]: Connection closed by invalid user ubuntu 212.87.251.118 port 35422 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26056]: Connection closed by invalid user dev 212.87.251.118 port 35390 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:41:09 honeypot-fra-1 sshd[26062]: Connection closed by invalid user esuser 212.87.251.118 port 35400 [preauth]","@timestamp":"2022-09-17T20:41:10.538Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:41:24.031Z","@version":"1","message":"Sep 17 20:41:23 honeypot-sgp-1 sshd[29157]: Invalid user user from 45.61.186.249 port 42536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:41:54 honeypot-ams-1 sshd[2355]: Disconnected from authenticating user root 124.221.41.109 port 38950 [preauth]","@timestamp":"2022-09-17T20:41:55.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:44:52 honeypot-ams-1 sshd[2359]: Disconnected from authenticating user root 124.221.41.109 port 55632 [preauth]","@timestamp":"2022-09-17T20:44:52.864Z"}
{"@timestamp":"2022-09-17T20:47:15.166Z","@version":"1","message":"Sep 17 20:47:14 honeypot-sgp-1 sshd[29163]: Disconnected from authenticating user root 61.177.172.98 port 58537 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:49:19 honeypot-ams-1 sshd[2366]: Disconnected from authenticating user root 124.221.41.109 port 52326 [preauth]","@timestamp":"2022-09-17T20:49:19.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:50:26 honeypot-fra-1 sshd[26102]: Did not receive identification string from 45.61.186.249 port 49690","@timestamp":"2022-09-17T20:50:26.738Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:50:40.247Z","@version":"1","message":"Sep 17 20:50:39 honeypot-sgp-1 sshd[29170]: Invalid user luc from 142.93.163.183 port 36338","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:11 honeypot-fra-1 sshd[26105]: Disconnected from invalid user user 45.61.186.249 port 43122 [preauth]","@timestamp":"2022-09-17T20:51:11.757Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:29 honeypot-fra-1 sshd[26109]: Disconnected from invalid user user 45.61.186.249 port 38206 [preauth]","@timestamp":"2022-09-17T20:51:29.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:51:46 honeypot-fra-1 sshd[26113]: Disconnected from invalid user user 45.61.186.249 port 33278 [preauth]","@timestamp":"2022-09-17T20:51:46.773Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:53:46 honeypot-ams-1 sshd[2373]: Received disconnect from 124.221.41.109 port 48928:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:53:47.105Z"}
{"@timestamp":"2022-09-17T20:53:59.324Z","@version":"1","message":"Sep 17 20:53:59 honeypot-sgp-1 sshd[29175]: Did not receive identification string from 112.44.228.193 port 63793","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T20:55:15.355Z","@version":"1","message":"Sep 17 20:55:14 honeypot-sgp-1 sshd[29180]: Invalid user admin from 159.89.8.45 port 43372","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 20:55:52 honeypot-fra-1 sshd[26119]: Did not receive identification string from 159.89.24.69 port 61000","@timestamp":"2022-09-17T20:55:52.867Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T20:57:20.404Z","@version":"1","message":"Sep 17 20:57:19 honeypot-sgp-1 sshd[29185]: Invalid user biba from 75.188.17.172 port 39328","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 20:58:11 honeypot-ams-1 sshd[2379]: Received disconnect from 124.221.41.109 port 45436:11: Bye Bye [preauth]","@timestamp":"2022-09-17T20:58:12.222Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:02:05 honeypot-ams-1 kernel: [84325105.623015] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=58797 PROTO=TCP SPT=48404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:02:05.328Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:02:43 honeypot-fra-1 sshd[26123]: Disconnected from invalid user admin 92.255.85.69 port 38072 [preauth]","@timestamp":"2022-09-17T21:02:44.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:04:50.578Z","@version":"1","message":"Sep 17 21:04:49 honeypot-sgp-1 kernel: [84324793.477031] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=8.210.162.64 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=40313 PROTO=TCP SPT=48247 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:05:31 honeypot-ams-1 sshd[2392]: Disconnected from authenticating user root 124.221.41.109 port 58284 [preauth]","@timestamp":"2022-09-17T21:05:32.420Z"}
{"@timestamp":"2022-09-17T21:06:42.624Z","@version":"1","message":"Sep 17 21:06:42 honeypot-sgp-1 sshd[29197]: Received disconnect from 92.255.85.69 port 59606:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:06:59 honeypot-ams-1 sshd[2398]: Invalid user atul from 159.65.127.239 port 39106","@timestamp":"2022-09-17T21:07:00.463Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:07:10 honeypot-fra-1 sshd[26129]: Invalid user elvin from 81.169.137.181 port 40684","@timestamp":"2022-09-17T21:07:10.124Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:08:27 honeypot-ams-1 sshd[2402]: Disconnected from authenticating user root 124.221.41.109 port 46406 [preauth]","@timestamp":"2022-09-17T21:08:28.504Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:08:36 honeypot-fra-1 sshd[26133]: Invalid user emil from 81.169.137.181 port 39790","@timestamp":"2022-09-17T21:08:37.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:09:58 honeypot-fra-1 sshd[26137]: Did not receive identification string from 45.61.184.204 port 57274","@timestamp":"2022-09-17T21:09:59.215Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:10:07 honeypot-ams-1 sshd[2408]: Received disconnect from 164.92.210.129 port 57752:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:10:07.550Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:33 honeypot-fra-1 sshd[26140]: Disconnected from invalid user user 45.61.184.204 port 53168 [preauth]","@timestamp":"2022-09-17T21:10:34.230Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:10:43 honeypot-fra-1 sshd[26144]: Disconnected from invalid user user 45.61.184.204 port 36520 [preauth]","@timestamp":"2022-09-17T21:10:44.235Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:01 honeypot-fra-1 sshd[26148]: Disconnected from invalid user user 45.61.184.204 port 59634 [preauth]","@timestamp":"2022-09-17T21:11:02.243Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:16 honeypot-fra-1 sshd[26152]: Disconnected from invalid user equistat 81.169.137.181 port 37908 [preauth]","@timestamp":"2022-09-17T21:11:16.250Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:27 honeypot-fra-1 sshd[26158]: Invalid user user from 45.61.184.204 port 37838","@timestamp":"2022-09-17T21:11:28.256Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:11:54 honeypot-fra-1 sshd[26162]: Invalid user eric from 81.169.137.181 port 51538","@timestamp":"2022-09-17T21:11:55.269Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:12:15.755Z","@version":"1","message":"Sep 17 21:12:15 honeypot-sgp-1 kernel: [84325239.047870] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=86 TOS=0x00 PREC=0x00 TTL=245 ID=6034 PROTO=TCP SPT=29239 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:12:33 honeypot-fra-1 sshd[26165]: Invalid user ericka from 81.169.137.181 port 36960","@timestamp":"2022-09-17T21:12:34.286Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:13:12 honeypot-fra-1 sshd[26169]: Received disconnect from 81.169.137.181 port 50658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:13:13.303Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:14:16 honeypot-ams-1 sshd[2416]: Received disconnect from 124.221.41.109 port 50790:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:14:17.660Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:14:30 honeypot-fra-1 sshd[26173]: Invalid user este from 81.169.137.181 port 49680","@timestamp":"2022-09-17T21:14:30.335Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:14:50.820Z","@version":"1","message":"Sep 17 21:14:50 honeypot-sgp-1 kernel: [84325394.159796] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=225 ID=36510 PROTO=TCP SPT=48404 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:15:43 honeypot-ams-1 sshd[2422]: Received disconnect from 124.221.41.109 port 58932:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:15:44.703Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:15:48 honeypot-fra-1 sshd[26177]: Invalid user estee from 81.169.137.181 port 48720","@timestamp":"2022-09-17T21:15:48.367Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:17:01 honeypot-ams-1 CRON[2427]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-17T21:17:01.740Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:01 honeypot-fra-1 CRON[26181]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-17T21:17:02.397Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:17:46 honeypot-fra-1 sshd[26187]: Received disconnect from 81.169.137.181 port 33208:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T21:17:47.416Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:18:27 honeypot-fra-1 sshd[26190]: Disconnected from invalid user farheen 81.169.137.181 port 46854 [preauth]","@timestamp":"2022-09-17T21:18:28.435Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:19:48 honeypot-fra-1 sshd[26194]: Disconnected from invalid user feel 81.169.137.181 port 45902 [preauth]","@timestamp":"2022-09-17T21:19:49.469Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:20:03 honeypot-ams-1 sshd[2434]: Disconnected from authenticating user root 124.221.41.109 port 55102 [preauth]","@timestamp":"2022-09-17T21:20:03.820Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:21:11 honeypot-fra-1 sshd[26198]: Disconnected from invalid user ferlin 81.169.137.181 port 44968 [preauth]","@timestamp":"2022-09-17T21:21:12.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T21:21:42.977Z","@version":"1","message":"Sep 17 21:21:41 honeypot-sgp-1 kernel: [84325805.862288] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=1601 DF PROTO=TCP SPT=48888 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:22:34 honeypot-fra-1 sshd[26202]: Disconnected from invalid user finsa 81.169.137.181 port 44050 [preauth]","@timestamp":"2022-09-17T21:22:34.537Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:24:25 honeypot-ams-1 sshd[2441]: Received disconnect from 124.221.41.109 port 51172:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:24:25.940Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:26:30 honeypot-ams-1 sshd[2445]: Disconnected from invalid user bull 119.4.210.70 port 35860 [preauth]","@timestamp":"2022-09-17T21:26:30.996Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:28:44 honeypot-ams-1 sshd[2450]: Disconnected from authenticating user root 124.221.41.109 port 47182 [preauth]","@timestamp":"2022-09-17T21:28:45.058Z"}
{"@timestamp":"2022-09-17T21:29:39.188Z","@version":"1","message":"Sep 17 21:29:38 honeypot-sgp-1 sshd[29297]: Received disconnect from 61.177.173.39 port 22987:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:30:52 honeypot-ams-1 sshd[2454]: Disconnected from invalid user apache 189.105.10.204 port 44006 [preauth]","@timestamp":"2022-09-17T21:30:53.116Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:32:44 honeypot-fra-1 kernel: [84324773.400345] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.248.133.142 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=20318 PROTO=TCP SPT=46674 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:32:44.765Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:34:29 honeypot-ams-1 sshd[2461]: Received disconnect from 124.221.41.109 port 51158:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:34:30.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:35:55 honeypot-ams-1 sshd[2466]: Disconnected from authenticating user root 124.221.41.109 port 59188 [preauth]","@timestamp":"2022-09-17T21:35:56.251Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:37:56 honeypot-ams-1 kernel: [84327257.047452] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=43.142.186.224 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=10510 PROTO=TCP SPT=64291 DPT=80 WINDOW=45923 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:37:57.308Z"}
{"@timestamp":"2022-09-17T21:38:51.400Z","@version":"1","message":"Sep 17 21:38:51 honeypot-sgp-1 sshd[29310]: Received disconnect from 61.177.173.37 port 63548:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T21:40:14.435Z","@version":"1","message":"Sep 17 21:40:14 honeypot-sgp-1 kernel: [84326918.207873] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=36183 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:40:24 honeypot-ams-1 sshd[2478]: Received disconnect from 210.22.111.77 port 44729:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:40:24.375Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:43:04 honeypot-ams-1 sshd[2482]: Disconnected from authenticating user root 124.221.41.109 port 42780 [preauth]","@timestamp":"2022-09-17T21:43:05.452Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:44:05 honeypot-fra-1 sshd[26209]: Received disconnect from 92.255.85.70 port 18302:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:44:06.022Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:45:12 honeypot-fra-1 sshd[26213]: Connection closed by invalid user admin 193.106.191.157 port 50112 [preauth]","@timestamp":"2022-09-17T21:45:13.051Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:45:57 honeypot-ams-1 sshd[2489]: Received disconnect from 124.221.41.109 port 58732:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:45:57.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:47:26 honeypot-ams-1 sshd[2493]: Received disconnect from 206.189.233.163 port 43266:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:47:26.572Z"}
{"@timestamp":"2022-09-17T21:47:58.618Z","@version":"1","message":"Sep 17 21:47:58 honeypot-sgp-1 kernel: [84327381.924999] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.116.105.245 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61630 PROTO=TCP SPT=44345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:49:54 honeypot-ams-1 sshd[2497]: Disconnected from invalid user z 190.103.202.7 port 33200 [preauth]","@timestamp":"2022-09-17T21:49:54.636Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:51:00 honeypot-fra-1 sshd[26218]: Connection closed by invalid user admin 157.230.10.173 port 41546 [preauth]","@timestamp":"2022-09-17T21:51:00.184Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 21:51:01 honeypot-fra-1 sshd[26224]: Connection closed by invalid user admin 157.230.10.173 port 41584 [preauth]","@timestamp":"2022-09-17T21:51:02.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:51:37 honeypot-ams-1 sshd[2504]: Received disconnect from 124.221.41.109 port 34062:11: Bye Bye [preauth]","@timestamp":"2022-09-17T21:51:37.688Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:53:01 honeypot-ams-1 sshd[2508]: Disconnected from authenticating user root 124.221.41.109 port 41982 [preauth]","@timestamp":"2022-09-17T21:53:01.728Z"}
{"@timestamp":"2022-09-17T21:54:44.775Z","@version":"1","message":"Sep 17 21:54:44 honeypot-sgp-1 kernel: [84327788.290552] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44500 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 21:56:51 honeypot-ams-1 sshd[2515]: Did not receive identification string from 87.236.176.217 port 59057","@timestamp":"2022-09-17T21:56:51.833Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 21:59:28 honeypot-ams-1 kernel: [84328549.129779] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=94.102.61.8 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=50813 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T21:59:28.904Z"}
{"@timestamp":"2022-09-17T22:00:27.909Z","@version":"1","message":"Sep 17 22:00:26 honeypot-sgp-1 sshd[29332]: Disconnected from invalid user telecomadmin 92.255.85.69 port 54686 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:01:12 honeypot-fra-1 sshd[26229]: Invalid user hugo from 196.191.116.209 port 2074","@timestamp":"2022-09-17T22:01:13.412Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:02:53 honeypot-ams-1 sshd[2527]: Received disconnect from 124.221.41.109 port 40644:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:02:54.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:03:19 honeypot-fra-1 kernel: [84326608.783953] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=125.77.28.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=16454 PROTO=TCP SPT=52787 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:03:20.462Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-17T22:03:50.992Z","@version":"1","message":"Sep 17 22:03:50 honeypot-sgp-1 sshd[29338]: Connection closed by invalid user admin 159.203.178.0 port 54532 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T22:03:54.994Z","@version":"1","message":"Sep 17 22:03:54 honeypot-sgp-1 sshd[29344]: Connection closed by invalid user admin 159.203.178.0 port 54562 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:05:16 honeypot-ams-1 sshd[2531]: Received disconnect from 123.31.29.131 port 49058:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:05:17.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:07:04 honeypot-ams-1 sshd[2536]: Disconnected from authenticating user root 124.221.41.109 port 35900 [preauth]","@timestamp":"2022-09-17T22:07:05.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:09:50 honeypot-ams-1 sshd[2543]: Disconnected from authenticating user root 124.221.41.109 port 51536 [preauth]","@timestamp":"2022-09-17T22:09:51.203Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:11:49 honeypot-ams-1 sshd[2548]: Invalid user user from 45.61.186.249 port 51286","@timestamp":"2022-09-17T22:11:49.276Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:12:00 honeypot-ams-1 kernel: [84329300.680215] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12695 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:12:01.282Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:12:07 honeypot-fra-1 kernel: [84327136.890176] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=54272 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:12:07.678Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:16 honeypot-ams-1 sshd[2554]: Disconnected from invalid user user 45.61.186.249 port 57250 [preauth]","@timestamp":"2022-09-17T22:12:16.290Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:12:33 honeypot-ams-1 sshd[2558]: Disconnected from invalid user user 45.61.186.249 port 51828 [preauth]","@timestamp":"2022-09-17T22:12:33.299Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:13:09 honeypot-ams-1 kernel: [84329369.863047] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=63091 PROTO=TCP SPT=52308 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:13:10.317Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:16:49 honeypot-ams-1 sshd[2569]: Disconnected from authenticating user root 124.221.41.109 port 34058 [preauth]","@timestamp":"2022-09-17T22:16:50.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:19:36 honeypot-ams-1 sshd[2577]: Received disconnect from 124.221.41.109 port 49604:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:19:37.489Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:22:21 honeypot-ams-1 sshd[2581]: Disconnected from authenticating user root 124.221.41.109 port 36890 [preauth]","@timestamp":"2022-09-17T22:22:22.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:25:06 honeypot-ams-1 sshd[2589]: Received disconnect from 124.221.41.109 port 52376:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:25:06.650Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:26:48 honeypot-fra-1 sshd[26245]: Received disconnect from 159.223.164.107 port 33606:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:26:49.028Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T22:27:00.525Z","@version":"1","message":"Sep 17 22:27:00 honeypot-sgp-1 kernel: [84329724.029060] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=128.199.159.202 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=21314 PROTO=TCP SPT=56872 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:27:43 honeypot-ams-1 sshd[2593]: Connection closed by invalid user support 179.60.147.69 port 52198 [preauth]","@timestamp":"2022-09-17T22:27:43.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:29:13 honeypot-ams-1 sshd[2599]: Received disconnect from 43.130.3.44 port 37328:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:29:13.764Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:31:19 honeypot-fra-1 kernel: [84328288.797324] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=89 TOS=0x00 PREC=0x00 TTL=250 ID=3941 PROTO=TCP SPT=23881 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:31:20.128Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:33:19 honeypot-ams-1 sshd[2606]: Received disconnect from 124.221.41.109 port 42144:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:33:19.875Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:37:24 honeypot-ams-1 sshd[2613]: Received disconnect from 124.221.41.109 port 36896:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:37:24.983Z"}
{"@timestamp":"2022-09-17T22:37:41.766Z","@version":"1","message":"Sep 17 22:37:40 honeypot-sgp-1 kernel: [84330364.678009] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.20.227 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=59034 DF PROTO=TCP SPT=45396 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:40:56 honeypot-ams-1 kernel: [84331036.786310] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.44 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=7735 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:40:57.076Z"}
{"@timestamp":"2022-09-17T22:43:28.899Z","@version":"1","message":"Sep 17 22:43:28 honeypot-sgp-1 sshd[29358]: Disconnected from invalid user lilijin 93.189.11.246 port 57893 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:43:58 honeypot-ams-1 kernel: [84331219.209684] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.146.70 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x20 TTL=43 ID=17334 PROTO=TCP SPT=17256 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:43:59.157Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 22:45:24 honeypot-fra-1 kernel: [84329133.644663] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.204.144.160 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=24717 PROTO=TCP SPT=51396 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:45:25.442Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:46:54 honeypot-ams-1 sshd[2633]: Disconnected from authenticating user root 124.221.41.109 port 33682 [preauth]","@timestamp":"2022-09-17T22:46:54.236Z"}
{"@timestamp":"2022-09-17T22:47:03.983Z","@version":"1","message":"Sep 17 22:47:03 honeypot-sgp-1 sshd[29362]: Disconnected from invalid user admin 182.71.227.50 port 39550 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:50:55 honeypot-ams-1 sshd[2639]: Received disconnect from 124.221.41.109 port 56382:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:50:55.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:53:32 honeypot-ams-1 sshd[2645]: Invalid user admin from 200.116.167.188 port 57354","@timestamp":"2022-09-17T22:53:33.413Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 22:54:56 honeypot-ams-1 sshd[2649]: Received disconnect from 124.221.41.109 port 50812:11: Bye Bye [preauth]","@timestamp":"2022-09-17T22:54:57.450Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:57:28 honeypot-ams-1 kernel: [84332028.781645] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=47413 PROTO=TCP SPT=27757 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:57:29.515Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 22:59:03 honeypot-ams-1 kernel: [84332124.173108] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=45356 PROTO=TCP SPT=42499 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T22:59:04.559Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:01:39 honeypot-ams-1 sshd[2663]: Disconnected from authenticating user root 124.221.41.109 port 60186 [preauth]","@timestamp":"2022-09-17T23:01:40.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:04:24 honeypot-ams-1 sshd[2670]: Disconnected from authenticating user root 124.221.41.109 port 46934 [preauth]","@timestamp":"2022-09-17T23:04:24.705Z"}
{"@timestamp":"2022-09-17T23:04:31.384Z","@version":"1","message":"Sep 17 23:04:30 honeypot-sgp-1 sshd[29369]: Invalid user user from 45.61.184.204 port 36886","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:04:51.395Z","@version":"1","message":"Sep 17 23:04:51 honeypot-sgp-1 sshd[29373]: Invalid user user from 45.61.184.204 port 60558","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:09.403Z","@version":"1","message":"Sep 17 23:05:09 honeypot-sgp-1 sshd[29377]: Invalid user user from 45.61.184.204 port 55990","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-17T23:05:27.412Z","@version":"1","message":"Sep 17 23:05:26 honeypot-sgp-1 sshd[29382]: Invalid user user from 45.61.184.204 port 51428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:06:40 honeypot-fra-1 kernel: [84330409.961298] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=44353 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:06:40.921Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:08:21 honeypot-ams-1 sshd[2678]: Disconnected from authenticating user root 124.221.41.109 port 41036 [preauth]","@timestamp":"2022-09-17T23:08:21.810Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:12:19 honeypot-ams-1 sshd[2685]: Received disconnect from 124.221.41.109 port 35018:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:12:19.917Z"}
{"@timestamp":"2022-09-17T23:13:47.602Z","@version":"1","message":"Sep 17 23:13:47 honeypot-sgp-1 sshd[29386]: Received disconnect from 64.227.13.125 port 36646:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:14:59 honeypot-ams-1 kernel: [84333079.263983] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=116.49.86.139 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=25219 PROTO=TCP SPT=45589 DPT=443 WINDOW=59461 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:14:59.988Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:17:10 honeypot-ams-1 sshd[2697]: Disconnected from authenticating user root 43.154.4.192 port 42334 [preauth]","@timestamp":"2022-09-17T23:17:11.049Z"}
{"@timestamp":"2022-09-17T23:19:43.739Z","@version":"1","message":"Sep 17 23:19:42 honeypot-sgp-1 sshd[29392]: Disconnected from invalid user bcd 155.0.2.218 port 39849 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:20:09 honeypot-ams-1 sshd[2704]: Disconnected from authenticating user root 124.221.41.109 port 50940 [preauth]","@timestamp":"2022-09-17T23:20:10.128Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:21:44 honeypot-fra-1 sshd[26281]: Disconnected from authenticating user root 72.240.125.133 port 46904 [preauth]","@timestamp":"2022-09-17T23:21:45.257Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:24:05 honeypot-ams-1 sshd[2711]: Received disconnect from 124.221.41.109 port 44680:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:24:06.232Z"}
{"@timestamp":"2022-09-17T23:25:40.876Z","@version":"1","message":"Sep 17 23:25:39 honeypot-sgp-1 kernel: [84333243.684514] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=89 TOS=0x00 PREC=0x00 TTL=245 ID=40227 PROTO=TCP SPT=1695 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:25:49 honeypot-ams-1 sshd[2716]: Received disconnect from 81.169.137.181 port 32772:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:25:50.281Z"}
{"@timestamp":"2022-09-17T23:26:14.891Z","@version":"1","message":"Sep 17 23:26:14 honeypot-sgp-1 sshd[29415]: Disconnected from authenticating user root 175.203.61.33 port 58174 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:26:36 honeypot-ams-1 sshd[2720]: Disconnected from invalid user elvin 81.169.137.181 port 47896 [preauth]","@timestamp":"2022-09-17T23:26:37.304Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:28:00 honeypot-ams-1 sshd[2726]: Received disconnect from 124.221.41.109 port 38364:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:28:00.344Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:28:46 honeypot-ams-1 sshd[2730]: Received disconnect from 81.169.137.181 port 36878:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:28:46.365Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:29:25 honeypot-ams-1 sshd[2735]: Disconnected from invalid user enver 81.169.137.181 port 52102 [preauth]","@timestamp":"2022-09-17T23:29:25.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:30:34 honeypot-ams-1 sshd[2739]: Disconnected from authenticating user root 124.221.41.109 port 52944 [preauth]","@timestamp":"2022-09-17T23:30:34.419Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:31:03 honeypot-ams-1 kernel: [84334043.638703] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:31:03.433Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:22 honeypot-fra-1 sshd[26287]: Invalid user admin from 193.106.191.157 port 60476","@timestamp":"2022-09-17T23:31:23.476Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:48 honeypot-fra-1 sshd[26292]: Invalid user user from 45.61.186.49 port 41036","@timestamp":"2022-09-17T23:31:48.489Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:31:52 honeypot-ams-1 sshd[2746]: Received disconnect from 124.221.41.109 port 60220:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:31:52.459Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:31:59 honeypot-fra-1 sshd[26296]: Invalid user user from 45.61.186.49 port 52744","@timestamp":"2022-09-17T23:31:59.494Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:32:36 honeypot-ams-1 sshd[2750]: Received disconnect from 81.169.137.181 port 43044:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-17T23:32:37.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:33:15 honeypot-ams-1 sshd[2754]: Disconnected from invalid user es 81.169.137.181 port 58160 [preauth]","@timestamp":"2022-09-17T23:33:16.501Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:34:06 honeypot-ams-1 sshd[2758]: Connection closed by invalid user guest 103.188.176.251 port 60388 [preauth]","@timestamp":"2022-09-17T23:34:07.527Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:34:32 honeypot-ams-1 sshd[2763]: Disconnected from invalid user esteban 81.169.137.181 port 60216 [preauth]","@timestamp":"2022-09-17T23:34:33.542Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:35:50 honeypot-ams-1 sshd[2769]: Invalid user euis from 81.169.137.181 port 34026","@timestamp":"2022-09-17T23:35:50.579Z"}
{"@timestamp":"2022-09-17T23:36:32.125Z","@version":"1","message":"Sep 17 23:36:31 honeypot-sgp-1 sshd[29421]: Connection closed by authenticating user root 179.60.147.69 port 64928 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 17 23:36:36 honeypot-ams-1 kernel: [84334376.864901] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=20677 PROTO=TCP SPT=58430 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-17T23:36:37.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:37:08 honeypot-ams-1 sshd[2775]: Disconnected from invalid user fabienne 81.169.137.181 port 36086 [preauth]","@timestamp":"2022-09-17T23:37:09.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:37:39 honeypot-fra-1 sshd[26299]: Connection closed by authenticating user root 179.60.147.69 port 56760 [preauth]","@timestamp":"2022-09-17T23:37:39.626Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:19 honeypot-ams-1 sshd[2779]: Disconnected from authenticating user root 124.221.41.109 port 40008 [preauth]","@timestamp":"2022-09-17T23:38:19.667Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:34 honeypot-ams-1 sshd[2783]: Disconnected from authenticating user root 39.71.48.53 port 31645 [preauth]","@timestamp":"2022-09-17T23:38:35.677Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:39 honeypot-ams-1 sshd[2789]: Received disconnect from 39.71.48.53 port 31728:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:40.680Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:45 honeypot-ams-1 sshd[2795]: Received disconnect from 39.71.48.53 port 29884:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:45.683Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:50 honeypot-ams-1 sshd[2801]: Received disconnect from 39.71.48.53 port 29964:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:50.687Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:38:55 honeypot-ams-1 sshd[2807]: Received disconnect from 39.71.48.53 port 30169:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:38:55.690Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:00 honeypot-ams-1 sshd[2813]: Received disconnect from 39.71.48.53 port 30249:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:01.693Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:06 honeypot-ams-1 sshd[2819]: Received disconnect from 39.71.48.53 port 30450:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:06.697Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:10 honeypot-ams-1 sshd[2827]: Invalid user feel from 81.169.137.181 port 53278","@timestamp":"2022-09-17T23:39:11.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:12 honeypot-ams-1 sshd[2829]: Disconnected from authenticating user root 39.71.48.53 port 30557 [preauth]","@timestamp":"2022-09-17T23:39:13.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:18 honeypot-ams-1 sshd[2835]: Disconnected from authenticating user root 39.71.48.53 port 30791 [preauth]","@timestamp":"2022-09-17T23:39:18.705Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:23 honeypot-ams-1 sshd[2841]: Disconnected from authenticating user root 39.71.48.53 port 30958 [preauth]","@timestamp":"2022-09-17T23:39:23.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:26 honeypot-ams-1 sshd[2847]: Received disconnect from 39.71.48.53 port 31070:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:27.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:31 honeypot-ams-1 sshd[2854]: Received disconnect from 39.71.48.53 port 31169:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:32.714Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:36 honeypot-ams-1 sshd[2856]: Received disconnect from 124.221.41.109 port 47234:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:36.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:38 honeypot-ams-1 sshd[2864]: Received disconnect from 39.71.48.53 port 31421:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:39.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:42 honeypot-ams-1 sshd[2868]: Received disconnect from 39.71.48.53 port 31469:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:42.722Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:45 honeypot-ams-1 sshd[2872]: Received disconnect from 39.71.48.53 port 30120:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:45.723Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:49 honeypot-ams-1 sshd[2878]: Received disconnect from 39.71.48.53 port 31703:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:39:49.726Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:52 honeypot-ams-1 sshd[2882]: Invalid user admin from 39.71.48.53 port 29697","@timestamp":"2022-09-17T23:39:52.729Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:54 honeypot-ams-1 sshd[2886]: Invalid user user from 39.71.48.53 port 29831","@timestamp":"2022-09-17T23:39:54.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:39:57 honeypot-ams-1 sshd[2890]: Disconnected from authenticating user root 39.71.48.53 port 29895 [preauth]","@timestamp":"2022-09-17T23:39:58.733Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:01 honeypot-ams-1 sshd[2894]: Disconnected from invalid user pi 39.71.48.53 port 29951 [preauth]","@timestamp":"2022-09-17T23:40:01.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:04 honeypot-ams-1 sshd[2898]: Disconnected from invalid user ethos 39.71.48.53 port 30126 [preauth]","@timestamp":"2022-09-17T23:40:05.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:08 honeypot-ams-1 sshd[2902]: Disconnected from invalid user miner 39.71.48.53 port 30199 [preauth]","@timestamp":"2022-09-17T23:40:08.741Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:11 honeypot-ams-1 sshd[2906]: Disconnected from invalid user volumio 39.71.48.53 port 30250 [preauth]","@timestamp":"2022-09-17T23:40:11.743Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:13 honeypot-ams-1 sshd[2910]: Disconnected from invalid user flashlight 103.235.170.195 port 36550 [preauth]","@timestamp":"2022-09-17T23:40:13.744Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:16 honeypot-ams-1 sshd[2914]: Disconnected from invalid user postgres 39.71.48.53 port 30446 [preauth]","@timestamp":"2022-09-17T23:40:17.747Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:20 honeypot-ams-1 sshd[2918]: Disconnected from invalid user support 39.71.48.53 port 30518 [preauth]","@timestamp":"2022-09-17T23:40:20.750Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:23 honeypot-ams-1 sshd[2922]: Disconnected from invalid user ubuntu 39.71.48.53 port 30645 [preauth]","@timestamp":"2022-09-17T23:40:23.752Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:27 honeypot-ams-1 sshd[2926]: Disconnected from invalid user ubuntu 39.71.48.53 port 30766 [preauth]","@timestamp":"2022-09-17T23:40:27.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:30 honeypot-ams-1 sshd[2930]: Disconnected from invalid user guest 39.71.48.53 port 30848 [preauth]","@timestamp":"2022-09-17T23:40:30.756Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:34 honeypot-ams-1 sshd[2934]: Disconnected from invalid user cirros 39.71.48.53 port 30988 [preauth]","@timestamp":"2022-09-17T23:40:34.758Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:40:35 honeypot-ams-1 sshd[2938]: Disconnected from invalid user cirros 39.71.48.53 port 31028 [preauth]","@timestamp":"2022-09-17T23:40:36.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:41:57 honeypot-ams-1 sshd[2944]: Invalid user finsa from 81.169.137.181 port 57374","@timestamp":"2022-09-17T23:41:57.798Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:42:57 honeypot-ams-1 sshd[2948]: Invalid user webpop from 68.183.232.27 port 35086","@timestamp":"2022-09-17T23:42:57.829Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:44:04 honeypot-fra-1 sshd[26306]: Connection closed by 193.169.255.16 port 37478 [preauth]","@timestamp":"2022-09-17T23:44:04.774Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:44:43 honeypot-ams-1 sshd[2953]: Received disconnect from 124.221.41.109 port 47856:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:44:43.879Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:45:38 honeypot-ams-1 sshd[2957]: Received disconnect from 36.92.143.137 port 56244:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:45:38.907Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:47:15 honeypot-ams-1 sshd[2961]: Disconnected from authenticating user root 124.221.41.109 port 34000 [preauth]","@timestamp":"2022-09-17T23:47:16.953Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:31 honeypot-ams-1 sshd[2968]: Did not receive identification string from 212.192.246.174 port 60642","@timestamp":"2022-09-17T23:48:31.989Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:48:34 honeypot-ams-1 sshd[2965]: Disconnected from authenticating user root 124.221.41.109 port 41174 [preauth]","@timestamp":"2022-09-17T23:48:34.992Z"}
{"@timestamp":"2022-09-17T23:50:51.453Z","@version":"1","message":"Sep 17 23:50:51 honeypot-sgp-1 sshd[29426]: Invalid user cesar from 124.82.111.218 port 57178","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:52:23 honeypot-ams-1 sshd[2980]: Disconnected from authenticating user root 124.221.41.109 port 34384 [preauth]","@timestamp":"2022-09-17T23:52:24.096Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:56:10 honeypot-ams-1 sshd[2987]: Disconnected from authenticating user root 124.221.41.109 port 55744 [preauth]","@timestamp":"2022-09-17T23:56:11.199Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 17 23:56:30 honeypot-fra-1 sshd[26311]: Invalid user nma from 64.225.17.240 port 45970","@timestamp":"2022-09-17T23:56:31.056Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-17T23:56:52.590Z","@version":"1","message":"Sep 17 23:56:52 honeypot-sgp-1 kernel: [84335116.090894] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=233 ID=54321 PROTO=TCP SPT=52372 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 17 23:58:42 honeypot-ams-1 sshd[2993]: Received disconnect from 124.221.41.109 port 41724:11: Bye Bye [preauth]","@timestamp":"2022-09-17T23:58:42.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:01:12 honeypot-ams-1 sshd[2998]: Disconnected from authenticating user root 124.221.41.109 port 55906 [preauth]","@timestamp":"2022-09-18T00:01:13.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:01:32 honeypot-fra-1 sshd[26317]: Invalid user newtest from 147.182.179.237 port 34636","@timestamp":"2022-09-18T00:01:33.168Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:02:26 honeypot-fra-1 sshd[26322]: Invalid user testmail from 103.141.149.29 port 54950","@timestamp":"2022-09-18T00:02:26.190Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:04:59 honeypot-ams-1 sshd[3004]: Received disconnect from 124.221.41.109 port 48888:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:05:00.454Z"}
{"@timestamp":"2022-09-18T00:06:13.809Z","@version":"1","message":"Sep 18 00:06:12 honeypot-sgp-1 kernel: [84335676.689872] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=161.35.188.242 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=0 PROTO=TCP SPT=16153 DPT=443 WINDOW=0 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:07:18 honeypot-ams-1 sshd[3009]: Connection closed by invalid user admin 193.106.191.157 port 44224 [preauth]","@timestamp":"2022-09-18T00:07:19.522Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:07:30 honeypot-fra-1 sshd[26327]: Invalid user joe from 212.33.250.241 port 37576","@timestamp":"2022-09-18T00:07:30.333Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:08:49.870Z","@version":"1","message":"Sep 18 00:08:49 honeypot-sgp-1 sshd[29438]: Disconnected from invalid user protect 138.68.189.163 port 39754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:09:31 honeypot-ams-1 kernel: [84336352.145270] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.131.24 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37596 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:09:32.590Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:10:45 honeypot-fra-1 sshd[26330]: Disconnected from invalid user user 92.255.85.69 port 42744 [preauth]","@timestamp":"2022-09-18T00:10:45.409Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:12:18 honeypot-ams-1 sshd[3022]: Received disconnect from 92.255.85.70 port 24266:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:12:19.664Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:12:34 honeypot-fra-1 kernel: [84334362.979284] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=184.105.139.126 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=34150 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:12:34.452Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:13:49 honeypot-ams-1 kernel: [84336609.793198] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=137.25.54.5 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=58744 PROTO=TCP SPT=38989 DPT=80 WINDOW=12710 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:13:49.704Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:21 honeypot-fra-1 sshd[26340]: Did not receive identification string from 139.59.152.202 port 58592","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26354]: Invalid user oracle from 139.59.152.202 port 34768","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26370]: Invalid user kibana from 139.59.152.202 port 34806","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26348]: Connection closed by invalid user steam 139.59.152.202 port 34754 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26343]: Connection closed by authenticating user root 139.59.152.202 port 34742 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26376]: Connection closed by invalid user testuser 139.59.152.202 port 34816 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26360]: Invalid user test from 139.59.152.202 port 34788","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26358]: Connection closed by authenticating user root 139.59.152.202 port 34780 [preauth]","@timestamp":"2022-09-18T00:14:22.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:14:22 honeypot-fra-1 sshd[26367]: Invalid user michael from 139.59.152.202 port 34802","@timestamp":"2022-09-18T00:14:23.499Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T00:14:57.015Z","@version":"1","message":"Sep 18 00:14:56 honeypot-sgp-1 kernel: [84336200.378959] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=111 ID=26445 DF PROTO=TCP SPT=64822 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:16:09 honeypot-ams-1 sshd[3030]: Received disconnect from 124.221.41.109 port 55194:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:16:09.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:16:17 honeypot-fra-1 sshd[26404]: Invalid user monitor from 173.186.116.37 port 57096","@timestamp":"2022-09-18T00:16:17.544Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:17:01 honeypot-ams-1 CRON[3035]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T00:17:01.801Z"}
{"@timestamp":"2022-09-18T00:17:02.067Z","@version":"1","message":"Sep 18 00:17:01 honeypot-sgp-1 CRON[29445]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:17:21 honeypot-fra-1 sshd[26409]: Connection closed by invalid user admin 193.106.191.157 port 34532 [preauth]","@timestamp":"2022-09-18T00:17:21.572Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:19:49 honeypot-ams-1 sshd[3043]: Received disconnect from 124.221.41.109 port 47516:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:19:49.881Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:22:17 honeypot-ams-1 sshd[3048]: Disconnected from authenticating user root 124.221.41.109 port 32948 [preauth]","@timestamp":"2022-09-18T00:22:17.951Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:24:58 honeypot-ams-1 kernel: [84337278.824867] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=43992 PROTO=TCP SPT=21695 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:24:59.030Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:28:23 honeypot-ams-1 sshd[3059]: Received disconnect from 124.221.41.109 port 38750:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:28:24.127Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:30:49 honeypot-ams-1 sshd[3065]: Received disconnect from 124.221.41.109 port 52310:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:30:50.198Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:34:27 honeypot-ams-1 sshd[3072]: Received disconnect from 124.221.41.109 port 44370:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:34:28.299Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:36:18 honeypot-ams-1 sshd[3078]: Received disconnect from 191.191.12.169 port 49260:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:36:18.352Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:38:05 honeypot-ams-1 sshd[3082]: Disconnected from authenticating user root 124.221.41.109 port 36374 [preauth]","@timestamp":"2022-09-18T00:38:05.404Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:41:07 honeypot-fra-1 kernel: [84336076.846862] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=65136 DF PROTO=TCP SPT=54595 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T00:41:08.108Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:41:42 honeypot-ams-1 sshd[3089]: Disconnected from authenticating user root 124.221.41.109 port 56528 [preauth]","@timestamp":"2022-09-18T00:41:42.505Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:45:17 honeypot-ams-1 sshd[3096]: Disconnected from authenticating user root 124.221.41.109 port 48402 [preauth]","@timestamp":"2022-09-18T00:45:17.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:47:42 honeypot-ams-1 sshd[3102]: Disconnected from authenticating user root 124.221.41.109 port 33548 [preauth]","@timestamp":"2022-09-18T00:47:42.668Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:48:45 honeypot-fra-1 kernel: [84336534.030396] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=188.157.88.215 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=15533 PROTO=TCP SPT=55647 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:48:45.283Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 00:48:49 honeypot-ams-1 kernel: [84338709.330427] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45117 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T00:48:49.702Z"}
{"@timestamp":"2022-09-18T00:49:13.827Z","@version":"1","message":"Sep 18 00:49:13 honeypot-sgp-1 sshd[29452]: Invalid user debian from 179.60.147.69 port 52974","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:50:07 honeypot-ams-1 sshd[3110]: Received disconnect from 124.221.41.109 port 46900:11: Bye Bye [preauth]","@timestamp":"2022-09-18T00:50:07.742Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:52:33 honeypot-ams-1 sshd[3117]: Invalid user debian from 179.60.147.69 port 2110","@timestamp":"2022-09-18T00:52:33.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:53:57 honeypot-ams-1 sshd[3121]: Disconnected from authenticating user root 128.199.171.119 port 53868 [preauth]","@timestamp":"2022-09-18T00:53:57.850Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 00:55:34 honeypot-fra-1 sshd[26423]: Invalid user admin from 41.215.219.194 port 49061","@timestamp":"2022-09-18T00:55:35.439Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:56:06 honeypot-ams-1 sshd[3125]: Disconnected from authenticating user root 124.221.41.109 port 51986 [preauth]","@timestamp":"2022-09-18T00:56:06.917Z"}
{"@timestamp":"2022-09-18T00:57:02.013Z","@version":"1","message":"Sep 18 00:57:01 honeypot-sgp-1 CRON[29457]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 00:58:27 honeypot-ams-1 sshd[3134]: Disconnected from authenticating user root 124.221.41.109 port 37020 [preauth]","@timestamp":"2022-09-18T00:58:27.985Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:01:59 honeypot-ams-1 sshd[3140]: Disconnected from authenticating user root 124.221.41.109 port 56828 [preauth]","@timestamp":"2022-09-18T01:02:00.084Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:02:53 honeypot-fra-1 kernel: [84337382.513615] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=18910 PROTO=TCP SPT=42792 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:02:54.607Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:03:10 honeypot-ams-1 sshd[3147]: Received disconnect from 124.221.41.109 port 35182:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:03:11.120Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:04:22 honeypot-ams-1 sshd[3151]: Disconnected from authenticating user root 124.221.41.109 port 41758 [preauth]","@timestamp":"2022-09-18T01:04:23.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:06:43 honeypot-ams-1 sshd[3157]: Received disconnect from 124.221.41.109 port 54886:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:06:44.223Z"}
{"@timestamp":"2022-09-18T01:06:51.244Z","@version":"1","message":"Sep 18 01:06:51 honeypot-sgp-1 sshd[29461]: Invalid user wup from 66.98.127.52 port 33704","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:07:11.254Z","@version":"1","message":"Sep 18 01:07:10 honeypot-sgp-1 sshd[29465]: Invalid user rudisill from 43.132.183.192 port 54638","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:08:38 honeypot-ams-1 kernel: [84339898.504580] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=39468 PROTO=TCP SPT=42792 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:08:39.280Z"}
{"@timestamp":"2022-09-18T01:09:06.299Z","@version":"1","message":"Sep 18 01:09:06 honeypot-sgp-1 sshd[29470]: Received disconnect from 49.205.179.22 port 43358:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T01:09:43.316Z","@version":"1","message":"Sep 18 01:09:42 honeypot-sgp-1 sshd[29474]: Received disconnect from 186.215.70.14 port 36569:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:10:01 honeypot-ams-1 kernel: [84339981.152230] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=178.32.126.225 DST=178.62.254.91 LEN=60 TOS=0x18 PREC=0x00 TTL=57 ID=28661 DF PROTO=TCP SPT=12484 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:10:01.318Z"}
{"@timestamp":"2022-09-18T01:11:18.355Z","@version":"1","message":"Sep 18 01:11:18 honeypot-sgp-1 sshd[29479]: Received disconnect from 45.240.88.20 port 51412:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:11:34 honeypot-fra-1 sshd[26436]: Protocol major versions differ for 137.220.228.81 port 58738: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.5 vs. SSH-1.5-Server","@timestamp":"2022-09-18T01:11:35.806Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:12:35 honeypot-ams-1 sshd[3170]: Disconnected from authenticating user root 124.221.41.109 port 59316 [preauth]","@timestamp":"2022-09-18T01:12:36.390Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:36 honeypot-ams-1 sshd[3176]: Received disconnect from 45.61.186.49 port 37550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T01:14:36.466Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:49 honeypot-ams-1 sshd[3180]: Received disconnect from 45.61.186.49 port 49314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T01:14:49.473Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:14:55 honeypot-ams-1 sshd[3182]: Disconnected from authenticating user root 124.221.41.109 port 44096 [preauth]","@timestamp":"2022-09-18T01:14:56.476Z"}
{"@timestamp":"2022-09-18T01:14:57.442Z","@version":"1","message":"Sep 18 01:14:57 honeypot-sgp-1 sshd[29486]: Connection closed by 192.241.221.12 port 50582 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:16:39 honeypot-fra-1 sshd[26442]: Received disconnect from 165.22.45.108 port 60550:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T01:16:39.923Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:17:15 honeypot-ams-1 sshd[3192]: Disconnected from authenticating user root 124.221.41.109 port 57102 [preauth]","@timestamp":"2022-09-18T01:17:15.539Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:19:54 honeypot-ams-1 kernel: [84340574.851147] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=57349 DF PROTO=TCP SPT=65035 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T01:19:55.617Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:19:56 honeypot-fra-1 sshd[26449]: Invalid user if from 211.254.215.197 port 35024","@timestamp":"2022-09-18T01:19:57.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:21:19 honeypot-fra-1 kernel: [84338488.144110] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=2.183.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=36670 PROTO=TCP SPT=26599 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 ","@timestamp":"2022-09-18T01:21:20.036Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:23:03 honeypot-ams-1 sshd[3205]: Received disconnect from 124.221.41.109 port 33054:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:23:04.706Z"}
{"@timestamp":"2022-09-18T01:25:20.681Z","@version":"1","message":"Sep 18 01:25:20 honeypot-sgp-1 sshd[29494]: Invalid user user from 179.60.147.69 port 56696","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:25:24 honeypot-ams-1 sshd[3210]: Disconnected from authenticating user root 124.221.41.109 port 45956 [preauth]","@timestamp":"2022-09-18T01:25:24.771Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:27:41 honeypot-ams-1 sshd[3214]: Disconnected from authenticating user root 124.221.41.109 port 58836 [preauth]","@timestamp":"2022-09-18T01:27:41.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:28:51 honeypot-ams-1 sshd[3218]: Disconnected from authenticating user root 124.221.41.109 port 37034 [preauth]","@timestamp":"2022-09-18T01:28:51.869Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:32:19 honeypot-ams-1 sshd[3225]: Received disconnect from 124.221.41.109 port 56308:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:32:19.963Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:39 honeypot-ams-1 sshd[3231]: Invalid user admin from 143.198.135.228 port 45632","@timestamp":"2022-09-18T01:35:40.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:35:42 honeypot-ams-1 sshd[3239]: Invalid user admin from 143.198.135.228 port 45660","@timestamp":"2022-09-18T01:35:43.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:37:01 honeypot-ams-1 sshd[3244]: Received disconnect from 69.49.245.238 port 58932:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:37:02.095Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:38:02 honeypot-ams-1 sshd[3246]: Disconnected from authenticating user root 124.221.41.109 port 60094 [preauth]","@timestamp":"2022-09-18T01:38:03.123Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:39:47 honeypot-ams-1 kernel: [84341767.568648] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.199.169.235 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=47404 PROTO=TCP SPT=39458 DPT=80 WINDOW=17122 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:39:48.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:42:36 honeypot-ams-1 sshd[3259]: Disconnected from authenticating user root 124.221.41.109 port 57382 [preauth]","@timestamp":"2022-09-18T01:42:37.253Z"}
{"@timestamp":"2022-09-18T01:42:54.089Z","@version":"1","message":"Sep 18 01:42:53 honeypot-sgp-1 sshd[29500]: Disconnected from 159.223.172.195 port 51052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 01:45:42 honeypot-fra-1 kernel: [84339951.072023] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=7445 PROTO=TCP SPT=40849 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:45:42.581Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:46:03 honeypot-ams-1 sshd[3265]: Received disconnect from 124.221.41.109 port 48202:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:46:04.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:48:18 honeypot-ams-1 sshd[3270]: Disconnected from authenticating user root 124.221.41.109 port 60874 [preauth]","@timestamp":"2022-09-18T01:48:18.414Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:51:45 honeypot-ams-1 sshd[3276]: Disconnected from authenticating user root 124.221.41.109 port 51578 [preauth]","@timestamp":"2022-09-18T01:51:45.511Z"}
{"@timestamp":"2022-09-18T01:53:55.363Z","@version":"1","message":"Sep 18 01:53:55 honeypot-sgp-1 kernel: [84342138.631444] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=54958 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:53:58 honeypot-ams-1 sshd[3281]: Received disconnect from 124.221.41.109 port 35928:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:53:58.577Z"}
{"@timestamp":"2022-09-18T01:56:35.429Z","@version":"1","message":"Sep 18 01:56:34 honeypot-sgp-1 kernel: [84342298.465980] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.99.9.236 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=23568 DF PROTO=TCP SPT=54343 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 01:57:20 honeypot-ams-1 sshd[3287]: Received disconnect from 124.221.41.109 port 54764:11: Bye Bye [preauth]","@timestamp":"2022-09-18T01:57:21.672Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 01:58:38 honeypot-ams-1 kernel: [84342898.289921] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.165.71 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=970 PROTO=TCP SPT=59821 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T01:58:38.711Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:09 honeypot-fra-1 sshd[26463]: Disconnected from invalid user user 45.61.186.49 port 46686 [preauth]","@timestamp":"2022-09-18T02:00:09.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:00:18 honeypot-fra-1 sshd[26468]: Received disconnect from 45.61.186.49 port 58048:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:00:18.913Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T02:01:24.546Z","@version":"1","message":"Sep 18 02:01:24 honeypot-sgp-1 sshd[29511]: Invalid user guest from 179.60.147.69 port 26830","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:01:46 honeypot-fra-1 sshd[26473]: Connection closed by authenticating user root 103.188.176.251 port 42356 [preauth]","@timestamp":"2022-09-18T02:01:46.948Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:01:51 honeypot-ams-1 sshd[3298]: Disconnected from authenticating user root 124.221.41.109 port 51564 [preauth]","@timestamp":"2022-09-18T02:01:51.805Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:04:44 honeypot-ams-1 sshd[3306]: Invalid user guest from 179.60.147.69 port 29960","@timestamp":"2022-09-18T02:04:44.887Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:05:32 honeypot-fra-1 kernel: [84341141.474998] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=147.182.199.146 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=35584 PROTO=TCP SPT=46231 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:05:33.041Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:07:20 honeypot-ams-1 kernel: [84343420.693039] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.179.187.239 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=48360 PROTO=TCP SPT=51972 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:07:20.962Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:08:58 honeypot-fra-1 sshd[26486]: Disconnected from authenticating user root 51.250.79.55 port 37306 [preauth]","@timestamp":"2022-09-18T02:08:59.122Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:09:40 honeypot-ams-1 sshd[3316]: Disconnected from authenticating user root 124.221.41.109 port 38668 [preauth]","@timestamp":"2022-09-18T02:09:41.029Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:11:23 honeypot-ams-1 sshd[3321]: Disconnected from invalid user gpadmin 147.182.184.139 port 34342 [preauth]","@timestamp":"2022-09-18T02:11:24.079Z"}
{"@timestamp":"2022-09-18T02:12:23.806Z","@version":"1","message":"Sep 18 02:12:23 honeypot-sgp-1 kernel: [84343246.749615] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.221.113 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=54387 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:13:51 honeypot-fra-1 kernel: [84341639.840277] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.99.9.236 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=2371 DF PROTO=TCP SPT=51518 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:13:51.236Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:14:06 honeypot-ams-1 sshd[3327]: Received disconnect from 124.221.41.109 port 35196:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:14:06.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:14:18 honeypot-ams-1 sshd[3331]: Disconnected from invalid user vnstat 31.47.192.98 port 46218 [preauth]","@timestamp":"2022-09-18T02:14:19.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:16:38 honeypot-ams-1 sshd[3338]: Invalid user admin from 92.255.85.70 port 62516","@timestamp":"2022-09-18T02:16:39.229Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:17:01 honeypot-fra-1 CRON[26497]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T02:17:02.315Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:17:27 honeypot-ams-1 sshd[3343]: Disconnected from authenticating user root 124.221.41.109 port 53716 [preauth]","@timestamp":"2022-09-18T02:17:27.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:31 honeypot-ams-1 sshd[3351]: Disconnected from authenticating user root 124.79.243.92 port 21197 [preauth]","@timestamp":"2022-09-18T02:18:32.285Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:36 honeypot-ams-1 sshd[3355]: Invalid user admin from 124.79.243.92 port 22667","@timestamp":"2022-09-18T02:18:37.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:18:42 honeypot-ams-1 sshd[3359]: Invalid user oracle from 124.79.243.92 port 23880","@timestamp":"2022-09-18T02:18:42.292Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:19:10 honeypot-ams-1 kernel: [84344130.489575] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=3.232.132.136 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=31483 DF PROTO=TCP SPT=50604 DPT=80 WINDOW=62727 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:19:11.305Z"}
{"@timestamp":"2022-09-18T02:19:12.967Z","@version":"1","message":"Sep 18 02:19:12 honeypot-sgp-1 kernel: [84343656.535927] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=24066 DF PROTO=TCP SPT=53014 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:20:44 honeypot-ams-1 sshd[3370]: Received disconnect from 124.221.41.109 port 43972:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:20:45.351Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:21:51 honeypot-ams-1 sshd[3374]: Disconnected from authenticating user root 124.221.41.109 port 50128 [preauth]","@timestamp":"2022-09-18T02:21:52.397Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:21:54 honeypot-fra-1 sshd[26502]: Disconnected from invalid user user 45.61.186.249 port 58758 [preauth]","@timestamp":"2022-09-18T02:21:55.432Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:13 honeypot-fra-1 sshd[26506]: Disconnected from invalid user user 45.61.186.249 port 53532 [preauth]","@timestamp":"2022-09-18T02:22:14.442Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:31 honeypot-fra-1 sshd[26510]: Disconnected from invalid user user 45.61.186.249 port 48356 [preauth]","@timestamp":"2022-09-18T02:22:32.450Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:22:49 honeypot-fra-1 sshd[26514]: Disconnected from invalid user user 45.61.186.249 port 43068 [preauth]","@timestamp":"2022-09-18T02:22:50.458Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:24:03 honeypot-ams-1 sshd[3380]: Disconnected from authenticating user root 124.221.41.109 port 34188 [preauth]","@timestamp":"2022-09-18T02:24:03.459Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:26:13 honeypot-ams-1 sshd[3385]: Disconnected from authenticating user root 124.221.41.109 port 46462 [preauth]","@timestamp":"2022-09-18T02:26:14.519Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:28:26 honeypot-ams-1 sshd[3389]: Received disconnect from 124.221.41.109 port 58694:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:28:26.580Z"}
{"@timestamp":"2022-09-18T02:30:56.244Z","@version":"1","message":"Sep 18 02:30:55 honeypot-sgp-1 kernel: [84344359.232686] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=30772 PROTO=TCP SPT=48204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:31:00 honeypot-ams-1 kernel: [84344840.591199] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=14507 PROTO=TCP SPT=48204 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:31:00.779Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:32:46 honeypot-fra-1 sshd[26520]: Received disconnect from 179.43.156.143 port 41156:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:32:46.701Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 02:33:52 honeypot-ams-1 kernel: [84345013.103238] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=23123 PROTO=TCP SPT=59088 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:33:53.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:34:30 honeypot-fra-1 sshd[26526]: Invalid user fourjs from 218.241.132.133 port 34618","@timestamp":"2022-09-18T02:34:30.743Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:35:05 honeypot-fra-1 sshd[26530]: Disconnected from authenticating user root 179.43.156.143 port 59000 [preauth]","@timestamp":"2022-09-18T02:35:05.759Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:35:43 honeypot-ams-1 sshd[3404]: Invalid user zhuanzhi from 64.227.39.120 port 55658","@timestamp":"2022-09-18T02:35:43.916Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:36:15 honeypot-fra-1 sshd[26535]: Disconnected from invalid user ossuser 179.43.156.143 port 53788 [preauth]","@timestamp":"2022-09-18T02:36:15.788Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:37:07 honeypot-ams-1 sshd[3411]: Received disconnect from 45.183.192.14 port 54598:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:37:07.956Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:37:25 honeypot-fra-1 sshd[26539]: Disconnected from invalid user esunny 179.43.156.143 port 48608 [preauth]","@timestamp":"2022-09-18T02:37:25.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:38:12 honeypot-ams-1 sshd[3413]: Received disconnect from 124.221.41.109 port 56830:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:38:12.988Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:01 honeypot-fra-1 sshd[26546]: Connection closed by authenticating user root 179.60.147.69 port 6398 [preauth]","@timestamp":"2022-09-18T02:39:01.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:39:33 honeypot-fra-1 sshd[26550]: Disconnected from invalid user linda 165.22.45.108 port 37832 [preauth]","@timestamp":"2022-09-18T02:39:33.887Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:45 honeypot-ams-1 sshd[3422]: Received disconnect from 84.122.178.78 port 34628:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:39:46.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:45 honeypot-ams-1 sshd[3426]: Disconnected from invalid user ubnt 84.122.178.78 port 34792 [preauth]","@timestamp":"2022-09-18T02:39:46.033Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:47 honeypot-ams-1 sshd[3432]: Disconnected from authenticating user root 84.122.178.78 port 34856 [preauth]","@timestamp":"2022-09-18T02:39:48.036Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:48 honeypot-ams-1 sshd[3438]: Disconnected from authenticating user root 84.122.178.78 port 34960 [preauth]","@timestamp":"2022-09-18T02:39:49.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:49 honeypot-ams-1 sshd[3444]: Disconnected from authenticating user root 84.122.178.78 port 35020 [preauth]","@timestamp":"2022-09-18T02:39:50.037Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:51 honeypot-ams-1 sshd[3450]: Disconnected from authenticating user root 84.122.178.78 port 35074 [preauth]","@timestamp":"2022-09-18T02:39:52.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:52 honeypot-ams-1 sshd[3456]: Disconnected from authenticating user root 84.122.178.78 port 35134 [preauth]","@timestamp":"2022-09-18T02:39:53.040Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:53 honeypot-ams-1 sshd[3462]: Disconnected from authenticating user root 84.122.178.78 port 35180 [preauth]","@timestamp":"2022-09-18T02:39:54.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:55 honeypot-ams-1 sshd[3468]: Disconnected from authenticating user root 84.122.178.78 port 35284 [preauth]","@timestamp":"2022-09-18T02:39:56.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:56 honeypot-ams-1 sshd[3474]: Disconnected from authenticating user root 84.122.178.78 port 35480 [preauth]","@timestamp":"2022-09-18T02:39:57.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:57 honeypot-ams-1 sshd[3480]: Disconnected from authenticating user root 84.122.178.78 port 35544 [preauth]","@timestamp":"2022-09-18T02:39:58.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:39:59 honeypot-ams-1 sshd[3486]: Disconnected from authenticating user root 84.122.178.78 port 35654 [preauth]","@timestamp":"2022-09-18T02:39:59.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:00 honeypot-ams-1 sshd[3492]: Disconnected from authenticating user root 84.122.178.78 port 35730 [preauth]","@timestamp":"2022-09-18T02:40:01.046Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:01 honeypot-ams-1 sshd[3496]: Disconnected from invalid user admin 84.122.178.78 port 35780 [preauth]","@timestamp":"2022-09-18T02:40:02.048Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:02 honeypot-ams-1 sshd[3500]: Disconnected from invalid user admin 84.122.178.78 port 35806 [preauth]","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:03 honeypot-ams-1 sshd[3504]: Disconnected from invalid user admin 84.122.178.78 port 35852 [preauth]","@timestamp":"2022-09-18T02:40:03.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:03 honeypot-ams-1 sshd[3508]: Disconnected from invalid user admin 84.122.178.78 port 35882 [preauth]","@timestamp":"2022-09-18T02:40:04.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:04 honeypot-ams-1 sshd[3512]: Disconnected from invalid user admin 84.122.178.78 port 35916 [preauth]","@timestamp":"2022-09-18T02:40:05.050Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:06 honeypot-ams-1 sshd[3518]: Received disconnect from 84.122.178.78 port 36166:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:07.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:06 honeypot-ams-1 sshd[3522]: Received disconnect from 84.122.178.78 port 36238:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:07.052Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:07 honeypot-ams-1 sshd[3526]: Received disconnect from 84.122.178.78 port 36286:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:08.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:08 honeypot-ams-1 sshd[3530]: Received disconnect from 84.122.178.78 port 36366:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:09.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:09 honeypot-ams-1 sshd[3534]: Received disconnect from 84.122.178.78 port 36420:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:10.054Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:10 honeypot-ams-1 sshd[3538]: Received disconnect from 84.122.178.78 port 36464:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:11.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:11 honeypot-ams-1 sshd[3542]: Received disconnect from 84.122.178.78 port 36516:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:12.056Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:12 honeypot-ams-1 sshd[3546]: Received disconnect from 84.122.178.78 port 36552:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:13.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:13 honeypot-ams-1 sshd[3550]: Received disconnect from 84.122.178.78 port 36606:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:14.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:14 honeypot-ams-1 sshd[3554]: Received disconnect from 84.122.178.78 port 36638:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:15.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3558]: Received disconnect from 84.122.178.78 port 36722:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:16.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:15 honeypot-ams-1 sshd[3562]: Received disconnect from 84.122.178.78 port 36872:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:40:16.059Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:40:26 honeypot-fra-1 sshd[26554]: Received disconnect from 179.43.156.143 port 35574:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:40:26.911Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:40:41 honeypot-ams-1 sshd[3566]: Disconnected from invalid user admin 188.166.153.99 port 51362 [preauth]","@timestamp":"2022-09-18T02:40:41.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:41:31 honeypot-ams-1 sshd[3572]: Received disconnect from 124.221.41.109 port 46648:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:41:31.099Z"}
{"@timestamp":"2022-09-18T02:41:32.492Z","@version":"1","message":"Sep 18 02:41:32 honeypot-sgp-1 kernel: [84344995.619189] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.82 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=43636 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:41:41 honeypot-fra-1 sshd[26559]: Received disconnect from 179.43.156.143 port 58618:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:41:41.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:42:20 honeypot-fra-1 sshd[26563]: Disconnected from invalid user drcomadmin 179.43.156.143 port 56034 [preauth]","@timestamp":"2022-09-18T02:42:20.960Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:23 honeypot-ams-1 sshd[3577]: Disconnected from authenticating user root 18.179.32.110 port 24437 [preauth]","@timestamp":"2022-09-18T02:42:24.125Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:28 honeypot-ams-1 sshd[3583]: Received disconnect from 18.179.32.110 port 25799:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:29.128Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:33 honeypot-ams-1 sshd[3587]: Received disconnect from 124.221.41.109 port 52648:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:34.131Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:38 honeypot-ams-1 sshd[3595]: Received disconnect from 18.179.32.110 port 3659:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:39.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:44 honeypot-ams-1 sshd[3601]: Received disconnect from 18.179.32.110 port 17027:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:44.138Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:49 honeypot-ams-1 sshd[3607]: Received disconnect from 18.179.32.110 port 2119:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:50.141Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:42:55 honeypot-ams-1 sshd[3613]: Received disconnect from 18.179.32.110 port 10253:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:42:56.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:01 honeypot-ams-1 sshd[3619]: Received disconnect from 18.179.32.110 port 22737:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:01.149Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:06 honeypot-ams-1 sshd[3625]: Received disconnect from 18.179.32.110 port 21891:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:07.152Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:12 honeypot-ams-1 sshd[3631]: Received disconnect from 18.179.32.110 port 17229:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:13.156Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:18 honeypot-ams-1 sshd[3637]: Received disconnect from 18.179.32.110 port 13261:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:19.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:23 honeypot-ams-1 sshd[3643]: Received disconnect from 18.179.32.110 port 12825:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:24.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:29 honeypot-ams-1 sshd[3649]: Invalid user admin from 18.179.32.110 port 26853","@timestamp":"2022-09-18T02:43:30.167Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:32 honeypot-ams-1 sshd[3653]: Invalid user admin from 18.179.32.110 port 18699","@timestamp":"2022-09-18T02:43:33.169Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:36 honeypot-ams-1 sshd[3659]: Invalid user admin from 18.179.32.110 port 10801","@timestamp":"2022-09-18T02:43:37.172Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:43:37 honeypot-fra-1 sshd[26567]: Received disconnect from 179.43.156.143 port 50812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:43:37.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:39 honeypot-ams-1 sshd[3657]: Received disconnect from 124.221.41.109 port 58646:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:40.175Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:43 honeypot-ams-1 sshd[3665]: Received disconnect from 18.179.32.110 port 8049:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:43.177Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:46 honeypot-ams-1 sshd[3669]: Received disconnect from 18.179.32.110 port 20515:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:43:47.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:50 honeypot-ams-1 sshd[3673]: Disconnected from authenticating user root 18.179.32.110 port 13719 [preauth]","@timestamp":"2022-09-18T02:43:51.182Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:56 honeypot-ams-1 sshd[3679]: Invalid user pi from 18.179.32.110 port 20071","@timestamp":"2022-09-18T02:43:56.186Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:43:59 honeypot-ams-1 sshd[3683]: Invalid user ethos from 18.179.32.110 port 13547","@timestamp":"2022-09-18T02:44:00.189Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:03 honeypot-ams-1 sshd[3687]: Invalid user miner from 18.179.32.110 port 26355","@timestamp":"2022-09-18T02:44:04.192Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:07 honeypot-ams-1 sshd[3691]: Invalid user volumio from 18.179.32.110 port 8361","@timestamp":"2022-09-18T02:44:08.195Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:11 honeypot-ams-1 sshd[3695]: Invalid user nagios from 18.179.32.110 port 14439","@timestamp":"2022-09-18T02:44:11.197Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:15 honeypot-ams-1 sshd[3699]: Invalid user vagrant from 18.179.32.110 port 17731","@timestamp":"2022-09-18T02:44:15.200Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:18 honeypot-ams-1 sshd[3703]: Invalid user debian from 18.179.32.110 port 30513","@timestamp":"2022-09-18T02:44:19.204Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:22 honeypot-ams-1 sshd[3707]: Invalid user debian from 18.179.32.110 port 28149","@timestamp":"2022-09-18T02:44:23.208Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:26 honeypot-ams-1 sshd[3711]: Invalid user alarm from 18.179.32.110 port 21203","@timestamp":"2022-09-18T02:44:27.210Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:30 honeypot-ams-1 sshd[3715]: Invalid user test from 18.179.32.110 port 30153","@timestamp":"2022-09-18T02:44:31.212Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:44:34 honeypot-ams-1 sshd[3719]: Invalid user cirros from 18.179.32.110 port 8723","@timestamp":"2022-09-18T02:44:34.214Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:45:01 honeypot-fra-1 sshd[26573]: Invalid user lucike from 187.235.106.121 port 39552","@timestamp":"2022-09-18T02:45:02.029Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:45:37 honeypot-fra-1 sshd[26577]: Disconnected from authenticating user root 164.92.172.247 port 58074 [preauth]","@timestamp":"2022-09-18T02:45:38.045Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:45:47 honeypot-ams-1 sshd[3723]: Disconnected from authenticating user root 124.221.41.109 port 42366 [preauth]","@timestamp":"2022-09-18T02:45:47.249Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:46:18 honeypot-fra-1 sshd[26584]: Received disconnect from 167.86.117.132 port 43074:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:46:19.063Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:47:40 honeypot-fra-1 sshd[26588]: Disconnected from invalid user centos 179.43.156.143 port 35202 [preauth]","@timestamp":"2022-09-18T02:47:41.096Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:48:38 honeypot-fra-1 kernel: [84343726.660609] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=45755 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T02:48:38.121Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:48:59 honeypot-ams-1 sshd[3730]: Received disconnect from 124.221.41.109 port 60244:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:49:00.335Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:49:45 honeypot-fra-1 sshd[26598]: Disconnected from authenticating user root 179.43.156.143 port 55636 [preauth]","@timestamp":"2022-09-18T02:49:46.151Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:50:26 honeypot-ams-1 sshd[3736]: Connection closed by 156.251.172.207 port 35900 [preauth]","@timestamp":"2022-09-18T02:50:27.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:09 honeypot-fra-1 sshd[26605]: Received disconnect from 179.43.156.143 port 50452:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:51:10.187Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:51:50 honeypot-fra-1 sshd[26609]: Invalid user ansible from 179.43.156.143 port 47818","@timestamp":"2022-09-18T02:51:51.207Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:53:00 honeypot-fra-1 sshd[26613]: Invalid user yc from 157.230.6.213 port 49310","@timestamp":"2022-09-18T02:53:01.235Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:53:15 honeypot-ams-1 sshd[4185]: Received disconnect from 124.221.41.109 port 55764:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:53:15.455Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:53:49 honeypot-fra-1 sshd[26617]: Disconnected from authenticating user root 179.43.156.143 port 40014 [preauth]","@timestamp":"2022-09-18T02:53:49.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:55:49 honeypot-fra-1 sshd[26623]: Received disconnect from 179.43.156.143 port 60460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T02:55:50.307Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:56:24 honeypot-ams-1 sshd[4191]: Received disconnect from 124.221.41.109 port 45248:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:56:24.540Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:57:06 honeypot-fra-1 sshd[26628]: Disconnected from invalid user sysgames 179.43.156.143 port 55264 [preauth]","@timestamp":"2022-09-18T02:57:07.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:57:30 honeypot-ams-1 sshd[4193]: Received disconnect from 124.221.41.109 port 51138:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:57:30.575Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 02:58:14 honeypot-fra-1 sshd[26632]: Received disconnect from 128.199.118.93 port 38060:11: Bye Bye [preauth]","@timestamp":"2022-09-18T02:58:15.369Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 02:59:35 honeypot-ams-1 sshd[4198]: Disconnected from authenticating user root 124.221.41.109 port 34662 [preauth]","@timestamp":"2022-09-18T02:59:36.634Z"}
{"@timestamp":"2022-09-18T02:59:48.924Z","@version":"1","message":"Sep 18 02:59:48 honeypot-sgp-1 kernel: [84346091.650024] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.207.118 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57584 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:01:58 honeypot-ams-1 sshd[4205]: Invalid user  from 118.193.59.59 port 40778","@timestamp":"2022-09-18T03:01:59.703Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:02:01 honeypot-fra-1 kernel: [84344529.907744] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.205.224 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=32808 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:02:01.456Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:02:45 honeypot-fra-1 kernel: [84344574.321754] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=63566 PROTO=TCP SPT=47825 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:02:46.477Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:03:44 honeypot-ams-1 sshd[4209]: Disconnected from authenticating user root 92.255.85.69 port 63324 [preauth]","@timestamp":"2022-09-18T03:03:44.754Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:05:54 honeypot-ams-1 sshd[4216]: Received disconnect from 124.221.41.109 port 41538:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:05:54.816Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:08:00 honeypot-ams-1 sshd[4220]: Received disconnect from 124.221.41.109 port 53178:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:08:00.892Z"}
{"@timestamp":"2022-09-18T03:09:30.161Z","@version":"1","message":"Sep 18 03:09:29 honeypot-sgp-1 kernel: [84346673.441885] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.95.185 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=41138 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:11:07 honeypot-ams-1 sshd[4227]: Received disconnect from 124.221.41.109 port 42350:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:11:07.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:12:17 honeypot-ams-1 sshd[4231]: Disconnected from invalid user monitor 167.71.233.59 port 47412 [preauth]","@timestamp":"2022-09-18T03:12:18.008Z"}
{"@timestamp":"2022-09-18T03:14:06.275Z","@version":"1","message":"Sep 18 03:14:05 honeypot-sgp-1 sshd[29559]: Connection closed by authenticating user nobody 179.60.147.69 port 62260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:14:15 honeypot-ams-1 sshd[4238]: Received disconnect from 124.221.41.109 port 59702:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:14:16.064Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:16:09 honeypot-fra-1 kernel: [84345378.052532] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=27017 PROTO=TCP SPT=50003 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:16:09.776Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:17:01 honeypot-ams-1 CRON[4244]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T03:17:02.137Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:18:24 honeypot-ams-1 sshd[4251]: Received disconnect from 124.221.41.109 port 54496:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:18:25.178Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:20:27 honeypot-ams-1 sshd[4256]: Disconnected from authenticating user root 124.221.41.109 port 37734 [preauth]","@timestamp":"2022-09-18T03:20:28.234Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:20:44 honeypot-fra-1 sshd[26651]: Disconnected from authenticating user root 31.3.91.99 port 49110 [preauth]","@timestamp":"2022-09-18T03:20:45.893Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:23:31 honeypot-ams-1 sshd[4264]: Received disconnect from 124.221.41.109 port 54906:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:23:31.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:25:34 honeypot-ams-1 sshd[4269]: Disconnected from authenticating user root 124.221.41.109 port 38080 [preauth]","@timestamp":"2022-09-18T03:25:34.373Z"}
{"@timestamp":"2022-09-18T03:26:18.568Z","@version":"1","message":"Sep 18 03:26:18 honeypot-sgp-1 sshd[29567]: Disconnected from invalid user josh 162.241.222.29 port 58404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:27:36 honeypot-ams-1 sshd[4273]: Disconnected from authenticating user root 124.221.41.109 port 49458 [preauth]","@timestamp":"2022-09-18T03:27:37.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:27:49 honeypot-fra-1 kernel: [84346078.153559] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=202.164.136.147 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=6360 DF PROTO=TCP SPT=47860 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:27:50.052Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T03:29:35.649Z","@version":"1","message":"Sep 18 03:29:35 honeypot-sgp-1 kernel: [84347878.510056] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.168.205.104 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x20 TTL=242 ID=32532 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:30:37 honeypot-fra-1 sshd[26659]: Disconnected from invalid user 1234 92.255.85.70 port 57960 [preauth]","@timestamp":"2022-09-18T03:30:38.118Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:30:39 honeypot-ams-1 sshd[4280]: Disconnected from authenticating user root 124.221.41.109 port 38228 [preauth]","@timestamp":"2022-09-18T03:30:40.526Z"}
{"@timestamp":"2022-09-18T03:31:17.692Z","@version":"1","message":"Sep 18 03:31:17 honeypot-sgp-1 sshd[29578]: Invalid user sherri from 50.16.104.72 port 47728","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:33:10.739Z","@version":"1","message":"Sep 18 03:33:10 honeypot-sgp-1 sshd[29584]: Received disconnect from 159.223.41.136 port 49432:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:33:42 honeypot-ams-1 sshd[4286]: Received disconnect from 124.221.41.109 port 55166:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:33:42.607Z"}
{"@timestamp":"2022-09-18T03:34:07.764Z","@version":"1","message":"Sep 18 03:34:07 honeypot-sgp-1 sshd[29590]: Received disconnect from 103.163.21.24 port 35627:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:08.765Z","@version":"1","message":"Sep 18 03:34:08 honeypot-sgp-1 sshd[29594]: Disconnected from authenticating user root 103.163.21.24 port 35672 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:10.766Z","@version":"1","message":"Sep 18 03:34:10 honeypot-sgp-1 sshd[29600]: Disconnected from authenticating user root 103.163.21.24 port 35735 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:12.767Z","@version":"1","message":"Sep 18 03:34:12 honeypot-sgp-1 sshd[29606]: Disconnected from authenticating user root 103.163.21.24 port 35795 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:14.769Z","@version":"1","message":"Sep 18 03:34:14 honeypot-sgp-1 sshd[29612]: Disconnected from authenticating user root 103.163.21.24 port 35858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:16.770Z","@version":"1","message":"Sep 18 03:34:15 honeypot-sgp-1 sshd[29618]: Disconnected from authenticating user root 103.163.21.24 port 35919 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:18.771Z","@version":"1","message":"Sep 18 03:34:17 honeypot-sgp-1 sshd[29624]: Disconnected from authenticating user root 103.163.21.24 port 35983 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:19.772Z","@version":"1","message":"Sep 18 03:34:19 honeypot-sgp-1 sshd[29626]: Disconnected from authenticating user root 157.230.178.127 port 59262 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:21.773Z","@version":"1","message":"Sep 18 03:34:21 honeypot-sgp-1 sshd[29636]: Disconnected from authenticating user root 103.163.21.24 port 36086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:23.775Z","@version":"1","message":"Sep 18 03:34:22 honeypot-sgp-1 sshd[29642]: Disconnected from authenticating user root 103.163.21.24 port 36146 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:25.777Z","@version":"1","message":"Sep 18 03:34:24 honeypot-sgp-1 sshd[29648]: Disconnected from authenticating user root 103.163.21.24 port 36209 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:26.777Z","@version":"1","message":"Sep 18 03:34:26 honeypot-sgp-1 sshd[29654]: Disconnected from authenticating user root 103.163.21.24 port 36277 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:28.779Z","@version":"1","message":"Sep 18 03:34:28 honeypot-sgp-1 sshd[29660]: Disconnected from authenticating user root 103.163.21.24 port 36340 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:30.780Z","@version":"1","message":"Sep 18 03:34:29 honeypot-sgp-1 sshd[29664]: Disconnected from invalid user admin 103.163.21.24 port 36382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:31.781Z","@version":"1","message":"Sep 18 03:34:31 honeypot-sgp-1 sshd[29668]: Disconnected from invalid user admin 103.163.21.24 port 36422 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:32.781Z","@version":"1","message":"Sep 18 03:34:32 honeypot-sgp-1 sshd[29672]: Disconnected from invalid user admin 103.163.21.24 port 36467 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:33.782Z","@version":"1","message":"Sep 18 03:34:33 honeypot-sgp-1 sshd[29676]: Disconnected from invalid user admin 103.163.21.24 port 36507 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:35.783Z","@version":"1","message":"Sep 18 03:34:35 honeypot-sgp-1 sshd[29680]: Disconnected from invalid user admin 103.163.21.24 port 36549 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:37.786Z","@version":"1","message":"Sep 18 03:34:36 honeypot-sgp-1 sshd[29686]: Received disconnect from 103.163.21.24 port 36606:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:38.787Z","@version":"1","message":"Sep 18 03:34:38 honeypot-sgp-1 sshd[29690]: Received disconnect from 103.163.21.24 port 36652:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:39.788Z","@version":"1","message":"Sep 18 03:34:39 honeypot-sgp-1 sshd[29694]: Received disconnect from 103.163.21.24 port 36694:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:40.788Z","@version":"1","message":"Sep 18 03:34:40 honeypot-sgp-1 sshd[29698]: Received disconnect from 103.163.21.24 port 36738:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:42.790Z","@version":"1","message":"Sep 18 03:34:42 honeypot-sgp-1 sshd[29702]: Received disconnect from 103.163.21.24 port 36778:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:43.790Z","@version":"1","message":"Sep 18 03:34:43 honeypot-sgp-1 sshd[29706]: Received disconnect from 103.163.21.24 port 36822:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:44.791Z","@version":"1","message":"Sep 18 03:34:44 honeypot-sgp-1 sshd[29710]: Received disconnect from 103.163.21.24 port 36865:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:46.792Z","@version":"1","message":"Sep 18 03:34:45 honeypot-sgp-1 sshd[29714]: Received disconnect from 103.163.21.24 port 36905:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:34:46 honeypot-fra-1 sshd[26663]: Disconnected from invalid user admin 52.149.180.228 port 37170 [preauth]","@timestamp":"2022-09-18T03:34:47.213Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T03:34:47.793Z","@version":"1","message":"Sep 18 03:34:47 honeypot-sgp-1 sshd[29718]: Received disconnect from 103.163.21.24 port 36942:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:48.793Z","@version":"1","message":"Sep 18 03:34:48 honeypot-sgp-1 sshd[29722]: Received disconnect from 103.163.21.24 port 36981:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:49.794Z","@version":"1","message":"Sep 18 03:34:49 honeypot-sgp-1 sshd[29726]: Received disconnect from 103.163.21.24 port 37021:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:34:51.795Z","@version":"1","message":"Sep 18 03:34:50 honeypot-sgp-1 sshd[29730]: Received disconnect from 103.163.21.24 port 37062:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T03:36:29.835Z","@version":"1","message":"Sep 18 03:36:29 honeypot-sgp-1 sshd[29734]: Received disconnect from 128.199.105.162 port 38280:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:36:43 honeypot-ams-1 sshd[4293]: Received disconnect from 124.221.41.109 port 43828:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:36:43.688Z"}
{"@timestamp":"2022-09-18T03:39:15.903Z","@version":"1","message":"Sep 18 03:39:15 honeypot-sgp-1 sshd[29739]: Received disconnect from 211.43.12.240 port 38720:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:39:47 honeypot-ams-1 sshd[4299]: Received disconnect from 124.221.41.109 port 60692:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:39:47.772Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:40:48 honeypot-ams-1 sshd[4304]: Disconnected from authenticating user root 124.221.41.109 port 38074 [preauth]","@timestamp":"2022-09-18T03:40:48.800Z"}
{"@timestamp":"2022-09-18T03:43:06.996Z","@version":"1","message":"Sep 18 03:43:06 honeypot-sgp-1 sshd[29744]: Received disconnect from 139.59.102.10 port 55306:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 03:43:41 honeypot-ams-1 kernel: [84349201.921754] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=88.247.170.168 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=15533 PROTO=TCP SPT=41135 DPT=443 WINDOW=1300 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T03:43:41.880Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:44:32 honeypot-fra-1 sshd[26667]: Disconnected from invalid user steam 103.226.248.146 port 44460 [preauth]","@timestamp":"2022-09-18T03:44:33.432Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:45:48 honeypot-ams-1 sshd[4315]: Disconnected from authenticating user root 124.221.41.109 port 37846 [preauth]","@timestamp":"2022-09-18T03:45:48.937Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:48:50 honeypot-ams-1 sshd[4321]: Received disconnect from 124.221.41.109 port 54606:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:48:51.020Z"}
{"@timestamp":"2022-09-18T03:50:16.168Z","@version":"1","message":"Sep 18 03:50:16 honeypot-sgp-1 sshd[29749]: Invalid user default from 179.60.147.69 port 35522","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:51:49 honeypot-ams-1 sshd[4328]: Received disconnect from 124.221.41.109 port 43074:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:51:50.099Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:53:49 honeypot-ams-1 sshd[4334]: Received disconnect from 124.221.41.109 port 54180:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:53:50.152Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 03:55:07 honeypot-fra-1 sshd[26673]: error: maximum authentication attempts exceeded for invalid user admin from 119.240.188.148 port 62200 ssh2 [preauth]","@timestamp":"2022-09-18T03:55:08.675Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:55:48 honeypot-ams-1 sshd[4339]: Disconnected from authenticating user root 124.221.41.109 port 37034 [preauth]","@timestamp":"2022-09-18T03:55:49.206Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 03:58:48 honeypot-ams-1 sshd[4345]: Received disconnect from 124.221.41.109 port 53636:11: Bye Bye [preauth]","@timestamp":"2022-09-18T03:58:48.288Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:00:47 honeypot-ams-1 sshd[4350]: Disconnected from authenticating user root 124.221.41.109 port 36442 [preauth]","@timestamp":"2022-09-18T04:00:47.343Z"}
{"@timestamp":"2022-09-18T04:01:19.432Z","@version":"1","message":"Sep 18 04:01:18 honeypot-sgp-1 sshd[29753]: Received disconnect from 103.225.124.210 port 47754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:01:34 honeypot-fra-1 sshd[26678]: Invalid user lindsay from 165.22.45.108 port 43332","@timestamp":"2022-09-18T04:01:34.837Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:03:44 honeypot-ams-1 sshd[4356]: Disconnected from authenticating user root 124.221.41.109 port 52962 [preauth]","@timestamp":"2022-09-18T04:03:45.422Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:06:28 honeypot-fra-1 kernel: [84348396.863844] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=90 TOS=0x00 PREC=0x00 TTL=250 ID=15643 PROTO=TCP SPT=14213 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:06:28.954Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:06:42 honeypot-ams-1 sshd[4363]: Disconnected from authenticating user root 124.221.41.109 port 41172 [preauth]","@timestamp":"2022-09-18T04:06:42.500Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:09:37 honeypot-ams-1 sshd[4369]: Disconnected from authenticating user root 124.221.41.109 port 57526 [preauth]","@timestamp":"2022-09-18T04:09:37.577Z"}
{"@timestamp":"2022-09-18T04:09:44.632Z","@version":"1","message":"Sep 18 04:09:44 honeypot-sgp-1 sshd[29760]: Received disconnect from 92.255.85.70 port 35978:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:10:35 honeypot-ams-1 sshd[4375]: Received disconnect from 124.221.41.109 port 34736:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:10:36.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:12:34 honeypot-ams-1 sshd[4380]: Received disconnect from 124.221.41.109 port 45614:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:12:34.659Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:14:30 honeypot-ams-1 sshd[4388]: Received disconnect from 124.221.41.109 port 56448:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:14:30.710Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:17:01 honeypot-ams-1 CRON[4394]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T04:17:01.779Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:18:24 honeypot-ams-1 sshd[4402]: Disconnected from authenticating user root 124.221.41.109 port 49808 [preauth]","@timestamp":"2022-09-18T04:18:24.818Z"}
{"@timestamp":"2022-09-18T04:20:14.881Z","@version":"1","message":"Sep 18 04:20:14 honeypot-sgp-1 sshd[29766]: Received disconnect from 165.227.133.23 port 56252:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:21:18 honeypot-ams-1 sshd[4408]: Received disconnect from 124.221.41.109 port 37700:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:21:18.899Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:22:35 honeypot-fra-1 sshd[26705]: Disconnected from authenticating user root 91.164.189.52 port 11152 [preauth]","@timestamp":"2022-09-18T04:22:36.323Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:24:09 honeypot-ams-1 sshd[4417]: Received disconnect from 124.221.41.109 port 53782:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:24:09.975Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:26:04 honeypot-ams-1 sshd[4424]: Received disconnect from 124.221.41.109 port 36222:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:26:05.028Z"}
{"@timestamp":"2022-09-18T04:26:46.039Z","@version":"1","message":"Sep 18 04:26:45 honeypot-sgp-1 sshd[29771]: Invalid user ubnt from 179.60.147.69 port 31910","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:27:55 honeypot-fra-1 sshd[26710]: Connection closed by invalid user ubnt 179.60.147.69 port 61164 [preauth]","@timestamp":"2022-09-18T04:27:55.448Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:28:44 honeypot-ams-1 sshd[4431]: Received disconnect from 128.199.208.187 port 53224:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:28:45.100Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:29:10 honeypot-ams-1 sshd[4435]: Disconnected from invalid user libsys 222.252.243.104 port 62892 [preauth]","@timestamp":"2022-09-18T04:29:11.113Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:30:06 honeypot-ams-1 sshd[4443]: Invalid user ubnt from 179.60.147.69 port 29330","@timestamp":"2022-09-18T04:30:07.142Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:30:58 honeypot-ams-1 kernel: [84352038.545939] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.4.80.223 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=50450 DF PROTO=TCP SPT=55014 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:30:59.166Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:32:17 honeypot-ams-1 kernel: [84352117.270407] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=3424 DF PROTO=TCP SPT=51492 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T04:32:18.205Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:33:43 honeypot-ams-1 sshd[4453]: Received disconnect from 124.221.41.109 port 50482:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:33:44.243Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:34:54 honeypot-ams-1 sshd[4458]: Disconnected from invalid user dockerroot 43.154.4.192 port 41826 [preauth]","@timestamp":"2022-09-18T04:34:55.276Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:36:25 honeypot-ams-1 sshd[4464]: Received disconnect from 61.177.172.19 port 15362:11:  [preauth]","@timestamp":"2022-09-18T04:36:26.318Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:37:56 honeypot-ams-1 sshd[4478]: Invalid user vy from 1.224.37.98 port 46748","@timestamp":"2022-09-18T04:37:57.360Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:38:51 honeypot-fra-1 sshd[26718]: Did not receive identification string from 45.61.186.169 port 58378","@timestamp":"2022-09-18T04:38:51.701Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:11 honeypot-fra-1 sshd[26721]: Received disconnect from 45.61.186.169 port 56296:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T04:39:12.712Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:39:23 honeypot-ams-1 sshd[4484]: Received disconnect from 124.221.41.109 port 53844:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:39:23.401Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:29 honeypot-fra-1 sshd[26725]: Received disconnect from 45.61.186.169 port 51154:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T04:39:29.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:39:45 honeypot-fra-1 sshd[26729]: Received disconnect from 45.61.186.169 port 46002:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T04:39:45.728Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:39:50 honeypot-ams-1 sshd[4489]: Disconnected from authenticating user root 61.177.173.36 port 31419 [preauth]","@timestamp":"2022-09-18T04:39:51.415Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:40:51 honeypot-ams-1 sshd[4493]: Received disconnect from 185.149.120.61 port 51412:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:40:52.447Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:41:56 honeypot-ams-1 sshd[4497]: Disconnected from authenticating user root 207.154.205.115 port 53364 [preauth]","@timestamp":"2022-09-18T04:41:57.478Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:42:17 honeypot-ams-1 sshd[4503]: Disconnected from authenticating user root 27.118.22.221 port 47858 [preauth]","@timestamp":"2022-09-18T04:42:17.489Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:42:46 honeypot-fra-1 sshd[26734]: Received disconnect from 34.102.23.246 port 59996:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:42:47.799Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:44:04 honeypot-ams-1 sshd[4509]: Received disconnect from 45.119.215.150 port 43710:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:44:05.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:45:57 honeypot-ams-1 sshd[4517]: Disconnected from authenticating user root 124.221.41.109 port 33874 [preauth]","@timestamp":"2022-09-18T04:45:58.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:47:50 honeypot-ams-1 sshd[4521]: Received disconnect from 124.221.41.109 port 44220:11: Bye Bye [preauth]","@timestamp":"2022-09-18T04:47:50.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:49:40 honeypot-ams-1 sshd[4525]: Disconnected from authenticating user root 124.221.41.109 port 54534 [preauth]","@timestamp":"2022-09-18T04:49:41.691Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:51:10 honeypot-ams-1 sshd[4532]: Disconnected from authenticating user root 61.177.173.36 port 58070 [preauth]","@timestamp":"2022-09-18T04:51:10.734Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:52:44 honeypot-ams-1 kernel: [84353344.790729] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=56364 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:52:44.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:54:55 honeypot-ams-1 sshd[4545]: Received disconnect from 61.177.172.124 port 31919:11:  [preauth]","@timestamp":"2022-09-18T04:54:55.839Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 04:55:23 honeypot-ams-1 kernel: [84353503.768723] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=49.4.80.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=41354 PROTO=TCP SPT=55705 DPT=3389 WINDOW=1200 RES=0x00 RST URGP=0 ","@timestamp":"2022-09-18T04:55:23.855Z"}
{"@timestamp":"2022-09-18T04:55:51.745Z","@version":"1","message":"Sep 18 04:55:51 honeypot-sgp-1 sshd[29777]: Invalid user username from 92.255.85.69 port 30090","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:57:04 honeypot-ams-1 sshd[4552]: Disconnected from authenticating user root 124.221.41.109 port 39166 [preauth]","@timestamp":"2022-09-18T04:57:04.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 04:58:06 honeypot-fra-1 kernel: [84351494.506229] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=193.46.255.199 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=29995 PROTO=TCP SPT=61002 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T04:58:07.147Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T04:59:13.827Z","@version":"1","message":"Sep 18 04:59:13 honeypot-sgp-1 kernel: [84353257.100237] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=90 TOS=0x00 PREC=0x00 TTL=245 ID=41943 PROTO=TCP SPT=23327 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 04:59:22 honeypot-ams-1 sshd[4560]: Invalid user zeng from 103.37.83.26 port 54470","@timestamp":"2022-09-18T04:59:22.968Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:00:37 honeypot-ams-1 sshd[4565]: Disconnected from authenticating user root 61.177.173.49 port 42792 [preauth]","@timestamp":"2022-09-18T05:00:38.003Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:02:34 honeypot-ams-1 sshd[4572]: Received disconnect from 124.221.41.109 port 41504:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:02:35.058Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:02:39 honeypot-fra-1 kernel: [84351767.924198] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.53 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=9630 PROTO=TCP SPT=61002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:02:40.253Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T05:03:28.936Z","@version":"1","message":"Sep 18 05:03:28 honeypot-sgp-1 kernel: [84353511.924589] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.213.107 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=60187 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:04:23 honeypot-ams-1 sshd[4581]: Received disconnect from 124.221.41.109 port 51636:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:04:24.107Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:05:20 honeypot-fra-1 sshd[26749]: Disconnected from invalid user kde 34.80.217.216 port 60314 [preauth]","@timestamp":"2022-09-18T05:05:21.315Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:06:10 honeypot-ams-1 sshd[4587]: Invalid user ubnt from 179.60.147.69 port 21980","@timestamp":"2022-09-18T05:06:11.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:08:18 honeypot-ams-1 sshd[4594]: Received disconnect from 61.177.173.51 port 54584:11:  [preauth]","@timestamp":"2022-09-18T05:08:18.212Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:08:53 honeypot-ams-1 sshd[4598]: Disconnected from authenticating user root 124.221.41.109 port 48638 [preauth]","@timestamp":"2022-09-18T05:08:54.231Z"}
{"@timestamp":"2022-09-18T05:10:28.107Z","@version":"1","message":"Sep 18 05:10:27 honeypot-sgp-1 kernel: [84353931.091832] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.160.137 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=17340 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:10:43 honeypot-ams-1 sshd[4604]: Received disconnect from 124.221.41.109 port 58694:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:10:44.283Z"}
{"@timestamp":"2022-09-18T05:11:38.138Z","@version":"1","message":"Sep 18 05:11:37 honeypot-sgp-1 kernel: [84354001.097657] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.163.38 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=30640 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:12:30 honeypot-ams-1 sshd[4611]: Received disconnect from 124.221.41.109 port 40502:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:12:31.334Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:14:17 honeypot-ams-1 sshd[4617]: Received disconnect from 124.221.41.109 port 50514:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:14:17.383Z"}
{"@timestamp":"2022-09-18T05:14:50.217Z","@version":"1","message":"Sep 18 05:14:49 honeypot-sgp-1 sshd[29798]: Disconnected from authenticating user root 20.225.61.197 port 55590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:15:12 honeypot-fra-1 sshd[26753]: Disconnected from authenticating user root 181.30.39.106 port 55802 [preauth]","@timestamp":"2022-09-18T05:15:13.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:15:52 honeypot-ams-1 sshd[4623]: Disconnected from invalid user cwy 64.227.183.182 port 41410 [preauth]","@timestamp":"2022-09-18T05:15:53.427Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:01 honeypot-ams-1 CRON[4633]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T05:17:01.457Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:17:58 honeypot-ams-1 sshd[4641]: Received disconnect from 196.223.151.194 port 49886:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:17:58.485Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:20:34 honeypot-ams-1 sshd[4647]: Received disconnect from 124.221.41.109 port 57152:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:20:34.556Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:20:57 honeypot-fra-1 sshd[26759]: Connection closed by invalid user admin 193.106.191.157 port 60088 [preauth]","@timestamp":"2022-09-18T05:20:57.698Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:21:34 honeypot-ams-1 kernel: [84355074.780038] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=117 ID=32760 DF PROTO=TCP SPT=51226 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T05:21:35.587Z"}
{"@timestamp":"2022-09-18T05:23:32.425Z","@version":"1","message":"Sep 18 05:23:31 honeypot-sgp-1 sshd[29807]: Received disconnect from 181.48.60.50 port 45576:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:24:09 honeypot-ams-1 sshd[4657]: Received disconnect from 124.221.41.109 port 48772:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:24:09.657Z"}
{"@timestamp":"2022-09-18T05:24:45.476Z","@version":"1","message":"Sep 18 05:24:44 honeypot-sgp-1 sshd[29811]: Disconnected from authenticating user root 102.219.33.70 port 34644 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:25:02 honeypot-ams-1 sshd[4662]: Disconnected from authenticating user root 124.221.41.109 port 53724 [preauth]","@timestamp":"2022-09-18T05:25:02.683Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:26:01 honeypot-fra-1 sshd[26765]: Received disconnect from 45.249.247.148 port 34720:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:26:01.815Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:26:47 honeypot-ams-1 sshd[4668]: Disconnected from authenticating user root 124.221.41.109 port 35378 [preauth]","@timestamp":"2022-09-18T05:26:47.735Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:28:35 honeypot-ams-1 sshd[4675]: Received disconnect from 124.221.41.109 port 45244:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:28:35.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:29:37 honeypot-ams-1 sshd[4681]: Received disconnect from 61.177.172.114 port 37860:11:  [preauth]","@timestamp":"2022-09-18T05:29:37.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:31:13 honeypot-ams-1 sshd[4685]: Received disconnect from 124.221.41.109 port 60022:11: Bye Bye [preauth]","@timestamp":"2022-09-18T05:31:14.867Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:33:44 honeypot-ams-1 sshd[4692]: Disconnected from invalid user kr 60.210.40.210 port 2457 [preauth]","@timestamp":"2022-09-18T05:33:44.935Z"}
{"@timestamp":"2022-09-18T05:39:00.818Z","@version":"1","message":"Sep 18 05:39:00 honeypot-sgp-1 sshd[29815]: Connection closed by invalid user test 179.60.147.69 port 23052 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:39:16 honeypot-fra-1 sshd[26768]: Disconnected from invalid user admin 92.255.85.70 port 33210 [preauth]","@timestamp":"2022-09-18T05:39:16.112Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 05:41:25 honeypot-ams-1 kernel: [84356265.940788] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=92 TOS=0x00 PREC=0x00 TTL=252 ID=34841 PROTO=TCP SPT=1269 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T05:41:26.136Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 05:41:29 honeypot-fra-1 sshd[26775]: Invalid user botong from 159.89.163.217 port 54936","@timestamp":"2022-09-18T05:41:30.166Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:45:40 honeypot-ams-1 sshd[4701]: Disconnected from invalid user admin 92.255.85.70 port 51592 [preauth]","@timestamp":"2022-09-18T05:45:41.248Z"}
{"@timestamp":"2022-09-18T05:52:47.150Z","@version":"1","message":"Sep 18 05:52:46 honeypot-sgp-1 kernel: [84356470.063418] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=55696 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T05:55:40.241Z","@version":"1","message":"Sep 18 05:55:39 honeypot-sgp-1 kernel: [84356643.195181] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.82.129.117 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=42233 PROTO=TCP SPT=41632 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:56:57 honeypot-ams-1 sshd[4715]: Disconnected from authenticating user root 61.177.173.50 port 58592 [preauth]","@timestamp":"2022-09-18T05:56:57.543Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 05:57:40 honeypot-ams-1 sshd[4719]: Disconnected from invalid user serviceop 176.122.138.198 port 48190 [preauth]","@timestamp":"2022-09-18T05:57:40.567Z"}
{"@timestamp":"2022-09-18T06:03:43.437Z","@version":"1","message":"Sep 18 06:03:43 honeypot-sgp-1 sshd[29824]: Invalid user team3 from 164.90.224.134 port 51776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:08:31 honeypot-ams-1 kernel: [84357891.413966] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=181.219.149.148 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=20229 PROTO=TCP SPT=24863 DPT=80 WINDOW=37276 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:08:31.854Z"}
{"@timestamp":"2022-09-18T06:08:55.565Z","@version":"1","message":"Sep 18 06:08:55 honeypot-sgp-1 kernel: [84357438.513027] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=92 TOS=0x00 PREC=0x00 TTL=245 ID=60011 PROTO=TCP SPT=16769 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:15:02.714Z","@version":"1","message":"Sep 18 06:15:01 honeypot-sgp-1 kernel: [84357805.094358] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.239 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57457 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:16:02 honeypot-fra-1 kernel: [84356171.041567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=54574 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:16:02.944Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:16:34 honeypot-ams-1 kernel: [84358374.749813] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=46699 PROTO=TCP SPT=40804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:16:35.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:18:29 honeypot-ams-1 sshd[4828]: Connection closed by invalid user guest 179.60.147.69 port 3294 [preauth]","@timestamp":"2022-09-18T06:18:30.123Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:22:06 honeypot-fra-1 sshd[26880]: Invalid user test from 92.255.85.69 port 42200","@timestamp":"2022-09-18T06:22:07.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:23:40 honeypot-fra-1 kernel: [84356628.169786] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.99.210.35 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=19165 DF PROTO=TCP SPT=54254 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:23:40.121Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T06:23:54.932Z","@version":"1","message":"Sep 18 06:23:54 honeypot-sgp-1 sshd[29837]: Invalid user lisha from 167.172.187.120 port 40080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:25:19 honeypot-ams-1 kernel: [84358899.941472] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=38907 PROTO=TCP SPT=42049 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:25:20.418Z"}
{"@timestamp":"2022-09-18T06:26:46.012Z","@version":"1","message":"Sep 18 06:26:45 honeypot-sgp-1 kernel: [84358508.572435] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.219.13 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=41433 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:29:52 honeypot-fra-1 kernel: [84357000.384932] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=20484 PROTO=TCP SPT=42049 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:29:52.266Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:35 honeypot-ams-1 sshd[5021]: Invalid user admin from 46.19.141.122 port 59210","@timestamp":"2022-09-18T06:31:35.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:31:58 honeypot-ams-1 sshd[5025]: Received disconnect from 46.19.141.122 port 47688:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:31:58.593Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:32:24 honeypot-ams-1 sshd[5029]: Received disconnect from 46.19.141.122 port 41652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:32:24.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:16 honeypot-ams-1 sshd[5033]: Received disconnect from 46.19.141.122 port 40520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:33:16.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:33:42 honeypot-ams-1 sshd[5037]: Received disconnect from 46.19.141.122 port 48362:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:33:43.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:11 honeypot-ams-1 sshd[5041]: Received disconnect from 46.19.141.122 port 41872:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:34:11.661Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:34:39 honeypot-ams-1 sshd[5045]: Received disconnect from 46.19.141.122 port 55824:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:34:40.676Z"}
{"@timestamp":"2022-09-18T06:34:51.210Z","@version":"1","message":"Sep 18 06:34:50 honeypot-sgp-1 sshd[29984]: Received disconnect from 45.61.186.249 port 59658:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:10.219Z","@version":"1","message":"Sep 18 06:35:09 honeypot-sgp-1 sshd[29988]: Received disconnect from 45.61.186.249 port 55016:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:35:09 honeypot-fra-1 kernel: [84357317.689382] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.47 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49975 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:35:10.389Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:11 honeypot-ams-1 sshd[5052]: Disconnected from invalid user telnet 46.19.141.122 port 56566 [preauth]","@timestamp":"2022-09-18T06:35:11.692Z"}
{"@timestamp":"2022-09-18T06:35:27.227Z","@version":"1","message":"Sep 18 06:35:26 honeypot-sgp-1 sshd[29992]: Received disconnect from 45.61.186.249 port 50314:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:35:43.236Z","@version":"1","message":"Sep 18 06:35:43 honeypot-sgp-1 sshd[29996]: Received disconnect from 45.61.186.249 port 45650:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:35:45 honeypot-ams-1 sshd[5058]: Disconnected from authenticating user root 46.19.141.122 port 59724 [preauth]","@timestamp":"2022-09-18T06:35:45.709Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:36:22 honeypot-ams-1 sshd[5066]: Received disconnect from 46.19.141.122 port 37144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:36:22.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:37:22 honeypot-ams-1 sshd[5070]: Disconnected from authenticating user root 61.177.172.98 port 10435 [preauth]","@timestamp":"2022-09-18T06:37:22.759Z"}
{"@timestamp":"2022-09-18T06:37:33.282Z","@version":"1","message":"Sep 18 06:37:32 honeypot-sgp-1 kernel: [84359156.035068] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.3.44.149 DST=159.89.202.188 LEN=52 TOS=0x0A PREC=0x00 TTL=112 ID=28271 DF PROTO=TCP SPT=50402 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:39:41.338Z","@version":"1","message":"Sep 18 06:39:40 honeypot-sgp-1 sshd[30002]: Invalid user frolov from 217.237.123.135 port 18754","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T06:42:08.402Z","@version":"1","message":"Sep 18 06:42:07 honeypot-sgp-1 sshd[30005]: Invalid user mysql from 128.199.42.242 port 33170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:43:46 honeypot-fra-1 sshd[27026]: Received disconnect from 58.246.187.126 port 28627:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:43:46.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:18 honeypot-fra-1 sshd[27031]: Invalid user manager from 68.183.20.198 port 47566","@timestamp":"2022-09-18T06:44:19.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:33 honeypot-fra-1 sshd[27035]: Invalid user user from 45.61.187.160 port 47136","@timestamp":"2022-09-18T06:44:33.609Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:44:51 honeypot-fra-1 sshd[27039]: Invalid user user from 45.61.187.160 port 42456","@timestamp":"2022-09-18T06:44:51.617Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T06:44:54.470Z","@version":"1","message":"Sep 18 06:44:53 honeypot-sgp-1 sshd[30009]: Received disconnect from 210.183.21.48 port 6772:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:45:07 honeypot-fra-1 sshd[27043]: Invalid user user from 45.61.187.160 port 37814","@timestamp":"2022-09-18T06:45:08.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:45:22 honeypot-fra-1 sshd[27046]: Disconnected from invalid user tb5 94.253.14.90 port 38232 [preauth]","@timestamp":"2022-09-18T06:45:22.632Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:46:57 honeypot-fra-1 sshd[27050]: Disconnected from invalid user linjunyang 165.22.45.108 port 54354 [preauth]","@timestamp":"2022-09-18T06:46:58.671Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:48:44 honeypot-fra-1 sshd[27078]: Received disconnect from 107.173.156.165 port 57136:11: Bye Bye [preauth]","@timestamp":"2022-09-18T06:48:44.715Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 06:50:42 honeypot-ams-1 kernel: [84360422.640338] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=89 TOS=0x00 PREC=0x00 TTL=252 ID=28304 PROTO=TCP SPT=26441 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T06:50:43.105Z"}
{"@timestamp":"2022-09-18T06:51:24.628Z","@version":"1","message":"Sep 18 06:51:24 honeypot-sgp-1 sshd[30034]: Invalid user blank from 179.60.147.69 port 12488","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:52:15 honeypot-fra-1 sshd[27083]: Disconnected from authenticating user root 92.255.85.70 port 29060 [preauth]","@timestamp":"2022-09-18T06:52:15.795Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:54:44 honeypot-ams-1 sshd[5177]: Invalid user blank from 179.60.147.69 port 31700","@timestamp":"2022-09-18T06:54:45.216Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:08 honeypot-ams-1 sshd[5181]: Disconnected from invalid user user 45.61.184.204 port 45010 [preauth]","@timestamp":"2022-09-18T06:56:09.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:26 honeypot-ams-1 sshd[5185]: Received disconnect from 45.61.184.204 port 40398:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T06:56:27.268Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:40 honeypot-ams-1 sshd[5189]: Disconnected from authenticating user root 61.177.173.36 port 57559 [preauth]","@timestamp":"2022-09-18T06:56:41.275Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 06:56:54 honeypot-ams-1 sshd[5201]: Disconnected from invalid user user 45.61.184.204 port 47582 [preauth]","@timestamp":"2022-09-18T06:56:55.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 06:59:11 honeypot-fra-1 sshd[27091]: Did not receive identification string from 192.241.221.115 port 45984","@timestamp":"2022-09-18T06:59:11.953Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:00:07.839Z","@version":"1","message":"Sep 18 07:00:07 honeypot-sgp-1 sshd[30041]: Bad protocol version identification 'ABCDEFGHIJKLMNOPQRSTUVWXYZ9999' from 172.104.131.24 port 48416","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:00:43 honeypot-ams-1 kernel: [84361023.143592] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.81.38.136 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=33664 PROTO=TCP SPT=41492 DPT=80 WINDOW=43202 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:00:43.383Z"}
{"@timestamp":"2022-09-18T07:04:08.941Z","@version":"1","message":"Sep 18 07:04:08 honeypot-sgp-1 sshd[30139]: Invalid user oracle from 219.249.140.30 port 60494","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:07:30 honeypot-ams-1 kernel: [84361430.542521] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=36620 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:07:31.562Z"}
{"@timestamp":"2022-09-18T07:08:49.056Z","@version":"1","message":"Sep 18 07:08:48 honeypot-sgp-1 kernel: [84361031.351671] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.12 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=36863 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:08:57 honeypot-fra-1 kernel: [84359345.138903] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40128 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:08:57.174Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T07:13:40.177Z","@version":"1","message":"Sep 18 07:13:39 honeypot-sgp-1 sshd[30148]: Invalid user cloud-user from 31.24.200.23 port 25500","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:06 honeypot-fra-1 sshd[27102]: Invalid user user from 45.61.187.160 port 40774","@timestamp":"2022-09-18T07:16:07.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:24 honeypot-fra-1 sshd[27106]: Invalid user user from 45.61.187.160 port 36460","@timestamp":"2022-09-18T07:16:24.345Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:16:40 honeypot-fra-1 sshd[27110]: Invalid user user from 45.61.187.160 port 60398","@timestamp":"2022-09-18T07:16:41.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:17:01.260Z","@version":"1","message":"Sep 18 07:17:01 honeypot-sgp-1 CRON[30152]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:17:01 honeypot-ams-1 CRON[5228]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T07:17:01.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:17:01 honeypot-fra-1 CRON[27114]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T07:17:02.362Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T07:20:19.344Z","@version":"1","message":"Sep 18 07:20:18 honeypot-sgp-1 sshd[30159]: Connection closed by invalid user test2 103.188.176.251 port 34134 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:23:00 honeypot-fra-1 sshd[27120]: Disconnecting invalid user admin 135.129.133.147 port 38385: Too many authentication failures [preauth]","@timestamp":"2022-09-18T07:23:00.496Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:26:03 honeypot-ams-1 sshd[5238]: Did not receive identification string from 45.61.184.204 port 47092","@timestamp":"2022-09-18T07:26:04.179Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:26:52 honeypot-ams-1 sshd[5241]: Disconnected from invalid user user 45.61.184.204 port 36816 [preauth]","@timestamp":"2022-09-18T07:26:53.202Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:10 honeypot-ams-1 sshd[5246]: Received disconnect from 45.61.184.204 port 60554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:27:11.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:25 honeypot-ams-1 sshd[5250]: Disconnected from authenticating user root 61.177.173.37 port 43220 [preauth]","@timestamp":"2022-09-18T07:27:26.219Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:27:37 honeypot-ams-1 sshd[5254]: Disconnected from invalid user user 45.61.184.204 port 39684 [preauth]","@timestamp":"2022-09-18T07:27:38.226Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:28:41 honeypot-fra-1 sshd[27129]: Invalid user centos from 179.60.147.69 port 7726","@timestamp":"2022-09-18T07:28:42.631Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:30:53 honeypot-ams-1 sshd[5262]: Connection closed by invalid user centos 179.60.147.69 port 60012 [preauth]","@timestamp":"2022-09-18T07:30:54.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:35:56 honeypot-ams-1 sshd[5268]: Disconnected from authenticating user root 61.177.172.108 port 63669 [preauth]","@timestamp":"2022-09-18T07:35:56.453Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 07:40:07 honeypot-ams-1 sshd[5276]: Received disconnect from 134.122.123.117 port 55746:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T07:40:08.563Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:43:32 honeypot-fra-1 kernel: [84361420.932854] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=23.97.234.8 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=114 ID=2140 DF PROTO=TCP SPT=50760 DPT=80 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-18T07:43:33.962Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T07:48:57.020Z","@version":"1","message":"Sep 18 07:48:56 honeypot-sgp-1 sshd[30166]: Disconnected from invalid user user 45.61.186.249 port 59224 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:18.030Z","@version":"1","message":"Sep 18 07:49:17 honeypot-sgp-1 sshd[30170]: Disconnected from invalid user user 45.61.186.249 port 54820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:36.038Z","@version":"1","message":"Sep 18 07:49:35 honeypot-sgp-1 sshd[30174]: Disconnected from invalid user user 45.61.186.249 port 50422 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T07:49:55.049Z","@version":"1","message":"Sep 18 07:49:54 honeypot-sgp-1 sshd[30178]: Disconnected from invalid user user 45.61.186.249 port 46020 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:50:27 honeypot-ams-1 kernel: [84364007.495953] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.208.55 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=36171 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:50:27.833Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 07:57:33 honeypot-fra-1 kernel: [84362261.728143] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.220.250 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59081 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:57:34.277Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T07:58:14.247Z","@version":"1","message":"Sep 18 07:58:14 honeypot-sgp-1 sshd[30182]: Disconnected from invalid user oleta 165.227.160.124 port 49184 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 07:59:37 honeypot-ams-1 kernel: [84364557.228660] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.209.44 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40032 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T07:59:38.076Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:03:28 honeypot-fra-1 sshd[27145]: Disconnected from invalid user ts3bot3 164.90.194.36 port 47030 [preauth]","@timestamp":"2022-09-18T08:03:29.412Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:03:42.379Z","@version":"1","message":"Sep 18 08:03:41 honeypot-sgp-1 sshd[30189]: Connection closed by invalid user support 179.60.147.69 port 41478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:07:00 honeypot-ams-1 sshd[5299]: Invalid user support from 179.60.147.69 port 2494","@timestamp":"2022-09-18T08:07:00.273Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:11:31 honeypot-fra-1 sshd[27150]: Received disconnect from 165.22.45.108 port 59898:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T08:11:31.597Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:17:01 honeypot-ams-1 CRON[5309]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T08:17:02.569Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:18:01 honeypot-fra-1 sshd[27174]: Disconnected from authenticating user root 142.93.58.181 port 47274 [preauth]","@timestamp":"2022-09-18T08:18:02.746Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T08:19:46.762Z","@version":"1","message":"Sep 18 08:19:46 honeypot-sgp-1 kernel: [84365289.693860] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=80.94.92.231 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=46400 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:27:22 honeypot-fra-1 sshd[27179]: Connection closed by invalid user xq 137.116.144.39 port 59604 [preauth]","@timestamp":"2022-09-18T08:27:22.958Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:27:56 honeypot-ams-1 sshd[5322]: Received disconnect from 64.225.65.224 port 55150:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:27:56.859Z"}
{"@timestamp":"2022-09-18T08:29:45.999Z","@version":"1","message":"Sep 18 08:29:45 honeypot-sgp-1 sshd[30220]: Disconnected from invalid user sierra 163.177.9.151 port 46274 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 08:30:37 honeypot-ams-1 kernel: [84366417.532418] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30923 PROTO=TCP SPT=49809 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:30:37.934Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:31:04 honeypot-fra-1 kernel: [84364272.161391] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=31117 PROTO=TCP SPT=49809 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T08:31:05.044Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T08:40:08.246Z","@version":"1","message":"Sep 18 08:40:08 honeypot-sgp-1 sshd[30226]: Invalid user blank from 179.60.147.69 port 63318","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:03.296Z","@version":"1","message":"Sep 18 08:42:02 honeypot-sgp-1 sshd[30231]: Invalid user user from 45.61.186.249 port 57410","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:22.305Z","@version":"1","message":"Sep 18 08:42:21 honeypot-sgp-1 sshd[30235]: Invalid user user from 45.61.186.249 port 52948","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:42:40.315Z","@version":"1","message":"Sep 18 08:42:39 honeypot-sgp-1 sshd[30239]: Invalid user user from 45.61.186.249 port 48484","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 08:42:58 honeypot-fra-1 sshd[27636]: Received disconnect from 92.255.85.70 port 27136:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:42:58.312Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:43:28 honeypot-ams-1 sshd[5359]: Invalid user blank from 179.60.147.69 port 20070","@timestamp":"2022-09-18T08:43:29.289Z"}
{"@timestamp":"2022-09-18T08:45:21.379Z","@version":"1","message":"Sep 18 08:45:21 honeypot-sgp-1 kernel: [84366824.449243] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=0 DF PROTO=TCP SPT=54953 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T08:46:19.403Z","@version":"1","message":"Sep 18 08:46:19 honeypot-sgp-1 sshd[30244]: Received disconnect from 92.255.85.70 port 42356:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:49:10 honeypot-ams-1 sshd[5363]: Disconnected from invalid user djangotest 157.230.6.213 port 35998 [preauth]","@timestamp":"2022-09-18T08:49:11.437Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:54:16 honeypot-ams-1 sshd[5372]: Received disconnect from 157.230.47.60 port 34892:11: Bye Bye [preauth]","@timestamp":"2022-09-18T08:54:17.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 08:55:44 honeypot-ams-1 sshd[5376]: Disconnected from authenticating user root 115.88.38.58 port 48024 [preauth]","@timestamp":"2022-09-18T08:55:44.611Z"}
{"@timestamp":"2022-09-18T08:59:45.725Z","@version":"1","message":"Sep 18 08:59:45 honeypot-sgp-1 kernel: [84367688.323000] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=18727 PROTO=TCP SPT=51261 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:02 honeypot-fra-1 sshd[27642]: Invalid user mysql from 193.106.191.157 port 57744","@timestamp":"2022-09-18T09:01:02.717Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:13 honeypot-fra-1 sshd[27646]: Disconnected from invalid user user 45.61.186.249 port 54380 [preauth]","@timestamp":"2022-09-18T09:01:14.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:33 honeypot-fra-1 sshd[27650]: Received disconnect from 45.61.186.249 port 49372:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:01:33.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:01:52 honeypot-fra-1 sshd[27654]: Invalid user user from 45.61.186.249 port 44364","@timestamp":"2022-09-18T09:01:52.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:02:19 honeypot-fra-1 kernel: [84366147.590367] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=186.208.139.104 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=42858 PROTO=TCP SPT=51261 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:02:20.783Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T09:03:07.806Z","@version":"1","message":"Sep 18 09:03:07 honeypot-sgp-1 sshd[30251]: Disconnected from invalid user egg 80.229.18.62 port 56694 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:09 honeypot-ams-1 sshd[5383]: Received disconnect from 61.177.173.48 port 37611:11:  [preauth]","@timestamp":"2022-09-18T09:03:09.813Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:17 honeypot-ams-1 sshd[5389]: Invalid user ubnt from 149.74.230.97 port 52529","@timestamp":"2022-09-18T09:03:17.818Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:18 honeypot-ams-1 sshd[5393]: Disconnected from authenticating user root 149.74.230.97 port 52565 [preauth]","@timestamp":"2022-09-18T09:03:18.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:19 honeypot-ams-1 sshd[5399]: Disconnected from authenticating user root 149.74.230.97 port 52627 [preauth]","@timestamp":"2022-09-18T09:03:19.819Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:20 honeypot-ams-1 sshd[5405]: Disconnected from authenticating user root 149.74.230.97 port 52675 [preauth]","@timestamp":"2022-09-18T09:03:20.820Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:22 honeypot-ams-1 sshd[5411]: Disconnected from authenticating user root 149.74.230.97 port 52730 [preauth]","@timestamp":"2022-09-18T09:03:22.822Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:23 honeypot-ams-1 sshd[5417]: Disconnected from authenticating user root 149.74.230.97 port 52775 [preauth]","@timestamp":"2022-09-18T09:03:24.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:25 honeypot-ams-1 sshd[5423]: Disconnected from authenticating user root 149.74.230.97 port 52823 [preauth]","@timestamp":"2022-09-18T09:03:25.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:26 honeypot-ams-1 sshd[5429]: Disconnected from authenticating user root 149.74.230.97 port 52873 [preauth]","@timestamp":"2022-09-18T09:03:26.827Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:28 honeypot-ams-1 sshd[5435]: Disconnected from authenticating user root 149.74.230.97 port 52928 [preauth]","@timestamp":"2022-09-18T09:03:28.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:29 honeypot-ams-1 sshd[5441]: Disconnected from authenticating user root 149.74.230.97 port 52986 [preauth]","@timestamp":"2022-09-18T09:03:29.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:30 honeypot-ams-1 sshd[5447]: Disconnected from authenticating user root 149.74.230.97 port 53037 [preauth]","@timestamp":"2022-09-18T09:03:31.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:32 honeypot-ams-1 sshd[5453]: Disconnected from authenticating user root 149.74.230.97 port 53085 [preauth]","@timestamp":"2022-09-18T09:03:32.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:33 honeypot-ams-1 sshd[5459]: Invalid user admin from 149.74.230.97 port 53129","@timestamp":"2022-09-18T09:03:33.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:34 honeypot-ams-1 sshd[5464]: Invalid user admin from 149.74.230.97 port 53167","@timestamp":"2022-09-18T09:03:34.833Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:35 honeypot-ams-1 sshd[5468]: Invalid user admin from 149.74.230.97 port 53199","@timestamp":"2022-09-18T09:03:35.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:36 honeypot-ams-1 sshd[5472]: Invalid user admin from 149.74.230.97 port 53225","@timestamp":"2022-09-18T09:03:36.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:37 honeypot-ams-1 sshd[5476]: Invalid user admin from 149.74.230.97 port 53254","@timestamp":"2022-09-18T09:03:37.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:38 honeypot-ams-1 sshd[5480]: Received disconnect from 149.74.230.97 port 53293:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:03:38.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:39 honeypot-ams-1 sshd[5484]: Disconnected from invalid user pi 149.74.230.97 port 53328 [preauth]","@timestamp":"2022-09-18T09:03:39.837Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:40 honeypot-ams-1 sshd[5488]: Disconnected from invalid user user 149.74.230.97 port 53357 [preauth]","@timestamp":"2022-09-18T09:03:40.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:41 honeypot-ams-1 sshd[5492]: Disconnected from invalid user mine 149.74.230.97 port 53403 [preauth]","@timestamp":"2022-09-18T09:03:41.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:42 honeypot-ams-1 sshd[5496]: Disconnected from invalid user xbmc 149.74.230.97 port 53454 [preauth]","@timestamp":"2022-09-18T09:03:42.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:43 honeypot-ams-1 sshd[5500]: Disconnected from invalid user oracle 149.74.230.97 port 53478 [preauth]","@timestamp":"2022-09-18T09:03:43.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:44 honeypot-ams-1 sshd[5504]: Disconnected from invalid user postgres 149.74.230.97 port 53508 [preauth]","@timestamp":"2022-09-18T09:03:44.842Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:45 honeypot-ams-1 sshd[5508]: Disconnected from invalid user support 149.74.230.97 port 53552 [preauth]","@timestamp":"2022-09-18T09:03:45.843Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:46 honeypot-ams-1 sshd[5512]: Disconnected from invalid user ubuntu 149.74.230.97 port 53583 [preauth]","@timestamp":"2022-09-18T09:03:46.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:47 honeypot-ams-1 sshd[5516]: Disconnected from invalid user ubuntu 149.74.230.97 port 53610 [preauth]","@timestamp":"2022-09-18T09:03:47.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:48 honeypot-ams-1 sshd[5520]: Disconnected from invalid user guest 149.74.230.97 port 53646 [preauth]","@timestamp":"2022-09-18T09:03:48.845Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:03:49 honeypot-ams-1 sshd[5524]: Disconnected from invalid user cirros 149.74.230.97 port 53675 [preauth]","@timestamp":"2022-09-18T09:03:49.846Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:05:31 honeypot-fra-1 sshd[27662]: Received disconnect from 161.35.177.39 port 42568:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:05:32.858Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:07:59.936Z","@version":"1","message":"Sep 18 09:07:59 honeypot-sgp-1 sshd[30256]: Disconnected from invalid user alfred 88.147.254.66 port 53974 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:40 honeypot-fra-1 sshd[27670]: Disconnected from invalid user user 45.61.187.160 port 34274 [preauth]","@timestamp":"2022-09-18T09:11:41.000Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:11:57 honeypot-fra-1 sshd[27674]: Disconnected from invalid user user 45.61.187.160 port 57240 [preauth]","@timestamp":"2022-09-18T09:11:58.007Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:12 honeypot-fra-1 sshd[27678]: Disconnected from invalid user user 45.61.187.160 port 51966 [preauth]","@timestamp":"2022-09-18T09:12:13.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:12:27 honeypot-fra-1 sshd[27682]: Disconnected from invalid user user 45.61.187.160 port 46686 [preauth]","@timestamp":"2022-09-18T09:12:28.021Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:13:18.068Z","@version":"1","message":"Sep 18 09:13:17 honeypot-sgp-1 kernel: [84368500.992444] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=138.68.252.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=52982 PROTO=TCP SPT=52396 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:13:46 honeypot-ams-1 sshd[5535]: Connection closed by invalid user mysql 193.106.191.157 port 34894 [preauth]","@timestamp":"2022-09-18T09:13:47.110Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:15:59 honeypot-fra-1 sshd[27688]: Invalid user user from 45.61.184.204 port 58902","@timestamp":"2022-09-18T09:16:00.104Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:09 honeypot-fra-1 sshd[27698]: Disconnected from invalid user user 45.61.184.204 port 42556 [preauth]","@timestamp":"2022-09-18T09:16:10.110Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:16:14.139Z","@version":"1","message":"Sep 18 09:16:13 honeypot-sgp-1 sshd[30262]: Connection closed by invalid user test 179.60.147.69 port 31446 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:30 honeypot-fra-1 sshd[27702]: Disconnected from invalid user user 45.61.184.204 port 37960 [preauth]","@timestamp":"2022-09-18T09:16:30.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:16:49 honeypot-fra-1 sshd[27706]: Disconnected from invalid user user 45.61.184.204 port 33398 [preauth]","@timestamp":"2022-09-18T09:16:50.140Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:19:19 honeypot-ams-1 kernel: [84369339.859431] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.59.85.184 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=49 ID=11669 DF PROTO=TCP SPT=63219 DPT=3389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:19:20.259Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:20:09 honeypot-ams-1 kernel: [84369389.242115] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.74.58.187 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44147 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:20:10.289Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:23:24 honeypot-ams-1 sshd[5552]: Received disconnect from 61.177.173.36 port 28566:11:  [preauth]","@timestamp":"2022-09-18T09:23:24.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:23:43 honeypot-fra-1 kernel: [84367430.888251] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=59.98.173.237 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=38978 DF PROTO=TCP SPT=37541 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:23:43.297Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:00 honeypot-ams-1 sshd[5557]: Disconnected from invalid user fs2017 190.226.244.9 port 35746 [preauth]","@timestamp":"2022-09-18T09:25:01.423Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:16 honeypot-fra-1 sshd[27720]: Connection closed by invalid user test2 103.188.176.251 port 54688 [preauth]","@timestamp":"2022-09-18T09:25:16.337Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:36 honeypot-ams-1 sshd[5562]: Received disconnect from 45.61.187.160 port 43798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:25:37.442Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:25:46 honeypot-fra-1 sshd[27725]: Disconnected from invalid user user 45.61.187.160 port 37592 [preauth]","@timestamp":"2022-09-18T09:25:47.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:25:53 honeypot-ams-1 sshd[5566]: Received disconnect from 45.61.187.160 port 38476:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:25:54.451Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:02 honeypot-fra-1 sshd[27729]: Disconnected from invalid user user 45.61.187.160 port 60510 [preauth]","@timestamp":"2022-09-18T09:26:03.361Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:10 honeypot-ams-1 sshd[5570]: Received disconnect from 45.61.187.160 port 33132:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:26:10.461Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:26:19 honeypot-fra-1 sshd[27733]: Disconnected from invalid user user 45.61.187.160 port 55170 [preauth]","@timestamp":"2022-09-18T09:26:20.369Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:26:26 honeypot-ams-1 sshd[5574]: Received disconnect from 45.61.187.160 port 56040:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T09:26:26.469Z"}
{"@timestamp":"2022-09-18T09:28:03.420Z","@version":"1","message":"Sep 18 09:28:03 honeypot-sgp-1 kernel: [84369386.289919] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=50526 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:28:24 honeypot-ams-1 sshd[5578]: Received disconnect from 206.217.131.233 port 42204:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:28:25.523Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:28:59 honeypot-ams-1 sshd[5580]: Connection closed by invalid user mysql 193.106.191.157 port 45468 [preauth]","@timestamp":"2022-09-18T09:29:00.541Z"}
{"@timestamp":"2022-09-18T09:31:18.500Z","@version":"1","message":"Sep 18 09:31:18 honeypot-sgp-1 kernel: [84369581.252396] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=107.175.130.186 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=232 ID=23141 PROTO=TCP SPT=52924 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:32:32 honeypot-fra-1 sshd[27738]: Invalid user admin from 89.218.80.61 port 57946","@timestamp":"2022-09-18T09:32:32.508Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:27 honeypot-fra-1 sshd[27741]: Disconnected from invalid user user 45.61.186.249 port 57908 [preauth]","@timestamp":"2022-09-18T09:33:28.531Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:33:35 honeypot-ams-1 sshd[5589]: Received disconnect from 61.177.173.39 port 17869:11:  [preauth]","@timestamp":"2022-09-18T09:33:35.664Z"}
{"@timestamp":"2022-09-18T09:33:47.561Z","@version":"1","message":"Sep 18 09:33:47 honeypot-sgp-1 sshd[30711]: Received disconnect from 172.105.37.138 port 36648:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:33:49 honeypot-fra-1 sshd[27748]: Disconnected from invalid user user 45.61.186.249 port 53084 [preauth]","@timestamp":"2022-09-18T09:33:49.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:07 honeypot-fra-1 sshd[27752]: Invalid user user from 45.61.186.249 port 48268","@timestamp":"2022-09-18T09:34:08.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:16 honeypot-fra-1 sshd[27756]: Invalid user user from 45.61.186.249 port 59948","@timestamp":"2022-09-18T09:34:16.556Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:34:24 honeypot-fra-1 sshd[27758]: Received disconnect from 45.228.19.1 port 46022:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:34:25.560Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:38:22 honeypot-fra-1 kernel: [84368310.131242] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=30880 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:38:22.652Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:41:51 honeypot-ams-1 sshd[5599]: Received disconnect from 194.152.206.17 port 43216:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:41:51.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:44:55 honeypot-fra-1 sshd[27771]: Connection closed by 167.99.107.57 port 57962 [preauth]","@timestamp":"2022-09-18T09:44:55.798Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:46:49 honeypot-ams-1 sshd[5606]: Received disconnect from 61.177.173.53 port 48904:11:  [preauth]","@timestamp":"2022-09-18T09:46:50.035Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:48:18 honeypot-fra-1 sshd[27778]: Received disconnect from 92.205.19.152 port 47470:11: Bye Bye [preauth]","@timestamp":"2022-09-18T09:48:18.875Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:49:47.941Z","@version":"1","message":"Sep 18 09:49:47 honeypot-sgp-1 sshd[30720]: Received disconnect from 189.213.210.132 port 36309:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:18 honeypot-fra-1 sshd[27781]: Disconnected from invalid user user 45.61.184.204 port 36432 [preauth]","@timestamp":"2022-09-18T09:50:18.923Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:39 honeypot-fra-1 sshd[27785]: Disconnected from invalid user user 45.61.184.204 port 59988 [preauth]","@timestamp":"2022-09-18T09:50:39.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:50:59 honeypot-fra-1 sshd[27789]: Disconnected from invalid user user 45.61.184.204 port 55326 [preauth]","@timestamp":"2022-09-18T09:50:59.942Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T09:51:08.975Z","@version":"1","message":"Sep 18 09:51:08 honeypot-sgp-1 sshd[30725]: Disconnected from invalid user no 46.101.29.76 port 48318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:51:15 honeypot-fra-1 sshd[27793]: Disconnected from invalid user user 45.61.184.204 port 50658 [preauth]","@timestamp":"2022-09-18T09:51:15.950Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 09:54:14 honeypot-ams-1 sshd[5611]: Disconnected from 161.35.113.79 port 33976 [preauth]","@timestamp":"2022-09-18T09:54:14.232Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27802]: Invalid user admin from 140.246.118.203 port 41928","@timestamp":"2022-09-18T09:55:51.054Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:51 honeypot-fra-1 sshd[27802]: Connection closed by invalid user admin 140.246.118.203 port 41928 [preauth]","@timestamp":"2022-09-18T09:55:52.055Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 09:55:55 honeypot-fra-1 sshd[27815]: Connection closed by invalid user pi 140.246.118.203 port 41924 [preauth]","@timestamp":"2022-09-18T09:55:56.057Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 09:56:56 honeypot-ams-1 kernel: [84371596.843097] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=58179 PROTO=TCP SPT=8456 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T09:56:57.305Z"}
{"@timestamp":"2022-09-18T10:01:04.213Z","@version":"1","message":"Sep 18 10:01:03 honeypot-sgp-1 kernel: [84371366.958350] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=56705 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:01:12 honeypot-fra-1 sshd[27818]: Did not receive identification string from 134.209.155.186 port 61000","@timestamp":"2022-09-18T10:01:13.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:04:15 honeypot-ams-1 sshd[5624]: Connection closed by invalid user  64.62.197.152 port 6506 [preauth]","@timestamp":"2022-09-18T10:04:16.499Z"}
{"@timestamp":"2022-09-18T10:09:51.423Z","@version":"1","message":"Sep 18 10:09:50 honeypot-sgp-1 kernel: [84371894.040697] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=10654 PROTO=TCP SPT=53533 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:11:48 honeypot-fra-1 sshd[27822]: Disconnected from invalid user admin 92.255.85.69 port 33722 [preauth]","@timestamp":"2022-09-18T10:11:49.419Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:14:57 honeypot-fra-1 sshd[27828]: Connection closed by invalid user hadoop 154.61.75.68 port 37090 [preauth]","@timestamp":"2022-09-18T10:14:58.491Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:21:34.700Z","@version":"1","message":"Sep 18 10:21:34 honeypot-sgp-1 sshd[30742]: Invalid user admin from 92.255.85.69 port 36530","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:21:58.712Z","@version":"1","message":"Sep 18 10:21:58 honeypot-sgp-1 kernel: [84372621.343068] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=7281 PROTO=TCP SPT=56253 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:22:26 honeypot-fra-1 kernel: [84370954.441562] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.199 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=56552 PROTO=TCP SPT=53533 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:22:27.659Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:24:05 honeypot-ams-1 sshd[5634]: Invalid user admin from 92.255.85.70 port 36382","@timestamp":"2022-09-18T10:24:06.013Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:38 honeypot-fra-1 sshd[27839]: Invalid user ubnt from 179.86.94.249 port 5852","@timestamp":"2022-09-18T10:25:39.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:42 honeypot-fra-1 sshd[27843]: Disconnected from authenticating user root 179.86.94.249 port 5854 [preauth]","@timestamp":"2022-09-18T10:25:43.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:48 honeypot-fra-1 sshd[27849]: Disconnected from authenticating user root 179.86.94.249 port 5857 [preauth]","@timestamp":"2022-09-18T10:25:48.738Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:25:49.811Z","@version":"1","message":"Sep 18 10:25:49 honeypot-sgp-1 sshd[30751]: Received disconnect from 128.199.103.239 port 54500:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:54 honeypot-fra-1 sshd[27855]: Disconnected from authenticating user root 179.86.94.249 port 5860 [preauth]","@timestamp":"2022-09-18T10:25:54.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:25:59 honeypot-fra-1 sshd[27861]: Disconnected from authenticating user root 179.86.94.249 port 5863 [preauth]","@timestamp":"2022-09-18T10:26:00.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:05 honeypot-fra-1 sshd[27867]: Disconnected from authenticating user root 179.86.94.249 port 5866 [preauth]","@timestamp":"2022-09-18T10:26:05.747Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:11 honeypot-fra-1 sshd[27873]: Disconnected from authenticating user root 179.86.94.249 port 5869 [preauth]","@timestamp":"2022-09-18T10:26:11.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:16 honeypot-fra-1 sshd[27879]: Received disconnect from 179.86.94.249 port 5872:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:16.753Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:22 honeypot-fra-1 sshd[27885]: Received disconnect from 179.86.94.249 port 5875:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:22.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:27 honeypot-fra-1 sshd[27891]: Received disconnect from 179.86.94.249 port 5878:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:28.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:33 honeypot-fra-1 sshd[27897]: Received disconnect from 179.86.94.249 port 5881:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:33.763Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:39 honeypot-fra-1 sshd[27903]: Received disconnect from 179.86.94.249 port 5884:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:26:39.767Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:42 honeypot-fra-1 sshd[27907]: Disconnected from invalid user admin 179.86.94.249 port 5886 [preauth]","@timestamp":"2022-09-18T10:26:43.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:46 honeypot-fra-1 sshd[27911]: Disconnected from invalid user admin 179.86.94.249 port 5888 [preauth]","@timestamp":"2022-09-18T10:26:46.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:50 honeypot-fra-1 sshd[27915]: Disconnected from invalid user admin 179.86.94.249 port 5890 [preauth]","@timestamp":"2022-09-18T10:26:50.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:54 honeypot-fra-1 sshd[27919]: Disconnected from invalid user admin 179.86.94.249 port 5892 [preauth]","@timestamp":"2022-09-18T10:26:54.775Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:26:58 honeypot-fra-1 sshd[27923]: Disconnected from invalid user admin 179.86.94.249 port 5894 [preauth]","@timestamp":"2022-09-18T10:26:58.777Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:01 honeypot-fra-1 sshd[27927]: Disconnected from invalid user user 179.86.94.249 port 5896 [preauth]","@timestamp":"2022-09-18T10:27:01.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:07 honeypot-fra-1 sshd[27933]: Received disconnect from 179.86.94.249 port 5899:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:27:07.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:10 honeypot-fra-1 sshd[27937]: Invalid user user from 179.86.94.249 port 5901","@timestamp":"2022-09-18T10:27:11.786Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:14 honeypot-fra-1 sshd[27941]: Invalid user mine from 179.86.94.249 port 5903","@timestamp":"2022-09-18T10:27:14.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:18 honeypot-fra-1 sshd[27945]: Invalid user xbmc from 179.86.94.249 port 5905","@timestamp":"2022-09-18T10:27:18.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:22 honeypot-fra-1 sshd[27949]: Invalid user oracle from 179.86.94.249 port 5907","@timestamp":"2022-09-18T10:27:22.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:25 honeypot-fra-1 sshd[27953]: Invalid user postgres from 179.86.94.249 port 5909","@timestamp":"2022-09-18T10:27:26.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:29 honeypot-fra-1 sshd[27957]: Invalid user support from 179.86.94.249 port 5911","@timestamp":"2022-09-18T10:27:29.799Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:33 honeypot-fra-1 sshd[27961]: Invalid user ubuntu from 179.86.94.249 port 5913","@timestamp":"2022-09-18T10:27:33.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:37 honeypot-fra-1 sshd[27965]: Invalid user ubuntu from 179.86.94.249 port 5915","@timestamp":"2022-09-18T10:27:37.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:40 honeypot-fra-1 sshd[27969]: Invalid user guest from 179.86.94.249 port 5851","@timestamp":"2022-09-18T10:27:40.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:27:44 honeypot-fra-1 sshd[27973]: Invalid user cirros from 179.86.94.249 port 5853","@timestamp":"2022-09-18T10:27:44.808Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T10:28:45.884Z","@version":"1","message":"Sep 18 10:28:45 honeypot-sgp-1 sshd[30756]: Connection closed by invalid user centos 179.60.147.69 port 1322 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:29:53 honeypot-fra-1 sshd[27977]: Invalid user centos from 179.60.147.69 port 8724","@timestamp":"2022-09-18T10:29:53.858Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:32:06 honeypot-ams-1 sshd[5637]: Connection closed by invalid user centos 179.60.147.69 port 64106 [preauth]","@timestamp":"2022-09-18T10:32:06.237Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:34:29 honeypot-ams-1 sshd[5639]: Received disconnect from 115.178.76.24 port 34984:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:34:30.323Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:35:19 honeypot-ams-1 sshd[5643]: Disconnected from invalid user corp 128.199.103.79 port 33520 [preauth]","@timestamp":"2022-09-18T10:35:19.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:39:07 honeypot-fra-1 kernel: [84371954.665222] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21191 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T10:39:08.086Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T10:42:39.222Z","@version":"1","message":"Sep 18 10:42:38 honeypot-sgp-1 sshd[30759]: Connection closed by invalid user admin 178.128.125.205 port 51578 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T10:42:39.222Z","@version":"1","message":"Sep 18 10:42:38 honeypot-sgp-1 sshd[30765]: Connection closed by invalid user admin 178.128.125.205 port 51602 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:43:08 honeypot-ams-1 sshd[5648]: Received disconnect from 179.218.198.83 port 43191:11: Bye Bye [preauth]","@timestamp":"2022-09-18T10:43:09.553Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 10:46:06 honeypot-ams-1 sshd[5652]: Disconnected from authenticating user root 2.36.249.18 port 45284 [preauth]","@timestamp":"2022-09-18T10:46:06.630Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:56:55 honeypot-fra-1 sshd[27984]: Invalid user teste from 92.255.85.70 port 63554","@timestamp":"2022-09-18T10:56:56.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 10:59:53 honeypot-fra-1 sshd[27987]: Invalid user user from 45.61.184.204 port 42858","@timestamp":"2022-09-18T10:59:54.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:03 honeypot-fra-1 sshd[27991]: Disconnected from invalid user user 45.61.184.204 port 54482 [preauth]","@timestamp":"2022-09-18T11:00:04.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:22 honeypot-fra-1 sshd[27996]: Received disconnect from 45.61.184.204 port 49510:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:00:22.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:00:39 honeypot-fra-1 sshd[28000]: Received disconnect from 45.61.184.204 port 44532:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:00:39.575Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:03:00 honeypot-fra-1 kernel: [84373387.613393] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=60516 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:03:00.631Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T11:04:48.756Z","@version":"1","message":"Sep 18 11:04:47 honeypot-sgp-1 sshd[30769]: Connection closed by invalid user user 179.60.147.69 port 54336 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:05:10 honeypot-ams-1 kernel: [84375690.171471] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.90.139.238 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=37572 DF PROTO=TCP SPT=56818 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:05:11.128Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:09:39 honeypot-ams-1 kernel: [84375959.460997] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.152.52.233 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=26877 PROTO=TCP SPT=59346 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:09:40.253Z"}
{"@timestamp":"2022-09-18T11:12:00.948Z","@version":"1","message":"Sep 18 11:12:00 honeypot-sgp-1 kernel: [84375623.144612] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.82.189.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=13346 PROTO=TCP SPT=44589 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:12:46 honeypot-ams-1 sshd[5667]: Connection closed by invalid user mysql 193.106.191.157 port 55984 [preauth]","@timestamp":"2022-09-18T11:12:46.703Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:17:01 honeypot-fra-1 kernel: [84374229.292166] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=10891 PROTO=TCP SPT=52167 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:17:01.948Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:20:39 honeypot-ams-1 kernel: [84376619.613432] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.180.143.104 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=5029 PROTO=TCP SPT=23827 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:20:39.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:23:27 honeypot-ams-1 sshd[5678]: Received disconnect from 189.7.129.60 port 33318:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:23:27.989Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:25:19 honeypot-fra-1 sshd[28014]: Disconnected from authenticating user root 188.166.70.184 port 43464 [preauth]","@timestamp":"2022-09-18T11:25:20.138Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T11:30:09.401Z","@version":"1","message":"Sep 18 11:30:08 honeypot-sgp-1 sshd[30779]: Disconnected from invalid user bikeople 73.203.127.7 port 51952 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:30:37 honeypot-ams-1 kernel: [84377217.699121] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=16860 PROTO=TCP SPT=52489 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:30:38.180Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:35:48 honeypot-fra-1 sshd[28020]: Connection closed by invalid user mysql 193.106.191.157 port 44118 [preauth]","@timestamp":"2022-09-18T11:35:48.371Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:37:37 honeypot-ams-1 sshd[5686]: Invalid user zai from 159.203.102.122 port 58604","@timestamp":"2022-09-18T11:37:38.365Z"}
{"@timestamp":"2022-09-18T11:40:56.663Z","@version":"1","message":"Sep 18 11:40:56 honeypot-sgp-1 sshd[30787]: Connection closed by authenticating user nobody 179.60.147.69 port 29254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:41:54 honeypot-ams-1 sshd[5689]: Received disconnect from 45.61.186.249 port 52672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T11:41:55.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:14 honeypot-ams-1 sshd[5693]: Invalid user user from 45.61.186.249 port 47770","@timestamp":"2022-09-18T11:42:15.493Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:24 honeypot-ams-1 sshd[5698]: Invalid user user from 45.61.186.249 port 59474","@timestamp":"2022-09-18T11:42:24.498Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:33 honeypot-ams-1 sshd[5702]: Invalid user user from 45.61.186.249 port 42860","@timestamp":"2022-09-18T11:42:33.504Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:42:51 honeypot-ams-1 sshd[5706]: Invalid user user from 45.61.186.249 port 37950","@timestamp":"2022-09-18T11:42:52.513Z"}
{"@timestamp":"2022-09-18T11:43:20.723Z","@version":"1","message":"Sep 18 11:43:19 honeypot-sgp-1 kernel: [84377502.992198] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=62245 PROTO=TCP SPT=40060 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:45:03 honeypot-fra-1 sshd[28030]: Invalid user prueba from 92.255.85.69 port 57864","@timestamp":"2022-09-18T11:45:03.582Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:45:19 honeypot-ams-1 sshd[5710]: Received disconnect from 24.188.213.50 port 37670:11: Bye Bye [preauth]","@timestamp":"2022-09-18T11:45:19.582Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:47:59 honeypot-fra-1 sshd[28035]: Disconnected from authenticating user root 138.68.58.138 port 56134 [preauth]","@timestamp":"2022-09-18T11:47:59.648Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T11:48:30.853Z","@version":"1","message":"Sep 18 11:48:30 honeypot-sgp-1 kernel: [84377813.385191] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20143 PROTO=TCP SPT=41222 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 11:48:38 honeypot-ams-1 sshd[5715]: Invalid user user1 from 103.188.176.251 port 41468","@timestamp":"2022-09-18T11:48:38.673Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 11:51:37 honeypot-ams-1 kernel: [84378477.543694] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=29192 PROTO=TCP SPT=50014 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T11:51:37.758Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:05 honeypot-fra-1 sshd[28044]: Did not receive identification string from 45.61.186.169 port 47962","@timestamp":"2022-09-18T11:53:05.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:53:44 honeypot-fra-1 sshd[28047]: Disconnected from invalid user user 45.61.186.169 port 60684 [preauth]","@timestamp":"2022-09-18T11:53:44.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:01 honeypot-fra-1 sshd[28051]: Disconnected from invalid user user 45.61.186.169 port 55342 [preauth]","@timestamp":"2022-09-18T11:54:01.791Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 11:54:17 honeypot-fra-1 sshd[28055]: Disconnected from invalid user user 45.61.186.169 port 49988 [preauth]","@timestamp":"2022-09-18T11:54:17.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T11:55:47.030Z","@version":"1","message":"Sep 18 11:55:46 honeypot-sgp-1 kernel: [84378249.532423] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.161.50.189 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=12929 DF PROTO=TCP SPT=15248 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:02:56 honeypot-fra-1 kernel: [84376983.559966] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=27.124.32.159 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=0 DF PROTO=TCP SPT=50401 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:02:56.996Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:05:30 honeypot-ams-1 sshd[5724]: Did not receive identification string from 45.61.187.160 port 47658","@timestamp":"2022-09-18T12:05:31.129Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:04 honeypot-ams-1 sshd[5727]: Disconnected from invalid user user 45.61.187.160 port 53964 [preauth]","@timestamp":"2022-09-18T12:06:04.146Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:21 honeypot-ams-1 sshd[5731]: Disconnected from invalid user user 45.61.187.160 port 48654 [preauth]","@timestamp":"2022-09-18T12:06:21.155Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:37 honeypot-ams-1 sshd[5735]: Disconnected from invalid user user 45.61.187.160 port 43352 [preauth]","@timestamp":"2022-09-18T12:06:38.163Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:06:47 honeypot-ams-1 sshd[5739]: Disconnected from invalid user tester 67.205.165.12 port 57282 [preauth]","@timestamp":"2022-09-18T12:06:48.168Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:10:33 honeypot-ams-1 sshd[5744]: Received disconnect from 59.98.83.57 port 58586:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:10:33.266Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:11:34 honeypot-fra-1 kernel: [84377501.880150] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=39061 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:11:35.198Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T12:12:26.437Z","@version":"1","message":"Sep 18 12:12:26 honeypot-sgp-1 kernel: [84379249.291455] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.89.161 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=39061 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:15:39 honeypot-ams-1 sshd[5749]: Invalid user user0 from 195.29.51.133 port 35705","@timestamp":"2022-09-18T12:15:40.404Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:02 honeypot-ams-1 sshd[5755]: Invalid user user from 45.61.186.249 port 51960","@timestamp":"2022-09-18T12:18:03.468Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:21 honeypot-ams-1 sshd[5759]: Invalid user user from 45.61.186.249 port 47048","@timestamp":"2022-09-18T12:18:22.479Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:18:34 honeypot-fra-1 sshd[28066]: Disconnected from invalid user linwei 165.22.45.108 port 48190 [preauth]","@timestamp":"2022-09-18T12:18:35.357Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:40 honeypot-ams-1 sshd[5763]: Invalid user user from 45.61.186.249 port 42136","@timestamp":"2022-09-18T12:18:40.488Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:18:56 honeypot-ams-1 sshd[5767]: Invalid user user from 45.61.186.249 port 37258","@timestamp":"2022-09-18T12:18:57.496Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:05 honeypot-ams-1 sshd[5776]: Invalid user oracle from 130.193.40.11 port 52660","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5791]: Connection closed by authenticating user root 130.193.40.11 port 52680 [preauth]","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5784]: Invalid user ftpuser from 130.193.40.11 port 52682","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5781]: Invalid user test from 130.193.40.11 port 52646","@timestamp":"2022-09-18T12:20:06.530Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5793]: Connection closed by invalid user chia 130.193.40.11 port 52704 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5784]: Connection closed by invalid user ftpuser 130.193.40.11 port 52682 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:06 honeypot-ams-1 sshd[5789]: Connection closed by invalid user mysql 130.193.40.11 port 52648 [preauth]","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5822]: Invalid user hadoop from 130.193.40.11 port 52670","@timestamp":"2022-09-18T12:20:07.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:07 honeypot-ams-1 sshd[5832]: Connection closed by invalid user testuser 130.193.40.11 port 52686 [preauth]","@timestamp":"2022-09-18T12:20:08.531Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:20:10 honeypot-ams-1 sshd[5827]: Connection closed by authenticating user root 130.193.40.11 port 52690 [preauth]","@timestamp":"2022-09-18T12:20:11.533Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:21:38 honeypot-ams-1 sshd[5842]: Received disconnect from 213.27.189.252 port 53302:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:21:39.572Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:26:32 honeypot-fra-1 sshd[28072]: Received disconnect from 143.244.158.100 port 36974:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:26:32.539Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:28:35 honeypot-fra-1 sshd[28078]: Received disconnect from 178.128.88.244 port 59750:11: Bye Bye [preauth]","@timestamp":"2022-09-18T12:28:35.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:30:51 honeypot-fra-1 sshd[28084]: Received disconnect from 143.244.158.100 port 60382:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:30:51.643Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:31:16 honeypot-ams-1 sshd[5848]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-18T12:31:16.828Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:32:42 honeypot-fra-1 kernel: [84378769.810894] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=198.244.213.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=16461 PROTO=TCP SPT=56052 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:32:42.688Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:35:01 honeypot-fra-1 sshd[28095]: Received disconnect from 143.244.158.100 port 52836:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:35:01.744Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:37:11.037Z","@version":"1","message":"Sep 18 12:37:10 honeypot-sgp-1 kernel: [84380733.276250] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.217.0.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=TCP SPT=44905 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:37:33 honeypot-fra-1 sshd[28102]: Received disconnect from 143.244.158.100 port 52760:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:37:34.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:38:09 honeypot-ams-1 sshd[5850]: Disconnected from invalid user support 104.248.153.95 port 46226 [preauth]","@timestamp":"2022-09-18T12:38:10.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:19 honeypot-fra-1 sshd[28108]: Disconnected from authenticating user root 143.244.158.100 port 54498 [preauth]","@timestamp":"2022-09-18T12:39:19.847Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:39:31 honeypot-fra-1 sshd[28114]: Connection closed by invalid user admin 137.184.48.78 port 34032 [preauth]","@timestamp":"2022-09-18T12:39:31.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:41:00 honeypot-fra-1 sshd[28120]: Received disconnect from 143.244.158.100 port 48488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:41:00.889Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:41:24.142Z","@version":"1","message":"Sep 18 12:41:23 honeypot-sgp-1 sshd[30814]: Disconnected from invalid user eversec 51.83.45.72 port 54968 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:42:33 honeypot-fra-1 sshd[28125]: Disconnected from invalid user 12345 92.255.85.70 port 47874 [preauth]","@timestamp":"2022-09-18T12:42:33.927Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 12:42:57 honeypot-ams-1 sshd[5857]: Disconnected from authenticating user root 80.68.7.179 port 53526 [preauth]","@timestamp":"2022-09-18T12:42:58.143Z"}
{"@timestamp":"2022-09-18T12:42:58.183Z","@version":"1","message":"Sep 18 12:42:57 honeypot-sgp-1 kernel: [84381080.931018] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20472 PROTO=TCP SPT=44863 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:44:25 honeypot-fra-1 sshd[28131]: Disconnected from authenticating user root 143.244.158.100 port 48130 [preauth]","@timestamp":"2022-09-18T12:44:25.981Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:44:31.222Z","@version":"1","message":"Sep 18 12:44:30 honeypot-sgp-1 sshd[30824]: Disconnected from invalid user admin 52.140.206.1 port 1024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:46:55 honeypot-fra-1 sshd[28139]: Disconnected from authenticating user root 143.244.158.100 port 48048 [preauth]","@timestamp":"2022-09-18T12:46:56.041Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:49:38 honeypot-fra-1 sshd[28145]: Disconnected from authenticating user root 143.244.158.100 port 35840 [preauth]","@timestamp":"2022-09-18T12:49:39.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:51:24 honeypot-fra-1 sshd[28149]: Disconnected from authenticating user root 143.244.158.100 port 42986 [preauth]","@timestamp":"2022-09-18T12:51:25.148Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:53:31.444Z","@version":"1","message":"Sep 18 12:53:30 honeypot-sgp-1 sshd[30832]: Received disconnect from 89.208.104.47 port 52596:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:53:57 honeypot-fra-1 sshd[28156]: Disconnected from authenticating user root 143.244.158.100 port 43838 [preauth]","@timestamp":"2022-09-18T12:53:58.217Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:56:30 honeypot-fra-1 sshd[28163]: Received disconnect from 143.244.158.100 port 50024:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:56:31.278Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T12:57:11.535Z","@version":"1","message":"Sep 18 12:57:11 honeypot-sgp-1 kernel: [84381933.994872] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.151.215 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=53499 DF PROTO=TCP SPT=47844 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:21 honeypot-fra-1 kernel: [84380309.077981] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=39796 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:58:22.322Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:58:56 honeypot-fra-1 sshd[28173]: Received disconnect from 45.61.184.204 port 44754:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:58:57.338Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:06 honeypot-fra-1 sshd[28177]: Disconnected from invalid user user 45.61.184.204 port 56314 [preauth]","@timestamp":"2022-09-18T12:59:07.343Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:25 honeypot-fra-1 sshd[28181]: Disconnected from invalid user user 45.61.184.204 port 51236 [preauth]","@timestamp":"2022-09-18T12:59:25.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:42 honeypot-fra-1 sshd[28187]: Received disconnect from 45.61.184.204 port 46144:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T12:59:43.361Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 12:59:54 honeypot-fra-1 kernel: [84380401.595999] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=25228 PROTO=TCP SPT=50966 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T12:59:54.366Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:01:18 honeypot-fra-1 sshd[28195]: Disconnected from authenticating user root 143.198.60.41 port 57712 [preauth]","@timestamp":"2022-09-18T13:01:19.429Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:02:45 honeypot-fra-1 sshd[28202]: Invalid user ubuntu from 141.98.10.158 port 57090","@timestamp":"2022-09-18T13:02:46.467Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:04:32 honeypot-fra-1 kernel: [84380679.553073] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.203.200 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57128 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:04:32.514Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:05:34 honeypot-fra-1 kernel: [84380741.741556] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=13715 PROTO=TCP SPT=44863 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:05:34.542Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:07:40 honeypot-fra-1 sshd[28218]: Disconnected from authenticating user root 143.244.158.100 port 34754 [preauth]","@timestamp":"2022-09-18T13:07:40.593Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:08:16 honeypot-ams-1 kernel: [84383076.166525] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.139.91 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=47669 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:08:16.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:08:56 honeypot-fra-1 sshd[28224]: Disconnected from authenticating user root 159.89.197.1 port 51896 [preauth]","@timestamp":"2022-09-18T13:08:57.626Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T13:09:28.853Z","@version":"1","message":"Sep 18 13:09:28 honeypot-sgp-1 kernel: [84382671.040610] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=74.82.47.29 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=36541 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:10:17 honeypot-fra-1 sshd[28230]: Disconnected from authenticating user root 143.244.158.100 port 53802 [preauth]","@timestamp":"2022-09-18T13:10:17.660Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:14:01 honeypot-fra-1 sshd[28237]: Invalid user admin from 68.183.212.10 port 38790","@timestamp":"2022-09-18T13:14:01.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:16:59 honeypot-fra-1 sshd[28241]: Disconnected from authenticating user root 159.223.22.132 port 56428 [preauth]","@timestamp":"2022-09-18T13:16:59.838Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:21:31 honeypot-ams-1 kernel: [84383871.735172] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=9207 DF PROTO=TCP SPT=33204 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:21:32.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:25:32 honeypot-fra-1 sshd[28247]: Disconnected from invalid user guest 92.255.85.70 port 49920 [preauth]","@timestamp":"2022-09-18T13:25:33.036Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T13:28:08.299Z","@version":"1","message":"Sep 18 13:28:08 honeypot-sgp-1 sshd[30846]: Received disconnect from 92.255.85.70 port 16756:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:29:31 honeypot-ams-1 kernel: [84384350.867890] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=51788 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:29:31.383Z"}
{"@timestamp":"2022-09-18T13:29:43.339Z","@version":"1","message":"Sep 18 13:29:43 honeypot-sgp-1 sshd[30850]: Disconnected from authenticating user root 20.54.73.159 port 47200 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:35:40 honeypot-ams-1 sshd[5883]: Disconnected from invalid user guest 92.255.85.69 port 60770 [preauth]","@timestamp":"2022-09-18T13:35:41.545Z"}
{"@timestamp":"2022-09-18T13:38:19.551Z","@version":"1","message":"Sep 18 13:38:19 honeypot-sgp-1 sshd[30855]: Invalid user temp from 190.138.132.235 port 38510","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 13:41:42 honeypot-fra-1 sshd[28253]: Received disconnect from 165.22.45.108 port 53712:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T13:41:43.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:48:05 honeypot-ams-1 sshd[5892]: Invalid user guest from 146.185.137.240 port 43328","@timestamp":"2022-09-18T13:48:05.878Z"}
{"@timestamp":"2022-09-18T13:48:09.787Z","@version":"1","message":"Sep 18 13:48:09 honeypot-sgp-1 sshd[30861]: Connection reset by authenticating user root 143.198.136.88 port 54944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:31.799Z","@version":"1","message":"Sep 18 13:48:31 honeypot-sgp-1 sshd[30868]: Invalid user user from 45.61.186.249 port 48952","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:48:52.809Z","@version":"1","message":"Sep 18 13:48:52 honeypot-sgp-1 sshd[30872]: Invalid user user from 45.61.186.249 port 44110","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:10.817Z","@version":"1","message":"Sep 18 13:49:10 honeypot-sgp-1 sshd[30876]: Invalid user user from 45.61.186.249 port 39272","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:49:28.827Z","@version":"1","message":"Sep 18 13:49:28 honeypot-sgp-1 sshd[30880]: Invalid user user from 45.61.186.249 port 34430","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:15.877Z","@version":"1","message":"Sep 18 13:51:15 honeypot-sgp-1 sshd[30883]: Invalid user user from 45.61.186.249 port 46722","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 13:51:32 honeypot-ams-1 kernel: [84385672.051197] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=91.99.137.144 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=23859 DF PROTO=TCP SPT=2116 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T13:51:32.972Z"}
{"@timestamp":"2022-09-18T13:51:33.886Z","@version":"1","message":"Sep 18 13:51:33 honeypot-sgp-1 sshd[30887]: Invalid user user from 45.61.186.249 port 41368","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:51:51.895Z","@version":"1","message":"Sep 18 13:51:51 honeypot-sgp-1 sshd[30892]: Invalid user user from 45.61.186.249 port 36018","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T13:52:00.900Z","@version":"1","message":"Sep 18 13:52:00 honeypot-sgp-1 sshd[30894]: Disconnected from invalid user user 45.61.186.249 port 47438 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:53:18 honeypot-ams-1 sshd[5898]: Disconnected from invalid user tk 188.166.53.188 port 41970 [preauth]","@timestamp":"2022-09-18T13:53:19.021Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 13:54:30 honeypot-ams-1 sshd[5902]: Disconnected from invalid user finexa 189.29.171.10 port 55288 [preauth]","@timestamp":"2022-09-18T13:54:31.057Z"}
{"@timestamp":"2022-09-18T13:55:26.984Z","@version":"1","message":"Sep 18 13:55:26 honeypot-sgp-1 sshd[30899]: Disconnected from invalid user admin 203.125.29.136 port 49976 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:02:32 honeypot-ams-1 kernel: [84386332.339775] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.114.107.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=2149 PROTO=TCP SPT=48461 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:02:33.271Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:04:13 honeypot-fra-1 sshd[28257]: error: maximum authentication attempts exceeded for invalid user admin from 220.111.163.229 port 51805 ssh2 [preauth]","@timestamp":"2022-09-18T14:04:13.908Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:04:33.206Z","@version":"1","message":"Sep 18 14:04:33 honeypot-sgp-1 sshd[30905]: Invalid user admin from 31.184.198.71 port 53720","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:07.224Z","@version":"1","message":"Sep 18 14:05:06 honeypot-sgp-1 sshd[30911]: Invalid user admin from 31.184.198.71 port 27001","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:05:36.239Z","@version":"1","message":"Sep 18 14:05:36 honeypot-sgp-1 sshd[30917]: Invalid user aerohive from 31.184.198.71 port 55427","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:03.253Z","@version":"1","message":"Sep 18 14:06:03 honeypot-sgp-1 sshd[30922]: Disconnecting invalid user manager 31.184.198.71 port 53359: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:06:36.270Z","@version":"1","message":"Sep 18 14:06:35 honeypot-sgp-1 sshd[30930]: Invalid user Admin from 31.184.198.71 port 47897","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:02.285Z","@version":"1","message":"Sep 18 14:07:01 honeypot-sgp-1 sshd[30936]: Invalid user user from 31.184.198.71 port 6191","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:34.301Z","@version":"1","message":"Sep 18 14:07:33 honeypot-sgp-1 sshd[30942]: Disconnecting invalid user blank 31.184.198.71 port 34307: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:07:59.314Z","@version":"1","message":"Sep 18 14:07:58 honeypot-sgp-1 sshd[30948]: Disconnecting invalid user 1234 31.184.198.71 port 39972: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:24.327Z","@version":"1","message":"Sep 18 14:08:23 honeypot-sgp-1 sshd[30954]: Disconnecting invalid user Cisco 31.184.198.71 port 9117: Change of username or service not allowed: (Cisco,ssh-connection) -> (cisco,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:08:57.344Z","@version":"1","message":"Sep 18 14:08:57 honeypot-sgp-1 sshd[30960]: Disconnecting invalid user 1234 31.184.198.71 port 30799: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:34.364Z","@version":"1","message":"Sep 18 14:09:34 honeypot-sgp-1 sshd[30969]: Invalid user adslroot from 31.184.198.71 port 56473","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:09:55.374Z","@version":"1","message":"Sep 18 14:09:55 honeypot-sgp-1 sshd[30975]: Invalid user blank from 31.184.198.71 port 6559","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:24.390Z","@version":"1","message":"Sep 18 14:10:24 honeypot-sgp-1 sshd[30981]: Invalid user admin from 92.255.85.69 port 53470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:10:41.399Z","@version":"1","message":"Sep 18 14:10:41 honeypot-sgp-1 sshd[30987]: Invalid user admin from 31.184.198.71 port 44236","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:07.414Z","@version":"1","message":"Sep 18 14:11:06 honeypot-sgp-1 sshd[30993]: Invalid user cusadmin from 31.184.198.71 port 41032","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:11:33.427Z","@version":"1","message":"Sep 18 14:11:33 honeypot-sgp-1 sshd[30999]: Invalid user lgnortel from 31.184.198.71 port 27073","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:12:13.447Z","@version":"1","message":"Sep 18 14:12:12 honeypot-sgp-1 sshd[31005]: Invalid user admin from 31.184.198.71 port 20022","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:12:16 honeypot-fra-1 sshd[28262]: Disconnected from invalid user admin 92.255.85.69 port 48812 [preauth]","@timestamp":"2022-09-18T14:12:17.090Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:12:40.461Z","@version":"1","message":"Sep 18 14:12:39 honeypot-sgp-1 sshd[31011]: Invalid user matrix from 31.184.198.71 port 8753","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:10.476Z","@version":"1","message":"Sep 18 14:13:09 honeypot-sgp-1 sshd[31017]: Invalid user motorola from 31.184.198.71 port 41995","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:13:37.490Z","@version":"1","message":"Sep 18 14:13:37 honeypot-sgp-1 sshd[31023]: Disconnecting authenticating user root 31.184.198.71 port 62665: Change of username or service not allowed: (root,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:07.507Z","@version":"1","message":"Sep 18 14:14:07 honeypot-sgp-1 sshd[31029]: Disconnecting invalid user 0 31.184.198.71 port 6922: Change of username or service not allowed: (0,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:32.520Z","@version":"1","message":"Sep 18 14:14:31 honeypot-sgp-1 sshd[31036]: Disconnecting invalid user roqos 31.184.198.71 port 55616: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:14:58.533Z","@version":"1","message":"Sep 18 14:14:57 honeypot-sgp-1 sshd[31042]: Disconnecting invalid user sitecom 31.184.198.71 port 6644: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:15:27.548Z","@version":"1","message":"Sep 18 14:15:27 honeypot-sgp-1 sshd[31048]: Disconnecting invalid user admin 31.184.198.71 port 42029: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:15:34 honeypot-ams-1 sshd[5913]: Connection closed by authenticating user root 103.188.176.251 port 55200 [preauth]","@timestamp":"2022-09-18T14:15:34.625Z"}
{"@timestamp":"2022-09-18T14:15:52.562Z","@version":"1","message":"Sep 18 14:15:52 honeypot-sgp-1 sshd[31055]: Invalid user smcadmin from 31.184.198.71 port 30021","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:11.572Z","@version":"1","message":"Sep 18 14:16:11 honeypot-sgp-1 sshd[31061]: Invalid user admin from 31.184.198.71 port 1816","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:16:38.610Z","@version":"1","message":"Sep 18 14:16:37 honeypot-sgp-1 sshd[31067]: Invalid user user from 31.184.198.71 port 56895","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:01.623Z","@version":"1","message":"Sep 18 14:17:01 honeypot-sgp-1 sshd[31071]: Disconnecting authenticating user root 31.184.198.71 port 14091: Change of username or service not allowed: (root,ssh-connection) -> (123456,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:17:30.637Z","@version":"1","message":"Sep 18 14:17:30 honeypot-sgp-1 sshd[31080]: Disconnecting invalid user amdin 31.184.198.71 port 35669: Change of username or service not allowed: (amdin,ssh-connection) -> (readwrite,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:17:48 honeypot-fra-1 kernel: [84385075.646892] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=5873 PROTO=TCP SPT=21345 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:17:49.215Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:17:59.652Z","@version":"1","message":"Sep 18 14:17:59 honeypot-sgp-1 sshd[31087]: Disconnecting invalid user admin 31.184.198.71 port 32779: Change of username or service not allowed: (admin,ssh-connection) -> (DZY-W2914NSV2,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:18:31.669Z","@version":"1","message":"Sep 18 14:18:30 honeypot-sgp-1 sshd[31093]: Disconnecting invalid user admin 31.184.198.71 port 29414: Change of username or service not allowed: (admin,ssh-connection) -> (zoomadsl,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:19:02.685Z","@version":"1","message":"Sep 18 14:19:02 honeypot-sgp-1 sshd[31099]: Disconnecting invalid user 1admin0 31.184.198.71 port 14124: Change of username or service not allowed: (1admin0,ssh-connection) -> (ltecl4r0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T14:20:46.729Z","@version":"1","message":"Sep 18 14:20:45 honeypot-sgp-1 sshd[31106]: Received disconnect from 2.139.220.58 port 46014:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:22:11 honeypot-fra-1 sshd[28276]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:22:11.318Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:23:14 honeypot-ams-1 sshd[5919]: Disconnected from invalid user admin 92.255.85.69 port 50980 [preauth]","@timestamp":"2022-09-18T14:23:14.830Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:23:49 honeypot-fra-1 kernel: [84385436.450523] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:23:50.360Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:26:31 honeypot-fra-1 kernel: [84385598.164392] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:26:31.424Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:31:33 honeypot-fra-1 sshd[28285]: Received disconnect from 103.141.149.29 port 37286:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:31:33.542Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:33:06 honeypot-fra-1 kernel: [84385993.164606] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:06.580Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:33:50 honeypot-ams-1 kernel: [84388210.426510] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35794 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:33:51.112Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:35:54 honeypot-fra-1 kernel: [84386161.829819] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:35:55.647Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:39:49 honeypot-fra-1 sshd[28291]: Received disconnect from 204.48.30.72 port 41992:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:39:49.740Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:41:16 honeypot-fra-1 sshd[28298]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:41:16.776Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T14:41:37.238Z","@version":"1","message":"Sep 18 14:41:36 honeypot-sgp-1 sshd[31112]: Connection closed by invalid user test 103.188.176.251 port 50478 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:42:12 honeypot-fra-1 sshd[28303]: Received disconnect from 107.173.146.242 port 50656:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:42:13.801Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:43:05 honeypot-fra-1 kernel: [84386592.930432] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:43:06.825Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:43:23 honeypot-ams-1 sshd[5926]: Disconnected from authenticating user root 97.74.82.38 port 44212 [preauth]","@timestamp":"2022-09-18T14:43:24.363Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:45:25 honeypot-fra-1 kernel: [84386732.276794] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:45:25.878Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:45:26 honeypot-ams-1 sshd[5931]: Disconnected from invalid user emiliojose 123.30.249.49 port 37202 [preauth]","@timestamp":"2022-09-18T14:45:27.419Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:46:49 honeypot-ams-1 sshd[5936]: Received disconnect from 157.230.250.192 port 38804:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:46:49.460Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:47:13 honeypot-fra-1 kernel: [84386840.615889] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=58469 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:47:13.923Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:10 honeypot-fra-1 sshd[28313]: Received disconnect from 45.61.187.160 port 37896:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T14:48:10.947Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:30 honeypot-fra-1 sshd[28317]: Invalid user user from 45.61.187.160 port 60784","@timestamp":"2022-09-18T14:48:30.957Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:48:49 honeypot-fra-1 sshd[28321]: Invalid user user from 45.61.187.160 port 55472","@timestamp":"2022-09-18T14:48:49.966Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:49:06 honeypot-fra-1 sshd[28325]: Invalid user user from 45.61.187.160 port 50162","@timestamp":"2022-09-18T14:49:06.993Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:49:13 honeypot-ams-1 sshd[5940]: Received disconnect from 161.35.127.34 port 51208:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:49:13.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:50:41 honeypot-fra-1 sshd[28329]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T14:50:42.031Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 14:51:28 honeypot-ams-1 sshd[5945]: Received disconnect from 177.12.2.53 port 33572:11: Bye Bye [preauth]","@timestamp":"2022-09-18T14:51:29.588Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:52:24 honeypot-fra-1 kernel: [84387151.405732] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=9885 PROTO=TCP SPT=21345 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:52:25.075Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:55:11 honeypot-fra-1 kernel: [84387318.611738] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=3.8.141.125 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=75 ID=49126 PROTO=TCP SPT=21345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:55:12.142Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T14:55:41.581Z","@version":"1","message":"Sep 18 14:55:40 honeypot-sgp-1 sshd[31118]: Disconnected from authenticating user root 123.30.187.208 port 55794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 14:55:54 honeypot-ams-1 kernel: [84389533.827865] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=58216 PROTO=TCP SPT=51205 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:55:54.705Z"}
{"@timestamp":"2022-09-18T14:59:12.668Z","@version":"1","message":"Sep 18 14:59:12 honeypot-sgp-1 sshd[31124]: Invalid user yugi from 180.130.116.155 port 34492","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 14:59:30 honeypot-fra-1 kernel: [84387577.083676] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46951 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T14:59:30.262Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:00:23 honeypot-fra-1 sshd[28342]: Did not receive identification string from 3.8.141.125 port 21345","@timestamp":"2022-09-18T15:00:24.285Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:02:04 honeypot-fra-1 kernel: [84387731.558673] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.71.248.31 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=57389 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:02:05.328Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T15:03:33.774Z","@version":"1","message":"Sep 18 15:03:33 honeypot-sgp-1 sshd[31129]: Invalid user ubnt from 92.255.85.69 port 58192","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:04:11 honeypot-fra-1 kernel: [84387858.164762] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=30563 PROTO=TCP SPT=53203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:04:11.378Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:04:38 honeypot-ams-1 sshd[5953]: Disconnected from authenticating user root 185.127.16.234 port 51080 [preauth]","@timestamp":"2022-09-18T15:04:38.942Z"}
{"@timestamp":"2022-09-18T15:08:15.887Z","@version":"1","message":"Sep 18 15:08:15 honeypot-sgp-1 kernel: [84389797.945710] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=5.189.133.199 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=9010 DF PROTO=TCP SPT=37476 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:28 honeypot-fra-1 sshd[28349]: Did not receive identification string from 45.61.186.169 port 56062","@timestamp":"2022-09-18T15:09:29.503Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:09:39 honeypot-ams-1 sshd[5958]: Received disconnect from 92.255.85.70 port 37076:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:09:40.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:09:47 honeypot-fra-1 sshd[28352]: Disconnected from invalid user user 45.61.186.169 port 34642 [preauth]","@timestamp":"2022-09-18T15:09:48.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:06 honeypot-fra-1 sshd[28357]: Disconnected from invalid user user 45.61.186.169 port 57722 [preauth]","@timestamp":"2022-09-18T15:10:07.522Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:10:23 honeypot-fra-1 sshd[28361]: Disconnected from invalid user user 45.61.186.169 port 52576 [preauth]","@timestamp":"2022-09-18T15:10:24.530Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:11:33 honeypot-ams-1 sshd[5962]: Disconnected from invalid user liams 67.207.94.180 port 46294 [preauth]","@timestamp":"2022-09-18T15:11:34.135Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:17:01 honeypot-ams-1 CRON[5968]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T15:17:02.283Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:20 honeypot-fra-1 sshd[28369]: Did not receive identification string from 103.90.177.102 port 40836","@timestamp":"2022-09-18T15:19:20.729Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28376]: Invalid user a from 103.90.177.102 port 40980","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28370]: Connection closed by authenticating user root 103.90.177.102 port 40972 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:19:22 honeypot-fra-1 sshd[28379]: Connection closed by authenticating user root 103.90.177.102 port 40968 [preauth]","@timestamp":"2022-09-18T15:19:22.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:21:16 honeypot-ams-1 sshd[5976]: Invalid user no1 from 100.1.167.124 port 33004","@timestamp":"2022-09-18T15:21:16.397Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:23:49 honeypot-ams-1 sshd[5978]: Disconnected from invalid user user 139.59.233.124 port 51736 [preauth]","@timestamp":"2022-09-18T15:23:49.463Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:32 honeypot-ams-1 sshd[5983]: Received disconnect from 45.61.186.49 port 53262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:24:32.485Z"}
{"@timestamp":"2022-09-18T15:24:38.283Z","@version":"1","message":"Sep 18 15:24:37 honeypot-sgp-1 kernel: [84390780.758443] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.63.101 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=54304 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:24:45 honeypot-ams-1 sshd[5987]: Received disconnect from 45.61.186.49 port 37226:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:24:45.491Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:24:52 honeypot-fra-1 sshd[28396]: Received disconnect from 185.149.120.23 port 33640:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:24:52.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:26:38 honeypot-ams-1 sshd[5992]: Connection closed by invalid user mysql 193.106.191.157 port 52166 [preauth]","@timestamp":"2022-09-18T15:26:39.541Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:27:30 honeypot-fra-1 sshd[28401]: Disconnected from authenticating user root 128.199.42.242 port 58164 [preauth]","@timestamp":"2022-09-18T15:27:30.917Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:27:46.360Z","@version":"1","message":"Sep 18 15:27:46 honeypot-sgp-1 sshd[31143]: Received disconnect from 159.223.76.57 port 56914:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:28:37.383Z","@version":"1","message":"Sep 18 15:28:36 honeypot-sgp-1 sshd[31145]: Disconnected from authenticating user root 135.125.107.159 port 49154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:31:17 honeypot-fra-1 sshd[28407]: Invalid user admin from 92.255.85.70 port 63368","@timestamp":"2022-09-18T15:31:18.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:34:11 honeypot-fra-1 sshd[28412]: Invalid user mysql from 193.106.191.157 port 53592","@timestamp":"2022-09-18T15:34:12.069Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:36:58 honeypot-fra-1 kernel: [84389825.304904] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.97.73.253 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=37935 PROTO=TCP SPT=43752 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:36:59.134Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:38:12 honeypot-ams-1 kernel: [84392071.961300] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=53569 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:38:12.845Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:39:31 honeypot-fra-1 sshd[28420]: Received disconnect from 167.172.58.10 port 44752:11: Bye Bye [preauth]","@timestamp":"2022-09-18T15:39:32.208Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:39:50 honeypot-ams-1 sshd[6001]: Received disconnect from 45.61.187.160 port 51172:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T15:39:50.891Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:09 honeypot-ams-1 sshd[6005]: Invalid user user from 45.61.187.160 port 46310","@timestamp":"2022-09-18T15:40:09.900Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:40:26 honeypot-ams-1 sshd[6009]: Invalid user user from 45.61.187.160 port 41448","@timestamp":"2022-09-18T15:40:26.909Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 15:40:54 honeypot-ams-1 kernel: [84392233.861357] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.21 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=47042 PROTO=TCP SPT=54837 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:40:54.921Z"}
{"@timestamp":"2022-09-18T15:45:15.778Z","@version":"1","message":"Sep 18 15:45:15 honeypot-sgp-1 sshd[31151]: Invalid user admin from 92.255.85.70 port 48204","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:45:42.792Z","@version":"1","message":"Sep 18 15:45:42 honeypot-sgp-1 sshd[31154]: Disconnected from invalid user user 45.61.186.169 port 46338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:00.800Z","@version":"1","message":"Sep 18 15:46:00 honeypot-sgp-1 sshd[31158]: Disconnected from invalid user user 45.61.186.169 port 41366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:17.810Z","@version":"1","message":"Sep 18 15:46:17 honeypot-sgp-1 sshd[31162]: Disconnected from invalid user user 45.61.186.169 port 36342 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T15:46:33.817Z","@version":"1","message":"Sep 18 15:46:33 honeypot-sgp-1 sshd[31166]: Disconnected from invalid user user 45.61.186.169 port 59580 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:51:09 honeypot-fra-1 kernel: [84390676.029552] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=81.45.139.22 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=45355 PROTO=TCP SPT=56529 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:51:09.465Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 15:55:25 honeypot-ams-1 sshd[6017]: Invalid user webmaster from 197.155.234.157 port 47954","@timestamp":"2022-09-18T15:55:26.302Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28434]: Invalid user admin from 45.127.108.132 port 34742","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28431]: Invalid user mysql from 45.127.108.132 port 49839","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28439]: Invalid user appuser from 45.127.108.132 port 19366","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:14 honeypot-fra-1 sshd[28432]: Connection closed by authenticating user root 45.127.108.132 port 25360 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28435]: Connection closed by invalid user testuser 45.127.108.132 port 23766 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28455]: Connection closed by invalid user zabbix 45.127.108.132 port 61893 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28442]: Connection closed by invalid user testuser 45.127.108.132 port 45499 [preauth]","@timestamp":"2022-09-18T15:56:15.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:56:15 honeypot-fra-1 sshd[28453]: Connection closed by authenticating user root 45.127.108.132 port 33110 [preauth]","@timestamp":"2022-09-18T15:56:15.581Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T15:57:35.077Z","@version":"1","message":"Sep 18 15:57:35 honeypot-sgp-1 sshd[31172]: Disconnected from invalid user md 5.191.253.21 port 52712 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 15:58:23 honeypot-fra-1 kernel: [84391110.571283] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=59053 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T15:58:24.647Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:01:08 honeypot-ams-1 sshd[6022]: Received disconnect from 20.228.201.118 port 56802:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:01:09.454Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:02:46 honeypot-ams-1 sshd[6026]: Received disconnect from 143.110.253.215 port 53454:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:02:47.499Z"}
{"@timestamp":"2022-09-18T16:09:15.355Z","@version":"1","message":"Sep 18 16:09:14 honeypot-sgp-1 sshd[31180]: Invalid user user from 45.61.187.160 port 33126","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:35.366Z","@version":"1","message":"Sep 18 16:09:35 honeypot-sgp-1 sshd[31185]: Invalid user user from 45.61.187.160 port 56812","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:09:55.375Z","@version":"1","message":"Sep 18 16:09:54 honeypot-sgp-1 sshd[31189]: Invalid user user from 45.61.187.160 port 52272","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:10:14.384Z","@version":"1","message":"Sep 18 16:10:13 honeypot-sgp-1 sshd[31193]: Invalid user user from 45.61.187.160 port 47724","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:15 honeypot-ams-1 sshd[6034]: Invalid user ubnt from 182.117.131.146 port 33688","@timestamp":"2022-09-18T16:10:15.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:20 honeypot-ams-1 sshd[6038]: Disconnected from authenticating user root 182.117.131.146 port 33924 [preauth]","@timestamp":"2022-09-18T16:10:21.699Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:26 honeypot-ams-1 sshd[6044]: Received disconnect from 182.117.131.146 port 34308:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:26.702Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:35 honeypot-ams-1 sshd[6050]: Received disconnect from 182.117.131.146 port 34794:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:35.706Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:43 honeypot-ams-1 sshd[6056]: Received disconnect from 182.117.131.146 port 35186:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:44.711Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:51 honeypot-ams-1 sshd[6062]: Received disconnect from 182.117.131.146 port 35748:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:51.715Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:10:59 honeypot-ams-1 sshd[6068]: Received disconnect from 182.117.131.146 port 36236:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:10:59.720Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:08 honeypot-ams-1 sshd[6074]: Received disconnect from 182.117.131.146 port 36760:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:08.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:17 honeypot-ams-1 sshd[6080]: Received disconnect from 182.117.131.146 port 37298:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:17.730Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:26 honeypot-ams-1 sshd[6086]: Received disconnect from 182.117.131.146 port 37848:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:26.736Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:34 honeypot-ams-1 sshd[6092]: Received disconnect from 182.117.131.146 port 38270:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:34.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:43 honeypot-ams-1 sshd[6098]: Received disconnect from 182.117.131.146 port 38762:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:11:43.745Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:51 honeypot-ams-1 sshd[6104]: Invalid user admin from 182.117.131.146 port 39328","@timestamp":"2022-09-18T16:11:51.749Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:11:56 honeypot-ams-1 sshd[6108]: Invalid user admin from 182.117.131.146 port 39696","@timestamp":"2022-09-18T16:11:57.753Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:03 honeypot-ams-1 sshd[6112]: Invalid user admin from 182.117.131.146 port 39982","@timestamp":"2022-09-18T16:12:03.757Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:10 honeypot-ams-1 sshd[6116]: Invalid user admin from 182.117.131.146 port 40476","@timestamp":"2022-09-18T16:12:10.760Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:16 honeypot-ams-1 sshd[6120]: Invalid user admin from 182.117.131.146 port 40830","@timestamp":"2022-09-18T16:12:16.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:22 honeypot-ams-1 sshd[6124]: Invalid user user from 182.117.131.146 port 41184","@timestamp":"2022-09-18T16:12:22.768Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:32 honeypot-ams-1 sshd[6128]: Disconnected from authenticating user root 182.117.131.146 port 41708 [preauth]","@timestamp":"2022-09-18T16:12:32.774Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:37 honeypot-ams-1 sshd[6132]: Disconnected from invalid user pi 182.117.131.146 port 42122 [preauth]","@timestamp":"2022-09-18T16:12:37.777Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:42 honeypot-ams-1 sshd[6136]: Disconnected from invalid user ethos 182.117.131.146 port 42418 [preauth]","@timestamp":"2022-09-18T16:12:43.781Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:49 honeypot-ams-1 sshd[6140]: Disconnected from invalid user miner 182.117.131.146 port 42864 [preauth]","@timestamp":"2022-09-18T16:12:49.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:12:56 honeypot-ams-1 sshd[6144]: Disconnected from invalid user volumio 182.117.131.146 port 43128 [preauth]","@timestamp":"2022-09-18T16:12:56.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:02 honeypot-ams-1 sshd[6148]: Disconnected from invalid user nagios 182.117.131.146 port 43612 [preauth]","@timestamp":"2022-09-18T16:13:02.792Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:08 honeypot-ams-1 sshd[6152]: Disconnected from invalid user vagrant 182.117.131.146 port 43964 [preauth]","@timestamp":"2022-09-18T16:13:08.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:13 honeypot-ams-1 sshd[6156]: Disconnected from invalid user debian 182.117.131.146 port 44212 [preauth]","@timestamp":"2022-09-18T16:13:13.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:19 honeypot-ams-1 sshd[6160]: Disconnected from invalid user debian 182.117.131.146 port 44608 [preauth]","@timestamp":"2022-09-18T16:13:19.802Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:26 honeypot-ams-1 sshd[6164]: Disconnected from invalid user alarm 182.117.131.146 port 44906 [preauth]","@timestamp":"2022-09-18T16:13:27.808Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:32 honeypot-ams-1 sshd[6168]: Disconnected from invalid user test 182.117.131.146 port 45350 [preauth]","@timestamp":"2022-09-18T16:13:32.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:13:38 honeypot-ams-1 sshd[6172]: Disconnected from invalid user cirros 182.117.131.146 port 45696 [preauth]","@timestamp":"2022-09-18T16:13:38.814Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:13:46 honeypot-fra-1 kernel: [84392033.215740] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=104.248.207.141 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=42035 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T16:13:47.003Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:14:56 honeypot-ams-1 sshd[6178]: Disconnected from authenticating user root 203.147.62.94 port 50532 [preauth]","@timestamp":"2022-09-18T16:14:56.850Z"}
{"@timestamp":"2022-09-18T16:17:01.550Z","@version":"1","message":"Sep 18 16:17:01 honeypot-sgp-1 CRON[31200]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:20:10 honeypot-ams-1 sshd[6184]: Received disconnect from 61.80.179.118 port 43189:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:20:11.006Z"}
{"@timestamp":"2022-09-18T16:24:33.735Z","@version":"1","message":"Sep 18 16:24:32 honeypot-sgp-1 sshd[31207]: Disconnected from authenticating user root 61.177.173.51 port 14544 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:24:44 honeypot-fra-1 sshd[28507]: Received disconnect from 61.177.173.39 port 54584:11:  [preauth]","@timestamp":"2022-09-18T16:24:44.245Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:25:07 honeypot-fra-1 sshd[28513]: error: maximum authentication attempts exceeded for invalid user admin from 58.182.93.100 port 35593 ssh2 [preauth]","@timestamp":"2022-09-18T16:25:08.257Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:26:55 honeypot-fra-1 sshd[28521]: Disconnected from authenticating user root 61.177.172.114 port 40172 [preauth]","@timestamp":"2022-09-18T16:26:56.299Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:28:04 honeypot-ams-1 sshd[6190]: Disconnected from authenticating user root 143.244.158.100 port 53416 [preauth]","@timestamp":"2022-09-18T16:28:05.212Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:30:44 honeypot-ams-1 sshd[6196]: Received disconnect from 143.244.158.100 port 45924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:30:44.286Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:31:52 honeypot-fra-1 sshd[28526]: Received disconnect from 61.177.172.104 port 12675:11:  [preauth]","@timestamp":"2022-09-18T16:31:53.412Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:33:20 honeypot-ams-1 sshd[6203]: Received disconnect from 143.244.158.100 port 60792:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:33:21.355Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:35:02 honeypot-ams-1 sshd[6209]: Disconnected from authenticating user root 143.244.158.100 port 35330 [preauth]","@timestamp":"2022-09-18T16:35:02.401Z"}
{"@timestamp":"2022-09-18T16:35:28.998Z","@version":"1","message":"Sep 18 16:35:28 honeypot-sgp-1 kernel: [84395031.571971] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=47.90.203.174 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=47461 PROTO=TCP SPT=58576 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:37:35 honeypot-ams-1 sshd[6215]: Disconnected from authenticating user root 143.244.158.100 port 47194 [preauth]","@timestamp":"2022-09-18T16:37:35.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:38:17 honeypot-fra-1 sshd[28531]: Disconnected from invalid user admin 45.120.216.114 port 57090 [preauth]","@timestamp":"2022-09-18T16:38:17.556Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:40:09 honeypot-ams-1 sshd[6222]: Received disconnect from 143.244.158.100 port 34064:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:40:10.534Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:41:01 honeypot-ams-1 sshd[6226]: Disconnected from invalid user admin 92.255.85.70 port 52112 [preauth]","@timestamp":"2022-09-18T16:41:02.559Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:41:38 honeypot-fra-1 sshd[28536]: Invalid user admin from 121.154.38.73 port 42305","@timestamp":"2022-09-18T16:41:39.636Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:42:35 honeypot-ams-1 sshd[6232]: Received disconnect from 159.223.164.107 port 39054:11: Bye Bye [preauth]","@timestamp":"2022-09-18T16:42:35.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:44:30 honeypot-ams-1 sshd[6239]: Received disconnect from 143.244.158.100 port 37554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:44:31.652Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:26 honeypot-ams-1 sshd[6244]: Disconnected from authenticating user root 143.244.158.100 port 45692 [preauth]","@timestamp":"2022-09-18T16:46:27.701Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:38 honeypot-ams-1 sshd[6248]: Disconnected from invalid user user 45.61.184.204 port 39248 [preauth]","@timestamp":"2022-09-18T16:46:39.707Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:46:58 honeypot-ams-1 sshd[6252]: Disconnected from invalid user user 45.61.184.204 port 34450 [preauth]","@timestamp":"2022-09-18T16:46:58.717Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:47:16 honeypot-ams-1 sshd[6256]: Disconnected from invalid user user 45.61.184.204 port 57880 [preauth]","@timestamp":"2022-09-18T16:47:16.725Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:48:17 honeypot-ams-1 sshd[6262]: Received disconnect from 143.244.158.100 port 36582:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:48:17.750Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28554]: Invalid user www from 139.59.152.202 port 44004","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28549]: Invalid user oracle from 139.59.152.202 port 43990","@timestamp":"2022-09-18T16:49:54.841Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28548]: Invalid user guest from 139.59.152.202 port 43994","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28547]: Invalid user admin from 139.59.152.202 port 43988","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28546]: Connection closed by authenticating user root 139.59.152.202 port 43986 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28553]: Connection closed by invalid user mysql 139.59.152.202 port 44002 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:49:54 honeypot-fra-1 sshd[28566]: Connection closed by authenticating user root 139.59.152.202 port 44048 [preauth]","@timestamp":"2022-09-18T16:49:54.842Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:50:57 honeypot-ams-1 sshd[6269]: Received disconnect from 143.244.158.100 port 52882:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:50:57.824Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:51:52 honeypot-ams-1 sshd[6274]: Received disconnect from 143.244.158.100 port 38262:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:51:52.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:08 honeypot-ams-1 sshd[6278]: Received disconnect from 45.61.186.249 port 38274:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:52:08.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:26 honeypot-ams-1 sshd[6282]: Received disconnect from 45.61.186.249 port 33482:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:52:26.871Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:52:43 honeypot-ams-1 sshd[6286]: Received disconnect from 45.61.186.249 port 56912:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:52:43.880Z"}
{"@timestamp":"2022-09-18T16:53:02.421Z","@version":"1","message":"Sep 18 16:53:02 honeypot-sgp-1 sshd[31227]: Invalid user admin from 119.201.180.229 port 39028","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:54:34 honeypot-ams-1 sshd[6293]: Received disconnect from 143.244.158.100 port 44380:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:54:34.932Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 16:55:26 honeypot-fra-1 sshd[28594]: Disconnected from authenticating user root 61.177.173.46 port 12818 [preauth]","@timestamp":"2022-09-18T16:55:26.964Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:55:29 honeypot-ams-1 sshd[6297]: Disconnected from authenticating user root 143.244.158.100 port 44392 [preauth]","@timestamp":"2022-09-18T16:55:29.958Z"}
{"@timestamp":"2022-09-18T16:56:48.512Z","@version":"1","message":"Sep 18 16:56:47 honeypot-sgp-1 sshd[31234]: Disconnected from authenticating user root 61.177.173.36 port 17100 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T16:57:50.541Z","@version":"1","message":"Sep 18 16:57:49 honeypot-sgp-1 sshd[31238]: Disconnected from authenticating user root 61.177.173.50 port 33410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 16:58:25 honeypot-ams-1 sshd[6303]: Received disconnect from 143.244.158.100 port 51052:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T16:58:26.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:01:09 honeypot-ams-1 sshd[6310]: Received disconnect from 143.244.158.100 port 46538:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T17:01:10.115Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:02:59 honeypot-fra-1 kernel: [84394986.360816] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=48474 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:03:00.135Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:03:33 honeypot-ams-1 kernel: [84397192.764296] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=33010 PROTO=TCP SPT=51200 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:03:33.182Z"}
{"@timestamp":"2022-09-18T17:05:42.731Z","@version":"1","message":"Sep 18 17:05:41 honeypot-sgp-1 sshd[31246]: Disconnected from authenticating user root 61.177.173.51 port 40859 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:05:44 honeypot-ams-1 sshd[6321]: Disconnected from authenticating user root 143.244.158.100 port 45086 [preauth]","@timestamp":"2022-09-18T17:05:45.243Z"}
{"@timestamp":"2022-09-18T17:06:20.747Z","@version":"1","message":"Sep 18 17:06:20 honeypot-sgp-1 sshd[31250]: Connection closed by invalid user dev 103.188.176.251 port 56404 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:06:53 honeypot-fra-1 sshd[28607]: Disconnected from invalid user dba 20.87.45.109 port 56450 [preauth]","@timestamp":"2022-09-18T17:06:54.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:08:03 honeypot-fra-1 sshd[28614]: Received disconnect from 45.183.192.14 port 54074:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:08:04.252Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:08:23 honeypot-ams-1 sshd[6327]: Disconnected from authenticating user root 143.244.158.100 port 54374 [preauth]","@timestamp":"2022-09-18T17:08:23.316Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:10:09 honeypot-ams-1 sshd[6334]: Disconnected from authenticating user root 143.244.158.100 port 54640 [preauth]","@timestamp":"2022-09-18T17:10:10.367Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:11:33 honeypot-ams-1 sshd[6341]: Connection closed by invalid user postgres 193.106.191.157 port 34694 [preauth]","@timestamp":"2022-09-18T17:11:34.408Z"}
{"@timestamp":"2022-09-18T17:13:06.910Z","@version":"1","message":"Sep 18 17:13:06 honeypot-sgp-1 kernel: [84397289.442975] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=3980 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:13:40 honeypot-ams-1 sshd[6347]: Disconnected from authenticating user root 143.244.158.100 port 49866 [preauth]","@timestamp":"2022-09-18T17:13:41.468Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:14:51 honeypot-fra-1 kernel: [84395698.041839] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=45085 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:14:51.406Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28634]: Invalid user admin from 24.213.148.68 port 37982","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:13 honeypot-fra-1 sshd[28636]: Invalid user kibana from 24.213.148.68 port 37990","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28659]: Invalid user steam from 24.213.148.68 port 38008","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28643]: Connection closed by authenticating user root 24.213.148.68 port 37978 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28628]: Connection closed by invalid user ubuntu 24.213.148.68 port 37988 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28648]: Connection closed by authenticating user root 24.213.148.68 port 38030 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28642]: Connection closed by invalid user ansible 24.213.148.68 port 38032 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28638]: Connection closed by invalid user mysql 24.213.148.68 port 37968 [preauth]","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:14 honeypot-fra-1 sshd[28654]: Invalid user test from 24.213.148.68 port 37964","@timestamp":"2022-09-18T17:16:14.439Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:16:35 honeypot-fra-1 sshd[28624]: Connection reset by 61.177.173.49 port 37398 [preauth]","@timestamp":"2022-09-18T17:16:36.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:17:02.004Z","@version":"1","message":"Sep 18 17:17:01 honeypot-sgp-1 CRON[31262]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:17:01 honeypot-ams-1 CRON[6354]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T17:17:02.557Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:18:05 honeypot-fra-1 sshd[28695]: Received disconnect from 61.177.172.124 port 56278:11:  [preauth]","@timestamp":"2022-09-18T17:18:06.485Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:20:33 honeypot-ams-1 sshd[6360]: Received disconnect from 23.225.191.123 port 51538:11: Bye Bye [preauth]","@timestamp":"2022-09-18T17:20:33.648Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:25:06 honeypot-fra-1 kernel: [84396313.275870] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=62132 PROTO=TCP SPT=49406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:25:06.645Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T17:27:18.252Z","@version":"1","message":"Sep 18 17:27:17 honeypot-sgp-1 sshd[31270]: Disconnecting invalid user admin 118.70.81.109 port 5706: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 17:30:17 honeypot-ams-1 kernel: [84398797.236629] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=38056 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T17:30:17.903Z"}
{"@timestamp":"2022-09-18T17:30:51.341Z","@version":"1","message":"Sep 18 17:30:50 honeypot-sgp-1 kernel: [84398353.310704] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=36628 PROTO=TCP SPT=42206 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 17:35:14 honeypot-ams-1 sshd[6368]: Disconnected from invalid user prueba 92.255.85.69 port 48814 [preauth]","@timestamp":"2022-09-18T17:35:15.035Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:35:16 honeypot-fra-1 sshd[28711]: Connection closed by invalid user postgres 193.106.191.157 port 44628 [preauth]","@timestamp":"2022-09-18T17:35:16.871Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:45:08.709Z","@version":"1","message":"Sep 18 17:45:08 honeypot-sgp-1 kernel: [84399211.128306] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=51.104.20.135 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=112 ID=48339 DF PROTO=TCP SPT=54769 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T17:48:57.799Z","@version":"1","message":"Sep 18 17:48:57 honeypot-sgp-1 sshd[31289]: Connection closed by invalid user cisco 179.43.145.98 port 54560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 17:51:26 honeypot-fra-1 sshd[28720]: Disconnected from invalid user litvak1 165.22.45.108 port 42034 [preauth]","@timestamp":"2022-09-18T17:51:26.229Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T17:53:03.899Z","@version":"1","message":"Sep 18 17:53:03 honeypot-sgp-1 sshd[31299]: Disconnected from authenticating user root 61.177.173.35 port 51534 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:03:10.141Z","@version":"1","message":"Sep 18 18:03:10 honeypot-sgp-1 sshd[31304]: Received disconnect from 61.177.173.51 port 64303:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:03:47 honeypot-ams-1 kernel: [84400806.970677] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=35.200.200.0 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x60 TTL=251 ID=41582 PROTO=TCP SPT=57775 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:03:47.766Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:09:29 honeypot-ams-1 kernel: [84401148.587831] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=9867 PROTO=TCP SPT=49406 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:09:29.921Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:10:04 honeypot-fra-1 sshd[28734]: Invalid user pi from 92.255.85.69 port 46070","@timestamp":"2022-09-18T18:10:04.666Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:10:20 honeypot-ams-1 sshd[6378]: Disconnected from invalid user ztt 51.83.131.123 port 45296 [preauth]","@timestamp":"2022-09-18T18:10:20.945Z"}
{"@timestamp":"2022-09-18T18:13:25.392Z","@version":"1","message":"Sep 18 18:13:24 honeypot-sgp-1 sshd[31312]: Received disconnect from 61.177.173.46 port 18902:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:13:36 honeypot-fra-1 sshd[28738]: Disconnected from invalid user d6nw5v1x2pc7st9m 91.240.118.222 port 36099 [preauth]","@timestamp":"2022-09-18T18:13:37.748Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:14:06.411Z","@version":"1","message":"Sep 18 18:14:05 honeypot-sgp-1 sshd[31319]: Invalid user admin from 165.232.158.22 port 36594","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:17:01.482Z","@version":"1","message":"Sep 18 18:17:01 honeypot-sgp-1 CRON[31325]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:17:01 honeypot-fra-1 CRON[28741]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T18:17:01.832Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:17:01 honeypot-ams-1 CRON[6383]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T18:17:02.121Z"}
{"@timestamp":"2022-09-18T18:18:32.520Z","@version":"1","message":"Sep 18 18:18:31 honeypot-sgp-1 sshd[31330]: Received disconnect from 167.99.126.215 port 34464:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:19:30 honeypot-fra-1 sshd[28746]: Invalid user oz from 96.78.175.36 port 58216","@timestamp":"2022-09-18T18:19:30.892Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:21:40 honeypot-fra-1 sshd[28753]: Invalid user kt from 164.92.151.127 port 33464","@timestamp":"2022-09-18T18:21:40.944Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:33 honeypot-fra-1 sshd[28774]: Invalid user esuser from 183.146.30.163 port 33504","@timestamp":"2022-09-18T18:24:34.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:34 honeypot-fra-1 sshd[28781]: Connection closed by authenticating user root 183.146.30.163 port 33496 [preauth]","@timestamp":"2022-09-18T18:24:35.014Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28778]: Connection closed by authenticating user root 183.146.30.163 port 33532 [preauth]","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:35 honeypot-fra-1 sshd[28767]: Invalid user git from 183.146.30.163 port 33484","@timestamp":"2022-09-18T18:24:36.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:36 honeypot-fra-1 sshd[28780]: Invalid user demo from 183.146.30.163 port 33516","@timestamp":"2022-09-18T18:24:37.015Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:24:39 honeypot-fra-1 sshd[28765]: Connection closed by authenticating user root 183.146.30.163 port 33534 [preauth]","@timestamp":"2022-09-18T18:24:40.017Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28823]: Invalid user admin from 130.193.40.11 port 33190","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28814]: Invalid user chia from 130.193.40.11 port 33082","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28822]: Invalid user oracle from 130.193.40.11 port 32974","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28813]: Invalid user es from 130.193.40.11 port 32944","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28814]: Connection closed by invalid user chia 130.193.40.11 port 33082 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:14 honeypot-fra-1 sshd[28818]: Connection closed by invalid user admin 130.193.40.11 port 32968 [preauth]","@timestamp":"2022-09-18T18:25:15.034Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:15 honeypot-fra-1 sshd[28832]: Invalid user mysql from 130.193.40.11 port 33076","@timestamp":"2022-09-18T18:25:16.035Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28858]: Invalid user ftpuser from 130.193.40.11 port 33068","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:25:17 honeypot-fra-1 sshd[28858]: Connection closed by invalid user ftpuser 130.193.40.11 port 33068 [preauth]","@timestamp":"2022-09-18T18:25:18.036Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:25:56 honeypot-ams-1 kernel: [84402135.590785] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=203.122.46.42 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=32419 PROTO=TCP SPT=42341 DPT=80 WINDOW=36795 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:25:56.381Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:27:12 honeypot-fra-1 sshd[28872]: ssh_dispatch_run_fatal: Connection from 69.112.204.55 port 45642: Connection corrupted [preauth]","@timestamp":"2022-09-18T18:27:13.083Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:30:19.817Z","@version":"1","message":"Sep 18 18:30:19 honeypot-sgp-1 sshd[31346]: Disconnected from authenticating user root 61.177.172.114 port 26263 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:33:51 honeypot-fra-1 sshd[28881]: Received disconnect from 61.177.173.35 port 27091:11:  [preauth]","@timestamp":"2022-09-18T18:33:51.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:40:56 honeypot-fra-1 sshd[28884]: Disconnected from authenticating user root 61.177.172.104 port 52277 [preauth]","@timestamp":"2022-09-18T18:40:56.401Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 18:41:16 honeypot-ams-1 kernel: [84403055.704715] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=57224 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:41:16.782Z"}
{"@timestamp":"2022-09-18T18:42:45.129Z","@version":"1","message":"Sep 18 18:42:44 honeypot-sgp-1 sshd[31358]: Received disconnect from 20.171.106.5 port 54400:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:46:45.225Z","@version":"1","message":"Sep 18 18:46:44 honeypot-sgp-1 sshd[31364]: Disconnected from authenticating user root 61.177.173.47 port 64670 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:49:27.290Z","@version":"1","message":"Sep 18 18:49:26 honeypot-sgp-1 sshd[31369]: Disconnected from invalid user admin 124.160.96.249 port 24237 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:50:33 honeypot-fra-1 kernel: [84401439.923272] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=206.189.153.232 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=58193 DF PROTO=TCP SPT=52170 DPT=5432 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T18:50:33.639Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T18:53:09.403Z","@version":"1","message":"Sep 18 18:53:08 honeypot-sgp-1 sshd[31374]: Disconnected from invalid user temp 178.18.206.83 port 57874 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T18:54:32.439Z","@version":"1","message":"Sep 18 18:54:31 honeypot-sgp-1 sshd[31380]: Received disconnect from 180.218.224.139 port 55764:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:21 honeypot-fra-1 sshd[28896]: Received disconnect from 45.61.184.204 port 45252:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T18:56:21.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:31 honeypot-fra-1 sshd[28898]: Received disconnect from 45.61.184.204 port 57128:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T18:56:31.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:56:51 honeypot-fra-1 sshd[28902]: Received disconnect from 45.61.184.204 port 52652:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T18:56:52.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 18:57:11 honeypot-fra-1 sshd[28906]: Received disconnect from 45.61.184.204 port 48170:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T18:57:11.799Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T18:57:14.504Z","@version":"1","message":"Sep 18 18:57:14 honeypot-sgp-1 sshd[31385]: Disconnected from 161.35.113.79 port 47912 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 18:58:49 honeypot-ams-1 sshd[6398]: Invalid user test2 from 43.128.104.254 port 51318","@timestamp":"2022-09-18T18:58:50.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:00:27 honeypot-fra-1 sshd[28912]: Received disconnect from 61.177.173.36 port 29677:11:  [preauth]","@timestamp":"2022-09-18T19:00:27.873Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:01:18 honeypot-ams-1 sshd[6401]: Received disconnect from 80.253.31.232 port 41978:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:01:19.316Z"}
{"@timestamp":"2022-09-18T19:01:40.610Z","@version":"1","message":"Sep 18 19:01:39 honeypot-sgp-1 sshd[31392]: Disconnected from authenticating user root 61.177.172.98 port 27862 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:05:54 honeypot-ams-1 sshd[6408]: Invalid user oikawa from 157.245.154.129 port 39836","@timestamp":"2022-09-18T19:05:55.440Z"}
{"@timestamp":"2022-09-18T19:08:06.761Z","@version":"1","message":"Sep 18 19:08:06 honeypot-sgp-1 sshd[31401]: Received disconnect from 189.4.149.140 port 58296:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:08:32 honeypot-fra-1 kernel: [84402518.466373] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.168.28.237 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=26713 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:08:33.060Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:10:47 honeypot-ams-1 sshd[6410]: Received disconnect from 92.255.85.69 port 32402:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:10:47.572Z"}
{"@timestamp":"2022-09-18T19:16:45.978Z","@version":"1","message":"Sep 18 19:16:45 honeypot-sgp-1 sshd[31406]: Received disconnect from 61.177.172.124 port 18963:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:17:01 honeypot-fra-1 CRON[28932]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T19:17:02.253Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:17:01 honeypot-ams-1 CRON[6416]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T19:17:02.739Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:18:15 honeypot-ams-1 sshd[6423]: Received disconnect from 206.189.159.9 port 55334:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:18:16.773Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:18:54 honeypot-ams-1 sshd[6428]: Received disconnect from 20.57.113.125 port 60308:11: Bye Bye [preauth]","@timestamp":"2022-09-18T19:18:54.792Z"}
{"@timestamp":"2022-09-18T19:23:23.134Z","@version":"1","message":"Sep 18 19:23:22 honeypot-sgp-1 sshd[31413]: Received disconnect from 61.177.173.53 port 33578:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 19:24:07 honeypot-ams-1 kernel: [84405627.388213] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=56842 PROTO=TCP SPT=48252 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:24:07.934Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:21 honeypot-fra-1 sshd[28946]: Connection closed by authenticating user root 13.126.217.41 port 57980 [preauth]","@timestamp":"2022-09-18T19:27:21.489Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:26 honeypot-fra-1 sshd[28958]: Connection closed by authenticating user root 13.126.217.41 port 35888 [preauth]","@timestamp":"2022-09-18T19:27:27.494Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:32 honeypot-fra-1 sshd[28970]: Connection closed by authenticating user root 13.126.217.41 port 42020 [preauth]","@timestamp":"2022-09-18T19:27:32.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:38 honeypot-fra-1 sshd[28982]: Connection closed by authenticating user root 13.126.217.41 port 48676 [preauth]","@timestamp":"2022-09-18T19:27:38.502Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:43 honeypot-fra-1 sshd[28994]: Connection closed by authenticating user root 13.126.217.41 port 55442 [preauth]","@timestamp":"2022-09-18T19:27:44.505Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:49 honeypot-fra-1 sshd[29006]: Connection closed by authenticating user root 13.126.217.41 port 33592 [preauth]","@timestamp":"2022-09-18T19:27:49.508Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:27:55.239Z","@version":"1","message":"Sep 18 19:27:54 honeypot-sgp-1 sshd[31418]: Received disconnect from 109.115.187.31 port 50578:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:27:55 honeypot-fra-1 sshd[29018]: Connection closed by authenticating user root 13.126.217.41 port 40068 [preauth]","@timestamp":"2022-09-18T19:27:55.513Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:00 honeypot-fra-1 sshd[29030]: Connection closed by authenticating user root 13.126.217.41 port 46468 [preauth]","@timestamp":"2022-09-18T19:28:01.517Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:06 honeypot-fra-1 sshd[29042]: Connection closed by authenticating user root 13.126.217.41 port 52692 [preauth]","@timestamp":"2022-09-18T19:28:06.520Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:12 honeypot-fra-1 sshd[29054]: Connection closed by authenticating user root 13.126.217.41 port 59222 [preauth]","@timestamp":"2022-09-18T19:28:12.524Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:17 honeypot-fra-1 sshd[29066]: Connection closed by authenticating user root 13.126.217.41 port 37012 [preauth]","@timestamp":"2022-09-18T19:28:18.528Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:23 honeypot-fra-1 sshd[29078]: Connection closed by authenticating user root 13.126.217.41 port 43396 [preauth]","@timestamp":"2022-09-18T19:28:23.532Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:28 honeypot-fra-1 sshd[29088]: Connection closed by authenticating user root 13.126.217.41 port 48582 [preauth]","@timestamp":"2022-09-18T19:28:28.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:33 honeypot-fra-1 sshd[29100]: Connection closed by authenticating user root 13.126.217.41 port 54988 [preauth]","@timestamp":"2022-09-18T19:28:34.538Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:38 honeypot-fra-1 sshd[29110]: Connection closed by invalid user user 13.126.217.41 port 60394 [preauth]","@timestamp":"2022-09-18T19:28:38.541Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:28:39 honeypot-ams-1 sshd[6436]: Disconnected from authenticating user root 52.151.24.212 port 38920 [preauth]","@timestamp":"2022-09-18T19:28:39.398Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:41 honeypot-fra-1 sshd[29116]: Connection closed by invalid user user 13.126.217.41 port 35164 [preauth]","@timestamp":"2022-09-18T19:28:41.543Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:43 honeypot-fra-1 sshd[29122]: Connection closed by invalid user user 13.126.217.41 port 38346 [preauth]","@timestamp":"2022-09-18T19:28:44.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:46 honeypot-fra-1 sshd[29128]: Connection closed by invalid user user 13.126.217.41 port 41306 [preauth]","@timestamp":"2022-09-18T19:28:47.547Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:49 honeypot-fra-1 sshd[29134]: Connection closed by invalid user user 13.126.217.41 port 44444 [preauth]","@timestamp":"2022-09-18T19:28:50.548Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:52 honeypot-fra-1 sshd[29140]: Connection closed by invalid user user 13.126.217.41 port 47666 [preauth]","@timestamp":"2022-09-18T19:28:52.550Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:55 honeypot-fra-1 sshd[29146]: Connection closed by invalid user user 13.126.217.41 port 50728 [preauth]","@timestamp":"2022-09-18T19:28:55.552Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:28:57 honeypot-fra-1 sshd[29152]: Connection closed by invalid user user 13.126.217.41 port 53636 [preauth]","@timestamp":"2022-09-18T19:28:58.554Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:00 honeypot-fra-1 sshd[29158]: Connection closed by invalid user user 13.126.217.41 port 56796 [preauth]","@timestamp":"2022-09-18T19:29:01.556Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:03 honeypot-fra-1 sshd[29164]: Connection closed by invalid user user 13.126.217.41 port 59854 [preauth]","@timestamp":"2022-09-18T19:29:03.557Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:06 honeypot-fra-1 sshd[29170]: Connection closed by invalid user user 13.126.217.41 port 34674 [preauth]","@timestamp":"2022-09-18T19:29:06.559Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:08 honeypot-fra-1 sshd[29176]: Connection closed by invalid user user 13.126.217.41 port 37608 [preauth]","@timestamp":"2022-09-18T19:29:09.562Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:11 honeypot-fra-1 sshd[29182]: Connection closed by invalid user user 13.126.217.41 port 40714 [preauth]","@timestamp":"2022-09-18T19:29:12.563Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:14 honeypot-fra-1 sshd[29188]: Connection closed by invalid user user 13.126.217.41 port 44030 [preauth]","@timestamp":"2022-09-18T19:29:15.565Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:17 honeypot-fra-1 sshd[29194]: Connection closed by invalid user user 13.126.217.41 port 46994 [preauth]","@timestamp":"2022-09-18T19:29:17.566Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:20 honeypot-fra-1 sshd[29200]: Connection closed by invalid user user 13.126.217.41 port 50064 [preauth]","@timestamp":"2022-09-18T19:29:20.568Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:22 honeypot-fra-1 sshd[29206]: Connection closed by invalid user user 13.126.217.41 port 53098 [preauth]","@timestamp":"2022-09-18T19:29:23.571Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:25 honeypot-fra-1 sshd[29212]: Connection closed by invalid user user 13.126.217.41 port 56262 [preauth]","@timestamp":"2022-09-18T19:29:25.572Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:28 honeypot-fra-1 sshd[29218]: Connection closed by invalid user user 13.126.217.41 port 59034 [preauth]","@timestamp":"2022-09-18T19:29:28.574Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:31 honeypot-fra-1 sshd[29224]: Connection closed by invalid user user 13.126.217.41 port 34072 [preauth]","@timestamp":"2022-09-18T19:29:31.576Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:33 honeypot-fra-1 sshd[29230]: Connection closed by invalid user user 13.126.217.41 port 37072 [preauth]","@timestamp":"2022-09-18T19:29:34.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:36 honeypot-fra-1 sshd[29236]: Connection closed by invalid user user 13.126.217.41 port 40066 [preauth]","@timestamp":"2022-09-18T19:29:37.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:39 honeypot-fra-1 sshd[29242]: Connection closed by invalid user user 13.126.217.41 port 42996 [preauth]","@timestamp":"2022-09-18T19:29:39.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:42 honeypot-fra-1 sshd[29248]: Connection closed by invalid user user 13.126.217.41 port 45992 [preauth]","@timestamp":"2022-09-18T19:29:42.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:44 honeypot-fra-1 sshd[29254]: Connection closed by invalid user user 13.126.217.41 port 48890 [preauth]","@timestamp":"2022-09-18T19:29:45.585Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:47 honeypot-fra-1 sshd[29260]: Connection closed by invalid user user 13.126.217.41 port 52078 [preauth]","@timestamp":"2022-09-18T19:29:48.586Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:50 honeypot-fra-1 sshd[29266]: Connection closed by invalid user user 13.126.217.41 port 54948 [preauth]","@timestamp":"2022-09-18T19:29:50.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:53 honeypot-fra-1 sshd[29272]: Connection closed by invalid user user 13.126.217.41 port 57896 [preauth]","@timestamp":"2022-09-18T19:29:53.591Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:55 honeypot-fra-1 sshd[29278]: Connection closed by invalid user ubuntu 13.126.217.41 port 60904 [preauth]","@timestamp":"2022-09-18T19:29:56.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:29:58 honeypot-fra-1 sshd[29284]: Connection closed by invalid user ubuntu 13.126.217.41 port 35634 [preauth]","@timestamp":"2022-09-18T19:29:59.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:01 honeypot-fra-1 sshd[29290]: Connection closed by invalid user ubuntu 13.126.217.41 port 38560 [preauth]","@timestamp":"2022-09-18T19:30:01.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:03 honeypot-fra-1 sshd[29296]: Connection closed by invalid user ubuntu 13.126.217.41 port 41448 [preauth]","@timestamp":"2022-09-18T19:30:04.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:06 honeypot-fra-1 sshd[29302]: Connection closed by invalid user ubuntu 13.126.217.41 port 44408 [preauth]","@timestamp":"2022-09-18T19:30:07.600Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:09 honeypot-fra-1 sshd[29308]: Connection closed by invalid user ubuntu 13.126.217.41 port 47508 [preauth]","@timestamp":"2022-09-18T19:30:10.602Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:12 honeypot-fra-1 sshd[29314]: Connection closed by invalid user ubuntu 13.126.217.41 port 50508 [preauth]","@timestamp":"2022-09-18T19:30:12.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:14 honeypot-fra-1 sshd[29320]: Connection closed by invalid user ubuntu 13.126.217.41 port 53272 [preauth]","@timestamp":"2022-09-18T19:30:15.604Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:17 honeypot-fra-1 sshd[29326]: Connection closed by invalid user ubuntu 13.126.217.41 port 56174 [preauth]","@timestamp":"2022-09-18T19:30:17.606Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:20 honeypot-fra-1 sshd[29332]: Connection closed by invalid user ubuntu 13.126.217.41 port 59114 [preauth]","@timestamp":"2022-09-18T19:30:20.608Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:23 honeypot-fra-1 sshd[29338]: Connection closed by invalid user ubuntu 13.126.217.41 port 33812 [preauth]","@timestamp":"2022-09-18T19:30:23.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:25 honeypot-fra-1 sshd[29344]: Connection closed by invalid user ubuntu 13.126.217.41 port 36656 [preauth]","@timestamp":"2022-09-18T19:30:26.650Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:28 honeypot-fra-1 sshd[29350]: Connection closed by invalid user ubuntu 13.126.217.41 port 39450 [preauth]","@timestamp":"2022-09-18T19:30:28.651Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:31 honeypot-fra-1 sshd[29356]: Connection closed by invalid user ubuntu 13.126.217.41 port 42482 [preauth]","@timestamp":"2022-09-18T19:30:31.653Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:33 honeypot-fra-1 sshd[29363]: Connection closed by invalid user ubuntu 13.126.217.41 port 45146 [preauth]","@timestamp":"2022-09-18T19:30:34.655Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:36 honeypot-fra-1 sshd[29369]: Connection closed by invalid user ubuntu 13.126.217.41 port 48228 [preauth]","@timestamp":"2022-09-18T19:30:36.657Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:39 honeypot-fra-1 sshd[29375]: Connection closed by invalid user ubuntu 13.126.217.41 port 51108 [preauth]","@timestamp":"2022-09-18T19:30:39.659Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:41 honeypot-fra-1 sshd[29381]: Connection closed by invalid user ubuntu 13.126.217.41 port 54034 [preauth]","@timestamp":"2022-09-18T19:30:42.661Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:44 honeypot-fra-1 sshd[29387]: Connection closed by invalid user ubuntu 13.126.217.41 port 56778 [preauth]","@timestamp":"2022-09-18T19:30:44.662Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:47 honeypot-fra-1 sshd[29393]: Connection closed by invalid user ubuntu 13.126.217.41 port 59632 [preauth]","@timestamp":"2022-09-18T19:30:47.665Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:50 honeypot-fra-1 sshd[29399]: Connection closed by invalid user ubuntu 13.126.217.41 port 34402 [preauth]","@timestamp":"2022-09-18T19:30:50.666Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:52 honeypot-fra-1 sshd[29405]: Connection closed by invalid user ubuntu 13.126.217.41 port 37272 [preauth]","@timestamp":"2022-09-18T19:30:53.669Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:55 honeypot-fra-1 sshd[29411]: Connection closed by invalid user ubuntu 13.126.217.41 port 40306 [preauth]","@timestamp":"2022-09-18T19:30:55.670Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:30:58 honeypot-fra-1 sshd[29417]: Connection closed by invalid user ubuntu 13.126.217.41 port 43094 [preauth]","@timestamp":"2022-09-18T19:30:58.672Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:00 honeypot-fra-1 sshd[29423]: Connection closed by invalid user ubuntu 13.126.217.41 port 45904 [preauth]","@timestamp":"2022-09-18T19:31:01.674Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:03 honeypot-fra-1 sshd[29429]: Connection closed by invalid user ubuntu 13.126.217.41 port 48930 [preauth]","@timestamp":"2022-09-18T19:31:03.675Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:06 honeypot-fra-1 sshd[29435]: Connection closed by invalid user ubuntu 13.126.217.41 port 51800 [preauth]","@timestamp":"2022-09-18T19:31:06.677Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:08 honeypot-fra-1 sshd[29441]: Connection closed by invalid user debian 13.126.217.41 port 54614 [preauth]","@timestamp":"2022-09-18T19:31:09.679Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:11 honeypot-fra-1 sshd[29447]: Connection closed by invalid user debian 13.126.217.41 port 57264 [preauth]","@timestamp":"2022-09-18T19:31:11.681Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:14 honeypot-fra-1 sshd[29453]: Connection closed by invalid user debian 13.126.217.41 port 60120 [preauth]","@timestamp":"2022-09-18T19:31:14.682Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:16 honeypot-fra-1 sshd[29459]: Connection closed by invalid user debian 13.126.217.41 port 35024 [preauth]","@timestamp":"2022-09-18T19:31:17.684Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:19 honeypot-fra-1 sshd[29465]: Connection closed by invalid user debian 13.126.217.41 port 38110 [preauth]","@timestamp":"2022-09-18T19:31:19.685Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:22 honeypot-fra-1 sshd[29471]: Connection closed by invalid user debian 13.126.217.41 port 41384 [preauth]","@timestamp":"2022-09-18T19:31:22.688Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:24 honeypot-fra-1 sshd[29477]: Connection closed by invalid user debian 13.126.217.41 port 44626 [preauth]","@timestamp":"2022-09-18T19:31:25.690Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:27 honeypot-fra-1 sshd[29484]: Connection closed by invalid user debian 13.126.217.41 port 47868 [preauth]","@timestamp":"2022-09-18T19:31:27.691Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:30 honeypot-fra-1 sshd[29490]: Connection closed by invalid user debian 13.126.217.41 port 51150 [preauth]","@timestamp":"2022-09-18T19:31:30.693Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:32 honeypot-fra-1 sshd[29496]: Connection closed by invalid user debian 13.126.217.41 port 54112 [preauth]","@timestamp":"2022-09-18T19:31:33.695Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:35 honeypot-fra-1 sshd[29502]: Connection closed by invalid user debian 13.126.217.41 port 57126 [preauth]","@timestamp":"2022-09-18T19:31:35.696Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:38 honeypot-fra-1 sshd[29508]: Connection closed by invalid user debian 13.126.217.41 port 59804 [preauth]","@timestamp":"2022-09-18T19:31:38.698Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:31:39.328Z","@version":"1","message":"Sep 18 19:31:38 honeypot-sgp-1 sshd[31424]: Received disconnect from 61.177.173.53 port 58905:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:41 honeypot-fra-1 sshd[29514]: Connection closed by invalid user debian 13.126.217.41 port 34800 [preauth]","@timestamp":"2022-09-18T19:31:41.700Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:43 honeypot-fra-1 sshd[29520]: Connection closed by invalid user debian 13.126.217.41 port 37656 [preauth]","@timestamp":"2022-09-18T19:31:44.702Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:46 honeypot-fra-1 sshd[29526]: Connection closed by invalid user debian 13.126.217.41 port 40618 [preauth]","@timestamp":"2022-09-18T19:31:46.703Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:49 honeypot-fra-1 sshd[29532]: Connection closed by invalid user debian 13.126.217.41 port 43658 [preauth]","@timestamp":"2022-09-18T19:31:49.705Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:51 honeypot-fra-1 sshd[29538]: Connection closed by invalid user debian 13.126.217.41 port 46656 [preauth]","@timestamp":"2022-09-18T19:31:52.707Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:54 honeypot-fra-1 sshd[29544]: Connection closed by invalid user debian 13.126.217.41 port 49526 [preauth]","@timestamp":"2022-09-18T19:31:54.709Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:31:57 honeypot-fra-1 sshd[29550]: Connection closed by invalid user debian 13.126.217.41 port 52494 [preauth]","@timestamp":"2022-09-18T19:31:57.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:00 honeypot-fra-1 sshd[29556]: Connection closed by invalid user debian 13.126.217.41 port 55526 [preauth]","@timestamp":"2022-09-18T19:32:00.712Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:02 honeypot-fra-1 sshd[29563]: Connection closed by invalid user debian 13.126.217.41 port 58750 [preauth]","@timestamp":"2022-09-18T19:32:03.714Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:05 honeypot-fra-1 sshd[29570]: Connection closed by invalid user debian 13.126.217.41 port 33652 [preauth]","@timestamp":"2022-09-18T19:32:05.715Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:32:06.341Z","@version":"1","message":"Sep 18 19:32:06 honeypot-sgp-1 sshd[31428]: Disconnected from invalid user oe 128.199.250.238 port 51632 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:08 honeypot-fra-1 sshd[29576]: Connection closed by invalid user debian 13.126.217.41 port 36826 [preauth]","@timestamp":"2022-09-18T19:32:08.718Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:11 honeypot-fra-1 sshd[29582]: Connection closed by invalid user debian 13.126.217.41 port 39776 [preauth]","@timestamp":"2022-09-18T19:32:11.720Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:13 honeypot-fra-1 sshd[29588]: Connection closed by invalid user debian 13.126.217.41 port 42872 [preauth]","@timestamp":"2022-09-18T19:32:14.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:16 honeypot-fra-1 sshd[29594]: Connection closed by invalid user debian 13.126.217.41 port 45916 [preauth]","@timestamp":"2022-09-18T19:32:16.723Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:19 honeypot-fra-1 sshd[29600]: Connection closed by invalid user debian 13.126.217.41 port 48960 [preauth]","@timestamp":"2022-09-18T19:32:19.724Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:21 honeypot-fra-1 sshd[29606]: Connection closed by invalid user admin 13.126.217.41 port 51876 [preauth]","@timestamp":"2022-09-18T19:32:22.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:24 honeypot-fra-1 sshd[29612]: Connection closed by invalid user admin 13.126.217.41 port 54872 [preauth]","@timestamp":"2022-09-18T19:32:24.728Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:27 honeypot-fra-1 sshd[29618]: Connection closed by invalid user admin 13.126.217.41 port 57970 [preauth]","@timestamp":"2022-09-18T19:32:27.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:30 honeypot-fra-1 sshd[29624]: Connection closed by invalid user admin 13.126.217.41 port 32830 [preauth]","@timestamp":"2022-09-18T19:32:30.732Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:33 honeypot-fra-1 sshd[29630]: Connection closed by invalid user admin 13.126.217.41 port 35844 [preauth]","@timestamp":"2022-09-18T19:32:33.734Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:35 honeypot-fra-1 sshd[29636]: Connection closed by invalid user admin 13.126.217.41 port 38882 [preauth]","@timestamp":"2022-09-18T19:32:36.736Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:38 honeypot-fra-1 sshd[29642]: Connection closed by invalid user admin 13.126.217.41 port 41804 [preauth]","@timestamp":"2022-09-18T19:32:38.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:41 honeypot-fra-1 sshd[29648]: Connection closed by invalid user admin 13.126.217.41 port 44622 [preauth]","@timestamp":"2022-09-18T19:32:41.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:43 honeypot-fra-1 sshd[29654]: Connection closed by invalid user admin 13.126.217.41 port 47336 [preauth]","@timestamp":"2022-09-18T19:32:44.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:46 honeypot-fra-1 sshd[29660]: Connection closed by invalid user admin 13.126.217.41 port 50336 [preauth]","@timestamp":"2022-09-18T19:32:46.742Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:49 honeypot-fra-1 sshd[29666]: Connection closed by invalid user admin 13.126.217.41 port 53500 [preauth]","@timestamp":"2022-09-18T19:32:49.744Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:52 honeypot-fra-1 sshd[29672]: Connection closed by invalid user admin 13.126.217.41 port 56442 [preauth]","@timestamp":"2022-09-18T19:32:52.747Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:54 honeypot-fra-1 sshd[29678]: Connection closed by invalid user admin 13.126.217.41 port 59292 [preauth]","@timestamp":"2022-09-18T19:32:55.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:32:57 honeypot-fra-1 sshd[29684]: Connection closed by invalid user admin 13.126.217.41 port 34046 [preauth]","@timestamp":"2022-09-18T19:32:57.750Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:00 honeypot-fra-1 sshd[29690]: Connection closed by invalid user admin 13.126.217.41 port 36966 [preauth]","@timestamp":"2022-09-18T19:33:00.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:02 honeypot-fra-1 sshd[29696]: Connection closed by invalid user admin 13.126.217.41 port 39916 [preauth]","@timestamp":"2022-09-18T19:33:03.754Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:05 honeypot-fra-1 sshd[29702]: Connection closed by invalid user admin 13.126.217.41 port 42746 [preauth]","@timestamp":"2022-09-18T19:33:05.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:08 honeypot-fra-1 sshd[29708]: Connection closed by invalid user admin 13.126.217.41 port 45624 [preauth]","@timestamp":"2022-09-18T19:33:08.758Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:10 honeypot-fra-1 sshd[29714]: Connection closed by invalid user admin 13.126.217.41 port 48784 [preauth]","@timestamp":"2022-09-18T19:33:11.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:13 honeypot-fra-1 sshd[29720]: Connection closed by invalid user admin 13.126.217.41 port 51780 [preauth]","@timestamp":"2022-09-18T19:33:13.761Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:16 honeypot-fra-1 sshd[29726]: Connection closed by invalid user admin 13.126.217.41 port 54836 [preauth]","@timestamp":"2022-09-18T19:33:16.763Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:18 honeypot-fra-1 sshd[29732]: Connection closed by invalid user admin 13.126.217.41 port 57972 [preauth]","@timestamp":"2022-09-18T19:33:19.765Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:21 honeypot-fra-1 sshd[29739]: Connection closed by invalid user admin 13.126.217.41 port 32982 [preauth]","@timestamp":"2022-09-18T19:33:21.766Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:24 honeypot-fra-1 sshd[29746]: Connection closed by invalid user admin 13.126.217.41 port 36238 [preauth]","@timestamp":"2022-09-18T19:33:24.769Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:26 honeypot-fra-1 sshd[29752]: Connection closed by invalid user admin 13.126.217.41 port 39166 [preauth]","@timestamp":"2022-09-18T19:33:27.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:29 honeypot-fra-1 sshd[29758]: Connection closed by invalid user admin 13.126.217.41 port 42288 [preauth]","@timestamp":"2022-09-18T19:33:30.773Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:32 honeypot-fra-1 sshd[29764]: Connection closed by invalid user admin 13.126.217.41 port 45308 [preauth]","@timestamp":"2022-09-18T19:33:32.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:33:35 honeypot-fra-1 sshd[29770]: Connection closed by invalid user admin 13.126.217.41 port 48606 [preauth]","@timestamp":"2022-09-18T19:33:35.776Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:35:03.413Z","@version":"1","message":"Sep 18 19:35:03 honeypot-sgp-1 sshd[31435]: Received disconnect from 61.177.172.114 port 62305:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:35:31 honeypot-ams-1 sshd[6442]: Disconnected from 206.81.15.128 port 41204 [preauth]","@timestamp":"2022-09-18T19:35:31.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:37:42 honeypot-fra-1 sshd[29777]: Invalid user postgres from 193.106.191.157 port 36132","@timestamp":"2022-09-18T19:37:42.869Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:38:56.506Z","@version":"1","message":"Sep 18 19:38:55 honeypot-sgp-1 sshd[31440]: Received disconnect from 167.99.147.105 port 59268:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:40:43.550Z","@version":"1","message":"Sep 18 19:40:43 honeypot-sgp-1 sshd[31446]: Disconnected from invalid user guoyunpeng 164.92.167.86 port 56642 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:41:57 honeypot-fra-1 sshd[29786]: Invalid user teste from 92.255.85.70 port 28088","@timestamp":"2022-09-18T19:41:57.968Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:42:10.586Z","@version":"1","message":"Sep 18 19:42:09 honeypot-sgp-1 sshd[31453]: Disconnected from invalid user user 45.61.186.49 port 57382 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:42:19.590Z","@version":"1","message":"Sep 18 19:42:19 honeypot-sgp-1 sshd[31457]: Disconnected from invalid user user 45.61.186.49 port 40490 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:44:02.633Z","@version":"1","message":"Sep 18 19:44:02 honeypot-sgp-1 sshd[31464]: Received disconnect from 61.177.173.52 port 14632:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:45:50 honeypot-ams-1 sshd[6447]: Disconnecting invalid user admin 31.52.230.39 port 49192: Too many authentication failures [preauth]","@timestamp":"2022-09-18T19:45:50.860Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:45:59 honeypot-fra-1 sshd[29791]: Received disconnect from 61.177.173.52 port 62047:11:  [preauth]","@timestamp":"2022-09-18T19:46:00.060Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:47:51 honeypot-ams-1 sshd[6452]: Disconnected from invalid user user 45.61.184.204 port 44324 [preauth]","@timestamp":"2022-09-18T19:47:51.917Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:10 honeypot-ams-1 sshd[6456]: Disconnected from invalid user user 45.61.184.204 port 38934 [preauth]","@timestamp":"2022-09-18T19:48:10.929Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:27 honeypot-ams-1 sshd[6460]: Disconnected from invalid user user 45.61.184.204 port 33568 [preauth]","@timestamp":"2022-09-18T19:48:27.938Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:48:43 honeypot-ams-1 sshd[6464]: Disconnected from invalid user user 45.61.184.204 port 56424 [preauth]","@timestamp":"2022-09-18T19:48:43.947Z"}
{"@timestamp":"2022-09-18T19:49:39.766Z","@version":"1","message":"Sep 18 19:49:39 honeypot-sgp-1 kernel: [84406682.160109] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=12995 PROTO=TCP SPT=50214 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:50:41 honeypot-fra-1 kernel: [84405047.725302] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.101.161.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=16688 DF PROTO=TCP SPT=24023 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T19:50:42.167Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:52:45 honeypot-fra-1 sshd[29803]: Received disconnect from 178.128.72.150 port 51404:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:52:46.218Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:53:36 honeypot-fra-1 sshd[29807]: Received disconnect from 178.128.72.150 port 50752:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:53:37.240Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:54:25 honeypot-fra-1 sshd[29812]: Received disconnect from 178.128.72.150 port 50096:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:54:26.262Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:55:13 honeypot-fra-1 sshd[29816]: Received disconnect from 178.128.72.150 port 49438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:55:14.302Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:01 honeypot-fra-1 sshd[29820]: Received disconnect from 178.128.72.150 port 48770:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:56:01.321Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:56:49 honeypot-fra-1 sshd[29824]: Received disconnect from 178.128.72.150 port 48118:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T19:56:49.341Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 19:56:57 honeypot-ams-1 sshd[6467]: Disconnected from invalid user teste 92.255.85.70 port 57846 [preauth]","@timestamp":"2022-09-18T19:56:58.168Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:57:13 honeypot-fra-1 sshd[29828]: Disconnected from invalid user admin 178.128.72.150 port 33670 [preauth]","@timestamp":"2022-09-18T19:57:13.353Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 19:58:00 honeypot-fra-1 sshd[29832]: Disconnected from invalid user postgres 178.128.72.150 port 33008 [preauth]","@timestamp":"2022-09-18T19:58:01.372Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T19:58:46.978Z","@version":"1","message":"Sep 18 19:58:46 honeypot-sgp-1 sshd[31478]: Invalid user teste from 92.255.85.70 port 34050","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T19:59:38.000Z","@version":"1","message":"Sep 18 19:59:37 honeypot-sgp-1 sshd[31482]: Disconnected from authenticating user root 139.59.9.50 port 38408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:01:13 honeypot-fra-1 kernel: [84405679.573544] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=51.104.20.135 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=115 ID=42102 DF PROTO=TCP SPT=51460 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:01:13.452Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T20:03:20.093Z","@version":"1","message":"Sep 18 20:03:19 honeypot-sgp-1 kernel: [84407501.972430] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=36093 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:03:46 honeypot-ams-1 kernel: [84408005.614859] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=47347 PROTO=TCP SPT=51411 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:03:46.347Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:06:18 honeypot-ams-1 sshd[6476]: Received disconnect from 43.154.13.15 port 39468:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:06:18.418Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:08:20 honeypot-ams-1 sshd[6480]: Received disconnect from 188.166.176.236 port 38332:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:08:21.472Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:14:09 honeypot-ams-1 kernel: [84408629.413745] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.108 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=1948 PROTO=TCP SPT=44752 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:14:10.624Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:17:01 honeypot-fra-1 CRON[29849]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-18T20:17:01.801Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:17:02.414Z","@version":"1","message":"Sep 18 20:17:01 honeypot-sgp-1 CRON[31494]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:19:39 honeypot-fra-1 sshd[29859]: Received disconnect from 40.89.190.3 port 1024:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:19:39.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:20:58 honeypot-fra-1 sshd[29865]: Received disconnect from 103.25.208.148 port 44214:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:20:58.908Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:21:04 honeypot-ams-1 sshd[6492]: Disconnected from authenticating user root 209.141.37.157 port 35692 [preauth]","@timestamp":"2022-09-18T20:21:04.809Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:22:54 honeypot-fra-1 sshd[29871]: Invalid user miner from 190.129.60.125 port 34164","@timestamp":"2022-09-18T20:22:54.953Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:23:27.564Z","@version":"1","message":"Sep 18 20:23:27 honeypot-sgp-1 sshd[31507]: Received disconnect from 23.247.33.61 port 33524:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:24:02 honeypot-fra-1 sshd[29873]: Disconnected from invalid user musicbot1 165.227.123.61 port 47622 [preauth]","@timestamp":"2022-09-18T20:24:02.980Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:28:34 honeypot-fra-1 sshd[29880]: Disconnected from invalid user 1234 195.78.54.251 port 6397 [preauth]","@timestamp":"2022-09-18T20:28:35.106Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:35:25.840Z","@version":"1","message":"Sep 18 20:35:25 honeypot-sgp-1 kernel: [84409427.845471] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=120.48.123.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=19650 PROTO=TCP SPT=44740 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:39:08 honeypot-fra-1 sshd[29889]: Received disconnect from 92.255.85.69 port 41434:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:39:09.337Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T20:41:36.982Z","@version":"1","message":"Sep 18 20:41:36 honeypot-sgp-1 sshd[31535]: Disconnected from invalid user admin 92.255.85.70 port 33306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:41:38 honeypot-ams-1 sshd[6498]: Received disconnect from 121.126.7.30 port 62865:11: Bye Bye [preauth]","@timestamp":"2022-09-18T20:41:39.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 20:44:46 honeypot-fra-1 kernel: [84408292.337567] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=24535 PROTO=TCP SPT=53690 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:44:46.465Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:47:34 honeypot-ams-1 sshd[6501]: Disconnected from invalid user tpg 37.193.112.180 port 56272 [preauth]","@timestamp":"2022-09-18T20:47:35.511Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:51:54 honeypot-ams-1 sshd[6506]: Disconnected from invalid user ftpuser 178.128.72.150 port 54974 [preauth]","@timestamp":"2022-09-18T20:51:55.628Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:52:48 honeypot-ams-1 sshd[6511]: Received disconnect from 178.128.72.150 port 57158:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:52:49.656Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:53:42 honeypot-ams-1 sshd[6515]: Received disconnect from 178.128.72.150 port 59346:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:53:42.682Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:54:35 honeypot-ams-1 sshd[6519]: Received disconnect from 178.128.72.150 port 33314:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:54:35.708Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:55:27 honeypot-ams-1 sshd[6523]: Received disconnect from 178.128.72.150 port 35506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:55:27.734Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:56:19 honeypot-ams-1 sshd[6527]: Received disconnect from 178.128.72.150 port 37682:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T20:56:19.759Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 20:57:11 honeypot-ams-1 sshd[6531]: Invalid user postgres from 178.128.72.150 port 39856","@timestamp":"2022-09-18T20:57:11.786Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 20:58:53 honeypot-ams-1 kernel: [84411313.308198] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=120.202.35.9 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=26509 DF PROTO=TCP SPT=30863 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T20:58:53.835Z"}
{"@timestamp":"2022-09-18T21:00:49.420Z","@version":"1","message":"Sep 18 21:00:48 honeypot-sgp-1 sshd[31549]: Invalid user que from 137.116.144.39 port 38790","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:03:01 honeypot-fra-1 sshd[29923]: Received disconnect from 165.22.45.108 port 53444:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T21:03:01.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:04:09 honeypot-fra-1 sshd[29927]: Disconnected from invalid user user 159.203.85.196 port 46373 [preauth]","@timestamp":"2022-09-18T21:04:09.899Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:06:24.548Z","@version":"1","message":"Sep 18 21:06:23 honeypot-sgp-1 sshd[31554]: Received disconnect from 68.183.233.64 port 33232:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:06:57 honeypot-fra-1 sshd[29934]: Disconnected from authenticating user root 61.177.173.35 port 62979 [preauth]","@timestamp":"2022-09-18T21:06:57.965Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:07:38.579Z","@version":"1","message":"Sep 18 21:07:38 honeypot-sgp-1 kernel: [84411361.028071] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=54403 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:09:19 honeypot-ams-1 sshd[6539]: Disconnected from authenticating user root 116.206.152.242 port 37980 [preauth]","@timestamp":"2022-09-18T21:09:20.116Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:12:36 honeypot-fra-1 sshd[29945]: Received disconnect from 112.28.209.251 port 44098:11: Bye Bye [preauth]","@timestamp":"2022-09-18T21:12:37.091Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:12:54.704Z","@version":"1","message":"Sep 18 21:12:54 honeypot-sgp-1 sshd[31566]: Received disconnect from 176.102.38.42 port 60338:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:17:01 honeypot-ams-1 CRON[6544]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-18T21:17:02.325Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:17:22 honeypot-fra-1 sshd[29952]: Invalid user admin from 92.255.85.69 port 53476","@timestamp":"2022-09-18T21:17:23.200Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T21:17:49.822Z","@version":"1","message":"Sep 18 21:17:49 honeypot-sgp-1 sshd[31576]: Received disconnect from 61.177.172.124 port 31202:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:25:03.013Z","@version":"1","message":"Sep 18 21:25:02 honeypot-sgp-1 sshd[31587]: Received disconnect from 61.177.172.108 port 32355:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:26:23 honeypot-fra-1 sshd[29961]: Invalid user admin from 220.90.156.4 port 42891","@timestamp":"2022-09-18T21:26:23.399Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:26:43 honeypot-ams-1 sshd[6548]: Disconnected from invalid user admin 92.255.85.70 port 23276 [preauth]","@timestamp":"2022-09-18T21:26:43.578Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:29:14 honeypot-ams-1 kernel: [84413133.702186] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.77.209 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=57 ID=0 DF PROTO=TCP SPT=56857 DPT=389 WINDOW=8192 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:29:14.649Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:30:00 honeypot-fra-1 sshd[29968]: Disconnected from invalid user ari 195.158.21.214 port 41140 [preauth]","@timestamp":"2022-09-18T21:30:00.480Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:32:11 honeypot-ams-1 sshd[6557]: Connection closed by invalid user postgres 193.106.191.157 port 33010 [preauth]","@timestamp":"2022-09-18T21:32:12.733Z"}
{"@timestamp":"2022-09-18T21:32:17.178Z","@version":"1","message":"Sep 18 21:32:16 honeypot-sgp-1 sshd[31593]: Disconnected from authenticating user root 61.177.173.36 port 34898 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:33:10 honeypot-fra-1 kernel: [84411196.213817] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=55553 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:33:10.552Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:38:16 honeypot-fra-1 kernel: [84411502.189816] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=6166 PROTO=TCP SPT=56476 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:38:16.665Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T21:40:50.378Z","@version":"1","message":"Sep 18 21:40:49 honeypot-sgp-1 sshd[31600]: Did not receive identification string from 179.43.156.143 port 50166","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:42:13.412Z","@version":"1","message":"Sep 18 21:42:12 honeypot-sgp-1 sshd[31605]: Disconnected from authenticating user root 179.43.156.143 port 59110 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:43:18 honeypot-fra-1 kernel: [84411804.897215] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63662 PROTO=TCP SPT=54345 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:43:19.780Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T21:44:08.461Z","@version":"1","message":"Sep 18 21:44:07 honeypot-sgp-1 sshd[31614]: Received disconnect from 179.43.156.143 port 51684:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:45:23.492Z","@version":"1","message":"Sep 18 21:45:22 honeypot-sgp-1 sshd[31618]: Received disconnect from 179.43.156.143 port 46738:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:46:00.507Z","@version":"1","message":"Sep 18 21:46:00 honeypot-sgp-1 sshd[31622]: Received disconnect from 179.43.156.143 port 44272:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:47:16.539Z","@version":"1","message":"Sep 18 21:47:16 honeypot-sgp-1 sshd[31629]: Disconnected from authenticating user root 179.43.156.143 port 39306 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:48:35.577Z","@version":"1","message":"Sep 18 21:48:34 honeypot-sgp-1 sshd[31635]: Disconnected from invalid user git 179.43.156.143 port 34348 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:49:38.601Z","@version":"1","message":"Sep 18 21:49:37 honeypot-sgp-1 sshd[31642]: Disconnected from invalid user kamiya 159.65.11.5 port 47908 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:50:33.625Z","@version":"1","message":"Sep 18 21:50:32 honeypot-sgp-1 sshd[31646]: Disconnected from invalid user vagrant 179.43.156.143 port 55162 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:50:33 honeypot-fra-1 sshd[29991]: Disconnected from authenticating user root 61.177.173.47 port 34803 [preauth]","@timestamp":"2022-09-18T21:50:33.935Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 21:50:51 honeypot-ams-1 sshd[6566]: Invalid user RPM from 92.255.85.69 port 24312","@timestamp":"2022-09-18T21:50:52.220Z"}
{"@timestamp":"2022-09-18T21:51:13.644Z","@version":"1","message":"Sep 18 21:51:13 honeypot-sgp-1 sshd[31652]: Invalid user drcomadmin from 179.43.156.143 port 52682","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:52:33.677Z","@version":"1","message":"Sep 18 21:52:32 honeypot-sgp-1 sshd[31656]: Invalid user vyos from 179.43.156.143 port 47776","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:53:16.696Z","@version":"1","message":"Sep 18 21:53:16 honeypot-sgp-1 sshd[31660]: Received disconnect from 179.43.156.143 port 45282:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:53:59.715Z","@version":"1","message":"Sep 18 21:53:59 honeypot-sgp-1 sshd[31664]: Disconnected from authenticating user root 179.43.156.143 port 42798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:55:28.754Z","@version":"1","message":"Sep 18 21:55:28 honeypot-sgp-1 sshd[31671]: Disconnected from authenticating user root 179.43.156.143 port 37848 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 21:55:38 honeypot-ams-1 kernel: [84414717.873912] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=97.74.81.123 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6262 PROTO=TCP SPT=47683 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:55:39.346Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 21:56:31 honeypot-fra-1 kernel: [84412597.375091] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.71.133.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=248 ID=54321 PROTO=TCP SPT=53861 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T21:56:32.072Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T21:57:45.811Z","@version":"1","message":"Sep 18 21:57:45 honeypot-sgp-1 sshd[31679]: Invalid user centos from 179.43.156.143 port 58692","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T21:58:29.854Z","@version":"1","message":"Sep 18 21:58:28 honeypot-sgp-1 sshd[31683]: Disconnected from authenticating user root 179.43.156.143 port 56202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:00:46.910Z","@version":"1","message":"Sep 18 22:00:46 honeypot-sgp-1 sshd[31690]: Disconnected from authenticating user root 179.43.156.143 port 48786 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:02:03 honeypot-fra-1 sshd[30005]: error: maximum authentication attempts exceeded for root from 47.187.239.95 port 56603 ssh2 [preauth]","@timestamp":"2022-09-18T22:02:04.199Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:02:58.963Z","@version":"1","message":"Sep 18 22:02:58 honeypot-sgp-1 sshd[31696]: Invalid user jenkins from 179.43.156.143 port 41352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:11 honeypot-ams-1 sshd[6575]: Received disconnect from 45.61.186.169 port 51498:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T22:04:12.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:31 honeypot-ams-1 sshd[6579]: Received disconnect from 45.61.186.169 port 46714:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T22:04:31.583Z"}
{"@timestamp":"2022-09-18T22:04:33.002Z","@version":"1","message":"Sep 18 22:04:32 honeypot-sgp-1 sshd[31700]: Disconnected from authenticating user root 179.43.156.143 port 36432 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:04:47 honeypot-ams-1 sshd[6583]: Received disconnect from 45.61.186.169 port 41922:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T22:04:48.591Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:05:01 honeypot-ams-1 kernel: [84415280.828323] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.77.96.135 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=116 ID=44250 DF PROTO=TCP SPT=60443 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:05:01.598Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:05:22 honeypot-ams-1 kernel: [84415301.664353] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=32794 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:05:22.610Z"}
{"@timestamp":"2022-09-18T22:06:48.058Z","@version":"1","message":"Sep 18 22:06:47 honeypot-sgp-1 sshd[31707]: Disconnected from authenticating user root 179.43.156.143 port 57294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:08:15.094Z","@version":"1","message":"Sep 18 22:08:14 honeypot-sgp-1 sshd[31711]: Disconnected from invalid user sysgames 179.43.156.143 port 52284 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:08:56 honeypot-fra-1 sshd[30010]: Disconnected from invalid user support 92.255.85.70 port 60384 [preauth]","@timestamp":"2022-09-18T22:08:57.370Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:09:42.138Z","@version":"1","message":"Sep 18 22:09:41 honeypot-sgp-1 sshd[31715]: Disconnected from invalid user init 179.43.156.143 port 47386 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:15:50 honeypot-fra-1 sshd[30017]: Invalid user que from 137.116.144.39 port 55510","@timestamp":"2022-09-18T22:15:50.530Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:15:55.286Z","@version":"1","message":"Sep 18 22:15:54 honeypot-sgp-1 sshd[31722]: Invalid user admin from 94.200.206.6 port 47542","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:17:31 honeypot-ams-1 kernel: [84416031.019189] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.13.75.66 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=10402 PROTO=TCP SPT=10697 DPT=80 WINDOW=44920 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:17:31.927Z"}
{"@timestamp":"2022-09-18T22:20:05.384Z","@version":"1","message":"Sep 18 22:20:04 honeypot-sgp-1 sshd[31728]: Invalid user support from 92.255.85.70 port 23332","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:25:46 honeypot-fra-1 sshd[30023]: Invalid user craig2 from 203.129.220.82 port 55556","@timestamp":"2022-09-18T22:25:46.759Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:27:35 honeypot-fra-1 sshd[30028]: Received disconnect from 157.230.9.57 port 47768:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:27:35.804Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:30:48 honeypot-ams-1 sshd[6604]: Disconnected from authenticating user root 186.15.164.139 port 46866 [preauth]","@timestamp":"2022-09-18T22:30:49.277Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:31:48 honeypot-ams-1 sshd[6610]: Received disconnect from 192.116.113.246 port 39428:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:31:49.306Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 22:35:01 honeypot-ams-1 sshd[6616]: Connection closed by invalid user admin 14.63.59.146 port 39842 [preauth]","@timestamp":"2022-09-18T22:35:02.394Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30035]: Invalid user ubuntu from 185.209.179.41 port 57058","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30039]: Invalid user admin from 185.209.179.41 port 57116","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30035]: Connection closed by invalid user ubuntu 185.209.179.41 port 57058 [preauth]","@timestamp":"2022-09-18T22:36:14.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30045]: Connection closed by invalid user mysql 185.209.179.41 port 57118 [preauth]","@timestamp":"2022-09-18T22:36:14.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:13 honeypot-fra-1 sshd[30034]: Connection closed by invalid user esuser 185.209.179.41 port 57040 [preauth]","@timestamp":"2022-09-18T22:36:14.002Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30069]: Invalid user cloud from 185.209.179.41 port 57072","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30066]: Connection closed by invalid user ts3srv 185.209.179.41 port 57104 [preauth]","@timestamp":"2022-09-18T22:36:15.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:14 honeypot-fra-1 sshd[30067]: Connection closed by invalid user es 185.209.179.41 port 57098 [preauth]","@timestamp":"2022-09-18T22:36:15.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30086]: Invalid user esuser from 185.209.179.41 port 57066","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:36:16 honeypot-fra-1 sshd[30085]: Connection closed by invalid user mcsv 185.209.179.41 port 57048 [preauth]","@timestamp":"2022-09-18T22:36:17.004Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:39:24 honeypot-fra-1 sshd[30094]: Disconnected from invalid user testftp 195.19.4.22 port 61718 [preauth]","@timestamp":"2022-09-18T22:39:25.077Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:39:39.845Z","@version":"1","message":"Sep 18 22:39:38 honeypot-sgp-1 kernel: [84416881.237900] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=23770 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:43:00 honeypot-fra-1 sshd[30101]: Received disconnect from 92.255.85.70 port 25848:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:43:01.161Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-18T22:46:50.016Z","@version":"1","message":"Sep 18 22:46:49 honeypot-sgp-1 kernel: [84417312.268473] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=44875 DF PROTO=TCP SPT=57964 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:48:07 honeypot-ams-1 kernel: [84417867.275693] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=205.210.31.45 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=54401 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:48:08.733Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:49:01 honeypot-fra-1 kernel: [84415747.166164] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=36636 DF PROTO=TCP SPT=50908 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:49:01.295Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T22:51:16.126Z","@version":"1","message":"Sep 18 22:51:15 honeypot-sgp-1 kernel: [84417578.099621] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.88.48 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=36110 DF PROTO=TCP SPT=36320 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 22:54:37 honeypot-ams-1 kernel: [84418256.547294] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=196.191.194.114 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=55790 PROTO=TCP SPT=35674 DPT=80 WINDOW=56129 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T22:54:37.903Z"}
{"@timestamp":"2022-09-18T22:58:29.296Z","@version":"1","message":"Sep 18 22:58:28 honeypot-sgp-1 sshd[31742]: Received disconnect from 45.61.186.49 port 39804:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T22:58:38.300Z","@version":"1","message":"Sep 18 22:58:37 honeypot-sgp-1 sshd[31746]: Received disconnect from 45.61.186.49 port 51490:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 22:59:00 honeypot-fra-1 sshd[30108]: Received disconnect from 187.102.40.150 port 53352:11: Bye Bye [preauth]","@timestamp":"2022-09-18T22:59:00.520Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:01:18 honeypot-ams-1 kernel: [84418658.107579] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=138.68.250.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=30538 PROTO=TCP SPT=42077 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:01:19.082Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:02:21 honeypot-fra-1 sshd[30113]: ssh_dispatch_run_fatal: Connection from 136.52.13.251 port 36454: Connection corrupted [preauth]","@timestamp":"2022-09-18T23:02:21.600Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:06:04 honeypot-ams-1 sshd[6646]: Invalid user down from 51.15.204.199 port 55737","@timestamp":"2022-09-18T23:06:05.207Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:06:14 honeypot-fra-1 kernel: [84416779.872334] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=89.248.165.75 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=10497 PROTO=TCP SPT=42050 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:06:14.693Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-18T23:10:14.593Z","@version":"1","message":"Sep 18 23:10:14 honeypot-sgp-1 kernel: [84418716.726809] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=58362 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:12:39 honeypot-fra-1 sshd[30122]: Received disconnect from 92.255.85.70 port 18004:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:12:39.840Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:14:03 honeypot-ams-1 kernel: [84419423.067217] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=143.159.103.32 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=56 ID=41044 PROTO=TCP SPT=18616 DPT=80 WINDOW=53552 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:14:04.415Z"}
{"@timestamp":"2022-09-18T23:14:07.689Z","@version":"1","message":"Sep 18 23:14:06 honeypot-sgp-1 sshd[31754]: Disconnected from invalid user gnl 142.93.116.249 port 39366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:15:01.712Z","@version":"1","message":"Sep 18 23:15:01 honeypot-sgp-1 sshd[31759]: Disconnected from invalid user blake 43.154.7.110 port 55834 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:17:40.777Z","@version":"1","message":"Sep 18 23:17:40 honeypot-sgp-1 sshd[31766]: Received disconnect from 201.14.44.230 port 57442:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:19:47 honeypot-ams-1 sshd[6657]: Received disconnect from 92.255.85.69 port 63212:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:19:47.562Z"}
{"@timestamp":"2022-09-18T23:23:06.910Z","@version":"1","message":"Sep 18 23:23:06 honeypot-sgp-1 kernel: [84419489.219367] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5312 PROTO=TCP SPT=41500 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:15 honeypot-ams-1 sshd[6661]: Received disconnect from 45.61.184.204 port 51876:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-18T23:28:15.782Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:28:31 honeypot-fra-1 sshd[30132]: Disconnected from authenticating user root 218.56.165.214 port 44604 [preauth]","@timestamp":"2022-09-18T23:28:32.191Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:33 honeypot-ams-1 sshd[6665]: Invalid user user from 45.61.184.204 port 46172","@timestamp":"2022-09-18T23:28:33.793Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:28:51 honeypot-ams-1 sshd[6669]: Invalid user user from 45.61.184.204 port 40472","@timestamp":"2022-09-18T23:28:51.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:29:06 honeypot-ams-1 sshd[6673]: Invalid user user from 45.61.184.204 port 34756","@timestamp":"2022-09-18T23:29:07.812Z"}
{"@timestamp":"2022-09-18T23:36:30.222Z","@version":"1","message":"Sep 18 23:36:29 honeypot-sgp-1 sshd[31781]: Did not receive identification string from 43.153.10.221 port 50752","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:38:32 honeypot-fra-1 sshd[30139]: Invalid user admin from 92.255.85.70 port 61058","@timestamp":"2022-09-18T23:38:32.415Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:40:04 honeypot-ams-1 sshd[6679]: Invalid user wlse from 218.248.16.73 port 50320","@timestamp":"2022-09-18T23:40:05.117Z"}
{"@timestamp":"2022-09-18T23:41:30.336Z","@version":"1","message":"Sep 18 23:41:29 honeypot-sgp-1 sshd[31786]: Disconnected from invalid user admin 92.255.85.70 port 44692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:42:05 honeypot-fra-1 sshd[30141]: Invalid user postgres from 193.106.191.157 port 47344","@timestamp":"2022-09-18T23:42:05.497Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:43:33 honeypot-fra-1 kernel: [84419019.000330] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=5085 PROTO=TCP SPT=40376 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:43:33.534Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:43:41 honeypot-ams-1 sshd[6683]: Disconnected from authenticating user root 165.227.236.118 port 36654 [preauth]","@timestamp":"2022-09-18T23:43:42.211Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:46:36 honeypot-ams-1 sshd[6690]: Received disconnect from 83.41.7.44 port 56910:11: Bye Bye [preauth]","@timestamp":"2022-09-18T23:46:37.293Z"}
{"@timestamp":"2022-09-18T23:47:45.483Z","@version":"1","message":"Sep 18 23:47:45 honeypot-sgp-1 sshd[31795]: Invalid user dev from 14.225.198.182 port 43010","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 18 23:47:57 honeypot-fra-1 sshd[30150]: Bad protocol version identification 'GET / HTTP/1.1' from 161.35.86.181 port 49244","@timestamp":"2022-09-18T23:47:58.637Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:49:51 honeypot-ams-1 sshd[6695]: Invalid user user from 45.61.184.204 port 38626","@timestamp":"2022-09-18T23:49:52.382Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:10 honeypot-ams-1 sshd[6699]: Invalid user user from 45.61.184.204 port 33164","@timestamp":"2022-09-18T23:50:11.394Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:28 honeypot-ams-1 sshd[6703]: Invalid user user from 45.61.184.204 port 55948","@timestamp":"2022-09-18T23:50:29.403Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 18 23:50:44 honeypot-ams-1 sshd[6707]: Invalid user user from 45.61.184.204 port 50488","@timestamp":"2022-09-18T23:50:45.412Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 18 23:52:12 honeypot-ams-1 kernel: [84421712.206202] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=41650 PROTO=TCP SPT=41835 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-18T23:52:13.452Z"}
{"@timestamp":"2022-09-18T23:52:45.600Z","@version":"1","message":"Sep 18 23:52:45 honeypot-sgp-1 kernel: [84421267.881720] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=134.122.112.12 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=0 PROTO=TCP SPT=25574 DPT=443 WINDOW=0 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-18T23:58:33.757Z","@version":"1","message":"Sep 18 23:58:33 honeypot-sgp-1 sshd[31803]: Disconnected from invalid user oracle 202.165.17.131 port 56874 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:00:38 honeypot-fra-1 sshd[30175]: Connection closed by 71.6.199.23 port 58526 [preauth]","@timestamp":"2022-09-19T00:00:38.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T00:02:34.852Z","@version":"1","message":"Sep 19 00:02:34 honeypot-sgp-1 sshd[31823]: Disconnected from invalid user maduro 139.59.251.146 port 38704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:24.874Z","@version":"1","message":"Sep 19 00:03:24 honeypot-sgp-1 sshd[31830]: Received disconnect from 103.147.5.1 port 53992:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:03:55.888Z","@version":"1","message":"Sep 19 00:03:55 honeypot-sgp-1 sshd[31834]: Disconnected from authenticating user root 207.154.223.103 port 44258 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:04:45.912Z","@version":"1","message":"Sep 19 00:04:45 honeypot-sgp-1 sshd[31840]: Disconnected from authenticating user root 178.128.35.197 port 56554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:06.922Z","@version":"1","message":"Sep 19 00:05:06 honeypot-sgp-1 sshd[31844]: Disconnected from invalid user uftp 157.230.47.241 port 57938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:05:59.965Z","@version":"1","message":"Sep 19 00:05:59 honeypot-sgp-1 sshd[31850]: Invalid user cassiopeia from 128.199.249.246 port 36036","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:06:10 honeypot-fra-1 kernel: [84420375.844546] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.168.205.104 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=61472 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:06:11.045Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T00:07:14.997Z","@version":"1","message":"Sep 19 00:07:14 honeypot-sgp-1 sshd[31854]: Invalid user qy from 20.187.78.220 port 42062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:07:32.006Z","@version":"1","message":"Sep 19 00:07:31 honeypot-sgp-1 sshd[31858]: Received disconnect from 35.209.160.244 port 56408:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:08:01.020Z","@version":"1","message":"Sep 19 00:08:00 honeypot-sgp-1 sshd[31862]: Invalid user hadoop from 64.227.190.199 port 37014","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:08:02 honeypot-ams-1 sshd[6733]: Received disconnect from 177.22.35.126 port 49924:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:08:02.878Z"}
{"@timestamp":"2022-09-19T00:08:14.026Z","@version":"1","message":"Sep 19 00:08:13 honeypot-sgp-1 sshd[31866]: Invalid user hadoop from 192.227.166.144 port 35366","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:09:27.057Z","@version":"1","message":"Sep 19 00:09:26 honeypot-sgp-1 sshd[31871]: Received disconnect from 143.110.177.216 port 55822:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:14:47.182Z","@version":"1","message":"Sep 19 00:14:47 honeypot-sgp-1 sshd[31878]: Invalid user admin from 165.232.158.22 port 36444","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:14:51.186Z","@version":"1","message":"Sep 19 00:14:50 honeypot-sgp-1 sshd[31884]: Invalid user admin from 165.232.158.22 port 43634","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:16:14 honeypot-fra-1 sshd[30188]: Invalid user liumy from 165.22.45.108 port 36664","@timestamp":"2022-09-19T00:16:15.273Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:19:16 honeypot-ams-1 sshd[6739]: Received disconnect from 92.255.85.70 port 50558:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:19:17.196Z"}
{"@timestamp":"2022-09-19T00:20:18.316Z","@version":"1","message":"Sep 19 00:20:18 honeypot-sgp-1 sshd[31890]: Invalid user Administrator from 92.255.85.70 port 50246","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:24:28 honeypot-ams-1 sshd[6742]: Disconnected from invalid user admin 188.117.226.212 port 60884 [preauth]","@timestamp":"2022-09-19T00:24:29.338Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:27:02 honeypot-fra-1 kernel: [84421628.587107] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=157.245.176.143 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=8648 DF PROTO=TCP SPT=51546 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T00:27:03.516Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T00:29:47.533Z","@version":"1","message":"Sep 19 00:29:46 honeypot-sgp-1 sshd[31895]: Disconnected from invalid user pentakill 97.74.83.174 port 46938 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T00:35:15.663Z","@version":"1","message":"Sep 19 00:35:15 honeypot-sgp-1 kernel: [84423817.528933] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=34891 PROTO=TCP SPT=42301 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:36:22 honeypot-fra-1 sshd[30197]: Received disconnect from 143.198.154.97 port 39868:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:36:22.729Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:39:41 honeypot-ams-1 sshd[6748]: Disconnected from authenticating user root 139.59.224.111 port 50178 [preauth]","@timestamp":"2022-09-19T00:39:41.738Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:48:05 honeypot-ams-1 sshd[6753]: Received disconnect from 139.59.122.125 port 34802:11: Bye Bye [preauth]","@timestamp":"2022-09-19T00:48:05.965Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 00:48:45 honeypot-fra-1 sshd[30205]: Unable to negotiate with 190.124.32.18 port 64517: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-19T00:48:46.004Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:55:28 honeypot-ams-1 sshd[6758]: Did not receive identification string from 218.57.73.174 port 55334","@timestamp":"2022-09-19T00:55:28.162Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 00:56:29 honeypot-ams-1 sshd[6761]: Disconnected from invalid user comercial 188.157.24.174 port 60910 [preauth]","@timestamp":"2022-09-19T00:56:30.191Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6775]: Invalid user oracle from 195.19.96.168 port 59142","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6773]: Connection closed by invalid user user 195.19.96.168 port 59140 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6772]: Connection closed by invalid user es 195.19.96.168 port 59074 [preauth]","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6785]: Invalid user admin from 195.19.96.168 port 59048","@timestamp":"2022-09-19T01:00:24.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6793]: Connection closed by authenticating user root 195.19.96.168 port 59118 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6784]: Connection closed by authenticating user root 195.19.96.168 port 59030 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6780]: Connection closed by invalid user devops 195.19.96.168 port 59070 [preauth]","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:24 honeypot-ams-1 sshd[6817]: Invalid user admin from 195.19.96.168 port 59042","@timestamp":"2022-09-19T01:00:25.297Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:00:42 honeypot-ams-1 sshd[6824]: Received disconnect from 63.41.9.210 port 54263:11: Bye Bye [preauth]","@timestamp":"2022-09-19T01:00:43.306Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:04:55 honeypot-fra-1 kernel: [84423901.015833] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56257 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:04:56.366Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:07:06.402Z","@version":"1","message":"Sep 19 01:07:05 honeypot-sgp-1 kernel: [84425727.825661] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=28936 PROTO=TCP SPT=56430 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:07:47.419Z","@version":"1","message":"Sep 19 01:07:46 honeypot-sgp-1 sshd[31915]: Disconnected from invalid user mapr 165.232.172.31 port 56996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T01:14:47.581Z","@version":"1","message":"Sep 19 01:14:46 honeypot-sgp-1 kernel: [84426188.797630] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=52.53.208.179 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=31365 PROTO=TCP SPT=50086 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:15:07 honeypot-fra-1 kernel: [84424512.958640] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.254.237.115 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=36456 DF PROTO=TCP SPT=25609 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:15:07.592Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:17:01 honeypot-ams-1 CRON[6830]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T01:17:02.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:17:10 honeypot-fra-1 sshd[30218]: Disconnected from invalid user usuario 92.255.85.70 port 30960 [preauth]","@timestamp":"2022-09-19T01:17:10.641Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:18:09 honeypot-ams-1 sshd[6835]: Received disconnect from 178.154.205.230 port 48932:11: Bye Bye [preauth]","@timestamp":"2022-09-19T01:18:09.767Z"}
{"@timestamp":"2022-09-19T01:18:36.672Z","@version":"1","message":"Sep 19 01:18:36 honeypot-sgp-1 sshd[31925]: Disconnected from invalid user usuario 92.255.85.69 port 52042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:24:46 honeypot-ams-1 sshd[6840]: Invalid user usuario from 92.255.85.69 port 23450","@timestamp":"2022-09-19T01:24:46.962Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:28:08 honeypot-fra-1 sshd[30222]: Disconnected from invalid user dante 112.186.86.93 port 57800 [preauth]","@timestamp":"2022-09-19T01:28:08.924Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:35:49 honeypot-ams-1 sshd[6844]: Connection closed by invalid user ftp 193.106.191.157 port 48620 [preauth]","@timestamp":"2022-09-19T01:35:50.254Z"}
{"@timestamp":"2022-09-19T01:38:27.166Z","@version":"1","message":"Sep 19 01:38:27 honeypot-sgp-1 kernel: [84427609.350577] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.167.97.229 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=57401 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:45:25 honeypot-fra-1 kernel: [84426331.494441] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=175.107.203.41 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=2546 DF PROTO=TCP SPT=61971 DPT=3389 WINDOW=8192 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T01:45:26.312Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:49:25.422Z","@version":"1","message":"Sep 19 01:49:24 honeypot-sgp-1 kernel: [84428267.159164] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=46546 PROTO=TCP SPT=51737 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 01:53:23 honeypot-ams-1 sshd[6850]: Invalid user Administrator from 92.255.85.69 port 32360","@timestamp":"2022-09-19T01:53:23.713Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 01:55:14 honeypot-fra-1 kernel: [84426920.207422] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.204.132.65 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=42501 PROTO=TCP SPT=50014 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T01:55:15.532Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T01:56:30.591Z","@version":"1","message":"Sep 19 01:56:29 honeypot-sgp-1 sshd[32378]: Disconnected from authenticating user root 64.225.100.84 port 35346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:46 honeypot-fra-1 sshd[30679]: Connection closed by authenticating user root 103.241.181.174 port 46402 [preauth]","@timestamp":"2022-09-19T02:03:47.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:53 honeypot-fra-1 sshd[30691]: Connection closed by authenticating user root 103.241.181.174 port 47500 [preauth]","@timestamp":"2022-09-19T02:03:53.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:03:59 honeypot-fra-1 sshd[30703]: Connection closed by authenticating user root 103.241.181.174 port 48556 [preauth]","@timestamp":"2022-09-19T02:03:59.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:05 honeypot-fra-1 sshd[30715]: Connection closed by authenticating user root 103.241.181.174 port 49610 [preauth]","@timestamp":"2022-09-19T02:04:05.738Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:11 honeypot-fra-1 sshd[30727]: Connection closed by authenticating user root 103.241.181.174 port 50664 [preauth]","@timestamp":"2022-09-19T02:04:11.741Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:17 honeypot-fra-1 sshd[30739]: Connection closed by authenticating user root 103.241.181.174 port 51738 [preauth]","@timestamp":"2022-09-19T02:04:17.745Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:24 honeypot-fra-1 sshd[30753]: Connection closed by authenticating user root 103.241.181.174 port 52850 [preauth]","@timestamp":"2022-09-19T02:04:24.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:28 honeypot-fra-1 sshd[30764]: Connection closed by authenticating user root 103.241.181.174 port 53614 [preauth]","@timestamp":"2022-09-19T02:04:29.752Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:34 honeypot-fra-1 sshd[30776]: Connection closed by authenticating user root 103.241.181.174 port 54692 [preauth]","@timestamp":"2022-09-19T02:04:35.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:40 honeypot-fra-1 sshd[30788]: Connection closed by authenticating user root 103.241.181.174 port 55674 [preauth]","@timestamp":"2022-09-19T02:04:41.760Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:46 honeypot-fra-1 sshd[30800]: Connection closed by authenticating user root 103.241.181.174 port 56754 [preauth]","@timestamp":"2022-09-19T02:04:47.764Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:52 honeypot-fra-1 sshd[30812]: Connection closed by authenticating user root 103.241.181.174 port 57814 [preauth]","@timestamp":"2022-09-19T02:04:53.768Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:04:59 honeypot-fra-1 sshd[30824]: Connection closed by authenticating user root 103.241.181.174 port 58812 [preauth]","@timestamp":"2022-09-19T02:04:59.771Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:05 honeypot-fra-1 sshd[30837]: Connection closed by authenticating user root 103.241.181.174 port 59890 [preauth]","@timestamp":"2022-09-19T02:05:05.776Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:10 honeypot-fra-1 sshd[30847]: Invalid user user from 103.241.181.174 port 60832","@timestamp":"2022-09-19T02:05:10.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:13 honeypot-fra-1 sshd[30853]: Invalid user user from 103.241.181.174 port 33136","@timestamp":"2022-09-19T02:05:13.781Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:16 honeypot-fra-1 sshd[30859]: Invalid user user from 103.241.181.174 port 33662","@timestamp":"2022-09-19T02:05:16.783Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:19 honeypot-fra-1 sshd[30865]: Invalid user user from 103.241.181.174 port 34184","@timestamp":"2022-09-19T02:05:20.787Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:22 honeypot-fra-1 sshd[30871]: Invalid user user from 103.241.181.174 port 34734","@timestamp":"2022-09-19T02:05:23.789Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:25 honeypot-fra-1 sshd[30877]: Invalid user user from 103.241.181.174 port 35254","@timestamp":"2022-09-19T02:05:25.790Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:28 honeypot-fra-1 sshd[30883]: Invalid user user from 103.241.181.174 port 35740","@timestamp":"2022-09-19T02:05:28.792Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:31 honeypot-fra-1 sshd[30889]: Invalid user user from 103.241.181.174 port 36236","@timestamp":"2022-09-19T02:05:31.794Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:34 honeypot-fra-1 sshd[30895]: Invalid user user from 103.241.181.174 port 36806","@timestamp":"2022-09-19T02:05:34.797Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:37 honeypot-fra-1 sshd[30901]: Invalid user user from 103.241.181.174 port 37326","@timestamp":"2022-09-19T02:05:37.798Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:40 honeypot-fra-1 sshd[30907]: Invalid user user from 103.241.181.174 port 37808","@timestamp":"2022-09-19T02:05:40.800Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:43 honeypot-fra-1 sshd[30913]: Invalid user user from 103.241.181.174 port 38376","@timestamp":"2022-09-19T02:05:43.802Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:46 honeypot-fra-1 sshd[30919]: Invalid user user from 103.241.181.174 port 38872","@timestamp":"2022-09-19T02:05:46.804Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:49 honeypot-fra-1 sshd[30925]: Invalid user user from 103.241.181.174 port 39366","@timestamp":"2022-09-19T02:05:49.806Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:52 honeypot-fra-1 sshd[30931]: Invalid user user from 103.241.181.174 port 39904","@timestamp":"2022-09-19T02:05:52.808Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:55 honeypot-fra-1 sshd[30937]: Invalid user user from 103.241.181.174 port 40454","@timestamp":"2022-09-19T02:05:55.810Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:05:58 honeypot-fra-1 sshd[30943]: Invalid user user from 103.241.181.174 port 40938","@timestamp":"2022-09-19T02:05:58.812Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:01 honeypot-fra-1 sshd[30949]: Invalid user user from 103.241.181.174 port 41418","@timestamp":"2022-09-19T02:06:01.813Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:04 honeypot-fra-1 sshd[30955]: Invalid user user from 103.241.181.174 port 42076","@timestamp":"2022-09-19T02:06:05.817Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:08 honeypot-fra-1 sshd[30961]: Invalid user user from 103.241.181.174 port 42622","@timestamp":"2022-09-19T02:06:08.819Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:11 honeypot-fra-1 sshd[30967]: Invalid user user from 103.241.181.174 port 43232","@timestamp":"2022-09-19T02:06:11.820Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:14 honeypot-fra-1 sshd[30973]: Invalid user user from 103.241.181.174 port 43778","@timestamp":"2022-09-19T02:06:14.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:17 honeypot-fra-1 sshd[30979]: Invalid user user from 103.241.181.174 port 44280","@timestamp":"2022-09-19T02:06:18.826Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:20 honeypot-fra-1 sshd[30985]: Invalid user user from 103.241.181.174 port 44778","@timestamp":"2022-09-19T02:06:21.828Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:23 honeypot-fra-1 sshd[30991]: Invalid user user from 103.241.181.174 port 45314","@timestamp":"2022-09-19T02:06:24.830Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:27 honeypot-fra-1 sshd[30997]: Invalid user user from 103.241.181.174 port 45866","@timestamp":"2022-09-19T02:06:27.832Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:30 honeypot-fra-1 sshd[31003]: Invalid user user from 103.241.181.174 port 46424","@timestamp":"2022-09-19T02:06:30.833Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:33 honeypot-fra-1 sshd[31009]: Invalid user ubuntu from 103.241.181.174 port 47016","@timestamp":"2022-09-19T02:06:33.837Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:36 honeypot-fra-1 sshd[31015]: Invalid user ubuntu from 103.241.181.174 port 47510","@timestamp":"2022-09-19T02:06:36.838Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:39 honeypot-fra-1 sshd[31021]: Invalid user ubuntu from 103.241.181.174 port 47956","@timestamp":"2022-09-19T02:06:39.840Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:42 honeypot-fra-1 sshd[31027]: Invalid user ubuntu from 103.241.181.174 port 48510","@timestamp":"2022-09-19T02:06:42.842Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:45 honeypot-fra-1 sshd[31033]: Invalid user ubuntu from 103.241.181.174 port 49076","@timestamp":"2022-09-19T02:06:45.844Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:48 honeypot-fra-1 sshd[31039]: Invalid user ubuntu from 103.241.181.174 port 49550","@timestamp":"2022-09-19T02:06:48.847Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:51 honeypot-fra-1 sshd[31045]: Invalid user ubuntu from 103.241.181.174 port 50060","@timestamp":"2022-09-19T02:06:51.848Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:54 honeypot-fra-1 sshd[31051]: Invalid user ubuntu from 103.241.181.174 port 50622","@timestamp":"2022-09-19T02:06:54.850Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:06:57 honeypot-fra-1 sshd[31057]: Invalid user ubuntu from 103.241.181.174 port 51160","@timestamp":"2022-09-19T02:06:57.852Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:00 honeypot-fra-1 sshd[31063]: Invalid user ubuntu from 103.241.181.174 port 51628","@timestamp":"2022-09-19T02:07:00.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:03 honeypot-fra-1 sshd[31069]: Invalid user ubuntu from 103.241.181.174 port 52218","@timestamp":"2022-09-19T02:07:04.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:07 honeypot-fra-1 sshd[31075]: Invalid user ubuntu from 103.241.181.174 port 52774","@timestamp":"2022-09-19T02:07:07.859Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:09 honeypot-fra-1 sshd[31081]: Invalid user ubuntu from 103.241.181.174 port 53316","@timestamp":"2022-09-19T02:07:10.861Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:13 honeypot-fra-1 sshd[31087]: Invalid user ubuntu from 103.241.181.174 port 53842","@timestamp":"2022-09-19T02:07:13.863Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:16 honeypot-fra-1 sshd[31093]: Invalid user ubuntu from 103.241.181.174 port 54448","@timestamp":"2022-09-19T02:07:16.865Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:19 honeypot-fra-1 sshd[31101]: Invalid user ubuntu from 103.241.181.174 port 55142","@timestamp":"2022-09-19T02:07:19.868Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:22 honeypot-fra-1 sshd[31107]: Invalid user ubuntu from 103.241.181.174 port 55780","@timestamp":"2022-09-19T02:07:22.870Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:25 honeypot-fra-1 sshd[31113]: Invalid user ubuntu from 103.241.181.174 port 56452","@timestamp":"2022-09-19T02:07:25.872Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:27 honeypot-fra-1 sshd[31117]: Connection closed by invalid user ubuntu 103.241.181.174 port 56970 [preauth]","@timestamp":"2022-09-19T02:07:27.873Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:30 honeypot-fra-1 sshd[31123]: Connection closed by invalid user ubuntu 103.241.181.174 port 57600 [preauth]","@timestamp":"2022-09-19T02:07:31.875Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:34 honeypot-fra-1 sshd[31129]: Connection closed by invalid user ubuntu 103.241.181.174 port 58300 [preauth]","@timestamp":"2022-09-19T02:07:34.878Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:37 honeypot-fra-1 sshd[31135]: Connection closed by invalid user ubuntu 103.241.181.174 port 59038 [preauth]","@timestamp":"2022-09-19T02:07:37.880Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:40 honeypot-fra-1 sshd[31141]: Connection closed by invalid user ubuntu 103.241.181.174 port 59586 [preauth]","@timestamp":"2022-09-19T02:07:40.882Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:43 honeypot-fra-1 sshd[31147]: Connection closed by invalid user ubuntu 103.241.181.174 port 60176 [preauth]","@timestamp":"2022-09-19T02:07:43.884Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:46 honeypot-fra-1 sshd[31153]: Connection closed by invalid user ubuntu 103.241.181.174 port 60704 [preauth]","@timestamp":"2022-09-19T02:07:46.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:49 honeypot-fra-1 sshd[31159]: Connection closed by invalid user ubuntu 103.241.181.174 port 32990 [preauth]","@timestamp":"2022-09-19T02:07:49.889Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:52 honeypot-fra-1 sshd[31165]: Connection closed by invalid user ubuntu 103.241.181.174 port 33570 [preauth]","@timestamp":"2022-09-19T02:07:52.890Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:55 honeypot-fra-1 sshd[31171]: Connection closed by invalid user ubuntu 103.241.181.174 port 34122 [preauth]","@timestamp":"2022-09-19T02:07:55.892Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:07:58 honeypot-fra-1 sshd[31177]: Connection closed by invalid user debian 103.241.181.174 port 34722 [preauth]","@timestamp":"2022-09-19T02:07:59.894Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:02 honeypot-fra-1 sshd[31183]: Connection closed by invalid user debian 103.241.181.174 port 35248 [preauth]","@timestamp":"2022-09-19T02:08:02.897Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:05 honeypot-fra-1 sshd[31189]: Connection closed by invalid user debian 103.241.181.174 port 35846 [preauth]","@timestamp":"2022-09-19T02:08:05.899Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:08 honeypot-fra-1 sshd[31195]: Connection closed by invalid user debian 103.241.181.174 port 36450 [preauth]","@timestamp":"2022-09-19T02:08:08.901Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:08:08.872Z","@version":"1","message":"Sep 19 02:08:08 honeypot-sgp-1 sshd[32387]: Connection closed by 192.241.220.57 port 32796 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:11 honeypot-fra-1 sshd[31201]: Connection closed by invalid user debian 103.241.181.174 port 36988 [preauth]","@timestamp":"2022-09-19T02:08:11.903Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:14 honeypot-fra-1 sshd[31207]: Connection closed by invalid user debian 103.241.181.174 port 37602 [preauth]","@timestamp":"2022-09-19T02:08:14.904Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:18 honeypot-fra-1 sshd[31213]: Connection closed by invalid user debian 103.241.181.174 port 38240 [preauth]","@timestamp":"2022-09-19T02:08:18.908Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:20 honeypot-fra-1 sshd[31219]: Connection closed by invalid user debian 103.241.181.174 port 38712 [preauth]","@timestamp":"2022-09-19T02:08:21.909Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:24 honeypot-fra-1 sshd[31225]: Connection closed by invalid user debian 103.241.181.174 port 39286 [preauth]","@timestamp":"2022-09-19T02:08:24.911Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:08:26 honeypot-ams-1 sshd[6853]: Did not receive identification string from 118.193.59.59 port 59684","@timestamp":"2022-09-19T02:08:27.111Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:27 honeypot-fra-1 sshd[31231]: Connection closed by invalid user debian 103.241.181.174 port 39918 [preauth]","@timestamp":"2022-09-19T02:08:27.913Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:30 honeypot-fra-1 sshd[31237]: Connection closed by invalid user debian 103.241.181.174 port 40484 [preauth]","@timestamp":"2022-09-19T02:08:30.915Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:33 honeypot-fra-1 sshd[31244]: Connection closed by invalid user debian 103.241.181.174 port 41110 [preauth]","@timestamp":"2022-09-19T02:08:33.918Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:37 honeypot-fra-1 sshd[31250]: Connection closed by invalid user debian 103.241.181.174 port 41684 [preauth]","@timestamp":"2022-09-19T02:08:37.920Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:40 honeypot-fra-1 sshd[31256]: Connection closed by invalid user debian 103.241.181.174 port 42260 [preauth]","@timestamp":"2022-09-19T02:08:40.922Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:43 honeypot-fra-1 sshd[31262]: Connection closed by invalid user debian 103.241.181.174 port 42810 [preauth]","@timestamp":"2022-09-19T02:08:43.924Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:46 honeypot-fra-1 sshd[31268]: Connection closed by invalid user debian 103.241.181.174 port 43354 [preauth]","@timestamp":"2022-09-19T02:08:46.926Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:49 honeypot-fra-1 sshd[31274]: Connection closed by invalid user debian 103.241.181.174 port 43928 [preauth]","@timestamp":"2022-09-19T02:08:49.928Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:52 honeypot-fra-1 sshd[31280]: Connection closed by invalid user debian 103.241.181.174 port 44530 [preauth]","@timestamp":"2022-09-19T02:08:52.930Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:55 honeypot-fra-1 sshd[31286]: Connection closed by invalid user debian 103.241.181.174 port 45066 [preauth]","@timestamp":"2022-09-19T02:08:55.932Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:08:58 honeypot-fra-1 sshd[31292]: Connection closed by invalid user debian 103.241.181.174 port 45594 [preauth]","@timestamp":"2022-09-19T02:08:58.934Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:02 honeypot-fra-1 sshd[31298]: Connection closed by invalid user debian 103.241.181.174 port 46206 [preauth]","@timestamp":"2022-09-19T02:09:02.937Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:05 honeypot-fra-1 sshd[31304]: Connection closed by invalid user debian 103.241.181.174 port 46820 [preauth]","@timestamp":"2022-09-19T02:09:05.939Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:08 honeypot-fra-1 sshd[31310]: Connection closed by invalid user debian 103.241.181.174 port 47358 [preauth]","@timestamp":"2022-09-19T02:09:08.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:11 honeypot-fra-1 sshd[31316]: Connection closed by invalid user debian 103.241.181.174 port 48002 [preauth]","@timestamp":"2022-09-19T02:09:11.943Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:15 honeypot-fra-1 sshd[31322]: Connection closed by invalid user debian 103.241.181.174 port 48530 [preauth]","@timestamp":"2022-09-19T02:09:15.945Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:18 honeypot-fra-1 sshd[31328]: Connection closed by invalid user debian 103.241.181.174 port 49102 [preauth]","@timestamp":"2022-09-19T02:09:18.948Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:21 honeypot-fra-1 sshd[31334]: Connection closed by invalid user debian 103.241.181.174 port 49742 [preauth]","@timestamp":"2022-09-19T02:09:21.950Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:25 honeypot-fra-1 sshd[31340]: Connection closed by invalid user admin 103.241.181.174 port 50264 [preauth]","@timestamp":"2022-09-19T02:09:25.952Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:28 honeypot-fra-1 sshd[31346]: Connection closed by invalid user admin 103.241.181.174 port 50866 [preauth]","@timestamp":"2022-09-19T02:09:28.954Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:30 honeypot-fra-1 sshd[31352]: Disconnected from authenticating user root 178.128.238.19 port 55916 [preauth]","@timestamp":"2022-09-19T02:09:30.955Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:33 honeypot-fra-1 sshd[31358]: Connection closed by invalid user admin 103.241.181.174 port 51768 [preauth]","@timestamp":"2022-09-19T02:09:33.958Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:35 honeypot-fra-1 sshd[31364]: Connection closed by invalid user admin 103.241.181.174 port 52266 [preauth]","@timestamp":"2022-09-19T02:09:35.959Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:39 honeypot-fra-1 sshd[31370]: Connection closed by invalid user admin 103.241.181.174 port 52846 [preauth]","@timestamp":"2022-09-19T02:09:39.961Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:42 honeypot-fra-1 sshd[31376]: Connection closed by invalid user admin 103.241.181.174 port 53424 [preauth]","@timestamp":"2022-09-19T02:09:42.964Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:45 honeypot-fra-1 sshd[31382]: Connection closed by invalid user admin 103.241.181.174 port 53932 [preauth]","@timestamp":"2022-09-19T02:09:45.965Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:48 honeypot-fra-1 sshd[31388]: Connection closed by invalid user admin 103.241.181.174 port 54466 [preauth]","@timestamp":"2022-09-19T02:09:48.969Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:51 honeypot-fra-1 sshd[31396]: Received disconnect from 92.255.85.69 port 33964:11: Bye Bye [preauth]","@timestamp":"2022-09-19T02:09:51.970Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:53 honeypot-fra-1 sshd[31400]: Invalid user admin from 103.241.181.174 port 55412","@timestamp":"2022-09-19T02:09:54.972Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:09:57 honeypot-fra-1 sshd[31406]: Invalid user admin from 103.241.181.174 port 55958","@timestamp":"2022-09-19T02:09:57.974Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:00 honeypot-fra-1 sshd[31413]: Invalid user admin from 103.241.181.174 port 56580","@timestamp":"2022-09-19T02:10:00.976Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:03 honeypot-fra-1 sshd[31419]: Invalid user admin from 103.241.181.174 port 57236","@timestamp":"2022-09-19T02:10:03.979Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:06 honeypot-fra-1 sshd[31425]: Invalid user admin from 103.241.181.174 port 57878","@timestamp":"2022-09-19T02:10:06.980Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:09 honeypot-fra-1 sshd[31431]: Invalid user admin from 103.241.181.174 port 58534","@timestamp":"2022-09-19T02:10:09.982Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:12 honeypot-fra-1 sshd[31437]: Invalid user admin from 103.241.181.174 port 59224","@timestamp":"2022-09-19T02:10:12.984Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:14 honeypot-fra-1 sshd[31439]: Disconnected from invalid user idempiere 202.51.74.123 port 36664 [preauth]","@timestamp":"2022-09-19T02:10:14.985Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:17 honeypot-fra-1 sshd[31447]: Connection closed by invalid user admin 103.241.181.174 port 60178 [preauth]","@timestamp":"2022-09-19T02:10:17.988Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:20 honeypot-fra-1 sshd[31453]: Connection closed by invalid user admin 103.241.181.174 port 60844 [preauth]","@timestamp":"2022-09-19T02:10:20.990Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:23 honeypot-fra-1 sshd[31459]: Connection closed by invalid user admin 103.241.181.174 port 33190 [preauth]","@timestamp":"2022-09-19T02:10:23.991Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:27 honeypot-fra-1 sshd[31465]: Connection closed by invalid user admin 103.241.181.174 port 33766 [preauth]","@timestamp":"2022-09-19T02:10:27.994Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:30 honeypot-fra-1 sshd[31471]: Connection closed by invalid user admin 103.241.181.174 port 34350 [preauth]","@timestamp":"2022-09-19T02:10:30.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:33 honeypot-fra-1 sshd[31477]: Connection closed by invalid user admin 103.241.181.174 port 34904 [preauth]","@timestamp":"2022-09-19T02:10:33.999Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:36 honeypot-fra-1 sshd[31483]: Connection closed by invalid user admin 103.241.181.174 port 35416 [preauth]","@timestamp":"2022-09-19T02:10:37.001Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:39 honeypot-fra-1 sshd[31489]: Connection closed by invalid user admin 103.241.181.174 port 35986 [preauth]","@timestamp":"2022-09-19T02:10:40.003Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:42 honeypot-fra-1 sshd[31495]: Connection closed by invalid user admin 103.241.181.174 port 36494 [preauth]","@timestamp":"2022-09-19T02:10:43.005Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:45 honeypot-fra-1 sshd[31501]: Connection closed by invalid user admin 103.241.181.174 port 36984 [preauth]","@timestamp":"2022-09-19T02:10:46.006Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:48 honeypot-fra-1 sshd[31507]: Connection closed by invalid user admin 103.241.181.174 port 37532 [preauth]","@timestamp":"2022-09-19T02:10:49.010Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:10:51 honeypot-fra-1 sshd[31513]: Connection closed by invalid user ftp 103.241.181.174 port 38066 [preauth]","@timestamp":"2022-09-19T02:10:52.011Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:15:54.065Z","@version":"1","message":"Sep 19 02:15:53 honeypot-sgp-1 kernel: [84429855.619207] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=36676 DF PROTO=TCP SPT=4291 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:17:02.097Z","@version":"1","message":"Sep 19 02:17:01 honeypot-sgp-1 CRON[32393]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:17:45 honeypot-ams-1 sshd[6861]: Invalid user user from 45.61.184.204 port 54198","@timestamp":"2022-09-19T02:17:46.360Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:04 honeypot-ams-1 sshd[6865]: Invalid user user from 45.61.184.204 port 48398","@timestamp":"2022-09-19T02:18:04.370Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:21 honeypot-ams-1 sshd[6869]: Invalid user user from 45.61.184.204 port 42658","@timestamp":"2022-09-19T02:18:21.380Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:18:39 honeypot-ams-1 sshd[6873]: Invalid user user from 45.61.184.204 port 36912","@timestamp":"2022-09-19T02:18:39.389Z"}
{"@timestamp":"2022-09-19T02:20:38.189Z","@version":"1","message":"Sep 19 02:20:37 honeypot-sgp-1 sshd[32400]: Invalid user user from 45.61.184.204 port 43278","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:20:58.198Z","@version":"1","message":"Sep 19 02:20:57 honeypot-sgp-1 sshd[32404]: Invalid user user from 45.61.184.204 port 38428","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:21:16.208Z","@version":"1","message":"Sep 19 02:21:15 honeypot-sgp-1 sshd[32408]: Invalid user user from 45.61.184.204 port 33582","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:21:23 honeypot-fra-1 kernel: [84428488.483368] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=46709 PROTO=TCP SPT=53271 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:21:23.249Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:20 honeypot-fra-1 sshd[31525]: Disconnected from invalid user user 45.61.184.204 port 59896 [preauth]","@timestamp":"2022-09-19T02:23:21.297Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:23:40 honeypot-fra-1 sshd[31529]: Disconnected from invalid user user 45.61.184.204 port 55082 [preauth]","@timestamp":"2022-09-19T02:23:41.308Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:00 honeypot-fra-1 sshd[31533]: Disconnected from invalid user user 45.61.184.204 port 50274 [preauth]","@timestamp":"2022-09-19T02:24:01.317Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:24:18 honeypot-fra-1 sshd[31537]: Disconnected from invalid user user 45.61.184.204 port 45466 [preauth]","@timestamp":"2022-09-19T02:24:19.325Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:24:52.296Z","@version":"1","message":"Sep 19 02:24:52 honeypot-sgp-1 sshd[32412]: Invalid user hunter from 179.60.147.69 port 35310","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:26:30 honeypot-fra-1 sshd[31542]: Connection closed by invalid user hunter 179.60.147.69 port 44520 [preauth]","@timestamp":"2022-09-19T02:26:30.378Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:27:38 honeypot-ams-1 kernel: [84431038.086585] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.204.132.65 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=17569 PROTO=TCP SPT=50014 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:27:39.619Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:30:29 honeypot-ams-1 sshd[6882]: Connection closed by authenticating user root 103.188.176.251 port 56484 [preauth]","@timestamp":"2022-09-19T02:30:30.696Z"}
{"@timestamp":"2022-09-19T02:30:56.451Z","@version":"1","message":"Sep 19 02:30:56 honeypot-sgp-1 sshd[32417]: Received disconnect from 177.170.20.12 port 58634:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:35:19.564Z","@version":"1","message":"Sep 19 02:35:19 honeypot-sgp-1 sshd[32422]: Disconnecting invalid user  185.246.130.20 port 9858: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:35:43.577Z","@version":"1","message":"Sep 19 02:35:43 honeypot-sgp-1 sshd[32428]: Disconnecting invalid user  185.246.130.20 port 40616: Change of username or service not allowed: (,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:08.590Z","@version":"1","message":"Sep 19 02:36:07 honeypot-sgp-1 sshd[32434]: Disconnecting invalid user admin 185.246.130.20 port 34229: Change of username or service not allowed: (admin,ssh-connection) -> (aerohive,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:36:41.607Z","@version":"1","message":"Sep 19 02:36:41 honeypot-sgp-1 sshd[32440]: Disconnecting invalid user manager 185.246.130.20 port 41068: Change of username or service not allowed: (manager,ssh-connection) -> (private,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:15.624Z","@version":"1","message":"Sep 19 02:37:14 honeypot-sgp-1 sshd[32448]: Invalid user Admin from 185.246.130.20 port 60936","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:37:35.636Z","@version":"1","message":"Sep 19 02:37:34 honeypot-sgp-1 sshd[32454]: Invalid user user from 185.246.130.20 port 8958","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:01.649Z","@version":"1","message":"Sep 19 02:38:00 honeypot-sgp-1 sshd[32460]: Disconnecting invalid user blank 185.246.130.20 port 52387: Change of username or service not allowed: (blank,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:25.663Z","@version":"1","message":"Sep 19 02:38:24 honeypot-sgp-1 sshd[32466]: Disconnecting invalid user 1234 185.246.130.20 port 30983: Change of username or service not allowed: (1234,ssh-connection) -> (root,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:38:50.676Z","@version":"1","message":"Sep 19 02:38:49 honeypot-sgp-1 sshd[32472]: Disconnecting invalid user admin 176.15.138.108 port 2710: Too many authentication failures [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 02:38:53 honeypot-fra-1 sshd[31549]: Disconnected from authenticating user root 92.255.85.69 port 54048 [preauth]","@timestamp":"2022-09-19T02:38:54.655Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T02:39:11.687Z","@version":"1","message":"Sep 19 02:39:11 honeypot-sgp-1 sshd[32478]: Disconnecting invalid user admin 185.246.130.20 port 22133: Change of username or service not allowed: (admin,ssh-connection) -> (1234,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:36.701Z","@version":"1","message":"Sep 19 02:39:36 honeypot-sgp-1 sshd[32486]: Invalid user  from 185.246.130.20 port 36314","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:39:59.713Z","@version":"1","message":"Sep 19 02:39:58 honeypot-sgp-1 sshd[32492]: Invalid user admin from 185.246.130.20 port 1637","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:19.725Z","@version":"1","message":"Sep 19 02:40:18 honeypot-sgp-1 sshd[32499]: Invalid user  from 185.246.130.20 port 40236","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:40:48.740Z","@version":"1","message":"Sep 19 02:40:48 honeypot-sgp-1 sshd[32506]: Invalid user admin from 185.246.130.20 port 10833","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:17.756Z","@version":"1","message":"Sep 19 02:41:17 honeypot-sgp-1 sshd[32512]: Invalid user cusadmin from 185.246.130.20 port 33342","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:41:39.767Z","@version":"1","message":"Sep 19 02:41:39 honeypot-sgp-1 sshd[32518]: Invalid user lgnortel from 185.246.130.20 port 23748","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:41:43 honeypot-ams-1 sshd[6888]: Invalid user kdn from 80.19.204.177 port 48624","@timestamp":"2022-09-19T02:41:43.999Z"}
{"@timestamp":"2022-09-19T02:42:00.778Z","@version":"1","message":"Sep 19 02:41:59 honeypot-sgp-1 sshd[32524]: Invalid user admin from 185.246.130.20 port 1186","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:16.787Z","@version":"1","message":"Sep 19 02:42:16 honeypot-sgp-1 sshd[32530]: Invalid user matrix from 185.246.130.20 port 12029","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:28.793Z","@version":"1","message":"Sep 19 02:42:28 honeypot-sgp-1 sshd[32536]: Disconnected from authenticating user root 92.255.85.70 port 53794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:42:50.806Z","@version":"1","message":"Sep 19 02:42:50 honeypot-sgp-1 sshd[32542]: Invalid user blank from 185.246.130.20 port 55536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:17.820Z","@version":"1","message":"Sep 19 02:43:17 honeypot-sgp-1 sshd[32548]: Disconnecting invalid user airlive 185.246.130.20 port 20481: Change of username or service not allowed: (airlive,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:43:38.830Z","@version":"1","message":"Sep 19 02:43:37 honeypot-sgp-1 sshd[32554]: Disconnecting invalid user roqos 185.246.130.20 port 43968: Change of username or service not allowed: (roqos,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:00.841Z","@version":"1","message":"Sep 19 02:44:00 honeypot-sgp-1 sshd[32560]: Disconnecting invalid user sitecom 185.246.130.20 port 28558: Change of username or service not allowed: (sitecom,ssh-connection) -> (Broadcom,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:44:09 honeypot-ams-1 sshd[6890]: Disconnected from invalid user admin 197.45.35.19 port 60410 [preauth]","@timestamp":"2022-09-19T02:44:10.066Z"}
{"@timestamp":"2022-09-19T02:44:15.850Z","@version":"1","message":"Sep 19 02:44:15 honeypot-sgp-1 sshd[32566]: Disconnecting invalid user admin 185.246.130.20 port 34816: Change of username or service not allowed: (admin,ssh-connection) -> (cusadmin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:32.860Z","@version":"1","message":"Sep 19 02:44:32 honeypot-sgp-1 sshd[32572]: Disconnecting invalid user smcadmin 185.246.130.20 port 15320: Change of username or service not allowed: (smcadmin,ssh-connection) -> (sweex,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:44:48.869Z","@version":"1","message":"Sep 19 02:44:48 honeypot-sgp-1 sshd[32578]: Disconnecting invalid user admin 185.246.130.20 port 33346: Change of username or service not allowed: (admin,ssh-connection) -> (,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:06.878Z","@version":"1","message":"Sep 19 02:45:06 honeypot-sgp-1 sshd[32584]: Disconnecting invalid user user 185.246.130.20 port 30547: Change of username or service not allowed: (user,ssh-connection) -> (ubnt,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:31.891Z","@version":"1","message":"Sep 19 02:45:31 honeypot-sgp-1 sshd[32593]: Bad protocol version identification 'SSH-2.0_CoreLab-1.0' from 185.246.130.20 port 37891","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:45:52.904Z","@version":"1","message":"Sep 19 02:45:52 honeypot-sgp-1 sshd[32598]: Disconnecting invalid user readwrite 185.246.130.20 port 49672: Change of username or service not allowed: (readwrite,ssh-connection) -> (Admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:11.914Z","@version":"1","message":"Sep 19 02:46:11 honeypot-sgp-1 sshd[32604]: Disconnecting invalid user DZY-W2914NSV2 185.246.130.20 port 53233: Change of username or service not allowed: (DZY-W2914NSV2,ssh-connection) -> (0,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:26.922Z","@version":"1","message":"Sep 19 02:46:26 honeypot-sgp-1 sshd[32610]: Disconnecting invalid user zoomadsl 185.246.130.20 port 37439: Change of username or service not allowed: (zoomadsl,ssh-connection) -> (admin,ssh-connection) [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:46:39.930Z","@version":"1","message":"Sep 19 02:46:39 honeypot-sgp-1 sshd[32616]: Connection closed by invalid user ltecl4r0 185.246.130.20 port 45063 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T02:52:35.082Z","@version":"1","message":"Sep 19 02:52:34 honeypot-sgp-1 sshd[32620]: Received disconnect from 64.119.29.152 port 33290:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 02:55:24 honeypot-ams-1 kernel: [84432704.130928] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.227.118.234 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=17523 DF PROTO=TCP SPT=52232 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T02:55:25.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 02:57:25 honeypot-ams-1 sshd[6900]: Disconnected from invalid user mortimer 45.240.88.36 port 60048 [preauth]","@timestamp":"2022-09-19T02:57:25.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:01:15 honeypot-fra-1 kernel: [84430880.761824] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.6 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=1760 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:01:16.156Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:02:48 honeypot-ams-1 sshd[6905]: Received disconnect from 164.90.191.216 port 33124:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:02:49.557Z"}
{"@timestamp":"2022-09-19T03:03:27.360Z","@version":"1","message":"Sep 19 03:03:27 honeypot-sgp-1 kernel: [84432709.356895] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=207.102.138.83 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=12938 DF PROTO=TCP SPT=40906 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:05:46 honeypot-ams-1 sshd[6908]: Received disconnect from 182.50.252.90 port 41494:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:05:46.639Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:05:54 honeypot-fra-1 sshd[31559]: Connection closed by invalid user ftp 179.60.147.69 port 17096 [preauth]","@timestamp":"2022-09-19T03:05:55.263Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:06:38.442Z","@version":"1","message":"Sep 19 03:06:37 honeypot-sgp-1 sshd[32630]: Received disconnect from 185.191.205.93 port 48612:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 03:07:14 honeypot-ams-1 kernel: [84433414.080057] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=62746 PROTO=TCP SPT=42203 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:07:15.681Z"}
{"@timestamp":"2022-09-19T03:09:59.528Z","@version":"1","message":"Sep 19 03:09:59 honeypot-sgp-1 sshd[32633]: Received disconnect from 92.255.85.69 port 16830:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:13:24 honeypot-ams-1 sshd[6916]: Invalid user ubnt from 92.255.85.70 port 26348","@timestamp":"2022-09-19T03:13:25.855Z"}
{"@timestamp":"2022-09-19T03:14:41.647Z","@version":"1","message":"Sep 19 03:14:40 honeypot-sgp-1 sshd[32636]: Disconnected from authenticating user root 78.198.111.128 port 41212 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:14:49 honeypot-fra-1 sshd[31566]: Invalid user spam from 52.140.206.1 port 1024","@timestamp":"2022-09-19T03:14:50.464Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:15:33.671Z","@version":"1","message":"Sep 19 03:15:33 honeypot-sgp-1 sshd[32642]: Invalid user wra from 210.245.26.43 port 46352","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:18:42 honeypot-fra-1 sshd[31571]: Invalid user fabrice from 112.196.54.35 port 51600","@timestamp":"2022-09-19T03:18:43.553Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:19:44.779Z","@version":"1","message":"Sep 19 03:19:44 honeypot-sgp-1 sshd[32648]: Invalid user monitor from 202.61.105.17 port 51568","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:20:27 honeypot-ams-1 sshd[6922]: Invalid user ftp from 193.106.191.157 port 59212","@timestamp":"2022-09-19T03:20:28.041Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:21:46 honeypot-fra-1 kernel: [84432111.563522] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=2984 PROTO=TCP SPT=31574 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:21:46.622Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:23:43 honeypot-ams-1 sshd[6926]: Disconnected from authenticating user root 128.116.154.5 port 58736 [preauth]","@timestamp":"2022-09-19T03:23:44.129Z"}
{"@timestamp":"2022-09-19T03:28:52.007Z","@version":"1","message":"Sep 19 03:28:51 honeypot-sgp-1 sshd[32651]: Disconnected from invalid user quan 119.252.143.6 port 39809 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:32:12 honeypot-fra-1 sshd[31579]: Invalid user liuqi from 165.22.45.108 port 48152","@timestamp":"2022-09-19T03:32:13.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:35:00 honeypot-fra-1 kernel: [84432905.606956] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=86 TOS=0x00 PREC=0x00 TTL=250 ID=12310 PROTO=TCP SPT=7173 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:35:00.919Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:36:07 honeypot-ams-1 sshd[6930]: Connection closed by invalid user ftp 193.106.191.157 port 41626 [preauth]","@timestamp":"2022-09-19T03:36:08.450Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:39:32 honeypot-fra-1 sshd[31590]: Received disconnect from 179.43.156.143 port 40996:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:39:33.025Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:40:51 honeypot-fra-1 kernel: [84433256.397034] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.120 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=59994 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T03:40:52.056Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:42:28 honeypot-fra-1 sshd[31601]: Invalid user ossuser from 179.43.156.143 port 59368","@timestamp":"2022-09-19T03:42:29.096Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:43:43 honeypot-fra-1 sshd[31605]: Invalid user esunny from 179.43.156.143 port 55460","@timestamp":"2022-09-19T03:43:43.126Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:44:20 honeypot-fra-1 sshd[31609]: Disconnected from authenticating user root 179.43.156.143 port 53474 [preauth]","@timestamp":"2022-09-19T03:44:21.144Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:44:24 honeypot-ams-1 sshd[6933]: Disconnected from invalid user admin 92.255.85.70 port 63804 [preauth]","@timestamp":"2022-09-19T03:44:25.660Z"}
{"@timestamp":"2022-09-19T03:44:53.407Z","@version":"1","message":"Sep 19 03:44:53 honeypot-sgp-1 sshd[32658]: Invalid user user from 45.61.186.169 port 55836","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:12.418Z","@version":"1","message":"Sep 19 03:45:11 honeypot-sgp-1 sshd[32662]: Invalid user user from 45.61.186.169 port 50508","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T03:45:29.426Z","@version":"1","message":"Sep 19 03:45:29 honeypot-sgp-1 sshd[32667]: Invalid user user from 45.61.186.169 port 45182","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:45:34 honeypot-fra-1 sshd[31613]: Disconnected from invalid user git 179.43.156.143 port 49556 [preauth]","@timestamp":"2022-09-19T03:45:35.192Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T03:45:46.436Z","@version":"1","message":"Sep 19 03:45:45 honeypot-sgp-1 sshd[32671]: Invalid user user from 45.61.186.169 port 39880","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:46:50 honeypot-fra-1 sshd[31617]: Disconnected from invalid user hadoop 179.43.156.143 port 45616 [preauth]","@timestamp":"2022-09-19T03:46:51.223Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:48:07 honeypot-fra-1 sshd[31624]: Received disconnect from 179.43.156.143 port 41672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:48:07.253Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:49:04 honeypot-fra-1 sshd[31628]: Received disconnect from 189.90.255.173 port 53004:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:49:05.279Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:49:23 honeypot-ams-1 sshd[6938]: Invalid user ik from 35.246.83.56 port 59276","@timestamp":"2022-09-19T03:49:24.788Z"}
{"@timestamp":"2022-09-19T03:49:40.537Z","@version":"1","message":"Sep 19 03:49:40 honeypot-sgp-1 kernel: [84435482.281327] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.172 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=52546 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:50:03 honeypot-fra-1 sshd[31632]: Received disconnect from 179.43.156.143 port 35798:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:50:03.303Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:51:26 honeypot-fra-1 sshd[31636]: Disconnected from authenticating user root 179.43.156.143 port 60088 [preauth]","@timestamp":"2022-09-19T03:51:26.338Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:52:10 honeypot-ams-1 sshd[6942]: Received disconnect from 94.127.213.154 port 1144:11: Bye Bye [preauth]","@timestamp":"2022-09-19T03:52:10.862Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:52:48 honeypot-fra-1 sshd[31643]: Received disconnect from 179.43.156.143 port 56164:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:52:49.374Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:54:11 honeypot-fra-1 sshd[31647]: Disconnected from invalid user centos 179.43.156.143 port 52212 [preauth]","@timestamp":"2022-09-19T03:54:12.407Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 03:55:06 honeypot-ams-1 sshd[6947]: Disconnected from authenticating user root 191.92.120.156 port 38410 [preauth]","@timestamp":"2022-09-19T03:55:06.938Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:56:18 honeypot-fra-1 sshd[31653]: Disconnected from authenticating user root 179.43.156.143 port 46328 [preauth]","@timestamp":"2022-09-19T03:56:18.455Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:58:26 honeypot-fra-1 sshd[31660]: Received disconnect from 179.43.156.143 port 40414:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T03:58:27.507Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 03:59:51 honeypot-fra-1 sshd[31664]: Disconnected from authenticating user root 179.43.156.143 port 36478 [preauth]","@timestamp":"2022-09-19T03:59:51.540Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:00:13 honeypot-ams-1 sshd[6952]: Connection closed by invalid user que 137.116.144.39 port 60568 [preauth]","@timestamp":"2022-09-19T04:00:14.072Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:01:16 honeypot-fra-1 sshd[31671]: Received disconnect from 179.43.156.143 port 60780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T04:01:17.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:02:41 honeypot-fra-1 sshd[31675]: Disconnected from authenticating user root 179.43.156.143 port 56848 [preauth]","@timestamp":"2022-09-19T04:02:42.611Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:03:31 honeypot-ams-1 kernel: [84436790.628069] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=13.57.3.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=9465 PROTO=TCP SPT=40209 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:03:32.162Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:04:08 honeypot-fra-1 sshd[31680]: Received disconnect from 179.43.156.143 port 52904:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T04:04:08.646Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:05:37 honeypot-fra-1 sshd[31684]: Received disconnect from 179.43.156.143 port 48972:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T04:05:37.680Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:05:40.955Z","@version":"1","message":"Sep 19 04:05:40 honeypot-sgp-1 sshd[32677]: Disconnected from invalid user 1 92.255.85.70 port 45860 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:10:30.227Z","@version":"1","message":"Sep 19 04:10:29 honeypot-sgp-1 sshd[32686]: Received disconnect from 61.177.172.114 port 62858:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:11:05 honeypot-ams-1 kernel: [84437244.658799] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.224 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=46071 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:11:06.361Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:13:42 honeypot-fra-1 sshd[31691]: Invalid user oracle from 111.67.197.239 port 52580","@timestamp":"2022-09-19T04:13:42.855Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:16:29 honeypot-fra-1 sshd[31695]: Disconnected from authenticating user root 110.93.245.190 port 64740 [preauth]","@timestamp":"2022-09-19T04:16:29.919Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:16:51.392Z","@version":"1","message":"Sep 19 04:16:50 honeypot-sgp-1 sshd[32697]: Received disconnect from 138.68.72.245 port 44244:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:19:23.459Z","@version":"1","message":"Sep 19 04:19:23 honeypot-sgp-1 sshd[32702]: Disconnected from invalid user nx 206.189.219.241 port 34692 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:19:28 honeypot-fra-1 sshd[31703]: Invalid user 1 from 92.255.85.69 port 44588","@timestamp":"2022-09-19T04:19:28.988Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:22:05 honeypot-ams-1 sshd[6967]: Received disconnect from 54.233.118.215 port 32792:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:22:05.657Z"}
{"@timestamp":"2022-09-19T04:22:38.547Z","@version":"1","message":"Sep 19 04:22:38 honeypot-sgp-1 sshd[32710]: Received disconnect from 61.177.173.36 port 39047:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:25:24 honeypot-ams-1 sshd[6971]: Received disconnect from 92.255.85.69 port 36306:11: Bye Bye [preauth]","@timestamp":"2022-09-19T04:25:24.745Z"}
{"@timestamp":"2022-09-19T04:27:00.662Z","@version":"1","message":"Sep 19 04:27:00 honeypot-sgp-1 sshd[32715]: Connection closed by authenticating user root 179.60.147.69 port 51414 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:32:53.821Z","@version":"1","message":"Sep 19 04:32:52 honeypot-sgp-1 kernel: [84438074.949410] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=36.76.113.158 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=39479 DPT=80 WINDOW=0 RES=0x00 RST URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:01 honeypot-fra-1 sshd[31708]: Did not receive identification string from 34.71.244.4 port 36052","@timestamp":"2022-09-19T04:33:02.289Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31711]: Invalid user testuser from 34.71.244.4 port 36308","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31712]: Invalid user ansible from 34.71.244.4 port 36198","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31715]: Connection closed by authenticating user root 34.71.244.4 port 36382 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31711]: Connection closed by invalid user testuser 34.71.244.4 port 36308 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31724]: Connection closed by invalid user docker 34.71.244.4 port 36366 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:33:02 honeypot-fra-1 sshd[31730]: Connection closed by invalid user ftptest 34.71.244.4 port 36068 [preauth]","@timestamp":"2022-09-19T04:33:03.290Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:36:10.908Z","@version":"1","message":"Sep 19 04:36:10 honeypot-sgp-1 sshd[32721]: Received disconnect from 61.177.172.19 port 39138:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:44:13.131Z","@version":"1","message":"Sep 19 04:44:12 honeypot-sgp-1 sshd[32730]: Invalid user  from 65.49.20.66 port 22622","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 04:48:04 honeypot-ams-1 kernel: [84439463.662355] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=92.13.75.66 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=6768 PROTO=TCP SPT=4553 DPT=80 WINDOW=28601 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:48:05.320Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:50:45 honeypot-fra-1 sshd[31761]: Invalid user system from 92.255.85.70 port 17748","@timestamp":"2022-09-19T04:50:45.677Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T04:54:31.388Z","@version":"1","message":"Sep 19 04:54:30 honeypot-sgp-1 sshd[32738]: Invalid user user from 45.61.186.249 port 38244","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:54:49.396Z","@version":"1","message":"Sep 19 04:54:49 honeypot-sgp-1 sshd[32742]: Invalid user user from 45.61.186.249 port 60924","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T04:55:06.404Z","@version":"1","message":"Sep 19 04:55:06 honeypot-sgp-1 sshd[32746]: Invalid user user from 45.61.186.249 port 55420","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 04:55:07 honeypot-ams-1 sshd[6986]: Invalid user xhl from 103.188.176.251 port 55520","@timestamp":"2022-09-19T04:55:08.500Z"}
{"@timestamp":"2022-09-19T04:56:18.435Z","@version":"1","message":"Sep 19 04:56:17 honeypot-sgp-1 sshd[32750]: Invalid user system from 92.255.85.69 port 25060","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 04:59:14 honeypot-fra-1 kernel: [84437959.181650] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=110 ID=22081 DF PROTO=TCP SPT=57117 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T04:59:14.865Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:00:35 honeypot-fra-1 sshd[31767]: Connection closed by invalid user  64.62.197.2 port 44538 [preauth]","@timestamp":"2022-09-19T05:00:35.899Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:03:33.619Z","@version":"1","message":"Sep 19 05:03:33 honeypot-sgp-1 sshd[32757]: Invalid user myshake from 179.60.147.69 port 8388","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:04:09 honeypot-ams-1 sshd[7437]: Invalid user  from 64.62.197.77 port 50808","@timestamp":"2022-09-19T05:04:10.728Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:06:45 honeypot-ams-1 kernel: [84440584.239536] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=95.246.41.12 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=4238 PROTO=TCP SPT=27115 DPT=80 WINDOW=53083 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:06:45.799Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:08:38 honeypot-fra-1 sshd[31773]: Connection closed by invalid user ftp 193.106.191.157 port 52518 [preauth]","@timestamp":"2022-09-19T05:08:39.080Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:10:23.794Z","@version":"1","message":"Sep 19 05:10:23 honeypot-sgp-1 sshd[32762]: Did not receive identification string from 45.61.186.249 port 51864","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:10:56.810Z","@version":"1","message":"Sep 19 05:10:56 honeypot-sgp-1 sshd[32765]: Disconnected from invalid user user 45.61.186.249 port 53352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:15.820Z","@version":"1","message":"Sep 19 05:11:15 honeypot-sgp-1 sshd[303]: Disconnected from invalid user user 45.61.186.249 port 48366 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:33.830Z","@version":"1","message":"Sep 19 05:11:33 honeypot-sgp-1 sshd[307]: Received disconnect from 190.224.88.94 port 34754:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:11:41.834Z","@version":"1","message":"Sep 19 05:11:41 honeypot-sgp-1 sshd[311]: Disconnected from invalid user user 45.61.186.249 port 55026 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:15:56 honeypot-ams-1 kernel: [84441135.453503] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.214.156.168 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=54843 PROTO=TCP SPT=28021 DPT=80 WINDOW=46517 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:15:57.037Z"}
{"@timestamp":"2022-09-19T05:17:01.969Z","@version":"1","message":"Sep 19 05:17:01 honeypot-sgp-1 CRON[316]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:17:01 honeypot-fra-1 CRON[31781]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T05:17:02.263Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:20:07 honeypot-fra-1 kernel: [84439212.941046] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=4527 PROTO=TCP SPT=44294 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:20:08.335Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T05:21:17.080Z","@version":"1","message":"Sep 19 05:21:16 honeypot-sgp-1 sshd[326]: Invalid user www from 103.188.176.251 port 39046","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:21:34 honeypot-ams-1 sshd[7449]: Received disconnect from 35.199.146.114 port 46088:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:21:35.183Z"}
{"@timestamp":"2022-09-19T05:23:21.135Z","@version":"1","message":"Sep 19 05:23:20 honeypot-sgp-1 sshd[333]: Invalid user admin from 92.255.85.70 port 60040","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:25:08 honeypot-ams-1 sshd[7452]: Disconnected from invalid user admin 92.255.85.69 port 18786 [preauth]","@timestamp":"2022-09-19T05:25:09.277Z"}
{"@timestamp":"2022-09-19T05:26:31.217Z","@version":"1","message":"Sep 19 05:26:30 honeypot-sgp-1 sshd[336]: Disconnected from invalid user losts 20.101.129.212 port 1024 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:01 honeypot-fra-1 sshd[31790]: Invalid user user from 45.61.186.169 port 56992","@timestamp":"2022-09-19T05:29:01.535Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:19 honeypot-fra-1 sshd[31794]: Invalid user user from 45.61.186.169 port 52132","@timestamp":"2022-09-19T05:29:19.545Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:29:36 honeypot-fra-1 sshd[31798]: Invalid user user from 45.61.186.169 port 47214","@timestamp":"2022-09-19T05:29:36.552Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:30:50 honeypot-ams-1 kernel: [84442029.565446] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=64823 PROTO=TCP SPT=45405 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:30:50.422Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:31:00 honeypot-fra-1 kernel: [84439865.286536] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=10912 PROTO=TCP SPT=45405 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:31:00.585Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T05:35:03.434Z","@version":"1","message":"Sep 19 05:35:02 honeypot-sgp-1 kernel: [84441804.695482] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=112.46.68.218 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=24398 PROTO=TCP SPT=25502 DPT=80 WINDOW=47299 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:37:19 honeypot-ams-1 sshd[7464]: Received disconnect from 103.242.199.118 port 57192:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:37:20.589Z"}
{"@timestamp":"2022-09-19T05:39:40.549Z","@version":"1","message":"Sep 19 05:39:40 honeypot-sgp-1 sshd[347]: Invalid user pyimagesearch from 179.60.147.69 port 57220","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:42:01.613Z","@version":"1","message":"Sep 19 05:42:00 honeypot-sgp-1 sshd[352]: Disconnected from invalid user febrio 189.254.172.114 port 14658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:42:10 honeypot-fra-1 sshd[31805]: Disconnected from invalid user musicbot1 46.41.142.93 port 53916 [preauth]","@timestamp":"2022-09-19T05:42:11.835Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 05:43:01 honeypot-ams-1 sshd[7469]: Connection closed by invalid user pyimagesearch 179.60.147.69 port 24894 [preauth]","@timestamp":"2022-09-19T05:43:02.736Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:44:20 honeypot-fra-1 sshd[31811]: Invalid user ftp from 193.106.191.157 port 48118","@timestamp":"2022-09-19T05:44:20.886Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:51:53 honeypot-fra-1 sshd[31814]: Disconnected from invalid user user 92.255.85.70 port 22206 [preauth]","@timestamp":"2022-09-19T05:51:54.054Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:52:53 honeypot-ams-1 kernel: [84443352.973225] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=50451 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:52:53.991Z"}
{"@timestamp":"2022-09-19T05:52:53.888Z","@version":"1","message":"Sep 19 05:52:52 honeypot-sgp-1 sshd[360]: Disconnected from invalid user sesimagotag 89.22.165.187 port 43042 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T05:56:39.984Z","@version":"1","message":"Sep 19 05:56:39 honeypot-sgp-1 sshd[366]: Invalid user tickets from 142.93.117.15 port 42996","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:59:32 honeypot-fra-1 kernel: [84441577.849680] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=54.153.18.204 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=40629 PROTO=TCP SPT=47172 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:59:33.229Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:01:10 honeypot-ams-1 sshd[7475]: Received disconnect from 92.255.85.69 port 25522:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:01:11.204Z"}
{"@timestamp":"2022-09-19T06:01:49.114Z","@version":"1","message":"Sep 19 06:01:49 honeypot-sgp-1 sshd[374]: Disconnected from invalid user user 45.61.186.249 port 49336 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:08.125Z","@version":"1","message":"Sep 19 06:02:07 honeypot-sgp-1 sshd[378]: Disconnected from invalid user user 45.61.186.249 port 44058 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:26.134Z","@version":"1","message":"Sep 19 06:02:25 honeypot-sgp-1 sshd[382]: Disconnected from invalid user user 45.61.186.249 port 38768 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:42.141Z","@version":"1","message":"Sep 19 06:02:42 honeypot-sgp-1 sshd[386]: Received disconnect from 45.61.186.249 port 33512:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:06:25.237Z","@version":"1","message":"Sep 19 06:06:25 honeypot-sgp-1 sshd[391]: Received disconnect from 34.78.205.135 port 33893:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:08:09 honeypot-fra-1 sshd[31898]: Received disconnect from 186.121.204.10 port 42964:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:08:10.419Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:11:01.353Z","@version":"1","message":"Sep 19 06:11:00 honeypot-sgp-1 sshd[396]: Disconnected from authenticating user root 143.198.155.98 port 58836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:13:56 honeypot-ams-1 kernel: [84444615.503892] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.197.1.140 DST=178.62.254.91 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=46589 DF PROTO=TCP SPT=62882 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:13:56.525Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:24 honeypot-fra-1 sshd[31904]: Invalid user user from 45.61.187.160 port 48452","@timestamp":"2022-09-19T06:15:25.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:42 honeypot-fra-1 sshd[31908]: Invalid user user from 45.61.187.160 port 43656","@timestamp":"2022-09-19T06:15:42.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:58 honeypot-fra-1 sshd[31912]: Invalid user user from 45.61.187.160 port 38894","@timestamp":"2022-09-19T06:15:59.609Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:16:47.496Z","@version":"1","message":"Sep 19 06:16:46 honeypot-sgp-1 sshd[489]: Invalid user device from 179.60.147.69 port 45898","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:16:50 honeypot-fra-1 kernel: [84442615.104585] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=14652 PROTO=TCP SPT=47773 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:16:50.631Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:18:00 honeypot-fra-1 sshd[31921]: Connection closed by invalid user device 179.60.147.69 port 13758 [preauth]","@timestamp":"2022-09-19T06:18:01.661Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:20:26 honeypot-ams-1 sshd[7575]: Connection closed by invalid user device 179.60.147.69 port 8292 [preauth]","@timestamp":"2022-09-19T06:20:26.692Z"}
{"@timestamp":"2022-09-19T06:20:55.602Z","@version":"1","message":"Sep 19 06:20:55 honeypot-sgp-1 sshd[499]: Received disconnect from 92.255.85.69 port 27652:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:26:40.780Z","@version":"1","message":"Sep 19 06:26:40 honeypot-sgp-1 kernel: [84444902.191587] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.210 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=46806 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:27:59 honeypot-ams-1 sshd[7748]: Invalid user admin from 42.200.78.78 port 52672","@timestamp":"2022-09-19T06:27:59.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:27 honeypot-ams-1 sshd[7752]: Disconnected from invalid user user 45.61.186.169 port 39364 [preauth]","@timestamp":"2022-09-19T06:34:28.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:45 honeypot-ams-1 sshd[7756]: Received disconnect from 45.61.186.169 port 34576:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:34:46.104Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:01 honeypot-ams-1 sshd[7760]: Received disconnect from 45.61.186.169 port 58012:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:35:02.112Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:18 honeypot-ams-1 sshd[7764]: Received disconnect from 45.61.186.169 port 53216:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:35:18.121Z"}
{"@timestamp":"2022-09-19T06:37:49.057Z","@version":"1","message":"Sep 19 06:37:48 honeypot-sgp-1 sshd[748]: Invalid user art from 35.219.62.194 port 41946","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:38:59 honeypot-fra-1 kernel: [84443944.605433] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=5.188.210.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=53841 PROTO=TCP SPT=44938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:39:00.135Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:41:06 honeypot-ams-1 sshd[7769]: Invalid user neha from 154.221.23.144 port 34508","@timestamp":"2022-09-19T06:41:06.270Z"}
{"@timestamp":"2022-09-19T06:42:42.181Z","@version":"1","message":"Sep 19 06:42:41 honeypot-sgp-1 sshd[750]: Received disconnect from 165.227.133.23 port 45736:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:43:31 honeypot-fra-1 sshd[32167]: Received disconnect from 92.255.85.69 port 28604:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:43:32.238Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:45:17 honeypot-ams-1 sshd[7774]: Disconnected from invalid user minato 209.97.183.120 port 52276 [preauth]","@timestamp":"2022-09-19T06:45:18.380Z"}
{"@timestamp":"2022-09-19T06:46:21.271Z","@version":"1","message":"Sep 19 06:46:20 honeypot-sgp-1 sshd[757]: Disconnected from invalid user vpn 92.255.85.70 port 46798 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:50:37 honeypot-fra-1 sshd[32173]: Received disconnect from 128.199.74.173 port 37418:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:50:38.395Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:50:41 honeypot-ams-1 sshd[7777]: Disconnected from invalid user admin 2.238.74.118 port 56098 [preauth]","@timestamp":"2022-09-19T06:50:42.520Z"}
{"@timestamp":"2022-09-19T06:53:55.461Z","@version":"1","message":"Sep 19 06:53:55 honeypot-sgp-1 sshd[762]: Disconnected from authenticating user root 61.177.172.90 port 33226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:56:31 honeypot-ams-1 sshd[7782]: Received disconnect from 92.255.85.70 port 58586:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:56:32.672Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:57:57 honeypot-fra-1 sshd[32177]: Connection closed by invalid user demo 179.60.147.69 port 55700 [preauth]","@timestamp":"2022-09-19T06:57:57.557Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:02:19 honeypot-ams-1 sshd[7787]: Unable to negotiate with 190.124.32.18 port 54597: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth]","@timestamp":"2022-09-19T07:02:19.824Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:05:17 honeypot-fra-1 kernel: [84445522.284912] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.53.162 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=45095 PROTO=TCP SPT=44788 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:05:17.738Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:06:20.768Z","@version":"1","message":"Sep 19 07:06:20 honeypot-sgp-1 sshd[774]: Received disconnect from 121.7.31.13 port 19731:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T07:06:41.798Z","@version":"1","message":"Sep 19 07:06:41 honeypot-sgp-1 sshd[778]: Received disconnect from 67.164.27.145 port 47656:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:08:56 honeypot-fra-1 sshd[32186]: Connection closed by invalid user ftp 193.106.191.157 port 43306 [preauth]","@timestamp":"2022-09-19T07:08:56.822Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:11:21 honeypot-fra-1 sshd[32191]: Disconnected from authenticating user root 164.92.172.247 port 46520 [preauth]","@timestamp":"2022-09-19T07:11:21.878Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:16:23.041Z","@version":"1","message":"Sep 19 07:16:23 honeypot-sgp-1 sshd[786]: Received disconnect from 92.255.85.69 port 23450:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:17:01 honeypot-ams-1 CRON[7791]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T07:17:02.205Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:20:37 honeypot-fra-1 kernel: [84446442.066152] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=8182 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:20:38.083Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:22:13.186Z","@version":"1","message":"Sep 19 07:22:12 honeypot-sgp-1 sshd[796]: Received disconnect from 104.248.181.156 port 35452:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:22:15 honeypot-ams-1 sshd[7799]: Connection closed by invalid user www 103.188.176.251 port 46408 [preauth]","@timestamp":"2022-09-19T07:22:15.342Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:24:18 honeypot-ams-1 kernel: [84448837.891240] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=12916 PROTO=TCP SPT=59289 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:24:19.397Z"}
{"@timestamp":"2022-09-19T07:25:08.261Z","@version":"1","message":"Sep 19 07:25:07 honeypot-sgp-1 kernel: [84448409.643085] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.4 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=45247 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:30:35 honeypot-fra-1 sshd[32209]: Invalid user jakub from 211.253.133.48 port 47126","@timestamp":"2022-09-19T07:30:36.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:35:04.533Z","@version":"1","message":"Sep 19 07:35:04 honeypot-sgp-1 sshd[810]: Connection closed by invalid user admin 179.60.147.69 port 3206 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:36:12 honeypot-fra-1 sshd[32215]: Invalid user admin from 179.60.147.69 port 8408","@timestamp":"2022-09-19T07:36:13.431Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:36:42 honeypot-ams-1 sshd[7811]: Invalid user ftp from 193.106.191.157 port 55758","@timestamp":"2022-09-19T07:36:42.716Z"}
{"@timestamp":"2022-09-19T07:41:43.698Z","@version":"1","message":"Sep 19 07:41:43 honeypot-sgp-1 kernel: [84449404.997299] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=42617 DF PROTO=TCP SPT=41840 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:44:38 honeypot-fra-1 sshd[32220]: Invalid user ftp from 193.106.191.157 port 38874","@timestamp":"2022-09-19T07:44:38.615Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:44:57 honeypot-fra-1 kernel: [84447902.173865] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=21447 DF PROTO=TCP SPT=39830 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:44:57.626Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:46:59.829Z","@version":"1","message":"Sep 19 07:46:59 honeypot-sgp-1 sshd[824]: Received disconnect from 49.88.112.113 port 27996:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:48:17 honeypot-ams-1 sshd[7819]: Received disconnect from 92.255.85.70 port 53648:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:48:18.012Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:50:01 honeypot-fra-1 sshd[32228]: Disconnected from authenticating user root 61.177.172.13 port 14280 [preauth]","@timestamp":"2022-09-19T07:50:01.741Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:50:25 honeypot-ams-1 kernel: [84450404.409364] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=44537 DF PROTO=TCP SPT=41522 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:50:26.073Z"}
{"@timestamp":"2022-09-19T07:50:50.927Z","@version":"1","message":"Sep 19 07:50:50 honeypot-sgp-1 kernel: [84449952.114091] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=84 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=24566 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:57:46 honeypot-fra-1 kernel: [84448671.558266] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51338 PROTO=TCP SPT=53701 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:57:46.916Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:01:43 honeypot-ams-1 kernel: [84451082.831940] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=84 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=22492 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:01:44.374Z"}
{"@timestamp":"2022-09-19T08:02:19.210Z","@version":"1","message":"Sep 19 08:02:18 honeypot-sgp-1 kernel: [84450640.426974] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.84.108.130 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=32768 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:05:11 honeypot-fra-1 sshd[32236]: Received disconnect from 139.59.121.221 port 40436:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:05:12.084Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:12:21 honeypot-fra-1 sshd[32239]: Connection closed by invalid user plexuser 179.60.147.69 port 7112 [preauth]","@timestamp":"2022-09-19T08:12:22.248Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:12:27.482Z","@version":"1","message":"Sep 19 08:12:27 honeypot-sgp-1 kernel: [84451248.800966] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=81 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=12284 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:15:50 honeypot-ams-1 kernel: [84451929.724042] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=29032 PROTO=TCP SPT=42212 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:15:50.740Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:18:36 honeypot-fra-1 sshd[32266]: Did not receive identification string from 45.61.186.249 port 49544","@timestamp":"2022-09-19T08:18:37.390Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:18:58 honeypot-fra-1 sshd[32269]: Disconnected from invalid user user 45.61.186.249 port 36548 [preauth]","@timestamp":"2022-09-19T08:18:59.400Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:19:09 honeypot-ams-1 kernel: [84452129.061758] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.128 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=22304 PROTO=TCP SPT=41465 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:19:10.831Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:18 honeypot-fra-1 sshd[32273]: Disconnected from invalid user user 45.61.186.249 port 59810 [preauth]","@timestamp":"2022-09-19T08:19:19.410Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:37 honeypot-fra-1 sshd[32277]: Disconnected from invalid user user 45.61.186.249 port 54852 [preauth]","@timestamp":"2022-09-19T08:19:38.420Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:50 honeypot-fra-1 sshd[32281]: Disconnected from invalid user 165.22.135.127 86.107.199.172 port 44206 [preauth]","@timestamp":"2022-09-19T08:19:50.425Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:20:52 honeypot-fra-1 sshd[32285]: Disconnected from invalid user 165.154.226.135 86.107.199.172 port 47508 [preauth]","@timestamp":"2022-09-19T08:20:53.452Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:22:53.739Z","@version":"1","message":"Sep 19 08:22:52 honeypot-sgp-1 sshd[867]: Received disconnect from 24.69.190.84 port 57446:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:22:55 honeypot-fra-1 sshd[32290]: Invalid user 165.22.124.105 from 86.107.199.172 port 54122","@timestamp":"2022-09-19T08:22:56.502Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:24:49.789Z","@version":"1","message":"Sep 19 08:24:49 honeypot-sgp-1 sshd[887]: Disconnected from authenticating user root 165.22.217.96 port 47990 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:24:56 honeypot-fra-1 sshd[32294]: Invalid user 165.227.156.182 from 86.107.199.172 port 60742","@timestamp":"2022-09-19T08:24:56.550Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:25:03.797Z","@version":"1","message":"Sep 19 08:25:03 honeypot-sgp-1 sshd[894]: Received disconnect from 128.199.66.208 port 45470:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:25:57 honeypot-fra-1 sshd[32296]: Disconnected from invalid user 165.154.69.89 86.107.199.172 port 35818 [preauth]","@timestamp":"2022-09-19T08:25:58.575Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:27:45 honeypot-ams-1 kernel: [84452644.563897] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.135 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49097 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:27:46.061Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:28:02 honeypot-fra-1 sshd[32302]: Received disconnect from 86.107.199.172 port 42442:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:28:03.624Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:30:11 honeypot-fra-1 sshd[32306]: Received disconnect from 86.107.199.172 port 49050:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:30:11.672Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:30:25.930Z","@version":"1","message":"Sep 19 08:30:25 honeypot-sgp-1 kernel: [84452327.653958] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=32618 PROTO=TCP SPT=42212 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:31:59 honeypot-fra-1 sshd[32311]: Received disconnect from 181.117.6.49 port 11886:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:32:00.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:32:31 honeypot-fra-1 sshd[32315]: Received disconnect from 193.8.210.136 port 34642:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:32:31.730Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:33:27 honeypot-fra-1 sshd[32318]: Disconnected from invalid user 165.232.155.109 86.107.199.172 port 58998 [preauth]","@timestamp":"2022-09-19T08:33:27.753Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:34:29 honeypot-ams-1 kernel: [84453048.722087] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=81 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=6108 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:34:30.240Z"}
{"@timestamp":"2022-09-19T08:34:37.039Z","@version":"1","message":"Sep 19 08:34:36 honeypot-sgp-1 kernel: [84452578.113170] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=81 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=18384 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:35:08 honeypot-fra-1 kernel: [84450912.577915] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=16686 PROTO=TCP SPT=42212 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:35:08.796Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:36:44 honeypot-fra-1 sshd[32324]: Disconnected from invalid user 165.22.180.94 86.107.199.172 port 40704 [preauth]","@timestamp":"2022-09-19T08:36:44.834Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:38:49 honeypot-fra-1 kernel: [84451134.483241] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=170.187.162.16 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=9992 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:38:50.883Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:38:54.149Z","@version":"1","message":"Sep 19 08:38:53 honeypot-sgp-1 sshd[904]: Connection closed by 43.135.86.121 port 37086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:39:43 honeypot-ams-1 sshd[7867]: Received disconnect from 189.182.176.231 port 54922:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:39:43.378Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:39:57 honeypot-fra-1 sshd[32333]: Received disconnect from 86.107.199.172 port 50634:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:39:58.914Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:40:44 honeypot-ams-1 kernel: [84453423.750025] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40038 PROTO=TCP SPT=56685 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:40:45.409Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:42:09 honeypot-fra-1 sshd[32337]: Received disconnect from 86.107.199.172 port 57248:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:42:09.964Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:43:28 honeypot-fra-1 kernel: [84451412.589200] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37808 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:43:28.996Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:44:16.284Z","@version":"1","message":"Sep 19 08:44:16 honeypot-sgp-1 kernel: [84453158.001965] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=29630 PROTO=TCP SPT=56685 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:44:21 honeypot-fra-1 sshd[32345]: Disconnected from invalid user 165.227.162.174 86.107.199.172 port 35638 [preauth]","@timestamp":"2022-09-19T08:44:22.021Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:44:25 honeypot-ams-1 sshd[7873]: Disconnected from invalid user college 178.128.51.153 port 37624 [preauth]","@timestamp":"2022-09-19T08:44:25.505Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:45:48 honeypot-fra-1 kernel: [84451553.324390] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.118.39.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=57351 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:45:49.057Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:47:44 honeypot-fra-1 sshd[32353]: Invalid user 165.22.197.224 from 86.107.199.172 port 45560","@timestamp":"2022-09-19T08:47:45.105Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:48:51 honeypot-fra-1 sshd[32357]: Disconnected from invalid user 165.227.206.68 86.107.199.172 port 48890 [preauth]","@timestamp":"2022-09-19T08:48:52.133Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:49:47.423Z","@version":"1","message":"Sep 19 08:49:46 honeypot-sgp-1 sshd[918]: Disconnected from authenticating user nobody 92.255.85.69 port 36030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:50:20 honeypot-ams-1 kernel: [84453999.076448] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=83 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=32762 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:50:20.661Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:51:05 honeypot-fra-1 sshd[32363]: Received disconnect from 86.107.199.172 port 55502:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:51:06.186Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:52:34 honeypot-ams-1 sshd[7883]: Disconnected from authenticating user nobody 92.255.85.70 port 54248 [preauth]","@timestamp":"2022-09-19T08:52:35.724Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:53:47 honeypot-fra-1 sshd[32367]: Invalid user 165.227.199.196 from 86.107.199.172 port 33900","@timestamp":"2022-09-19T08:53:48.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:55:56 honeypot-fra-1 kernel: [84452160.775359] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=24562 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:55:56.298Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:58:35 honeypot-fra-1 sshd[32374]: Disconnected from invalid user 165.227.81.81 86.107.199.172 port 43832 [preauth]","@timestamp":"2022-09-19T08:58:35.361Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:59:01.650Z","@version":"1","message":"Sep 19 08:59:01 honeypot-sgp-1 sshd[926]: Invalid user admin from 179.127.204.48 port 40536","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:13 honeypot-fra-1 sshd[32379]: Received disconnect from 45.61.186.49 port 46124:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:59:14.379Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:21 honeypot-fra-1 sshd[32383]: Received disconnect from 45.61.186.49 port 57554:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:59:22.383Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:01:51 honeypot-fra-1 sshd[32388]: Received disconnect from 86.107.199.172 port 50450:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:01:51.440Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:02:40.742Z","@version":"1","message":"Sep 19 09:02:40 honeypot-sgp-1 sshd[930]: Received disconnect from 61.177.172.114 port 24091:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:02:44 honeypot-ams-1 kernel: [84454743.573475] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=36183 PROTO=TCP SPT=58004 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:02:44.995Z"}
{"@timestamp":"2022-09-19T09:04:16.785Z","@version":"1","message":"Sep 19 09:04:15 honeypot-sgp-1 sshd[936]: Disconnected from invalid user user 45.61.187.160 port 46086 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:04:17 honeypot-fra-1 kernel: [84452661.742460] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=87 TOS=0x00 PREC=0x00 TTL=250 ID=28256 PROTO=TCP SPT=26983 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:04:17.499Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:04:33.793Z","@version":"1","message":"Sep 19 09:04:33 honeypot-sgp-1 sshd[940]: Disconnected from invalid user user 45.61.187.160 port 41346 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:50.802Z","@version":"1","message":"Sep 19 09:04:50 honeypot-sgp-1 sshd[944]: Disconnected from invalid user user 45.61.187.160 port 36556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:05:06.811Z","@version":"1","message":"Sep 19 09:05:06 honeypot-sgp-1 sshd[948]: Disconnected from invalid user user 45.61.187.160 port 60044 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:05:47 honeypot-ams-1 sshd[7962]: Received disconnect from 192.3.134.187 port 39622:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:05:47.076Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:06:28 honeypot-fra-1 sshd[32395]: Disconnected from invalid user 165.227.198.78 86.107.199.172 port 57078 [preauth]","@timestamp":"2022-09-19T09:06:29.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:09:58 honeypot-fra-1 kernel: [84453003.154074] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=81 TOS=0x00 PREC=0x00 TTL=238 ID=22780 DF PROTO=TCP SPT=26586 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:09:59.635Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:11:22 honeypot-fra-1 sshd[32403]: Disconnected from invalid user liuxk 165.22.45.108 port 37542 [preauth]","@timestamp":"2022-09-19T09:11:22.668Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:13:53.027Z","@version":"1","message":"Sep 19 09:13:52 honeypot-sgp-1 sshd[955]: Disconnected from authenticating user root 61.177.173.36 port 28384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:14:45 honeypot-fra-1 kernel: [84453290.400249] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.219.133 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=35305 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:14:46.747Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:16:28.094Z","@version":"1","message":"Sep 19 09:16:27 honeypot-sgp-1 sshd[963]: Connection closed by invalid user pi 46.160.140.238 port 50794 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:17:01 honeypot-fra-1 CRON[32412]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T09:17:01.799Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:17:01 honeypot-ams-1 CRON[7966]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T09:17:02.365Z"}
{"@timestamp":"2022-09-19T09:17:06.112Z","@version":"1","message":"Sep 19 09:17:06 honeypot-sgp-1 sshd[970]: Disconnected from authenticating user root 45.89.26.197 port 44826 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:17:42 honeypot-fra-1 sshd[32415]: Disconnected from invalid user kumi 95.91.233.236 port 19190 [preauth]","@timestamp":"2022-09-19T09:17:42.817Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:17:59.135Z","@version":"1","message":"Sep 19 09:17:59 honeypot-sgp-1 sshd[976]: Disconnected from invalid user lw 111.95.141.34 port 57408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:19:24.172Z","@version":"1","message":"Sep 19 09:19:24 honeypot-sgp-1 sshd[980]: Received disconnect from 114.7.200.107 port 59496:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:20:37.203Z","@version":"1","message":"Sep 19 09:20:37 honeypot-sgp-1 kernel: [84455338.805538] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.105.129.90 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=5149 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:20:56 honeypot-ams-1 kernel: [84455835.507278] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=170.187.162.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=22234 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:20:56.472Z"}
{"@timestamp":"2022-09-19T09:22:34.252Z","@version":"1","message":"Sep 19 09:22:33 honeypot-sgp-1 sshd[991]: Disconnected from authenticating user root 218.92.0.221 port 64553 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:23:08 honeypot-ams-1 kernel: [84455967.495815] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.89.91.165 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=1784 PROTO=TCP SPT=49584 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:23:08.533Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:26:26 honeypot-fra-1 kernel: [84453990.971364] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.63.197.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=9964 PROTO=TCP SPT=52188 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:26:27.013Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:26:55.360Z","@version":"1","message":"Sep 19 09:26:54 honeypot-sgp-1 sshd[999]: Received disconnect from 61.177.173.46 port 17976:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:30:59 honeypot-ams-1 kernel: [84456438.895330] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.58.118.141 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=32227 PROTO=TCP SPT=63493 DPT=80 WINDOW=29597 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:31:00.742Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:33:02 honeypot-fra-1 sshd[32424]: Invalid user pj from 35.219.62.194 port 54394","@timestamp":"2022-09-19T09:33:03.164Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:34:17.540Z","@version":"1","message":"Sep 19 09:34:16 honeypot-sgp-1 sshd[1004]: Disconnected from invalid user sienna 164.163.96.253 port 49456 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:36:23 honeypot-ams-1 sshd[7982]: Received disconnect from 68.224.161.96 port 58674:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:36:23.886Z"}
{"@timestamp":"2022-09-19T09:38:08.635Z","@version":"1","message":"Sep 19 09:38:07 honeypot-sgp-1 sshd[1011]: Disconnected from authenticating user root 61.177.173.36 port 35491 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:38:31 honeypot-fra-1 kernel: [84454716.057979] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=77 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=8180 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:38:32.283Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:41:02.709Z","@version":"1","message":"Sep 19 09:41:01 honeypot-sgp-1 sshd[1017]: Disconnected from authenticating user root 61.177.173.37 port 40002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:41:31 honeypot-ams-1 kernel: [84457070.873102] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=209.222.252.92 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=47359 DF PROTO=TCP SPT=27239 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:41:32.023Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:44:11 honeypot-fra-1 sshd[32430]: Disconnected from invalid user ftp 92.255.85.69 port 19938 [preauth]","@timestamp":"2022-09-19T09:44:11.409Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:46:41 honeypot-fra-1 kernel: [84455205.856745] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=78 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=26610 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:46:41.485Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:46:44.847Z","@version":"1","message":"Sep 19 09:46:44 honeypot-sgp-1 sshd[1026]: Disconnected from invalid user ftp 92.255.85.69 port 29530 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:49:44 honeypot-ams-1 sshd[7990]: Did not receive identification string from 45.61.186.249 port 36822","@timestamp":"2022-09-19T09:49:45.235Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:35 honeypot-ams-1 sshd[7995]: Invalid user user from 45.61.186.249 port 54272","@timestamp":"2022-09-19T09:50:36.261Z"}
{"@timestamp":"2022-09-19T09:50:51.954Z","@version":"1","message":"Sep 19 09:50:51 honeypot-sgp-1 sshd[1032]: Did not receive identification string from 201.219.232.9 port 37082","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:55 honeypot-ams-1 sshd[7999]: Invalid user user from 45.61.186.249 port 48900","@timestamp":"2022-09-19T09:50:56.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:12 honeypot-ams-1 sshd[8004]: Invalid user user from 45.61.186.249 port 43522","@timestamp":"2022-09-19T09:51:13.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:44 honeypot-ams-1 sshd[8008]: Invalid user ftp from 92.255.85.70 port 26956","@timestamp":"2022-09-19T09:51:45.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:51:59 honeypot-fra-1 sshd[32443]: Invalid user postgres from 103.147.3.81 port 51242","@timestamp":"2022-09-19T09:52:00.605Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:53:34 honeypot-ams-1 kernel: [84457793.381829] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=117.214.218.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=8070 DF PROTO=TCP SPT=21158 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:53:34.347Z"}
{"@timestamp":"2022-09-19T09:56:44.099Z","@version":"1","message":"Sep 19 09:56:43 honeypot-sgp-1 sshd[1042]: Connection closed by 201.219.232.9 port 43918 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:00:04.185Z","@version":"1","message":"Sep 19 10:00:03 honeypot-sgp-1 sshd[1049]: Disconnected from authenticating user root 61.177.172.104 port 15994 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:00:45 honeypot-fra-1 sshd[32447]: Connection closed by invalid user hxeadm 179.60.147.69 port 19248 [preauth]","@timestamp":"2022-09-19T10:00:45.802Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:01:58 honeypot-ams-1 sshd[8018]: Received disconnect from 175.29.122.43 port 33990:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:01:59.566Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:05 honeypot-ams-1 sshd[8022]: Disconnected from authenticating user root 175.29.122.43 port 34402 [preauth]","@timestamp":"2022-09-19T10:02:05.569Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:10 honeypot-ams-1 sshd[8028]: Disconnected from authenticating user root 175.29.122.43 port 34472 [preauth]","@timestamp":"2022-09-19T10:02:10.572Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:14 honeypot-ams-1 sshd[8035]: Disconnected from authenticating user root 175.29.122.43 port 34876 [preauth]","@timestamp":"2022-09-19T10:02:15.577Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:20 honeypot-ams-1 sshd[8041]: Disconnected from authenticating user root 175.29.122.43 port 34960 [preauth]","@timestamp":"2022-09-19T10:02:20.579Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:24 honeypot-ams-1 sshd[8047]: Disconnected from authenticating user root 175.29.122.43 port 35370 [preauth]","@timestamp":"2022-09-19T10:02:25.582Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:29 honeypot-ams-1 sshd[8053]: Disconnected from authenticating user root 175.29.122.43 port 35440 [preauth]","@timestamp":"2022-09-19T10:02:30.586Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:34 honeypot-ams-1 sshd[8059]: Disconnected from authenticating user root 175.29.122.43 port 35814 [preauth]","@timestamp":"2022-09-19T10:02:34.588Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:39 honeypot-ams-1 sshd[8065]: Disconnected from authenticating user root 175.29.122.43 port 35926 [preauth]","@timestamp":"2022-09-19T10:02:40.591Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:44 honeypot-ams-1 sshd[8071]: Disconnected from authenticating user root 175.29.122.43 port 36298 [preauth]","@timestamp":"2022-09-19T10:02:45.595Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:49 honeypot-ams-1 sshd[8077]: Disconnected from authenticating user root 175.29.122.43 port 36418 [preauth]","@timestamp":"2022-09-19T10:02:49.598Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:54 honeypot-ams-1 sshd[8083]: Disconnected from authenticating user root 175.29.122.43 port 36742 [preauth]","@timestamp":"2022-09-19T10:02:54.601Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:57 honeypot-ams-1 sshd[8085]: Connection closed by invalid user hxeadm 179.60.147.69 port 16468 [preauth]","@timestamp":"2022-09-19T10:02:58.604Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:00 honeypot-ams-1 sshd[8093]: Disconnected from invalid user admin 175.29.122.43 port 36918 [preauth]","@timestamp":"2022-09-19T10:03:00.606Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:03 honeypot-ams-1 sshd[8097]: Disconnected from invalid user admin 175.29.122.43 port 36970 [preauth]","@timestamp":"2022-09-19T10:03:03.608Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:06 honeypot-ams-1 sshd[8102]: Disconnected from invalid user admin 175.29.122.43 port 37412 [preauth]","@timestamp":"2022-09-19T10:03:06.610Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:09 honeypot-ams-1 sshd[8106]: Received disconnect from 175.29.122.43 port 37478:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:10.612Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:12 honeypot-ams-1 sshd[8110]: Received disconnect from 175.29.122.43 port 37542:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:13.615Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:16 honeypot-ams-1 sshd[8114]: Disconnected from authenticating user root 175.29.122.43 port 37972 [preauth]","@timestamp":"2022-09-19T10:03:16.617Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:22 honeypot-ams-1 sshd[8120]: Invalid user pi from 175.29.122.43 port 38092","@timestamp":"2022-09-19T10:03:22.621Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:25 honeypot-ams-1 sshd[8124]: Invalid user ethos from 175.29.122.43 port 38504","@timestamp":"2022-09-19T10:03:25.623Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:28 honeypot-ams-1 sshd[8128]: Invalid user miner from 175.29.122.43 port 38584","@timestamp":"2022-09-19T10:03:28.627Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:31 honeypot-ams-1 sshd[8132]: Invalid user volumio from 175.29.122.43 port 38664","@timestamp":"2022-09-19T10:03:32.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:35 honeypot-ams-1 sshd[8136]: Invalid user nagios from 175.29.122.43 port 39068","@timestamp":"2022-09-19T10:03:35.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:39 honeypot-ams-1 sshd[8140]: Invalid user vagrant from 175.29.122.43 port 39164","@timestamp":"2022-09-19T10:03:39.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:42 honeypot-ams-1 sshd[8144]: Invalid user debian from 175.29.122.43 port 39266","@timestamp":"2022-09-19T10:03:42.635Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:45 honeypot-ams-1 sshd[8148]: Invalid user debian from 175.29.122.43 port 39682","@timestamp":"2022-09-19T10:03:46.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:48 honeypot-ams-1 sshd[8152]: Invalid user alarm from 175.29.122.43 port 39758","@timestamp":"2022-09-19T10:03:49.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:50 honeypot-ams-1 sshd[8154]: Disconnected from invalid user guest 175.29.122.43 port 39790 [preauth]","@timestamp":"2022-09-19T10:03:51.641Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:53 honeypot-ams-1 sshd[8158]: Disconnected from invalid user cirros 175.29.122.43 port 39920 [preauth]","@timestamp":"2022-09-19T10:03:54.643Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:08:14 honeypot-fra-1 sshd[32455]: Received disconnect from 137.184.118.54 port 43832:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:08:14.975Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:10:33 honeypot-fra-1 kernel: [84456638.052268] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=84 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=22480 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:10:34.030Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:11:37.470Z","@version":"1","message":"Sep 19 10:11:36 honeypot-sgp-1 sshd[1057]: Invalid user zxc from 103.188.176.251 port 36016","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:14:30.543Z","@version":"1","message":"Sep 19 10:14:30 honeypot-sgp-1 sshd[1061]: Received disconnect from 61.177.173.51 port 60662:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:17:01 honeypot-ams-1 CRON[8163]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T10:17:01.984Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:17:01 honeypot-fra-1 CRON[32464]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T10:17:02.177Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:17:48.624Z","@version":"1","message":"Sep 19 10:17:48 honeypot-sgp-1 sshd[1067]: Disconnected from authenticating user root 61.177.173.47 port 27117 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:20:25.690Z","@version":"1","message":"Sep 19 10:20:24 honeypot-sgp-1 sshd[1073]: Received disconnect from 218.92.0.221 port 36574:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:21:17 honeypot-ams-1 kernel: [84459456.279442] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=82.59.232.75 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=3266 PROTO=TCP SPT=27115 DPT=80 WINDOW=53083 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:21:18.094Z"}
{"@timestamp":"2022-09-19T10:21:34.722Z","@version":"1","message":"Sep 19 10:21:34 honeypot-sgp-1 sshd[1079]: Disconnected from authenticating user root 143.244.158.100 port 55708 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:23:11.763Z","@version":"1","message":"Sep 19 10:23:11 honeypot-sgp-1 sshd[1086]: Disconnected from authenticating user root 143.244.158.100 port 36172 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:23:55.784Z","@version":"1","message":"Sep 19 10:23:55 honeypot-sgp-1 sshd[1089]: Disconnected from invalid user user 45.61.187.160 port 50894 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:12.793Z","@version":"1","message":"Sep 19 10:24:12 honeypot-sgp-1 sshd[1095]: Invalid user user from 45.61.187.160 port 45734","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:29.802Z","@version":"1","message":"Sep 19 10:24:28 honeypot-sgp-1 sshd[1099]: Invalid user user from 45.61.187.160 port 40484","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:45.810Z","@version":"1","message":"Sep 19 10:24:44 honeypot-sgp-1 sshd[1103]: Invalid user user from 45.61.187.160 port 35264","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:52.813Z","@version":"1","message":"Sep 19 10:24:52 honeypot-sgp-1 sshd[1107]: Received disconnect from 159.203.108.158 port 34692:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:26:24.853Z","@version":"1","message":"Sep 19 10:26:24 honeypot-sgp-1 sshd[1113]: Received disconnect from 143.244.158.100 port 58914:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:28:20.902Z","@version":"1","message":"Sep 19 10:28:20 honeypot-sgp-1 sshd[1120]: Received disconnect from 61.177.173.47 port 23015:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:29:39.937Z","@version":"1","message":"Sep 19 10:29:39 honeypot-sgp-1 sshd[1127]: Disconnected from authenticating user root 143.244.158.100 port 40658 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:31:32 honeypot-fra-1 kernel: [84457896.743850] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=41.40.132.74 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=26430 PROTO=TCP SPT=6009 DPT=80 WINDOW=59518 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:31:32.516Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:32:10.023Z","@version":"1","message":"Sep 19 10:32:09 honeypot-sgp-1 sshd[1133]: Received disconnect from 143.244.158.100 port 39682:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:33:51.067Z","@version":"1","message":"Sep 19 10:33:50 honeypot-sgp-1 sshd[1138]: Disconnected from authenticating user root 143.244.158.100 port 56154 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:36:19.129Z","@version":"1","message":"Sep 19 10:36:18 honeypot-sgp-1 sshd[1147]: Disconnected from authenticating user root 143.244.158.100 port 59878 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:38:27 honeypot-fra-1 kernel: [84458311.828258] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=48660 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:38:27.670Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:38:43.190Z","@version":"1","message":"Sep 19 10:38:42 honeypot-sgp-1 sshd[1153]: Invalid user enisa from 179.60.147.69 port 52656","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:39:18.209Z","@version":"1","message":"Sep 19 10:39:17 honeypot-sgp-1 sshd[1158]: Disconnected from authenticating user root 61.177.173.35 port 17413 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:41:16.260Z","@version":"1","message":"Sep 19 10:41:15 honeypot-sgp-1 sshd[1165]: Received disconnect from 143.244.158.100 port 47368:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:42:02 honeypot-ams-1 sshd[8173]: Received disconnect from 134.209.193.165 port 47952:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:42:03.629Z"}
{"@timestamp":"2022-09-19T10:42:23.289Z","@version":"1","message":"Sep 19 10:42:22 honeypot-sgp-1 sshd[1169]: Disconnected from invalid user admin 92.255.85.69 port 42856 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:42:58.305Z","@version":"1","message":"Sep 19 10:42:57 honeypot-sgp-1 kernel: [84460279.478813] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.64.89 DST=159.89.202.188 LEN=52 TOS=0x02 PREC=0x00 TTL=118 ID=25047 DF PROTO=TCP SPT=61489 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:44:03 honeypot-ams-1 sshd[8177]: Disconnected from invalid user admin 92.255.85.69 port 60222 [preauth]","@timestamp":"2022-09-19T10:44:03.682Z"}
{"@timestamp":"2022-09-19T10:45:29.368Z","@version":"1","message":"Sep 19 10:45:28 honeypot-sgp-1 sshd[1180]: Received disconnect from 143.244.158.100 port 48504:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32497]: Invalid user es from 20.16.187.32 port 35832","@timestamp":"2022-09-19T10:46:02.853Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32498]: Connection closed by invalid user ubuntu 20.16.187.32 port 35870 [preauth]","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32509]: Invalid user postgres from 20.16.187.32 port 35836","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32512]: Invalid user oracle from 20.16.187.32 port 35848","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32514]: Connection closed by invalid user guest 20.16.187.32 port 35846 [preauth]","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32516]: Connection closed by invalid user ec2 20.16.187.32 port 35850 [preauth]","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:47:09.411Z","@version":"1","message":"Sep 19 10:47:08 honeypot-sgp-1 sshd[1185]: Disconnected from authenticating user root 143.244.158.100 port 56510 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:48:54.456Z","@version":"1","message":"Sep 19 10:48:53 honeypot-sgp-1 sshd[1192]: Received disconnect from 114.205.54.184 port 44324:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:50:26.495Z","@version":"1","message":"Sep 19 10:50:26 honeypot-sgp-1 sshd[1214]: Received disconnect from 143.244.158.100 port 53898:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:51:10 honeypot-fra-1 sshd[32534]: Invalid user user from 178.128.35.197 port 33156","@timestamp":"2022-09-19T10:51:10.969Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:52:36.549Z","@version":"1","message":"Sep 19 10:52:36 honeypot-sgp-1 kernel: [84460857.858996] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=83.229.82.155 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=54321 PROTO=TCP SPT=35133 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:54:34.599Z","@version":"1","message":"Sep 19 10:54:34 honeypot-sgp-1 sshd[1226]: Disconnected from authenticating user root 143.244.158.100 port 34462 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:55:57 honeypot-fra-1 kernel: [84459361.912067] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=90.151.171.106 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=1827 PROTO=TCP SPT=44875 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:55:58.076Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:56:54.713Z","@version":"1","message":"Sep 19 10:56:54 honeypot-sgp-1 kernel: [84461115.730703] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=29414 PROTO=TCP SPT=41436 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:57:17 honeypot-ams-1 kernel: [84461616.158374] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=72.167.32.184 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=19079 PROTO=TCP SPT=55274 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:57:18.039Z"}
{"@timestamp":"2022-09-19T10:58:49.766Z","@version":"1","message":"Sep 19 10:58:49 honeypot-sgp-1 sshd[1238]: Received disconnect from 143.244.158.100 port 34280:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32553]: Connection closed by invalid user ubuntu 121.4.171.124 port 54130 [preauth]","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32560]: Connection closed by invalid user steam 121.4.171.124 port 54126 [preauth]","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:37 honeypot-fra-1 sshd[32549]: Connection closed by authenticating user root 121.4.171.124 port 54096 [preauth]","@timestamp":"2022-09-19T10:59:38.159Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:01:06.824Z","@version":"1","message":"Sep 19 11:01:06 honeypot-sgp-1 kernel: [84461367.955447] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.214.48 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45955 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:01:20 honeypot-fra-1 kernel: [84459684.881459] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.133.148 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=20955 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:01:21.202Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:03:00.872Z","@version":"1","message":"Sep 19 11:03:00 honeypot-sgp-1 sshd[1250]: Disconnected from authenticating user root 143.244.158.100 port 59410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:03:31 honeypot-ams-1 kernel: [84461990.956999] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.146.65 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=62433 PROTO=TCP SPT=37170 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:03:32.204Z"}
{"@timestamp":"2022-09-19T11:08:36.008Z","@version":"1","message":"Sep 19 11:08:35 honeypot-sgp-1 kernel: [84461816.702415] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=31499 DF PROTO=TCP SPT=7031 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:08:40 honeypot-fra-1 sshd[32575]: Received disconnect from 165.22.45.108 port 43460:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T11:08:41.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:10:03.047Z","@version":"1","message":"Sep 19 11:10:02 honeypot-sgp-1 kernel: [84461904.202639] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=31530 DF PROTO=TCP SPT=10119 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:12:48 honeypot-ams-1 sshd[8187]: Received disconnect from 164.92.158.12 port 55332:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:12:49.451Z"}
{"@timestamp":"2022-09-19T11:14:23.154Z","@version":"1","message":"Sep 19 11:14:22 honeypot-sgp-1 kernel: [84462164.599963] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=65.49.20.69 DST=159.89.202.188 LEN=131 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=36164 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:15:00 honeypot-ams-1 kernel: [84462679.951196] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=93.174.95.106 DST=178.62.254.91 LEN=44 TOS=0x10 PREC=0x00 TTL=125 ID=59645 PROTO=TCP SPT=20012 DPT=443 WINDOW=32279 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:15:01.512Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:17:01 honeypot-fra-1 CRON[32580]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T11:17:01.551Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:18:01 honeypot-fra-1 sshd[32584]: Disconnected from 206.81.15.128 port 33050 [preauth]","@timestamp":"2022-09-19T11:18:01.575Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:18:03.244Z","@version":"1","message":"Sep 19 11:18:02 honeypot-sgp-1 sshd[1268]: Invalid user eurek from 179.60.147.69 port 15482","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:18:25 honeypot-ams-1 kernel: [84462884.182104] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=51.91.221.86 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=6938 DF PROTO=TCP SPT=52206 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:18:25.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:21:42 honeypot-ams-1 sshd[8196]: Connection closed by invalid user eurek 179.60.147.69 port 60242 [preauth]","@timestamp":"2022-09-19T11:21:43.695Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:01 honeypot-ams-1 sshd[8202]: Invalid user ubnt from 179.86.56.96 port 48174","@timestamp":"2022-09-19T11:25:01.783Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:05 honeypot-ams-1 sshd[8207]: Disconnected from authenticating user root 179.86.56.96 port 48279 [preauth]","@timestamp":"2022-09-19T11:25:05.786Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:10 honeypot-ams-1 sshd[8213]: Disconnected from authenticating user root 179.86.56.96 port 48433 [preauth]","@timestamp":"2022-09-19T11:25:11.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:16 honeypot-ams-1 sshd[8221]: Received disconnect from 179.86.56.96 port 48577:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:16.793Z"}
{"@timestamp":"2022-09-19T11:25:19.419Z","@version":"1","message":"Sep 19 11:25:18 honeypot-sgp-1 sshd[1278]: Invalid user newftpuser from 137.116.144.39 port 52636","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:21 honeypot-ams-1 sshd[8227]: Received disconnect from 179.86.56.96 port 48718:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:21.796Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:26 honeypot-ams-1 sshd[8233]: Received disconnect from 179.86.56.96 port 48872:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:27.799Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:30 honeypot-ams-1 sshd[8237]: Disconnected from authenticating user root 179.86.56.96 port 48958 [preauth]","@timestamp":"2022-09-19T11:25:30.803Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:35 honeypot-ams-1 sshd[8243]: Disconnected from authenticating user root 179.86.56.96 port 49109 [preauth]","@timestamp":"2022-09-19T11:25:36.806Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:41 honeypot-ams-1 sshd[8249]: Disconnected from authenticating user root 179.86.56.96 port 49256 [preauth]","@timestamp":"2022-09-19T11:25:41.809Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:46 honeypot-ams-1 sshd[8255]: Disconnected from authenticating user root 179.86.56.96 port 49399 [preauth]","@timestamp":"2022-09-19T11:25:46.814Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:51 honeypot-ams-1 sshd[8261]: Disconnected from authenticating user root 179.86.56.96 port 49545 [preauth]","@timestamp":"2022-09-19T11:25:51.817Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:57 honeypot-ams-1 sshd[8267]: Disconnected from authenticating user root 179.86.56.96 port 49714 [preauth]","@timestamp":"2022-09-19T11:25:57.821Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:02 honeypot-ams-1 sshd[8273]: Received disconnect from 179.86.56.96 port 49852:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:02.825Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:06 honeypot-ams-1 sshd[8277]: Received disconnect from 179.86.56.96 port 49963:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:06.828Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:09 honeypot-ams-1 sshd[8281]: Received disconnect from 179.86.56.96 port 50070:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:09.830Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:13 honeypot-ams-1 sshd[8285]: Received disconnect from 179.86.56.96 port 50165:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:13.832Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:16 honeypot-ams-1 sshd[8289]: Received disconnect from 179.86.56.96 port 50277:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:16.835Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:20 honeypot-ams-1 sshd[8293]: Received disconnect from 179.86.56.96 port 50380:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:20.838Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:25 honeypot-ams-1 sshd[8299]: Invalid user pi from 179.86.56.96 port 50536","@timestamp":"2022-09-19T11:26:25.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:28 honeypot-ams-1 sshd[8303]: Invalid user user from 179.86.56.96 port 50648","@timestamp":"2022-09-19T11:26:29.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:32 honeypot-ams-1 sshd[8307]: Invalid user mine from 179.86.56.96 port 50742","@timestamp":"2022-09-19T11:26:32.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:36 honeypot-ams-1 sshd[8311]: Invalid user xbmc from 179.86.56.96 port 50853","@timestamp":"2022-09-19T11:26:36.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:39 honeypot-ams-1 sshd[8315]: Invalid user oracle from 179.86.56.96 port 50954","@timestamp":"2022-09-19T11:26:40.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:43 honeypot-ams-1 sshd[8319]: Invalid user postgres from 179.86.56.96 port 51057","@timestamp":"2022-09-19T11:26:43.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:46 honeypot-ams-1 sshd[8323]: Invalid user support from 179.86.56.96 port 51167","@timestamp":"2022-09-19T11:26:47.855Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:50 honeypot-ams-1 sshd[8327]: Invalid user ubuntu from 179.86.56.96 port 51272","@timestamp":"2022-09-19T11:26:50.857Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:54 honeypot-ams-1 sshd[8331]: Invalid user ubuntu from 179.86.56.96 port 51376","@timestamp":"2022-09-19T11:26:54.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:57 honeypot-ams-1 sshd[8335]: Invalid user guest from 179.86.56.96 port 51482","@timestamp":"2022-09-19T11:26:57.861Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:59 honeypot-ams-1 sshd[8337]: Disconnected from invalid user test 179.86.56.96 port 51515 [preauth]","@timestamp":"2022-09-19T11:26:59.864Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:27:03 honeypot-ams-1 sshd[8341]: Disconnected from invalid user cirros 179.86.56.96 port 51612 [preauth]","@timestamp":"2022-09-19T11:27:03.866Z"}
{"@timestamp":"2022-09-19T11:30:58.554Z","@version":"1","message":"Sep 19 11:30:58 honeypot-sgp-1 kernel: [84463159.798473] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=236 ID=38010 PROTO=TCP SPT=47003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:34:16 honeypot-fra-1 kernel: [84461660.511697] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=38040 PROTO=TCP SPT=48844 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:34:16.927Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:37:03 honeypot-fra-1 kernel: [84461827.833050] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.220.204.178 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=36132 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:37:03.992Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:38:29.735Z","@version":"1","message":"Sep 19 11:38:29 honeypot-sgp-1 sshd[1294]: Received disconnect from 119.159.226.140 port 39610:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:39:52 honeypot-ams-1 sshd[8348]: Received disconnect from 34.75.26.147 port 33180:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:39:53.214Z"}
{"@timestamp":"2022-09-19T11:41:44.815Z","@version":"1","message":"Sep 19 11:41:44 honeypot-sgp-1 sshd[1299]: Received disconnect from 92.255.85.70 port 60856:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:41:45 honeypot-ams-1 kernel: [84464284.943412] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=64172 PROTO=TCP SPT=46002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:41:46.275Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:44:16 honeypot-fra-1 kernel: [84462261.091640] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=116.6.233.254 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=8377 PROTO=TCP SPT=57507 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:44:17.152Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:44:26 honeypot-ams-1 sshd[8357]: Received disconnect from 207.254.224.220 port 45660:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:44:26.349Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:47:08 honeypot-fra-1 sshd[32602]: Received disconnect from 210.3.92.14 port 48846:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:47:08.219Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:49:14 honeypot-ams-1 sshd[8362]: Received disconnect from 111.57.0.90 port 39670:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:49:15.478Z"}
{"@timestamp":"2022-09-19T11:53:07.086Z","@version":"1","message":"Sep 19 11:53:06 honeypot-sgp-1 sshd[1312]: Invalid user esadmin from 37.139.1.197 port 43329","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:53:17 honeypot-ams-1 sshd[8366]: Invalid user admin from 2.36.249.18 port 49872","@timestamp":"2022-09-19T11:53:18.586Z"}
{"@timestamp":"2022-09-19T11:55:23.145Z","@version":"1","message":"Sep 19 11:55:22 honeypot-sgp-1 sshd[1319]: Received disconnect from 107.173.156.9 port 46126:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:56:12 honeypot-fra-1 kernel: [84462976.221139] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=27415 PROTO=TCP SPT=46002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:56:12.435Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:56:46.180Z","@version":"1","message":"Sep 19 11:56:45 honeypot-sgp-1 sshd[1325]: Did not receive identification string from 103.251.167.21 port 46280","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:57:48 honeypot-ams-1 sshd[8369]: Connection closed by invalid user apc 179.60.147.69 port 33652 [preauth]","@timestamp":"2022-09-19T11:57:48.704Z"}
{"@timestamp":"2022-09-19T11:59:12.241Z","@version":"1","message":"Sep 19 11:59:11 honeypot-sgp-1 kernel: [84464853.521530] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=41508 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:00:51 honeypot-ams-1 sshd[8374]: Disconnected from invalid user martin 104.236.237.117 port 35171 [preauth]","@timestamp":"2022-09-19T12:00:51.789Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:06:21 honeypot-fra-1 kernel: [84463585.882974] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=92.204.145.232 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=64264 PROTO=TCP SPT=47965 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:06:22.656Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T12:06:40.423Z","@version":"1","message":"Sep 19 12:06:40 honeypot-sgp-1 sshd[1332]: Received disconnect from 61.177.172.108 port 21788:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:09:20.489Z","@version":"1","message":"Sep 19 12:09:19 honeypot-sgp-1 sshd[1337]: Disconnected from invalid user alex 103.221.223.252 port 48288 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:10:44.527Z","@version":"1","message":"Sep 19 12:10:43 honeypot-sgp-1 sshd[1341]: Received disconnect from 61.177.173.50 port 58886:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:14:57 honeypot-fra-1 sshd[32620]: Invalid user zxc from 103.188.176.251 port 59702","@timestamp":"2022-09-19T12:14:58.851Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:15:29 honeypot-ams-1 kernel: [84466308.676862] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.55.115.162 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=7179 DF PROTO=TCP SPT=26718 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:15:30.173Z"}
{"@timestamp":"2022-09-19T12:16:57.679Z","@version":"1","message":"Sep 19 12:16:56 honeypot-sgp-1 sshd[1349]: Received disconnect from 92.255.85.70 port 28352:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:17:01 honeypot-ams-1 CRON[8384]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T12:17:02.217Z"}
{"@timestamp":"2022-09-19T12:18:38.722Z","@version":"1","message":"Sep 19 12:18:37 honeypot-sgp-1 sshd[1356]: Received disconnect from 72.255.10.16 port 59700:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:22:47 honeypot-fra-1 kernel: [84464571.976734] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=107.189.31.234 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=44610 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:22:48.027Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:22:52 honeypot-ams-1 sshd[8390]: Disconnected from invalid user adminftp 167.99.241.178 port 42088 [preauth]","@timestamp":"2022-09-19T12:22:53.392Z"}
{"@timestamp":"2022-09-19T12:23:02.828Z","@version":"1","message":"Sep 19 12:23:02 honeypot-sgp-1 sshd[1361]: Disconnected from authenticating user root 61.177.173.53 port 54444 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:31:22 honeypot-fra-1 sshd[32631]: Received disconnect from 188.166.153.99 port 34858:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:31:23.221Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:32:20 honeypot-ams-1 sshd[8397]: Did not receive identification string from 202.143.111.26 port 61076","@timestamp":"2022-09-19T12:32:21.638Z"}
{"@timestamp":"2022-09-19T12:35:55.138Z","@version":"1","message":"Sep 19 12:35:54 honeypot-sgp-1 sshd[1372]: Disconnected from authenticating user root 61.177.173.36 port 52756 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:40:49 honeypot-fra-1 sshd[32636]: Disconnected from invalid user ubnt 92.255.85.69 port 26164 [preauth]","@timestamp":"2022-09-19T12:40:50.449Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:46:35.400Z","@version":"1","message":"Sep 19 12:46:34 honeypot-sgp-1 sshd[1385]: Received disconnect from 61.177.173.36 port 36111:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:38 honeypot-fra-1 sshd[32642]: Received disconnect from 45.61.184.204 port 47066:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T12:46:38.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:57 honeypot-fra-1 sshd[32646]: Received disconnect from 45.61.184.204 port 42112:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T12:46:58.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:16 honeypot-fra-1 sshd[32650]: Received disconnect from 45.61.184.204 port 37210:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T12:47:17.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:36 honeypot-fra-1 sshd[32654]: Received disconnect from 45.61.184.204 port 60568:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T12:47:36.609Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:48:42 honeypot-ams-1 sshd[8415]: Invalid user ubnt from 92.255.85.69 port 19650","@timestamp":"2022-09-19T12:48:43.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:54:20 honeypot-ams-1 sshd[8419]: Received disconnect from 128.199.71.153 port 43782:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:54:21.214Z"}
{"@timestamp":"2022-09-19T12:55:30.616Z","@version":"1","message":"Sep 19 12:55:30 honeypot-sgp-1 sshd[1393]: Disconnected from authenticating user root 61.177.172.108 port 59509 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:59:51.724Z","@version":"1","message":"Sep 19 12:59:51 honeypot-sgp-1 sshd[1398]: Received disconnect from 61.177.173.46 port 17679:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:01:18 honeypot-ams-1 kernel: [84469057.615516] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=78.142.18.92 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=48417 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:01:19.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:01:53 honeypot-fra-1 sshd[32658]: Invalid user webalizer from 194.163.158.45 port 47586","@timestamp":"2022-09-19T13:01:53.941Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:04:18 honeypot-fra-1 sshd[32661]: Disconnected from invalid user liuzhe 165.22.45.108 port 49356 [preauth]","@timestamp":"2022-09-19T13:04:18.996Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:08:02 honeypot-fra-1 kernel: [84467286.667753] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.9.71.118 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=8522 DF PROTO=TCP SPT=10446 DPT=443 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:08:03.080Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:08:17 honeypot-ams-1 kernel: [84469476.705301] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.52.24.202 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=21722 PROTO=TCP SPT=4568 DPT=80 WINDOW=20624 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:08:18.588Z"}
{"@timestamp":"2022-09-19T13:10:49.985Z","@version":"1","message":"Sep 19 13:10:49 honeypot-sgp-1 kernel: [84469151.287238] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=152.89.196.23 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=27077 PROTO=TCP SPT=46002 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:14:09 honeypot-ams-1 sshd[8430]: Connection closed by invalid user admin 115.142.244.230 port 59648 [preauth]","@timestamp":"2022-09-19T13:14:09.744Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:17:01 honeypot-fra-1 CRON[32673]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T13:17:02.278Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:17:12.160Z","@version":"1","message":"Sep 19 13:17:11 honeypot-sgp-1 kernel: [84469533.231559] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=90 TOS=0x00 PREC=0x00 TTL=245 ID=40755 PROTO=TCP SPT=2843 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:17:22 honeypot-ams-1 sshd[8436]: Disconnected from authenticating user root 92.255.85.69 port 52236 [preauth]","@timestamp":"2022-09-19T13:17:22.855Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:19:43 honeypot-ams-1 kernel: [84470162.843722] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=48432 PROTO=TCP SPT=53163 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:19:43.920Z"}
{"@timestamp":"2022-09-19T13:21:23.262Z","@version":"1","message":"Sep 19 13:21:23 honeypot-sgp-1 kernel: [84469784.700544] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.153.218.24 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=5323 DF PROTO=TCP SPT=29914 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:42 honeypot-fra-1 sshd[32679]: Invalid user admin from 128.199.160.207 port 54694","@timestamp":"2022-09-19T13:26:43.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:56 honeypot-fra-1 kernel: [84468420.533089] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.194.31 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=33677 DPT=636 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:26:57.503Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T13:29:53.475Z","@version":"1","message":"Sep 19 13:29:53 honeypot-sgp-1 sshd[1431]: Received disconnect from 137.184.104.77 port 47632:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:30:58 honeypot-ams-1 sshd[8448]: Received disconnect from 200.42.176.235 port 43642:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:30:59.214Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:03 honeypot-ams-1 sshd[8455]: Invalid user ubnt from 95.251.178.212 port 60434","@timestamp":"2022-09-19T13:32:04.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:04 honeypot-ams-1 sshd[8459]: Disconnected from authenticating user root 95.251.178.212 port 60480 [preauth]","@timestamp":"2022-09-19T13:32:04.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:05 honeypot-ams-1 sshd[8465]: Disconnected from authenticating user root 95.251.178.212 port 60518 [preauth]","@timestamp":"2022-09-19T13:32:05.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:06 honeypot-ams-1 sshd[8471]: Disconnected from authenticating user root 95.251.178.212 port 60596 [preauth]","@timestamp":"2022-09-19T13:32:06.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:07 honeypot-ams-1 sshd[8477]: Disconnected from authenticating user root 95.251.178.212 port 60634 [preauth]","@timestamp":"2022-09-19T13:32:08.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:08 honeypot-ams-1 sshd[8483]: Disconnected from authenticating user root 95.251.178.212 port 60670 [preauth]","@timestamp":"2022-09-19T13:32:09.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:09 honeypot-ams-1 sshd[8489]: Disconnected from authenticating user root 95.251.178.212 port 60712 [preauth]","@timestamp":"2022-09-19T13:32:10.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:10 honeypot-ams-1 sshd[8495]: Disconnected from authenticating user root 95.251.178.212 port 60740 [preauth]","@timestamp":"2022-09-19T13:32:11.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:11 honeypot-ams-1 sshd[8501]: Disconnected from authenticating user root 95.251.178.212 port 60768 [preauth]","@timestamp":"2022-09-19T13:32:12.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:12 honeypot-ams-1 sshd[8507]: Disconnected from authenticating user root 95.251.178.212 port 32828 [preauth]","@timestamp":"2022-09-19T13:32:13.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:13 honeypot-ams-1 sshd[8513]: Disconnected from authenticating user root 95.251.178.212 port 32900 [preauth]","@timestamp":"2022-09-19T13:32:14.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:14 honeypot-ams-1 sshd[8519]: Disconnected from authenticating user root 95.251.178.212 port 32944 [preauth]","@timestamp":"2022-09-19T13:32:15.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:15 honeypot-ams-1 sshd[8525]: Invalid user admin from 95.251.178.212 port 33010","@timestamp":"2022-09-19T13:32:16.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:16 honeypot-ams-1 sshd[8529]: Invalid user admin from 95.251.178.212 port 33040","@timestamp":"2022-09-19T13:32:17.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8533]: Invalid user admin from 95.251.178.212 port 33060","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8537]: Invalid user admin from 95.251.178.212 port 33076","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8541]: Invalid user admin from 95.251.178.212 port 33112","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:19 honeypot-ams-1 sshd[8545]: Received disconnect from 95.251.178.212 port 33134:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:20.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:20 honeypot-ams-1 sshd[8549]: Disconnected from invalid user pi 95.251.178.212 port 33154 [preauth]","@timestamp":"2022-09-19T13:32:21.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8554]: Disconnected from invalid user user 95.251.178.212 port 33170 [preauth]","@timestamp":"2022-09-19T13:32:21.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8559]: Received disconnect from 95.251.178.212 port 33194:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8561]: Disconnected from invalid user miner 95.251.178.212 port 33208 [preauth]","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8565]: Disconnected from invalid user volumio 95.251.178.212 port 33482 [preauth]","@timestamp":"2022-09-19T13:32:23.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:23 honeypot-ams-1 sshd[8569]: Disconnected from invalid user nagios 95.251.178.212 port 33518 [preauth]","@timestamp":"2022-09-19T13:32:24.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:24 honeypot-ams-1 sshd[8573]: Disconnected from invalid user vagrant 95.251.178.212 port 33554 [preauth]","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8577]: Disconnected from invalid user debian 95.251.178.212 port 33572 [preauth]","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8581]: Disconnected from invalid user debian 95.251.178.212 port 33636 [preauth]","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8585]: Disconnected from invalid user alarm 95.251.178.212 port 33660 [preauth]","@timestamp":"2022-09-19T13:32:27.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:27 honeypot-ams-1 sshd[8589]: Disconnected from invalid user test 95.251.178.212 port 33674 [preauth]","@timestamp":"2022-09-19T13:32:28.263Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:28 honeypot-ams-1 sshd[8593]: Disconnected from invalid user cirros 95.251.178.212 port 33688 [preauth]","@timestamp":"2022-09-19T13:32:28.263Z"}
{"@timestamp":"2022-09-19T13:36:11.635Z","@version":"1","message":"Sep 19 13:36:10 honeypot-sgp-1 sshd[1437]: Disconnected from authenticating user root 61.177.173.39 port 18696 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:36:17 honeypot-fra-1 sshd[32688]: Did not receive identification string from 45.61.187.160 port 49822","@timestamp":"2022-09-19T13:36:17.711Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:36:53 honeypot-fra-1 sshd[32691]: Disconnected from invalid user user 45.61.187.160 port 60146 [preauth]","@timestamp":"2022-09-19T13:36:53.727Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:15 honeypot-fra-1 sshd[32695]: Disconnected from invalid user user 45.61.187.160 port 55316 [preauth]","@timestamp":"2022-09-19T13:37:16.739Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:31 honeypot-fra-1 sshd[32700]: Received disconnect from 45.61.186.49 port 57570:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:31.749Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:37 honeypot-fra-1 sshd[32704]: Received disconnect from 45.61.187.160 port 50506:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:37.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:46 honeypot-fra-1 sshd[32708]: Received disconnect from 45.61.186.49 port 46282:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:46.756Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:40:56 honeypot-fra-1 kernel: [84469260.758953] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=43.246.208.2 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=52669 PROTO=TCP SPT=54454 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:40:57.829Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T13:43:06.807Z","@version":"1","message":"Sep 19 13:43:06 honeypot-sgp-1 kernel: [84471088.033531] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.33.109.190 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=45 ID=36884 PROTO=TCP SPT=49164 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:50:13 honeypot-fra-1 sshd[32719]: Received disconnect from 128.199.184.157 port 33956:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:50:14.038Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:50:22.988Z","@version":"1","message":"Sep 19 13:50:22 honeypot-sgp-1 sshd[1452]: Received disconnect from 92.255.85.70 port 62652:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:50:56 honeypot-ams-1 kernel: [84472034.988480] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=22912 PROTO=TCP SPT=55360 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:50:56.765Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:58:49 honeypot-ams-1 sshd[8604]: Invalid user masnier from 160.251.73.96 port 48184","@timestamp":"2022-09-19T13:58:49.992Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:07:43 honeypot-fra-1 kernel: [84470867.161611] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=219.89.124.47 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=43922 DF PROTO=TCP SPT=24344 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:07:43.463Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T14:09:25.503Z","@version":"1","message":"Sep 19 14:09:25 honeypot-sgp-1 sshd[1462]: Invalid user monitor from 189.4.149.140 port 50864","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:11:06.549Z","@version":"1","message":"Sep 19 14:11:05 honeypot-sgp-1 kernel: [84472767.424123] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.62.197.55 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=59016 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:44 honeypot-fra-1 sshd[32730]: Disconnecting authenticating user root 89.109.32.143 port 5471: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:12:44.577Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:47 honeypot-fra-1 sshd[32736]: Invalid user admin from 89.109.32.143 port 6340","@timestamp":"2022-09-19T14:12:48.579Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:51 honeypot-fra-1 sshd[32740]: Invalid user oracle from 89.109.32.143 port 7148","@timestamp":"2022-09-19T14:12:51.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:54 honeypot-fra-1 sshd[32744]: Invalid user oracle from 89.109.32.143 port 7886","@timestamp":"2022-09-19T14:12:54.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:57 honeypot-fra-1 sshd[32748]: Invalid user usuario from 89.109.32.143 port 8588","@timestamp":"2022-09-19T14:12:57.583Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:00 honeypot-fra-1 sshd[32752]: Invalid user test from 89.109.32.143 port 9210","@timestamp":"2022-09-19T14:13:00.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:03 honeypot-fra-1 sshd[32756]: Invalid user test from 89.109.32.143 port 9980","@timestamp":"2022-09-19T14:13:03.588Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:06 honeypot-fra-1 sshd[32760]: Invalid user user from 89.109.32.143 port 10639","@timestamp":"2022-09-19T14:13:06.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:09 honeypot-fra-1 sshd[32764]: Invalid user ftpuser from 89.109.32.143 port 11423","@timestamp":"2022-09-19T14:13:10.592Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:12 honeypot-fra-1 sshd[300]: Invalid user ftpuser from 89.109.32.143 port 12072","@timestamp":"2022-09-19T14:13:13.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:15 honeypot-fra-1 sshd[304]: Invalid user test1 from 89.109.32.143 port 12825","@timestamp":"2022-09-19T14:13:16.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:17 honeypot-fra-1 sshd[308]: Invalid user test1 from 89.109.32.143 port 13108","@timestamp":"2022-09-19T14:13:17.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:19 honeypot-fra-1 sshd[312]: Invalid user test2 from 89.109.32.143 port 13784","@timestamp":"2022-09-19T14:13:20.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:22 honeypot-fra-1 sshd[316]: Invalid user contador from 89.109.32.143 port 14475","@timestamp":"2022-09-19T14:13:23.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:25 honeypot-fra-1 sshd[320]: Invalid user ubuntu from 89.109.32.143 port 15148","@timestamp":"2022-09-19T14:13:26.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:28 honeypot-fra-1 sshd[322]: Disconnected from invalid user ubuntu 89.109.32.143 port 15471 [preauth]","@timestamp":"2022-09-19T14:13:28.605Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:30 honeypot-fra-1 sshd[326]: Received disconnect from 89.109.32.143 port 16082:11: disconnected by user [preauth]","@timestamp":"2022-09-19T14:13:31.607Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:13:34.614Z","@version":"1","message":"Sep 19 14:13:34 honeypot-sgp-1 sshd[1473]: Received disconnect from 61.177.173.37 port 52836:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:14:46 honeypot-ams-1 kernel: [84473465.687423] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=184.105.247.254 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=45478 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:14:47.408Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:17:01 honeypot-fra-1 CRON[333]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T14:17:01.683Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:17:02.699Z","@version":"1","message":"Sep 19 14:17:01 honeypot-sgp-1 CRON[1477]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:17:29 honeypot-ams-1 sshd[8611]: Disconnected from invalid user backupadmin 164.92.85.159 port 32978 [preauth]","@timestamp":"2022-09-19T14:17:30.481Z"}
{"@timestamp":"2022-09-19T14:19:15.757Z","@version":"1","message":"Sep 19 14:19:15 honeypot-sgp-1 sshd[1485]: Disconnected from authenticating user root 61.177.173.51 port 38836 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:20:50 honeypot-fra-1 sshd[339]: Disconnected from invalid user rancid 36.68.78.46 port 14734 [preauth]","@timestamp":"2022-09-19T14:20:51.770Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:21:56 honeypot-ams-1 sshd[8616]: Disconnected from invalid user ftpuser 92.255.85.69 port 35506 [preauth]","@timestamp":"2022-09-19T14:21:56.595Z"}
{"@timestamp":"2022-09-19T14:23:12.858Z","@version":"1","message":"Sep 19 14:23:12 honeypot-sgp-1 sshd[1490]: Received disconnect from 45.61.186.49 port 48914:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:23:24.865Z","@version":"1","message":"Sep 19 14:23:24 honeypot-sgp-1 sshd[1494]: Received disconnect from 45.61.186.49 port 60398:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:25:27.918Z","@version":"1","message":"Sep 19 14:25:27 honeypot-sgp-1 sshd[1499]: Received disconnect from 61.177.172.124 port 25631:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:28:52 honeypot-fra-1 kernel: [84472136.538805] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x20 TTL=54 ID=53923 DF PROTO=TCP SPT=58000 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:28:52.949Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T14:30:27.044Z","@version":"1","message":"Sep 19 14:30:26 honeypot-sgp-1 kernel: [84473928.223088] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=234 ID=58122 PROTO=TCP SPT=57806 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:31:54 honeypot-ams-1 sshd[8622]: Disconnected from authenticating user root 46.19.141.122 port 50742 [preauth]","@timestamp":"2022-09-19T14:31:55.886Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:32:20 honeypot-ams-1 sshd[8626]: Disconnected from invalid user admin 46.19.141.122 port 46204 [preauth]","@timestamp":"2022-09-19T14:32:20.899Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:33:37 honeypot-ams-1 sshd[8632]: Invalid user user from 46.19.141.122 port 34718","@timestamp":"2022-09-19T14:33:37.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:25 honeypot-ams-1 sshd[8636]: Invalid user admin from 46.19.141.122 port 51242","@timestamp":"2022-09-19T14:34:25.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:35:17 honeypot-ams-1 sshd[8640]: Invalid user raspberry from 46.19.141.122 port 42658","@timestamp":"2022-09-19T14:35:17.985Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:35:45 honeypot-ams-1 sshd[8645]: Disconnected from invalid user ubnt 46.19.141.122 port 39076 [preauth]","@timestamp":"2022-09-19T14:35:45.999Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:36:43 honeypot-ams-1 sshd[8649]: Received disconnect from 46.19.141.122 port 32892:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:36:44.032Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:37:45 honeypot-ams-1 sshd[8653]: Disconnected from authenticating user root 46.19.141.122 port 57650 [preauth]","@timestamp":"2022-09-19T14:37:46.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:38:51 honeypot-ams-1 sshd[8657]: Disconnected from invalid user telnet 46.19.141.122 port 51498 [preauth]","@timestamp":"2022-09-19T14:38:52.094Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:39:28 honeypot-fra-1 sshd[349]: Connection closed by authenticating user root 103.188.176.251 port 44704 [preauth]","@timestamp":"2022-09-19T14:39:29.347Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:40:36 honeypot-ams-1 sshd[8663]: Disconnected from authenticating user root 46.19.141.122 port 41460 [preauth]","@timestamp":"2022-09-19T14:40:37.143Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:41:55 honeypot-ams-1 sshd[8672]: Received disconnect from 46.19.141.122 port 37748:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:41:56.181Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:37 honeypot-fra-1 sshd[355]: Did not receive identification string from 101.100.242.83 port 47286","@timestamp":"2022-09-19T14:45:38.482Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[362]: Invalid user vagrant from 101.100.242.83 port 53568","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[359]: Invalid user testuser from 101.100.242.83 port 53534","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[382]: Invalid user deploy from 101.100.242.83 port 53526","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[375]: Invalid user mc from 101.100.242.83 port 53564","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[360]: Connection closed by invalid user testuser 101.100.242.83 port 53558 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[356]: Connection closed by authenticating user root 101.100.242.83 port 53520 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[380]: Connection closed by authenticating user root 101.100.242.83 port 53532 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[383]: Connection closed by invalid user admin 101.100.242.83 port 53528 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:39 honeypot-fra-1 sshd[376]: Connection closed by invalid user git 101.100.242.83 port 53556 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:45:43.416Z","@version":"1","message":"Sep 19 14:45:42 honeypot-sgp-1 sshd[1512]: Received disconnect from 92.255.85.69 port 31658:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:47:30 honeypot-ams-1 sshd[8677]: Received disconnect from 206.81.0.243 port 33048:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:47:30.329Z"}
{"@timestamp":"2022-09-19T14:54:25.631Z","@version":"1","message":"Sep 19 14:54:25 honeypot-sgp-1 kernel: [84475366.721640] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=2153 PROTO=TCP SPT=59131 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:54:48 honeypot-fra-1 kernel: [84473692.445396] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=149.102.155.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=44342 PROTO=TCP SPT=59244 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:54:49.691Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:54:58 honeypot-ams-1 sshd[8683]: Invalid user nkg from 37.221.207.194 port 46380","@timestamp":"2022-09-19T14:54:58.521Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:58:45 honeypot-ams-1 sshd[8685]: Invalid user admin from 179.60.147.69 port 63174","@timestamp":"2022-09-19T14:58:46.621Z"}
{"@timestamp":"2022-09-19T14:59:29.776Z","@version":"1","message":"Sep 19 14:59:29 honeypot-sgp-1 sshd[1526]: Received disconnect from 61.177.172.108 port 24419:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:01:18 honeypot-fra-1 kernel: [84474081.832811] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.172.184.157 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=59745 PROTO=TCP SPT=58672 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:01:18.843Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:01:32.830Z","@version":"1","message":"Sep 19 15:01:31 honeypot-sgp-1 sshd[1532]: Invalid user pradeep from 103.188.176.251 port 42404","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:02:26 honeypot-ams-1 kernel: [84476325.395357] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=41027 PROTO=TCP SPT=14699 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:02:26.717Z"}
{"@timestamp":"2022-09-19T15:09:33.024Z","@version":"1","message":"Sep 19 15:09:32 honeypot-sgp-1 sshd[1539]: Disconnected from 61.177.173.35 port 47030 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:15:21 honeypot-fra-1 sshd[436]: Received disconnect from 92.255.85.70 port 35072:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:15:22.175Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:15:34.178Z","@version":"1","message":"Sep 19 15:15:33 honeypot-sgp-1 sshd[1546]: Invalid user ep from 207.154.208.193 port 34002","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:17:01 honeypot-ams-1 CRON[8692]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T15:17:02.096Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:17:01 honeypot-fra-1 CRON[441]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T15:17:02.212Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:17:20.224Z","@version":"1","message":"Sep 19 15:17:20 honeypot-sgp-1 sshd[1551]: Received disconnect from 61.177.173.53 port 39581:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:18:55.264Z","@version":"1","message":"Sep 19 15:18:54 honeypot-sgp-1 sshd[1557]: Disconnected from invalid user samba 118.27.25.96 port 56210 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:26:24.446Z","@version":"1","message":"Sep 19 15:26:24 honeypot-sgp-1 sshd[1565]: Received disconnect from 61.177.173.36 port 12900:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:31:42.578Z","@version":"1","message":"Sep 19 15:31:41 honeypot-sgp-1 sshd[1570]: Invalid user cloudera from 179.60.147.69 port 48144","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:33:15.619Z","@version":"1","message":"Sep 19 15:33:15 honeypot-sgp-1 sshd[1575]: Invalid user admin from 178.128.103.172 port 56470","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:33:29 honeypot-ams-1 sshd[8698]: Disconnected from authenticating user root 189.178.6.78 port 33692 [preauth]","@timestamp":"2022-09-19T15:33:29.525Z"}
{"@timestamp":"2022-09-19T15:36:03.707Z","@version":"1","message":"Sep 19 15:36:03 honeypot-sgp-1 kernel: [84477864.517263] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=38612 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:36:52 honeypot-fra-1 kernel: [84476215.963977] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=167.94.138.102 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=37 ID=19798 PROTO=TCP SPT=13709 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:36:52.672Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:43:26.884Z","@version":"1","message":"Sep 19 15:43:26 honeypot-sgp-1 sshd[1585]: Disconnected from authenticating user root 61.177.173.35 port 48408 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:43:34 honeypot-ams-1 kernel: [84478793.424881] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=111.118.40.97 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=6779 PROTO=TCP SPT=5270 DPT=80 WINDOW=9836 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:43:34.798Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:45:32 honeypot-fra-1 sshd[453]: Received disconnect from 92.255.85.70 port 42448:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:45:32.869Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:47:24.981Z","@version":"1","message":"Sep 19 15:47:24 honeypot-sgp-1 sshd[1593]: Did not receive identification string from 45.61.186.249 port 58026","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:47:46 honeypot-ams-1 kernel: [84479045.829064] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=159.65.138.52 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=54953 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:47:47.915Z"}
{"@timestamp":"2022-09-19T15:48:11.002Z","@version":"1","message":"Sep 19 15:48:10 honeypot-sgp-1 sshd[1596]: Disconnected from invalid user user 45.61.186.249 port 52260 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:30.012Z","@version":"1","message":"Sep 19 15:48:29 honeypot-sgp-1 sshd[1601]: Disconnected from invalid user user 45.61.186.249 port 46560 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:49.022Z","@version":"1","message":"Sep 19 15:48:48 honeypot-sgp-1 sshd[1605]: Disconnected from invalid user user 45.61.186.249 port 40944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:49:05.030Z","@version":"1","message":"Sep 19 15:49:04 honeypot-sgp-1 sshd[1611]: Received disconnect from 40.81.244.251 port 38944:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:50:03.057Z","@version":"1","message":"Sep 19 15:50:02 honeypot-sgp-1 kernel: [84478704.330196] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=163.172.158.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=4021 PROTO=TCP SPT=48701 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:52:07.108Z","@version":"1","message":"Sep 19 15:52:06 honeypot-sgp-1 sshd[1620]: Disconnected from invalid user glassfish 139.59.248.243 port 56828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:53:07 honeypot-fra-1 sshd[458]: Invalid user tgo from 43.242.247.141 port 53902","@timestamp":"2022-09-19T15:53:08.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:53:27.143Z","@version":"1","message":"Sep 19 15:53:26 honeypot-sgp-1 kernel: [84478907.959307] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=48474 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:55:07 honeypot-ams-1 kernel: [84479485.841911] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=3413 PROTO=TCP SPT=36539 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:55:07.112Z"}
{"@timestamp":"2022-09-19T15:57:54.270Z","@version":"1","message":"Sep 19 15:57:54 honeypot-sgp-1 sshd[1633]: Received disconnect from 61.177.173.47 port 52347:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:58:30 honeypot-fra-1 sshd[463]: Received disconnect from 95.86.165.90 port 35152:11: Bye Bye [preauth]","@timestamp":"2022-09-19T15:58:31.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:01:03 honeypot-ams-1 sshd[8711]: Disconnected from authenticating user root 191.242.105.133 port 39854 [preauth]","@timestamp":"2022-09-19T16:01:03.276Z"}
{"@timestamp":"2022-09-19T16:01:39.361Z","@version":"1","message":"Sep 19 16:01:38 honeypot-sgp-1 sshd[1641]: Disconnected from invalid user admin 188.157.24.174 port 42290 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:07:44.509Z","@version":"1","message":"Sep 19 16:07:44 honeypot-sgp-1 sshd[1646]: Connection closed by invalid user amx 179.60.147.69 port 37678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:08:48 honeypot-ams-1 sshd[8717]: Received disconnect from 61.177.173.51 port 63283:11:  [preauth]","@timestamp":"2022-09-19T16:08:48.480Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:08:50 honeypot-fra-1 sshd[467]: Connection closed by invalid user amx 179.60.147.69 port 29708 [preauth]","@timestamp":"2022-09-19T16:08:51.391Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:14:41 honeypot-ams-1 kernel: [84480660.746730] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.172.184.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=35961 PROTO=TCP SPT=42207 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:14:42.639Z"}
{"@timestamp":"2022-09-19T16:17:02.732Z","@version":"1","message":"Sep 19 16:17:01 honeypot-sgp-1 CRON[1652]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:21.742Z","@version":"1","message":"Sep 19 16:17:21 honeypot-sgp-1 sshd[1657]: Disconnected from invalid user user 45.61.187.160 port 44828 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:40.751Z","@version":"1","message":"Sep 19 16:17:40 honeypot-sgp-1 sshd[1661]: Disconnected from invalid user user 45.61.187.160 port 39328 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:59.761Z","@version":"1","message":"Sep 19 16:17:59 honeypot-sgp-1 sshd[1665]: Disconnected from invalid user user 45.61.187.160 port 33820 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:18:34 honeypot-fra-1 sshd[495]: Invalid user admin from 221.2.93.118 port 42033","@timestamp":"2022-09-19T16:18:34.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:19:51 honeypot-ams-1 sshd[8730]: Disconnected from authenticating user root 92.255.85.70 port 29072 [preauth]","@timestamp":"2022-09-19T16:19:52.773Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:24:25 honeypot-fra-1 sshd[505]: Invalid user emele from 45.126.184.170 port 50144","@timestamp":"2022-09-19T16:24:25.755Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:25:51.948Z","@version":"1","message":"Sep 19 16:25:50 honeypot-sgp-1 sshd[1670]: Disconnected from authenticating user root 37.194.206.12 port 38192 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:28:54 honeypot-fra-1 kernel: [84479338.418657] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=37853 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:28:55.870Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T16:29:41.044Z","@version":"1","message":"Sep 19 16:29:40 honeypot-sgp-1 kernel: [84481082.035923] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=56994 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:29:47 honeypot-ams-1 kernel: [84481566.088595] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=16035 PROTO=TCP SPT=44658 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:29:48.039Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:50 honeypot-ams-1 sshd[8745]: Received disconnect from 98.40.14.28 port 37134:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:51.042Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:54 honeypot-ams-1 sshd[8751]: Received disconnect from 98.40.14.28 port 37366:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:55.044Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:57 honeypot-ams-1 sshd[8757]: Received disconnect from 98.40.14.28 port 37554:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:58.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:00 honeypot-ams-1 sshd[8763]: Received disconnect from 98.40.14.28 port 37740:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:01.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:03 honeypot-ams-1 sshd[8769]: Received disconnect from 98.40.14.28 port 37924:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:04.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:06 honeypot-ams-1 sshd[8775]: Received disconnect from 98.40.14.28 port 38204:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:07.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:09 honeypot-ams-1 sshd[8781]: Received disconnect from 98.40.14.28 port 38432:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:10.057Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:12 honeypot-ams-1 sshd[8787]: Received disconnect from 98.40.14.28 port 38606:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:13.059Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:15 honeypot-ams-1 sshd[8793]: Received disconnect from 98.40.14.28 port 38798:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:16.061Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:19 honeypot-ams-1 sshd[8799]: Received disconnect from 98.40.14.28 port 39022:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:20.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:21 honeypot-ams-1 sshd[8803]: Disconnected from invalid user admin 98.40.14.28 port 39132 [preauth]","@timestamp":"2022-09-19T16:30:22.066Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:23 honeypot-ams-1 sshd[8807]: Disconnected from invalid user admin 98.40.14.28 port 39240 [preauth]","@timestamp":"2022-09-19T16:30:24.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:25 honeypot-ams-1 sshd[8811]: Disconnected from invalid user admin 98.40.14.28 port 39376 [preauth]","@timestamp":"2022-09-19T16:30:26.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:27 honeypot-ams-1 sshd[8815]: Disconnected from invalid user admin 98.40.14.28 port 39458 [preauth]","@timestamp":"2022-09-19T16:30:27.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:29 honeypot-ams-1 sshd[8819]: Disconnected from invalid user admin 98.40.14.28 port 39626 [preauth]","@timestamp":"2022-09-19T16:30:29.071Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:31 honeypot-ams-1 sshd[8823]: Disconnected from invalid user user 98.40.14.28 port 39786 [preauth]","@timestamp":"2022-09-19T16:30:32.073Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:34 honeypot-ams-1 sshd[8829]: Received disconnect from 98.40.14.28 port 40044:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:34.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:35 honeypot-ams-1 sshd[8833]: Received disconnect from 98.40.14.28 port 40160:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:36.077Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:37 honeypot-ams-1 sshd[8837]: Received disconnect from 98.40.14.28 port 40270:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:38.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:39 honeypot-ams-1 sshd[8841]: Received disconnect from 98.40.14.28 port 40386:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:40.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:41 honeypot-ams-1 sshd[8845]: Received disconnect from 98.40.14.28 port 40502:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:42.081Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:44 honeypot-ams-1 sshd[8850]: Received disconnect from 98.40.14.28 port 40604:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:45.083Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:46 honeypot-ams-1 sshd[8854]: Received disconnect from 98.40.14.28 port 40788:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:47.085Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:48 honeypot-ams-1 sshd[8858]: Received disconnect from 98.40.14.28 port 40914:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:49.087Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:50 honeypot-ams-1 sshd[8862]: Received disconnect from 98.40.14.28 port 41018:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:51.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:52 honeypot-ams-1 sshd[8866]: Received disconnect from 98.40.14.28 port 41150:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:53.090Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:34:43 honeypot-ams-1 sshd[8870]: Disconnected from authenticating user root 61.177.173.35 port 53165 [preauth]","@timestamp":"2022-09-19T16:34:44.186Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:36:40 honeypot-fra-1 kernel: [84479804.146077] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=15.197.142.173 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=132 ID=32720 PROTO=TCP SPT=31696 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:36:41.042Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:39:21 honeypot-fra-1 sshd[513]: Invalid user hacluster from 92.255.85.69 port 33836","@timestamp":"2022-09-19T16:39:22.106Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:40:59 honeypot-ams-1 kernel: [84482238.108701] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=169.228.66.212 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=57435 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:40:59.352Z"}
{"@timestamp":"2022-09-19T16:43:07.361Z","@version":"1","message":"Sep 19 16:43:06 honeypot-sgp-1 sshd[1678]: Received disconnect from 92.255.85.70 port 39678:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:45:04 honeypot-fra-1 sshd[518]: Disconnected from invalid user sheetal 186.109.86.184 port 41722 [preauth]","@timestamp":"2022-09-19T16:45:05.233Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:45:29 honeypot-ams-1 sshd[8884]: Disconnected from authenticating user root 61.177.173.51 port 16753 [preauth]","@timestamp":"2022-09-19T16:45:29.473Z"}
{"@timestamp":"2022-09-19T16:47:05.459Z","@version":"1","message":"Sep 19 16:47:05 honeypot-sgp-1 sshd[1683]: Disconnected from invalid user deploy 47.181.159.172 port 40294 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:52:17.586Z","@version":"1","message":"Sep 19 16:52:16 honeypot-sgp-1 kernel: [84482438.235139] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=162.142.125.132 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=39 ID=17972 PROTO=TCP SPT=62304 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:52:17 honeypot-ams-1 kernel: [84482916.675528] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=23.95.4.194 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=46651 PROTO=TCP SPT=56984 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:52:18.657Z"}
{"@timestamp":"2022-09-19T16:52:42.598Z","@version":"1","message":"Sep 19 16:52:41 honeypot-sgp-1 sshd[1690]: Disconnected from invalid user joey 162.19.64.25 port 43564 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:54:30 honeypot-fra-1 sshd[521]: Received disconnect from 165.22.45.108 port 32898:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T16:54:31.443Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:54:44.648Z","@version":"1","message":"Sep 19 16:54:43 honeypot-sgp-1 sshd[1694]: Disconnected from invalid user mango 89.250.148.154 port 56232 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:59:17.755Z","@version":"1","message":"Sep 19 16:59:17 honeypot-sgp-1 kernel: [84482858.925921] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.137.89.38 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x40 TTL=55 ID=37257 DF PROTO=TCP SPT=25177 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 16:59:25 honeypot-ams-1 kernel: [84483344.628744] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.49.69.19 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=60454 PROTO=TCP SPT=28010 DPT=443 WINDOW=17735 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:59:25.852Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:01:43 honeypot-ams-1 kernel: [84483482.375748] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=154.89.5.68 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=11243 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:01:43.913Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:05:29 honeypot-ams-1 kernel: [84483708.348522] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=56947 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:05:30.032Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:05:41 honeypot-fra-1 sshd[524]: Connection closed by invalid user pradeep 103.188.176.251 port 40482 [preauth]","@timestamp":"2022-09-19T17:05:41.689Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:09:01 honeypot-fra-1 CRON[529]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T17:09:01.766Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:09:34.023Z","@version":"1","message":"Sep 19 17:09:33 honeypot-sgp-1 sshd[1703]: Received disconnect from 92.255.85.70 port 15732:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:12:19.090Z","@version":"1","message":"Sep 19 17:12:18 honeypot-sgp-1 sshd[1708]: Connection closed by invalid user admin 137.184.48.78 port 42054 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:13:34 honeypot-ams-1 sshd[8923]: Invalid user admin from 92.255.85.69 port 51968","@timestamp":"2022-09-19T17:13:34.246Z"}
{"@timestamp":"2022-09-19T17:15:49.175Z","@version":"1","message":"Sep 19 17:15:48 honeypot-sgp-1 kernel: [84483849.870927] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.206.181 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=55903 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:17:01 honeypot-fra-1 CRON[533]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T17:17:01.942Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:17:01 honeypot-ams-1 CRON[8928]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T17:17:02.340Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:18:39 honeypot-ams-1 sshd[8933]: Disconnected from authenticating user root 61.177.173.51 port 38048 [preauth]","@timestamp":"2022-09-19T17:18:40.384Z"}
{"@timestamp":"2022-09-19T17:19:56.274Z","@version":"1","message":"Sep 19 17:19:55 honeypot-sgp-1 sshd[1720]: Connection closed by authenticating user root 179.60.147.69 port 36620 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:26:13 honeypot-ams-1 sshd[8942]: Received disconnect from 61.177.173.48 port 30649:11:  [preauth]","@timestamp":"2022-09-19T17:26:14.581Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:33:02 honeypot-ams-1 sshd[8947]: Disconnected from authenticating user root 61.177.172.90 port 31260 [preauth]","@timestamp":"2022-09-19T17:33:02.757Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:33:49 honeypot-fra-1 sshd[542]: Received disconnect from 92.255.85.69 port 36740:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:33:49.312Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:35:28.659Z","@version":"1","message":"Sep 19 17:35:27 honeypot-sgp-1 kernel: [84485029.078417] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=116.6.233.254 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=30629 PROTO=TCP SPT=57507 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:37:57.720Z","@version":"1","message":"Sep 19 17:37:56 honeypot-sgp-1 sshd[1730]: Disconnected from invalid user user 45.61.184.204 port 53684 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:16.729Z","@version":"1","message":"Sep 19 17:38:16 honeypot-sgp-1 sshd[1734]: Disconnected from invalid user user 45.61.184.204 port 48944 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:33.736Z","@version":"1","message":"Sep 19 17:38:33 honeypot-sgp-1 sshd[1738]: Disconnected from invalid user user 45.61.184.204 port 44202 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:40:18 honeypot-ams-1 sshd[8955]: Received disconnect from 188.166.252.132 port 54102:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:40:18.948Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:41:03 honeypot-ams-1 sshd[8959]: Received disconnect from 92.255.85.69 port 56782:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:41:03.971Z"}
{"@timestamp":"2022-09-19T17:42:27.830Z","@version":"1","message":"Sep 19 17:42:27 honeypot-sgp-1 sshd[1745]: Invalid user elasticsearch from 34.102.23.246 port 59524","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:43:07 honeypot-fra-1 sshd[549]: Invalid user kf from 43.155.96.81 port 60914","@timestamp":"2022-09-19T17:43:08.514Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:45:22 honeypot-fra-1 sshd[551]: Disconnected from invalid user cyrille 36.91.119.221 port 52488 [preauth]","@timestamp":"2022-09-19T17:45:22.565Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:47:57 honeypot-ams-1 sshd[8966]: Received disconnect from 61.177.173.39 port 19990:11:  [preauth]","@timestamp":"2022-09-19T17:47:58.153Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:48:00 honeypot-fra-1 sshd[555]: Invalid user hendi from 157.245.135.240 port 57282","@timestamp":"2022-09-19T17:48:01.625Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:24 honeypot-fra-1 kernel: [84484167.979652] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=115.84.178.83 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=47842 PROTO=TCP SPT=43482 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:49:25.657Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[575]: Invalid user es from 57.128.11.39 port 33662","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[582]: Invalid user kibana from 57.128.11.39 port 33750","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[563]: Connection closed by authenticating user root 57.128.11.39 port 33668 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[573]: Connection closed by invalid user admin 57.128.11.39 port 33778 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[575]: Connection closed by invalid user es 57.128.11.39 port 33662 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[580]: Connection closed by invalid user ubuntu 57.128.11.39 port 33698 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[584]: Connection closed by authenticating user root 57.128.11.39 port 33754 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:50:16 honeypot-ams-1 kernel: [84486395.074093] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.25.67.180 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=63985 PROTO=TCP SPT=49390 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:50:17.215Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:51:23 honeypot-ams-1 sshd[8978]: Disconnected from authenticating user root 134.122.123.117 port 35574 [preauth]","@timestamp":"2022-09-19T17:51:24.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:51:47 honeypot-ams-1 sshd[8984]: Disconnected from authenticating user root 134.122.123.117 port 38732 [preauth]","@timestamp":"2022-09-19T17:51:47.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:52:34 honeypot-ams-1 sshd[8990]: Disconnected from authenticating user root 134.122.123.117 port 45432 [preauth]","@timestamp":"2022-09-19T17:52:34.285Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:53:43 honeypot-ams-1 sshd[8996]: Invalid user user from 134.122.123.117 port 55542","@timestamp":"2022-09-19T17:53:44.319Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:53:58 honeypot-fra-1 sshd[620]: Did not receive identification string from 92.255.85.183 port 61223","@timestamp":"2022-09-19T17:53:58.757Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:30 honeypot-ams-1 sshd[9000]: Invalid user postgres from 134.122.123.117 port 34004","@timestamp":"2022-09-19T17:54:31.341Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:55:16 honeypot-ams-1 sshd[9004]: Invalid user gituser from 134.122.123.117 port 40532","@timestamp":"2022-09-19T17:55:17.363Z"}
{"@timestamp":"2022-09-19T17:56:00.141Z","@version":"1","message":"Sep 19 17:55:59 honeypot-sgp-1 sshd[1751]: Connection closed by invalid user USERID 179.60.147.69 port 38916 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:03 honeypot-ams-1 sshd[9009]: Invalid user ansible from 134.122.123.117 port 47356","@timestamp":"2022-09-19T17:56:03.385Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:48 honeypot-ams-1 sshd[9013]: Invalid user test from 134.122.123.117 port 53948","@timestamp":"2022-09-19T17:56:49.407Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:34 honeypot-ams-1 sshd[9017]: Invalid user demo from 134.122.123.117 port 60550","@timestamp":"2022-09-19T17:57:35.429Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:57 honeypot-ams-1 sshd[9021]: Received disconnect from 134.122.123.117 port 35672:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:57:58.441Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:58:43 honeypot-ams-1 sshd[9026]: Invalid user debian from 134.122.123.117 port 42434","@timestamp":"2022-09-19T17:58:43.464Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:06 honeypot-ams-1 sshd[9028]: Disconnected from invalid user ftpadmin 134.122.123.117 port 45762 [preauth]","@timestamp":"2022-09-19T17:59:07.477Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:29 honeypot-ams-1 sshd[9034]: Invalid user webadmin from 134.122.123.117 port 49104","@timestamp":"2022-09-19T17:59:30.490Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:59:33 honeypot-fra-1 sshd[624]: Disconnected from invalid user rescue 92.255.85.70 port 41824 [preauth]","@timestamp":"2022-09-19T17:59:33.883Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:15 honeypot-ams-1 sshd[9040]: Invalid user student from 134.122.123.117 port 55646","@timestamp":"2022-09-19T18:00:16.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:39 honeypot-ams-1 sshd[9044]: Invalid user www from 134.122.123.117 port 59068","@timestamp":"2022-09-19T18:00:39.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:01:02 honeypot-ams-1 sshd[9046]: Disconnected from invalid user weblogic 134.122.123.117 port 34098 [preauth]","@timestamp":"2022-09-19T18:01:03.537Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:04:53 honeypot-ams-1 sshd[9053]: Invalid user admin from 41.63.0.132 port 45094","@timestamp":"2022-09-19T18:04:53.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:06:53 honeypot-ams-1 sshd[9063]: Disconnected from authenticating user root 61.177.173.37 port 38329 [preauth]","@timestamp":"2022-09-19T18:06:53.693Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:07:00 honeypot-fra-1 kernel: [84485223.730539] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=57368 PROTO=TCP SPT=50403 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:07:01.048Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T18:08:11.425Z","@version":"1","message":"Sep 19 18:08:10 honeypot-sgp-1 sshd[1825]: Disconnected from invalid user rescue 92.255.85.69 port 42144 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:08:59 honeypot-ams-1 sshd[9071]: Invalid user rescue from 92.255.85.70 port 61500","@timestamp":"2022-09-19T18:08:59.751Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:17:01 honeypot-ams-1 CRON[9076]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T18:17:01.964Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:17:01 honeypot-fra-1 CRON[632]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T18:17:02.261Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:17:02.633Z","@version":"1","message":"Sep 19 18:17:01 honeypot-sgp-1 CRON[1830]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:22.690Z","@version":"1","message":"Sep 19 18:19:21 honeypot-sgp-1 sshd[1837]: Invalid user user from 45.61.184.204 port 52080","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:40.699Z","@version":"1","message":"Sep 19 18:19:40 honeypot-sgp-1 sshd[1841]: Invalid user user from 45.61.184.204 port 46930","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:58.707Z","@version":"1","message":"Sep 19 18:19:58 honeypot-sgp-1 sshd[1845]: Invalid user user from 45.61.184.204 port 41778","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:21:22.742Z","@version":"1","message":"Sep 19 18:21:22 honeypot-sgp-1 sshd[1849]: Received disconnect from 101.128.68.195 port 50990:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:21:39 honeypot-ams-1 sshd[9082]: Received disconnect from 61.177.172.19 port 13840:11:  [preauth]","@timestamp":"2022-09-19T18:21:40.104Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:22:27 honeypot-fra-1 sshd[637]: Disconnected from authenticating user root 177.93.51.98 port 33188 [preauth]","@timestamp":"2022-09-19T18:22:27.380Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:27:00 honeypot-ams-1 kernel: [84488598.782111] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.214.54 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=45214 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:27:00.246Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:27:16 honeypot-fra-1 sshd[643]: Received disconnect from 144.64.1.83 port 55446:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:27:17.488Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:31:57.990Z","@version":"1","message":"Sep 19 18:31:57 honeypot-sgp-1 sshd[1853]: Connection closed by authenticating user root 179.60.147.69 port 23656 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:33:05 honeypot-fra-1 sshd[647]: Connection closed by authenticating user root 179.60.147.69 port 38206 [preauth]","@timestamp":"2022-09-19T18:33:06.614Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:35:30 honeypot-fra-1 sshd[653]: Connection closed by invalid user dev 101.33.218.153 port 10502 [preauth]","@timestamp":"2022-09-19T18:35:30.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:36:57 honeypot-ams-1 sshd[9098]: Received disconnect from 61.177.173.39 port 39848:11:  [preauth]","@timestamp":"2022-09-19T18:36:57.527Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:39:35 honeypot-fra-1 sshd[684]: Disconnected from invalid user jugo 51.91.35.137 port 41198 [preauth]","@timestamp":"2022-09-19T18:39:35.759Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:39:42 honeypot-ams-1 sshd[9101]: Invalid user user from 45.61.186.249 port 60638","@timestamp":"2022-09-19T18:39:42.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:03 honeypot-ams-1 sshd[9107]: Invalid user user from 45.61.186.249 port 55632","@timestamp":"2022-09-19T18:40:03.614Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:40:14 honeypot-ams-1 kernel: [84489393.565620] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=38512 PROTO=TCP SPT=50067 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:40:15.621Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:29 honeypot-ams-1 sshd[9114]: Disconnected from invalid user user 45.61.186.249 port 34004 [preauth]","@timestamp":"2022-09-19T18:40:30.629Z"}
{"@timestamp":"2022-09-19T18:40:52.197Z","@version":"1","message":"Sep 19 18:40:51 honeypot-sgp-1 sshd[1858]: Disconnected from invalid user amane 82.196.113.78 port 26016 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:43:53 honeypot-fra-1 kernel: [84487436.565733] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=28325 PROTO=TCP SPT=46414 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:43:53.857Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T18:45:17.301Z","@version":"1","message":"Sep 19 18:45:17 honeypot-sgp-1 sshd[1861]: Disconnected from invalid user bn 161.35.112.155 port 49344 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:47:20 honeypot-ams-1 kernel: [84489818.782986] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=164.92.72.164 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=49390 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:47:20.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:49:46 honeypot-ams-1 sshd[9129]: Received disconnect from 69.250.26.126 port 56926:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:49:46.875Z"}
{"@timestamp":"2022-09-19T18:50:39.424Z","@version":"1","message":"Sep 19 18:50:39 honeypot-sgp-1 sshd[1867]: Invalid user notice from 188.81.133.7 port 55487","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:50:45 honeypot-ams-1 sshd[9135]: Disconnected from invalid user backups 92.255.85.70 port 41690 [preauth]","@timestamp":"2022-09-19T18:50:45.902Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:51:24 honeypot-fra-1 sshd[691]: Received disconnect from 165.22.45.108 port 38812:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:51:25.022Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:53:06.506Z","@version":"1","message":"Sep 19 18:53:06 honeypot-sgp-1 sshd[1871]: Received disconnect from 207.138.39.234 port 60880:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:54:16 honeypot-ams-1 sshd[9138]: Disconnected from authenticating user root 61.177.173.47 port 63500 [preauth]","@timestamp":"2022-09-19T18:54:16.997Z"}
{"@timestamp":"2022-09-19T18:55:54.572Z","@version":"1","message":"Sep 19 18:55:54 honeypot-sgp-1 sshd[1878]: Disconnected from authenticating user root 191.239.116.211 port 60858 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:59:07 honeypot-fra-1 kernel: [84488350.205801] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=12843 PROTO=TCP SPT=53455 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:59:07.204Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:01:19 honeypot-ams-1 kernel: [84490658.137885] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=14534 PROTO=TCP SPT=46414 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:01:20.183Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:03:31 honeypot-fra-1 sshd[698]: Received disconnect from 46.101.123.135 port 45542:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:03:32.301Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:05:18 honeypot-ams-1 sshd[9149]: Disconnected from authenticating user root 61.177.172.108 port 22551 [preauth]","@timestamp":"2022-09-19T19:05:18.288Z"}
{"@timestamp":"2022-09-19T19:05:45.796Z","@version":"1","message":"Sep 19 19:05:45 honeypot-sgp-1 kernel: [84490446.434957] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=34.146.42.51 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x60 TTL=250 ID=29536 PROTO=TCP SPT=52891 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:14.878Z","@version":"1","message":"Sep 19 19:09:14 honeypot-sgp-1 sshd[1887]: Disconnected from invalid user user 45.61.184.204 port 42256 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:33.888Z","@version":"1","message":"Sep 19 19:09:33 honeypot-sgp-1 sshd[1891]: Invalid user user from 45.61.184.204 port 37208","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:52.896Z","@version":"1","message":"Sep 19 19:09:52 honeypot-sgp-1 sshd[1895]: Invalid user user from 45.61.184.204 port 60390","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:10:10.905Z","@version":"1","message":"Sep 19 19:10:10 honeypot-sgp-1 sshd[1899]: Invalid user user from 45.61.184.204 port 55334","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:13:17 honeypot-fra-1 sshd[708]: Invalid user ppp from 92.255.85.70 port 50442","@timestamp":"2022-09-19T19:13:18.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:14:31 honeypot-ams-1 kernel: [84491450.371023] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=10194 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:14:32.523Z"}
{"@timestamp":"2022-09-19T19:17:02.063Z","@version":"1","message":"Sep 19 19:17:01 honeypot-sgp-1 CRON[1904]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:19:12 honeypot-ams-1 sshd[9167]: Received disconnect from 92.255.85.70 port 16056:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:19:12.662Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:20:39 honeypot-fra-1 sshd[729]: Invalid user deploy from 103.98.119.63 port 50560","@timestamp":"2022-09-19T19:20:39.687Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:22:20 honeypot-ams-1 sshd[9174]: Received disconnect from 167.99.66.74 port 59301:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:22:21.749Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:24:21 honeypot-fra-1 sshd[734]: Received disconnect from 165.227.103.128 port 48520:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:24:21.774Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:25:29 honeypot-fra-1 sshd[738]: Connection closed by invalid user pi 212.5.153.79 port 34132 [preauth]","@timestamp":"2022-09-19T19:25:29.800Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:25:41.259Z","@version":"1","message":"Sep 19 19:25:40 honeypot-sgp-1 kernel: [84491642.039287] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.172.184.157 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=104 PROTO=TCP SPT=55431 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:25:45 honeypot-ams-1 sshd[9178]: Connection closed by authenticating user root 103.188.176.251 port 47508 [preauth]","@timestamp":"2022-09-19T19:25:46.841Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:30:18 honeypot-ams-1 sshd[9183]: Received disconnect from 61.177.173.36 port 35387:11:  [preauth]","@timestamp":"2022-09-19T19:30:18.965Z"}
{"@timestamp":"2022-09-19T19:36:39.508Z","@version":"1","message":"Sep 19 19:36:39 honeypot-sgp-1 sshd[1918]: Disconnected from invalid user hoshii 167.71.48.136 port 36958 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:37:09 honeypot-fra-1 sshd[746]: Disconnected from authenticating user root 162.19.74.93 port 46880 [preauth]","@timestamp":"2022-09-19T19:37:10.064Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:39:19 honeypot-fra-1 sshd[752]: Invalid user template from 103.150.227.6 port 48918","@timestamp":"2022-09-19T19:39:20.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:40:27 honeypot-fra-1 sshd[756]: Invalid user ftp from 117.4.252.243 port 55826","@timestamp":"2022-09-19T19:40:28.139Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:41:43 honeypot-fra-1 kernel: [84490906.114781] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=15245 PROTO=TCP SPT=56187 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:41:43.167Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:42:05 honeypot-ams-1 sshd[9197]: Disconnected from authenticating user root 61.177.173.36 port 16950 [preauth]","@timestamp":"2022-09-19T19:42:06.270Z"}
{"@timestamp":"2022-09-19T19:47:08.747Z","@version":"1","message":"Sep 19 19:47:08 honeypot-sgp-1 sshd[1927]: Received disconnect from 92.255.85.70 port 42550:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:12 honeypot-fra-1 kernel: [84491355.654195] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=79 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=6104 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-19T19:49:13.332Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[777]: Invalid user postgres from 103.164.34.122 port 56640","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[788]: Invalid user minecraft from 103.164.34.122 port 56650","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[772]: Connection closed by invalid user elastic 103.164.34.122 port 56674 [preauth]","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[786]: Invalid user testuser from 103.164.34.122 port 56642","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[767]: Connection closed by authenticating user root 103.164.34.122 port 56658 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[788]: Connection closed by invalid user minecraft 103.164.34.122 port 56650 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[795]: Connection closed by invalid user dev 103.164.34.122 port 56716 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[794]: Connection closed by authenticating user root 103.164.34.122 port 56684 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:51:56 honeypot-ams-1 kernel: [84493695.116989] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=33876 PROTO=TCP SPT=55530 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:51:56.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:53:42 honeypot-ams-1 sshd[9213]: Disconnected from authenticating user root 61.177.173.36 port 28312 [preauth]","@timestamp":"2022-09-19T19:53:42.573Z"}
{"@timestamp":"2022-09-19T20:00:45.059Z","@version":"1","message":"Sep 19 20:00:44 honeypot-sgp-1 kernel: [84493745.414129] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=79 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=22516 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:01:33 honeypot-fra-1 kernel: [84492096.399703] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=16858 PROTO=TCP SPT=37245 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:01:33.611Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:05:28 honeypot-ams-1 sshd[9222]: Disconnected from authenticating user root 61.177.173.47 port 42151 [preauth]","@timestamp":"2022-09-19T20:05:28.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:05:57 honeypot-fra-1 sshd[838]: Invalid user user from 45.61.186.49 port 33844","@timestamp":"2022-09-19T20:05:57.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:06:07 honeypot-fra-1 sshd[843]: Invalid user user from 45.61.186.49 port 45396","@timestamp":"2022-09-19T20:06:07.721Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:10:50 honeypot-fra-1 sshd[846]: Received disconnect from 92.255.85.69 port 59974:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:10:50.822Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T20:17:01.442Z","@version":"1","message":"Sep 19 20:17:01 honeypot-sgp-1 CRON[1937]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:17:01 honeypot-ams-1 CRON[9231]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T20:17:02.180Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:18:18 honeypot-ams-1 sshd[9236]: Disconnected from authenticating user root 92.255.85.70 port 19044 [preauth]","@timestamp":"2022-09-19T20:18:19.218Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:21:27 honeypot-fra-1 sshd[852]: Connection closed by invalid user admin 179.60.147.69 port 24510 [preauth]","@timestamp":"2022-09-19T20:21:28.056Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[869]: Invalid user admin from 178.89.108.11 port 60134","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[879]: Invalid user vagrant from 178.89.108.11 port 60166","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[870]: Invalid user testuser from 178.89.108.11 port 60150","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[871]: Connection closed by authenticating user root 178.89.108.11 port 60162 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[864]: Connection closed by invalid user devops 178.89.108.11 port 60182 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[875]: Connection closed by invalid user admin 178.89.108.11 port 60130 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[870]: Connection closed by invalid user testuser 178.89.108.11 port 60150 [preauth]","@timestamp":"2022-09-19T20:26:02.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[891]: Connection closed by invalid user test 178.89.108.11 port 60124 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:28:20 honeypot-ams-1 sshd[9246]: Received disconnect from 61.177.173.35 port 44703:11:  [preauth]","@timestamp":"2022-09-19T20:28:20.481Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:30:31 honeypot-fra-1 sshd[920]: Invalid user ioa from 197.155.234.157 port 34206","@timestamp":"2022-09-19T20:30:32.279Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:32:14 honeypot-ams-1 sshd[9251]: Received disconnect from 185.17.229.65 port 36922:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:32:14.584Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:36:30 honeypot-fra-1 kernel: [84494193.720153] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.167.97.244 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40974 DPT=5432 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:36:31.409Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:41:15 honeypot-ams-1 sshd[9260]: Received disconnect from 61.177.172.114 port 22606:11:  [preauth]","@timestamp":"2022-09-19T20:41:15.818Z"}
{"@timestamp":"2022-09-19T20:41:42.015Z","@version":"1","message":"Sep 19 20:41:41 honeypot-sgp-1 sshd[1945]: Received disconnect from 92.255.85.70 port 17634:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:45:06 honeypot-ams-1 sshd[9265]: Disconnected from invalid user admin 92.255.85.70 port 62670 [preauth]","@timestamp":"2022-09-19T20:45:07.924Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:46:07 honeypot-fra-1 sshd[929]: Received disconnect from 165.22.45.108 port 44694:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T20:46:08.615Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:53:02 honeypot-ams-1 sshd[9276]: Disconnected from invalid user webin 202.83.17.205 port 58478 [preauth]","@timestamp":"2022-09-19T20:53:02.128Z"}
{"@timestamp":"2022-09-19T20:55:31.330Z","@version":"1","message":"Sep 19 20:55:30 honeypot-sgp-1 sshd[1950]: Disconnected from invalid user dbuser 161.35.112.155 port 60436 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:56:54 honeypot-ams-1 kernel: [84497593.371265] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55509 PROTO=TCP SPT=59934 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:56:55.229Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:59:56 honeypot-ams-1 sshd[9287]: Connection closed by invalid user sans 179.60.147.69 port 25876 [preauth]","@timestamp":"2022-09-19T20:59:57.312Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:05:03 honeypot-fra-1 sshd[935]: Received disconnect from 92.255.85.69 port 39050:11: Bye Bye [preauth]","@timestamp":"2022-09-19T21:05:04.039Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 21:05:07 honeypot-ams-1 kernel: [84498086.543818] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=139.59.45.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x20 TTL=245 ID=36362 PROTO=TCP SPT=61953 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T21:05:08.449Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:18 honeypot-fra-1 sshd[938]: Disconnected from invalid user mouzj 95.217.159.3 port 40042 [preauth]","@timestamp":"2022-09-19T21:07:19.090Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:54:36.931Z","@version":"1","message":"Sep 19 05:54:35 honeypot-sgp-1 sshd[362]: Received disconnect from 92.255.85.70 port 16274:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 05:55:02 honeypot-fra-1 sshd[31816]: Received disconnect from 186.103.169.12 port 55064:11: Bye Bye [preauth]","@timestamp":"2022-09-19T05:55:03.128Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T05:56:39.984Z","@version":"1","message":"Sep 19 05:56:39 honeypot-sgp-1 sshd[366]: Disconnected from invalid user tickets 142.93.117.15 port 42996 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 05:58:26 honeypot-ams-1 kernel: [84443685.435422] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=163.204.221.30 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=30354 DF PROTO=TCP SPT=33389 DPT=80 WINDOW=14520 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T05:58:27.132Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:01:28 honeypot-ams-1 kernel: [84443867.450022] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45353 PROTO=TCP SPT=47204 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:01:29.212Z"}
{"@timestamp":"2022-09-19T06:01:59.120Z","@version":"1","message":"Sep 19 06:01:58 honeypot-sgp-1 sshd[376]: Received disconnect from 45.61.186.249 port 60812:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:16.128Z","@version":"1","message":"Sep 19 06:02:16 honeypot-sgp-1 sshd[380]: Received disconnect from 45.61.186.249 port 55538:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:02:34.137Z","@version":"1","message":"Sep 19 06:02:33 honeypot-sgp-1 sshd[384]: Received disconnect from 45.61.186.249 port 50252:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:03:00.150Z","@version":"1","message":"Sep 19 06:02:59 honeypot-sgp-1 kernel: [84443481.394078] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=40.84.222.228 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=7746 PROTO=TCP SPT=47246 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:05:03 honeypot-fra-1 sshd[31822]: Invalid user admin from 20.126.126.43 port 60318","@timestamp":"2022-09-19T06:05:04.353Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:07:34.266Z","@version":"1","message":"Sep 19 06:07:34 honeypot-sgp-1 kernel: [84443756.142879] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.4 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=36606 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T06:12:28.390Z","@version":"1","message":"Sep 19 06:12:27 honeypot-sgp-1 sshd[399]: Received disconnect from 61.177.172.108 port 51782:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:14:51 honeypot-fra-1 sshd[31901]: Did not receive identification string from 45.61.187.160 port 47030","@timestamp":"2022-09-19T06:14:52.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:24 honeypot-fra-1 sshd[31904]: Disconnected from invalid user user 45.61.187.160 port 48452 [preauth]","@timestamp":"2022-09-19T06:15:25.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:42 honeypot-fra-1 sshd[31908]: Disconnected from invalid user user 45.61.187.160 port 43656 [preauth]","@timestamp":"2022-09-19T06:15:42.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:15:58 honeypot-fra-1 sshd[31912]: Disconnected from invalid user user 45.61.187.160 port 38894 [preauth]","@timestamp":"2022-09-19T06:15:59.609Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:17:01 honeypot-ams-1 CRON[7572]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T06:17:01.604Z"}
{"@timestamp":"2022-09-19T06:17:02.503Z","@version":"1","message":"Sep 19 06:17:01 honeypot-sgp-1 CRON[491]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:17:01 honeypot-fra-1 CRON[31916]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T06:17:02.637Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:21:33.619Z","@version":"1","message":"Sep 19 06:21:32 honeypot-sgp-1 sshd[501]: Received disconnect from 61.177.173.52 port 53772:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:25:05 honeypot-ams-1 CRON[7578]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T06:25:05.836Z"}
{"@timestamp":"2022-09-19T06:27:00.790Z","@version":"1","message":"Sep 19 06:27:00 honeypot-sgp-1 sshd[646]: Disconnected from authenticating user root 143.198.53.72 port 44754 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:27:59 honeypot-ams-1 sshd[7748]: Disconnected from invalid user admin 42.200.78.78 port 52672 [preauth]","@timestamp":"2022-09-19T06:27:59.912Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:33:29 honeypot-fra-1 kernel: [84443614.230292] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=35.244.62.73 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=60 ID=18594 PROTO=TCP SPT=53552 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:33:30.016Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:36 honeypot-ams-1 sshd[7754]: Received disconnect from 45.61.186.169 port 51080:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T06:34:37.098Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:34:53 honeypot-ams-1 sshd[7758]: Invalid user user from 45.61.186.169 port 46286","@timestamp":"2022-09-19T06:34:54.107Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:35:10 honeypot-ams-1 sshd[7762]: Invalid user user from 45.61.186.169 port 41490","@timestamp":"2022-09-19T06:35:11.116Z"}
{"@timestamp":"2022-09-19T06:37:49.057Z","@version":"1","message":"Sep 19 06:37:48 honeypot-sgp-1 sshd[748]: Disconnected from invalid user art 35.219.62.194 port 41946 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:39:32 honeypot-ams-1 kernel: [84446151.899363] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=80 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=28666 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:39:33.228Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:41:06 honeypot-ams-1 sshd[7769]: Disconnected from invalid user neha 154.221.23.144 port 34508 [preauth]","@timestamp":"2022-09-19T06:41:07.272Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:43:19 honeypot-fra-1 sshd[32165]: Invalid user ubnt from 167.172.58.10 port 46536","@timestamp":"2022-09-19T06:43:20.232Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:45:24.247Z","@version":"1","message":"Sep 19 06:45:24 honeypot-sgp-1 sshd[755]: Received disconnect from 61.177.172.124 port 47200:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:45:34 honeypot-fra-1 sshd[32170]: Received disconnect from 117.158.87.112 port 3117:11: Bye Bye [preauth]","@timestamp":"2022-09-19T06:45:35.283Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T06:49:23.348Z","@version":"1","message":"Sep 19 06:49:22 honeypot-sgp-1 kernel: [84446264.739097] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=3.90.148.15 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=226 ID=54321 PROTO=TCP SPT=42612 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:49:23 honeypot-ams-1 kernel: [84446742.205505] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=66.240.236.109 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=45810 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:49:23.486Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 06:51:53 honeypot-fra-1 kernel: [84444718.802331] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=82 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=30714 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:51:54.424Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T06:54:08.468Z","@version":"1","message":"Sep 19 06:54:08 honeypot-sgp-1 kernel: [84446550.144768] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=23.224.186.224 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=47060 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 06:55:22 honeypot-ams-1 sshd[7779]: Invalid user medieval from 58.27.134.52 port 47002","@timestamp":"2022-09-19T06:55:22.641Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 06:56:40 honeypot-ams-1 kernel: [84447179.832228] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.206.34 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51156 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T06:56:41.676Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:01:06 honeypot-fra-1 kernel: [84445271.707489] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=84 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=2014 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:01:07.645Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T07:06:26.791Z","@version":"1","message":"Sep 19 07:06:26 honeypot-sgp-1 kernel: [84447288.516639] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=57790 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:07:47 honeypot-fra-1 sshd[32184]: Invalid user monitor from 177.144.160.220 port 21281","@timestamp":"2022-09-19T07:07:48.795Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:09:37 honeypot-fra-1 sshd[32188]: Received disconnect from 165.22.45.108 port 59790:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T07:09:37.838Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:09:48.877Z","@version":"1","message":"Sep 19 07:09:48 honeypot-sgp-1 sshd[781]: Received disconnect from 61.177.173.36 port 19771:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:12:00 honeypot-ams-1 kernel: [84448099.776441] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=34.205.77.36 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=37104 PROTO=TCP SPT=53321 DPT=80 WINDOW=3554 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:12:01.075Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:13:26 honeypot-fra-1 sshd[32194]: Received disconnect from 92.255.85.70 port 25472:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:13:26.926Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:17:02.058Z","@version":"1","message":"Sep 19 07:17:01 honeypot-sgp-1 CRON[788]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:21:18 honeypot-ams-1 sshd[7796]: Invalid user ftp from 193.106.191.157 port 45046","@timestamp":"2022-09-19T07:21:19.314Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:22:18 honeypot-ams-1 sshd[7801]: Disconnected from authenticating user root 92.255.85.70 port 40774 [preauth]","@timestamp":"2022-09-19T07:22:18.344Z"}
{"@timestamp":"2022-09-19T07:22:28.194Z","@version":"1","message":"Sep 19 07:22:27 honeypot-sgp-1 sshd[798]: Received disconnect from 61.177.173.47 port 53276:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:25:40 honeypot-ams-1 sshd[7806]: Received disconnect from 51.75.143.42 port 34766:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:25:40.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:26:26 honeypot-fra-1 sshd[32205]: Invalid user www from 103.188.176.251 port 55274","@timestamp":"2022-09-19T07:26:27.214Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:30:35 honeypot-fra-1 sshd[32209]: Disconnected from invalid user jakub 211.253.133.48 port 47126 [preauth]","@timestamp":"2022-09-19T07:30:36.308Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:31:15.438Z","@version":"1","message":"Sep 19 07:31:14 honeypot-sgp-1 kernel: [84448776.682616] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=81 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=20442 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T07:35:04.533Z","@version":"1","message":"Sep 19 07:35:04 honeypot-sgp-1 sshd[811]: Disconnected from authenticating user root 61.177.173.36 port 53392 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:38:25 honeypot-ams-1 sshd[7813]: Invalid user admin from 179.60.147.69 port 56590","@timestamp":"2022-09-19T07:38:26.761Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:39:12 honeypot-fra-1 sshd[32217]: Received disconnect from 92.255.85.69 port 16724:11: Bye Bye [preauth]","@timestamp":"2022-09-19T07:39:13.495Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:41:46.700Z","@version":"1","message":"Sep 19 07:41:46 honeypot-sgp-1 kernel: [84449408.022644] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=42619 DF PROTO=TCP SPT=41840 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:44:51 honeypot-fra-1 kernel: [84447896.385569] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=37919 DF PROTO=TCP SPT=32918 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:44:52.622Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:46:01 honeypot-fra-1 sshd[32222]: Disconnected from authenticating user root 61.177.172.13 port 46407 [preauth]","@timestamp":"2022-09-19T07:46:02.651Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:47:33.844Z","@version":"1","message":"Sep 19 07:47:33 honeypot-sgp-1 sshd[829]: Received disconnect from 92.255.85.70 port 18806:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 07:48:47 honeypot-ams-1 sshd[7821]: Received disconnect from 61.177.173.4 port 10569:11:  [preauth]","@timestamp":"2022-09-19T07:48:48.026Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 07:50:35 honeypot-ams-1 kernel: [84450415.002191] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.55.53.144 DST=178.62.254.91 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=6557 DF PROTO=TCP SPT=53722 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T07:50:36.079Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 07:51:48 honeypot-fra-1 sshd[32230]: Disconnected from authenticating user root 45.89.26.196 port 46622 [preauth]","@timestamp":"2022-09-19T07:51:48.781Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T07:53:10.985Z","@version":"1","message":"Sep 19 07:53:10 honeypot-sgp-1 sshd[838]: Disconnected from authenticating user root 61.177.173.49 port 21556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:02:04 honeypot-fra-1 kernel: [84448929.370694] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=84 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=30704 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:02:05.013Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:04:17 honeypot-ams-1 sshd[7829]: Disconnected from authenticating user root 167.172.141.86 port 57184 [preauth]","@timestamp":"2022-09-19T08:04:18.441Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:05:51 honeypot-fra-1 kernel: [84449155.639235] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=194.169.217.248 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=59 ID=9588 DF PROTO=TCP SPT=10371 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:05:51.099Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:07:41.362Z","@version":"1","message":"Sep 19 08:07:40 honeypot-sgp-1 sshd[848]: Received disconnect from 61.177.172.108 port 49150:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:17:01 honeypot-ams-1 CRON[7835]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T08:17:01.772Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:17:01 honeypot-fra-1 CRON[32243]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T08:17:02.353Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:17:02.593Z","@version":"1","message":"Sep 19 08:17:01 honeypot-sgp-1 CRON[858]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:18:48 honeypot-fra-1 sshd[32267]: Received disconnect from 86.107.199.172 port 40900:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:18:48.395Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:09 honeypot-fra-1 sshd[32271]: Received disconnect from 45.61.186.249 port 48180:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:19:09.405Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:28 honeypot-fra-1 sshd[32275]: Received disconnect from 45.61.186.249 port 43208:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:19:28.415Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:46 honeypot-fra-1 sshd[32279]: Received disconnect from 45.61.186.249 port 38250:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:19:47.424Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:19:54 honeypot-fra-1 sshd[32283]: Received disconnect from 45.61.186.249 port 49890:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:19:55.428Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:20:53 honeypot-ams-1 sshd[7841]: Disconnected from authenticating user root 92.255.85.69 port 26136 [preauth]","@timestamp":"2022-09-19T08:20:53.878Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:21:54 honeypot-fra-1 sshd[32287]: Invalid user 165.232.153.38 from 86.107.199.172 port 50814","@timestamp":"2022-09-19T08:21:54.477Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:22:55 honeypot-fra-1 sshd[32290]: Disconnected from invalid user 165.22.124.105 86.107.199.172 port 54122 [preauth]","@timestamp":"2022-09-19T08:22:56.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:23:13.748Z","@version":"1","message":"Sep 19 08:23:13 honeypot-sgp-1 sshd[885]: Received disconnect from 61.177.172.98 port 56643:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T08:24:52.792Z","@version":"1","message":"Sep 19 08:24:52 honeypot-sgp-1 sshd[889]: Disconnected from authenticating user root 77.48.148.79 port 55660 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:24:56 honeypot-fra-1 sshd[32294]: Disconnected from invalid user 165.227.156.182 86.107.199.172 port 60742 [preauth]","@timestamp":"2022-09-19T08:24:56.550Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:25:26.807Z","@version":"1","message":"Sep 19 08:25:25 honeypot-sgp-1 sshd[896]: Received disconnect from 61.177.173.37 port 14268:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:26:59 honeypot-fra-1 sshd[32299]: Received disconnect from 86.107.199.172 port 39126:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:27:00.599Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:28:58 honeypot-ams-1 kernel: [84452717.741410] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=82 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=8184 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:28:59.093Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:29:05 honeypot-fra-1 sshd[32304]: Invalid user 165.227.179.39 from 86.107.199.172 port 45752","@timestamp":"2022-09-19T08:29:05.648Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:30:54 honeypot-fra-1 kernel: [84450658.701322] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=62853 PROTO=TCP SPT=56241 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:30:54.689Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:31:12.953Z","@version":"1","message":"Sep 19 08:31:12 honeypot-sgp-1 sshd[899]: Received disconnect from 61.177.173.53 port 63661:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:32:21 honeypot-fra-1 sshd[32313]: Invalid user 165.227.48.20 from 86.107.199.172 port 55682","@timestamp":"2022-09-19T08:32:21.725Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:32:33 honeypot-fra-1 kernel: [84450757.627741] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.241.208.87 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=36497 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:32:33.731Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:34:33 honeypot-fra-1 sshd[32320]: Received disconnect from 86.107.199.172 port 34078:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:34:33.779Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:35:39 honeypot-fra-1 sshd[32322]: Received disconnect from 86.107.199.172 port 37402:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:35:39.808Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:36:13.080Z","@version":"1","message":"Sep 19 08:36:12 honeypot-sgp-1 kernel: [84452673.872817] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.197.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56859 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:36:32 honeypot-ams-1 sshd[7862]: Received disconnect from 42.119.111.155 port 55478:11: Bye Bye [preauth]","@timestamp":"2022-09-19T08:36:32.294Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:37:48 honeypot-fra-1 sshd[32326]: Received disconnect from 86.107.199.172 port 44014:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:37:48.858Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:38:52 honeypot-fra-1 sshd[32331]: Received disconnect from 86.107.199.172 port 47324:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:38:53.886Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:40:05 honeypot-ams-1 sshd[7869]: Invalid user monitor from 210.245.34.243 port 52093","@timestamp":"2022-09-19T08:40:06.389Z"}
{"@timestamp":"2022-09-19T08:40:43.195Z","@version":"1","message":"Sep 19 08:40:42 honeypot-sgp-1 sshd[907]: Received disconnect from 61.177.173.46 port 30520:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:41:02 honeypot-fra-1 sshd[32335]: Invalid user 165.227.229.97 from 86.107.199.172 port 53942","@timestamp":"2022-09-19T08:41:02.938Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:41:36 honeypot-ams-1 sshd[7871]: Disconnected from authenticating user root 143.110.254.115 port 59034 [preauth]","@timestamp":"2022-09-19T08:41:36.432Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:43:12 honeypot-fra-1 kernel: [84451396.844106] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=209.141.40.123 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=52155 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:43:12.988Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:44:06 honeypot-fra-1 sshd[32343]: Disconnected from 134.122.30.242 port 59456 [preauth]","@timestamp":"2022-09-19T08:44:07.012Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:44:50 honeypot-fra-1 sshd[32347]: Disconnected from authenticating user nobody 92.255.85.69 port 40272 [preauth]","@timestamp":"2022-09-19T08:44:51.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:45:05 honeypot-ams-1 kernel: [84453684.222723] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=119.196.38.153 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=38388 PROTO=TCP SPT=34831 DPT=443 WINDOW=42279 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:45:05.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:46:36 honeypot-fra-1 kernel: [84451600.735752] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=63263 PROTO=TCP SPT=56685 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:46:37.077Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:47:44 honeypot-fra-1 sshd[32353]: Disconnected from invalid user 165.22.197.224 86.107.199.172 port 45560 [preauth]","@timestamp":"2022-09-19T08:47:45.105Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T08:48:42.394Z","@version":"1","message":"Sep 19 08:48:41 honeypot-sgp-1 kernel: [84453423.461159] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=71.6.232.2 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=TCP SPT=41926 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:49:58 honeypot-fra-1 sshd[32361]: Invalid user 165.22.216.117 from 86.107.199.172 port 52206","@timestamp":"2022-09-19T08:49:59.159Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 08:51:55 honeypot-ams-1 sshd[7881]: Invalid user zimbra from 101.231.146.36 port 36862","@timestamp":"2022-09-19T08:51:56.706Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:51:58 honeypot-fra-1 kernel: [84451922.839988] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=213.226.123.38 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=4221 PROTO=TCP SPT=56848 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:51:59.206Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T08:52:51.499Z","@version":"1","message":"Sep 19 08:52:51 honeypot-sgp-1 kernel: [84453672.865481] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=159.89.202.188 LEN=91 TOS=0x00 PREC=0x00 TTL=245 ID=64401 PROTO=TCP SPT=20917 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:53:47 honeypot-fra-1 sshd[32367]: Disconnected from invalid user 165.227.199.196 86.107.199.172 port 33900 [preauth]","@timestamp":"2022-09-19T08:53:48.248Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:56:22 honeypot-fra-1 sshd[32372]: Received disconnect from 86.107.199.172 port 40520:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T08:56:23.309Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 08:57:02 honeypot-ams-1 kernel: [84454401.640307] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.188.210.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=63026 PROTO=TCP SPT=44938 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T08:57:02.843Z"}
{"@timestamp":"2022-09-19T08:59:01.650Z","@version":"1","message":"Sep 19 08:59:01 honeypot-sgp-1 sshd[926]: Disconnected from invalid user admin 179.127.204.48 port 40536 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:09 honeypot-fra-1 sshd[32377]: Invalid user user from 45.61.186.49 port 40402","@timestamp":"2022-09-19T08:59:10.376Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 08:59:17 honeypot-fra-1 sshd[32381]: Invalid user user from 45.61.186.49 port 51836","@timestamp":"2022-09-19T08:59:18.381Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:00:15 honeypot-fra-1 sshd[32386]: Invalid user 165.227.62.90 from 86.107.199.172 port 47140","@timestamp":"2022-09-19T09:00:16.404Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:02:34 honeypot-fra-1 kernel: [84452558.944284] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=4084 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:02:34.457Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:03:37 honeypot-ams-1 sshd[7960]: Received disconnect from 103.174.114.55 port 43382:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:03:38.019Z"}
{"@timestamp":"2022-09-19T09:03:45.770Z","@version":"1","message":"Sep 19 09:03:45 honeypot-sgp-1 sshd[934]: Did not receive identification string from 45.61.187.160 port 48222","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:04:24 honeypot-fra-1 sshd[32392]: Received disconnect from 86.107.199.172 port 53764:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:04:24.503Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:04:24.789Z","@version":"1","message":"Sep 19 09:04:24 honeypot-sgp-1 sshd[938]: Received disconnect from 45.61.187.160 port 57822:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:41.797Z","@version":"1","message":"Sep 19 09:04:41 honeypot-sgp-1 sshd[942]: Received disconnect from 45.61.187.160 port 53060:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:04:59.806Z","@version":"1","message":"Sep 19 09:04:58 honeypot-sgp-1 sshd[946]: Received disconnect from 45.61.187.160 port 48304:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:08:48 honeypot-ams-1 kernel: [84455107.247526] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=125.136.61.137 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=28093 PROTO=TCP SPT=5736 DPT=80 WINDOW=24104 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:08:49.156Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:08:50 honeypot-fra-1 sshd[32397]: Received disconnect from 86.107.199.172 port 60392:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:08:50.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:09:47.926Z","@version":"1","message":"Sep 19 09:09:47 honeypot-sgp-1 kernel: [84454689.466371] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.49.43.217 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=16972 PROTO=TCP SPT=46239 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:10:53 honeypot-fra-1 sshd[32401]: Received disconnect from 86.107.199.172 port 35470:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:10:53.656Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:12:58 honeypot-fra-1 sshd[32406]: Invalid user 165.22.54.7 from 86.107.199.172 port 38784","@timestamp":"2022-09-19T09:12:59.706Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:15:00 honeypot-fra-1 sshd[32408]: Received disconnect from 86.107.199.172 port 42094:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T09:15:00.754Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:15:55.078Z","@version":"1","message":"Sep 19 09:15:54 honeypot-sgp-1 sshd[959]: Disconnected from 61.177.172.108 port 55425 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:16:29.094Z","@version":"1","message":"Sep 19 09:16:28 honeypot-sgp-1 sshd[965]: Connection closed by invalid user pi 46.160.140.238 port 50818 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:17:02 honeypot-fra-1 kernel: [84453427.239500] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=77 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=2004 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:17:02.801Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T09:17:40.127Z","@version":"1","message":"Sep 19 09:17:39 honeypot-sgp-1 sshd[972]: Received disconnect from 168.61.44.109 port 1024:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:18:02.138Z","@version":"1","message":"Sep 19 09:18:01 honeypot-sgp-1 sshd[978]: Disconnected from authenticating user root 136.232.236.6 port 33071 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:18:18 honeypot-ams-1 kernel: [84455677.356314] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=104.236.174.101 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=56 ID=64619 PROTO=TCP SPT=49444 DPT=80 WINDOW=43690 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:18:18.400Z"}
{"@timestamp":"2022-09-19T09:20:09.190Z","@version":"1","message":"Sep 19 09:20:08 honeypot-sgp-1 sshd[982]: Received disconnect from 182.253.117.100 port 48760:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:21:25.223Z","@version":"1","message":"Sep 19 09:21:24 honeypot-sgp-1 sshd[987]: Disconnected from authenticating user root 140.86.12.31 port 53319 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:21:43 honeypot-ams-1 sshd[7972]: Received disconnect from 92.255.85.70 port 61034:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:21:43.494Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:22:59 honeypot-fra-1 kernel: [84453783.873490] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=77 TOS=0x00 PREC=0x00 TTL=238 ID=22780 DF PROTO=TCP SPT=6102 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:22:59.935Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:24:12 honeypot-ams-1 kernel: [84456031.371535] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=77 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=2040 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:24:12.563Z"}
{"@timestamp":"2022-09-19T09:24:13.293Z","@version":"1","message":"Sep 19 09:24:12 honeypot-sgp-1 kernel: [84455554.318323] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=77 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=24566 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:28:20 honeypot-fra-1 kernel: [84454104.561293] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=20.204.64.44 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=111 ID=59725 DF PROTO=TCP SPT=63175 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:28:21.057Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:33:02 honeypot-fra-1 sshd[32424]: Disconnected from invalid user pj 35.219.62.194 port 54394 [preauth]","@timestamp":"2022-09-19T09:33:03.164Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:33:07 honeypot-ams-1 sshd[7980]: Received disconnect from 207.154.220.75 port 60448:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:33:07.796Z"}
{"@timestamp":"2022-09-19T09:33:56.529Z","@version":"1","message":"Sep 19 09:33:55 honeypot-sgp-1 kernel: [84456137.619994] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=79 TOS=0x00 PREC=0x00 TTL=237 ID=22780 DF PROTO=TCP SPT=4090 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T09:35:27.570Z","@version":"1","message":"Sep 19 09:35:26 honeypot-sgp-1 sshd[1006]: Received disconnect from 201.47.5.123 port 44988:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:37:02 honeypot-ams-1 kernel: [84456801.944664] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=200.17.120.61 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=46 ID=6595 PROTO=TCP SPT=45832 DPT=80 WINDOW=59736 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:37:02.904Z"}
{"@timestamp":"2022-09-19T09:39:37.672Z","@version":"1","message":"Sep 19 09:39:37 honeypot-sgp-1 kernel: [84456478.760513] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=77 TOS=0x00 PREC=0x00 TTL=240 ID=22780 DF PROTO=TCP SPT=18386 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:39:46 honeypot-fra-1 kernel: [84454790.741096] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=165.232.152.144 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=40936 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:39:47.312Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:42:08 honeypot-ams-1 kernel: [84457107.339629] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.9.18 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=45506 PROTO=TCP SPT=30188 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:42:09.040Z"}
{"@timestamp":"2022-09-19T09:45:23.813Z","@version":"1","message":"Sep 19 09:45:23 honeypot-sgp-1 sshd[1023]: Did not receive identification string from 201.219.232.9 port 49974","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:45:49 honeypot-fra-1 sshd[32432]: Received disconnect from 159.223.134.241 port 41822:11: Bye Bye [preauth]","@timestamp":"2022-09-19T09:45:49.463Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:47:19.864Z","@version":"1","message":"Sep 19 09:47:19 honeypot-sgp-1 kernel: [84456941.173785] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=167.172.184.157 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=2949 PROTO=TCP SPT=40491 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:00 honeypot-ams-1 sshd[7991]: Disconnected from authenticating user root 183.82.5.29 port 49708 [preauth]","@timestamp":"2022-09-19T09:50:01.243Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:50:08 honeypot-fra-1 sshd[32437]: Connection closed by invalid user oot 103.188.176.251 port 35972 [preauth]","@timestamp":"2022-09-19T09:50:08.562Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:35 honeypot-ams-1 sshd[7995]: Disconnected from invalid user user 45.61.186.249 port 54272 [preauth]","@timestamp":"2022-09-19T09:50:36.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:50:55 honeypot-ams-1 sshd[7999]: Disconnected from invalid user user 45.61.186.249 port 48900 [preauth]","@timestamp":"2022-09-19T09:50:56.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:12 honeypot-ams-1 sshd[8004]: Disconnected from invalid user user 45.61.186.249 port 43522 [preauth]","@timestamp":"2022-09-19T09:51:13.282Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 09:51:44 honeypot-ams-1 sshd[8008]: Disconnected from invalid user ftp 92.255.85.70 port 26956 [preauth]","@timestamp":"2022-09-19T09:51:45.297Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 09:52:00 honeypot-fra-1 sshd[32443]: Disconnected from invalid user postgres 103.147.3.81 port 51242 [preauth]","@timestamp":"2022-09-19T09:52:00.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T09:52:24.994Z","@version":"1","message":"Sep 19 09:52:24 honeypot-sgp-1 sshd[1033]: Connection closed by 201.219.232.9 port 52704 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 09:55:02 honeypot-ams-1 kernel: [84457881.520869] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=75 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=4054 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T09:55:03.387Z"}
{"@timestamp":"2022-09-19T09:58:53.152Z","@version":"1","message":"Sep 19 09:58:52 honeypot-sgp-1 sshd[1045]: Connection closed by 201.219.232.9 port 53618 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:03 honeypot-ams-1 sshd[8020]: Invalid user ubnt from 175.29.122.43 port 34006","@timestamp":"2022-09-19T10:02:03.568Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:06 honeypot-ams-1 sshd[8024]: Disconnected from authenticating user root 175.29.122.43 port 34430 [preauth]","@timestamp":"2022-09-19T10:02:07.570Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:11 honeypot-ams-1 sshd[8031]: Disconnected from authenticating user root 175.29.122.43 port 34486 [preauth]","@timestamp":"2022-09-19T10:02:11.573Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:16 honeypot-ams-1 sshd[8037]: Disconnected from authenticating user root 175.29.122.43 port 34924 [preauth]","@timestamp":"2022-09-19T10:02:17.578Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:21 honeypot-ams-1 sshd[8043]: Disconnected from authenticating user root 175.29.122.43 port 34980 [preauth]","@timestamp":"2022-09-19T10:02:22.580Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:26 honeypot-ams-1 sshd[8049]: Disconnected from authenticating user root 175.29.122.43 port 35402 [preauth]","@timestamp":"2022-09-19T10:02:26.583Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:31 honeypot-ams-1 sshd[8055]: Disconnected from authenticating user root 175.29.122.43 port 35462 [preauth]","@timestamp":"2022-09-19T10:02:31.587Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:36 honeypot-ams-1 sshd[8061]: Disconnected from authenticating user root 175.29.122.43 port 35878 [preauth]","@timestamp":"2022-09-19T10:02:37.590Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:41 honeypot-ams-1 sshd[8067]: Disconnected from authenticating user root 175.29.122.43 port 35938 [preauth]","@timestamp":"2022-09-19T10:02:41.592Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:46 honeypot-ams-1 sshd[8073]: Disconnected from authenticating user root 175.29.122.43 port 36364 [preauth]","@timestamp":"2022-09-19T10:02:46.596Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:51 honeypot-ams-1 sshd[8079]: Disconnected from authenticating user root 175.29.122.43 port 36434 [preauth]","@timestamp":"2022-09-19T10:02:51.599Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:55 honeypot-ams-1 sshd[8086]: Disconnected from authenticating user root 175.29.122.43 port 36842 [preauth]","@timestamp":"2022-09-19T10:02:56.602Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:02:58 honeypot-ams-1 sshd[8091]: Received disconnect from 175.29.122.43 port 36894:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:02:59.605Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:01 honeypot-ams-1 sshd[8095]: Received disconnect from 175.29.122.43 port 36948:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:02.607Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:04 honeypot-ams-1 sshd[8100]: Received disconnect from 175.29.122.43 port 37336:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:05.609Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:07 honeypot-ams-1 sshd[8104]: Invalid user admin from 175.29.122.43 port 37448","@timestamp":"2022-09-19T10:03:08.611Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:11 honeypot-ams-1 sshd[8108]: Invalid user admin from 175.29.122.43 port 37510","@timestamp":"2022-09-19T10:03:11.613Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:14 honeypot-ams-1 sshd[8112]: Invalid user user from 175.29.122.43 port 37884","@timestamp":"2022-09-19T10:03:14.616Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:18 honeypot-ams-1 sshd[8116]: Disconnected from authenticating user root 175.29.122.43 port 38024 [preauth]","@timestamp":"2022-09-19T10:03:18.618Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:22 honeypot-ams-1 sshd[8120]: Disconnected from invalid user pi 175.29.122.43 port 38092 [preauth]","@timestamp":"2022-09-19T10:03:23.622Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:03:23 honeypot-fra-1 sshd[32450]: Connection closed by 71.6.135.131 port 48626 [preauth]","@timestamp":"2022-09-19T10:03:23.863Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:25 honeypot-ams-1 sshd[8124]: Disconnected from invalid user ethos 175.29.122.43 port 38504 [preauth]","@timestamp":"2022-09-19T10:03:26.624Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:28 honeypot-ams-1 sshd[8128]: Disconnected from invalid user miner 175.29.122.43 port 38584 [preauth]","@timestamp":"2022-09-19T10:03:29.627Z"}
{"@timestamp":"2022-09-19T10:03:30.268Z","@version":"1","message":"Sep 19 10:03:29 honeypot-sgp-1 kernel: [84457911.685997] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=95.217.181.127 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=56163 PROTO=TCP SPT=58931 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:32 honeypot-ams-1 sshd[8132]: Disconnected from invalid user volumio 175.29.122.43 port 38664 [preauth]","@timestamp":"2022-09-19T10:03:32.629Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:35 honeypot-ams-1 sshd[8136]: Disconnected from invalid user nagios 175.29.122.43 port 39068 [preauth]","@timestamp":"2022-09-19T10:03:35.631Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:39 honeypot-ams-1 sshd[8140]: Disconnected from invalid user vagrant 175.29.122.43 port 39164 [preauth]","@timestamp":"2022-09-19T10:03:39.633Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:42 honeypot-ams-1 sshd[8144]: Disconnected from invalid user debian 175.29.122.43 port 39266 [preauth]","@timestamp":"2022-09-19T10:03:43.636Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:46 honeypot-ams-1 sshd[8148]: Disconnected from invalid user debian 175.29.122.43 port 39682 [preauth]","@timestamp":"2022-09-19T10:03:46.638Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:49 honeypot-ams-1 sshd[8152]: Disconnected from invalid user alarm 175.29.122.43 port 39758 [preauth]","@timestamp":"2022-09-19T10:03:49.640Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:52 honeypot-ams-1 sshd[8156]: Received disconnect from 175.29.122.43 port 39816:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:52.642Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:03:55 honeypot-ams-1 sshd[8160]: Received disconnect from 175.29.122.43 port 40190:11: Bye Bye [preauth]","@timestamp":"2022-09-19T10:03:55.644Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:09:31 honeypot-fra-1 kernel: [84456575.440681] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=91 TOS=0x00 PREC=0x00 TTL=250 ID=6056 PROTO=TCP SPT=26933 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:09:32.004Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:11:44.474Z","@version":"1","message":"Sep 19 10:11:44 honeypot-sgp-1 kernel: [84458405.973176] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=84 TOS=0x00 PREC=0x00 TTL=239 ID=22780 DF PROTO=TCP SPT=2046 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:14:29 honeypot-fra-1 sshd[32462]: Invalid user qye from 143.110.179.172 port 42498","@timestamp":"2022-09-19T10:14:30.118Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:15:16.562Z","@version":"1","message":"Sep 19 10:15:15 honeypot-sgp-1 kernel: [84458617.513620] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.201.85 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40960 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:18:10 honeypot-ams-1 sshd[8167]: Invalid user ubuntu from 92.255.85.70 port 15738","@timestamp":"2022-09-19T10:18:11.013Z"}
{"@timestamp":"2022-09-19T10:19:02.654Z","@version":"1","message":"Sep 19 10:19:01 honeypot-sgp-1 sshd[1069]: Disconnected from authenticating user root 143.244.158.100 port 45508 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:20:44.699Z","@version":"1","message":"Sep 19 10:20:44 honeypot-sgp-1 sshd[1075]: Received disconnect from 143.244.158.100 port 34352:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:21:34.722Z","@version":"1","message":"Sep 19 10:21:34 honeypot-sgp-1 sshd[1077]: Disconnected from authenticating user root 61.177.173.50 port 52678 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:22:12 honeypot-fra-1 kernel: [84457336.792933] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.72 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=61357 PROTO=TCP SPT=16632 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:22:13.292Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T10:23:14.765Z","@version":"1","message":"Sep 19 10:23:14 honeypot-sgp-1 sshd[1084]: Disconnected from 61.177.172.19 port 49936 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:23:59.787Z","@version":"1","message":"Sep 19 10:23:59 honeypot-sgp-1 sshd[1091]: Disconnected from authenticating user root 143.244.158.100 port 37226 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:12.793Z","@version":"1","message":"Sep 19 10:24:12 honeypot-sgp-1 sshd[1095]: Disconnected from invalid user user 45.61.187.160 port 45734 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:29.802Z","@version":"1","message":"Sep 19 10:24:29 honeypot-sgp-1 sshd[1099]: Disconnected from invalid user user 45.61.187.160 port 40484 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:24:45.810Z","@version":"1","message":"Sep 19 10:24:45 honeypot-sgp-1 sshd[1103]: Disconnected from invalid user user 45.61.187.160 port 35264 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:25:36.832Z","@version":"1","message":"Sep 19 10:25:36 honeypot-sgp-1 sshd[1109]: Received disconnect from 143.244.158.100 port 49016:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:27:12.873Z","@version":"1","message":"Sep 19 10:27:12 honeypot-sgp-1 sshd[1115]: Received disconnect from 143.244.158.100 port 39742:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:28:51.915Z","@version":"1","message":"Sep 19 10:28:50 honeypot-sgp-1 sshd[1124]: Received disconnect from 143.244.158.100 port 44894:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:30:29.960Z","@version":"1","message":"Sep 19 10:30:29 honeypot-sgp-1 sshd[1129]: Received disconnect from 143.244.158.100 port 34622:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:33:01.045Z","@version":"1","message":"Sep 19 10:33:00 honeypot-sgp-1 sshd[1135]: Received disconnect from 143.244.158.100 port 33374:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:34:40.087Z","@version":"1","message":"Sep 19 10:34:39 honeypot-sgp-1 sshd[1140]: Disconnected from authenticating user root 143.244.158.100 port 56384 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:36:01 honeypot-fra-1 kernel: [84458165.347027] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=47683 PROTO=TCP SPT=56430 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:36:01.613Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:36:07 honeypot-ams-1 kernel: [84460346.698053] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=178.62.254.91 LEN=91 TOS=0x00 PREC=0x00 TTL=252 ID=35124 PROTO=TCP SPT=21437 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:36:08.476Z"}
{"@timestamp":"2022-09-19T10:37:08.151Z","@version":"1","message":"Sep 19 10:37:07 honeypot-sgp-1 sshd[1149]: Received disconnect from 143.244.158.100 port 60538:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:38:45.193Z","@version":"1","message":"Sep 19 10:38:44 honeypot-sgp-1 sshd[1156]: Received disconnect from 143.244.158.100 port 38912:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:39:35.217Z","@version":"1","message":"Sep 19 10:39:34 honeypot-sgp-1 sshd[1160]: Disconnected from authenticating user root 143.244.158.100 port 45006 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:39:53 honeypot-fra-1 sshd[32474]: Invalid user enisa from 179.60.147.69 port 39858","@timestamp":"2022-09-19T10:39:53.703Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:42:08.282Z","@version":"1","message":"Sep 19 10:42:07 honeypot-sgp-1 sshd[1167]: Received disconnect from 143.244.158.100 port 45650:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:42:18 honeypot-ams-1 sshd[8175]: Invalid user enisa from 179.60.147.69 port 45112","@timestamp":"2022-09-19T10:42:18.637Z"}
{"@timestamp":"2022-09-19T10:42:46.299Z","@version":"1","message":"Sep 19 10:42:45 honeypot-sgp-1 sshd[1171]: Disconnected from authenticating user root 61.177.173.51 port 38352 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:43:47.326Z","@version":"1","message":"Sep 19 10:43:46 honeypot-sgp-1 sshd[1176]: Received disconnect from 143.244.158.100 port 52882:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:45:42.375Z","@version":"1","message":"Sep 19 10:45:42 honeypot-sgp-1 kernel: [84460443.819776] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=221.178.192.198 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=9496 DF PROTO=TCP SPT=51824 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32498]: Invalid user ubuntu from 20.16.187.32 port 35870","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:02 honeypot-fra-1 sshd[32501]: Invalid user mcserv from 20.16.187.32 port 35886","@timestamp":"2022-09-19T10:46:02.854Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32509]: Connection closed by invalid user postgres 20.16.187.32 port 35836 [preauth]","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32511]: Connection closed by invalid user ts3srv 20.16.187.32 port 35890 [preauth]","@timestamp":"2022-09-19T10:46:05.856Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32518]: Invalid user ec2 from 20.16.187.32 port 35852","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:46:05 honeypot-fra-1 sshd[32519]: Connection closed by invalid user oracle 20.16.187.32 port 35872 [preauth]","@timestamp":"2022-09-19T10:46:06.857Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 10:47:04 honeypot-ams-1 sshd[8181]: Disconnected from authenticating user root 129.213.100.212 port 45032 [preauth]","@timestamp":"2022-09-19T10:47:04.759Z"}
{"@timestamp":"2022-09-19T10:47:58.432Z","@version":"1","message":"Sep 19 10:47:58 honeypot-sgp-1 sshd[1187]: Disconnected from authenticating user root 143.244.158.100 port 38884 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:49:37.474Z","@version":"1","message":"Sep 19 10:49:36 honeypot-sgp-1 sshd[1207]: Received disconnect from 143.244.158.100 port 41772:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:51:10 honeypot-fra-1 sshd[32534]: Disconnected from invalid user user 178.128.35.197 port 33156 [preauth]","@timestamp":"2022-09-19T10:51:10.969Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:51:15.515Z","@version":"1","message":"Sep 19 10:51:14 honeypot-sgp-1 sshd[1216]: Received disconnect from 143.244.158.100 port 46808:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:52:53.557Z","@version":"1","message":"Sep 19 10:52:53 honeypot-sgp-1 sshd[1221]: Disconnected from authenticating user root 143.244.158.100 port 39524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:55:26.621Z","@version":"1","message":"Sep 19 10:55:25 honeypot-sgp-1 sshd[1229]: Received disconnect from 143.244.158.100 port 50896:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T10:57:08.720Z","@version":"1","message":"Sep 19 10:57:07 honeypot-sgp-1 sshd[1233]: Received disconnect from 143.244.158.100 port 54762:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 10:58:45 honeypot-ams-1 kernel: [84461704.805443] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.98 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=38348 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T10:58:46.077Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:35 honeypot-fra-1 sshd[32545]: Invalid user grid from 121.4.171.124 port 54080","@timestamp":"2022-09-19T10:59:36.157Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:36 honeypot-fra-1 sshd[32554]: Connection closed by authenticating user root 121.4.171.124 port 54118 [preauth]","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 10:59:37 honeypot-fra-1 sshd[32561]: Connection closed by invalid user admin 121.4.171.124 port 54116 [preauth]","@timestamp":"2022-09-19T10:59:37.158Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T10:59:39.787Z","@version":"1","message":"Sep 19 10:59:38 honeypot-sgp-1 sshd[1241]: Received disconnect from 143.244.158.100 port 50238:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:00:30 honeypot-fra-1 kernel: [84459634.320163] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=172.104.64.89 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=115 ID=20622 DF PROTO=TCP SPT=60403 DPT=3389 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T11:00:30.179Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:01:19.831Z","@version":"1","message":"Sep 19 11:01:19 honeypot-sgp-1 sshd[1246]: Disconnected from authenticating user root 143.244.158.100 port 36254 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:03:50.893Z","@version":"1","message":"Sep 19 11:03:50 honeypot-sgp-1 sshd[1252]: Disconnected from authenticating user root 143.244.158.100 port 60554 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:04:26 honeypot-ams-1 kernel: [84462045.556644] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=210.245.120.108 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=55760 PROTO=TCP SPT=43220 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:04:27.231Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:08:07 honeypot-fra-1 sshd[32573]: Invalid user ubnt from 92.255.85.70 port 58102","@timestamp":"2022-09-19T11:08:07.350Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T11:08:39.010Z","@version":"1","message":"Sep 19 11:08:38 honeypot-sgp-1 kernel: [84461819.711947] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=59.16.243.218 DST=159.89.202.188 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=31501 DF PROTO=TCP SPT=7031 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:09:38 honeypot-fra-1 kernel: [84460182.406771] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=64.62.197.228 DST=165.22.82.222 LEN=131 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=44526 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:09:38.384Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:11:59.094Z","@version":"1","message":"Sep 19 11:11:58 honeypot-sgp-1 sshd[1260]: Received disconnect from 61.177.173.50 port 30279:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:13:11 honeypot-ams-1 kernel: [84462570.352920] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.62.197.12 DST=178.62.254.91 LEN=131 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=40546 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:13:11.461Z"}
{"@timestamp":"2022-09-19T11:14:40.163Z","@version":"1","message":"Sep 19 11:14:39 honeypot-sgp-1 sshd[1262]: Received disconnect from 92.255.85.69 port 21122:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:15:21 honeypot-ams-1 sshd[8190]: Received disconnect from 92.255.85.70 port 31694:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:15:21.522Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:17:22 honeypot-fra-1 kernel: [84460646.898302] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.110.62.205 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=45157 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:17:23.560Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T11:18:44.262Z","@version":"1","message":"Sep 19 11:18:44 honeypot-sgp-1 kernel: [84462425.723081] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.216.71.123 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=17247 PROTO=TCP SPT=11010 DPT=80 WINDOW=12295 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:19:18 honeypot-fra-1 sshd[32586]: Invalid user eurek from 179.60.147.69 port 25470","@timestamp":"2022-09-19T11:19:19.605Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:20:02 honeypot-ams-1 kernel: [84462981.532497] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.79.133.117 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=63566 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:20:02.647Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:24:58 honeypot-ams-1 sshd[8198]: Received disconnect from 179.86.56.96 port 48080:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:24:58.780Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:01 honeypot-ams-1 sshd[8202]: Disconnected from invalid user ubnt 179.86.56.96 port 48174 [preauth]","@timestamp":"2022-09-19T11:25:02.784Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:07 honeypot-ams-1 sshd[8209]: Disconnected from authenticating user root 179.86.56.96 port 48336 [preauth]","@timestamp":"2022-09-19T11:25:07.787Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:12 honeypot-ams-1 sshd[8215]: Disconnected from authenticating user root 179.86.56.96 port 48475 [preauth]","@timestamp":"2022-09-19T11:25:12.789Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:18 honeypot-ams-1 sshd[8223]: Received disconnect from 179.86.56.96 port 48635:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:18.794Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:23 honeypot-ams-1 sshd[8229]: Received disconnect from 179.86.56.96 port 48765:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:23.797Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:28 honeypot-ams-1 sshd[8235]: Received disconnect from 179.86.56.96 port 48915:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:25:28.800Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:32 honeypot-ams-1 sshd[8239]: Disconnected from authenticating user root 179.86.56.96 port 49003 [preauth]","@timestamp":"2022-09-19T11:25:32.804Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:37 honeypot-ams-1 sshd[8245]: Disconnected from authenticating user root 179.86.56.96 port 49167 [preauth]","@timestamp":"2022-09-19T11:25:37.807Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:42 honeypot-ams-1 sshd[8251]: Disconnected from authenticating user root 179.86.56.96 port 49294 [preauth]","@timestamp":"2022-09-19T11:25:43.811Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:48 honeypot-ams-1 sshd[8257]: Disconnected from authenticating user root 179.86.56.96 port 49468 [preauth]","@timestamp":"2022-09-19T11:25:48.815Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:53 honeypot-ams-1 sshd[8263]: Disconnected from authenticating user root 179.86.56.96 port 49595 [preauth]","@timestamp":"2022-09-19T11:25:53.818Z"}
{"@timestamp":"2022-09-19T11:25:59.435Z","@version":"1","message":"Sep 19 11:25:59 honeypot-sgp-1 sshd[1280]: Received disconnect from 61.177.173.51 port 57853:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:25:58 honeypot-ams-1 sshd[8269]: Disconnected from authenticating user root 179.86.56.96 port 49762 [preauth]","@timestamp":"2022-09-19T11:25:59.823Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:04 honeypot-ams-1 sshd[8275]: Invalid user admin from 179.86.56.96 port 49912","@timestamp":"2022-09-19T11:26:04.826Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:07 honeypot-ams-1 sshd[8279]: Invalid user admin from 179.86.56.96 port 50024","@timestamp":"2022-09-19T11:26:07.829Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:11 honeypot-ams-1 sshd[8283]: Invalid user admin from 179.86.56.96 port 50116","@timestamp":"2022-09-19T11:26:11.831Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:14 honeypot-ams-1 sshd[8287]: Invalid user admin from 179.86.56.96 port 50228","@timestamp":"2022-09-19T11:26:14.834Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:18 honeypot-ams-1 sshd[8291]: Invalid user admin from 179.86.56.96 port 50326","@timestamp":"2022-09-19T11:26:18.836Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:22 honeypot-ams-1 sshd[8295]: Received disconnect from 179.86.56.96 port 50428:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:22.839Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:25 honeypot-ams-1 sshd[8299]: Disconnected from invalid user pi 179.86.56.96 port 50536 [preauth]","@timestamp":"2022-09-19T11:26:25.840Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:29 honeypot-ams-1 sshd[8303]: Disconnected from invalid user user 179.86.56.96 port 50648 [preauth]","@timestamp":"2022-09-19T11:26:29.844Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:32 honeypot-ams-1 sshd[8307]: Disconnected from invalid user mine 179.86.56.96 port 50742 [preauth]","@timestamp":"2022-09-19T11:26:32.846Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:36 honeypot-ams-1 sshd[8311]: Disconnected from invalid user xbmc 179.86.56.96 port 50853 [preauth]","@timestamp":"2022-09-19T11:26:36.848Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:40 honeypot-ams-1 sshd[8315]: Disconnected from invalid user oracle 179.86.56.96 port 50954 [preauth]","@timestamp":"2022-09-19T11:26:40.850Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:43 honeypot-ams-1 sshd[8319]: Disconnected from invalid user postgres 179.86.56.96 port 51057 [preauth]","@timestamp":"2022-09-19T11:26:43.852Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:47 honeypot-ams-1 sshd[8323]: Disconnected from invalid user support 179.86.56.96 port 51167 [preauth]","@timestamp":"2022-09-19T11:26:47.856Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:50 honeypot-ams-1 sshd[8327]: Disconnected from invalid user ubuntu 179.86.56.96 port 51272 [preauth]","@timestamp":"2022-09-19T11:26:51.858Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:54 honeypot-ams-1 sshd[8331]: Disconnected from invalid user ubuntu 179.86.56.96 port 51376 [preauth]","@timestamp":"2022-09-19T11:26:54.860Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:26:57 honeypot-ams-1 sshd[8335]: Received disconnect from 179.86.56.96 port 51482:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:26:58.863Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:27:01 honeypot-ams-1 sshd[8339]: Received disconnect from 179.86.56.96 port 51575:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:27:01.865Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:30:47 honeypot-ams-1 kernel: [84463626.086932] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=23631 PROTO=TCP SPT=47003 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:30:47.979Z"}
{"@timestamp":"2022-09-19T11:36:00.675Z","@version":"1","message":"Sep 19 11:36:00 honeypot-sgp-1 sshd[1292]: Received disconnect from 45.64.134.14 port 16747:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:36:02 honeypot-fra-1 sshd[32590]: Received disconnect from 188.166.231.119 port 58889:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:36:02.967Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:38:52 honeypot-fra-1 sshd[32595]: Received disconnect from 92.255.85.69 port 49944:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:38:53.033Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:40:04 honeypot-ams-1 sshd[8350]: Received disconnect from 35.247.184.181 port 40858:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:40:05.220Z"}
{"@timestamp":"2022-09-19T11:40:10.776Z","@version":"1","message":"Sep 19 11:40:09 honeypot-sgp-1 sshd[1296]: Received disconnect from 61.177.173.49 port 40363:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:42:18 honeypot-ams-1 sshd[8355]: Disconnected from authenticating user root 167.172.50.255 port 54014 [preauth]","@timestamp":"2022-09-19T11:42:18.290Z"}
{"@timestamp":"2022-09-19T11:43:43.863Z","@version":"1","message":"Sep 19 11:43:43 honeypot-sgp-1 kernel: [84463924.654754] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=206.189.6.148 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=37355 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:44:26 honeypot-ams-1 kernel: [84464445.610070] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.71.92.243 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=54321 PROTO=TCP SPT=56331 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:44:27.350Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:45:49 honeypot-fra-1 sshd[32600]: Received disconnect from 51.250.12.51 port 59954:11: Bye Bye [preauth]","@timestamp":"2022-09-19T11:45:50.188Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 11:49:03 honeypot-fra-1 sshd[32605]: Invalid user tuxedo from 193.106.191.157 port 50056","@timestamp":"2022-09-19T11:49:04.262Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 11:49:38 honeypot-ams-1 kernel: [84464757.533151] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=201.191.2.198 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=23640 PROTO=TCP SPT=2743 DPT=80 WINDOW=20711 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T11:49:39.490Z"}
{"@timestamp":"2022-09-19T11:53:08.087Z","@version":"1","message":"Sep 19 11:53:07 honeypot-sgp-1 sshd[1312]: Disconnected from invalid user esadmin 37.139.1.197 port 43329 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:53:17 honeypot-ams-1 sshd[8366]: Disconnected from invalid user admin 2.36.249.18 port 49872 [preauth]","@timestamp":"2022-09-19T11:53:18.586Z"}
{"@timestamp":"2022-09-19T11:56:04.162Z","@version":"1","message":"Sep 19 11:56:03 honeypot-sgp-1 sshd[1321]: Invalid user pi from 88.162.54.93 port 2384","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T11:57:28.198Z","@version":"1","message":"Sep 19 11:57:27 honeypot-sgp-1 kernel: [84464749.516395] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.180.143.7 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=58098 PROTO=TCP SPT=41215 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 11:59:46 honeypot-ams-1 sshd[8371]: Disconnected from 157.245.9.6 port 44076 [preauth]","@timestamp":"2022-09-19T11:59:46.757Z"}
{"@timestamp":"2022-09-19T12:01:22.294Z","@version":"1","message":"Sep 19 12:01:21 honeypot-sgp-1 kernel: [84464983.035922] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=159.89.202.188 LEN=40 TOS=0x08 PREC=0x00 TTL=229 ID=53628 PROTO=TCP SPT=48804 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:03:34 honeypot-fra-1 kernel: [84463418.164584] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=6752 PROTO=TCP SPT=47829 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:03:34.592Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:07:43 honeypot-fra-1 kernel: [84463667.178026] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=120.48.123.170 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=28516 PROTO=TCP SPT=59343 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:07:43.688Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T12:08:32.468Z","@version":"1","message":"Sep 19 12:08:32 honeypot-sgp-1 sshd[1334]: Received disconnect from 61.177.173.50 port 35052:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:09:27 honeypot-ams-1 kernel: [84465946.949370] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.47.229.134 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=62834 PROTO=TCP SPT=48702 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:09:28.015Z"}
{"@timestamp":"2022-09-19T12:10:17.513Z","@version":"1","message":"Sep 19 12:10:17 honeypot-sgp-1 sshd[1339]: Invalid user cn from 165.227.101.226 port 51002","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:11:08.538Z","@version":"1","message":"Sep 19 12:11:08 honeypot-sgp-1 kernel: [84465569.768826] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54321 PROTO=TCP SPT=37456 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:16:24 honeypot-ams-1 sshd[8382]: Received disconnect from 192.241.157.126 port 36060:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:16:24.199Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:17:01 honeypot-fra-1 CRON[32622]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T12:17:01.897Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:17:02.682Z","@version":"1","message":"Sep 19 12:17:01 honeypot-sgp-1 CRON[1351]: pam_unix(cron:session): session opened for user root by (uid=0)","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T12:18:42.725Z","@version":"1","message":"Sep 19 12:18:42 honeypot-sgp-1 sshd[1358]: Invalid user vm from 161.82.233.179 port 52170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:21:10 honeypot-ams-1 sshd[8388]: Received disconnect from 92.255.85.70 port 29134:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:21:11.348Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:23:39 honeypot-fra-1 sshd[32626]: Connection closed by invalid user admin 141.98.10.158 port 48036 [preauth]","@timestamp":"2022-09-19T12:23:40.048Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:25:53.897Z","@version":"1","message":"Sep 19 12:25:53 honeypot-sgp-1 sshd[1363]: Disconnected from authenticating user root 61.177.173.36 port 20410 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:26:55 honeypot-ams-1 kernel: [84466994.207320] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=212.41.8.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=62506 PROTO=TCP SPT=47829 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:26:55.497Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:31:35 honeypot-fra-1 sshd[32633]: Connection closed by authenticating user root 179.60.147.69 port 59770 [preauth]","@timestamp":"2022-09-19T12:31:36.226Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:32:23 honeypot-ams-1 sshd[8398]: Received disconnect from 159.89.8.45 port 51962:11: Bye Bye [preauth]","@timestamp":"2022-09-19T12:32:23.640Z"}
{"@timestamp":"2022-09-19T12:38:00.190Z","@version":"1","message":"Sep 19 12:37:59 honeypot-sgp-1 sshd[1376]: Did not receive identification string from 202.143.111.26 port 60382","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:40:53 honeypot-fra-1 sshd[32638]: Connection closed by invalid user newftpuser 137.116.144.39 port 36346 [preauth]","@timestamp":"2022-09-19T12:40:53.452Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:46:47 honeypot-fra-1 sshd[32644]: Invalid user user from 45.61.184.204 port 58670","@timestamp":"2022-09-19T12:46:48.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:07 honeypot-fra-1 sshd[32648]: Invalid user user from 45.61.184.204 port 53772","@timestamp":"2022-09-19T12:47:07.596Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:47:25 honeypot-fra-1 sshd[32652]: Invalid user user from 45.61.184.204 port 48918","@timestamp":"2022-09-19T12:47:26.605Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T12:47:49.431Z","@version":"1","message":"Sep 19 12:47:48 honeypot-sgp-1 sshd[1389]: Invalid user ubnt from 92.255.85.70 port 60062","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 12:48:42 honeypot-ams-1 sshd[8415]: Disconnected from invalid user ubnt 92.255.85.69 port 19650 [preauth]","@timestamp":"2022-09-19T12:48:43.066Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 12:53:11 honeypot-fra-1 kernel: [84466395.410468] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.174.127.95 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=55711 DF PROTO=TCP SPT=44060 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:53:11.733Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T12:56:41.645Z","@version":"1","message":"Sep 19 12:56:40 honeypot-sgp-1 kernel: [84468302.167652] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=179.43.155.171 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=49039 PROTO=TCP SPT=56430 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 12:56:42 honeypot-ams-1 kernel: [84468781.908592] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.105.129.94 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=52861 PROTO=TCP SPT=61000 DPT=636 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T12:56:43.275Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:01:46 honeypot-ams-1 sshd[8422]: Invalid user admin from 221.161.74.247 port 55160","@timestamp":"2022-09-19T13:01:46.413Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:01:53 honeypot-fra-1 sshd[32658]: Disconnected from invalid user webalizer 194.163.158.45 port 47586 [preauth]","@timestamp":"2022-09-19T13:01:53.941Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:04:00.824Z","@version":"1","message":"Sep 19 13:04:00 honeypot-sgp-1 sshd[1401]: Received disconnect from 61.177.172.19 port 31176:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:05:17 honeypot-fra-1 sshd[32663]: Received disconnect from 118.27.26.17 port 58702:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:05:18.019Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:10:05 honeypot-ams-1 sshd[8427]: Received disconnect from 187.190.252.164 port 54616:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:10:06.637Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:11:26 honeypot-fra-1 sshd[32668]: Disconnected from authenticating user root 181.209.159.166 port 38212 [preauth]","@timestamp":"2022-09-19T13:11:27.151Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:14:36.075Z","@version":"1","message":"Sep 19 13:14:35 honeypot-sgp-1 sshd[1407]: Received disconnect from 92.255.85.69 port 32252:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 13:14:36 honeypot-ams-1 kernel: [84469855.048187] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.163.104.128 DST=178.62.254.91 LEN=52 TOS=0x02 PREC=0x00 TTL=110 ID=36734 DF PROTO=TCP SPT=57353 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T13:14:36.758Z"}
{"@timestamp":"2022-09-19T13:17:28.168Z","@version":"1","message":"Sep 19 13:17:27 honeypot-sgp-1 sshd[1415]: Disconnected from authenticating user root 189.56.100.42 port 59225 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:18:15 honeypot-fra-1 kernel: [84467899.880363] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.130 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=37080 PROTO=TCP SPT=51980 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:18:16.306Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:18:29 honeypot-ams-1 sshd[8439]: Invalid user oracle from 137.184.113.110 port 60088","@timestamp":"2022-09-19T13:18:30.887Z"}
{"@timestamp":"2022-09-19T13:21:54.277Z","@version":"1","message":"Sep 19 13:21:53 honeypot-sgp-1 sshd[1425]: Received disconnect from 66.29.130.103 port 59674:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:26:44 honeypot-fra-1 sshd[32681]: Invalid user admin from 128.199.160.207 port 54696","@timestamp":"2022-09-19T13:26:44.498Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:27:46 honeypot-fra-1 sshd[32685]: Disconnected from authenticating user root 209.141.34.233 port 35448 [preauth]","@timestamp":"2022-09-19T13:27:46.523Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:29:04 honeypot-ams-1 sshd[8445]: Did not receive identification string from 117.173.165.22 port 49309","@timestamp":"2022-09-19T13:29:05.161Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:02 honeypot-ams-1 sshd[8451]: Received disconnect from 95.251.178.212 port 60344:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:03.242Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:03 honeypot-ams-1 sshd[8455]: Disconnected from invalid user ubnt 95.251.178.212 port 60434 [preauth]","@timestamp":"2022-09-19T13:32:04.244Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:04 honeypot-ams-1 sshd[8461]: Disconnected from authenticating user root 95.251.178.212 port 60494 [preauth]","@timestamp":"2022-09-19T13:32:05.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:05 honeypot-ams-1 sshd[8467]: Disconnected from authenticating user root 95.251.178.212 port 60534 [preauth]","@timestamp":"2022-09-19T13:32:06.245Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:06 honeypot-ams-1 sshd[8473]: Disconnected from authenticating user root 95.251.178.212 port 60610 [preauth]","@timestamp":"2022-09-19T13:32:07.246Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:07 honeypot-ams-1 sshd[8479]: Disconnected from authenticating user root 95.251.178.212 port 60644 [preauth]","@timestamp":"2022-09-19T13:32:08.247Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:08 honeypot-ams-1 sshd[8485]: Disconnected from authenticating user root 95.251.178.212 port 60686 [preauth]","@timestamp":"2022-09-19T13:32:09.248Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:09 honeypot-ams-1 sshd[8491]: Disconnected from authenticating user root 95.251.178.212 port 60722 [preauth]","@timestamp":"2022-09-19T13:32:10.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:10 honeypot-ams-1 sshd[8497]: Disconnected from authenticating user root 95.251.178.212 port 60750 [preauth]","@timestamp":"2022-09-19T13:32:11.249Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:11 honeypot-ams-1 sshd[8503]: Disconnected from authenticating user root 95.251.178.212 port 60778 [preauth]","@timestamp":"2022-09-19T13:32:12.250Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:13 honeypot-ams-1 sshd[8509]: Disconnected from authenticating user root 95.251.178.212 port 32856 [preauth]","@timestamp":"2022-09-19T13:32:13.251Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:14 honeypot-ams-1 sshd[8515]: Disconnected from authenticating user root 95.251.178.212 port 32920 [preauth]","@timestamp":"2022-09-19T13:32:14.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:15 honeypot-ams-1 sshd[8521]: Disconnected from authenticating user root 95.251.178.212 port 32956 [preauth]","@timestamp":"2022-09-19T13:32:15.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:15 honeypot-ams-1 sshd[8525]: Disconnected from invalid user admin 95.251.178.212 port 33010 [preauth]","@timestamp":"2022-09-19T13:32:16.253Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:16 honeypot-ams-1 sshd[8529]: Disconnected from invalid user admin 95.251.178.212 port 33040 [preauth]","@timestamp":"2022-09-19T13:32:17.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:17 honeypot-ams-1 sshd[8533]: Disconnected from invalid user admin 95.251.178.212 port 33060 [preauth]","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8537]: Disconnected from invalid user admin 95.251.178.212 port 33076 [preauth]","@timestamp":"2022-09-19T13:32:18.254Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:18 honeypot-ams-1 sshd[8541]: Disconnected from invalid user admin 95.251.178.212 port 33112 [preauth]","@timestamp":"2022-09-19T13:32:19.256Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:19 honeypot-ams-1 sshd[8547]: Received disconnect from 95.251.178.212 port 33142:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:20.257Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:20 honeypot-ams-1 sshd[8551]: Received disconnect from 95.251.178.212 port 33162:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:21.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8557]: Received disconnect from 95.251.178.212 port 33182:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:21 honeypot-ams-1 sshd[8553]: Received disconnect from 178.128.217.58 port 58946:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:22.258Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:22 honeypot-ams-1 sshd[8563]: Received disconnect from 95.251.178.212 port 33356:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:23.259Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:23 honeypot-ams-1 sshd[8567]: Received disconnect from 95.251.178.212 port 33496:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:24.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:24 honeypot-ams-1 sshd[8571]: Received disconnect from 95.251.178.212 port 33534:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:24.260Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:24 honeypot-ams-1 sshd[8575]: Received disconnect from 95.251.178.212 port 33564:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:25.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:25 honeypot-ams-1 sshd[8579]: Received disconnect from 95.251.178.212 port 33584:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8583]: Received disconnect from 95.251.178.212 port 33650:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:26.261Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:26 honeypot-ams-1 sshd[8587]: Received disconnect from 95.251.178.212 port 33666:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:27.262Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:32:27 honeypot-ams-1 sshd[8591]: Received disconnect from 95.251.178.212 port 33682:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:32:28.263Z"}
{"@timestamp":"2022-09-19T13:35:23.613Z","@version":"1","message":"Sep 19 13:35:23 honeypot-sgp-1 sshd[1434]: Received disconnect from 61.177.173.46 port 28587:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:36:29 honeypot-ams-1 sshd[8595]: Received disconnect from 137.184.59.232 port 40738:11: Bye Bye [preauth]","@timestamp":"2022-09-19T13:36:30.369Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:36:41 honeypot-fra-1 sshd[32689]: Received disconnect from 45.61.187.160 port 48438:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:36:41.722Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:04 honeypot-fra-1 sshd[32693]: Received disconnect from 45.61.187.160 port 43618:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T13:37:05.733Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:26 honeypot-fra-1 sshd[32698]: Invalid user user from 45.61.187.160 port 38800","@timestamp":"2022-09-19T13:37:26.746Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:37 honeypot-fra-1 sshd[32702]: Invalid user user from 45.61.186.49 port 34992","@timestamp":"2022-09-19T13:37:37.751Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:41 honeypot-fra-1 sshd[32706]: Invalid user user from 45.61.186.49 port 40632","@timestamp":"2022-09-19T13:37:42.755Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:37:47 honeypot-fra-1 sshd[32710]: Invalid user user from 45.61.187.160 port 33974","@timestamp":"2022-09-19T13:37:47.757Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:42:31.790Z","@version":"1","message":"Sep 19 13:42:31 honeypot-sgp-1 sshd[1441]: Received disconnect from 61.177.173.50 port 47052:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:42:31 honeypot-fra-1 sshd[32714]: Disconnected from authenticating user root 92.255.85.70 port 20160 [preauth]","@timestamp":"2022-09-19T13:42:31.864Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T13:43:44.824Z","@version":"1","message":"Sep 19 13:43:43 honeypot-sgp-1 sshd[1446]: Disconnected from authenticating user root 61.177.172.108 port 12689 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:51:16 honeypot-ams-1 sshd[8601]: Disconnected from authenticating user root 92.255.85.69 port 32284 [preauth]","@timestamp":"2022-09-19T13:51:17.775Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 13:57:48 honeypot-fra-1 kernel: [84470272.358840] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.95.147.51 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=6543 PROTO=TCP SPT=55859 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T13:57:49.206Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 13:58:49 honeypot-ams-1 sshd[8604]: Disconnected from invalid user masnier 160.251.73.96 port 48184 [preauth]","@timestamp":"2022-09-19T13:58:49.992Z"}
{"@timestamp":"2022-09-19T14:03:13.350Z","@version":"1","message":"Sep 19 14:03:12 honeypot-sgp-1 kernel: [84472294.105052] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=38713 PROTO=TCP SPT=55956 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:09:26.505Z","@version":"1","message":"Sep 19 14:09:25 honeypot-sgp-1 sshd[1462]: Disconnected from invalid user monitor 189.4.149.140 port 50864 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:10:08 honeypot-fra-1 kernel: [84471011.892438] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=30624 PROTO=TCP SPT=8088 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:10:08.519Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T14:11:09.551Z","@version":"1","message":"Sep 19 14:11:09 honeypot-sgp-1 sshd[1466]: Disconnected from authenticating user root 61.177.173.36 port 37241 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:45 honeypot-fra-1 sshd[32732]: Disconnected from authenticating user root 89.109.32.143 port 5696 [preauth]","@timestamp":"2022-09-19T14:12:46.578Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:48 honeypot-fra-1 sshd[32736]: Disconnecting invalid user admin 89.109.32.143 port 6340: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:12:49.580Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:52 honeypot-fra-1 sshd[32740]: Disconnecting invalid user oracle 89.109.32.143 port 7148: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:12:52.581Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:55 honeypot-fra-1 sshd[32744]: Disconnected from invalid user oracle 89.109.32.143 port 7886 [preauth]","@timestamp":"2022-09-19T14:12:55.582Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:12:58 honeypot-fra-1 sshd[32748]: Disconnecting invalid user usuario 89.109.32.143 port 8588: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:12:58.584Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:01 honeypot-fra-1 sshd[32752]: Disconnecting invalid user test 89.109.32.143 port 9210: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:01.587Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:04 honeypot-fra-1 sshd[32756]: Disconnected from invalid user test 89.109.32.143 port 9980 [preauth]","@timestamp":"2022-09-19T14:13:04.589Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:07 honeypot-fra-1 sshd[32760]: Disconnecting invalid user user 89.109.32.143 port 10639: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:07.590Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:10 honeypot-fra-1 sshd[32764]: Disconnecting invalid user ftpuser 89.109.32.143 port 11423: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:11.593Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:13 honeypot-fra-1 sshd[300]: Disconnected from invalid user ftpuser 89.109.32.143 port 12072 [preauth]","@timestamp":"2022-09-19T14:13:14.595Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:16 honeypot-fra-1 sshd[306]: Received disconnect from 92.255.85.69 port 55138:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:13:16.597Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:17 honeypot-fra-1 sshd[308]: Disconnected from invalid user test1 89.109.32.143 port 13108 [preauth]","@timestamp":"2022-09-19T14:13:18.598Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:21 honeypot-fra-1 sshd[312]: Disconnecting invalid user test2 89.109.32.143 port 13784: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:21.599Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:24 honeypot-fra-1 sshd[316]: Disconnected from invalid user contador 89.109.32.143 port 14475 [preauth]","@timestamp":"2022-09-19T14:13:24.601Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:26 honeypot-fra-1 sshd[320]: Disconnecting invalid user ubuntu 89.109.32.143 port 15148: Too many authentication failures [preauth]","@timestamp":"2022-09-19T14:13:27.603Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:28 honeypot-fra-1 kernel: [84471212.506409] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.8.68.70 DST=165.22.82.222 LEN=52 TOS=0x00 PREC=0x00 TTL=114 ID=54425 DF PROTO=TCP SPT=64119 DPT=3389 WINDOW=65500 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:13:29.606Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:13:31 honeypot-fra-1 sshd[328]: Invalid user baikal from 89.109.32.143 port 16370","@timestamp":"2022-09-19T14:13:31.607Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:15:58.672Z","@version":"1","message":"Sep 19 14:15:57 honeypot-sgp-1 sshd[1475]: Invalid user tf from 144.24.116.174 port 33768","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:17:01 honeypot-ams-1 CRON[8608]: pam_unix(cron:session): session opened for user root by (uid=0)","@timestamp":"2022-09-19T14:17:02.468Z"}
{"@timestamp":"2022-09-19T14:17:33.713Z","@version":"1","message":"Sep 19 14:17:32 honeypot-sgp-1 sshd[1480]: Received disconnect from 92.255.85.69 port 24622:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:19:09 honeypot-ams-1 sshd[8613]: Received disconnect from 103.140.181.14 port 48284:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:19:09.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:20:06 honeypot-fra-1 sshd[336]: Connection closed by authenticating user root 179.60.147.69 port 26300 [preauth]","@timestamp":"2022-09-19T14:20:06.750Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:20:15.784Z","@version":"1","message":"Sep 19 14:20:15 honeypot-sgp-1 sshd[1487]: Received disconnect from 61.177.173.48 port 13025:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:22:16 honeypot-ams-1 sshd[8618]: Connection closed by authenticating user root 179.60.147.69 port 35486 [preauth]","@timestamp":"2022-09-19T14:22:16.607Z"}
{"@timestamp":"2022-09-19T14:23:18.862Z","@version":"1","message":"Sep 19 14:23:18 honeypot-sgp-1 sshd[1492]: Invalid user user from 45.61.186.49 port 54652","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:23:29.868Z","@version":"1","message":"Sep 19 14:23:29 honeypot-sgp-1 sshd[1496]: Invalid user user from 45.61.186.49 port 37912","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T14:25:33.922Z","@version":"1","message":"Sep 19 14:25:33 honeypot-sgp-1 sshd[1500]: Received disconnect from 61.177.172.104 port 26341:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:26:31 honeypot-fra-1 kernel: [84471995.473715] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=103.140.251.208 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=12670 PROTO=TCP SPT=49113 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:26:31.896Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:31:12 honeypot-fra-1 sshd[345]: Received disconnect from 161.35.131.133 port 40974:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:31:13.133Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:32:16 honeypot-ams-1 sshd[8624]: Received disconnect from 129.150.50.94 port 38336:11: Bye Bye [preauth]","@timestamp":"2022-09-19T14:32:16.897Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:32:44 honeypot-ams-1 sshd[8628]: Disconnected from authenticating user root 46.19.141.122 port 43232 [preauth]","@timestamp":"2022-09-19T14:32:44.912Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:33:37 honeypot-ams-1 sshd[8632]: Disconnected from invalid user user 46.19.141.122 port 34718 [preauth]","@timestamp":"2022-09-19T14:33:37.936Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:34:25 honeypot-ams-1 sshd[8636]: Disconnected from invalid user admin 46.19.141.122 port 51242 [preauth]","@timestamp":"2022-09-19T14:34:25.960Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:35:17 honeypot-ams-1 sshd[8640]: Disconnected from invalid user raspberry 46.19.141.122 port 42658 [preauth]","@timestamp":"2022-09-19T14:35:17.985Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:36:14 honeypot-ams-1 sshd[8647]: Invalid user usuario from 46.19.141.122 port 36302","@timestamp":"2022-09-19T14:36:15.018Z"}
{"@timestamp":"2022-09-19T14:36:47.197Z","@version":"1","message":"Sep 19 14:36:46 honeypot-sgp-1 kernel: [84474307.862713] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=159.65.152.216 DST=159.89.202.188 LEN=60 TOS=0x00 PREC=0x20 TTL=51 ID=47800 DF PROTO=TCP SPT=34070 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:37:14 honeypot-ams-1 sshd[8651]: Invalid user 1234 from 46.19.141.122 port 58884","@timestamp":"2022-09-19T14:37:15.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:38:18 honeypot-ams-1 sshd[8655]: Received disconnect from 46.19.141.122 port 55780:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T14:38:19.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:39:25 honeypot-ams-1 sshd[8659]: Disconnected from authenticating user root 46.19.141.122 port 47852 [preauth]","@timestamp":"2022-09-19T14:39:26.109Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:40:10 honeypot-fra-1 kernel: [84472814.564874] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.79.165.198 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27546 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:40:11.363Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:41:14 honeypot-ams-1 sshd[8666]: Disconnected from authenticating user root 46.19.141.122 port 37602 [preauth]","@timestamp":"2022-09-19T14:41:15.160Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:42:39 honeypot-ams-1 sshd[8674]: Invalid user admin from 46.19.141.122 port 35444","@timestamp":"2022-09-19T14:42:40.201Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[371]: Invalid user git from 101.100.242.83 port 53542","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[367]: Invalid user oracle from 101.100.242.83 port 53516","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[357]: Invalid user admin from 101.100.242.83 port 53524","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[381]: Invalid user oracle from 101.100.242.83 port 53504","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[364]: Connection closed by authenticating user root 101.100.242.83 port 53578 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[370]: Connection closed by invalid user hadoop 101.100.242.83 port 53536 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[365]: Connection closed by invalid user admin 101.100.242.83 port 53500 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[378]: Connection closed by invalid user ftptest 101.100.242.83 port 53572 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:45:38 honeypot-fra-1 sshd[377]: Connection closed by invalid user elastic 101.100.242.83 port 53502 [preauth]","@timestamp":"2022-09-19T14:45:39.484Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T14:48:45.491Z","@version":"1","message":"Sep 19 14:48:45 honeypot-sgp-1 sshd[1516]: Received disconnect from 61.177.173.52 port 34067:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:48:54 honeypot-ams-1 kernel: [84475513.150535] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.172.184.157 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=18004 PROTO=TCP SPT=58672 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:48:54.366Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:54:00 honeypot-fra-1 sshd[420]: Invalid user pi from 91.160.19.34 port 7512","@timestamp":"2022-09-19T14:54:00.671Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 14:54:58 honeypot-ams-1 sshd[8683]: Disconnected from invalid user nkg 37.221.207.194 port 46380 [preauth]","@timestamp":"2022-09-19T14:54:58.521Z"}
{"@timestamp":"2022-09-19T14:55:26.657Z","@version":"1","message":"Sep 19 14:55:26 honeypot-sgp-1 sshd[1521]: Connection closed by invalid user admin 179.60.147.69 port 62406 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 14:56:34 honeypot-fra-1 sshd[425]: Connection closed by invalid user admin 179.60.147.69 port 41442 [preauth]","@timestamp":"2022-09-19T14:56:34.732Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 14:58:47 honeypot-ams-1 kernel: [84476106.198155] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=172.172.23.215 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=56060 PROTO=TCP SPT=2313 DPT=80 WINDOW=54439 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T14:58:47.621Z"}
{"@timestamp":"2022-09-19T15:00:05.792Z","@version":"1","message":"Sep 19 15:00:04 honeypot-sgp-1 sshd[1528]: Received disconnect from 218.92.0.221 port 28799:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:04:04.892Z","@version":"1","message":"Sep 19 15:04:04 honeypot-sgp-1 sshd[1536]: Received disconnect from 61.177.172.98 port 32234:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:04:55 honeypot-ams-1 kernel: [84476474.102548] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=167.94.138.98 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=7874 PROTO=TCP SPT=43490 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:04:55.784Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:05:07 honeypot-fra-1 sshd[432]: Invalid user tsai from 105.174.16.46 port 39269","@timestamp":"2022-09-19T15:05:07.932Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:11:24.071Z","@version":"1","message":"Sep 19 15:11:23 honeypot-sgp-1 kernel: [84476384.735748] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=198.235.24.12 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=54321 PROTO=TCP SPT=56971 DPT=3389 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:15:33 honeypot-fra-1 kernel: [84474937.304038] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.177.25.225 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=34283 PROTO=TCP SPT=59603 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:15:34.181Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:15:34.178Z","@version":"1","message":"Sep 19 15:15:33 honeypot-sgp-1 sshd[1546]: Disconnected from invalid user ep 207.154.208.193 port 34002 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:17:46.236Z","@version":"1","message":"Sep 19 15:17:45 honeypot-sgp-1 sshd[1553]: Received disconnect from 61.177.173.36 port 19956:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:19:03.269Z","@version":"1","message":"Sep 19 15:19:02 honeypot-sgp-1 sshd[1559]: Received disconnect from 92.255.85.70 port 34546:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:20:43 honeypot-ams-1 sshd[8695]: Invalid user squid from 92.255.85.70 port 61684","@timestamp":"2022-09-19T15:20:43.189Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:20:47 honeypot-fra-1 kernel: [84475251.151221] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=46.29.10.30 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=5638 PROTO=TCP SPT=59559 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:20:48.296Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:26:44.455Z","@version":"1","message":"Sep 19 15:26:44 honeypot-sgp-1 kernel: [84477305.370124] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=197.58.181.184 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=54014 PROTO=TCP SPT=25992 DPT=80 WINDOW=19877 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:32:19.595Z","@version":"1","message":"Sep 19 15:32:19 honeypot-sgp-1 kernel: [84477640.740140] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=46.29.10.30 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=4953 PROTO=TCP SPT=59559 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:33:16.621Z","@version":"1","message":"Sep 19 15:33:15 honeypot-sgp-1 sshd[1575]: Disconnected from invalid user admin 178.128.103.172 port 56470 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:35:01 honeypot-ams-1 sshd[8700]: Connection closed by invalid user cloudera 179.60.147.69 port 6484 [preauth]","@timestamp":"2022-09-19T15:35:01.567Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:41:10 honeypot-fra-1 kernel: [84476474.145862] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=192.3.193.56 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=50179 DF PROTO=TCP SPT=10446 DPT=80 WINDOW=512 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:41:10.770Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:43:10.875Z","@version":"1","message":"Sep 19 15:43:10 honeypot-sgp-1 sshd[1583]: Received disconnect from 61.177.172.114 port 59028:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:43:36.889Z","@version":"1","message":"Sep 19 15:43:36 honeypot-sgp-1 sshd[1587]: Disconnected from authenticating user root 167.172.253.42 port 43556 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:46:59 honeypot-ams-1 kernel: [84478998.583024] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=198.235.24.136 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x60 TTL=251 ID=11653 PROTO=TCP SPT=57220 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:46:59.892Z"}
{"@timestamp":"2022-09-19T15:48:00.996Z","@version":"1","message":"Sep 19 15:48:00 honeypot-sgp-1 sshd[1594]: Received disconnect from 45.61.186.249 port 40904:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:20.007Z","@version":"1","message":"Sep 19 15:48:19 honeypot-sgp-1 sshd[1599]: Received disconnect from 45.61.186.249 port 35274:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:40.017Z","@version":"1","message":"Sep 19 15:48:39 honeypot-sgp-1 sshd[1603]: Received disconnect from 45.61.186.249 port 57880:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:48:57.026Z","@version":"1","message":"Sep 19 15:48:56 honeypot-sgp-1 sshd[1607]: Disconnected from authenticating user root 92.255.85.69 port 60338 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T15:49:30.041Z","@version":"1","message":"Sep 19 15:49:29 honeypot-sgp-1 sshd[1615]: Invalid user monitor from 203.172.41.149 port 6170","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 15:50:19 honeypot-ams-1 kernel: [84479198.388670] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=162.142.125.130 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=41 ID=3618 PROTO=TCP SPT=61212 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:50:19.982Z"}
{"@timestamp":"2022-09-19T15:50:50.077Z","@version":"1","message":"Sep 19 15:50:49 honeypot-sgp-1 sshd[1617]: Received disconnect from 104.131.12.184 port 45072:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:51:36 honeypot-fra-1 kernel: [84477100.339910] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=183.136.225.35 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=41278 PROTO=TCP SPT=8088 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T15:51:37.004Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T15:52:35.120Z","@version":"1","message":"Sep 19 15:52:34 honeypot-sgp-1 sshd[1622]: Received disconnect from 165.232.176.114 port 45402:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 15:53:07 honeypot-fra-1 sshd[458]: Disconnected from invalid user tgo 43.242.247.141 port 53902 [preauth]","@timestamp":"2022-09-19T15:53:08.039Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T15:54:50.195Z","@version":"1","message":"Sep 19 15:54:49 honeypot-sgp-1 sshd[1628]: Disconnected from authenticating user root 114.7.195.180 port 57548 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 15:59:38 honeypot-ams-1 sshd[8709]: Invalid user nxautomation from 103.139.186.58 port 47366","@timestamp":"2022-09-19T15:59:38.235Z"}
{"@timestamp":"2022-09-19T15:59:42.314Z","@version":"1","message":"Sep 19 15:59:42 honeypot-sgp-1 sshd[1637]: Received disconnect from 61.177.173.50 port 50962:11:  [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:02:05 honeypot-ams-1 sshd[8714]: Received disconnect from 80.99.176.199 port 41734:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:02:06.302Z"}
{"@timestamp":"2022-09-19T16:04:16.424Z","@version":"1","message":"Sep 19 16:04:16 honeypot-sgp-1 sshd[1643]: Received disconnect from 39.109.127.242 port 45684:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:05:56 honeypot-fra-1 kernel: [84477959.599490] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=108.137.10.152 DST=165.22.82.222 LEN=52 TOS=0x02 PREC=0x00 TTL=117 ID=65172 DF PROTO=TCP SPT=58071 DPT=80 WINDOW=64240 RES=0x00 CWR ECE SYN URGP=0 ","@timestamp":"2022-09-19T16:05:56.322Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:11:00 honeypot-ams-1 sshd[8719]: Invalid user amx from 179.60.147.69 port 44074","@timestamp":"2022-09-19T16:11:00.538Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:11:47 honeypot-fra-1 sshd[470]: Disconnected from authenticating user root 92.255.85.69 port 58556 [preauth]","@timestamp":"2022-09-19T16:11:48.456Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:16:34.718Z","@version":"1","message":"Sep 19 16:16:33 honeypot-sgp-1 sshd[1649]: Received disconnect from 92.255.85.69 port 49494:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:17:01 honeypot-ams-1 CRON[8724]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T16:17:02.700Z"}
{"@timestamp":"2022-09-19T16:17:10.736Z","@version":"1","message":"Sep 19 16:17:10 honeypot-sgp-1 sshd[1655]: Received disconnect from 45.61.187.160 port 33466:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:31.746Z","@version":"1","message":"Sep 19 16:17:30 honeypot-sgp-1 sshd[1659]: Received disconnect from 45.61.187.160 port 56188:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:17:50.757Z","@version":"1","message":"Sep 19 16:17:49 honeypot-sgp-1 sshd[1663]: Received disconnect from 45.61.187.160 port 50692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:18:08.765Z","@version":"1","message":"Sep 19 16:18:08 honeypot-sgp-1 sshd[1667]: Received disconnect from 45.61.187.160 port 45186:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:18:34 honeypot-fra-1 sshd[495]: Connection closed by invalid user admin 221.2.93.118 port 42033 [preauth]","@timestamp":"2022-09-19T16:18:34.627Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:21:35 honeypot-ams-1 sshd[8732]: Disconnected from authenticating user root 61.177.173.36 port 25980 [preauth]","@timestamp":"2022-09-19T16:21:36.821Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:24:25 honeypot-fra-1 sshd[505]: Disconnected from invalid user emele 45.126.184.170 port 50144 [preauth]","@timestamp":"2022-09-19T16:24:25.755Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T16:27:33.990Z","@version":"1","message":"Sep 19 16:27:33 honeypot-sgp-1 sshd[1672]: Connection closed by invalid user admin 222.117.123.95 port 43846 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:29:27 honeypot-fra-1 kernel: [84479371.478835] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=15.197.142.173 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=126 ID=52545 PROTO=TCP SPT=51521 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:29:28.883Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:48 honeypot-ams-1 sshd[8741]: Disconnected from authenticating user root 98.40.14.28 port 37020 [preauth]","@timestamp":"2022-09-19T16:29:49.041Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:51 honeypot-ams-1 sshd[8747]: Received disconnect from 98.40.14.28 port 37204:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:52.043Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:55 honeypot-ams-1 sshd[8753]: Received disconnect from 98.40.14.28 port 37434:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:56.045Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:29:58 honeypot-ams-1 sshd[8759]: Received disconnect from 98.40.14.28 port 37624:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:29:59.047Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:01 honeypot-ams-1 sshd[8765]: Received disconnect from 98.40.14.28 port 37816:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:02.049Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:04 honeypot-ams-1 sshd[8771]: Received disconnect from 98.40.14.28 port 38038:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:05.053Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:07 honeypot-ams-1 sshd[8777]: Received disconnect from 98.40.14.28 port 38302:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:08.055Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:10 honeypot-ams-1 sshd[8783]: Received disconnect from 98.40.14.28 port 38480:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:11.058Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:13 honeypot-ams-1 sshd[8789]: Received disconnect from 98.40.14.28 port 38654:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:14.060Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:16 honeypot-ams-1 sshd[8795]: Received disconnect from 98.40.14.28 port 38848:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:17.062Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:20 honeypot-ams-1 sshd[8801]: Received disconnect from 98.40.14.28 port 39068:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:21.065Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:22 honeypot-ams-1 sshd[8805]: Received disconnect from 98.40.14.28 port 39192:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:23.067Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:24 honeypot-ams-1 sshd[8809]: Received disconnect from 98.40.14.28 port 39292:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:25.068Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:26 honeypot-ams-1 sshd[8813]: Received disconnect from 98.40.14.28 port 39418:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:26.069Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:28 honeypot-ams-1 sshd[8817]: Received disconnect from 98.40.14.28 port 39538:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:28.070Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:30 honeypot-ams-1 sshd[8821]: Received disconnect from 98.40.14.28 port 39714:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:30:30.072Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:32 honeypot-ams-1 sshd[8825]: Disconnected from authenticating user root 98.40.14.28 port 39886 [preauth]","@timestamp":"2022-09-19T16:30:33.074Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:34 honeypot-ams-1 sshd[8831]: Invalid user pi from 98.40.14.28 port 40106","@timestamp":"2022-09-19T16:30:35.076Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:36 honeypot-ams-1 sshd[8835]: Invalid user ethos from 98.40.14.28 port 40206","@timestamp":"2022-09-19T16:30:37.078Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:38 honeypot-ams-1 sshd[8839]: Invalid user volumio from 98.40.14.28 port 40332","@timestamp":"2022-09-19T16:30:39.079Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:40 honeypot-ams-1 sshd[8843]: Invalid user nagios from 98.40.14.28 port 40430","@timestamp":"2022-09-19T16:30:41.080Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:42 honeypot-ams-1 sshd[8847]: Invalid user vagrant from 98.40.14.28 port 40558","@timestamp":"2022-09-19T16:30:43.082Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:45 honeypot-ams-1 sshd[8852]: Invalid user debian from 98.40.14.28 port 40742","@timestamp":"2022-09-19T16:30:46.084Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:47 honeypot-ams-1 sshd[8856]: Invalid user debian from 98.40.14.28 port 40844","@timestamp":"2022-09-19T16:30:48.085Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:49 honeypot-ams-1 sshd[8860]: Invalid user alarm from 98.40.14.28 port 40972","@timestamp":"2022-09-19T16:30:50.088Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:51 honeypot-ams-1 sshd[8864]: Invalid user test from 98.40.14.28 port 41096","@timestamp":"2022-09-19T16:30:52.089Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:30:53 honeypot-ams-1 sshd[8868]: Invalid user cirros from 98.40.14.28 port 41198","@timestamp":"2022-09-19T16:30:54.090Z"}
{"@timestamp":"2022-09-19T16:31:21.084Z","@version":"1","message":"Sep 19 16:31:20 honeypot-sgp-1 kernel: [84481181.944570] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=43.138.67.205 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=35250 DF PROTO=TCP SPT=6496 DPT=5432 WINDOW=43690 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:36:40 honeypot-fra-1 kernel: [84479804.146152] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=15.197.142.173 DST=165.22.82.222 LEN=80 TOS=0x00 PREC=0x20 TTL=132 ID=32720 PROTO=TCP SPT=31696 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:36:41.043Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:36:51 honeypot-ams-1 sshd[8874]: Disconnected from authenticating user root 61.177.173.51 port 48818 [preauth]","@timestamp":"2022-09-19T16:36:51.239Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:39:21 honeypot-fra-1 sshd[513]: Disconnected from invalid user hacluster 92.255.85.69 port 33836 [preauth]","@timestamp":"2022-09-19T16:39:22.106Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:42:31 honeypot-ams-1 sshd[8880]: Disconnected from authenticating user root 61.177.172.90 port 33266 [preauth]","@timestamp":"2022-09-19T16:42:31.393Z"}
{"@timestamp":"2022-09-19T16:43:56.381Z","@version":"1","message":"Sep 19 16:43:55 honeypot-sgp-1 sshd[1680]: Connection closed by authenticating user root 179.60.147.69 port 49924 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:45:55 honeypot-ams-1 sshd[8886]: Received disconnect from 92.255.85.70 port 51788:11: Bye Bye [preauth]","@timestamp":"2022-09-19T16:45:56.486Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:46:45 honeypot-fra-1 kernel: [84480408.821792] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.59 DST=165.22.82.222 LEN=92 TOS=0x00 PREC=0x00 TTL=250 ID=26216 PROTO=TCP SPT=16365 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:46:46.270Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T16:48:07.486Z","@version":"1","message":"Sep 19 16:48:07 honeypot-sgp-1 kernel: [84482188.310170] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.202.154 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=59012 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T16:52:23.589Z","@version":"1","message":"Sep 19 16:52:23 honeypot-sgp-1 sshd[1688]: Received disconnect from 182.253.113.140 port 52364:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 16:53:41 honeypot-ams-1 sshd[8895]: Invalid user postgres from 177.91.250.132 port 35496","@timestamp":"2022-09-19T16:53:41.695Z"}
{"@timestamp":"2022-09-19T16:54:29.641Z","@version":"1","message":"Sep 19 16:54:29 honeypot-sgp-1 sshd[1692]: Received disconnect from 20.244.1.170 port 42526:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 16:55:04 honeypot-fra-1 kernel: [84480908.321648] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=21499 PROTO=TCP SPT=40430 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T16:55:05.457Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T16:56:44.695Z","@version":"1","message":"Sep 19 16:56:44 honeypot-sgp-1 sshd[1697]: Received disconnect from 207.154.205.34 port 55526:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:00:32 honeypot-ams-1 sshd[8902]: Received disconnect from 159.65.163.176 port 40102:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:00:32.882Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:01:49 honeypot-ams-1 sshd[8909]: Disconnected from authenticating user root 5.200.70.148 port 54424 [preauth]","@timestamp":"2022-09-19T17:01:49.917Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:05:53 honeypot-fra-1 sshd[527]: Received disconnect from 92.255.85.69 port 56724:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:05:54.696Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:08:45.001Z","@version":"1","message":"Sep 19 17:08:44 honeypot-sgp-1 kernel: [84483425.935817] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=172.104.138.223 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=57936 PROTO=TCP SPT=11678 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:09:01 honeypot-ams-1 CRON[8916]: pam_unix(cron:session): session closed for user root","@timestamp":"2022-09-19T17:09:02.127Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:10:05 honeypot-fra-1 kernel: [84481808.470471] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=41.216.78.126 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=1350 PROTO=TCP SPT=30614 DPT=80 WINDOW=7158 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:10:05.790Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T17:10:45.052Z","@version":"1","message":"Sep 19 17:10:44 honeypot-sgp-1 kernel: [84483545.837729] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=170.187.162.44 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=4969 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:12:20.091Z","@version":"1","message":"Sep 19 17:12:19 honeypot-sgp-1 sshd[1710]: Connection closed by invalid user admin 137.184.48.78 port 42062 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:13:34 honeypot-ams-1 sshd[8923]: Disconnected from invalid user admin 92.255.85.69 port 51968 [preauth]","@timestamp":"2022-09-19T17:13:35.248Z"}
{"@timestamp":"2022-09-19T17:17:02.205Z","@version":"1","message":"Sep 19 17:17:01 honeypot-sgp-1 CRON[1714]: pam_unix(cron:session): session closed for user root","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:17:16 honeypot-ams-1 sshd[8931]: Invalid user system from 110.49.17.95 port 35294","@timestamp":"2022-09-19T17:17:16.347Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:19:46 honeypot-ams-1 kernel: [84484565.106824] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.33.89.241 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=31373 PROTO=TCP SPT=61000 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:19:46.413Z"}
{"@timestamp":"2022-09-19T17:23:56.369Z","@version":"1","message":"Sep 19 17:23:56 honeypot-sgp-1 kernel: [84484337.354931] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=154.89.5.68 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=58947 PROTO=TCP SPT=58914 DPT=5432 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:25:21 honeypot-fra-1 kernel: [84482724.824173] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=94.102.61.10 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=250 ID=54321 PROTO=TCP SPT=56060 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:25:22.124Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:29:24 honeypot-ams-1 kernel: [84485143.656058] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=5.188.210.205 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=53629 PROTO=TCP SPT=44938 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:29:25.662Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:35:08 honeypot-ams-1 sshd[8950]: Disconnected from authenticating user root 61.177.173.51 port 60318 [preauth]","@timestamp":"2022-09-19T17:35:09.813Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:36:08 honeypot-fra-1 sshd[546]: Invalid user ouc from 103.63.212.91 port 41284","@timestamp":"2022-09-19T17:36:08.363Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T17:36:45.689Z","@version":"1","message":"Sep 19 17:36:45 honeypot-sgp-1 sshd[1727]: Disconnected from authenticating user root 92.255.85.70 port 63824 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:07.724Z","@version":"1","message":"Sep 19 17:38:06 honeypot-sgp-1 sshd[1732]: Received disconnect from 45.61.184.204 port 37200:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:24.732Z","@version":"1","message":"Sep 19 17:38:24 honeypot-sgp-1 sshd[1736]: Received disconnect from 45.61.184.204 port 60692:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T17:38:41.740Z","@version":"1","message":"Sep 19 17:38:41 honeypot-sgp-1 sshd[1740]: Received disconnect from 45.61.184.204 port 55952:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:40:29 honeypot-ams-1 kernel: [84485808.254953] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=102.43.230.45 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=38748 PROTO=TCP SPT=11917 DPT=443 WINDOW=1696 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:40:29.954Z"}
{"@timestamp":"2022-09-19T17:42:27.830Z","@version":"1","message":"Sep 19 17:42:27 honeypot-sgp-1 sshd[1745]: Disconnected from invalid user elasticsearch 34.102.23.246 port 59524 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:43:08 honeypot-fra-1 sshd[549]: Disconnected from invalid user kf 43.155.96.81 port 60914 [preauth]","@timestamp":"2022-09-19T17:43:08.514Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:45:51 honeypot-ams-1 sshd[8964]: Invalid user es from 192.18.136.28 port 45042","@timestamp":"2022-09-19T17:45:52.097Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:46:40 honeypot-fra-1 sshd[553]: Invalid user testuser from 167.172.159.73 port 46100","@timestamp":"2022-09-19T17:46:40.594Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:48:00 honeypot-fra-1 sshd[555]: Disconnected from invalid user hendi 157.245.135.240 port 57282 [preauth]","@timestamp":"2022-09-19T17:48:01.625Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:48:48 honeypot-ams-1 kernel: [84486307.641101] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=122.58.118.141 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=27224 PROTO=TCP SPT=63493 DPT=80 WINDOW=29597 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:48:49.175Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[566]: Invalid user git from 57.128.11.39 port 33720","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[573]: Invalid user admin from 57.128.11.39 port 33778","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[561]: Invalid user admin from 57.128.11.39 port 33708","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[578]: Connection closed by authenticating user root 57.128.11.39 port 33696 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[565]: Connection closed by invalid user ubuntu 57.128.11.39 port 33714 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[579]: Connection closed by authenticating user root 57.128.11.39 port 33744 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[561]: Connection closed by invalid user admin 57.128.11.39 port 33708 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:49:51 honeypot-fra-1 sshd[587]: Connection closed by authenticating user root 57.128.11.39 port 33772 [preauth]","@timestamp":"2022-09-19T17:49:51.667Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:50:34 honeypot-ams-1 sshd[8973]: Disconnected from authenticating user root 134.122.123.117 port 56942 [preauth]","@timestamp":"2022-09-19T17:50:34.224Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:51:29 honeypot-ams-1 sshd[8980]: Disconnected from authenticating user root 61.177.173.51 port 35066 [preauth]","@timestamp":"2022-09-19T17:51:30.252Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:52:10 honeypot-ams-1 sshd[8986]: Disconnected from authenticating user root 134.122.123.117 port 42036 [preauth]","@timestamp":"2022-09-19T17:52:11.273Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:52:57 honeypot-ams-1 sshd[8992]: Received disconnect from 134.122.123.117 port 48722:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T17:52:58.296Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:53:43 honeypot-ams-1 sshd[8996]: Disconnected from invalid user user 134.122.123.117 port 55542 [preauth]","@timestamp":"2022-09-19T17:53:44.319Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:54:30 honeypot-ams-1 sshd[9000]: Disconnected from invalid user postgres 134.122.123.117 port 34004 [preauth]","@timestamp":"2022-09-19T17:54:31.342Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:55:17 honeypot-ams-1 sshd[9004]: Disconnected from invalid user gituser 134.122.123.117 port 40532 [preauth]","@timestamp":"2022-09-19T17:55:17.363Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:03 honeypot-ams-1 sshd[9009]: Disconnected from invalid user ansible 134.122.123.117 port 47356 [preauth]","@timestamp":"2022-09-19T17:56:03.386Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:56:48 honeypot-ams-1 sshd[9013]: Disconnected from invalid user test 134.122.123.117 port 53948 [preauth]","@timestamp":"2022-09-19T17:56:49.407Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 17:57:05 honeypot-fra-1 sshd[621]: Invalid user USERID from 179.60.147.69 port 19400","@timestamp":"2022-09-19T17:57:05.827Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:57:34 honeypot-ams-1 sshd[9017]: Disconnected from invalid user demo 134.122.123.117 port 60550 [preauth]","@timestamp":"2022-09-19T17:57:35.429Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 17:58:03 honeypot-ams-1 kernel: [84486861.794746] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=64.246.161.26 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=54321 PROTO=TCP SPT=41656 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T17:58:03.444Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:58:43 honeypot-ams-1 sshd[9026]: Disconnected from invalid user debian 134.122.123.117 port 42434 [preauth]","@timestamp":"2022-09-19T17:58:44.465Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:13 honeypot-ams-1 sshd[9030]: Received disconnect from 104.209.150.176 port 1664:11: Bye Bye [preauth]","@timestamp":"2022-09-19T17:59:14.482Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 17:59:29 honeypot-ams-1 sshd[9034]: Disconnected from invalid user webadmin 134.122.123.117 port 49104 [preauth]","@timestamp":"2022-09-19T17:59:30.490Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:16 honeypot-ams-1 sshd[9040]: Disconnected from invalid user student 134.122.123.117 port 55646 [preauth]","@timestamp":"2022-09-19T18:00:16.512Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:00:39 honeypot-ams-1 sshd[9044]: Disconnected from invalid user www 134.122.123.117 port 59068 [preauth]","@timestamp":"2022-09-19T18:00:39.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:01:26 honeypot-ams-1 sshd[9049]: Received disconnect from 134.122.123.117 port 37448:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:01:27.548Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:03:07 honeypot-fra-1 kernel: [84484990.838093] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=185.180.143.137 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=9730 PROTO=TCP SPT=25223 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:03:07.961Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:04:53 honeypot-ams-1 sshd[9053]: Disconnected from invalid user admin 41.63.0.132 port 45094 [preauth]","@timestamp":"2022-09-19T18:04:53.638Z"}
{"@timestamp":"2022-09-19T18:05:14.354Z","@version":"1","message":"Sep 19 18:05:13 honeypot-sgp-1 kernel: [84486815.049991] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=146.88.240.4 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57819 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:07:17 honeypot-fra-1 sshd[629]: Received disconnect from 185.18.214.162 port 58258:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:07:18.056Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:08:10 honeypot-ams-1 sshd[9067]: Received disconnect from 61.177.173.50 port 31622:11:  [preauth]","@timestamp":"2022-09-19T18:08:11.728Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:08:59 honeypot-ams-1 sshd[9071]: Disconnected from invalid user rescue 92.255.85.70 port 61500 [preauth]","@timestamp":"2022-09-19T18:08:59.751Z"}
{"@timestamp":"2022-09-19T18:11:45.510Z","@version":"1","message":"Sep 19 18:11:44 honeypot-sgp-1 kernel: [84487206.147142] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=68.183.93.151 DST=159.89.202.188 LEN=44 TOS=0x00 PREC=0x20 TTL=242 ID=54321 PROTO=TCP SPT=48708 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:17:18 honeypot-ams-1 kernel: [84488017.361701] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=192.241.220.8 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=58062 DPT=389 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:17:18.972Z"}
{"@timestamp":"2022-09-19T18:18:58.679Z","@version":"1","message":"Sep 19 18:18:58 honeypot-sgp-1 sshd[1834]: Did not receive identification string from 45.61.184.204 port 41984","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:22.690Z","@version":"1","message":"Sep 19 18:19:22 honeypot-sgp-1 sshd[1837]: Disconnected from invalid user user 45.61.184.204 port 52080 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:41.699Z","@version":"1","message":"Sep 19 18:19:40 honeypot-sgp-1 sshd[1841]: Disconnected from invalid user user 45.61.184.204 port 46930 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T18:19:59.708Z","@version":"1","message":"Sep 19 18:19:58 honeypot-sgp-1 sshd[1845]: Disconnected from invalid user user 45.61.184.204 port 41778 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:20:02 honeypot-fra-1 kernel: [84486005.508749] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=156.222.87.50 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=47260 PROTO=TCP SPT=46213 DPT=80 WINDOW=40104 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:20:02.325Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:23:04 honeypot-ams-1 kernel: [84488363.014359] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=103.114.105.206 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=63265 PROTO=TCP SPT=48209 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:23:05.142Z"}
{"@timestamp":"2022-09-19T18:23:15.786Z","@version":"1","message":"Sep 19 18:23:15 honeypot-sgp-1 kernel: [84487896.206573] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=192.241.216.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=51003 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:26:13 honeypot-fra-1 sshd[640]: Received disconnect from 68.183.232.27 port 55334:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:26:14.462Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:28:15 honeypot-fra-1 sshd[645]: Did not receive identification string from 193.3.19.178 port 64001","@timestamp":"2022-09-19T18:28:15.510Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:29:59 honeypot-ams-1 sshd[9089]: Disconnected from authenticating user root 61.177.173.35 port 54360 [preauth]","@timestamp":"2022-09-19T18:30:00.325Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:35:26 honeypot-fra-1 sshd[649]: Did not receive identification string from 101.33.218.153 port 11503","@timestamp":"2022-09-19T18:35:27.667Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:35:30 honeypot-fra-1 sshd[675]: Connection closed by invalid user esuser 101.33.218.153 port 10538 [preauth]","@timestamp":"2022-09-19T18:35:30.668Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:37:16 honeypot-ams-1 kernel: [84489215.181532] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=197.58.216.47 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=16356 PROTO=TCP SPT=4201 DPT=80 WINDOW=2162 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:37:16.536Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:39:42 honeypot-ams-1 sshd[9101]: Disconnected from invalid user user 45.61.186.249 port 60638 [preauth]","@timestamp":"2022-09-19T18:39:42.603Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:03 honeypot-ams-1 sshd[9107]: Disconnected from invalid user user 45.61.186.249 port 55632 [preauth]","@timestamp":"2022-09-19T18:40:03.614Z"}
{"@timestamp":"2022-09-19T18:40:09.179Z","@version":"1","message":"Sep 19 18:40:09 honeypot-sgp-1 sshd[1856]: Received disconnect from 202.61.105.17 port 46248:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:21 honeypot-ams-1 sshd[9112]: Received disconnect from 45.61.186.249 port 50658:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T18:40:21.623Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:40:27 honeypot-fra-1 sshd[686]: Received disconnect from 92.255.85.70 port 51094:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:40:27.779Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:40:38 honeypot-ams-1 sshd[9116]: Disconnected from authenticating user root 61.177.172.104 port 30527 [preauth]","@timestamp":"2022-09-19T18:40:38.633Z"}
{"@timestamp":"2022-09-19T18:44:07.274Z","@version":"1","message":"Sep 19 18:44:06 honeypot-sgp-1 kernel: [84489147.634362] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=24534 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:47:36 honeypot-ams-1 sshd[9124]: Disconnected from authenticating user root 61.177.173.49 port 64313 [preauth]","@timestamp":"2022-09-19T18:47:36.816Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:49:50 honeypot-fra-1 sshd[689]: Received disconnect from 43.134.179.51 port 37302:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:49:50.988Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T18:50:14.413Z","@version":"1","message":"Sep 19 18:50:13 honeypot-sgp-1 kernel: [84489514.792122] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=79.124.62.62 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=20339 PROTO=TCP SPT=40430 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:50:28 honeypot-ams-1 sshd[9131]: Received disconnect from 152.32.214.226 port 62242:11: Bye Bye [preauth]","@timestamp":"2022-09-19T18:50:28.894Z"}
{"@timestamp":"2022-09-19T18:50:39.424Z","@version":"1","message":"Sep 19 18:50:39 honeypot-sgp-1 sshd[1867]: Disconnected from invalid user notice 188.81.133.7 port 55487 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 18:51:51 honeypot-ams-1 kernel: [84490090.439335] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=84 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=8190 DPT=443 WINDOW=65535 RES=0x00 ACK PSH URGP=0 ","@timestamp":"2022-09-19T18:51:51.931Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 18:52:56 honeypot-fra-1 kernel: [84487979.413659] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.143.200.46 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=46883 PROTO=TCP SPT=43798 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T18:52:57.053Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 18:55:20 honeypot-ams-1 sshd[9140]: Disconnected from authenticating user root 61.177.173.53 port 64611 [preauth]","@timestamp":"2022-09-19T18:55:21.026Z"}
{"@timestamp":"2022-09-19T18:55:34.562Z","@version":"1","message":"Sep 19 18:55:34 honeypot-sgp-1 sshd[1876]: Received disconnect from 115.249.50.242 port 41302:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:00:45.682Z","@version":"1","message":"Sep 19 19:00:45 honeypot-sgp-1 kernel: [84490146.166296] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=173.249.41.33 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=811 PROTO=TCP SPT=46414 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:01:35 honeypot-fra-1 kernel: [84488498.390420] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=22780 DF PROTO=TCP SPT=2010 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:01:35.259Z","path":"/var/log/iptables.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:02:41 honeypot-ams-1 kernel: [84490740.097362] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=74.108.124.79 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=52 ID=42678 PROTO=TCP SPT=15373 DPT=80 WINDOW=32484 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:02:42.220Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:04:37 honeypot-fra-1 kernel: [84488680.187012] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=91.218.114.197 DST=165.22.82.222 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=30920 PROTO=TCP SPT=58617 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:04:37.326Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T19:08:17.855Z","@version":"1","message":"Sep 19 19:08:17 honeypot-sgp-1 sshd[1884]: Connection closed by authenticating user root 179.60.147.69 port 58452 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:23.883Z","@version":"1","message":"Sep 19 19:09:23 honeypot-sgp-1 sshd[1889]: Received disconnect from 45.61.184.204 port 53866:11: Normal Shutdown, Thank you for playing [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:33.888Z","@version":"1","message":"Sep 19 19:09:33 honeypot-sgp-1 sshd[1891]: Disconnected from invalid user user 45.61.184.204 port 37208 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:09:53.897Z","@version":"1","message":"Sep 19 19:09:53 honeypot-sgp-1 sshd[1895]: Disconnected from invalid user user 45.61.184.204 port 60390 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@timestamp":"2022-09-19T19:10:10.905Z","@version":"1","message":"Sep 19 19:10:10 honeypot-sgp-1 sshd[1899]: Disconnected from invalid user user 45.61.184.204 port 55334 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:11:32 honeypot-ams-1 sshd[9154]: Received disconnect from 61.177.173.51 port 46713:11:  [preauth]","@timestamp":"2022-09-19T19:11:32.444Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:13:17 honeypot-fra-1 sshd[708]: Disconnected from invalid user ppp 92.255.85.70 port 50442 [preauth]","@timestamp":"2022-09-19T19:13:18.519Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:14:40 honeypot-ams-1 kernel: [84491458.815421] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=190.107.20.189 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=49251 PROTO=TCP SPT=37577 DPT=80 WINDOW=20849 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:14:40.528Z"}
{"@timestamp":"2022-09-19T19:18:54.107Z","@version":"1","message":"Sep 19 19:18:53 honeypot-sgp-1 sshd[1908]: Invalid user ppp from 92.255.85.69 port 49358","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:19:50 honeypot-ams-1 sshd[9171]: Received disconnect from 61.177.172.19 port 43128:11:  [preauth]","@timestamp":"2022-09-19T19:19:50.680Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:20:39 honeypot-fra-1 sshd[729]: Disconnected from invalid user deploy 103.98.119.63 port 50560 [preauth]","@timestamp":"2022-09-19T19:20:39.688Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:24:12 honeypot-ams-1 kernel: [84492031.492304] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=188.166.94.240 DST=178.62.254.91 LEN=44 TOS=0x00 PREC=0x00 TTL=254 ID=54321 PROTO=TCP SPT=36767 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:24:12.798Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:24:30 honeypot-fra-1 kernel: [84489873.580169] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=161.35.230.3 DST=165.22.82.222 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=63295 DF PROTO=TCP SPT=41570 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:24:30.778Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T19:27:33.302Z","@version":"1","message":"Sep 19 19:27:33 honeypot-sgp-1 sshd[1912]: Received disconnect from 80.28.245.5 port 42704:11: Bye Bye [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:28:05 honeypot-ams-1 kernel: [84492264.061831] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=106.60.15.164 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=45 ID=61223 PROTO=TCP SPT=17701 DPT=443 WINDOW=40421 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:28:05.904Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:29:53 honeypot-fra-1 sshd[741]: Connection closed by authenticating user root 103.188.176.251 port 53904 [preauth]","@timestamp":"2022-09-19T19:29:53.897Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:36:01 honeypot-ams-1 sshd[9194]: Connection closed by 66.240.236.109 port 45518 [preauth]","@timestamp":"2022-09-19T19:36:02.113Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:37:23 honeypot-fra-1 sshd[748]: Received disconnect from 178.128.43.209 port 57636:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:37:24.071Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:39:19 honeypot-fra-1 sshd[752]: Disconnected from invalid user template 103.150.227.6 port 48918 [preauth]","@timestamp":"2022-09-19T19:39:20.112Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:40:27 honeypot-fra-1 sshd[756]: Disconnected from invalid user ftp 117.4.252.243 port 55826 [preauth]","@timestamp":"2022-09-19T19:40:28.139Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:42:23 honeypot-fra-1 sshd[761]: Received disconnect from 92.255.85.70 port 20758:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:42:24.183Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:42:37.643Z","@version":"1","message":"Sep 19 19:42:37 honeypot-sgp-1 kernel: [84492658.681324] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=212.102.40.218 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=40459 PROTO=TCP SPT=56187 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 19:47:05 honeypot-ams-1 kernel: [84493404.214286] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=20.10.183.49 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=44645 PROTO=TCP SPT=10449 DPT=443 WINDOW=6121 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T19:47:06.399Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:58 honeypot-fra-1 sshd[766]: Did not receive identification string from 103.164.34.122 port 44776","@timestamp":"2022-09-19T19:49:58.349Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[782]: Invalid user appuser from 103.164.34.122 port 56656","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[783]: Invalid user testuser from 103.164.34.122 port 56686","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[779]: Connection closed by authenticating user root 103.164.34.122 port 56664 [preauth]","@timestamp":"2022-09-19T19:49:59.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[793]: Invalid user test from 103.164.34.122 port 56700","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[780]: Connection closed by invalid user admin 103.164.34.122 port 56660 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[784]: Connection closed by invalid user test 103.164.34.122 port 56670 [preauth]","@timestamp":"2022-09-19T19:50:00.351Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[770]: Connection closed by invalid user es 103.164.34.122 port 56652 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 19:49:59 honeypot-fra-1 sshd[791]: Connection closed by authenticating user root 103.164.34.122 port 56680 [preauth]","@timestamp":"2022-09-19T19:50:00.352Z","path":"/var/log/auth.log"}
{"@timestamp":"2022-09-19T19:51:54.852Z","@version":"1","message":"Sep 19 19:51:54 honeypot-sgp-1 sshd[1930]: Connection closed by authenticating user root 103.188.176.251 port 52590 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 19:52:04 honeypot-ams-1 sshd[9210]: Received disconnect from 92.255.85.70 port 36822:11: Bye Bye [preauth]","@timestamp":"2022-09-19T19:52:04.529Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:04:01 honeypot-ams-1 kernel: [84494419.748222] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=151.106.32.182 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=26128 PROTO=TCP SPT=55530 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:04:01.839Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:05:44 honeypot-fra-1 sshd[835]: Did not receive identification string from 45.61.186.49 port 43030","@timestamp":"2022-09-19T20:05:44.710Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:05:57 honeypot-fra-1 sshd[838]: Disconnected from invalid user user 45.61.186.49 port 33844 [preauth]","@timestamp":"2022-09-19T20:05:57.716Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:06:07 honeypot-fra-1 sshd[843]: Disconnected from invalid user user 45.61.186.49 port 45396 [preauth]","@timestamp":"2022-09-19T20:06:08.722Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:07:59 honeypot-ams-1 kernel: [84494658.213560] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=45.148.10.81 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=22780 DF PROTO=TCP SPT=16348 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:07:59.946Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:11:24 honeypot-fra-1 kernel: [84492687.098693] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=138.197.183.251 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=24481 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:11:24.835Z","path":"/var/log/iptables.log"}
{"@timestamp":"2022-09-19T20:13:55.367Z","@version":"1","message":"Sep 19 20:13:54 honeypot-sgp-1 kernel: [84494535.896538] IPTables-Dropped: IN=eth0 OUT= MAC=fa:33:c0:85:d8:df:fe:00:00:00:01:01:08:00 SRC=103.153.78.248 DST=159.89.202.188 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=8133 PROTO=TCP SPT=56882 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","path":"/var/log/iptables.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:17:54 honeypot-ams-1 sshd[9234]: Disconnected from authenticating user root 61.177.172.124 port 58253 [preauth]","@timestamp":"2022-09-19T20:17:54.204Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:19:35 honeypot-ams-1 kernel: [84495354.643070] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=89.248.168.172 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=252 ID=54321 PROTO=TCP SPT=60253 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:19:36.254Z"}
{"@timestamp":"2022-09-19T20:20:19.521Z","@version":"1","message":"Sep 19 20:20:19 honeypot-sgp-1 sshd[1941]: Connection closed by invalid user admin 179.60.147.69 port 22318 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:00 honeypot-fra-1 sshd[873]: Invalid user docker from 178.89.108.11 port 60210","@timestamp":"2022-09-19T20:26:01.177Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[858]: Invalid user ansible from 178.89.108.11 port 60128","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[873]: Connection closed by invalid user docker 178.89.108.11 port 60210 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[888]: Invalid user admin from 178.89.108.11 port 60164","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[869]: Connection closed by invalid user admin 178.89.108.11 port 60134 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[858]: Connection closed by invalid user ansible 178.89.108.11 port 60128 [preauth]","@timestamp":"2022-09-19T20:26:01.178Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[879]: Connection closed by invalid user vagrant 178.89.108.11 port 60166 [preauth]","@timestamp":"2022-09-19T20:26:02.179Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[888]: Connection closed by invalid user admin 178.89.108.11 port 60164 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:26:01 honeypot-fra-1 sshd[880]: Connection closed by authenticating user root 178.89.108.11 port 60118 [preauth]","@timestamp":"2022-09-19T20:26:02.180Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:30:31 honeypot-fra-1 sshd[920]: Disconnected from invalid user ioa 197.155.234.157 port 34206 [preauth]","@timestamp":"2022-09-19T20:30:32.279Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:30:46 honeypot-ams-1 kernel: [84496024.839692] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=185.254.196.238 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=21195 PROTO=TCP SPT=59407 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:30:46.544Z"}
{"@version":"1","path":"/var/log/iptables.log","host":"honeypot-ams-1","message":"Sep 19 20:33:23 honeypot-ams-1 kernel: [84496181.818055] IPTables-Dropped: IN=eth0 OUT= MAC=be:20:d3:ec:ce:95:fe:00:00:00:01:01:08:00 SRC=80.87.206.203 DST=178.62.254.91 LEN=40 TOS=0x00 PREC=0x00 TTL=250 ID=37797 PROTO=TCP SPT=42071 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T20:33:23.615Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:37:23 honeypot-fra-1 sshd[926]: Received disconnect from 92.255.85.70 port 52780:11: Bye Bye [preauth]","@timestamp":"2022-09-19T20:37:24.430Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:41:33 honeypot-ams-1 sshd[9262]: Connection reset by 138.68.94.5 port 24949 [preauth]","@timestamp":"2022-09-19T20:41:34.828Z"}
{"@timestamp":"2022-09-19T20:43:42.061Z","@version":"1","message":"Sep 19 20:43:41 honeypot-sgp-1 sshd[1947]: Invalid user admin from 175.193.249.203 port 57590","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:50:59 honeypot-ams-1 sshd[9270]: Disconnected from authenticating user root 61.177.173.39 port 28574 [preauth]","@timestamp":"2022-09-19T20:51:00.075Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:53:45 honeypot-ams-1 sshd[9278]: Disconnected from authenticating user root 61.177.173.37 port 45510 [preauth]","@timestamp":"2022-09-19T20:53:46.148Z"}
{"@timestamp":"2022-09-19T20:56:39.358Z","@version":"1","message":"Sep 19 20:56:38 honeypot-sgp-1 sshd[1953]: Connection closed by invalid user sans 179.60.147.69 port 50730 [preauth]","path":"/var/log/auth.log","host":"honeypot-sgp-1"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 20:57:44 honeypot-fra-1 sshd[932]: Invalid user sans from 179.60.147.69 port 14034","@timestamp":"2022-09-19T20:57:44.869Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 20:58:57 honeypot-ams-1 sshd[9285]: Invalid user vhost from 128.199.52.45 port 36256","@timestamp":"2022-09-19T20:58:58.284Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:03:53 honeypot-ams-1 sshd[9292]: Disconnected from authenticating user root 61.177.173.46 port 53027 [preauth]","@timestamp":"2022-09-19T21:03:54.414Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:05:44 honeypot-fra-1 kernel: [84495947.414788] IPTables-Dropped: IN=eth0 OUT= MAC=a2:9e:3f:67:16:46:fe:00:00:00:01:01:08:00 SRC=205.210.31.52 DST=165.22.82.222 LEN=44 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=52735 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 ","@timestamp":"2022-09-19T21:05:45.054Z","path":"/var/log/iptables.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:33 honeypot-fra-1 sshd[940]: Invalid user user from 45.61.187.160 port 36488","@timestamp":"2022-09-19T21:07:34.096Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:33 honeypot-fra-1 sshd[940]: Disconnected from invalid user user 45.61.187.160 port 36488 [preauth]","@timestamp":"2022-09-19T21:07:34.096Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:33 honeypot-fra-1 sshd[940]: Received disconnect from 45.61.187.160 port 36488:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T21:07:34.096Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:44 honeypot-fra-1 sshd[942]: Disconnected from invalid user user 45.61.187.160 port 47924 [preauth]","@timestamp":"2022-09-19T21:07:45.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:44 honeypot-fra-1 sshd[942]: Received disconnect from 45.61.187.160 port 47924:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T21:07:45.101Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:44 honeypot-fra-1 sshd[942]: Invalid user user from 45.61.187.160 port 47924","@timestamp":"2022-09-19T21:07:45.101Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:07:48 honeypot-ams-1 sshd[9299]: Invalid user test from 75.134.205.220 port 36526","@timestamp":"2022-09-19T21:07:49.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:07:48 honeypot-ams-1 sshd[9299]: Disconnected from invalid user test 75.134.205.220 port 36526 [preauth]","@timestamp":"2022-09-19T21:07:49.517Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:07:48 honeypot-ams-1 sshd[9299]: Received disconnect from 75.134.205.220 port 36526:11: Bye Bye [preauth]","@timestamp":"2022-09-19T21:07:49.517Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:54 honeypot-fra-1 sshd[944]: Invalid user user from 45.61.187.160 port 59358","@timestamp":"2022-09-19T21:07:55.106Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:54 honeypot-fra-1 sshd[944]: Disconnected from invalid user user 45.61.187.160 port 59358 [preauth]","@timestamp":"2022-09-19T21:07:55.106Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:07:54 honeypot-fra-1 sshd[944]: Received disconnect from 45.61.187.160 port 59358:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T21:07:55.106Z","path":"/var/log/auth.log"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:08:02 honeypot-ams-1 sshd[9302]: Received disconnect from 118.26.64.246 port 60102:11: Bye Bye [preauth]","@timestamp":"2022-09-19T21:08:02.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:08:02 honeypot-ams-1 sshd[9302]: Disconnected from invalid user svn 118.26.64.246 port 60102 [preauth]","@timestamp":"2022-09-19T21:08:02.524Z"}
{"@version":"1","path":"/var/log/auth.log","host":"honeypot-ams-1","message":"Sep 19 21:08:02 honeypot-ams-1 sshd[9302]: Invalid user svn from 118.26.64.246 port 60102","@timestamp":"2022-09-19T21:08:02.524Z"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:03 honeypot-fra-1 sshd[946]: Received disconnect from 45.61.187.160 port 42572:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T21:08:04.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:03 honeypot-fra-1 sshd[946]: Disconnected from invalid user user 45.61.187.160 port 42572 [preauth]","@timestamp":"2022-09-19T21:08:04.110Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:03 honeypot-fra-1 sshd[946]: Invalid user user from 45.61.187.160 port 42572","@timestamp":"2022-09-19T21:08:04.109Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:13 honeypot-fra-1 sshd[948]: Disconnected from invalid user user 45.61.187.160 port 53986 [preauth]","@timestamp":"2022-09-19T21:08:14.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:13 honeypot-fra-1 sshd[948]: Received disconnect from 45.61.187.160 port 53986:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T21:08:14.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:13 honeypot-fra-1 sshd[948]: Invalid user user from 45.61.187.160 port 53986","@timestamp":"2022-09-19T21:08:14.115Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:22 honeypot-fra-1 sshd[950]: Received disconnect from 45.61.187.160 port 37204:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T21:08:23.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:22 honeypot-fra-1 sshd[950]: Disconnected from invalid user user 45.61.187.160 port 37204 [preauth]","@timestamp":"2022-09-19T21:08:23.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:22 honeypot-fra-1 sshd[950]: Invalid user user from 45.61.187.160 port 37204","@timestamp":"2022-09-19T21:08:23.119Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:31 honeypot-fra-1 sshd[952]: Disconnected from invalid user user 45.61.187.160 port 48640 [preauth]","@timestamp":"2022-09-19T21:08:32.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:31 honeypot-fra-1 sshd[952]: Invalid user user from 45.61.187.160 port 48640","@timestamp":"2022-09-19T21:08:32.122Z","path":"/var/log/auth.log"}
{"host":"honeypot-fra-1","@version":"1","message":"Sep 19 21:08:31 honeypot-fra-1 sshd[952]: Received disconnect from 45.61.187.160 port 48640:11: Normal Shutdown, Thank you for playing [preauth]","@timestamp":"2022-09-19T21:08:32.122Z","path":"/var/log/auth.log"}